Digi
/
meta-digi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

trustfence: relax the expression to match AHAB based SRK certs 

Current pattern does not match the SRKs generated for the ccimx93. The
ccimx93 does not support subordinated SGK certs, so the name of the SRKs
do not contain the "_ca_" pattern. So relax the expression used in the
trustfence bbclass to match the SRKs generated for both platforms.

  # For the ccimx93
  $ ls -1 crts/SRK1*crt.pem
  crts/SRK1_sha512_secp521r1_v3_usr_crt.pem

  # For the ccimx8x
  $ ls -1 crts/SRK1*crt.pem
  crts/SRK1_sha512_secp521r1_v3_ca_crt.pem

Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This commit is contained in:
Javier Viguera 2023-09-18 17:21:55 +02:00
parent 34e82e9bac
commit 07525e1c2c
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
meta-digi-dey/classes/trustfence.bbclass
View File

@ -91,7 +91,7 @@ copy_public_key() {
if [ "${TRUSTFENCE_SIGN_MODE}" = "HAB" ]; then if [ "${TRUSTFENCE_SIGN_MODE}" = "HAB" ]; then
CERT_IMG="$(echo ${TRUSTFENCE_SIGN_KEYS_PATH}/crts/IMG${KEY_INDEX}*crt.pem)" CERT_IMG="$(echo ${TRUSTFENCE_SIGN_KEYS_PATH}/crts/IMG${KEY_INDEX}*crt.pem)"
elif [ "${TRUSTFENCE_SIGN_MODE}" = "AHAB" ]; then elif [ "${TRUSTFENCE_SIGN_MODE}" = "AHAB" ]; then
CERT_IMG="$(echo ${TRUSTFENCE_SIGN_KEYS_PATH}/crts/SRK${KEY_INDEX}*_ca_crt.pem)" CERT_IMG="$(echo ${TRUSTFENCE_SIGN_KEYS_PATH}/crts/SRK${KEY_INDEX}*crt.pem)"
else else
bberror "Unknown TRUSTFENCE_SIGN_MODE value" bberror "Unknown TRUSTFENCE_SIGN_MODE value"
exit 1 exit 1