Lubuntu/livecd-rootfs
3
0
Fork 0
mirror of https://git.launchpad.net/livecd-rootfs synced 2025-02-11 05:07:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

ubuntu-cpc: Make the ESP 2GiB and mount it to /boot

Browse Source 
This is driven by online encryption scenarios. In order to efficiently
encrypt the root filesystem without modifying the partition layout, the
kernel should sit in an un-encrypted /boot partition.  Instead of
creating a new partition that would change the default partition layout,
we mount the ESP on /boot. We also need to then bind mount /boot on
/boot/efi because that's where Grub expects the ESP to be located.
This commit is contained in:
Gauthier Jolly 2022-11-17 13:26:22 +01:00
parent e1f18982e6
commit 6a66666e0a
2 changed files with 51 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
live-build/functions
View File

@ -208,8 +208,9 @@ mount_disk_image() {
mount_partition "${rootfs_dev_mapper}" $mountpoint
local uefi_dev="${loop_device}p15"
if [ -b ${uefi_dev} -a -e $mountpoint/boot/efi ]; then
mount "${uefi_dev}" $mountpoint/boot/efi
if [ -b ${uefi_dev} -a -e $mountpoint/boot ]; then
mount "${uefi_dev}" $mountpoint/boot
mount --bind $mountpoint/boot $mountpoint/boot/efi
fi
# This is needed to allow for certain operations
@ -250,11 +251,16 @@ umount_disk_image() {
local uefi_dev="${loop_device}p15"
if [ -e "$mountpoint/boot/efi" -a -b "$uefi_dev" ]; then
# zero fill free space in UEFI partition
cat < /dev/zero > "$mountpoint/boot/efi/bloat_file" 2> /dev/null || true
rm "$mountpoint/boot/efi/bloat_file"
mount --make-private "$mountpoint/boot/efi"
umount --detach-loop "$mountpoint/boot/efi"
# zero fill free space in UEFI partition
cat < /dev/zero > "$mountpoint/boot/efi/bloat_file" 2> /dev/null || true
rm "$mountpoint/boot/efi/bloat_file"
# unmount bind mount
umount "$mountpoint/boot/efi"
# unmount ESP
mount --make-private "$mountpoint/boot"
umount --detach-loop "$mountpoint/boot"
fi
if [ -e $mountpoint/usr/sbin/policy-rc.d ]; then

62
live-build/ubuntu-cpc/hooks.d/base/disk-image-uefi.binary
View File

@ -25,13 +25,8 @@ case ${PROJECT:-}:${SUBPROJECT:-} in
;;
esac
if [ "$ARCH" = "amd64" ]; then
IMAGE_SIZE=3758096384 # bump to 3.5G (3584*1024**2); Since Kinetic amd64 need more then the default 2.2G
fi
if [ "$ARCH" = "armhf" ]; then
IMAGE_SIZE=3758096384 # bump to 3.5G (3584*1024**2); Since Jammy armhf need more then the default 2.2G
fi
# 4G (4*1024**3)
IMAGE_SIZE=4294967296
# Change image size for preinstalled generic images
if [ -n "${SUBARCH:-}" ]; then
@ -55,7 +50,7 @@ create_partitions() {
arm64|armhf)
if [ "${SUBARCH:-}" = "generic" ]; then
sgdisk "${disk_image}" \
--new=15:0:204800 \
--new=15:0:+2G \
--typecode=15:ef00 \
--attributes=15:set:2 \
--new=14::+4M \
@ -63,7 +58,7 @@ create_partitions() {
--new=1:
else
sgdisk "${disk_image}" \
--new=15:0:204800 \
--new=15:0:+2G \
--typecode=15:ef00 \
--new=1:
fi
@ -77,7 +72,7 @@ create_partitions() {
# cloud-image
sgdisk "${disk_image}" \
--set-alignment=2 \
--new=15::+106M \
--new=15::+2G \
--typecode=15:ef00 \
--new=1:: \
--attributes=1:set:2
@ -97,7 +92,7 @@ create_partitions() {
--change-name=14:loader2 \
--typecode=14:F4FA3898-3478-4941-887D-FCEC4E9E3C05 \
--attributes=14:set:0 \
--new=15::+106M \
--new=15::+2G \
--typecode=15:ef00 \
--change-name=15:ESP \
--new=12::+4M \
@ -112,7 +107,7 @@ create_partitions() {
--change-name=13:loader \
--typecode=13:ef02 \
--attributes=13:set:0 \
--new=15::+106M \
--new=15::+2G \
--typecode=15:ef00 \
--change-name=15:ESP \
--new=12::+4M \
@ -123,7 +118,7 @@ create_partitions() {
# VisionFive
sgdisk "${disk_image}" \
--set-alignment=2 \
--new=15::+106M \
--new=15::+2G \
--typecode=15:ef00 \
--change-name=15:ESP \
--new=12::+4M \
@ -162,7 +157,7 @@ create_partitions() {
--change-name=14:loader2 \
--typecode=14:2E54B353-1271-4842-806F-E436D6AF6985 \
--attributes=14:set:0 \
--new=15::+106M \
--new=15::+2G \
--typecode=15:ef00 \
--new=12::+4M \
--change-name=12:CIDATA \
@ -176,7 +171,7 @@ create_partitions() {
--new=14::+4M \
--typecode=14:ef02 \
--attributes=14:set:2 \
--new=15::+106M \
--new=15::+2G \
--typecode=15:ef00 \
--new=13::+4M \
--change-name=13:CIDATA \
@ -184,7 +179,7 @@ create_partitions() {
else
sgdisk "${disk_image}" \
--new=14::+4M \
--new=15::+106M \
--new=15::+2G \
--new=1::
sgdisk "${disk_image}" \
-t 14:ef02 \
@ -201,11 +196,19 @@ create_and_mount_uefi_partition() {
mountpoint="$1"
mkfs.vfat -F 32 -n UEFI "${uefi_dev}"
mkdir -p "${mountpoint}"/boot/efi
mount "${uefi_dev}" "$mountpoint"/boot/efi
mkdir -p "${mountpoint}"/boot/
mount "${uefi_dev}" "$mountpoint"/boot/
cat << EOF >> "mountpoint/etc/fstab"
LABEL=UEFI /boot/efi vfat umask=0077 0 1
mkdir "$mountpoint/boot/efi"
mount --bind "$mountpoint/boot" "$mountpoint/boot/efi"
}
configure_chroot() {
mountpoint="$1"
cat << EOF >> "$mountpoint"/etc/fstab
LABEL=UEFI /boot vfat umask=0077 0 1
/boot /boot/efi vfat umask=0077,bind 0 0
EOF
}
@ -213,7 +216,8 @@ install_grub() {
mkdir mountpoint
mount_partition "${rootfs_dev_mapper}" mountpoint
create_and_mount_uefi_partition mountpoint
mount "${uefi_dev}" mountpoint/boot/
mount --bind mountpoint/boot mountpoint/boot/efi
echo "(hd0) ${loop_device}" > mountpoint/tmp/device.map
mkdir -p mountpoint/etc/default/grub.d
@ -517,16 +521,26 @@ EOF
disk_image=binary/boot/disk-uefi.ext4
# create the disk
create_empty_disk_image "${disk_image}"
create_partitions "${disk_image}"
mount_image "${disk_image}" 1
# Copy the chroot in to the disk
# create and mount the rootfs partition
make_ext4_partition "${rootfs_dev_mapper}"
mkdir mountpoint
mount "${rootfs_dev_mapper}" mountpoint
cp -a chroot/* mountpoint/
umount mountpoint
# create and mount the ESP
create_and_mount_uefi_partition mountpoint
# Copy the chroot into the disk
cp -a chroot/* mountpoint
configure_chroot mountpoint
# cleanup the mount
umount -R mountpoint
rmdir mountpoint
install_grub