[PATCH v10 0/9] systemd uki support

[PATCH v10 0/9] systemd uki support

[Mikko Rapeli]

These changes enable building systemd uki images which combine
kernel, kernel command line, initrd and possibly signatures to
a single UEFI binary. This binary can be booted with UEFI firmware
and systemd-boot. No grub is needed and UEFI firmware and/or
systemd-boot provide possibilities for boot menus.
The uki binary can also be signed for UEFI secure boot
so the secure boot extends from firmware to kernel and initrd.
Binding secure boot to full userspace is then easier since for example
kernel command line and initrd contain the support needed to mount
encrypted dm-verity etc partitions, and/or create partitions on demand
with systemd-repart using device specific TPM devices for encryption.

Tested on qemuarm64-secureboot machine from meta-arm with changes to
support secure boot. Slightly different configuration tested on
multiple arm64 System Ready boards with UEFI firmware, real and firmware
based TPM devices. Tested with ovmf firmware on x86_64 with selftests but
without secure boot which seems to be harder to setup in ovmf.

Sadly I see two wic selftests, wic.Wic2.test_rawcopy_plugin_qemu and
wic.Wic2.test_expand_mbr_image, failing when executing all wic selftests
on a build machine with zfs filesystem. Will investigate this further.
The issue seems to be in mkfs.ext4 producing broken filesystem, and partially
in the tests which don't run the correct rootfs file (.ext4 vs .wic).
Will debug this further and it is IMO unrelated to these changes since
they reproduce on pure master branch without this series.

v10: disabled kvm support in new tests since it breaks qemu boot on aarch64
     build machine, removed "testimage" from IMAGE_CLASS as well since
     can end up testing qemu machine during build.

v9: Fixed wic test on genericarm64. Disabled new aarch64 wic test on
    aarch64 build host since boot with qemu is currently failing.
    Tested wic, uki and efibootpartition selftests with target machines qemux86_64,
    qemuarm64 and genericarm64 on x86_64 build host.

v8: fixed comments from Ross Burton: debug print from warning to debug,
    dropped duplicate DISTRO_FEATURE setting for systemd in tests,
    removed aarch64 comment from tests which are currently x86 only.
    Fixed the new aarch64 wic selftest to run on both genericarm64
    and qemuarm64 by adding bios, virtio disk driver etc settings
    for runqemu (already set in genericarm64 but missing from qemuarm64).

v7: add missing "ovmf" to runqemu argument to
    test_efi_plugin_plain_systemd_boot_qemu_x86 to fix boot hang

v6: fixes wic refactoring botch which broken non-uki systemd-boot usage on
    genericarm64 reported by Ross Burton <Ross.Burton@arm.com>, added
    selftest to cover this wks usage on x86 and aarch64

v5: drop patch "image_types_wic.bbclass: set systemd-boot and os-release
    dependency for all archs" since systemd-boot does not support all
    architectures

v4: handle missing runqemu variable from build config, add
python3-pefile to fast ptest list

v3: rebased, fixed and added more sefltests, removed wic plugin side uki
support

v2: https://lists.openembedded.org/g/openembedded-core/message/204090

*** BLURB HERE ***

Michelle Lin (1):
  uki.bbclass: add class for building Unified Kernel Images (UKI)

Mikko Rapeli (8):
  wic bootimg-efi.py: keep timestamps and add debug prints
  wic bootimg-efi.py: change UKI support from wic plugin to uki.bbclass
  oeqa selftest uki.py: add tests for uki.bbclass
  oeqa selftest efibootpartition.py: add TEST_RUNQEMUPARAMS to runqemu
  oeqa selftest efibootpartition.py: remove systemd-boot from grub-efi
    test
  oeqa selftest wic.py: add TEST_RUNQEMUPARAMS to runqemu
  oeqa selftest wic.py: support UKIs via uki.bbclass
  oeqa selftest wic.py: fix missing ext4 image

 meta-selftest/wic/test_efi_plugin.wks         |   5 +-
 .../test_efi_plugin_plain_systemd-boot.wks    |   5 +
 meta/classes-recipe/image_types_wic.bbclass   |   3 +-
 meta/classes-recipe/uki.bbclass               | 195 ++++++++++++++++++
 .../oeqa/selftest/cases/efibootpartition.py   |  11 +-
 meta/lib/oeqa/selftest/cases/uki.py           | 142 +++++++++++++
 meta/lib/oeqa/selftest/cases/wic.py           | 140 +++++++++++--
 .../wic/canned-wks/efi-uki-bootdisk.wks.in    |   3 +
 scripts/lib/wic/plugins/source/bootimg-efi.py | 183 +++++-----------
 9 files changed, 529 insertions(+), 158 deletions(-)
 create mode 100644 meta-selftest/wic/test_efi_plugin_plain_systemd-boot.wks
 create mode 100644 meta/classes-recipe/uki.bbclass
 create mode 100644 meta/lib/oeqa/selftest/cases/uki.py
 create mode 100644 scripts/lib/wic/canned-wks/efi-uki-bootdisk.wks.in

-- 
2.34.1

[PATCH v10 1/9] uki.bbclass: add class for building Unified Kernel Images (UKI)

[Mikko Rapeli]

From: Michelle Lin <michelle.linto91@gmail.com>

This class calls systemd ukify tool, which will combine
kernel/initrd/stub components to build the UKI. To sign the UKI
(i.e. SecureBoot), the keys/cert files can be specified
in a configuration file or UEFI binary signing can be done
via separate steps, see qemuarm64-secureboot in meta-arm.
UKIs are loaded by UEFI firmware on target which can improve
security by loading only correctly signed kernel, initrd and kernel
command line.

Using systemd-measure to pre-calculate TPM PCR values and sign them is
not supported since that requires a TPM device on the build host. Thus
"ConditionSecurity=measured-uki" default from systemd 256 does not work
but "ConditionSecurity=tpm2" in combination with secure boot will.
These can be used to boot securely into systemd-boot, kernel, kernel
command line and initrd which then securely mounts a read-only dm-verity
/usr partition and creates a TPM encrypted read-write / rootfs.

Tested via qemuarm64-secureboot in meta-arm with
https://lists.yoctoproject.org/g/meta-arm/topic/patch_v3_02_13/108031399
and a few more changes needed, will be posted separately.

Signed-off-by: Michelle Lin <michelle.linto91@gmail.com>
Acked-by: Erik Schilling <erik.schilling@linaro.org>
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
---
 meta/classes-recipe/uki.bbclass | 195 ++++++++++++++++++++++++++++++++
 1 file changed, 195 insertions(+)
 create mode 100644 meta/classes-recipe/uki.bbclass

diff --git a/meta/classes-recipe/uki.bbclass b/meta/classes-recipe/uki.bbclass
new file mode 100644
index 0000000000..d4f25c7fd2
--- /dev/null
+++ b/meta/classes-recipe/uki.bbclass
@@ -0,0 +1,195 @@
+# Unified kernel image (UKI) class
+#
+# This bbclass merges kernel, initrd etc as a UKI standard UEFI binary,
+# to be loaded with UEFI firmware and systemd-boot on target HW.
+# TPM PCR pre-calculation is not supported since systemd-measure tooling
+# is meant to run on target, not in cross compile environment.
+#
+# See:
+# https://www.freedesktop.org/software/systemd/man/latest/ukify.html
+# https://uapi-group.org/specifications/specs/unified_kernel_image/
+#
+# The UKI contains:
+#
+#   - UEFI stub
+#     The linux kernel can generate a UEFI stub, however the one from systemd-boot can fetch
+#     the command line from a separate section of the EFI application, avoiding the need to
+#     rebuild the kernel.
+#   - kernel
+#   - initramfs
+#   - kernel command line
+#   - uname -r kernel version
+#   - /etc/os-release to create a boot menu with version details
+#   - optionally secure boot signature(s)
+#   - other metadata (e.g. TPM PCR measurements)
+#
+# Usage instructions:
+#
+#   - requires UEFI compatible firmware on target, e.g. qemuarm64-secureboot u-boot based
+#     from meta-arm or qemux86 ovmf/edk2 based firmware for x86_64
+#
+#   - Distro/build config:
+#
+#     INIT_MANAGER = "systemd"
+#     MACHINE_FEATURES:append = " efi"
+#     EFI_PROVIDER = "systemd-boot"
+#     INITRAMFS_IMAGE = "core-image-minimal-initramfs"
+#
+#   - image recipe:
+#
+#     inherit uki
+#
+#   - qemuboot/runqemu changes in image recipe or build config:
+#
+#     # Kernel command line must be inside the signed uki
+#     QB_KERNEL_ROOT = ""
+#     # kernel is in the uki image, not loaded separately
+#     QB_DEFAULT_KERNEL = "none"
+#
+#   - for UEFI secure boot, systemd-boot and uki (including kernel) can
+#     be signed but require sbsign-tool-native (recipe available from meta-secure-core,
+#     see also qemuarm64-secureboot from meta-arm). Set variable
+#     UKI_SB_KEY to path of private key and UKI_SB_CERT for certificate.
+#     Note that systemd-boot also need to be signed with the same key.
+#
+#   - at runtime, UEFI firmware will load and boot systemd-boot which
+#     creates a menu from all detected uki binaries. No need to manually
+#     setup boot menu entries.
+#
+#   - see efi-uki-bootdisk.wks.in how to create ESP partition which hosts systemd-boot,
+#     config file(s) for systemd-boot and the UKI binaries.
+#
+
+DEPENDS += "\
+    os-release \
+    systemd-boot \
+    systemd-boot-native \
+    virtual/${TARGET_PREFIX}binutils \
+    virtual/kernel \
+"
+
+inherit image-artifact-names
+require ../conf/image-uefi.conf
+
+INITRAMFS_IMAGE ?= "core-image-minimal-initramfs"
+
+INITRD_ARCHIVE ?= "${INITRAMFS_IMAGE}-${MACHINE}.${INITRAMFS_FSTYPES}"
+
+do_image_complete[depends] += "${INITRAMFS_IMAGE}:do_image_complete"
+
+UKIFY_CMD ?= "ukify build"
+UKI_CONFIG_FILE ?= "${UNPACKDIR}/uki.conf"
+UKI_FILENAME ?= "uki.efi"
+UKI_KERNEL_FILENAME ?= "${KERNEL_IMAGETYPE}"
+UKI_CMDLINE ?= "rootwait root=LABEL=root console=${KERNEL_CONSOLE}"
+# secure boot keys and cert, needs sbsign-tools-native (meta-secure-core)
+#UKI_SB_KEY ?= ""
+#UKI_SB_CERT ?= ""
+
+IMAGE_EFI_BOOT_FILES ?= "${UKI_FILENAME};EFI/Linux/${UKI_FILENAME}"
+
+do_uki[depends] += " \
+                        systemd-boot:do_deploy \
+                        virtual/kernel:do_deploy \
+                     "
+do_uki[depends] += "${@ '${INITRAMFS_IMAGE}:do_image_complete' if d.getVar('INITRAMFS_IMAGE') else ''}"
+
+# ensure that the build directory is empty everytime we generate a newly-created uki
+do_uki[cleandirs] = "${B}"
+# influence the build directory at the start of the builds
+do_uki[dirs] = "${B}"
+
+# we want to allow specifying files in SRC_URI, such as for signing the UKI
+python () {
+    d.delVarFlag("do_fetch","noexec")
+    d.delVarFlag("do_unpack","noexec")
+}
+
+# main task
+python do_uki() {
+    import glob
+    import bb.process
+
+    # base ukify command, can be extended if needed
+    ukify_cmd = d.getVar('UKIFY_CMD')
+
+    deploy_dir_image = d.getVar('DEPLOY_DIR_IMAGE')
+
+    # architecture
+    target_arch = d.getVar('EFI_ARCH')
+    if target_arch:
+        ukify_cmd += " --efi-arch %s" % (target_arch)
+
+    # systemd stubs
+    stub = "%s/linux%s.efi.stub" % (d.getVar('DEPLOY_DIR_IMAGE'), target_arch)
+    if not os.path.exists(stub):
+        bb.fatal(f"ERROR: cannot find {stub}.")
+    ukify_cmd += " --stub %s" % (stub)
+
+    # initrd
+    initramfs_image = "%s" % (d.getVar('INITRD_ARCHIVE'))
+    ukify_cmd += " --initrd=%s" % (os.path.join(deploy_dir_image, initramfs_image))
+
+    deploy_dir_image = d.getVar('DEPLOY_DIR_IMAGE')
+
+    # kernel
+    kernel_filename = d.getVar('UKI_KERNEL_FILENAME') or None
+    if kernel_filename:
+        kernel = "%s/%s" % (deploy_dir_image, kernel_filename)
+        if not os.path.exists(kernel):
+            bb.fatal(f"ERROR: cannot find %s" % (kernel))
+        ukify_cmd += " --linux=%s" % (kernel)
+        # not always needed, ukify can detect version from kernel binary
+        kernel_version = d.getVar('KERNEL_VERSION')
+        if kernel_version:
+            ukify_cmd += "--uname %s" % (kernel_version)
+    else:
+        bb.fatal("ERROR - UKI_KERNEL_FILENAME not set")
+
+    # command line
+    cmdline = d.getVar('UKI_CMDLINE')
+    if cmdline:
+        ukify_cmd += " --cmdline='%s'" % (cmdline)
+
+    # dtb
+    if d.getVar('KERNEL_DEVICETREE'):
+        for dtb in d.getVar('KERNEL_DEVICETREE').split():
+            dtb_path = "%s/%s" % (deploy_dir_image, dtb)
+            if not os.path.exists(dtb_path):
+                bb.fatal(f"ERROR: cannot find {dtb_path}.")
+            ukify_cmd += " --devicetree %s" % (dtb_path)
+
+    # custom config for ukify
+    if os.path.exists(d.getVar('UKI_CONFIG_FILE')):
+        ukify_cmd += " --config=%s" % (d.getVar('UKI_CONFIG_FILE'))
+
+    # systemd tools
+    ukify_cmd += " --tools=%s%s/lib/systemd/tools" % \
+        (d.getVar("RECIPE_SYSROOT_NATIVE"), d.getVar("prefix"))
+
+    # version
+    ukify_cmd += " --os-release=@%s%s/lib/os-release" % \
+        (d.getVar("RECIPE_SYSROOT"), d.getVar("prefix"))
+
+    # TODO: tpm2 measure for secure boot, depends on systemd-native and TPM tooling
+    # needed in systemd > 254 to fulfill ConditionSecurity=measured-uki
+    # Requires TPM device on build host, thus not supported at build time.
+    #ukify_cmd += " --measure"
+
+    # securebooot signing, also for kernel
+    key = d.getVar('UKI_SB_KEY')
+    if key:
+        ukify_cmd += " --sign-kernel --secureboot-private-key='%s'" % (key)
+    cert = d.getVar('UKI_SB_CERT')
+    if cert:
+        ukify_cmd += " --secureboot-certificate='%s'" % (cert)
+
+    # custom output UKI filename
+    output = " --output=%s/%s" % (d.getVar('DEPLOY_DIR_IMAGE'), d.getVar('UKI_FILENAME'))
+    ukify_cmd += " %s" % (output)
+
+    # Run the ukify command
+    bb.debug("uki: running command: %s" % (ukify_cmd))
+    bb.process.run(ukify_cmd, shell=True)
+}
+addtask uki after do_rootfs before do_deploy do_image_complete do_image_wic
-- 
2.34.1

[PATCH v10 2/9] wic bootimg-efi.py: keep timestamps and add debug prints

[Mikko Rapeli]

Keep timestamps etc to help build reproducibility.

Add prints to see what is being copied to ESP partition.

Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
---
 scripts/lib/wic/plugins/source/bootimg-efi.py | 49 ++++++++++++-------
 1 file changed, 30 insertions(+), 19 deletions(-)

diff --git a/scripts/lib/wic/plugins/source/bootimg-efi.py b/scripts/lib/wic/plugins/source/bootimg-efi.py
index 7cc5131541..d00f5428da 100644
--- a/scripts/lib/wic/plugins/source/bootimg-efi.py
+++ b/scripts/lib/wic/plugins/source/bootimg-efi.py
@@ -43,16 +43,18 @@ class BootimgEFIPlugin(SourcePlugin):
         if initrd:
             initrds = initrd.split(';')
             for rd in initrds:
-                cp_cmd = "cp %s/%s %s" % (bootimg_dir, rd, hdddir)
-                exec_cmd(cp_cmd, True)
+                cp_cmd = "cp -v -p %s/%s %s" % (bootimg_dir, rd, hdddir)
+                out = exec_cmd(cp_cmd, True)
+                logger.debug("initrd files:\n%s" % (out))
         else:
             logger.debug("Ignoring missing initrd")
 
         if dtb:
             if ';' in dtb:
                 raise WicError("Only one DTB supported, exiting")
-            cp_cmd = "cp %s/%s %s" % (bootimg_dir, dtb, hdddir)
-            exec_cmd(cp_cmd, True)
+            cp_cmd = "cp -v -p %s/%s %s" % (bootimg_dir, dtb, hdddir)
+            out = exec_cmd(cp_cmd, True)
+            logger.debug("dtb files:\n%s" % (out))
 
     @classmethod
     def do_configure_grubefi(cls, hdddir, creator, cr_workdir, source_params):
@@ -150,6 +152,7 @@ class BootimgEFIPlugin(SourcePlugin):
                      "%s/hdd/boot/loader/loader.conf", cr_workdir)
         cfg = open("%s/hdd/boot/loader/loader.conf" % cr_workdir, "w")
         cfg.write(loader_conf)
+        logger.debug("loader.conf:\n%s" % (loader_conf))
         cfg.close()
 
         configfile = creator.ks.bootloader.configfile
@@ -401,30 +404,33 @@ class BootimgEFIPlugin(SourcePlugin):
                 exec_native_cmd(objcopy_cmd, native_sysroot)
         else:
             if source_params.get('install-kernel-into-boot-dir') != 'false':
-                install_cmd = "install -m 0644 %s/%s %s/%s" % \
+                install_cmd = "install -v -p -m 0644 %s/%s %s/%s" % \
                     (staging_kernel_dir, kernel, hdddir, kernel)
-                exec_cmd(install_cmd)
+                out = exec_cmd(install_cmd)
+                logger.debug("Installed kernel files:\n%s" % out)
 
         if get_bitbake_var("IMAGE_EFI_BOOT_FILES"):
             for src_path, dst_path in cls.install_task:
-                install_cmd = "install -m 0644 -D %s %s" \
+                install_cmd = "install -v -p -m 0644 -D %s %s" \
                               % (os.path.join(kernel_dir, src_path),
                                  os.path.join(hdddir, dst_path))
-                exec_cmd(install_cmd)
+                out = exec_cmd(install_cmd)
+                logger.debug("Installed IMAGE_EFI_BOOT_FILES:\n%s" % out)
 
         try:
             if source_params['loader'] == 'grub-efi':
                 shutil.copyfile("%s/hdd/boot/EFI/BOOT/grub.cfg" % cr_workdir,
                                 "%s/grub.cfg" % cr_workdir)
                 for mod in [x for x in os.listdir(kernel_dir) if x.startswith("grub-efi-")]:
-                    cp_cmd = "cp %s/%s %s/EFI/BOOT/%s" % (kernel_dir, mod, hdddir, mod[9:])
+                    cp_cmd = "cp -v -p %s/%s %s/EFI/BOOT/%s" % (kernel_dir, mod, hdddir, mod[9:])
                     exec_cmd(cp_cmd, True)
                 shutil.move("%s/grub.cfg" % cr_workdir,
                             "%s/hdd/boot/EFI/BOOT/grub.cfg" % cr_workdir)
             elif source_params['loader'] == 'systemd-boot':
                 for mod in [x for x in os.listdir(kernel_dir) if x.startswith("systemd-")]:
-                    cp_cmd = "cp %s/%s %s/EFI/BOOT/%s" % (kernel_dir, mod, hdddir, mod[8:])
-                    exec_cmd(cp_cmd, True)
+                    cp_cmd = "cp -v -p %s/%s %s/EFI/BOOT/%s" % (kernel_dir, mod, hdddir, mod[8:])
+                    out = exec_cmd(cp_cmd, True)
+                    logger.debug("systemd-boot files:\n%s" % out)
             elif source_params['loader'] == 'uefi-kernel':
                 kernel = get_bitbake_var("KERNEL_IMAGETYPE")
                 if not kernel:
@@ -445,8 +451,9 @@ class BootimgEFIPlugin(SourcePlugin):
                     raise WicError("UEFI stub kernel is incompatible with target %s" % target)
 
                 for mod in [x for x in os.listdir(kernel_dir) if x.startswith(kernel)]:
-                    cp_cmd = "cp %s/%s %s/EFI/BOOT/%s" % (kernel_dir, mod, hdddir, kernel_efi_image)
-                    exec_cmd(cp_cmd, True)
+                    cp_cmd = "cp -v -p %s/%s %s/EFI/BOOT/%s" % (kernel_dir, mod, hdddir, kernel_efi_image)
+                    out = exec_cmd(cp_cmd, True)
+                    logger.debug("uefi-kernel files:\n%s" % out)
             else:
                 raise WicError("unrecognized bootimg-efi loader: %s" %
                                source_params['loader'])
@@ -455,13 +462,15 @@ class BootimgEFIPlugin(SourcePlugin):
 
         startup = os.path.join(kernel_dir, "startup.nsh")
         if os.path.exists(startup):
-            cp_cmd = "cp %s %s/" % (startup, hdddir)
-            exec_cmd(cp_cmd, True)
+            cp_cmd = "cp -v -p %s %s/" % (startup, hdddir)
+            out = exec_cmd(cp_cmd, True)
+            logger.debug("startup files:\n%s" % out)
 
         for paths in part.include_path or []:
             for path in paths:
-                cp_cmd = "cp -r %s %s/" % (path, hdddir)
+                cp_cmd = "cp -v -p -r %s %s/" % (path, hdddir)
                 exec_cmd(cp_cmd, True)
+                logger.debug("include_path files:\n%s" % out)
 
         du_cmd = "du -bks %s" % hdddir
         out = exec_cmd(du_cmd)
@@ -489,12 +498,14 @@ class BootimgEFIPlugin(SourcePlugin):
 
         label = part.label if part.label else "ESP"
 
-        dosfs_cmd = "mkdosfs -n %s -i %s -C %s %d" % \
+        dosfs_cmd = "mkdosfs -v -n %s -i %s -C %s %d" % \
                     (label, part.fsuuid, bootimg, blocks)
         exec_native_cmd(dosfs_cmd, native_sysroot)
+        logger.debug("mkdosfs:\n%s" % (str(out)))
 
-        mcopy_cmd = "mcopy -i %s -s %s/* ::/" % (bootimg, hdddir)
-        exec_native_cmd(mcopy_cmd, native_sysroot)
+        mcopy_cmd = "mcopy -v -p -i %s -s %s/* ::/" % (bootimg, hdddir)
+        out = exec_native_cmd(mcopy_cmd, native_sysroot)
+        logger.debug("mcopy:\n%s" % (str(out)))
 
         chmod_cmd = "chmod 644 %s" % bootimg
         exec_cmd(chmod_cmd)
-- 
2.34.1

[PATCH v10 3/9] wic bootimg-efi.py: change UKI support from wic plugin to uki.bbclass

[Mikko Rapeli]

Remove custom wic plugin implementation and use systemd ukify reference
implementation when generating UKI images. Fail if users still have
create-unified-kernel-image in wic image config. uki.bbclass use is
detected from IMAGE_CLASSES variable ("inherit uki" in image
recipe) so export that to wic plugins.

If UKI is used, then only generate a minimal loader config for
systemd-boot which basically just sets a timeout. Also set 5 second
timeout by default instead of failing if wic bootloader config is
missing. Boot menu is generated at runtime based on UKI binaries
found from ESP partition.

Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
---
 meta/classes-recipe/image_types_wic.bbclass   |   3 +-
 scripts/lib/wic/plugins/source/bootimg-efi.py | 140 ++++--------------
 2 files changed, 27 insertions(+), 116 deletions(-)

diff --git a/meta/classes-recipe/image_types_wic.bbclass b/meta/classes-recipe/image_types_wic.bbclass
index 1fa016c16e..9a2996658a 100644
--- a/meta/classes-recipe/image_types_wic.bbclass
+++ b/meta/classes-recipe/image_types_wic.bbclass
@@ -15,6 +15,7 @@ WICVARS ?= "\
 	HOSTTOOLS_DIR \
 	IMAGE_BASENAME \
 	IMAGE_BOOT_FILES \
+	IMAGE_CLASSES \
 	IMAGE_EFI_BOOT_FILES \
 	IMAGE_LINK_NAME \
 	IMAGE_ROOTFS \
@@ -113,7 +114,7 @@ WKS_FILE_DEPENDS_DEFAULT += "bmaptool-native cdrtools-native btrfs-tools-native
 WKS_FILE_DEPENDS_DEFAULT += "virtual/${TARGET_PREFIX}binutils"
 WKS_FILE_DEPENDS_BOOTLOADERS = ""
 WKS_FILE_DEPENDS_BOOTLOADERS:x86 = "syslinux grub-efi systemd-boot os-release"
-WKS_FILE_DEPENDS_BOOTLOADERS:x86-64 = "syslinux grub-efi systemd-boot os-release"
+WKS_FILE_DEPENDS_BOOTLOADERS:x86-64 = "syslinux systemd-boot os-release"
 WKS_FILE_DEPENDS_BOOTLOADERS:x86-x32 = "syslinux grub-efi"
 
 WKS_FILE_DEPENDS ??= "${WKS_FILE_DEPENDS_DEFAULT} ${WKS_FILE_DEPENDS_BOOTLOADERS}"
diff --git a/scripts/lib/wic/plugins/source/bootimg-efi.py b/scripts/lib/wic/plugins/source/bootimg-efi.py
index d00f5428da..c05f38f229 100644
--- a/scripts/lib/wic/plugins/source/bootimg-efi.py
+++ b/scripts/lib/wic/plugins/source/bootimg-efi.py
@@ -125,8 +125,16 @@ class BootimgEFIPlugin(SourcePlugin):
     @classmethod
     def do_configure_systemdboot(cls, hdddir, creator, cr_workdir, source_params):
         """
-        Create loader-specific systemd-boot/gummiboot config
+        Create loader-specific systemd-boot/gummiboot config. Unified Kernel Image (uki)
+        support is done in image recipe with uki.bbclass and only systemd-boot loader config
+        and ESP partition structure is created here.
         """
+        # detect uki.bbclass usage
+        image_classes = get_bitbake_var("IMAGE_CLASSES").split()
+        unified_image = False
+        if "uki" in image_classes:
+            unified_image = True
+
         install_cmd = "install -d %s/loader" % hdddir
         exec_cmd(install_cmd)
 
@@ -134,19 +142,10 @@ class BootimgEFIPlugin(SourcePlugin):
         exec_cmd(install_cmd)
 
         bootloader = creator.ks.bootloader
-
-        unified_image = source_params.get('create-unified-kernel-image') == "true"
-
         loader_conf = ""
-        if not unified_image:
-            loader_conf += "default boot\n"
-        loader_conf += "timeout %d\n" % bootloader.timeout
 
-        initrd = source_params.get('initrd')
-        dtb = source_params.get('dtb')
-
-        if not unified_image:
-            cls._copy_additional_files(hdddir, initrd, dtb)
+        # 5 seconds is a sensible default timeout
+        loader_conf += "timeout %d\n" % (bootloader.timeout or 5)
 
         logger.debug("Writing systemd-boot config "
                      "%s/hdd/boot/loader/loader.conf", cr_workdir)
@@ -155,8 +154,14 @@ class BootimgEFIPlugin(SourcePlugin):
         logger.debug("loader.conf:\n%s" % (loader_conf))
         cfg.close()
 
+        initrd = source_params.get('initrd')
+        dtb = source_params.get('dtb')
+        if not unified_image:
+            cls._copy_additional_files(hdddir, initrd, dtb)
+
         configfile = creator.ks.bootloader.configfile
         custom_cfg = None
+        boot_conf = ""
         if configfile:
             custom_cfg = get_custom_config(configfile)
             if custom_cfg:
@@ -167,8 +172,7 @@ class BootimgEFIPlugin(SourcePlugin):
             else:
                 raise WicError("configfile is specified but failed to "
                                "get it from %s.", configfile)
-
-        if not custom_cfg:
+        else:
             # Create systemd-boot configuration using parameters from wks file
             kernel = get_bitbake_var("KERNEL_IMAGETYPE")
             if get_bitbake_var("INITRAMFS_IMAGE_BUNDLE") == "1":
@@ -178,7 +182,6 @@ class BootimgEFIPlugin(SourcePlugin):
 
             title = source_params.get('title')
 
-            boot_conf = ""
             boot_conf += "title %s\n" % (title if title else "boot")
             boot_conf += "linux /%s\n" % kernel
 
@@ -203,6 +206,7 @@ class BootimgEFIPlugin(SourcePlugin):
                          "%s/hdd/boot/loader/entries/boot.conf", cr_workdir)
             cfg = open("%s/hdd/boot/loader/entries/boot.conf" % cr_workdir, "w")
             cfg.write(boot_conf)
+            logger.debug("boot.conf:\n%s" % (boot_conf))
             cfg.close()
 
 
@@ -307,107 +311,13 @@ class BootimgEFIPlugin(SourcePlugin):
                     (get_bitbake_var("KERNEL_IMAGETYPE"), get_bitbake_var("INITRAMFS_LINK_NAME"))
 
         if source_params.get('create-unified-kernel-image') == "true":
-            initrd = source_params.get('initrd')
-            if not initrd:
-                raise WicError("initrd= must be specified when create-unified-kernel-image=true, exiting")
-
-            deploy_dir = get_bitbake_var("DEPLOY_DIR_IMAGE")
-            efi_stub = glob("%s/%s" % (deploy_dir, "linux*.efi.stub"))
-            if len(efi_stub) == 0:
-                raise WicError("Unified Kernel Image EFI stub not found, exiting")
-            efi_stub = efi_stub[0]
-
-            with tempfile.TemporaryDirectory() as tmp_dir:
-                label = source_params.get('label')
-                label_conf = "root=%s" % creator.rootdev
-                if label:
-                    label_conf = "LABEL=%s" % label
-
-                bootloader = creator.ks.bootloader
-                cmdline = open("%s/cmdline" % tmp_dir, "w")
-                cmdline.write("%s %s" % (label_conf, bootloader.append))
-                cmdline.close()
+            raise WicError("create-unified-kernel-image is no longer supported. Please use uki.bbclass.")
 
-                initrds = initrd.split(';')
-                initrd = open("%s/initrd" % tmp_dir, "wb")
-                for f in initrds:
-                    with open("%s/%s" % (deploy_dir, f), 'rb') as in_file:
-                        shutil.copyfileobj(in_file, initrd)
-                initrd.close()
-
-                # Searched by systemd-boot:
-                # https://systemd.io/BOOT_LOADER_SPECIFICATION/#type-2-efi-unified-kernel-images
-                install_cmd = "install -d %s/EFI/Linux" % hdddir
-                exec_cmd(install_cmd)
-
-                staging_dir_host = get_bitbake_var("STAGING_DIR_HOST")
-                target_sys = get_bitbake_var("TARGET_SYS")
-
-                objdump_cmd = "%s-objdump" % target_sys
-                objdump_cmd += " -p %s" % efi_stub
-                objdump_cmd += " | awk '{ if ($1 == \"SectionAlignment\"){print $2} }'"
-
-                ret, align_str = exec_native_cmd(objdump_cmd, native_sysroot)
-                align = int(align_str, 16)
-
-                objdump_cmd = "%s-objdump" % target_sys
-                objdump_cmd += " -h %s | tail -2" % efi_stub
-                ret, output = exec_native_cmd(objdump_cmd, native_sysroot)
-
-                offset = int(output.split()[2], 16) + int(output.split()[3], 16)
-
-                osrel_off = offset + align - offset % align
-                osrel_path = "%s/usr/lib/os-release" % staging_dir_host
-                osrel_sz = os.stat(osrel_path).st_size
-
-                cmdline_off = osrel_off + osrel_sz
-                cmdline_off = cmdline_off + align - cmdline_off % align
-                cmdline_sz = os.stat(cmdline.name).st_size
-
-                dtb_off = cmdline_off + cmdline_sz
-                dtb_off = dtb_off + align - dtb_off % align
-
-                dtb = source_params.get('dtb')
-                if dtb:
-                    if ';' in dtb:
-                        raise WicError("Only one DTB supported, exiting")
-                    dtb_path = "%s/%s" % (deploy_dir, dtb)
-                    dtb_params = '--add-section .dtb=%s --change-section-vma .dtb=0x%x' % \
-                            (dtb_path, dtb_off)
-                    linux_off = dtb_off + os.stat(dtb_path).st_size
-                    linux_off = linux_off + align - linux_off % align
-                else:
-                    dtb_params = ''
-                    linux_off = dtb_off
-
-                linux_path = "%s/%s" % (staging_kernel_dir, kernel)
-                linux_sz = os.stat(linux_path).st_size
-
-                initrd_off = linux_off + linux_sz
-                initrd_off = initrd_off + align - initrd_off % align
-
-                # https://www.freedesktop.org/software/systemd/man/systemd-stub.html
-                objcopy_cmd = "%s-objcopy" % target_sys
-                objcopy_cmd += " --enable-deterministic-archives"
-                objcopy_cmd += " --preserve-dates"
-                objcopy_cmd += " --add-section .osrel=%s" % osrel_path
-                objcopy_cmd += " --change-section-vma .osrel=0x%x" % osrel_off
-                objcopy_cmd += " --add-section .cmdline=%s" % cmdline.name
-                objcopy_cmd += " --change-section-vma .cmdline=0x%x" % cmdline_off
-                objcopy_cmd += dtb_params
-                objcopy_cmd += " --add-section .linux=%s" % linux_path
-                objcopy_cmd += " --change-section-vma .linux=0x%x" % linux_off
-                objcopy_cmd += " --add-section .initrd=%s" % initrd.name
-                objcopy_cmd += " --change-section-vma .initrd=0x%x" % initrd_off
-                objcopy_cmd += " %s %s/EFI/Linux/linux.efi" % (efi_stub, hdddir)
-
-                exec_native_cmd(objcopy_cmd, native_sysroot)
-        else:
-            if source_params.get('install-kernel-into-boot-dir') != 'false':
-                install_cmd = "install -v -p -m 0644 %s/%s %s/%s" % \
-                    (staging_kernel_dir, kernel, hdddir, kernel)
-                out = exec_cmd(install_cmd)
-                logger.debug("Installed kernel files:\n%s" % out)
+        if source_params.get('install-kernel-into-boot-dir') != 'false':
+            install_cmd = "install -v -p -m 0644 %s/%s %s/%s" % \
+                (staging_kernel_dir, kernel, hdddir, kernel)
+            out = exec_cmd(install_cmd)
+            logger.debug("Installed kernel files:\n%s" % out)
 
         if get_bitbake_var("IMAGE_EFI_BOOT_FILES"):
             for src_path, dst_path in cls.install_task:
-- 
2.34.1

[PATCH v10 4/9] oeqa selftest uki.py: add tests for uki.bbclass

[Mikko Rapeli]

Tests builds and boots qemu into uki binary with systemd and sysvinit.
Due to depedency to x86 specific ovmf UEFI firmware, tests
are specific to x86 curently. UEFI firmware for ARM can be generated
via qemuarm64-secureboot machine in meta-arm and similar tests
on qemu will pass.

Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
---
 meta/lib/oeqa/selftest/cases/uki.py           | 142 ++++++++++++++++++
 .../wic/canned-wks/efi-uki-bootdisk.wks.in    |   3 +
 2 files changed, 145 insertions(+)
 create mode 100644 meta/lib/oeqa/selftest/cases/uki.py
 create mode 100644 scripts/lib/wic/canned-wks/efi-uki-bootdisk.wks.in

diff --git a/meta/lib/oeqa/selftest/cases/uki.py b/meta/lib/oeqa/selftest/cases/uki.py
new file mode 100644
index 0000000000..cd20a99aca
--- /dev/null
+++ b/meta/lib/oeqa/selftest/cases/uki.py
@@ -0,0 +1,142 @@
+# Based on runqemu.py test file
+#
+# Copyright (c) 2017 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: MIT
+#
+
+from oeqa.selftest.case import OESelftestTestCase
+from oeqa.utils.commands import bitbake, runqemu, get_bb_var
+from oeqa.core.decorator.data import skipIfNotArch
+from oeqa.core.decorator import OETestTag
+import oe.types
+
+class UkiTest(OESelftestTestCase):
+    """Boot Unified Kernel Image (UKI) generated with uki.bbclass on UEFI firmware (omvf/edk2)"""
+
+    @skipIfNotArch(['i586', 'i686', 'x86_64'])
+    @OETestTag("runqemu")
+    def test_uki_boot_systemd(self):
+        """Build and boot into UEFI firmware (omvf/edk2), systemd-boot, initrd without systemd, rootfs with systemd"""
+        image = "core-image-minimal"
+        runqemu_params = get_bb_var('TEST_RUNQEMUPARAMS', image) or ""
+        cmd = "runqemu %s nographic serial wic ovmf" % (runqemu_params)
+        if oe.types.qemu_use_kvm(self.td.get('QEMU_USE_KVM', 0), self.td["TARGET_ARCH"]):
+            cmd += " kvm"
+
+        self.write_config("""
+# efi firmware must load systemd-boot, not grub
+EFI_PROVIDER = "systemd-boot"
+
+# image format must be wic, needs esp partition for firmware etc
+IMAGE_FSTYPES:pn-%s:append = " wic"
+WKS_FILE = "efi-uki-bootdisk.wks.in"
+
+# efi, uki and systemd features must be enabled
+INIT_MANAGER = "systemd"
+MACHINE_FEATURES:append = " efi"
+IMAGE_CLASSES:append:pn-core-image-minimal = " uki"
+
+# uki embeds also an initrd
+INITRAMFS_IMAGE = "core-image-minimal-initramfs"
+
+# runqemu must not load kernel separately, it's in the uki
+QB_KERNEL_ROOT = ""
+QB_DEFAULT_KERNEL = "none"
+
+# boot command line provided via uki, not via bootloader
+UKI_CMDLINE = "rootwait root=LABEL=root console=${KERNEL_CONSOLE}"
+
+# disable kvm, breaks boot
+QEMU_USE_KVM = ""
+
+IMAGE_CLASSES:remove = 'testimage'
+""" % (image))
+
+        uki_filename = get_bb_var('UKI_FILENAME', image)
+
+        bitbake(image + " ovmf")
+        with runqemu(image, ssh=False, launch_cmd=cmd) as qemu:
+            self.assertTrue(qemu.runner.logged, "Failed: %s" % cmd)
+
+            # Verify from efivars that firmware was:
+            # x86_64, qemux86_64, ovmf = edk2
+            cmd = "echo $( cat /sys/firmware/efi/efivars/LoaderFirmwareInfo-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f ) | grep 'EDK II'"
+            status, output = qemu.run_serial(cmd)
+            self.assertEqual(1, status, 'Failed to run command "%s": %s' % (cmd, output))
+
+            # Check that systemd-boot was the loader
+            cmd = "echo $( cat /sys/firmware/efi/efivars/LoaderInfo-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f ) | grep systemd-boot"
+            status, output = qemu.run_serial(cmd)
+            self.assertEqual(1, status, 'Failed to run command "%s": %s' % (cmd, output))
+
+            # Check that systemd-stub was used
+            cmd = "echo $( cat /sys/firmware/efi/efivars/StubInfo-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f ) | grep systemd-stub"
+            status, output = qemu.run_serial(cmd)
+            self.assertEqual(1, status, 'Failed to run command "%s": %s' % (cmd, output))
+
+            # Check that the compiled uki file was booted into
+            cmd = "echo $( cat /sys/firmware/efi/efivars/LoaderEntrySelected-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f ) | grep '%s'" % (uki_filename)
+            status, output = qemu.run_serial(cmd)
+            self.assertEqual(1, status, 'Failed to run command "%s": %s' % (cmd, output))
+
+    @skipIfNotArch(['i586', 'i686', 'x86_64'])
+    @OETestTag("runqemu")
+    def test_uki_sysvinit(self):
+        """Build and boot into UEFI firmware (omvf/edk2), systemd-boot, initrd with sysvinit, rootfs with sysvinit"""
+        config = """
+# efi firmware must load systemd-boot, not grub
+EFI_PROVIDER = "systemd-boot"
+
+# image format must be wic, needs esp partition for firmware etc
+IMAGE_FSTYPES:pn-core-image-base:append = " wic"
+WKS_FILE = "efi-uki-bootdisk.wks.in"
+
+# efi, uki and systemd features must be enabled
+MACHINE_FEATURES:append = " efi"
+DISTRO_FEATURES_NATIVE:append = " systemd"
+IMAGE_CLASSES:append:pn-core-image-base = " uki"
+
+# uki embeds also an initrd, no systemd or udev
+INITRAMFS_IMAGE = "core-image-initramfs-boot"
+
+# runqemu must not load kernel separately, it's in the uki
+QB_KERNEL_ROOT = ""
+QB_DEFAULT_KERNEL = "none"
+
+# boot command line provided via uki, not via bootloader
+UKI_CMDLINE = "rootwait root=LABEL=root console=${KERNEL_CONSOLE}"
+
+# disable kvm, breaks boot
+QEMU_USE_KVM = ""
+
+IMAGE_CLASSES:remove = 'testimage'
+"""
+        self.append_config(config)
+        bitbake('core-image-base ovmf')
+        runqemu_params = get_bb_var('TEST_RUNQEMUPARAMS', 'core-image-base') or ""
+        uki_filename = get_bb_var('UKI_FILENAME', 'core-image-base')
+        self.remove_config(config)
+
+        with runqemu('core-image-base', ssh=False,
+                     runqemuparams='%s slirp nographic ovmf' % (runqemu_params), image_fstype='wic') as qemu:
+            # Verify from efivars that firmware was:
+            # x86_64, qemux86_64, ovmf = edk2
+            cmd = "echo $( cat /sys/firmware/efi/efivars/LoaderFirmwareInfo-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f ) | grep 'EDK II'"
+            status, output = qemu.run_serial(cmd)
+            self.assertEqual(1, status, 'Failed to run command "%s": %s' % (cmd, output))
+
+            # Check that systemd-boot was the loader
+            cmd = "echo $( cat /sys/firmware/efi/efivars/LoaderInfo-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f ) | grep systemd-boot"
+            status, output = qemu.run_serial(cmd)
+            self.assertEqual(1, status, 'Failed to run command "%s": %s' % (cmd, output))
+
+            # Check that systemd-stub was used
+            cmd = "echo $( cat /sys/firmware/efi/efivars/StubInfo-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f ) | grep systemd-stub"
+            status, output = qemu.run_serial(cmd)
+            self.assertEqual(1, status, 'Failed to run command "%s": %s' % (cmd, output))
+
+            # Check that the compiled uki file was booted into
+            cmd = "echo $( cat /sys/firmware/efi/efivars/LoaderEntrySelected-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f ) | grep '%s'" % (uki_filename)
+            status, output = qemu.run_serial(cmd)
+            self.assertEqual(1, status, 'Failed to run command "%s": %s' % (cmd, output))
diff --git a/scripts/lib/wic/canned-wks/efi-uki-bootdisk.wks.in b/scripts/lib/wic/canned-wks/efi-uki-bootdisk.wks.in
new file mode 100644
index 0000000000..1ea9c8a845
--- /dev/null
+++ b/scripts/lib/wic/canned-wks/efi-uki-bootdisk.wks.in
@@ -0,0 +1,3 @@
+bootloader --ptable gpt --timeout=5
+part /boot --source bootimg-efi --sourceparams="loader=${EFI_PROVIDER}" --label boot --active --align 1024 --use-uuid --part-name="ESP" --part-type=C12A7328-F81F-11D2-BA4B-00A0C93EC93B --fixed-size 512M
+part / --source rootfs --fstype=ext4 --label root --align 1024 --exclude-path boot/
-- 
2.34.1

[PATCH v10 5/9] oeqa selftest efibootpartition.py: add TEST_RUNQEMUPARAMS to runqemu

[Mikko Rapeli]

TEST_RUNQEMUPARAMS variable is used to add runqemu parameters like
"slirp" networking. Support this also in selftests so that "slirp"
networking can be used instead of the tun/tap devices setup which
is easier to work with on shared build machines.

Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
---
 meta/lib/oeqa/selftest/cases/efibootpartition.py | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/meta/lib/oeqa/selftest/cases/efibootpartition.py b/meta/lib/oeqa/selftest/cases/efibootpartition.py
index fa74103dec..e6d6a91a22 100644
--- a/meta/lib/oeqa/selftest/cases/efibootpartition.py
+++ b/meta/lib/oeqa/selftest/cases/efibootpartition.py
@@ -6,7 +6,7 @@
 #
 
 from oeqa.selftest.case import OESelftestTestCase
-from oeqa.utils.commands import bitbake, runqemu
+from oeqa.utils.commands import bitbake, runqemu, get_bb_var
 from oeqa.core.decorator.data import skipIfNotMachine
 import oe.types
 
@@ -14,10 +14,11 @@ class GenericEFITest(OESelftestTestCase):
     """EFI booting test class"""
     @skipIfNotMachine("qemux86-64", "test is qemux86-64 specific currently")
     def test_boot_efi(self):
-        cmd = "runqemu nographic serial wic ovmf"
+        image = "core-image-minimal"
+        runqemu_params = get_bb_var('TEST_RUNQEMUPARAMS', image) or ""
+        cmd = "runqemu %s nographic serial wic ovmf" % (runqemu_params)
         if oe.types.qemu_use_kvm(self.td.get('QEMU_USE_KVM', 0), self.td["TARGET_ARCH"]):
             cmd += " kvm"
-        image = "core-image-minimal"
 
         self.write_config("""
 EFI_PROVIDER = "systemd-boot"
-- 
2.34.1

[PATCH v10 6/9] oeqa selftest efibootpartition.py: remove systemd-boot from grub-efi test

[Mikko Rapeli]

The test is actually using grub-efi not systemd-boot so
remove it completely. systemd-boot will be tested via uki.py
tests.

Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
---
 meta/lib/oeqa/selftest/cases/efibootpartition.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta/lib/oeqa/selftest/cases/efibootpartition.py b/meta/lib/oeqa/selftest/cases/efibootpartition.py
index e6d6a91a22..fcfcdaf7e4 100644
--- a/meta/lib/oeqa/selftest/cases/efibootpartition.py
+++ b/meta/lib/oeqa/selftest/cases/efibootpartition.py
@@ -21,11 +21,11 @@ class GenericEFITest(OESelftestTestCase):
             cmd += " kvm"
 
         self.write_config("""
-EFI_PROVIDER = "systemd-boot"
+EFI_PROVIDER = "grub-efi"
 IMAGE_FSTYPES:pn-%s:append = " wic"
 MACHINE_FEATURES:append = " efi"
 WKS_FILE = "efi-bootdisk.wks.in"
-IMAGE_INSTALL:append = " grub-efi systemd-boot kernel-image-bzimage"
+IMAGE_INSTALL:append = " grub-efi kernel-image-bzimage"
 """
 % (image))
 
-- 
2.34.1

[PATCH v10 7/9] oeqa selftest wic.py: add TEST_RUNQEMUPARAMS to runqemu

[Mikko Rapeli]

To support "slirp" networking on shared build machines instead
of tun/tap devices. Users can set

TEST_RUNQEMUPARAMS = "slirp"

in their build/conf/local.conf to run selftests using "slirp"
networking. The same works for testimage.bbclass and oeqa runtime
tests.

Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
---
 meta/lib/oeqa/selftest/cases/wic.py | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/meta/lib/oeqa/selftest/cases/wic.py b/meta/lib/oeqa/selftest/cases/wic.py
index b616759209..f2a46c965b 100644
--- a/meta/lib/oeqa/selftest/cases/wic.py
+++ b/meta/lib/oeqa/selftest/cases/wic.py
@@ -939,7 +939,8 @@ class Wic2(WicTestCase):
         bitbake('wic-image-minimal')
         self.remove_config(config)
 
-        with runqemu('wic-image-minimal', ssh=False, runqemuparams='nographic') as qemu:
+        runqemu_params = get_bb_var('TEST_RUNQEMUPARAMS', 'wic-image-minimal') or ""
+        with runqemu('wic-image-minimal', ssh=False, runqemuparams='%s nographic' % (runqemu_params)) as qemu:
             cmd = "mount | grep '^/dev/' | cut -f1,3 -d ' ' | egrep -c -e '/dev/sda1 /boot' " \
                   "-e '/dev/root /|/dev/sda2 /' -e '/dev/sda3 /media' -e '/dev/sda4 /mnt'"
             status, output = qemu.run_serial(cmd)
@@ -959,8 +960,9 @@ class Wic2(WicTestCase):
         bitbake('core-image-minimal ovmf')
         self.remove_config(config)
 
+        runqemu_params = get_bb_var('TEST_RUNQEMUPARAMS', 'core-image-minimal') or ""
         with runqemu('core-image-minimal', ssh=False,
-                     runqemuparams='nographic ovmf', image_fstype='wic') as qemu:
+                     runqemuparams='%s nographic ovmf' % (runqemu_params), image_fstype='wic') as qemu:
             cmd = "grep sda. /proc/partitions  |wc -l"
             status, output = qemu.run_serial(cmd)
             self.assertEqual(1, status, 'Failed to run command "%s": %s' % (cmd, output))
@@ -1154,8 +1156,9 @@ class Wic2(WicTestCase):
         bitbake('core-image-minimal-mtdutils')
         self.remove_config(config)
 
+        runqemu_params = get_bb_var('TEST_RUNQEMUPARAMS', 'core-image-minimal-mtdutils') or ""
         with runqemu('core-image-minimal-mtdutils', ssh=False,
-                     runqemuparams='nographic', image_fstype='wic') as qemu:
+                     runqemuparams='%s nographic' % (runqemu_params), image_fstype='wic') as qemu:
             cmd = "grep sda. /proc/partitions  |wc -l"
             status, output = qemu.run_serial(cmd)
             self.assertEqual(1, status, 'Failed to run command "%s": %s' % (cmd, output))
@@ -1214,8 +1217,9 @@ class Wic2(WicTestCase):
         bitbake('core-image-minimal')
         self.remove_config(config)
 
+        runqemu_params = get_bb_var('TEST_RUNQEMUPARAMS', 'core-image-minimal') or ""
         with runqemu('core-image-minimal', ssh=False,
-                     runqemuparams='nographic', image_fstype='wic') as qemu:
+                     runqemuparams='%s nographic' % (runqemu_params), image_fstype='wic') as qemu:
             # Check that we have ONLY two /dev/sda* partitions (/boot and /)
             cmd = "grep sda. /proc/partitions | wc -l"
             status, output = qemu.run_serial(cmd)
@@ -1446,8 +1450,8 @@ class Wic2(WicTestCase):
             os.rename(image_path, image_path + '.bak')
             os.rename(new_image_path, image_path)
 
-            # Check if it boots in qemu
-            with runqemu('core-image-minimal', ssh=False, runqemuparams='nographic') as qemu:
+            runqemu_params = get_bb_var('TEST_RUNQEMUPARAMS', 'core-image-minimal') or ""
+            with runqemu('core-image-minimal', ssh=False, runqemuparams='%s nographic' % (runqemu_params)) as qemu:
                 cmd = "ls /etc/"
                 status, output = qemu.run_serial('true')
                 self.assertEqual(1, status, 'Failed to run command "%s": %s' % (cmd, output))
-- 
2.34.1

[PATCH v10 8/9] oeqa selftest wic.py: support UKIs via uki.bbclass

[Mikko Rapeli]

Use label to detect rootfs since UKI with kernel command
line is generated before rootfs is generated by wic.

Adapt wic tests to build and boot uki.bbclass generated
UKIs.

Keeping one UKI test in wic.py and rest of the UKI features
are tested with dedicated uki.py test. Add plain non-UKI
systemd-boot tests to wic suite for aarch64 and x86.

Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
---
 meta-selftest/wic/test_efi_plugin.wks         |   5 +-
 .../test_efi_plugin_plain_systemd-boot.wks    |   5 +
 meta/lib/oeqa/selftest/cases/wic.py           | 120 ++++++++++++++++--
 3 files changed, 115 insertions(+), 15 deletions(-)
 create mode 100644 meta-selftest/wic/test_efi_plugin_plain_systemd-boot.wks

diff --git a/meta-selftest/wic/test_efi_plugin.wks b/meta-selftest/wic/test_efi_plugin.wks
index 1603d6c4bb..e876a4be0e 100644
--- a/meta-selftest/wic/test_efi_plugin.wks
+++ b/meta-selftest/wic/test_efi_plugin.wks
@@ -1,6 +1,5 @@
 # short-description: This file is used in oe-selftest wic module to test efi plugin
-
-part /boot --source bootimg-efi --sourceparams="loader=systemd-boot,create-unified-kernel-image=true,initrd=${INITRAMFS_IMAGE}-${MACHINE}.${INITRAMFS_FSTYPES}" --active --align 1024 --use-uuid
-part / --source rootfs --fstype=ext4 --align 1024 --use-uuid
+part /boot --source bootimg-efi --sourceparams="loader=systemd-boot" --active --align 1024 --use-uuid
+part / --source rootfs --fstype=ext4 --align 1024 --use-uuid --label root
 
 bootloader  --timeout=0 --append="console=ttyS0,115200n8"
diff --git a/meta-selftest/wic/test_efi_plugin_plain_systemd-boot.wks b/meta-selftest/wic/test_efi_plugin_plain_systemd-boot.wks
new file mode 100644
index 0000000000..2745c19e85
--- /dev/null
+++ b/meta-selftest/wic/test_efi_plugin_plain_systemd-boot.wks
@@ -0,0 +1,5 @@
+# short-description: This file is used in oe-selftest wic module to test efi plugin
+part /boot --source bootimg-efi --sourceparams="loader=systemd-boot,initrd=${INITRAMFS_IMAGE}-${MACHINE}.${INITRAMFS_FSTYPES}" --active --align 1024 --use-uuid
+part / --source rootfs --fstype=ext4 --align 1024 --use-uuid
+
+bootloader  --timeout=0 --append="console=ttyS0,115200n8"
diff --git a/meta/lib/oeqa/selftest/cases/wic.py b/meta/lib/oeqa/selftest/cases/wic.py
index f2a46c965b..9b09be75ec 100644
--- a/meta/lib/oeqa/selftest/cases/wic.py
+++ b/meta/lib/oeqa/selftest/cases/wic.py
@@ -1292,24 +1292,46 @@ class Wic2(WicTestCase):
     @skipIfNotArch(['i586', 'i686', 'x86_64'])
     @OETestTag("runqemu")
     def test_efi_plugin_unified_kernel_image_qemu(self):
-        """Test efi plugin's Unified Kernel Image feature in qemu"""
-        config = 'IMAGE_FSTYPES = "wic"\n'\
-                 'INITRAMFS_IMAGE = "core-image-minimal-initramfs"\n'\
-                 'WKS_FILE = "test_efi_plugin.wks"\n'\
-                 'MACHINE_FEATURES:append = " efi"\n'
+        """Test Unified Kernel Image feature in qemu without systemd in initramfs or rootfs"""
+        config = """
+# efi firmware must load systemd-boot, not grub
+EFI_PROVIDER = "systemd-boot"
+
+# image format must be wic, needs esp partition for firmware etc
+IMAGE_FSTYPES:pn-core-image-base:append = " wic"
+WKS_FILE = "test_efi_plugin.wks"
+
+# efi, uki and systemd features must be enabled
+MACHINE_FEATURES:append = " efi"
+DISTRO_FEATURES_NATIVE:append = " systemd"
+IMAGE_CLASSES:append:pn-core-image-base = " uki"
+
+# uki embeds also an initrd, no systemd or udev
+INITRAMFS_IMAGE = "core-image-initramfs-boot"
+
+# runqemu must not load kernel separately, it's in the uki
+QB_KERNEL_ROOT = ""
+QB_DEFAULT_KERNEL = "none"
+
+# boot command line provided via uki, not via bootloader
+UKI_CMDLINE = "rootwait root=LABEL=root console=${KERNEL_CONSOLE}"
+
+"""
         self.append_config(config)
-        bitbake('core-image-minimal core-image-minimal-initramfs ovmf')
+        bitbake('core-image-base ovmf')
+        runqemu_params = get_bb_var('TEST_RUNQEMUPARAMS', 'core-image-base') or ""
+        uki_filename = get_bb_var('UKI_FILENAME', 'core-image-base')
         self.remove_config(config)
 
-        with runqemu('core-image-minimal', ssh=False,
-                     runqemuparams='nographic ovmf', image_fstype='wic') as qemu:
-            # Check that /boot has EFI bootx64.efi (required for EFI)
-            cmd = "ls /boot/EFI/BOOT/bootx64.efi | wc -l"
+        with runqemu('core-image-base', ssh=False,
+                     runqemuparams='%s nographic ovmf' % (runqemu_params), image_fstype='wic') as qemu:
+            # Check that /boot has EFI boot*.efi (required for EFI)
+            cmd = "ls /boot/EFI/BOOT/boot*.efi | wc -l"
             status, output = qemu.run_serial(cmd)
             self.assertEqual(1, status, 'Failed to run command "%s": %s' % (cmd, output))
             self.assertEqual(output, '1')
-            # Check that /boot has EFI/Linux/linux.efi (required for Unified Kernel Images auto detection)
-            cmd = "ls /boot/EFI/Linux/linux.efi | wc -l"
+            # Check that /boot has EFI/Linux/${UKI_FILENAME} (required for Unified Kernel Images auto detection)
+            cmd = "ls /boot/EFI/Linux/%s | wc -l" % (uki_filename)
             status, output = qemu.run_serial(cmd)
             self.assertEqual(1, status, 'Failed to run command "%s": %s' % (cmd, output))
             self.assertEqual(output, '1')
@@ -1319,6 +1341,80 @@ class Wic2(WicTestCase):
             self.assertEqual(1, status, 'Failed to run command "%s": %s' % (cmd, output))
             self.assertEqual(output, '0')
 
+    @skipIfNotArch(['aarch64'])
+    @OETestTag("runqemu")
+    def test_efi_plugin_plain_systemd_boot_qemu_aarch64(self):
+        """Test plain systemd-boot in qemu with systemd"""
+        config = """
+INIT_MANAGER = "systemd"
+EFI_PROVIDER = "systemd-boot"
+
+# image format must be wic, needs esp partition for firmware etc
+IMAGE_FSTYPES:pn-core-image-base:append = " wic"
+WKS_FILE = "test_efi_plugin_plain_systemd-boot.wks"
+
+INITRAMFS_IMAGE = "core-image-initramfs-boot"
+
+# to configure runqemu
+IMAGE_CLASSES += "qemuboot"
+# u-boot efi firmware
+QB_DEFAULT_BIOS = "u-boot.bin"
+# need to use virtio, scsi not supported by u-boot by default
+QB_DRIVE_TYPE = "/dev/vd"
+
+# disable kvm, breaks boot
+QEMU_USE_KVM = ""
+
+IMAGE_CLASSES:remove = 'testimage'
+"""
+        self.append_config(config)
+        bitbake('core-image-base u-boot')
+        runqemu_params = get_bb_var('TEST_RUNQEMUPARAMS', 'core-image-base') or ""
+        self.remove_config(config)
+
+        with runqemu('core-image-base', ssh=False,
+                     runqemuparams='%s nographic' % (runqemu_params), image_fstype='wic') as qemu:
+            # Check that /boot has EFI boot*.efi (required for EFI)
+            cmd = "ls /boot/EFI/BOOT/boot*.efi | wc -l"
+            status, output = qemu.run_serial(cmd)
+            self.assertEqual(1, status, 'Failed to run command "%s": %s' % (cmd, output))
+            self.assertEqual(output, '1')
+            # Check that boot.conf exists
+            cmd = "cat /boot/loader/entries/boot.conf"
+            status, output = qemu.run_serial(cmd)
+            self.assertEqual(1, status, 'Failed to run command "%s": %s' % (cmd, output))
+
+    @skipIfNotArch(['i586', 'i686', 'x86_64'])
+    @OETestTag("runqemu")
+    def test_efi_plugin_plain_systemd_boot_qemu_x86(self):
+        """Test plain systemd-boot to systemd in qemu"""
+        config = """
+INIT_MANAGER = "systemd"
+EFI_PROVIDER = "systemd-boot"
+
+# image format must be wic, needs esp partition for firmware etc
+IMAGE_FSTYPES:pn-core-image-base:append = " wic"
+WKS_FILE = "test_efi_plugin_plain_systemd-boot.wks"
+
+INITRAMFS_IMAGE = "core-image-initramfs-boot"
+"""
+        self.append_config(config)
+        bitbake('core-image-base ovmf')
+        runqemu_params = get_bb_var('TEST_RUNQEMUPARAMS', 'core-image-base') or ""
+        self.remove_config(config)
+
+        with runqemu('core-image-base', ssh=False,
+                     runqemuparams='%s nographic ovmf' % (runqemu_params), image_fstype='wic') as qemu:
+            # Check that /boot has EFI boot*.efi (required for EFI)
+            cmd = "ls /boot/EFI/BOOT/boot*.efi | wc -l"
+            status, output = qemu.run_serial(cmd)
+            self.assertEqual(1, status, 'Failed to run command "%s": %s' % (cmd, output))
+            self.assertEqual(output, '1')
+            # Check that boot.conf exists
+            cmd = "cat /boot/loader/entries/boot.conf"
+            status, output = qemu.run_serial(cmd)
+            self.assertEqual(1, status, 'Failed to run command "%s": %s' % (cmd, output))
+
     def test_fs_types(self):
         """Test filesystem types for empty and not empty partitions"""
         img = 'core-image-minimal'
-- 
2.34.1

[PATCH v10 9/9] oeqa selftest wic.py: fix missing ext4 image

[Mikko Rapeli]

test_rawcopy_plugin fails if machine does not build
ext4 images by default. Make the ext4 image build
explicit in the test. Fixes test on genericarm64 machine
which defaults to wic image only.

Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
---
 meta/lib/oeqa/selftest/cases/wic.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/meta/lib/oeqa/selftest/cases/wic.py b/meta/lib/oeqa/selftest/cases/wic.py
index 9b09be75ec..972fffe6f8 100644
--- a/meta/lib/oeqa/selftest/cases/wic.py
+++ b/meta/lib/oeqa/selftest/cases/wic.py
@@ -1180,6 +1180,10 @@ class Wic2(WicTestCase):
             self.assertEqual(1, len(out))
 
     def test_rawcopy_plugin(self):
+        config = 'IMAGE_FSTYPES = "ext4"\n'
+        self.append_config(config)
+        self.assertEqual(0, bitbake('core-image-minimal').status)
+        self.remove_config(config)
         self._rawcopy_plugin('ext4')
 
     def test_rawcopy_plugin_unpack(self):
-- 
2.34.1

Re: [OE-core] [PATCH v10 0/9] systemd uki support

[Richard Purdie]

On Wed, 2024-10-23 at 15:08 +0300, Mikko Rapeli via lists.openembedded.org wrote:
> These changes enable building systemd uki images which combine
> kernel, kernel command line, initrd and possibly signatures to
> a single UEFI binary. This binary can be booted with UEFI firmware
> and systemd-boot. No grub is needed and UEFI firmware and/or
> systemd-boot provide possibilities for boot menus.
> The uki binary can also be signed for UEFI secure boot
> so the secure boot extends from firmware to kernel and initrd.
> Binding secure boot to full userspace is then easier since for example
> kernel command line and initrd contain the support needed to mount
> encrypted dm-verity etc partitions, and/or create partitions on demand
> with systemd-repart using device specific TPM devices for encryption.
> 
> Tested on qemuarm64-secureboot machine from meta-arm with changes to
> support secure boot. Slightly different configuration tested on
> multiple arm64 System Ready boards with UEFI firmware, real and firmware
> based TPM devices. Tested with ovmf firmware on x86_64 with selftests but
> without secure boot which seems to be harder to setup in ovmf.
> 
> Sadly I see two wic selftests, wic.Wic2.test_rawcopy_plugin_qemu and
> wic.Wic2.test_expand_mbr_image, failing when executing all wic selftests
> on a build machine with zfs filesystem. Will investigate this further.
> The issue seems to be in mkfs.ext4 producing broken filesystem, and partially
> in the tests which don't run the correct rootfs file (.ext4 vs .wic).
> Will debug this further and it is IMO unrelated to these changes since
> they reproduce on pure master branch without this series.
> 
> v10: disabled kvm support in new tests since it breaks qemu boot on aarch64
>      build machine, removed "testimage" from IMAGE_CLASS as well since
>      can end up testing qemu machine during build.

I hate to say this but wic.Wic2.test_efi_plugin_plain_systemd_boot_qemu_aarch64 is still failing:

wic.Wic2.test_efi_plugin_plain_systemd_boot_qemu_aarch64

:(

(I know there is another failure in there too).

Cheers,

Richard

Re: [OE-core] [PATCH v10 0/9] systemd uki support

[Richard Purdie]

On Wed, 2024-10-23 at 17:44 +0100, Richard Purdie via
lists.openembedded.org wrote:
> On Wed, 2024-10-23 at 15:08 +0300, Mikko Rapeli via
> lists.openembedded.org wrote:
> > These changes enable building systemd uki images which combine
> > kernel, kernel command line, initrd and possibly signatures to
> > a single UEFI binary. This binary can be booted with UEFI firmware
> > and systemd-boot. No grub is needed and UEFI firmware and/or
> > systemd-boot provide possibilities for boot menus.
> > The uki binary can also be signed for UEFI secure boot
> > so the secure boot extends from firmware to kernel and initrd.
> > Binding secure boot to full userspace is then easier since for
> > example
> > kernel command line and initrd contain the support needed to mount
> > encrypted dm-verity etc partitions, and/or create partitions on
> > demand
> > with systemd-repart using device specific TPM devices for
> > encryption.
> > 
> > Tested on qemuarm64-secureboot machine from meta-arm with changes
> > to
> > support secure boot. Slightly different configuration tested on
> > multiple arm64 System Ready boards with UEFI firmware, real and
> > firmware
> > based TPM devices. Tested with ovmf firmware on x86_64 with
> > selftests but
> > without secure boot which seems to be harder to setup in ovmf.
> > 
> > Sadly I see two wic selftests, wic.Wic2.test_rawcopy_plugin_qemu
> > and
> > wic.Wic2.test_expand_mbr_image, failing when executing all wic
> > selftests
> > on a build machine with zfs filesystem. Will investigate this
> > further.
> > The issue seems to be in mkfs.ext4 producing broken filesystem, and
> > partially
> > in the tests which don't run the correct rootfs file (.ext4 vs
> > .wic).
> > Will debug this further and it is IMO unrelated to these changes
> > since
> > they reproduce on pure master branch without this series.
> > 
> > v10: disabled kvm support in new tests since it breaks qemu boot on
> > aarch64
> >      build machine, removed "testimage" from IMAGE_CLASS as well
> > since
> >      can end up testing qemu machine during build.
> 
> I hate to say this but
> wic.Wic2.test_efi_plugin_plain_systemd_boot_qemu_aarch64 is still
> failing:
> 

https://valkyrie.yoctoproject.org/#/builders/23/builds/320/steps/14/logs/stdio

> wic.Wic2.test_efi_plugin_plain_systemd_boot_qemu_aarch64
> 
> :(
> 
> (I know there is another failure in there too).
> 
> Cheers,
> 
> Richard
> 
> 
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#206255):
> https://lists.openembedded.org/g/openembedded-core/message/206255
> Mute This Topic: https://lists.openembedded.org/mt/109169005/1686473
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe:
> https://lists.openembedded.org/g/openembedded-core/unsub [
> richard.purdie@linuxfoundation.org]
> -=-=-=-=-=-=-=-=-=-=-=-
> 

Re: [OE-core] [PATCH v10 0/9] systemd uki support

[Richard Purdie]

On Wed, 2024-10-23 at 17:58 +0100, Richard Purdie via
lists.openembedded.org wrote:
> On Wed, 2024-10-23 at 17:44 +0100, Richard Purdie via
> lists.openembedded.org wrote:
> > On Wed, 2024-10-23 at 15:08 +0300, Mikko Rapeli via
> > lists.openembedded.org wrote:
> > > These changes enable building systemd uki images which combine
> > > kernel, kernel command line, initrd and possibly signatures to
> > > a single UEFI binary. This binary can be booted with UEFI
> > > firmware
> > > and systemd-boot. No grub is needed and UEFI firmware and/or
> > > systemd-boot provide possibilities for boot menus.
> > > The uki binary can also be signed for UEFI secure boot
> > > so the secure boot extends from firmware to kernel and initrd.
> > > Binding secure boot to full userspace is then easier since for
> > > example
> > > kernel command line and initrd contain the support needed to
> > > mount
> > > encrypted dm-verity etc partitions, and/or create partitions on
> > > demand
> > > with systemd-repart using device specific TPM devices for
> > > encryption.
> > > 
> > > Tested on qemuarm64-secureboot machine from meta-arm with changes
> > > to
> > > support secure boot. Slightly different configuration tested on
> > > multiple arm64 System Ready boards with UEFI firmware, real and
> > > firmware
> > > based TPM devices. Tested with ovmf firmware on x86_64 with
> > > selftests but
> > > without secure boot which seems to be harder to setup in ovmf.
> > > 
> > > Sadly I see two wic selftests, wic.Wic2.test_rawcopy_plugin_qemu
> > > and
> > > wic.Wic2.test_expand_mbr_image, failing when executing all wic
> > > selftests
> > > on a build machine with zfs filesystem. Will investigate this
> > > further.
> > > The issue seems to be in mkfs.ext4 producing broken filesystem,
> > > and
> > > partially
> > > in the tests which don't run the correct rootfs file (.ext4 vs
> > > .wic).
> > > Will debug this further and it is IMO unrelated to these changes
> > > since
> > > they reproduce on pure master branch without this series.
> > > 
> > > v10: disabled kvm support in new tests since it breaks qemu boot
> > > on
> > > aarch64
> > >      build machine, removed "testimage" from IMAGE_CLASS as well
> > > since
> > >      can end up testing qemu machine during build.
> > 
> > I hate to say this but
> > wic.Wic2.test_efi_plugin_plain_systemd_boot_qemu_aarch64 is still
> > failing:
> > 
> 
> https://valkyrie.yoctoproject.org/#/builders/23/builds/320/steps/14/logs/stdio

and:

https://valkyrie.yoctoproject.org/#/builders/23/builds/323/steps/14/logs/stdio

which is clearer without the other failure.

Cheers,

Richard

Re: [OE-core] [PATCH v10 0/9] systemd uki support

[Mikko Rapeli]

Hi,

On Wed, Oct 23, 2024 at 07:39:51PM +0100, Richard Purdie wrote:
> On Wed, 2024-10-23 at 17:58 +0100, Richard Purdie via
> lists.openembedded.org wrote:
> > On Wed, 2024-10-23 at 17:44 +0100, Richard Purdie via
> > lists.openembedded.org wrote:
> > > On Wed, 2024-10-23 at 15:08 +0300, Mikko Rapeli via
> > > lists.openembedded.org wrote:
> > > > These changes enable building systemd uki images which combine
> > > > kernel, kernel command line, initrd and possibly signatures to
> > > > a single UEFI binary. This binary can be booted with UEFI
> > > > firmware
> > > > and systemd-boot. No grub is needed and UEFI firmware and/or
> > > > systemd-boot provide possibilities for boot menus.
> > > > The uki binary can also be signed for UEFI secure boot
> > > > so the secure boot extends from firmware to kernel and initrd.
> > > > Binding secure boot to full userspace is then easier since for
> > > > example
> > > > kernel command line and initrd contain the support needed to
> > > > mount
> > > > encrypted dm-verity etc partitions, and/or create partitions on
> > > > demand
> > > > with systemd-repart using device specific TPM devices for
> > > > encryption.
> > > > 
> > > > Tested on qemuarm64-secureboot machine from meta-arm with changes
> > > > to
> > > > support secure boot. Slightly different configuration tested on
> > > > multiple arm64 System Ready boards with UEFI firmware, real and
> > > > firmware
> > > > based TPM devices. Tested with ovmf firmware on x86_64 with
> > > > selftests but
> > > > without secure boot which seems to be harder to setup in ovmf.
> > > > 
> > > > Sadly I see two wic selftests, wic.Wic2.test_rawcopy_plugin_qemu
> > > > and
> > > > wic.Wic2.test_expand_mbr_image, failing when executing all wic
> > > > selftests
> > > > on a build machine with zfs filesystem. Will investigate this
> > > > further.
> > > > The issue seems to be in mkfs.ext4 producing broken filesystem,
> > > > and
> > > > partially
> > > > in the tests which don't run the correct rootfs file (.ext4 vs
> > > > .wic).
> > > > Will debug this further and it is IMO unrelated to these changes
> > > > since
> > > > they reproduce on pure master branch without this series.
> > > > 
> > > > v10: disabled kvm support in new tests since it breaks qemu boot
> > > > on
> > > > aarch64
> > > >      build machine, removed "testimage" from IMAGE_CLASS as well
> > > > since
> > > >      can end up testing qemu machine during build.
> > > 
> > > I hate to say this but
> > > wic.Wic2.test_efi_plugin_plain_systemd_boot_qemu_aarch64 is still
> > > failing:
> > > 
> > 
> > https://valkyrie.yoctoproject.org/#/builders/23/builds/320/steps/14/logs/stdio
> 
> and:
> 
> https://valkyrie.yoctoproject.org/#/builders/23/builds/323/steps/14/logs/stdio
> 
> which is clearer without the other failure.

There are severe issues[1] running aarch64 target image and firmware
via qemu on an aarch64 build machine. Specs of the machine would
be good to know.

The test works on x86_64 build machine for targets qemuarm64
and genericarm64, and qemux86_64 with a different test using edk2/ovmf.
All wic, uki and efibootpartition tests pass on x86_64 build host.
The failure is in u-boot and qemu on aarch64 and have nothing
to do with high level systemd and Unified Kernel Image support
which these patches setup.

Ross, why can't I mark the test for x86_64 build hosts for now?
v9 of the series has it and could be applied right now.

I'm in the process of setting up an aarch64 machine for yocto
builds so I can debug this issue and run tests. Right now
I simply can't reproduce, debug or fix the issue.

Cheers,

-Mikko

[1]
https://valkyrie.yoctoproject.org/#/builders/23/builds/323/steps/14/logs/stdio

2024-10-23 20:28:56,148 - oe-selftest - INFO - testtools.testresult.real._StringException: Traceback (most recent call last):
  File "/srv/pokybuild/yocto-worker/oe-selftest-armhost/build/meta/lib/oeqa/utils/commands.py", line 375, in runqemu
    qemu.start(params=qemuparams, ssh=ssh, runqemuparams=runqemuparams, launch_cmd=launch_cmd, discard_writes=discard_writes)
  File "/srv/pokybuild/yocto-worker/oe-selftest-armhost/build/meta/lib/oeqa/targetcontrol.py", line 179, in start
    raise RuntimeError("%s - FAILED to start qemu - check the task log and the boot log" % self.pn)
RuntimeError: core-image-base - FAILED to start qemu - check the task log and the boot log
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
  File "/srv/pokybuild/yocto-worker/oe-selftest-armhost/build/meta/lib/oeqa/core/decorator/__init__.py", line 35, in wrapped_f
    return func(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^
  File "/srv/pokybuild/yocto-worker/oe-selftest-armhost/build/meta/lib/oeqa/selftest/cases/wic.py", line 1379, in test_efi_plugin_plain_systemd_boot_qemu_aarch64
    with runqemu('core-image-base', ssh=False,
  File "/usr/lib/python3.12/contextlib.py", line 137, in __enter__
    return next(self.gen)
           ^^^^^^^^^^^^^^
  File "/srv/pokybuild/yocto-worker/oe-selftest-armhost/build/meta/lib/oeqa/utils/commands.py", line 381, in runqemu
    raise Exception(msg)
Exception: core-image-base - FAILED to start qemu - check the task log and the boot log
Failed to start QEMU - see the logs in /srv/pokybuild/yocto-worker/oe-selftest-armhost/build/build-st-1891679/tmp/work/qemuarm64-poky-linux/core-image-base/1.0/testimageQemurunner log output from /srv/pokybuild/yocto-worker/oe-selftest-armhost/build/build-st-1891679/tmp/work/qemuarm64-poky-linux/core-image-base/1.0/testimage/qemurunner_log.20241023173919:
INFO: rootfs file: /srv/pokybuild/yocto-worker/oe-selftest-armhost/build/build-st-1891679/tmp/deploy/images/qemuarm64/core-image-base-qemuarm64.rootfs.wic
INFO: Qemu log file: /srv/pokybuild/yocto-worker/oe-selftest-armhost/build/build-st-1891679/tmp/work/qemuarm64-poky-linux/core-image-base/1.0/testimage/qemu_boot_log.20241023173919
INFO: SSH log file: /srv/pokybuild/yocto-worker/oe-selftest-armhost/build/build-st-1891679/tmp/work/qemuarm64-poky-linux/core-image-base/1.0/testimage/ssh_target_log.20241023173919
DEBUG: Using kvm for runqemu
INFO: QMP Available for connection at /srv/pokybuild/yocto-worker/oe-selftest-armhost/build/build-st-1891679/tmp/.a8wewvdb
DEBUG: Created listening socket for qemu serial console on: 127.0.0.1:60105
DEBUG: Created listening socket for qemu serial console on: 127.0.0.1:37965
DEBUG: launchcmd=runqemu snapshot kvm  nographic qemuarm64 /srv/pokybuild/yocto-worker/oe-selftest-armhost/build/build-st-1891679/tmp/deploy/images/qemuarm64/core-image-base-qemuarm64.rootfs.wic tcpserial=60105:37965 bootparams=" printk.time=1" qemuparams="-pidfile /srv/pokybuild/yocto-worker/oe-selftest-armhost/build/build-st-1891679/pidfile_1891679  -S -qmp unix:./.358r3f9e,server,wait -qmp unix:./.a8wewvdb,server,nowait"
DEBUG: runqemu started, pid is 2886855
DEBUG: waiting at most 300 seconds for qemu pid (10/23/24 19:39:27)
DEBUG: QMP Initializing to /srv/pokybuild/yocto-worker/oe-selftest-armhost/build/build-st-1891679/tmp/.358r3f9e
DEBUG: QMP Connecting to /srv/pokybuild/yocto-worker/oe-selftest-armhost/build/build-st-1891679/tmp/.358r3f9e
INFO: QMP connected to QEMU at 10/23/24 19:39:28 and took 0.56 seconds
INFO: QMP released QEMU at 10/23/24 19:39:28 and took 0.09 seconds from connect
DEBUG: qemu started in 0.65 seconds - qemu procces pid is 2887295 (10/23/24 19:39:28)
DEBUG: Target IP: None
DEBUG: Server IP: None
DEBUG: Starting logging thread
DEBUG: Starting thread event loop
DEBUG: Connection request received
DEBUG: Setting connection established event
DEBUG: Output from runqemu:
runqemu - INFO - Continuing with the following parameters:
MACHINE: [qemuarm64]
FSTYPE: [wic]
ROOTFS: [/srv/pokybuild/yocto-worker/oe-selftest-armhost/build/build-st-1891679/tmp/deploy/images/qemuarm64/core-image-base-qemuarm64.rootfs.wic]
CONFFILE: [/srv/pokybuild/yocto-worker/oe-selftest-armhost/build/build-st-1891679/tmp/deploy/images/qemuarm64/core-image-base-qemuarm64.rootfs.qemuboot.conf]
runqemu - INFO - Acquiring lockfile /tmp/qemu-tap-locks/tap0.lock failed: [Errno 11] Resource temporarily unavailable
runqemu - INFO - Using preconfigured tap device tap1
runqemu - INFO - If this is not intended, touch /tmp/qemu-tap-locks/tap1.skip to make runqemu skip tap1.
runqemu - INFO - Network configuration: ip=192.168.7.4::192.168.7.3:255.255.255.0::eth0:off:8.8.8.8 net.ifnames=0
runqemu - INFO - Copying rootfs to /home/pokybuild/tmp/core-image-base-qemuarm64.rootfs.wic.2886896
runqemu - INFO - Copy done in 0.17237091064453125 seconds
runqemu - INFO - Running /srv/pokybuild/yocto-worker/oe-selftest-armhost/build/build-st-1891679/tmp/work/aarch64-linux/qemu-helper-native/1.0/recipe-sysroot-native/usr/bin/qemu-system-aarch64 -device virtio-net-pci,netdev=net0,mac=52:54:00:12:34:04 -netdev tap,id=net0,ifname=tap1,script=no,downscript=no -object rng-random,filename=/dev/urandom,id=rng0 -device virtio-rng-pci,rng=rng0 -drive if=virtio,file=/home/pokybuild/tmp/core-image-base-qemuarm64.rootfs.wic.2886896,format=raw -device qemu-xhci -device usb-tablet -device usb-kbd  -machine virt -cpu host -machine gic-version=3 -smp 4 -enable-kvm -m 256 -device virtio-serial-pci -chardev socket,id=virtcon,port=60105,host=127.0.0.1,nodelay=on -device virtconsole,chardev=virtcon -serial tcp:127.0.0.1:37965,nodelay=on  -pidfile /srv/pokybuild/yocto-worker/oe-selftest-armhost/build/build-st-1891679/pidfile_1891679  -S -qmp unix:./.358r3f9e,server,wait -qmp unix:./.a8wewvdb,server,nowait -serial null -serial mon:stdio -nographic -device virtio-gpu-pci -bios /srv/pokybuild/yocto-worker/oe-selftest-armhost/build/build-st-1891679/tmp/deploy/images/qemuarm64/u-boot.bin 
runqemu - INFO - Host uptime: 2757248.55
QEMU 9.1.0 monitor - type 'help' for more information
(qemu) 
DEBUG: Waiting at most 1000 seconds for login banner (10/23/24 19:39:28)
DEBUG: Connection from 127.0.0.1:49726
WARNING: Target didn't reach login banner in 1000 seconds (10/23/24 19:56:08)
WARNING: Last 25 lines of login console (2035481):
Flash: 64 MiB
Loading Environment from Flash... *** Warning - bad CRC, using default environment
In:    serial,usbkbd
Out:   serial,vidconsole
Err:   serial,vidconsole
Bus xhci_pci: Register 8001040 NbrPorts 8
Starting the controller
"Synchronous Abort" handler, esr 0x96000010, far 0x10088040
elr: 0000000000057c7c lr : 0000000000057c60 (reloc)
elr: 000000004f71dc7c lr : 000000004f71dc60
x0 : 0000000010088040 x1 : 0000000000000001
x2 : 0000000000000000 x3 : 0000000000003e80
x4 : 0000000000000038 x5 : 000000004e585792
x6 : 0000000000000000 x7 : 0000000000000000
x8 : 000000004e585c20 x9 : 00000000ffffffd8
x10: 000000000000000d x11: 0000000000000006
x12: 000000004e585a78 x13: 000000004e585d90
x14: 0000000000000000 x15: 000000004e585792
x16: 000000004f710788 x17: 0000000000000000
x18: 000000004e685d90 x19: 000000004e68cc00
x20: 0000000000000000 x21: 0000000010088040
x22: 0000000010088000 x23: 000000004f7925a9
x24: 0000000000000000 x25: 0000000000000000
x26: 0000000000000000 x27: 0000000000000000
WARNING: Last 25 lines of all logging (2035481):
Flash: 64 MiB
Loading Environment from Flash... *** Warning - bad CRC, using default environment
In:    serial,usbkbd
Out:   serial,vidconsole
Err:   serial,vidconsole
Bus xhci_pci: Register 8001040 NbrPorts 8
Starting the controller
"Synchronous Abort" handler, esr 0x96000010, far 0x10088040
elr: 0000000000057c7c lr : 0000000000057c60 (reloc)
elr: 000000004f71dc7c lr : 000000004f71dc60
x0 : 0000000010088040 x1 : 0000000000000001
x2 : 0000000000000000 x3 : 0000000000003e80
x4 : 0000000000000038 x5 : 000000004e585792
x6 : 0000000000000000 x7 : 0000000000000000
x8 : 000000004e585c20 x9 : 00000000ffffffd8
x10: 000000000000000d x11: 0000000000000006
x12: 000000004e585a78 x13: 000000004e585d90
x14: 0000000000000000 x15: 000000004e585792
x16: 000000004f710788 x17: 0000000000000000
x18: 000000004e685d90 x19: 000000004e68cc00
x20: 0000000000000000 x21: 0000000010088040
x22: 0000000010088000 x23: 000000004f7925a9
x24: 0000000000000000 x25: 0000000000000000
x26: 0000000000000000 x27: 0000000000000000
WARNING: Check full boot log: /srv/pokybuild/yocto-worker/oe-selftest-armhost/build/build-st-1891679/tmp/work/qemuarm64-poky-linux/core-image-base/1.0/testimage/qemu_boot_log.20241023173919
DEBUG: Stopping logging thread
DEBUG: Stop event received
DEBUG: Tearing down logging thread
DEBUG: Sending SIGTERM to runqemu
INFO: Output from runqemu:
runqemu - INFO - Received signal: 15
runqemu - INFO - Cleaning up
runqemu - INFO - Host uptime: 2758254.35
runqemu - INFO - Removing /home/pokybuild/tmp/core-image-base-qemuarm64.rootfs.wic.2886896
tput: No value for $TERM and no -T specified
WARNING: Extra log data read: 
x28: 0000000000000000 x29: 000000004e585c20
Code: d5033fbf aa1503e0 5287d003 52800002 (b8004401) 
Resetting CPU ...
resetting ...
WARNING: Extra log data read: 
DEBUG: Sending SIGTERM to runqemu
INFO: Output from runqemu:
runqemu - INFO - Received signal: 15
runqemu - INFO - Cleaning up
runqemu - INFO - Host uptime: 2758254.35
runqemu - INFO - Removing /home/pokybuild/tmp/core-image-base-qemuarm64.rootfs.wic.2886896
tput: No value for $TERM and no -T specified
Stderr:
2024-10-23 18:55:56,461 - oe-selftest - INFO - Adding: "include selftest.inc" in /srv/pokybuild/yocto-worker/oe-selftest-armhost/build/build-st-1891679/conf/local.conf
2024-10-23 18:55:56,462 - oe-selftest - INFO - Adding: "include bblayers.inc" in bblayers.conf
/usr/lib/python3.12/unittest/case.py:580: RuntimeWarning: TestResult has no addDuration method
  warnings.warn("TestResult has no addDuration method",
/usr/lib/python3.12/unittest/case.py:580: RuntimeWarning: TestResult has no addDuration method
  warnings.warn("TestResult has no addDuration method",
/usr/lib/python3.12/unittest/case.py:580: RuntimeWarning: TestResult has no addDuration method
  warnings.warn("TestResult has no addDuration method",
/usr/lib/python3.12/unittest/case.py:580: RuntimeWarning: TestResult has no addDuration method
  warnings.warn("TestResult has no addDuration method",
/usr/lib/python3.12/unittest/case.py:580: RuntimeWarning: TestResult has no addDuration method
  warnings.warn("TestResult has no addDuration method",
/usr/lib/python3.12/unittest/case.py:580: RuntimeWarning: TestResult has no addDuration method
  warnings.warn("TestResult has no addDuration method",
/usr/lib/python3.12/unittest/case.py:580: RuntimeWarning: TestResult has no addDuration method
  warnings.warn("TestResult has no addDuration method",
/usr/lib/python3.12/unittest/case.py:580: RuntimeWarning: TestResult has no addDuration method
  warnings.warn("TestResult has no addDuration method",
NOTE: Reconnecting to bitbake server...
WARNING: /usr/lib/python3.12/unittest/case.py:580: RuntimeWarning: TestResult has no addDuration method
  warnings.warn("TestResult has no addDuration method",
Loading cache...done.
Removing 1 recipes from the allarch sysroot...done.
Removing 2 recipes from the cortexa57 sysroot...done.
Removing 5 recipes from the qemuarm64 sysroot...done.
rootfs file: /srv/pokybuild/yocto-worker/oe-selftest-armhost/build/build-st-1891679/tmp/deploy/images/qemuarm64/core-image-base-qemuarm64.rootfs.wic
Qemu log file: /srv/pokybuild/yocto-worker/oe-selftest-armhost/build/build-st-1891679/tmp/work/qemuarm64-poky-linux/core-image-base/1.0/testimage/qemu_boot_log.20241023173919
SSH log file: /srv/pokybuild/yocto-worker/oe-selftest-armhost/build/build-st-1891679/tmp/work/qemuarm64-poky-linux/core-image-base/1.0/testimage/ssh_target_log.20241023173919
Using kvm for runqemu
QMP Available for connection at /srv/pokybuild/yocto-worker/oe-selftest-armhost/build/build-st-1891679/tmp/.a8wewvdb
Created listening socket for qemu serial console on: 127.0.0.1:60105
Created listening socket for qemu serial console on: 127.0.0.1:37965
launchcmd=runqemu snapshot kvm  nographic qemuarm64 /srv/pokybuild/yocto-worker/oe-selftest-armhost/build/build-st-1891679/tmp/deploy/images/qemuarm64/core-image-base-qemuarm64.rootfs.wic tcpserial=60105:37965 bootparams=" printk.time=1" qemuparams="-pidfile /srv/pokybuild/yocto-worker/oe-selftest-armhost/build/build-st-1891679/pidfile_1891679  -S -qmp unix:./.358r3f9e,server,wait -qmp unix:./.a8wewvdb,server,nowait"
runqemu started, pid is 2886855
waiting at most 300 seconds for qemu pid (10/23/24 19:39:27)
QMP Initializing to /srv/pokybuild/yocto-worker/oe-selftest-armhost/build/build-st-1891679/tmp/.358r3f9e
QMP Connecting to /srv/pokybuild/yocto-worker/oe-selftest-armhost/build/build-st-1891679/tmp/.358r3f9e
QMP connected to QEMU at 10/23/24 19:39:28 and took 0.56 seconds
QMP released QEMU at 10/23/24 19:39:28 and took 0.09 seconds from connect
qemu started in 0.65 seconds - qemu procces pid is 2887295 (10/23/24 19:39:28)
Target IP: None
Server IP: None
Starting logging thread
Starting thread event loop
Connection request received
Setting connection established event
Output from runqemu:
runqemu - INFO - Continuing with the following parameters:
MACHINE: [qemuarm64]
FSTYPE: [wic]
ROOTFS: [/srv/pokybuild/yocto-worker/oe-selftest-armhost/build/build-st-1891679/tmp/deploy/images/qemuarm64/core-image-base-qemuarm64.rootfs.wic]
CONFFILE: [/srv/pokybuild/yocto-worker/oe-selftest-armhost/build/build-st-1891679/tmp/deploy/images/qemuarm64/core-image-base-qemuarm64.rootfs.qemuboot.conf]
runqemu - INFO - Acquiring lockfile /tmp/qemu-tap-locks/tap0.lock failed: [Errno 11] Resource temporarily unavailable
runqemu - INFO - Using preconfigured tap device tap1
runqemu - INFO - If this is not intended, touch /tmp/qemu-tap-locks/tap1.skip to make runqemu skip tap1.
runqemu - INFO - Network configuration: ip=192.168.7.4::192.168.7.3:255.255.255.0::eth0:off:8.8.8.8 net.ifnames=0
runqemu - INFO - Copying rootfs to /home/pokybuild/tmp/core-image-base-qemuarm64.rootfs.wic.2886896
runqemu - INFO - Copy done in 0.17237091064453125 seconds
runqemu - INFO - Running /srv/pokybuild/yocto-worker/oe-selftest-armhost/build/build-st-1891679/tmp/work/aarch64-linux/qemu-helper-native/1.0/recipe-sysroot-native/usr/bin/qemu-system-aarch64 -device virtio-net-pci,netdev=net0,mac=52:54:00:12:34:04 -netdev tap,id=net0,ifname=tap1,script=no,downscript=no -object rng-random,filename=/dev/urandom,id=rng0 -device virtio-rng-pci,rng=rng0 -drive if=virtio,file=/home/pokybuild/tmp/core-image-base-qemuarm64.rootfs.wic.2886896,format=raw -device qemu-xhci -device usb-tablet -device usb-kbd  -machine virt -cpu host -machine gic-version=3 -smp 4 -enable-kvm -m 256 -device virtio-serial-pci -chardev socket,id=virtcon,port=60105,host=127.0.0.1,nodelay=on -device virtconsole,chardev=virtcon -serial tcp:127.0.0.1:37965,nodelay=on  -pidfile /srv/pokybuild/yocto-worker/oe-selftest-armhost/build/build-st-1891679/pidfile_1891679  -S -qmp unix:./.358r3f9e,server,wait -qmp unix:./.a8wewvdb,server,nowait -serial null -serial mon:stdio -nographic -device virtio-gpu-pci -bios /srv/pokybuild/yocto-worker/oe-selftest-armhost/build/build-st-1891679/tmp/deploy/images/qemuarm64/u-boot.bin 
runqemu - INFO - Host uptime: 2757248.55
QEMU 9.1.0 monitor - type 'help' for more information
(qemu) 
Waiting at most 1000 seconds for login banner (10/23/24 19:39:28)
Connection from 127.0.0.1:49726
Target didn't reach login banner in 1000 seconds (10/23/24 19:56:08)
Last 25 lines of login console (2035481):
Flash: 64 MiB
Loading Environment from Flash... *** Warning - bad CRC, using default environment
In:    serial,usbkbd
Out:   serial,vidconsole
Err:   serial,vidconsole
Bus xhci_pci: Register 8001040 NbrPorts 8
Starting the controller
"Synchronous Abort" handler, esr 0x96000010, far 0x10088040
elr: 0000000000057c7c lr : 0000000000057c60 (reloc)
elr: 000000004f71dc7c lr : 000000004f71dc60
x0 : 0000000010088040 x1 : 0000000000000001
x2 : 0000000000000000 x3 : 0000000000003e80
x4 : 0000000000000038 x5 : 000000004e585792
x6 : 0000000000000000 x7 : 0000000000000000
x8 : 000000004e585c20 x9 : 00000000ffffffd8
x10: 000000000000000d x11: 0000000000000006
x12: 000000004e585a78 x13: 000000004e585d90
x14: 0000000000000000 x15: 000000004e585792
x16: 000000004f710788 x17: 0000000000000000
x18: 000000004e685d90 x19: 000000004e68cc00
x20: 0000000000000000 x21: 0000000010088040
x22: 0000000010088000 x23: 000000004f7925a9
x24: 0000000000000000 x25: 0000000000000000
x26: 0000000000000000 x27: 0000000000000000
Last 25 lines of all logging (2035481):
Flash: 64 MiB
Loading Environment from Flash... *** Warning - bad CRC, using default environment
In:    serial,usbkbd
Out:   serial,vidconsole
Err:   serial,vidconsole
Bus xhci_pci: Register 8001040 NbrPorts 8
Starting the controller
"Synchronous Abort" handler, esr 0x96000010, far 0x10088040
elr: 0000000000057c7c lr : 0000000000057c60 (reloc)
elr: 000000004f71dc7c lr : 000000004f71dc60
x0 : 0000000010088040 x1 : 0000000000000001
x2 : 0000000000000000 x3 : 0000000000003e80
x4 : 0000000000000038 x5 : 000000004e585792
x6 : 0000000000000000 x7 : 0000000000000000
x8 : 000000004e585c20 x9 : 00000000ffffffd8
x10: 000000000000000d x11: 0000000000000006
x12: 000000004e585a78 x13: 000000004e585d90
x14: 0000000000000000 x15: 000000004e585792
x16: 000000004f710788 x17: 0000000000000000
x18: 000000004e685d90 x19: 000000004e68cc00
x20: 0000000000000000 x21: 0000000010088040
x22: 0000000010088000 x23: 000000004f7925a9
x24: 0000000000000000 x25: 0000000000000000
x26: 0000000000000000 x27: 0000000000000000
Check full boot log: /srv/pokybuild/yocto-worker/oe-selftest-armhost/build/build-st-1891679/tmp/work/qemuarm64-poky-linux/core-image-base/1.0/testimage/qemu_boot_log.20241023173919
Stopping logging thread
Stop event received
Tearing down logging thread
Sending SIGTERM to runqemu
Output from runqemu:
runqemu - INFO - Received signal: 15
runqemu - INFO - Cleaning up
runqemu - INFO - Host uptime: 2758254.35
runqemu - INFO - Removing /home/pokybuild/tmp/core-image-base-qemuarm64.rootfs.wic.2886896
tput: No value for $TERM and no -T specified
Extra log data read: 
x28: 0000000000000000 x29: 000000004e585c20
Code: d5033fbf aa1503e0 5287d003 52800002 (b8004401) 
Resetting CPU ...
resetting ...
Extra log data read: 
Sending SIGTERM to runqemu
Output from runqemu:
runqemu - INFO - Received signal: 15
runqemu - INFO - Cleaning up
runqemu - INFO - Host uptime: 2758254.35
runqemu - INFO - Removing /home/pokybuild/tmp/core-image-base-qemuarm64.rootfs.wic.2886896
tput: No value for $TERM and no -T specified
----------------------------------------------------------------------
2024-10-23 20:28:56,148 - oe-selftest - INFO - Ran 609 tests in 5579.874s
2024-10-23 20:28:56,148 - oe-selftest - INFO - FAILED

Re: [OE-core] [PATCH v10 0/9] systemd uki support

[Mikko Rapeli]

On Wed, Oct 23, 2024 at 07:39:51PM +0100, Richard Purdie wrote:
> On Wed, 2024-10-23 at 17:58 +0100, Richard Purdie via
> lists.openembedded.org wrote:
> > On Wed, 2024-10-23 at 17:44 +0100, Richard Purdie via
> > lists.openembedded.org wrote:
> > > On Wed, 2024-10-23 at 15:08 +0300, Mikko Rapeli via
> > > lists.openembedded.org wrote:
> > > > These changes enable building systemd uki images which combine
> > > > kernel, kernel command line, initrd and possibly signatures to
> > > > a single UEFI binary. This binary can be booted with UEFI
> > > > firmware
> > > > and systemd-boot. No grub is needed and UEFI firmware and/or
> > > > systemd-boot provide possibilities for boot menus.
> > > > The uki binary can also be signed for UEFI secure boot
> > > > so the secure boot extends from firmware to kernel and initrd.
> > > > Binding secure boot to full userspace is then easier since for
> > > > example
> > > > kernel command line and initrd contain the support needed to
> > > > mount
> > > > encrypted dm-verity etc partitions, and/or create partitions on
> > > > demand
> > > > with systemd-repart using device specific TPM devices for
> > > > encryption.
> > > > 
> > > > Tested on qemuarm64-secureboot machine from meta-arm with changes
> > > > to
> > > > support secure boot. Slightly different configuration tested on
> > > > multiple arm64 System Ready boards with UEFI firmware, real and
> > > > firmware
> > > > based TPM devices. Tested with ovmf firmware on x86_64 with
> > > > selftests but
> > > > without secure boot which seems to be harder to setup in ovmf.
> > > > 
> > > > Sadly I see two wic selftests, wic.Wic2.test_rawcopy_plugin_qemu
> > > > and
> > > > wic.Wic2.test_expand_mbr_image, failing when executing all wic
> > > > selftests
> > > > on a build machine with zfs filesystem. Will investigate this
> > > > further.
> > > > The issue seems to be in mkfs.ext4 producing broken filesystem,
> > > > and
> > > > partially
> > > > in the tests which don't run the correct rootfs file (.ext4 vs
> > > > .wic).
> > > > Will debug this further and it is IMO unrelated to these changes
> > > > since
> > > > they reproduce on pure master branch without this series.
> > > > 
> > > > v10: disabled kvm support in new tests since it breaks qemu boot
> > > > on
> > > > aarch64
> > > > ���� build machine, removed "testimage" from IMAGE_CLASS as well
> > > > since
> > > > ���� can end up testing qemu machine during build.
> > > 
> > > I hate to say this but
> > > wic.Wic2.test_efi_plugin_plain_systemd_boot_qemu_aarch64 is still
> > > failing:
> > > 
> > 
> > https://valkyrie.yoctoproject.org/#/builders/23/builds/320/steps/14/logs/stdio
> 
> and:
> 
> https://valkyrie.yoctoproject.org/#/builders/23/builds/323/steps/14/logs/stdio
> 
> which is clearer without the other failure.

Comparing x86_64 and aarch64 build host runqemu command lines from
wic.Wic2.test_efi_plugin_plain_systemd_boot_qemu_aarch64 selftest,
two things pop up.

aarch64 still enables KVM via "-enable-kvm". This is despite QEMU_USE_KVM = ""
in the bitbake build config. Oh, this is only applied to the build configuration
and bitbake build command but removed before runqemu is called. I can try to apply
this config also for runqemu. This pattern is used in several tests. Build config
is set temporarily and then removed before calling runqemu. I'll send a separate
patch to master-next to reduce spam.

aarch64 host uses "-cpu host" with qemu while x86_64 sets the CPU variant explicitly
to "-cpu cortex-a76". I can't see from build logs which CPU variant the
host really is. There are a lot of CPU variants in aarch64 world and I don't think
they are all compatible, or detect CPU features at runtime which can impact
things like firmware code badly. I don't know how to fix this.

Cheers,

-Mikko

Re: [OE-core] [PATCH v10 0/9] systemd uki support

[Richard Purdie]

On Thu, 2024-10-24 at 11:55 +0300, Mikko Rapeli wrote:
> On Wed, Oct 23, 2024 at 07:39:51PM +0100, Richard Purdie wrote:
> > On Wed, 2024-10-23 at 17:58 +0100, Richard Purdie via
> > lists.openembedded.org wrote:
> > > On Wed, 2024-10-23 at 17:44 +0100, Richard Purdie via
> > > lists.openembedded.org wrote:
> > > > On Wed, 2024-10-23 at 15:08 +0300, Mikko Rapeli via
> > > > lists.openembedded.org wrote:
> > > > > These changes enable building systemd uki images which combine
> > > > > kernel, kernel command line, initrd and possibly signatures to
> > > > > a single UEFI binary. This binary can be booted with UEFI
> > > > > firmware
> > > > > and systemd-boot. No grub is needed and UEFI firmware and/or
> > > > > systemd-boot provide possibilities for boot menus.
> > > > > The uki binary can also be signed for UEFI secure boot
> > > > > so the secure boot extends from firmware to kernel and initrd.
> > > > > Binding secure boot to full userspace is then easier since for
> > > > > example
> > > > > kernel command line and initrd contain the support needed to
> > > > > mount
> > > > > encrypted dm-verity etc partitions, and/or create partitions on
> > > > > demand
> > > > > with systemd-repart using device specific TPM devices for
> > > > > encryption.
> > > > > 
> > > > > Tested on qemuarm64-secureboot machine from meta-arm with changes
> > > > > to
> > > > > support secure boot. Slightly different configuration tested on
> > > > > multiple arm64 System Ready boards with UEFI firmware, real and
> > > > > firmware
> > > > > based TPM devices. Tested with ovmf firmware on x86_64 with
> > > > > selftests but
> > > > > without secure boot which seems to be harder to setup in ovmf.
> > > > > 
> > > > > Sadly I see two wic selftests, wic.Wic2.test_rawcopy_plugin_qemu
> > > > > and
> > > > > wic.Wic2.test_expand_mbr_image, failing when executing all wic
> > > > > selftests
> > > > > on a build machine with zfs filesystem. Will investigate this
> > > > > further.
> > > > > The issue seems to be in mkfs.ext4 producing broken filesystem,
> > > > > and
> > > > > partially
> > > > > in the tests which don't run the correct rootfs file (.ext4 vs
> > > > > .wic).
> > > > > Will debug this further and it is IMO unrelated to these changes
> > > > > since
> > > > > they reproduce on pure master branch without this series.
> > > > > 
> > > > > v10: disabled kvm support in new tests since it breaks qemu boot
> > > > > on
> > > > > aarch64
> > > > >      build machine, removed "testimage" from IMAGE_CLASS as well
> > > > > since
> > > > >      can end up testing qemu machine during build.
> > > > 
> > > > I hate to say this but
> > > > wic.Wic2.test_efi_plugin_plain_systemd_boot_qemu_aarch64 is still
> > > > failing:
> > > > 
> > > 
> > > https://valkyrie.yoctoproject.org/#/builders/23/builds/320/steps/14/logs/stdio
> > 
> > and:
> > 
> > https://valkyrie.yoctoproject.org/#/builders/23/builds/323/steps/14/logs/stdio
> > 
> > which is clearer without the other failure.
> 
> Comparing x86_64 and aarch64 build host runqemu command lines from
> wic.Wic2.test_efi_plugin_plain_systemd_boot_qemu_aarch64 selftest,
> two things pop up.
> 
> aarch64 still enables KVM via "-enable-kvm". This is despite QEMU_USE_KVM = ""
> in the bitbake build config. Oh, this is only applied to the build configuration
> and bitbake build command but removed before runqemu is called. I can try to apply
> this config also for runqemu. This pattern is used in several tests. Build config
> is set temporarily and then removed before calling runqemu. I'll send a separate
> patch to master-next to reduce spam.
> 
> aarch64 host uses "-cpu host" with qemu while x86_64 sets the CPU variant explicitly
> to "-cpu cortex-a76". I can't see from build logs which CPU variant the
> host really is. There are a lot of CPU variants in aarch64 world and I don't think
> they are all compatible, or detect CPU features at runtime which can impact
> things like firmware code badly. I don't know how to fix this.

Well spotted! I'm running a test build with your patch:

https://valkyrie.yoctoproject.org/#/builders/23/builds/329

The CPU info is:

$ cat /proc/cpuinfo 
processor	: 0
BogoMIPS	: 50.00
Features	: fp asimd evtstrm aes pmull sha1 sha2 crc32 atomics fphp asimdhp cpuid asimdrdm lrcpc dcpop asimddp ssbs
CPU implementer	: 0x41
CPU architecture: 8
CPU variant	: 0x3
CPU part	: 0xd0c
CPU revision	: 1


$ lscpu 
Architecture:             aarch64
  CPU op-mode(s):         32-bit, 64-bit
  Byte Order:             Little Endian
CPU(s):                   80
  On-line CPU(s) list:    0-79
Vendor ID:                ARM
  Model name:             Neoverse-N1
    Model:                1
    Thread(s) per core:   1
    Core(s) per socket:   80
    Socket(s):            1
    Stepping:             r3p1
    Frequency boost:      disabled
    CPU max MHz:          3000.0000
    CPU min MHz:          1000.0000
    BogoMIPS:             50.00
    Flags:                fp asimd evtstrm aes pmull sha1 sha2 crc32 atomics fphp asimdhp cpuid asimdrdm lrcpc dcpop asimddp ssbs
Caches (sum of all):      
  L1d:                    5 MiB (80 instances)
  L1i:                    5 MiB (80 instances)
  L2:                     80 MiB (80 instances)
NUMA:                     
  NUMA node(s):           1
  NUMA node0 CPU(s):      0-79
Vulnerabilities:          
  Gather data sampling:   Not affected
  Itlb multihit:          Not affected
  L1tf:                   Not affected
  Mds:                    Not affected
  Meltdown:               Not affected
  Mmio stale data:        Not affected
  Reg file data sampling: Not affected
  Retbleed:               Not affected
  Spec rstack overflow:   Not affected
  Spec store bypass:      Mitigation; Speculative Store Bypass disabled via prctl
  Spectre v1:             Mitigation; __user pointer sanitization
  Spectre v2:             Mitigation; CSV2, BHB
  Srbds:                  Not affected
  Tsx async abort:        Not affected

Re: [OE-core] [PATCH v10 0/9] systemd uki support

[Richard Purdie]

On Thu, 2024-10-24 at 10:22 +0100, Richard Purdie via
lists.openembedded.org wrote:
> On Thu, 2024-10-24 at 11:55 +0300, Mikko Rapeli wrote:
> > On Wed, Oct 23, 2024 at 07:39:51PM +0100, Richard Purdie wrote:
> > > On Wed, 2024-10-23 at 17:58 +0100, Richard Purdie via
> > > lists.openembedded.org wrote:
> > > > On Wed, 2024-10-23 at 17:44 +0100, Richard Purdie via
> > > > lists.openembedded.org wrote:
> > > > > On Wed, 2024-10-23 at 15:08 +0300, Mikko Rapeli via
> > > > > lists.openembedded.org wrote:
> > > > > > These changes enable building systemd uki images which
> > > > > > combine
> > > > > > kernel, kernel command line, initrd and possibly signatures
> > > > > > to
> > > > > > a single UEFI binary. This binary can be booted with UEFI
> > > > > > firmware
> > > > > > and systemd-boot. No grub is needed and UEFI firmware
> > > > > > and/or
> > > > > > systemd-boot provide possibilities for boot menus.
> > > > > > The uki binary can also be signed for UEFI secure boot
> > > > > > so the secure boot extends from firmware to kernel and
> > > > > > initrd.
> > > > > > Binding secure boot to full userspace is then easier since
> > > > > > for
> > > > > > example
> > > > > > kernel command line and initrd contain the support needed
> > > > > > to
> > > > > > mount
> > > > > > encrypted dm-verity etc partitions, and/or create
> > > > > > partitions on
> > > > > > demand
> > > > > > with systemd-repart using device specific TPM devices for
> > > > > > encryption.
> > > > > > 
> > > > > > Tested on qemuarm64-secureboot machine from meta-arm with
> > > > > > changes
> > > > > > to
> > > > > > support secure boot. Slightly different configuration
> > > > > > tested on
> > > > > > multiple arm64 System Ready boards with UEFI firmware, real
> > > > > > and
> > > > > > firmware
> > > > > > based TPM devices. Tested with ovmf firmware on x86_64 with
> > > > > > selftests but
> > > > > > without secure boot which seems to be harder to setup in
> > > > > > ovmf.
> > > > > > 
> > > > > > Sadly I see two wic selftests,
> > > > > > wic.Wic2.test_rawcopy_plugin_qemu
> > > > > > and
> > > > > > wic.Wic2.test_expand_mbr_image, failing when executing all
> > > > > > wic
> > > > > > selftests
> > > > > > on a build machine with zfs filesystem. Will investigate
> > > > > > this
> > > > > > further.
> > > > > > The issue seems to be in mkfs.ext4 producing broken
> > > > > > filesystem,
> > > > > > and
> > > > > > partially
> > > > > > in the tests which don't run the correct rootfs file (.ext4
> > > > > > vs
> > > > > > .wic).
> > > > > > Will debug this further and it is IMO unrelated to these
> > > > > > changes
> > > > > > since
> > > > > > they reproduce on pure master branch without this series.
> > > > > > 
> > > > > > v10: disabled kvm support in new tests since it breaks qemu
> > > > > > boot
> > > > > > on
> > > > > > aarch64
> > > > > >      build machine, removed "testimage" from IMAGE_CLASS as
> > > > > > well
> > > > > > since
> > > > > >      can end up testing qemu machine during build.
> > > > > 
> > > > > I hate to say this but
> > > > > wic.Wic2.test_efi_plugin_plain_systemd_boot_qemu_aarch64 is
> > > > > still
> > > > > failing:
> > > > > 
> > > > 
> > > > https://valkyrie.yoctoproject.org/#/builders/23/builds/320/steps/14/logs/stdio
> > > 
> > > and:
> > > 
> > > https://valkyrie.yoctoproject.org/#/builders/23/builds/323/steps/14/logs/stdio
> > > 
> > > which is clearer without the other failure.
> > 
> > Comparing x86_64 and aarch64 build host runqemu command lines from
> > wic.Wic2.test_efi_plugin_plain_systemd_boot_qemu_aarch64 selftest,
> > two things pop up.
> > 
> > aarch64 still enables KVM via "-enable-kvm". This is despite
> > QEMU_USE_KVM = ""
> > in the bitbake build config. Oh, this is only applied to the build
> > configuration
> > and bitbake build command but removed before runqemu is called. I
> > can try to apply
> > this config also for runqemu. This pattern is used in several
> > tests. Build config
> > is set temporarily and then removed before calling runqemu. I'll
> > send a separate
> > patch to master-next to reduce spam.
> > 
> > aarch64 host uses "-cpu host" with qemu while x86_64 sets the CPU
> > variant explicitly
> > to "-cpu cortex-a76". I can't see from build logs which CPU variant
> > the
> > host really is. There are a lot of CPU variants in aarch64 world
> > and I don't think
> > they are all compatible, or detect CPU features at runtime which
> > can impact
> > things like firmware code badly. I don't know how to fix this.
> 
> Well spotted! I'm running a test build with your patch:
> 
> https://valkyrie.yoctoproject.org/#/builders/23/builds/329

Good news is that one passed, thanks for working through this!

Cheers,

Richard

Re: [OE-core] [PATCH v10 0/9] systemd uki support

[Antonin Godard]

Hi Mikko,

On Wed Oct 23, 2024 at 2:08 PM CEST, Mikko Rapeli wrote:
> These changes enable building systemd uki images which combine
> kernel, kernel command line, initrd and possibly signatures to
> a single UEFI binary. This binary can be booted with UEFI firmware
> and systemd-boot. No grub is needed and UEFI firmware and/or
> systemd-boot provide possibilities for boot menus.
> The uki binary can also be signed for UEFI secure boot
> so the secure boot extends from firmware to kernel and initrd.
> Binding secure boot to full userspace is then easier since for example
> kernel command line and initrd contain the support needed to mount
> encrypted dm-verity etc partitions, and/or create partitions on demand
> with systemd-repart using device specific TPM devices for encryption.

Now that this class has made it into master, we need to document it in
https://git.yoctoproject.org/yocto-docs. Would you be able to help writing some
documentation about this class and the related variables it defines? It would
need to be part of documentation/ref-manual/classes.rst, and the variables would
need to be documented in documentation/ref-manual/variables.rst.

Regards,
Antonin

--
Antonin Godard, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com

Re: [OE-core] [PATCH v10 0/9] systemd uki support

[Mikko Rapeli]

Hi,

On Mon, Nov 04, 2024 at 03:42:10PM +0100, Antonin Godard wrote:
> Hi Mikko,
> 
> On Wed Oct 23, 2024 at 2:08 PM CEST, Mikko Rapeli wrote:
> > These changes enable building systemd uki images which combine
> > kernel, kernel command line, initrd and possibly signatures to
> > a single UEFI binary. This binary can be booted with UEFI firmware
> > and systemd-boot. No grub is needed and UEFI firmware and/or
> > systemd-boot provide possibilities for boot menus.
> > The uki binary can also be signed for UEFI secure boot
> > so the secure boot extends from firmware to kernel and initrd.
> > Binding secure boot to full userspace is then easier since for example
> > kernel command line and initrd contain the support needed to mount
> > encrypted dm-verity etc partitions, and/or create partitions on demand
> > with systemd-repart using device specific TPM devices for encryption.
> 
> Now that this class has made it into master, we need to document it in
> https://git.yoctoproject.org/yocto-docs. Would you be able to help writing some
> documentation about this class and the related variables it defines? It would
> need to be part of documentation/ref-manual/classes.rst, and the variables would
> need to be documented in documentation/ref-manual/variables.rst.

Sure, on my todo. Feel free to send something if I don't get into it in
time. Struggling with some trivialities currently: rm_work wiping rootfs
and wic creating and empty rootfs instead, breaking builds and tests
and hindering debugging...

Cheers,

-Mikko

Re: [OE-core] [PATCH v10 0/9] systemd uki support

[Antonin Godard]

Hi Mikko,

On Mon Nov 4, 2024 at 3:46 PM CET, Mikko Rapeli wrote:
[...]
>> Now that this class has made it into master, we need to document it in
>> https://git.yoctoproject.org/yocto-docs. Would you be able to help writing some
>> documentation about this class and the related variables it defines? It would
>> need to be part of documentation/ref-manual/classes.rst, and the variables would
>> need to be documented in documentation/ref-manual/variables.rst.
>
> Sure, on my todo. Feel free to send something if I don't get into it in
> time. Struggling with some trivialities currently: rm_work wiping rootfs
> and wic creating and empty rootfs instead, breaking builds and tests
> and hindering debugging...

I've created a bug to track the missing doc bits:
https://bugzilla.yoctoproject.org/show_bug.cgi?id=15650

Regards,
Antonin

-- 
Antonin Godard, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com