sig_cloud/diskimage-builder
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
0e5922c6b8
diskimage-builder/diskimage_builder/elements/rhel
History
Steve Baker 27a326dafb Support secure-boot bootloader where possible 
As of grub2 >= 2.02-95 on redhat family distros, calling grub2-install
on an EFI partition will fail with: "this utility cannot be used for
EFI platforms because it does not support UEFI Secure Boot."

This version of grub is now in centos8-stream and non-eus repos of
RHEL-8. It is not currently possible to build whole-disk UEFI images
on these distros, and when this package is promoted this will also
affect centos8 and RHEL-8 eus. The grub maintainers made this change
because the grub2-install generated /boot/efi/EFI/BOOT/BOOTX64.EFI
will never be capable of booting with Secure Boot.

This change defines a $EFI_BOOT_DIR for every distro element. When
directory /boot/efi/$EFI_BOOT_DIR exists a grub.cfg file in will be
generated there. This change also installs the shim package on redhat
family distros, which installs a copy of the shim bootloader to
/boot/efi/EFI/BOOT/BOOTX64.EFI. Using centos as an example, this
allows UEFI to boot the shim /boot/efi/EFI/BOOT/BOOTX64.EFI which
then chains to /boot/efi/EFI/centos/grubx64.efi.

If /boot/efi/$EFI_BOOT_DIR doesn't exist (such as for Ubuntu,
/boot/efi/EFI/ubuntu) the current behaviour of running grub-install to
generate /boot/efi/EFI/BOOT/BOOTX64.EFI will continue. For distros
such as Ubutnu where packaging does not populate /boot/efi/EFI/ubuntu
with .efi files, secure boot can be added in the future by copying
.efi files to /boot/efi/EFI/ubuntu and copying the shim file to
/boot/efi/EFI/BOOT/BOOTX64.EFI.

Change-Id: I90925218ff2aa4c4daffcf86e686b6d98d6b0f21
2021-03-11 10:27:59 +13:00
..
environment.d Support secure-boot bootloader where possible 2021-03-11 10:27:59 +13:00
pre-install.d Create /etc/machine-id for RHEL images 2019-08-07 18:18:34 +10:00
root.d Add aarch64 support for rhel 2021-03-08 07:00:15 +00:00
element-deps Add version-less RHEL element for RHEL7 and RHEL8 2019-05-29 11:28:53 +03:00
element-provides Add version-less RHEL element for RHEL7 and RHEL8 2019-05-29 11:28:53 +03:00
README.rst Add version-less RHEL element for RHEL7 and RHEL8 2019-05-29 11:28:53 +03:00

README.rst 

====
rhel
====

Use RHEL cloud images as the baseline for built disk images.

Because RHEL base images are not publicly available, it is necessary to first
download the RHEL cloud image from the Red Hat Customer Portal and pass the
path to the resulting file to disk-image-create as the ``DIB_LOCAL_IMAGE``
environment variable.

The cloud image can be found at (login required):
RHEL8: https://access.redhat.com/downloads/content/479/ver=/rhel---8/8.0/x86_64/product-software
RHEL7: https://access.redhat.com/downloads/content/69/ver=/rhel---7/7.1/x86_64/product-downloads


Then before running the image build, define DIB_LOCAL_IMAGE (replace the file
name with the one downloaded, if it differs from the example):

.. code-block:: bash

   export DIB_LOCAL_IMAGE=rhel-8.0-x86_64-kvm.qcow2

The downloaded file will then be used as the basis for any subsequent image
builds.

For further details about building RHEL images, see the rhel-common and
redhat-common element README files.

Environment Variables
---------------------

DIB_LOCAL_IMAGE
  :Required: Yes
  :Default: None
  :Description: The RHEL 8 base image you have downloaded. See the element
                description above for more details.
  :Example: ``DIB_LOCAL_IMAGE=/tmp/rhel8-cloud.qcow2``