From patchwork Tue Apr 15 12:22:04 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Gokhan Cetin <gokhan.cetin@siemens.com>
X-Patchwork-Id: 4178
Return-Path: <isar-users+bncBDAZZLHW6AOBBOM77G7QMGQEIKWMMCQ@googlegroups.com>
Received: from shymkent.ilbers.de ([unix socket])
	 by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA;
	 Tue, 15 Apr 2025 14:23:28 +0200
X-Sieve: CMU Sieve 2.4
Received: from mail-wm1-f60.google.com (mail-wm1-f60.google.com
 [209.85.128.60])
	by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id
 53FCNSSD005082
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT)
	for <iupwgm@isar-build.org>; Tue, 15 Apr 2025 14:23:28 +0200
Received: by mail-wm1-f60.google.com with SMTP id
 5b1f17b1804b1-43cf446681csf35571025e9.1
        for <iupwgm@isar-build.org>; Tue, 15 Apr 2025 05:23:28 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1744719803; cv=pass;
        d=google.com; s=arc-20240605;
        b=FTMmRGm/pXzNmY4Yn7YQjSOpyKwmDcl9+boV9QUGcAfL8YGZgbz1LKNPb0clbZeltJ
         vbp1TVK4fz8iQXf4qxDdE3GllJj27imbaItACgVTP/uGTN2EJ9eCA/szYKo1G+ow+1SA
         05/y1c1OC7+8ZppTa4Si4yMwuyohgqWIfK39Y3QjWOO9yh8avYNJXDNTU9E+55IxPAEY
         EU4Mw3JtmiSQHnrA94usZTJ6YQpm9KLyaAk74mYNCv5qk9IPYzMdmDdajkt24ILsmWn9
         3CDsZRrmc2XrFJaYgBkmiG4qgGfCzTpRGo7s1DLomT5RKkWOZSpSYNExI9QpE7LsOZ2G
         jdbw==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20240605;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:reply-to:feedback-id:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=w4mHSdsXeRuXq+Ptsn4q83iDEuxta+u+UkRYj0Q35u8=;
        fh=YEhlSvxsqfGGrYaGNJMnPvhI75gFyIq7OzDZ8gAIv7Y=;
        b=c9ljkg3XpKFWNrysa3iwc625FNLmTJikE69BeUDjiM4PwIPstJBR0u9OoY7g5c06ce
         mz5w8p24rcsZe1edhsnKfWvmN3UxMsbWJsbUBnAcG7GJDwJWQ8Yduz2Q1luxcWdCkL/u
         Etg9FvpjOZtzWaH0VrXl+9hGcIKVlw3Nj074CxK7iBFGA5wlT6tuc5t0Iw3/k4zgIx+r
         jz00p4jmJqyL6SdgF9jWectfB4HgKWdRb2vlSagSu8UU0g30mgNt+0fbBG2em5siiUWF
         rY6kTRL1Nov2tA4A5Y/8TmlTof6pmQgOiVx8BqHpGadWKK/zfslwkOBD88uT0hcJWGNL
         F9qA==;
        darn=isar-build.org
ARC-Authentication-Results: i=2; gmr-mx.google.com;
       dkim=pass header.i=@siemens.com header.s=fm2 header.b="WFF9c+r/";
       spf=pass (google.com: domain of
 fm-1328731-2025041512231974e2bf5a434edf53e2-jde9xa@rts-flowmailer.siemens.com
 designates 185.136.64.225 as permitted sender)
 smtp.mailfrom=fm-1328731-2025041512231974e2bf5a434edf53e2-jDE9XA@rts-flowmailer.siemens.com;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlegroups.com; s=20230601; t=1744719803; x=1745324603;
 darn=isar-build.org;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:reply-to
         :x-original-authentication-results:x-original-sender:feedback-id
         :mime-version:references:in-reply-to:message-id:date:subject:cc:to
         :from:from:to:cc:subject:date:message-id:reply-to;
        bh=w4mHSdsXeRuXq+Ptsn4q83iDEuxta+u+UkRYj0Q35u8=;
        b=VZ2c57gxzTtG65vKOskGJkHi8/i5TKSfQlXPIQWH8r5G7+0n9D6PIbYBo3TgLs74HJ
         HQ8Dml9wyYVXnU8yGR6c2+dTiwveeDJqFM3IUBl7v+21ryCGHSj8QVrIWHtMS0iGhyUp
         jW+GbGdYxCuMRCg8krYg2iQDFOpjlHiiqvGaNakuKD7wXo4jcMHlElQCK7zVfWFbP2bM
         EFEqCoUuFcBuzQbHxlUi+f5xNolLH8J2QialZSuqS7fGwmgJX9QErGcCCFzMzVU5bxEB
         bByWXcOhKRMJxEh6srXbZFOs3ItizgA4VsgflSXghQE0RDesKI/yWuRWpHp7Aic2bWSu
         kp9A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1744719803; x=1745324603;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to
         :x-original-authentication-results:x-original-sender:feedback-id
         :mime-version:references:in-reply-to:message-id:date:subject:cc:to
         :from:x-beenthere:x-gm-message-state:from:to:cc:subject:date
         :message-id:reply-to;
        bh=w4mHSdsXeRuXq+Ptsn4q83iDEuxta+u+UkRYj0Q35u8=;
        b=OQjllIIfXK6BG8gLmwbcij3n8MB7lbhlyMWo8AZMQrw0ZGxFQLGPbEo3gKsoweb5iK
         Wh9cmzUSB8Ay0HsYtCIftyoeQ8qZtBII3hbbEUeKDpDkhhmqjaB1yGm9sMLZd8CQqvWv
         xpVXGxP2IBK5oUYXRkR0DzN70U3095CoxCPJRMH5nVLfj98sP6TniNcEgjEmfTbwp6PW
         L8wWutPHa12SOnGCIX+4UMpvFFbiDCtKHLDwPDTXnDTkbfiFPTdstoE6HGTLs23JIKL8
         p4EkhEkod/mOYpImoXkf7+wjm8lnnbGYXRYGEGEvWHdOyQrgJIpbdV+miASvsWgmki8i
         Pz3A==
X-Forwarded-Encrypted: i=2;
 AJvYcCXMWC071gErqWKDzYUbgEzwguuuZ9YGL3tA7vEH33sypZJsrvkE4VrZ80ES75C0zqxeRjmluIg=@isar-build.org
X-Gm-Message-State: AOJu0YzhXiwzyIP9E6AXmGIwa/aUAMscQnrAQH7Z1h+dOObjX5V91urK
	QMrVOZhtSWNfcZHxtiwC+ZX5TS6vaunriykcJxo/PLbJsqCFAAPo
X-Google-Smtp-Source: 
 AGHT+IEMXWvUhpdZdEmSXl87Lm4YEG6f0Jjm5Pdb3kbIleB48rr9+WITwgTYsoTKBbElJznIpoksmw==
X-Received: by 2002:a05:600c:a04:b0:43d:ed:acd5 with SMTP id
 5b1f17b1804b1-43f3a93d4a8mr167328085e9.10.1744719802323;
        Tue, 15 Apr 2025 05:23:22 -0700 (PDT)
X-BeenThere: isar-users@googlegroups.com;
 h=ARLLPAIlXz4TyxGTLgwWNifjoY+yirewKL0X8KkDXo73f2JK9A==
Received: by 2002:a05:600c:1f95:b0:43c:f19c:87b2 with SMTP id
 5b1f17b1804b1-43f2c26723als21380035e9.0.-pod-prod-08-eu; Tue, 15 Apr 2025
 05:23:20 -0700 (PDT)
X-Received: by 2002:a05:600c:a009:b0:43c:fc04:6d34 with SMTP id
 5b1f17b1804b1-43f3a9aad13mr121535145e9.20.1744719799872;
        Tue, 15 Apr 2025 05:23:19 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1744719799; cv=none;
        d=google.com; s=arc-20240605;
        b=bV0NbGDNuISlOfaoW5SgT+1FRy/HAh712kp7LLKfsXL42CqMH1djXRdHrSnOy2y5wp
         xMWSs+uFZsEaZo3E+CfeCCc+n+3u/UutrWsw7pJLSEFn/75p5/UvGvx5ZZNQVPqEjMRN
         ORdloFo3mWLoaNZydhasGL6ewaBwY3d3eiN51q3qPGocRdqZ1GNdo9r3/14Fa/wMOELQ
         z+FS/z/YsqmnpsBF/BZnb62Khct5/jlotQQrydE83YT5u093M9GZca7bJ3nCUKRodDfI
         33ahJQIn8Mbkp0JHzLZ0NX3lHhbDMn07Eaf/1kmZbiVSbEpWlQRXG8hm+z9qK9eaAazY
         j48Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20240605;
        h=feedback-id:content-transfer-encoding:mime-version:references
         :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature;
        bh=oSiILfT0fe4m9woSqxxHdN07FFdJIbQUb5ovJQhrsUg=;
        fh=KIkufVpSufRdX0kM67eXsuyWX/d3XYb6xMZvLts8gs4=;
        b=Q/0W252EgE77h/rm8MDXvD/5Kbp8E4AR4h24Ykt40cbrVFyPGB+u6uR8kZR7PU349M
         0pcs6dq5zbc5uJGnG6bk61hBJ4O52JdgqXQ9H9aGZKHOYnCy19GEcWI6pSTLTqXYMSlE
         zHjzqSf0PfqUj+c9e9lwXjxmns5IN8Zxm6CSmuJsg0W57QxUG652kzk52t6ndLc6KB/c
         09A9o3IBu5sa20DjriSObPKX/H2WqUqRdHkg9Zz9Y7sUWTJghlDGJJeetNqo2AMhjQmO
         NS1sh3hVab4NG5W9PwsXyMD6ZE6VB7AKxIi6nXD7P0MEJcsxPttlIalSuwDDTk5ZekYl
         qb+A==;
        dara=google.com
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       dkim=pass header.i=@siemens.com header.s=fm2 header.b="WFF9c+r/";
       spf=pass (google.com: domain of
 fm-1328731-2025041512231974e2bf5a434edf53e2-jde9xa@rts-flowmailer.siemens.com
 designates 185.136.64.225 as permitted sender)
 smtp.mailfrom=fm-1328731-2025041512231974e2bf5a434edf53e2-jDE9XA@rts-flowmailer.siemens.com;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com
Received: from mta-64-225.siemens.flowmailer.net
 (mta-64-225.siemens.flowmailer.net. [185.136.64.225])
        by gmr-mx.google.com with ESMTPS id
 5b1f17b1804b1-440518e2e81si223825e9.1.2025.04.15.05.23.19
        for <isar-users@googlegroups.com>
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Tue, 15 Apr 2025 05:23:19 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 fm-1328731-2025041512231974e2bf5a434edf53e2-jde9xa@rts-flowmailer.siemens.com
 designates 185.136.64.225 as permitted sender) client-ip=185.136.64.225;
Received: by mta-64-225.siemens.flowmailer.net with ESMTPSA id
 2025041512231974e2bf5a434edf53e2
        for <isar-users@googlegroups.com>;
        Tue, 15 Apr 2025 14:23:19 +0200
X-Patchwork-Original-From: "'Gokhan Cetin' via isar-users"
 <isar-users@googlegroups.com>
From: Gokhan Cetin <gokhan.cetin@siemens.com>
To: isar-users@googlegroups.com
Cc: gokhan.cetin@siemens.com
Subject: [PATCH 5/5] doc/user_manual: describe module signer and certificate
 provider configuration
Date: Tue, 15 Apr 2025 14:22:04 +0200
Message-Id: <20250415122204.120360-6-gokhan.cetin@siemens.com>
In-Reply-To: <20250415122204.120360-1-gokhan.cetin@siemens.com>
References: <20250415122204.120360-1-gokhan.cetin@siemens.com>
MIME-Version: 1.0
X-Flowmailer-Platform: Siemens
Feedback-ID: 519:519-1328731:519-21489:flowmailer
X-Original-Sender: gokhan.cetin@siemens.com
X-Original-Authentication-Results: gmr-mx.google.com;       dkim=pass
 header.i=@siemens.com header.s=fm2 header.b="WFF9c+r/";       spf=pass
 (google.com: domain of
 fm-1328731-2025041512231974e2bf5a434edf53e2-jde9xa@rts-flowmailer.siemens.com
 designates 185.136.64.225 as permitted sender)
 smtp.mailfrom=fm-1328731-2025041512231974e2bf5a434edf53e2-jDE9XA@rts-flowmailer.siemens.com;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com
X-Original-From: Gokhan Cetin <gokhan.cetin@siemens.com>
Reply-To: Gokhan Cetin <gokhan.cetin@siemens.com>
Precedence: list
Mailing-list: list isar-users@googlegroups.com;
 contact isar-users+owners@googlegroups.com
List-ID: <isar-users.googlegroups.com>
X-Spam-Checked-In-Group: isar-users@googlegroups.com
X-Google-Group-Id: 914930254986
List-Post: <https://groups.google.com/group/isar-users/post>,
 <mailto:isar-users@googlegroups.com>
List-Help: <https://groups.google.com/support/>,
 <mailto:isar-users+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/isar-users
List-Subscribe: <https://groups.google.com/group/isar-users/subscribe>,
 <mailto:isar-users+subscribe@googlegroups.com>
List-Unsubscribe: 
 <mailto:googlegroups-manage+914930254986+unsubscribe@googlegroups.com>,
 <https://groups.google.com/group/isar-users/subscribe>
X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI,
	RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED,
	RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable
	autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=

Mentions how `SIGNATURE_ENABLED` can be used and how to manage the dependencies.

Signed-off-by: Gokhan Cetin <gokhan.cetin@siemens.com>
---
 doc/user_manual.md | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/doc/user_manual.md b/doc/user_manual.md
index d8e5c33e..50d98f85 100644
--- a/doc/user_manual.md
+++ b/doc/user_manual.md
@@ -1162,9 +1162,17 @@ To provide a signer script that implements your custom signing solution, `SIGNAT
 can be set for the script path within the module recipe together with `SIGNATURE_CERTFILE` to define the public
 certificate path of the signer.
 
+In order to easily choose between different signing solutions, signer recipes should provide the `module-signer`
+and certificate provider recipes should provide the `secure-boot-secrets` as virtual package to meet build dependencies.
+This way, desired signers and certificates can be configured using `PREFERRED_PROVIDER`.
+
 Please see how `module-signer-example` hook generates a detached signature for the kernel module implemented in
 `example-module-signedwith` recipe.
 
+In order not to cause repetitive changes in kernel module recipes, 
+if `SIGNATURE_ENABLED = "1"`, `pkg.signwith` build profile is added by default in addition to
+`module-signer` and `secure-boot-secrets` package dependencies to the kernel module recipes.
+
 ### Cross Support for Imagers
 
 If `ISAR_CROSS_COMPILE = "1"`, the imager and optional compression tasks