Hi Ryan > I think the issue is that the weak assignment happens at the very end of > parsing if there no other value for the variable. But the various > classes (kernel-fitimage.bbclass, uboot-sign.bbclass, etc...) set the > variables using the ?= so that means the values we want for our stuff > never gets set correctly. > > I can see how this works for you in your case, but doing this in > meta-ti-bsp breaks everyone not using meta-tordex-security.
Yeah, you're right. I have done more tests here. Indeed it works with meta-toradex-security, but it fails without it. The reason is that, because of the weak assignment, the classes inherited by the kernel will take precedence and will set the variables with a different value from the machine, and later on, when the check is done in the U-Boot recipe, the configuration from the machine is used, which differs from the configuration used to sign the FIT image. Possibly the best solution for our use case is to force a default in our class with an override (e.g. FIT_SIGN_ALG:k3="rsa2048"), and instruct the users to change it with the forcevariable override (e.g. FIT_SIGN_ALG:forcevariable="rsa4096"). @Rogerio, do you see any other solution? Best regards, Sergio Prado
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#18009): https://lists.yoctoproject.org/g/meta-ti/message/18009 Mute This Topic: https://lists.yoctoproject.org/mt/109009846/21656 Group Owner: [email protected] Unsubscribe: https://lists.yoctoproject.org/g/meta-ti/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
