blob: 6266ee32a95f5ad63b7d7e28d4f132954a7e3134 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
#!/bin/bash -x
PAYLOAD=$1
OUTPUT=$2
if [ ! -f $PAYLOAD ]; then
echo "Can't read PAYLOAD";
exit 1;
fi
KEYLOC="/tmp/keys"
T=`mktemp -d`
# Build enough of the container to create the Prefix and Software headers.
# (reuse HW key for SW key P)
./create-container -a $KEYLOC/hw_key_a.key -b $KEYLOC/hw_key_b.key -c $KEYLOC/hw_key_c.key \
-p $KEYLOC/hw_key_a.key \
--payload $PAYLOAD --imagefile $OUTPUT \
--dumpPrefixHdr $T/prefix_hdr --dumpSwHdr $T/software_hdr
# Sign the Prefix header.
openssl dgst -SHA512 -sign $KEYLOC/hw_key_a.key $T/prefix_hdr > $T/hw_key_a.sig
openssl dgst -SHA512 -sign $KEYLOC/hw_key_b.key $T/prefix_hdr > $T/hw_key_b.sig
openssl dgst -SHA512 -sign $KEYLOC/hw_key_c.key $T/prefix_hdr > $T/hw_key_c.sig
# Sign the Software header.
openssl dgst -SHA512 -sign $KEYLOC/hw_key_a.key $T/software_hdr > $T/sw_key_p.sig
# Build the full container with signatures.
./create-container -a $KEYLOC/hw_key_a.key -b $KEYLOC/hw_key_b.key -c $KEYLOC/hw_key_c.key \
-p $KEYLOC/hw_key_a.key \
-A $T/hw_key_a.sig -B $T/hw_key_b.sig -C $T/hw_key_c.sig \
-P $T/sw_key_p.sig \
--payload $PAYLOAD --imagefile $OUTPUT
rm -rf $T
|
