Hi, On Tue, Oct 08, 2024 at 05:09:16PM +0000, Ross Burton wrote: > On 1 Oct 2024, at 09:28, Mikko Rapeli via lists.openembedded.org > <[email protected]> wrote: > > These changes enable building systemd uki images which combine > > kernel, kernel command line, initrd and possibly signatures to > > a single UEFI binary. This binary can be booted with UEFI firmware > > and systemd-boot. No grub is needed and UEFI firmware and/or > > systemd-boot provide possibilities for boot menus. > > The uki binary can also be signed for UEFI secure boot > > so the secure boot extends from firmware to kernel and initrd. > > Binding secure boot to full userspace is then easier since for example > > kernel command line and initrd contain the support needed to mount > > encrypted dm-verity etc partitions, and/or create partitions on demand > > with systemd-repart using device specific TPM devices for encryption. > > Something in here breaks a wic/efi image when I don’t touch anything else. > eg genericarm64 with systemd: > > U-Boot 2024.07 (Jul 01 2024 - 18:07:18 +0000) > > DRAM: 256 MiB > Core: 51 devices, 14 uclasses, devicetree: board > Flash: 64 MiB > Loading Environment from Flash... *** Warning - bad CRC, using default > environment > > In: serial,usbkbd > Out: serial,vidconsole > Err: serial,vidconsole > No USB controllers found > Net: eth0: virtio-net#32 > > starting USB... > No USB controllers found > Hit any key to stop autoboot: 0 > Scanning for bootflows in all bootdevs > Seq Method State Uclass Part Name Filename > --- ----------- ------ -------- ---- ------------------------ > ---------------- > Scanning global bootmeth 'efi_mgr': > No EFI system partition > No EFI system partition > Failed to persist EFI variables > No EFI system partition > Failed to persist EFI variables > No EFI system partition > Failed to persist EFI variables > Missing TPMv2 device for EFI_TCG_PROTOCOL > 0 efi_mgr ready (none) 0 <NULL> > ** Booting bootflow '<NULL>' with efi_mgr > Booting: virtio 0 > No loader found. Configuration files in \loader\entries\*.conf are needed. > > Looks like the /boot partition doesn’t have what it should in.
Ok sorry about this. I missed meta-yocto-bsp/wic/genericarm64.wks.in setup when changing wic uki generation to uki.bbclass. I'll send a fix. I hope this was the only one. Cheers, -Mikko
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#205339): https://lists.openembedded.org/g/openembedded-core/message/205339 Mute This Topic: https://lists.openembedded.org/mt/108754275/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
