meta-efi-secure-boot: Ensure openssl-native exists when we need it

In order to deploy our secure boot keys in DER format we need to use openssl. This must be listed in our DEPENDS line in order for the sysroot to be populated correctly when we run do_sign. Also drop the explicit fakeroot on our empty grub-efi do_sign as we may not have globally populated virtual/fakeroot-native at that point in time. Fixes: 92316d4b402b ("meta-signing-key: When deploying keys UEFI keys, deploy DER format") Signed-off-by: Tom Rini <trini@konsulko.com>
author: Tom Rini <trini@konsulko.com> 2018-11-07 07:46:29 -0500
committer: Jia Zhang <zhang.jia@linux.alibaba.com> 2018-11-07 23:40:20 +0800
commit: 627475766502fd1f0c957ec9c6927d18a16b3aa8 (patch)
tree: 2d62b321715be08b2b9683d9fcd993ca7841f0b5 /meta-efi-secure-boot
parent: 66d764ad2b4cc372f5ba0c51e1bffe5c670444d7 (diff)
download: meta-secure-core-627475766502fd1f0c957ec9c6927d18a16b3aa8.tar.gz
4 files changed, 5 insertions, 2 deletions
diff --git a/meta-efi-secure-boot/recipes-bsp/grub/grub-efi_2.02.bbappend b/meta-efi-secure-boot/recipes-bsp/grub/grub-efi_2.02.bbappend
index 2890895..da3fda9 100644
--- a/meta-efi-secure-boot/recipes-bsp/grub/grub-efi_2.02.bbappend
+++ b/meta-efi-secure-boot/recipes-bsp/grub/grub-efi_2.02.bbappend
@@ -1,3 +1,4 @@
+DEPENDS += "openssl-native"
 FILESEXTRAPATHS_prepend := "${THISDIR}/grub-efi:"
 EXTRA_SRC_URI = "\
@@ -123,7 +124,7 @@ fakeroot python do_sign_class-target() {
        uks_sel_sign(dir + 'password.inc', d)
 }
-fakeroot python do_sign() {
+python do_sign() {
 }
 addtask sign after do_install before do_deploy do_package
 do_sign[prefuncs] += "check_deploy_keys"
diff --git a/meta-efi-secure-boot/recipes-bsp/seloader/seloader_git.bb b/meta-efi-secure-boot/recipes-bsp/seloader/seloader_git.bb
index 40ff582..0931af3 100644
--- a/meta-efi-secure-boot/recipes-bsp/seloader/seloader_git.bb
+++ b/meta-efi-secure-boot/recipes-bsp/seloader/seloader_git.bb
@@ -21,7 +21,7 @@ LICENSE = "BSD-3-Clause"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=d9bf404642f21afb4ad89f95d7bc91ee"
 DEPENDS += "\
-    gnu-efi sbsigntool-native \
+    gnu-efi sbsigntool-native openssl-native \
 "
 PV = "0.4.6+git${SRCPV}"
diff --git a/meta-efi-secure-boot/recipes-core/images/kernel-initramfs.bbappend b/meta-efi-secure-boot/recipes-core/images/kernel-initramfs.bbappend
index bb61f70..fb073a1 100644
--- a/meta-efi-secure-boot/recipes-core/images/kernel-initramfs.bbappend
+++ b/meta-efi-secure-boot/recipes-core/images/kernel-initramfs.bbappend
@@ -1,3 +1,4 @@
+DEPENDS += "openssl-native"
 inherit user-key-store deploy
 # Always fetch the latest initramfs image
diff --git a/meta-efi-secure-boot/recipes-kernel/linux/linux-yocto-efi-secure-boot.inc b/meta-efi-secure-boot/recipes-kernel/linux/linux-yocto-efi-secure-boot.inc
index 27107aa..df594ba 100644
--- a/meta-efi-secure-boot/recipes-kernel/linux/linux-yocto-efi-secure-boot.inc
+++ b/meta-efi-secure-boot/recipes-kernel/linux/linux-yocto-efi-secure-boot.inc
@@ -1,3 +1,4 @@
+DEPENDS += "openssl-native"
 FILESEXTRAPATHS_prepend := "${THISDIR}/linux-yocto:"
 efi_secure_boot_sccs = "\
author	Tom Rini <trini@konsulko.com>	2018-11-07 07:46:29 -0500
committer	Jia Zhang <zhang.jia@linux.alibaba.com>	2018-11-07 23:40:20 +0800
commit	627475766502fd1f0c957ec9c6927d18a16b3aa8 (patch)
tree	2d62b321715be08b2b9683d9fcd993ca7841f0b5 /meta-efi-secure-boot
parent	66d764ad2b4cc372f5ba0c51e1bffe5c670444d7 (diff)
download	meta-secure-core-627475766502fd1f0c957ec9c6927d18a16b3aa8.tar.gz