mbox series

[isar-cip-core,0/3] Various fixes in SB workflow and docs

Message ID 20230523051846.1007400-1-felix.moessbauer@siemens.com (mailing list archive)
Headers show
Series Various fixes in SB workflow and docs | expand

Message

Felix Moessbauer May 23, 2023, 5:18 a.m. UTC
This series makes the provided example in README.secureboot.md working again.
However, there are still some aspects which need to be fixed in the future:

- Combination with SSTATE_CACHE: This might break the verity rootfs signature
- rebuild with different keys: The generated linux.efi is not updated
  and also the old linux.efi is put into the image. By that, the created image
  cannot be bootet.

Best regards,
Felix Moessbauer
Siemens Ltd. China

Felix Moessbauer (3):
  fix(start-efishell): argument passing to qemu
  docs(secureboot): fix logical issues in example
  docs(secureboot): make markdown better readable

 doc/README.secureboot.md  | 74 ++++++++++++++++++++++++++-------------
 scripts/start-efishell.sh |  9 +++--
 2 files changed, 56 insertions(+), 27 deletions(-)

Comments

Jan Kiszka May 27, 2023, 10:12 a.m. UTC | #1
On 23.05.23 07:18, Felix Moessbauer wrote:
> This series makes the provided example in README.secureboot.md working again.
> However, there are still some aspects which need to be fixed in the future:
> 
> - Combination with SSTATE_CACHE: This might break the verity rootfs signature
> - rebuild with different keys: The generated linux.efi is not updated
>   and also the old linux.efi is put into the image. By that, the created image
>   cannot be bootet.
> 
> Best regards,
> Felix Moessbauer
> Siemens Ltd. China
> 
> Felix Moessbauer (3):
>   fix(start-efishell): argument passing to qemu
>   docs(secureboot): fix logical issues in example
>   docs(secureboot): make markdown better readable
> 
>  doc/README.secureboot.md  | 74 ++++++++++++++++++++++++++-------------
>  scripts/start-efishell.sh |  9 +++--
>  2 files changed, 56 insertions(+), 27 deletions(-)
> 

Thanks, applied.

Jan