# We have a conf and classes directory, add to BBPATH BBPATH .= ":${LAYERDIR}" # We have recipes-* directories, add to BBFILES BBFILES += "${LAYERDIR}/recipes-*/*/*.bb \ ${LAYERDIR}/recipes-*/*/*.bbappend" BBFILE_COLLECTIONS += "signing-key" BBFILE_PATTERN_signing-key = "^${LAYERDIR}/" BBFILE_PRIORITY_signing-key = "10" BBLAYERS_LAYERINDEX_NAME_signing-key = "meta-signing-key" LAYERDEPENDS_signing-key = "core" LAYERSERIES_COMPAT_signing-key = "rocko" SIGNING_MODEL ??= "sample" SAMPLE_MOK_SB_KEYS_DIR = "${LAYERDIR}/files/mok_sb_keys" SAMPLE_UEFI_SB_KEYS_DIR = "${LAYERDIR}/files/uefi_sb_keys" SAMPLE_SYSTEM_TRUSTED_KEYS_DIR = "${LAYERDIR}/files/system_trusted_keys" SAMPLE_SECONDARY_TRUSTED_KEYS_DIR = "${LAYERDIR}/files/secondary_trusted_keys" SAMPLE_MODSIGN_KEYS_DIR = "${LAYERDIR}/files/modsign_keys" SAMPLE_IMA_KEYS_DIR = "${LAYERDIR}/files/ima_keys" SAMPLE_RPM_KEYS_DIR = "${LAYERDIR}/files/rpm_keys" # Microsoft certificates MSFT_DB_CERT = "${LAYERDIR}/files/uefi_sb_keys/ms-DB.crt" MSFT_KEK_CERT = "${LAYERDIR}/files/uefi_sb_keys/ms-KEK.crt" # EV certificate EV_CERT ??= "${LAYERDIR}/files/mok_sb_keys/wosign_ev_cert.crt" # By default the sample keys are used MOK_SB_KEYS_DIR ??= "${SAMPLE_MOK_SB_KEYS_DIR}" UEFI_SB_KEYS_DIR ??= "${SAMPLE_UEFI_SB_KEYS_DIR}" SYSTEM_TRUSTED_KEYS_DIR ??= "${SAMPLE_SYSTEM_TRUSTED_KEYS_DIR}" SECONDARY_TRUSTED_KEYS_DIR ??= "${SAMPLE_SECONDARY_TRUSTED_KEYS_DIR}" MODSIGN_KEYS_DIR ??= "${SAMPLE_MODSIGN_KEYS_DIR}" IMA_KEYS_DIR ??= "${SAMPLE_IMA_KEYS_DIR}" RPM_KEYS_DIR ??= "${SAMPLE_RPM_KEYS_DIR}" # Define the identification of vendor VENDOR_UUID = "1f7b9654-2107-4697-8f1c-0cbc38874588" # User configurable identification of signature owner UEFI_SIG_OWNER_GUID ??= "${VENDOR_UUID}" SAMPLE_RPM_KEYNAME ??= "SecureCore" RPM_GPG_NAME ?= "${SAMPLE_RPM_KEYNAME}" RPM_GPG_PASSPHRASE ?= "SecureCore" BB_HASHBASE_WHITELIST_append += "\ SYSTEM_TRUSTED_KEYS_DIR \ SECONDARY_TRUSTED_KEYS_DIR \ MODSIGN_KEYS_DIR \ IMA_KEYS_DIR \ RPM_KEYS_DIR \ UEFI_SB_KEYS_DIR MOK_SB_KEYS_DIR \ EV_CERT MSFT_DB_CERT MSFT_KEK_CERT \ "