mirror of
https://github.com/jiazhang0/meta-secure-core.git
synced 2026-07-16 04:36:58 +00:00
Fix the occurrence of checking the existence of signing keys
packagegroups are not the end consumers of using user-key-store. Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
This commit is contained in:
@@ -9,11 +9,6 @@ S = "${WORKDIR}"
|
||||
|
||||
ALLOW_EMPTY_${PN} = "1"
|
||||
|
||||
# Check and deploy keys to ${DEPLOY_DIR_IMAGE}
|
||||
inherit user-key-store
|
||||
|
||||
do_install[postfuncs] += "check_deploy_keys"
|
||||
|
||||
pkgs = "\
|
||||
grub-efi \
|
||||
efitools \
|
||||
|
||||
@@ -69,6 +69,7 @@ python do_prepare_signing_keys() {
|
||||
os.utime(d.expand('${S}/DBX.esl'), (time_stamp, time_stamp))
|
||||
}
|
||||
addtask prepare_signing_keys after do_configure before do_compile
|
||||
do_prepare_signing_keys[prefuncs] += "check_deploy_keys"
|
||||
|
||||
do_install_append() {
|
||||
install -d ${D}${EFI_BOOT_PATH}
|
||||
|
||||
@@ -126,6 +126,7 @@ fakeroot python do_sign_class-target() {
|
||||
fakeroot python do_sign() {
|
||||
}
|
||||
addtask sign after do_install before do_deploy do_package
|
||||
do_sign[prefuncs] += "check_deploy_keys"
|
||||
|
||||
# Override the do_deploy() in oe-core.
|
||||
do_deploy_class-target() {
|
||||
|
||||
@@ -58,6 +58,7 @@ python do_sign() {
|
||||
d.expand('${B}/Bin/Pkcs7VerifyDxe.efi.signed'), d)
|
||||
}
|
||||
addtask sign after do_compile before do_install
|
||||
do_sign[prefuncs] += "check_deploy_keys"
|
||||
|
||||
do_install() {
|
||||
install -d ${D}${EFI_TARGET}
|
||||
|
||||
@@ -94,6 +94,7 @@ python do_prepare_signing_keys() {
|
||||
shutil.copyfile(d.expand('${EV_CERT}'), d.expand('${S}/shim.pem'))
|
||||
}
|
||||
addtask prepare_signing_keys after do_configure before do_compile
|
||||
do_prepare_signing_keys[prefuncs] += "check_deploy_keys"
|
||||
|
||||
python do_sign() {
|
||||
# The pre-signed shim binary will override the one built from the
|
||||
|
||||
@@ -17,6 +17,7 @@ fakeroot python do_sign() {
|
||||
uks_sel_sign(initramfs, d)
|
||||
}
|
||||
addtask sign after do_install before do_deploy do_package
|
||||
do_sign[prefuncs] += "check_deploy_keys"
|
||||
|
||||
do_deploy() {
|
||||
initramfs=""
|
||||
|
||||
@@ -37,6 +37,7 @@ fakeroot python do_sign() {
|
||||
# Make sure the kernel image has been signed before kernel_do_deploy()
|
||||
# which prepares the kernel image for creating usb/iso.
|
||||
addtask sign after do_install before do_package do_populate_sysroot do_deploy
|
||||
do_sign[prefuncs] += "check_deploy_keys"
|
||||
|
||||
fakeroot python do_sign_bundled_kernel() {
|
||||
import re
|
||||
|
||||
@@ -7,11 +7,6 @@ S = "${WORKDIR}"
|
||||
|
||||
ALLOW_EMPTY_${PN} = "1"
|
||||
|
||||
# Check and deploy keys to ${DEPLOY_DIR_IMAGE}
|
||||
inherit user-key-store
|
||||
|
||||
do_install[postfuncs] += "check_deploy_keys"
|
||||
|
||||
RDEPENDS_${PN} = "\
|
||||
ima-evm-utils \
|
||||
"
|
||||
|
||||
@@ -82,6 +82,8 @@ do_install() {
|
||||
fi
|
||||
}
|
||||
|
||||
do_install[prefuncs] += "check_deploy_keys"
|
||||
|
||||
SYSROOT_PREPROCESS_FUNCS += "key_store_sysroot_preprocess"
|
||||
|
||||
key_store_sysroot_preprocess() {
|
||||
|
||||
Reference in New Issue
Block a user