feat(swupdate): add efibootguard update support
This also change the beaglebone target to use a GPT partitioned disk BREAKING CHANGE: .swu image generated can not be used on old device, thus the device has to be reflashed. BREAKING CHANGE: Support for MBR formatted disk is removed, as it was only used for Beaglebone
This commit is contained in:
Samuel Dolt
parent
66461ac473
commit
fb4702780b
|
|
@ -63,6 +63,11 @@ machine.
|
|||
Firmware requirements
|
||||
---------------------
|
||||
|
||||
.. warning::
|
||||
|
||||
CoreOS support at the moment only hardware that contains a block storage
|
||||
device (SD Card, eMMC, ...) formatted with GPT. MBR disk or MTD device are
|
||||
not supported.
|
||||
|
||||
ARM32 / AArch32 based machine
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
|
@ -70,10 +75,7 @@ ARM32 / AArch32 based machine
|
|||
The firmware for ARM32 should implement a subset of the UEFI specification, as
|
||||
defined by the EBBR Specification. As this architecure is used on old hardware,
|
||||
it's ok to use the part of the specification that are marked as deprecated or
|
||||
legacy like:
|
||||
|
||||
- MBR partitionning instead of GPT
|
||||
- Fixed offsets to firmware data
|
||||
legacy.
|
||||
|
||||
We require the firmware to provide a DeviceTree based system description and not
|
||||
an ACPI based table (as allowed by the specification).
|
||||
|
|
|
|||
|
|
@ -59,12 +59,5 @@ QB_TCPSERIAL_OPT = "-device virtio-serial-device -chardev socket,id=virtcon,port
|
|||
# No watchdog available yet
|
||||
EFIBOOTGUARD_TIMEOUT ?= "0"
|
||||
|
||||
# MBR disk can't select the root device by partition label as MBR doesn't have
|
||||
# a partition label. Using filesystem label only work with an initramfs and we
|
||||
# don't support it yet.
|
||||
COREOS_PLATFORM0_ROOT ?= "/dev/mmcblk0p3"
|
||||
COREOS_PLATFORM1_ROOT ?= "/dev/mmcblk0p4"
|
||||
|
||||
require conf/machine/include/coreos-generic-features/efi.inc
|
||||
require conf/machine/include/coreos-generic-features/legacy-mbr-disk.inc
|
||||
require conf/machine/include/coreos-generic-features/emmc.inc
|
||||
|
|
|
|||
|
|
@ -2,10 +2,6 @@
|
|||
# MBR disk are still supported by CoreOS, but only for legacy product
|
||||
# This ensure that efibootguard / swupdate work with MBR disk
|
||||
|
||||
# Do not include this file in a machine configuration if the machine support
|
||||
# a GPT disk instead
|
||||
COREOS_DISK_PARTLABEL_LOOKUP_DIRECTORY ?= "/dev/disk/by-label"
|
||||
|
||||
# MBR can't disk can't use partition label, but may use filesystem label
|
||||
# This will only work with an initramfs. If no initramfs is used, this will
|
||||
# have to be set to the right disk device inside the machine configuration
|
||||
|
|
|
|||
|
|
@ -1,11 +1,20 @@
|
|||
# short-description: Create SD card image for Beaglebone
|
||||
# long-description: Creates a partitioned SD card image for Beaglebone.
|
||||
# Boot files are located in the first vfat partition.
|
||||
|
||||
part --source bootimg-partition --ondisk mmcblk0 --fstype=vfat --label boot --active --align 4 --size 32M --extra-space 0 --overhead-factor 1
|
||||
${WKS_PART_EFI} --ondisk mmcblk0 --align 1024 --size 32M --extra-space 0 --overhead-factor 1
|
||||
${WKS_PART_ROOT_A} --ondisk mmcblk0 --size 2G --extra-space 0 --overhead-factor 1
|
||||
${WKS_PART_ROOT_B} --ondisk mmcblk0 --size 2G --extra-space 0 --overhead-factor 1
|
||||
# offset 1S => 1 sector (1x512 byte)
|
||||
# The bootloader can be at 4 different position in raw mode: 0S, 256S, 512S, 768S
|
||||
# MBR disk use only the sector 0, so 1S is free
|
||||
# GPT disk use sector 0-33S, so first free slot is 256S
|
||||
# Offset are from the BBB default settings
|
||||
part --offset 256S --source rawcopy --sourceparams="file=MLO" --ondisk mmcblk0
|
||||
part --offset 768S --source rawcopy --sourceparams="file=u-boot.img" --ondisk mmcblk0
|
||||
|
||||
|
||||
# Let's define a 4MiB maximum size for the bootloader
|
||||
# 4MiB => 4*1024*1024/512=8192S | 768S + 8192S => 8960S
|
||||
${WKS_PART_EFI} --ondisk mmcblk0 --offset 8960S --align 1024 --size 32M --extra-space 0 --overhead-factor 1
|
||||
${WKS_PART_ROOT_A} --ondisk mmcblk0 --size ${WKS_PART_ROOT_SIZE} --extra-space 0 --overhead-factor 1
|
||||
${WKS_PART_ROOT_B} --ondisk mmcblk0 --size ${WKS_PART_ROOT_SIZE} --extra-space 0 --overhead-factor 1
|
||||
${WKS_PART_EFIBOOTGUARD_A} --ondisk mmcblk0 --align 1024 --size 128M --extra-space 0 --overhead-factor 1
|
||||
${WKS_PART_EFIBOOTGUARD_B} --ondisk mmcblk0 --align 1024 --size 128M --extra-space 0 --overhead-factor 1
|
||||
bootloader --ptable msdos
|
||||
bootloader --ptable gpt
|
||||
|
|
|
|||
|
|
@ -7,9 +7,6 @@
|
|||
# Swupdate image generation
|
||||
# ==============================================================================
|
||||
|
||||
# Machine using MBR override this value, see legacy-mbr-disk.inc
|
||||
COREOS_DISK_PARTLABEL_LOOKUP_DIRECTORY ??= "/dev/disk/by-partlabel"
|
||||
|
||||
IMAGE_FSTYPES:append = " ext4.zst"
|
||||
python () {
|
||||
image = d.getVar('IMAGE_BASENAME')
|
||||
|
|
@ -19,9 +16,14 @@ python () {
|
|||
inherit swupdate-image
|
||||
|
||||
# Ensure than variable used in the sw-description files are watched for change
|
||||
do_swuimage[vardeps] += "COREOS_KERNEL0_FILENAME COREOS_KERNEL1_FILENAME EFIBOOTGUARD_TIMEOUT COREOS_DISK_PARTLABEL_LOOKUP_DIRECTORY APPEND"
|
||||
do_swuimage[vardeps] += "COREOS_KERNEL0_FILENAME COREOS_KERNEL1_FILENAME EFIBOOTGUARD_TIMEOUT EFIDIR EFI_BOOT_IMAGE COREOS_EFIBOOTGUARD_FILENAME"
|
||||
do_swuimage[deptask] += "do_bundle_uki"
|
||||
SWUPDATE_IMAGES += "${COREOS_KERNEL0_NAME} ${COREOS_KERNEL1_NAME}"
|
||||
|
||||
COREOS_EFIBOOTGUARD_NAME ?= "efibootguard${EFI_ARCH}"
|
||||
COREOS_EFIBOOTGUARD_EXT ?= ".efi"
|
||||
COREOS_EFIBOOTGUARD_FILENAME = "${COREOS_EFIBOOTGUARD_NAME}${COREOS_EFIBOOTGUARD_EXT}"
|
||||
|
||||
SWUPDATE_IMAGES += "${COREOS_KERNEL0_NAME} ${COREOS_KERNEL1_NAME} ${COREOS_EFIBOOTGUARD_NAME}"
|
||||
|
||||
python () {
|
||||
kernel0 = d.getVar('COREOS_KERNEL0_NAME')
|
||||
|
|
@ -29,6 +31,10 @@ python () {
|
|||
kernelext = d.getVar('COREOS_KERNEL_EXT')
|
||||
d.setVarFlag("SWUPDATE_IMAGES_FSTYPES", kernel0, kernelext)
|
||||
d.setVarFlag("SWUPDATE_IMAGES_FSTYPES", kernel1, kernelext)
|
||||
|
||||
efibootguard = d.getVar('COREOS_EFIBOOTGUARD_NAME')
|
||||
efibootguardext = d.getVar('COREOS_EFIBOOTGUARD_EXT')
|
||||
d.setVarFlag("SWUPDATE_IMAGES_FSTYPES", efibootguard, efibootguardext)
|
||||
}
|
||||
|
||||
FILESEXTRAPATHS:append := ":${COREOS_ROOT}/layers/meta-belden-coreos/files"
|
||||
|
|
|
|||
|
|
@ -24,6 +24,7 @@ FEATURE_PACKAGES_cockpit = "packagegroup-coreos-cockpit ${@get_feature_packages_
|
|||
# *-dev-tools FEATURES_PACKAGES for any image features
|
||||
FEATURE_PACKAGES_dev-tools = "${@get_feature_packages_with_suffix('dev-tools', d)}"
|
||||
|
||||
|
||||
def get_feature_packages_with_suffix(suffix, d):
|
||||
"""
|
||||
For each feature inside IMAGE_FEATURES, look if a FEATURE_PACKAGE variable
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@ software =
|
|||
installed-directly = true;
|
||||
# partlabel are stored inside the GPT partition table.
|
||||
# The partition table is flashed only once and never updated
|
||||
device = "@@COREOS_DISK_PARTLABEL_LOOKUP_DIRECTORY@@/platform0";
|
||||
device = "/dev/disk/by-partlabel/rootfs1";
|
||||
type = "raw";
|
||||
sha256 = "$swupdate_get_sha256(@@PN@@-@@MACHINE@@.ext4.zst)";
|
||||
}
|
||||
|
|
@ -22,16 +22,23 @@ software =
|
|||
{
|
||||
filename = "@@COREOS_KERNEL0_FILENAME@@";
|
||||
path = "/KERNEL.EFI";
|
||||
device = "@@COREOS_DISK_PARTLABEL_LOOKUP_DIRECTORY@@/boot0";
|
||||
device = "/dev/disk/by-partlabel/ebg1";
|
||||
filesystem = "vfat";
|
||||
sha256 = "$swupdate_get_sha256(@@COREOS_KERNEL0_FILENAME@@)";
|
||||
},
|
||||
{
|
||||
filename = "@@COREOS_EFIBOOTGUARD_FILENAME@@";
|
||||
path = "@@EFIDIR@@/@@EFI_BOOT_IMAGE@@";
|
||||
device = "/dev/disk/by-partlabel/platform1/efi";
|
||||
filesystem = "vfat";
|
||||
sha256 = "$swupdate_get_sha256(@@COREOS_EFIBOOTGUARD_FILENAME@@)";
|
||||
}
|
||||
);
|
||||
|
||||
bootenv: (
|
||||
{
|
||||
name = "kernelparams";
|
||||
value = "root=PARTLABEL=platform0 @@APPEND@@";
|
||||
value = "";
|
||||
},
|
||||
{
|
||||
name = "watchdog_timeout_sec";
|
||||
|
|
@ -53,7 +60,7 @@ software =
|
|||
installed-directly = true;
|
||||
# partlabel are stored inside the GPT partition table.
|
||||
# The partition table is flashed only once and never updated
|
||||
device = "@@COREOS_DISK_PARTLABEL_LOOKUP_DIRECTORY@@/platform1";
|
||||
device = "/dev/disk/by-partlabel/rootfs0";
|
||||
type = "raw";
|
||||
sha256 = "$swupdate_get_sha256(@@PN@@-@@MACHINE@@.ext4.zst)";
|
||||
}
|
||||
|
|
@ -63,15 +70,22 @@ software =
|
|||
{
|
||||
filename = "@@COREOS_KERNEL1_FILENAME@@";
|
||||
path = "/KERNEL.EFI";
|
||||
device = "@@COREOS_DISK_PARTLABEL_LOOKUP_DIRECTORY@@/boot1";
|
||||
device = "/dev/disk/by-partlabel/ebg0";
|
||||
filesystem = "vfat";
|
||||
sha256 = "$swupdate_get_sha256(@@COREOS_KERNEL1_FILENAME@@)";
|
||||
},
|
||||
{
|
||||
filename = "@@COREOS_EFIBOOTGUARD_FILENAME@@";
|
||||
path = "@@EFIDIR@@/@@EFI_BOOT_IMAGE@@";
|
||||
device = "/dev/disk/by-partlabel/efi";
|
||||
filesystem = "vfat";
|
||||
sha256 = "$swupdate_get_sha256(@@COREOS_EFIBOOTGUARD_FILENAME@@)";
|
||||
}
|
||||
);
|
||||
bootenv: (
|
||||
{
|
||||
name = "kernelparams";
|
||||
value = "root=PARTLABEL=platform1 @@APPEND@@";
|
||||
value = "";
|
||||
},
|
||||
{
|
||||
name = "watchdog_timeout_sec";
|
||||
|
|
|
|||
|
|
@ -17,8 +17,8 @@ echo "Root partition is on device ${DISK_DEVICE_NAME} - type ${DISK_PARTITION_TY
|
|||
if [ "${DISK_PARTITION_TYPE}" == "gpt" ]; then
|
||||
ROOT_PARTLABEL=$(lsblk -dno PARTLABEL "${ROOT_PART}")
|
||||
else
|
||||
echo "Using MBR disk is less reliable than GPT disk!"
|
||||
ROOT_PARTLABEL=$(lsblk -dno LABEL "${ROOT_PART}")
|
||||
echo "Using MBR is not supported"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "Root partition label is ${ROOT_PARTLABEL}"
|
||||
|
|
|
|||
Loading…
Reference in New Issue