Adding a Custom Signature
To verify the security and integrity of the compiled software package, you need to customize the signature of the software package by following the instructions provided in this section.
This section describes the procedure for adding a custom signature. The specific code varies.
The file path involved in the development example is {project_dir}/src/app/add_custom_define_cms_verify. The file directory structure is as follows:
├── cms_verify.c // Code for implementing the signature tool
├── CMakeLists.txt // CMake construction file
├── build_cms_verify.sh // Script file for generating the signature tool .so.
└── build_signature.sh // Script for generating the CMS signature file and CRL
└── replace_cms_so.sh // Script for replacing the signature tool
Procedure
The code examples involved in the following steps are for reference only. They implement no specific functions and cannot be directly used. You need to implement related code based on the operation procedure.
- Implement the code of the signature tool in cms_verify.c.
int prepareUpgradeImageCms(const char *pathname_cms, const char *pathname_crl, const char *pathname_tar) { // pathname_cms: absolute path of the signature file // pathname_crl: absolute path of the CRL // pathname_tar: absolute path of the file to be verified return 0; } - Implement the code for building CMake in CMakeLists.txt.
# Set the earliest CMake version. cmake_minimum_required(VERSION 3.16) # Cross compilation options if (CROSSCOMPILE_ENABLED) set(CMAKE_SYSTEM_NAME Linux) set(CMAKE_SYSTEM_PROCESSOR aarch64) set(target_arch aarch64-linux-gnu) set(CMAKE_C_COMPILER /usr/bin/aarch64-linux-gnu-gcc) set(CMAKE_CXX_COMPILER /usr/bin/aarch64-linux-gnu-g++) set(CMAKE_LIBRARY_ARCHITECTURE ${target_arch} CACHE STRING "" FORCE) set(CMAKE_FIND_ROOT_PATH_MODE_PROGRAM NEVER) set(CMAKE_FIND_ROOT_PATH_MODE_LIBRARY ONLY) set(CMAKE_FIND_ROOT_PATH_MODE_INCLUDE ONLY) set(CMAKE_FIND_ROOT_PATH_MODE_PACKAGE ONLY) endif() add_library(verify SHARED cms_verify.c) - Implement the code for generating the .so file of the signature tool in build_cms_verify.sh.
#!/bin/bash CUR_DIR=$(dirname "$(readlink -f "$0")") function main() { echo "build cms_verify lib..." if [ ! -d "${CUR_DIR}/build" ];then mkdir -p "${CUR_DIR}/build" else rm -rf "${CUR_DIR}/build"/* fi cd "${CUR_DIR}/build" # CMakeLists.txt must be run in the same directory as the sample script. # Note that this option must be enabled after the Arm64 compilation tool is installed in the x86 compilation environment. cmake -DCROSSCOMPILE_ENABLED=ON .. make echo "build cms_verify lib success" return 0 } main - Implement the code for generating the CMS signature file and CRL of the software package in build_signature.sh.
#!/bin/bash function signature() { # Generate a CMS signature file. echo "build cms file success" # Generate a CRL file. echo "build crl file success" } signature - In replace_cms_so.sh, replace the signature tool ({omsdk root directory}/lib/libverify.so) provided by the OM SDK software package with the signature tool (libverify.so) generated by you.
#!/bin/bash CUR_DIR=$(dirname "$(readlink -f "$0")") OMSDK_TAR_PATH="${CUR_DIR}/../../../platform/omsdk" # Directory where the OM SDK software package is decompressed function replace_cms_verify() { # Replace the signature tool (libverify.so) provided by the OM SDK with the signature tool (libverify.so) built by you. cp -f "${CUR_DIR}/build/libverify.so" "${OMSDK_TAR_PATH}/lib/libverify.so" cp -f "${CUR_DIR}/build/libverify.so" "${OMSDK_TAR_PATH}/software/RedfishServer/lib/c/libverify.so" } replace_cms_verify - Implement the compilation script for calling the custom signature in product_dir/build/build.sh.
# Add a custom signature tool. # For details about the implementation of build_cms_verify.sh and replace_cms_so.sh, see the corresponding sections. # PRODUCT_SCRIPT_PATH="{product_dir}/src/app" bash "${PRODUCT_SCRIPT_PATH}/add_custom_define_cms_verify/build_cms_verify.sh" bash "${PRODUCT_SCRIPT_PATH}/add_custom_define_cms_verify/replace_cms_so.sh"
Parent topic: Software Package Compilation