[yocto] single or authoritative home for sbsigntool?
Randy MacLeod
randy.macleod at windriver.com
Fri Jan 19 14:10:08 PST 2018
+Megha
-luv at lists.01.org since you have to be a member to send to the list.
../Randy
On 2018-01-19 04:07 PM, Randy MacLeod wrote:
>
> In chasing down a rare ccan configuration bug that sbsigntool-native
> trips over, I noticed that there are several sbsigntool-native recipes,
> all alike but not identical.
>
> We have a few in the layer index:
>
> https://layers.openembedded.org/layerindex/branch/master/recipes/?q=sbsigntool
>
>
> and more elsewhere:
> https://www.google.ca/search?q=sbsigntool-native
> and even:
> https://www.google.ca/search?q=meta-secure-core
>
> The meta-intel and meta-secure-core versions were somewhat different but
> that seems to be due to lack of co-operation rather than different
> requirements.
>
> Does it make sense to have a single version of the recipe in
> a signing-key layer with the actual keys kept elsewhere I'd expect.
>
> If so, what layer would make the most sense?
> How about picking:
>
> https://layers.openembedded.org/layerindex/branch/master/layer/meta-signing-key/
>
>
>
> There is likely other recipe duplication in secure boot layers but
> it's not something that I work on directly so I'm only mentioning
> sbsigntool. Feel free to reduce more duplication!
>
> Thanks,
>
--
# Randy MacLeod. WR Linux
# Wind River an Intel Company
More information about the yocto
mailing list