From f79fa854d16baa58fe0161bd686e8c1f97ec8a35 Mon Sep 17 00:00:00 2001
From: "Andrey V.Kosteltsev" <AKosteltsev@IBS.RU>
Date: Fri, 5 Aug 2022 03:15:38 +0300
Subject: phosphor-software-manager: Sort images list to verify image-full.sig
 correctly

---
 .../0001-Fix-gen-bios-tar-script.patch             | 32 ----------------------
 ...mages-list-to-verify-full-image-correctly.patch | 26 ++++++++++++++++++
 .../phosphor-software-manager/gen-bios-tarball     | 18 +++++++++---
 .../flash/phosphor-software-manager_%.bbappend     |  6 +++-
 4 files changed, 45 insertions(+), 37 deletions(-)
 delete mode 100644 meta-ibs/meta-cp2-5422/recipes-phosphor/flash/phosphor-software-manager/0001-Fix-gen-bios-tar-script.patch
 create mode 100644 meta-ibs/meta-cp2-5422/recipes-phosphor/flash/phosphor-software-manager/0001-IBS-Sort-images-list-to-verify-full-image-correctly.patch

diff --git a/meta-ibs/meta-cp2-5422/recipes-phosphor/flash/phosphor-software-manager/0001-Fix-gen-bios-tar-script.patch b/meta-ibs/meta-cp2-5422/recipes-phosphor/flash/phosphor-software-manager/0001-Fix-gen-bios-tar-script.patch
deleted file mode 100644
index 27cf90de64..0000000000
--- a/meta-ibs/meta-cp2-5422/recipes-phosphor/flash/phosphor-software-manager/0001-Fix-gen-bios-tar-script.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From a279caec497be9c4c413add4aad23ccd3b24a713 Mon Sep 17 00:00:00 2001
-From: "Andrey V.Kosteltsev" <AKosteltsev@IBS.RU>
-Date: Sat, 23 Jul 2022 14:28:48 +0300
-Subject: [PATCH] Fix gen-bios-tar script
-
----
- gen-bios-tar | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/gen-bios-tar b/gen-bios-tar
-index 837d496..7c59776 100755
---- a/gen-bios-tar
-+++ b/gen-bios-tar
-@@ -47,7 +47,7 @@ F0nIdUAhR0yTfKM=
- -----END PRIVATE KEY-----
- '
- 
--do_sign=false
-+do_sign=true
- PRIVATE_KEY_PATH=${PRIVATE_KEY_PATH:-}
- private_key_path="${PRIVATE_KEY_PATH}"
- outfile=""
-@@ -167,5 +167,5 @@ if [[ "${do_sign}" == true ]]; then
-   additional_files="*.sig"
- fi
- 
--tar -czvf "$outfile" "$files_to_sign" "$additional_files"
-+tar -czvf $outfile $files_to_sign $additional_files
- echo "Bios image tarball is at $outfile"
--- 
-2.35.1
-
diff --git a/meta-ibs/meta-cp2-5422/recipes-phosphor/flash/phosphor-software-manager/0001-IBS-Sort-images-list-to-verify-full-image-correctly.patch b/meta-ibs/meta-cp2-5422/recipes-phosphor/flash/phosphor-software-manager/0001-IBS-Sort-images-list-to-verify-full-image-correctly.patch
new file mode 100644
index 0000000000..257a604d74
--- /dev/null
+++ b/meta-ibs/meta-cp2-5422/recipes-phosphor/flash/phosphor-software-manager/0001-IBS-Sort-images-list-to-verify-full-image-correctly.patch
@@ -0,0 +1,26 @@
+From d7aeac195462d075e3d598010394e19945284ec8 Mon Sep 17 00:00:00 2001
+From: "Andrey V.Kosteltsev" <AKosteltsev@IBS.RU>
+Date: Fri, 5 Aug 2022 02:56:05 +0300
+Subject: [PATCH] IBS: Sort images list to verify full image correctly
+
+---
+ image_verify.cpp | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/image_verify.cpp b/image_verify.cpp
+index 098ad9d..e8ca62d 100644
+--- a/image_verify.cpp
++++ b/image_verify.cpp
+@@ -102,6 +102,9 @@ bool Signature::verifyFullImage()
+         fs::path(imageDirPath) / "MANIFEST.sig",
+         fs::path(imageDirPath) / "publickey.sig"};
+ 
++    // Sort items like make_signatures() in image_types_phosphor.bbclass
++    sort(fullImages.begin(), fullImages.end());
++
+     // Merge files
+     std::string tmpFullFile = "/tmp/image-full";
+     utils::mergeFiles(fullImages, tmpFullFile);
+-- 
+2.35.1
+
diff --git a/meta-ibs/meta-cp2-5422/recipes-phosphor/flash/phosphor-software-manager/gen-bios-tarball b/meta-ibs/meta-cp2-5422/recipes-phosphor/flash/phosphor-software-manager/gen-bios-tarball
index d7e54bee38..9160451da8 100644
--- a/meta-ibs/meta-cp2-5422/recipes-phosphor/flash/phosphor-software-manager/gen-bios-tarball
+++ b/meta-ibs/meta-cp2-5422/recipes-phosphor/flash/phosphor-software-manager/gen-bios-tarball
@@ -7,7 +7,7 @@ Generates a Bios image tarball from given file as input.
 Creates a MANIFEST for image verification and recreation
 Packages the image and MANIFEST together in a tarball
 
-usage: gen-bios-tar [OPTION] <Bios FILE>...
+usage: gen-bios-tarball [OPTION] <Bios FILE>...
 
 Options:
    -o, --out <file>                Specify destination file. Defaults to
@@ -21,7 +21,7 @@ Options:
    -v, --version <name>            Specify the version of bios image file.
    -e, --extended-version <name>   Specify the Extended Version of bios image file
    -c, --compatible-name <name>    Specify the name of bios image in tarball.
-                                   Default: 'bios-image'.
+                                   Default: 'image-hostfw'.
    -h, --help                      Display this help text and exit.
 '
 
@@ -48,6 +48,7 @@ cM5FN5UeMcwz+yjfHAsePMkcmMaU7jUCQHlg9+N8upXuIo7Dqj2zOU7nMmkgvSNE
 6ATvfP1Vrx4CbP11eKXbCsZ9OGPHSgyvVjn68oY5ZP3uPsIattoN7dE2BRfuJm7m
 F0nIdUAhR0yTfKM=
 -----END PRIVATE KEY-----
+
 '
 
 do_sign=true
@@ -57,7 +58,7 @@ outfile=""
 machine=""
 version=""
 extended_version=""
-compatible_name="bios-image"
+compatible_name="image-hostfw"
 
 while [[ $# -gt 0 ]]; do
   key="$1"
@@ -171,6 +172,7 @@ if [[ -n "${machine}" ]]; then
 fi
 
 if [[ "${do_sign}" == true ]]; then
+  signature_files=
   private_key_name=$(basename "${private_key_path}")
   key_type="${private_key_name%.*}"
   echo KeyType="${key_type}" >> $manifest_location
@@ -178,9 +180,17 @@ if [[ "${do_sign}" == true ]]; then
 
   for file in $files_to_sign; do
     openssl dgst -sha256 -sign "${private_key_path}" -out "${file}.sig" "$file"
+    signature_files="${signature_files} ${file}.sig"
   done
 
-  additional_files="*.sig"
+  if [ -n "$signature_files" ]; then
+    sort_signature_files=`echo "$signature_files" | tr ' ' '\n' | sort | tr '\n' ' '`
+    cat $sort_signature_files > image-full
+    openssl dgst -sha256 -sign ${private_key_path} -out image-full.sig image-full
+    signature_files="${signature_files} image-full.sig"
+  fi
+
+  additional_files="${signature_files}"
 fi
 
 tar -czvf $outfile $files_to_sign $additional_files
diff --git a/meta-ibs/meta-cp2-5422/recipes-phosphor/flash/phosphor-software-manager_%.bbappend b/meta-ibs/meta-cp2-5422/recipes-phosphor/flash/phosphor-software-manager_%.bbappend
index 107dbed9f2..ae6d2a0140 100644
--- a/meta-ibs/meta-cp2-5422/recipes-phosphor/flash/phosphor-software-manager_%.bbappend
+++ b/meta-ibs/meta-cp2-5422/recipes-phosphor/flash/phosphor-software-manager_%.bbappend
@@ -4,10 +4,14 @@ PACKAGECONFIG:append = " verify_signature flash_bios"
 
 SRC_URI:append = " \
                   file://gen-bios-tarball \
-                  file://0001-Fix-gen-bios-tar-script.patch \
+                  file://0001-IBS-Sort-images-list-to-verify-full-image-correctly.patch \
                   file://0002-IBS-Use-usr-bin-flash-bios-tool-for-BIOS-update.patch \
                  "
 
+EXTRA_OEMESON += "\
+    -Doptional-images=image-hostfw \
+    "
+
 RDEPENDS:${PN} += " sila-flash-bios"
 
 do_provide_gen_bios_tarball () {
-- 
cgit v1.2.3