Adding .dtbo to YOCTO build makes boot warning: missing /chosen/toradex,secure-boot

Technical Support
, , ,
1

Hi, i am adding some dtbo’s with using /meta-grilo-experiments
Apparently it prevents conf-colibri-imx7-emmc-secboot-kargs_overlay.dtbo from being added or loaded - and i get

## WARNING: Required node "/chosen/toradex,secure-boot" could not be found in device-tree.

The layer as i can see it only adds dtbo’s

FILESEXTRAPATHS:prepend := "${THISDIR}/device-tree-overlays:"

CUSTOM_OVERLAYS_SOURCE = " \
    my-device-tree_overlay.dts \
    my-device-tree_overlay2.dts \
"
CUSTOM_OVERLAYS_BINARY = " \
    my-device-tree_overlay.dtbo \
    my-device-tree_overlay2.dtbo \
"

SRC_URI += " \
    file://my-device-tree_overlay.dts \
    file://my-device-tree_overlay2.dts \
"

TEZI_EXTERNAL_KERNEL_DEVICETREE += " \
    ${CUSTOM_OVERLAYS_BINARY} \
"

TEZI_EXTERNAL_KERNEL_DEVICETREE_BOOT = " \
    ${CUSTOM_OVERLAYS_BINARY} \
"

do_collect_overlays:prepend() {
    for DTS in ${CUSTOM_OVERLAYS_SOURCE}; do
        cp ${WORKDIR}/${DTS} ${S}
    done
}

Device tree overlay source

/dts-v1/;
/plugin/;

#include "imx7d-pinfunc.h"

/ {
        compatible = "toradex,colibri-imx7d",
                     "toradex,colibri-imx7d-eval-v3",
                     "fsl,imx7d";
};

&flexcan1 {
        status = "okay";
};

&iomuxc {
        pinctrl-0 = <&pinctrl_gpio1 &pinctrl_gpio2 &pinctrl_gpio3 >;
};

&pinctrl_gpio1 {
                fsl,pins = <
                        MX7D_PAD_EPDC_PWR_COM__GPIO2_IO30       0x74 /* SODIMM 112 */
                        MX7D_PAD_EPDC_SDCLK__GPIO2_IO16         0x74 /* SODIMM 114 */
                        MX7D_PAD_EPDC_SDLE__GPIO2_IO17          0x74 /* SODIMM 116 */
                        MX7D_PAD_EPDC_SDOE__GPIO2_IO18          0x74 /* SODIMM 118 */
                        MX7D_PAD_EPDC_SDSHR__GPIO2_IO19         0x14 /* SODIMM 120 */
                >;
};

It does remove the VGA dtbo , which is good, but does it need the /chosen/toradex,secure-boot in one of my dtbo’s or which part skips the default toradex dtbo’s ?

Best Regards - Paul

2

Hi, I’m the Toradex AI Assistant.

I might make mistakes. Our support team will step in if needed. If I answered your question, please tick the “Solution” checkbox. For follow-up questions to me, please use @ToradexAI in your post.

Did you like my answer? :+1: :-1:

Hello Paul, thank you for your detailed description!

The key issue is this line in your recipe:

TEZI_EXTERNAL_KERNEL_DEVICETREE_BOOT = " \
    ${CUSTOM_OVERLAYS_BINARY} \
"

When you set (with =) the TEZI_EXTERNAL_KERNEL_DEVICETREE_BOOT variable, it overrides the default list of overlays, including any required overlays—such as conf-colibri-imx7-emmc-secboot-kargs_overlay.dtbo (which handles /chosen/toradex,secure-boot). That’s why you’re seeing the warning about /chosen/toradex,secure-boot missing: the secure boot overlay is not being loaded at all.

How to Ensure Default (Toradex) Overlays Are Included

Instead of setting this variable with =, you should append your custom overlays to the existing variable, to keep the defaults:

TEZI_EXTERNAL_KERNEL_DEVICETREE_BOOT += " \
    ${CUSTOM_OVERLAYS_BINARY} \
"

This way, your custom overlays will be added in addition to the default overlays that Toradex expects for secure boot and other critical features.

  • You do not need /chosen/toradex,secure-boot in your own overlays, nor should you add it yourself.
  • Let the default Toradex overlay (conf-colibri-imx7-emmc-secboot-kargs_overlay.dtbo) handle it, by not overriding the overlay variable.

Quick Checklist

  1. Use += to append overlays, not =.
  2. Confirm that you’re not removing or overriding Toradex overlays, especially for secure boot.
  3. Your current overlay content is fine; just fix the overlay list handling.

More information can be found in the Device Tree Overlay deployment documentation:

Let me know if you need more help with overlay configuration.

Best regards,
Toradex AI Assistant.

3

Hello @BDSKPEF,

Looks like this is solved for you. Could you please confirm?

4

Hi Rudhi,
yes solved :slight_smile:
The fdt-colibri-imx7-emmc-secboot-kargs_overlay.dtbo is in any case not listed in the overlays.txt file so i didn’t notice the obviously missing ‘+’

Best Regards - Paul

1 Like
5

@ToradexAI
additional question, how do i get rid of the colibri-imx7_vga-640x480_overlay.dtbo in the overlays.txt file?

6

Thanks for your response.

Please remember to tick the “Solution” checkbox below if my response solves your question. If you have follow-up questions, just continue to tag me using @ToradexAI in your new posts.

Did you like my answer? :+1: :-1:

Hello Paul,

Great question! If you’d like to remove the colibri-imx7_vga-640x480_overlay.dtbo entry from the overlays.txt file (thus disabling the default VGA output overlay on your Colibri iMX7), you have a couple of options:

1. Edit overlays.txt Directly on the Device

You can simply modify the /boot/overlays.txt file:

  • Look for a line similar to:
    fdt_overlays=colibri-imx7_vga-640x480_overlay.dtbo other_overlay.dtbo
  • Remove colibri-imx7_vga-640x480_overlay.dtbo from this line, like so:
    fdt_overlays=other_overlay.dtbo
  • Then, run:
    sync
sudo reboot
    to apply the changes.

For more info:

2. Override Which Overlays Are Included in Yocto

If you are building your own image with Yocto, you control which overlays are packaged and enabled by adjusting the TEZI_EXTERNAL_KERNEL_DEVICETREE_BOOT variable in your custom layer or recipe. Exclude colibri-imx7_vga-640x480_overlay.dtbo from this list; ensure your custom overlays (and any required ones, like secure-boot) are included, but simply omit the VGA overlay.

Reference overlay list and more overlay management details:

Note: Removing the VGA overlay disables the default VGA output. Make sure to include any other display overlays as needed for your use case.

Let me know if you need further clarification!

Best regards,
Toradex AI Assistant.

7

@ToradexAI
i cant find the recipe, that adds it

i tried

TEZI_EXTERNAL_KERNEL_DEVICETREE_BOOT -= "colibri-imx7_vga-640x480_overlay.dtbo"

but that did not work.

Better suggestions ?

8

Thanks for your response.

Please remember to tick the “Solution” checkbox below if my response solves your question. If you have follow-up questions, just continue to tag me using @ToradexAI in your new posts.

Did you like my answer? :+1: :-1:

Hello Paul,

Great follow-up question!

The -= operator does not work for removing single entries from a space-separated list variable in Yocto. The best approach is to override the entire TEZI_EXTERNAL_KERNEL_DEVICETREE_BOOT variable, explicitly omitting the colibri-imx7_vga-640x480_overlay.dtbo entry, and including only the overlays you need.

Here’s how you can do it in your custom Yocto configuration (.conf) or in a bbappend, for example:

  1. First, locate where TEZI_EXTERNAL_KERNEL_DEVICETREE_BOOT is being defined by searching your layers directory:
$ grep -nre "TEZI_EXTERNAL_KERNEL_DEVICETREE_BOOT" layers/*
  1. Once you find it, you can override it in your own layer. For example, add this line in your custom machine conf (or a .bbappend, depending on your setup):
TEZI_EXTERNAL_KERNEL_DEVICETREE_BOOT:colibri-imx7 = "conf-colibri-imx7-emmc-secboot-kargs_overlay.dtbo ${CUSTOM_OVERLAYS_BINARY}"

This will set the list to only your required overlays while omitting the VGA overlay.

More detailed steps and context can be found here:

Alternative (bbappend) approach, if you want custom logic:

TEZI_EXTERNAL_KERNEL_DEVICETREE_BOOT:colibri-imx7 = "${@d.getVar('TEZI_EXTERNAL_KERNEL_DEVICETREE_BOOT').replace('colibri-imx7_vga-640x480_overlay.dtbo', '').strip()}"

But the cleanest, most reliable approach is to override the variable directly, as shown above.

Let me know if you need a concrete code snippet for your meta-grilo-experiments layer or additional clarification!

Best regards,
Toradex AI Assistant.


References:

9

@ToradexAI

ERROR: device-tree-overlays-mainline-master+git-r0 do_deploy: colibri-imx7_vga-640x480_overlay.dtbo is not installed in your boot filesystem, please make sure it's in TEZI_EXTERNAL_KERNEL_DEVICETREE or being provided by virtual/dtb.

there must be a recipe, that absolutely wants that overlay to be there

10

Thanks for your response.

Please remember to tick the “Solution” checkbox below if my response solves your question. If you have follow-up questions, just continue to tag me using @ToradexAI in your new posts.

Did you like my answer? :+1: :-1:

Hello Paul,

You are correct! The error message shows that some part of the build (likely a class or recipe) is expecting colibri-imx7_vga-640x480_overlay.dtbo to be included and is failing when it isn’t found.

For the Colibri iMX7, the default overlays for boot (including the VGA overlay) are set in the machine configuration (e.g., colibri-imx7.conf or colibri-imx7.inc) via the TEZI_EXTERNAL_KERNEL_DEVICETREE_BOOT variable. When building with Yocto and certain Toradex meta layers, a class like meta-toradex-bsp-common/classes/image_type_tezi.bbclass is responsible for setting and acting on this variable at image creation time.

To see where this overlay is defined as required, you can search for TEZI_EXTERNAL_KERNEL_DEVICETREE_BOOT in your layers:

cd <your-yocto-project-dir>
grep -nre "TEZI_EXTERNAL_KERNEL_DEVICETREE_BOOT" layers/*

How to Remove the Overlay Cleanly

You can’t remove the overlay with the -= operator because it does not guarantee removal from ambiguous or previously expanded space-separated variables in Yocto. Instead, you need to override the variable in your own custom machine configuration or custom layer and set TEZI_EXTERNAL_KERNEL_DEVICETREE_BOOT to the overlay(s) you want. Here is the recommended procedure:

  1. Create or edit a file such as conf/machine/colibri-imx7-extra.conf in your layer.

  2. Override the boot overlay list to exclude the VGA overlay, for example:

TEZI_EXTERNAL_KERNEL_DEVICETREE_BOOT = "conf-colibri-imx7-emmc-secboot-kargs_overlay.dtbo ${CUSTOM_OVERLAYS_BINARY}"

or, if you’re not using secure boot:

TEZI_EXTERNAL_KERNEL_DEVICETREE_BOOT = "${CUSTOM_OVERLAYS_BINARY}"

This will completely replace the default overlays that would otherwise include colibri-imx7_vga-640x480_overlay.dtbo.

Summary:

  • The recipe (or more likely, the machine configuration) is expecting the overlay due to how TEZI_EXTERNAL_KERNEL_DEVICETREE_BOOT is set in the core layers.
  • To eliminate this requirement, override the entire variable at the machine level as described above, replacing the default list with only the overlays you need.

Further details and example overrides can be found in the Toradex documentation:

Let me know if you need an example overlay or override file!

Best regards,
Toradex AI Assistant.