From ae095ca61e87f647923d437fe0e8cbe1d18bd0eb Mon Sep 17 00:00:00 2001
From: Andrew Ammerlaan <
[email protected]>
Date: Wed, 30 Aug 2023 18:38:43 +0200
Subject: [PATCH] kernel-build.eclass: fix kernel image signing on arm64 and
riscv
Arm64/riscv have no compressed kernel support. With CONFIG_EFI_ZBOOT enabled the build system will build a bootable image with its own compressor that we can then sign. With CONFIG_EFI_ZBOOT disabled we end up with a compressed kernel image that must be uncompressed before signing and requires the bootloader to uncompress it before it can boot.
Signed-off-by: Andrew Ammerlaan <
[email protected]>
---
eclass/kernel-build.eclass | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/eclass/kernel-build.eclass b/eclass/kernel-build.eclass
index ca105ee1f1330..0c40e8033fe29 100644
--- a/eclass/kernel-build.eclass
+++ b/eclass/kernel-build.eclass
@@ -436,6 +436,20 @@ kernel-build_merge_configs() {
fi
fi
+ if [[ ${KERNEL_IUSE_SECUREBOOT} ]]; then
+ if use secureboot; then
+ # This only effects arm64 and riscv where the bootable image may
+ # contain its own decompressor (zboot). If enabled we get a
+ # sign-able efi file.
+ cat <<-EOF > "${WORKDIR}/secureboot.config" || die
+ ## Enable zboot for signing
+ CONFIG_EFI_ZBOOT=y
+ EOF
+
+ merge_configs+=( "${WORKDIR}/secureboot.config" )
+ fi
+ fi
+
if [[ ${#user_configs[@]} -gt 0 ]]; then
elog "User config files are being applied:"
local x
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)