Re: [isar-cip-core][PATCH v2 1/2] kas: Remove efibootguard.yml


Jan Kiszka
 

On 04.08.22 12:04, Quirin Gylstorff wrote:
From: Quirin Gylstorff <quirin.gylstorff@...>

A build with only the option `kas/efibootguard.yml` will not succeed.
Move the content to a include in the image directory and the adapt the kas
files.

Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
---
kas/opt/ebg-secure-boot-snakeoil.yml | 9 +++----
kas/opt/ebg-swu.yml | 7 ++---
kas/opt/efibootguard.yml | 39 ----------------------------
recipes-core/images/efibootguard.inc | 28 ++++++++++++++++++++
4 files changed, 36 insertions(+), 47 deletions(-)
delete mode 100644 kas/opt/efibootguard.yml
create mode 100644 recipes-core/images/efibootguard.inc

diff --git a/kas/opt/ebg-secure-boot-snakeoil.yml b/kas/opt/ebg-secure-boot-snakeoil.yml
index 2822cef..0791ea3 100644
--- a/kas/opt/ebg-secure-boot-snakeoil.yml
+++ b/kas/opt/ebg-secure-boot-snakeoil.yml
@@ -11,16 +11,15 @@

header:
version: 10
- includes:
- - kas/opt/efibootguard.yml

local_conf_header:
- image-options-swupdate: |
- CIP_IMAGE_OPTIONS_append = " swupdate.inc"
+ ebg_secureboot_bootloader: |
+ SWUPDATE_BOOTLOADER = "efibootguard"

- swupdate: |
+ image-options-swupdate: |
IMAGE_INSTALL_append = " swupdate"
IMAGE_INSTALL_append = " swupdate-handler-roundrobin"
+ CIP_IMAGE_OPTIONS_append = " swupdate.inc efibootguard.inc"

secure-boot-image: |
IMAGE_CLASSES += "verity"
diff --git a/kas/opt/ebg-swu.yml b/kas/opt/ebg-swu.yml
index 5e4e771..9c50358 100644
--- a/kas/opt/ebg-swu.yml
+++ b/kas/opt/ebg-swu.yml
@@ -12,12 +12,13 @@
header:
version: 10
includes:
- - kas/opt/efibootguard.yml
- kas/opt/swupdate.yml

local_conf_header:
+ ebg_swu_bootloader: |
+ SWUPDATE_BOOTLOADER = "efibootguard"
+ ebg_swu_image_options: |
+ CIP_IMAGE_OPTIONS_append = " efibootguard.inc image-uuid.inc"
initramfs: |
INITRAMFS_INSTALL_append = " initramfs-abrootfs-hook"

- image-option-uuid: |
- CIP_IMAGE_OPTIONS_append = " image-uuid.inc"
diff --git a/kas/opt/efibootguard.yml b/kas/opt/efibootguard.yml
deleted file mode 100644
index cee9c78..0000000
--- a/kas/opt/efibootguard.yml
+++ /dev/null
@@ -1,39 +0,0 @@
-#
-# CIP Core, generic profile
-#
-# Copyright (c) Siemens AG, 2020
-#
-# Authors:
-# Quirin Gylstorff <quirin.gylstorff@...>
-#
-# SPDX-License-Identifier: MIT
-#
-# This kas file adds efibootguard as the bootloader to the image
-
-header:
- version: 10
-
-local_conf_header:
- efibootguard: |
- IMAGE_INSTALL_append = " efibootguard"
-
- efibootguard-swupdate: |
- SWUPDATE_BOOTLOADER = "efibootguard"
-
- efibootguard-wic: |
- WIC_IMAGER_INSTALL_append = " efibootguard"
- WDOG_TIMEOUT ?= "60"
- WICVARS += "WDOG_TIMEOUT KERNEL_IMAGE INITRD_IMAGE DTB_FILES"
- IMAGE_FSTYPES ?= "wic"
- WKS_FILE ?= "${MACHINE}-efibootguard.wks.in"
-
- firmware-binaries: |
- # Add ovmf binaries for qemu
- IMAGER_BUILD_DEPS_append_qemu-amd64 += "ovmf-binaries"
- # not needed for Debian 11 and later
- OVERRIDES_append_qemu-amd64 = ":${BASE_DISTRO_CODENAME}"
- DISTRO_APT_SOURCES_append_qemu-amd64_buster = " conf/distro/debian-buster-backports.list"
- DISTRO_APT_PREFERENCES_append_qemu-amd64_buster = " conf/distro/preferences.ovmf-snakeoil.conf"
- # Add U-Boot for qemu
- IMAGER_BUILD_DEPS_append_qemu-arm64 += "u-boot-qemu-arm64"
- IMAGER_BUILD_DEPS_append_qemu-arm += "u-boot-qemu-arm"
diff --git a/recipes-core/images/efibootguard.inc b/recipes-core/images/efibootguard.inc
new file mode 100644
index 0000000..fc3879f
--- /dev/null
+++ b/recipes-core/images/efibootguard.inc
@@ -0,0 +1,28 @@
+#
+# CIP Core, generic profile
+#
+# Copyright (c) Siemens AG, 2020
+#
+# Authors:
+# Quirin Gylstorff <quirin.gylstorff@...>
+#
+# SPDX-License-Identifier: MIT
+#
+
+IMAGE_INSTALL_append = " efibootguard"
+
+WIC_IMAGER_INSTALL_append = " efibootguard"
+WDOG_TIMEOUT ?= "60"
+WICVARS += "WDOG_TIMEOUT KERNEL_IMAGE INITRD_IMAGE DTB_FILES"
+WKS_FILE = "${MACHINE}-efibootguard.wks.in"
+IMAGE_FSTYPES += "wic"
+
+# Add ovmf binaries for qemu
+IMAGER_BUILD_DEPS_append_qemu-amd64 += "ovmf-binaries"
+# not needed for Debian 11 and later
+OVERRIDES_append_qemu-amd64 = ":${BASE_DISTRO_CODENAME}"
+DISTRO_APT_SOURCES_append_qemu-amd64_buster = " conf/distro/debian-buster-backports.list"
+DISTRO_APT_PREFERENCES_append_qemu-amd64_buster = " conf/distro/preferences.ovmf-snakeoil.conf"
+# Add U-Boot for qemu
+IMAGER_BUILD_DEPS_append_qemu-arm64 += "u-boot-qemu-arm64"
+IMAGER_BUILD_DEPS_append_qemu-arm += "u-boot-qemu-arm"
Still breaks qemu-arm64 secure boot config, probably the U-Boot build
for that. Try to boot the image and you will see the error.

Jan

--
Siemens AG, Technology
Competence Center Embedded Linux

Join cip-dev@lists.cip-project.org to automatically receive all group messages.