docs: add cloud VM caveats for ESP packaging and QEMU testing#203
docs: add cloud VM caveats for ESP packaging and QEMU testing#203
Conversation
Co-authored-by: P4x-ng <P4X-ng@users.noreply.github.com>
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request updates the documentation for agents to include specific instructions for cloud VM environments, such as handling vfat mount limitations and additional system dependencies. The review feedback suggests clarifying the manual build steps using mtools, refining the description of the uuid-runtime requirement, and removing redundant information regarding QEMU test success criteria.
| - `pf` (the task runner) is NOT a pip package. It is cloned from `https://github.com/P4X-ng/pf-runner` and the `pf-cli-base/pf_parser.py` file is installed as `~/.local/bin/pf` with shebang `#!/usr/bin/env python3`. It requires `fabric` and `lark` pip packages. | ||
| - `$HOME/.local/bin` must be on `PATH` for pip-installed scripts and the `pf` runner to work. | ||
| - The cloud VM does not have `/dev/kvm`, so QEMU tests must omit `-enable-kvm` and `-cpu host`. | ||
| - The cloud VM kernel does not support `vfat` mounts, so `pf build-package-esp` and `pf test-qemu` fail out-of-the-box. Build the ESP image manually using `mtools` (`mmd`, `mcopy`) instead of `mount`. See the build steps used during initial setup for the exact recipe. |
There was a problem hiding this comment.
The reference to 'build steps used during initial setup' is vague and not actionable for future contributors who were not part of that process. It is better to describe the approach or provide a generic example of using mtools to avoid the vfat mount requirement.
| - The cloud VM kernel does not support `vfat` mounts, so `pf build-package-esp` and `pf test-qemu` fail out-of-the-box. Build the ESP image manually using `mtools` (`mmd`, `mcopy`) instead of `mount`. See the build steps used during initial setup for the exact recipe. | |
| - The cloud VM kernel does not support vfat mounts, so pf build-package-esp and pf test-qemu fail out-of-the-box. In these environments, the ESP image must be created and populated using mtools (e.g., mformat, mmd, mcopy) instead of the mount command. |
| - `$HOME/.local/bin` must be on `PATH` for pip-installed scripts and the `pf` runner to work. | ||
| - The cloud VM does not have `/dev/kvm`, so QEMU tests must omit `-enable-kvm` and `-cpu host`. | ||
| - The cloud VM kernel does not support `vfat` mounts, so `pf build-package-esp` and `pf test-qemu` fail out-of-the-box. Build the ESP image manually using `mtools` (`mmd`, `mcopy`) instead of `mount`. See the build steps used during initial setup for the exact recipe. | ||
| - `uuid-runtime` (provides `uuidgen`) must be installed for `pf secure-make-auth` to work. Add it alongside the other system packages listed above. |
There was a problem hiding this comment.
It is better to maintain a single source of truth for system dependencies. Instead of adding a note here to 'Add it alongside the other system packages', the main list in the 'System dependencies' section (line 25) should be updated to include uuid-runtime. Since line 25 is not in this diff, this note should at least be made more concise.
| - `uuid-runtime` (provides `uuidgen`) must be installed for `pf secure-make-auth` to work. Add it alongside the other system packages listed above. | |
| - uuid-runtime (provides uuidgen) is required for pf secure-make-auth to generate unique identifiers for SecureBoot variables. |
| - The cloud VM does not have `/dev/kvm`, so QEMU tests must omit `-enable-kvm` and `-cpu host`. | ||
| - The cloud VM kernel does not support `vfat` mounts, so `pf build-package-esp` and `pf test-qemu` fail out-of-the-box. Build the ESP image manually using `mtools` (`mmd`, `mcopy`) instead of `mount`. See the build steps used during initial setup for the exact recipe. | ||
| - `uuid-runtime` (provides `uuidgen`) must be installed for `pf secure-make-auth` to work. Add it alongside the other system packages listed above. | ||
| - The QEMU boot test passes when the `PhoenixGuard` string appears in `out/qemu/serial.log`. Attestation failures (`PG-ATTEST=FAIL`) are expected without SecureBoot enrollment. |
There was a problem hiding this comment.
This line duplicates the success criteria already mentioned in the 'QEMU testing' section (line 15). To avoid redundancy, this bullet point should focus specifically on the attestation failure caveat.
| - The QEMU boot test passes when the `PhoenixGuard` string appears in `out/qemu/serial.log`. Attestation failures (`PG-ATTEST=FAIL`) are expected without SecureBoot enrollment. | |
| - Attestation failures (PG-ATTEST=FAIL) in out/qemu/serial.log are expected when running QEMU tests without prior SecureBoot enrollment. |
2 participants
Summary
Adds cloud VM-specific caveats to
docs/AGENTS.mddiscovered during environment setup:vfatmount is unavailable in cloud VMs, requiringmtools(mmd/mcopy) for ESP image creation instead of the defaultmount-based approach inpf build-package-esp.uuid-runtimeas a required system package forpf secure-make-auth.PG-ATTEST=FAILin QEMU test output is expected without SecureBoot enrollment.Environment Setup Verification
All core development tasks were verified:
./pf.py list(task runner)black --check .(lint)flake8 --max-line-length 100 utils/(lint)pytest utils/test_firmware_tools.py(37 tests)QEMU boot serial log showing successful PhoenixGuard boot:
qemu_boot_serial.log
To show artifacts inline, enable in settings.