Message ID | 20241007033528.784737-1-javier.tia@linaro.org |
---|---|
State | New |
Headers | show |
Series | [v0] arm/uefi-secureboot: Add uefi http boot support | expand |
On Sun, 06 Oct 2024 21:35:28 -0600, Javier Tia wrote: > Enable network boot via HTTP protocol. Many embedded and server-class > systems use network boot for booting. Enabling network boot on devices > allows: > > - Shipping devices without OS images. When we power up the device, the > firmware can connect to the Internet and download and install suitable > boot images for this specific device. Administrators can centrally > manage the boot images and configuration files on a network server. > This centralization streamlines the management of boot options and > ensures consistency across all devices. > > [...] Applied, thanks! [1/1] arm/uefi-secureboot: Add uefi http boot support commit: a93bdc8e4ea60ef461dc7154145c15912f04431c Best regards,
diff --git a/ci/uefi-secureboot.yml b/ci/uefi-secureboot.yml index f647f4b1..4e9572cc 100644 --- a/ci/uefi-secureboot.yml +++ b/ci/uefi-secureboot.yml @@ -23,7 +23,7 @@ local_conf_header: WKS_FILE = "efi-disk.wks.in" KERNEL_IMAGETYPE = "Image" - MACHINE_FEATURES:append = " efi uefi-secureboot" + MACHINE_FEATURES:append = " efi uefi-secureboot uefi-http-boot" EFI_PROVIDER = "systemd-boot" diff --git a/meta-arm/recipes-bsp/u-boot/u-boot-uefi-http-boot.inc b/meta-arm/recipes-bsp/u-boot/u-boot-uefi-http-boot.inc new file mode 100644 index 00000000..490a9684 --- /dev/null +++ b/meta-arm/recipes-bsp/u-boot/u-boot-uefi-http-boot.inc @@ -0,0 +1,3 @@ +FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:" + +SRC_URI += "file://uefi-http-boot.cfg" \ No newline at end of file diff --git a/meta-arm/recipes-bsp/u-boot/u-boot-uefi-secureboot.inc b/meta-arm/recipes-bsp/u-boot/u-boot-uefi-secureboot.inc index e58035a9..48c2de86 100644 --- a/meta-arm/recipes-bsp/u-boot/u-boot-uefi-secureboot.inc +++ b/meta-arm/recipes-bsp/u-boot/u-boot-uefi-secureboot.inc @@ -4,6 +4,8 @@ SRC_URI += "file://uefi-secureboot.cfg" inherit sbsign +require ${@bb.utils.contains('MACHINE_FEATURES', 'uefi-http-boot', 'u-boot-uefi-http-boot.inc', '', d)} + DEPENDS += 'python3-pyopenssl-native' do_compile:prepend() { diff --git a/meta-arm/recipes-bsp/u-boot/u-boot/uefi-http-boot.cfg b/meta-arm/recipes-bsp/u-boot/u-boot/uefi-http-boot.cfg new file mode 100644 index 00000000..a9edf2a2 --- /dev/null +++ b/meta-arm/recipes-bsp/u-boot/u-boot/uefi-http-boot.cfg @@ -0,0 +1,6 @@ +CONFIG_PROT_TCP=y +CONFIG_PROT_TCP_SACK=y +CONFIG_CMD_WGET=y +CONFIG_CMD_DNS=y +CONFIG_BLKMAP=y +CONFIG_EFI_HTTP_BOOT=y
Enable network boot via HTTP protocol. Many embedded and server-class systems use network boot for booting. Enabling network boot on devices allows: - Shipping devices without OS images. When we power up the device, the firmware can connect to the Internet and download and install suitable boot images for this specific device. Administrators can centrally manage the boot images and configuration files on a network server. This centralization streamlines the management of boot options and ensures consistency across all devices. - This is particularly useful in enterprise environments. On mass deployments, there is a need to install the operating system on multiple devices simultaneously. - Ability to maintain a completely diskless system if needed The plain HTTP protocol lacks encryption. It's intended to be used on local networks. Secure http protocol support is under review. Signed-off-by: Javier Tia <javier.tia@linaro.org> --- ci/uefi-secureboot.yml | 2 +- meta-arm/recipes-bsp/u-boot/u-boot-uefi-http-boot.inc | 3 +++ meta-arm/recipes-bsp/u-boot/u-boot-uefi-secureboot.inc | 2 ++ meta-arm/recipes-bsp/u-boot/u-boot/uefi-http-boot.cfg | 6 ++++++ 4 files changed, 12 insertions(+), 1 deletion(-) create mode 100644 meta-arm/recipes-bsp/u-boot/u-boot-uefi-http-boot.inc create mode 100644 meta-arm/recipes-bsp/u-boot/u-boot/uefi-http-boot.cfg