Digi
/
meta-digi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

trustfence: stm: improve error handling for PKI tree generation script 

Any errors in the PKI tree generation are not reported to bitbake, so the
script fails silently. This commit adds a validation of the script execution,
and if it fails, it aborts the execution and notifies to bitbake.

Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit is contained in:
Arturo Buzarra 2023-08-29 09:05:00 +02:00
parent a8809e68c7
commit 4d6947e02a
1 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/trustfence-gen-pki-stm.sh
View File

@ -64,7 +64,10 @@ if [ "${PLATFORM}" = "ccmp15" ]; then
# Random password # Random password
password="$(openssl rand -base64 32)" password="$(openssl rand -base64 32)"
echo "Generating random key" echo "Generating random key"
STM32MP_KeyGen_CLI -abs "${CONFIG_SIGN_KEYS_PATH}/keys/" -pwd ${password} -n 1 if ! STM32MP_KeyGen_CLI -abs "${CONFIG_SIGN_KEYS_PATH}/keys/" -pwd ${password} -n 1; then
echo "[ERROR] Could not generate PKI tree"
exit 1
fi
echo "${password}" > "${KEY_PASS_FILE}" echo "${password}" > "${KEY_PASS_FILE}"
fi fi
elif [ "${PLATFORM}" = "ccmp13" ]; then elif [ "${PLATFORM}" = "ccmp13" ]; then
@ -76,7 +79,10 @@ elif [ "${PLATFORM}" = "ccmp13" ]; then
passwords="${passwords} $(openssl rand -base64 32)" passwords="${passwords} $(openssl rand -base64 32)"
done done
echo "Generating random keys" echo "Generating random keys"
STM32MP_KeyGen_CLI -abs "${CONFIG_SIGN_KEYS_PATH}/keys/" -pwd ${passwords} -n 8 if ! STM32MP_KeyGen_CLI -abs "${CONFIG_SIGN_KEYS_PATH}/keys/" -pwd ${passwords} -n 8; then
echo "[ERROR] Could not generate PKI tree"
exit 1
fi
echo "${passwords}" > "${KEY_PASS_FILE}" echo "${passwords}" > "${KEY_PASS_FILE}"
fi fi
else else