[PATCH v2 0/2] Add efibootguard bootloader package & example recipe

[Christopher Obbard]

This patch series adds support for the efibootguard bootloader
(https://github.com/siemens/efibootguard) to buildroot. efibootguard
can be useful when designing systems using A/B slot-based upgrades.

The first patch introduces the efibootguard bootloader package which
builds the EFI application, user-space applications and host
applications.

The second patch adds an example recipe which demonstrates how to use
efibootguard in a typical EFI boot scenario. This may serve as a
reference for users looking to integrate efibootguard into their system.

efibootguard can be built for multiple architectures, but for now this
patch series only builds for x86_64 (since that was what the project I
added efibootguard to used). Support for additional architectures
(including arm, aarch64 and riscv) will come in future follow-up patches.
I expect to do that once this series has been merged.

The example recipe has been boot-tested on QEMU with OVMF firmware and
I have confirmed the image boots & runs as expected.

Feedback welcome!

Signed-off-by: Christopher Obbard <obb...@gmail.com>
---
Changes in v2:
- Rebase on top of buildroot 2026.02
- Update efibootguard to v0.22
- Link to v1: https://lore.kernel.org/r/20251219-wip-obbardc-boot-efibootg...@gmail.com

---
Christopher Obbard (2):
boot/efibootguard: new boot package
board/pc-efibootguard: add example efibootguard recipe

DEVELOPERS | 5 +++
board/pc-efibootguard/genimage.cfg | 59 +++++++++++++++++++++++++++
board/pc-efibootguard/linux-efistub.fragment | 4 ++
board/pc-efibootguard/post-build.sh | 35 ++++++++++++++++
board/pc-efibootguard/post-image.sh | 7 ++++
board/pc-efibootguard/readme.txt | 30 ++++++++++++++
board/pc-efibootguard/run-image-qemu.sh | 9 +++++
boot/Config.in | 2 +
boot/efibootguard/Config.in | 37 +++++++++++++++++
boot/efibootguard/Config.in.host | 8 ++++
boot/efibootguard/efibootguard.hash | 3 ++
boot/efibootguard/efibootguard.mk | 60 ++++++++++++++++++++++++++++
configs/pc_x86_64_efibootguard_defconfig | 51 +++++++++++++++++++++++
13 files changed, 310 insertions(+)
---
base-commit: 52ee2f5644da5389634b2465f1dc31deb5a4807c
change-id: 20250207-wip-obbardc-boot-efibootguard-initial-pkg-9d16e4b283fd

Best regards,
--
Christopher Obbard <obb...@gmail.com>

[Christopher Obbard]

This patch adds a new boot package to Buildroot for building the
efibootguard bootloader from the https://github.com/siemens/efibootguard
repository.

efibootguard can be chainloaded as an EFI application or used as a
standalone bootloader and can be useful when building A/B systems.

Add a recipe to build the EFI bootloader application, user-space
tooling & host tooling (both of which are used to manage efibootguard
configuration).

efibootguard supports multiple architectures, but for now only build
the EFI bootloader for x86_64.

Signed-off-by: Christopher Obbard <obb...@gmail.com>
---

DEVELOPERS | 3 ++
boot/Config.in | 2 ++
boot/efibootguard/Config.in | 37 +++++++++++++++++++++++
boot/efibootguard/Config.in.host | 8 +++++
boot/efibootguard/efibootguard.hash | 3 ++
boot/efibootguard/efibootguard.mk | 60 +++++++++++++++++++++++++++++++++++++
6 files changed, 113 insertions(+)

diff --git a/DEVELOPERS b/DEVELOPERS
index 9e983ae113..f64a5d6370 100644
--- a/DEVELOPERS
+++ b/DEVELOPERS
@@ -697,6 +697,9 @@ F: package/perl-sys-mmap/
F: package/perl-time-parsedate/
F: package/perl-x10/

+N: Christopher Obbard <obb...@gmail.com>
+F: boot/efibootguard/
+
N: Clayton Shotwell <clayton....@collins.com>
F: package/audit/
F: package/checkpolicy/
diff --git a/boot/Config.in b/boot/Config.in
index d73d221431..8e6dc7a5cc 100644
--- a/boot/Config.in
+++ b/boot/Config.in
@@ -15,6 +15,8 @@ source "boot/barebox/Config.in"
source "boot/binaries-marvell/Config.in"
source "boot/boot-wrapper-aarch64/Config.in"
source "boot/edk2/Config.in"
+source "boot/efibootguard/Config.in"
+source "boot/efibootguard/Config.in.host"
source "boot/grub2/Config.in"
source "boot/mv-ddr-marvell/Config.in"
source "boot/mxs-bootlets/Config.in"
diff --git a/boot/efibootguard/Config.in b/boot/efibootguard/Config.in
new file mode 100644
index 0000000000..47fd478e8b
--- /dev/null
+++ b/boot/efibootguard/Config.in
@@ -0,0 +1,37 @@
+config BR2_TARGET_EFIBOOTGUARD_ARCH_SUPPORTS
+ bool
+ default y if BR2_x86_64
+ depends on BR2_USE_MMU
+
+config BR2_TARGET_EFIBOOTGUARD
+ bool "efibootguard"
+ depends on BR2_TARGET_EFIBOOTGUARD_ARCH_SUPPORTS
+ depends on BR2_USE_WCHAR
+ select BR2_PACKAGE_GNU_EFI
+ select BR2_PACKAGE_PCIUTILS if BR2_TARGET_EFIBOOTGUARD_INSTALL_TOOLS
+ help
+ EFI Boot Guard is a UEFI bootloader intended for robust
+ A/B style updates. It arms a hardware watchdog before
+ handing over control to the OS and supports a fail-safe
+ boot mechanism to roll back if a boot attempt fails.
+
+ https://github.com/siemens/efibootguard
+
+if BR2_TARGET_EFIBOOTGUARD
+
+config BR2_TARGET_EFIBOOTGUARD_X86_64
+ bool "x86-64"
+ depends on BR2_x86_64
+ help
+ Select this option if the platform you're targeting has a
+ 64 bits EFI BIOS.
+
+config BR2_TARGET_EFIBOOTGUARD_INSTALL_TOOLS
+ bool "install tools"
+ help
+ Install the efibootguard user-space tools (e.g.
+ bg_printenv and bg_setenv) on the target. These tools
+ allow reading and updating efibootguard's configuration
+ in user-space.
+
+endif # BR2_TARGET_EFIBOOTGUARD
diff --git a/boot/efibootguard/Config.in.host b/boot/efibootguard/Config.in.host
new file mode 100644
index 0000000000..845c14c079
--- /dev/null
+++ b/boot/efibootguard/Config.in.host
@@ -0,0 +1,8 @@
+config BR2_TARGET_HOST_EFIBOOTGUARD
+ bool "host efibootguard"
+ help
+ Build efibootguard companion tools for the host. These
+ can be used during image creation to inspect and
+ modify the efibootguard configuration data.
+
+ https://github.com/siemens/efibootguard
diff --git a/boot/efibootguard/efibootguard.hash b/boot/efibootguard/efibootguard.hash
new file mode 100644
index 0000000000..6f5a5cf25c
--- /dev/null
+++ b/boot/efibootguard/efibootguard.hash
@@ -0,0 +1,3 @@
+# Locally calculated
+sha256 6c68c541311dcc8c2be0042f7887acc2a24d2ac68a88d426380fdbda9f476ae8 efibootguard-0.22.tar.gz
+sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING
diff --git a/boot/efibootguard/efibootguard.mk b/boot/efibootguard/efibootguard.mk
new file mode 100644
index 0000000000..c40cef13ac
--- /dev/null
+++ b/boot/efibootguard/efibootguard.mk
@@ -0,0 +1,60 @@
+################################################################################
+#
+# efibootguard
+#
+################################################################################
+
+EFIBOOTGUARD_VERSION = 0.22
+EFIBOOTGUARD_SITE = $(call github,siemens,efibootguard,refs/tags/v$(EFIBOOTGUARD_VERSION))
+EFIBOOTGUARD_LICENSE = GPL-2.0-only
+EFIBOOTGUARD_LICENSE_FILES = COPYING
+
+EFIBOOTGUARD_DEPENDENCIES = \
+ gnu-efi \
+ host-autoconf-archive
+
+ifeq ($(BR2_TARGET_EFIBOOTGUARD_INSTALL_TOOLS),y)
+EFIBOOTGUARD_DEPENDENCIES += pciutils
+EFIBOOTGUARD_INSTALL_TARGET = YES
+else
+EFIBOOTGUARD_INSTALL_TARGET = NO
+endif
+
+EFIBOOTGUARD_INSTALL_IMAGES = YES
+
+EFIBOOTGUARD_AUTORECONF = YES
+
+EFIBOOTGUARD_AUTORECONF_OPTS = \
+ -I $(HOST_DIR)/share/autoconf-archive
+
+EFIBOOTGUARD_CONF_OPTS = \
+ --with-gnuefi-sys-dir=$(STAGING_DIR) \
+ --with-gnuefi-include-dir=$(STAGING_DIR)/usr/include/efi \
+ --with-gnuefi-lib-dir=$(STAGING_DIR)/usr/lib \
+ --disable-completion \
+ --disable-tests
+
+# TODO: Perhaps take inspiration from Debian patch https://salsa.debian.org/debian/efibootguard/-/blob/master/debian/patches/always-override-stack-protector-variables-in-EFI-bui.patch?ref_type=heads
+EFIBOOTGUARD_CONF_ENV = \
+ LDFLAGS="$(LDFLAGS) -no-pie"
+
+define EFIBOOTGUARD_INSTALL_IMAGES_CMDS
+ $(INSTALL) -d $(BINARIES_DIR)/efibootguard
+ $(INSTALL) -m 0644 $(@D)/efibootguardx64.efi $(BINARIES_DIR)/efibootguard/
+endef
+
+HOST_EFIBOOTGUARD_DEPENDENCIES = \
+ host-autoconf-archive
+
+HOST_EFIBOOTGUARD_AUTORECONF = YES
+
+HOST_EFIBOOTGUARD_AUTORECONF_OPTS = \
+ -I $(HOST_DIR)/share/autoconf-archive
+
+HOST_EFIBOOTGUARD_CONF_OPTS = \
+ --disable-bootloader \
+ --disable-completion \
+ --disable-tests
+
+$(eval $(autotools-package))
+$(eval $(host-autotools-package))

--
2.53.0

[Christopher Obbard]

Add an example recipe (based on configs/pc_x86_64_efi_defconfig) to
generate an x86-64 image which boots the system using the efibootguard
bootloader. The recipe is an example of how to create an image using
efibootguard, including how to create the disk image & how to configure
efibootguard.

The created example image contains two boot slots; one of which contains
the kernel and the other is a dummy slot (e.g. cannot be booted from).

Also add instructions (and a silly script) to boot the example image
with QEMU.

Signed-off-by: Christopher Obbard <obb...@gmail.com>
---

DEVELOPERS | 2 +
board/pc-efibootguard/genimage.cfg | 59 ++++++++++++++++++++++++++++
board/pc-efibootguard/linux-efistub.fragment | 4 ++
board/pc-efibootguard/post-build.sh | 35 +++++++++++++++++

board/pc-efibootguard/post-image.sh | 7 ++++
board/pc-efibootguard/readme.txt | 30 ++++++++++++++
board/pc-efibootguard/run-image-qemu.sh | 9 +++++

configs/pc_x86_64_efibootguard_defconfig | 51 ++++++++++++++++++++++++
8 files changed, 197 insertions(+)

diff --git a/DEVELOPERS b/DEVELOPERS
index f64a5d6370..1b8d27bcf1 100644
--- a/DEVELOPERS
+++ b/DEVELOPERS
@@ -699,6 +699,8 @@ F: package/perl-x10/

N: Christopher Obbard <obb...@gmail.com>
F: boot/efibootguard/
+F: board/pc-efibootguard/
+F: configs/pc_x86_64_efibootguard_defconfig

N: Clayton Shotwell <clayton....@collins.com>
F: package/audit/

diff --git a/board/pc-efibootguard/genimage.cfg b/board/pc-efibootguard/genimage.cfg
new file mode 100644
index 0000000000..2437a89b63
--- /dev/null
+++ b/board/pc-efibootguard/genimage.cfg
@@ -0,0 +1,59 @@
+image EFI.vfat {
+ vfat {
+ file EFI/BOOT/BOOTX64.EFI {
+ image = "efibootguard/efibootguardx64.efi"
+ }
+ }
+
+ size = 16352K # 16MB - 32KB
+}
+
+image boot-a.vfat {
+ vfat {}
+
+ size = 128M
+ srcpath = "output/images/boot-a-part"
+}
+
+# # boot-b is a placeholder
+image boot-b.vfat {
+ vfat {}
+
+ size = 128M
+ srcpath = "output/images/boot-b-part"
+}
+
+image disk.img {
+ hdimage {
+ partition-table-type = "gpt"
+ }
+
+ partition EFI {
+ image = "EFI.vfat"
+ partition-type-uuid = esp
+ offset = 32K
+ bootable = true
+ }
+
+ partition boot-a {
+ partition-type-uuid = fat32
+ image = "boot-a.vfat"
+ }
+
+ partition boot-b {
+ partition-type-uuid = fat32
+ image = "boot-b.vfat"
+ }
+
+ partition system-a {
+ partition-type-uuid = root-x86-64
+ image = "rootfs.ext4"
+ size = 2G
+ }
+
+ # system-b is a placeholder
+ partition system-b {
+ partition-type-uuid = root-x86-64
+ size = 2G
+ }
+}
diff --git a/board/pc-efibootguard/linux-efistub.fragment b/board/pc-efibootguard/linux-efistub.fragment
new file mode 100644
index 0000000000..82f757b098
--- /dev/null
+++ b/board/pc-efibootguard/linux-efistub.fragment
@@ -0,0 +1,4 @@
+CONFIG_EFI=y
+CONFIG_EFI_STUB=y
+CONFIG_EFIVAR_FS=y
+CONFIG_EFI_PARTITION=y
diff --git a/board/pc-efibootguard/post-build.sh b/board/pc-efibootguard/post-build.sh
new file mode 100755
index 0000000000..7f5973cd39
--- /dev/null
+++ b/board/pc-efibootguard/post-build.sh
@@ -0,0 +1,35 @@
+#!/bin/sh
+
+set -e
+
+BOARD_DIR=$(dirname "$0")
+
+# Kernel cmdline to append
+KERNEL_CMDLINE=""
+
+# Create efibootguard boot-a slot configuration
+mkdir -p ${BINARIES_DIR}/boot-a-part
+echo -n "boot-a" | iconv -f ascii -t UTF-16LE > ${BINARIES_DIR}/boot-a-part/EFILABEL
+${HOST_DIR}/bin/bg_setenv \
+ --verbose \
+ --watchdog=0 \
+ --filepath=${BINARIES_DIR}/boot-a-part/BGENV.DAT \
+ --revision=2 \
+ --ustate=OK \
+ --kernel="C:boot-a:bzImage" \
+ --args="root=PARTLABEL=system-a $KERNEL_CMDLINE"
+
+# Create efibootguard boot-a slot configuration (unbootable)
+mkdir -p ${BINARIES_DIR}/boot-b-part
+echo -n "boot-b" | iconv -f ascii -t UTF-16LE > ${BINARIES_DIR}/boot-b-part/EFILABEL
+${HOST_DIR}/bin/bg_setenv \
+ --verbose \
+ --watchdog=0 \
+ --filepath=${BINARIES_DIR}/boot-b-part/BGENV.DAT \
+ --revision=1 \
+ --ustate=FAILED \
+ --kernel="C:boot-b:bzImage" \
+ --args="root=PARTLABEL=system-b $KERNEL_CMDLINE"
+
+# Copy kernel into boot-a.
+cp ${BINARIES_DIR}/bzImage ${BINARIES_DIR}/boot-a-part/
diff --git a/board/pc-efibootguard/post-image.sh b/board/pc-efibootguard/post-image.sh
new file mode 100755
index 0000000000..eec88f707d
--- /dev/null
+++ b/board/pc-efibootguard/post-image.sh
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+set -e
+
+UUID=$(dumpe2fs "$BINARIES_DIR/rootfs.ext2" 2>/dev/null | sed -n 's/^Filesystem UUID: *\(.*\)/\1/p')
+sed "s/UUID_TMP/$UUID/g" board/pc-efibootguard/genimage.cfg > "$BINARIES_DIR/genimage.cfg"
+support/scripts/genimage.sh -c "$BINARIES_DIR/genimage.cfg"
diff --git a/board/pc-efibootguard/readme.txt b/board/pc-efibootguard/readme.txt
new file mode 100644
index 0000000000..d3eeb9793a
--- /dev/null
+++ b/board/pc-efibootguard/readme.txt
@@ -0,0 +1,30 @@
+EFI Boot Guard Example Recipe
+=============================
+
+1. Build
+
+ Build the image:
+
+ $ make pc_x86_64_efibootguard_defconfig
+
+ Add any additional packages required and build:
+
+ $ make
+
+Emulation in qemu
+=================
+
+Run the emulation with:
+
+qemu-system-x86_64 \
+ -M pc \
+ -drive if=pflash,format=raw,readonly=on,file=</path/to/OVMF_CODE.fd> \
+ -drive file=output/images/disk.img,if=virtio,format=raw \
+ -boot menu=on \
+ -net nic,model=virtio \
+ -net user
+
+Note that </path/to/OVMF.fd> needs to point to a valid x86_64 UEFI
+firmware image for qemu. It may be provided by your distribution as a
+edk2 or OVMF package, in a path such as /usr/share/OVMF/OVMF_CODE_4M.fd
+(for Debian).
diff --git a/board/pc-efibootguard/run-image-qemu.sh b/board/pc-efibootguard/run-image-qemu.sh
new file mode 100755
index 0000000000..32be727c3e
--- /dev/null
+++ b/board/pc-efibootguard/run-image-qemu.sh
@@ -0,0 +1,9 @@
+#!/bin/sh
+
+qemu-system-x86_64 \
+ -M pc \
+ -drive if=pflash,format=raw,readonly=on,file=/usr/share/OVMF/OVMF_CODE_4M.fd \
+ -drive file=output/images/disk.img,if=virtio,format=raw \
+ -boot menu=on \
+ -net nic,model=virtio \
+ -net user
diff --git a/configs/pc_x86_64_efibootguard_defconfig b/configs/pc_x86_64_efibootguard_defconfig
new file mode 100644
index 0000000000..276c628e18
--- /dev/null
+++ b/configs/pc_x86_64_efibootguard_defconfig
@@ -0,0 +1,51 @@
+BR2_x86_64=y
+BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_6_12=y
+BR2_GLOBAL_PATCH_DIR="board/pc/patches"
+BR2_DOWNLOAD_FORCE_CHECK_HASHES=y
+BR2_ROOTFS_DEVICE_CREATION_DYNAMIC_EUDEV=y
+BR2_TARGET_GENERIC_GETTY_PORT="tty1"
+BR2_ROOTFS_POST_BUILD_SCRIPT="board/pc-efibootguard/post-build.sh"
+BR2_ROOTFS_POST_IMAGE_SCRIPT="board/pc-efibootguard/post-image.sh"
+BR2_LINUX_KERNEL=y
+BR2_LINUX_KERNEL_CUSTOM_VERSION=y
+BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="6.12.47"
+BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y
+BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/pc/linux.config"
+BR2_LINUX_KERNEL_CONFIG_FRAGMENT_FILES="board/pc-efibootguard/linux-efistub.fragment"
+BR2_LINUX_KERNEL_INSTALL_TARGET=y
+BR2_LINUX_KERNEL_NEEDS_HOST_OPENSSL=y
+BR2_LINUX_KERNEL_NEEDS_HOST_LIBELF=y
+BR2_PACKAGE_LINUX_FIRMWARE=y
+BR2_PACKAGE_LINUX_FIRMWARE_ATHEROS_9170=y
+BR2_PACKAGE_LINUX_FIRMWARE_ATHEROS_9271=y
+BR2_PACKAGE_LINUX_FIRMWARE_IWLWIFI_3160=y
+BR2_PACKAGE_LINUX_FIRMWARE_IWLWIFI_3168=y
+BR2_PACKAGE_LINUX_FIRMWARE_IWLWIFI_5000=y
+BR2_PACKAGE_LINUX_FIRMWARE_IWLWIFI_6000G2A=y
+BR2_PACKAGE_LINUX_FIRMWARE_IWLWIFI_6000G2B=y
+BR2_PACKAGE_LINUX_FIRMWARE_IWLWIFI_7260=y
+BR2_PACKAGE_LINUX_FIRMWARE_IWLWIFI_7265D=y
+BR2_PACKAGE_LINUX_FIRMWARE_IWLWIFI_8000C=y
+BR2_PACKAGE_LINUX_FIRMWARE_IWLWIFI_8265=y
+BR2_PACKAGE_LINUX_FIRMWARE_RALINK_RT73=y
+BR2_PACKAGE_LINUX_FIRMWARE_RALINK_RT2XX=y
+BR2_PACKAGE_LINUX_FIRMWARE_RTL_81XX=y
+BR2_PACKAGE_LINUX_FIRMWARE_RTL_87XX=y
+BR2_PACKAGE_LINUX_FIRMWARE_RTL_88XX=y
+BR2_PACKAGE_LINUX_FIRMWARE_RTL_8169=y
+BR2_PACKAGE_ACPID=y
+BR2_PACKAGE_CONNMAN=y
+BR2_PACKAGE_CONNMAN_WIFI=y
+BR2_PACKAGE_CONNMAN_CLIENT=y
+BR2_PACKAGE_WIRELESS_REGDB=y
+BR2_TARGET_ROOTFS_EXT2=y
+BR2_TARGET_ROOTFS_EXT2_4=y
+BR2_TARGET_ROOTFS_EXT2_SIZE="120M"
+# BR2_TARGET_ROOTFS_TAR is not set
+BR2_TARGET_EFIBOOTGUARD=y
+BR2_TARGET_EFIBOOTGUARD_X86_64=y
+BR2_TARGET_EFIBOOTGUARD_INSTALL_TOOLS=y
+BR2_TARGET_HOST_EFIBOOTGUARD=y
+BR2_PACKAGE_HOST_DOSFSTOOLS=y
+BR2_PACKAGE_HOST_GENIMAGE=y
+BR2_PACKAGE_HOST_MTOOLS=y

--
2.53.0

[Jan Kiszka]

On 19.04.26 02:20, Christopher Obbard wrote:
> This patch series adds support for the efibootguard bootloader
> (https://github.com/siemens/efibootguard) to buildroot. efibootguard
> can be useful when designing systems using A/B slot-based upgrades.
>
> The first patch introduces the efibootguard bootloader package which
> builds the EFI application, user-space applications and host
> applications.
>
> The second patch adds an example recipe which demonstrates how to use
> efibootguard in a typical EFI boot scenario. This may serve as a
> reference for users looking to integrate efibootguard into their system.
>
> efibootguard can be built for multiple architectures, but for now this
> patch series only builds for x86_64 (since that was what the project I
> added efibootguard to used). Support for additional architectures
> (including arm, aarch64 and riscv) will come in future follow-up patches.
> I expect to do that once this series has been merged.
>
> The example recipe has been boot-tested on QEMU with OVMF firmware and
> I have confirmed the image boots & runs as expected.
>
> Feedback welcome!

Thanks for the recipes! Beside other archs, UKI and secure boot aren't
in scope for this version either, right?

Jan

Siemens AG, Foundational Technologies
Linux Expert Center

[Christopher Obbard]

Hi Jan,

On Mon, 20 Apr 2026 at 10:15, Jan Kiszka <jan.k...@siemens.com> wrote:
>
> On 19.04.26 02:20, Christopher Obbard wrote:
> > This patch series adds support for the efibootguard bootloader
> > (https://github.com/siemens/efibootguard) to buildroot. efibootguard
> > can be useful when designing systems using A/B slot-based upgrades.
> >
> > The first patch introduces the efibootguard bootloader package which
> > builds the EFI application, user-space applications and host
> > applications.
> >
> > The second patch adds an example recipe which demonstrates how to use
> > efibootguard in a typical EFI boot scenario. This may serve as a
> > reference for users looking to integrate efibootguard into their system.
> >
> > efibootguard can be built for multiple architectures, but for now this
> > patch series only builds for x86_64 (since that was what the project I
> > added efibootguard to used). Support for additional architectures
> > (including arm, aarch64 and riscv) will come in future follow-up patches.
> > I expect to do that once this series has been merged.
> >
> > The example recipe has been boot-tested on QEMU with OVMF firmware and
> > I have confirmed the image boots & runs as expected.
> >
> > Feedback welcome!
>
> Thanks for the recipes! Beside other archs, UKI and secure boot aren't
> in scope for this version either, right?

That's right. I was hoping to get some initial feedback from buildroot
maintainers to see if this
is in the correct shape before adding more features like other arch
builds, UKI and secureboot
in a follow-up patchset.

I also have a sample buildroot recipe to integrate a RAUC bundle with
efibootguard and
RAUC efibootguard integration:
https://github.com/obbardc/buildroot/tree/wip/obbardc/rauc-efibootguard
which is from https://github.com/rauc/rauc/pull/1450

I planned to submit that example to buildroot in a follow-up patchset
too, once the RAUC side is a bit further.


Cheers!

Chris

[Jan Kiszka]

Thanks for explaining, makes sense to me!

Jan