summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorYi Zhao <yi.zhao@windriver.com>2021-10-20 16:57:23 +0800
committerJia Zhang <10241344+jiazhang0@users.noreply.github.com>2021-10-21 15:57:54 +0800
commit3fa3fc6dcb41fb6392de84154445502d0668153c (patch)
treeabb7f25a4d59d6d17e4049341a5562c1001a65ef
parent4caca5b780dbbdeaeffbc1054a6e99c5f596026d (diff)
downloadmeta-secure-core-3fa3fc6dcb41fb6392de84154445502d0668153c.tar.gz
efitools: fix openssl.cnf path for openssl 3.0
Fix openssl.cnf path for openssl 3.0 to make sure openssl command can find it. Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Diffstat
-rw-r--r--meta-efi-secure-boot/recipes-bsp/efitools/efitools.inc2
-rw-r--r--meta-efi-secure-boot/recipes-bsp/efitools/efitools/Dynamically-load-openssl.cnf-for-openssl-1.0.x-1.1.x.patch (renamed from meta-efi-secure-boot/recipes-bsp/efitools/efitools/Dynamically-load-openssl.cnf-for-openssl-1.0.x-and-1.patch)31
2 files changed, 19 insertions, 14 deletions
diff --git a/meta-efi-secure-boot/recipes-bsp/efitools/efitools.inc b/meta-efi-secure-boot/recipes-bsp/efitools/efitools.inc
index 6f2582a..79feff7 100644
--- a/meta-efi-secure-boot/recipes-bsp/efitools/efitools.inc
+++ b/meta-efi-secure-boot/recipes-bsp/efitools/efitools.inc
@@ -28,7 +28,7 @@ SRC_URI = "\
28 file://Don-t-build-PreLoader.efi.patch \ 28 file://Don-t-build-PreLoader.efi.patch \
29 file://Reuse-xxdi.pl.patch \ 29 file://Reuse-xxdi.pl.patch \
30 file://Add-static-keyword-for-IsValidVariableHeader.patch \ 30 file://Add-static-keyword-for-IsValidVariableHeader.patch \
31 file://Dynamically-load-openssl.cnf-for-openssl-1.0.x-and-1.patch \ 31 file://Dynamically-load-openssl.cnf-for-openssl-1.0.x-1.1.x.patch \
32 file://0001-console.c-Fix-compilation-against-latest-usr-include.patch \ 32 file://0001-console.c-Fix-compilation-against-latest-usr-include.patch \
33" 33"
34SRCREV = "392836a46ce3c92b55dc88a1aebbcfdfc5dcddce" 34SRCREV = "392836a46ce3c92b55dc88a1aebbcfdfc5dcddce"
diff --git a/meta-efi-secure-boot/recipes-bsp/efitools/efitools/Dynamically-load-openssl.cnf-for-openssl-1.0.x-and-1.patch b/meta-efi-secure-boot/recipes-bsp/efitools/efitools/Dynamically-load-openssl.cnf-for-openssl-1.0.x-1.1.x.patch
index 5236893..7424a0c 100644
--- a/meta-efi-secure-boot/recipes-bsp/efitools/efitools/Dynamically-load-openssl.cnf-for-openssl-1.0.x-and-1.patch
+++ b/meta-efi-secure-boot/recipes-bsp/efitools/efitools/Dynamically-load-openssl.cnf-for-openssl-1.0.x-1.1.x.patch
@@ -1,26 +1,29 @@
1From ae36390629bd9c92cb732800a341f04ca11cd9c7 Mon Sep 17 00:00:00 2001 1From 0b579e0382ac86d6a6a72bbd5898cee75457922e Mon Sep 17 00:00:00 2001
2From: Lans Zhang <jia.zhang@windriver.com> 2From: Lans Zhang <jia.zhang@windriver.com>
3Date: Wed, 16 Aug 2017 22:59:12 +0800 3Date: Wed, 16 Aug 2017 22:59:12 +0800
4Subject: [PATCH] Dynamically load openssl.cnf for openssl-1.0.x and 1.1.x 4Subject: [PATCH] Dynamically load openssl.cnf for openssl-1.0.x/1.1.x/3.0
5 5
6Signed-off-by: Lans Zhang <jia.zhang@windriver.com> 6Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
7Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
7--- 8---
8 Make.rules | 14 ++++++++++++-- 9 Make.rules | 18 ++++++++++++++++--
9 1 file changed, 12 insertions(+), 2 deletions(-) 10 1 file changed, 16 insertions(+), 2 deletions(-)
10 11
11diff --git a/Make.rules b/Make.rules 12diff --git a/Make.rules b/Make.rules
12index 38c7a22..69c57cb 100644 13index b90c4d3..faf2ae4 100644
13--- a/Make.rules 14--- a/Make.rules
14+++ b/Make.rules 15+++ b/Make.rules
15@@ -117,13 +117,23 @@ getvar = $(shell if [ "$(1)" = "PK" -o "$(1)" = "KEK" ]; then echo $(1); else ec 16@@ -116,13 +116,27 @@ getvar = $(shell if [ "$(1)" = "PK" -o "$(1)" = "KEK" ]; then echo $(1); else ec
16 $(CC) -S $(INCDIR) $(cflags) $(cppflags) -fno-toplevel-reorder -DBUILD_EFI -c $< -o $@ 17 $(CC) -S $(INCDIR) $(cflags) $(cppflags) -fno-toplevel-reorder -DBUILD_EFI -c $< -o $@
17 18
18 %.crt: 19 %.crt:
19- $(OPENSSL) req -new -x509 -newkey rsa:2048 -subj "/CN=$*/" -keyout $*.key -out $@ -days 3650 -nodes -sha256 20- $(OPENSSL) req -new -x509 -newkey rsa:2048 -subj "/CN=$*/" -keyout $*.key -out $@ -days 3650 -nodes -sha256
20+ @if [ -s "$(OPENSSL_LIB)/ssl/openssl.cnf" ]; then \ 21+ @if [ -s "$(OPENSSL_LIB)/ssl-3/openssl.cnf" ]; then \
21+ cfg="$(OPENSSL_LIB)/ssl/openssl.cnf"; \ 22+ cfg="$(OPENSSL_LIB)/ssl-3/openssl.cnf"; \
22+ else \ 23+ elif [ -s "$(OPENSSL_LIB)/ssl-1.1/openssl.cnf" ]; then \
23+ cfg="$(OPENSSL_LIB)/ssl-1.1/openssl.cnf"; \ 24+ cfg="$(OPENSSL_LIB)/ssl-1.1/openssl.cnf"; \
25+ else \
26+ cfg="$(OPENSSL_LIB)/ssl/openssl.cnf"; \
24+ fi; \ 27+ fi; \
25+ $(OPENSSL) req -config $$cfg -new -x509 -newkey rsa:2048 -subj "/CN=$*/" -keyout $*.key -out $@ -days 3650 -nodes -sha256 28+ $(OPENSSL) req -config $$cfg -new -x509 -newkey rsa:2048 -subj "/CN=$*/" -keyout $*.key -out $@ -days 3650 -nodes -sha256
26 29
@@ -29,15 +32,17 @@ index 38c7a22..69c57cb 100644
29 32
30 %-subkey.csr: 33 %-subkey.csr:
31- $(OPENSSL) req -new -newkey rsa:2048 -keyout $*-subkey.key -subj "/CN=Subkey $* of KEK/" -out $@ -nodes 34- $(OPENSSL) req -new -newkey rsa:2048 -keyout $*-subkey.key -subj "/CN=Subkey $* of KEK/" -out $@ -nodes
32+ @if [ -s "$(OPENSSL_LIB)/ssl/openssl.cnf" ]; then \ 35+ @if [ -s "$(OPENSSL_LIB)/ssl-3/openssl.cnf" ]; then \
33+ cfg="$(OPENSSL_LIB)/ssl/openssl.cnf"; \ 36+ cfg="$(OPENSSL_LIB)/ssl-3/openssl.cnf"; \
34+ else \ 37+ elif [ -s "$(OPENSSL_LIB)/ssl-1.1/openssl.cnf" ]; then \
35+ cfg="$(OPENSSL_LIB)/ssl-1.1/openssl.cnf"; \ 38+ cfg="$(OPENSSL_LIB)/ssl-1.1/openssl.cnf"; \
39+ else \
40+ cfg="$(OPENSSL_LIB)/ssl/openssl.cnf"; \
36+ fi; \ 41+ fi; \
37+ $(OPENSSL) req -config $$cfg -new -newkey rsa:2048 -keyout $*-subkey.key -subj "/CN=Subkey $* of KEK/" -out $@ -nodes 42+ $(OPENSSL) req -config $$cfg -new -newkey rsa:2048 -keyout $*-subkey.key -subj "/CN=Subkey $* of KEK/" -out $@ -nodes
38 43
39 %-subkey.crt: %-subkey.csr KEK.crt 44 %-subkey.crt: %-subkey.csr KEK.crt
40 $(OPENSSL) x509 -req -in $< -CA DB.crt -CAkey DB.key -set_serial 1 -out $@ -days 365 45 $(OPENSSL) x509 -req -in $< -CA DB.crt -CAkey DB.key -set_serial 1 -out $@ -days 365
41-- 46--
422.7.5 472.17.1
43 48
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-05-08 04:42:05 +0000