From patchwork Tue Apr 2 14:55:06 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefano Babic X-Patchwork-Id: 1074530 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=googlegroups.com (client-ip=2a00:1450:4864:20::438; helo=mail-wr1-x438.google.com; envelope-from=swupdate+bncbcxploxj6ikrbuhprxsqkgqe4lva25y@googlegroups.com; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=denx.de Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=googlegroups.com header.i=@googlegroups.com header.b="tCRtaQc0"; dkim-atps=neutral Received: from mail-wr1-x438.google.com (mail-wr1-x438.google.com [IPv6:2a00:1450:4864:20::438]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 44YXLt5vstz9sTF for ; Wed, 3 Apr 2019 01:55:18 +1100 (AEDT) Received: by mail-wr1-x438.google.com with SMTP id t10sf10944187wrp.3 for ; Tue, 02 Apr 2019 07:55:18 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1554216912; cv=pass; d=google.com; s=arc-20160816; b=W12MdWA/bZglzn0txCxqcVJm7lBnyvBsbfcYvocqiix2bEijPDzcSZr/iuRHRI+7pY wMTP1vWVSbc6doccSkKYJuFImhZqBO4ONmccDbcz/2EzwckIMt28It4KQ5aUsErZc1Hz ARud0GVUiJY8lrhnnH5C/AwnhBBZTHgETxACXYAy4K+S6SPfW7MWPvBMi0BsrC25BwEg qBgiaAPDeS9ofiAV1hWSDKJfgwuWpDJDU6sMUbov5Z/INouMZ4LkMEDeY5+l00L7ivtb jRns4qsgiWDck38z/NMWIAlIi4ft49p658r0evXTCYrbBGBUF+SUnoVaEnzqiBHprkf9 BiZA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:message-id:date:subject:cc:to:from :mime-version:sender:dkim-signature; bh=bSWwksNC/ToJ3Mc/mq7R2EehE5CEeKaCCbDvUy/+Dy4=; b=Taa1YXDqNa6FtaN0/2zufg+2HYFHmkLbrZF7hrB3WovFIns/AQ8J55xX6BjBY4zLvf oPUGEXteR6AveUpLo1Uy2uUV4ObI0NuMq2dLQxemsbEKeeCPxZrc3Lf8y2SMEZxHNCpz L0WLhinutFFJJCMZtsM+ForsXmkJa8Ni5rVjF+2lfkmPWZwjtAcmc2LxzwW+NlE7sfTj DdVTOQw52wwdp4g8EScsAd8xXZFD2x6E8TALWlzyG8EP0YL3ftD4ZhgztRzId+GJ3bGO 7Kbv977h7zNcjiQxFPh4xoW34l79ZvudOOejc4zfVF3h+YpCiBEyiG0tvvUiasNKtIiH LkCA== ARC-Authentication-Results: i=2; gmr-mx.google.com; spf=neutral (google.com: 212.18.0.9 is neither permitted nor denied by best guess record for domain of sbabic@denx.de) smtp.mailfrom=sbabic@denx.de DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20161025; h=sender:mime-version:from:to:cc:subject:date:message-id :x-original-sender:x-original-authentication-results:precedence :mailing-list:list-id:list-post:list-help:list-archive :list-subscribe:list-unsubscribe; bh=bSWwksNC/ToJ3Mc/mq7R2EehE5CEeKaCCbDvUy/+Dy4=; b=tCRtaQc05yLkn2oX3N5h/c9HEhyRHA3UQ3FMDtfUS4kMZPdvL8XDn/7qKmyAkfxLaL IxpmuHWNyINES/eSvvz2WVoKpdRXUr18d7Ct4QYFS5lJLH5z55THZcmScSzRy6NzBUWX SbLlRZ/5KoIztAtEdh1iqrZgoNEolQ2o6p6cjWh4CJmuQlnZAE4k/HCUmHRCbN0w7I3e LDhVAvRR6q/I0oYdbIrHKxp/R86Nwwu9tVxJJ0pY7GCsBwQAKgXm66+/dJPZfH2CnUv8 Oqig93szKfkU3t93XE3baw1I7YMvJleWC+9rA09mpFDitnyLaj9zscK64jPSzOG1vyeL 31IA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=sender:x-gm-message-state:mime-version:from:to:cc:subject:date :message-id:x-original-sender:x-original-authentication-results :precedence:mailing-list:list-id:x-spam-checked-in-group:list-post :list-help:list-archive:list-subscribe:list-unsubscribe; bh=bSWwksNC/ToJ3Mc/mq7R2EehE5CEeKaCCbDvUy/+Dy4=; b=gLZHMzKbLRmU/up89mgEqGPNf6JCUseDif/dFhfRWyz1T7haj2thinTA6QsXTQcRk6 11mtHG112yElmWNqQ6IG9xojWsf6iwfM78lie///D+CZv89VeYyQyRQshCNSO5HDw/yR gR5RFxR/V8ODXXF5yVW0cJrpM6wgXVjkg2HyU24MdX++Yr+MoDJ+NTmLYqZNcdf06qtD pnva3KACKTniac/y9jsVySdwrkzB/DmCDMuMrfXSAcVXz1bfibyKuZehiX/zmwMsO/ku WikblQqwmy4UxCNhSyV+GZPZfNUM/IxR0kTt75SUZlgXoEtcOuPAslSmmSGZo94S4IHL UQFg== Sender: swupdate@googlegroups.com X-Gm-Message-State: APjAAAVGYM724F6L9p9alODFrTTtUDNOs1MOnnXgbxZ14QHVg4fg4vVx aWGSHA3v8O3l6YRLw7m91L4= X-Google-Smtp-Source: APXvYqx+4jkohqmGXyRhK3Jd1wN6WKY1/ZGrLYeJbfxMwQOGozUZ8ERVUHbhuYfGyY2uuaCCAu1oow== X-Received: by 2002:a5d:4087:: with SMTP id o7mr35606606wrp.9.1554216912412; Tue, 02 Apr 2019 07:55:12 -0700 (PDT) MIME-Version: 1.0 X-BeenThere: swupdate@googlegroups.com Received: by 2002:a1c:f310:: with SMTP id q16ls418607wmq.3.gmail; Tue, 02 Apr 2019 07:55:11 -0700 (PDT) X-Received: by 2002:a1c:a98f:: with SMTP id s137mr1648393wme.14.1554216911619; Tue, 02 Apr 2019 07:55:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1554216911; cv=none; d=google.com; s=arc-20160816; b=SokKjFn+ex+FaUrJscMxy2cYCI4GawUiuKaZGXJ45tpl6GFZ/xKDNYaS6pqGUPfzQz MpImneuoayw0WG7+Yg1dCFb6GjuPkhDY/Ql0X0RlrtDwEZ5Mi0jWDq4OQIVCiU5DMtwe r6+V/dojtvyLDvM01c/idzgJhAy5zBB7F+tTGPqyU9PxC62LrANXZBjSUUKDF+2PpQV9 WvxgThc8yK3iThVQuS4u6gJiTTB2w12GpgDy/Mzqz7NxuYctwUERYPGd8Wxz22k4J6Zl +ZNLDeccm+Hcbig3IWg7AETAsbGYfN7sWFF/2pxXVMofTlJVSz5OoRpNXudONa540c9P itwA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=message-id:date:subject:cc:to:from; bh=Qw2wVWse2hquQRKRq10BP0aBG1kUDEtjNr8VrW11rZ4=; b=IPdiSWG7C6wg9qS1KBK7oB518gL1Txhs35n0+qUOGewJy4Zd/mnLBKCoXTiSa7lydg cxYtSXlwRaSBOnfVsAeEOGZgbmrYQr+xPfLi7Ks8u25NSf6VkKbGq52hhldtBzPVo90k WGVGGjck1Y5uW02RiEcmVpvp2lleYYOK+az01JVAn4nO35lYLEulfv0tfd58l4QS5QYo KZmBZ50cw0DjGAjjwD1kxsHUs1aH6TmH5gxmIHbS26VRhvVF40RIuOybiSEDWah6R0xb yurrLBcifkzuS0V5NMlHtgMNTkNX3mww1VjdkTBvSJR+TiTXifFEh8VgJY/+dhCgjCzL iJIw== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=neutral (google.com: 212.18.0.9 is neither permitted nor denied by best guess record for domain of sbabic@denx.de) smtp.mailfrom=sbabic@denx.de Received: from mail-out.m-online.net (mail-out.m-online.net. [212.18.0.9]) by gmr-mx.google.com with ESMTPS id p14si525117wmh.2.2019.04.02.07.55.11 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 02 Apr 2019 07:55:11 -0700 (PDT) Received-SPF: neutral (google.com: 212.18.0.9 is neither permitted nor denied by best guess record for domain of sbabic@denx.de) client-ip=212.18.0.9; Received: from frontend01.mail.m-online.net (unknown [192.168.8.182]) by mail-out.m-online.net (Postfix) with ESMTP id 44YXLl3FL4z1rJCg; Tue, 2 Apr 2019 16:55:11 +0200 (CEST) Received: from localhost (dynscan1.mnet-online.de [192.168.6.70]) by mail.m-online.net (Postfix) with ESMTP id 44YXLl30rTz1qvXH; Tue, 2 Apr 2019 16:55:11 +0200 (CEST) X-Virus-Scanned: amavisd-new at mnet-online.de Received: from mail.mnet-online.de ([192.168.8.182]) by localhost (dynscan1.mail.m-online.net [192.168.6.70]) (amavisd-new, port 10024) with ESMTP id UpVte-R-YX5q; Tue, 2 Apr 2019 16:55:10 +0200 (CEST) Received: from babic.homelinux.org (host-88-217-136-221.customer.m-online.net [88.217.136.221]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.mnet-online.de (Postfix) with ESMTPS; Tue, 2 Apr 2019 16:55:10 +0200 (CEST) Received: from localhost (mail.babic.homelinux.org [127.0.0.1]) by babic.homelinux.org (Postfix) with ESMTP id 0516345403E5; Tue, 2 Apr 2019 16:55:10 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at babic.homelinux.org Received: from babic.homelinux.org ([127.0.0.1]) by localhost (mail.babic.homelinux.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GpIeCt0c1F30; Tue, 2 Apr 2019 16:55:07 +0200 (CEST) Received: from papero.fritz.box (papero.fritz.box [192.168.178.132]) by babic.homelinux.org (Postfix) with ESMTP id 785B64540325; Tue, 2 Apr 2019 16:55:07 +0200 (CEST) From: Stefano Babic To: swupdate@googlegroups.com Cc: Stefano Babic Subject: [swupdate] [PATCH] doc: add documentation for encrypted images Date: Tue, 2 Apr 2019 16:55:06 +0200 Message-Id: <20190402145506.31982-1-sbabic@denx.de> X-Mailer: git-send-email 2.17.1 X-Original-Sender: sbabic@denx.de X-Original-Authentication-Results: gmr-mx.google.com; spf=neutral (google.com: 212.18.0.9 is neither permitted nor denied by best guess record for domain of sbabic@denx.de) smtp.mailfrom=sbabic@denx.de Precedence: list Mailing-list: list swupdate@googlegroups.com; contact swupdate+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: swupdate@googlegroups.com X-Google-Group-Id: 605343134186 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , Signed-off-by: Stefano Babic Acked-by: Austin Phillips --- doc/source/building-with-yocto.rst | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/doc/source/building-with-yocto.rst b/doc/source/building-with-yocto.rst index b7a9f82..0171bfb 100644 --- a/doc/source/building-with-yocto.rst +++ b/doc/source/building-with-yocto.rst @@ -126,6 +126,22 @@ generating the SWU. The class defines new variables, all of them have the prefix process using using CMS method. It is available if SWUPDATE_SIGNING is set to CMS. +- **SWUPDATE_AES_FILE** : this is the file with the AES password to encrypt artifact. A new `fstype` is + supported by the class (type: `enc`). SWUPDATE_AES_FILE is generated as output from openssl to create + a new key with + + :: + + openssl enc -aes-256-cbc -k -P -md sha1 > $SWUPDATE_AES_FILE + + To use it, it is enough to add IMAGE_FSTYPES += "enc" to the artifact. SWUpdate supports decryption of + compressed artifact, such as + + :: + + IMAGE_FSTYPES += ".ext4.gz.enc" + + Automatic sha256 in sw-description ----------------------------------