mbox series

[isar-cip-core,RFC,0/3] Separate swu signing script from key

Message ID 20240909112309.1028531-1-Quirin.Gylstorff@siemens.com (mailing list archive)
Headers show
Series Separate swu signing script from key | expand

Message

Quirin Gylstorff Sept. 9, 2024, 11:21 a.m. UTC
From: Quirin Gylstorff <quirin.gylstorff@siemens.com>

Some downstream projects use Hardware security module(HSM) to sign their
updates. To avoid a error message in case a HSM is used the user needs
override the major parts of the swupdate-certificates-key recipe. To
reduce the integration work in a downstream layer:
- seperate the signing script from the keys
- move the package installation of th scripts out of the swupdate.bbclass.
- update the readme to show this new behaviour

Quirin Gylstorff (3):
  Move signing script to seperate package to better support HSM signing
  Add check for sign-swu executable
  Update README for swupdate signing

 classes/swupdate.bbclass                      |  7 ++++--
 doc/README.swupdate.md                        | 16 ++++++++++--
 recipes-core/images/swupdate.inc              |  5 +++-
 .../swupdate-certificates-key.inc             |  9 +------
 .../files/sign-swu-cms                        |  0
 .../files/sign-swu-rsa                        |  0
 .../swupdate-signer/swupdate-signer_0.1.bb    | 25 +++++++++++++++++++
 7 files changed, 49 insertions(+), 13 deletions(-)
 rename recipes-devtools/{swupdate-certificates => swupdate-signer}/files/sign-swu-cms (100%)
 rename recipes-devtools/{swupdate-certificates => swupdate-signer}/files/sign-swu-rsa (100%)
 create mode 100644 recipes-devtools/swupdate-signer/swupdate-signer_0.1.bb