* [PATCH v2 0/3] start-qemu.sh: Add some ease of use functionality
@ 2021-11-24 14:31 Q. Gylstorff
2021-11-24 14:31 ` [PATCH v2 1/3] start-qemu.sh: set bootindex for SECURE_BOOT Q. Gylstorff
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: Q. Gylstorff @ 2021-11-24 14:31 UTC (permalink / raw)
To: jan.kiszka, cip-dev
From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
Fix booting of secure-boot image
Parse .config.yaml for ease of use and reduced commandline clutter
Changes V2:
- Add Sentence to README
- Add default cip-core-image-security
Quirin Gylstorff (3):
start-qemu.sh: set bootindex for SECURE_BOOT
start-qemu.sh: parse .config.yaml for ease of use
start-qemu.sh: Simplify qemu call
README.md | 6 ++++--
start-qemu.sh | 36 +++++++++++++++++++++++++++---------
2 files changed, 31 insertions(+), 11 deletions(-)
--
2.30.2
^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH v2 1/3] start-qemu.sh: set bootindex for SECURE_BOOT
2021-11-24 14:31 [PATCH v2 0/3] start-qemu.sh: Add some ease of use functionality Q. Gylstorff
@ 2021-11-24 14:31 ` Q. Gylstorff
2021-11-24 14:31 ` [PATCH v2 2/3] start-qemu.sh: parse .config.yaml for ease of use Q. Gylstorff
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: Q. Gylstorff @ 2021-11-24 14:31 UTC (permalink / raw)
To: jan.kiszka, cip-dev
From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
Set the bootindex to avoid booting into the default uefi shell.
Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
---
start-qemu.sh | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/start-qemu.sh b/start-qemu.sh
index 3f62257..2c0a751 100755
--- a/start-qemu.sh
+++ b/start-qemu.sh
@@ -39,8 +39,14 @@ case "$1" in
-cpu qemu64 \
-smp 4 \
-machine q35,accel=kvm:tcg \
- -device ide-hd,drive=disk \
-device virtio-net-pci,netdev=net"
+ if [ -n "${SECURE_BOOT}" ]; then
+ QEMU_EXTRA_ARGS=" \
+ ${QEMU_EXTRA_ARGS} -device ide-hd,drive=disk,bootindex=0"
+ else
+ QEMU_EXTRA_ARGS=" \
+ ${QEMU_EXTRA_ARGS} -device ide-hd,drive=disk"
+ fi
KERNEL_CMDLINE=" \
root=/dev/sda"
;;
--
2.30.2
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH v2 2/3] start-qemu.sh: parse .config.yaml for ease of use
2021-11-24 14:31 [PATCH v2 0/3] start-qemu.sh: Add some ease of use functionality Q. Gylstorff
2021-11-24 14:31 ` [PATCH v2 1/3] start-qemu.sh: set bootindex for SECURE_BOOT Q. Gylstorff
@ 2021-11-24 14:31 ` Q. Gylstorff
2021-11-24 14:31 ` [PATCH v2 3/3] start-qemu.sh: Simplify qemu call Q. Gylstorff
2021-11-24 15:19 ` [cip-dev] [PATCH v2 0/3] start-qemu.sh: Add some ease of use functionality Gylstorff Quirin
3 siblings, 0 replies; 5+ messages in thread
From: Q. Gylstorff @ 2021-11-24 14:31 UTC (permalink / raw)
To: jan.kiszka, cip-dev
From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
Suggested-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
---
README.md | 6 ++++--
start-qemu.sh | 16 +++++++++++++++-
2 files changed, 19 insertions(+), 3 deletions(-)
diff --git a/README.md b/README.md
index 53ef679..bd707a4 100644
--- a/README.md
+++ b/README.md
@@ -38,8 +38,10 @@ Run, e.g.,
./start-qemu.sh x86
-when having built a QEMU AMD64 image. A security image for QEMU can be started
-like this:
+when having built a QEMU AMD64 image. Using the image configuration menu will
+initialize variables used by start-qemu.sh with fitting defaults.
+
+A security image for QEMU can be started like this:
TARGET_IMAGE=cip-core-image-security ./start-qemu.sh x86
diff --git a/start-qemu.sh b/start-qemu.sh
index 2c0a751..94c3611 100755
--- a/start-qemu.sh
+++ b/start-qemu.sh
@@ -20,15 +20,29 @@ usage()
exit 1
}
+if grep -s -q "IMAGE_SECURE_BOOT: true" .config.yaml; then
+ SECURE_BOOT="true"
+fi
+
if [ -n "${QEMU_PATH}" ]; then
QEMU_PATH="${QEMU_PATH}/"
fi
if [ -z "${DISTRO_RELEASE}" ]; then
- DISTRO_RELEASE="buster"
+ if grep -s -q "DEBIAN_BULLSEYE: true" .config.yaml; then
+ DISTRO_RELEASE="bullseye"
+ elif grep -s -q "DEBIAN_STRETCH: true" .config.yaml; then
+ DISTRO_RELEASE="stretch"
+ else
+ DISTRO_RELEASE="buster"
+ fi
fi
+
if [ -z "${TARGET_IMAGE}" ];then
TARGET_IMAGE="cip-core-image"
+ if grep -s -q "IMAGE_SECURITY: true" .config.yaml; then
+ TARGET_IMAGE="cip-core-image-security"
+ fi
fi
case "$1" in
--
2.30.2
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH v2 3/3] start-qemu.sh: Simplify qemu call
2021-11-24 14:31 [PATCH v2 0/3] start-qemu.sh: Add some ease of use functionality Q. Gylstorff
2021-11-24 14:31 ` [PATCH v2 1/3] start-qemu.sh: set bootindex for SECURE_BOOT Q. Gylstorff
2021-11-24 14:31 ` [PATCH v2 2/3] start-qemu.sh: parse .config.yaml for ease of use Q. Gylstorff
@ 2021-11-24 14:31 ` Q. Gylstorff
2021-11-24 15:19 ` [cip-dev] [PATCH v2 0/3] start-qemu.sh: Add some ease of use functionality Gylstorff Quirin
3 siblings, 0 replies; 5+ messages in thread
From: Q. Gylstorff @ 2021-11-24 14:31 UTC (permalink / raw)
To: jan.kiszka, cip-dev
From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
Move qemu call out of if clause to avoid code duplications and
use the same behavior for secure boot and non secure boot images.
Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
---
start-qemu.sh | 12 +++++-------
1 file changed, 5 insertions(+), 7 deletions(-)
diff --git a/start-qemu.sh b/start-qemu.sh
index 94c3611..a92e9f4 100755
--- a/start-qemu.sh
+++ b/start-qemu.sh
@@ -123,18 +123,16 @@ if [ -n "${SECURE_BOOT}" ]; then
BOOT_FILES="-drive if=pflash,format=raw,unit=0,readonly=on,file=${ovmf_code} \
-drive if=pflash,format=raw,file=${ovmf_vars} \
-drive file=${IMAGE_PREFIX}.wic.img,discard=unmap,if=none,id=disk,format=raw"
- ${QEMU_PATH}${QEMU} \
- -m 1G -serial mon:stdio -netdev user,id=net \
- ${BOOT_FILES} ${QEMU_EXTRA_ARGS} "$@"
else
IMAGE_FILE=$(ls ${IMAGE_PREFIX}.ext4.img)
KERNEL_FILE=$(ls ${IMAGE_PREFIX}-vmlinu* | tail -1)
INITRD_FILE=$(ls ${IMAGE_PREFIX}-initrd.img* | tail -1)
- ${QEMU_PATH}${QEMU} \
- -m 1G -serial mon:stdio -netdev user,id=net \
- -drive file=${IMAGE_FILE},discard=unmap,if=none,id=disk,format=raw \
+ BOOT_FILES="-drive file=${IMAGE_FILE},discard=unmap,if=none,id=disk,format=raw \
-kernel ${KERNEL_FILE} -append "${KERNEL_CMDLINE}" \
- -initrd ${INITRD_FILE} ${QEMU_EXTRA_ARGS} "$@"
+ -initrd ${INITRD_FILE}"
fi
+${QEMU_PATH}${QEMU} \
+ -m 1G -serial mon:stdio -netdev user,id=net \
+ ${BOOT_FILES} ${QEMU_EXTRA_ARGS} "$@"
--
2.30.2
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [cip-dev] [PATCH v2 0/3] start-qemu.sh: Add some ease of use functionality
2021-11-24 14:31 [PATCH v2 0/3] start-qemu.sh: Add some ease of use functionality Q. Gylstorff
` (2 preceding siblings ...)
2021-11-24 14:31 ` [PATCH v2 3/3] start-qemu.sh: Simplify qemu call Q. Gylstorff
@ 2021-11-24 15:19 ` Gylstorff Quirin
3 siblings, 0 replies; 5+ messages in thread
From: Gylstorff Quirin @ 2021-11-24 15:19 UTC (permalink / raw)
To: cip-dev, jan.kiszka
Hi Jan,
please Ignore v2. I sent the changes in a extra patchset.
Quirin
On 11/24/21 3:31 PM, Quirin Gylstorff via lists.cip-project.org wrote:
> From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
>
> Fix booting of secure-boot image
> Parse .config.yaml for ease of use and reduced commandline clutter
>
> Changes V2:
> - Add Sentence to README
> - Add default cip-core-image-security
>
> Quirin Gylstorff (3):
> start-qemu.sh: set bootindex for SECURE_BOOT
> start-qemu.sh: parse .config.yaml for ease of use
> start-qemu.sh: Simplify qemu call
>
> README.md | 6 ++++--
> start-qemu.sh | 36 +++++++++++++++++++++++++++---------
> 2 files changed, 31 insertions(+), 11 deletions(-)
>
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#7000): https://lists.cip-project.org/g/cip-dev/message/7000
> Mute This Topic: https://lists.cip-project.org/mt/87281974/1753640
> Group Owner: cip-dev+owner@lists.cip-project.org
> Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/8129121/1753640/1405269326/xyzzy [quirin.gylstorff@siemens.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2021-11-24 15:19 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-11-24 14:31 [PATCH v2 0/3] start-qemu.sh: Add some ease of use functionality Q. Gylstorff
2021-11-24 14:31 ` [PATCH v2 1/3] start-qemu.sh: set bootindex for SECURE_BOOT Q. Gylstorff
2021-11-24 14:31 ` [PATCH v2 2/3] start-qemu.sh: parse .config.yaml for ease of use Q. Gylstorff
2021-11-24 14:31 ` [PATCH v2 3/3] start-qemu.sh: Simplify qemu call Q. Gylstorff
2021-11-24 15:19 ` [cip-dev] [PATCH v2 0/3] start-qemu.sh: Add some ease of use functionality Gylstorff Quirin
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).