Page History

...

CPE App Execution Flow: How an App gets launched on device

The libPackage library at runtime uses all the compatible certificates present in DAC_APP_CERT_PATH for verifying the signature of the bolt package. DAC_APP_CERT_PATH is unique to device build configuration (Reference: here).

Reference Commands and Tools

...

Generates a 2048-bit RSA private key and saves it to private_key.pem. When prompted, input the Secret Passphrase.

openssl genrsa -out private_key.pem 2048

Extract the public key

This step extracts the public key from the private key and saves it to public.pem

openssl rsa -in private_key.pem -pubout -out public.pem

Generate a self-signed certificate with 10yr validity

Creates a self-signed X.509 certificate using the private key (private_key.pem) and saves it to certificate.pem

openssl req -new -x509 -key private_key.pem -out certificate.pem -days 3650 -subj "/C=US/ST=Pennsylvania/L=Philadelphia/O=RDKM/OU=RDKE MW/CN=RDKM"

Create a PKCS#12 File

This P12 file (signing.p12) contains the private key and the certificate. Used for securely storing and transporting private keys and certificates. When prompted, input the same Secret Passphrase.

openssl pkcs12 -export -out signing.p12 -inkey private_key.pem -in certificate.pem

Check the private key

This verifies the integrity of the private key (private_key.pem)

openssl rsa -in private_key.pem -check

Inspect the Certificate

Displays the details of the certificate (certificate.pem) in a human-readable format without outputting the raw certificate.

...

This section explains how to verify the signature information of a Bolt bundle on the device side. The flow is explained with respect to the FactoryApp launch flow diagram.

CPE device should have the public key in it's DAC_APP_CERT_PATH directory which will be used by libPackage to verify each bundles signature.

A sample test application named ralfinfocan be used to inspect the bundle details on the DUT which closely mimics the behavior of the plugin based runtime logic.

...