Hi, I am currently testing a system based on yocto dunfell + swupdate + EFIBootguard and I am concerned by the way the kernel is stored in the same partition of the configuration. I am using 2 config partitions for EFIBootguard, and also a double copy strategy for rootfs. At start, partition 0 contains the kernel associated with the installed rootfs. If I use swupdate to update some parts of the system (not related to rootfs or kernel), this creates a new configuration on partition 1, but the kernel file position is still on partition 0. Should then I need to update both the kernel and the rootfs, this would switch back to having a new active configuration on partition 0, but the new kernel should be written on configuration partition 1 to preserve the currently running kernel (resident on partition 0) as a fail safe in case of a rollback. This brings to a situation where cfg in use is in a partition, but the kernel is on another one. It also makes updated more complex: due to the double copy strategy, not only I have to detect the inactive rootfs partition, but also the inactive configuration partition where to store the kernel. I am really uneasy about this. Sadly EFIBootguard cannot boot the kernel stored on ext4 /boot rootfs directlry, so I am looking for an alterlative strategy. At the moment this involves 2 partitions dedicated to storing the kernel file, without saving it in the configuration partitons. What do you think?
Thanks! -- You received this message because you are subscribed to the Google Groups "EFI Boot Guard" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/efibootguard-dev/cba82c2b-3d41-4c45-bad8-4e7ab7729de9n%40googlegroups.com.
