From patchwork Thu Sep 7 09:09:01 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Maciej Pijanowski X-Patchwork-Id: 810919 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=googlegroups.com (client-ip=2a00:1450:400c:c09::23d; helo=mail-wm0-x23d.google.com; envelope-from=swupdate+bncbdil3gp4wumrbcuzytgqkgqe7ufx65a@googlegroups.com; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=googlegroups.com header.i=@googlegroups.com header.b="KTsVWNpG"; dkim-atps=neutral Received: from mail-wm0-x23d.google.com (mail-wm0-x23d.google.com [IPv6:2a00:1450:400c:c09::23d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3xnvkk0FnMz9sNV for ; Thu, 7 Sep 2017 19:08:29 +1000 (AEST) Received: by mail-wm0-x23d.google.com with SMTP id 132sf62718wmi.19 for ; Thu, 07 Sep 2017 02:08:29 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1504775307; cv=pass; d=google.com; s=arc-20160816; b=PY7FUpeGDpVuqbOuvd6g6xbjjHic67/zPaS5FQssDkW7A408fe7KVwkU1waZXAkSW4 IBzEr1mGcJEs8GSyV85DiBkyCxsrDFM3wQRHEtGNv+3SbdARnVM48ZGx9Km4onf5wkXO +37LWDAGebk1P/PtLAyx6fUlFATgMlbZtuYxVAFDzEVPervkXDPkNQfj9SHIOO/FIJLR 0tDrPLYqx0nS/B6bAnUUPJvNEJfqluyMT7C4OBJpuWhYbGug0mCqpdIfAT6GQnVKuLkd hAxgaF6crFa22Lsd0ss1Y6Iz+y4SmyEzWSDAKqg9C7xyHoex5RyoWfrEKJNNpedeuLyn 5bOw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:message-id:date:subject:cc:to:from :arc-authentication-results:arc-message-signature:mime-version :sender:dkim-signature:arc-authentication-results; bh=b564b7p9fhEeCu3TwcsAhhM7pC0NxQK4u124jHWePVo=; b=xyXTsF6hPO0CoMB+juXkRqKRScMB9cHE+5vTFOerjLHEtrOi5nfD90zdbYMcHKappz TlmiGuR8Obbbd0/J2oZBol+pP+1k7PJs7ul7WWuSnYYkMmJd/wVrTxYXqcTuSeFnAfLr AYRHT5SPWkjsVYeSkCDqbQZIme3tpOq87HVLvcX3RSvF1XzRy7kXdcb2p51P/yUd1qpR kSOFSHQXZIVTlq3ee+dv43zybNoR0VCHm292Kpq6FjudKJvyJ7pgeOM8hwDx5Ok6K31S hme+2TjxqIUK5S7mwqqgOAQrEcrKAsmsPorB+BrwwvW7FINT1Z6sZe1MvgEPYx+7xtBm M3QA== ARC-Authentication-Results: i=2; gmr-mx.google.com; spf=neutral (google.com: 79.96.179.35 is neither permitted nor denied by best guess record for domain of maciej.pijanowski@3mdeb.com) smtp.mailfrom=maciej.pijanowski@3mdeb.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20161025; h=sender:mime-version:from:to:cc:subject:date:message-id :x-original-sender:x-original-authentication-results:precedence :mailing-list:list-id:list-post:list-help:list-archive :list-subscribe:list-unsubscribe; bh=b564b7p9fhEeCu3TwcsAhhM7pC0NxQK4u124jHWePVo=; b=KTsVWNpGgmBh5G6sIkRDOkta6IFPFufF4RcwHbdmS2Gbufp+SgXCg5aVUrKvsDpuMm yg7gt1lpEXjdhyvVP6r1IHkYkLkW6aFaOxUuAbnQ4y/+BMr3RXrMaEClX1alklZSAP2F DmFv2aBPvxkh0lkRAzanmooOURJUCZiXDN3fcsaUvr9AXcb4yw9ohGR34qg6amaZMVkY Ho3qJ8b0dffAviDLhcoNjiyL7Ms1fRHwIVzROuJV2e5PYFbrx4BS46EiowgHzR9cO/LC IOCD2n7iGWEZcQ5ZQJhzrXQqkRi3SfkBUtek6ga1Wl+KxeLlDk983k552LbwWVFiCfH4 tyfA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=sender:x-gm-message-state:mime-version:from:to:cc:subject:date :message-id:x-original-sender:x-original-authentication-results :precedence:mailing-list:list-id:x-spam-checked-in-group:list-post :list-help:list-archive:list-subscribe:list-unsubscribe; bh=b564b7p9fhEeCu3TwcsAhhM7pC0NxQK4u124jHWePVo=; b=Se0/sUPq3ib0lHv/GH6Wo1LiOhUsgzVmn4s0sWDIeI7ShadxG4STJuNP6VLn4gy5mB GPAAxt+0/q8bXCkI/uBJSn4khrvOx/yCUJqwDZMVeAV+UeMjMukMFlB36NJR0qyMIWG7 Ez8h8T/g1etkdAT3VEk04VqqX416IkXRDA/3z6kKpeaSdJN53jJsuVgh66u1sus07gB+ tDhU0FVNgfuwWAiwRMphUVzH1Gv5oCPpp2HjkiyQKivqPoTxXSsVB8I8vzWP5ikFik5Z ssA9texmesmR4XUT9jGbSfa8bz+E9nooWR94DIhU4HAOjHUgRZyWVthSz5DjGd32NPVc Noig== Sender: swupdate@googlegroups.com X-Gm-Message-State: AHPjjUh+6px+CKpMgVIasr+R8Hr3BrE+yxbVJfZTLCDTrRInx8Pd4WVe cdgg3b+fTRoxqw== X-Google-Smtp-Source: ADKCNb7HYHFLDU/ZjNZNzet2pUtvQotoVkz8SpDQDjYAHw8xpNLCX3Mc3rguZbiSrFfdjrhcDnqnFw== X-Received: by 10.28.72.135 with SMTP id v129mr321wma.22.1504775307015; Thu, 07 Sep 2017 02:08:27 -0700 (PDT) MIME-Version: 1.0 X-BeenThere: swupdate@googlegroups.com Received: by 10.28.178.145 with SMTP id b139ls28651wmf.13.gmail; Thu, 07 Sep 2017 02:08:26 -0700 (PDT) X-Received: by 10.28.6.76 with SMTP id 73mr16440wmg.26.1504775306596; Thu, 07 Sep 2017 02:08:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1504775306; cv=none; d=google.com; s=arc-20160816; b=Tw2dJAQCIhpwnnFi65VZ1yyMmQ3ofGelYLvDVL+r3we0JmIUcMvg44lNHQ5JxrV8Zt DwyBUfLvhHUrf7oAKzA0/o7Hew0M+AvTNPxIYCyAyLz2Op10ngXT2CKnyctVQcTdbO3g siYSkURvs8Yz4yz4vZ8E8cE8Q7WRDFO2QuooHNo3UtT52LgmBZpGMYF2h8oxmws+GmbY wYUJVlA7zafE4JE78Pe/rGScFqm6er++gmMM95lHKSpNmwNz1qUh70V0/+/UidrFev5J /JkEI3O4vTFQ+rEBxBEMLidm9Ol0DUuXoNTdZAb/gn3NNtfmFmtUGVMR6lKbEJV8qpjD yacA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=message-id:date:subject:cc:to:from:arc-authentication-results; bh=EDIThd/1aFs0n0FlnqlFGPbWXyyKNlcALANOKiuGyjc=; b=TmE+ytMUFO+BIyGTXL1Bk12nsTaJz4QI9rdov0QqcwAKtPkLc2lEZ8gP4OlLNpg8S7 UFvyjaK8O+xbttefcQh/thYBPb8CRFcye7/dBweSOa2HsjmC4bUTRo9cTgd7d/QrUcIm 7OqhVXRqQBkA8lIZ/VcbE10KxaFAPpUy5ciQH8wHazCWAkfXbTRJABr35AO7p/7pqLZ+ SfkaFmXQ3sQpysNb4gowPCQM4B9ymw8MWfYQTkI/KuQS2kd2bE6a8XRN1HsnMEu1jLd/ neBQBd+2L7lbcWDSPkKEbGpXD1bF23grbWPXcFWI3Jp/dJ+MymG2lUan7ho7eyPUAMmD SCtw== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=neutral (google.com: 79.96.179.35 is neither permitted nor denied by best guess record for domain of maciej.pijanowski@3mdeb.com) smtp.mailfrom=maciej.pijanowski@3mdeb.com Received: from cloudserver096301.home.net.pl (cloudserver096301.home.net.pl. [79.96.179.35]) by gmr-mx.google.com with ESMTPS id l133si8178wmb.3.2017.09.07.02.08.26 for (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Thu, 07 Sep 2017 02:08:26 -0700 (PDT) Received-SPF: neutral (google.com: 79.96.179.35 is neither permitted nor denied by best guess record for domain of maciej.pijanowski@3mdeb.com) client-ip=79.96.179.35; Received: from 81-95-197-197.metrolink.pl (81.95.197.197) (HELO localhost.localdomain) by serwer1539010.home.pl (79.96.179.35) with SMTP (IdeaSmtpServer 0.82) id 61acc45e3b424813; Thu, 7 Sep 2017 11:08:24 +0200 From: Maciej Pijanowski To: swupdate@googlegroups.com Cc: piotr.krol@3mdeb.com, diego.rondini@kynetics.com, Maciej Pijanowski Subject: [swupdate] [meta-swupdate][PATCH] README: update signing documentation Date: Thu, 7 Sep 2017 11:09:01 +0200 Message-Id: <1504775341-13994-1-git-send-email-maciej.pijanowski@3mdeb.com> X-Mailer: git-send-email 2.7.4 X-Original-Sender: maciej.pijanowski@3mdeb.com X-Original-Authentication-Results: gmr-mx.google.com; spf=neutral (google.com: 79.96.179.35 is neither permitted nor denied by best guess record for domain of maciej.pijanowski@3mdeb.com) smtp.mailfrom=maciej.pijanowski@3mdeb.com Precedence: list Mailing-list: list swupdate@googlegroups.com; contact swupdate+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: swupdate@googlegroups.com X-Google-Group-Id: 605343134186 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , Signed-off-by: Maciej Pijanowski --- README | 34 +++++++++++++++++++++++++--------- 1 file changed, 25 insertions(+), 9 deletions(-) diff --git a/README b/README index 2e50a72aad7f..793b38b1923f 100644 --- a/README +++ b/README @@ -21,18 +21,34 @@ image filename) are replaced with the sha256 hash of the image. SWU image signing ------------ -To enable signing: - Set SWUPDATE_SIGNING = "1" - Set SWUPDATE_PRIVATE_KEY to the full path of private key file +There are 3 signing mechanism supported by meta-swupdate at the moment: -sw-description is signed with the private key and the signature is writen to -sw-description.sig which is included in the SWU file. +1. RSA signing: -Encrypted private keys are not currently supported since a secure -mechanism must exist to provide the passphrase. + * Set variable: `SWUPDATE_SIGNING = "RSA"` + + * Set `SWUPDATE_PRIVATE_KEY` to the full path of private key file + +2. CMS signing: + + * Set variable: `SWUPDATE_SIGNING = "CMS"` + + * Set `SWUPDATE_CMS_CERT` to the full path of certificate file + + * Set `SWUPDATE_CMS_KEY ` to the full path of private key file -If SWUPDATE_SIGN_TOOL is set, SWUPDATE_PRIVATE_KEY is ignored and the string -contained in SWUPDATE_SIGN_TOOL is executed to perform the signing. +3. Custom signing tool: + + * Set variable: `SWUPDATE_SIGNING = "CUSTOM"` + + * Set variable `SWUPDATE_SIGN_TOOL' to custom string that needs to be + executed in order to perform the signing + +sw-description is signed and the signature is written to sw-description.sig +which is included in the SWU file. + +Encrypted private keys are not currently supported since a secure +mechanism must exist to provide the passphrase. Maintainer ----------