linux/meta-secure-core.git - Mirror of github.com/jiazhang0/meta-secure-core.git

	Commit message (Collapse)	Author	Age	Files	Lines
*	meta-secure-core: Convert to new override syntax	Yi Zhao	2021-08-09	3	-10/+10
\| \| \| \| \| \|	Converting the metadata to use ":" as the override character instead of "_". Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
*	kernel-initramfs: Fix leftover p7b reference	Alexandru Avadanii	2021-03-26	1	-1/+1
\| \| \| \| \| \| \| \| \|	p7b was replaced by the ${SB_FILE_EXT} variable, but one reference was omitted during the rework. Fixes: 31d2105b Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
*	meta-efi-secure-boot/systemd: switch to meson build	Yi Zhao	2021-01-19	2	-9/+6
\| \| \| \| \| \| \| \|	The systemd switched to meson build long time ago. Somehow this bbappend didn't update. Switch to meson build otherwise these options do not work at all. Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
*	ovmf_%.bbappend: tweak do_sign task order to avoid racing issue	Hongxu Jia	2020-04-10	1	-1/+1
\| \| \| \| \| \| \| \| \| \| \| \|	If ovmf's do_deploy is run before do_sign, there is a failure ... \|install: cannot stat 'tmp-glibc/work/corei7-64-wrs-linux/ovmf/ edk2-stable201911-r0/ovmf/Pkcs7VerifyDxe.efi.signed': No such file or directory ... Add do_sign before do_deploy Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
*	initramfs: adjust task order to aviod initrd symlink unavailable	Liwei Song	2020-02-27	1	-1/+1
\| \| \| \| \| \| \|	adjust task order to make sure initrd symlink is ready before do package. Signed-off-by: Liwei Song <liwei.song@windriver.com>
*	kernel-initramfs-efi-secure-boot.inc: Copy .sig files and .p7b	Jason Wessel	2019-11-14	1	-5/+3
\| \| \| \| \| \| \| \| \| \| \|	While refactoring the code to eliminate the overlap in the copy of the .sig and .p7b files the UEFI_SELOADER test was not removed. This results in the .sig files not getting copied to the deploy directory when using the GRUB_SIGN_VERIFY = "1". All that is needed is to remove the UEFI_SELOADER test statement. Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
*	secure boot: Make SELoader optional and copy sig files when GRUB_SIGN_VERIFY=1	Jason Wessel	2019-11-08	1	-13/+17
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	This commit makes the SELoader entire optional and allows it to be removed, with the intended replacement being to use grub's built in gpg key verification. It will be possible in a template or local.conf: UEFI_SELOADER = "0" GRUB_SIGN_VERIFY = "1" [ Issue: LINUXEXEC-2450 ] Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
*	ovmf: package PKCS7 verification drivers	Dmitry Eremin-Solenikov	2019-09-04	1	-0/+59
\| \| \| \| \| \| \|	Package Pkcs7VerifyDxe.efi and Hash2DxeCrypto.efi to be used by SELoader bootloader. Signed-off-by: Dmitry Eremin-Solenikov <dmitry_eremin-solenikov@mentor.com>
*	kernel-initramfs: only apply the bbappend if efi-secure-boot distro flag set	Yi Zhao	2018-11-30	2	-37/+38
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	When the meta-efi-secure-boot layer is included but feature efi-secure-boot is not set. We got the following error with kernel-initramfs building: ERROR: kernel-initramfs-1.0-r0 do_deploy: Function failed: do_deploy (log file is located at /buildarea/build/tmp/work/genericx86_64-poky-linux/kernel-initramfs/1.0-r0/temp/log.do_deploy.16995) ERROR: Logfile of failure stored in: /buildarea/build/tmp/work/genericx86_64-poky-linux/kernel-initramfs/1.0-r0/temp/log.do_deploy.16995 Log data follows: \| DEBUG: Executing python function sstate_task_prefunc \| DEBUG: Python function sstate_task_prefunc finished \| DEBUG: Executing shell function do_deploy \| install: cannot stat '/buildarea/build/tmp/work/genericx86_64-poky-linux/kernel-initramfs/1.0-r0/image/boot/*.p7b': No such file or directory \| WARNING: /buildarea/build/tmp/work/genericx86_64-poky-linux/kernel-initramfs/1.0-r0/temp/run.do_deploy.16995:1 exit 1 from 'install -m 0644 ${SIG} /buildarea/build/tmp/work/genericx86_64-poky-linux/kernel-initramfs/1.0-r0/deploy-kernel-initramfs' \| ERROR: Function failed: do_deploy (log file is located at /buildarea/build/tmp/work/genericx86_64-poky-linux/kernel-initramfs/1.0-r0/temp/log.do_deploy.16995) ERROR: Task (/buildarea/poky/meta-secure-core/meta/recipes-core/images/kernel-initramfs.bb:do_deploy) failed with exit code '1' Rename kernel-initramfs.bbappend to kernel-initramfs-efi-secure-boot.inc and add a new bbappend. Make sure this piece of code should be applied only if the efi-secure-boot feature is set. Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
*	meta-efi-secure-boot: Ensure openssl-native exists when we need it	Tom Rini	2018-11-07	1	-0/+1
\| \| \| \| \| \| \| \| \| \| \|	In order to deploy our secure boot keys in DER format we need to use openssl. This must be listed in our DEPENDS line in order for the sysroot to be populated correctly when we run do_sign. Also drop the explicit fakeroot on our empty grub-efi do_sign as we may not have globally populated virtual/fakeroot-native at that point in time. Fixes: 92316d4b402b ("meta-signing-key: When deploying keys UEFI keys, deploy DER format") Signed-off-by: Tom Rini <trini@konsulko.com>
*	meta-efi-secure-core: Move kernel-initramfs.bbappend	Tom Rini	2018-05-06	1	-0/+36
\| \| \| \| \| \| \|	As the main recipe resides in meta/recipes-core/images/ move the append to recipes-core/images/ as well for consistency. Signed-off-by: Tom Rini <trini@konsulko.com>
*	code style fixup	Lans Zhang	2017-06-29	1	-3/+5
\| \| \| \|	Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
*	meta-secure-core: initial commit	Lans Zhang	2017-06-22	1	-0/+7
	Signed-off-by: Lans Zhang <jia.zhang@windriver.com>