Currently softhsm will try to access deleted obejcts due to the order of
atexit handler implementations. Add a patch which adds a global variable
to track whether objects are deleted and prevents access if this is the
case.
This fixes a failure with the signing.bbclass where when signing
multiple fitimage configurations the second signing operation will lead
to a segfault.
Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
[Edited Message Follows]
[Reason: include softhsm2.module only in FILES if pk11 is set in PACKAGECONFIG]
From 216dba6552f2b3a65c3fc9b586736d93132a0166 Mon Sep 17 00:00:00 2001
From: "Gassner, Tobias.ext" <tobias.gassner.ext@karlstorz.com>
Date: Thu, 18 Jan 2024 12:50:22 +0100
Subject: [PATCH] softhsm_2.6.1.bb fixing p11-kit module path, adding
softhsm2.module to FILES
In order for the softhsm module to be discoverable by p11-kit proxy the
softhsm2.module file must be deployed to ${datadir}/p11-kit/modules.
This was previously not the case. Also the p11-kit module path
(--with-p11-kit) seemed to point to the wrong directory and had a syntax
error (two == instead one =).
Signed-off-by: Gassner, Tobias.ext <tobias.gassner.ext@karlstorz.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
We already depend on sqlite, but the objectstore backend using it is not
enabled by default. Add the necessary configure option.
The db backend is more robust when accessing the objectstore from many
parallel processes (such as during kernel module signing).
Signed-off-by: Jan Luebbe <jlu@pengutronix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
SoftHSMv2 actually only uses the sqlite library. With the check for the
sqlite3 binary, building with the DB backend would mean depending on
sqlite-native.
Signed-off-by: Jan Luebbe <jlu@pengutronix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This is the result of automated script (0.9.1) conversion:
oe-core/scripts/contrib/convert-overrides.py .
converting the metadata to use ":" as the override character instead of "_".
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
meta-security has this pkg to but newer. Move from meta-sec to meta-oe
minor cleanups.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This is useful for consolidation of code-signing interfaces when
building an image with verified boot mechanisms or signed update
artifacts. It can also be used on the target as a backend for software
which uses the PKCS#11 API to access private key material.
Signed-off-by: Jan Luebbe <jlu@pengutronix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Rouven Czerwinski
Gassner, Tobias.ext
Jan Luebbe
Martin Jansa
akuster