From fb4702780baa7648514afd217a489a3c108fa295 Mon Sep 17 00:00:00 2001 From: Samuel Dolt Date: Thu, 11 May 2023 11:29:53 +0200 Subject: [PATCH] feat(swupdate): add efibootguard update support This also change the beaglebone target to use a GPT partitioned disk BREAKING CHANGE: .swu image generated can not be used on old device, thus the device has to be reflashed. BREAKING CHANGE: Support for MBR formatted disk is removed, as it was only used for Beaglebone --- documentation/boot/overview.rst | 10 ++++--- .../conf/machine/beaglebone.conf | 7 ----- .../legacy-mbr-disk.inc | 4 --- .../wic/beaglebone-sdcard.wks.in | 21 ++++++++++----- .../classes/coreos-image-swupdate.bbclass | 16 ++++++++---- .../classes/coreos-image.bbclass | 1 + .../meta-belden-coreos/files/sw-description | 26 ++++++++++++++----- .../swupdate/sw-collections-config.sh | 4 +-- 8 files changed, 55 insertions(+), 34 deletions(-) diff --git a/documentation/boot/overview.rst b/documentation/boot/overview.rst index 9c22297..3b5970a 100644 --- a/documentation/boot/overview.rst +++ b/documentation/boot/overview.rst @@ -63,6 +63,11 @@ machine. Firmware requirements --------------------- +.. warning:: + + CoreOS support at the moment only hardware that contains a block storage + device (SD Card, eMMC, ...) formatted with GPT. MBR disk or MTD device are + not supported. ARM32 / AArch32 based machine ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -70,10 +75,7 @@ ARM32 / AArch32 based machine The firmware for ARM32 should implement a subset of the UEFI specification, as defined by the EBBR Specification. As this architecure is used on old hardware, it's ok to use the part of the specification that are marked as deprecated or -legacy like: - -- MBR partitionning instead of GPT -- Fixed offsets to firmware data +legacy. We require the firmware to provide a DeviceTree based system description and not an ACPI based table (as allowed by the specification). diff --git a/layers/meta-belden-coreos-bsp/conf/machine/beaglebone.conf b/layers/meta-belden-coreos-bsp/conf/machine/beaglebone.conf index a7e1f4c..792d995 100644 --- a/layers/meta-belden-coreos-bsp/conf/machine/beaglebone.conf +++ b/layers/meta-belden-coreos-bsp/conf/machine/beaglebone.conf @@ -59,12 +59,5 @@ QB_TCPSERIAL_OPT = "-device virtio-serial-device -chardev socket,id=virtcon,port # No watchdog available yet EFIBOOTGUARD_TIMEOUT ?= "0" -# MBR disk can't select the root device by partition label as MBR doesn't have -# a partition label. Using filesystem label only work with an initramfs and we -# don't support it yet. -COREOS_PLATFORM0_ROOT ?= "/dev/mmcblk0p3" -COREOS_PLATFORM1_ROOT ?= "/dev/mmcblk0p4" - require conf/machine/include/coreos-generic-features/efi.inc -require conf/machine/include/coreos-generic-features/legacy-mbr-disk.inc require conf/machine/include/coreos-generic-features/emmc.inc diff --git a/layers/meta-belden-coreos-bsp/conf/machine/include/coreos-generic-features/legacy-mbr-disk.inc b/layers/meta-belden-coreos-bsp/conf/machine/include/coreos-generic-features/legacy-mbr-disk.inc index 9997044..f07d416 100644 --- a/layers/meta-belden-coreos-bsp/conf/machine/include/coreos-generic-features/legacy-mbr-disk.inc +++ b/layers/meta-belden-coreos-bsp/conf/machine/include/coreos-generic-features/legacy-mbr-disk.inc @@ -2,10 +2,6 @@ # MBR disk are still supported by CoreOS, but only for legacy product # This ensure that efibootguard / swupdate work with MBR disk -# Do not include this file in a machine configuration if the machine support -# a GPT disk instead -COREOS_DISK_PARTLABEL_LOOKUP_DIRECTORY ?= "/dev/disk/by-label" - # MBR can't disk can't use partition label, but may use filesystem label # This will only work with an initramfs. If no initramfs is used, this will # have to be set to the right disk device inside the machine configuration diff --git a/layers/meta-belden-coreos-bsp/wic/beaglebone-sdcard.wks.in b/layers/meta-belden-coreos-bsp/wic/beaglebone-sdcard.wks.in index c915464..714169d 100644 --- a/layers/meta-belden-coreos-bsp/wic/beaglebone-sdcard.wks.in +++ b/layers/meta-belden-coreos-bsp/wic/beaglebone-sdcard.wks.in @@ -1,11 +1,20 @@ # short-description: Create SD card image for Beaglebone # long-description: Creates a partitioned SD card image for Beaglebone. -# Boot files are located in the first vfat partition. -part --source bootimg-partition --ondisk mmcblk0 --fstype=vfat --label boot --active --align 4 --size 32M --extra-space 0 --overhead-factor 1 -${WKS_PART_EFI} --ondisk mmcblk0 --align 1024 --size 32M --extra-space 0 --overhead-factor 1 -${WKS_PART_ROOT_A} --ondisk mmcblk0 --size 2G --extra-space 0 --overhead-factor 1 -${WKS_PART_ROOT_B} --ondisk mmcblk0 --size 2G --extra-space 0 --overhead-factor 1 +# offset 1S => 1 sector (1x512 byte) +# The bootloader can be at 4 different position in raw mode: 0S, 256S, 512S, 768S +# MBR disk use only the sector 0, so 1S is free +# GPT disk use sector 0-33S, so first free slot is 256S +# Offset are from the BBB default settings +part --offset 256S --source rawcopy --sourceparams="file=MLO" --ondisk mmcblk0 +part --offset 768S --source rawcopy --sourceparams="file=u-boot.img" --ondisk mmcblk0 + + +# Let's define a 4MiB maximum size for the bootloader +# 4MiB => 4*1024*1024/512=8192S | 768S + 8192S => 8960S +${WKS_PART_EFI} --ondisk mmcblk0 --offset 8960S --align 1024 --size 32M --extra-space 0 --overhead-factor 1 +${WKS_PART_ROOT_A} --ondisk mmcblk0 --size ${WKS_PART_ROOT_SIZE} --extra-space 0 --overhead-factor 1 +${WKS_PART_ROOT_B} --ondisk mmcblk0 --size ${WKS_PART_ROOT_SIZE} --extra-space 0 --overhead-factor 1 ${WKS_PART_EFIBOOTGUARD_A} --ondisk mmcblk0 --align 1024 --size 128M --extra-space 0 --overhead-factor 1 ${WKS_PART_EFIBOOTGUARD_B} --ondisk mmcblk0 --align 1024 --size 128M --extra-space 0 --overhead-factor 1 -bootloader --ptable msdos +bootloader --ptable gpt diff --git a/layers/meta-belden-coreos/classes/coreos-image-swupdate.bbclass b/layers/meta-belden-coreos/classes/coreos-image-swupdate.bbclass index 36357e7..dca81fd 100644 --- a/layers/meta-belden-coreos/classes/coreos-image-swupdate.bbclass +++ b/layers/meta-belden-coreos/classes/coreos-image-swupdate.bbclass @@ -7,9 +7,6 @@ # Swupdate image generation # ============================================================================== -# Machine using MBR override this value, see legacy-mbr-disk.inc -COREOS_DISK_PARTLABEL_LOOKUP_DIRECTORY ??= "/dev/disk/by-partlabel" - IMAGE_FSTYPES:append = " ext4.zst" python () { image = d.getVar('IMAGE_BASENAME') @@ -19,9 +16,14 @@ python () { inherit swupdate-image # Ensure than variable used in the sw-description files are watched for change -do_swuimage[vardeps] += "COREOS_KERNEL0_FILENAME COREOS_KERNEL1_FILENAME EFIBOOTGUARD_TIMEOUT COREOS_DISK_PARTLABEL_LOOKUP_DIRECTORY APPEND" +do_swuimage[vardeps] += "COREOS_KERNEL0_FILENAME COREOS_KERNEL1_FILENAME EFIBOOTGUARD_TIMEOUT EFIDIR EFI_BOOT_IMAGE COREOS_EFIBOOTGUARD_FILENAME" do_swuimage[deptask] += "do_bundle_uki" -SWUPDATE_IMAGES += "${COREOS_KERNEL0_NAME} ${COREOS_KERNEL1_NAME}" + +COREOS_EFIBOOTGUARD_NAME ?= "efibootguard${EFI_ARCH}" +COREOS_EFIBOOTGUARD_EXT ?= ".efi" +COREOS_EFIBOOTGUARD_FILENAME = "${COREOS_EFIBOOTGUARD_NAME}${COREOS_EFIBOOTGUARD_EXT}" + +SWUPDATE_IMAGES += "${COREOS_KERNEL0_NAME} ${COREOS_KERNEL1_NAME} ${COREOS_EFIBOOTGUARD_NAME}" python () { kernel0 = d.getVar('COREOS_KERNEL0_NAME') @@ -29,6 +31,10 @@ python () { kernelext = d.getVar('COREOS_KERNEL_EXT') d.setVarFlag("SWUPDATE_IMAGES_FSTYPES", kernel0, kernelext) d.setVarFlag("SWUPDATE_IMAGES_FSTYPES", kernel1, kernelext) + + efibootguard = d.getVar('COREOS_EFIBOOTGUARD_NAME') + efibootguardext = d.getVar('COREOS_EFIBOOTGUARD_EXT') + d.setVarFlag("SWUPDATE_IMAGES_FSTYPES", efibootguard, efibootguardext) } FILESEXTRAPATHS:append := ":${COREOS_ROOT}/layers/meta-belden-coreos/files" diff --git a/layers/meta-belden-coreos/classes/coreos-image.bbclass b/layers/meta-belden-coreos/classes/coreos-image.bbclass index 685ea48..18ff680 100644 --- a/layers/meta-belden-coreos/classes/coreos-image.bbclass +++ b/layers/meta-belden-coreos/classes/coreos-image.bbclass @@ -24,6 +24,7 @@ FEATURE_PACKAGES_cockpit = "packagegroup-coreos-cockpit ${@get_feature_packages_ # *-dev-tools FEATURES_PACKAGES for any image features FEATURE_PACKAGES_dev-tools = "${@get_feature_packages_with_suffix('dev-tools', d)}" + def get_feature_packages_with_suffix(suffix, d): """ For each feature inside IMAGE_FEATURES, look if a FEATURE_PACKAGE variable diff --git a/layers/meta-belden-coreos/files/sw-description b/layers/meta-belden-coreos/files/sw-description index 29fb378..5f16386 100644 --- a/layers/meta-belden-coreos/files/sw-description +++ b/layers/meta-belden-coreos/files/sw-description @@ -12,7 +12,7 @@ software = installed-directly = true; # partlabel are stored inside the GPT partition table. # The partition table is flashed only once and never updated - device = "@@COREOS_DISK_PARTLABEL_LOOKUP_DIRECTORY@@/platform0"; + device = "/dev/disk/by-partlabel/rootfs1"; type = "raw"; sha256 = "$swupdate_get_sha256(@@PN@@-@@MACHINE@@.ext4.zst)"; } @@ -22,16 +22,23 @@ software = { filename = "@@COREOS_KERNEL0_FILENAME@@"; path = "/KERNEL.EFI"; - device = "@@COREOS_DISK_PARTLABEL_LOOKUP_DIRECTORY@@/boot0"; + device = "/dev/disk/by-partlabel/ebg1"; filesystem = "vfat"; sha256 = "$swupdate_get_sha256(@@COREOS_KERNEL0_FILENAME@@)"; + }, + { + filename = "@@COREOS_EFIBOOTGUARD_FILENAME@@"; + path = "@@EFIDIR@@/@@EFI_BOOT_IMAGE@@"; + device = "/dev/disk/by-partlabel/platform1/efi"; + filesystem = "vfat"; + sha256 = "$swupdate_get_sha256(@@COREOS_EFIBOOTGUARD_FILENAME@@)"; } ); bootenv: ( { name = "kernelparams"; - value = "root=PARTLABEL=platform0 @@APPEND@@"; + value = ""; }, { name = "watchdog_timeout_sec"; @@ -53,7 +60,7 @@ software = installed-directly = true; # partlabel are stored inside the GPT partition table. # The partition table is flashed only once and never updated - device = "@@COREOS_DISK_PARTLABEL_LOOKUP_DIRECTORY@@/platform1"; + device = "/dev/disk/by-partlabel/rootfs0"; type = "raw"; sha256 = "$swupdate_get_sha256(@@PN@@-@@MACHINE@@.ext4.zst)"; } @@ -63,15 +70,22 @@ software = { filename = "@@COREOS_KERNEL1_FILENAME@@"; path = "/KERNEL.EFI"; - device = "@@COREOS_DISK_PARTLABEL_LOOKUP_DIRECTORY@@/boot1"; + device = "/dev/disk/by-partlabel/ebg0"; filesystem = "vfat"; sha256 = "$swupdate_get_sha256(@@COREOS_KERNEL1_FILENAME@@)"; + }, + { + filename = "@@COREOS_EFIBOOTGUARD_FILENAME@@"; + path = "@@EFIDIR@@/@@EFI_BOOT_IMAGE@@"; + device = "/dev/disk/by-partlabel/efi"; + filesystem = "vfat"; + sha256 = "$swupdate_get_sha256(@@COREOS_EFIBOOTGUARD_FILENAME@@)"; } ); bootenv: ( { name = "kernelparams"; - value = "root=PARTLABEL=platform1 @@APPEND@@"; + value = ""; }, { name = "watchdog_timeout_sec"; diff --git a/layers/meta-belden-coreos/recipes-support/swupdate/swupdate/sw-collections-config.sh b/layers/meta-belden-coreos/recipes-support/swupdate/swupdate/sw-collections-config.sh index 1238e9b..7f54b62 100644 --- a/layers/meta-belden-coreos/recipes-support/swupdate/swupdate/sw-collections-config.sh +++ b/layers/meta-belden-coreos/recipes-support/swupdate/swupdate/sw-collections-config.sh @@ -17,8 +17,8 @@ echo "Root partition is on device ${DISK_DEVICE_NAME} - type ${DISK_PARTITION_TY if [ "${DISK_PARTITION_TYPE}" == "gpt" ]; then ROOT_PARTLABEL=$(lsblk -dno PARTLABEL "${ROOT_PART}") else - echo "Using MBR disk is less reliable than GPT disk!" - ROOT_PARTLABEL=$(lsblk -dno LABEL "${ROOT_PART}") + echo "Using MBR is not supported" + exit 1 fi echo "Root partition label is ${ROOT_PARTLABEL}"