Hello everyone, I am facing a dependency loop that I'm having trouble understanding how to break. The issue appeared when I tried to move the u-boot boot script into the kernel fitImage as part of improving secure boot. Before this dependency loop I had a working secure boot configuration which looked something like this: SPL + dtb (signed by NXP tool) -> U-boot + DTB (signed and verified by SPL) -> Linux kernel + DTB + optee (signed and verified by U-boot).
[U-Boot + DTB] and [Linux kernel + DTB + optee] are both stored in fitImages. As far as I can understand u-boot has a dependency on the Linux kernel since it will re-sign the kernel and add the public key to the U-boot DTB-file (this is how I interpret what is going on in uboot-sign.bbclass). I believe what happens next when I try to put the u-boot script inside the kernel fitImage is that I get a dependency from the Linux-kernel (the do_assemble_fitimage task specifically) to the do_populate_sysroot task of u-boot. This is due to the kernel requiring to have access to the boot-script file to put it int he fitImage. This makes bitbake unhappy since there cannot be a mutual dependency between U-boot and Linux kernel. Not sure if I am missing something obvious here, it seems like this must be a fairly common setup when using secure boot? //Pelle The information contained in this email is intended solely for the use of the individual or entity to whom it is addressed and may contain information that is confidential. Please delete and notify the sender if received in error. SKF does not accept liability for any damage arising from this email. For information on SKF’s processing of your personal data, please visit SKF’s Privacy Policy available via www.skf.com<https://www.skf.com/privacy>.
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#64427): https://lists.yoctoproject.org/g/yocto/message/64427 Mute This Topic: https://lists.yoctoproject.org/mt/110031442/21656 Group Owner: yocto+ow...@lists.yoctoproject.org Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
