Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

app-crypt/efitools: Drop in favour of app-emulation/virt-firmware #2430

Merged
merged 2 commits into from
Nov 7, 2024

Conversation

chewi
Copy link
Contributor

@chewi chewi commented Nov 6, 2024

Replace efitools with virt-firmware

virt-fw-vars handles X.509 conversion and QCOW2 conversion transparently and can update all the variables in a single invocation.

Bonus: Asking it to list the variables doesn't cause a segfault due to the feature not really being implemented. 😁

The 00000000-0000-0000-0000-000000000000 owner GUID is what flash-var used to set, as we didn't specify the -g argument. We don't need to set a meaningful value as this file is only for testing.

How to use

Simply use ./flatcar_production_qemu_uefi_secure.sh -T swtpm to ensure the image still works with Secure Boot enabled.

Testing done

qemu_uefi_secure failed overall but only because of cl.tpm.eventlog, which was already failing.

  • Changelog entries added in the respective changelog/ directory (user-facing change, bug fix, security fix, update) -- N/A
  • Inspected CI output for image differences: /boot and /usr size, packages, list files for any missing binaries, kernel modules, config files, kernel modules, etc. -- N/A

chewi added 2 commits November 6, 2024 11:58
Unfortunately, it pulls in a number of dependencies.

Signed-off-by: James Le Cuirot <[email protected]>
virt-fw-vars handles X.509 conversion and QCOW2 conversion transparently
and can update all the variables in a single invocation.

Bonus: Asking it to list the variables doesn't cause a segfault due to
the feature not really being implemented. :D

The 00000000-0000-0000-0000-000000000000 owner GUID is what flash-var
used to set, as we didn't specify the -g argument. We don't need to set
a meaningful value as this file is only for testing.

Signed-off-by: James Le Cuirot <[email protected]>
@chewi chewi requested a review from a team November 6, 2024 12:09
@chewi chewi self-assigned this Nov 6, 2024
@chewi chewi merged commit 2fcff86 into main Nov 7, 2024
1 check failed
@chewi chewi deleted the chewi/virt-firmware branch November 7, 2024 11:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants