linux-yocto-integrity: fix modsign key path

Use modsign key directly from uks_modsign_keys_path(d), rather than from installed package. Signed-off-by: Dmitry Eremin-Solenikov <dmitry_eremin-solenikov@mentor.com>
2026-01-13 01:21:40 +00:00 · 2019-09-16 16:00:09 +03:00
parent 24d27e9f97
commit b41010c80c
1 changed files with 3 additions and 1 deletions
--- a/meta-integrity/recipes-kernel/linux/linux-yocto-integrity.inc
+++ b/meta-integrity/recipes-kernel/linux/linux-yocto-integrity.inc
@@ -17,9 +17,11 @@ SRC_URI += "\

 INHIBIT_PACKAGE_STRIP = "${@'1' if d.getVar('MODSIGN_ENABLED', True) == '1' else '0'}"

+inherit ${@'user-key-store' if d.getVar('MODSIGN_ENABLED', True) == '1' else ''}
+
 do_configure_prepend() {
    sys_cert="${STAGING_DIR_TARGET}${sysconfdir}/keys/system_trusted_key.crt"
-    modsign_key="${STAGING_DIR_TARGET}${sysconfdir}/keys/modsign_key.key"
+    modsign_key="${@uks_modsign_keys_dir(d)}/modsign_key.key"
    modsign_cert="${STAGING_DIR_TARGET}${sysconfdir}/keys/modsign_key.crt"

    if [ -f "$sys_cert" ]; then