| Message ID | 20250416171709.742191-5-gokhan.cetin@siemens.com |
|---|---|
| State | Accepted, archived |
| Headers | show
Return-Path: <isar-users+bncBDAZZLHW6AOBBX6M767QMGQEKHHAMXI@googlegroups.com>
Received: from shymkent.ilbers.de ([unix socket])
by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA;
Wed, 16 Apr 2025 19:18:31 +0200
X-Sieve: CMU Sieve 2.4
Received: from mail-lf1-f63.google.com (mail-lf1-f63.google.com
[209.85.167.63])
by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id
53GHIU72011429
(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT)
for <iupwgm@isar-build.org>; Wed, 16 Apr 2025 19:18:31 +0200
Received: by mail-lf1-f63.google.com with SMTP id
2adb3069b0e04-54c0a1ca4f7sf3579765e87.3
for <iupwgm@isar-build.org>; Wed, 16 Apr 2025 10:18:31 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1744823905; cv=pass;
d=google.com; s=arc-20240605;
b=Nyc72+dxOan1Gqowx0juuNDuFHfdECUPNKoCZt3zVIaMSelYwXegNVONTXYbREeifA
BfY/RW1E8s2AKz3UxxivMTzMXUDfC57+BUtF5xyxydpgtBhrpFGshPXhejj666iZiQ/l
W3R/y+Vqn0dcfIJVFEKhJ/TEbawfutPVW50aPD/2j39LVGs0NVmHCYsZ7W1tmUmKHzvd
EtosZQlyPN0iQg9HucgYzmhV+0augH4STiVyQEf69Yz+K3gNIc+fTb4LGD0/IVUkykuD
NIu9wcGfcu0tEyY+0Dixhwts4GkknkmapUVP97+i9cjWylktAjc4HksJe0hHhg6RX4gw
emOg==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20240605;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:reply-to:feedback-id:mime-version
:references:in-reply-to:message-id:date:subject:cc:to:from
:dkim-signature;
bh=ZoeuBYM/yFYr6Qfefff0FDaH1VBBGzpVXnHF8Mxp3Gw=;
fh=k51n7RcFy8WcvdnHa+mZiEsDSBg680uAD3hQuzqrRto=;
b=B7tgdYw6PparJSDuOi7J1aXpiPE2kZyfKsxltTDTLEqBbUtmULtHEFyw1TuE2IqTFR
CejjGs/WF8qDwkDdLcBINNPPC1qyQIVdI+4l9dFB4ofnpgM8X+SuSiGOs3ej8H5mjhNK
BzQtOHe8awGjg7+vT1Qx0z7Ca8mFpVqz4bMl4IWwx4YxEUmRUFudmWuS5qN2gLXuV34M
lSwr0nGxf2IPjj+ByhXKWnYzhPbZnPVMBKP8LjMTVHMayzurj4qKrtz2Smk2oP5y+sA5
o5aRr4cVrX1pd7vCHFZTivGvgwuLTVQPg1OqK8Dd7ezD/Wq2JkWs4IUqqudE2Z55647A
jK5A==;
darn=isar-build.org
ARC-Authentication-Results: i=2; gmr-mx.google.com;
dkim=pass header.i=@siemens.com header.s=fm2 header.b=OEUz5DMS;
spf=pass (google.com: domain of
fm-1328731-20250416171818f71083f1e27b52dfb5-5akl8l@rts-flowmailer.siemens.com
designates 185.136.64.225 as permitted sender)
smtp.mailfrom=fm-1328731-20250416171818f71083f1e27b52dfb5-5Akl8l@rts-flowmailer.siemens.com;
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=googlegroups.com; s=20230601; t=1744823905; x=1745428705;
darn=isar-build.org;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:reply-to
:x-original-authentication-results:x-original-sender:feedback-id
:mime-version:references:in-reply-to:message-id:date:subject:cc:to
:from:from:to:cc:subject:date:message-id:reply-to;
bh=ZoeuBYM/yFYr6Qfefff0FDaH1VBBGzpVXnHF8Mxp3Gw=;
b=v7WkumhJ++2WlTSZ9e1kR+dcbTbC06oFu4WNsBQixpSNxIBLgDVP8WY7oRk93qftAk
0qGbYkOYTs+CvDtprEdBYWOO5FjL+qg4pFfFJlLHid7LwbRFrOyPU+Q8Uw9JwbFRbc2R
VHr7uMNSr2b8T40qmv0rJq2pFNOs9vyRju4oHoQJ+3ZwBx9sFS10V/mDgYyAURz5gh1B
N1Xs5nQKvhEbfqGdHMaUITDuQKrjbmqI9xqq00957EX+dyT6Kin7S+VctSohJueQ2qc0
L88NmClm/ItClgpDCUxm1vNkQU7u+4ZZbMdyYS9BiIiIJ+uM3bHVtpFyxgOLDEWu3xm7
YmYQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1744823905; x=1745428705;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to
:x-original-authentication-results:x-original-sender:feedback-id
:mime-version:references:in-reply-to:message-id:date:subject:cc:to
:from:x-beenthere:x-gm-message-state:from:to:cc:subject:date
:message-id:reply-to;
bh=ZoeuBYM/yFYr6Qfefff0FDaH1VBBGzpVXnHF8Mxp3Gw=;
b=i0IWZ0CpuOlBauEU3805mlN/tut0RqkQilC1S7YMnuje6+PvcF73sr7JztQ5UnW3C5
61iudeTHpM5e90GnekP6BYvvHvooRzW14pVGRSzK9/QrKH5C+7yfqXXOTuLd1xFzUObG
biqHwJsAryiXIygwA7PyLIzy0GqCnybNBf8k5FV9PwutWkZxjQ259OmAiBMFjnNh+gLl
UDfcnakiqUtYb6Gx4vAtxGnKkpMbv8Wnb8GYPMzVmopWdhjM/0bz7dhH5G++qVRp2O8E
XZkOqj0cQ7PRZcfSVFa5dP/JCeOHFHb2IhJkQuH7VkD5lPoZkOS1JqFdqmrICTxM/udr
6pJA==
X-Forwarded-Encrypted: i=2;
AJvYcCVukhmalEnpC8wMIvWJp0E6rD8CaJOTRjK2nXff7kXZAd/woPVA9rtJprPVwfGvPrvOewnY4sA=@isar-build.org
X-Gm-Message-State: AOJu0YzeA2Jrc/zwvNoVd4QJJ8NyldA8j7IAMdbAPSkzRfIQVxEn6iDF
3Z9RDW/OouRgJi8IAT2VYqYEVO2PGsvmGEBd+5DR0hESOJGSJFUc
X-Google-Smtp-Source:
AGHT+IGZjGpDko9qERBC27kMyZRgr79ZqjpJun+Zqnivy3DxZyYwLrFCGFe4ACvhQi6QdEkLZn2M+A==
X-Received: by 2002:a05:6512:3f03:b0:54c:a49:d3ee with SMTP id
2adb3069b0e04-54d64a7a4e3mr1040558e87.3.1744823903860;
Wed, 16 Apr 2025 10:18:23 -0700 (PDT)
X-BeenThere: isar-users@googlegroups.com;
h=ARLLPAJ9JUfbqZokfTqoxbNoYzgH/XJm07uYqIl7mPX544drUA==
Received: by 2002:a19:ca0b:0:b0:549:9b17:deaf with SMTP id
2adb3069b0e04-54d68bc611dls19240e87.0.-pod-prod-02-eu;
Wed, 16 Apr 2025 10:18:19 -0700 (PDT)
X-Received: by 2002:a05:6512:158f:b0:545:576:cbca with SMTP id
2adb3069b0e04-54d64a7abc3mr980565e87.8.1744823899319;
Wed, 16 Apr 2025 10:18:19 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1744823899; cv=none;
d=google.com; s=arc-20240605;
b=JfcYZc0YN9E+tUqkokVD95utk/ZBIcxpK+ayicDHdOQpF4m2TkY2dGdqG/8OaULN5R
AtPTkUwjLegveQpoJ15XwWDfu24TTjKKIjObsb1VHRY2hFRhylOJvNDuWS5TVX61kX1J
Yv8VY6vXwh/pFU5adVbd+RL2VZCOR8AaGsbnd0lZriopFK8rk7LnL8xSuIXZGYtK1leM
SKSVdNTPTWgvAtnF7lRqtCM87a5beUiSmmuR+Slc890JwDEIUQLQN9YQZ3qCmqUfFQlV
Iuhz9ayVEa0JvXymR9tkclbFotQeFmOGSc9cOZ9iwrekl7NjooTiXSr4XwsIaj8vYngu
TB9Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20240605;
h=feedback-id:content-transfer-encoding:mime-version:references
:in-reply-to:message-id:date:subject:cc:to:from:dkim-signature;
bh=M/iSOQM6rtGVleG0mHybbWpk1BUAClnsRc1LwnKKYy4=;
fh=7H56SyJ75bwGZUIqRCOBd3K5XpBD2YtSSm9HZ9E1Jq8=;
b=UvOtNlWEV3AhjwVNVfXHckDK8CPR66SmoJK7XtF6gwjdIyYxS009YWewZcMQS0Zcqn
6jj1aGUMLxNyJTvwqwtIgiZuuZ/Ah0Inwly2PhEGnbaAaTD1R8XO7TuJouHGGQd0Hbfu
9RzMxuSVTTrEBif12qejOTbzIhKAfDQnQI/SeKAHXGfTSdASaGO1bY3vwXTHlUpXZAtA
DCm0SOltO/oj1Sf4tJAzs7IHzZBr1Wbw+KjKn/ut6PTOdY2CnLof23R0Pw+COzmqOFI8
tsTNUizx2XJLGtVWWQWe5TkziDt+VxgVZ4l5a5dLrRjpUgeKvHFjCzK6Vyu7o8J7ogTf
btow==;
dara=google.com
ARC-Authentication-Results: i=1; gmr-mx.google.com;
dkim=pass header.i=@siemens.com header.s=fm2 header.b=OEUz5DMS;
spf=pass (google.com: domain of
fm-1328731-20250416171818f71083f1e27b52dfb5-5akl8l@rts-flowmailer.siemens.com
designates 185.136.64.225 as permitted sender)
smtp.mailfrom=fm-1328731-20250416171818f71083f1e27b52dfb5-5Akl8l@rts-flowmailer.siemens.com;
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com
Received: from mta-64-225.siemens.flowmailer.net
(mta-64-225.siemens.flowmailer.net. [185.136.64.225])
by gmr-mx.google.com with ESMTPS id
38308e7fff4ca-30f464c97e3si1117871fa.1.2025.04.16.10.18.19
for <isar-users@googlegroups.com>
(version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
Wed, 16 Apr 2025 10:18:19 -0700 (PDT)
Received-SPF: pass (google.com: domain of
fm-1328731-20250416171818f71083f1e27b52dfb5-5akl8l@rts-flowmailer.siemens.com
designates 185.136.64.225 as permitted sender) client-ip=185.136.64.225;
Received: by mta-64-225.siemens.flowmailer.net with ESMTPSA id
20250416171818f71083f1e27b52dfb5
for <isar-users@googlegroups.com>;
Wed, 16 Apr 2025 19:18:18 +0200
From: "'Gokhan Cetin' via isar-users" <isar-users@googlegroups.com>
To: isar-users@googlegroups.com
Cc: gokhan.cetin@siemens.com, jan.kiszka@siemens.com
Subject: [PATCH v2 4/5] meta/recipes-kernel/linux-module: add option to set
default signing profile and dependencies
Date: Wed, 16 Apr 2025 19:17:08 +0200
Message-Id: <20250416171709.742191-5-gokhan.cetin@siemens.com>
In-Reply-To: <20250416171709.742191-1-gokhan.cetin@siemens.com>
References: <20250416171709.742191-1-gokhan.cetin@siemens.com>
MIME-Version: 1.0
X-Flowmailer-Platform: Siemens
Feedback-ID: 519:519-1328731:519-21489:flowmailer
X-Original-Sender: gokhan.cetin@siemens.com
X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass
header.i=@siemens.com header.s=fm2 header.b=OEUz5DMS; spf=pass
(google.com: domain of
fm-1328731-20250416171818f71083f1e27b52dfb5-5akl8l@rts-flowmailer.siemens.com
designates 185.136.64.225 as permitted sender)
smtp.mailfrom=fm-1328731-20250416171818f71083f1e27b52dfb5-5Akl8l@rts-flowmailer.siemens.com;
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com
X-Original-From: Gokhan Cetin <gokhan.cetin@siemens.com>
Reply-To: Gokhan Cetin <gokhan.cetin@siemens.com>
Content-Type: text/plain; charset="UTF-8"
Precedence: list
Mailing-list: list isar-users@googlegroups.com;
contact isar-users+owners@googlegroups.com
List-ID: <isar-users.googlegroups.com>
X-Spam-Checked-In-Group: isar-users@googlegroups.com
X-Google-Group-Id: 914930254986
List-Post: <https://groups.google.com/group/isar-users/post>,
<mailto:isar-users@googlegroups.com>
List-Help: <https://groups.google.com/support/>,
<mailto:isar-users+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/isar-users
List-Subscribe: <https://groups.google.com/group/isar-users/subscribe>,
<mailto:isar-users+subscribe@googlegroups.com>
List-Unsubscribe:
<mailto:googlegroups-manage+914930254986+unsubscribe@googlegroups.com>,
<https://groups.google.com/group/isar-users/subscribe>
X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED,
DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI,
RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED,
RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable
autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
|
| Series |
Structure module signing dependencies and providers
|
expand
|
diff --git a/meta/recipes-kernel/linux-module/module.inc b/meta/recipes-kernel/linux-module/module.inc index 45d88d48..8fe5eed4 100644 --- a/meta/recipes-kernel/linux-module/module.inc +++ b/meta/recipes-kernel/linux-module/module.inc @@ -28,6 +28,13 @@ SIGNATURE_CERTFILE ??= "/usr/share/secure-boot-secrets/secure-boot.pem" SIGNATURE_HASHFN ??= "sha256" SIGNATURE_SIGNWITH ??= "/usr/bin/sign-module.sh" +KERNEL_MODULE_SIGNATURES ??= "" + +# Define signing profile and dependencies if KERNEL_MODULE_SIGNATURES is set to "1" +DEB_BUILD_PROFILES += "${@'pkg.signwith' if bb.utils.to_boolean(d.getVar('KERNEL_MODULE_SIGNATURES')) else ''}" +DEPENDS += "${@'module-signer secure-boot-secrets' if bb.utils.to_boolean(d.getVar('KERNEL_MODULE_SIGNATURES')) else ''}" +DEBIAN_BUILD_DEPENDS .= "${@', module-signer, secure-boot-secrets' if bb.utils.to_boolean(d.getVar('KERNEL_MODULE_SIGNATURES')) else ''}" + SRC_URI += "file://debian/" AUTOLOAD ?= ""
Introduces single control variable (`KERNEL_MODULE_SIGNATURES`) to set all predefined build profile and dependencies need to be configured for kernel module signing. By using this option, downstreams will be able to enable build-wide signing of kernel modules which include module.inc without appending any additional configuration into their module recipes. Signed-off-by: Gokhan Cetin <gokhan.cetin@siemens.com> --- meta/recipes-kernel/linux-module/module.inc | 7 +++++++ 1 file changed, 7 insertions(+)