On Mon, Sep 9, 2019 at 10:58 PM Andre McCurdy <[email protected]> wrote: > > On Mon, Sep 9, 2019 at 1:25 PM Nicolas Dechesne > <[email protected]> wrote: > > > > If this reasoning is correct that means that kernel signing + external > > module is broken. Note that I am working out of Thud for now, i am > > sending this email for now to get some feedback, and will try to > > reproduce without all our custom layers and with master. > > > > Should we deploy the keys/certificates in the kernel recipe instead of > > adding them in STAGING_KERNEL_DIR? Would that be enough? > > Maybe even better would be to have the module signing key provided by > a separate recipe and not rely on the kernel to auto generate it?
that would create some serious patching in the kernel makefiles (and maintenance burden), no? since the keys are embedded in the kernel image. -- _______________________________________________ Openembedded-core mailing list [email protected] http://lists.openembedded.org/mailman/listinfo/openembedded-core
