bootloader/lk: add support for UC20 lk bootloader with V2 lkenv structs #9695
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
The failed mac check is fixed here: #9696 |
anonymouse64
force-pushed
the
feature/uc20-lk-bootloader-5
branch
2 times, most recently
from
f96842b
to
6e98320
Compare
This commit adds support for the UC20 LittleKernel bootloader to snapd. The big changes for using V2 are that we now use a secure bootloader set kernel command line parameter to identify what disk to look for bootloader environment structures, and that we use different lkenv structs for different role bootloaders. Eventually we should make V1 also use a secure bootloader set kernel command line parameter to identify what disk to look for bootloader environment structures on too, as using the partition label like this is vulnerable to attack by attaching a USB disk with the same partition label to the system. Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
anonymouse64
force-pushed
the
feature/uc20-lk-bootloader-5
branch
from
6e98320
to
1ad7561
Compare
…NotExist Previously we would never continue in SetBootVars if the file doesn't exist because we used fmt.Errorf which does not preserve the error type such that os.IsNotExist would return true. Now, we can continue to provide a customized error message from Load(), as well as make SetBootVars continue and just write out a new file even if we can't read the lkenv file in Load(). Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
bboozzoo
reviewed
Nov 27, 2020
bboozzoo
reviewed
Nov 27, 2020
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
…err types This is to accommodate a future FindMatching...WithPartLabel. Additionally, an internal refactor to support storing additional properties for partitions when we search a disk is implemented to allow for the additional future method. The error type now is also more versatile to allow specifying what part failed, searching for a partition by filesystem label or by partition label. Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
This will enable searching for a partition with a given label on the provided disk. Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
…t fs labels The partitions with the bootloader structures we care about do not have filesystems on them, and as such they will not have filesystem labels. Instead, they will have partition labels, and as such we should search using the partition label instead. Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
This simplifies numerous functions to be more clear with the simpler prepare-image time implementation happening first, then the complex runtime cases happening afterwards are not indented as much. Thanks to @bboozzoo for the suggestion. Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
Thanks to @bboozzoo for the suggestion. Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
…ents We should be using xerrors.Is() everywhere here, since the error returned is wrapped. However, for specifically RemoveKernelAssets, it's not a bug that we would skip over os.ErrNotExist, but it would result in a more confusing error message - we should try to give better error messages, and returning early with os.ErrNotExist is more useful to the user than the existing error around not being able to find the specified kernel blob. Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
…KernelAssets Thanks to @bboozzoo for the recommendation. Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
|
Marking this blocked as we have 2 problems I need to fix for this PR:
I am actively working on fixing both problems, the lkenv problem will be fixed with a separate PR though I think. |
…labels Thanks to @bboozzoo for clarifying this for me. Partition labels are optional on GPT partitions. Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
Thanks to @bboozzoo for catching this. Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
…implify Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
…dev props Thanks to @bboozzoo for the suggestion. Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
Thanks to @bboozzoo again for spotting all my typos :-) Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
This will enable searching for a partition with a given label on the provided disk. Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
pedronis
added a commit
that referenced
this pull request
Dec 2, 2020
…ath+"bak" Merge pull request #9729 from anonymouse64/feature/uc20-lk-bootloader-7 To simplify existing code, use "" as the backup file to mean path+"bak". Also add tests that when specifying a non-empty string as the backup file that we don't use the legacy backup file handling logic. This will resolve the issue we have in #9695 around passing in /dev/disk/by-partuuid/1234 as the primary file and then getting /dev/disk/by-partuuid/1234bak as the backup file.
Go 1.9 os.PathError does not implement Unwrap(), so using xerrors.Is(err,os.ErrNotExist) does not work, as Is() calls Unwrap() in a loop, waiting for either the error returned to be equal to the target error or to be nil, and in the case of Go 1.9, where os.PathError does not implement Unwrap(), then nil is returned and Is() returns false. We can work around this by implementing Unwrap() on our own error type and specifically returning os.ErrNotExist on Go 1.9 when we know the error is actually os.ErrNotExist. This will make the unit tests with Go 1.9 pass. Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
For UC20 runtime, the backup file will be a different partition, and since we are using partition uuid symlinks instead of partition labels, we can't just append "bak" to the primary env file, and instead need to manually provide the backup file. Also add a test which validates that the backup env file for run mode on uc20 is handled appropriately and updated. Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
…d/remove Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
|
This is ready again now |
bboozzoo
approved these changes
Dec 3, 2020
| if l.inRuntimeMode { | ||
| if l.prepareImageTime { | ||
| // we are preparing image, just extract boot image to bootloader directory | ||
| logger.Debugf("ExtractKernelAssets handling image prepare") |
There was a problem hiding this comment.
bit undecided about keeping or dropping this log. If we are to keep it, perhaps we should add some useful information:
logger.Debugf("extract kernel assets from %s to %s", env.GetBootImageName(), l.dir())
There was a problem hiding this comment.
yes I left most of these Debugf's that were already there, I agree as they currently exist they are not very useful. I will do a pass over all these leftover messages
There was a problem hiding this comment.
ah actually forgot to do this in my most recent update, I will maybe look at these in a followup
pedronis
reviewed
Dec 3, 2020
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
…nwrap() Instead of checking the version of Go we were compiled with which is weird, we can instead just check for the exact thing we know doesn't work, which is that os.PathError doesn't implement Unwrap(), so if it doesn't implement Unwrap(), we know we are in a legacy version of Go and thus should do the manual unwrapping to return ErrNotExist directly. Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
This refactors some helper methods to be more clear, namely that envFile becomes envBackstore, and it takes an argument for whether or not it is returning the primary or the backup, and eliminating the specific method for getting the backup file, as well as combining some codepaths in the other helpers to be more easily readable if slightly redundant in terms of actual code execution. Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
… sake Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
…cmdline It might not be there on older gadget bootloaders which don't set that kernel command line value and as such we will have to fallback to our current behavior. Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
pedronis
reviewed
Dec 4, 2020
The only case where we can really proceed without having an initial env file is at prepare image time when the bootloader env file doesn't exist, as we could be writing an empty/new one. All other cases we need the file to exist as a pre-requisite, if only for accurate error reporting. Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
Thanks to @pedronis for the suggestion. Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
…esent() Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
…mdline Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
…backup Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
pedronis
approved these changes
Dec 4, 2020
| return true, nil | ||
| } | ||
|
|
||
| // if the primary backstore doesn't exist, check the backup storage |
There was a problem hiding this comment.
looking at it implemented, this bit here is probably right only for RoleSole though, at prepareImageTime we don't expect to rely only on the backup I think
There was a problem hiding this comment.
this will be done in a follow-up
mvo5
added a commit
that referenced
this pull request
Dec 8, 2020
…owups
bootloader/{lk,lkenv}: followups from #9695
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This commit adds support for the UC20 LittleKernel bootloader to snapd.
The big changes for using V2 are that we now use a secure bootloader set kernel
command line parameter to identify what disk to look for bootloader environment
structures, and that we use different lkenv structs for different role
bootloaders.
Eventually we should make V1 also use a secure bootloader set kernel command
line parameter to identify what disk to look for bootloader environment
structures on too, as using the partition label like this is vulnerable to
attack by attaching a USB disk with the same partition label to the system. I omitted
that change from here since it changes a bunch more tests and I'd like to unblock UC20
ASAP and we can go back and fix up UC16/UC18 later.