diff options
| author | Daan De Meyer <daan.j.demeyer@gmail.com> | 2024-10-01 14:30:15 +0200 |
|---|---|---|
| committer | Daan De Meyer <daan.j.demeyer@gmail.com> | 2024-10-04 11:36:25 +0200 |
| commit | 16020c3324215e0fc1bd8621d69dab33730bec77 (patch) | |
| tree | 9a13d5713f0a29ffce8c91b3320a1b14698310c8 /src/basic | |
| parent | ukify: Fix Profile config setting (diff) | |
| download | systemd-16020c3324215e0fc1bd8621d69dab33730bec77.tar.xz systemd-16020c3324215e0fc1bd8621d69dab33730bec77.zip | |
ukify: Rework multi-profile UKIs
The API introduced in https://github.com/systemd/systemd/pull/34295
is less than ideal:
- It doesn't consider signing at all (ukify can't sign separately yet)
- Measurement is completely broken (all profile sections are marked to
not be measured)
- It focuses on a very niche use case of extending existing UKIs and makes
the more common use case of building a UKI with several profiles included
much harder than needed.
Let's instead rework the API to focus on the primary use case of building
a UKI with multiple profiles added to it immediately. We require the profiles
to be built upfront as separate PE binaries with UKI. There's no need to sign
or measure these, they're solely vehicles for profile sections. This saves us
from having to complicate the command line and config parsing to support defining
multiple profiles.
To add the profiles when building a UKI, we introduce the new --add-profile
switch which takes a path to a PE binary describing a profile. The required
sections are read from each PE binary, measured and added as a profile.
The integration test is disabled until the new API is merged and exposed in
mkosi so that building a UKI with profiles can be left to mkosi and the integration
test will only test the switching between profiles and not the building of UKIs
with profiles.
Diffstat (limited to 'src/basic')
0 files changed, 0 insertions, 0 deletions