Digi
/
meta-digi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

trustfence: stm: fix PKI tree check for ccmp13 platform 

This commit fixes a race condition where, if you have an existing PKI tree with
the new format (one key_pass file for each key), the script detects that the
PKI tree is incomplete because it is always trying to find the key_pass.txt
file with the old format. This commit adds an additional validation step to
verify the new keys format.

Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit is contained in:
Arturo Buzarra 2024-03-26 12:37:06 +01:00
parent df1a6160ba
commit 2a4108f071
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/trustfence-gen-pki-stm.sh
View File

@ -74,7 +74,10 @@ if [ "${PLATFORM}" = "ccmp15" ]; then
chmod 400 "${KEY_PASS_FILE}"
fi
elif [ "${PLATFORM}" = "ccmp13" ]; then
if [ "${N_PUBK}" = "8" ] && [ "${N_PRVK}" = "8" ] && [ "${N_PASS}" != "8" ] && [ -f "${KEY_PASS_FILE}" ]; then
if [ "${N_PUBK}" = "8" ] && [ "${N_PRVK}" = "8" ] && [ "${N_PASS}" = "8" ]; then
# PKI tree already exists.
echo "Using existing PKI tree"
elif [ "${N_PUBK}" = "8" ] && [ "${N_PRVK}" = "8" ] && [ "${N_PASS}" != "8" ] && [ -f "${KEY_PASS_FILE}" ]; then
# Backwards compatibility: if a single key_pass.txt file exists,
# split into 8 files with one password each
for i in $(seq 0 7); do