Right now, it is unclear where the certificates (and private keys) are
read from if environment variables are unset, and providing complete
paths in the device tree is not ideal. Naturally, it makes sense
to be able to decide where binman should look for the files, regardless
whether the keys are specified in the device tree or not.
Therefore, expand the etype to look for the necessary files from the
input path. Introduce a new variable to provide users the ability to
specify a custom path.
As a consequence of this change, the environment variables used to
specify the keys, e.g., `IMG_KEY', will be searched *relative* to the
input directories.
Signed-off-by: Brian Ruley <brian.ru...@gehealthcare.com>
---
tools/binman/etype/nxp_imx8mcst.py | 23 +++++++++++++++--------
1 file changed, 15 insertions(+), 8 deletions(-)
diff --git a/tools/binman/etype/nxp_imx8mcst.py
b/tools/binman/etype/nxp_imx8mcst.py
index a7d8db4eec..ff84b751b7 100644
--- a/tools/binman/etype/nxp_imx8mcst.py
+++ b/tools/binman/etype/nxp_imx8mcst.py
@@ -70,23 +70,26 @@ class Entry_nxp_imx8mcst(Entry_mkimage):
def __init__(self, section, etype, node):
super().__init__(section, etype, node)
self.required_props = ['nxp,loader-address']
+ self._cst_key_path = os.getenv('CST_KEY_PATH', None)
+ if self._cst_key_path:
+ tools.set_input_dirs([self._cst_key_path] + tools.indir)
def ReadNode(self):
super().ReadNode()
self.loader_address = fdt_util.GetInt(self._node, 'nxp,loader-address')
- self.srk_table = os.getenv(
+ self._srk_table = os.getenv(
'SRK_TABLE', fdt_util.GetString(self._node, 'nxp,srk-table',
'SRK_1_2_3_4_table.bin'))
self.fast_auth = fdt_util.GetBool(self._node, 'nxp,fast-auth')
if not self.fast_auth:
- self.csf_crt = os.getenv(
+ self._csf_crt = os.getenv(
'CSF_KEY', fdt_util.GetString(self._node, 'nxp,csf-crt',
f'CSF1_1_{KEY_NAME}.pem'))
- self.img_crt = os.getenv(
+ self._img_crt = os.getenv(
'IMG_KEY', fdt_util.GetString(self._node, 'nxp,img-crt',
f'IMG1_1_{KEY_NAME}.pem'))
else:
- self.srk_crt = os.getenv(
+ self._srk_crt = os.getenv(
'SRK_KEY', fdt_util.GetString(self._node, 'nxp,srk-crt',
f'SRK1_{KEY_NAME}.pem'))
@@ -142,15 +145,19 @@ class Entry_nxp_imx8mcst(Entry_mkimage):
config.optionxform = str
# Load configuration template and modify keys of interest
config.read_string(CSF_CONFIG_TEMPLATE)
- config['Install SRK']['File'] = f'"{self.srk_table}"'
+ srk_table = tools.get_input_filename(self._srk_table)
+ config['Install SRK']['File'] = f'"{srk_table}"'
if not self.fast_auth:
+ csf_crt = tools.get_input_filename(self._csf_crt)
+ img_crt = tools.get_input_filename(self._img_crt)
config.remove_section('Install NOCAK')
- config['Install CSFK']['File'] = f'"{self.csf_crt}"'
- config['Install Key']['File'] = f'"{self.img_crt}"'
+ config['Install CSFK']['File'] = f'"{csf_crt}"'
+ config['Install Key']['File'] = f'"{img_crt}"'
else:
+ srk_crt = tools.get_input_filename(self._srk_crt)
config.remove_section('Install CSFK')
config.remove_section('Install Key')
- config['Install NOCAK']['File'] = f'"{self.srk_crt}"'
+ config['Install NOCAK']['File'] = f'"{srk_crt}"'
config['Authenticate Data']['Verification index'] = '0'
config['Authenticate Data']['Blocks'] = \
--
2.39.5
