This series includes various bug fixes and extensions of ptxdist's code signing infrastructure and its consumers. This includes HAB barebox images, signed FIT images and RAUC bundles. Real HSMs can now be used for signing. Newly introduced helpers simplify CA handling.
Changes since implicit v1 ([email protected] and following, without cover letter): - add new line when appending to a CA - select necessary host tools directly in code signing provier, not in CODE_SIGNING - add code signing env to image rauc env - re-add accidentally dropped rules/code-signing.in introducing CODE_SIGNING for ptxconfig - move "code-signing: introduce for ptxconfig, add sanity check" before "rauc/image-rauc: use code signing infrastructure for key retrieval" - clarify required versions of genimage/ptx-code-signing-dev in commit messages - add rauc version bump - sign ramdisk in FIT images (if enabled) Regards, Bastian Bastian Krause (15): host-genimage: version bump 11 -> 13 ptxd_lib_code_signing: return error string in cs_get_uri for make error case ptxd_lib_imx_hab: fix srk fuse file and table generation ptxd_lib_code_signing: introduce CA helper host-ptx-code-signing-dev: version bump 0.2 -> 0.4 ptxd_lib_imx_hab/template-barebox-imx-habv4: use cs_get_ca helper ptxd_lib_imx_hab/template-barebox-imx-habv4: make number of SRKs configurable ptxd_make_fit_image: call mkimage with ptxd_exec u-boot/ptxd_make_fit_image: avoid overriding object name ptxd_make_fit_image: sign ramdisk if enabled code-signing: move code-signing.in to platforms/ code-signing: introduce for ptxconfig, add sanity check rauc/image-rauc: use code signing infrastructure for key retrieval image-rauc: enable keyring verification rauc: version bump 1.2 -> 1.3 config/images/rauc.config | 1 + ...erriding-the-object-name-when-alread.patch | 81 +++++++++++ patches/u-boot-2020.04/series | 4 + platforms/code-signing.in | 23 ++++ platforms/image-rauc.in | 1 + projectroot/etc/rauc/ca.cert.pem | 7 - rules/code-signing.in | 23 +--- rules/code-signing.make | 13 ++ rules/host-genimage.make | 4 +- rules/host-ptx-code-signing-dev.in | 3 + rules/host-ptx-code-signing-dev.make | 4 +- rules/image-rauc.make | 37 +---- rules/rauc.in | 1 + rules/rauc.make | 15 ++- rules/templates/template-barebox-imx-habv4-in | 1 - .../templates/template-barebox-imx-habv4-make | 2 +- scripts/lib/ptxd_lib_code_signing.sh | 71 +++++++++- scripts/lib/ptxd_lib_imx_hab.sh | 32 +++-- scripts/lib/ptxd_make_fit_image.sh | 8 +- scripts/rauc-gen-test-certs.sh | 126 ------------------ 20 files changed, 246 insertions(+), 211 deletions(-) create mode 100644 patches/u-boot-2020.04/0001-lib-rsa-avoid-overriding-the-object-name-when-alread.patch create mode 100644 patches/u-boot-2020.04/series create mode 100644 platforms/code-signing.in delete mode 100644 projectroot/etc/rauc/ca.cert.pem create mode 100644 rules/code-signing.make delete mode 100755 scripts/rauc-gen-test-certs.sh -- 2.26.2 _______________________________________________ ptxdist mailing list [email protected]
