Eddie James | b2b7ff6 | 2018-02-09 11:59:18 -0600 | [diff] [blame] | 1 | SUMMARY = "OpenBMC image signing public key" |
| 2 | DESCRIPTION = "Public key information to be included in images for image verification." |
Brad Bishop | 75f0387 | 2018-11-03 09:41:57 -0700 | [diff] [blame] | 3 | LICENSE = "Apache-2.0" |
Brad Bishop | 6f3f0aa | 2019-09-13 12:14:05 -0400 | [diff] [blame] | 4 | LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/Apache-2.0;md5=89aea4e17d99a7cacdbeed46a0096b10" |
Eddie James | b2b7ff6 | 2018-02-09 11:59:18 -0600 | [diff] [blame] | 5 | DEPENDS += "openssl-native" |
| 6 | DEPENDS += "${@oe.utils.conditional('INSECURE_KEY', 'True', 'phosphor-insecure-signing-key-native', '', d)}" |
Ed Tanous | 9936f86 | 2022-09-19 09:13:20 -0700 | [diff] [blame] | 7 | PR = "r1" |
Eddie James | b2b7ff6 | 2018-02-09 11:59:18 -0600 | [diff] [blame] | 8 | |
Lei YU | ce21976 | 2023-01-18 15:07:05 +0800 | [diff] [blame] | 9 | SIGNING_PUBLIC_KEY ?= "" |
| 10 | SIGNING_PUBLIC_KEY_TYPE = "${@os.path.splitext(os.path.basename('${SIGNING_PUBLIC_KEY}'))[0]}" |
Eddie James | b2b7ff6 | 2018-02-09 11:59:18 -0600 | [diff] [blame] | 11 | SIGNING_KEY ?= "${STAGING_DIR_NATIVE}${datadir}/OpenBMC.priv" |
| 12 | SIGNING_KEY_TYPE = "${@os.path.splitext(os.path.basename('${SIGNING_KEY}'))[0]}" |
Ed Tanous | 9936f86 | 2022-09-19 09:13:20 -0700 | [diff] [blame] | 13 | SYSROOT_DIRS:append = " ${sysconfdir}" |
| 14 | |
| 15 | inherit allarch |
Eddie James | b2b7ff6 | 2018-02-09 11:59:18 -0600 | [diff] [blame] | 16 | |
| 17 | do_install() { |
Lei YU | ce21976 | 2023-01-18 15:07:05 +0800 | [diff] [blame] | 18 | signing_key="${SIGNING_KEY}" |
Lei YU | 88ed273 | 2023-06-16 14:40:22 +0800 | [diff] [blame^] | 19 | if [ "${INSECURE_KEY}" = "True" ] && [ -n "${SIGNING_PUBLIC_KEY}" ]; then |
Lei YU | ce21976 | 2023-01-18 15:07:05 +0800 | [diff] [blame] | 20 | echo "Using SIGNING_PUBLIC_KEY" |
| 21 | signing_key="" |
| 22 | fi |
| 23 | if [ -n "${signing_key}" ] && [ -n "${SIGNING_PUBLIC_KEY}" ]; then |
| 24 | echo "Both SIGNING_KEY and SIGNING_PUBLIC_KEY are defined, expecting only one" |
| 25 | exit 1 |
| 26 | fi |
| 27 | if [ -n "${signing_key}" ]; then |
| 28 | openssl pkey -in "${signing_key}" -pubout -out ${WORKDIR}/publickey |
| 29 | idir="${D}${sysconfdir}/activationdata/${SIGNING_KEY_TYPE}" |
| 30 | elif [ -n "${SIGNING_PUBLIC_KEY}" ]; then |
| 31 | cp "${SIGNING_PUBLIC_KEY}" ${WORKDIR}/publickey |
| 32 | idir="${D}${sysconfdir}/activationdata/${SIGNING_PUBLIC_KEY_TYPE}" |
| 33 | else |
| 34 | echo "No SIGNING_KEY or SIGNING_PUBLIC_KEY defined, expecting one" |
| 35 | exit 1 |
| 36 | fi |
Ed Tanous | 9936f86 | 2022-09-19 09:13:20 -0700 | [diff] [blame] | 37 | echo HashType=RSA-SHA256 > "${WORKDIR}/hashfunc" |
Ed Tanous | 9936f86 | 2022-09-19 09:13:20 -0700 | [diff] [blame] | 38 | install -d ${idir} |
| 39 | install -m 644 ${WORKDIR}/publickey ${idir} |
| 40 | install -m 644 ${WORKDIR}/hashfunc ${idir} |
Eddie James | b2b7ff6 | 2018-02-09 11:59:18 -0600 | [diff] [blame] | 41 | } |
| 42 | |
Ed Tanous | 9936f86 | 2022-09-19 09:13:20 -0700 | [diff] [blame] | 43 | FILES:${PN} += "${sysconfdir}/activationdata/" |
| 44 | |
| 45 | INSECURE_KEY = "${@'${SIGNING_KEY}' == '${STAGING_DIR_NATIVE}${datadir}/OpenBMC.priv'}" |