moby: add support for building EFI bootable Moby images

Wrap a EFI stub loader with vmlinuz, initrd, and a short commandline
inside a single EFI binary.

Two files are generated:
- mobylinux.efi is a raw EFI file which some hypervisors can boot directly
- mobylinux-efi.iso: ISO image with just MobyLinux in the EFI partition

also:
- rename legacy BIOS mobylinux.iso to mobylinux-bios.iso
- Build mobylinux-efi.iso as part of the standard mobylinux build

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>

alpine/.gitignore

@@ -1,5 +1,8 @@
 *.img
 *.img.gz
-mobylinux.iso
+/mobylinux-bios.iso
+/mobylinux-efi.iso
+/mobylinux-boot.vhdx
+/mobylinux.efi
 Dockerfile.armhf
 etc/inittab

alpine/Dockerfile.bios

@@ -1,3 +1,4 @@
+# Create a legacy BIOS bootable ISO
 FROM ubuntu:15.10
 
 RUN apt-get update && apt-get -y upgrade && apt-get -y install \
@@ -16,9 +17,9 @@ COPY kernel/vmlinuz64 /tmp/iso
 COPY isolinux.cfg /tmp/iso/isolinux
 
 RUN cd /tmp/iso && \
-    genisoimage -o ../output.iso -l -J -R \
+    genisoimage -o ../mobylinux-bios.iso -l -J -R \
                 -c isolinux/boot.cat  \
                 -b isolinux/isolinux.bin \
                    -no-emul-boot -boot-load-size 4 -boot-info-table \
                 -V MobyLinux . && \
-    isohybrid ../output.iso
+    isohybrid ../mobylinux-bios.iso

alpine/Dockerfile.efi

@@ -0,0 +1,55 @@
+# Create a EFI Bootable ISO
+FROM ubuntu:15.10
+
+RUN apt-get update && apt-get -y upgrade && apt-get -y install \
+    binutils mtools dosfstools xorriso \
+    gdisk qemu
+
+RUN mkdir -p /tmp/efi
+
+COPY initrd.img.gz /tmp/efi
+COPY kernel/vmlinuz64 /tmp/efi
+COPY packages/gummiboot/linuxx64.efi.stub /tmp/efi
+
+# Create a EFI boot file with kernel and initrd. From:
+# https://github.com/haraldh/mkrescue-uefi/blob/master/mkrescue-uefi.sh
+RUN cd /tmp/efi && \
+    echo "earlyprintk=serial console=ttyS0" > cmdline.txt && \
+    objcopy \
+        --add-section .osrel=/etc/os-release --change-section-vma .osrel=0x20000 \
+        --add-section .cmdline=./cmdline.txt --change-section-vma .cmdline=0x30000 \
+        --add-section .linux=./vmlinuz64 --change-section-vma .linux=0x40000 \
+        --add-section .initrd=initrd.img.gz --change-section-vma .initrd=0x3000000 \
+        ./linuxx64.efi.stub \
+        mobylinux.efi
+
+# create a ISO with a EFI boot partition
+RUN cd /tmp/efi && \
+    mkdir -p iso && \
+    dd if=/dev/zero of=iso/efi.raw bs=1024 count=70000 && \
+    mkfs.vfat iso/efi.raw && \
+    mmd -i iso/efi.raw ::/EFI && \
+    mmd -i iso/efi.raw ::/EFI/BOOT && \
+    mcopy -i iso/efi.raw mobylinux.efi ::/EFI/BOOT/BOOTX64.EFI && \
+    xorriso -as mkisofs \
+            -R -f -e efi.raw -no-emul-boot -o mobylinux-efi.iso iso
+
+# How to build a VHDX. Commented out because we are currently not using it
+# Don't delete: It took too long to figure out how to do this...
+# # create a disk image (150MB)
+# # This is a little odd, as we run this as part of the default command.
+# # Can't run this during the build step as it requires privilege.
+# # The Magic numbers in losetup are startsector (2048) times 512 and
+# # (endsector - startsector) * 512
+# CMD cd /tmp/efi && \
+#     dd if=/dev/zero of=disk.raw bs=1024 count=51200 && \
+#     sgdisk -N 1 -t 1:ef00 disk.raw && \
+#     losetup -o 1048576 --sizelimit 51362816 /dev/loop/1 disk.raw && \
+#     mkfs.vfat /dev/loop/1 && \
+#     echo "drive c: file=\"/dev/loop/1\" mtools_skip_check=1" > /etc/mtools.conf && \
+#     mmd c:/EFI && \
+#     mmd c:/EFI/BOOT && \
+#     mcopy mobylinux.efi c:/EFI/BOOT/BOOTX64.EFI && \
+#     losetup -d /dev/loop/1 && \
+#     qemu-img convert -O vhdx disk.raw mobylinux-boot.vhdx && \
+#     cp /tmp/efi/mobylinux.efi /tmp/efi/mobylinuxefi.iso /tmp/efi/mobylinux-boot.vhdx /mnt/

alpine/Makefile

@@ -1,4 +1,4 @@
-all:	initrd.img.gz
+all:	initrd.img.gz mobylinux-efi.iso
 
 ETCFILES=etc/issue etc/motd etc/network/interfaces
 ETCFILES+=etc/securetty
@@ -14,9 +14,15 @@ initrd.img: Dockerfile mkinitrd.sh repositories $(ETCFILES)
 initrd.img.gz: initrd.img
 	cat initrd.img | gzip -9 > initrd.img.gz
 
-mobylinux.iso: initrd.img Dockerfile.iso isolinux.cfg
+mobylinux-efi.iso: initrd.img.gz Dockerfile.efi
-	docker-compose build iso
+	docker-compose build efi
-	docker-compose run --rm -T iso cp /tmp/output.iso /mnt/mobylinux.iso
+	docker-compose run --rm -T efi \
+		cp /tmp/efi/mobylinux.efi /tmp/efi/mobylinux-efi.iso /mnt
+
+mobylinux-bios.iso: initrd.img Dockerfile.bios isolinux.cfg
+	docker-compose build bios
+	docker-compose run --rm -T bios \
+		cp /tmp/mobylinux-bios.iso /mnt
 
 arm:	initrd-arm.img
 
@@ -37,6 +43,6 @@ initrd-arm.img: Dockerfile.armhf
 
 clean:
 	rm -f initrd.img initrd.img.gz initrd-arm.img Dockerfile.armhf etc/inittab
-	rm -f mobylinux.iso
+	rm -f mobylinux-bios.iso mobylinux-efi.iso mobylinux.efi
 	$(MAKE) -C packages clean
 	$(MAKE) -C kernel clean

alpine/docker-compose.yml

@@ -5,16 +5,24 @@ services:
       context: .
     network_mode: bridge
     volumes:
-     - .:/mnt
+      - .:/mnt
+  efi:
+    privileged: true
+    build:
+      context: .
+      dockerfile: Dockerfile.efi
+    network_mode: bridge
+    volumes:
+      - .:/mnt
+  bios:
+    build:
+      context: .
+      dockerfile: Dockerfile.bios
+    network_mode: bridge
+    volumes:
+      - .:/mnt
   arm:
     build:
       context: .
       dockerfile: Dockerfile.armhf
     network_mode: bridge
-  iso:
-    build:
-      context: .
-      dockerfile: Dockerfile.iso
-    network_mode: bridge
-    volumes:
-     - .:/mnt