patches: carry forward fwtool EST support check (0040)

Checks for EST (Enrollment over Secure Transport) support if the certificate was issued via EST. Renumbered from patches/0091. Signed-off-by: John Crispin <john@phrozen.org>
2025-10-30 01:52:51 +00:00 · 2025-10-19 00:00:00 +02:00
parent 18de3bf9f3
commit 4c71fe5aee
1 changed files with 7 additions and 4 deletions
--- a/patches-24.10/0040-fwtool-check-for-EST-support-if-the-cert-was-issued-.patch
+++ b/patches-24.10/0040-fwtool-check-for-EST-support-if-the-cert-was-issued-.patch
@@ -1,7 +1,10 @@
-From 8e70ae7c71fb0a31b3b95f156b2d865ba8a07ae8 Mon Sep 17 00:00:00 2001
+From e282d1b08777ea8ba8bc8e411fe266129869ce62 Mon Sep 17 00:00:00 2001
 From: John Crispin <john@phrozen.org>
 Date: Fri, 13 Jun 2025 12:06:48 +0200
-Subject: [PATCH] fwtool: check for EST support if the cert was issued by insta
+Subject: [PATCH 40/55] fwtool: check for EST support if the cert was issued by
+ insta
+
+Adds EST certificate validation during firmware upgrade to ensure signed images are only accepted on devices with valid certificates.

 Signed-off-by: John Crispin <john@phrozen.org>
 ---
@@ -10,7 +13,7 @@ Signed-off-by: John Crispin <john@phrozen.org>
 2 files changed, 6 insertions(+), 1 deletion(-)

 diff --git a/include/image-commands.mk b/include/image-commands.mk
-index d3c9cea293..b7a0d98d3d 100644
+index 21d53877f1..30cfd00f97 100644
 --- a/include/image-commands.mk
 +++ b/include/image-commands.mk
@@ -85,7 +85,8 @@ metadata_json = \
@@ -24,7 +27,7 @@ index d3c9cea293..b7a0d98d3d 100644
 
 define Build/append-metadata
 diff --git a/package/base-files/files/lib/upgrade/fwtool.sh b/package/base-files/files/lib/upgrade/fwtool.sh
-index 8bd00a3332..a84eb96baf 100644
+index 8bd00a3332..eb0465d4de 100644
 --- a/package/base-files/files/lib/upgrade/fwtool.sh
 +++ b/package/base-files/files/lib/upgrade/fwtool.sh
@@ -51,6 +51,10 @@ fwtool_check_image() {