From: Richard Purdie <richard.purdie@linuxfoundation.org>
To: Mikko Rapeli <mikko.rapeli@linaro.org>
Cc: openembedded-core@lists.openembedded.org
Subject: Re: [OE-core] [PATCH v10 0/9] systemd uki support
Date: Thu, 24 Oct 2024 15:17:03 +0100 [thread overview]
Message-ID: <bf7971d1994afd43ac7a169fb9d8a184ec3151ff.camel@linuxfoundation.org> (raw)
In-Reply-To: <1801592C5B3B7B0B.16325@lists.openembedded.org>
On Thu, 2024-10-24 at 10:22 +0100, Richard Purdie via
lists.openembedded.org wrote:
> On Thu, 2024-10-24 at 11:55 +0300, Mikko Rapeli wrote:
> > On Wed, Oct 23, 2024 at 07:39:51PM +0100, Richard Purdie wrote:
> > > On Wed, 2024-10-23 at 17:58 +0100, Richard Purdie via
> > > lists.openembedded.org wrote:
> > > > On Wed, 2024-10-23 at 17:44 +0100, Richard Purdie via
> > > > lists.openembedded.org wrote:
> > > > > On Wed, 2024-10-23 at 15:08 +0300, Mikko Rapeli via
> > > > > lists.openembedded.org wrote:
> > > > > > These changes enable building systemd uki images which
> > > > > > combine
> > > > > > kernel, kernel command line, initrd and possibly signatures
> > > > > > to
> > > > > > a single UEFI binary. This binary can be booted with UEFI
> > > > > > firmware
> > > > > > and systemd-boot. No grub is needed and UEFI firmware
> > > > > > and/or
> > > > > > systemd-boot provide possibilities for boot menus.
> > > > > > The uki binary can also be signed for UEFI secure boot
> > > > > > so the secure boot extends from firmware to kernel and
> > > > > > initrd.
> > > > > > Binding secure boot to full userspace is then easier since
> > > > > > for
> > > > > > example
> > > > > > kernel command line and initrd contain the support needed
> > > > > > to
> > > > > > mount
> > > > > > encrypted dm-verity etc partitions, and/or create
> > > > > > partitions on
> > > > > > demand
> > > > > > with systemd-repart using device specific TPM devices for
> > > > > > encryption.
> > > > > >
> > > > > > Tested on qemuarm64-secureboot machine from meta-arm with
> > > > > > changes
> > > > > > to
> > > > > > support secure boot. Slightly different configuration
> > > > > > tested on
> > > > > > multiple arm64 System Ready boards with UEFI firmware, real
> > > > > > and
> > > > > > firmware
> > > > > > based TPM devices. Tested with ovmf firmware on x86_64 with
> > > > > > selftests but
> > > > > > without secure boot which seems to be harder to setup in
> > > > > > ovmf.
> > > > > >
> > > > > > Sadly I see two wic selftests,
> > > > > > wic.Wic2.test_rawcopy_plugin_qemu
> > > > > > and
> > > > > > wic.Wic2.test_expand_mbr_image, failing when executing all
> > > > > > wic
> > > > > > selftests
> > > > > > on a build machine with zfs filesystem. Will investigate
> > > > > > this
> > > > > > further.
> > > > > > The issue seems to be in mkfs.ext4 producing broken
> > > > > > filesystem,
> > > > > > and
> > > > > > partially
> > > > > > in the tests which don't run the correct rootfs file (.ext4
> > > > > > vs
> > > > > > .wic).
> > > > > > Will debug this further and it is IMO unrelated to these
> > > > > > changes
> > > > > > since
> > > > > > they reproduce on pure master branch without this series.
> > > > > >
> > > > > > v10: disabled kvm support in new tests since it breaks qemu
> > > > > > boot
> > > > > > on
> > > > > > aarch64
> > > > > > build machine, removed "testimage" from IMAGE_CLASS as
> > > > > > well
> > > > > > since
> > > > > > can end up testing qemu machine during build.
> > > > >
> > > > > I hate to say this but
> > > > > wic.Wic2.test_efi_plugin_plain_systemd_boot_qemu_aarch64 is
> > > > > still
> > > > > failing:
> > > > >
> > > >
> > > > https://valkyrie.yoctoproject.org/#/builders/23/builds/320/steps/14/logs/stdio
> > >
> > > and:
> > >
> > > https://valkyrie.yoctoproject.org/#/builders/23/builds/323/steps/14/logs/stdio
> > >
> > > which is clearer without the other failure.
> >
> > Comparing x86_64 and aarch64 build host runqemu command lines from
> > wic.Wic2.test_efi_plugin_plain_systemd_boot_qemu_aarch64 selftest,
> > two things pop up.
> >
> > aarch64 still enables KVM via "-enable-kvm". This is despite
> > QEMU_USE_KVM = ""
> > in the bitbake build config. Oh, this is only applied to the build
> > configuration
> > and bitbake build command but removed before runqemu is called. I
> > can try to apply
> > this config also for runqemu. This pattern is used in several
> > tests. Build config
> > is set temporarily and then removed before calling runqemu. I'll
> > send a separate
> > patch to master-next to reduce spam.
> >
> > aarch64 host uses "-cpu host" with qemu while x86_64 sets the CPU
> > variant explicitly
> > to "-cpu cortex-a76". I can't see from build logs which CPU variant
> > the
> > host really is. There are a lot of CPU variants in aarch64 world
> > and I don't think
> > they are all compatible, or detect CPU features at runtime which
> > can impact
> > things like firmware code badly. I don't know how to fix this.
>
> Well spotted! I'm running a test build with your patch:
>
> https://valkyrie.yoctoproject.org/#/builders/23/builds/329
Good news is that one passed, thanks for working through this!
Cheers,
Richard
next prev parent reply other threads:[~2024-10-24 14:17 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-23 12:08 [PATCH v10 0/9] systemd uki support Mikko Rapeli
2024-10-23 12:08 ` [PATCH v10 1/9] uki.bbclass: add class for building Unified Kernel Images (UKI) Mikko Rapeli
2024-10-23 12:08 ` [PATCH v10 2/9] wic bootimg-efi.py: keep timestamps and add debug prints Mikko Rapeli
2024-10-23 12:08 ` [PATCH v10 3/9] wic bootimg-efi.py: change UKI support from wic plugin to uki.bbclass Mikko Rapeli
2024-10-23 12:08 ` [PATCH v10 4/9] oeqa selftest uki.py: add tests for uki.bbclass Mikko Rapeli
2024-10-23 12:08 ` [PATCH v10 5/9] oeqa selftest efibootpartition.py: add TEST_RUNQEMUPARAMS to runqemu Mikko Rapeli
2024-10-23 12:08 ` [PATCH v10 6/9] oeqa selftest efibootpartition.py: remove systemd-boot from grub-efi test Mikko Rapeli
2024-10-23 12:08 ` [PATCH v10 7/9] oeqa selftest wic.py: add TEST_RUNQEMUPARAMS to runqemu Mikko Rapeli
2024-10-23 12:08 ` [PATCH v10 8/9] oeqa selftest wic.py: support UKIs via uki.bbclass Mikko Rapeli
2024-10-23 12:08 ` [PATCH v10 9/9] oeqa selftest wic.py: fix missing ext4 image Mikko Rapeli
2024-10-23 16:44 ` [OE-core] [PATCH v10 0/9] systemd uki support Richard Purdie
[not found] ` <180122B0064457FF.13420@lists.openembedded.org>
2024-10-23 16:58 ` Richard Purdie
[not found] ` <180123793D1D4B45.13420@lists.openembedded.org>
2024-10-23 18:39 ` Richard Purdie
2024-10-24 6:19 ` Mikko Rapeli
2024-10-24 8:55 ` Mikko Rapeli
2024-10-24 9:22 ` Richard Purdie
[not found] ` <1801592C5B3B7B0B.16325@lists.openembedded.org>
2024-10-24 14:17 ` Richard Purdie [this message]
2024-11-04 14:42 ` Antonin Godard
2024-11-04 14:46 ` Mikko Rapeli
2024-11-18 11:10 ` Antonin Godard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bf7971d1994afd43ac7a169fb9d8a184ec3151ff.camel@linuxfoundation.org \
--to=richard.purdie@linuxfoundation.org \
--cc=mikko.rapeli@linaro.org \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox