[RAUC] pass PEM passphrase in Yocto build

Fri, 18 Mar 2022 03:32:28 -0700 

Hi everyone,

I am getting the below error when I was building the bundle by Yocto with 
encrypted Root CA and ICA certificate.

ERROR: p118-bundle-1.0-r0 do_bundle: Execution of 
'/build/tmp/work/imx8mm_p118-poky-linux/p118-bundle/1.0-r0/temp/run.do_bundle.88428'
 failed with exit code 1
ERROR: Logfile of failure stored in: 
/build/tmp/work/imx8mm_p118-poky-linux/p118-bundle/1.0-r0/temp/log.do_bundle.88428
Log data follows:
| DEBUG: Executing shell function do_bundle
| rauc-Message: 10:39:18.125: Debug log domains: 'rauc'
| (rauc:88441): rauc-DEBUG: 10:39:18.126: bundle start
| (rauc:88441): rauc-DEBUG: 10:39:18.126: system config not found, using 
default values
| rauc-Message: 10:39:18.126: Failed to resolve realpath for 
'/dev/disk/by-uuid/e9b676c1-a65c-4677-b9df-b4e974452609'
| (rauc:88441): rauc-DEBUG: 10:39:18.126: input directory: 
/build/tmp/work/imx8mm_p118-poky-linux/p118-bundle/1.0-r0/bundle
| (rauc:88441): rauc-DEBUG: 10:39:18.126: output bundle: 
/build/tmp/work/imx8mm_p118-poky-linux/p118-bundle/1.0-r0/build/bundle.raucb
| (rauc:88441): rauc-DEBUG: 10:39:30.140: Payload size: 497258496 bytes.
| Creating bundle in 'plain' format
| Enter PEM pass phrase:
| Failed to create bundle: failed to sign bundle: failed to parse key file 
'/repo/meta-p118-bsp/conf/keys/ica.key.pem': while reading strings
| 139843920926528:error:0906406D:PEM routines:PEM_def_callback:problems getting 
password:../openssl-1.1.1l/crypto/pem/pem_lib.c:59:
| 139843920926528:error:0907B068:PEM routines:PEM_read_bio_PrivateKey:bad 
password read:../openssl-1.1.1l/crypto/pem/pem_pkey.c:64:
| WARNING: exit code 1 from a shell command.
| ERROR: Execution of 
'/build/tmp/work/imx8mm_p118-poky-linux/p118-bundle/1.0-r0/temp/run.do_bundle.88428'
 failed with exit code 1

This is my local.conf:

RAUC_KEY_FILE ?= "${LAYERDIR}/conf/keys/ica.key.pem"
RAUC_CERT_FILE ?= "${LAYERDIR}/conf/keys/ica.cert.pem"
RAUC_KEYRING_FILE ?= "${LAYERDIR}/conf/keys/rauc.cert.pem"
BUNDLE_ARGS += ' --intermediate="${LAYERDIR}/conf/keys/ica-certificate.pem" '

During my investigation, I found the below post from 6 months ago:
https://imsva91-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2fgithub.com%2frauc%2fmeta%2drauc%2fissues%2f200&umid=4B2EB8EE-DA7B-A805-B107-3E6DE956B867&auth=162296ff492f363ddb29ca454338bb84627996db-f37fe3ad9890a61adb92706529db0eb947c4ad7c

Based on this post, I cannot use any encrypted keys and Root-CA in building a 
bundle in Yocto. Am I right?

Best regards,
Reyhaneh


_______________________________________________
RAUC mailing list

Reply via email to