image_signing: output pubkey in DER format

BRANCH=None BUG=chromium:718184 TEST=new imageloader works Change-Id: I430ed616954c820d3d1607eefd4f8e1c60863a8f Reviewed-on: https://chromium-review.googlesource.com/497914 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: Greg Kerr <kerrnel@chromium.org>
author: Mike Frysinger <vapier@chromium.org> 2017-05-05 17:04:26 -0400
committer: chrome-bot <chrome-bot@chromium.org> 2017-05-10 11:58:19 -0700
commit: 1aabe7111e6e71d48bb3d684880489f14b39b17e (patch)
tree: 76131ec8ba686fc0cff08371022b338f8f86a269
parent: 42f57403aee12cebfcf314d2f9fa9cd00cb5aae2 (diff)
download: vboot-1aabe7111e6e71d48bb3d684880489f14b39b17e.tar.gz
1 files changed, 6 insertions, 1 deletions
diff --git a/scripts/image_signing/insert_container_publickey.sh b/scripts/image_signing/insert_container_publickey.sh
index 8724e051..8cd60e4a 100755
--- a/scripts/image_signing/insert_container_publickey.sh
+++ b/scripts/image_signing/insert_container_publickey.sh
@@ -39,9 +39,14 @@ main() {
     mount_image_partition "${image}" 3 "${rootfs}"
   fi
 
+  # Imageloader likes DER as a runtime format as it's easier to read.
+  local tmpfile=$(mktemp)
+  trap "rm -f '${tmpfile}'" EXIT
+  openssl pkey -pubin -in "${pub_key}" -out "${tmpfile}" -pubout -outform DER
+
   sudo install \
     -D -o root -g root -m 644 \
-    "${pub_key}" "${rootfs}/${key_location}/oci-container-key-pub.pem"
+    "${tmpfile}" "${rootfs}/${key_location}/oci-container-key-pub.der"
   info "Container verification key was installed." \
        "Do not forget to resign the image!"
 }
author	Mike Frysinger <vapier@chromium.org>	2017-05-05 17:04:26 -0400
committer	chrome-bot <chrome-bot@chromium.org>	2017-05-10 11:58:19 -0700
commit	1aabe7111e6e71d48bb3d684880489f14b39b17e (patch)
tree	76131ec8ba686fc0cff08371022b338f8f86a269
parent	42f57403aee12cebfcf314d2f9fa9cd00cb5aae2 (diff)
download	vboot-1aabe7111e6e71d48bb3d684880489f14b39b17e.tar.gz