Re: [systemd-devel] Passing Kernel Params from systemd-boot for Secure Boot UKI

2024-10-15 Thread Lennart Poettering
On Di, 15.10.24 15:13, Srinivas Naik (nivasn...@gmail.com) wrote: > Hi All, > I have a question on this, when secure boot is enabled, addons file also > must be signed? Yes. That's the point of that. > On devices which use OSTree for OTA, there is a need to update the command > line parameter at

Re: [systemd-devel] Passing Kernel Params from systemd-boot for Secure Boot UKI

2024-10-15 Thread Srinivas Naik
Sent: Tuesday, October 8, 2024 9:39 PM > >> To: Mah, Yock Gen > >> Cc: systemd-devel@lists.freedesktop.org > >> Subject: Re: [systemd-devel] Passing Kernel Params from systemd-boot > for Secure Boot UKI > >> > >> On Di, 08.10.24 12:37, Mah, Yock Gen (

Re: [systemd-devel] Passing Kernel Params from systemd-boot for Secure Boot UKI

2024-10-15 Thread Luca Boccassi
t;> From: Lennart Poettering >> Sent: Tuesday, October 8, 2024 9:39 PM >> To: Mah, Yock Gen >> Cc: systemd-devel@lists.freedesktop.org >> Subject: Re: [systemd-devel] Passing Kernel Params from systemd-boot for >> Secure Boot UKI >> >> On Di, 08.10.24 1

Re: [systemd-devel] Passing Kernel Params from systemd-boot for Secure Boot UKI

2024-10-15 Thread Srinivas Naik
9 PM > To: Mah, Yock Gen > Cc: systemd-devel@lists.freedesktop.org > Subject: Re: [systemd-devel] Passing Kernel Params from systemd-boot for > Secure Boot UKI > > On Di, 08.10.24 12:37, Mah, Yock Gen (yock.gen@intel.com) wrote: > > > Really appreciate! I tried to

Re: [systemd-devel] Passing Kernel Params from systemd-boot for Secure Boot UKI

2024-10-09 Thread Mah, Yock Gen
It's works, really appreciate your help, Lennart! -Original Message- From: Lennart Poettering Sent: Tuesday, October 8, 2024 9:39 PM To: Mah, Yock Gen Cc: systemd-devel@lists.freedesktop.org Subject: Re: [systemd-devel] Passing Kernel Params from systemd-boot for Secure Boot UK

Re: [systemd-devel] Passing Kernel Params from systemd-boot for Secure Boot UKI

2024-10-08 Thread Lennart Poettering
On Di, 08.10.24 14:25, Mah, Yock Gen (yock.gen@intel.com) wrote: > Thanks! I did below: > ukify build --secureboot-private-key=../../db.key > --secureboot-certificate=../../db.crt --cmdline='yockgen' > --sbat='sbat,1,SBAT > Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md

Re: [systemd-devel] Passing Kernel Params from systemd-boot for Secure Boot UKI

2024-10-08 Thread Mah, Yock Gen
From: Lennart Poettering Sent: Tuesday, October 8, 2024 9:39 PM To: Mah, Yock Gen Cc: systemd-devel@lists.freedesktop.org Subject: Re: [systemd-devel] Passing Kernel Params from systemd-boot for Secure Boot UKI On Di, 08.10.24 12:37, Mah, Yock Gen (yock.gen@intel.com) wrote: > Really apprec

Re: [systemd-devel] Passing Kernel Params from systemd-boot for Secure Boot UKI

2024-10-08 Thread Lennart Poettering
On Di, 08.10.24 12:37, Mah, Yock Gen (yock.gen@intel.com) wrote: > Really appreciate! I tried to create an PE "addon" using below: > > echo "yockgen=b" > cmdline.txt > > objcopy --input binary --output efi-app-x86_64 cmdline.txt > bootdm_b.addon.efi This doesn't look right. You must insert th

Re: [systemd-devel] Passing Kernel Params from systemd-boot for Secure Boot UKI

2024-10-08 Thread Mah, Yock Gen
nnart Poettering Sent: Tuesday, October 8, 2024 3:22 PM To: Mah, Yock Gen Cc: systemd-devel@lists.freedesktop.org Subject: Re: [systemd-devel] Passing Kernel Params from systemd-boot for Secure Boot UKI On Mo, 07.10.24 13:54, Mah, Yock Gen (yock.gen@intel.com) wrote: > My Mariner OS is bui

Re: [systemd-devel] Passing Kernel Params from systemd-boot for Secure Boot UKI

2024-10-08 Thread Mikko Rapeli
Hi, On Tue, Oct 08, 2024 at 09:22:05AM +0200, Lennart Poettering wrote: > On Mo, 07.10.24 13:54, Mah, Yock Gen (yock.gen@intel.com) wrote: > > > My Mariner OS is built with following features: > > > > 1, Unified Kernel Image (kernel+initrd+cmdline) > > 2. Systemd-boot as boot loader > > 3. Se

Re: [systemd-devel] Passing Kernel Params from systemd-boot for Secure Boot UKI

2024-10-08 Thread Lennart Poettering
On Mo, 07.10.24 13:54, Mah, Yock Gen (yock.gen@intel.com) wrote: > My Mariner OS is built with following features: > > 1, Unified Kernel Image (kernel+initrd+cmdline) > 2. Systemd-boot as boot loader > 3. Secure Boot enabled > 4. Multi boot > > Systemd-boot config files looks like below > > ``

[systemd-devel] Passing Kernel Params from systemd-boot for Secure Boot UKI

2024-10-07 Thread Mah, Yock Gen
My Mariner OS is built with following features: 1, Unified Kernel Image (kernel+initrd+cmdline) 2. Systemd-boot as boot loader 3. Secure Boot enabled 4. Multi boot Systemd-boot config files looks like below ``` root@YockgenOS [ ~ ]# cat /boot/efi/loader/entries/sos1.conf Title Yockgen OS1 UKI