diff options
author | Adriana Kobylak <anoo@us.ibm.com> | 2018-03-29 15:16:09 -0500 |
---|---|---|
committer | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2018-04-13 14:22:08 +0000 |
commit | acff95b917b051a71ca3979793cccfff724a5821 (patch) | |
tree | d1e4157139d1da116742293337a37aa2913dc3de /meta-phosphor/common | |
parent | fcdc2564c7583e0b8812aed351278d9df3efa9bf (diff) | |
download | talos-openbmc-acff95b917b051a71ca3979793cccfff724a5821.tar.gz talos-openbmc-acff95b917b051a71ca3979793cccfff724a5821.zip |
witherspoon: Enable BMC signature verification
Enable signature verification in the phosphor-software-manager code
for witherspoon. This causes an error to be logged if updating to
an unsigned image, or image signed with a different key than the one
on the system, and if field mode is set, it'll stop the activation
process.
Tested: Signature verification is enforced on witherspoon,
verified error is logged with and without field mode enabled, and
activation is prevented with field mode enabled.
Change-Id: Ifc8f8054f8d852cc16942af9cbf58d60aff3fc33
Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>
Diffstat (limited to 'meta-phosphor/common')
-rw-r--r-- | meta-phosphor/common/recipes-phosphor/flash/phosphor-software-manager.bb | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/meta-phosphor/common/recipes-phosphor/flash/phosphor-software-manager.bb b/meta-phosphor/common/recipes-phosphor/flash/phosphor-software-manager.bb index 43e363bb8..43e5aba62 100644 --- a/meta-phosphor/common/recipes-phosphor/flash/phosphor-software-manager.bb +++ b/meta-phosphor/common/recipes-phosphor/flash/phosphor-software-manager.bb @@ -23,6 +23,8 @@ DBUS_PACKAGES = "${SOFTWARE_MGR_PACKAGES}" # handles the rest. SYSTEMD_PACKAGES = "" +PACKAGECONFIG[verify_signature] = "--enable-verify_signature,--disable-verify_signature" + inherit autotools pkgconfig inherit obmc-phosphor-dbus-service inherit pythonnative |