When GenContainer.py extracts a container image, a layout file
is created that specifies the format of header and components.
For container header with BOOT name, the signing key is expected
to be KEY_ID_OS1_PRIVATE. Correct it for not misleading.
Signed-off-by: Vincent Chen <vincent.chen@intel.com>
Since openssl 3.0.0, in commit 10203a34725e ("Support writing RSA
keys using the traditional format again"), the default format of
private key has been changed to PKCS#8.
Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
Convert the line endings stored for all text files in the repository to
LF. The majority previously used DOS-style CRLF line endings. Add a
.gitattributes file to enforce this and treat certain extensions as
never being text files.
Update PatchCheck.py to insist on LF line endings rather than CRLF.
However, its other checks fail on this commit due to lots of
pre-existing complaints that it only notices because the line endings
have changed.
Silicon/QemuSocPkg/FspBin/Patches/0001-Build-QEMU-FSP-2.0-binaries.patch
needs to be treated as binary since it contains a mixture of line
endings.
This change has implications depending on the client platform you are
using the repository from:
* Windows
The usual configuration for Git on Windows means that text files will
be checked out to the work tree with DOS-style CRLF line endings. If
that's not the case then you can configure Git to do so for the entire
machine with:
git config --global core.autocrlf true
or for just the repository with:
git config core.autocrlf true
Line endings will be normalised to LF when they are committed to the
repository. If you commit a text file with only LF line endings then it
will be converted to CRLF line endings in your work tree.
* Linux, MacOS and other Unices
The usual configuration for Git on such platforms is to check files out
of the repository with LF line endings. This is probably the right thing
for you. In the unlikely even that you are using Git on Unix but editing
or compiling on Windows for some reason then you may need to tweak your
configuration to force the use of CRLF line endings as described above.
* General
For more information see
https://docs.github.com/en/get-started/getting-started-with-git/configuring-git-to-handle-line-endings .
Fixes: https://github.com/slimbootloader/slimbootloader/issues/1400
Signed-off-by: Mike Crowe <mac@mcrowe.com>
Tools as MEU used for signing and generating key manifests
expects to pass abosulte openssl paths. Updating
get_openssl_path to return paths for linux cases.
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
Openssl 1.1.1 is an installable and it creates
openssl.exe in a bin folder.
default slimboot path: c:\Openssl\bin\openssl.exe
Added support to populate OPENSSL_PATH
from bin dir incase its available.
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
Currently this tools creates keys and replaces existing ones.
Added user confirmation before existings ones are replaced.
Selecting all replaces subsequent keys getting generated.
Update OS private key name to OS1_TestKey_Priv_RSA3072.pem.
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
KEY IDs are extended to include key type and sizes.
Platforms can configure corresponding RSA2048 and
RSA3072 KEY IDs. Updated tools to adjust hash type
based on key size.
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
Udated error handling for SBL Key dir and error
messages to guide user to use GenerateKeys tool.
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
This patch enables usage of key id for private keys
in slimboot repo. Key ids are configured in
BuildLoader and platform BoardConfig files.
SLIMBOOT_KEY_DIR is set to default folder outside
sblopen.
Generation of extrenal Keyhash OS key hash to be configured
for QEMU/CGL/APL with appropriate keys.
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
This patch adds support to key ids in single sign script.
Following pre-requistes to enable usage of key ids,
- Generate required RSA keys as per GenerateKeys.py
- SLIMBOOT_KEY_DIR env variable set to key folder
- Set private key paths to respective ids in
buildloader.py and boardconfigs files
- Update key hash store generation to use respective key ids
Enabling keyids in slimboot would be done subsequently.
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
CommonUtility.py – It contains common functionality
for signing and extraction Of public key info.
It adds the necessary structures for signed data.
SingleSign.py – It contains core functionality related
to openssl for sign operations. This script will
be enhanced for accessing key store.
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
