On Thu, Sep 6, 2018 at 2:04 PM, Trevor Woerner <twoer...@gmail.com> wrote: > On Fri, Aug 3, 2018 at 4:16 AM, Andre McCurdy <armccu...@gmail.com> wrote: >> >> On Thu, Aug 2, 2018 at 9:54 AM, Ocampo Coronado, Omar >> <omar.ocampo.coron...@intel.com> wrote: >> > Neither 'nm' or 'readelf' provide a symbol that we can use to strip. >> > I'm having a hard time reading kernel-source/scripts/sign-file.c and how >> > exactly how the sign works and what bytes are being added, so we can avoid >> > stripping them. >> > >> > Looking into dracut, they simple avoid strip signed modules: >> > From dracut.sh:1671 # strip kernel modules, but do not touch >> > signed modules >> > >> > Perhaps we can do the same as dracut within meta/lib/oe/package.py. >> >> Some more information here: >> >> https://www.kernel.org/doc/html/v4.17/admin-guide/module-signing.html#signed-modules-and-stripping > > Reading the above "between the lines", could the module be stripped /then/ > signed?
I think so. But right now the default assumption is that signing happens as part of the kernel's build process and stripping happens later, as part of OE's packaging process. Stripping before signing implies switching things around a little, e.g. either the kernel build process takes care of both stripping and signing, or OE is able to (re)sign modules after stripping them. Probably not a huge task to figure out, but not trivial either. -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core