From acff95b917b051a71ca3979793cccfff724a5821 Mon Sep 17 00:00:00 2001 From: Adriana Kobylak Date: Thu, 29 Mar 2018 15:16:09 -0500 Subject: witherspoon: Enable BMC signature verification Enable signature verification in the phosphor-software-manager code for witherspoon. This causes an error to be logged if updating to an unsigned image, or image signed with a different key than the one on the system, and if field mode is set, it'll stop the activation process. Tested: Signature verification is enforced on witherspoon, verified error is logged with and without field mode enabled, and activation is prevented with field mode enabled. Change-Id: Ifc8f8054f8d852cc16942af9cbf58d60aff3fc33 Signed-off-by: Adriana Kobylak --- .../recipes-phosphor/flash/phosphor-software-manager.bbappend | 3 +++ 1 file changed, 3 insertions(+) (limited to 'meta-openbmc-machines/meta-openpower/meta-ibm/meta-witherspoon/recipes-phosphor') diff --git a/meta-openbmc-machines/meta-openpower/meta-ibm/meta-witherspoon/recipes-phosphor/flash/phosphor-software-manager.bbappend b/meta-openbmc-machines/meta-openpower/meta-ibm/meta-witherspoon/recipes-phosphor/flash/phosphor-software-manager.bbappend index feab2c1b0..21ee4daa6 100644 --- a/meta-openbmc-machines/meta-openpower/meta-ibm/meta-witherspoon/recipes-phosphor/flash/phosphor-software-manager.bbappend +++ b/meta-openbmc-machines/meta-openpower/meta-ibm/meta-witherspoon/recipes-phosphor/flash/phosphor-software-manager.bbappend @@ -2,3 +2,6 @@ BMC_RW_MTD = "bmc" BMC_RO_MTD = "alt-bmc+bmc" BMC_KERNEL_MTD = "bmc" BMC_RW_SIZE = "0x600000" + +# Enable signature verification by DISTRO_FEATURE obmc-ubi-fs +PACKAGECONFIG_append_df-obmc-ubi-fs = " verify_signature" -- cgit v1.2.3