summaryrefslogtreecommitdiffstats
path: root/meta-signing-key
Commit message (Collapse)AuthorAgeFilesLines
* meta-signing-key: clean up the default values of sample RPM signing keyLans Zhang2017-08-151-1/+2
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* meta-signing-key: renew the sample keys for UEFI Secure BootLans Zhang2017-08-146-127/+129
| | | | | | The DB and KEK now are self-signed. Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* create-user-key-store.sh: gpg key creation updatesLans Zhang2017-08-112-20/+34
| | | | | | | | - code style fixup - remove gen_rpm_keyring script - check gpg version Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* create-user-key-store.sh: self-sign KEK and DBLans Zhang2017-08-011-2/+2
| | | | | | | UEFI spec never ask for the fact that KEK must be signed by PK and DB must be signed by KEK. Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* meta-secure-core: code style fixupLans Zhang2017-07-281-1/+1
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* user-key-store.bbclass: set SYSTEM_TRUSTED only if ima is configuredLans Zhang2017-07-251-1/+1
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* user-key-store.bbclass: don't run check_deploy_keys in parallelLans Zhang2017-07-251-0/+2
| | | | | | | | | | | Set lockfile for task check_deploy_keys() to avoid the race error from 'cp -af': cp: cannot create regular file '.../tmp/deploy/images/intel-x86-64/ sample-keys/uefi_sb_keys/DBX/DBX.key': File exists Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* meta-secure-core: define the oe index nameLans Zhang2017-07-201-0/+4
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* Add the missing COPYING.MIT filesLans Zhang2017-07-131-0/+17
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* create-user-key-store.sh: add the support of the creation for RPM signingLans Zhang2017-07-132-0/+67
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* Fix the occurrence of checking the existence of signing keysLans Zhang2017-07-121-0/+2
| | | | | | packagegroups are not the end consumers of using user-key-store. Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* key-store-rpm-pubkey: fix installation failureLans Zhang2017-07-111-2/+2
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* README: cleanupLans Zhang2017-07-111-7/+3
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* user-key-store: don't call anonymous functionLans Zhang2017-07-111-1/+1
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* create-user-key-store.sh: clean up subject and support password protection ↵Lans Zhang2017-07-111-12/+23
| | | | | | for private key Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* meta-signing-key: replace the sample keysLans Zhang2017-07-1114-283/+286
| | | | | | | - Remove USER@host from the certificate subject field - IMA signing key is protected by a password Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* Code style fixupLans Zhang2017-07-041-14/+14
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* meta-integrity: implement the system trusted cert and IMA trusted certLans Zhang2017-07-049-76/+101
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* meta-signing-key: enable authorityKeyIdentifier for x509 v3Lans Zhang2017-07-036-54/+57
| | | | | | | Otherwise the x509 parser in kernel cannot load a x509 certificate without authorityKeyIdentifier. Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* meta-signing-keys: use DER-formatted system trusted key and signed IMA ↵Lans Zhang2017-07-034-52/+52
| | | | | | trusted key Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* user-key-store: clean up the code styleLans Zhang2017-07-031-80/+16
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* Use the DER-formatted system trusted keyLans Zhang2017-07-032-4/+26
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* Rename .pem to .crtLans Zhang2017-07-0312-26/+7
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* create-user-key-store.sh: restructured for self-signing and ca signingLans Zhang2017-06-291-57/+51
| | | | | | Meanwhile, the IMA user key is signed by system user key. Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* Ignore the KEYS DIR in the do_package and do_sign task dependenceGuojian Zhou2017-06-231-0/+4
| | | | | Signed-off-by: Guojian Zhou <guojian.zhou@windriver.com> Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* meta-secure-core: initial commitLans Zhang2017-06-2224-0/+1276
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-08-06 07:15:34 +0000