From d85dc2a81975bcce36175b61c86e269d6a6e99c5 Mon Sep 17 00:00:00 2001
From: jackcybertan <jack.tsai@cybertan.com.tw>
Date: Fri, 25 Jul 2025 16:10:21 +0800
Subject: [PATCH] certificates: Enhance PKI enrollment on squashfs (SonicFi
 RAP6* series)

The updated flow:
- Mount /dev/mtdblock* (the certificates partition) to /mnt
- Copy its contents to /certificates
- Unmount /mnt
- Extract the PKI 2.0 certificates into /certificates

Fixes: WIFI-14904
Signed-off-by: jackcybertan <jack.tsai@cybertan.com.tw>
---
 feeds/tip/certificates/files/usr/bin/mount_certs | 13 +++++++++++++
 feeds/tip/certificates/files/usr/bin/store_certs | 12 ++++++++++++
 2 files changed, 25 insertions(+)

diff --git a/feeds/tip/certificates/files/usr/bin/mount_certs b/feeds/tip/certificates/files/usr/bin/mount_certs
index 3255e16e1..60ece34b1 100755
--- a/feeds/tip/certificates/files/usr/bin/mount_certs
+++ b/feeds/tip/certificates/files/usr/bin/mount_certs
@@ -58,6 +58,19 @@ udaya,a5-id2)
 		[ -n "$mtd" ] && tar xf /dev/mtdblock$mtd -C /certificates
 	fi
 	;;
+sonicfi,rap6*)
+	mtd=$(find_mtd_index certificates)
+	if [ "$(head -c 4 /dev/mtd$mtd)" == "hsqs" ]; then
+		mount -t squashfs /dev/mtdblock$mtd /mnt
+		cp /mnt/* /certificates
+		umount /mnt
+	fi
+	part=$(tar_part_lookup "0:BOOTCONFIG" "0:BOOTCONFIG1")
+	if [ -n "$part" ]; then
+		mtd=$(find_mtd_index $part)
+		[ -n "$mtd" ] && tar xf /dev/mtdblock$mtd -C /certificates
+	fi
+	;;
 *)
 	mtd=$(find_mtd_index certificates)
 
diff --git a/feeds/tip/certificates/files/usr/bin/store_certs b/feeds/tip/certificates/files/usr/bin/store_certs
index 10427306f..8d2dd47b7 100755
--- a/feeds/tip/certificates/files/usr/bin/store_certs
+++ b/feeds/tip/certificates/files/usr/bin/store_certs
@@ -28,4 +28,16 @@ udaya,a5-id2)
 	mtd=$(find_mtd_index $part)
 	dd if=/tmp/certs.tar of=/dev/mtdblock$mtd
 	;;
+sonicfi,rap6*)
+	if [ "$(fw_printenv -n store_certs_disabled)" != "1" ]; then
+		cd /certificates
+		tar cf /tmp/certs.tar .
+		part=$(tar_part_lookup "0:BOOTCONFIG" "0:BOOTCONFIG1")
+		mtd=$(find_mtd_index $part)
+		block_size=$(cat /sys/class/mtd/mtd$mtd/size)
+		dd if=/tmp/certs.tar of=/tmp/certs_pad.tar bs=$block_size conv=sync
+		mtd write /tmp/certs_pad.tar /dev/mtd$mtd
+		rm -f /tmp/certs.tar /tmp/certs_pad.tar
+	fi
+	;;
 esac