Date   

[isar-cip-core][PATCH 2/2] README: Add information about start-qemu-defaults with menu config

Quirin Gylstorff
 

From: Quirin Gylstorff <quirin.gylstorff@...>

Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
---
README.md | 6 ++++--
doc/README.secureboot.md | 7 +++++++
2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 53ef679..bd707a4 100644
--- a/README.md
+++ b/README.md
@@ -38,8 +38,10 @@ Run, e.g.,

./start-qemu.sh x86

-when having built a QEMU AMD64 image. A security image for QEMU can be started
-like this:
+when having built a QEMU AMD64 image. Using the image configuration menu will
+initialize variables used by start-qemu.sh with fitting defaults.
+
+A security image for QEMU can be started like this:

TARGET_IMAGE=cip-core-image-security ./start-qemu.sh x86

diff --git a/doc/README.secureboot.md b/doc/README.secureboot.md
index b5056f2..3c2d524 100644
--- a/doc/README.secureboot.md
+++ b/doc/README.secureboot.md
@@ -181,6 +181,13 @@ SECURE_BOOT=y \
./start-qemu.sh amd64
```

+The image configuration menu will set default values for start-qemu.sh for secureboot
+and the following command is sufficient:
+
+```
+./start-qemu.sh amd64
+```
+
The default `OVMF_VARS.snakeoil_4M.fd` boot to the EFI shell. To boot Linux enter the following command:
```
FS0:\EFI\BOOT\bootx64.efi
--
2.30.2


[PATCH v2 2/3] start-qemu.sh: parse .config.yaml for ease of use

Quirin Gylstorff
 

From: Quirin Gylstorff <quirin.gylstorff@...>

Suggested-by: Jan Kiszka <jan.kiszka@...>
Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
---
README.md | 6 ++++--
start-qemu.sh | 16 +++++++++++++++-
2 files changed, 19 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 53ef679..bd707a4 100644
--- a/README.md
+++ b/README.md
@@ -38,8 +38,10 @@ Run, e.g.,

./start-qemu.sh x86

-when having built a QEMU AMD64 image. A security image for QEMU can be started
-like this:
+when having built a QEMU AMD64 image. Using the image configuration menu will
+initialize variables used by start-qemu.sh with fitting defaults.
+
+A security image for QEMU can be started like this:

TARGET_IMAGE=cip-core-image-security ./start-qemu.sh x86

diff --git a/start-qemu.sh b/start-qemu.sh
index 2c0a751..94c3611 100755
--- a/start-qemu.sh
+++ b/start-qemu.sh
@@ -20,15 +20,29 @@ usage()
exit 1
}

+if grep -s -q "IMAGE_SECURE_BOOT: true" .config.yaml; then
+ SECURE_BOOT="true"
+fi
+
if [ -n "${QEMU_PATH}" ]; then
QEMU_PATH="${QEMU_PATH}/"
fi

if [ -z "${DISTRO_RELEASE}" ]; then
- DISTRO_RELEASE="buster"
+ if grep -s -q "DEBIAN_BULLSEYE: true" .config.yaml; then
+ DISTRO_RELEASE="bullseye"
+ elif grep -s -q "DEBIAN_STRETCH: true" .config.yaml; then
+ DISTRO_RELEASE="stretch"
+ else
+ DISTRO_RELEASE="buster"
+ fi
fi
+
if [ -z "${TARGET_IMAGE}" ];then
TARGET_IMAGE="cip-core-image"
+ if grep -s -q "IMAGE_SECURITY: true" .config.yaml; then
+ TARGET_IMAGE="cip-core-image-security"
+ fi
fi

case "$1" in
--
2.30.2


[PATCH v2 3/3] start-qemu.sh: Simplify qemu call

Quirin Gylstorff
 

From: Quirin Gylstorff <quirin.gylstorff@...>

Move qemu call out of if clause to avoid code duplications and
use the same behavior for secure boot and non secure boot images.

Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
---
start-qemu.sh | 12 +++++-------
1 file changed, 5 insertions(+), 7 deletions(-)

diff --git a/start-qemu.sh b/start-qemu.sh
index 94c3611..a92e9f4 100755
--- a/start-qemu.sh
+++ b/start-qemu.sh
@@ -123,18 +123,16 @@ if [ -n "${SECURE_BOOT}" ]; then
BOOT_FILES="-drive if=pflash,format=raw,unit=0,readonly=on,file=${ovmf_code} \
-drive if=pflash,format=raw,file=${ovmf_vars} \
-drive file=${IMAGE_PREFIX}.wic.img,discard=unmap,if=none,id=disk,format=raw"
- ${QEMU_PATH}${QEMU} \
- -m 1G -serial mon:stdio -netdev user,id=net \
- ${BOOT_FILES} ${QEMU_EXTRA_ARGS} "$@"
else
IMAGE_FILE=$(ls ${IMAGE_PREFIX}.ext4.img)

KERNEL_FILE=$(ls ${IMAGE_PREFIX}-vmlinu* | tail -1)
INITRD_FILE=$(ls ${IMAGE_PREFIX}-initrd.img* | tail -1)

- ${QEMU_PATH}${QEMU} \
- -m 1G -serial mon:stdio -netdev user,id=net \
- -drive file=${IMAGE_FILE},discard=unmap,if=none,id=disk,format=raw \
+ BOOT_FILES="-drive file=${IMAGE_FILE},discard=unmap,if=none,id=disk,format=raw \
-kernel ${KERNEL_FILE} -append "${KERNEL_CMDLINE}" \
- -initrd ${INITRD_FILE} ${QEMU_EXTRA_ARGS} "$@"
+ -initrd ${INITRD_FILE}"
fi
+${QEMU_PATH}${QEMU} \
+ -m 1G -serial mon:stdio -netdev user,id=net \
+ ${BOOT_FILES} ${QEMU_EXTRA_ARGS} "$@"
--
2.30.2


[PATCH v2 1/3] start-qemu.sh: set bootindex for SECURE_BOOT

Quirin Gylstorff
 

From: Quirin Gylstorff <quirin.gylstorff@...>

Set the bootindex to avoid booting into the default uefi shell.

Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
---
start-qemu.sh | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/start-qemu.sh b/start-qemu.sh
index 3f62257..2c0a751 100755
--- a/start-qemu.sh
+++ b/start-qemu.sh
@@ -39,8 +39,14 @@ case "$1" in
-cpu qemu64 \
-smp 4 \
-machine q35,accel=kvm:tcg \
- -device ide-hd,drive=disk \
-device virtio-net-pci,netdev=net"
+ if [ -n "${SECURE_BOOT}" ]; then
+ QEMU_EXTRA_ARGS=" \
+ ${QEMU_EXTRA_ARGS} -device ide-hd,drive=disk,bootindex=0"
+ else
+ QEMU_EXTRA_ARGS=" \
+ ${QEMU_EXTRA_ARGS} -device ide-hd,drive=disk"
+ fi
KERNEL_CMDLINE=" \
root=/dev/sda"
;;
--
2.30.2


[PATCH v2 0/3] start-qemu.sh: Add some ease of use functionality

Quirin Gylstorff
 

From: Quirin Gylstorff <quirin.gylstorff@...>

Fix booting of secure-boot image
Parse .config.yaml for ease of use and reduced commandline clutter

Changes V2:
- Add Sentence to README
- Add default cip-core-image-security

Quirin Gylstorff (3):
start-qemu.sh: set bootindex for SECURE_BOOT
start-qemu.sh: parse .config.yaml for ease of use
start-qemu.sh: Simplify qemu call

README.md | 6 ++++--
start-qemu.sh | 36 +++++++++++++++++++++++++++---------
2 files changed, 31 insertions(+), 11 deletions(-)

--
2.30.2


Re: [isar-cip-core][PATCH 0/3] start-qemu.sh: Add some ease of use functionality

Quirin Gylstorff
 

On 11/24/21 1:38 PM, Jan Kiszka wrote:
On 24.11.21 13:07, Gylstorff Quirin wrote:


On 11/24/21 12:45 PM, Jan Kiszka wrote:
On 24.11.21 12:44, Jan Kiszka wrote:
On 24.11.21 12:12, Q. Gylstorff wrote:
From: Quirin Gylstorff <quirin.gylstorff@...>

Fix booting of secure-boot image
Parse .config.yaml for ease of use and reduced commandline clutter

Quirin Gylstorff (3):
   start-qemu.sh: set bootindex for SECURE_BOOT
   start-qemu.sh: parse .config.yaml for ease of use
   start-qemu.sh: Simplify qemu call

  start-qemu.sh | 33 ++++++++++++++++++++++++---------
  1 file changed, 24 insertions(+), 9 deletions(-)
Definitely an improvement! But the fact that secure boot comes with a
different target image is not reflected yet.
...or is that only the case with your dm-verity series? Let me check.

Jan
Only dm-verity introduces the new target.
Yep, confirmed.
Will take all three if you could also update the documentation (on-top),
stating that building via "menu" will initialize the start-qemu vars
with fitting defaults.
Jan
I will send a v2. Did miss cip-core-image-security.

Quirin


Re: Replacing BBB kernel config: Status and AIs

Kazuhiro Hayashi
 

Hi Quirin,

[...]

Sorry, v2 was lying around at [1].


[1]:
https://gitlab.com/Quirin.Gy/cip-kernel-config/-/tree/feature/bbb-isar-config
OK, thanks for creating these patches!


Testing is missing.
Toshiba members can test them using our BBB.
Please let me know if you already have the steps to testing.

Best regards,
Kazu



Best regards,
Kazu
Quirin


Re: [isar-cip-core][PATCH 0/3] start-qemu.sh: Add some ease of use functionality

Jan Kiszka
 

On 24.11.21 13:07, Gylstorff Quirin wrote:


On 11/24/21 12:45 PM, Jan Kiszka wrote:
On 24.11.21 12:44, Jan Kiszka wrote:
On 24.11.21 12:12, Q. Gylstorff wrote:
From: Quirin Gylstorff <quirin.gylstorff@...>

Fix booting of secure-boot image
Parse .config.yaml for ease of use and reduced commandline clutter

Quirin Gylstorff (3):
   start-qemu.sh: set bootindex for SECURE_BOOT
   start-qemu.sh: parse .config.yaml for ease of use
   start-qemu.sh: Simplify qemu call

  start-qemu.sh | 33 ++++++++++++++++++++++++---------
  1 file changed, 24 insertions(+), 9 deletions(-)
Definitely an improvement! But the fact that secure boot comes with a
different target image is not reflected yet.
...or is that only the case with your dm-verity series? Let me check.

Jan
Only dm-verity introduces the new target.
Yep, confirmed.

Will take all three if you could also update the documentation (on-top),
stating that building via "menu" will initialize the start-qemu vars
with fitting defaults.

Jan

--
Siemens AG, T RDA IOT
Corporate Competence Center Embedded Linux


Re: Replacing BBB kernel config: Status and AIs

Quirin Gylstorff
 

Hi,

On 11/24/21 1:02 PM, Kazuhiro Hayashi via lists.cip-project.org wrote:
Hello Jan, Quirin,
In CIP Core meeting today, we tried to discuss the current status of the activity[0]
to replace the kernel config for BBB in isar-cip-core (bbb_defconfig)
by cip-kernel-configs (cip_bbb_defconfig), but there was no enough time to conclude this.
Questions:
Do you have any plan to create the patch v2[1] to add some configs to cip_bbb_defconfig (for both 4.4 and 4.19?)
If yes, is the next step to create the patch v2 then test swupdate with 4.4 and 4.19 kernel on BBB?
You can find the meeting note[2] related to this topic.
[0] https://lore.kernel.org/cip-dev/f8f989ef-7ee2-42ee-a922-f53c6d2b07fe@siemens.com/T/#m864738e612f98752d216bc976135c274fd73eaa4
[1] https://lore.kernel.org/cip-dev/f8f989ef-7ee2-42ee-a922-f53c6d2b07fe@siemens.com/T/#m4b75aee175603bd1f06a8eec2b47ac08bda85c5a
[2] https://docs.google.com/document/d/1MwHdFd6QuXcdQfxvaLkcm1sqo9zEC-CWxjof8OJFXLM/edit#heading=h.e88ar5knf3z8
Sorry, v2 was lying around at [1].


[1]: https://gitlab.com/Quirin.Gy/cip-kernel-config/-/tree/feature/bbb-isar-config

Testing is missing.

Best regards,
Kazu
Quirin


Re: [isar-cip-core][PATCH 0/3] start-qemu.sh: Add some ease of use functionality

Quirin Gylstorff
 

On 11/24/21 12:45 PM, Jan Kiszka wrote:
On 24.11.21 12:44, Jan Kiszka wrote:
On 24.11.21 12:12, Q. Gylstorff wrote:
From: Quirin Gylstorff <quirin.gylstorff@...>

Fix booting of secure-boot image
Parse .config.yaml for ease of use and reduced commandline clutter

Quirin Gylstorff (3):
start-qemu.sh: set bootindex for SECURE_BOOT
start-qemu.sh: parse .config.yaml for ease of use
start-qemu.sh: Simplify qemu call

start-qemu.sh | 33 ++++++++++++++++++++++++---------
1 file changed, 24 insertions(+), 9 deletions(-)
Definitely an improvement! But the fact that secure boot comes with a
different target image is not reflected yet.
...or is that only the case with your dm-verity series? Let me check.
Jan
Only dm-verity introduces the new target.

Quirin


Replacing BBB kernel config: Status and AIs

Kazuhiro Hayashi
 

Hello Jan, Quirin,

In CIP Core meeting today, we tried to discuss the current status of the activity[0]
to replace the kernel config for BBB in isar-cip-core (bbb_defconfig)
by cip-kernel-configs (cip_bbb_defconfig), but there was no enough time to conclude this.

Questions:
Do you have any plan to create the patch v2[1] to add some configs to cip_bbb_defconfig (for both 4.4 and 4.19?)
If yes, is the next step to create the patch v2 then test swupdate with 4.4 and 4.19 kernel on BBB?

You can find the meeting note[2] related to this topic.

[0] https://lore.kernel.org/cip-dev/f8f989ef-7ee2-42ee-a922-f53c6d2b07fe@siemens.com/T/#m864738e612f98752d216bc976135c274fd73eaa4
[1] https://lore.kernel.org/cip-dev/f8f989ef-7ee2-42ee-a922-f53c6d2b07fe@siemens.com/T/#m4b75aee175603bd1f06a8eec2b47ac08bda85c5a
[2] https://docs.google.com/document/d/1MwHdFd6QuXcdQfxvaLkcm1sqo9zEC-CWxjof8OJFXLM/edit#heading=h.e88ar5knf3z8

Best regards,
Kazu


Re: [isar-cip-core][PATCH 0/3] start-qemu.sh: Add some ease of use functionality

Jan Kiszka
 

On 24.11.21 12:44, Jan Kiszka wrote:
On 24.11.21 12:12, Q. Gylstorff wrote:
From: Quirin Gylstorff <quirin.gylstorff@...>

Fix booting of secure-boot image
Parse .config.yaml for ease of use and reduced commandline clutter

Quirin Gylstorff (3):
start-qemu.sh: set bootindex for SECURE_BOOT
start-qemu.sh: parse .config.yaml for ease of use
start-qemu.sh: Simplify qemu call

start-qemu.sh | 33 ++++++++++++++++++++++++---------
1 file changed, 24 insertions(+), 9 deletions(-)
Definitely an improvement! But the fact that secure boot comes with a
different target image is not reflected yet.
...or is that only the case with your dm-verity series? Let me check.

Jan

--
Siemens AG, T RDA IOT
Corporate Competence Center Embedded Linux


Re: [isar-cip-core][PATCH 0/3] start-qemu.sh: Add some ease of use functionality

Jan Kiszka
 

On 24.11.21 12:12, Q. Gylstorff wrote:
From: Quirin Gylstorff <quirin.gylstorff@...>

Fix booting of secure-boot image
Parse .config.yaml for ease of use and reduced commandline clutter

Quirin Gylstorff (3):
start-qemu.sh: set bootindex for SECURE_BOOT
start-qemu.sh: parse .config.yaml for ease of use
start-qemu.sh: Simplify qemu call

start-qemu.sh | 33 ++++++++++++++++++++++++---------
1 file changed, 24 insertions(+), 9 deletions(-)
Definitely an improvement! But the fact that secure boot comes with a
different target image is not reflected yet.

Jan

--
Siemens AG, T RDA IOT
Corporate Competence Center Embedded Linux


Re: [isar-cip-core][RFC v3 5/9] Create an read-only rootfs with dm-verity

Jan Kiszka
 

On 23.11.21 15:57, Q. Gylstorff wrote:
From: Quirin Gylstorff <quirin.gylstorff@...>

This root file system supports SWUpdate and secure boot.
We need a writable /tmp and /var for a boot without error messages.

The mount point for /tmp is created during the systemd target
local-fs according to [1].

Before `Remount Root and Kernel File Systems.` the tmp of the initrd
is used.

[1]: https://www.freedesktop.org/software/systemd/man/systemd.special.html

Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
---
Kconfig | 3 +-
classes/secure-swupdate-img.bbclass | 32 +++++++++++++++++++
kas/opt/ebg-secure-boot-base.yml | 2 ++
kas/opt/ebg-secure-boot-snakeoil.yml | 13 +++++++-
kas/opt/ebg-snakeoil-swu.yml | 16 ----------
.../images/cip-core-image-read-only.bb | 20 ++++++++++++
recipes-core/tmp-fs/files/postinst | 3 ++
recipes-core/tmp-fs/files/tmp.mount.tmpl | 11 +++++++
recipes-core/tmp-fs/tmp-fs_0.1.bb | 26 +++++++++++++++
wic/qemu-amd64-efibootguard-secureboot.wks | 11 -------
wic/qemu-amd64-efibootguard-secureboot.wks.in | 13 ++++++++
11 files changed, 120 insertions(+), 30 deletions(-)
create mode 100644 classes/secure-swupdate-img.bbclass
delete mode 100644 kas/opt/ebg-snakeoil-swu.yml
create mode 100644 recipes-core/images/cip-core-image-read-only.bb
create mode 100755 recipes-core/tmp-fs/files/postinst
create mode 100644 recipes-core/tmp-fs/files/tmp.mount.tmpl
create mode 100644 recipes-core/tmp-fs/tmp-fs_0.1.bb
delete mode 100644 wic/qemu-amd64-efibootguard-secureboot.wks
create mode 100644 wic/qemu-amd64-efibootguard-secureboot.wks.in

diff --git a/Kconfig b/Kconfig
index 8421f1b..e97cb03 100644
--- a/Kconfig
+++ b/Kconfig
@@ -141,7 +141,6 @@ config IMAGE_SECURE_BOOT
config KAS_INCLUDE_SWUPDATE_SECBOOT
string
default "kas/opt/ebg-swu.yml" if IMAGE_SWUPDATE && !IMAGE_SECURE_BOOT
- default "kas/opt/ebg-secure-boot-snakeoil.yml" if !IMAGE_SWUPDATE && IMAGE_SECURE_BOOT
- default "kas/opt/ebg-snakeoil-swu.yml" if IMAGE_SWUPDATE && IMAGE_SECURE_BOOT
+ default "kas/opt/ebg-secure-boot-snakeoil.yml" if IMAGE_SECURE_BOOT
The user can still configure IMAGE_SECURE_BOOT && !IMAGE_SWUPDATE. If
the former implies the latter, it should also select it.

Jan

--
Siemens AG, T RDA IOT
Corporate Competence Center Embedded Linux


[isar-cip-core][PATCH 2/3] start-qemu.sh: parse .config.yaml for ease of use

Quirin Gylstorff
 

From: Quirin Gylstorff <quirin.gylstorff@...>

Suggested-by: Jan Kiszka <jan.kiszka@...>
Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
---
start-qemu.sh | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/start-qemu.sh b/start-qemu.sh
index 2c0a751..21b303a 100755
--- a/start-qemu.sh
+++ b/start-qemu.sh
@@ -20,13 +20,24 @@ usage()
exit 1
}

+if grep -s -q "IMAGE_SECURE_BOOT: true" .config.yaml; then
+ SECURE_BOOT="true"
+fi
+
if [ -n "${QEMU_PATH}" ]; then
QEMU_PATH="${QEMU_PATH}/"
fi

if [ -z "${DISTRO_RELEASE}" ]; then
- DISTRO_RELEASE="buster"
+ if grep -s -q "DEBIAN_BULLSEYE: true" .config.yaml; then
+ DISTRO_RELEASE="bullseye"
+ elif grep -s -q "DEBIAN_STRETCH: true" .config.yaml; then
+ DISTRO_RELEASE="stretch"
+ else
+ DISTRO_RELEASE="buster"
+ fi
fi
+
if [ -z "${TARGET_IMAGE}" ];then
TARGET_IMAGE="cip-core-image"
fi
--
2.30.2


[isar-cip-core][PATCH 1/3] start-qemu.sh: set bootindex for SECURE_BOOT

Quirin Gylstorff
 

From: Quirin Gylstorff <quirin.gylstorff@...>

Set the bootindex to avoid booting into the default uefi shell.

An if-clause is used to avoid the following error message for non-secure-boot images:
```
qemu-system-x86_64: -device ide-hd,drive=disk,bootindex=0: The bootindex 0 has already been used
```

Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
---
start-qemu.sh | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/start-qemu.sh b/start-qemu.sh
index 3f62257..2c0a751 100755
--- a/start-qemu.sh
+++ b/start-qemu.sh
@@ -39,8 +39,14 @@ case "$1" in
-cpu qemu64 \
-smp 4 \
-machine q35,accel=kvm:tcg \
- -device ide-hd,drive=disk \
-device virtio-net-pci,netdev=net"
+ if [ -n "${SECURE_BOOT}" ]; then
+ QEMU_EXTRA_ARGS=" \
+ ${QEMU_EXTRA_ARGS} -device ide-hd,drive=disk,bootindex=0"
+ else
+ QEMU_EXTRA_ARGS=" \
+ ${QEMU_EXTRA_ARGS} -device ide-hd,drive=disk"
+ fi
KERNEL_CMDLINE=" \
root=/dev/sda"
;;
--
2.30.2


[isar-cip-core][PATCH 3/3] start-qemu.sh: Simplify qemu call

Quirin Gylstorff
 

From: Quirin Gylstorff <quirin.gylstorff@...>

Move qemu call out of if clause to avoid code duplications and
use the same behavior for secure boot and non secure boot images.

Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
---
start-qemu.sh | 12 +++++-------
1 file changed, 5 insertions(+), 7 deletions(-)

diff --git a/start-qemu.sh b/start-qemu.sh
index 21b303a..4817790 100755
--- a/start-qemu.sh
+++ b/start-qemu.sh
@@ -120,18 +120,16 @@ if [ -n "${SECURE_BOOT}" ]; then
BOOT_FILES="-drive if=pflash,format=raw,unit=0,readonly=on,file=${ovmf_code} \
-drive if=pflash,format=raw,file=${ovmf_vars} \
-drive file=${IMAGE_PREFIX}.wic.img,discard=unmap,if=none,id=disk,format=raw"
- ${QEMU_PATH}${QEMU} \
- -m 1G -serial mon:stdio -netdev user,id=net \
- ${BOOT_FILES} ${QEMU_EXTRA_ARGS} "$@"
else
IMAGE_FILE=$(ls ${IMAGE_PREFIX}.ext4.img)

KERNEL_FILE=$(ls ${IMAGE_PREFIX}-vmlinu* | tail -1)
INITRD_FILE=$(ls ${IMAGE_PREFIX}-initrd.img* | tail -1)

- ${QEMU_PATH}${QEMU} \
- -m 1G -serial mon:stdio -netdev user,id=net \
- -drive file=${IMAGE_FILE},discard=unmap,if=none,id=disk,format=raw \
+ BOOT_FILES="-drive file=${IMAGE_FILE},discard=unmap,if=none,id=disk,format=raw \
-kernel ${KERNEL_FILE} -append "${KERNEL_CMDLINE}" \
- -initrd ${INITRD_FILE} ${QEMU_EXTRA_ARGS} "$@"
+ -initrd ${INITRD_FILE}"
fi
+${QEMU_PATH}${QEMU} \
+ -m 1G -serial mon:stdio -netdev user,id=net \
+ ${BOOT_FILES} ${QEMU_EXTRA_ARGS} "$@"
--
2.30.2


[isar-cip-core][PATCH 0/3] start-qemu.sh: Add some ease of use functionality

Quirin Gylstorff
 

From: Quirin Gylstorff <quirin.gylstorff@...>

Fix booting of secure-boot image
Parse .config.yaml for ease of use and reduced commandline clutter

Quirin Gylstorff (3):
start-qemu.sh: set bootindex for SECURE_BOOT
start-qemu.sh: parse .config.yaml for ease of use
start-qemu.sh: Simplify qemu call

start-qemu.sh | 33 ++++++++++++++++++++++++---------
1 file changed, 24 insertions(+), 9 deletions(-)

--
2.30.2


Re: [cip-kernel-config][PATCH 0/2] Add options for read-only rootfs

Nobuhiro Iwamatsu
 

Hi,

Add the necessary kernel options for a read-only rootfs with
dm-verity, secure-boot and swupdate + overlay of /etc.

Quirin Gylstorff (2):
x86/cip_qemu_defconfig: Add options for read-only rootfs
x86/siemens_ipc227e_defconfig: Add options for read-only rootfs

4.19.y-cip/x86/cip_qemu_defconfig | 4 ++++
4.19.y-cip/x86/siemens_ipc227e_defconfig | 5 ++++-
5.10.y-cip/x86/cip_qemu_defconfig | 4 ++++
5.10.y-cip/x86/siemens_ipc227e_defconfig | 5 ++++-
4 files changed, 16 insertions(+), 2 deletions(-)
Ping. Are merge requests preferred for this?
Sorry, reply was too late.
I reviewed this patch, applied.

Best regards,
Nobuhiro
________________________________________
差出人: Jan Kiszka <jan.kiszka@...>
送信日時: 2021年11月24日 16:36
宛先: Q. Gylstorff; cip-dev@...; iwamatsu nobuhiro(岩松 信洋 □SWC◯ACT)
件名: Re: [cip-dev][cip-kernel-config][PATCH 0/2] Add options for read-only rootfs

On 12.11.21 17:38, Q. Gylstorff wrote:
From: Quirin Gylstorff <quirin.gylstorff@...>

Add the necessary kernel options for a read-only rootfs with
dm-verity, secure-boot and swupdate + overlay of /etc.

Quirin Gylstorff (2):
x86/cip_qemu_defconfig: Add options for read-only rootfs
x86/siemens_ipc227e_defconfig: Add options for read-only rootfs

4.19.y-cip/x86/cip_qemu_defconfig | 4 ++++
4.19.y-cip/x86/siemens_ipc227e_defconfig | 5 ++++-
5.10.y-cip/x86/cip_qemu_defconfig | 4 ++++
5.10.y-cip/x86/siemens_ipc227e_defconfig | 5 ++++-
4 files changed, 16 insertions(+), 2 deletions(-)
Ping. Are merge requests preferred for this?

Jan

--
Siemens AG, T RDA IOT
Corporate Competence Center Embedded Linux


Re: [cip-kernel-config][PATCH 0/2] Add options for read-only rootfs

Jan Kiszka
 

On 12.11.21 17:38, Q. Gylstorff wrote:
From: Quirin Gylstorff <quirin.gylstorff@...>

Add the necessary kernel options for a read-only rootfs with
dm-verity, secure-boot and swupdate + overlay of /etc.

Quirin Gylstorff (2):
x86/cip_qemu_defconfig: Add options for read-only rootfs
x86/siemens_ipc227e_defconfig: Add options for read-only rootfs

4.19.y-cip/x86/cip_qemu_defconfig | 4 ++++
4.19.y-cip/x86/siemens_ipc227e_defconfig | 5 ++++-
5.10.y-cip/x86/cip_qemu_defconfig | 4 ++++
5.10.y-cip/x86/siemens_ipc227e_defconfig | 5 ++++-
4 files changed, 16 insertions(+), 2 deletions(-)
Ping. Are merge requests preferred for this?

Jan

--
Siemens AG, T RDA IOT
Corporate Competence Center Embedded Linux

3121 - 3140 of 10122