Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

app-crypt/efitools: Drop in favour of app-emulation/virt-firmware #2430

Merged
merged 2 commits into from
Nov 7, 2024
Merged

app-crypt/efitools: Drop in favour of app-emulation/virt-firmware #2430

merged 2 commits into from
Nov 7, 2024

Conversation

chewi
Copy link
Contributor

@chewi chewi commented Nov 6, 2024
edited
Loading

Replace efitools with virt-firmware

virt-fw-vars handles X.509 conversion and QCOW2 conversion transparently and can update all the variables in a single invocation.

Bonus: Asking it to list the variables doesn't cause a segfault due to the feature not really being implemented. 😁

The 00000000-0000-0000-0000-000000000000 owner GUID is what flash-var used to set, as we didn't specify the -g argument. We don't need to set a meaningful value as this file is only for testing.

How to use

Simply use ./flatcar_production_qemu_uefi_secure.sh -T swtpm to ensure the image still works with Secure Boot enabled.

Testing done

qemu_uefi_secure failed overall but only because of cl.tpm.eventlog, which was already failing.

  • Changelog entries added in the respective changelog/ directory (user-facing change, bug fix, security fix, update) -- N/A
  • Inspected CI output for image differences: /boot and /usr size, packages, list files for any missing binaries, kernel modules, config files, kernel modules, etc. -- N/A

chewi added 2 commits November 6, 2024 11:58
@chewi
app-emulation/virt-firmware: Import from Gentoo to replace efitools
86ebb70 
Unfortunately, it pulls in a number of dependencies.

Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
@chewi
app-crypt/efitools: Drop in favour of app-emulation/virt-firmware
bcd203e 
virt-fw-vars handles X.509 conversion and QCOW2 conversion transparently
and can update all the variables in a single invocation.

Bonus: Asking it to list the variables doesn't cause a segfault due to
the feature not really being implemented. :D

The 00000000-0000-0000-0000-000000000000 owner GUID is what flash-var
used to set, as we didn't specify the -g argument. We don't need to set
a meaningful value as this file is only for testing.

Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
@chewi chewi requested a review from a team November 6, 2024 12:09
@chewi chewi self-assigned this Nov 6, 2024
@chewi chewi merged commit 2fcff86 into main Nov 7, 2024
1 check failed
@chewi chewi deleted the chewi/virt-firmware branch November 7, 2024 11:43
@github-actions github-actions bot mentioned this pull request Nov 22, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tormath1 tormath1 tormath1 approved these changes

Assignees

@chewi chewi

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@chewi @tormath1