43 lines
1.3 KiB
Diff
43 lines
1.3 KiB
Diff
From: Hector Palacios <hector.palacios@digi.com>
|
|
Date: Thu, 3 Aug 2023 16:25:36 +0200
|
|
Subject: [PATCH] pki_tree.sh: extract public keys from certificates
|
|
|
|
The public key needs to be available on the rootfs so that signed SWU
|
|
packages can be authenticated.
|
|
Do this on the PKI generation script so that recipes don't need to do it.
|
|
|
|
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
|
|
---
|
|
keys/ahab_pki_tree.sh | 3 +++
|
|
keys/hab4_pki_tree.sh | 3 +++
|
|
2 files changed, 6 insertions(+)
|
|
|
|
diff --git a/keys/ahab_pki_tree.sh b/keys/ahab_pki_tree.sh
|
|
index 7f10c5388146..63b5ce58ade7 100755
|
|
--- a/keys/ahab_pki_tree.sh
|
|
+++ b/keys/ahab_pki_tree.sh
|
|
@@ -632,6 +632,9 @@ do
|
|
-in temp_sgk.pem \
|
|
-out ${sgk_key}.pem
|
|
|
|
+ # Extract public key from the certificate
|
|
+ openssl x509 -pubkey -noout -in "${srk_crt_i}" > ../crts/key${i}.pub
|
|
+
|
|
# Cleanup
|
|
rm ./temp_sgk.pem ./temp_sgk_req.pem
|
|
|
|
diff --git a/keys/hab4_pki_tree.sh b/keys/hab4_pki_tree.sh
|
|
index ac6fb29b7f91..e76f22f40643 100755
|
|
--- a/keys/hab4_pki_tree.sh
|
|
+++ b/keys/hab4_pki_tree.sh
|
|
@@ -682,6 +682,9 @@ do
|
|
-in temp_img.pem \
|
|
-out ${img_key}.pem
|
|
|
|
+ # Extract public key from the certificate
|
|
+ openssl x509 -pubkey -noout -in "${img_crt}.pem" > ../crts/key${i}.pub
|
|
+
|
|
# Cleanup
|
|
rm ./temp_img.pem ./temp_img_req.pem
|
|
|