Neither 'nm' or 'readelf' provide a symbol that we can use to strip. I'm having a hard time reading kernel-source/scripts/sign-file.c and how exactly how the sign works and what bytes are being added, so we can avoid stripping them.
Looking into dracut, they simple avoid strip signed modules: From dracut.sh:1671 # strip kernel modules, but do not touch signed modules Perhaps we can do the same as dracut within meta/lib/oe/package.py. -----Original Message----- From: richard.pur...@linuxfoundation.org [mailto:richard.pur...@linuxfoundation.org] Sent: Thursday, August 2, 2018 4:19 AM To: Ocampo Coronado, Omar <omar.ocampo.coron...@intel.com>; openembedded-core@lists.openembedded.org Subject: Re: [OE-core] Strip kernel modules and signatures On Wed, 2018-08-01 at 22:46 +0000, Ocampo Coronado, Omar wrote: > Hello OE, > > While attempting to sign our kernel modules (using the kernel > configuration CONFIG_MODULE_SIG) the drivers in our image did not > have the signature, even the certificate was being loaded by the > kernel or the driver being signed during do_install(). > > Turns out package.bbclass, while it ignores to create debug info files > it does strips the kernel modules files: > > python split_and_strip_files () { > ... > ... > for f in kernmods: > sfiles.append((f, 16, strip)) > > oe.utils.multiprocess_exec(sfiles, oe.package.runstrip) > # > # End of strip > # > os.chdir(oldcwd) > } > > The strip is required for many reasons yet it removes the signature > which we want to preserve in this scenario. > To work around this issue add > INHIBIT_PACKAGE_STRIP = "1" > either on your virtual/kernel bb file or driver bb file. > > Hope this helps someone in the future when adding signature to files, > perhaps including this into the Yocto kernel development manual. The code which handles kernel module stripping is in meta/lib/oe/package.py: stripcmd.extend(["--strip-debug", "--remove-section=.comment", "--remove-section=.note", "--preserve-dates"]) It would be good to see what we'd have to do to tweak that to work for signed modules. Cheers, Richard -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core