2 files changed, 38 insertions, 37 deletions
diff --git a/meta-efi-secure-boot/recipes-core/images/kernel-initramfs-efi-secure-boot.inc b/meta-efi-secure-boot/recipes-core/images/kernel-initramfs-efi-secure-boot.inc
new file mode 100644
index 0000000..fb073a1
--- /dev/null
+++ b/meta-efi-secure-boot/recipes-core/images/kernel-initramfs-efi-secure-boot.inc
@@ -0,0 +1,37 @@
+DEPENDS += "openssl-native"
+inherit user-key-store deploy
+# Always fetch the latest initramfs image
+do_install[nostamp] = "1"
+fakeroot python do_sign() {
+    if d.getVar('BUNDLE', True) == '0':
+        for compr in d.getVar('INITRAMFS_FSTYPES').split():
+            uks_sel_sign(d.expand('${D}/boot/${INITRAMFS_IMAGE}${INITRAMFS_EXT_NAME}.') + compr, d)
+    else:
+        uks_sel_sign(d.expand('${D}/boot/${KERNEL_IMAGETYPE}-initramfs${INITRAMFS_EXT_NAME}'), d)
+}
+addtask sign after do_install before do_deploy do_package
+do_sign[prefuncs] += "check_deploy_keys"
+do_deploy() {
+    install -d "${DEPLOYDIR}"
+    for SIG in ${D}/boot/*.p7b; do
+        install -m 0644 ${SIG} ${DEPLOYDIR}
+    done
+}
+addtask deploy after do_install before do_build
+python do_package_prepend () {
+    if d.getVar('BUNDLE') == '1':
+        d.appendVar(d.expand('ALTERNATIVE_${PN}'), ' ' + d.expand('${KERNEL_IMAGETYPE}' + '-initramfs.p7b'))
+        d.setVarFlag('ALTERNATIVE_LINK_NAME', d.expand('${KERNEL_IMAGETYPE}') + '-initramfs.p7b', d.expand('/boot/${KERNEL_IMAGETYPE}-initramfs.p7b'))
+        d.setVarFlag('ALTERNATIVE_TARGET', d.expand('${KERNEL_IMAGETYPE}') + '-initramfs.p7b', d.expand('/boot/${KERNEL_IMAGETYPE}-initramfs${INITRAMFS_EXT_NAME}.p7b'))
+        d.setVarFlag('ALTERNATIVE_PRIORITY', d.expand('${KERNEL_IMAGETYPE}') + '-initramfs.p7b', '50101')
+    else:
+        for compr in d.getVar('INITRAMFS_FSTYPES').split():
+            d.appendVar(d.expand('ALTERNATIVE_${PN}'), ' ' + d.expand('${INITRAMFS_IMAGE}') + '.p7b')
+            d.setVarFlag('ALTERNATIVE_LINK_NAME', d.expand('${INITRAMFS_IMAGE}') + '.p7b', d.expand('/boot/${INITRAMFS_IMAGE}.p7b'))
+            d.setVarFlag('ALTERNATIVE_TARGET', d.expand('${INITRAMFS_IMAGE}') + '.p7b', d.expand('/boot/${INITRAMFS_IMAGE}${INITRAMFS_EXT_NAME}.' + compr + '.p7b'))
+            d.setVarFlag('ALTERNATIVE_PRIORITY', d.expand('${INITRAMFS_IMAGE}') + '.p7b', '50101')
+}
diff --git a/meta-efi-secure-boot/recipes-core/images/kernel-initramfs.bbappend b/meta-efi-secure-boot/recipes-core/images/kernel-initramfs.bbappend
index fb073a1..dc782d7 100644
--- a/meta-efi-secure-boot/recipes-core/images/kernel-initramfs.bbappend
+++ b/meta-efi-secure-boot/recipes-core/images/kernel-initramfs.bbappend
@@ -1,37 +1 @@
-DEPENDS += "openssl-native"
+require ${@bb.utils.contains('DISTRO_FEATURES', 'efi-secure-boot', 'kernel-initramfs-efi-secure-boot.inc', '', d)}
-inherit user-key-store deploy
-# Always fetch the latest initramfs image
-do_install[nostamp] = "1"
-fakeroot python do_sign() {
-    if d.getVar('BUNDLE', True) == '0':
-        for compr in d.getVar('INITRAMFS_FSTYPES').split():
-            uks_sel_sign(d.expand('${D}/boot/${INITRAMFS_IMAGE}${INITRAMFS_EXT_NAME}.') + compr, d)
-    else:
-        uks_sel_sign(d.expand('${D}/boot/${KERNEL_IMAGETYPE}-initramfs${INITRAMFS_EXT_NAME}'), d)
-}
-addtask sign after do_install before do_deploy do_package
-do_sign[prefuncs] += "check_deploy_keys"
-do_deploy() {
-    install -d "${DEPLOYDIR}"
-    for SIG in ${D}/boot/*.p7b; do
-        install -m 0644 ${SIG} ${DEPLOYDIR}
-    done
-}
-addtask deploy after do_install before do_build
-python do_package_prepend () {
-    if d.getVar('BUNDLE') == '1':
-        d.appendVar(d.expand('ALTERNATIVE_${PN}'), ' ' + d.expand('${KERNEL_IMAGETYPE}' + '-initramfs.p7b'))
-        d.setVarFlag('ALTERNATIVE_LINK_NAME', d.expand('${KERNEL_IMAGETYPE}') + '-initramfs.p7b', d.expand('/boot/${KERNEL_IMAGETYPE}-initramfs.p7b'))
-        d.setVarFlag('ALTERNATIVE_TARGET', d.expand('${KERNEL_IMAGETYPE}') + '-initramfs.p7b', d.expand('/boot/${KERNEL_IMAGETYPE}-initramfs${INITRAMFS_EXT_NAME}.p7b'))
-        d.setVarFlag('ALTERNATIVE_PRIORITY', d.expand('${KERNEL_IMAGETYPE}') + '-initramfs.p7b', '50101')
-    else:
-        for compr in d.getVar('INITRAMFS_FSTYPES').split():
-            d.appendVar(d.expand('ALTERNATIVE_${PN}'), ' ' + d.expand('${INITRAMFS_IMAGE}') + '.p7b')
-            d.setVarFlag('ALTERNATIVE_LINK_NAME', d.expand('${INITRAMFS_IMAGE}') + '.p7b', d.expand('/boot/${INITRAMFS_IMAGE}.p7b'))
-            d.setVarFlag('ALTERNATIVE_TARGET', d.expand('${INITRAMFS_IMAGE}') + '.p7b', d.expand('/boot/${INITRAMFS_IMAGE}${INITRAMFS_EXT_NAME}.' + compr + '.p7b'))
-            d.setVarFlag('ALTERNATIVE_PRIORITY', d.expand('${INITRAMFS_IMAGE}') + '.p7b', '50101')
-}

diff --git a/meta-efi-secure-boot/recipes-core/images/kernel-initramfs-efi-secure-boot.inc b/meta-efi-secure-boot/recipes-core/images/kernel-initramfs-efi-secure-boot.inc new file mode 100644 index 0000000..fb073a1 --- /dev/null +++ b/meta-efi-secure-boot/recipes-core/images/kernel-initramfs-efi-secure-boot.inc
@@ -0,0 +1,37 @@
		1	DEPENDS += "openssl-native"
		2	inherit user-key-store deploy
		3
		4	# Always fetch the latest initramfs image
		5	do_install[nostamp] = "1"
		6
		7	fakeroot python do_sign() {
		8	if d.getVar('BUNDLE', True) == '0':
		9	for compr in d.getVar('INITRAMFS_FSTYPES').split():
		10	uks_sel_sign(d.expand('${D}/boot/${INITRAMFS_IMAGE}${INITRAMFS_EXT_NAME}.') + compr, d)
		11	else:
		12	uks_sel_sign(d.expand('${D}/boot/${KERNEL_IMAGETYPE}-initramfs${INITRAMFS_EXT_NAME}'), d)
		13	}
		14	addtask sign after do_install before do_deploy do_package
		15	do_sign[prefuncs] += "check_deploy_keys"
		16
		17	do_deploy() {
		18	install -d "${DEPLOYDIR}"
		19	for SIG in ${D}/boot/*.p7b; do
		20	install -m 0644 ${SIG} ${DEPLOYDIR}
		21	done
		22	}
		23	addtask deploy after do_install before do_build
		24
		25	python do_package_prepend () {
		26	if d.getVar('BUNDLE') == '1':
		27	d.appendVar(d.expand('ALTERNATIVE_${PN}'), ' ' + d.expand('${KERNEL_IMAGETYPE}' + '-initramfs.p7b'))
		28	d.setVarFlag('ALTERNATIVE_LINK_NAME', d.expand('${KERNEL_IMAGETYPE}') + '-initramfs.p7b', d.expand('/boot/${KERNEL_IMAGETYPE}-initramfs.p7b'))
		29	d.setVarFlag('ALTERNATIVE_TARGET', d.expand('${KERNEL_IMAGETYPE}') + '-initramfs.p7b', d.expand('/boot/${KERNEL_IMAGETYPE}-initramfs${INITRAMFS_EXT_NAME}.p7b'))
		30	d.setVarFlag('ALTERNATIVE_PRIORITY', d.expand('${KERNEL_IMAGETYPE}') + '-initramfs.p7b', '50101')
		31	else:
		32	for compr in d.getVar('INITRAMFS_FSTYPES').split():
		33	d.appendVar(d.expand('ALTERNATIVE_${PN}'), ' ' + d.expand('${INITRAMFS_IMAGE}') + '.p7b')
		34	d.setVarFlag('ALTERNATIVE_LINK_NAME', d.expand('${INITRAMFS_IMAGE}') + '.p7b', d.expand('/boot/${INITRAMFS_IMAGE}.p7b'))
		35	d.setVarFlag('ALTERNATIVE_TARGET', d.expand('${INITRAMFS_IMAGE}') + '.p7b', d.expand('/boot/${INITRAMFS_IMAGE}${INITRAMFS_EXT_NAME}.' + compr + '.p7b'))
		36	d.setVarFlag('ALTERNATIVE_PRIORITY', d.expand('${INITRAMFS_IMAGE}') + '.p7b', '50101')
		37	}


diff --git a/meta-efi-secure-boot/recipes-core/images/kernel-initramfs.bbappend b/meta-efi-secure-boot/recipes-core/images/kernel-initramfs.bbappend index fb073a1..dc782d7 100644 --- a/meta-efi-secure-boot/recipes-core/images/kernel-initramfs.bbappend +++ b/meta-efi-secure-boot/recipes-core/images/kernel-initramfs.bbappend
@@ -1,37 +1 @@
1	DEPENDS += "openssl-native"		require ${@bb.utils.contains('DISTRO_FEATURES', 'efi-secure-boot', 'kernel-initramfs-efi-secure-boot.inc', '', d)}
2	inherit user-key-store deploy
3
4	# Always fetch the latest initramfs image
5	do_install[nostamp] = "1"
6
7	fakeroot python do_sign() {
8	if d.getVar('BUNDLE', True) == '0':
9	for compr in d.getVar('INITRAMFS_FSTYPES').split():
10	uks_sel_sign(d.expand('${D}/boot/${INITRAMFS_IMAGE}${INITRAMFS_EXT_NAME}.') + compr, d)
11	else:
12	uks_sel_sign(d.expand('${D}/boot/${KERNEL_IMAGETYPE}-initramfs${INITRAMFS_EXT_NAME}'), d)
13	}
14	addtask sign after do_install before do_deploy do_package
15	do_sign[prefuncs] += "check_deploy_keys"
16
17	do_deploy() {
18	install -d "${DEPLOYDIR}"
19	for SIG in ${D}/boot/*.p7b; do
20	install -m 0644 ${SIG} ${DEPLOYDIR}
21	done
22	}
23	addtask deploy after do_install before do_build
24
25	python do_package_prepend () {
26	if d.getVar('BUNDLE') == '1':
27	d.appendVar(d.expand('ALTERNATIVE_${PN}'), ' ' + d.expand('${KERNEL_IMAGETYPE}' + '-initramfs.p7b'))
28	d.setVarFlag('ALTERNATIVE_LINK_NAME', d.expand('${KERNEL_IMAGETYPE}') + '-initramfs.p7b', d.expand('/boot/${KERNEL_IMAGETYPE}-initramfs.p7b'))
29	d.setVarFlag('ALTERNATIVE_TARGET', d.expand('${KERNEL_IMAGETYPE}') + '-initramfs.p7b', d.expand('/boot/${KERNEL_IMAGETYPE}-initramfs${INITRAMFS_EXT_NAME}.p7b'))
30	d.setVarFlag('ALTERNATIVE_PRIORITY', d.expand('${KERNEL_IMAGETYPE}') + '-initramfs.p7b', '50101')
31	else:
32	for compr in d.getVar('INITRAMFS_FSTYPES').split():
33	d.appendVar(d.expand('ALTERNATIVE_${PN}'), ' ' + d.expand('${INITRAMFS_IMAGE}') + '.p7b')
34	d.setVarFlag('ALTERNATIVE_LINK_NAME', d.expand('${INITRAMFS_IMAGE}') + '.p7b', d.expand('/boot/${INITRAMFS_IMAGE}.p7b'))
35	d.setVarFlag('ALTERNATIVE_TARGET', d.expand('${INITRAMFS_IMAGE}') + '.p7b', d.expand('/boot/${INITRAMFS_IMAGE}${INITRAMFS_EXT_NAME}.' + compr + '.p7b'))
36	d.setVarFlag('ALTERNATIVE_PRIORITY', d.expand('${INITRAMFS_IMAGE}') + '.p7b', '50101')
37	}