diff mbox series

[isar-cip-core,v2,1/2] kas: Remove efibootguard.yml

Message ID 20220804100409.163990-2-Quirin.Gylstorff@siemens.com (mailing list archive)
State Handled Elsewhere
Headers show
Series clean up kas/opt | expand

Commit Message

Quirin Gylstorff Aug. 4, 2022, 10:04 a.m. UTC
From: Quirin Gylstorff <quirin.gylstorff@siemens.com>

A build with only the option `kas/efibootguard.yml` will not succeed.
Move the content to a include in the image directory and the adapt the kas
files.

Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
---
 kas/opt/ebg-secure-boot-snakeoil.yml |  9 +++----
 kas/opt/ebg-swu.yml                  |  7 ++---
 kas/opt/efibootguard.yml             | 39 ----------------------------
 recipes-core/images/efibootguard.inc | 28 ++++++++++++++++++++
 4 files changed, 36 insertions(+), 47 deletions(-)
 delete mode 100644 kas/opt/efibootguard.yml
 create mode 100644 recipes-core/images/efibootguard.inc

Comments

Jan Kiszka Aug. 5, 2022, 10:34 a.m. UTC | #1
On 04.08.22 12:04, Quirin Gylstorff wrote:
> From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
> 
> A build with only the option `kas/efibootguard.yml` will not succeed.
> Move the content to a include in the image directory and the adapt the kas
> files.
> 
> Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
> ---
>  kas/opt/ebg-secure-boot-snakeoil.yml |  9 +++----
>  kas/opt/ebg-swu.yml                  |  7 ++---
>  kas/opt/efibootguard.yml             | 39 ----------------------------
>  recipes-core/images/efibootguard.inc | 28 ++++++++++++++++++++
>  4 files changed, 36 insertions(+), 47 deletions(-)
>  delete mode 100644 kas/opt/efibootguard.yml
>  create mode 100644 recipes-core/images/efibootguard.inc
> 
> diff --git a/kas/opt/ebg-secure-boot-snakeoil.yml b/kas/opt/ebg-secure-boot-snakeoil.yml
> index 2822cef..0791ea3 100644
> --- a/kas/opt/ebg-secure-boot-snakeoil.yml
> +++ b/kas/opt/ebg-secure-boot-snakeoil.yml
> @@ -11,16 +11,15 @@
>  
>  header:
>    version: 10
> -  includes:
> -   - kas/opt/efibootguard.yml
>  
>  local_conf_header:
> -  image-options-swupdate: |
> -    CIP_IMAGE_OPTIONS_append = " swupdate.inc"
> +  ebg_secureboot_bootloader: |
> +    SWUPDATE_BOOTLOADER = "efibootguard"
>  
> -  swupdate: |
> +  image-options-swupdate: |
>      IMAGE_INSTALL_append = " swupdate"
>      IMAGE_INSTALL_append = " swupdate-handler-roundrobin"
> +    CIP_IMAGE_OPTIONS_append = " swupdate.inc efibootguard.inc"
>  
>    secure-boot-image: |
>      IMAGE_CLASSES += "verity"
> diff --git a/kas/opt/ebg-swu.yml b/kas/opt/ebg-swu.yml
> index 5e4e771..9c50358 100644
> --- a/kas/opt/ebg-swu.yml
> +++ b/kas/opt/ebg-swu.yml
> @@ -12,12 +12,13 @@
>  header:
>    version: 10
>    includes:
> -   - kas/opt/efibootguard.yml
>     - kas/opt/swupdate.yml
>  
>  local_conf_header:
> +  ebg_swu_bootloader: |
> +    SWUPDATE_BOOTLOADER = "efibootguard"
> +  ebg_swu_image_options: |
> +    CIP_IMAGE_OPTIONS_append = " efibootguard.inc image-uuid.inc"
>    initramfs: |
>      INITRAMFS_INSTALL_append = " initramfs-abrootfs-hook"
>  
> -  image-option-uuid: |
> -    CIP_IMAGE_OPTIONS_append = " image-uuid.inc"
> diff --git a/kas/opt/efibootguard.yml b/kas/opt/efibootguard.yml
> deleted file mode 100644
> index cee9c78..0000000
> --- a/kas/opt/efibootguard.yml
> +++ /dev/null
> @@ -1,39 +0,0 @@
> -#
> -# CIP Core, generic profile
> -#
> -# Copyright (c) Siemens AG, 2020
> -#
> -# Authors:
> -#  Quirin Gylstorff <quirin.gylstorff@siemens.com>
> -#
> -# SPDX-License-Identifier: MIT
> -#
> -# This kas file adds efibootguard as the bootloader to the image
> -
> -header:
> -  version: 10
> -
> -local_conf_header:
> -  efibootguard: |
> -    IMAGE_INSTALL_append = " efibootguard"
> -
> -  efibootguard-swupdate: |
> -    SWUPDATE_BOOTLOADER = "efibootguard"
> -
> -  efibootguard-wic: |
> -    WIC_IMAGER_INSTALL_append = " efibootguard"
> -    WDOG_TIMEOUT ?= "60"
> -    WICVARS += "WDOG_TIMEOUT KERNEL_IMAGE INITRD_IMAGE DTB_FILES"
> -    IMAGE_FSTYPES ?= "wic"
> -    WKS_FILE ?= "${MACHINE}-efibootguard.wks.in"
> -
> -  firmware-binaries: |
> -    # Add ovmf binaries for qemu
> -    IMAGER_BUILD_DEPS_append_qemu-amd64 += "ovmf-binaries"
> -    # not needed for Debian 11 and later
> -    OVERRIDES_append_qemu-amd64 = ":${BASE_DISTRO_CODENAME}"
> -    DISTRO_APT_SOURCES_append_qemu-amd64_buster = " conf/distro/debian-buster-backports.list"
> -    DISTRO_APT_PREFERENCES_append_qemu-amd64_buster = " conf/distro/preferences.ovmf-snakeoil.conf"
> -    # Add U-Boot for qemu
> -    IMAGER_BUILD_DEPS_append_qemu-arm64 += "u-boot-qemu-arm64"
> -    IMAGER_BUILD_DEPS_append_qemu-arm += "u-boot-qemu-arm"
> diff --git a/recipes-core/images/efibootguard.inc b/recipes-core/images/efibootguard.inc
> new file mode 100644
> index 0000000..fc3879f
> --- /dev/null
> +++ b/recipes-core/images/efibootguard.inc
> @@ -0,0 +1,28 @@
> +#
> +# CIP Core, generic profile
> +#
> +# Copyright (c) Siemens AG, 2020
> +#
> +# Authors:
> +#  Quirin Gylstorff <quirin.gylstorff@siemens.com>
> +#
> +# SPDX-License-Identifier: MIT
> +#
> +
> +IMAGE_INSTALL_append = " efibootguard"
> +
> +WIC_IMAGER_INSTALL_append = " efibootguard"
> +WDOG_TIMEOUT ?= "60"
> +WICVARS += "WDOG_TIMEOUT KERNEL_IMAGE INITRD_IMAGE DTB_FILES"
> +WKS_FILE = "${MACHINE}-efibootguard.wks.in"
> +IMAGE_FSTYPES += "wic"
> +
> +# Add ovmf binaries for qemu
> +IMAGER_BUILD_DEPS_append_qemu-amd64 += "ovmf-binaries"
> +# not needed for Debian 11 and later
> +OVERRIDES_append_qemu-amd64 = ":${BASE_DISTRO_CODENAME}"
> +DISTRO_APT_SOURCES_append_qemu-amd64_buster = " conf/distro/debian-buster-backports.list"
> +DISTRO_APT_PREFERENCES_append_qemu-amd64_buster = " conf/distro/preferences.ovmf-snakeoil.conf"
> +# Add U-Boot for qemu
> +IMAGER_BUILD_DEPS_append_qemu-arm64 += "u-boot-qemu-arm64"
> +IMAGER_BUILD_DEPS_append_qemu-arm += "u-boot-qemu-arm"

Still breaks qemu-arm64 secure boot config, probably the U-Boot build
for that. Try to boot the image and you will see the error.

Jan
diff mbox series

Patch

diff --git a/kas/opt/ebg-secure-boot-snakeoil.yml b/kas/opt/ebg-secure-boot-snakeoil.yml
index 2822cef..0791ea3 100644
--- a/kas/opt/ebg-secure-boot-snakeoil.yml
+++ b/kas/opt/ebg-secure-boot-snakeoil.yml
@@ -11,16 +11,15 @@ 
 
 header:
   version: 10
-  includes:
-   - kas/opt/efibootguard.yml
 
 local_conf_header:
-  image-options-swupdate: |
-    CIP_IMAGE_OPTIONS_append = " swupdate.inc"
+  ebg_secureboot_bootloader: |
+    SWUPDATE_BOOTLOADER = "efibootguard"
 
-  swupdate: |
+  image-options-swupdate: |
     IMAGE_INSTALL_append = " swupdate"
     IMAGE_INSTALL_append = " swupdate-handler-roundrobin"
+    CIP_IMAGE_OPTIONS_append = " swupdate.inc efibootguard.inc"
 
   secure-boot-image: |
     IMAGE_CLASSES += "verity"
diff --git a/kas/opt/ebg-swu.yml b/kas/opt/ebg-swu.yml
index 5e4e771..9c50358 100644
--- a/kas/opt/ebg-swu.yml
+++ b/kas/opt/ebg-swu.yml
@@ -12,12 +12,13 @@ 
 header:
   version: 10
   includes:
-   - kas/opt/efibootguard.yml
    - kas/opt/swupdate.yml
 
 local_conf_header:
+  ebg_swu_bootloader: |
+    SWUPDATE_BOOTLOADER = "efibootguard"
+  ebg_swu_image_options: |
+    CIP_IMAGE_OPTIONS_append = " efibootguard.inc image-uuid.inc"
   initramfs: |
     INITRAMFS_INSTALL_append = " initramfs-abrootfs-hook"
 
-  image-option-uuid: |
-    CIP_IMAGE_OPTIONS_append = " image-uuid.inc"
diff --git a/kas/opt/efibootguard.yml b/kas/opt/efibootguard.yml
deleted file mode 100644
index cee9c78..0000000
--- a/kas/opt/efibootguard.yml
+++ /dev/null
@@ -1,39 +0,0 @@ 
-#
-# CIP Core, generic profile
-#
-# Copyright (c) Siemens AG, 2020
-#
-# Authors:
-#  Quirin Gylstorff <quirin.gylstorff@siemens.com>
-#
-# SPDX-License-Identifier: MIT
-#
-# This kas file adds efibootguard as the bootloader to the image
-
-header:
-  version: 10
-
-local_conf_header:
-  efibootguard: |
-    IMAGE_INSTALL_append = " efibootguard"
-
-  efibootguard-swupdate: |
-    SWUPDATE_BOOTLOADER = "efibootguard"
-
-  efibootguard-wic: |
-    WIC_IMAGER_INSTALL_append = " efibootguard"
-    WDOG_TIMEOUT ?= "60"
-    WICVARS += "WDOG_TIMEOUT KERNEL_IMAGE INITRD_IMAGE DTB_FILES"
-    IMAGE_FSTYPES ?= "wic"
-    WKS_FILE ?= "${MACHINE}-efibootguard.wks.in"
-
-  firmware-binaries: |
-    # Add ovmf binaries for qemu
-    IMAGER_BUILD_DEPS_append_qemu-amd64 += "ovmf-binaries"
-    # not needed for Debian 11 and later
-    OVERRIDES_append_qemu-amd64 = ":${BASE_DISTRO_CODENAME}"
-    DISTRO_APT_SOURCES_append_qemu-amd64_buster = " conf/distro/debian-buster-backports.list"
-    DISTRO_APT_PREFERENCES_append_qemu-amd64_buster = " conf/distro/preferences.ovmf-snakeoil.conf"
-    # Add U-Boot for qemu
-    IMAGER_BUILD_DEPS_append_qemu-arm64 += "u-boot-qemu-arm64"
-    IMAGER_BUILD_DEPS_append_qemu-arm += "u-boot-qemu-arm"
diff --git a/recipes-core/images/efibootguard.inc b/recipes-core/images/efibootguard.inc
new file mode 100644
index 0000000..fc3879f
--- /dev/null
+++ b/recipes-core/images/efibootguard.inc
@@ -0,0 +1,28 @@ 
+#
+# CIP Core, generic profile
+#
+# Copyright (c) Siemens AG, 2020
+#
+# Authors:
+#  Quirin Gylstorff <quirin.gylstorff@siemens.com>
+#
+# SPDX-License-Identifier: MIT
+#
+
+IMAGE_INSTALL_append = " efibootguard"
+
+WIC_IMAGER_INSTALL_append = " efibootguard"
+WDOG_TIMEOUT ?= "60"
+WICVARS += "WDOG_TIMEOUT KERNEL_IMAGE INITRD_IMAGE DTB_FILES"
+WKS_FILE = "${MACHINE}-efibootguard.wks.in"
+IMAGE_FSTYPES += "wic"
+
+# Add ovmf binaries for qemu
+IMAGER_BUILD_DEPS_append_qemu-amd64 += "ovmf-binaries"
+# not needed for Debian 11 and later
+OVERRIDES_append_qemu-amd64 = ":${BASE_DISTRO_CODENAME}"
+DISTRO_APT_SOURCES_append_qemu-amd64_buster = " conf/distro/debian-buster-backports.list"
+DISTRO_APT_PREFERENCES_append_qemu-amd64_buster = " conf/distro/preferences.ovmf-snakeoil.conf"
+# Add U-Boot for qemu
+IMAGER_BUILD_DEPS_append_qemu-arm64 += "u-boot-qemu-arm64"
+IMAGER_BUILD_DEPS_append_qemu-arm += "u-boot-qemu-arm"