code.ossystems Code Review - openembedded-core.git/commit

wic/bootimg-efi: Add Unified Kernel Image option

"A unified kernel image is a single EFI PE executable combining an EFI
stub loader, a kernel image, an initramfs image, and the kernel command
line.

[...]

Images of this type have the advantage that all metadata and payload
that makes up the boot entry is monopolized in a single PE file that can
be signed cryptographically as one for the purpose of EFI
SecureBoot."[1]

This commit adds a create-unified-kernel-image=true option to the
bootimg-efi plugin for creating a Unified Kernel Image[1] and installing
it into $BOOT/EFI/Linux/ with a .efi extension per the the Boot Loader
Specification[1][2]. This is useful for implementing Secure Boot.

systemd-boot is the only mainstream bootloader implementing the
specification, but GRUB should be able to boot the EFI binary, this
commit however doesn't implement the necessary changes to the GRUB
config generation logic to boot the Unified Kernel Image.

[1] https://systemd.io/BOOT_LOADER_SPECIFICATION/#type-2-efi-unified-kernel-images
[2] https://systemd.io/BOOT_LOADER_SPECIFICATION/

Signed-off-by: Kristian Klausen <kristian@klausen.dk>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

author	Kristian Klausen <kristian@klausen.dk>
	Tue, 28 Sep 2021 12:44:16 +0000 (14:44 +0200)
committer	Richard Purdie <richard.purdie@linuxfoundation.org>
	Fri, 1 Oct 2021 13:52:24 +0000 (14:52 +0100)
commit	b0573f240525df561ddef6e47cb285b217d38487
tree	52639b0a266e1d77c3a8ffbea1ad1577472746dd	tree \| snapshot
parent	be67dc551ca15a6f19855e8e99848aab2a33800d	commit \| diff

meta-selftest/wic/test_efi_plugin.wks	[new file with mode: 0644]	blob
meta/classes/image_types_wic.bbclass		diff \| blob \| history
meta/lib/oeqa/selftest/cases/wic.py		diff \| blob \| history
scripts/lib/wic/plugins/source/bootimg-efi.py		diff \| blob \| history