diskimage-builder/diskimage_builder/elements/iso
Steve Baker 27a326dafb Support secure-boot bootloader where possible
As of grub2 >= 2.02-95 on redhat family distros, calling grub2-install
on an EFI partition will fail with: "this utility cannot be used for
EFI platforms because it does not support UEFI Secure Boot."

This version of grub is now in centos8-stream and non-eus repos of
RHEL-8. It is not currently possible to build whole-disk UEFI images
on these distros, and when this package is promoted this will also
affect centos8 and RHEL-8 eus. The grub maintainers made this change
because the grub2-install generated /boot/efi/EFI/BOOT/BOOTX64.EFI
will never be capable of booting with Secure Boot.

This change defines a $EFI_BOOT_DIR for every distro element. When
directory /boot/efi/$EFI_BOOT_DIR exists a grub.cfg file in will be
generated there. This change also installs the shim package on redhat
family distros, which installs a copy of the shim bootloader to
/boot/efi/EFI/BOOT/BOOTX64.EFI. Using centos as an example, this
allows UEFI to boot the shim /boot/efi/EFI/BOOT/BOOTX64.EFI which
then chains to /boot/efi/EFI/centos/grubx64.efi.

If /boot/efi/$EFI_BOOT_DIR doesn't exist (such as for Ubuntu,
/boot/efi/EFI/ubuntu) the current behaviour of running grub-install to
generate /boot/efi/EFI/BOOT/BOOTX64.EFI will continue. For distros
such as Ubutnu where packaging does not populate /boot/efi/EFI/ubuntu
with .efi files, secure boot can be added in the future by copying
.efi files to /boot/efi/EFI/ubuntu and copying the shim file to
/boot/efi/EFI/BOOT/BOOTX64.EFI.

Change-Id: I90925218ff2aa4c4daffcf86e686b6d98d6b0f21
2021-03-11 10:27:59 +13:00
..
cleanup.d Support secure-boot bootloader where possible 2021-03-11 10:27:59 +13:00
post-install.d Fix for rhel7 iso image creation. 2018-02-28 06:31:34 -06:00
element-deps Move elements & lib relative to diskimage_builder package 2016-11-01 17:27:41 -07:00
package-installs.yaml Move elements & lib relative to diskimage_builder package 2016-11-01 17:27:41 -07:00
pkg-map Fix for rhel7 iso image creation. 2018-02-28 06:31:34 -06:00
README.rst Remove the deprecated ironic-agent element 2021-01-21 14:06:08 +01:00

===
iso
===
Generates a bootable ISO image from the kernel/ramdisk generated by the
elements ``baremetal``, ``ironic-python-agent-ramdisk`` (from
ironic-python-agent-builder) or ``ramdisk``. It uses isolinux to boot on BIOS
machines and grub to boot on EFI machines.

This element has been tested on the following distro(s):
* ubuntu
* fedora
* debian

**NOTE**: For other distros, please make sure the ``isolinux.bin`` file
exists at ``/usr/lib/syslinux/isolinux.bin``.

baremetal element
-----------------
When used with ``baremetal`` element, this generates a bootable ISO image
named ``<image-name>-boot.iso`` booting the generated kernel and ramdisk.
It also automatically appends kernel command-line argument
'root=UUID=<uuid-of-the-root-partition>'.  Any more kernel command-line
arguments required may be provided by specifying them in
``DIB_BOOT_ISO_KERNEL_CMDLINE_ARGS``.

**NOTE**: It uses pre-built efiboot.img by default to work for UEFI machines.
This is because of a bug in latest version of grub[1].  The user may choose
to avoid using pre-built binary and build efiboot.img on their own machine
by setting the environment variable DIB\_UEFI\_ISO\_BUILD\_EFIBOOT to 1 (this
might work only on certain versions of grub). The current efiboot.img was
generated by the method build\_efiboot\_img() in 100-build-iso on
Ubuntu 13.10 with grub 2.00-19ubuntu2.1.

ramdisk element
---------------
When used with ``ramdisk`` element, this generates a bootable ISO image
named ``<image-name>.iso`` booting the generated kernel and ramdisk. It also
automatically appends kernel command-line argument 'boot\_method=vmedia'
which is required for Ironic drivers ``iscsi_ilo``.

ironic-python-agent-ramdisk element
-----------------------------------
When used with ``ironic-python-agent-ramdisk`` element, this generates a
bootable ISO image named ``<image-name>.iso`` which boots the agent kernel and
agent ramdisk.

**REFERENCES**

[1] https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1378658