Hi,

On Wed, Oct 09, 2024 at 11:36:51PM +0100, Richard Purdie wrote:
> On Wed, 2024-10-09 at 18:53 +0100, Richard Purdie via
> lists.openembedded.org wrote:
> > On Wed, 2024-10-09 at 14:26 +0300, Mikko Rapeli via
> > lists.openembedded.org wrote:
> > > These changes enable building systemd uki images which combine
> > > kernel, kernel command line, initrd and possibly signatures to
> > > a single UEFI binary. This binary can be booted with UEFI firmware
> > > and systemd-boot. No grub is needed and UEFI firmware and/or
> > > systemd-boot provide possibilities for boot menus.
> > > The uki binary can also be signed for UEFI secure boot
> > > so the secure boot extends from firmware to kernel and initrd.
> > > Binding secure boot to full userspace is then easier since for
> > > example
> > > kernel command line and initrd contain the support needed to mount
> > > encrypted dm-verity etc partitions, and/or create partitions on
> > > demand
> > > with systemd-repart using device specific TPM devices for
> > > encryption.
> > > 
> > > Tested on qemuarm64-secureboot machine from meta-arm with changes
> > > to
> > > support secure boot. Slightly different configuration tested on
> > > multiple arm64 System Ready boards with UEFI firmware, real and
> > > firmware
> > > based TPM devices. Tested with ovmf firmware on x86_64 with
> > > selftests but
> > > without secure boot which seems to be harder to setup in ovmf.
> > > 
> > > Sadly I see two wic selftests, wic.Wic2.test_rawcopy_plugin_qemu
> > > and
> > > wic.Wic2.test_expand_mbr_image, failing when executing all wic
> > > selftests
> > > on a build machine with zfs filesystem. Will investigate this
> > > further.
> > > The issue seems to be in mkfs.ext4 producing broken filesystem, and
> > > partially
> > > in the tests which don't run the correct rootfs file (.ext4 vs
> > > .wic).
> > > Will debug this further and it is IMO unrelated to these changes
> > > since
> > > they reproduce on pure master branch without this series.
> > > 
> > > v6: fixed wic refactoring botch which broken non-uki systemd-boot
> > > usage on
> > >     genericarm64 reported by Ross Burton <[email protected]>,
> > > added
> > >     selftest to cover this wks usage on x86 and aarch64
> > > 
> > > v5: drop patch "image_types_wic.bbclass: set systemd-boot and os-
> > > release
> > >     dependency for all archs" since systemd-boot does not support
> > > all
> > >     architectures
> > > 
> > > v4: handle missing runqemu variable from build config, add
> > > python3-pefile to fast ptest list
> > > 
> > > v3: rebased, fixed and added more sefltests, removed wic plugin
> > > side uki
> > > support
> > > 
> > > v2:
> > > https://lists.openembedded.org/g/openembedded-core/message/204090
> > > 
> > 
> > This seems to be causing selftest failures unfortunately:
> > 
> > https://valkyrie.yoctoproject.org/#/builders/54/builds/206/steps/14/logs/stdio
> 
> I think something may be broken in master causing that. Not quite sure
> what/when yet.

Sorry, this is my bad. x86 test runqemu is missing ovmf argument. I don't know 
how
this slipped through. Will send a new version.

Cheers,

-Mikko
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#205387): 
https://lists.openembedded.org/g/openembedded-core/message/205387
Mute This Topic: https://lists.openembedded.org/mt/108906946/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to