diff options
| author | Dmitry Eremin-Solenikov <dmitry_eremin-solenikov@mentor.com> | 2019-09-04 16:39:59 +0300 |
|---|---|---|
| committer | Dmitry Eremin-Solenikov <dmitry_eremin-solenikov@mentor.com> | 2019-09-04 16:39:59 +0300 |
| commit | 883be5aff51ab9e752357fae358d654529bf3d1f (patch) | |
| tree | 58fb9da74ff4b530f2a1ffccc79456370f822aa1 | |
| parent | b0dfb596dacaff6d7442deb25653a297b1d2d26d (diff) | |
| download | meta-secure-core-883be5aff51ab9e752357fae358d654529bf3d1f.tar.gz | |
seloader: use pkcs7 drivers from OVMF
Rather than using pre-compiled EFI drivers, use freshly compiled drivers
from OVMF source tree.
Signed-off-by: Dmitry Eremin-Solenikov <dmitry_eremin-solenikov@mentor.com>
| -rw-r--r-- | meta-efi-secure-boot/recipes-bsp/seloader/seloader_git.bb | 19 |
1 files changed, 6 insertions, 13 deletions
diff --git a/meta-efi-secure-boot/recipes-bsp/seloader/seloader_git.bb b/meta-efi-secure-boot/recipes-bsp/seloader/seloader_git.bb index 0931af3..fee1504 100644 --- a/meta-efi-secure-boot/recipes-bsp/seloader/seloader_git.bb +++ b/meta-efi-secure-boot/recipes-bsp/seloader/seloader_git.bb | |||
| @@ -21,7 +21,7 @@ LICENSE = "BSD-3-Clause" | |||
| 21 | LIC_FILES_CHKSUM = "file://LICENSE;md5=d9bf404642f21afb4ad89f95d7bc91ee" | 21 | LIC_FILES_CHKSUM = "file://LICENSE;md5=d9bf404642f21afb4ad89f95d7bc91ee" |
| 22 | 22 | ||
| 23 | DEPENDS += "\ | 23 | DEPENDS += "\ |
| 24 | gnu-efi sbsigntool-native openssl-native \ | 24 | gnu-efi sbsigntool-native openssl-native ovmf \ |
| 25 | " | 25 | " |
| 26 | 26 | ||
| 27 | PV = "0.4.6+git${SRCPV}" | 27 | PV = "0.4.6+git${SRCPV}" |
| @@ -53,10 +53,6 @@ EFI_TARGET = "/boot/efi/EFI/BOOT" | |||
| 53 | python do_sign() { | 53 | python do_sign() { |
| 54 | sb_sign(d.expand('${B}/Src/Efi/SELoader.efi'), \ | 54 | sb_sign(d.expand('${B}/Src/Efi/SELoader.efi'), \ |
| 55 | d.expand('${B}/Src/Efi/SELoader.efi.signed'), d) | 55 | d.expand('${B}/Src/Efi/SELoader.efi.signed'), d) |
| 56 | sb_sign(d.expand('${B}/Bin/Hash2DxeCrypto.efi'), \ | ||
| 57 | d.expand('${B}/Bin/Hash2DxeCrypto.efi.signed'), d) | ||
| 58 | sb_sign(d.expand('${B}/Bin/Pkcs7VerifyDxe.efi'), \ | ||
| 59 | d.expand('${B}/Bin/Pkcs7VerifyDxe.efi.signed'), d) | ||
| 60 | } | 56 | } |
| 61 | addtask sign after do_compile before do_install | 57 | addtask sign after do_compile before do_install |
| 62 | do_sign[prefuncs] += "check_deploy_keys" | 58 | do_sign[prefuncs] += "check_deploy_keys" |
| @@ -65,6 +61,9 @@ do_install() { | |||
| 65 | install -d ${D}${EFI_TARGET} | 61 | install -d ${D}${EFI_TARGET} |
| 66 | 62 | ||
| 67 | oe_runmake install EFI_DESTDIR=${D}${EFI_TARGET} | 63 | oe_runmake install EFI_DESTDIR=${D}${EFI_TARGET} |
| 64 | # Remove precompiled files, now provided by OVMF | ||
| 65 | rm -f ${D}${EFI_TARGET}/Hash2DxeCrypto.efi | ||
| 66 | rm -f ${D}${EFI_TARGET}/Pkcs7VerifyDxe.efi | ||
| 68 | 67 | ||
| 69 | if [ x"${UEFI_SB}" = x"1" ]; then | 68 | if [ x"${UEFI_SB}" = x"1" ]; then |
| 70 | if [ x"${MOK_SB}" != x"1" ]; then | 69 | if [ x"${MOK_SB}" != x"1" ]; then |
| @@ -80,8 +79,6 @@ do_deploy() { | |||
| 80 | 79 | ||
| 81 | install -m 0600 "${B}/Src/Efi/SELoader.efi" \ | 80 | install -m 0600 "${B}/Src/Efi/SELoader.efi" \ |
| 82 | "${DEPLOYDIR}/efi-unsigned/SELoader${EFI_ARCH}.efi" | 81 | "${DEPLOYDIR}/efi-unsigned/SELoader${EFI_ARCH}.efi" |
| 83 | install -m 0600 "${B}/Bin/Hash2DxeCrypto.efi" "${DEPLOYDIR}/efi-unsigned" | ||
| 84 | install -m 0600 "${B}/Bin/Pkcs7VerifyDxe.efi" "${DEPLOYDIR}/efi-unsigned" | ||
| 85 | 82 | ||
| 86 | # Deploy the signed images | 83 | # Deploy the signed images |
| 87 | if [ x"${UEFI_SB}" = x"1" -a x"${MOK_SB}" != x"1" ]; then | 84 | if [ x"${UEFI_SB}" = x"1" -a x"${MOK_SB}" != x"1" ]; then |
| @@ -91,15 +88,11 @@ do_deploy() { | |||
| 91 | fi | 88 | fi |
| 92 | install -m 0600 "${D}${EFI_TARGET}/${SEL_NAME}${EFI_ARCH}.efi" \ | 89 | install -m 0600 "${D}${EFI_TARGET}/${SEL_NAME}${EFI_ARCH}.efi" \ |
| 93 | "${DEPLOYDIR}/${SEL_NAME}${EFI_ARCH}.efi" | 90 | "${DEPLOYDIR}/${SEL_NAME}${EFI_ARCH}.efi" |
| 94 | install -m 0600 "${D}${EFI_TARGET}/Hash2DxeCrypto.efi" \ | ||
| 95 | "${DEPLOYDIR}/Hash2DxeCrypto.efi" | ||
| 96 | install -m 0600 "${D}${EFI_TARGET}/Pkcs7VerifyDxe.efi" \ | ||
| 97 | "${DEPLOYDIR}/Pkcs7VerifyDxe.efi" | ||
| 98 | } | 91 | } |
| 99 | addtask deploy after do_install before do_build | 92 | addtask deploy after do_install before do_build |
| 100 | 93 | ||
| 94 | RDEPENDS_${PN} += "ovmf-pkcs7-efi" | ||
| 95 | |||
| 101 | FILES_${PN} += "${EFI_TARGET}" | 96 | FILES_${PN} += "${EFI_TARGET}" |
| 102 | 97 | ||
| 103 | SSTATE_DUPWHITELIST += "${DEPLOY_DIR_IMAGE}/efi-unsigned" | 98 | SSTATE_DUPWHITELIST += "${DEPLOY_DIR_IMAGE}/efi-unsigned" |
| 104 | SSTATE_DUPWHITELIST += "${DEPLOY_DIR_IMAGE}/Hash2DxeCrypto.efi" | ||
| 105 | SSTATE_DUPWHITELIST += "${DEPLOY_DIR_IMAGE}/Pkcs7VerifyDxe.efi" | ||