From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Tue, 15 Apr 2025 14:23:28 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-wm1-f61.google.com (mail-wm1-f61.google.com [209.85.128.61]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 53FCNS90005085 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 15 Apr 2025 14:23:28 +0200 Received: by mail-wm1-f61.google.com with SMTP id 5b1f17b1804b1-43ce8f82e66sf34085975e9.3 for ; Tue, 15 Apr 2025 05:23:28 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1744719803; cv=pass; d=google.com; s=arc-20240605; b=MZqio/qP5g+VoYVmUe7UfQFa3cVaW79QXS2WY8d5mICOqWAYxFgb7QPKBu8wbVMGB1 m2w9p5/3hrT5ycGks5X7GpKPSXrfQYao0ZT+3s2DFt/IufB4HFKxAZ5fDG+oHsElNvFr sg8urZFxdKZlNA3S+U8+7xHnQdqAgZId0teVvxqJvaQmTZnQOLRIOamvcNyhI4YNHVU6 WhkmFpsz2fwOZ5volUq50RBL8pTS8/agxDljJ6sKIOEkUP4PyKDglqBfPWhQPY0eVBa3 vxvNjpARbPw+QpsDmDgDmCh+mgpiaEiPmY/buz8/2XQ9vhAd/jhwK5szfiKvXo+XjR7R Tj4w== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:feedback-id:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=w4mHSdsXeRuXq+Ptsn4q83iDEuxta+u+UkRYj0Q35u8=; fh=qVcvxzdYhQ7AZuXjQVcm8wt7ln5pt5hkj9LLtQbo4n8=; b=Q7nKAhqm8+dmzGnC0PfyvXm8fXhGap6WU+xMU1nC3u0l/rKPYdSRthbn5j3DGRTEMs y12GNeuL363ZlF0qaOib7MsMi0p2ZcDpdTYI9nTp11w3V+AhxwYkIWCfJaBuxObVyaoU mgBZkLzHNP1TOsj+1JbDnAtYQkzjJCKbw2AOcXlA48iFRIsCNnHOUOlQYcr1i3lkCG+D DPv/6haDWpTjvGCIPVQzRlQd9MTnqDzU2YiqzL4k8m7xT1tjUIWX3c6Ia14mpwf1o5mV uP+c160Pm6eUav/MZ40hAoW80stpM+g2X9+TCpwIn8WhSYmgU+nCbDmgxnmLxPMVd+wc 9J8Q==; darn=ilbers.de ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm2 header.b="WFF9c+r/"; spf=pass (google.com: domain of fm-1328731-2025041512231974e2bf5a434edf53e2-jde9xa@rts-flowmailer.siemens.com designates 185.136.64.225 as permitted sender) smtp.mailfrom=fm-1328731-2025041512231974e2bf5a434edf53e2-jDE9XA@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1744719803; x=1745324603; darn=ilbers.de; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:feedback-id :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:from:to:cc:subject:date:message-id:reply-to; bh=w4mHSdsXeRuXq+Ptsn4q83iDEuxta+u+UkRYj0Q35u8=; b=C5WDbK+gHceQJSPVl3mRucI97r+3WoJzqufcBzxSYCMVzZjcK2VlvX6Psmf7ixiR95 oFG2leOBX1vmPZu8j+xpzh7qNV5wy/CDS9HuE+a8r/gtgSGBWwahfkiRSkqQHduzMX9w zHrc5nfNkKPxH1pMiW6N0olda9+2LJO3tXzAMdZZT0YdtSDRNqg+c+hilZXVzk9PE7pY OybtKwPIF9NpdfhqnKDUlUmCMHihmsLjn1EgJ6aL0SZlyzzc0WFYmbQLn396yHxOd/TU 8W0Dw+1hLHE/PIG0BGThZTcUldcHHZ2nIyGprVz4JPM/9GgVNQF5TwEnZ8vh01Z44JVn rR4g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1744719803; x=1745324603; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:feedback-id :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:x-beenthere:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=w4mHSdsXeRuXq+Ptsn4q83iDEuxta+u+UkRYj0Q35u8=; b=uCaW3Dhid7VpqBwzDoe9b7JUTk+GN8dU/ym4BdmW6IhmsjKIFDKZRdgkxAszSNxycL n6rG6W70PeyhfcDPAjh/DzAqD5fWFOqILN2OfhF7HhALVQfhmoplxXUXiFIzVy82TZV7 1hznfiyRGPEGbmMbKfujgekSfMdkX/cD9Im6hRUIPPROcO7ujvrHlq23pZ2qa6vn3esQ JXaznSNeLXCs1LzJuYz+EHGAkxXq5YtbsjMCaehA0SBgH9MHR/gdFxswITo4l9glnRyp DTxXMdcS3dU94J7SHdhBmUwyiH95trNFmFTLJBs1jPRAVXXkmMFFDEVztng/+KPmuWd3 AU3A== X-Forwarded-Encrypted: i=2; AJvYcCVXgQOn36R60c+b0qXE0IXzNdZCK1CT4QJAzEG/Jjt2HO4G1x3N1MnN+inUWXa5V5QP8bjL@ilbers.de X-Gm-Message-State: AOJu0Yz6zLCvZIwD3l2A0nvgSk2eMF5fxVgdsFxYbkLnJYcE9QGLPm3c cekXb3SXDJFAIwSu4xnp29kCVKLm5w84VpZAMvtbqoNGumIvJ+vx X-Google-Smtp-Source: AGHT+IEMXWvUhpdZdEmSXl87Lm4YEG6f0Jjm5Pdb3kbIleB48rr9+WITwgTYsoTKBbElJznIpoksmw== X-Received: by 2002:a05:600c:a04:b0:43d:ed:acd5 with SMTP id 5b1f17b1804b1-43f3a93d4a8mr167328085e9.10.1744719802323; Tue, 15 Apr 2025 05:23:22 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h=ARLLPAIlXz4TyxGTLgwWNifjoY+yirewKL0X8KkDXo73f2JK9A== Received: by 2002:a05:600c:1f95:b0:43c:f19c:87b2 with SMTP id 5b1f17b1804b1-43f2c26723als21380035e9.0.-pod-prod-08-eu; Tue, 15 Apr 2025 05:23:20 -0700 (PDT) X-Received: by 2002:a05:600c:a009:b0:43c:fc04:6d34 with SMTP id 5b1f17b1804b1-43f3a9aad13mr121535145e9.20.1744719799872; Tue, 15 Apr 2025 05:23:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1744719799; cv=none; d=google.com; s=arc-20240605; b=bV0NbGDNuISlOfaoW5SgT+1FRy/HAh712kp7LLKfsXL42CqMH1djXRdHrSnOy2y5wp xMWSs+uFZsEaZo3E+CfeCCc+n+3u/UutrWsw7pJLSEFn/75p5/UvGvx5ZZNQVPqEjMRN ORdloFo3mWLoaNZydhasGL6ewaBwY3d3eiN51q3qPGocRdqZ1GNdo9r3/14Fa/wMOELQ z+FS/z/YsqmnpsBF/BZnb62Khct5/jlotQQrydE83YT5u093M9GZca7bJ3nCUKRodDfI 33ahJQIn8Mbkp0JHzLZ0NX3lHhbDMn07Eaf/1kmZbiVSbEpWlQRXG8hm+z9qK9eaAazY j48Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=feedback-id:content-transfer-encoding:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=oSiILfT0fe4m9woSqxxHdN07FFdJIbQUb5ovJQhrsUg=; fh=KIkufVpSufRdX0kM67eXsuyWX/d3XYb6xMZvLts8gs4=; b=Q/0W252EgE77h/rm8MDXvD/5Kbp8E4AR4h24Ykt40cbrVFyPGB+u6uR8kZR7PU349M 0pcs6dq5zbc5uJGnG6bk61hBJ4O52JdgqXQ9H9aGZKHOYnCy19GEcWI6pSTLTqXYMSlE zHjzqSf0PfqUj+c9e9lwXjxmns5IN8Zxm6CSmuJsg0W57QxUG652kzk52t6ndLc6KB/c 09A9o3IBu5sa20DjriSObPKX/H2WqUqRdHkg9Zz9Y7sUWTJghlDGJJeetNqo2AMhjQmO NS1sh3hVab4NG5W9PwsXyMD6ZE6VB7AKxIi6nXD7P0MEJcsxPttlIalSuwDDTk5ZekYl qb+A==; dara=google.com ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm2 header.b="WFF9c+r/"; spf=pass (google.com: domain of fm-1328731-2025041512231974e2bf5a434edf53e2-jde9xa@rts-flowmailer.siemens.com designates 185.136.64.225 as permitted sender) smtp.mailfrom=fm-1328731-2025041512231974e2bf5a434edf53e2-jDE9XA@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from mta-64-225.siemens.flowmailer.net (mta-64-225.siemens.flowmailer.net. [185.136.64.225]) by gmr-mx.google.com with ESMTPS id 5b1f17b1804b1-440518e2e81si223825e9.1.2025.04.15.05.23.19 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 15 Apr 2025 05:23:19 -0700 (PDT) Received-SPF: pass (google.com: domain of fm-1328731-2025041512231974e2bf5a434edf53e2-jde9xa@rts-flowmailer.siemens.com designates 185.136.64.225 as permitted sender) client-ip=185.136.64.225; Received: by mta-64-225.siemens.flowmailer.net with ESMTPSA id 2025041512231974e2bf5a434edf53e2 for ; Tue, 15 Apr 2025 14:23:19 +0200 From: "'Gokhan Cetin' via isar-users" To: isar-users@googlegroups.com Cc: gokhan.cetin@siemens.com Subject: [PATCH 5/5] doc/user_manual: describe module signer and certificate provider configuration Date: Tue, 15 Apr 2025 14:22:04 +0200 Message-Id: <20250415122204.120360-6-gokhan.cetin@siemens.com> In-Reply-To: <20250415122204.120360-1-gokhan.cetin@siemens.com> References: <20250415122204.120360-1-gokhan.cetin@siemens.com> MIME-Version: 1.0 X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-1328731:519-21489:flowmailer X-Original-Sender: gokhan.cetin@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm2 header.b="WFF9c+r/"; spf=pass (google.com: domain of fm-1328731-2025041512231974e2bf5a434edf53e2-jde9xa@rts-flowmailer.siemens.com designates 185.136.64.225 as permitted sender) smtp.mailfrom=fm-1328731-2025041512231974e2bf5a434edf53e2-jDE9XA@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Gokhan Cetin Reply-To: Gokhan Cetin Content-Type: text/plain; charset="UTF-8" Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED, RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-TUID: wlq/MoJr+LhR Mentions how `SIGNATURE_ENABLED` can be used and how to manage the dependencies. Signed-off-by: Gokhan Cetin --- doc/user_manual.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/doc/user_manual.md b/doc/user_manual.md index d8e5c33e..50d98f85 100644 --- a/doc/user_manual.md +++ b/doc/user_manual.md @@ -1162,9 +1162,17 @@ To provide a signer script that implements your custom signing solution, `SIGNAT can be set for the script path within the module recipe together with `SIGNATURE_CERTFILE` to define the public certificate path of the signer. +In order to easily choose between different signing solutions, signer recipes should provide the `module-signer` +and certificate provider recipes should provide the `secure-boot-secrets` as virtual package to meet build dependencies. +This way, desired signers and certificates can be configured using `PREFERRED_PROVIDER`. + Please see how `module-signer-example` hook generates a detached signature for the kernel module implemented in `example-module-signedwith` recipe. +In order not to cause repetitive changes in kernel module recipes, +if `SIGNATURE_ENABLED = "1"`, `pkg.signwith` build profile is added by default in addition to +`module-signer` and `secure-boot-secrets` package dependencies to the kernel module recipes. + ### Cross Support for Imagers If `ISAR_CROSS_COMPILE = "1"`, the imager and optional compression tasks -- 2.39.2 -- You received this message because you are subscribed to the Google Groups "isar-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to isar-users+unsubscribe@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/isar-users/20250415122204.120360-6-gokhan.cetin%40siemens.com.