Digi
/
meta-digi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

trustfence: copy the public key to the rootfs 

The root file system requires the public key to authenticate SWU files.
For NXP platforms, the public key is extracted from the certificate.
For STM platforms, simply copy the public key over to the rootfs.

Signed-off-by: Hector Palacios <hector.palacios@digi.com>
This commit is contained in:
Hector Palacios 2023-04-25 12:46:48 +02:00
parent fa1c877758
commit 6298a50b2e
2 changed files with 39 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
meta-digi-dey/recipes-core/recovery/recovery-initramfs.bb
View File

@ -57,11 +57,22 @@ do_install() {
bberror "Unkown TRUSTFENCE_SIGN_MODE value" bberror "Unkown TRUSTFENCE_SIGN_MODE value"
exit 1 exit 1
fi fi
# Extract the public key from the certificate.
install -d ${D}${sysconfdir}/ssl/certs
openssl x509 -pubkey -noout -in "${CERT_IMG}" > ${D}${sysconfdir}/ssl/certs/key.pub
elif [ "${DEY_SOC_VENDOR}" = "STM" ]; then
# Copy the public key to the rootfs
if [ "${DIGI_SOM}" = "ccmp15" ]; then
PUBLIC_KEY="${TRUSTFENCE_SIGN_KEYS_PATH}/keys/publicKey00.pem"
elif [ "${DIGI_SOM}" = "ccmp13" ]; then
PUBLIC_KEY="${TRUSTFENCE_SIGN_KEYS_PATH}/keys/publicKey0${KEY_INDEX}.pem"
else
bberror "Unknown DIGI_SOM"
exit 1
fi
install -d ${D}${sysconfdir}/ssl/certs
cp ${PUBLIC_KEY} ${D}${sysconfdir}/ssl/certs/key.pub
fi fi
# Extract the public key from the certificate.
install -d ${D}${sysconfdir}/ssl/certs
openssl x509 -pubkey -noout -in "${CERT_IMG}" > ${D}${sysconfdir}/ssl/certs/key.pub
fi fi
} }

35
meta-digi-dey/recipes-digi/dualboot/dualboot.bb
View File

@ -48,18 +48,31 @@ do_install() {
KEY_INDEX_1=$(expr ${KEY_INDEX} + 1) KEY_INDEX_1=$(expr ${KEY_INDEX} + 1)
# Find the certificate to use. # Find the certificate to use.
if [ "${TRUSTFENCE_SIGN_MODE}" = "HAB" ]; then if [ "${DEY_SOC_VENDOR}" = "NXP" ]; then
CERT_IMG="$(echo ${TRUSTFENCE_SIGN_KEYS_PATH}/crts/IMG${KEY_INDEX_1}*crt.pem)" if [ "${TRUSTFENCE_SIGN_MODE}" = "HAB" ]; then
elif [ "${TRUSTFENCE_SIGN_MODE}" = "AHAB" ]; then CERT_IMG="$(echo ${TRUSTFENCE_SIGN_KEYS_PATH}/crts/IMG${KEY_INDEX_1}*crt.pem)"
CERT_IMG="$(echo ${TRUSTFENCE_SIGN_KEYS_PATH}/crts/SRK${KEY_INDEX_1}*_ca_crt.pem)" elif [ "${TRUSTFENCE_SIGN_MODE}" = "AHAB" ]; then
else CERT_IMG="$(echo ${TRUSTFENCE_SIGN_KEYS_PATH}/crts/SRK${KEY_INDEX_1}*_ca_crt.pem)"
bberror "Unkown TRUSTFENCE_SIGN_MODE value" else
exit 1 bberror "Unknown TRUSTFENCE_SIGN_MODE value"
exit 1
fi
# Extract the public key from the certificate.
install -d ${D}${sysconfdir}/ssl/certs
openssl x509 -pubkey -noout -in "${CERT_IMG}" > ${D}${sysconfdir}/ssl/certs/key.pub
elif [ "${DEY_SOC_VENDOR}" = "STM" ]; then
# Copy the public key to the rootfs
if [ "${DIGI_SOM}" = "ccmp15" ]; then
PUBLIC_KEY="${TRUSTFENCE_SIGN_KEYS_PATH}/keys/publicKey00.pem"
elif [ "${DIGI_SOM}" = "ccmp13" ]; then
PUBLIC_KEY="${TRUSTFENCE_SIGN_KEYS_PATH}/keys/publicKey0${KEY_INDEX}.pem"
else
bberror "Unknown DIGI_SOM"
exit 1
fi
install -d ${D}${sysconfdir}/ssl/certs
cp ${PUBLIC_KEY} ${D}${sysconfdir}/ssl/certs/key.pub
fi fi
# Extract the public key from the certificate.
install -d ${D}${sysconfdir}/ssl/certs
openssl x509 -pubkey -noout -in "${CERT_IMG}" > ${D}${sysconfdir}/ssl/certs/key.pub
fi fi
} }