From: Mikko Rapeli <mikko.rapeli@linaro.org>
To: Koen Kooi <koen.kooi@oss.qualcomm.com>
Cc: openembedded-core@lists.openembedded.org
Subject: Re: [OE-core] [PATCH v3 04/11] core-image-initramfs-boot: add option to build systemd based initrd
Date: Mon, 7 Apr 2025 12:08:02 +0300 [thread overview]
Message-ID: <Z_OV8sGhAC-vqAll@nuoska> (raw)
In-Reply-To: <F2BE3AD0-A0B2-4760-B4EB-E4D18D4CD2DB@oss.qualcomm.com>
Hi,
On Mon, Apr 07, 2025 at 10:58:12AM +0200, Koen Kooi wrote:
>
>
> > Op 7 apr 2025, om 08:12 heeft Mikko Rapeli <mikko.rapeli@linaro.org> het volgende geschreven:
> >
> > Hi,
> >
> > On Mon, Apr 07, 2025 at 08:01:41AM +0200, Koen Kooi wrote:
> >> Op 4 apr 2025, om 18:29 heeft Mikko Rapeli via lists.openembedded.org <mikko.rapeli=linaro.org@lists.openembedded.org> het volgende geschreven:
> >>>
> >>> If "systemd-initramfs" is in DISTRO_FEATURES then convert
> >>> core-image-initramfs-boot from shell scripts to systemd.
> >>> The resulting initramfs is much bigger than shell script one but
> >>> supports much more features like disk encryption and TPM devices.
> >>> Also includes udev which can load any drivers needed to mount
> >>> rootfs.
> >>
> >> Are packaged based kernel updates finally working with this?
> >
> > Sorry, I don't get this question. What is package based kernel updates?
>
> Using package management to update a kernel, e.g, 'opkg update ; opkg upgrade'.
Yocto project in general does not test binary package update paths. These
patches are still tied to the yocto build environment and don't generate
initrd on the running systemd based on files in the rootfs. That support
is currently not available in yocto, AFAIK.
These changes only enable building systemd based initrd image from the yocto
build environment.
One of the usecases which I'm testing is UEFI secure boot where
kernel and initrd are signed with keys which are not availeble
in the rootfs. The keys are only available on the yocto build
machine. The UEFI firmware (u-boot based,
https://gitlab.com/Linaro/trustedsubstrate/meta-ts ) checks
that kernel and initrd in the UKI binary are signed with
expected keys before allowing boot to continue. systemd
based initrd is then able to use TPM in more advance ways
that shell script based yocto initrd framework to e.g.
encrypt rootfs.
Cheers,
-Mikko
next prev parent reply other threads:[~2025-04-07 9:08 UTC|newest]
Thread overview: 76+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-04-04 16:29 [PATCH v3 00/11] systemd based initrd and modular kernel support Mikko Rapeli
2025-04-04 16:29 ` [PATCH v3 01/11] systemd: enable efi support by default Mikko Rapeli
2025-04-10 10:16 ` [OE-core] " Adrian Freihofer
2025-04-10 11:12 ` Mikko Rapeli
2025-04-10 11:45 ` Ilias Apalodimas
2025-04-10 12:12 ` Ilias Apalodimas
2025-04-10 17:44 ` Alexander Kanavin
2025-04-10 17:48 ` Ilias Apalodimas
2025-04-10 19:19 ` Alexander Kanavin
2025-04-11 10:56 ` Ilias Apalodimas
2025-04-10 20:53 ` Adrian Freihofer
2025-04-11 10:38 ` Ilias Apalodimas
2025-04-10 12:13 ` Alexander Kanavin
2025-04-10 12:54 ` Ilias Apalodimas
2025-04-10 14:20 ` Alexander Kanavin
2025-04-10 14:38 ` Ilias Apalodimas
2025-04-10 14:51 ` Alexander Kanavin
2025-04-10 15:16 ` Ilias Apalodimas
2025-04-10 15:27 ` Mikko Rapeli
2025-04-11 8:40 ` Mike Looijmans
2025-04-11 10:45 ` Mikko Rapeli
2025-04-11 11:08 ` mike.looijmans
2025-04-14 16:28 ` Adrian Freihofer
2025-04-15 9:51 ` Mikko Rapeli
2025-04-15 10:39 ` Jose Quaresma
2025-04-15 16:20 ` Peter Kjellerstedt
2025-04-16 6:08 ` Mikko Rapeli
2025-04-16 9:07 ` Koen Kooi
2025-04-16 10:10 ` Adrian Freihofer
2025-04-16 12:54 ` Peter Kjellerstedt
2025-04-04 16:29 ` [PATCH v3 02/11] uki.bbclass: drop serial console from kernel command line Mikko Rapeli
2025-04-04 16:29 ` [PATCH v3 03/11] kernel.bbclass: add kernel-initrd-modules meta package Mikko Rapeli
2025-04-08 3:42 ` [OE-core] " Bruce Ashfield
2025-04-10 12:42 ` Richard Purdie
2025-04-10 13:00 ` Mikko Rapeli
2025-04-10 13:15 ` Bruce Ashfield
2025-04-11 7:48 ` Mikko Rapeli
2025-04-11 12:52 ` Bruce Ashfield
2025-04-11 13:12 ` Mikko Rapeli
2025-04-11 13:39 ` Bruce Ashfield
2025-04-11 13:45 ` Richard Purdie
2025-04-22 10:18 ` Mikko Rapeli
2025-04-23 12:48 ` Bruce Ashfield
[not found] ` <1834F69070219745.7383@lists.openembedded.org>
2025-04-11 8:07 ` Mikko Rapeli
2025-04-04 16:29 ` [PATCH v3 04/11] core-image-initramfs-boot: add option to build systemd based initrd Mikko Rapeli
2025-04-07 6:01 ` [OE-core] " Koen Kooi
2025-04-07 6:12 ` Mikko Rapeli
2025-04-07 8:58 ` Koen Kooi
2025-04-07 9:08 ` Mikko Rapeli [this message]
2025-04-10 12:45 ` Richard Purdie
2025-04-10 13:05 ` Mikko Rapeli
2025-04-04 16:29 ` [PATCH v3 05/11] core-image-initramfs-boot: don't install RRECOMMENDS to reduce size Mikko Rapeli
2025-04-10 12:47 ` [OE-core] " Richard Purdie
2025-04-10 13:09 ` Mikko Rapeli
2025-04-04 16:29 ` [PATCH v3 06/11] core-image-initramfs-boot: install kernel-initrd-modules by default Mikko Rapeli
2025-04-04 16:29 ` [PATCH v3 07/11] oeqa selftest uki.py: add aarch64/arm test with systemd based initrd Mikko Rapeli
2025-04-04 16:29 ` [PATCH v3 08/11] test_efi_plugin_plain_systemd-boot: don't set console Mikko Rapeli
2025-04-04 16:29 ` [PATCH v3 09/11] image_types_wic.bbclass: capture verbose wic output by default Mikko Rapeli
2025-04-14 20:43 ` [OE-core] " Trevor Woerner
2025-04-15 5:19 ` Mikko Rapeli
2025-04-22 14:25 ` Alexander Kanavin
2025-04-04 16:29 ` [PATCH v3 10/11] wic bootimg-efi.py: fail build if no binaries installed Mikko Rapeli
2025-04-14 20:51 ` [OE-core] " Trevor Woerner
2025-04-15 5:03 ` Mikko Rapeli
2025-04-04 16:29 ` [PATCH v3 11/11] image_types_wic.bbclass: depend on grub-efi and systemd-boot on aarch64, systemd-boot on arm Mikko Rapeli
2025-04-14 20:48 ` [OE-core] " Trevor Woerner
2025-04-15 5:01 ` Mikko Rapeli
2025-04-07 7:53 ` [OE-core] [PATCH v3 00/11] systemd based initrd and modular kernel support Mathieu Dubois-Briand
2025-04-07 8:10 ` Mikko Rapeli
2025-04-07 8:51 ` Mathieu Dubois-Briand
2025-04-07 9:24 ` Mikko Rapeli
2025-04-07 9:52 ` Mathieu Dubois-Briand
2025-04-07 10:26 ` Mikko Rapeli
[not found] ` <18340261181AE46F.21691@lists.openembedded.org>
2025-04-07 11:13 ` Mikko Rapeli
2025-04-08 11:26 ` Mathieu Dubois-Briand
2025-04-08 11:39 ` Mikko Rapeli
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Z_OV8sGhAC-vqAll@nuoska \
--to=mikko.rapeli@linaro.org \
--cc=koen.kooi@oss.qualcomm.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox