@@ -25,3 +25,5 @@ SRC_URI:append:qemuarm = " \
FFA_TRANSPORT_INCLUDE = "${@bb.utils.contains('MACHINE_FEATURES', 'arm-ffa', 'arm-ffa-transport.inc', '' , d)}"
require ${FFA_TRANSPORT_INCLUDE}
+
+require ${@bb.utils.contains('MACHINE_FEATURES', 'uefi-secureboot', 'linux-yocto-uefi-secureboot.inc', '', d)}
\ No newline at end of file
new file mode 100644
@@ -0,0 +1,18 @@
+KERNEL_FEATURES += "cfg/efi-ext.scc"
+
+DEPENDS += "sbsigntool-native"
+
+do_compile:append() {
+ KERNEL_IMAGE=$(find "${B}" -name "${KERNEL_IMAGETYPE}" -print -quit)
+
+ "${STAGING_BINDIR_NATIVE}/sbsign" \
+ --key "${UEFI_SB_KEYS_DIR}/db.key" \
+ --cert "${UEFI_SB_KEYS_DIR}/db.crt" \
+ "${KERNEL_IMAGE}" \
+ --output "${KERNEL_IMAGETYPE}.signed"
+
+ install -m 0644 "${KERNEL_IMAGETYPE}.signed" "${KERNEL_IMAGE}"
+}
+
+RRECOMMENDS:${PN} += "kernel-module-efivarfs"
+RRECOMMENDS:${PN} += "kernel-module-efivars"
\ No newline at end of file
efivarfs kernel module is required to access EFI vars. Signed-off-by: Javier Tia <javier.tia@linaro.org> --- .../recipes-kernel/linux/linux-yocto%.bbappend | 2 ++ .../linux/linux-yocto-uefi-secureboot.inc | 18 ++++++++++++++++++ 2 files changed, 20 insertions(+) create mode 100644 meta-arm/recipes-kernel/linux/linux-yocto-uefi-secureboot.inc