Received: from mail-oi1-x234.google.com (mail-oi1-x234.google.com [IPv6:2607:f8b0:4864:20::234]) by gbr-app-1.alpinelinux.org (Postfix) with ESMTPS id A2AB0225F6E for <~alpine/users@lists.alpinelinux.org>; Mon, 25 Nov 2024 14:21:33 +0000 (UTC) Received: by mail-oi1-x234.google.com with SMTP id 5614622812f47-3ea467fda32so446478b6e.1 for <~alpine/users@lists.alpinelinux.org>; Mon, 25 Nov 2024 06:21:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1732544492; x=1733149292; darn=lists.alpinelinux.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=QTv7/1SWU3x0J45McxmNqrFEIJXcuJRBNIITtlgo6Kw=; b=eHSN1+inMB+a+Q7WKpzG82uZnv+5UzRGuDX6nAVyocHhA3D9v3Vk9KawNRcKIn5vYd 27csC59wKfXubAARUckWDOcV01a7OkcXkGhrtMamNG3zTr+B4TVpHlShWPF7zsKavGYw vJIepwO+Qs5GTRV27HoUIOVt3CdcWlaokZAKtuYmDYZzwIAeXfFdE8X0N7ug5grPphGh KbcbEU8X+0cow6CYIVo96eR+bl7IiUSVjksvdv+4dIHXWNNIm0lQzroc+mfKj8LpZ1tS nXyriM1OD253VAUbxUKNY+aHPKuTePSGWw6iiZunqE2hrWv0uJeDYtShE3mWkMDydjCx xQEw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732544492; x=1733149292; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=QTv7/1SWU3x0J45McxmNqrFEIJXcuJRBNIITtlgo6Kw=; b=mPQ8+I/zMX2OI7F/R70eVQJfGlAGMmeEcaEn0i1fDwsNVkKOtemJb7ihEKsmI+wuYc CcYCEdma1oKIw/OFwgpm7aM9ZAT95eclmh/g7zgDGk5eM73SrYNdWxDebkd61pHm2jRS 5O+5WJ+Kgafph3fVcIEQeolIrL2VbjNsHd7LYv6NCiBa5n4e5e2HuoMujNwVrwV1H3Zp U0zuyz9gBEc2DJGigKf4lVCjrF7W5x54tXheqbRsLePiBK5yUav7+84601AJZ1eSuNN1 PFy95K8vfDip6PCJSp2yjYItszf8ttMNW0p+AscJxkt7E8edU4Lm5zLpUmF7zwVCERU4 vT/Q== X-Gm-Message-State: AOJu0YyMeZO93LZE/yhe50j9Zea0Kha6Cgm9Wf0AaxlOEQq2mEAU5hiM tW7WkkcVww1V4+jOitpINbl741CUexU1MSdoLptGQewEwQLlcBeiL+0+m8wJVIR0RxV8ZzdCgOy L/ekfVUmORR/AFp1jVA2UxTcwItw= X-Gm-Gg: ASbGnct32hXwe2TnPTGWT1n8M5JR+g1+H0a06UHlwWfmM8poyaLuaxgFDaysV2b1Fys w769a8sSRxNBianBblJap5FAYmQfg X-Google-Smtp-Source: AGHT+IEg6FJwO1GOm2gUOIajicwSjtUjEgl1mbBN8+bExyPJgWNQsDSSgfTj3Rv2fEM063xiFoO1e6emWqk+xnOMumI= X-Received: by 2002:a05:6358:6a53:b0:1ca:a0bf:a42d with SMTP id e5c5f4694b2df-1caa0bfa827mr74657355d.21.1732544491314; Mon, 25 Nov 2024 06:21:31 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Mallory Date: Mon, 25 Nov 2024 15:21:20 +0100 Message-ID: Subject: Re: UEFI and Unified Kernel Image To: daggs Cc: ~alpine/users@lists.alpinelinux.org Content-Type: multipart/alternative; boundary="000000000000f67c6a0627bd7280" --000000000000f67c6a0627bd7280 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hey Dagg! Thanks for taking time to answer! I can see that you do some funky mounting - you got both /efi and /boot/efi and then bind mount one to the other. Are you building UKI as well or is it just UEFI build? Would you mind sharing your full build process? Thanks! On Sat, Nov 23, 2024 at 5:46=E2=80=AFPM daggs wrote: > Greetings, > > I'm doing something similar, here is what I do: > mkfs.vfat ${DEV_POINT}1 > mkfs.ext3 ${DEV_POINT}2 > mkfs.ext4 ${DEV_POINT}3 > mkfs.ext4 ${DEV_POINT}4 > mkfs.ext4 ${DEV_POINT}5 > mkfs.ext4 ${DEV_POINT}6 > mount ${DEV_POINT}6 ${MNT_POINT} > mkdir -p ${MNT_POINT}/efi > mkdir -p ${MNT_POINT}/mnt/efi > mkdir -p ${MNT_POINT}/boot > mkdir -p ${MNT_POINT}/home > mkdir -p ${MNT_POINT}/tmp > mkdir -p ${MNT_POINT}/var > mount -t vfat ${DEV_POINT}1 ${MNT_POINT}/mnt/efi > mount ${DEV_POINT}2 ${MNT_POINT}/boot > mount ${DEV_POINT}3 ${MNT_POINT}/home > mount ${DEV_POINT}4 ${MNT_POINT}/tmp > mount ${DEV_POINT}5 ${MNT_POINT}/var > mount -o bind ${MNT_POINT}/mnt/efi ${MNT_POINT}/efi > cd ${MNT_POINT}/boot/ > ln -sf ../efi EFI > > maybe it will help you > > Dagg. > > > *Sent:* Saturday, November 23, 2024 at 3:22 PM > *From:* "Mallory" > *To:* ~alpine/users@lists.alpinelinux.org > *Subject:* UEFI and Unified Kernel Image > Ahoy there, > > I'm trying to come up with a script to build a minimal Alpine image with > support for UEFI and UKI (no secureboot) via static version of apt-tools. > Yet it would seem that whatever I try, the UEFI partition comes back empt= y. > And the odd thing is that the `bootx64.efi` is created in the appropriate > place (see the build output). Likely, I'm missing something painfully > obvious but being new to Alpine I would appreciate some pointers as to ho= w > I can debug the issue. > > Here's the script: > > #!/bin/bash > > set -eux > > readonly PATH=3D/bin:/sbin:/usr/bin:/usr/sbin > readonly DEFAULT_DISK_SIZE=3D"2G" > readonly IMAGE=3D"alpine.img" > readonly MIRROR=3Dhttps://dl-cdn.alpinelinux.org/alpine > readonly REL=3D3.21 > readonly ARCH=3D$(uname -m) > readonly APKV=3D2.14.4-r4 > readonly REPO=3D"${MIRROR}"/v"${REL}"/main > readonly HOST=3D"satellite" > > wait_until_settled() { > udevadm settle > blockdev --flushbufs --rereadpt "${1}" > until test -e "${1}p2"; do > echo "${1}p2 doesn't exist yet..." > sleep 1 > done > } > > cleanup() { > set +o errexit > > if [ -n "${LOOPDEV:-}" ]; then > losetup -d "${LOOPDEV}" > fi > if [ -n "${MOUNT:-}" ] && mountpoint -q "${MOUNT}"; then > umount --recursive "${MOUNT}" || exit 1 > fi > if [ -n "${TMPDIR:-}" ]; then > rm -rf "${TMPDIR}" > fi > } > trap cleanup EXIT > > init() { > readonly ORIG_PWD=3D"${PWD}" > readonly OUTPUT=3D"${PWD}/out" > tmpdir=3D"$(mktemp --dry-run --directory --tmpdir=3D"${PWD}/tmp")" > readonly TMPDIR=3D"${tmpdir}" > mkdir -p "${OUTPUT}" "${TMPDIR}" > if [ -n "${SUDO_UID:-}" ] && [ -n "${SUDO_GID:-}" ]; then > chown "${SUDO_UID}:${SUDO_GID}" "${OUTPUT}" "${TMPDIR}" > fi > cd "${TMPDIR}" > > readonly MOUNT=3D"${PWD}/mount" > mkdir "${MOUNT}" > } > > setup_disk() { > truncate -s "${DEFAULT_DISK_SIZE}" "${IMAGE}" > sgdisk --align-end \ > --clear \ > --new 0:0:+1G --typecode=3D0:ef00 --change-name=3D0:'EFI' \ > --new 0:0:0 --typecode=3D0:8304 --change-name=3D0:'alpine' \ > "${IMAGE}" > > LOOPDEV=3D$(losetup --find --partscan --show "${IMAGE}") > wait_until_settled "${LOOPDEV}" > > mkfs.vfat -F 32 -n EFI "${LOOPDEV}p1" > mkfs.ext4 -L alpine -q "${LOOPDEV}p2" > mount "${LOOPDEV}p2" "${MOUNT}" > mount --mkdir "${LOOPDEV}p1" "${MOUNT}/boot/efi" > } > > bootstrap() { > curl -s "${MIRROR}"/v"${REL}"/main/"${ARCH}"/apk-tools-static-${APKV}.apk > | tar xz > > ./sbin/apk.static --repository "${REPO}" \ > --update-cache \ > --allow-untrusted \ > --root "${MOUNT}" \ > --initdb add alpine-base > > cat <"${MOUNT}"/etc/fstab > LABEL=3Dalpine / ext4 defaults 0 0 > LABEL=3DEFI /boot/efi vfat defaults 0 2 > EOF > > echo "nameserver 1.1.1.1" > "${MOUNT}"/etc/resolv.conf > echo "${REPO}" >"${MOUNT}"/etc/apk/repositories > > cat <"${MOUNT}"/etc/network/interfaces > auto lo > iface lo inet loopback > > auto eth0 > iface eth0 inet dhcp > EOF > > for a in dev dev/pts proc sys run; do mount -o bind /$a "${MOUNT}"/$a; > done > > chroot "${MOUNT}" /bin/sh -x < mkdir -p /etc/kernel-hooks.d/ > mkdir -p /etc/mkinitfs/ > mkdir -p /boot/efi/EFI/Linux/ > > echo "cmdline=3Droot=3DLABEL=3Dalpine modules=3Dext4" > > /etc/kernel-hooks.d/secureboot.conf > echo "signing_disabled=3Dyes" >> /etc/kernel-hooks.d/secureboot.conf > echo "output_dir=3D"/boot/efi/EFI/Linux/"" >> > /etc/kernel-hooks.d/secureboot.conf > echo "output_name=3D"bootx64.efi"" >> /etc/kernel-hooks.d/secureboot.conf > echo "disable_trigger=3Dyes" >> /etc/mkinitfs/mkinitfs.conf > > apk update > apk add linux-lts \ > linux-firmware-none \ > mkinitfs \ > secureboot-hook \ > gummiboot-efistub \ > > setup-hostname -n "${HOST}" > > rc-update -q add devfs sysinit > rc-update -q add dmesg sysinit > rc-update -q add mdev sysinit > rc-update -q add hwdrivers sysinit > > rc-update -q add hwclock boot > rc-update -q add modules boot > rc-update -q add hostname boot > rc-update -q add bootmisc boot > rc-update -q add networking boot > > rc-update -q add mount-ro shutdown > rc-update -q add killprocs shutdown > rc-update -q add savecache shutdown > > rc-update -q add crond default > > mkdir -p /boot/efi/loader/entries > > cat > /boot/efi/loader/entries/alpine.conf < title Alpine Linux > linux /EFI/Linux/bootx64.efi > EOF > > ls -la /boot/efi/EFI/Linux/ > CHROOT > > cp "${IMAGE}" "${OUTPUT}/" > } > > main() { > if [ "$(id -u)" -ne 0 ]; then > echo "root is required" > exit 1 > fi > > init > setup_disk > bootstrap > } > > main > And the output from the run: > > + readonly PATH=3D/bin:/sbin:/usr/bin:/usr/sbin > + PATH=3D/bin:/sbin:/usr/bin:/usr/sbin > + readonly DEFAULT_DISK_SIZE=3D2G > + DEFAULT_DISK_SIZE=3D2G > + readonly IMAGE=3Dalpine.img > + IMAGE=3Dalpine.img > + readonly MIRROR=3Dhttps://dl-cdn.alpinelinux.org/alpine > + MIRROR=3Dhttps://dl-cdn.alpinelinux.org/alpine > + readonly REL=3D3.21 > + REL=3D3.21 > ++ uname -m > + readonly ARCH=3Dx86_64 > + ARCH=3Dx86_64 > + readonly APKV=3D2.14.4-r4 > + APKV=3D2.14.4-r4 > + readonly REPO=3Dhttps://dl-cdn.alpinelinux.org/alpine/v3.21/main > + REPO=3Dhttps://dl-cdn.alpinelinux.org/alpine/v3.21/main > + readonly HOST=3Dsatellite > + HOST=3Dsatellite > + trap cleanup EXIT > + main > ++ id -u > + '[' 0 -ne 0 ']' > + init > + readonly ORIG_PWD=3D/home/boojum/Documents/zzz/alpine-image-bootstrap > + ORIG_PWD=3D/home/boojum/Documents/zzz/alpine-image-bootstrap > + readonly OUTPUT=3D/home/boojum/Documents/zzz/alpine-image-bootstrap/out > + OUTPUT=3D/home/boojum/Documents/zzz/alpine-image-bootstrap/out > ++ mktemp --dry-run --directory > --tmpdir=3D/home/boojum/Documents/zzz/alpine-image-bootstrap/tmp > + > tmpdir=3D/home/boojum/Documents/zzz/alpine-image-bootstrap/tmp/tmp.u5KuNS= Sdie > + readonly > TMPDIR=3D/home/boojum/Documents/zzz/alpine-image-bootstrap/tmp/tmp.u5KuNS= Sdie > + > TMPDIR=3D/home/boojum/Documents/zzz/alpine-image-bootstrap/tmp/tmp.u5KuNS= Sdie > + mkdir -p /home/boojum/Documents/zzz/alpine-image-bootstrap/out > /home/boojum/Documents/zzz/alpine-image-bootstrap/tmp/tmp.u5KuNSSdie > + '[' -n 1000 ']' > + '[' -n 1000 ']' > + chown 1000:1000 /home/boojum/Documents/zzz/alpine-image-bootstrap/out > /home/boojum/Documents/zzz/alpine-image-bootstrap/tmp/tmp.u5KuNSSdie > + cd /home/boojum/Documents/zzz/alpine-image-bootstrap/tmp/tmp.u5KuNSSdie > + readonly > MOUNT=3D/home/boojum/Documents/zzz/alpine-image-bootstrap/tmp/tmp.u5KuNSS= die/mount > + > MOUNT=3D/home/boojum/Documents/zzz/alpine-image-bootstrap/tmp/tmp.u5KuNSS= die/mount > + mkdir > /home/boojum/Documents/zzz/alpine-image-bootstrap/tmp/tmp.u5KuNSSdie/moun= t > + setup_disk > + truncate -s 2G alpine.img > + sgdisk --align-end --clear --new 0:0:+1G --typecode=3D0:ef00 > --change-name=3D0:EFI --new 0:0:0 --typecode=3D0:8304 --change-name=3D0:a= lpine > alpine.img > Creating new GPT entries in memory. > Warning: The kernel is still using the old partition table. > The new table will be used at the next reboot or after you > run partprobe(8) or kpartx(8) > The operation has completed successfully. > ++ losetup --find --partscan --show alpine.img > + LOOPDEV=3D/dev/loop1 > + wait_until_settled /dev/loop1 > + udevadm settle > + blockdev --flushbufs --rereadpt /dev/loop1 > + test -e /dev/loop1p2 > + mkfs.vfat -F 32 -n EFI /dev/loop1p1 > mkfs.fat 4.2 (2021-01-31) > + mkfs.ext4 -L alpine -q /dev/loop1p2 > + mount /dev/loop1p2 > /home/boojum/Documents/zzz/alpine-image-bootstrap/tmp/tmp.u5KuNSSdie/moun= t > + mount --mkdir /dev/loop1p1 > /home/boojum/Documents/zzz/alpine-image-bootstrap/tmp/tmp.u5KuNSSdie/moun= t/boot/efi > + bootstrap > + curl -s > https://dl-cdn.alpinelinux.org/alpine/v3.21/main/x86_64/apk-tools-static-= 2.14.4-r4.apk > + tar xz > tar: Ignoring unknown extended header keyword 'APK-TOOLS.checksum.SHA1' > tar: Ignoring unknown extended header keyword 'APK-TOOLS.checksum.SHA1' > tar: Ignoring unknown extended header keyword 'APK-TOOLS.checksum.SHA1' > + ./sbin/apk.static --repository > https://dl-cdn.alpinelinux.org/alpine/v3.21/main --update-cache > --allow-untrusted --root > /home/boojum/Documents/zzz/alpine-image-bootstrap/tmp/tmp.u5KuNSSdie/moun= t > --initdb add alpine-base > fetch > https://dl-cdn.alpinelinux.org/alpine/v3.21/main/x86_64/APKINDEX.tar.gz > (1/24) Installing alpine-baselayout-data (3.6.8-r0) > (2/24) Installing musl (1.2.5-r7) > (3/24) Installing busybox (1.37.0-r8) > Executing busybox-1.37.0-r8.post-install > (4/24) Installing busybox-binsh (1.37.0-r8) > (5/24) Installing alpine-baselayout (3.6.8-r0) > Executing alpine-baselayout-3.6.8-r0.pre-install > Executing alpine-baselayout-3.6.8-r0.post-install > (6/24) Installing ifupdown-ng (0.12.1-r6) > (7/24) Installing libcap2 (2.71-r0) > (8/24) Installing openrc (0.55.1-r2) > Executing openrc-0.55.1-r2.post-install > (9/24) Installing mdev-conf (4.7-r0) > (10/24) Installing busybox-mdev-openrc (1.37.0-r8) > (11/24) Installing alpine-conf (3.18.1-r4) > (12/24) Installing alpine-keys (2.5-r0) > (13/24) Installing alpine-release (3.21.0_alpha20240923-r0) > (14/24) Installing ca-certificates-bundle (20240705-r0) > (15/24) Installing libcrypto3 (3.3.2-r4) > (16/24) Installing libssl3 (3.3.2-r4) > (17/24) Installing ssl_client (1.37.0-r8) > (18/24) Installing zlib (1.3.1-r2) > (19/24) Installing apk-tools (2.14.4-r4) > (20/24) Installing busybox-openrc (1.37.0-r8) > (21/24) Installing busybox-suid (1.37.0-r8) > (22/24) Installing scanelf (1.3.8-r1) > (23/24) Installing musl-utils (1.2.5-r7) > (24/24) Installing alpine-base (3.21.0_alpha20240923-r0) > Executing busybox-1.37.0-r8.trigger > OK: 8 MiB in 24 packages > + cat > + echo 'nameserver 1.1.1.1' > + echo https://dl-cdn.alpinelinux.org/alpine/v3.21/main > + cat > + for a in dev dev/pts proc sys run > + mount -o bind /dev > /home/boojum/Documents/zzz/alpine-image-bootstrap/tmp/tmp.u5KuNSSdie/moun= t/dev > + for a in dev dev/pts proc sys run > + mount -o bind /dev/pts > /home/boojum/Documents/zzz/alpine-image-bootstrap/tmp/tmp.u5KuNSSdie/moun= t/dev/pts > + for a in dev dev/pts proc sys run > + mount -o bind /proc > /home/boojum/Documents/zzz/alpine-image-bootstrap/tmp/tmp.u5KuNSSdie/moun= t/proc > + for a in dev dev/pts proc sys run > + mount -o bind /sys > /home/boojum/Documents/zzz/alpine-image-bootstrap/tmp/tmp.u5KuNSSdie/moun= t/sys > + for a in dev dev/pts proc sys run > + mount -o bind /run > /home/boojum/Documents/zzz/alpine-image-bootstrap/tmp/tmp.u5KuNSSdie/moun= t/run > + chroot > /home/boojum/Documents/zzz/alpine-image-bootstrap/tmp/tmp.u5KuNSSdie/moun= t > /bin/sh -x > + mkdir -p /etc/kernel-hooks.d/ > + mkdir -p /etc/mkinitfs/ > + mkdir -p /boot/efi/EFI/Linux/ > + echo 'cmdline=3Droot=3DLABEL=3Dalpine modules=3Dext4' > + echo 'signing_disabled=3Dyes' > + echo 'output_dir=3D/boot/efi/EFI/Linux/' > + echo 'output_name=3Dbootx64.efi' > + echo 'disable_trigger=3Dyes' > + apk update > fetch > https://dl-cdn.alpinelinux.org/alpine/v3.21/main/x86_64/APKINDEX.tar.gz > v20240923-5088-g92cc27fd38d [ > https://dl-cdn.alpinelinux.org/alpine/v3.21/main] > OK: 5550 distinct packages available > + apk add linux-lts linux-firmware-none mkinitfs secureboot-hook > gummiboot-efistub > (1/23) Installing gummiboot-efistub (48.1-r8) > (2/23) Installing linux-firmware-none (20240909-r3) > (3/23) Installing xz-libs (5.6.3-r0) > (4/23) Installing zstd-libs (1.5.6-r1) > (5/23) Installing kmod (33-r2) > (6/23) Installing lddtree (1.27-r0) > (7/23) Installing libeconf (0.6.3-r0) > (8/23) Installing libblkid (2.40.2-r4) > (9/23) Installing device-mapper-libs (2.03.28-r2) > (10/23) Installing json-c (0.18-r0) > (11/23) Installing libuuid (2.40.2-r4) > (12/23) Installing cryptsetup-libs (2.7.5-r1) > (13/23) Installing kmod-libs (33-r2) > (14/23) Installing mkinitfs (3.10.2-r1) > Executing mkinitfs-3.10.2-r1.post-install > (15/23) Installing linux-lts (6.12.0-r1) > (16/23) Installing libgcc (14.2.0-r4) > (17/23) Installing jansson (2.14-r4) > (18/23) Installing libstdc++ (14.2.0-r4) > (19/23) Installing binutils (2.43.1-r1) > (20/23) Installing efi-mkuki (0.1.0-r2) > (21/23) Installing kernel-hooks (0.2-r1) > (22/23) Installing sbsigntool (0.9.5-r2) > (23/23) Installing secureboot-hook (0.2-r2) > Executing secureboot-hook-0.2-r2.post-install > Executing busybox-1.37.0-r8.trigger > Executing kmod-33-r2.trigger > Executing mkinitfs-3.10.2-r1.trigger > Executing kernel-hooks-0.2-r1.trigger > kernel-hooks: executing hook 50-secureboot.hook (lts, 6.12.0-1, ) > =3D=3D> initramfs: creating /tmp/secureboot.Jlefgi/initramfs for 6.12.0-1= -lts > Display ELF dependencies as a tree > > Usage: lddtree [options] ELFFILE... > > Options: > -a, --all Show all duplicated dependencies > -h, --help Show this help output > -l, --flat Display output in a flat format > --no-auto-root Do not automatically prefix input ELFs with ROOT > -R, --root ROOT Use this ROOT filesystem tree > -V, --version Show version information > -x, --debug Run with debugging > =3D=3D> secureboot: creating UEFI Unified Kernel Image with /boot/vmlinuz= -lts > =3D=3D> secureboot: writing *unsigned* UEFI image to > /boot/efi/EFI/Linux//bootx64.efi (signing is disabled!) > OK: 133 MiB in 47 packages > + setup-hostname -n satellite > + rc-update -q add devfs sysinit > + rc-update -q add dmesg sysinit > + rc-update -q add mdev sysinit > + rc-update -q add hwdrivers sysinit > + rc-update -q add hwclock boot > + rc-update -q add modules boot > + rc-update -q add hostname boot > + rc-update -q add bootmisc boot > + rc-update -q add networking boot > + rc-update -q add mount-ro shutdown > + rc-update -q add killprocs shutdown > + rc-update -q add savecache shutdown > + rc-update -q add crond default > + mkdir -p /boot/efi/loader/entries > + cat > + ls -la /boot/efi/EFI/Linux/ > total 11416 > drwxr-xr-x 2 root root 4096 Nov 23 13:20 . > drwxr-xr-x 3 root root 4096 Nov 23 13:20 .. > -rwxr-xr-x 1 root root 11680190 Nov 23 13:20 bootx64.efi > + cp alpine.img /home/boojum/Documents/zzz/alpine-image-bootstrap/out/ > + cleanup > + set +o errexit > + '[' -n /dev/loop1 ']' > + losetup -d /dev/loop1 > + '[' -n > /home/boojum/Documents/zzz/alpine-image-bootstrap/tmp/tmp.u5KuNSSdie/moun= t > ']' > + mountpoint -q > /home/boojum/Documents/zzz/alpine-image-bootstrap/tmp/tmp.u5KuNSSdie/moun= t > + umount --recursive > /home/boojum/Documents/zzz/alpine-image-bootstrap/tmp/tmp.u5KuNSSdie/moun= t > + '[' -n > /home/boojum/Documents/zzz/alpine-image-bootstrap/tmp/tmp.u5KuNSSdie ']' > + rm -rf > /home/boojum/Documents/zzz/alpine-image-bootstrap/tmp/tmp.u5KuNSSdie > --000000000000f67c6a0627bd7280 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hey Dagg!

Thanks for taking time to ans= wer! I can see that you do some funky mounting - you got both /efi and /boo= t/efi and then bind mount one to the other. Are you building UKI as well or= is it just UEFI build? Would you mind sharing your full build process?

Thanks!

On Sat, Nov 23, 2024 at 5:46=E2=80=AFPM = daggs <daggs@gmx.com> wrote:
=
Greetings,

I'm doing something similar, here is what I do:
mkfs.vfat ${DEV_POINT}1
mkfs.ext3 ${DEV_POINT}2
mkfs.ext4 ${DEV_POINT}3
mkfs.ext4 ${DEV_POINT}4
mkfs.ext4 ${DEV_POINT}5
mkfs.ext4 ${DEV_POINT}6
mount ${DEV_POINT}6 ${MNT_POINT}
mkdir -p ${MNT_POINT}/efi
mkdir -p ${MNT_POINT}/mnt/efi
mkdir -p ${MNT_POINT}/boot
mkdir -p ${MNT_POINT}/home
mkdir -p ${MNT_POINT}/tmp
mkdir -p ${MNT_POINT}/var
mount -t vfat ${DEV_POINT}1 ${MNT_POINT}/mnt/efi
mount ${DEV_POINT}2 ${MNT_POINT}/boot
mount ${DEV_POINT}3 ${MNT_POINT}/home
mount ${DEV_POINT}4 ${MNT_POINT}/tmp
mount ${DEV_POINT}5 ${MNT_POINT}/var
mount -o bind ${MNT_POINT}/mnt/efi ${MNT_POINT}/efi
cd ${MNT_POINT}/boot/
ln -sf ../efi EFI
=C2=A0
maybe it will help you
=C2=A0
Dagg.
=C2=A0
=C2=A0
Sent:=C2=A0Saturday, November 23,= 2024 at 3:22 PM
From:=C2=A0"Mallory" <errorworship@gmail.com>
To:=C2=A0~alpine/users@lists.alpinelinux.org
Subject:=C2=A0UEFI and Unified Kernel Image
Ahoy there,
=C2=A0
I'm trying to come up with a script to build a minimal Alpine imag= e with support for UEFI and UKI (no secureboot) via static version of apt-t= ools. Yet it would seem that whatever I try, the UEFI partition comes back = empty. And the odd thing is that the `bootx64.efi` is created in the approp= riate place (see the build output). Likely, I'm missing something painf= ully obvious but being new to Alpine I would appreciate some pointers as to= how I can debug the issue.
=C2=A0
Here's the script:
=C2=A0
#!/bin/bash
=C2=A0
set -eux
=C2=A0
readonly PATH= =3D/bin:/sbin:/usr/bin:/usr/sbin
readonly DEFAULT_DISK_SIZE=3D"2G"<= /span>
readonly IMAGE= =3D"alpine.img"
readonly MIRROR= =3Dhttps://dl-cdn.alpinelinux.org/= alpine
readonly REL=3D= 3.21
readonly ARCH= =3D$(uname -m)
readonly APKV= =3D2.14.4-r4=
readonly REPO= =3D"${MIRROR}"/v"${REL}"/<= span style=3D"color:rgb(156,220,254)">main
readonly HOST= =3D"satellite"
=C2=A0
wait_until_settled() {
udevadm settle
blockdev --flushbufs --rereadpt "= ${1}"
until test -e "${1}p2&= quot;; do
echo "${1= }p2 doesn't exist yet...&= quot;
sleep 1
done
}
=C2=A0
cleanup() {
set +o errexit=
=C2=A0
if [ -n "= ${LOOPDEV:-}" ]; then
losetup -d &quo= t;${LOOPDEV}"
fi
if [ -n "= ${MOUNT:-}&q= uot; ] && mountpoint<= /span> -q "${MO= UNT}"; then
umount --recursive "${MOUNT}" || exit <= span style=3D"color:rgb(181,206,168)">1
fi
if [ -n "= ${TMPDIR:-}&= quot; ]; then
rm -rf "${= TMPDIR}"
fi
}
trap cleanup E= XIT
=C2=A0
init() {
readonly ORIG_PWD=3D"${PWD}"
readonly OUTPUT= =3D"${PWD}/out"
tmpdir=3D"= ;$(mktemp -= -dry-run --directory --tmpdir=3D"${PWD}/tmp"= ;)"
readonly TMPDIR= =3D"${tmpdir}"
mkdir -p "= ${OUTPUT}" "${TMPDIR}"
if [ -n "= ${SUDO_UID:-}" ] && [ -n "${SUDO_GID:-}" ]; then
chown "${= SUDO_UID}:${SUDO_GID}" "${OUTPUT}" &qu= ot;${TMPDIR}"
fi
cd "${TMP= DIR}"
=C2=A0
readonly MOUNT= =3D"${PWD}/mount"
mkdir "${= MOUNT}"
}
=C2=A0
setup_disk() {
truncate -s &qu= ot;${DEFAULT_DISK_SIZE= }" "${IMA= GE}"
sgdisk --align-end \
--clear \
--new 0:0:+1G --= typecode=3D0:ef00 --change-nam= e=3D0:'EFI' \
--new 0:0:0 --ty= pecode=3D0:8304 --change-name= =3D0:'alpine' = \
"${IMAGE}= "
=C2=A0
LOOPDEV=3D$(lo= setup --find --partscan --show "${IMAGE}")
wait_until_settled "${LOOPDEV}"
=C2=A0
mkfs.vfat -F 32= -n EFI "= ;${LOOPDEV}p1"
mkfs.ext4 -L al= pine -q "${LOOPDEV}p2"
mount "${= LOOPDEV}p2" "${MOUNT}"
mount --mkdir &= quot;${LOOPDEV}p1" "${MOUNT}/boot/efi"
}
=C2=A0
bootstrap() {
curl -s "$= {MIRROR}"/v"${REL}"/main/&= quot;${ARCH}"/apk-tools-static-${APKV}.apk | tar xz
=C2=A0
./sbin/apk.static --repository "${REPO<= /span>}" \
--update-cache \
--allow-untrusted \
--root "${= MOUNT}" \
--initdb add al= pine-base
=C2=A0
cat <<EOF >"${MOUNT}"/etc/fstab
LABEL=3Dalpine / ext4 defaults = 0 0
LABEL=3DEFI /boot/efi vfat defa= ults 0 2
EOF
=C2=A0
echo "nameserver 1.1.1.1" > &q= uot;${MOUNT}"/etc/resolv.conf
echo "${R= EPO}" >"${MOUNT}"/etc/apk/repositories
=C2=A0
cat <<EOF >"${MOUNT}"/etc/network/in= terfaces
auto lo
iface lo inet loopback =C2=A0
auto eth0
iface eth0 inet dhcp
EOF
=C2=A0
for a in dev dev/pts proc<= /span> sys run; do<= /span> mount -o bind= /$a "$= {MOUNT}"/$a; done
=C2=A0
chroot "${MOUNT}" /bin/sh -x <<CH= ROOT
mkdir -p /etc/kernel-hooks.d/
mkdir -p /etc/mkinitfs/<= /div>
mkdir -p /boot/efi/EFI/Linux/
=C2=A0
echo "cmdline=3Droot=3DLAB= EL=3Dalpine modules=3Dext4" > /etc/kernel-hooks.d/secureboot.conf
echo "signing_disabled=3Dy= es" >> /etc/kernel-hooks.d/secureboot.conf
echo "output_dir=3D"/= boot/efi/EFI/Linux/"" >> /etc/kernel-hooks.d/secureboot.con= f
echo "output_name=3D"= bootx64.efi"" >> /etc/kernel-hooks.d/secureboot.conf=
echo "disable_trigger=3Dye= s" >> /etc/mkinitfs/mkinitfs.conf
=C2=A0
apk update
apk add linux-lts \
linux-firmware-none \
mkinitfs \
secureboot-hook \
gummiboot-efistub \
=C2=A0
setup-hostname -n "${HOST}"
=C2=A0
rc-update -q add devfs sysinit<= /span>
rc-update -q add dmesg sysinit<= /span>
rc-update -q add mdev sysinit
rc-update -q add hwdrivers sysi= nit
=C2=A0
rc-update -q add hwclock boot
rc-update -q add modules boot
rc-update -q add hostname boot<= /span>
rc-update -q add bootmisc boot<= /span>
rc-update -q add networking boo= t
=C2=A0
rc-update -q add mount-ro shutd= own
rc-update -q add killprocs shut= down
rc-update -q add savecache shut= down
=C2=A0
rc-update -q add crond default<= /span>
=C2=A0
mkdir -p /boot/efi/loader/entri= es
=C2=A0
cat > /boot/efi/loader/entri= es/alpine.conf <<EOF
title Alpine Linux
linux /EFI/Linux/bootx64.efi
EOF
=C2=A0
ls -la /boot/efi/EFI/Linux/
CHROOT
=C2=A0
cp "${IMA= GE}" "${OUTPUT}/"<= /div>
}
=C2=A0
main() {
if [ "$(i= d -u)" -ne 0 ]; then=
echo "root is required"
exit 1
fi
=C2=A0
init
setup_disk
bootstrap
}
=C2=A0
main
And the output from the run:
=C2=A0
+ readonly PATH=3D/bin:/= sbin:/usr/bin:/usr/sbin
+ PATH=3D/bin:/sbin:/usr= /bin:/usr/sbin
+ readonly DEFAULT_DISK_= SIZE=3D2G
+ DEFAULT_DISK_SIZE=3D2G=
+ readonly IMAGE=3Dalpin= e.img
+ IMAGE=3Dalpine.img
+ readonly REL=3D3.21
+ REL=3D3.21
++ uname -m
+ readonly ARCH=3Dx86_64=
+ ARCH=3Dx86_64
+ readonly APKV=3D2.14.4= -r4
+ APKV=3D2.14.4-r4
+ readonly HOST=3Dsatell= ite
+ HOST=3Dsatellite
+ trap cleanup EXIT
+ main
++ id -u
+ '[' 0 -ne 0 &#= 39;]'
+ init
+ readonly ORIG_PWD=3D/h= ome/boojum/Documents/zzz/alpine-image-bootstrap
+ ORIG_PWD=3D/home/booju= m/Documents/zzz/alpine-image-bootstrap
+ readonly OUTPUT=3D/hom= e/boojum/Documents/zzz/alpine-image-bootstrap/out
+ OUTPUT=3D/home/boojum/= Documents/zzz/alpine-image-bootstrap/out
++ mktemp --dry-run --directory --tmpdir=3D/home/boojum/Documents/zzz/= alpine-image-bootstrap/tmp
+ tmpdir=3D/home/boojum/= Documents/zzz/alpine-image-bootstrap/tmp/tmp.u5KuNSSdie
+ readonly TMPDIR=3D/hom= e/boojum/Documents/zzz/alpine-image-bootstrap/tmp/tmp.u5KuNSSdie
+ TMPDIR=3D/home/boojum/= Documents/zzz/alpine-image-bootstrap/tmp/tmp.u5KuNSSdie
+ mkdir -p /home/boojum/= Documents/zzz/alpine-image-bootstrap/out /home/boojum/Documents/zzz/alpine-= image-bootstrap/tmp/tmp.u5KuNSSdie
+ '[' -n 1000 &#= 39;]'
+ '[' -n 1000 &#= 39;]'
+ chown 1000:1000 /home/= boojum/Documents/zzz/alpine-image-bootstrap/out /home/boojum/Documents/zzz/= alpine-image-bootstrap/tmp/tmp.u5KuNSSdie
+ cd /home/boojum/Docume= nts/zzz/alpine-image-bootstrap/tmp/tmp.u5KuNSSdie
+ readonly MOUNT=3D/home= /boojum/Documents/zzz/alpine-image-bootstrap/tmp/tmp.u5KuNSSdie/mount
+ MOUNT=3D/home/boojum/D= ocuments/zzz/alpine-image-bootstrap/tmp/tmp.u5KuNSSdie/mount
+ mkdir /home/boojum/Doc= uments/zzz/alpine-image-bootstrap/tmp/tmp.u5KuNSSdie/mount
+ setup_disk
+ truncate -s 2G alpine.= img
+ sgdisk --align-end --c= lear --new 0:0:+1G --typecode=3D0:ef00 --change-name=3D0:EFI --new 0:0:0 --= typecode=3D0:8304 --change-name=3D0:alpine alpine.img
Creating new GPT entries in memory.
Warning: The kernel is still using the old partition table.
The new table will be used at the next reboot or after you
run partprobe(8) or kpartx(8)
The operation has completed successfully.
++ losetup --find --partscan --show alpine.img
+ LOOPDEV=3D/dev/loop1
+ wait_until_settled /de= v/loop1
+ udevadm settle
+ blockdev --flushbufs -= -rereadpt /dev/loop1
+ test -e /dev/loop1p2
+ mkfs.vfat -F 32 -n EFI= /dev/loop1p1
mkfs.fat 4.2 (2021-01-31)
+ mkfs.ext4 -L alpine -q= /dev/loop1p2
+ mount /dev/loop1p2 /ho= me/boojum/Documents/zzz/alpine-image-bootstrap/tmp/tmp.u5KuNSSdie/mount
+ mount --mkdir /dev/loo= p1p1 /home/boojum/Documents/zzz/alpine-image-bootstrap/tmp/tmp.u5KuNSSdie/m= ount/boot/efi
+ bootstrap
+ tar xz
tar: Ignoring unknown extended header keyword 'APK-TOOLS.checksum.= SHA1'
tar: Ignoring unknown extended header keyword 'APK-TOOLS.checksum.= SHA1'
tar: Ignoring unknown extended header keyword 'APK-TOOLS.checksum.= SHA1'
+ ./sbin/apk.static --re= pository https://dl-cdn.alpinelinux.org/alpine/v3.21/main --update-= cache --allow-untrusted --root /home/boojum/Documents/zzz/alpine-image-boot= strap/tmp/tmp.u5KuNSSdie/mount --initdb add alpine-base
(1/24) Installing alpine-baselayout-data (3.6.8-r0)
(2/24) Installing musl (1.2.5-r7)
(3/24) Installing busybox (1.37.0-r8)
Executing busybox-1.37.0-r8.post-install
(4/24) Installing busybox-binsh (1.37.0-r8)
(5/24) Installing alpine-baselayout (3.6.8-r0)
Executing alpine-baselayout-3.6.8-r0.pre-install
Executing alpine-baselayout-3.6.8-r0.post-install
(6/24) Installing ifupdown-ng (0.12.1-r6)
(7/24) Installing libcap2 (2.71-r0)
(8/24) Installing openrc (0.55.1-r2)
Executing openrc-0.55.1-r2.post-install
(9/24) Installing mdev-conf (4.7-r0)
(10/24) Installing busybox-mdev-openrc (1.37.0-r8)
(11/24) Installing alpine-conf (3.18.1-r4)
(12/24) Installing alpine-keys (2.5-r0)
(13/24) Installing alpine-release (3.21.0_alpha20240923-r0)
(14/24) Installing ca-certificates-bundle (20240705-r0)
(15/24) Installing libcrypto3 (3.3.2-r4)
(16/24) Installing libssl3 (3.3.2-r4)
(17/24) Installing ssl_client (1.37.0-r8)
(18/24) Installing zlib (1.3.1-r2)
(19/24) Installing apk-tools (2.14.4-r4)
(20/24) Installing busybox-openrc (1.37.0-r8)
(21/24) Installing busybox-suid (1.37.0-r8)
(22/24) Installing scanelf (1.3.8-r1)
(23/24) Installing musl-utils (1.2.5-r7)
(24/24) Installing alpine-base (3.21.0_alpha20240923-r0)
Executing busybox-1.37.0-r8.trigger
OK: 8 MiB in 24 packages
+ cat
+ echo 'nameserver 1= .1.1.1'
+ cat
+ for a in dev dev/pts p= roc sys run
+ mount -o bind /dev /ho= me/boojum/Documents/zzz/alpine-image-bootstrap/tmp/tmp.u5KuNSSdie/mount/dev=
+ for a in dev dev/pts p= roc sys run
+ mount -o bind /dev/pts= /home/boojum/Documents/zzz/alpine-image-bootstrap/tmp/tmp.u5KuNSSdie/mount= /dev/pts
+ for a in dev dev/pts p= roc sys run
+ mount -o bind /proc /h= ome/boojum/Documents/zzz/alpine-image-bootstrap/tmp/tmp.u5KuNSSdie/mount/pr= oc
+ for a in dev dev/pts p= roc sys run
+ mount -o bind /sys /ho= me/boojum/Documents/zzz/alpine-image-bootstrap/tmp/tmp.u5KuNSSdie/mount/sys=
+ for a in dev dev/pts p= roc sys run
+ mount -o bind /run /ho= me/boojum/Documents/zzz/alpine-image-bootstrap/tmp/tmp.u5KuNSSdie/mount/run=
+ chroot /home/boojum/Do= cuments/zzz/alpine-image-bootstrap/tmp/tmp.u5KuNSSdie/mount /bin/sh -x
+ mkdir -p /etc/kernel-h= ooks.d/
+ mkdir -p /etc/mkinitfs= /
+ mkdir -p /boot/efi/EFI= /Linux/
+ echo 'cmdline=3Dro= ot=3DLABEL=3Dalpine modules=3Dext4'
+ echo 'signing_disa= bled=3Dyes'
+ echo 'output_dir= =3D/boot/efi/EFI/Linux/'
+ echo 'output_name= =3Dbootx64.efi'
+ echo 'disable_trig= ger=3Dyes'
+ apk update
v20240923-5088-g92cc27fd38d [https://dl-cdn.alpinelinux.org/alpine/v3.21/main]
OK: 5550 distinct packages available
+ apk add linux-lts linu= x-firmware-none mkinitfs secureboot-hook gummiboot-efistub
(1/23) Installing gummiboot-efistub (48.1-r8)
(2/23) Installing linux-firmware-none (20240909-r3)
(3/23) Installing xz-libs (5.6.3-r0)
(4/23) Installing zstd-libs (1.5.6-r1)
(5/23) Installing kmod (33-r2)
(6/23) Installing lddtree (1.27-r0)
(7/23) Installing libeconf (0.6.3-r0)
(8/23) Installing libblkid (2.40.2-r4)
(9/23) Installing device-mapper-libs (2.03.28-r2)
(10/23) Installing json-c (0.18-r0)
(11/23) Installing libuuid (2.40.2-r4)
(12/23) Installing cryptsetup-libs (2.7.5-r1)
(13/23) Installing kmod-libs (33-r2)
(14/23) Installing mkinitfs (3.10.2-r1)
Executing mkinitfs-3.10.2-r1.post-install
(15/23) Installing linux-lts (6.12.0-r1)
(16/23) Installing libgcc (14.2.0-r4)
(17/23) Installing jansson (2.14-r4)
(18/23) Installing libstdc++ (14.2.0-r4)
(19/23) Installing binutils (2.43.1-r1)
(20/23) Installing efi-mkuki (0.1.0-r2)
(21/23) Installing kernel-hooks (0.2-r1)
(22/23) Installing sbsigntool (0.9.5-r2)
(23/23) Installing secureboot-hook (0.2-r2)
Executing secureboot-hook-0.2-r2.post-install
Executing busybox-1.37.0-r8.trigger
Executing kmod-33-r2.trigger
Executing mkinitfs-3.10.2-r1.trigger
Executing kernel-hooks-0.2-r1.trigger
kernel-hooks: executing hook 50-secureboot.hook (lts, 6.12.0-1, )
=3D=3D> initramfs: creating /tmp/secureboot.Jlefgi/initramfs for 6.= 12.0-1-lts
Display ELF dependencies as a tree
=C2=A0
Usage: lddtree [options]= ELFFILE...
=C2=A0
Options:
-a, --all Show all duplicated dependencies
-h, --help Show this help output
-l, --flat Display output in a flat format
--no-auto-root Do not automatically prefix input ELFs with ROOT
-R, --root ROOT Use this ROOT filesystem tree
-V, --version Show version information
-x, --debug Run with debugging
=3D=3D> secureboot: creating UEFI Unified Kernel Image with /boot/v= mlinuz-lts
=3D=3D> secureboot: writing *unsi= gned* UEFI image to /boot/efi/EFI/Linux//bootx64.efi (signing is dis= abled!)
OK: 133 MiB in 47 packages
+ setup-hostname -n sate= llite
+ rc-update -q add devfs= sysinit
+ rc-update -q add dmesg= sysinit
+ rc-update -q add mdev = sysinit
+ rc-update -q add hwdri= vers sysinit
+ rc-update -q add hwclo= ck boot
+ rc-update -q add modul= es boot
+ rc-update -q add hostn= ame boot
+ rc-update -q add bootm= isc boot
+ rc-update -q add netwo= rking boot
+ rc-update -q add mount= -ro shutdown
+ rc-update -q add killp= rocs shutdown
+ rc-update -q add savec= ache shutdown
+ rc-update -q add crond= default
+ mkdir -p /boot/efi/loa= der/entries
+ cat
+ ls -la /boot/efi/EFI/L= inux/
total 11416
drwxr-xr-x 2 root root 4096 Nov 23 13:20 .
drwxr-xr-x 3 root root 4096 Nov 23 13:20 ..
-rwxr-xr-x 1 root root 11680190 Nov 23 13:20 bootx64.efi
+ cp alpine.img /home/bo= ojum/Documents/zzz/alpine-image-bootstrap/out/
+ cleanup
+ set +o errexit
+ '[' -n /dev/lo= op1 ']'
+ losetup -d /dev/loop1<= /div>
+ '[' -n /home/b= oojum/Documents/zzz/alpine-image-bootstrap/tmp/tmp.u5KuNSSdie/mount ']&= #39;
+ mountpoint -q /home/bo= ojum/Documents/zzz/alpine-image-bootstrap/tmp/tmp.u5KuNSSdie/mount
+ umount --recursive /ho= me/boojum/Documents/zzz/alpine-image-bootstrap/tmp/tmp.u5KuNSSdie/mount
+ '[' -n /home/b= oojum/Documents/zzz/alpine-image-bootstrap/tmp/tmp.u5KuNSSdie ']'
+ rm -rf /home/boojum/Do= cuments/zzz/alpine-image-bootstrap/tmp/tmp.u5KuNSSdie
--000000000000f67c6a0627bd7280--