* [cip-dev][isar-cip-core][PATCH v2] efibootguard: Do not copy the efi binaries directly into DEPLOY_DIR
@ 2022-02-15 15:01 Quirin.Gylstorff
2022-02-15 16:17 ` Jan Kiszka
0 siblings, 1 reply; 3+ messages in thread
From: Quirin.Gylstorff @ 2022-02-15 15:01 UTC (permalink / raw)
To: jan.kiszka, cip-dev
From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
This preparing isar-cip-core to integrate the upcomming ISAR features
sstate and sbuild. Sbuild doesn't allow the extraction of build results.
sstate doesn't populate the deploy dir from packages in case of a rebuild.
Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
---
Changes v2:
- use distro_arch to determine binary name
- remove additional debug message
- remove deploydir
kas/opt/efibootguard.yml | 1 +
.../efibootguard/efibootguard_0.9-git+isar.bb | 5 ----
.../files/debian/efibootguard.install | 1 +
.../files/debian/efibootguard.links | 1 +
.../wic/plugins/source/efibootguard-boot.py | 3 +--
.../wic/plugins/source/efibootguard-efi.py | 26 +++++++++----------
wic/qemu-amd64-efibootguard-secureboot.wks.in | 2 +-
7 files changed, 18 insertions(+), 21 deletions(-)
create mode 100644 recipes-bsp/efibootguard/files/debian/efibootguard.links
diff --git a/kas/opt/efibootguard.yml b/kas/opt/efibootguard.yml
index 75d4ab1..f5f9169 100644
--- a/kas/opt/efibootguard.yml
+++ b/kas/opt/efibootguard.yml
@@ -21,6 +21,7 @@ local_conf_header:
SWUPDATE_BOOTLOADER = "efibootguard"
efibootguard-wic: |
+ WIC_IMAGER_INSTALL_append = " efibootguard"
WDOG_TIMEOUT ?= "60"
WICVARS += "WDOG_TIMEOUT KERNEL_IMAGE INITRD_IMAGE"
IMAGE_FSTYPES ?= "wic-img"
diff --git a/recipes-bsp/efibootguard/efibootguard_0.9-git+isar.bb b/recipes-bsp/efibootguard/efibootguard_0.9-git+isar.bb
index 2817e5b..171d8d4 100644
--- a/recipes-bsp/efibootguard/efibootguard_0.9-git+isar.bb
+++ b/recipes-bsp/efibootguard/efibootguard_0.9-git+isar.bb
@@ -39,8 +39,3 @@ do_prepare_build() {
deb_add_changelog
}
-dpkg_runbuild_append() {
- install -m 0755 -d ${DEPLOY_DIR_IMAGE}
- install -m 0755 ${S}/efibootguardx64.efi ${DEPLOY_DIR_IMAGE}/bootx64.efi
- install -m 0755 ${S}/bg_setenv ${DEPLOY_DIR_IMAGE}/bg_setenv
-}
diff --git a/recipes-bsp/efibootguard/files/debian/efibootguard.install b/recipes-bsp/efibootguard/files/debian/efibootguard.install
index 8a8d9d3..0239953 100644
--- a/recipes-bsp/efibootguard/files/debian/efibootguard.install
+++ b/recipes-bsp/efibootguard/files/debian/efibootguard.install
@@ -1,2 +1,3 @@
bg_setenv usr/bin
bg_printenv usr/bin
+efibootguardx64.efi usr/share/efibootguard
diff --git a/recipes-bsp/efibootguard/files/debian/efibootguard.links b/recipes-bsp/efibootguard/files/debian/efibootguard.links
new file mode 100644
index 0000000..97bab21
--- /dev/null
+++ b/recipes-bsp/efibootguard/files/debian/efibootguard.links
@@ -0,0 +1 @@
+usr/share/efibootguard/efibootguardx64.efi usr/share/efibootguard/bootx64.efi
diff --git a/scripts/lib/wic/plugins/source/efibootguard-boot.py b/scripts/lib/wic/plugins/source/efibootguard-boot.py
index 882729a..05cef4e 100644
--- a/scripts/lib/wic/plugins/source/efibootguard-boot.py
+++ b/scripts/lib/wic/plugins/source/efibootguard-boot.py
@@ -111,9 +111,8 @@ class EfibootguardBootPlugin(SourcePlugin):
cwd = os.getcwd()
os.chdir(part_rootfs_dir)
- config_cmd = '%s/bg_setenv -f . -k "C:%s:%s" %s -r %s -w %s' \
+ config_cmd = '/usr/bin/bg_setenv -f . -k "C:%s:%s" %s -r %s -w %s' \
% (
- deploy_dir,
part.label.upper(),
boot_image,
'-a "%s"' % cmdline if cmdline else "",
diff --git a/scripts/lib/wic/plugins/source/efibootguard-efi.py b/scripts/lib/wic/plugins/source/efibootguard-efi.py
index 9eb2353..cb3a37a 100644
--- a/scripts/lib/wic/plugins/source/efibootguard-efi.py
+++ b/scripts/lib/wic/plugins/source/efibootguard-efi.py
@@ -51,11 +51,13 @@ class EfibootguardEFIPlugin(SourcePlugin):
populate an EFI boot partition containing the EFI Boot Guard
bootloader binary.
"""
- deploy_dir = get_bitbake_var("DEPLOY_DIR_IMAGE")
- creator.deploy_dir = deploy_dir
- bootloader_files = source_params.get("bootloader")
+ distro_arch = get_bitbake_var("DISTRO_ARCH")
+ # we need to map the distro_arch to uefi values
+ if "amd64" in distro_arch:
+ distro_arch = "x64"
+ bootloader_files = source_params.get("files")
if not bootloader_files:
- bootloader_files = "bootx64.efi"
+ bootloader_files = "/usr/share/efibootguard/boot{}.efi".format(distro_arch)
bootloader_files = bootloader_files.split(' ')
part_rootfs_dir = "%s/disk/%s.%s" % (cr_workdir,
part.label,
@@ -63,18 +65,16 @@ class EfibootguardEFIPlugin(SourcePlugin):
create_dir_cmd = "install -d %s/EFI/BOOT" % part_rootfs_dir
exec_cmd(create_dir_cmd)
- for bootloader in bootloader_files:
- signed_bootloader = cls._sign_file(bootloader,
- "{}/{}".format(deploy_dir,
- bootloader
- ),
+ for bootloader_path in bootloader_files:
+ name = os.path.basename(bootloader_path)
+ signed_bootloader = cls._sign_file(name,
+ bootloader_path,
cr_workdir,
source_params)
- # important the bootloader in deploy_dir is no longer signed
cp_cmd = "cp %s/%s %s/EFI/BOOT/%s" % (cr_workdir,
- signed_bootloader,
- part_rootfs_dir,
- bootloader)
+ signed_bootloader,
+ part_rootfs_dir,
+ name)
exec_cmd(cp_cmd, True)
du_cmd = "du --apparent-size -ks %s" % part_rootfs_dir
blocks = int(exec_cmd(du_cmd).split()[0])
diff --git a/wic/qemu-amd64-efibootguard-secureboot.wks.in b/wic/qemu-amd64-efibootguard-secureboot.wks.in
index 81fd4fe..72a6f8c 100644
--- a/wic/qemu-amd64-efibootguard-secureboot.wks.in
+++ b/wic/qemu-amd64-efibootguard-secureboot.wks.in
@@ -1,5 +1,5 @@
# EFI partition containing efibootguard bootloader binary
-part --source efibootguard-efi --ondisk sda --size 16M --extra-space 0 --overhead-factor 1 --label efi --align 1024 --part-type=EF00 --active --sourceparams "signwith=/usr/bin/sign_secure_image.sh"
+include ebg-signed-bootloader.inc
# EFI Boot Guard environment/config partitions plus Kernel files
part --source efibootguard-boot --ondisk sda --size 32M --extra-space 0 --overhead-factor 1 --label BOOT0 --align 1024 --part-type=0700 --sourceparams "revision=2,unified-kernel=y,signwith=/usr/bin/sign_secure_image.sh"
--
2.34.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [cip-dev][isar-cip-core][PATCH v2] efibootguard: Do not copy the efi binaries directly into DEPLOY_DIR
2022-02-15 15:01 [cip-dev][isar-cip-core][PATCH v2] efibootguard: Do not copy the efi binaries directly into DEPLOY_DIR Quirin.Gylstorff
@ 2022-02-15 16:17 ` Jan Kiszka
2022-02-18 8:58 ` quirin.gylstorff
0 siblings, 1 reply; 3+ messages in thread
From: Jan Kiszka @ 2022-02-15 16:17 UTC (permalink / raw)
To: Q. Gylstorff, cip-dev
On 15.02.22 16:01, Q. Gylstorff wrote:
> From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
>
> This preparing isar-cip-core to integrate the upcomming ISAR features
> sstate and sbuild. Sbuild doesn't allow the extraction of build results.
>
> sstate doesn't populate the deploy dir from packages in case of a rebuild.
>
> Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
> ---
> Changes v2:
> - use distro_arch to determine binary name
> - remove additional debug message
> - remove deploydir
>
> kas/opt/efibootguard.yml | 1 +
> .../efibootguard/efibootguard_0.9-git+isar.bb | 5 ----
> .../files/debian/efibootguard.install | 1 +
> .../files/debian/efibootguard.links | 1 +
> .../wic/plugins/source/efibootguard-boot.py | 3 +--
> .../wic/plugins/source/efibootguard-efi.py | 26 +++++++++----------
> wic/qemu-amd64-efibootguard-secureboot.wks.in | 2 +-
> 7 files changed, 18 insertions(+), 21 deletions(-)
> create mode 100644 recipes-bsp/efibootguard/files/debian/efibootguard.links
>
> diff --git a/kas/opt/efibootguard.yml b/kas/opt/efibootguard.yml
> index 75d4ab1..f5f9169 100644
> --- a/kas/opt/efibootguard.yml
> +++ b/kas/opt/efibootguard.yml
> @@ -21,6 +21,7 @@ local_conf_header:
> SWUPDATE_BOOTLOADER = "efibootguard"
>
> efibootguard-wic: |
> + WIC_IMAGER_INSTALL_append = " efibootguard"
> WDOG_TIMEOUT ?= "60"
> WICVARS += "WDOG_TIMEOUT KERNEL_IMAGE INITRD_IMAGE"
> IMAGE_FSTYPES ?= "wic-img"
> diff --git a/recipes-bsp/efibootguard/efibootguard_0.9-git+isar.bb b/recipes-bsp/efibootguard/efibootguard_0.9-git+isar.bb
> index 2817e5b..171d8d4 100644
> --- a/recipes-bsp/efibootguard/efibootguard_0.9-git+isar.bb
> +++ b/recipes-bsp/efibootguard/efibootguard_0.9-git+isar.bb
> @@ -39,8 +39,3 @@ do_prepare_build() {
> deb_add_changelog
> }
>
> -dpkg_runbuild_append() {
> - install -m 0755 -d ${DEPLOY_DIR_IMAGE}
> - install -m 0755 ${S}/efibootguardx64.efi ${DEPLOY_DIR_IMAGE}/bootx64.efi
> - install -m 0755 ${S}/bg_setenv ${DEPLOY_DIR_IMAGE}/bg_setenv
> -}
> diff --git a/recipes-bsp/efibootguard/files/debian/efibootguard.install b/recipes-bsp/efibootguard/files/debian/efibootguard.install
> index 8a8d9d3..0239953 100644
> --- a/recipes-bsp/efibootguard/files/debian/efibootguard.install
> +++ b/recipes-bsp/efibootguard/files/debian/efibootguard.install
> @@ -1,2 +1,3 @@
> bg_setenv usr/bin
> bg_printenv usr/bin
> +efibootguardx64.efi usr/share/efibootguard
> diff --git a/recipes-bsp/efibootguard/files/debian/efibootguard.links b/recipes-bsp/efibootguard/files/debian/efibootguard.links
> new file mode 100644
> index 0000000..97bab21
> --- /dev/null
> +++ b/recipes-bsp/efibootguard/files/debian/efibootguard.links
> @@ -0,0 +1 @@
> +usr/share/efibootguard/efibootguardx64.efi usr/share/efibootguard/bootx64.efi
> diff --git a/scripts/lib/wic/plugins/source/efibootguard-boot.py b/scripts/lib/wic/plugins/source/efibootguard-boot.py
> index 882729a..05cef4e 100644
> --- a/scripts/lib/wic/plugins/source/efibootguard-boot.py
> +++ b/scripts/lib/wic/plugins/source/efibootguard-boot.py
> @@ -111,9 +111,8 @@ class EfibootguardBootPlugin(SourcePlugin):
>
> cwd = os.getcwd()
> os.chdir(part_rootfs_dir)
> - config_cmd = '%s/bg_setenv -f . -k "C:%s:%s" %s -r %s -w %s' \
> + config_cmd = '/usr/bin/bg_setenv -f . -k "C:%s:%s" %s -r %s -w %s' \
> % (
> - deploy_dir,
> part.label.upper(),
> boot_image,
> '-a "%s"' % cmdline if cmdline else "",
> diff --git a/scripts/lib/wic/plugins/source/efibootguard-efi.py b/scripts/lib/wic/plugins/source/efibootguard-efi.py
> index 9eb2353..cb3a37a 100644
> --- a/scripts/lib/wic/plugins/source/efibootguard-efi.py
> +++ b/scripts/lib/wic/plugins/source/efibootguard-efi.py
> @@ -51,11 +51,13 @@ class EfibootguardEFIPlugin(SourcePlugin):
> populate an EFI boot partition containing the EFI Boot Guard
> bootloader binary.
> """
> - deploy_dir = get_bitbake_var("DEPLOY_DIR_IMAGE")
> - creator.deploy_dir = deploy_dir
> - bootloader_files = source_params.get("bootloader")
> + distro_arch = get_bitbake_var("DISTRO_ARCH")
> + # we need to map the distro_arch to uefi values
> + if "amd64" in distro_arch:
> + distro_arch = "x64"
How about ia32 and aarch64 (even if the debian package does not support
them yet)?
> + bootloader_files = source_params.get("files")
> if not bootloader_files:
> - bootloader_files = "bootx64.efi"
> + bootloader_files = "/usr/share/efibootguard/boot{}.efi".format(distro_arch)
Why making this configurable? Why making this a list? Do you see use
cases beyond current EBG releases and recipes already?
> bootloader_files = bootloader_files.split(' ')
> part_rootfs_dir = "%s/disk/%s.%s" % (cr_workdir,
> part.label,
> @@ -63,18 +65,16 @@ class EfibootguardEFIPlugin(SourcePlugin):
> create_dir_cmd = "install -d %s/EFI/BOOT" % part_rootfs_dir
> exec_cmd(create_dir_cmd)
>
> - for bootloader in bootloader_files:
> - signed_bootloader = cls._sign_file(bootloader,
> - "{}/{}".format(deploy_dir,
> - bootloader
> - ),
> + for bootloader_path in bootloader_files:
> + name = os.path.basename(bootloader_path)
> + signed_bootloader = cls._sign_file(name,
> + bootloader_path,
> cr_workdir,
> source_params)
> - # important the bootloader in deploy_dir is no longer signed
> cp_cmd = "cp %s/%s %s/EFI/BOOT/%s" % (cr_workdir,
> - signed_bootloader,
> - part_rootfs_dir,
> - bootloader)
> + signed_bootloader,
> + part_rootfs_dir,
> + name)
> exec_cmd(cp_cmd, True)
> du_cmd = "du --apparent-size -ks %s" % part_rootfs_dir
> blocks = int(exec_cmd(du_cmd).split()[0])
> diff --git a/wic/qemu-amd64-efibootguard-secureboot.wks.in b/wic/qemu-amd64-efibootguard-secureboot.wks.in
> index 81fd4fe..72a6f8c 100644
> --- a/wic/qemu-amd64-efibootguard-secureboot.wks.in
> +++ b/wic/qemu-amd64-efibootguard-secureboot.wks.in
> @@ -1,5 +1,5 @@
> # EFI partition containing efibootguard bootloader binary
> -part --source efibootguard-efi --ondisk sda --size 16M --extra-space 0 --overhead-factor 1 --label efi --align 1024 --part-type=EF00 --active --sourceparams "signwith=/usr/bin/sign_secure_image.sh"
> +include ebg-signed-bootloader.inc
>
> # EFI Boot Guard environment/config partitions plus Kernel files
> part --source efibootguard-boot --ondisk sda --size 32M --extra-space 0 --overhead-factor 1 --label BOOT0 --align 1024 --part-type=0700 --sourceparams "revision=2,unified-kernel=y,signwith=/usr/bin/sign_secure_image.sh"
Jan
--
Siemens AG, Technology
Competence Center Embedded Linux
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [cip-dev][isar-cip-core][PATCH v2] efibootguard: Do not copy the efi binaries directly into DEPLOY_DIR
2022-02-15 16:17 ` Jan Kiszka
@ 2022-02-18 8:58 ` quirin.gylstorff
0 siblings, 0 replies; 3+ messages in thread
From: quirin.gylstorff @ 2022-02-18 8:58 UTC (permalink / raw)
To: Jan Kiszka, cip-dev
On 2/15/22 17:17, Jan Kiszka wrote:
> On 15.02.22 16:01, Q. Gylstorff wrote:
>> From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
>>
>> This preparing isar-cip-core to integrate the upcomming ISAR features
>> sstate and sbuild. Sbuild doesn't allow the extraction of build results.
>>
>> sstate doesn't populate the deploy dir from packages in case of a rebuild.
>>
>> Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
>> ---
>> Changes v2:
>> - use distro_arch to determine binary name
>> - remove additional debug message
>> - remove deploydir
>>
>> kas/opt/efibootguard.yml | 1 +
>> .../efibootguard/efibootguard_0.9-git+isar.bb | 5 ----
>> .../files/debian/efibootguard.install | 1 +
>> .../files/debian/efibootguard.links | 1 +
>> .../wic/plugins/source/efibootguard-boot.py | 3 +--
>> .../wic/plugins/source/efibootguard-efi.py | 26 +++++++++----------
>> wic/qemu-amd64-efibootguard-secureboot.wks.in | 2 +-
>> 7 files changed, 18 insertions(+), 21 deletions(-)
>> create mode 100644 recipes-bsp/efibootguard/files/debian/efibootguard.links
>>
>> diff --git a/kas/opt/efibootguard.yml b/kas/opt/efibootguard.yml
>> index 75d4ab1..f5f9169 100644
>> --- a/kas/opt/efibootguard.yml
>> +++ b/kas/opt/efibootguard.yml
>> @@ -21,6 +21,7 @@ local_conf_header:
>> SWUPDATE_BOOTLOADER = "efibootguard"
>>
>> efibootguard-wic: |
>> + WIC_IMAGER_INSTALL_append = " efibootguard"
>> WDOG_TIMEOUT ?= "60"
>> WICVARS += "WDOG_TIMEOUT KERNEL_IMAGE INITRD_IMAGE"
>> IMAGE_FSTYPES ?= "wic-img"
>> diff --git a/recipes-bsp/efibootguard/efibootguard_0.9-git+isar.bb b/recipes-bsp/efibootguard/efibootguard_0.9-git+isar.bb
>> index 2817e5b..171d8d4 100644
>> --- a/recipes-bsp/efibootguard/efibootguard_0.9-git+isar.bb
>> +++ b/recipes-bsp/efibootguard/efibootguard_0.9-git+isar.bb
>> @@ -39,8 +39,3 @@ do_prepare_build() {
>> deb_add_changelog
>> }
>>
>> -dpkg_runbuild_append() {
>> - install -m 0755 -d ${DEPLOY_DIR_IMAGE}
>> - install -m 0755 ${S}/efibootguardx64.efi ${DEPLOY_DIR_IMAGE}/bootx64.efi
>> - install -m 0755 ${S}/bg_setenv ${DEPLOY_DIR_IMAGE}/bg_setenv
>> -}
>> diff --git a/recipes-bsp/efibootguard/files/debian/efibootguard.install b/recipes-bsp/efibootguard/files/debian/efibootguard.install
>> index 8a8d9d3..0239953 100644
>> --- a/recipes-bsp/efibootguard/files/debian/efibootguard.install
>> +++ b/recipes-bsp/efibootguard/files/debian/efibootguard.install
>> @@ -1,2 +1,3 @@
>> bg_setenv usr/bin
>> bg_printenv usr/bin
>> +efibootguardx64.efi usr/share/efibootguard
>> diff --git a/recipes-bsp/efibootguard/files/debian/efibootguard.links b/recipes-bsp/efibootguard/files/debian/efibootguard.links
>> new file mode 100644
>> index 0000000..97bab21
>> --- /dev/null
>> +++ b/recipes-bsp/efibootguard/files/debian/efibootguard.links
>> @@ -0,0 +1 @@
>> +usr/share/efibootguard/efibootguardx64.efi usr/share/efibootguard/bootx64.efi
>> diff --git a/scripts/lib/wic/plugins/source/efibootguard-boot.py b/scripts/lib/wic/plugins/source/efibootguard-boot.py
>> index 882729a..05cef4e 100644
>> --- a/scripts/lib/wic/plugins/source/efibootguard-boot.py
>> +++ b/scripts/lib/wic/plugins/source/efibootguard-boot.py
>> @@ -111,9 +111,8 @@ class EfibootguardBootPlugin(SourcePlugin):
>>
>> cwd = os.getcwd()
>> os.chdir(part_rootfs_dir)
>> - config_cmd = '%s/bg_setenv -f . -k "C:%s:%s" %s -r %s -w %s' \
>> + config_cmd = '/usr/bin/bg_setenv -f . -k "C:%s:%s" %s -r %s -w %s' \
>> % (
>> - deploy_dir,
>> part.label.upper(),
>> boot_image,
>> '-a "%s"' % cmdline if cmdline else "",
>> diff --git a/scripts/lib/wic/plugins/source/efibootguard-efi.py b/scripts/lib/wic/plugins/source/efibootguard-efi.py
>> index 9eb2353..cb3a37a 100644
>> --- a/scripts/lib/wic/plugins/source/efibootguard-efi.py
>> +++ b/scripts/lib/wic/plugins/source/efibootguard-efi.py
>> @@ -51,11 +51,13 @@ class EfibootguardEFIPlugin(SourcePlugin):
>> populate an EFI boot partition containing the EFI Boot Guard
>> bootloader binary.
>> """
>> - deploy_dir = get_bitbake_var("DEPLOY_DIR_IMAGE")
>> - creator.deploy_dir = deploy_dir
>> - bootloader_files = source_params.get("bootloader")
>> + distro_arch = get_bitbake_var("DISTRO_ARCH")
>> + # we need to map the distro_arch to uefi values
>> + if "amd64" in distro_arch:
>> + distro_arch = "x64"
>
> How about ia32 and aarch64 (even if the debian package does not support
> them yet)?
I will add a dict for them.
>
>> + bootloader_files = source_params.get("files")
>> if not bootloader_files:
>> - bootloader_files = "bootx64.efi"
>> + bootloader_files = "/usr/share/efibootguard/boot{}.efi".format(distro_arch)
>
> Why making this configurable? Why making this a list? Do you see use
> cases beyond current EBG releases and recipes already?
I remember a downstream(internal) usecase which had multiple bootloaders
added.
I will ask around.
>
>> bootloader_files = bootloader_files.split(' ')
>> part_rootfs_dir = "%s/disk/%s.%s" % (cr_workdir,
>> part.label,
>> @@ -63,18 +65,16 @@ class EfibootguardEFIPlugin(SourcePlugin):
>> create_dir_cmd = "install -d %s/EFI/BOOT" % part_rootfs_dir
>> exec_cmd(create_dir_cmd)
>>
>> - for bootloader in bootloader_files:
>> - signed_bootloader = cls._sign_file(bootloader,
>> - "{}/{}".format(deploy_dir,
>> - bootloader
>> - ),
>> + for bootloader_path in bootloader_files:
>> + name = os.path.basename(bootloader_path)
>> + signed_bootloader = cls._sign_file(name,
>> + bootloader_path,
>> cr_workdir,
>> source_params)
>> - # important the bootloader in deploy_dir is no longer signed
>> cp_cmd = "cp %s/%s %s/EFI/BOOT/%s" % (cr_workdir,
>> - signed_bootloader,
>> - part_rootfs_dir,
>> - bootloader)
>> + signed_bootloader,
>> + part_rootfs_dir,
>> + name)
>> exec_cmd(cp_cmd, True)
>> du_cmd = "du --apparent-size -ks %s" % part_rootfs_dir
>> blocks = int(exec_cmd(du_cmd).split()[0])
>> diff --git a/wic/qemu-amd64-efibootguard-secureboot.wks.in b/wic/qemu-amd64-efibootguard-secureboot.wks.in
>> index 81fd4fe..72a6f8c 100644
>> --- a/wic/qemu-amd64-efibootguard-secureboot.wks.in
>> +++ b/wic/qemu-amd64-efibootguard-secureboot.wks.in
>> @@ -1,5 +1,5 @@
>> # EFI partition containing efibootguard bootloader binary
>> -part --source efibootguard-efi --ondisk sda --size 16M --extra-space 0 --overhead-factor 1 --label efi --align 1024 --part-type=EF00 --active --sourceparams "signwith=/usr/bin/sign_secure_image.sh"
>> +include ebg-signed-bootloader.inc
>>
>> # EFI Boot Guard environment/config partitions plus Kernel files
>> part --source efibootguard-boot --ondisk sda --size 32M --extra-space 0 --overhead-factor 1 --label BOOT0 --align 1024 --part-type=0700 --sourceparams "revision=2,unified-kernel=y,signwith=/usr/bin/sign_secure_image.sh"
>
> Jan
>
Quirin
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-02-18 8:58 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-02-15 15:01 [cip-dev][isar-cip-core][PATCH v2] efibootguard: Do not copy the efi binaries directly into DEPLOY_DIR Quirin.Gylstorff
2022-02-15 16:17 ` Jan Kiszka
2022-02-18 8:58 ` quirin.gylstorff
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.