meta/meta-mediatek-gpl/recipes-devtools/android-tools/android-tools-avbtool/0001-security-boot-add-avbtool-support-hsm.patch - T103 - Gitiles

 From 92eac8dd843a5f00b837b6eff79c91a500ba85e3 Mon Sep 17 00:00:00 2001
 From: darrenchen <Darren.Chen@mediatek.com>
 Date: Fri, 16 Nov 2018 11:48:02 +0800
 Subject: [PATCH] security boot: add avbtool support hsm

 add avbtool support hsm
 modify signing_helper to signing_helper_with_files

 Test: OK

 Signed-off-by: Darren Chen <Darren.Chen@mediatek.com>
 CR-Id: AUTO00000778
 ---
  avbtool | 27 ++++++++++++++++-----------
  1 file changed, 16 insertions(+), 11 deletions(-)

 diff --git a/avbtool b/avbtool
 index 10ff39a..81f1f7b 100755
 --- a/avbtool
 +++ b/avbtool
 @@ -420,24 +420,29 @@ def raw_sign(signing_helper, algorithm_name, signature_num_bytes, key_path,
    """
    p = None
    if signing_helper is not None:
 +    signing_file = tempfile.NamedTemporaryFile()
 +    signing_file.write(str(raw_data_to_sign))
 +    signing_file.flush()
      p = subprocess.Popen(
 -        [signing_helper, algorithm_name, key_path],
 -        stdin=subprocess.PIPE,
 -        stdout=subprocess.PIPE,
 -        stderr=subprocess.PIPE)
 +      [signing_helper, os.getenv("VERIFIED_KEY"), "none", "raw", signing_file.name])
 +    retcode = p.wait()
 +    if retcode != 0:
 +      raise AvbError('Error signing')
 +    signing_file.seek(0)
 +    signature = bytearray(signing_file.read())
    else:
      p = subprocess.Popen(
          ['openssl', 'rsautl', '-sign', '-inkey', key_path, '-raw'],
          stdin=subprocess.PIPE,
          stdout=subprocess.PIPE,
          stderr=subprocess.PIPE)
 -  (pout, perr) = p.communicate(str(raw_data_to_sign))
 -  retcode = p.wait()
 -  if retcode != 0:
 -    raise AvbError('Error signing: {}'.format(perr))
 -  signature = bytearray(pout)
 -  if len(signature) != signature_num_bytes:
 -    raise AvbError('Error signing: Invalid length of signature')
 +    (pout, perr) = p.communicate(str(raw_data_to_sign))
 +    retcode = p.wait()
 +    if retcode != 0:
 +      raise AvbError('Error signing')
 +    signature = bytearray(pout)
 +    if len(signature) != signature_num_bytes:
 +      raise AvbError('Error signing: Invalid length of signature')
    return signature


 --
 2.18.0
	From 92eac8dd843a5f00b837b6eff79c91a500ba85e3 Mon Sep 17 00:00:00 2001
	From: darrenchen <Darren.Chen@mediatek.com>
	Date: Fri, 16 Nov 2018 11:48:02 +0800
	Subject: [PATCH] security boot: add avbtool support hsm

	add avbtool support hsm
	modify signing_helper to signing_helper_with_files

	Test: OK

	Signed-off-by: Darren Chen <Darren.Chen@mediatek.com>
	CR-Id: AUTO00000778
	---
	avbtool \| 27 ++++++++++++++++-----------
	1 file changed, 16 insertions(+), 11 deletions(-)

	diff --git a/avbtool b/avbtool
	index 10ff39a..81f1f7b 100755
	--- a/avbtool
	+++ b/avbtool
	@@ -420,24 +420,29 @@ def raw_sign(signing_helper, algorithm_name, signature_num_bytes, key_path,
	"""
	p = None
	if signing_helper is not None:
	+ signing_file = tempfile.NamedTemporaryFile()
	+ signing_file.write(str(raw_data_to_sign))
	+ signing_file.flush()
	p = subprocess.Popen(
	- [signing_helper, algorithm_name, key_path],
	- stdin=subprocess.PIPE,
	- stdout=subprocess.PIPE,
	- stderr=subprocess.PIPE)
	+ [signing_helper, os.getenv("VERIFIED_KEY"), "none", "raw", signing_file.name])
	+ retcode = p.wait()
	+ if retcode != 0:
	+ raise AvbError('Error signing')
	+ signing_file.seek(0)
	+ signature = bytearray(signing_file.read())
	else:
	p = subprocess.Popen(
	['openssl', 'rsautl', '-sign', '-inkey', key_path, '-raw'],
	stdin=subprocess.PIPE,
	stdout=subprocess.PIPE,
	stderr=subprocess.PIPE)
	- (pout, perr) = p.communicate(str(raw_data_to_sign))
	- retcode = p.wait()
	- if retcode != 0:
	- raise AvbError('Error signing: {}'.format(perr))
	- signature = bytearray(pout)
	- if len(signature) != signature_num_bytes:
	- raise AvbError('Error signing: Invalid length of signature')
	+ (pout, perr) = p.communicate(str(raw_data_to_sign))
	+ retcode = p.wait()
	+ if retcode != 0:
	+ raise AvbError('Error signing')
	+ signature = bytearray(pout)
	+ if len(signature) != signature_num_bytes:
	+ raise AvbError('Error signing: Invalid length of signature')
	return signature


	--
	2.18.0