summaryrefslogtreecommitdiffstats
path: root/meta-signing-key/conf
Commit message (Collapse)AuthorAgeFilesLines
* meta-secure-core: fix wrong operator combinationYi Zhao2021-11-181-1/+1
| | | | | | | | Operations like XXX:append += "YYY" are almost always wrong and this is a common mistake made in the metadata. Improve them to use the standard format. Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
* layer.conf: add back append to BB_HASHBASE_WHITELISTChen Qi2021-08-161-1/+1
| | | | | | | | Add back the append override, as the '+=' operator will make the default value of BB_HASHBASE_WHITELIST in oe-core not have any effect. Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
* layer.conf: add honister to LAYERSERIES_COMPATYi Zhao2021-08-091-1/+1
| | | | | | Drop other releases since they are not compatible anymore. Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
* meta-secure-core: Convert to new override syntaxYi Zhao2021-08-091-1/+1
| | | | | | Converting the metadata to use ":" as the override character instead of "_". Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
* layer.conf: add hardknott to LAYERSERIES_COMPATYi Zhao2021-04-211-1/+1
| | | | | | Remove other releases since they are not compatible anymore. Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
* conf/layer.conf: Add gatesgarth to LAYERSERIES_COMPATBartłomiej Burdukiewicz2020-12-091-1/+1
| | | | Signed-off-by: Bartłomiej Burdukiewicz <bartlomiej.burdukiewicz@gmail.com>
* conf/layer.conf: Add dunfell to LAYERSERIES_COMPATChristophe Priouzeau2020-05-271-1/+1
| | | | Signed-off-by: Christophe Priouzeau <christophe.priouzeau@st.com>
* layer.conf gpg boot key sample: Add the gpg boot key sample filesJason Wessel2019-11-081-0/+8
| | | | | | | | | | | Sample keys are required in order for the signing to succeed when using grub boot verification. The keys are only used when GRUB_SIGN_VERIFY = "1", and it is intended that and user would generate new keys with the create-user-key-store.sh. [ Issue: LINUXEXEC-2450 ] Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
* grub: Make SELoader optional and add gpg verify supportJason Wessel2019-11-081-0/+6
| | | | | | | | | | | | | | | | | | | | Allow SELoader to be an optional component for secure boot verification. The GPG_SIGN_VERIFY variable was added to control the ability to have grub perform all of the verification of the loaded files using a public key which gets built into grub at the time that mkimage is run. It is not intended that GPG_SIGN_VERIFY and UEFI_SELOADER would both be set to "1". While this configuration could work, it makes very little sense to use the system that way. Also enabled is the tftp feature for grub as a builtin. This allows grub to start from the network when the UEFI is configured to boot off the network with tftp. [ Issue: LINUXEXEC-2450 ] Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
* conf/layer.conf: Add zeus to LAYERSERIES_COMPAT (#121)muvarov2019-11-011-1/+1
| | | Signed-off-by: Maxim Uvarov <maxim.uvarov@linaro.org>
* meta-signing-key/conf/layer.conf: use weak assignment for RPM_GPG_NAME and ↵Yi Zhao2019-08-191-2/+2
| | | | | | | | | RPM_GPG_PASSPHRASE Use weak assignment for RPM_GPG_NAME and RPM_GPG_PASSPHRASE so these values could be overridden in other conf files. Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
* conf/layer.conf: Add warrior to LAYERSERIES_COMPATYi Zhao2019-04-231-1/+1
| | | | Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
* layer.conf: update LAYERSERIES_COMPAT `sumo' -> `thud'Hongxu Jia2018-10-081-1/+1
| | | | | | | | Since `9ec5a8a layer.conf: Drop sumo from LAYERSERIES_CORENAMES' and `9867924 layer.conf: Add thud to LAYERSERIES_CORENAMES' applied in oe-core, update LAYERSERIES_COMPAT `sumo' -> `thud' Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
* Clean up the stuffs for stable branchesJia Zhang2018-09-201-1/+1
| | | | | | | | | | | The following commits are reverted by the way: - seloader: Fix building for rocko (bc6bbe2) - meta-integrity: rpm: Add back in required patches for rocko (5fa9c85) Because they are only applicable to rocko. Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>
* layer.conf: Mark as compatible with rockoTom Rini2018-07-251-1/+1
| | | | | | | As we also work with the 'rocko' release list that in our LAYERSERIES_COMPAT. Signed-off-by: Tom Rini <trini@konsulko.com>
* layer.conf: add LAYERSERIES_COMPATTrevor Woerner2018-05-261-0/+2
| | | | | | see https://patchwork.openembedded.org/patch/140542/ Signed-off-by: Trevor Woerner <twoerner@gmail.com>
* meta-signing-key: Rename "extra trusted" to "secondary"Tom Rini2018-05-171-3/+3
| | | | | | | | | | | | The way that the create-user-key-store.sh script creates what it has been calling "extra_system_trusted_key" is really what would be considered a "secondary" trusted key as it is signed by the primary key that we create. To make this clearer, as there are other cases for an "extra trusted system key" that are not this key, update the variables, package names, etc, to reflect "secondary" not "extra system". Requested-by: Jia Zhang <zhang.jia@linux.alibaba.com> Signed-off-by: Tom Rini <trini@konsulko.com>
* meta-signing-key: support to build key-store with modsign and extra system ↵Jia Zhang2017-11-211-0/+6
| | | | | | trusted key support Signed-off-by: Jia Zhang <qianyue.zj@alibaba-inc.com>
* Update BB_HASHBASE_WHITELISTJia Zhang2017-09-011-3/+7
| | | | Signed-off-by: Jia Zhang <lans.zhang2008@gmail.com>
* sign_rpm_ext.bbclass: use the default setting from meta-signing-keyJia Zhang2017-08-191-2/+2
| | | | Signed-off-by: Jia Zhang <lans.zhang2008@gmail.com>
* meta-signing-key: clean up the default values of sample RPM signing keyLans Zhang2017-08-151-1/+2
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* meta-secure-core: define the oe index nameLans Zhang2017-07-201-0/+4
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* Rename .pem to .crtLans Zhang2017-07-031-3/+3
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* Ignore the KEYS DIR in the do_package and do_sign task dependenceGuojian Zhou2017-06-231-0/+4
| | | | | Signed-off-by: Guojian Zhou <guojian.zhou@windriver.com> Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* meta-secure-core: initial commitLans Zhang2017-06-221-0/+40
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-07-21 16:14:54 +0000