Merge in ICO/coreos from enable_watchdog_with_default_time to master
* commit '5cadfef4893ca09107577bc48306fb4f9255b5b1':
feat(watchdog): enabled watchdog for EAGLE40-03 with 5s timeout
Merge in ICO/coreos from fix_qemu_user_data_problem to master
* commit 'c2ebce47f1dee56f10bd196601896b27f797852d':
fix(qemu-coreos-arm64): add image to k-stufen
fix(qemu-coreos-arm64): fix several issues and refactoring
* rework machine conf to only build necessary stuff
* in *.wks file switch from ondisk to use-uuid the solves an issue that during
boot the user data partition could not be mounted because user data was set
to mmcblk1 in fstab but actually was sda
* kenrel options were missing for dmcrypt to create secure storage. those are
now added to all machines using linux-yocto source and use the
meta-belden-coreos-bsp layer
The certificates and keys are stored in a repository and taken from there.
It is a neative repository that puts the keys into the sysroot where other
recipes can take them
All the key related scripts where deleted or put in the development-keys
repository.
Basic simplifications where done, there is yet still room for improvement.
The userdata partition is mounted under /usr/local/data. It is and will stay
read-write and its purpose is to store userdata like config, secure-storage.
Merge in ICO/coreos from rename_eagle40_03 to master
* commit '3bf28622c1b2207e752b6e0b9725b4d27fa328a0':
refactor(eagle40-03): rename MACHINE from eagle40_03 to eagle40-03
Merge in ICO/coreos from add_variable_for_kernel_in_wks_file to master
* commit 'afa1a784c1637ad2965f93061794f10577e992a2':
refactor(partitions.inc): use variable for kernel in wks file
Now the distro settings is splitted into two config smaller config
file. PACKAGECONFIG for the system package is set to include a
reduced set of features by default.
Some EFI related feature are now dependant of the EFI DISTRO_
and MACHINE_FEATURES.
Now a single unified kernel image is built using a new CoreOS
specific functionality added in the efibootguard UKI stub to
automatically insert root=PARTLABEL=rootfs0 (or rootfs1) in the
kernel command line
BREAKING CHANGE: coreos-image-uki.bbclass now only generate a
single kernel image named kernel-${MACHINE}.efi
Now we use fw0, fw1, efi, ebg0, ebg1, rootfs0 and rootfs1 partition
name.
BREAKING CHANGE: bootX partition are now named ebgX
BREAKING CHANGE: platformX partition are now named rootfsX
sw-description files
The COREOS_SWUPDATE_EXTENDS_FOR and COREOS_IMAGE_SWUPDATE_EXTRACLASSES
variable can now be used to configure the coreos-image-swupdate to
dynamically extends some part of the sw-description by calling some
python function
This also change the beaglebone target to use a GPT
partitioned disk
BREAKING CHANGE: .swu image generated can not be used on old
device, thus the device has to be reflashed.
BREAKING CHANGE: Support for MBR formatted disk is removed, as
it was only used for Beaglebone
COREOS_EFI_SECUREBOOT_KEYDIR_HASH was intended to store a hash
of each file present in build/key in order to discard the sstate
cache on key changes. But this variables was wrongly always empty
due to a wrong check in a loop.
This introduce a new coreos-emmc-flasher-beaglebone
recipe that create a SWU file that can be used to
create the partition in the internal emmc of a beaglebone
and flash both u-boot and efibootguard.
Support for create efibootguard configuration partition
and flashing kernel and rootfs is not included.
Merge in ICO/coreos from chore/efibootguard-handling to master
* commit 'e02d4b95f8e257d55f70b1dfbf6435ddd564b09e':
chore(efibootguard): better handling of efibootguard related variables
Default value related to efibootguard are not set inside the distro
and MACHINE that use coreos-image and doesn't define EFI as a
MACHINE_FEATURE doesn't get the efibootguard-tools package.
We can build container with non-container machine with
coreos-container-image classes so having a MACHINEOVERRIDES
for container machines only is misleading
--fixed-size produce a partition of the right size but doesn't expand
the filesystem. Instead we use --size --extra-space and
--overhead-factor to have a fixed size partition and fixed size
filesystem
Checking for COREOS_EFI_SECUREBOOT_INSTALL_PUBKEY_IN_EFIDIR
was not done properly resulting of the key always being
installed inside the EFI partition.
We are now using efibootguard to provide a A/B boot path for
the kernel and the rootfs.
This commit remove some change for systemd/systemd-boot that are
not needed anymore and rework how we set the command line, as we
will need to have the command line argument of the kernel both
inside do_image_wic and in a future do_image_swu
Patrick Vogelaar
Sam Dolt
Darko Trogrlic
Peter Kindler
Samuel Dolt
Uli Stein