On Mon, Sep 9, 2019 at 2:01 PM Nicolas Dechesne <nicolas.deche...@linaro.org> wrote: > On Mon, Sep 9, 2019 at 10:58 PM Andre McCurdy <armccu...@gmail.com> wrote: > > > > On Mon, Sep 9, 2019 at 1:25 PM Nicolas Dechesne > > <nicolas.deche...@linaro.org> wrote: > > > > > > If this reasoning is correct that means that kernel signing + external > > > module is broken. Note that I am working out of Thud for now, i am > > > sending this email for now to get some feedback, and will try to > > > reproduce without all our custom layers and with master. > > > > > > Should we deploy the keys/certificates in the kernel recipe instead of > > > adding them in STAGING_KERNEL_DIR? Would that be enough? > > > > Maybe even better would be to have the module signing key provided by > > a separate recipe and not rely on the kernel to auto generate it? > > that would create some serious patching in the kernel makefiles (and > maintenance burden), no? since the keys are embedded in the kernel > image.
I don't think any patching is required. See Documentation/admin-guide/module-signing.rst in the kernel source tree for various ways in which the module signing key can be provided. -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
