Port 0001-Use-Titanium-certificate.patch from Centos
Test Plan:
Pass: successfully build test
Pass: successfully intall test
Story: 2009221
Task: 44124
Signed-off-by: Yue Tao <yue.tao@windriver.com>
Change-Id: Ic73ccf6825e033bef70b36b6e7b44491b9b1b865
This update makes use of the PKG_GITREVCOUNT variable
to auto-version the packages in this repo.
Story: 2007750
Task: 39951
Change-Id: I854419c922b9db4edbbf6f1e987a982ec2ec7b59
Signed-off-by: Dongqi Chen <chen.dq@neusoft.com>
Secure Boot's hasn't been tested since July 2018
The principle players in the Secure Boot chain of trust are Shim,
Grub, and the Linux kernel. All three components have seen multiple
upgrades since the last test.
A new build option has been added to shim, (ENABLE_SHIM_CERT) that
enables/disables the support for an embedded shim key. It defaults
to disabled. It also controls the generation of a random shim key,
and the build time signing of fallback and MokManager components.
Since we don't want a random shim key (reproducable builds), and we do
signing as a post build step, leaving it disabled seemed like the correct
setting initially... until it's function to disable shim keys entirely
was discovered.
This update reworks the shim patch so that we can embed a prebuilt
shim key, and still have shim key functionality active.
Closes-Bug: 1864245
Change-Id: Ibcb6bcfe3060ce0b3e2c2f3c23908bb7127b0ccd
Signed-off-by: Scott Little <scott.little@windriver.com>
It is introduced by CentOS 7.6 upgrade.
Story: 2004660
Task: 28705
Change-Id: I6184b8ab9213eb995eb409cfeef6153f4fb4233a
Signed-off-by: Shuicheng Lin <shuicheng.lin@intel.com>
