On 27.07.22 20:00, [email protected] wrote: > Hi, > > My name is venkata and I am working with ISAR and CIP projects. > I am using efibootguard for secure boot verification in QEMU, > > I have some questions on efibooguard compilation, please help me to > understand, > > When I am using single EFI partition in my system image (not observed that > efibootguard is compiled with default 2 config-partitions), the efibootguard > is failed to load the configuration and doesn’t boot. > > After I recompile the efibootguard with "--with-num-config-parts=1" then it > worked well. > > I just wanted to understand the reason for setting the "num-config-parts" > defaults to 2 [1], does it expects minimum of two efi partitions for some > reason (swupdate?) that I should care about. > > Also, do I need to compile efibootguard always when I use it for different > partitions (2 for swupdate, 1 for single efi partition) or can I configure > this on runtime? > > [1] https://github.com/siemens/efibootguard/blob/master/configure.ac#L153 >
The main purpose of EFI Boot Guard is providing a robust a/b boot path switching mechanism. Therefore, 2 config partitions is the most reasonable default. You could have more partitions, but we didn't hit a real use case for that yet. You may disable the switching feature and only use EFI Boot Guard as watchdog driver, but that is a special case. Therefore, 2 is default and will also be the setting in a pre-built distro package. Jan -- Siemens AG, Technology Competence Center Embedded Linux -- You received this message because you are subscribed to the Google Groups "EFI Boot Guard" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/efibootguard-dev/e61fa108-dc29-0dc4-10d2-ceac18d70357%40siemens.com.
