[Acked/CMT] [SRU][Xenial][Bionic][PATCH 0/2] UBUNTU: [Packaging] Support building Flattened Image Tree (FIT) kernels
Seth Forshee
seth.forshee at canonical.com
Tue Oct 22 19:27:27 UTC 2019
On Tue, Oct 15, 2019 at 08:18:54PM +0800, Shrirang Bagul wrote:
> On Mon, 2019-10-14 at 10:49 -0500, Seth Forshee wrote:
> > On Mon, Oct 14, 2019 at 02:43:20PM +0100, Andy Whitcroft wrote:
> > > On Mon, Oct 14, 2019 at 06:09:11PM +0800, Shrirang Bagul wrote:
> > > > BugLink: https://bugs.launchpad.net/bugs/1847969
> > > >
> > > > [Impact]
> > > > Flexible and powerful format based on Flattened Image Tree -- FIT (similar
> > > > to Flattened Device Tree). It allows the use of images with multiple
> > > > components (several kernels, ramdisks, etc.), with contents protected by
> > > > SHA1, MD5 or CRC32, etc.
> > > > More details:
> > > > https://gitlab.denx.de/u-boot/u-boot/blob/master/doc/uImage.FIT/howto.txt
> > > >
> > > > The packaging changes will add support for building a FIT kernel binary
> > > > blob which can be subsequently signed. These FIT-signed kernels will be
> > > > consumed by snapcraft recipes to build kernel snaps for platforms with
> > > > U-Boot bootloader enforcing secure boot.
> > > >
> > > > [Regression Potential]
> > > > Minimal. These patches add new signing logic and build script around
> > > > 'fit_signed' variable. The current build for generic kernels should not be
> > > > affected.
> > > >
> > > > Alfonso Sánchez-Beato (2):
> > > > UBUNTU: [Packaging] add rules to build FIT image
> > > > UBUNTU: [Packaging] force creation of headers directory
> > > >
> > > > debian/rules | 2 +-
> > > > debian/rules.d/1-maintainer.mk | 1 +
> > > > debian/rules.d/2-binary-arch.mk | 17 +++++++++++++-
> > > > debian/scripts/build-fit | 40 +++++++++++++++++++++++++++++++++
> > > > 4 files changed, 58 insertions(+), 2 deletions(-)
> > > > create mode 100755 debian/scripts/build-fit
> > >
> > > These look reasonable. I am slightly supprised by the second one
> > > needing to exist, but the result looks safe even so.
> > >
> > > ~sforshee I assume we want to fold this into the latest kernel with s390
> > > signing in it too.
> >
> > Yes, I think we probably want to add it to unstable at minimum. Not sure
> > that's it's relevant to eoan, but if so we're at the SRU stage now.
> I'll send a separate series of patches for 'unstable'.
Checking in on this, as I haven't seen patches for unstable yet.
Thanks,
Seth
More information about the kernel-team
mailing list