From: Marc Kleine-Budde <m...@pengutronix.de> Existing barebox-imx-habv4 recipes can still use the indexed 'imx-habv4-srk%d ' roles to fetch the SRK keys, but for compatibility with HSM use cases that don't supported indexed role names, set up a new role group that contains the roles.
Signed-off-by: Marc Kleine-Budde <m...@pengutronix.de> Signed-off-by: Roland Hieber <r...@pengutronix.de> --- PATCH v3: - no changes PATCH v2 (rhi): https://lore.ptxdist.org/ptxdist/20210627231121.28313-3-...@pengutronix.de - split off code signing provider template changes from library and consumer changes (see next patch) to make patches easier to port to existing code signing providers PATCH v1 (mkl): https://lore.ptxdist.org/ptxdist/20210412161900.2376802-2-...@pengutronix.de --- .../templates/code-signing-provider/ptxdist-set-keys-hsm.sh | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/rules/templates/code-signing-provider/ptxdist-set-keys-hsm.sh b/rules/templates/code-signing-provider/ptxdist-set-keys-hsm.sh index bcd531d69572..b94eff049eac 100755 --- a/rules/templates/code-signing-provider/ptxdist-set-keys-hsm.sh +++ b/rules/templates/code-signing-provider/ptxdist-set-keys-hsm.sh @@ -18,7 +18,7 @@ set_rauc_keys() { } set_imx_habv4_keys() { - local r + local r g # HSM use case, assuming it contains only 1st CSF/IMG key for i in 1 2 3 4; do @@ -28,6 +28,10 @@ set_imx_habv4_keys() { cs_append_ca_from_uri "${r}" done + g="imx-habv4-srk" + cs_define_group "${g}" + cs_group_add_roles "${g}" "imx-habv4-srk1" "imx-habv4-srk2" "imx-habv4-srk3" "imx-habv4-srk4" + r="imx-habv4-csf1" cs_define_role ${r} cs_set_uri "${r}" "pkcs11:token=foo;object=csf1" -- 2.30.2 _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-requ...@pengutronix.de
