* single or authoritative home for sbsigntool?
@ 2018-01-19 21:07 Randy MacLeod
2018-01-19 22:10 ` Randy MacLeod
0 siblings, 1 reply; 2+ messages in thread
From: Randy MacLeod @ 2018-01-19 21:07 UTC (permalink / raw)
To: meta-intel, Huang, Jie (Jackie),
Slater, Joseph, Yocto discussion list, luv,
california.l.sullivan, zhang.jia
In chasing down a rare ccan configuration bug that sbsigntool-native
trips over, I noticed that there are several sbsigntool-native recipes,
all alike but not identical.
We have a few in the layer index:
https://layers.openembedded.org/layerindex/branch/master/recipes/?q=sbsigntool
and more elsewhere:
https://www.google.ca/search?q=sbsigntool-native
and even:
https://www.google.ca/search?q=meta-secure-core
The meta-intel and meta-secure-core versions were somewhat different but
that seems to be due to lack of co-operation rather than different
requirements.
Does it make sense to have a single version of the recipe in
a signing-key layer with the actual keys kept elsewhere I'd expect.
If so, what layer would make the most sense?
How about picking:
https://layers.openembedded.org/layerindex/branch/master/layer/meta-signing-key/
There is likely other recipe duplication in secure boot layers but
it's not something that I work on directly so I'm only mentioning
sbsigntool. Feel free to reduce more duplication!
Thanks,
--
# Randy MacLeod. WR Linux
# Wind River an Intel Company
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: single or authoritative home for sbsigntool?
2018-01-19 21:07 single or authoritative home for sbsigntool? Randy MacLeod
@ 2018-01-19 22:10 ` Randy MacLeod
0 siblings, 0 replies; 2+ messages in thread
From: Randy MacLeod @ 2018-01-19 22:10 UTC (permalink / raw)
To: meta-intel, Huang, Jie (Jackie),
Slater, Joseph, Yocto discussion list, california.l.sullivan,
zhang.jia, megha.dey
+Megha
-luv@lists.01.org since you have to be a member to send to the list.
../Randy
On 2018-01-19 04:07 PM, Randy MacLeod wrote:
>
> In chasing down a rare ccan configuration bug that sbsigntool-native
> trips over, I noticed that there are several sbsigntool-native recipes,
> all alike but not identical.
>
> We have a few in the layer index:
>
> https://layers.openembedded.org/layerindex/branch/master/recipes/?q=sbsigntool
>
>
> and more elsewhere:
> https://www.google.ca/search?q=sbsigntool-native
> and even:
> https://www.google.ca/search?q=meta-secure-core
>
> The meta-intel and meta-secure-core versions were somewhat different but
> that seems to be due to lack of co-operation rather than different
> requirements.
>
> Does it make sense to have a single version of the recipe in
> a signing-key layer with the actual keys kept elsewhere I'd expect.
>
> If so, what layer would make the most sense?
> How about picking:
>
> https://layers.openembedded.org/layerindex/branch/master/layer/meta-signing-key/
>
>
>
> There is likely other recipe duplication in secure boot layers but
> it's not something that I work on directly so I'm only mentioning
> sbsigntool. Feel free to reduce more duplication!
>
> Thanks,
>
--
# Randy MacLeod. WR Linux
# Wind River an Intel Company
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2018-01-19 22:10 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-01-19 21:07 single or authoritative home for sbsigntool? Randy MacLeod
2018-01-19 22:10 ` Randy MacLeod
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.