This patch uses coreos grub2 instead of the built-in gummiboot
tool with Alpine distribution.
Coreos grub2 has the security feature such as TPM and kernel
verification, so we can setup a trust chain when loading
modules with grub2.
GNU grub2[1] also has the plan to add those security related
features, they have a 'verifiers' branch to do that, but
there're some build issue need to fix,so this patch use
coreos as an alternative.
This patch is used to address the #2359#2375.
Thanks Avi Deitcher <avi@deitcher.net> for the contribution
to build the GRUB2 from ubuntu 16.04 to alpine base image.
Change Log:
1.Address the comments raised by @rn
2.Change the '/dev/vda' as the device name point by kernel command
line 'root=' on arm64, '/dev/sr0' on amd64. As next plan, we can adapt
a more flexible method to get the dev name of the CDROM.
3.Switch the base image to build grub2 from ubuntu 16.04 to alpine.
4.'linux' as the grub2 menu entry on arm64, while 'linuxefi' on amd64.
[1] https://git.savannah.gnu.org/git/grub.git
Signed-off-by: Dennis Chen <dennis.chen@arm.com>
In line with BIOS ISO changes previously.
Remove boot options, user can add if required, they made boot very slow.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Previously we hardcoded `bzImage` which is not used for all
use cases or architectures.
fix#1630
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
mkfs.vfat prints output (even without the -v option) which ends up
in front of the ISO, which is cat'ed to stdout. This made the generated
ISO unbootable. Redirect stdout of mkfs.vfat to /dev/null.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
This requires switching to the dosfstools from alpine:edge since neither the
busybox nor alpine:3.5 dosfstools supports the -C option (in fact alpine:3.5
only has mkfs.fat and not mkfs.vfat).
The 511k slack seems like a lot to me, but 256k was somehow not enough.
Fixes#1304.
Signed-off-by: Ian Campbell <ian.campbell@docker.com>
Note that the EFI ISO is not yet automatically sized, and the
kernel command lines are currently hard coded in the builders.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
