Add secureboot support

Update Talos v1.9.1
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
2026-02-03 07:26:06 +00:00 · 2025-01-03 00:53:12 +01:00 · 2024-12-31 17:36:31 +01:00
8 changed files with 42 additions and 32 deletions
--- a/hack/e2e.sh
+++ b/hack/e2e.sh
@@ -113,8 +113,6 @@ machine:
        - usermode_helper=disabled
    - name: zfs
    - name: spl
  install:
    image: ghcr.io/aenix-io/cozystack/talos:v1.8.4
  files:
  - content: |
      [plugins]
--- a/packages/core/installer/Makefile
+++ b/packages/core/installer/Makefile
@@ -38,8 +38,8 @@ image-cozystack:
 	rm -f images/cozystack.json
 image-talos:
-	test -f ../../../_out/assets/installer-amd64.tar || make talos-installer
+	test -f ../../../_out/assets/installer-amd64-secureboot.tar || make talos-installer
-	docker load -i ../../../_out/assets/installer-amd64.tar
+	docker load -i ../../../_out/assets/installer-amd64-secureboot.tar
 	docker tag ghcr.io/siderolabs/installer:$(TALOS_VERSION) $(REGISTRY)/talos:$(call settag,$(TALOS_VERSION))
 	docker push $(REGISTRY)/talos:$(call settag,$(TALOS_VERSION))
@@ -59,8 +59,17 @@ image-matchbox:
 assets: talos-iso talos-nocloud talos-metal
-talos-initramfs talos-kernel talos-installer talos-iso talos-nocloud talos-metal:
+talos-initramfs talos-kernel talos-installer talos-iso talos-nocloud talos-metal: secureboot-keys
 	mkdir -p ../../../_out/assets
 	docker rm -f talos-imager 2>/dev/null || true 
 	docker run -d --rm --name talos-imager --privileged -v /dev:/dev --entrypoint=/bin/sleep "ghcr.io/siderolabs/imager:$(TALOS_VERSION)" infinity
 	docker cp ../../../_out/secureboot talos-imager:/secureboot && \
 	cat images/talos/profiles/$(subst talos-,,$@).yaml | \
-		docker run --rm -i -v /dev:/dev --privileged "ghcr.io/siderolabs/imager:$(TALOS_VERSION)" --tar-to-stdout - | \
+		docker exec -i talos-imager /bin/imager --tar-to-stdout - | \
-		tar -C ../../../_out/assets -xzf-
+		tar -C ../../../_out/assets -xzf- ; \
 	docker rm -f talos-imager
 secureboot-keys:
 	test -d ../../../_out/secureboot || ( \
 	talosctl gen secureboot uki --common-name "SecureBoot Key" -o ../../../_out/secureboot/ && \
 	talosctl gen secureboot pcr -o ../../../_out/secureboot/ )
--- a/packages/core/installer/images/talos/profiles/initramfs.yaml
+++ b/packages/core/installer/images/talos/profiles/initramfs.yaml
@@ -3,14 +3,14 @@
 arch: amd64
 platform: metal
 secureboot: false
-version: v1.8.4
+version: v1.9.1
 input:
  kernel:
    path: /usr/install/amd64/vmlinuz
  initramfs:
    path: /usr/install/amd64/initramfs.xz
  baseInstaller:
-    imageRef: ghcr.io/siderolabs/installer:v1.8.4
+    imageRef: ghcr.io/siderolabs/installer:v1.9.1
  systemExtensions:
    - imageRef: ghcr.io/siderolabs/amd-ucode:20241210
    - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20241110
@@ -19,8 +19,8 @@ input:
    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20241210
    - imageRef: ghcr.io/siderolabs/intel-ucode:20241112
    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20241210
-    - imageRef: ghcr.io/siderolabs/drbd:9.2.11-v1.8.4
+    - imageRef: ghcr.io/siderolabs/drbd:9.2.12-v1.9.1
-    - imageRef: ghcr.io/siderolabs/zfs:2.2.6-v1.8.4
+    - imageRef: ghcr.io/kvaps/talos/zfs:2.2.7-v1.9.1-2-gc043c0a
 output:
  kind: initramfs
  imageOptions: {}
--- a/packages/core/installer/images/talos/profiles/installer.yaml
+++ b/packages/core/installer/images/talos/profiles/installer.yaml
@@ -2,15 +2,15 @@
 # do not edit it
 arch: amd64
 platform: metal
-secureboot: false
+version: v1.9.1
-version: v1.8.4
+secureboot: true
 input:
  kernel:
    path: /usr/install/amd64/vmlinuz
  initramfs:
    path: /usr/install/amd64/initramfs.xz
  baseInstaller:
-    imageRef: ghcr.io/siderolabs/installer:v1.8.4
+    imageRef: ghcr.io/siderolabs/installer:v1.9.1
  systemExtensions:
    - imageRef: ghcr.io/siderolabs/amd-ucode:20241210
    - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20241110
@@ -19,9 +19,12 @@ input:
    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20241210
    - imageRef: ghcr.io/siderolabs/intel-ucode:20241112
    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20241210
-    - imageRef: ghcr.io/siderolabs/drbd:9.2.11-v1.8.4
+    - imageRef: ghcr.io/siderolabs/drbd:9.2.12-v1.9.1
-    - imageRef: ghcr.io/siderolabs/zfs:2.2.6-v1.8.4
+    - imageRef: ghcr.io/kvaps/talos/zfs:2.2.7-v1.9.1-2-gc043c0a
 output:
  kind: installer
  imageOptions: {}
  outFormat: raw
 customization:
  extraKernelArgs:
  - -selinux
--- a/packages/core/installer/images/talos/profiles/iso.yaml
+++ b/packages/core/installer/images/talos/profiles/iso.yaml
@@ -3,14 +3,14 @@
 arch: amd64
 platform: metal
 secureboot: false
-version: v1.8.4
+version: v1.9.1
 input:
  kernel:
    path: /usr/install/amd64/vmlinuz
  initramfs:
    path: /usr/install/amd64/initramfs.xz
  baseInstaller:
-    imageRef: ghcr.io/siderolabs/installer:v1.8.4
+    imageRef: ghcr.io/siderolabs/installer:v1.9.1
  systemExtensions:
    - imageRef: ghcr.io/siderolabs/amd-ucode:20241210
    - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20241110
@@ -19,8 +19,8 @@ input:
    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20241210
    - imageRef: ghcr.io/siderolabs/intel-ucode:20241112
    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20241210
-    - imageRef: ghcr.io/siderolabs/drbd:9.2.11-v1.8.4
+    - imageRef: ghcr.io/siderolabs/drbd:9.2.12-v1.9.1
-    - imageRef: ghcr.io/siderolabs/zfs:2.2.6-v1.8.4
+    - imageRef: ghcr.io/kvaps/talos/zfs:2.2.7-v1.9.1-2-gc043c0a
 output:
  kind: iso
  imageOptions: {}
--- a/packages/core/installer/images/talos/profiles/kernel.yaml
+++ b/packages/core/installer/images/talos/profiles/kernel.yaml
@@ -3,14 +3,14 @@
 arch: amd64
 platform: metal
 secureboot: false
-version: v1.8.4
+version: v1.9.1
 input:
  kernel:
    path: /usr/install/amd64/vmlinuz
  initramfs:
    path: /usr/install/amd64/initramfs.xz
  baseInstaller:
-    imageRef: ghcr.io/siderolabs/installer:v1.8.4
+    imageRef: ghcr.io/siderolabs/installer:v1.9.1
  systemExtensions:
    - imageRef: ghcr.io/siderolabs/amd-ucode:20241210
    - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20241110
@@ -19,8 +19,8 @@ input:
    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20241210
    - imageRef: ghcr.io/siderolabs/intel-ucode:20241112
    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20241210
-    - imageRef: ghcr.io/siderolabs/drbd:9.2.11-v1.8.4
+    - imageRef: ghcr.io/siderolabs/drbd:9.2.12-v1.9.1
-    - imageRef: ghcr.io/siderolabs/zfs:2.2.6-v1.8.4
+    - imageRef: ghcr.io/kvaps/talos/zfs:2.2.7-v1.9.1-2-gc043c0a
 output:
  kind: kernel
  imageOptions: {}
--- a/packages/core/installer/images/talos/profiles/metal.yaml
+++ b/packages/core/installer/images/talos/profiles/metal.yaml
@@ -3,14 +3,14 @@
 arch: amd64
 platform: metal
 secureboot: false
-version: v1.8.4
+version: v1.9.1
 input:
  kernel:
    path: /usr/install/amd64/vmlinuz
  initramfs:
    path: /usr/install/amd64/initramfs.xz
  baseInstaller:
-    imageRef: ghcr.io/siderolabs/installer:v1.8.4
+    imageRef: ghcr.io/siderolabs/installer:v1.9.1
  systemExtensions:
    - imageRef: ghcr.io/siderolabs/amd-ucode:20241210
    - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20241110
@@ -19,8 +19,8 @@ input:
    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20241210
    - imageRef: ghcr.io/siderolabs/intel-ucode:20241112
    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20241210
-    - imageRef: ghcr.io/siderolabs/drbd:9.2.11-v1.8.4
+    - imageRef: ghcr.io/siderolabs/drbd:9.2.12-v1.9.1
-    - imageRef: ghcr.io/siderolabs/zfs:2.2.6-v1.8.4
+    - imageRef: ghcr.io/kvaps/talos/zfs:2.2.7-v1.9.1-2-gc043c0a
 output:
  kind: image
  imageOptions: { diskSize: 1306525696, diskFormat: raw }
--- a/packages/core/installer/images/talos/profiles/nocloud.yaml
+++ b/packages/core/installer/images/talos/profiles/nocloud.yaml
@@ -3,14 +3,14 @@
 arch: amd64
 platform: nocloud
 secureboot: false
-version: v1.8.4
+version: v1.9.1
 input:
  kernel:
    path: /usr/install/amd64/vmlinuz
  initramfs:
    path: /usr/install/amd64/initramfs.xz
  baseInstaller:
-    imageRef: ghcr.io/siderolabs/installer:v1.8.4
+    imageRef: ghcr.io/siderolabs/installer:v1.9.1
  systemExtensions:
    - imageRef: ghcr.io/siderolabs/amd-ucode:20241210
    - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20241110
@@ -19,8 +19,8 @@ input:
    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20241210
    - imageRef: ghcr.io/siderolabs/intel-ucode:20241112
    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20241210
-    - imageRef: ghcr.io/siderolabs/drbd:9.2.11-v1.8.4
+    - imageRef: ghcr.io/siderolabs/drbd:9.2.12-v1.9.1
-    - imageRef: ghcr.io/siderolabs/zfs:2.2.6-v1.8.4
+    - imageRef: ghcr.io/kvaps/talos/zfs:2.2.7-v1.9.1-2-gc043c0a
 output:
  kind: image
  imageOptions: { diskSize: 1306525696, diskFormat: raw }
Author	SHA1	Message	Date
Andrei Kvapil	942b636f68	Add secureboot support	2025-01-03 00:53:12 +01:00
Andrei Kvapil	c6edf6cb9e	Update Talos v1.9.1 Signed-off-by: Andrei Kvapil <kvapss@gmail.com>	2024-12-31 17:36:31 +01:00