[isar-cip-core,v2,0/4] Fixes for secure boot and

Message ID	20230421150545.4073324-1-Quirin.Gylstorff@siemens.com (mailing list archive)
Headers	show Return-Path: <quirin.gylstorff@siemens.com> ip: 185.136.65.225, mailfrom: fm-51332-202304211505461cfb88da8180b2a8fa-tnlrfg@rts-flowmailer.siemens.com) From: Quirin Gylstorff <Quirin.Gylstorff@siemens.com> To: jan.kiszka@siemens.com, cip-dev@lists.cip-project.org Subject: [cip-dev][isar-cip-core][PATCH v2 0/4] Fixes for secure boot and Date: Fri, 21 Apr 2023 17:05:41 +0200 Message-Id: <20230421150545.4073324-1-Quirin.Gylstorff@siemens.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Feedback-ID: 519:519-51332:519-21489:flowmailer
Series	Fixes for secure boot and \| expand [isar-cip-core,v2,0/4] Fixes for secure boot and [isar-cip-core,v2,1/4] secure-boot-secrets: Use distro specific snakeoil certs and keys [isar-cip-core,v2,2/4] initramfs-crypt-hook: Add support for buster [isar-cip-core,v2,3/4] linux: Add missing kernel option for LUKS2 encrpyted partitions [isar-cip-core,v2,4/4] initramfs-crypt-hook: Add libcryptsetup-token-systemd-tpm2.so

Message ID

20230421150545.4073324-1-Quirin.Gylstorff@siemens.com (mailing list archive)

Headers

From: Quirin Gylstorff <Quirin.Gylstorff@siemens.com>
To: jan.kiszka@siemens.com,
	cip-dev@lists.cip-project.org
Subject: [cip-dev][isar-cip-core][PATCH v2 0/4] Fixes for secure boot and
Date: Fri, 21 Apr 2023 17:05:41 +0200
Message-Id: <20230421150545.4073324-1-Quirin.Gylstorff@siemens.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Feedback-ID: 519:519-51332:519-21489:flowmailer

Series

Fixes for secure boot and | expand

Message

Quirin Gylstorff April 21, 2023, 3:05 p.m. UTC

From: Quirin Gylstorff <quirin.gylstorff@siemens.com>

This patchset fixes secure-boot and disk-encryption for Debian Buster
by adding the debian buster specific certificates and ajusting the
binaries and dependencies for clevis 16.

It also fixes the disk encryption for Debian bookworm by adding a
missing dependency to libcryptsetup-token-systemd-tpm2 

Changes v2:
 - use OVERRIDE and add missing space to linux-cip-common for
   encrypt-partitions with Debian buster

Quirin Gylstorff (4):
  secure-boot-secrets: Use distro specific snakeoil certs and keys
  initramfs-crypt-hook: Add support for buster
  linux: Add missing kernel option for LUKS2 encrpyted partitions
  initramfs-crypt-hook: Add libcryptsetup-token-systemd-tpm2.so

 .../files/bookworm/PkKek-1-snakeoil.key       | 28 +++++++++++++++++++
 .../files/{ => bookworm}/PkKek-1-snakeoil.pem |  0
 .../files/{ => bullseye}/PkKek-1-snakeoil.key |  0
 .../files/bullseye/PkKek-1-snakeoil.pem       | 21 ++++++++++++++
 .../files/buster/PkKek-1-snakeoil.key         | 28 +++++++++++++++++++
 .../files/buster/PkKek-1-snakeoil.pem         | 19 +++++++++++++
 .../secure-boot-snakeoil_0.1.bb               |  4 +--
 .../files/encrypt_partition.clevis.hook       | 20 ++++++++++---
 .../files/encrypt_partition.clevis.script     |  3 +-
 .../files/encrypt_partition.systemd.hook      |  1 +
 .../initramfs-crypt-hook_0.1.bb               |  5 ++--
 recipes-kernel/linux/files/buster-crypt.cfg   |  2 ++
 recipes-kernel/linux/linux-cip-common.inc     |  1 +
 13 files changed, 123 insertions(+), 9 deletions(-)
 create mode 100644 recipes-devtools/secure-boot-secrets/files/bookworm/PkKek-1-snakeoil.key
 rename recipes-devtools/secure-boot-secrets/files/{ => bookworm}/PkKek-1-snakeoil.pem (100%)
 rename recipes-devtools/secure-boot-secrets/files/{ => bullseye}/PkKek-1-snakeoil.key (100%)
 create mode 100644 recipes-devtools/secure-boot-secrets/files/bullseye/PkKek-1-snakeoil.pem
 create mode 100644 recipes-devtools/secure-boot-secrets/files/buster/PkKek-1-snakeoil.key
 create mode 100644 recipes-devtools/secure-boot-secrets/files/buster/PkKek-1-snakeoil.pem
 create mode 100644 recipes-kernel/linux/files/buster-crypt.cfg