summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLans Zhang <jia.zhang@windriver.com>2017-06-29 10:50:23 +0800
committerLans Zhang <jia.zhang@windriver.com>2017-06-29 10:52:06 +0800
commite664a331d51d7cebc4bf8bfdd39eb534632f90d1 (patch)
tree0efc342e48013d456e56896b4d945bc0b8d2a90a
parentad2d9c8e226c95b36f6fa9bd8ae3efd8551372ac (diff)
downloadmeta-secure-core-e664a331d51d7cebc4bf8bfdd39eb534632f90d1.tar.gz
code style fixup
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
Diffstat
-rw-r--r--meta-efi-secure-boot/recipes-base/packagegroups/packagegroup-efi-secure-boot.bb10
-rw-r--r--meta-efi-secure-boot/recipes-bsp/efitools/efitools-native_git.bb2
-rw-r--r--meta-efi-secure-boot/recipes-bsp/efitools/efitools.inc4
-rw-r--r--meta-efi-secure-boot/recipes-bsp/efitools/efitools_git.bb6
-rw-r--r--meta-efi-secure-boot/recipes-bsp/grub/grub-efi_2.02.bbappend6
-rw-r--r--meta-efi-secure-boot/recipes-bsp/seloader/seloader_git.bb41
-rw-r--r--meta-efi-secure-boot/recipes-bsp/shim/shim_git.bb6
-rw-r--r--meta-efi-secure-boot/recipes-core/systemd/systemd_%.bbappend8
-rw-r--r--meta-efi-secure-boot/recipes-kernel/linux/linux-yocto-efi-secure-boot.inc2
-rw-r--r--meta-integrity/recipes-kernel/linux/linux-yocto-integrity.inc8
10 files changed, 51 insertions, 42 deletions
diff --git a/meta-efi-secure-boot/recipes-base/packagegroups/packagegroup-efi-secure-boot.bb b/meta-efi-secure-boot/recipes-base/packagegroups/packagegroup-efi-secure-boot.bb
index a2b35b1..ab0281c 100644
--- a/meta-efi-secure-boot/recipes-base/packagegroups/packagegroup-efi-secure-boot.bb
+++ b/meta-efi-secure-boot/recipes-base/packagegroups/packagegroup-efi-secure-boot.bb
@@ -1,13 +1,15 @@
1DESCRIPTION = "EFI Secure Boot packages for secure-environment." 1DESCRIPTION = "EFI Secure Boot packages for secure-environment."
2LICENSE = "MIT" 2LICENSE = "MIT"
3LIC_FILES_CHKSUM = "file://${COREBASE}/LICENSE;md5=4d92cd373abda3937c2bc47fbc49d690 \ 3LIC_FILES_CHKSUM = "\
4 file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420" 4 file://${COREBASE}/LICENSE;md5=4d92cd373abda3937c2bc47fbc49d690 \
5 file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420 \
6"
5 7
6S = "${WORKDIR}" 8S = "${WORKDIR}"
7 9
8ALLOW_EMPTY_${PN} = "1" 10ALLOW_EMPTY_${PN} = "1"
9 11
10pkgs = " \ 12pkgs = "\
11 grub-efi \ 13 grub-efi \
12 efitools \ 14 efitools \
13 efibootmgr \ 15 efibootmgr \
@@ -19,7 +21,7 @@ pkgs = " \
19RDEPENDS_${PN}_x86 = "${pkgs}" 21RDEPENDS_${PN}_x86 = "${pkgs}"
20RDEPENDS_${PN}_x86-64 = "${pkgs}" 22RDEPENDS_${PN}_x86-64 = "${pkgs}"
21 23
22kmods = " \ 24kmods = "\
23 kernel-module-efivarfs \ 25 kernel-module-efivarfs \
24 kernel-module-efivars \ 26 kernel-module-efivars \
25" 27"
diff --git a/meta-efi-secure-boot/recipes-bsp/efitools/efitools-native_git.bb b/meta-efi-secure-boot/recipes-bsp/efitools/efitools-native_git.bb
index 890abcf..d7159d8 100644
--- a/meta-efi-secure-boot/recipes-bsp/efitools/efitools-native_git.bb
+++ b/meta-efi-secure-boot/recipes-bsp/efitools/efitools-native_git.bb
@@ -4,7 +4,7 @@ inherit native
4 4
5DEPENDS_append = " gnu-efi-native" 5DEPENDS_append = " gnu-efi-native"
6 6
7EXTRA_OEMAKE_append = " \ 7EXTRA_OEMAKE_append = "\
8 INCDIR_PREFIX='${STAGING_DIR_NATIVE}' \ 8 INCDIR_PREFIX='${STAGING_DIR_NATIVE}' \
9 CRTPATH_PREFIX='${STAGING_DIR_NATIVE}' \ 9 CRTPATH_PREFIX='${STAGING_DIR_NATIVE}' \
10 EXTRA_LDFLAGS='-Wl,-rpath,${libdir}' \ 10 EXTRA_LDFLAGS='-Wl,-rpath,${libdir}' \
diff --git a/meta-efi-secure-boot/recipes-bsp/efitools/efitools.inc b/meta-efi-secure-boot/recipes-bsp/efitools/efitools.inc
index 9a9888c..c9de4db 100644
--- a/meta-efi-secure-boot/recipes-bsp/efitools/efitools.inc
+++ b/meta-efi-secure-boot/recipes-bsp/efitools/efitools.inc
@@ -10,7 +10,7 @@ in the Linux 3.8 kernel. \
10LICENSE = "GPLv2" 10LICENSE = "GPLv2"
11LIC_FILES_CHKSUM = "file://COPYING;md5=e28f66b16cb46be47b20a4cdfe6e99a1" 11LIC_FILES_CHKSUM = "file://COPYING;md5=e28f66b16cb46be47b20a4cdfe6e99a1"
12 12
13SRC_URI = " \ 13SRC_URI = "\
14 git://git.kernel.org/pub/scm/linux/kernel/git/jejb/efitools.git \ 14 git://git.kernel.org/pub/scm/linux/kernel/git/jejb/efitools.git \
15 file://Fix-for-the-cross-compilation.patch \ 15 file://Fix-for-the-cross-compilation.patch \
16 file://Kill-all-the-build-warning-caused-by-implicit-declar.patch \ 16 file://Kill-all-the-build-warning-caused-by-implicit-declar.patch \
@@ -37,7 +37,7 @@ DEPENDS_append += "\
37 37
38S = "${WORKDIR}/git" 38S = "${WORKDIR}/git"
39 39
40EXTRA_OEMAKE = " \ 40EXTRA_OEMAKE = "\
41 HELP2MAN='${STAGING_BINDIR_NATIVE}/help2man' \ 41 HELP2MAN='${STAGING_BINDIR_NATIVE}/help2man' \
42 OPENSSL='${STAGING_BINDIR_NATIVE}/openssl' \ 42 OPENSSL='${STAGING_BINDIR_NATIVE}/openssl' \
43 SBSIGN='${STAGING_BINDIR_NATIVE}/sbsign' \ 43 SBSIGN='${STAGING_BINDIR_NATIVE}/sbsign' \
diff --git a/meta-efi-secure-boot/recipes-bsp/efitools/efitools_git.bb b/meta-efi-secure-boot/recipes-bsp/efitools/efitools_git.bb
index 79b86a6..8d287a5 100644
--- a/meta-efi-secure-boot/recipes-bsp/efitools/efitools_git.bb
+++ b/meta-efi-secure-boot/recipes-bsp/efitools/efitools_git.bb
@@ -1,6 +1,6 @@
1require efitools.inc 1require efitools.inc
2 2
3SRC_URI_append += " \ 3SRC_URI_append += "\
4 file://LockDown-enable-the-enrollment-for-DBX.patch \ 4 file://LockDown-enable-the-enrollment-for-DBX.patch \
5 file://LockDown-show-the-error-message-with-3-sec-timeout.patch \ 5 file://LockDown-show-the-error-message-with-3-sec-timeout.patch \
6 file://Makefile-do-not-build-signed-efi-image.patch \ 6 file://Makefile-do-not-build-signed-efi-image.patch \
@@ -16,11 +16,11 @@ inherit user-key-store deploy
16# The generated native binaries are used during native and target build 16# The generated native binaries are used during native and target build
17DEPENDS += "${BPN}-native gnu-efi openssl" 17DEPENDS += "${BPN}-native gnu-efi openssl"
18 18
19RDEPENDS_${PN}_append += " \ 19RDEPENDS_${PN}_append += "\
20 parted mtools coreutils util-linux openssl libcrypto \ 20 parted mtools coreutils util-linux openssl libcrypto \
21" 21"
22 22
23EXTRA_OEMAKE_append += " \ 23EXTRA_OEMAKE_append += "\
24 INCDIR_PREFIX='${STAGING_DIR_TARGET}' \ 24 INCDIR_PREFIX='${STAGING_DIR_TARGET}' \
25 CRTPATH_PREFIX='${STAGING_DIR_TARGET}' \ 25 CRTPATH_PREFIX='${STAGING_DIR_TARGET}' \
26 SIGN_EFI_SIG_LIST='${STAGING_BINDIR_NATIVE}/sign-efi-sig-list' \ 26 SIGN_EFI_SIG_LIST='${STAGING_BINDIR_NATIVE}/sign-efi-sig-list' \
diff --git a/meta-efi-secure-boot/recipes-bsp/grub/grub-efi_2.02.bbappend b/meta-efi-secure-boot/recipes-bsp/grub/grub-efi_2.02.bbappend
index dd98968..70ed828 100644
--- a/meta-efi-secure-boot/recipes-bsp/grub/grub-efi_2.02.bbappend
+++ b/meta-efi-secure-boot/recipes-bsp/grub/grub-efi_2.02.bbappend
@@ -1,10 +1,10 @@
1FILESEXTRAPATHS_prepend := "${THISDIR}/grub-efi:" 1FILESEXTRAPATHS_prepend := "${THISDIR}/grub-efi:"
2 2
3EXTRA_SRC_URI = " \ 3EXTRA_SRC_URI = "\
4 ${@'file://efi-secure-boot.inc file://password.inc' if d.getVar('UEFI_SB', True) == '1' else ''} \ 4 ${@'file://efi-secure-boot.inc file://password.inc' if d.getVar('UEFI_SB', True) == '1' else ''} \
5" 5"
6 6
7SRC_URI += " \ 7SRC_URI += "\
8 file://0001-pe32.h-add-header-structures-for-TE-and-DOS-executab.patch \ 8 file://0001-pe32.h-add-header-structures-for-TE-and-DOS-executab.patch \
9 file://0002-shim-add-needed-data-structures.patch \ 9 file://0002-shim-add-needed-data-structures.patch \
10 file://0003-efi-chainloader-implement-an-UEFI-Exit-service-for-s.patch \ 10 file://0003-efi-chainloader-implement-an-UEFI-Exit-service-for-s.patch \
@@ -27,7 +27,7 @@ SRC_URI += " \
27 27
28EFI_BOOT_PATH = "/boot/efi/EFI/BOOT" 28EFI_BOOT_PATH = "/boot/efi/EFI/BOOT"
29 29
30#GRUB_BUILDIN_append = " chain ${@'efivar mok2verify password_pbkdf2' if d.getVar('UEFI_SB', True) == '1' else ''}" 30# TODO: re-add mok2verify when refreshed
31GRUB_BUILDIN_append += " chain ${@'efivar password_pbkdf2' if d.getVar('UEFI_SB', True) == '1' else ''}" 31GRUB_BUILDIN_append += " chain ${@'efivar password_pbkdf2' if d.getVar('UEFI_SB', True) == '1' else ''}"
32 32
33# For efi_call_foo and efi_shim_exit 33# For efi_call_foo and efi_shim_exit
diff --git a/meta-efi-secure-boot/recipes-bsp/seloader/seloader_git.bb b/meta-efi-secure-boot/recipes-bsp/seloader/seloader_git.bb
index 76f2669..0469d42 100644
--- a/meta-efi-secure-boot/recipes-bsp/seloader/seloader_git.bb
+++ b/meta-efi-secure-boot/recipes-bsp/seloader/seloader_git.bb
@@ -19,7 +19,7 @@ SECTION = "bootloaders"
19LICENSE = "BSD-3-Clause" 19LICENSE = "BSD-3-Clause"
20LIC_FILES_CHKSUM = "file://LICENSE;md5=d9bf404642f21afb4ad89f95d7bc91ee" 20LIC_FILES_CHKSUM = "file://LICENSE;md5=d9bf404642f21afb4ad89f95d7bc91ee"
21PR = "r0" 21PR = "r0"
22SRC_URI = " \ 22SRC_URI = "\
23 git://github.com/jiazhang0/SELoader.git \ 23 git://github.com/jiazhang0/SELoader.git \
24" 24"
25SRCREV = "32e3292c33603f319354aac273938fe63897a8da" 25SRCREV = "32e3292c33603f319354aac273938fe63897a8da"
@@ -30,14 +30,14 @@ COMPATIBLE_HOST = '(i.86|x86_64).*-linux'
30inherit deploy user-key-store 30inherit deploy user-key-store
31 31
32S = "${WORKDIR}/git" 32S = "${WORKDIR}/git"
33DEPENDS += " \ 33DEPENDS += "\
34 gnu-efi sbsigntool-native \ 34 gnu-efi sbsigntool-native \
35" 35"
36 36
37EFI_ARCH_x86 = "ia32" 37EFI_ARCH_x86 = "ia32"
38EFI_ARCH_x86-64 = "x64" 38EFI_ARCH_x86-64 = "x64"
39 39
40EXTRA_OEMAKE = " \ 40EXTRA_OEMAKE = "\
41 CROSS_COMPILE="${TARGET_PREFIX}" \ 41 CROSS_COMPILE="${TARGET_PREFIX}" \
42 SBSIGN=${STAGING_BINDIR_NATIVE}/sbsign \ 42 SBSIGN=${STAGING_BINDIR_NATIVE}/sbsign \
43 gnuefi_libdir=${STAGING_LIBDIR} \ 43 gnuefi_libdir=${STAGING_LIBDIR} \
@@ -50,9 +50,12 @@ EFI_TARGET = "/boot/efi/EFI/BOOT"
50FILES_${PN} += "${EFI_TARGET}" 50FILES_${PN} += "${EFI_TARGET}"
51 51
52python do_sign() { 52python do_sign() {
53 sb_sign(d.expand('${B}/Src/Efi/SELoader.efi'), d.expand('${B}/Src/Efi/SELoader.efi.signed'), d) 53 sb_sign(d.expand('${B}/Src/Efi/SELoader.efi'), \
54 sb_sign(d.expand('${B}/Bin/Hash2DxeCrypto.efi'), d.expand('${B}/Bin/Hash2DxeCrypto.efi.signed'), d) 54 d.expand('${B}/Src/Efi/SELoader.efi.signed'), d)
55 sb_sign(d.expand('${B}/Bin/Pkcs7VerifyDxe.efi'), d.expand('${B}/Bin/Pkcs7VerifyDxe.efi.signed'), d) 55 sb_sign(d.expand('${B}/Bin/Hash2DxeCrypto.efi'), \
56 d.expand('${B}/Bin/Hash2DxeCrypto.efi.signed'), d)
57 sb_sign(d.expand('${B}/Bin/Pkcs7VerifyDxe.efi'), \
58 d.expand('${B}/Bin/Pkcs7VerifyDxe.efi.signed'), d)
56} 59}
57addtask sign after do_compile before do_install 60addtask sign after do_compile before do_install
58 61
@@ -63,20 +66,20 @@ do_install() {
63 66
64 if [ x"${UEFI_SB}" = x"1" ]; then 67 if [ x"${UEFI_SB}" = x"1" ]; then
65 if [ x"${MOK_SB}" != x"1" ]; then 68 if [ x"${MOK_SB}" != x"1" ]; then
66 mv ${D}${EFI_TARGET}/SELoader${EFI_ARCH}.efi \ 69 mv "${D}${EFI_TARGET}/SELoader${EFI_ARCH}.efi" \
67 ${D}${EFI_TARGET}/boot${EFI_ARCH}.efi 70 "${D}${EFI_TARGET}/boot${EFI_ARCH}.efi"
68 fi 71 fi
69 fi 72 fi
70} 73}
71 74
72do_deploy() { 75do_deploy() {
73 # Deploy the unsigned images for manual signing 76 # Deploy the unsigned images for manual signing
74 install -d ${DEPLOYDIR}/efi-unsigned 77 install -d "${DEPLOYDIR}/efi-unsigned"
75 78
76 install -m 0600 ${B}/Src/Efi/SELoader.efi \ 79 install -m 0600 "${B}/Src/Efi/SELoader.efi" \
77 ${DEPLOYDIR}/efi-unsigned/SELoader${EFI_ARCH}.efi 80 "${DEPLOYDIR}/efi-unsigned/SELoader${EFI_ARCH}.efi"
78 install -m 0600 ${B}/Bin/Hash2DxeCrypto.efi ${DEPLOYDIR}/efi-unsigned/ 81 install -m 0600 "${B}/Bin/Hash2DxeCrypto.efi" "${DEPLOYDIR}/efi-unsigned"
79 install -m 0600 ${B}/Bin/Pkcs7VerifyDxe.efi ${DEPLOYDIR}/efi-unsigned/ 82 install -m 0600 "${B}/Bin/Pkcs7VerifyDxe.efi" "${DEPLOYDIR}/efi-unsigned"
80 83
81 # Deploy the signed images 84 # Deploy the signed images
82 if [ x"${UEFI_SB}" = x"1" -a x"${MOK_SB}" != x"1" ]; then 85 if [ x"${UEFI_SB}" = x"1" -a x"${MOK_SB}" != x"1" ]; then
@@ -84,11 +87,11 @@ do_deploy() {
84 else 87 else
85 SEL_NAME=SELoader 88 SEL_NAME=SELoader
86 fi 89 fi
87 install -m 0600 ${D}${EFI_TARGET}/${SEL_NAME}${EFI_ARCH}.efi \ 90 install -m 0600 "${D}${EFI_TARGET}/${SEL_NAME}${EFI_ARCH}.efi" \
88 ${DEPLOYDIR}/${SEL_NAME}${EFI_ARCH}.efi 91 "${DEPLOYDIR}/${SEL_NAME}${EFI_ARCH}.efi"
89 install -m 0600 ${D}${EFI_TARGET}/Hash2DxeCrypto.efi \ 92 install -m 0600 "${D}${EFI_TARGET}/Hash2DxeCrypto.efi" \
90 ${DEPLOYDIR}/Hash2DxeCrypto.efi 93 "${DEPLOYDIR}/Hash2DxeCrypto.efi"
91 install -m 0600 ${D}${EFI_TARGET}/Pkcs7VerifyDxe.efi \ 94 install -m 0600 "${D}${EFI_TARGET}/Pkcs7VerifyDxe.efi" \
92 ${DEPLOYDIR}/Pkcs7VerifyDxe.efi 95 "${DEPLOYDIR}/Pkcs7VerifyDxe.efi"
93} 96}
94addtask deploy after do_install before do_build 97addtask deploy after do_install before do_build
diff --git a/meta-efi-secure-boot/recipes-bsp/shim/shim_git.bb b/meta-efi-secure-boot/recipes-bsp/shim/shim_git.bb
index 7f96106..5e696fc 100644
--- a/meta-efi-secure-boot/recipes-bsp/shim/shim_git.bb
+++ b/meta-efi-secure-boot/recipes-bsp/shim/shim_git.bb
@@ -17,7 +17,7 @@ COMPATIBLE_HOST = '(i.86|x86_64).*-linux'
17 17
18inherit deploy user-key-store 18inherit deploy user-key-store
19 19
20SRC_URI = " \ 20SRC_URI = "\
21 git://github.com/rhinstaller/shim.git \ 21 git://github.com/rhinstaller/shim.git \
22 file://0001-shim-allow-to-verify-sha1-digest-for-Authenticode.patch \ 22 file://0001-shim-allow-to-verify-sha1-digest-for-Authenticode.patch \
23 file://0005-Fix-signing-failure-due-to-not-finding-certificate.patch;apply=0 \ 23 file://0005-Fix-signing-failure-due-to-not-finding-certificate.patch;apply=0 \
@@ -28,7 +28,7 @@ SRC_URI = " \
28 file://0011-Update-verification_method-if-the-loaded-image-is-si.patch;apply=0 \ 28 file://0011-Update-verification_method-if-the-loaded-image-is-si.patch;apply=0 \
29 file://0012-netboot-replace-the-depreciated-EFI_PXE_BASE_CODE.patch \ 29 file://0012-netboot-replace-the-depreciated-EFI_PXE_BASE_CODE.patch \
30" 30"
31SRC_URI_append_x86-64 = " \ 31SRC_URI_append_x86-64 = "\
32 ${@bb.utils.contains('DISTRO_FEATURES', 'msft', 'file://shim${EFI_ARCH}.efi.signed file://LICENSE' if uks_signing_model(d) == 'sample' else '', '', d)} \ 32 ${@bb.utils.contains('DISTRO_FEATURES', 'msft', 'file://shim${EFI_ARCH}.efi.signed file://LICENSE' if uks_signing_model(d) == 'sample' else '', '', d)} \
33" 33"
34 34
@@ -43,7 +43,7 @@ DEPENDS += "\
43EFI_ARCH_x86 = "ia32" 43EFI_ARCH_x86 = "ia32"
44EFI_ARCH_x86-64 = "x64" 44EFI_ARCH_x86-64 = "x64"
45 45
46EXTRA_OEMAKE = " \ 46EXTRA_OEMAKE = "\
47 CROSS_COMPILE="${TARGET_PREFIX}" \ 47 CROSS_COMPILE="${TARGET_PREFIX}" \
48 LIB_GCC="`${CC} -print-libgcc-file-name`" \ 48 LIB_GCC="`${CC} -print-libgcc-file-name`" \
49 LIB_PATH="${STAGING_LIBDIR}" \ 49 LIB_PATH="${STAGING_LIBDIR}" \
diff --git a/meta-efi-secure-boot/recipes-core/systemd/systemd_%.bbappend b/meta-efi-secure-boot/recipes-core/systemd/systemd_%.bbappend
index 7b935b5..665a025 100644
--- a/meta-efi-secure-boot/recipes-core/systemd/systemd_%.bbappend
+++ b/meta-efi-secure-boot/recipes-core/systemd/systemd_%.bbappend
@@ -1,7 +1,9 @@
1DEPENDS += " \ 1DEPENDS += "\
2 ${@bb.utils.contains('MACHINE_FEATURES', 'efi', 'gnu-efi', '', d)} \ 2 ${@bb.utils.contains('MACHINE_FEATURES', 'efi', 'gnu-efi', '', d)} \
3" 3"
4 4
5EXTRA_OECONF += " \ 5EXTRA_OECONF += "\
6 ${@bb.utils.contains('MACHINE_FEATURES', 'efi', '--enable-efi --enable-gnuefi --with-efi-libdir=${STAGING_LIBDIR} --with-efi-ldsdir=${STAGING_LIBDIR} --with-efi-includedir=${STAGING_INCDIR}', '', d)} \ 6 ${@bb.utils.contains('MACHINE_FEATURES', 'efi', \
7 '--enable-efi --enable-gnuefi --with-efi-libdir=${STAGING_LIBDIR} --with-efi-ldsdir=${STAGING_LIBDIR} --with-efi-includedir=${STAGING_INCDIR}', \
8 '', d)} \
7" 9"
diff --git a/meta-efi-secure-boot/recipes-kernel/linux/linux-yocto-efi-secure-boot.inc b/meta-efi-secure-boot/recipes-kernel/linux/linux-yocto-efi-secure-boot.inc
index 94be38d..2f4b338 100644
--- a/meta-efi-secure-boot/recipes-kernel/linux/linux-yocto-efi-secure-boot.inc
+++ b/meta-efi-secure-boot/recipes-kernel/linux/linux-yocto-efi-secure-boot.inc
@@ -1,6 +1,6 @@
1FILESEXTRAPATHS_prepend := "${THISDIR}/linux-yocto:" 1FILESEXTRAPATHS_prepend := "${THISDIR}/linux-yocto:"
2 2
3efi_secure_boot_sccs = " \ 3efi_secure_boot_sccs = "\
4 ${@bb.utils.contains('DISTRO_FEATURES', 'efi-secure-boot', \ 4 ${@bb.utils.contains('DISTRO_FEATURES', 'efi-secure-boot', \
5 'cfg/efi-ext.scc', '', d)} \ 5 'cfg/efi-ext.scc', '', d)} \
6" 6"
diff --git a/meta-integrity/recipes-kernel/linux/linux-yocto-integrity.inc b/meta-integrity/recipes-kernel/linux/linux-yocto-integrity.inc
index 34259de..247ae55 100644
--- a/meta-integrity/recipes-kernel/linux/linux-yocto-integrity.inc
+++ b/meta-integrity/recipes-kernel/linux/linux-yocto-integrity.inc
@@ -6,13 +6,15 @@ DEPENDS += "${@'key-store openssl-native' if d.getVar('IMA_ENABLED', True) == '1
6# key-store-ima-cert is required in runtime but we hope it is available 6# key-store-ima-cert is required in runtime but we hope it is available
7# in initramfs only. So we don't add it to RDEPENDS_${PN} here. 7# in initramfs only. So we don't add it to RDEPENDS_${PN} here.
8 8
9SRC_URI += " \ 9SRC_URI += "\
10 ${@'file://ima.scc file://ima.cfg file://integrity.scc file://integrity.cfg' if d.getVar('IMA_ENABLED', True) == '1' else ''} \ 10 ${@'file://ima.scc file://ima.cfg file://integrity.scc file://integrity.cfg' if d.getVar('IMA_ENABLED', True) == '1' else ''} \
11" 11"
12 12
13do_configure_append() { 13do_configure_append() {
14 [ -f "${STAGING_DIR_TARGET}${sysconfdir}/keys/system_trusted_key.pem" ] && 14 if [ -f "${STAGING_DIR_TARGET}${sysconfdir}/keys/system_trusted_key.pem" ]; then
15 openssl x509 -in "${STAGING_DIR_TARGET}${sysconfdir}/keys/system_trusted_key.pem" \ 15 openssl x509 -in "${STAGING_DIR_TARGET}${sysconfdir}/keys/system_trusted_key.pem" \
16 -outform DER -out "${B}/system_trusted_cert.x509" || 16 -outform DER -out "${B}/system_trusted_cert.x509"
17 else
17 true 18 true
19 fi
18} 20}
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-07-25 22:14:21 +0000