Add Secure Boot support

Change-Id: I09c9b0bad8e85e75fb1510ff374540fad3c3b5d1
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>

6 files changed, 31 insertions, 2 deletions

diff --git a/conf/template.atom-c3000/bblayers.conf.sample b/conf/template.atom-c3000/bblayers.conf.sample
index a5e705d..d8b8fc3 100644
--- a/conf/template.atom-c3000/bblayers.conf.sample
+++ b/conf/template.atom-c3000/bblayers.conf.sample
@@ -23,4 +23,9 @@ BBLAYERS ?= " \
   ##OEROOT##/meta-openembedded/meta-webserver \
   ##OEROOT##/meta-java \
   ##OEROOT##/meta-updater \
+  ##OEROOT##/meta-openembedded/meta-perl \
+  ##OEROOT##/meta-secure-core/meta \
+  ##OEROOT##/meta-secure-core/meta-signing-key \
+  ##OEROOT##/meta-secure-core/meta-efi-secure-boot \
+  ##OEROOT##/meta-enea-user-keys \
   "
diff --git a/conf/template.atom-c3000/local.conf.sample b/conf/template.atom-c3000/local.conf.sample
index 8c24e77..544d279 100644
--- a/conf/template.atom-c3000/local.conf.sample
+++ b/conf/template.atom-c3000/local.conf.sample
@@ -244,6 +244,6 @@ SKIP_META_VIRT_SANITY_CHECK = "1"
 
 SOTA_MACHINE ?= "${MACHINE}"
 
-DISTRO_FEATURES_append = " sota"
+DISTRO_FEATURES_append = " sota efi-secure-boot"
 DISTRO_FEATURES_NATIVE_append = " sota"
 INHERIT += " sota"
diff --git a/conf/template.xeon-d/bblayers.conf.sample b/conf/template.xeon-d/bblayers.conf.sample
index a5e705d..d8b8fc3 100644
--- a/conf/template.xeon-d/bblayers.conf.sample
+++ b/conf/template.xeon-d/bblayers.conf.sample
@@ -23,4 +23,9 @@ BBLAYERS ?= " \
   ##OEROOT##/meta-openembedded/meta-webserver \
   ##OEROOT##/meta-java \
   ##OEROOT##/meta-updater \
+  ##OEROOT##/meta-openembedded/meta-perl \
+  ##OEROOT##/meta-secure-core/meta \
+  ##OEROOT##/meta-secure-core/meta-signing-key \
+  ##OEROOT##/meta-secure-core/meta-efi-secure-boot \
+  ##OEROOT##/meta-enea-user-keys \
   "
diff --git a/conf/template.xeon-d/local.conf.sample b/conf/template.xeon-d/local.conf.sample
index 3b1063e..34f5890 100644
--- a/conf/template.xeon-d/local.conf.sample
+++ b/conf/template.xeon-d/local.conf.sample
@@ -245,6 +245,6 @@ SKIP_META_VIRT_SANITY_CHECK = "1"
 
 SOTA_MACHINE ?= "${MACHINE}"
 
-DISTRO_FEATURES_append = " sota"
+DISTRO_FEATURES_append = " sota efi-secure-boot"
 DISTRO_FEATURES_NATIVE_append = " sota"
 INHERIT += " sota"
diff --git a/images/enea-nfv-access-host-common.inc b/images/enea-nfv-access-host-common.inc
index 6e3df91..352f734 100644
--- a/images/enea-nfv-access-host-common.inc
+++ b/images/enea-nfv-access-host-common.inc
@@ -1,5 +1,6 @@
 require images/enea-nfv-access-common.inc
 require classes/override_grub-efi.inc
+require images/secure-boot.inc
 
 IMAGE_INSTALL += " \
     packagegroup-enea-virtualization-host \
diff --git a/images/secure-boot.inc b/images/secure-boot.inc
new file mode 100644
index 0000000..d482ae1
--- /dev/null
+++ b/images/secure-boot.inc
@@ -0,0 +1,18 @@
+SECURE_CORE_IMAGE_EXTRA_INSTALL_append += "\
+    ${@bb.utils.contains("DISTRO_FEATURES", "efi-secure-boot", \
+                         "packagegroup-efi-secure-boot", "", d)} \
+    ${@bb.utils.contains("DISTRO_FEATURES", "tpm", \
+                         "packagegroup-tpm", "", d)} \
+    ${@bb.utils.contains("DISTRO_FEATURES", "tpm2", \
+                         "packagegroup-tpm2", "", d)} \
+    ${@bb.utils.contains("DISTRO_FEATURES", "ima", \
+                         "packagegroup-ima", "", d)} \
+    ${@bb.utils.contains("DISTRO_FEATURES", "luks", \
+                         "packagegroup-luks", "", d)} \
+    ${@bb.utils.contains("DISTRO_FEATURES", "ids", \
+                         "packagegroup-ids", "", d)} \
+"
+
+IMAGE_INSTALL += "\
+    ${SECURE_CORE_IMAGE_EXTRA_INSTALL} \
+"