| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
As we also work with the 'rocko' release list that in our
LAYERSERIES_COMPAT.
Signed-off-by: Tom Rini <trini@konsulko.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
The kernel-initramfs.bbappend depends on kernel-initramfs.bb in
meta-secure-core/meta/recipes-core/images/
Fix parsing error:
ERROR: No recipes available for:
meta-secure-core/meta-efi-secure-boot/recipes-core/images/kernel-initramfs.bbappend
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
|
|
|
|
| |
Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>
|
|
|
|
|
|
|
| |
It is helpful when secure boot is enabled, because you can not
modify boot command line after boot-menu.inc is signed before deploying.
Signed-off-by: Jinliang Li <jinliang.li@linux.alibaba.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
copy kernel p7b file
In commit 1c96c0d09614a3a692a8bee201e34694f26c436a, the kernel p7b file
is moved from ${B}/${KERNEL_OUTPUT_DIR}/ to ${D}/boot/. But in
do_deploy(), it still try to copy p7b file from ${B}/${KERNEL_OUTPUT_DIR}/
to ${DEPLOYDIR}/. Using shutil.copyfile instead of shutil.move to fix
this issue.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
|
|
|
|
| |
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
|
|
|
|
|
|
| |
see https://patchwork.openembedded.org/patch/140542/
Signed-off-by: Trevor Woerner <twoerner@gmail.com>
|
|
|
|
| |
Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>
|
|
|
|
|
|
|
| |
Functions efi_call_foo and efi_shim_exit are not implemented for arm64
yet, so remove 'aarch64' from COMPATIBLE_HOST for now.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
|
|
|
|
|
|
|
|
| |
To match the usual user experience of having /boot/${KERNEL_IMAGETYPE}
exist as a symlink to the real kernrel, also have our signature file
exist for that as a symlink and include it in the package file.
Signed-off-by: Tom Rini <trini@konsulko.com>
|
|
|
|
|
|
|
| |
It fails to build grub-efi for arm64. Add definitions of missing macros
and replace x86 specified asm codes with function grub_halt().
Signed-off-by: Kai Kang <kai.kang@windriver.com>
|
|
|
|
|
|
|
|
|
| |
Refresh the following patches:
0003-efi-chainloader-implement-an-UEFI-Exit-service-for-s.patch
0005-efi-chainloader-use-shim-to-load-and-verify-an-image.patch
Grub-get-and-set-efi-variables.patch
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
|
|
|
|
|
|
|
| |
As the main recipe resides in meta/recipes-core/images/ move the append
to recipes-core/images/ as well for consistency.
Signed-off-by: Tom Rini <trini@konsulko.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- All valid initramfs types will be listed in INITRAMFS_FSTYPES so use
that variable rather than open-coding a list of possibilities.
- Since we're using the list of things that must exist now we don't need
to test if the files exist anymore. And when signing, we can sign all
of them now.
- Add some python to do_package to update all of the ALTERNATIVES
variables dynamically based on how we're configured. This introduces
an alternative for the initramfs portion as well so there is a stable
name.
Signed-off-by: Tom Rini <trini@konsulko.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- In all cases, when building Linux apps (and thus linking with gcc) we
need to pass in the normal set of LDFLAGS for both rpath and link hash
type.
- Rework Fix-for-the-cross-compilation.patch a bit. When linking EFI
apps (and thus linking with ld) we don't need to pass in other special
flags. When linking the "openssl" apps we do not need to spell out
the crtN files as gcc handles that for us, they are normal Linux apps.
Ensure that all Linux apps get our EXTRA_LDFLAGS passed in.
With all of these changes we are now able to reuse sstate cache between
build directories.
Signed-off-by: Tom Rini <trini@konsulko.com>
|
|
|
|
| |
Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>
|
|
|
|
| |
Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>
|
|
|
|
|
|
|
| |
oe_filter_out has been removed from oe-core so use the
replacement function oe.utils.str_filter_out.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
The content of meta-signing-key depends on a few recipes within
meta-efi-secure-boot. However, meta-signing-key can be used without
meta-efi-secure-boot if we move libsign and sbsigntool over. Doing this will
also provide a more correct set of dependencies as we cannot say that both
layers depend on eachother. While doing this, within meta-signing-key only
depend on content from meta-efi-secure-boot if the efi-secure-boot
DISTRO_FEATURE is set.
Signed-off-by: Tom Rini <trini@konsulko.com>
|
|
|
|
| |
Signed-off-by: Jia Zhang <qianyue.zj@alibaba-inc.com>
|
|
|
|
|
|
|
|
|
| |
shim will uninstall MOK Verify Protocol when launching fallack,
implying it is impossible to get the instance of MOK Verify Protocol
for SELoader. This behavior violates the original intention of
introducing fallback.
Signed-off-by: Jia Zhang <qianyue.zj@alibaba-inc.com>
|
|
|
|
|
|
|
|
|
|
| |
Fix 32bit assembler errors:
| /tmp/ccJyZFtJ.s: Assembler messages:
| /tmp/ccJyZFtJ.s:268: Error: bad register name `%rsp)'
| /tmp/ccJyZFtJ.s:269: Error: bad register name `%rdi'
...
| make[1]: *** [<builtin>: security_policy.o] Error 1
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
|
|
|
|
|
|
|
|
|
| |
Fix the error:
mok2verify.c:169:53: error: \
format '%lx' expects argument of type 'long unsigned int', \
but argument 3 has type 'grub_efi_status_t {aka int}' \
[-Werror=format=]
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
|
|
|
|
|
|
|
|
| |
${COREBASE}/LICENSE is not a valid license file. So it is recommended
to use '${COMMON_LICENSE_DIR}/MIT' for a MIT License file in
LIC_FILES_CHKSUM. This will become an error in the future.
Signed-off-by: Jia Zhang <lans.zhang2008@gmail.com>
|
|
|
|
| |
Signed-off-by: Jia Zhang <lans.zhang2008@gmail.com>
|
|
|
|
| |
Signed-off-by: Jia Zhang <lans.zhang2008@gmail.com>
|
|
|
|
|
|
|
|
| |
encrypted-storage layer will include more security features about encrypted
storage so the term "encrypted-storage" won't be used to specify a dedicated
technology term such as "LUKS".
Signed-off-by: Jia Zhang <lans.zhang2008@gmail.com>
|
|
|
|
| |
Signed-off-by: Jia Zhang <lans.zhang2008@gmail.com>
|
|
|
|
|
|
|
| |
Currently, OPENSSL_LIB is only used for locating openssl.cnf in order
to work around openssl-1.1.x.
Signed-off-by: Jia Zhang <lans.zhang2008@gmail.com>
|
|
|
|
| |
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
|
|
|
| |
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
|
|
|
| |
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
|
|
|
| |
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
|
|
|
| |
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
|
|
|
| |
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
|
|
|
| |
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
|
|
|
| |
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
|
|
|
| |
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
|
|
|
| |
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
|
|
|
|
|
|
|
| |
boot kernel
Since bzImage is not signed during the build.
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
|
|
|
|
|
| |
SELoader
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
|
|
|
| |
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
|
|
|
| |
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
|
|
|
| |
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
|
|
|
| |
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
|
|
|
| |
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
|
|
|
| |
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
|
|
|
| |
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
|
|
|
| |
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
|
|
|
| |
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|