diff mbox series

[isar-cip-core,RFC,v2,3/3] swupdate: Enable signed updates

Message ID 20230717105417.27761-4-Quirin.Gylstorff@siemens.com (mailing list archive)
State Accepted
Headers show
Series Enable signed Software Update Binaries | expand

Commit Message

Quirin Gylstorff July 17, 2023, 10:54 a.m. UTC 
From: Quirin Gylstorff <quirin.gylstorff@siemens.com>

With this change SWUpdate requires signed binaries to update
the system. An update without the correct signature will lead to the
following error message:
```
Error: SWUpdate is built for signed images, provide a public key file.
```

If unsigned binaries are wanted readd the Build option
```
DEB_BUILD_PROFILES += "pkg.swupdate.nosigning"
```
to a swupdate_%.bbappend recipe

Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
---
 kas/opt/swupdate.yml                                   | 2 ++
 recipes-core/customizations/files/swupdate.cfg         | 1 +
 recipes-core/images/swupdate.inc                       | 2 +-
 recipes-core/swupdate/swupdate_2021.11-1+debian-gbp.bb | 9 ++++++---
 recipes-core/swupdate/swupdate_2023.05.bb              | 8 ++++++--
 5 files changed, 16 insertions(+), 6 deletions(-)

Comments

Jan Kiszka Aug. 10, 2023, 11:31 a.m. UTC | #1 
On 17.07.23 12:54, Quirin Gylstorff wrote:
> From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
> 
> With this change SWUpdate requires signed binaries to update
> the system. An update without the correct signature will lead to the
> following error message:
> ```
> Error: SWUpdate is built for signed images, provide a public key file.
> ```
> 
> If unsigned binaries are wanted readd the Build option
> ```
> DEB_BUILD_PROFILES += "pkg.swupdate.nosigning"
> ```
> to a swupdate_%.bbappend recipe
> 
> Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
> ---
>  kas/opt/swupdate.yml                                   | 2 ++
>  recipes-core/customizations/files/swupdate.cfg         | 1 +
>  recipes-core/images/swupdate.inc                       | 2 +-
>  recipes-core/swupdate/swupdate_2021.11-1+debian-gbp.bb | 9 ++++++---
>  recipes-core/swupdate/swupdate_2023.05.bb              | 8 ++++++--
>  5 files changed, 16 insertions(+), 6 deletions(-)
> 
> diff --git a/kas/opt/swupdate.yml b/kas/opt/swupdate.yml
> index b0293ce..0e30e89 100644
> --- a/kas/opt/swupdate.yml
> +++ b/kas/opt/swupdate.yml
> @@ -28,3 +28,5 @@ local_conf_header:
>      INITRAMFS_INSTALL:append = " initramfs-squashfs-hook"
>      ABROOTFS_PART_UUID_A ?= "fedcba98-7654-3210-cafe-5e0710000001"
>      ABROOTFS_PART_UUID_B ?= "fedcba98-7654-3210-cafe-5e0710000002"
> +    PREFERRED_PROVIDER_swupdate-certificates-key ??= "swupdate-certificates-key-snakeoil"
> +    PREFERRED_PROVIDER_swupdate-certificates ??= "swupdate-certificates-snakeoil"

This needs to go into patch 2, right?

Jan

> diff --git a/recipes-core/customizations/files/swupdate.cfg b/recipes-core/customizations/files/swupdate.cfg
> index 9ee47c7..3e2b45c 100644
> --- a/recipes-core/customizations/files/swupdate.cfg
> +++ b/recipes-core/customizations/files/swupdate.cfg
> @@ -1,4 +1,5 @@
>  globals :
>  {
>      bootloader = "ebg";
> +    public-key-file = "/usr/share/swupdate-signing/swupdate-sign.crt"
>  };
> diff --git a/recipes-core/images/swupdate.inc b/recipes-core/images/swupdate.inc
> index 5d9cd58..4983f7c 100644
> --- a/recipes-core/images/swupdate.inc
> +++ b/recipes-core/images/swupdate.inc
> @@ -1,7 +1,7 @@
>  #
>  # CIP Core, generic profile
>  #
> -# Copyright (c) Siemens AG, 2020
> +# Copyright (c) Siemens AG, 2023
>  #
>  # Authors:
>  #  Quirin Gylstorff <quirin.gylstorff@siemens.com>
> diff --git a/recipes-core/swupdate/swupdate_2021.11-1+debian-gbp.bb b/recipes-core/swupdate/swupdate_2021.11-1+debian-gbp.bb
> index 2384f41..8f7a97d 100644
> --- a/recipes-core/swupdate/swupdate_2021.11-1+debian-gbp.bb
> +++ b/recipes-core/swupdate/swupdate_2021.11-1+debian-gbp.bb
> @@ -1,7 +1,7 @@
>  #
>  # CIP Core, generic profile
>  #
> -# Copyright (c) Siemens AG, 2021
> +# Copyright (c) Siemens AG, 2021-2023
>  #
>  # Authors:
>  #  Quirin Gylstorff <quirin.gylstorff@siemens.com>
> @@ -29,8 +29,11 @@ SRC_URI += "file://0001-debian-Remove-SWUpdate-USB-service-and-Udev-rules.patch
>  
>  # end patching for dm-verity based images
>  
> -# deactivate signing and hardware compability for simple a/b rootfs update
> -DEB_BUILD_PROFILES += "pkg.swupdate.nosigning"
> +# The option: "pkg.swupdate.nosigning" disables the required signing
> +# of update binaries
> +# DEB_BUILD_PROFILES += "pkg.swupdate.nosigning"
> +
> +# deactivate hardware compability for simple a/b rootfs update
>  DEB_BUILD_PROFILES += "pkg.swupdate.nohwcompat"
>  
>  # add cross build and deactivate testing for arm based builds
> diff --git a/recipes-core/swupdate/swupdate_2023.05.bb b/recipes-core/swupdate/swupdate_2023.05.bb
> index 26c0e67..762fac2 100644
> --- a/recipes-core/swupdate/swupdate_2023.05.bb
> +++ b/recipes-core/swupdate/swupdate_2023.05.bb
> @@ -31,8 +31,12 @@ SRC_URI += "file://0001-d-rules-Add-option-for-suricatta_lua.patch \
>              file://0003-d-patches-Add-patch-to-add-the-build-version-to-swup.patch \
>              file://0004-d-rules-Add-option-to-enable-suricatta_wfx.patch"
>  
> -# deactivate signing and hardware compability for simple a/b rootfs update
> -DEB_BUILD_PROFILES += "pkg.swupdate.nosigning"
> +
> +# The option: "pkg.swupdate.nosigning" disables the required signing
> +# of update binaries
> +# DEB_BUILD_PROFILES += "pkg.swupdate.nosigning"
> +
> +# deactivate hardware compability for simple a/b rootfs update
>  DEB_BUILD_PROFILES += "pkg.swupdate.nohwcompat"
>  
>  # suricatta wfx requires suricatta lua and the dependency
Quirin Gylstorff Aug. 10, 2023, 11:45 a.m. UTC | #2 
On 8/10/23 13:31, Jan Kiszka wrote:
> On 17.07.23 12:54, Quirin Gylstorff wrote:
>> From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
>>
>> With this change SWUpdate requires signed binaries to update
>> the system. An update without the correct signature will lead to the
>> following error message:
>> ```
>> Error: SWUpdate is built for signed images, provide a public key file.
>> ```
>>
>> If unsigned binaries are wanted readd the Build option
>> ```
>> DEB_BUILD_PROFILES += "pkg.swupdate.nosigning"
>> ```
>> to a swupdate_%.bbappend recipe
>>
>> Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
>> ---
>>   kas/opt/swupdate.yml                                   | 2 ++
>>   recipes-core/customizations/files/swupdate.cfg         | 1 +
>>   recipes-core/images/swupdate.inc                       | 2 +-
>>   recipes-core/swupdate/swupdate_2021.11-1+debian-gbp.bb | 9 ++++++---
>>   recipes-core/swupdate/swupdate_2023.05.bb              | 8 ++++++--
>>   5 files changed, 16 insertions(+), 6 deletions(-)
>>
>> diff --git a/kas/opt/swupdate.yml b/kas/opt/swupdate.yml
>> index b0293ce..0e30e89 100644
>> --- a/kas/opt/swupdate.yml
>> +++ b/kas/opt/swupdate.yml
>> @@ -28,3 +28,5 @@ local_conf_header:
>>       INITRAMFS_INSTALL:append = " initramfs-squashfs-hook"
>>       ABROOTFS_PART_UUID_A ?= "fedcba98-7654-3210-cafe-5e0710000001"
>>       ABROOTFS_PART_UUID_B ?= "fedcba98-7654-3210-cafe-5e0710000002"
>> +    PREFERRED_PROVIDER_swupdate-certificates-key ??= "swupdate-certificates-key-snakeoil"
>> +    PREFERRED_PROVIDER_swupdate-certificates ??= "swupdate-certificates-snakeoil"
> 
> This needs to go into patch 2, right?

It can go there. Only with this patch it has an impact on SWUpdate.

Should I send a v3?

Quirin

> 
> Jan
> 
>> diff --git a/recipes-core/customizations/files/swupdate.cfg b/recipes-core/customizations/files/swupdate.cfg
>> index 9ee47c7..3e2b45c 100644
>> --- a/recipes-core/customizations/files/swupdate.cfg
>> +++ b/recipes-core/customizations/files/swupdate.cfg
>> @@ -1,4 +1,5 @@
>>   globals :
>>   {
>>       bootloader = "ebg";
>> +    public-key-file = "/usr/share/swupdate-signing/swupdate-sign.crt"
>>   };
>> diff --git a/recipes-core/images/swupdate.inc b/recipes-core/images/swupdate.inc
>> index 5d9cd58..4983f7c 100644
>> --- a/recipes-core/images/swupdate.inc
>> +++ b/recipes-core/images/swupdate.inc
>> @@ -1,7 +1,7 @@
>>   #
>>   # CIP Core, generic profile
>>   #
>> -# Copyright (c) Siemens AG, 2020
>> +# Copyright (c) Siemens AG, 2023
>>   #
>>   # Authors:
>>   #  Quirin Gylstorff <quirin.gylstorff@siemens.com>
>> diff --git a/recipes-core/swupdate/swupdate_2021.11-1+debian-gbp.bb b/recipes-core/swupdate/swupdate_2021.11-1+debian-gbp.bb
>> index 2384f41..8f7a97d 100644
>> --- a/recipes-core/swupdate/swupdate_2021.11-1+debian-gbp.bb
>> +++ b/recipes-core/swupdate/swupdate_2021.11-1+debian-gbp.bb
>> @@ -1,7 +1,7 @@
>>   #
>>   # CIP Core, generic profile
>>   #
>> -# Copyright (c) Siemens AG, 2021
>> +# Copyright (c) Siemens AG, 2021-2023
>>   #
>>   # Authors:
>>   #  Quirin Gylstorff <quirin.gylstorff@siemens.com>
>> @@ -29,8 +29,11 @@ SRC_URI += "file://0001-debian-Remove-SWUpdate-USB-service-and-Udev-rules.patch
>>   
>>   # end patching for dm-verity based images
>>   
>> -# deactivate signing and hardware compability for simple a/b rootfs update
>> -DEB_BUILD_PROFILES += "pkg.swupdate.nosigning"
>> +# The option: "pkg.swupdate.nosigning" disables the required signing
>> +# of update binaries
>> +# DEB_BUILD_PROFILES += "pkg.swupdate.nosigning"
>> +
>> +# deactivate hardware compability for simple a/b rootfs update
>>   DEB_BUILD_PROFILES += "pkg.swupdate.nohwcompat"
>>   
>>   # add cross build and deactivate testing for arm based builds
>> diff --git a/recipes-core/swupdate/swupdate_2023.05.bb b/recipes-core/swupdate/swupdate_2023.05.bb
>> index 26c0e67..762fac2 100644
>> --- a/recipes-core/swupdate/swupdate_2023.05.bb
>> +++ b/recipes-core/swupdate/swupdate_2023.05.bb
>> @@ -31,8 +31,12 @@ SRC_URI += "file://0001-d-rules-Add-option-for-suricatta_lua.patch \
>>               file://0003-d-patches-Add-patch-to-add-the-build-version-to-swup.patch \
>>               file://0004-d-rules-Add-option-to-enable-suricatta_wfx.patch"
>>   
>> -# deactivate signing and hardware compability for simple a/b rootfs update
>> -DEB_BUILD_PROFILES += "pkg.swupdate.nosigning"
>> +
>> +# The option: "pkg.swupdate.nosigning" disables the required signing
>> +# of update binaries
>> +# DEB_BUILD_PROFILES += "pkg.swupdate.nosigning"
>> +
>> +# deactivate hardware compability for simple a/b rootfs update
>>   DEB_BUILD_PROFILES += "pkg.swupdate.nohwcompat"
>>   
>>   # suricatta wfx requires suricatta lua and the dependency
>
Jan Kiszka Aug. 10, 2023, 11:47 a.m. UTC | #3 
On 10.08.23 13:45, Gylstorff Quirin wrote:
> 
> 
> On 8/10/23 13:31, Jan Kiszka wrote:
>> On 17.07.23 12:54, Quirin Gylstorff wrote:
>>> From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
>>>
>>> With this change SWUpdate requires signed binaries to update
>>> the system. An update without the correct signature will lead to the
>>> following error message:
>>> ```
>>> Error: SWUpdate is built for signed images, provide a public key file.
>>> ```
>>>
>>> If unsigned binaries are wanted readd the Build option
>>> ```
>>> DEB_BUILD_PROFILES += "pkg.swupdate.nosigning"
>>> ```
>>> to a swupdate_%.bbappend recipe
>>>
>>> Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
>>> ---
>>>   kas/opt/swupdate.yml                                   | 2 ++
>>>   recipes-core/customizations/files/swupdate.cfg         | 1 +
>>>   recipes-core/images/swupdate.inc                       | 2 +-
>>>   recipes-core/swupdate/swupdate_2021.11-1+debian-gbp.bb | 9 ++++++---
>>>   recipes-core/swupdate/swupdate_2023.05.bb              | 8 ++++++--
>>>   5 files changed, 16 insertions(+), 6 deletions(-)
>>>
>>> diff --git a/kas/opt/swupdate.yml b/kas/opt/swupdate.yml
>>> index b0293ce..0e30e89 100644
>>> --- a/kas/opt/swupdate.yml
>>> +++ b/kas/opt/swupdate.yml
>>> @@ -28,3 +28,5 @@ local_conf_header:
>>>       INITRAMFS_INSTALL:append = " initramfs-squashfs-hook"
>>>       ABROOTFS_PART_UUID_A ?= "fedcba98-7654-3210-cafe-5e0710000001"
>>>       ABROOTFS_PART_UUID_B ?= "fedcba98-7654-3210-cafe-5e0710000002"
>>> +    PREFERRED_PROVIDER_swupdate-certificates-key ??=
>>> "swupdate-certificates-key-snakeoil"
>>> +    PREFERRED_PROVIDER_swupdate-certificates ??=
>>> "swupdate-certificates-snakeoil"
>>
>> This needs to go into patch 2, right?
> 
> It can go there. Only with this patch it has an impact on SWUpdate.
> 
> Should I send a v3?

Not needed, I've already moved the hunk while merging.

Jan
Jan Kiszka Aug. 10, 2023, 2:47 p.m. UTC | #4 
On 17.07.23 12:54, Quirin Gylstorff wrote:
> From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
> 
> With this change SWUpdate requires signed binaries to update
> the system. An update without the correct signature will lead to the
> following error message:
> ```
> Error: SWUpdate is built for signed images, provide a public key file.
> ```
> 

I ran a build with SWU_SIGNED unset, and the result rather gives

[TRACE] : SWUPDATE running :  [network_initializer] : Software update started
[WARN ] : SWUPDATE running :  [scan_mtd_devices] : MTD is not present on the target
[WARN ] : SWUPDATE running :  [mtd_init] : MTD is not present in the system
[WARN ] : SWUPDATE running :  [mtd_init] : cannot open libmtd
[TRACE] : SWUPDATE running :  [extract_file_to_tmp] : Found file
[TRACE] : SWUPDATE running :  [extract_file_to_tmp] :   filename sw-description
[TRACE] : SWUPDATE running :  [extract_file_to_tmp] :   size 1219
[TRACE] : SWUPDATE running :  [extract_file_to_tmp] : description file name not the first of the list: linux.efi instead of sw-description.sig
...
[ERROR] : SWUPDATE failed [1] Image invalid or corrupted. Not installing ...

Jan

> If unsigned binaries are wanted readd the Build option
> ```
> DEB_BUILD_PROFILES += "pkg.swupdate.nosigning"
> ```
> to a swupdate_%.bbappend recipe
> 
> Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
> ---
>  kas/opt/swupdate.yml                                   | 2 ++
>  recipes-core/customizations/files/swupdate.cfg         | 1 +
>  recipes-core/images/swupdate.inc                       | 2 +-
>  recipes-core/swupdate/swupdate_2021.11-1+debian-gbp.bb | 9 ++++++---
>  recipes-core/swupdate/swupdate_2023.05.bb              | 8 ++++++--
>  5 files changed, 16 insertions(+), 6 deletions(-)
> 
> diff --git a/kas/opt/swupdate.yml b/kas/opt/swupdate.yml
> index b0293ce..0e30e89 100644
> --- a/kas/opt/swupdate.yml
> +++ b/kas/opt/swupdate.yml
> @@ -28,3 +28,5 @@ local_conf_header:
>      INITRAMFS_INSTALL:append = " initramfs-squashfs-hook"
>      ABROOTFS_PART_UUID_A ?= "fedcba98-7654-3210-cafe-5e0710000001"
>      ABROOTFS_PART_UUID_B ?= "fedcba98-7654-3210-cafe-5e0710000002"
> +    PREFERRED_PROVIDER_swupdate-certificates-key ??= "swupdate-certificates-key-snakeoil"
> +    PREFERRED_PROVIDER_swupdate-certificates ??= "swupdate-certificates-snakeoil"
> diff --git a/recipes-core/customizations/files/swupdate.cfg b/recipes-core/customizations/files/swupdate.cfg
> index 9ee47c7..3e2b45c 100644
> --- a/recipes-core/customizations/files/swupdate.cfg
> +++ b/recipes-core/customizations/files/swupdate.cfg
> @@ -1,4 +1,5 @@
>  globals :
>  {
>      bootloader = "ebg";
> +    public-key-file = "/usr/share/swupdate-signing/swupdate-sign.crt"
>  };
> diff --git a/recipes-core/images/swupdate.inc b/recipes-core/images/swupdate.inc
> index 5d9cd58..4983f7c 100644
> --- a/recipes-core/images/swupdate.inc
> +++ b/recipes-core/images/swupdate.inc
> @@ -1,7 +1,7 @@
>  #
>  # CIP Core, generic profile
>  #
> -# Copyright (c) Siemens AG, 2020
> +# Copyright (c) Siemens AG, 2023
>  #
>  # Authors:
>  #  Quirin Gylstorff <quirin.gylstorff@siemens.com>
> diff --git a/recipes-core/swupdate/swupdate_2021.11-1+debian-gbp.bb b/recipes-core/swupdate/swupdate_2021.11-1+debian-gbp.bb
> index 2384f41..8f7a97d 100644
> --- a/recipes-core/swupdate/swupdate_2021.11-1+debian-gbp.bb
> +++ b/recipes-core/swupdate/swupdate_2021.11-1+debian-gbp.bb
> @@ -1,7 +1,7 @@
>  #
>  # CIP Core, generic profile
>  #
> -# Copyright (c) Siemens AG, 2021
> +# Copyright (c) Siemens AG, 2021-2023
>  #
>  # Authors:
>  #  Quirin Gylstorff <quirin.gylstorff@siemens.com>
> @@ -29,8 +29,11 @@ SRC_URI += "file://0001-debian-Remove-SWUpdate-USB-service-and-Udev-rules.patch
>  
>  # end patching for dm-verity based images
>  
> -# deactivate signing and hardware compability for simple a/b rootfs update
> -DEB_BUILD_PROFILES += "pkg.swupdate.nosigning"
> +# The option: "pkg.swupdate.nosigning" disables the required signing
> +# of update binaries
> +# DEB_BUILD_PROFILES += "pkg.swupdate.nosigning"
> +
> +# deactivate hardware compability for simple a/b rootfs update
>  DEB_BUILD_PROFILES += "pkg.swupdate.nohwcompat"
>  
>  # add cross build and deactivate testing for arm based builds
> diff --git a/recipes-core/swupdate/swupdate_2023.05.bb b/recipes-core/swupdate/swupdate_2023.05.bb
> index 26c0e67..762fac2 100644
> --- a/recipes-core/swupdate/swupdate_2023.05.bb
> +++ b/recipes-core/swupdate/swupdate_2023.05.bb
> @@ -31,8 +31,12 @@ SRC_URI += "file://0001-d-rules-Add-option-for-suricatta_lua.patch \
>              file://0003-d-patches-Add-patch-to-add-the-build-version-to-swup.patch \
>              file://0004-d-rules-Add-option-to-enable-suricatta_wfx.patch"
>  
> -# deactivate signing and hardware compability for simple a/b rootfs update
> -DEB_BUILD_PROFILES += "pkg.swupdate.nosigning"
> +
> +# The option: "pkg.swupdate.nosigning" disables the required signing
> +# of update binaries
> +# DEB_BUILD_PROFILES += "pkg.swupdate.nosigning"
> +
> +# deactivate hardware compability for simple a/b rootfs update
>  DEB_BUILD_PROFILES += "pkg.swupdate.nohwcompat"
>  
>  # suricatta wfx requires suricatta lua and the dependency
Quirin Gylstorff Aug. 10, 2023, 3:58 p.m. UTC | #5 
On 8/10/23 16:47, Jan Kiszka wrote:
> On 17.07.23 12:54, Quirin Gylstorff wrote:
>> From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
>>
>> With this change SWUpdate requires signed binaries to update
>> the system. An update without the correct signature will lead to the
>> following error message:
>> ```
>> Error: SWUpdate is built for signed images, provide a public key file.
>> ```
>>
> 
> I ran a build with SWU_SIGNED unset, and the result rather gives
> 
> [TRACE] : SWUPDATE running :  [network_initializer] : Software update started
> [WARN ] : SWUPDATE running :  [scan_mtd_devices] : MTD is not present on the target
> [WARN ] : SWUPDATE running :  [mtd_init] : MTD is not present in the system
> [WARN ] : SWUPDATE running :  [mtd_init] : cannot open libmtd
> [TRACE] : SWUPDATE running :  [extract_file_to_tmp] : Found file
> [TRACE] : SWUPDATE running :  [extract_file_to_tmp] :   filename sw-description
> [TRACE] : SWUPDATE running :  [extract_file_to_tmp] :   size 1219
> [TRACE] : SWUPDATE running :  [extract_file_to_tmp] : description file name not the first of the list: linux.efi instead of sw-description.sig
> ...
> [ERROR] : SWUPDATE failed [1] Image invalid or corrupted. Not installing ...
> 
I will look into it a send v3 if necessary.

Quirin

> 
>> If unsigned binaries are wanted readd the Build option
>> ```
>> DEB_BUILD_PROFILES += "pkg.swupdate.nosigning"
>> ```
>> to a swupdate_%.bbappend recipe
>>
>> Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
>> ---
>>   kas/opt/swupdate.yml                                   | 2 ++
>>   recipes-core/customizations/files/swupdate.cfg         | 1 +
>>   recipes-core/images/swupdate.inc                       | 2 +-
>>   recipes-core/swupdate/swupdate_2021.11-1+debian-gbp.bb | 9 ++++++---
>>   recipes-core/swupdate/swupdate_2023.05.bb              | 8 ++++++--
>>   5 files changed, 16 insertions(+), 6 deletions(-)
>>
>> diff --git a/kas/opt/swupdate.yml b/kas/opt/swupdate.yml
>> index b0293ce..0e30e89 100644
>> --- a/kas/opt/swupdate.yml
>> +++ b/kas/opt/swupdate.yml
>> @@ -28,3 +28,5 @@ local_conf_header:
>>       INITRAMFS_INSTALL:append = " initramfs-squashfs-hook"
>>       ABROOTFS_PART_UUID_A ?= "fedcba98-7654-3210-cafe-5e0710000001"
>>       ABROOTFS_PART_UUID_B ?= "fedcba98-7654-3210-cafe-5e0710000002"
>> +    PREFERRED_PROVIDER_swupdate-certificates-key ??= "swupdate-certificates-key-snakeoil"
>> +    PREFERRED_PROVIDER_swupdate-certificates ??= "swupdate-certificates-snakeoil"
>> diff --git a/recipes-core/customizations/files/swupdate.cfg b/recipes-core/customizations/files/swupdate.cfg
>> index 9ee47c7..3e2b45c 100644
>> --- a/recipes-core/customizations/files/swupdate.cfg
>> +++ b/recipes-core/customizations/files/swupdate.cfg
>> @@ -1,4 +1,5 @@
>>   globals :
>>   {
>>       bootloader = "ebg";
>> +    public-key-file = "/usr/share/swupdate-signing/swupdate-sign.crt"
>>   };
>> diff --git a/recipes-core/images/swupdate.inc b/recipes-core/images/swupdate.inc
>> index 5d9cd58..4983f7c 100644
>> --- a/recipes-core/images/swupdate.inc
>> +++ b/recipes-core/images/swupdate.inc
>> @@ -1,7 +1,7 @@
>>   #
>>   # CIP Core, generic profile
>>   #
>> -# Copyright (c) Siemens AG, 2020
>> +# Copyright (c) Siemens AG, 2023
>>   #
>>   # Authors:
>>   #  Quirin Gylstorff <quirin.gylstorff@siemens.com>
>> diff --git a/recipes-core/swupdate/swupdate_2021.11-1+debian-gbp.bb b/recipes-core/swupdate/swupdate_2021.11-1+debian-gbp.bb
>> index 2384f41..8f7a97d 100644
>> --- a/recipes-core/swupdate/swupdate_2021.11-1+debian-gbp.bb
>> +++ b/recipes-core/swupdate/swupdate_2021.11-1+debian-gbp.bb
>> @@ -1,7 +1,7 @@
>>   #
>>   # CIP Core, generic profile
>>   #
>> -# Copyright (c) Siemens AG, 2021
>> +# Copyright (c) Siemens AG, 2021-2023
>>   #
>>   # Authors:
>>   #  Quirin Gylstorff <quirin.gylstorff@siemens.com>
>> @@ -29,8 +29,11 @@ SRC_URI += "file://0001-debian-Remove-SWUpdate-USB-service-and-Udev-rules.patch
>>   
>>   # end patching for dm-verity based images
>>   
>> -# deactivate signing and hardware compability for simple a/b rootfs update
>> -DEB_BUILD_PROFILES += "pkg.swupdate.nosigning"
>> +# The option: "pkg.swupdate.nosigning" disables the required signing
>> +# of update binaries
>> +# DEB_BUILD_PROFILES += "pkg.swupdate.nosigning"
>> +
>> +# deactivate hardware compability for simple a/b rootfs update
>>   DEB_BUILD_PROFILES += "pkg.swupdate.nohwcompat"
>>   
>>   # add cross build and deactivate testing for arm based builds
>> diff --git a/recipes-core/swupdate/swupdate_2023.05.bb b/recipes-core/swupdate/swupdate_2023.05.bb
>> index 26c0e67..762fac2 100644
>> --- a/recipes-core/swupdate/swupdate_2023.05.bb
>> +++ b/recipes-core/swupdate/swupdate_2023.05.bb
>> @@ -31,8 +31,12 @@ SRC_URI += "file://0001-d-rules-Add-option-for-suricatta_lua.patch \
>>               file://0003-d-patches-Add-patch-to-add-the-build-version-to-swup.patch \
>>               file://0004-d-rules-Add-option-to-enable-suricatta_wfx.patch"
>>   
>> -# deactivate signing and hardware compability for simple a/b rootfs update
>> -DEB_BUILD_PROFILES += "pkg.swupdate.nosigning"
>> +
>> +# The option: "pkg.swupdate.nosigning" disables the required signing
>> +# of update binaries
>> +# DEB_BUILD_PROFILES += "pkg.swupdate.nosigning"
>> +
>> +# deactivate hardware compability for simple a/b rootfs update
>>   DEB_BUILD_PROFILES += "pkg.swupdate.nohwcompat"
>>   
>>   # suricatta wfx requires suricatta lua and the dependency
>
Jan Kiszka Aug. 10, 2023, 4:38 p.m. UTC | #6 
On 10.08.23 17:58, Gylstorff Quirin wrote:
> 
> 
> On 8/10/23 16:47, Jan Kiszka wrote:
>> On 17.07.23 12:54, Quirin Gylstorff wrote:
>>> From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
>>>
>>> With this change SWUpdate requires signed binaries to update
>>> the system. An update without the correct signature will lead to the
>>> following error message:
>>> ```
>>> Error: SWUpdate is built for signed images, provide a public key file.
>>> ```
>>>
>>
>> I ran a build with SWU_SIGNED unset, and the result rather gives
>>
>> [TRACE] : SWUPDATE running :  [network_initializer] : Software update
>> started
>> [WARN ] : SWUPDATE running :  [scan_mtd_devices] : MTD is not present
>> on the target
>> [WARN ] : SWUPDATE running :  [mtd_init] : MTD is not present in the
>> system
>> [WARN ] : SWUPDATE running :  [mtd_init] : cannot open libmtd
>> [TRACE] : SWUPDATE running :  [extract_file_to_tmp] : Found file
>> [TRACE] : SWUPDATE running :  [extract_file_to_tmp] :   filename
>> sw-description
>> [TRACE] : SWUPDATE running :  [extract_file_to_tmp] :   size 1219
>> [TRACE] : SWUPDATE running :  [extract_file_to_tmp] : description file
>> name not the first of the list: linux.efi instead of sw-description.sig
>> ...
>> [ERROR] : SWUPDATE failed [1] Image invalid or corrupted. Not
>> installing ...
>>
> I will look into it a send v3 if necessary.
> 

Otherwise, things seem to work fine. I would just like to understand if
that is also an expected outcome.

Jan
Quirin Gylstorff Aug. 10, 2023, 5:35 p.m. UTC | #7 
On 8/10/23 18:38, Jan Kiszka wrote:
> On 10.08.23 17:58, Gylstorff Quirin wrote:
>>
>>
>> On 8/10/23 16:47, Jan Kiszka wrote:
>>> On 17.07.23 12:54, Quirin Gylstorff wrote:
>>>> From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
>>>>
>>>> With this change SWUpdate requires signed binaries to update
>>>> the system. An update without the correct signature will lead to the
>>>> following error message:
>>>> ```
>>>> Error: SWUpdate is built for signed images, provide a public key file.
>>>> ```
>>>>
>>>
>>> I ran a build with SWU_SIGNED unset, and the result rather gives
>>>
>>> [TRACE] : SWUPDATE running :  [network_initializer] : Software update
>>> started
>>> [WARN ] : SWUPDATE running :  [scan_mtd_devices] : MTD is not present
>>> on the target
>>> [WARN ] : SWUPDATE running :  [mtd_init] : MTD is not present in the
>>> system
>>> [WARN ] : SWUPDATE running :  [mtd_init] : cannot open libmtd
>>> [TRACE] : SWUPDATE running :  [extract_file_to_tmp] : Found file
>>> [TRACE] : SWUPDATE running :  [extract_file_to_tmp] :   filename
>>> sw-description
>>> [TRACE] : SWUPDATE running :  [extract_file_to_tmp] :   size 1219
>>> [TRACE] : SWUPDATE running :  [extract_file_to_tmp] : description file
>>> name not the first of the list: linux.efi instead of sw-description.sig
>>> ...
>>> [ERROR] : SWUPDATE failed [1] Image invalid or corrupted. Not
>>> installing ...
>>>
>> I will look into it a send v3 if necessary.
>>
> 
> Otherwise, things seem to work fine. I would just like to understand if
> that is also an expected outcome.
> 
It is a ordering problem in the cpio. If I `cpio -t < 
cip-core-image-cip-core-bullseye-qemu-amd64.swu` this is the expected 
result:
```
sw-description
sw-description.sig
linux.efi
cip-core-image-cip-core-bullseye-qemu-amd64.verity
280835 blocks
```
Can you do that on the transferred file?

Quirin
Jan Kiszka Aug. 11, 2023, 4:58 a.m. UTC | #8 
On 10.08.23 19:35, Gylstorff Quirin wrote:
> 
> 
> On 8/10/23 18:38, Jan Kiszka wrote:
>> On 10.08.23 17:58, Gylstorff Quirin wrote:
>>>
>>>
>>> On 8/10/23 16:47, Jan Kiszka wrote:
>>>> On 17.07.23 12:54, Quirin Gylstorff wrote:
>>>>> From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
>>>>>
>>>>> With this change SWUpdate requires signed binaries to update
>>>>> the system. An update without the correct signature will lead to the
>>>>> following error message:
>>>>> ```
>>>>> Error: SWUpdate is built for signed images, provide a public key file.
>>>>> ```
>>>>>
>>>>
>>>> I ran a build with SWU_SIGNED unset, and the result rather gives
>>>>
>>>> [TRACE] : SWUPDATE running :  [network_initializer] : Software update
>>>> started
>>>> [WARN ] : SWUPDATE running :  [scan_mtd_devices] : MTD is not present
>>>> on the target
>>>> [WARN ] : SWUPDATE running :  [mtd_init] : MTD is not present in the
>>>> system
>>>> [WARN ] : SWUPDATE running :  [mtd_init] : cannot open libmtd
>>>> [TRACE] : SWUPDATE running :  [extract_file_to_tmp] : Found file
>>>> [TRACE] : SWUPDATE running :  [extract_file_to_tmp] :   filename
>>>> sw-description
>>>> [TRACE] : SWUPDATE running :  [extract_file_to_tmp] :   size 1219
>>>> [TRACE] : SWUPDATE running :  [extract_file_to_tmp] : description file
>>>> name not the first of the list: linux.efi instead of sw-description.sig
>>>> ...
>>>> [ERROR] : SWUPDATE failed [1] Image invalid or corrupted. Not
>>>> installing ...
>>>>
>>> I will look into it a send v3 if necessary.
>>>
>>
>> Otherwise, things seem to work fine. I would just like to understand if
>> that is also an expected outcome.
>>
> It is a ordering problem in the cpio. If I `cpio -t <
> cip-core-image-cip-core-bullseye-qemu-amd64.swu` this is the expected
> result:
> ```
> sw-description
> sw-description.sig
> linux.efi
> cip-core-image-cip-core-bullseye-qemu-amd64.verity
> 280835 blocks
> ```
> Can you do that on the transferred file?
> 

Without SWU_SIGNED, I get

sw-description
linux.efi
cip-core-image-cip-core-bookworm-qemu-amd64.squashfs
265849 blocks

SWUpdate seems to look for sw-description.sig on slot 2 but only finds
linux.efi. That makes it unhappy, but rather than saying "this swu is
not signed", it complains about running into the wrong file.

Jan
diff mbox series

Patch

diff --git a/kas/opt/swupdate.yml b/kas/opt/swupdate.yml
index b0293ce..0e30e89 100644
--- a/kas/opt/swupdate.yml
+++ b/kas/opt/swupdate.yml
@@ -28,3 +28,5 @@  local_conf_header:
     INITRAMFS_INSTALL:append = " initramfs-squashfs-hook"
     ABROOTFS_PART_UUID_A ?= "fedcba98-7654-3210-cafe-5e0710000001"
     ABROOTFS_PART_UUID_B ?= "fedcba98-7654-3210-cafe-5e0710000002"
+    PREFERRED_PROVIDER_swupdate-certificates-key ??= "swupdate-certificates-key-snakeoil"
+    PREFERRED_PROVIDER_swupdate-certificates ??= "swupdate-certificates-snakeoil"
diff --git a/recipes-core/customizations/files/swupdate.cfg b/recipes-core/customizations/files/swupdate.cfg
index 9ee47c7..3e2b45c 100644
--- a/recipes-core/customizations/files/swupdate.cfg
+++ b/recipes-core/customizations/files/swupdate.cfg
@@ -1,4 +1,5 @@ 
 globals :
 {
     bootloader = "ebg";
+    public-key-file = "/usr/share/swupdate-signing/swupdate-sign.crt"
 };
diff --git a/recipes-core/images/swupdate.inc b/recipes-core/images/swupdate.inc
index 5d9cd58..4983f7c 100644
--- a/recipes-core/images/swupdate.inc
+++ b/recipes-core/images/swupdate.inc
@@ -1,7 +1,7 @@ 
 #
 # CIP Core, generic profile
 #
-# Copyright (c) Siemens AG, 2020
+# Copyright (c) Siemens AG, 2023
 #
 # Authors:
 #  Quirin Gylstorff <quirin.gylstorff@siemens.com>
diff --git a/recipes-core/swupdate/swupdate_2021.11-1+debian-gbp.bb b/recipes-core/swupdate/swupdate_2021.11-1+debian-gbp.bb
index 2384f41..8f7a97d 100644
--- a/recipes-core/swupdate/swupdate_2021.11-1+debian-gbp.bb
+++ b/recipes-core/swupdate/swupdate_2021.11-1+debian-gbp.bb
@@ -1,7 +1,7 @@ 
 #
 # CIP Core, generic profile
 #
-# Copyright (c) Siemens AG, 2021
+# Copyright (c) Siemens AG, 2021-2023
 #
 # Authors:
 #  Quirin Gylstorff <quirin.gylstorff@siemens.com>
@@ -29,8 +29,11 @@  SRC_URI += "file://0001-debian-Remove-SWUpdate-USB-service-and-Udev-rules.patch
 
 # end patching for dm-verity based images
 
-# deactivate signing and hardware compability for simple a/b rootfs update
-DEB_BUILD_PROFILES += "pkg.swupdate.nosigning"
+# The option: "pkg.swupdate.nosigning" disables the required signing
+# of update binaries
+# DEB_BUILD_PROFILES += "pkg.swupdate.nosigning"
+
+# deactivate hardware compability for simple a/b rootfs update
 DEB_BUILD_PROFILES += "pkg.swupdate.nohwcompat"
 
 # add cross build and deactivate testing for arm based builds
diff --git a/recipes-core/swupdate/swupdate_2023.05.bb b/recipes-core/swupdate/swupdate_2023.05.bb
index 26c0e67..762fac2 100644
--- a/recipes-core/swupdate/swupdate_2023.05.bb
+++ b/recipes-core/swupdate/swupdate_2023.05.bb
@@ -31,8 +31,12 @@  SRC_URI += "file://0001-d-rules-Add-option-for-suricatta_lua.patch \
             file://0003-d-patches-Add-patch-to-add-the-build-version-to-swup.patch \
             file://0004-d-rules-Add-option-to-enable-suricatta_wfx.patch"
 
-# deactivate signing and hardware compability for simple a/b rootfs update
-DEB_BUILD_PROFILES += "pkg.swupdate.nosigning"
+
+# The option: "pkg.swupdate.nosigning" disables the required signing
+# of update binaries
+# DEB_BUILD_PROFILES += "pkg.swupdate.nosigning"
+
+# deactivate hardware compability for simple a/b rootfs update
 DEB_BUILD_PROFILES += "pkg.swupdate.nohwcompat"
 
 # suricatta wfx requires suricatta lua and the dependency