diff options
author | tpearson@raptorengineering.com <tpearson@raptorengineering.com> | 2016-08-18 04:45:47 -0500 |
---|---|---|
committer | Samuel Mendoza-Jonas <sam@mendozajonas.com> | 2016-08-26 13:23:01 +1000 |
commit | 86c9d34380b0074dab1ba89a569a94280d6999c4 (patch) | |
tree | 22cf0cccbd4022d150e231adcb360b3bcf528cda /lib/Makefile.am | |
parent | 5496eee36f70631ae45403f90ed7b4dc143f27c0 (diff) | |
download | talos-petitboot-86c9d34380b0074dab1ba89a569a94280d6999c4.tar.gz talos-petitboot-86c9d34380b0074dab1ba89a569a94280d6999c4.zip |
Add support for GPG signature enforcement on booted
kernels and related blobs
This can be used to implement a form of organization-controlled secure boot,
whereby kernels may be loaded from a variety of sources but they will only
boot if a valid signature file is found for each component, and only if the
signature is listed in the /etc/pb-lockdown file.
Signed-off-by: Timothy Pearson <tpearson@raptorengineering.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
(Minor build fixes and gpgme.m4, comment on secure boot in gpg.c)
Diffstat (limited to 'lib/Makefile.am')
-rw-r--r-- | lib/Makefile.am | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/lib/Makefile.am b/lib/Makefile.am index 09bc1aa..bb7dfe4 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -20,6 +20,13 @@ lib_libpbcore_la_CPPFLAGS = \ $(AM_CPPFLAGS) \ -DPREFIX='"$(prefix)"' +if WITH_GPGME +gpg_int_SOURCES = lib/security/gpg..h \ + lib/security/gpg.c +else +gpg_int_SOURCES = +endif + lib_libpbcore_la_SOURCES = \ lib/file/file.h \ lib/file/file.c \ @@ -50,7 +57,8 @@ lib_libpbcore_la_SOURCES = \ lib/util/util.c \ lib/util/util.h \ lib/flash/config.h \ - lib/flash/flash.h + lib/flash/flash.h \ + $(gpg_int_SOURCES) if ENABLE_MTD lib_libpbcore_la_SOURCES += \ |