Re: [OE-core] [PATCH 2/2] uki.bbclass: add class for building Unified Kernel Images (UKI)

[Mikko Rapeli <mikko.rapeli@linaro.org>]

Hi,

On Mon, Sep 02, 2024 at 03:03:45PM +0200, Alexander Kanavin wrote:
> On Mon, 2 Sept 2024 at 14:25, Mikko Rapeli <mikko.rapeli@linaro.org> wrote:
> > I've checked and I have not found matching examples. We have everything working
> > for UEFI secure boot for multiple ARM64 boards and qemu, including oeqa runtime tests.
> > Currently the qemu side changes to support UEFI secure boot are queued to meta-arm[1].
> > They could in theory be proposed to poky as well but there is no
> > matching machine config for that. meta-arm provides u-boot and many other
> > firmware SW components, including fTPM. ovmf seems to be only for x86,
> > same for the meta-secure-core side examples for UEFI secure boot.
> >
> > systemd uki support is really generic and not at all specific to arm
> > architectures. That's why I think it belongs to poky. Yes, the tests
> > need to be somewhere else currently unless test target HW already
> > has UEFI compatible firmware, but even with that the deployment of
> > signing keys/certs needs to be done separately.
> >
> > [1] https://lists.yoctoproject.org/g/meta-arm/topic/patch_v4_00_13/108164747
> 
> I've checked now. There is support for UKI in
> scripts/lib/wic/plugins/source/bootimg-efi.py
> 
> and there's a test for it in
> 
> meta/lib/oeqa/selftest/cases/wic.py (see
> test_efi_plugin_unified_kernel_image_qemu)
> meta-selftest/wic/test_efi_plugin.wks
> 
> Which begs the question: why add the class at all? Does it do
> something that can't be done by extending wic code? Can you adapt your
> work to use the wic plugin using the above as example?

Well, I wasn't aware of those implementations nor do I know how to use them.

I can try to figure out.

Cheers,

-Mikko