[PATCH 1/3] Migration from start_vm to start_vm.py

public inbox for isar-users@googlegroups.com
 help / color / mirror / Atom feed

From: Ilia Skochilov <iskochilov@ilbers.de>
To: isar-users@googlegroups.com
Cc: Ilia Skochilov <iskochilov@ilbers.de>
Subject: [PATCH 1/3] Migration from start_vm to start_vm.py
Date: Thu,  1 Feb 2024 06:58:43 +0000	[thread overview]
Message-ID: <20240201065844.1669957-2-iskochilov@ilbers.de> (raw)
In-Reply-To: <20240201065844.1669957-1-iskochilov@ilbers.de>

start_vm.py: Add support for the secureboot option. Option --secureboot (-s)
enables secureboot with default MS keys for amd64-sb as -a option.

isar-buildenv-internal: adds ISARROOT/testsuite to $PATH.

user_manual.md, README.md: Update. Describe how to start a QEMU instance
with start_vm.py.

Signed-off-by: Ilia Skochilov <iskochilov@ilbers.de>
---
 README.md                      |  2 +-
 doc/user_manual.md             |  2 +-
 scripts/isar-buildenv-internal |  2 +-
 testsuite/start_vm.py          | 31 ++++++++++++++++++++++++++-----
 4 files changed, 29 insertions(+), 8 deletions(-)

diff --git a/README.md b/README.md
index f549aa9..881182a 100644
--- a/README.md
+++ b/README.md
@@ -19,7 +19,7 @@ for the instructions.
 
 To test the QEMU image, run the following command:
 
-        $ start_vm -a <arch of your build> -d <distro of your build>
+        $ start_vm.py -a <arch of your build> -d <distro of your build>
 
 Ex: Architecture of your build could be arm,arm64,i386,amd64,etc.
     Distribution of your build could be buster,bullseye,bookworm,etc.
diff --git a/doc/user_manual.md b/doc/user_manual.md
index 2eb9764..056a446 100644
--- a/doc/user_manual.md
+++ b/doc/user_manual.md
@@ -1021,7 +1021,7 @@ bitbake mc:qemuamd64-sb-bullseye:isar-image-base
 **Start the image:** (consider adding `-enable-kvm` to get some decent performance):
 
 ```bash
-start_vm -a amd64-sb -d bullseye -s
+start_vm.py -a amd64-sb -d bullseye -s
 ```
 
 **Check if SB is actually enabled (detected):**
diff --git a/scripts/isar-buildenv-internal b/scripts/isar-buildenv-internal
index 1f609a5..1379f90 100755
--- a/scripts/isar-buildenv-internal
+++ b/scripts/isar-buildenv-internal
@@ -63,7 +63,7 @@ export BITBAKEDIR="${ISARROOT}/bitbake"
 export SCRIPTSDIR="${ISARROOT}/scripts"
 export TESTSUITEDIR="${ISARROOT}/testsuite"
 
-for newpath in "$BITBAKEDIR/bin" "$SCRIPTSDIR"; do
+for newpath in "$BITBAKEDIR/bin" "$SCRIPTSDIR" "$ISARROOT/testsuite"; do
     # Remove any existences of $newpath from $PATH
     PATH=$(echo $PATH | sed -re "s#(^|:)$newpath(:|$)#\2#g;s#^:##")
 
diff --git a/testsuite/start_vm.py b/testsuite/start_vm.py
index ef0dfbc..a7c91e0 100755
--- a/testsuite/start_vm.py
+++ b/testsuite/start_vm.py
@@ -22,12 +22,17 @@ def get_bitbake_var(output, var):
             ret = line.split('"')[1]
     return ret
 
-def format_qemu_cmdline(arch, build, distro, image, out, pid, enforce_pcbios=False):
+def format_qemu_cmdline(arch, build, distro, image, out, pid, enforce_pcbios=False, secureboot=False):
     bb_output = get_bitbake_env(arch, distro, image).decode()
 
     extra_args = ''
     cpu = ['']
 
+    if secureboot and arch != 'amd64-sb':
+        raise ValueError('Invalid arch. Secureboot is only supported by amd64-sb')
+    if arch == 'amd64-sb' and not secureboot:
+        raise ValueError('amd64-sb is only compatible with the secureboot option enabled')
+
     image_type = get_bitbake_var(bb_output, 'IMAGE_FSTYPES').split()[0]
     deploy_dir_image = get_bitbake_var(bb_output, 'DEPLOY_DIR_IMAGE')
     base = 'ubuntu' if distro in ['jammy', 'focal'] else 'debian'
@@ -67,6 +72,10 @@ def format_qemu_cmdline(arch, build, distro, image, out, pid, enforce_pcbios=Fal
         extra_args.extend(['-pidfile', pid])
 
     qemu_disk_args = qemu_disk_args.replace('##ROOTFS_IMAGE##', deploy_dir_image + '/' + rootfs_image).split()
+
+    if secureboot:
+        qemu_disk_args.extend(['-drive', f'if=pflash,format=raw,unit=1,file="OVMF_VARS_4M.ms.fd"'])
+
     if enforce_pcbios and '-bios' in qemu_disk_args:
         bios_idx = qemu_disk_args.index('-bios')
         del qemu_disk_args[bios_idx : bios_idx+2]
@@ -91,22 +100,34 @@ def format_qemu_cmdline(arch, build, distro, image, out, pid, enforce_pcbios=Fal
 
     return cmd
 
-def start_qemu(arch, build, distro, image, out, pid, enforce_pcbios):
-    cmdline = format_qemu_cmdline(arch, build, distro, image, out, pid, enforce_pcbios)
+def start_qemu(arch, build, distro, image, out, pid, enforce_pcbios, secureboot):
+    cmdline = format_qemu_cmdline(arch, build, distro, image, out, pid, enforce_pcbios, secureboot)
     cmdline.insert(1, '-nographic')
 
     print(cmdline)
+
+    if secureboot:
+        import shutil
+        ovmf_vars_orig = '/usr/share/OVMF/OVMF_VARS_4M.ms.fd'
+        ovmf_vars_copy = 'OVMF_VARS_4M.ms.fd'
+        shutil.copy(ovmf_vars_orig, ovmf_vars_copy)
+        try:
+            p1 = subprocess.call('exec ' + ' '.join(cmdline), shell=True)
+        finally:
+            os.remove(ovmf_vars_copy)
+
     p1 = subprocess.call('exec ' + ' '.join(cmdline), shell=True)
 
 if __name__ == "__main__":
     parser = argparse.ArgumentParser()
-    parser.add_argument('-a', '--arch', choices=['arm', 'arm64', 'amd64', 'i386', 'mipsel'], help='set isar machine architecture.', default='arm')
+    parser.add_argument('-a', '--arch', choices=['arm', 'arm64', 'amd64', 'amd64-sb', 'i386', 'mipsel'], help='set isar machine architecture.', default='arm')
     parser.add_argument('-b', '--build', help='set path to build directory.', default=os.getcwd())
     parser.add_argument('-d', '--distro', choices=['buster', 'bullseye', 'bookworm', 'trixie', 'focal', 'jammy'], help='set isar Debian distribution.', default='bookworm')
     parser.add_argument('-i', '--image', help='set image name.', default='isar-image-base')
     parser.add_argument('-o', '--out', help='Route QEMU console output to specified file.')
     parser.add_argument('-p', '--pid', help='Store QEMU pid to specified file.')
     parser.add_argument('--pcbios', action="store_true", help='remove any bios options to enforce use of pc bios')
+    parser.add_argument('-s', '--secureboot', action='store_true', help='Enable secureboot with default MS keys')
     args = parser.parse_args()
 
-    start_qemu(args.arch, args.build, args.distro, args.image, args.out, args.pid, args.pcbios)
+    start_qemu(args.arch, args.build, args.distro, args.image, args.out, args.pid, args.pcbios, args.secureboot)
-- 
2.39.2

next prev parent reply	other threads:[~2024-02-01 10:15 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-02-01  6:58 [PATCH 0/3] Migration to start_vm.py and removing deprecated scripts Ilia Skochilov
2024-02-01  6:58 ` Ilia Skochilov [this message]
2024-02-01  6:58 ` [PATCH 2/3] start_vm: remove shell version Ilia Skochilov
2024-02-01  6:58 ` [PATCH 3/3] Remove vm_smoke_test Ilia Skochilov

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20240201065844.1669957-2-iskochilov@ilbers.de \
    --to=iskochilov@ilbers.de \
    --cc=isar-users@googlegroups.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox