-
Notifications
You must be signed in to change notification settings - Fork 39
SINIT Module Integration
New hardware generations require integration of new SINIT modules. These modules can be obtained from the Intel Developer Zone https://software.intel.com/en-us/articles/intel-trusted-execution-technology
If the SINIT module is not in the upstream OpenXT mirror, create a local mirror and reconfigure the OPENXT_MIRROR in the build config (.config) to point to the mirror containing the ACM archive. This is where the module will be downloaded from during the build process.
Edit the script to add the shorthand ACM file to the ACM_LIST variable. This ensures that the ACMs are in place for the installer ISO as well as the netboot target.
ACM_LIST="ivb_snb.acm gm45.acm duali.acm quadi.acm q35.acm q45q43.acm xeon56.acm xeone7.acm hsw.acm bdw.acm"
Edit the recipe to perform the download. This will require the relative URI from the OPENXT_MIRROR used for building, the MD5 hash of the source file, SHA256 hash of the source file, the MD5 hash of the license file from the ACM source bundle, and the shorthand name for the ACM.
For the SRC_URI, add the hashes for the new ACM archive.
SRC_URI[bdw.md5sum] = "f40771addcb12c82b44c2ad53dbbe994"
SRC_URI[bdw.sha256sum] = "3057efadd6bcf9ddf192c6aa027cc28e07ae6997a5c0037ef1fa09e8938893f0"
In the LIC_FILES_CHKSUM, ass the MD5 hash for the ACM archive and encapsulated license file
file://4th_gen_i5_i7-SINIT_75/license.txt;md5=a879c484244808a2202d65166a2f3f72 \
Add the SRC_URI to the ACM archive with shorthand name
${OPENXT_MIRROR}/5th_gen_i5_i7-SINIT_79.zip;name=bdw \
Add the ACM to be copied from it's source SINIT BIN to the shorthand in the deployment directory. This is done in the do_rootfs_append() step.
cp ${IMAGE_ROOTFS}/boot/5th_gen_i5_i7_SINIT_79.BIN ${DEPLOY_DIR_IMAGE}/bdw.acm
Add the ACM to be loaded by the GRUB for the installed system as part of multiboot. This needs to be done for each boot entry.
module /boot/5th_gen_i5_i7-SINIT_79.BIN
Add the shorthand ACM to be loaded by SYSLINUX from the installer ISO at the end of each append line. This needs to be done for each boot entry.
append tboot.gz bypass_inv_err=1 min_ram=0x2000000 ehci_handoff=true loglvl=all serial=115200/921600,8n1,magic logging=serial,memory --- xen.gz console=com1 max_dom0_vcpus=1 com1=115200,8n1,pci --- vmlinuz quiet root=/dev/ram rw start_install=new eject_cdrom=1 answerfile=/install/answers/default.ans console=hvc0 console=/dev/tty2 selinux=0 --- rootfs.gz --- gm45.acm --- q35.acm --- q45q43.acm --- duali.acm --- quadi.acm --- ivb_snb.acm --- xeon56.acm --- xeone7.acm --- hsw.acm --- bdw.acm
Add the shorthand ACM to be loaded by SYSLINUX/PXELINUX from the netboot target at the end of each append line. This needs to be done for each boot entry.
append @TFTP_PATH@/tboot.gz bypass_inv_err=1 min_ram=0x2000000 ehci_handoff=true loglvl=all serial=115200/921600,8n1,magic logging=serial,memory --- @TFTP_PATH@/xen.gz console=com1,vga max_dom0_vcpus=1 com1=115200,8n1,pci --- @TFTP_PATH@/vmlinuz quiet selinux=0 console=hvc0 root=/dev/ram rw start_install answerfile=tftp://dhcp/@TFTP_PATH@/network.ans --- @TFTP_PATH@/rootfs.gz --- @TFTP_PATH@/gm45.acm --- @TFTP_PATH@/q35.acm --- @TFTP_PATH@/q45q43.acm --- @TFTP_PATH@/duali.acm --- @TFTP_PATH@/quadi.acm --- @TFTP_PATH@/ivb_snb.acm --- @TFTP_PATH@/xeon56.acm --- @TFTP_PATH@/xeone7.acm --- @TFTP_PATH@/hsw.acm --- @TFTP_PATH@/bdw.acm