Message ID | 20231211122528.486786-1-Quirin.Gylstorff@siemens.com (mailing list archive) |
---|---|
Headers | show |
Series | Add Bootloader to Update binary | expand |
On 11.12.23 13:19, Quirin Gylstorff wrote: > From: Quirin Gylstorff <quirin.gylstorff@siemens.com> > > This series adds the, possible signed, efibootguard binaries to the deploy dir > and adds them to swu file and sw-description to update the bootloader. > > The new entry contains following information: > { > filename = "{efi_boot_loader_file}"; > path = "EFI/BOOT/{efi_boot_loader_file}"; > device = "{efi_boot_device}"; > filesystem = "vfat"; > sha256 = "{efi_boot_loader_file}-sha256"; > properties: { > atomic-install = true; > }; > } > Changes v2: > - The efibootguard file is only added if the new variable `SWU_EBG_UPDATE` equals `1` What about only updating EBG, rather than always bundling it with a rootfs & friends? Jan > - Add the variable `SWU_EFI_BOOT_DEVICE` to set the device containing > the efibootguard binary > - Add the variable `SWU_EXTEND_SW_DESCRIPTION` to all extension of the > sw-description file > - use atomic-install to update the binary atomically > > Quirin Gylstorff (3): > efibootguard-efi.py: copy signed ebg binary to DEPLOY_DIR > swupdate.bbclass: Add SWU_EXTEND_SW_DESCRIPTION > swupdate: Extend sw-description to update efibootguard > > classes/swupdate.bbclass | 47 ++++++++++++++++++- > recipes-core/images/swu/sw-description.tmpl | 2 +- > .../wic/plugins/source/efibootguard-efi.py | 13 +++++ > 3 files changed, 60 insertions(+), 2 deletions(-) >
On 12/11/23 14:46, Jan Kiszka wrote: > On 11.12.23 13:19, Quirin Gylstorff wrote: >> From: Quirin Gylstorff <quirin.gylstorff@siemens.com> >> >> This series adds the, possible signed, efibootguard binaries to the deploy dir >> and adds them to swu file and sw-description to update the bootloader. >> >> The new entry contains following information: >> { >> filename = "{efi_boot_loader_file}"; >> path = "EFI/BOOT/{efi_boot_loader_file}"; >> device = "{efi_boot_device}"; >> filesystem = "vfat"; >> sha256 = "{efi_boot_loader_file}-sha256"; >> properties: { >> atomic-install = true; >> }; >> } >> Changes v2: >> - The efibootguard file is only added if the new variable `SWU_EBG_UPDATE` equals `1` > > What about only updating EBG, rather than always bundling it with a > rootfs & friends? > Currently this would require a separate sw-description. I am thinking about rewriting it with using libconf (python3-libconf in Debian) to generate the sw-description. This would allow that use case and other more easily. Quirin > Jan > >> - Add the variable `SWU_EFI_BOOT_DEVICE` to set the device containing >> the efibootguard binary >> - Add the variable `SWU_EXTEND_SW_DESCRIPTION` to all extension of the >> sw-description file >> - use atomic-install to update the binary atomically >> >> Quirin Gylstorff (3): >> efibootguard-efi.py: copy signed ebg binary to DEPLOY_DIR >> swupdate.bbclass: Add SWU_EXTEND_SW_DESCRIPTION >> swupdate: Extend sw-description to update efibootguard >> >> classes/swupdate.bbclass | 47 ++++++++++++++++++- >> recipes-core/images/swu/sw-description.tmpl | 2 +- >> .../wic/plugins/source/efibootguard-efi.py | 13 +++++ >> 3 files changed, 60 insertions(+), 2 deletions(-) >> >
On 11.12.23 15:13, Gylstorff Quirin wrote: > > > On 12/11/23 14:46, Jan Kiszka wrote: >> On 11.12.23 13:19, Quirin Gylstorff wrote: >>> From: Quirin Gylstorff <quirin.gylstorff@siemens.com> >>> >>> This series adds the, possible signed, efibootguard binaries to the >>> deploy dir >>> and adds them to swu file and sw-description to update the bootloader. >>> >>> The new entry contains following information: >>> { >>> filename = "{efi_boot_loader_file}"; >>> path = "EFI/BOOT/{efi_boot_loader_file}"; >>> device = "{efi_boot_device}"; >>> filesystem = "vfat"; >>> sha256 = "{efi_boot_loader_file}-sha256"; >>> properties: { >>> atomic-install = true; >>> }; >>> } >>> Changes v2: >>> - The efibootguard file is only added if the new variable >>> `SWU_EBG_UPDATE` equals `1` >> >> What about only updating EBG, rather than always bundling it with a >> rootfs & friends? >> > > Currently this would require a separate sw-description. > > I am thinking about rewriting it with using libconf (python3-libconf in > Debian) to generate the sw-description. This would allow that use case > and other more easily. BTW, will this series already work as-is in QEMU? Because the target partition is not mounted normally. SWUpdate will do that for us, right? Jan
On 12/11/23 16:00, Jan Kiszka wrote: > On 11.12.23 15:13, Gylstorff Quirin wrote: >> >> >> On 12/11/23 14:46, Jan Kiszka wrote: >>> On 11.12.23 13:19, Quirin Gylstorff wrote: >>>> From: Quirin Gylstorff <quirin.gylstorff@siemens.com> >>>> >>>> This series adds the, possible signed, efibootguard binaries to the >>>> deploy dir >>>> and adds them to swu file and sw-description to update the bootloader. >>>> >>>> The new entry contains following information: >>>> { >>>> filename = "{efi_boot_loader_file}"; >>>> path = "EFI/BOOT/{efi_boot_loader_file}"; >>>> device = "{efi_boot_device}"; >>>> filesystem = "vfat"; >>>> sha256 = "{efi_boot_loader_file}-sha256"; >>>> properties: { >>>> atomic-install = true; >>>> }; >>>> } >>>> Changes v2: >>>> - The efibootguard file is only added if the new variable >>>> `SWU_EBG_UPDATE` equals `1` >>> >>> What about only updating EBG, rather than always bundling it with a >>> rootfs & friends? >>> >> >> Currently this would require a separate sw-description. >> >> I am thinking about rewriting it with using libconf (python3-libconf in >> Debian) to generate the sw-description. This would allow that use case >> and other more easily. > > BTW, will this series already work as-is in QEMU? Because the target > partition is not mounted normally. SWUpdate will do that for us, right? The series will work as-is in QEMU. QEMU was my main test environment. Yes SWUpdate will mount the device for use. Quirin > > Jan >
On Mon, 2023-12-11 at 13:19 +0100, Quirin Gylstorff wrote: > From: Quirin Gylstorff <quirin.gylstorff@siemens.com> > > This series adds the, possible signed, efibootguard binaries to the > deploy dir > and adds them to swu file and sw-description to update the > bootloader. Hi Quirin, I just tested this series on a nanopi-neo-core (armhf target) and can confirm that swupdate successfully updated the EBG. Tested-by: Felix Moessbauer <felix.moessbauer@siemens.com> Best regards, Felix > > The new entry contains following information: > { > filename = "{efi_boot_loader_file}"; > path = "EFI/BOOT/{efi_boot_loader_file}"; > device = "{efi_boot_device}"; > filesystem = "vfat"; > sha256 = "{efi_boot_loader_file}-sha256"; > properties: { > atomic-install = true; > }; > } > Changes v2: > - The efibootguard file is only added if the new variable > `SWU_EBG_UPDATE` equals `1` > - Add the variable `SWU_EFI_BOOT_DEVICE` to set the device > containing > the efibootguard binary > - Add the variable `SWU_EXTEND_SW_DESCRIPTION` to all extension of > the > sw-description file > - use atomic-install to update the binary atomically > > Quirin Gylstorff (3): > efibootguard-efi.py: copy signed ebg binary to DEPLOY_DIR > swupdate.bbclass: Add SWU_EXTEND_SW_DESCRIPTION > swupdate: Extend sw-description to update efibootguard > > classes/swupdate.bbclass | 47 > ++++++++++++++++++- > recipes-core/images/swu/sw-description.tmpl | 2 +- > .../wic/plugins/source/efibootguard-efi.py | 13 +++++ > 3 files changed, 60 insertions(+), 2 deletions(-) >
On 12.12.23 09:20, MOESSBAUER, Felix (T CED INW-CN) wrote: > On Mon, 2023-12-11 at 13:19 +0100, Quirin Gylstorff wrote: >> From: Quirin Gylstorff <quirin.gylstorff@siemens.com> >> >> This series adds the, possible signed, efibootguard binaries to the >> deploy dir >> and adds them to swu file and sw-description to update the >> bootloader. > > Hi Quirin, > > I just tested this series on a nanopi-neo-core (armhf target) and can > confirm that swupdate successfully updated the EBG. > > Tested-by: Felix Moessbauer <felix.moessbauer@siemens.com> > Quirin, is your plan to do the further refactoring we discussed personally on top or as v3 of this series? Jan
From: Quirin Gylstorff <quirin.gylstorff@siemens.com> This series adds the, possible signed, efibootguard binaries to the deploy dir and adds them to swu file and sw-description to update the bootloader. The new entry contains following information: { filename = "{efi_boot_loader_file}"; path = "EFI/BOOT/{efi_boot_loader_file}"; device = "{efi_boot_device}"; filesystem = "vfat"; sha256 = "{efi_boot_loader_file}-sha256"; properties: { atomic-install = true; }; } Changes v2: - The efibootguard file is only added if the new variable `SWU_EBG_UPDATE` equals `1` - Add the variable `SWU_EFI_BOOT_DEVICE` to set the device containing the efibootguard binary - Add the variable `SWU_EXTEND_SW_DESCRIPTION` to all extension of the sw-description file - use atomic-install to update the binary atomically Quirin Gylstorff (3): efibootguard-efi.py: copy signed ebg binary to DEPLOY_DIR swupdate.bbclass: Add SWU_EXTEND_SW_DESCRIPTION swupdate: Extend sw-description to update efibootguard classes/swupdate.bbclass | 47 ++++++++++++++++++- recipes-core/images/swu/sw-description.tmpl | 2 +- .../wic/plugins/source/efibootguard-efi.py | 13 +++++ 3 files changed, 60 insertions(+), 2 deletions(-)