Draft: Unify unified EFI boot

Update (2023-10-15)

After giving this some more thought, I think this stuff should be rolled out a bit differently:

1. merge separate MR for adding systemd-boot package in pmaports

• submitted: !4484 (merged)

2. merge boot-deploy support upstream and submit MR in pmaports to upgrade boot-deploy

• submitted: !4485 (merged)

3. merge separate MR to merge the tablet devices into a new device

• qemu EFI boot support submitted: !4508 (merged)

5. (~now and future) merge separate MRs for merging changes to existing device packages to use systemd-boot (so maintainers can opt into the change when they have time, without feeling too pressured to right now)
   • (future) decide to make systemd-boot the "standard" pmOS way of EFI booting the OS, and make it a requirement for main and community devices (that can do EFI boot...). If maintainers haven't tested it by then, then we can consider the device as "unmaintained" and move it back to "testing" status.

I think I'll keep this branch and MR open so that I can push the latest versions of all those MRs above, and make it easier to test the "whole thing" (for anyone interested) until it's all merged. I guess if I do this plan, then patches in this branch will eventually get merged (or dropped if unnecessary?), and this MR can be closed when there are no more commits on top of master.

Before

This uses systemd-boot as a common implementation / config for EFI boot on various pmOS devices that can do EFI boot. Here "systemd-boot" is only the EFI bootloader and stub, and not any of the other systemd userspace/OS stuff...

systemd-boot is useful because:

1. it can do measured/secure boot (but doesn't have to)
2. it can boot arbitrary EFI applications and/or kernels by just dropping them in the ESP (no other config necessary), might be nice for recovery apps / options
3. its configuration is simple (using the "boot loader spec"), boot-deploy easily generate this config
4. installing it on the system is easy, boot-deploy just drops it into the esp

In order to support x86_64 systems with a 32-bit EFI (many Atom systems... it seems), I did have to add a cross compiler for x86 to this branch.

TODO:

• unify the device-tablet-x??uefi devices into a single one that can support both EFI archs (done: device-generic-x86_64)
• move patches that enable EFI stub/zboot support in kernels into separate MRs, so that this branch can be built by CI (too many kernels will take too long)
• depends on the pmb patch to improve the uefi kconfig check, for aarch64 at least
• switch all(?) devices that EFI boot to use systemd-boot
• test everything
• systemd-boot package doesn't cross compile locally, the dynamic makedepends isn't working.. pmb not able to parse it and install gcc-x86?
• aarch64 systems need EFI_ZBOOT kconfig in order to boot compressed kernels, this needs to be added to the uefi kconfig check for aarch64
  • https://lists.sr.ht/~postmarketos/pmbootstrap-devel/patches/45510
• aarch64 kernels should install vmlinuz.efi separately to vmlinuz to support systemd-boot and old Android bootloaders
  • boot-deploy!47 (merged)
• booting on an x86_64 tablet w/ 32-bit EFI fails, need to debug...
  • https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/53245
  • https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/53244