Age | Commit message (Collapse) | Author | Files | Lines |
|
I also couldn't ignore that the same function had both a void *infile
and a char *inFile. The inFile variable is clearly a filename, why not
call it that.
Fixes: CID 263054 and 263051
Signed-off-by: Cyril Bur <cyril.bur@au1.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
The sb-signing-utils project has improved upon the skeleton
create-container tool that existed in skiboot, including
being able to (quite easily) create *signed* images.
This commit brings in that code (and makes it build in the
skiboot build environment) and updates our skiboot.*.stb
generating code to use the development keys.
We also update print-container as well, syncing it with the
upstream project.
Derived from github.com:open-power/sb-signing-utils.git
at v0.3-5-gcb111c03ad7f
(and yes, changes here will be submitted upstream)
Cc: Dave Heller <hellerda@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
OpenSSL has some API changes which causes a build break in libstb.
Specifically, directly accessing some members of a signature now requires using
a helper.
This fixes things in OpenSSL 1.1 and has no effect on OpenSSL 1.0.
The build failure was as follows:
[ HOSTCC ] libstb/create-container.c
In file included from /usr/include/openssl/asn1.h:24:0,
from /usr/include/openssl/ec.h:30,
from libstb/create-container.c:36:
libstb/create-container.c: In function ‘getSigRaw’:
libstb/create-container.c:104:31: error: dereferencing pointer to incomplete
type ‘ECDSA_SIG {aka struct ECDSA_SIG_st}’
rlen = BN_num_bytes(signature->r);
^
Signed-off-by: Russell Currey <ruscur@russell.cc>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Signed-off-by: Dave Heller <hellerda@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
This adds support for writing all the public key and signature fields to the
container header, and for dumping the prefix and software headers so they may
may be signed, and for signing those headers with the imprint keys.
Signed-off-by: Dave Heller <hellerda@linux.vnet.ibm.com>
[stewart@linux.vnet.ibm.com: fixup warnings&build, include openssl-devel in CI dockerfiles]
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
We produce **UNSIGNED** skiboot.lid.stb and skiboot.lid.xz.stb as build
artifacts
These are suitable blobs for flashing onto Trusted Boot enabled op-build
builds *WITH* the secure boot jumpers *ON* (i.e. *NOT* in secure mode).
It's just enough of the Secure and Trusted Boot container format to
make Hostboot behave.
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
Tested-by: Gavin Shan <gwshan@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|