From patchwork Tue Apr 15 12:22:03 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gokhan Cetin X-Patchwork-Id: 4176 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Tue, 15 Apr 2025 14:23:26 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-wm1-f59.google.com (mail-wm1-f59.google.com [209.85.128.59]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 53FCNQiX005001 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 15 Apr 2025 14:23:26 +0200 Received: by mail-wm1-f59.google.com with SMTP id 5b1f17b1804b1-43d5ca7c86asf32911835e9.0 for ; Tue, 15 Apr 2025 05:23:26 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1744719801; cv=pass; d=google.com; s=arc-20240605; b=EbjkKyxlFbu42jab8B7XwwjPWfuQJXLZcDXFSSnW+nLnNCziHfn44elV0OC6xvTqq9 a3a8wRTF3pfXZTuJ4AzXT9GBn/OBJgpiF13pAJXPiCaOSFhJ4TAnev8Ws9xYzjVjF5yH juFNZNcdx3k9Ci55yCq0JHC7xwG/8pgfr885ogquIlP4axhKOQAL6h62sF/c+y+OqQ4b +O9cQZYsBIy78nB9yTNRqRztFT5wu7r2R5jPQXgSV8KFAWgfbFaqRZJ5bj6KOFNVAOVy VHfVRytmBtYUHlasJ1uZnqVyoRmVHlxK3cDL5rKYMcgM2+npc0xQKBrAOnTCni/YbJpw u3rA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:feedback-id:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=CetH8bolSlsXdacg74qZaKjrs5SOEhaRNkzlTm8pj6U=; fh=OmoRQa1gwVM9e+8FL63xEUmve76THKblGPSZdbvRXTM=; b=ahWB2kBb8QMNdqpt/vDjRURf+IxlgX4hFhbDzGAsWnLZ1vqiyFB+T5MG2yES29m1Pu hhyT9Q+ArbEjRAeaIbcp9r5L1p3xQ17QDBMiWb/PlNK4Px2WclIdItltil/sRTbhSnlD ptVrVU1Tn6rlgouU28OMfZmuVlYCKBFzqJwXxQMIRfmOxNvJrrW5FyMF+rL+8xFPo1Ph 04C/D9Mm5oMxyzu/zDNLhVThgSJpYQPze6fg4jgFfpcFVn1jkT+zgypBQq6+h8vgoaLf 92ls/Ec7BMRKKyaFedBLYGiQyOUn4AmA9ATMVX4t2h8fiAx64HqJSxMe3gngLH9wALXv 01rw==; darn=isar-build.org ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm2 header.b=B+dkyvjn; spf=pass (google.com: domain of fm-1328731-202504151223181973aab57411b1caaa-v16v1t@rts-flowmailer.siemens.com designates 185.136.64.225 as permitted sender) smtp.mailfrom=fm-1328731-202504151223181973aab57411b1caaa-V16V1t@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1744719801; x=1745324601; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:feedback-id :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:from:to:cc:subject:date:message-id:reply-to; bh=CetH8bolSlsXdacg74qZaKjrs5SOEhaRNkzlTm8pj6U=; b=WdUPH3qXl5jDgEtcceZ8P5KidXAuhVrv8BDYYXdGT75lHT6ocwJHiJFX0Iizb3oFSK C2qhfCzhR/t+ozOsOR3hLb4RlGD/Nwt7F0RhGro9X4MBTfJc+H3xmSRZ5K5KVfV6fB+b Fshxvo1LntYRHs3zxJnbhOklgIi7QInvlQy4xx1T0EgrMHim1wETFmRReDdm4CJuuqlw Yr7QQDnv7ZrafL8rhK/QwV4OAwWmPV3WS2Vng5Gk9dA9Sdm/E8x8WSzU57SPYsyCgUH3 ZZrnRPouBcTgihNStN7sujJDQSveBZYPW1XauBWaMJIfUOJsKO9Pw0LrdKt7ZUEvMCyi kMxg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1744719801; x=1745324601; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:feedback-id :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:x-beenthere:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=CetH8bolSlsXdacg74qZaKjrs5SOEhaRNkzlTm8pj6U=; b=mV4je3O0xADtTfpciWOcgwHnPwRUETdH2xg3lt7aI8EzD2u7dm/kAuKYRjgaBtJ7w1 IMiJouWRHBjjymsvN5eWBXKWNbmIrXxmOcGu1wpziyfi/uOjsjkLXMYKeni6zdLqOdEo 3TXaGZFvZW1xe83inlxkLJGOYwtsZUWij6zdlUR8VSDVmruKpfO/RTFPQlXx8aHNl0IR Q0sUCUGiYFcHLuedKGOAA2myLu2XfcMmSGLxEuRAo//cTgXrZ21QUWLVFOk8EV7FMqAj VnkXPjNKYdijSzHtDyuf+GmGp7hiGQR67XyXYyO0y6a6m5O0c4hm+DHdI/45hE9PGol9 CYPg== X-Forwarded-Encrypted: i=2; AJvYcCWpAsRYCXDLYfrrJX1E27YqIrIbS7pyDUAozd4isnsihHQ/D24u5OS+qZOvgIpxiPX5Fr0uJRo=@isar-build.org X-Gm-Message-State: AOJu0Yz9sR3N3YfHd5VoSmuclpIq9qw5SHiiL0esTWb32FErT/I5tW5m wKTyPjgmbiYkGstKSd/pnpxSI6Gw/U/JvA+Dq2wvqY+2jrmv5nEu X-Google-Smtp-Source: AGHT+IFDiAFiPqtOFf8DjpGi5KNIrT1meKVwD6EXJ2wtQjtRp11KHJLqmMaJnfxJU8TtqJIghfC//A== X-Received: by 2002:a05:600c:4f8b:b0:43c:fbba:41ba with SMTP id 5b1f17b1804b1-43f3a9aee30mr104973795e9.28.1744719800645; Tue, 15 Apr 2025 05:23:20 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h=ARLLPAJAPF3chdCF5qh/9e8obMJHoJEcJ+Ki2rT36IH1glKY3A== Received: by 2002:a05:600c:1e11:b0:43c:ec03:5dc5 with SMTP id 5b1f17b1804b1-43f2c565713ls10005575e9.2.-pod-prod-01-eu; Tue, 15 Apr 2025 05:23:18 -0700 (PDT) X-Received: by 2002:a05:600c:5251:b0:43b:cc42:c54f with SMTP id 5b1f17b1804b1-43f3a93f77fmr129102875e9.14.1744719798522; Tue, 15 Apr 2025 05:23:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1744719798; cv=none; d=google.com; s=arc-20240605; b=H101ElY0eMgddZlhQRLJbKL4Srtl2L5qnSKAxyjQA84tlEQlE+pIiOZztM2K5v1dNC H9XSKJ4vA+Lb+DXM23xxNm3pSZ4sgdYrzXiEM/nHMUokUy5mRkR3VyxmECIwkvdM7MIZ ceZezMLsoyYieKaHCyWqeGJgFOCgL+W/LnpKkknWraxnOaiDi/MWgx77UK0A21/wP0Z+ nPJM63pTVp5hvodMwp1WwTb82F5jrcn90CKw1nLepEB9mDK32gQRo2Pmvr9oFijKeRRF CtgF/hjSMCUWgHf50nkRsOqTuHYFQkZEr8HT+c7Axl15n/ODJMWZ+m+fagjUMPDmUJEC DlpQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=feedback-id:content-transfer-encoding:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=nNgL1aNiqoLyRhrdsNb+fQRKSxKJo4dENX0ElcoSviw=; fh=KIkufVpSufRdX0kM67eXsuyWX/d3XYb6xMZvLts8gs4=; b=BVT+kLOwA1YlPmyydDHUdmYW4ys7WIn8jjeZloO764HKDeYQUch3FKIM4H6nXOlXL6 O4IZ3EL7ZV2zgvZ44R8gPsuKuFkWajneaeJhx2Cw2uIIYRAMuhwXG/BkuRKiOSVY4DLF gjCURug15CgLmMrx1yi3wj6q8Bxc0YSfAYoTJsO6dfjiu9606JaxrC+Wu694mbeQ01+w Ef5S6wAPQ4dsBm9YNtLE0fVBFv1uiBkR4hV9wr2zMSHFEjsiqPRjGyFo/YHCknYcG9Ub 7S+EBs0+VMNV2gFXJWfyV9C+h1IdZ25dwpabKTuobpKI+bBAdx0el/rBeQy1ZnHJHLGk 7o2g==; dara=google.com ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm2 header.b=B+dkyvjn; spf=pass (google.com: domain of fm-1328731-202504151223181973aab57411b1caaa-v16v1t@rts-flowmailer.siemens.com designates 185.136.64.225 as permitted sender) smtp.mailfrom=fm-1328731-202504151223181973aab57411b1caaa-V16V1t@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from mta-64-225.siemens.flowmailer.net (mta-64-225.siemens.flowmailer.net. [185.136.64.225]) by gmr-mx.google.com with ESMTPS id 5b1f17b1804b1-440518e2e81si223825e9.1.2025.04.15.05.23.18 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 15 Apr 2025 05:23:18 -0700 (PDT) Received-SPF: pass (google.com: domain of fm-1328731-202504151223181973aab57411b1caaa-v16v1t@rts-flowmailer.siemens.com designates 185.136.64.225 as permitted sender) client-ip=185.136.64.225; Received: by mta-64-225.siemens.flowmailer.net with ESMTPSA id 202504151223181973aab57411b1caaa for ; Tue, 15 Apr 2025 14:23:18 +0200 X-Patchwork-Original-From: "'Gokhan Cetin' via isar-users" From: Gokhan Cetin To: isar-users@googlegroups.com Cc: gokhan.cetin@siemens.com Subject: [PATCH 4/5] meta/recipes-kernel/linux-module: add option to set default signing profile and dependencies Date: Tue, 15 Apr 2025 14:22:03 +0200 Message-Id: <20250415122204.120360-5-gokhan.cetin@siemens.com> In-Reply-To: <20250415122204.120360-1-gokhan.cetin@siemens.com> References: <20250415122204.120360-1-gokhan.cetin@siemens.com> MIME-Version: 1.0 X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-1328731:519-21489:flowmailer X-Original-Sender: gokhan.cetin@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm2 header.b=B+dkyvjn; spf=pass (google.com: domain of fm-1328731-202504151223181973aab57411b1caaa-v16v1t@rts-flowmailer.siemens.com designates 185.136.64.225 as permitted sender) smtp.mailfrom=fm-1328731-202504151223181973aab57411b1caaa-V16V1t@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Gokhan Cetin Reply-To: Gokhan Cetin Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED, RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= Introduces single configuration variable (`SIGNATURE_ENABLED`) to set all predefined profile and dependencies need to be provided. By using this option, downstreams will be able to sign all kernel modules without appending any additional configuration into their module recipes. Signed-off-by: Gokhan Cetin --- meta/recipes-kernel/linux-module/module.inc | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/meta/recipes-kernel/linux-module/module.inc b/meta/recipes-kernel/linux-module/module.inc index 45d88d48..576a2cad 100644 --- a/meta/recipes-kernel/linux-module/module.inc +++ b/meta/recipes-kernel/linux-module/module.inc @@ -27,6 +27,12 @@ SIGNATURE_KEYFILE ??= "/usr/share/secure-boot-secrets/secure-boot.key" SIGNATURE_CERTFILE ??= "/usr/share/secure-boot-secrets/secure-boot.pem" SIGNATURE_HASHFN ??= "sha256" SIGNATURE_SIGNWITH ??= "/usr/bin/sign-module.sh" +SIGNATURE_ENABLED ??= "" + +# Define signing profile and dependencies if SIGNATURE_ENABLED is set to "1" +DEB_BUILD_PROFILES += "${@'pkg.signwith' if bb.utils.to_boolean(d.getVar('SIGNATURE_ENABLED')) else ''}" +DEPENDS += "${@'module-signer secure-boot-secrets' if bb.utils.to_boolean(d.getVar('SIGNATURE_ENABLED')) else ''}" +DEBIAN_BUILD_DEPENDS .= "${@', module-signer, secure-boot-secrets' if bb.utils.to_boolean(d.getVar('SIGNATURE_ENABLED')) else ''}" SRC_URI += "file://debian/"