Skip to content

Add native aarch64 support #290

Description

@cverna

Problem

bcvk does not currently support running aarch64 container images on native aarch64 hardware.

EFI zboot kernels

Fedora aarch64 kernels (since F37+) are packaged as EFI zboot images—a PE-format wrapper around a zstd-compressed kernel payload. QEMU's -kernel flag cannot load these directly and fails with:

unable to handle EFI zboot image with 'zstd' compression

x86_64 kernels are shipped uncompressed, so this issue doesn't occur there.

Credential injection with direct kernel boot

On aarch64 with direct kernel boot (-kernel), SMBIOS-based credential injection doesn't work because there's no UEFI firmware to expose SMBIOS tables. This breaks SSH key injection.

Proposed Solution

  • Detect EFI zboot images by parsing the PE/zboot header
  • Decompress zstd-compressed payloads before passing to QEMU
  • Implement virtiofs-based credential injection (aligned with systemd upstream proposal)

A working implementation is available at: https://github.com/cverna/bcvk/tree/aarch64-support

Related

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type
    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions