From: Quirin Gylstorff <quirin.gylstorff@...>
The kas files ebg-swu.yml and qemu-swupdate.yml overlap in
some cases. Clarify their use by moving all efibootguard related
configuration to efibootguard.yml. Configuration items corresponding
with SWUpdate are moved to swupdate.yml. The option swupdate.yml is
independent of the bootloader/cpu-architecture.
Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
---
doc/README.secureboot.md | 5 ++---
kas/opt/ebg-secure-boot-base.yml | 2 ++
kas/opt/{ebg-swu.yml => efibootguard.yml} | 12 ++++++------
kas/opt/{qemu-swupdate.yml => swupdate.yml} | 10 +++++++---
4 files changed, 17 insertions(+), 12 deletions(-)
rename kas/opt/{ebg-swu.yml => efibootguard.yml} (66%)
rename kas/opt/{qemu-swupdate.yml => swupdate.yml} (52%)
diff --git a/doc/README.secureboot.md b/doc/README.secureboot.md
index 0996edc..b5056f2 100644
--- a/doc/README.secureboot.md
+++ b/doc/README.secureboot.md
@@ -142,7 +142,7 @@ Build the image with a signed efibootguard and unified kernel image
with the snakeoil keys by executing:
```
-kas-container build kas-cip.yml:kas/board/qemu-amd64.yml:kas/opt/ebg-swu.yml:kas/opt/ebg-secure-boot-snakeoil.yml
+kas-container build kas-cip.yml:kas/board/qemu-amd64.yml:kas/opt/ebg-secure-boot-snakeoil.yml
```
For user-generated keys, create a new option file in the repository. This option file could look like this:
@@ -150,7 +150,6 @@ For user-generated keys, create a new option file in the repository. This option
header:
version: 10
includes:
- - kas/opt/ebg-swu.yml
- kas/opt/ebg-secure-boot-base.yml
local_conf_header:
@@ -169,7 +168,7 @@ need to stored in the folder `recipes-devtools/ebg-secure-boot-secrets/files`.
Build the image with user-generated keys by executing the command:
```
-kas-container build kas-cip.yml:kas/board/qemu-amd64.yml:kas/opt/ebg-swu.yml:<path to the new option>.yml
+kas-container build kas-cip.yml:kas/board/qemu-amd64.yml:<path to the new option>.yml
```
### Start the image
diff --git a/kas/opt/ebg-secure-boot-base.yml b/kas/opt/ebg-secure-boot-base.yml
index 30ca35a..35fb42e 100644
--- a/kas/opt/ebg-secure-boot-base.yml
+++ b/kas/opt/ebg-secure-boot-base.yml
@@ -11,6 +11,8 @@
header:
version: 10
+ includes:
+ - efibootguard.yml
local_conf_header:
initramfs: |
diff --git a/kas/opt/ebg-swu.yml b/kas/opt/efibootguard.yml
similarity index 66%
rename from kas/opt/ebg-swu.yml
rename to kas/opt/efibootguard.yml
index 63dda09..544c740 100644
--- a/kas/opt/ebg-swu.yml
+++ b/kas/opt/efibootguard.yml
@@ -8,19 +8,19 @@
#
# SPDX-License-Identifier: MIT
#
+# This kas file adds efibootguard as the bootloader to the image
header:
version: 10
local_conf_header:
- swupdate: |
- IMAGE_INSTALL_append = " swupdate efibootguard"
+ efibootguard: |
+ IMAGE_INSTALL_append = " efibootguard"
+
+ efibootguard-swupdate: |
SWUPDATE_BOOTLOADER = "efibootguard"
- efibootguard: |
+ efibootguard-wic: |
WDOG_TIMEOUT = "0"
WICVARS += "WDOG_TIMEOUT"
- wic: |
- IMAGE_TYPE = "wic-swu-img"
- WKS_FILE ?= "${MACHINE}-${SWUPDATE_BOOTLOADER}.wks"
diff --git a/kas/opt/qemu-swupdate.yml b/kas/opt/swupdate.yml
similarity index 52%
rename from kas/opt/qemu-swupdate.yml
rename to kas/opt/swupdate.yml
index daebd2c..e622972 100644
--- a/kas/opt/qemu-swupdate.yml
+++ b/kas/opt/swupdate.yml
@@ -8,12 +8,16 @@
#
# SPDX-License-Identifier: MIT
#
-
+# This kas file adds swupdate and generates a ${IMAGE_NAME}.swu
+# from the first wic partition
header:
version: 10
local_conf_header:
- qemu-wic: |
+ swupdate: |
+ IMAGE_INSTALL_append = " swupdate"
+
+ wic-swu: |
IMAGE_TYPE ?= "wic-swu-img"
- WKS_FILE = "qemu-amd64-${SWUPDATE_BOOTLOADER}.wks"
+ WKS_FILE = "${MACHINE}-${SWUPDATE_BOOTLOADER}.wks"
--
2.20.1
