1 files changed, 0 insertions, 50 deletions
diff --git a/classes/uefi-sign.bbclass b/classes/uefi-sign.bbclass
deleted file mode 100644
index e8f203b9..00000000
--- a/classes/uefi-sign.bbclass
+++ /dev/null
@@ -1,50 +0,0 @@
-# By default, sign all .efi binaries in ${B} after compiling and before deploying
-SIGNING_DIR ?= "${B}"
-SIGNING_BINARIES ?= "*.efi"
-SIGN_AFTER ?= "do_compile"
-SIGN_BEFORE ?= "do_deploy"
-python () {
-    import os
-    import hashlib
-    # Ensure that if the signing key or cert change, we rerun the uefiapp process
-    if bb.utils.contains('IMAGE_FEATURES', 'secureboot', True, False, d):
-        for varname in ('SECURE_BOOT_SIGNING_CERT', 'SECURE_BOOT_SIGNING_KEY'):
-            filename = d.getVar(varname)
-            if filename is None:
-                bb.fatal('%s is not set.' % varname)
-            if not os.path.isfile(filename):
-                bb.fatal('%s=%s is not a file.' % (varname, filename))
-            with open(filename, 'rb') as f:
-                data = f.read()
-            hash = hashlib.sha256(data).hexdigest()
-            d.setVar('%s_HASH' % varname, hash)
-            # Must reparse and thus rehash on file changes.
-            bb.parse.mark_dependency(d, filename)
-        bb.build.addtask('uefi_sign', d.getVar('SIGN_BEFORE'), d.getVar('SIGN_AFTER'), d)
-        # Original binary needs to be regenerated if the hash changes since we overwrite it
-        # SIGN_AFTER isn't necessarily when it gets generated, but its our best guess
-        d.appendVarFlag(d.getVar('SIGN_AFTER'), 'vardeps', 'SECURE_BOOT_SIGNING_CERT_HASH SECURE_BOOT_SIGNING_KEY_HASH')
-}
-do_uefi_sign() {
-    if [ -f ${SECURE_BOOT_SIGNING_KEY} ] && [ -f ${SECURE_BOOT_SIGNING_CERT} ]; then
-        for i in `find ${SIGNING_DIR}/ -name '${SIGNING_BINARIES}'`; do
-            sbsign --key ${SECURE_BOOT_SIGNING_KEY} --cert ${SECURE_BOOT_SIGNING_CERT} $i
-            sbverify --cert ${SECURE_BOOT_SIGNING_CERT} $i.signed
-            mv $i.signed $i
-        done
-    fi
-}
-do_uefi_sign[depends] += "sbsigntool-native:do_populate_sysroot"
-do_uefi_sign[vardeps] += "SECURE_BOOT_SIGNING_CERT_HASH \
-                          SECURE_BOOT_SIGNING_KEY_HASH  \
-                          SIGNING_BINARIES SIGNING_DIR  \
-                          SIGN_BEFORE SIGN_AFTER        \
-                         "

diff --git a/classes/uefi-sign.bbclass b/classes/uefi-sign.bbclass deleted file mode 100644 index e8f203b9..00000000 --- a/classes/uefi-sign.bbclass +++ /dev/null
@@ -1,50 +0,0 @@
1	# By default, sign all .efi binaries in ${B} after compiling and before deploying
2	SIGNING_DIR ?= "${B}"
3	SIGNING_BINARIES ?= "*.efi"
4	SIGN_AFTER ?= "do_compile"
5	SIGN_BEFORE ?= "do_deploy"
6
7	python () {
8	import os
9	import hashlib
10
11	# Ensure that if the signing key or cert change, we rerun the uefiapp process
12	if bb.utils.contains('IMAGE_FEATURES', 'secureboot', True, False, d):
13	for varname in ('SECURE_BOOT_SIGNING_CERT', 'SECURE_BOOT_SIGNING_KEY'):
14	filename = d.getVar(varname)
15	if filename is None:
16	bb.fatal('%s is not set.' % varname)
17	if not os.path.isfile(filename):
18	bb.fatal('%s=%s is not a file.' % (varname, filename))
19	with open(filename, 'rb') as f:
20	data = f.read()
21	hash = hashlib.sha256(data).hexdigest()
22	d.setVar('%s_HASH' % varname, hash)
23
24	# Must reparse and thus rehash on file changes.
25	bb.parse.mark_dependency(d, filename)
26
27	bb.build.addtask('uefi_sign', d.getVar('SIGN_BEFORE'), d.getVar('SIGN_AFTER'), d)
28
29	# Original binary needs to be regenerated if the hash changes since we overwrite it
30	# SIGN_AFTER isn't necessarily when it gets generated, but its our best guess
31	d.appendVarFlag(d.getVar('SIGN_AFTER'), 'vardeps', 'SECURE_BOOT_SIGNING_CERT_HASH SECURE_BOOT_SIGNING_KEY_HASH')
32	}
33
34	do_uefi_sign() {
35	if [ -f ${SECURE_BOOT_SIGNING_KEY} ] && [ -f ${SECURE_BOOT_SIGNING_CERT} ]; then
36	for i in `find ${SIGNING_DIR}/ -name '${SIGNING_BINARIES}'`; do
37	sbsign --key ${SECURE_BOOT_SIGNING_KEY} --cert ${SECURE_BOOT_SIGNING_CERT} $i
38	sbverify --cert ${SECURE_BOOT_SIGNING_CERT} $i.signed
39	mv $i.signed $i
40	done
41	fi
42	}
43
44	do_uefi_sign[depends] += "sbsigntool-native:do_populate_sysroot"
45
46	do_uefi_sign[vardeps] += "SECURE_BOOT_SIGNING_CERT_HASH \
47	SECURE_BOOT_SIGNING_KEY_HASH \
48	SIGNING_BINARIES SIGNING_DIR \
49	SIGN_BEFORE SIGN_AFTER \
50	"