diff --git a/meta/recipes-core/images/secure-core-image-initramfs.bb b/meta/recipes-core/images/secure-core-image-initramfs.bb index d868600..a7369b1 100644 --- a/meta/recipes-core/images/secure-core-image-initramfs.bb +++ b/meta/recipes-core/images/secure-core-image-initramfs.bb @@ -27,7 +27,7 @@ IMAGE_LINGUAS = "" IMAGE_FSTYPES = "${INITRAMFS_FSTYPES}" -inherit core-image +inherit core-image user-key-store IMAGE_ROOTFS_SIZE = "8192" IMAGE_ROOTFS_EXTRA_SPACE = "0" @@ -35,3 +35,54 @@ IMAGE_ROOTFS_EXTRA_SPACE = "0" INITRAMFS_MAXSIZE = "256000" BAD_RECOMMENDATIONS += "busybox-syslog" + +DEPENDS += "openssl-native" + +fakeroot python do_sign_class-target() { + import shutil + + deploy_dir = d.getVar('DEPLOYDIR', True) + img_deploy_dir = d.getVar('IMGDEPLOYDIR', True) + image_name = d.getVar('IMAGE_NAME', True) + image_link_name = d.getVar('IMAGE_LINK_NAME', True) + sb_file_ext = d.getVar('SB_FILE_EXT', True) + + if not os.path.exists(deploy_dir): + os.mkdir(deploy_dir) + + for type in d.getVar('IMAGE_FSTYPES', True).split(): + type_ext = '.' + type + + image = os.path.join(img_deploy_dir, image_name + type_ext) + image_ext = image + sb_file_ext + uks_bl_sign(image, d) + + link_ext = os.path.join(img_deploy_dir, image_link_name + type_ext + sb_file_ext) + if os.path.lexists(link_ext): + os.remove(link_ext) + os.symlink(os.path.basename(image + sb_file_ext), link_ext) + shutil.move(image_ext, deploy_dir) + shutil.move(link_ext, deploy_dir) +} + +python do_sign() { +} + +SSTATETASKS += "do_sign" + +DEPLOYDIR = "${WORKDIR}/deploy-${PN}-sign" + +addtask sign after do_image_complete before do_build +do_sign[prefuncs] += "check_deploy_keys" +do_sign[prefuncs] += "${@'check_boot_public_key' if d.getVar('GRUB_SIGN_VERIFY', True) == '1' else ''}" +do_sign[sstate-name] = "sign" +do_sign[sstate-inputdirs] = "${DEPLOYDIR}" +do_sign[sstate-outputdirs] = "${DEPLOY_DIR_IMAGE}" + +python do_sign_setscene() { + sstate_setscene(d) +} + +addtask do_sign_setscene + +do_sign[dirs] = "${DEPLOYDIR} ${DEPLOY_DIR_IMAGE}"