Split EFI and non-EFI (WiP)
All checks were successful
buildbot/multibuild_parent Build done.
buildbot/travis_bionic Build done.
buildbot/ipxe_x86_build_and_release Build done.

This commit is contained in:
Peter Šurda 2023-05-14 12:13:45 +08:00
parent 1ddc2fd8d6
commit 706c9bae02
Signed by: PeterSurda
GPG Key ID: 3E47497CF67ABB95

View File

@ -153,7 +153,6 @@ iseq ${buildarch} i386 && goto start_i386 ||
iseq ${buildarch} x86_64 && goto start_amd64 || iseq ${buildarch} x86_64 && goto start_amd64 ||
goto error_handler goto error_handler
# Builds may be done on 32-bit, but machines will always be 64-bit. # Builds may be done on 32-bit, but machines will always be 64-bit.
# Keep this section just in case we want to use 32-bit machines in the future. # Keep this section just in case we want to use 32-bit machines in the future.
:start_arm32 :start_arm32
@ -195,6 +194,9 @@ goto static_ip_boot_setup
# Get accurate time so we can set the clock in kernel boot cmdline # Get accurate time so we can set the clock in kernel boot cmdline
ntp pool.ntp.org || goto error_handler ntp pool.ntp.org || goto error_handler
# check for EFI
iseq ${platform} efi && goto is_efi || goto not_efi
# We use HTTP because IPXE's HTTPS implementation is lacking. So we delegate # We use HTTP because IPXE's HTTPS implementation is lacking. So we delegate
# integrity and validation to imgverify. # integrity and validation to imgverify.
@ -202,10 +204,6 @@ ntp pool.ntp.org || goto error_handler
# kernel fails to load it in the "root=" part of the kernel cmdline. # kernel fails to load it in the "root=" part of the kernel cmdline.
# However, note that imgverify will fail if you refer to it as "/squashfs" # However, note that imgverify will fail if you refer to it as "/squashfs"
# instead of "squashfs". # instead of "squashfs".
imgfetch http://images.sysdeploy.org/${ubuntu-variant}/${arch-info}/squashfs /squashfs || goto try_next_card
imgverify --signer images.sysdeploy.org squashfs http://images.sysdeploy.org/${ubuntu-variant}/${arch-info}/squashfs.sig || goto error_handler
# "--signer" validates against the subject common name field of the signing # "--signer" validates against the subject common name field of the signing
# certificate. That signing cert must have both the digital signature key # certificate. That signing cert must have both the digital signature key
# usage set and the code-signing key usage extension set. # usage set and the code-signing key usage extension set.
@ -214,18 +212,35 @@ imgverify --signer images.sysdeploy.org squashfs http://images.sysdeploy.org/${u
# make sure you pick a common name with a FQDN you control, even if you're # make sure you pick a common name with a FQDN you control, even if you're
# using a custom CA that you import during build. # using a custom CA that you import during build.
:efi
set initrd1 initrd=initrd.cpio
if isset initrd2 && clear initrd2
imgfetch http://images.sysdeploy.org/${ubuntu-variant}/${arch-info}/inird.cpio || goto try_next_card
imgverify --signer images.sysdeploy.org initrd.cpio http://images.sysdeploy.org/${ubuntu-variant}/${arch-info}/initrd.cpio.sig || goto error_handler
goto efi_and_not_efi
:not_efi
set initrd1 initrd=boot-initrd
set initrd2 initrd=squashfs
imgfetch http://images.sysdeploy.org/${ubuntu-variant}/${arch-info}/squashfs /squashfs || goto try_next_card
imgverify --signer images.sysdeploy.org squashfs http://images.sysdeploy.org/${ubuntu-variant}/${arch-info}/squashfs.sig || goto error_handler
initrd http://images.sysdeploy.org/${ubuntu-variant}/${arch-info}/boot-initrd || goto try_next_card initrd http://images.sysdeploy.org/${ubuntu-variant}/${arch-info}/boot-initrd || goto try_next_card
imgverify --signer images.sysdeploy.org boot-initrd http://images.sysdeploy.org/${ubuntu-variant}/${arch-info}/boot-initrd.sig || goto error_handler imgverify --signer images.sysdeploy.org boot-initrd http://images.sysdeploy.org/${ubuntu-variant}/${arch-info}/boot-initrd.sig || goto error_handler
:efi_and_not_efi
kernel http://images.sysdeploy.org/${ubuntu-variant}/${arch-info}/boot-kernel || goto try_next_card kernel http://images.sysdeploy.org/${ubuntu-variant}/${arch-info}/boot-kernel || goto try_next_card
imgverify --signer images.sysdeploy.org boot-kernel http://images.sysdeploy.org/${ubuntu-variant}/${arch-info}/boot-kernel.sig || goto error_handler imgverify --signer images.sysdeploy.org boot-kernel http://images.sysdeploy.org/${ubuntu-variant}/${arch-info}/boot-kernel.sig || goto error_handler
echo ip-info ${ip-info} echo ip-info ${ip-info}
sleep 1 sleep 1
boot boot-kernel initrd=initrd.cpio initrd=squashfs rootfstype=squashfs root=/squashfs ip=${ip-info} overlayroot=tmpfs:recurse=0 systemd.clock-usec=${unixtime:int32}000000 ds=nocloud-net;s=https://cloud-init.sysdeploy.org/apiv2?uuid=${uuid}&filetype= || goto error_handler boot boot-kernel ${initrd1} ${initrd2} rootfstype=squashfs root=/squashfs ip=${ip-info} overlayroot=tmpfs:recurse=0 systemd.clock-usec=${unixtime:int32}000000 ds=nocloud-net;s=https://cloud-init.sysdeploy.org/apiv2?uuid=${uuid}&filetype= || goto error_handler
# unixtime variable must be used with int32, because that's the only way it # unixtime variable must be used with int32, because that's the only way it
# will display as decimal digits. unit32 and string both display as hex. # will display as decimal digits. unit32 and string both display as hex.