Hi,

I am working with kernel 3.10.17 and poky daisy.

The kernel was patched to support certificates list & trusted keyring.

I managed to build the kernel both with an own keypair (signature done manually 
post-build) and with the CONFIG_MODULE_SIG_ALL option enabled.

In the second case, I noticed that signed modules are not included in the 
/lib/modules directory of the filesystem image, although the variable 
MACHINE_EXTRA_RRECOMMENDS contains "kernel-modules" into the machine 
configuration.

All modules integrated inside the filesystem remained unsigned. They do not 
include the digital signature normally appended at their end.

Once flashed with the rootfs, the proper certificate is loaded on the device, 
but 'lsmod' command returns an empty list of loaded modules.

However, signed modules are packaged into the modules.tgz file. That's why 
modules are loaded as expected if I untar the archive's content on the device.

It might be possible to run a custom command by overloading the 
ROOTFS_POSTPROCESS_COMMAND variable but is there a more appropriate way to 
proceed ?

Best regards,

Nicolas
-- 
_______________________________________________
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

Reply via email to