Skip to content

Commit

Permalink
conf: keys: add the composefs keys
Browse files Browse the repository at this point in the history 
Verification of the composefs image.

To generate the keys:
   openssl genpkey -algorithm ed25519 -outform PEM -out ed25519.pem
   PEMFILE=ed25519.pem
   PUBLIC="$(openssl pkey -outform DER -pubout -in ${PEMFILE} | tail -c 32 | base64)"
   SEED="$(openssl pkey -outform DER -in ${PEMFILE} | tail -c 32 | base64)"
   SECRET="$(echo ${SEED}${PUBLIC} | base64 -d | base64 -w 0)"

   echo "${SECRET}" > secret
   echo "${PUBLIC}" > public

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
  • Loading branch information
@ldts
ldts committed Apr 18, 2024
1 parent 24734cb commit ee36d95
Show file tree
Hide file tree
Showing 4 changed files with 17 additions and 0 deletions.
1 change: 1 addition & 0 deletions conf/keys/cfs/cfs-dev.pub
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
KQwl5q4hQjwQxu+BYfm4GpFkdgdP2qG19KOmuv67xjM=
2 changes: 2 additions & 0 deletions conf/keys/cfs/cfs-dev.sec
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
Ga5I1u55+hH9kNKLFzztqBpKL0uI/IoAOg0jhwAwAWIpDCXmriFCPBDG74Fh+bgakWR2B0/aobX0
o6a6/rvGMw==
6 changes: 6 additions & 0 deletions conf/local.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -109,3 +109,9 @@ UEFI_SIGN_KEYDIR[vardepsexclude] += "TOPDIR"
STM32_ROT_KEY_PATH ??= "${TOPDIR}/../tools/lmp-tools/security/stm32mp1/"
STM32_ROT_KEY_PATH[vardepsexclude] += "TOPDIR"
STM32_ROT_KEY_PASSWORD ??= "foundries"

#
# ComposeFS signatures
#
CFS_SIGN_KEYDIR ??= "${TOPDIR}/conf/keys/cfs"
CFS_SIGN_KEYDIR[vardepsexclude] += "TOPDIR"
8 changes: 8 additions & 0 deletions setup-environment-internal
View file
Original file line number Diff line number Diff line change
Expand Up @@ -200,6 +200,10 @@ if [ -d "${MANIFESTS}"/conf/keys ]; then
if [ ! -d "conf/keys/platform" ]; then
ln -sf "${MANIFESTS}"/conf/keys/platform conf/keys/platform
fi
# Link Composefs keys
if [ ! -d "conf/keys/cfs" ]; then
ln -sf "${MANIFESTS}"/conf/keys/cfs conf/keys/cfs
fi
fi

# Factory specific keys (unique per factory)
Expand Down Expand Up @@ -237,6 +241,10 @@ if [ -d "${MANIFESTS}"/factory-keys ]; then
if [ -d "${MANIFESTS}"/factory-keys/platform ] && [ ! -d "conf/factory-keys/platform" ]; then
ln -sf "${MANIFESTS}"/factory-keys/platform conf/factory-keys/platform
fi
# Link Composefs keys
if [ ! -d "conf/keys/cfs" ]; then
ln -sf "${MANIFESTS}"/conf/keys/cfs conf/keys/cfs
fi
fi

ln -sf "${MANIFESTS}"/conf/bblayers.conf conf/bblayers.conf
Expand Down

0 comments on commit ee36d95

Please sign in to comment.