@@ -103,6 +103,9 @@ static struct option long_options[] = {
#endif
#ifdef CONFIG_ENCRYPTED_IMAGES
{"key-aes", required_argument, NULL, 'K'},
+#ifdef CONFIG_ASYM_ENCRYPTED_SW_DESCRIPTION
+ {"asym-decryption-keypair", required_argument, NULL, 'a'},
+#endif
#endif
{"loglevel", required_argument, NULL, 'l'},
{"max-version", required_argument, NULL, '3'},
@@ -165,6 +168,10 @@ static void usage(char *programname)
#ifdef CONFIG_ENCRYPTED_IMAGES
" -K, --key-aes <key file> : the file contains the symmetric key to be used\n"
" to decrypt images\n"
+#ifdef CONFIG_ASYM_ENCRYPTED_SW_DESCRIPTION
+ " -a, --asym-decryption-keypair\n"
+ " <key pair file> : path to the asym decryption key pair (PEM)\n"
+#endif
#endif
" -n, --dry-run : run SWUpdate without installing the software\n"
" -N, --no-downgrading <version> : not install a release older as <version>\n"
@@ -312,6 +319,10 @@ static int read_globals_settings(void *elem, void *data)
"ca-path", sw->publickeyfname);
GET_FIELD_STRING(LIBCFG_PARSER, elem,
"aes-key-file", sw->aeskeyfname);
+#ifdef CONFIG_ASYM_ENCRYPTED_SW_DESCRIPTION
+ GET_FIELD_STRING(LIBCFG_PARSER, elem,
+ "asym-decryption-keypair", sw->asym_decryption_keypair_fname);
+#endif
GET_FIELD_STRING(LIBCFG_PARSER, elem,
"mtd-blacklist", sw->mtdblacklist);
GET_FIELD_STRING(LIBCFG_PARSER, elem,
@@ -499,6 +510,9 @@ int main(int argc, char **argv)
#endif
#ifdef CONFIG_ENCRYPTED_IMAGES
strcat(main_options, "K:");
+#ifdef CONFIG_ASYM_ENCRYPTED_SW_DESCRIPTION
+ strcat(main_options, "a:");
+#endif
#endif
memset(fname, 0, sizeof(fname));
@@ -662,6 +676,13 @@ int main(int argc, char **argv)
optarg,
sizeof(swcfg.aeskeyfname));
break;
+#ifdef CONFIG_ASYM_ENCRYPTED_SW_DESCRIPTION
+ case 'a':
+ strlcpy(swcfg.asym_decryption_keypair_fname,
+ optarg,
+ sizeof(swcfg.asym_decryption_keypair_fname));
+ break;
+#endif
#endif
case 'N':
swcfg.no_downgrading = true;
@@ -854,6 +875,20 @@ int main(int argc, char **argv)
}
}
+#ifdef CONFIG_ASYM_ENCRYPTED_SW_DESCRIPTION
+ if (strlen(swcfg.asym_decryption_keypair_fname)) {
+ if (swupdate_dgst_add_asym_keypair(&swcfg, swcfg.asym_decryption_keypair_fname)) {
+ fprintf(stderr,
+ "Error: Asym decryption key pair cannot be initialized.\n");
+ exit(EXIT_FAILURE);
+ }
+ } else {
+ fprintf(stderr,
+ "Error: SWUpdate is built for asym encrypted images, provide a decryption key pair.\n");
+ exit(EXIT_FAILURE);
+ }
+#endif
+
lua_handlers_init();
if(!get_hw_revision(&swcfg.hw))
@@ -25,6 +25,9 @@
# aes-key-file : string
# file containing the symmetric key for
# image decryption
+# asym-decryption-keypair : string
+# file containing the key pair (private key and cert) in PEM for
+# asymmetric image decryption
# preupdatecmd : string
# command to be executed right before the update
# is installed
@@ -57,6 +57,7 @@ struct swupdate_cfg {
char output[SWUPDATE_GENERAL_STRING_SIZE];
char publickeyfname[SWUPDATE_GENERAL_STRING_SIZE];
char aeskeyfname[SWUPDATE_GENERAL_STRING_SIZE];
+ char asym_decryption_keypair_fname[SWUPDATE_GENERAL_STRING_SIZE];
char postupdatecmd[SWUPDATE_GENERAL_STRING_SIZE];
char preupdatecmd[SWUPDATE_GENERAL_STRING_SIZE];
char minimum_version[SWUPDATE_GENERAL_STRING_SIZE];
Add asymmetric decryption key pair fname to swupdate_cfg. Read and initialize the asym decryption key pair from argument -a or configuration file. Signed-off-by: Michael Glembotzki <Michael.Glembotzki@iris-sensing.com> --- core/swupdate.c | 35 +++++++++++++++++++++++++++++ examples/configuration/swupdate.cfg | 3 +++ include/swupdate.h | 1 + 3 files changed, 39 insertions(+)