Compare commits
1 Commits
main
...
413750-net
| Author | SHA1 | Date |
|---|---|---|
Marcel Reichmuth
|
712579f361 |
|
|
@ -1,22 +0,0 @@
|
|||
diff --git a/arch/arm/boot/dts/am335x-nbhw16-prod2.dts b/arch/arm/boot/dts/am335x-nbhw16-prod2.dts
|
||||
index 1871d78bca89..b4830a8ef61c 100755
|
||||
--- a/arch/arm/boot/dts/am335x-nbhw16-prod2.dts
|
||||
+++ b/arch/arm/boot/dts/am335x-nbhw16-prod2.dts
|
||||
@@ -73,7 +73,7 @@ netbox_dio: netbox_dio {
|
||||
wlan_bt_clock: wlan_bt_clock {
|
||||
compatible = "pwm-clock";
|
||||
#clock-cells = <0>;
|
||||
- pwms = <&ecap2 0 30518 0>;
|
||||
+ pwms = <&ecap_2 0 30518 0>;
|
||||
};
|
||||
|
||||
wlan_bt_oscillator: wlan_bt_oscillator {
|
||||
@@ -93,7 +93,7 @@ &reset_button {
|
||||
&epwmss2 {
|
||||
status = "okay";
|
||||
|
||||
- ecap2: ecap@48304100 {
|
||||
+ ecap_2: ecap@48304100 {
|
||||
status = "okay";
|
||||
pinctrl-names = "default";
|
||||
pinctrl-0 = <&ecap2_pins>;
|
||||
|
|
@ -0,0 +1,689 @@
|
|||
diff --git a/crypto/Kconfig b/crypto/Kconfig
|
||||
index fe8394895c1e..1157f82dc9cf 100644
|
||||
--- a/crypto/Kconfig
|
||||
+++ b/crypto/Kconfig
|
||||
@@ -1936,12 +1936,6 @@ config CRYPTO_STATS
|
||||
config CRYPTO_HASH_INFO
|
||||
bool
|
||||
|
||||
-config BOFH_KEY
|
||||
- depends on SECURITY
|
||||
- depends on INTEGRITY_SIGNATURE
|
||||
- bool "BOFH key support"
|
||||
- default y
|
||||
-
|
||||
source "lib/crypto/Kconfig"
|
||||
source "drivers/crypto/Kconfig"
|
||||
source "crypto/asymmetric_keys/Kconfig"
|
||||
diff --git a/crypto/Makefile b/crypto/Makefile
|
||||
index 471270fba15b..b279483fba50 100644
|
||||
--- a/crypto/Makefile
|
||||
+++ b/crypto/Makefile
|
||||
@@ -197,5 +197,3 @@ obj-$(CONFIG_ASYMMETRIC_KEY_TYPE) += asymmetric_keys/
|
||||
obj-$(CONFIG_CRYPTO_HASH_INFO) += hash_info.o
|
||||
crypto_simd-y := simd.o
|
||||
obj-$(CONFIG_CRYPTO_SIMD) += crypto_simd.o
|
||||
-
|
||||
-obj-$(CONFIG_BOFH_KEY) += bofh-key.o
|
||||
diff --git a/crypto/bofh-key.c b/crypto/bofh-key.c
|
||||
deleted file mode 100644
|
||||
index 78b0f5abda21..000000000000
|
||||
--- a/crypto/bofh-key.c
|
||||
+++ /dev/null
|
||||
@@ -1,63 +0,0 @@
|
||||
-#include <linux/module.h>
|
||||
-#include <linux/kernel.h>
|
||||
-#include <linux/slab.h>
|
||||
-#include <linux/crypto.h>
|
||||
-#include <crypto/public_key.h>
|
||||
-#include <bofh-key.h>
|
||||
-
|
||||
-#if BOFH_KEY_PRESENT
|
||||
-
|
||||
-static const struct public_key *bofh_key = NULL;
|
||||
-
|
||||
-const struct public_key * request_bofh_key (const char *signer, size_t signer_len,
|
||||
- const u8 *keyid, size_t keyid_len)
|
||||
-{
|
||||
- struct public_key *pubkey = NULL;
|
||||
- static unsigned char key[] = BOFH_KEY_PUBKEY;
|
||||
-
|
||||
- if (bofh_key) {
|
||||
- return bofh_key; /* already requested */
|
||||
- }
|
||||
-
|
||||
- if (BOFH_KEY_SIGNER_LEN != 0) {
|
||||
- if (BOFH_KEY_SIGNER_LEN != signer_len ||
|
||||
- memcmp(BOFH_KEY_SIGNER, signer, BOFH_KEY_SIGNER_LEN)) {
|
||||
- printk(KERN_ERR "invalid signer\n");
|
||||
- return NULL;
|
||||
- }
|
||||
- }
|
||||
- if (BOFH_KEY_KEYID_LEN != 0) { /* optional */
|
||||
- if (BOFH_KEY_KEYID_LEN != keyid_len ||
|
||||
- memcmp(BOFH_KEY_KEYID, keyid, BOFH_KEY_KEYID_LEN)) {
|
||||
- printk(KERN_ERR "invalid keyid\n");
|
||||
- return NULL;
|
||||
- }
|
||||
- }
|
||||
- pubkey = kzalloc(sizeof(struct public_key), GFP_KERNEL);
|
||||
- if (!pubkey) {
|
||||
- return NULL;
|
||||
- }
|
||||
-
|
||||
- pubkey->key = key;
|
||||
- pubkey->keylen = sizeof(key);
|
||||
- pubkey->id_type = BOFH_KEY_ID_TYPE_STR;
|
||||
- pubkey->pkey_algo = BOFH_KEY_PKEY_ALGO_STR;
|
||||
-
|
||||
- bofh_key = (const struct public_key *) pubkey;
|
||||
-
|
||||
- if (pubkey && !bofh_key) kfree(pubkey);
|
||||
-
|
||||
- return bofh_key;
|
||||
-}
|
||||
-
|
||||
-#else /* !BOFH_KEY_PRESENT */
|
||||
-
|
||||
-const struct public_key * request_bofh_key (const char *signer, size_t signer_len,
|
||||
- const u8 *keyid, size_t keyid_len)
|
||||
-{
|
||||
- return NULL;
|
||||
-}
|
||||
-
|
||||
-#endif /* BOFH_KEY_PRESENT */
|
||||
-
|
||||
-
|
||||
diff --git a/drivers/mfd/nm-fpga-gpio.h b/drivers/mfd/nm-fpga-gpio.h
|
||||
index 0ad49861a0ab..a65d8680f706 100644
|
||||
--- a/drivers/mfd/nm-fpga-gpio.h
|
||||
+++ b/drivers/mfd/nm-fpga-gpio.h
|
||||
@@ -14,7 +14,6 @@
|
||||
|
||||
#include <linux/types.h>
|
||||
#include <linux/regmap.h>
|
||||
-#include <nbsw.h>
|
||||
|
||||
struct nm_fpga_gpio_config {
|
||||
void (*init_fpga)(struct regmap* regmap);
|
||||
diff --git a/drivers/mfd/nm-fpga-gpio08.c b/drivers/mfd/nm-fpga-gpio08.c
|
||||
index 3f833213e651..77f06d4f1b90 100644
|
||||
--- a/drivers/mfd/nm-fpga-gpio08.c
|
||||
+++ b/drivers/mfd/nm-fpga-gpio08.c
|
||||
@@ -9,7 +9,6 @@
|
||||
* (at your option) any later version.
|
||||
*/
|
||||
|
||||
-#include <nbsw.h>
|
||||
#if defined(NBSW_TARGET_netbox_ppc)
|
||||
|
||||
#include <linux/export.h>
|
||||
diff --git a/drivers/mfd/nm-fpga-gpio12.c b/drivers/mfd/nm-fpga-gpio12.c
|
||||
index 1fcf5b923a3f..1b30879c0e3f 100644
|
||||
--- a/drivers/mfd/nm-fpga-gpio12.c
|
||||
+++ b/drivers/mfd/nm-fpga-gpio12.c
|
||||
@@ -9,7 +9,6 @@
|
||||
* (at your option) any later version.
|
||||
*/
|
||||
|
||||
-#include <nbsw.h>
|
||||
#if defined(NBSW_TARGET_netbox_ppc)
|
||||
|
||||
#include <linux/export.h>
|
||||
diff --git a/drivers/mfd/nm-fpga-gpio14.c b/drivers/mfd/nm-fpga-gpio14.c
|
||||
index 4ae68d15f4b1..8db75be169e8 100644
|
||||
--- a/drivers/mfd/nm-fpga-gpio14.c
|
||||
+++ b/drivers/mfd/nm-fpga-gpio14.c
|
||||
@@ -9,7 +9,6 @@
|
||||
* (at your option) any later version.
|
||||
*/
|
||||
|
||||
-#include <nbsw.h>
|
||||
#if defined(NBSW_TARGET_netbolt_arm)
|
||||
|
||||
#include <linux/export.h>
|
||||
diff --git a/drivers/mfd/nm-fpga-gpio17.c b/drivers/mfd/nm-fpga-gpio17.c
|
||||
index efc689ce6989..9b8c35a2de17 100644
|
||||
--- a/drivers/mfd/nm-fpga-gpio17.c
|
||||
+++ b/drivers/mfd/nm-fpga-gpio17.c
|
||||
@@ -9,7 +9,6 @@
|
||||
* (at your option) any later version.
|
||||
*/
|
||||
|
||||
-#include <nbsw.h>
|
||||
#if defined(NBSW_TARGET_netbolt_arm)
|
||||
|
||||
#include <linux/export.h>
|
||||
diff --git a/drivers/mfd/nm-fpga-gpio18.c b/drivers/mfd/nm-fpga-gpio18.c
|
||||
index ffc2f8afaba9..7ab90a4f2e4e 100644
|
||||
--- a/drivers/mfd/nm-fpga-gpio18.c
|
||||
+++ b/drivers/mfd/nm-fpga-gpio18.c
|
||||
@@ -9,7 +9,6 @@
|
||||
* (at your option) any later version.
|
||||
*/
|
||||
|
||||
-#include <nbsw.h>
|
||||
#if defined(NBSW_TARGET_netbolt_arm)
|
||||
|
||||
#include <linux/export.h>
|
||||
diff --git a/drivers/misc/eeprom/at24.c b/drivers/misc/eeprom/at24.c
|
||||
index 09ce3e72b414..305ffad131a2 100644
|
||||
--- a/drivers/misc/eeprom/at24.c
|
||||
+++ b/drivers/misc/eeprom/at24.c
|
||||
@@ -25,8 +25,6 @@
|
||||
#include <linux/regulator/consumer.h>
|
||||
#include <linux/slab.h>
|
||||
|
||||
-#include <bofh-key.h>
|
||||
-
|
||||
/* Address pointer is 16 bit. */
|
||||
#define AT24_FLAG_ADDR16 BIT(7)
|
||||
/* sysfs-entry will be read-only. */
|
||||
@@ -473,21 +471,6 @@ static int at24_write(void *priv, unsigned int off, void *val, size_t count)
|
||||
char *buf = val;
|
||||
int ret;
|
||||
|
||||
-#if BOFH_KEY_PRESENT
|
||||
- if (off < 0x0600) {
|
||||
- /* We need to protect BD, PD and licenses which are at
|
||||
- offsets below 0x600. Partition table and
|
||||
- serdes config above 0x600 can be written by
|
||||
- any process. */
|
||||
- if (!current->is_signed) {
|
||||
- if (off == 0)
|
||||
- printk(KERN_ERR "current process is not "
|
||||
- "authorized to access eeprom\n");
|
||||
- return -EPERM;
|
||||
- }
|
||||
- }
|
||||
-#endif
|
||||
-
|
||||
at24 = priv;
|
||||
dev = at24_base_client_dev(at24);
|
||||
|
||||
diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
|
||||
index e9aad942370c..04c4aa7a1df2 100644
|
||||
--- a/fs/binfmt_elf.c
|
||||
+++ b/fs/binfmt_elf.c
|
||||
@@ -49,13 +49,6 @@
|
||||
#include <asm/param.h>
|
||||
#include <asm/page.h>
|
||||
|
||||
-#include <bofh-key.h>
|
||||
-#if BOFH_KEY_PRESENT
|
||||
-#include <linux/digsig.h>
|
||||
-#include <linux/crypto.h>
|
||||
-#include <crypto/hash.h>
|
||||
-#include <crypto/public_key.h>
|
||||
-#endif /* BOFH_KEY_PRESENT */
|
||||
#ifndef ELF_COMPAT
|
||||
#define ELF_COMPAT 0
|
||||
#endif
|
||||
@@ -112,386 +105,6 @@ static struct linux_binfmt elf_format = {
|
||||
.min_coredump = ELF_EXEC_PAGESIZE,
|
||||
};
|
||||
|
||||
-/* ELF signature verification related stuff */
|
||||
-#if BOFH_KEY_PRESENT
|
||||
-extern const struct public_key * request_bofh_key (const char *signer, size_t signer_len,
|
||||
- const u8 *key_id, size_t key_id_len);
|
||||
-
|
||||
-struct elf_sig_info {
|
||||
- /* Note: currently algo, hash and id_type are meaningless magic numbers */
|
||||
- u8 algo; /* public-key crypto algorithm [enum pkey_algo] */
|
||||
- u8 hash; /* digest algorithm [enum pkey_hash_algo] */
|
||||
- u8 id_type; /* key identifier type [enum pkey_id_type] */
|
||||
- u8 signer_len; /* length of signer's name */
|
||||
- u8 key_id_len; /* length of key identifier */
|
||||
- u8 __pad[3]; /* padding */
|
||||
- __be32 sig_len; /* length of signature data */
|
||||
-};
|
||||
-
|
||||
-struct elf_sig_data {
|
||||
- struct shash_desc *desc;
|
||||
- const struct public_key *pubkey;
|
||||
- struct public_key_signature pks;
|
||||
-};
|
||||
-
|
||||
-static int esd_shash_init(struct elf_sig_data *esd)
|
||||
-{
|
||||
- struct shash_desc *desc;
|
||||
- struct crypto_shash *tfm;
|
||||
- size_t digest_size, desc_size;
|
||||
- char *digest;
|
||||
- int ret;
|
||||
-
|
||||
- tfm = crypto_alloc_shash(esd->pks.hash_algo, 0, 0);
|
||||
- if (IS_ERR(tfm)) {
|
||||
- ret = PTR_ERR(tfm);
|
||||
- return (ret == -ENOENT ? -ENOPKG : ret);
|
||||
- }
|
||||
-
|
||||
- desc_size = crypto_shash_descsize(tfm) + sizeof(*desc);
|
||||
- digest_size = crypto_shash_digestsize(tfm);
|
||||
-
|
||||
- desc = kzalloc(desc_size, GFP_KERNEL);
|
||||
- if (!desc) {
|
||||
- ret = -ENOMEM;
|
||||
- goto out_free_tfm;
|
||||
- }
|
||||
-
|
||||
- digest = kzalloc(digest_size, GFP_KERNEL);
|
||||
- if (!digest) {
|
||||
- ret = -ENOMEM;
|
||||
- goto out_free_desc;
|
||||
- }
|
||||
-
|
||||
- desc->tfm = tfm;
|
||||
-
|
||||
- ret = crypto_shash_init(desc);
|
||||
- if (ret < 0) {
|
||||
- goto out_free_digest;
|
||||
- }
|
||||
-
|
||||
- esd->desc = desc;
|
||||
- esd->pks.digest = digest;
|
||||
- esd->pks.digest_size = digest_size;
|
||||
-
|
||||
- return 0;
|
||||
-
|
||||
-out_free_digest:
|
||||
- kfree(digest);
|
||||
-out_free_desc:
|
||||
- kfree(desc);
|
||||
-out_free_tfm:
|
||||
- crypto_free_shash(tfm);
|
||||
- return ret;
|
||||
-}
|
||||
-
|
||||
-static struct elf_sig_data *
|
||||
-elf_parse_binary_signature(struct elfhdr *ehdr, struct file *file)
|
||||
-{
|
||||
- loff_t rem_file_sz, file_sz;
|
||||
- loff_t offset;
|
||||
- struct elf_sig_data *esd;
|
||||
- struct elf_sig_info *esi;
|
||||
- int retval, i;
|
||||
- char *sig;
|
||||
- size_t sig_len;
|
||||
- struct elf_shdr *elf_shtable, *elf_spnt, *elf_shstrpnt;
|
||||
- unsigned int sig_info_sz, shtable_sz;
|
||||
- uint16_t shstrndx;
|
||||
- bool found_sig_section = false;
|
||||
- void *signer_name, *key_id;
|
||||
-
|
||||
- if (!ehdr->e_shnum) return NULL;
|
||||
-
|
||||
- if (ehdr->e_shstrndx == SHN_UNDEF) return NULL;
|
||||
-
|
||||
- /* Read in elf section table */
|
||||
- file_sz = i_size_read(file->f_path.dentry->d_inode);
|
||||
- shtable_sz = ehdr->e_shnum * sizeof(struct elf_shdr);
|
||||
- elf_shtable = kmalloc(shtable_sz, GFP_KERNEL);
|
||||
- if (!elf_shtable) return ERR_PTR(-ENOMEM);
|
||||
-
|
||||
- offset = ehdr->e_shoff;
|
||||
- retval = kernel_read(file, (char *)elf_shtable, shtable_sz, &offset);
|
||||
- if (retval != shtable_sz) {
|
||||
- if (retval >= 0) retval = -EIO;
|
||||
- goto out_free_shtable;
|
||||
- }
|
||||
-
|
||||
- if (ehdr->e_shstrndx == 0xffff)
|
||||
- shstrndx = elf_shtable[0].sh_link;
|
||||
- else
|
||||
- shstrndx = ehdr->e_shstrndx;
|
||||
-
|
||||
- if (shstrndx >= ehdr->e_shnum) {
|
||||
- retval = -EINVAL;
|
||||
- goto out_free_shtable;
|
||||
- }
|
||||
-
|
||||
- elf_shstrpnt = elf_shtable + shstrndx;
|
||||
- elf_spnt = elf_shtable;
|
||||
-
|
||||
- /* Scan for section with name ".signature" */
|
||||
- for (i = 0; i < ehdr->e_shnum; i++) {
|
||||
- char sec_name[11];
|
||||
- offset = elf_shstrpnt->sh_offset + elf_spnt->sh_name;
|
||||
- retval = kernel_read(file, sec_name, sizeof(sec_name), &offset);
|
||||
- if (retval != 11) {
|
||||
- if (retval >= 0) retval = -EIO;
|
||||
- goto out_free_shtable;
|
||||
- }
|
||||
- if (!strcmp(sec_name, ".signature")) {
|
||||
- found_sig_section = true;
|
||||
- break;
|
||||
- }
|
||||
- elf_spnt++;
|
||||
- }
|
||||
-
|
||||
- if (!found_sig_section) {
|
||||
- /* File is not signed */
|
||||
- retval = 0;
|
||||
- goto out_free_shtable;
|
||||
- }
|
||||
-
|
||||
- esi = kzalloc(sizeof(struct elf_sig_info), GFP_KERNEL);
|
||||
- if (!esi) {
|
||||
- retval = -ENOMEM;
|
||||
- goto out_free_shtable;
|
||||
- }
|
||||
-
|
||||
- esd = kzalloc(sizeof(struct elf_sig_data), GFP_KERNEL);
|
||||
- if (!esd) {
|
||||
- retval = -ENOMEM;
|
||||
- goto out_free_esi;
|
||||
- }
|
||||
-
|
||||
- /* Read in sig info */
|
||||
- sig_info_sz = sizeof(struct elf_sig_info);
|
||||
-
|
||||
- offset = elf_spnt->sh_offset + elf_spnt->sh_size - sig_info_sz;
|
||||
- rem_file_sz = file_sz - sig_info_sz;
|
||||
- retval = kernel_read(file, (char *)esi, sig_info_sz, &offset);
|
||||
- offset -= sig_info_sz;
|
||||
- if (retval != sig_info_sz) {
|
||||
- if (retval >= 0) retval = -EIO;
|
||||
- goto out_free_esd;
|
||||
- }
|
||||
-
|
||||
- sig_len = be32_to_cpu(esi->sig_len);
|
||||
- if (sig_len >= rem_file_sz) {
|
||||
- retval = -EBADMSG;
|
||||
- goto out_free_esd;
|
||||
- }
|
||||
- rem_file_sz -= sig_len;
|
||||
-
|
||||
- if ((size_t)esi->signer_len + esi->key_id_len >= rem_file_sz) {
|
||||
- retval = -EBADMSG;
|
||||
- goto out_free_esd;
|
||||
- }
|
||||
-
|
||||
- rem_file_sz -= ((size_t)esi->signer_len + esi->key_id_len);
|
||||
-
|
||||
- if (esi->algo != BOFH_KEY_PKEY_ALGO) {
|
||||
- printk(KERN_ERR "invalid pkey algo %d\n", esi->algo);
|
||||
- retval = -ENOPKG;
|
||||
- goto out_free_esd;
|
||||
- }
|
||||
- if (esi->id_type != BOFH_KEY_ID_TYPE) {
|
||||
- printk(KERN_ERR "invalid key id type %d\n", esi->id_type);
|
||||
- retval = -ENOPKG;
|
||||
- goto out_free_esd;
|
||||
- }
|
||||
- if (esi->hash != BOFH_KEY_HASH_ALGO) {
|
||||
- printk(KERN_ERR "invalid hash algo %d\n", esi->hash);
|
||||
- retval = -ENOPKG;
|
||||
- goto out_free_esd;
|
||||
- }
|
||||
-
|
||||
- /* Read in signature */
|
||||
- sig = kzalloc(sig_len, GFP_KERNEL);
|
||||
- if (!sig) {
|
||||
- retval = -ENOMEM;
|
||||
- goto out_free_esd;
|
||||
- }
|
||||
-
|
||||
- offset = offset - sig_len;
|
||||
- retval = kernel_read(file, sig, sig_len, &offset);
|
||||
- offset -= sig_len;
|
||||
- if (retval != sig_len) {
|
||||
- if (retval >= 0) retval = -EIO;
|
||||
- goto out_free_sig;
|
||||
- }
|
||||
-
|
||||
- /* siglen is stored in first 2 bytes */
|
||||
- if ((sig_len - sizeof(uint16_t)) != __be16_to_cpu(*((uint16_t *) sig))) {
|
||||
- retval = -EIO;
|
||||
- goto out_free_sig;
|
||||
- }
|
||||
-
|
||||
- /* Read in skid */
|
||||
- key_id = kzalloc(esi->key_id_len, GFP_KERNEL);
|
||||
- if (!key_id) {
|
||||
- retval = -ENOMEM;
|
||||
- goto out_free_sig;
|
||||
- }
|
||||
-
|
||||
- offset = offset - esi->key_id_len;
|
||||
- retval = kernel_read(file, key_id, esi->key_id_len, &offset);
|
||||
- offset -= esi->key_id_len;
|
||||
- if (retval != esi->key_id_len) {
|
||||
- if (retval >= 0) retval = -EIO;
|
||||
- goto out_free_key_id;
|
||||
- }
|
||||
-
|
||||
- /* Read in signer_name */
|
||||
- signer_name = kzalloc(esi->signer_len, GFP_KERNEL);
|
||||
- if (!signer_name) {
|
||||
- retval = -ENOMEM;
|
||||
- goto out_free_key_id;
|
||||
- }
|
||||
-
|
||||
- offset = offset - esi->signer_len;
|
||||
- retval = kernel_read(file, signer_name, esi->signer_len, &offset);
|
||||
- if (retval != esi->signer_len) {
|
||||
- if (retval >= 0) retval = -EIO;
|
||||
- goto out_free_signer_name;
|
||||
- }
|
||||
-
|
||||
- /* obtain bofh's public key */
|
||||
- esd->pubkey = request_bofh_key(signer_name, esi->signer_len,
|
||||
- key_id, esi->key_id_len);
|
||||
- if (!esd->pubkey) {
|
||||
- printk(KERN_ERR "could not request bofh key\n");
|
||||
- retval = -EIO;
|
||||
- goto out_free_signer_name;
|
||||
- }
|
||||
-
|
||||
- /* construct public key signature */
|
||||
- esd->pks.pkey_algo = BOFH_KEY_PKEY_ALGO_STR;
|
||||
- esd->pks.hash_algo = BOFH_KEY_HASH_ALGO_STR;
|
||||
- /* siglen is stored in first 2 bytes */
|
||||
- esd->pks.s = sig + sizeof(uint16_t);
|
||||
- esd->pks.s_size = sig_len - sizeof(uint16_t);
|
||||
-
|
||||
- retval = esd_shash_init(esd);
|
||||
- if (retval < 0)
|
||||
- goto out_free_signer_name;
|
||||
-
|
||||
- kfree(elf_shtable);
|
||||
- kfree(signer_name);
|
||||
- kfree(key_id);
|
||||
- kfree(esi);
|
||||
-
|
||||
- return esd;
|
||||
-
|
||||
-out_free_signer_name:
|
||||
- kfree(signer_name);
|
||||
-out_free_key_id:
|
||||
- kfree(key_id);
|
||||
-out_free_sig:
|
||||
- kfree(sig);
|
||||
-out_free_esd:
|
||||
- kfree(esd);
|
||||
-out_free_esi:
|
||||
- kfree(esi);
|
||||
-out_free_shtable:
|
||||
- kfree(elf_shtable);
|
||||
- return ERR_PTR(retval);
|
||||
-}
|
||||
-
|
||||
-static void free_elf_sig_data (struct elf_sig_data *esd)
|
||||
-{
|
||||
- if (!esd) return;
|
||||
-
|
||||
- if (esd->desc && esd->desc->tfm)
|
||||
- crypto_free_shash(esd->desc->tfm);
|
||||
-
|
||||
- if (esd->desc)
|
||||
- kfree(esd->desc);
|
||||
-
|
||||
- kfree(esd);
|
||||
-}
|
||||
-
|
||||
-static void elf_digest_first_phdr (struct elfhdr *elfhdr,
|
||||
- struct elf_phdr *elf_ppnt, struct elf_sig_data *esd,
|
||||
- unsigned long map_addr)
|
||||
-{
|
||||
- unsigned int off_e_shoff = offsetof(struct elfhdr, e_shoff);
|
||||
- unsigned int off_e_flags = offsetof(struct elfhdr, e_flags);
|
||||
- unsigned int off_e_shnum = offsetof(struct elfhdr, e_shnum);
|
||||
-
|
||||
- /*
|
||||
- * If elf header is mapped in first segment, execlude e_shoff, e_shnum
|
||||
- * and e_shstrndx from digest calculation as this can change when
|
||||
- * signature section is added or executable is stripped after
|
||||
- * signing.
|
||||
- */
|
||||
-
|
||||
- if (!elf_ppnt->p_offset) {
|
||||
- /* ELF header is mapped into first PT_LOAD segment */
|
||||
- unsigned long sz = off_e_shoff;
|
||||
-
|
||||
- crypto_shash_update(esd->desc, (u8*)map_addr, sz);
|
||||
-
|
||||
- /* Digest e_flags to e_shentsize */
|
||||
- sz = off_e_shnum - off_e_flags;
|
||||
-
|
||||
- crypto_shash_update(esd->desc, (u8*)map_addr + off_e_flags, sz);
|
||||
-
|
||||
- /* Digest rest of the segment */
|
||||
- crypto_shash_update(esd->desc, (u8*)map_addr + elfhdr->e_ehsize,
|
||||
- elf_ppnt->p_filesz - elfhdr->e_ehsize);
|
||||
- } else {
|
||||
- /* Digest full segment */
|
||||
- crypto_shash_update(esd->desc, (u8*)map_addr,
|
||||
- elf_ppnt->p_filesz);
|
||||
- }
|
||||
-}
|
||||
-
|
||||
-static void elf_digest_phdr (struct elfhdr *ehdr, struct elf_phdr *phdr,
|
||||
- struct elf_sig_data *esd, unsigned long map_addr,
|
||||
- bool first_phdr)
|
||||
-{
|
||||
- /*
|
||||
- * Note: we get unhandled page domain fault (0x01b) while reading
|
||||
- * map_addr if CONFIG_CPU_SW_DOMAIN_PAN=y.
|
||||
- * Currently CONFIG_CPU_SW_DOMAIN_PAN is not set.
|
||||
- */
|
||||
-
|
||||
- /*
|
||||
- * If phdr->p_vaddr is not aligned, then elf_map() will map
|
||||
- * at aligned address. Take that into account
|
||||
- */
|
||||
- map_addr = map_addr + ELF_PAGEOFFSET(phdr->p_vaddr);
|
||||
-
|
||||
- if (first_phdr) {
|
||||
- elf_digest_first_phdr(ehdr, phdr, esd, map_addr);
|
||||
- } else {
|
||||
- crypto_shash_update(esd->desc, (u8*)map_addr, phdr->p_filesz);
|
||||
- }
|
||||
-}
|
||||
-
|
||||
-static int elf_finalize_digest_verify_signature (struct elf_sig_data *esd)
|
||||
-{
|
||||
- int retval = -1;;
|
||||
-
|
||||
- retval = crypto_shash_final(esd->desc, (u8*)esd->pks.digest);
|
||||
- if (retval < 0) return retval;
|
||||
-
|
||||
- retval = public_key_verify_signature((const struct public_key *) esd->pubkey,
|
||||
- (const struct public_key_signature *) &esd->pks);
|
||||
- if (retval < 0) {
|
||||
- printk(KERN_ERR "RSA_verify_signature returns %d\n", retval);
|
||||
- goto out;
|
||||
- }
|
||||
-
|
||||
- retval = 0;
|
||||
-out:
|
||||
- return retval;
|
||||
-}
|
||||
-
|
||||
-#endif /* BOFH_KEY_PRESENT */
|
||||
-
|
||||
#define BAD_ADDR(x) (unlikely((unsigned long)(x) >= TASK_SIZE))
|
||||
|
||||
static int set_brk(unsigned long start, unsigned long end, int prot)
|
||||
@@ -1227,11 +840,6 @@ static int load_elf_binary(struct linux_binprm *bprm)
|
||||
struct mm_struct *mm;
|
||||
struct pt_regs *regs;
|
||||
|
||||
-#if BOFH_KEY_PRESENT
|
||||
- struct elf_sig_data *esd = NULL;
|
||||
- bool first_signed_phdr = true;
|
||||
-#endif
|
||||
-
|
||||
retval = -ENOEXEC;
|
||||
/* First of all, some simple consistency checks */
|
||||
if (memcmp(elf_ex->e_ident, ELFMAG, SELFMAG) != 0)
|
||||
@@ -1417,18 +1025,6 @@ static int load_elf_binary(struct linux_binprm *bprm)
|
||||
start_data = 0;
|
||||
end_data = 0;
|
||||
|
||||
-#if BOFH_KEY_PRESENT
|
||||
- esd = elf_parse_binary_signature(elf_ex, bprm->file);
|
||||
- if (IS_ERR(esd)) {
|
||||
- printk(KERN_ERR "could not verify signature of %s\n",
|
||||
- bprm->filename);
|
||||
- retval = PTR_ERR(esd);
|
||||
- send_sig(SIGKILL, current, 0);
|
||||
- esd = NULL;
|
||||
- goto out_free_dentry;
|
||||
- }
|
||||
-#endif
|
||||
-
|
||||
/* Now we do a little grungy work by mmapping the ELF image into
|
||||
the correct location in memory. */
|
||||
for(i = 0, elf_ppnt = elf_phdata;
|
||||
@@ -1557,15 +1153,6 @@ static int load_elf_binary(struct linux_binprm *bprm)
|
||||
reloc_func_desc = load_bias;
|
||||
}
|
||||
}
|
||||
-
|
||||
-#if BOFH_KEY_PRESENT
|
||||
- /* Calculate digest of PT_LOAD segments */
|
||||
- if (esd) {
|
||||
- elf_digest_phdr(elf_ex, elf_ppnt, esd, error, first_signed_phdr);
|
||||
- first_signed_phdr = false;
|
||||
- }
|
||||
-#endif
|
||||
-
|
||||
k = elf_ppnt->p_vaddr;
|
||||
if ((elf_ppnt->p_flags & PF_X) && k < start_code)
|
||||
start_code = k;
|
||||
@@ -1600,23 +1187,6 @@ static int load_elf_binary(struct linux_binprm *bprm)
|
||||
}
|
||||
}
|
||||
|
||||
-#if BOFH_KEY_PRESENT
|
||||
- if (esd) {
|
||||
- /* Finalize digest and do signature verification */
|
||||
- retval = elf_finalize_digest_verify_signature(esd);
|
||||
- if (retval < 0) {
|
||||
- printk(KERN_ERR "unable to verify ELF signature of %s\n",
|
||||
- bprm->filename);
|
||||
- send_sig(SIGKILL, current, 0);
|
||||
- goto out_free_dentry;
|
||||
- } else {
|
||||
- printk(KERN_DEBUG "verified ELF signature of %s\n",
|
||||
- bprm->filename);
|
||||
- current->is_signed = 1;
|
||||
- }
|
||||
- }
|
||||
-#endif
|
||||
-
|
||||
e_entry = elf_ex->e_entry + load_bias;
|
||||
elf_bss += load_bias;
|
||||
elf_brk += load_bias;
|
||||
@@ -1740,9 +1310,6 @@ static int load_elf_binary(struct linux_binprm *bprm)
|
||||
start_thread(regs, elf_entry, bprm->p);
|
||||
retval = 0;
|
||||
out:
|
||||
-#if BOFH_KEY_PRESENT
|
||||
- if (esd) free_elf_sig_data(esd);
|
||||
-#endif
|
||||
return retval;
|
||||
|
||||
/* error cleanup */
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
#ifndef _BD_KEY_H
|
||||
#define _BD_KEY_H
|
||||
|
||||
static const unsigned char BD_KEY[] = { 0xa1, 0x73, 0x17, 0x9a, 0x5e, 0xf4, 0x42, 0xb9, 0xae, 0x8c,
|
||||
0xa3, 0xcd, 0x75, 0x63, 0xd3, 0x91, 0x4f, 0x11, 0xf1, 0x7b};
|
||||
#endif
|
||||
|
|
@ -1,7 +0,0 @@
|
|||
#ifndef _BOFH_KEY
|
||||
#define _BOFH_KEY
|
||||
|
||||
#define BOFH_KEY_PRESENT 0
|
||||
#warning bofh key is missing
|
||||
|
||||
#endif
|
||||
|
|
@ -4041,7 +4041,6 @@ CONFIG_CRYPTO_JITTERENTROPY=y
|
|||
# CONFIG_CRYPTO_USER_API_RNG is not set
|
||||
# CONFIG_CRYPTO_USER_API_AEAD is not set
|
||||
CONFIG_CRYPTO_HASH_INFO=y
|
||||
CONFIG_BOFH_KEY=y
|
||||
|
||||
#
|
||||
# Crypto library routines
|
||||
|
|
@ -4072,8 +4071,8 @@ CONFIG_PKCS7_MESSAGE_PARSER=y
|
|||
#
|
||||
# Certificates for signature checking
|
||||
#
|
||||
CONFIG_SYSTEM_TRUSTED_KEYRING=y
|
||||
CONFIG_SYSTEM_TRUSTED_KEYS="certs/firmware_signing.pem"
|
||||
# CONFIG_SYSTEM_TRUSTED_KEYRING is not set
|
||||
# CONFIG_SYSTEM_TRUSTED_KEYS is not set
|
||||
# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set
|
||||
# CONFIG_SECONDARY_TRUSTED_KEYRING is not set
|
||||
# CONFIG_SYSTEM_BLACKLIST_KEYRING is not set
|
||||
|
|
|
|||
|
|
@ -4390,7 +4390,6 @@ CONFIG_CRYPTO_JITTERENTROPY=y
|
|||
# CONFIG_CRYPTO_USER_API_RNG is not set
|
||||
# CONFIG_CRYPTO_USER_API_AEAD is not set
|
||||
CONFIG_CRYPTO_HASH_INFO=y
|
||||
CONFIG_BOFH_KEY=y
|
||||
|
||||
#
|
||||
# Crypto library routines
|
||||
|
|
@ -4423,8 +4422,8 @@ CONFIG_PKCS7_MESSAGE_PARSER=y
|
|||
#
|
||||
# Certificates for signature checking
|
||||
#
|
||||
CONFIG_SYSTEM_TRUSTED_KEYRING=y
|
||||
CONFIG_SYSTEM_TRUSTED_KEYS="certs/firmware_signing.pem"
|
||||
# CONFIG_SYSTEM_TRUSTED_KEYRING is not set
|
||||
# CONFIG_SYSTEM_TRUSTED_KEYS is not set
|
||||
# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set
|
||||
# CONFIG_SECONDARY_TRUSTED_KEYRING is not set
|
||||
# CONFIG_SYSTEM_BLACKLIST_KEYRING is not set
|
||||
|
|
|
|||
|
|
@ -1,48 +0,0 @@
|
|||
#ifndef _LICENSE_KEY_H
|
||||
#define _LICENSE_KEY_H
|
||||
|
||||
#define HMAC_KEY_SIZE 20
|
||||
#define SHA1_DIGEST_SIZE 20
|
||||
#define MOD_LENGTH 1536
|
||||
|
||||
/* RSA public key */
|
||||
|
||||
static
|
||||
unsigned char rsa1536E[MOD_LENGTH/8] =
|
||||
{
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x01,
|
||||
} ;
|
||||
|
||||
static
|
||||
unsigned char rsa1536N[MOD_LENGTH/8] =
|
||||
{
|
||||
0xA1, 0xFD, 0x5A, 0xC5, 0x77, 0xB8, 0xCC, 0x20, 0xFC, 0x80, 0xC2, 0xF0, 0xBD, 0x6F, 0x6F, 0x4A,
|
||||
0xEC, 0x70, 0xEE, 0x18, 0xBD, 0x6C, 0x07, 0xBB, 0xD6, 0x57, 0xE2, 0xE7, 0x3F, 0x2D, 0x51, 0x6D,
|
||||
0x9B, 0x76, 0xD7, 0x93, 0xCC, 0x1B, 0x7B, 0x38, 0x2F, 0x10, 0xEC, 0xAD, 0x3A, 0x79, 0x0C, 0xC6,
|
||||
0x74, 0x76, 0x93, 0x13, 0x6A, 0x20, 0xD9, 0xEB, 0x5B, 0x3C, 0x47, 0xB7, 0xCA, 0xAA, 0xFF, 0x7B,
|
||||
0x7F, 0x5A, 0x7D, 0xEE, 0xA3, 0x0B, 0xA0, 0x57, 0xB4, 0xB8, 0x77, 0xE9, 0xAD, 0x6D, 0xE8, 0xF7,
|
||||
0xF8, 0x2F, 0xE7, 0x49, 0xE5, 0x17, 0xBB, 0x7D, 0x5A, 0x6D, 0xF2, 0xD8, 0x1B, 0x01, 0x51, 0xB1,
|
||||
0x63, 0x48, 0xC1, 0x9E, 0x74, 0xE6, 0x64, 0xB1, 0x9C, 0xC9, 0xFC, 0x75, 0x73, 0x9F, 0x61, 0x89,
|
||||
0xE1, 0x10, 0x88, 0xFF, 0x90, 0x53, 0xE6, 0x4A, 0x41, 0x63, 0x01, 0x60, 0x2F, 0x85, 0x93, 0xAC,
|
||||
0x1A, 0x68, 0xAA, 0x8D, 0xBD, 0x31, 0x70, 0xF7, 0x48, 0x5B, 0xFF, 0x44, 0xC9, 0x63, 0xDC, 0xE4,
|
||||
0x25, 0x5E, 0xBA, 0xD5, 0x3E, 0x11, 0x55, 0xF4, 0x41, 0x58, 0xCF, 0xB3, 0x8A, 0x7A, 0x2B, 0xC3,
|
||||
0xA7, 0x07, 0x47, 0xAA, 0x88, 0x44, 0x18, 0x5C, 0x8B, 0x88, 0x64, 0x39, 0x07, 0xC4, 0xD1, 0x82,
|
||||
0x62, 0xA7, 0xDB, 0x9A, 0x53, 0x4D, 0xB9, 0x36, 0x69, 0x72, 0x01, 0x75, 0x88, 0x40, 0xD5, 0xF5,
|
||||
} ;
|
||||
|
||||
static char checksumKey[HMAC_KEY_SIZE] = {0x17, 0x5e, 0x73, 0x42, 0xb9, 0xae, 0x11, 0xcd, 0x91, 0xa3,
|
||||
0x9a, 0xf4, 0x8c, 0xa1, 0x7b, 0x4f, 0x63, 0xf1, 0x75, 0xd3};
|
||||
|
||||
#endif
|
||||
|
||||
|
|
@ -1,44 +0,0 @@
|
|||
#!/usr/bin/python3
|
||||
|
||||
def config_merge_log_is_ok(log_file):
|
||||
import re
|
||||
str1_pattern = re.compile("^Value requested for (.*) not in final \.config")
|
||||
requested_pattern = re.compile("^Requested value: (.*)$")
|
||||
actual_pattern = re.compile("^Actual value: (.*)$")
|
||||
is_not_set_pattern = re.compile("^# (.*) is not set$")
|
||||
val, requested = None, None
|
||||
with open(log_file, "r") as f:
|
||||
for line in f:
|
||||
if requested:
|
||||
match = actual_pattern.match(line)
|
||||
if not match:
|
||||
raise ValueError("Can't determine actual config value")
|
||||
actual = match.group(1)
|
||||
if (not actual) and is_not_set:
|
||||
val, requested = None, None
|
||||
continue
|
||||
return False
|
||||
if val:
|
||||
match = requested_pattern.match(line)
|
||||
if not match:
|
||||
raise ValueError("Can't determine requested config value")
|
||||
requested = match.group(1)
|
||||
match = is_not_set_pattern.match(requested)
|
||||
is_not_set = True if match else False
|
||||
continue
|
||||
if not val:
|
||||
match = str1_pattern.match(line)
|
||||
if not match:
|
||||
continue
|
||||
val = match.group(1)
|
||||
continue
|
||||
return True
|
||||
|
||||
if __name__ == "__main__":
|
||||
import sys
|
||||
try:
|
||||
ret = config_merge_log_is_ok(sys.argv[1])
|
||||
except Exception as err:
|
||||
ret = False
|
||||
if not ret:
|
||||
sys.exit(1)
|
||||
|
|
@ -11,18 +11,13 @@ KERNEL_MODULES_CONF_DIR = "${BPN}/modules"
|
|||
require ${KERNEL_MODULES_CONF_DIR}/${DISTRO}.inc
|
||||
require ${KERNEL_MODULES_CONF_DIR}/${NM_TARGET}.inc
|
||||
|
||||
headers_to_copy = "\
|
||||
bd-key.h \
|
||||
bofh-key.h \
|
||||
license-key.h \
|
||||
"
|
||||
|
||||
config = "${@' '.join(['conf/' + f for f in "\
|
||||
${NM_TARGET}_defconfig \
|
||||
".split()])}"
|
||||
|
||||
SRC_URI = "git://git.netmodule.intranet/NRSW/nmlinux-kernel.git;protocol=ssh;user=gitea;branch=nmlinux-kernel-upgrade\
|
||||
${@' '.join(['file://' + f for f in " ${headers_to_copy} ${config} ".split()])} \
|
||||
${@' '.join(['file://' + f for f in " ${config} ".split()])} \
|
||||
file://0001-remove-nrsw-specific-parts.patch \
|
||||
"
|
||||
|
||||
SRCREV ?= "${AUTOREV}"
|
||||
|
|
@ -43,60 +38,6 @@ do_configure:append() {
|
|||
if [ "${KERNEL_DEFCONFIG}" != "" ]; then
|
||||
oe_runmake ${KERNEL_DEFCONFIG}
|
||||
fi
|
||||
re="\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\)"
|
||||
NBSW_VERSION_MAJOR=$(echo ${ROOTFS_RELEASE} | sed "s/${re}/\1/")
|
||||
NBSW_VERSION_MINOR=$(echo ${ROOTFS_RELEASE} | sed "s/${re}/\2/")
|
||||
NBSW_VERSION_PATCH=$(echo ${ROOTFS_RELEASE} | sed "s/${re}/\3/")
|
||||
NBSW_VERSION_BUILD=$(echo ${ROOTFS_RELEASE} | sed "s/${re}/\4/")
|
||||
|
||||
cat << EOF > ${S}/include/nbsw.h
|
||||
#define NBSW_VERSION_MAJOR ${NBSW_VERSION_MAJOR}
|
||||
#define NBSW_VERSION_MINOR ${NBSW_VERSION_MINOR}
|
||||
#define NBSW_VERSION_PATCH ${NBSW_VERSION_PATCH}
|
||||
#define NBSW_VERSION_BUILD ${NBSW_VERSION_BUILD}
|
||||
#define NBSW_VERSION_DATE "$(date +%Y%m%d%H%M%S)"
|
||||
#define NBSW_PROFILE "$(echo ${NM_TARGET} | awk '{ print toupper($0) }')"
|
||||
#define NBSW_TARGET_${NM_TARGET}_${NM_ARCH} 1
|
||||
EOF
|
||||
for f in ${headers_to_copy}; do
|
||||
cp ${WORKDIR}/${f} ${S}/include/
|
||||
done
|
||||
openssl x509 -in ${S}/firmware.crt -outform PEM -out ${S}/certs/firmware_signing.pem
|
||||
|
||||
bbnote "Writing genkey config to ${B}/certs/x509.genkey"
|
||||
mkdir -p ${B}/certs/
|
||||
cat > ${B}/certs/x509.genkey << EOF
|
||||
[ req ]
|
||||
default_bits = 2048
|
||||
distinguished_name = req_distinguished_name
|
||||
prompt = no
|
||||
string_mask = utf8only
|
||||
x509_extensions = myexts
|
||||
|
||||
[ req_distinguished_name ]
|
||||
O = ${VENDOR_NAME} ${VENDOR_EXT}
|
||||
L = ${VENDOR_LOCATION}
|
||||
CN = ${PRODUCT} signing key
|
||||
emailAddress = ${VENDOR_EMAIL}
|
||||
|
||||
[ myexts ]
|
||||
basicConstraints=critical,CA:FALSE
|
||||
keyUsage=digitalSignature
|
||||
subjectKeyIdentifier=hash
|
||||
authorityKeyIdentifier=keyid
|
||||
|
||||
EOF
|
||||
|
||||
# install BOFH key, if available
|
||||
PROFILE=$(echo "${NM_TARGET}" | tr '[:lower:]' '[:upper:]')
|
||||
BOFH_CERT="${BOFH_KEY_PATH}/public/bofhkey-${PROFILE}.pub.crt"
|
||||
if [ -r "$BOFH_CERT" ] ; then
|
||||
BOFH_KEY_FILE="${S}/include/bofh-key.h"
|
||||
GENBOFHKEY="genbofhkey"
|
||||
if ! $GENBOFHKEY -c $BOFH_CERT -o $BOFH_KEY_FILE; then
|
||||
bbfatal_log "unable to add bofh key"
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
FILES_${KERNEL_PACKAGE_NAME}-image += "${KERNEL_IMAGEDEST}/kernel.bin"
|
||||
|
|
|
|||
Loading…
Reference in New Issue