From patchwork Mon Jan 8 10:25:49 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gylstorff Quirin X-Patchwork-Id: 13513251 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2D0F4C4725D for ; Mon, 8 Jan 2024 10:26:54 +0000 (UTC) Received: from mta-65-226.siemens.flowmailer.net (mta-65-226.siemens.flowmailer.net [185.136.65.226]) by mx.groups.io with SMTP id smtpd.web10.3846.1704709602894275047 for ; Mon, 08 Jan 2024 02:26:44 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=Quirin.Gylstorff@siemens.com header.s=fm1 header.b=Ni8vURLX; spf=pass (domain: rts-flowmailer.siemens.com, ip: 185.136.65.226, mailfrom: fm-51332-2024010810263918045fc181f574927c-8liwaq@rts-flowmailer.siemens.com) Received: by mta-65-226.siemens.flowmailer.net with ESMTPSA id 2024010810263918045fc181f574927c for ; Mon, 08 Jan 2024 11:26:40 +0100 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=fm1; d=siemens.com; i=Quirin.Gylstorff@siemens.com; h=Date:From:Subject:To:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding:References:In-Reply-To; bh=BjnKiiQn3LKRIRzxBB/vJ22B9eSnVspjECyOSqgoOUM=; b=Ni8vURLXkjcwUzcqz0jR3g8+Vs4Jz/UjDLV4sHGC+GtMyyXCyVd2VDZJeSGJzCWEX4UIyA pG1T005MHEftYx3RaQH/BS4hCUH6rOMWacAbLFd+UFXXnll47umwcXe9uOTVUj0eXxY6+gDX MeGMOcXo3FmwkSh1+lCOGE3nsBcW0=; From: Quirin Gylstorff To: felix.moessbauer@siemens.com, jan.kiszka@siemens.com, cip-dev@lists.cip-project.org Subject: [cip-dev][isar-cip-core][PATCH v4 1/6] Move efibootguard specific settings from include to class file Date: Mon, 8 Jan 2024 11:25:49 +0100 Message-ID: <20240108102638.2966221-2-Quirin.Gylstorff@siemens.com> In-Reply-To: <20240108102638.2966221-1-Quirin.Gylstorff@siemens.com> References: <20240108102638.2966221-1-Quirin.Gylstorff@siemens.com> MIME-Version: 1.0 X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-51332:519-21489:flowmailer List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 08 Jan 2024 10:26:54 -0000 X-Groupsio-URL: https://lists.cip-project.org/g/cip-dev/message/14273 From: Quirin Gylstorff This is done in preparations to reduce similar code. Signed-off-by: Quirin Gylstorff --- classes/efibootguard.bbclass | 17 +++++++++++++++++ recipes-core/images/efibootguard.inc | 9 ++------- 2 files changed, 19 insertions(+), 7 deletions(-) create mode 100644 classes/efibootguard.bbclass diff --git a/classes/efibootguard.bbclass b/classes/efibootguard.bbclass new file mode 100644 index 0000000..bc99d3a --- /dev/null +++ b/classes/efibootguard.bbclass @@ -0,0 +1,17 @@ +# +# CIP Core, generic profile +# +# Copyright (c) Siemens AG, 2024 +# +# Authors: +# Quirin Gylstorff +# +# SPDX-License-Identifier: MIT +# + +IMAGE_INSTALL:append = " efibootguard libebgenv0" +IMAGER_INSTALL:wic:append = " efibootguard:${DISTRO_ARCH}" +WDOG_TIMEOUT ?= "60" +WICVARS += "WDOG_TIMEOUT KERNEL_IMAGE INITRD_DEPLOY_FILE DTB_FILES EFI_ARCH EFI_LIB_ARCH" +IMAGE_TYPEDEP:swu:append = " wic" + diff --git a/recipes-core/images/efibootguard.inc b/recipes-core/images/efibootguard.inc index 0f26b7d..f512b3c 100644 --- a/recipes-core/images/efibootguard.inc +++ b/recipes-core/images/efibootguard.inc @@ -1,7 +1,7 @@ # # CIP Core, generic profile # -# Copyright (c) Siemens AG, 2020 +# Copyright (c) Siemens AG, 2020, 2024 # # Authors: # Quirin Gylstorff @@ -9,9 +9,4 @@ # SPDX-License-Identifier: MIT # -IMAGE_INSTALL:append = " efibootguard libebgenv0" -IMAGER_INSTALL:wic:append = " efibootguard:${DISTRO_ARCH}" -WDOG_TIMEOUT ?= "60" -WICVARS += "WDOG_TIMEOUT KERNEL_IMAGE INITRD_DEPLOY_FILE DTB_FILES" -IMAGE_FSTYPES:append = " wic" -IMAGE_TYPEDEP:swu:append = " wic" +inherit efibootguard From patchwork Mon Jan 8 10:25:50 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gylstorff Quirin X-Patchwork-Id: 13513255 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1C620C47079 for ; Mon, 8 Jan 2024 10:26:54 +0000 (UTC) Received: from mta-65-228.siemens.flowmailer.net (mta-65-228.siemens.flowmailer.net [185.136.65.228]) by mx.groups.io with SMTP id smtpd.web10.3847.1704709603289058533 for ; Mon, 08 Jan 2024 02:26:44 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=Quirin.Gylstorff@siemens.com header.s=fm1 header.b=SaPC/89V; spf=pass (domain: rts-flowmailer.siemens.com, ip: 185.136.65.228, mailfrom: fm-51332-20240108102640d25755f7d0faa2b537-hygked@rts-flowmailer.siemens.com) Received: by mta-65-228.siemens.flowmailer.net with ESMTPSA id 20240108102640d25755f7d0faa2b537 for ; Mon, 08 Jan 2024 11:26:40 +0100 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=fm1; d=siemens.com; i=Quirin.Gylstorff@siemens.com; h=Date:From:Subject:To:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding:References:In-Reply-To; bh=AnO42wWv/5tA8YrgHI8HhW203nBJY+/H364N3wPMFts=; b=SaPC/89VhIXsduJ3I5n/KzTUMOSaZN6rJL5MlE9HAYQDkK1VpLykTFF6Jtq5sVqaPUP8vC 7dyIxT34pLVtDSlzgTF1Ah3xRT9P+WebF/eSvEQv/s0yfbBXta9WwHXK0rVW54ACOMMo9Ijp 7ne8Jf+Izvw0pcp/yJX9mjZrJeUaM=; From: Quirin Gylstorff To: felix.moessbauer@siemens.com, jan.kiszka@siemens.com, cip-dev@lists.cip-project.org Subject: [cip-dev][isar-cip-core][PATCH v4 2/6] efibootguard.bbclass: Add functions to generate the EFI_ARCH and EFI_LIB_ARCH Date: Mon, 8 Jan 2024 11:25:50 +0100 Message-ID: <20240108102638.2966221-3-Quirin.Gylstorff@siemens.com> In-Reply-To: <20240108102638.2966221-1-Quirin.Gylstorff@siemens.com> References: <20240108102638.2966221-1-Quirin.Gylstorff@siemens.com> MIME-Version: 1.0 X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-51332:519-21489:flowmailer List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 08 Jan 2024 10:26:54 -0000 X-Groupsio-URL: https://lists.cip-project.org/g/cip-dev/message/14274 From: Quirin Gylstorff This reduces duplicated code. Signed-off-by: Quirin Gylstorff --- classes/efibootguard.bbclass | 25 ++++++++++++ .../wic/plugins/source/efibootguard-boot.py | 29 +++++--------- .../wic/plugins/source/efibootguard-efi.py | 40 +++++++++---------- 3 files changed, 54 insertions(+), 40 deletions(-) diff --git a/classes/efibootguard.bbclass b/classes/efibootguard.bbclass index bc99d3a..26291b7 100644 --- a/classes/efibootguard.bbclass +++ b/classes/efibootguard.bbclass @@ -15,3 +15,28 @@ WDOG_TIMEOUT ?= "60" WICVARS += "WDOG_TIMEOUT KERNEL_IMAGE INITRD_DEPLOY_FILE DTB_FILES EFI_ARCH EFI_LIB_ARCH" IMAGE_TYPEDEP:swu:append = " wic" +def distro_to_efi_arch(d): + DISTRO_TO_EFI_ARCH = { + "amd64": "x64", + "arm64": "aa64", + "armhf": "arm", + "i386": "ia32", + "riscv64": "riscv64" + } + distro_arch = d.getVar('DISTRO_ARCH') + return DISTRO_TO_EFI_ARCH[distro_arch] + +EFI_ARCH := "${@distro_to_efi_arch(d)}" + +def distro_to_lib_arch(d): + DISTRO_TO_LIB_ARCH = { + "amd64": "x86_64-linux-gnu", + "arm64": "aarch64-linux-gnu", + "armhf": "arm-linux-gnueabihf", + "i386": "i386-linux-gnu", + "riscv64": "riscv64-linux-gnu", + } + distro_arch = d.getVar('DISTRO_ARCH') + return DISTRO_TO_LIB_ARCH[distro_arch] + +EFI_LIB_ARCH := "${@distro_to_lib_arch(d)}" diff --git a/scripts/lib/wic/plugins/source/efibootguard-boot.py b/scripts/lib/wic/plugins/source/efibootguard-boot.py index 9892572..4e3aefb 100644 --- a/scripts/lib/wic/plugins/source/efibootguard-boot.py +++ b/scripts/lib/wic/plugins/source/efibootguard-boot.py @@ -180,27 +180,20 @@ class EfibootguardBootPlugin(SourcePlugin): def _create_unified_kernel_image(cls, rootfs_dir, cr_workdir, cmdline, deploy_dir, kernel_image, initrd_image, dtb_files, source_params): - # we need to map the distro_arch to uefi values - distro_to_efi_arch = { - "amd64": "x64", - "arm64": "aa64", - "armhf": "arm", - "i386": "ia32", - "riscv64" : "riscv64" - } - distro_to_lib_arch = { - "amd64": "x86_64-linux-gnu", - "arm64": "aarch64-linux-gnu", - "armhf": "arm-linux-gnueabihf", - "i386": "i386-linux-gnu", - "riscv64": "riscv64-linux-gnu", - } rootfs_path = rootfs_dir.get('ROOTFS_DIR') - distro_arch = get_bitbake_var("DISTRO_ARCH") + efiarch = get_bitbake_var("EFI_ARCH") + if not efiarch: + msger.error("Bitbake variable 'EFI_ARCH' not set, exiting\n") + exit(1) + libarch = get_bitbake_var("EFI_LIB_ARCH") + if not libarch: + msger.error("Bitbake variable 'EFI_LIB_ARCH' not set, exiting\n") + exit(1) + efistub = "{rootfs_path}/usr/lib/{libpath}/efibootguard/kernel-stub{efiarch}.efi"\ .format(rootfs_path=rootfs_path, - libpath=distro_to_lib_arch[distro_arch], - efiarch=distro_to_efi_arch[distro_arch]) + libpath=libarch, + efiarch=efiarch) uefi_kernel_name = "linux.efi" uefi_kernel_file = "{deploy_dir}/{uefi_kernel_name}"\ .format(deploy_dir=deploy_dir, uefi_kernel_name=uefi_kernel_name) diff --git a/scripts/lib/wic/plugins/source/efibootguard-efi.py b/scripts/lib/wic/plugins/source/efibootguard-efi.py index 86a22e0..9bb6347 100644 --- a/scripts/lib/wic/plugins/source/efibootguard-efi.py +++ b/scripts/lib/wic/plugins/source/efibootguard-efi.py @@ -51,35 +51,31 @@ class EfibootguardEFIPlugin(SourcePlugin): populate an EFI boot partition containing the EFI Boot Guard bootloader binary. """ - # we need to map the distro_arch to uefi values - distro_to_efi_arch = { - "amd64": "x64", - "arm64": "aa64", - "armhf": "arm", - "i386": "ia32", - "riscv64" : "riscv64" - } - - distro_to_lib_arch = { - "amd64": "x86_64-linux-gnu", - "arm64": "aarch64-linux-gnu", - "armhf": "arm-linux-gnueabihf", - "i386": "i386-linux-gnu", - "riscv64": "riscv64-linux-gnu", - } - - distro_arch = get_bitbake_var("DISTRO_ARCH") + efiarch = get_bitbake_var("EFI_ARCH") + if not efiarch: + msger.error("Bitbake variable 'EFI_ARCH' not set, exiting\n") + exit(1) + libarch = get_bitbake_var("EFI_LIB_ARCH") + if not libarch: + msger.error("Bitbake variable 'EFI_LIB_ARCH' not set, exiting\n") + exit(1) + + deploy_dir = get_bitbake_var("DEPLOY_DIR_IMAGE") + if not deploy_dir: + msger.error("DEPLOY_DIR_IMAGE not set, exiting\n") + exit(1) + creator.deploy_dir = deploy_dir + bootloader = "/usr/lib/{libpath}/efibootguard/efibootguard{efiarch}.efi".format( - libpath=distro_to_lib_arch[distro_arch], - efiarch=distro_to_efi_arch[distro_arch]) + libpath=libarch, + efiarch=efiarch) part_rootfs_dir = "%s/disk/%s.%s" % (cr_workdir, part.label, part.lineno) create_dir_cmd = "install -d %s/EFI/BOOT" % part_rootfs_dir exec_cmd(create_dir_cmd) - name = "boot{}.efi".format( - distro_to_efi_arch[distro_arch]) + name = "boot{}.efi".format(efiarch) signed_bootloader = cls._sign_file(name, bootloader, From patchwork Mon Jan 8 10:25:51 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gylstorff Quirin X-Patchwork-Id: 13513249 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 08C55C3DA6E for ; Mon, 8 Jan 2024 10:26:54 +0000 (UTC) Received: from mta-65-227.siemens.flowmailer.net (mta-65-227.siemens.flowmailer.net [185.136.65.227]) by mx.groups.io with SMTP id smtpd.web10.3845.1704709602862903003 for ; Mon, 08 Jan 2024 02:26:44 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=Quirin.Gylstorff@siemens.com header.s=fm1 header.b=fzCIDAZ5; spf=pass (domain: rts-flowmailer.siemens.com, ip: 185.136.65.227, mailfrom: fm-51332-20240108102640791b13de080aa3cbf6-yzxwnu@rts-flowmailer.siemens.com) Received: by mta-65-227.siemens.flowmailer.net with ESMTPSA id 20240108102640791b13de080aa3cbf6 for ; Mon, 08 Jan 2024 11:26:40 +0100 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=fm1; d=siemens.com; i=Quirin.Gylstorff@siemens.com; h=Date:From:Subject:To:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding:References:In-Reply-To; bh=Q0uHH1rsokRJfkAP1QPz52XMfDYa8++Dsa4HU+HLW08=; b=fzCIDAZ5v8JeMoyQgAPBQF/XVFPXxVz6AffnW5SxGmFrJ/Tot/IRInw434oSCz8CRF+S2l tzzSQr3W9950zqXWHBQ/aM6IdUf0VAKtC5JP425joME13rBSzJDfnIkzmLE+jSTk2NIChJSA aUhdS/nK41Tn3QOS7Db+DVawu0Cyg=; From: Quirin Gylstorff To: felix.moessbauer@siemens.com, jan.kiszka@siemens.com, cip-dev@lists.cip-project.org Subject: [cip-dev][isar-cip-core][PATCH v4 3/6] efibootguard-efi.py: copy signed ebg binary to DEPLOY_DIR Date: Mon, 8 Jan 2024 11:25:51 +0100 Message-ID: <20240108102638.2966221-4-Quirin.Gylstorff@siemens.com> In-Reply-To: <20240108102638.2966221-1-Quirin.Gylstorff@siemens.com> References: <20240108102638.2966221-1-Quirin.Gylstorff@siemens.com> MIME-Version: 1.0 X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-51332:519-21489:flowmailer List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 08 Jan 2024 10:26:54 -0000 X-Groupsio-URL: https://lists.cip-project.org/g/cip-dev/message/14270 From: Quirin Gylstorff This allows to add the signed ebg binary to a swu file for updating the bootloader. Signed-off-by: Quirin Gylstorff --- scripts/lib/wic/plugins/source/efibootguard-efi.py | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/scripts/lib/wic/plugins/source/efibootguard-efi.py b/scripts/lib/wic/plugins/source/efibootguard-efi.py index 9bb6347..e82e990 100644 --- a/scripts/lib/wic/plugins/source/efibootguard-efi.py +++ b/scripts/lib/wic/plugins/source/efibootguard-efi.py @@ -66,6 +66,13 @@ class EfibootguardEFIPlugin(SourcePlugin): exit(1) creator.deploy_dir = deploy_dir + deploy_dir = get_bitbake_var("DEPLOY_DIR_IMAGE") + if not deploy_dir: + msger.error("DEPLOY_DIR_IMAGE not set, exiting\n") + exit(1) + creator.deploy_dir = deploy_dir + + distro_arch = get_bitbake_var("DISTRO_ARCH") bootloader = "/usr/lib/{libpath}/efibootguard/efibootguard{efiarch}.efi".format( libpath=libarch, efiarch=efiarch) @@ -86,6 +93,13 @@ class EfibootguardEFIPlugin(SourcePlugin): part_rootfs_dir, name) exec_cmd(cp_cmd, True) + + cp_to_deploy_cmd = "cp %s/%s %s/%s" % (cr_workdir, + signed_bootloader, + deploy_dir, + name) + exec_cmd(cp_to_deploy_cmd, True) + du_cmd = "du --apparent-size -ks %s" % part_rootfs_dir blocks = int(exec_cmd(du_cmd).split()[0]) From patchwork Mon Jan 8 10:25:52 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gylstorff Quirin X-Patchwork-Id: 13513254 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 43ED1C4707C for ; Mon, 8 Jan 2024 10:26:54 +0000 (UTC) Received: from mta-64-225.siemens.flowmailer.net (mta-64-225.siemens.flowmailer.net [185.136.64.225]) by mx.groups.io with SMTP id smtpd.web11.3831.1704709603328370611 for ; Mon, 08 Jan 2024 02:26:44 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=Quirin.Gylstorff@siemens.com header.s=fm1 header.b=Vr/KWWGp; spf=pass (domain: rts-flowmailer.siemens.com, ip: 185.136.64.225, mailfrom: fm-51332-202401081026402d1499b9b3234d4c11-_k9bi_@rts-flowmailer.siemens.com) Received: by mta-64-225.siemens.flowmailer.net with ESMTPSA id 202401081026402d1499b9b3234d4c11 for ; Mon, 08 Jan 2024 11:26:40 +0100 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=fm1; d=siemens.com; i=Quirin.Gylstorff@siemens.com; h=Date:From:Subject:To:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding:References:In-Reply-To; bh=7gHnhlyNKtrsuS4aR2Oo096eNq55FBb/1ZuK5H7AZSw=; b=Vr/KWWGpuz1XfsBJ09JIyHZptPbdzc3oFYWzJRjlccuwNe0GE1zHCbSEvdOYl3G2ctprrv +NGXKH6wnTazcqIa8A47zskft79IAqERCvqnLw/Ut1Rbty1o8vXMbDUkKHAs3ljmTg0VT0Uu 8wsCBQqz4N2frtXW7Lvh5atro4SXg=; From: Quirin Gylstorff To: felix.moessbauer@siemens.com, jan.kiszka@siemens.com, cip-dev@lists.cip-project.org Subject: [cip-dev][isar-cip-core][PATCH v4 4/6] swupdate.bbclass: Add SWU_EXTEND_SW_DESCRIPTION Date: Mon, 8 Jan 2024 11:25:52 +0100 Message-ID: <20240108102638.2966221-5-Quirin.Gylstorff@siemens.com> In-Reply-To: <20240108102638.2966221-1-Quirin.Gylstorff@siemens.com> References: <20240108102638.2966221-1-Quirin.Gylstorff@siemens.com> MIME-Version: 1.0 X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-51332:519-21489:flowmailer List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 08 Jan 2024 10:26:54 -0000 X-Groupsio-URL: https://lists.cip-project.org/g/cip-dev/message/14271 From: Quirin Gylstorff The elements of the new variable are called as functions. This allows the user to extend the sw-description file with new template variables and new entries. Signed-off-by: Quirin Gylstorff --- classes/swupdate.bbclass | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/classes/swupdate.bbclass b/classes/swupdate.bbclass index 117f9fe..dfe8ef1 100644 --- a/classes/swupdate.bbclass +++ b/classes/swupdate.bbclass @@ -53,6 +53,16 @@ IMAGE_TEMPLATE_VARS:swu = " \ addtask do_transform_template after do_generate_image_uuid python(){ + cmds = d.getVar("SWU_EXTEND_SW_DESCRIPTION") + if cmds is None or not cmds.strip(): + return + cmds = cmds.split() + for cmd in cmds: + bb.build.exec_func(cmd, d) +} + +SWU_EXTEND_SW_DESCRIPTION += "add_swu_hw_compat" +python add_swu_hw_compat(){ # create SWU_HW_COMPAT_NODE based on list of supported hw hw_compat = d.getVar('SWU_HW_COMPAT') if hw_compat: @@ -61,7 +71,10 @@ python(){ 'hardware-compatibility: [ ' + hw_entries +' ];') else: d.setVar('SWU_HW_COMPAT_NODE', '') +} +SWU_EXTEND_SW_DESCRIPTION += "add_swu_compression" +python add_swu_compression(){ # create SWU_COMPRESSION_NODE node if compression is enabled calgo = d.getVar('SWU_COMPRESSION_TYPE') if calgo: From patchwork Mon Jan 8 10:25:53 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gylstorff Quirin X-Patchwork-Id: 13513253 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2F130C47422 for ; Mon, 8 Jan 2024 10:26:54 +0000 (UTC) Received: from mta-65-228.siemens.flowmailer.net (mta-65-228.siemens.flowmailer.net [185.136.65.228]) by mx.groups.io with SMTP id smtpd.web11.3830.1704709602844891662 for ; Mon, 08 Jan 2024 02:26:44 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=Quirin.Gylstorff@siemens.com header.s=fm1 header.b=Kr5xZumD; spf=pass (domain: rts-flowmailer.siemens.com, ip: 185.136.65.228, mailfrom: fm-51332-20240108102640a4d37fbeb36121538d-23nfbq@rts-flowmailer.siemens.com) Received: by mta-65-228.siemens.flowmailer.net with ESMTPSA id 20240108102640a4d37fbeb36121538d for ; Mon, 08 Jan 2024 11:26:40 +0100 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=fm1; d=siemens.com; i=Quirin.Gylstorff@siemens.com; h=Date:From:Subject:To:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding:References:In-Reply-To; bh=VFMresEGEC2+Wf485b0y3AB3+Zdr1GLHzwF0CrRZ0so=; b=Kr5xZumDbC8h1n/V0x2JPtRAfnpNXmKza3Y0psRcw+nDuWO4yn/HmMb8KFLI8t9SgWisk9 U6QgX13YIALlR2vFEGMEcCvjMnsvggwGkuDk+NQTywVe46hfhEl7iBDcx1ZNyr8QwBAB2y/O 0RuRpoRjxGh5cIu0vSyRbik3gdFJQ=; From: Quirin Gylstorff To: felix.moessbauer@siemens.com, jan.kiszka@siemens.com, cip-dev@lists.cip-project.org Subject: [cip-dev][isar-cip-core][PATCH v4 5/6] swupdate: Extend sw-description to update efibootguard Date: Mon, 8 Jan 2024 11:25:53 +0100 Message-ID: <20240108102638.2966221-6-Quirin.Gylstorff@siemens.com> In-Reply-To: <20240108102638.2966221-1-Quirin.Gylstorff@siemens.com> References: <20240108102638.2966221-1-Quirin.Gylstorff@siemens.com> MIME-Version: 1.0 X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-51332:519-21489:flowmailer List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 08 Jan 2024 10:26:54 -0000 X-Groupsio-URL: https://lists.cip-project.org/g/cip-dev/message/14272 From: Quirin Gylstorff If the variable `SWU_EBG_UPDATE` is set to `1` an additional file element is added to the sw-description to replace the ebg. Use python as newlines are part of the sw-description syntax an therefore cannot be hold in a bitbake variable, see note in[1]. The efibootguard binary has the property 'atomic-install' which copies the file to a tempory location before replacing the original with new file[2]. IMPORTANT: Even if the property 'atomic-install' is set FAT does not support atomic writes or renames so a powercut can still corrupt the system[3]. [1]: https://docs.yoctoproject.org/bitbake/2.2/bitbake-user-manual/bitbake-user-manual-metadata.html#line-joining [2]: https://sbabic.github.io/swupdate/sw-description.html#files [3]: https://lore.kernel.org/linux-fsdevel/20191022105413.pj6i3ydetnfgnkzh@pali/ Signed-off-by: Quirin Gylstorff --- classes/swupdate.bbclass | 34 +++++++++++++++++++-- recipes-core/images/swu/sw-description.tmpl | 2 +- 2 files changed, 33 insertions(+), 3 deletions(-) diff --git a/classes/swupdate.bbclass b/classes/swupdate.bbclass index dfe8ef1..0f8ae23 100644 --- a/classes/swupdate.bbclass +++ b/classes/swupdate.bbclass @@ -1,7 +1,7 @@ # # CIP Core, generic profile # -# Copyright (c) Siemens AG, 2020-2023 +# Copyright (c) Siemens AG, 2020-2024 # # Authors: # Christian Storm @@ -11,6 +11,7 @@ # SPDX-License-Identifier: MIT inherit template +inherit efibootguard SWU_ROOTFS_TYPE ?= "squashfs" SWU_ROOTFS_NAME ?= "${IMAGE_FULLNAME}" @@ -22,6 +23,9 @@ SWU_NAME ?= "cip software update" # space separated list of supported hw. Leave empty to leave out SWU_HW_COMPAT ?= "" +SWU_EBG_UPDATE ?= "" +SWU_EFI_BOOT_DEVICE ?= "/dev/disk/by-uuid/4321-DCBA" + SWU_IMAGE_FILE ?= "${DEPLOY_DIR_IMAGE}/${IMAGE_FULLNAME}.swu" SWU_DESCRIPTION_FILE ?= "sw-description" SWU_ADDITIONAL_FILES ?= "linux.efi ${SWU_ROOTFS_PARTITION_NAME}" @@ -47,7 +51,14 @@ IMAGE_TEMPLATE_VARS:swu = " \ SWU_HW_COMPAT_NODE \ SWU_COMPRESSION_NODE \ SWU_VERSION \ - SWU_NAME" + SWU_NAME \ + SWU_FILE_NODES \ + " + +# Add the bootloader file +def efi_bootloader_name(d): + efi_arch = distro_to_efi_arch(d) + return "boot{}.efi".format(efi_arch) # TARGET_IMAGE_UUID needs to be generated before completing the template addtask do_transform_template after do_generate_image_uuid @@ -83,6 +94,25 @@ python add_swu_compression(){ d.setVar('SWU_COMPRESSION_NODE', '') } +SWU_EXTEND_SW_DESCRIPTION += "${@ 'add_ebg_update' if d.getVar('SWU_EBG_UPDATE') == '1' else ''}" +python add_ebg_update(){ + efi_boot_loader_file = efi_bootloader_name(d) + efi_boot_device = d.getVar('SWU_EFI_BOOT_DEVICE') + swu_ebg_update_node = f""", + {{ + filename = "{efi_boot_loader_file}"; + path = "EFI/BOOT/{efi_boot_loader_file}"; + device = "{efi_boot_device}"; + filesystem = "vfat"; + sha256 = "{efi_boot_loader_file}-sha256"; + properties: {{ + atomic-install = "true"; + }}; + }} + """ + d.appendVar('SWU_FILE_NODES', swu_ebg_update_node) + d.appendVar('SWU_ADDITIONAL_FILES', " " + efi_boot_loader_file) +} # convert between swupdate compressor name and imagetype extension def get_swu_compression_type(d): diff --git a/recipes-core/images/swu/sw-description.tmpl b/recipes-core/images/swu/sw-description.tmpl index 6b53a3c..c52372c 100644 --- a/recipes-core/images/swu/sw-description.tmpl +++ b/recipes-core/images/swu/sw-description.tmpl @@ -34,5 +34,5 @@ software = subtype = "kernel"; }; sha256 = "linux.efi-sha256"; - }); + }${SWU_FILE_NODES}); } From patchwork Mon Jan 8 10:25:54 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gylstorff Quirin X-Patchwork-Id: 13513252 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1C66BC47258 for ; Mon, 8 Jan 2024 10:26:54 +0000 (UTC) Received: from mta-64-225.siemens.flowmailer.net (mta-64-225.siemens.flowmailer.net [185.136.64.225]) by mx.groups.io with SMTP id smtpd.web11.3832.1704709603328721489 for ; Mon, 08 Jan 2024 02:26:44 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=Quirin.Gylstorff@siemens.com header.s=fm1 header.b=RqlPPS7w; spf=pass (domain: rts-flowmailer.siemens.com, ip: 185.136.64.225, mailfrom: fm-51332-20240108102640abe76dbd9bceb07215-fy6krz@rts-flowmailer.siemens.com) Received: by mta-64-225.siemens.flowmailer.net with ESMTPSA id 20240108102640abe76dbd9bceb07215 for ; Mon, 08 Jan 2024 11:26:41 +0100 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=fm1; d=siemens.com; i=Quirin.Gylstorff@siemens.com; h=Date:From:Subject:To:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding:References:In-Reply-To; bh=2t8dBtjpvpiNRw0B3rozomNpA35PWh0+ITRoqxW2fS4=; b=RqlPPS7wD8Pimv9dZ4xSZYmhJiLwZe5VhWCrkEF1vAiQO/RVVmCEQev0n1+nIQB4zZo4Ji V9X7yy/6ZAwVPvGg6YHvFF0GSQ+emsMkyoLHNGohv3klcYgHy92Qtfy4hDpssbwW9OUCwUlm HHxUmBQpoieYnZyBidiV87niW+QsU=; From: Quirin Gylstorff To: felix.moessbauer@siemens.com, jan.kiszka@siemens.com, cip-dev@lists.cip-project.org Subject: [cip-dev][isar-cip-core][PATCH v4 6/6] classes/swupdate: Generate swu containing only efibootguard Date: Mon, 8 Jan 2024 11:25:54 +0100 Message-ID: <20240108102638.2966221-7-Quirin.Gylstorff@siemens.com> In-Reply-To: <20240108102638.2966221-1-Quirin.Gylstorff@siemens.com> References: <20240108102638.2966221-1-Quirin.Gylstorff@siemens.com> MIME-Version: 1.0 X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-51332:519-21489:flowmailer List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 08 Jan 2024 10:26:54 -0000 X-Groupsio-URL: https://lists.cip-project.org/g/cip-dev/message/14275 From: Quirin Gylstorff This allows to update the bootloader seperately from the rest of the system. It adds a new variable `SWU_DESCRIPITION_FILE_BOOTLOADER` for the bootloader sw-descripition. The generated swu has the following naming scheme ${SWU_IMAGE_FILE}-${SWU_BOOTLOADER}.swu. Signed-off-by: Quirin Gylstorff --- classes/swupdate.bbclass | 102 +++++++++++------- .../images/swu/sw-description-ebg.tmpl | 17 +++ 2 files changed, 81 insertions(+), 38 deletions(-) create mode 100644 recipes-core/images/swu/sw-description-ebg.tmpl diff --git a/classes/swupdate.bbclass b/classes/swupdate.bbclass index 0f8ae23..8f1215d 100644 --- a/classes/swupdate.bbclass +++ b/classes/swupdate.bbclass @@ -25,15 +25,17 @@ SWU_HW_COMPAT ?= "" SWU_EBG_UPDATE ?= "" SWU_EFI_BOOT_DEVICE ?= "/dev/disk/by-uuid/4321-DCBA" +SWU_BOOTLOADER ??= "ebg" +SWU_DESCRIPITION_FILE_BOOTLOADER ??= "${SWU_DESCRIPTION_FILE}-${SWU_BOOTLOADER}" -SWU_IMAGE_FILE ?= "${DEPLOY_DIR_IMAGE}/${IMAGE_FULLNAME}.swu" +SWU_IMAGE_FILE ?= "${IMAGE_FULLNAME}" SWU_DESCRIPTION_FILE ?= "sw-description" SWU_ADDITIONAL_FILES ?= "linux.efi ${SWU_ROOTFS_PARTITION_NAME}" SWU_SIGNED ??= "" SWU_SIGNATURE_EXT ?= "sig" SWU_SIGNATURE_TYPE ?= "cms" -SWU_BUILDCHROOT_IMAGE_FILE ?= "${PP_DEPLOY}/${@os.path.basename(d.getVar('SWU_IMAGE_FILE'))}" +SWU_BUILDCHROOT_IMAGE_FILE ?= "${@os.path.basename(d.getVar('SWU_IMAGE_FILE'))}" IMAGE_TYPEDEP:swu = "${SWU_ROOTFS_TYPE}${@get_swu_compression_type(d)}" IMAGER_BUILD_DEPS:swu += "${@'swupdate-certificates-key' if bb.utils.to_boolean(d.getVar('SWU_SIGNED')) else ''}" @@ -42,7 +44,9 @@ IMAGE_INSTALL += "${@'swupdate-certificates' if bb.utils.to_boolean(d.getVar('SW IMAGE_SRC_URI:swu = "file://${SWU_DESCRIPTION_FILE}.tmpl" +IMAGE_SRC_URI:swu += "file://${SWU_DESCRIPITION_FILE_BOOTLOADER}.tmpl" IMAGE_TEMPLATE_FILES:swu = "${SWU_DESCRIPTION_FILE}.tmpl" +IMAGE_TEMPLATE_FILES:swu += "${SWU_DESCRIPITION_FILE_BOOTLOADER}.tmpl" IMAGE_TEMPLATE_VARS:swu = " \ SWU_ROOTFS_PARTITION_NAME \ TARGET_IMAGE_UUID \ @@ -53,6 +57,7 @@ IMAGE_TEMPLATE_VARS:swu = " \ SWU_VERSION \ SWU_NAME \ SWU_FILE_NODES \ + SWU_BOOTLOADER_FILE_NODE \ " # Add the bootloader file @@ -94,11 +99,11 @@ python add_swu_compression(){ d.setVar('SWU_COMPRESSION_NODE', '') } -SWU_EXTEND_SW_DESCRIPTION += "${@ 'add_ebg_update' if d.getVar('SWU_EBG_UPDATE') == '1' else ''}" +SWU_EXTEND_SW_DESCRIPTION += "add_ebg_update" python add_ebg_update(){ efi_boot_loader_file = efi_bootloader_name(d) efi_boot_device = d.getVar('SWU_EFI_BOOT_DEVICE') - swu_ebg_update_node = f""", + swu_ebg_update_node = f""" {{ filename = "{efi_boot_loader_file}"; path = "EFI/BOOT/{efi_boot_loader_file}"; @@ -110,7 +115,11 @@ python add_ebg_update(){ }}; }} """ - d.appendVar('SWU_FILE_NODES', swu_ebg_update_node) + + d.setVar('SWU_BOOTLOADER_FILE_NODE', swu_ebg_update_node) + ebg_update = d.getVar('SWU_EBG_UPDATE') or "" + if ebg_update: + d.appendVar('SWU_FILE_NODES', "," + swu_ebg_update_node) d.appendVar('SWU_ADDITIONAL_FILES', " " + efi_boot_loader_file) } @@ -132,46 +141,63 @@ FILESEXTRAPATHS:append = ":${LAYERDIR_cip-core}/recipes-core/images/swu" do_image_swu[depends] += "${PN}:do_transform_template" do_image_swu[stamp-extra-info] = "${DISTRO}-${MACHINE}" -do_image_swu[cleandirs] += "${WORKDIR}/swu" +do_image_swu[cleandirs] += "${WORKDIR}/swu ${WORKDIR}/swu-${SWU_BOOTLOADER}" IMAGE_CMD:swu() { - rm -f '${SWU_IMAGE_FILE}' + rm -f '${DEPLOY_DIR_IMAGE}/${SWU_IMAGE_FILE}'*.swu cp '${WORKDIR}/${SWU_DESCRIPTION_FILE}' '${WORKDIR}/swu/${SWU_DESCRIPTION_FILE}' + if [ -f '${WORKDIR}/${SWU_DESCRIPITION_FILE_BOOTLOADER}' ]; then + cp '${WORKDIR}/${SWU_DESCRIPITION_FILE_BOOTLOADER}' '${WORKDIR}/swu-${SWU_BOOTLOADER}/${SWU_DESCRIPTION_FILE}' + fi - # Create symlinks for files used in the update image - for file in ${SWU_ADDITIONAL_FILES}; do - if [ -e "${WORKDIR}/$file" ]; then - ln -s "${PP_WORK}/$file" "${WORKDIR}/swu/$file" - else - ln -s "${PP_DEPLOY}/$file" "${WORKDIR}/swu/$file" - fi - done - - # Prepare for signing - export sign='${@'x' if bb.utils.to_boolean(d.getVar('SWU_SIGNED')) else ''}' - - imager_run -p -d ${PP_WORK} -u root <<'EOIMAGER' - # Fill in file check sums + for swu_file in "${WORKDIR}"/swu*; do + swu_file_base=$(basename $swu_file) + # Create symlinks for files used in the update image for file in ${SWU_ADDITIONAL_FILES}; do - sed -i "s:$file-sha256:$(sha256sum "${PP_WORK}/swu/"$file | cut -f 1 -d " "):g" \ - "${PP_WORK}/swu/${SWU_DESCRIPTION_FILE}" - done - cd "${PP_WORK}/swu" - for file in "${SWU_DESCRIPTION_FILE}" ${SWU_ADDITIONAL_FILES}; do - # Set file timestamps for reproducible builds - if [ -n "${SOURCE_DATE_EPOCH}" ]; then - touch -d@"${SOURCE_DATE_EPOCH}" "$file" + if grep -q "$file" "${WORKDIR}/$swu_file_base/${SWU_DESCRIPTION_FILE}"; then + if [ -e "${WORKDIR}/$file" ]; then + ln -s "${PP_WORK}/$file" "${WORKDIR}/$swu_file_base/$file" + else + ln -s "${PP_DEPLOY}/$file" "${WORKDIR}/$swu_file_base/$file" + fi fi - echo "$file" - if [ -n "$sign" -a "${SWU_DESCRIPTION_FILE}" = "$file" ]; then - sign-swu "$file" "$file.${SWU_SIGNATURE_EXT}" - # Set file timestamps for reproducible builds - if [ -n "${SOURCE_DATE_EPOCH}" ]; then - touch -d@"${SOURCE_DATE_EPOCH}" "$file.${SWU_SIGNATURE_EXT}" + done + + # Prepare for signing + export sign='${@'x' if bb.utils.to_boolean(d.getVar('SWU_SIGNED')) else ''}' + export swu_file_base + # create a exetension to differ between swus + swu_file_extension="" + if [ "$swu_file_base" != "swu" ]; then + swu_file_extension=${swu_file_base#swu} + fi + export swu_file_extension + imager_run -p -d ${PP_WORK} -u root <<'EOIMAGER' + # Fill in file check sums + for file in ${SWU_ADDITIONAL_FILES}; do + sed -i "s:$file-sha256:$(sha256sum "${PP_WORK}/$swu_file_base/"$file | cut -f 1 -d " "):g" \ + "${PP_WORK}/$swu_file_base/${SWU_DESCRIPTION_FILE}" + done + cd "${PP_WORK}/$swu_file_base" + for file in "${SWU_DESCRIPTION_FILE}" ${SWU_ADDITIONAL_FILES}; do + if [ "$file" = "${SWU_DESCRIPTION_FILE}" ] || \ + grep -q "$file" "${PP_WORK}/$swu_file_base/${SWU_DESCRIPTION_FILE}"; then + # Set file timestamps for reproducible builds + if [ -n "${SOURCE_DATE_EPOCH}" ]; then + touch -d@"${SOURCE_DATE_EPOCH}" "$file" + fi + echo "$file" + if [ -n "$sign" -a "${SWU_DESCRIPTION_FILE}" = "$file" ]; then + sign-swu "$file" "$file.${SWU_SIGNATURE_EXT}" + # Set file timestamps for reproducible builds + if [ -n "${SOURCE_DATE_EPOCH}" ]; then + touch -d@"${SOURCE_DATE_EPOCH}" "$file.${SWU_SIGNATURE_EXT}" + fi + echo "$file.${SWU_SIGNATURE_EXT}" + fi fi - echo "$file.${SWU_SIGNATURE_EXT}" - fi - done | cpio -ovL --reproducible -H crc > "${SWU_BUILDCHROOT_IMAGE_FILE}" + done | cpio -ovL --reproducible -H crc > "${PP_DEPLOY}/${SWU_IMAGE_FILE}$swu_file_extension.swu" EOIMAGER + done } python do_check_swu_partition_uuids() { diff --git a/recipes-core/images/swu/sw-description-ebg.tmpl b/recipes-core/images/swu/sw-description-ebg.tmpl new file mode 100644 index 0000000..c19157c --- /dev/null +++ b/recipes-core/images/swu/sw-description-ebg.tmpl @@ -0,0 +1,17 @@ +# +# CIP Core, generic profile +# +# Copyright (c) Siemens AG, 2024 +# +# Authors: +# Quirin Gylstorff +# +# SPDX-License-Identifier: MIT +# +software = +{ + version = "${SWU_VERSION}"; + name = "${SWU_NAME}"; + ${SWU_HW_COMPAT_NODE} + files: (${SWU_BOOTLOADER_FILE_NODE}); +}