diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index a51ecf4..3c60421 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -19,13 +19,20 @@ jobs: with: ref: ${{ matrix.refs }} submodules: 'recursive' + - name: Restore private key + run: | + echo "${{ secrets.PRIVATE_KEY_B64 }}" | base64 -d > private.pem + chmod 600 private.pem - name : Build env: PICO_SDK_PATH: ../pico-sdk + SECURE_BOOT_PKEY: ../private.pem run: | ./workflows/autobuild.sh pico ./build_pico_hsm.sh --no-eddsa ./workflows/autobuild.sh esp32 + - name: Delete private key + run: rm private.pem - name: Update nightly release uses: pyTooling/Actions/releaser@main with: diff --git a/build_pico_hsm.sh b/build_pico_hsm.sh index d61db3b..61aed7b 100755 --- a/build_pico_hsm.sh +++ b/build_pico_hsm.sh @@ -23,12 +23,13 @@ fi cd build_release PICO_SDK_PATH="${PICO_SDK_PATH:-../../pico-sdk}" +SECURE_BOOT_PKEY="${SECURE_BOOT_PKEY:-../../ec_private_key.pem}" board_dir=${PICO_SDK_PATH}/src/boards/include/boards for board in "$board_dir"/* do board_name="$(basename -- "$board" .h)" rm -rf -- ./* - PICO_SDK_PATH="${PICO_SDK_PATH}" cmake .. -DPICO_BOARD=$board_name -DSECURE_BOOT_PKEY=../../ec_private_key.pem + PICO_SDK_PATH="${PICO_SDK_PATH}" cmake .. -DPICO_BOARD=$board_name -DSECURE_BOOT_PKEY=${SECURE_BOOT_PKEY} make -j`nproc` mv pico_hsm.uf2 ../release/pico_hsm_$board_name-$SUFFIX.uf2 done @@ -40,7 +41,7 @@ if [[ $NO_EDDSA -eq 0 ]]; then do board_name="$(basename -- "$board" .h)" rm -rf -- ./* - PICO_SDK_PATH="${PICO_SDK_PATH}" cmake .. -DPICO_BOARD=$board_name -DSECURE_BOOT_PKEY=../../ec_private_key.pem -DENABLE_EDDSA=1 + PICO_SDK_PATH="${PICO_SDK_PATH}" cmake .. -DPICO_BOARD=$board_name -DSECURE_BOOT_PKEY=${SECURE_BOOT_PKEY} -DENABLE_EDDSA=1 make -j`nproc` mv pico_hsm.uf2 ../release_eddsa/pico_hsm_$board_name-$SUFFIX-eddsa1.uf2 done