Split EFI and legacy boot
All checks were successful
buildbot/travis_bionic Build done.
buildbot/ipxe_x86_build_and_release Build done.

- needs to work slightly differently
This commit is contained in:
Peter Šurda 2021-11-03 11:10:44 +08:00
parent ba9f7e23bf
commit a77e66c18a
Signed by: PeterSurda
GPG Key ID: 0C5F50C0B5F37D87

View File

@ -12,7 +12,7 @@ imgtrust --permanent
# For the "focal" part of the URL string, in case that changes in the future. # For the "focal" part of the URL string, in case that changes in the future.
set ubuntu-variant focal set ubuntu-variant focal
goto get_arch goto get_platform
################# #################
@ -135,6 +135,23 @@ sleep 5
exit exit
# set variables based on whether it's EFI or not
:get_platform
iseq ${platform} efi && goto is_efi || goto not_efi
# Attributes for EFI boot
:is_efi
# hack, see https://github.com/coreos/fedora-coreos-tracker/issues/390#issuecomment-588328137
set squashfs squashfs.cpio.gz
set initrd boot-initrd,squashfs.cpio.gz
goto get_arch
# this sets different attributes for non-EFI (legacy PC) boot
:not_efi
set squashfs squashfs
set initrd boot-initrd
goto get_arch
# Get relevant CPU arch. # Get relevant CPU arch.
:get_arch :get_arch
@ -186,14 +203,13 @@ goto static_ip_boot_setup
# We use HTTP because IPXE's HTTPS implementation is lacking. So we delegate # We use HTTP because IPXE's HTTPS implementation is lacking. So we delegate
# integrity and validation to imgverify. # integrity and validation to imgverify.
# Naming the squashfs download "/squashfs" is required, otherwise the boot # Naming the squashfs download "/squashfs" is required, otherwise the boot
# kernel fails to load it in the "root=" part of the kernel cmdline. # kernel fails to load it in the "root=" part of the kernel cmdline.
# However, note that imgverify will fail if you refer to it as "/squashfs" # However, note that imgverify will fail if you refer to it as "/squashfs"
# instead of "squashfs". # instead of "squashfs".
imgfetch http://images.sysdeploy.org/${ubuntu-variant}/${arch-info}/squashfs.cpio.gz /squashfs.cpio.gz || goto try_next_card imgfetch http://images.sysdeploy.org/${ubuntu-variant}/${arch-info}/${squashfs} /${squashfs} || goto try_next_card
imgverify --signer images.sysdeploy.org squashfs.cpio.gz http://images.sysdeploy.org/${ubuntu-variant}/${arch-info}/squashfs.cpio.gz.sig || goto error_handler imgverify --signer images.sysdeploy.org ${squashfs} http://images.sysdeploy.org/${ubuntu-variant}/${arch-info}/${squashfs}.sig || goto error_handler
# "--signer" validates against the subject common name field of the signing # "--signer" validates against the subject common name field of the signing
# certificate. That signing cert must have both the digital signature key # certificate. That signing cert must have both the digital signature key
@ -203,7 +219,6 @@ imgverify --signer images.sysdeploy.org squashfs.cpio.gz http://images.sysdeploy
# make sure you pick a common name with a FQDN you control, even if you're # make sure you pick a common name with a FQDN you control, even if you're
# using a custom CA that you import during build. # using a custom CA that you import during build.
initrd http://images.sysdeploy.org/${ubuntu-variant}/${arch-info}/boot-initrd || goto try_next_card initrd http://images.sysdeploy.org/${ubuntu-variant}/${arch-info}/boot-initrd || goto try_next_card
imgverify --signer images.sysdeploy.org boot-initrd http://images.sysdeploy.org/${ubuntu-variant}/${arch-info}/boot-initrd.sig || goto error_handler imgverify --signer images.sysdeploy.org boot-initrd http://images.sysdeploy.org/${ubuntu-variant}/${arch-info}/boot-initrd.sig || goto error_handler
@ -218,7 +233,7 @@ echo ip-info ${ip-info}
sleep 1 sleep 1
boot boot-kernel initrd=boot-initrd,squashfs.cpio.gz rootfstype=squashfs root=/squashfs ip=${ip-info} overlayroot=tmpfs:recurse=0 systemd.clock-usec=${unixtime:int32}000000 ds=nocloud-net;s=https://cloud-init.sysdeploy.org/ || goto error_handler boot boot-kernel initrd=${initrd} rootfstype=squashfs root=/squashfs ip=${ip-info} overlayroot=tmpfs:recurse=0 systemd.clock-usec=${unixtime:int32}000000 ds=nocloud-net;s=https://cloud-init.sysdeploy.org/ || goto error_handler
# unixtime variable must be used with int32, because that's the only way it # unixtime variable must be used with int32, because that's the only way it
# will display as decimal digits. unit32 and string both display as hex. # will display as decimal digits. unit32 and string both display as hex.