[yocto] Dynamically change linux kernel defconfig
Mathieu Alexandre-Tétreault
alexandretm at amotus.ca
Tue Jul 31 13:29:02 PDT 2018
Hello,
Here's what I am trying to achieve:
We are using the kernel signing facility to sign the kernel modules. Everything works as expected with an hard coded key(CONFIG_MODULE_SIG_KEY) in the defconfig. However, we would like to sign using two different keys. The dev build would have a different key than the production build.
So far what we have is a variable set in our local.conf that points toward the key to use during the build. This variable is also used by other application during the build.
What we tried so far:
- Adding a do_configure_preprend with a sed that modifies ${WORKDIR}/defconfig
This didn't work, my change was getting over written.
- Adding a do_configure_preprend with a sed that modifies ${B}/.config and then running oe_runmake old config
sed -i "/CONFIG_MODULE_SIG_KEY=/c\CONFIG_MODULE_SIG_KEY=${RSA_KEY_FOLDER}/${RSA_KEY_NAME}.kernel.pem" ${B}/.config
yes '' | oe_runmake oldconfig
The changes are then moved to .config.old and if I copy this image to my platform it says the signature doesn't match. If I look in the kernel-build-artifacts folder the certs folder containt the signing_key automatically generated by the kernel which means it didn't take my defconfig modification.
Is their a clean way to achieve this?
Cheers,
Mathieu
More information about the yocto
mailing list