From 4e8716628f3086f759d0ad0b6f90aa8df30a0803 Mon Sep 17 00:00:00 2001 From: Samuel Dolt Date: Fri, 20 Jan 2023 15:37:25 +0100 Subject: [PATCH] feat(efibootguard): replace systemd-boot by efibootguard We are now using efibootguard to provide a A/B boot path for the kernel and the rootfs. This commit remove some change for systemd/systemd-boot that are not needed anymore and rework how we set the command line, as we will need to have the command line argument of the kernel both inside do_image_wic and in a future do_image_swu --- .gitmodules | 4 ++ .../classes/coreos-bsp-config.bbclass | 44 ------------- .../conf/machine/beaglebone.conf | 14 ++-- .../include/coreos-generic-features/efi.inc | 16 +++++ .../legacy-mbr-disk.inc | 15 +++++ .../include/coreos-generic-machine/vm.inc | 4 +- .../efibootguard/efibootguard_%.bbappend | 11 ++++ .../systemd/systemd-boot_250.5.bbappend | 11 ---- .../linux/linux-yocto-coreos-efi.inc | 19 ++++-- .../wic/beaglebone-sdcard.wks.in | 11 ++++ .../wic/beaglebone.wks.in | 8 --- .../wic/generic-uefi.wks.in | 10 ++- .../classes/coreos-image-uki.bbclass | 65 +++++++++++++++++++ .../classes/coreos-image.bbclass | 18 +++-- .../conf/distro/belden-coreos.conf | 1 - .../systemd/systemd_250.5.bbappend | 17 ----- .../conf/machine/include/cn913x.inc | 6 +- .../wic/cn913x-sdcard.wks.in | 9 ++- layers/meta-efibootguard | 1 + 19 files changed, 179 insertions(+), 105 deletions(-) delete mode 100644 layers/meta-belden-coreos-bsp/classes/coreos-bsp-config.bbclass create mode 100644 layers/meta-belden-coreos-bsp/conf/machine/include/coreos-generic-features/efi.inc create mode 100644 layers/meta-belden-coreos-bsp/conf/machine/include/coreos-generic-features/legacy-mbr-disk.inc create mode 100644 layers/meta-belden-coreos-bsp/recipes-bsp/efibootguard/efibootguard_%.bbappend delete mode 100644 layers/meta-belden-coreos-bsp/recipes-core/systemd/systemd-boot_250.5.bbappend create mode 100644 layers/meta-belden-coreos-bsp/wic/beaglebone-sdcard.wks.in delete mode 100644 layers/meta-belden-coreos-bsp/wic/beaglebone.wks.in create mode 100644 layers/meta-belden-coreos/classes/coreos-image-uki.bbclass delete mode 100644 layers/meta-belden-coreos/recipes-core/systemd/systemd_250.5.bbappend create mode 160000 layers/meta-efibootguard diff --git a/.gitmodules b/.gitmodules index b797673..adb667a 100644 --- a/.gitmodules +++ b/.gitmodules @@ -14,3 +14,7 @@ path = layers/meta-virtualization url = ssh://git@bitbucket.gad.local:7999/ico/meta-virtualization.git branch = kirkstone +[submodule "layers/meta-efibootguard"] + path = layers/meta-efibootguard + url = ssh://git@bitbucket.gad.local:7999/ico/meta-efibootguard.git + branch = coreos/master diff --git a/layers/meta-belden-coreos-bsp/classes/coreos-bsp-config.bbclass b/layers/meta-belden-coreos-bsp/classes/coreos-bsp-config.bbclass deleted file mode 100644 index 178e5c7..0000000 --- a/layers/meta-belden-coreos-bsp/classes/coreos-bsp-config.bbclass +++ /dev/null @@ -1,44 +0,0 @@ -# This class is ihnerited globally in the CoreOS distro -# ============================================================================== -# -# This class change the default of variables that are usually set in the machine -# configuration - -# EFI Configuration -# ============================================================================== - -# EFI is a requirement for CoreOS -MACHINE_FEATURES:append = "efi" -MACHINE_FEATURES:remove:container = "efi" - -# If a bootloader is used, it should be systemd-boot and not grub-efi as set -# in packagegroup-core-boot by default. -EFI_PROVIDER ?= "systemd-boot" - -# Variables used in *.wks.in files -# ============================================================================== - -# Partition type UUIDs -# ============================================================================== - -# See https://uapi-group.org/specifications/specs/discoverable_partitions_specification/ -WKS_GPT_PART_UUID_ROOT:arm = "69DAD710-2CE4-4E3C-B16C-21A1D49ABED3" -WKS_GPT_PART_UUID_ROOT:aarch64 = "B921B045-1DF0-41C3-AF44-4C6F280D3FAE" -WKS_GPT_PART_UUID_ROOT:x86-64 = "4F68BCE3-E8CD-4DB1-96E7-FBCAF984B709" - -WKS_GPT_PART_UUID_EFI = "C12A7328-F81F-11D2-BA4B-00A0C93EC93B" - -# For MBR disk, the EFI partition should use --system-id 0xef - -# For GPT disk -WKS_MBR_PART_EFI ??= 'part /boot --source bootimg-efi --sourceparams="loader=${EFI_PROVIDER}" --align 1024 --label EFI --system-id 0xef' -WKS_GPT_PART_EFI ??= 'part /boot --source bootimg-efi --sourceparams="loader=${EFI_PROVIDER}" --align 1024 --label EFI --part-type "${WKS_GPT_PART_UUID_EFI}"' - -WKS_MBR_PART_ROOT ??= 'part / --source rootfs --fstype=ext4 --label root --align 1024 --use-uuid' -WKS_GPT_PART_ROOT ??= 'part / --source rootfs --fstype=ext4 --label root --align 1024 --use-uuid --part-type ${WKS_GPT_PART_UUID_ROOT}' - - -WKS_KERNEL_ARGS_EXTRA ??= "console=ttyS0,115200 console=tty0" -WKS_KERNEL_ARGS ??= "rootfstype=ext4 rootwait ${WKS_KERNEL_ARGS_EXTRA}" - -WKS_BOOTLOADER_ARGS ??= '--timeout=5 --append="${WKS_KERNEL_ARGS}"' diff --git a/layers/meta-belden-coreos-bsp/conf/machine/beaglebone.conf b/layers/meta-belden-coreos-bsp/conf/machine/beaglebone.conf index aa5c135..c294280 100644 --- a/layers/meta-belden-coreos-bsp/conf/machine/beaglebone.conf +++ b/layers/meta-belden-coreos-bsp/conf/machine/beaglebone.conf @@ -9,13 +9,14 @@ DEFAULTTUNE ?= "cortexa8hf-neon" include conf/machine/include/arm/armv7a/tune-cortexa8.inc IMAGE_FSTYPES += "wic wic.xz wic.bmap" -WKS_FILE ?= "beaglebone.wks.in" +WKS_FILE ?= "beaglebone-sdcard.wks.in" MACHINE_ESSENTIAL_EXTRA_RDEPENDS += "kernel-image kernel-devicetree" do_image_wic[depends] += "mtools-native:do_populate_sysroot dosfstools-native:do_populate_sysroot gptfdisk-native:do_populate_sysroot virtual/bootloader:do_deploy" do_image_wic[recrdeptask] += "do_bootimg" SERIAL_CONSOLES ?= "115200;ttyS0 115200;ttyO0 115200;ttyAMA0" SERIAL_CONSOLES_CHECK = "${SERIAL_CONSOLES}" +APPEND:append = " console=ttyS0,115200" PREFERRED_PROVIDER_virtual/kernel ?= "linux-yocto" PREFERRED_VERSION_linux-yocto ?= "5.15%" @@ -32,10 +33,9 @@ UBOOT_MACHINE = "am335x_evm_defconfig" UBOOT_ENTRYPOINT = "0x80008000" UBOOT_LOADADDRESS = "0x80008000" -MACHINE_FEATURES = "usbgadget usbhost vfat alsa efi" +MACHINE_FEATURES = "usbgadget usbhost vfat alsa" IMAGE_BOOT_FILES ?= "u-boot.${UBOOT_SUFFIX} ${SPL_BINARY}" -# ${KERNEL_IMAGETYPE} ${KERNEL_DEVICETREE} IMAGE_EFI_BOOT_FILES ?= "${KERNEL_DEVICETREE}" # support runqemu @@ -43,7 +43,7 @@ EXTRA_IMAGEDEPENDS += "qemu-native qemu-helper-native" IMAGE_CLASSES += "qemuboot" QB_DEFAULT_FSTYPE = "wic" QB_FSINFO = "wic:no-kernel-in-fs" -QB_KERNEL_ROOT = "/dev/vda2" +QB_KERNEL_ROOT = "/dev/vda3" QB_SYSTEM_NAME = "qemu-system-arm" QB_MACHINE = "-machine virt" QB_CPU = "-cpu cortex-a15" @@ -54,3 +54,9 @@ QB_NETWORK_DEVICE = "-device virtio-net-device,netdev=net0,mac=@MAC@" QB_ROOTFS_OPT = "-drive id=disk0,file=@ROOTFS@,if=none,format=raw -device virtio-blk-device,drive=disk0" QB_SERIAL_OPT = "" QB_TCPSERIAL_OPT = "-device virtio-serial-device -chardev socket,id=virtcon,port=@PORT@,host=127.0.0.1 -device virtconsole,chardev=virtcon" + +# No watchdog available yet +EFIBOOTGUARD_TIMEOUT ?= "0" + +require conf/machine/include/coreos-generic-features/efi.inc +require conf/machine/include/coreos-generic-features/legacy-mbr-disk.inc diff --git a/layers/meta-belden-coreos-bsp/conf/machine/include/coreos-generic-features/efi.inc b/layers/meta-belden-coreos-bsp/conf/machine/include/coreos-generic-features/efi.inc new file mode 100644 index 0000000..b47f772 --- /dev/null +++ b/layers/meta-belden-coreos-bsp/conf/machine/include/coreos-generic-features/efi.inc @@ -0,0 +1,16 @@ +# EFI Configuration +# ============================================================================== + +MACHINE_FEATURES:append = " efi" +EFI_PROVIDER = "efibootguard" +EFIBOOTGUARD_TIMEOUT ?= "60" + +do_image_wic[depends] += "efibootguard-native:do_populate_sysroot efibootguard:do_deploy" + +# Variable used in WKS file + +WKS_PART_EFI ??= 'part --source efibootguard-efi --label efi --align 1024 --part-type=EF00' +WKS_PART_ROOT_A ??= 'part / --source rootfs --fstype=ext4 --label platform0 --align 1024' +WKS_PART_ROOT_B ??= 'part --fstype=ext4 --label platform1 --align 1024' +WKS_PART_EFIBOOTGUARD_A ??= 'part --source efibootguard-boot --label boot0 --align 1024 --part-type=0700 --sourceparams "watchdog=${EFIBOOTGUARD_TIMEOUT},revision=2,kernel=kernel0-${MACHINE}.efi;KERNEL0.EFI"' +WKS_PART_EFIBOOTGUARD_B ??= 'part --source efibootguard-boot --label boot1 --align 1024 --part-type=0700 --sourceparams "watchdog=${EFIBOOTGUARD_TIMEOUT},revision=1,kernel=kernel1-${MACHINE}.efi;KERNEL1.EFI"' diff --git a/layers/meta-belden-coreos-bsp/conf/machine/include/coreos-generic-features/legacy-mbr-disk.inc b/layers/meta-belden-coreos-bsp/conf/machine/include/coreos-generic-features/legacy-mbr-disk.inc new file mode 100644 index 0000000..a20b26e --- /dev/null +++ b/layers/meta-belden-coreos-bsp/conf/machine/include/coreos-generic-features/legacy-mbr-disk.inc @@ -0,0 +1,15 @@ + +# MBR disk are still supported by CoreOS, but only for legacy product +# This ensure that efibootguard / swupdate work with MBR disk + +# Do not include this file in a machine configuration if the machine support +# a GPT disk instead +COREOS_DISK_PARTLABEL_LOOKUP_DIRECTORY ?= "/dev/disk/by-label" + +COREOS_PLATFORM0_ROOT ?= "LABEL=platform0" +COREOS_PLATFORM1_ROOT ?= "LABEL=platform1" + +# MBR disk can't use --part-type but can use system-id +WKS_PART_EFI ?= 'part --source efibootguard-efi --label efi --system-id 0xef' +WKS_PART_EFIBOOTGUARD_A ?= 'part --source efibootguard-boot --label boot0 --sourceparams "watchdog=${EFIBOOTGUARD_TIMEOUT},revision=2,kernel=kernel0-${MACHINE}.efi;KERNEL0.EFI"' +WKS_PART_EFIBOOTGUARD_B ?= 'part --source efibootguard-boot --label boot1 --sourceparams "watchdog=${EFIBOOTGUARD_TIMEOUT},revision=1,kernel=kernel1-${MACHINE}.efi;KERNEL1.EFI"' diff --git a/layers/meta-belden-coreos-bsp/conf/machine/include/coreos-generic-machine/vm.inc b/layers/meta-belden-coreos-bsp/conf/machine/include/coreos-generic-machine/vm.inc index 2d88773..eef8e70 100644 --- a/layers/meta-belden-coreos-bsp/conf/machine/include/coreos-generic-machine/vm.inc +++ b/layers/meta-belden-coreos-bsp/conf/machine/include/coreos-generic-machine/vm.inc @@ -19,4 +19,6 @@ do_image_wic[recrdeptask] += "do_bootimg" # CoreOS Specific Machine settings # ============================================================================== -COREOS_EFI_SECUREBOOT_INSTALL_PUBKEY_IN_EFIDIR = "1" \ No newline at end of file +COREOS_EFI_SECUREBOOT_INSTALL_PUBKEY_IN_EFIDIR = "1" + +require conf/machine/include/coreos-generic-features/efi.inc diff --git a/layers/meta-belden-coreos-bsp/recipes-bsp/efibootguard/efibootguard_%.bbappend b/layers/meta-belden-coreos-bsp/recipes-bsp/efibootguard/efibootguard_%.bbappend new file mode 100644 index 0000000..cf840b0 --- /dev/null +++ b/layers/meta-belden-coreos-bsp/recipes-bsp/efibootguard/efibootguard_%.bbappend @@ -0,0 +1,11 @@ +# Add signature support + +inherit coreos-efi-sbsign +require conf/image-uefi.conf + +do_deploy:append() { + + if [ -f "${DEPLOYDIR}/efibootguard${EFI_ARCH}.efi" ]; then + coreos_efi_secureboot_sign_app "${DEPLOYDIR}/efibootguard${EFI_ARCH}.efi" + fi +} diff --git a/layers/meta-belden-coreos-bsp/recipes-core/systemd/systemd-boot_250.5.bbappend b/layers/meta-belden-coreos-bsp/recipes-core/systemd/systemd-boot_250.5.bbappend deleted file mode 100644 index e2ee09e..0000000 --- a/layers/meta-belden-coreos-bsp/recipes-core/systemd/systemd-boot_250.5.bbappend +++ /dev/null @@ -1,11 +0,0 @@ -# Add signature support - -inherit coreos-efi-sbsign - -do_install:append() { - coreos_efi_secureboot_sign_app "${D}${EFI_FILES_PATH}/${SYSTEMD_BOOT_IMAGE}" -} - -do_deploy:append() { - coreos_efi_secureboot_sign_app ${DEPLOYDIR}/systemd-${SYSTEMD_BOOT_IMAGE} -} \ No newline at end of file diff --git a/layers/meta-belden-coreos-bsp/recipes-kernel/linux/linux-yocto-coreos-efi.inc b/layers/meta-belden-coreos-bsp/recipes-kernel/linux/linux-yocto-coreos-efi.inc index bd0132e..686d3c6 100644 --- a/layers/meta-belden-coreos-bsp/recipes-kernel/linux/linux-yocto-coreos-efi.inc +++ b/layers/meta-belden-coreos-bsp/recipes-kernel/linux/linux-yocto-coreos-efi.inc @@ -1,14 +1,23 @@ inherit coreos-efi-sbsign +require conf/image-uefi.conf # Ensure EFI STUB is enabled KERNEL_FEATURES:append = " cfg/efi.scc cfg/efi-ext.scc" +# By default we use a Unified Kernel Image that contain the kernel, the +# kernel command line and some device tree, so we don't need to sign the output +# of the kernel recipes +COREOS_KERNEL_EFI_SIGNED ??= "0" + # Extend the kernel_do_deploy function from kernel.bbclass to sign the kernel kernel_do_deploy:append() { - deployDir="${DEPLOYDIR}" - for imageType in ${KERNEL_IMAGETYPES} ; do - baseName=$imageType-${KERNEL_IMAGE_NAME} - coreos_efi_secureboot_sign_app $deployDir/$baseName${KERNEL_IMAGE_BIN_EXT} - done + if [ "${COREOS_KERNEL_EFI_SIGNED}" == "1" ]; then + deployDir="${DEPLOYDIR}" + for imageType in ${KERNEL_IMAGETYPES} ; do + baseName="$imageType-${KERNEL_IMAGE_NAME}" + coreos_efi_secureboot_sign_app "$deployDir/$baseName${KERNEL_IMAGE_BIN_EXT}" + done + fi } + diff --git a/layers/meta-belden-coreos-bsp/wic/beaglebone-sdcard.wks.in b/layers/meta-belden-coreos-bsp/wic/beaglebone-sdcard.wks.in new file mode 100644 index 0000000..c5c08d8 --- /dev/null +++ b/layers/meta-belden-coreos-bsp/wic/beaglebone-sdcard.wks.in @@ -0,0 +1,11 @@ +# short-description: Create SD card image for Beaglebone +# long-description: Creates a partitioned SD card image for Beaglebone. +# Boot files are located in the first vfat partition. + +part --source bootimg-partition --ondisk mmcblk0 --fstype=vfat --label boot --active --align 4 --fixed-size 32 +${WKS_PART_EFI} --ondisk mmcblk0 --align 1024 --fixed-size 32 +${WKS_PART_ROOT_A} --ondisk mmcblk0 --fixed-size 2G +${WKS_PART_ROOT_B} --ondisk mmcblk0 --fixed-size 2G +${WKS_PART_EFIBOOTGUARD_A} --ondisk mmcblk0 --align 1024 --fixed-size 32 +${WKS_PART_EFIBOOTGUARD_B} --ondisk mmcblk0 --align 1024 --fixed-size 32 +bootloader --ptable msdos diff --git a/layers/meta-belden-coreos-bsp/wic/beaglebone.wks.in b/layers/meta-belden-coreos-bsp/wic/beaglebone.wks.in deleted file mode 100644 index bd032ef..0000000 --- a/layers/meta-belden-coreos-bsp/wic/beaglebone.wks.in +++ /dev/null @@ -1,8 +0,0 @@ -# short-description: Create SD card image for Beaglebone -# long-description: Creates a partitioned SD card image for Beaglebone. -# Boot files are located in the first vfat partition. - -part --source bootimg-partition --ondisk mmcblk0 --fstype=vfat --label boot --active --align 4 --fixed-size 32 -${WKS_MBR_PART_EFI} --ondisk mmcblk0 -${WKS_MBR_PART_ROOT} --ondisk mmcblk0 -bootloader ${WKS_BOOTLOADER_ARGS} diff --git a/layers/meta-belden-coreos-bsp/wic/generic-uefi.wks.in b/layers/meta-belden-coreos-bsp/wic/generic-uefi.wks.in index c39726c..31ff6b4 100644 --- a/layers/meta-belden-coreos-bsp/wic/generic-uefi.wks.in +++ b/layers/meta-belden-coreos-bsp/wic/generic-uefi.wks.in @@ -1,6 +1,10 @@ # short-description: Create an EFI disk image for genericx86* # long-description: Creates a partitioned EFI disk image for genericx86* machines -${WKS_GPT_PART_EFI} --ondisk sda -${WKS_GPT_PART_ROOT} --ondisk sda +${WKS_PART_EFI} --ondisk sda --align 1024 --fixed-size 32 +${WKS_PART_ROOT_A} --ondisk sda --fixed-size 2G +${WKS_PART_ROOT_B} --ondisk sda --fixed-size 2G +${WKS_PART_EFIBOOTGUARD_A} --ondisk sda --align 1024 --fixed-size 32 +${WKS_PART_EFIBOOTGUARD_B} --ondisk sda --align 1024 --fixed-size 32 + part swap --ondisk sda --size 44 --label swap1 --fstype=swap -bootloader --ptable gpt ${WKS_BOOTLOADER_ARGS} +bootloader --ptable gpt diff --git a/layers/meta-belden-coreos/classes/coreos-image-uki.bbclass b/layers/meta-belden-coreos/classes/coreos-image-uki.bbclass new file mode 100644 index 0000000..0651d5e --- /dev/null +++ b/layers/meta-belden-coreos/classes/coreos-image-uki.bbclass @@ -0,0 +1,65 @@ +# This class generate the UKI kernel needed by WIC and by swupdate +# This class should not be used directly, as it's ihnerited by +# the coreos-image class + +require conf/image-uefi.conf +inherit kernel-artifact-names +inherit coreos-efi-sbsign + +# Output file name +# ============================================================================== + +COREOS_KERNEL_EXT ??= ".efi" +COREOS_KERNEL0_NAME ??= "kernel0-${MACHINE}" +COREOS_KERNEL1_NAME ??= "kernel1-${MACHINE}" +COREOS_KERNEL0_FILENAME ??= "${COREOS_KERNEL0_NAME}${COREOS_KERNEL_EXT}" +COREOS_KERNEL1_FILENAME ??= "${COREOS_KERNEL1_NAME}${COREOS_KERNEL_EXT}" + +# Kernel command line +# ============================================================================== + +APPEND += "rootwait " +COREOS_PLATFORM0_ROOT ??= "PARTLABEL=platform0" +COREOS_PLATFORM1_ROOT ??= "PARTLABEL=platform1" +COREOS_KERNEL0_CMDLINE ??= "root=${COREOS_PLATFORM0_ROOT} ${APPEND}" +COREOS_KERNEL1_CMDLINE ??= "root=${COREOS_PLATFORM0_ROOT} ${APPEND}" + +# UKI Generation +# ============================================================================== + +do_bundle_uki() { + deployDir="${DEPLOY_DIR_IMAGE}" + kernel=${KERNEL_IMAGETYPE}-${MACHINE}${KERNEL_IMAGE_BIN_EXT} + + # Create an array with device tree if any + DTB_PARAMS="" + for dtb in ${KERNEL_DEVICETREE}; do + # Bitbake allow full path inside KERNEL_DEVICETREE, but we want the + # filename only + dtb=$(basename "${dtb}") + DTB_PARAMS="${DTB_PARAMS} --dtb=${deployDir}/${dtb}" + done + + echo "kernel: ${kernel}" + echo "dtb: ${DTB_PARAMS}" + + bg_gen_unified_kernel \ + "${STAGING_LIBDIR}/efibootguard/kernel-stub${EFI_ARCH}.efi" \ + "${deployDir}/${kernel}" \ + "${deployDir}/${COREOS_KERNEL0_FILENAME}" \ + --cmdline "console=ttyS0,115200 root=${COREOS_PLATFORM0_ROOT} rootwait " \ + ${DTB_PARAMS} + + bg_gen_unified_kernel \ + "${STAGING_LIBDIR}/efibootguard/kernel-stub${EFI_ARCH}.efi" \ + "${deployDir}/${kernel}" \ + "${deployDir}/${COREOS_KERNEL1_FILENAME}" \ + --cmdline "console=ttyS0,115200 root=${COREOS_PLATFORM1_ROOT} rootwait " \ + ${DTB_PARAMS} + + coreos_efi_secureboot_sign_app "${deployDir}/${COREOS_KERNEL0_FILENAME}" + coreos_efi_secureboot_sign_app "${deployDir}/${COREOS_KERNEL1_FILENAME}" +} + +do_bundle_uki[depends] += "virtual/kernel:do_deploy efibootguard-native:do_populate_sysroot efibootguard:do_populate_sysroot" +addtask bundle_uki after do_rootfs before do_image diff --git a/layers/meta-belden-coreos/classes/coreos-image.bbclass b/layers/meta-belden-coreos/classes/coreos-image.bbclass index 567fc1c..fb7e07a 100644 --- a/layers/meta-belden-coreos/classes/coreos-image.bbclass +++ b/layers/meta-belden-coreos/classes/coreos-image.bbclass @@ -63,14 +63,12 @@ PACKAGE_EXCLUDE_COMPLEMENTARY:append = "${@bb.utils.contains_any('PACKAGE_INSTAL # An error exception would be raised if both image features foo and bar1(or bar2) are included -COREOS_IMAGE_BASE_INSTALL = '\ +COREOS_IMAGE_BASE_INSTALL = "\ packagegroup-core-boot \ packagegroup-base-extended \ - \ - efibootmgr \ - efivar \ + ${@'efibootguard-tools' if d.getVar('EFI_PROVIDER') == 'efibootguard' else ''} \ os-release \ - ' + " COREOS_IMAGE_EXTRA_INSTALL ?= "" @@ -87,3 +85,13 @@ IMAGE_FEATURES:append = " ${@bb.utils.contains('EXTRA_IMAGE_FEATURES', 'debug-tw # Add some extra space, as done in core-image-minimal IMAGE_ROOTFS_EXTRA_SPACE:append = " ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', ' + 4096', '', d)}" + +# Unified kernel image and swupdate support +# ============================================================================== + +COREOS_IMAGE_GENERATE_UKI ??= "${@bb.utils.contains('COMBINED_FEATURES', 'efi', '1', '0', d)}" + +# Support for Unified Kernel Image and Swupdate are optional +COREOS_IMAGE_EXTRACLASSES ??= "" +COREOS_IMAGE_EXTRACLASSES:append = "${@' coreos-image-uki' if d.getVar('COREOS_IMAGE_GENERATE_UKI') == '1' else ''}" +inherit ${COREOS_IMAGE_EXTRACLASSES} diff --git a/layers/meta-belden-coreos/conf/distro/belden-coreos.conf b/layers/meta-belden-coreos/conf/distro/belden-coreos.conf index a59ec22..4f2a94c 100644 --- a/layers/meta-belden-coreos/conf/distro/belden-coreos.conf +++ b/layers/meta-belden-coreos/conf/distro/belden-coreos.conf @@ -61,7 +61,6 @@ SDKPATHINSTALL = "/opt/${DISTRO}/${SDK_VERSION}" # Secure boot # ============================================================================== -INHERIT += "coreos-bsp-config" INHERIT += "coreos-efi-secureboot" # Virtualization configuration diff --git a/layers/meta-belden-coreos/recipes-core/systemd/systemd_250.5.bbappend b/layers/meta-belden-coreos/recipes-core/systemd/systemd_250.5.bbappend deleted file mode 100644 index 056448e..0000000 --- a/layers/meta-belden-coreos/recipes-core/systemd/systemd_250.5.bbappend +++ /dev/null @@ -1,17 +0,0 @@ - -# Compile and install the bootctl command by default -#=============================================================================== - -# bootctl command is only built if the gnu-efi feature is enables -PACKAGECONFIG:append = " ${@bb.utils.contains('DISTRO_FEATURES', 'efi', 'gnu-efi', '', d)}" - -# Enabling gnu-efi does create stub file inside /usr/lib/systemd/boot/efi/ -# this generate some QA errors: -# ERROR: systemd-1_250.5-r0 do_package_qa: QA Issue: -# File /usr/lib/systemd/boot/efi/linuxarm.elf.stub in package systemd doesn't -# have GNU_HASH (didn't pass LDFLAGS?) [ldflags] -# -# Theses files are already by the systemd-boot recipes, so we can delete them -do_install:append() { - rm -r ${D}/${libdir}/systemd/boot -} diff --git a/layers/meta-belden-marvell-bsp/conf/machine/include/cn913x.inc b/layers/meta-belden-marvell-bsp/conf/machine/include/cn913x.inc index 410ed04..2469a8c 100644 --- a/layers/meta-belden-marvell-bsp/conf/machine/include/cn913x.inc +++ b/layers/meta-belden-marvell-bsp/conf/machine/include/cn913x.inc @@ -33,8 +33,6 @@ KERNEL_EXTRA_ARGS += "LOADADDR=${UBOOT_ENTRYPOINT}" KERNEL_DEFCONFIG ?= "cn9130-netmodule_defconfig" -# By default we compile all supported cn913x devicetree. The devicetree to use -# is then set for each machine with the KERNEL_DEVICETREE_TO_USE variable KERNEL_DEVICETREE ?= "\ marvell/${MACHINE}.dtb \ " @@ -44,6 +42,7 @@ KERNEL_DEVICETREE ?= "\ SERIAL_CONSOLES = "115200;ttyS0 115200;ttyAMA0" SERIAL_CONSOLES_CHECK ?= "${SERIAL_CONSOLES}" +APPEND += "console=ttyS0,115200" # Image generation # ****************************************************************************** @@ -55,4 +54,5 @@ WKS_FILE = "cn913x-sdcard.wks.in" IMAGE_FSTYPES += "wic.xz wic.bmap" MACHINE_ESSENTIAL_EXTRA_RDEPENDS += " kernel-modules kernel-devicetree" -IMAGE_EFI_BOOT_FILES ?= "${MACHINE}.dtb" + +require conf/machine/include/coreos-generic-features/efi.inc diff --git a/layers/meta-belden-marvell-bsp/wic/cn913x-sdcard.wks.in b/layers/meta-belden-marvell-bsp/wic/cn913x-sdcard.wks.in index 61cfbb4..6a7734e 100644 --- a/layers/meta-belden-marvell-bsp/wic/cn913x-sdcard.wks.in +++ b/layers/meta-belden-marvell-bsp/wic/cn913x-sdcard.wks.in @@ -12,7 +12,10 @@ part --offset 4096S --source rawcopy --sourceparams="file=flash-image.bin" --ondisk mmcblk1 part --offset 12288S --source rawcopy --sourceparams="file=flash-image.bin" --ondisk mmcblk1 -${WKS_GPT_PART_EFI} --ondisk mmcblk1 --offset 20480S -${WKS_GPT_PART_ROOT} --ondisk mmcblk1 -bootloader --ptable gpt ${WKS_BOOTLOADER_ARGS} +${WKS_PART_EFI} --ondisk mmcblk1 --offset 20480S --fixed-size 64M +${WKS_PART_ROOT_A} --ondisk mmcblk1 --fixed-size 2G +${WKS_PART_ROOT_B} --ondisk mmcblk1 --fixed-size 2G +${WKS_PART_EFIBOOTGUARD_A} --ondisk mmcblk1 --align 1024 --fixed-size 128M +${WKS_PART_EFIBOOTGUARD_B} --ondisk mmcblk1 --align 1024 --fixed-size 128M +bootloader --ptable gpt diff --git a/layers/meta-efibootguard b/layers/meta-efibootguard new file mode 160000 index 0000000..0ae20f8 --- /dev/null +++ b/layers/meta-efibootguard @@ -0,0 +1 @@ +Subproject commit 0ae20f85ff8b2ad95b1f9522af76fc1353296cd5