[0/5] Structure module signing dependencies and providers

Message ID	20250415122204.120360-1-gokhan.cetin@siemens.com
Headers	show Return-Path: <isar-users+bncBDAZZLHW6AOBBL477G7QMGQE7ICIV3Y@googlegroups.com> Received-SPF: pass (google.com: domain of fm-1328731-20250415122308fe58ee131f522d5831-18kdal@rts-flowmailer.siemens.com designates 185.136.64.226 as permitted sender) client-ip=185.136.64.226; From: "'Gokhan Cetin' via isar-users" <isar-users@googlegroups.com> To: isar-users@googlegroups.com Cc: gokhan.cetin@siemens.com Subject: [PATCH 0/5] Structure module signing dependencies and providers Date: Tue, 15 Apr 2025 14:21:59 +0200 Message-Id: <20250415122204.120360-1-gokhan.cetin@siemens.com> MIME-Version: 1.0 Feedback-ID: 519:519-1328731:519-21489:flowmailer Reply-To: Gokhan Cetin <gokhan.cetin@siemens.com> Content-Type: text/plain; charset="UTF-8" Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com
Series	Structure module signing dependencies and providers \| expand [0/5] Structure module signing dependencies and providers [1/5] module-signer-example: define virtual package name as module-signer [2/5] meta/recipes-kernel/linux-module: Define default paths for signing related variables [3/5] meta-isar/recipes-secureboot/sb-mok-keys: define virtual package name [4/5] meta/recipes-kernel/linux-module: add option to set default signing profile and dependencies [5/5] doc/user_manual: describe module signer and certificate provider configuration

Message ID

20250415122204.120360-1-gokhan.cetin@siemens.com

Headers

Received-SPF: pass (google.com: domain of
 fm-1328731-20250415122308fe58ee131f522d5831-18kdal@rts-flowmailer.siemens.com
 designates 185.136.64.226 as permitted sender) client-ip=185.136.64.226;
From: "'Gokhan Cetin' via isar-users" <isar-users@googlegroups.com>
To: isar-users@googlegroups.com
Cc: gokhan.cetin@siemens.com
Subject: [PATCH 0/5] Structure module signing dependencies and providers
Date: Tue, 15 Apr 2025 14:21:59 +0200
Message-Id: <20250415122204.120360-1-gokhan.cetin@siemens.com>
MIME-Version: 1.0
Feedback-ID: 519:519-1328731:519-21489:flowmailer
Reply-To: Gokhan Cetin <gokhan.cetin@siemens.com>
Content-Type: text/plain; charset="UTF-8"
Precedence: list
Mailing-list: list isar-users@googlegroups.com;
 contact isar-users+owners@googlegroups.com

Series

Structure module signing dependencies and providers | expand

Message

Gokhan Cetin April 15, 2025, 12:21 p.m. UTC

As of now, in each kernel module, the same configuration block
has to be specified repeatedly for each module in module recipes
to specify build-time dependencies on recipes that provide the
required build profile and the scripts and certificates used in 
kernel module signing.

With these changes, it is possible to enable a recommended signature
configuration for all module recipes without touching the modules,
while it is still possible to customize the configuration when necessary.

Gokhan Cetin (5):
  module-signer-example: define virtual package name as module-signer
  meta/recipes-kernel/linux-module: Define default paths for signing
    related variables
  meta-isar/recipes-secureboot/sb-mok-keys: define virtual package name
  meta/recipes-kernel/linux-module: add option to set default signing
    profile and dependencies
  doc/user_manual: describe module signer and certificate provider
    configuration

 doc/user_manual.md                                   |  8 ++++++++
 .../module-signer-example/module-signer-example.bb   |  3 +++
 .../recipes-secureboot/sb-mok-keys/sb-mok-keys.bb    |  2 ++
 meta/recipes-kernel/linux-module/module.inc          | 12 +++++++++---
 4 files changed, 22 insertions(+), 3 deletions(-)