From patchwork Wed Apr 16 17:17:04 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gokhan Cetin X-Patchwork-Id: 264 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Wed, 16 Apr 2025 19:18:18 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-lf1-f55.google.com (mail-lf1-f55.google.com [209.85.167.55]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 53GHIHkB011304 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 16 Apr 2025 19:18:17 +0200 Received: by mail-lf1-f55.google.com with SMTP id 2adb3069b0e04-542a77b4a4csf4165037e87.1 for ; Wed, 16 Apr 2025 10:18:17 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1744823892; cv=pass; d=google.com; s=arc-20240605; b=LNsmDExFvWjGJUPzJB7BNVo+SeY03Cj7RF+N6tuo8MkrNT1Dwtq0Fy3Q6gFM0/pSaN o6KI7Wl1m2bHH+RIgnWDVYkffz1OL5//W2JAgD3vlOkEG9LzArnGlr0vb13FgS6/3nQ7 S0KIy0CBehhh8GwKQDDvLTLsgbR0lFXieFdKCYC7XT1n1haSyrfbAjvtD8EC6a2kcB5u gqG8l9fSmqdkf2X0Ovl42bzW2q3cokBusVAPsDCBlpLenvTQexYz3LKH2kZmvSmPqEmB nfMrChjrSuRj1iKmqFpuF/WMpA7D4KejV1BQpWGhvLnmE7zlh/tbwvck0UJGb1c1I46p MOHg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:feedback-id:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=1mJDAKM0D2RrgP+KJXPDhso4coBhhJnqRvnXaQ8HgR0=; fh=uH/JDb0exmQWFaVdlYDSSyG1Is2ipVmw3+2/WuX3dcY=; b=VhfB2O5MEomg4TSC5rHKAUex0HOF6AXM5/wVA/b3hX1GBGhpneJdjPVmLCwQTLCQGZ YgdKc4HHNFeJaZd/zpkO5tPnmDL4Fe26Cs3XKpcIwQPsGGs5EB7oP0ZHTSDgiMEbr/Vd H/xmcHJXWzUtSa4QoQvzh5HymvXiD7/rQ93Vu3sUgsUuGspjMHrziC0wan+YMsGWvvaK FGSz+JgdhkYMakssd7Dit/i+F02sZ8UQBFk+dI63YlPAloM/ma3kyQsXOwb/o17eD1y+ InhIWjEA1+Tae0Zw2Xoshgc0B8EqHWs/RjW13yRddqw0Z4jbELrRKn+bnnROxrrn23ky sscg==; darn=isar-build.org ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm2 header.b=cyIX79zZ; spf=pass (google.com: domain of fm-1328731-2025041617180438ed6a2c35a6b9d543-fn98l2@rts-flowmailer.siemens.com designates 185.136.64.225 as permitted sender) smtp.mailfrom=fm-1328731-2025041617180438ed6a2c35a6b9d543-Fn98L2@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1744823892; x=1745428692; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:feedback-id :mime-version:message-id:date:subject:cc:to:from:from:to:cc:subject :date:message-id:reply-to; bh=1mJDAKM0D2RrgP+KJXPDhso4coBhhJnqRvnXaQ8HgR0=; b=nhNfg6A4qGoXGhKBfCy7vX8JQeROzmBu1jkmDJz8zC9mkAlEodr8als4Tj8HLSN9k5 zhmvghD1GPN4XLTouP1JlmfTUePLDBePahBOb0603omS0EL2C8yGgNM7GeEYpFK4+J7g jNpYmIjLlwiVi/rpgbVIz7ILUn5MhdLESxqthxRzezgABnj0pg76asbakm2K9yFpWmZM ckbc+zyWWmLlqGMgUc1GobORqrMfxNARHbCrfMTgyrXXWBuQEXM29aqqd6HurTWT+xkQ /pZ1Ozgk+8AidMigN5QCqXWA42anoumpwdh29AuOe8ftEz9j49If7MkCS0dJRwk6r2qW V7yg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1744823892; x=1745428692; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:feedback-id :mime-version:message-id:date:subject:cc:to:from:x-beenthere :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=1mJDAKM0D2RrgP+KJXPDhso4coBhhJnqRvnXaQ8HgR0=; b=XBgT/fgMkwOiIHLvaXxsN7xAHgJW5ezNv8k4l41S71ICZcWkVxl5vN9RbUsRab4Z+m cHnPQUgPQ/JB3EXW+YQfYrX63oZ20RlQE0iovKpE98qa4kcaCm51q9b7chpEFTLOOm+e aPd2HvNDYti+tAEOkyIAbSjhRTVk9IxTDlR3PiA0vCh7ujb/w6kv/SDrKm9BlPxePz5t N/amA/rN7ucUBbL+QCd37MuMdkvi4Mi8pIDEBDq8VtoG8yevjawpGVQULRGPiORMsqmT 5V8gxW7lnlyLc1awOhRTB7uB2ADdP4Hegu9LGA+uQ6NAiwVe/KHmPvCGfgXTtsoq2QDz Id4A== X-Forwarded-Encrypted: i=2; AJvYcCUaWvSK6lIgEeH3YekqX90gpqiiaXV/34z0KXTJ4wstBayNXyGP6w6qyaCVTfGwsqC6gtTcqCc=@isar-build.org X-Gm-Message-State: AOJu0YzG1DRzeGTJEcbj3joEIHvtX2IRBvboU5DQUauQSYP5qj3nP0op I7m7kl9sLmMOwGQMcFIcNJ6Yp7M/Bx0pqaOZx4dqYXH9b0G8g4cs X-Google-Smtp-Source: AGHT+IHsynLWq72215eZLkz6wjHRTjp+Hjk2mhLzGbS/IOVPT44vt6A1Dqfix1kTt9HhUoMgS4hzhg== X-Received: by 2002:a05:6512:108a:b0:54a:f76a:6f81 with SMTP id 2adb3069b0e04-54d64aab3a3mr852861e87.27.1744823890392; Wed, 16 Apr 2025 10:18:10 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h=ARLLPAJpC48s/AUjiNzIH/7UbNlPlXbcDQv/MN6PH8tcAEjXXQ== Received: by 2002:a05:6512:963:b0:54a:c539:d141 with SMTP id 2adb3069b0e04-54d68c57276ls21373e87.2.-pod-prod-07-eu; Wed, 16 Apr 2025 10:18:06 -0700 (PDT) X-Received: by 2002:a05:6512:1102:b0:54a:cc25:d55d with SMTP id 2adb3069b0e04-54d64ae6b71mr1213211e87.43.1744823885586; Wed, 16 Apr 2025 10:18:05 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1744823885; cv=none; d=google.com; s=arc-20240605; b=G5Aph/asfz8Yb+ZYLxLPcOZjZPugXYZDnQ7jOXN80YiUkixS5qZvmTVCNGqq3NN/32 3A4yF3EXYUXXKNNxMV4dmUh04m+JIavK67xNyS0m4T8M3sx+/jP2p8m83QKA6CJDw2lM LKwuNv/jcOo8chXvUx926vgZsg9A+JssXVYVjJPdMXsI9IF64GB+FiM4a9IPAxpsO0Ju w0pk+vf18HTsx4Thbqq4DnZYbbpXwDefufB1up1tZN40MimJXV3TMwKB9yNmxD8rbjtt FiAN62x0mcMB7tw/7ln2qDhBq4H27jx2pGb+VgZr9xIH+OZIiN4w2ONCqF8M2ZXTLR0J kIlQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=feedback-id:content-transfer-encoding:mime-version:message-id:date :subject:cc:to:from:dkim-signature; bh=ufPPqIX5cGsb9Aco41K8e6t8ApJWC4QCkUgcGoXftno=; fh=7H56SyJ75bwGZUIqRCOBd3K5XpBD2YtSSm9HZ9E1Jq8=; b=JNaryFmCgI6GRQdLzqI6qULyFu49ZHlxd3FaPPpAeSQkiFG8KFRi4HsO/KhRnJs5if uhUpq3BUalUTxnEUpQ/v2ji0mgb3imGKenjiXSXKEyI3v2/y+LRSUWyNctSyYmqW5ylR 2G9ErTBIOmWcBmV5Xv09CtkIo/vC3ulq4JEDi0dnkefwTq1mMP34uKOOVvs16/JdxMX9 AQXovs4P2GkATV8N+GiUUPNmBXMmw+thLaeEhgdZSoQOrnF5r0OGbNiegHTXUXJWG1ho fHKmLDKr2UAXd6URGiUMNdhy0VrI/HjzmTMs9c9qeme8b5FcDE158JAqaDoXJTDW4dcY FI+g==; dara=google.com ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm2 header.b=cyIX79zZ; spf=pass (google.com: domain of fm-1328731-2025041617180438ed6a2c35a6b9d543-fn98l2@rts-flowmailer.siemens.com designates 185.136.64.225 as permitted sender) smtp.mailfrom=fm-1328731-2025041617180438ed6a2c35a6b9d543-Fn98L2@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from mta-64-225.siemens.flowmailer.net (mta-64-225.siemens.flowmailer.net. [185.136.64.225]) by gmr-mx.google.com with ESMTPS id 2adb3069b0e04-54d53f261e2si77674e87.9.2025.04.16.10.18.05 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 16 Apr 2025 10:18:05 -0700 (PDT) Received-SPF: pass (google.com: domain of fm-1328731-2025041617180438ed6a2c35a6b9d543-fn98l2@rts-flowmailer.siemens.com designates 185.136.64.225 as permitted sender) client-ip=185.136.64.225; Received: by mta-64-225.siemens.flowmailer.net with ESMTPSA id 2025041617180438ed6a2c35a6b9d543 for ; Wed, 16 Apr 2025 19:18:04 +0200 X-Patchwork-Original-From: "'Gokhan Cetin' via isar-users" From: Gokhan Cetin To: isar-users@googlegroups.com Cc: gokhan.cetin@siemens.com, jan.kiszka@siemens.com Subject: [PATCH v2 0/5] Structure module signing dependencies and providers Date: Wed, 16 Apr 2025 19:17:04 +0200 Message-Id: <20250416171709.742191-1-gokhan.cetin@siemens.com> MIME-Version: 1.0 X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-1328731:519-21489:flowmailer X-Original-Sender: gokhan.cetin@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm2 header.b=cyIX79zZ; spf=pass (google.com: domain of fm-1328731-2025041617180438ed6a2c35a6b9d543-fn98l2@rts-flowmailer.siemens.com designates 185.136.64.225 as permitted sender) smtp.mailfrom=fm-1328731-2025041617180438ed6a2c35a6b9d543-Fn98L2@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Gokhan Cetin Reply-To: Gokhan Cetin Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED, RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= As of now, in each kernel module, the same configuration block has to be specified repeatedly for each module in module recipes to specify build-time dependencies on recipes that provide the required build profile and the scripts and certificates used in kernel module signing. With these changes, it is possible to enable a recommended signature configuration for all module recipes without touching the modules, while it is still possible to customize the configuration when necessary. Gokhan Cetin (5): module-signer-example: define virtual package name as module-signer meta/recipes-kernel/linux-module: Define default paths for signing related variables meta-isar/recipes-secureboot/sb-mok-keys: define virtual package name meta/recipes-kernel/linux-module: add option to set default signing profile and dependencies doc/user_manual: describe module signer and certificate provider configuration doc/user_manual.md | 8 ++++++++ .../module-signer-example/module-signer-example.bb | 3 +++ .../recipes-secureboot/sb-mok-keys/sb-mok-keys.bb | 2 ++ meta/recipes-kernel/linux-module/module.inc | 13 ++++++++++--- 4 files changed, 23 insertions(+), 3 deletions(-)