From 25d363debd5a1a70838286affbde0132e8ae9955 Mon Sep 17 00:00:00 2001 From: Patrick Vogelaar Date: Mon, 25 Mar 2024 22:24:16 +0100 Subject: [PATCH] feat(coreos-resign-swu-file.sh): add resigner for swu files this script allows resigning of swu files --- scripts/coreos-resign-swu-file.sh | 62 +++++++++++++++++++++++++++++++ 1 file changed, 62 insertions(+) create mode 100755 scripts/coreos-resign-swu-file.sh diff --git a/scripts/coreos-resign-swu-file.sh b/scripts/coreos-resign-swu-file.sh new file mode 100755 index 0000000..e1a3e70 --- /dev/null +++ b/scripts/coreos-resign-swu-file.sh @@ -0,0 +1,62 @@ +#!/usr/bin/env bash +#title :coreos-resign-swu-file.sh +#description :This script signs/resigns an already existent swu file with a +# provided private key and a certificate +#author :Patrick Vogelaar +#date :20240325 +#version :0.1 +#usage :coreos-resign-swu-file.sh -i .swu -k -c +# -o +#notes :openssl and cpio are required +#============================================================================== + +SW_DESC_FILE_NAME="sw-description" +SW_DESC_SIG_FILE_NAME="sw-description.sig" +FIRMWARE_TMP_DIR="firmware_tmp" +CPIO_ORDER_FILE="cpio_order" + +while getopts i:k:c:o flag +do + case "${flag}" in + i) swupdate_in_file=${OPTARG};; + k) key_file=${OPTARG};; + c) certificate=${OPTARG};; + o) output_file=${OPTARG};; + *);; # TODO: error handling -> unknown flag + esac +done + +### Some basic checks +if [[ -d $FIRMWARE_TMP_DIR ]]; then + echo "ERROR: $FIRMWARE_TMP_DIR directory alread exists in this directory" + exit 1 +fi + +if ! command -v openssl &> /dev/null +then + echo "openssl could not be found" + exit 1 +fi + +if ! command -v cpio &> /dev/null +then + echo "cpio could not be found" + exit 1 +fi + + +mkdir -p $FIRMWARE_TMP_DIR +cd $FIRMWARE_TMP_DIR || exit 1 + +# store the exact order in a file +cpio --quiet --list < "../$swupdate_in_file" > $CPIO_ORDER_FILE + +cpio --quiet -id < "../$swupdate_in_file" + +# resign +openssl cms -sign -in $SW_DESC_FILE_NAME -out $SW_DESC_SIG_FILE_NAME -signer\ + "$certificate" -inkey "$key_file" -outform DER -nosmimecap -binary + +# recreate the swu file +echo "cat < $CPIO_ORDER_FILE | cpio --quiet -ov > $output_file" +cat < $CPIO_ORDER_FILE | cpio --quiet -ov > "$output_file"