Message ID | 20240718203526.52214-8-javier.tia@linaro.org |
---|---|
State | New |
Headers | show |
Series | qemuarm64-secureboot: Enable UEFI Secure Boot | expand |
Hi, Subject should have "systemd:" prefix. On Thu, Jul 18, 2024 at 02:35:26PM -0600, Javier Tia wrote: > Signed-off-by: Javier Tia <javier.tia@linaro.org> > --- > meta-arm/recipes-core/systemd/systemd-uefi-secureboot.inc | 1 + > meta-arm/recipes-core/systemd/systemd_%.bbappend | 1 + > 2 files changed, 2 insertions(+) > create mode 100644 meta-arm/recipes-core/systemd/systemd-uefi-secureboot.inc > create mode 100644 meta-arm/recipes-core/systemd/systemd_%.bbappend > > diff --git a/meta-arm/recipes-core/systemd/systemd-uefi-secureboot.inc b/meta-arm/recipes-core/systemd/systemd-uefi-secureboot.inc > new file mode 100644 > index 00000000..5572e51a > --- /dev/null > +++ b/meta-arm/recipes-core/systemd/systemd-uefi-secureboot.inc > @@ -0,0 +1 @@ > +PACKAGECONFIG:append = " efi" > diff --git a/meta-arm/recipes-core/systemd/systemd_%.bbappend b/meta-arm/recipes-core/systemd/systemd_%.bbappend > new file mode 100644 > index 00000000..577c4f0c > --- /dev/null > +++ b/meta-arm/recipes-core/systemd/systemd_%.bbappend > @@ -0,0 +1 @@ > +require ${@bb.utils.contains('MACHINE_FEATURES', 'uefi-secureboot', 'systemd-uefi-secureboot.inc', '', d)} I think this should be machine feature "efi", and this should possibly go to poky upstream systemd recipe. Then, it's possible to switch from grub to systemd-boot with uki binaries but that requires some more work. There both kernel and initrd will be signed into an efi binary. Only problem for me there is the split between different layers: poky, meta-arm, meta-security and meta-secure-core. Not clear which bits would belong where, and which layer would contain the test build config and oeqa tests. Cheers, -Mikko
diff --git a/meta-arm/recipes-core/systemd/systemd-uefi-secureboot.inc b/meta-arm/recipes-core/systemd/systemd-uefi-secureboot.inc new file mode 100644 index 00000000..5572e51a --- /dev/null +++ b/meta-arm/recipes-core/systemd/systemd-uefi-secureboot.inc @@ -0,0 +1 @@ +PACKAGECONFIG:append = " efi" diff --git a/meta-arm/recipes-core/systemd/systemd_%.bbappend b/meta-arm/recipes-core/systemd/systemd_%.bbappend new file mode 100644 index 00000000..577c4f0c --- /dev/null +++ b/meta-arm/recipes-core/systemd/systemd_%.bbappend @@ -0,0 +1 @@ +require ${@bb.utils.contains('MACHINE_FEATURES', 'uefi-secureboot', 'systemd-uefi-secureboot.inc', '', d)}
Signed-off-by: Javier Tia <javier.tia@linaro.org> --- meta-arm/recipes-core/systemd/systemd-uefi-secureboot.inc | 1 + meta-arm/recipes-core/systemd/systemd_%.bbappend | 1 + 2 files changed, 2 insertions(+) create mode 100644 meta-arm/recipes-core/systemd/systemd-uefi-secureboot.inc create mode 100644 meta-arm/recipes-core/systemd/systemd_%.bbappend