From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 7330575231163039744 X-Received: by 2002:a05:6808:19a8:b0:3be:3647:3f8b with SMTP id bj40-20020a05680819a800b003be36473f8bmr4844286oib.20.1706782549805; Thu, 01 Feb 2024 02:15:49 -0800 (PST) X-BeenThere: isar-users@googlegroups.com Received: by 2002:ac8:588f:0:b0:42b:eae2:1c3b with SMTP id t15-20020ac8588f000000b0042beae21c3bls311756qta.2.-pod-prod-05-us; Thu, 01 Feb 2024 02:15:49 -0800 (PST) X-Received: by 2002:ac8:4e4b:0:b0:42b:f5ec:20ff with SMTP id e11-20020ac84e4b000000b0042bf5ec20ffmr92890qtw.11.1706782549277; Thu, 01 Feb 2024 02:15:49 -0800 (PST) Received: by 2002:a05:620a:4691:b0:783:b5ca:2e6a with SMTP id af79cd13be357-7854696986ems85a; Wed, 31 Jan 2024 22:59:21 -0800 (PST) X-Google-Smtp-Source: AGHT+IFcPm5GC4Z2kgnm1tT9gLtmm8PliMs0qUKgrytOxv4IjAYBoIdYUy1FWoX1UpfMBk3oajzs X-Received: by 2002:a19:6754:0:b0:50e:a6f8:aacf with SMTP id e20-20020a196754000000b0050ea6f8aacfmr1144037lfj.14.1706770760188; Wed, 31 Jan 2024 22:59:20 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1706770760; cv=none; d=google.com; s=arc-20160816; b=JrUi+/WrXbk8l62Or1d61B3QWdk/zsqA/jsdKBF4V73TDS+K54LK6Ey1iZjAQJA4wH CQ4jHAEMWEYDrGyuoj/LfBMJWk5+4ZBJx4/wFWFWx2nN+G2GDUGtuMpc19QEJ20299k+ IEnsMCWMkunw1Xhw7/noDFlmiyuGChy0vOv03AmYmGrQIoiSUwsMxmEny2LYcgdI+Dql cOM1+u9NLcZNR/TjpDZzsq5Rb3bgFx0NuqmOI8dy6JQIMkB+m+OmP6GzC+L4ak2B8Jn9 R9xGJXarhYaeeUy9SNyQ4YiUr84mjAXb0UjJWPvT2rUTxsn9zyPTxEbuMX9HtLexLOJL 1H2A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=tq61B/dDQBmMud9qxvpHH/gjFCxAj7/zo6ylRJ9nhU0=; fh=m/jjxtlxUhTkYmkLM8ahJk+CvivPxLiuNYfxh9oPu7o=; b=rvQrpOjT2dlH4LgIsG1mhZfQRgBWOzJhU9GxjZ6H8ztbnqDhx6ghlx1Vu849FcOrdG vdrRGPrwJkARI6HDXAldM0aTlxzZIq16e2l/TRIK4PwV0MRRAPDVrcOP4h3q7bWOWzoc yOj/GEkwXemxl9OLvZvADVzW5ahznu5SNHfuDKhYo3lBh1I8g5h8UIH7dbn3yh2Iq/k9 jdlIQWQX4stWtkatHAz2QU7pBUqTlmx6/zlsigYMXuFkicQ7kogC0VLswZoTbrcIzclt mdh65yrFx06BjOl8eBfvNlrVI8Uw2JdEe2T7DlfjdsQSo2gHKP/rhVj9Njx4CvrnStek YEWQ==; dara=google.com ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of iskochilov@ilbers.de designates 85.214.156.166 as permitted sender) smtp.mailfrom=iskochilov@ilbers.de Return-Path: Received: from shymkent.ilbers.de (shymkent.ilbers.de. [85.214.156.166]) by gmr-mx.google.com with ESMTPS id x28-20020a19e01c000000b005101ebc5293si937241lfg.11.2024.01.31.22.59.19 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Wed, 31 Jan 2024 22:59:20 -0800 (PST) Received-SPF: pass (google.com: domain of iskochilov@ilbers.de designates 85.214.156.166 as permitted sender) client-ip=85.214.156.166; Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of iskochilov@ilbers.de designates 85.214.156.166 as permitted sender) smtp.mailfrom=iskochilov@ilbers.de Received: from baighyz.m.ilbers.de (host-80-81-17-52.static.customer.m-online.net [80.81.17.52]) (authenticated bits=0) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPSA id 4116xINs016796 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 1 Feb 2024 07:59:18 +0100 Received: from baighyz.m.ilbers.de (localhost [127.0.0.1]) by baighyz.m.ilbers.de (8.17.1.9/8.17.1.9/Debian-2) with ESMTPS id 4116xIFN1670026 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NOT); Thu, 1 Feb 2024 06:59:18 GMT Received: (from iskochilov@localhost) by baighyz.m.ilbers.de (8.17.1.9/8.17.1.9/Submit) id 4116xIOI1670025; Thu, 1 Feb 2024 06:59:18 GMT From: Ilia Skochilov To: isar-users@googlegroups.com Cc: Ilia Skochilov Subject: [PATCH 1/3] Migration from start_vm to start_vm.py Date: Thu, 1 Feb 2024 06:58:43 +0000 Message-Id: <20240201065844.1669957-2-iskochilov@ilbers.de> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20240201065844.1669957-1-iskochilov@ilbers.de> References: <20240201065844.1669957-1-iskochilov@ilbers.de> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-TUID: Hr5tQeoYCktq start_vm.py: Add support for the secureboot option. Option --secureboot (-s) enables secureboot with default MS keys for amd64-sb as -a option. isar-buildenv-internal: adds ISARROOT/testsuite to $PATH. user_manual.md, README.md: Update. Describe how to start a QEMU instance with start_vm.py. Signed-off-by: Ilia Skochilov --- README.md | 2 +- doc/user_manual.md | 2 +- scripts/isar-buildenv-internal | 2 +- testsuite/start_vm.py | 31 ++++++++++++++++++++++++++----- 4 files changed, 29 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index f549aa9..881182a 100644 --- a/README.md +++ b/README.md @@ -19,7 +19,7 @@ for the instructions. To test the QEMU image, run the following command: - $ start_vm -a -d + $ start_vm.py -a -d Ex: Architecture of your build could be arm,arm64,i386,amd64,etc. Distribution of your build could be buster,bullseye,bookworm,etc. diff --git a/doc/user_manual.md b/doc/user_manual.md index 2eb9764..056a446 100644 --- a/doc/user_manual.md +++ b/doc/user_manual.md @@ -1021,7 +1021,7 @@ bitbake mc:qemuamd64-sb-bullseye:isar-image-base **Start the image:** (consider adding `-enable-kvm` to get some decent performance): ```bash -start_vm -a amd64-sb -d bullseye -s +start_vm.py -a amd64-sb -d bullseye -s ``` **Check if SB is actually enabled (detected):** diff --git a/scripts/isar-buildenv-internal b/scripts/isar-buildenv-internal index 1f609a5..1379f90 100755 --- a/scripts/isar-buildenv-internal +++ b/scripts/isar-buildenv-internal @@ -63,7 +63,7 @@ export BITBAKEDIR="${ISARROOT}/bitbake" export SCRIPTSDIR="${ISARROOT}/scripts" export TESTSUITEDIR="${ISARROOT}/testsuite" -for newpath in "$BITBAKEDIR/bin" "$SCRIPTSDIR"; do +for newpath in "$BITBAKEDIR/bin" "$SCRIPTSDIR" "$ISARROOT/testsuite"; do # Remove any existences of $newpath from $PATH PATH=$(echo $PATH | sed -re "s#(^|:)$newpath(:|$)#\2#g;s#^:##") diff --git a/testsuite/start_vm.py b/testsuite/start_vm.py index ef0dfbc..a7c91e0 100755 --- a/testsuite/start_vm.py +++ b/testsuite/start_vm.py @@ -22,12 +22,17 @@ def get_bitbake_var(output, var): ret = line.split('"')[1] return ret -def format_qemu_cmdline(arch, build, distro, image, out, pid, enforce_pcbios=False): +def format_qemu_cmdline(arch, build, distro, image, out, pid, enforce_pcbios=False, secureboot=False): bb_output = get_bitbake_env(arch, distro, image).decode() extra_args = '' cpu = [''] + if secureboot and arch != 'amd64-sb': + raise ValueError('Invalid arch. Secureboot is only supported by amd64-sb') + if arch == 'amd64-sb' and not secureboot: + raise ValueError('amd64-sb is only compatible with the secureboot option enabled') + image_type = get_bitbake_var(bb_output, 'IMAGE_FSTYPES').split()[0] deploy_dir_image = get_bitbake_var(bb_output, 'DEPLOY_DIR_IMAGE') base = 'ubuntu' if distro in ['jammy', 'focal'] else 'debian' @@ -67,6 +72,10 @@ def format_qemu_cmdline(arch, build, distro, image, out, pid, enforce_pcbios=Fal extra_args.extend(['-pidfile', pid]) qemu_disk_args = qemu_disk_args.replace('##ROOTFS_IMAGE##', deploy_dir_image + '/' + rootfs_image).split() + + if secureboot: + qemu_disk_args.extend(['-drive', f'if=pflash,format=raw,unit=1,file="OVMF_VARS_4M.ms.fd"']) + if enforce_pcbios and '-bios' in qemu_disk_args: bios_idx = qemu_disk_args.index('-bios') del qemu_disk_args[bios_idx : bios_idx+2] @@ -91,22 +100,34 @@ def format_qemu_cmdline(arch, build, distro, image, out, pid, enforce_pcbios=Fal return cmd -def start_qemu(arch, build, distro, image, out, pid, enforce_pcbios): - cmdline = format_qemu_cmdline(arch, build, distro, image, out, pid, enforce_pcbios) +def start_qemu(arch, build, distro, image, out, pid, enforce_pcbios, secureboot): + cmdline = format_qemu_cmdline(arch, build, distro, image, out, pid, enforce_pcbios, secureboot) cmdline.insert(1, '-nographic') print(cmdline) + + if secureboot: + import shutil + ovmf_vars_orig = '/usr/share/OVMF/OVMF_VARS_4M.ms.fd' + ovmf_vars_copy = 'OVMF_VARS_4M.ms.fd' + shutil.copy(ovmf_vars_orig, ovmf_vars_copy) + try: + p1 = subprocess.call('exec ' + ' '.join(cmdline), shell=True) + finally: + os.remove(ovmf_vars_copy) + p1 = subprocess.call('exec ' + ' '.join(cmdline), shell=True) if __name__ == "__main__": parser = argparse.ArgumentParser() - parser.add_argument('-a', '--arch', choices=['arm', 'arm64', 'amd64', 'i386', 'mipsel'], help='set isar machine architecture.', default='arm') + parser.add_argument('-a', '--arch', choices=['arm', 'arm64', 'amd64', 'amd64-sb', 'i386', 'mipsel'], help='set isar machine architecture.', default='arm') parser.add_argument('-b', '--build', help='set path to build directory.', default=os.getcwd()) parser.add_argument('-d', '--distro', choices=['buster', 'bullseye', 'bookworm', 'trixie', 'focal', 'jammy'], help='set isar Debian distribution.', default='bookworm') parser.add_argument('-i', '--image', help='set image name.', default='isar-image-base') parser.add_argument('-o', '--out', help='Route QEMU console output to specified file.') parser.add_argument('-p', '--pid', help='Store QEMU pid to specified file.') parser.add_argument('--pcbios', action="store_true", help='remove any bios options to enforce use of pc bios') + parser.add_argument('-s', '--secureboot', action='store_true', help='Enable secureboot with default MS keys') args = parser.parse_args() - start_qemu(args.arch, args.build, args.distro, args.image, args.out, args.pid, args.pcbios) + start_qemu(args.arch, args.build, args.distro, args.image, args.out, args.pid, args.pcbios, args.secureboot) -- 2.39.2