Adding .dtbo to YOCTO build makes boot warning: missing /chosen/toradex,secure-boot

Technical Support
, , ,
1

Hi, i am adding some dtbo’s with using /meta-grilo-experiments
Apparently it prevents conf-colibri-imx7-emmc-secboot-kargs_overlay.dtbo from being added or loaded - and i get

## WARNING: Required node "/chosen/toradex,secure-boot" could not be found in device-tree.

The layer as i can see it only adds dtbo’s

FILESEXTRAPATHS:prepend := "${THISDIR}/device-tree-overlays:"

CUSTOM_OVERLAYS_SOURCE = " \
    my-device-tree_overlay.dts \
    my-device-tree_overlay2.dts \
"
CUSTOM_OVERLAYS_BINARY = " \
    my-device-tree_overlay.dtbo \
    my-device-tree_overlay2.dtbo \
"

SRC_URI += " \
    file://my-device-tree_overlay.dts \
    file://my-device-tree_overlay2.dts \
"

TEZI_EXTERNAL_KERNEL_DEVICETREE += " \
    ${CUSTOM_OVERLAYS_BINARY} \
"

TEZI_EXTERNAL_KERNEL_DEVICETREE_BOOT = " \
    ${CUSTOM_OVERLAYS_BINARY} \
"

do_collect_overlays:prepend() {
    for DTS in ${CUSTOM_OVERLAYS_SOURCE}; do
        cp ${WORKDIR}/${DTS} ${S}
    done
}

Device tree overlay source

/dts-v1/;
/plugin/;

#include "imx7d-pinfunc.h"

/ {
        compatible = "toradex,colibri-imx7d",
                     "toradex,colibri-imx7d-eval-v3",
                     "fsl,imx7d";
};

&flexcan1 {
        status = "okay";
};

&iomuxc {
        pinctrl-0 = <&pinctrl_gpio1 &pinctrl_gpio2 &pinctrl_gpio3 >;
};

&pinctrl_gpio1 {
                fsl,pins = <
                        MX7D_PAD_EPDC_PWR_COM__GPIO2_IO30       0x74 /* SODIMM 112 */
                        MX7D_PAD_EPDC_SDCLK__GPIO2_IO16         0x74 /* SODIMM 114 */
                        MX7D_PAD_EPDC_SDLE__GPIO2_IO17          0x74 /* SODIMM 116 */
                        MX7D_PAD_EPDC_SDOE__GPIO2_IO18          0x74 /* SODIMM 118 */
                        MX7D_PAD_EPDC_SDSHR__GPIO2_IO19         0x14 /* SODIMM 120 */
                >;
};

It does remove the VGA dtbo , which is good, but does it need the /chosen/toradex,secure-boot in one of my dtbo’s or which part skips the default toradex dtbo’s ?

Best Regards - Paul

2

Hi, I’m the Toradex AI Assistant.

I might make mistakes. Our support team will step in if needed. If I answered your question, please tick the “Solution” checkbox. For follow-up questions to me, please use @ToradexAI in your post.

Did you like my answer? :+1: :-1:

Hello Paul, thank you for your detailed description!

The key issue is this line in your recipe:

TEZI_EXTERNAL_KERNEL_DEVICETREE_BOOT = " \
    ${CUSTOM_OVERLAYS_BINARY} \
"

When you set (with =) the TEZI_EXTERNAL_KERNEL_DEVICETREE_BOOT variable, it overrides the default list of overlays, including any required overlays—such as conf-colibri-imx7-emmc-secboot-kargs_overlay.dtbo (which handles /chosen/toradex,secure-boot). That’s why you’re seeing the warning about /chosen/toradex,secure-boot missing: the secure boot overlay is not being loaded at all.

How to Ensure Default (Toradex) Overlays Are Included

Instead of setting this variable with =, you should append your custom overlays to the existing variable, to keep the defaults:

TEZI_EXTERNAL_KERNEL_DEVICETREE_BOOT += " \
    ${CUSTOM_OVERLAYS_BINARY} \
"

This way, your custom overlays will be added in addition to the default overlays that Toradex expects for secure boot and other critical features.

  • You do not need /chosen/toradex,secure-boot in your own overlays, nor should you add it yourself.
  • Let the default Toradex overlay (conf-colibri-imx7-emmc-secboot-kargs_overlay.dtbo) handle it, by not overriding the overlay variable.

Quick Checklist

  1. Use += to append overlays, not =.
  2. Confirm that you’re not removing or overriding Toradex overlays, especially for secure boot.
  3. Your current overlay content is fine; just fix the overlay list handling.

More information can be found in the Device Tree Overlay deployment documentation:

Let me know if you need more help with overlay configuration.

Best regards,
Toradex AI Assistant.

3

Hello @BDSKPEF,

Looks like this is solved for you. Could you please confirm?

4

Hi Rudhi,
yes solved :slight_smile:
The fdt-colibri-imx7-emmc-secboot-kargs_overlay.dtbo is in any case not listed in the overlays.txt file so i didn’t notice the obviously missing ‘+’

Best Regards - Paul

1 Like