20 Commits

Author SHA1 Message Date
Mingli Yu 5a8d5924a2 meta-efi-secure-boot: check efi-secure-boot DISTRO_FEATURES
Fix the below yocto compliance issue:
  INFO: ======================================================================
  INFO: FAIL: test_signatures (common.CommonCheckLayer)
  INFO: ----------------------------------------------------------------------
  INFO: Traceback (most recent call last):
   File "/build/layers/oe-core/scripts/lib/checklayer/cases/common.py", line 81, in test_signatures
    self.fail('Adding layer %s changed signatures.\n%s' % (self.tc.layer['name'], msg))
AssertionError: Adding layer meta-efi-secure-boot changed signatures.
17 signatures changed, initial differences (first hash before, second after):
   ovmf-native:do_configure: 98621d634860b524863c76c61a3b48d7aa4080bbe87b02a848ae6574ca349b5e -> 51b7ed0cd68914fe2a74e7db489ee0251fde1feab3ff4826e6df8a8be6f710bc
      bitbake-diffsigs --task ovmf-native do_configure --signature 98621d634860b524863c76c61a3b48d7aa4080bbe87b02a848ae6574ca349b5e 51b7ed0cd68914fe2a74e7db489ee0251fde1feab3ff4826e6df8a8be6f710bc
      NOTE: Starting bitbake server...
      basehash changed from 8b274e0d376c63104cbbcc0004a3758f2673d9e7f959854a0ffaa82ea04a9653 to d53127a75e96264ab92cffc956f93864435d48d1a0bf22899b35f78f1daf3bb3
      Variable PACKAGECONFIG value changed:
      @@ -1,3 +1,3 @@
      - ${@bb.utils.contains('MACHINE_FEATURES', 'tpm', 'tpm', '', d)} ${@bb.utils.contains('MACHINE_FEATURES', 'tpm2', 'tpm', '', d)}
      + ${@bb.utils.contains('MACHINE_FEATURES', 'tpm', 'tpm', '', d)} ${@bb.utils.contains('MACHINE_FEATURES', 'tpm2', 'tpm', '', d)} secureboot
       MACHINE_FEATURES{tpm} = Unset
       MACHINE_FEATURES{tpm2} = Unset

Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
2022-12-06 09:16:14 +08:00
Yi Zhao bbd671ca72 meta-secure-core: Handle bitbake variable renaming
This is the result of automated script conversion:
poky/scripts/contrib/convert-variable-renames.py meta-secure-core

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
2022-04-08 09:05:06 +08:00
Yi Zhao fea6a37625 recipes: update SRC_URI branch and protocols
Update SRC_URIs using git to include branch=master if no branch is set
and also to use protocol=https for github urls.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
2021-11-15 09:56:02 +08:00
Yi Zhao 4042043742 meta-secure-core: Convert to new override syntax
Converting the metadata to use ":" as the override character instead of "_".

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
2021-08-09 18:51:13 +08:00
Dmitry Eremin-Solenikov 883be5aff5 seloader: use pkcs7 drivers from OVMF
Rather than using pre-compiled EFI drivers, use freshly compiled drivers
from OVMF source tree.

Signed-off-by: Dmitry Eremin-Solenikov <dmitry_eremin-solenikov@mentor.com>
2019-09-04 16:39:59 +03:00
Tom Rini 6274757665 meta-efi-secure-boot: Ensure openssl-native exists when we need it
In order to deploy our secure boot keys in DER format we need to use
openssl.  This must be listed in our DEPENDS line in order for the
sysroot to be populated correctly when we run do_sign.  Also drop the
explicit fakeroot on our empty grub-efi do_sign as we may not have
globally populated virtual/fakeroot-native at that point in time.

Fixes: 92316d4b40 ("meta-signing-key: When deploying keys UEFI keys, deploy DER format")
Signed-off-by: Tom Rini <trini@konsulko.com>
2018-11-07 23:40:20 +08:00
Jia Zhang 139a9b656d Clean up the stuffs for stable branches
The following commits are reverted by the way:

- seloader: Fix building for rocko (bc6bbe2)
- meta-integrity: rpm: Add back in required patches for rocko (5fa9c85)

Because they are only applicable to rocko.

Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>
2018-09-20 21:21:37 -04:00
Yi Zhao e778286de8 seloader: add the deployed artifacts to SSTATE_DUPWHITELIST
The oe-core commit 05f6042a40bb772f7ce8d6819c5b2937d8c9808d removed
DEPLOY_DIR_IMAGE from SSTATE_DUPWHITELIST which caused a do_depoy error
when enable multilib:

$ bitbake seloader lib32-seloader

ERROR: lib32-seloader-0.4.6+gitAUTOINC+8b90f76a8d-r0 do_deploy: The
recipe lib32-seloader is trying to install files into a shared area when
those files already exist. Those files and their manifest location are:
  /buildarea/build/tmp-glibc/deploy/images/qemux86-64/Pkcs7VerifyDxe.efi
      (matched in manifest-qemux86_64-seloader.deploy)
  /buildarea/build/tmp-glibc/deploy/images/qemux86-64/Hash2DxeCrypto.efi
      (matched in manifest-qemux86_64-seloader.deploy)
  /buildarea/build/tmp-glibc/deploy/images/qemux86-64/efi-unsigned/Pkcs7VerifyDxe.efi
      (matched in manifest-qemux86_64-seloader.deploy)
  /buildarea/build/tmp-glibc/deploy/images/qemux86-64/efi-unsigned/Hash2DxeCrypto.efi
      (matched in manifest-qemux86_64-seloader.deploy)
Please verify which recipe should provide the above files.

Add the deployed artifacts to SSTATE_DUPWHITELIST to fix this issue.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
2018-09-06 16:57:21 +08:00
Tom Rini bc6bbe2bde seloader: Fix building for rocko
When building on rocko we have gnu-efi version 3.0.6 around and seloader
needs to be told this for certain string functions to be provided by
itself rather than gnu-efi.  Add in conditional logic to pass this only
for rocko.

Signed-off-by: Tom Rini <trini@konsulko.com>
2018-07-31 22:48:35 +08:00
Jia Zhang b127b760c0 seloader: Update to 0.4.6
Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>
2018-07-17 05:40:04 -04:00
Jia Zhang b23950cf55 seloader: sync up with the latest
Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>
2018-05-20 07:21:54 -04:00
Jia Zhang fb838242ad seloader: sync up with upstream
Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>
2018-02-28 23:10:04 -05:00
Jia Zhang 99f7472019 seloader: sync up with upstream
Signed-off-by: Jia Zhang <qianyue.zj@alibaba-inc.com>
2017-10-27 23:27:07 +08:00
Lans Zhang a50e927a87 seloader: sync up with upstream
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
2017-07-13 15:54:12 +08:00
Lans Zhang 9de8b3cf78 seloader,libsign: fix homepage URLs
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
2017-07-13 13:14:47 +08:00
Lans Zhang 6d7f0155e3 seloader, libsign, cryptfs-tpm2: code style fixup
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
2017-07-13 10:27:45 +08:00
Lans Zhang 676968891f Fix the occurrence of checking the existence of signing keys
packagegroups are not the end consumers of using user-key-store.

Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
2017-07-12 11:22:40 +08:00
Lans Zhang 1ec1fed661 seloader: sync up with upstream
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
2017-07-03 15:53:47 +08:00
Lans Zhang e664a331d5 code style fixup
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
2017-06-29 10:52:06 +08:00
Lans Zhang 1b3e594449 meta-secure-core: initial commit
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
2017-06-22 15:24:04 +08:00