diff mbox series

[v1,1/7] qemuarm64-secureboot: Add poky machine UEFI settings

Message ID 20240718203526.52214-2-javier.tia@linaro.org
State New
Headers show
Series qemuarm64-secureboot: Enable UEFI Secure Boot | expand

Commit Message

Javier Tia July 18, 2024, 8:35 p.m. UTC
- Introduce uefi-secureboot poky machine feature.

- Replace qemuarm64.wks with efi-disk-no-swap.wks.in disk definition to
  add expected UEFI disk partitions configuration.

- Enable poky machine feature and grub UEFI support.

- Remove hard-coded root partition as it will be detected based on GUID
  part.

- Use systemd as Init manager to auto-mount efivarfs required by efivar.

- Install additional userspace software required by Linux kernel and
  systemd.

- Set root password.

Signed-off-by: Javier Tia <javier.tia@linaro.org>
---
 .../core-image-base-uefi-secureboot.inc       | 21 +++++++++++++++++++
 .../images/core-image-base.bbappend           |  1 +
 .../conf/machine/qemuarm64-secureboot.conf    |  3 +++
 3 files changed, 25 insertions(+)
 create mode 100644 meta-arm-bsp/recipes-bsp/images/core-image-base-uefi-secureboot.inc
 create mode 100644 meta-arm-bsp/recipes-bsp/images/core-image-base.bbappend
diff mbox series

Patch

diff --git a/meta-arm-bsp/recipes-bsp/images/core-image-base-uefi-secureboot.inc b/meta-arm-bsp/recipes-bsp/images/core-image-base-uefi-secureboot.inc
new file mode 100644
index 00000000..9f20e3f4
--- /dev/null
+++ b/meta-arm-bsp/recipes-bsp/images/core-image-base-uefi-secureboot.inc
@@ -0,0 +1,21 @@ 
+# Detected by passing kernel parameter
+QB_KERNEL_ROOT = ""
+
+# kernel is in the image, should not be loaded separately
+QB_DEFAULT_KERNEL = "none"
+
+KERNEL_IMAGETYPE = "Image"
+
+WKS_FILE = "efi-disk-no-swap.wks.in"
+
+MACHINE_FEATURES += "efi"
+
+EFI_PROVIDER = "grub-efi"
+IMAGE_INSTALL += "grub-efi"
+
+IMAGE_INSTALL += "systemd util-linux bash coreutils efivar"
+
+inherit extrausers
+EXTRA_IMAGE_FEATURES += "allow-root-login"
+# Set the root password to toor
+EXTRA_USERS_PARAMS += "usermod -p '\$6\$cnS1MQVd07.jLdkj\$NgXwgR.LWtbi4qD3Drn6x0AQtVtX/CdfKPy1eJzuUC0YdD8s54fLAlsLm8vaoacAoqq6BHYGTAbUnAUNJKTOb1' root;"
diff --git a/meta-arm-bsp/recipes-bsp/images/core-image-base.bbappend b/meta-arm-bsp/recipes-bsp/images/core-image-base.bbappend
new file mode 100644
index 00000000..1f6dbd24
--- /dev/null
+++ b/meta-arm-bsp/recipes-bsp/images/core-image-base.bbappend
@@ -0,0 +1 @@ 
+require ${@bb.utils.contains('MACHINE_FEATURES', 'uefi-secureboot', 'core-image-base-uefi-secureboot.inc', '', d)}
\ No newline at end of file
diff --git a/meta-arm/conf/machine/qemuarm64-secureboot.conf b/meta-arm/conf/machine/qemuarm64-secureboot.conf
index 78a39c03..27581941 100644
--- a/meta-arm/conf/machine/qemuarm64-secureboot.conf
+++ b/meta-arm/conf/machine/qemuarm64-secureboot.conf
@@ -22,3 +22,6 @@  WKS_FILE_DEPENDS = "trusted-firmware-a"
 IMAGE_BOOT_FILES = "${KERNEL_IMAGETYPE}"
 
 MACHINE_FEATURES += "optee-ftpm"
+MACHINE_FEATURES += "uefi-secureboot"
+
+INIT_MANAGER = "systemd"
\ No newline at end of file