scripts: west_commands: ncs-provision locked key #19328
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
github-actions
bot
added
the
changelog-entry-required
CI InformationTo view the history of this post, clich the 'edited' button above Inputs:Sources:sdk-nrf: PR head: 7e5cbef86ad26baa2cdf0234a26cc1c5d3108974 more detailssdk-nrf:
Github labels
List of changed files detected by CI (1)Outputs:ToolchainVersion: Test Spec & Results: ✅ Success; ❌ Failure; 🟠 Queued; 🟡 Progress; ◻️ Skipped;
|
nvlsianpu
approved these changes
Dec 6, 2024
fundakol
reviewed
Dec 6, 2024
| @@ -34,6 +36,8 @@ def do_add_parser(self, parser_adder): | |||
| "-k", "--key", type=Path, action='append', dest="keys", | |||
| help="Input .pem file with ED25519 private key" | |||
| ) | |||
| upload_parser.add_argument("-p", "--policy", type=str, help="Keys policy", | |||
| choices=["default", "lock"], default="default") | |||
There was a problem hiding this comment.
It's not clear what default means, why don't you use choices=["revoked", "locked"] and
"-r",
args.policy.uppder(),
"-v",There was a problem hiding this comment.
translation table on top
There was a problem hiding this comment.
agree with @fundakol , don't need extra table, and why to change parameter names from nrfprovision tool?
you can use:
upload_parser.add_argument("-p", "--policy", type=str.upper, help="Keys policy",
choices=["REVOKED", "ROTATING", "LOCKED"], default="REVOKED")
There was a problem hiding this comment.
Name 'revoked' suggests it's dead right away. It should be named differently earlier on but here we are.
nvlsianpu
added
backport v2.8-branch
michalek-no
force-pushed
the
mb-provision-lock
branch
from
de12bf0 to
eb606bb
Compare
gchwier
approved these changes
Dec 9, 2024
fundakol
approved these changes
Dec 9, 2024
adds ability to upload key as locked. Signed-off-by: Mateusz Michalek <[email protected]>
michalek-no
force-pushed
the
mb-provision-lock
branch
from
eb606bb to
7e5cbef
Compare
|
rebase |
|
@nvlsianpu should this be backported to 2.8 branch as well ? |
rlubos
removed
the
backport v2.8-branch
|
@shanthanordic Yes it should - it's mitigation to known issue, backward compatible. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
adds ability to upload key as locked.
ref.: NCSDK-30867