Use weak assignment to make it possible to override the default value via classes parsed after the machine configuration file.
This is the case when using the tdxref-signed class from meta-toradex-security to generated signed images for AM6X. Additionally, explicitly set FIT_SIGN_NUMBITS to 4096 to align with the default rsa4096 algorithm, preventing potential mismatches between the signing algorithm and key length. Signed-off-by: Sergio Prado <[email protected]> Signed-off-by: Rogerio Borin <[email protected]> --- meta-ti-bsp/conf/machine/include/k3.inc | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/meta-ti-bsp/conf/machine/include/k3.inc b/meta-ti-bsp/conf/machine/include/k3.inc index a296f64fa141..07f0bcb48bfc 100644 --- a/meta-ti-bsp/conf/machine/include/k3.inc +++ b/meta-ti-bsp/conf/machine/include/k3.inc @@ -26,10 +26,11 @@ UBOOT_SUFFIX = "img" UBOOT_SIGN_ENABLE = "1" UBOOT_MKIMAGE_DTCOPTS = "-I dts -O dtb" -UBOOT_SIGN_KEYNAME ?= "custMpk" -UBOOT_SIGN_KEYDIR ?= "${TI_SECURE_DEV_PKG}/keys" -FIT_HASH_ALG ?= "sha512" -FIT_SIGN_ALG ?= "rsa4096" +UBOOT_SIGN_KEYNAME ??= "custMpk" +UBOOT_SIGN_KEYDIR ??= "${TI_SECURE_DEV_PKG}/keys" +FIT_HASH_ALG ??= "sha512" +FIT_SIGN_ALG ??= "rsa4096" +FIT_SIGN_NUMBITS ??= "4096" EXTRA_IMAGEDEPENDS += "virtual/bootloader" -- 2.34.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#18006): https://lists.yoctoproject.org/g/meta-ti/message/18006 Mute This Topic: https://lists.yoctoproject.org/mt/109009846/21656 Group Owner: [email protected] Unsubscribe: https://lists.yoctoproject.org/g/meta-ti/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
