Hi Mikko, On Wed Oct 23, 2024 at 2:08 PM CEST, Mikko Rapeli wrote: > These changes enable building systemd uki images which combine > kernel, kernel command line, initrd and possibly signatures to > a single UEFI binary. This binary can be booted with UEFI firmware > and systemd-boot. No grub is needed and UEFI firmware and/or > systemd-boot provide possibilities for boot menus. > The uki binary can also be signed for UEFI secure boot > so the secure boot extends from firmware to kernel and initrd. > Binding secure boot to full userspace is then easier since for example > kernel command line and initrd contain the support needed to mount > encrypted dm-verity etc partitions, and/or create partitions on demand > with systemd-repart using device specific TPM devices for encryption.
Now that this class has made it into master, we need to document it in https://git.yoctoproject.org/yocto-docs. Would you be able to help writing some documentation about this class and the related variables it defines? It would need to be part of documentation/ref-manual/classes.rst, and the variables would need to be documented in documentation/ref-manual/variables.rst. Regards, Antonin -- Antonin Godard, Bootlin Embedded Linux and Kernel engineering https://bootlin.com
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#206683): https://lists.openembedded.org/g/openembedded-core/message/206683 Mute This Topic: https://lists.openembedded.org/mt/109169005/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
