From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 7180261367669063680 X-Received: by 2002:a05:6512:159c:b0:4b5:8c7a:d5db with SMTP id bp28-20020a056512159c00b004b58c7ad5dbmr542628lfb.348.1671784892931; Fri, 23 Dec 2022 00:41:32 -0800 (PST) X-BeenThere: isar-users@googlegroups.com Received: by 2002:ac2:4e8a:0:b0:4c8:8384:83f3 with SMTP id o10-20020ac24e8a000000b004c8838483f3ls126712lfr.3.-pod-prod-gmail; Fri, 23 Dec 2022 00:41:30 -0800 (PST) X-Google-Smtp-Source: AMrXdXtOQr79P50s/wgwoRvF0oyxOTE+R/AdXMXLMmE1+7Y5sjPfJBxdCHzc8qS9y3FuyOo12AD4 X-Received: by 2002:ac2:5327:0:b0:4b6:e64c:aec1 with SMTP id f7-20020ac25327000000b004b6e64caec1mr2131370lfh.53.1671784890485; Fri, 23 Dec 2022 00:41:30 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1671784890; cv=none; d=google.com; s=arc-20160816; b=FTyXQM82P/7fgH3NpO+zIcedqpZmkuqKC4S3ZNBgFGKgQ+KKXN1YvOK1H78Cfyi6bb 1vRV7Gu28Bd9ioIfwEOoFiWuDWWdawl8nkA/3mGAQKx/QdBYS6YtOHZGeZVO3Ead8Aad NrWEsNviXOLj6yWJkB6PZ5avKwGE7IjFkqWJRY8lsTYxduw8pC1/RAzJGMKhCSCWT7NP YDrMVczIVFEmcXUw4Ul1wW4s1zr0aqTaSwR/17+Ya4ZmXsZXQcb5Nj4/d4IWJzSpYmO+ mTa9RENwR7Q1bvI/uXdqs8QJgLWMsN/chK/FTouoB6Y4TfTecrY5Qr9BmPYF9KjE+Fg4 lShg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=feedback-id:content-transfer-encoding:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=3TNyJmDtP3E34DNZQQ6IP69WxcE/9TXC7XgdyIIiLFE=; b=M4TuaVxfDwnmiR5UXXBq+1THnmq0mtgFMAvFV1nJVv9tUEQdE9rgkUZNqDMjTYSaBV DwJUoVvVp/QwMFepu8GgiNGhfgxuEE1gzANKuWGmDA0fNsnWa6cpba8mwTEqr7mziTlf lWSYtN5b3zlwKGAPV6zzrK5o8puLn4l7kjnVONQqNjoA+gJdG7Ub5n0nDylLiUC6MBZd 6qErxrHSc213HOeJ89HQR4untAWFgmVilCreKvgjU17FikT1QGdTPCc/KLKZzEchEx64 teNB6OYeEmBAaFPVSmwz36EaX9pBvofnBcJVC9xoyc38G6Lw2t9UtfbHvxo94JNeSuYQ ZzOQ== ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm1 header.b=Uv+dJVwa; spf=pass (google.com: domain of fm-72506-20221223084129c458623e2b75c3e4b8-kyek2p@rts-flowmailer.siemens.com designates 185.136.64.227 as permitted sender) smtp.mailfrom=fm-72506-20221223084129c458623e2b75c3e4b8-KyeK2p@rts-flowmailer.siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Return-Path: Received: from mta-64-227.siemens.flowmailer.net (mta-64-227.siemens.flowmailer.net. [185.136.64.227]) by gmr-mx.google.com with ESMTPS id g2-20020a056512118200b0048b38f379d7si150688lfr.0.2022.12.23.00.41.30 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 23 Dec 2022 00:41:30 -0800 (PST) Received-SPF: pass (google.com: domain of fm-72506-20221223084129c458623e2b75c3e4b8-kyek2p@rts-flowmailer.siemens.com designates 185.136.64.227 as permitted sender) client-ip=185.136.64.227; Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm1 header.b=Uv+dJVwa; spf=pass (google.com: domain of fm-72506-20221223084129c458623e2b75c3e4b8-kyek2p@rts-flowmailer.siemens.com designates 185.136.64.227 as permitted sender) smtp.mailfrom=fm-72506-20221223084129c458623e2b75c3e4b8-KyeK2p@rts-flowmailer.siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Received: by mta-64-227.siemens.flowmailer.net with ESMTPSA id 20221223084129c458623e2b75c3e4b8 for ; Fri, 23 Dec 2022 09:41:29 +0100 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=fm1; d=siemens.com; i=felix.moessbauer@siemens.com; h=Date:From:Subject:To:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding:Cc:References:In-Reply-To; bh=3TNyJmDtP3E34DNZQQ6IP69WxcE/9TXC7XgdyIIiLFE=; b=Uv+dJVwaGe8y3Fl4Id+9oaOo1l1U/USsJnUi05YkaAIuQw0Cjd8/jtS/WifpvyTNZJw3d2 6byEEOm4y/bMECzEECXZoImS9JstnZQdQkz83D498XTrmprEbSAT3bpPYaN4PNHO0qz5HZZw 6lgZNiZDo3cDOTg1aREX0/RjM2Aew=; From: Felix Moessbauer To: isar-users@googlegroups.com Cc: tobias.preclik@siemens.com, christian.storm@siemens.com, Felix Moessbauer Subject: [PATCH 03/10] add example wic file for sb debian boot chain Date: Fri, 23 Dec 2022 08:40:51 +0000 Message-Id: <20221223084058.1899957-4-felix.moessbauer@siemens.com> In-Reply-To: <20221223084058.1899957-1-felix.moessbauer@siemens.com> References: <20221223084058.1899957-1-felix.moessbauer@siemens.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-72506:519-21489:flowmailer X-TUID: HTIbefWhOj9i This patch adds an example WKS file to show how to use the secure boot debian boot chain. Signed-off-by: Felix Moessbauer --- .../lib/wic/canned-wks/sdimage-efi-sb-debian.wks | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 meta-isar/scripts/lib/wic/canned-wks/sdimage-efi-sb-debian.wks diff --git a/meta-isar/scripts/lib/wic/canned-wks/sdimage-efi-sb-debian.wks b/meta-isar/scripts/lib/wic/canned-wks/sdimage-efi-sb-debian.wks new file mode 100644 index 0000000..cd99ebc --- /dev/null +++ b/meta-isar/scripts/lib/wic/canned-wks/sdimage-efi-sb-debian.wks @@ -0,0 +1,10 @@ +# short-description: Create an EFI disk image using the debian secure boot chain +# long-description: Creates a partitioned EFI disk image without any swap that +# can be bootet on any UEFI with secure boot enabled and MS keys enrolled. +# Note, that this only works with grub and on amd64 + +part /boot --source bootimg-efi-isar --sourceparams "loader=grub-efi,use-debian-sb-stub=true" --ondisk sda --label efi --part-type EF00 --align 1024 + +part / --source rootfs --ondisk sda --fstype ext4 --mkfs-extraopts "-T default" --label platform --align 1024 --use-uuid --exclude-path boot/ + +bootloader --ptable gpt --timeout 3 --append "rootwait console=ttyS0,115200 console=tty0" -- 2.34.1