diff mbox series

[isar-cip-core,4/9] u-boot: Use efisebdb with trixie for generating the UEFI key database

Message ID 6d99a378b11f36b48bb236e45b6582d064eb1199.1730977077.git.jan.kiszka@siemens.com (mailing list archive)
State New
Headers show
Series Enable early Debian trixie support, drop sid | expand

Commit Message

Jan Kiszka Nov. 7, 2024, 10:57 a.m. UTC 
From: Jan Kiszka <jan.kiszka@siemens.com>

Latest peboot dropped efisiglist and points to efisebdb from the efivar
package instead. That requires us to specify a key owner GUID, and we
use a random one here for our demo purposes.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
---
 recipes-bsp/u-boot/files/rules.tmpl          | 8 ++++++--
 recipes-bsp/u-boot/u-boot-common-2024.01.inc | 5 ++++-
 2 files changed, 10 insertions(+), 3 deletions(-)
diff mbox series

Patch

diff --git a/recipes-bsp/u-boot/files/rules.tmpl b/recipes-bsp/u-boot/files/rules.tmpl
index c697cdb7..593919c3 100755
--- a/recipes-bsp/u-boot/files/rules.tmpl
+++ b/recipes-bsp/u-boot/files/rules.tmpl
@@ -1,6 +1,6 @@ 
 #!/usr/bin/make -f
 #
-# Copyright (c) Siemens AG, 2018-2022
+# Copyright (c) Siemens AG, 2018-2024
 #
 # SPDX-License-Identifier: MIT
 
@@ -13,7 +13,11 @@  override_dh_auto_build:
 	if [ -e /usr/share/secure-boot-secrets/secure-boot.pem ]; then \
 		openssl x509 -in /usr/share/secure-boot-secrets/secure-boot.pem -out secure-boot.der -outform der; \
 		rm -f secure-boot.esl; \
-		efisiglist -a -c secure-boot.der -o secure-boot.esl; \
+		if [ -x /usr/bin/efisecdb ]; then \
+			efisecdb -g 32db313c-f7d4-42a6-9a49-e32870001c63 -a -c secure-boot.der -o secure-boot.esl; \
+		else \
+			efisiglist -a -c secure-boot.der -o secure-boot.esl; \
+		fi; \
 		rm -f ubootefi.var; \
 		tools/efivar.py set -i ubootefi.var -n PK -d secure-boot.esl -t file; \
 		tools/efivar.py set -i ubootefi.var -n KEK -d secure-boot.esl -t file; \
diff --git a/recipes-bsp/u-boot/u-boot-common-2024.01.inc b/recipes-bsp/u-boot/u-boot-common-2024.01.inc
index 69427322..5a020da2 100644
--- a/recipes-bsp/u-boot/u-boot-common-2024.01.inc
+++ b/recipes-bsp/u-boot/u-boot-common-2024.01.inc
@@ -24,7 +24,10 @@  S = "${WORKDIR}/u-boot-${PV}"
 DEBIAN_BUILD_DEPENDS += ", libssl-dev:native, libssl-dev:${DISTRO_ARCH}"
 
 DEBIAN_BUILD_DEPENDS:append:secureboot = ", \
-    openssl, pesign, secure-boot-secrets, python3-openssl:native"
+    openssl, efivar, secure-boot-secrets, python3-openssl:native"
+DEBIAN_BUILD_DEPENDS:append:secureboot:buster   = ", pesign"
+DEBIAN_BUILD_DEPENDS:append:secureboot:bullseye = ", pesign"
+DEBIAN_BUILD_DEPENDS:append:secureboot:bookworm = ", pesign"
 DEPENDS:append:secureboot = " secure-boot-secrets"
 
 do_prepare_build:append:secureboot() {