Den Fri, Sep 10, 2021 at 09:31:18 +0100 skrev Richard Purdie: > On Thu, 2021-09-09 at 17:53 +0000, Kristian Klausen via lists.openembedded.org > wrote: > > "A unified kernel image is a single EFI PE executable combining an EFI > > stub loader, a kernel image, an initramfs image, and the kernel command > > line. > > > > [...] > > > > Images of this type have the advantage that all metadata and payload > > that makes up the boot entry is monopolized in a single PE file that can > > be signed cryptographically as one for the purpose of EFI > > SecureBoot."[1] > > > > This commit adds a create-unified-kernel-image=true option to the > > bootimg-efi plugin for creating a Unified Kernel Image[1] and installing > > it into $BOOT/EFI/Linux/ with a .efi extension per the the Boot Loader > > Specification[1][2]. This is useful for implementing Secure Boot. > > > > systemd-boot is the only mainstream bootloader implementing the > > specification, but GRUB should be able to boot the EFI binary, this > > commit however doesn't implement the necessary changes to the GRUB > > config generation logic to boot the Unified Kernel Image. > > > > [1] > > https://systemd.io/BOOT_LOADER_SPECIFICATION/#type-2-efi-unified-kernel-images > > [2] https://systemd.io/BOOT_LOADER_SPECIFICATION/ > > > > Signed-off-by: Kristian Klausen <krist...@klausen.dk> > > --- > > > > This patch supersedes: > > "[RFC][PATCH] kernel: Add Unified Kernel Image image type"[1] > > and: > > "[PATCH] wic/bootimg-efi: Add option for only installing the bootloader"[2] > > > > The latter is perhaps still useful, but with this patch it is no longer > > needed for using a Unified Kernel Image with systemd-boot. > > > > [1] https://lists.openembedded.org/g/openembedded-core/message/155801 > > [2] https://lists.openembedded.org/g/openembedded-core/message/155789 > > > > scripts/lib/wic/plugins/source/bootimg-efi.py | 69 ++++++++++++++++--- > > 1 file changed, 59 insertions(+), 10 deletions(-) > > Do we need to add a test for this into meta/lib/oeqa/selftest/cases/wic.py? > > Cheers, > > Richard >
A simple test wouldn't hurt :) I will add a simple test checking the EFI binary is created in the expected location and a bootloader confing isn't created. - Kristian
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#155957): https://lists.openembedded.org/g/openembedded-core/message/155957 Mute This Topic: https://lists.openembedded.org/mt/85490739/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
