Hi, On Mon, Nov 04, 2024 at 03:42:10PM +0100, Antonin Godard wrote: > Hi Mikko, > > On Wed Oct 23, 2024 at 2:08 PM CEST, Mikko Rapeli wrote: > > These changes enable building systemd uki images which combine > > kernel, kernel command line, initrd and possibly signatures to > > a single UEFI binary. This binary can be booted with UEFI firmware > > and systemd-boot. No grub is needed and UEFI firmware and/or > > systemd-boot provide possibilities for boot menus. > > The uki binary can also be signed for UEFI secure boot > > so the secure boot extends from firmware to kernel and initrd. > > Binding secure boot to full userspace is then easier since for example > > kernel command line and initrd contain the support needed to mount > > encrypted dm-verity etc partitions, and/or create partitions on demand > > with systemd-repart using device specific TPM devices for encryption. > > Now that this class has made it into master, we need to document it in > https://git.yoctoproject.org/yocto-docs. Would you be able to help writing > some > documentation about this class and the related variables it defines? It would > need to be part of documentation/ref-manual/classes.rst, and the variables > would > need to be documented in documentation/ref-manual/variables.rst.
Sure, on my todo. Feel free to send something if I don't get into it in time. Struggling with some trivialities currently: rm_work wiping rootfs and wic creating and empty rootfs instead, breaking builds and tests and hindering debugging... Cheers, -Mikko
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#206684): https://lists.openembedded.org/g/openembedded-core/message/206684 Mute This Topic: https://lists.openembedded.org/mt/109169005/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
