From patchwork Fri Jan 25 17:57:24 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: dann frazier <dann.frazier@canonical.com>
X-Patchwork-Id: 1031231
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com
	(client-ip=91.189.94.19; helo=huckleberry.canonical.com;
	envelope-from=kernel-team-bounces@lists.ubuntu.com;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none)
	header.from=canonical.com
Received: from huckleberry.canonical.com (huckleberry.canonical.com
	[91.189.94.19])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 43mRZL63Y0z9sN6;
	Sat, 26 Jan 2019 04:57:46 +1100 (AEDT)
Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com)
	by huckleberry.canonical.com with esmtp (Exim 4.86_2)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1gn5jW-0000en-PI; Fri, 25 Jan 2019 17:57:38 +0000
Received: from complete.lackof.org ([198.49.126.79])
	by huckleberry.canonical.com with esmtps
	(TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2)
	(envelope-from <dannf@dannf.org>) id 1gn5jV-0000ds-MK
	for kernel-team@lists.ubuntu.com; Fri, 25 Jan 2019 17:57:37 +0000
Received: from localhost (c-107-2-141-103.hsd1.co.comcast.net
	[107.2.141.103])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (Client did not present a certificate)
	by complete.lackof.org (Postfix) with ESMTPSA id 64B7533E0279;
	Fri, 25 Jan 2019 10:57:36 -0700 (MST)
From: dann frazier <dann.frazier@canonical.com>
To: kernel-team@lists.ubuntu.com
Subject: [PATCH v2 1/2][disco linux-signed] UBUNTU: support recompression of
	signed kernels
Date: Fri, 25 Jan 2019 10:57:24 -0700
Message-Id: <20190125175725.6696-5-dann.frazier@canonical.com>
X-Mailer: git-send-email 2.20.1
In-Reply-To: <20190125175725.6696-1-dann.frazier@canonical.com>
References: <20190125175725.6696-1-dann.frazier@canonical.com>
MIME-Version: 1.0
X-Virus-Scanned: clamav-milter 0.100.2 at complete.lackof.org
X-Virus-Status: Clean
X-Spam-Status: No, score=0.0 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS,
	UNPARSEABLE_RELAY autolearn=unavailable autolearn_force=no
	version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
	complete.lackof.org
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

From: Seth Forshee <seth.forshee@canonical.com>

BugLink: https://bugs.launchpad.net/bugs/1804481

Our arm64 generic kernels are compressed, but they must be
decompressed for signing. The kernel build will indicate that a
signed kernel image should be recompressed by adding GZIP=1 into
a <kernel-image>.vars file in the signing tarball. Add support
for reading the contents of this file and compressing the kernel
image when GZIP=1.

Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
[ dannf: Use maximum gzip compression to match unsigned build ]
Signed-off-by: dann frazier <dann.frazier@canonical.com>
---
 debian/rules | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/debian/rules b/debian/rules
index b9afe67a162e..20b16d7da826 100755
--- a/debian/rules
+++ b/debian/rules
@@ -42,8 +42,16 @@ override_dh_auto_build:
 		cd "$(src_version)" || exit 1;					\
 		for s in *.efi.signed; do					\
 			[ ! -f "$$s" ] && continue;				\
-			chmod 600 "$$s";					\
 			base=$$(echo "$$s" | sed -e 's/.efi.signed//');		\
+			(							\
+				vars="$${base}.efi.vars";			\
+				[ -f "$$vars" ] && . "./$$vars";		\
+				if [ "$$GZIP" = "1" ]; then			\
+					gzip -9 "$$s";				\
+					mv "$${s}.gz" "$$s";			\
+				fi;						\
+			);							\
+			chmod 600 "$$s";					\
 			ln "$$s" "../SIGNED/$$base";				\
 		done;								\
 		for s in *.opal.sig; do						\

From patchwork Fri Jan 25 17:57:25 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: dann frazier <dann.frazier@canonical.com>
X-Patchwork-Id: 1031230
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com
	(client-ip=91.189.94.19; helo=huckleberry.canonical.com;
	envelope-from=kernel-team-bounces@lists.ubuntu.com;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none)
	header.from=canonical.com
Received: from huckleberry.canonical.com (huckleberry.canonical.com
	[91.189.94.19])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 43mRZL2l4Zz9sDB;
	Sat, 26 Jan 2019 04:57:46 +1100 (AEDT)
Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com)
	by huckleberry.canonical.com with esmtp (Exim 4.86_2)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1gn5jY-0000fR-30; Fri, 25 Jan 2019 17:57:40 +0000
Received: from complete.lackof.org ([198.49.126.79])
	by huckleberry.canonical.com with esmtps
	(TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2)
	(envelope-from <dannf@dannf.org>) id 1gn5jW-0000eB-Ad
	for kernel-team@lists.ubuntu.com; Fri, 25 Jan 2019 17:57:38 +0000
Received: from localhost (c-107-2-141-103.hsd1.co.comcast.net
	[107.2.141.103])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (Client did not present a certificate)
	by complete.lackof.org (Postfix) with ESMTPSA id 0445B33E0041;
	Fri, 25 Jan 2019 10:57:37 -0700 (MST)
From: dann frazier <dann.frazier@canonical.com>
To: kernel-team@lists.ubuntu.com
Subject: [PATCH v2 2/2][disco linux-signed] UBUNTU: Add support for arm64
Date: Fri, 25 Jan 2019 10:57:25 -0700
Message-Id: <20190125175725.6696-6-dann.frazier@canonical.com>
X-Mailer: git-send-email 2.20.1
In-Reply-To: <20190125175725.6696-1-dann.frazier@canonical.com>
References: <20190125175725.6696-1-dann.frazier@canonical.com>
MIME-Version: 1.0
X-Virus-Scanned: clamav-milter 0.100.2 at complete.lackof.org
X-Virus-Status: Clean
X-Spam-Status: No, score=0.0 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS,
	UNPARSEABLE_RELAY autolearn=unavailable autolearn_force=no
	version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
	complete.lackof.org
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

BugLink: https://bugs.launchpad.net/bugs/1804481

Signed-off-by: dann frazier <dann.frazier@canonical.com>
---
 debian/control.stub | 20 ++++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

diff --git a/debian/control.stub b/debian/control.stub
index 3f546b65f13b..049add06d448 100644
--- a/debian/control.stub
+++ b/debian/control.stub
@@ -8,12 +8,12 @@ Build-Depends:
  python3,
  python3-apt,
 Build-Depends-Arch:
- sbsigntool [amd64],
+ sbsigntool [amd64 arm64],
  linux-libc-dev (>= VERSION),
 Standards-Version: 3.9.4
 
 Package: linux-image-ABI-generic
-Architecture: amd64 ppc64el
+Architecture: amd64 arm64 ppc64el
 Depends: ${unsigned:Depends}
 Recommends: ${unsigned:Recommends}
 Suggests: ${unsigned:Suggests}
@@ -36,12 +36,24 @@ Description: Signed kernel image lowlatency
  A kernel image for lowlatency.  This version of it is signed with
  Canonical's UEFI signing key.
 
+Package: linux-image-ABI-snapdragon
+Architecture: arm64
+Depends: ${unsigned:Depends}
+Recommends: ${unsigned:Recommends}
+Suggests: ${unsigned:Suggests}
+Conflicts: ${unsigned:Conflicts}
+Provides: ${unsigned:Provides}
+Built-Using: linux (= VERSION)
+Description: Signed kernel image snapdragon
+ A kernel image for snapdragon.  This version of it is signed with
+ Canonical's UEFI/Opal signing key.
+
 Package: kernel-signed-image-ABI-generic-di
 Package-Type: udeb
 Section: debian-installer
 Priority: extra
 Provides: kernel-signed-image
-Architecture: amd64 ppc64el
+Architecture: amd64 arm64 ppc64el
 Built-Using: linux (= VERSION)
 Description: Signed kernel image generic for the Debian installer
  A kernel image for generic.  This version of it is signed with
@@ -50,7 +62,7 @@ Description: Signed kernel image generic for the Debian installer
 
 Package: linux-image-ABI-generic-dbgsym
 Section: devel
-Architecture: amd64 ppc64el
+Architecture: amd64 arm64 ppc64el
 Depends: linux-image-unsigned-ABI-generic-dbgsym
 Description: Signed kernel image generic
  A link to the debugging symbols for the generic signed kernel.

From patchwork Fri Jan 25 17:57:23 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: dann frazier <dann.frazier@canonical.com>
X-Patchwork-Id: 1031232
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com
	(client-ip=91.189.94.19; helo=huckleberry.canonical.com;
	envelope-from=kernel-team-bounces@lists.ubuntu.com;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none)
	header.from=canonical.com
Received: from huckleberry.canonical.com (huckleberry.canonical.com
	[91.189.94.19])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 43mRZM1ZjYz9sN8;
	Sat, 26 Jan 2019 04:57:47 +1100 (AEDT)
Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com)
	by huckleberry.canonical.com with esmtp (Exim 4.86_2)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1gn5jX-0000fE-US; Fri, 25 Jan 2019 17:57:39 +0000
Received: from complete.lackof.org ([198.49.126.79])
	by huckleberry.canonical.com with esmtps
	(TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2)
	(envelope-from <dannf@dannf.org>) id 1gn5jV-0000dc-2P
	for kernel-team@lists.ubuntu.com; Fri, 25 Jan 2019 17:57:37 +0000
Received: from localhost (c-107-2-141-103.hsd1.co.comcast.net
	[107.2.141.103])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (Client did not present a certificate)
	by complete.lackof.org (Postfix) with ESMTPSA id C265133E0252;
	Fri, 25 Jan 2019 10:57:35 -0700 (MST)
From: dann frazier <dann.frazier@canonical.com>
To: kernel-team@lists.ubuntu.com
Subject: [PATCH v2 3/3][disco linux] UBUNTU: Build signed kernels for arm64
Date: Fri, 25 Jan 2019 10:57:23 -0700
Message-Id: <20190125175725.6696-4-dann.frazier@canonical.com>
X-Mailer: git-send-email 2.20.1
In-Reply-To: <20190125175725.6696-1-dann.frazier@canonical.com>
References: <20190125175725.6696-1-dann.frazier@canonical.com>
MIME-Version: 1.0
X-Virus-Scanned: clamav-milter 0.100.2 at complete.lackof.org
X-Virus-Status: Clean
X-Spam-Status: No, score=0.0 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS,
	UNPARSEABLE_RELAY autolearn=unavailable autolearn_force=no
	version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
	complete.lackof.org
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

BugLink: https://bugs.launchpad.net/bugs/1804481

Signed-off-by: dann frazier <dann.frazier@canonical.com>
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
---
 debian.master/rules.d/arm64.mk | 1 +
 1 file changed, 1 insertion(+)

diff --git a/debian.master/rules.d/arm64.mk b/debian.master/rules.d/arm64.mk
index 999e4ca8129a3..23009120f7972 100644
--- a/debian.master/rules.d/arm64.mk
+++ b/debian.master/rules.d/arm64.mk
@@ -7,6 +7,7 @@ build_image	= Image.gz
 kernel_file	= arch/$(build_arch)/boot/Image.gz
 install_file	= vmlinuz
 no_dumpfile = true
+uefi_signed     = true
 
 # The uboot used in ubuntu core can't handle Image.gz, so
 # create this flavour to generate a Image just for them