support minimal (Linux) and full (Linux + Xen) imgs at the same time

README.md

@@ -1,16 +1,7 @@
 # meta-trenchboot
 
-[![pipeline status](https://gitlab.com/trenchboot1/3mdeb/meta-trenchboot/badges/master/pipeline.svg)](https://gitlab.com/trenchboot1/3mdeb/meta-trenchboot/-/commits/master)
-
-Meta layer for the Trenchboot purposes
-
----
-
-## WARNING
-
-This is WIP repo and it is under development. Use it at your own risk.
-If you have use-cases for such thing to be developed, please submit
-an issue or PR with description of your needs / fixes.
+Meta layer used for testing and demonstration of the
+[TrenchBoot](https://trenchboot.org/) project.
 
 ---
 
@@ -51,9 +42,16 @@ an issue or PR with description of your needs / fixes.
 * From `yocto` directory run:
 
     ```shell
-    kas-container build meta-trenchboot/kas-generic-tb.yml
+    kas-container build meta-trenchboot/<target>.yml
     ```
 
+Available targets are:
+    - `kas-tb-minimal.yml` - will produce minimal TrenchBoot demonstration image,
+      supporting only Linux boot path (both legacy and UEFI)
+    - `kas-tb-full.yml` - will produce full TrenchBoot demonstration image,
+      supporting both Linux and Xen boot paths at the same time (selectable via
+      GRUB boot menu entries)
+
 * Image build takes time, so be patient and after build's finish you should see
 something similar to (the exact tasks numbers may differ):
 
@@ -64,7 +62,10 @@ something similar to (the exact tasks numbers may differ):
     NOTE: Tasks Summary: Attempted 4774 tasks of which 4749 didn't need to be rerun and all succeeded.
     ```
 
-Thanks to publishing the build cache on cache.dasharo.com the time needed to
+> Note: the cache might not be always up to date currently due to
+> [this issue](https://github.com/3mdeb/meta-trenchboot/issues/47).
+
+Thanks to publishing the build cache on `cache.dasharo.com`, the time needed to
 finish the process should be significantly decreased.
 Using the cache is enabled in `kas/cache.yml` file and can be disabled by removing
 reference to this file in `kas/common.yml`:
@@ -122,15 +123,19 @@ To flash resulting image:
 
 ## Booting
 
-To run TrenchBoot connect drive with flashed image to target platform and boot
-from it. In GRUB menu you can choose normal `boot` or `slaunch-boot`.
+To run TrenchBoot, connect drive with flashed image to target platform and boot
+from it. In GRUB menu you can select one of the boot paths.
+
+> Note: the `minimal` image will contain only the Linux entries.
 
 ```text
                              GNU GRUB  version 2.06
 
  +----------------------------------------------------------------------------+
- |*boot                                                                       |
- | slaunch-boot                                                               |
+ |*Boot Linux normally                                                        |
+ | Boot Linux with TrenchBoot                                                 |
+ | Boot Xen normally                                                          |
+ | Boot Xen with TrenchBoot                                                   |
  |                                                                            |
  |                                                                            |
  |                                                                            |
@@ -140,30 +145,13 @@ from it. In GRUB menu you can choose normal `boot` or `slaunch-boot`.
       Press enter to boot the selected OS, `e' to edit the commands
 ```
 
-After a while you should see login prompt.
+After a while you should see a login prompt.
 
 ```text
-early console in extract_kernel
-input_data: 0x0000000006801548
-input_len: 0x000000000121e953
-output: 0x0000000004600000
-output_len: 0x00000000033caee8
-kernel_total_size: 0x0000000003030000
-needed_size: 0x0000000003400000
-trampoline_32bit: 0x0000000000000000
-Physical KASLR using RDRAND RDTSC...
-Virtual KASLR using RDRAND RDTSC...
-
-Decompressing Linux... Parsing ELF... Performing relocations... done.
-Booting the kernel (entry_offset: 0x0000000000000000).
-
-
-Reference Yocto distro for PC Engines hardware 0.2.0 tb ttyS0
-
 tb login:
 ```
 
-To login use `root` account without password.
+To login use `root` username, with no password.
 
 ## Running in QEMU
 
@@ -185,9 +173,14 @@ qemu-system-x86_64 -serial stdio -enable-kvm \
 Below is list of main recipes/components of this layer, path to main recipe file
 and short description of component
 
+* tb-full-image
+    - Recipe: recipes-extended/images/tb-full-image.bb
+    - Content: Recipe to build image containing TrenchBoot components for both
+      Linux and Xen boot paths
 * tb-minimal-image
     - Recipe: recipes-extended/images/tb-minimal-image.bb
-    - Content: Recipe to build image containing all TB components
+    - Content: Recipe to build image containing TrenchBoot components for Linux
+      boot path
 * intel-sinit-acm
     - Recipe: recipes-support/intel-sinit-acm/intel-sinit-acm_630744.bb
     - Content: Download and deploy Intel ACM `*.bin` files.
@@ -196,14 +189,13 @@ and short description of component
     - Content: Secure Kernel Loader
 * linux-tb
     - Recipe: recipes-kernel/linux/linux-tb_6.6.bb
-    - Content: Linux kernel
+    - Content: Linux kernel with TrenchBoot patches
+* xen_tb
+    - Recipe: recipes-extended/xen/xen_tb.bb
+    - Content: Xen with TrenchBoot patches
 * grub
     - Recipe: recipes-bsp/grub/grub_%.bbappend
-* grub-efi
-    - Recipe: recipes-bsp/grub/grub-efi_%.bbappend
-* grub & grub-efi
-    - Recipe: recipes-bsp/grub/grub-tb-common.inc
-    - Content: Common config for both recipes
+    - Content: GRUB with TrenchBoot patches
 
 ### Source revision
 

conf/distro/include/tb-distro-common.conf

@@ -33,7 +33,7 @@ INITRAMFS_IMAGE = "core-image-initramfs-boot"
 INITRAMFS_IMAGE_BUNDLE = "1"
 
 # wks related variables
-WKS_FILES = "trenchboot-image-efipluslegacy.wks"
+WKS_FILES = "trenchboot-image-efipluslegacy.wks.in"
 WKS_FILE_DEPENDS:append = " grub-native"
 
 # explicitly use systemd and disable sysvinit completely

conf/distro/tb-distro.conf

@@ -1,3 +1,4 @@
 require conf/distro/include/tb-distro-common.conf
 
 DISTRO = "tb-distro"
+TB_GRUB_CFG_FILE = "grub-minimal.cfg"

conf/distro/tb-xen-distro.conf

@@ -11,3 +11,5 @@ PREFERRED_VERSION_xen = "4.17+tb"
 # TODO: for some reason, building tools from TB fork does not build all of the
 # tools - many basic binaries are missing
 PREFERRED_VERSION_xen-tools = "4.17+stable"
+
+TB_GRUB_CFG_FILE = "grub-full.cfg"

kas-xen-tb.yml → kas-tb-full.yml

@@ -12,4 +12,4 @@ repos:
 distro: tb-xen-distro
 machine: genericx86-64
 target:
-  - tb-xen-image
+  - tb-full-image

scripts/tb.sh

@@ -27,7 +27,7 @@ Usage:
         linux-tb                - Linux kernel
         grub                    - GRUB legacy
         grub-efi                - GRUB EFI
-        tb-minimal-image        - Complete image with all components. Can only
+        tb-full-image           - Complete image with all components. Can only
                                   be build or deployed
 
     destination:
@@ -122,7 +122,7 @@ parse_args() {
     esac
 
     case $RECIPE_ARG in
-        skl|grub|grub-efi|linux-tb|tb-minimal-image)
+        skl|grub|grub-efi|linux-tb|tb-full-image)
             ;;
         *)
             usage_error "Wrong recipe"
@@ -158,7 +158,7 @@ reset_recipe() {
 }
 
 build_recipe() {
-    if [ "$RECIPE_ARG" == "tb-minimal-image" ]; then
+    if [ "$RECIPE_ARG" == "tb-full-image" ]; then
         rm -rf "build/workspace/sources/grub/gnulib" 2&>/dev/null || true
         rm -rf "build/workspace/sources/grub-efi/gnulib" 2&>/dev/null || true
         kas-container shell "$KAS_YAML" \
@@ -216,7 +216,7 @@ update_grub() {
             fi
             kas-container --runtime-args \
                 "--device=$disk_device:$disk_device -v $DESTINATION_ARG:/mnt" \
-                shell meta-trenchboot/kas-generic-tb.yml -c " \
+                shell meta-trenchboot/kas-tb-full.yml -c " \
                   $verbose &&
                   cd /build/tmp/sysroots-components/x86_64/grub-native/usr &&
                   sudo ./bin/grub-mkimage -p '(hd0,msdos1)/grub' -d $grub_dir/i386-pc \
@@ -241,7 +241,7 @@ deploy_recipe() {
     local genericx86_path="$work_dir/genericx86_64-tb-linux"
 
     recipe_version=$(
-        kas-container shell meta-trenchboot/kas-generic-tb.yml \
+        kas-container shell meta-trenchboot/kas-tb-full.yml \
                 -c "devtool latest-version $RECIPE_ARG" 2>&1 |
             sed -n 's/INFO: Current version: //p'
         )
@@ -277,11 +277,11 @@ deploy_recipe() {
             ${SUDO} rsync -chrtvP --inplace \
                 "$kernel_path/deploy-linux-tb/bzImage-initramfs-genericx86-64.bin" "$DESTINATION_ARG/boot/bzImage"
             ;;
-        tb-minimal-image)
+        tb-full-image)
             tmp_dir=$(mktemp -d)
             mkdir "$tmp_dir/boot"
             mkdir "$tmp_dir/rootfs"
-            device_path=$(sudo losetup --show -Prf "$deploy_dir/tb-minimal-image-genericx86-64.rootfs.wic")
+            device_path=$(sudo losetup --show -Prf "$deploy_dir/tb-full-image-genericx86-64.rootfs.wic")
             # shellcheck disable=SC2064
             trap "set +e ; sudo umount ${device_path}p* ; \
                 sudo losetup -d $device_path ; set -e ; cleanup" EXIT
@@ -305,7 +305,7 @@ trap cleanup EXIT
 SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
 LAYER_DIR="$(dirname "$SCRIPT_DIR")"
 WORK_DIR="$(dirname "$LAYER_DIR")"
-KAS_YAML="$LAYER_DIR/kas-generic-tb.yml"
+KAS_YAML="$LAYER_DIR/kas-tb-full.yml"
 pushd "$WORK_DIR" &>/dev/null || exit 1
 parse_args "$@"
 

wic/grub.cfg → wic/grub-full.cfg

@@ -13,7 +13,7 @@ menuentry 'Boot Linux normally'{
   linux /bzImage-initramfs-genericx86-64.bin rootwait root=LABEL=root rootfstype=ext4 console=ttyS0,115200 earlyprintk=serial,ttyS0,115200
 }
 
-menuentry 'Boot Linux with DRTM'{
+menuentry 'Boot Linux with TrenchBoot'{
   echo 'Enabling slaunch ...'
   slaunch
   echo 'Loading ACMs ...'
@@ -39,7 +39,7 @@ menuentry 'Boot Xen normally' {
   module2  /bzImage rootwait root=LABEL=root rootfstype=ext4 console=ttyS0,115200 earlyprintk=serial,ttyS0,115200
 }
 
-menuentry 'Boot Xen with DRTM' {
+menuentry 'Boot Xen with TrenchBoot' {
   echo 'Enabling slaunch ...'
   slaunch
   echo 'Loading ACMs ...'

wic/grub-minimal.cfg

@@ -0,0 +1,33 @@
+serial --unit=0 --speed=115200 --word=8 --parity=no --stop=1
+set debug=linux,relocator,multiboot,multiboot_loader,slaunch
+terminal_output console serial
+terminal_input console serial
+default=boot
+timeout=5
+
+insmod multiboot2
+insmod slaunch
+
+menuentry 'Boot Linux normally'{
+  echo 'Loading Linux ...'
+  linux /bzImage-initramfs-genericx86-64.bin rootwait root=LABEL=root rootfstype=ext4 console=ttyS0,115200 earlyprintk=serial,ttyS0,115200
+}
+
+menuentry 'Boot Linux with TrenchBoot'{
+  echo 'Enabling slaunch ...'
+  slaunch
+  echo 'Loading ACMs ...'
+  slaunch_module /skl.bin
+  slaunch_module /acm/ADL_SINIT_v1_18_16_20230427_REL_NT_O1.PW_signed.bin
+  slaunch_module /acm/BDW_SINIT_20190708_1.3.2_PW.bin
+  slaunch_module /acm/CFL_SINIT_20221220_PRODUCTION_REL_NT_O1_1.10.1_signed.bin
+  slaunch_module /acm/CML_RKL_S_SINIT_v1.13.33_REL_NT_O1.PW_signed.bin
+  slaunch_module /acm/CML_S_SINIT_1_13_33_REL_NT_O1.PW_signed.bin
+  slaunch_module /acm/CMLSTGP_SINIT_v1_14_46_20220819_REL_NT_O1.PW_signed.bin
+  slaunch_module /acm/RKLS_SINIT_v1_14_46_20220819_REL_NT_O1.PW_signed.bin
+  slaunch_module /acm/SKL_KBL_AML_SINIT_20211019_PRODUCTION_REL_NT_O1_1.10.0.bin
+  slaunch_module /acm/SNB_IVB_SINIT_20190708_PW.bin
+  slaunch_module /acm/TGL_SINIT_v1_14_46_20220819_REL_NT_O1.PW_signed.bin
+  echo 'Loading Linux ...'
+  linux /bzImage-initramfs-genericx86-64.bin rootwait root=LABEL=root rootfstype=ext4 console=ttyS0,115200 earlyprintk=serial,ttyS0,115200
+}

wic/trenchboot-image-efipluslegacy.wks → wic/trenchboot-image-efipluslegacy.wks.in

@@ -1,4 +1,4 @@
-bootloader --configfile="grub.cfg"
+bootloader --configfile="${TB_GRUB_CFG_FILE}"
 
 part /boot --source bootimg-biosplusefi --sourceparams="loader=grub-efi,loader-pcbios=grub" --ondisk sda --label boot --align 1024 --use-uuid --active --system-id 0xef
 part /     --source rootfs --fstype=ext4                                 --ondisk sda --label root --align 1024 --use-uuid --fixed-size 1024