From 4d6947e02a96cd94651a01e9ba3e4c2e1722a355 Mon Sep 17 00:00:00 2001 From: Arturo Buzarra Date: Tue, 29 Aug 2023 09:05:00 +0200 Subject: [PATCH] trustfence: stm: improve error handling for PKI tree generation script Any errors in the PKI tree generation are not reported to bitbake, so the script fails silently. This commit adds a validation of the script execution, and if it fails, it aborts the execution and notifies to bitbake. Signed-off-by: Arturo Buzarra --- .../trustfence-sign-tools/trustfence-gen-pki-stm.sh | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/trustfence-gen-pki-stm.sh b/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/trustfence-gen-pki-stm.sh index 34fe237d0..f9b543284 100755 --- a/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/trustfence-gen-pki-stm.sh +++ b/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/trustfence-gen-pki-stm.sh @@ -64,7 +64,10 @@ if [ "${PLATFORM}" = "ccmp15" ]; then # Random password password="$(openssl rand -base64 32)" echo "Generating random key" - STM32MP_KeyGen_CLI -abs "${CONFIG_SIGN_KEYS_PATH}/keys/" -pwd ${password} -n 1 + if ! STM32MP_KeyGen_CLI -abs "${CONFIG_SIGN_KEYS_PATH}/keys/" -pwd ${password} -n 1; then + echo "[ERROR] Could not generate PKI tree" + exit 1 + fi echo "${password}" > "${KEY_PASS_FILE}" fi elif [ "${PLATFORM}" = "ccmp13" ]; then @@ -76,7 +79,10 @@ elif [ "${PLATFORM}" = "ccmp13" ]; then passwords="${passwords} $(openssl rand -base64 32)" done echo "Generating random keys" - STM32MP_KeyGen_CLI -abs "${CONFIG_SIGN_KEYS_PATH}/keys/" -pwd ${passwords} -n 8 + if ! STM32MP_KeyGen_CLI -abs "${CONFIG_SIGN_KEYS_PATH}/keys/" -pwd ${passwords} -n 8; then + echo "[ERROR] Could not generate PKI tree" + exit 1 + fi echo "${passwords}" > "${KEY_PASS_FILE}" fi else