linux-yocto-integrity: fix modsign key path

Use modsign key directly from uks_modsign_keys_path(d), rather than from installed package. Signed-off-by: Dmitry Eremin-Solenikov <dmitry_eremin-solenikov@mentor.com>
author: Dmitry Eremin-Solenikov <dmitry_eremin-solenikov@mentor.com> 2019-09-16 16:00:09 +0300
committer: Dmitry Eremin-Solenikov <dmitry_eremin-solenikov@mentor.com> 2019-09-16 16:00:09 +0300
commit: b41010c80c98ed5d0f987a97cb927660bc494821 (patch)
tree: 1ea726a76b90493aa59fb045e8cc1a2a17163d8e
parent: 24d27e9f97ea661678d7efe856b00a92789c7f77 (diff)
download: meta-secure-core-b41010c80c98ed5d0f987a97cb927660bc494821.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/meta-integrity/recipes-kernel/linux/linux-yocto-integrity.inc b/meta-integrity/recipes-kernel/linux/linux-yocto-integrity.inc
index b950acd..829c485 100644
--- a/meta-integrity/recipes-kernel/linux/linux-yocto-integrity.inc
+++ b/meta-integrity/recipes-kernel/linux/linux-yocto-integrity.inc
@@ -17,9 +17,11 @@ SRC_URI += "\
 INHIBIT_PACKAGE_STRIP = "${@'1' if d.getVar('MODSIGN_ENABLED', True) == '1' else '0'}"
+inherit ${@'user-key-store' if d.getVar('MODSIGN_ENABLED', True) == '1' else ''}
 do_configure_prepend() {
    sys_cert="${STAGING_DIR_TARGET}${sysconfdir}/keys/system_trusted_key.crt"
-    modsign_key="${STAGING_DIR_TARGET}${sysconfdir}/keys/modsign_key.key"
+    modsign_key="${@uks_modsign_keys_dir(d)}/modsign_key.key"
    modsign_cert="${STAGING_DIR_TARGET}${sysconfdir}/keys/modsign_key.crt"
    if [ -f "$sys_cert" ]; then
author	Dmitry Eremin-Solenikov <dmitry_eremin-solenikov@mentor.com>	2019-09-16 16:00:09 +0300
committer	Dmitry Eremin-Solenikov <dmitry_eremin-solenikov@mentor.com>	2019-09-16 16:00:09 +0300
commit	b41010c80c98ed5d0f987a97cb927660bc494821 (patch)
tree	1ea726a76b90493aa59fb045e8cc1a2a17163d8e
parent	24d27e9f97ea661678d7efe856b00a92789c7f77 (diff)
download	meta-secure-core-b41010c80c98ed5d0f987a97cb927660bc494821.tar.gz

diff --git a/meta-integrity/recipes-kernel/linux/linux-yocto-integrity.inc b/meta-integrity/recipes-kernel/linux/linux-yocto-integrity.inc index b950acd..829c485 100644 --- a/meta-integrity/recipes-kernel/linux/linux-yocto-integrity.inc +++ b/meta-integrity/recipes-kernel/linux/linux-yocto-integrity.inc
@@ -17,9 +17,11 @@ SRC_URI += "\
17		17
18	INHIBIT_PACKAGE_STRIP = "${@'1' if d.getVar('MODSIGN_ENABLED', True) == '1' else '0'}"	18	INHIBIT_PACKAGE_STRIP = "${@'1' if d.getVar('MODSIGN_ENABLED', True) == '1' else '0'}"
19		19
		20	inherit ${@'user-key-store' if d.getVar('MODSIGN_ENABLED', True) == '1' else ''}
		21
20	do_configure_prepend() {	22	do_configure_prepend() {
21	sys_cert="${STAGING_DIR_TARGET}${sysconfdir}/keys/system_trusted_key.crt"	23	sys_cert="${STAGING_DIR_TARGET}${sysconfdir}/keys/system_trusted_key.crt"
22	modsign_key="${STAGING_DIR_TARGET}${sysconfdir}/keys/modsign_key.key"	24	modsign_key="${@uks_modsign_keys_dir(d)}/modsign_key.key"
23	modsign_cert="${STAGING_DIR_TARGET}${sysconfdir}/keys/modsign_key.crt"	25	modsign_cert="${STAGING_DIR_TARGET}${sysconfdir}/keys/modsign_key.crt"
24		26
25	if [ -f "$sys_cert" ]; then	27	if [ -f "$sys_cert" ]; then