Add image signing framework and open keys

In order to secure the BMC, we need to sign all the images and include a
public key in the package with which to verify future update images.
This commit adds a framework to sign the image files with an open
private key and generates a corresponding public key added to the image.
This isn't secure by itself (since the private key is available), but
additional changes can easily provide their own private key, creating a
secure BMC.

To use a secure private key:
  export BB_ENV_EXTRAWHITE="$BB_ENV_EXTRAWHITE SIGNING_KEY"
  SIGNING_KEY=/path/to/secure/key bitbake obmc-phosphor-image

Resolves openbmc/openbmc#2835
Resolves openbmc/openbmc#2836
Resolves openbmc/openbmc#2837

Change-Id: I28919b7de54e3a32e5efcbb4522fb39731e68384
Signed-off-by: Eddie James <eajames@us.ibm.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>

1 files changed, 3 insertions, 1 deletions

diff --git a/meta-phosphor/common/recipes-phosphor/packagegroups/packagegroup-obmc-apps.bb b/meta-phosphor/common/recipes-phosphor/packagegroups/packagegroup-obmc-apps.bb
index 11cfe3442..e7fe3708a 100644
--- a/meta-phosphor/common/recipes-phosphor/packagegroups/packagegroup-obmc-apps.bb
+++ b/meta-phosphor/common/recipes-phosphor/packagegroups/packagegroup-obmc-apps.bb
@@ -89,7 +89,9 @@ ${PN}-software-extras = " \
         obmc-mgr-download \
         "
 
-${PN}-software-extras_df-obmc-ubi-fs = ""
+${PN}-software-extras_df-obmc-ubi-fs = " \
+        phosphor-image-signing \
+        "
 
 SUMMARY_${PN}-software = "Software applications"
 RDEPENDS_${PN}-software = " \