| Message ID | 20250416171709.742191-1-gokhan.cetin@siemens.com |
|---|---|
| Headers | show
Return-Path: <isar-users+bncBDAZZLHW6AOBBUOM767QMGQEOCNYHTQ@googlegroups.com>
Received: from shymkent.ilbers.de ([unix socket])
by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA;
Wed, 16 Apr 2025 19:18:18 +0200
X-Sieve: CMU Sieve 2.4
Received: from mail-lf1-f55.google.com (mail-lf1-f55.google.com
[209.85.167.55])
by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id
53GHIHkB011304
(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT)
for <iupwgm@isar-build.org>; Wed, 16 Apr 2025 19:18:17 +0200
Received: by mail-lf1-f55.google.com with SMTP id
2adb3069b0e04-542a77b4a4csf4165037e87.1
for <iupwgm@isar-build.org>; Wed, 16 Apr 2025 10:18:17 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1744823892; cv=pass;
d=google.com; s=arc-20240605;
b=LNsmDExFvWjGJUPzJB7BNVo+SeY03Cj7RF+N6tuo8MkrNT1Dwtq0Fy3Q6gFM0/pSaN
o6KI7Wl1m2bHH+RIgnWDVYkffz1OL5//W2JAgD3vlOkEG9LzArnGlr0vb13FgS6/3nQ7
S0KIy0CBehhh8GwKQDDvLTLsgbR0lFXieFdKCYC7XT1n1haSyrfbAjvtD8EC6a2kcB5u
gqG8l9fSmqdkf2X0Ovl42bzW2q3cokBusVAPsDCBlpLenvTQexYz3LKH2kZmvSmPqEmB
nfMrChjrSuRj1iKmqFpuF/WMpA7D4KejV1BQpWGhvLnmE7zlh/tbwvck0UJGb1c1I46p
MOHg==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20240605;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:reply-to:feedback-id:mime-version
:message-id:date:subject:cc:to:from:dkim-signature;
bh=1mJDAKM0D2RrgP+KJXPDhso4coBhhJnqRvnXaQ8HgR0=;
fh=uH/JDb0exmQWFaVdlYDSSyG1Is2ipVmw3+2/WuX3dcY=;
b=VhfB2O5MEomg4TSC5rHKAUex0HOF6AXM5/wVA/b3hX1GBGhpneJdjPVmLCwQTLCQGZ
YgdKc4HHNFeJaZd/zpkO5tPnmDL4Fe26Cs3XKpcIwQPsGGs5EB7oP0ZHTSDgiMEbr/Vd
H/xmcHJXWzUtSa4QoQvzh5HymvXiD7/rQ93Vu3sUgsUuGspjMHrziC0wan+YMsGWvvaK
FGSz+JgdhkYMakssd7Dit/i+F02sZ8UQBFk+dI63YlPAloM/ma3kyQsXOwb/o17eD1y+
InhIWjEA1+Tae0Zw2Xoshgc0B8EqHWs/RjW13yRddqw0Z4jbELrRKn+bnnROxrrn23ky
sscg==;
darn=isar-build.org
ARC-Authentication-Results: i=2; gmr-mx.google.com;
dkim=pass header.i=@siemens.com header.s=fm2 header.b=cyIX79zZ;
spf=pass (google.com: domain of
fm-1328731-2025041617180438ed6a2c35a6b9d543-fn98l2@rts-flowmailer.siemens.com
designates 185.136.64.225 as permitted sender)
smtp.mailfrom=fm-1328731-2025041617180438ed6a2c35a6b9d543-Fn98L2@rts-flowmailer.siemens.com;
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=googlegroups.com; s=20230601; t=1744823892; x=1745428692;
darn=isar-build.org;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:reply-to
:x-original-authentication-results:x-original-sender:feedback-id
:mime-version:message-id:date:subject:cc:to:from:from:to:cc:subject
:date:message-id:reply-to;
bh=1mJDAKM0D2RrgP+KJXPDhso4coBhhJnqRvnXaQ8HgR0=;
b=nhNfg6A4qGoXGhKBfCy7vX8JQeROzmBu1jkmDJz8zC9mkAlEodr8als4Tj8HLSN9k5
zhmvghD1GPN4XLTouP1JlmfTUePLDBePahBOb0603omS0EL2C8yGgNM7GeEYpFK4+J7g
jNpYmIjLlwiVi/rpgbVIz7ILUn5MhdLESxqthxRzezgABnj0pg76asbakm2K9yFpWmZM
ckbc+zyWWmLlqGMgUc1GobORqrMfxNARHbCrfMTgyrXXWBuQEXM29aqqd6HurTWT+xkQ
/pZ1Ozgk+8AidMigN5QCqXWA42anoumpwdh29AuOe8ftEz9j49If7MkCS0dJRwk6r2qW
V7yg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1744823892; x=1745428692;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to
:x-original-authentication-results:x-original-sender:feedback-id
:mime-version:message-id:date:subject:cc:to:from:x-beenthere
:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
bh=1mJDAKM0D2RrgP+KJXPDhso4coBhhJnqRvnXaQ8HgR0=;
b=XBgT/fgMkwOiIHLvaXxsN7xAHgJW5ezNv8k4l41S71ICZcWkVxl5vN9RbUsRab4Z+m
cHnPQUgPQ/JB3EXW+YQfYrX63oZ20RlQE0iovKpE98qa4kcaCm51q9b7chpEFTLOOm+e
aPd2HvNDYti+tAEOkyIAbSjhRTVk9IxTDlR3PiA0vCh7ujb/w6kv/SDrKm9BlPxePz5t
N/amA/rN7ucUBbL+QCd37MuMdkvi4Mi8pIDEBDq8VtoG8yevjawpGVQULRGPiORMsqmT
5V8gxW7lnlyLc1awOhRTB7uB2ADdP4Hegu9LGA+uQ6NAiwVe/KHmPvCGfgXTtsoq2QDz
Id4A==
X-Forwarded-Encrypted: i=2;
AJvYcCUaWvSK6lIgEeH3YekqX90gpqiiaXV/34z0KXTJ4wstBayNXyGP6w6qyaCVTfGwsqC6gtTcqCc=@isar-build.org
X-Gm-Message-State: AOJu0YzG1DRzeGTJEcbj3joEIHvtX2IRBvboU5DQUauQSYP5qj3nP0op
I7m7kl9sLmMOwGQMcFIcNJ6Yp7M/Bx0pqaOZx4dqYXH9b0G8g4cs
X-Google-Smtp-Source:
AGHT+IHsynLWq72215eZLkz6wjHRTjp+Hjk2mhLzGbS/IOVPT44vt6A1Dqfix1kTt9HhUoMgS4hzhg==
X-Received: by 2002:a05:6512:108a:b0:54a:f76a:6f81 with SMTP id
2adb3069b0e04-54d64aab3a3mr852861e87.27.1744823890392;
Wed, 16 Apr 2025 10:18:10 -0700 (PDT)
X-BeenThere: isar-users@googlegroups.com;
h=ARLLPAJpC48s/AUjiNzIH/7UbNlPlXbcDQv/MN6PH8tcAEjXXQ==
Received: by 2002:a05:6512:963:b0:54a:c539:d141 with SMTP id
2adb3069b0e04-54d68c57276ls21373e87.2.-pod-prod-07-eu; Wed, 16 Apr 2025
10:18:06 -0700 (PDT)
X-Received: by 2002:a05:6512:1102:b0:54a:cc25:d55d with SMTP id
2adb3069b0e04-54d64ae6b71mr1213211e87.43.1744823885586;
Wed, 16 Apr 2025 10:18:05 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1744823885; cv=none;
d=google.com; s=arc-20240605;
b=G5Aph/asfz8Yb+ZYLxLPcOZjZPugXYZDnQ7jOXN80YiUkixS5qZvmTVCNGqq3NN/32
3A4yF3EXYUXXKNNxMV4dmUh04m+JIavK67xNyS0m4T8M3sx+/jP2p8m83QKA6CJDw2lM
LKwuNv/jcOo8chXvUx926vgZsg9A+JssXVYVjJPdMXsI9IF64GB+FiM4a9IPAxpsO0Ju
w0pk+vf18HTsx4Thbqq4DnZYbbpXwDefufB1up1tZN40MimJXV3TMwKB9yNmxD8rbjtt
FiAN62x0mcMB7tw/7ln2qDhBq4H27jx2pGb+VgZr9xIH+OZIiN4w2ONCqF8M2ZXTLR0J
kIlQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20240605;
h=feedback-id:content-transfer-encoding:mime-version:message-id:date
:subject:cc:to:from:dkim-signature;
bh=ufPPqIX5cGsb9Aco41K8e6t8ApJWC4QCkUgcGoXftno=;
fh=7H56SyJ75bwGZUIqRCOBd3K5XpBD2YtSSm9HZ9E1Jq8=;
b=JNaryFmCgI6GRQdLzqI6qULyFu49ZHlxd3FaPPpAeSQkiFG8KFRi4HsO/KhRnJs5if
uhUpq3BUalUTxnEUpQ/v2ji0mgb3imGKenjiXSXKEyI3v2/y+LRSUWyNctSyYmqW5ylR
2G9ErTBIOmWcBmV5Xv09CtkIo/vC3ulq4JEDi0dnkefwTq1mMP34uKOOVvs16/JdxMX9
AQXovs4P2GkATV8N+GiUUPNmBXMmw+thLaeEhgdZSoQOrnF5r0OGbNiegHTXUXJWG1ho
fHKmLDKr2UAXd6URGiUMNdhy0VrI/HjzmTMs9c9qeme8b5FcDE158JAqaDoXJTDW4dcY
FI+g==;
dara=google.com
ARC-Authentication-Results: i=1; gmr-mx.google.com;
dkim=pass header.i=@siemens.com header.s=fm2 header.b=cyIX79zZ;
spf=pass (google.com: domain of
fm-1328731-2025041617180438ed6a2c35a6b9d543-fn98l2@rts-flowmailer.siemens.com
designates 185.136.64.225 as permitted sender)
smtp.mailfrom=fm-1328731-2025041617180438ed6a2c35a6b9d543-Fn98L2@rts-flowmailer.siemens.com;
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com
Received: from mta-64-225.siemens.flowmailer.net
(mta-64-225.siemens.flowmailer.net. [185.136.64.225])
by gmr-mx.google.com with ESMTPS id
2adb3069b0e04-54d53f261e2si77674e87.9.2025.04.16.10.18.05
for <isar-users@googlegroups.com>
(version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
Wed, 16 Apr 2025 10:18:05 -0700 (PDT)
Received-SPF: pass (google.com: domain of
fm-1328731-2025041617180438ed6a2c35a6b9d543-fn98l2@rts-flowmailer.siemens.com
designates 185.136.64.225 as permitted sender) client-ip=185.136.64.225;
Received: by mta-64-225.siemens.flowmailer.net with ESMTPSA id
2025041617180438ed6a2c35a6b9d543
for <isar-users@googlegroups.com>;
Wed, 16 Apr 2025 19:18:04 +0200
From: "'Gokhan Cetin' via isar-users" <isar-users@googlegroups.com>
To: isar-users@googlegroups.com
Cc: gokhan.cetin@siemens.com, jan.kiszka@siemens.com
Subject: [PATCH v2 0/5] Structure module signing dependencies and providers
Date: Wed, 16 Apr 2025 19:17:04 +0200
Message-Id: <20250416171709.742191-1-gokhan.cetin@siemens.com>
MIME-Version: 1.0
X-Flowmailer-Platform: Siemens
Feedback-ID: 519:519-1328731:519-21489:flowmailer
X-Original-Sender: gokhan.cetin@siemens.com
X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass
header.i=@siemens.com header.s=fm2 header.b=cyIX79zZ; spf=pass
(google.com: domain of
fm-1328731-2025041617180438ed6a2c35a6b9d543-fn98l2@rts-flowmailer.siemens.com
designates 185.136.64.225 as permitted sender)
smtp.mailfrom=fm-1328731-2025041617180438ed6a2c35a6b9d543-Fn98L2@rts-flowmailer.siemens.com;
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com
X-Original-From: Gokhan Cetin <gokhan.cetin@siemens.com>
Reply-To: Gokhan Cetin <gokhan.cetin@siemens.com>
Content-Type: text/plain; charset="UTF-8"
Precedence: list
Mailing-list: list isar-users@googlegroups.com;
contact isar-users+owners@googlegroups.com
List-ID: <isar-users.googlegroups.com>
X-Spam-Checked-In-Group: isar-users@googlegroups.com
X-Google-Group-Id: 914930254986
List-Post: <https://groups.google.com/group/isar-users/post>,
<mailto:isar-users@googlegroups.com>
List-Help: <https://groups.google.com/support/>,
<mailto:isar-users+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/isar-users
List-Subscribe: <https://groups.google.com/group/isar-users/subscribe>,
<mailto:isar-users+subscribe@googlegroups.com>
List-Unsubscribe:
<mailto:googlegroups-manage+914930254986+unsubscribe@googlegroups.com>,
<https://groups.google.com/group/isar-users/subscribe>
X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED,
DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI,
RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED,
RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable
autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
|
| Series |
Structure module signing dependencies and providers
|
expand
|
On 2025-04-16 19:17, 'Gokhan Cetin' via isar-users wrote: > As of now, in each kernel module, the same configuration block > has to be specified repeatedly for each module in module recipes > to specify build-time dependencies on recipes that provide the > required build profile and the scripts and certificates used in > kernel module signing. > > With these changes, it is possible to enable a recommended signature > configuration for all module recipes without touching the modules, > while it is still possible to customize the configuration when necessary. Applied to next, thanks. With kind regards, Baurzhan
As of now, in each kernel module, the same configuration block has to be specified repeatedly for each module in module recipes to specify build-time dependencies on recipes that provide the required build profile and the scripts and certificates used in kernel module signing. With these changes, it is possible to enable a recommended signature configuration for all module recipes without touching the modules, while it is still possible to customize the configuration when necessary. Gokhan Cetin (5): module-signer-example: define virtual package name as module-signer meta/recipes-kernel/linux-module: Define default paths for signing related variables meta-isar/recipes-secureboot/sb-mok-keys: define virtual package name meta/recipes-kernel/linux-module: add option to set default signing profile and dependencies doc/user_manual: describe module signer and certificate provider configuration doc/user_manual.md | 8 ++++++++ .../module-signer-example/module-signer-example.bb | 3 +++ .../recipes-secureboot/sb-mok-keys/sb-mok-keys.bb | 2 ++ meta/recipes-kernel/linux-module/module.inc | 13 ++++++++++--- 4 files changed, 23 insertions(+), 3 deletions(-)