Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc / refs/heads/master / . / meta-phosphor / recipes-phosphor / flash / phosphor-image-signing.bb
blob: 278cf35474b65cbc3c16cd7e7a1027b5f8113ee6 [file] [log] [blame]
Eddie Jamesb2b7ff62018-02-09 11:59:18 -0600[diff] [blame]1SUMMARY = "OpenBMC image signing public key"
2DESCRIPTION = "Public key information to be included in images for image verification."
Brad Bishop75f03872018-11-03 09:41:57 -0700[diff] [blame]3LICENSE = "Apache-2.0"
Brad Bishop6f3f0aa2019-09-13 12:14:05 -0400[diff] [blame]4LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/Apache-2.0;md5=89aea4e17d99a7cacdbeed46a0096b10"
Eddie Jamesb2b7ff62018-02-09 11:59:18 -0600[diff] [blame]5DEPENDS += "openssl-native"
6DEPENDS += "${@oe.utils.conditional('INSECURE_KEY', 'True', 'phosphor-insecure-signing-key-native', '', d)}"
Ed Tanous9936f862022-09-19 09:13:20 -0700[diff] [blame]7PR = "r1"
Eddie Jamesb2b7ff62018-02-09 11:59:18 -0600[diff] [blame]8
Lei YUce219762023-01-18 15:07:05 +0800[diff] [blame]9SIGNING_PUBLIC_KEY ?= ""
10SIGNING_PUBLIC_KEY_TYPE = "${@os.path.splitext(os.path.basename('${SIGNING_PUBLIC_KEY}'))[0]}"
Eddie Jamesb2b7ff62018-02-09 11:59:18 -0600[diff] [blame]11SIGNING_KEY ?= "${STAGING_DIR_NATIVE}${datadir}/OpenBMC.priv"
12SIGNING_KEY_TYPE = "${@os.path.splitext(os.path.basename('${SIGNING_KEY}'))[0]}"
Ed Tanous9936f862022-09-19 09:13:20 -0700[diff] [blame]13SYSROOT_DIRS:append = " ${sysconfdir}"
14
15inherit allarch
Eddie Jamesb2b7ff62018-02-09 11:59:18 -0600[diff] [blame]16
17do_install() {
Lei YUce219762023-01-18 15:07:05 +0800[diff] [blame]18 signing_key="${SIGNING_KEY}"
Lei YU88ed2732023-06-16 14:40:22 +0800[diff] [blame]19 if [ "${INSECURE_KEY}" = "True" ] && [ -n "${SIGNING_PUBLIC_KEY}" ]; then
Lei YUce219762023-01-18 15:07:05 +0800[diff] [blame]20 echo "Using SIGNING_PUBLIC_KEY"
21 signing_key=""
22 fi
23 if [ -n "${signing_key}" ] && [ -n "${SIGNING_PUBLIC_KEY}" ]; then
24 echo "Both SIGNING_KEY and SIGNING_PUBLIC_KEY are defined, expecting only one"
25 exit 1
26 fi
27 if [ -n "${signing_key}" ]; then
28 openssl pkey -in "${signing_key}" -pubout -out ${WORKDIR}/publickey
29 idir="${D}${sysconfdir}/activationdata/${SIGNING_KEY_TYPE}"
30 elif [ -n "${SIGNING_PUBLIC_KEY}" ]; then
31 cp "${SIGNING_PUBLIC_KEY}" ${WORKDIR}/publickey
32 idir="${D}${sysconfdir}/activationdata/${SIGNING_PUBLIC_KEY_TYPE}"
33 else
34 echo "No SIGNING_KEY or SIGNING_PUBLIC_KEY defined, expecting one"
35 exit 1
36 fi
Ed Tanous9936f862022-09-19 09:13:20 -0700[diff] [blame]37 echo HashType=RSA-SHA256 > "${WORKDIR}/hashfunc"
Ed Tanous9936f862022-09-19 09:13:20 -0700[diff] [blame]38 install -d ${idir}
39 install -m 644 ${WORKDIR}/publickey ${idir}
40 install -m 644 ${WORKDIR}/hashfunc ${idir}
Eddie Jamesb2b7ff62018-02-09 11:59:18 -0600[diff] [blame]41}
42
Ed Tanous9936f862022-09-19 09:13:20 -0700[diff] [blame]43FILES:${PN} += "${sysconfdir}/activationdata/"
44
45INSECURE_KEY = "${@'${SIGNING_KEY}' == '${STAGING_DIR_NATIVE}${datadir}/OpenBMC.priv'}"