diff mbox series

[v1,7/7] qemuarm64-secureboot: Add UEFI systemd support

Message ID 20240718203526.52214-8-javier.tia@linaro.org
State New
Headers show
Series qemuarm64-secureboot: Enable UEFI Secure Boot | expand

Commit Message

Javier Tia July 18, 2024, 8:35 p.m. UTC 
Signed-off-by: Javier Tia <javier.tia@linaro.org>
---
 meta-arm/recipes-core/systemd/systemd-uefi-secureboot.inc | 1 +
 meta-arm/recipes-core/systemd/systemd_%.bbappend          | 1 +
 2 files changed, 2 insertions(+)
 create mode 100644 meta-arm/recipes-core/systemd/systemd-uefi-secureboot.inc
 create mode 100644 meta-arm/recipes-core/systemd/systemd_%.bbappend

Comments

Mikko Rapeli July 19, 2024, 9:47 a.m. UTC | #1 
Hi,

Subject should have "systemd:" prefix.

On Thu, Jul 18, 2024 at 02:35:26PM -0600, Javier Tia wrote:
> Signed-off-by: Javier Tia <javier.tia@linaro.org>
> ---
>  meta-arm/recipes-core/systemd/systemd-uefi-secureboot.inc | 1 +
>  meta-arm/recipes-core/systemd/systemd_%.bbappend          | 1 +
>  2 files changed, 2 insertions(+)
>  create mode 100644 meta-arm/recipes-core/systemd/systemd-uefi-secureboot.inc
>  create mode 100644 meta-arm/recipes-core/systemd/systemd_%.bbappend
> 
> diff --git a/meta-arm/recipes-core/systemd/systemd-uefi-secureboot.inc b/meta-arm/recipes-core/systemd/systemd-uefi-secureboot.inc
> new file mode 100644
> index 00000000..5572e51a
> --- /dev/null
> +++ b/meta-arm/recipes-core/systemd/systemd-uefi-secureboot.inc
> @@ -0,0 +1 @@
> +PACKAGECONFIG:append = " efi"
> diff --git a/meta-arm/recipes-core/systemd/systemd_%.bbappend b/meta-arm/recipes-core/systemd/systemd_%.bbappend
> new file mode 100644
> index 00000000..577c4f0c
> --- /dev/null
> +++ b/meta-arm/recipes-core/systemd/systemd_%.bbappend
> @@ -0,0 +1 @@
> +require ${@bb.utils.contains('MACHINE_FEATURES', 'uefi-secureboot', 'systemd-uefi-secureboot.inc', '', d)}

I think this should be machine feature "efi", and this should possibly go to poky
upstream systemd recipe.

Then, it's possible to switch from grub to systemd-boot with uki binaries
but that requires some more work. There both kernel and initrd will be signed
into an efi binary. Only problem for me there is the split between different
layers: poky, meta-arm, meta-security and meta-secure-core. Not clear which
bits would belong where, and which layer would contain the test build config
and oeqa tests.

Cheers,

-Mikko
diff mbox series

Patch

diff --git a/meta-arm/recipes-core/systemd/systemd-uefi-secureboot.inc b/meta-arm/recipes-core/systemd/systemd-uefi-secureboot.inc
new file mode 100644
index 00000000..5572e51a
--- /dev/null
+++ b/meta-arm/recipes-core/systemd/systemd-uefi-secureboot.inc
@@ -0,0 +1 @@ 
+PACKAGECONFIG:append = " efi"
diff --git a/meta-arm/recipes-core/systemd/systemd_%.bbappend b/meta-arm/recipes-core/systemd/systemd_%.bbappend
new file mode 100644
index 00000000..577c4f0c
--- /dev/null
+++ b/meta-arm/recipes-core/systemd/systemd_%.bbappend
@@ -0,0 +1 @@ 
+require ${@bb.utils.contains('MACHINE_FEATURES', 'uefi-secureboot', 'systemd-uefi-secureboot.inc', '', d)}