Commit 21092c20 authored by Christoph Lauer's avatar Christoph Lauer Committed by Stefano Babic
Browse files

sign unencrypted sw-description



If sw-description is encrypted and signed, swupdate verifies the decrypted sw-description file (see core/stream_interface.c in swupdate code).
So the signature has to be created from the unencrypted sw-description as well.
Alternatively, the swupdate code needs to be changed to verify the encrypted sw-description.
Signed-off-by: default avatarChristoph Lauer <christoph.lauer@xtronic.de>
parent 9995157c
......@@ -140,7 +140,7 @@ def prepare_sw_description(d, s, list_for_cpio):
privkey,
passout,
os.path.join(s, 'sw-description.sig'),
os.path.join(s, 'sw-description'))
os.path.join(s, 'sw-description.plain' if encrypt else 'sw-description'))
if os.system(signcmd) != 0:
bb.fatal("Failed to sign sw-description with %s" % (privkey))
elif signing == "CMS":
......@@ -160,7 +160,7 @@ def prepare_sw_description(d, s, list_for_cpio):
else:
passout = ""
signcmd = "openssl cms -sign -in '%s' -out '%s' -signer '%s' -inkey '%s' %s -outform DER -nosmimecap -binary" % (
os.path.join(s, 'sw-description'),
os.path.join(s, 'sw-description.plain' if encrypt else 'sw-description'),
os.path.join(s, 'sw-description.sig'),
cms_cert,
cms_key,
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment