diff options
| author | Andrey V.Kosteltsev <AKosteltsev@IBS.RU> | 2022-08-05 03:15:38 +0300 |
|---|---|---|
| committer | Andrey V.Kosteltsev <AKosteltsev@IBS.RU> | 2022-08-05 03:43:31 +0300 |
| commit | f79fa854d16baa58fe0161bd686e8c1f97ec8a35 (patch) | |
| tree | 674b1bcea96e0845d1977176fb98927aac7e9f9d /meta-ibs/meta-cp2-5422/recipes-phosphor/flash | |
| parent | 93c6f8678890cee8559b0685c300c51543310964 (diff) | |
| download | openbmc-f79fa854d16baa58fe0161bd686e8c1f97ec8a35.tar.xz | |
phosphor-software-manager: Sort images list to verify image-full.sig correctly
Diffstat (limited to 'meta-ibs/meta-cp2-5422/recipes-phosphor/flash')
4 files changed, 45 insertions, 37 deletions
diff --git a/meta-ibs/meta-cp2-5422/recipes-phosphor/flash/phosphor-software-manager/0001-Fix-gen-bios-tar-script.patch b/meta-ibs/meta-cp2-5422/recipes-phosphor/flash/phosphor-software-manager/0001-Fix-gen-bios-tar-script.patch deleted file mode 100644 index 27cf90de64..0000000000 --- a/meta-ibs/meta-cp2-5422/recipes-phosphor/flash/phosphor-software-manager/0001-Fix-gen-bios-tar-script.patch +++ /dev/null @@ -1,32 +0,0 @@ -From a279caec497be9c4c413add4aad23ccd3b24a713 Mon Sep 17 00:00:00 2001 -From: "Andrey V.Kosteltsev" <AKosteltsev@IBS.RU> -Date: Sat, 23 Jul 2022 14:28:48 +0300 -Subject: [PATCH] Fix gen-bios-tar script - ---- - gen-bios-tar | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/gen-bios-tar b/gen-bios-tar -index 837d496..7c59776 100755 ---- a/gen-bios-tar -+++ b/gen-bios-tar -@@ -47,7 +47,7 @@ F0nIdUAhR0yTfKM= - -----END PRIVATE KEY----- - ' - --do_sign=false -+do_sign=true - PRIVATE_KEY_PATH=${PRIVATE_KEY_PATH:-} - private_key_path="${PRIVATE_KEY_PATH}" - outfile="" -@@ -167,5 +167,5 @@ if [[ "${do_sign}" == true ]]; then - additional_files="*.sig" - fi - --tar -czvf "$outfile" "$files_to_sign" "$additional_files" -+tar -czvf $outfile $files_to_sign $additional_files - echo "Bios image tarball is at $outfile" --- -2.35.1 - diff --git a/meta-ibs/meta-cp2-5422/recipes-phosphor/flash/phosphor-software-manager/0001-IBS-Sort-images-list-to-verify-full-image-correctly.patch b/meta-ibs/meta-cp2-5422/recipes-phosphor/flash/phosphor-software-manager/0001-IBS-Sort-images-list-to-verify-full-image-correctly.patch new file mode 100644 index 0000000000..257a604d74 --- /dev/null +++ b/meta-ibs/meta-cp2-5422/recipes-phosphor/flash/phosphor-software-manager/0001-IBS-Sort-images-list-to-verify-full-image-correctly.patch @@ -0,0 +1,26 @@ +From d7aeac195462d075e3d598010394e19945284ec8 Mon Sep 17 00:00:00 2001 +From: "Andrey V.Kosteltsev" <AKosteltsev@IBS.RU> +Date: Fri, 5 Aug 2022 02:56:05 +0300 +Subject: [PATCH] IBS: Sort images list to verify full image correctly + +--- + image_verify.cpp | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/image_verify.cpp b/image_verify.cpp +index 098ad9d..e8ca62d 100644 +--- a/image_verify.cpp ++++ b/image_verify.cpp +@@ -102,6 +102,9 @@ bool Signature::verifyFullImage() + fs::path(imageDirPath) / "MANIFEST.sig", + fs::path(imageDirPath) / "publickey.sig"}; + ++ // Sort items like make_signatures() in image_types_phosphor.bbclass ++ sort(fullImages.begin(), fullImages.end()); ++ + // Merge files + std::string tmpFullFile = "/tmp/image-full"; + utils::mergeFiles(fullImages, tmpFullFile); +-- +2.35.1 + diff --git a/meta-ibs/meta-cp2-5422/recipes-phosphor/flash/phosphor-software-manager/gen-bios-tarball b/meta-ibs/meta-cp2-5422/recipes-phosphor/flash/phosphor-software-manager/gen-bios-tarball index d7e54bee38..9160451da8 100644 --- a/meta-ibs/meta-cp2-5422/recipes-phosphor/flash/phosphor-software-manager/gen-bios-tarball +++ b/meta-ibs/meta-cp2-5422/recipes-phosphor/flash/phosphor-software-manager/gen-bios-tarball @@ -7,7 +7,7 @@ Generates a Bios image tarball from given file as input. Creates a MANIFEST for image verification and recreation Packages the image and MANIFEST together in a tarball -usage: gen-bios-tar [OPTION] <Bios FILE>... +usage: gen-bios-tarball [OPTION] <Bios FILE>... Options: -o, --out <file> Specify destination file. Defaults to @@ -21,7 +21,7 @@ Options: -v, --version <name> Specify the version of bios image file. -e, --extended-version <name> Specify the Extended Version of bios image file -c, --compatible-name <name> Specify the name of bios image in tarball. - Default: 'bios-image'. + Default: 'image-hostfw'. -h, --help Display this help text and exit. ' @@ -48,6 +48,7 @@ cM5FN5UeMcwz+yjfHAsePMkcmMaU7jUCQHlg9+N8upXuIo7Dqj2zOU7nMmkgvSNE 6ATvfP1Vrx4CbP11eKXbCsZ9OGPHSgyvVjn68oY5ZP3uPsIattoN7dE2BRfuJm7m F0nIdUAhR0yTfKM= -----END PRIVATE KEY----- + ' do_sign=true @@ -57,7 +58,7 @@ outfile="" machine="" version="" extended_version="" -compatible_name="bios-image" +compatible_name="image-hostfw" while [[ $# -gt 0 ]]; do key="$1" @@ -171,6 +172,7 @@ if [[ -n "${machine}" ]]; then fi if [[ "${do_sign}" == true ]]; then + signature_files= private_key_name=$(basename "${private_key_path}") key_type="${private_key_name%.*}" echo KeyType="${key_type}" >> $manifest_location @@ -178,9 +180,17 @@ if [[ "${do_sign}" == true ]]; then for file in $files_to_sign; do openssl dgst -sha256 -sign "${private_key_path}" -out "${file}.sig" "$file" + signature_files="${signature_files} ${file}.sig" done - additional_files="*.sig" + if [ -n "$signature_files" ]; then + sort_signature_files=`echo "$signature_files" | tr ' ' '\n' | sort | tr '\n' ' '` + cat $sort_signature_files > image-full + openssl dgst -sha256 -sign ${private_key_path} -out image-full.sig image-full + signature_files="${signature_files} image-full.sig" + fi + + additional_files="${signature_files}" fi tar -czvf $outfile $files_to_sign $additional_files diff --git a/meta-ibs/meta-cp2-5422/recipes-phosphor/flash/phosphor-software-manager_%.bbappend b/meta-ibs/meta-cp2-5422/recipes-phosphor/flash/phosphor-software-manager_%.bbappend index 107dbed9f2..ae6d2a0140 100644 --- a/meta-ibs/meta-cp2-5422/recipes-phosphor/flash/phosphor-software-manager_%.bbappend +++ b/meta-ibs/meta-cp2-5422/recipes-phosphor/flash/phosphor-software-manager_%.bbappend @@ -4,10 +4,14 @@ PACKAGECONFIG:append = " verify_signature flash_bios" SRC_URI:append = " \ file://gen-bios-tarball \ - file://0001-Fix-gen-bios-tar-script.patch \ + file://0001-IBS-Sort-images-list-to-verify-full-image-correctly.patch \ file://0002-IBS-Use-usr-bin-flash-bios-tool-for-BIOS-update.patch \ " +EXTRA_OEMESON += "\ + -Doptional-images=image-hostfw \ + " + RDEPENDS:${PN} += " sila-flash-bios" do_provide_gen_bios_tarball () { |