From patchwork Fri Jun 14 11:23:17 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anton Mikanovich X-Patchwork-Id: 3601 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Fri, 14 Jun 2024 13:23:40 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-wm1-f64.google.com (mail-wm1-f64.google.com [209.85.128.64]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 45EBNdS1031658 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Fri, 14 Jun 2024 13:23:39 +0200 Received: by mail-wm1-f64.google.com with SMTP id 5b1f17b1804b1-42120e033e2sf12178685e9.0 for ; Fri, 14 Jun 2024 04:23:39 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1718364214; cv=pass; d=google.com; s=arc-20160816; b=liVRiLDVHfp0BBCEvaoa1Z7U/5+IWV1iP9sFbD1EaCP84ZVM88gXh0GDtyW5s4de9A UTseUI6FSG7Vk8OfPatPJ816sdUXFBTQbdnyFVRa7lotjUkCWjYktoeMRUjyI9EgDKg+ UkPeuq2Uv5r8d/f3d0rohMde1/94CFotIrylcQMnshuJNEHKZ/i6HdlJZLmdp7/hJ2It YAkaux3+N6Y/CXnCPnvd/G1keWgt84RrUu8s7duS8Q5WjgLJnNUXjUhqZGomquLq8dB3 xAd5Encu8oUixW3Fwl6vbkdh9yE41lCJpMoq5428NHAdN9HeB9LKHZiqeF36ulYBBvdj zbhA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:sender:dkim-signature; bh=LGaXlVQCvmmNEoAZaA0hD1MVDeaBSip5g65Rtq1uFag=; fh=FeZ8bm845hZG5N9OtJ/HcD/mF8hq+CO8zzbNjsZovfI=; b=lJl6B1Xce1zUG+KUm1Qkb8RNEyyvcYdU/mp32Q1NvtgBjh44bbGhkYfofHoT4rqZJi TrHdQGYnbqEFdNPIbbDNz+kiE6I6uMlaWTLZg8d4gzI1ESTty/NNxhwmXRbHvN3Uh6/f p2sd8YtYep7SR2t3BQ/aVXlDg2kj14PZ2DzIyDa5yCSqSysPbeqQd631fkvZ+VVzSX7F fp4Q68j/gCiEWv1bpllCISu8wIput0r9MUpfFI09/aRVvsJlP2YcdIOEn1BbYrDWeOE5 Xxsu8LjPXdEMBAKyWzwVL14hvYp/eW39lwr8LQHKp5qI8Gpy0dsparqsH693V6+F+uRq oeLQ==; darn=isar-build.org ARC-Authentication-Results: i=2; gmr-mx.google.com; spf=pass (google.com: domain of amikan@ilbers.de designates 85.214.156.166 as permitted sender) smtp.mailfrom=amikan@ilbers.de DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1718364214; x=1718969014; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:content-transfer-encoding:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:sender:from:to:cc :subject:date:message-id:reply-to; bh=LGaXlVQCvmmNEoAZaA0hD1MVDeaBSip5g65Rtq1uFag=; b=REEob8VE4K8FSa5tdgOqakfULIShV0QIpN7nPFYeCjWRTKs6QJjK25ltRXb4Y2FuGV wGNzbj07gpTuvaRTNuoRPdf2X3bR8t9jbrOXBPmNRrf4niKq7cnssxeHLnsMtsrgFG6y 28AHYeY8bcGXTnEjor7r5CIKH7dx/lnMybsObRTj3JFk6mCngpEjU0ykTYWA4caq8Ytl lhDq/DgCEuaq4nk2Ohhbdq9jIIG2UC0zX99bU1H9JU8Fv0SzXp7jfVaqu3KRayDQreSb 7fonuEEnN4cMtEVC1FpFDlN4XgP9bw0vUznHj3QzoOV206mQIf/WQUfE1rc9xrqWDHQQ cuVQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1718364214; x=1718969014; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence :x-original-authentication-results:x-original-sender :content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-beenthere:x-gm-message-state :sender:from:to:cc:subject:date:message-id:reply-to; bh=LGaXlVQCvmmNEoAZaA0hD1MVDeaBSip5g65Rtq1uFag=; b=c0I1Ap5RyEn9nK4xaBnN1hkl5D+tuSKMoJ7w9VJgLxhqRBI5Bmx/4zqriett4iiwvg P67+YEmsrQbPYrieh1/b4HDumdv3h3c2mXKthgJyplxrHGkDqQ8WM87oc/PcHBxaSy+i JPSqa3tPHrCJudKqy7Y7QsbKBOp0Lhi+aQoTj6N1AakRnrhPDOcdDTOjGmt5byHBxsYy TCe+rqLFp2OZgWJS7ey+1kmY3ju1ykEBC4+9422SBk5ldYbDNcb41LFLJruHeb2WeWqu IiP8XpYQ1xhniHGkHv6fAvHoEdUvDcYGA2+aept+YrZSEkLkq9a+2xhKPmIWCo4f/TKh /0eQ== Sender: isar-users@googlegroups.com X-Forwarded-Encrypted: i=2; AJvYcCUmAgxUXW0CM1F0AbA+QusnHMoVrPEft4UQ2iHDB1ScnoEEId2nfQuocXaRscHWLNwKeH7edFG8kbr1/ryY+MSGfQn2lG8= X-Gm-Message-State: AOJu0YzfOLK2yWNVRYq5i7JS0vW42PSFLVPMIOxt/w2kv7B8ob3davJy EIdatnXD+Lzq05lnGEptoPqcFXafywliuo2nr927chDvbRQGPMqB X-Google-Smtp-Source: AGHT+IF+5EOTALGCua4NprMR6Zu8Km+lG4Q8egO7y3usZJcH7U2tRG11LxMjSipn6FkQI3TE4Xs70g== X-Received: by 2002:a05:600c:154a:b0:421:8f16:16d5 with SMTP id 5b1f17b1804b1-42304852afcmr24324375e9.33.1718364213381; Fri, 14 Jun 2024 04:23:33 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a05:600c:4f83:b0:421:7e41:1867 with SMTP id 5b1f17b1804b1-422b6dc6f7als7709495e9.0.-pod-prod-08-eu; Fri, 14 Jun 2024 04:23:31 -0700 (PDT) X-Received: by 2002:a05:600c:1911:b0:422:7037:54c0 with SMTP id 5b1f17b1804b1-4230481f07emr22591125e9.7.1718364211373; Fri, 14 Jun 2024 04:23:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1718364211; cv=none; d=google.com; s=arc-20160816; b=X6MAkz/vMcb7iJ7ApTsVcvoz1w0RORsw/Mka/KJX6Yb4Vql31tm6Wd3dOctSRFXPXI j99r/TMkyf+/QLQuTak4V3nJcosh2Hvwi0q6XxBce+OrJMIlDp6bRtMWeRdDj9vWJip7 yrIUmLqYfKxOUJUzgdXLp8sFWZ4hFamz+yBhAmIe+qyFCHqY965NL6DXQIVubyKKyFYl 4xhejhQSV2rITEQsTO/1Khi6ZKzHL+UYGiaDRt60E9NaARkqnnVr+gnlR11qbU2Yqgcy Y3Giw7QiuEkTnsG8cuVBZ6tb+XWsQRKKN2mRVDsBpLgyVpD3p9+7cFASx8XnsV6teCna X4Pw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=HPeIJmEiGTWQKAdIqLWluFtfIB+lJjJ26SLa3HKeSJ4=; fh=/h9QQkzJ8EboVkWg45aWwpaUro6WMavIVd2OhN45RtE=; b=wsT5i7CqXNGIczMoY6z3Sz/3pKL+TvSn3Rmrb1U48tVZib07Dx/N7VE+yGxB6EDEwH AAkeKtBCrcY+NrBkxJz6fZ9mg/vSZB3jZ6Wvbbmglzif48MeKNkmXlNvroY24W5UB7te kfWgQECH1fja2xMXUzc7ATU6JLKyZgMlAs0x3lA73WltQ8aKtHU6SB9BwR4G4D0pxmxx mxQY3qByttb+Hdttwci/2NhSvGEUtwfV29ftXfzXjwM/RtKsZ5MTTs/ztRM8EVncgDtF FlN5WxJRVqe5jnx9nE1FI6/ZLrCJj9tnKIG/k69+adpzT56sdz47AnqtW4X62iyWykWS 3IGw==; dara=google.com ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of amikan@ilbers.de designates 85.214.156.166 as permitted sender) smtp.mailfrom=amikan@ilbers.de Received: from shymkent.ilbers.de (shymkent.ilbers.de. [85.214.156.166]) by gmr-mx.google.com with ESMTPS id 5b1f17b1804b1-42284b090dfsi4336295e9.0.2024.06.14.04.23.31 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Fri, 14 Jun 2024 04:23:31 -0700 (PDT) Received-SPF: pass (google.com: domain of amikan@ilbers.de designates 85.214.156.166 as permitted sender) client-ip=85.214.156.166; Received: from localhost.localdomain (r154-240-38-77-broadband.btv.lv [77.38.240.154] (may be forged)) (authenticated bits=0) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPSA id 45EBNRq3031631 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 14 Jun 2024 13:23:30 +0200 From: Anton Mikanovich To: isar-users@googlegroups.com Cc: Anton Mikanovich Subject: [PATCH 2/5] start_vm: Add secureboot support Date: Fri, 14 Jun 2024 14:23:17 +0300 Message-Id: <20240614112320.122428-3-amikan@ilbers.de> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240614112320.122428-1-amikan@ilbers.de> References: <20240614112320.122428-1-amikan@ilbers.de> MIME-Version: 1.0 X-Spam-Status: No, score=-4.6 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED, RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-Original-Sender: amikan@ilbers.de X-Original-Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of amikan@ilbers.de designates 85.214.156.166 as permitted sender) smtp.mailfrom=amikan@ilbers.de Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= Add sb_copy_vars()/sb_cleanup() API for creation of OVMF variables file copy in case it was declared in QEMU_DISK_ARGS value. If OVMF_VARS_4M.ms.fd is already exists it will be reused, otherwise created copy will be deleted after QEMU exit. sb_copy_vars() returns True if cleanup needed. Signed-off-by: Anton Mikanovich --- meta-isar/conf/machine/qemuamd64-sb.conf | 2 +- testsuite/cibuilder.py | 13 ++++++--- testsuite/start_vm.py | 37 +++++++++++++++++++++--- 3 files changed, 43 insertions(+), 9 deletions(-) diff --git a/meta-isar/conf/machine/qemuamd64-sb.conf b/meta-isar/conf/machine/qemuamd64-sb.conf index 2bec553b..9ad5f8d6 100644 --- a/meta-isar/conf/machine/qemuamd64-sb.conf +++ b/meta-isar/conf/machine/qemuamd64-sb.conf @@ -18,4 +18,4 @@ IMAGER_INSTALL:wic += "${GRUB_DEBIAN_SB_MOK}" IMAGE_PREINSTALL += "mokutil" # overwrite qemu disk args for signed boot -QEMU_DISK_ARGS = "-drive file=##ROOTFS_IMAGE##,format=raw -global driver=cfi.pflash01,property=secure,value=on -drive if=pflash,format=raw,unit=0,file=/usr/share/OVMF/OVMF_CODE_4M.ms.fd,readonly=on" +QEMU_DISK_ARGS = "-drive file=##ROOTFS_IMAGE##,format=raw -global driver=cfi.pflash01,property=secure,value=on -drive if=pflash,format=raw,unit=0,file=/usr/share/OVMF/OVMF_CODE_4M.ms.fd,readonly=on -drive if=pflash,format=raw,unit=1,file=OVMF_VARS_4M.ms.fd" diff --git a/testsuite/cibuilder.py b/testsuite/cibuilder.py index 12c48180..a51d6f7e 100755 --- a/testsuite/cibuilder.py +++ b/testsuite/cibuilder.py @@ -477,6 +477,8 @@ BBPATH .= ":${LAYERDIR}"\ boot_log, None, enforce_pcbios) cmdline.insert(1, '-nographic') + need_sb_cleanup = start_vm.sb_copy_vars(cmdline) + self.log.info('QEMU boot line:\n' + ' '.join(cmdline)) self.log.info('QEMU boot log:\n' + boot_log) @@ -485,7 +487,7 @@ BBPATH .= ":${LAYERDIR}"\ universal_newlines=True) self.log.info("Started VM with pid %s" % (p1.pid)) - return p1, cmdline, boot_log + return p1, cmdline, boot_log, need_sb_cleanup def vm_wait_boot(self, p1, timeout): @@ -564,6 +566,9 @@ BBPATH .= ":${LAYERDIR}"\ pid = self.vm_dict[vm][0] os.kill(pid, signal.SIGKILL) + if self.vm_dict[vm][3]: + start_vm.sb_cleanup() + del(self.vm_dict[vm]) self.vm_dump_dict(vm) @@ -600,7 +605,7 @@ BBPATH .= ":${LAYERDIR}"\ stderr = "" if vm in self.vm_dict: - pid, cmdline, boot_log = self.vm_dict[vm] + pid, cmdline, boot_log, need_sb_cleanup = self.vm_dict[vm] # Check that corresponding process exists proc = subprocess.run("ps -o cmd= %d" % (pid), shell=True, text=True, @@ -612,8 +617,8 @@ BBPATH .= ":${LAYERDIR}"\ if run_qemu: self.log.info("No qemu-system process for `%s` found, run new VM" % (vm)) - p1, cmdline, boot_log = self.vm_turn_on(arch, distro, image, enforce_pcbios) - self.vm_dict[vm] = p1.pid, cmdline, boot_log + p1, cmdline, boot_log, need_sb_cleanup = self.vm_turn_on(arch, distro, image, enforce_pcbios) + self.vm_dict[vm] = p1.pid, cmdline, boot_log, need_sb_cleanup self.vm_dump_dict(vm) rc = self.vm_wait_boot(p1, timeout) diff --git a/testsuite/start_vm.py b/testsuite/start_vm.py index 2c07b816..45e509a7 100755 --- a/testsuite/start_vm.py +++ b/testsuite/start_vm.py @@ -1,15 +1,18 @@ #!/usr/bin/env python3 # # Helper script to start QEMU with Isar image -# Copyright (c) 2019, ilbers GmbH +# Copyright (c) 2019-2024, ilbers GmbH import argparse import os import socket import subprocess import sys +import shutil import time +OVMF_VARS_PATH = '/usr/share/OVMF/OVMF_VARS_4M.ms.fd' + def get_bitbake_env(arch, distro, image): multiconfig = 'mc:qemu' + arch + '-' + distro + ':' + image output = subprocess.check_output(['bitbake', '-e', str(multiconfig)]) @@ -91,16 +94,42 @@ def format_qemu_cmdline(arch, build, distro, image, out, pid, enforce_pcbios=Fal return cmd +def sb_copy_vars(cmdline): + ovmf_vars_filename = os.path.basename(OVMF_VARS_PATH) + + for param in cmdline: + if ovmf_vars_filename in param: + if os.path.exists(ovmf_vars_filename): + break + if not os.path.exists(OVMF_VARS_PATH): + print('%s required but not found!' % OVMF_VARS_PATH, file=sys.stderr) + break + shutil.copy(OVMF_VARS_PATH, ovmf_vars_filename) + return True + + return False + +def sb_cleanup(): + os.remove(os.path.basename(OVMF_VARS_PATH)) + def start_qemu(arch, build, distro, image, out, pid, enforce_pcbios): - cmdline = format_qemu_cmdline(arch, build, distro, image, out, pid, enforce_pcbios) + cmdline = format_qemu_cmdline(arch, build, distro, image, out, pid, + enforce_pcbios) cmdline.insert(1, '-nographic') + need_cleanup = sb_copy_vars(cmdline) + print(cmdline) - p1 = subprocess.call('exec ' + ' '.join(cmdline), shell=True) + + try: + subprocess.call('exec ' + ' '.join(cmdline), shell=True) + finally: + if need_cleanup: + sb_cleanup() def parse_args(): parser = argparse.ArgumentParser() - parser.add_argument('-a', '--arch', choices=['arm', 'arm64', 'amd64', 'i386', 'mipsel'], help='set isar machine architecture.', default='arm') + parser.add_argument('-a', '--arch', choices=['arm', 'arm64', 'amd64', 'amd64-sb', 'i386', 'mipsel'], help='set isar machine architecture.', default='arm') parser.add_argument('-b', '--build', help='set path to build directory.', default=os.getcwd()) parser.add_argument('-d', '--distro', choices=['buster', 'bullseye', 'bookworm', 'trixie', 'focal', 'jammy'], help='set isar Debian distribution.', default='bookworm') parser.add_argument('-i', '--image', help='set image name.', default='isar-image-base')