diff options
author | takeshi_hoshina <takeshi_hoshina@mail.toyota.co.jp> | 2020-11-02 11:07:33 +0900 |
---|---|---|
committer | takeshi_hoshina <takeshi_hoshina@mail.toyota.co.jp> | 2020-11-02 11:07:33 +0900 |
commit | 1c7d6584a7811b7785ae5c1e378f14b5ba0971cf (patch) | |
tree | cd70a267a5ef105ba32f200aa088e281fbd85747 /external/meta-security/meta-integrity/classes/kernel-modsign.bbclass | |
parent | 4204309872da5cb401cbb2729d9e2d4869a87f42 (diff) |
basesystem-jjsandbox/ToshikazuOhiwa/master-jj
recipes
Diffstat (limited to 'external/meta-security/meta-integrity/classes/kernel-modsign.bbclass')
-rw-r--r-- | external/meta-security/meta-integrity/classes/kernel-modsign.bbclass | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/external/meta-security/meta-integrity/classes/kernel-modsign.bbclass b/external/meta-security/meta-integrity/classes/kernel-modsign.bbclass new file mode 100644 index 00000000..09025baa --- /dev/null +++ b/external/meta-security/meta-integrity/classes/kernel-modsign.bbclass @@ -0,0 +1,29 @@ +# No default! Either this or MODSIGN_PRIVKEY/MODSIGN_X509 have to be +# set explicitly in a local.conf before activating kernel-modsign. +# To use the insecure (because public) example keys, use +# MODSIGN_KEY_DIR = "${INTEGRITY_BASE}/data/debug-keys" +MODSIGN_KEY_DIR ?= "MODSIGN_KEY_DIR_NOT_SET" + +# Private key for modules signing. The default is okay when +# using the example key directory. +MODSIGN_PRIVKEY ?= "${MODSIGN_KEY_DIR}/privkey_modsign.pem" + +# Public part of certificates used for modules signing. +# The default is okay when using the example key directory. +MODSIGN_X509 ?= "${MODSIGN_KEY_DIR}/x509_modsign.crt" + +# If this class is enabled, disable stripping signatures from modules +INHIBIT_PACKAGE_STRIP = "1" + +kernel_do_configure_prepend() { + if [ -f "${MODSIGN_PRIVKEY}" -a -f "${MODSIGN_X509}" ]; then + cat "${MODSIGN_PRIVKEY}" "${MODSIGN_X509}" \ + > "${B}/modsign_key.pem" + else + bberror "Either modsign key or certificate are invalid" + fi +} + +do_shared_workdir_append() { + cp modsign_key.pem $kerneldir/ +} |