From patchwork Fri Jun 11 14:21:12 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Quirin Gylstorff X-Patchwork-Id: 12315817 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MENTIONS_GIT_HOSTING,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 318CCC48BE6 for ; Fri, 11 Jun 2021 14:21:19 +0000 (UTC) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id C85F16141C for ; Fri, 11 Jun 2021 14:21:18 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org C85F16141C Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=siemens.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=bounce+64572+6504+4520388+8129055@lists.cip-project.org X-Received: by 127.0.0.2 with SMTP id qwQZYY4521723xEAocLn5C13; Fri, 11 Jun 2021 07:21:18 -0700 X-Received: from gecko.sbs.de (gecko.sbs.de [194.138.37.40]) by mx.groups.io with SMTP id smtpd.web10.9013.1623421276846205466 for ; Fri, 11 Jun 2021 07:21:17 -0700 X-Received: from mail1.sbs.de (mail1.sbs.de [192.129.41.35]) by gecko.sbs.de (8.15.2/8.15.2) with ESMTPS id 15BELERd001879 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Fri, 11 Jun 2021 16:21:14 +0200 X-Received: from md2dvrtc.fritz.box ([167.87.46.52]) by mail1.sbs.de (8.15.2/8.15.2) with ESMTP id 15BELCQc002059; Fri, 11 Jun 2021 16:21:14 +0200 From: "Quirin Gylstorff" To: cip-dev@lists.cip-project.org, jan.kiszka@siemens.com, christian.storm@siemens.com Cc: Quirin Gylstorff Subject: [cip-dev][isar-cip-dev][PATCH 2/2] swupdate: Add option to use swupdate-handler-roundrobin Date: Fri, 11 Jun 2021 16:21:12 +0200 Message-Id: <20210611142112.2453-3-Quirin.Gylstorff@siemens.com> In-Reply-To: <20210611142112.2453-1-Quirin.Gylstorff@siemens.com> References: <20210611142112.2453-1-Quirin.Gylstorff@siemens.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: cip-dev@lists.cip-project.org List-Id: Mailing-List: list cip-dev@lists.cip-project.org; contact cip-dev+owner@lists.cip-project.org Reply-To: cip-dev@lists.cip-project.org X-Gm-Message-State: jYxxuJGJhZEO6Fxe92lipBnux4520388AA= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=lists.cip-project.org; q=dns/txt; s=20140610; t=1623421278; bh=gNS3MCdpP7T+WMXgNhy0c7TdPau3qVV0WdbAfCRNeVc=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=V7ht98zddA6rFsRWgd+xgEFSRRa+r3VR19CbtrfOQX183v46uz4LKVLfzmHV36t6SU6 Ykyhy/02hRvlXOkTfZgD4NB8cp/2nAJjA9aN5scagXwYMvd0p0z0qTATtbby++GDnk9l6 YuhiH/xkvs6siago71f1slnIifaEX2gNt1E= From: Quirin Gylstorff The new SWUpdate round-robin handler is available under[1]. Add the Option `SWUPDATE_HANDLER_BOOT_HANDLER_CONFIG` to set the source of the swupdate-handler-roundrobin configuration. If another Lua handler should be used, set the variable `SWUPDATE_USE_ROUND_ROBIN_HANDLER_REPO` to `0`. Add the alternative handler to the repository and use the variable `SWUPDATE_LUASCRIPT` to add the handler to the build. [1]:https://gitlab.com/cip-playground/swupdate-handler-roundrobin/ Signed-off-by: Quirin Gylstorff --- classes/swupdate-config.bbclass | 14 +- kas/opt/ebg-secure-boot-base.yml | 1 + .../files/secure-boot/sw-description.tmpl | 14 +- recipes-core/images/files/sw-description.tmpl | 21 +- .../swupdate.handler.efibootguard.ini | 20 + .../files/swupdate.handler.efibootguard.ini | 26 + .../swupdate/files/swupdate_handlers.lua | 453 ------------------ recipes-core/swupdate/swupdate.bb | 14 +- 8 files changed, 95 insertions(+), 468 deletions(-) create mode 100644 recipes-core/swupdate/files/secureboot/swupdate.handler.efibootguard.ini create mode 100644 recipes-core/swupdate/files/swupdate.handler.efibootguard.ini delete mode 100644 recipes-core/swupdate/files/swupdate_handlers.lua diff --git a/classes/swupdate-config.bbclass b/classes/swupdate-config.bbclass index f67ca4f..f94fd82 100644 --- a/classes/swupdate-config.bbclass +++ b/classes/swupdate-config.bbclass @@ -17,14 +17,22 @@ BUILD_DEB_DEPENDS = " \ zlib1g-dev, debhelper, libconfig-dev, libarchive-dev, \ python-sphinx:native, dh-systemd, libsystemd-dev, libssl-dev, pkg-config" +SRC_URI += " ${@ 'git://gitlab.com/cip-playground/swupdate-handler-roundrobin.git;protocol=https;destsuffix=swupdate-handler-roundrobin;name=swupdate-handler-roundrobin;nobranch=1' \ + if d.getVar('SWUPDATE_USE_ROUND_ROBIN_HANDLER_REPO') == '1' else '' \ + }" +SRCREV_swupdate-handler-roundrobin ?= "6f561f136fdbe51d2e9066b934dfcb06b94c6624" + +SWUPDATE_USE_ROUND_ROBIN_HANDLER_REPO ?= "1" +SWUPDATE_LUASCRIPT ?= "swupdate-handler-roundrobin/swupdate_handlers_roundrobin.lua" + KFEATURE_lua = "" KFEATURE_lua[BUILD_DEB_DEPENDS] = "liblua5.3-dev" KFEATURE_lua[KCONFIG_SNIPPETS] = "file://swupdate_defconfig_lua.snippet" KFEATURE_luahandler = "" KFEATURE_luahandler[KCONFIG_SNIPPETS] = "file://swupdate_defconfig_luahandler.snippet" -KFEATURE_luahandler[SRC_URI] = "file://${SWUPDATE_LUASCRIPT}" - +KFEATURE_luahandler[SRC_URI] = "${@ 'file://${SWUPDATE_LUASCRIPT}' \ + if d.getVar('SWUPDATE_USE_ROUND_ROBIN_HANDLER_REPO') == '0' else '' }" KFEATURE_DEPS = "" KFEATURE_DEPS[luahandler] = "lua" @@ -59,8 +67,6 @@ KFEATURE_u-boot[DEPENDS] = "${@ 'libubootenv u-boot-${MACHINE}-config' \ else 'libubootenv'}" KFEATURE_u-boot[KCONFIG_SNIPPETS] = "file://swupdate_defconfig_u-boot.snippet" -SWUPDATE_LUASCRIPT ?= "swupdate_handlers.lua" - def get_bootloader_featureset(d): bootloader = d.getVar("SWUPDATE_BOOTLOADER", True) or "" if bootloader == "efibootguard": diff --git a/kas/opt/ebg-secure-boot-base.yml b/kas/opt/ebg-secure-boot-base.yml index 35fb42e..8182bd8 100644 --- a/kas/opt/ebg-secure-boot-base.yml +++ b/kas/opt/ebg-secure-boot-base.yml @@ -18,3 +18,4 @@ local_conf_header: initramfs: | IMAGE_INSTALL += "initramfs-abrootfs-secureboot" SWU_DESCRIPTION = "secureboot" + SWUPDATE_ROUND_ROBIN_HANDLER_CONFIG = "secureboot/swupdate.handler.${SWUPDATE_BOOTLOADER}.ini" diff --git a/recipes-core/images/files/secure-boot/sw-description.tmpl b/recipes-core/images/files/secure-boot/sw-description.tmpl index bce97d0..34a58a3 100644 --- a/recipes-core/images/files/secure-boot/sw-description.tmpl +++ b/recipes-core/images/files/secure-boot/sw-description.tmpl @@ -14,16 +14,22 @@ software = name = "secure boot update" images: ({ filename = "${ROOTFS_PARTITION_NAME}"; - device = "fedcba98-7654-3210-cafe-5e0710000001,fedcba98-7654-3210-cafe-5e0710000002"; + device = "sda4,sda5"; type = "roundrobin"; - compressed = "true"; + compressed = "zlib"; filesystem = "ext4"; + properties: { + subtype = "image"; + }; }); files: ({ filename = "linux.signed.efi"; path = "linux.signed.efi"; - type = "kernelfile"; - device = "sda2,sda3"; + type = "roundrobin"; + device = "sda4->sda2,sda5->sda3"; filesystem = "vfat"; + properties: { + subtype = "kernel"; + }; }) } diff --git a/recipes-core/images/files/sw-description.tmpl b/recipes-core/images/files/sw-description.tmpl index bb34088..3309271 100644 --- a/recipes-core/images/files/sw-description.tmpl +++ b/recipes-core/images/files/sw-description.tmpl @@ -16,21 +16,30 @@ software = filename = "${ROOTFS_PARTITION_NAME}"; device = "fedcba98-7654-3210-cafe-5e0710000001,fedcba98-7654-3210-cafe-5e0710000002"; type = "roundrobin"; - compressed = "true"; + compressed = "zlib"; filesystem = "ext4"; + properties: { + subtype = "image"; + }; }); files: ({ filename = "${KERNEL_IMAGE}"; path = "vmlinuz"; - type = "kernelfile"; - device = "sda2,sda3"; + type = "roundrobin"; + device = "fedcba98-7654-3210-cafe-5e0710000001->sda2,fedcba98-7654-3210-cafe-5e0710000002->sda3"; filesystem = "vfat"; + properties: { + subtype = "kernel"; + }; }, { filename = "${INITRD_IMAGE}"; - path = "initrd.img"; - type = "kernelfile"; - device = "sda2,sda3"; + path = "${INITRD_IMAGE}"; + type = "roundrobin"; + device = "fedcba98-7654-3210-cafe-5e0710000001->sda2,fedcba98-7654-3210-cafe-5e0710000002->sda3"; filesystem = "vfat"; + properties: { + subtype = "initrd"; + }; }); } diff --git a/recipes-core/swupdate/files/secureboot/swupdate.handler.efibootguard.ini b/recipes-core/swupdate/files/secureboot/swupdate.handler.efibootguard.ini new file mode 100644 index 0000000..be69b60 --- /dev/null +++ b/recipes-core/swupdate/files/secureboot/swupdate.handler.efibootguard.ini @@ -0,0 +1,20 @@ +[image] +chainhandler=raw + +[image.selector] +method=getroot_rr +key=root + +[image.bootenv] +ustate=1 + +[kernel] +chainhandler=rawfile + +[kernel.selector] +method=getroot_rrmap +key=root + +[kernel.bootenv] +kernelfile=C:BOOT${rrindex}:linux.signed.efi + diff --git a/recipes-core/swupdate/files/swupdate.handler.efibootguard.ini b/recipes-core/swupdate/files/swupdate.handler.efibootguard.ini new file mode 100644 index 0000000..3aee76c --- /dev/null +++ b/recipes-core/swupdate/files/swupdate.handler.efibootguard.ini @@ -0,0 +1,26 @@ +[image] +chainhandler=raw + +[image.selector] +method=cmdline_rr +key=root + +[image.bootenv] +kernelparams=root=PARTUUID=${rrtarget} ${cmdline_root} + +[kernel] +chainhandler=rawfile + +[kernel.selector] +method=cmdline_rrmap +key=root + +[kernel.bootenv] +kernelfile=C:BOOT${rrindex}:vmlinuz + +[initrd] +chainhandler=rawfile + +[initrd.selector] +method=cmdline_rrmap +key=root diff --git a/recipes-core/swupdate/files/swupdate_handlers.lua b/recipes-core/swupdate/files/swupdate_handlers.lua deleted file mode 100644 index f2ecc54..0000000 --- a/recipes-core/swupdate/files/swupdate_handlers.lua +++ /dev/null @@ -1,453 +0,0 @@ ---[[ - - Round-robin Image and File Handler. - - Copyright (C) 2019, Siemens AG - - Author: Christian Storm - - SPDX-License-Identifier: GPL-2.0-or-later - - An `sw-description` file using these handlers may look like: - software = - { - version = "0.1.0"; - images: ({ - filename = "rootfs.ext4"; - device = "sda4,sda5"; - type = "roundrobin"; - compressed = false; - }); - files: ({ - filename = "vmlinuz"; - path = "vmlinuz"; - type = "kernelfile"; - device = "sda2,sda3"; - filesystem = "vfat"; - }, - { - filename = "initrd.img"; - path = "initrd.img"; - type = "kernelfile"; - device = "sda2,sda3"; - filesystem = "vfat"; - }); - } - - The semantics is as follows: Instead of having a fixed target device, - the 'roundrobin' image handler calculates the target device by parsing - /proc/cmdline, matching the root= kernel parameter against its - 'device' attribute's list of devices, and sets the actual target - device to the next 'device' attribute list entry in a round-robin - manner. The actual flashing is done via chain-calling another handler, - defaulting to the "raw" handler. - - The 'kernelfile' file handler reuses the 'roundrobin' handler's target - device calculation by reading the actual target device from the same - index into its 'device' attribute's list of devices. The actual placing - of files into this partition is done via chain-calling another handler, - defaulting to the "rawfile" handler. - - In the above example, if /dev/sda4 is currently booted according to - /proc/cmdline, /dev/sda5 will be flashed and the vmlinuz and initrd.img - files will be placed on /dev/sda3. If /dev/sda5 is booted, /dev/sda4 - will be flashed and the vmlinuz and initrd.img files are placed on - /dev/sda2. - In addition to "classical" device nodes as in this example, partition - UUIDs as reported, e.g., by `blkid -s PARTUUID` are also supported. - UBI volumes are supported as well by specifying a CSV list of - ubi: