764d81db0a
This is done for moving packages that are related to secure boot
out of LAT and into integ.
Add efitools 1.9.2-1 for debian.
The patches for code and changes for debian build are ported from
layers ( meta-lat and meta-secure-core ) of yocto upstream.
Test Plan:
The tests are done with all the changes for this porting,
which involves efitools/shim/grub2/grub-efi/lat-sdk.sh, because
they are in a chain for secure boot verification.
- PASS: secure boot OK on qemu.
- PASS: secure boot OK on PowerEdge R430 lab.
- PASS: secure boot NG on qemu/hardware when shim/grub-efi images
are without the right signatures.
Story: 2009221
Task: 46400
Signed-off-by: Li Zhou <li.zhou@windriver.com>
Change-Id: I672f0c0182bf894d10c508b83b959eec47971ceb
34 lines
880 B
Diff
34 lines
880 B
Diff
From 7092736065bf9a0ce96b2ac1d4168bbaa13a16f5 Mon Sep 17 00:00:00 2001
|
|
From: Li Zhou <li.zhou@windriver.com>
|
|
Date: Fri, 19 Aug 2022 10:08:12 +0800
|
|
Subject: [PATCH 1/2] efitools: prepare keys
|
|
|
|
Copy uefi keys (example keys) to the proper path for building.
|
|
Replace the DB.crt (example key) with tis-boot.crt (public key
|
|
in use for verifying signed shim image).
|
|
|
|
Signed-off-by: Li Zhou <li.zhou@windriver.com>
|
|
---
|
|
debian/rules | 5 +++++
|
|
1 file changed, 5 insertions(+)
|
|
|
|
diff --git a/debian/rules b/debian/rules
|
|
index 89115b3..c20cd9a 100755
|
|
--- a/debian/rules
|
|
+++ b/debian/rules
|
|
@@ -4,6 +4,11 @@
|
|
# Uncomment this to turn on verbose mode.
|
|
export DH_VERBOSE=1
|
|
|
|
+override_dh_auto_build:
|
|
+ cp uefi_sb_keys/* ./
|
|
+ mv tis-boot.crt DB.crt
|
|
+ dh_auto_build
|
|
+
|
|
override_dh_auto_install:
|
|
dh_auto_install -- EFIDIR="debian/efitools/usr/lib/efitools/${DEB_TARGET_MULTIARCH}"
|
|
|
|
--
|
|
2.17.1
|
|
|