[isar-cip-core][PATCH] efibootguard: Consolidate signed bootloader partitions in common include


Jan Kiszka
 

From: Jan Kiszka <jan.kiszka@...>

Model ebg-signed-sysparts.inc analogously to ebg-sysparts.inc because
both in-tree users share already the configuration and kernel partition
entries, and that is also generally expected from downstream users.

Reported-by: Bao Cheng Su <baocheng.su@...>
Signed-off-by: Jan Kiszka <jan.kiszka@...>
---
wic/ebg-signed-bootloader.inc | 2 --
wic/ebg-signed-sysparts.inc | 8 ++++++++
wic/qemu-amd64-efibootguard-secureboot.wks.in | 7 +------
wic/qemu-arm64-efibootguard-secureboot.wks.in | 7 +------
4 files changed, 10 insertions(+), 14 deletions(-)
delete mode 100644 wic/ebg-signed-bootloader.inc
create mode 100644 wic/ebg-signed-sysparts.inc

diff --git a/wic/ebg-signed-bootloader.inc b/wic/ebg-signed-bootloader.inc
deleted file mode 100644
index 62ebca9..0000000
--- a/wic/ebg-signed-bootloader.inc
+++ /dev/null
@@ -1,2 +0,0 @@
-# EFI partition containing efibootguard bootloader binary
-part --source efibootguard-efi --size 16M --extra-space 0 --overhead-factor 1 --label efi --align 1024 --part-type=EF00 --active --sourceparams "signwith=/usr/bin/sign_secure_image.sh"
diff --git a/wic/ebg-signed-sysparts.inc b/wic/ebg-signed-sysparts.inc
new file mode 100644
index 0000000..2d4d0e3
--- /dev/null
+++ b/wic/ebg-signed-sysparts.inc
@@ -0,0 +1,8 @@
+# default partition layout EFI Boot Guard usage, signed version
+
+# EFI partition containing efibootguard bootloader binary
+part --source efibootguard-efi --size 16M --extra-space 0 --overhead-factor 1 --label efi --align 1024 --part-type=EF00 --active --sourceparams "signwith=/usr/bin/sign_secure_image.sh"
+
+# EFI Boot Guard environment/config partitions plus Kernel files
+part --source efibootguard-boot --size 32M --extra-space 0 --overhead-factor 1 --label BOOT0 --align 1024 --part-type=0700 --sourceparams "revision=2,signwith=/usr/bin/sign_secure_image.sh"
+part --source efibootguard-boot --size 32M --extra-space 0 --overhead-factor 1 --label BOOT1 --align 1024 --part-type=0700 --sourceparams "revision=1,signwith=/usr/bin/sign_secure_image.sh"
diff --git a/wic/qemu-amd64-efibootguard-secureboot.wks.in b/wic/qemu-amd64-efibootguard-secureboot.wks.in
index 4a0e987..e097eac 100644
--- a/wic/qemu-amd64-efibootguard-secureboot.wks.in
+++ b/wic/qemu-amd64-efibootguard-secureboot.wks.in
@@ -1,9 +1,4 @@
-# EFI partition containing efibootguard bootloader binary
-include ebg-signed-bootloader.inc
-
-# EFI Boot Guard environment/config partitions plus Kernel files
-part --source efibootguard-boot --size 32M --extra-space 0 --overhead-factor 1 --label BOOT0 --align 1024 --part-type=0700 --sourceparams "revision=2,signwith=/usr/bin/sign_secure_image.sh"
-part --source efibootguard-boot --size 32M --extra-space 0 --overhead-factor 1 --label BOOT1 --align 1024 --part-type=0700 --sourceparams "revision=1,signwith=/usr/bin/sign_secure_image.sh"
+include ebg-signed-sysparts.inc

part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.${VERITY_IMAGE_TYPE}.verity.img" --align 1024 --fixed-size 1G --uuid "fedcba98-7654-3210-cafe-5e0710000001"
part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.${VERITY_IMAGE_TYPE}.verity.img" --align 1024 --fixed-size 1G --uuid "fedcba98-7654-3210-cafe-5e0710000002"
diff --git a/wic/qemu-arm64-efibootguard-secureboot.wks.in b/wic/qemu-arm64-efibootguard-secureboot.wks.in
index df6a9a1..b3bbed4 100644
--- a/wic/qemu-arm64-efibootguard-secureboot.wks.in
+++ b/wic/qemu-arm64-efibootguard-secureboot.wks.in
@@ -1,9 +1,4 @@
-# EFI partition containing efibootguard bootloader binary
-include ebg-signed-bootloader.inc
-
-# EFI Boot Guard environment/config partitions plus Kernel files
-part --source efibootguard-boot --size 32M --extra-space 0 --overhead-factor 1 --label BOOT0 --align 1024 --part-type=0700 --sourceparams "revision=2,signwith=/usr/bin/sign_secure_image.sh"
-part --source efibootguard-boot --size 32M --extra-space 0 --overhead-factor 1 --label BOOT1 --align 1024 --part-type=0700 --sourceparams "revision=1,signwith=/usr/bin/sign_secure_image.sh"
+include ebg-signed-sysparts.inc

part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.${VERITY_IMAGE_TYPE}.verity.img" --align 1024 --fixed-size 1G --uuid "fedcba98-7654-3210-cafe-5e0710000001"
part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.${VERITY_IMAGE_TYPE}.verity.img" --align 1024 --fixed-size 1G --uuid "fedcba98-7654-3210-cafe-5e0710000002"
--
2.35.3