summaryrefslogtreecommitdiffstats
path: root/meta-oe/recipes-security/softhsm
Commit message (Collapse)AuthorAgeFilesLines
* softhsm: add destroyed global access prevention patchRouven Czerwinski2024-09-272-0/+673
| | | | | | | | | | | | | | Currently softhsm will try to access deleted obejcts due to the order of atexit handler implementations. Add a patch which adds a global variable to track whether objects are deleted and prevents access if this is the case. This fixes a failure with the signing.bbclass where when signing multiple fitimage configurations the second signing operation will lead to a segfault. Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* softhsm_2.6.1.bb fixing p11-kit module path, adding softhsm2.module to FILESGassner, Tobias.ext2024-01-201-1/+3
| | | | | | | | | | | | | | | | | | | | [Edited Message Follows] [Reason: include softhsm2.module only in FILES if pk11 is set in PACKAGECONFIG] From 216dba6552f2b3a65c3fc9b586736d93132a0166 Mon Sep 17 00:00:00 2001 From: "Gassner, Tobias.ext" <tobias.gassner.ext@karlstorz.com> Date: Thu, 18 Jan 2024 12:50:22 +0100 Subject: [PATCH] softhsm_2.6.1.bb fixing p11-kit module path, adding softhsm2.module to FILES In order for the softhsm module to be discoverable by p11-kit proxy the softhsm2.module file must be deployed to ${datadir}/p11-kit/modules. This was previously not the case. Also the p11-kit module path (--with-p11-kit) seemed to point to the wrong directory and had a syntax error (two == instead one =). Signed-off-by: Gassner, Tobias.ext <tobias.gassner.ext@karlstorz.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* softhsm: enable objectstore backendJan Luebbe2023-02-011-0/+1
| | | | | | | | | | | We already depend on sqlite, but the objectstore backend using it is not enabled by default. Add the necessary configure option. The db backend is more robust when accessing the objectstore from many parallel processes (such as during kernel module signing). Signed-off-by: Jan Luebbe <jlu@pengutronix.de> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* softhsm: avoid unnecessary check for native sqlite binaryJan Luebbe2023-02-012-1/+43
| | | | | | | | | SoftHSMv2 actually only uses the sqlite library. With the check for the sqlite3 binary, building with the DB backend would mean depending on sqlite-native. Signed-off-by: Jan Luebbe <jlu@pengutronix.de> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* Convert to new override syntaxMartin Jansa2021-08-031-1/+1
| | | | | | | | | | This is the result of automated script (0.9.1) conversion: oe-core/scripts/contrib/convert-overrides.py . converting the metadata to use ":" as the override character instead of "_". Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* softhsm: update to 2.6.1 and alignakuster2021-02-172-18/+30
| | | | | | | | meta-security has this pkg to but newer. Move from meta-sec to meta-oe minor cleanups. Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* softhsm: add recipeJan Luebbe2019-11-221-0/+18
This is useful for consolidation of code-signing interfaces when building an image with verified boot mechanisms or signed update artifacts. It can also be used on the target as a backend for software which uses the PKCS#11 API to access private key material. Signed-off-by: Jan Luebbe <jlu@pengutronix.de> Signed-off-by: Khem Raj <raj.khem@gmail.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-07-24 00:58:31 +0000