Add support for uEFI aarch64 images without rpi config as default #135

roxenham · 2025-04-28T18:34:56+02:00

roxenham commented

2025-04-28 18:34:56 +02:00

Previously, the default model for aarch64 raw disk images assumes that
you're deploying on Raspberry Pi, and not standard aarch64 systems. This
meant that all raw disk images were built with RPi firmware, and an MBR
boot record, which made it incompatible with systems that require uEFI/GPT
compatibility, especially with Edge Image Builder and Metal3/CAPI deployment
usage.

This PR introduces the following changes:

Introduces new Default-RPi and Base-RPi profiles for compatibility with RPi users
Forces Base and Base-RT profiles to use GPT based images (not MBR)
Introduces a new Base-RT-RPi profile for kernel-rt on RPi (with MBR)
Removes Raspberry Pi firmware packages from anything other than RPi profiles
Adds a modified editbootinstall_rpi.sh script to support container builds for RPi installs
Adds policycoreutils-python-utils to the list of packages (for semanage)

See: https://bugzilla.suse.com/show_bug.cgi?id=1240619

Previously, the default model for aarch64 raw disk images assumes that you're deploying on Raspberry Pi, and not standard aarch64 systems. This meant that all raw disk images were built with RPi firmware, and an MBR boot record, which made it incompatible with systems that require uEFI/GPT compatibility, especially with Edge Image Builder and Metal3/CAPI deployment usage. This PR introduces the following changes: * Introduces new `Default-RPi` and `Base-RPi` profiles for compatibility with RPi users * Forces `Base` and `Base-RT` profiles to use GPT based images (not MBR) * Introduces a new `Base-RT-RPi` profile for kernel-rt on RPi (with MBR) * Removes Raspberry Pi firmware packages from anything other than RPi profiles * Adds a modified `editbootinstall_rpi.sh` script to support container builds for RPi installs * Adds `policycoreutils-python-utils` to the list of packages (for semanage) See: https://bugzilla.suse.com/show_bug.cgi?id=1240619

roxenham requested review from amorgante 2025-04-28 18:39:56 +02:00

roxenham requested review from fdegirmenci 2025-04-28 18:39:56 +02:00

roxenham requested review from nbelouin 2025-04-28 18:39:56 +02:00

roxenham requested review from steven.hardy 2025-04-28 18:39:56 +02:00

amorgante commented

2025-04-29 10:36:07 +02:00

Testing it in the following scenario:

Edge 388 (x86_64) mgmt cluster -> using the factory PR for metal3
ARM3 baremetal server (aarch64)
Capi standard workflow (without telco stuff due to the NIC issue)
Image provided by Rhys built with the kiwi workaround as a base-image for EIB to build the final image

Testing it in the following scenario: - Edge 388 (x86_64) mgmt cluster -> using the factory PR for metal3 - ARM3 baremetal server (aarch64) - Capi standard workflow (without telco stuff due to the NIC issue) - Image provided by Rhys built with the kiwi workaround as a base-image for EIB to build the final image

amorgante commented

2025-04-29 11:31:10 +02:00

suse@edge388:~$ k get bmh
NAME      STATE         CONSUMER                          ONLINE   ERROR   AGE
sv-arm3   provisioned   test-cluster-controlplane-g5ptg   true             56m

but rke2-install failed due to semanage

``` suse@edge388:~$ k get bmh NAME STATE CONSUMER ONLINE ERROR AGE sv-arm3 provisioned test-cluster-controlplane-g5ptg true 56m ``` but rke2-install failed due to semanage ![image.png](/attachments/d6d7f43c-b035-4174-9fa7-36074a9db660)

image.png

122 KiB

roxenham force-pushed aarch64-uefi from 84784c7b24 to 5252f75133

2025-04-29 12:13:19 +02:00

Compare

roxenham commented

2025-04-29 12:15:48 +02:00

Thanks for checking @amorgante - looks like policycoreutils-python-utils isn't being pulled in by default. I've made sure that this is in the package list alongside the SELinux base pattern. I've tested this locally, but if you could re-check, I'd appreciate it!

Thanks for checking @amorgante - looks like `policycoreutils-python-utils` isn't being pulled in by default. I've made sure that this is in the package list alongside the SELinux base pattern. I've tested this locally, but if you could re-check, I'd appreciate it!

iivanov commented

2025-04-29 12:18:53 +02:00

First-time contributor

Could we have more consistent naming on these, like use "rpi" or "RPi" or "RaspberryPI", just "Pi" sounds unusual. Thanks!

roxenham force-pushed aarch64-uefi from 5252f75133 to 59931bfd44

2025-04-29 12:29:48 +02:00

Compare

roxenham commented

2025-04-29 12:30:02 +02:00

Done @iivanov - thanks for the good suggestion!