| rjw | 1f88458 | 2022-01-06 17:20:42 +0800 | [diff] [blame^] | 1 | From 92eac8dd843a5f00b837b6eff79c91a500ba85e3 Mon Sep 17 00:00:00 2001 |
| 2 | From: darrenchen <Darren.Chen@mediatek.com> |
| 3 | Date: Fri, 16 Nov 2018 11:48:02 +0800 |
| 4 | Subject: [PATCH] security boot: add avbtool support hsm |
| 5 | |
| 6 | add avbtool support hsm |
| 7 | modify signing_helper to signing_helper_with_files |
| 8 | |
| 9 | Test: OK |
| 10 | |
| 11 | Signed-off-by: Darren Chen <Darren.Chen@mediatek.com> |
| 12 | CR-Id: AUTO00000778 |
| 13 | --- |
| 14 | avbtool | 27 ++++++++++++++++----------- |
| 15 | 1 file changed, 16 insertions(+), 11 deletions(-) |
| 16 | |
| 17 | diff --git a/avbtool b/avbtool |
| 18 | index 10ff39a..81f1f7b 100755 |
| 19 | --- a/avbtool |
| 20 | +++ b/avbtool |
| 21 | @@ -420,24 +420,29 @@ def raw_sign(signing_helper, algorithm_name, signature_num_bytes, key_path, |
| 22 | """ |
| 23 | p = None |
| 24 | if signing_helper is not None: |
| 25 | + signing_file = tempfile.NamedTemporaryFile() |
| 26 | + signing_file.write(str(raw_data_to_sign)) |
| 27 | + signing_file.flush() |
| 28 | p = subprocess.Popen( |
| 29 | - [signing_helper, algorithm_name, key_path], |
| 30 | - stdin=subprocess.PIPE, |
| 31 | - stdout=subprocess.PIPE, |
| 32 | - stderr=subprocess.PIPE) |
| 33 | + [signing_helper, os.getenv("VERIFIED_KEY"), "none", "raw", signing_file.name]) |
| 34 | + retcode = p.wait() |
| 35 | + if retcode != 0: |
| 36 | + raise AvbError('Error signing') |
| 37 | + signing_file.seek(0) |
| 38 | + signature = bytearray(signing_file.read()) |
| 39 | else: |
| 40 | p = subprocess.Popen( |
| 41 | ['openssl', 'rsautl', '-sign', '-inkey', key_path, '-raw'], |
| 42 | stdin=subprocess.PIPE, |
| 43 | stdout=subprocess.PIPE, |
| 44 | stderr=subprocess.PIPE) |
| 45 | - (pout, perr) = p.communicate(str(raw_data_to_sign)) |
| 46 | - retcode = p.wait() |
| 47 | - if retcode != 0: |
| 48 | - raise AvbError('Error signing: {}'.format(perr)) |
| 49 | - signature = bytearray(pout) |
| 50 | - if len(signature) != signature_num_bytes: |
| 51 | - raise AvbError('Error signing: Invalid length of signature') |
| 52 | + (pout, perr) = p.communicate(str(raw_data_to_sign)) |
| 53 | + retcode = p.wait() |
| 54 | + if retcode != 0: |
| 55 | + raise AvbError('Error signing') |
| 56 | + signature = bytearray(pout) |
| 57 | + if len(signature) != signature_num_bytes: |
| 58 | + raise AvbError('Error signing: Invalid length of signature') |
| 59 | return signature |
| 60 | |
| 61 | |
| 62 | -- |
| 63 | 2.18.0 |
| 64 | |