| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
| |
trusted key support
Signed-off-by: Jia Zhang <qianyue.zj@alibaba-inc.com>
|
| |
|
|
|
|
| |
modsign and extra system trusted key
Signed-off-by: Jia Zhang <qianyue.zj@alibaba-inc.com>
|
| |
|
|
| |
Signed-off-by: Jia Zhang <qianyue.zj@alibaba-inc.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The content of meta-signing-key depends on a few recipes within
meta-efi-secure-boot. However, meta-signing-key can be used without
meta-efi-secure-boot if we move libsign and sbsigntool over. Doing this will
also provide a more correct set of dependencies as we cannot say that both
layers depend on eachother. While doing this, within meta-signing-key only
depend on content from meta-efi-secure-boot if the efi-secure-boot
DISTRO_FEATURE is set.
Signed-off-by: Tom Rini <trini@konsulko.com>
|
| |
|
|
|
|
| |
Fix warning:
WARNING: xxx do_sign: Function deploy_rpm_keys doesn't exist
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
|
| |
|
|
|
|
|
|
| |
${COREBASE}/LICENSE is not a valid license file. So it is recommended
to use '${COMMON_LICENSE_DIR}/MIT' for a MIT License file in
LIC_FILES_CHKSUM. This will become an error in the future.
Signed-off-by: Jia Zhang <lans.zhang2008@gmail.com>
|
| |
|
|
| |
Signed-off-by: Jia Zhang <lans.zhang2008@gmail.com>
|
| |
|
|
|
| |
address (#14)
Signed-off-by: Yunguo Wei <yunguo.wei@windriver.com>
|
| |
|
|
|
|
|
|
|
|
| |
1. user key pub rpm package also could be created.
2. The latest bitbake could not support the d.getVar() function nest
call. Such as the following function call always return "None"
d.getVar(d.getVar('RPM_KEY_DIR', True) + '/RPM-GPG-KEY-*', True)
It caused the key-store-rpm-pubkey rpm package could not be created in
the latest oe-core project.
Signed-off-by: Guojian Zhou <guojian.zhou@windriver.com>
|
| |
|
|
|
|
| |
The previous cannot be handled by gpg v2 properly when importing it.
Signed-off-by: Jia Zhang <lans.zhang2008@gmail.com>
|
| |
|
|
|
|
|
|
| |
When the SIGNING_MODEL is set to "user", the signing-keys recipes will
run failed on the get_public_keys task. uks_rpm_keys_dir() function
could not return the right rpm_keys directory when the
SIGNING_MODEL is set to "user".
Signed-off-by: Guojian Zhou <guojian.zhou@windriver.com>
|
| |
|
|
| |
Signed-off-by: Jia Zhang <lans.zhang2008@gmail.com>
|
| |
|
|
| |
Signed-off-by: Jia Zhang <lans.zhang2008@gmail.com>
|
| |
|
|
| |
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
| |
|
|
| |
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
| |
|
|
|
|
| |
The DB and KEK now are self-signed.
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
| |
|
|
|
|
|
|
| |
- code style fixup
- remove gen_rpm_keyring script
- check gpg version
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
| |
|
|
|
|
|
| |
UEFI spec never ask for the fact that KEK must be signed by PK and
DB must be signed by KEK.
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
| |
|
|
| |
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
| |
|
|
| |
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Set lockfile for task check_deploy_keys() to avoid the race error from
'cp -af':
cp: cannot create regular file '.../tmp/deploy/images/intel-x86-64/
sample-keys/uefi_sb_keys/DBX/DBX.key': File exists
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
| |
|
|
| |
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
| |
|
|
| |
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
| |
|
|
| |
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
| |
|
|
|
|
| |
packagegroups are not the end consumers of using user-key-store.
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
| |
|
|
| |
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
| |
|
|
| |
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
| |
|
|
| |
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
| |
|
|
|
|
| |
for private key
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
| |
|
|
|
|
|
| |
- Remove USER@host from the certificate subject field
- IMA signing key is protected by a password
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
| |
|
|
| |
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
| |
|
|
| |
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
| |
|
|
|
|
|
| |
Otherwise the x509 parser in kernel cannot load a x509 certificate without
authorityKeyIdentifier.
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
| |
|
|
|
|
| |
trusted key
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
| |
|
|
| |
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
| |
|
|
| |
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
| |
|
|
| |
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
| |
|
|
|
|
| |
Meanwhile, the IMA user key is signed by system user key.
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
| |
|
|
|
| |
Signed-off-by: Guojian Zhou <guojian.zhou@windriver.com>
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
|
|
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
