From 8c9c1fb3bbfc4d4de3a7079659b6efb340f28389 Mon Sep 17 00:00:00 2001 From: Adrian Dudau Date: Tue, 7 May 2019 21:40:30 +0200 Subject: Add Secure Boot support Change-Id: I09c9b0bad8e85e75fb1510ff374540fad3c3b5d1 Signed-off-by: Adrian Dudau --- conf/template.atom-c3000/bblayers.conf.sample | 5 +++++ conf/template.atom-c3000/local.conf.sample | 2 +- conf/template.xeon-d/bblayers.conf.sample | 5 +++++ conf/template.xeon-d/local.conf.sample | 2 +- images/enea-nfv-access-host-common.inc | 1 + images/secure-boot.inc | 18 ++++++++++++++++++ 6 files changed, 31 insertions(+), 2 deletions(-) create mode 100644 images/secure-boot.inc diff --git a/conf/template.atom-c3000/bblayers.conf.sample b/conf/template.atom-c3000/bblayers.conf.sample index a5e705d..d8b8fc3 100644 --- a/conf/template.atom-c3000/bblayers.conf.sample +++ b/conf/template.atom-c3000/bblayers.conf.sample @@ -23,4 +23,9 @@ BBLAYERS ?= " \ ##OEROOT##/meta-openembedded/meta-webserver \ ##OEROOT##/meta-java \ ##OEROOT##/meta-updater \ + ##OEROOT##/meta-openembedded/meta-perl \ + ##OEROOT##/meta-secure-core/meta \ + ##OEROOT##/meta-secure-core/meta-signing-key \ + ##OEROOT##/meta-secure-core/meta-efi-secure-boot \ + ##OEROOT##/meta-enea-user-keys \ " diff --git a/conf/template.atom-c3000/local.conf.sample b/conf/template.atom-c3000/local.conf.sample index 8c24e77..544d279 100644 --- a/conf/template.atom-c3000/local.conf.sample +++ b/conf/template.atom-c3000/local.conf.sample @@ -244,6 +244,6 @@ SKIP_META_VIRT_SANITY_CHECK = "1" SOTA_MACHINE ?= "${MACHINE}" -DISTRO_FEATURES_append = " sota" +DISTRO_FEATURES_append = " sota efi-secure-boot" DISTRO_FEATURES_NATIVE_append = " sota" INHERIT += " sota" diff --git a/conf/template.xeon-d/bblayers.conf.sample b/conf/template.xeon-d/bblayers.conf.sample index a5e705d..d8b8fc3 100644 --- a/conf/template.xeon-d/bblayers.conf.sample +++ b/conf/template.xeon-d/bblayers.conf.sample @@ -23,4 +23,9 @@ BBLAYERS ?= " \ ##OEROOT##/meta-openembedded/meta-webserver \ ##OEROOT##/meta-java \ ##OEROOT##/meta-updater \ + ##OEROOT##/meta-openembedded/meta-perl \ + ##OEROOT##/meta-secure-core/meta \ + ##OEROOT##/meta-secure-core/meta-signing-key \ + ##OEROOT##/meta-secure-core/meta-efi-secure-boot \ + ##OEROOT##/meta-enea-user-keys \ " diff --git a/conf/template.xeon-d/local.conf.sample b/conf/template.xeon-d/local.conf.sample index 3b1063e..34f5890 100644 --- a/conf/template.xeon-d/local.conf.sample +++ b/conf/template.xeon-d/local.conf.sample @@ -245,6 +245,6 @@ SKIP_META_VIRT_SANITY_CHECK = "1" SOTA_MACHINE ?= "${MACHINE}" -DISTRO_FEATURES_append = " sota" +DISTRO_FEATURES_append = " sota efi-secure-boot" DISTRO_FEATURES_NATIVE_append = " sota" INHERIT += " sota" diff --git a/images/enea-nfv-access-host-common.inc b/images/enea-nfv-access-host-common.inc index 6e3df91..352f734 100644 --- a/images/enea-nfv-access-host-common.inc +++ b/images/enea-nfv-access-host-common.inc @@ -1,5 +1,6 @@ require images/enea-nfv-access-common.inc require classes/override_grub-efi.inc +require images/secure-boot.inc IMAGE_INSTALL += " \ packagegroup-enea-virtualization-host \ diff --git a/images/secure-boot.inc b/images/secure-boot.inc new file mode 100644 index 0000000..d482ae1 --- /dev/null +++ b/images/secure-boot.inc @@ -0,0 +1,18 @@ +SECURE_CORE_IMAGE_EXTRA_INSTALL_append += "\ + ${@bb.utils.contains("DISTRO_FEATURES", "efi-secure-boot", \ + "packagegroup-efi-secure-boot", "", d)} \ + ${@bb.utils.contains("DISTRO_FEATURES", "tpm", \ + "packagegroup-tpm", "", d)} \ + ${@bb.utils.contains("DISTRO_FEATURES", "tpm2", \ + "packagegroup-tpm2", "", d)} \ + ${@bb.utils.contains("DISTRO_FEATURES", "ima", \ + "packagegroup-ima", "", d)} \ + ${@bb.utils.contains("DISTRO_FEATURES", "luks", \ + "packagegroup-luks", "", d)} \ + ${@bb.utils.contains("DISTRO_FEATURES", "ids", \ + "packagegroup-ids", "", d)} \ +" + +IMAGE_INSTALL += "\ + ${SECURE_CORE_IMAGE_EXTRA_INSTALL} \ +" -- cgit v1.2.3-54-g00ecf