[OE-core] Strip kernel modules and signatures
Ocampo Coronado, Omar
omar.ocampo.coronado at intel.com
Wed Aug 1 22:46:24 UTC 2018
Hello OE,
While attempting to sign our kernel modules (using the kernel configuration CONFIG_MODULE_SIG) the drivers in our image did not have the signature, even the certificate was being loaded by the kernel or the driver being signed during do_install().
Turns out package.bbclass, while it ignores to create debug info files it does strips the kernel modules files:
python split_and_strip_files () {
...
...
for f in kernmods:
sfiles.append((f, 16, strip))
oe.utils.multiprocess_exec(sfiles, oe.package.runstrip)
#
# End of strip
#
os.chdir(oldcwd)
}
The strip is required for many reasons yet it removes the signature which we want to preserve in this scenario.
To work around this issue add
INHIBIT_PACKAGE_STRIP = "1"
either on your virtual/kernel bb file or driver bb file.
Hope this helps someone in the future when adding signature to files, perhaps including this into the Yocto kernel development manual.
Cheers
P.S.
In a linux-intel kernel (master) without stripped kernel modules the image size increased in 650kb.
More information about the Openembedded-core
mailing list