New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
support s390 secure boot (jsc#SLE-9425) #592
Conversation
This extends the existing secure boot logic to s390. A number of system-dependend logic has been moved into a new Systeminfo class.
src/lib/bootloader/grub2.rb
Outdated
) | ||
] | ||
|
||
result.push secure_boot_summary if Systeminfo.secure_boot_available?(name) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
just style, usually it is used <<
instead of use.
That is needed as ProposalClient expects a unified view of the bootloader class it works on.
def validate | ||
return true if Yast::Mode.config || | ||
!Yast::Arch.s390 || | ||
value == Systeminfo.secure_boot_active? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
NP: I find a bit more readable to have it each on separate line and separate return as it is not related. So something like
value == Systeminfo.secure_boot_active? | |
return true if Yast::Mode.config | |
return true unless Yast::Arch.s390 | |
return true if value == Systeminfo.secure_boot_active? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I personally wouldn't have formatted it this way. But this is what our rubocop rules allow/enforce. To completely reformat it might even run into some complexity check failures.
Yast::Popup.ContinueCancel( | ||
_( | ||
"Make sure the Secure Boot setting matches the configuration of the HMC.\n\n" \ | ||
"Otherwise this system will not boot." |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Well, buttons are continue/cancel. So I expect here a bit hint to user what when they click it. Like Cancel to edit it
or Continue to use setting
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You mean like here?:
https://github.com/yast/yast-bootloader/blob/master/src/lib/bootloader/grub2_widgets.rb#L388-L390
I've never seen a dialog like 'continue to continue' or 'cancel to cancel'. That's why there's a button text.
"Make sure the Secure Boot setting matches the configuration of the HMC.\n\n" \ | ||
"Otherwise this system will not boot." | ||
) | ||
) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
One more usability note. There is method focus which is often used in validate to "highlight" given widget. So here it can be something like
res = Yast::Popup.ContinueCancel(...)
focus unless res
res
https://github.com/yast/yast-yast2/blob/master/library/cwm/src/lib/cwm/abstract_widget.rb#L187
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Again, this just mirrors the trusted boot dialog. Consistency across a UI is an important point. It doesn't help to do similar things in a completely different way.
# @!attribute console | ||
# @return [::Bootloader::SerialConsole] serial console or nil if none | ||
attr_reader :console | ||
|
||
# @!attribute stage1 | ||
# @return [::Bootloader::Stage1, nil] bootloader stage1, if one is needed | ||
attr_reader :stage1 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this is a bit strange as grub2EFI does not have stage1. So original intention is to have it only in grub2.rb and if something needs to depend on it, it should check bootloader or ask if method is defined.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's a valid point and I considered doing it that way. The usage is here:
https://github.com/yast/yast-bootloader/blob/master/src/lib/bootloader/proposal_client.rb#L338-L339
I my view this is a matter of class design. This proposal client code should work with any bootloader. So, basically with Grub2Base. That's why I decided to move the stage1 method.
Inconsistent class interfaces are imho one of the reasons yast code so easily runs into exceptions.
log.info "single_click_action #{option} #{value.inspect} #{devices}" | ||
|
||
devices.each do |device| | ||
devices&.each do |device| |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this starting to feel a bit too hacky, as it is related only to "boot_" arguments. What about moving it inside case like:
devices&.each do |device| | |
bootloader = ::Bootloader::BootloaderFactory.current | |
case option | |
when /boot_/ | |
stage1 = bootloader.stage1 | |
devices = option == "boot_mbr" ? stage1.boot_disk_names : stage1.boot_partition_names | |
log.info "single_click_action #{option} #{value.inspect} #{devices}" | |
devices.each do |device| | |
value ? stage1.add_udev_device(device) : stage1.remove_device(device) | |
end | |
when "trusted_boot" | |
bootloader.trusted_boot = value | |
when "secure_boot" | |
bootloader.secure_boot = value | |
end | |
Yast::Bootloader.proposed_cfg_changed = true | |
end |
::Bootloader::BootloaderFactory.current.trusted_boot = value | ||
when "secure_boot" | ||
::Bootloader::BootloaderFactory.current.secure_boot = value | ||
if value && Yast::Arch.s390 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
in validation it checks when there is a mismatch, but here it shows always when enabling. Why conditions are different?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Because it is initially always off. Note also the different texts.
# | ||
# @return [Boolean] true if 390x machine has secure boot enabled | ||
def s390_secure_boot_active? | ||
# FIXME: this is just a stub - replace with real code later |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
well, I am not sure I want to approve with stub as I worry it will live here for another 20 years :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is what was agreed on for the current task. There will be another PBI once we get the missing info.
This extends the existing secure boot logic to s390. A number of system-dependend logic has been moved into a new Systeminfo class.
That is needed as ProposalClient expects a unified view of the bootloader class it works on.
✔️ Internal Jenkins job #20 successfully finished |
✔️ Public Jenkins job #46 successfully finished |
Task
Implement secure boot handling for s390.
Implementation
Systeminfo
class/etc/sysconfig/bootloader::SECURE_BOOT
to store the setting;grub2-install
is expected to read it from thereadjust the HMC
Note
The implementation is incomplete as there's no info on the tools to use to handle secure boot
from the s390 side so far. So the current implementation does
off
Notes on
auto
settingTodo
Screenshots