Re: [OE-core] [PATCH v8 0/8] systemd uki support

[Mikko Rapeli <mikko.rapeli@linaro.org>]

Hi,

On Mon, Oct 14, 2024 at 01:30:56PM +0300, Mikko Rapeli via lists.openembedded.org wrote:
> Hi,
> 
> On Sun, Oct 13, 2024 at 08:43:15AM +0100, Richard Purdie wrote:
> > On Fri, 2024-10-11 at 15:20 +0300, Mikko Rapeli via lists.openembedded.org wrote:
> > > These changes enable building systemd uki images which combine
> > > kernel, kernel command line, initrd and possibly signatures to
> > > a single UEFI binary. This binary can be booted with UEFI firmware
> > > and systemd-boot. No grub is needed and UEFI firmware and/or
> > > systemd-boot provide possibilities for boot menus.
> > > The uki binary can also be signed for UEFI secure boot
> > > so the secure boot extends from firmware to kernel and initrd.
> > > Binding secure boot to full userspace is then easier since for example
> > > kernel command line and initrd contain the support needed to mount
> > > encrypted dm-verity etc partitions, and/or create partitions on demand
> > > with systemd-repart using device specific TPM devices for encryption.
> > > 
> > > Tested on qemuarm64-secureboot machine from meta-arm with changes to
> > > support secure boot. Slightly different configuration tested on
> > > multiple arm64 System Ready boards with UEFI firmware, real and firmware
> > > based TPM devices. Tested with ovmf firmware on x86_64 with selftests but
> > > without secure boot which seems to be harder to setup in ovmf.
> > > 
> > > Sadly I see two wic selftests, wic.Wic2.test_rawcopy_plugin_qemu and
> > > wic.Wic2.test_expand_mbr_image, failing when executing all wic selftests
> > > on a build machine with zfs filesystem. Will investigate this further.
> > > The issue seems to be in mkfs.ext4 producing broken filesystem, and partially
> > > in the tests which don't run the correct rootfs file (.ext4 vs .wic).
> > > Will debug this further and it is IMO unrelated to these changes since
> > > they reproduce on pure master branch without this series.
> > > 
> > > v8: fixed comments from Ross Burton: debug print from warning to debug,
> > > ��� dropped duplicate DISTRO_FEATURE setting for systemd in tests,
> > > ��� removed aarch64 comment from tests which are currently x86 only.
> > > ��� Fixed the new aarch64 wic selftest to run on both genericarm64
> > > ��� and qemuarm64 by adding bios, virtio disk driver etc settings
> > > ��� for runqemu (already set in genericarm64 but missing from qemuarm64).
> > > 
> > > v7: add missing "ovmf" to runqemu argument to
> > > ��� test_efi_plugin_plain_systemd_boot_qemu_x86 to fix boot hang
> > > 
> > > v6: fixes wic refactoring botch which broken non-uki systemd-boot usage on
> > > ��� genericarm64 reported by Ross Burton <Ross.Burton@arm.com>, added
> > > ��� selftest to cover this wks usage on x86 and aarch64
> > > 
> > > v5: drop patch "image_types_wic.bbclass: set systemd-boot and os-release
> > > ��� dependency for all archs" since systemd-boot does not support all
> > > ��� architectures
> > > 
> > > v4: handle missing runqemu variable from build config, add
> > > python3-pefile to fast ptest list
> > > 
> > > v3: rebased, fixed and added more sefltests, removed wic plugin side uki
> > > support
> > > 
> > > v2: https://lists.openembedded.org/g/openembedded-core/message/204090
> > > 
> > > Michelle Lin (1):
> > > � uki.bbclass: add class for building Unified Kernel Images (UKI)
> > > 
> > > Mikko Rapeli (7):
> > > � wic bootimg-efi.py: keep timestamps and add debug prints
> > > � wic bootimg-efi.py: change UKI support from wic plugin to uki.bbclass
> > > � oeqa selftest uki.py: add tests for uki.bbclass
> > > � oeqa selftest efibootpartition.py: add TEST_RUNQEMUPARAMS to runqemu
> > > � oeqa selftest efibootpartition.py: remove systemd-boot from grub-efi
> > > ��� test
> > > � oeqa selftest wic.py: add TEST_RUNQEMUPARAMS to runqemu
> > > � oeqa selftest wic.py: support UKIs via uki.bbclass
> > > 
> > 
> > I'm still seeing failures in CI:
> > 
> > https://valkyrie.yoctoproject.org//#/builders/23/builds/249/steps/14/logs/stdio
> > 
> > which is despite setting:
> > 
> > https://git.yoctoproject.org/poky/commit/?h=master-next&id=6211ad9210e82a5a8dd157c63752ad332c2f5de6
> > 
> > QEMU_USE_KVM = "False"
> > 
> > into the test to ensure it doesn't have the issue the barebox testing
> > was seeing.
> > 
> > I've sent a patch to try and clean up the lock error.
> > 
> > There is also this:
> > 
> > https://valkyrie.yoctoproject.org//#/builders/76/builds/235
> > https://valkyrie.yoctoproject.org//#/builders/48/builds/181
> > https://valkyrie.yoctoproject.org//#/builders/54/builds/230
> > 
> > which is due to the binaries being run "in tree" within the edk2 build
> > as well as from the sysroot. This generates two sets of pyc files which
> > then conflict (or not) depending on which host the build ran on and
> > which pyc files are in sstate.
> > 
> > We're going to have to get this fixed before it can merge, probably by
> > deleting the pyc files at install unless we can find anything more
> > elegant.
> 
> Sent an ovmf-native patch separately for this.

With ovmf-native change applied to master, can this series be tried again?

Or are some changes needed?

Cheers,

-Mikko