From patchwork Thu Jan 11 19:59:45 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gylstorff Quirin X-Patchwork-Id: 13517768 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id E16D0C47DA6 for ; Thu, 11 Jan 2024 20:00:26 +0000 (UTC) Received: from mta-64-225.siemens.flowmailer.net (mta-64-225.siemens.flowmailer.net [185.136.64.225]) by mx.groups.io with SMTP id smtpd.web10.2404.1705003220422330717 for ; Thu, 11 Jan 2024 12:00:20 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=Quirin.Gylstorff@siemens.com header.s=fm1 header.b=qGjV3d86; spf=pass (domain: rts-flowmailer.siemens.com, ip: 185.136.64.225, mailfrom: fm-51332-20240111200016f106d0cfe0c71488d4-1kv_4l@rts-flowmailer.siemens.com) Received: by mta-64-225.siemens.flowmailer.net with ESMTPSA id 20240111200016f106d0cfe0c71488d4 for ; Thu, 11 Jan 2024 21:00:17 +0100 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=fm1; d=siemens.com; i=Quirin.Gylstorff@siemens.com; h=Date:From:Subject:To:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding:References:In-Reply-To; bh=Z38sXGYXGCfIlsFGoLgdZwE1tPRfwqYXFN6IdUB+/2A=; b=qGjV3d8664BJ7s2ztCsDpPwz9q67yYHwSijkZSm44ljyTQfipLGpcZlVyxOslE3g60kP8i u0kBJArC8/2+/SPuqLQRVLar5Wf/Dc5pR7zxep44NuzamQ7EUjGqVQ6cfwLsrREwRRjl+lfN YYS0+tCu/uDJ493iLCoMcLxmIeuT4=; From: Quirin Gylstorff To: felix.moessbauer@siemens.com, cip-dev@lists.cip-project.org, jan.kiszka@siemens.com Subject: [cip-dev][isar-cip-core][PATCH v5 1/7] Move efibootguard specific settings from include to class file Date: Thu, 11 Jan 2024 20:59:45 +0100 Message-ID: <20240111200015.190376-2-Quirin.Gylstorff@siemens.com> In-Reply-To: <20240111200015.190376-1-Quirin.Gylstorff@siemens.com> References: <20240111200015.190376-1-Quirin.Gylstorff@siemens.com> MIME-Version: 1.0 X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-51332:519-21489:flowmailer List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 11 Jan 2024 20:00:26 -0000 X-Groupsio-URL: https://lists.cip-project.org/g/cip-dev/message/14340 From: Quirin Gylstorff This is done in preparations to reduce similar code. Signed-off-by: Quirin Gylstorff --- classes/efibootguard.bbclass | 16 ++++++++++++++++ recipes-core/images/efibootguard.inc | 9 ++------- 2 files changed, 18 insertions(+), 7 deletions(-) create mode 100644 classes/efibootguard.bbclass diff --git a/classes/efibootguard.bbclass b/classes/efibootguard.bbclass new file mode 100644 index 0000000..5a8a39b --- /dev/null +++ b/classes/efibootguard.bbclass @@ -0,0 +1,16 @@ +# +# CIP Core, generic profile +# +# Copyright (c) Siemens AG, 2024 +# +# Authors: +# Quirin Gylstorff +# +# SPDX-License-Identifier: MIT +# + +IMAGE_INSTALL:append = " efibootguard libebgenv0" +IMAGER_INSTALL:wic:append = " efibootguard:${DISTRO_ARCH}" +WDOG_TIMEOUT ?= "60" +WICVARS += "WDOG_TIMEOUT KERNEL_IMAGE INITRD_DEPLOY_FILE DTB_FILES" +IMAGE_TYPEDEP:swu:append = " wic" diff --git a/recipes-core/images/efibootguard.inc b/recipes-core/images/efibootguard.inc index 0f26b7d..f512b3c 100644 --- a/recipes-core/images/efibootguard.inc +++ b/recipes-core/images/efibootguard.inc @@ -1,7 +1,7 @@ # # CIP Core, generic profile # -# Copyright (c) Siemens AG, 2020 +# Copyright (c) Siemens AG, 2020, 2024 # # Authors: # Quirin Gylstorff @@ -9,9 +9,4 @@ # SPDX-License-Identifier: MIT # -IMAGE_INSTALL:append = " efibootguard libebgenv0" -IMAGER_INSTALL:wic:append = " efibootguard:${DISTRO_ARCH}" -WDOG_TIMEOUT ?= "60" -WICVARS += "WDOG_TIMEOUT KERNEL_IMAGE INITRD_DEPLOY_FILE DTB_FILES" -IMAGE_FSTYPES:append = " wic" -IMAGE_TYPEDEP:swu:append = " wic" +inherit efibootguard From patchwork Thu Jan 11 19:59:46 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gylstorff Quirin X-Patchwork-Id: 13517769 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id E8113C47DA9 for ; Thu, 11 Jan 2024 20:00:26 +0000 (UTC) Received: from mta-64-226.siemens.flowmailer.net (mta-64-226.siemens.flowmailer.net [185.136.64.226]) by mx.groups.io with SMTP id smtpd.web10.2405.1705003220451501479 for ; Thu, 11 Jan 2024 12:00:20 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=Quirin.Gylstorff@siemens.com header.s=fm1 header.b=h5sklNxT; spf=pass (domain: rts-flowmailer.siemens.com, ip: 185.136.64.226, mailfrom: fm-51332-20240111200017b9d68edccb10b591c4-kx_pvr@rts-flowmailer.siemens.com) Received: by mta-64-226.siemens.flowmailer.net with ESMTPSA id 20240111200017b9d68edccb10b591c4 for ; Thu, 11 Jan 2024 21:00:17 +0100 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=fm1; d=siemens.com; i=Quirin.Gylstorff@siemens.com; h=Date:From:Subject:To:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding:References:In-Reply-To; bh=TZc2OSnj7nlDmj8kT/le4UtKgcgOM83kTxJO/e8gVwc=; b=h5sklNxT9UOTwQ3DsxcpvYsklCVqVaDf0tB6Pt5eGkhCGuDdg1F1NIW61eGZgXlsRfW8qS iYGxElKpTLFrq/+2ObiGix569yf/+fTSiI+HPVoZFv9AF45ul+rZD0H3Xrc2Sr8VIAvFlkO6 cMZjdwfYlO3xcYPyKiTUu6nAxqcS8=; From: Quirin Gylstorff To: felix.moessbauer@siemens.com, cip-dev@lists.cip-project.org, jan.kiszka@siemens.com Subject: [cip-dev][isar-cip-core][PATCH v5 2/7] efibootguard.bbclass: Add functions to generate the EFI_ARCH and EFI_LIB_ARCH Date: Thu, 11 Jan 2024 20:59:46 +0100 Message-ID: <20240111200015.190376-3-Quirin.Gylstorff@siemens.com> In-Reply-To: <20240111200015.190376-1-Quirin.Gylstorff@siemens.com> References: <20240111200015.190376-1-Quirin.Gylstorff@siemens.com> MIME-Version: 1.0 X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-51332:519-21489:flowmailer List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 11 Jan 2024 20:00:26 -0000 X-Groupsio-URL: https://lists.cip-project.org/g/cip-dev/message/14341 From: Quirin Gylstorff This reduces duplicated code. Signed-off-by: Quirin Gylstorff --- classes/efibootguard.bbclass | 28 ++++++++++++- .../wic/plugins/source/efibootguard-boot.py | 29 +++++--------- .../wic/plugins/source/efibootguard-efi.py | 40 +++++++++---------- 3 files changed, 56 insertions(+), 41 deletions(-) diff --git a/classes/efibootguard.bbclass b/classes/efibootguard.bbclass index 5a8a39b..26291b7 100644 --- a/classes/efibootguard.bbclass +++ b/classes/efibootguard.bbclass @@ -12,5 +12,31 @@ IMAGE_INSTALL:append = " efibootguard libebgenv0" IMAGER_INSTALL:wic:append = " efibootguard:${DISTRO_ARCH}" WDOG_TIMEOUT ?= "60" -WICVARS += "WDOG_TIMEOUT KERNEL_IMAGE INITRD_DEPLOY_FILE DTB_FILES" +WICVARS += "WDOG_TIMEOUT KERNEL_IMAGE INITRD_DEPLOY_FILE DTB_FILES EFI_ARCH EFI_LIB_ARCH" IMAGE_TYPEDEP:swu:append = " wic" + +def distro_to_efi_arch(d): + DISTRO_TO_EFI_ARCH = { + "amd64": "x64", + "arm64": "aa64", + "armhf": "arm", + "i386": "ia32", + "riscv64": "riscv64" + } + distro_arch = d.getVar('DISTRO_ARCH') + return DISTRO_TO_EFI_ARCH[distro_arch] + +EFI_ARCH := "${@distro_to_efi_arch(d)}" + +def distro_to_lib_arch(d): + DISTRO_TO_LIB_ARCH = { + "amd64": "x86_64-linux-gnu", + "arm64": "aarch64-linux-gnu", + "armhf": "arm-linux-gnueabihf", + "i386": "i386-linux-gnu", + "riscv64": "riscv64-linux-gnu", + } + distro_arch = d.getVar('DISTRO_ARCH') + return DISTRO_TO_LIB_ARCH[distro_arch] + +EFI_LIB_ARCH := "${@distro_to_lib_arch(d)}" diff --git a/scripts/lib/wic/plugins/source/efibootguard-boot.py b/scripts/lib/wic/plugins/source/efibootguard-boot.py index 9892572..4e3aefb 100644 --- a/scripts/lib/wic/plugins/source/efibootguard-boot.py +++ b/scripts/lib/wic/plugins/source/efibootguard-boot.py @@ -180,27 +180,20 @@ class EfibootguardBootPlugin(SourcePlugin): def _create_unified_kernel_image(cls, rootfs_dir, cr_workdir, cmdline, deploy_dir, kernel_image, initrd_image, dtb_files, source_params): - # we need to map the distro_arch to uefi values - distro_to_efi_arch = { - "amd64": "x64", - "arm64": "aa64", - "armhf": "arm", - "i386": "ia32", - "riscv64" : "riscv64" - } - distro_to_lib_arch = { - "amd64": "x86_64-linux-gnu", - "arm64": "aarch64-linux-gnu", - "armhf": "arm-linux-gnueabihf", - "i386": "i386-linux-gnu", - "riscv64": "riscv64-linux-gnu", - } rootfs_path = rootfs_dir.get('ROOTFS_DIR') - distro_arch = get_bitbake_var("DISTRO_ARCH") + efiarch = get_bitbake_var("EFI_ARCH") + if not efiarch: + msger.error("Bitbake variable 'EFI_ARCH' not set, exiting\n") + exit(1) + libarch = get_bitbake_var("EFI_LIB_ARCH") + if not libarch: + msger.error("Bitbake variable 'EFI_LIB_ARCH' not set, exiting\n") + exit(1) + efistub = "{rootfs_path}/usr/lib/{libpath}/efibootguard/kernel-stub{efiarch}.efi"\ .format(rootfs_path=rootfs_path, - libpath=distro_to_lib_arch[distro_arch], - efiarch=distro_to_efi_arch[distro_arch]) + libpath=libarch, + efiarch=efiarch) uefi_kernel_name = "linux.efi" uefi_kernel_file = "{deploy_dir}/{uefi_kernel_name}"\ .format(deploy_dir=deploy_dir, uefi_kernel_name=uefi_kernel_name) diff --git a/scripts/lib/wic/plugins/source/efibootguard-efi.py b/scripts/lib/wic/plugins/source/efibootguard-efi.py index 86a22e0..9bb6347 100644 --- a/scripts/lib/wic/plugins/source/efibootguard-efi.py +++ b/scripts/lib/wic/plugins/source/efibootguard-efi.py @@ -51,35 +51,31 @@ class EfibootguardEFIPlugin(SourcePlugin): populate an EFI boot partition containing the EFI Boot Guard bootloader binary. """ - # we need to map the distro_arch to uefi values - distro_to_efi_arch = { - "amd64": "x64", - "arm64": "aa64", - "armhf": "arm", - "i386": "ia32", - "riscv64" : "riscv64" - } - - distro_to_lib_arch = { - "amd64": "x86_64-linux-gnu", - "arm64": "aarch64-linux-gnu", - "armhf": "arm-linux-gnueabihf", - "i386": "i386-linux-gnu", - "riscv64": "riscv64-linux-gnu", - } - - distro_arch = get_bitbake_var("DISTRO_ARCH") + efiarch = get_bitbake_var("EFI_ARCH") + if not efiarch: + msger.error("Bitbake variable 'EFI_ARCH' not set, exiting\n") + exit(1) + libarch = get_bitbake_var("EFI_LIB_ARCH") + if not libarch: + msger.error("Bitbake variable 'EFI_LIB_ARCH' not set, exiting\n") + exit(1) + + deploy_dir = get_bitbake_var("DEPLOY_DIR_IMAGE") + if not deploy_dir: + msger.error("DEPLOY_DIR_IMAGE not set, exiting\n") + exit(1) + creator.deploy_dir = deploy_dir + bootloader = "/usr/lib/{libpath}/efibootguard/efibootguard{efiarch}.efi".format( - libpath=distro_to_lib_arch[distro_arch], - efiarch=distro_to_efi_arch[distro_arch]) + libpath=libarch, + efiarch=efiarch) part_rootfs_dir = "%s/disk/%s.%s" % (cr_workdir, part.label, part.lineno) create_dir_cmd = "install -d %s/EFI/BOOT" % part_rootfs_dir exec_cmd(create_dir_cmd) - name = "boot{}.efi".format( - distro_to_efi_arch[distro_arch]) + name = "boot{}.efi".format(efiarch) signed_bootloader = cls._sign_file(name, bootloader, From patchwork Thu Jan 11 19:59:47 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gylstorff Quirin X-Patchwork-Id: 13517763 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id C6784C47077 for ; Thu, 11 Jan 2024 20:00:26 +0000 (UTC) Received: from mta-64-225.siemens.flowmailer.net (mta-64-225.siemens.flowmailer.net [185.136.64.225]) by mx.groups.io with SMTP id smtpd.web11.2397.1705003220086386955 for ; Thu, 11 Jan 2024 12:00:21 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=Quirin.Gylstorff@siemens.com header.s=fm1 header.b=UMZC8/RH; spf=pass (domain: rts-flowmailer.siemens.com, ip: 185.136.64.225, mailfrom: fm-51332-2024011120001755f811117a0f5a980f-mtzne0@rts-flowmailer.siemens.com) Received: by mta-64-225.siemens.flowmailer.net with ESMTPSA id 2024011120001755f811117a0f5a980f for ; Thu, 11 Jan 2024 21:00:17 +0100 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=fm1; d=siemens.com; i=Quirin.Gylstorff@siemens.com; h=Date:From:Subject:To:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding:References:In-Reply-To; bh=Q0uHH1rsokRJfkAP1QPz52XMfDYa8++Dsa4HU+HLW08=; b=UMZC8/RH1Slquhv0AJNXuftSXSUGqrM8N6RS8gcsMkwFev2l8Bf/jyZe7UKeUPqZpAUdbj koDEYwzSGIEToIME7VF1f/5/YxAM2khghCtJju7XPVETfh5pArPJESjcI7vYMImWM2N3rrlT Qb1w082tBHEHc3z5rTh96MvAo5k2w=; From: Quirin Gylstorff To: felix.moessbauer@siemens.com, cip-dev@lists.cip-project.org, jan.kiszka@siemens.com Subject: [cip-dev][isar-cip-core][PATCH v5 3/7] efibootguard-efi.py: copy signed ebg binary to DEPLOY_DIR Date: Thu, 11 Jan 2024 20:59:47 +0100 Message-ID: <20240111200015.190376-4-Quirin.Gylstorff@siemens.com> In-Reply-To: <20240111200015.190376-1-Quirin.Gylstorff@siemens.com> References: <20240111200015.190376-1-Quirin.Gylstorff@siemens.com> MIME-Version: 1.0 X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-51332:519-21489:flowmailer List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 11 Jan 2024 20:00:26 -0000 X-Groupsio-URL: https://lists.cip-project.org/g/cip-dev/message/14345 From: Quirin Gylstorff This allows to add the signed ebg binary to a swu file for updating the bootloader. Signed-off-by: Quirin Gylstorff --- scripts/lib/wic/plugins/source/efibootguard-efi.py | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/scripts/lib/wic/plugins/source/efibootguard-efi.py b/scripts/lib/wic/plugins/source/efibootguard-efi.py index 9bb6347..e82e990 100644 --- a/scripts/lib/wic/plugins/source/efibootguard-efi.py +++ b/scripts/lib/wic/plugins/source/efibootguard-efi.py @@ -66,6 +66,13 @@ class EfibootguardEFIPlugin(SourcePlugin): exit(1) creator.deploy_dir = deploy_dir + deploy_dir = get_bitbake_var("DEPLOY_DIR_IMAGE") + if not deploy_dir: + msger.error("DEPLOY_DIR_IMAGE not set, exiting\n") + exit(1) + creator.deploy_dir = deploy_dir + + distro_arch = get_bitbake_var("DISTRO_ARCH") bootloader = "/usr/lib/{libpath}/efibootguard/efibootguard{efiarch}.efi".format( libpath=libarch, efiarch=efiarch) @@ -86,6 +93,13 @@ class EfibootguardEFIPlugin(SourcePlugin): part_rootfs_dir, name) exec_cmd(cp_cmd, True) + + cp_to_deploy_cmd = "cp %s/%s %s/%s" % (cr_workdir, + signed_bootloader, + deploy_dir, + name) + exec_cmd(cp_to_deploy_cmd, True) + du_cmd = "du --apparent-size -ks %s" % part_rootfs_dir blocks = int(exec_cmd(du_cmd).split()[0]) From patchwork Thu Jan 11 19:59:48 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gylstorff Quirin X-Patchwork-Id: 13517767 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id C28CFC4707B for ; Thu, 11 Jan 2024 20:00:26 +0000 (UTC) Received: from mta-65-228.siemens.flowmailer.net (mta-65-228.siemens.flowmailer.net [185.136.65.228]) by mx.groups.io with SMTP id smtpd.web11.2398.1705003220271012477 for ; Thu, 11 Jan 2024 12:00:21 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=Quirin.Gylstorff@siemens.com header.s=fm1 header.b=iLA31CHS; spf=pass (domain: rts-flowmailer.siemens.com, ip: 185.136.65.228, mailfrom: fm-51332-202401112000177aeb156ac66becbb88-ug8fpj@rts-flowmailer.siemens.com) Received: by mta-65-228.siemens.flowmailer.net with ESMTPSA id 202401112000177aeb156ac66becbb88 for ; Thu, 11 Jan 2024 21:00:17 +0100 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=fm1; d=siemens.com; i=Quirin.Gylstorff@siemens.com; h=Date:From:Subject:To:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding:References:In-Reply-To; bh=7gHnhlyNKtrsuS4aR2Oo096eNq55FBb/1ZuK5H7AZSw=; b=iLA31CHS1+uu7TNEVKQOxGcXlCsXt2oGq3ArSEGGhqNcmUj/JwA3p+WymgUpaLt2RQU4Fo 5pjF/EMHW93U+dDXLOMxitja3k3QJBhk1PoJvGlw5xlsuTpH3yz25c4tREd5Jx53G/vyUiKR tiL6cIhjsBuF5lRrEf37kBB6IK2Mk=; From: Quirin Gylstorff To: felix.moessbauer@siemens.com, cip-dev@lists.cip-project.org, jan.kiszka@siemens.com Subject: [cip-dev][isar-cip-core][PATCH v5 4/7] swupdate.bbclass: Add SWU_EXTEND_SW_DESCRIPTION Date: Thu, 11 Jan 2024 20:59:48 +0100 Message-ID: <20240111200015.190376-5-Quirin.Gylstorff@siemens.com> In-Reply-To: <20240111200015.190376-1-Quirin.Gylstorff@siemens.com> References: <20240111200015.190376-1-Quirin.Gylstorff@siemens.com> MIME-Version: 1.0 X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-51332:519-21489:flowmailer List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 11 Jan 2024 20:00:26 -0000 X-Groupsio-URL: https://lists.cip-project.org/g/cip-dev/message/14344 From: Quirin Gylstorff The elements of the new variable are called as functions. This allows the user to extend the sw-description file with new template variables and new entries. Signed-off-by: Quirin Gylstorff --- classes/swupdate.bbclass | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/classes/swupdate.bbclass b/classes/swupdate.bbclass index 117f9fe..dfe8ef1 100644 --- a/classes/swupdate.bbclass +++ b/classes/swupdate.bbclass @@ -53,6 +53,16 @@ IMAGE_TEMPLATE_VARS:swu = " \ addtask do_transform_template after do_generate_image_uuid python(){ + cmds = d.getVar("SWU_EXTEND_SW_DESCRIPTION") + if cmds is None or not cmds.strip(): + return + cmds = cmds.split() + for cmd in cmds: + bb.build.exec_func(cmd, d) +} + +SWU_EXTEND_SW_DESCRIPTION += "add_swu_hw_compat" +python add_swu_hw_compat(){ # create SWU_HW_COMPAT_NODE based on list of supported hw hw_compat = d.getVar('SWU_HW_COMPAT') if hw_compat: @@ -61,7 +71,10 @@ python(){ 'hardware-compatibility: [ ' + hw_entries +' ];') else: d.setVar('SWU_HW_COMPAT_NODE', '') +} +SWU_EXTEND_SW_DESCRIPTION += "add_swu_compression" +python add_swu_compression(){ # create SWU_COMPRESSION_NODE node if compression is enabled calgo = d.getVar('SWU_COMPRESSION_TYPE') if calgo: From patchwork Thu Jan 11 19:59:49 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gylstorff Quirin X-Patchwork-Id: 13517764 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id C46A9C47258 for ; Thu, 11 Jan 2024 20:00:26 +0000 (UTC) Received: from mta-64-226.siemens.flowmailer.net (mta-64-226.siemens.flowmailer.net [185.136.64.226]) by mx.groups.io with SMTP id smtpd.web10.2401.1705003219968240878 for ; Thu, 11 Jan 2024 12:00:20 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=Quirin.Gylstorff@siemens.com header.s=fm1 header.b=NYxMuk7P; spf=pass (domain: rts-flowmailer.siemens.com, ip: 185.136.64.226, mailfrom: fm-51332-202401112000170e9872d2700a0484a3-v97f5k@rts-flowmailer.siemens.com) Received: by mta-64-226.siemens.flowmailer.net with ESMTPSA id 202401112000170e9872d2700a0484a3 for ; Thu, 11 Jan 2024 21:00:17 +0100 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=fm1; d=siemens.com; i=Quirin.Gylstorff@siemens.com; h=Date:From:Subject:To:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding:References:In-Reply-To; bh=VFMresEGEC2+Wf485b0y3AB3+Zdr1GLHzwF0CrRZ0so=; b=NYxMuk7PwTjh+OeaLPIVeZYVOMp56xRfZccKolBriB2tm/cKy3OniHNjFUA7ZcivXFqKG/ EZd0bVTSUTRtX/lY4u/7CBXTYbH1lOK3xqIUO0JzN9oKEa42a5IMOfV4ySnaBwcqypwjAHCR GZlQ87E1Aj/QpsTrx/JSxKJ+EP4gQ=; From: Quirin Gylstorff To: felix.moessbauer@siemens.com, cip-dev@lists.cip-project.org, jan.kiszka@siemens.com Subject: [cip-dev][isar-cip-core][PATCH v5 5/7] swupdate: Extend sw-description to update efibootguard Date: Thu, 11 Jan 2024 20:59:49 +0100 Message-ID: <20240111200015.190376-6-Quirin.Gylstorff@siemens.com> In-Reply-To: <20240111200015.190376-1-Quirin.Gylstorff@siemens.com> References: <20240111200015.190376-1-Quirin.Gylstorff@siemens.com> MIME-Version: 1.0 X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-51332:519-21489:flowmailer List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 11 Jan 2024 20:00:26 -0000 X-Groupsio-URL: https://lists.cip-project.org/g/cip-dev/message/14338 From: Quirin Gylstorff If the variable `SWU_EBG_UPDATE` is set to `1` an additional file element is added to the sw-description to replace the ebg. Use python as newlines are part of the sw-description syntax an therefore cannot be hold in a bitbake variable, see note in[1]. The efibootguard binary has the property 'atomic-install' which copies the file to a tempory location before replacing the original with new file[2]. IMPORTANT: Even if the property 'atomic-install' is set FAT does not support atomic writes or renames so a powercut can still corrupt the system[3]. [1]: https://docs.yoctoproject.org/bitbake/2.2/bitbake-user-manual/bitbake-user-manual-metadata.html#line-joining [2]: https://sbabic.github.io/swupdate/sw-description.html#files [3]: https://lore.kernel.org/linux-fsdevel/20191022105413.pj6i3ydetnfgnkzh@pali/ Signed-off-by: Quirin Gylstorff --- classes/swupdate.bbclass | 34 +++++++++++++++++++-- recipes-core/images/swu/sw-description.tmpl | 2 +- 2 files changed, 33 insertions(+), 3 deletions(-) diff --git a/classes/swupdate.bbclass b/classes/swupdate.bbclass index dfe8ef1..0f8ae23 100644 --- a/classes/swupdate.bbclass +++ b/classes/swupdate.bbclass @@ -1,7 +1,7 @@ # # CIP Core, generic profile # -# Copyright (c) Siemens AG, 2020-2023 +# Copyright (c) Siemens AG, 2020-2024 # # Authors: # Christian Storm @@ -11,6 +11,7 @@ # SPDX-License-Identifier: MIT inherit template +inherit efibootguard SWU_ROOTFS_TYPE ?= "squashfs" SWU_ROOTFS_NAME ?= "${IMAGE_FULLNAME}" @@ -22,6 +23,9 @@ SWU_NAME ?= "cip software update" # space separated list of supported hw. Leave empty to leave out SWU_HW_COMPAT ?= "" +SWU_EBG_UPDATE ?= "" +SWU_EFI_BOOT_DEVICE ?= "/dev/disk/by-uuid/4321-DCBA" + SWU_IMAGE_FILE ?= "${DEPLOY_DIR_IMAGE}/${IMAGE_FULLNAME}.swu" SWU_DESCRIPTION_FILE ?= "sw-description" SWU_ADDITIONAL_FILES ?= "linux.efi ${SWU_ROOTFS_PARTITION_NAME}" @@ -47,7 +51,14 @@ IMAGE_TEMPLATE_VARS:swu = " \ SWU_HW_COMPAT_NODE \ SWU_COMPRESSION_NODE \ SWU_VERSION \ - SWU_NAME" + SWU_NAME \ + SWU_FILE_NODES \ + " + +# Add the bootloader file +def efi_bootloader_name(d): + efi_arch = distro_to_efi_arch(d) + return "boot{}.efi".format(efi_arch) # TARGET_IMAGE_UUID needs to be generated before completing the template addtask do_transform_template after do_generate_image_uuid @@ -83,6 +94,25 @@ python add_swu_compression(){ d.setVar('SWU_COMPRESSION_NODE', '') } +SWU_EXTEND_SW_DESCRIPTION += "${@ 'add_ebg_update' if d.getVar('SWU_EBG_UPDATE') == '1' else ''}" +python add_ebg_update(){ + efi_boot_loader_file = efi_bootloader_name(d) + efi_boot_device = d.getVar('SWU_EFI_BOOT_DEVICE') + swu_ebg_update_node = f""", + {{ + filename = "{efi_boot_loader_file}"; + path = "EFI/BOOT/{efi_boot_loader_file}"; + device = "{efi_boot_device}"; + filesystem = "vfat"; + sha256 = "{efi_boot_loader_file}-sha256"; + properties: {{ + atomic-install = "true"; + }}; + }} + """ + d.appendVar('SWU_FILE_NODES', swu_ebg_update_node) + d.appendVar('SWU_ADDITIONAL_FILES', " " + efi_boot_loader_file) +} # convert between swupdate compressor name and imagetype extension def get_swu_compression_type(d): diff --git a/recipes-core/images/swu/sw-description.tmpl b/recipes-core/images/swu/sw-description.tmpl index 6b53a3c..c52372c 100644 --- a/recipes-core/images/swu/sw-description.tmpl +++ b/recipes-core/images/swu/sw-description.tmpl @@ -34,5 +34,5 @@ software = subtype = "kernel"; }; sha256 = "linux.efi-sha256"; - }); + }${SWU_FILE_NODES}); } From patchwork Thu Jan 11 19:59:50 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gylstorff Quirin X-Patchwork-Id: 13517770 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 05F44C47DAC for ; Thu, 11 Jan 2024 20:00:27 +0000 (UTC) Received: from mta-65-225.siemens.flowmailer.net (mta-65-225.siemens.flowmailer.net [185.136.65.225]) by mx.groups.io with SMTP id smtpd.web11.2396.1705003220053292853 for ; Thu, 11 Jan 2024 12:00:21 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=Quirin.Gylstorff@siemens.com header.s=fm1 header.b=ULj8GdNm; spf=pass (domain: rts-flowmailer.siemens.com, ip: 185.136.65.225, mailfrom: fm-51332-2024011120001850d92f27cd5a9e9940-tcqhzy@rts-flowmailer.siemens.com) Received: by mta-65-225.siemens.flowmailer.net with ESMTPSA id 2024011120001850d92f27cd5a9e9940 for ; Thu, 11 Jan 2024 21:00:18 +0100 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=fm1; d=siemens.com; i=Quirin.Gylstorff@siemens.com; h=Date:From:Subject:To:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding:References:In-Reply-To; bh=2t8dBtjpvpiNRw0B3rozomNpA35PWh0+ITRoqxW2fS4=; b=ULj8GdNmSQamBqWK74nHX7i07DNxb92QgmtMRpfnHd+4YygC0SGNLpRmTaNLExfLg/qs4I Xqgz8bAS2ZTb/tgB17bIzv5GYPmmAJkM0WBqJbCTvnQX2oUNZCk+WtxOEmU7DW+i/lhFw6ny pGR5gxrhbP6PJfIY8jsMUltJZ3+rk=; From: Quirin Gylstorff To: felix.moessbauer@siemens.com, cip-dev@lists.cip-project.org, jan.kiszka@siemens.com Subject: [cip-dev][isar-cip-core][PATCH v5 6/7] classes/swupdate: Generate swu containing only efibootguard Date: Thu, 11 Jan 2024 20:59:50 +0100 Message-ID: <20240111200015.190376-7-Quirin.Gylstorff@siemens.com> In-Reply-To: <20240111200015.190376-1-Quirin.Gylstorff@siemens.com> References: <20240111200015.190376-1-Quirin.Gylstorff@siemens.com> MIME-Version: 1.0 X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-51332:519-21489:flowmailer List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 11 Jan 2024 20:00:27 -0000 X-Groupsio-URL: https://lists.cip-project.org/g/cip-dev/message/14343 From: Quirin Gylstorff This allows to update the bootloader seperately from the rest of the system. It adds a new variable `SWU_DESCRIPITION_FILE_BOOTLOADER` for the bootloader sw-descripition. The generated swu has the following naming scheme ${SWU_IMAGE_FILE}-${SWU_BOOTLOADER}.swu. Signed-off-by: Quirin Gylstorff --- classes/swupdate.bbclass | 102 +++++++++++------- .../images/swu/sw-description-ebg.tmpl | 17 +++ 2 files changed, 81 insertions(+), 38 deletions(-) create mode 100644 recipes-core/images/swu/sw-description-ebg.tmpl diff --git a/classes/swupdate.bbclass b/classes/swupdate.bbclass index 0f8ae23..8f1215d 100644 --- a/classes/swupdate.bbclass +++ b/classes/swupdate.bbclass @@ -25,15 +25,17 @@ SWU_HW_COMPAT ?= "" SWU_EBG_UPDATE ?= "" SWU_EFI_BOOT_DEVICE ?= "/dev/disk/by-uuid/4321-DCBA" +SWU_BOOTLOADER ??= "ebg" +SWU_DESCRIPITION_FILE_BOOTLOADER ??= "${SWU_DESCRIPTION_FILE}-${SWU_BOOTLOADER}" -SWU_IMAGE_FILE ?= "${DEPLOY_DIR_IMAGE}/${IMAGE_FULLNAME}.swu" +SWU_IMAGE_FILE ?= "${IMAGE_FULLNAME}" SWU_DESCRIPTION_FILE ?= "sw-description" SWU_ADDITIONAL_FILES ?= "linux.efi ${SWU_ROOTFS_PARTITION_NAME}" SWU_SIGNED ??= "" SWU_SIGNATURE_EXT ?= "sig" SWU_SIGNATURE_TYPE ?= "cms" -SWU_BUILDCHROOT_IMAGE_FILE ?= "${PP_DEPLOY}/${@os.path.basename(d.getVar('SWU_IMAGE_FILE'))}" +SWU_BUILDCHROOT_IMAGE_FILE ?= "${@os.path.basename(d.getVar('SWU_IMAGE_FILE'))}" IMAGE_TYPEDEP:swu = "${SWU_ROOTFS_TYPE}${@get_swu_compression_type(d)}" IMAGER_BUILD_DEPS:swu += "${@'swupdate-certificates-key' if bb.utils.to_boolean(d.getVar('SWU_SIGNED')) else ''}" @@ -42,7 +44,9 @@ IMAGE_INSTALL += "${@'swupdate-certificates' if bb.utils.to_boolean(d.getVar('SW IMAGE_SRC_URI:swu = "file://${SWU_DESCRIPTION_FILE}.tmpl" +IMAGE_SRC_URI:swu += "file://${SWU_DESCRIPITION_FILE_BOOTLOADER}.tmpl" IMAGE_TEMPLATE_FILES:swu = "${SWU_DESCRIPTION_FILE}.tmpl" +IMAGE_TEMPLATE_FILES:swu += "${SWU_DESCRIPITION_FILE_BOOTLOADER}.tmpl" IMAGE_TEMPLATE_VARS:swu = " \ SWU_ROOTFS_PARTITION_NAME \ TARGET_IMAGE_UUID \ @@ -53,6 +57,7 @@ IMAGE_TEMPLATE_VARS:swu = " \ SWU_VERSION \ SWU_NAME \ SWU_FILE_NODES \ + SWU_BOOTLOADER_FILE_NODE \ " # Add the bootloader file @@ -94,11 +99,11 @@ python add_swu_compression(){ d.setVar('SWU_COMPRESSION_NODE', '') } -SWU_EXTEND_SW_DESCRIPTION += "${@ 'add_ebg_update' if d.getVar('SWU_EBG_UPDATE') == '1' else ''}" +SWU_EXTEND_SW_DESCRIPTION += "add_ebg_update" python add_ebg_update(){ efi_boot_loader_file = efi_bootloader_name(d) efi_boot_device = d.getVar('SWU_EFI_BOOT_DEVICE') - swu_ebg_update_node = f""", + swu_ebg_update_node = f""" {{ filename = "{efi_boot_loader_file}"; path = "EFI/BOOT/{efi_boot_loader_file}"; @@ -110,7 +115,11 @@ python add_ebg_update(){ }}; }} """ - d.appendVar('SWU_FILE_NODES', swu_ebg_update_node) + + d.setVar('SWU_BOOTLOADER_FILE_NODE', swu_ebg_update_node) + ebg_update = d.getVar('SWU_EBG_UPDATE') or "" + if ebg_update: + d.appendVar('SWU_FILE_NODES', "," + swu_ebg_update_node) d.appendVar('SWU_ADDITIONAL_FILES', " " + efi_boot_loader_file) } @@ -132,46 +141,63 @@ FILESEXTRAPATHS:append = ":${LAYERDIR_cip-core}/recipes-core/images/swu" do_image_swu[depends] += "${PN}:do_transform_template" do_image_swu[stamp-extra-info] = "${DISTRO}-${MACHINE}" -do_image_swu[cleandirs] += "${WORKDIR}/swu" +do_image_swu[cleandirs] += "${WORKDIR}/swu ${WORKDIR}/swu-${SWU_BOOTLOADER}" IMAGE_CMD:swu() { - rm -f '${SWU_IMAGE_FILE}' + rm -f '${DEPLOY_DIR_IMAGE}/${SWU_IMAGE_FILE}'*.swu cp '${WORKDIR}/${SWU_DESCRIPTION_FILE}' '${WORKDIR}/swu/${SWU_DESCRIPTION_FILE}' + if [ -f '${WORKDIR}/${SWU_DESCRIPITION_FILE_BOOTLOADER}' ]; then + cp '${WORKDIR}/${SWU_DESCRIPITION_FILE_BOOTLOADER}' '${WORKDIR}/swu-${SWU_BOOTLOADER}/${SWU_DESCRIPTION_FILE}' + fi - # Create symlinks for files used in the update image - for file in ${SWU_ADDITIONAL_FILES}; do - if [ -e "${WORKDIR}/$file" ]; then - ln -s "${PP_WORK}/$file" "${WORKDIR}/swu/$file" - else - ln -s "${PP_DEPLOY}/$file" "${WORKDIR}/swu/$file" - fi - done - - # Prepare for signing - export sign='${@'x' if bb.utils.to_boolean(d.getVar('SWU_SIGNED')) else ''}' - - imager_run -p -d ${PP_WORK} -u root <<'EOIMAGER' - # Fill in file check sums + for swu_file in "${WORKDIR}"/swu*; do + swu_file_base=$(basename $swu_file) + # Create symlinks for files used in the update image for file in ${SWU_ADDITIONAL_FILES}; do - sed -i "s:$file-sha256:$(sha256sum "${PP_WORK}/swu/"$file | cut -f 1 -d " "):g" \ - "${PP_WORK}/swu/${SWU_DESCRIPTION_FILE}" - done - cd "${PP_WORK}/swu" - for file in "${SWU_DESCRIPTION_FILE}" ${SWU_ADDITIONAL_FILES}; do - # Set file timestamps for reproducible builds - if [ -n "${SOURCE_DATE_EPOCH}" ]; then - touch -d@"${SOURCE_DATE_EPOCH}" "$file" + if grep -q "$file" "${WORKDIR}/$swu_file_base/${SWU_DESCRIPTION_FILE}"; then + if [ -e "${WORKDIR}/$file" ]; then + ln -s "${PP_WORK}/$file" "${WORKDIR}/$swu_file_base/$file" + else + ln -s "${PP_DEPLOY}/$file" "${WORKDIR}/$swu_file_base/$file" + fi fi - echo "$file" - if [ -n "$sign" -a "${SWU_DESCRIPTION_FILE}" = "$file" ]; then - sign-swu "$file" "$file.${SWU_SIGNATURE_EXT}" - # Set file timestamps for reproducible builds - if [ -n "${SOURCE_DATE_EPOCH}" ]; then - touch -d@"${SOURCE_DATE_EPOCH}" "$file.${SWU_SIGNATURE_EXT}" + done + + # Prepare for signing + export sign='${@'x' if bb.utils.to_boolean(d.getVar('SWU_SIGNED')) else ''}' + export swu_file_base + # create a exetension to differ between swus + swu_file_extension="" + if [ "$swu_file_base" != "swu" ]; then + swu_file_extension=${swu_file_base#swu} + fi + export swu_file_extension + imager_run -p -d ${PP_WORK} -u root <<'EOIMAGER' + # Fill in file check sums + for file in ${SWU_ADDITIONAL_FILES}; do + sed -i "s:$file-sha256:$(sha256sum "${PP_WORK}/$swu_file_base/"$file | cut -f 1 -d " "):g" \ + "${PP_WORK}/$swu_file_base/${SWU_DESCRIPTION_FILE}" + done + cd "${PP_WORK}/$swu_file_base" + for file in "${SWU_DESCRIPTION_FILE}" ${SWU_ADDITIONAL_FILES}; do + if [ "$file" = "${SWU_DESCRIPTION_FILE}" ] || \ + grep -q "$file" "${PP_WORK}/$swu_file_base/${SWU_DESCRIPTION_FILE}"; then + # Set file timestamps for reproducible builds + if [ -n "${SOURCE_DATE_EPOCH}" ]; then + touch -d@"${SOURCE_DATE_EPOCH}" "$file" + fi + echo "$file" + if [ -n "$sign" -a "${SWU_DESCRIPTION_FILE}" = "$file" ]; then + sign-swu "$file" "$file.${SWU_SIGNATURE_EXT}" + # Set file timestamps for reproducible builds + if [ -n "${SOURCE_DATE_EPOCH}" ]; then + touch -d@"${SOURCE_DATE_EPOCH}" "$file.${SWU_SIGNATURE_EXT}" + fi + echo "$file.${SWU_SIGNATURE_EXT}" + fi fi - echo "$file.${SWU_SIGNATURE_EXT}" - fi - done | cpio -ovL --reproducible -H crc > "${SWU_BUILDCHROOT_IMAGE_FILE}" + done | cpio -ovL --reproducible -H crc > "${PP_DEPLOY}/${SWU_IMAGE_FILE}$swu_file_extension.swu" EOIMAGER + done } python do_check_swu_partition_uuids() { diff --git a/recipes-core/images/swu/sw-description-ebg.tmpl b/recipes-core/images/swu/sw-description-ebg.tmpl new file mode 100644 index 0000000..c19157c --- /dev/null +++ b/recipes-core/images/swu/sw-description-ebg.tmpl @@ -0,0 +1,17 @@ +# +# CIP Core, generic profile +# +# Copyright (c) Siemens AG, 2024 +# +# Authors: +# Quirin Gylstorff +# +# SPDX-License-Identifier: MIT +# +software = +{ + version = "${SWU_VERSION}"; + name = "${SWU_NAME}"; + ${SWU_HW_COMPAT_NODE} + files: (${SWU_BOOTLOADER_FILE_NODE}); +} From patchwork Thu Jan 11 19:59:51 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gylstorff Quirin X-Patchwork-Id: 13517765 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D1C3DC47DA2 for ; Thu, 11 Jan 2024 20:00:26 +0000 (UTC) Received: from mta-65-226.siemens.flowmailer.net (mta-65-226.siemens.flowmailer.net [185.136.65.226]) by mx.groups.io with SMTP id smtpd.web10.2403.1705003220101024642 for ; Thu, 11 Jan 2024 12:00:20 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=Quirin.Gylstorff@siemens.com header.s=fm1 header.b=Dgt8dADE; spf=pass (domain: rts-flowmailer.siemens.com, ip: 185.136.65.226, mailfrom: fm-51332-20240111200018cc29d7e62844b5b01f-ivkydh@rts-flowmailer.siemens.com) Received: by mta-65-226.siemens.flowmailer.net with ESMTPSA id 20240111200018cc29d7e62844b5b01f for ; Thu, 11 Jan 2024 21:00:18 +0100 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=fm1; d=siemens.com; i=Quirin.Gylstorff@siemens.com; h=Date:From:Subject:To:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding:References:In-Reply-To; bh=r3Pj9a+WZZuJUjaM2aQt+VHELdoCELUCCYMEUS9cc1E=; b=Dgt8dADEUgf/5ly3BjqZjExU24ybB6T/qGiM5P1zIquHdoxiI14XpYfjqY5ICf1sb3ymTk jNcdN0wBaSK5UCJkIC1L26gcWXk9b008qgKZd2IylZNmhDuA3u5yX+P1G83VBAzPuDx1IBGN K0bHtPm2Qp/2q4CuA9UjyIApHO7e4=; From: Quirin Gylstorff To: felix.moessbauer@siemens.com, cip-dev@lists.cip-project.org, jan.kiszka@siemens.com Subject: [cip-dev][isar-cip-core][PATCH v5 7/7] doc/README.swupdate.md: add new section for bootloader updates Date: Thu, 11 Jan 2024 20:59:51 +0100 Message-ID: <20240111200015.190376-8-Quirin.Gylstorff@siemens.com> In-Reply-To: <20240111200015.190376-1-Quirin.Gylstorff@siemens.com> References: <20240111200015.190376-1-Quirin.Gylstorff@siemens.com> MIME-Version: 1.0 X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-51332:519-21489:flowmailer List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 11 Jan 2024 20:00:26 -0000 X-Groupsio-URL: https://lists.cip-project.org/g/cip-dev/message/14339 From: Quirin Gylstorff Signed-off-by: Quirin Gylstorff --- doc/README.swupdate.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/doc/README.swupdate.md b/doc/README.swupdate.md index 00359c7..1c94699 100644 --- a/doc/README.swupdate.md +++ b/doc/README.swupdate.md @@ -7,6 +7,19 @@ Start with cloning the isar-cip-core repository: ``` host$ git clone https://gitlab.com/cip-project/cip-core/isar-cip-core.git ``` +## SWUpdate Efibootguard update + +:warning: **If the efibootguard binary is corrupted the system can no longer boot** + +If you build a CIP Core image with SWUpdate support an additional swu will +be generated. This swu ends on `*-ebg.swu` and contains a sw-description to +update only efibootguard. SWUpdate will copy the file to a temporary location +and rename the binary in place to reduce the time the system can be destroyed +by a power failure. As FAT partitions have **no** atomic operations a small error +window is still possible. + +If the variable `SWU_EBG_UPDATE` is set to `"1"` the update is also stored in +the `*.swu` file. # Building and testing the CIP Core image