15 Commits

Author SHA1 Message Date
Tom Rini 6274757665 meta-efi-secure-boot: Ensure openssl-native exists when we need it
In order to deploy our secure boot keys in DER format we need to use
openssl.  This must be listed in our DEPENDS line in order for the
sysroot to be populated correctly when we run do_sign.  Also drop the
explicit fakeroot on our empty grub-efi do_sign as we may not have
globally populated virtual/fakeroot-native at that point in time.

Fixes: 92316d4b40 ("meta-signing-key: When deploying keys UEFI keys, deploy DER format")
Signed-off-by: Tom Rini <trini@konsulko.com>
2018-11-07 23:40:20 +08:00
Jia Zhang 139a9b656d Clean up the stuffs for stable branches
The following commits are reverted by the way:

- seloader: Fix building for rocko (bc6bbe2)
- meta-integrity: rpm: Add back in required patches for rocko (5fa9c85)

Because they are only applicable to rocko.

Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>
2018-09-20 21:21:37 -04:00
Yi Zhao e778286de8 seloader: add the deployed artifacts to SSTATE_DUPWHITELIST
The oe-core commit 05f6042a40bb772f7ce8d6819c5b2937d8c9808d removed
DEPLOY_DIR_IMAGE from SSTATE_DUPWHITELIST which caused a do_depoy error
when enable multilib:

$ bitbake seloader lib32-seloader

ERROR: lib32-seloader-0.4.6+gitAUTOINC+8b90f76a8d-r0 do_deploy: The
recipe lib32-seloader is trying to install files into a shared area when
those files already exist. Those files and their manifest location are:
  /buildarea/build/tmp-glibc/deploy/images/qemux86-64/Pkcs7VerifyDxe.efi
      (matched in manifest-qemux86_64-seloader.deploy)
  /buildarea/build/tmp-glibc/deploy/images/qemux86-64/Hash2DxeCrypto.efi
      (matched in manifest-qemux86_64-seloader.deploy)
  /buildarea/build/tmp-glibc/deploy/images/qemux86-64/efi-unsigned/Pkcs7VerifyDxe.efi
      (matched in manifest-qemux86_64-seloader.deploy)
  /buildarea/build/tmp-glibc/deploy/images/qemux86-64/efi-unsigned/Hash2DxeCrypto.efi
      (matched in manifest-qemux86_64-seloader.deploy)
Please verify which recipe should provide the above files.

Add the deployed artifacts to SSTATE_DUPWHITELIST to fix this issue.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
2018-09-06 16:57:21 +08:00
Tom Rini bc6bbe2bde seloader: Fix building for rocko
When building on rocko we have gnu-efi version 3.0.6 around and seloader
needs to be told this for certain string functions to be provided by
itself rather than gnu-efi.  Add in conditional logic to pass this only
for rocko.

Signed-off-by: Tom Rini <trini@konsulko.com>
2018-07-31 22:48:35 +08:00
Jia Zhang b127b760c0 seloader: Update to 0.4.6
Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>
2018-07-17 05:40:04 -04:00
Jia Zhang b23950cf55 seloader: sync up with the latest
Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>
2018-05-20 07:21:54 -04:00
Jia Zhang fb838242ad seloader: sync up with upstream
Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>
2018-02-28 23:10:04 -05:00
Jia Zhang 99f7472019 seloader: sync up with upstream
Signed-off-by: Jia Zhang <qianyue.zj@alibaba-inc.com>
2017-10-27 23:27:07 +08:00
Lans Zhang a50e927a87 seloader: sync up with upstream
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
2017-07-13 15:54:12 +08:00
Lans Zhang 9de8b3cf78 seloader,libsign: fix homepage URLs
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
2017-07-13 13:14:47 +08:00
Lans Zhang 6d7f0155e3 seloader, libsign, cryptfs-tpm2: code style fixup
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
2017-07-13 10:27:45 +08:00
Lans Zhang 676968891f Fix the occurrence of checking the existence of signing keys
packagegroups are not the end consumers of using user-key-store.

Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
2017-07-12 11:22:40 +08:00
Lans Zhang 1ec1fed661 seloader: sync up with upstream
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
2017-07-03 15:53:47 +08:00
Lans Zhang e664a331d5 code style fixup
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
2017-06-29 10:52:06 +08:00
Lans Zhang 1b3e594449 meta-secure-core: initial commit
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
2017-06-22 15:24:04 +08:00