* Adding keys to BMC production build
@ 2021-03-11 2:17 Patrick Voelker
2021-03-11 2:35 ` Troy Lee
2021-03-11 14:57 ` Bruce Mitchell
0 siblings, 2 replies; 4+ messages in thread
From: Patrick Voelker @ 2021-03-11 2:17 UTC (permalink / raw)
To: OpenBMC (openbmc@lists.ozlabs.org)
[-- Attachment #1: Type: text/plain, Size: 149 bytes --]
Is there a page or document with instructions for adding a custom key for signing the production BMC build? I haven't had any luck finding it yet.
[-- Attachment #2: Type: text/html, Size: 181 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* RE: Adding keys to BMC production build
2021-03-11 2:17 Adding keys to BMC production build Patrick Voelker
@ 2021-03-11 2:35 ` Troy Lee
2021-03-11 16:51 ` Joseph Reynolds
2021-03-11 14:57 ` Bruce Mitchell
1 sibling, 1 reply; 4+ messages in thread
From: Troy Lee @ 2021-03-11 2:35 UTC (permalink / raw)
To: Patrick Voelker, OpenBMC (openbmc@lists.ozlabs.org)
[-- Attachment #1: Type: text/plain, Size: 627 bytes --]
Hi Patrick,
You could assign SIGNING_KEY to your private key for signing image.
If it is not set, meta-phosphor/recipes-phosphor/flash/phosphor-insecure-signing-key-native.bb will be applied.
Thanks,
Troy Lee
From: openbmc <openbmc-bounces+troy_lee=aspeedtech.com@lists.ozlabs.org> On Behalf Of Patrick Voelker
Sent: Thursday, March 11, 2021 10:18 AM
To: OpenBMC (openbmc@lists.ozlabs.org) <openbmc@lists.ozlabs.org>
Subject: Adding keys to BMC production build
Is there a page or document with instructions for adding a custom key for signing the production BMC build? I haven't had any luck finding it yet.
[-- Attachment #2: Type: text/html, Size: 2752 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* RE: Adding keys to BMC production build
2021-03-11 2:17 Adding keys to BMC production build Patrick Voelker
2021-03-11 2:35 ` Troy Lee
@ 2021-03-11 14:57 ` Bruce Mitchell
1 sibling, 0 replies; 4+ messages in thread
From: Bruce Mitchell @ 2021-03-11 14:57 UTC (permalink / raw)
To: Troy Lee, Klaus Heinrich Kiwi, Patrick Voelker
Cc: OpenBMC (openbmc@lists.ozlabs.org)
-----"openbmc" <openbmc-bounces+bruce.mitchell=ibm.com@lists.ozlabs.org> wrote: -----
>To: Patrick Voelker <Patrick_Voelker@phoenix.com>, "OpenBMC
>(openbmc@lists.ozlabs.org)" <openbmc@lists.ozlabs.org>
>From: Troy Lee
>Sent by: "openbmc"
>Date: 03/10/2021 18:35
>Subject: [EXTERNAL] RE: Adding keys to BMC production build
>
> Hi Patrick, You could assign SIGNING_KEY
>to your private key for signing image. If it is not set,
>meta-phosphor/recipes-phosphor/flash/phosphor-insecure-signing-key
>-native.bb will be applied. Thanks,
>
>
>
> Hi Patrick,
>
> You could assign SIGNING_KEY to your private key for signing
>image.
> If it is not set,
>meta-phosphor/recipes-phosphor/flash/phosphor-insecure-signing-key
>-native.bb will be applied.
>
> Thanks,
> Troy Lee
>
>
>
> From: openbmc
><openbmc-bounces+troy_lee=aspeedtech.com@lists.ozlabs.org> On
>Behalf Of Patrick Voelker
> Sent: Thursday, March 11, 2021 10:18 AM
> To: OpenBMC (openbmc@lists.ozlabs.org) <openbmc@lists.ozlabs.org>
> Subject: Adding keys to BMC production build
>
> Is there a page or document with instructions for adding a custom
>key for signing the production BMC build? I haven't had any luck
>finding it yet.
>
Hi Patrick,
Also check with Klaus as well.
--
Bruce
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Adding keys to BMC production build
2021-03-11 2:35 ` Troy Lee
@ 2021-03-11 16:51 ` Joseph Reynolds
0 siblings, 0 replies; 4+ messages in thread
From: Joseph Reynolds @ 2021-03-11 16:51 UTC (permalink / raw)
To: Troy Lee, Patrick Voelker, OpenBMC (openbmc@lists.ozlabs.org),
Bruce.Mitchell
On 3/10/21 8:35 PM, Troy Lee wrote:
> Hi Patrick, You could assign SIGNING_KEY to your private key for
> signing image. If it is not set,
> meta-phosphor/recipes-phosphor/flash/phosphor-insecure-signing-key-native.bb
> will be applied. Thanks,
>
>
> Hi Patrick,
>
> You could assign SIGNING_KEY to your private key for signing image.
>
> If it is not set,
> meta-phosphor/recipes-phosphor/flash/phosphor-insecure-signing-key-native.bb
> will be applied.
>
> Thanks,
>
> Troy Lee
>
> *From:* openbmc
> <openbmc-bounces+troy_lee=aspeedtech.com@lists.ozlabs.org> *On Behalf
> Of *Patrick Voelker
> *Sent:* Thursday, March 11, 2021 10:18 AM
> *To:* OpenBMC (openbmc@lists.ozlabs.org) <openbmc@lists.ozlabs.org>
> *Subject:* Adding keys to BMC production build
>
> Is there a page or document with instructions for adding a custom key
> for signing the production BMC build? I haven't had any luck finding
> it yet.
>
Yes, sort of. The OpenBMC "Configuration Guide" wiki has items like this:
https://github.com/openbmc/openbmc/wiki/Configuration-guide#image-signature
Troy, I've added your info to the wiki. Thank you!
The OpenBMC security working group has discussed migrating the config
guide into the docs repo. Any volunteers?
-Joseph
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-03-11 17:00 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-03-11 2:17 Adding keys to BMC production build Patrick Voelker
2021-03-11 2:35 ` Troy Lee
2021-03-11 16:51 ` Joseph Reynolds
2021-03-11 14:57 ` Bruce Mitchell
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).