Date   

Replacing BBB kernel config: Status and AIs

Kazuhiro Hayashi
 

Hello Jan, Quirin,

In CIP Core meeting today, we tried to discuss the current status of the activity[0]
to replace the kernel config for BBB in isar-cip-core (bbb_defconfig)
by cip-kernel-configs (cip_bbb_defconfig), but there was no enough time to conclude this.

Questions:
Do you have any plan to create the patch v2[1] to add some configs to cip_bbb_defconfig (for both 4.4 and 4.19?)
If yes, is the next step to create the patch v2 then test swupdate with 4.4 and 4.19 kernel on BBB?

You can find the meeting note[2] related to this topic.

[0] https://lore.kernel.org/cip-dev/f8f989ef-7ee2-42ee-a922-f53c6d2b07fe@siemens.com/T/#m864738e612f98752d216bc976135c274fd73eaa4
[1] https://lore.kernel.org/cip-dev/f8f989ef-7ee2-42ee-a922-f53c6d2b07fe@siemens.com/T/#m4b75aee175603bd1f06a8eec2b47ac08bda85c5a
[2] https://docs.google.com/document/d/1MwHdFd6QuXcdQfxvaLkcm1sqo9zEC-CWxjof8OJFXLM/edit#heading=h.e88ar5knf3z8

Best regards,
Kazu


Re: [isar-cip-core][PATCH 0/3] start-qemu.sh: Add some ease of use functionality

Jan Kiszka
 

On 24.11.21 12:44, Jan Kiszka wrote:
On 24.11.21 12:12, Q. Gylstorff wrote:
From: Quirin Gylstorff <quirin.gylstorff@...>

Fix booting of secure-boot image
Parse .config.yaml for ease of use and reduced commandline clutter

Quirin Gylstorff (3):
start-qemu.sh: set bootindex for SECURE_BOOT
start-qemu.sh: parse .config.yaml for ease of use
start-qemu.sh: Simplify qemu call

start-qemu.sh | 33 ++++++++++++++++++++++++---------
1 file changed, 24 insertions(+), 9 deletions(-)
Definitely an improvement! But the fact that secure boot comes with a
different target image is not reflected yet.
...or is that only the case with your dm-verity series? Let me check.

Jan

--
Siemens AG, T RDA IOT
Corporate Competence Center Embedded Linux


Re: [isar-cip-core][PATCH 0/3] start-qemu.sh: Add some ease of use functionality

Jan Kiszka
 

On 24.11.21 12:12, Q. Gylstorff wrote:
From: Quirin Gylstorff <quirin.gylstorff@...>

Fix booting of secure-boot image
Parse .config.yaml for ease of use and reduced commandline clutter

Quirin Gylstorff (3):
start-qemu.sh: set bootindex for SECURE_BOOT
start-qemu.sh: parse .config.yaml for ease of use
start-qemu.sh: Simplify qemu call

start-qemu.sh | 33 ++++++++++++++++++++++++---------
1 file changed, 24 insertions(+), 9 deletions(-)
Definitely an improvement! But the fact that secure boot comes with a
different target image is not reflected yet.

Jan

--
Siemens AG, T RDA IOT
Corporate Competence Center Embedded Linux


Re: [isar-cip-core][RFC v3 5/9] Create an read-only rootfs with dm-verity

Jan Kiszka
 

On 23.11.21 15:57, Q. Gylstorff wrote:
From: Quirin Gylstorff <quirin.gylstorff@...>

This root file system supports SWUpdate and secure boot.
We need a writable /tmp and /var for a boot without error messages.

The mount point for /tmp is created during the systemd target
local-fs according to [1].

Before `Remount Root and Kernel File Systems.` the tmp of the initrd
is used.

[1]: https://www.freedesktop.org/software/systemd/man/systemd.special.html

Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
---
Kconfig | 3 +-
classes/secure-swupdate-img.bbclass | 32 +++++++++++++++++++
kas/opt/ebg-secure-boot-base.yml | 2 ++
kas/opt/ebg-secure-boot-snakeoil.yml | 13 +++++++-
kas/opt/ebg-snakeoil-swu.yml | 16 ----------
.../images/cip-core-image-read-only.bb | 20 ++++++++++++
recipes-core/tmp-fs/files/postinst | 3 ++
recipes-core/tmp-fs/files/tmp.mount.tmpl | 11 +++++++
recipes-core/tmp-fs/tmp-fs_0.1.bb | 26 +++++++++++++++
wic/qemu-amd64-efibootguard-secureboot.wks | 11 -------
wic/qemu-amd64-efibootguard-secureboot.wks.in | 13 ++++++++
11 files changed, 120 insertions(+), 30 deletions(-)
create mode 100644 classes/secure-swupdate-img.bbclass
delete mode 100644 kas/opt/ebg-snakeoil-swu.yml
create mode 100644 recipes-core/images/cip-core-image-read-only.bb
create mode 100755 recipes-core/tmp-fs/files/postinst
create mode 100644 recipes-core/tmp-fs/files/tmp.mount.tmpl
create mode 100644 recipes-core/tmp-fs/tmp-fs_0.1.bb
delete mode 100644 wic/qemu-amd64-efibootguard-secureboot.wks
create mode 100644 wic/qemu-amd64-efibootguard-secureboot.wks.in

diff --git a/Kconfig b/Kconfig
index 8421f1b..e97cb03 100644
--- a/Kconfig
+++ b/Kconfig
@@ -141,7 +141,6 @@ config IMAGE_SECURE_BOOT
config KAS_INCLUDE_SWUPDATE_SECBOOT
string
default "kas/opt/ebg-swu.yml" if IMAGE_SWUPDATE && !IMAGE_SECURE_BOOT
- default "kas/opt/ebg-secure-boot-snakeoil.yml" if !IMAGE_SWUPDATE && IMAGE_SECURE_BOOT
- default "kas/opt/ebg-snakeoil-swu.yml" if IMAGE_SWUPDATE && IMAGE_SECURE_BOOT
+ default "kas/opt/ebg-secure-boot-snakeoil.yml" if IMAGE_SECURE_BOOT
The user can still configure IMAGE_SECURE_BOOT && !IMAGE_SWUPDATE. If
the former implies the latter, it should also select it.

Jan

--
Siemens AG, T RDA IOT
Corporate Competence Center Embedded Linux


[isar-cip-core][PATCH 2/3] start-qemu.sh: parse .config.yaml for ease of use

Quirin Gylstorff
 

From: Quirin Gylstorff <quirin.gylstorff@...>

Suggested-by: Jan Kiszka <jan.kiszka@...>
Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
---
start-qemu.sh | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/start-qemu.sh b/start-qemu.sh
index 2c0a751..21b303a 100755
--- a/start-qemu.sh
+++ b/start-qemu.sh
@@ -20,13 +20,24 @@ usage()
exit 1
}

+if grep -s -q "IMAGE_SECURE_BOOT: true" .config.yaml; then
+ SECURE_BOOT="true"
+fi
+
if [ -n "${QEMU_PATH}" ]; then
QEMU_PATH="${QEMU_PATH}/"
fi

if [ -z "${DISTRO_RELEASE}" ]; then
- DISTRO_RELEASE="buster"
+ if grep -s -q "DEBIAN_BULLSEYE: true" .config.yaml; then
+ DISTRO_RELEASE="bullseye"
+ elif grep -s -q "DEBIAN_STRETCH: true" .config.yaml; then
+ DISTRO_RELEASE="stretch"
+ else
+ DISTRO_RELEASE="buster"
+ fi
fi
+
if [ -z "${TARGET_IMAGE}" ];then
TARGET_IMAGE="cip-core-image"
fi
--
2.30.2


[isar-cip-core][PATCH 1/3] start-qemu.sh: set bootindex for SECURE_BOOT

Quirin Gylstorff
 

From: Quirin Gylstorff <quirin.gylstorff@...>

Set the bootindex to avoid booting into the default uefi shell.

An if-clause is used to avoid the following error message for non-secure-boot images:
```
qemu-system-x86_64: -device ide-hd,drive=disk,bootindex=0: The bootindex 0 has already been used
```

Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
---
start-qemu.sh | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/start-qemu.sh b/start-qemu.sh
index 3f62257..2c0a751 100755
--- a/start-qemu.sh
+++ b/start-qemu.sh
@@ -39,8 +39,14 @@ case "$1" in
-cpu qemu64 \
-smp 4 \
-machine q35,accel=kvm:tcg \
- -device ide-hd,drive=disk \
-device virtio-net-pci,netdev=net"
+ if [ -n "${SECURE_BOOT}" ]; then
+ QEMU_EXTRA_ARGS=" \
+ ${QEMU_EXTRA_ARGS} -device ide-hd,drive=disk,bootindex=0"
+ else
+ QEMU_EXTRA_ARGS=" \
+ ${QEMU_EXTRA_ARGS} -device ide-hd,drive=disk"
+ fi
KERNEL_CMDLINE=" \
root=/dev/sda"
;;
--
2.30.2


[isar-cip-core][PATCH 3/3] start-qemu.sh: Simplify qemu call

Quirin Gylstorff
 

From: Quirin Gylstorff <quirin.gylstorff@...>

Move qemu call out of if clause to avoid code duplications and
use the same behavior for secure boot and non secure boot images.

Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
---
start-qemu.sh | 12 +++++-------
1 file changed, 5 insertions(+), 7 deletions(-)

diff --git a/start-qemu.sh b/start-qemu.sh
index 21b303a..4817790 100755
--- a/start-qemu.sh
+++ b/start-qemu.sh
@@ -120,18 +120,16 @@ if [ -n "${SECURE_BOOT}" ]; then
BOOT_FILES="-drive if=pflash,format=raw,unit=0,readonly=on,file=${ovmf_code} \
-drive if=pflash,format=raw,file=${ovmf_vars} \
-drive file=${IMAGE_PREFIX}.wic.img,discard=unmap,if=none,id=disk,format=raw"
- ${QEMU_PATH}${QEMU} \
- -m 1G -serial mon:stdio -netdev user,id=net \
- ${BOOT_FILES} ${QEMU_EXTRA_ARGS} "$@"
else
IMAGE_FILE=$(ls ${IMAGE_PREFIX}.ext4.img)

KERNEL_FILE=$(ls ${IMAGE_PREFIX}-vmlinu* | tail -1)
INITRD_FILE=$(ls ${IMAGE_PREFIX}-initrd.img* | tail -1)

- ${QEMU_PATH}${QEMU} \
- -m 1G -serial mon:stdio -netdev user,id=net \
- -drive file=${IMAGE_FILE},discard=unmap,if=none,id=disk,format=raw \
+ BOOT_FILES="-drive file=${IMAGE_FILE},discard=unmap,if=none,id=disk,format=raw \
-kernel ${KERNEL_FILE} -append "${KERNEL_CMDLINE}" \
- -initrd ${INITRD_FILE} ${QEMU_EXTRA_ARGS} "$@"
+ -initrd ${INITRD_FILE}"
fi
+${QEMU_PATH}${QEMU} \
+ -m 1G -serial mon:stdio -netdev user,id=net \
+ ${BOOT_FILES} ${QEMU_EXTRA_ARGS} "$@"
--
2.30.2


[isar-cip-core][PATCH 0/3] start-qemu.sh: Add some ease of use functionality

Quirin Gylstorff
 

From: Quirin Gylstorff <quirin.gylstorff@...>

Fix booting of secure-boot image
Parse .config.yaml for ease of use and reduced commandline clutter

Quirin Gylstorff (3):
start-qemu.sh: set bootindex for SECURE_BOOT
start-qemu.sh: parse .config.yaml for ease of use
start-qemu.sh: Simplify qemu call

start-qemu.sh | 33 ++++++++++++++++++++++++---------
1 file changed, 24 insertions(+), 9 deletions(-)

--
2.30.2


Re: [cip-kernel-config][PATCH 0/2] Add options for read-only rootfs

Nobuhiro Iwamatsu
 

Hi,

Add the necessary kernel options for a read-only rootfs with
dm-verity, secure-boot and swupdate + overlay of /etc.

Quirin Gylstorff (2):
x86/cip_qemu_defconfig: Add options for read-only rootfs
x86/siemens_ipc227e_defconfig: Add options for read-only rootfs

4.19.y-cip/x86/cip_qemu_defconfig | 4 ++++
4.19.y-cip/x86/siemens_ipc227e_defconfig | 5 ++++-
5.10.y-cip/x86/cip_qemu_defconfig | 4 ++++
5.10.y-cip/x86/siemens_ipc227e_defconfig | 5 ++++-
4 files changed, 16 insertions(+), 2 deletions(-)
Ping. Are merge requests preferred for this?
Sorry, reply was too late.
I reviewed this patch, applied.

Best regards,
Nobuhiro
________________________________________
差出人: Jan Kiszka <jan.kiszka@...>
送信日時: 2021年11月24日 16:36
宛先: Q. Gylstorff; cip-dev@...; iwamatsu nobuhiro(岩松 信洋 □SWC◯ACT)
件名: Re: [cip-dev][cip-kernel-config][PATCH 0/2] Add options for read-only rootfs

On 12.11.21 17:38, Q. Gylstorff wrote:
From: Quirin Gylstorff <quirin.gylstorff@...>

Add the necessary kernel options for a read-only rootfs with
dm-verity, secure-boot and swupdate + overlay of /etc.

Quirin Gylstorff (2):
x86/cip_qemu_defconfig: Add options for read-only rootfs
x86/siemens_ipc227e_defconfig: Add options for read-only rootfs

4.19.y-cip/x86/cip_qemu_defconfig | 4 ++++
4.19.y-cip/x86/siemens_ipc227e_defconfig | 5 ++++-
5.10.y-cip/x86/cip_qemu_defconfig | 4 ++++
5.10.y-cip/x86/siemens_ipc227e_defconfig | 5 ++++-
4 files changed, 16 insertions(+), 2 deletions(-)
Ping. Are merge requests preferred for this?

Jan

--
Siemens AG, T RDA IOT
Corporate Competence Center Embedded Linux


Re: [cip-kernel-config][PATCH 0/2] Add options for read-only rootfs

Jan Kiszka
 

On 12.11.21 17:38, Q. Gylstorff wrote:
From: Quirin Gylstorff <quirin.gylstorff@...>

Add the necessary kernel options for a read-only rootfs with
dm-verity, secure-boot and swupdate + overlay of /etc.

Quirin Gylstorff (2):
x86/cip_qemu_defconfig: Add options for read-only rootfs
x86/siemens_ipc227e_defconfig: Add options for read-only rootfs

4.19.y-cip/x86/cip_qemu_defconfig | 4 ++++
4.19.y-cip/x86/siemens_ipc227e_defconfig | 5 ++++-
5.10.y-cip/x86/cip_qemu_defconfig | 4 ++++
5.10.y-cip/x86/siemens_ipc227e_defconfig | 5 ++++-
4 files changed, 16 insertions(+), 2 deletions(-)
Ping. Are merge requests preferred for this?

Jan

--
Siemens AG, T RDA IOT
Corporate Competence Center Embedded Linux


Re: [isar-cip-core][RESEND PATCH 0/2] Add support to test WiFi on RZ/G2M

Jan Kiszka
 

On 23.11.21 19:23, Lad Prabhakar wrote:
Hi All,

This patch series adds support to install required tools and firmware
for testing WiFi on HiHope RZ/G2M platform.

Cheers,
Prabhakar

Lad Prabhakar (2):
customizations: Add support to include tools and Firmware required for
WiFi testing
conf: hihope-rzg2m: Enable tools and firmware for testing WiFi

conf/machine/hihope-rzg2m.conf | 3 +++
recipes-core/customizations/customizations.bb | 7 ++++++-
2 files changed, 9 insertions(+), 1 deletion(-)
thanks, applied.

Jan

--
Siemens AG, T RDA IOT
Corporate Competence Center Embedded Linux


[isar-cip-core][RESEND PATCH 2/2] conf: hihope-rzg2m: Enable tools and firmware for testing WiFi

Lad Prabhakar
 

HiHope RZ/G2M platform has WiFi module (WL1837) which requires additional
firmware (provided by firmware-ti-connectivity) for the chip to work.

This patch enables tools and firmware required for testing WiFi on
HiHope RZ/G2M platform.

Suggested-by: Jan Kiszka <jan.kiszka@...>
Signed-off-by: Lad Prabhakar <prabhakar.mahadev-lad.rj@...>
---
conf/machine/hihope-rzg2m.conf | 3 +++
1 file changed, 3 insertions(+)

diff --git a/conf/machine/hihope-rzg2m.conf b/conf/machine/hihope-rzg2m.conf
index a2ae03d..4f4ee81 100644
--- a/conf/machine/hihope-rzg2m.conf
+++ b/conf/machine/hihope-rzg2m.conf
@@ -17,3 +17,6 @@ KERNEL_DEFCONFIG = "cip-kernel-config/4.19.y-cip/arm64/renesas_defconfig"
USE_CIP_KERNEL_CONFIG = "1"
DTB_FILES = "r8a774a1-hihope-rzg2m-ex.dtb"
IMAGE_BOOT_FILES = "${KERNEL_IMAGE} ${DTB_FILES}"
+
+WIRELESS_FIRMWARE_PACKAGE = "firmware-ti-connectivity"
+INSTALL_WIRELESS_TOOLS ?= "1"
--
2.17.1


[isar-cip-core][RESEND PATCH 0/2] Add support to test WiFi on RZ/G2M

Lad Prabhakar
 

Hi All,

This patch series adds support to install required tools and firmware
for testing WiFi on HiHope RZ/G2M platform.

Cheers,
Prabhakar

Lad Prabhakar (2):
customizations: Add support to include tools and Firmware required for
WiFi testing
conf: hihope-rzg2m: Enable tools and firmware for testing WiFi

conf/machine/hihope-rzg2m.conf | 3 +++
recipes-core/customizations/customizations.bb | 7 ++++++-
2 files changed, 9 insertions(+), 1 deletion(-)

--
2.17.1


[isar-cip-core][RESEND PATCH 1/2] customizations: Add support to include tools and Firmware required for WiFi testing

Lad Prabhakar
 

Include iw tools, wireless-regdb (to include regulatory database) and any
additional firmware pointed by WIRELESS_FIRMWARE_PACKAGE variable only if
INSTALL_WIRELESS_TOOLS is set to "1".

Suggested-by: Jan Kiszka <jan.kiszka@...>
Signed-off-by: Lad Prabhakar <prabhakar.mahadev-lad.rj@...>
---
recipes-core/customizations/customizations.bb | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/recipes-core/customizations/customizations.bb b/recipes-core/customizations/customizations.bb
index 932b11c..d302b4a 100644
--- a/recipes-core/customizations/customizations.bb
+++ b/recipes-core/customizations/customizations.bb
@@ -18,10 +18,15 @@ SRC_URI = " \
file://ethernet \
file://99-silent-printk.conf"

+WIRELESS_FIRMWARE_PACKAGE ?= ""
+INSTALL_WIRELESS_TOOLS ??= "0"
+
DEPENDS += "sshd-regen-keys"

DEBIAN_DEPENDS = " \
- ifupdown, isc-dhcp-client, net-tools, iputils-ping, ssh, sshd-regen-keys"
+ ifupdown, isc-dhcp-client, net-tools, iputils-ping, ssh, sshd-regen-keys \
+ ${@(', iw, wireless-regdb, ' + d.getVar('WIRELESS_FIRMWARE_PACKAGE')) \
+ if d.getVar('INSTALL_WIRELESS_TOOLS') == '1' else ''}"

do_install() {
install -v -d ${D}/etc/network/interfaces.d
--
2.17.1


Re: [PATCH 2/2] conf: hihope-rzg2m: Enable tools and firmware for testing WiFi

Lad Prabhakar
 

-----Original Message-----
From: cip-dev@... <cip-dev@...> On Behalf Of Lad Prabhakar via
lists.cip-project.org
Sent: 23 November 2021 18:17
To: cip-dev@...; Nobuhiro Iwamatsu <nobuhiro1.iwamatsu@...>; Pavel Machek
<pavel@...>; Jan Kiszka <jan.kiszka@...>
Subject: [cip-dev] [PATCH 2/2] conf: hihope-rzg2m: Enable tools and firmware for testing WiFi
Sorry for the missing subject line. I will resend "[isar-cip-core]" in subject line.

Cheers,
Prabhakar

HiHope RZ/G2M platform has WiFi module (WL1837) which requires additional firmware (provided by
firmware-ti-connectivity) for the chip to work.

This patch enables tools and firmware required for testing WiFi on HiHope RZ/G2M platform.

Suggested-by: Jan Kiszka <jan.kiszka@...>
Signed-off-by: Lad Prabhakar <prabhakar.mahadev-lad.rj@...>
---
conf/machine/hihope-rzg2m.conf | 3 +++
1 file changed, 3 insertions(+)

diff --git a/conf/machine/hihope-rzg2m.conf b/conf/machine/hihope-rzg2m.conf index a2ae03d..4f4ee81
100644
--- a/conf/machine/hihope-rzg2m.conf
+++ b/conf/machine/hihope-rzg2m.conf
@@ -17,3 +17,6 @@ KERNEL_DEFCONFIG = "cip-kernel-config/4.19.y-cip/arm64/renesas_defconfig"
USE_CIP_KERNEL_CONFIG = "1"
DTB_FILES = "r8a774a1-hihope-rzg2m-ex.dtb"
IMAGE_BOOT_FILES = "${KERNEL_IMAGE} ${DTB_FILES}"
+
+WIRELESS_FIRMWARE_PACKAGE = "firmware-ti-connectivity"
+INSTALL_WIRELESS_TOOLS ?= "1"
--
2.17.1


[PATCH 1/2] customizations: Add support to include tools and Firmware required for WiFi testing

Lad Prabhakar
 

Include iw tools, wireless-regdb (to include regulatory database) and any
additional firmware pointed by WIRELESS_FIRMWARE_PACKAGE variable only if
INSTALL_WIRELESS_TOOLS is set to "1".

Suggested-by: Jan Kiszka <jan.kiszka@...>
Signed-off-by: Lad Prabhakar <prabhakar.mahadev-lad.rj@...>
---
recipes-core/customizations/customizations.bb | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/recipes-core/customizations/customizations.bb b/recipes-core/customizations/customizations.bb
index 932b11c..d302b4a 100644
--- a/recipes-core/customizations/customizations.bb
+++ b/recipes-core/customizations/customizations.bb
@@ -18,10 +18,15 @@ SRC_URI = " \
file://ethernet \
file://99-silent-printk.conf"

+WIRELESS_FIRMWARE_PACKAGE ?= ""
+INSTALL_WIRELESS_TOOLS ??= "0"
+
DEPENDS += "sshd-regen-keys"

DEBIAN_DEPENDS = " \
- ifupdown, isc-dhcp-client, net-tools, iputils-ping, ssh, sshd-regen-keys"
+ ifupdown, isc-dhcp-client, net-tools, iputils-ping, ssh, sshd-regen-keys \
+ ${@(', iw, wireless-regdb, ' + d.getVar('WIRELESS_FIRMWARE_PACKAGE')) \
+ if d.getVar('INSTALL_WIRELESS_TOOLS') == '1' else ''}"

do_install() {
install -v -d ${D}/etc/network/interfaces.d
--
2.17.1


[PATCH 2/2] conf: hihope-rzg2m: Enable tools and firmware for testing WiFi

Lad Prabhakar
 

HiHope RZ/G2M platform has WiFi module (WL1837) which requires additional
firmware (provided by firmware-ti-connectivity) for the chip to work.

This patch enables tools and firmware required for testing WiFi on
HiHope RZ/G2M platform.

Suggested-by: Jan Kiszka <jan.kiszka@...>
Signed-off-by: Lad Prabhakar <prabhakar.mahadev-lad.rj@...>
---
conf/machine/hihope-rzg2m.conf | 3 +++
1 file changed, 3 insertions(+)

diff --git a/conf/machine/hihope-rzg2m.conf b/conf/machine/hihope-rzg2m.conf
index a2ae03d..4f4ee81 100644
--- a/conf/machine/hihope-rzg2m.conf
+++ b/conf/machine/hihope-rzg2m.conf
@@ -17,3 +17,6 @@ KERNEL_DEFCONFIG = "cip-kernel-config/4.19.y-cip/arm64/renesas_defconfig"
USE_CIP_KERNEL_CONFIG = "1"
DTB_FILES = "r8a774a1-hihope-rzg2m-ex.dtb"
IMAGE_BOOT_FILES = "${KERNEL_IMAGE} ${DTB_FILES}"
+
+WIRELESS_FIRMWARE_PACKAGE = "firmware-ti-connectivity"
+INSTALL_WIRELESS_TOOLS ?= "1"
--
2.17.1


[isar-cip-core][RFC v3 9/9] swupdate: Backport patches from SWUpdate Master

Quirin Gylstorff
 

From: Quirin Gylstorff <quirin.gylstorff@...>

Backport the following patches to detect the correct partition to
update.
388f1777 util: Add get_root source /proc/self/mountinfo
3914d2b7 util: Extend get_root to find LUKS devices

Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
---
...an-patches-add-patches-for-dm-verity.patch | 191 ++++++++++++++++++
.../swupdate/swupdate_2021.04-1+debian-gbp.bb | 5 +
2 files changed, 196 insertions(+)
create mode 100644 recipes-core/swupdate/files/0001-debian-patches-add-patches-for-dm-verity.patch

diff --git a/recipes-core/swupdate/files/0001-debian-patches-add-patches-for-dm-verity.patch b/recipes-core/swupdate/files/0001-debian-patches-add-patches-for-dm-verity.patch
new file mode 100644
index 0000000..a4c8856
--- /dev/null
+++ b/recipes-core/swupdate/files/0001-debian-patches-add-patches-for-dm-verity.patch
@@ -0,0 +1,191 @@
+From 9904222a872e1707d8e1205009962fd68c3e5c7d Mon Sep 17 00:00:00 2001
+From: Quirin Gylstorff <quirin.gylstorff@...>
+Date: Mon, 25 Oct 2021 14:43:07 +0200
+Subject: [PATCH] debian/patches: add patches for dm-verity
+
+Backport the following patches to detect the correct partition to
+update.
+388f1777 util: Add get_root source /proc/self/mountinfo
+3914d2b7 util: Extend get_root to find LUKS devices
+
+Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
+---
+ ...d-get_root-source-proc-self-mountinfo.diff | 67 +++++++++++++++
+ ...-Extend-get_root-to-find-LUKS-devices.diff | 82 +++++++++++++++++++
+ debian/patches/series | 2 +
+ 3 files changed, 151 insertions(+)
+ create mode 100644 debian/patches/0001-util-Add-get_root-source-proc-self-mountinfo.diff
+ create mode 100644 debian/patches/0002-util-Extend-get_root-to-find-LUKS-devices.diff
+
+diff --git a/debian/patches/0001-util-Add-get_root-source-proc-self-mountinfo.diff b/debian/patches/0001-util-Add-get_root-source-proc-self-mountinfo.diff
+new file mode 100644
+index 0000000..2b25a19
+--- /dev/null
++++ b/debian/patches/0001-util-Add-get_root-source-proc-self-mountinfo.diff
+@@ -0,0 +1,67 @@
++From 388f1777e3e9e7dfbe41768aa7ce86bc0ee25c37 Mon Sep 17 00:00:00 2001
++From: Christian Storm <christian.storm@...>
++Date: Thu, 10 Jun 2021 00:30:24 +0200
++Subject: [PATCH 1/2] util: Add get_root source /proc/self/mountinfo
++
++Filesystems such as BTRFS report synthetic device major:minor
++numbers in stat(2)'s st_dev value. Hence, such a root filesystem
++won't be found by get_root_from_partitions().
++
++As /proc/self/mountinfo's information is subject to mount-
++namespacing, it complements get_root_from_partitions() rather
++than replacing it.
++
++Signed-off-by: Christian Storm <christian.storm@...>
++---
++ core/util.c | 28 ++++++++++++++++++++++++++++
++ 1 file changed, 28 insertions(+)
++
++diff --git a/core/util.c b/core/util.c
++index 7d7673a..51a16b6 100644
++--- a/core/util.c
+++++ b/core/util.c
++@@ -883,6 +883,32 @@ static char *get_root_from_partitions(void)
++ return NULL;
++ }
++
+++/*
+++ * Return the rootfs's device name from /proc/self/mountinfo.
+++ * Needed for filesystems having synthetic stat(2) st_dev
+++ * values such as BTRFS.
+++ */
+++static char *get_root_from_mountinfo(void)
+++{
+++ char *mnt_point, *device = NULL;
+++ FILE *fp = fopen("/proc/self/mountinfo", "r");
+++ while (fp && !feof(fp)){
+++ /* format: https://www.kernel.org/doc/Documentation/filesystems/proc.txt */
+++ if (fscanf(fp, "%*s %*s %*u:%*u %*s %ms %*s %*[-] %*s %ms %*s",
+++ &mnt_point, &device) == 2) {
+++ if ( (!strcmp(mnt_point, "/")) && (strcmp(device, "none")) ) {
+++ free(mnt_point);
+++ break;
+++ }
+++ free(mnt_point);
+++ free(device);
+++ }
+++ device = NULL;
+++ }
+++ (void)fclose(fp);
+++ return device;
+++}
+++
++ #define MAX_CMDLINE_LENGTH 4096
++ static char *get_root_from_cmdline(void)
++ {
++@@ -936,6 +962,8 @@ char *get_root_device(void)
++ root = get_root_from_partitions();
++ if (!root)
++ root = get_root_from_cmdline();
+++ if (!root)
+++ root = get_root_from_mountinfo();
++
++ return root;
++ }
++--
++2.30.2
++
+diff --git a/debian/patches/0002-util-Extend-get_root-to-find-LUKS-devices.diff b/debian/patches/0002-util-Extend-get_root-to-find-LUKS-devices.diff
+new file mode 100644
+index 0000000..039bfb8
+--- /dev/null
++++ b/debian/patches/0002-util-Extend-get_root-to-find-LUKS-devices.diff
+@@ -0,0 +1,82 @@
++From 3914d2b73bf80b24aba015d9225082c2965c7a02 Mon Sep 17 00:00:00 2001
++From: Stefano Babic <sbabic@...>
++Date: Thu, 10 Jun 2021 16:14:44 +0200
++Subject: [PATCH 2/2] util: Extend get_root to find LUKS devices
++
++This helps in case of encrypted filesystem or device mapper.
++The returned device read from partitions is usually a dm-X device and
++this does not show which is the block device that contains it. Look in
++sysfs and check if the device has "slaves" entries, indicating the
++presence of an underlying device. If found, return this instead of the
++device returned parsing /proc/partitions.
++
++Signed-off-by: Stefano Babic <sbabic@...>
++---
++ core/util.c | 26 ++++++++++++++++++++++++--
++ 1 file changed, 24 insertions(+), 2 deletions(-)
++
++diff --git a/core/util.c b/core/util.c
++index 51a16b6..3b81c09 100644
++--- a/core/util.c
+++++ b/core/util.c
++@@ -24,6 +24,7 @@
++ #include <libgen.h>
++ #include <regex.h>
++ #include <string.h>
+++#include <dirent.h>
++
++ #if defined(__linux__)
++ #include <sys/statvfs.h>
++@@ -851,6 +852,10 @@ size_t snescape(char *dst, size_t n, const char *src)
++ /*
++ * This returns the device name where rootfs is mounted
++ */
+++
+++static int filter_slave(const struct dirent *ent) {
+++ return (strcmp(ent->d_name, ".") && strcmp(ent->d_name, ".."));
+++}
++ static char *get_root_from_partitions(void)
++ {
++ struct stat info;
++@@ -858,11 +863,28 @@ static char *get_root_from_partitions(void)
++ char *devname = NULL;
++ unsigned long major, minor, nblocks;
++ char buf[256];
++- int ret;
+++ int ret, dev_major, dev_minor, n;
+++ struct dirent **devlist = NULL;
++
++ if (stat("/", &info) < 0)
++ return NULL;
++
+++ dev_major = info.st_dev / 256;
+++ dev_minor = info.st_dev % 256;
+++
+++ /*
+++ * Check if this is just a container, for example in case of LUKS
+++ * Search if the device has slaves pointing to another device
+++ */
+++ snprintf(buf, sizeof(buf) - 1, "/sys/dev/block/%d:%d/slaves", dev_major, dev_minor);
+++ n = scandir(buf, &devlist, filter_slave, NULL);
+++ if (n == 1) {
+++ devname = strdup(devlist[0]->d_name);
+++ free(devlist);
+++ return devname;
+++ }
+++ free(devlist);
+++
++ fp = fopen("/proc/partitions", "r");
++ if (!fp)
++ return NULL;
++@@ -872,7 +894,7 @@ static char *get_root_from_partitions(void)
++ &major, &minor, &nblocks, &devname);
++ if (ret != 4)
++ continue;
++- if ((major == info.st_dev / 256) && (minor == info.st_dev % 256)) {
+++ if ((major == dev_major) && (minor == dev_minor)) {
++ fclose(fp);
++ return devname;
++ }
++--
++2.30.2
++
+diff --git a/debian/patches/series b/debian/patches/series
+index 8c5564a..f3bd00e 100644
+--- a/debian/patches/series
++++ b/debian/patches/series
+@@ -1 +1,3 @@
+ use-gcc-compiler.diff
++0002-util-Extend-get_root-to-find-LUKS-devices.diff
++0001-util-Add-get_root-source-proc-self-mountinfo.diff
+--
+2.30.2
+
diff --git a/recipes-core/swupdate/swupdate_2021.04-1+debian-gbp.bb b/recipes-core/swupdate/swupdate_2021.04-1+debian-gbp.bb
index 7a0fb9b..a4d67fe 100644
--- a/recipes-core/swupdate/swupdate_2021.04-1+debian-gbp.bb
+++ b/recipes-core/swupdate/swupdate_2021.04-1+debian-gbp.bb
@@ -25,6 +25,11 @@ SRC_URI += "file://0001-debian-Add-option-to-build-with-efibootguard.patch \
file://0007-debian-Make-CONFIG_HW_COMPATIBILTY-optional.patch \
file://0008-debian-rules-Add-Embedded-Lua-handler-option.patch"

+# Patch for dm-verity based images - can be removed with next SWUpdate release
+SRC_URI += "file://0001-debian-patches-add-patches-for-dm-verity.patch"
+
+# end patching for dm-verity based images
+
# deactivate signing and encryption for simple a/b rootfs update
SWUPDATE_BUILD_PROFILES += "pkg.swupdate.nosigning pkg.swupdate.noencryption"

--
2.30.2


[isar-cip-core][RFC v3 8/9] kas: Patch isar for correct permissions in var and home

Quirin Gylstorff
 

From: Quirin Gylstorff <quirin.gylstorff@...>

Get patch from isar mailing list[1].

[1]: https://groups.google.com/g/isar-users/c/wlanc7f7UnQ

Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
---
kas-cip.yml | 4 +++
...when-splitting-rootfs-folders-across.patch | 35 +++++++++++++++++++
2 files changed, 39 insertions(+)
create mode 100644 patches/isar/0001-Fix-permissions-when-splitting-rootfs-folders-across.patch

diff --git a/kas-cip.yml b/kas-cip.yml
index dc56729..8226954 100644
--- a/kas-cip.yml
+++ b/kas-cip.yml
@@ -25,6 +25,10 @@ repos:
refspec: ceb7e21154fc4862f704bb5c7739e87a26db6eb3
layers:
meta:
+ patches:
+ fix-pseudo:
+ repo: cip-core
+ path: patches/isar/0001-Fix-permissions-when-splitting-rootfs-folders-across.patch

bblayers_conf_header:
standard: |
diff --git a/patches/isar/0001-Fix-permissions-when-splitting-rootfs-folders-across.patch b/patches/isar/0001-Fix-permissions-when-splitting-rootfs-folders-across.patch
new file mode 100644
index 0000000..34704f0
--- /dev/null
+++ b/patches/isar/0001-Fix-permissions-when-splitting-rootfs-folders-across.patch
@@ -0,0 +1,35 @@
+From 34b37fccd5e454d29d6d4d002d48a9619782b1bb Mon Sep 17 00:00:00 2001
+From: Felix Moessbauer <felix.moessbauer@...>
+Date: Wed, 3 Nov 2021 13:53:00 +0100
+Subject: [PATCH] Fix permissions when splitting rootfs folders across
+ partitions.
+
+This patches ensures that the file database containing the file and
+folder usernames and permissions is always located relative to the
+source and not to the appended rootfs-dir.
+
+Prior to this patch, the database was not found when using
+-rootfs-dir in the WIC script, leading to erronous file
+permissions and ownership.
+
+Signed-off-by: Felix Moessbauer <felix.moessbauer@...>
+---
+ scripts/lib/wic/plugins/source/rootfs.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/scripts/lib/wic/plugins/source/rootfs.py b/scripts/lib/wic/plugins/source/rootfs.py
+index 96d940a9..5ab771e5 100644
+--- a/scripts/lib/wic/plugins/source/rootfs.py
++++ b/scripts/lib/wic/plugins/source/rootfs.py
+@@ -95,7 +95,7 @@ class RootfsPlugin(SourcePlugin):
+
+ part.rootfs_dir = cls.__get_rootfs_dir(rootfs_dir)
+ part.has_fstab = os.path.exists(os.path.join(part.rootfs_dir, "etc/fstab"))
+- pseudo_dir = os.path.join(part.rootfs_dir, "../pseudo")
++ pseudo_dir = os.path.join(krootfs_dir['ROOTFS_DIR'], "../pseudo")
+ if not os.path.lexists(pseudo_dir):
+ logger.warn("%s folder does not exist. "
+ "Usernames and permissions will be invalid " % pseudo_dir)
+--
+2.30.2
+
--
2.30.2


[isar-cip-core][RFC v3 6/9] Create systemd mount units for a etc overlay

Quirin Gylstorff
 

From: Quirin Gylstorff <quirin.gylstorff@...>

As /etc is read-only and needs to be accessed by the initrd
move the user defined settings to a overlay in /var/local/etc.

As systemd sets the hostname directly on start reread the /etc/hostname
after mounting the overlay.

Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
---
.../etc-overlay-fs/etc-overlay-fs_0.1.bb | 32 +++++++++++++++++++
.../etc-overlay-fs/files/etc-hostname.service | 14 ++++++++
.../files/etc-sshd-regen-keys.conf | 7 ++++
.../etc-overlay-fs/files/etc-sysusers.conf | 4 +++
recipes-core/etc-overlay-fs/files/etc.mount | 13 ++++++++
recipes-core/etc-overlay-fs/files/postinst | 4 +++
.../images/cip-core-image-read-only.bb | 1 +
7 files changed, 75 insertions(+)
create mode 100644 recipes-core/etc-overlay-fs/etc-overlay-fs_0.1.bb
create mode 100644 recipes-core/etc-overlay-fs/files/etc-hostname.service
create mode 100644 recipes-core/etc-overlay-fs/files/etc-sshd-regen-keys.conf
create mode 100644 recipes-core/etc-overlay-fs/files/etc-sysusers.conf
create mode 100644 recipes-core/etc-overlay-fs/files/etc.mount
create mode 100755 recipes-core/etc-overlay-fs/files/postinst

diff --git a/recipes-core/etc-overlay-fs/etc-overlay-fs_0.1.bb b/recipes-core/etc-overlay-fs/etc-overlay-fs_0.1.bb
new file mode 100644
index 0000000..4e2b80b
--- /dev/null
+++ b/recipes-core/etc-overlay-fs/etc-overlay-fs_0.1.bb
@@ -0,0 +1,32 @@
+#
+# CIP Core, generic profile
+#
+# Copyright (c) Siemens AG, 2021
+#
+# Authors:
+# Quirin Gylstorff <quirin.gylstorff@...>
+#
+# SPDX-License-Identifier: MIT
+
+inherit dpkg-raw
+
+SRC_URI = "file://postinst \
+ file://etc.mount \
+ file://etc-hostname.service \
+ file://etc-sshd-regen-keys.conf \
+ file://etc-sysusers.conf"
+
+do_install[cleandirs]+="${D}/usr/lib/systemd/system \
+ ${D}/usr/lib/systemd/system/local-fs.target.wants \
+ ${D}/usr/lib/systemd/system/systemd-sysusers.service.d \
+ ${D}/usr/lib/systemd/system/sshd-regen-keys.service.d \
+ ${D}/var/local/etc \
+ ${D}/var/local/.atomic \
+ "
+do_install() {
+ TARGET=${D}/usr/lib/systemd/system
+ install -m 0644 ${WORKDIR}/etc.mount ${TARGET}/etc.mount
+ install -m 0644 ${WORKDIR}/etc-hostname.service ${TARGET}/etc-hostname.service
+ install -m 0644 ${WORKDIR}/etc-sshd-regen-keys.conf ${D}/usr/lib/systemd/system/sshd-regen-keys.service.d/etc-sshd-regen-keys.conf
+ install -m 0644 ${WORKDIR}/etc-sysusers.conf ${D}/usr/lib/systemd/system/systemd-sysusers.service.d/etc-sysusers.service
+}
diff --git a/recipes-core/etc-overlay-fs/files/etc-hostname.service b/recipes-core/etc-overlay-fs/files/etc-hostname.service
new file mode 100644
index 0000000..2306b9f
--- /dev/null
+++ b/recipes-core/etc-overlay-fs/files/etc-hostname.service
@@ -0,0 +1,14 @@
+[Unit]
+Description=set hostname /etc overlay-aware
+Before=network-pre.target
+Wants=network-pre.target
+Requires=etc.mount
+After=etc.mount
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/bin/hostname --boot --file /etc/hostname
+
+[Install]
+WantedBy=basic.target
diff --git a/recipes-core/etc-overlay-fs/files/etc-sshd-regen-keys.conf b/recipes-core/etc-overlay-fs/files/etc-sshd-regen-keys.conf
new file mode 100644
index 0000000..014b5a6
--- /dev/null
+++ b/recipes-core/etc-overlay-fs/files/etc-sshd-regen-keys.conf
@@ -0,0 +1,7 @@
+[Unit]
+# set hostname /etc overlay-aware
+Before=network-pre.target
+Wants=network-pre.target
+Requires=etc.mount
+After=etc.mount
+
diff --git a/recipes-core/etc-overlay-fs/files/etc-sysusers.conf b/recipes-core/etc-overlay-fs/files/etc-sysusers.conf
new file mode 100644
index 0000000..ad45d7f
--- /dev/null
+++ b/recipes-core/etc-overlay-fs/files/etc-sysusers.conf
@@ -0,0 +1,4 @@
+[Unit]
+# make systemd-sysusers /etc overlay aware
+Requires=etc.mount
+After=etc.mount
diff --git a/recipes-core/etc-overlay-fs/files/etc.mount b/recipes-core/etc-overlay-fs/files/etc.mount
new file mode 100644
index 0000000..f0ae3c5
--- /dev/null
+++ b/recipes-core/etc-overlay-fs/files/etc.mount
@@ -0,0 +1,13 @@
+[Unit]
+Description=Overlay-mount /etc
+Requires=var.mount
+After=var.mount
+
+[Mount]
+What=overlay
+Where=/etc
+Type=overlay
+Options=noauto,x-systemd.automount,lowerdir=/etc,upperdir=/var/local/etc,workdir=/var/local/.atomic
+
+[Install]
+WantedBy=local-fs.target
diff --git a/recipes-core/etc-overlay-fs/files/postinst b/recipes-core/etc-overlay-fs/files/postinst
new file mode 100755
index 0000000..e436b53
--- /dev/null
+++ b/recipes-core/etc-overlay-fs/files/postinst
@@ -0,0 +1,4 @@
+#!/bin/sh
+
+deb-systemd-helper enable etc.mount || true
+deb-systemd-helper enable etc-hostname.service || true
diff --git a/recipes-core/images/cip-core-image-read-only.bb b/recipes-core/images/cip-core-image-read-only.bb
index 7ef2dc2..ceb6ac4 100644
--- a/recipes-core/images/cip-core-image-read-only.bb
+++ b/recipes-core/images/cip-core-image-read-only.bb
@@ -2,6 +2,7 @@ require cip-core-image.bb

SQUASHFS_EXCLUDE_DIRS += "home var"

+IMAGE_INSTALL += "etc-overlay-fs"
IMAGE_INSTALL += "tmp-fs"
IMAGE_INSTALL_remove += "initramfs-abrootfs-secureboot"

--
2.30.2

1701 - 1720 of 8692