summaryrefslogtreecommitdiffstats
path: root/meta-signing-key/classes
Commit message (Collapse)AuthorAgeFilesLines
* meta-signing-key: When deploying keys UEFI keys, deploy DER formatTom Rini2018-10-251-0/+4
| | | | | | | | | Generally speaking, for firmware to import PK/KEK/DB keys they need to be in the binary "DER" format and typically have the "cer" file extension. When deploying our keys, convert what we have to that format and deploy as well for ease of use. Signed-off-by: Tom Rini <trini@konsulko.com>
* Fix parsing bug where SYSTEM_TRUSTED and SECONDARY_TRUSTED were always ↵fraser2018-06-291-2/+2
| | | | parsed as true
* meta-signing-key: Rename "extra trusted" to "secondary"Tom Rini2018-05-171-14/+14
| | | | | | | | | | | | The way that the create-user-key-store.sh script creates what it has been calling "extra_system_trusted_key" is really what would be considered a "secondary" trusted key as it is signed by the primary key that we create. To make this clearer, as there are other cases for an "extra trusted system key" that are not this key, update the variables, package names, etc, to reflect "secondary" not "extra system". Requested-by: Jia Zhang <zhang.jia@linux.alibaba.com> Signed-off-by: Tom Rini <trini@konsulko.com>
* meta-signing-key: support to build key-store with modsign and extra system ↵Jia Zhang2017-11-211-2/+60
| | | | | | trusted key support Signed-off-by: Jia Zhang <qianyue.zj@alibaba-inc.com>
* meta-signing-key, meta-efi-secure-boot: Rework for dependenciesTom Rini2017-11-161-1/+1
| | | | | | | | | | | | The content of meta-signing-key depends on a few recipes within meta-efi-secure-boot. However, meta-signing-key can be used without meta-efi-secure-boot if we move libsign and sbsigntool over. Doing this will also provide a more correct set of dependencies as we cannot say that both layers depend on eachother. While doing this, within meta-signing-key only depend on content from meta-efi-secure-boot if the efi-secure-boot DISTRO_FEATURE is set. Signed-off-by: Tom Rini <trini@konsulko.com>
* user-key-store.bbclass: add deploy_rpm_keys (#20)Wenzong Fan2017-09-251-0/+10
| | | | | | Fix warning: WARNING: xxx do_sign: Function deploy_rpm_keys doesn't exist Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
* Fix the user rpm sign key can not be found issue (#5)Guojian2017-08-221-4/+0
| | | | | | | | When the SIGNING_MODEL is set to "user", the signing-keys recipes will run failed on the get_public_keys task. uks_rpm_keys_dir() function could not return the right rpm_keys directory when the SIGNING_MODEL is set to "user". Signed-off-by: Guojian Zhou <guojian.zhou@windriver.com>
* sign_rpm_ext: support RPM signingLans Zhang2017-08-171-2/+18
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* meta-secure-core: code style fixupLans Zhang2017-07-281-1/+1
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* user-key-store.bbclass: set SYSTEM_TRUSTED only if ima is configuredLans Zhang2017-07-251-1/+1
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* user-key-store.bbclass: don't run check_deploy_keys in parallelLans Zhang2017-07-251-0/+2
| | | | | | | | | | | Set lockfile for task check_deploy_keys() to avoid the race error from 'cp -af': cp: cannot create regular file '.../tmp/deploy/images/intel-x86-64/ sample-keys/uefi_sb_keys/DBX/DBX.key': File exists Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* user-key-store: don't call anonymous functionLans Zhang2017-07-111-1/+1
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* meta-integrity: implement the system trusted cert and IMA trusted certLans Zhang2017-07-041-2/+2
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* user-key-store: clean up the code styleLans Zhang2017-07-031-80/+16
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* meta-secure-core: initial commitLans Zhang2017-06-221-0/+440
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-08-05 07:31:46 +0000