Skip to content

Commit

Permalink
images/trustx-cml-firmware: Automatically switch to PKCS#11 signing
Browse files Browse the repository at this point in the history 
Use p11-signing class to determine a PKCS#11 token as signing key and
automatically switch to respecitve command. No need to override in
bbappend anymore.

Signed-off-by: Johannes Wiesboeck <johannes.wiesboeck@aisec.fraunhofer.de>
  • Loading branch information
@jwsbck
jwsbck committed Aug 8, 2024
1 parent a02fa26 commit e2898e4
Showing 1 changed file with 3 additions and 1 deletion.
4 changes: 3 additions & 1 deletion images/trustx-cml-firmware.bb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,9 @@ TEST_CERT_DIR = "${TOPDIR}/test_certificates"

DEPENDS += "ima-evm-utils-native"

EVMCTL_CMD ?= "evmctl ima_sign -r --hashalgo sha256 --key ${TEST_CERT_DIR}/ssig_subca.key ${IMAGE_ROOTFS}/"
inherit p11-signing
EVMCTL_CMD = "evmctl ima_sign -r --hashalgo sha256 --key ${TEST_CERT_DIR}/ssig_subca.key ${IMAGE_ROOTFS}/"
EVMCTL_CMD:pkcs11-sign = "evmctl ima_sign -r --hashalgo sha256 --engine pkcs11 --key '${KERNEL_MODULE_SIG_KEY}' --keyid-from-cert '${STAGING_KERNEL_BUILDDIR}/certs/signing_key.x509' ${IMAGE_ROOTFS}/"
move_firmware() {
mv ${IMAGE_ROOTFS}/lib/firmware/* ${IMAGE_ROOTFS}/
${EVMCTL_CMD}
Expand Down

0 comments on commit e2898e4

Please sign in to comment.