Hi, On Fri, Sep 01, 2023 at 11:32:31PM +0000, Michelle Lin wrote: > Currently, there is not a class to support the building of unified kernel > images. Adding a uki.bbclass to support the creation of UKIs. This class calls > the systemd Ukify tool, which will combine the kernel/initrd/stub components > to > build the UKI. To sign the UKI (i.e. SecureBoot, TPM PCR signing), the > keys/cert > files are to be specified in a separate configuration file, and the path to > the > file is passed to the Ukify tool. UKIs are supported by UEFI and can improve > security through predicted TPM PCR states, and reduce the build burden due to > its single PE binary format.
Thanks, I'm interesting in using this. Could you add a oeqa selftest for this class too? Something which builds a UKI image and then does something to verify it is what's expected, maybe full boot with e.g. qemu is too hard to do? Cheers, -Mikko
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#187160): https://lists.openembedded.org/g/openembedded-core/message/187160 Mute This Topic: https://lists.openembedded.org/mt/101106095/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
