From: Alexander Sverdlin <alexander.sverd...@siemens.com>
mkimage doesn't fail if it is not able to sign FIT nodes.
This may lead to unbootable images in secure boot configurations.
Make signing failures fatal by parsing the mkimage output.
Signed-off-by: Alexander Sverdlin <alexander.sverd...@siemens.com>
---
meta/classes-recipe/kernel-fitimage.bbclass | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/meta/classes-recipe/kernel-fitimage.bbclass
b/meta/classes-recipe/kernel-fitimage.bbclass
index 67c98adb232..fea9e4e19a7 100644
--- a/meta/classes-recipe/kernel-fitimage.bbclass
+++ b/meta/classes-recipe/kernel-fitimage.bbclass
@@ -753,11 +753,15 @@ fitimage_assemble() {
# Step 8: Sign the image
#
if [ "x${UBOOT_SIGN_ENABLE}" = "x1" ] ; then
- ${UBOOT_MKIMAGE_SIGN} \
+ output=$(${UBOOT_MKIMAGE_SIGN} \
${@'-D "${UBOOT_MKIMAGE_DTCOPTS}"' if
len('${UBOOT_MKIMAGE_DTCOPTS}') else ''} \
-F -k "${UBOOT_SIGN_KEYDIR}" \
-r ${KERNEL_OUTPUT_DIR}/$2 \
- ${UBOOT_MKIMAGE_SIGN_ARGS}
+ ${UBOOT_MKIMAGE_SIGN_ARGS})
+ echo "$output"
+ if echo "$output" | grep -qE "Sign value:\s*unavailable"; then
+ bbfatal "${UBOOT_MKIMAGE_SIGN}: Failed to provide some
signatures"
+ fi
fi
}
--
2.46.0
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#203970):
https://lists.openembedded.org/g/openembedded-core/message/203970
Mute This Topic: https://lists.openembedded.org/mt/108186299/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
