mbox series

[isar-cip-core,RFC,0/2] Add Bootloader to Update binary

Message ID 20231206143528.1900797-1-Quirin.Gylstorff@siemens.com (mailing list archive)
Headers show
Series Add Bootloader to Update binary | expand

Message

Gylstorff Quirin Dec. 6, 2023, 2:33 p.m. UTC
From: Quirin Gylstorff <quirin.gylstorff@siemens.com>

This series adds the, possible signed, efibootguard binaries to the deploy dir
and adds them to swu file and sw-description to update the bootloader.

The new entry contains following information.
    {
            filename = "boot${SWU_EFI_ARCH}.efi"
            path = "EFI/BOOT/boot${SWU_EFI_ARCH}.efi";
            device = "/dev/disk/by-uuid/4321-DCBA";
            filesystem = "vfat";
            sha256 = "boot${SWU_EFI_ARCH}.efi-sha256";
    });

Should we always update the bootloader or should this be a optional
addition to the swu?

Quirin Gylstorff (2):
  efibootguard-efi.py: copy signed ebg binary to DEPLOY_DIR
  swupdate.bbclass: Add boot<ARCH>.efi to swu

 classes/swupdate.bbclass                       | 18 +++++++++++++++---
 recipes-core/images/swu/sw-description.tmpl    |  7 +++++++
 .../lib/wic/plugins/source/efibootguard-efi.py | 13 +++++++++++++
 3 files changed, 35 insertions(+), 3 deletions(-)

Comments

Jan Kiszka Dec. 7, 2023, 12:09 a.m. UTC | #1
On 06.12.23 22:33, Quirin Gylstorff wrote:
> From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
> 
> This series adds the, possible signed, efibootguard binaries to the deploy dir
> and adds them to swu file and sw-description to update the bootloader.
> 
> The new entry contains following information.
>     {
>             filename = "boot${SWU_EFI_ARCH}.efi"
>             path = "EFI/BOOT/boot${SWU_EFI_ARCH}.efi";
>             device = "/dev/disk/by-uuid/4321-DCBA";
>             filesystem = "vfat";
>             sha256 = "boot${SWU_EFI_ARCH}.efi-sha256";
>     });
> 
> Should we always update the bootloader or should this be a optional
> addition to the swu?
> 

This should not be the default as the EFI Boot Guard is a single point
of failure. Updating it should only ever be considered if the
consequences of not doing that would be worse than the risk of leaving
devices bricked behind.

Jan
Felix Moessbauer Dec. 7, 2023, 5:23 a.m. UTC | #2
On Thu, 2023-12-07 at 09:09 +0900, Jan Kiszka wrote:
> On 06.12.23 22:33, Quirin Gylstorff wrote:
> > From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
> > 
> > This series adds the, possible signed, efibootguard binaries to the
> > deploy dir
> > and adds them to swu file and sw-description to update the
> > bootloader.
> > 
> > The new entry contains following information.
> >     {
> >             filename = "boot${SWU_EFI_ARCH}.efi"
> >             path = "EFI/BOOT/boot${SWU_EFI_ARCH}.efi";
> >             device = "/dev/disk/by-uuid/4321-DCBA";
> >             filesystem = "vfat";
> >             sha256 = "boot${SWU_EFI_ARCH}.efi-sha256";
> >     });
> > 
> > Should we always update the bootloader or should this be a optional
> > addition to the swu?
> > 
> 
> This should not be the default as the EFI Boot Guard is a single
> point
> of failure. Updating it should only ever be considered if the
> consequences of not doing that would be worse than the risk of
> leaving
> devices bricked behind.

Yes, this feature should be conditional. Normally you don't want to
update, but there are some cases where updates are needed.

How about a variable SWU_UPDATE_EBG?

Felix

> 
> Jan
>
Jan Kiszka Dec. 7, 2023, 6:05 a.m. UTC | #3
On 07.12.23 13:23, MOESSBAUER, Felix (T CED INW-CN) wrote:
> On Thu, 2023-12-07 at 09:09 +0900, Jan Kiszka wrote:
>> On 06.12.23 22:33, Quirin Gylstorff wrote:
>>> From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
>>>
>>> This series adds the, possible signed, efibootguard binaries to the
>>> deploy dir
>>> and adds them to swu file and sw-description to update the
>>> bootloader.
>>>
>>> The new entry contains following information.
>>>     {
>>>             filename = "boot${SWU_EFI_ARCH}.efi"
>>>             path = "EFI/BOOT/boot${SWU_EFI_ARCH}.efi";
>>>             device = "/dev/disk/by-uuid/4321-DCBA";
>>>             filesystem = "vfat";
>>>             sha256 = "boot${SWU_EFI_ARCH}.efi-sha256";
>>>     });
>>>
>>> Should we always update the bootloader or should this be a optional
>>> addition to the swu?
>>>
>>
>> This should not be the default as the EFI Boot Guard is a single
>> point
>> of failure. Updating it should only ever be considered if the
>> consequences of not doing that would be worse than the risk of
>> leaving
>> devices bricked behind.
> 
> Yes, this feature should be conditional. Normally you don't want to
> update, but there are some cases where updates are needed.
> 
> How about a variable SWU_UPDATE_EBG?

And we may try to shorten the corruption window: write new boot.efi,
rename old one away, rename new one in place.

Jan