1 files changed, 29 insertions, 0 deletions
diff --git a/meta-integrity/classes/kernel-modsign.bbclass b/meta-integrity/classes/kernel-modsign.bbclass
new file mode 100644
index 0000000..09025ba
--- /dev/null
+++ b/meta-integrity/classes/kernel-modsign.bbclass
@@ -0,0 +1,29 @@
+# No default! Either this or MODSIGN_PRIVKEY/MODSIGN_X509 have to be
+# set explicitly in a local.conf before activating kernel-modsign.
+# To use the insecure (because public) example keys, use
+# MODSIGN_KEY_DIR = "${INTEGRITY_BASE}/data/debug-keys"
+MODSIGN_KEY_DIR ?= "MODSIGN_KEY_DIR_NOT_SET"
+# Private key for modules signing. The default is okay when
+# using the example key directory.
+MODSIGN_PRIVKEY ?= "${MODSIGN_KEY_DIR}/privkey_modsign.pem"
+# Public part of certificates used for modules signing.
+# The default is okay when using the example key directory.
+MODSIGN_X509 ?= "${MODSIGN_KEY_DIR}/x509_modsign.crt"
+# If this class is enabled, disable stripping signatures from modules
+INHIBIT_PACKAGE_STRIP = "1"
+kernel_do_configure_prepend() {
+    if [ -f "${MODSIGN_PRIVKEY}" -a -f "${MODSIGN_X509}" ]; then
+        cat "${MODSIGN_PRIVKEY}" "${MODSIGN_X509}" \
+            > "${B}/modsign_key.pem"
+    else
+        bberror "Either modsign key or certificate are invalid"
+    fi
+}
+do_shared_workdir_append() {
+    cp modsign_key.pem $kerneldir/
+}

diff --git a/meta-integrity/classes/kernel-modsign.bbclass b/meta-integrity/classes/kernel-modsign.bbclass new file mode 100644 index 0000000..09025ba --- /dev/null +++ b/meta-integrity/classes/kernel-modsign.bbclass
@@ -0,0 +1,29 @@
	1	# No default! Either this or MODSIGN_PRIVKEY/MODSIGN_X509 have to be
	2	# set explicitly in a local.conf before activating kernel-modsign.
	3	# To use the insecure (because public) example keys, use
	4	# MODSIGN_KEY_DIR = "${INTEGRITY_BASE}/data/debug-keys"
	5	MODSIGN_KEY_DIR ?= "MODSIGN_KEY_DIR_NOT_SET"
	6
	7	# Private key for modules signing. The default is okay when
	8	# using the example key directory.
	9	MODSIGN_PRIVKEY ?= "${MODSIGN_KEY_DIR}/privkey_modsign.pem"
	10
	11	# Public part of certificates used for modules signing.
	12	# The default is okay when using the example key directory.
	13	MODSIGN_X509 ?= "${MODSIGN_KEY_DIR}/x509_modsign.crt"
	14
	15	# If this class is enabled, disable stripping signatures from modules
	16	INHIBIT_PACKAGE_STRIP = "1"
	17
	18	kernel_do_configure_prepend() {
	19	if [ -f "${MODSIGN_PRIVKEY}" -a -f "${MODSIGN_X509}" ]; then
	20	cat "${MODSIGN_PRIVKEY}" "${MODSIGN_X509}" \
	21	> "${B}/modsign_key.pem"
	22	else
	23	bberror "Either modsign key or certificate are invalid"
	24	fi
	25	}
	26
	27	do_shared_workdir_append() {
	28	cp modsign_key.pem $kerneldir/
	29	}