diff options
author | Dave Heller <hellerda@linux.vnet.ibm.com> | 2017-12-27 19:36:30 -0500 |
---|---|---|
committer | Dave Heller <hellerda@linux.vnet.ibm.com> | 2017-12-27 19:36:30 -0500 |
commit | 9b766cf98157c9a73c2f170c3caf0c17edb35443 (patch) | |
tree | a0664d5dcc829d7a4607af471124669ba2fcfa87 /crtSignedContainer.sh | |
parent | 7ac0dcd05bc06c83ec1abac2d63f3d2e2a439f64 (diff) | |
download | sb-signing-utils-9b766cf98157c9a73c2f170c3caf0c17edb35443.tar.gz sb-signing-utils-9b766cf98157c9a73c2f170c3caf0c17edb35443.zip |
Add basic support for independent signing mode
Signed-off-by: Dave Heller <hellerda@linux.vnet.ibm.com>
Diffstat (limited to 'crtSignedContainer.sh')
-rwxr-xr-x | crtSignedContainer.sh | 26 |
1 files changed, 16 insertions, 10 deletions
diff --git a/crtSignedContainer.sh b/crtSignedContainer.sh index 66e4030..776919f 100755 --- a/crtSignedContainer.sh +++ b/crtSignedContainer.sh @@ -471,7 +471,7 @@ test "$SB_DEBUG" && SF_DEBUG_ARGS="$SF_DEBUG_ARGS -d -stdout" # # Get the public keys # -if [ "$SIGN_MODE" == "local" ] +if [ "$SIGN_MODE" == "local" ] || [ "$SIGN_MODE" == "independent" ] then for KEY in a b c; do # This will evaluate the value of HW_KEY_A, HW_KEY_B, HW_KEY_C @@ -594,22 +594,28 @@ fi # # Build enough of the container to create the Prefix and Software headers # -echo "--> $P: Generating signing requests..." -create-container $HW_KEY_ARGS $SW_KEY_ARGS \ - --payload "$PAYLOAD" --imagefile "$OUTPUT" \ - --dumpPrefixHdr "$T/prefix_hdr" --dumpSwHdr "$T/software_hdr" \ - $DEBUG_ARGS \ - $ADDL_ARGS -rc=$? +if [ "$SIGN_MODE" == "independent" ] && [ "$SB_ARCHIVE_IN" ] +then + echo "--> $P: Attempting to re-use existing signing requests..." + # TODO: check that prefix_hdr and software_hdr files are available... +else + echo "--> $P: Generating signing requests..." + create-container $HW_KEY_ARGS $SW_KEY_ARGS \ + --payload "$PAYLOAD" --imagefile "$OUTPUT" \ + --dumpPrefixHdr "$T/prefix_hdr" --dumpSwHdr "$T/software_hdr" \ + $DEBUG_ARGS \ + $ADDL_ARGS + rc=$? -test $rc -ne 0 && die "Call to create-container failed with error: $rc" + test $rc -ne 0 && die "Call to create-container failed with error: $rc" +fi # # Prepare the HW and SW key signatures # FOUND="" -if [ "$SIGN_MODE" == "local" ] +if [ "$SIGN_MODE" == "local" ] || [ "$SIGN_MODE" == "independent" ] then for KEY in a b c; do SIGFILE=HW_key_$KEY.sig |