| Message ID | 20250124132246.64738-2-Quirin.Gylstorff@siemens.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | Security testing with MTDA | expand |
On 24.01.25 14:22, Quirin Gylstorff wrote: > From: Quirin Gylstorff <quirin.gylstorff@siemens.com> > > Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com> > --- > .gitlab-ci.yml | 10 ++++++++++ > 1 file changed, 10 insertions(+) > > diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml > index d4bd283..42e247d 100644 > --- a/.gitlab-ci.yml > +++ b/.gitlab-ci.yml > @@ -241,6 +241,16 @@ build:qemu-amd64-secure-boot-encrypt: > deploy: disable > encrypt: enable > > +build:x86-uefi-secure-boot: > + extends: > + - .build_base > + variables: > + target: x86-uefi > + extension: security > + use_rt: disable > + targz: disable > + encrypt: disable Why without encryption? And can't we replace qemu-amd64-secure-boot-encrypt with this physical target? I'm looking for ways to avoid building more variants. BTW, you are dropping "encrypt: disable" in patch 3 again - it's the default anyway. Jan
On 1/30/25 06:29, Jan Kiszka wrote: > On 24.01.25 14:22, Quirin Gylstorff wrote: >> From: Quirin Gylstorff <quirin.gylstorff@siemens.com> >> >> Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com> >> --- >> .gitlab-ci.yml | 10 ++++++++++ >> 1 file changed, 10 insertions(+) >> >> diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml >> index d4bd283..42e247d 100644 >> --- a/.gitlab-ci.yml >> +++ b/.gitlab-ci.yml >> @@ -241,6 +241,16 @@ build:qemu-amd64-secure-boot-encrypt: >> deploy: disable >> encrypt: enable >> >> +build:x86-uefi-secure-boot: >> + extends: >> + - .build_base >> + variables: >> + target: x86-uefi >> + extension: security >> + use_rt: disable >> + targz: disable >> + encrypt: disable > > Why without encryption? And can't we replace > qemu-amd64-secure-boot-encrypt with this physical target? I'm looking > for ways to avoid building more variants. Last time I look the qemu target was also tested. @Sai can we drop the qemu-amd64-secure-boot-encrypt ? > > BTW, you are dropping "encrypt: disable" in patch 3 again - it's the > default anyway. That was a copy paste from the build:qemu-amd64-secure-boot-encrypt: target. Quirin > > Jan >
Hello Quirin, I believe we can drop qemu-amd64-secure-boot-encrypt, as we are not testing that image in LAVA. The target being tested in build:qemu-amd64-base, is very similar to the prior one. The only difference is build:qemu-amd64-base additionally has security packages. Thanks and regards, Sai Ashrith
On 1/30/25 09:45, Sai.Sathujoda@toshiba-tsip.com wrote: > Hello Quirin, > > I believe we can drop qemu-amd64-secure-boot-encrypt, as we are not testing that image in LAVA. > > The target being tested in build:qemu-amd64-base, is very similar to the prior one. The only difference is build:qemu-amd64-base additionally has security packages. Then we can drop - build:qemu-amd64-secure-boot: - build:qemu-amd64-secure-boot-encrypt: - build:qemu-arm64-secure-boot: - build:qemu-arm-secure-boot: because the all use the qemu-<arch>-base which enables secureboot and encryption. Best regards Quirin > > Thanks and regards, > Sai Ashrith > > ________________________________ > From: Quirin Gylstorff <quirin.gylstorff@siemens.com> > Sent: Thursday, January 30, 2025 12:53 PM > To: Jan Kiszka <jan.kiszka@siemens.com>; ashrith sai(TSIP) <Sai.Sathujoda@toshiba-tsip.com>; cip-dev@lists.cip-project.org <cip-dev@lists.cip-project.org> > Subject: Re: [cip-dev][isar-cip-core][PATCH v2 1/3] build x86-uefi with secure boot > > > > On 1/30/25 06:29, Jan Kiszka wrote: >> On 24.01.25 14:22, Quirin Gylstorff wrote: >>> From: Quirin Gylstorff <quirin.gylstorff@siemens.com> >>> >>> Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com> >>> --- >>> .gitlab-ci.yml | 10 ++++++++++ >>> 1 file changed, 10 insertions(+) >>> >>> diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml >>> index d4bd283..42e247d 100644 >>> --- a/.gitlab-ci.yml >>> +++ b/.gitlab-ci.yml >>> @@ -241,6 +241,16 @@ build:qemu-amd64-secure-boot-encrypt: >>> deploy: disable >>> encrypt: enable >>> >>> +build:x86-uefi-secure-boot: >>> + extends: >>> + - .build_base >>> + variables: >>> + target: x86-uefi >>> + extension: security >>> + use_rt: disable >>> + targz: disable >>> + encrypt: disable >> >> Why without encryption? And can't we replace >> qemu-amd64-secure-boot-encrypt with this physical target? I'm looking >> for ways to avoid building more variants. > > Last time I look the qemu target was also tested. > @Sai can we drop the qemu-amd64-secure-boot-encrypt ? > >> >> BTW, you are dropping "encrypt: disable" in patch 3 again - it's the >> default anyway. > That was a copy paste from the build:qemu-amd64-secure-boot-encrypt: > target. > > Quirin > >> >> Jan >> >
On 30.01.25 10:01, Quirin Gylstorff wrote: > > > On 1/30/25 09:45, Sai.Sathujoda@toshiba-tsip.com wrote: >> Hello Quirin, >> >> I believe we can drop qemu-amd64-secure-boot-encrypt, as we are not >> testing that image in LAVA. >> >> The target being tested in build:qemu-amd64-base, is very similar to >> the prior one. The only difference is build:qemu-amd64-base >> additionally has security packages. > > Then we can drop > > - build:qemu-amd64-secure-boot: > - build:qemu-amd64-secure-boot-encrypt: > - build:qemu-arm64-secure-boot: > - build:qemu-arm-secure-boot: > > because the all use the qemu-<arch>-base which enables secureboot and > encryption. > Confusing how "base" could become "full featured". I guess that happened when we started to enable secure boot and encryption via the security extension. Looking forward to a cleanup! Please also consider if "base" is still the right name then. Jan
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index d4bd283..42e247d 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -241,6 +241,16 @@ build:qemu-amd64-secure-boot-encrypt: deploy: disable encrypt: enable +build:x86-uefi-secure-boot: + extends: + - .build_base + variables: + target: x86-uefi + extension: security + use_rt: disable + targz: disable + encrypt: disable + build:qemu-amd64-swupdate: extends: - .build_base