The certificates and keys are stored in a repository and taken from there.
It is a neative repository that puts the keys into the sysroot where other
recipes can take them
All the key related scripts where deleted or put in the development-keys
repository.
Basic simplifications where done, there is yet still room for improvement.
Merge in ICO/coreos from add_secure_storage to master
* commit 'e4fd830aa81a042f51b1cf98cbd83cdeb60c1177':
feat(secure-storage): add kernel config fragment for dm_crypt
feat(secure-storage): add secure-storage as Coreos base feature
feat(secure-storage): add secure-storage base functionality
feat(userdata): add userdata partition
The secure-storage feature provides a encrypted filesystem to securely store
data in rest. It will be auto-mounted under /usr/local/data/secure-storage.
The loopbackfile will be stored under /usr/local/data/loopdevices.
The keyfile is located under /usr/local/data/.crypto.
The userdata partition is mounted under /usr/local/data. It is and will stay
read-write and its purpose is to store userdata like config, secure-storage.
* all creation dates of the files are set to the 01.01. of the current year
* the file /usr/lib/clock-epoch is created. It is used by timedatectl to
get the initial time and date (creation time of file).
* a sanity check was added to check if the hardcoded timestamp is outdated
When introducing CN913x devices by using the meta-belden-marvell-bsp layer
trusted-firmwarre-a recipe was copied from meta-arm and modified. Now the
original recipe is used from meta-arm and the changes were put into a
bbappend.
Also trusted-firmware-a version changed from 2.3 to 2.6.
The defaul qemu devices have not set efi as MACHINE_CONFIG which causes
the CoreOS build to fail because efi is required.
This change disables CoreOS sepcific features like swupdate for all
qemu MACHINES.
Merge in ICO/coreos from feature/up/integration/meta-netmodule-wlan to master
* commit 'ecc4ca19f415616e101b65aca3e4bf137b5ae34c':
refactor(0001-refactor-cn913x-defconfig-cleanup.patch): patch refactored. defconfig is properly generated using savedefconfig yocto task
feat(0001-refactor-cn913x-defconfig-cleanup.patch_and_cn913x_additions.cfg): remove mac80211, cfg80211 and qrtr from standard Linux kernel config. Use the counterparts from meta-netmodule-wlan layer.
Merge in ICO/coreos from add_common_dev_key_handling to master
* commit 'f04afe073a7c5e15f9fad8ac81f2d8ef36aafee1':
feat: add common developer keys for signed firmware
To make images compatible with each other for development a comon set of keys
will be used. The keys are located on k-stufen.
* add script to download and extract keys
* adjustments to coreos-init-build-env script
* adjustments to check_files_exist function
Merge in ICO/coreos from rename_eagle40_03 to master
* commit '3bf28622c1b2207e752b6e0b9725b4d27fa328a0':
refactor(eagle40-03): rename MACHINE from eagle40_03 to eagle40-03
Merge in ICO/coreos from add_variable_for_kernel_in_wks_file to master
* commit 'afa1a784c1637ad2965f93061794f10577e992a2':
refactor(partitions.inc): use variable for kernel in wks file
Merge in ICO/coreos from feature/k3s to master
* commit 'af33b55ec07b3d78cd5e2e2ea2e677b226a441a3':
feat(k3s): image that installs the k3s-agent
feat(linux-yocto_5.15): add kernel config for k3s
the changed image is
layers/meta-belden-coreos-demo/recipes-core/image/cores-image-demo-k3s
k3s is a orchestration tool and a slimed down version of kubernetes
k3s agent is a tool to control pods
the commands come a k3s server in a cluster
Merge in ICO/coreos from docs/secure-boot to master
* commit 'e89a0c5195e9e2dc86eda1a44820e1709950183c':
docs(secure-boot): add a secure boot concept to the doc
Merge in ICO/coreos from feat/distro-rework to master
* commit '0d5e631162d90ab724fd1f03ec294fd171cac3cf':
feat(belden-coreos): reworked distro settings
Merge in ICO/coreos from update_subomdules_2023-08-07_13-04 to master
* commit '1af92365f1529824940df6935f4c05d65a298e03':
fix(3rd-party): automatic update of CoreOS submodules
Now the distro settings is splitted into two config smaller config
file. PACKAGECONFIG for the system package is set to include a
reduced set of features by default.
Some EFI related feature are now dependant of the EFI DISTRO_
and MACHINE_FEATURES.
Merge in ICO/coreos from fix_populate_sdk_build to master
* commit '18d38f9010f7e973246cfef9d36c2b0637ba8f8a':
fix(u-boot-tools): add uboot-efivar fot FILES
Merge in ICO/coreos from update_subomdules_2023-07-26_14-19 to master
* commit 'cd2e89697943020b9f7f87218fa4fb6de53c280b':
fix(3rd-party): automatic update of CoreOS submodules
Patrick Vogelaar
Holger Dihlmann
Dimitry Shapovalov
Samuel Dolt
Uli Stein