mirror of
https://github.com/linuxkit/linuxkit.git
synced 2026-04-05 09:00:33 +00:00
fa1829529d
This patch uses coreos grub2 instead of the built-in gummiboot tool with Alpine distribution. Coreos grub2 has the security feature such as TPM and kernel verification, so we can setup a trust chain when loading modules with grub2. GNU grub2[1] also has the plan to add those security related features, they have a 'verifiers' branch to do that, but there're some build issue need to fix,so this patch use coreos as an alternative. This patch is used to address the #2359 #2375. Thanks Avi Deitcher <avi@deitcher.net> for the contribution to build the GRUB2 from ubuntu 16.04 to alpine base image. Change Log: 1.Address the comments raised by @rn 2.Change the '/dev/vda' as the device name point by kernel command line 'root=' on arm64, '/dev/sr0' on amd64. As next plan, we can adapt a more flexible method to get the dev name of the CDROM. 3.Switch the base image to build grub2 from ubuntu 16.04 to alpine. 4.'linux' as the grub2 menu entry on arm64, while 'linuxefi' on amd64. [1] https://git.savannah.gnu.org/git/grub.git Signed-off-by: Dennis Chen <dennis.chen@arm.com>
64 lines
1.6 KiB
Docker
64 lines
1.6 KiB
Docker
FROM linuxkit/alpine:8b53d842a47fce43464e15f65ee2f68b82542330 AS grub-build
|
|
|
|
RUN apk add \
|
|
automake \
|
|
make \
|
|
bison \
|
|
gettext \
|
|
flex \
|
|
gcc \
|
|
git \
|
|
libtool \
|
|
libc-dev \
|
|
linux-headers \
|
|
python3 \
|
|
autoconf
|
|
|
|
# because python is not available
|
|
RUN ln -s python3 /usr/bin/python
|
|
|
|
ENV GRUB_MODULES="part_gpt fat ext2 iso9660 gzio linux acpi normal cpio crypto disk boot crc64 gpt \
|
|
search_disk_uuid tftp verify xzio xfs video"
|
|
ENV GRUB_COMMIT=6782f6d431d22b4e9ab14e94d263795c7991e160
|
|
|
|
COPY patches/* /patches/
|
|
RUN mkdir /grub-lib && \
|
|
set -e && \
|
|
git clone https://github.com/coreos/grub.git && \
|
|
cd grub && \
|
|
git checkout -b grub-build ${GRUB_COMMIT} && \
|
|
for patch in /patches/*.patch; do \
|
|
echo "Applying $patch"; \
|
|
patch -p1 < "$patch"; \
|
|
done && \
|
|
./autogen.sh && \
|
|
./configure --libdir=/grub-lib --with-platform=efi CFLAGS="-Os -Wno-unused-value" && \
|
|
make -j "$(getconf _NPROCESSORS_ONLN)" && \
|
|
make install && \
|
|
# create the grub core image
|
|
case $(uname -m) in \
|
|
x86_64) \
|
|
./grub-mkimage -O x86_64-efi -d /grub-lib/grub/x86_64-efi -o /grub-lib/BOOTX64.EFI -p /EFI/BOOT ${GRUB_MODULES} linuxefi; \
|
|
;; \
|
|
aarch64) \
|
|
./grub-mkimage -O arm64-efi -d /grub-lib/grub/arm64-efi -o /grub-lib/BOOTAA64.EFI -p /EFI/BOOT ${GRUB_MODULES}; \
|
|
;; \
|
|
esac
|
|
|
|
FROM linuxkit/alpine:87a0cd10449d72f374f950004467737dbf440630 AS make-img
|
|
|
|
RUN \
|
|
apk update && apk upgrade && \
|
|
apk add --no-cache \
|
|
dosfstools \
|
|
libarchive-tools \
|
|
binutils \
|
|
mtools \
|
|
xorriso \
|
|
&& true
|
|
|
|
COPY . .
|
|
COPY --from=grub-build /grub-lib/BOOT*.EFI /usr/local/share/
|
|
|
|
ENTRYPOINT [ "/make-efi" ]
|