[cip-dev][isar-cip-core][PATCH v3] efibootguard: Do not copy the efi binaries directly into DEPLOY_DIR

* [cip-dev][isar-cip-core][PATCH v3] efibootguard: Do not copy the efi binaries directly into DEPLOY_DIR
@ 2022-02-18 15:28 Quirin.Gylstorff
  2022-02-18 16:15 ` Jan Kiszka
  0 siblings, 1 reply; 2+ messages in thread
From: Quirin.Gylstorff @ 2022-02-18 15:28 UTC (permalink / raw)
  To: cip-dev, jan.kiszka

From: Quirin Gylstorff <quirin.gylstorff@siemens.com>

This patch prepares isar-cip-core to integrate the ISAR features
sstate and the upcoming sbuild feature. The features introduce the
following changes: 
 - Sbuild doesn't easily allow the extraction of build results
 - sstate doesn't populate the DEPLOY_DIR from packages in case of a rebuild.


Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
---
Changes v2:
 - use distro_arch to determine binary name
 - remove additional debug message
 - remove deploydir

Changes v3:
 - add dictionary to map between DISTRO_ARCH and efi architecture idenitifer
 - remove handling of source_param `files`
 - reword commit message

 kas/opt/efibootguard.yml                      |  1 +
 .../efibootguard/efibootguard_0.9-git+isar.bb |  5 ---
 .../files/debian/efibootguard.install         |  1 +
 .../files/debian/efibootguard.links           |  1 +
 .../wic/plugins/source/efibootguard-boot.py   |  3 +-
 .../wic/plugins/source/efibootguard-efi.py    | 39 ++++++++++---------
 wic/qemu-amd64-efibootguard-secureboot.wks.in |  2 +-
 7 files changed, 25 insertions(+), 27 deletions(-)
 create mode 100644 recipes-bsp/efibootguard/files/debian/efibootguard.links

diff --git a/kas/opt/efibootguard.yml b/kas/opt/efibootguard.yml
index 75d4ab1..f5f9169 100644
--- a/kas/opt/efibootguard.yml
+++ b/kas/opt/efibootguard.yml
@@ -21,6 +21,7 @@ local_conf_header:
     SWUPDATE_BOOTLOADER = "efibootguard"
 
   efibootguard-wic: |
+    WIC_IMAGER_INSTALL_append = " efibootguard"
     WDOG_TIMEOUT ?= "60"
     WICVARS += "WDOG_TIMEOUT KERNEL_IMAGE INITRD_IMAGE"
     IMAGE_FSTYPES ?= "wic-img"
diff --git a/recipes-bsp/efibootguard/efibootguard_0.9-git+isar.bb b/recipes-bsp/efibootguard/efibootguard_0.9-git+isar.bb
index 2817e5b..171d8d4 100644
--- a/recipes-bsp/efibootguard/efibootguard_0.9-git+isar.bb
+++ b/recipes-bsp/efibootguard/efibootguard_0.9-git+isar.bb
@@ -39,8 +39,3 @@ do_prepare_build() {
     deb_add_changelog
 }
 
-dpkg_runbuild_append() {
-    install -m 0755 -d ${DEPLOY_DIR_IMAGE}
-    install -m 0755 ${S}/efibootguardx64.efi ${DEPLOY_DIR_IMAGE}/bootx64.efi
-    install -m 0755 ${S}/bg_setenv ${DEPLOY_DIR_IMAGE}/bg_setenv
-}
diff --git a/recipes-bsp/efibootguard/files/debian/efibootguard.install b/recipes-bsp/efibootguard/files/debian/efibootguard.install
index 8a8d9d3..0239953 100644
--- a/recipes-bsp/efibootguard/files/debian/efibootguard.install
+++ b/recipes-bsp/efibootguard/files/debian/efibootguard.install
@@ -1,2 +1,3 @@
 bg_setenv usr/bin
 bg_printenv usr/bin
+efibootguardx64.efi usr/share/efibootguard
diff --git a/recipes-bsp/efibootguard/files/debian/efibootguard.links b/recipes-bsp/efibootguard/files/debian/efibootguard.links
new file mode 100644
index 0000000..97bab21
--- /dev/null
+++ b/recipes-bsp/efibootguard/files/debian/efibootguard.links
@@ -0,0 +1 @@
+usr/share/efibootguard/efibootguardx64.efi usr/share/efibootguard/bootx64.efi
diff --git a/scripts/lib/wic/plugins/source/efibootguard-boot.py b/scripts/lib/wic/plugins/source/efibootguard-boot.py
index 882729a..05cef4e 100644
--- a/scripts/lib/wic/plugins/source/efibootguard-boot.py
+++ b/scripts/lib/wic/plugins/source/efibootguard-boot.py
@@ -111,9 +111,8 @@ class EfibootguardBootPlugin(SourcePlugin):
 
         cwd = os.getcwd()
         os.chdir(part_rootfs_dir)
-        config_cmd = '%s/bg_setenv -f . -k "C:%s:%s" %s -r %s -w %s' \
+        config_cmd = '/usr/bin/bg_setenv -f . -k "C:%s:%s" %s -r %s -w %s' \
             % (
-                deploy_dir,
                 part.label.upper(),
                 boot_image,
                 '-a "%s"' % cmdline if cmdline else "",
diff --git a/scripts/lib/wic/plugins/source/efibootguard-efi.py b/scripts/lib/wic/plugins/source/efibootguard-efi.py
index 9eb2353..858fcbf 100644
--- a/scripts/lib/wic/plugins/source/efibootguard-efi.py
+++ b/scripts/lib/wic/plugins/source/efibootguard-efi.py
@@ -51,31 +51,32 @@ class EfibootguardEFIPlugin(SourcePlugin):
         populate an EFI boot partition containing the EFI Boot Guard
         bootloader binary.
         """
-        deploy_dir = get_bitbake_var("DEPLOY_DIR_IMAGE")
-        creator.deploy_dir = deploy_dir
-        bootloader_files = source_params.get("bootloader")
-        if not bootloader_files:
-            bootloader_files = "bootx64.efi"
-        bootloader_files = bootloader_files.split(' ')
+        # we need to map the distro_arch to uefi values
+        distro_to_efi_arch = {
+            "amd64": "x64",
+            "arm64": "aarch64",
+            "i386": "ia32"
+        }
+
+        distro_arch = get_bitbake_var("DISTRO_ARCH")
+        bootloader = "/usr/share/efibootguard/boot{}.efi".format(
+            distro_to_efi_arch[distro_arch])
         part_rootfs_dir = "%s/disk/%s.%s" % (cr_workdir,
                                              part.label,
                                              part.lineno)
         create_dir_cmd = "install -d %s/EFI/BOOT" % part_rootfs_dir
         exec_cmd(create_dir_cmd)
 
-        for bootloader in bootloader_files:
-            signed_bootloader = cls._sign_file(bootloader,
-                                               "{}/{}".format(deploy_dir,
-                                                              bootloader
-                                                              ),
-                                               cr_workdir,
-                                               source_params)
-            # important the bootloader in deploy_dir is no longer signed
-            cp_cmd = "cp %s/%s %s/EFI/BOOT/%s" % (cr_workdir,
-                                                signed_bootloader,
-                                                part_rootfs_dir,
-                                                bootloader)
-            exec_cmd(cp_cmd, True)
+        name = os.path.basename(bootloader)
+        signed_bootloader = cls._sign_file(name,
+                                           bootloader,
+                                           cr_workdir,
+                                           source_params)
+        cp_cmd = "cp %s/%s %s/EFI/BOOT/%s" % (cr_workdir,
+                                              signed_bootloader,
+                                              part_rootfs_dir,
+                                              name)
+        exec_cmd(cp_cmd, True)
         du_cmd = "du --apparent-size -ks %s" % part_rootfs_dir
         blocks = int(exec_cmd(du_cmd).split()[0])
 
diff --git a/wic/qemu-amd64-efibootguard-secureboot.wks.in b/wic/qemu-amd64-efibootguard-secureboot.wks.in
index 81fd4fe..72a6f8c 100644
--- a/wic/qemu-amd64-efibootguard-secureboot.wks.in
+++ b/wic/qemu-amd64-efibootguard-secureboot.wks.in
@@ -1,5 +1,5 @@
 # EFI partition containing efibootguard bootloader binary
-part --source efibootguard-efi  --ondisk sda --size 16M --extra-space 0 --overhead-factor 1 --label efi   --align 1024 --part-type=EF00 --active --sourceparams "signwith=/usr/bin/sign_secure_image.sh"
+include ebg-signed-bootloader.inc
 
 # EFI Boot Guard environment/config partitions plus Kernel files
 part --source efibootguard-boot --ondisk sda --size 32M --extra-space 0 --overhead-factor 1 --label BOOT0 --align 1024 --part-type=0700 --sourceparams "revision=2,unified-kernel=y,signwith=/usr/bin/sign_secure_image.sh"
-- 
2.34.1



^ permalink raw reply related	[flat|nested] 2+ messages in thread