diff options
author | Jia Zhang <qianyue.zj@alibaba-inc.com> | 2017-11-21 09:29:33 -0500 |
---|---|---|
committer | Jia Zhang <qianyue.zj@alibaba-inc.com> | 2017-11-21 09:29:33 -0500 |
commit | a97b3363b63e8589b897e5dd357d6755d7d4c8c4 (patch) | |
tree | 8d27e6c5df88f46018fb8f80c2bf80287416eda4 | |
parent | 56033f310f3106f0c448e5b66b7eabbd2a0e7aa9 (diff) | |
download | meta-secure-core-a97b3363b63e8589b897e5dd357d6755d7d4c8c4.tar.gz |
scripts/create-user-key-store.sh: support to generate the user keys for modsign and extra system trusted key
Signed-off-by: Jia Zhang <qianyue.zj@alibaba-inc.com>
-rwxr-xr-x | meta-signing-key/scripts/create-user-key-store.sh | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/meta-signing-key/scripts/create-user-key-store.sh b/meta-signing-key/scripts/create-user-key-store.sh index 03c10a1..ddcd31a 100755 --- a/meta-signing-key/scripts/create-user-key-store.sh +++ b/meta-signing-key/scripts/create-user-key-store.sh | |||
@@ -97,6 +97,8 @@ MOK_SB_KEYS_DIR="$KEYS_DIR/mok_sb_keys" | |||
97 | SYSTEM_KEYS_DIR="$KEYS_DIR/system_trusted_keys" | 97 | SYSTEM_KEYS_DIR="$KEYS_DIR/system_trusted_keys" |
98 | IMA_KEYS_DIR="$KEYS_DIR/ima_keys" | 98 | IMA_KEYS_DIR="$KEYS_DIR/ima_keys" |
99 | RPM_KEYS_DIR="$KEYS_DIR/rpm_keys" | 99 | RPM_KEYS_DIR="$KEYS_DIR/rpm_keys" |
100 | MODSIGN_KEYS_DIR="$KEYS_DIR/modsign_keys" | ||
101 | EXTRA_SYSTEM_KEYS_DIR="$KEYS_DIR/extra_system_trusted_keys" | ||
100 | 102 | ||
101 | pem2der() { | 103 | pem2der() { |
102 | local src="$1" | 104 | local src="$1" |
@@ -190,6 +192,24 @@ create_system_user_key() { | |||
190 | "/CN=System Trusted Certificate/" | 192 | "/CN=System Trusted Certificate/" |
191 | } | 193 | } |
192 | 194 | ||
195 | create_modsign_user_key() { | ||
196 | local key_dir="$MODSIGN_KEYS_DIR" | ||
197 | |||
198 | [ ! -d "$key_dir" ] && mkdir -p "$key_dir" | ||
199 | |||
200 | ca_sign "$key_dir" modsign_key "$key_dir" modsign_key \ | ||
201 | "/CN=MODSIGN Certificate/" | ||
202 | } | ||
203 | |||
204 | create_extra_system_user_key() { | ||
205 | local key_dir="$EXTRA_SYSTEM_KEYS_DIR" | ||
206 | |||
207 | [ ! -d "$key_dir" ] && mkdir -p "$key_dir" | ||
208 | |||
209 | ca_sign "$key_dir" extra_system_trusted_key "$SYSTEM_KEYS_DIR" system_trusted_key \ | ||
210 | "/CN=Extra System Trusted Certificate/" | ||
211 | } | ||
212 | |||
193 | create_ima_user_key() { | 213 | create_ima_user_key() { |
194 | local key_dir="$IMA_KEYS_DIR" | 214 | local key_dir="$IMA_KEYS_DIR" |
195 | 215 | ||
@@ -277,6 +297,12 @@ create_user_keys() { | |||
277 | echo "Creating the user key for system" | 297 | echo "Creating the user key for system" |
278 | create_system_user_key | 298 | create_system_user_key |
279 | 299 | ||
300 | echo "Creating the user key for system extra" | ||
301 | create_extra_system_user_key | ||
302 | |||
303 | echo "Creating the user key for modsign" | ||
304 | create_modsign_user_key | ||
305 | |||
280 | echo "Creating the user key for IMA appraisal" | 306 | echo "Creating the user key for IMA appraisal" |
281 | create_ima_user_key | 307 | create_ima_user_key |
282 | 308 | ||