Commit Graph

22 Commits

Author SHA1 Message Date
Michael Shigorin
cdaaee4e97 efi: +efi is now signed
That reflects the packaging and distribution practice
having formed during last year or so...
2014-03-20 01:07:19 +04:00
Michael Shigorin
3f547e2504 documentation: use paths relative to toplevel dir
This change is done to reduce ambiguity in some cases;
the previous intention has been to ease navigation when
staying in a particular directory, now it's been changed
in favour of convenient toplevel `git grep' in fact.

Both variants have their pros and cons, I just find myself
leaning to this one by now hence the commit.  Feel free to
provide constructive criticism :)

Some path-related bitrot has also been fixed while at that.
2014-03-05 21:36:30 +04:00
Michael Shigorin
596a6bfe3d efi: whoops, non-x86_64 got broken
I've noted that this bit of code should be fixed up
before pushing but managed to overlook that in the end :(

mkimage version bump is due to the somewhat changed layout
of EFI packages and binaries within those (linked message in Russian):
http://lists.altlinux.org/pipermail/devel-distro/2013-December/001283.html
2013-12-24 11:54:01 +02:00
Michael Shigorin
129e40395a efi: add pesign to the rescue
It's at least as worthy as sbsigntools are.
2013-12-19 03:11:11 +04:00
Michael Shigorin
83b17d2982 efi: add use/efi/memtest86
It's implemented just like EFI_SHELL and will definitely
change someday but so far it's like this...
2013-12-19 03:11:11 +04:00
Michael Shigorin
90429a8508 efi: drop -signed subpackages
We chose to provide methods to sign packages but to avoid
signing these by default (with some arbitrary test keys)
the signatures are being added *after* the build by means
of rpmrebuild-pesign; all of this is made significantly
more complicated if there are separate -signed subpackages.

So these are being dropped in the packages; account for that.
2013-12-17 15:48:59 +02:00
Michael Shigorin
8d26de28a3 efi: generalize (stage2 += rootfs)
This feature is more generally applicable indeed;
might result in duplication due to the installer
components adding "efivars" independently but that
is to be sorted out later in those components:
- check whether it's added already sometime soon;
- maybe stop adding that at some point in the future.

install2 and rescue roots still need this too though.
2013-06-17 14:03:53 +04:00
Michael Shigorin
062a9d915a efi: specify minimal mkimage version for SB
Bump it to account for the useful fixes in mkimage-0.2.7.
2013-02-26 00:42:36 +04:00
Michael Shigorin
9629cbe143 efi: tweak shell setup
It's possible that use/efi/signed target has fired already
at the time when use/efi/shell is invoked; shouldn't clobber
the signed shell with unsigned one.
2013-02-21 22:37:28 +04:00
Michael Shigorin
8645219667 live: added EFI to use/live/desktop
Its support is quite mature and practically useful by now.
Let's also add a convenient alias.
2013-02-18 22:14:42 +04:00
Michael Shigorin
d83eb78762 efi: added fatresize
Helps with #28470 (FAT not being recognized) which is critical
due to ESP being FAT by spec :-/

Thanks timonbl4@ for the hint.
2013-02-11 21:29:15 +04:00
Michael Shigorin
40e680e50d efi: employ shim-signed
Was an oversight to miss it.
2013-02-04 22:18:26 +04:00
Michael Shigorin
915f2c2051 efi: introduced use/efi/shell
It's aimed at providing UEFI shell implementation which is very
useful for repairs and debug; if the "signed" mode is requested
then the signed variant is used either.

Please note that there are two distinct uses:
- a shell lying around on a filesystem to be copied by hand;
- a shell available in EFI part of boot media to be launched
  by firmware's or standalone boot manager (e.g. refind).
2013-01-21 13:49:21 +02:00
Michael Shigorin
d004d09c7c efi: efi-shell and signed variants to the rescue
UEFI shell is pretty valuable debugging and fixup tool.

When one has to mess with Restricted Boot, openssl and
some PE signing tools might come handy either; see also
http://www.rodsbooks.com/efi-bootloaders/secureboot.html
2013-01-21 13:49:21 +02:00
Michael Shigorin
0ba8d3fbae efi: added refind to the rescue
Its bootloader autodetection capabilities can prove quite useful;
this particular addition has been "sponsored" by this thread:
http://lists.altlinux.org/pipermail/sisyphus/2013-January/subject.html#359481
2013-01-21 13:49:21 +02:00
Michael Shigorin
3ff5f6a195 efi: slightly enhanced documentation
The variables are best influenced by targets and not directly
to avoid architecture dependent clashes.
2013-01-14 18:33:25 +02:00
Michael Shigorin
36a707bbb2 efi: refind support
mkimage > 0.2.5 should have received enhanced UEFI support
including the ability to setup refind (#28349);
make the feature ready for that.
2013-01-14 18:14:47 +02:00
Michael Shigorin
8c8d7c24d1 efi: initial signed bootloader support
The implementation goes the shim[1] way as described here[2];
many thanks to Matthew Garrett and Rod Smith.

[1] http://mjg59.dreamwidth.org/20303.html
[2] http://www.rodsbooks.com/efi-bootloaders/secureboot.html
2013-01-14 17:36:10 +02:00
Michael Shigorin
cd0db8d363 efi: handle rescue as well
The rescue feature intentionally doesn't pick up THE_PACKAGES
and THE_LISTS into stage2, so add EFI ones explicitly.
2012-12-26 18:02:11 +04:00
Michael Shigorin
b6eb7cb732 efi: skip on unsupported target architectures
There's a possibility to run into IA32 EFI but that's rather
uninteresting hardware (ancient Xeon servers and <s>outdated</s>
early Intel Mac laptops).  Just drop it on the floor.

As x86_64 UEFI support would result in "2D hybrid(r)(tm)" image
which boots with all combinations of BIOS/UEFI by CD|DVD/Flash
(or at least should boot), some downgrace seems due: use/efi will
turn use/isohybrid on non-x86_64 -- which will require further
tweaks on PPC/ARM some day.
2012-12-26 17:07:19 +04:00
Michael Shigorin
5a61e2d4cc efi: employ mkimage
The initial approach required some quite involved postprocessing
as described in http://www.altlinux.org/UEFI#HOWTO; after having
ironed out the kinks so that initial EFI support could be merged
into mkimage proper we're better off just using it, eh?
2012-12-17 14:40:55 +04:00
Michael Shigorin
653b8e1df8 initial EFI support
EFI/UEFI is mostly about partitioning and bootloader setup,
at least from a distribution's point of view; so the
appropriate tools should be handy and firmware interface
module should not be exterminated from installer images
but get autoloaded instead.

Please note that while there exists 32-bit x86 EFI
we don't bother with it at the time being: it's relevant
to some irrelevant Xeon systems as well as for the older
Intel Macs (<2008) that are long out of fashion anyways.
That is, initially we deal with x86_64 EFI only.
2012-11-19 23:26:51 +02:00