diff options
| author | Jia Zhang <qianyue.zj@alibaba-inc.com> | 2017-11-21 09:29:33 -0500 |
|---|---|---|
| committer | Jia Zhang <qianyue.zj@alibaba-inc.com> | 2017-11-21 09:29:33 -0500 |
| commit | a97b3363b63e8589b897e5dd357d6755d7d4c8c4 (patch) | |
| tree | 8d27e6c5df88f46018fb8f80c2bf80287416eda4 | |
| parent | 56033f310f3106f0c448e5b66b7eabbd2a0e7aa9 (diff) | |
| download | meta-secure-core-a97b3363b63e8589b897e5dd357d6755d7d4c8c4.tar.gz | |
scripts/create-user-key-store.sh: support to generate the user keys for modsign and extra system trusted key
Signed-off-by: Jia Zhang <qianyue.zj@alibaba-inc.com>
| -rwxr-xr-x | meta-signing-key/scripts/create-user-key-store.sh | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/meta-signing-key/scripts/create-user-key-store.sh b/meta-signing-key/scripts/create-user-key-store.sh index 03c10a1..ddcd31a 100755 --- a/meta-signing-key/scripts/create-user-key-store.sh +++ b/meta-signing-key/scripts/create-user-key-store.sh | |||
| @@ -97,6 +97,8 @@ MOK_SB_KEYS_DIR="$KEYS_DIR/mok_sb_keys" | |||
| 97 | SYSTEM_KEYS_DIR="$KEYS_DIR/system_trusted_keys" | 97 | SYSTEM_KEYS_DIR="$KEYS_DIR/system_trusted_keys" |
| 98 | IMA_KEYS_DIR="$KEYS_DIR/ima_keys" | 98 | IMA_KEYS_DIR="$KEYS_DIR/ima_keys" |
| 99 | RPM_KEYS_DIR="$KEYS_DIR/rpm_keys" | 99 | RPM_KEYS_DIR="$KEYS_DIR/rpm_keys" |
| 100 | MODSIGN_KEYS_DIR="$KEYS_DIR/modsign_keys" | ||
| 101 | EXTRA_SYSTEM_KEYS_DIR="$KEYS_DIR/extra_system_trusted_keys" | ||
| 100 | 102 | ||
| 101 | pem2der() { | 103 | pem2der() { |
| 102 | local src="$1" | 104 | local src="$1" |
| @@ -190,6 +192,24 @@ create_system_user_key() { | |||
| 190 | "/CN=System Trusted Certificate/" | 192 | "/CN=System Trusted Certificate/" |
| 191 | } | 193 | } |
| 192 | 194 | ||
| 195 | create_modsign_user_key() { | ||
| 196 | local key_dir="$MODSIGN_KEYS_DIR" | ||
| 197 | |||
| 198 | [ ! -d "$key_dir" ] && mkdir -p "$key_dir" | ||
| 199 | |||
| 200 | ca_sign "$key_dir" modsign_key "$key_dir" modsign_key \ | ||
| 201 | "/CN=MODSIGN Certificate/" | ||
| 202 | } | ||
| 203 | |||
| 204 | create_extra_system_user_key() { | ||
| 205 | local key_dir="$EXTRA_SYSTEM_KEYS_DIR" | ||
| 206 | |||
| 207 | [ ! -d "$key_dir" ] && mkdir -p "$key_dir" | ||
| 208 | |||
| 209 | ca_sign "$key_dir" extra_system_trusted_key "$SYSTEM_KEYS_DIR" system_trusted_key \ | ||
| 210 | "/CN=Extra System Trusted Certificate/" | ||
| 211 | } | ||
| 212 | |||
| 193 | create_ima_user_key() { | 213 | create_ima_user_key() { |
| 194 | local key_dir="$IMA_KEYS_DIR" | 214 | local key_dir="$IMA_KEYS_DIR" |
| 195 | 215 | ||
| @@ -277,6 +297,12 @@ create_user_keys() { | |||
| 277 | echo "Creating the user key for system" | 297 | echo "Creating the user key for system" |
| 278 | create_system_user_key | 298 | create_system_user_key |
| 279 | 299 | ||
| 300 | echo "Creating the user key for system extra" | ||
| 301 | create_extra_system_user_key | ||
| 302 | |||
| 303 | echo "Creating the user key for modsign" | ||
| 304 | create_modsign_user_key | ||
| 305 | |||
| 280 | echo "Creating the user key for IMA appraisal" | 306 | echo "Creating the user key for IMA appraisal" |
| 281 | create_ima_user_key | 307 | create_ima_user_key |
| 282 | 308 | ||