pytest: Extend update_kernel to support more features |
|||||
Issue descriptionCurrently update_kernel was made to support "updating a kernel from same branch with minor changes". From few recent issues and requests, we think it will be better if we can support more features, including: - Able to change test partition kernel command line of existing kernel. This is an use case that we may have image built with some special hacks compiled but not enabled, and need to investigate during SOP/mini builds to decide if we should enable the hack or not. - Able to resign release partition kernel with DEV key. This is an use case that we have to ship with DEV-signed firmware because the cycle time of "push firmware change, wait for next full image build, pull firmware from recovery image, upload to BCS, wait for another full build, wait for signer bot to sign the build" to get a PreMP signed firmware takes too much time (8+ hours, and usually days). We want an easy way to resign (make_dev_ssd.sh) release partition if (1) release partition is in dev- channel, and (2) active firmware is DEV- key. - Update test partition kernel, with modules. I'm still not convinced if this is a good idea. Updating modules implies we need to disable rootfs verification (which may create lots of new problems in suspend/resume and reboot tests), disable lsm module locking, also userland programs may not work properly. Usually I'd recommend to just do netboot or reinstall factory test image (kernel + rootfs at the same time) if possible. Unfortunately we still don't have good way to update factory test image yet so it's fine to support this feature if a project really needs to do so. (probably ok to have this implemented, but I'd still highly recommend all projects to go netboot instead. This is known to be buggy - unless you really don't have other better way).
,
Jun 8 2017
5. vbutil_kernel --pack kernel.bin \ --keyblock /usr/share/vboot/devkeys/kernel.keyblock \ --signprivate /usr/share/vboot/devkeys/kernel_data_key.vbprivk \ --version 1 --vmlinuz PATH_TO/boot/vmlinuz --bootloader DUMMY_FILE \ --config CONFIG_FILE --arch x86_64 arch = x86_64, x86, arm, arm64 (?)
,
Jun 9 2017
> - Update test partition kernel, with modules. One issue is that self-built kernels and prebuilt ones usually expect kernel modules to be in different path (i.e. /lib/modules/4.4.X vs /lib/modules/4.4.X-githash), so it's going to be hard to change the kernel without patching the rootfs... Now, if we can add/changes files in rootfs, it'd be great to be able to change others things (I'm thinking audio configuration, touchpad/screen FW, etc.) > Updating modules implies we need to disable rootfs verification (which may create lots of new problems in suspend/resume and reboot tests), disable lsm module locking, also userland programs may not work properly. I wouldn't expect that many issues (we do it all the time during bringup, precisely to be able to update kernel, and cros deploy specific packages), but I'm not familiar with what factory flow/tests expect.
,
Jun 9 2017
> Now, if we can add/changes files in rootfs, it'd be great to be able to change others things (I'm thinking audio configuration, touchpad/screen FW, etc.) That can be patched by adding mount --bind in factory init for a long time. > I wouldn't expect that many issues We did see that failure on many projects, when you start running long time stress tests with reboot. Many ChromeOS processes were designed in the concept that rootfs is read-only. Usually for those projects, they will try to update kernel at the last minute and adjust test plan so run-in can be tested with original kernel. Meanwhile, Stimim mentioned that Gale has also used update_kernel a lot so we are now putting this to supported feature again, since run-in may be not very important in proto or EVT builds.
,
Jun 22 2017
@phoenix, from how we used this in the ongoing build by Duncan, I think it may be more convenient if there's a way to provide "modifying command line" without the need of giving whole command line, for example kernel_config_add and kernel_config_remove or a kernel_config_re_sub (to perform re.sub) What do you think?
,
Jun 22 2017
kernel_config_add and kernel_config_remove sounds good if it's easy to parse. I'll try it.
,
Jul 12 2017
,
Sep 26 2017
ToT update_kernel already have these features.
,
Jan 22 2018
,
Jan 23 2018
|
|||||
►
Sign in to add a comment |
|||||
Comment 1 by hungte@chromium.org
, Jun 8 2017