diff options
Diffstat (limited to 'meta-integrity/classes/kernel-modsign.bbclass')
-rw-r--r-- | meta-integrity/classes/kernel-modsign.bbclass | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/meta-integrity/classes/kernel-modsign.bbclass b/meta-integrity/classes/kernel-modsign.bbclass new file mode 100644 index 0000000..09025ba --- /dev/null +++ b/meta-integrity/classes/kernel-modsign.bbclass | |||
@@ -0,0 +1,29 @@ | |||
1 | # No default! Either this or MODSIGN_PRIVKEY/MODSIGN_X509 have to be | ||
2 | # set explicitly in a local.conf before activating kernel-modsign. | ||
3 | # To use the insecure (because public) example keys, use | ||
4 | # MODSIGN_KEY_DIR = "${INTEGRITY_BASE}/data/debug-keys" | ||
5 | MODSIGN_KEY_DIR ?= "MODSIGN_KEY_DIR_NOT_SET" | ||
6 | |||
7 | # Private key for modules signing. The default is okay when | ||
8 | # using the example key directory. | ||
9 | MODSIGN_PRIVKEY ?= "${MODSIGN_KEY_DIR}/privkey_modsign.pem" | ||
10 | |||
11 | # Public part of certificates used for modules signing. | ||
12 | # The default is okay when using the example key directory. | ||
13 | MODSIGN_X509 ?= "${MODSIGN_KEY_DIR}/x509_modsign.crt" | ||
14 | |||
15 | # If this class is enabled, disable stripping signatures from modules | ||
16 | INHIBIT_PACKAGE_STRIP = "1" | ||
17 | |||
18 | kernel_do_configure_prepend() { | ||
19 | if [ -f "${MODSIGN_PRIVKEY}" -a -f "${MODSIGN_X509}" ]; then | ||
20 | cat "${MODSIGN_PRIVKEY}" "${MODSIGN_X509}" \ | ||
21 | > "${B}/modsign_key.pem" | ||
22 | else | ||
23 | bberror "Either modsign key or certificate are invalid" | ||
24 | fi | ||
25 | } | ||
26 | |||
27 | do_shared_workdir_append() { | ||
28 | cp modsign_key.pem $kerneldir/ | ||
29 | } | ||