moby: add support for building EFI bootable Moby images

Wrap a EFI stub loader with vmlinuz, initrd, and a short commandline inside a single EFI binary. Two files are generated: - mobylinux.efi is a raw EFI file which some hypervisors can boot directly - mobylinux-efi.iso: ISO image with just MobyLinux in the EFI partition also: - rename legacy BIOS mobylinux.iso to mobylinux-bios.iso - Build mobylinux-efi.iso as part of the standard mobylinux build Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
2025-07-22 10:31:35 +00:00 · 2016-03-08 19:01:09 +00:00 · 2016-03-08 19:01:09 +00:00 · f785d0d448
commit f785d0d448
parent 3ddc98d1b6
5 changed files with 89 additions and 16 deletions
--- a/alpine/.gitignore
+++ b/alpine/.gitignore
@ -1,5 +1,8 @@
 *.img
 *.img.gz
-mobylinux.iso
+/mobylinux-bios.iso
+/mobylinux-efi.iso
+/mobylinux-boot.vhdx
+/mobylinux.efi
 Dockerfile.armhf
 etc/inittab
--- a/alpine/Dockerfile.bios
+++ b/alpine/Dockerfile.bios
@ -1,3 +1,4 @@
+# Create a legacy BIOS bootable ISO
 FROM ubuntu:15.10

 RUN apt-get update && apt-get -y upgrade && apt-get -y install \
@ -16,9 +17,9 @@ COPY kernel/vmlinuz64 /tmp/iso
 COPY isolinux.cfg /tmp/iso/isolinux

 RUN cd /tmp/iso && \
-    genisoimage -o ../output.iso -l -J -R \
+    genisoimage -o ../mobylinux-bios.iso -l -J -R \
                -c isolinux/boot.cat  \
                -b isolinux/isolinux.bin \
                   -no-emul-boot -boot-load-size 4 -boot-info-table \
                -V MobyLinux . && \
-    isohybrid ../output.iso
+    isohybrid ../mobylinux-bios.iso
--- a/alpine/Dockerfile.efi
+++ b/alpine/Dockerfile.efi
@ -0,0 +1,55 @@
+# Create a EFI Bootable ISO
+FROM ubuntu:15.10
+
+RUN apt-get update && apt-get -y upgrade && apt-get -y install \
+    binutils mtools dosfstools xorriso \
+    gdisk qemu
+
+RUN mkdir -p /tmp/efi
+
+COPY initrd.img.gz /tmp/efi
+COPY kernel/vmlinuz64 /tmp/efi
+COPY packages/gummiboot/linuxx64.efi.stub /tmp/efi
+
+# Create a EFI boot file with kernel and initrd. From:
+# https://github.com/haraldh/mkrescue-uefi/blob/master/mkrescue-uefi.sh
+RUN cd /tmp/efi && \
+    echo "earlyprintk=serial console=ttyS0" > cmdline.txt && \
+    objcopy \
+        --add-section .osrel=/etc/os-release --change-section-vma .osrel=0x20000 \
+        --add-section .cmdline=./cmdline.txt --change-section-vma .cmdline=0x30000 \
+        --add-section .linux=./vmlinuz64 --change-section-vma .linux=0x40000 \
+        --add-section .initrd=initrd.img.gz --change-section-vma .initrd=0x3000000 \
+        ./linuxx64.efi.stub \
+        mobylinux.efi
+
+# create a ISO with a EFI boot partition
+RUN cd /tmp/efi && \
+    mkdir -p iso && \
+    dd if=/dev/zero of=iso/efi.raw bs=1024 count=70000 && \
+    mkfs.vfat iso/efi.raw && \
+    mmd -i iso/efi.raw ::/EFI && \
+    mmd -i iso/efi.raw ::/EFI/BOOT && \
+    mcopy -i iso/efi.raw mobylinux.efi ::/EFI/BOOT/BOOTX64.EFI && \
+    xorriso -as mkisofs \
+            -R -f -e efi.raw -no-emul-boot -o mobylinux-efi.iso iso
+
+# How to build a VHDX. Commented out because we are currently not using it
+# Don't delete: It took too long to figure out how to do this...
+# # create a disk image (150MB)
+# # This is a little odd, as we run this as part of the default command.
+# # Can't run this during the build step as it requires privilege.
+# # The Magic numbers in losetup are startsector (2048) times 512 and
+# # (endsector - startsector) * 512
+# CMD cd /tmp/efi && \
+#     dd if=/dev/zero of=disk.raw bs=1024 count=51200 && \
+#     sgdisk -N 1 -t 1:ef00 disk.raw && \
+#     losetup -o 1048576 --sizelimit 51362816 /dev/loop/1 disk.raw && \
+#     mkfs.vfat /dev/loop/1 && \
+#     echo "drive c: file=\"/dev/loop/1\" mtools_skip_check=1" > /etc/mtools.conf && \
+#     mmd c:/EFI && \
+#     mmd c:/EFI/BOOT && \
+#     mcopy mobylinux.efi c:/EFI/BOOT/BOOTX64.EFI && \
+#     losetup -d /dev/loop/1 && \
+#     qemu-img convert -O vhdx disk.raw mobylinux-boot.vhdx && \
+#     cp /tmp/efi/mobylinux.efi /tmp/efi/mobylinuxefi.iso /tmp/efi/mobylinux-boot.vhdx /mnt/
--- a/alpine/Makefile
+++ b/alpine/Makefile
@ -1,4 +1,4 @@
-all:	initrd.img.gz
+all:	initrd.img.gz mobylinux-efi.iso

 ETCFILES=etc/issue etc/motd etc/network/interfaces
 ETCFILES+=etc/securetty
@ -14,9 +14,15 @@ initrd.img: Dockerfile mkinitrd.sh repositories $(ETCFILES)
 initrd.img.gz: initrd.img
 	cat initrd.img | gzip -9 > initrd.img.gz

-mobylinux.iso: initrd.img Dockerfile.iso isolinux.cfg
-	docker-compose build iso
-	docker-compose run --rm -T iso cp /tmp/output.iso /mnt/mobylinux.iso
+mobylinux-efi.iso: initrd.img.gz Dockerfile.efi
+	docker-compose build efi
+	docker-compose run --rm -T efi \
+		cp /tmp/efi/mobylinux.efi /tmp/efi/mobylinux-efi.iso /mnt
+
+mobylinux-bios.iso: initrd.img Dockerfile.bios isolinux.cfg
+	docker-compose build bios
+	docker-compose run --rm -T bios \
+		cp /tmp/mobylinux-bios.iso /mnt

 arm:	initrd-arm.img

@ -37,6 +43,6 @@ initrd-arm.img: Dockerfile.armhf

 clean:
 	rm -f initrd.img initrd.img.gz initrd-arm.img Dockerfile.armhf etc/inittab
-	rm -f mobylinux.iso
+	rm -f mobylinux-bios.iso mobylinux-efi.iso mobylinux.efi
 	$(MAKE) -C packages clean
 	$(MAKE) -C kernel clean
--- a/alpine/docker-compose.yml
+++ b/alpine/docker-compose.yml
@ -5,16 +5,24 @@ services:
      context: .
    network_mode: bridge
    volumes:
-     - .:/mnt
+      - .:/mnt
+  efi:
+    privileged: true
+    build:
+      context: .
+      dockerfile: Dockerfile.efi
+    network_mode: bridge
+    volumes:
+      - .:/mnt
+  bios:
+    build:
+      context: .
+      dockerfile: Dockerfile.bios
+    network_mode: bridge
+    volumes:
+      - .:/mnt
  arm:
    build:
      context: .
      dockerfile: Dockerfile.armhf
    network_mode: bridge
-  iso:
-    build:
-      context: .
-      dockerfile: Dockerfile.iso
-    network_mode: bridge
-    volumes:
-     - .:/mnt