forked from pool/fdo-client
Marcus Meissner
03570f9175
needs a devel project to submit to Factory OBS-URL: https://build.opensuse.org/request/show/969433 OBS-URL: https://build.opensuse.org/package/show/security/fdo-client?expand=0&rev=1
170 lines
6.8 KiB
Diff
170 lines
6.8 KiB
Diff
diff -u a/blob_path.cmake b/blob_path.cmake
|
|
--- a/cmake/blob_path.cmake 2021-10-14 22:02:06.855474972 +0200
|
|
+++ b/cmake/blob_path.cmake 2021-10-14 22:19:21.969170219 +0200
|
|
@@ -7,17 +7,18 @@
|
|
# Note all blobs and data will be made relative.
|
|
# if absoulte is needed declare BLOB_PATH on CLI
|
|
# or export BLOB_PATH=<path>
|
|
+# RO_BLOB_PATH=<path> is for data which does not need write access
|
|
|
|
if(TARGET_OS MATCHES linux)
|
|
|
|
client_sdk_compile_definitions(
|
|
- -DSERIAL_FILE=\"${BLOB_PATH}/data/manufacturer_sn.bin\"
|
|
- -DMODEL_FILE=\"${BLOB_PATH}/data/manufacturer_mod.bin\"
|
|
+ -DSERIAL_FILE=\"${RO_BLOB_PATH}/data/manufacturer_sn.bin\"
|
|
+ -DMODEL_FILE=\"${RO_BLOB_PATH}/data/manufacturer_mod.bin\"
|
|
-DPLATFORM_IV=\"${BLOB_PATH}/data/platform_iv.bin\"
|
|
-DPLATFORM_HMAC_KEY=\"${BLOB_PATH}/data/platform_hmac_key.bin\"
|
|
-DPLATFORM_AES_KEY=\"${BLOB_PATH}/data/platform_aes_key.bin\"
|
|
- -DMANUFACTURER_ADDR=\"${BLOB_PATH}/data/manufacturer_addr.bin\"
|
|
- -DMAX_SERVICEINFO_SZ_FILE=\"${BLOB_PATH}/data/max_serviceinfo_sz.bin\"
|
|
+ -DMANUFACTURER_ADDR=\"${RO_BLOB_PATH}/data/manufacturer_addr.bin\"
|
|
+ -DMAX_SERVICEINFO_SZ_FILE=\"${RO_BLOB_PATH}/data/max_serviceinfo_sz.bin\"
|
|
)
|
|
if (${DA} MATCHES tpm)
|
|
client_sdk_compile_definitions(
|
|
@@ -53,24 +54,24 @@
|
|
-DFDO_CRED_SECURE=\"${BLOB_PATH}/data/Secure.blob\"
|
|
-DFDO_CRED_MFG=\"${BLOB_PATH}/data/Mfg.blob\"
|
|
-DFDO_CRED_NORMAL=\"${BLOB_PATH}/data/Normal.blob\"
|
|
- -DRAW_BLOB=\"${BLOB_PATH}/data/raw.blob\"
|
|
+ -DRAW_BLOB=\"${RO_BLOB_PATH}/data/raw.blob\"
|
|
)
|
|
else() #Not unit tests
|
|
if (${DA} MATCHES ecdsa256) #ecdsa 256 selected
|
|
if (${DA_FILE} MATCHES pem)
|
|
client_sdk_compile_definitions(
|
|
- -DECDSA_PEM -DECDSA_PRIVKEY=\"${BLOB_PATH}/data/ecdsa256privkey.pem\")
|
|
+ -DECDSA_PEM -DECDSA_PRIVKEY=\"${RO_BLOB_PATH}/data/ecdsa256privkey.pem\")
|
|
else()
|
|
client_sdk_compile_definitions(
|
|
- -DECDSA_PRIVKEY=\"${BLOB_PATH}/data/ecdsa256privkey.dat\")
|
|
+ -DECDSA_PRIVKEY=\"${RO_BLOB_PATH}/data/ecdsa256privkey.dat\")
|
|
endif()
|
|
else() # ecdsa 384 selected
|
|
if (${DA_FILE} MATCHES pem)
|
|
client_sdk_compile_definitions(
|
|
- -DECDSA_PEM -DECDSA_PRIVKEY=\"${BLOB_PATH}/data/ecdsa384privkey.pem\")
|
|
+ -DECDSA_PEM -DECDSA_PRIVKEY=\"${RO_BLOB_PATH}/data/ecdsa384privkey.pem\")
|
|
else()
|
|
client_sdk_compile_definitions(
|
|
- -DECDSA_PRIVKEY=\"${BLOB_PATH}/data/ecdsa384privkey.dat\")
|
|
+ -DECDSA_PRIVKEY=\"${RO_BLOB_PATH}/data/ecdsa384privkey.dat\")
|
|
endif()
|
|
endif()
|
|
client_sdk_compile_definitions(
|
|
@@ -80,27 +81,27 @@
|
|
-DFDO_CRED_SECURE=\"${BLOB_PATH}/data/Secure.blob\"
|
|
-DFDO_CRED_MFG=\"${BLOB_PATH}/data/Mfg.blob\"
|
|
-DFDO_CRED_NORMAL=\"${BLOB_PATH}/data/Normal.blob\"
|
|
- -DRAW_BLOB=\"${BLOB_PATH}/data/raw.blob\"
|
|
+ -DRAW_BLOB=\"${RO_BLOB_PATH}/data/raw.blob\"
|
|
)
|
|
endif()
|
|
if (NOT(${HTTPPROXY} STREQUAL ""))
|
|
client_sdk_compile_definitions(
|
|
- -DMFG_PROXY=\"${BLOB_PATH}/data/mfg_proxy.dat\"
|
|
- -DRV_PROXY=\"${BLOB_PATH}/data/rv_proxy.dat\"
|
|
- -DOWNER_PROXY=\"${BLOB_PATH}/data/owner_proxy.dat\"
|
|
+ -DMFG_PROXY=\"${RO_BLOB_PATH}/data/mfg_proxy.dat\"
|
|
+ -DRV_PROXY=\"${RO_BLOB_PATH}/data/rv_proxy.dat\"
|
|
+ -DOWNER_PROXY=\"${RO_BLOB_PATH}/data/owner_proxy.dat\"
|
|
)
|
|
endif()
|
|
endif()
|
|
|
|
if (${TARGET_OS} MATCHES mbedos)
|
|
client_sdk_compile_definitions(
|
|
- -DSERIAL_FILE=\"${BLOB_PATH}/data/manufacturer_sn.bin\"
|
|
- -DMODEL_FILE=\"${BLOB_PATH}/data/manufacturer_mod.bin\"
|
|
+ -DSERIAL_FILE=\"${RO_BLOB_PATH}/data/manufacturer_sn.bin\"
|
|
+ -DMODEL_FILE=\"${RO_BLOB_PATH}/data/manufacturer_mod.bin\"
|
|
-DPLATFORM_IV=\"${BLOB_PATH}/data/platform_iv.bin\"
|
|
-DPLATFORM_HMAC_KEY=\"${BLOB_PATH}/data/platform_hmac_key.bin\"
|
|
-DPLATFORM_AES_KEY=\"${BLOB_PATH}/data/platform_aes_key.bin\"
|
|
- -DMANUFACTURER_ADDR=\"${BLOB_PATH}/data/manufacturer_addr.bin\"
|
|
- -DMAX_SERVICEINFO_SZ_FILE=\"${BLOB_PATH}/data/max_serviceinfo_sz.bin\"
|
|
+ -DMANUFACTURER_ADDR=\"${RO_BLOB_PATH}/data/manufacturer_addr.bin\"
|
|
+ -DMAX_SERVICEINFO_SZ_FILE=\"${RO_BLOB_PATH}/data/max_serviceinfo_sz.bin\"
|
|
)
|
|
if (${unit-test} MATCHES true)
|
|
client_sdk_compile_definitions(
|
|
@@ -110,7 +111,7 @@
|
|
-DFDO_CRED_SECURE=\"${BLOB_PATH}/data/Secure.blob\"
|
|
-DFDO_CRED_MFG=\"${BLOB_PATH}/data/Mfg.blob\"
|
|
-DFDO_CRED_NORMAL=\"${BLOB_PATH}/data/Normal.blob\"
|
|
- -DRAW_BLOB=\"${BLOB_PATH}/data/raw.blob\"
|
|
+ -DRAW_BLOB=\"${RO_BLOB_PATH}/data/raw.blob\"
|
|
)
|
|
if (${DA_FILE} MATCHES pem)
|
|
client_sdk_compile_definitions(
|
|
@@ -164,10 +165,10 @@
|
|
# Configure if needed at a later point
|
|
# configure_file(${BLOB_PATH}/data/Normal.blob NEWLINE_STYLE DOS)
|
|
|
|
-file(WRITE ${BLOB_PATH}/data/platform_iv.bin "")
|
|
-file(WRITE ${BLOB_PATH}/data/platform_hmac_key.bin "")
|
|
-file(WRITE ${BLOB_PATH}/data/platform_aes_key.bin "")
|
|
-file(WRITE ${BLOB_PATH}/data/Normal.blob "")
|
|
-file(WRITE ${BLOB_PATH}/data/Secure.blob "")
|
|
-file(WRITE ${BLOB_PATH}/data/raw.blob "")
|
|
-file(WRITE ${BLOB_PATH}/data/max_serviceinfo_sz.bin "")
|
|
+file(WRITE ./data/platform_iv.bin "")
|
|
+file(WRITE ./data/platform_hmac_key.bin "")
|
|
+file(WRITE ./data/platform_aes_key.bin "")
|
|
+file(WRITE ./data/Normal.blob "")
|
|
+file(WRITE ./data/Secure.blob "")
|
|
+file(WRITE ./data/raw.blob "")
|
|
+file(WRITE ./data/max_serviceinfo_sz.bin "")
|
|
Nur in b: blob_path.cmake~.
|
|
diff -u a/cli_input.cmake b/cli_input.cmake
|
|
--- a/cmake/cli_input.cmake 2021-10-14 22:24:53.078959088 +0200
|
|
+++ b/cmake/cli_input.cmake 2021-10-14 22:26:36.187516122 +0200
|
|
@@ -24,6 +24,7 @@
|
|
set (STORAGE true)
|
|
set (BOARD NUCLEO_F767ZI)
|
|
set (BLOB_PATH .)
|
|
+set (RO_BLOB_PATH .)
|
|
set (TPM2_TCTI_TYPE tabrmd)
|
|
set (RESALE true)
|
|
set (REUSE true)
|
|
@@ -501,6 +502,36 @@
|
|
message("Selected BLOB_PATH ${BLOB_PATH}")
|
|
|
|
###########################################
|
|
+# FOR RO_BLOB_PATH
|
|
+get_property(cached_ro_blob_path_value CACHE RO_BLOB_PATH PROPERTY VALUE)
|
|
+
|
|
+set(ro_blob_path_cli_arg ${cached_ro_blob_path_value})
|
|
+if(ro_blob_path_cli_arg STREQUAL CACHED_RO_BLOB_PATH)
|
|
+ unset(ro_blob_path_cli_arg)
|
|
+endif()
|
|
+
|
|
+set(ro_blob_path_app_cmake_lists ${RO_BLOB_PATH})
|
|
+if(cached_ro_blob_path_value STREQUAL RO_BLOB_PATH)
|
|
+ unset(ro_blob_path_app_cmake_lists)
|
|
+endif()
|
|
+
|
|
+if(CACHED_RO_BLOB_PATH)
|
|
+ if ((ro_blob_path_cli_arg) AND (NOT(CACHED_RO_BLOB_PATH STREQUAL ro_blob_path_cli_arg)))
|
|
+ message(WARNING "Need to do make pristine before cmake args can change.")
|
|
+ endif()
|
|
+ set(RO_BLOB_PATH ${CACHED_RO_BLOB_PATH})
|
|
+elseif(ro_blob_path_cli_arg)
|
|
+ set(RO_BLOB_PATH ${ro_blob_path_cli_arg})
|
|
+elseif(DEFINED ENV{RO_BLOB_PATH})
|
|
+ set(RO_BLOB_PATH $ENV{RO_BLOB_PATH})
|
|
+elseif(ro_blob_path_app_cmake_lists)
|
|
+ set(RO_BLOB_PATH ${ro_blob_path_app_cmake_lists})
|
|
+endif()
|
|
+
|
|
+set(CACHED_RO_BLOB_PATH ${RO_BLOB_PATH} CACHE STRING "Selected RO_BLOB_PATH")
|
|
+message("Selected RO_BLOB_PATH ${RO_BLOB_PATH}")
|
|
+
|
|
+###########################################
|
|
# FOR WIFI_SSID
|
|
get_property(cached_wifi_ssid_value CACHE WIFI_SSID PROPERTY VALUE)
|
|
|
|
Nur in b: cli_input.cmake~.
|