From 4d147f45a48031a08b08571d5979133424d74598 Mon Sep 17 00:00:00 2001 From: Marcel Lilienthal <134974+mlilien@users.noreply.github.com> Date: Thu, 22 Jan 2026 12:33:18 +0100 Subject: [PATCH 1/3] chore: update to yocto 5.0.15 Signed-off-by: Marcel Lilienthal <134974+mlilien@users.noreply.github.com> --- conf/machine/include/rpi.inc | 2 +- kas/distro/oe.yaml | 8 ++++---- kas/distro/omnect-os.yaml | 8 ++++---- kas/machine/phytec/phytec.yaml | 8 ++++---- kas/machine/rpi/rpi.yaml | 2 +- kas/machine/x86_64/genericx86-64.yaml | 6 +++--- kas/patches/meta-openembedded.patch | 18 +++++++++--------- .../meta-openembedded_networkmanager.patch | 18 +++++++++--------- 8 files changed, 35 insertions(+), 35 deletions(-) diff --git a/conf/machine/include/rpi.inc b/conf/machine/include/rpi.inc index d1c54343..0e63d8a0 100644 --- a/conf/machine/include/rpi.inc +++ b/conf/machine/include/rpi.inc @@ -44,4 +44,4 @@ OMNECT_BOOTLOADER_RECIPE_PATH = "${LAYERDIR_core}/recipes-bsp/u-boot/u-boot_2024 # computed checksum is different to this; set to when # OMNECT_BOOTLOADER_CHECKSUM_COMPATIBLE:pn-bootloader-versioned is set OMNECT_BOOTLOADER_CHECKSUM_EXPECTED:pn-bootloader-versioned = "f9beee6e5ca031cf7cc37403ddd116c9737c172cdd554e5faced296e2d5375e5" -OMNECT_BOOTLOADER_CHECKSUM_COMPATIBLE:pn-bootloader-versioned = "b1444975de260efe5a444789b7595c6339c46bdb7b688acde9ab36d2ee6ef07b f9beee6e5ca031cf7cc37403ddd116c9737c172cdd554e5faced296e2d5375e5" +OMNECT_BOOTLOADER_CHECKSUM_COMPATIBLE:pn-bootloader-versioned = "ca6bc82ce9161b102bca775e216a09ef048685658bdf49938b386aba3586b5b7 f9beee6e5ca031cf7cc37403ddd116c9737c172cdd554e5faced296e2d5375e5" diff --git a/kas/distro/oe.yaml b/kas/distro/oe.yaml index 49c82be2..bcc90e2f 100644 --- a/kas/distro/oe.yaml +++ b/kas/distro/oe.yaml @@ -6,15 +6,15 @@ repos: ext/bitbake: url: "https://git.openembedded.org/bitbake" branch: "2.8" - # tag yocto-5.0.14 + # tag yocto-5.0.15 commit: "8dcf084522b9c66a6639b5f117f554fde9b6b45a" layers: .: 0 ext/_openembedded-core: #_ prefixed because of layer order with same prio e.g. meta-openembedded url: "https://git.openembedded.org/openembedded-core" branch: "scarthgap" - # tag yocto-5.0.14 - commit: "471adaa5f77fa3b974eab60a2ded48e360042828" + # tag yocto-5.0.15 + commit: "6988157ad983978ffd6b12bcefedd4deaffdbbd1" layers: meta: patches: @@ -22,4 +22,4 @@ repos: repo: "meta-omnect" path: "kas/patches/oe.patch" env: - OE_VERSION: "5.0.14" + OE_VERSION: "5.0.15" diff --git a/kas/distro/omnect-os.yaml b/kas/distro/omnect-os.yaml index 2fac8ddb..9cb38568 100644 --- a/kas/distro/omnect-os.yaml +++ b/kas/distro/omnect-os.yaml @@ -10,7 +10,7 @@ repos: ext/meta-openembedded: url: "https://github.com/openembedded/meta-openembedded.git" branch: "scarthgap" - commit: "7ed4330bcf1ecd4aa34bfbe1fd7079381b62b1e7" + commit: "2759d8870ea387b76c902070bed8a6649ff47b56" layers: # meta-multimedia is used by qemu_8.2.2.imx.bb (tauri) ToDo: possible to handle that in the machine specific kas file? meta-multimedia: @@ -28,17 +28,17 @@ repos: ext/meta-security: url: "https://git.yoctoproject.org/meta-security" branch: "scarthgap" - commit: "afbbe28cee4af2c6760aaead43a4a3ef29969809" + commit: "97e482b71688b62ac1109d16e89368122f039cbf" layers: meta-tpm: ext/meta-swupdate: url: "https://github.com/sbabic/meta-swupdate.git" branch: "scarthgap" - commit: "2b48267fcfedf61c2a33c7830e794115263639f8" + commit: "226701adf0f7c8ed08d4d6a7783e88d34ef2d5e9" ext/meta-virtualization: url: "https://git.yoctoproject.org/meta-virtualization" branch: "scarthgap" - commit: "17ac21e7d7f6f40a87618b22278b63bcfa14dbf2" + commit: "f92518e20530edfebca45e4170e11460949a5303" patches: p001: repo: "meta-omnect" diff --git a/kas/machine/phytec/phytec.yaml b/kas/machine/phytec/phytec.yaml index 1deb1a64..3ad56d51 100644 --- a/kas/machine/phytec/phytec.yaml +++ b/kas/machine/phytec/phytec.yaml @@ -7,7 +7,7 @@ repos: ext/meta-phytec: url: "https://github.com/phytec/meta-phytec" branch: "scarthgap" - commit: "f9d9ee9f5e74d1336757361bb91c9413250f19fc" + commit: "951384d6a847a5cfcb9c34e31e2e47c15a91437f" patches: p001: repo: "meta-omnect" @@ -15,15 +15,15 @@ repos: ext/meta-freescale: url: "https://github.com/Freescale/meta-freescale.git" branch: "scarthgap" - commit: "7d83a350d8b28498321a481a2a1c51bb4afb48e9" + commit: "902dde8c5bd29bb507ac8d37772565a6c9ab77cd" patches: p001: repo: "meta-omnect" path: "kas/patches/meta-freescale_layerdir.patch" ext/meta-imx: url: "https://github.com/nxp-imx/meta-imx.git" - branch: "scarthgap-6.6.52-2.2.1" - commit: "e83d4402acde050d2b2761995761c81c797b5b03" + branch: "scarthgap-6.6.52-2.2.2" + commit: "e1ec1a20d573e3913f4ad90fa36546ed2bc87715" layers: meta-imx-bsp: meta-imx-sdk: diff --git a/kas/machine/rpi/rpi.yaml b/kas/machine/rpi/rpi.yaml index fffa11c1..46e75e5f 100644 --- a/kas/machine/rpi/rpi.yaml +++ b/kas/machine/rpi/rpi.yaml @@ -7,7 +7,7 @@ repos: ext/meta-raspberrypi: url: "https://github.com/agherzan/meta-raspberrypi.git" branch: "scarthgap" - commit: "cd677051d18d4af2f043ac1ab58509ae5f594cf6" + commit: "2c646d29912dcc873469a57b1c207e1549c5094d" patches: p001: repo: "meta-omnect" diff --git a/kas/machine/x86_64/genericx86-64.yaml b/kas/machine/x86_64/genericx86-64.yaml index 1e165acd..2c34b41e 100644 --- a/kas/machine/x86_64/genericx86-64.yaml +++ b/kas/machine/x86_64/genericx86-64.yaml @@ -7,13 +7,13 @@ repos: ext/meta-yocto-bsp: url: "https://git.yoctoproject.org/meta-yocto" branch: scarthgap - commit: "bf6aea52c4009e08f26565c33ce432eec7cfb090" + commit: "9bb6e6e8b016a0c9dfe290369a6ed91ef4020535" layers: meta-yocto-bsp: ext/meta-secure-core: url: "https://github.com/Wind-River/meta-secure-core.git" branch: "scarthgap" - commit: "eba66ba00566110d3bcdfe2fef47f81d4806012b" + commit: "48fab8c5706e4805995b69855f919e2a50889da0" layers: meta-efi-secure-boot: meta-secure-core-common: @@ -25,7 +25,7 @@ repos: ext/meta-perl: url: "https://github.com/openembedded/meta-openembedded.git" branch: "scarthgap" - commit: "7ed4330bcf1ecd4aa34bfbe1fd7079381b62b1e7" + commit: "2759d8870ea387b76c902070bed8a6649ff47b56" layers: meta-perl: diff --git a/kas/patches/meta-openembedded.patch b/kas/patches/meta-openembedded.patch index 9dc61233..ba29f2be 100644 --- a/kas/patches/meta-openembedded.patch +++ b/kas/patches/meta-openembedded.patch @@ -1,7 +1,7 @@ -diff --git a/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.46.0.bb b/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.46.0.bb -index 8184fcf1a..da5236069 100644 ---- a/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.46.0.bb -+++ b/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.46.0.bb +diff --git a/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.46.6.bb b/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.46.6.bb +index 8bf0942a21..9d1b937514 100644 +--- a/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.46.6.bb ++++ b/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.46.6.bb @@ -76,11 +76,11 @@ EXTRA_OEMESON = "\ CFLAGS:append:libc-musl = " \ -DRTLD_DEEPBIND=0 \ @@ -11,11 +11,11 @@ index 8184fcf1a..da5236069 100644 - cp -f ${STAGING_LIBDIR}/girepository-1.0/Gio*typelib ${STAGING_LIBDIR_NATIVE}/girepository-1.0/ - cp -f ${STAGING_LIBDIR}/girepository-1.0/GModule*typelib ${STAGING_LIBDIR_NATIVE}/girepository-1.0/ -} -+# do_configure:prepend() { -+# cp -f ${STAGING_LIBDIR}/girepository-1.0/GObject*typelib ${STAGING_LIBDIR_NATIVE}/girepository-1.0/ -+# cp -f ${STAGING_LIBDIR}/girepository-1.0/Gio*typelib ${STAGING_LIBDIR_NATIVE}/girepository-1.0/ -+# cp -f ${STAGING_LIBDIR}/girepository-1.0/GModule*typelib ${STAGING_LIBDIR_NATIVE}/girepository-1.0/ -+# } ++#do_configure:prepend() { ++# cp -f ${STAGING_LIBDIR}/girepository-1.0/GObject*typelib ${STAGING_LIBDIR_NATIVE}/girepository-1.0/ ++# cp -f ${STAGING_LIBDIR}/girepository-1.0/Gio*typelib ${STAGING_LIBDIR_NATIVE}/girepository-1.0/ ++# cp -f ${STAGING_LIBDIR}/girepository-1.0/GModule*typelib ${STAGING_LIBDIR_NATIVE}/girepository-1.0/ ++#} PACKAGECONFIG ??= "readline nss ifupdown dnsmasq nmcli vala \ ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd', bb.utils.contains('DISTRO_FEATURES', 'x11', 'consolekit', '', d), d)} \ diff --git a/kas/patches/meta-openembedded_networkmanager.patch b/kas/patches/meta-openembedded_networkmanager.patch index c57ee985..069d92ec 100644 --- a/kas/patches/meta-openembedded_networkmanager.patch +++ b/kas/patches/meta-openembedded_networkmanager.patch @@ -1,7 +1,7 @@ -diff --git a/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.46.0.bb b/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.46.0.bb -index 8184fcf1a..da5236069 100644 ---- a/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.46.0.bb -+++ b/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.46.0.bb +diff --git a/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.46.6.bb b/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.46.6.bb +index 8bf0942a21..9d1b937514 100644 +--- a/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.46.6.bb ++++ b/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.46.6.bb @@ -76,11 +76,11 @@ EXTRA_OEMESON = "\ CFLAGS:append:libc-musl = " \ -DRTLD_DEEPBIND=0 \ @@ -11,11 +11,11 @@ index 8184fcf1a..da5236069 100644 - cp -f ${STAGING_LIBDIR}/girepository-1.0/Gio*typelib ${STAGING_LIBDIR_NATIVE}/girepository-1.0/ - cp -f ${STAGING_LIBDIR}/girepository-1.0/GModule*typelib ${STAGING_LIBDIR_NATIVE}/girepository-1.0/ -} -+# do_configure:prepend() { -+# cp -f ${STAGING_LIBDIR}/girepository-1.0/GObject*typelib ${STAGING_LIBDIR_NATIVE}/girepository-1.0/ -+# cp -f ${STAGING_LIBDIR}/girepository-1.0/Gio*typelib ${STAGING_LIBDIR_NATIVE}/girepository-1.0/ -+# cp -f ${STAGING_LIBDIR}/girepository-1.0/GModule*typelib ${STAGING_LIBDIR_NATIVE}/girepository-1.0/ -+# } ++#do_configure:prepend() { ++# cp -f ${STAGING_LIBDIR}/girepository-1.0/GObject*typelib ${STAGING_LIBDIR_NATIVE}/girepository-1.0/ ++# cp -f ${STAGING_LIBDIR}/girepository-1.0/Gio*typelib ${STAGING_LIBDIR_NATIVE}/girepository-1.0/ ++# cp -f ${STAGING_LIBDIR}/girepository-1.0/GModule*typelib ${STAGING_LIBDIR_NATIVE}/girepository-1.0/ ++#} PACKAGECONFIG ??= "readline nss ifupdown dnsmasq nmcli vala \ ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd', bb.utils.contains('DISTRO_FEATURES', 'x11', 'consolekit', '', d), d)} \ From 38f5ac267ff24f129953a16b94c5208f24bc2a78 Mon Sep 17 00:00:00 2001 From: Marcel Lilienthal <134974+mlilien@users.noreply.github.com> Date: Thu, 22 Jan 2026 14:51:08 +0100 Subject: [PATCH 2/3] tauril2 Signed-off-by: Marcel Lilienthal <134974+mlilien@users.noreply.github.com> --- conf/machine/include/phytec-imx8mm.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/machine/include/phytec-imx8mm.inc b/conf/machine/include/phytec-imx8mm.inc index 594fa863..0320e050 100644 --- a/conf/machine/include/phytec-imx8mm.inc +++ b/conf/machine/include/phytec-imx8mm.inc @@ -107,4 +107,4 @@ OMNECT_BOOTLOADER_RECIPE_PATH = "${LAYERDIR_phytec}/recipes-bsp/u-boot/u-boot-ph # computed checksum is different to this; set to when # OMNECT_BOOTLOADER_CHECKSUM_COMPATIBLE:pn-bootloader-versioned is set OMNECT_BOOTLOADER_CHECKSUM_EXPECTED:pn-bootloader-versioned = "faa4ee371d68bc291465422c1e8713cd2b5e0954c7feb354b76217652c3b07df" -OMNECT_BOOTLOADER_CHECKSUM_COMPATIBLE:pn-bootloader-versioned = "e3d6a36bf5aba5872084ef1de8bea149b25a49b1b43dff6ffefca5ce75aae2bf faa4ee371d68bc291465422c1e8713cd2b5e0954c7feb354b76217652c3b07df" +OMNECT_BOOTLOADER_CHECKSUM_COMPATIBLE:pn-bootloader-versioned = "eef7efcb1878fbf7a86996cf9e228b9f69fafca1ed8c0d6acd4e86fd760e88a5 faa4ee371d68bc291465422c1e8713cd2b5e0954c7feb354b76217652c3b07df" From 8f06040235439befe7b0011050c93be5c26ca433 Mon Sep 17 00:00:00 2001 From: Marcel Lilienthal <134974+mlilien@users.noreply.github.com> Date: Tue, 27 Jan 2026 12:31:09 +0100 Subject: [PATCH 3/3] grub: meta-secure-boot patch Signed-off-by: Marcel Lilienthal <134974+mlilien@users.noreply.github.com> --- conf/machine/genericx86-64.extra.conf | 2 +- kas/machine/x86_64/genericx86-64.yaml | 2 +- kas/patches/meta-efi-secure-boot.patch | 86 +++++++++++++++++++++ kas/patches/meta-efi-secure-boot_grub.patch | 77 ++++++++++++++++++ 4 files changed, 165 insertions(+), 2 deletions(-) create mode 100644 kas/patches/meta-efi-secure-boot.patch create mode 100644 kas/patches/meta-efi-secure-boot_grub.patch diff --git a/conf/machine/genericx86-64.extra.conf b/conf/machine/genericx86-64.extra.conf index eb1ecff8..82a4f139 100644 --- a/conf/machine/genericx86-64.extra.conf +++ b/conf/machine/genericx86-64.extra.conf @@ -103,5 +103,5 @@ OMNECT_BOOTLOADER_RECIPE_PATH = "${LAYERDIR_core}/recipes-bsp/grub/grub-efi_2.12 # OMNECT_BOOTLOADER_CHECKSUM_EXPTECTED:pn-bootloader-versioned - build will fail, if the # computed checksum is different to this; set to when # OMNECT_BOOTLOADER_CHECKSUM_COMPATIBLE:pn-bootloader-versioned is set -OMNECT_BOOTLOADER_CHECKSUM_EXPECTED:pn-bootloader-versioned = "e8fd2d1f1abe06e83af8e7c3981b7d9275d9720ae2d2c27141180add1f48bce9" +OMNECT_BOOTLOADER_CHECKSUM_EXPECTED:pn-bootloader-versioned = "873ba6cc0ab55772dfd1aa17af204c2a263a2ef154b724a96ce4ceebcda7e275" #OMNECT_BOOTLOADER_CHECKSUM_COMPATIBLE:pn-bootloader-versioned = "" diff --git a/kas/machine/x86_64/genericx86-64.yaml b/kas/machine/x86_64/genericx86-64.yaml index 2c34b41e..b4a768ac 100644 --- a/kas/machine/x86_64/genericx86-64.yaml +++ b/kas/machine/x86_64/genericx86-64.yaml @@ -21,7 +21,7 @@ repos: patches: p001: repo: "meta-omnect" - path: "kas/patches/meta-efi-secure-boot_layerdir.patch" + path: "kas/patches/meta-efi-secure-boot.patch" ext/meta-perl: url: "https://github.com/openembedded/meta-openembedded.git" branch: "scarthgap" diff --git a/kas/patches/meta-efi-secure-boot.patch b/kas/patches/meta-efi-secure-boot.patch new file mode 100644 index 00000000..0833f8ed --- /dev/null +++ b/kas/patches/meta-efi-secure-boot.patch @@ -0,0 +1,86 @@ +diff --git a/meta-efi-secure-boot/recipes-bsp/grub/grub-efi/0003-mok2verify-support-to-verify-non-PE-file-with-PKCS-7.patch b/meta-efi-secure-boot/recipes-bsp/grub/grub-efi/0003-mok2verify-support-to-verify-non-PE-file-with-PKCS-7.patch +index 18d937b..328509e 100644 +--- a/meta-efi-secure-boot/recipes-bsp/grub/grub-efi/0003-mok2verify-support-to-verify-non-PE-file-with-PKCS-7.patch ++++ b/meta-efi-secure-boot/recipes-bsp/grub/grub-efi/0003-mok2verify-support-to-verify-non-PE-file-with-PKCS-7.patch +@@ -1,4 +1,4 @@ +-From db890f512844a23b9e8621d466b39ada9b9e740d Mon Sep 17 00:00:00 2001 ++From 560291b9cdf1398da4e8ab8bd8602910158853aa Mon Sep 17 00:00:00 2001 + From: Lans Zhang + Date: Wed, 12 Jul 2017 16:02:13 +0800 + Subject: [PATCH] mok2verify: support to verify non-PE file with PKCS#7 +@@ -51,11 +51,11 @@ Signed-off-by: Yi Zhao + grub-core/lib/efi/mok2verify.c | 182 +++++++++++++++++++++++++++++++++ + grub-core/loader/i386/linux.c | 60 +++++++++++ + grub-core/loader/linux.c | 27 ++++- +- grub-core/normal/main.c | 53 +++++++++- ++ grub-core/normal/main.c | 56 +++++++++- + grub-core/normal/menu.c | 31 ++++-- + grub-core/normal/menu_text.c | 33 ++++-- + include/grub/efi/mok2verify.h | 48 +++++++++ +- 10 files changed, 463 insertions(+), 30 deletions(-) ++ 10 files changed, 466 insertions(+), 30 deletions(-) + create mode 100644 grub-core/lib/efi/mok2verify.c + create mode 100644 include/grub/efi/mok2verify.h + +@@ -507,7 +507,7 @@ index 56bc1be..09ce5c1 100644 + + return err; + } + diff --git a/grub-core/normal/main.c b/grub-core/normal/main.c +-index 5ce76ab..f754609 100644 ++index 4690243..33cc96e 100644 + --- a/grub-core/normal/main.c + +++ b/grub-core/normal/main.c + @@ -34,6 +34,9 @@ +@@ -611,20 +611,28 @@ index 5ce76ab..f754609 100644 + return 0; + } + +-@@ -547,8 +589,11 @@ GRUB_MOD_INIT(normal) ++@@ -547,7 +589,10 @@ GRUB_MOD_INIT(normal) + /* Register a command "normal" for the rescue mode. */ +- grub_register_command ("normal", grub_cmd_normal, +- 0, N_("Enter normal mode.")); +-- grub_register_command ("normal_exit", grub_cmd_normal_exit, +-- 0, N_("Exit from normal mode.")); ++ cmd_normal = grub_register_command ("normal", grub_cmd_normal, ++ 0, N_("Enter normal mode.")); ++- cmd_normal_exit = grub_register_command ("normal_exit", grub_cmd_normal_exit, + +#ifdef GRUB_MACHINE_EFI + + if (grub_is_secured () == 0) + +#endif +-+ grub_register_command ("normal_exit", grub_cmd_normal_exit, +-+ 0, N_("Exit from normal mode.")); +++ cmd_normal_exit = grub_register_command ("normal_exit", grub_cmd_normal_exit, ++ 0, N_("Exit from normal mode.")); + + /* Reload terminal colors when these variables are written to. */ +- grub_register_variable_hook ("color_normal", NULL, grub_env_write_color_normal); ++@@ -591,5 +636,8 @@ GRUB_MOD_FINI(normal) ++ grub_fs_autoload_hook = 0; ++ grub_unregister_command (cmd_clear); ++ grub_unregister_command (cmd_normal); ++- grub_unregister_command (cmd_normal_exit); +++#ifdef GRUB_MACHINE_EFI +++ if (grub_is_secured () == 0) +++#endif +++ grub_unregister_command (cmd_normal_exit); ++ } + diff --git a/grub-core/normal/menu.c b/grub-core/normal/menu.c + index 6a90e09..17eadf3 100644 + --- a/grub-core/normal/menu.c +@@ -796,5 +804,5 @@ index 0000000..98ef2d4 + + + +#endif /* ! GRUB_EFI_MOK2_VERIFY_HEADER */ + -- +-2.25.1 ++2.34.1 + +diff --git a/meta-efi-secure-boot/conf/layer.conf b/meta-efi-secure-boot/conf/layer.conf +index 0efef32..1ebddf7 100644 +--- a/meta-efi-secure-boot/conf/layer.conf ++++ b/meta-efi-secure-boot/conf/layer.conf +@@ -20,3 +20,4 @@ LAYERDEPENDS_efi-secure-boot = "\ + " + + LAYERSERIES_COMPAT_efi-secure-boot = "scarthgap" ++LAYERDIR_efi-secure-boot = "${LAYERDIR}" diff --git a/kas/patches/meta-efi-secure-boot_grub.patch b/kas/patches/meta-efi-secure-boot_grub.patch new file mode 100644 index 00000000..e44d2e4f --- /dev/null +++ b/kas/patches/meta-efi-secure-boot_grub.patch @@ -0,0 +1,77 @@ +diff --git a/meta-efi-secure-boot/recipes-bsp/grub/grub-efi/0003-mok2verify-support-to-verify-non-PE-file-with-PKCS-7.patch b/meta-efi-secure-boot/recipes-bsp/grub/grub-efi/0003-mok2verify-support-to-verify-non-PE-file-with-PKCS-7.patch +index 18d937b..328509e 100644 +--- a/meta-efi-secure-boot/recipes-bsp/grub/grub-efi/0003-mok2verify-support-to-verify-non-PE-file-with-PKCS-7.patch ++++ b/meta-efi-secure-boot/recipes-bsp/grub/grub-efi/0003-mok2verify-support-to-verify-non-PE-file-with-PKCS-7.patch +@@ -1,4 +1,4 @@ +-From db890f512844a23b9e8621d466b39ada9b9e740d Mon Sep 17 00:00:00 2001 ++From 560291b9cdf1398da4e8ab8bd8602910158853aa Mon Sep 17 00:00:00 2001 + From: Lans Zhang + Date: Wed, 12 Jul 2017 16:02:13 +0800 + Subject: [PATCH] mok2verify: support to verify non-PE file with PKCS#7 +@@ -51,11 +51,11 @@ Signed-off-by: Yi Zhao + grub-core/lib/efi/mok2verify.c | 182 +++++++++++++++++++++++++++++++++ + grub-core/loader/i386/linux.c | 60 +++++++++++ + grub-core/loader/linux.c | 27 ++++- +- grub-core/normal/main.c | 53 +++++++++- ++ grub-core/normal/main.c | 56 +++++++++- + grub-core/normal/menu.c | 31 ++++-- + grub-core/normal/menu_text.c | 33 ++++-- + include/grub/efi/mok2verify.h | 48 +++++++++ +- 10 files changed, 463 insertions(+), 30 deletions(-) ++ 10 files changed, 466 insertions(+), 30 deletions(-) + create mode 100644 grub-core/lib/efi/mok2verify.c + create mode 100644 include/grub/efi/mok2verify.h + +@@ -507,7 +507,7 @@ index 56bc1be..09ce5c1 100644 + + return err; + } + diff --git a/grub-core/normal/main.c b/grub-core/normal/main.c +-index 5ce76ab..f754609 100644 ++index 4690243..33cc96e 100644 + --- a/grub-core/normal/main.c + +++ b/grub-core/normal/main.c + @@ -34,6 +34,9 @@ +@@ -611,20 +611,28 @@ index 5ce76ab..f754609 100644 + return 0; + } + +-@@ -547,8 +589,11 @@ GRUB_MOD_INIT(normal) ++@@ -547,7 +589,10 @@ GRUB_MOD_INIT(normal) + /* Register a command "normal" for the rescue mode. */ +- grub_register_command ("normal", grub_cmd_normal, +- 0, N_("Enter normal mode.")); +-- grub_register_command ("normal_exit", grub_cmd_normal_exit, +-- 0, N_("Exit from normal mode.")); ++ cmd_normal = grub_register_command ("normal", grub_cmd_normal, ++ 0, N_("Enter normal mode.")); ++- cmd_normal_exit = grub_register_command ("normal_exit", grub_cmd_normal_exit, + +#ifdef GRUB_MACHINE_EFI + + if (grub_is_secured () == 0) + +#endif +-+ grub_register_command ("normal_exit", grub_cmd_normal_exit, +-+ 0, N_("Exit from normal mode.")); +++ cmd_normal_exit = grub_register_command ("normal_exit", grub_cmd_normal_exit, ++ 0, N_("Exit from normal mode.")); + + /* Reload terminal colors when these variables are written to. */ +- grub_register_variable_hook ("color_normal", NULL, grub_env_write_color_normal); ++@@ -591,5 +636,8 @@ GRUB_MOD_FINI(normal) ++ grub_fs_autoload_hook = 0; ++ grub_unregister_command (cmd_clear); ++ grub_unregister_command (cmd_normal); ++- grub_unregister_command (cmd_normal_exit); +++#ifdef GRUB_MACHINE_EFI +++ if (grub_is_secured () == 0) +++#endif +++ grub_unregister_command (cmd_normal_exit); ++ } + diff --git a/grub-core/normal/menu.c b/grub-core/normal/menu.c + index 6a90e09..17eadf3 100644 + --- a/grub-core/normal/menu.c +@@ -796,5 +804,5 @@ index 0000000..98ef2d4 + + + +#endif /* ! GRUB_EFI_MOK2_VERIFY_HEADER */ + -- +-2.25.1 ++2.34.1 +