08e061a3fa
Update the bootctl settings to use a TKey with sandbox. Signed-off-by: Simon Glass <simon.glass@canonical.com>
140 lines
2.6 KiB
Plaintext
140 lines
2.6 KiB
Plaintext
// SPDX-License-Identifier: GPL-2.0+
|
|
/*
|
|
* This contains the various components needed to boot Ubuntu 24.04 Desktop. It
|
|
* provides a description of the process, similar to a grub.cfg file.
|
|
*/
|
|
|
|
&boot_ctl {
|
|
compatible = "bootctl,ubuntu-desktop", "bootctl,logic";
|
|
|
|
options {
|
|
/* use persistent storage for variables */
|
|
persist-state;
|
|
|
|
/* store a default OS in the persistent storage */
|
|
default-os;
|
|
|
|
/* timeout in seconds before booting a default OS */
|
|
timeout = <5>;
|
|
|
|
/* skip timeout if boot was successful */
|
|
skip-timeout-on-success;
|
|
|
|
/* track boot success / failure in state */
|
|
track-success;
|
|
|
|
/* auto-boot the default OS after a timeout */
|
|
// autoboot;
|
|
|
|
/* measure loaded images, etc. */
|
|
#if !defined(CONFIG_QEMU) && !defined(CONFIG_EFI_APP)
|
|
measure;
|
|
#endif
|
|
|
|
/* use TKey for unlocking encrypted volumes */
|
|
#ifdef CONFIG_SANDBOX
|
|
tkey;
|
|
#endif
|
|
|
|
/* restrict labels to boot (separated by space) */
|
|
#ifdef CONFIG_QEMU
|
|
labels = "virtio";
|
|
#endif
|
|
#ifdef CONFIG_SANDBOX
|
|
labels = "mmc usb";
|
|
#endif
|
|
};
|
|
|
|
measure {
|
|
compatible = "bootctl,simple-measure";
|
|
|
|
tpm-log-size = <0x10000>;
|
|
|
|
/*
|
|
* should we use compatible strings for each subnode? That might
|
|
* provide more flexibility for expansion
|
|
*/
|
|
|
|
os {
|
|
method = "tpm-pcr";
|
|
pcr-number = <6>;
|
|
algos = "sha256";
|
|
};
|
|
|
|
initrd {
|
|
method = "tpm-pcr";
|
|
pcr-number = <9>;
|
|
algos = "sha256";
|
|
};
|
|
|
|
fdt {
|
|
method = "tpm-pcr";
|
|
pcr-number = <8>;
|
|
algos = "sha256";
|
|
};
|
|
|
|
cmdline {
|
|
method = "tpm-pcr";
|
|
pcr-number = <8>;
|
|
algos = "sha256";
|
|
optional;
|
|
};
|
|
};
|
|
|
|
oslist-extlinux {
|
|
compatible = "bootctl,extlinux-oslist";
|
|
|
|
/* indicates the filesystems needed to access extlinux */
|
|
filesystems {
|
|
ext4 {
|
|
/* add enabled options here? */
|
|
};
|
|
|
|
fat {
|
|
};
|
|
};
|
|
};
|
|
|
|
#ifndef CONFIG_SANDBOX
|
|
oslist-efi {
|
|
compatible = "bootctl,efifile-oslist";
|
|
|
|
/* indicates the filesystems needed to access EFI files */
|
|
filesystems {
|
|
fat {
|
|
};
|
|
};
|
|
};
|
|
#endif
|
|
|
|
state {
|
|
compatible = "bootctl,simple-state", "bootctl,state";
|
|
|
|
/* revisit, as we may want to reference the hardware device */
|
|
#ifdef CONFIG_SANDBOX
|
|
location = "hostfs", "0";
|
|
filename = "bootctl.ini";
|
|
#else
|
|
location = "efi", "1:5";
|
|
filename = "/boot/bootctl/bootctl.ini";
|
|
#endif
|
|
};
|
|
|
|
ui-multi {
|
|
compatible = "bootctl,multiboot-ui", "bootctl,simple-ui",
|
|
"bootctl,ui";
|
|
graphical = "if-available";
|
|
textual = "if-available";
|
|
#ifdef CANONICAL_LOGO
|
|
logo = /incbin/("/home/sglass/u/boot/bootctl/canonical.bmp");
|
|
#endif
|
|
};
|
|
|
|
ui-simple {
|
|
compatible = "bootctl,simple-ui", "bootctl,ui";
|
|
graphical = "if-available";
|
|
textual = "if-available";
|
|
};
|
|
|
|
};
|