[v3,02/13] core-image-base: Use UEFI layout disk partitions

Message ID	20240822014335.3394568-3-javier.tia@linaro.org
State	New
Headers	show Return-Path: <javier.tia@linaro.org> ip: 209.85.219.171, mailfrom: javier.tia@linaro.org) From: Javier Tia <javier.tia@linaro.org> To: meta-arm@lists.yoctoproject.org Cc: Mikko Rapeli <mikko.rapeli@linaro.org>, Ross Burton <Ross.Burton@arm.com>, Jon Mason <jon.mason@arm.com>, Javier Tia <javier.tia@linaro.org> Subject: [PATCH v3 02/13] core-image-base: Use UEFI layout disk partitions Date: Wed, 21 Aug 2024 19:43:24 -0600 Message-ID: <20240822014335.3394568-3-javier.tia@linaro.org> In-Reply-To: <20240822014335.3394568-1-javier.tia@linaro.org> References: <20240822014335.3394568-1-javier.tia@linaro.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	qemuarm64-secureboot: Add UEFI Secure Boot \| expand [v3,00/13] qemuarm64-secureboot: Add UEFI Secure Boot [v3,01/13] qemuarm64-secureboot: Introduce uefi-secureboot machine feature [v3,02/13] core-image-base: Use UEFI layout disk partitions [v3,03/13] layer.conf: Introduce UEFI_SB_KEYS_DIR [v3,04/13] uefi-sb-keys.bbclass: Add class to validate UEFI keys [v3,05/13] sbsign.bbclass: Add class to sign binaries [v3,06/13] core-image-base: Inherit uefi-sb-keys [v3,07/13] meta-arm: Introduce gen-uefi-sb-keys.bb recipe [v3,08/13] u-boot: Setup UEFI and Secure Boot [v3,09/13] qemuarm64-secureboot: Add meta-secure-core layer as dependency [v3,10/13] linux-yocto: Setup UEFI and sign kernel image [v3,11/13] systemd: Add UEFI support [v3,12/13] systemd-boot: Use it as bootloader & sign UEFI image [v3,13/13] meta-arm: Add UEFI Secure Boot test

Message ID

20240822014335.3394568-3-javier.tia@linaro.org

State

New

Headers

From: Javier Tia <javier.tia@linaro.org>
To: meta-arm@lists.yoctoproject.org
Cc: Mikko Rapeli <mikko.rapeli@linaro.org>,
	Ross Burton <Ross.Burton@arm.com>,
	Jon Mason <jon.mason@arm.com>,
	Javier Tia <javier.tia@linaro.org>
Subject: [PATCH v3 02/13] core-image-base: Use UEFI layout disk partitions
Date: Wed, 21 Aug 2024 19:43:24 -0600
Message-ID: <20240822014335.3394568-3-javier.tia@linaro.org>
In-Reply-To: <20240822014335.3394568-1-javier.tia@linaro.org>
References: <20240822014335.3394568-1-javier.tia@linaro.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

qemuarm64-secureboot: Add UEFI Secure Boot | expand

Commit Message

Javier Tia Aug. 22, 2024, 1:43 a.m. UTC

- Use efi-disk-no-swap.wks.in disk definition to add expected UEFI disk
  partitions configuration.

Signed-off-by: Javier Tia <javier.tia@linaro.org>
---
 .../recipes-bsp/images/core-image-base-uefi-secureboot.inc       | 1 +
 meta-arm-bsp/recipes-bsp/images/core-image-base.bbappend         | 1 +
 2 files changed, 2 insertions(+)
 create mode 100644 meta-arm-bsp/recipes-bsp/images/core-image-base-uefi-secureboot.inc
 create mode 100644 meta-arm-bsp/recipes-bsp/images/core-image-base.bbappend

Comments

Mikko Rapeli Aug. 23, 2024, 10:26 a.m. UTC | #1

Hi,

On Wed, Aug 21, 2024 at 07:43:24PM -0600, Javier Tia wrote:
> - Use efi-disk-no-swap.wks.in disk definition to add expected UEFI disk
>   partitions configuration.
> 
> Signed-off-by: Javier Tia <javier.tia@linaro.org>
> ---
>  .../recipes-bsp/images/core-image-base-uefi-secureboot.inc       | 1 +
>  meta-arm-bsp/recipes-bsp/images/core-image-base.bbappend         | 1 +
>  2 files changed, 2 insertions(+)
>  create mode 100644 meta-arm-bsp/recipes-bsp/images/core-image-base-uefi-secureboot.inc
>  create mode 100644 meta-arm-bsp/recipes-bsp/images/core-image-base.bbappend

Could these be moved to meta-arm/recipes-core/images?

Could the image be changed to core-image-minimal? Is there some specific need for
core-image-base only?

I'm adding systemd Unified Kernel Image on top of these changes so that
UEFI secure boot signatures cover systemd-boot, kernel, initramfs and kernel
command line.

core-image-minimal-initramfs seems to be more usable with core-image-minimal
when using systemd. I can of course keep these changes in my followup series too.

Will also add /usr dm-verity and TPM encrypted read-write rootfs but likely to
meta-security then.

Cheers,

-Mikko

diff --git a/meta-arm-bsp/recipes-bsp/images/core-image-base-uefi-secureboot.inc b/meta-arm-bsp/recipes-bsp/images/core-image-base-uefi-secureboot.inc
new file mode 100644
index 00000000..351e9030
--- /dev/null
+++ b/meta-arm-bsp/recipes-bsp/images/core-image-base-uefi-secureboot.inc
@@ -0,0 +1 @@ 
+WKS_FILE = "efi-disk-no-swap.wks.in"
diff --git a/meta-arm-bsp/recipes-bsp/images/core-image-base.bbappend b/meta-arm-bsp/recipes-bsp/images/core-image-base.bbappend
new file mode 100644
index 00000000..1f6dbd24
--- /dev/null
+++ b/meta-arm-bsp/recipes-bsp/images/core-image-base.bbappend
@@ -0,0 +1 @@ 
+require ${@bb.utils.contains('MACHINE_FEATURES', 'uefi-secureboot', 'core-image-base-uefi-secureboot.inc', '', d)}
\ No newline at end of file

[v3,02/13] core-image-base: Use UEFI layout disk partitions

Commit Message

Comments

Patch