[{"id":1766824,"web_url":"http://patchwork.ozlabs.org/comment/1766824/","msgid":"<1c33fcc4-95fc-aab2-7553-a65ff580a3a8@denx.de>","list_archive_url":null,"date":"2017-09-12T09:40:31","subject":"Re: [swupdate] [PATCH] building-with-yocto.rst: update signed\n\timages section","submitter":{"id":5771,"url":"http://patchwork.ozlabs.org/api/people/5771/","name":"Stefano Babic","email":"sbabic@denx.de"},"content":"On 07/09/2017 17:23, Maciej Pijanowski wrote:\n> Signed-off-by: Maciej Pijanowski <maciej.pijanowski@3mdeb.com>\n> ---\n>  doc/source/building-with-yocto.rst | 16 ++++++++++++----\n>  1 file changed, 12 insertions(+), 4 deletions(-)\n> \n> diff --git a/doc/source/building-with-yocto.rst b/doc/source/building-with-yocto.rst\n> index 0e0702c710cb..80c1301c8a1f 100644\n> --- a/doc/source/building-with-yocto.rst\n> +++ b/doc/source/building-with-yocto.rst\n> @@ -56,13 +56,21 @@ generating the SWU. The class defines new variables, all of them have the prefix\n>  \n>          SWUPDATE_IMAGES_NOAPPEND_MACHINE[my-image] = \"1\"\n>  \n> -- **SWUPDATE_SIGNING** : if set, the SWU is signed.\n> +- **SWUPDATE_SIGNING** : if set, the SWU is signed. There are 3 allowed values:\n> +  RSA, CMS, CUSTOM. This value determines used signing mechanism.\n>  - **SWUPDATE_SIGN_TOOL** : instead of using openssl, use SWUPDATE_SIGN_TOOL to sign\n> -  the image. A typical use case is together with a hardware key.\n> +  the image. A typical use case is together with a hardware key. It is\n> +  available if SWUPDATE_SIGNING is set to CUSTOM\n>  - **SWUPDATE_PRIVATE_KEY** : this is the file with the private key used to sign the\n> -  image.\n> +  image using RSA mechanism. Is available if SWUPDATE_SIGNING is set to RSA.\n>  - **SWUPDATE_PASSWORD_FILE** : an optional file containing the password for the private\n> -  key.\n> +  key. It is available if SWUPDATE_SIGNING is set to RSA.\n> +- **SWUPDATE_CMS_KEY** : this is the file with the private key used in signing\n> +  process using CMS mechanism. It is available if SWUPDATE_SIGNING is set to\n> +  CMS.\n> +- **SWUPDATE_CMS_CERT** : this is the file with the certificate used in signing\n> +  process using using CMS method. It is available if SWUPDATE_SIGNING is\n> +  set to CMS.\n>  \n>  Automatic sha256 in sw-description\n>  ----------------------------------\n> \n\nApplied to master, thanks !\n\nBest regards,\nStefano Babic","headers":{"Return-Path":"<swupdate+bncBAABBFOX33GQKGQEUWO2XWY@googlegroups.com>","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@bilbo.ozlabs.org","Authentication-Results":["ozlabs.org;\n\tspf=pass (mailfrom) smtp.mailfrom=googlegroups.com\n\t(client-ip=2a00:1450:4010:c07::23f;\n\thelo=mail-lf0-x23f.google.com;\n\tenvelope-from=swupdate+bncbaabbfox33gqkgqeuwo2xwy@googlegroups.com;\n\treceiver=<UNKNOWN>)","ozlabs.org; dkim=pass (2048-bit key;\n\tunprotected) header.d=googlegroups.com header.i=@googlegroups.com\n\theader.b=\"TqWsr2R6\"; dkim-atps=neutral"],"Received":["from mail-lf0-x23f.google.com (mail-lf0-x23f.google.com\n\t[IPv6:2a00:1450:4010:c07::23f])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128\n\tbits)) (No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3xs0CY0YWZz9s82\n\tfor <incoming@patchwork.ozlabs.org>;\n\tTue, 12 Sep 2017 19:40:39 +1000 (AEST)","by mail-lf0-x23f.google.com with SMTP id h74sf288317lfl.5\n\tfor <incoming@patchwork.ozlabs.org>;\n\tTue, 12 Sep 2017 02:40:39 -0700 (PDT)","by 10.46.16.8 with SMTP id j8ls68343lje.16.gmail; Tue, 12 Sep 2017\n\t02:40:36 -0700 (PDT)","from mail-out.m-online.net (mail-out.m-online.net. [212.18.0.10])\n\tby gmr-mx.google.com with ESMTPS id\n\te135si691987wmg.6.2017.09.12.02.40.36\n\tfor <swupdate@googlegroups.com>\n\t(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);\n\tTue, 12 Sep 2017 02:40:36 -0700 (PDT)","from frontend03.mail.m-online.net (unknown [192.168.6.182])\n\tby mail-out.m-online.net (Postfix) with ESMTP id 3xs0CS1w8lz1qvn5;\n\tTue, 12 Sep 2017 11:40:36 +0200 (CEST)","from localhost (dynscan3.mnet-online.de [192.168.6.84])\n\tby mail.m-online.net (Postfix) with ESMTP id 3xs0CS1Htqz1qsQJ;\n\tTue, 12 Sep 2017 11:40:36 +0200 (CEST)","from mail.mnet-online.de ([192.168.8.182])\n\tby localhost (dynscan3.mail.m-online.net [192.168.6.84]) (amavisd-new,\n\tport 10024)\n\twith ESMTP id rqV6dzniVrsE; Tue, 12 Sep 2017 11:40:35 +0200 (CEST)","from babic.homelinux.org\n\t(host-88-217-136-221.customer.m-online.net [88.217.136.221])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256\n\tbits)) (No client certificate requested)\n\tby mail.mnet-online.de (Postfix) with ESMTPS;\n\tTue, 12 Sep 2017 11:40:35 +0200 (CEST)","from localhost (mail.babic.homelinux.org [127.0.0.1])\n\tby babic.homelinux.org (Postfix) with ESMTP id CCF0245405CE;\n\tTue, 12 Sep 2017 11:40:34 +0200 (CEST)","from babic.homelinux.org ([127.0.0.1])\n\tby localhost (mail.babic.homelinux.org [127.0.0.1]) (amavisd-new,\n\tport 10024)\n\twith ESMTP id 3CtlUKumsHkF; Tue, 12 Sep 2017 11:40:32 +0200 (CEST)","from [192.168.178.132] (papero.fritz.box [192.168.178.132])\n\tby babic.homelinux.org (Postfix) with ESMTP id CB41B45405CD;\n\tTue, 12 Sep 2017 11:40:31 +0200 (CEST)"],"ARC-Seal":["i=2; a=rsa-sha256; t=1505209237; cv=pass;\n\td=google.com; s=arc-20160816;\n\tb=C/ZR9nmJ7nTEjKMl/EH4hnGRKo+0JW9x28wAbc0wq2Lmmg1wBvWIo0x4/WK6ucRr2m\n\tRfPRDvrgxrj3Pxnaa+TTMrY07mab/P79HEz/Br2D6Qi6Zap3Oy2xEE06MkkTfACXO0YR\n\tMAfC3GUztb+ZrNnPMWJqP7EtpF6WTmIBc1UmSccPPwrGGGwGg4y3psUefpgGXQW2qGyP\n\tXaqZzh5DzG5nbbPaYsvBpbBPMgayvVH0DYcFfMf2flcAXnArBGu7Qy/bn0T1Q2YzHFRv\n\tybQcZHCDbBFZx6q0bzM6421Axv48VGHejJlUoH7v9aioJuXRkojl0xMF/tdVUGpfTNQR\n\tlwYQ==","i=1; a=rsa-sha256; t=1505209236; cv=none;\n\td=google.com; s=arc-20160816;\n\tb=bqRBEQguIriT2ZJ6qDyhBjAtR3AZ2HrQGzrp+10cWM9ipX7UCkBhI4goem6KGNyDSB\n\tBeIbgi8Qe3q+9oizDrX876ZZX9XkT0R55bhEv0OpwWKBvO2j9LLBtyDQs2Ly5/fRSFmq\n\toWmzy27NKGZe0MdPGSqtQSChiyQcZSln40W01zeWwVnhEOPFVaXDwyu26r1pTJ8bFzVK\n\taiEs4hckFSHqNX0CB4YD4FvKUgqvSNDM8f03fj3GEcco8MvFTr/vlFYCEFilmOW9kkHs\n\tWgNuUdc9w6H87TujjXIakk3q0r19AKg7lhc8bNDmrtrZRBXPmz1zF7dprDKYbDWGc90Z\n\tvyAA=="],"ARC-Message-Signature":["i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;\n\ts=arc-20160816; \n\th=list-unsubscribe:list-subscribe:list-archive:list-help:list-post\n\t:list-id:mailing-list:precedence:content-language:in-reply-to\n\t:mime-version:user-agent:date:message-id:from:references:cc:to\n\t:subject:arc-authentication-results:arc-message-signature:sender\n\t:dkim-signature:arc-authentication-results;\n\tbh=UpAqkrC7ao5CN+aqDAS/drqj8WGgv4NEmHnyNkrL6xw=;\n\tb=hBktugxRZw1EggHhhiLB+Jn0KIhtjuUZ8dWffuYjoX5EzkY/CjzhBRY7YWMvTDGlU7\n\tMl2Ng16+92X7xADDrYeAxf19Eyazju9J1KqOtWFID5leAx9JJNe6FGswpy2GO9smY/nH\n\t8omOXDnpzCkvNiEzfeQ1eCY4muwlcYnQ1oUwVdDXOJ/xxeSipDMMHUb6/GkWKnBnMK0b\n\tzRpneIg9EICCSZVFELkiJqbLDnTtSPp0H3mXfL+a4gHykBlILgA9o6Tzklpb92eRCXTz\n\t7TwqBTsXcbd3cAyolsVHzkL+ErN5dR86CYXAglgORKgvYYVmal+xh8YurbMfE7+s5Ndr\n\tGwvA==","i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;\n\ts=arc-20160816; \n\th=content-transfer-encoding:content-language:in-reply-to:mime-version\n\t:user-agent:date:message-id:from:references:cc:to:subject\n\t:arc-authentication-results;\n\tbh=okUcUu38bqOAdvpd/KX+lv48JD2dq/sv7ajEniVA0a0=;\n\tb=h9n0th5CgPlVLX5KFm3t7sWznqvydAEh8rGHIJT3acoNMraBn3o/f1vEsDR6l/MfhF\n\t/qzZEyxejD3Uhdsz/91snsyOcDBmp5+MHyDGyMuJ4bR6VZAL9UovqJe5HL3L7AJLHjgD\n\tNZ1ucPV0hdEcO+FvHFLEvWFZlyKUJxkkwlrZFk5Uk2PElqZDT7vatVMB7AYdwCWDW5/H\n\t/Gtz1z8qR3ZyuKnbXhgr97MmNncr1/i5EyF8Llt6k1n5GBmMO0Ms+q9Va72RK9fbVRWE\n\t+hwkBTfrBvh/4jyguTSm+jcvp126pQx5rAIaxBx0rWl8UOGDmUx4uT+uZ6yL5jLdy6bb\n\tlk1Q=="],"ARC-Authentication-Results":["i=2; gmr-mx.google.com;\n\tspf=neutral (google.com: 212.18.0.10 is neither permitted nor denied\n\tby best guess record for domain of sbabic@denx.de)\n\tsmtp.mailfrom=sbabic@denx.de","i=1; gmr-mx.google.com;\n\tspf=neutral (google.com: 212.18.0.10 is neither permitted nor denied\n\tby best guess record for domain of sbabic@denx.de)\n\tsmtp.mailfrom=sbabic@denx.de"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=googlegroups.com; s=20161025;\n\th=sender:subject:to:cc:references:from:message-id:date:user-agent\n\t:mime-version:in-reply-to:content-language:x-original-sender\n\t:x-original-authentication-results:precedence:mailing-list:list-id\n\t:list-post:list-help:list-archive:list-subscribe:list-unsubscribe;\n\tbh=UpAqkrC7ao5CN+aqDAS/drqj8WGgv4NEmHnyNkrL6xw=;\n\tb=TqWsr2R6zH0dtH9Wv1LhmZoQJoBwXra8SD+COySdZWfXOPzPrI3yWagjYeaBF2VBaa\n\tCErnqrnvl2ssttRlTcmq7CVE4YEqqYTAQePiJ8/MwZjmNLHu44KX0VjjKL68lQjtsnnM\n\thOqjJn5B5mCLzYs2Tt0bcyEwOlTEpjXVt8szaIA0yzEPD6isOOV63FPLvxJw6qlaAI19\n\tGO/qOpcUvJy/cttpaYJ3QAC4iSY1kpIpegH7M5duTIoOI0sEWusSoOxYPci8+z4MfVs3\n\tf6+wC10wwfeXsOhQIN0lRvp8bWzkQUEVnFwa5KWW0xAORR520bw8PIRZUTUggbY17VIp\n\tBLMw==","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=1e100.net; s=20161025;\n\th=sender:x-gm-message-state:subject:to:cc:references:from:message-id\n\t:date:user-agent:mime-version:in-reply-to:content-language\n\t:x-original-sender:x-original-authentication-results:precedence\n\t:mailing-list:list-id:x-spam-checked-in-group:list-post:list-help\n\t:list-archive:list-subscribe:list-unsubscribe;\n\tbh=UpAqkrC7ao5CN+aqDAS/drqj8WGgv4NEmHnyNkrL6xw=;\n\tb=lrK4Vk0CWZ9xIi7J48llHC4zMpq09uQs0638Wr6VBjqnQCsMczkViPyGjMkmoQB2Mo\n\tD6zRuriBYQ8kZsmkYDwwA0312YFFZ8OUYbzC6prMjKHCWWx+JCxFwxoicG4f5FOWrKOa\n\t3papJe5kPQznKU+dcsfXhkrZFpF6cXbRdz+0/oAJlRY/q9MZ7YJ5R908t2kmhCPDZ+b/\n\tF5D7nfi8zaIRoF7vZv02CxEUJeSHo/K8M45IU02ZmTsNwNZyKxW5Q0JVY0YSUSPKjXNY\n\tn7PA4Ae0hSbShWi+BeojHS9lycgggCGm8EoYZ3TqzHh3nlG+WrqLagQHbP45prv1imaO\n\t1Jww==","Sender":"swupdate@googlegroups.com","X-Gm-Message-State":"AHPjjUhj6DMmNvbQ98dcV+N3DeIHenPceKdALS8QnoFPG/qoZcjNZEyx\n\t+Ih0Iyj42nxnTQ==","X-Google-Smtp-Source":"AOwi7QBpjL7mKULcj/Qu3xlSOYW6v5uDR4+u/H//QTJiJDX/D9hNRi7Q0rDAO1IBqQobCvAVRDV8aw==","X-Received":["by 10.25.163.80 with SMTP id m77mr20620lfe.26.1505209237084;\n\tTue, 12 Sep 2017 02:40:37 -0700 (PDT)","by 10.25.229.18 with SMTP id c18mr1110860lfh.1.1505209236558;\n\tTue, 12 Sep 2017 02:40:36 -0700 (PDT)"],"X-BeenThere":"swupdate@googlegroups.com","Received-SPF":"neutral (google.com: 212.18.0.10 is neither permitted nor\n\tdenied by best guess record for domain of sbabic@denx.de)\n\tclient-ip=212.18.0.10; ","X-Virus-Scanned":["amavisd-new at mnet-online.de","Debian amavisd-new at babic.homelinux.org"],"Subject":"Re: [swupdate] [PATCH] building-with-yocto.rst: update signed\n\timages section","To":"Maciej Pijanowski <maciej.pijanowski@3mdeb.com>,\n\tswupdate@googlegroups.com","Cc":"piotr.krol@3mdeb.com","References":"<1504797794-31605-1-git-send-email-maciej.pijanowski@3mdeb.com>","From":"Stefano Babic <sbabic@denx.de>","Message-ID":"<1c33fcc4-95fc-aab2-7553-a65ff580a3a8@denx.de>","Date":"Tue, 12 Sep 2017 11:40:31 +0200","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101\n\tThunderbird/52.2.1","MIME-Version":"1.0","In-Reply-To":"<1504797794-31605-1-git-send-email-maciej.pijanowski@3mdeb.com>","Content-Type":"text/plain; charset=\"UTF-8\"","Content-Language":"de-DE","X-Original-Sender":"sbabic@denx.de","X-Original-Authentication-Results":"gmr-mx.google.com;       spf=neutral\n\t(google.com: 212.18.0.10 is neither permitted nor denied by best\n\tguess record\n\tfor domain of sbabic@denx.de) smtp.mailfrom=sbabic@denx.de","Precedence":"list","Mailing-list":"list swupdate@googlegroups.com;\n\tcontact swupdate+owners@googlegroups.com","List-ID":"<swupdate.googlegroups.com>","X-Spam-Checked-In-Group":"swupdate@googlegroups.com","X-Google-Group-Id":"605343134186","List-Post":"<https://groups.google.com/group/swupdate/post>,\n\t<mailto:swupdate@googlegroups.com>","List-Help":"<https://groups.google.com/support/>,\n\t<mailto:swupdate+help@googlegroups.com>","List-Archive":"<https://groups.google.com/group/swupdate","List-Subscribe":"<https://groups.google.com/group/swupdate/subscribe>,\n\t<mailto:swupdate+subscribe@googlegroups.com>","List-Unsubscribe":"<mailto:googlegroups-manage+605343134186+unsubscribe@googlegroups.com>,\n\t<https://groups.google.com/group/swupdate/subscribe>"}}]