From d9f0a2e2c0103bf547c84f575303e57fa6d62b62 Mon Sep 17 00:00:00 2001 From: Tero Salminen Date: Wed, 18 Oct 2023 12:02:48 +0300 Subject: [PATCH] Add support to define PX4 signing key via env. variable If SIGNING_ARGS environment variable is defined, build script uses its value as a signing key location. Also a new submodule saluki-sec-scripts is added. If SIGNING_ARGS is not defined test keys are used under Tools/saluki-sec-scripts/test_keys/ saluki-sec-scripts contains also signing tools and second set of keys (custom_keys), which are used in FPGA secure boot builds. Signed-off-by: Tero Salminen --- .gitmodules | 3 +++ Tools/saluki-sec-scripts | 1 + clone_public.sh | 1 + packaging/build_px4fw.sh | 11 +++++++++-- 4 files changed, 14 insertions(+), 2 deletions(-) create mode 160000 Tools/saluki-sec-scripts diff --git a/.gitmodules b/.gitmodules index 2bcafbcfeb40..da2b9273a2cf 100644 --- a/.gitmodules +++ b/.gitmodules @@ -85,3 +85,6 @@ [submodule "platforms/nuttx/src/px4/common/process"] path = platforms/nuttx/src/px4/common/process url = git@github.com:tiiuae/px4-kernel.git +[submodule "Tools/saluki-sec-scripts"] + path = Tools/saluki-sec-scripts + url = git@github.com:tiiuae/saluki-sec-scripts.git diff --git a/Tools/saluki-sec-scripts b/Tools/saluki-sec-scripts new file mode 160000 index 000000000000..99b6a0e4b614 --- /dev/null +++ b/Tools/saluki-sec-scripts @@ -0,0 +1 @@ +Subproject commit 99b6a0e4b614ea17b28eeb5c6399dccbc0652dcb diff --git a/clone_public.sh b/clone_public.sh index 0c6b1179b61d..8ef9f31d116c 100755 --- a/clone_public.sh +++ b/clone_public.sh @@ -5,6 +5,7 @@ set -euo pipefail while read -r repo do [[ "${repo}" == *saluki-?? ]] || \ + [[ "${repo}" == *saluki-sec-scripts ]] || \ [[ "${repo}" == *pfsoc_crypto ]] || \ [[ "${repo}" == *pfsoc_keystore ]] || \ [[ "${repo}" == *pf_crypto ]] || \ diff --git a/packaging/build_px4fw.sh b/packaging/build_px4fw.sh index c25b4c46ab2d..eb0c7e1f4d27 100755 --- a/packaging/build_px4fw.sh +++ b/packaging/build_px4fw.sh @@ -20,8 +20,11 @@ else # use the PX4 default signing script and keys if [[ $NAME = saluki* ]] then - export SIGNING_TOOL=boards/ssrc/saluki-v1/tools/ed25519_sign.py - export SIGNING_ARGS=boards/ssrc/$NAME/tools/ed25519_test_key.pem + export SIGNING_TOOL=Tools/saluki-sec-scripts/ed25519_sign.py + + if [ -z "$SIGNING_ARGS" ]; then + export SIGNING_ARGS=Tools/saluki-sec-scripts/test_keys/$NAME/ed25519_test_key.pem + fi else export SIGNING_TOOL=Tools/cryptotools.py unset SIGNING_ARGS @@ -31,5 +34,9 @@ else rm -Rf build/${arg} # Build make ${arg} + + if [ -n "$SIGNING_ARGS" ]; then + echo "Signing key: $SIGNING_ARGS" + fi done fi