We've our own non-yocto openssl that we want to use.  At the moment, we're using "sato" image, rather than "minimal" and includes its openssl that is out-of-date.  What is the best way to exclude it from our image (and from sysroots)?

We have thought about two ideas -

1. Use smaller image like core-image-base, or core-image-full-cmdline (but not -minimal that may remove too much functionality).
2. Use INSTALL_IMAGE_remove += " openssl"

Would either one work?  Also, how do I follow the .bb files etc (e.g. starting from the one for sato) to trace down which sub-package includes openssl?

Thanks,

Raymond