Adding Harald to thread.
Seems to be nominally related boot path with deo and dm-crypt.
Adding to Dracut might be preferable to creating a separate PBA
Subhendu
On Jul 23, 2015 10:20 AM, "Chuck Anderson" <cra@xxxxxxx> wrote:
>
> I originally sent this to the packaging list, but there was no
> response there so I'm posting to devel now.
>
> I've also opened a review request for the non-controversial packaging
> of the "msed" utilities. Would anyone care to do a review swap?
>
> Review Request: msed - Tools to manage the activation and use of self encrypting drives
>
> https://bugzilla.redhat.com/show_bug.cgi?id=1245640
>
> Thanks.
>
> Date: Tue, 21 Jul 2015 18:48:27 -0400
> From: Chuck Anderson <cra@xxxxxxx>
> To: packaging@xxxxxxxxxxxxxxxxxxxxxxx
> Subject: [Fedora-packaging] building an embedded Linux distro into a RPM package
> Precedence: list
> Reply-To: Discussion of RPM packaging standards and practices for Fedora <packaging@xxxxxxxxxxxxxxxxxxxxxxx>
>
> I would like to submit a new package that provides a Pre-Boot
> Authorization (PBA) image. The PBA is a "bootloader" of sorts that
> prompts the user for the passphrase to unlock a Self-Encrypting Drive
> (SED) using the TCG OPAL command set, and then either chainloads to
> the real OS or reboots to allow the BIOS to boot the real OS. The
> image gets installed to the OPAL SED as a sort of "shadow MBR/shadow
> disk image" using a special command "msed" (Manage Self-Encrypting
> Drive) that I also plan to submit a package for.
>
> In my case, I've developed a tiny embedded Linux-based PBA image [1]
> using Buildroot [2] and the MSED software [3]. The final image is a
> MBR-partitioned disk image with VFAT filesystem containing the
> specially built Linux kernel (vmlinuz), initramfs (rootfs.gz), and the
> installed syslinux bootloader.
>
> Before you ask, I can't use even a stripped-down Fedora image for this
> purpose, because it must be TINY and it only exists to run a single
> command (linuxpba), then reboot. My image is 4MB and could be made
> even smaller. See the reasoning in [1] for why it must be so small.
>
> [1] https://github.com/cranderson/buildroot-linuxpba
> [2] http://buildroot.uclibc.org/
> [3] http://www.r0m30.com/msed
>
> Now I know there are several challenges to using the Buildroot
> approach to building software for Fedora. Buildroot downloads
> software from the Internet, unpacks, patches, configures, and builds
> it. The build environment is built first, so gcc, uClibc, busybox,
> etc. and then the packages you want to include are built in that
> environment.
>
> What is the best approach I should use that is acceptable to Fedora?
>
> Would it be acceptable to bundle source packages, Buildroot itself,
> and my Buildroot configuration into one SRPM so everything is
> self-contained and can be built without requiring network
> connectivity? This means I would have to bundle the source code for
> gcc, the linux kernel, uClibc, busybox, etc.
>
> Or is there some way to pull in SRPM packages that already exist in
> Fedora, and use those as part of my build process so that I don't have
> to bundle all the source code? Additionally, I could made separate
> SRPM packages for Buildroot itself, any components needed (uClibc is
> already in the distro), the Buildroot build scripts for
> buildroot-linuxpba, and the actual package I need (msed).
> --
> devel mailing list
> devel@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/devel
> Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct