Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for signing with an external program #312

Merged
merged 2 commits into from
Jun 26, 2024
Merged

Add support for signing with an external program #312

merged 2 commits into from
Jun 26, 2024

Conversation

chenxiaolong
Copy link
Owner

By default, the helper program is invoked in a way that is compatible with avbtool's --signing_helper. However, the arguments have been extended slightly to allow passing in the passphrase file or environment variable for non-interactive use.

Fixes: #310

@chenxiaolong chenxiaolong self-assigned this Jun 25, 2024
@chenxiaolong chenxiaolong mentioned this pull request Jun 25, 2024
Closed
szescxz
szescxz reviewed Jun 25, 2024
View reviewed changes
avbroot/src/crypto.rs Outdated Show resolved Hide resolved
avbroot/src/crypto.rs Show resolved Hide resolved
@szescxz
Copy link

szescxz commented Jun 25, 2024
edited
Loading

Also one more suggestion: avbroot key extract-avb is limited to private keys (--key) and certificates (--cert). You might want to extend this to public keys as well, otherwise users will have to generate a certificate just for generating the AVB public key.

@chenxiaolong
Copy link
Owner Author

Thanks for catching the two issues. I've fixed them and also updated the e2e tests to test and validate this new functionality.

@chenxiaolong
Copy link
Owner Author

chenxiaolong commented Jun 26, 2024
edited
Loading

Hmm, the padding I'm adding does not match what avbtool does. Looking into it now.

EDIT: Found the issue, I'm an idiot. Fixing it now.

chenxiaolong added a commit that referenced this pull request Jun 26, 2024
@chenxiaolong
cli/avb: Add --public-key option for extract-avb subcommand
abdbd6f 
Issue: #312

Signed-off-by: Andrew Gunnerson <[email protected]>
chenxiaolong added a commit that referenced this pull request Jun 26, 2024
@chenxiaolong
cli/avb: Add --public-key option for extract-avb subcommand
672bccc 
Issue: #312

Signed-off-by: Andrew Gunnerson <[email protected]>
@chenxiaolong
Copy link
Owner Author

The padding has been fixed and I've added a new --public-key option to avbroot key extract-avb.

szescxz
szescxz approved these changes Jun 26, 2024
View reviewed changes
Copy link

@szescxz szescxz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM for now, tested on an actual device and seems to be working (at least for the AVB part)

@chenxiaolong
Add support for signing with an external program
4a1dab4 
By default, the helper program is invoked in a way that is compatible
with avbtool's --signing_helper. However, the arguments have been
extended slightly to allow passing in the passphrase file or environment
variable for non-interactive use.

Fixes: #310

Signed-off-by: Andrew Gunnerson <[email protected]>
@chenxiaolong
cli/avb: Add --public-key option for extract-avb subcommand
031ac8a 
Issue: #312

Signed-off-by: Andrew Gunnerson <[email protected]>
@chenxiaolong
Copy link
Owner Author

Thanks for reviewing and testing! I made one final minor change to the README to improve the wording. I'll merge this once the CI builds complete.

chenxiaolong added a commit that referenced this pull request Jun 26, 2024
@chenxiaolong
CHANGELOG.md: Add entry for PR #312
fc05cb9 
Signed-off-by: Andrew Gunnerson <[email protected]>
@chenxiaolong chenxiaolong merged commit 031ac8a into master Jun 26, 2024
5 checks passed
@chenxiaolong chenxiaolong deleted the signing-helper branch June 26, 2024 23:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@szescxz szescxz szescxz approved these changes

Assignees

@chenxiaolong chenxiaolong

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Feature Request: signing_helper-like support?
2 participants
@chenxiaolong @szescxz