ovmf: package PKCS7 verification drivers

Package Pkcs7VerifyDxe.efi and Hash2DxeCrypto.efi to be used by SELoader bootloader. Signed-off-by: Dmitry Eremin-Solenikov <dmitry_eremin-solenikov@mentor.com>
author: Dmitry Eremin-Solenikov <dmitry_eremin-solenikov@mentor.com> 2019-09-04 16:32:05 +0300
committer: Dmitry Eremin-Solenikov <dmitry_eremin-solenikov@mentor.com> 2019-09-04 16:32:05 +0300
commit: b0dfb596dacaff6d7442deb25653a297b1d2d26d (patch)
tree: 692bde61adf47b7575b014b0f41c55d2fbd47528
parent: 6d1bd0da1f8b6f28188fbdcc552df8c0dcf80a79 (diff)
download: meta-secure-core-b0dfb596dacaff6d7442deb25653a297b1d2d26d.tar.gz
1 files changed, 59 insertions, 0 deletions
diff --git a/meta-efi-secure-boot/recipes-core/ovmf/ovmf_%.bbappend b/meta-efi-secure-boot/recipes-core/ovmf/ovmf_%.bbappend
new file mode 100644
index 0000000..69a0e4b
--- /dev/null
+++ b/meta-efi-secure-boot/recipes-core/ovmf/ovmf_%.bbappend
@@ -0,0 +1,59 @@
+inherit user-key-store
+PACKAGECONFIG_append = " secureboot"
+# For SELoader
+do_compile_class-target_append() {
+    if ${@bb.utils.contains('PACKAGECONFIG', 'secureboot', 'true', 'false', d)}; then
+        secbuild_dir="${S}/Build/SecurityPkg/RELEASE_${FIXED_GCCVER}"
+        ${S}/OvmfPkg/build.sh $PARALLEL_JOBS -a $OVMF_ARCH -b RELEASE -t ${FIXED_GCCVER} ${OVMF_SECURE_BOOT_FLAGS} -p SecurityPkg/SecurityPkg.dsc
+        ln ${secbuild_dir}/${OVMF_ARCH}/Hash2DxeCrypto.efi ${WORKDIR}/ovmf/
+        ln ${secbuild_dir}/${OVMF_ARCH}/Pkcs7VerifyDxe.efi ${WORKDIR}/ovmf/
+    fi
+}
+EFI_TARGET = "/boot/efi/EFI/BOOT"
+do_install_class-target_append() {
+    if ${@bb.utils.contains('PACKAGECONFIG', 'secureboot', 'true', 'false', d)}; then
+        mkdir -p ${D}${EFI_TARGET}
+        if [ x"${UEFI_SB}" = x"1" ]; then
+            install ${WORKDIR}/ovmf/Hash2DxeCrypto.efi.signed ${D}${EFI_TARGET}/Hash2DxeCrypto.efi
+            install ${WORKDIR}/ovmf/Pkcs7VerifyDxe.efi.signed ${D}${EFI_TARGET}/Pkcs7VerifyDxe.efi
+        else
+            install ${WORKDIR}/ovmf/Hash2DxeCrypto.efi ${D}${EFI_TARGET}/Hash2DxeCrypto.efi
+            install ${WORKDIR}/ovmf/Pkcs7VerifyDxe.efi ${D}${EFI_TARGET}/Pkcs7VerifyDxe.efi
+        fi
+    fi
+}
+python do_sign() {
+}
+python do_sign_class-target() {
+    sb_sign(d.expand('${WORKDIR}/ovmf/Hash2DxeCrypto.efi'), d.expand('${WORKDIR}/ovmf/Hash2DxeCrypto.efi.signed'), d)
+    sb_sign(d.expand('${WORKDIR}/ovmf/Pkcs7VerifyDxe.efi'), d.expand('${WORKDIR}/ovmf/Pkcs7VerifyDxe.efi.signed'), d)
+}
+addtask sign after do_compile before do_install
+do_deploy_class-target_append() {
+    if [ x"${UEFI_SB}" = x"1" ]; then
+        install -d ${DEPLOYDIR}/efi-unsigned
+        install ${WORKDIR}/ovmf/Pkcs7VerifyDxe.efi "${DEPLOYDIR}/efi-unsigned/Pkcs7VerifyDxe.efi"
+        install ${WORKDIR}/ovmf/Hash2DxeCrypto.efi "${DEPLOYDIR}/efi-unsigned/Hash2DxeCrypto.efi"
+        install ${WORKDIR}/ovmf/Pkcs7VerifyDxe.efi.signed "${DEPLOYDIR}/Pkcs7VerifyDxe.efi"
+        install ${WORKDIR}/ovmf/Hash2DxeCrypto.efi.signed "${DEPLOYDIR}/Hash2DxeCrypto.efi"
+    else
+        install ${WORKDIR}/ovmf/Pkcs7VerifyDxe.efi "${DEPLOYDIR}/Pkcs7VerifyDxe.efi"
+        install ${WORKDIR}/ovmf/Hash2DxeCrypto.efi "${DEPLOYDIR}/Hash2DxeCrypto.efi"
+    fi
+}
+PACKAGES += " \
+   ovmf-pkcs7-efi \
+"
+FILES_ovmf-pkcs7-efi += " \
+    ${EFI_TARGET}/Hash2DxeCrypto.efi \
+    ${EFI_TARGET}/Pkcs7VerifyDxe.efi \
+"
author	Dmitry Eremin-Solenikov <dmitry_eremin-solenikov@mentor.com>	2019-09-04 16:32:05 +0300
committer	Dmitry Eremin-Solenikov <dmitry_eremin-solenikov@mentor.com>	2019-09-04 16:32:05 +0300
commit	b0dfb596dacaff6d7442deb25653a297b1d2d26d (patch)
tree	692bde61adf47b7575b014b0f41c55d2fbd47528
parent	6d1bd0da1f8b6f28188fbdcc552df8c0dcf80a79 (diff)
download	meta-secure-core-b0dfb596dacaff6d7442deb25653a297b1d2d26d.tar.gz

diff --git a/meta-efi-secure-boot/recipes-core/ovmf/ovmf_%.bbappend b/meta-efi-secure-boot/recipes-core/ovmf/ovmf_%.bbappend new file mode 100644 index 0000000..69a0e4b --- /dev/null +++ b/meta-efi-secure-boot/recipes-core/ovmf/ovmf_%.bbappend
@@ -0,0 +1,59 @@
	1	inherit user-key-store
	2
	3	PACKAGECONFIG_append = " secureboot"
	4
	5	# For SELoader
	6	do_compile_class-target_append() {
	7	if ${@bb.utils.contains('PACKAGECONFIG', 'secureboot', 'true', 'false', d)}; then
	8	secbuild_dir="${S}/Build/SecurityPkg/RELEASE_${FIXED_GCCVER}"
	9	${S}/OvmfPkg/build.sh $PARALLEL_JOBS -a $OVMF_ARCH -b RELEASE -t ${FIXED_GCCVER} ${OVMF_SECURE_BOOT_FLAGS} -p SecurityPkg/SecurityPkg.dsc
	10	ln ${secbuild_dir}/${OVMF_ARCH}/Hash2DxeCrypto.efi ${WORKDIR}/ovmf/
	11	ln ${secbuild_dir}/${OVMF_ARCH}/Pkcs7VerifyDxe.efi ${WORKDIR}/ovmf/
	12	fi
	13	}
	14
	15	EFI_TARGET = "/boot/efi/EFI/BOOT"
	16
	17	do_install_class-target_append() {
	18	if ${@bb.utils.contains('PACKAGECONFIG', 'secureboot', 'true', 'false', d)}; then
	19	mkdir -p ${D}${EFI_TARGET}
	20	if [ x"${UEFI_SB}" = x"1" ]; then
	21	install ${WORKDIR}/ovmf/Hash2DxeCrypto.efi.signed ${D}${EFI_TARGET}/Hash2DxeCrypto.efi
	22	install ${WORKDIR}/ovmf/Pkcs7VerifyDxe.efi.signed ${D}${EFI_TARGET}/Pkcs7VerifyDxe.efi
	23	else
	24	install ${WORKDIR}/ovmf/Hash2DxeCrypto.efi ${D}${EFI_TARGET}/Hash2DxeCrypto.efi
	25	install ${WORKDIR}/ovmf/Pkcs7VerifyDxe.efi ${D}${EFI_TARGET}/Pkcs7VerifyDxe.efi
	26	fi
	27	fi
	28	}
	29
	30	python do_sign() {
	31	}
	32
	33	python do_sign_class-target() {
	34	sb_sign(d.expand('${WORKDIR}/ovmf/Hash2DxeCrypto.efi'), d.expand('${WORKDIR}/ovmf/Hash2DxeCrypto.efi.signed'), d)
	35	sb_sign(d.expand('${WORKDIR}/ovmf/Pkcs7VerifyDxe.efi'), d.expand('${WORKDIR}/ovmf/Pkcs7VerifyDxe.efi.signed'), d)
	36	}
	37	addtask sign after do_compile before do_install
	38
	39	do_deploy_class-target_append() {
	40	if [ x"${UEFI_SB}" = x"1" ]; then
	41	install -d ${DEPLOYDIR}/efi-unsigned
	42	install ${WORKDIR}/ovmf/Pkcs7VerifyDxe.efi "${DEPLOYDIR}/efi-unsigned/Pkcs7VerifyDxe.efi"
	43	install ${WORKDIR}/ovmf/Hash2DxeCrypto.efi "${DEPLOYDIR}/efi-unsigned/Hash2DxeCrypto.efi"
	44	install ${WORKDIR}/ovmf/Pkcs7VerifyDxe.efi.signed "${DEPLOYDIR}/Pkcs7VerifyDxe.efi"
	45	install ${WORKDIR}/ovmf/Hash2DxeCrypto.efi.signed "${DEPLOYDIR}/Hash2DxeCrypto.efi"
	46	else
	47	install ${WORKDIR}/ovmf/Pkcs7VerifyDxe.efi "${DEPLOYDIR}/Pkcs7VerifyDxe.efi"
	48	install ${WORKDIR}/ovmf/Hash2DxeCrypto.efi "${DEPLOYDIR}/Hash2DxeCrypto.efi"
	49	fi
	50	}
	51
	52	PACKAGES += " \
	53	ovmf-pkcs7-efi \
	54	"
	55
	56	FILES_ovmf-pkcs7-efi += " \
	57	${EFI_TARGET}/Hash2DxeCrypto.efi \
	58	${EFI_TARGET}/Pkcs7VerifyDxe.efi \
	59	"