diff options
| author | Eddie James <eajames@us.ibm.com> | 2018-02-09 20:59:18 +0300 |
|---|---|---|
| committer | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2018-03-30 20:31:20 +0300 |
| commit | b2b7ff6804d128602d7db998c7b20be6821f9118 (patch) | |
| tree | 6fcec77dcd2a094b43233614d33d221a352c9d30 /meta-phosphor/classes/skeleton-rev.bbclass | |
| parent | 3b0639b35ec269e8b9fdd3635a1212206b456fb9 (diff) | |
| download | openbmc-b2b7ff6804d128602d7db998c7b20be6821f9118.tar.xz | |
Add image signing framework and open keys
In order to secure the BMC, we need to sign all the images and include a
public key in the package with which to verify future update images.
This commit adds a framework to sign the image files with an open
private key and generates a corresponding public key added to the image.
This isn't secure by itself (since the private key is available), but
additional changes can easily provide their own private key, creating a
secure BMC.
To use a secure private key:
export BB_ENV_EXTRAWHITE="$BB_ENV_EXTRAWHITE SIGNING_KEY"
SIGNING_KEY=/path/to/secure/key bitbake obmc-phosphor-image
Resolves openbmc/openbmc#2835
Resolves openbmc/openbmc#2836
Resolves openbmc/openbmc#2837
Change-Id: I28919b7de54e3a32e5efcbb4522fb39731e68384
Signed-off-by: Eddie James <eajames@us.ibm.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
Diffstat (limited to 'meta-phosphor/classes/skeleton-rev.bbclass')
0 files changed, 0 insertions, 0 deletions