Thanks, applied as 67083fd28c7a49d9cca8866f8ff51cdf1728b6b9.
Michael
[sent from post-receive hook]
On Tue, 20 Jul 2021 13:48:42 +0200, Roland Hieber <r...@pengutronix.de> wrote:
> The previous patch taught new code signing providers to set up the
> 'imx-habv4-srk' role group. This patch uses it for the barebox-imx-habv4
> recipe.
>
> Keep backwards compatibility with the old way of using indexed role
> names in the library part, so existing recipes can still work with
> ptxd_make_imx_habv4_gen_table() if their code signing provider sets up
> the roles appropriately.
>
> Signed-off-by: Marc Kleine-Budde <m...@pengutronix.de>
> Signed-off-by: Roland Hieber <r...@pengutronix.de>
> Message-Id: <20210708203941.30212-4-...@pengutronix.de>
> Signed-off-by: Michael Olbrich <m.olbr...@pengutronix.de>
>
> diff --git a/rules/templates/template-barebox-imx-habv4-make
> b/rules/templates/template-barebox-imx-habv4-make
> index eb752c8349d9..cc825dc90292 100644
> --- a/rules/templates/template-barebox-imx-habv4-make
> +++ b/rules/templates/template-barebox-imx-habv4-make
> @@ -74,7 +74,7 @@ $(STATEDIR)/barebox-@package@.compile:
> @$(call targetinfo)
>
> @$(call world/env, BAREBOX_@PACKAGE@) \
> - ptxd_make_imx_habv4_gen_table "imx-habv4-srk%d" 4
> + ptxd_make_imx_habv4_gen_table imx-habv4-srk
>
> @$(call world/compile, BAREBOX_@PACKAGE@)
>
> diff --git a/scripts/lib/ptxd_lib_imx_hab.sh b/scripts/lib/ptxd_lib_imx_hab.sh
> index d1e2aba99fab..fa5b3e2c1439 100644
> --- a/scripts/lib/ptxd_lib_imx_hab.sh
> +++ b/scripts/lib/ptxd_lib_imx_hab.sh
> @@ -9,12 +9,14 @@
> #
> # ptxd_make_imx_habv4_gen_table - generate the srk fuse file and srk table
> for i.MX HABv4
> #
> -# usage: ptxd_make_imx_habv4_gen_table <template> [<srk_count>]
> +# usage: ptxd_make_imx_habv4_gen_table <role group>
> +# ptxd_make_imx_habv4_gen_table <template> [<srk_count>]
> #
> +# role group: the group that specifies all roles to access the keys
> # template: the role template to access the keys. Must contain a "%d" which
> is
> # used as index
> -# srk_count: the number of keys (keys with index 1..srk_count will be used),
> -# defaults to 4
> +# srk_count: only when using <template>: the number of keys (keys with index
> +# 1..srk_count will be used), defaults to 4
> #
> # The output files are generated in the package build dir:
> #
> @@ -25,25 +27,46 @@
> # This will contain the srk hash which must be written to the fuses
> #
> ptxd_make_imx_habv4_gen_table_impl() {
> + local group="${1}"
> local template="${1}"
> local srk_count="${2}"
> local table_bin="${pkg_build_dir}/imx-srk-table.bin"
> local srk_fuse_bin="${pkg_build_dir}/imx-srk-fuse.bin"
> local -a certs
> + local i
>
> - if [ -z "${srk_count}" ]; then
> - srk_count=4
> - fi
> + case "${template}" in
> + *%d*) # <template> [<srk_count>]
> + if [ -z "${srk_count}" ]; then
> + srk_count=4
> + fi
>
> - if [ "${srk_count}" -gt 4 ]; then
> - ptxd_bailout "HABv4 allows only 4 certificates"
> - fi
> + if [ "${srk_count}" -gt 4 ]; then
> + ptxd_bailout "HABv4 allows only 4 certificates"
> + fi
>
> - echo -e "generating $(basename ${table_bin}) and $(basename
> ${srk_fuse_bin})\n"
> + for i in $(seq ${srk_count}); do
> + certs[${#certs[*]}]="$(cs_get_ca "$(printf "${template}"
> ${i})")"
> + done
> + ;;
> +
> + *) # <role group>
> + local -a roles=( $(cs_group_get_roles "${group}") )
> +
> + if [ "${#roles[@]}" -eq 0 ]; then
> + ptxd_bailout "Failed to get roles for group '${group}'"
> + fi
>
> - for i in $(seq ${srk_count}); do
> - certs[${#certs[*]}]="$(cs_get_ca "$(printf "${template}" ${i})")"
> - done
> + if [ "${#roles[@]}" -gt 4 ]; then
> + ptxd_bailout "HABv4 allows only 4 certificates"
> + fi
> +
> + for i in "${roles[@]}"; do
> + certs[${#certs[*]}]="$(cs_get_ca "${i}")"
> + done
> + esac
> +
> + echo -e "generating $(basename ${table_bin}) and $(basename
> ${srk_fuse_bin})\n"
>
> local orig_IFS="${IFS}"
> IFS=","
_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
To unsubscribe, send a mail with subject "unsubscribe" to
ptxdist-requ...@pengutronix.de
