On Tue, 2017-07-18 at 15:42 -0700, Cal Sullivan wrote: > >> Adding the signing portion like this would make my goal a bit harder. > > The code can always be refactored, as long as the end-result is the same > > (do_uefiapp_deploy puts signed bootx64.efi into the rootfs). > Shouldn't be an issue. The bbclass should be able to handle signing any > valid binary at any point.
Agreed. There are multiple ways, ranging from functions defined in the .bbclass to shared Python modules under meta-intel/lib, so we are not limited to overriding one specific task. > > uefi-comboapp.bbclass is now in meta-intel master. I think it should be > > fixed or reverted before releasing M2. I don't have a preference either > > way. > With your patch it should be okay functionally and usable in refkit, > which will get us through M2. I'll work on generalizing the signing > portion better before moving on to other secure boot implementations, > but these will need to wait until after M2. Sounds like a plan. I have a patch ready for refkit (*) which drops the code from image-dsk.bbclass and uses uefi-comboapp.bbclass instead, so we just need to get this patch merged into meta-intel. (*) https://github.com/pohly/intel-iot-refkit/commits/uefi-combo-app -- Best Regards, Patrick Ohly The content of this message is my personal opinion only and although I am an employee of Intel, the statements I make here in no way represent Intel's position on the issue, nor am I authorized to speak on behalf of Intel on this matter. -- _______________________________________________ meta-intel mailing list [email protected] https://lists.yoctoproject.org/listinfo/meta-intel
