matthew/sonic-buildimage
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add the test signing certificates for secure boot (#4866)

Browse Source 
* Add the test signing certificates for secure boot
* Remove unnecessary ca key file
* Regenerate the certificates to not expose the ca key
This commit is contained in:
xumia 2020-06-30 06:01:20 +08:00 committed by GitHub
parent 0f4460e7ad
commit 5f16e9622f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 122 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
build_image.sh
View File

@ -150,7 +150,15 @@ elif [ "$IMAGE_TYPE" = "aboot" ]; then
if [ "$SONIC_ENABLE_IMAGE_SIGNATURE" = "y" ]; then
TARGET_CA_CERT="$TARGET_PATH/ca.cert"
rm -f "$TARGET_CA_CERT"
[ -f "$CA_CERT" ] && cp "$CA_CERT" "$TARGET_CA_CERT"
# If the ca certificate does not exist, the test certificate will be used to sign the image
if [ ! -f "$CA_CERT" ]; then
TEST_CERT_PATH=files/image_config/secureboot/test-certs
CA_CERT="${TEST_CERT_PATH}/ca.cert"
SIGNING_KEY="${TEST_CERT_PATH}/signing.key"
SIGNING_CERT="${TEST_CERT_PATH}/signing.cert"
fi
cp "$CA_CERT" "$TARGET_CA_CERT"
./scripts/sign_image.sh -i "$OUTPUT_ABOOT_IMAGE" -k "$SIGNING_KEY" -c "$SIGNING_CERT" -a "$TARGET_CA_CERT"
fi
else

32
files/image_config/secureboot/test-certs/ca.cert Normal file
View File

@ -0,0 +1,32 @@
-----BEGIN CERTIFICATE-----
MIIFdTCCA12gAwIBAgIUL2kglpzjw8n7sLr41bLDrLU8CcswDQYJKoZIhvcNAQEL
BQAwSTELMAkGA1UEBhMCVVMxDTALBgNVBAgMBFRlc3QxDTALBgNVBAcMBFRlc3Qx
DTALBgNVBAoMBFRlc3QxDTALBgNVBAMMBFRlc3QwIBcNMjAwNjI5MDYyNzE4WhgP
MjEyMDA2MDUwNjI3MThaMEkxCzAJBgNVBAYTAlVTMQ0wCwYDVQQIDARUZXN0MQ0w
CwYDVQQHDARUZXN0MQ0wCwYDVQQKDARUZXN0MQ0wCwYDVQQDDARUZXN0MIICIjAN
BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA32NtDS/zojvq37VlzMQYUXY58OWZ
hrgGnuq5j5bUWZlRGxjiRyRjYgeTC+gCFsT0u3Mgat1Kwo1rsOLCf62KArOUssMR
xGWEdubvYlIInC4RyuTq0a7lLxQH1q+mwHPpJHQ3Iv7Vj8cwmtwM/uAru6uOy+YN
Dl3Y+VCtbJ/3OB5u4W7toAmfPfoO/JNOxYQAYMNqMwFfK7MMh8HPjm5hQ9j+K+Df
yAlePFgnp8v4o3SdYzzW7rkV+q7ZfGM4VlPnNHgS2wcbI5NoFgpe86k3JSF6aFSh
p+fEQss/Kz2JXrfvR7TbpS/HpeoPRvUF7kSgCVfaMPdoOOwGtVkmIPlTN1y5xpyu
LH/v62TmNp3NOlbQ4oxgIrYfaYDXTByuFSlXft6VcJg7bJvGL8J1QqU7A040jSPn
45GaLm9nJpl//ik/MjU+qau8O7lvmz/2OjIwEDElAYTDnLoYYDeax9vJjcEni5/s
xi/fc7IyHtOgOpb5+bLumvvBy7qCM0sRuFliXAAFzwK1zn1WxwUMBuMjZjioCNPW
zfJ9jrmbBB2KJk/hyJ6mAVSE/tTL2vJsgjB3RabfS5ECr/ZXZXbNb3FUiFea5oUe
XKkzC6oUGfUb63ZwQ1oSX1q4ECt/OecAmujL3ATLILrptko3FgURjwYUTtPn5DyL
gYnc6CvZ3Tl70DECAwEAAaNTMFEwHQYDVR0OBBYEFFSMKiWUTzg7rggKQ95BbgCR
ZCxeMB8GA1UdIwQYMBaAFFSMKiWUTzg7rggKQ95BbgCRZCxeMA8GA1UdEwEB/wQF
MAMBAf8wDQYJKoZIhvcNAQELBQADggIBAI3N1xeBqtSy5/aOBPM3MG6WTfWaIwA2
G7axvE9HLmOZ2jbNaV/is5ZTclgVocdYmg77MhhIzK7smPehUpimAntsk94E/zFA
K9sol4tPzWi+aVzf0fvEkOk+4WdPUMWkgyqFoiZ4n+ARJdN6Ef0Dcoue3DFbYu+M
94yOUD1KSXMDhknIwTCAtnCMDiFCv2f++LYOPs71ttJWnBGGtdYEibsAkFI9gOQ6
ianw12D5ZWaF88jQt83B+gxw2QYRfpvW7enD1N7+kBfZV9BXa9IjVQ4kxi/DkEFM
ib1WR8zCmhb3wRkD0PVI6OE7XLjCjvGIhdsd3r+qHlHyzHJAJuuGxrLoenAe7T/P
eJ52mNtKGwASd/mShQpM+EbkGKnxKAp3ZJRMemeMboFk6WnPRZ7VYddHeXN57aGl
Yfg43cYfGACOHNfbs2X7zzNuqxpj1oLpDOHBD8UnYhGNWqfHAzmEDkxrReE/uO9R
+7NP3FFFx908OS7vgBSaUsYA9WX1VsJsyZjC/njHIPwZvKBRTvyTYfskSey1JA/O
YMp7NTL+LxSthab3Zgpe7ziYe+lQ/PkTBpy2UB0ntnUj2AER75VH3S8TBdIzlzCp
45+/TXbLOm+PO6iCIh/gHviCy5ua+txgZeG+/1sGrlYT0Je04e/HpVA7+aRzZF4+
yxGRZsO7Ztjz
-----END CERTIFICATE-----

30
files/image_config/secureboot/test-certs/signing.cert Normal file
View File

@ -0,0 +1,30 @@
-----BEGIN CERTIFICATE-----
MIIFGzCCAwMCFEzTPYLASoyMuK7LFp0mFz/fWFKYMA0GCSqGSIb3DQEBCwUAMEkx
CzAJBgNVBAYTAlVTMQ0wCwYDVQQIDARUZXN0MQ0wCwYDVQQHDARUZXN0MQ0wCwYD
VQQKDARUZXN0MQ0wCwYDVQQDDARUZXN0MCAXDTIwMDYyOTA2MjcxOVoYDzIwNzAw
NjE3MDYyNzE5WjBJMQswCQYDVQQGEwJVUzENMAsGA1UECAwEVGVzdDENMAsGA1UE
BwwEVGVzdDENMAsGA1UECgwEVGVzdDENMAsGA1UEAwwEVGVzdDCCAiIwDQYJKoZI
hvcNAQEBBQADggIPADCCAgoCggIBAMl+lKW0Kjdy2xpXIrIr+0DZ+hWACR1Lp2By
5ovSqHXrpndPJrP/rtPwC0wOIry8iEHPrUc9oez+G9q+hMGcQR+O9un55huWoqlg
/KoCDuyP7QtraBzwQmihrnEtsWyF9KKFnEHTRgkMNqH+JKBWQQmfBouMq7QmZ0oL
IQ2zIt/3fJzBTr70WH3xIhrIujjAoy10dAxsg4CA49KREpj72lrb1IAEdFj57HCm
MYGA85qq6M+Qz97Zd9F4IoNrTg+7WLMRBRJEnsC20rfKQdEDIBPuwAMCC6j1Q9Jc
HIKu4StCVo693lCjPV4RhhiHd1Y1+TezX7UM7Wt2XEM/Z0gMZ2Z42p8ByfsxFtVO
QdsWoyrA79n6VlU0237AwgyAYdTopU5alErTrYwhwbcZNLb0mpLijGnf0jwWr4uu
7nbgozKVAMrpJZufPYhG5dG6lBOODcMpbkDfHi9yPcoGIbZYV41IGJhLaYejecry
B56vgd2jGU7bnIB3Mth3t+Vsx1y67EW/8IopmGwL2MyTV4Z5Hq59wnR53Z1hQLB6
twTgPJjo+n39YTt/I6pkYzV0ptpJb6BS8NTvADoYw5TQy3mW/HR0LayRwkzB+8Ii
GDwC6k+IXcmHjeyov0OXeieFXwZMDPlc0yoCzZ1sywQNG8EDOSisu9R/zMW8sJjD
b+lItF9jAgMBAAEwDQYJKoZIhvcNAQELBQADggIBAJqb9dChpXaOCdHKtcKbTgkm
Sf2HRN8lA7gszDQMXvenog+YinFO72bNzrRcmA2zYcpwutBLLBqZ6BccuSKc6F4Z
6Hv609mBTEWL64VqeQlsqADGS1+gzQGQm2AoFqNGdqCzx2EfoyXKIbmg4bik0INF
jQN0YsXsULMa4DSV/Cif3H3++e7kEa1/JxoqndTasrP9/YFJup3+90F1Q3ib0wql
W4kUVKpFxx0Qyi/zn8vrDsM2NfOur9rD7k9gv8GaN8PshPIGj0rzrIGf8QebugJ3
0NsOaqLsR4+8KGGjT6ckcNDun1ajrRfMyKoNtxdI8l8zl80mQQtsbvIO5hmhUMy9
AW+8QzBzgc/TJAAHlElxOYHwypcsNGbkIVczUy48gp4DhQtfs1q8HqzTwHtK+HTN
JzeQJtDnpAJARiCXr67+QTwAVszefqVK8N2UntuTzOhhs8PdP1jVv5g6gQpFfgI8
IyniS46+mTO+FXYCkk2Ner2Jr6p3r2pMAQPSr28TEr75H2gUVufYSBUgrVDwPlio
SEk6Iccg/2KgWXPCj2/LmGcJZqCc8Z8L8CbT1z+5plpp+WcMVRxgbH/FHSQBkMsw
P2SSOVjJEkSYV5I6bYA97BBFpjovZS+7k6NmW1Lj1n33awdMrm1UXQRDTSKXOzVu
U/rAEWO3JyUeTNCL37Ec
-----END CERTIFICATE-----

51
files/image_config/secureboot/test-certs/signing.key Normal file
View File

@ -0,0 +1,51 @@
-----BEGIN RSA PRIVATE KEY-----
MIIJKQIBAAKCAgEAyX6UpbQqN3LbGlcisiv7QNn6FYAJHUunYHLmi9Kodeumd08m
s/+u0/ALTA4ivLyIQc+tRz2h7P4b2r6EwZxBH4726fnmG5aiqWD8qgIO7I/tC2to
HPBCaKGucS2xbIX0ooWcQdNGCQw2of4koFZBCZ8Gi4yrtCZnSgshDbMi3/d8nMFO
vvRYffEiGsi6OMCjLXR0DGyDgIDj0pESmPvaWtvUgAR0WPnscKYxgYDzmqroz5DP
3tl30Xgig2tOD7tYsxEFEkSewLbSt8pB0QMgE+7AAwILqPVD0lwcgq7hK0JWjr3e
UKM9XhGGGId3VjX5N7NftQzta3ZcQz9nSAxnZnjanwHJ+zEW1U5B2xajKsDv2fpW
VTTbfsDCDIBh1OilTlqUStOtjCHBtxk0tvSakuKMad/SPBavi67uduCjMpUAyukl
m589iEbl0bqUE44NwyluQN8eL3I9ygYhtlhXjUgYmEtph6N5yvIHnq+B3aMZTtuc
gHcy2He35WzHXLrsRb/wiimYbAvYzJNXhnkern3CdHndnWFAsHq3BOA8mOj6ff1h
O38jqmRjNXSm2klvoFLw1O8AOhjDlNDLeZb8dHQtrJHCTMH7wiIYPALqT4hdyYeN
7Ki/Q5d6J4VfBkwM+VzTKgLNnWzLBA0bwQM5KKy71H/MxbywmMNv6Ui0X2MCAwEA
AQKCAgEAuMZ2hDpimHSgTlhnveItR3xdJMhEE3RkKkNT/hcRWwndnv2brWckKMCx
a25vFosBnPBYo8L2MgGZA5DA51dmNQ2CinAbP2N1CUSijzjR/MfDhjxZvmfpTlAu
SyWu1alF/J/v+kFHsVZc51LKvao7fBo0A1bdwpeREsp/5jNHIQGwaYOvtdcXK28s
akl21EJ7oVxwa1A7i2UnBtr4pggXZki/ZyIum8WcuHT/YxYgzs46LtZKeb8NbK7x
X3jQngacwaEy+FyrBGjjdZ1pm8V07jJ8LIX8sVUxe7/yeTjrziLIg5/ENkhsJ06E
nQvlOM7IGvdIJhyTwH9K/nQvP1f4nNP+3RQSc8ubP5QqGGnlryhOvvV7QG8Y+ZN4
mV1FOoyqiZdxFs/6PxKJfmNDoma8oz3pGQ810OnxtCu2kcxT54WBJdKxcQFxSxjS
8YVRoakmU6noUTqw6BaG9QwQnbLytXckXQDQlxqGd4WbL1nlCxZF25SxRCX2/mHd
7BUpW6OfxL/pEOcUBV0HO/ELm51xWMaZyGfZPkQRpbnpGgfXojuOnxdfiUbqkHy/
/dV98pfgT+qy4FXn/zeGLnh6Q/JPcCQp6QeyUbC9jHvrkVLwuA8ugg9ilGvMSX8Q
vmVNe9UjkNVywoeiB5/Dc5CzgmG9hdsf2r+5BZNG3GilwsCAArECggEBAOzNasRY
j6mB47FJsxJDW0I16dBugLcenFTO70UzLeTGgsREzba6/ItnsH9ZPRRxmQoKC5a6
yK+63DZo9YCOit8lSxx6otUev4RpDhsmnrG7ILQzXb3BO2bqbP+Xm1CNWkaZxRSZ
HKLwXAvKp+YLMJ7qAZRe5+E4c5i+9NdJWAFMHcVTIUdnJ2bPC1lwhCqC9zeuMj+j
U7U0Rt9sgy9azExK4/O8pvcYFS8JCpw5Kot/c+5C6F91Zj437k8hoSZhVIJgsvTF
PnEE+pt84p9vcd1CHKWRbB4QU92JpniJk2ZjNC184niG5bPbfJJrQda0xFKwLD8G
HYgr7rrfz6mNWqkCggEBANnUYmouBTVmgjnjJkq+OaUuyHv0LvBXdr+4DhSIMe03
mEenRBj4AA9J9XCg0WnzX21gvistO+rJ+lHCiQjaY18LCz1KpDKnnliTVrlXsa9Y
Zyd8yZou0oX29fsEwjS/o0lJv9T+RxAjMXMTaDvLeybUIioFKBEHqUxkiMFCFygY
+8UA/PGXZB5ysgOJ3W1JTcNCTixM15+ItsJRjnqGtfm77jvTyGHPuG4VlJfYQg2B
HfP7p19RSJhqzNPhPpioXs5DJj0nVvbSDC4/ukJV5GltI87csjup/naSgBzhXvfH
F/4CBQdKPCsQVv27je/OEGzzd6B2E4IoIz5ZPzzJHSsCggEAVCKD/bENkgdRU+tA
kYuXAAZRxbmNSAK7PrKrdqXBd5hEW+GqSXNUSV+U6RpWxk26N0PsbCh/J1i35ykR
mRSMKM6CSmMUOa6ME0qUNXdaSQGYlA3wD3x5U46VHZbLGyqt2YnG6ROhhg7qVVIy
p1xwcPXpi8LQlkfNYobuTROFDijyJurrVwhCipeji6qbetM/bOwadFveYPJq//T5
Azk6fxzYsv/jPsWyuRx4RZtWD2xAT3Y8Q7Zdllue80Sakh1gvlYHH0p5bgR72gTc
LBOXnCpiLT1m8aOReJPwrsEKuwUiQ8ssV/Bt6qJgN1Geed+OJWbswZO1qG0bjA/7
I13SyQKCAQAeLgbUnzupgmJYktgjUue5sxmj0tkOA5A4T8/jmFsSerlmdA5DR1j6
xUx0JlPdUhLOnLC8WrAKf6Fm4oUJ7PgHmwgbndPSENcnfoJte3Dq0ly4Y9mquwH/
/Y9nD+m4VTTSWp1xbSl7WuTnBLFUV4TghFOXbs92TJFwPB2WaQm8THnVeaWR81+z
uEBhrSA4nAdiHjWmfZ8CQ3bOxW3wG+nqh9ciAt2ob5cl6WeFAjlklZcIzr0Jv8FH
HMT0NijuDaXU/gi2QFUULVXysnGj7zKOSMjFSF6JVawj0Xheh/sYaUUxtCXuNKLR
dJoY3Xt01iAAeFsCqFlblyQK52KTkWmxAoIBAQCDFtaLIp+gJ4kKCmUT30abaXXe
tb0D9CnXT1EQSpKqio9Soad1a9PZ6IkJU0Dhks2mJWX6CHR3mWpmXR31aWM/iP+u
X+/amrHPhzxyFCmbo+Vb96ZuelFvdZ0x4l6eM+qd9SxF+SnSyfdtnwOThLI7bZFc
L6rbYlTFdH3j6nksITAW1lp1W59jtkYQVIBl8rpiwNfgRFBf5FE9PKDjbG2WHx3a
kv81Ok5z6PV4BarViZ6hV2tP4b96/TbrXn08J6M4Gcn7KOn7UfYSP/2p7sIE+pC4
EMO3sAR6IUU/utmknwY0Ou/enuzsq3RvpA/8kE4ZdRBMLUQeZZ4yzX0pyfSz
-----END RSA PRIVATE KEY-----