我的目标是,
sha256(进入.swu)sw-description算法签署RSA文件。我的.swu包括:
bzImagepanther2-usb-panther2.ext4sw-description我创建了一个脚本,生成postinstall_swu.sh并签署sha256。这是脚本:
sw-description以上方法更好吗?
有没有办法要求yocto / swupdate层为所有上述文件(#!/bin/bash
IMAGES="bzImage panther2-usb-panther2.ext4"
FILES="sw-description sw-description.sig postinstall_swu.sh $IMAGES"
echo "Executing swu signing script..."
cp ../sw-description .
cp ../postinstall_swu.sh .
cp ../../../../../deploy/images/panther2/bzImage .
cp ../../../../../deploy/images/panther2/panther2-usb-panther2.ext4 .
read -d ' ' SHA_ROOTFS < <(sha256sum panther2-usb-panther2.ext4)
read -d ' ' SHA_BZIMAGE < <(sha256sum bzImage)
read -d ' ' SHA_POSTINSTALL < <(sha256sum postinstall_swu.sh)
sed -i ':a;N;$!ba; s/sha256 = "[0-9A-Za-z]*"/sha256 = '"\"${SHA_ROOTFS}"\"'/1' sw-description
sed -i ':a;N;$!ba; s/sha256 = "[0-9A-Za-z]*"/sha256 = '"\"${SHA_BZIMAGE}"\"'/2' sw-description
sed -i ':a;N;$!ba; s/sha256 = "[0-9A-Za-z]*"/sha256 = '"\"${SHA_POSTINSTALL}"\"'/3' sw-description
openssl dgst -sha256 -sign ../priv.pem -passin file:../passphrase sw-description > sw-description.sig
for i in $FILES;do
echo $i;done | cpio -ov -H crc > panther2-swu-$USER-devbuild.swu
cp panther2-swu-$USER-devbuild.swu ../../../../../deploy/images/panther2
除外)生成sha256,并将这些生成的sw-description添加到sw-description文件中?
我可以通过在我的食谱文件中定义sha256和sw-description变量来签署SWUPDATE_SIGNING但是
如何生成
SWUPDATE_PRIVATE_KEY?
meta-swupdate Yocto层负责签名图像。
Swupdate图像配方应包含例如:
sha256然后,使用以下语法在SWUPDATE_SIGNING = "RSA"
SWUPDATE_PRIVATE_KEY = "/path/to/key"
中自动计算sha256:
sw-description file其中sha256 = "@panther2-usb-panther2.ext4";
是panther2-usb-panther2.ext4变量中列出的工件。
更多细节可以在:
SWUPDATE_IMAGES