On Sat Sep 2, 2023 at 1:32 AM CEST, Michelle Lin wrote: > Currently, there is not a class to support the building of unified kernel > images. Adding a uki.bbclass to support the creation of UKIs. This class calls > the systemd Ukify tool, which will combine the kernel/initrd/stub components > to > build the UKI. To sign the UKI (i.e. SecureBoot, TPM PCR signing), the > keys/cert > files are to be specified in a separate configuration file, and the path to > the > file is passed to the Ukify tool. UKIs are supported by UEFI and can improve > security through predicted TPM PCR states, and reduce the build burden due to > its single PE binary format. > > Signed-off-by: Michelle Lin <michelle.lint...@gmail.com> > --- > meta/classes/uki.bbclass | 140 +++++++++++++++++++++++ > meta/recipes-core/systemd/systemd_254.bb | 23 ++++ > 2 files changed, 163 insertions(+) > create mode 100644 meta/classes/uki.bbclass
Thanks a lot for submitting this! We are very interested into this. Do you have plans to respin this? Happy to help where possible :). - Erik
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#190776): https://lists.openembedded.org/g/openembedded-core/message/190776 Mute This Topic: https://lists.openembedded.org/mt/101106095/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
