mirrors/meta-secure-core
1
0
Fork 0
mirror of https://github.com/jiazhang0/meta-secure-core.git synced 2026-01-12 01:00:15 +00:00
Code Issues Projects Releases Wiki Activity
Files
225076287faf7e1289d2c11da2b5d27d609974ba
meta-secure-core/meta-signing-key/conf/layer.conf
Yi Zhao 225076287f layer.conf: add langdale to LAYERSERIES_COMPAT 
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
2022-11-03 09:47:47 +08:00

76 lines
2.5 KiB
Plaintext
Raw Blame History

# We have a conf and classes directory, add to BBPATH
BBPATH .= ":${LAYERDIR}"
# We have recipes-* directories, add to BBFILES
BBFILES += "${LAYERDIR}/recipes-*/*/*.bb \
${LAYERDIR}/recipes-*/*/*.bbappend"
BBFILE_COLLECTIONS += "signing-key"
BBFILE_PATTERN_signing-key = "^${LAYERDIR}/"
BBFILE_PRIORITY_signing-key = "10"
BBLAYERS_LAYERINDEX_NAME_signing-key = "meta-signing-key"
LAYERDEPENDS_signing-key = "core"
LAYERSERIES_COMPAT_signing-key = "honister kirkstone langdale"
SIGNING_MODEL ??= "sample"
SAMPLE_MOK_SB_KEYS_DIR = "${LAYERDIR}/files/mok_sb_keys"
SAMPLE_UEFI_SB_KEYS_DIR = "${LAYERDIR}/files/uefi_sb_keys"
SAMPLE_SYSTEM_TRUSTED_KEYS_DIR = "${LAYERDIR}/files/system_trusted_keys"
SAMPLE_SECONDARY_TRUSTED_KEYS_DIR = "${LAYERDIR}/files/secondary_trusted_keys"
SAMPLE_MODSIGN_KEYS_DIR = "${LAYERDIR}/files/modsign_keys"
SAMPLE_IMA_KEYS_DIR = "${LAYERDIR}/files/ima_keys"
SAMPLE_RPM_KEYS_DIR = "${LAYERDIR}/files/rpm_keys"
SAMPLE_BOOT_KEYS_DIR = "${LAYERDIR}/files/boot_keys"
# Microsoft certificates
MSFT_DB_CERT = "${LAYERDIR}/files/uefi_sb_keys/ms-DB.crt"
MSFT_KEK_CERT = "${LAYERDIR}/files/uefi_sb_keys/ms-KEK.crt"
# EV certificate
EV_CERT ??= "${LAYERDIR}/files/mok_sb_keys/wosign_ev_cert.crt"
# Use SELoader with the UEFI shim
UEFI_SELOADER ??= "1"
# Use gpg key to protect and verify all files used by grub
GRUB_SIGN_VERIFY ??= "0"
# Signing file extension
SB_FILE_EXT = "${@'.p7b' if d.getVar('UEFI_SELOADER', True) == "1" else '.sig'}"
# By default the sample keys are used
MOK_SB_KEYS_DIR ??= "${SAMPLE_MOK_SB_KEYS_DIR}"
UEFI_SB_KEYS_DIR ??= "${SAMPLE_UEFI_SB_KEYS_DIR}"
SYSTEM_TRUSTED_KEYS_DIR ??= "${SAMPLE_SYSTEM_TRUSTED_KEYS_DIR}"
SECONDARY_TRUSTED_KEYS_DIR ??= "${SAMPLE_SECONDARY_TRUSTED_KEYS_DIR}"
MODSIGN_KEYS_DIR ??= "${SAMPLE_MODSIGN_KEYS_DIR}"
IMA_KEYS_DIR ??= "${SAMPLE_IMA_KEYS_DIR}"
RPM_KEYS_DIR ??= "${SAMPLE_RPM_KEYS_DIR}"
BOOT_KEYS_DIR ??= "${SAMPLE_BOOT_KEYS_DIR}"
GRUB_PUB_KEY ??= "${BOOT_KEYS_DIR}/boot_pub_key"
# Define the identification of vendor
VENDOR_UUID ??= "1f7b9654-2107-4697-8f1c-0cbc38874588"
# User configurable identification of signature owner
UEFI_SIG_OWNER_GUID ??= "${VENDOR_UUID}"
SAMPLE_RPM_KEYNAME ??= "SecureCore"
RPM_GPG_NAME ??= "${SAMPLE_RPM_KEYNAME}"
RPM_GPG_PASSPHRASE ??= "SecureCore"
BOOT_GPG_NAME ??= "SecureBootCore"
BOOT_GPG_PASSPHRASE ??= "SecureCore"
BB_BASEHASH_IGNORE_VARS:append = " \
SYSTEM_TRUSTED_KEYS_DIR \
SECONDARY_TRUSTED_KEYS_DIR \
MODSIGN_KEYS_DIR \
IMA_KEYS_DIR \
RPM_KEYS_DIR \
UEFI_SB_KEYS_DIR MOK_SB_KEYS_DIR \
EV_CERT MSFT_DB_CERT MSFT_KEK_CERT \
"
Reference in New Issue View Git Blame Copy Permalink