Skip to content

armhf swupdate image boot fails if EBG version is 0.18 on Sid distro

Hi All,

The armhf SWUpdate image fails to boot when EFI Boot Guard version is 0.18.

Note: This issue occurs only when build dependency gnu-efi > 3.0.15. No issues if gnu-efi <= 3.0.15

How to reproduce

Changes to isar-cip-core

  • Checkout isar-cip-core master
  • replace recipes-bsp/efibootguard/efibootguard_0.16-2+cip.bb --> recipes-bsp/efibootguard/efibootguard_0.18-1.bb efibootguard_0.18-1.bb

Apply below changes,

Note:

  • Just commented out few lines to fix build issues (tmp-fs, python3-distutils and swupdate)
  • #ISAR_USE_APT_SNAPSHOT = 1 --> In order to fetch the latest Debian packages (not from snapshot), which will fetch gnu-efi > 3.0.15
diff --git a/classes/read-only-rootfs.bbclass b/classes/read-only-rootfs.bbclass
index fa56b2e..efc93ad 100644
--- a/classes/read-only-rootfs.bbclass
+++ b/classes/read-only-rootfs.bbclass
@@ -15,7 +15,7 @@ INITRD_IMAGE = "${INITRAMFS_RECIPE}-${DISTRO}-${MACHINE}.initrd.img"
 do_image_wic[depends] += "${INITRAMFS_RECIPE}:do_build"

 IMAGE_INSTALL += "home-fs"
-IMAGE_INSTALL += "tmp-fs"
+#IMAGE_INSTALL += "tmp-fs"

 # For pre bookworm images, empty /var is not usable
 IMAGE_INSTALL:append = " immutable-rootfs"
diff --git a/conf/distro/cip-core-sid.conf b/conf/distro/cip-core-sid.conf
index eefcbb5..b22b68d 100644
--- a/conf/distro/cip-core-sid.conf
+++ b/conf/distro/cip-core-sid.conf
@@ -14,7 +14,7 @@ require cip-core-common.inc

 # corresponds to 20240211T000000Z
 ISAR_APT_SNAPSHOT_TIMESTAMP ?= "1707606000"
-ISAR_USE_APT_SNAPSHOT ?= "1"
+#ISAR_USE_APT_SNAPSHOT ?= "1"

 PREFERRED_VERSION_linux-cip ?= "6.1.%"
 PREFERRED_VERSION_linux-cip-rt ?= "6.1.%"
diff --git a/kas/opt/swupdate.yml b/kas/opt/swupdate.yml
index ef61e4e..5e5484f 100644
--- a/kas/opt/swupdate.yml
+++ b/kas/opt/swupdate.yml
@@ -16,8 +16,8 @@ header:

 local_conf_header:
   image-option-swupdate: |
-    CIP_IMAGE_OPTIONS:append = " recipes-core/images/swupdate.inc"
-    OVERRIDES .= ":swupdate"
+    #CIP_IMAGE_OPTIONS:append = " recipes-core/images/swupdate.inc"
+    #OVERRIDES .= ":swupdate"

   wic-swu: |
     IMAGE_TYPEDEP:wic += "squashfs"

Changes to isar,

diff --git a/meta/conf/distro/debian-common.conf b/meta/conf/distro/debian-common.conf
index 9b07efb5..3e9a44b8 100644
--- a/meta/conf/distro/debian-common.conf
+++ b/meta/conf/distro/debian-common.conf
@@ -18,7 +18,6 @@ IMAGER_INSTALL:wic += "parted \
                        dosfstools \
                        mtools \
                        e2fsprogs \
-                       python3-distutils \
                        bmap-tools \
                        tar \
                        fdisk"
@@ -41,4 +40,4 @@ COMPAT_DISTRO_ARCH:amd64 = "i386"
 COMPAT_DISTRO_ARCH:arm64 = "armhf"
diff --git a/meta/conf/distro/debian-sid-ports.conf b/meta/conf/distro/debian-sid-ports.conf
index 64f3717e..7183c75c 100644
--- a/meta/conf/distro/debian-sid-ports.conf
+++ b/meta/conf/distro/debian-sid-ports.conf
@@ -24,6 +24,6 @@ THIRD_PARTY_APT_KEYS += "${DEBIAN_PORTS_KEYS}"

 IMAGE_PREINSTALL += "init"

-IMAGER_INSTALL:wic += "python3-distutils"
+#IMAGER_INSTALL:wic += "python3-distutils"

 DEBIAN_COMPAT = "13"

Build command

host$ ./kas-container build kas-cip.yml:kas/board/qemu-arm.yml:kas/opt/ebg-swu.yml:kas/opt/sid.yml

Run command

host$ DISTRO_RELEASE=sid SWUPDATE_BOOT=y ./start-qemu.sh arm

Boot log

U-Boot 2024.01 (Jan 01 1970 - 01:00:00 +0000)

DRAM:  1 GiB
Core:  51 devices, 14 uclasses, devicetree: board
Flash: 64 MiB
Loading Environment from Flash... *** Warning - bad CRC, using default environment

In:    serial,usbkbd
Out:   serial,vidconsole
Err:   serial,vidconsole
No working controllers found
Net:   eth0: virtio-net#29
starting USB...
No working controllers found
Hit any key to stop autoboot:  0
Scanning for bootflows in all bootdevs
Seq  Method       State   Uclass    Part  Name                      Filename
---  -----------  ------  --------  ----  ------------------------  ----------------
Scanning global bootmeth 'efi_mgr':
Failed to load EFI variables
Missing TPMv2 device for EFI_TCG_PROTOCOL
Missing RNG device for EFI_RNG_PROTOCOL
Scanning bootdev 'fw-cfg@9020000.bootdev':
fatal: no kernel available
No working controllers found
scanning bus for devices...
Scanning bootdev 'virtio-blk#30.bootdev':
  0  efi          ready   virtio       1  virtio-blk#30.bootdev.par efi/boot/bootarm.efi
** Booting bootflow 'virtio-blk#30.bootdev.part_1' with efi
Using prior-stage device tree
Booting /efi\boot\bootarm.efi

EFI Boot Guard v0.18
Boot medium: VenHw(E61D73B9-A384-4ACC-AEAB-82E828F3628B)/VenHw(E61D73B9-A384-4ACC-AEAB-82E828F3628B)/VenHw(E61D73B9-A384-4ACC-AEAB-82E828F3628B)
Found 5 handles for file IO

Volume 0: (On boot medium) VenHw(E61D73B9-A384-4ACC-AEAB-82E828F3628B)/VenHw(E61D73B9-A384-4ACC-AEAB-82E828F3628B)/VenHw(E61D73B9-A384-4ACC-AEAB-82E828F3628B)/HD(1,GPT,C19E7E9F-BACF-49A6-B43D-2FC18D2A8D03), LABEL=, CLABEL=(null)
Volume 1: (On boot medium) VenHw(E61D73B9-A384-4ACC-AEAB-82E828F3628B)/VenHw(E61D73B9-A384-4ACC-AEAB-82E828F3628B)/VenHw(E61D73B9-A384-4ACC-AEAB-82E828F3628B)/HD(2,GPT,E8567692-2DFA-459A-BE15-F6E5DDCC8F49), LABEL=, CLABEL=BOOT0
Volume 2: (On boot medium) VenHw(E61D73B9-A384-4ACC-AEAB-82E828F3628B)/VenHw(E61D73B9-A384-4ACC-AEAB-82E828F3628B)/VenHw(E61D73B9-A384-4ACC-AEAB-82E828F3628B)/HD(3,GPT,94B2174D-C792-4E8E-8A34-B506E2927937), LABEL=, CLABEL=BOOT1
Volume 3: (On boot medium) VenHw(E61D73B9-A384-4ACC-AEAB-82E828F3628B)/VenHw(E61D73B9-A384-4ACC-AEAB-82E828F3628B)/VenHw(E61D73B9-A384-4ACC-AEAB-82E828F3628B)/HD(6,GPT,BBDDD00F-90EB-492C-AB59-55E295C74330), LABEL=, CLABEL=(null)
Volume 4: (On boot medium) VenHw(E61D73B9-A384-4ACC-AEAB-82E828F3628B)/VenHw(E61D73B9-A384-4ACC-AEAB-82E828F3628B)/VenHw(E61D73B9-A384-4ACC-AEAB-82E828F3628B)/HD(7,GPT,3020B7ED-0733-48C9-BAEE-2AE17A2C76E0), LABEL=, CLABEL=(null)
Loading configuration...
Config file found on volume 1.
Config file found on volume 2.
2 config partitions detected.
Config filter:
Booting with environments from boot medium only.
Config Revision: 2:
 ustate: 0
 kernel: C:BOOT0:linux.efi
 args:
 timeout: 0 seconds
Full path for kernel is: VenHw(E61D73B9-A384-4ACC-AEAB-82E828F3628B)/VenHw(E61D73B9-A384-4ACC-AEAB-82E828F3628B)/VenHw(E61D73B9-A384-4ACC-AEAB-82E828F3628B)/HD(2,GPT,E8567692-2DFA-459A-BE15-F6E5DDCC8F49)/linux.efi
Unknown Relocation off ec00029e type e
ERROR: Cannot load specified kernel image (Load Error).
## Application failed, r = 1
Boot failed (err=-22)
BOOTP broadcast 1
DHCP client bound to address 10.0.2.15 (2 ms)
Scanning bootdev 'virtio-net#29.bootdev':
BOOTP broadcast 1
DHCP client bound to address 10.0.2.15 (1 ms)
*** Warning: no boot file name; using '0A00020F.img'
Using virtio-net#29 device
TFTP from server 10.0.2.2; our IP address is 10.0.2.15
Filename '0A00020F.img'.
Load address: 0x40400000
Loading: *
TFTP error: 'Access violation' (2)
Not retrying...
No more bootdevs
---  -----------  ------  --------  ----  ------------------------  ----------------
(1 bootflow, 1 valid)

Although it is not relevant to current master/next branch code. I just thought to report it.

@zuka0828 @dinesh-toshiba @Adithya_Balakumar @jan-kiszka @Quirin.Gy

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information