diff options
| author | Tom Rini <trini@konsulko.com> | 2018-10-25 10:37:34 -0400 |
|---|---|---|
| committer | Jia Zhang <zhang.jia@linux.alibaba.com> | 2018-10-25 11:06:56 -0400 |
| commit | 0011b44671ddbbcb58cca426e3fa8a88cd4c9711 (patch) | |
| tree | ab9c214643101756ba52fff972793f52a52e9d40 | |
| parent | 1423a3c5c594fb5b4f6131a42c8d3e243d4958b8 (diff) | |
| download | meta-secure-core-0011b44671ddbbcb58cca426e3fa8a88cd4c9711.tar.gz | |
meta-signing-key: When deploying keys UEFI keys, deploy DER format
Generally speaking, for firmware to import PK/KEK/DB keys they need to
be in the binary "DER" format and typically have the "cer" file
extension. When deploying our keys, convert what we have to that format
and deploy as well for ease of use.
Signed-off-by: Tom Rini <trini@konsulko.com>
| -rw-r--r-- | meta-signing-key/classes/user-key-store.bbclass | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/meta-signing-key/classes/user-key-store.bbclass b/meta-signing-key/classes/user-key-store.bbclass index d300f9d..aa027db 100644 --- a/meta-signing-key/classes/user-key-store.bbclass +++ b/meta-signing-key/classes/user-key-store.bbclass | |||
| @@ -336,6 +336,10 @@ deploy_uefi_sb_keys() { | |||
| 336 | install -d "$deploy_dir" | 336 | install -d "$deploy_dir" |
| 337 | 337 | ||
| 338 | cp -af "${UEFI_SB_KEYS_DIR}"/* "$deploy_dir" | 338 | cp -af "${UEFI_SB_KEYS_DIR}"/* "$deploy_dir" |
| 339 | for KEY in DB KEK PK; do | ||
| 340 | openssl x509 -in "${UEFI_SB_KEYS_DIR}"/${KEY}.crt \ | ||
| 341 | -out "$deploy_dir"/${KEY}.cer -outform DER; | ||
| 342 | done | ||
| 339 | fi | 343 | fi |
| 340 | } | 344 | } |
| 341 | 345 | ||