Re: [isar-cip-core][PATCH 0/2] kas update and menu support

Venkata Pyla

Hi Jan

Sorry for delayed response.
Please find my inline comments.

-----Original Message-----
From: cip-dev@... <cip-dev@...> On Behalf Of
Jan Kiszka
Sent: 28 October 2021 11:44
To: Gylstorff Quirin <quirin.gylstorff@...>; cip-dev@...; pyla venkata(TSIP) <Venkata.Pyla@...>
Subject: Re: [cip-dev] [isar-cip-core][PATCH 0/2] kas update and menu support

On 26.10.21 10:21, Gylstorff Quirin wrote:

On 10/22/21 7:40 PM, Jan Kiszka wrote:
With kas 2.6 being released, this now allows to adopt the new "menu"
feature and make the various image flavors and options more accessible.

Quirin, please have a look if I modeled the dependencies for secure
boot and SWUpdate correctly, exposed reasonable combinations and
didn't forget something useful.
I check it and all option are there.
Thanks for checking, Quirin.

It looks like we still have some issues around the security image. For which
Debian releases is this supported, Venkata?
We have implemented security extensions originally for Buster version,
Of course we are not finalized which Debian release to go for IEC certification, currently under discussion in security WG.

I have checked the current kas and menu implementation against the security extensions and it works fine with buster release,
but not with bullseye, looks like some security packages are not available in bullseye,
we will internally discuss this in Security WG and finalize the security packages for bullseye version,
and then we can enable the security extensions for bullseye version.

Please let me know if there are any other issues you see with security image.


@all: Please play a bit with the options and check if you find
anything that does not work (crowd-sourced randconfig...).


Jan Kiszka (2):
   Update to kas 2.6
   Add kconfig menu

  .gitlab-ci.yml                       |   2 +-
  Kconfig                              | 146
+++++++++++++++++++++++++++                            |  39 ++++---
  kas/opt/ebg-secure-boot-base.yml     |   2 +-
  kas/opt/ebg-secure-boot-snakeoil.yml |   2 +-
  kas/opt/ebg-snakeoil-swu.yml         |   4 +-
  kas/opt/ebg-swu.yml                  |   4 +-
  7 files changed, 177 insertions(+), 22 deletions(-)
  create mode 100644 Kconfig

Siemens AG, T RDA IOT
Corporate Competence Center Embedded Linux

Join to automatically receive all group messages.