From: "Kristian Klausen" <kristian@klausen.dk>
To: Richard Purdie <richard.purdie@linuxfoundation.org>
Cc: kristian@klausen.dk, openembedded-core@lists.openembedded.org
Subject: Re: [OE-core] [PATCH] wic/bootimg-efi: Add Unified Kernel Image option
Date: Sun, 12 Sep 2021 18:09:15 +0200 [thread overview]
Message-ID: <YT4mK3FkhRc/dBPs@bob> (raw)
In-Reply-To: <e09b8b9e26d55f71bda9afdd0c2e1e25ec2b4690.camel@linuxfoundation.org>
Den Fri, Sep 10, 2021 at 09:31:18 +0100 skrev Richard Purdie:
> On Thu, 2021-09-09 at 17:53 +0000, Kristian Klausen via lists.openembedded.org
> wrote:
> > "A unified kernel image is a single EFI PE executable combining an EFI
> > stub loader, a kernel image, an initramfs image, and the kernel command
> > line.
> >
> > [...]
> >
> > Images of this type have the advantage that all metadata and payload
> > that makes up the boot entry is monopolized in a single PE file that can
> > be signed cryptographically as one for the purpose of EFI
> > SecureBoot."[1]
> >
> > This commit adds a create-unified-kernel-image=true option to the
> > bootimg-efi plugin for creating a Unified Kernel Image[1] and installing
> > it into $BOOT/EFI/Linux/ with a .efi extension per the the Boot Loader
> > Specification[1][2]. This is useful for implementing Secure Boot.
> >
> > systemd-boot is the only mainstream bootloader implementing the
> > specification, but GRUB should be able to boot the EFI binary, this
> > commit however doesn't implement the necessary changes to the GRUB
> > config generation logic to boot the Unified Kernel Image.
> >
> > [1] https://systemd.io/BOOT_LOADER_SPECIFICATION/#type-2-efi-unified-kernel-images
> > [2] https://systemd.io/BOOT_LOADER_SPECIFICATION/
> >
> > Signed-off-by: Kristian Klausen <kristian@klausen.dk>
> > ---
> >
> > This patch supersedes:
> > "[RFC][PATCH] kernel: Add Unified Kernel Image image type"[1]
> > and:
> > "[PATCH] wic/bootimg-efi: Add option for only installing the bootloader"[2]
> >
> > The latter is perhaps still useful, but with this patch it is no longer
> > needed for using a Unified Kernel Image with systemd-boot.
> >
> > [1] https://lists.openembedded.org/g/openembedded-core/message/155801
> > [2] https://lists.openembedded.org/g/openembedded-core/message/155789
> >
> > scripts/lib/wic/plugins/source/bootimg-efi.py | 69 ++++++++++++++++---
> > 1 file changed, 59 insertions(+), 10 deletions(-)
>
> Do we need to add a test for this into meta/lib/oeqa/selftest/cases/wic.py?
>
> Cheers,
>
> Richard
>
A simple test wouldn't hurt :)
I will add a simple test checking the EFI binary is created in the
expected location and a bootloader confing isn't created.
- Kristian
prev parent reply other threads:[~2021-09-12 16:09 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-09 17:53 [PATCH] wic/bootimg-efi: Add Unified Kernel Image option Kristian Klausen
2021-09-10 8:31 ` [OE-core] " Richard Purdie
2021-09-12 16:09 ` Kristian Klausen [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YT4mK3FkhRc/dBPs@bob \
--to=kristian@klausen.dk \
--cc=openembedded-core@lists.openembedded.org \
--cc=richard.purdie@linuxfoundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox