Update boot configs to match CentOS 7.5 kernel
To improve kubernetes support, update kernel to CentOS 7.5 version and enable user namespaces in kernel bootargs. Depends-On: https://review.openstack.org/580689 Change-Id: I4d8620ea17a19a764c6627cd79eb548c79c56bfd Signed-off-by: Jason McKenna <jason.mckenna@windriver.com> Story: 2002761 Task: 22841
This commit is contained in:
parent
7be3b9085a
commit
bb036defd6
@ -40,7 +40,7 @@ menu begin
|
|||||||
endtext
|
endtext
|
||||||
kernel vmlinuz
|
kernel vmlinuz
|
||||||
initrd initrd.img
|
initrd initrd.img
|
||||||
append rootwait console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.ks=hd:LABEL=oe_iso_boot:/ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 inst.gpt security_profile=standard
|
append rootwait console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.ks=hd:LABEL=oe_iso_boot:/ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 inst.gpt security_profile=standard user_namespace.enable=1
|
||||||
|
|
||||||
label S0
|
label S0
|
||||||
menu label EXTENDED Security Boot Profile
|
menu label EXTENDED Security Boot Profile
|
||||||
@ -50,7 +50,7 @@ menu begin
|
|||||||
endtext
|
endtext
|
||||||
kernel vmlinuz
|
kernel vmlinuz
|
||||||
initrd initrd.img
|
initrd initrd.img
|
||||||
append rootwait console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.ks=hd:LABEL=oe_iso_boot:/ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 inst.gpt security_profile=extended
|
append rootwait console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.ks=hd:LABEL=oe_iso_boot:/ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 inst.gpt security_profile=extended user_namespace.enable=1
|
||||||
menu end
|
menu end
|
||||||
|
|
||||||
# Graphical Console submenu
|
# Graphical Console submenu
|
||||||
@ -64,7 +64,7 @@ menu begin
|
|||||||
endtext
|
endtext
|
||||||
kernel vmlinuz
|
kernel vmlinuz
|
||||||
initrd initrd.img
|
initrd initrd.img
|
||||||
append rootwait console=tty0 inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.ks=hd:LABEL=oe_iso_boot:/ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 inst.gpt security_profile=standard
|
append rootwait console=tty0 inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.ks=hd:LABEL=oe_iso_boot:/ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 inst.gpt security_profile=standard user_namespace.enable=1
|
||||||
|
|
||||||
label S1
|
label S1
|
||||||
menu label EXTENDED Security Boot Profile
|
menu label EXTENDED Security Boot Profile
|
||||||
@ -74,7 +74,7 @@ menu begin
|
|||||||
endtext
|
endtext
|
||||||
kernel vmlinuz
|
kernel vmlinuz
|
||||||
initrd initrd.img
|
initrd initrd.img
|
||||||
append rootwait console=tty0 inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.ks=hd:LABEL=oe_iso_boot:/ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 inst.gpt security_profile=extended
|
append rootwait console=tty0 inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.ks=hd:LABEL=oe_iso_boot:/ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 inst.gpt security_profile=extended user_namespace.enable=1
|
||||||
menu end
|
menu end
|
||||||
menu end
|
menu end
|
||||||
|
|
||||||
@ -94,7 +94,7 @@ menu begin
|
|||||||
endtext
|
endtext
|
||||||
kernel vmlinuz
|
kernel vmlinuz
|
||||||
initrd initrd.img
|
initrd initrd.img
|
||||||
append rootwait console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 inst.gpt security_profile=standard
|
append rootwait console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 inst.gpt security_profile=standard user_namespace.enable=1
|
||||||
|
|
||||||
label S2
|
label S2
|
||||||
menu label EXTENDED Security Boot Profile
|
menu label EXTENDED Security Boot Profile
|
||||||
@ -105,7 +105,7 @@ menu begin
|
|||||||
kernel vmlinuz
|
kernel vmlinuz
|
||||||
initrd initrd.img
|
initrd initrd.img
|
||||||
# Security profile option
|
# Security profile option
|
||||||
append rootwait console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 inst.gpt security_profile=extended
|
append rootwait console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 inst.gpt security_profile=extended user_namespace.enable=1
|
||||||
menu end
|
menu end
|
||||||
|
|
||||||
# Graphical Console submenu
|
# Graphical Console submenu
|
||||||
@ -119,7 +119,7 @@ menu begin
|
|||||||
endtext
|
endtext
|
||||||
kernel vmlinuz
|
kernel vmlinuz
|
||||||
initrd initrd.img
|
initrd initrd.img
|
||||||
append rootwait console=tty0 inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 inst.gpt security_profile=standard
|
append rootwait console=tty0 inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 inst.gpt security_profile=standard user_namespace.enable=1
|
||||||
|
|
||||||
label S3
|
label S3
|
||||||
menu label EXTENDED Security Boot Profile
|
menu label EXTENDED Security Boot Profile
|
||||||
@ -129,7 +129,7 @@ menu begin
|
|||||||
endtext
|
endtext
|
||||||
kernel vmlinuz
|
kernel vmlinuz
|
||||||
initrd initrd.img
|
initrd initrd.img
|
||||||
append rootwait console=tty0 inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 inst.gpt security_profile=extended
|
append rootwait console=tty0 inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 inst.gpt security_profile=extended user_namespace.enable=1
|
||||||
menu end
|
menu end
|
||||||
menu end
|
menu end
|
||||||
|
|
||||||
@ -149,7 +149,7 @@ menu begin
|
|||||||
endtext
|
endtext
|
||||||
kernel vmlinuz
|
kernel vmlinuz
|
||||||
initrd initrd.img
|
initrd initrd.img
|
||||||
append rootwait console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_lowlatency_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 inst.gpt security_profile=standard
|
append rootwait console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_lowlatency_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 inst.gpt security_profile=standard user_namespace.enable=1
|
||||||
|
|
||||||
label S4
|
label S4
|
||||||
menu label EXTENDED Security Boot Profile
|
menu label EXTENDED Security Boot Profile
|
||||||
@ -159,7 +159,7 @@ menu begin
|
|||||||
endtext
|
endtext
|
||||||
kernel vmlinuz
|
kernel vmlinuz
|
||||||
initrd initrd.img
|
initrd initrd.img
|
||||||
append rootwait console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_lowlatency_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 inst.gpt security_profile=extended
|
append rootwait console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_lowlatency_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 inst.gpt security_profile=extended user_namespace.enable=1
|
||||||
menu end
|
menu end
|
||||||
|
|
||||||
# Graphical Console submenu
|
# Graphical Console submenu
|
||||||
@ -173,7 +173,7 @@ menu begin
|
|||||||
endtext
|
endtext
|
||||||
kernel vmlinuz
|
kernel vmlinuz
|
||||||
initrd initrd.img
|
initrd initrd.img
|
||||||
append rootwait console=tty0 inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_lowlatency_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 inst.gpt security_profile=standard
|
append rootwait console=tty0 inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_lowlatency_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 inst.gpt security_profile=standard user_namespace.enable=1
|
||||||
|
|
||||||
label S5
|
label S5
|
||||||
menu label EXTENDED Security Boot Profile
|
menu label EXTENDED Security Boot Profile
|
||||||
@ -183,6 +183,6 @@ menu begin
|
|||||||
endtext
|
endtext
|
||||||
kernel vmlinuz
|
kernel vmlinuz
|
||||||
initrd initrd.img
|
initrd initrd.img
|
||||||
append rootwait console=tty0 inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_lowlatency_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 inst.gpt security_profile=extended
|
append rootwait console=tty0 inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_lowlatency_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 inst.gpt security_profile=extended user_namespace.enable=1
|
||||||
menu end
|
menu end
|
||||||
menu end
|
menu end
|
||||||
|
@ -37,16 +37,16 @@ menuentry ' ' {
|
|||||||
submenu 'UEFI Standard Controller Configuration' --id=standard {
|
submenu 'UEFI Standard Controller Configuration' --id=standard {
|
||||||
submenu 'Serial Console' --id=serial {
|
submenu 'Serial Console' --id=serial {
|
||||||
menuentry 'STANDARD Security Profile' --id=standard {
|
menuentry 'STANDARD Security Profile' --id=standard {
|
||||||
linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=standard
|
linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=standard user_namespace.enable=1
|
||||||
initrdefi /initrd.img
|
initrdefi /initrd.img
|
||||||
}
|
}
|
||||||
submenu 'EXTENDED Security Profile' --id=extended {
|
submenu 'EXTENDED Security Profile' --id=extended {
|
||||||
menuentry 'Secure Boot Profile' --id=secureboot {
|
menuentry 'Secure Boot Profile' --id=secureboot {
|
||||||
linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=extended tboot=false
|
linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=extended tboot=false user_namespace.enable=1
|
||||||
initrdefi /initrd.img
|
initrdefi /initrd.img
|
||||||
}
|
}
|
||||||
menuentry 'Trusted Boot Profile' --id=tboot {
|
menuentry 'Trusted Boot Profile' --id=tboot {
|
||||||
linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=extended tboot=true
|
linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=extended tboot=true user_namespace.enable=1
|
||||||
initrdefi /initrd.img
|
initrdefi /initrd.img
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -54,16 +54,16 @@ submenu 'UEFI Standard Controller Configuration' --id=standard {
|
|||||||
|
|
||||||
submenu 'Graphical Console' --id=graphical {
|
submenu 'Graphical Console' --id=graphical {
|
||||||
menuentry 'STANDARD Security Profile' --id=standard {
|
menuentry 'STANDARD Security Profile' --id=standard {
|
||||||
linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=tty0 serial inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=standard
|
linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=tty0 serial inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=standard user_namespace.enable=1
|
||||||
initrdefi /initrd.img
|
initrdefi /initrd.img
|
||||||
}
|
}
|
||||||
submenu 'EXTENDED Security Profile' --id=extended {
|
submenu 'EXTENDED Security Profile' --id=extended {
|
||||||
menuentry 'Secure Boot Profile' --id=secureboot {
|
menuentry 'Secure Boot Profile' --id=secureboot {
|
||||||
linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=tty0 serial inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=extended tboot=false
|
linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=tty0 serial inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=extended tboot=false user_namespace.enable=1
|
||||||
initrdefi /initrd.img
|
initrdefi /initrd.img
|
||||||
}
|
}
|
||||||
menuentry 'Trusted Boot Profile' --id=tboot {
|
menuentry 'Trusted Boot Profile' --id=tboot {
|
||||||
linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=tty0 serial inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=extended tboot=true
|
linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=tty0 serial inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=extended tboot=true user_namespace.enable=1
|
||||||
initrdefi /initrd.img
|
initrdefi /initrd.img
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -79,16 +79,16 @@ menuentry ' '{
|
|||||||
submenu 'UEFI All-in-one Controller Configuration' --id=aio {
|
submenu 'UEFI All-in-one Controller Configuration' --id=aio {
|
||||||
submenu 'Serial Console' --id=serial {
|
submenu 'Serial Console' --id=serial {
|
||||||
menuentry 'STANDARD Security Profile' --id=standard {
|
menuentry 'STANDARD Security Profile' --id=standard {
|
||||||
linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=standard
|
linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=standard user_namespace.enable=1
|
||||||
initrdefi /initrd.img
|
initrdefi /initrd.img
|
||||||
}
|
}
|
||||||
submenu 'EXTENDED Security Profile' --id=extended {
|
submenu 'EXTENDED Security Profile' --id=extended {
|
||||||
menuentry 'Secure Boot Profile' --id=secureboot {
|
menuentry 'Secure Boot Profile' --id=secureboot {
|
||||||
linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=extended tboot=false
|
linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=extended tboot=false user_namespace.enable=1
|
||||||
initrdefi /initrd.img
|
initrdefi /initrd.img
|
||||||
}
|
}
|
||||||
menuentry 'Trusted Boot Profile' --id=tboot {
|
menuentry 'Trusted Boot Profile' --id=tboot {
|
||||||
linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=extended tboot=true
|
linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=extended tboot=true user_namespace.enable=1
|
||||||
initrdefi /initrd.img
|
initrdefi /initrd.img
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -96,16 +96,16 @@ submenu 'UEFI All-in-one Controller Configuration' --id=aio {
|
|||||||
|
|
||||||
submenu 'Graphical Console' --id=graphical {
|
submenu 'Graphical Console' --id=graphical {
|
||||||
menuentry 'STANDARD Security Profile' --id=standard {
|
menuentry 'STANDARD Security Profile' --id=standard {
|
||||||
linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=tty0 inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=standard
|
linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=tty0 inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=standard user_namespace.enable=1
|
||||||
initrdefi /initrd.img
|
initrdefi /initrd.img
|
||||||
}
|
}
|
||||||
submenu 'EXTENDED Security Profile' --id=extended {
|
submenu 'EXTENDED Security Profile' --id=extended {
|
||||||
menuentry 'Secure Boot Profile' --id=secureboot {
|
menuentry 'Secure Boot Profile' --id=secureboot {
|
||||||
linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=tty0 inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=extended tboot=false
|
linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=tty0 inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=extended tboot=false user_namespace.enable=1
|
||||||
initrdefi /initrd.img
|
initrdefi /initrd.img
|
||||||
}
|
}
|
||||||
menuentry 'Trusted Boot Profile' --id=tboot {
|
menuentry 'Trusted Boot Profile' --id=tboot {
|
||||||
linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=tty0 inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=extended tboot=true
|
linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=tty0 inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=extended tboot=true user_namespace.enable=1
|
||||||
initrdefi /initrd.img
|
initrdefi /initrd.img
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -121,16 +121,16 @@ menuentry ' '{
|
|||||||
submenu 'UEFI All-in-one (lowlatency) Controller Configuration' --id=aio-lowlat {
|
submenu 'UEFI All-in-one (lowlatency) Controller Configuration' --id=aio-lowlat {
|
||||||
submenu 'Serial Console' --id=serial {
|
submenu 'Serial Console' --id=serial {
|
||||||
menuentry 'STANDARD Security Profile' --id=standard {
|
menuentry 'STANDARD Security Profile' --id=standard {
|
||||||
linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_lowlatency_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=standard
|
linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_lowlatency_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=standard user_namespace.enable=1
|
||||||
initrdefi /initrd.img
|
initrdefi /initrd.img
|
||||||
}
|
}
|
||||||
submenu 'EXTENDED Security Profile' --id=extended {
|
submenu 'EXTENDED Security Profile' --id=extended {
|
||||||
menuentry 'Secure Boot Profile' --id=secureboot {
|
menuentry 'Secure Boot Profile' --id=secureboot {
|
||||||
linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_lowlatency_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=extended tboot=false
|
linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_lowlatency_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=extended tboot=false user_namespace.enable=1
|
||||||
initrdefi /initrd.img
|
initrdefi /initrd.img
|
||||||
}
|
}
|
||||||
menuentry 'Trusted Boot Profile' --id=tboot {
|
menuentry 'Trusted Boot Profile' --id=tboot {
|
||||||
linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_lowlatency_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=extended tboot=true
|
linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_lowlatency_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=extended tboot=true user_namespace.enable=1
|
||||||
initrdefi /initrd.img
|
initrdefi /initrd.img
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -138,16 +138,16 @@ submenu 'UEFI All-in-one (lowlatency) Controller Configuration' --id=aio-lowlat
|
|||||||
|
|
||||||
submenu 'Graphical Console' --id=graphical {
|
submenu 'Graphical Console' --id=graphical {
|
||||||
menuentry 'STANDARD Security Profile' --id=standard {
|
menuentry 'STANDARD Security Profile' --id=standard {
|
||||||
linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_lowlatency_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=tty0 inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=standard
|
linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_lowlatency_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=tty0 inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=standard user_namespace.enable=1
|
||||||
initrdefi /initrd.img
|
initrdefi /initrd.img
|
||||||
}
|
}
|
||||||
submenu 'EXTENDED Security Profile' --id=extended {
|
submenu 'EXTENDED Security Profile' --id=extended {
|
||||||
menuentry 'Secure Boot Profile' --id=secureboot {
|
menuentry 'Secure Boot Profile' --id=secureboot {
|
||||||
linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_lowlatency_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=tty0 inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=extended tboot=false
|
linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_lowlatency_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=tty0 inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=extended tboot=false user_namespace.enable=1
|
||||||
initrdefi /initrd.img
|
initrdefi /initrd.img
|
||||||
}
|
}
|
||||||
menuentry 'Trusted Boot Profile' --id=tboot {
|
menuentry 'Trusted Boot Profile' --id=tboot {
|
||||||
linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_lowlatency_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=tty0 inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=extended tboot=true
|
linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_lowlatency_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=tty0 inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=extended tboot=true user_namespace.enable=1
|
||||||
initrdefi /initrd.img
|
initrdefi /initrd.img
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -79,7 +79,9 @@ then
|
|||||||
KERN_OPTS="${KERN_OPTS} kvm-intel.eptad=0"
|
KERN_OPTS="${KERN_OPTS} kvm-intel.eptad=0"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
KERN_OPTS="${KERN_OPTS} cgroup_disable=memory"
|
# k8s updates:
|
||||||
|
#KERN_OPTS="${KERN_OPTS} cgroup_disable=memory"
|
||||||
|
KERN_OPTS="${KERN_OPTS} user_namespace.enable=1"
|
||||||
|
|
||||||
# Add kernel option to avoid jiffies_lock contention on real-time kernel
|
# Add kernel option to avoid jiffies_lock contention on real-time kernel
|
||||||
if [[ "$subfunction" =~ lowlatency ]]; then
|
if [[ "$subfunction" =~ lowlatency ]]; then
|
||||||
|
@ -24,7 +24,9 @@ if [ $? -ne 0 ]; then
|
|||||||
KERN_OPTS="${KERN_OPTS} biosdevname=0"
|
KERN_OPTS="${KERN_OPTS} biosdevname=0"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
KERN_OPTS="${KERN_OPTS} cgroup_disable=memory"
|
# k8s updates
|
||||||
|
#KERN_OPTS="${KERN_OPTS} cgroup_disable=memory"
|
||||||
|
KERN_OPTS="${KERN_OPTS} user_namespace.enable=1"
|
||||||
|
|
||||||
# If the installer asked us to use security related kernel params, use
|
# If the installer asked us to use security related kernel params, use
|
||||||
# them in the grub line as well (until they can be configured via puppet)
|
# them in the grub line as well (until they can be configured via puppet)
|
||||||
|
@ -18,7 +18,9 @@ if [ $? -ne 0 ]; then
|
|||||||
KERN_OPTS="${KERN_OPTS} biosdevname=0"
|
KERN_OPTS="${KERN_OPTS} biosdevname=0"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
KERN_OPTS="${KERN_OPTS} cgroup_disable=memory"
|
# k8s updates:
|
||||||
|
#KERN_OPTS="${KERN_OPTS} cgroup_disable=memory"
|
||||||
|
KERN_OPTS="${KERN_OPTS} user_namespace.enable=1"
|
||||||
|
|
||||||
# If the installer asked us to use security related kernel params, use
|
# If the installer asked us to use security related kernel params, use
|
||||||
# them in the grub line as well (until they can be configured via puppet)
|
# them in the grub line as well (until they can be configured via puppet)
|
||||||
|
@ -36,7 +36,7 @@ menu begin
|
|||||||
Standard Security Profile Enabled (default setting)
|
Standard Security Profile Enabled (default setting)
|
||||||
endtext
|
endtext
|
||||||
kernel vmlinuz
|
kernel vmlinuz
|
||||||
append initrd=initrd.img bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_controller.cfg boot_device=sda rootfs_device=sda biosdevname=0 inst.text serial console=ttyS0,115200n8 inst.gpt security_profile=standard
|
append initrd=initrd.img bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_controller.cfg boot_device=sda rootfs_device=sda biosdevname=0 inst.text serial console=ttyS0,115200n8 inst.gpt security_profile=standard user_namespace.enable=1
|
||||||
ipappend 2
|
ipappend 2
|
||||||
|
|
||||||
label S1
|
label S1
|
||||||
@ -46,7 +46,7 @@ menu begin
|
|||||||
Extended Security Profile Enabled (will impact performance)
|
Extended Security Profile Enabled (will impact performance)
|
||||||
endtext
|
endtext
|
||||||
kernel vmlinuz
|
kernel vmlinuz
|
||||||
append initrd=initrd.img bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_controller.cfg boot_device=sda rootfs_device=sda biosdevname=0 inst.text serial console=ttyS0,115200n8 inst.gpt security_profile=extended
|
append initrd=initrd.img bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_controller.cfg boot_device=sda rootfs_device=sda biosdevname=0 inst.text serial console=ttyS0,115200n8 inst.gpt security_profile=extended user_namespace.enable=1
|
||||||
ipappend 2
|
ipappend 2
|
||||||
menu end
|
menu end
|
||||||
|
|
||||||
@ -60,7 +60,7 @@ menu begin
|
|||||||
Standard Security Profile Enabled (default setting)
|
Standard Security Profile Enabled (default setting)
|
||||||
endtext
|
endtext
|
||||||
kernel vmlinuz
|
kernel vmlinuz
|
||||||
append initrd=initrd.img bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_controller.cfg boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=tty0 inst.gpt security_profile=standard
|
append initrd=initrd.img bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_controller.cfg boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=tty0 inst.gpt security_profile=standard user_namespace.enable=1
|
||||||
ipappend 2
|
ipappend 2
|
||||||
|
|
||||||
label S2
|
label S2
|
||||||
@ -70,7 +70,7 @@ menu begin
|
|||||||
Extended Security Profile Enabled (will impact performance)
|
Extended Security Profile Enabled (will impact performance)
|
||||||
endtext
|
endtext
|
||||||
kernel vmlinuz
|
kernel vmlinuz
|
||||||
append initrd=initrd.img bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_controller.cfg boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=tty0 inst.gpt security_profile=extended
|
append initrd=initrd.img bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_controller.cfg boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=tty0 inst.gpt security_profile=extended user_namespace.enable=1
|
||||||
ipappend 2
|
ipappend 2
|
||||||
menu end
|
menu end
|
||||||
menu end
|
menu end
|
||||||
@ -88,7 +88,7 @@ menu begin
|
|||||||
Standard Security Profile Enabled (default setting)
|
Standard Security Profile Enabled (default setting)
|
||||||
endtext
|
endtext
|
||||||
kernel vmlinuz
|
kernel vmlinuz
|
||||||
append initrd=initrd.img bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem.cfg boot_device=sda rootfs_device=sda biosdevname=0 inst.text serial console=ttyS0,115200n8 inst.gpt security_profile=standard
|
append initrd=initrd.img bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem.cfg boot_device=sda rootfs_device=sda biosdevname=0 inst.text serial console=ttyS0,115200n8 inst.gpt security_profile=standard user_namespace.enable=1
|
||||||
ipappend 2
|
ipappend 2
|
||||||
|
|
||||||
label S3
|
label S3
|
||||||
@ -98,7 +98,7 @@ menu begin
|
|||||||
Extended Security Profile Enabled (will impact performance)
|
Extended Security Profile Enabled (will impact performance)
|
||||||
endtext
|
endtext
|
||||||
kernel vmlinuz
|
kernel vmlinuz
|
||||||
append initrd=initrd.img bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem.cfg boot_device=sda rootfs_device=sda biosdevname=0 inst.text serial console=ttyS0,115200n8 inst.gpt security_profile=extended
|
append initrd=initrd.img bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem.cfg boot_device=sda rootfs_device=sda biosdevname=0 inst.text serial console=ttyS0,115200n8 inst.gpt security_profile=extended user_namespace.enable=1
|
||||||
ipappend 2
|
ipappend 2
|
||||||
menu end
|
menu end
|
||||||
|
|
||||||
@ -112,7 +112,7 @@ menu begin
|
|||||||
Standard Security Profile Enabled (default setting)
|
Standard Security Profile Enabled (default setting)
|
||||||
endtext
|
endtext
|
||||||
kernel vmlinuz
|
kernel vmlinuz
|
||||||
append initrd=initrd.img bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem.cfg boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=tty0 inst.gpt security_profile=standard
|
append initrd=initrd.img bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem.cfg boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=tty0 inst.gpt security_profile=standard user_namespace.enable=1
|
||||||
ipappend 2
|
ipappend 2
|
||||||
|
|
||||||
label S4
|
label S4
|
||||||
@ -122,7 +122,7 @@ menu begin
|
|||||||
Extended Security Profile Enabled (will impact performance)
|
Extended Security Profile Enabled (will impact performance)
|
||||||
endtext
|
endtext
|
||||||
kernel vmlinuz
|
kernel vmlinuz
|
||||||
append initrd=initrd.img bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem.cfg boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=tty0 inst.gpt security_profile=extended
|
append initrd=initrd.img bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem.cfg boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=tty0 inst.gpt security_profile=extended user_namespace.enable=1
|
||||||
ipappend 2
|
ipappend 2
|
||||||
menu end
|
menu end
|
||||||
menu end
|
menu end
|
||||||
@ -140,7 +140,7 @@ menu begin
|
|||||||
Standard Security Profile Enabled (default setting)
|
Standard Security Profile Enabled (default setting)
|
||||||
endtext
|
endtext
|
||||||
kernel vmlinuz
|
kernel vmlinuz
|
||||||
append initrd=initrd.img bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem_lowlatency.cfg boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=ttyS0,115200n8 inst.gpt security_profile=standard
|
append initrd=initrd.img bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem_lowlatency.cfg boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=ttyS0,115200n8 inst.gpt security_profile=standard user_namespace.enable=1
|
||||||
ipappend 2
|
ipappend 2
|
||||||
|
|
||||||
label S5
|
label S5
|
||||||
@ -150,7 +150,7 @@ menu begin
|
|||||||
Extended Security Profile Enabled (will impact performance)
|
Extended Security Profile Enabled (will impact performance)
|
||||||
endtext
|
endtext
|
||||||
kernel vmlinuz
|
kernel vmlinuz
|
||||||
append initrd=initrd.img bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem_lowlatency.cfg boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=ttyS0,115200n8 inst.gpt security_profile=extended
|
append initrd=initrd.img bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem_lowlatency.cfg boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=ttyS0,115200n8 inst.gpt security_profile=extended user_namespace.enable=1
|
||||||
ipappend 2
|
ipappend 2
|
||||||
menu end
|
menu end
|
||||||
|
|
||||||
@ -164,7 +164,7 @@ menu begin
|
|||||||
Standard Security Profile Enabled (default setting)
|
Standard Security Profile Enabled (default setting)
|
||||||
endtext
|
endtext
|
||||||
kernel vmlinuz
|
kernel vmlinuz
|
||||||
append initrd=initrd.img bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem_lowlatency.cfg boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=tty0 inst.gpt security_profile=standard
|
append initrd=initrd.img bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem_lowlatency.cfg boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=tty0 inst.gpt security_profile=standard user_namespace.enable=1
|
||||||
ipappend 2
|
ipappend 2
|
||||||
|
|
||||||
label S6
|
label S6
|
||||||
@ -174,7 +174,7 @@ menu begin
|
|||||||
Extended Security Profile Enabled (will impact performance)
|
Extended Security Profile Enabled (will impact performance)
|
||||||
endtext
|
endtext
|
||||||
kernel vmlinuz
|
kernel vmlinuz
|
||||||
append initrd=initrd.img bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem_lowlatency.cfg boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=tty0 inst.gpt security_profile=extended
|
append initrd=initrd.img bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem_lowlatency.cfg boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=tty0 inst.gpt security_profile=extended user_namespace.enable=1
|
||||||
ipappend 2
|
ipappend 2
|
||||||
menu end
|
menu end
|
||||||
menu end
|
menu end
|
||||||
|
@ -21,12 +21,12 @@ submenu 'UEFI Standard Controller' {
|
|||||||
submenu 'Serial Console' {
|
submenu 'Serial Console' {
|
||||||
menuentry 'STANDARD Security Boot Profile' {
|
menuentry 'STANDARD Security Boot Profile' {
|
||||||
set root=${pxe_root}
|
set root=${pxe_root}
|
||||||
linuxefi vmlinuz bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_controller.cfg ksdevice=$net_default_mac BOOTIF=$net_default_mac boot_device=sda rootfs_device=sda biosdevname=0 inst.text serial console=ttyS0,115200n8 inst.gpt security_profile=standard
|
linuxefi vmlinuz bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_controller.cfg ksdevice=$net_default_mac BOOTIF=$net_default_mac boot_device=sda rootfs_device=sda biosdevname=0 inst.text serial console=ttyS0,115200n8 inst.gpt security_profile=standard user_namespace.enable=1
|
||||||
initrdefi initrd.img
|
initrdefi initrd.img
|
||||||
}
|
}
|
||||||
menuentry 'EXTENDED Security Boot Profile' {
|
menuentry 'EXTENDED Security Boot Profile' {
|
||||||
set root=${pxe_root}
|
set root=${pxe_root}
|
||||||
linuxefi vmlinuz bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_controller.cfg ksdevice=$net_default_mac BOOTIF=$net_default_mac boot_device=sda rootfs_device=sda biosdevname=0 inst.text serial console=ttyS0,115200n8 inst.gpt security_profile=extended tboot=true
|
linuxefi vmlinuz bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_controller.cfg ksdevice=$net_default_mac BOOTIF=$net_default_mac boot_device=sda rootfs_device=sda biosdevname=0 inst.text serial console=ttyS0,115200n8 inst.gpt security_profile=extended tboot=true user_namespace.enable=1
|
||||||
initrdefi initrd.img
|
initrdefi initrd.img
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -34,12 +34,12 @@ submenu 'UEFI Standard Controller' {
|
|||||||
submenu 'Graphical Console' {
|
submenu 'Graphical Console' {
|
||||||
menuentry 'STANDARD Security Boot Profile' {
|
menuentry 'STANDARD Security Boot Profile' {
|
||||||
set root=${pxe_root}
|
set root=${pxe_root}
|
||||||
linuxefi vmlinuz bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_controller.cfg ksdevice=$net_default_mac BOOTIF=$net_default_mac boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=tty0 inst.gpt security_profile=standard
|
linuxefi vmlinuz bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_controller.cfg ksdevice=$net_default_mac BOOTIF=$net_default_mac boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=tty0 inst.gpt security_profile=standard user_namespace.enable=1
|
||||||
initrdefi initrd.img
|
initrdefi initrd.img
|
||||||
}
|
}
|
||||||
menuentry 'EXTENDED Security Boot Profile' {
|
menuentry 'EXTENDED Security Boot Profile' {
|
||||||
set root=${pxe_root}
|
set root=${pxe_root}
|
||||||
linuxefi vmlinuz bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_controller.cfg ksdevice=$net_default_mac BOOTIF=$net_default_mac boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=tty0 inst.gpt security_profile=extended tboot=true
|
linuxefi vmlinuz bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_controller.cfg ksdevice=$net_default_mac BOOTIF=$net_default_mac boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=tty0 inst.gpt security_profile=extended tboot=true user_namespace.enable=1
|
||||||
initrdefi initrd.img
|
initrdefi initrd.img
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -50,12 +50,12 @@ submenu 'UEFI All-in-one Controller' {
|
|||||||
submenu 'Serial Console' {
|
submenu 'Serial Console' {
|
||||||
menuentry 'STANDARD Security Boot Profile' {
|
menuentry 'STANDARD Security Boot Profile' {
|
||||||
set root=${pxe_root}
|
set root=${pxe_root}
|
||||||
linuxefi vmlinuz bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem.cfg ksdevice=$net_default_mac BOOTIF=$net_default_mac boot_device=sda rootfs_device=sda biosdevname=0 inst.text serial console=ttyS0,115200n8 inst.gpt security_profile=standard
|
linuxefi vmlinuz bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem.cfg ksdevice=$net_default_mac BOOTIF=$net_default_mac boot_device=sda rootfs_device=sda biosdevname=0 inst.text serial console=ttyS0,115200n8 inst.gpt security_profile=standard user_namespace.enable=1
|
||||||
initrdefi initrd.img
|
initrdefi initrd.img
|
||||||
}
|
}
|
||||||
menuentry 'EXTENDED Security Boot Profile' {
|
menuentry 'EXTENDED Security Boot Profile' {
|
||||||
set root=${pxe_root}
|
set root=${pxe_root}
|
||||||
linuxefi vmlinuz bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem.cfg ksdevice=$net_default_mac BOOTIF=$net_default_mac boot_device=sda rootfs_device=sda biosdevname=0 inst.text serial console=ttyS0,115200n8 inst.gpt security_profile=extended tboot=true
|
linuxefi vmlinuz bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem.cfg ksdevice=$net_default_mac BOOTIF=$net_default_mac boot_device=sda rootfs_device=sda biosdevname=0 inst.text serial console=ttyS0,115200n8 inst.gpt security_profile=extended tboot=true user_namespace.enable=1
|
||||||
initrdefi initrd.img
|
initrdefi initrd.img
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -63,12 +63,12 @@ submenu 'UEFI All-in-one Controller' {
|
|||||||
submenu 'Graphical Console' {
|
submenu 'Graphical Console' {
|
||||||
menuentry 'STANDARD Security Boot Profile' {
|
menuentry 'STANDARD Security Boot Profile' {
|
||||||
set root=${pxe_root}
|
set root=${pxe_root}
|
||||||
linuxefi vmlinuz bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem.cfg ksdevice=$net_default_mac BOOTIF=$net_default_mac boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=tty0 inst.gpt security_profile=standard
|
linuxefi vmlinuz bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem.cfg ksdevice=$net_default_mac BOOTIF=$net_default_mac boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=tty0 inst.gpt security_profile=standard user_namespace.enable=1
|
||||||
initrdefi initrd.img
|
initrdefi initrd.img
|
||||||
}
|
}
|
||||||
menuentry 'EXTENDED Security Boot Profile' {
|
menuentry 'EXTENDED Security Boot Profile' {
|
||||||
set root=${pxe_root}
|
set root=${pxe_root}
|
||||||
linuxefi vmlinuz bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem.cfg ksdevice=$net_default_mac BOOTIF=$net_default_mac boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=tty0 inst.gpt security_profile=extended tboot=true
|
linuxefi vmlinuz bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem.cfg ksdevice=$net_default_mac BOOTIF=$net_default_mac boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=tty0 inst.gpt security_profile=extended tboot=true user_namespace.enable=1
|
||||||
initrdefi initrd.img
|
initrdefi initrd.img
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -79,12 +79,12 @@ submenu 'UEFI All-in-one (lowlatency) Controller' {
|
|||||||
submenu 'Serial Console' {
|
submenu 'Serial Console' {
|
||||||
menuentry 'STANDARD Security Boot Profile' {
|
menuentry 'STANDARD Security Boot Profile' {
|
||||||
set root=${pxe_root}
|
set root=${pxe_root}
|
||||||
linuxefi vmlinuz bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem_lowlatency.cfg ksdevice=$net_default_mac BOOTIF=$net_default_mac boot_device=sda rootfs_device=sda biosdevname=0 inst.text serial console=ttyS0,115200n8 inst.gpt security_profile=standard
|
linuxefi vmlinuz bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem_lowlatency.cfg ksdevice=$net_default_mac BOOTIF=$net_default_mac boot_device=sda rootfs_device=sda biosdevname=0 inst.text serial console=ttyS0,115200n8 inst.gpt security_profile=standard user_namespace.enable=1
|
||||||
initrdefi initrd.img
|
initrdefi initrd.img
|
||||||
}
|
}
|
||||||
menuentry 'EXTENDED Security Boot Profile' {
|
menuentry 'EXTENDED Security Boot Profile' {
|
||||||
set root=${pxe_root}
|
set root=${pxe_root}
|
||||||
linuxefi vmlinuz bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem_lowlatency.cfg ksdevice=$net_default_mac BOOTIF=$net_default_mac boot_device=sda rootfs_device=sda biosdevname=0 inst.text serial console=ttyS0,115200n8 inst.gpt security_profile=extended tboot=true
|
linuxefi vmlinuz bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem_lowlatency.cfg ksdevice=$net_default_mac BOOTIF=$net_default_mac boot_device=sda rootfs_device=sda biosdevname=0 inst.text serial console=ttyS0,115200n8 inst.gpt security_profile=extended tboot=true user_namespace.enable=1
|
||||||
initrdefi initrd.img
|
initrdefi initrd.img
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -92,12 +92,12 @@ submenu 'UEFI All-in-one (lowlatency) Controller' {
|
|||||||
submenu 'Graphical Console' {
|
submenu 'Graphical Console' {
|
||||||
menuentry 'STANDARD Security Boot Profile' {
|
menuentry 'STANDARD Security Boot Profile' {
|
||||||
set root=${pxe_root}
|
set root=${pxe_root}
|
||||||
linuxefi vmlinuz bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem_lowlatency.cfg ksdevice=$net_default_mac BOOTIF=$net_default_mac boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=tty0 inst.gpt security_profile=standard
|
linuxefi vmlinuz bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem_lowlatency.cfg ksdevice=$net_default_mac BOOTIF=$net_default_mac boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=tty0 inst.gpt security_profile=standard user_namespace.enable=1
|
||||||
initrdefi initrd.img
|
initrdefi initrd.img
|
||||||
}
|
}
|
||||||
menuentry 'EXTENDED Security Boot Profile' {
|
menuentry 'EXTENDED Security Boot Profile' {
|
||||||
set root=${pxe_root}
|
set root=${pxe_root}
|
||||||
linuxefi vmlinuz bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem_lowlatency.cfg ksdevice=$net_default_mac BOOTIF=$net_default_mac boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=tty0 inst.gpt security_profile=extended tboot=true
|
linuxefi vmlinuz bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem_lowlatency.cfg ksdevice=$net_default_mac BOOTIF=$net_default_mac boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=tty0 inst.gpt security_profile=extended tboot=true user_namespace.enable=1
|
||||||
initrdefi initrd.img
|
initrdefi initrd.img
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -7,6 +7,6 @@ COPY_LIST="pxe-network-installer/* \
|
|||||||
/import/mirrors/CentOS/tis-installer/vmlinuz-stx-0.2 \
|
/import/mirrors/CentOS/tis-installer/vmlinuz-stx-0.2 \
|
||||||
"
|
"
|
||||||
|
|
||||||
TIS_PATCH_VER=26
|
TIS_PATCH_VER=27
|
||||||
BUILD_IS_BIG=4
|
BUILD_IS_BIG=4
|
||||||
BUILD_IS_SLOW=4
|
BUILD_IS_SLOW=4
|
||||||
|
@ -157,6 +157,9 @@ fi
|
|||||||
# We now require GPT partitions for all disks regardless of size
|
# We now require GPT partitions for all disks regardless of size
|
||||||
APPEND_OPTIONS="$APPEND_OPTIONS inst.gpt"
|
APPEND_OPTIONS="$APPEND_OPTIONS inst.gpt"
|
||||||
|
|
||||||
|
# Add k8s support for namespaces
|
||||||
|
APPEND_OPTIONS="$APPEND_OPTIONS user_namespace.enable=1"
|
||||||
|
|
||||||
if [ -n "$security_profile" ]
|
if [ -n "$security_profile" ]
|
||||||
then
|
then
|
||||||
APPEND_OPTIONS="$APPEND_OPTIONS security_profile=$security_profile"
|
APPEND_OPTIONS="$APPEND_OPTIONS security_profile=$security_profile"
|
||||||
|
Loading…
Reference in New Issue
Block a user