1
0
mirror of https://github.com/RIOT-OS/RIOT.git synced 2025-01-17 10:52:44 +01:00
Commit Graph

10 Commits

Author SHA1 Message Date
Benjamin Valentin
765dd68753 makefiles/suit: use OpenSSL to generate key
Co-authored-by: Fabian Hüßler <fabian.huessler@ml-pa.com>
2024-09-12 21:54:00 +02:00
Benjamin Valentin
99285d3ec5 makefiles/suit: add support for multiple & encrypted signing key 2024-09-11 19:28:39 +02:00
Benjamin Valentin
fbf1cd16a6 makefiles/suit: store public keys
This makes it easier to work with encrypted keys and multiple keys.
The firmware binary can contain multiple public keys that are used
to verify the manifest.
The use case is that we want to include the production public key
in the debug build, so we can seamlessly update to the production
version without re-flashing the device.

If the public keys is always generated on the fly, this would still
require the production key password even for the debug build.

Instead if we store the (unencrypted) public key, we can always
include it in the debug build.
2024-09-11 17:57:59 +02:00
Benjamin Valentin
2a3c8bf8e3 makefiles/suit: allow multiple SUIT_SECs 2022-08-16 22:30:27 +02:00
Daniel Lockau
363cf8c546 makefiles/suit: avoid unwanted key creation trigger
This fixes a trigger of re-creation of an already existing SUIT
key when combining a build target with the clean target, e.g.
`make clean all`.
2022-07-20 12:35:33 +02:00
Benjamin Valentin
5e52d15409 makefiles/suit: place keys in $XDG_DATA_HOME
Placing the SUIT key in the RIOT repository folder is dangerous as
a repo checkout is by most people considered a volatile location.
Since all important files are stored in git, deleting the entire folder
or it's contents is not an uncommon cleanup operation.

If the user is at that point unaware that SUIT key material is stored
in that folder, that key will then be lost.

Another workflow may involve multiple checkouts of the RIOT repository
to multiple folders to work on several features at the same time, or for
easy cross-referencing or splitting of off features from an integration
into a feature branch.
In that case each checkout would use it's own incompatible SUIT key.

To avoid all these pitfalls, place the SUIT keys outside the RIOT
repository in the $XDG_DATA_HOME directory.
2022-06-02 13:07:17 +02:00
Benjamin Valentin
b3b8849f6b makefiles/suit: generate password-protected key file 2022-05-24 01:29:53 +02:00
Francisco Molina
22d012ff50 makefiles/suit*: use $(Q) to silence output 2021-09-01 08:57:13 +02:00
401f8eb9bd
dist/tools/suit: Update suit tooling to IETF-v7 compliance 2020-09-24 21:15:13 +02:00
413b91326f
tests/suit_v3_manifest: Add draft-ietf-v3 manifest parser test
Co-authored-by: Kaspar Schleiser <kaspar@schleiser.de>
2020-03-19 22:56:01 +01:00