systemd-boot: update systemd-bootaarch64.efi path

poky updated systemd from 256 to 257 which changed
the build time path.

Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
---
 meta-arm/recipes-core/systemd/systemd-boot-uefi-secureboot.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

On Mon, Jan 27, 2025 at 7:24 AM Mikko Rapeli via
lists.yoctoproject.org
<mikko.rapeli=linaro.org@lists.yoctoproject.org> wrote:
>
> poky updated systemd from 256 to 257 which changed
> the build time path.
>
> Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>

I tried this out a couple weeks ago.
https://gitlab.com/jonmason00/meta-arm/-/jobs/8885513336
Essentially, systemd changed more than just the location.  It changed
UKI fairly significantly, and that is failing to generate an
authenticated image.
I was able to bisect it to the systemd commit
https://github.com/systemd/systemd/commit/2188c759f97e40b97ebe3e94e82239f36b525b10

I ran out of time to bug this further, and meant to email you with the above.

I'm hesitant to apply a patch that doesn't fully resolve the issue
(though Ross might have a different opinion).  So, if you can manage
to fix the systemd UKI issue, I'd be willing to take it then.

Thanks,
Jon

> ---
>  meta-arm/recipes-core/systemd/systemd-boot-uefi-secureboot.inc | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/meta-arm/recipes-core/systemd/systemd-boot-uefi-secureboot.inc b/meta-arm/recipes-core/systemd/systemd-boot-uefi-secureboot.inc
> index 84196a68..9d72dac5 100644
> --- a/meta-arm/recipes-core/systemd/systemd-boot-uefi-secureboot.inc
> +++ b/meta-arm/recipes-core/systemd/systemd-boot-uefi-secureboot.inc
> @@ -1,6 +1,6 @@
>  inherit sbsign
>
> -SBSIGN_TARGET_BINARY = "${B}/src/boot/efi/systemd-boot${EFI_ARCH}.efi"
> +SBSIGN_TARGET_BINARY = "${B}/src/boot/systemd-boot${EFI_ARCH}.efi"
>
>  do_compile:append() {
>      do_sbsign
> --
> 2.43.0
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#6350): https://lists.yoctoproject.org/g/meta-arm/message/6350
> Mute This Topic: https://lists.yoctoproject.org/mt/110835165/3616920
> Group Owner: meta-arm+owner@lists.yoctoproject.org
> Unsubscribe: https://lists.yoctoproject.org/g/meta-arm/unsub [jdmason@kudzu.us]
> -=-=-=-=-=-=-=-=-=-=-=-
>

Hi,

On Tue, Jan 28, 2025 at 03:33:28PM +0000, Jon Mason wrote:
> On Mon, Jan 27, 2025 at 7:24 AM Mikko Rapeli via
> lists.yoctoproject.org
> <mikko.rapeli=linaro.org@lists.yoctoproject.org> wrote:
> >
> > poky updated systemd from 256 to 257 which changed
> > the build time path.
> >
> > Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
> 
> I tried this out a couple weeks ago.
> https://gitlab.com/jonmason00/meta-arm/-/jobs/8885513336
> Essentially, systemd changed more than just the location.  It changed
> UKI fairly significantly, and that is failing to generate an
> authenticated image.
> I was able to bisect it to the systemd commit
> https://github.com/systemd/systemd/commit/2188c759f97e40b97ebe3e94e82239f36b525b10
> 
> I ran out of time to bug this further, and meant to email you with the above.
> 
> I'm hesitant to apply a patch that doesn't fully resolve the issue
> (though Ross might have a different opinion).  So, if you can manage
> to fix the systemd UKI issue, I'd be willing to take it then.

Ok I will have a look. oe-core has pretty good selftests for uki.bbclass and
systemd-boot so I would have expected them to catch major regressions, apart
from secureboot which is the addition to them in meta-arm.

Cheers,

-Mikko

> Thanks,
> Jon
> 
> > ---
> >  meta-arm/recipes-core/systemd/systemd-boot-uefi-secureboot.inc | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/meta-arm/recipes-core/systemd/systemd-boot-uefi-secureboot.inc b/meta-arm/recipes-core/systemd/systemd-boot-uefi-secureboot.inc
> > index 84196a68..9d72dac5 100644
> > --- a/meta-arm/recipes-core/systemd/systemd-boot-uefi-secureboot.inc
> > +++ b/meta-arm/recipes-core/systemd/systemd-boot-uefi-secureboot.inc
> > @@ -1,6 +1,6 @@
> >  inherit sbsign
> >
> > -SBSIGN_TARGET_BINARY = "${B}/src/boot/efi/systemd-boot${EFI_ARCH}.efi"
> > +SBSIGN_TARGET_BINARY = "${B}/src/boot/systemd-boot${EFI_ARCH}.efi"
> >
> >  do_compile:append() {
> >      do_sbsign
> > --
> > 2.43.0
> >
> >
> > -=-=-=-=-=-=-=-=-=-=-=-
> > Links: You receive all messages sent to this group.
> > View/Reply Online (#6350): https://lists.yoctoproject.org/g/meta-arm/message/6350
> > Mute This Topic: https://lists.yoctoproject.org/mt/110835165/3616920
> > Group Owner: meta-arm+owner@lists.yoctoproject.org
> > Unsubscribe: https://lists.yoctoproject.org/g/meta-arm/unsub [jdmason@kudzu.us]
> > -=-=-=-=-=-=-=-=-=-=-=-
> >

Hi,

On Wed, Jan 29, 2025 at 09:03:59AM +0200, Mikko Rapeli via lists.yoctoproject.org wrote:
> Hi,
> 
> On Tue, Jan 28, 2025 at 03:33:28PM +0000, Jon Mason wrote:
> > On Mon, Jan 27, 2025 at 7:24 AM Mikko Rapeli via
> > lists.yoctoproject.org
> > <mikko.rapeli=linaro.org@lists.yoctoproject.org> wrote:
> > >
> > > poky updated systemd from 256 to 257 which changed
> > > the build time path.
> > >
> > > Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
> > 
> > I tried this out a couple weeks ago.
> > https://gitlab.com/jonmason00/meta-arm/-/jobs/8885513336
> > Essentially, systemd changed more than just the location.  It changed
> > UKI fairly significantly, and that is failing to generate an
> > authenticated image.
> > I was able to bisect it to the systemd commit
> > https://github.com/systemd/systemd/commit/2188c759f97e40b97ebe3e94e82239f36b525b10
> > 
> > I ran out of time to bug this further, and meant to email you with the above.
> > 
> > I'm hesitant to apply a patch that doesn't fully resolve the issue
> > (though Ross might have a different opinion).  So, if you can manage
> > to fix the systemd UKI issue, I'd be willing to take it then.
> 
> Ok I will have a look. oe-core has pretty good selftests for uki.bbclass and
> systemd-boot so I would have expected them to catch major regressions, apart
> from secureboot which is the addition to them in meta-arm.

FYI: discussion and analysis is happening in upstream systemd bugreport
https://github.com/systemd/systemd/issues/35851

Cheers,

-Mikko

Hi,

On Wed, Jan 29, 2025 at 04:46:02PM +0200, Mikko Rapeli via lists.yoctoproject.org wrote:
> On Wed, Jan 29, 2025 at 09:03:59AM +0200, Mikko Rapeli via lists.yoctoproject.org wrote:
> > On Tue, Jan 28, 2025 at 03:33:28PM +0000, Jon Mason wrote:
> > > On Mon, Jan 27, 2025 at 7:24 AM Mikko Rapeli via
> > > lists.yoctoproject.org
> > > <mikko.rapeli=linaro.org@lists.yoctoproject.org> wrote:
> > > >
> > > > poky updated systemd from 256 to 257 which changed
> > > > the build time path.
> > > >
> > > > Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
> > > 
> > > I tried this out a couple weeks ago.
> > > https://gitlab.com/jonmason00/meta-arm/-/jobs/8885513336
> > > Essentially, systemd changed more than just the location.  It changed
> > > UKI fairly significantly, and that is failing to generate an
> > > authenticated image.
> > > I was able to bisect it to the systemd commit
> > > https://github.com/systemd/systemd/commit/2188c759f97e40b97ebe3e94e82239f36b525b10
> > > 
> > > I ran out of time to bug this further, and meant to email you with the above.
> > > 
> > > I'm hesitant to apply a patch that doesn't fully resolve the issue
> > > (though Ross might have a different opinion).  So, if you can manage
> > > to fix the systemd UKI issue, I'd be willing to take it then.
> > 
> > Ok I will have a look. oe-core has pretty good selftests for uki.bbclass and
> > systemd-boot so I would have expected them to catch major regressions, apart
> > from secureboot which is the addition to them in meta-arm.
> 
> FYI: discussion and analysis is happening in upstream systemd bugreport
> https://github.com/systemd/systemd/issues/35851

I've sent a proposal to fix/workaround this regression to poky/oe-core.
Once that goes in and this patch is applied in meta-arm, then
qemuarm64-secureboot and uefi-secureboot work and all tests pass. Used this build
config which also runs the tests:

$ kas build ci/poky.yml:ci/qemuarm64-secureboot.yml:ci/uefi-secureboot.yml:ci/testimage.yml

Cheers,

-Mikko