witherspoon: Enable BMC signature verification Enable signature verification in the phosphor-software-manager code for witherspoon. This causes an error to be logged if updating to an unsigned image, or image signed with a different key than the one on the system, and if field mode is set, it'll stop the activation process. Tested: Signature verification is enforced on witherspoon, verified error is logged with and without field mode enabled, and activation is prevented with field mode enabled. Change-Id: Ifc8f8054f8d852cc16942af9cbf58d60aff3fc33 Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>

commit: fc3300a81dd05262d3dba7d3f2ebdf7dcf640948 [log] [tgz]
author: Adriana Kobylak <anoo@us.ibm.com> Thu Mar 29 15:16:09 2018 -0500
committer: Brad Bishop <bradleyb@fuzziesquirrel.com> Fri Apr 13 14:22:08 2018 +0000
tree: 4f8154be807bc10f623f69734dece4fd521a6715
parent: 1ddf5a7f13e25fde48158a0fd8de67fa46c85302 [diff]
diff --git a/meta-ibm/meta-witherspoon/recipes-phosphor/flash/phosphor-software-manager.bbappend b/meta-ibm/meta-witherspoon/recipes-phosphor/flash/phosphor-software-manager.bbappend
index feab2c1..21ee4da 100644
--- a/meta-ibm/meta-witherspoon/recipes-phosphor/flash/phosphor-software-manager.bbappend
+++ b/meta-ibm/meta-witherspoon/recipes-phosphor/flash/phosphor-software-manager.bbappend

@@ -2,3 +2,6 @@
 BMC_RO_MTD = "alt-bmc+bmc"
 BMC_KERNEL_MTD = "bmc"
 BMC_RW_SIZE = "0x600000"
+
+# Enable signature verification by DISTRO_FEATURE obmc-ubi-fs
+PACKAGECONFIG_append_df-obmc-ubi-fs = " verify_signature"
commit	fc3300a81dd05262d3dba7d3f2ebdf7dcf640948	[log] [tgz]
author	Adriana Kobylak <anoo@us.ibm.com>	Thu Mar 29 15:16:09 2018 -0500
committer	Brad Bishop <bradleyb@fuzziesquirrel.com>	Fri Apr 13 14:22:08 2018 +0000
tree	4f8154be807bc10f623f69734dece4fd521a6715
parent	1ddf5a7f13e25fde48158a0fd8de67fa46c85302 [diff]