| Message ID | 20230913093846.51801-1-ayoub.zaki@embetrix.com |
|---|---|
| State | Accepted |
| Delegated to: | Stefano Babic |
| Headers | show
Return-Path: <swupdate+bncBDBKTZHRZUJRBKUGQ2UAMGQEZ2MKSKI@googlegroups.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
dkim=pass (2048-bit key;
unprotected) header.d=googlegroups.com header.i=@googlegroups.com
header.a=rsa-sha256 header.s=20230601 header.b=RnRj5IBG;
dkim-atps=neutral
Authentication-Results: legolas.ozlabs.org;
spf=pass (sender SPF authorized) smtp.mailfrom=googlegroups.com
(client-ip=2a00:1450:4864:20::63b; helo=mail-ej1-x63b.google.com;
envelope-from=swupdate+bncbdbktzhrzujrbkugq2uamgqez2mkski@googlegroups.com;
receiver=patchwork.ozlabs.org)
Received: from mail-ej1-x63b.google.com (mail-ej1-x63b.google.com
[IPv6:2a00:1450:4864:20::63b])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384)
(No client certificate requested)
by legolas.ozlabs.org (Postfix) with ESMTPS id 4RlwPr5w9Tz1yh0
for <incoming@patchwork.ozlabs.org>; Wed, 13 Sep 2023 19:38:55 +1000 (AEST)
Received: by mail-ej1-x63b.google.com with SMTP id
a640c23a62f3a-98e40d91fdfsf459382166b.3
for <incoming@patchwork.ozlabs.org>;
Wed, 13 Sep 2023 02:38:55 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1694597931; cv=pass;
d=google.com; s=arc-20160816;
b=a0vgoOd8YLpDXetncRZb+y4smHFTACchke1qIM+3nH21OVMpT9PBJg/pHTUp3cegUl
WHthJ51+OKR/oNIyBfq/63P58Z2E0TkDQB7xa6i0IuiPTxrSpZKoPHK/5/O8dqkOlZWs
cZV3+xGl7r5xHbxONcke15y5k7U/Voh9xvlKcFvY1LoFbMBVP+Bfy+3IfX7XL5WXvMjV
RNaz7+aQNOm6aWNo7esYBovBoC14ysJg8jkOzgJRmiu7rxGk+qxIzhKqZCMPZcnHBgSi
6snzmCdqb8Gjc2mKPiUnB/tUjPDBWoVjLsSbwcx5WYGfxZj+AZUZxqA+fl35odOeWiS/
MIFA==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:mime-version:message-id:date
:subject:cc:to:from:sender:dkim-signature;
bh=Bbok9t3KNKz7RM6GfV3O6lJp0uULG0y0KIH1t49F7Gc=;
fh=+OJORHqdqTgck03oywGhM24wqLll/i7F/sjzFdEpJxw=;
b=wGFLGe0hinmQipKk40zbPufrPlVNbkWalba+R/uM11xzvsOWmWjtBBFEoLehWxxC4p
sbldGrVO6PzQpXYiBFP2tGKyeLl4kAojttGuUG+5XdHfP+SWQQhBdQD+7lL23zYYvIsI
cpIp8Nc35rS1JK9ln7df0q0OeOGdyP1uOh/Z+KJcv7mEH6X/gZk6fVsXTrMaTqQJGY8k
gOYYcdFzHpc3tNCzIeZV2ilO+5Hr22Zdq6RtWvS9ITXupUhTnq/OTMJSfF9lbF7wZ0u0
7lgVg3FUXqZw+Hy9hkKWYJkDMVV/0TmJ2RMfiVjZR+fC2xpSv56uh4pxjQNFKtfwYLiy
5XFw==
ARC-Authentication-Results: i=2; gmr-mx.google.com;
dkim=pass header.i=@embetrix.com header.s=rsa2 header.b="P+MBk/v4";
dkim=neutral (no key) header.i=@embetrix.com header.s=ed2
header.b=4AjDEJcn;
spf=neutral (google.com: 2a02:2350:5:505::1 is neither permitted nor
denied by best guess record for domain of ayoub.zaki@embetrix.com)
smtp.mailfrom=ayoub.zaki@embetrix.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=googlegroups.com; s=20230601; t=1694597931; x=1695202731;
darn=patchwork.ozlabs.org;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:x-original-authentication-results
:x-original-sender:mime-version:message-id:date:subject:cc:to:from
:sender:from:to:cc:subject:date:message-id:reply-to;
bh=Bbok9t3KNKz7RM6GfV3O6lJp0uULG0y0KIH1t49F7Gc=;
b=RnRj5IBGoForw/xhfv+2P8d4D6KcZKGLnzhf2Hy/Yrp5qiOHCDCabHhWD31kK8NMH6
+NlKh7cg7oeYe8p9xXoTs0K90p3io5CLG3vwHDs/i7v5jJyR859Z1/rIXjI0yF8/PNab
43IHeUQxDlONL/HaPTKL054FcJ3mHq9RhzQNBijyufeof0wagb2UXgJqVL3SYMC1O8y3
QEb7wsAYeRj7MJugbiloNvl+J+V9+sh8yohIGdN8/BueoMBTC2g+lPxY0+iVW4GhHMYg
2/c4RNvedeaHGHdo0H7aaZWIRhSZ14PcvAtGn5+lK74FE5ahZwIjgMcr9bvgHFbwL3Tc
hK4Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1694597931; x=1695202731;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:x-spam-checked-in-group:list-id:mailing-list:precedence
:x-original-authentication-results:x-original-sender:mime-version
:message-id:date:subject:cc:to:from:x-beenthere:x-gm-message-state
:sender:from:to:cc:subject:date:message-id:reply-to;
bh=Bbok9t3KNKz7RM6GfV3O6lJp0uULG0y0KIH1t49F7Gc=;
b=OSqmnL+rdB2VYticM+NXkw/+0iiHkngucu8rDH1lpSu/OfUsXr9UrgSPN48Skn4sTo
zYB9vDN2yOe+vtpgGWvmxl1CwnmBG0+626d/pZz6nScDZlhYwT75n9tBOejpNgdMyUJk
DQ5Rvm/oZB2Jk5YzMwGXywFE0TR4M5yPkVntRWMr7E5eAJoKliUIRRXKpnn+SPF/q3AN
N589uQ//ltCx+R5J+NJYtbti4kNexscfSahu6hU6GxWyp3oYAHz1hQ69fICREWA2RJhW
n5SMz2AQxD24CtU+OGuNnnM5WdhoQgTUvzbmtc5+aENqUXRlVswqlmtc27sXVfptly91
/48g==
Sender: swupdate@googlegroups.com
X-Gm-Message-State: AOJu0Yw4R+EBXKk6q5N4B/QSxafPLYl5zUoGC+kYyd26eLbPVHQV41EZ
8ImVmNGIQROYN85BpnPEmc0=
X-Google-Smtp-Source:
AGHT+IHN8xxVAcq1IghLbi5bPsEj/GamgcdLSjX20CqUxyk3VlRC0HZtPUxaBwHE+FEE5ZXwtpCZGA==
X-Received: by 2002:aa7:d8c3:0:b0:52a:841:bc56 with SMTP id
k3-20020aa7d8c3000000b0052a0841bc56mr2124551eds.1.1694597930918;
Wed, 13 Sep 2023 02:38:50 -0700 (PDT)
X-BeenThere: swupdate@googlegroups.com
Received: by 2002:a05:6402:500f:b0:52f:489a:d0f with SMTP id
p15-20020a056402500f00b0052f489a0d0fls702755eda.2.-pod-prod-08-eu; Wed, 13
Sep 2023 02:38:49 -0700 (PDT)
X-Received: by 2002:aa7:c615:0:b0:52e:1d58:a6fc with SMTP id
h21-20020aa7c615000000b0052e1d58a6fcmr1822769edq.5.1694597929032;
Wed, 13 Sep 2023 02:38:49 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1694597929; cv=none;
d=google.com; s=arc-20160816;
b=dSTJjkut3RGUYF8fg7b0Hm74djRsRfBxSGJrKMMt7iinLRkRFtDw+SY7MKSuQ5EOnk
Sorm23PYvz3jbtoDS02LCABvGb5xExngS0zlFgzGAxHjZ7xFLI0Xe2X/+TtqpeCuoCQZ
9ZS2XMV+L5DMfXOSEiGhvniCnHIHkHOenr3gtdb2G+oReyO/TIkddst1qAVsE2bxTGlo
Z7ZzkROusXde0IEU6Vxnf99h+abMZkFYLvuSiSajJgWTKe+Cgxbu8OoNJ/qJ0B7j4cJe
P1GkirzkIN87Mxc0gftwOipUr6vX2WpsDPW0Ie3Hs2rUiCX3vMh3tcSYzU7enrRUmmnY
rcyQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=content-transfer-encoding:mime-version:message-id:date:subject:cc
:to:from:dkim-signature:dkim-signature;
bh=rjasSdm3Pzk2vhdaQbD4v7o/M4Zy2j4wmJYCdNONSoE=;
fh=+OJORHqdqTgck03oywGhM24wqLll/i7F/sjzFdEpJxw=;
b=Kuiab1kHXjKNrsYo9kAn12QLaiRy4R0brJ3o2WyIdL4v9nKF5E0/dtCLfK68pHhkm7
R9gEbYRRlaYBhu2CyeMg0Z6qUkGDZ8iwMcoAqPivDiWzAAiG0w2MNAEJ+x1em/4Jcj+t
UmA9b3vLL3b+CYGDOC6er2eWUHLvYQR6qgj/kFtvS2AYIPxsItl+CQpMgLuYKn+y91nj
fLlh7XDiSkjZsU0UpWPwsrZJqw5/xIZOjGz6Xq4ZylRxlDTFcBW7XZ4oImIfZiO2I5MK
p6j0oeFNrs0HmE2CMa328uvIIjNlBPmBn8krK1fwSQ9uLR21aQ19cUTZk97qAsosu+J8
NJeQ==
ARC-Authentication-Results: i=1; gmr-mx.google.com;
dkim=pass header.i=@embetrix.com header.s=rsa2 header.b="P+MBk/v4";
dkim=neutral (no key) header.i=@embetrix.com header.s=ed2
header.b=4AjDEJcn;
spf=neutral (google.com: 2a02:2350:5:505::1 is neither permitted nor
denied by best guess record for domain of ayoub.zaki@embetrix.com)
smtp.mailfrom=ayoub.zaki@embetrix.com
Received: from mailrelay6-3.pub.mailoutpod2-cph3.one.com
(mailrelay6-3.pub.mailoutpod2-cph3.one.com. [2a02:2350:5:505::1])
by gmr-mx.google.com with ESMTPS id
q8-20020a056402248800b0052c258ede41si949195eda.0.2023.09.13.02.38.48
for <swupdate@googlegroups.com>
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Wed, 13 Sep 2023 02:38:48 -0700 (PDT)
Received-SPF: neutral (google.com: 2a02:2350:5:505::1 is neither permitted nor
denied by best guess record for domain of ayoub.zaki@embetrix.com)
client-ip=2a02:2350:5:505::1;
X-HalOne-ID: 5664cfb1-5219-11ee-ab56-6f01c1d0a443
Received: from xps13.fritz.box
(dynamic-2a02-3102-8c10-00a0-ec00-4884-e443-6b0d.310.pool.telefonica.de
[2a02:3102:8c10:a0:ec00:4884:e443:6b0d])
by mailrelay6 (Halon) with ESMTPSA
id 5664cfb1-5219-11ee-ab56-6f01c1d0a443;
Wed, 13 Sep 2023 09:38:48 +0000 (UTC)
From: Ayoub Zaki <ayoub.zaki@embetrix.com>
To: swupdate@googlegroups.com
Cc: Ayoub Zaki <ayoub.zaki@embetrix.com>
Subject: [swupdate] [PATCH 1/1] doc encrypted_images: add note on how to
import encryption key to PKCS#11 token
Date: Wed, 13 Sep 2023 11:38:46 +0200
Message-Id: <20230913093846.51801-1-ayoub.zaki@embetrix.com>
X-Mailer: git-send-email 2.34.1
MIME-Version: 1.0
X-Original-Sender: ayoub.zaki@embetrix.com
X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass
header.i=@embetrix.com header.s=rsa2 header.b="P+MBk/v4"; dkim=neutral
(no key) header.i=@embetrix.com header.s=ed2 header.b=4AjDEJcn;
spf=neutral (google.com: 2a02:2350:5:505::1 is neither permitted nor
denied by best guess record for domain of ayoub.zaki@embetrix.com)
smtp.mailfrom=ayoub.zaki@embetrix.com
Content-Type: text/plain; charset="UTF-8"
Precedence: list
Mailing-list: list swupdate@googlegroups.com;
contact swupdate+owners@googlegroups.com
List-ID: <swupdate.googlegroups.com>
X-Spam-Checked-In-Group: swupdate@googlegroups.com
X-Google-Group-Id: 605343134186
List-Post: <https://groups.google.com/group/swupdate/post>,
<mailto:swupdate@googlegroups.com>
List-Help: <https://groups.google.com/support/>,
<mailto:swupdate+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/swupdate
List-Subscribe: <https://groups.google.com/group/swupdate/subscribe>,
<mailto:swupdate+subscribe@googlegroups.com>
List-Unsubscribe:
<mailto:googlegroups-manage+605343134186+unsubscribe@googlegroups.com>,
<https://groups.google.com/group/swupdate/subscribe>
|
| Series |
[1/1] doc encrypted_images: add note on how to import encryption key to PKCS#11 token
|
expand
|
diff --git a/doc/source/encrypted_images.rst b/doc/source/encrypted_images.rst index 611f3dc..2b7c1ee 100644 --- a/doc/source/encrypted_images.rst +++ b/doc/source/encrypted_images.rst @@ -99,3 +99,10 @@ containing at least the elements of this example: :: pkcs11:slot-id=42;id=%CA%FE%BA%BE?pin-value=1234&module-path=/usr/lib/libsofthsm2.so 65D793B87B6724BB27954C7664F15FF3 + +The encryption key can be imported to the PKCS#11 token by using ``pkcs11-tool`` as follow: + +:: + + echo -n "390ad54490a4a5f53722291023c19e08ffb5c4677a59e958c96ffa6e641df040" | xxd -p -r > swupdate-aes-key.bin + pkcs11-tool --module /usr/lib/libsofthsm2.so --slot 0x42 --login --write-object swupdate-aes-key.bin --id CAFEBABE --label swupdate-aes-key --type secrkey --key-type AES:32
Signed-off-by: Ayoub Zaki <ayoub.zaki@embetrix.com> --- doc/source/encrypted_images.rst | 7 +++++++ 1 file changed, 7 insertions(+)