starlingx/tools
Code Issues Proposed changes

Debian: LAT: upgrade to 20220610

Browse Source 
In the new lat-sdk.sh, the shim binary for secure boot has been
updated which is signed by tis-boot key.

In other words, in the trusted chains, we only replace DB with
tis-boot, and other still use built-in certs

DB --> MOK --> Grub GPG --> kernel/initramfs/grub.cfg

In this way, the debian secure boot image could boot on the host
in which the BIOS has been inserted with tis-boot key

Test Plan:

Pass: Rebuild container lat
Pass: build-image --std
Pass: Do secure boot install on qemu

Story: 2008846
Task: 45591

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Change-Id: Ic35820beb7c911cb37dac8916bfce9e3d9a112b8
This commit is contained in:
Hongxu Jia 2022-06-10 17:54:47 +08:00
parent 777e20d22e
commit ba70066c78
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
stx/dockerfiles/stx-lat-tool.Dockerfile
View File

@ -16,7 +16,7 @@ FROM debian:bullseye
MAINTAINER Chen Qi <Qi.Chen@windriver.com>
ARG LAT_BINARY_RESOURCE_PATH=http://mirror.starlingx.cengn.ca/mirror/lat-sdk/lat-sdk-20220527
ARG LAT_BINARY_RESOURCE_PATH=http://mirror.starlingx.cengn.ca/mirror/lat-sdk/lat-sdk-20220610
# Install necessary packages
RUN apt-get -y update && apt-get --no-install-recommends -y install \