Hi, On Wed, Oct 09, 2024 at 11:36:51PM +0100, Richard Purdie wrote: > On Wed, 2024-10-09 at 18:53 +0100, Richard Purdie via > lists.openembedded.org wrote: > > On Wed, 2024-10-09 at 14:26 +0300, Mikko Rapeli via > > lists.openembedded.org wrote: > > > These changes enable building systemd uki images which combine > > > kernel, kernel command line, initrd and possibly signatures to > > > a single UEFI binary. This binary can be booted with UEFI firmware > > > and systemd-boot. No grub is needed and UEFI firmware and/or > > > systemd-boot provide possibilities for boot menus. > > > The uki binary can also be signed for UEFI secure boot > > > so the secure boot extends from firmware to kernel and initrd. > > > Binding secure boot to full userspace is then easier since for > > > example > > > kernel command line and initrd contain the support needed to mount > > > encrypted dm-verity etc partitions, and/or create partitions on > > > demand > > > with systemd-repart using device specific TPM devices for > > > encryption. > > > > > > Tested on qemuarm64-secureboot machine from meta-arm with changes > > > to > > > support secure boot. Slightly different configuration tested on > > > multiple arm64 System Ready boards with UEFI firmware, real and > > > firmware > > > based TPM devices. Tested with ovmf firmware on x86_64 with > > > selftests but > > > without secure boot which seems to be harder to setup in ovmf. > > > > > > Sadly I see two wic selftests, wic.Wic2.test_rawcopy_plugin_qemu > > > and > > > wic.Wic2.test_expand_mbr_image, failing when executing all wic > > > selftests > > > on a build machine with zfs filesystem. Will investigate this > > > further. > > > The issue seems to be in mkfs.ext4 producing broken filesystem, and > > > partially > > > in the tests which don't run the correct rootfs file (.ext4 vs > > > .wic). > > > Will debug this further and it is IMO unrelated to these changes > > > since > > > they reproduce on pure master branch without this series. > > > > > > v6: fixed wic refactoring botch which broken non-uki systemd-boot > > > usage on > > > genericarm64 reported by Ross Burton <[email protected]>, > > > added > > > selftest to cover this wks usage on x86 and aarch64 > > > > > > v5: drop patch "image_types_wic.bbclass: set systemd-boot and os- > > > release > > > dependency for all archs" since systemd-boot does not support > > > all > > > architectures > > > > > > v4: handle missing runqemu variable from build config, add > > > python3-pefile to fast ptest list > > > > > > v3: rebased, fixed and added more sefltests, removed wic plugin > > > side uki > > > support > > > > > > v2: > > > https://lists.openembedded.org/g/openembedded-core/message/204090 > > > > > > > This seems to be causing selftest failures unfortunately: > > > > https://valkyrie.yoctoproject.org/#/builders/54/builds/206/steps/14/logs/stdio > > I think something may be broken in master causing that. Not quite sure > what/when yet.
Sorry, this is my bad. x86 test runqemu is missing ovmf argument. I don't know how this slipped through. Will send a new version. Cheers, -Mikko
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#205387): https://lists.openembedded.org/g/openembedded-core/message/205387 Mute This Topic: https://lists.openembedded.org/mt/108906946/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
