diff options
author | Bastian Krause <bst@pengutronix.de> | 2020-05-15 16:26:32 +0200 |
---|---|---|
committer | Michael Olbrich <m.olbrich@pengutronix.de> | 2020-05-15 17:22:07 +0200 |
commit | f67dc22691a8671ea3306f768712d3185f453077 (patch) | |
tree | 01b83e86436aaaf0cc8be4ff8b171c322b76bc46 | |
parent | e218050ff02017e661035d2bb251ec9cb39cf80f (diff) | |
download | ptxdist-f67dc22691a8671ea3306f768712d3185f453077.tar.gz ptxdist-f67dc22691a8671ea3306f768712d3185f453077.tar.xz |
ptxd_lib_imx_hab/template-barebox-imx-habv4: use cs_get_ca helper
Key providers now take care of calling the CA helpers. This makes sure
the CA is already present in pem format. Use that instead of extracting
and converting the certs here again. Thus HOST_EXTRACT_CERT is no longer
a dependency of template-barebox-imx-habv4.
Note: requires ptx-code-signing-dev 0.4 or later
Signed-off-by: Bastian Krause <bst@pengutronix.de>
Message-Id: <20200515142641.812-7-bst@pengutronix.de>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
-rw-r--r-- | rules/templates/template-barebox-imx-habv4-in | 1 | ||||
-rw-r--r-- | scripts/lib/ptxd_lib_imx_hab.sh | 16 |
2 files changed, 8 insertions, 9 deletions
diff --git a/rules/templates/template-barebox-imx-habv4-in b/rules/templates/template-barebox-imx-habv4-in index af3e59986..16258cbee 100644 --- a/rules/templates/template-barebox-imx-habv4-in +++ b/rules/templates/template-barebox-imx-habv4-in @@ -3,7 +3,6 @@ config BAREBOX_@PACKAGE@ tristate select CODE_SIGNING - select HOST_EXTRACT_CERT select HOST_IMX_CST prompt "Barebox (@package@)" help diff --git a/scripts/lib/ptxd_lib_imx_hab.sh b/scripts/lib/ptxd_lib_imx_hab.sh index 034bf82b2..781c1b3f6 100644 --- a/scripts/lib/ptxd_lib_imx_hab.sh +++ b/scripts/lib/ptxd_lib_imx_hab.sh @@ -26,24 +26,24 @@ ptxd_make_imx_habv4_gen_table_impl() { local template="${1}" local table_bin="${pkg_build_dir}/imx-srk-table.bin" local srk_fuse_bin="${pkg_build_dir}/imx-srk-fuse.bin" - local tmpdir="$(mktemp -d "${PTXDIST_TEMPDIR}/imx-habv4.XXXXXX")" + local -a certs echo -e "generating $(basename ${table_bin}) and $(basename ${srk_fuse_bin})\n" for i in 1 2 3 4; do - local t=$(printf "${template}" "${i}") - local uri=$(cs_get_uri "$t") + certs[${#certs[*]}]="$(cs_get_ca "$(printf "${template}" ${i})")" + done - ptxd_exec extract-cert "${uri}" ${tmpdir}/srk${i}.der && - ptxd_exec openssl x509 -inform der -in ${tmpdir}/srk${i}.der \ - -out ${tmpdir}/srk${i}.pem || break - done && + local orig_IFS="${IFS}" + IFS="," + certs="${certs[*]}" + IFS="${orig_IFS}" ptxd_exec srktool --hab_ver 4 \ --table "${table_bin}" \ --efuses "${srk_fuse_bin}" \ --digest sha256 \ - --certs ${tmpdir}/srk1.pem,${tmpdir}/srk2.pem,${tmpdir}/srk3.pem,${tmpdir}/srk4.pem + --certs "${certs}" } export -f ptxd_make_imx_habv4_gen_table_impl |