1 files changed, 48 insertions, 0 deletions
diff --git a/meta-efi-secure-boot/recipes-bsp/efitools/efitools/Dynamically-load-openssl.cnf-for-openssl-1.0.x-1.1.x.patch b/meta-efi-secure-boot/recipes-bsp/efitools/efitools/Dynamically-load-openssl.cnf-for-openssl-1.0.x-1.1.x.patch
new file mode 100644
index 0000000..7424a0c
--- /dev/null
+++ b/meta-efi-secure-boot/recipes-bsp/efitools/efitools/Dynamically-load-openssl.cnf-for-openssl-1.0.x-1.1.x.patch
@@ -0,0 +1,48 @@
+From 0b579e0382ac86d6a6a72bbd5898cee75457922e Mon Sep 17 00:00:00 2001
+From: Lans Zhang <jia.zhang@windriver.com>
+Date: Wed, 16 Aug 2017 22:59:12 +0800
+Subject: [PATCH] Dynamically load openssl.cnf for openssl-1.0.x/1.1.x/3.0
+Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ Make.rules | 18 ++++++++++++++++--
+ 1 file changed, 16 insertions(+), 2 deletions(-)
+diff --git a/Make.rules b/Make.rules
+index b90c4d3..faf2ae4 100644
+--- a/Make.rules
+++ b/Make.rules
+@@ -116,13 +116,27 @@ getvar = $(shell if [ "$(1)" = "PK" -o "$(1)" = "KEK" ]; then echo $(1); else ec
+        $(CC) -S $(INCDIR) $(cflags) $(cppflags) -fno-toplevel-reorder -DBUILD_EFI -c $< -o $@
+ 
+ %.crt:
+-       $(OPENSSL) req -new -x509 -newkey rsa:2048 -subj "/CN=$*/" -keyout $*.key -out $@ -days 3650 -nodes -sha256
+       @if [ -s "$(OPENSSL_LIB)/ssl-3/openssl.cnf" ]; then \
+           cfg="$(OPENSSL_LIB)/ssl-3/openssl.cnf"; \
+       elif [ -s "$(OPENSSL_LIB)/ssl-1.1/openssl.cnf" ]; then \
+           cfg="$(OPENSSL_LIB)/ssl-1.1/openssl.cnf"; \
+       else \
+           cfg="$(OPENSSL_LIB)/ssl/openssl.cnf"; \
+       fi; \
+       $(OPENSSL) req -config $$cfg -new -x509 -newkey rsa:2048 -subj "/CN=$*/" -keyout $*.key -out $@ -days 3650 -nodes -sha256
+ 
+ %.cer: %.crt
+        $(OPENSSL) x509 -in $< -out $@ -outform DER
+ 
+ %-subkey.csr:
+-       $(OPENSSL) req -new -newkey rsa:2048 -keyout $*-subkey.key -subj "/CN=Subkey $* of KEK/" -out $@ -nodes
+       @if [ -s "$(OPENSSL_LIB)/ssl-3/openssl.cnf" ]; then \
+           cfg="$(OPENSSL_LIB)/ssl-3/openssl.cnf"; \
+       elif [ -s "$(OPENSSL_LIB)/ssl-1.1/openssl.cnf" ]; then \
+           cfg="$(OPENSSL_LIB)/ssl-1.1/openssl.cnf"; \
+       else \
+           cfg="$(OPENSSL_LIB)/ssl/openssl.cnf"; \
+       fi; \
+       $(OPENSSL) req -config $$cfg -new -newkey rsa:2048 -keyout $*-subkey.key -subj "/CN=Subkey $* of KEK/" -out $@ -nodes
+ 
+ %-subkey.crt: %-subkey.csr KEK.crt
+        $(OPENSSL) x509 -req -in $< -CA DB.crt -CAkey DB.key -set_serial 1 -out $@ -days 365
+-- 
+2.17.1

diff --git a/meta-efi-secure-boot/recipes-bsp/efitools/efitools/Dynamically-load-openssl.cnf-for-openssl-1.0.x-1.1.x.patch b/meta-efi-secure-boot/recipes-bsp/efitools/efitools/Dynamically-load-openssl.cnf-for-openssl-1.0.x-1.1.x.patch new file mode 100644 index 0000000..7424a0c --- /dev/null +++ b/meta-efi-secure-boot/recipes-bsp/efitools/efitools/Dynamically-load-openssl.cnf-for-openssl-1.0.x-1.1.x.patch
@@ -0,0 +1,48 @@
	1	From 0b579e0382ac86d6a6a72bbd5898cee75457922e Mon Sep 17 00:00:00 2001
	2	From: Lans Zhang <jia.zhang@windriver.com>
	3	Date: Wed, 16 Aug 2017 22:59:12 +0800
	4	Subject: [PATCH] Dynamically load openssl.cnf for openssl-1.0.x/1.1.x/3.0
	5
	6	Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
	7	Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
	8	---
	9	Make.rules \| 18 ++++++++++++++++--
	10	1 file changed, 16 insertions(+), 2 deletions(-)
	11
	12	diff --git a/Make.rules b/Make.rules
	13	index b90c4d3..faf2ae4 100644
	14	--- a/Make.rules
	15	+++ b/Make.rules
	16	@@ -116,13 +116,27 @@ getvar = $(shell if [ "$(1)" = "PK" -o "$(1)" = "KEK" ]; then echo $(1); else ec
	17	$(CC) -S $(INCDIR) $(cflags) $(cppflags) -fno-toplevel-reorder -DBUILD_EFI -c $< -o $@
	18
	19	%.crt:
	20	- $(OPENSSL) req -new -x509 -newkey rsa:2048 -subj "/CN=$/" -keyout $.key -out $@ -days 3650 -nodes -sha256
	21	+ @if [ -s "$(OPENSSL_LIB)/ssl-3/openssl.cnf" ]; then \
	22	+ cfg="$(OPENSSL_LIB)/ssl-3/openssl.cnf"; \
	23	+ elif [ -s "$(OPENSSL_LIB)/ssl-1.1/openssl.cnf" ]; then \
	24	+ cfg="$(OPENSSL_LIB)/ssl-1.1/openssl.cnf"; \
	25	+ else \
	26	+ cfg="$(OPENSSL_LIB)/ssl/openssl.cnf"; \
	27	+ fi; \
	28	+ $(OPENSSL) req -config $$cfg -new -x509 -newkey rsa:2048 -subj "/CN=$/" -keyout $.key -out $@ -days 3650 -nodes -sha256
	29
	30	%.cer: %.crt
	31	$(OPENSSL) x509 -in $< -out $@ -outform DER
	32
	33	%-subkey.csr:
	34	- $(OPENSSL) req -new -newkey rsa:2048 -keyout $-subkey.key -subj "/CN=Subkey $ of KEK/" -out $@ -nodes
	35	+ @if [ -s "$(OPENSSL_LIB)/ssl-3/openssl.cnf" ]; then \
	36	+ cfg="$(OPENSSL_LIB)/ssl-3/openssl.cnf"; \
	37	+ elif [ -s "$(OPENSSL_LIB)/ssl-1.1/openssl.cnf" ]; then \
	38	+ cfg="$(OPENSSL_LIB)/ssl-1.1/openssl.cnf"; \
	39	+ else \
	40	+ cfg="$(OPENSSL_LIB)/ssl/openssl.cnf"; \
	41	+ fi; \
	42	+ $(OPENSSL) req -config $$cfg -new -newkey rsa:2048 -keyout $-subkey.key -subj "/CN=Subkey $ of KEK/" -out $@ -nodes
	43
	44	%-subkey.crt: %-subkey.csr KEK.crt
	45	$(OPENSSL) x509 -req -in $< -CA DB.crt -CAkey DB.key -set_serial 1 -out $@ -days 365
	46	--
	47	2.17.1
	48