diff --git a/.github/workflows/build-os-image.yml b/.github/workflows/build-os-image.yml
index 745951013..e1a3ec4b8 100644
--- a/.github/workflows/build-os-image.yml
+++ b/.github/workflows/build-os-image.yml
@@ -116,7 +116,7 @@ jobs:
run: |
ln -s pki_testing pki
echo "${DB_KEY}" > pki/db.key
- working-directory: ${{ github.workspace }}/image/mkosi
+ working-directory: ${{ github.workspace }}/image
env:
DB_KEY: ${{ secrets.SECURE_BOOT_TESTING_DB_KEY }}
@@ -126,7 +126,7 @@ jobs:
echo "::group::Build"
sudo make "${CSP}"
echo "::endgroup::"
- working-directory: ${{ github.workspace }}/image/mkosi
+ working-directory: ${{ github.workspace }}/image
env:
BOOTSTRAPPER_BINARY: ${{ github.workspace }}/build/bootstrapper
DISK_MAPPER_BINARY: ${{ github.workspace }}/build/disk-mapper
@@ -143,14 +143,14 @@ jobs:
echo "image-vmlinuz-${{ matrix.csp }}-sha256=$(sha256sum image.vmlinuz | head -c 64)" >> $GITHUB_OUTPUT
echo "image-raw-changelog-${{ matrix.csp }}-sha256=$(sha256sum image.raw.changelog | head -c 64)" >> $GITHUB_OUTPUT
echo "image-raw-manifest-${{ matrix.csp }}-sha256=$(sha256sum image.raw.manifest | head -c 64)" >> $GITHUB_OUTPUT
- working-directory: ${{ github.workspace }}/image/mkosi/mkosi.output.${{ matrix.csp }}/fedora~36
+ working-directory: ${{ github.workspace }}/image/mkosi.output.${{ matrix.csp }}/fedora~36
continue-on-error: true
- name: Upload raw OS image as artifact
uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8
with:
name: image-${{ matrix.csp }}
- path: ${{ github.workspace }}/image/mkosi/mkosi.output.${{ matrix.csp }}/fedora~36/image.raw
+ path: ${{ github.workspace }}/image/mkosi.output.${{ matrix.csp }}/fedora~36/image.raw
if: always()
continue-on-error: true
@@ -159,13 +159,13 @@ jobs:
with:
name: parts-${{ matrix.csp }}
path: |
- ${{ github.workspace }}/image/mkosi/mkosi.output.${{ matrix.csp }}/fedora~36/image.cmdline
- ${{ github.workspace }}/image/mkosi/mkosi.output.${{ matrix.csp }}/fedora~36/image.efi
- ${{ github.workspace }}/image/mkosi/mkosi.output.${{ matrix.csp }}/fedora~36/image.initrd
- ${{ github.workspace }}/image/mkosi/mkosi.output.${{ matrix.csp }}/fedora~36/image.root.raw
- ${{ github.workspace }}/image/mkosi/mkosi.output.${{ matrix.csp }}/fedora~36/image.root.roothash
- ${{ github.workspace }}/image/mkosi/mkosi.output.${{ matrix.csp }}/fedora~36/image.root.verity
- ${{ github.workspace }}/image/mkosi/mkosi.output.${{ matrix.csp }}/fedora~36/image.vmlinuz
+ ${{ github.workspace }}/image/mkosi.output.${{ matrix.csp }}/fedora~36/image.cmdline
+ ${{ github.workspace }}/image/mkosi.output.${{ matrix.csp }}/fedora~36/image.efi
+ ${{ github.workspace }}/image/mkosi.output.${{ matrix.csp }}/fedora~36/image.initrd
+ ${{ github.workspace }}/image/mkosi.output.${{ matrix.csp }}/fedora~36/image.root.raw
+ ${{ github.workspace }}/image/mkosi.output.${{ matrix.csp }}/fedora~36/image.root.roothash
+ ${{ github.workspace }}/image/mkosi.output.${{ matrix.csp }}/fedora~36/image.root.verity
+ ${{ github.workspace }}/image/mkosi.output.${{ matrix.csp }}/fedora~36/image.vmlinuz
if: always()
continue-on-error: true
@@ -174,8 +174,8 @@ jobs:
with:
name: manifest-${{ matrix.csp }}
path: |
- ${{ github.workspace }}/image/mkosi/mkosi.output.${{ matrix.csp }}/fedora~36/image.raw.changelog
- ${{ github.workspace }}/image/mkosi/mkosi.output.${{ matrix.csp }}/fedora~36/image.raw.manifest
+ ${{ github.workspace }}/image/mkosi.output.${{ matrix.csp }}/fedora~36/image.raw.changelog
+ ${{ github.workspace }}/image/mkosi.output.${{ matrix.csp }}/fedora~36/image.raw.manifest
if: always()
continue-on-error: true
@@ -198,7 +198,7 @@ jobs:
uses: actions/download-artifact@fb598a63ae348fa914e94cd0ff38f362e927b741
with:
name: image-${{ matrix.csp }}
- path: ${{ github.workspace }}/image/mkosi/mkosi.output.${{ matrix.csp }}/fedora~36
+ path: ${{ github.workspace }}/image/mkosi.output.${{ matrix.csp }}/fedora~36
- name: Install tools
shell: bash
@@ -223,7 +223,7 @@ jobs:
- name: Prepare PKI for image upload
shell: bash
run: ln -s pki_testing pki
- working-directory: ${{ github.workspace }}/image/mkosi
+ working-directory: ${{ github.workspace }}/image
- name: Determine version
id: version
@@ -244,19 +244,19 @@ jobs:
semver=${{ steps.version.outputs.semanticVersion }}
imageVersion=${{ inputs.imageVersion }}
pseudover=${{ steps.version.outputs.pseudoVersion }}
- echo "PKI=${{ github.workspace }}/image/mkosi/pki" >> $GITHUB_ENV
+ echo "PKI=${{ github.workspace }}/image/pki" >> $GITHUB_ENV
echo "GCP_PROJECT=constellation-images" >> $GITHUB_ENV
echo "GCP_BUCKET=constellation-images" >> $GITHUB_ENV
echo "GCP_REGION=europe-west3" >> $GITHUB_ENV
- echo "GCP_RAW_IMAGE_PATH=${{ github.workspace }}/image/mkosi/mkosi.output.gcp/fedora~36/image.raw" >> $GITHUB_ENV
- echo "GCP_IMAGE_PATH=${{ github.workspace }}/image/mkosi/mkosi.output.gcp/fedora~36/image.tar.gz" >> $GITHUB_ENV
+ echo "GCP_RAW_IMAGE_PATH=${{ github.workspace }}/image/mkosi.output.gcp/fedora~36/image.raw" >> $GITHUB_ENV
+ echo "GCP_IMAGE_PATH=${{ github.workspace }}/image/mkosi.output.gcp/fedora~36/image.tar.gz" >> $GITHUB_ENV
echo "AZURE_RESOURCE_GROUP_NAME=constellation-images" >> $GITHUB_ENV
echo "AZURE_REGION=northeurope" >> $GITHUB_ENV
echo "AZURE_REPLICATION_REGIONS=northeurope eastus westeurope westus" >> $GITHUB_ENV
echo "AZURE_SKU=constellation" >> $GITHUB_ENV
echo "AZURE_PUBLISHER=edgelesssys" >> $GITHUB_ENV
- echo "AZURE_RAW_IMAGE_PATH=${{ github.workspace }}/image/mkosi/mkosi.output.azure/fedora~36/image.raw" >> $GITHUB_ENV
- echo "AZURE_IMAGE_PATH=${{ github.workspace }}/image/mkosi/mkosi.output.azure/fedora~36/image.vhd" >> $GITHUB_ENV
+ echo "AZURE_RAW_IMAGE_PATH=${{ github.workspace }}/image/mkosi.output.azure/fedora~36/image.raw" >> $GITHUB_ENV
+ echo "AZURE_IMAGE_PATH=${{ github.workspace }}/image/mkosi.output.azure/fedora~36/image.vhd" >> $GITHUB_ENV
# TODO: set default security type to "ConfidentialVM" once replication is possible
AZURE_SECURITY_TYPE=${{ matrix.upload-variant }}
if [ -z "${AZURE_SECURITY_TYPE}" ]; then
@@ -291,7 +291,7 @@ jobs:
echo "AZURE_VMGS_PATH=" >> $GITHUB_ENV
else
echo "AZURE_GALLERY_NAME=${AZURE_GALLERY_NAME}" >> $GITHUB_ENV
- echo "AZURE_VMGS_PATH=${{ github.workspace }}/image/mkosi/pki/${AZURE_SECURITY_TYPE}.vmgs" >> $GITHUB_ENV
+ echo "AZURE_VMGS_PATH=${{ github.workspace }}/image/pki/${AZURE_SECURITY_TYPE}.vmgs" >> $GITHUB_ENV
fi
echo "AZURE_IMAGE_DEFINITION=${AZURE_IMAGE_DEFINITION}" >> $GITHUB_ENV
echo "AZURE_IMAGE_OFFER=${AZURE_IMAGE_DEFINITION}" >> $GITHUB_ENV
@@ -303,7 +303,7 @@ jobs:
s3://constellation-secure-boot/pki_testing/${AZURE_SECURITY_TYPE}.vmgs \
pki_testing/${AZURE_SECURITY_TYPE}.vmgs \
--no-progress
- working-directory: ${{ github.workspace }}/image/mkosi
+ working-directory: ${{ github.workspace }}/image
if: ${{ matrix.csp == 'azure' }}
- name: Upload GCP image
@@ -314,7 +314,7 @@ jobs:
upload/upload_gcp.sh
echo -e "Uploaded GCP image: \`projects/${GCP_PROJECT}/global/images/${GCP_IMAGE_NAME}\`" >> $GITHUB_STEP_SUMMARY
echo "::endgroup::"
- working-directory: ${{ github.workspace }}/image/mkosi
+ working-directory: ${{ github.workspace }}/image
if: ${{ matrix.csp == 'gcp' }}
- name: Upload Azure image
@@ -325,7 +325,7 @@ jobs:
upload/upload_azure.sh -g --disk-name "${AZURE_DISK_NAME}" "${AZURE_VMGS_PATH}"
echo -e "Uploaded Azure ${AZURE_SECURITY_TYPE} image: \`/subscriptions/0d202bbb-4fa7-4af8-8125-58c269a05435/resourceGroups/${AZURE_RESOURCE_GROUP_NAME^^}/providers/Microsoft.Compute/galleries/${AZURE_GALLERY_NAME}/images/${AZURE_IMAGE_DEFINITION}/versions/${AZURE_IMAGE_VERSION}\`" >> $GITHUB_STEP_SUMMARY
echo "::endgroup::"
- working-directory: ${{ github.workspace }}/image/mkosi
+ working-directory: ${{ github.workspace }}/image
if: ${{ matrix.csp == 'azure' }}
calculate-pcrs:
@@ -361,7 +361,7 @@ jobs:
cp pcr-stable.json ${{ github.workspace }}/
jq --sort-keys -s '.[0] * .[1] * .[2] * .[3]' ${{ github.workspace }}/pcr-* > ${{ github.workspace }}/pcrs-${{ matrix.csp }}.json
echo "::endgroup::"
- working-directory: ${{ github.workspace }}/image/mkosi/measured-boot
+ working-directory: ${{ github.workspace }}/image/measured-boot
- name: Upload expected PCRs as artifact
uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8
diff --git a/mkosi/.gitignore b/image/.gitignore
similarity index 100%
rename from mkosi/.gitignore
rename to image/.gitignore
diff --git a/mkosi/Makefile b/image/Makefile
similarity index 92%
rename from mkosi/Makefile
rename to image/Makefile
index 07eb66967..fd1a9f83a 100644
--- a/mkosi/Makefile
+++ b/image/Makefile
@@ -1,8 +1,8 @@
SHELL = /bin/bash
SRC_PATH = $(CURDIR)
BASE_PATH ?= $(SRC_PATH)
-BOOTSTRAPPER_BINARY ?= $(BASE_PATH)/../../build/bootstrapper
-DISK_MAPPER_BINARY ?= $(BASE_PATH)/../../build/disk-mapper
+BOOTSTRAPPER_BINARY ?= $(BASE_PATH)/../build/bootstrapper
+DISK_MAPPER_BINARY ?= $(BASE_PATH)/../build/disk-mapper
PKI ?= $(BASE_PATH)/pki
MKOSI_EXTRA ?= $(BASE_PATH)/mkosi.extra
-include $(CURDIR)/config.mk
diff --git a/mkosi/measured-boot/extract_authentihash.py b/image/measured-boot/extract_authentihash.py
similarity index 100%
rename from mkosi/measured-boot/extract_authentihash.py
rename to image/measured-boot/extract_authentihash.py
diff --git a/mkosi/measured-boot/measure_util.sh b/image/measured-boot/measure_util.sh
similarity index 100%
rename from mkosi/measured-boot/measure_util.sh
rename to image/measured-boot/measure_util.sh
diff --git a/mkosi/measured-boot/pcr-stable.json b/image/measured-boot/pcr-stable.json
similarity index 100%
rename from mkosi/measured-boot/pcr-stable.json
rename to image/measured-boot/pcr-stable.json
diff --git a/mkosi/measured-boot/precalculate_pcr_4.sh b/image/measured-boot/precalculate_pcr_4.sh
similarity index 100%
rename from mkosi/measured-boot/precalculate_pcr_4.sh
rename to image/measured-boot/precalculate_pcr_4.sh
diff --git a/mkosi/measured-boot/precalculate_pcr_8.sh b/image/measured-boot/precalculate_pcr_8.sh
similarity index 100%
rename from mkosi/measured-boot/precalculate_pcr_8.sh
rename to image/measured-boot/precalculate_pcr_8.sh
diff --git a/mkosi/measured-boot/precalculate_pcr_9.sh b/image/measured-boot/precalculate_pcr_9.sh
similarity index 100%
rename from mkosi/measured-boot/precalculate_pcr_9.sh
rename to image/measured-boot/precalculate_pcr_9.sh
diff --git a/mkosi/mkosi.cache/.gitkeep b/image/mkosi.cache/.gitkeep
similarity index 100%
rename from mkosi/mkosi.cache/.gitkeep
rename to image/mkosi.cache/.gitkeep
diff --git a/mkosi/mkosi.conf.d/azure.conf b/image/mkosi.conf.d/azure.conf
similarity index 100%
rename from mkosi/mkosi.conf.d/azure.conf
rename to image/mkosi.conf.d/azure.conf
diff --git a/mkosi/mkosi.conf.d/containers.conf b/image/mkosi.conf.d/containers.conf
similarity index 100%
rename from mkosi/mkosi.conf.d/containers.conf
rename to image/mkosi.conf.d/containers.conf
diff --git a/mkosi/mkosi.conf.d/gcp.conf b/image/mkosi.conf.d/gcp.conf
similarity index 100%
rename from mkosi/mkosi.conf.d/gcp.conf
rename to image/mkosi.conf.d/gcp.conf
diff --git a/mkosi/mkosi.conf.d/mkosi.conf b/image/mkosi.conf.d/mkosi.conf
similarity index 100%
rename from mkosi/mkosi.conf.d/mkosi.conf
rename to image/mkosi.conf.d/mkosi.conf
diff --git a/mkosi/mkosi.conf.d/network.conf b/image/mkosi.conf.d/network.conf
similarity index 100%
rename from mkosi/mkosi.conf.d/network.conf
rename to image/mkosi.conf.d/network.conf
diff --git a/mkosi/mkosi.conf.d/secure-boot-tpm.conf b/image/mkosi.conf.d/secure-boot-tpm.conf
similarity index 100%
rename from mkosi/mkosi.conf.d/secure-boot-tpm.conf
rename to image/mkosi.conf.d/secure-boot-tpm.conf
diff --git a/mkosi/mkosi.conf.d/tools.conf b/image/mkosi.conf.d/tools.conf
similarity index 100%
rename from mkosi/mkosi.conf.d/tools.conf
rename to image/mkosi.conf.d/tools.conf
diff --git a/mkosi/mkosi.files/mkosi.azure.conf b/image/mkosi.files/mkosi.azure.conf
similarity index 100%
rename from mkosi/mkosi.files/mkosi.azure.conf
rename to image/mkosi.files/mkosi.azure.conf
diff --git a/mkosi/mkosi.files/mkosi.gcp.conf b/image/mkosi.files/mkosi.gcp.conf
similarity index 100%
rename from mkosi/mkosi.files/mkosi.gcp.conf
rename to image/mkosi.files/mkosi.gcp.conf
diff --git a/mkosi/mkosi.files/mkosi.qemu.conf b/image/mkosi.files/mkosi.qemu.conf
similarity index 100%
rename from mkosi/mkosi.files/mkosi.qemu.conf
rename to image/mkosi.files/mkosi.qemu.conf
diff --git a/mkosi/mkosi.finalize b/image/mkosi.finalize
similarity index 100%
rename from mkosi/mkosi.finalize
rename to image/mkosi.finalize
diff --git a/mkosi/mkosi.postinst b/image/mkosi.postinst
similarity index 100%
rename from mkosi/mkosi.postinst
rename to image/mkosi.postinst
diff --git a/mkosi/mkosi.skeleton/etc/dracut.conf.d/90-networkd.conf b/image/mkosi.skeleton/etc/dracut.conf.d/90-networkd.conf
similarity index 100%
rename from mkosi/mkosi.skeleton/etc/dracut.conf.d/90-networkd.conf
rename to image/mkosi.skeleton/etc/dracut.conf.d/90-networkd.conf
diff --git a/mkosi/mkosi.skeleton/etc/dracut.conf.d/azure.conf b/image/mkosi.skeleton/etc/dracut.conf.d/azure.conf
similarity index 100%
rename from mkosi/mkosi.skeleton/etc/dracut.conf.d/azure.conf
rename to image/mkosi.skeleton/etc/dracut.conf.d/azure.conf
diff --git a/mkosi/mkosi.skeleton/etc/dracut.conf.d/gce.conf b/image/mkosi.skeleton/etc/dracut.conf.d/gce.conf
similarity index 100%
rename from mkosi/mkosi.skeleton/etc/dracut.conf.d/gce.conf
rename to image/mkosi.skeleton/etc/dracut.conf.d/gce.conf
diff --git a/mkosi/mkosi.skeleton/etc/fstab b/image/mkosi.skeleton/etc/fstab
similarity index 100%
rename from mkosi/mkosi.skeleton/etc/fstab
rename to image/mkosi.skeleton/etc/fstab
diff --git a/mkosi/mkosi.skeleton/etc/profile.d/constellation.sh b/image/mkosi.skeleton/etc/profile.d/constellation.sh
similarity index 100%
rename from mkosi/mkosi.skeleton/etc/profile.d/constellation.sh
rename to image/mkosi.skeleton/etc/profile.d/constellation.sh
diff --git a/mkosi/mkosi.skeleton/usr/etc/containerd/config.toml b/image/mkosi.skeleton/usr/etc/containerd/config.toml
similarity index 100%
rename from mkosi/mkosi.skeleton/usr/etc/containerd/config.toml
rename to image/mkosi.skeleton/usr/etc/containerd/config.toml
diff --git a/mkosi/mkosi.skeleton/usr/lib/dracut/modules.d/39constellation-mount/configure-constel-csp.service b/image/mkosi.skeleton/usr/lib/dracut/modules.d/39constellation-mount/configure-constel-csp.service
similarity index 100%
rename from mkosi/mkosi.skeleton/usr/lib/dracut/modules.d/39constellation-mount/configure-constel-csp.service
rename to image/mkosi.skeleton/usr/lib/dracut/modules.d/39constellation-mount/configure-constel-csp.service
diff --git a/mkosi/mkosi.skeleton/usr/lib/dracut/modules.d/39constellation-mount/google-nvme-disk.service b/image/mkosi.skeleton/usr/lib/dracut/modules.d/39constellation-mount/google-nvme-disk.service
similarity index 100%
rename from mkosi/mkosi.skeleton/usr/lib/dracut/modules.d/39constellation-mount/google-nvme-disk.service
rename to image/mkosi.skeleton/usr/lib/dracut/modules.d/39constellation-mount/google-nvme-disk.service
diff --git a/mkosi/mkosi.skeleton/usr/lib/dracut/modules.d/39constellation-mount/google-nvme-disk.sh b/image/mkosi.skeleton/usr/lib/dracut/modules.d/39constellation-mount/google-nvme-disk.sh
similarity index 100%
rename from mkosi/mkosi.skeleton/usr/lib/dracut/modules.d/39constellation-mount/google-nvme-disk.sh
rename to image/mkosi.skeleton/usr/lib/dracut/modules.d/39constellation-mount/google-nvme-disk.sh
diff --git a/mkosi/mkosi.skeleton/usr/lib/dracut/modules.d/39constellation-mount/module-setup.sh b/image/mkosi.skeleton/usr/lib/dracut/modules.d/39constellation-mount/module-setup.sh
similarity index 100%
rename from mkosi/mkosi.skeleton/usr/lib/dracut/modules.d/39constellation-mount/module-setup.sh
rename to image/mkosi.skeleton/usr/lib/dracut/modules.d/39constellation-mount/module-setup.sh
diff --git a/mkosi/mkosi.skeleton/usr/lib/dracut/modules.d/39constellation-mount/prepare-state-disk.service b/image/mkosi.skeleton/usr/lib/dracut/modules.d/39constellation-mount/prepare-state-disk.service
similarity index 100%
rename from mkosi/mkosi.skeleton/usr/lib/dracut/modules.d/39constellation-mount/prepare-state-disk.service
rename to image/mkosi.skeleton/usr/lib/dracut/modules.d/39constellation-mount/prepare-state-disk.service
diff --git a/mkosi/mkosi.skeleton/usr/lib/dracut/modules.d/39constellation-mount/prepare-state-disk.sh b/image/mkosi.skeleton/usr/lib/dracut/modules.d/39constellation-mount/prepare-state-disk.sh
similarity index 100%
rename from mkosi/mkosi.skeleton/usr/lib/dracut/modules.d/39constellation-mount/prepare-state-disk.sh
rename to image/mkosi.skeleton/usr/lib/dracut/modules.d/39constellation-mount/prepare-state-disk.sh
diff --git a/mkosi/mkosi.skeleton/usr/lib/environment.d/99-constellation.conf b/image/mkosi.skeleton/usr/lib/environment.d/99-constellation.conf
similarity index 100%
rename from mkosi/mkosi.skeleton/usr/lib/environment.d/99-constellation.conf
rename to image/mkosi.skeleton/usr/lib/environment.d/99-constellation.conf
diff --git a/mkosi/mkosi.skeleton/usr/lib/modules-load.d/k8s.conf b/image/mkosi.skeleton/usr/lib/modules-load.d/k8s.conf
similarity index 100%
rename from mkosi/mkosi.skeleton/usr/lib/modules-load.d/k8s.conf
rename to image/mkosi.skeleton/usr/lib/modules-load.d/k8s.conf
diff --git a/mkosi/mkosi.skeleton/usr/lib/sysctl.d/10-cilium.conf b/image/mkosi.skeleton/usr/lib/sysctl.d/10-cilium.conf
similarity index 100%
rename from mkosi/mkosi.skeleton/usr/lib/sysctl.d/10-cilium.conf
rename to image/mkosi.skeleton/usr/lib/sysctl.d/10-cilium.conf
diff --git a/mkosi/mkosi.skeleton/usr/lib/sysctl.d/10-k8s.conf b/image/mkosi.skeleton/usr/lib/sysctl.d/10-k8s.conf
similarity index 100%
rename from mkosi/mkosi.skeleton/usr/lib/sysctl.d/10-k8s.conf
rename to image/mkosi.skeleton/usr/lib/sysctl.d/10-k8s.conf
diff --git a/mkosi/mkosi.skeleton/usr/lib/systemd/network/20-wired.network b/image/mkosi.skeleton/usr/lib/systemd/network/20-wired.network
similarity index 100%
rename from mkosi/mkosi.skeleton/usr/lib/systemd/network/20-wired.network
rename to image/mkosi.skeleton/usr/lib/systemd/network/20-wired.network
diff --git a/mkosi/mkosi.skeleton/usr/lib/systemd/network/21-azure.network b/image/mkosi.skeleton/usr/lib/systemd/network/21-azure.network
similarity index 100%
rename from mkosi/mkosi.skeleton/usr/lib/systemd/network/21-azure.network
rename to image/mkosi.skeleton/usr/lib/systemd/network/21-azure.network
diff --git a/mkosi/mkosi.skeleton/usr/lib/systemd/system-preset/30-constellation.preset b/image/mkosi.skeleton/usr/lib/systemd/system-preset/30-constellation.preset
similarity index 100%
rename from mkosi/mkosi.skeleton/usr/lib/systemd/system-preset/30-constellation.preset
rename to image/mkosi.skeleton/usr/lib/systemd/system-preset/30-constellation.preset
diff --git a/mkosi/mkosi.skeleton/usr/lib/systemd/system/configure-constel-csp.service b/image/mkosi.skeleton/usr/lib/systemd/system/configure-constel-csp.service
similarity index 100%
rename from mkosi/mkosi.skeleton/usr/lib/systemd/system/configure-constel-csp.service
rename to image/mkosi.skeleton/usr/lib/systemd/system/configure-constel-csp.service
diff --git a/mkosi/mkosi.skeleton/usr/lib/systemd/system/constellation-bootstrapper.service b/image/mkosi.skeleton/usr/lib/systemd/system/constellation-bootstrapper.service
similarity index 100%
rename from mkosi/mkosi.skeleton/usr/lib/systemd/system/constellation-bootstrapper.service
rename to image/mkosi.skeleton/usr/lib/systemd/system/constellation-bootstrapper.service
diff --git a/mkosi/mkosi.skeleton/usr/lib/systemd/system/containerd.service.d/local.conf b/image/mkosi.skeleton/usr/lib/systemd/system/containerd.service.d/local.conf
similarity index 100%
rename from mkosi/mkosi.skeleton/usr/lib/systemd/system/containerd.service.d/local.conf
rename to image/mkosi.skeleton/usr/lib/systemd/system/containerd.service.d/local.conf
diff --git a/mkosi/mkosi.skeleton/usr/lib/systemd/system/tpm-pcrs.service b/image/mkosi.skeleton/usr/lib/systemd/system/tpm-pcrs.service
similarity index 100%
rename from mkosi/mkosi.skeleton/usr/lib/systemd/system/tpm-pcrs.service
rename to image/mkosi.skeleton/usr/lib/systemd/system/tpm-pcrs.service
diff --git a/mkosi/mkosi.skeleton/usr/lib/sysusers.d/constellation.conf b/image/mkosi.skeleton/usr/lib/sysusers.d/constellation.conf
similarity index 100%
rename from mkosi/mkosi.skeleton/usr/lib/sysusers.d/constellation.conf
rename to image/mkosi.skeleton/usr/lib/sysusers.d/constellation.conf
diff --git a/mkosi/mkosi.skeleton/usr/lib/tmpfiles.d/constellation.conf b/image/mkosi.skeleton/usr/lib/tmpfiles.d/constellation.conf
similarity index 100%
rename from mkosi/mkosi.skeleton/usr/lib/tmpfiles.d/constellation.conf
rename to image/mkosi.skeleton/usr/lib/tmpfiles.d/constellation.conf
diff --git a/mkosi/mkosi.skeleton/usr/lib/udev/google_nvme_id b/image/mkosi.skeleton/usr/lib/udev/google_nvme_id
similarity index 100%
rename from mkosi/mkosi.skeleton/usr/lib/udev/google_nvme_id
rename to image/mkosi.skeleton/usr/lib/udev/google_nvme_id
diff --git a/mkosi/mkosi.skeleton/usr/lib/udev/rules.d/64-gce-disk-removal.rules b/image/mkosi.skeleton/usr/lib/udev/rules.d/64-gce-disk-removal.rules
similarity index 100%
rename from mkosi/mkosi.skeleton/usr/lib/udev/rules.d/64-gce-disk-removal.rules
rename to image/mkosi.skeleton/usr/lib/udev/rules.d/64-gce-disk-removal.rules
diff --git a/mkosi/mkosi.skeleton/usr/lib/udev/rules.d/65-gce-disk-naming.rules b/image/mkosi.skeleton/usr/lib/udev/rules.d/65-gce-disk-naming.rules
similarity index 100%
rename from mkosi/mkosi.skeleton/usr/lib/udev/rules.d/65-gce-disk-naming.rules
rename to image/mkosi.skeleton/usr/lib/udev/rules.d/65-gce-disk-naming.rules
diff --git a/mkosi/mkosi.skeleton/usr/lib/udev/rules.d/98-override-systemd.rules b/image/mkosi.skeleton/usr/lib/udev/rules.d/98-override-systemd.rules
similarity index 100%
rename from mkosi/mkosi.skeleton/usr/lib/udev/rules.d/98-override-systemd.rules
rename to image/mkosi.skeleton/usr/lib/udev/rules.d/98-override-systemd.rules
diff --git a/mkosi/mkosi.skeleton/usr/libexec/constellation-pcrs b/image/mkosi.skeleton/usr/libexec/constellation-pcrs
similarity index 100%
rename from mkosi/mkosi.skeleton/usr/libexec/constellation-pcrs
rename to image/mkosi.skeleton/usr/libexec/constellation-pcrs
diff --git a/mkosi/pki_testing/KEK.auth b/image/pki_testing/KEK.auth
similarity index 100%
rename from mkosi/pki_testing/KEK.auth
rename to image/pki_testing/KEK.auth
diff --git a/mkosi/pki_testing/KEK.cer b/image/pki_testing/KEK.cer
similarity index 100%
rename from mkosi/pki_testing/KEK.cer
rename to image/pki_testing/KEK.cer
diff --git a/mkosi/pki_testing/KEK.crt b/image/pki_testing/KEK.crt
similarity index 100%
rename from mkosi/pki_testing/KEK.crt
rename to image/pki_testing/KEK.crt
diff --git a/mkosi/pki_testing/KEK.esl b/image/pki_testing/KEK.esl
similarity index 100%
rename from mkosi/pki_testing/KEK.esl
rename to image/pki_testing/KEK.esl
diff --git a/mkosi/pki_testing/MicCorKEKCA2011_2011-06-24.crt b/image/pki_testing/MicCorKEKCA2011_2011-06-24.crt
similarity index 100%
rename from mkosi/pki_testing/MicCorKEKCA2011_2011-06-24.crt
rename to image/pki_testing/MicCorKEKCA2011_2011-06-24.crt
diff --git a/mkosi/pki_testing/MicCorKEKCA2011_2011-06-24.esl b/image/pki_testing/MicCorKEKCA2011_2011-06-24.esl
similarity index 100%
rename from mkosi/pki_testing/MicCorKEKCA2011_2011-06-24.esl
rename to image/pki_testing/MicCorKEKCA2011_2011-06-24.esl
diff --git a/mkosi/pki_testing/MicCorUEFCA2011_2011-06-27.crt b/image/pki_testing/MicCorUEFCA2011_2011-06-27.crt
similarity index 100%
rename from mkosi/pki_testing/MicCorUEFCA2011_2011-06-27.crt
rename to image/pki_testing/MicCorUEFCA2011_2011-06-27.crt
diff --git a/mkosi/pki_testing/MicCorUEFCA2011_2011-06-27.esl b/image/pki_testing/MicCorUEFCA2011_2011-06-27.esl
similarity index 100%
rename from mkosi/pki_testing/MicCorUEFCA2011_2011-06-27.esl
rename to image/pki_testing/MicCorUEFCA2011_2011-06-27.esl
diff --git a/mkosi/pki_testing/MicWinProPCA2011_2011-10-19.crt b/image/pki_testing/MicWinProPCA2011_2011-10-19.crt
similarity index 100%
rename from mkosi/pki_testing/MicWinProPCA2011_2011-10-19.crt
rename to image/pki_testing/MicWinProPCA2011_2011-10-19.crt
diff --git a/mkosi/pki_testing/MicWinProPCA2011_2011-10-19.esl b/image/pki_testing/MicWinProPCA2011_2011-10-19.esl
similarity index 100%
rename from mkosi/pki_testing/MicWinProPCA2011_2011-10-19.esl
rename to image/pki_testing/MicWinProPCA2011_2011-10-19.esl
diff --git a/mkosi/pki_testing/PK.auth b/image/pki_testing/PK.auth
similarity index 100%
rename from mkosi/pki_testing/PK.auth
rename to image/pki_testing/PK.auth
diff --git a/mkosi/pki_testing/PK.cer b/image/pki_testing/PK.cer
similarity index 100%
rename from mkosi/pki_testing/PK.cer
rename to image/pki_testing/PK.cer
diff --git a/mkosi/pki_testing/PK.crt b/image/pki_testing/PK.crt
similarity index 100%
rename from mkosi/pki_testing/PK.crt
rename to image/pki_testing/PK.crt
diff --git a/mkosi/pki_testing/PK.esl b/image/pki_testing/PK.esl
similarity index 100%
rename from mkosi/pki_testing/PK.esl
rename to image/pki_testing/PK.esl
diff --git a/mkosi/pki_testing/db.auth b/image/pki_testing/db.auth
similarity index 100%
rename from mkosi/pki_testing/db.auth
rename to image/pki_testing/db.auth
diff --git a/mkosi/pki_testing/db.cer b/image/pki_testing/db.cer
similarity index 100%
rename from mkosi/pki_testing/db.cer
rename to image/pki_testing/db.cer
diff --git a/mkosi/pki_testing/db.crt b/image/pki_testing/db.crt
similarity index 100%
rename from mkosi/pki_testing/db.crt
rename to image/pki_testing/db.crt
diff --git a/mkosi/pki_testing/db.esl b/image/pki_testing/db.esl
similarity index 100%
rename from mkosi/pki_testing/db.esl
rename to image/pki_testing/db.esl
diff --git a/mkosi/secure-boot/azure/delete.sh b/image/secure-boot/azure/delete.sh
similarity index 100%
rename from mkosi/secure-boot/azure/delete.sh
rename to image/secure-boot/azure/delete.sh
diff --git a/mkosi/secure-boot/azure/extract_vmgs.sh b/image/secure-boot/azure/extract_vmgs.sh
similarity index 100%
rename from mkosi/secure-boot/azure/extract_vmgs.sh
rename to image/secure-boot/azure/extract_vmgs.sh
diff --git a/mkosi/secure-boot/azure/launch.sh b/image/secure-boot/azure/launch.sh
similarity index 100%
rename from mkosi/secure-boot/azure/launch.sh
rename to image/secure-boot/azure/launch.sh
diff --git a/mkosi/secure-boot/generate_nvram_vars.sh b/image/secure-boot/generate_nvram_vars.sh
similarity index 100%
rename from mkosi/secure-boot/generate_nvram_vars.sh
rename to image/secure-boot/generate_nvram_vars.sh
diff --git a/mkosi/secure-boot/genkeys.sh b/image/secure-boot/genkeys.sh
similarity index 100%
rename from mkosi/secure-boot/genkeys.sh
rename to image/secure-boot/genkeys.sh
diff --git a/mkosi/secure-boot/signed-shim.sh b/image/secure-boot/signed-shim.sh
similarity index 100%
rename from mkosi/secure-boot/signed-shim.sh
rename to image/secure-boot/signed-shim.sh
diff --git a/mkosi/secure-boot/templates/dev_KEK.conf b/image/secure-boot/templates/dev_KEK.conf
similarity index 100%
rename from mkosi/secure-boot/templates/dev_KEK.conf
rename to image/secure-boot/templates/dev_KEK.conf
diff --git a/mkosi/secure-boot/templates/dev_PK.conf b/image/secure-boot/templates/dev_PK.conf
similarity index 100%
rename from mkosi/secure-boot/templates/dev_PK.conf
rename to image/secure-boot/templates/dev_PK.conf
diff --git a/mkosi/secure-boot/templates/dev_db.conf b/image/secure-boot/templates/dev_db.conf
similarity index 100%
rename from mkosi/secure-boot/templates/dev_db.conf
rename to image/secure-boot/templates/dev_db.conf
diff --git a/mkosi/secure-boot/templates/prod_KEK.conf b/image/secure-boot/templates/prod_KEK.conf
similarity index 100%
rename from mkosi/secure-boot/templates/prod_KEK.conf
rename to image/secure-boot/templates/prod_KEK.conf
diff --git a/mkosi/secure-boot/templates/prod_PK.conf b/image/secure-boot/templates/prod_PK.conf
similarity index 100%
rename from mkosi/secure-boot/templates/prod_PK.conf
rename to image/secure-boot/templates/prod_PK.conf
diff --git a/mkosi/secure-boot/templates/prod_db.conf b/image/secure-boot/templates/prod_db.conf
similarity index 100%
rename from mkosi/secure-boot/templates/prod_db.conf
rename to image/secure-boot/templates/prod_db.conf
diff --git a/mkosi/secure-boot/templates/testing_KEK.conf b/image/secure-boot/templates/testing_KEK.conf
similarity index 100%
rename from mkosi/secure-boot/templates/testing_KEK.conf
rename to image/secure-boot/templates/testing_KEK.conf
diff --git a/mkosi/secure-boot/templates/testing_PK.conf b/image/secure-boot/templates/testing_PK.conf
similarity index 100%
rename from mkosi/secure-boot/templates/testing_PK.conf
rename to image/secure-boot/templates/testing_PK.conf
diff --git a/mkosi/secure-boot/templates/testing_db.conf b/image/secure-boot/templates/testing_db.conf
similarity index 100%
rename from mkosi/secure-boot/templates/testing_db.conf
rename to image/secure-boot/templates/testing_db.conf
diff --git a/mkosi/upload/pack.sh b/image/upload/pack.sh
similarity index 100%
rename from mkosi/upload/pack.sh
rename to image/upload/pack.sh
diff --git a/mkosi/upload/upload_azure.sh b/image/upload/upload_azure.sh
similarity index 100%
rename from mkosi/upload/upload_azure.sh
rename to image/upload/upload_azure.sh
diff --git a/mkosi/upload/upload_gcp.sh b/image/upload/upload_gcp.sh
similarity index 100%
rename from mkosi/upload/upload_gcp.sh
rename to image/upload/upload_gcp.sh
diff --git a/mkosi/.gitattributes b/mkosi/.gitattributes
deleted file mode 100644
index e69de29bb..000000000
diff --git a/mkosi/README.md b/mkosi/README.md
deleted file mode 100644
index de089ff9a..000000000
--- a/mkosi/README.md
+++ /dev/null
@@ -1,187 +0,0 @@
-## Setup
-
-- Install mkosi (from git):
-
- ```sh
- cd /tmp/
- git clone https://github.com/systemd/mkosi
- cd mkosi
- tools/generate-zipapp.sh
- cp builddir/mkosi /usr/local/bin/
- ```
-
-- Install tools:
-
-
- Ubuntu / Debian
-
- ```sh
- sudo apt-get update
- sudo apt-get install --assume-yes --no-install-recommends \
- dnf \
- systemd-container \
- qemu-system-x86 \
- qemu-utils \
- ovmf \
- e2fsprogs \
- squashfs-tools \
- efitools \
- sbsigntool \
- coreutils \
- curl \
- jq \
- util-linux \
- virt-manager
- ```
-
-
-
-
- Fedora
-
- ```sh
- sudo dnf install -y \
- edk2-ovmf \
- systemd-container \
- qemu \
- e2fsprogs \
- squashfs-tools \
- efitools \
- sbsigntools \
- coreutils \
- curl \
- jq \
- util-linux \
- virt-manager
- ```
-
-
-
-- Prepare secure boot PKI (see `secure-boot/genkeys.sh`)
-
-## Build
-
-```sh
-# OPTIONAL: to create a debug image, export the following line
-# export BOOTSTRAPPER_BINARY=$(realpath ${PWD}/../../build/debugd)
-# OPTIONAL: specify path to secure boot PKI
-# export PKI=/path/to/pki/folder
-sudo make -j $(nproc)
-```
-
-Raw images will be placed in `mkosi.output./fedora~36/image.raw`.
-
-## Prepare Secure Boot
-
-The generated images are partially signed by Microsoft ([shim loader](https://github.com/rhboot/shim)), and partially signed by Edgeless Systems (systemd-boot and unified kernel images consisting of the linux kernel, initramfs and kernel commandline).
-
-For QEMU and Azure, you can pre-generate the NVRAM variables for secure boot. This is not necessary for GCP, as you can specify secure boot parameters via the GCP API on image creation.
-
-
-libvirt / QEMU / KVM
-
-```sh
-secure-boot/generate_nvram_vars.sh mkosi.output.qemu/fedora~36/image.raw
-```
-
-
-
-
-Azure
-
-These steps only have to performed once for a fresh set of secure boot certificates.
-VMGS blobs for testing and release images already exist.
-
-First, create a disk without embedded MOK EFI variables.
-
-```sh
-# set these variables
-export AZURE_SECURITY_TYPE=ConfidentialVM # or TrustedLaunch
-export AZURE_RESOURCE_GROUP_NAME= # e.g. "constellation-images"
-
-export AZURE_REGION=northeurope
-export AZURE_DISK_NAME=constellation-$(date +%s)
-export AZURE_SNAPSHOT_NAME=${AZURE_DISK_NAME}
-export AZURE_RAW_IMAGE_PATH=${PWD}/mkosi.output.azure/fedora~36/image.raw
-export AZURE_IMAGE_PATH=${PWD}/mkosi.output.azure/fedora~36/image.vhd
-export AZURE_VMGS_FILENAME=${AZURE_SECURITY_TYPE}.vmgs
-export BLOBS_DIR=${PWD}/blobs
-upload/pack.sh azure "${AZURE_RAW_IMAGE_PATH}" "${AZURE_IMAGE_PATH}"
-upload/upload_azure.sh --disk-name "${AZURE_DISK_NAME}-setup-secure-boot" ""
-secure-boot/azure/launch.sh -n "${AZURE_DISK_NAME}-setup-secure-boot" -d --secure-boot true --disk-name "${AZURE_DISK_NAME}-setup-secure-boot"
-```
-
-Ignore the running launch script and connect to the serial console once available.
-The console shows the message "Verification failed: (0x1A) Security Violation". You can import the MOK certificate via the UEFI shell:
-
-Press OK, then ENTER, then "Enroll key from disk".
-Select the following key: `/EFI/loader/keys/auto/db.cer`.
-Press Continue, then choose "Yes" to the question "Enroll the key(s)?".
-Choose reboot.
-
-Extract the VMGS from the running VM (this includes the MOK EFI variables) and delete the VM:
-
-```sh
-secure-boot/azure/extract_vmgs.sh --name "${AZURE_DISK_NAME}-setup-secure-boot"
-secure-boot/azure/delete.sh --name "${AZURE_DISK_NAME}-setup-secure-boot"
-```
-
-
-
-## Upload to CSP
-
-
-GCP
-
-- Install `gcloud` and `gsutil` (see [here](https://cloud.google.com/sdk/docs/install))
-- Login to GCP (see [here](https://cloud.google.com/sdk/docs/authorizing))
-- Prepare secure boot PKI (see `secure-boot/genkeys.sh`)
-
-```sh
-# set these variables
-export GCP_IMAGE_FAMILY= # e.g. "constellation"
-export GCP_IMAGE_NAME= # e.g. "constellation-v1.0.0"
-export PKI=${PWD}/pki
-
-export GCP_PROJECT=constellation-images
-export GCP_REGION=europe-west3
-export GCP_BUCKET=constellation-images
-export GCP_RAW_IMAGE_PATH=${PWD}/mkosi.output.gcp/fedora~36/image.raw
-export GCP_IMAGE_FILENAME=$(date +%s).tar.gz
-export GCP_IMAGE_PATH=${PWD}/mkosi.output.gcp/fedora~36/image.tar.gz
-upload/pack.sh gcp ${GCP_RAW_IMAGE_PATH} ${GCP_IMAGE_PATH}
-upload/upload_gcp.sh
-```
-
-
-
-
-Azure
-
-- Install `az` and `azcopy` (see [here](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli))
-- Login to Azure (see [here](https://docs.microsoft.com/en-us/cli/azure/authenticate-azure-cli))
-- Prepare secure boot PKI (see `secure-boot/genkeys.sh`)
-- [Prepare virtual machine guest state (VMGS) with customized NVRAM or use existing VMGS blob](#azure-secure-boot)
-
-```sh
-# set these variables
-export AZURE_GALLERY_NAME= # e.g. "Constellation"
-export AZURE_IMAGE_DEFINITION= # e.g. "constellation"
-export AZURE_IMAGE_VERSION= # e.g. "1.0.0"
-export AZURE_VMGS_PATH= # e.g. "path/to/ConfidentialVM.vmgs"
-export AZURE_SECURITY_TYPE=ConfidentialVM # or TrustedLaunch
-
-export AZURE_RESOURCE_GROUP_NAME=constellation-images
-export AZURE_REGION=northeurope
-export AZURE_REPLICATION_REGIONS="northeurope eastus westeurope westus"
-export AZURE_IMAGE_OFFER=constellation
-export AZURE_SKU=constellation
-export AZURE_PUBLISHER=edgelesssys
-export AZURE_DISK_NAME=constellation-$(date +%s)
-export AZURE_RAW_IMAGE_PATH=${PWD}/mkosi.output.azure/fedora~36/image.raw
-export AZURE_IMAGE_PATH=${PWD}/mkosi.output.azure/fedora~36/image.vhd
-upload/pack.sh azure "${AZURE_RAW_IMAGE_PATH}" "${AZURE_IMAGE_PATH}"
-upload/upload_azure.sh -g --disk-name "${AZURE_DISK_NAME}" "${AZURE_VMGS_PATH}"
-```
-
-
diff --git a/mkosi/mkosi.skeleton/usr/lib/dracut/modules.d/39constellation-mount/constellation-state-disk-generator b/mkosi/mkosi.skeleton/usr/lib/dracut/modules.d/39constellation-mount/constellation-state-disk-generator
deleted file mode 100755
index e69de29bb..000000000