On Thu, 2021-09-09 at 17:53 +0000, Kristian Klausen via lists.openembedded.org wrote: > "A unified kernel image is a single EFI PE executable combining an EFI > stub loader, a kernel image, an initramfs image, and the kernel command > line. > > [...] > > Images of this type have the advantage that all metadata and payload > that makes up the boot entry is monopolized in a single PE file that can > be signed cryptographically as one for the purpose of EFI > SecureBoot."[1] > > This commit adds a create-unified-kernel-image=true option to the > bootimg-efi plugin for creating a Unified Kernel Image[1] and installing > it into $BOOT/EFI/Linux/ with a .efi extension per the the Boot Loader > Specification[1][2]. This is useful for implementing Secure Boot. > > systemd-boot is the only mainstream bootloader implementing the > specification, but GRUB should be able to boot the EFI binary, this > commit however doesn't implement the necessary changes to the GRUB > config generation logic to boot the Unified Kernel Image. > > [1] > https://systemd.io/BOOT_LOADER_SPECIFICATION/#type-2-efi-unified-kernel-images > [2] https://systemd.io/BOOT_LOADER_SPECIFICATION/ > > Signed-off-by: Kristian Klausen <[email protected]> > --- > > This patch supersedes: > "[RFC][PATCH] kernel: Add Unified Kernel Image image type"[1] > and: > "[PATCH] wic/bootimg-efi: Add option for only installing the bootloader"[2] > > The latter is perhaps still useful, but with this patch it is no longer > needed for using a Unified Kernel Image with systemd-boot. > > [1] https://lists.openembedded.org/g/openembedded-core/message/155801 > [2] https://lists.openembedded.org/g/openembedded-core/message/155789 > > scripts/lib/wic/plugins/source/bootimg-efi.py | 69 ++++++++++++++++--- > 1 file changed, 59 insertions(+), 10 deletions(-)
Do we need to add a test for this into meta/lib/oeqa/selftest/cases/wic.py? Cheers, Richard
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#155902): https://lists.openembedded.org/g/openembedded-core/message/155902 Mute This Topic: https://lists.openembedded.org/mt/85490739/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
