mirrors/meta-secure-core
1
0
Fork 0
mirror of https://github.com/jiazhang0/meta-secure-core.git synced 2026-01-12 01:00:15 +00:00
Code Issues Projects Releases Wiki Activity
Files
bbd671ca72d0f850165416e571bf3d12628bb982
meta-secure-core/meta-efi-secure-boot/recipes-bsp/seloader/seloader_git.bb
Yi Zhao bbd671ca72 meta-secure-core: Handle bitbake variable renaming 
This is the result of automated script conversion:
poky/scripts/contrib/convert-variable-renames.py meta-secure-core

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
2022-04-08 09:05:06 +08:00

99 lines
3.0 KiB
BlitzBasic
Raw Blame History

SUMMARY = "The bootloader capable of authenticating the PE and non-PE files."
DESCRIPTION = "The SELoader is designed to authenticate the non-PE files, \
such as grub configuration, initrd, grub modules, which cannot be verified \
by the MOK Verify Protocol registered by shim loader. \
\
In order to conveniently authenticate the PE file with gBS->LoadImage() \
and gBS->StartImage(), the SELoader hooks EFI Security2 Architectural \
Protocol and employs MOK Verify Protocol to verify the PE file. If only \
UEFI Secure Boot is enabled, the SELoader just simplily calls \
gBS->LoadImage() and gBS->StartImage() to allow BIOS to verify PE file. \
\
The SELoader publishes MOK2 Verify Protocol which provides a flexible \
interface to allow the bootloader to verify the file, file buffer or \
memory buffer without knowing the file format. \
"
AUTHOR = "Jia Zhang"
HOMEPAGE = "https://github.com/jiazhang0/SELoader"
SECTION = "bootloaders"
LICENSE = "BSD-3-Clause"
LIC_FILES_CHKSUM = "file://LICENSE;md5=d9bf404642f21afb4ad89f95d7bc91ee"
DEPENDS += "\
gnu-efi sbsigntool-native openssl-native ovmf \
"
PV = "0.4.6+git${SRCPV}"
SRC_URI = "\
git://github.com/jiazhang0/SELoader.git;branch=master;protocol=https \
"
SRCREV = "8b90f76a8df51d9020e67824026556434f407086"
S = "${WORKDIR}/git"
COMPATIBLE_HOST = '(i.86|x86_64).*-linux'
PARALLEL_MAKE = ""
inherit deploy user-key-store
EXTRA_OEMAKE = "\
CROSS_COMPILE="${TARGET_PREFIX}" \
SBSIGN=${STAGING_BINDIR_NATIVE}/sbsign \
gnuefi_libdir=${STAGING_LIBDIR} \
LIB_GCC="`${CC} -print-libgcc-file-name`" \
"
EFI_ARCH:x86 = "ia32"
EFI_ARCH:x86-64 = "x64"
EFI_TARGET = "/boot/efi/EFI/BOOT"
python do_sign() {
sb_sign(d.expand('${B}/Src/Efi/SELoader.efi'), \
d.expand('${B}/Src/Efi/SELoader.efi.signed'), d)
}
addtask sign after do_compile before do_install
do_sign[prefuncs] += "check_deploy_keys"
do_install() {
install -d ${D}${EFI_TARGET}
oe_runmake install EFI_DESTDIR=${D}${EFI_TARGET}
# Remove precompiled files, now provided by OVMF
rm -f ${D}${EFI_TARGET}/Hash2DxeCrypto.efi
rm -f ${D}${EFI_TARGET}/Pkcs7VerifyDxe.efi
if [ x"${UEFI_SB}" = x"1" ]; then
if [ x"${MOK_SB}" != x"1" ]; then
mv "${D}${EFI_TARGET}/SELoader${EFI_ARCH}.efi" \
"${D}${EFI_TARGET}/boot${EFI_ARCH}.efi"
fi
fi
}
do_deploy() {
# Deploy the unsigned images for manual signing
install -d "${DEPLOYDIR}/efi-unsigned"
install -m 0600 "${B}/Src/Efi/SELoader.efi" \
"${DEPLOYDIR}/efi-unsigned/SELoader${EFI_ARCH}.efi"
# Deploy the signed images
if [ x"${UEFI_SB}" = x"1" -a x"${MOK_SB}" != x"1" ]; then
SEL_NAME=boot
else
SEL_NAME=SELoader
fi
install -m 0600 "${D}${EFI_TARGET}/${SEL_NAME}${EFI_ARCH}.efi" \
"${DEPLOYDIR}/${SEL_NAME}${EFI_ARCH}.efi"
}
addtask deploy after do_install before do_build
RDEPENDS:${PN} += "ovmf-pkcs7-efi"
FILES:${PN} += "${EFI_TARGET}"
SSTATE_ALLOW_OVERLAP_FILES += "${DEPLOY_DIR_IMAGE}/efi-unsigned"
Reference in New Issue View Git Blame Copy Permalink