diff --git a/automated/linux/factory-reset/prepare-reset.sh b/automated/linux/factory-reset/prepare-reset.sh index 3290d978d..530e8808a 100755 --- a/automated/linux/factory-reset/prepare-reset.sh +++ b/automated/linux/factory-reset/prepare-reset.sh @@ -11,11 +11,14 @@ TYPE="factory_reset" ADDITIONAL_TYPE="" LABEL="" SOTA_CONFDIR="/etc/sota/conf.d" +HSM_MODULE="" usage() { echo "\ Usage: $0 [-t ] [-a ] + [-l ] + [-s ] -t factory_reset: Full reset, removes contents of /etc/ and /var/ @@ -26,14 +29,19 @@ usage() { -l Adds a label/tag to the [pacman] section of the toml. This forces aktualizr-lite to use the tag and avoids possible unintentional OTA update. + -s + Enables factory registration with HSM module. This option assumes using + pkcs#11 database. Works with FoundriesFactory. Requires support in + FoundriesFactory auto registration script. " } -while getopts "t:a:l:h" opts; do +while getopts "t:a:l:s:h" opts; do case "$opts" in t) TYPE="${OPTARG}";; a) ADDITIONAL_TYPE="${OPTARG}";; l) LABEL="${OPTARG}";; + s) HSM_MODULE="${OPTARG}";; h|*) usage ; exit 1 ;; esac done @@ -55,6 +63,11 @@ if [ -n "${LABEL}" ]; then echo "[pacman]" > "${SOTA_CONFDIR}"/z-99-aklite-tag.toml echo "tags = ${LABEL}" >> "${SOTA_CONFDIR}"/z-99-aklite-tag.toml fi +if [ -n "${HSM_MODULE}" ]; then + echo "HSM_MODULE=\"${HSM_MODULE}\"" > /etc/sota/hsm + echo "HSM_PIN=87654321" >> /etc/sota/hsm + echo "HSM_SOPIN=12345678" >> /etc/sota/hsm +fi # create signal files touch /var/sota/ota.signal touch /var/sota/ota.result @@ -87,6 +100,16 @@ if [ -f /var/sota/sql.db ]; then else report_fail "${TYPE}-device-registration" fi +if [ -n "${HSM_MODULE}" ]; then + if grep "${HSM_MODULE}" /var/sota/sota.toml; then + report_pass "${TYPE}-hsm-registration" + else + report_fail "${TYPE}-hsm-registration" + fi +else + report_skip "${TYPE}-hsm-registration" +fi + touch "/var/.${TYPE}" if [ -n "${ADDITIONAL_TYPE}" ]; then touch "/var/.${ADDITIONAL_TYPE}" diff --git a/automated/linux/factory-reset/prepare-reset.yaml b/automated/linux/factory-reset/prepare-reset.yaml index e2c5a62d9..d73966d1d 100644 --- a/automated/linux/factory-reset/prepare-reset.yaml +++ b/automated/linux/factory-reset/prepare-reset.yaml @@ -15,6 +15,9 @@ metadata: If higher priority type is present, lower priority type is ignored. + + Device can be registered with specifig tag using LABEL variable. + Device can be registered with HSM using HSM_MODULE variable. " maintainer: @@ -35,8 +38,9 @@ params: # TYPE and ADDITIONAL_TYPE ADDITIONAL_TYPE: "" LABEL: "" + HSM_MODULE: "" run: steps: - cd ./automated/linux/factory-reset - - ./prepare-reset.sh -t "${TYPE}" -a "${ADDITIONAL_TYPE}" -l "${LABEL}" + - ./prepare-reset.sh -t "${TYPE}" -a "${ADDITIONAL_TYPE}" -l "${LABEL}" -s "${HSM_MODULE}" - ../../utils/send-to-lava.sh ./output/result.txt diff --git a/automated/linux/ota-update/download-update.sh b/automated/linux/ota-update/download-update.sh index 1e422e39d..cdb0be52c 100755 --- a/automated/linux/ota-update/download-update.sh +++ b/automated/linux/ota-update/download-update.sh @@ -17,6 +17,7 @@ U_BOOT_VARIABLE_NAME="foobar" U_BOOT_VARIABLE_VALUE="baz" DEBUG="false" SOTA_CONFDIR="/etc/sota/conf.d" +HSM_MODULE="" usage() { echo "\ @@ -46,10 +47,11 @@ usage() { -w u-boot variable value. This is assigned to the variable set with -v flag. Default: baz -d Enables more debug messages. Default: false + -S Register device with HSM module. " } -while getopts "t:u:s:o:V:w:d:h" opts; do +while getopts "t:u:s:o:V:w:d:S:h" opts; do case "$opts" in t) TYPE="${OPTARG}";; u) UBOOT_VAR_TOOL="${OPTARG}";; @@ -57,6 +59,7 @@ while getopts "t:u:s:o:V:w:d:h" opts; do o) PACMAN_TYPE="${OPTARG}";; w) U_BOOT_VARIABLE_VALUE="${OPTARG}";; V) U_BOOT_VARIABLE_NAME="${OPTARG}";; + S) HSM_MODULE="${OPTARG}";; d) DEBUG="${OPTARG}";; h|*) usage ; exit 1 ;; esac @@ -97,6 +100,11 @@ cp z-99-aklite-disable-reboot.toml "${SOTA_CONFDIR}" if [ "${PACMAN_TYPE}" = "ostree" ]; then cp z-99-ostree.toml "${SOTA_CONFDIR}" fi +if [ -n "${HSM_MODULE}" ]; then + echo "HSM_MODULE=\"${HSM_MODULE}\"" > /etc/sota/hsm + echo "HSM_PIN=87654321" >> /etc/sota/hsm + echo "HSM_SOPIN=12345678" >> /etc/sota/hsm +fi report_pass "${TYPE}-create-aklite-callback" # create signal files touch /var/sota/ota.signal @@ -121,6 +129,16 @@ done # add some delay so aklite can setup variables sleep 5 +if [ -n "${HSM_MODULE}" ]; then + if grep "${HSM_MODULE}" /var/sota/sota.toml; then + report_pass "${TYPE}-hsm-registration" + else + report_fail "${TYPE}-hsm-registration" + fi +else + report_skip "${TYPE}-hsm-registration" +fi + # u-boot variables change when aklite starts (at least on some devices) # check u-boot variables to ensure we're on freshly flashed device bootcount_before_download=$(uboot_variable_value bootcount) diff --git a/automated/linux/ota-update/download-update.yaml b/automated/linux/ota-update/download-update.yaml index 863407184..acab09da7 100644 --- a/automated/linux/ota-update/download-update.yaml +++ b/automated/linux/ota-update/download-update.yaml @@ -25,8 +25,9 @@ params: UBOOT_VARIABLE_NAME: "foobar" UBOOT_VARIABLE_VALUE: "baz" DEBUG: "false" + HSM_MODULE: "" run: steps: - cd ./automated/linux/ota-update - - ./download-update.sh -t "${TYPE}" -u "${UBOOT_VAR_TOOL}" -s "${UBOOT_VAR_SET_TOOL}" -o "${PACMAN_TYPE}" -V "${UBOOT_VARIABLE_NAME}" -w "${UBOOT_VARIABLE_VALUE}" -d "${DEBUG}" + - ./download-update.sh -t "${TYPE}" -u "${UBOOT_VAR_TOOL}" -s "${UBOOT_VAR_SET_TOOL}" -o "${PACMAN_TYPE}" -V "${UBOOT_VARIABLE_NAME}" -w "${UBOOT_VARIABLE_VALUE}" -d "${DEBUG}" -S "${HSM_MODULE}" - ../../utils/send-to-lava.sh ./output/result.txt