From c478689de09cf980ac1d43f675e152562d664c36 Mon Sep 17 00:00:00 2001 From: Peter Harper Date: Wed, 28 Feb 2024 20:15:43 +0000 Subject: [PATCH] Add new cacertder option Allows you to add a custom ca cert to an image. Note: This option is only relevant for newer (as yet unreleased) bootloader images that support custom CA certs and reserve a space for this in the flash image. --- rpi-eeprom-config | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/rpi-eeprom-config b/rpi-eeprom-config index 9c4f5f5..a4c768e 100755 --- a/rpi-eeprom-config +++ b/rpi-eeprom-config @@ -19,6 +19,7 @@ VALID_IMAGE_SIZES = [512 * 1024, 2 * 1024 * 1024] BOOTCONF_TXT = 'bootconf.txt' BOOTCONF_SIG = 'bootconf.sig' PUBKEY_BIN = 'pubkey.bin' +CACERT_DER = 'cacert.der' # Each section starts with a magic number followed by a 32 bit offset to the # next section (big-endian). @@ -515,6 +516,7 @@ See 'rpi-eeprom-update -h' for more information about the available EEPROM image parser.add_argument('-p', '--pubkey', help='Signed boot only. The name of the RSA public key file to store in the EEPROM', required=False) parser.add_argument('-x', '--extract', action='store_true', default=False, help='Extract the modifiable files (boot.conf, pubkey, signature)', required=False) parser.add_argument('-t', '--timestamp', help='Set the timestamp in the EEPROM image file', required=False) + parser.add_argument('--cacertder', help='The name of a CA Certificate DER encoded file to store in the EEPROM', required=False) parser.add_argument('eeprom', nargs='?', help='Name of EEPROM file to use as input') args = parser.parse_args() @@ -545,6 +547,8 @@ See 'rpi-eeprom-update -h' for more information about the available EEPROM image image.update_file(args.digest, BOOTCONF_SIG) if args.pubkey is not None: image.update_key(args.pubkey, PUBKEY_BIN) + if args.cacertder is not None: + image.update_file(args.cacertder, CACERT_DER) image.write() elif args.config is None and args.timestamp is not None: image.write()