'phosphor-bmc-code-mgmt' throws 'InvalidSignature' error even if 'verify-signature' is not enabled
Lei Yu
yulei.sh at bytedance.com
Tue Apr 18 19:13:01 AEST 2023
On Mon, Apr 17, 2023 at 4:00 PM Konstantin Aladyshev
<aladyshev22 at gmail.com> wrote:
>
> Hello!
>
> By default the OpenBMC tarball is generated without a signature.
> And 'verify-signature' is a separate option which is not enabled by default in the 'phosphor-bmc-code-mgmt' recipe.
> But still currently in that case when we load OpenBMC tarball, the 'Software::Version::Error::InvalidSignature' error is generated in SEL.
> I think it is not right, so I've proposed a patchset that changes this behaviour.
> Please check:
> 62521: meson: Disable 'verify-signature' option by default | https://gerrit.openbmc.org/c/openbmc/phosphor-bmc-code-mgmt/+/62521
>
> The patchset changes the default API of the 'phosphor-bmc-code-mgmt', so this message is intended to ask if anybody has any objections against this patchset.
I would prefer to remove the `verify-signature` as it's deprecated for
a long time.
Let's just enable the `verify-full-signature` in the repo as before.
--
BRs,
Lei YU
More information about the openbmc
mailing list