efitools: do not do_sign if GRUB_SIGN_VERIFY not enabled

If GRUB_SIGN_VERIFY is not enabled, do_sign will fail in which GPG_PATH is not set (--homedir None) ... |DEBUG: Executing python function do_sign |NOTE: Running: echo "SecureCore" | tmp-glibc/hosttools/gpg --pinentry-mode loopback --batch --homedir None -u "SecureBootCore" --detach-sign --passphrase-fd 0 "tmp-glibc/work/core2-32-wrs-linux/efitools/ 1.9.2+gitAUTOINC+392836a46c-r0/image/boot/efi/EFI/BOOT/LockDown.efi" |ERROR: Failed to sign: tmp-glibc/work/core2-32-wrs-linux/efitools/ 1.9.2+gitAUTOINC+392836a46c-r0/image/boot/efi/EFI/BOOT/LockDown.efi ... Since GPG_PATH is set in do_sign's prefunc check_boot_public_key if GRUB_SIGN_VERIFY is enabled, add the same condition to do_sign Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
author: Hongxu Jia <hongxu.jia@windriver.com> 2019-11-19 00:47:48 -0800
committer: Jia Zhang <zhang.jia@linux.alibaba.com> 2019-11-19 18:09:03 +0800
commit: 08c3f81a5fa0fb6567eaf895cdb9521ffe146b97 (patch)
tree: 49aa6243ca351f45fde1f6079d60d136bacc1976
parent: 73602a5eeaf46c3cdee228175d2cc853a58a05f8 (diff)
download: meta-secure-core-08c3f81a5fa0fb6567eaf895cdb9521ffe146b97.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/meta-efi-secure-boot/recipes-bsp/efitools/efitools.inc b/meta-efi-secure-boot/recipes-bsp/efitools/efitools.inc
index d544675..9f4bec4 100644
--- a/meta-efi-secure-boot/recipes-bsp/efitools/efitools.inc
+++ b/meta-efi-secure-boot/recipes-bsp/efitools/efitools.inc
@@ -61,6 +61,9 @@ do_install() {
 }
 fakeroot python do_sign_class-target() {
+    if d.getVar('GRUB_SIGN_VERIFY', True) != '1':
+        return
    image_dir = d.getVar('D', True)
    efi_boot_path = d.getVar('EFI_BOOT_PATH', True)
    uks_boot_sign(os.path.join(image_dir + efi_boot_path, 'LockDown.efi'), d)
author	Hongxu Jia <hongxu.jia@windriver.com>	2019-11-19 00:47:48 -0800
committer	Jia Zhang <zhang.jia@linux.alibaba.com>	2019-11-19 18:09:03 +0800
commit	08c3f81a5fa0fb6567eaf895cdb9521ffe146b97 (patch)
tree	49aa6243ca351f45fde1f6079d60d136bacc1976
parent	73602a5eeaf46c3cdee228175d2cc853a58a05f8 (diff)
download	meta-secure-core-08c3f81a5fa0fb6567eaf895cdb9521ffe146b97.tar.gz

diff --git a/meta-efi-secure-boot/recipes-bsp/efitools/efitools.inc b/meta-efi-secure-boot/recipes-bsp/efitools/efitools.inc index d544675..9f4bec4 100644 --- a/meta-efi-secure-boot/recipes-bsp/efitools/efitools.inc +++ b/meta-efi-secure-boot/recipes-bsp/efitools/efitools.inc
@@ -61,6 +61,9 @@ do_install() {
61	}	61	}
62		62
63	fakeroot python do_sign_class-target() {	63	fakeroot python do_sign_class-target() {
		64	if d.getVar('GRUB_SIGN_VERIFY', True) != '1':
		65	return
		66
64	image_dir = d.getVar('D', True)	67	image_dir = d.getVar('D', True)
65	efi_boot_path = d.getVar('EFI_BOOT_PATH', True)	68	efi_boot_path = d.getVar('EFI_BOOT_PATH', True)
66	uks_boot_sign(os.path.join(image_dir + efi_boot_path, 'LockDown.efi'), d)	69	uks_boot_sign(os.path.join(image_dir + efi_boot_path, 'LockDown.efi'), d)