Commits on Sep 29, 2022

1. add the fields for signing to crd …

   this add four fields to the crd in their own subsection:
   
   FileList - a list of kmod files within the container to sign
   
   KeySecret and CertSecret - these are the names of secrets containing the private and public keys respectivly that
   will be used to sign the kmods. The public key should be the one added into the uefi moklist for secureboot,
    and KeySecret is its private component. (See the kernel docs e.g.
   https://www.kernel.org/doc/html/v4.15/admin-guide/module-signing.html#manually-signing-modules
   for details of this process)
   
   unsignedImage - the optional name of a dtk image containing the unsigned knods, used only if their is no build stage.
   
   The expected workflow will be (not implemented in this commit):
   if there is only a kernelmapping.build section it will produce the image kernelmapping.containerImage
   (for the non-secureboot case)
   
   if there is both km.build and km.sign then build will produce an intermediate image and sign will
   consume that to produce km.containerImage
   
   if there is only km.sign signing will consumse km.sign.unsignedImage and produce km.containerImage
   (this is for the case where a vendor supplies prebuilt images that need signing)
   
   the generation of the intermediate image name will be handled automatically within the controller
   (again in a different commit) but will probably be something like km.containerImage + "-unsigned"

   

   chr15p committed Sep 29, 2022
   Configuration menu

   • View commit details
   • Copy full SHA for 9e40749
   • Browse repository at this point

   Copy the full SHA

   9e40749 View commit details

   Browse the repository at this point in the history