Thanks, applied as 67083fd28c7a49d9cca8866f8ff51cdf1728b6b9. Michael
[sent from post-receive hook] On Tue, 20 Jul 2021 13:48:42 +0200, Roland Hieber <r...@pengutronix.de> wrote: > The previous patch taught new code signing providers to set up the > 'imx-habv4-srk' role group. This patch uses it for the barebox-imx-habv4 > recipe. > > Keep backwards compatibility with the old way of using indexed role > names in the library part, so existing recipes can still work with > ptxd_make_imx_habv4_gen_table() if their code signing provider sets up > the roles appropriately. > > Signed-off-by: Marc Kleine-Budde <m...@pengutronix.de> > Signed-off-by: Roland Hieber <r...@pengutronix.de> > Message-Id: <20210708203941.30212-4-...@pengutronix.de> > Signed-off-by: Michael Olbrich <m.olbr...@pengutronix.de> > > diff --git a/rules/templates/template-barebox-imx-habv4-make > b/rules/templates/template-barebox-imx-habv4-make > index eb752c8349d9..cc825dc90292 100644 > --- a/rules/templates/template-barebox-imx-habv4-make > +++ b/rules/templates/template-barebox-imx-habv4-make > @@ -74,7 +74,7 @@ $(STATEDIR)/barebox-@package@.compile: > @$(call targetinfo) > > @$(call world/env, BAREBOX_@PACKAGE@) \ > - ptxd_make_imx_habv4_gen_table "imx-habv4-srk%d" 4 > + ptxd_make_imx_habv4_gen_table imx-habv4-srk > > @$(call world/compile, BAREBOX_@PACKAGE@) > > diff --git a/scripts/lib/ptxd_lib_imx_hab.sh b/scripts/lib/ptxd_lib_imx_hab.sh > index d1e2aba99fab..fa5b3e2c1439 100644 > --- a/scripts/lib/ptxd_lib_imx_hab.sh > +++ b/scripts/lib/ptxd_lib_imx_hab.sh > @@ -9,12 +9,14 @@ > # > # ptxd_make_imx_habv4_gen_table - generate the srk fuse file and srk table > for i.MX HABv4 > # > -# usage: ptxd_make_imx_habv4_gen_table <template> [<srk_count>] > +# usage: ptxd_make_imx_habv4_gen_table <role group> > +# ptxd_make_imx_habv4_gen_table <template> [<srk_count>] > # > +# role group: the group that specifies all roles to access the keys > # template: the role template to access the keys. Must contain a "%d" which > is > # used as index > -# srk_count: the number of keys (keys with index 1..srk_count will be used), > -# defaults to 4 > +# srk_count: only when using <template>: the number of keys (keys with index > +# 1..srk_count will be used), defaults to 4 > # > # The output files are generated in the package build dir: > # > @@ -25,25 +27,46 @@ > # This will contain the srk hash which must be written to the fuses > # > ptxd_make_imx_habv4_gen_table_impl() { > + local group="${1}" > local template="${1}" > local srk_count="${2}" > local table_bin="${pkg_build_dir}/imx-srk-table.bin" > local srk_fuse_bin="${pkg_build_dir}/imx-srk-fuse.bin" > local -a certs > + local i > > - if [ -z "${srk_count}" ]; then > - srk_count=4 > - fi > + case "${template}" in > + *%d*) # <template> [<srk_count>] > + if [ -z "${srk_count}" ]; then > + srk_count=4 > + fi > > - if [ "${srk_count}" -gt 4 ]; then > - ptxd_bailout "HABv4 allows only 4 certificates" > - fi > + if [ "${srk_count}" -gt 4 ]; then > + ptxd_bailout "HABv4 allows only 4 certificates" > + fi > > - echo -e "generating $(basename ${table_bin}) and $(basename > ${srk_fuse_bin})\n" > + for i in $(seq ${srk_count}); do > + certs[${#certs[*]}]="$(cs_get_ca "$(printf "${template}" > ${i})")" > + done > + ;; > + > + *) # <role group> > + local -a roles=( $(cs_group_get_roles "${group}") ) > + > + if [ "${#roles[@]}" -eq 0 ]; then > + ptxd_bailout "Failed to get roles for group '${group}'" > + fi > > - for i in $(seq ${srk_count}); do > - certs[${#certs[*]}]="$(cs_get_ca "$(printf "${template}" ${i})")" > - done > + if [ "${#roles[@]}" -gt 4 ]; then > + ptxd_bailout "HABv4 allows only 4 certificates" > + fi > + > + for i in "${roles[@]}"; do > + certs[${#certs[*]}]="$(cs_get_ca "${i}")" > + done > + esac > + > + echo -e "generating $(basename ${table_bin}) and $(basename > ${srk_fuse_bin})\n" > > local orig_IFS="${IFS}" > IFS="," _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-requ...@pengutronix.de