[cip-dev][isar-cip-core][PATCH 0/3] start-qemu.sh: Add some ease of use functionality

[cip-dev][isar-cip-core][PATCH 0/3] start-qemu.sh: Add some ease of use functionality

[Q. Gylstorff]

From: Quirin Gylstorff <quirin.gylstorff@siemens.com>

Fix booting of secure-boot image
Parse .config.yaml for ease of use and reduced commandline clutter

Quirin Gylstorff (3):
  start-qemu.sh: set bootindex for SECURE_BOOT
  start-qemu.sh: parse .config.yaml for ease of use
  start-qemu.sh: Simplify qemu call

 start-qemu.sh | 33 ++++++++++++++++++++++++---------
 1 file changed, 24 insertions(+), 9 deletions(-)

-- 
2.30.2

[cip-dev][isar-cip-core][PATCH 1/3] start-qemu.sh: set bootindex for SECURE_BOOT

[Q. Gylstorff]

From: Quirin Gylstorff <quirin.gylstorff@siemens.com>

Set the bootindex to avoid booting into the default uefi shell.

An if-clause is used to avoid the following error message for non-secure-boot images:
```
qemu-system-x86_64: -device ide-hd,drive=disk,bootindex=0: The bootindex 0 has already been used
```

Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
---
 start-qemu.sh | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/start-qemu.sh b/start-qemu.sh
index 3f62257..2c0a751 100755
--- a/start-qemu.sh
+++ b/start-qemu.sh
@@ -39,8 +39,14 @@ case "$1" in
 			-cpu qemu64 \
 			-smp 4 \
 			-machine q35,accel=kvm:tcg \
-			-device ide-hd,drive=disk \
 			-device virtio-net-pci,netdev=net"
+		if [ -n "${SECURE_BOOT}" ]; then
+			QEMU_EXTRA_ARGS=" \
+			${QEMU_EXTRA_ARGS} -device ide-hd,drive=disk,bootindex=0"
+		else
+			QEMU_EXTRA_ARGS=" \
+			${QEMU_EXTRA_ARGS} -device ide-hd,drive=disk"
+		fi
 		KERNEL_CMDLINE=" \
 			root=/dev/sda"
 		;;
-- 
2.30.2

[cip-dev][isar-cip-core][PATCH 2/3] start-qemu.sh: parse .config.yaml for ease of use

[Q. Gylstorff]

From: Quirin Gylstorff <quirin.gylstorff@siemens.com>

Suggested-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
---
 start-qemu.sh | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/start-qemu.sh b/start-qemu.sh
index 2c0a751..21b303a 100755
--- a/start-qemu.sh
+++ b/start-qemu.sh
@@ -20,13 +20,24 @@ usage()
 	exit 1
 }
 
+if grep -s -q "IMAGE_SECURE_BOOT: true" .config.yaml; then
+	SECURE_BOOT="true"
+fi
+
 if [ -n "${QEMU_PATH}" ]; then
 	QEMU_PATH="${QEMU_PATH}/"
 fi
 
 if [ -z "${DISTRO_RELEASE}" ]; then
-  DISTRO_RELEASE="buster"
+	if grep -s -q "DEBIAN_BULLSEYE: true" .config.yaml; then
+		DISTRO_RELEASE="bullseye"
+	elif grep -s -q "DEBIAN_STRETCH: true" .config.yaml; then
+		DISTRO_RELEASE="stretch"
+	else
+		DISTRO_RELEASE="buster"
+	fi
 fi
+
 if [ -z "${TARGET_IMAGE}" ];then
 	TARGET_IMAGE="cip-core-image"
 fi
-- 
2.30.2

[cip-dev][isar-cip-core][PATCH 3/3] start-qemu.sh: Simplify qemu call

[Q. Gylstorff]

From: Quirin Gylstorff <quirin.gylstorff@siemens.com>

Move qemu call out of if clause to avoid code duplications and
use the same behavior for secure boot and non secure boot images.

Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
---
 start-qemu.sh | 12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

diff --git a/start-qemu.sh b/start-qemu.sh
index 21b303a..4817790 100755
--- a/start-qemu.sh
+++ b/start-qemu.sh
@@ -120,18 +120,16 @@ if [ -n "${SECURE_BOOT}" ]; then
 		BOOT_FILES="-drive if=pflash,format=raw,unit=0,readonly=on,file=${ovmf_code} \
 			-drive if=pflash,format=raw,file=${ovmf_vars} \
 			-drive file=${IMAGE_PREFIX}.wic.img,discard=unmap,if=none,id=disk,format=raw"
-		${QEMU_PATH}${QEMU} \
-			-m 1G -serial mon:stdio -netdev user,id=net \
-			${BOOT_FILES} ${QEMU_EXTRA_ARGS} "$@"
 else
 		IMAGE_FILE=$(ls ${IMAGE_PREFIX}.ext4.img)
 
 		KERNEL_FILE=$(ls ${IMAGE_PREFIX}-vmlinu* | tail -1)
 		INITRD_FILE=$(ls ${IMAGE_PREFIX}-initrd.img* | tail -1)
 
-		${QEMU_PATH}${QEMU} \
-			-m 1G -serial mon:stdio -netdev user,id=net \
-			-drive file=${IMAGE_FILE},discard=unmap,if=none,id=disk,format=raw \
+		BOOT_FILES="-drive file=${IMAGE_FILE},discard=unmap,if=none,id=disk,format=raw \
 			-kernel ${KERNEL_FILE} -append "${KERNEL_CMDLINE}" \
-			-initrd ${INITRD_FILE} ${QEMU_EXTRA_ARGS} "$@"
+			-initrd ${INITRD_FILE}"
 fi
+${QEMU_PATH}${QEMU} \
+			-m 1G -serial mon:stdio -netdev user,id=net \
+			${BOOT_FILES} ${QEMU_EXTRA_ARGS} "$@"
-- 
2.30.2

Re: [cip-dev][isar-cip-core][PATCH 0/3] start-qemu.sh: Add some ease of use functionality

[Jan Kiszka]

On 24.11.21 12:12, Q. Gylstorff wrote:
> From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
> 
> Fix booting of secure-boot image
> Parse .config.yaml for ease of use and reduced commandline clutter
> 
> Quirin Gylstorff (3):
>   start-qemu.sh: set bootindex for SECURE_BOOT
>   start-qemu.sh: parse .config.yaml for ease of use
>   start-qemu.sh: Simplify qemu call
> 
>  start-qemu.sh | 33 ++++++++++++++++++++++++---------
>  1 file changed, 24 insertions(+), 9 deletions(-)
> 

Definitely an improvement! But the fact that secure boot comes with a
different target image is not reflected yet.

Jan

-- 
Siemens AG, T RDA IOT
Corporate Competence Center Embedded Linux

Re: [cip-dev][isar-cip-core][PATCH 0/3] start-qemu.sh: Add some ease of use functionality

[Jan Kiszka]

On 24.11.21 12:44, Jan Kiszka wrote:
> On 24.11.21 12:12, Q. Gylstorff wrote:
>> From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
>>
>> Fix booting of secure-boot image
>> Parse .config.yaml for ease of use and reduced commandline clutter
>>
>> Quirin Gylstorff (3):
>>   start-qemu.sh: set bootindex for SECURE_BOOT
>>   start-qemu.sh: parse .config.yaml for ease of use
>>   start-qemu.sh: Simplify qemu call
>>
>>  start-qemu.sh | 33 ++++++++++++++++++++++++---------
>>  1 file changed, 24 insertions(+), 9 deletions(-)
>>
> 
> Definitely an improvement! But the fact that secure boot comes with a
> different target image is not reflected yet.
> 

...or is that only the case with your dm-verity series? Let me check.

Jan

-- 
Siemens AG, T RDA IOT
Corporate Competence Center Embedded Linux

Re: [cip-dev][isar-cip-core][PATCH 0/3] start-qemu.sh: Add some ease of use functionality

[Gylstorff Quirin]

On 11/24/21 12:45 PM, Jan Kiszka wrote:
> On 24.11.21 12:44, Jan Kiszka wrote:
>> On 24.11.21 12:12, Q. Gylstorff wrote:
>>> From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
>>>
>>> Fix booting of secure-boot image
>>> Parse .config.yaml for ease of use and reduced commandline clutter
>>>
>>> Quirin Gylstorff (3):
>>>    start-qemu.sh: set bootindex for SECURE_BOOT
>>>    start-qemu.sh: parse .config.yaml for ease of use
>>>    start-qemu.sh: Simplify qemu call
>>>
>>>   start-qemu.sh | 33 ++++++++++++++++++++++++---------
>>>   1 file changed, 24 insertions(+), 9 deletions(-)
>>>
>>
>> Definitely an improvement! But the fact that secure boot comes with a
>> different target image is not reflected yet.
>>
> 
> ...or is that only the case with your dm-verity series? Let me check.
> 
> Jan
> 

Only dm-verity introduces the new target.

Quirin

Re: [cip-dev][isar-cip-core][PATCH 0/3] start-qemu.sh: Add some ease of use functionality

[Jan Kiszka]

On 24.11.21 13:07, Gylstorff Quirin wrote:
> 
> 
> On 11/24/21 12:45 PM, Jan Kiszka wrote:
>> On 24.11.21 12:44, Jan Kiszka wrote:
>>> On 24.11.21 12:12, Q. Gylstorff wrote:
>>>> From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
>>>>
>>>> Fix booting of secure-boot image
>>>> Parse .config.yaml for ease of use and reduced commandline clutter
>>>>
>>>> Quirin Gylstorff (3):
>>>>    start-qemu.sh: set bootindex for SECURE_BOOT
>>>>    start-qemu.sh: parse .config.yaml for ease of use
>>>>    start-qemu.sh: Simplify qemu call
>>>>
>>>>   start-qemu.sh | 33 ++++++++++++++++++++++++---------
>>>>   1 file changed, 24 insertions(+), 9 deletions(-)
>>>>
>>>
>>> Definitely an improvement! But the fact that secure boot comes with a
>>> different target image is not reflected yet.
>>>
>>
>> ...or is that only the case with your dm-verity series? Let me check.
>>
>> Jan
>>
> 
> Only dm-verity introduces the new target.
> 

Yep, confirmed.

Will take all three if you could also update the documentation (on-top),
stating that building via "menu" will initialize the start-qemu vars
with fitting defaults.

Jan

-- 
Siemens AG, T RDA IOT
Corporate Competence Center Embedded Linux

Re: [cip-dev][isar-cip-core][PATCH 0/3] start-qemu.sh: Add some ease of use functionality

[Gylstorff Quirin]

On 11/24/21 1:38 PM, Jan Kiszka wrote:
> On 24.11.21 13:07, Gylstorff Quirin wrote:
>>
>>
>> On 11/24/21 12:45 PM, Jan Kiszka wrote:
>>> On 24.11.21 12:44, Jan Kiszka wrote:
>>>> On 24.11.21 12:12, Q. Gylstorff wrote:
>>>>> From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
>>>>>
>>>>> Fix booting of secure-boot image
>>>>> Parse .config.yaml for ease of use and reduced commandline clutter
>>>>>
>>>>> Quirin Gylstorff (3):
>>>>>     start-qemu.sh: set bootindex for SECURE_BOOT
>>>>>     start-qemu.sh: parse .config.yaml for ease of use
>>>>>     start-qemu.sh: Simplify qemu call
>>>>>
>>>>>    start-qemu.sh | 33 ++++++++++++++++++++++++---------
>>>>>    1 file changed, 24 insertions(+), 9 deletions(-)
>>>>>
>>>>
>>>> Definitely an improvement! But the fact that secure boot comes with a
>>>> different target image is not reflected yet.
>>>>
>>>
>>> ...or is that only the case with your dm-verity series? Let me check.
>>>
>>> Jan
>>>
>>
>> Only dm-verity introduces the new target.
>>
> 
> Yep, confirmed.
> 
> Will take all three if you could also update the documentation (on-top),
> stating that building via "menu" will initialize the start-qemu vars
> with fitting defaults.
> 
> Jan
> 

I will send a v2. Did miss cip-core-image-security.

Quirin