diff options
| author | Adriana Kobylak <anoo@us.ibm.com> | 2018-05-07 13:31:10 -0500 |
|---|---|---|
| committer | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2018-05-22 02:13:47 +0000 |
| commit | cf67f01008fbc06064ffbc4e99043a8363bdaada (patch) | |
| tree | 2a7cbc96cdd40495c7aa67debf6fb6f018e97b07 | |
| parent | 908edf79e735d611401074de17320f075ea35b34 (diff) | |
| download | talos-openbmc-cf67f01008fbc06064ffbc4e99043a8363bdaada.tar.gz talos-openbmc-cf67f01008fbc06064ffbc4e99043a8363bdaada.zip | |
Witherspoon: Enable PNOR signature verification
Enable signature verification in the openpower-software-manager code
for witherspoon. This causes an error to be logged if updating to
an unsigned image, or image signed with a different key than the one
on the system, and if field mode is set, it'll stop the activation
process.
Tested: PNOR signature verification is enforced on witherspoon,
verified error is logged with and without field mode enabled, and
activation is prevented with field mode enabled.
Change-Id: I6b8b74f146066da058e137779faf9af157f7131b
Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>
| -rw-r--r-- | meta-openbmc-machines/meta-openpower/meta-ibm/meta-witherspoon/recipes-phosphor/flash/openpower-software-manager.bbappend | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/meta-openbmc-machines/meta-openpower/meta-ibm/meta-witherspoon/recipes-phosphor/flash/openpower-software-manager.bbappend b/meta-openbmc-machines/meta-openpower/meta-ibm/meta-witherspoon/recipes-phosphor/flash/openpower-software-manager.bbappend new file mode 100644 index 000000000..3dcc25dd7 --- /dev/null +++ b/meta-openbmc-machines/meta-openpower/meta-ibm/meta-witherspoon/recipes-phosphor/flash/openpower-software-manager.bbappend @@ -0,0 +1 @@ +PACKAGECONFIG_append_df-openpower-ubi-fs = " verify_pnor_signature" |
