On 11.04.22 09:43, Jan Kiszka wrote: > Changes in v3: > - address/suppress cppcheck findings > - add required build dependency on version.h > - address pycodestyle findings > - add documentation > > Changes in v2: > - fix script for more picky UEFI firmware than U-Boot (now tested also > against OVMF on x86) > - move/rename script to tools/bg_gen_unified_linux and install it > - build fixes under Debian 10 > - avoid dtb-related output of stub under x86 > > Add a stub and generator script to build inified Linux images that > contain kernel, command line, initrd and device trees into a single UEFI > executable. This is an important building block for secure boot under > UEFI. > > In contrast to the existing solution by systemd, this one comes with > support for multiple device trees that permits running the same image > on similar but not identical hardware platforms. Although the trend goes > towards firmware provided device tree, replacements in lock-step with > kernel updates will remains important in the foreseeable future, and > this stub accounts for it. > > Furthermore, this approach here has a more user-friendly python-based > generator script which does not depend on too-new binutils or LLVM > versions and allows to simplify the Linux stub by arranging data in the > required way already during generation.
Just realized that the corresponding generator script for systemd is dracut --uefi. But that one has the same binutils dependency as it simply wraps the objcopy call. > > These patches have been moderately tested only, primarily on ARM64. The > next planned step is a test integration with isar-cip-core. Still, > reviews would already be welcome. I should have dropped that paragraph: The code is not pretty well tested, specifically using [1]. One thing I'm not yet sure about is a naming. I used "unified Linux image" fairly consistently here while systemd talks about "unified kernel image". I wanted to make the Linux focus clearer and the fact that it's at least internally not the same (different interface between generator and stub). OTOH, "unified kernel image" might already be an established term for the result you get and boot. Thoughts? Jan [1] https://gitlab.com/cip-project/cip-core/isar-cip-core/-/commits/jan/ebg-rework -- Siemens AG, Technology Competence Center Embedded Linux -- You received this message because you are subscribed to the Google Groups "EFI Boot Guard" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/efibootguard-dev/740b4cdb-c7d5-1fd0-65f1-8804cdfa9ab2%40siemens.com.
