Import firmware signing keychain from coreboot at boot
This commit is contained in:
parent
01c292c828
commit
d35950c72f
|
@ -0,0 +1 @@
|
|||
source "$BR2_EXTERNAL_Airgap_PATH/package/flashtools/Config.in"
|
|
@ -4135,3 +4135,13 @@ BR2_LINUX_KERNEL_CUSTOM_GIT_VERSION=""
|
|||
#
|
||||
# Linux distribution for offline cryptography use cases (in /home/build/config/buildroot)
|
||||
#
|
||||
|
||||
#
|
||||
# Flashtools
|
||||
#
|
||||
BR2_PACKAGE_FLASHTOOLS=y
|
||||
# BR2_PACKAGE_FLASHTOOLS_FLASHTOOL is not set
|
||||
# BR2_PACKAGE_FLASHTOOLS_PEEK is not set
|
||||
# BR2_PACKAGE_FLASHTOOLS_POKE is not set
|
||||
BR2_PACKAGE_FLASHTOOLS_CBFS=y
|
||||
# BR2_PACKAGE_FLASHTOOLS_UEFI is not set
|
||||
|
|
|
@ -0,0 +1 @@
|
|||
include $(sort $(wildcard $(BR2_EXTERNAL_Airgap_PATH)/package/*/*.mk))
|
|
@ -0,0 +1,36 @@
|
|||
menu "Flashtools"
|
||||
|
||||
config BR2_PACKAGE_FLASHTOOLS
|
||||
bool "flashtools"
|
||||
|
||||
config BR2_PACKAGE_FLASHTOOLS_FLASHTOOL
|
||||
bool "flashtool"
|
||||
select BR2_PACKAGE_FLASHTOOLS
|
||||
help
|
||||
Todo
|
||||
|
||||
config BR2_PACKAGE_FLASHTOOLS_PEEK
|
||||
bool "peek"
|
||||
select BR2_PACKAGE_FLASHTOOLS
|
||||
help
|
||||
Todo
|
||||
|
||||
config BR2_PACKAGE_FLASHTOOLS_POKE
|
||||
bool "poke"
|
||||
select BR2_PACKAGE_FLASHTOOLS
|
||||
help
|
||||
Todo
|
||||
|
||||
config BR2_PACKAGE_FLASHTOOLS_CBFS
|
||||
bool "cbfs"
|
||||
select BR2_PACKAGE_FLASHTOOLS
|
||||
help
|
||||
Todo
|
||||
|
||||
config BR2_PACKAGE_FLASHTOOLS_UEFI
|
||||
bool "uefi"
|
||||
select BR2_PACKAGE_FLASHTOOLS
|
||||
help
|
||||
Todo
|
||||
|
||||
endmenu
|
|
@ -0,0 +1,47 @@
|
|||
################################################################################
|
||||
#
|
||||
# flashtools
|
||||
#
|
||||
################################################################################
|
||||
|
||||
FLASHTOOLS_VERSION = 9acce09aeb635c5bef01843e495b95e75e8da135
|
||||
FLASHTOOLS_SITE = https://github.com/osresearch/flashtools.git
|
||||
FLASHTOOLS_SITE_METHOD = git
|
||||
FLASHTOOLS_LICENSE = GPL-2.0
|
||||
FLASHTOOLS_LICENSE_FILES = LICENSE
|
||||
|
||||
ifeq ($(BR2_PACKAGE_FLASHTOOLS_FLASHTOOL),y)
|
||||
FLASHTOOLS_TARGETS += flashtool
|
||||
endif
|
||||
|
||||
ifeq ($(BR2_PACKAGE_FLASHTOOLS_PEEK),y)
|
||||
FLASHTOOLS_TARGETS += peek
|
||||
endif
|
||||
|
||||
ifeq ($(BR2_PACKAGE_FLASHTOOLS_POKE),y)
|
||||
FLASHTOOLS_TARGETS += poke
|
||||
endif
|
||||
|
||||
ifeq ($(BR2_PACKAGE_FLASHTOOLS_CBFS),y)
|
||||
FLASHTOOLS_TARGETS += cbfs
|
||||
endif
|
||||
|
||||
ifeq ($(BR2_PACKAGE_FLASHTOOLS_UEFI),y)
|
||||
FLASHTOOLS_TARGETS += uefi
|
||||
endif
|
||||
|
||||
define FLASHTOOLS_BUILD_CMDS
|
||||
$(foreach t,$(FLASHTOOLS_TARGETS),\
|
||||
$(TARGET_MAKE_ENV) $(MAKE) $(TARGET_CONFIGURE_OPTS) \
|
||||
CFLAGS="$(TARGET_CFLAGS)" -C $(@D) $(t) \
|
||||
)
|
||||
endef
|
||||
|
||||
define FLASHTOOLS_INSTALL_TARGET_CMDS
|
||||
$(foreach t,$(FLASHTOOLS_TARGETS),\
|
||||
$(INSTALL) -D -m 0755 $(@D)/$(t) $(TARGET_DIR)/usr/bin/$(t)$(sep) \
|
||||
)
|
||||
endef
|
||||
|
||||
|
||||
$(eval $(generic-package))
|
|
@ -0,0 +1,19 @@
|
|||
#!/bin/sh
|
||||
|
||||
case "${1}" in
|
||||
start)
|
||||
printf 'Loading firmware signing key from Coreboot CBFS: '
|
||||
mkdir -p /.gnupg
|
||||
cbfs -r heads/initrd/.gnupg/pubring.kbx > /.gnupg/pubring.kbx
|
||||
cbfs -r heads/initrd/.gnupg/trustdb.gpg > /.gnupg/trustdb.gpg
|
||||
if [ $? -eq 0 ]; then
|
||||
echo "OK"
|
||||
else
|
||||
echo "FAIL"
|
||||
fi
|
||||
;;
|
||||
*)
|
||||
echo "Usage: ${0} {start}"
|
||||
exit 1
|
||||
;;
|
||||
esac
|
Loading…
Reference in New Issue