Loading files on other devices?

[trini]

Does this support opening files in locations other than where the module itself resides? For example, if I have (hd0,gpt1) as where SELoader (and shim and everything else reside) and wish to have GRUB load from a FAT partition that's on (hd0,gpt2) instead AFAICT SELoader (and Mok2Verify) is passing back FILE_NOT_FOUND even if yes, the file really does exist. Any pointers greatly appreciated, thanks!

[addud]

Hi,
Same issue here. I have Grub/shim/SEloader loading from the EFI partition (sda1) and grub.cfg,kernel and initramfs from the rootfs partition (sda2). Is there a way to make SEloader resolve the paths relative to the partition the images being verified are loaded from rather than the partition the module was loaded from?

Thanks!

[phatina]

Did you manage to resolve this issue?

I have SELoader.efi on partition 1 and kernel+initramfs on partition 2 or 3. I keep seeing a debug message saying "Failed to opem file (hd0,gpt2)\boot\bzImage..."

My disk layout:

Disk /dev/mmcblk0: 29.74 GiB, 31914983424 bytes, 62333952 sectors                                                                        
Units: sectors of 1 * 512 = 512 bytes                               
Sector size (logical/physical): 512 bytes / 512 bytes               
I/O size (minimum/optimal): 512 bytes / 512 bytes                   
Disklabel type: gpt                                                 
Disk identifier: 24E73E75-8DAD-4CBD-B0EC-C9D57DA3BF10               

Device           Start     End Sectors  Size Type                   
/dev/mmcblk0p1   16384   49151   32768   16M EFI System             
/dev/mmcblk0p2   49152 4063231 4014080  1.9G Linux filesystem                                                                            
/dev/mmcblk0p3 4063232 8077311 4014080  1.9G Linux filesystem                                                                            
/dev/mmcblk0p4 8077312 8339455  262144  128M Linux filesystem

Do you have a tip, how to load kernel from different partition? I can see that SELoader tries to read from different partition already, but fails.

Thanks a lot.

[trini]

No, I reworked my A/B update scheme to include logic to update the ESP contents after flashing before rebooting. Given your layout @phatina you may need to do the same. That also means going with a larger ESP :)

[phatina]

No, I reworked my A/B update scheme to include logic to update the ESP contents after flashing before rebooting. Given your layout @phatina you may need to do the same. That also means going with a larger ESP :)

Hi, thank you for a quick reply. I am using Mender for OTA updates which puts kernel and initramfs into separate partitions so that I can update also those. What do you suggest to do with EFI partition? Since OpenRootDirectory() in File.c opens the same device where SELoader.efi is placed, how can I reach other device with my kernel?

Thanks.

[trini]

I was also using Mender in that case and went with (I can't go check the details easily atm) the supported post-install pre-reboot hooks to copy what I needed around and have corresponding changes so it would use the kernel+initramfs from the ESP and not A/B directly.

[phatina]

Aha, okay.

So you mimicked A/B interface in ESP, say we have /boot/a/bzImage{,.p7b} and /boot/b/bzImage{,.p7b}?

As per post-install hook - this one copied the fresh new kernel to ESP, right?
What about pre-reboot hook? What role did it serve in this case?

Thank a lot Tom.

[trini]

I can't dig at the details, sorry, but in short, yes, I mimicked A/b under EFI/ on the ESP and then used some of the supported spots in Mender to copy the contents and overwrote the grub.cfg logic to know to use that location instead of A/B rootfs itself. I only needed to modify one hook I recall.

[phatina]

@trini Do you have a clue if I can use this SELoader to boot from PXE?

[trini]

@phatina Did not do anything with PXE, sorry.

[thomas-roos]

i have basically the same question - opened a bug here: jiazhang0/meta-secure-core#155
add this to have a cross reference