[isar-cip-core][PATCH v2 11/13] u-boot-qemu-arm64: Add recipe for customized version based on 2022.04


Jan Kiszka
 

From: Jan Kiszka <jan.kiszka@...>

This will be used for booting via UEFI, both in open and locked-down
secure mode. The secure mode variations can be selected by adding
"secureboot" to OVERRIDES.

One extra patch is needed to add support for long-living certificates.
It is pending upstream.

Signed-off-by: Jan Kiszka <jan.kiszka@...>
---
...-rtc_mktime-and-mktime64-Y2038-ready.patch | 107 ++++++++++++++++++
recipes-bsp/u-boot/files/rules | 40 +++++++
recipes-bsp/u-boot/files/secure-boot.cfg | 6 +
.../u-boot/u-boot-qemu-arm64_2022.04.bb | 50 ++++++++
4 files changed, 203 insertions(+)
create mode 100644 recipes-bsp/u-boot/files/0001-lib-date-Make-rtc_mktime-and-mktime64-Y2038-ready.patch
create mode 100755 recipes-bsp/u-boot/files/rules
create mode 100644 recipes-bsp/u-boot/files/secure-boot.cfg
create mode 100644 recipes-bsp/u-boot/u-boot-qemu-arm64_2022.04.bb

diff --git a/recipes-bsp/u-boot/files/0001-lib-date-Make-rtc_mktime-and-mktime64-Y2038-ready.patch b/recipes-bsp/u-boot/files/0001-lib-date-Make-rtc_mktime-and-mktime64-Y2038-ready.patch
new file mode 100644
index 0000000..b2ff705
--- /dev/null
+++ b/recipes-bsp/u-boot/files/0001-lib-date-Make-rtc_mktime-and-mktime64-Y2038-ready.patch
@@ -0,0 +1,107 @@
+From 8b990a06685678abd8dbc8be86c27bf3e94e3694 Mon Sep 17 00:00:00 2001
+From: Jan Kiszka <jan.kiszka@...>
+Date: Sun, 24 Apr 2022 11:24:54 +0200
+Subject: [PATCH] lib/date: Make rtc_mktime and mktime64 Y2038-ready
+
+We currently overflow due to wrong types used internally in rtc_mktime,
+on all platforms, and we return a too small type on 32-bit.
+
+One consumer that directly benefits from this is mktime64. Many others
+may still store the result in a wrong type.
+
+While at it, drop the redundant cast of mon in rtc_mktime (obsoleted by
+714209832db1).
+
+Signed-off-by: Jan Kiszka <jan.kiszka@...>
+---
+ include/linux/time.h | 3 ---
+ include/rtc.h | 8 +++++---
+ lib/date.c | 13 +++++--------
+ 3 files changed, 10 insertions(+), 14 deletions(-)
+
+diff --git a/include/linux/time.h b/include/linux/time.h
+index 702dd276aea..14ff5b6f481 100644
+--- a/include/linux/time.h
++++ b/include/linux/time.h
+@@ -152,9 +152,6 @@ _DEFUN (ctime_r, (tim_p, result),
+ return asctime_r (localtime_r (tim_p, &tm), result);
+ }
+
+-/* for compatibility with linux code */
+-typedef __s64 time64_t;
+-
+ #ifdef CONFIG_LIB_DATE
+ time64_t mktime64(const unsigned int year, const unsigned int mon,
+ const unsigned int day, const unsigned int hour,
+diff --git a/include/rtc.h b/include/rtc.h
+index 6c7fcadd488..10104e3bf5a 100644
+--- a/include/rtc.h
++++ b/include/rtc.h
+@@ -16,6 +16,8 @@
+ #include <bcd.h>
+ #include <rtc_def.h>
+
++typedef int64_t time64_t;
++
+ #ifdef CONFIG_DM_RTC
+
+ struct udevice;
+@@ -301,7 +303,7 @@ int rtc_calc_weekday(struct rtc_time *time);
+ void rtc_to_tm(u64 time_t, struct rtc_time *time);
+
+ /**
+- * rtc_mktime() - Convert a broken-out time into a time_t value
++ * rtc_mktime() - Convert a broken-out time into a time64_t value
+ *
+ * The following fields need to be valid for this function to work:
+ * tm_sec, tm_min, tm_hour, tm_mday, tm_mon, tm_year
+@@ -309,9 +311,9 @@ void rtc_to_tm(u64 time_t, struct rtc_time *time);
+ * Note that tm_wday and tm_yday are ignored.
+ *
+ * @time: Broken-out time to convert
+- * Return: corresponding time_t value, seconds since 1970-01-01 00:00:00
++ * Return: corresponding time64_t value, seconds since 1970-01-01 00:00:00
+ */
+-unsigned long rtc_mktime(const struct rtc_time *time);
++time64_t rtc_mktime(const struct rtc_time *time);
+
+ /**
+ * rtc_month_days() - The number of days in the month
+diff --git a/lib/date.c b/lib/date.c
+index c589d9ed3a2..e3d22459cd0 100644
+--- a/lib/date.c
++++ b/lib/date.c
+@@ -71,19 +71,16 @@ int rtc_calc_weekday(struct rtc_time *tm)
+ * -year / 100 + year / 400 terms, and add 10.]
+ *
+ * This algorithm was first published by Gauss (I think).
+- *
+- * WARNING: this function will overflow on 2106-02-07 06:28:16 on
+- * machines where long is 32-bit! (However, as time_t is signed, we
+- * will already get problems at other places on 2038-01-19 03:14:08)
+ */
+-unsigned long rtc_mktime(const struct rtc_time *tm)
++time64_t rtc_mktime(const struct rtc_time *tm)
+ {
+ int mon = tm->tm_mon;
+ int year = tm->tm_year;
+- int days, hours;
++ unsigned long days;
++ time64_t hours;
+
+ mon -= 2;
+- if (0 >= (int)mon) { /* 1..12 -> 11, 12, 1..10 */
++ if (0 >= mon) { /* 1..12 -> 11, 12, 1..10 */
+ mon += 12; /* Puts Feb last since it has leap day */
+ year -= 1;
+ }
+@@ -109,5 +106,5 @@ time64_t mktime64(const unsigned int year, const unsigned int mon,
+ time.tm_min = min;
+ time.tm_sec = sec;
+
+- return (time64_t)rtc_mktime((const struct rtc_time *)&time);
++ return rtc_mktime((const struct rtc_time *)&time);
+ }
+--
+2.34.1
+
diff --git a/recipes-bsp/u-boot/files/rules b/recipes-bsp/u-boot/files/rules
new file mode 100755
index 0000000..36e1e1b
--- /dev/null
+++ b/recipes-bsp/u-boot/files/rules
@@ -0,0 +1,40 @@
+#!/usr/bin/make -f
+#
+# Copyright (c) Siemens AG, 2018-2022
+#
+# SPDX-License-Identifier: MIT
+
+ifneq ($(DEB_BUILD_GNU_TYPE),$(DEB_HOST_GNU_TYPE))
+export CROSS_COMPILE=$(DEB_HOST_GNU_TYPE)-
+SET_CROSS_BUILD_TOOLS=CROSS_BUILD_TOOLS=y
+endif
+
+override_dh_auto_build:
+ if [ -e /usr/share/secure-boot-secrets/secure-boot.pem ]; then \
+ openssl x509 -in /usr/share/secure-boot-secrets/secure-boot.pem -out secure-boot.der -outform der; \
+ rm -f secure-boot.esl; \
+ efisiglist -a -c secure-boot.der -o secure-boot.esl; \
+ rm -f ubootefi.var; \
+ tools/efivar.py set -i ubootefi.var -n PK -d secure-boot.esl -t file; \
+ tools/efivar.py set -i ubootefi.var -n KEK -d secure-boot.esl -t file; \
+ tools/efivar.py set -i ubootefi.var -n db -d secure-boot.esl -t file; \
+ fi
+ $(MAKE) $(PARALLEL_MAKE) $(U_BOOT_CONFIG)
+ $(MAKE) $(PARALLEL_MAKE) ${U_BOOT_BIN}
+ $(MAKE) -n u-boot-initial-env >/dev/null 2>&1; if [ $$? -ne 2 ]; then \
+ $(MAKE) $(PARALLEL_MAKE) u-boot-initial-env; \
+ else \
+ ./scripts/get_default_envs.sh >u-boot-initial-env; \
+ fi
+ $(MAKE) $(PARALLEL_MAKE) $(SET_CROSS_BUILD_TOOLS) NO_SDL=1 tools-only envtools
+
+override_dh_auto_install:
+ mv tools/env/lib.a tools/env/libubootenv.a
+
+override_dh_auto_test:
+
+override_dh_strip:
+ dh_strip -X libubootenv.a
+
+%:
+ dh $@ --parallel
diff --git a/recipes-bsp/u-boot/files/secure-boot.cfg b/recipes-bsp/u-boot/files/secure-boot.cfg
new file mode 100644
index 0000000..a1b9931
--- /dev/null
+++ b/recipes-bsp/u-boot/files/secure-boot.cfg
@@ -0,0 +1,6 @@
+### Secure boot config
+CONFIG_BOOTDELAY=-2
+CONFIG_USE_BOOTCOMMAND=y
+CONFIG_BOOTCOMMAND="setenv scan_dev_for_boot 'if test -e ${devtype} ${devnum}:${distro_bootpart} efi/boot/bootaa64.efi; then load ${devtype} ${devnum}:${distro_bootpart} ${kernel_addr_r} efi/boot/bootaa64.efi; bootefi ${kernel_addr_r} ${fdtcontroladdr}; fi'; run distro_bootcmd; echo 'EFI Boot failed!'; sleep 1000; reset"
+CONFIG_EFI_VARIABLES_PRESEED=y
+CONFIG_EFI_SECURE_BOOT=y
diff --git a/recipes-bsp/u-boot/u-boot-qemu-arm64_2022.04.bb b/recipes-bsp/u-boot/u-boot-qemu-arm64_2022.04.bb
new file mode 100644
index 0000000..e462258
--- /dev/null
+++ b/recipes-bsp/u-boot/u-boot-qemu-arm64_2022.04.bb
@@ -0,0 +1,50 @@
+#
+# CIP Core, generic profile
+#
+# Copyright (c) Siemens AG, 2022
+#
+# Authors:
+# Jan Kiszka <jan.kiszka@...>
+#
+# SPDX-License-Identifier: MIT
+#
+
+require recipes-bsp/u-boot/u-boot-custom.inc
+
+SRC_URI += " \
+ https://ftp.denx.de/pub/u-boot/u-boot-${PV}.tar.bz2 \
+ file://0001-lib-date-Make-rtc_mktime-and-mktime64-Y2038-ready.patch \
+ file://rules"
+SRC_URI[sha256sum] = "68e065413926778e276ec3abd28bb32fa82abaa4a6898d570c1f48fbdb08bcd0"
+
+SRC_URI_append_secureboot = " \
+ file://secure-boot.cfg"
+
+S = "${WORKDIR}/u-boot-${PV}"
+
+DEBIAN_BUILD_DEPENDS += ", libssl-dev:native, libssl-dev:arm64"
+
+DEBIAN_BUILD_DEPENDS_append_secureboot = ", \
+ openssl, pesign, secure-boot-secrets, python3-openssl:native"
+DEPENDS_append_secureboot = " secure-boot-secrets"
+
+U_BOOT_CONFIG = "qemu_arm64_defconfig"
+U_BOOT_BIN = "u-boot.bin"
+
+do_prepare_build_append() {
+ cp ${WORKDIR}/rules ${S}/debian/rules
+}
+
+do_prepare_build_append_secureboot() {
+ sed -ni '/### Secure boot config/q;p' ${S}/configs/${U_BOOT_CONFIG}
+ cat ${WORKDIR}/secure-boot.cfg >> ${S}/configs/${U_BOOT_CONFIG}
+}
+
+do_deploy[dirs] = "${DEPLOY_DIR_IMAGE}"
+do_deploy() {
+ dpkg --fsys-tarfile "${WORKDIR}/u-boot-${MACHINE}_${PV}_${DISTRO_ARCH}.deb" | \
+ tar xOf - "./usr/lib/u-boot/${MACHINE}/${U_BOOT_BIN}" \
+ > "${DEPLOY_DIR_IMAGE}/firmware.bin"
+}
+
+addtask deploy after do_dpkg_build before do_deploy_deb
--
2.34.1

Join cip-dev@lists.cip-project.org to automatically receive all group messages.