8 Commits

Author SHA1 Message Date
Tom Rini 4dd6fcc736 meta-efi-secure-boot: Ensure openssl-native exists when we need it
In order to deploy our secure boot keys in DER format we need to use
openssl.  This must be listed in our DEPENDS line in order for the
sysroot to be populated correctly when we run do_sign.  Also drop the
explicit fakeroot on our empty grub-efi do_sign as we may not have
globally populated virtual/fakeroot-native at that point in time.

Fixes: 92316d4b40 ("meta-signing-key: When deploying keys UEFI keys, deploy DER format")
Signed-off-by: Tom Rini <trini@konsulko.com>
2018-12-08 09:42:41 +08:00
Yi Zhao 33ec1d1f82 linux-yocto-efi-secure-boot: using shutil.copyfile instead of shutil.move to copy kernel p7b file
In commit 1c96c0d096, the kernel p7b file
is moved from ${B}/${KERNEL_OUTPUT_DIR}/ to ${D}/boot/. But in
do_deploy(), it still try to copy p7b file from ${B}/${KERNEL_OUTPUT_DIR}/
to ${DEPLOYDIR}/. Using shutil.copyfile instead of shutil.move to fix
this issue.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
2018-06-20 13:11:47 +08:00
Yi Zhao 231fc4906f linux-yocto-efi-secure-boot: fix typo
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
2018-06-20 13:11:47 +08:00
Tom Rini 1c96c0d096 linux-yocto-efi-secure-boot: Package unversioned signature as symlink
To match the usual user experience of having /boot/${KERNEL_IMAGETYPE}
exist as a symlink to the real kernrel, also have our signature file
exist for that as a symlink and include it in the package file.

Signed-off-by: Tom Rini <trini@konsulko.com>
2018-05-13 14:16:05 +08:00
Lans Zhang 676968891f Fix the occurrence of checking the existence of signing keys
packagegroups are not the end consumers of using user-key-store.

Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
2017-07-12 11:22:40 +08:00
Lans Zhang e664a331d5 code style fixup
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
2017-06-29 10:52:06 +08:00
Lans Zhang dcc933df6e linux-yocto-efi-secure-boot: don't use sccs to define the included kernel cfg
The variable sccs is used internally and thus it will be corrupted by the external
definition.

Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
2017-06-26 11:25:31 +08:00
Lans Zhang 1b3e594449 meta-secure-core: initial commit
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
2017-06-22 15:24:04 +08:00