commit | 7ab55e208b9454e7ee20d288d61424f4b7effb72 | [log] [tgz] |
---|---|---|
author | Lei YU <yulei.sh@bytedance.com> | Wed May 19 13:26:53 2021 +0800 |
committer | Lei YU <yulei.sh@bytedance.com> | Tue Jun 22 09:26:05 2021 +0000 |
tree | 77bcc7dd2b07437b761cb5a0af4545ccf32726f8 | |
parent | 92c7e9ebb1892122d4c142d1387eb0c12584f52e [diff] |
image_verify: Support other images The code was verifying BMC images only, make it support other images e.g. BIOS tarball. The change moves the verifySignature() call before checking the purpose, so that every image is to be verified. The `Signature::verify()` is updated to support: * If the BMC images exists in the tarball, verify all of them; * If one of the optional images exists in the taball, verify it; * Return true when either BMC or the optional images are verfied. The `optional-images` config option removes the "choices", so that a bbappend could set its own optional images, e.g. `bios.bin`, `fpga.bin`, etc. Be noted that the code in verifyFullImage() uses hard-coded images when WANT_SIGNATURE_FULL_VERIFY is defined, which is not generic. So if WANT_SIGNATURE_FULL_VERIFY is defined, the verify will fail for BIOS tarball. Tested: Enable field mode and verify the BIOS code update fails on invalid or missing signatures, and succeeds on valid signatures. Signed-off-by: Lei YU <yulei.sh@bytedance.com> Change-Id: Id5e1d2eb2c3daec91f24819ec78fa864dc92f0b1
Phosphor BMC Code Management provides a set of system software management applications. More information can be found at Software Architecture
To build this package, do the following steps:
meson build
ninja -C build
To clean the repository run rm -r build
.