Hi, On Sun, Oct 13, 2024 at 08:43:15AM +0100, Richard Purdie wrote: > On Fri, 2024-10-11 at 15:20 +0300, Mikko Rapeli via lists.openembedded.org > wrote: > > These changes enable building systemd uki images which combine > > kernel, kernel command line, initrd and possibly signatures to > > a single UEFI binary. This binary can be booted with UEFI firmware > > and systemd-boot. No grub is needed and UEFI firmware and/or > > systemd-boot provide possibilities for boot menus. > > The uki binary can also be signed for UEFI secure boot > > so the secure boot extends from firmware to kernel and initrd. > > Binding secure boot to full userspace is then easier since for example > > kernel command line and initrd contain the support needed to mount > > encrypted dm-verity etc partitions, and/or create partitions on demand > > with systemd-repart using device specific TPM devices for encryption. > > > > Tested on qemuarm64-secureboot machine from meta-arm with changes to > > support secure boot. Slightly different configuration tested on > > multiple arm64 System Ready boards with UEFI firmware, real and firmware > > based TPM devices. Tested with ovmf firmware on x86_64 with selftests but > > without secure boot which seems to be harder to setup in ovmf. > > > > Sadly I see two wic selftests, wic.Wic2.test_rawcopy_plugin_qemu and > > wic.Wic2.test_expand_mbr_image, failing when executing all wic selftests > > on a build machine with zfs filesystem. Will investigate this further. > > The issue seems to be in mkfs.ext4 producing broken filesystem, and > > partially > > in the tests which don't run the correct rootfs file (.ext4 vs .wic). > > Will debug this further and it is IMO unrelated to these changes since > > they reproduce on pure master branch without this series. > > > > v8: fixed comments from Ross Burton: debug print from warning to debug, > > dropped duplicate DISTRO_FEATURE setting for systemd in tests, > > removed aarch64 comment from tests which are currently x86 only. > > Fixed the new aarch64 wic selftest to run on both genericarm64 > > and qemuarm64 by adding bios, virtio disk driver etc settings > > for runqemu (already set in genericarm64 but missing from qemuarm64). > > > > v7: add missing "ovmf" to runqemu argument to > > test_efi_plugin_plain_systemd_boot_qemu_x86 to fix boot hang > > > > v6: fixes wic refactoring botch which broken non-uki systemd-boot usage on > > genericarm64 reported by Ross Burton <ross.bur...@arm.com>, added > > selftest to cover this wks usage on x86 and aarch64 > > > > v5: drop patch "image_types_wic.bbclass: set systemd-boot and os-release > > dependency for all archs" since systemd-boot does not support all > > architectures > > > > v4: handle missing runqemu variable from build config, add > > python3-pefile to fast ptest list > > > > v3: rebased, fixed and added more sefltests, removed wic plugin side uki > > support > > > > v2: https://lists.openembedded.org/g/openembedded-core/message/204090 > > > > Michelle Lin (1): > > uki.bbclass: add class for building Unified Kernel Images (UKI) > > > > Mikko Rapeli (7): > > wic bootimg-efi.py: keep timestamps and add debug prints > > wic bootimg-efi.py: change UKI support from wic plugin to uki.bbclass > > oeqa selftest uki.py: add tests for uki.bbclass > > oeqa selftest efibootpartition.py: add TEST_RUNQEMUPARAMS to runqemu > > oeqa selftest efibootpartition.py: remove systemd-boot from grub-efi > > test > > oeqa selftest wic.py: add TEST_RUNQEMUPARAMS to runqemu > > oeqa selftest wic.py: support UKIs via uki.bbclass > > > > I'm still seeing failures in CI: > > https://valkyrie.yoctoproject.org//#/builders/23/builds/249/steps/14/logs/stdio > > which is despite setting: > > https://git.yoctoproject.org/poky/commit/?h=master-next&id=6211ad9210e82a5a8dd157c63752ad332c2f5de6 > > QEMU_USE_KVM = "False" > > into the test to ensure it doesn't have the issue the barebox testing > was seeing. > > I've sent a patch to try and clean up the lock error. > > There is also this: > > https://valkyrie.yoctoproject.org//#/builders/76/builds/235 > https://valkyrie.yoctoproject.org//#/builders/48/builds/181 > https://valkyrie.yoctoproject.org//#/builders/54/builds/230 > > which is due to the binaries being run "in tree" within the edk2 build > as well as from the sysroot. This generates two sets of pyc files which > then conflict (or not) depending on which host the build ran on and > which pyc files are in sstate. > > We're going to have to get this fixed before it can merge, probably by > deleting the pyc files at install unless we can find anything more > elegant.
Sent an ovmf-native patch separately for this. Cheers, -Mikko
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#205741): https://lists.openembedded.org/g/openembedded-core/message/205741 Mute This Topic: https://lists.openembedded.org/mt/108947467/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
