From: "Richard Purdie" <richard.purdie@linuxfoundation.org>
To: kristian@klausen.dk, openembedded-core@lists.openembedded.org
Subject: Re: [OE-core] [PATCH] wic/bootimg-efi: Add Unified Kernel Image option
Date: Fri, 10 Sep 2021 09:31:18 +0100 [thread overview]
Message-ID: <e09b8b9e26d55f71bda9afdd0c2e1e25ec2b4690.camel@linuxfoundation.org> (raw)
In-Reply-To: <20210909175337.624-1-kristian@klausen.dk>
On Thu, 2021-09-09 at 17:53 +0000, Kristian Klausen via lists.openembedded.org
wrote:
> "A unified kernel image is a single EFI PE executable combining an EFI
> stub loader, a kernel image, an initramfs image, and the kernel command
> line.
>
> [...]
>
> Images of this type have the advantage that all metadata and payload
> that makes up the boot entry is monopolized in a single PE file that can
> be signed cryptographically as one for the purpose of EFI
> SecureBoot."[1]
>
> This commit adds a create-unified-kernel-image=true option to the
> bootimg-efi plugin for creating a Unified Kernel Image[1] and installing
> it into $BOOT/EFI/Linux/ with a .efi extension per the the Boot Loader
> Specification[1][2]. This is useful for implementing Secure Boot.
>
> systemd-boot is the only mainstream bootloader implementing the
> specification, but GRUB should be able to boot the EFI binary, this
> commit however doesn't implement the necessary changes to the GRUB
> config generation logic to boot the Unified Kernel Image.
>
> [1] https://systemd.io/BOOT_LOADER_SPECIFICATION/#type-2-efi-unified-kernel-images
> [2] https://systemd.io/BOOT_LOADER_SPECIFICATION/
>
> Signed-off-by: Kristian Klausen <kristian@klausen.dk>
> ---
>
> This patch supersedes:
> "[RFC][PATCH] kernel: Add Unified Kernel Image image type"[1]
> and:
> "[PATCH] wic/bootimg-efi: Add option for only installing the bootloader"[2]
>
> The latter is perhaps still useful, but with this patch it is no longer
> needed for using a Unified Kernel Image with systemd-boot.
>
> [1] https://lists.openembedded.org/g/openembedded-core/message/155801
> [2] https://lists.openembedded.org/g/openembedded-core/message/155789
>
> scripts/lib/wic/plugins/source/bootimg-efi.py | 69 ++++++++++++++++---
> 1 file changed, 59 insertions(+), 10 deletions(-)
Do we need to add a test for this into meta/lib/oeqa/selftest/cases/wic.py?
Cheers,
Richard
next prev parent reply other threads:[~2021-09-10 8:31 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-09 17:53 [PATCH] wic/bootimg-efi: Add Unified Kernel Image option Kristian Klausen
2021-09-10 8:31 ` Richard Purdie [this message]
2021-09-12 16:09 ` [OE-core] " Kristian Klausen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=e09b8b9e26d55f71bda9afdd0c2e1e25ec2b4690.camel@linuxfoundation.org \
--to=richard.purdie@linuxfoundation.org \
--cc=kristian@klausen.dk \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.