Skiroot dependencies for Secure & Trusted Boot #2915
Comments
|
We would want to submit the op-build patch for efivar asap, however we might have to do some changes to it in context of POWER. This might take us some time. I would like to get the feedback that if the suggested approach looks fine, or is there a better way ? Thanks & Regards, |
|
Sending through a patch now is the best way :) Then it can run through the pull-request CI and we can see how it handles it. |
|
Thanks Sam !! We will try to send the patch asap. Thanks & Regards, |
|
Eric had tried building efivar into skiroot image. It seems it adds additional 300kb approximately.. He tested it and there was no complain on the size. |
|
Hemant Baxi <[email protected]> writes:
Eric had tried building efivar into skiroot image. It seems it adds additional 300kb approximately.. He tested it and there was no complain on the size.
Also, it seems efivar is already available from buildroot. It just needs to be enabled via an openpower config - BR2_PACKAGE_EFIVAR=y.
To try it now, we did via "op-build menuconfig". We are not very sure
which config is the right one to be edited for the patch
submission. Will it be openpower/configs/witherspoon_defconfig ?
All platforms that will support secure boot, which means all POWER9 ones.
…--
Stewart Smith
OPAL Architect, IBM.
|
Incoming changes for Secure & Trusted Boot on OpenPOWER platforms will have a few dependencies in the Skiroot image.
This may apparently include
efivarand utilities fromefitools.There may be some porting work to be done here which the STB team will handle. More generally this will probably push up hard against the 16MB size limit for BOOTKERNEL or blow right past it.
The STB team will need to work with upstream op-build to work out
Possibly we'll have to look into increasing BOOTKERNEL size or potentially packing some tools as pb-plugins if possible.
The text was updated successfully, but these errors were encountered: