From mboxrd@z Thu Jan  1 00:00:00 1970
X-GM-THRID: 7243694205603676160
X-Received: by 2002:a05:6a20:2449:b0:10d:5390:eadb with SMTP id t9-20020a056a20244900b0010d5390eadbmr8971185pzc.2.1687241151777;
        Mon, 19 Jun 2023 23:05:51 -0700 (PDT)
X-BeenThere: isar-users@googlegroups.com
Received: by 2002:a62:8607:0:b0:668:724f:4652 with SMTP id x7-20020a628607000000b00668724f4652ls2582872pfd.1.-pod-prod-08-us;
 Mon, 19 Jun 2023 23:05:51 -0700 (PDT)
X-Google-Smtp-Source: ACHHUZ7nr8CnrCF5ooAbyUKmAFeecfFWhF63scxbC8NGGspxOAxitfygc7nURA36qf9BpIWSH5RZ
X-Received: by 2002:a05:6a20:8f17:b0:11f:66a0:c9d1 with SMTP id b23-20020a056a208f1700b0011f66a0c9d1mr13239453pzk.46.1687241150971;
        Mon, 19 Jun 2023 23:05:50 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1687241150; cv=none;
        d=google.com; s=arc-20160816;
        b=MA8ZoOwcRsNgNbxK8dLg99EVanT5zaGpgKNIHLZP+jOLY19A9tnFEFoWUnNznUS5bo
         6d01X4ZXcXl6JDUCvZp+m0F655oIyu3GjDDy23OHkyrSm7PWnZz8WRb89vSt6g5N4Af/
         c4lcR1d/J/CHEB/hz3QWOM2NxH8NtwpiyGTRqS5pl7mow70Fw8jsn+IqcsEIpTsGaDvJ
         snQ7hUxMEGHFp8FdT0v8JVoHHSoMcaGr3U/QHks6xzgNMXzU7J/j40quStqgBlAiwjRG
         IejFj56q/+6rioy/FWUYsSzH9KHtHGKB5Vu2WnTbc1Eangf8aBKnAAESnWf7yIh8/8fz
         pukQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from;
        bh=PDZZogcKhbaAIOC5W9XJEoY/wFvsRoYkfZMfZdqVegw=;
        b=SoN+MMs+PGlRZVPsKecS6/KYXYYfBPHFWvIPJUq7ULHGZxb1SVoyd+c4TDCdSY5usT
         gBTqNRrK7mRNByoGggc4PW6/obD10AJTUaCSvbuh+VKXFH3e++BSsl3z+2j3fZVOJ+sp
         xDj/K0mfnlWK3q8K16dyl0lSjXCR3/hdqwYg80sSFNHxN/O1VsD77WJUuh4p+iDHfLGB
         OLttcST1X7uhAoceAZj8RZZMOMukIOOodW016hZ8zq8OgIeIq1agIvmR3CLl0pTMt45g
         QgxgFuMXlKqcWqXxPCUf23pYRZ4qSrgPkMsC3CL98xcavpRAuiqfd+68cr1mLzmYlxbG
         s6eA==
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       spf=pass (google.com: domain of ubely@ilbers.de designates 85.214.156.166 as permitted sender) smtp.mailfrom=ubely@ilbers.de
Return-Path: <ubely@ilbers.de>
Received: from shymkent.ilbers.de (shymkent.ilbers.de. [85.214.156.166])
        by gmr-mx.google.com with ESMTPS id h12-20020a056a00230c00b006574abc962bsi71646pfh.0.2023.06.19.23.05.50
        for <isar-users@googlegroups.com>
        (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256);
        Mon, 19 Jun 2023 23:05:50 -0700 (PDT)
Received-SPF: pass (google.com: domain of ubely@ilbers.de designates 85.214.156.166 as permitted sender) client-ip=85.214.156.166;
Authentication-Results: gmr-mx.google.com;
       spf=pass (google.com: domain of ubely@ilbers.de designates 85.214.156.166 as permitted sender) smtp.mailfrom=ubely@ilbers.de
Received: from baighyz.m.ilbers.de (host-80-81-17-52.static.customer.m-online.net [80.81.17.52])
	(authenticated bits=0)
	by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPSA id 35K65iY4027569
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT)
	for <isar-users@googlegroups.com>; Tue, 20 Jun 2023 08:05:48 +0200
From: Uladzimir Bely <ubely@ilbers.de>
To: isar-users@googlegroups.com
Subject: [PATCH v4 09/12] meta-isar: Remove qemuamd64-sb settings from multiconfig
Date: Tue, 20 Jun 2023 08:05:41 +0200
Message-Id: <20230620060544.19745-10-ubely@ilbers.de>
X-Mailer: git-send-email 2.20.1
In-Reply-To: <20230620060544.19745-1-ubely@ilbers.de>
References: <20230620060544.19745-1-ubely@ilbers.de>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED
	autolearn=unavailable autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de
X-TUID: FwkrwxhG6q/B

From: Anton Mikanovich <amikan@ilbers.de>

Machine-related configuration should be done in machine config, so move
it from multiconfig.

Also move example-module variant selection to local.conf.sample in order
not to be applied if we don't want to install example-module.

Signed-off-by: Anton Mikanovich <amikan@ilbers.de>
Signed-off-by: Uladzimir Bely <ubely@ilbers.de>
---
 meta-isar/conf/local.conf.sample                      |  5 +++++
 meta-isar/conf/machine/qemuamd64-sb.conf              |  7 +++++++
 meta-isar/conf/multiconfig/qemuamd64-sb-bullseye.conf | 11 +----------
 meta-test/conf/local.conf.sample                      |  4 ++++
 4 files changed, 17 insertions(+), 10 deletions(-)

diff --git a/meta-isar/conf/local.conf.sample b/meta-isar/conf/local.conf.sample
index c5d50931..c7820bdf 100644
--- a/meta-isar/conf/local.conf.sample
+++ b/meta-isar/conf/local.conf.sample
@@ -197,6 +197,11 @@ CONF_VERSION = "1"
 # The default list of extra packages to be installed.
 IMAGE_INSTALL = "hello-isar example-raw example-module-${KERNEL_NAME} enable-fsck isar-exclude-docs samefile hello isar-disable-apt-cache cowsay example-prebuilt"
 
+#
+# Machines with secure boot should use signed modules.
+IMAGE_INSTALL:remove:qemuamd64-sb = "example-module-${KERNEL_NAME}"
+IMAGE_INSTALL:append:qemuamd64-sb = "example-module-signed-${KERNEL_NAME}"
+
 #
 # Enable cross-compilation support
 ISAR_CROSS_COMPILE ?= "0"
diff --git a/meta-isar/conf/machine/qemuamd64-sb.conf b/meta-isar/conf/machine/qemuamd64-sb.conf
index 84ef89eb..315f5c00 100644
--- a/meta-isar/conf/machine/qemuamd64-sb.conf
+++ b/meta-isar/conf/machine/qemuamd64-sb.conf
@@ -9,6 +9,13 @@ IMAGE_FSTYPES ?= "wic"
 WKS_FILE ?= "sdimage-efi-sb-debian"
 IMAGER_INSTALL += "${GRUB_DEBIAN_SB_CHAIN}"
 
+# include public keys
+IMAGE_INSTALL += "sb-mok-public"
+
+# add MOK utilities to insert MOK into EFI
+IMAGER_INSTALL += "${GRUB_DEBIAN_SB_MOK}"
+IMAGE_PREINSTALL += "mokutil"
+
 QEMU_ARCH ?= "x86_64"
 QEMU_MACHINE ?= "q35"
 QEMU_CPU ?= ""
diff --git a/meta-isar/conf/multiconfig/qemuamd64-sb-bullseye.conf b/meta-isar/conf/multiconfig/qemuamd64-sb-bullseye.conf
index edfcf70b..85ce3a65 100644
--- a/meta-isar/conf/multiconfig/qemuamd64-sb-bullseye.conf
+++ b/meta-isar/conf/multiconfig/qemuamd64-sb-bullseye.conf
@@ -1,13 +1,4 @@
 # This software is a part of ISAR.
+
 MACHINE ?= "qemuamd64-sb"
 DISTRO ?= "debian-bullseye"
-
-# include public keys
-IMAGE_INSTALL += "sb-mok-public"
-# remove unsigned example module and include signed example module
-IMAGE_INSTALL:remove = "example-module-${KERNEL_NAME}"
-IMAGE_INSTALL += "example-module-signed-${KERNEL_NAME}"
-
-# add MOK utilities to insert MOK into EFI
-IMAGER_INSTALL += "${GRUB_DEBIAN_SB_MOK}"
-IMAGE_PREINSTALL += "mokutil"
diff --git a/meta-test/conf/local.conf.sample b/meta-test/conf/local.conf.sample
index ed569c5c..a3280a5d 100644
--- a/meta-test/conf/local.conf.sample
+++ b/meta-test/conf/local.conf.sample
@@ -75,6 +75,10 @@ MIRRORS += "https?://cdn\.kernel\.org/.* https://mirrors.edge.kernel.org/PATH"
 # The default list of extra packages
 IMAGE_INSTALL = "hello-isar example-raw example-module-${KERNEL_NAME} enable-fsck isar-exclude-docs samefile hello isar-disable-apt-cache cowsay example-prebuilt"
 
+# Machines with secure boot should use signed modules
+IMAGE_INSTALL:remove:qemuamd64-sb = "example-module-${KERNEL_NAME}"
+IMAGE_INSTALL:append:qemuamd64-sb = "example-module-signed-${KERNEL_NAME}"
+
 # Users and groups
 USERS += "root"
 USER_root[password] ??= "$6$rounds=10000$RXeWrnFmkY$DtuS/OmsAS2cCEDo0BF5qQsizIrq6jPgXnwv3PHqREJeKd1sXdHX/ayQtuQWVDHe0KIO0/sVH8dvQm1KthF0d/"
-- 
2.20.1