-
Typo fixes from @dp111 (who obviously has too much time on his hands).
-
When not signing the configuration (no -k option), there's no $TMP_CONFIG file and `test -f "$TMP_CONFIG"` is false. The whole line becomes false and the script exists 1 for `set -e`. This commit fixes that by moving the test to `if` condition. Fixes: d1a9a5c659e8 ("beta: Add support for secure-boot - see Readme.md") Signed-off-by: Wojtek Porczyk <woju@invisiblethingslab.com>
-
e.g. previously, ../../filename would generate ../.sig
-
Previously, relative paths would confuse the file name generation regex. With this change, only the final '.' character is matched as the beginning of the file extension.
-
Fix some minor shellcheck warnings
-
Delete the target file before attempting to replace it, sync before unmount and set the ownership to be that of the sudo user and not just root.
-
Add some more detail about the RSA signatures. Tweak update-pieeprom.sh so add a separate argument for the public key in order to make it easier to customize the script for hardware security modules.
-
This has fewer dependencies and avoids problems where the temporary disk image is automounted.
-
Initial BETA release for secure-boot. secure-boot adds two new sub-directory to usbboot: * secure-boot-recovery is used to create an EEPROM signed with the customer's RSA private key and configures the 2711 OTP settings permenantely require signed boot images. See secure-boot-recovery/README.md * Once secure-boot is enabled the CM4 MSD mode firmware must also be signed with the customer's RSA private key. See secure-boot-msd/README.md N.B The revoke_devkey and program_jtag_lock are NOT enabled in this initial BETA release.