| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes the following error when set DEBUG_BUILD = "1":
fileio.c: In function ‘__fileio_read_file’:
fileio.c:179:12: error: ‘len’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
179 | *out_len = len;
| ~~~~~~~~~^~~~~
fileio.c:178:12: error: ‘buf’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
178 | *out_buf = buf;
| ~~~~~~~~~^~~~~
cc1: all warnings being treated as errors
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
There is a build error if the /tmp directory is mounted with noexec
option:
lib/ccan.git/tools/create-ccan-tree: line 130: /tmp/tmp.MSe2mg2hM5/ccan_depends: Permission denied
Specify a local TMPDIR to fix it.
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
commit fa5550d97de6("sbsigntool: Update to latest and change repos")
tried to fix compilation for arm architectures.
Due to the changes in the upstream package though host gnu-efi was
required to compile the package. Also that commit removed a useful
commit (-x support on sbsigntool), which I mistakenly remembered it was
already upstreamed.
So fix the gnu-efi error and fixup the useful patch to keep the
existring functionality. The old package was also depending on
binutils-dev being installed on the host. Fix that and depend on
binutils-native.
While at it purge the unused patches.
Fixes: commit fa5550d97de6("sbsigntool: Update to latest and change repos")
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
| |
|
|
|
|
|
|
| |
The current sbsigntool repo is ancient and doesn't support native arm
binaries. Let's switch to the current upstream and adjust the recipe
accordingly, allowing the package to be used in native arm machines
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
fix below error caused by: openssl->libsign-native->openssl
DEBUG: Dependency loop #1 found:
Dependency loop #1 found:
...
oe-core commits "bitbake.conf/python: Drop setting RDEPENDS/RPROVIDES default"
and "native: Stop clearing PACKAGES" refactor usage of RDEPENDS
Signed-off-by: Changqing Li <changqing.li@windriver.com>
|
| | |
|
| |
|
|
| |
Signed-off-by: Bartłomiej Burdukiewicz <bartlomiej.burdukiewicz@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Adapt to recent psuedo changes.
Fixes:
ERROR: grub-efi-2.04-r0 do_sign: Failed to import gpg key
gpg: key 9E3086F96EEECC34/9E3086F96EEECC34: error sending to agent: End of file
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
|
| |
|
|
|
|
| |
allow openssl x509 '--days' parameter to be specified via command line argument
Signed-off-by: Corey Cothrum <contact@coreycothrum.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If GPG_PATH is already created by signing-keys do_get_public_keys task,
subsequent executions of do_package_write_rpm will not create the
gpg-agent.conf file anymore.
Therefore, the spawned gpg-agent will miss important features such as
auto-expand-secmem, leading to the following intermittent build errors:
....
Subprocess output:
gpg: signing failed: Cannot allocate memory
gpg: signing failed: Cannot allocate memory
error: gpg exec failed (2)
gpg: signing failed: Cannot allocate memory
gpg: signing failed: Cannot allocate memory
error: gpg exec failed (2)
...
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
|
| |
|
|
|
|
|
|
| |
Replace weak des3 encryption with more secure algorithm aes256 to
generate ima key in script create-user-key-store.sh.
Signed-off-by: David Dunlap <david.dunlap@windriver.com>
Signed-off-by: Kai Kang <kai.kang@windriver.com>
|
| |
|
|
| |
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
It shows qa issue when multilib is enabled:
| ERROR: lib32-key-store-0.1-r0 do_package: QA Issue:
lib32-key-store package lib32-key-store-rpm-pubkey - suspicious values 'rpm' in RDEPENDS [multilib]
Prepend MLPREFIX to runtime dependency 'rpm' to fix the issue.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
|
| |
|
|
| |
Signed-off-by: Christophe Priouzeau <christophe.priouzeau@st.com>
|
| |
|
|
|
|
|
|
|
| |
The gpg-agent daemon will be triggered to run in function boot_sign,
This daemon will not exit even after building project.
So kill the gpg-agent daemon after gpg signing process
at the end of function boot_sign.
Signed-off-by: De Huo <De.Huo@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
"--pinentry-mode=loopback"
The option --pinentry-mode is not supported in gpg 2.0.22 code.
so when the host gpg version is 2.0.22 the option will be removed.
Start gpg-agent daemon when gpg-connect-agent reload agent failed.
Otherwise there will be below failure message reported.
gpg: can't connect to the agent - trying fall back
gpg: can't connect to the agent: IPC connect call failed
gpg: problem with the agent: No agent running
Signed-off-by: De Huo <De.Huo@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If GPG_PATH is already created by signing-keys do_get_public_keys task,
subsequent executions of do_package_write_rpm will fail with "Filename too
long" errors (this only affects builds using GPG paths larger than 80
characters).
Fix this race condition by making sure that the redirection files are always
present in the gpg homedir even if the directory already exists when the first
package_write_rpm task executes.
Also, make sure this new approach does not affect GPG_PATHs smaller than 80
chars.
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
|
| |
|
|
| |
Signed-off-by: Drew Moseley <drew.moseley@northern.tech>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, an error will be thrown when trying to use a GPG homedir whose path
length exceeds 80 characters. This limitation can be worked around by providing
libassuan socket redirection files for "S.gpg-agent.yocto-native",
"S.gpg-agent.ssh", "S.gpg-agent.browser" and "S.gpg-agent.extra"
sockets. The redirection files will point to the real sockets in /tmp
directory. The sockets will be automatically cleaned up by gpg agent.
References:
[1] https://dev.gnupg.org/T1752
[2] https://gnupg.org/documentation/manuals/assuan.pdf
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
|
| |
|
|
|
|
|
|
|
|
| |
If efi-secure-boot distro feature is enabled, let the possibility to
enable only the UEFI SecureBoot (through UEFI_SB Bitbake variable)
without MOK_SB variable.
Allow explicitly overriding the MOK_SB Bitbake variable.
Signed-off-by: Sandra Tobajas <sandra.tobajas@savoirfairelinux.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On some host configuration such as ubuntu 16.04 the gnupg in /usr/bin
is the 1.x version. This can cause problems between the import and
signing process if the gpg version is different. The commands in the
user-key-store class assume gnupg is at least version 2.2 or newer.
To avoid the signing phase failing for the efitools and the kernel,
the user-key-store class should depend on the gnupg-native binaries.
It avoids this specific error:
ERROR: efitools-1.9.2+gitAUTOINC+392836a46c-r0 do_sign: Failed to sign: /opt/tmp-glibc/work/corei7-64-wrs-linux/efitools/1.9.2+gitAUTOINC+392836a46c-r0/image/boot/efi/EFI/BOOT/LockDown.efi
ERROR: Logfile of failure stored in: /opt/tmp-glibc/work/corei7-64-wrs-linux/efitools/1.9.2+gitAUTOINC+392836a46c-r0/temp/log.do_sign.22969
NOTE: recipe efitools-1.9.2+gitAUTOINC+392836a46c-r0: task do_sign: Failed
[ Issue: LIN1019-3757 ]
Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Issue: LIN1018-450
Under extremely rare circumstances, access can be denied to /tmp,
so we specify a local TMPDIR.
This is a cherry-pick of 886c44b from WRL 10.17.
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Sample keys are required in order for the signing to succeed when
using grub boot verification. The keys are only used when
GRUB_SIGN_VERIFY = "1", and it is intended that and user would
generate new keys with the create-user-key-store.sh.
[ Issue: LINUXEXEC-2450 ]
Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit makes the SELoader entire optional and allows it to be
removed, with the intended replacement being to use grub's built in
gpg key verification.
It will be possible in a template or local.conf:
UEFI_SELOADER = "0"
GRUB_SIGN_VERIFY = "1"
[ Issue: LINUXEXEC-2450 ]
Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The create-user-key-store.sh was changed in a number ways to improve
the usability with other layers that will consume the key services
provided by meta-secure-core.
New features:
* A safety check was added that keys can only be written to a fresh
empty directory.
* The script can be run non-iteractively or interactively for the ease of use.
* gpg 1.x support and gpg 2.x support work with the passphrases
* A keys.conf is generated to allow a single line to be written into the
local.conf with all the keys.
An interactive session looks like:
==================================
./create-user-key-store.sh -d /tmp/test
KEYS_DIR: /tmp/test
Enter RPM/OSTree GPG keyname (use dashes instead of spaces) [default: PKG-SecureCore]: PKG-Sample-Man
Enter RPM/OSTree GPG e-mail address [default: SecureCore@foo.com]: sample.man@sample.com
Enter RPM/OSTREE GPG comment [default: Signing Key]: Sample Signing Key
Using boot loader gpg name: BOOT-Sample-Man
Using boot loader gpg email: sample.man@sample.com
Using boot loader gpg comment: Sample Signing Key
Press control-c now if and use -bn -bm -bc arguments if you want
different values other than listed above
Enter RPM/OSTREE passphrase: abc1234
Enter IMA passphrase: 1234pass
Enter boot loader GPG passphrase: bootup
Enter boot loader locked configuration password(e.g. grub pw): root
MASTER_KEYS_DIR = "/tmp/test"
IMA_KEYS_DIR = "${MASTER_KEYS_DIR}/ima_keys"
IMA_EVM_KEY_DIR = "${MASTER_KEYS_DIR}/ima_keys"
RPM_KEYS_DIR = "${MASTER_KEYS_DIR}/rpm_keys"
BOOT_KEYS_DIR = "${MASTER_KEYS_DIR}/boot_keys"
MOK_SB_KEYS_DIR = "${MASTER_KEYS_DIR}/mok_sb_keys"
SYSTEM_TRUSTED_KEYS_DIR = "${MASTER_KEYS_DIR}/system_trusted_keys"
UEFI_SB_KEYS_DIR = "${MASTER_KEYS_DIR}/uefi_sb_keys"
GRUB_PUB_KEY = "${MASTER_KEYS_DIR}/boot_keys/boot_pub_key"
GRUB_PW_FILE = "${MASTER_KEYS_DIR}/boot_keys/boot_cfg_pw"
OSTREE_GPGDIR = "${MASTER_KEYS_DIR}/rpm_keys"
RPM_GPG_NAME = "PKG-Sample-Man"
RPM_GPG_PASSPHRASE = "abc1234"
RPM_FSK_PASSWORD = "1234pass"
BOOT_GPG_NAME = "BOOT-Sample-Man"
BOOT_GPG_PASSPHRASE = "bootup"
OSTREE_GPGID = "PKG-Sample-Man"
OSTREE_GPG_PASSPHRASE = "abc1234"
OSTREE_GRUB_PW_FILE = "${GRUB_PW_FILE}"
[ Issue: LINUXEXEC-2450 ]
Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Allow SELoader to be an optional component for secure boot
verification. The GPG_SIGN_VERIFY variable was added to control the
ability to have grub perform all of the verification of the loaded
files using a public key which gets built into grub at the time that
mkimage is run.
It is not intended that GPG_SIGN_VERIFY and UEFI_SELOADER would both
be set to "1". While this configuration could work, it makes very
little sense to use the system that way.
Also enabled is the tftp feature for grub as a builtin. This allows
grub to start from the network when the UEFI is configured to boot off
the network with tftp.
[ Issue: LINUXEXEC-2450 ]
Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This changes the rpm signing setup to use a generic routine
check_gpg_key(), in order that the boot loader gpg signing can use the
same infrastructure.
For now the boot loader gpg signing will only support grub and
introduces the variable:
GRUB_SIGN_VERIFY = "1"
This variable is a control point to activate the code in grub-efi to
perform file verification of any file it loads against a gpg key which
is linked into the boot loader with grub-mkimage. It will also cause
all the other files such as the kernel, initramfs and LockDown.efi to
be signed such that grub will verify the files.
[ Issue: LINUXEXEC-2450 ]
Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
|
| |
|
| |
Signed-off-by: Maxim Uvarov <maxim.uvarov@linaro.org>
|
| |
|
|
|
|
|
| |
Having a private key package might allow one to pull it into rootfs
which is really, really bad. So drop all private key packages.
Signed-off-by: Dmitry Eremin-Solenikov <dmitry_eremin-solenikov@mentor.com>
|
| |\
| |
| | |
meta-signing-key/conf/layer.conf: use weak assignment for RPM_GPG_NAM…
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
RPM_GPG_PASSPHRASE
Use weak assignment for RPM_GPG_NAME and RPM_GPG_PASSPHRASE so these
values could be overridden in other conf files.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
|
| |/ |
|
| |
|
|
|
|
|
| |
The bb.build.FuncFailed had been removed in bitbake with commit
cfeffb602dd5319f071cd6bcf84139ec77f2d170. Use bb.fatal instead of it.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
|
| |
|
|
| |
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
|
| |
|
|
|
|
|
|
|
| |
If sample keys are selected, key-store service will deploy IMA private
key during first boot, but beople may be confused if we deploy a sample
private key like "xxx.crt", so this commit is making sure key/cert on
target are consistent with key files on build system.
Signed-off-by: Yunguo Wei <yunguo.wei@windriver.com>
|
| |
|
|
|
|
|
|
|
| |
Generally speaking, for firmware to import PK/KEK/DB keys they need to
be in the binary "DER" format and typically have the "cer" file
extension. When deploying our keys, convert what we have to that format
and deploy as well for ease of use.
Signed-off-by: Tom Rini <trini@konsulko.com>
|
| |
|
|
| |
Signed-off-by: Yunguo Wei <yunguo.wei@windriver.com>
|
| |
|
|
|
|
|
|
| |
Since `9ec5a8a layer.conf: Drop sumo from LAYERSERIES_CORENAMES' and
`9867924 layer.conf: Add thud to LAYERSERIES_CORENAMES' applied in oe-core,
update LAYERSERIES_COMPAT `sumo' -> `thud'
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
The following commits are reverted by the way:
- seloader: Fix building for rocko (bc6bbe2)
- meta-integrity: rpm: Add back in required patches for rocko (5fa9c85)
Because they are only applicable to rocko.
Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>
|
| |
|
|
|
|
|
| |
SECURITY_LDFLAGS includes -fstack-protector-strong which cannot work
with CCLD. To work around this issue, filter out it from LDFLAGS.
Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>
|
| |
|
|
|
|
| |
- Use CCLD to build executable and library.
Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
After postinst was executed at do_rootfs successfully,
there will be no first boot to redo.
Since `229f4e9 package.bbclass: add support for
pkg_postinst_ontarget()' applied in oe-core, use
pkg_postinst_ontarget to instead.
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
|
| |
|
|
|
|
|
| |
Bump up to the current top of libsign so that we can easily get a copy
of selsign that can be put into an SDK.
Signed-off-by: Tom Rini <trini@konsulko.com>
|
| |
|
|
|
|
|
|
| |
There are times were we might want to include sbsigntool into an SDK so
rename the recipe and extend to include nativesdk. We also need gnu-efi
to support nativesdk so include that in a bbappend.
Signed-off-by: Tom Rini <trini@konsulko.com>
|
| |
|
|
|
|
|
| |
As we also work with the 'rocko' release list that in our
LAYERSERIES_COMPAT.
Signed-off-by: Tom Rini <trini@konsulko.com>
|
| |
|
|
| |
parsed as true
|
| |
|
|
|
|
| |
see https://patchwork.openembedded.org/patch/140542/
Signed-off-by: Trevor Woerner <twoerner@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Currently we provide a secondary trusted key that is signed by the
primary key. We do not however DER encode this certificate. Update
the key-store recipe to also make a DER encoding of this certificate and
include it in the same package as the PEM version of the certificate.
In the IMA init script, if we have any secondary certificate in a DER
encoding, load them into the secondary keyring before we try and load
the IMA keys.
Signed-off-by: Tom Rini <trini@konsulko.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The way that the create-user-key-store.sh script creates what it has
been calling "extra_system_trusted_key" is really what would be
considered a "secondary" trusted key as it is signed by the primary key
that we create. To make this clearer, as there are other cases for an
"extra trusted system key" that are not this key, update the variables,
package names, etc, to reflect "secondary" not "extra system".
Requested-by: Jia Zhang <zhang.jia@linux.alibaba.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
|
| |
|
|
|
|
|
|
| |
We're missing a leading '-' when we combine pn and ima-privkey here,
add.
Signed-off-by: Michael Grigorov <michael.grigorov@konsulko.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
|
