[PATCH 4/6] k3img: handle PKCS#11 uris
Sascha Hauer
s.hauer at pengutronix.de
Thu Aug 14 03:46:52 PDT 2025
In case the keys passed to k3img are PKCS#11 uris we have to set the
keyform/engine options for openssl.
Signed-off-by: Sascha Hauer <s.hauer at pengutronix.de>
---
scripts/k3img | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/scripts/k3img b/scripts/k3img
index 4242c505d07513d915797a9b68faae9310506a0c..bd86a437898de7c3980b61bceffbd973d6b9f3d8 100755
--- a/scripts/k3img
+++ b/scripts/k3img
@@ -143,6 +143,10 @@ EndOfHereDocument
cat $ext_boot_info $components >> $certcfg
-openssl req -new -x509 -key $key -nodes -outform DER -out $cert -config $certcfg -sha512
+case $key in pkcs11:*)
+ PKCS11OPTS="-engine pkcs11 -keyform engine"
+esac
+
+openssl req ${PKCS11OPTS} -new -x509 -key "${key}" -nodes -outform DER -out "${cert}" -config "${certcfg}" -sha512
cat $cert $data > $out
--
2.39.5
More information about the barebox
mailing list