EFI bootloader from systemd, with hacks to build it on Alpine/pmOS.
Cross compilation (using a meson cross file) is used for building
32-bit version on x86_64, for systems that have a 32-bit EFI. Everything
else assumes that the EFI arch matches the CPU arch.
Besides supporting all the archs we need, another major goal was to
minimize the number of changes to systemd's build system required to
build only the bootloader, so that maintaining/rebasing isn't *too*
painful...
I am adding this to the "main" category, because I don't think there's a
way to add it to Alpine. It requires cross compiling to x86 on x86_64
(to support 32-bit EFI on this arch), and Alpine doesn't support this.
It requires stuff in pmaports/cross.
--- Research notes ---
I started looking at all of this because I wanted to come up with a
single way to boot Linux via EFI, that supports all (or as many as possible)
devices in pmaports. I looked at quite a few different options, and have
some notes below about my observations and conclusions for each.
Of everything I looked at, systemd-boot was the clear winner that met
the most requirements ("pro" below) with the fewest downsides ("con"
below).
Using a Unified Kernel Image (UKI) was a close second place, however
systemd-boot can also support booting UKI images quite easily (while
also giving us more flexibility to boot other things easily too), so I
think it wins over UKI.
The capitalization (or lack thereof) of the "pro" and "con" markers
below is significant: "PRO" / "CON" are major pros or cons for each
point (e.g. a major downside that blocks using the option), and
"pro"/"con" are minor (e.g. a downside that I'm willing to overlook.)
---- Requirements ----
- Arch support:
- x86_64
- x86 (nice to have, but not sure if necessary...)
- armv7
- aarch64
- riscv64
- EFI support:
- support 32-bit EFI on x86_64 CPU (includes being able to build
32-bit .efi app on x86_64)
- Easy to configure
- Easy to maintain
- Any changes to the bootloader required to get it working in
pmOS
- Config for it
---- Evaluated options ----
------ grub ------
- (PRO) can target all required archs
- (CON) grub can't be installed in pmb chroot, it calls grub-install and
that fails due to something missing in /dev. Maybe this could be worked
around in pmb?
- (CON) grub-mkimage exe is integrated in grub package, grub-efi depends on
grub
- don't want to install all of grub just for 1 exe and/or the EFI modules
- downsides of installing all of grub is that I think it can mislead
users into thinking we use grub the "normal way". this might cause them
to have the wrong expectations and break pmOS boot on their
system
- have POC "fixing" this
- I'm not sure upstream Alpine will like this, it's ugly
- (CON) grub x86 EFI support for x86_64 is currently in pmaports, that's
pretty ugly.
- IMHO forking grub (or grub components) for this purpose signals
to me that grub is the wrong tool for this job
------- kernel's efistub -------
- (PRO) already included in the kernel, nothing else required
- (pro) initrd and dtb can be passed in the kernel cmdline...
however....
- (CON) kernel cmdline can only be set at compile time
- (con) not all kernels may have EFISTUB set?
- (con) can't do measured/secure boot
- (con) requires a fairly recent kernel on aarch w/ efi_zboot support
enabled since we compress the kernel
------- UKI -------
- (PRO) very simple, 1 file thing
- (PRO) supports adding dtb, setting kernel cmdline and so on
- (pro) can do measured/secure boot
- (CON) requires an EFI stub loader
- can't find a stub loader that meets all requirements (other than
the one from systemd-boot...)
- (con) requires efi-mkuki or dealing with objcopy directly (eww)
- (con) requires a fairly recent kernel on aarch w/ efi_zboot support
------- limine -------
- (PRO) easy to install/configure, already have boot-deploy and pmaports
patches
- (PRO) can be cross compiled easily
- evidence is in aports
- ...but I couldn't reproduce building aarch64 and riscv64 on x86_64
- (pro) can do measured/secure boot (I think?)
- (CON) doesn't target all required archs
- can't do "linux boot" on aarch64, only "chainload"
- what about using chainload everywhere?
- requires using efistub in kernel
- what about dtb= and upstream recommendation to not use it except for
debug?
- no kernel compression support on aarch64
- see efi-stub.txt kernel doc
- (CON) vendors libgcc to support cross compilation
- probably not a good idea to trust binaries produced in microsoft
github's CI for some random project
------- stubbyboot -------
- (PRO) a straight forward stub loader
- (pro) can do measured/secure boot
- (CON) doesn't target all required archs
- (CON) cross compiling doesn't work.
- gcc can't do 32-bit on x86_64 Alpine...
- gnu-efi-dev needs to be fixed to package both 32-bit and 64-bit on x86_64...
- have patch in ~/src/aports that kinda does it.. but needs to be
fixed/finished
- maybe limine-efi works with it?
- tried, but fails due to missing efilib.h in limine-efi
------- systemd-stub -------
- (PRO) another straight forward stub loader
- (PRO) many (many) people using it, as part of systemd-boot
- (pro) can do measured/secure boot
- (con) requires a fairly recent kernel on aarch w/ efi_zboot support
enabled since we compress the kernel
- (con) doesn't target all required archs
- but does claim to support most... missing armv7.. maybe it
works?
- (con) will end up maintaining some downstream patch to build it
- hopefully the patch (if I can even make a working one!) is not too
complex!
- (CON) can't be built outside of systemd's silly large build system.
- UPDATE: largely resolved this in pmaports
- was able to build for native arch!
- can't build 32-bit on x86_64, no gcc multilib support in Alpine...
Couldn't get clang to work properly, but maybe it can somehow...
- https://github.com/mintsuki/libgcc-binaries ? NO! (don't want
bootloader binaries that depend on code compiled by microsoft /
github...)
------- DIY stub / bootloader -----
- (PRO) **might** target all required archs and other meet
requirements
- (CON) lots of time required to learn, design, do, debug, test
- (CON) lots of time required to learn, design, do, debug, test
- (CON) lots of time required to learn, design, do, debug, test
- (CON) (get the hint yet???)
- (CON) written in C, probably (there's a rust EFI lib, lol...)
[ci:skip-build]: Already built successfully in CI
htc-memul needs a special build with a different scratch address set. So
generalize the build function so we can make multiple builds with
parameters without duplicating too much code.
Adjust the trigger script to only check for the new deviceinfo path. The
purpose of this check is to make sure that a full device package is
installed, and only in that case run mkinitfs. Otherwise, it will fail
because e.g. no kernels may be installed.
With recent changes, /etc/deviceinfo is a part of devicepkg-utils and
only /usr/share/deviceinfo/deviceinfo really indicates that a device
package is installed.
Remove the "exit 0" at the end while at it, it did not do anything since
the script runs with "/bin/sh -e". Add a comment to make this clear.
[ci:skip-build]: already built successfully in CI
Previously, every device package would package its own /etc/deviceinfo
file, generating a conflict with every other device package. In a
previous commit we have moved the path to /usr/share/deviceinfo, but
we still want to install a sample "/etc/deviceinfo" file to guide
users on how to use the new features. This has the additional benefit
that there is only one of those files in the whole distro. However,
there is no dependency ordering between the device packages and
devicepkg-utils, so there's no warranty of which will be installed
first. Therefore, to avoid a conflict on most likely every user
upgrade, we use postmarketos-mvcfg.
In the process, add some tests and do some renaming on the existing ones, and
remove the workaround for #2228, will be solved appropriately in a follow-up
commit.
Fixes#1836
The port 7236 for TCP is registered with IANA by the
Wi-Fi Alliance for use for the Wi-Fi Display Protocol,
a.k.a. Miracast.
To establish the connection, the local DHCP server has to
be allowed to respond to requests on peer-to-peer Wi-Fi
networks.
Signed-off-by: Markus Göllnitz <camelcasenick@bewares.it>
[ci:skip-build]: already built successfully in CI
`url` and `pkgdesc` do affect the resulting package and as such
`pkgver` should be incremented, but it wasn't.
Fixes 0dfb1219f8
[ci:skip-build]: already built successfully in CI
Some change (I think some tools switching from the coreutils to busybox
versions?) subtly broke debug-shell behaviour. Try to fix it.
Signed-off-by: Caleb Connolly <caleb@connolly.tech>
[ci:skip-build]: already built successfully in CI
Hides this error when FDE is *not* enabled, and ultimately skips the
block of logic for detecting the luks partition:
/init: line 437: cryptsetup: not found
This error has confused some users in the past, who were reporting
issues with the initramfs.
There's probably a minor speedup on non-FDE systems as well from
bailing early.
If a file exists in the initramfs at runtime, cpio won't overwrite it
by default when extracting the initramfs-extra archive. This adds the -u
option to cpio, to overwrite any existing files in the destination.
This is meant to fix issues where the -extra archive has an app that is
meant to replace a busybox app, busybox --install creates it in the
initramfs and gzip will skip it since it's newer than what is in the
archive.
With full-fat mdev supporting by-partlabel lookups, there is a small
delay during startup. As mdev and dynamic partitions aren't actually
needed for the framebuffer device, move show_splash earlier.
Furthermore, slightly rework setup_framebuffer to not dump the verbose
message about waiting for the framebuffer unless the framebuffer isn't
found.
Signed-off-by: Caleb Connolly <caleb@connolly.tech>
This removes the possibility that multiple resize root partition methods
could be invoked. I'm not sure how likely this is in practice, but it
seems like we should avoid the possiblity altogether.
This also adds some more helpful printing to stdout when the partition
resize is skipped / not done.
findfs might produce a block device path like /dev/dm-3, these can
change across boots and devices. Make things more readable and
consistent by mapping from the /dev/dm-* path to the equivalent
/dev/mapper/xyz path. Combined with invoking kpartx from a
/dev/disk/by-partlabel/abc symlink, this results in the final block
device having a name like /dev/mapper/userdata2 on an Android device.
Whilst this is just nicer to work with, this will be especially useful for
the upcoming ondev2 postmarketOS installer to make device-specific
configuration and detection easier.
Save the root/boot partition paths once found, and optimise a few loops.
Additionally, fall-back to other search methods when the pmos_boot or
pmos_uuid_boot cmdline args are set but fail.
Co-authored-by: Clayton Craft <clayton@craftyguy.net>
Drop in mdev.conf and the /lib/mdev/persistent-storage script, these
cause /dev/disk/by-* to be populated in the ramdisk, making it
possible to do look up partition by-label and by-partlabel for free,
compared to findfs which can take some time.
As a first optimisation based on this, check for some partitions using
these paths and prioritise them when looking for subpartitions. Drop the
first find_boot_partition call as it doesn't really save time over the
call in the while loop.
The mdev config also handles setting up /dev/null, /dev/random, etc, so
these don't have to be done manually.
These files aren't owned by mkinitfs, or used to configure mkinitfs, so
I think it makes sense that they belong in a dir specific to this
package instead of cluttering up mkinitfs's config dirs.
Mount /dev (and /run) in initramfs so util-linux switch_root can move
the mounts over to the new sysroot before changing root.
BusyBox switch_root doesn't even attempt to move anything so use
util-linux's switch_root for this.
Explicitly disable tests too...
While a lot of Phosh development still happens on and for the Librem 5
we (thankfully) have lots of users and contributors using other devices.
Update the description to reflect that.
Ideally we'd emphasize that this is GNOME technology based and uses
wlroots but let's not make the description too long.
Instead of Purism's generic home page point the URL to phosh.mobi which
has some more details. An alternative URL would be
https://puri.sm/pureos/phosh/ but that points to a page that is a
currently a bit dated.
[ci:skip-vercheck]
[ci:skip-build] already built successfully in CI
* Don't use "cargo install", as it leads to building a second time.
* Make the build very verbose, as this package is mainly used to debug
and develop the crossdirect scripts for rust.
A welcoming application. It can be extended with custom pages which
we'll do later for a pmOS specific page, but for now it at least tells
the user a bit about Plasma
[ci:skip-vercheck]
Fix a bug where find_dtb() would fail if find encounters any errors,
even if it correctly found the dtb.
Signed-off-by: Caleb Connolly <caleb@connolly.tech>
In some cases, the dispatcher script fails if unudhcpd is already running.
Forcefully killing unudhcpd resolves the issue.
Fixes#2267.
Tested-by: Sicelo A. Mhlongo <absicsz@gmail.com>
[ci:skip-build]: already built successfully in CI
With the recent changes in commit 80fff9242, it's possible that the
client IP address is customized. Use the same code as in
init_functions.sh to get the this potentially customized IP address to
use for the nbd-client.
[ci:skip-build]: already built successfully in CI
With the recent changes in commit 80fff9242, there's no longer an $IP
variable we can use. Use the same code as in init_functions.sh to get
the potentially customized IP address to use for telnet.
The dependency xdg-desktop-portal-gnome has been reenabled in Alpine:
902360a184
> The linking issue was caused by libudev-zero being pulled in as
> dependency instead of eudev. This has been fixed in the meantime.
This reverts commit a48d4dac62.
[ci:skip-vercheck]
[ci:skip-build]: already built successfully in CI
See previous commit for rationale.
[ci:skip-vercheck]: No need to increment pkgrel when only changing
_pmb_recommends.
[ci:skip-build]: already built successfully in CI
Loupe is the new image viewer for GNOME. It also works better on phones
than Eye of GNOME and does not require any gschema overrides to fit the
narrow screens of phones.
