| Message ID | 20250415122204.120360-6-gokhan.cetin@siemens.com |
|---|---|
| State | New |
| Headers | show |
| Series | Structure module signing dependencies and providers | expand |
On 15.04.25 14:22, 'Gokhan Cetin' via isar-users wrote: > Mentions how `SIGNATURE_ENABLED` can be used and how to manage the dependencies. > > Signed-off-by: Gokhan Cetin <gokhan.cetin@siemens.com> > --- > doc/user_manual.md | 8 ++++++++ > 1 file changed, 8 insertions(+) > > diff --git a/doc/user_manual.md b/doc/user_manual.md > index d8e5c33e..50d98f85 100644 > --- a/doc/user_manual.md > +++ b/doc/user_manual.md > @@ -1162,9 +1162,17 @@ To provide a signer script that implements your custom signing solution, `SIGNAT > can be set for the script path within the module recipe together with `SIGNATURE_CERTFILE` to define the public > certificate path of the signer. > > +In order to easily choose between different signing solutions, signer recipes should provide the `module-signer` ...target and package > +and certificate provider recipes should provide the `secure-boot-secrets` as virtual package to meet build dependencies. > +This way, desired signers and certificates can be configured using `PREFERRED_PROVIDER`. > + > Please see how `module-signer-example` hook generates a detached signature for the kernel module implemented in > `example-module-signedwith` recipe. > > +In order not to cause repetitive changes in kernel module recipes, I think this argument need not be in the user manual. It's enough to state that there is variable to enable signing (per recipe or globally, see patch 4). > +if `SIGNATURE_ENABLED = "1"`, `pkg.signwith` build profile is added by default in addition to > +`module-signer` and `secure-boot-secrets` package dependencies to the kernel module recipes. > + > ### Cross Support for Imagers > > If `ISAR_CROSS_COMPILE = "1"`, the imager and optional compression tasks Jan
diff --git a/doc/user_manual.md b/doc/user_manual.md index d8e5c33e..50d98f85 100644 --- a/doc/user_manual.md +++ b/doc/user_manual.md @@ -1162,9 +1162,17 @@ To provide a signer script that implements your custom signing solution, `SIGNAT can be set for the script path within the module recipe together with `SIGNATURE_CERTFILE` to define the public certificate path of the signer. +In order to easily choose between different signing solutions, signer recipes should provide the `module-signer` +and certificate provider recipes should provide the `secure-boot-secrets` as virtual package to meet build dependencies. +This way, desired signers and certificates can be configured using `PREFERRED_PROVIDER`. + Please see how `module-signer-example` hook generates a detached signature for the kernel module implemented in `example-module-signedwith` recipe. +In order not to cause repetitive changes in kernel module recipes, +if `SIGNATURE_ENABLED = "1"`, `pkg.signwith` build profile is added by default in addition to +`module-signer` and `secure-boot-secrets` package dependencies to the kernel module recipes. + ### Cross Support for Imagers If `ISAR_CROSS_COMPILE = "1"`, the imager and optional compression tasks
Mentions how `SIGNATURE_ENABLED` can be used and how to manage the dependencies. Signed-off-by: Gokhan Cetin <gokhan.cetin@siemens.com> --- doc/user_manual.md | 8 ++++++++ 1 file changed, 8 insertions(+)