| SUMMARY = "OpenBMC image signing public key" |
| DESCRIPTION = "Public key information to be included in images for image verification." |
| LICENSE = "Apache-2.0" |
| LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/Apache-2.0;md5=89aea4e17d99a7cacdbeed46a0096b10" |
| DEPENDS += "openssl-native" |
| DEPENDS += "${@oe.utils.conditional('INSECURE_KEY', 'True', 'phosphor-insecure-signing-key-native', '', d)}" |
| PR = "r1" |
| |
| SIGNING_PUBLIC_KEY ?= "" |
| SIGNING_PUBLIC_KEY_TYPE = "${@os.path.splitext(os.path.basename('${SIGNING_PUBLIC_KEY}'))[0]}" |
| SIGNING_KEY ?= "${STAGING_DIR_NATIVE}${datadir}/OpenBMC.priv" |
| SIGNING_KEY_TYPE = "${@os.path.splitext(os.path.basename('${SIGNING_KEY}'))[0]}" |
| SYSROOT_DIRS:append = " ${sysconfdir}" |
| |
| inherit allarch |
| |
| do_install() { |
| signing_key="${SIGNING_KEY}" |
| if [ "${INSECURE_KEY}" = "True" ] && [ -n "${SIGNING_PUBLIC_KEY}" ]; then |
| echo "Using SIGNING_PUBLIC_KEY" |
| signing_key="" |
| fi |
| if [ -n "${signing_key}" ] && [ -n "${SIGNING_PUBLIC_KEY}" ]; then |
| echo "Both SIGNING_KEY and SIGNING_PUBLIC_KEY are defined, expecting only one" |
| exit 1 |
| fi |
| if [ -n "${signing_key}" ]; then |
| openssl pkey -in "${signing_key}" -pubout -out ${WORKDIR}/publickey |
| idir="${D}${sysconfdir}/activationdata/${SIGNING_KEY_TYPE}" |
| elif [ -n "${SIGNING_PUBLIC_KEY}" ]; then |
| cp "${SIGNING_PUBLIC_KEY}" ${WORKDIR}/publickey |
| idir="${D}${sysconfdir}/activationdata/${SIGNING_PUBLIC_KEY_TYPE}" |
| else |
| echo "No SIGNING_KEY or SIGNING_PUBLIC_KEY defined, expecting one" |
| exit 1 |
| fi |
| echo HashType=RSA-SHA256 > "${WORKDIR}/hashfunc" |
| install -d ${idir} |
| install -m 644 ${WORKDIR}/publickey ${idir} |
| install -m 644 ${WORKDIR}/hashfunc ${idir} |
| } |
| |
| FILES:${PN} += "${sysconfdir}/activationdata/" |
| |
| INSECURE_KEY = "${@'${SIGNING_KEY}' == '${STAGING_DIR_NATIVE}${datadir}/OpenBMC.priv'}" |