diff --git a/conf/keys/cfs/cfs-dev.pub b/conf/keys/cfs/cfs-dev.pub new file mode 100644 index 00000000..38207f99 --- /dev/null +++ b/conf/keys/cfs/cfs-dev.pub @@ -0,0 +1 @@ +KQwl5q4hQjwQxu+BYfm4GpFkdgdP2qG19KOmuv67xjM= \ No newline at end of file diff --git a/conf/keys/cfs/cfs-dev.sec b/conf/keys/cfs/cfs-dev.sec new file mode 100644 index 00000000..c50ad510 --- /dev/null +++ b/conf/keys/cfs/cfs-dev.sec @@ -0,0 +1,2 @@ +Ga5I1u55+hH9kNKLFzztqBpKL0uI/IoAOg0jhwAwAWIpDCXmriFCPBDG74Fh+bgakWR2B0/aobX0 +o6a6/rvGMw== diff --git a/conf/local.conf b/conf/local.conf index 377eb870..847fabf5 100644 --- a/conf/local.conf +++ b/conf/local.conf @@ -109,3 +109,10 @@ UEFI_SIGN_KEYDIR[vardepsexclude] += "TOPDIR" STM32_ROT_KEY_PATH ??= "${TOPDIR}/../tools/lmp-tools/security/stm32mp1/" STM32_ROT_KEY_PATH[vardepsexclude] += "TOPDIR" STM32_ROT_KEY_PASSWORD ??= "foundries" + +# +# ComposeFS signatures +# +CFS_SIGN_KEYDIR ??= "${TOPDIR}/conf/keys/cfs" +CFS_SIGN_KEYNAME ?= "cfs-dev" +CFS_SIGN_KEYDIR[vardepsexclude] += "TOPDIR" diff --git a/setup-environment-internal b/setup-environment-internal index af4f7ec3..ee71bc5c 100644 --- a/setup-environment-internal +++ b/setup-environment-internal @@ -200,6 +200,10 @@ if [ -d "${MANIFESTS}"/conf/keys ]; then if [ ! -d "conf/keys/platform" ]; then ln -sf "${MANIFESTS}"/conf/keys/platform conf/keys/platform fi + # Link Composefs keys + if [ ! -d "conf/keys/cfs" ]; then + ln -sf "${MANIFESTS}"/conf/keys/cfs conf/keys/cfs + fi fi # Factory specific keys (unique per factory) @@ -237,6 +241,10 @@ if [ -d "${MANIFESTS}"/factory-keys ]; then if [ -d "${MANIFESTS}"/factory-keys/platform ] && [ ! -d "conf/factory-keys/platform" ]; then ln -sf "${MANIFESTS}"/factory-keys/platform conf/factory-keys/platform fi + # Link Composefs keys if not set by the user + if [ -d "${MANIFESTS}"/factory-keys/cfs ] && [ ! -d "conf/factory-keys/cfs" ]; then + ln -sf "${MANIFESTS}"/conf/keys/cfs conf/keys/cfs + fi fi ln -sf "${MANIFESTS}"/conf/bblayers.conf conf/bblayers.conf