Skip to content

Commit 5f16e96

Browse files
xumiaxumia
authored
Add the test signing certificates for secure boot (#4866)
* Add the test signing certificates for secure boot * Remove unnecessary ca key file * Regenerate the certificates to not expose the ca key
1 parent 0f4460e commit 5f16e96

File tree

4 files changed

+122
-1
lines changed

4 files changed

+122
-1
lines changed

build_image.sh

+9-1
Original file line numberDiff line numberDiff line change
@@ -150,7 +150,15 @@ elif [ "$IMAGE_TYPE" = "aboot" ]; then
150150
if [ "$SONIC_ENABLE_IMAGE_SIGNATURE" = "y" ]; then
151151
TARGET_CA_CERT="$TARGET_PATH/ca.cert"
152152
rm -f "$TARGET_CA_CERT"
153-
[ -f "$CA_CERT" ] && cp "$CA_CERT" "$TARGET_CA_CERT"
153+
154+
# If the ca certificate does not exist, the test certificate will be used to sign the image
155+
if [ ! -f "$CA_CERT" ]; then
156+
TEST_CERT_PATH=files/image_config/secureboot/test-certs
157+
CA_CERT="${TEST_CERT_PATH}/ca.cert"
158+
SIGNING_KEY="${TEST_CERT_PATH}/signing.key"
159+
SIGNING_CERT="${TEST_CERT_PATH}/signing.cert"
160+
fi
161+
cp "$CA_CERT" "$TARGET_CA_CERT"
154162
./scripts/sign_image.sh -i "$OUTPUT_ABOOT_IMAGE" -k "$SIGNING_KEY" -c "$SIGNING_CERT" -a "$TARGET_CA_CERT"
155163
fi
156164
else

files/image_config/secureboot/test-certs/ca.cert

+32
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,32 @@
1+
-----BEGIN CERTIFICATE-----
2+
MIIFdTCCA12gAwIBAgIUL2kglpzjw8n7sLr41bLDrLU8CcswDQYJKoZIhvcNAQEL
3+
BQAwSTELMAkGA1UEBhMCVVMxDTALBgNVBAgMBFRlc3QxDTALBgNVBAcMBFRlc3Qx
4+
DTALBgNVBAoMBFRlc3QxDTALBgNVBAMMBFRlc3QwIBcNMjAwNjI5MDYyNzE4WhgP
5+
MjEyMDA2MDUwNjI3MThaMEkxCzAJBgNVBAYTAlVTMQ0wCwYDVQQIDARUZXN0MQ0w
6+
CwYDVQQHDARUZXN0MQ0wCwYDVQQKDARUZXN0MQ0wCwYDVQQDDARUZXN0MIICIjAN
7+
BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA32NtDS/zojvq37VlzMQYUXY58OWZ
8+
hrgGnuq5j5bUWZlRGxjiRyRjYgeTC+gCFsT0u3Mgat1Kwo1rsOLCf62KArOUssMR
9+
xGWEdubvYlIInC4RyuTq0a7lLxQH1q+mwHPpJHQ3Iv7Vj8cwmtwM/uAru6uOy+YN
10+
Dl3Y+VCtbJ/3OB5u4W7toAmfPfoO/JNOxYQAYMNqMwFfK7MMh8HPjm5hQ9j+K+Df
11+
yAlePFgnp8v4o3SdYzzW7rkV+q7ZfGM4VlPnNHgS2wcbI5NoFgpe86k3JSF6aFSh
12+
p+fEQss/Kz2JXrfvR7TbpS/HpeoPRvUF7kSgCVfaMPdoOOwGtVkmIPlTN1y5xpyu
13+
LH/v62TmNp3NOlbQ4oxgIrYfaYDXTByuFSlXft6VcJg7bJvGL8J1QqU7A040jSPn
14+
45GaLm9nJpl//ik/MjU+qau8O7lvmz/2OjIwEDElAYTDnLoYYDeax9vJjcEni5/s
15+
xi/fc7IyHtOgOpb5+bLumvvBy7qCM0sRuFliXAAFzwK1zn1WxwUMBuMjZjioCNPW
16+
zfJ9jrmbBB2KJk/hyJ6mAVSE/tTL2vJsgjB3RabfS5ECr/ZXZXbNb3FUiFea5oUe
17+
XKkzC6oUGfUb63ZwQ1oSX1q4ECt/OecAmujL3ATLILrptko3FgURjwYUTtPn5DyL
18+
gYnc6CvZ3Tl70DECAwEAAaNTMFEwHQYDVR0OBBYEFFSMKiWUTzg7rggKQ95BbgCR
19+
ZCxeMB8GA1UdIwQYMBaAFFSMKiWUTzg7rggKQ95BbgCRZCxeMA8GA1UdEwEB/wQF
20+
MAMBAf8wDQYJKoZIhvcNAQELBQADggIBAI3N1xeBqtSy5/aOBPM3MG6WTfWaIwA2
21+
G7axvE9HLmOZ2jbNaV/is5ZTclgVocdYmg77MhhIzK7smPehUpimAntsk94E/zFA
22+
K9sol4tPzWi+aVzf0fvEkOk+4WdPUMWkgyqFoiZ4n+ARJdN6Ef0Dcoue3DFbYu+M
23+
94yOUD1KSXMDhknIwTCAtnCMDiFCv2f++LYOPs71ttJWnBGGtdYEibsAkFI9gOQ6
24+
ianw12D5ZWaF88jQt83B+gxw2QYRfpvW7enD1N7+kBfZV9BXa9IjVQ4kxi/DkEFM
25+
ib1WR8zCmhb3wRkD0PVI6OE7XLjCjvGIhdsd3r+qHlHyzHJAJuuGxrLoenAe7T/P
26+
eJ52mNtKGwASd/mShQpM+EbkGKnxKAp3ZJRMemeMboFk6WnPRZ7VYddHeXN57aGl
27+
Yfg43cYfGACOHNfbs2X7zzNuqxpj1oLpDOHBD8UnYhGNWqfHAzmEDkxrReE/uO9R
28+
+7NP3FFFx908OS7vgBSaUsYA9WX1VsJsyZjC/njHIPwZvKBRTvyTYfskSey1JA/O
29+
YMp7NTL+LxSthab3Zgpe7ziYe+lQ/PkTBpy2UB0ntnUj2AER75VH3S8TBdIzlzCp
30+
45+/TXbLOm+PO6iCIh/gHviCy5ua+txgZeG+/1sGrlYT0Je04e/HpVA7+aRzZF4+
31+
yxGRZsO7Ztjz
32+
-----END CERTIFICATE-----

files/image_config/secureboot/test-certs/signing.cert

+30
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,30 @@
1+
-----BEGIN CERTIFICATE-----
2+
MIIFGzCCAwMCFEzTPYLASoyMuK7LFp0mFz/fWFKYMA0GCSqGSIb3DQEBCwUAMEkx
3+
CzAJBgNVBAYTAlVTMQ0wCwYDVQQIDARUZXN0MQ0wCwYDVQQHDARUZXN0MQ0wCwYD
4+
VQQKDARUZXN0MQ0wCwYDVQQDDARUZXN0MCAXDTIwMDYyOTA2MjcxOVoYDzIwNzAw
5+
NjE3MDYyNzE5WjBJMQswCQYDVQQGEwJVUzENMAsGA1UECAwEVGVzdDENMAsGA1UE
6+
BwwEVGVzdDENMAsGA1UECgwEVGVzdDENMAsGA1UEAwwEVGVzdDCCAiIwDQYJKoZI
7+
hvcNAQEBBQADggIPADCCAgoCggIBAMl+lKW0Kjdy2xpXIrIr+0DZ+hWACR1Lp2By
8+
5ovSqHXrpndPJrP/rtPwC0wOIry8iEHPrUc9oez+G9q+hMGcQR+O9un55huWoqlg
9+
/KoCDuyP7QtraBzwQmihrnEtsWyF9KKFnEHTRgkMNqH+JKBWQQmfBouMq7QmZ0oL
10+
IQ2zIt/3fJzBTr70WH3xIhrIujjAoy10dAxsg4CA49KREpj72lrb1IAEdFj57HCm
11+
MYGA85qq6M+Qz97Zd9F4IoNrTg+7WLMRBRJEnsC20rfKQdEDIBPuwAMCC6j1Q9Jc
12+
HIKu4StCVo693lCjPV4RhhiHd1Y1+TezX7UM7Wt2XEM/Z0gMZ2Z42p8ByfsxFtVO
13+
QdsWoyrA79n6VlU0237AwgyAYdTopU5alErTrYwhwbcZNLb0mpLijGnf0jwWr4uu
14+
7nbgozKVAMrpJZufPYhG5dG6lBOODcMpbkDfHi9yPcoGIbZYV41IGJhLaYejecry
15+
B56vgd2jGU7bnIB3Mth3t+Vsx1y67EW/8IopmGwL2MyTV4Z5Hq59wnR53Z1hQLB6
16+
twTgPJjo+n39YTt/I6pkYzV0ptpJb6BS8NTvADoYw5TQy3mW/HR0LayRwkzB+8Ii
17+
GDwC6k+IXcmHjeyov0OXeieFXwZMDPlc0yoCzZ1sywQNG8EDOSisu9R/zMW8sJjD
18+
b+lItF9jAgMBAAEwDQYJKoZIhvcNAQELBQADggIBAJqb9dChpXaOCdHKtcKbTgkm
19+
Sf2HRN8lA7gszDQMXvenog+YinFO72bNzrRcmA2zYcpwutBLLBqZ6BccuSKc6F4Z
20+
6Hv609mBTEWL64VqeQlsqADGS1+gzQGQm2AoFqNGdqCzx2EfoyXKIbmg4bik0INF
21+
jQN0YsXsULMa4DSV/Cif3H3++e7kEa1/JxoqndTasrP9/YFJup3+90F1Q3ib0wql
22+
W4kUVKpFxx0Qyi/zn8vrDsM2NfOur9rD7k9gv8GaN8PshPIGj0rzrIGf8QebugJ3
23+
0NsOaqLsR4+8KGGjT6ckcNDun1ajrRfMyKoNtxdI8l8zl80mQQtsbvIO5hmhUMy9
24+
AW+8QzBzgc/TJAAHlElxOYHwypcsNGbkIVczUy48gp4DhQtfs1q8HqzTwHtK+HTN
25+
JzeQJtDnpAJARiCXr67+QTwAVszefqVK8N2UntuTzOhhs8PdP1jVv5g6gQpFfgI8
26+
IyniS46+mTO+FXYCkk2Ner2Jr6p3r2pMAQPSr28TEr75H2gUVufYSBUgrVDwPlio
27+
SEk6Iccg/2KgWXPCj2/LmGcJZqCc8Z8L8CbT1z+5plpp+WcMVRxgbH/FHSQBkMsw
28+
P2SSOVjJEkSYV5I6bYA97BBFpjovZS+7k6NmW1Lj1n33awdMrm1UXQRDTSKXOzVu
29+
U/rAEWO3JyUeTNCL37Ec
30+
-----END CERTIFICATE-----

files/image_config/secureboot/test-certs/signing.key

+51
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,51 @@
1+
-----BEGIN RSA PRIVATE KEY-----
2+
MIIJKQIBAAKCAgEAyX6UpbQqN3LbGlcisiv7QNn6FYAJHUunYHLmi9Kodeumd08m
3+
s/+u0/ALTA4ivLyIQc+tRz2h7P4b2r6EwZxBH4726fnmG5aiqWD8qgIO7I/tC2to
4+
HPBCaKGucS2xbIX0ooWcQdNGCQw2of4koFZBCZ8Gi4yrtCZnSgshDbMi3/d8nMFO
5+
vvRYffEiGsi6OMCjLXR0DGyDgIDj0pESmPvaWtvUgAR0WPnscKYxgYDzmqroz5DP
6+
3tl30Xgig2tOD7tYsxEFEkSewLbSt8pB0QMgE+7AAwILqPVD0lwcgq7hK0JWjr3e
7+
UKM9XhGGGId3VjX5N7NftQzta3ZcQz9nSAxnZnjanwHJ+zEW1U5B2xajKsDv2fpW
8+
VTTbfsDCDIBh1OilTlqUStOtjCHBtxk0tvSakuKMad/SPBavi67uduCjMpUAyukl
9+
m589iEbl0bqUE44NwyluQN8eL3I9ygYhtlhXjUgYmEtph6N5yvIHnq+B3aMZTtuc
10+
gHcy2He35WzHXLrsRb/wiimYbAvYzJNXhnkern3CdHndnWFAsHq3BOA8mOj6ff1h
11+
O38jqmRjNXSm2klvoFLw1O8AOhjDlNDLeZb8dHQtrJHCTMH7wiIYPALqT4hdyYeN
12+
7Ki/Q5d6J4VfBkwM+VzTKgLNnWzLBA0bwQM5KKy71H/MxbywmMNv6Ui0X2MCAwEA
13+
AQKCAgEAuMZ2hDpimHSgTlhnveItR3xdJMhEE3RkKkNT/hcRWwndnv2brWckKMCx
14+
a25vFosBnPBYo8L2MgGZA5DA51dmNQ2CinAbP2N1CUSijzjR/MfDhjxZvmfpTlAu
15+
SyWu1alF/J/v+kFHsVZc51LKvao7fBo0A1bdwpeREsp/5jNHIQGwaYOvtdcXK28s
16+
akl21EJ7oVxwa1A7i2UnBtr4pggXZki/ZyIum8WcuHT/YxYgzs46LtZKeb8NbK7x
17+
X3jQngacwaEy+FyrBGjjdZ1pm8V07jJ8LIX8sVUxe7/yeTjrziLIg5/ENkhsJ06E
18+
nQvlOM7IGvdIJhyTwH9K/nQvP1f4nNP+3RQSc8ubP5QqGGnlryhOvvV7QG8Y+ZN4
19+
mV1FOoyqiZdxFs/6PxKJfmNDoma8oz3pGQ810OnxtCu2kcxT54WBJdKxcQFxSxjS
20+
8YVRoakmU6noUTqw6BaG9QwQnbLytXckXQDQlxqGd4WbL1nlCxZF25SxRCX2/mHd
21+
7BUpW6OfxL/pEOcUBV0HO/ELm51xWMaZyGfZPkQRpbnpGgfXojuOnxdfiUbqkHy/
22+
/dV98pfgT+qy4FXn/zeGLnh6Q/JPcCQp6QeyUbC9jHvrkVLwuA8ugg9ilGvMSX8Q
23+
vmVNe9UjkNVywoeiB5/Dc5CzgmG9hdsf2r+5BZNG3GilwsCAArECggEBAOzNasRY
24+
j6mB47FJsxJDW0I16dBugLcenFTO70UzLeTGgsREzba6/ItnsH9ZPRRxmQoKC5a6
25+
yK+63DZo9YCOit8lSxx6otUev4RpDhsmnrG7ILQzXb3BO2bqbP+Xm1CNWkaZxRSZ
26+
HKLwXAvKp+YLMJ7qAZRe5+E4c5i+9NdJWAFMHcVTIUdnJ2bPC1lwhCqC9zeuMj+j
27+
U7U0Rt9sgy9azExK4/O8pvcYFS8JCpw5Kot/c+5C6F91Zj437k8hoSZhVIJgsvTF
28+
PnEE+pt84p9vcd1CHKWRbB4QU92JpniJk2ZjNC184niG5bPbfJJrQda0xFKwLD8G
29+
HYgr7rrfz6mNWqkCggEBANnUYmouBTVmgjnjJkq+OaUuyHv0LvBXdr+4DhSIMe03
30+
mEenRBj4AA9J9XCg0WnzX21gvistO+rJ+lHCiQjaY18LCz1KpDKnnliTVrlXsa9Y
31+
Zyd8yZou0oX29fsEwjS/o0lJv9T+RxAjMXMTaDvLeybUIioFKBEHqUxkiMFCFygY
32+
+8UA/PGXZB5ysgOJ3W1JTcNCTixM15+ItsJRjnqGtfm77jvTyGHPuG4VlJfYQg2B
33+
HfP7p19RSJhqzNPhPpioXs5DJj0nVvbSDC4/ukJV5GltI87csjup/naSgBzhXvfH
34+
F/4CBQdKPCsQVv27je/OEGzzd6B2E4IoIz5ZPzzJHSsCggEAVCKD/bENkgdRU+tA
35+
kYuXAAZRxbmNSAK7PrKrdqXBd5hEW+GqSXNUSV+U6RpWxk26N0PsbCh/J1i35ykR
36+
mRSMKM6CSmMUOa6ME0qUNXdaSQGYlA3wD3x5U46VHZbLGyqt2YnG6ROhhg7qVVIy
37+
p1xwcPXpi8LQlkfNYobuTROFDijyJurrVwhCipeji6qbetM/bOwadFveYPJq//T5
38+
Azk6fxzYsv/jPsWyuRx4RZtWD2xAT3Y8Q7Zdllue80Sakh1gvlYHH0p5bgR72gTc
39+
LBOXnCpiLT1m8aOReJPwrsEKuwUiQ8ssV/Bt6qJgN1Geed+OJWbswZO1qG0bjA/7
40+
I13SyQKCAQAeLgbUnzupgmJYktgjUue5sxmj0tkOA5A4T8/jmFsSerlmdA5DR1j6
41+
xUx0JlPdUhLOnLC8WrAKf6Fm4oUJ7PgHmwgbndPSENcnfoJte3Dq0ly4Y9mquwH/
42+
/Y9nD+m4VTTSWp1xbSl7WuTnBLFUV4TghFOXbs92TJFwPB2WaQm8THnVeaWR81+z
43+
uEBhrSA4nAdiHjWmfZ8CQ3bOxW3wG+nqh9ciAt2ob5cl6WeFAjlklZcIzr0Jv8FH
44+
HMT0NijuDaXU/gi2QFUULVXysnGj7zKOSMjFSF6JVawj0Xheh/sYaUUxtCXuNKLR
45+
dJoY3Xt01iAAeFsCqFlblyQK52KTkWmxAoIBAQCDFtaLIp+gJ4kKCmUT30abaXXe
46+
tb0D9CnXT1EQSpKqio9Soad1a9PZ6IkJU0Dhks2mJWX6CHR3mWpmXR31aWM/iP+u
47+
X+/amrHPhzxyFCmbo+Vb96ZuelFvdZ0x4l6eM+qd9SxF+SnSyfdtnwOThLI7bZFc
48+
L6rbYlTFdH3j6nksITAW1lp1W59jtkYQVIBl8rpiwNfgRFBf5FE9PKDjbG2WHx3a
49+
kv81Ok5z6PV4BarViZ6hV2tP4b96/TbrXn08J6M4Gcn7KOn7UfYSP/2p7sIE+pC4
50+
EMO3sAR6IUU/utmknwY0Ou/enuzsq3RvpA/8kE4ZdRBMLUQeZZ4yzX0pyfSz
51+
-----END RSA PRIVATE KEY-----

0 commit comments

Comments
 (0)