Re: [isar-cip-core PATCH v3 4/6] secure-boot: Add secure boot with unified kernel image

Home Messages Hashtags Subgroups

#5050

Re: [isar-cip-core PATCH v3 4/6] secure-boot: Add secure boot with unified kernel image

Jan Kiszka #5050 On 24.07.20 17:01, Quirin Gylstorff wrote: From: Quirin Gylstorff <quirin.gylstorff@...> A unified kernel image contains the os-release, kernel, kernel commandline, initramfs and efi-stub in one binary. This binary can be boot by systemd-boot and efibootguard. It also allows to sign kernel and initramfs as one packages. Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...> ... diff --git a/start-qemu.sh b/start-qemu.sh index 49f0266..74d1b54 100755 --- a/start-qemu.sh +++ b/start-qemu.sh @@ -15,6 +15,8 @@ usage() echo "Usage: $0 ARCHITECTURE [QEMU_OPTIONS]" echo -e "\nSet QEMU_PATH environment variable to use a locally " \ "built QEMU version" + echo -e "\nSet SECURE_BOOT environment variable to boot a secure boot environment " \ + "This environment also needs the variables OVMF_VARS and OVMF_CODE set" exit 1 } @@ -22,17 +24,25 @@ if [ -n "${QEMU_PATH}" ]; then QEMU_PATH="${QEMU_PATH}/" fi +if [ -z "${DISTRO_RELEASE}" ]; then + DISTRO_RELEASE="buster" +fi +if [ -z "${TARGET_IMAGE}" ];then + TARGET_IMAGE="cip-core-image" +fi + case "$1" in x86\|x86_64\|amd64) DISTRO_ARCH=amd64 QEMU=qemu-system-x86_64 QEMU_EXTRA_ARGS=" \ - -cpu host -smp 4 \ - -enable-kvm -machine q35 \ + -cpu qemu64 \ + -smp 4 \ + -machine q35,accel=kvm:tcg \ -device ide-hd,drive=disk \ -device virtio-net-pci,netdev=net" KERNEL_CMDLINE=" \ - root=/dev/sda vga=0x305 console=ttyS0" + root=/dev/sda vga=0x305" ;; arm64\|aarch64) DISTRO_ARCH=arm64 @@ -71,21 +81,41 @@ case "$1" in ;; esac -if [ -z "${DISTRO_RELEASE}" ]; then - DISTRO_RELEASE="buster" -fi - -IMAGE_PREFIX="$(dirname $0)/build/tmp/deploy/images/qemu-${DISTRO_ARCH}/cip-core-image-cip-core-${DISTRO_RELEASE}-qemu-${DISTRO_ARCH}" -IMAGE_FILE=$(ls ${IMAGE_PREFIX}.ext4.img) +IMAGE_PREFIX="$(dirname $0)/build/tmp/deploy/images/qemu-${DISTRO_ARCH}/${TARGET_IMAGE}-cip-core-${DISTRO_RELEASE}-qemu-${DISTRO_ARCH}" if [ -z "${DISPLAY}" ]; then QEMU_EXTRA_ARGS="${QEMU_EXTRA_ARGS} -nographic" + case "$1" in + x86\|x86_64\|amd64) + KERNEL_CMDLINE="${KERNEL_CMDLINE} console=ttyS0" + esac +fi + + + +if [ -n "SECURE_BOOT" ]; then + ovmf_code=${OVMF_CODE:-/usr/share/OVMF/OVMF_CODE.secboot.fd} + ovmf_vars=${OVMF_VARS:-./OVMF_VARS.fd} + QEMU_EXTRA_ARGS=" \ + ${QEMU_EXTRA_ARGS} \ + -global ICH9-LPC.disable_s3=1 \ + -global isa-fdc.driveA= \ + " Looks like someone fell asleep on the tab key - please indent more reasonably. + BOOT_FILES="-drive if=pflash,format=raw,unit=0,readonly=on,file=${ovmf_code} \ + -drive if=pflash,format=raw,file=${ovmf_vars} \ + -drive file=${IMAGE_PREFIX}.wic.img,discard=unmap,if=none,id=disk,format=raw" +else + IMAGE_FILE=$(ls ${IMAGE_PREFIX}.ext4.img) + + KERNEL_FILE=$(ls ${IMAGE_PREFIX}-vmlinuz* \| tail -1) + INITRD_FILE=$(ls ${IMAGE_PREFIX}-initrd.img* \| tail -1) + + BOOT_FILES=-kernel ${KERNEL_FILE} -append "${KERNEL_CMDLINE}" \ + -initrd ${INITRD_FILE} fi shift 1 ${QEMU_PATH}${QEMU} \ - -drive file=${IMAGE_FILE},discard=unmap,if=none,id=disk,format=raw \ -m 1G -serial mon:stdio -netdev user,id=net \ - -kernel ${IMAGE_PREFIX}-vmlinuz -append "${KERNEL_CMDLINE}" \ - -initrd ${IMAGE_PREFIX}-initrd.img ${QEMU_EXTRA_ARGS} "$@" + ${BOOT_FILES} ${QEMU_EXTRA_ARGS} "$@" This file is in conflict with changes in next. Please rebase. Jan -- Siemens AG, Corporate Technology, CT RDA IOT SES-DE Corporate Competence Center Embedded Linux
More All Messages By This Member

View All 2 Messages In Topic

#5050

Join cip-dev@lists.cip-project.org to automatically receive all group messages.

Home Hashtags Subgroups Terms