From 396ac989724c564c65d3c154ca800a1db7106754 Mon Sep 17 00:00:00 2001 From: Sam Dolt Date: Mon, 25 Mar 2024 16:51:06 +0100 Subject: [PATCH] chore(linux-yocto): remove support for signing the kernel CoreOS sign the unified kernel image but had the option to sign the kernel image as well. This option was disabled by default and as far as I know was never used and is not really needed. --- .../linux/linux-yocto-coreos.inc | 23 +------------------ .../linux-netmodule_git-5.15-solidrun.bb | 3 +++ .../linux/linux-ti-coreos_git-5.10.bb | 3 +++ 3 files changed, 7 insertions(+), 22 deletions(-) diff --git a/layers/meta-belden-coreos/recipes-kernel/linux/linux-yocto-coreos.inc b/layers/meta-belden-coreos/recipes-kernel/linux/linux-yocto-coreos.inc index 3243c52..460b6b2 100644 --- a/layers/meta-belden-coreos/recipes-kernel/linux/linux-yocto-coreos.inc +++ b/layers/meta-belden-coreos/recipes-kernel/linux/linux-yocto-coreos.inc @@ -4,26 +4,5 @@ FILESEXTRAPATHS:prepend := "${THISDIR}/files:" # ============================================================================== SRC_URI += "file://secure-storage.cfg" -# EFI Support -# ============================================================================== -inherit coreos-efi-sbsign -require conf/image-uefi.conf - -# Ensure EFI STUB is enabled +# Ensure the Kernel EFI STUB is enabled KERNEL_FEATURES += "cfg/efi.scc cfg/efi-ext.scc" - -# By default we use a Unified Kernel Image that contain the kernel, the -# kernel command line and some device tree, so we don't need to sign the output -# of the kernel recipes -COREOS_KERNEL_EFI_SIGNED ??= "0" - -# Extend the kernel_do_deploy function from kernel.bbclass to sign the kernel -kernel_do_deploy:append() { - if [ "${COREOS_KERNEL_EFI_SIGNED}" == "1" ]; then - deployDir="${DEPLOYDIR}" - for imageType in ${KERNEL_IMAGETYPES} ; do - baseName="$imageType-${KERNEL_IMAGE_NAME}" - coreos_efi_secureboot_sign_app "$deployDir/$baseName${KERNEL_IMAGE_BIN_EXT}" - done - fi -} \ No newline at end of file diff --git a/layers/meta-belden-marvell-bsp/recipes-kernel/linux/linux-netmodule_git-5.15-solidrun.bb b/layers/meta-belden-marvell-bsp/recipes-kernel/linux/linux-netmodule_git-5.15-solidrun.bb index 356a284..01cae1a 100644 --- a/layers/meta-belden-marvell-bsp/recipes-kernel/linux/linux-netmodule_git-5.15-solidrun.bb +++ b/layers/meta-belden-marvell-bsp/recipes-kernel/linux/linux-netmodule_git-5.15-solidrun.bb @@ -32,4 +32,7 @@ do_configure:append(){ fi } +# linux-yocto-coreos.inc provide some kernel config fragment that we can apply +# Note that KERNEL_FEATURES are not applied as this recipes doesn't ihnerit +# the linux-yocto class. require recipes-kernel/linux/linux-yocto-coreos.inc diff --git a/layers/meta-netmodule-coreos-bsp/recipes-kernel/linux/linux-ti-coreos_git-5.10.bb b/layers/meta-netmodule-coreos-bsp/recipes-kernel/linux/linux-ti-coreos_git-5.10.bb index 99e18fc..6092cc6 100644 --- a/layers/meta-netmodule-coreos-bsp/recipes-kernel/linux/linux-ti-coreos_git-5.10.bb +++ b/layers/meta-netmodule-coreos-bsp/recipes-kernel/linux/linux-ti-coreos_git-5.10.bb @@ -23,4 +23,7 @@ do_configure:append(){ fi } +# linux-yocto-coreos.inc provide some kernel config fragment that we can apply +# Note that KERNEL_FEATURES are not applied as this recipes doesn't ihnerit +# the linux-yocto class. require recipes-kernel/linux/linux-yocto-coreos.inc