From a93bdc8e4ea60ef461dc7154145c15912f04431c Mon Sep 17 00:00:00 2001 From: Javier Tia Date: Sun, 6 Oct 2024 21:35:28 -0600 Subject: [PATCH] arm/uefi-secureboot: Add uefi http boot support MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Enable network boot via HTTP protocol. Many embedded and server-class systems use network boot for booting. Enabling network boot on devices allows: - Shipping devices without OS images. When we power up the device, the firmware can connect to the Internet and download and install suitable boot images for this specific device. Administrators can centrally manage the boot images and configuration files on a network server. This centralization streamlines the management of boot options and ensures consistency across all devices. - This is particularly useful in enterprise environments. On mass deployments, there is a need to install the operating system on multiple devices simultaneously. - Ability to maintain a completely diskless system if needed  The plain HTTP protocol lacks encryption. It's intended to be used on local networks. Secure http protocol support is under review.  Signed-off-by: Javier Tia Signed-off-by: Jon Mason --- ci/uefi-secureboot.yml | 2 +- meta-arm/recipes-bsp/u-boot/u-boot-uefi-http-boot.inc | 3 +++ meta-arm/recipes-bsp/u-boot/u-boot-uefi-secureboot.inc | 2 ++ meta-arm/recipes-bsp/u-boot/u-boot/uefi-http-boot.cfg | 6 ++++++ 4 files changed, 12 insertions(+), 1 deletion(-) create mode 100644 meta-arm/recipes-bsp/u-boot/u-boot-uefi-http-boot.inc create mode 100644 meta-arm/recipes-bsp/u-boot/u-boot/uefi-http-boot.cfg diff --git a/ci/uefi-secureboot.yml b/ci/uefi-secureboot.yml index f647f4b1..4e9572cc 100644 --- a/ci/uefi-secureboot.yml +++ b/ci/uefi-secureboot.yml @@ -23,7 +23,7 @@ local_conf_header: WKS_FILE = "efi-disk.wks.in" KERNEL_IMAGETYPE = "Image" - MACHINE_FEATURES:append = " efi uefi-secureboot" + MACHINE_FEATURES:append = " efi uefi-secureboot uefi-http-boot" EFI_PROVIDER = "systemd-boot" diff --git a/meta-arm/recipes-bsp/u-boot/u-boot-uefi-http-boot.inc b/meta-arm/recipes-bsp/u-boot/u-boot-uefi-http-boot.inc new file mode 100644 index 00000000..490a9684 --- /dev/null +++ b/meta-arm/recipes-bsp/u-boot/u-boot-uefi-http-boot.inc @@ -0,0 +1,3 @@ +FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:" + +SRC_URI += "file://uefi-http-boot.cfg" \ No newline at end of file diff --git a/meta-arm/recipes-bsp/u-boot/u-boot-uefi-secureboot.inc b/meta-arm/recipes-bsp/u-boot/u-boot-uefi-secureboot.inc index e58035a9..48c2de86 100644 --- a/meta-arm/recipes-bsp/u-boot/u-boot-uefi-secureboot.inc +++ b/meta-arm/recipes-bsp/u-boot/u-boot-uefi-secureboot.inc @@ -4,6 +4,8 @@ SRC_URI += "file://uefi-secureboot.cfg" inherit sbsign +require ${@bb.utils.contains('MACHINE_FEATURES', 'uefi-http-boot', 'u-boot-uefi-http-boot.inc', '', d)} + DEPENDS += 'python3-pyopenssl-native' do_compile:prepend() { diff --git a/meta-arm/recipes-bsp/u-boot/u-boot/uefi-http-boot.cfg b/meta-arm/recipes-bsp/u-boot/u-boot/uefi-http-boot.cfg new file mode 100644 index 00000000..a9edf2a2 --- /dev/null +++ b/meta-arm/recipes-bsp/u-boot/u-boot/uefi-http-boot.cfg @@ -0,0 +1,6 @@ +CONFIG_PROT_TCP=y +CONFIG_PROT_TCP_SACK=y +CONFIG_CMD_WGET=y +CONFIG_CMD_DNS=y +CONFIG_BLKMAP=y +CONFIG_EFI_HTTP_BOOT=y