Digi
/
meta-digi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

trustfence: copy the public key to the rootfs 

The root file system requires the public key to authenticate SWU files.
For NXP platforms, the public key is extracted from the certificate.
For STM platforms, simply copy the public key over to the rootfs.

Signed-off-by: Hector Palacios <hector.palacios@digi.com>
This commit is contained in:
Hector Palacios 2023-04-25 12:46:48 +02:00
parent fa1c877758
commit 6298a50b2e
2 changed files with 39 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
meta-digi-dey/recipes-core/recovery/recovery-initramfs.bb
View File

@ -57,11 +57,22 @@ do_install() {
bberror "Unkown TRUSTFENCE_SIGN_MODE value" bberror "Unkown TRUSTFENCE_SIGN_MODE value"
exit 1 exit 1
fi fi
fi
# Extract the public key from the certificate. # Extract the public key from the certificate.
install -d ${D}${sysconfdir}/ssl/certs install -d ${D}${sysconfdir}/ssl/certs
openssl x509 -pubkey -noout -in "${CERT_IMG}" > ${D}${sysconfdir}/ssl/certs/key.pub openssl x509 -pubkey -noout -in "${CERT_IMG}" > ${D}${sysconfdir}/ssl/certs/key.pub
elif [ "${DEY_SOC_VENDOR}" = "STM" ]; then
# Copy the public key to the rootfs
if [ "${DIGI_SOM}" = "ccmp15" ]; then
PUBLIC_KEY="${TRUSTFENCE_SIGN_KEYS_PATH}/keys/publicKey00.pem"
elif [ "${DIGI_SOM}" = "ccmp13" ]; then
PUBLIC_KEY="${TRUSTFENCE_SIGN_KEYS_PATH}/keys/publicKey0${KEY_INDEX}.pem"
else
bberror "Unknown DIGI_SOM"
exit 1
fi
install -d ${D}${sysconfdir}/ssl/certs
cp ${PUBLIC_KEY} ${D}${sysconfdir}/ssl/certs/key.pub
fi
fi fi
} }

17
meta-digi-dey/recipes-digi/dualboot/dualboot.bb
View File

@ -48,18 +48,31 @@ do_install() {
KEY_INDEX_1=$(expr ${KEY_INDEX} + 1) KEY_INDEX_1=$(expr ${KEY_INDEX} + 1)
# Find the certificate to use. # Find the certificate to use.
if [ "${DEY_SOC_VENDOR}" = "NXP" ]; then
if [ "${TRUSTFENCE_SIGN_MODE}" = "HAB" ]; then if [ "${TRUSTFENCE_SIGN_MODE}" = "HAB" ]; then
CERT_IMG="$(echo ${TRUSTFENCE_SIGN_KEYS_PATH}/crts/IMG${KEY_INDEX_1}*crt.pem)" CERT_IMG="$(echo ${TRUSTFENCE_SIGN_KEYS_PATH}/crts/IMG${KEY_INDEX_1}*crt.pem)"
elif [ "${TRUSTFENCE_SIGN_MODE}" = "AHAB" ]; then elif [ "${TRUSTFENCE_SIGN_MODE}" = "AHAB" ]; then
CERT_IMG="$(echo ${TRUSTFENCE_SIGN_KEYS_PATH}/crts/SRK${KEY_INDEX_1}*_ca_crt.pem)" CERT_IMG="$(echo ${TRUSTFENCE_SIGN_KEYS_PATH}/crts/SRK${KEY_INDEX_1}*_ca_crt.pem)"
else else
bberror "Unkown TRUSTFENCE_SIGN_MODE value" bberror "Unknown TRUSTFENCE_SIGN_MODE value"
exit 1 exit 1
fi fi
# Extract the public key from the certificate. # Extract the public key from the certificate.
install -d ${D}${sysconfdir}/ssl/certs install -d ${D}${sysconfdir}/ssl/certs
openssl x509 -pubkey -noout -in "${CERT_IMG}" > ${D}${sysconfdir}/ssl/certs/key.pub openssl x509 -pubkey -noout -in "${CERT_IMG}" > ${D}${sysconfdir}/ssl/certs/key.pub
elif [ "${DEY_SOC_VENDOR}" = "STM" ]; then
# Copy the public key to the rootfs
if [ "${DIGI_SOM}" = "ccmp15" ]; then
PUBLIC_KEY="${TRUSTFENCE_SIGN_KEYS_PATH}/keys/publicKey00.pem"
elif [ "${DIGI_SOM}" = "ccmp13" ]; then
PUBLIC_KEY="${TRUSTFENCE_SIGN_KEYS_PATH}/keys/publicKey0${KEY_INDEX}.pem"
else
bberror "Unknown DIGI_SOM"
exit 1
fi
install -d ${D}${sysconfdir}/ssl/certs
cp ${PUBLIC_KEY} ${D}${sysconfdir}/ssl/certs/key.pub
fi
fi fi
} }