Add nixos-kexec utility

jmbaur · Jan 31, 2025 · 13b1b0b · 13b1b0b
1 parent 381a57a
commit 13b1b0b
Show file tree

Hide file tree

Showing 7 changed files with 95 additions and 26 deletions.
diff --git a/home-modules/jared/default.nix b/home-modules/jared/default.nix
@@ -101,6 +101,7 @@ in
         nix-output-monitor
         nix-prefetch-scripts
         nix-tree
+        nixos-kexec
         nixos-shell
         nload
         nmap

diff --git a/nixos-configurations/pea/default.nix b/nixos-configurations/pea/default.nix
@@ -15,51 +15,61 @@ in
     {
       hardware.chromebook.asurada-spherion.enable = true;
 
+      system.extraSystemBuilderCmds = ''
+        export PATH=$PATH:${
+          lib.makeBinPath (
+            with pkgs.buildPackages;
+            [
+              dtc
+              ubootTools
+              vboot_reference
+              xz
+            ]
+          )
+        }
+
+        lzma --threads $NIX_BUILD_CORES <${config.system.build.kernel}/${config.system.boot.loader.kernelFile} >kernel.lzma
+        cp ${config.system.build.initialRamdisk}/${config.system.boot.loader.initrdFile} initrd
+        cp ${config.hardware.deviceTree.package}/${config.hardware.deviceTree.name} fdt
+
+        cp ${./fitimage.its} fitimage.its # needs to be in the same directory
+        mkimage -D "-I dts -O dtb -p 2048" -f fitimage.its vmlinux.uimg
+
+        dd status=none if=/dev/zero of=bootloader.bin bs=512 count=1
+
+        echo "init=$out/init ${toString config.boot.kernelParams}" >kernel-params
+
+        futility vbutil_kernel \
+          --pack $out/kpart \
+          --version 1 \
+          --vmlinuz vmlinux.uimg \
+          --arch aarch64 \
+          --keyblock ${pkgs.vboot_reference}/share/vboot/devkeys/kernel.keyblock \
+          --signprivate ${pkgs.vboot_reference}/share/vboot/devkeys/kernel_data_key.vbprivk \
+          --config kernel-params \
+          --bootloader bootloader.bin
+      '';
+
       system.build.testImage = pkgs.callPackage (
         {
-          dtc,
           runCommand,
-          ubootTools,
           util-linux,
           vboot_reference,
-          xz,
           zstd,
         }:
 
         runCommand "test-image"
           {
             nativeBuildInputs = [
-              dtc
-              ubootTools
               util-linux
               vboot_reference
-              xz
               zstd
             ];
           }
           ''
             mkdir -p $out
 
-            lzma --threads $NIX_BUILD_CORES <${config.system.build.kernel}/${config.system.boot.loader.kernelFile} >kernel.lzma
-            cp ${config.system.build.initialRamdisk}/${config.system.boot.loader.initrdFile} initrd
-            cp ${config.hardware.deviceTree.package}/${config.hardware.deviceTree.name} fdt
-
-            cp ${./fitimage.its} fitimage.its # needs to be in the same directory
-            mkimage -D "-I dts -O dtb -p 2048" -f fitimage.its vmlinux.uimg
-
-            dd status=none if=/dev/zero of=bootloader.bin bs=512 count=1
-
-            echo "init=${config.system.build.toplevel}/init ${toString config.boot.kernelParams}" >kernel-params
-
-            futility vbutil_kernel \
-              --pack $out/kpart \
-              --version 1 \
-              --vmlinuz vmlinux.uimg \
-              --arch aarch64 \
-              --keyblock ${vboot_reference}/share/vboot/devkeys/kernel.keyblock \
-              --signprivate ${vboot_reference}/share/vboot/devkeys/kernel_data_key.vbprivk \
-              --config kernel-params \
-              --bootloader bootloader.bin
+            ${config.system.build.toplevel}/kpart
 
             dd if=/dev/zero of=$out/image bs=4M count=20
             sfdisk --no-reread --no-tell-kernel $out/image <<EOF
@@ -73,6 +83,10 @@ in
             zstd -T$NIX_BUILD_CORES --rm $out/image
           ''
       ) { };
+
+      boot.loader.systemd-boot.extraInstallCommands = ''
+        ${lib.getExe' pkgs.coreutils "dd"} bs=4M if=$1/kpart of=/dev/disk/by-partlabel/kernel
+      '';
     }
     {
       custom.desktop.enable = true;

diff --git a/nixos-configurations/pea/fitimage.its b/nixos-configurations/pea/fitimage.its
@@ -13,6 +13,9 @@
 			compression = "lzma";
 			load = <0>;
 			entry = <0>;
+			hash-1 {
+				algo = "sha256";
+			};
 		};
 
 		ramdisk-1 {

diff --git a/nixos-modules/common/default.nix b/nixos-modules/common/default.nix
@@ -31,6 +31,8 @@ in
     {
       system.stateVersion = mkDefault "25.05";
 
+      environment.systemPackages = [ pkgs.nixos-kexec ];
+
       # We always build on x86_64-linux.
       #
       # "If it don't cross-compile, it don't go in the config!"

diff --git a/overlays/pkgs/nixos-kexec/nixos-kexec.bash b/overlays/pkgs/nixos-kexec/nixos-kexec.bash
@@ -0,0 +1,23 @@
+# shellcheck shell=bash
+
+declare kexec_jq
+
+choice=${1:-}
+
+if [[ -z $choice ]]; then
+	declare -a choices
+
+	while read -r system_closure; do
+		choices+=("$system_closure")
+	done < <(find /nix/var/nix/profiles -name 'system-*')
+
+	choice=$(echo "${choices[@]}" | zf)
+fi
+
+if [[ -z $choice ]]; then
+	exit 1
+fi
+
+eval "$(jq --raw-output --from-file "$kexec_jq" <"${choice}/boot.json")"
+
+systemctl kexec
diff --git a/overlays/pkgs/nixos-kexec/nixos-kexec.jq b/overlays/pkgs/nixos-kexec/nixos-kexec.jq
@@ -0,0 +1,5 @@
+(."org.nixos.bootspec.v1".kernel) as $linux
+| (."org.nixos.bootspec.v1".initrd) as $initrd
+| (."org.nixos.bootspec.v1".kernelParams | join(" ")) as $otherParams
+| (."org.nixos.bootspec.v1".init) as $init
+| "kexec -l \($linux) --initrd=\($initrd) --command-line=\"init=\($init) \($otherParams)\""
diff --git a/overlays/pkgs/nixos-kexec/package.nix b/overlays/pkgs/nixos-kexec/package.nix
@@ -0,0 +1,21 @@
+{
+  jq,
+  lib,
+  writeShellApplication,
+  zf,
+}:
+
+writeShellApplication {
+  name = "nixos-kexec";
+
+  runtimeInputs = [
+    jq
+    zf
+  ];
+
+  text =
+    ''
+      kexec_jq=${./nixos-kexec.jq}
+    ''
+    + lib.fileContents ./nixos-kexec.bash;
+}