LM
/
coreos
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat(swupdate): add efibootguard update support 

This also change the beaglebone target to use a GPT
partitioned disk

BREAKING CHANGE: .swu image generated can not be used on old
device, thus the device has to be reflashed.

BREAKING CHANGE: Support for MBR formatted disk is removed, as
it was only used for Beaglebone
This commit is contained in:
Samuel Dolt 2023-05-11 11:29:53 +02:00
parent 66461ac473
commit fb4702780b
8 changed files with 55 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
documentation/boot/overview.rst
View File

@ -63,6 +63,11 @@ machine.
Firmware requirements Firmware requirements
--------------------- ---------------------
.. warning::
CoreOS support at the moment only hardware that contains a block storage
device (SD Card, eMMC, ...) formatted with GPT. MBR disk or MTD device are
not supported.
ARM32 / AArch32 based machine ARM32 / AArch32 based machine
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@ -70,10 +75,7 @@ ARM32 / AArch32 based machine
The firmware for ARM32 should implement a subset of the UEFI specification, as The firmware for ARM32 should implement a subset of the UEFI specification, as
defined by the EBBR Specification. As this architecure is used on old hardware, defined by the EBBR Specification. As this architecure is used on old hardware,
it's ok to use the part of the specification that are marked as deprecated or it's ok to use the part of the specification that are marked as deprecated or
legacy like: legacy.
- MBR partitionning instead of GPT
- Fixed offsets to firmware data
We require the firmware to provide a DeviceTree based system description and not We require the firmware to provide a DeviceTree based system description and not
an ACPI based table (as allowed by the specification). an ACPI based table (as allowed by the specification).

7
layers/meta-belden-coreos-bsp/conf/machine/beaglebone.conf
View File

@ -59,12 +59,5 @@ QB_TCPSERIAL_OPT = "-device virtio-serial-device -chardev socket,id=virtcon,port
# No watchdog available yet # No watchdog available yet
EFIBOOTGUARD_TIMEOUT ?= "0" EFIBOOTGUARD_TIMEOUT ?= "0"
# MBR disk can't select the root device by partition label as MBR doesn't have
# a partition label. Using filesystem label only work with an initramfs and we
# don't support it yet.
COREOS_PLATFORM0_ROOT ?= "/dev/mmcblk0p3"
COREOS_PLATFORM1_ROOT ?= "/dev/mmcblk0p4"
require conf/machine/include/coreos-generic-features/efi.inc require conf/machine/include/coreos-generic-features/efi.inc
require conf/machine/include/coreos-generic-features/legacy-mbr-disk.inc
require conf/machine/include/coreos-generic-features/emmc.inc require conf/machine/include/coreos-generic-features/emmc.inc

4
layers/meta-belden-coreos-bsp/conf/machine/include/coreos-generic-features/legacy-mbr-disk.inc
View File

@ -2,10 +2,6 @@
# MBR disk are still supported by CoreOS, but only for legacy product # MBR disk are still supported by CoreOS, but only for legacy product
# This ensure that efibootguard / swupdate work with MBR disk # This ensure that efibootguard / swupdate work with MBR disk
# Do not include this file in a machine configuration if the machine support
# a GPT disk instead
COREOS_DISK_PARTLABEL_LOOKUP_DIRECTORY ?= "/dev/disk/by-label"
# MBR can't disk can't use partition label, but may use filesystem label # MBR can't disk can't use partition label, but may use filesystem label
# This will only work with an initramfs. If no initramfs is used, this will # This will only work with an initramfs. If no initramfs is used, this will
# have to be set to the right disk device inside the machine configuration # have to be set to the right disk device inside the machine configuration

21
layers/meta-belden-coreos-bsp/wic/beaglebone-sdcard.wks.in
View File

@ -1,11 +1,20 @@
# short-description: Create SD card image for Beaglebone # short-description: Create SD card image for Beaglebone
# long-description: Creates a partitioned SD card image for Beaglebone. # long-description: Creates a partitioned SD card image for Beaglebone.
# Boot files are located in the first vfat partition.
part --source bootimg-partition --ondisk mmcblk0 --fstype=vfat --label boot --active --align 4 --size 32M --extra-space 0 --overhead-factor 1 # offset 1S => 1 sector (1x512 byte)
${WKS_PART_EFI} --ondisk mmcblk0 --align 1024 --size 32M --extra-space 0 --overhead-factor 1 # The bootloader can be at 4 different position in raw mode: 0S, 256S, 512S, 768S
${WKS_PART_ROOT_A} --ondisk mmcblk0 --size 2G --extra-space 0 --overhead-factor 1 # MBR disk use only the sector 0, so 1S is free
${WKS_PART_ROOT_B} --ondisk mmcblk0 --size 2G --extra-space 0 --overhead-factor 1 # GPT disk use sector 0-33S, so first free slot is 256S
# Offset are from the BBB default settings
part --offset 256S --source rawcopy --sourceparams="file=MLO" --ondisk mmcblk0
part --offset 768S --source rawcopy --sourceparams="file=u-boot.img" --ondisk mmcblk0
# Let's define a 4MiB maximum size for the bootloader
# 4MiB => 4*1024*1024/512=8192S | 768S + 8192S => 8960S
${WKS_PART_EFI} --ondisk mmcblk0 --offset 8960S --align 1024 --size 32M --extra-space 0 --overhead-factor 1
${WKS_PART_ROOT_A} --ondisk mmcblk0 --size ${WKS_PART_ROOT_SIZE} --extra-space 0 --overhead-factor 1
${WKS_PART_ROOT_B} --ondisk mmcblk0 --size ${WKS_PART_ROOT_SIZE} --extra-space 0 --overhead-factor 1
${WKS_PART_EFIBOOTGUARD_A} --ondisk mmcblk0 --align 1024 --size 128M --extra-space 0 --overhead-factor 1 ${WKS_PART_EFIBOOTGUARD_A} --ondisk mmcblk0 --align 1024 --size 128M --extra-space 0 --overhead-factor 1
${WKS_PART_EFIBOOTGUARD_B} --ondisk mmcblk0 --align 1024 --size 128M --extra-space 0 --overhead-factor 1 ${WKS_PART_EFIBOOTGUARD_B} --ondisk mmcblk0 --align 1024 --size 128M --extra-space 0 --overhead-factor 1
bootloader --ptable msdos bootloader --ptable gpt

16
layers/meta-belden-coreos/classes/coreos-image-swupdate.bbclass
View File

@ -7,9 +7,6 @@
# Swupdate image generation # Swupdate image generation
# ============================================================================== # ==============================================================================
# Machine using MBR override this value, see legacy-mbr-disk.inc
COREOS_DISK_PARTLABEL_LOOKUP_DIRECTORY ??= "/dev/disk/by-partlabel"
IMAGE_FSTYPES:append = " ext4.zst" IMAGE_FSTYPES:append = " ext4.zst"
python () { python () {
image = d.getVar('IMAGE_BASENAME') image = d.getVar('IMAGE_BASENAME')
@ -19,9 +16,14 @@ python () {
inherit swupdate-image inherit swupdate-image
# Ensure than variable used in the sw-description files are watched for change # Ensure than variable used in the sw-description files are watched for change
do_swuimage[vardeps] += "COREOS_KERNEL0_FILENAME COREOS_KERNEL1_FILENAME EFIBOOTGUARD_TIMEOUT COREOS_DISK_PARTLABEL_LOOKUP_DIRECTORY APPEND" do_swuimage[vardeps] += "COREOS_KERNEL0_FILENAME COREOS_KERNEL1_FILENAME EFIBOOTGUARD_TIMEOUT EFIDIR EFI_BOOT_IMAGE COREOS_EFIBOOTGUARD_FILENAME"
do_swuimage[deptask] += "do_bundle_uki" do_swuimage[deptask] += "do_bundle_uki"
SWUPDATE_IMAGES += "${COREOS_KERNEL0_NAME} ${COREOS_KERNEL1_NAME}"
COREOS_EFIBOOTGUARD_NAME ?= "efibootguard${EFI_ARCH}"
COREOS_EFIBOOTGUARD_EXT ?= ".efi"
COREOS_EFIBOOTGUARD_FILENAME = "${COREOS_EFIBOOTGUARD_NAME}${COREOS_EFIBOOTGUARD_EXT}"
SWUPDATE_IMAGES += "${COREOS_KERNEL0_NAME} ${COREOS_KERNEL1_NAME} ${COREOS_EFIBOOTGUARD_NAME}"
python () { python () {
kernel0 = d.getVar('COREOS_KERNEL0_NAME') kernel0 = d.getVar('COREOS_KERNEL0_NAME')
@ -29,6 +31,10 @@ python () {
kernelext = d.getVar('COREOS_KERNEL_EXT') kernelext = d.getVar('COREOS_KERNEL_EXT')
d.setVarFlag("SWUPDATE_IMAGES_FSTYPES", kernel0, kernelext) d.setVarFlag("SWUPDATE_IMAGES_FSTYPES", kernel0, kernelext)
d.setVarFlag("SWUPDATE_IMAGES_FSTYPES", kernel1, kernelext) d.setVarFlag("SWUPDATE_IMAGES_FSTYPES", kernel1, kernelext)
efibootguard = d.getVar('COREOS_EFIBOOTGUARD_NAME')
efibootguardext = d.getVar('COREOS_EFIBOOTGUARD_EXT')
d.setVarFlag("SWUPDATE_IMAGES_FSTYPES", efibootguard, efibootguardext)
} }
FILESEXTRAPATHS:append := ":${COREOS_ROOT}/layers/meta-belden-coreos/files" FILESEXTRAPATHS:append := ":${COREOS_ROOT}/layers/meta-belden-coreos/files"

1
layers/meta-belden-coreos/classes/coreos-image.bbclass
View File

@ -24,6 +24,7 @@ FEATURE_PACKAGES_cockpit = "packagegroup-coreos-cockpit ${@get_feature_packages_
# *-dev-tools FEATURES_PACKAGES for any image features # *-dev-tools FEATURES_PACKAGES for any image features
FEATURE_PACKAGES_dev-tools = "${@get_feature_packages_with_suffix('dev-tools', d)}" FEATURE_PACKAGES_dev-tools = "${@get_feature_packages_with_suffix('dev-tools', d)}"
def get_feature_packages_with_suffix(suffix, d): def get_feature_packages_with_suffix(suffix, d):
""" """
For each feature inside IMAGE_FEATURES, look if a FEATURE_PACKAGE variable For each feature inside IMAGE_FEATURES, look if a FEATURE_PACKAGE variable

26
layers/meta-belden-coreos/files/sw-description
View File

@ -12,7 +12,7 @@ software =
installed-directly = true; installed-directly = true;
# partlabel are stored inside the GPT partition table. # partlabel are stored inside the GPT partition table.
# The partition table is flashed only once and never updated # The partition table is flashed only once and never updated
device = "@@COREOS_DISK_PARTLABEL_LOOKUP_DIRECTORY@@/platform0"; device = "/dev/disk/by-partlabel/rootfs1";
type = "raw"; type = "raw";
sha256 = "$swupdate_get_sha256(@@PN@@-@@MACHINE@@.ext4.zst)"; sha256 = "$swupdate_get_sha256(@@PN@@-@@MACHINE@@.ext4.zst)";
} }
@ -22,16 +22,23 @@ software =
{ {
filename = "@@COREOS_KERNEL0_FILENAME@@"; filename = "@@COREOS_KERNEL0_FILENAME@@";
path = "/KERNEL.EFI"; path = "/KERNEL.EFI";
device = "@@COREOS_DISK_PARTLABEL_LOOKUP_DIRECTORY@@/boot0"; device = "/dev/disk/by-partlabel/ebg1";
filesystem = "vfat"; filesystem = "vfat";
sha256 = "$swupdate_get_sha256(@@COREOS_KERNEL0_FILENAME@@)"; sha256 = "$swupdate_get_sha256(@@COREOS_KERNEL0_FILENAME@@)";
},
{
filename = "@@COREOS_EFIBOOTGUARD_FILENAME@@";
path = "@@EFIDIR@@/@@EFI_BOOT_IMAGE@@";
device = "/dev/disk/by-partlabel/platform1/efi";
filesystem = "vfat";
sha256 = "$swupdate_get_sha256(@@COREOS_EFIBOOTGUARD_FILENAME@@)";
} }
); );
bootenv: ( bootenv: (
{ {
name = "kernelparams"; name = "kernelparams";
value = "root=PARTLABEL=platform0 @@APPEND@@"; value = "";
}, },
{ {
name = "watchdog_timeout_sec"; name = "watchdog_timeout_sec";
@ -53,7 +60,7 @@ software =
installed-directly = true; installed-directly = true;
# partlabel are stored inside the GPT partition table. # partlabel are stored inside the GPT partition table.
# The partition table is flashed only once and never updated # The partition table is flashed only once and never updated
device = "@@COREOS_DISK_PARTLABEL_LOOKUP_DIRECTORY@@/platform1"; device = "/dev/disk/by-partlabel/rootfs0";
type = "raw"; type = "raw";
sha256 = "$swupdate_get_sha256(@@PN@@-@@MACHINE@@.ext4.zst)"; sha256 = "$swupdate_get_sha256(@@PN@@-@@MACHINE@@.ext4.zst)";
} }
@ -63,15 +70,22 @@ software =
{ {
filename = "@@COREOS_KERNEL1_FILENAME@@"; filename = "@@COREOS_KERNEL1_FILENAME@@";
path = "/KERNEL.EFI"; path = "/KERNEL.EFI";
device = "@@COREOS_DISK_PARTLABEL_LOOKUP_DIRECTORY@@/boot1"; device = "/dev/disk/by-partlabel/ebg0";
filesystem = "vfat"; filesystem = "vfat";
sha256 = "$swupdate_get_sha256(@@COREOS_KERNEL1_FILENAME@@)"; sha256 = "$swupdate_get_sha256(@@COREOS_KERNEL1_FILENAME@@)";
},
{
filename = "@@COREOS_EFIBOOTGUARD_FILENAME@@";
path = "@@EFIDIR@@/@@EFI_BOOT_IMAGE@@";
device = "/dev/disk/by-partlabel/efi";
filesystem = "vfat";
sha256 = "$swupdate_get_sha256(@@COREOS_EFIBOOTGUARD_FILENAME@@)";
} }
); );
bootenv: ( bootenv: (
{ {
name = "kernelparams"; name = "kernelparams";
value = "root=PARTLABEL=platform1 @@APPEND@@"; value = "";
}, },
{ {
name = "watchdog_timeout_sec"; name = "watchdog_timeout_sec";

4
layers/meta-belden-coreos/recipes-support/swupdate/swupdate/sw-collections-config.sh
View File

@ -17,8 +17,8 @@ echo "Root partition is on device ${DISK_DEVICE_NAME} - type ${DISK_PARTITION_TY
if [ "${DISK_PARTITION_TYPE}" == "gpt" ]; then if [ "${DISK_PARTITION_TYPE}" == "gpt" ]; then
ROOT_PARTLABEL=$(lsblk -dno PARTLABEL "${ROOT_PART}") ROOT_PARTLABEL=$(lsblk -dno PARTLABEL "${ROOT_PART}")
else else
echo "Using MBR disk is less reliable than GPT disk!" echo "Using MBR is not supported"
ROOT_PARTLABEL=$(lsblk -dno LABEL "${ROOT_PART}") exit 1
fi fi
echo "Root partition label is ${ROOT_PARTLABEL}" echo "Root partition label is ${ROOT_PARTLABEL}"