use habtool for executable signing

usbarmory · Mar 12, 2021 · 58d5c73 · 58d5c73
1 parent 982d5a7
commit 58d5c73
Showing 1 changed file with 13 additions and 19 deletions.
diff --git a/Makefile b/Makefile
@@ -17,7 +17,7 @@ SHELL = /bin/bash
 APP := armory-ums
 GOENV := GO_EXTLINK_ENABLED=0 CGO_ENABLED=0 GOOS=tamago GOARM=7 GOARCH=arm
 TEXT_START := 0x80010000 # ramStart (defined in imx6/imx6ul/memory.go) + 0x10000
-GOFLAGS := -tags linkramsize -ldflags "-s -w -T $(TEXT_START) -E _rt0_arm_tamago -R 0x1000 -X 'main.Build=${BUILD}' -X 'main.Revision=${REV}'"
+GOFLAGS := -tags linkramsize -trimpath -ldflags "-s -w -T $(TEXT_START) -E _rt0_arm_tamago -R 0x1000 -X 'main.Build=${BUILD}' -X 'main.Revision=${REV}'"
 
 .PHONY: clean
 
@@ -39,13 +39,6 @@ check_tamago:
 		exit 1; \
 	fi
 
-check_usbarmory_git:
-	@if [ "${USBARMORY_GIT}" == "" ]; then \
-		echo 'You need to set the USBARMORY_GIT variable to the path of a clone of'; \
-		echo '  https://github.com/f-secure-foundry/usbarmory'; \
-		exit 1; \
-	fi
-
 check_hab_keys:
 	@if [ "${HAB_KEYS}" == "" ]; then \
 		echo 'You need to set the HAB_KEYS variable to the path of secure boot keys'; \
@@ -86,15 +79,16 @@ $(APP).imx: $(APP).bin $(APP).dcd
 
 #### secure boot ####
 
-$(APP)-signed.imx: check_usbarmory_git check_hab_keys $(APP).imx
-	${USBARMORY_GIT}/software/secure_boot/usbarmory_csftool \
-		--csf_key ${HAB_KEYS}/CSF_1_key.pem \
-		--csf_crt ${HAB_KEYS}/CSF_1_crt.pem \
-		--img_key ${HAB_KEYS}/IMG_1_key.pem \
-		--img_crt ${HAB_KEYS}/IMG_1_crt.pem \
-		--table   ${HAB_KEYS}/SRK_1_2_3_4_table.bin \
-		--index   1 \
-		--serial \
-		--image   $(APP).imx \
-		--output  $(APP).csf && \
+$(APP)-signed.imx: check_hab_keys $(APP).imx
+	${TAMAGO} install github.com/f-secure-foundry/crucible/cmd/habtool@latest
+	$(shell ${TAMAGO} env GOPATH)/bin/habtool \
+		-A ${HAB_KEYS}/CSF_1_key.pem \
+		-a ${HAB_KEYS}/CSF_1_crt.pem \
+		-B ${HAB_KEYS}/IMG_1_key.pem \
+		-b ${HAB_KEYS}/IMG_1_crt.pem \
+		-t ${HAB_KEYS}/SRK_1_2_3_4_table.bin \
+		-x 1 \
+		-s \
+		-i $(APP).imx \
+		-o $(APP).csf && \
 	cat $(APP).imx $(APP).csf > $(APP)-signed.imx