| Message ID | 20250416171709.742191-6-gokhan.cetin@siemens.com |
|---|---|
| State | New |
| Headers | show
Return-Path: <isar-users+bncBDAZZLHW6AOBBXOM767QMGQEQAWN3OI@googlegroups.com>
Received: from shymkent.ilbers.de ([unix socket])
by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA;
Wed, 16 Apr 2025 19:18:31 +0200
X-Sieve: CMU Sieve 2.4
Received: from mail-lj1-f186.google.com (mail-lj1-f186.google.com
[209.85.208.186])
by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id
53GHIUwD011422
(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT)
for <iupwgm@isar-build.org>; Wed, 16 Apr 2025 19:18:30 +0200
Received: by mail-lj1-f186.google.com with SMTP id
38308e7fff4ca-310855daf77sf467761fa.3
for <iupwgm@isar-build.org>; Wed, 16 Apr 2025 10:18:30 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1744823904; cv=pass;
d=google.com; s=arc-20240605;
b=Vt+F2pKDiSO8e3niEqBk7n3DOGnhflleRCq4uXR3CBjb9zlaALou/Iv4SlznqS/fQT
v4dmSmvhgkdr5DuO8Evwoo98fuOBbphX+LKW7CPTmLPaAvZeYiUUoNyog3Agn3PsQaxH
evs8SSV+ngSBt17iBvONgpbtmvf15bbsu3haJeFV65Wdi/q+/itxJhR/KLh1BCAEDBVH
V/mF/VbbVzGyyvYCjGnBD34nBWcAIR/p2onYi3bR01MMxV/pQRqiTCwTBiEfMmbv2UsY
UoySME68JnfZ/CymrHPcPMLwysRBbWeCzCCbBH+MP8XjikTYNxuaGz96GNXu0fP4kFsT
XakA==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20240605;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:reply-to:feedback-id:mime-version
:references:in-reply-to:message-id:date:subject:cc:to:from
:dkim-signature;
bh=AGSrXGmlyhi/LqPKYH/RRQ6uwkRavFpFdOUV+eooX3Y=;
fh=P4HiDGBYYN46TZvthlgBjLOaSNz7XBMDdzl3nJ4MBs0=;
b=dtLl1q1qSjE7c0lcayUgvbmfz8n/yk2I3OSpwQrVhdj0rqPaiQgXpP4++VekH1AM3n
M97SFMTzSqxHfjveLDz7OXrJzmI3G6OknBLY16ziKt1dT7UAZtz2sSe+5OphkXuweFQT
CNjF7aMXMVvulAyT6eMWkVhxODtTnpvb84YBWFshdb1Fb9SVhLLHJPmkrH+Hol+/AjTh
HOpIIq1c2Eba3caYSIMYlLDpgD8Ktf8u3ZbJrIMDmErK8yImWCDB+hZp8fE+5DwOXK3O
vvIygmM53PgEm3YRlq24T0vn5Uayblt0zZ/Xq/DEx2oHb3KeDzZkqTTWAcSf3yEMkCVl
OjCg==;
darn=isar-build.org
ARC-Authentication-Results: i=2; gmr-mx.google.com;
dkim=pass header.i=@siemens.com header.s=fm2 header.b=YBJO5kRF;
spf=pass (google.com: domain of
fm-1328731-20250416171819762400a43abce5bbdc-2srwtn@rts-flowmailer.siemens.com
designates 185.136.64.225 as permitted sender)
smtp.mailfrom=fm-1328731-20250416171819762400a43abce5bbdc-2SRwtn@rts-flowmailer.siemens.com;
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=googlegroups.com; s=20230601; t=1744823904; x=1745428704;
darn=isar-build.org;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:reply-to
:x-original-authentication-results:x-original-sender:feedback-id
:mime-version:references:in-reply-to:message-id:date:subject:cc:to
:from:from:to:cc:subject:date:message-id:reply-to;
bh=AGSrXGmlyhi/LqPKYH/RRQ6uwkRavFpFdOUV+eooX3Y=;
b=ETmPELYA8LyVsxZAbGYQSR29Da7nIDr1wg+55ZhUR3j3zXWazXkD2uVrwr+e2p+loz
MGD48pgXc8GVmtwnnbfT131FW1fEkjRTXFh3HXo2tFEm9dZdTMt6eD8TlxXb06mZWTPS
U0P3idXk90mPXsbLs9ICny8RGack12+vUyNIGqfC/aR5vkj1H4+CjRa5DE1t7zyay//R
a+KCmmqe1Jmti9dtLZ/dvTDeBpzo7AAOSr3cdlvG4+klEzQJoE9X+JYY/h11ODGhAZcI
b3L3UjEf/BBNLO2wrtre4ZghQ2pPsfd2SfAEzktBRHD7QT6QO234dZOvLR3p3ye9Inda
rB+A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1744823904; x=1745428704;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to
:x-original-authentication-results:x-original-sender:feedback-id
:mime-version:references:in-reply-to:message-id:date:subject:cc:to
:from:x-beenthere:x-gm-message-state:from:to:cc:subject:date
:message-id:reply-to;
bh=AGSrXGmlyhi/LqPKYH/RRQ6uwkRavFpFdOUV+eooX3Y=;
b=g/XGQfJ+a3NDs8LKNuCyjg7K5/IdNwiieril/YlvmPAEJxBVWA5ollWGjhIHgEwFEW
fIikchADnYNqXiN40F5ToBuUQ5UH14wYhhdCC0FqpSdzCf/7tvmjcRbidHAt7+9yLKwi
M2thm5xeSALHFc3vJRI2+KmcrW2AoG+BRtgO9Yfl7eDDIGL147rMeMxsgyo/8AJAIxL7
IOWiZbZ2fVd2Wo+3DVRKZK3gBDLyt5SkSn5uKk9eTpm+FDBqf/nhs432VhV+yLH5xcOL
KYdSG2EKWIff8rN0F6yOKouLQZko6fsU/ybX6C4gKoIS85zNCCJah934IqfLvZKdDBgT
svzQ==
X-Forwarded-Encrypted: i=2;
AJvYcCXw4YoadPw/PAXQhFX7c3XM2UMpyTS3OfodOId1xndK5WGh6RTSg1CELrjPwFU4K7NCGpCWIzA=@isar-build.org
X-Gm-Message-State: AOJu0Yz+ZSNa0AGcp9mifJWLr02wxdpMroPNfdlqEhehuOEgjDdu0VB6
lTPbyin58aGUFk6GKxW9YknVtx1lRVXTzcNbnfF9ImepbVoSO6qs
X-Google-Smtp-Source:
AGHT+IFsOyOKvzhmOo3oBYo2NE2h8jnPLLuKYOYRrkk3LlrMM5Fh8AVhPyGEST5eVcbCWdzaylwv7w==
X-Received: by 2002:a2e:a814:0:b0:30b:c9cb:47e5 with SMTP id
38308e7fff4ca-3107f68c361mr13216741fa.8.1744823902450;
Wed, 16 Apr 2025 10:18:22 -0700 (PDT)
X-BeenThere: isar-users@googlegroups.com;
h=ARLLPALo73i7FokU0qIaCGgnmVW9v8YRbpkE8naaqFUeldKdUw==
Received: by 2002:a2e:bccc:0:b0:30b:fc92:55c1 with SMTP id
38308e7fff4ca-310850bbac9ls489651fa.0.-pod-prod-06-eu;
Wed, 16 Apr 2025 10:18:20 -0700 (PDT)
X-Received: by 2002:a05:651c:158c:b0:30c:189d:a169 with SMTP id
38308e7fff4ca-3107f719c28mr11815761fa.25.1744823899904;
Wed, 16 Apr 2025 10:18:19 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1744823899; cv=none;
d=google.com; s=arc-20240605;
b=bls9jjVfzOyeJK3PCcF8zxtKOWpnRk+XeuDhB71zaJ9T6eU4pPIph6qqORPjCc9Dra
VpwgEHZ+M5e8T531iNkRsyh90vGN0wai9tYGkBQdt4yiG4QJNdY/vSEn7jyjaFry1I5y
JOZxdI1qb9cfZ/Hi5o/Kt/UM72wxHxQ5glz2bXP/ZrYeoBDKbKZVnhwFeXuptFhBcRGJ
yaMWhGXupuVV9pZ6DMq8wJ3TtaPXyCm1ZIZTuN5fPhef+oqa2JbKuNeIokBUQsRqfnHr
BLDRLPLRqSvazGPlZhbRQ5YudxnBxLyb1+ZMkFVcXe68Ja42mCiDQw9YuL2e+52H/DoT
d+Wg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20240605;
h=feedback-id:content-transfer-encoding:mime-version:references
:in-reply-to:message-id:date:subject:cc:to:from:dkim-signature;
bh=uwVBIC7iYyDpohzWuuBgLJbHfLOv9ixoc5hQwgmIjD8=;
fh=7H56SyJ75bwGZUIqRCOBd3K5XpBD2YtSSm9HZ9E1Jq8=;
b=N/w5G4YP67Hca76XOoA+XhDRk/jtzyt9VvsWRgpsHNlAsR/uiwAUSYodU1SvjvCUuE
uhgIReDme5DRMRiAtAANGV/Olod5uHO+tbXSV7/Uf+C0ymJFcgz84gJUl7uoOK1iC6Xn
vAnuoFa7U6NWJnHaq+oXPLK22fmBjCYPZmC9Wu6WaRzL8JJdrj2Dkyj7erwNvbib0VA2
s9ta8YKYpq0M+IJ/SPEhNZdpX3NA9+ZvIoSggVXVy8zmNZdLaJD5hdOlRS2f12I2G7HJ
0WE2siJKvYve/8Isj+7/1uX3H089RGBz4ntgje17XXOjsM8HPvXc48byXtnYgiG2kS7p
4o6g==;
dara=google.com
ARC-Authentication-Results: i=1; gmr-mx.google.com;
dkim=pass header.i=@siemens.com header.s=fm2 header.b=YBJO5kRF;
spf=pass (google.com: domain of
fm-1328731-20250416171819762400a43abce5bbdc-2srwtn@rts-flowmailer.siemens.com
designates 185.136.64.225 as permitted sender)
smtp.mailfrom=fm-1328731-20250416171819762400a43abce5bbdc-2SRwtn@rts-flowmailer.siemens.com;
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com
Received: from mta-64-225.siemens.flowmailer.net
(mta-64-225.siemens.flowmailer.net. [185.136.64.225])
by gmr-mx.google.com with ESMTPS id
38308e7fff4ca-30f464c97e3si1117871fa.1.2025.04.16.10.18.19
for <isar-users@googlegroups.com>
(version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
Wed, 16 Apr 2025 10:18:19 -0700 (PDT)
Received-SPF: pass (google.com: domain of
fm-1328731-20250416171819762400a43abce5bbdc-2srwtn@rts-flowmailer.siemens.com
designates 185.136.64.225 as permitted sender) client-ip=185.136.64.225;
Received: by mta-64-225.siemens.flowmailer.net with ESMTPSA id
20250416171819762400a43abce5bbdc
for <isar-users@googlegroups.com>;
Wed, 16 Apr 2025 19:18:19 +0200
From: "'Gokhan Cetin' via isar-users" <isar-users@googlegroups.com>
To: isar-users@googlegroups.com
Cc: gokhan.cetin@siemens.com, jan.kiszka@siemens.com
Subject: [PATCH v2 5/5] doc/user_manual: describe module signer and
certificate provider configuration
Date: Wed, 16 Apr 2025 19:17:09 +0200
Message-Id: <20250416171709.742191-6-gokhan.cetin@siemens.com>
In-Reply-To: <20250416171709.742191-1-gokhan.cetin@siemens.com>
References: <20250416171709.742191-1-gokhan.cetin@siemens.com>
MIME-Version: 1.0
X-Flowmailer-Platform: Siemens
Feedback-ID: 519:519-1328731:519-21489:flowmailer
X-Original-Sender: gokhan.cetin@siemens.com
X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass
header.i=@siemens.com header.s=fm2 header.b=YBJO5kRF; spf=pass
(google.com: domain of
fm-1328731-20250416171819762400a43abce5bbdc-2srwtn@rts-flowmailer.siemens.com
designates 185.136.64.225 as permitted sender)
smtp.mailfrom=fm-1328731-20250416171819762400a43abce5bbdc-2SRwtn@rts-flowmailer.siemens.com;
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com
X-Original-From: Gokhan Cetin <gokhan.cetin@siemens.com>
Reply-To: Gokhan Cetin <gokhan.cetin@siemens.com>
Content-Type: text/plain; charset="UTF-8"
Precedence: list
Mailing-list: list isar-users@googlegroups.com;
contact isar-users+owners@googlegroups.com
List-ID: <isar-users.googlegroups.com>
X-Spam-Checked-In-Group: isar-users@googlegroups.com
X-Google-Group-Id: 914930254986
List-Post: <https://groups.google.com/group/isar-users/post>,
<mailto:isar-users@googlegroups.com>
List-Help: <https://groups.google.com/support/>,
<mailto:isar-users+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/isar-users
List-Subscribe: <https://groups.google.com/group/isar-users/subscribe>,
<mailto:isar-users+subscribe@googlegroups.com>
List-Unsubscribe:
<mailto:googlegroups-manage+914930254986+unsubscribe@googlegroups.com>,
<https://groups.google.com/group/isar-users/subscribe>
X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED,
DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI,
RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED,
RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable
autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
|
| Series |
Structure module signing dependencies and providers
|
expand
|
diff --git a/doc/user_manual.md b/doc/user_manual.md index d8e5c33e..627dacb7 100644 --- a/doc/user_manual.md +++ b/doc/user_manual.md @@ -1162,9 +1162,17 @@ To provide a signer script that implements your custom signing solution, `SIGNAT can be set for the script path within the module recipe together with `SIGNATURE_CERTFILE` to define the public certificate path of the signer. +In order to choose between different signing solutions, signer recipes should provide the `module-signer` +target and package while certificate provider recipes should provide the `secure-boot-secrets` as target and package +to meet build dependencies. This way, desired signers and certificates can be configured using `PREFERRED_PROVIDER`. + Please see how `module-signer-example` hook generates a detached signature for the kernel module implemented in `example-module-signedwith` recipe. +You can enable build-wide kernel module signing by defining `KERNEL_MODULE_SIGNATURES = "1"` globally, +in this case, `pkg.signwith` build profile is added by default in addition to +`module-signer` and `secure-boot-secrets` target and package dependencies to the kernel module recipes. + ### Cross Support for Imagers If `ISAR_CROSS_COMPILE = "1"`, the imager and optional compression tasks
Mentions how `KERNEL_MODULE_SIGNATURES` can be used and how to manage the dependencies. Signed-off-by: Gokhan Cetin <gokhan.cetin@siemens.com> --- doc/user_manual.md | 8 ++++++++ 1 file changed, 8 insertions(+)