Hi Pelle Yes, that's unfortunately broken. The loop looks like this:
[image: image.png] The problematic line is here: https://git.yoctoproject.org/poky/tree/meta/classes-recipe/kernel-fitimage.bbclass#n45 There are some discussions ongoing about how the fitimage creation could be improved and simplified. Fixing the recipes and classes in poky is one approach. Another but quite different approach is this class here: https://github.com/openembedded/meta-openembedded/blob/master/meta-oe/classes/fitimage.bbclass . Sorry, I do not have a solution, but at least I confirm that the issue seems to be real. Regards, Adrian Am Di., 10. Dez. 2024 um 20:29 Uhr schrieb Pelle Windestam via lists.yoctoproject.org <pelle.windestam=skf....@lists.yoctoproject.org>: > Hello everyone, > > I am facing a dependency loop that I'm having trouble understanding how > to break. The issue appeared when I tried to move the u-boot boot script > into the kernel fitImage as part of improving secure boot. Before this > dependency loop I had a working secure boot configuration which looked > something like this: > SPL + dtb (signed by NXP tool) -> U-boot + DTB (signed and verified by > SPL) -> Linux kernel + DTB + optee (signed and verified by U-boot). > > [U-Boot + DTB] and [Linux kernel + DTB + optee] are both stored in > fitImages. As far as I can understand u-boot has a dependency on the > Linux kernel since it will re-sign the kernel and add the public key to > the U-boot DTB-file (this is how I interpret what is going on in > uboot-sign.bbclass). I believe what happens next when I try to put the > u-boot script inside the kernel fitImage is that I get a dependency from > the Linux-kernel (the do_assemble_fitimage task specifically) to the > do_populate_sysroot task of u-boot. This is due to the kernel requiring > to have access to the boot-script file to put it int he fitImage. This > makes bitbake unhappy since there cannot be a mutual dependency between > U-boot and Linux kernel. Not sure if I am missing something obvious > here, it seems like this must be a fairly common setup when using secure > boot? > > //Pelle > The information contained in this email is intended solely for the use of > the individual or entity to whom it is addressed and may contain > information that is confidential. Please delete and notify the sender if > received in error. SKF does not accept liability for any damage arising > from this email. > > For information on SKF’s processing of your personal data, please visit > SKF’s Privacy Policy available via www.skf.com<https://www.skf.com/privacy > >. > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#64428): https://lists.yoctoproject.org/g/yocto/message/64428 Mute This Topic: https://lists.yoctoproject.org/mt/110031442/21656 Group Owner: yocto+ow...@lists.yoctoproject.org Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
