When using binman to generate U-Boot images, the configuration signing keys are not included in the final image. This occurs because the binman image is not regenerated after the configuration signing keys are added to the device tree.
In case binman is used, regenerate the image with the updated device tree containing the configuration signing keys. This ensures the signed configuration is properly included in the final U-Boot image. Signed-off-by: Kory Maincent <[email protected]> --- meta/classes-recipe/uboot-sign.bbclass | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/meta/classes-recipe/uboot-sign.bbclass b/meta/classes-recipe/uboot-sign.bbclass index 9cb5c6ccf3..9268bfc451 100644 --- a/meta/classes-recipe/uboot-sign.bbclass +++ b/meta/classes-recipe/uboot-sign.bbclass @@ -192,6 +192,15 @@ concat_dtb() { -k "${UBOOT_DTB_BINARY}" \ -f ${B}/unused.itb fi + + # Regenerate binman image with the newly signed key + if [ "${UBOOT_BINMAN_IMAGE}" = "1" ] && [ -f "..binman_stamp.cmd" ]; then + binman_cmd=$(sed -n 's/^cmd_[^:]*:= *//p' ..binman_stamp.cmd) + dtb_binary=$(basename ${UBOOT_DTB_BINARY} .dtb) + binman_cmd="${binman_cmd} -a of-list=\"${dtb_binary}\" -a default-dt=\"${dtb_binary}\"" + eval ${binman_cmd} + fi + cp ${UBOOT_DTB_BINARY} ${UBOOT_DTB_SIGNED} fi -- 2.43.0
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#230547): https://lists.openembedded.org/g/openembedded-core/message/230547 Mute This Topic: https://lists.openembedded.org/mt/117635929/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
