meta-quanta: meta-common: enable TLS with static CA and specific user
Add Security Feature:
1. default-users: Add static User "Megapede"
2. enable-tls: Enable TLS authentication with static CA
3. phosphor-monitor-hostname: Generate a self-signed certificate once
the hostname is assigned
Note:
1. CA PATH:
meta-quanta\meta-common\recipes-phosphor\certificate\phosphor-certificate-manager\certs\authority
All CAs under the folder will be encapsulated into the firmware image
Signed-off-by: AlanKuo <Alan_Kuo@quantatw.com>
Change-Id: Ie1216e1219fafe968363470a84f7b80da27de8c7
diff --git a/meta-common/recipes-quanta/enable-tls/enable-tls.bb b/meta-common/recipes-quanta/enable-tls/enable-tls.bb
new file mode 100644
index 0000000..fca483e
--- /dev/null
+++ b/meta-common/recipes-quanta/enable-tls/enable-tls.bb
@@ -0,0 +1,22 @@
+SUMMARY = "Enable TLS with static CA"
+DESCRIPTION = "Add static CA and only enable TLS authentication"
+LICENSE = "Apache-2.0"
+LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/Apache-2.0;md5=89aea4e17d99a7cacdbeed46a0096b10"
+
+FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
+
+SRC_URI += "file://certs/authority/ \
+ file://bmcweb_persistent_data.json \
+ "
+do_install(){
+ install -d ${D}${sysconfdir}/ssl/certs/authority
+ install -m 0644 -D ${WORKDIR}/certs/authority/* \
+ ${D}${sysconfdir}/ssl/certs/authority
+
+ install -d ${D}${ROOT_HOME}
+ install -m 0640 ${WORKDIR}/bmcweb_persistent_data.json ${D}${ROOT_HOME}
+}
+
+FILES_${PN} = "${ROOT_HOME}/bmcweb_persistent_data.json \
+ ${sysconfdir}/ssl/certs/authority/* \
+ "
diff --git a/meta-common/recipes-quanta/enable-tls/enable-tls/bmcweb_persistent_data.json b/meta-common/recipes-quanta/enable-tls/enable-tls/bmcweb_persistent_data.json
new file mode 100644
index 0000000..aa50152
--- /dev/null
+++ b/meta-common/recipes-quanta/enable-tls/enable-tls/bmcweb_persistent_data.json
@@ -0,0 +1 @@
+{"auth_config":{"BasicAuth":false,"Cookie":false,"SessionToken":false,"TLS":true,"XToken":false}}
diff --git a/meta-common/recipes-quanta/enable-tls/enable-tls/certs/authority/Quanta_CA.crt b/meta-common/recipes-quanta/enable-tls/enable-tls/certs/authority/Quanta_CA.crt
new file mode 100755
index 0000000..77e5b2c
--- /dev/null
+++ b/meta-common/recipes-quanta/enable-tls/enable-tls/certs/authority/Quanta_CA.crt
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDkDCCAnigAwIBAgIIRnUufKw0mL8wDQYJKoZIhvcNAQELBQAwPTELMAkGA1UE
+BhMCVFcxDzANBgNVBAoTBlF1YW50YTELMAkGA1UECxMCQ0ExEDAOBgNVBAMTB09w
+ZW5CTUMwHhcNMjAwMTAxMDAwMDAwWhcNMzYxMjMxMjM1OTU5WjA9MQswCQYDVQQG
+EwJUVzEPMA0GA1UEChMGUXVhbnRhMQswCQYDVQQLEwJDQTEQMA4GA1UEAxMHT3Bl
+bkJNQzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANyBHOcnaVt4K1lt
+msTmFzIBf1sI/HV7XW6VMICOOESUv/vrMxCNOzhil4J+CWpFjwkk8zGK6tiLXmMe
+3/oa6qqHN0GXd7XoyBn3XRrr/L2gKipUsWlYk43Wq0TX2ugEcCWqOr0Ol4TcuD4Z
++pswkgHxqJtbfiWd1sTKpbCvjbnlN9EKir52DRZie0m8ANIbTp/KPVmY+UAU7Vz/
+QpYemolsrwupzWJbz34jC2rnNw8HFBHIMyNLJVocUkCVYy5ka0dRk+APC3VWX4C6
+1GmUd4ZQZs4LayyfQcK3Tb+PkNCf9AxBE8eId0lHpufq2Uhml1Lwrfh/1TObCwkW
+ufgv6HsCAwEAAaOBkzCBkDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTpEhTE
+nCIZo7dCDFtqUjMRcOI9SDAfBgNVHSMEGDAWgBTpEhTEnCIZo7dCDFtqUjMRcOI9
+SDALBgNVHQ8EBAMCAb4wHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBEG
+CWCGSAGG+EIBAQQEAwIAxzANBgkqhkiG9w0BAQsFAAOCAQEAaw2to4hiADeZO/WF
+UMxrKjB4mbpHOb8cn3HIBIkrE6XxpH6T9MaZh7xi7kyyiuVNGh70lh+qxBUmVf5B
+OF2NSF6ffDrW86dMNV+tKlByHElUqWFcWgU1XFipcN7u0aeFkfPsqG4BwcZlBUEN
+rr9GDFNNadmjnoVA3deVTu4kHTVz6vg0vJExDfBHhNBWsLzLizRIebv9jumJlHPl
+I99czz3NQKVjm8z/BlWaMxpWU/bLxL2Aq/6rQ0iCoeIPJqHubG1CmGwI7k9ZQTUh
+VAMKR4W7JAul+CK8oEC7TAVU2L2fk6g+eSwU12HgO+IUOXmdp3bPtGkk73wG4iOj
+hN2Bow==
+-----END CERTIFICATE-----