From 68430b12971b0e05c49d9427f80d235e4a338a5b Mon Sep 17 00:00:00 2001 From: David Escalona Date: Wed, 1 Mar 2017 17:27:47 +0100 Subject: [PATCH] swupdate: execute swupdate with verification within trustfence images - While trying to update the system using signed swupdate packages, the swupdate binary requires a new parameter (-k) to specify the location of the public key that will be used to verify the update package. At the moment there is no way to check if a package is signed or not, so we asume that the existence of the public key in the recovery initramfs is enough to determine that we want to update the system using signed packages. https://jira.digi.com/browse/DEL-3775 Signed-off-by: David Escalona --- .../recovery/recovery-initramfs/recovery-initramfs-init | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/meta-digi-dey/recipes-core/recovery/recovery-initramfs/recovery-initramfs-init b/meta-digi-dey/recipes-core/recovery/recovery-initramfs/recovery-initramfs-init index 302f41dd3..afca9f376 100644 --- a/meta-digi-dey/recipes-core/recovery/recovery-initramfs/recovery-initramfs-init +++ b/meta-digi-dey/recipes-core/recovery/recovery-initramfs/recovery-initramfs-init @@ -21,6 +21,7 @@ ENV_BOOT_RECOVERY="boot_recovery" ENV_RECOVERY_COMMAND="recovery_command" SW_CONFIG="/etc/swupdate.cfg" +PUBLIC_KEY="/etc/ssl/certs/key.pub" USB_MOUNT_DIR="/run/media" UPDATE_MOUNT_DIR="/mnt/update" @@ -448,7 +449,11 @@ if [ -n "${update_package_bool}" ]; then # Execute the progress binary. progress -wp & # Execute the software update. - swupdate -f "${SW_CONFIG}" -i "${update_package}" + if [ -f "${PUBLIC_KEY}" ]; then + swupdate -f "${SW_CONFIG}" -i "${update_package}" -k "${PUBLIC_KEY}" + else + swupdate -f "${SW_CONFIG}" -i "${update_package}" + fi if [ "$?" = "0" ]; then log "Firmware update process succeed!" else