| Message ID | 20220627120247.22464-1-jose.quaresma@foundries.io |
|---|---|
| State | Accepted, archived |
| Delegated to: | Armin Kuster |
| Headers | show |
| Series | [meta-security,v2] meta-integrity: kernel-modsign: prevents splitting out debug symbols | expand |
diff --git a/meta-integrity/classes/kernel-modsign.bbclass b/meta-integrity/classes/kernel-modsign.bbclass index 093c358..d3aa7fb 100644 --- a/meta-integrity/classes/kernel-modsign.bbclass +++ b/meta-integrity/classes/kernel-modsign.bbclass @@ -13,7 +13,9 @@ MODSIGN_PRIVKEY ?= "${MODSIGN_KEY_DIR}/privkey_modsign.pem" MODSIGN_X509 ?= "${MODSIGN_KEY_DIR}/x509_modsign.crt" # If this class is enabled, disable stripping signatures from modules +# as well disable the debug symbols split INHIBIT_PACKAGE_STRIP = "1" +INHIBIT_PACKAGE_DEBUG_SPLIT = "1" kernel_do_configure:prepend() { if [ -f "${MODSIGN_PRIVKEY}" -a -f "${MODSIGN_X509}" ]; then
Starting with [1] kernel modules symbols is being slipped in OE-core and this breaks the kernel modules sign, so disable it. [1] https://git.openembedded.org/openembedded-core/commit/?id=e09a8fa931fe617afc05bd5e00dca5dd3fe386e8 Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io> --- meta-integrity/classes/kernel-modsign.bbclass | 2 ++ 1 file changed, 2 insertions(+)