fix: UEFI booting (#1)

2024-02-02 17:07:44 +01:00 · 2024-02-02 17:07:44 +01:00 · c9f2231b55
commit c9f2231b55
parent 6b8eaa4eb1
8 changed files with 108 additions and 142 deletions
--- a/.github/workflows/check.yml
+++ b/.github/workflows/check.yml
@ -20,5 +20,5 @@ jobs:
        uses: hadolint/hadolint-action@v3.1.0
        with:
          dockerfile: Dockerfile
-          ignore: DL3008,DL3003
+          ignore: DL3008,DL3003,DL3035,DL3059
          failure-threshold: warning
--- a/3
+++ b/3
@ -8,10 +8,10 @@ RUN apt-get update \
    && apt-get --no-install-recommends -y install \
        tini \
        wget \
-        ovmf \
        nginx \
        swtpm \
        procps \
+        seabios \        
        iptables \
        iproute2 \
        apt-utils \
@ -21,6 +21,7 @@ RUN apt-get update \
        ca-certificates \
        netcat-openbsd \
        qemu-system-arm \
+        qemu-efi-aarch64 \
    && apt-get clean \
    && novnc="1.4.0" \
    && mkdir -p /usr/share/novnc \
--- a/readme.md
+++ b/readme.md
@ -97,27 +97,13 @@ docker run -it --rm -e "BOOT=http://example.com/image.iso" -p 8006:8006 --device

  Replace the example path `/var/qemu` with the desired storage folder.

-* ### How do I boot Windows?
+* ### How do I boot a x86 image?

-  To enable Windows booting, add the following line to your compose file:
+  You can use [qemu-docker](https://github.com/qemus/qemu-docker/) to run x86 and x64 images on ARM.

-  ```yaml
-  environment:
-    BOOT_MODE: "windows"
-  ```
+* ### How do I boot a local image?

-  But you might want to give [dockur/windows](https://github.com/dockur/windows) a try instead, as it includes all the drivers required during installation and many other features.
-
-* ### How do I verify if my system supports KVM?
-
-  To verify if your system supports KVM, run the following commands:
-
-  ```bash
-  sudo apt install cpu-checker
-  sudo kvm-ok
-  ```
-
-  If you receive an error from `kvm-ok` indicating that KVM acceleration can't be used, check the virtualization settings in the BIOS.
+  To skip the download, rename your image to `boot.iso` and place it in an empty `/storage` folder.

 * ### How do I assign an individual IP address to the container?

@ -196,18 +182,16 @@ docker run -it --rm -e "BOOT=http://example.com/image.iso" -p 8006:8006 --device
    - /dev/bus/usb
  ```

-* ### How do I boot with UEFI?
+* ### How do I verify if my system supports KVM?

-  To enable UEFI booting, add the following line to your compose file:
+  To verify if your system supports KVM, run the following commands:

-  ```yaml
-  environment:
-    BOOT_MODE: "uefi"
+  ```bash
+  sudo apt install cpu-checker
+  sudo kvm-ok
  ```

-* ### How do I boot a local image?
-
-  To skip the download, rename your image to `boot.iso` and place it in an empty `/storage` folder.
+  If you receive an error from `kvm-ok` indicating that KVM acceleration can't be used, check the virtualization settings in the BIOS.

 * ### How do I provide custom arguments to QEMU?

@ -218,10 +202,6 @@ docker run -it --rm -e "BOOT=http://example.com/image.iso" -p 8006:8006 --device
    ARGUMENTS: "-device usb-tablet"
  ```

-* ### How do I run a x86 or x64 machine?
-
-  You can use [qemu-docker](https://github.com/qemus/qemu-docker/) to run x86 and x64 machines on ARM. 
-
 [build_url]: https://github.com/qemus/qemu-arm/
 [hub_url]: https://hub.docker.com/r/qemux/qemu-arm/
 [tag_url]: https://hub.docker.com/r/qemux/qemu-arm/tags
--- a/src/boot.sh
+++ b/src/boot.sh
@ -3,50 +3,52 @@ set -Eeuo pipefail

 # Docker environment variables
 : "${TPM:="Y"}"                 # Enable TPM
-: "${BOOT_MODE:="legacy"}"  # Boot mode
+: "${BIOS:=""}"                 # Bios file
+: "${BOOT_MODE:="uefi"}"        # Boot mode

 SECURE=""
-BOOT_OPTS=""
+DIR="/usr/share/qemu"
+BOOT_OPTS="-device ramfb"

 case "${BOOT_MODE,,}" in
  uefi)
-    ROM="OVMF_CODE_4M.fd"
-    VARS="OVMF_VARS_4M.fd"
+    ROM="AAVMF_CODE.fd"
+    VARS="AAVMF_VARS.fd"
    ;;
  secure)
-    ROM="OVMF_CODE_4M.secboot.fd"
-    VARS="OVMF_VARS_4M.secboot.fd"
+    ROM="AAVMF_CODE.fd"
+    VARS="AAVMF_VARS.fd"
    ;;
  windows)
-    ROM="OVMF_CODE_4M.ms.fd"
-    VARS="OVMF_VARS_4M.ms.fd"
-    ;;
-  windows_legacy)
-    USB="usb-ehci,id=ehci"
-    BOOT_OPTS=""
-    ;;
-  legacy)
-    BOOT_OPTS=""
+    ROM="AAVMF_CODE.ms.fd"
+    VARS="AAVMF_VARS.ms.fd"
    ;;
  *)
-    info "Unknown boot mode '${BOOT_MODE}', defaulting to 'legacy'"
-    BOOT_MODE="legacy"    
+    info "Unknown boot mode '${BOOT_MODE}', defaulting to 'uefi'"
+    BOOT_MODE="uefi"
+    ROM="AAVMF_CODE.fd"
+    VARS="AAVMF_VARS.fd"
    ;;
 esac

-if [[ "${BOOT_MODE,,}" != "legacy" ]] && [[ "${BOOT_MODE,,}" != "windows_legacy" ]]; then
+if [ -n "$BIOS" ]; then

-  OVMF="/usr/share/OVMF"
+  BOOT_OPTS="$BOOT_OPTS -bios $DIR/$BIOS"
+  return 0
+
+fi
+
+AAVMF="/usr/share/AAVMF/"
 DEST="$STORAGE/${BOOT_MODE,,}"

 if [ ! -f "$DEST.rom" ]; then
-    [ ! -f "$OVMF/$ROM" ] && error "UEFI boot file ($OVMF/$ROM) not found!" && exit 44
-    cp "$OVMF/$ROM" "$DEST.rom"
+  [ ! -f "$AAVMF/$ROM" ] && error "UEFI boot file ($AAVMF/$ROM) not found!" && exit 44
+  cp "$AAVMF/$ROM" "$DEST.rom"
 fi

 if [ ! -f "$DEST.vars" ]; then
-    [ ! -f "$OVMF/$VARS" ] && error "UEFI vars file ($OVMF/$VARS) not found!" && exit 45
-    cp "$OVMF/$VARS" "$DEST.vars"
+  [ ! -f "$AAVMF/$VARS" ] && error "UEFI vars file ($AAVMF/$VARS) not found!" && exit 45
+  cp "$AAVMF/$VARS" "$DEST.vars"
 fi

 if [[ "${BOOT_MODE,,}" != "uefi" ]]; then
@ -95,6 +97,4 @@ if [[ "${BOOT_MODE,,}" != "legacy" ]] && [[ "${BOOT_MODE,,}" != "windows_legacy"
  fi
 fi

-fi
-
 return 0
--- a/src/config.sh
+++ b/src/config.sh
@ -8,10 +8,10 @@ set -Eeuo pipefail
 DEF_OPTS="-nodefaults"
 SERIAL_OPTS="-serial $SERIAL"
 MON_OPTS="-monitor $MONITOR"
-USB_OPTS="-device $USB -device usb-tablet"
+USB_OPTS="-device $USB -device usb-kbd -device usb-tablet"
 RAM_OPTS=$(echo "-m $RAM_SIZE" | sed 's/MB/M/g;s/GB/G/g;s/TB/T/g')
 CPU_OPTS="-cpu $CPU_FLAGS -smp $CPU_CORES,sockets=1,dies=1,cores=$CPU_CORES,threads=1"
-MAC_OPTS="-machine type=${MACHINE}${SECURE},graphics=off,vmport=off,dump-guest-core=off,hpet=off${KVM_OPTS}"
+MAC_OPTS="-machine type=${MACHINE}${SECURE},graphics=off,dump-guest-core=off,${KVM_OPTS}"
 DEV_OPTS="-device virtio-balloon-pci,id=balloon0,bus=pcie.0,addr=0x4"
 DEV_OPTS="$DEV_OPTS -object rng-random,id=objrng0,filename=/dev/urandom"
 DEV_OPTS="$DEV_OPTS -device virtio-rng-pci,rng=objrng0,id=rng0,bus=pcie.0,addr=0x1c"
--- a/src/disk.sh
+++ b/src/disk.sh
@ -15,20 +15,14 @@ BOOT="$STORAGE/$BASE"

 DISK_OPTS="-object iothread,id=io2"
 DISK_OPTS="$DISK_OPTS -drive id=cdrom0,media=cdrom,if=none,format=raw,readonly=on,file=$BOOT"
-
-if [[ "${MACHINE,,}" != "pc-q35-2"* ]]; then
 DISK_OPTS="$DISK_OPTS -device virtio-scsi-pci,id=scsi0,iothread=io2,addr=0x5"
 DISK_OPTS="$DISK_OPTS -device scsi-cd,bus=scsi0.0,drive=cdrom0,bootindex=$BOOT_INDEX"
-else
-  DISK_OPTS="$DISK_OPTS -device ide-cd,drive=cdrom0,bootindex=$BOOT_INDEX"
-fi

 DRIVERS="$STORAGE/drivers.iso"
 [ ! -f "$DRIVERS" ] && DRIVERS="/run/drivers.iso"

-if [ -f "$DRIVERS" ] && [[ "${MACHINE,,}" != "pc-q35-2"* ]]; then
-  DISK_OPTS="$DISK_OPTS -drive id=cdrom1,media=cdrom,if=none,format=raw,readonly=on,file=$DRIVERS"
-  DISK_OPTS="$DISK_OPTS -device ide-cd,drive=cdrom1"
+if [ -f "$DRIVERS" ]; then
+  DISK_OPTS="$DISK_OPTS -drive id=cdrom1,media=cdrom,if=none,format=raw,readonly=on,file=$DRIVERS -device usb-storage,drive=cdrom1"
 fi

 fmt2ext() {
@ -357,18 +351,10 @@ createDevice () {

  local result="-drive file=$DISK_FILE,if=none,id=drive-$DISK_ID,format=$DISK_FMT,cache=$DISK_CACHE,aio=$DISK_IO,discard=$DISK_DISCARD,detect-zeroes=on"

-  if [[ "${MACHINE,,}" == "pc-q35-2"* ]]; then
-
-    result="$result -device virtio-blk-pci,scsi=off,bus=pcie.0,addr=$DISK_ADDRESS,drive=drive-$DISK_ID,id=$DISK_ID,iothread=io2,bootindex=$DISK_INDEX"
-
-  else
-
  result="$result \
    -device virtio-scsi-pci,id=hw-$DISK_ID,iothread=io2,bus=pcie.0,addr=$DISK_ADDRESS \
    -device scsi-hd,bus=hw-$DISK_ID.0,channel=0,scsi-id=0,lun=0,drive=drive-$DISK_ID,id=$DISK_ID,rotation_rate=$DISK_ROTATION,bootindex=$DISK_INDEX"

-  fi
-
  echo "$result"
  return 0
 }
--- a/src/display.sh
+++ b/src/display.sh
@ -3,22 +3,21 @@ set -Eeuo pipefail

 # Docker environment variables

-: "${GPU:="N"}"         # GPU passthrough
-: "${VGA:="virtio"}"    # VGA adaptor
-: "${DISPLAY:="web"}"   # Display type
+: "${DISPLAY:="web"}"           # Display
+: "${VGA:="virtio-gpu"}"        # GPU model

 case "${DISPLAY,,}" in
  vnc)
-    DISPLAY_OPTS="-display vnc=:0 -vga $VGA"
+    DISPLAY_OPTS="-display vnc=:0 -device $VGA"
    ;;
  web)
-    DISPLAY_OPTS="-display vnc=:0,websocket=5700 -vga $VGA"
+    DISPLAY_OPTS="-display vnc=:0,websocket=5700 -device $VGA"
    ;;
  none)
-    DISPLAY_OPTS="-display none -vga none"
+    DISPLAY_OPTS="-display none"
    ;;
  *)
-    DISPLAY_OPTS="-display $DISPLAY -vga $VGA"
+    DISPLAY_OPTS="-display $DISPLAY -device $VGA"
    ;;
 esac

--- a/src/proc.sh
+++ b/src/proc.sh
@ -33,9 +33,9 @@ fi
 if [[ "$KVM" != [Nn]* ]]; then

  CPU_FEATURES="kvm=on"
-  KVM_OPTS=",accel=kvm -enable-kvm"
+  KVM_OPTS=",accel=kvm,virtualization=true -enable-kvm"

-  if [[ "${BOOT_MODE,,}" == "windows" ]] || [[ "${BOOT_MODE,,}" == "windows_legacy" ]]; then
+  if [[ "${BOOT_MODE,,}" == "windows" ]]; then

    CPU_FEATURES="kvm=on,+hypervisor,+invtsc,l3-cache=on,migratable=no,hv_passthrough"