img/live: switch to systemd-boot

This will make it easier to dual-boot Spectrum with other operating
systems, and hopefully make it possible to avoid chainloading (which
has firmware compatibility issues) in the combined image.

We're not exactly following Boot Loader Specification[1] best
practices here — we don't namespace installation by version or
machine-id.  But it's better than what we had before, and I think
it'll be easier to figure out what to do about namespacing once we've
figured out how updates will work.

[1]: https://systemd.io/BOOT_LOADER_SPECIFICATION/

Cc: Puck Meerburg <puck@puckipedia.com>
Message-Id: <20220420101214.1228221-2-hi@alyssa.is>

3 files changed, 12 insertions, 18 deletions

diff --git a/img/live/Makefile b/img/live/Makefile
index 8f47028..1277431 100644
--- a/img/live/Makefile
+++ b/img/live/Makefile
@@ -22,22 +22,21 @@ build/live.img: $(SCRIPTS)/format-uuid.sh $(SCRIPTS)/make-gpt.sh build/boot.fat
 	    $(EXT_FS):9293e1ff-cee4-4658-88be-898ec863944f
 	mv $@.tmp $@
 
-build/cmdline: build/rootfs.verity.roothash
-	printf "ro console=ttyS0 roothash=" > $@
+build/spectrum.conf: build/rootfs.verity.roothash
+	printf "title Spectrum\n" > $@
+	printf "linux /spectrum/linux\n" >> $@
+	printf "initrd /spectrum/initrd\n" >> $@
+	printf "options ro console=ttyS0 roothash=" >> $@
 	cat build/rootfs.verity.roothash >> $@
 
-build/bootx64.efi: etc/os-release build/cmdline $(INITRAMFS)
-	$(OBJCOPY) --add-section .osrel=etc/os-release --change-section-vma .osrel=0x20000 \
-	    --add-section .cmdline=build/cmdline --change-section-vma .cmdline=0x30000 \
-	    --add-section .linux=$(KERNEL) --change-section-vma .linux=0x40000 \
-	    --add-section .initrd=$(INITRAMFS) --change-section-vma .initrd=0x3000000 \
-	    $(EFI_STUB) $@
-
-build/boot.fat: build/bootx64.efi
+build/boot.fat: $(KERNEL) $(INITRAMFS) $(SYSTEMD_BOOT_EFI) build/spectrum.conf
 	$(TRUNCATE) -s 220200960 $@
 	$(MKFS_FAT) $@
-	$(MMD) -i $@ ::/EFI ::/EFI/BOOT
-	$(MCOPY) -i $@ build/bootx64.efi ::/EFI/BOOT
+	$(MMD) -i $@ ::/EFI ::/EFI/BOOT ::/loader ::/loader/entries ::/spectrum
+	$(MCOPY) -i $@ build/spectrum.conf ::/loader/entries
+	$(MCOPY) -i $@ $(KERNEL) ::/spectrum/linux
+	$(MCOPY) -i $@ $(INITRAMFS) ::/spectrum/initrd
+	$(MCOPY) -i $@ $(SYSTEMD_BOOT_EFI) ::/EFI/BOOT/BOOTX64.EFI
 
 # veritysetup format produces two files, but Make only (portably)
 # supports one output per rule, so we combine the two outputs then
diff --git a/img/live/default.nix b/img/live/default.nix
index c9cd354..bebc1c1 100644
--- a/img/live/default.nix
+++ b/img/live/default.nix
@@ -26,11 +26,11 @@ stdenv.mkDerivation {
 
   nativeBuildInputs = [ cryptsetup dosfstools jq mtools util-linux ];
 
-  EFI_STUB = "${systemd}/lib/systemd/boot/efi/linuxx64.efi.stub";
   EXT_FS = extfs;
   INITRAMFS = initramfs;
   KERNEL = "${rootfs.kernel}/${stdenv.hostPlatform.linux-kernel.target}";
   ROOT_FS = rootfs;
+  SYSTEMD_BOOT_EFI = "${systemd}/lib/systemd/boot/efi/systemd-bootx64.efi";
 
   buildFlags = [ "build/live.img" ];
   makeFlags = [ "SCRIPTS=${scripts}" ];
diff --git a/img/live/etc/os-release b/img/live/etc/os-release
deleted file mode 100644
index 7980810..0000000
--- a/img/live/etc/os-release
+++ /dev/null
@@ -1,5 +0,0 @@
-# SPDX-FileCopyrightText: 2021 Alyssa Ross <hi@alyssa.is>
-# SPDX-License-Identifier: CC0-1.0
-
-PRETTY_NAME="Spectrum"
-VERSION_ID=0.1