On Wed, 2018-08-01 at 22:46 +0000, Ocampo Coronado, Omar wrote: > Hello OE, > > While attempting to sign our kernel modules (using the kernel > configuration CONFIG_MODULE_SIG) the drivers in our image did not > have the signature, even the certificate was being loaded by the > kernel or the driver being signed during do_install(). > > Turns out package.bbclass, while it ignores to create debug info > files it does strips the kernel modules files: > > python split_and_strip_files () { > ... > ... > for f in kernmods: > sfiles.append((f, 16, strip)) > > oe.utils.multiprocess_exec(sfiles, oe.package.runstrip) > # > # End of strip > # > os.chdir(oldcwd) > } > > The strip is required for many reasons yet it removes the signature > which we want to preserve in this scenario. > To work around this issue add > INHIBIT_PACKAGE_STRIP = "1" > either on your virtual/kernel bb file or driver bb file. > > Hope this helps someone in the future when adding signature to files, > perhaps including this into the Yocto kernel development manual.
The code which handles kernel module stripping is in meta/lib/oe/package.py: stripcmd.extend(["--strip-debug", "--remove-section=.comment", "--remove-section=.note", "--preserve-dates"]) It would be good to see what we'd have to do to tweak that to work for signed modules. Cheers, Richard -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core