From a66a367e9656f0f4e2f9e9f8932714cf9bee1725 Mon Sep 17 00:00:00 2001 From: Alexandru Avadanii Date: Sun, 21 Mar 2021 18:15:52 +0100 Subject: classes/override_grub* sync with upstream renames While at it, replace some hardcoded p7b extenstions with ${SB_FILE_EXT} and vmlinuz references with the appropiate variable (upstream no longer renames bzImage to vmlinuz in ISO root after [1]). [1] https://git.yoctoproject.org/cgit.cgi/poky/commit/?id=b6e36c01977 Change-Id: I5ce414a2f281ff2f1aeb0e26f35608cd8750855d Signed-off-by: Alexandru Avadanii Signed-off-by: Adrian Dudau --- classes/override_live-vm-common.inc | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 classes/override_live-vm-common.inc (limited to 'classes/override_live-vm-common.inc') diff --git a/classes/override_live-vm-common.inc b/classes/override_live-vm-common.inc new file mode 100644 index 0000000..dc8e076 --- /dev/null +++ b/classes/override_live-vm-common.inc @@ -0,0 +1,29 @@ +# efi_populate_common DEST BOOTLOADER +efi_populate_common() { + # DEST must be the root of the image so that EFIDIR is not + # nested under a top level directory. + DEST=$1 + + install -d ${DEST}${EFIDIR} + + ## ENEA_start ## + # install -m 0644 ${DEPLOY_DIR_IMAGE}/$2-${EFI_BOOT_IMAGE} ${DEST}${EFIDIR}/${EFI_BOOT_IMAGE} + ## ENEA_end ## + + EFIPATH=$(echo "${EFIDIR}" | sed 's/\//\\/g') + printf 'fs0:%s\%s\n' "$EFIPATH" "${EFI_BOOT_IMAGE}" >${DEST}/startup.nsh + + ## ENEA_start ## + # Install EFI binaries + install -m 0644 ${IMAGE_ROOTFS}/boot/efi${EFIDIR}/*.* ${DEST}${EFIDIR} + + # Install kernel and initramfs sig + install -m 0644 ${DEPLOY_DIR_IMAGE}/${KERNEL_IMAGETYPE}${SB_FILE_EXT} ${DEST}/${KERNEL_IMAGETYPE}${SB_FILE_EXT} + install -m 0644 ${INITRD_LIVE}${SB_FILE_EXT} ${DEST}/initrd${SB_FILE_EXT} + + # Install UEFI keys + install -d ${DEST}/uefi_sb_keys + install -m 0644 ${DEPLOY_DIR_IMAGE}/user-keys/uefi_sb_keys/*.crt ${DEST}/uefi_sb_keys/ + install -m 0644 ${DEPLOY_DIR_IMAGE}/user-keys/uefi_sb_keys/*.esl ${DEST}/uefi_sb_keys/ + ## ENEA_end ## +} -- cgit v1.2.3-54-g00ecf From 20e1f95b49cb2dfb321b770b260b0d82d49fe699 Mon Sep 17 00:00:00 2001 From: Alexandru Avadanii Date: Mon, 26 Apr 2021 14:03:43 +0200 Subject: grub: Fix duplicate/unused grubx64.efi, cleanup 1. EFI_PREFIX: Fix duplicate grubx64.efi binaries by aligning paths: * by default, upstream meta-oe and meta-secure-core both install grubx64.efi, but in different locations (/boot/EFI/BOOT vs /boot/efi/EFI/BOOT) unless we explicitely override some vars to align the 2 paths; use the old behavior (/boot/efi/EFI/BOOT), as meta-secure-core has multiple recipes that reference it, while meta-oe allows changing the path via a single var override; * note that in an OSTree deployment, these paths don't even exist on target, we explicity install grubx64.efi during Enea Edge installation by copying grubx64.efi from /EFI/BOOT in hddimg; 2. live-vm-common: use ${EFI_FILES_PATH} instead of hardcoding it; 3. core-image-minimal-initramfs, enea-nfv-access: Blacklist grub-common-extras package on x86-64 machines if OSTree is used; Depends-On: I703b53fd09c5ed75731375414f3e711ec3dadc3e Change-Id: I3735bc004ece62f94172108f2e7ed4596942deea Signed-off-by: Alexandru Avadanii --- classes/override_live-vm-common.inc | 2 +- conf/distro/eneanfvaccess.conf | 2 ++ images/core-image-minimal-initramfs.bbappend | 2 ++ images/enea-nfv-access-common.inc | 2 ++ 4 files changed, 7 insertions(+), 1 deletion(-) (limited to 'classes/override_live-vm-common.inc') diff --git a/classes/override_live-vm-common.inc b/classes/override_live-vm-common.inc index dc8e076..6fabbf0 100644 --- a/classes/override_live-vm-common.inc +++ b/classes/override_live-vm-common.inc @@ -15,7 +15,7 @@ efi_populate_common() { ## ENEA_start ## # Install EFI binaries - install -m 0644 ${IMAGE_ROOTFS}/boot/efi${EFIDIR}/*.* ${DEST}${EFIDIR} + install -m 0644 ${IMAGE_ROOTFS}${EFI_FILES_PATH}/*.* ${DEST}${EFIDIR} # Install kernel and initramfs sig install -m 0644 ${DEPLOY_DIR_IMAGE}/${KERNEL_IMAGETYPE}${SB_FILE_EXT} ${DEST}/${KERNEL_IMAGETYPE}${SB_FILE_EXT} diff --git a/conf/distro/eneanfvaccess.conf b/conf/distro/eneanfvaccess.conf index c31363d..2c81393 100644 --- a/conf/distro/eneanfvaccess.conf +++ b/conf/distro/eneanfvaccess.conf @@ -15,6 +15,8 @@ PREFERRED_PROVIDER_virtual/java-initial-native = "cacao-initial-native" PREFERRED_PROVIDER_virtual/java-native = "jamvm-native" PREFERRED_PROVIDER_virtual/javac-native = "ecj-bootstrap-native" +# Override ESP mount path set by meta/conf/image-uefi.conf to align with meta-secure-core paths +EFI_PREFIX_df-efi-secure-boot = "/boot/efi" SBFOLDER = "bootloader" HOSTTOOLS_append = " scp" diff --git a/images/core-image-minimal-initramfs.bbappend b/images/core-image-minimal-initramfs.bbappend index 5512158..013463a 100644 --- a/images/core-image-minimal-initramfs.bbappend +++ b/images/core-image-minimal-initramfs.bbappend @@ -7,6 +7,8 @@ PACKAGE_INSTALL_append_sota = " ostree-switchroot" # run-postinsts does not belong in the minimal initramfs PACKAGE_INSTALL_remove = "run-postinsts" +PACKAGE_EXCLUDE_x86-64_sota += "grub-common-extras" + create_enea_symlink() { # enea image used in bare metal installation cd ${DEPLOY_DIR_IMAGE} diff --git a/images/enea-nfv-access-common.inc b/images/enea-nfv-access-common.inc index df93026..2a7a8c6 100644 --- a/images/enea-nfv-access-common.inc +++ b/images/enea-nfv-access-common.inc @@ -10,6 +10,8 @@ IMAGE_INSTALL += " \ # run-postinsts duplicates dpkg-configure if package_deb is used PACKAGE_INSTALL_remove = "${@bb.utils.contains('PACKAGE_CLASSES', 'package_deb', 'run-postinsts', '', d)}" +PACKAGE_EXCLUDE_x86-64_sota += "grub-common-extras" + # After installing packages inside the rootfs, remove backup DPKG status file rootfs_postinstall_dpkg_cleanup () { if ${@bb.utils.contains('PACKAGE_CLASSES', 'package_deb', 'true', 'false', d)}; then -- cgit v1.2.3-54-g00ecf From 580595398d36da3cde87046b3b03b9c2c3831249 Mon Sep 17 00:00:00 2001 From: Alexandru Avadanii Date: Mon, 26 Apr 2021 14:04:04 +0200 Subject: OSTree /boot dir: Remove unused artifacts OSTree handles the contents of /boot separately from the rest of the filesystem, see [1]. By default, upstream yocto rootfs generation stores the following artifacts in /boot: - kernel-image (bzImage) as /boot/bzImage-...; - multiple packages that deploy grub.cfg, grubenv and EFI binaries: * dpkg -S /boot/efi/EFI/BOOT shim, seloader, ovmf-pkcs7-efi, grub-efi, grub-bootconf, efitools However, none of these are ever used in Enea Edge, due to the way our initial installation and subsequent upgrade work: * live image building copies the kernel image from yocto deploy dir, EFI binaries from rootfs /boot (this patch changes this to also copy from the yocto deploy dir "bootloader" dir for uniformity) to the root of the hddimg image; * Enea Edge Installer (via utils.sh) creates the ESP partition and copies all artifacts from hddimg to ESP under /EFI/BOOT [2]; * (currently) subsequent upgrades do _not_ update the contents of the ESP /EFI/BOOT directory after initial installation; * subsequent upgrades copy the kernel and ostree-initramfs from OSTree rootfs (from /usr/lib/modules where ostree-kernel package resides) to the ESP for SELoader validation; This flow leaves unused (duplicate) artifacts in the following path: /ostree/boot.x/poky//0/boot/ While the kernel-image package can be omitted from installation, since ostree-kernel package already installs the same binaries in /usr/lib/modules (where OSTree will look for it), the rest of the packages (shim, seloader etc.) also install other files to the rootfs (e.g. CLI tools) and/or are used by the live image (hddimg) build process as sources when copying said artifacts to the hddimg image; so we can't simply skip installing them inside the rootfs. Also, we want non-SOTA artifacts (e.g. rootfs.ext4) to still contain these artifacts. So the only sensible solution to avoiding confusion and removing unused artifacts from OSTree images is to remove them right before creating the OSTree image. While at it, add some ENEA-specific comment markers to our prepend/ append fragments to make them stand out. [1] https://github.com/ostreedev/ostree/blob/v2020.8/docs/\ atomic-upgrades.md#the-ostreeboot-directory [2] http://sestogerrit02/cgit/linux/meta-enea-virtualization.git/tree/ recipes-enea/nfv-installer/nfv-installer/utils.sh?h=rocko#n230 Change-Id: I470c1c3d19f301cae4b8fbe184aa2906d4a25ddf Signed-off-by: Alexandru Avadanii --- classes/override_live-vm-common.inc | 2 +- images/enea-nfv-access-host-common.inc | 18 ++++++++++++++++++ 2 files changed, 19 insertions(+), 1 deletion(-) (limited to 'classes/override_live-vm-common.inc') diff --git a/classes/override_live-vm-common.inc b/classes/override_live-vm-common.inc index 6fabbf0..3ac92b9 100644 --- a/classes/override_live-vm-common.inc +++ b/classes/override_live-vm-common.inc @@ -15,7 +15,7 @@ efi_populate_common() { ## ENEA_start ## # Install EFI binaries - install -m 0644 ${IMAGE_ROOTFS}${EFI_FILES_PATH}/*.* ${DEST}${EFIDIR} + install -m 0644 ${DEPLOY_DIR_IMAGE}/${SBFOLDER}/*.efi ${DEST}${EFIDIR} # Install kernel and initramfs sig install -m 0644 ${DEPLOY_DIR_IMAGE}/${KERNEL_IMAGETYPE}${SB_FILE_EXT} ${DEST}/${KERNEL_IMAGETYPE}${SB_FILE_EXT} diff --git a/images/enea-nfv-access-host-common.inc b/images/enea-nfv-access-host-common.inc index 8d1a5ff..a8c984f 100644 --- a/images/enea-nfv-access-host-common.inc +++ b/images/enea-nfv-access-host-common.inc @@ -30,12 +30,15 @@ AUTO_SYSLINUXMENU_x86-64 = "0" # If building with sota enabled, build the otaimg before the hddimg, because # the hddimg needs it as a base image python __anonymous() { + ## ENEA_start ## if bb.utils.contains('DISTRO_FEATURES', 'sota', True, False, d): d.appendVarFlag("do_bootimg", "depends", " %s:do_image_ota_ext4" % d.getVar("IMAGE_BASENAME", True)) + ## ENEA_end ## } # Append OSTree specific parameters to the kernel command line before creating the live image python do_bootimg_prepend () { + ## ENEA_start ## if bb.utils.contains('DISTRO_FEATURES', 'sota', True, False, d): ostree_osname = d.getVar('OSTREE_OSNAME') checksum = bb.utils.sha256_file(d.getVar('DEPLOY_DIR_IMAGE') + "/" + d.getVar('OSTREE_KERNEL')) @@ -44,18 +47,32 @@ python do_bootimg_prepend () { ostree_params = " ostree=/ostree/boot.1/" + ostree_osname + "/" + checksum + "/0" d.setVar("APPEND", d.getVar("APPEND") + ostree_params) + ## ENEA_end ## } # Before building the OSTree image, move DPKG data to /usr/dpkg, because # OSTree does not preserve the contents of /var IMAGE_CMD_ostree_prepend () { + ## ENEA_start ## + # Note: We do configure DPKG admindir at build time, but we can't do the same for APT since + # yocto hardcodes /var/lib/dpkg paths in various places in OE-core, which we can't override, + # so instead we move the contents to their expected location here and configure apt at runtime + # via a configuration fragment to use the new location. mkdir -p usr/dpkg/lib/dpkg if [ "$(ls -A var/lib/dpkg)" ]; then mv var/lib/dpkg/* usr/dpkg/lib/dpkg/ fi + # In Enea Edge, the EFI binaries (shim, seloader etc.) are copied from the yocto deploy dir to + # the installation image (hddimg) - see "classes/override_live-vm-common.inc" in this repo; + # and during Enea Edge installation (via utils.sh) from hddimg to the destination disk. + # Files installed by the package manager end up under OSTree /boot hardlink tree, but are + # never actually used. To avoid confusion and save some resources, clean them up. + rm -rf boot/* + ## ENEA_end ## } IMAGE_CMD_ota_prepend () { + ## ENEA_start ## if [ "${OSTREE_BOOTLOADER}" = "grub" ]; then # Upstream bbclass creates /boot/grub2, complement it with /boot/grub # Note: /boot/grub2 is a dir with /boot/grub2/grub.cfg -> ../loader/grub.cfg symlink @@ -63,4 +80,5 @@ IMAGE_CMD_ota_prepend () { mkdir -p ${OTA_SYSROOT}/boot ln -s loader ${OTA_SYSROOT}/boot/grub fi + ## ENEA_end ## } -- cgit v1.2.3-54-g00ecf