mirror of
https://git.yoctoproject.org/meta-security
synced 2026-01-11 15:00:34 +00:00
4082afb8a9
If measured-uki support is not enabled or build is continuing from previous stages, then the matching file list can be empty. Fixes build failure where sed says no input files. Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
21 lines
840 B
Plaintext
21 lines
840 B
Plaintext
PACKAGECONFIG:append = " ${@bb.utils.contains('DISTRO_FEATURES', 'tpm2', 'tpm2', '', d)}"
|
|
|
|
# for encrypted filesystems
|
|
PACKAGECONFIG:append = " \
|
|
${@bb.utils.contains('DISTRO_FEATURES', 'tpm2', 'cryptsetup cryptsetup-plugins efi openssl repart', '', d)} \
|
|
"
|
|
|
|
# ukify.py and systemd-measure don't work in cross compile environment without
|
|
# a tpm2 device, thus switch from measured-uki (new in v256) back to tpm2
|
|
# (default before v256).
|
|
# TODO: use swtpm-native to calculate TPM measurements
|
|
do_install:append() {
|
|
if "${@bb.utils.contains('DISTRO_FEATURES', 'tpm2', 'true', 'false', d)}"; then
|
|
FILES=$( grep -rl ^ConditionSecurity=measured-uki ${D} || true )
|
|
if [ "$FILES" != "" ]; then
|
|
sed -i -e "s/^ConditionSecurity=measured-uki/ConditionSecurity=tpm2/g" \
|
|
$FILES
|
|
fi
|
|
fi
|
|
}
|