From 2a4108f07172c2b151df1228be80108992792b5b Mon Sep 17 00:00:00 2001 From: Arturo Buzarra Date: Tue, 26 Mar 2024 12:37:06 +0100 Subject: [PATCH] trustfence: stm: fix PKI tree check for ccmp13 platform This commit fixes a race condition where, if you have an existing PKI tree with the new format (one key_pass file for each key), the script detects that the PKI tree is incomplete because it is always trying to find the key_pass.txt file with the old format. This commit adds an additional validation step to verify the new keys format. Signed-off-by: Arturo Buzarra --- .../trustfence-sign-tools/trustfence-gen-pki-stm.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/trustfence-gen-pki-stm.sh b/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/trustfence-gen-pki-stm.sh index cba7b6627..0fcb54aa5 100755 --- a/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/trustfence-gen-pki-stm.sh +++ b/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/trustfence-gen-pki-stm.sh @@ -74,7 +74,10 @@ if [ "${PLATFORM}" = "ccmp15" ]; then chmod 400 "${KEY_PASS_FILE}" fi elif [ "${PLATFORM}" = "ccmp13" ]; then - if [ "${N_PUBK}" = "8" ] && [ "${N_PRVK}" = "8" ] && [ "${N_PASS}" != "8" ] && [ -f "${KEY_PASS_FILE}" ]; then + if [ "${N_PUBK}" = "8" ] && [ "${N_PRVK}" = "8" ] && [ "${N_PASS}" = "8" ]; then + # PKI tree already exists. + echo "Using existing PKI tree" + elif [ "${N_PUBK}" = "8" ] && [ "${N_PRVK}" = "8" ] && [ "${N_PASS}" != "8" ] && [ -f "${KEY_PASS_FILE}" ]; then # Backwards compatibility: if a single key_pass.txt file exists, # split into 8 files with one password each for i in $(seq 0 7); do