Skip to content

Commit

Permalink
add an option UKI_INSTALL_ALL_FW to purge extra firmwares from ubuntu…
Browse files Browse the repository at this point in the history
…-uki base image

Signed-off-by: Nianyu Shen <[email protected]>
  • Loading branch information
nianyush committed May 16, 2024
1 parent 36ee9ea commit 667b249
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 0 deletions.
1 change: 1 addition & 0 deletions .arg.template
Original file line number Diff line number Diff line change
Expand Up @@ -22,3 +22,4 @@ CIS_HARDENING=true
# UKI_BRING_YOUR_OWN_KEYS=false # See sb-private-ca/howto.md for instructions on bringing your own certiticates
# INCLUDE_MS_SECUREBOOT_KEYS=true # Adds Microsoft Secure Boot certificates; if you export existing keys from a device, you typically won't need this
# AUTO_ENROLL_SECUREBOOT_KEYS=false # Set to true to automatically enroll certificates on devices in Setup Mode, useful for flashing devices without user interaction
# UKI_INSTALL_ALL_FW=false # Set to false if you don't want to install extra firmware which would increase image size
7 changes: 7 additions & 0 deletions Earthfile
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,7 @@ ARG IS_UKI=false
ARG INCLUDE_MS_SECUREBOOT_KEYS=true
ARG AUTO_ENROLL_SECUREBOOT_KEYS=false
ARG UKI_BRING_YOUR_OWN_KEYS=false
ARG UKI_INSTALL_ALL_FW=true

ARG CMDLINE="stylus.registration"
ARG BRANDING="Palette eXtended Kubernetes Edge"
Expand Down Expand Up @@ -666,6 +667,12 @@ base-image:

RUN rm -rf /var/cache/* && \
apt-get clean
ELSE
IF [ "$UKI_INSTALL_ALL_FW" = "false" ]
RUN modulesextra=$(dpkg-query -W -f='${Package}\n' | grep '^linux-modules-extra-' | head -n 1) && \
linuximage=$(dpkg-query -W -f='${Package}\n' | grep '^linux-image-generic-hwe-' | head -n 1) && \
apt-get purge -y --allow-remove-essential linux-firmware wireless-regdb $linuximage $modulesextra
END
END

IF [ "$CIS_HARDENING" = "true" ]
Expand Down

0 comments on commit 667b249

Please sign in to comment.