Thanks a lot for the details. Will go through them and get back to you. Thanks Srinivas
On Tue, Oct 15, 2024 at 4:27 PM Luca Boccassi <[email protected]> wrote: > Yes addons have to be signed, otherwise it would defeat their purpose. > OSTree should to switch to other mechanisms, like credentials stored > in the ESP ( https://systemd.io/CREDENTIALS/ ), instead of using the > kernel command line. > > On Tue, 15 Oct 2024 at 11:45, Srinivas Naik <[email protected]> wrote: > > > > Hi All, > > I have a question on this, when secure boot is enabled, addons file also > must be signed? > > On devices which use OSTree for OTA, there is a need to update the > command line parameter at run time with the latest SHA deployment. > > How to do this on secure boot enabled devices since command line > parameters mentioned in the config file will not be picked. > > > > Thanks > > Srinivas > > > > On Thu, Oct 10, 2024 at 4:13 AM Mah, Yock Gen <[email protected]> > wrote: > >> > >> It's works, really appreciate your help, Lennart! > >> > >> -----Original Message----- > >> From: Lennart Poettering <[email protected]> > >> Sent: Tuesday, October 8, 2024 9:39 PM > >> To: Mah, Yock Gen <[email protected]> > >> Cc: [email protected] > >> Subject: Re: [systemd-devel] Passing Kernel Params from systemd-boot > for Secure Boot UKI > >> > >> On Di, 08.10.24 12:37, Mah, Yock Gen ([email protected]) wrote: > >> > >> > Really appreciate! I tried to create an PE "addon" using below: > >> > > >> > echo "yockgen=b" > cmdline.txt > >> > > >> > objcopy --input binary --output efi-app-x86_64 cmdline.txt > >> > bootdm_b.addon.efi > >> > >> This doesn't look right. You must insert the cmdline in the ".cmdline" > >> PE section, of course. As mentioned, addons follow the same structure > as UKIs after all. > >> > >> We generally recommend using ukify for generating UKIs and PE addons. > >> > >> The man page even has an example doing exactly what you need to do: > >> > >> https://github.com/systemd/systemd/blob/main/man/ukify.xml#L674 > >> > >> Lennart > >> > >> -- > >> Lennart Poettering, Berlin >
