diff options
| author | Adriana Kobylak <anoo@us.ibm.com> | 2018-03-29 23:16:09 +0300 |
|---|---|---|
| committer | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2018-04-13 17:22:08 +0300 |
| commit | acff95b917b051a71ca3979793cccfff724a5821 (patch) | |
| tree | d1e4157139d1da116742293337a37aa2913dc3de | |
| parent | fcdc2564c7583e0b8812aed351278d9df3efa9bf (diff) | |
| download | openbmc-acff95b917b051a71ca3979793cccfff724a5821.tar.xz | |
witherspoon: Enable BMC signature verification
Enable signature verification in the phosphor-software-manager code
for witherspoon. This causes an error to be logged if updating to
an unsigned image, or image signed with a different key than the one
on the system, and if field mode is set, it'll stop the activation
process.
Tested: Signature verification is enforced on witherspoon,
verified error is logged with and without field mode enabled, and
activation is prevented with field mode enabled.
Change-Id: Ifc8f8054f8d852cc16942af9cbf58d60aff3fc33
Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>
2 files changed, 5 insertions, 0 deletions
diff --git a/meta-openbmc-machines/meta-openpower/meta-ibm/meta-witherspoon/recipes-phosphor/flash/phosphor-software-manager.bbappend b/meta-openbmc-machines/meta-openpower/meta-ibm/meta-witherspoon/recipes-phosphor/flash/phosphor-software-manager.bbappend index feab2c1b0..21ee4daa6 100644 --- a/meta-openbmc-machines/meta-openpower/meta-ibm/meta-witherspoon/recipes-phosphor/flash/phosphor-software-manager.bbappend +++ b/meta-openbmc-machines/meta-openpower/meta-ibm/meta-witherspoon/recipes-phosphor/flash/phosphor-software-manager.bbappend @@ -2,3 +2,6 @@ BMC_RW_MTD = "bmc" BMC_RO_MTD = "alt-bmc+bmc" BMC_KERNEL_MTD = "bmc" BMC_RW_SIZE = "0x600000" + +# Enable signature verification by DISTRO_FEATURE obmc-ubi-fs +PACKAGECONFIG_append_df-obmc-ubi-fs = " verify_signature" diff --git a/meta-phosphor/common/recipes-phosphor/flash/phosphor-software-manager.bb b/meta-phosphor/common/recipes-phosphor/flash/phosphor-software-manager.bb index 43e363bb8..43e5aba62 100644 --- a/meta-phosphor/common/recipes-phosphor/flash/phosphor-software-manager.bb +++ b/meta-phosphor/common/recipes-phosphor/flash/phosphor-software-manager.bb @@ -23,6 +23,8 @@ DBUS_PACKAGES = "${SOFTWARE_MGR_PACKAGES}" # handles the rest. SYSTEMD_PACKAGES = "" +PACKAGECONFIG[verify_signature] = "--enable-verify_signature,--disable-verify_signature" + inherit autotools pkgconfig inherit obmc-phosphor-dbus-service inherit pythonnative |