| Message ID | 20190402145506.31982-1-sbabic@denx.de |
|---|---|
| State | Accepted |
| Headers | show |
| Series | doc: add documentation for encrypted images | expand |
On Wednesday, 3 April 2019 01:55:12 UTC+11, Stefano Babic wrote: > Signed-off-by: Stefano Babic <sbabic@denx.de> > --- > doc/source/building-with-yocto.rst | 16 ++++++++++++++++ > 1 file changed, 16 insertions(+) > > diff --git a/doc/source/building-with-yocto.rst b/doc/source/building-with-yocto.rst > index b7a9f82..0171bfb 100644 > --- a/doc/source/building-with-yocto.rst > +++ b/doc/source/building-with-yocto.rst > @@ -126,6 +126,22 @@ generating the SWU. The class defines new variables, all of them have the prefix > process using using CMS method. It is available if SWUPDATE_SIGNING is > set to CMS. > > +- **SWUPDATE_AES_FILE** : this is the file with the AES password to encrypt artifact. A new `fstype` is > + supported by the class (type: `enc`). SWUPDATE_AES_FILE is generated as output from openssl to create > + a new key with > + > + :: > + > + openssl enc -aes-256-cbc -k <PASSPHRASE> -P -md sha1 > $SWUPDATE_AES_FILE > + > + To use it, it is enough to add IMAGE_FSTYPES += "enc" to the artifact. SWUpdate supports decryption of > + compressed artifact, such as > + > + :: > + > + IMAGE_FSTYPES += ".ext4.gz.enc" > + > + > Automatic sha256 in sw-description > ---------------------------------- > > -- > 2.17.1 Acked-by: Austin Phillips <austin.phillips@planetinnovation.com.au> Regards, Austin
diff --git a/doc/source/building-with-yocto.rst b/doc/source/building-with-yocto.rst index b7a9f82..0171bfb 100644 --- a/doc/source/building-with-yocto.rst +++ b/doc/source/building-with-yocto.rst @@ -126,6 +126,22 @@ generating the SWU. The class defines new variables, all of them have the prefix process using using CMS method. It is available if SWUPDATE_SIGNING is set to CMS. +- **SWUPDATE_AES_FILE** : this is the file with the AES password to encrypt artifact. A new `fstype` is + supported by the class (type: `enc`). SWUPDATE_AES_FILE is generated as output from openssl to create + a new key with + + :: + + openssl enc -aes-256-cbc -k <PASSPHRASE> -P -md sha1 > $SWUPDATE_AES_FILE + + To use it, it is enough to add IMAGE_FSTYPES += "enc" to the artifact. SWUpdate supports decryption of + compressed artifact, such as + + :: + + IMAGE_FSTYPES += ".ext4.gz.enc" + + Automatic sha256 in sw-description ----------------------------------
Signed-off-by: Stefano Babic <sbabic@denx.de> --- doc/source/building-with-yocto.rst | 16 ++++++++++++++++ 1 file changed, 16 insertions(+)