In chasing down a rare ccan configuration bug that sbsigntool-native trips over, I noticed that there are several sbsigntool-native recipes, all alike but not identical.
We have a few in the layer index: https://layers.openembedded.org/layerindex/branch/master/recipes/?q=sbsigntool and more elsewhere: https://www.google.ca/search?q=sbsigntool-native and even: https://www.google.ca/search?q=meta-secure-core The meta-intel and meta-secure-core versions were somewhat different but that seems to be due to lack of co-operation rather than different requirements. Does it make sense to have a single version of the recipe in a signing-key layer with the actual keys kept elsewhere I'd expect. If so, what layer would make the most sense? How about picking: https://layers.openembedded.org/layerindex/branch/master/layer/meta-signing-key/ There is likely other recipe duplication in secure boot layers but it's not something that I work on directly so I'm only mentioning sbsigntool. Feel free to reduce more duplication! Thanks, -- # Randy MacLeod. WR Linux # Wind River an Intel Company -- _______________________________________________ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto