* [isar-cip-core][PATCH 0/4] Fix EFI Boot Guard for aarch64
@ 2022-03-21 7:59 Jan Kiszka
2022-03-21 7:59 ` [isar-cip-core][PATCH 1/4] shtab: Fix cross build Jan Kiszka
` (3 more replies)
0 siblings, 4 replies; 6+ messages in thread
From: Jan Kiszka @ 2022-03-21 7:59 UTC (permalink / raw)
To: cip-dev; +Cc: Quirin Gylstorff
This is unfortunately not yet stressed in isar-cip-core itself (someone
should add a non-secure SWUpdate via U-Boot UEFI first), so it was only
found while trying to enable a layer that uses isar-cip-core. But to
move forward, I'm pushing the fixes already.
Jan
Jan Kiszka (4):
shtab: Fix cross build
shtab: Fix PYBUILD_NAME
efibootguard: Fix non-x86 builds
efibootguard: Fix plugins for aarch64
recipes-bsp/efibootguard/efibootguard_0.10.bb | 17 +++++++++--
.../0001-configure-Fix-aarch64-EFI-arch.patch | 28 +++++++++++++++++++
....install => efibootguard-dev.install.tmpl} | 3 +-
recipes-python/shtab/files/rules | 2 +-
recipes-python/shtab/python3-shtab_1.4.2.bb | 2 +-
.../wic/plugins/source/efibootguard-boot.py | 11 ++++++--
.../wic/plugins/source/efibootguard-efi.py | 2 +-
7 files changed, 55 insertions(+), 10 deletions(-)
create mode 100644 recipes-bsp/efibootguard/files/0001-configure-Fix-aarch64-EFI-arch.patch
rename recipes-bsp/efibootguard/files/debian/{efibootguard-dev.install => efibootguard-dev.install.tmpl} (50%)
--
2.34.1
^ permalink raw reply [flat|nested] 6+ messages in thread
* [isar-cip-core][PATCH 1/4] shtab: Fix cross build
2022-03-21 7:59 [isar-cip-core][PATCH 0/4] Fix EFI Boot Guard for aarch64 Jan Kiszka
@ 2022-03-21 7:59 ` Jan Kiszka
2022-03-21 7:59 ` [isar-cip-core][PATCH 2/4] shtab: Fix PYBUILD_NAME Jan Kiszka
` (2 subsequent siblings)
3 siblings, 0 replies; 6+ messages in thread
From: Jan Kiszka @ 2022-03-21 7:59 UTC (permalink / raw)
To: cip-dev; +Cc: Quirin Gylstorff
From: Jan Kiszka <jan.kiszka@siemens.com>
Not tested via isar-cip-core yet: When building python3-shtab cross, one
dependency needs a ':native' suffix due to transient dependencies on a
arch-specific package.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
---
recipes-python/shtab/python3-shtab_1.4.2.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/recipes-python/shtab/python3-shtab_1.4.2.bb b/recipes-python/shtab/python3-shtab_1.4.2.bb
index eb5feda..ce83d6b 100644
--- a/recipes-python/shtab/python3-shtab_1.4.2.bb
+++ b/recipes-python/shtab/python3-shtab_1.4.2.bb
@@ -24,7 +24,7 @@ DEBIAN_BUILD_DEPENDS = " \
dh-python, \
python3-all, \
python3-setuptools, \
- python3-setuptools-scm, \
+ python3-setuptools-scm:native, \
"
DEB_BUILD_PROFILES = "nocheck"
--
2.34.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [isar-cip-core][PATCH 2/4] shtab: Fix PYBUILD_NAME
2022-03-21 7:59 [isar-cip-core][PATCH 0/4] Fix EFI Boot Guard for aarch64 Jan Kiszka
2022-03-21 7:59 ` [isar-cip-core][PATCH 1/4] shtab: Fix cross build Jan Kiszka
@ 2022-03-21 7:59 ` Jan Kiszka
2022-03-21 7:59 ` [isar-cip-core][PATCH 3/4] efibootguard: Fix non-x86 builds Jan Kiszka
2022-03-21 7:59 ` [isar-cip-core][PATCH 4/4] efibootguard: Fix plugins for aarch64 Jan Kiszka
3 siblings, 0 replies; 6+ messages in thread
From: Jan Kiszka @ 2022-03-21 7:59 UTC (permalink / raw)
To: cip-dev; +Cc: Quirin Gylstorff
From: Jan Kiszka <jan.kiszka@siemens.com>
Copy&pasted from meta-coral. Seems to have had only cosmetic impact.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
---
recipes-python/shtab/files/rules | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/recipes-python/shtab/files/rules b/recipes-python/shtab/files/rules
index 43ba686..2dd07b2 100755
--- a/recipes-python/shtab/files/rules
+++ b/recipes-python/shtab/files/rules
@@ -11,7 +11,7 @@
export DH_VERBOSE=1
export PYBUILD_VERBOSE=1
-export PYBUILD_NAME=pasta
+export PYBUILD_NAME=shtab
ifneq ($(filter nocheck,$(DEB_BUILD_PROFILES)),)
export PYBUILD_DISABLE=test
--
2.34.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [isar-cip-core][PATCH 3/4] efibootguard: Fix non-x86 builds
2022-03-21 7:59 [isar-cip-core][PATCH 0/4] Fix EFI Boot Guard for aarch64 Jan Kiszka
2022-03-21 7:59 ` [isar-cip-core][PATCH 1/4] shtab: Fix cross build Jan Kiszka
2022-03-21 7:59 ` [isar-cip-core][PATCH 2/4] shtab: Fix PYBUILD_NAME Jan Kiszka
@ 2022-03-21 7:59 ` Jan Kiszka
2022-03-21 7:59 ` [isar-cip-core][PATCH 4/4] efibootguard: Fix plugins for aarch64 Jan Kiszka
3 siblings, 0 replies; 6+ messages in thread
From: Jan Kiszka @ 2022-03-21 7:59 UTC (permalink / raw)
To: cip-dev; +Cc: Quirin Gylstorff
From: Jan Kiszka <jan.kiszka@siemens.com>
The libc6-dev-i386 package is obviously x86-only.
Furthermore, the installation path must use DEB_HOST_MULTIARCH in order
to drop libebgenv.a in the right folder. This might have been already
broken for i386. As we still support buster, templating is needed to
translate DEB_HOST_MULTIARCH. This would just work with bullseye and
compat level 13 + dh-exec.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
---
recipes-bsp/efibootguard/efibootguard_0.10.bb | 16 +++++++++++++---
...dev.install => efibootguard-dev.install.tmpl} | 3 +--
2 files changed, 14 insertions(+), 5 deletions(-)
rename recipes-bsp/efibootguard/files/debian/{efibootguard-dev.install => efibootguard-dev.install.tmpl} (50%)
diff --git a/recipes-bsp/efibootguard/efibootguard_0.10.bb b/recipes-bsp/efibootguard/efibootguard_0.10.bb
index 7d09c85..b0877d0 100644
--- a/recipes-bsp/efibootguard/efibootguard_0.10.bb
+++ b/recipes-bsp/efibootguard/efibootguard_0.10.bb
@@ -26,12 +26,22 @@ PROVIDES = "${PN}"
PROVIDES += "${PN}-dev"
DEPENDS = "python3-shtab"
-BUILD_DEB_DEPENDS = "dh-exec,gnu-efi,libpci-dev,check,pkg-config,libc6-dev-i386,python3-shtab"
+BUILD_DEB_DEPENDS = "dh-exec,gnu-efi,libpci-dev,check,pkg-config,python3-shtab"
+BUILD_DEB_DEPENDS_append_amd64 = ",libc6-dev-i386"
+BUILD_DEB_DEPENDS_append_i386 = ",libc6-dev-i386"
inherit dpkg
-TEMPLATE_FILES = "debian/control.tmpl"
-TEMPLATE_VARS += "DESCRIPTION_DEV BUILD_DEB_DEPENDS"
+# needed for buster, bullseye could use compat >= 13
+python() {
+ arch = d.getVar('DISTRO_ARCH')
+ cmd = 'dpkg-architecture -a {} -q DEB_HOST_MULTIARCH'.format(arch)
+ with os.popen(cmd) as proc:
+ d.setVar('DEB_HOST_MULTIARCH', proc.read())
+}
+
+TEMPLATE_FILES = "debian/control.tmpl debian/efibootguard-dev.install.tmpl"
+TEMPLATE_VARS += "DESCRIPTION_DEV BUILD_DEB_DEPENDS DEB_HOST_MULTIARCH"
do_prepare_build() {
cp -R ${WORKDIR}/debian ${S}
diff --git a/recipes-bsp/efibootguard/files/debian/efibootguard-dev.install b/recipes-bsp/efibootguard/files/debian/efibootguard-dev.install.tmpl
similarity index 50%
rename from recipes-bsp/efibootguard/files/debian/efibootguard-dev.install
rename to recipes-bsp/efibootguard/files/debian/efibootguard-dev.install.tmpl
index 7b45bd8..948019a 100644
--- a/recipes-bsp/efibootguard/files/debian/efibootguard-dev.install
+++ b/recipes-bsp/efibootguard/files/debian/efibootguard-dev.install.tmpl
@@ -1,3 +1,2 @@
include/ebgenv.h usr/include/efibootguard
-libebgenv.a usr/lib/x86_64-linux-gnu
-
+libebgenv.a usr/lib/${DEB_HOST_MULTIARCH}
--
2.34.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [isar-cip-core][PATCH 4/4] efibootguard: Fix plugins for aarch64
2022-03-21 7:59 [isar-cip-core][PATCH 0/4] Fix EFI Boot Guard for aarch64 Jan Kiszka
` (2 preceding siblings ...)
2022-03-21 7:59 ` [isar-cip-core][PATCH 3/4] efibootguard: Fix non-x86 builds Jan Kiszka
@ 2022-03-21 7:59 ` Jan Kiszka
2022-03-21 12:32 ` [isar-cip-core v2][PATCH " Jan Kiszka
3 siblings, 1 reply; 6+ messages in thread
From: Jan Kiszka @ 2022-03-21 7:59 UTC (permalink / raw)
To: cip-dev; +Cc: Quirin Gylstorff
From: Jan Kiszka <jan.kiszka@siemens.com>
This requires to add a post-0.10 fix from upstream EBG and own changes
so that the right arch string is used, for the loader as well as the
stub.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
---
recipes-bsp/efibootguard/efibootguard_0.10.bb | 1 +
.../0001-configure-Fix-aarch64-EFI-arch.patch | 28 +++++++++++++++++++
.../wic/plugins/source/efibootguard-boot.py | 11 ++++++--
.../wic/plugins/source/efibootguard-efi.py | 2 +-
4 files changed, 39 insertions(+), 3 deletions(-)
create mode 100644 recipes-bsp/efibootguard/files/0001-configure-Fix-aarch64-EFI-arch.patch
diff --git a/recipes-bsp/efibootguard/efibootguard_0.10.bb b/recipes-bsp/efibootguard/efibootguard_0.10.bb
index b0877d0..bfc0ede 100644
--- a/recipes-bsp/efibootguard/efibootguard_0.10.bb
+++ b/recipes-bsp/efibootguard/efibootguard_0.10.bb
@@ -19,6 +19,7 @@ MAINTAINER = "Jan Kiszka <jan.kiszka@siemens.com>"
SRC_URI = " \
https://github.com/siemens/efibootguard/archive/refs/tags/v${PV}.tar.gz;downloadfilename=efitbootguard-v${PV}.tar.gz \
file://debian \
+ file://0001-configure-Fix-aarch64-EFI-arch.patch \
"
SRC_URI[sha256sum] = "4d58574a0bb8f1e56056ab0bcc2487d37e49fa147dc991e719c2ec8e20f88dd3"
diff --git a/recipes-bsp/efibootguard/files/0001-configure-Fix-aarch64-EFI-arch.patch b/recipes-bsp/efibootguard/files/0001-configure-Fix-aarch64-EFI-arch.patch
new file mode 100644
index 0000000..ee05e94
--- /dev/null
+++ b/recipes-bsp/efibootguard/files/0001-configure-Fix-aarch64-EFI-arch.patch
@@ -0,0 +1,28 @@
+From 3f11612fbcbd1c17988d634ecdaecf1ec241f6e0 Mon Sep 17 00:00:00 2001
+From: Jan Kiszka <jan.kiszka@siemens.com>
+Date: Mon, 21 Mar 2022 07:02:28 +0100
+Subject: [PATCH] configure: Fix aarch64 EFI arch
+
+It's aa64 here according to the UEFI spec.
+
+Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
+---
+ configure.ac | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index a1a83e9..09d06d7 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -102,7 +102,7 @@ AM_COND_IF(ARCH_X86_64, [
+ MACHINE_TYPE_NAME=x64])
+
+ AM_COND_IF(ARCH_AARCH64, [
+- MACHINE_TYPE_NAME=aarch64])
++ MACHINE_TYPE_NAME=aa64])
+
+ AC_SUBST([ARCH])
+ AC_SUBST([MACHINE_TYPE_NAME])
+--
+2.34.1
+
diff --git a/scripts/lib/wic/plugins/source/efibootguard-boot.py b/scripts/lib/wic/plugins/source/efibootguard-boot.py
index 05cef4e..5061629 100644
--- a/scripts/lib/wic/plugins/source/efibootguard-boot.py
+++ b/scripts/lib/wic/plugins/source/efibootguard-boot.py
@@ -176,10 +176,17 @@ class EfibootguardBootPlugin(SourcePlugin):
def _create_unified_kernel_image(cls, rootfs_dir, cr_workdir, cmdline,
uefi_kernel, deploy_dir, kernel_image,
initrd_image, source_params):
+ # we need to map the distro_arch to uefi values
+ distro_to_efi_arch = {
+ "amd64": "x64",
+ "arm64": "aa64",
+ "i386": "ia32"
+ }
rootfs_path = rootfs_dir.get('ROOTFS_DIR')
os_release_file = "{root}/etc/os-release".format(root=rootfs_path)
- efistub = "{rootfs_path}/usr/lib/systemd/boot/efi/linuxx64.efi.stub"\
- .format(rootfs_path=rootfs_path)
+ efistub = "{rootfs_path}/usr/lib/systemd/boot/efi/linux{efiarch}.stub"\
+ .format(rootfs_path=rootfs_path,
+ efiarch=distro_to_efi_arch[get_bitbake_var("DISTRO_ARCH")])
msger.debug("osrelease path: %s", os_release_file)
kernel_cmdline_file = "{cr_workdir}/kernel-command-line-file.txt"\
.format(cr_workdir=cr_workdir)
diff --git a/scripts/lib/wic/plugins/source/efibootguard-efi.py b/scripts/lib/wic/plugins/source/efibootguard-efi.py
index 9e6febe..e1411cb 100644
--- a/scripts/lib/wic/plugins/source/efibootguard-efi.py
+++ b/scripts/lib/wic/plugins/source/efibootguard-efi.py
@@ -54,7 +54,7 @@ class EfibootguardEFIPlugin(SourcePlugin):
# we need to map the distro_arch to uefi values
distro_to_efi_arch = {
"amd64": "x64",
- "arm64": "aarch64",
+ "arm64": "aa64",
"i386": "ia32"
}
--
2.34.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [isar-cip-core v2][PATCH 4/4] efibootguard: Fix plugins for aarch64
2022-03-21 7:59 ` [isar-cip-core][PATCH 4/4] efibootguard: Fix plugins for aarch64 Jan Kiszka
@ 2022-03-21 12:32 ` Jan Kiszka
0 siblings, 0 replies; 6+ messages in thread
From: Jan Kiszka @ 2022-03-21 12:32 UTC (permalink / raw)
To: cip-dev; +Cc: Quirin Gylstorff
From: Jan Kiszka <jan.kiszka@siemens.com>
This requires to add a post-0.10 fix from upstream EBG and own changes
so that the right arch string is used, for the loader as well as the
stub.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
---
Changes in v2:
- fix a regression in the linux<arch>.efi.stub filename
recipes-bsp/efibootguard/efibootguard_0.10.bb | 1 +
.../0001-configure-Fix-aarch64-EFI-arch.patch | 28 +++++++++++++++++++
.../wic/plugins/source/efibootguard-boot.py | 11 ++++++--
.../wic/plugins/source/efibootguard-efi.py | 2 +-
4 files changed, 39 insertions(+), 3 deletions(-)
create mode 100644 recipes-bsp/efibootguard/files/0001-configure-Fix-aarch64-EFI-arch.patch
diff --git a/recipes-bsp/efibootguard/efibootguard_0.10.bb b/recipes-bsp/efibootguard/efibootguard_0.10.bb
index b0877d0..bfc0ede 100644
--- a/recipes-bsp/efibootguard/efibootguard_0.10.bb
+++ b/recipes-bsp/efibootguard/efibootguard_0.10.bb
@@ -19,6 +19,7 @@ MAINTAINER = "Jan Kiszka <jan.kiszka@siemens.com>"
SRC_URI = " \
https://github.com/siemens/efibootguard/archive/refs/tags/v${PV}.tar.gz;downloadfilename=efitbootguard-v${PV}.tar.gz \
file://debian \
+ file://0001-configure-Fix-aarch64-EFI-arch.patch \
"
SRC_URI[sha256sum] = "4d58574a0bb8f1e56056ab0bcc2487d37e49fa147dc991e719c2ec8e20f88dd3"
diff --git a/recipes-bsp/efibootguard/files/0001-configure-Fix-aarch64-EFI-arch.patch b/recipes-bsp/efibootguard/files/0001-configure-Fix-aarch64-EFI-arch.patch
new file mode 100644
index 0000000..ee05e94
--- /dev/null
+++ b/recipes-bsp/efibootguard/files/0001-configure-Fix-aarch64-EFI-arch.patch
@@ -0,0 +1,28 @@
+From 3f11612fbcbd1c17988d634ecdaecf1ec241f6e0 Mon Sep 17 00:00:00 2001
+From: Jan Kiszka <jan.kiszka@siemens.com>
+Date: Mon, 21 Mar 2022 07:02:28 +0100
+Subject: [PATCH] configure: Fix aarch64 EFI arch
+
+It's aa64 here according to the UEFI spec.
+
+Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
+---
+ configure.ac | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index a1a83e9..09d06d7 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -102,7 +102,7 @@ AM_COND_IF(ARCH_X86_64, [
+ MACHINE_TYPE_NAME=x64])
+
+ AM_COND_IF(ARCH_AARCH64, [
+- MACHINE_TYPE_NAME=aarch64])
++ MACHINE_TYPE_NAME=aa64])
+
+ AC_SUBST([ARCH])
+ AC_SUBST([MACHINE_TYPE_NAME])
+--
+2.34.1
+
diff --git a/scripts/lib/wic/plugins/source/efibootguard-boot.py b/scripts/lib/wic/plugins/source/efibootguard-boot.py
index 05cef4e..98a327c 100644
--- a/scripts/lib/wic/plugins/source/efibootguard-boot.py
+++ b/scripts/lib/wic/plugins/source/efibootguard-boot.py
@@ -176,10 +176,17 @@ class EfibootguardBootPlugin(SourcePlugin):
def _create_unified_kernel_image(cls, rootfs_dir, cr_workdir, cmdline,
uefi_kernel, deploy_dir, kernel_image,
initrd_image, source_params):
+ # we need to map the distro_arch to uefi values
+ distro_to_efi_arch = {
+ "amd64": "x64",
+ "arm64": "aa64",
+ "i386": "ia32"
+ }
rootfs_path = rootfs_dir.get('ROOTFS_DIR')
os_release_file = "{root}/etc/os-release".format(root=rootfs_path)
- efistub = "{rootfs_path}/usr/lib/systemd/boot/efi/linuxx64.efi.stub"\
- .format(rootfs_path=rootfs_path)
+ efistub = "{rootfs_path}/usr/lib/systemd/boot/efi/linux{efiarch}.efi.stub"\
+ .format(rootfs_path=rootfs_path,
+ efiarch=distro_to_efi_arch[get_bitbake_var("DISTRO_ARCH")])
msger.debug("osrelease path: %s", os_release_file)
kernel_cmdline_file = "{cr_workdir}/kernel-command-line-file.txt"\
.format(cr_workdir=cr_workdir)
diff --git a/scripts/lib/wic/plugins/source/efibootguard-efi.py b/scripts/lib/wic/plugins/source/efibootguard-efi.py
index 9e6febe..e1411cb 100644
--- a/scripts/lib/wic/plugins/source/efibootguard-efi.py
+++ b/scripts/lib/wic/plugins/source/efibootguard-efi.py
@@ -54,7 +54,7 @@ class EfibootguardEFIPlugin(SourcePlugin):
# we need to map the distro_arch to uefi values
distro_to_efi_arch = {
"amd64": "x64",
- "arm64": "aarch64",
+ "arm64": "aa64",
"i386": "ia32"
}
--
2.34.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
end of thread, other threads:[~2022-03-21 12:32 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-03-21 7:59 [isar-cip-core][PATCH 0/4] Fix EFI Boot Guard for aarch64 Jan Kiszka
2022-03-21 7:59 ` [isar-cip-core][PATCH 1/4] shtab: Fix cross build Jan Kiszka
2022-03-21 7:59 ` [isar-cip-core][PATCH 2/4] shtab: Fix PYBUILD_NAME Jan Kiszka
2022-03-21 7:59 ` [isar-cip-core][PATCH 3/4] efibootguard: Fix non-x86 builds Jan Kiszka
2022-03-21 7:59 ` [isar-cip-core][PATCH 4/4] efibootguard: Fix plugins for aarch64 Jan Kiszka
2022-03-21 12:32 ` [isar-cip-core v2][PATCH " Jan Kiszka
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).