Gitiles
Code Review Sign In
192.168.1.100 / T103 / 1f884588077ad3476b9c91cbb0ee9ee0332bbb68^! / . / meta / meta-mediatek-gpl / recipes-devtools / android-tools / android-tools-avbtool / 0001-security-boot-add-avbtool-support-hsm.patch
commit1f884588077ad3476b9c91cbb0ee9ee0332bbb68[log] [tgz]
authorrjw <rjw@exm.com>Thu Jan 06 17:20:42 2022 +0800
committerrjw <rjw@exm.com>Thu Jan 06 17:20:42 2022 +0800
tree0b97d2c978423d60e27431d61ff4f2743d91fb34
parent07cecdc1811bfb478b53804b2ddc3c8f3f09cc16 [diff] [blame]
[Feature]add MT2731_MP2_MR2_SVN388 baseline version

Change-Id: Ief04314834b31e27effab435d3ca8ba33b499059

diff --git a/meta/meta-mediatek-gpl/recipes-devtools/android-tools/android-tools-avbtool/0001-security-boot-add-avbtool-support-hsm.patch b/meta/meta-mediatek-gpl/recipes-devtools/android-tools/android-tools-avbtool/0001-security-boot-add-avbtool-support-hsm.patch
new file mode 100644
index 0000000..a4e96e1
--- /dev/null
+++ b/meta/meta-mediatek-gpl/recipes-devtools/android-tools/android-tools-avbtool/0001-security-boot-add-avbtool-support-hsm.patch

@@ -0,0 +1,64 @@
+From 92eac8dd843a5f00b837b6eff79c91a500ba85e3 Mon Sep 17 00:00:00 2001
+From: darrenchen <Darren.Chen@mediatek.com>
+Date: Fri, 16 Nov 2018 11:48:02 +0800
+Subject: [PATCH] security boot: add avbtool support hsm
+
+add avbtool support hsm
+modify signing_helper to signing_helper_with_files
+
+Test: OK
+
+Signed-off-by: Darren Chen <Darren.Chen@mediatek.com>
+CR-Id: AUTO00000778
+---
+ avbtool | 27 ++++++++++++++++-----------
+ 1 file changed, 16 insertions(+), 11 deletions(-)
+
+diff --git a/avbtool b/avbtool
+index 10ff39a..81f1f7b 100755
+--- a/avbtool
++++ b/avbtool
+@@ -420,24 +420,29 @@ def raw_sign(signing_helper, algorithm_name, signature_num_bytes, key_path,
+   """
+   p = None
+   if signing_helper is not None:
++    signing_file = tempfile.NamedTemporaryFile()
++    signing_file.write(str(raw_data_to_sign))
++    signing_file.flush()
+     p = subprocess.Popen(
+-        [signing_helper, algorithm_name, key_path],
+-        stdin=subprocess.PIPE,
+-        stdout=subprocess.PIPE,
+-        stderr=subprocess.PIPE)
++      [signing_helper, os.getenv("VERIFIED_KEY"), "none", "raw", signing_file.name])
++    retcode = p.wait()
++    if retcode != 0:
++      raise AvbError('Error signing')
++    signing_file.seek(0)
++    signature = bytearray(signing_file.read())
+   else:
+     p = subprocess.Popen(
+         ['openssl', 'rsautl', '-sign', '-inkey', key_path, '-raw'],
+         stdin=subprocess.PIPE,
+         stdout=subprocess.PIPE,
+         stderr=subprocess.PIPE)
+-  (pout, perr) = p.communicate(str(raw_data_to_sign))
+-  retcode = p.wait()
+-  if retcode != 0:
+-    raise AvbError('Error signing: {}'.format(perr))
+-  signature = bytearray(pout)
+-  if len(signature) != signature_num_bytes:
+-    raise AvbError('Error signing: Invalid length of signature')
++    (pout, perr) = p.communicate(str(raw_data_to_sign))
++    retcode = p.wait()
++    if retcode != 0:
++      raise AvbError('Error signing')
++    signature = bytearray(pout)
++    if len(signature) != signature_num_bytes:
++      raise AvbError('Error signing: Invalid length of signature')
+   return signature
+ 
+ 
+-- 
+2.18.0
+