LM
/
coreos
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

chore(linux-yocto): remove support for signing the kernel 

CoreOS sign the unified kernel image but had the option to sign
the kernel image as well. This option was disabled by default
and as far as I know was never used and is not really needed.
This commit is contained in:
Sam Dolt 2024-03-25 16:51:06 +01:00
parent 70ed96f8d9
commit 396ac98972
3 changed files with 7 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
layers/meta-belden-coreos/recipes-kernel/linux/linux-yocto-coreos.inc
View File

@ -4,26 +4,5 @@ FILESEXTRAPATHS:prepend := "${THISDIR}/files:"
# ============================================================================== # ==============================================================================
SRC_URI += "file://secure-storage.cfg" SRC_URI += "file://secure-storage.cfg"
# EFI Support # Ensure the Kernel EFI STUB is enabled
# ==============================================================================
inherit coreos-efi-sbsign
require conf/image-uefi.conf
# Ensure EFI STUB is enabled
KERNEL_FEATURES += "cfg/efi.scc cfg/efi-ext.scc" KERNEL_FEATURES += "cfg/efi.scc cfg/efi-ext.scc"
# By default we use a Unified Kernel Image that contain the kernel, the
# kernel command line and some device tree, so we don't need to sign the output
# of the kernel recipes
COREOS_KERNEL_EFI_SIGNED ??= "0"
# Extend the kernel_do_deploy function from kernel.bbclass to sign the kernel
kernel_do_deploy:append() {
if [ "${COREOS_KERNEL_EFI_SIGNED}" == "1" ]; then
deployDir="${DEPLOYDIR}"
for imageType in ${KERNEL_IMAGETYPES} ; do
baseName="$imageType-${KERNEL_IMAGE_NAME}"
coreos_efi_secureboot_sign_app "$deployDir/$baseName${KERNEL_IMAGE_BIN_EXT}"
done
fi
}

3
layers/meta-belden-marvell-bsp/recipes-kernel/linux/linux-netmodule_git-5.15-solidrun.bb
View File

@ -32,4 +32,7 @@ do_configure:append(){
fi fi
} }
# linux-yocto-coreos.inc provide some kernel config fragment that we can apply
# Note that KERNEL_FEATURES are not applied as this recipes doesn't ihnerit
# the linux-yocto class.
require recipes-kernel/linux/linux-yocto-coreos.inc require recipes-kernel/linux/linux-yocto-coreos.inc

3
layers/meta-netmodule-coreos-bsp/recipes-kernel/linux/linux-ti-coreos_git-5.10.bb
View File

@ -23,4 +23,7 @@ do_configure:append(){
fi fi
} }
# linux-yocto-coreos.inc provide some kernel config fragment that we can apply
# Note that KERNEL_FEATURES are not applied as this recipes doesn't ihnerit
# the linux-yocto class.
require recipes-kernel/linux/linux-yocto-coreos.inc require recipes-kernel/linux/linux-yocto-coreos.inc