Initial commit

2026-04-23 17:07:55 +08:00
commit b7e39e063b
16725 changed files with 1625565 additions and 0 deletions
@@ -0,0 +1,45 @@
+SUMMARY = "OpenBMC image signing public key"
+DESCRIPTION = "Public key information to be included in images for image verification."
+LICENSE = "Apache-2.0"
+LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/Apache-2.0;md5=89aea4e17d99a7cacdbeed46a0096b10"
+DEPENDS += "openssl-native"
+DEPENDS += "${@oe.utils.conditional('INSECURE_KEY', 'True', 'phosphor-insecure-signing-key-native', '', d)}"
+PR = "r1"
+
+SIGNING_PUBLIC_KEY ?= ""
+SIGNING_PUBLIC_KEY_TYPE = "${@os.path.splitext(os.path.basename('${SIGNING_PUBLIC_KEY}'))[0]}"
+SIGNING_KEY ?= "${STAGING_DIR_NATIVE}${datadir}/OpenBMC.priv"
+SIGNING_KEY_TYPE = "${@os.path.splitext(os.path.basename('${SIGNING_KEY}'))[0]}"
+SYSROOT_DIRS:append = " ${sysconfdir}"
+
+inherit allarch
+
+do_install() {
+        signing_key="${SIGNING_KEY}"
+        if [ "${INSECURE_KEY}" = "True" ] && [ -n "${SIGNING_PUBLIC_KEY}" ]; then
+            echo "Using SIGNING_PUBLIC_KEY"
+            signing_key=""
+        fi
+        if [ -n "${signing_key}" ] && [ -n "${SIGNING_PUBLIC_KEY}" ]; then
+            echo "Both SIGNING_KEY and SIGNING_PUBLIC_KEY are defined, expecting only one"
+            exit 1
+        fi
+        if [ -n "${signing_key}" ]; then
+            openssl pkey -in "${signing_key}" -pubout -out ${WORKDIR}/publickey
+            idir="${D}${sysconfdir}/activationdata/${SIGNING_KEY_TYPE}"
+        elif [ -n "${SIGNING_PUBLIC_KEY}" ]; then
+            cp "${SIGNING_PUBLIC_KEY}" ${WORKDIR}/publickey
+            idir="${D}${sysconfdir}/activationdata/${SIGNING_PUBLIC_KEY_TYPE}"
+        else
+            echo "No SIGNING_KEY or SIGNING_PUBLIC_KEY defined, expecting one"
+            exit 1
+        fi
+        echo HashType=RSA-SHA256 > "${WORKDIR}/hashfunc"
+        install -d ${idir}
+        install -m 644 ${WORKDIR}/publickey ${idir}
+        install -m 644 ${WORKDIR}/hashfunc ${idir}
+}
+
+FILES:${PN} += "${sysconfdir}/activationdata/"
+
+INSECURE_KEY = "${@'${SIGNING_KEY}' == '${STAGING_DIR_NATIVE}${datadir}/OpenBMC.priv'}"