auracaster/beacon-buildroot
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

basic working buildroot - rauc example

Browse Source
This commit is contained in:
pstruebi
2026-03-04 16:36:09 +01:00
commit f9d514663d
43 changed files with 1709 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Config.in Normal file
View File

@@ -0,0 +1,2 @@
# Nothing to see here (yet)
#source "$BR2_EXTERNAL_BEACON_PATH/package/blah/Config.in"

99
agents.md Normal file
View File

@@ -0,0 +1,99 @@
# Beacon CM4 Agent Cheat Sheet
## Automated Flash (jumper bridged, fully scripted)
**One command** — bridge the EMMC_DISABLE jumper, then run from repo root:
```bash
cd ~/repos/buildroot-beacon
./beacon-buildroot/scripts/flash-cm4.sh
```
The script:
1. Builds `usbboot/rpiboot` from source if not already compiled
2. Runs `rpiboot -d mass-storage-gadget64` to expose eMMC over USB
3. Auto-detects the CM4 USB block device (~7.3 GiB)
4. Unmounts any auto-mounted partitions
5. Flashes `output/images/sdcard.img.xz` via `bmaptool` (sparse, fast)
6. Prints "Flash complete — remove jumper and power-cycle"
Override device explicitly if auto-detect picks wrong disk:
```bash
./beacon-buildroot/scripts/flash-cm4.sh /dev/sda
```
## UART Console (interactive)
UART probe on GPIO14 (TX) / GPIO15 (RX), 115200 baud:
```bash
picocom -b 115200 /dev/ttyUSB1
# or with log capture:
picocom -b 115200 --logfile /tmp/uart-$(date +%s).log /dev/ttyUSB1
```
Exit: `Ctrl-A Ctrl-X`
## UART Log Capture (non-interactive, agent-readable)
Use `socat` — truly headless, no terminal required, clean line endings:
```bash
# Start BEFORE power-cycling the CM4:
socat -u /dev/ttyUSB1,b115200,rawer,crnl OPEN:/tmp/uart-boot.log,creat,trunc &
# Stop capture after boot is done:
kill %1
# Read the log:
cat /tmp/uart-boot.log
```
**Notes**:
- `picocom` backgrounded with `&` gets stopped by job control (SIGTTOU) — do not use it headlessly
- `cat /dev/ttyUSB1` with `stty raw` produces garbled output — do not use it
## SSH Access
Login: `user` / `beacon` (root login disabled — use `sudo su -`)
```bash
# Find CM4 IP (DHCP, changes on reboot):
ip neigh show dev enp0s31f6 | grep e4:5f:01:e9:13:96
# SSH:
sshpass -p beacon ssh user@<cm4-ip>
```
**Note**: Dropbear has no sftp-server — `scp` does NOT work. Transfer files via stdin pipe:
```bash
sshpass -p beacon ssh user@<cm4-ip> 'sudo tee /upload/rootfs.raucb > /dev/null' < output/images/rootfs.raucb
```
## OTA Update (fully scripted from host)
```bash
CM4=10.11.0.xx # find via: ip neigh show dev enp0s31f6
# 1. Transfer bundle (~51 MB, ~5s on LAN):
sshpass -p beacon ssh user@$CM4 'sudo tee /upload/rootfs.raucb > /dev/null' \
< output/images/rootfs.raucb
# 2. Install:
sshpass -p beacon ssh user@$CM4 'rauc install /upload/rootfs.raucb'
# 3. Reboot into slot B:
sshpass -p beacon ssh user@$CM4 'sudo reboot'
# 4. After reboot (new IP — find again with ip neigh):
sshpass -p beacon ssh user@$CM4_NEW 'rauc status mark-good && rauc status'
```
**Note**: ports 8080 and 9090 are taken by other host services — do NOT use HTTP for OTA.
## RAUC Status
```bash
sshpass -p beacon ssh user@<cm4-ip> 'rauc status'
sudo fw_printenv | grep BOOT_
```
## Rescue Mode
Short GPIO4 (pin 7) to GND (pin 9) on 40-pin header during power-on.
## Secure Boot Provision (Milestone 2)
```bash
update-pieeprom.sh -k private.pem
rpiboot -d secure-boot-recovery
```
**rpi secure boot private key**: use `/buildroot-beacon/private.pem` — do NOT generate a fresh one. RAUC has its own key; keep both alongside each other.

15
board/beacon-cm4/busybox.fragment Normal file
View File

@@ -0,0 +1,15 @@
CONFIG_BLKDISCARD=Y
# CONFIG_WATCHDOG is not set
# CONFIG_MOUNT is not set
# CONFIG_KLOGD is not set
# CONFIG_FEATURE_KLOGD_KLOGCTL is not set
# CONFIG_SYSLOGD is not set
# CONFIG_FEATURE_ROTATE_LOGFILE is not set
# CONFIG_FEATURE_REMOTE_LOG is not set
# CONFIG_FEATURE_SYSLOGD_DUP is not set
# CONFIG_FEATURE_SYSLOGD_CFG is not set
# CONFIG_FEATURE_SYSLOGD_PRECISE_TIMESTAMPS is not set
CONFIG_FEATURE_SYSLOGD_READ_BUFFER_SIZE=0
# CONFIG_FEATURE_IPC_SYSLOG is not set
CONFIG_FEATURE_IPC_SYSLOG_BUFFER_SIZE=0
# CONFIG_FEATURE_KMSG_SYSLOG is not set

1
board/beacon-cm4/cmdline.txt Normal file
View File

@@ -0,0 +1 @@
root=/dev/mmcblk0p2 rootwait console=tty1 console=ttyAMA0,115200 fw_dtb net.ifnames=0

105
board/beacon-cm4/config_cm4.txt Normal file
View File

@@ -0,0 +1,105 @@
# For more options and information see
# http://rpf.io/configtxt
# Some settings may impact device functionality. See link above for details
# uncomment if you get no picture on HDMI for a default "safe" mode
#hdmi_safe=1
# uncomment the following to adjust overscan. Use positive numbers if console
# goes off screen, and negative if there is too much border
#overscan_left=16
#overscan_right=16
#overscan_top=16
#overscan_bottom=16
# uncomment to force a console size. By default it will be display's size minus
# overscan.
#framebuffer_width=1280
#framebuffer_height=720
# uncomment if hdmi display is not detected and composite is being output
#hdmi_force_hotplug=1
# uncomment to force a specific HDMI mode (this will force VGA)
#hdmi_group=1
#hdmi_mode=1
# uncomment to force a HDMI mode rather than DVI. This can make audio work in
# DMT (computer monitor) modes
#hdmi_drive=2
# uncomment to increase signal to HDMI, if you have interference, blanking, or
# no display
#config_hdmi_boost=4
# uncomment for composite PAL
#sdtv_mode=2
#uncomment to overclock the arm. 700 MHz is the default.
#arm_freq=800
# Uncomment some or all of these to enable the optional hardware interfaces
#dtparam=i2c_arm=on
#dtparam=i2s=on
#dtparam=spi=on
# Uncomment this to enable infrared communication.
#dtoverlay=gpio-ir,gpio_pin=17
#dtoverlay=gpio-ir-tx,gpio_pin=18
# Additional overlays and parameters are documented /boot/overlays/README
# Enable audio (loads snd_bcm2835)
dtparam=audio=on
# Automatically load overlays for detected cameras
camera_auto_detect=1
# Automatically load overlays for detected DSI displays
display_auto_detect=1
# Enable DRM VC4 V3D driver
dtoverlay=vc4-kms-v3d
max_framebuffers=2
# Disable compensation for displays with overscan
disable_overscan=1
[cm4]
# Enable host mode on the 2711 built-in XHCI USB controller.
# This line should be removed if the legacy DWC2 controller is required
# (e.g. for USB device mode) or if USB support is not required.
otg_mode=1
[all]
[pi4]
# Run as fast as firmware / board allows
arm_boost=1
[all]
# End of the default Raspberry Pi config.txt file from:
# https://github.com/RPi-Distro/pi-gen/blob/master/stage1/00-boot-files/files/config.txt
# Load U-Boot instead of Linux
kernel=u-boot.bin
# Enable 64-bit support
arm_64bit=1
# fixes rpi (3B, 3B+, 3A+, 4B and Zero W) ttyAMA0 serial console
dtoverlay=miniuart-bt
# Enable watchdog, system will reset if U-Boot and Linux do not boot within 16 seconds
# Requires fairly recent RPi Firmware:
# https://github.com/raspberrypi/firmware/issues/1651
# Comment this line if you expect to be able to use the U-Boot command prompt!
dtparam=watchdog
# GPIO 4 has a pull-up enabled at reset, but let's set it explicitly just to be sure
gpio=4=ip,pu
# Enable early debugging info
uart_2ndstage=1

4
board/beacon-cm4/dts/bcm2711-rpi-cm4.dts Normal file
View File

@@ -0,0 +1,4 @@
#include "../../../arm/boot/dts/bcm2711-rpi-cm4.dts"
#include "custom-cm4.dtsi"

65
board/beacon-cm4/dts/custom-cm4.dtsi Normal file
View File

@@ -0,0 +1,65 @@
/**********************************************************************/
/* WARNING: */
/* This file and the resulting dtb installed to the rootfs will be */
/* IGNORED unless you edit config.txt on the boot partition and */
/* remove the fw_dtb argument from cmdline.txt! */
/**********************************************************************/
/* miniuart-bt-overlay to fix serial console on CM4 */
&uart0 {
pinctrl-names = "default";
pinctrl-0 = <&uart0_pins>;
status = "okay";
};
&bt {
status = "disabled";
};
&uart1 {
pinctrl-names = "default";
pinctrl-0 = <&uart1_pins &bt_pins &fake_bt_cts>;
status = "okay";
};
&uart0_pins {
brcm,pins;
brcm,function;
brcm,pull;
};
&uart1_pins {
brcm,pins = <32 33>;
brcm,function = <2>; /* alt5=UART1 */
brcm,pull = <0 2>;
};
&gpio {
fake_bt_cts: fake_bt_cts {
brcm,pins = <31>;
brcm,function = <1>; /* output */
};
};
/ {
aliases {
serial0 = "/soc/serial@7e201000";
serial1 = "/soc/serial@7e215040";
};
__overrides__ {
krnbt = <&minibt>,"status";
};
};
/* otg_mode=1 */
&usb {
status = "disabled";
};
&xhci {
status = "okay";
};

17
board/beacon-cm4/genbootfs.cfg Normal file
View File

@@ -0,0 +1,17 @@
image boot.vfat {
vfat {
files = {
"bcm2711-rpi-cm4.dtb",
"custom/cmdline.txt",
"rpi-firmware/config.txt",
"rpi-firmware/fixup4.dat",
"rpi-firmware/start4.elf",
"rpi-firmware/overlays",
"u-boot.bin",
"boot.scr"
}
}
size = 256M
}

85
board/beacon-cm4/genimage.cfg Normal file
View File

@@ -0,0 +1,85 @@
image data.ext4 {
name = "Data"
mountpoint = /data
ext4 {
use-mke2fs = true
label = "Data"
features = "^64bit"
}
size = 128M
}
image upload.ext4 {
name = "Upload"
empty = true
ext4 {
use-mke2fs = true
label = "Upload"
features = "^64bit"
}
size = 900M
}
image sdcard.img {
hdimage {
partition-table-type = mbr
extended-partition = 4
}
partition ubootenv0 {
image = "uboot-env.bin"
in-partition-table = false
offset = 1M
}
partition ubootenv1 {
image = "uboot-env.bin"
in-partition-table = false
offset = 2M
}
partition boot0 {
partition-type = 0xC
bootable = true
image = "boot.vfat"
# Leave room for U-Boot environment
offset = 4M
}
partition boot1 {
image = "boot.vfat"
in-partition-table = false
# 256M + 4M
offset = 260M
}
partition rescue {
partition-type = 0x83
image = "rootfs.squashfs"
size = 256M
}
partition data {
partition-type = 0x83
image = "data.ext4"
size = 128M
}
partition rootfs0 {
partition-type = 0x83
image = "rootfs.ext4"
size = 900M
}
partition rootfs1 {
partition-type = 0x83
image = "rootfs.ext4"
size = 900M
}
partition upload {
partition-type = 0x83
image = "upload.ext4"
size = 900M
}
}

9
board/beacon-cm4/linux.fragment Normal file
View File

@@ -0,0 +1,9 @@
CONFIG_MD=y
CONFIG_BLK_DEV_DM=y
CONFIG_BLK_DEV_LOOP=y
CONFIG_DM_VERITY=y
CONFIG_SQUASHFS=y
CONFIG_CRYPTO_SHA256=y
CONFIG_DM_CRYPT=y
CONFIG_CRYPTO_AES=y
CONFIG_CRYPTO_XTS=y

65
board/beacon-cm4/post-build.sh Executable file
View File

@@ -0,0 +1,65 @@
#!/bin/sh
set -u
set -e
RAUC_COMPATIBLE="${2:-beacon-cm4}"
BOARD_DIR="$(dirname $0)"
BOARD_NAME="$(basename ${BOARD_DIR})"
# Pass VERSION as an environment variable (eg: export from a top-level Makefile)
# If VERSION is unset, fallback to the Buildroot version
RAUC_VERSION=${VERSION:-${BR2_VERSION_FULL}}
# Add a console on tty1
if [ -e ${TARGET_DIR}/etc/inittab ]; then
grep -qE '^tty1::' ${TARGET_DIR}/etc/inittab || \
sed -i '/GENERIC_SERIAL/a\
tty1::respawn:/sbin/getty -L tty1 0 vt100 # HDMI console' ${TARGET_DIR}/etc/inittab
# systemd doesn't use /etc/inittab, enable getty.tty1.service instead
elif [ -d ${TARGET_DIR}/etc/systemd ]; then
mkdir -p "${TARGET_DIR}/etc/systemd/system/getty.target.wants"
ln -sf /lib/systemd/system/getty@.service \
"${TARGET_DIR}/etc/systemd/system/getty.target.wants/getty@tty1.service"
fi
# Mount persistent data partitions
if [ -e ${TARGET_DIR}/etc/fstab ]; then
# For configuration data
# WARNING: data=journal is safest, but potentially slow!
grep -qE 'LABEL=Data' ${TARGET_DIR}/etc/fstab || \
echo "LABEL=Data /data ext4 defaults,data=journal,noatime 0 0" >> ${TARGET_DIR}/etc/fstab
# For bulk data (eg: firmware updates)
grep -qE 'LABEL=Upload' ${TARGET_DIR}/etc/fstab || \
echo "LABEL=Upload /upload ext4 defaults,noatime 0 0" >> ${TARGET_DIR}/etc/fstab
fi
# Copy custom cmdline.txt file
install -D -m 0644 ${BR2_EXTERNAL_BEACON_PATH}/board/beacon-cm4/cmdline.txt ${BINARIES_DIR}/custom/cmdline.txt
# Copy RAUC certificate
if [ -e ${BR2_EXTERNAL_BEACON_PATH}/openssl-ca/dev/ca.cert.pem ]; then
install -D -m 0644 ${BR2_EXTERNAL_BEACON_PATH}/openssl-ca/dev/ca.cert.pem ${TARGET_DIR}/etc/rauc/keyring.pem
else
echo "RAUC CA certificate not found!"
echo "...did you run the openssl-ca.sh script?"
exit 1
fi
# Update RAUC compatible string
sed -i "/compatible/s/=.*\$/=${RAUC_COMPATIBLE}/" ${TARGET_DIR}/etc/rauc/system.conf
# Create rauc version file
echo "${RAUC_VERSION}" > ${TARGET_DIR}/etc/rauc/version
# Customize login prompt with login hints
cat <<- EOF >> ${TARGET_DIR}/etc/issue
Default username:password is [user:beacon]
Root login disabled, use sudo su -
With great power comes great responsibility!
eth0: \4{eth0}
EOF

140
board/beacon-cm4/post-image.sh Executable file
View File

@@ -0,0 +1,140 @@
#!/bin/bash
set -e
BOARD_DIR="$(dirname $0)"
BOARD_NAME="$(basename ${BOARD_DIR})"
GENIMAGE_CFG="${BOARD_DIR}/genimage.cfg"
GENIMAGE_TMP="${BUILD_DIR}/genimage.tmp"
GENBOOTFS_CFG="${BOARD_DIR}/genbootfs.cfg"
RAUC_COMPATIBLE="${2:-beacon-cm4}"
# Pass VERSION as an environment variable (eg: export from a top-level Makefile)
# If VERSION is unset, fallback to the Buildroot version
RAUC_VERSION=${VERSION:-${BR2_VERSION_FULL}}
# Pass an empty rootpath. genimage makes a full copy of the given rootpath to
# ${GENIMAGE_TMP}/root so passing TARGET_DIR would be a waste of time and disk
# space. We don't rely on genimage to build the rootfs image, just to insert a
# pre-built one in the disk image.
trap 'rm -rf "${ROOTPATH_TMP}"' EXIT
ROOTPATH_TMP="$(mktemp -d)"
rm -rf "${GENIMAGE_TMP}"
# Generate the boot filesystem image
genimage \
--rootpath "${ROOTPATH_TMP}" \
--tmppath "${GENIMAGE_TMP}" \
--inputpath "${BINARIES_DIR}" \
--outputpath "${BINARIES_DIR}" \
--config "${GENBOOTFS_CFG}"
# Generate a RAUC update bundle for the full system (bootfs + rootfs)
[ -e ${BINARIES_DIR}/update.raucb ] && rm -rf ${BINARIES_DIR}/update.raucb
[ -e ${BINARIES_DIR}/temp-update ] && rm -rf ${BINARIES_DIR}/temp-update
mkdir -p ${BINARIES_DIR}/temp-update
cat >> ${BINARIES_DIR}/temp-update/manifest.raucm << EOF
[update]
compatible=${RAUC_COMPATIBLE}
version=${RAUC_VERSION}
[bundle]
format=verity
[image.bootloader]
filename=boot.vfat
[image.rootfs]
filename=rootfs.ext4
EOF
ln -L ${BINARIES_DIR}/boot.vfat ${BINARIES_DIR}/temp-update/
ln -L ${BINARIES_DIR}/rootfs.ext4 ${BINARIES_DIR}/temp-update/
${HOST_DIR}/bin/rauc bundle \
--cert ${BR2_EXTERNAL_BEACON_PATH}/openssl-ca/dev/development-1.cert.pem \
--key ${BR2_EXTERNAL_BEACON_PATH}/openssl-ca/dev/private/development-1.key.pem \
--keyring ${BR2_EXTERNAL_BEACON_PATH}/openssl-ca/dev/ca.cert.pem \
${BINARIES_DIR}/temp-update/ \
${BINARIES_DIR}/update.raucb
# Generate a RAUC update bundle for just the root filesystem
[ -e ${BINARIES_DIR}/rootfs.raucb ] && rm -rf ${BINARIES_DIR}/rootfs.raucb
[ -e ${BINARIES_DIR}/temp-rootfs ] && rm -rf ${BINARIES_DIR}/temp-rootfs
mkdir -p ${BINARIES_DIR}/temp-rootfs
cat >> ${BINARIES_DIR}/temp-rootfs/manifest.raucm << EOF
[update]
compatible=${RAUC_COMPATIBLE}
version=${RAUC_VERSION}
[bundle]
format=verity
[image.rootfs]
filename=rootfs.ext4
EOF
ln -L ${BINARIES_DIR}/rootfs.ext4 ${BINARIES_DIR}/temp-rootfs/
${HOST_DIR}/bin/rauc bundle \
--cert ${BR2_EXTERNAL_BEACON_PATH}/openssl-ca/dev/development-1.cert.pem \
--key ${BR2_EXTERNAL_BEACON_PATH}/openssl-ca/dev/private/development-1.key.pem \
--keyring ${BR2_EXTERNAL_BEACON_PATH}/openssl-ca/dev/ca.cert.pem \
${BINARIES_DIR}/temp-rootfs/ \
${BINARIES_DIR}/rootfs.raucb
# Parse update.raucb and generate initial rauc.status file
# FIXME: There is probably a MUCH better way to do this,
# suggestions welcome!
eval $(rauc --keyring ${BR2_EXTERNAL_BEACON_PATH}/openssl-ca/dev/ca.cert.pem --output-format=shell info ${BINARIES_DIR}/update.raucb)
cat > ${BINARIES_DIR}/rauc.status << EOF
[slot.rescue.0]
bundle.compatible=${RAUC_MF_COMPATIBLE}
bundle.version=${RAUC_MF_VERSION}
status=ok
[slot.${RAUC_IMAGE_CLASS_0}.0]
bundle.compatible=${RAUC_MF_COMPATIBLE}
bundle.version=${RAUC_MF_VERSION}
status=ok
sha256=${RAUC_IMAGE_DIGEST_0}
size=${RAUC_IMAGE_SIZE_0}
[slot.${RAUC_IMAGE_CLASS_1}.0]
bundle.compatible=${RAUC_MF_COMPATIBLE}
bundle.version=${RAUC_MF_VERSION}
status=ok
sha256=${RAUC_IMAGE_DIGEST_1}
size=${RAUC_IMAGE_SIZE_1}
[slot.${RAUC_IMAGE_CLASS_1}.1]
bundle.compatible=${RAUC_MF_COMPATIBLE}
bundle.version=${RAUC_MF_VERSION}
status=ok
sha256=${RAUC_IMAGE_DIGEST_1}
size=${RAUC_IMAGE_SIZE_1}
EOF
# Install rauc.status to genimage rootpath
install -D -m 0644 ${BINARIES_DIR}/rauc.status ${ROOTPATH_TMP}/data/rauc.status
# Generate the sdcard image
rm -rf "${GENIMAGE_TMP}"
genimage \
--rootpath "${ROOTPATH_TMP}" \
--tmppath "${GENIMAGE_TMP}" \
--inputpath "${BINARIES_DIR}" \
--outputpath "${BINARIES_DIR}" \
--config "${GENIMAGE_CFG}"
# Create a bmap file for the sdcard image
bmaptool create "${BINARIES_DIR}/sdcard.img" -o "${BINARIES_DIR}/sdcard.img.bmap"
# Compress the sdcard image
[ -e "${BINARIES_DIR}/sdcard.img.xz" ] && rm "${BINARIES_DIR}/sdcard.img.xz"
xz -v -T 0 "${BINARIES_DIR}/sdcard.img"

3
board/beacon-cm4/rootfs-overlay/boot/uEnv.txt Normal file
View File

@@ -0,0 +1,3 @@
bootargs_force=
bootargs_extra=

0
board/beacon-cm4/rootfs-overlay/data/.keep Normal file
View File

2
board/beacon-cm4/rootfs-overlay/etc/fw_env.config Normal file
View File

@@ -0,0 +1,2 @@
/dev/mmcblk0 0x100000 0x8000
/dev/mmcblk0 0x200000 0x8000

31
board/beacon-cm4/rootfs-overlay/etc/rauc/system.conf Normal file
View File

@@ -0,0 +1,31 @@
[system]
compatible=beacon-cm4
mountprefix=/run/rauc
statusfile=/data/rauc.status
bootloader=uboot
bundle-formats=-plain
[keyring]
path=/etc/rauc/keyring.pem
use-bundle-signing-time=true
[slot.bootloader.0]
device=/dev/mmcblk0
type=boot-mbr-switch
region-start=4M
region-size=512M
[slot.rescue.0]
device=/dev/mmcblk0p2
type=raw
[slot.rootfs.0]
device=/dev/mmcblk0p5
type=ext4
bootname=A
[slot.rootfs.1]
device=/dev/mmcblk0p6
type=ext4
bootname=B

1
board/beacon-cm4/rootfs-overlay/etc/sudoers.d/user Normal file
View File

@@ -0,0 +1 @@
user ALL=(ALL) NOPASSWD: ALL

6
board/beacon-cm4/rootfs-overlay/etc/systemd/system.conf.d/watchdog.conf Normal file
View File

@@ -0,0 +1,6 @@
[Manager]
RuntimeWatchdogSec=10
#RebootWatchdogSec=10min
#KExecWatchdogSec=off
#WatchdogDevice=

0
board/beacon-cm4/rootfs-overlay/upload/.keep Normal file
View File

8
board/beacon-cm4/u-boot.fragment Normal file
View File

@@ -0,0 +1,8 @@
CONFIG_ENV_OFFSET=0x100000
CONFIG_ENV_OFFSET_REDUND=0x200000
CONFIG_ENV_SIZE=0x8000
# CONFIG_ENV_IS_IN_FAT is not set
CONFIG_ENV_IS_IN_MMC=y
CONFIG_SYS_REDUNDAND_ENVIRONMENT=y
CONFIG_CMD_SQUASHFS=y
CONFIG_USB_XHCI_BRCM=y

114
board/beacon-cm4/u-boot_beacon.ush Normal file
View File

@@ -0,0 +1,114 @@
test -n "${BOOT_ORDER}" || setenv BOOT_ORDER "A B"
test -n "${BOOT_A_LEFT}" || setenv BOOT_A_LEFT 3
test -n "${BOOT_B_LEFT}" || setenv BOOT_B_LEFT 3
test -n "${bootargs_default}" || setenv bootargs_default coherent_pool=1M vc_mem.mem_base=0x3ec00000 vc_mem.mem_size=0x40000000 rootwait console=tty1 console=ttyAMA0,115200
test -n "${DTB_FILE}" || setenv DTB_FILE bcm2711-rpi-cm4.dtb
# RPi firmware uses a dynamic fdt_addr, but U-Boot does not use the fw
# provided address if fdt_addr is already defined in the environment!
# Copy fdt_addr to a local variable and delete the environment variable
# so it never gets accidentally saved:
fdt_addr=${fdt_addr}
env delete fdt_addr
# To boot from the rescue partition, tie GPIO4 (pin 7) to GND (pin 9)
# The gpio input command will return an exit status of 0 (true)
# If the pin is high (pulled up by default) the exit status is 1 (false)
if gpio input gpio4 ; then
# GPIO4 is shorted to ground so boot in rescue mode
echo "Booting from rescue partition"
setenv load_uenv "load mmc 0:2 ${kernel_addr_r} /boot/uEnv.txt"
setenv load_fdt "load mmc 0:2 ${fdt_addr_r} /boot/${DTB_FILE}"
setenv load_kernel "load mmc 0:2 ${kernel_addr_r} /boot/Image"
raucargs="root=/dev/mmcblk0p2"
rescue=true
else
raucargs=unset
for BOOT_SLOT in "${BOOT_ORDER}"; do
if test "x${raucargs}" != "xunset"; then
# skip remaining slots
elif test "x${BOOT_SLOT}" = "xA"; then
if test ${BOOT_A_LEFT} -gt 0; then
echo "Found valid slot A, ${BOOT_A_LEFT} attempts remaining"
setexpr BOOT_A_LEFT ${BOOT_A_LEFT} - 1
setenv load_uenv "load mmc 0:5 ${kernel_addr_r} /boot/uEnv.txt"
setenv load_fdt "load mmc 0:5 ${fdt_addr_r} /boot/${DTB_FILE}"
setenv load_kernel "load mmc 0:5 ${kernel_addr_r} /boot/Image"
raucargs="root=/dev/mmcblk0p5 rauc.slot=A"
fi
elif test "x${BOOT_SLOT}" = "xB"; then
if test ${BOOT_B_LEFT} -gt 0; then
echo "Found valid slot B, ${BOOT_B_LEFT} attempts remaining"
setexpr BOOT_B_LEFT ${BOOT_B_LEFT} - 1
setenv load_uenv "load mmc 0:6 ${kernel_addr_r} /boot/uEnv.txt"
setenv load_fdt "load mmc 0:6 ${fdt_addr_r} /boot/${DTB_FILE}"
setenv load_kernel "load mmc 0:6 ${kernel_addr_r} /boot/Image"
raucargs="root=/dev/mmcblk0p6 rauc.slot=B"
fi
fi
done
fi
if test "x${raucargs}" = "xunset"; then
echo "No valid slot found, resetting tries to 3"
setenv BOOT_A_LEFT 3
setenv BOOT_B_LEFT 3
saveenv
reset
fi
# Examine the fdt loaded by the firmware
# Pass fw_dtb to use the dtb loaded by the firmware
fdt_live=unset
fdt addr ${fdt_addr}
fdt get value bootargs_fw /chosen bootargs
for arg in ${bootargs_fw} ; do
if test "x${arg}" = "xfw_dtb" ; then
fdt_live=${fdt_addr}
fi
done
# Save bootargs_fw in a local variable for later use
bootargs_fw=${bootargs_fw}
env del bootargs_fw
if test "x${rescue}" = "xtrue" -o "x${fdt_live}" = "xunset"; then
# Using device-tree from rootfs
# Check to see if we have any customizations in a uEnv.txt file
env del bootargs_force bootargs_extra
echo "Checking for /boot/uEnv.txt"
if run load_uenv ; then
echo "Importing uEnv.txt"
env import -t -r ${fileaddr} ${filesize}
fi
# Load our actual device-tree file
echo "Loading device-tree"
run load_fdt
# Point to run-time device-tree
fdt_live=${fdt_addr_r}
# Setup kernel parameters
if test -n "${bootargs_force}" ; then
setenv bootargs "${bootargs_force} ${raucargs}"
else
setenv bootargs "${bootargs_default} ${bootargs_extra} ${raucargs}"
fi
else
# Using FW provided device-tree
# Append rauc boot arguments to FW generated command line
# This setting will override /chosen/bootargs in the device-tree
echo "Using firmware device-tree"
setenv bootargs "${bootargs_fw} ${raucargs}"
fi
# Store updated boot state...
# ...above code should have modified BOOT_(AB)_LEFT and bootargs
saveenv
echo "Loading kernel"
run load_kernel
echo "Starting kernel"
booti ${kernel_addr_r} - ${fdt_live}

2
board/beacon-cm4/users Normal file
View File

@@ -0,0 +1,2 @@
user 1000 user 1000 $6$XUtVBGdpmufH8R2H$olowG.5WTG7pEth5D..PyeKEmAze3SM9.I6Raf9k.OfS0OiS0wxbdOBJH.BgklLEKWH6REmXRUGyDylyWfDmg/ /home/user /bin/sh adm,audio,cdrom,dialout,floppy,plugdev,staff,sudo,video Default user

62
configs/beacon_cm4_rauc_defconfig Normal file
View File

@@ -0,0 +1,62 @@
BR2_aarch64=y
BR2_cortex_a72=y
BR2_GLOBAL_PATCH_DIR="$(BR2_EXTERNAL_BEACON_PATH)/patches"
BR2_TOOLCHAIN_BUILDROOT_GLIBC=y
BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_6_6=y
BR2_TOOLCHAIN_BUILDROOT_CXX=y
BR2_GCC_ENABLE_LTO=y
BR2_TARGET_GENERIC_HOSTNAME="beacon"
BR2_TARGET_GENERIC_ISSUE="Welcome to Beacon Buildroot+RAUC"
BR2_INIT_SYSTEMD=y
# BR2_TARGET_ENABLE_ROOT_LOGIN is not set
# BR2_TARGET_GENERIC_REMOUNT_ROOTFS_RW is not set
BR2_SYSTEM_DHCP="eth0"
BR2_SYSTEM_DEFAULT_PATH="/bin:/sbin:/usr/bin:/usr/sbin"
BR2_ROOTFS_USERS_TABLES="$(BR2_EXTERNAL_BEACON_PATH)/board/beacon-cm4/users"
BR2_ROOTFS_OVERLAY="$(BR2_EXTERNAL_BEACON_PATH)/board/beacon-cm4/rootfs-overlay"
BR2_ROOTFS_POST_BUILD_SCRIPT="$(BR2_EXTERNAL_BEACON_PATH)/board/beacon-cm4/post-build.sh"
BR2_ROOTFS_POST_IMAGE_SCRIPT="$(BR2_EXTERNAL_BEACON_PATH)/board/beacon-cm4/post-image.sh"
BR2_LINUX_KERNEL=y
BR2_LINUX_KERNEL_CUSTOM_GIT=y
BR2_LINUX_KERNEL_CUSTOM_REPO_URL="https://github.com/raspberrypi/linux"
BR2_LINUX_KERNEL_CUSTOM_REPO_VERSION="rpi-6.6.y"
BR2_LINUX_KERNEL_DEFCONFIG="bcm2711"
BR2_LINUX_KERNEL_CONFIG_FRAGMENT_FILES="$(BR2_EXTERNAL_BEACON_PATH)/board/beacon-cm4/linux.fragment"
BR2_LINUX_KERNEL_DTS_SUPPORT=y
BR2_LINUX_KERNEL_INTREE_DTS_NAME="broadcom/bcm2711-rpi-cm4"
BR2_LINUX_KERNEL_INSTALL_TARGET=y
BR2_LINUX_KERNEL_NEEDS_HOST_OPENSSL=y
BR2_PACKAGE_BUSYBOX_CONFIG_FRAGMENT_FILES="$(BR2_EXTERNAL_BEACON_PATH)/board/beacon-cm4/busybox.fragment"
BR2_PACKAGE_RPI_FIRMWARE=y
BR2_PACKAGE_RPI_FIRMWARE_VARIANT_PI4=y
BR2_PACKAGE_RPI_FIRMWARE_VARIANT_PI4_X=y
BR2_PACKAGE_RPI_FIRMWARE_CONFIG_FILE="$(BR2_EXTERNAL_BEACON_PATH)/board/beacon-cm4/config_cm4.txt"
BR2_PACKAGE_DTC=y
BR2_PACKAGE_DTC_PROGRAMS=y
BR2_PACKAGE_SUDO=y
BR2_PACKAGE_RAUC=y
BR2_PACKAGE_RAUC_DBUS=y
BR2_PACKAGE_RAUC_NETWORK=y
BR2_PACKAGE_RAUC_JSON=y
BR2_PACKAGE_DROPBEAR=y
BR2_PACKAGE_CRYPTSETUP=y
BR2_PACKAGE_UTIL_LINUX_WDCTL=y
BR2_TARGET_ROOTFS_EXT2=y
BR2_TARGET_ROOTFS_EXT2_4=y
BR2_TARGET_ROOTFS_EXT2_SIZE="250M"
BR2_TARGET_ROOTFS_SQUASHFS=y
# BR2_TARGET_ROOTFS_TAR is not set
BR2_TARGET_UBOOT=y
BR2_TARGET_UBOOT_BOARD_DEFCONFIG="rpi_arm64"
BR2_TARGET_UBOOT_CONFIG_FRAGMENT_FILES="$(BR2_EXTERNAL_BEACON_PATH)/board/beacon-cm4/u-boot.fragment"
BR2_PACKAGE_HOST_DOSFSTOOLS=y
BR2_PACKAGE_HOST_ENVIRONMENT_SETUP=y
BR2_PACKAGE_HOST_GENIMAGE=y
BR2_PACKAGE_HOST_MTOOLS=y
BR2_PACKAGE_HOST_RAUC=y
BR2_PACKAGE_HOST_UBOOT_TOOLS=y
BR2_PACKAGE_HOST_UBOOT_TOOLS_ENVIMAGE=y
BR2_PACKAGE_HOST_UBOOT_TOOLS_ENVIMAGE_SIZE="0x8000"
BR2_PACKAGE_HOST_UBOOT_TOOLS_ENVIMAGE_REDUNDANT=y
BR2_PACKAGE_HOST_UBOOT_TOOLS_BOOT_SCRIPT=y
BR2_PACKAGE_HOST_UBOOT_TOOLS_BOOT_SCRIPT_SOURCE="$(BR2_EXTERNAL_BEACON_PATH)/board/beacon-cm4/u-boot_beacon.ush"

2
external.desc Normal file
View File

@@ -0,0 +1,2 @@
name: BEACON
desc: Beacon Buildroot + RAUC for RPi CM4

1
external.mk Normal file
View File

@@ -0,0 +1 @@
include $(sort $(wildcard $(BR2_EXTERNAL_BEACON_PATH)/package/*/*.mk))

93
openssl-ca.sh Executable file
View File

@@ -0,0 +1,93 @@
#!/bin/bash
set -xe
ORG="${1:-Test Org}"
CA="${2:-rauc CA}"
# After the CRL expires, signatures cannot be verified anymore
CRL="-crldays 5000"
BASE="$(pwd)/openssl-ca"
if [ -e $BASE ]; then
echo "$BASE already exists"
exit 1
fi
mkdir -p $BASE/dev/{private,certs}
touch $BASE/dev/index.txt
echo 01 > $BASE/dev/serial
cat > $BASE/openssl.cnf <<EOF
[ ca ]
default_ca = CA_default # The default ca section
[ CA_default ]
dir = . # top dir
database = \$dir/index.txt # index file.
new_certs_dir = \$dir/certs # new certs dir
certificate = \$dir/ca.cert.pem # The CA cert
serial = \$dir/serial # serial no file
private_key = \$dir/private/ca.key.pem# CA private key
RANDFILE = \$dir/private/.rand # random number file
default_startdate = 19700101000000Z
default_enddate = 99991231235959Z
default_crl_days= 30 # how long before next CRL
default_md = sha256 # md to use
policy = policy_any # default policy
email_in_dn = no # Don't add the email into cert DN
name_opt = ca_default # Subject name display option
cert_opt = ca_default # Certificate display option
copy_extensions = none # Don't copy extensions from request
[ policy_any ]
organizationName = match
commonName = supplied
[ req ]
default_bits = 2048
distinguished_name = req_distinguished_name
x509_extensions = v3_leaf
encrypt_key = no
default_md = sha256
[ req_distinguished_name ]
commonName = Common Name (eg, YOUR name)
commonName_max = 64
[ v3_ca ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints = CA:TRUE
[ v3_inter ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints = CA:TRUE,pathlen:0
[ v3_leaf ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints = CA:FALSE
EOF
export OPENSSL_CONF=$BASE/openssl.cnf
echo "Development CA"
cd $BASE/dev
openssl req -newkey rsa:4096 -keyout private/ca.key.pem -out ca.csr.pem -subj "/O=$ORG/CN=$ORG $CA Development"
openssl ca -batch -selfsign -extensions v3_ca -in ca.csr.pem -out ca.cert.pem -keyfile private/ca.key.pem
echo "Development Signing Keys 1"
cd $BASE/dev
openssl req -newkey rsa:4096 -keyout private/development-1.key.pem -out development-1.csr.pem -subj "/O=$ORG/CN=$ORG Development-1"
openssl ca -batch -extensions v3_leaf -in development-1.csr.pem -out development-1.cert.pem

122
openssl-ca/dev/ca.cert.pem Normal file
View File

@@ -0,0 +1,122 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: O=Test Org, CN=Test Org rauc CA Development
Validity
Not Before: Jan 1 00:00:00 1970 GMT
Not After : Dec 31 23:59:59 9999 GMT
Subject: O=Test Org, CN=Test Org rauc CA Development
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:93:a5:f9:78:b0:1c:ef:7c:2e:74:d1:59:ea:a7:
ff:de:64:ea:c7:28:6f:b6:da:bb:f2:e3:0f:01:61:
4f:dd:e5:ba:d1:a4:2f:b7:f1:5e:13:d6:9d:a4:ff:
4e:b5:d3:be:13:42:26:08:aa:2a:3b:b0:f5:86:6a:
f7:30:0e:81:8d:57:40:8b:77:72:46:cb:4b:12:22:
92:4f:13:86:93:6b:16:b5:8b:6a:eb:f9:28:cf:4b:
68:f7:63:72:61:79:88:e1:5d:2a:d2:86:5a:1d:11:
2a:03:b6:5f:54:d9:a9:7b:c2:ee:64:d6:55:52:12:
b3:92:46:2d:67:05:ab:e8:54:c6:a1:63:f9:57:c4:
82:5e:fe:a4:fa:55:68:45:ff:31:9c:9a:63:26:39:
17:15:56:18:49:3d:8d:c7:c3:f5:ee:b2:b4:73:ef:
2c:9b:8a:95:11:bd:a6:4a:87:28:fc:55:be:8f:01:
68:cb:0a:24:7c:b9:a5:5c:d8:3c:96:32:44:0f:13:
de:4d:83:9e:3e:8e:9b:7d:a6:27:4b:c0:39:4e:0f:
23:84:79:fb:c7:30:96:11:6a:2c:5a:d7:53:a7:ba:
68:e4:2b:4d:db:a9:a1:c6:58:94:eb:a8:2c:6d:43:
5a:20:88:28:35:14:17:ad:da:eb:a6:3e:82:4a:65:
dd:2e:fd:8d:72:c0:81:62:45:e1:40:2b:19:8c:56:
98:f7:4c:57:14:bb:18:42:3a:37:c9:d0:19:fd:25:
0f:ca:3c:df:09:77:7c:01:28:02:a3:a6:9e:92:81:
e0:1c:3f:c2:c2:a5:36:12:c3:4e:28:8d:82:af:21:
e2:e6:6f:e4:96:60:10:5e:71:a1:41:e2:5c:92:ef:
84:18:c9:6a:f6:82:79:a2:c8:0c:a6:d0:a2:85:a6:
42:3e:54:b7:fd:91:84:7b:bb:7e:89:69:1c:39:68:
bb:df:f9:f3:16:14:9c:7a:82:50:c3:6c:00:0d:61:
6f:9a:c6:01:89:61:0c:cd:47:e2:b4:63:43:3a:1e:
56:9c:2f:d4:35:87:01:ca:87:8b:d0:ce:b5:3e:fa:
68:4b:c1:3b:ba:af:e0:20:07:a4:3a:54:b3:47:2e:
72:e3:0e:a9:78:60:0e:7f:41:b9:bb:0d:b8:01:4c:
11:e4:aa:4b:7f:1f:45:fc:5a:57:cb:10:99:22:33:
60:8a:60:95:85:fd:77:ff:1f:19:1e:83:e6:a3:cd:
25:41:51:19:7b:8b:d3:75:75:f4:77:d2:17:25:47:
27:50:4c:bb:61:85:25:f5:a9:a7:4e:94:fa:24:1a:
12:fb:9c:69:da:7a:9f:0f:cd:db:30:72:16:d8:49:
6d:c0:ed
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1E:A9:92:E5:32:88:88:27:75:82:6B:7F:C0:63:8F:A2:F9:09:6B:E2
X509v3 Authority Key Identifier:
keyid:1E:A9:92:E5:32:88:88:27:75:82:6B:7F:C0:63:8F:A2:F9:09:6B:E2
DirName:/O=Test Org/CN=Test Org rauc CA Development
serial:01
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
47:91:cb:4d:2f:19:20:96:65:2b:54:05:15:07:02:46:f0:33:
6f:84:e8:fc:32:04:43:5a:5a:90:3c:64:8b:8a:4e:19:73:ac:
11:62:79:93:d5:c3:61:c9:88:16:d6:84:f1:9c:ed:09:6c:55:
0b:ba:2d:a6:a6:bf:42:e3:6c:c4:90:69:43:22:aa:9d:6d:26:
a9:96:3f:9e:93:61:c4:ab:74:e1:0f:c9:30:1d:fa:2f:21:18:
a2:75:da:74:7c:48:40:4c:21:2d:42:a6:ba:2c:6a:d5:26:09:
6f:6a:84:71:a7:47:dd:a6:87:b2:37:50:f3:1b:24:84:ef:cd:
75:13:11:db:f8:ed:95:59:07:7b:a6:d6:fc:22:74:03:29:66:
70:77:e1:82:e7:cf:bd:33:31:b9:97:61:70:61:3c:b2:ae:4f:
45:73:92:75:8f:5b:15:25:54:8e:16:4e:6d:5f:3e:c4:8f:b2:
c4:70:14:83:e8:e9:61:e4:30:5b:da:24:e0:c8:34:ee:4d:4a:
53:49:c3:15:f8:94:19:f0:b5:7d:c7:13:a9:b7:6b:e3:c7:1d:
e4:1c:52:ef:d6:0f:2b:1a:18:ef:dd:ef:d2:ac:5c:18:6e:e0:
40:30:46:40:75:28:d2:ce:f0:96:90:35:15:04:83:5a:51:96:
3d:b7:ab:cc:07:c4:71:c4:93:72:4d:2a:ce:3c:ec:8c:d0:39:
5d:aa:e0:ac:9f:48:e3:53:01:12:ab:08:df:ae:92:54:7b:f1:
f1:28:7d:0a:00:20:ff:60:4a:ff:79:f9:cb:0f:ab:f9:12:ea:
d6:70:97:75:68:5e:12:6d:30:7e:c8:58:08:79:63:61:bb:5c:
eb:13:f6:f9:c1:a7:b2:d2:94:68:96:a6:ac:6f:e1:5e:76:66:
94:0b:e2:74:11:26:37:d5:7b:1f:48:a8:16:ca:95:5c:90:2a:
f5:83:70:ac:44:f6:b5:2e:c6:73:7c:b5:03:ba:c5:0a:8b:05:
ee:6d:85:bf:6a:96:d0:77:37:5a:8c:bb:70:42:e2:a2:26:cf:
cd:08:50:df:be:70:67:dc:a2:cc:7e:b3:eb:65:91:f8:0f:77:
52:85:8b:9a:9b:c6:11:43:1e:ed:05:34:a7:b3:6a:e5:73:4c:
bf:be:18:f0:60:c5:8d:a4:4b:5f:55:72:cb:13:b8:4b:e4:f2:
88:34:f5:57:58:ea:84:51:f4:95:ea:82:ca:d4:c8:e3:af:52:
f3:40:d6:04:da:4f:5d:50:4b:0a:2b:61:07:c9:ea:6c:0c:ec:
30:e5:52:95:21:ef:42:59:04:6d:8a:8c:3f:a1:08:51:f0:cb:
6d:a2:10:9d:20:4e:fb:1e
-----BEGIN CERTIFICATE-----
MIIFhjCCA26gAwIBAgIBATANBgkqhkiG9w0BAQsFADA6MREwDwYDVQQKDAhUZXN0
IE9yZzElMCMGA1UEAwwcVGVzdCBPcmcgcmF1YyBDQSBEZXZlbG9wbWVudDAgFw03
MDAxMDEwMDAwMDBaGA85OTk5MTIzMTIzNTk1OVowOjERMA8GA1UECgwIVGVzdCBP
cmcxJTAjBgNVBAMMHFRlc3QgT3JnIHJhdWMgQ0EgRGV2ZWxvcG1lbnQwggIiMA0G
CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCTpfl4sBzvfC500Vnqp//eZOrHKG+2
2rvy4w8BYU/d5brRpC+38V4T1p2k/061074TQiYIqio7sPWGavcwDoGNV0CLd3JG
y0sSIpJPE4aTaxa1i2rr+SjPS2j3Y3JheYjhXSrShlodESoDtl9U2al7wu5k1lVS
ErOSRi1nBavoVMahY/lXxIJe/qT6VWhF/zGcmmMmORcVVhhJPY3Hw/XusrRz7yyb
ipURvaZKhyj8Vb6PAWjLCiR8uaVc2DyWMkQPE95Ng54+jpt9pidLwDlODyOEefvH
MJYRaixa11OnumjkK03bqaHGWJTrqCxtQ1ogiCg1FBet2uumPoJKZd0u/Y1ywIFi
ReFAKxmMVpj3TFcUuxhCOjfJ0Bn9JQ/KPN8Jd3wBKAKjpp6SgeAcP8LCpTYSw04o
jYKvIeLmb+SWYBBecaFB4lyS74QYyWr2gnmiyAym0KKFpkI+VLf9kYR7u36JaRw5
aLvf+fMWFJx6glDDbAANYW+axgGJYQzNR+K0Y0M6HlacL9Q1hwHKh4vQzrU++mhL
wTu6r+AgB6Q6VLNHLnLjDql4YA5/Qbm7DbgBTBHkqkt/H0X8WlfLEJkiM2CKYJWF
/Xf/Hxkeg+ajzSVBURl7i9N1dfR30hclRydQTLthhSX1qadOlPokGhL7nGnaep8P
zdswchbYSW3A7QIDAQABo4GUMIGRMB0GA1UdDgQWBBQeqZLlMoiIJ3WCa3/AY4+i
+Qlr4jBiBgNVHSMEWzBZgBQeqZLlMoiIJ3WCa3/AY4+i+Qlr4qE+pDwwOjERMA8G
A1UECgwIVGVzdCBPcmcxJTAjBgNVBAMMHFRlc3QgT3JnIHJhdWMgQ0EgRGV2ZWxv
cG1lbnSCAQEwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAR5HLTS8Z
IJZlK1QFFQcCRvAzb4To/DIEQ1pakDxki4pOGXOsEWJ5k9XDYcmIFtaE8ZztCWxV
C7otpqa/QuNsxJBpQyKqnW0mqZY/npNhxKt04Q/JMB36LyEYonXadHxIQEwhLUKm
uixq1SYJb2qEcadH3aaHsjdQ8xskhO/NdRMR2/jtlVkHe6bW/CJ0AylmcHfhgufP
vTMxuZdhcGE8sq5PRXOSdY9bFSVUjhZObV8+xI+yxHAUg+jpYeQwW9ok4Mg07k1K
U0nDFfiUGfC1fccTqbdr48cd5BxS79YPKxoY793v0qxcGG7gQDBGQHUo0s7wlpA1
FQSDWlGWPberzAfEccSTck0qzjzsjNA5XargrJ9I41MBEqsI366SVHvx8Sh9CgAg
/2BK/3n5yw+r+RLq1nCXdWheEm0wfshYCHljYbtc6xP2+cGnstKUaJamrG/hXnZm
lAvidBEmN9V7H0ioFsqVXJAq9YNwrET2tS7Gc3y1A7rFCosF7m2Fv2qW0Hc3Woy7
cELioibPzQhQ375wZ9yizH6z62WR+A93UoWLmpvGEUMe7QU0p7Nq5XNMv74Y8GDF
jaRLX1VyyxO4S+TyiDT1V1jqhFH0leqCytTI469S80DWBNpPXVBLCithB8nqbAzs
MOVSlSHvQlkEbYqMP6EIUfDLbaIQnSBO+x4=
-----END CERTIFICATE-----

27
openssl-ca/dev/ca.csr.pem Normal file
View File

@@ -0,0 +1,27 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIEfzCCAmcCAQAwOjERMA8GA1UECgwIVGVzdCBPcmcxJTAjBgNVBAMMHFRlc3Qg
T3JnIHJhdWMgQ0EgRGV2ZWxvcG1lbnQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw
ggIKAoICAQCTpfl4sBzvfC500Vnqp//eZOrHKG+22rvy4w8BYU/d5brRpC+38V4T
1p2k/061074TQiYIqio7sPWGavcwDoGNV0CLd3JGy0sSIpJPE4aTaxa1i2rr+SjP
S2j3Y3JheYjhXSrShlodESoDtl9U2al7wu5k1lVSErOSRi1nBavoVMahY/lXxIJe
/qT6VWhF/zGcmmMmORcVVhhJPY3Hw/XusrRz7yybipURvaZKhyj8Vb6PAWjLCiR8
uaVc2DyWMkQPE95Ng54+jpt9pidLwDlODyOEefvHMJYRaixa11OnumjkK03bqaHG
WJTrqCxtQ1ogiCg1FBet2uumPoJKZd0u/Y1ywIFiReFAKxmMVpj3TFcUuxhCOjfJ
0Bn9JQ/KPN8Jd3wBKAKjpp6SgeAcP8LCpTYSw04ojYKvIeLmb+SWYBBecaFB4lyS
74QYyWr2gnmiyAym0KKFpkI+VLf9kYR7u36JaRw5aLvf+fMWFJx6glDDbAANYW+a
xgGJYQzNR+K0Y0M6HlacL9Q1hwHKh4vQzrU++mhLwTu6r+AgB6Q6VLNHLnLjDql4
YA5/Qbm7DbgBTBHkqkt/H0X8WlfLEJkiM2CKYJWF/Xf/Hxkeg+ajzSVBURl7i9N1
dfR30hclRydQTLthhSX1qadOlPokGhL7nGnaep8PzdswchbYSW3A7QIDAQABoAAw
DQYJKoZIhvcNAQELBQADggIBAEI8f3e1wTAOwy6UjRCnDDjBteDA6bpJGxAX23FU
S2nfQg1LdUdlegKYT8xqca6HuE3t3N7C0hb9qtIbTpLpYAsW94/apBLI96Fhx7c0
Hiw7vqlwIEDx68Qpk9DjyeFYWmHQ9xcgURta2GdhjFdyiDU2KO5o8MSltzJ0d3fZ
a99J+xKXTp1jSzc82Ttce5NHrEyFWZ2xUdTzVzSkH8n4XQu7ycGuy7+li+fSe2s1
J66s7tRm6YGK8eAisTo2/lkv+rB0lEKfiq9xYWgeJVKNBrmXux2a4liElWRwX1ez
EhJ+GV21q6QYHCIayyAmxHi6NPBOBCD8Ig5bJdOJWl5lCeRdw56NZdHPsBJrhYhu
hRRiTSg9GpDIUuItLwAG+UwXDEMV5d3o/b1hG5XmB9QeDESjljfteECpuMHwTaCN
A7RUhgLVhFezYjjrE4UF77mGdipS4jLpGn/4ZniFfBfSE/L8sVYnYxgU1Q2LgW9X
wz4L+RpULTXBWalGG69eRx4CujrlS7OFE2KobXFEB8DoYAM4LRnlKyzeIVMtUnxI
/bMp3zDKHuN2KF7mPSRW+/BSLPzrLvnk0+K/UM8u1xtjQpE33KfLb/pXumuiqBY4
pEshKRopP3f9W6pBh6azGaniymsxiWoshU/yZ7kGB91UXLXXFDRcCEQHsz40vovs
JHVo
-----END CERTIFICATE REQUEST-----

122
openssl-ca/dev/certs/01.pem Normal file
View File

@@ -0,0 +1,122 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: O=Test Org, CN=Test Org rauc CA Development
Validity
Not Before: Jan 1 00:00:00 1970 GMT
Not After : Dec 31 23:59:59 9999 GMT
Subject: O=Test Org, CN=Test Org rauc CA Development
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:93:a5:f9:78:b0:1c:ef:7c:2e:74:d1:59:ea:a7:
ff:de:64:ea:c7:28:6f:b6:da:bb:f2:e3:0f:01:61:
4f:dd:e5:ba:d1:a4:2f:b7:f1:5e:13:d6:9d:a4:ff:
4e:b5:d3:be:13:42:26:08:aa:2a:3b:b0:f5:86:6a:
f7:30:0e:81:8d:57:40:8b:77:72:46:cb:4b:12:22:
92:4f:13:86:93:6b:16:b5:8b:6a:eb:f9:28:cf:4b:
68:f7:63:72:61:79:88:e1:5d:2a:d2:86:5a:1d:11:
2a:03:b6:5f:54:d9:a9:7b:c2:ee:64:d6:55:52:12:
b3:92:46:2d:67:05:ab:e8:54:c6:a1:63:f9:57:c4:
82:5e:fe:a4:fa:55:68:45:ff:31:9c:9a:63:26:39:
17:15:56:18:49:3d:8d:c7:c3:f5:ee:b2:b4:73:ef:
2c:9b:8a:95:11:bd:a6:4a:87:28:fc:55:be:8f:01:
68:cb:0a:24:7c:b9:a5:5c:d8:3c:96:32:44:0f:13:
de:4d:83:9e:3e:8e:9b:7d:a6:27:4b:c0:39:4e:0f:
23:84:79:fb:c7:30:96:11:6a:2c:5a:d7:53:a7:ba:
68:e4:2b:4d:db:a9:a1:c6:58:94:eb:a8:2c:6d:43:
5a:20:88:28:35:14:17:ad:da:eb:a6:3e:82:4a:65:
dd:2e:fd:8d:72:c0:81:62:45:e1:40:2b:19:8c:56:
98:f7:4c:57:14:bb:18:42:3a:37:c9:d0:19:fd:25:
0f:ca:3c:df:09:77:7c:01:28:02:a3:a6:9e:92:81:
e0:1c:3f:c2:c2:a5:36:12:c3:4e:28:8d:82:af:21:
e2:e6:6f:e4:96:60:10:5e:71:a1:41:e2:5c:92:ef:
84:18:c9:6a:f6:82:79:a2:c8:0c:a6:d0:a2:85:a6:
42:3e:54:b7:fd:91:84:7b:bb:7e:89:69:1c:39:68:
bb:df:f9:f3:16:14:9c:7a:82:50:c3:6c:00:0d:61:
6f:9a:c6:01:89:61:0c:cd:47:e2:b4:63:43:3a:1e:
56:9c:2f:d4:35:87:01:ca:87:8b:d0:ce:b5:3e:fa:
68:4b:c1:3b:ba:af:e0:20:07:a4:3a:54:b3:47:2e:
72:e3:0e:a9:78:60:0e:7f:41:b9:bb:0d:b8:01:4c:
11:e4:aa:4b:7f:1f:45:fc:5a:57:cb:10:99:22:33:
60:8a:60:95:85:fd:77:ff:1f:19:1e:83:e6:a3:cd:
25:41:51:19:7b:8b:d3:75:75:f4:77:d2:17:25:47:
27:50:4c:bb:61:85:25:f5:a9:a7:4e:94:fa:24:1a:
12:fb:9c:69:da:7a:9f:0f:cd:db:30:72:16:d8:49:
6d:c0:ed
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1E:A9:92:E5:32:88:88:27:75:82:6B:7F:C0:63:8F:A2:F9:09:6B:E2
X509v3 Authority Key Identifier:
keyid:1E:A9:92:E5:32:88:88:27:75:82:6B:7F:C0:63:8F:A2:F9:09:6B:E2
DirName:/O=Test Org/CN=Test Org rauc CA Development
serial:01
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
47:91:cb:4d:2f:19:20:96:65:2b:54:05:15:07:02:46:f0:33:
6f:84:e8:fc:32:04:43:5a:5a:90:3c:64:8b:8a:4e:19:73:ac:
11:62:79:93:d5:c3:61:c9:88:16:d6:84:f1:9c:ed:09:6c:55:
0b:ba:2d:a6:a6:bf:42:e3:6c:c4:90:69:43:22:aa:9d:6d:26:
a9:96:3f:9e:93:61:c4:ab:74:e1:0f:c9:30:1d:fa:2f:21:18:
a2:75:da:74:7c:48:40:4c:21:2d:42:a6:ba:2c:6a:d5:26:09:
6f:6a:84:71:a7:47:dd:a6:87:b2:37:50:f3:1b:24:84:ef:cd:
75:13:11:db:f8:ed:95:59:07:7b:a6:d6:fc:22:74:03:29:66:
70:77:e1:82:e7:cf:bd:33:31:b9:97:61:70:61:3c:b2:ae:4f:
45:73:92:75:8f:5b:15:25:54:8e:16:4e:6d:5f:3e:c4:8f:b2:
c4:70:14:83:e8:e9:61:e4:30:5b:da:24:e0:c8:34:ee:4d:4a:
53:49:c3:15:f8:94:19:f0:b5:7d:c7:13:a9:b7:6b:e3:c7:1d:
e4:1c:52:ef:d6:0f:2b:1a:18:ef:dd:ef:d2:ac:5c:18:6e:e0:
40:30:46:40:75:28:d2:ce:f0:96:90:35:15:04:83:5a:51:96:
3d:b7:ab:cc:07:c4:71:c4:93:72:4d:2a:ce:3c:ec:8c:d0:39:
5d:aa:e0:ac:9f:48:e3:53:01:12:ab:08:df:ae:92:54:7b:f1:
f1:28:7d:0a:00:20:ff:60:4a:ff:79:f9:cb:0f:ab:f9:12:ea:
d6:70:97:75:68:5e:12:6d:30:7e:c8:58:08:79:63:61:bb:5c:
eb:13:f6:f9:c1:a7:b2:d2:94:68:96:a6:ac:6f:e1:5e:76:66:
94:0b:e2:74:11:26:37:d5:7b:1f:48:a8:16:ca:95:5c:90:2a:
f5:83:70:ac:44:f6:b5:2e:c6:73:7c:b5:03:ba:c5:0a:8b:05:
ee:6d:85:bf:6a:96:d0:77:37:5a:8c:bb:70:42:e2:a2:26:cf:
cd:08:50:df:be:70:67:dc:a2:cc:7e:b3:eb:65:91:f8:0f:77:
52:85:8b:9a:9b:c6:11:43:1e:ed:05:34:a7:b3:6a:e5:73:4c:
bf:be:18:f0:60:c5:8d:a4:4b:5f:55:72:cb:13:b8:4b:e4:f2:
88:34:f5:57:58:ea:84:51:f4:95:ea:82:ca:d4:c8:e3:af:52:
f3:40:d6:04:da:4f:5d:50:4b:0a:2b:61:07:c9:ea:6c:0c:ec:
30:e5:52:95:21:ef:42:59:04:6d:8a:8c:3f:a1:08:51:f0:cb:
6d:a2:10:9d:20:4e:fb:1e
-----BEGIN CERTIFICATE-----
MIIFhjCCA26gAwIBAgIBATANBgkqhkiG9w0BAQsFADA6MREwDwYDVQQKDAhUZXN0
IE9yZzElMCMGA1UEAwwcVGVzdCBPcmcgcmF1YyBDQSBEZXZlbG9wbWVudDAgFw03
MDAxMDEwMDAwMDBaGA85OTk5MTIzMTIzNTk1OVowOjERMA8GA1UECgwIVGVzdCBP
cmcxJTAjBgNVBAMMHFRlc3QgT3JnIHJhdWMgQ0EgRGV2ZWxvcG1lbnQwggIiMA0G
CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCTpfl4sBzvfC500Vnqp//eZOrHKG+2
2rvy4w8BYU/d5brRpC+38V4T1p2k/061074TQiYIqio7sPWGavcwDoGNV0CLd3JG
y0sSIpJPE4aTaxa1i2rr+SjPS2j3Y3JheYjhXSrShlodESoDtl9U2al7wu5k1lVS
ErOSRi1nBavoVMahY/lXxIJe/qT6VWhF/zGcmmMmORcVVhhJPY3Hw/XusrRz7yyb
ipURvaZKhyj8Vb6PAWjLCiR8uaVc2DyWMkQPE95Ng54+jpt9pidLwDlODyOEefvH
MJYRaixa11OnumjkK03bqaHGWJTrqCxtQ1ogiCg1FBet2uumPoJKZd0u/Y1ywIFi
ReFAKxmMVpj3TFcUuxhCOjfJ0Bn9JQ/KPN8Jd3wBKAKjpp6SgeAcP8LCpTYSw04o
jYKvIeLmb+SWYBBecaFB4lyS74QYyWr2gnmiyAym0KKFpkI+VLf9kYR7u36JaRw5
aLvf+fMWFJx6glDDbAANYW+axgGJYQzNR+K0Y0M6HlacL9Q1hwHKh4vQzrU++mhL
wTu6r+AgB6Q6VLNHLnLjDql4YA5/Qbm7DbgBTBHkqkt/H0X8WlfLEJkiM2CKYJWF
/Xf/Hxkeg+ajzSVBURl7i9N1dfR30hclRydQTLthhSX1qadOlPokGhL7nGnaep8P
zdswchbYSW3A7QIDAQABo4GUMIGRMB0GA1UdDgQWBBQeqZLlMoiIJ3WCa3/AY4+i
+Qlr4jBiBgNVHSMEWzBZgBQeqZLlMoiIJ3WCa3/AY4+i+Qlr4qE+pDwwOjERMA8G
A1UECgwIVGVzdCBPcmcxJTAjBgNVBAMMHFRlc3QgT3JnIHJhdWMgQ0EgRGV2ZWxv
cG1lbnSCAQEwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAR5HLTS8Z
IJZlK1QFFQcCRvAzb4To/DIEQ1pakDxki4pOGXOsEWJ5k9XDYcmIFtaE8ZztCWxV
C7otpqa/QuNsxJBpQyKqnW0mqZY/npNhxKt04Q/JMB36LyEYonXadHxIQEwhLUKm
uixq1SYJb2qEcadH3aaHsjdQ8xskhO/NdRMR2/jtlVkHe6bW/CJ0AylmcHfhgufP
vTMxuZdhcGE8sq5PRXOSdY9bFSVUjhZObV8+xI+yxHAUg+jpYeQwW9ok4Mg07k1K
U0nDFfiUGfC1fccTqbdr48cd5BxS79YPKxoY793v0qxcGG7gQDBGQHUo0s7wlpA1
FQSDWlGWPberzAfEccSTck0qzjzsjNA5XargrJ9I41MBEqsI366SVHvx8Sh9CgAg
/2BK/3n5yw+r+RLq1nCXdWheEm0wfshYCHljYbtc6xP2+cGnstKUaJamrG/hXnZm
lAvidBEmN9V7H0ioFsqVXJAq9YNwrET2tS7Gc3y1A7rFCosF7m2Fv2qW0Hc3Woy7
cELioibPzQhQ375wZ9yizH6z62WR+A93UoWLmpvGEUMe7QU0p7Nq5XNMv74Y8GDF
jaRLX1VyyxO4S+TyiDT1V1jqhFH0leqCytTI469S80DWBNpPXVBLCithB8nqbAzs
MOVSlSHvQlkEbYqMP6EIUfDLbaIQnSBO+x4=
-----END CERTIFICATE-----

122
openssl-ca/dev/certs/02.pem Normal file
View File

@@ -0,0 +1,122 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: O=Test Org, CN=Test Org rauc CA Development
Validity
Not Before: Jan 1 00:00:00 1970 GMT
Not After : Dec 31 23:59:59 9999 GMT
Subject: O=Test Org, CN=Test Org Development-1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:bd:1e:ce:0d:cc:c9:7c:05:dd:27:08:84:49:86:
58:c2:ab:07:2d:5a:2c:a8:f7:a7:16:13:15:84:80:
f5:0d:2b:0b:15:ba:e1:ba:51:8b:e9:bc:8b:d3:b5:
5e:55:9e:6e:97:b3:15:f4:aa:7d:6a:bd:e6:ae:7b:
71:d2:2f:1e:06:3b:7d:95:4e:1f:f6:4d:9e:a0:e5:
45:aa:eb:b3:32:11:06:5c:b0:da:a0:c7:f1:f0:41:
8b:f2:64:6f:b1:86:9a:e5:4a:00:9b:d1:05:e0:dc:
27:50:0d:99:0f:80:66:99:b3:a0:ba:ea:a5:b9:3c:
b4:5d:18:11:7a:53:87:c7:cb:9a:98:6b:4a:97:25:
bc:f0:9d:74:b6:08:2d:2e:4e:b7:23:db:4f:e2:c6:
0d:cc:b2:c2:f2:ff:2f:08:29:ad:b1:7e:29:9c:a2:
48:d1:f4:1f:e9:b8:fa:22:93:91:5f:6a:26:47:da:
05:e5:85:1e:f8:40:25:3c:e8:13:ad:2e:21:fa:dd:
a8:58:8d:47:08:5f:ea:93:bb:8e:a1:1b:24:b5:0c:
15:55:44:a0:3d:4e:45:2a:20:d4:09:3e:fc:6e:87:
3c:90:97:8a:48:e2:d9:db:e5:3f:83:a6:fa:af:1e:
ef:2c:21:a9:28:33:3f:ec:f2:ec:72:6c:9a:97:1d:
e1:f9:36:a4:b3:07:2e:8a:50:74:bb:04:ab:07:b4:
3d:fd:52:19:23:3a:be:85:ce:b9:eb:74:3b:22:f8:
44:0a:f6:be:da:67:e4:7e:bd:c1:87:6b:0e:07:e9:
13:c1:ce:80:40:61:f1:ca:a0:b1:b5:42:e0:b4:71:
56:7e:a9:ad:64:ad:0a:3b:93:c2:da:10:b0:af:32:
27:84:53:93:a8:d7:39:57:37:40:b7:2d:5c:b5:a1:
d5:41:3a:3e:3f:3c:3e:ae:2f:2b:a4:54:5b:a8:82:
16:0b:8f:bb:19:e6:ad:36:a8:ac:74:9c:57:ca:11:
0f:19:10:49:98:b2:73:b5:4d:0c:68:bb:24:cf:98:
e7:63:e0:37:af:fc:6f:5a:75:63:03:92:1d:f3:74:
b5:e8:73:16:3f:04:2b:cc:45:12:33:32:97:0e:62:
2c:17:29:1a:7a:fd:1b:ef:71:28:b8:0b:36:a6:dc:
18:f4:4e:98:b7:39:1b:c8:fb:2b:dc:77:a3:b0:02:
d2:39:ff:19:a0:35:94:96:2a:4e:29:8f:4d:59:a9:
25:bf:e8:c0:56:21:be:4a:22:b8:5b:65:58:4e:c9:
20:1d:3b:9f:3b:76:69:90:8a:ed:09:b7:d4:43:ab:
01:0d:09:07:82:d4:1b:7c:8c:75:a8:53:ab:c7:68:
52:2e:9d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
13:CE:22:18:20:53:57:B8:DE:63:7C:F2:50:A9:D0:18:5A:96:DD:6F
X509v3 Authority Key Identifier:
keyid:1E:A9:92:E5:32:88:88:27:75:82:6B:7F:C0:63:8F:A2:F9:09:6B:E2
DirName:/O=Test Org/CN=Test Org rauc CA Development
serial:01
X509v3 Basic Constraints:
CA:FALSE
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
5e:6a:b0:a1:a4:d1:00:6f:ed:b2:fb:50:e8:62:e4:87:70:09:
8c:53:2b:e9:d4:fe:d0:96:6c:15:84:d0:b5:9f:40:a3:d6:e4:
80:a2:8b:2f:79:b1:a2:a5:fe:05:88:67:e5:1b:a3:a9:90:30:
fa:18:70:62:91:78:6f:e1:bd:13:b5:34:2b:43:71:06:20:86:
fe:6b:b8:9c:f9:aa:35:85:a6:9f:f0:c4:54:4c:e2:00:79:87:
c6:cd:7c:aa:3b:ae:ea:e8:67:54:c2:b4:be:7c:34:e9:23:70:
3a:79:ea:3c:3b:a9:69:3c:d5:de:01:a2:ee:cd:84:98:72:2f:
84:ab:13:b7:33:3e:ce:52:22:1e:00:34:cc:76:82:81:05:58:
5e:8d:3e:ee:1c:43:76:30:89:90:95:66:27:5f:9d:99:18:68:
0a:6c:30:0f:78:8e:14:ca:a8:d5:7d:85:f5:43:e6:a5:99:fc:
5f:32:7e:c1:62:8b:0e:da:aa:98:8c:df:fa:7b:f6:25:77:10:
30:2b:15:a7:d4:63:25:1d:b0:51:03:1e:57:a7:14:b7:4b:35:
51:c0:d4:fc:53:e1:29:f1:53:b0:74:7a:6e:6f:a8:fc:f4:39:
0d:d4:6b:6b:e7:03:47:0c:10:71:57:3a:5a:a0:1e:99:9d:05:
a4:88:5c:09:95:b2:a7:55:67:7b:6f:1f:3e:86:77:f0:b5:92:
c8:32:e1:22:9c:19:16:f6:69:68:cd:50:68:1e:42:6f:a7:b2:
c1:82:a1:c4:34:bf:ef:69:6f:bf:b4:5a:3c:c6:2a:51:43:9c:
99:ea:43:db:5c:42:d4:45:cf:06:20:57:a9:e4:66:05:20:01:
33:ce:f1:17:0a:26:36:ad:e7:8b:4e:53:31:13:c0:7d:2f:f5:
f9:5e:3c:16:23:70:91:cb:ab:4c:fb:ab:1c:35:41:db:f7:c3:
10:7b:17:0d:67:09:63:26:28:6a:57:d4:ab:fb:1c:83:a6:5e:
b7:7b:bb:fa:0f:2b:37:da:ae:85:f4:72:b7:c7:8e:eb:93:12:
6b:dc:94:96:1c:83:eb:69:f0:df:cc:29:46:56:05:93:7b:75:
41:6c:a3:e6:c8:57:78:b3:45:ab:07:b1:5a:6f:a0:1b:e6:73:
b5:39:3a:9b:67:25:3b:c7:d6:e6:02:a0:f0:15:d5:cb:6d:18:
c3:ae:a4:e9:8f:4b:ca:8a:c4:23:34:64:91:6d:44:39:f7:e3:
0a:ad:a2:f9:af:07:e2:2c:48:bd:26:18:70:ab:aa:87:0b:56:
e8:9b:b9:0d:31:a5:82:e1:9b:90:fb:73:da:ed:1a:b4:8e:12:
e0:f4:83:98:dd:79:a4:f1
-----BEGIN CERTIFICATE-----
MIIFfTCCA2WgAwIBAgIBAjANBgkqhkiG9w0BAQsFADA6MREwDwYDVQQKDAhUZXN0
IE9yZzElMCMGA1UEAwwcVGVzdCBPcmcgcmF1YyBDQSBEZXZlbG9wbWVudDAgFw03
MDAxMDEwMDAwMDBaGA85OTk5MTIzMTIzNTk1OVowNDERMA8GA1UECgwIVGVzdCBP
cmcxHzAdBgNVBAMMFlRlc3QgT3JnIERldmVsb3BtZW50LTEwggIiMA0GCSqGSIb3
DQEBAQUAA4ICDwAwggIKAoICAQC9Hs4NzMl8Bd0nCIRJhljCqwctWiyo96cWExWE
gPUNKwsVuuG6UYvpvIvTtV5Vnm6XsxX0qn1qveaue3HSLx4GO32VTh/2TZ6g5UWq
67MyEQZcsNqgx/HwQYvyZG+xhprlSgCb0QXg3CdQDZkPgGaZs6C66qW5PLRdGBF6
U4fHy5qYa0qXJbzwnXS2CC0uTrcj20/ixg3MssLy/y8IKa2xfimcokjR9B/puPoi
k5FfaiZH2gXlhR74QCU86BOtLiH63ahYjUcIX+qTu46hGyS1DBVVRKA9TkUqINQJ
PvxuhzyQl4pI4tnb5T+DpvqvHu8sIakoMz/s8uxybJqXHeH5NqSzBy6KUHS7BKsH
tD39UhkjOr6FzrnrdDsi+EQK9r7aZ+R+vcGHaw4H6RPBzoBAYfHKoLG1QuC0cVZ+
qa1krQo7k8LaELCvMieEU5Oo1zlXN0C3LVy1odVBOj4/PD6uLyukVFuoghYLj7sZ
5q02qKx0nFfKEQ8ZEEmYsnO1TQxouyTPmOdj4Dev/G9adWMDkh3zdLXocxY/BCvM
RRIzMpcOYiwXKRp6/RvvcSi4Czam3Bj0Tpi3ORvI+yvcd6OwAtI5/xmgNZSWKk4p
j01ZqSW/6MBWIb5KIrhbZVhOySAdO587dmmQiu0Jt9RDqwENCQeC1Bt8jHWoU6vH
aFIunQIDAQABo4GRMIGOMB0GA1UdDgQWBBQTziIYIFNXuN5jfPJQqdAYWpbdbzBi
BgNVHSMEWzBZgBQeqZLlMoiIJ3WCa3/AY4+i+Qlr4qE+pDwwOjERMA8GA1UECgwI
VGVzdCBPcmcxJTAjBgNVBAMMHFRlc3QgT3JnIHJhdWMgQ0EgRGV2ZWxvcG1lbnSC
AQEwCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAgEAXmqwoaTRAG/tsvtQ6GLk
h3AJjFMr6dT+0JZsFYTQtZ9Ao9bkgKKLL3mxoqX+BYhn5RujqZAw+hhwYpF4b+G9
E7U0K0NxBiCG/mu4nPmqNYWmn/DEVEziAHmHxs18qjuu6uhnVMK0vnw06SNwOnnq
PDupaTzV3gGi7s2EmHIvhKsTtzM+zlIiHgA0zHaCgQVYXo0+7hxDdjCJkJVmJ1+d
mRhoCmwwD3iOFMqo1X2F9UPmpZn8XzJ+wWKLDtqqmIzf+nv2JXcQMCsVp9RjJR2w
UQMeV6cUt0s1UcDU/FPhKfFTsHR6bm+o/PQ5DdRra+cDRwwQcVc6WqAemZ0FpIhc
CZWyp1Vne28fPoZ38LWSyDLhIpwZFvZpaM1QaB5Cb6eywYKhxDS/72lvv7RaPMYq
UUOcmepD21xC1EXPBiBXqeRmBSABM87xFwomNq3ni05TMRPAfS/1+V48FiNwkcur
TPurHDVB2/fDEHsXDWcJYyYoalfUq/scg6Zet3u7+g8rN9quhfRyt8eO65MSa9yU
lhyD62nw38wpRlYFk3t1QWyj5shXeLNFqwexWm+gG+ZztTk6m2clO8fW5gKg8BXV
y20Yw66k6Y9LyorEIzRkkW1EOffjCq2i+a8H4ixIvSYYcKuqhwtW6Ju5DTGlguGb
kPtz2u0atI4S4PSDmN15pPE=
-----END CERTIFICATE-----

122
openssl-ca/dev/development-1.cert.pem Normal file
View File

@@ -0,0 +1,122 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: O=Test Org, CN=Test Org rauc CA Development
Validity
Not Before: Jan 1 00:00:00 1970 GMT
Not After : Dec 31 23:59:59 9999 GMT
Subject: O=Test Org, CN=Test Org Development-1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:bd:1e:ce:0d:cc:c9:7c:05:dd:27:08:84:49:86:
58:c2:ab:07:2d:5a:2c:a8:f7:a7:16:13:15:84:80:
f5:0d:2b:0b:15:ba:e1:ba:51:8b:e9:bc:8b:d3:b5:
5e:55:9e:6e:97:b3:15:f4:aa:7d:6a:bd:e6:ae:7b:
71:d2:2f:1e:06:3b:7d:95:4e:1f:f6:4d:9e:a0:e5:
45:aa:eb:b3:32:11:06:5c:b0:da:a0:c7:f1:f0:41:
8b:f2:64:6f:b1:86:9a:e5:4a:00:9b:d1:05:e0:dc:
27:50:0d:99:0f:80:66:99:b3:a0:ba:ea:a5:b9:3c:
b4:5d:18:11:7a:53:87:c7:cb:9a:98:6b:4a:97:25:
bc:f0:9d:74:b6:08:2d:2e:4e:b7:23:db:4f:e2:c6:
0d:cc:b2:c2:f2:ff:2f:08:29:ad:b1:7e:29:9c:a2:
48:d1:f4:1f:e9:b8:fa:22:93:91:5f:6a:26:47:da:
05:e5:85:1e:f8:40:25:3c:e8:13:ad:2e:21:fa:dd:
a8:58:8d:47:08:5f:ea:93:bb:8e:a1:1b:24:b5:0c:
15:55:44:a0:3d:4e:45:2a:20:d4:09:3e:fc:6e:87:
3c:90:97:8a:48:e2:d9:db:e5:3f:83:a6:fa:af:1e:
ef:2c:21:a9:28:33:3f:ec:f2:ec:72:6c:9a:97:1d:
e1:f9:36:a4:b3:07:2e:8a:50:74:bb:04:ab:07:b4:
3d:fd:52:19:23:3a:be:85:ce:b9:eb:74:3b:22:f8:
44:0a:f6:be:da:67:e4:7e:bd:c1:87:6b:0e:07:e9:
13:c1:ce:80:40:61:f1:ca:a0:b1:b5:42:e0:b4:71:
56:7e:a9:ad:64:ad:0a:3b:93:c2:da:10:b0:af:32:
27:84:53:93:a8:d7:39:57:37:40:b7:2d:5c:b5:a1:
d5:41:3a:3e:3f:3c:3e:ae:2f:2b:a4:54:5b:a8:82:
16:0b:8f:bb:19:e6:ad:36:a8:ac:74:9c:57:ca:11:
0f:19:10:49:98:b2:73:b5:4d:0c:68:bb:24:cf:98:
e7:63:e0:37:af:fc:6f:5a:75:63:03:92:1d:f3:74:
b5:e8:73:16:3f:04:2b:cc:45:12:33:32:97:0e:62:
2c:17:29:1a:7a:fd:1b:ef:71:28:b8:0b:36:a6:dc:
18:f4:4e:98:b7:39:1b:c8:fb:2b:dc:77:a3:b0:02:
d2:39:ff:19:a0:35:94:96:2a:4e:29:8f:4d:59:a9:
25:bf:e8:c0:56:21:be:4a:22:b8:5b:65:58:4e:c9:
20:1d:3b:9f:3b:76:69:90:8a:ed:09:b7:d4:43:ab:
01:0d:09:07:82:d4:1b:7c:8c:75:a8:53:ab:c7:68:
52:2e:9d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
13:CE:22:18:20:53:57:B8:DE:63:7C:F2:50:A9:D0:18:5A:96:DD:6F
X509v3 Authority Key Identifier:
keyid:1E:A9:92:E5:32:88:88:27:75:82:6B:7F:C0:63:8F:A2:F9:09:6B:E2
DirName:/O=Test Org/CN=Test Org rauc CA Development
serial:01
X509v3 Basic Constraints:
CA:FALSE
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
5e:6a:b0:a1:a4:d1:00:6f:ed:b2:fb:50:e8:62:e4:87:70:09:
8c:53:2b:e9:d4:fe:d0:96:6c:15:84:d0:b5:9f:40:a3:d6:e4:
80:a2:8b:2f:79:b1:a2:a5:fe:05:88:67:e5:1b:a3:a9:90:30:
fa:18:70:62:91:78:6f:e1:bd:13:b5:34:2b:43:71:06:20:86:
fe:6b:b8:9c:f9:aa:35:85:a6:9f:f0:c4:54:4c:e2:00:79:87:
c6:cd:7c:aa:3b:ae:ea:e8:67:54:c2:b4:be:7c:34:e9:23:70:
3a:79:ea:3c:3b:a9:69:3c:d5:de:01:a2:ee:cd:84:98:72:2f:
84:ab:13:b7:33:3e:ce:52:22:1e:00:34:cc:76:82:81:05:58:
5e:8d:3e:ee:1c:43:76:30:89:90:95:66:27:5f:9d:99:18:68:
0a:6c:30:0f:78:8e:14:ca:a8:d5:7d:85:f5:43:e6:a5:99:fc:
5f:32:7e:c1:62:8b:0e:da:aa:98:8c:df:fa:7b:f6:25:77:10:
30:2b:15:a7:d4:63:25:1d:b0:51:03:1e:57:a7:14:b7:4b:35:
51:c0:d4:fc:53:e1:29:f1:53:b0:74:7a:6e:6f:a8:fc:f4:39:
0d:d4:6b:6b:e7:03:47:0c:10:71:57:3a:5a:a0:1e:99:9d:05:
a4:88:5c:09:95:b2:a7:55:67:7b:6f:1f:3e:86:77:f0:b5:92:
c8:32:e1:22:9c:19:16:f6:69:68:cd:50:68:1e:42:6f:a7:b2:
c1:82:a1:c4:34:bf:ef:69:6f:bf:b4:5a:3c:c6:2a:51:43:9c:
99:ea:43:db:5c:42:d4:45:cf:06:20:57:a9:e4:66:05:20:01:
33:ce:f1:17:0a:26:36:ad:e7:8b:4e:53:31:13:c0:7d:2f:f5:
f9:5e:3c:16:23:70:91:cb:ab:4c:fb:ab:1c:35:41:db:f7:c3:
10:7b:17:0d:67:09:63:26:28:6a:57:d4:ab:fb:1c:83:a6:5e:
b7:7b:bb:fa:0f:2b:37:da:ae:85:f4:72:b7:c7:8e:eb:93:12:
6b:dc:94:96:1c:83:eb:69:f0:df:cc:29:46:56:05:93:7b:75:
41:6c:a3:e6:c8:57:78:b3:45:ab:07:b1:5a:6f:a0:1b:e6:73:
b5:39:3a:9b:67:25:3b:c7:d6:e6:02:a0:f0:15:d5:cb:6d:18:
c3:ae:a4:e9:8f:4b:ca:8a:c4:23:34:64:91:6d:44:39:f7:e3:
0a:ad:a2:f9:af:07:e2:2c:48:bd:26:18:70:ab:aa:87:0b:56:
e8:9b:b9:0d:31:a5:82:e1:9b:90:fb:73:da:ed:1a:b4:8e:12:
e0:f4:83:98:dd:79:a4:f1
-----BEGIN CERTIFICATE-----
MIIFfTCCA2WgAwIBAgIBAjANBgkqhkiG9w0BAQsFADA6MREwDwYDVQQKDAhUZXN0
IE9yZzElMCMGA1UEAwwcVGVzdCBPcmcgcmF1YyBDQSBEZXZlbG9wbWVudDAgFw03
MDAxMDEwMDAwMDBaGA85OTk5MTIzMTIzNTk1OVowNDERMA8GA1UECgwIVGVzdCBP
cmcxHzAdBgNVBAMMFlRlc3QgT3JnIERldmVsb3BtZW50LTEwggIiMA0GCSqGSIb3
DQEBAQUAA4ICDwAwggIKAoICAQC9Hs4NzMl8Bd0nCIRJhljCqwctWiyo96cWExWE
gPUNKwsVuuG6UYvpvIvTtV5Vnm6XsxX0qn1qveaue3HSLx4GO32VTh/2TZ6g5UWq
67MyEQZcsNqgx/HwQYvyZG+xhprlSgCb0QXg3CdQDZkPgGaZs6C66qW5PLRdGBF6
U4fHy5qYa0qXJbzwnXS2CC0uTrcj20/ixg3MssLy/y8IKa2xfimcokjR9B/puPoi
k5FfaiZH2gXlhR74QCU86BOtLiH63ahYjUcIX+qTu46hGyS1DBVVRKA9TkUqINQJ
PvxuhzyQl4pI4tnb5T+DpvqvHu8sIakoMz/s8uxybJqXHeH5NqSzBy6KUHS7BKsH
tD39UhkjOr6FzrnrdDsi+EQK9r7aZ+R+vcGHaw4H6RPBzoBAYfHKoLG1QuC0cVZ+
qa1krQo7k8LaELCvMieEU5Oo1zlXN0C3LVy1odVBOj4/PD6uLyukVFuoghYLj7sZ
5q02qKx0nFfKEQ8ZEEmYsnO1TQxouyTPmOdj4Dev/G9adWMDkh3zdLXocxY/BCvM
RRIzMpcOYiwXKRp6/RvvcSi4Czam3Bj0Tpi3ORvI+yvcd6OwAtI5/xmgNZSWKk4p
j01ZqSW/6MBWIb5KIrhbZVhOySAdO587dmmQiu0Jt9RDqwENCQeC1Bt8jHWoU6vH
aFIunQIDAQABo4GRMIGOMB0GA1UdDgQWBBQTziIYIFNXuN5jfPJQqdAYWpbdbzBi
BgNVHSMEWzBZgBQeqZLlMoiIJ3WCa3/AY4+i+Qlr4qE+pDwwOjERMA8GA1UECgwI
VGVzdCBPcmcxJTAjBgNVBAMMHFRlc3QgT3JnIHJhdWMgQ0EgRGV2ZWxvcG1lbnSC
AQEwCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAgEAXmqwoaTRAG/tsvtQ6GLk
h3AJjFMr6dT+0JZsFYTQtZ9Ao9bkgKKLL3mxoqX+BYhn5RujqZAw+hhwYpF4b+G9
E7U0K0NxBiCG/mu4nPmqNYWmn/DEVEziAHmHxs18qjuu6uhnVMK0vnw06SNwOnnq
PDupaTzV3gGi7s2EmHIvhKsTtzM+zlIiHgA0zHaCgQVYXo0+7hxDdjCJkJVmJ1+d
mRhoCmwwD3iOFMqo1X2F9UPmpZn8XzJ+wWKLDtqqmIzf+nv2JXcQMCsVp9RjJR2w
UQMeV6cUt0s1UcDU/FPhKfFTsHR6bm+o/PQ5DdRra+cDRwwQcVc6WqAemZ0FpIhc
CZWyp1Vne28fPoZ38LWSyDLhIpwZFvZpaM1QaB5Cb6eywYKhxDS/72lvv7RaPMYq
UUOcmepD21xC1EXPBiBXqeRmBSABM87xFwomNq3ni05TMRPAfS/1+V48FiNwkcur
TPurHDVB2/fDEHsXDWcJYyYoalfUq/scg6Zet3u7+g8rN9quhfRyt8eO65MSa9yU
lhyD62nw38wpRlYFk3t1QWyj5shXeLNFqwexWm+gG+ZztTk6m2clO8fW5gKg8BXV
y20Yw66k6Y9LyorEIzRkkW1EOffjCq2i+a8H4ixIvSYYcKuqhwtW6Ju5DTGlguGb
kPtz2u0atI4S4PSDmN15pPE=
-----END CERTIFICATE-----

26
openssl-ca/dev/development-1.csr.pem Normal file
View File

@@ -0,0 +1,26 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIEeTCCAmECAQAwNDERMA8GA1UECgwIVGVzdCBPcmcxHzAdBgNVBAMMFlRlc3Qg
T3JnIERldmVsb3BtZW50LTEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC
AQC9Hs4NzMl8Bd0nCIRJhljCqwctWiyo96cWExWEgPUNKwsVuuG6UYvpvIvTtV5V
nm6XsxX0qn1qveaue3HSLx4GO32VTh/2TZ6g5UWq67MyEQZcsNqgx/HwQYvyZG+x
hprlSgCb0QXg3CdQDZkPgGaZs6C66qW5PLRdGBF6U4fHy5qYa0qXJbzwnXS2CC0u
Trcj20/ixg3MssLy/y8IKa2xfimcokjR9B/puPoik5FfaiZH2gXlhR74QCU86BOt
LiH63ahYjUcIX+qTu46hGyS1DBVVRKA9TkUqINQJPvxuhzyQl4pI4tnb5T+Dpvqv
Hu8sIakoMz/s8uxybJqXHeH5NqSzBy6KUHS7BKsHtD39UhkjOr6FzrnrdDsi+EQK
9r7aZ+R+vcGHaw4H6RPBzoBAYfHKoLG1QuC0cVZ+qa1krQo7k8LaELCvMieEU5Oo
1zlXN0C3LVy1odVBOj4/PD6uLyukVFuoghYLj7sZ5q02qKx0nFfKEQ8ZEEmYsnO1
TQxouyTPmOdj4Dev/G9adWMDkh3zdLXocxY/BCvMRRIzMpcOYiwXKRp6/RvvcSi4
Czam3Bj0Tpi3ORvI+yvcd6OwAtI5/xmgNZSWKk4pj01ZqSW/6MBWIb5KIrhbZVhO
ySAdO587dmmQiu0Jt9RDqwENCQeC1Bt8jHWoU6vHaFIunQIDAQABoAAwDQYJKoZI
hvcNAQELBQADggIBALD1oR5/KIYWLyB281Ayi6AxEEokUWYObDdP2OxCviJTRY4O
0ltBVXemxqZLdsIg77RwzAgPUQEDPREIPM9qoiQnkwZ2+8LuplpHVjwvjf2eETEK
W/weIijLDTGA1NFMjaHSCKbo98yTJ1VPaYzyxu5v3q1+MuSAy9EwVVG/tbXn1rbA
ymDG2ycT/jRWH4hVWrY42cpMqr6IgrlbVQWY/Qh+2h/CymqkvoluVOcGOEdHhB0Q
ku3n96Axssfff2XATzPquFbpHcGu86i83NXhwnGdQEvhPkw2du5WI3YpuRA/WHK1
iTGVTWVrxgjBnjf5yAREpIlSTYrtmpM1zYXoMtFOMNZG6s2rwLqKwvySeDFzp8pE
sTLiu9BRQVoNt/t+H6sjYGORUOTRow/UbFTN44mYcpeG763iM9vcOHOOGML3f0MC
9VhmJePdOMHiXHebw0tFzEmULmS9bTC03NpkJeMeEGfvekl43YDamK99YgkZojwl
Ok4FQHgBLOlb3ZjotssqZAF8V1kT155uzxcGenCUgm+MYEjhzYQ95hOtLsOrAmfC
8dEPbfEMur9n3qQp2hD250sjgraQnbhZasDXg6Fk77PDEO0aE86xouLisYg7Th6o
zsiApK7BxF6bBQoKaYoHvDVZnVKSBot/wTxKWBCOB7wizSineIkhSmWKyeFQ
-----END CERTIFICATE REQUEST-----

2
openssl-ca/dev/index.txt Normal file
View File

@@ -0,0 +1,2 @@
V 99991231235959Z 01 unknown /O=Test Org/CN=Test Org rauc CA Development
V 99991231235959Z 02 unknown /O=Test Org/CN=Test Org Development-1

1
openssl-ca/dev/index.txt.attr Normal file
View File

@@ -0,0 +1 @@
unique_subject = yes

1
openssl-ca/dev/index.txt.attr.old Normal file
View File

@@ -0,0 +1 @@
unique_subject = yes

1
openssl-ca/dev/index.txt.old Normal file
View File

@@ -0,0 +1 @@
V 99991231235959Z 01 unknown /O=Test Org/CN=Test Org rauc CA Development

52
openssl-ca/dev/private/ca.key.pem Normal file
View File

@@ -0,0 +1,52 @@
-----BEGIN PRIVATE KEY-----
MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCTpfl4sBzvfC50
0Vnqp//eZOrHKG+22rvy4w8BYU/d5brRpC+38V4T1p2k/061074TQiYIqio7sPWG
avcwDoGNV0CLd3JGy0sSIpJPE4aTaxa1i2rr+SjPS2j3Y3JheYjhXSrShlodESoD
tl9U2al7wu5k1lVSErOSRi1nBavoVMahY/lXxIJe/qT6VWhF/zGcmmMmORcVVhhJ
PY3Hw/XusrRz7yybipURvaZKhyj8Vb6PAWjLCiR8uaVc2DyWMkQPE95Ng54+jpt9
pidLwDlODyOEefvHMJYRaixa11OnumjkK03bqaHGWJTrqCxtQ1ogiCg1FBet2uum
PoJKZd0u/Y1ywIFiReFAKxmMVpj3TFcUuxhCOjfJ0Bn9JQ/KPN8Jd3wBKAKjpp6S
geAcP8LCpTYSw04ojYKvIeLmb+SWYBBecaFB4lyS74QYyWr2gnmiyAym0KKFpkI+
VLf9kYR7u36JaRw5aLvf+fMWFJx6glDDbAANYW+axgGJYQzNR+K0Y0M6HlacL9Q1
hwHKh4vQzrU++mhLwTu6r+AgB6Q6VLNHLnLjDql4YA5/Qbm7DbgBTBHkqkt/H0X8
WlfLEJkiM2CKYJWF/Xf/Hxkeg+ajzSVBURl7i9N1dfR30hclRydQTLthhSX1qadO
lPokGhL7nGnaep8PzdswchbYSW3A7QIDAQABAoICACJu7sNKrzTazSrJOCMVkwKW
nnpb39HRKUv30CQOQcYKMYt6svY/ACW4Q4ObVwvomcd8Acq7hKXvGxOCFqvKdkQ0
OQVNkgUYnCVakqyGbTgsHVuxa/okXXQarhwjwSUiZt3IEJiQZKuquRWsjocHTBNk
3pv9sGA3pFFUtHn2RKUmQDybSCdD2PO2h1sqV+sbHMLc7oqXfd6n+Xn7NPmFpfFJ
E/SFru2HYESG6iUvaEuQ46QOPBY+A0xjL0F73IVaq6yogYuqSllkgLbI7RkpdzPR
LANVP3awyg69qCJ3XTccriGoR7wWz3emaPScf9/reTVlC5t1WCBfkd1vbotTPkXA
hSW0VfciDbkbIbK8y6zc1HmqBd9iq16UDRqI6oKr1WK52ldwEuh/jyBV2UkQ937S
yKt1Y4tnZw6+gvdN/dGnbIDXQwGjdkIkDrxIvjGRmrFr2//L+wPWfvxQU6vls1Xj
PPUBEK6xbPPo+2Dg/AZIw2eZ6z37EgDBn5hEslnK2CxsqbFOUhFAoymjeV42S81Z
jRWPGCDfi/LutGPTvUigWsGIUl6tbu07gKI5XJxBO5bC2idb/1blds6uqX08NRbq
iYiNWgm6j5Mz6HqQfdJVqsINzdctzoSZdSo4e1iAxJBxGLfPJzeKC+3JliDl3CX/
3xVAEXT9oA/rBhshKmeBAoIBAQDDhacWuf6MgulDV1bqcQU+jkLJu0dywpkgA6Fm
tSDEQkE/Tj4c7lAuia3JeAo0sXo9vHrBkZ8bPZpPNBAv5qMr2Gn6VUv5f8M/mwQ5
F6dP4WnVSdbsS7RUCE5u9p+ATBFqlfcCtgFjHOWNHkrZHgIWHzlR/lF2llv+FRw9
5BNhn26JVO6AsevXcCpMAGbeLE7XzNBYGkMG+TZ48sAGec7CoESlcjk0vhDcH4dL
yJty/tfGkhWZXL9oji54df1WzPLrDvFRu//yFPMsDZZzbxK2neLpWLkUDQ2BIRSs
a2OFkS/zjici6eksDCGFb4LGCThnGJB1CBzYrm/vg6TAdVt5AoIBAQDBUXTPCQ6A
iiucNGjEr+yNMUui+6y3mZ3FQ5sXCs6dqVW7ei9n5knp/BsbRMfWqmCNZ4ihNXSP
gb7nsRWdPBAxgKS9+3sPha/TALmWyGIpWDBDRNx86fLcqguDImCF8awQrTUazA9i
wR/6i1Us8LbrMZmwo1XXJsPYd1lNDlqsz/szifdU9fb7qIt84ZqbEZhAkK3xvIO9
3Sx4Md8qN4uzyODZvK1WpK04QuNtBGRQSns35mm6mAE5eEmadYlKz0gC1YhTv1e9
HHfTOet5LcEiXoEq/MYGUZaFPoXTGlq2C3yk3Xwtlx8HKYzGlPkpvqjx1Q5GEEPX
AgxeBvAlp0AVAoIBAQC4DpMyg7iqkXoBGLELVYW4U7dvrEsgLyxyxLgltZC48B33
+DHkjjsQ9C6TH9uLqx8GCu4MVodO33jp4nryfM1SMxHgxHcW0jz9HXKmRCwOuIYm
cLJQExwYlxEuyB9yaSlkCvRSqv83TDaT19Zh+SvBo3cURrJtTjIfR8QkRxYvqiQm
R7uVjugTENXgYeh0cYVvBLGEnoRGhkfPJ8W40uXetXypupM7oUjBzzRQFPKxGFIL
7e1DR9owFNiOMZRhJ+HtgU2Owcm5HBumdswQspkNLCg1vn3L8FWsH3YUsasoS3q2
bjVNWqFUA79ym3yh7IAaHTev1AlDuUJKWMS5IEERAoIBAHZGwSHel6nbX509j5Av
Vpp4O5+nPeBDM306xMvPR+S8cwC2XATEqBppraf8aAwVx+ccHkMLspoOtt+IwAGo
evveimzWTU+M6qs9eU8goLZNB5JQsloWxQlvXIXJ5aZt22mEn8YabZttL4SZ9O3/
BNtXSIIDHQT66b4qH0/+5UlwInBBDDtGFeuZDmbEnVQc6rsuCc6qGSx0Ar4zPSfW
PjosQC3Xu3IUZQrUGdNcaYeaWlM0PSH12GHyD45aNTq5IYTiYntiyWqh3Uo12LUW
YmEF0x+a8glxp5c0Tqp/KFrTIlq4TD6UhF5cdI4XHW8GANWdFhOV5fvJfAmXUxym
fJUCggEAYXHVZSn7W1ZGFU0VbkMQwJAYYak16oAGzOBqLUh2anwrk3C4XD7GK1nA
rtN2LzSNfs7tW39/U+MgEXdwubDZb0YGG7ax2OTf5L6lvVyw/EZesryKLdMd4YwG
VwnwlX27vGcCDqNtnbTF+6Coive3XYvzi2bhPX0whR0uR862sudZUURqdUn1pg1a
IrGj3I1T+F9cAQIeUzbUtiS+2XYPeC5tjBU2Gp636Dgt7vnP7glCwgUHZNokYU3J
Dxh/S6SJrwSFpjFxklMV0jIjxxPsY6eeaVXLQCbk0nVuBa4VLtE89g13uq6Simr6
pxHD2g/xJRqzBLNbWb6JmTylSQc+0g==
-----END PRIVATE KEY-----

52
openssl-ca/dev/private/development-1.key.pem Normal file
View File

@@ -0,0 +1,52 @@
-----BEGIN PRIVATE KEY-----
MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQC9Hs4NzMl8Bd0n
CIRJhljCqwctWiyo96cWExWEgPUNKwsVuuG6UYvpvIvTtV5Vnm6XsxX0qn1qveau
e3HSLx4GO32VTh/2TZ6g5UWq67MyEQZcsNqgx/HwQYvyZG+xhprlSgCb0QXg3CdQ
DZkPgGaZs6C66qW5PLRdGBF6U4fHy5qYa0qXJbzwnXS2CC0uTrcj20/ixg3MssLy
/y8IKa2xfimcokjR9B/puPoik5FfaiZH2gXlhR74QCU86BOtLiH63ahYjUcIX+qT
u46hGyS1DBVVRKA9TkUqINQJPvxuhzyQl4pI4tnb5T+DpvqvHu8sIakoMz/s8uxy
bJqXHeH5NqSzBy6KUHS7BKsHtD39UhkjOr6FzrnrdDsi+EQK9r7aZ+R+vcGHaw4H
6RPBzoBAYfHKoLG1QuC0cVZ+qa1krQo7k8LaELCvMieEU5Oo1zlXN0C3LVy1odVB
Oj4/PD6uLyukVFuoghYLj7sZ5q02qKx0nFfKEQ8ZEEmYsnO1TQxouyTPmOdj4Dev
/G9adWMDkh3zdLXocxY/BCvMRRIzMpcOYiwXKRp6/RvvcSi4Czam3Bj0Tpi3ORvI
+yvcd6OwAtI5/xmgNZSWKk4pj01ZqSW/6MBWIb5KIrhbZVhOySAdO587dmmQiu0J
t9RDqwENCQeC1Bt8jHWoU6vHaFIunQIDAQABAoICAE7eIlsh7GKCxYPqKtTIqIpi
LYeNw/Mg+Dad9crAxrDbou9IdKsxJ7JtdThwOetlu0QbJIxYbx4NHL7l7wUSrig2
NfyGTJD4NK9vfZq2WZAHBoqwHDSRvYUOqLCIjwXPFxiIwHE6fYOU+/YH/a03xFHT
1bMteLgjpyntiBhl7kl1UL7Ae6ZF0CHd4BarmT/nBrv20T1Gj+muINuabMAwNWXA
MdVG3ixkbMyY3gN+W9EZIOa09uGNHumzQnRAajg99WC7gGGRZS6KZXZ/cI8iFTBF
Xj4ldNesJO7ZKuPCNx5W2nyIHdygce8gjti10XQnZ+GVFgiUOtPzSIS9YsijZyFB
zG17KzPmE2yPiGFkcXkWZTlJ9l8n5yjuRFjwEacTIBF4C1keU6snPhzmn+wEsJ1N
z/cdjikjbqs2LzmqwNS3+DSmgm2gNEozIA2qfRWL9izNn/sVe+wpdbLG/09MYQpd
3GoJVWoqykJsJQlD0W51kYOch+cPacANyY05vUipJ2OhMSRB+F2NgpMTJeekKOeA
lutvy4W3JyY7Hvdom7IsVWQn8+VqLxVumU/aWwSTrQ9c6A/xJpzC7i2tkJR5Yz89
CZ+5x/vbc8RbZmpfrpc6TM1yaro/IfU2qcr5v8PJ2WS1bZCuj2hFGHDkgjr184hl
T34csKaMQFc3MJzqgzQXAoIBAQDfSE062HgZSKaJrffR1Ir34H+5PI1U20HGzEMY
8iU8Go/QRYL1RaQs2gkwx3IebRkIFZkT2f2PaYFTDx2dymwNr3IgZRwz6itI0Pja
ZwNjVrtnvFzPW1SMEWI4ddPWCyoTI6vN0CBYnT1Sh2jPcTfKrNqoPieIyhnQ8zrH
ZSqTj16vgp/oremzpvbhTXfhfZwtpwCtN7ZHkoRszILwXfFiLzVVG58amfd8rqx9
1wjtjERqOS5tQ8XK1gK3uyn7uNsOJDwoduPAHp3NWWEX5wOlafGJfyT9TvpXTlU5
JafN7NYVr63wjvz4d4/sf6ZFlsmFIXtOw7il2xbURJ5f6MD/AoIBAQDY1QaS+z6/
WnovkUFaLpvTRT6lmLi1dWP/k9pRj8EpvrlCn51AYs7k9n7qrxQThp0q6TzPE9r/
wWqXCVlDRv/wmTc2uYCiibrscz32ZHex/8xAxfc0pWevX3wRa4Q/ZV+Ubf7Gjb9D
3kinrf/6weMVzmVQ9A3pHpy0ENUGJURJYF6SJxQdt4RbY44xyUWuzBV1/Guxj5hB
4kFZadtMT3tBgAYS+p9BjRxon5g4Q8n7mN5D421tYlHaOcxHgysQQMHaqiJ34QFp
zq0AMafO3ODxwPNuDESTOncr7Ng1kS6R1MjsKwDGmeU7aAU6sjyNBKFkGWcHKiC6
GS4WV3JKJHRjAoIBABa0O2YobM3lXUnSrshfXGIoKdSkG5rtUJruWkRHGxIpgUYk
S1S1aCRHZ3fWT/xYC5uO1qn2GJpkmAniF5jb5HDfzjMNFPkSbqRQ230ZzHZlc1jx
Bl7vYoF7owkqsgepyvV3QxkCeMeJ9ZpWuomdcZbiTLme2FZIdqeQlAGCf/nRMkeW
eLwoMwNZjvEJ946uPxtFSARVDevpMh3+DbJzWwAo3Ltyu5Lw5QGAoXmKTBYblTlX
5yilI4+kg1I7beFywpOFi7hxnmcCtfkThZPwoaZIR487pn87cKlABdpxwcZmtr4t
xvoXEBIT1kauFDIvSv6GkQtJS5VR2dhrwc7u0/ECggEBAJKeQUrD/yLvMC3X/6PW
XmHWsczR3xw8W7jnJjn+hbQPlj/5pCB0b8gc8acJaf7mCIKKoia4G17TT5r/pE88
xDXRtKcZemTt0uqt5lkkiFdhS6EE++qqadkJLOCungcsKhw44I0sLgfbV6+ilbPe
xQnqvVGnJXzbyURtGU6Fho5DTs9vA0gw3pvZTr5VhfvzXhOg8sVm/qKWNnAah0Ir
gIHC6tiMhYGSxIHuYMSy+fJZ5Pls4IKVeBmi+YHlrQnZb/vHDXWYPRdpvEukR/82
FhkCythADWKspwaZqX1XRXEwvAgN8AFa8Mlhxh9xhEYqumLwVl1e3DBadHKBAPQn
gFcCggEBAIKyiZN+uNBVGkyFuTWgCK99Urc0P+tW2nGmLEMQIMWZONNnqifa/qA3
Jkzwp9CkiNf1OBu69kNL8+VEv3hXrP/ImdrialqKjnpwGHVJLNfWfbh1ui2OaW8p
0VBYPmcHvl8YfU+ACovDiLEPzW6+MJ3GT0gSLZmij/BjV928Jqs5DKocm804gMiL
gvFyl42Cn7Y/yU0L4Y2IgO3eYppyOi4yzrXVJFGgOojlF5LR+MJKuye75mGKZ6+I
n/GUJzWFr7h+BBfcUBq0XcfMPp5mi2+VauLKZUnDsGluK8qYHNFjjhyY6k52tpy2
HASxYxukN5J2VrTleD1DiwAmETer0rA=
-----END PRIVATE KEY-----

1
openssl-ca/dev/serial Normal file
View File

@@ -0,0 +1 @@
03

1
openssl-ca/dev/serial.old Normal file
View File

@@ -0,0 +1 @@
02

58
openssl-ca/openssl.cnf Normal file
View File

@@ -0,0 +1,58 @@
[ ca ]
default_ca = CA_default # The default ca section
[ CA_default ]
dir = . # top dir
database = $dir/index.txt # index file.
new_certs_dir = $dir/certs # new certs dir
certificate = $dir/ca.cert.pem # The CA cert
serial = $dir/serial # serial no file
private_key = $dir/private/ca.key.pem# CA private key
RANDFILE = $dir/private/.rand # random number file
default_startdate = 19700101000000Z
default_enddate = 99991231235959Z
default_crl_days= 30 # how long before next CRL
default_md = sha256 # md to use
policy = policy_any # default policy
email_in_dn = no # Don't add the email into cert DN
name_opt = ca_default # Subject name display option
cert_opt = ca_default # Certificate display option
copy_extensions = none # Don't copy extensions from request
[ policy_any ]
organizationName = match
commonName = supplied
[ req ]
default_bits = 2048
distinguished_name = req_distinguished_name
x509_extensions = v3_leaf
encrypt_key = no
default_md = sha256
[ req_distinguished_name ]
commonName = Common Name (eg, YOUR name)
commonName_max = 64
[ v3_ca ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints = CA:TRUE
[ v3_inter ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints = CA:TRUE,pathlen:0
[ v3_leaf ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints = CA:FALSE

0
patches/.keep Normal file
View File

67
scripts/flash-cm4.sh Executable file
View File

@@ -0,0 +1,67 @@
#!/bin/bash
# flash-cm4.sh - Flash CM4 eMMC while EMMC_DISABLE jumper is bridged
# Usage: ./scripts/flash-cm4.sh [/dev/sdX]
# If no device given, auto-detects the CM4 USB mass storage device.
set -euo pipefail
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
BEACON_DIR="$(cd "$SCRIPT_DIR/.." && pwd)"
REPO_ROOT="$(cd "$BEACON_DIR/.." && pwd)"
USBBOOT_DIR="$REPO_ROOT/usbboot"
IMAGE="$REPO_ROOT/output/images/sdcard.img.xz"
# Build rpiboot from source if not already compiled
if [ ! -x "$USBBOOT_DIR/rpiboot" ]; then
echo "==> Building rpiboot from source..."
make -C "$USBBOOT_DIR"
fi
# Step 1: Expose CM4 eMMC as USB mass storage
echo "==> Running rpiboot to expose CM4 eMMC (EMMC_DISABLE jumper must be bridged)..."
sudo "$USBBOOT_DIR/rpiboot" -d "$USBBOOT_DIR/mass-storage-gadget64"
echo "==> rpiboot done, waiting for block device..."
# Step 2: Find the device (explicit arg or auto-detect USB disk ~8 GiB)
if [ -n "${1:-}" ]; then
DEVICE="$1"
echo "==> Using specified device: $DEVICE"
else
DEVICE=""
for i in $(seq 1 30); do
sleep 1
# Detect USB block device of 7-8 GiB (CM4 eMMC)
DEVICE=$(lsblk -dno NAME,TRAN,SIZE \
| awk '$2=="usb" && ($3~/^7\.[0-9]+G$/ || $3~/^8\.[0-9]+G$/) {print "/dev/"$1}' \
| head -1)
[ -n "$DEVICE" ] && break
printf " waiting... (%ds)\r" "$i"
done
if [ -z "$DEVICE" ]; then
echo "ERROR: CM4 eMMC did not appear as a USB block device within 30s."
echo " Run 'lsblk' manually and re-run with explicit device: $0 /dev/sdX"
exit 1
fi
echo "==> Auto-detected CM4 eMMC at $DEVICE"
fi
# Step 3: Safety check - refuse to flash the host nvme/sata disk
if echo "$DEVICE" | grep -qE '^/dev/(nvme|sd[a-z]{2,}|sda$)'; then
lsblk -dno TRAN "$DEVICE" | grep -qx usb || {
echo "ERROR: $DEVICE does not appear to be a USB device. Aborting."
exit 1
}
fi
# Step 4: Unmount any auto-mounted partitions
echo "==> Unmounting $DEVICE partitions..."
sudo umount "${DEVICE}"?* 2>/dev/null || true
sudo umount "${DEVICE}"[0-9]* 2>/dev/null || true
# Step 5: Flash via bmaptool
echo "==> Flashing $IMAGE -> $DEVICE ..."
sudo bmaptool copy "$IMAGE" "$DEVICE"
sudo sync
echo ""
echo "==> Flash complete!"
echo " Remove the EMMC_DISABLE jumper, then power-cycle the CM4."