Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc / 615f2f11d3f46e3eae642475495a7ca4cfddc49e / . / meta-security / meta-integrity / classes / kernel-modsign.bbclass
blob: d3aa7fb7072795d0cf28e9f0b2dfb097ee2f1f6c [file] [log] [blame]
Brad Bishop26bdd442019-08-16 17:08:17 -0400[diff] [blame]1# No default! Either this or MODSIGN_PRIVKEY/MODSIGN_X509 have to be
2# set explicitly in a local.conf before activating kernel-modsign.
3# To use the insecure (because public) example keys, use
4# MODSIGN_KEY_DIR = "${INTEGRITY_BASE}/data/debug-keys"
Andrew Geisslerd159c7f2021-09-02 21:05:58 -0500[diff] [blame]5MODSIGN_KEY_DIR ??= "MODSIGN_KEY_DIR_NOT_SET"
Brad Bishop26bdd442019-08-16 17:08:17 -0400[diff] [blame]6
7# Private key for modules signing. The default is okay when
8# using the example key directory.
9MODSIGN_PRIVKEY ?= "${MODSIGN_KEY_DIR}/privkey_modsign.pem"
10
11# Public part of certificates used for modules signing.
12# The default is okay when using the example key directory.
13MODSIGN_X509 ?= "${MODSIGN_KEY_DIR}/x509_modsign.crt"
14
15# If this class is enabled, disable stripping signatures from modules
Andrew Geissler615f2f12022-07-15 14:00:58 -0500[diff] [blame^]16# as well disable the debug symbols split
Brad Bishop26bdd442019-08-16 17:08:17 -0400[diff] [blame]17INHIBIT_PACKAGE_STRIP = "1"
Andrew Geissler615f2f12022-07-15 14:00:58 -0500[diff] [blame^]18INHIBIT_PACKAGE_DEBUG_SPLIT = "1"
Brad Bishop26bdd442019-08-16 17:08:17 -0400[diff] [blame]19
Patrick Williams213cb262021-08-07 19:21:33 -0500[diff] [blame]20kernel_do_configure:prepend() {
Brad Bishop26bdd442019-08-16 17:08:17 -0400[diff] [blame]21 if [ -f "${MODSIGN_PRIVKEY}" -a -f "${MODSIGN_X509}" ]; then
22 cat "${MODSIGN_PRIVKEY}" "${MODSIGN_X509}" \
23 > "${B}/modsign_key.pem"
24 else
25 bberror "Either modsign key or certificate are invalid"
26 fi
27}
28
Patrick Williams213cb262021-08-07 19:21:33 -0500[diff] [blame]29do_shared_workdir:append() {
Brad Bishop26bdd442019-08-16 17:08:17 -0400[diff] [blame]30 cp modsign_key.pem $kerneldir/
31}