trustfence: copy the public key to the rootfs

The root file system requires the public key to authenticate SWU files. For NXP platforms, the public key is extracted from the certificate. For STM platforms, simply copy the public key over to the rootfs. Signed-off-by: Hector Palacios <hector.palacios@digi.com>
2023-04-25 12:46:48 +02:00 · 2023-04-25 12:46:48 +02:00 · 6298a50b2e
parent fa1c877758
commit 6298a50b2e
2 changed files with 39 additions and 15 deletions
--- a/meta-digi-dey/recipes-core/recovery/recovery-initramfs.bb
+++ b/meta-digi-dey/recipes-core/recovery/recovery-initramfs.bb
@ -57,11 +57,22 @@ do_install() {
 				bberror "Unkown TRUSTFENCE_SIGN_MODE value"
 				exit 1
 			fi
+			# Extract the public key from the certificate.
+			install -d ${D}${sysconfdir}/ssl/certs
+			openssl x509 -pubkey -noout -in "${CERT_IMG}" > ${D}${sysconfdir}/ssl/certs/key.pub
+		elif [ "${DEY_SOC_VENDOR}" = "STM" ]; then
+			# Copy the public key to the rootfs
+			if [ "${DIGI_SOM}" = "ccmp15" ]; then
+				PUBLIC_KEY="${TRUSTFENCE_SIGN_KEYS_PATH}/keys/publicKey00.pem"
+			elif [ "${DIGI_SOM}" = "ccmp13" ]; then
+				PUBLIC_KEY="${TRUSTFENCE_SIGN_KEYS_PATH}/keys/publicKey0${KEY_INDEX}.pem"
+			else
+				bberror "Unknown DIGI_SOM"
+				exit 1
+			fi
+			install -d ${D}${sysconfdir}/ssl/certs
+			cp ${PUBLIC_KEY} ${D}${sysconfdir}/ssl/certs/key.pub
 		fi
-
-		# Extract the public key from the certificate.
-		install -d ${D}${sysconfdir}/ssl/certs
-		openssl x509 -pubkey -noout -in "${CERT_IMG}" > ${D}${sysconfdir}/ssl/certs/key.pub
 	fi
 }

--- a/meta-digi-dey/recipes-digi/dualboot/dualboot.bb
+++ b/meta-digi-dey/recipes-digi/dualboot/dualboot.bb
@ -48,18 +48,31 @@ do_install() {
 		KEY_INDEX_1=$(expr ${KEY_INDEX} + 1)

 		# Find the certificate to use.
-		if [ "${TRUSTFENCE_SIGN_MODE}" = "HAB" ]; then
-			CERT_IMG="$(echo ${TRUSTFENCE_SIGN_KEYS_PATH}/crts/IMG${KEY_INDEX_1}*crt.pem)"
-		elif [ "${TRUSTFENCE_SIGN_MODE}" = "AHAB" ]; then
-			CERT_IMG="$(echo ${TRUSTFENCE_SIGN_KEYS_PATH}/crts/SRK${KEY_INDEX_1}*_ca_crt.pem)"
-		else
-			bberror "Unkown TRUSTFENCE_SIGN_MODE value"
-			exit 1
+		if [ "${DEY_SOC_VENDOR}" = "NXP" ]; then
+			if [ "${TRUSTFENCE_SIGN_MODE}" = "HAB" ]; then
+				CERT_IMG="$(echo ${TRUSTFENCE_SIGN_KEYS_PATH}/crts/IMG${KEY_INDEX_1}*crt.pem)"
+			elif [ "${TRUSTFENCE_SIGN_MODE}" = "AHAB" ]; then
+				CERT_IMG="$(echo ${TRUSTFENCE_SIGN_KEYS_PATH}/crts/SRK${KEY_INDEX_1}*_ca_crt.pem)"
+			else
+				bberror "Unknown TRUSTFENCE_SIGN_MODE value"
+				exit 1
+			fi
+			# Extract the public key from the certificate.
+			install -d ${D}${sysconfdir}/ssl/certs
+			openssl x509 -pubkey -noout -in "${CERT_IMG}" > ${D}${sysconfdir}/ssl/certs/key.pub
+		elif [ "${DEY_SOC_VENDOR}" = "STM" ]; then
+			# Copy the public key to the rootfs
+			if [ "${DIGI_SOM}" = "ccmp15" ]; then
+				PUBLIC_KEY="${TRUSTFENCE_SIGN_KEYS_PATH}/keys/publicKey00.pem"
+			elif [ "${DIGI_SOM}" = "ccmp13" ]; then
+				PUBLIC_KEY="${TRUSTFENCE_SIGN_KEYS_PATH}/keys/publicKey0${KEY_INDEX}.pem"
+			else
+				bberror "Unknown DIGI_SOM"
+				exit 1
+			fi
+			install -d ${D}${sysconfdir}/ssl/certs
+			cp ${PUBLIC_KEY} ${D}${sysconfdir}/ssl/certs/key.pub
 		fi
-
-		# Extract the public key from the certificate.
-		install -d ${D}${sysconfdir}/ssl/certs
-		openssl x509 -pubkey -noout -in "${CERT_IMG}" > ${D}${sysconfdir}/ssl/certs/key.pub
 	fi
 }