From a97b3363b63e8589b897e5dd357d6755d7d4c8c4 Mon Sep 17 00:00:00 2001 From: Jia Zhang Date: Tue, 21 Nov 2017 09:29:33 -0500 Subject: scripts/create-user-key-store.sh: support to generate the user keys for modsign and extra system trusted key Signed-off-by: Jia Zhang --- meta-signing-key/scripts/create-user-key-store.sh | 26 +++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/meta-signing-key/scripts/create-user-key-store.sh b/meta-signing-key/scripts/create-user-key-store.sh index 03c10a1..ddcd31a 100755 --- a/meta-signing-key/scripts/create-user-key-store.sh +++ b/meta-signing-key/scripts/create-user-key-store.sh @@ -97,6 +97,8 @@ MOK_SB_KEYS_DIR="$KEYS_DIR/mok_sb_keys" SYSTEM_KEYS_DIR="$KEYS_DIR/system_trusted_keys" IMA_KEYS_DIR="$KEYS_DIR/ima_keys" RPM_KEYS_DIR="$KEYS_DIR/rpm_keys" +MODSIGN_KEYS_DIR="$KEYS_DIR/modsign_keys" +EXTRA_SYSTEM_KEYS_DIR="$KEYS_DIR/extra_system_trusted_keys" pem2der() { local src="$1" @@ -190,6 +192,24 @@ create_system_user_key() { "/CN=System Trusted Certificate/" } +create_modsign_user_key() { + local key_dir="$MODSIGN_KEYS_DIR" + + [ ! -d "$key_dir" ] && mkdir -p "$key_dir" + + ca_sign "$key_dir" modsign_key "$key_dir" modsign_key \ + "/CN=MODSIGN Certificate/" +} + +create_extra_system_user_key() { + local key_dir="$EXTRA_SYSTEM_KEYS_DIR" + + [ ! -d "$key_dir" ] && mkdir -p "$key_dir" + + ca_sign "$key_dir" extra_system_trusted_key "$SYSTEM_KEYS_DIR" system_trusted_key \ + "/CN=Extra System Trusted Certificate/" +} + create_ima_user_key() { local key_dir="$IMA_KEYS_DIR" @@ -277,6 +297,12 @@ create_user_keys() { echo "Creating the user key for system" create_system_user_key + echo "Creating the user key for system extra" + create_extra_system_user_key + + echo "Creating the user key for modsign" + create_modsign_user_key + echo "Creating the user key for IMA appraisal" create_ima_user_key -- cgit v1.2.3-54-g00ecf