meta-efibootguard with rocko
17 views
Skip to first unread message
Matthias Schöpfer
Nov 22, 2017, 6:13:38 AM11/22/17
to EFI Boot Guard
Hi there,
I came across efibootguard, and it seems to be doing what I am looking for. Even though, the integration with swupdate is pending, I guess, it is possible to solve this by using post install scripts...
I am using yocto rocko, so I cloned meta-efibootguard, did what was asked for in the Readme. I then ran into some wic issues: The import locations seem to have changed recently, but nothing I could not handle. Anyhow, now I am stuck here:
| DEBUG: Python function extend_recipe_sysroot finished
| DEBUG: Executing shell function do_image_wic
| INFO: Creating image(s)...
|
| ERROR: _exec_cmd: cp /home/mschoepf/foo/yocto/build/tmp/work/mic_7700-idp-linux/core-image-fts/1.0-r0/recipe-sysroot/usr/share/EFI/BOOT/* /home/mschoepf/foo/yocto/build/tmp/work/mic_7700-idp-linux/core-image-fts/1.0-r0/deploy-core-image-fts-image-complete/core-image-fts-mic-7700-20171122105906/tmp.wic.ve8_m7nf/hdd/efi.1/EFI/BOOT returned '1' instead of 0
| output: cp: cannot stat '/home/mschoepf/foo/yocto/build/tmp/work/mic_7700-idp-linux/core-image-fts/1.0-r0/recipe-sysroot/usr/share/EFI/BOOT/*': No such file or directory
|
| WARNING: /home/mschoepf/foo/yocto/build/tmp/work/mic_7700-idp-linux/core-image-fts/1.0-r0/temp/run.do_image_wic.22216:1 exit 1 from 'BUILDDIR="/home/mschoepf/foo/yocto/build" wic create "$wks" --vars "/home/mschoepf/foo/yocto/build/tmp/sysroots/mic-7700/imgdata/" -e "core-image-fts" -o "$out/"'
| ERROR: Function failed: do_image_wic (log file is located at /home/mschoepf/foo/yocto/build/tmp/work/mic_7700-idp-linux/core-image-fts/1.0-r0/temp/log.do_image_wic.22216)
ERROR: Task (/home/mschoepf/foo/yocto/poky/meta-fts/recipes-core/images/core-image-fts.bb:do_image_wic) failed with exit code '1'
Can someone with more insight in the process give me a clue what is going wrong here?!
Thanks,
Matthias
I came across efibootguard, and it seems to be doing what I am looking for. Even though, the integration with swupdate is pending, I guess, it is possible to solve this by using post install scripts...
I am using yocto rocko, so I cloned meta-efibootguard, did what was asked for in the Readme. I then ran into some wic issues: The import locations seem to have changed recently, but nothing I could not handle. Anyhow, now I am stuck here:
| DEBUG: Python function extend_recipe_sysroot finished
| DEBUG: Executing shell function do_image_wic
| INFO: Creating image(s)...
|
| ERROR: _exec_cmd: cp /home/mschoepf/foo/yocto/build/tmp/work/mic_7700-idp-linux/core-image-fts/1.0-r0/recipe-sysroot/usr/share/EFI/BOOT/* /home/mschoepf/foo/yocto/build/tmp/work/mic_7700-idp-linux/core-image-fts/1.0-r0/deploy-core-image-fts-image-complete/core-image-fts-mic-7700-20171122105906/tmp.wic.ve8_m7nf/hdd/efi.1/EFI/BOOT returned '1' instead of 0
| output: cp: cannot stat '/home/mschoepf/foo/yocto/build/tmp/work/mic_7700-idp-linux/core-image-fts/1.0-r0/recipe-sysroot/usr/share/EFI/BOOT/*': No such file or directory
|
| WARNING: /home/mschoepf/foo/yocto/build/tmp/work/mic_7700-idp-linux/core-image-fts/1.0-r0/temp/run.do_image_wic.22216:1 exit 1 from 'BUILDDIR="/home/mschoepf/foo/yocto/build" wic create "$wks" --vars "/home/mschoepf/foo/yocto/build/tmp/sysroots/mic-7700/imgdata/" -e "core-image-fts" -o "$out/"'
| ERROR: Function failed: do_image_wic (log file is located at /home/mschoepf/foo/yocto/build/tmp/work/mic_7700-idp-linux/core-image-fts/1.0-r0/temp/log.do_image_wic.22216)
ERROR: Task (/home/mschoepf/foo/yocto/poky/meta-fts/recipes-core/images/core-image-fts.bb:do_image_wic) failed with exit code '1'
Can someone with more insight in the process give me a clue what is going wrong here?!
Thanks,
Matthias
Andreas Reichel
Nov 22, 2017, 7:20:09 AM11/22/17
to Matthias Schöpfer, EFI Boot Guard
On Wed, Nov 22, 2017 at 03:13:38AM -0800, 'Matthias Schöpfer' via EFI Boot Guard wrote:
> Hi there,
>
> I came across efibootguard, and it seems to be doing what I am looking for.
> Even though, the integration with swupdate is pending, I guess, it is
> possible to solve this by using post install scripts...
>
> I am using yocto rocko, so I cloned meta-efibootguard, did what was asked
Hi,
> Hi there,
>
> I came across efibootguard, and it seems to be doing what I am looking for.
> Even though, the integration with swupdate is pending, I guess, it is
> possible to solve this by using post install scripts...
>
> I am using yocto rocko, so I cloned meta-efibootguard, did what was asked
as we have never tested it with rocko we currently have no support for
this version.
> for in the Readme. I then ran into some wic issues: The import locations
> seem to have changed recently, but nothing I could not handle. Anyhow, now
> I am stuck here:
> | DEBUG: Python function extend_recipe_sysroot finished
> | DEBUG: Executing shell function do_image_wic
> | INFO: Creating image(s)...
> |
> | ERROR: _exec_cmd: cp
> /home/mschoepf/foo/yocto/build/tmp/work/mic_7700-idp-linux/core-image-fts/1.0-r0/recipe-sysroot/usr/share/EFI/BOOT/*
> /home/mschoepf/foo/yocto/build/tmp/work/mic_7700-idp-linux/core-image-fts/1.0-r0/deploy-core-image-fts-image-complete/core-image-fts-mic-7700-20171122105906/tmp.wic.ve8_m7nf/hdd/efi.1/EFI/BOOT
> returned '1' instead of 0
> | output: cp: cannot stat
> '/home/mschoepf/foo/yocto/build/tmp/work/mic_7700-idp-linux/core-image-fts/1.0-r0/recipe-sysroot/usr/share/EFI/BOOT/*':
> No such file or directory
filename. Reasen is that either the deployment had not taken place
before or the deployment location has changed (again). You could do a
find for the files which are tried to be copied by the python plugin
files and adapt the paths to have a quick fix.
Kind regards,
Andreas
> Can someone with more insight in the process give me a clue what is going
> wrong here?!
>
> Thanks,
>
> Matthias
>
> You received this message because you are subscribed to the Google Groups "EFI Boot Guard" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to efibootguard-d...@googlegroups.com.
> To post to this group, send email to efibootg...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/efibootguard-dev/ce039965-7d1d-413a-b9dc-0d10b2c97983%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
--
Andreas Reichel
Dipl.-Phys. (Univ.)
Software Consultant
Andreas...@tngtech.com, +49-174-3180074
TNG Technology Consulting GmbH, Betastr. 13a, 85774 Unterfoehring
Geschaeftsfuehrer: Henrik Klagges, Dr. Robert Dahlke, Gerhard Mueller
Sitz: Unterfoehring * Amtsgericht Muenchen * HRB 135082
Matthias Schoepfer
Nov 22, 2017, 8:11:36 AM11/22/17
to Andreas Reichel, EFI Boot Guard
Hi Andreas,
On 11/22/2017 01:18 PM, Andreas Reichel wrote:
> as we have never tested it with rocko we currently have no support for
> this version.
I see, but either I get it working with rocko or not at all :-/
there, not anywhere in the build directory tree. Even doing bitbake -c
deploy efibootguard did not help. Where shall these files normally be
coming from?!
Thanks and Regards,
Matthias
On 11/22/2017 01:18 PM, Andreas Reichel wrote:
> as we have never tested it with rocko we currently have no support for
> this version.
>> for in the Readme. I then ran into some wic issues: The import locations
>> seem to have changed recently, but nothing I could not handle. Anyhow, now
>> I am stuck here:
>> | DEBUG: Python function extend_recipe_sysroot finished
>> | DEBUG: Executing shell function do_image_wic
>> | INFO: Creating image(s)...
>> |
>> | ERROR: _exec_cmd: cp
>> /home/mschoepf/foo/yocto/build/tmp/work/mic_7700-idp-linux/core-image-fts/1.0-r0/recipe-sysroot/usr/share/EFI/BOOT/*
>> /home/mschoepf/foo/yocto/build/tmp/work/mic_7700-idp-linux/core-image-fts/1.0-r0/deploy-core-image-fts-image-complete/core-image-fts-mic-7700-20171122105906/tmp.wic.ve8_m7nf/hdd/efi.1/EFI/BOOT
>> returned '1' instead of 0
>> | output: cp: cannot stat
>> '/home/mschoepf/foo/yocto/build/tmp/work/mic_7700-idp-linux/core-image-fts/1.0-r0/recipe-sysroot/usr/share/EFI/BOOT/*':
>> No such file or directory
> It seems the directory is empty and the '*' is not globbed but taken as
> filename. Reasen is that either the deployment had not taken place
> before or the deployment location has changed (again). You could do a
> find for the files which are tried to be copied by the python plugin
> files and adapt the paths to have a quick fix.
Ok, .../recipe-sysroot/usr/share/EFI/BOOT, EFI/BOOT does not exist. Not
>> seem to have changed recently, but nothing I could not handle. Anyhow, now
>> I am stuck here:
>> | DEBUG: Python function extend_recipe_sysroot finished
>> | DEBUG: Executing shell function do_image_wic
>> | INFO: Creating image(s)...
>> |
>> | ERROR: _exec_cmd: cp
>> /home/mschoepf/foo/yocto/build/tmp/work/mic_7700-idp-linux/core-image-fts/1.0-r0/recipe-sysroot/usr/share/EFI/BOOT/*
>> /home/mschoepf/foo/yocto/build/tmp/work/mic_7700-idp-linux/core-image-fts/1.0-r0/deploy-core-image-fts-image-complete/core-image-fts-mic-7700-20171122105906/tmp.wic.ve8_m7nf/hdd/efi.1/EFI/BOOT
>> returned '1' instead of 0
>> | output: cp: cannot stat
>> '/home/mschoepf/foo/yocto/build/tmp/work/mic_7700-idp-linux/core-image-fts/1.0-r0/recipe-sysroot/usr/share/EFI/BOOT/*':
>> No such file or directory
> It seems the directory is empty and the '*' is not globbed but taken as
> filename. Reasen is that either the deployment had not taken place
> before or the deployment location has changed (again). You could do a
> find for the files which are tried to be copied by the python plugin
> files and adapt the paths to have a quick fix.
there, not anywhere in the build directory tree. Even doing bitbake -c
deploy efibootguard did not help. Where shall these files normally be
coming from?!
Thanks and Regards,
Matthias
Claudius Heine
Nov 22, 2017, 8:28:48 AM11/22/17
to Matthias Schoepfer, Andreas Reichel, EFI Boot Guard
Hi Matthias,
With our versions of openembedded a 'efibootguard*.efi' file is deployed
in the deploy directory. This file is then used by the
'classes/efibootguard.bbclass' and copied into the 'EFI/BOOT' directory
as 'boot*.efi'. From there the wic plugin
'scripts/lib/wic/plugins/source/efibootguard-efi.py' copies it into the
EFI partition.
The last step seems to fail, because the plugin searches for the wrong
directory (that seems to be the case, because it searches for
'/usr/share/EFI/BOOT' and I don't think thats right).
It could also be that the bbclass has copied it to the wrong directory.
Somewhere a file named 'bootia32.efi' or 'bootx64.efi' has to be found
in your TMP_DIR. Otherwise take a look at the deploy dir for
'efibootguardia32.efi' or 'efibootguardx64.efi'. Then copy it manualy to
'/home/mschoepf/foo/yocto/build/tmp/work/mic_7700-idp-linux/core-image-fts/1.0-r0/recipe-sysroot/usr/share/EFI/BOOT/'
as 'bootia32.efi' or 'bootx64.efi'. The try wic again.
Otherwise try to fix the paths in the plugin or bbclass, so that this is
done correctly automatically.
Cheers,
Claudius
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: (+49)-8142-66989-54 Fax: (+49)-8142-66989-80 Email: c...@denx.de
PGP key: 6FF2 E59F 00C6 BC28 31D8 64C1 1173 CB19 9808 B153
Keyserver: hkp://pool.sks-keyservers.net
in the deploy directory. This file is then used by the
'classes/efibootguard.bbclass' and copied into the 'EFI/BOOT' directory
as 'boot*.efi'. From there the wic plugin
'scripts/lib/wic/plugins/source/efibootguard-efi.py' copies it into the
EFI partition.
The last step seems to fail, because the plugin searches for the wrong
directory (that seems to be the case, because it searches for
'/usr/share/EFI/BOOT' and I don't think thats right).
It could also be that the bbclass has copied it to the wrong directory.
Somewhere a file named 'bootia32.efi' or 'bootx64.efi' has to be found
in your TMP_DIR. Otherwise take a look at the deploy dir for
'efibootguardia32.efi' or 'efibootguardx64.efi'. Then copy it manualy to
'/home/mschoepf/foo/yocto/build/tmp/work/mic_7700-idp-linux/core-image-fts/1.0-r0/recipe-sysroot/usr/share/EFI/BOOT/'
as 'bootia32.efi' or 'bootx64.efi'. The try wic again.
Otherwise try to fix the paths in the plugin or bbclass, so that this is
done correctly automatically.
Cheers,
Claudius
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: (+49)-8142-66989-54 Fax: (+49)-8142-66989-80 Email: c...@denx.de
PGP key: 6FF2 E59F 00C6 BC28 31D8 64C1 1173 CB19 9808 B153
Keyserver: hkp://pool.sks-keyservers.net
Andreas Reichel
Nov 22, 2017, 8:37:27 AM11/22/17
to Matthias Schoepfer, EFI Boot Guard
On Wed, Nov 22, 2017 at 02:11:34PM +0100, Matthias Schoepfer wrote:
> Hi Andreas,
scripts/lib/wic/plugins/source/efibootguard-efi.py:
install_cmd = "install -d %s/EFI/BOOT" % hdddir
This python file creates the directory within the location specified by
the variable hdddir. Your log suggests, that `hdddir % "/EFI/BOOT"` is
/home/mschoepf/foo/yocto/build/tmp/work/mic_7700-idp-linux/core-image-fts/1.0-r0/deploy-core-image-fts-image-complete/core-image-fts-mic-7700-20171122105906/tmp.wic.ve8_m7nf/hdd/efi.1/EFI/BOOT
This would be the first step to verify if this directory exists. Then
the files are copied from `bootimg_dir % "/EFI/BOOT"` to `hdddir` %
"/EFI/BOOT" where the script obviously fails. I.e., the
`efibootguard.bb` recipe installs the files to ${DEPLOYDIR} which is
probably different in this yocto version. Maybe you can alter the
`efibootguard.bb` so that files are deployed into a fixed temporary
directory and alter the python plugin to use the same directory. Or you
could use `bitbake -E` to grep for important directories and
corresponding variables. It is sometimes not obvious which variables to
use to put together a valid path.
Kind regards
Andreas
> Thanks and Regards,
>
> Matthias
> Hi Andreas,
>
> >> /home/mschoepf/foo/yocto/build/tmp/work/mic_7700-idp-linux/core-image-fts/1.0-r0/deploy-core-image-fts-image-complete/core-image-fts-mic-7700-20171122105906/tmp.wic.ve8_m7nf/hdd/efi.1/EFI/BOOT
> >> returned '1' instead of 0
> >> | output: cp: cannot stat
> >> '/home/mschoepf/foo/yocto/build/tmp/work/mic_7700-idp-linux/core-image-fts/1.0-r0/recipe-sysroot/usr/share/EFI/BOOT/*':
> >> No such file or directory
> > It seems the directory is empty and the '*' is not globbed but taken as
> > filename. Reasen is that either the deployment had not taken place
> > before or the deployment location has changed (again). You could do a
> > find for the files which are tried to be copied by the python plugin
> > files and adapt the paths to have a quick fix.
> Ok, .../recipe-sysroot/usr/share/EFI/BOOT, EFI/BOOT does not exist. Not
> there, not anywhere in the build directory tree. Even doing bitbake -c
> deploy efibootguard did not help. Where shall these files normally be
> coming from?!
>
A quick grep inside `meta-efibootguard` lists
> >> /home/mschoepf/foo/yocto/build/tmp/work/mic_7700-idp-linux/core-image-fts/1.0-r0/deploy-core-image-fts-image-complete/core-image-fts-mic-7700-20171122105906/tmp.wic.ve8_m7nf/hdd/efi.1/EFI/BOOT
> >> returned '1' instead of 0
> >> | output: cp: cannot stat
> >> '/home/mschoepf/foo/yocto/build/tmp/work/mic_7700-idp-linux/core-image-fts/1.0-r0/recipe-sysroot/usr/share/EFI/BOOT/*':
> >> No such file or directory
> > It seems the directory is empty and the '*' is not globbed but taken as
> > filename. Reasen is that either the deployment had not taken place
> > before or the deployment location has changed (again). You could do a
> > find for the files which are tried to be copied by the python plugin
> > files and adapt the paths to have a quick fix.
> Ok, .../recipe-sysroot/usr/share/EFI/BOOT, EFI/BOOT does not exist. Not
> there, not anywhere in the build directory tree. Even doing bitbake -c
> deploy efibootguard did not help. Where shall these files normally be
> coming from?!
>
scripts/lib/wic/plugins/source/efibootguard-efi.py:
install_cmd = "install -d %s/EFI/BOOT" % hdddir
This python file creates the directory within the location specified by
the variable hdddir. Your log suggests, that `hdddir % "/EFI/BOOT"` is
/home/mschoepf/foo/yocto/build/tmp/work/mic_7700-idp-linux/core-image-fts/1.0-r0/deploy-core-image-fts-image-complete/core-image-fts-mic-7700-20171122105906/tmp.wic.ve8_m7nf/hdd/efi.1/EFI/BOOT
This would be the first step to verify if this directory exists. Then
the files are copied from `bootimg_dir % "/EFI/BOOT"` to `hdddir` %
"/EFI/BOOT" where the script obviously fails. I.e., the
`efibootguard.bb` recipe installs the files to ${DEPLOYDIR} which is
probably different in this yocto version. Maybe you can alter the
`efibootguard.bb` so that files are deployed into a fixed temporary
directory and alter the python plugin to use the same directory. Or you
could use `bitbake -E` to grep for important directories and
corresponding variables. It is sometimes not obvious which variables to
use to put together a valid path.
Kind regards
Andreas
> Thanks and Regards,
>
> Matthias
Andreas Reichel
Nov 22, 2017, 8:43:55 AM11/22/17
to Matthias Schoepfer, EFI Boot Guard
> corresponding variables. It is sometimes not obvious which variables to
> use to put together a valid path.
>
> Kind regards
> Andreas
> > Thanks and Regards,
> >
> > Matthias
>
> --
> Andreas Reichel
> Dipl.-Phys. (Univ.)
> Software Consultant
>
> Andreas...@tngtech.com, +49-174-3180074
> TNG Technology Consulting GmbH, Betastr. 13a, 85774 Unterfoehring
> Geschaeftsfuehrer: Henrik Klagges, Dr. Robert Dahlke, Gerhard Mueller
> Sitz: Unterfoehring * Amtsgericht Muenchen * HRB 135082
>
> --
> You received this message because you are subscribed to the Google Groups "EFI Boot Guard" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to efibootguard-d...@googlegroups.com.
> To post to this group, send email to efibootg...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/efibootguard-dev/20171122133559.GA2802%40iiotirae.
> You received this message because you are subscribed to the Google Groups "EFI Boot Guard" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to efibootguard-d...@googlegroups.com.
> To post to this group, send email to efibootg...@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages