diff mbox series

[isar-cip-core] efibootguard: Consolidate signed bootloader partitions in common include

Message ID 7b4ebd99-16d3-c873-803a-504f25c4231e@siemens.com (mailing list archive)
State Handled Elsewhere
Headers show
Series [isar-cip-core] efibootguard: Consolidate signed bootloader partitions in common include | expand

Commit Message

Jan Kiszka May 16, 2022, 5:12 a.m. UTC 
From: Jan Kiszka <jan.kiszka@siemens.com>

Model ebg-signed-sysparts.inc analogously to ebg-sysparts.inc because
both in-tree users share already the configuration and kernel partition
entries, and that is also generally expected from downstream users.

Reported-by: Bao Cheng Su <baocheng.su@siemens.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
---
 wic/ebg-signed-bootloader.inc                 | 2 --
 wic/ebg-signed-sysparts.inc                   | 8 ++++++++
 wic/qemu-amd64-efibootguard-secureboot.wks.in | 7 +------
 wic/qemu-arm64-efibootguard-secureboot.wks.in | 7 +------
 4 files changed, 10 insertions(+), 14 deletions(-)
 delete mode 100644 wic/ebg-signed-bootloader.inc
 create mode 100644 wic/ebg-signed-sysparts.inc
diff mbox series

Patch

diff --git a/wic/ebg-signed-bootloader.inc b/wic/ebg-signed-bootloader.inc
deleted file mode 100644
index 62ebca9..0000000
--- a/wic/ebg-signed-bootloader.inc
+++ /dev/null
@@ -1,2 +0,0 @@ 
-# EFI partition containing efibootguard bootloader binary
-part --source efibootguard-efi  --size 16M --extra-space 0 --overhead-factor 1 --label efi   --align 1024 --part-type=EF00 --active --sourceparams "signwith=/usr/bin/sign_secure_image.sh"
diff --git a/wic/ebg-signed-sysparts.inc b/wic/ebg-signed-sysparts.inc
new file mode 100644
index 0000000..2d4d0e3
--- /dev/null
+++ b/wic/ebg-signed-sysparts.inc
@@ -0,0 +1,8 @@ 
+# default partition layout EFI Boot Guard usage, signed version
+
+# EFI partition containing efibootguard bootloader binary
+part --source efibootguard-efi  --size 16M --extra-space 0 --overhead-factor 1 --label efi   --align 1024 --part-type=EF00 --active --sourceparams "signwith=/usr/bin/sign_secure_image.sh"
+
+# EFI Boot Guard environment/config partitions plus Kernel files
+part --source efibootguard-boot --size 32M --extra-space 0 --overhead-factor 1 --label BOOT0 --align 1024 --part-type=0700 --sourceparams "revision=2,signwith=/usr/bin/sign_secure_image.sh"
+part --source efibootguard-boot --size 32M --extra-space 0 --overhead-factor 1 --label BOOT1 --align 1024 --part-type=0700 --sourceparams "revision=1,signwith=/usr/bin/sign_secure_image.sh"
diff --git a/wic/qemu-amd64-efibootguard-secureboot.wks.in b/wic/qemu-amd64-efibootguard-secureboot.wks.in
index 4a0e987..e097eac 100644
--- a/wic/qemu-amd64-efibootguard-secureboot.wks.in
+++ b/wic/qemu-amd64-efibootguard-secureboot.wks.in
@@ -1,9 +1,4 @@ 
-# EFI partition containing efibootguard bootloader binary
-include ebg-signed-bootloader.inc
-
-# EFI Boot Guard environment/config partitions plus Kernel files
-part --source efibootguard-boot --size 32M --extra-space 0 --overhead-factor 1 --label BOOT0 --align 1024 --part-type=0700 --sourceparams "revision=2,signwith=/usr/bin/sign_secure_image.sh"
-part --source efibootguard-boot --size 32M --extra-space 0 --overhead-factor 1 --label BOOT1 --align 1024 --part-type=0700 --sourceparams "revision=1,signwith=/usr/bin/sign_secure_image.sh"
+include ebg-signed-sysparts.inc
 
 part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.${VERITY_IMAGE_TYPE}.verity.img" --align 1024 --fixed-size 1G --uuid "fedcba98-7654-3210-cafe-5e0710000001"
 part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.${VERITY_IMAGE_TYPE}.verity.img" --align 1024 --fixed-size 1G --uuid "fedcba98-7654-3210-cafe-5e0710000002"
diff --git a/wic/qemu-arm64-efibootguard-secureboot.wks.in b/wic/qemu-arm64-efibootguard-secureboot.wks.in
index df6a9a1..b3bbed4 100644
--- a/wic/qemu-arm64-efibootguard-secureboot.wks.in
+++ b/wic/qemu-arm64-efibootguard-secureboot.wks.in
@@ -1,9 +1,4 @@ 
-# EFI partition containing efibootguard bootloader binary
-include ebg-signed-bootloader.inc
-
-# EFI Boot Guard environment/config partitions plus Kernel files
-part --source efibootguard-boot --size 32M --extra-space 0 --overhead-factor 1 --label BOOT0 --align 1024 --part-type=0700 --sourceparams "revision=2,signwith=/usr/bin/sign_secure_image.sh"
-part --source efibootguard-boot --size 32M --extra-space 0 --overhead-factor 1 --label BOOT1 --align 1024 --part-type=0700 --sourceparams "revision=1,signwith=/usr/bin/sign_secure_image.sh"
+include ebg-signed-sysparts.inc
 
 part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.${VERITY_IMAGE_TYPE}.verity.img" --align 1024 --fixed-size 1G --uuid "fedcba98-7654-3210-cafe-5e0710000001"
 part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.${VERITY_IMAGE_TYPE}.verity.img" --align 1024 --fixed-size 1G --uuid "fedcba98-7654-3210-cafe-5e0710000002"