-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathsc-init-build-env
73 lines (54 loc) · 1.72 KB
/
sc-init-build-env
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
source poky/oe-init-build-env build-secure-core
S="${BASH_SOURCE[0]}"
D=`dirname "$S"`
SECURE_CORE_ROOT="`cd "$D"/.. && pwd`"
cat <<EOF>>conf/local.conf
# SecureCore-specific settings
MACHINE_forcevariable = "qemux86-64"
INITRAMFS_IMAGE = "secure-core-image-initramfs"
VIRTUAL-RUNTIME_init_manager = "systemd"
DISTRO_FEATURES_NATIVE_append += "systemd ima tpm tpm2 efi-secure-boot luks"
DISTRO_FEATURES_append += "\
systemd ima tpm tpm2 efi-secure-boot luks modsign pam intel-sgx \
"
MACHINE_FEATURES_NATIVE_append += "efi"
MACHINE_FEATURES_append += "efi"
SECURE_CORE_IMAGE_EXTRA_INSTALL_append += "\
kernel-image-bzimage \
"
RPM_GPG_NAME ??= ""
RPM_GPG_PASSPHRASE ??= ""
DEBUG_FLAGS_forcevariable = ""
EOF
if [ -s "$SECURE_CORE_ROOT/extra-init-build-env" ]; then
cat "$SECURE_CORE_ROOT/extra-init-build-env" >> conf/local.conf
fi
LAYERS="\
meta-openembedded/meta-oe \
meta-openembedded/meta-perl \
meta-openembedded/meta-networking \
meta-openembedded/meta-python \
meta-secure-core/meta \
meta-secure-core/meta-signing-key \
meta-secure-core/meta-tpm \
meta-secure-core/meta-tpm2 \
meta-secure-core/meta-efi-secure-boot \
meta-secure-core/meta-integrity \
meta-secure-core/meta-encrypted-storage \
meta-secure-core/meta-ids \
meta-secure-core/meta-intel-sgx \
"
for layer in `echo -n $LAYERS | tac`; do
if [ -e ../$layer ]; then
sed -i \
"s#^\(.*\)poky/meta-yocto-bsp\(.*\)#\1$layer \\\\\n\1poky/meta-yocto-bsp\2#" \
conf/bblayers.conf
fi
done
cat <<EOF>>conf/local.conf
INHERIT += "sign_rpm_ext"
#PREFERRED_VERSION_tpm2-tss = "git"
#PREFERRED_VERSION_tpm2-abrmd = "git"
#PREFERRED_VERSION_tpm2-tools = "git"
EOF
touch .configured