| Message ID | 20250404162932.447699-5-mikko.rapeli@linaro.org |
|---|---|
| State | New |
| Headers | show |
| Series | systemd based initrd and modular kernel support | expand |
Op 4 apr 2025, om 18:29 heeft Mikko Rapeli via lists.openembedded.org <mikko.rapeli=linaro.org@lists.openembedded.org> het volgende geschreven: > > If "systemd-initramfs" is in DISTRO_FEATURES then convert > core-image-initramfs-boot from shell scripts to systemd. > The resulting initramfs is much bigger than shell script one but > supports much more features like disk encryption and TPM devices. > Also includes udev which can load any drivers needed to mount > rootfs. Are packaged based kernel updates finally working with this? regards, Koen > > Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org> > --- > .../images/core-image-initramfs-boot.bb | 20 ++++++++++++++++--- > 1 file changed, 17 insertions(+), 3 deletions(-) > > diff --git a/meta/recipes-core/images/core-image-initramfs-boot.bb b/meta/recipes-core/images/core-image-initramfs-boot.bb > index 7258944751..c66c28db76 100644 > --- a/meta/recipes-core/images/core-image-initramfs-boot.bb > +++ b/meta/recipes-core/images/core-image-initramfs-boot.bb > @@ -4,7 +4,23 @@ LICENSE = "MIT" > > INITRAMFS_SCRIPTS ?= "initramfs-framework-base initramfs-module-udev" > > -PACKAGE_INSTALL = "${INITRAMFS_SCRIPTS} ${VIRTUAL-RUNTIME_base-utils} base-passwd" > +inherit image > + > +PACKAGE_INSTALL = " \ > + ${VIRTUAL-RUNTIME_base-utils} \ > + ${@bb.utils.contains('DISTRO_FEATURES', 'systemd-initramfs', ' \ > + base-files \ > + coreutils \ > + e2fsprogs-mke2fs \ > + os-release-initrd \ > + util-linux-blkid \ > + util-linux-mount \ > + util-linux-umount \ > + ${VIRTUAL-RUNTIME_init_manager} \ > + ${VIRTUAL-RUNTIME_dev_manager} \ > + ', '${INITRAMFS_SCRIPTS}', d)} \ > + base-passwd \ > +" > > # Ensure the initramfs only contains the bare minimum > IMAGE_FEATURES = "" > @@ -18,5 +34,3 @@ IMAGE_FSTYPES = "${INITRAMFS_FSTYPES}" > IMAGE_NAME_SUFFIX ?= "" > IMAGE_ROOTFS_SIZE = "8192" > IMAGE_ROOTFS_EXTRA_SPACE = "0" > - > -inherit image > -- > 2.43.0 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#214355): https://lists.openembedded.org/g/openembedded-core/message/214355 > Mute This Topic: https://lists.openembedded.org/mt/112087527/9418801 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [koen.kooi@oss.qualcomm.com] > -=-=-=-=-=-=-=-=-=-=-=- >
Hi, On Mon, Apr 07, 2025 at 08:01:41AM +0200, Koen Kooi wrote: > Op 4 apr 2025, om 18:29 heeft Mikko Rapeli via lists.openembedded.org <mikko.rapeli=linaro.org@lists.openembedded.org> het volgende geschreven: > > > > If "systemd-initramfs" is in DISTRO_FEATURES then convert > > core-image-initramfs-boot from shell scripts to systemd. > > The resulting initramfs is much bigger than shell script one but > > supports much more features like disk encryption and TPM devices. > > Also includes udev which can load any drivers needed to mount > > rootfs. > > Are packaged based kernel updates finally working with this? Sorry, I don't get this question. What is package based kernel updates? Cheers, -Mikko > regards, > > Koen > > > > > Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org> > > --- > > .../images/core-image-initramfs-boot.bb | 20 ++++++++++++++++--- > > 1 file changed, 17 insertions(+), 3 deletions(-) > > > > diff --git a/meta/recipes-core/images/core-image-initramfs-boot.bb b/meta/recipes-core/images/core-image-initramfs-boot.bb > > index 7258944751..c66c28db76 100644 > > --- a/meta/recipes-core/images/core-image-initramfs-boot.bb > > +++ b/meta/recipes-core/images/core-image-initramfs-boot.bb > > @@ -4,7 +4,23 @@ LICENSE = "MIT" > > > > INITRAMFS_SCRIPTS ?= "initramfs-framework-base initramfs-module-udev" > > > > -PACKAGE_INSTALL = "${INITRAMFS_SCRIPTS} ${VIRTUAL-RUNTIME_base-utils} base-passwd" > > +inherit image > > + > > +PACKAGE_INSTALL = " \ > > + ${VIRTUAL-RUNTIME_base-utils} \ > > + ${@bb.utils.contains('DISTRO_FEATURES', 'systemd-initramfs', ' \ > > + base-files \ > > + coreutils \ > > + e2fsprogs-mke2fs \ > > + os-release-initrd \ > > + util-linux-blkid \ > > + util-linux-mount \ > > + util-linux-umount \ > > + ${VIRTUAL-RUNTIME_init_manager} \ > > + ${VIRTUAL-RUNTIME_dev_manager} \ > > + ', '${INITRAMFS_SCRIPTS}', d)} \ > > + base-passwd \ > > +" > > > > # Ensure the initramfs only contains the bare minimum > > IMAGE_FEATURES = "" > > @@ -18,5 +34,3 @@ IMAGE_FSTYPES = "${INITRAMFS_FSTYPES}" > > IMAGE_NAME_SUFFIX ?= "" > > IMAGE_ROOTFS_SIZE = "8192" > > IMAGE_ROOTFS_EXTRA_SPACE = "0" > > - > > -inherit image > > -- > > 2.43.0 > > > > > > -=-=-=-=-=-=-=-=-=-=-=- > > Links: You receive all messages sent to this group. > > View/Reply Online (#214355): https://lists.openembedded.org/g/openembedded-core/message/214355 > > Mute This Topic: https://lists.openembedded.org/mt/112087527/9418801 > > Group Owner: openembedded-core+owner@lists.openembedded.org > > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [koen.kooi@oss.qualcomm.com] > > -=-=-=-=-=-=-=-=-=-=-=- > >
> Op 7 apr 2025, om 08:12 heeft Mikko Rapeli <mikko.rapeli@linaro.org> het volgende geschreven: > > Hi, > > On Mon, Apr 07, 2025 at 08:01:41AM +0200, Koen Kooi wrote: >> Op 4 apr 2025, om 18:29 heeft Mikko Rapeli via lists.openembedded.org <mikko.rapeli=linaro.org@lists.openembedded.org> het volgende geschreven: >>> >>> If "systemd-initramfs" is in DISTRO_FEATURES then convert >>> core-image-initramfs-boot from shell scripts to systemd. >>> The resulting initramfs is much bigger than shell script one but >>> supports much more features like disk encryption and TPM devices. >>> Also includes udev which can load any drivers needed to mount >>> rootfs. >> >> Are packaged based kernel updates finally working with this? > > Sorry, I don't get this question. What is package based kernel updates? Using package management to update a kernel, e.g, 'opkg update ; opkg upgrade'. regards, Koen > > Cheers, > > -Mikko > >> regards, >> >> Koen >> >>> >>> Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org> >>> --- >>> .../images/core-image-initramfs-boot.bb | 20 ++++++++++++++++--- >>> 1 file changed, 17 insertions(+), 3 deletions(-) >>> >>> diff --git a/meta/recipes-core/images/core-image-initramfs-boot.bb b/meta/recipes-core/images/core-image-initramfs-boot.bb >>> index 7258944751..c66c28db76 100644 >>> --- a/meta/recipes-core/images/core-image-initramfs-boot.bb >>> +++ b/meta/recipes-core/images/core-image-initramfs-boot.bb >>> @@ -4,7 +4,23 @@ LICENSE = "MIT" >>> >>> INITRAMFS_SCRIPTS ?= "initramfs-framework-base initramfs-module-udev" >>> >>> -PACKAGE_INSTALL = "${INITRAMFS_SCRIPTS} ${VIRTUAL-RUNTIME_base-utils} base-passwd" >>> +inherit image >>> + >>> +PACKAGE_INSTALL = " \ >>> + ${VIRTUAL-RUNTIME_base-utils} \ >>> + ${@bb.utils.contains('DISTRO_FEATURES', 'systemd-initramfs', ' \ >>> + base-files \ >>> + coreutils \ >>> + e2fsprogs-mke2fs \ >>> + os-release-initrd \ >>> + util-linux-blkid \ >>> + util-linux-mount \ >>> + util-linux-umount \ >>> + ${VIRTUAL-RUNTIME_init_manager} \ >>> + ${VIRTUAL-RUNTIME_dev_manager} \ >>> + ', '${INITRAMFS_SCRIPTS}', d)} \ >>> + base-passwd \ >>> +" >>> >>> # Ensure the initramfs only contains the bare minimum >>> IMAGE_FEATURES = "" >>> @@ -18,5 +34,3 @@ IMAGE_FSTYPES = "${INITRAMFS_FSTYPES}" >>> IMAGE_NAME_SUFFIX ?= "" >>> IMAGE_ROOTFS_SIZE = "8192" >>> IMAGE_ROOTFS_EXTRA_SPACE = "0" >>> - >>> -inherit image >>> -- >>> 2.43.0 >>> >>> >>> -=-=-=-=-=-=-=-=-=-=-=- >>> Links: You receive all messages sent to this group. >>> View/Reply Online (#214355): https://lists.openembedded.org/g/openembedded-core/message/214355 >>> Mute This Topic: https://lists.openembedded.org/mt/112087527/9418801 >>> Group Owner: openembedded-core+owner@lists.openembedded.org >>> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [koen.kooi@oss.qualcomm.com] >>> -=-=-=-=-=-=-=-=-=-=-=-
Hi, On Mon, Apr 07, 2025 at 10:58:12AM +0200, Koen Kooi wrote: > > > > Op 7 apr 2025, om 08:12 heeft Mikko Rapeli <mikko.rapeli@linaro.org> het volgende geschreven: > > > > Hi, > > > > On Mon, Apr 07, 2025 at 08:01:41AM +0200, Koen Kooi wrote: > >> Op 4 apr 2025, om 18:29 heeft Mikko Rapeli via lists.openembedded.org <mikko.rapeli=linaro.org@lists.openembedded.org> het volgende geschreven: > >>> > >>> If "systemd-initramfs" is in DISTRO_FEATURES then convert > >>> core-image-initramfs-boot from shell scripts to systemd. > >>> The resulting initramfs is much bigger than shell script one but > >>> supports much more features like disk encryption and TPM devices. > >>> Also includes udev which can load any drivers needed to mount > >>> rootfs. > >> > >> Are packaged based kernel updates finally working with this? > > > > Sorry, I don't get this question. What is package based kernel updates? > > Using package management to update a kernel, e.g, 'opkg update ; opkg upgrade'. Yocto project in general does not test binary package update paths. These patches are still tied to the yocto build environment and don't generate initrd on the running systemd based on files in the rootfs. That support is currently not available in yocto, AFAIK. These changes only enable building systemd based initrd image from the yocto build environment. One of the usecases which I'm testing is UEFI secure boot where kernel and initrd are signed with keys which are not availeble in the rootfs. The keys are only available on the yocto build machine. The UEFI firmware (u-boot based, https://gitlab.com/Linaro/trustedsubstrate/meta-ts ) checks that kernel and initrd in the UKI binary are signed with expected keys before allowing boot to continue. systemd based initrd is then able to use TPM in more advance ways that shell script based yocto initrd framework to e.g. encrypt rootfs. Cheers, -Mikko
On Fri, 2025-04-04 at 19:29 +0300, Mikko Rapeli via lists.openembedded.org wrote: > If "systemd-initramfs" is in DISTRO_FEATURES then convert > core-image-initramfs-boot from shell scripts to systemd. > The resulting initramfs is much bigger than shell script one but > supports much more features like disk encryption and TPM devices. > Also includes udev which can load any drivers needed to mount > rootfs. > > Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org> > --- > .../images/core-image-initramfs-boot.bb | 20 ++++++++++++++++--- > 1 file changed, 17 insertions(+), 3 deletions(-) > > diff --git a/meta/recipes-core/images/core-image-initramfs-boot.bb b/meta/recipes-core/images/core-image-initramfs-boot.bb > index 7258944751..c66c28db76 100644 > --- a/meta/recipes-core/images/core-image-initramfs-boot.bb > +++ b/meta/recipes-core/images/core-image-initramfs-boot.bb > @@ -4,7 +4,23 @@ LICENSE = "MIT" > > INITRAMFS_SCRIPTS ?= "initramfs-framework-base initramfs-module-udev" > > -PACKAGE_INSTALL = "${INITRAMFS_SCRIPTS} ${VIRTUAL-RUNTIME_base-utils} base-passwd" > +inherit image > + > +PACKAGE_INSTALL = " \ > + ${VIRTUAL-RUNTIME_base-utils} \ > + ${@bb.utils.contains('DISTRO_FEATURES', 'systemd-initramfs', ' \ > + base-files \ > + coreutils \ > + e2fsprogs-mke2fs \ > + os-release-initrd \ > + util-linux-blkid \ > + util-linux-mount \ > + util-linux-umount \ > + ${VIRTUAL-RUNTIME_init_manager} \ > + ${VIRTUAL-RUNTIME_dev_manager} \ > + ', '${INITRAMFS_SCRIPTS}', d)} \ > + base-passwd \ > +" > > # Ensure the initramfs only contains the bare minimum > IMAGE_FEATURES = "" > @@ -18,5 +34,3 @@ IMAGE_FSTYPES = "${INITRAMFS_FSTYPES}" > IMAGE_NAME_SUFFIX ?= "" > IMAGE_ROOTFS_SIZE = "8192" > IMAGE_ROOTFS_EXTRA_SPACE = "0" > - > -inherit image Given this effectively completely changes the image, would we be better just defining a different image recipe for the systemd based initramfs? Cheers, Richard
Hi, On Thu, Apr 10, 2025 at 01:45:13PM +0100, Richard Purdie wrote: > On Fri, 2025-04-04 at 19:29 +0300, Mikko Rapeli via lists.openembedded.org wrote: > > If "systemd-initramfs" is in DISTRO_FEATURES then convert > > core-image-initramfs-boot from shell scripts to systemd. > > The resulting initramfs is much bigger than shell script one but > > supports much more features like disk encryption and TPM devices. > > Also includes udev which can load any drivers needed to mount > > rootfs. > > > > Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org> > > --- > > �.../images/core-image-initramfs-boot.bb������ | 20 ++++++++++++++++--- > > �1 file changed, 17 insertions(+), 3 deletions(-) > > > > diff --git a/meta/recipes-core/images/core-image-initramfs-boot.bb b/meta/recipes-core/images/core-image-initramfs-boot.bb > > index 7258944751..c66c28db76 100644 > > --- a/meta/recipes-core/images/core-image-initramfs-boot.bb > > +++ b/meta/recipes-core/images/core-image-initramfs-boot.bb > > @@ -4,7 +4,23 @@ LICENSE = "MIT" > > � > > �INITRAMFS_SCRIPTS ?= "initramfs-framework-base initramfs-module-udev" > > � > > -PACKAGE_INSTALL = "${INITRAMFS_SCRIPTS} ${VIRTUAL-RUNTIME_base-utils} base-passwd" > > +inherit image > > + > > +PACKAGE_INSTALL = " \ > > +��� ${VIRTUAL-RUNTIME_base-utils} \ > > +��� ${@bb.utils.contains('DISTRO_FEATURES', 'systemd-initramfs', ' \ > > +������� base-files \ > > +������� coreutils \ > > +������� e2fsprogs-mke2fs \ > > +������� os-release-initrd \ > > +������� util-linux-blkid \ > > +������� util-linux-mount \ > > +������� util-linux-umount \ > > +������� ${VIRTUAL-RUNTIME_init_manager} \ > > +������� ${VIRTUAL-RUNTIME_dev_manager} \ > > +��� ', '${INITRAMFS_SCRIPTS}', d)} \ > > +��� base-passwd \ > > +" > > � > > �# Ensure the initramfs only contains the bare minimum > > �IMAGE_FEATURES = "" > > @@ -18,5 +34,3 @@ IMAGE_FSTYPES = "${INITRAMFS_FSTYPES}" > > �IMAGE_NAME_SUFFIX ?= "" > > �IMAGE_ROOTFS_SIZE = "8192" > > �IMAGE_ROOTFS_EXTRA_SPACE = "0" > > - > > -inherit image > > Given this effectively completely changes the image, would we be better > just defining a different image recipe for the systemd based initramfs? I don't know. At least for testing purposes switching with DISTRO_FEATURE is relatively easy. Though exact same thing would work with INITRAMFS_IMAGE variable. I just started with this approach but can change it if you prefer a separate recipe. For upper level layers it may be tricky if they need to modify something but need to deal with two different image recipe names and can't just have all in a single bbappend. Cheers, -Mikko
diff --git a/meta/recipes-core/images/core-image-initramfs-boot.bb b/meta/recipes-core/images/core-image-initramfs-boot.bb index 7258944751..c66c28db76 100644 --- a/meta/recipes-core/images/core-image-initramfs-boot.bb +++ b/meta/recipes-core/images/core-image-initramfs-boot.bb @@ -4,7 +4,23 @@ LICENSE = "MIT" INITRAMFS_SCRIPTS ?= "initramfs-framework-base initramfs-module-udev" -PACKAGE_INSTALL = "${INITRAMFS_SCRIPTS} ${VIRTUAL-RUNTIME_base-utils} base-passwd" +inherit image + +PACKAGE_INSTALL = " \ + ${VIRTUAL-RUNTIME_base-utils} \ + ${@bb.utils.contains('DISTRO_FEATURES', 'systemd-initramfs', ' \ + base-files \ + coreutils \ + e2fsprogs-mke2fs \ + os-release-initrd \ + util-linux-blkid \ + util-linux-mount \ + util-linux-umount \ + ${VIRTUAL-RUNTIME_init_manager} \ + ${VIRTUAL-RUNTIME_dev_manager} \ + ', '${INITRAMFS_SCRIPTS}', d)} \ + base-passwd \ +" # Ensure the initramfs only contains the bare minimum IMAGE_FEATURES = "" @@ -18,5 +34,3 @@ IMAGE_FSTYPES = "${INITRAMFS_FSTYPES}" IMAGE_NAME_SUFFIX ?= "" IMAGE_ROOTFS_SIZE = "8192" IMAGE_ROOTFS_EXTRA_SPACE = "0" - -inherit image
If "systemd-initramfs" is in DISTRO_FEATURES then convert core-image-initramfs-boot from shell scripts to systemd. The resulting initramfs is much bigger than shell script one but supports much more features like disk encryption and TPM devices. Also includes udev which can load any drivers needed to mount rootfs. Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org> --- .../images/core-image-initramfs-boot.bb | 20 ++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-)