[OE-core] make-mod-scripts question
Andre McCurdy
armccurdy at gmail.com
Mon Sep 9 21:25:22 UTC 2019
On Mon, Sep 9, 2019 at 2:01 PM Nicolas Dechesne
<nicolas.dechesne at linaro.org> wrote:
> On Mon, Sep 9, 2019 at 10:58 PM Andre McCurdy <armccurdy at gmail.com> wrote:
> >
> > On Mon, Sep 9, 2019 at 1:25 PM Nicolas Dechesne
> > <nicolas.dechesne at linaro.org> wrote:
> > >
> > > If this reasoning is correct that means that kernel signing + external
> > > module is broken. Note that I am working out of Thud for now, i am
> > > sending this email for now to get some feedback, and will try to
> > > reproduce without all our custom layers and with master.
> > >
> > > Should we deploy the keys/certificates in the kernel recipe instead of
> > > adding them in STAGING_KERNEL_DIR? Would that be enough?
> >
> > Maybe even better would be to have the module signing key provided by
> > a separate recipe and not rely on the kernel to auto generate it?
>
> that would create some serious patching in the kernel makefiles (and
> maintenance burden), no? since the keys are embedded in the kernel
> image.
I don't think any patching is required. See
Documentation/admin-guide/module-signing.rst in the kernel source tree
for various ways in which the module signing key can be provided.
More information about the Openembedded-core
mailing list