| Message ID | 20231123105340.3929836-1-mikko.rapeli@linaro.org |
|---|---|
| State | New |
| Headers | show |
| Series | [meta-security] tpm2-tss: support native builds | expand |
Hi Mikko, Mikko Rapeli <mikko.rapeli@linaro.org> escreveu no dia quinta, 23/11/2023 à(s) 10:53: > systemd tool ukify > https://www.freedesktop.org/software/systemd/man/latest/ukify.html > depends on systemd-measure > > https://www.freedesktop.org/software/systemd/man/latest/systemd-measure.html > which depends on tpm2-tss. So to support creating UKI > images containing both kernel and initramfs with systemd-native, > Is systemd-native supported in any public layer? I saw some proposals on the oe-core mailing list but they were not integrated. Jose > tpm2-tss support is needed for native too. > > Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org> > --- > meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_4.0.1.bb | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_4.0.1.bb > b/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_4.0.1.bb > index 6386105..dceebc2 100644 > --- a/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_4.0.1.bb > +++ b/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_4.0.1.bb > @@ -93,3 +93,5 @@ FILES:${PN} = "\ > ${sysconfdir}/sysusers.d" > > RDEPENDS:libtss2 = "libgcrypt" > + > +BBCLASSEXTEND = "native" > -- > 2.34.1 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#61734): > https://lists.yoctoproject.org/g/yocto/message/61734 > Mute This Topic: https://lists.yoctoproject.org/mt/102764925/5052612 > Group Owner: yocto+owner@lists.yoctoproject.org > Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [ > quaresma.jose@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- > >
Hi, On Thu, Nov 23, 2023 at 11:01:12AM +0000, Jose Quaresma wrote: > Hi Mikko, > > Mikko Rapeli <mikko.rapeli@linaro.org> escreveu no dia quinta, 23/11/2023 > �(s) 10:53: > > > systemd tool ukify > > https://www.freedesktop.org/software/systemd/man/latest/ukify.html > > depends on systemd-measure > > > > https://www.freedesktop.org/software/systemd/man/latest/systemd-measure.html > > which depends on tpm2-tss. So to support creating UKI > > images containing both kernel and initramfs with systemd-native, > > > > Is systemd-native supported in any public layer? > I saw some proposals on the oe-core mailing list but they were not > integrated. Not yet. But for uki and systemd style secure boot that will be needed. Current public systemd-native proposal is in https://lore.kernel.org/all/20230901233231.1109712-1-michelle.linto91@gmail.com/T/ and on Linaro side we're checking that among other things. There will likely be a need to move some recipes to oe-core so that singing etc tooling can be compiled from there without additional layers. But all this depends on how maintainers see the situation. Cheers, -Mikko
Mikko Rapeli <mikko.rapeli@linaro.org> escreveu no dia quinta, 23/11/2023 à(s) 11:07: > Hi, > > On Thu, Nov 23, 2023 at 11:01:12AM +0000, Jose Quaresma wrote: > > Hi Mikko, > > > > Mikko Rapeli <mikko.rapeli@linaro.org> escreveu no dia quinta, > 23/11/2023 > > à(s) 10:53: > > > > > systemd tool ukify > > > https://www.freedesktop.org/software/systemd/man/latest/ukify.html > > > depends on systemd-measure > > > > > > > https://www.freedesktop.org/software/systemd/man/latest/systemd-measure.html > > > which depends on tpm2-tss. So to support creating UKI > > > images containing both kernel and initramfs with systemd-native, > > > > > > > Is systemd-native supported in any public layer? > > I saw some proposals on the oe-core mailing list but they were not > > integrated. > > Not yet. But for uki and systemd style secure boot that will be needed. > Current public systemd-native proposal is in > > https://lore.kernel.org/all/20230901233231.1109712-1-michelle.linto91@gmail.com/T/ > and on Linaro side we're checking that among other things. There will > likely > be a need to move some recipes to oe-core so that singing etc tooling can > be > compiled from there without additional layers. But all this depends on how > maintainers > see the situation. > We at Foundries.io are also very interested in the uki and friends. Thanks for all the details and clarifications. Jose > Cheers, > > -Mikko >
diff --git a/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_4.0.1.bb b/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_4.0.1.bb index 6386105..dceebc2 100644 --- a/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_4.0.1.bb +++ b/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_4.0.1.bb @@ -93,3 +93,5 @@ FILES:${PN} = "\ ${sysconfdir}/sysusers.d" RDEPENDS:libtss2 = "libgcrypt" + +BBCLASSEXTEND = "native"
systemd tool ukify https://www.freedesktop.org/software/systemd/man/latest/ukify.html depends on systemd-measure https://www.freedesktop.org/software/systemd/man/latest/systemd-measure.html which depends on tpm2-tss. So to support creating UKI images containing both kernel and initramfs with systemd-native, tpm2-tss support is needed for native too. Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org> --- meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_4.0.1.bb | 2 ++ 1 file changed, 2 insertions(+)