diff options
author | Jan Janssen <medhefgo@web.de> | 2023-01-10 16:00:49 +0100 |
---|---|---|
committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2023-01-11 17:58:46 +0100 |
commit | e069c57f0616d39363d36ac7f9c3e6ec8be01ab1 (patch) | |
tree | d6abb8acf750d91f9b447068b1ade770d76ee654 /man/systemd-stub.xml | |
parent | 2aba77057e55a1082296c10f61e19d8c5e1eb1f7 (diff) | |
download | systemd-e069c57f0616d39363d36ac7f9c3e6ec8be01ab1.tar.gz |
man: Use ukify instead of objcopy in examples
These hardcoded VMA section offsets are a terrible thing and should
vanish from earth.
Diffstat (limited to 'man/systemd-stub.xml')
-rw-r--r-- | man/systemd-stub.xml | 44 |
1 files changed, 3 insertions, 41 deletions
diff --git a/man/systemd-stub.xml b/man/systemd-stub.xml index fcb0c24ce8..c230168780 100644 --- a/man/systemd-stub.xml +++ b/man/systemd-stub.xml @@ -382,45 +382,8 @@ <refsect1> <title>Assembling Kernel Images</title> - <para>In order to assemble an UEFI PE kernel image from various components as described above, use an - <citerefentry project='man-pages'><refentrytitle>objcopy</refentrytitle><manvolnum>1</manvolnum></citerefentry> command line - like this:</para> - - <programlisting>objcopy \ - --add-section .osrel=os-release --change-section-vma .osrel=0x20000 \ - --add-section .cmdline=cmdline.txt --change-section-vma .cmdline=0x30000 \ - --add-section .dtb=devicetree.dtb --change-section-vma .dtb=0x40000 \ - --add-section .splash=splash.bmp --change-section-vma .splash=0x100000 \ - --add-section .linux=vmlinux --change-section-vma .linux=0x2000000 \ - --add-section .initrd=initrd.cpio --change-section-vma .initrd=0x3000000 \ - /usr/lib/systemd/boot/efi/linuxx64.efi.stub \ - foo-unsigned.efi</programlisting> - - <para>Note that these PE section offsets are example values and a properly assembled image must not - contain any overlapping sections (this includes already existing sections inside the stub before - assembly) or boot may fail.</para> - - <para>This generates one PE executable file <filename>foo-unsigned.efi</filename> from the six individual - files for OS release information, kernel command line, boot splash image, kernel image, main initrd and - UEFI boot stub.</para> - - <para>To then sign the resulting image for UEFI SecureBoot use an - <citerefentry project='archlinux'><refentrytitle>sbsign</refentrytitle><manvolnum>1</manvolnum></citerefentry> command like - the following:</para> - - <programlisting>sbsign \ - --key mykey.pem \ - --cert mykey.crt \ - --output foo.efi \ - foo-unsigned.efi</programlisting> - - <para>This expects a pair of X.509 private key and certificate as parameters and then signs the UEFI PE - executable we generated above for UEFI SecureBoot and generates a signed UEFI PE executable as - result.</para> - - <para>See - <citerefentry><refentrytitle>systemd-measure</refentrytitle><manvolnum>1</manvolnum></citerefentry> for - an example involving the <literal>.pcrsig</literal> and <literal>.pcrpkey</literal> sections.</para> + <para>In order to assemble a bootable Unified Kernel Image from various components as described above, use + <citerefentry><refentrytitle>ukify</refentrytitle><manvolnum>1</manvolnum></citerefentry>.</para> </refsect1> <refsect1> @@ -432,8 +395,7 @@ <citerefentry><refentrytitle>systemd-sysext</refentrytitle><manvolnum>8</manvolnum></citerefentry>, <ulink url="https://uapi-group.org/specifications/specs/boot_loader_specification">Boot Loader Specification</ulink>, <ulink url="https://systemd.io/BOOT_LOADER_INTERFACE">Boot Loader Interface</ulink>, - <citerefentry project='man-pages'><refentrytitle>objcopy</refentrytitle><manvolnum>1</manvolnum></citerefentry>, - <citerefentry project='archlinux'><refentrytitle>sbsign</refentrytitle><manvolnum>1</manvolnum></citerefentry>, + <citerefentry><refentrytitle>ukify</refentrytitle><manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>systemd-measure</refentrytitle><manvolnum>1</manvolnum></citerefentry> </para> </refsect1> |