Date   

cip-gitlab/ci/iwamatsu/linux-5.10.y-cip-rc kselftest-seccomp: 4 runs, 1 regressions (v5.10.112-cip6-218-g8253434cd56a) #kernelci

kernelci.org bot <bot@...>
 

cip-gitlab/ci/iwamatsu/linux-5.10.y-cip-rc kselftest-seccomp: 4 runs, 1 regressions (v5.10.112-cip6-218-g8253434cd56a)

Regressions Summary
-------------------

platform | arch | lab | compiler | defconfig | regressions
-------------------------+--------+---------------+----------+------------------------------+------------
asus-C523NA-A20057-coral | x86_64 | lab-collabora | gcc-10 | x86_64_defcon...ok+kselftest | 1

Details: https://kernelci.org/test/job/cip-gitlab/branch/ci%2Fiwamatsu%2Flinux-5.10.y-cip-rc/kernel/v5.10.112-cip6-218-g8253434cd56a/plan/kselftest-seccomp/

Test: kselftest-seccomp
Tree: cip-gitlab
Branch: ci/iwamatsu/linux-5.10.y-cip-rc
Describe: v5.10.112-cip6-218-g8253434cd56a
URL: https://gitlab.com/cip-project/cip-kernel/linux-cip.git
SHA: 8253434cd56a1ed24ebcf6bd7bb980b182888279


Test Regressions
----------------


platform | arch | lab | compiler | defconfig | regressions
-------------------------+--------+---------------+----------+------------------------------+------------
asus-C523NA-A20057-coral | x86_64 | lab-collabora | gcc-10 | x86_64_defcon...ok+kselftest | 1

Details: https://kernelci.org/test/plan/id/62798a62e808e129b58f5717

Results: 83 PASS, 4 FAIL, 8 SKIP
Full config: x86_64_defconfig+x86-chromebook+kselftest
Compiler: gcc-10 (gcc (Debian 10.2.1-6) 10.2.1 20210110)
Plain log: https://storage.kernelci.org//cip-gitlab/ci-iwamatsu-linux-5.10.y-cip-rc/v5.10.112-cip6-218-g8253434cd56a/x86_64/x86_64_defconfig+x86-chromebook+kselftest/gcc-10/lab-collabora/kselftest-seccomp-asus-C523NA-A20057-coral.txt
HTML log: https://storage.kernelci.org//cip-gitlab/ci-iwamatsu-linux-5.10.y-cip-rc/v5.10.112-cip6-218-g8253434cd56a/x86_64/x86_64_defconfig+x86-chromebook+kselftest/gcc-10/lab-collabora/kselftest-seccomp-asus-C523NA-A20057-coral.html
Rootfs: http://storage.kernelci.org/images/rootfs/debian/bullseye-kselftest/20220506.0/amd64/initrd.cpio.gz


* kselftest-seccomp.seccomp_seccomp_bpf_TSYNC_siblings_fail_prctl: https://kernelci.org/test/case/id/62798a62e808e129b58f571e
failing since 66 days (last pass: v5.10.83-cip1-1540-g9fb82e7fedf9, first fail: v5.10.100-cip2-319-gcbff87047566)


cip-gitlab/ci/iwamatsu/linux-5.10.y-cip-rc baseline: 106 runs, 8 regressions (v5.10.112-cip6-218-g8253434cd56a) #kernelci

kernelci.org bot <bot@...>
 

cip-gitlab/ci/iwamatsu/linux-5.10.y-cip-rc baseline: 106 runs, 8 regressions (v5.10.112-cip6-218-g8253434cd56a)

Regressions Summary
-------------------

platform | arch | lab | compiler | defconfig | regressions
---------------------------+-------+--------------+----------+-----------+------------
qemu_arm64-virt-gicv2 | arm64 | lab-baylibre | gcc-10 | defconfig | 1
qemu_arm64-virt-gicv2 | arm64 | lab-broonie | gcc-10 | defconfig | 1
qemu_arm64-virt-gicv2-uefi | arm64 | lab-baylibre | gcc-10 | defconfig | 1
qemu_arm64-virt-gicv2-uefi | arm64 | lab-broonie | gcc-10 | defconfig | 1
qemu_arm64-virt-gicv3 | arm64 | lab-baylibre | gcc-10 | defconfig | 1
qemu_arm64-virt-gicv3 | arm64 | lab-broonie | gcc-10 | defconfig | 1
qemu_arm64-virt-gicv3-uefi | arm64 | lab-baylibre | gcc-10 | defconfig | 1
qemu_arm64-virt-gicv3-uefi | arm64 | lab-broonie | gcc-10 | defconfig | 1

Details: https://kernelci.org/test/job/cip-gitlab/branch/ci%2Fiwamatsu%2Flinux-5.10.y-cip-rc/kernel/v5.10.112-cip6-218-g8253434cd56a/plan/baseline/

Test: baseline
Tree: cip-gitlab
Branch: ci/iwamatsu/linux-5.10.y-cip-rc
Describe: v5.10.112-cip6-218-g8253434cd56a
URL: https://gitlab.com/cip-project/cip-kernel/linux-cip.git
SHA: 8253434cd56a1ed24ebcf6bd7bb980b182888279


Test Regressions
----------------


platform | arch | lab | compiler | defconfig | regressions
---------------------------+-------+--------------+----------+-----------+------------
qemu_arm64-virt-gicv2 | arm64 | lab-baylibre | gcc-10 | defconfig | 1

Details: https://kernelci.org/test/plan/id/62798be12133c57b6c8f5718

Results: 0 PASS, 1 FAIL, 0 SKIP
Full config: defconfig
Compiler: gcc-10 (aarch64-linux-gnu-gcc (Debian 10.2.1-6) 10.2.1 20210110)
Plain log: https://storage.kernelci.org//cip-gitlab/ci-iwamatsu-linux-5.10.y-cip-rc/v5.10.112-cip6-218-g8253434cd56a/arm64/defconfig/gcc-10/lab-baylibre/baseline-qemu_arm64-virt-gicv2.txt
HTML log: https://storage.kernelci.org//cip-gitlab/ci-iwamatsu-linux-5.10.y-cip-rc/v5.10.112-cip6-218-g8253434cd56a/arm64/defconfig/gcc-10/lab-baylibre/baseline-qemu_arm64-virt-gicv2.html
Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/buildroot-baseline/20220506.0/arm64/rootfs.cpio.gz


* baseline.login: https://kernelci.org/test/case/id/62798be12133c57b6c8f5719
new failure (last pass: v5.10.112-cip6-88-gf3397cadb2dd6)



platform | arch | lab | compiler | defconfig | regressions
---------------------------+-------+--------------+----------+-----------+------------
qemu_arm64-virt-gicv2 | arm64 | lab-broonie | gcc-10 | defconfig | 1

Details: https://kernelci.org/test/plan/id/62798324c59c7cd1828f5750

Results: 0 PASS, 1 FAIL, 0 SKIP
Full config: defconfig
Compiler: gcc-10 (aarch64-linux-gnu-gcc (Debian 10.2.1-6) 10.2.1 20210110)
Plain log: https://storage.kernelci.org//cip-gitlab/ci-iwamatsu-linux-5.10.y-cip-rc/v5.10.112-cip6-218-g8253434cd56a/arm64/defconfig/gcc-10/lab-broonie/baseline-qemu_arm64-virt-gicv2.txt
HTML log: https://storage.kernelci.org//cip-gitlab/ci-iwamatsu-linux-5.10.y-cip-rc/v5.10.112-cip6-218-g8253434cd56a/arm64/defconfig/gcc-10/lab-broonie/baseline-qemu_arm64-virt-gicv2.html
Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/buildroot-baseline/20220506.0/arm64/rootfs.cpio.gz


* baseline.login: https://kernelci.org/test/case/id/62798324c59c7cd1828f5751
new failure (last pass: v5.10.112-cip6-88-gf3397cadb2dd6)



platform | arch | lab | compiler | defconfig | regressions
---------------------------+-------+--------------+----------+-----------+------------
qemu_arm64-virt-gicv2-uefi | arm64 | lab-baylibre | gcc-10 | defconfig | 1

Details: https://kernelci.org/test/plan/id/62798b7b7b67f35da58f5722

Results: 0 PASS, 1 FAIL, 0 SKIP
Full config: defconfig
Compiler: gcc-10 (aarch64-linux-gnu-gcc (Debian 10.2.1-6) 10.2.1 20210110)
Plain log: https://storage.kernelci.org//cip-gitlab/ci-iwamatsu-linux-5.10.y-cip-rc/v5.10.112-cip6-218-g8253434cd56a/arm64/defconfig/gcc-10/lab-baylibre/baseline-qemu_arm64-virt-gicv2-uefi.txt
HTML log: https://storage.kernelci.org//cip-gitlab/ci-iwamatsu-linux-5.10.y-cip-rc/v5.10.112-cip6-218-g8253434cd56a/arm64/defconfig/gcc-10/lab-baylibre/baseline-qemu_arm64-virt-gicv2-uefi.html
Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/buildroot-baseline/20220506.0/arm64/rootfs.cpio.gz


* baseline.login: https://kernelci.org/test/case/id/62798b7b7b67f35da58f5723
new failure (last pass: v5.10.112-cip6-88-gf3397cadb2dd6)



platform | arch | lab | compiler | defconfig | regressions
---------------------------+-------+--------------+----------+-----------+------------
qemu_arm64-virt-gicv2-uefi | arm64 | lab-broonie | gcc-10 | defconfig | 1

Details: https://kernelci.org/test/plan/id/627982e8bfce4c4a4a8f574f

Results: 0 PASS, 1 FAIL, 0 SKIP
Full config: defconfig
Compiler: gcc-10 (aarch64-linux-gnu-gcc (Debian 10.2.1-6) 10.2.1 20210110)
Plain log: https://storage.kernelci.org//cip-gitlab/ci-iwamatsu-linux-5.10.y-cip-rc/v5.10.112-cip6-218-g8253434cd56a/arm64/defconfig/gcc-10/lab-broonie/baseline-qemu_arm64-virt-gicv2-uefi.txt
HTML log: https://storage.kernelci.org//cip-gitlab/ci-iwamatsu-linux-5.10.y-cip-rc/v5.10.112-cip6-218-g8253434cd56a/arm64/defconfig/gcc-10/lab-broonie/baseline-qemu_arm64-virt-gicv2-uefi.html
Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/buildroot-baseline/20220506.0/arm64/rootfs.cpio.gz


* baseline.login: https://kernelci.org/test/case/id/627982e8bfce4c4a4a8f5750
new failure (last pass: v5.10.112-cip6-88-gf3397cadb2dd6)



platform | arch | lab | compiler | defconfig | regressions
---------------------------+-------+--------------+----------+-----------+------------
qemu_arm64-virt-gicv3 | arm64 | lab-baylibre | gcc-10 | defconfig | 1

Details: https://kernelci.org/test/plan/id/62798ba4ca976cbe3b8f5718

Results: 0 PASS, 1 FAIL, 0 SKIP
Full config: defconfig
Compiler: gcc-10 (aarch64-linux-gnu-gcc (Debian 10.2.1-6) 10.2.1 20210110)
Plain log: https://storage.kernelci.org//cip-gitlab/ci-iwamatsu-linux-5.10.y-cip-rc/v5.10.112-cip6-218-g8253434cd56a/arm64/defconfig/gcc-10/lab-baylibre/baseline-qemu_arm64-virt-gicv3.txt
HTML log: https://storage.kernelci.org//cip-gitlab/ci-iwamatsu-linux-5.10.y-cip-rc/v5.10.112-cip6-218-g8253434cd56a/arm64/defconfig/gcc-10/lab-baylibre/baseline-qemu_arm64-virt-gicv3.html
Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/buildroot-baseline/20220506.0/arm64/rootfs.cpio.gz


* baseline.login: https://kernelci.org/test/case/id/62798ba4ca976cbe3b8f5719
new failure (last pass: v5.10.112-cip6-88-gf3397cadb2dd6)



platform | arch | lab | compiler | defconfig | regressions
---------------------------+-------+--------------+----------+-----------+------------
qemu_arm64-virt-gicv3 | arm64 | lab-broonie | gcc-10 | defconfig | 1

Details: https://kernelci.org/test/plan/id/627982fddcd706f2b18f571a

Results: 0 PASS, 1 FAIL, 0 SKIP
Full config: defconfig
Compiler: gcc-10 (aarch64-linux-gnu-gcc (Debian 10.2.1-6) 10.2.1 20210110)
Plain log: https://storage.kernelci.org//cip-gitlab/ci-iwamatsu-linux-5.10.y-cip-rc/v5.10.112-cip6-218-g8253434cd56a/arm64/defconfig/gcc-10/lab-broonie/baseline-qemu_arm64-virt-gicv3.txt
HTML log: https://storage.kernelci.org//cip-gitlab/ci-iwamatsu-linux-5.10.y-cip-rc/v5.10.112-cip6-218-g8253434cd56a/arm64/defconfig/gcc-10/lab-broonie/baseline-qemu_arm64-virt-gicv3.html
Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/buildroot-baseline/20220506.0/arm64/rootfs.cpio.gz


* baseline.login: https://kernelci.org/test/case/id/627982fddcd706f2b18f571b
new failure (last pass: v5.10.112-cip6-88-gf3397cadb2dd6)



platform | arch | lab | compiler | defconfig | regressions
---------------------------+-------+--------------+----------+-----------+------------
qemu_arm64-virt-gicv3-uefi | arm64 | lab-baylibre | gcc-10 | defconfig | 1

Details: https://kernelci.org/test/plan/id/62798be252f60f21438f5733

Results: 0 PASS, 1 FAIL, 0 SKIP
Full config: defconfig
Compiler: gcc-10 (aarch64-linux-gnu-gcc (Debian 10.2.1-6) 10.2.1 20210110)
Plain log: https://storage.kernelci.org//cip-gitlab/ci-iwamatsu-linux-5.10.y-cip-rc/v5.10.112-cip6-218-g8253434cd56a/arm64/defconfig/gcc-10/lab-baylibre/baseline-qemu_arm64-virt-gicv3-uefi.txt
HTML log: https://storage.kernelci.org//cip-gitlab/ci-iwamatsu-linux-5.10.y-cip-rc/v5.10.112-cip6-218-g8253434cd56a/arm64/defconfig/gcc-10/lab-baylibre/baseline-qemu_arm64-virt-gicv3-uefi.html
Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/buildroot-baseline/20220506.0/arm64/rootfs.cpio.gz


* baseline.login: https://kernelci.org/test/case/id/62798be252f60f21438f5734
new failure (last pass: v5.10.112-cip6-88-gf3397cadb2dd6)



platform | arch | lab | compiler | defconfig | regressions
---------------------------+-------+--------------+----------+-----------+------------
qemu_arm64-virt-gicv3-uefi | arm64 | lab-broonie | gcc-10 | defconfig | 1

Details: https://kernelci.org/test/plan/id/62798339dcd706f2b18f5736

Results: 0 PASS, 1 FAIL, 0 SKIP
Full config: defconfig
Compiler: gcc-10 (aarch64-linux-gnu-gcc (Debian 10.2.1-6) 10.2.1 20210110)
Plain log: https://storage.kernelci.org//cip-gitlab/ci-iwamatsu-linux-5.10.y-cip-rc/v5.10.112-cip6-218-g8253434cd56a/arm64/defconfig/gcc-10/lab-broonie/baseline-qemu_arm64-virt-gicv3-uefi.txt
HTML log: https://storage.kernelci.org//cip-gitlab/ci-iwamatsu-linux-5.10.y-cip-rc/v5.10.112-cip6-218-g8253434cd56a/arm64/defconfig/gcc-10/lab-broonie/baseline-qemu_arm64-virt-gicv3-uefi.html
Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/buildroot-baseline/20220506.0/arm64/rootfs.cpio.gz


* baseline.login: https://kernelci.org/test/case/id/62798339dcd706f2b18f5737
new failure (last pass: v5.10.112-cip6-88-gf3397cadb2dd6)


cip-gitlab/ci/iwamatsu/linux-5.10.y-cip-rc baseline-nfs: 22 runs, 1 regressions (v5.10.112-cip6-218-g8253434cd56a) #kernelci

kernelci.org bot <bot@...>
 

cip-gitlab/ci/iwamatsu/linux-5.10.y-cip-rc baseline-nfs: 22 runs, 1 regressions (v5.10.112-cip6-218-g8253434cd56a)

Regressions Summary
-------------------

platform | arch | lab | compiler | defconfig | regressions
--------------------+-------+--------------+----------+-----------+------------
r8a77950-salvator-x | arm64 | lab-baylibre | gcc-10 | defconfig | 1

Details: https://kernelci.org/test/job/cip-gitlab/branch/ci%2Fiwamatsu%2Flinux-5.10.y-cip-rc/kernel/v5.10.112-cip6-218-g8253434cd56a/plan/baseline-nfs/

Test: baseline-nfs
Tree: cip-gitlab
Branch: ci/iwamatsu/linux-5.10.y-cip-rc
Describe: v5.10.112-cip6-218-g8253434cd56a
URL: https://gitlab.com/cip-project/cip-kernel/linux-cip.git
SHA: 8253434cd56a1ed24ebcf6bd7bb980b182888279


Test Regressions
----------------


platform | arch | lab | compiler | defconfig | regressions
--------------------+-------+--------------+----------+-----------+------------
r8a77950-salvator-x | arm64 | lab-baylibre | gcc-10 | defconfig | 1

Details: https://kernelci.org/test/plan/id/627985ca744f3839d88f5753

Results: 0 PASS, 1 FAIL, 0 SKIP
Full config: defconfig
Compiler: gcc-10 (aarch64-linux-gnu-gcc (Debian 10.2.1-6) 10.2.1 20210110)
Plain log: https://storage.kernelci.org//cip-gitlab/ci-iwamatsu-linux-5.10.y-cip-rc/v5.10.112-cip6-218-g8253434cd56a/arm64/defconfig/gcc-10/lab-baylibre/baseline-nfs-r8a77950-salvator-x.txt
HTML log: https://storage.kernelci.org//cip-gitlab/ci-iwamatsu-linux-5.10.y-cip-rc/v5.10.112-cip6-218-g8253434cd56a/arm64/defconfig/gcc-10/lab-baylibre/baseline-nfs-r8a77950-salvator-x.html
Rootfs: http://storage.kernelci.org/images/rootfs/debian/bullseye/20220506.0/arm64/initrd.cpio.gz


* baseline-nfs.login: https://kernelci.org/test/case/id/627985ca744f3839d88f5754
new failure (last pass: v5.10.109-cip5-24-g4e205e4287c50)


cip-gitlab/ci/iwamatsu/linux-5.10.y-cip-rc build: 187 builds: 4 failed, 183 passed, 5 errors, 11 warnings (v5.10.112-cip6-218-g8253434cd56a) #kernelci

kernelci.org bot <bot@...>
 

cip-gitlab/ci/iwamatsu/linux-5.10.y-cip-rc build: 187 builds: 4 failed, 183 passed, 5 errors, 11 warnings (v5.10.112-cip6-218-g8253434cd56a)

Full Build Summary: https://kernelci.org/build/cip-gitlab/branch/ci%2Fiwamatsu%2Flinux-5.10.y-cip-rc/kernel/v5.10.112-cip6-218-g8253434cd56a/

Tree: cip-gitlab
Branch: ci/iwamatsu/linux-5.10.y-cip-rc
Git Describe: v5.10.112-cip6-218-g8253434cd56a
Git Commit: 8253434cd56a1ed24ebcf6bd7bb980b182888279
Git URL: https://gitlab.com/cip-project/cip-kernel/linux-cip.git
Built: 7 unique architectures

Build Failures Detected:

arm:
hisi_defconfig: (gcc-10) FAIL
rpc_defconfig: (gcc-10) FAIL

mips:
ip27_defconfig: (gcc-10) FAIL
ip28_defconfig: (gcc-10) FAIL

Errors and Warnings Detected:

arc:

arm64:

arm:
hisi_defconfig (gcc-10): 1 error, 2 warnings
rpc_defconfig (gcc-10): 4 errors

i386:

mips:
32r2el_defconfig (gcc-10): 1 warning
decstation_64_defconfig (gcc-10): 1 warning
decstation_defconfig (gcc-10): 1 warning
decstation_r4k_defconfig (gcc-10): 1 warning
lemote2f_defconfig (gcc-10): 1 warning

riscv:
rv32_defconfig (gcc-10): 4 warnings

x86_64:

Errors summary:

2 arm-linux-gnueabihf-gcc: error: unrecognized -march target: armv3m
2 arm-linux-gnueabihf-gcc: error: missing argument to ‘-march=’
1 drivers/usb/phy/phy-generic.c:271:19: error: implicit declaration of function ‘devm_regulator_get_exclusive’; did you mean ‘regulator_get_exclusive’? [-Werror=implicit-function-declaration]

Warnings summary:

3 kernel/rcu/tasks.h:707:13: warning: ‘show_rcu_tasks_rude_gp_kthread’ defined but not used [-Wunused-function]
2 <stdin>:830:2: warning: #warning syscall fstat64 not implemented [-Wcpp]
2 <stdin>:1127:2: warning: #warning syscall fstatat64 not implemented [-Wcpp]
1 net/mac80211/mlme.c:4343:1: warning: the frame size of 1040 bytes is larger than 1024 bytes [-Wframe-larger-than=]
1 drivers/usb/phy/phy-generic.c:271:17: warning: assignment to ‘struct regulator *’ from ‘int’ makes pointer from integer without a cast [-Wint-conversion]
1 cc1: some warnings being treated as errors
1 WARNING: modpost: Symbol info of vmlinux is missing. Unresolved symbol check will be entirely skipped.

Section mismatches summary:

1 WARNING: modpost: vmlinux.o(.text+0xd054): Section mismatch in reference from the function __arm_ioremap_pfn_caller() to the function .meminit.text:memblock_is_map_memory()
1 WARNING: modpost: vmlinux.o(.text+0xceb0): Section mismatch in reference from the function __arm_ioremap_pfn_caller() to the function .meminit.text:memblock_is_map_memory()
1 WARNING: modpost: vmlinux.o(.text+0xcdb8): Section mismatch in reference from the function __arm_ioremap_pfn_caller() to the function .meminit.text:memblock_is_map_memory()
1 WARNING: modpost: vmlinux.o(.text+0xcd4c): Section mismatch in reference from the function __arm_ioremap_pfn_caller() to the function .meminit.text:memblock_is_map_memory()
1 WARNING: modpost: vmlinux.o(.text+0xcb98): Section mismatch in reference from the function __arm_ioremap_pfn_caller() to the function .meminit.text:memblock_is_map_memory()
1 WARNING: modpost: vmlinux.o(.text+0xcb88): Section mismatch in reference from the function __arm_ioremap_pfn_caller() to the function .meminit.text:memblock_is_map_memory()
1 WARNING: modpost: vmlinux.o(.text+0xcb80): Section mismatch in reference from the function __arm_ioremap_pfn_caller() to the function .meminit.text:memblock_is_map_memory()
1 WARNING: modpost: vmlinux.o(.text+0xcb60): Section mismatch in reference from the function __arm_ioremap_pfn_caller() to the function .meminit.text:memblock_is_map_memory()
1 WARNING: modpost: vmlinux.o(.text+0xcabc): Section mismatch in reference from the function __arm_ioremap_pfn_caller() to the function .meminit.text:memblock_is_map_memory()
1 WARNING: modpost: vmlinux.o(.text+0xc900): Section mismatch in reference from the function __arm_ioremap_pfn_caller() to the function .meminit.text:memblock_is_map_memory()
1 WARNING: modpost: vmlinux.o(.text+0xb918): Section mismatch in reference from the function __arm_ioremap_pfn_caller() to the function .meminit.text:memblock_is_map_memory()
1 WARNING: modpost: vmlinux.o(.text+0x8068): Section mismatch in reference from the function __arm_ioremap_pfn_caller() to the function .meminit.text:memblock_is_map_memory()
1 WARNING: modpost: vmlinux.o(.text+0x7684): Section mismatch in reference from the function __arm_ioremap_pfn_caller() to the function .meminit.text:memblock_is_map_memory()

================================================================================

Detailed per-defconfig build reports:

--------------------------------------------------------------------------------
32r2el_defconfig (mips, gcc-10) — PASS, 0 errors, 1 warning, 0 section mismatches

Warnings:
WARNING: modpost: Symbol info of vmlinux is missing. Unresolved symbol check will be entirely skipped.

--------------------------------------------------------------------------------
allnoconfig (arc, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
allnoconfig (i386, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
allnoconfig (x86_64, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
am200epdkit_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
ar7_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
aspeed_g4_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
aspeed_g5_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
assabet_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

Section mismatches:
WARNING: modpost: vmlinux.o(.text+0xcb80): Section mismatch in reference from the function __arm_ioremap_pfn_caller() to the function .meminit.text:memblock_is_map_memory()

--------------------------------------------------------------------------------
at91_dt_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
ath25_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
ath79_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
axm55xx_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
axs103_defconfig (arc, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
axs103_smp_defconfig (arc, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
badge4_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

Section mismatches:
WARNING: modpost: vmlinux.o(.text+0xcd4c): Section mismatch in reference from the function __arm_ioremap_pfn_caller() to the function .meminit.text:memblock_is_map_memory()

--------------------------------------------------------------------------------
bcm2835_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
bcm47xx_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
bcm63xx_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
bigsur_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
bmips_be_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
bmips_stb_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
capcella_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
cavium_octeon_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
cerfcube_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

Section mismatches:
WARNING: modpost: vmlinux.o(.text+0x7684): Section mismatch in reference from the function __arm_ioremap_pfn_caller() to the function .meminit.text:memblock_is_map_memory()

--------------------------------------------------------------------------------
ci20_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
cm_x300_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
cobalt_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
colibri_pxa270_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
colibri_pxa300_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
collie_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

Section mismatches:
WARNING: modpost: vmlinux.o(.text+0xb918): Section mismatch in reference from the function __arm_ioremap_pfn_caller() to the function .meminit.text:memblock_is_map_memory()

--------------------------------------------------------------------------------
corgi_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
cu1000-neo_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
cu1830-neo_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
davinci_all_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
db1xxx_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
decstation_64_defconfig (mips, gcc-10) — PASS, 0 errors, 1 warning, 0 section mismatches

Warnings:
kernel/rcu/tasks.h:707:13: warning: ‘show_rcu_tasks_rude_gp_kthread’ defined but not used [-Wunused-function]

--------------------------------------------------------------------------------
decstation_defconfig (mips, gcc-10) — PASS, 0 errors, 1 warning, 0 section mismatches

Warnings:
kernel/rcu/tasks.h:707:13: warning: ‘show_rcu_tasks_rude_gp_kthread’ defined but not used [-Wunused-function]

--------------------------------------------------------------------------------
decstation_r4k_defconfig (mips, gcc-10) — PASS, 0 errors, 1 warning, 0 section mismatches

Warnings:
kernel/rcu/tasks.h:707:13: warning: ‘show_rcu_tasks_rude_gp_kthread’ defined but not used [-Wunused-function]

--------------------------------------------------------------------------------
defconfig (riscv, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
defconfig (arm64, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
defconfig+arm64-chromebook+kselftest (arm64, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
defconfig+kselftest (arm64, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
dove_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
e55_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
ebsa110_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
efm32_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
ep93xx_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

Section mismatches:
WARNING: modpost: vmlinux.o(.text+0x8068): Section mismatch in reference from the function __arm_ioremap_pfn_caller() to the function .meminit.text:memblock_is_map_memory()

--------------------------------------------------------------------------------
eseries_pxa_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
exynos_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
ezx_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
footbridge_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
fuloong2e_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
gcw0_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
gemini_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
h3600_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

Section mismatches:
WARNING: modpost: vmlinux.o(.text+0xcb98): Section mismatch in reference from the function __arm_ioremap_pfn_caller() to the function .meminit.text:memblock_is_map_memory()

--------------------------------------------------------------------------------
h5000_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
hackkit_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

Section mismatches:
WARNING: modpost: vmlinux.o(.text+0xceb0): Section mismatch in reference from the function __arm_ioremap_pfn_caller() to the function .meminit.text:memblock_is_map_memory()

--------------------------------------------------------------------------------
haps_hs_defconfig (arc, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
haps_hs_smp_defconfig (arc, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
hisi_defconfig (arm, gcc-10) — FAIL, 1 error, 2 warnings, 0 section mismatches

Errors:
drivers/usb/phy/phy-generic.c:271:19: error: implicit declaration of function ‘devm_regulator_get_exclusive’; did you mean ‘regulator_get_exclusive’? [-Werror=implicit-function-declaration]

Warnings:
drivers/usb/phy/phy-generic.c:271:17: warning: assignment to ‘struct regulator *’ from ‘int’ makes pointer from integer without a cast [-Wint-conversion]
cc1: some warnings being treated as errors

--------------------------------------------------------------------------------
hsdk_defconfig (arc, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
i386_defconfig (i386, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
imote2_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
imx_v4_v5_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
imx_v6_v7_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
integrator_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
iop32x_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
ip22_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
ip27_defconfig (mips, gcc-10) — FAIL, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
ip28_defconfig (mips, gcc-10) — FAIL, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
ip32_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
ixp4xx_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
jazz_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
jmr3927_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
jornada720_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

Section mismatches:
WARNING: modpost: vmlinux.o(.text+0xcabc): Section mismatch in reference from the function __arm_ioremap_pfn_caller() to the function .meminit.text:memblock_is_map_memory()

--------------------------------------------------------------------------------
keystone_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
lart_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

Section mismatches:
WARNING: modpost: vmlinux.o(.text+0xcb88): Section mismatch in reference from the function __arm_ioremap_pfn_caller() to the function .meminit.text:memblock_is_map_memory()

--------------------------------------------------------------------------------
lemote2f_defconfig (mips, gcc-10) — PASS, 0 errors, 1 warning, 0 section mismatches

Warnings:
net/mac80211/mlme.c:4343:1: warning: the frame size of 1040 bytes is larger than 1024 bytes [-Wframe-larger-than=]

--------------------------------------------------------------------------------
loongson1b_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
loongson1c_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
loongson3_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
lpc18xx_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
lpc32xx_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
lpd270_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
lubbock_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
magician_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
mainstone_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
malta_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
malta_kvm_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
malta_kvm_guest_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
malta_qemu_32r6_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
maltaaprp_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
maltasmvp_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
maltasmvp_eva_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
maltaup_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
maltaup_xpa_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
milbeaut_m10v_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
mini2440_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
mmp2_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
moxart_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
mpc30x_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
mps2_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
mtx1_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
multi_v4t_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
multi_v5_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
multi_v7_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
multi_v7_defconfig+kselftest (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
mvebu_v5_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
mvebu_v7_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
mxs_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
neponset_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

Section mismatches:
WARNING: modpost: vmlinux.o(.text+0xcdb8): Section mismatch in reference from the function __arm_ioremap_pfn_caller() to the function .meminit.text:memblock_is_map_memory()

--------------------------------------------------------------------------------
netwinder_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
nhk8815_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
nlm_xlp_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
nlm_xlr_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
nommu_k210_defconfig (riscv, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
nsimosci_hs_defconfig (arc, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
nsimosci_hs_smp_defconfig (arc, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
omap1_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
omap2plus_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
omega2p_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
orion5x_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
oxnas_v6_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
palmz72_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
pcm027_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
pic32mzda_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
pistachio_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
pleb_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

Section mismatches:
WARNING: modpost: vmlinux.o(.text+0xc900): Section mismatch in reference from the function __arm_ioremap_pfn_caller() to the function .meminit.text:memblock_is_map_memory()

--------------------------------------------------------------------------------
prima2_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
pxa168_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
pxa255-idp_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
pxa3xx_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
pxa910_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
pxa_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
qcom_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
qi_lb60_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
rb532_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
rbtx49xx_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
realview_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
rpc_defconfig (arm, gcc-10) — FAIL, 4 errors, 0 warnings, 0 section mismatches

Errors:
arm-linux-gnueabihf-gcc: error: unrecognized -march target: armv3m
arm-linux-gnueabihf-gcc: error: missing argument to ‘-march=’
arm-linux-gnueabihf-gcc: error: unrecognized -march target: armv3m
arm-linux-gnueabihf-gcc: error: missing argument to ‘-march=’

--------------------------------------------------------------------------------
rs90_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
rt305x_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
rv32_defconfig (riscv, gcc-10) — PASS, 0 errors, 4 warnings, 0 section mismatches

Warnings:
<stdin>:830:2: warning: #warning syscall fstat64 not implemented [-Wcpp]
<stdin>:1127:2: warning: #warning syscall fstatat64 not implemented [-Wcpp]
<stdin>:830:2: warning: #warning syscall fstat64 not implemented [-Wcpp]
<stdin>:1127:2: warning: #warning syscall fstatat64 not implemented [-Wcpp]

--------------------------------------------------------------------------------
s3c2410_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
s3c6400_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
s5pv210_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
sama5_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
sb1250_swarm_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
shannon_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

Section mismatches:
WARNING: modpost: vmlinux.o(.text+0xcb60): Section mismatch in reference from the function __arm_ioremap_pfn_caller() to the function .meminit.text:memblock_is_map_memory()

--------------------------------------------------------------------------------
shmobile_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
simpad_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

Section mismatches:
WARNING: modpost: vmlinux.o(.text+0xd054): Section mismatch in reference from the function __arm_ioremap_pfn_caller() to the function .meminit.text:memblock_is_map_memory()

--------------------------------------------------------------------------------
socfpga_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
spear13xx_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
spear3xx_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
spear6xx_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
spitz_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
stm32_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
sunxi_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
tango4_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
tb0219_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
tb0226_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
tb0287_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
tct_hammer_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
tegra_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
tinyconfig (i386, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
tinyconfig (x86_64, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
tinyconfig (arc, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
trizeps4_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
u300_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
u8500_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
vdk_hs38_defconfig (arc, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
vdk_hs38_smp_defconfig (arc, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
versatile_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
vexpress_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
vf610m4_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
viper_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
vocore2_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
vt8500_v6_v7_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
workpad_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
x86_64_defconfig (x86_64, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
x86_64_defconfig+kselftest (x86_64, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
x86_64_defconfig+x86-chromebook (x86_64, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
x86_64_defconfig+x86-chromebook+kselftest (x86_64, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
xcep_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
zeus_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

--------------------------------------------------------------------------------
zx_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches

---
For more info write to <info@...>


Re: [isar-cip-core][PATCH v2] swupdate: Update SRCREV

Jan Kiszka
 

On 09.05.22 12:15, Quirin Gylstorff wrote:
From: Quirin Gylstorff <quirin.gylstorff@...>

Update SWUpdate to commit https://salsa.debian.org/debian/swupdate/
344548c816b555c58ec199f31e45703897d23fb5.

This contains the upstream version of the patches:
-debian-Make-CONFIG_HW_COMPATIBILTY-optional.patch
-debian-rules-Add-Embedded-Lua-handler-option.patch
-debian-Remove-SWUpdate-USB-service-and-Udev-rules.patch
-Add-Profile-option-to-disable-CONFIG_HASH_VERIFY.patch

The available build options are now documented in ${S}/debian/README.Debian.

Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
---

Changes in V2:
- fix build by setting backport option

...SWUpdate-USB-service-and-Udev-rules.patch} | 24 ++++-------
...onfig-Make-image-encryption-optional.patch | 42 -------------------
...les-Add-Embedded-Lua-handler-option.patch} | 10 ++---
...es-Add-option-to-disable-fs-creation.patch | 16 +++----
...ules-Add-option-to-disable-webserver.patch | 18 ++++----
...h-to-fix-bootloader_env_get-for-EBG.patch} | 11 ++---
...Make-CONFIG_HW_COMPATIBILTY-optional.patch | 40 ------------------
...repare-build-for-isar-debian-buster.patch} | 34 +++------------
...option-to-disable-CONFIG_HASH_VERIFY.patch | 29 -------------
.../swupdate/swupdate_2021.11-1+debian-gbp.bb | 20 ++++-----
10 files changed, 50 insertions(+), 194 deletions(-)
rename recipes-core/swupdate/files/{0007-debian-Remove-SWUpdate-USB-service-and-Udev-rules.patch => 0001-debian-Remove-SWUpdate-USB-service-and-Udev-rules.patch} (65%)
delete mode 100644 recipes-core/swupdate/files/0001-debian-config-Make-image-encryption-optional.patch
rename recipes-core/swupdate/files/{0006-debian-rules-Add-Embedded-Lua-handler-option.patch => 0002-debian-rules-Add-Embedded-Lua-handler-option.patch} (83%)
rename recipes-core/swupdate/files/{0009-debian-Add-patch-to-fix-bootloader_env_get-for-EBG.patch => 0005-debian-Add-patch-to-fix-bootloader_env_get-for-EBG.patch} (89%)
delete mode 100644 recipes-core/swupdate/files/0005-debian-Make-CONFIG_HW_COMPATIBILTY-optional.patch
rename recipes-core/swupdate/files/{0010-debian-prepare-build-for-isar-debian-buster.patch => 0006-debian-prepare-build-for-isar-debian-buster.patch} (58%)
delete mode 100644 recipes-core/swupdate/files/0008-Add-Profile-option-to-disable-CONFIG_HASH_VERIFY.patch

diff --git a/recipes-core/swupdate/files/0007-debian-Remove-SWUpdate-USB-service-and-Udev-rules.patch b/recipes-core/swupdate/files/0001-debian-Remove-SWUpdate-USB-service-and-Udev-rules.patch
similarity index 65%
rename from recipes-core/swupdate/files/0007-debian-Remove-SWUpdate-USB-service-and-Udev-rules.patch
rename to recipes-core/swupdate/files/0001-debian-Remove-SWUpdate-USB-service-and-Udev-rules.patch
index 90c8d98..239b389 100644
--- a/recipes-core/swupdate/files/0007-debian-Remove-SWUpdate-USB-service-and-Udev-rules.patch
+++ b/recipes-core/swupdate/files/0001-debian-Remove-SWUpdate-USB-service-and-Udev-rules.patch
@@ -1,7 +1,7 @@
-From db391d1dd34806ae6694205b08b4661318bef37b Mon Sep 17 00:00:00 2001
+From 7925d016efc3e9ebac10a465f165135f21c5d799 Mon Sep 17 00:00:00 2001
From: Quirin Gylstorff <quirin.gylstorff@...>
Date: Mon, 7 Feb 2022 09:28:39 +0100
-Subject: [PATCH 07/10] debian: Remove SWUpdate USB service and Udev rules
+Subject: [PATCH 1/6] debian: Remove SWUpdate USB service and Udev rules

The current implementation will install an abitrary SWUpdate binary
from a plug-in USB stick. This is a major security risk for devices
@@ -13,16 +13,14 @@ Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
---
debian/rules | 1 -
debian/swupdate.swupdate-usb@.service | 8 --------
- debian/swupdate.udev | 2 --
- 3 files changed, 11 deletions(-)
+ 2 files changed, 9 deletions(-)
delete mode 100644 debian/swupdate.swupdate-usb@.service
- delete mode 100644 debian/swupdate.udev

diff --git a/debian/rules b/debian/rules
-index 12eb0ba..76fce01 100755
+index 95d4d48f..ff8b6726 100755
--- a/debian/rules
+++ b/debian/rules
-@@ -101,7 +101,6 @@ override_dh_auto_install:
+@@ -79,7 +79,6 @@ override_dh_auto_install:
override_dh_installsystemd:
dh_installsystemd --no-start
dh_installsystemd --name=swupdate-progress
@@ -32,7 +30,7 @@ index 12eb0ba..76fce01 100755
override_dh_gencontrol:
diff --git a/debian/swupdate.swupdate-usb@.service b/debian/swupdate.swupdate-usb@.service
deleted file mode 100644
-index eda9d15..0000000
+index eda9d153..00000000
--- a/debian/swupdate.swupdate-usb@.service
+++ /dev/null
@@ -1,8 +0,0 @@
@@ -44,14 +42,6 @@ index eda9d15..0000000
-ExecStartPre=/bin/mount /dev/%I /mnt
-ExecStart=/bin/sh -c "swupdate-client -v /mnt/*.swu"
-ExecStopPost=/bin/umount /mnt
-diff --git a/debian/swupdate.udev b/debian/swupdate.udev
-deleted file mode 100644
-index b4efd0b..0000000
---- a/debian/swupdate.udev
-+++ /dev/null
-@@ -1,2 +0,0 @@
--ACTION=="add", KERNEL=="sd*", SUBSYSTEM=="block", ENV{ID_BUS}=="usb", ENV{ID_FS_USAGE}=="filesystem", TAG+="systemd", ENV{SYSTEMD_WANTS}+="swupdate-usb@%k.service"
--
--
-2.34.1
+2.35.1

diff --git a/recipes-core/swupdate/files/0001-debian-config-Make-image-encryption-optional.patch b/recipes-core/swupdate/files/0001-debian-config-Make-image-encryption-optional.patch
deleted file mode 100644
index aa20ab6..0000000
--- a/recipes-core/swupdate/files/0001-debian-config-Make-image-encryption-optional.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From 5d78de76eab1218494c714e9816152e4d821fa86 Mon Sep 17 00:00:00 2001
-From: Quirin Gylstorff <quirin.gylstorff@...>
-Date: Wed, 29 Sep 2021 15:28:21 +0200
-Subject: [PATCH 01/10] debian/config: Make image encryption optional
-
-This can be use to ease the setup with SWUpdate.
-
-Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
----
- debian/configs/defconfig | 1 -
- debian/rules | 3 +++
- 2 files changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/debian/configs/defconfig b/debian/configs/defconfig
-index 02681e5..b34168e 100644
---- a/debian/configs/defconfig
-+++ b/debian/configs/defconfig
-@@ -3,7 +3,6 @@ CONFIG_HW_COMPATIBILITY=y
- CONFIG_DOWNLOAD=y
- CONFIG_DOWNLOAD_SSL=y
- CONFIG_SIGALG_CMS=y
--CONFIG_ENCRYPTED_IMAGES=y
- CONFIG_SURICATTA=y
- CONFIG_SURICATTA_SSL=y
- CONFIG_UPDATE_STATE_CHOICE_BOOTLOADER=y
-diff --git a/debian/rules b/debian/rules
-index 864add2..08b74a1 100755
---- a/debian/rules
-+++ b/debian/rules
-@@ -41,6 +41,9 @@ endif
- ifeq (,$(filter pkg.swupdate.nosigning,$(DEB_BUILD_PROFILES)))
- echo CONFIG_SIGNED_IMAGES=y >> configs/debian_defconfig
- endif
-+ifeq (,$(filter pkg.swupdate.noencryption,$(DEB_BUILD_PROFILES)))
-+ echo CONFIG_ENCRYPTED_IMAGES=y >> configs/debian_defconfig
-+endif
- ifneq (,$(filter pkg.swupdate.p11,$(DEB_BUILD_PROFILES)))
- echo CONFIG_PKCS11=y >> configs/debian_defconfig
- endif
---
-2.34.1
-
diff --git a/recipes-core/swupdate/files/0006-debian-rules-Add-Embedded-Lua-handler-option.patch b/recipes-core/swupdate/files/0002-debian-rules-Add-Embedded-Lua-handler-option.patch
similarity index 83%
rename from recipes-core/swupdate/files/0006-debian-rules-Add-Embedded-Lua-handler-option.patch
rename to recipes-core/swupdate/files/0002-debian-rules-Add-Embedded-Lua-handler-option.patch
index 1d6a247..9ca5002 100644
--- a/recipes-core/swupdate/files/0006-debian-rules-Add-Embedded-Lua-handler-option.patch
+++ b/recipes-core/swupdate/files/0002-debian-rules-Add-Embedded-Lua-handler-option.patch
@@ -1,7 +1,7 @@
-From 19969a388e414db84e54a706e9227c301b0408a2 Mon Sep 17 00:00:00 2001
+From d262afcf95e617eace2f4207d4690587841d8882 Mon Sep 17 00:00:00 2001
From: Quirin Gylstorff <quirin.gylstorff@...>
Date: Wed, 29 Sep 2021 11:32:41 +0200
-Subject: [PATCH 06/10] debian/rules: Add Embedded Lua handler option
+Subject: [PATCH 2/6] debian/rules: Add Embedded Lua handler option

Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
---
@@ -9,10 +9,10 @@ Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
1 file changed, 5 insertions(+)

diff --git a/debian/rules b/debian/rules
-index 19870e9..12eb0ba 100755
+index ff8b6726..e1df4f06 100755
--- a/debian/rules
+++ b/debian/rules
-@@ -68,7 +68,12 @@ ifneq (,$(LUA_VERSION))
+@@ -51,7 +51,12 @@ ifneq (,$(LUA_VERSION))
echo CONFIG_LUAPKG=\"lua$(LUA_VERSION)\" >> configs/debian_defconfig
echo CONFIG_LUASCRIPTHANDLER=y >> configs/debian_defconfig
echo CONFIG_HANDLER_IN_LUA=y >> configs/debian_defconfig
@@ -26,5 +26,5 @@ index 19870e9..12eb0ba 100755
echo CONFIG_EXTRA_LDFLAGS=\"$(LDFLAGS)\" >> configs/debian_defconfig
echo CONFIG_EXTRA_LDLIBS=\"$(LDLIBS)\" >> configs/debian_defconfig
--
-2.34.1
+2.35.1

diff --git a/recipes-core/swupdate/files/0003-debian-rules-Add-option-to-disable-fs-creation.patch b/recipes-core/swupdate/files/0003-debian-rules-Add-option-to-disable-fs-creation.patch
index 08ba9b9..c6f84ce 100644
--- a/recipes-core/swupdate/files/0003-debian-rules-Add-option-to-disable-fs-creation.patch
+++ b/recipes-core/swupdate/files/0003-debian-rules-Add-option-to-disable-fs-creation.patch
@@ -1,7 +1,7 @@
-From 17d962a9b43f5debaed85affc6dccb2c471bffe9 Mon Sep 17 00:00:00 2001
+From 404d1f73f791babf3dd4546fa5f671f7717d6179 Mon Sep 17 00:00:00 2001
From: Quirin Gylstorff <quirin.gylstorff@...>
Date: Mon, 4 Oct 2021 17:15:56 +0200
-Subject: [PATCH 03/10] debian/rules: Add option to disable fs creation
+Subject: [PATCH 3/6] debian/rules: Add option to disable fs creation

Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
---
@@ -10,7 +10,7 @@ Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
2 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/debian/configs/defconfig b/debian/configs/defconfig
-index b34168e..d011deb 100644
+index ad28854c..d8e260b6 100644
--- a/debian/configs/defconfig
+++ b/debian/configs/defconfig
@@ -9,12 +9,6 @@ CONFIG_UPDATE_STATE_CHOICE_BOOTLOADER=y
@@ -27,12 +27,12 @@ index b34168e..d011deb 100644
CONFIG_RAW=y
CONFIG_RDIFFHANDLER=y
diff --git a/debian/rules b/debian/rules
-index 6705140..983e122 100755
+index e1df4f06..2ed88ad2 100755
--- a/debian/rules
+++ b/debian/rules
-@@ -45,6 +45,15 @@ endif
- ifeq (,$(filter pkg.swupdate.noencryption,$(DEB_BUILD_PROFILES)))
- echo CONFIG_ENCRYPTED_IMAGES=y >> configs/debian_defconfig
+@@ -44,6 +44,15 @@ endif
+ ifeq (,$(filter pkg.swupdate.nosigning,$(DEB_BUILD_PROFILES)))
+ echo CONFIG_SIGNED_IMAGES=y >> configs/debian_defconfig
endif
+ifeq (,$(filter pkg.swupdate.nocreatefs,$(DEB_BUILD_PROFILES)))
+ echo CONFIG_DISKPART=y >> configs/debian_defconfig
@@ -47,5 +47,5 @@ index 6705140..983e122 100755
echo CONFIG_PKCS11=y >> configs/debian_defconfig
endif
--
-2.34.1
+2.35.1

diff --git a/recipes-core/swupdate/files/0004-debian-rules-Add-option-to-disable-webserver.patch b/recipes-core/swupdate/files/0004-debian-rules-Add-option-to-disable-webserver.patch
index eaa6fcf..c670ee9 100644
--- a/recipes-core/swupdate/files/0004-debian-rules-Add-option-to-disable-webserver.patch
+++ b/recipes-core/swupdate/files/0004-debian-rules-Add-option-to-disable-webserver.patch
@@ -1,7 +1,7 @@
-From a02a6d4385f314601ef5c7094ecb26f5b5c3f134 Mon Sep 17 00:00:00 2001
+From 9e5313a9fe784e55bcf25dc0b61573aeedcc11ee Mon Sep 17 00:00:00 2001
From: Quirin Gylstorff <quirin.gylstorff@...>
Date: Mon, 4 Oct 2021 17:27:11 +0200
-Subject: [PATCH 04/10] debian/rules: Add option to disable webserver
+Subject: [PATCH 4/6] debian/rules: Add option to disable webserver

Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
---
@@ -10,10 +10,10 @@ Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/debian/configs/defconfig b/debian/configs/defconfig
-index d011deb..337fcce 100644
+index d8e260b6..c365f9ce 100644
--- a/debian/configs/defconfig
+++ b/debian/configs/defconfig
-@@ -6,8 +6,6 @@ CONFIG_SIGALG_CMS=y
+@@ -6,8 +6,6 @@ CONFIG_ENCRYPTED_IMAGES=y
CONFIG_SURICATTA=y
CONFIG_SURICATTA_SSL=y
CONFIG_UPDATE_STATE_CHOICE_BOOTLOADER=y
@@ -23,12 +23,12 @@ index d011deb..337fcce 100644
CONFIG_UNIQUEUUID=y
CONFIG_RAW=y
diff --git a/debian/rules b/debian/rules
-index 983e122..6078ed8 100755
+index 2ed88ad2..58742a6b 100755
--- a/debian/rules
+++ b/debian/rules
-@@ -39,6 +39,10 @@ else ifneq (,$(filter pkg.swupdate.efibootguard,$(DEB_BUILD_PROFILES)))
- else
- echo CONFIG_BOOTLOADER_NONE=y >> configs/debian_defconfig
+@@ -41,6 +41,10 @@ endif
+ ifeq (,$(filter pkg.swupdate.nohwcompat,$(DEB_BUILD_PROFILES)))
+ echo CONFIG_HW_COMPATIBILITY=y >> configs/debian_defconfig
endif
+ifeq (,$(filter pkg.swupdate.nowebserver,$(DEB_BUILD_PROFILES)))
+ echo CONFIG_WEBSERVER=y >> configs/debian_defconfig
@@ -38,5 +38,5 @@ index 983e122..6078ed8 100755
echo CONFIG_SIGNED_IMAGES=y >> configs/debian_defconfig
endif
--
-2.34.1
+2.35.1

diff --git a/recipes-core/swupdate/files/0009-debian-Add-patch-to-fix-bootloader_env_get-for-EBG.patch b/recipes-core/swupdate/files/0005-debian-Add-patch-to-fix-bootloader_env_get-for-EBG.patch
similarity index 89%
rename from recipes-core/swupdate/files/0009-debian-Add-patch-to-fix-bootloader_env_get-for-EBG.patch
rename to recipes-core/swupdate/files/0005-debian-Add-patch-to-fix-bootloader_env_get-for-EBG.patch
index fd263ee..793bd7a 100644
--- a/recipes-core/swupdate/files/0009-debian-Add-patch-to-fix-bootloader_env_get-for-EBG.patch
+++ b/recipes-core/swupdate/files/0005-debian-Add-patch-to-fix-bootloader_env_get-for-EBG.patch
@@ -1,9 +1,10 @@
-From 09a736a651ae05378d9ef8018589c9f834b729a6 Mon Sep 17 00:00:00 2001
+From 962f4b81ac1202e536628bfac822a22b8d7b0b3a Mon Sep 17 00:00:00 2001
From: Jan Kiszka <jan.kiszka@...>
Date: Tue, 12 Apr 2022 08:01:21 +0200
-Subject: [PATCH 09/10] debian: Add patch to fix bootloader_env_get for EBG
+Subject: [PATCH 5/6] debian: Add patch to fix bootloader_env_get for EBG

Signed-off-by: Jan Kiszka <jan.kiszka@...>
+Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
---
...ix-do_env_get-for-anything-but-globa.patch | 38 +++++++++++++++++++
debian/patches/series | 1 +
@@ -12,7 +13,7 @@ Signed-off-by: Jan Kiszka <jan.kiszka@...>

diff --git a/debian/patches/0001-bootloader-EBG-fix-do_env_get-for-anything-but-globa.patch b/debian/patches/0001-bootloader-EBG-fix-do_env_get-for-anything-but-globa.patch
new file mode 100644
-index 0000000..f99f7ee
+index 00000000..f99f7ee6
--- /dev/null
+++ b/debian/patches/0001-bootloader-EBG-fix-do_env_get-for-anything-but-globa.patch
@@ -0,0 +1,38 @@
@@ -55,12 +56,12 @@ index 0000000..f99f7ee
+2.34.1
+
diff --git a/debian/patches/series b/debian/patches/series
-index 8c5564a..98628a7 100644
+index 8c5564ae..98628a77 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1 +1,2 @@
use-gcc-compiler.diff
+0001-bootloader-EBG-fix-do_env_get-for-anything-but-globa.patch
--
-2.34.1
+2.35.1

diff --git a/recipes-core/swupdate/files/0005-debian-Make-CONFIG_HW_COMPATIBILTY-optional.patch b/recipes-core/swupdate/files/0005-debian-Make-CONFIG_HW_COMPATIBILTY-optional.patch
deleted file mode 100644
index eb19e5f..0000000
--- a/recipes-core/swupdate/files/0005-debian-Make-CONFIG_HW_COMPATIBILTY-optional.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From 8315d5ff8168fca1bd3752764e71f98e8b55f2ad Mon Sep 17 00:00:00 2001
-From: Quirin Gylstorff <quirin.gylstorff@...>
-Date: Tue, 5 Oct 2021 10:56:25 +0200
-Subject: [PATCH 05/10] debian: Make CONFIG_HW_COMPATIBILTY optional
-
-Add option for qemu.
-
-Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
----
- debian/configs/defconfig | 1 -
- debian/rules | 3 +++
- 2 files changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/debian/configs/defconfig b/debian/configs/defconfig
-index 337fcce..6fc1137 100644
---- a/debian/configs/defconfig
-+++ b/debian/configs/defconfig
-@@ -1,5 +1,4 @@
- CONFIG_SYSTEMD=y
--CONFIG_HW_COMPATIBILITY=y
- CONFIG_DOWNLOAD=y
- CONFIG_DOWNLOAD_SSL=y
- CONFIG_SIGALG_CMS=y
-diff --git a/debian/rules b/debian/rules
-index 6078ed8..19870e9 100755
---- a/debian/rules
-+++ b/debian/rules
-@@ -39,6 +39,9 @@ else ifneq (,$(filter pkg.swupdate.efibootguard,$(DEB_BUILD_PROFILES)))
- else
- echo CONFIG_BOOTLOADER_NONE=y >> configs/debian_defconfig
- endif
-+ifneq (,$(filter pkg.swupdate.hwcompatibility,$(DEB_BUILD_PROFILES)))
-+ echo CONFIG_HW_COMPATIBILITY=y >> configs/debian_defconfig
-+endif
- ifeq (,$(filter pkg.swupdate.nowebserver,$(DEB_BUILD_PROFILES)))
- echo CONFIG_WEBSERVER=y >> configs/debian_defconfig
- echo CONFIG_MONGOOSESSL=y >> configs/debian_defconfig
---
-2.34.1
-
diff --git a/recipes-core/swupdate/files/0010-debian-prepare-build-for-isar-debian-buster.patch b/recipes-core/swupdate/files/0006-debian-prepare-build-for-isar-debian-buster.patch
similarity index 58%
rename from recipes-core/swupdate/files/0010-debian-prepare-build-for-isar-debian-buster.patch
rename to recipes-core/swupdate/files/0006-debian-prepare-build-for-isar-debian-buster.patch
index 1d476e9..f3b9bfc 100644
--- a/recipes-core/swupdate/files/0010-debian-prepare-build-for-isar-debian-buster.patch
+++ b/recipes-core/swupdate/files/0006-debian-prepare-build-for-isar-debian-buster.patch
@@ -1,25 +1,24 @@
-From c9661853aea11f090b5936363b0bae10fe6ebed6 Mon Sep 17 00:00:00 2001
+From 33ce7123621f5da43cc8be730e916451abe84239 Mon Sep 17 00:00:00 2001
From: Quirin Gylstorff <quirin.gylstorff@...>
Date: Wed, 29 Sep 2021 16:17:03 +0200
-Subject: [PATCH 10/10] debian: prepare build for isar debian buster
+Subject: [PATCH 6/6] debian: prepare build for isar debian buster

Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
---
debian/compat | 1 +
debian/control | 10 +++++-----
- debian/rules | 4 +++-
- 3 files changed, 9 insertions(+), 6 deletions(-)
+ 2 files changed, 6 insertions(+), 5 deletions(-)
create mode 100644 debian/compat

diff --git a/debian/compat b/debian/compat
new file mode 100644
-index 0000000..f599e28
+index 00000000..f599e28b
--- /dev/null
+++ b/debian/compat
@@ -0,0 +1 @@
+10
diff --git a/debian/control b/debian/control
-index 192c4a2..9318fa1 100644
+index 192c4a2a..9318fa12 100644
--- a/debian/control
+++ b/debian/control
@@ -4,7 +4,7 @@ Priority: optional
@@ -46,27 +45,6 @@ index 192c4a2..9318fa1 100644
libubootenv-dev <pkg.swupdate.uboot>,
libebgenv-dev <pkg.swupdate.efibootguard> | efibootguard-dev <pkg.swupdate.efibootguard>,
libcmocka-dev,
-diff --git a/debian/rules b/debian/rules
-index 4dc9e17..370ca3d 100755
---- a/debian/rules
-+++ b/debian/rules
-@@ -19,13 +19,15 @@ endif
-
- override_dh_auto_configure:
- cp debian/configs/defconfig configs/debian_defconfig
--ifeq (,$(filter pkg.swupdate.bpo,$(DEB_BUILD_PROFILES)))
-+ifneq (,$(filter pkg.swupdate.mtd,$(DEB_BUILD_PROFILES)))
- echo CONFIG_MTD=y >> configs/debian_defconfig
-+ifneq (,$(filter pkg.swupdate.ubi,$(DEB_BUILD_PROFILES)))
- echo CONFIG_SWUFORWARDER_HANDLER=y >> configs/debian_defconfig
- echo CONFIG_CFI=y >> configs/debian_defconfig
- echo CONFIG_CFIHAMMING1=y >> configs/debian_defconfig
- echo CONFIG_UBIVOL=y >> configs/debian_defconfig
- echo CONFIG_SSBLSWITCH=y >> configs/debian_defconfig
-+endif
- else
- echo "# CONFIG_MTD is not set" >> configs/debian_defconfig
- endif
--
-2.34.1
+2.35.1

diff --git a/recipes-core/swupdate/files/0008-Add-Profile-option-to-disable-CONFIG_HASH_VERIFY.patch b/recipes-core/swupdate/files/0008-Add-Profile-option-to-disable-CONFIG_HASH_VERIFY.patch
deleted file mode 100644
index a5207ee..0000000
--- a/recipes-core/swupdate/files/0008-Add-Profile-option-to-disable-CONFIG_HASH_VERIFY.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From 2776a4817eb91be3df001e04d548a702e9f5291a Mon Sep 17 00:00:00 2001
-From: Quirin Gylstorff <quirin.gylstorff@...>
-Date: Mon, 14 Feb 2022 12:27:43 +0100
-Subject: [PATCH 08/10] Add Profile option to disable CONFIG_HASH_VERIFY
-
-This change also enables CONFIG_HASH_VERIFY by default.
-
-Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
----
- debian/rules | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/debian/rules b/debian/rules
-index 76fce01..4dc9e17 100755
---- a/debian/rules
-+++ b/debian/rules
-@@ -42,6 +42,9 @@ endif
- ifneq (,$(filter pkg.swupdate.hwcompatibility,$(DEB_BUILD_PROFILES)))
- echo CONFIG_HW_COMPATIBILITY=y >> configs/debian_defconfig
- endif
-+ifeq (,$(filter pkg.swupdate.nohashverify,$(DEB_BUILD_PROFILES)))
-+ echo CONFIG_HASH_VERIFY=y >> configs/debian_defconfig
-+endif
- ifeq (,$(filter pkg.swupdate.nowebserver,$(DEB_BUILD_PROFILES)))
- echo CONFIG_WEBSERVER=y >> configs/debian_defconfig
- echo CONFIG_MONGOOSESSL=y >> configs/debian_defconfig
---
-2.34.1
-
diff --git a/recipes-core/swupdate/swupdate_2021.11-1+debian-gbp.bb b/recipes-core/swupdate/swupdate_2021.11-1+debian-gbp.bb
index 7edefe7..086911b 100644
--- a/recipes-core/swupdate/swupdate_2021.11-1+debian-gbp.bb
+++ b/recipes-core/swupdate/swupdate_2021.11-1+debian-gbp.bb
@@ -13,23 +13,20 @@ inherit dpkg-gbp
include swupdate.inc

SRC_URI = "git://salsa.debian.org/debian/swupdate.git;protocol=https;branch=debian/master"
-SRCREV ="debian/2021.11-1"
+SRCREV ="344548c816b555c58ec199f31e45703897d23fb5"

# add options to DEB_BUILD_PROFILES
-SRC_URI += "file://0001-debian-config-Make-image-encryption-optional.patch \
- file://0002-debian-rules-Add-CONFIG_MTD.patch \
+SRC_URI += "file://0001-debian-Remove-SWUpdate-USB-service-and-Udev-rules.patch \
+ file://0002-debian-rules-Add-Embedded-Lua-handler-option.patch \
file://0003-debian-rules-Add-option-to-disable-fs-creation.patch \
file://0004-debian-rules-Add-option-to-disable-webserver.patch \
- file://0005-debian-Make-CONFIG_HW_COMPATIBILTY-optional.patch \
- file://0006-debian-rules-Add-Embedded-Lua-handler-option.patch \
- file://0007-debian-Remove-SWUpdate-USB-service-and-Udev-rules.patch \
- file://0008-Add-Profile-option-to-disable-CONFIG_HASH_VERIFY.patch \
- file://0009-debian-Add-patch-to-fix-bootloader_env_get-for-EBG.patch"
+ file://0005-debian-Add-patch-to-fix-bootloader_env_get-for-EBG.patch"

# end patching for dm-verity based images

-# deactivate signing and encryption for simple a/b rootfs update
-DEB_BUILD_PROFILES += "pkg.swupdate.nosigning pkg.swupdate.noencryption"
+# deactivate signing and hardware compability for simple a/b rootfs update
+DEB_BUILD_PROFILES += "pkg.swupdate.nosigning"
+DEB_BUILD_PROFILES += "pkg.swupdate.nohwcompat"

# add cross build and deactivate testing for arm based builds
DEB_BUILD_PROFILES += "cross nocheck"
@@ -40,11 +37,12 @@ DEB_BUILD_PROFILES += "cross nocheck"
# DEB_BUILD_PROFILES += "pkg.swupdate.embeddedlua"

# modify for debian buster build
-SRC_URI_append_buster = " file://0010-debian-prepare-build-for-isar-debian-buster.patch"
+SRC_URI_append_buster = " file://0006-debian-prepare-build-for-isar-debian-buster.patch"

# disable create filesystem due to missing symbols in debian buster
# disable webserver due to missing symbols in debian buster
DEB_BUILD_PROFILES_append_buster = " \
+ pkg.swupdate.bpo \
pkg.swupdate.nocreatefs \
pkg.swupdate.nowebserver "
# In debian buster the git-compression defaults to gz and does not detect other
Thanks, applied.

Jan

--
Siemens AG, Technology
Competence Center Embedded Linux


[isar-cip-core][PATCH v2] swupdate: Update SRCREV

Quirin Gylstorff
 

From: Quirin Gylstorff <quirin.gylstorff@...>

Update SWUpdate to commit https://salsa.debian.org/debian/swupdate/
344548c816b555c58ec199f31e45703897d23fb5.

This contains the upstream version of the patches:
-debian-Make-CONFIG_HW_COMPATIBILTY-optional.patch
-debian-rules-Add-Embedded-Lua-handler-option.patch
-debian-Remove-SWUpdate-USB-service-and-Udev-rules.patch
-Add-Profile-option-to-disable-CONFIG_HASH_VERIFY.patch

The available build options are now documented in ${S}/debian/README.Debian.

Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
---

Changes in V2:
- fix build by setting backport option

...SWUpdate-USB-service-and-Udev-rules.patch} | 24 ++++-------
...onfig-Make-image-encryption-optional.patch | 42 -------------------
...les-Add-Embedded-Lua-handler-option.patch} | 10 ++---
...es-Add-option-to-disable-fs-creation.patch | 16 +++----
...ules-Add-option-to-disable-webserver.patch | 18 ++++----
...h-to-fix-bootloader_env_get-for-EBG.patch} | 11 ++---
...Make-CONFIG_HW_COMPATIBILTY-optional.patch | 40 ------------------
...repare-build-for-isar-debian-buster.patch} | 34 +++------------
...option-to-disable-CONFIG_HASH_VERIFY.patch | 29 -------------
.../swupdate/swupdate_2021.11-1+debian-gbp.bb | 20 ++++-----
10 files changed, 50 insertions(+), 194 deletions(-)
rename recipes-core/swupdate/files/{0007-debian-Remove-SWUpdate-USB-service-and-Udev-rules.patch => 0001-debian-Remove-SWUpdate-USB-service-and-Udev-rules.patch} (65%)
delete mode 100644 recipes-core/swupdate/files/0001-debian-config-Make-image-encryption-optional.patch
rename recipes-core/swupdate/files/{0006-debian-rules-Add-Embedded-Lua-handler-option.patch => 0002-debian-rules-Add-Embedded-Lua-handler-option.patch} (83%)
rename recipes-core/swupdate/files/{0009-debian-Add-patch-to-fix-bootloader_env_get-for-EBG.patch => 0005-debian-Add-patch-to-fix-bootloader_env_get-for-EBG.patch} (89%)
delete mode 100644 recipes-core/swupdate/files/0005-debian-Make-CONFIG_HW_COMPATIBILTY-optional.patch
rename recipes-core/swupdate/files/{0010-debian-prepare-build-for-isar-debian-buster.patch => 0006-debian-prepare-build-for-isar-debian-buster.patch} (58%)
delete mode 100644 recipes-core/swupdate/files/0008-Add-Profile-option-to-disable-CONFIG_HASH_VERIFY.patch

diff --git a/recipes-core/swupdate/files/0007-debian-Remove-SWUpdate-USB-service-and-Udev-rules.patch b/recipes-core/swupdate/files/0001-debian-Remove-SWUpdate-USB-service-and-Udev-rules.patch
similarity index 65%
rename from recipes-core/swupdate/files/0007-debian-Remove-SWUpdate-USB-service-and-Udev-rules.patch
rename to recipes-core/swupdate/files/0001-debian-Remove-SWUpdate-USB-service-and-Udev-rules.patch
index 90c8d98..239b389 100644
--- a/recipes-core/swupdate/files/0007-debian-Remove-SWUpdate-USB-service-and-Udev-rules.patch
+++ b/recipes-core/swupdate/files/0001-debian-Remove-SWUpdate-USB-service-and-Udev-rules.patch
@@ -1,7 +1,7 @@
-From db391d1dd34806ae6694205b08b4661318bef37b Mon Sep 17 00:00:00 2001
+From 7925d016efc3e9ebac10a465f165135f21c5d799 Mon Sep 17 00:00:00 2001
From: Quirin Gylstorff <quirin.gylstorff@...>
Date: Mon, 7 Feb 2022 09:28:39 +0100
-Subject: [PATCH 07/10] debian: Remove SWUpdate USB service and Udev rules
+Subject: [PATCH 1/6] debian: Remove SWUpdate USB service and Udev rules

The current implementation will install an abitrary SWUpdate binary
from a plug-in USB stick. This is a major security risk for devices
@@ -13,16 +13,14 @@ Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
---
debian/rules | 1 -
debian/swupdate.swupdate-usb@.service | 8 --------
- debian/swupdate.udev | 2 --
- 3 files changed, 11 deletions(-)
+ 2 files changed, 9 deletions(-)
delete mode 100644 debian/swupdate.swupdate-usb@.service
- delete mode 100644 debian/swupdate.udev

diff --git a/debian/rules b/debian/rules
-index 12eb0ba..76fce01 100755
+index 95d4d48f..ff8b6726 100755
--- a/debian/rules
+++ b/debian/rules
-@@ -101,7 +101,6 @@ override_dh_auto_install:
+@@ -79,7 +79,6 @@ override_dh_auto_install:
override_dh_installsystemd:
dh_installsystemd --no-start
dh_installsystemd --name=swupdate-progress
@@ -32,7 +30,7 @@ index 12eb0ba..76fce01 100755
override_dh_gencontrol:
diff --git a/debian/swupdate.swupdate-usb@.service b/debian/swupdate.swupdate-usb@.service
deleted file mode 100644
-index eda9d15..0000000
+index eda9d153..00000000
--- a/debian/swupdate.swupdate-usb@.service
+++ /dev/null
@@ -1,8 +0,0 @@
@@ -44,14 +42,6 @@ index eda9d15..0000000
-ExecStartPre=/bin/mount /dev/%I /mnt
-ExecStart=/bin/sh -c "swupdate-client -v /mnt/*.swu"
-ExecStopPost=/bin/umount /mnt
-diff --git a/debian/swupdate.udev b/debian/swupdate.udev
-deleted file mode 100644
-index b4efd0b..0000000
---- a/debian/swupdate.udev
-+++ /dev/null
-@@ -1,2 +0,0 @@
--ACTION=="add", KERNEL=="sd*", SUBSYSTEM=="block", ENV{ID_BUS}=="usb", ENV{ID_FS_USAGE}=="filesystem", TAG+="systemd", ENV{SYSTEMD_WANTS}+="swupdate-usb@%k.service"
--
--
-2.34.1
+2.35.1

diff --git a/recipes-core/swupdate/files/0001-debian-config-Make-image-encryption-optional.patch b/recipes-core/swupdate/files/0001-debian-config-Make-image-encryption-optional.patch
deleted file mode 100644
index aa20ab6..0000000
--- a/recipes-core/swupdate/files/0001-debian-config-Make-image-encryption-optional.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From 5d78de76eab1218494c714e9816152e4d821fa86 Mon Sep 17 00:00:00 2001
-From: Quirin Gylstorff <quirin.gylstorff@...>
-Date: Wed, 29 Sep 2021 15:28:21 +0200
-Subject: [PATCH 01/10] debian/config: Make image encryption optional
-
-This can be use to ease the setup with SWUpdate.
-
-Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
----
- debian/configs/defconfig | 1 -
- debian/rules | 3 +++
- 2 files changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/debian/configs/defconfig b/debian/configs/defconfig
-index 02681e5..b34168e 100644
---- a/debian/configs/defconfig
-+++ b/debian/configs/defconfig
-@@ -3,7 +3,6 @@ CONFIG_HW_COMPATIBILITY=y
- CONFIG_DOWNLOAD=y
- CONFIG_DOWNLOAD_SSL=y
- CONFIG_SIGALG_CMS=y
--CONFIG_ENCRYPTED_IMAGES=y
- CONFIG_SURICATTA=y
- CONFIG_SURICATTA_SSL=y
- CONFIG_UPDATE_STATE_CHOICE_BOOTLOADER=y
-diff --git a/debian/rules b/debian/rules
-index 864add2..08b74a1 100755
---- a/debian/rules
-+++ b/debian/rules
-@@ -41,6 +41,9 @@ endif
- ifeq (,$(filter pkg.swupdate.nosigning,$(DEB_BUILD_PROFILES)))
- echo CONFIG_SIGNED_IMAGES=y >> configs/debian_defconfig
- endif
-+ifeq (,$(filter pkg.swupdate.noencryption,$(DEB_BUILD_PROFILES)))
-+ echo CONFIG_ENCRYPTED_IMAGES=y >> configs/debian_defconfig
-+endif
- ifneq (,$(filter pkg.swupdate.p11,$(DEB_BUILD_PROFILES)))
- echo CONFIG_PKCS11=y >> configs/debian_defconfig
- endif
---
-2.34.1
-
diff --git a/recipes-core/swupdate/files/0006-debian-rules-Add-Embedded-Lua-handler-option.patch b/recipes-core/swupdate/files/0002-debian-rules-Add-Embedded-Lua-handler-option.patch
similarity index 83%
rename from recipes-core/swupdate/files/0006-debian-rules-Add-Embedded-Lua-handler-option.patch
rename to recipes-core/swupdate/files/0002-debian-rules-Add-Embedded-Lua-handler-option.patch
index 1d6a247..9ca5002 100644
--- a/recipes-core/swupdate/files/0006-debian-rules-Add-Embedded-Lua-handler-option.patch
+++ b/recipes-core/swupdate/files/0002-debian-rules-Add-Embedded-Lua-handler-option.patch
@@ -1,7 +1,7 @@
-From 19969a388e414db84e54a706e9227c301b0408a2 Mon Sep 17 00:00:00 2001
+From d262afcf95e617eace2f4207d4690587841d8882 Mon Sep 17 00:00:00 2001
From: Quirin Gylstorff <quirin.gylstorff@...>
Date: Wed, 29 Sep 2021 11:32:41 +0200
-Subject: [PATCH 06/10] debian/rules: Add Embedded Lua handler option
+Subject: [PATCH 2/6] debian/rules: Add Embedded Lua handler option

Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
---
@@ -9,10 +9,10 @@ Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
1 file changed, 5 insertions(+)

diff --git a/debian/rules b/debian/rules
-index 19870e9..12eb0ba 100755
+index ff8b6726..e1df4f06 100755
--- a/debian/rules
+++ b/debian/rules
-@@ -68,7 +68,12 @@ ifneq (,$(LUA_VERSION))
+@@ -51,7 +51,12 @@ ifneq (,$(LUA_VERSION))
echo CONFIG_LUAPKG=\"lua$(LUA_VERSION)\" >> configs/debian_defconfig
echo CONFIG_LUASCRIPTHANDLER=y >> configs/debian_defconfig
echo CONFIG_HANDLER_IN_LUA=y >> configs/debian_defconfig
@@ -26,5 +26,5 @@ index 19870e9..12eb0ba 100755
echo CONFIG_EXTRA_LDFLAGS=\"$(LDFLAGS)\" >> configs/debian_defconfig
echo CONFIG_EXTRA_LDLIBS=\"$(LDLIBS)\" >> configs/debian_defconfig
--
-2.34.1
+2.35.1

diff --git a/recipes-core/swupdate/files/0003-debian-rules-Add-option-to-disable-fs-creation.patch b/recipes-core/swupdate/files/0003-debian-rules-Add-option-to-disable-fs-creation.patch
index 08ba9b9..c6f84ce 100644
--- a/recipes-core/swupdate/files/0003-debian-rules-Add-option-to-disable-fs-creation.patch
+++ b/recipes-core/swupdate/files/0003-debian-rules-Add-option-to-disable-fs-creation.patch
@@ -1,7 +1,7 @@
-From 17d962a9b43f5debaed85affc6dccb2c471bffe9 Mon Sep 17 00:00:00 2001
+From 404d1f73f791babf3dd4546fa5f671f7717d6179 Mon Sep 17 00:00:00 2001
From: Quirin Gylstorff <quirin.gylstorff@...>
Date: Mon, 4 Oct 2021 17:15:56 +0200
-Subject: [PATCH 03/10] debian/rules: Add option to disable fs creation
+Subject: [PATCH 3/6] debian/rules: Add option to disable fs creation

Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
---
@@ -10,7 +10,7 @@ Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
2 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/debian/configs/defconfig b/debian/configs/defconfig
-index b34168e..d011deb 100644
+index ad28854c..d8e260b6 100644
--- a/debian/configs/defconfig
+++ b/debian/configs/defconfig
@@ -9,12 +9,6 @@ CONFIG_UPDATE_STATE_CHOICE_BOOTLOADER=y
@@ -27,12 +27,12 @@ index b34168e..d011deb 100644
CONFIG_RAW=y
CONFIG_RDIFFHANDLER=y
diff --git a/debian/rules b/debian/rules
-index 6705140..983e122 100755
+index e1df4f06..2ed88ad2 100755
--- a/debian/rules
+++ b/debian/rules
-@@ -45,6 +45,15 @@ endif
- ifeq (,$(filter pkg.swupdate.noencryption,$(DEB_BUILD_PROFILES)))
- echo CONFIG_ENCRYPTED_IMAGES=y >> configs/debian_defconfig
+@@ -44,6 +44,15 @@ endif
+ ifeq (,$(filter pkg.swupdate.nosigning,$(DEB_BUILD_PROFILES)))
+ echo CONFIG_SIGNED_IMAGES=y >> configs/debian_defconfig
endif
+ifeq (,$(filter pkg.swupdate.nocreatefs,$(DEB_BUILD_PROFILES)))
+ echo CONFIG_DISKPART=y >> configs/debian_defconfig
@@ -47,5 +47,5 @@ index 6705140..983e122 100755
echo CONFIG_PKCS11=y >> configs/debian_defconfig
endif
--
-2.34.1
+2.35.1

diff --git a/recipes-core/swupdate/files/0004-debian-rules-Add-option-to-disable-webserver.patch b/recipes-core/swupdate/files/0004-debian-rules-Add-option-to-disable-webserver.patch
index eaa6fcf..c670ee9 100644
--- a/recipes-core/swupdate/files/0004-debian-rules-Add-option-to-disable-webserver.patch
+++ b/recipes-core/swupdate/files/0004-debian-rules-Add-option-to-disable-webserver.patch
@@ -1,7 +1,7 @@
-From a02a6d4385f314601ef5c7094ecb26f5b5c3f134 Mon Sep 17 00:00:00 2001
+From 9e5313a9fe784e55bcf25dc0b61573aeedcc11ee Mon Sep 17 00:00:00 2001
From: Quirin Gylstorff <quirin.gylstorff@...>
Date: Mon, 4 Oct 2021 17:27:11 +0200
-Subject: [PATCH 04/10] debian/rules: Add option to disable webserver
+Subject: [PATCH 4/6] debian/rules: Add option to disable webserver

Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
---
@@ -10,10 +10,10 @@ Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/debian/configs/defconfig b/debian/configs/defconfig
-index d011deb..337fcce 100644
+index d8e260b6..c365f9ce 100644
--- a/debian/configs/defconfig
+++ b/debian/configs/defconfig
-@@ -6,8 +6,6 @@ CONFIG_SIGALG_CMS=y
+@@ -6,8 +6,6 @@ CONFIG_ENCRYPTED_IMAGES=y
CONFIG_SURICATTA=y
CONFIG_SURICATTA_SSL=y
CONFIG_UPDATE_STATE_CHOICE_BOOTLOADER=y
@@ -23,12 +23,12 @@ index d011deb..337fcce 100644
CONFIG_UNIQUEUUID=y
CONFIG_RAW=y
diff --git a/debian/rules b/debian/rules
-index 983e122..6078ed8 100755
+index 2ed88ad2..58742a6b 100755
--- a/debian/rules
+++ b/debian/rules
-@@ -39,6 +39,10 @@ else ifneq (,$(filter pkg.swupdate.efibootguard,$(DEB_BUILD_PROFILES)))
- else
- echo CONFIG_BOOTLOADER_NONE=y >> configs/debian_defconfig
+@@ -41,6 +41,10 @@ endif
+ ifeq (,$(filter pkg.swupdate.nohwcompat,$(DEB_BUILD_PROFILES)))
+ echo CONFIG_HW_COMPATIBILITY=y >> configs/debian_defconfig
endif
+ifeq (,$(filter pkg.swupdate.nowebserver,$(DEB_BUILD_PROFILES)))
+ echo CONFIG_WEBSERVER=y >> configs/debian_defconfig
@@ -38,5 +38,5 @@ index 983e122..6078ed8 100755
echo CONFIG_SIGNED_IMAGES=y >> configs/debian_defconfig
endif
--
-2.34.1
+2.35.1

diff --git a/recipes-core/swupdate/files/0009-debian-Add-patch-to-fix-bootloader_env_get-for-EBG.patch b/recipes-core/swupdate/files/0005-debian-Add-patch-to-fix-bootloader_env_get-for-EBG.patch
similarity index 89%
rename from recipes-core/swupdate/files/0009-debian-Add-patch-to-fix-bootloader_env_get-for-EBG.patch
rename to recipes-core/swupdate/files/0005-debian-Add-patch-to-fix-bootloader_env_get-for-EBG.patch
index fd263ee..793bd7a 100644
--- a/recipes-core/swupdate/files/0009-debian-Add-patch-to-fix-bootloader_env_get-for-EBG.patch
+++ b/recipes-core/swupdate/files/0005-debian-Add-patch-to-fix-bootloader_env_get-for-EBG.patch
@@ -1,9 +1,10 @@
-From 09a736a651ae05378d9ef8018589c9f834b729a6 Mon Sep 17 00:00:00 2001
+From 962f4b81ac1202e536628bfac822a22b8d7b0b3a Mon Sep 17 00:00:00 2001
From: Jan Kiszka <jan.kiszka@...>
Date: Tue, 12 Apr 2022 08:01:21 +0200
-Subject: [PATCH 09/10] debian: Add patch to fix bootloader_env_get for EBG
+Subject: [PATCH 5/6] debian: Add patch to fix bootloader_env_get for EBG

Signed-off-by: Jan Kiszka <jan.kiszka@...>
+Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
---
...ix-do_env_get-for-anything-but-globa.patch | 38 +++++++++++++++++++
debian/patches/series | 1 +
@@ -12,7 +13,7 @@ Signed-off-by: Jan Kiszka <jan.kiszka@...>

diff --git a/debian/patches/0001-bootloader-EBG-fix-do_env_get-for-anything-but-globa.patch b/debian/patches/0001-bootloader-EBG-fix-do_env_get-for-anything-but-globa.patch
new file mode 100644
-index 0000000..f99f7ee
+index 00000000..f99f7ee6
--- /dev/null
+++ b/debian/patches/0001-bootloader-EBG-fix-do_env_get-for-anything-but-globa.patch
@@ -0,0 +1,38 @@
@@ -55,12 +56,12 @@ index 0000000..f99f7ee
+2.34.1
+
diff --git a/debian/patches/series b/debian/patches/series
-index 8c5564a..98628a7 100644
+index 8c5564ae..98628a77 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1 +1,2 @@
use-gcc-compiler.diff
+0001-bootloader-EBG-fix-do_env_get-for-anything-but-globa.patch
--
-2.34.1
+2.35.1

diff --git a/recipes-core/swupdate/files/0005-debian-Make-CONFIG_HW_COMPATIBILTY-optional.patch b/recipes-core/swupdate/files/0005-debian-Make-CONFIG_HW_COMPATIBILTY-optional.patch
deleted file mode 100644
index eb19e5f..0000000
--- a/recipes-core/swupdate/files/0005-debian-Make-CONFIG_HW_COMPATIBILTY-optional.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From 8315d5ff8168fca1bd3752764e71f98e8b55f2ad Mon Sep 17 00:00:00 2001
-From: Quirin Gylstorff <quirin.gylstorff@...>
-Date: Tue, 5 Oct 2021 10:56:25 +0200
-Subject: [PATCH 05/10] debian: Make CONFIG_HW_COMPATIBILTY optional
-
-Add option for qemu.
-
-Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
----
- debian/configs/defconfig | 1 -
- debian/rules | 3 +++
- 2 files changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/debian/configs/defconfig b/debian/configs/defconfig
-index 337fcce..6fc1137 100644
---- a/debian/configs/defconfig
-+++ b/debian/configs/defconfig
-@@ -1,5 +1,4 @@
- CONFIG_SYSTEMD=y
--CONFIG_HW_COMPATIBILITY=y
- CONFIG_DOWNLOAD=y
- CONFIG_DOWNLOAD_SSL=y
- CONFIG_SIGALG_CMS=y
-diff --git a/debian/rules b/debian/rules
-index 6078ed8..19870e9 100755
---- a/debian/rules
-+++ b/debian/rules
-@@ -39,6 +39,9 @@ else ifneq (,$(filter pkg.swupdate.efibootguard,$(DEB_BUILD_PROFILES)))
- else
- echo CONFIG_BOOTLOADER_NONE=y >> configs/debian_defconfig
- endif
-+ifneq (,$(filter pkg.swupdate.hwcompatibility,$(DEB_BUILD_PROFILES)))
-+ echo CONFIG_HW_COMPATIBILITY=y >> configs/debian_defconfig
-+endif
- ifeq (,$(filter pkg.swupdate.nowebserver,$(DEB_BUILD_PROFILES)))
- echo CONFIG_WEBSERVER=y >> configs/debian_defconfig
- echo CONFIG_MONGOOSESSL=y >> configs/debian_defconfig
---
-2.34.1
-
diff --git a/recipes-core/swupdate/files/0010-debian-prepare-build-for-isar-debian-buster.patch b/recipes-core/swupdate/files/0006-debian-prepare-build-for-isar-debian-buster.patch
similarity index 58%
rename from recipes-core/swupdate/files/0010-debian-prepare-build-for-isar-debian-buster.patch
rename to recipes-core/swupdate/files/0006-debian-prepare-build-for-isar-debian-buster.patch
index 1d476e9..f3b9bfc 100644
--- a/recipes-core/swupdate/files/0010-debian-prepare-build-for-isar-debian-buster.patch
+++ b/recipes-core/swupdate/files/0006-debian-prepare-build-for-isar-debian-buster.patch
@@ -1,25 +1,24 @@
-From c9661853aea11f090b5936363b0bae10fe6ebed6 Mon Sep 17 00:00:00 2001
+From 33ce7123621f5da43cc8be730e916451abe84239 Mon Sep 17 00:00:00 2001
From: Quirin Gylstorff <quirin.gylstorff@...>
Date: Wed, 29 Sep 2021 16:17:03 +0200
-Subject: [PATCH 10/10] debian: prepare build for isar debian buster
+Subject: [PATCH 6/6] debian: prepare build for isar debian buster

Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
---
debian/compat | 1 +
debian/control | 10 +++++-----
- debian/rules | 4 +++-
- 3 files changed, 9 insertions(+), 6 deletions(-)
+ 2 files changed, 6 insertions(+), 5 deletions(-)
create mode 100644 debian/compat

diff --git a/debian/compat b/debian/compat
new file mode 100644
-index 0000000..f599e28
+index 00000000..f599e28b
--- /dev/null
+++ b/debian/compat
@@ -0,0 +1 @@
+10
diff --git a/debian/control b/debian/control
-index 192c4a2..9318fa1 100644
+index 192c4a2a..9318fa12 100644
--- a/debian/control
+++ b/debian/control
@@ -4,7 +4,7 @@ Priority: optional
@@ -46,27 +45,6 @@ index 192c4a2..9318fa1 100644
libubootenv-dev <pkg.swupdate.uboot>,
libebgenv-dev <pkg.swupdate.efibootguard> | efibootguard-dev <pkg.swupdate.efibootguard>,
libcmocka-dev,
-diff --git a/debian/rules b/debian/rules
-index 4dc9e17..370ca3d 100755
---- a/debian/rules
-+++ b/debian/rules
-@@ -19,13 +19,15 @@ endif
-
- override_dh_auto_configure:
- cp debian/configs/defconfig configs/debian_defconfig
--ifeq (,$(filter pkg.swupdate.bpo,$(DEB_BUILD_PROFILES)))
-+ifneq (,$(filter pkg.swupdate.mtd,$(DEB_BUILD_PROFILES)))
- echo CONFIG_MTD=y >> configs/debian_defconfig
-+ifneq (,$(filter pkg.swupdate.ubi,$(DEB_BUILD_PROFILES)))
- echo CONFIG_SWUFORWARDER_HANDLER=y >> configs/debian_defconfig
- echo CONFIG_CFI=y >> configs/debian_defconfig
- echo CONFIG_CFIHAMMING1=y >> configs/debian_defconfig
- echo CONFIG_UBIVOL=y >> configs/debian_defconfig
- echo CONFIG_SSBLSWITCH=y >> configs/debian_defconfig
-+endif
- else
- echo "# CONFIG_MTD is not set" >> configs/debian_defconfig
- endif
--
-2.34.1
+2.35.1

diff --git a/recipes-core/swupdate/files/0008-Add-Profile-option-to-disable-CONFIG_HASH_VERIFY.patch b/recipes-core/swupdate/files/0008-Add-Profile-option-to-disable-CONFIG_HASH_VERIFY.patch
deleted file mode 100644
index a5207ee..0000000
--- a/recipes-core/swupdate/files/0008-Add-Profile-option-to-disable-CONFIG_HASH_VERIFY.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From 2776a4817eb91be3df001e04d548a702e9f5291a Mon Sep 17 00:00:00 2001
-From: Quirin Gylstorff <quirin.gylstorff@...>
-Date: Mon, 14 Feb 2022 12:27:43 +0100
-Subject: [PATCH 08/10] Add Profile option to disable CONFIG_HASH_VERIFY
-
-This change also enables CONFIG_HASH_VERIFY by default.
-
-Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
----
- debian/rules | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/debian/rules b/debian/rules
-index 76fce01..4dc9e17 100755
---- a/debian/rules
-+++ b/debian/rules
-@@ -42,6 +42,9 @@ endif
- ifneq (,$(filter pkg.swupdate.hwcompatibility,$(DEB_BUILD_PROFILES)))
- echo CONFIG_HW_COMPATIBILITY=y >> configs/debian_defconfig
- endif
-+ifeq (,$(filter pkg.swupdate.nohashverify,$(DEB_BUILD_PROFILES)))
-+ echo CONFIG_HASH_VERIFY=y >> configs/debian_defconfig
-+endif
- ifeq (,$(filter pkg.swupdate.nowebserver,$(DEB_BUILD_PROFILES)))
- echo CONFIG_WEBSERVER=y >> configs/debian_defconfig
- echo CONFIG_MONGOOSESSL=y >> configs/debian_defconfig
---
-2.34.1
-
diff --git a/recipes-core/swupdate/swupdate_2021.11-1+debian-gbp.bb b/recipes-core/swupdate/swupdate_2021.11-1+debian-gbp.bb
index 7edefe7..086911b 100644
--- a/recipes-core/swupdate/swupdate_2021.11-1+debian-gbp.bb
+++ b/recipes-core/swupdate/swupdate_2021.11-1+debian-gbp.bb
@@ -13,23 +13,20 @@ inherit dpkg-gbp
include swupdate.inc

SRC_URI = "git://salsa.debian.org/debian/swupdate.git;protocol=https;branch=debian/master"
-SRCREV ="debian/2021.11-1"
+SRCREV ="344548c816b555c58ec199f31e45703897d23fb5"

# add options to DEB_BUILD_PROFILES
-SRC_URI += "file://0001-debian-config-Make-image-encryption-optional.patch \
- file://0002-debian-rules-Add-CONFIG_MTD.patch \
+SRC_URI += "file://0001-debian-Remove-SWUpdate-USB-service-and-Udev-rules.patch \
+ file://0002-debian-rules-Add-Embedded-Lua-handler-option.patch \
file://0003-debian-rules-Add-option-to-disable-fs-creation.patch \
file://0004-debian-rules-Add-option-to-disable-webserver.patch \
- file://0005-debian-Make-CONFIG_HW_COMPATIBILTY-optional.patch \
- file://0006-debian-rules-Add-Embedded-Lua-handler-option.patch \
- file://0007-debian-Remove-SWUpdate-USB-service-and-Udev-rules.patch \
- file://0008-Add-Profile-option-to-disable-CONFIG_HASH_VERIFY.patch \
- file://0009-debian-Add-patch-to-fix-bootloader_env_get-for-EBG.patch"
+ file://0005-debian-Add-patch-to-fix-bootloader_env_get-for-EBG.patch"

# end patching for dm-verity based images

-# deactivate signing and encryption for simple a/b rootfs update
-DEB_BUILD_PROFILES += "pkg.swupdate.nosigning pkg.swupdate.noencryption"
+# deactivate signing and hardware compability for simple a/b rootfs update
+DEB_BUILD_PROFILES += "pkg.swupdate.nosigning"
+DEB_BUILD_PROFILES += "pkg.swupdate.nohwcompat"

# add cross build and deactivate testing for arm based builds
DEB_BUILD_PROFILES += "cross nocheck"
@@ -40,11 +37,12 @@ DEB_BUILD_PROFILES += "cross nocheck"
# DEB_BUILD_PROFILES += "pkg.swupdate.embeddedlua"

# modify for debian buster build
-SRC_URI_append_buster = " file://0010-debian-prepare-build-for-isar-debian-buster.patch"
+SRC_URI_append_buster = " file://0006-debian-prepare-build-for-isar-debian-buster.patch"

# disable create filesystem due to missing symbols in debian buster
# disable webserver due to missing symbols in debian buster
DEB_BUILD_PROFILES_append_buster = " \
+ pkg.swupdate.bpo \
pkg.swupdate.nocreatefs \
pkg.swupdate.nowebserver "
# In debian buster the git-compression defaults to gz and does not detect other
--
2.35.1


Re: 4.19 oopses on socfpga

Nobuhiro Iwamatsu
 

Hi Koguchi-san,


One of my customer has reported to me the same issue(oops) and the same
remedy(revert) for v5.10.112-cip6.
Is it not recognized yet by the upstream or CIP?
It will be fixed in 5.10.114.
5.10.114-rc1:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git/commit/?h=linux-5.10.y&id=59e6e7df9216d52a16448ad48a45e62def70acbc

CIP will support this weekend's release.

Best regards,
Nobuhiro


Re: 4.19 oopses on socfpga

Takuo Koguchi
 

Iwamatsu-san,

-----Original Message-----
From: cip-dev@... <cip-dev@...> On Behalf
Of Nobuhiro Iwamatsu
Sent: Sunday, May 1, 2022 7:37 AM
To: cip-dev@...
Cc: Chris Paterson <Chris.Paterson2@...>;
alice.ferrazzi@...; Nobuhiro Iwamatsu
<nobuhiro1.iwamatsu@...>
Subject: [!]Re: [cip-dev] 4.19 oopses on socfpga

Hi,

2022年4月29日(金) 15:07 Nobuhiro Iwamatsu <iwamatsu@...>:

Hi,

2022年4月29日(金) 8:57 Masami Ichikawa <masami256@...>:

Hello.

On Fri, Apr 29, 2022 at 2:35 AM Pavel Machek <pavel@...> wrote:

Hi!


There's oops during boot on socfpga:

4.19.240-cip72-00010-g0ffbb4b1066 --
https://secure-web.cisco.com/1jOfbkhAUdCz4mo_YgK84zAC5ffFZ9KzMin
8BNNUdhQIx6Hrly24tfgtFgWgKCijx3qeXp71JLjo7Rmpu_IwilMXdaLGXPImDXY
voBqMHK4Y9plWRw2jBxopiWvlvg7iX9mpdqvVU0jS16P2V9_aGIyr3dAMDKsbFg
_
wvYdlQdRnNIcRWOG0K49tdixTN9BxlsMdpHMJtxTs2SR1t6IFW_vVAj99XXTqZab
BsqHykkcdft2cAnMIBIqlvKMd1aWily5NH8HKrd93MWrgpF0_Ky8ZhmWn1mMw
mGJ
SR_z4rQTYUEVDmJ4l4xslRv-YKwqVT/https%3A%2F%2Flava.ciplatform.org
%2Fscheduler%2Fjob%2F669893
4.19.240-rc1-g5e5c9d690926 --
https://secure-web.cisco.com/16pAhVK6fBCFbfXvcMmuJrzhLUlKDpKQ4ca
dquSiRHleedrp6gMEuV7GU68R9y_jKFbMKTMTzp__T2GziUzr9vCYDvFQU1fwfx
q
8JyMtzLF3VcBWtZRG_lADpGlM44gTWbpGLCoRhCUgGb_n9WbXH_GUV7VfUV
D0kL4
0gRECOYpMq_vsL1lct3WZUHyKCt3I7tYBGlyh7t8UTUKQkKNehHlj5F47ud8ElVi
MQjBxKlaF9na3flHA6Qb5XsgKYYgQnsrPCWf6ixjkod6E2cSBD00wPDnVp0PWV
6s
s3_n4hiUleclye_88ynPk5VYPa8PGJ/https%3A%2F%2Flava.ciplatform.org
%2Fscheduler%2Fjob%2F669259

This commit may be relevant:

commit e2423aa174e6c3e9805e96db778245ba73cdd88c
net: ethernet: stmmac: fix altr_tse_pcs function when using a
fixed-link
[ Upstream commit
a6aaa00324240967272b451bfa772547bd576ee6 ]

Let me investigate a bit more.
I tried to do some testing, but it fails on two targets:

https://secure-web.cisco.com/1i3aTbv6J7f-CwAS1j7J6eSciyhrD1xxeOgs6
HWkBPlbreVMAXnm7m3NB4XP02FJ44P6gb3eC8y-4atP0IPwiVnyKmvZuPM7dM
yv3Eo
IfyrlI6lzG5f3agR_zkIX7MFdsLrOpC7fjUzsiA3nU4qIBKE43MEkUWBe3B-S6Vuya
jh9XDxFGwZjrbYCcLg5KenRKzEY9D3fnBSv6zEskWiTArr6HqHzcThqiuQvjesAm
lO
QNf5-O9GO1orFh9aHALU-gg-UxDZQuRvlaWK9W8rUknQ-IuOocywYul70bww6
bF9bO
1sOzxvhVK0W-Nfch7cuF/https%3A%2F%2Fgitlab.com%2Fcip-project%2Fcip-
kernel%2Flinux-cip%2F-%2Fpipelines%2F522211501

And failed test says:

https://secure-web.cisco.com/1osB1u3XwFWfEVdNTDFt8PFk3VQn3lsJny4Dt
ytDWi_4uGjB0ILyQqN5BQjlB7Igd11fBZ2NiU3nzq6umHnyp2vo0WC3BafS4faC4_
4
ESKeyjPyg8H_OctweeK2EAqJdYY3MaFxML9YfE9uwskFKJuYaECNLOPTWdBB
QWWPIN
9LoTg3y_3Vf1SXiABLgy6vKph4tpMehAOOS8k_0fbSVXhdqpgI95WLSjKKQ_4iTu
Eg
lH6axQ2dRBEjSi1631jcilAugrSadnSFqmZdjo6xPCyXqplqwmHgZ5rjEguk7NJRXb
JtUwiyNCM9u_MVtuG4fo/https%3A%2F%2Flava.ciplatform.org%2Fscheduler
%2Fjob%2F670508

ob error: Invalid job data: ["Resource unavailable at
'https://secure-web.cisco.com/1rmmxEhS_emdbxkeY7BMSkhhKd2LpA6ygwed
S3KiFTTEKaDdBsB5GrNFn9NQK8qkji2BmfaT9KVD57mLTfZWvHST3ZKst89z
MgcvEL_gUyDRRQUYq_CySuyBILBZv1B1ZxxRHVPdxYUoB0mzOZvhhApJmalcu
mYEJIgFUkJOid3xp-3_R6RVh2dXA0eckky10qnkYAln5dqlDfZUXBjNYBVMB1l8VT
qqOjBX4IuETWqS-NxC51TuZTJW6jahSNdBXBZ43B1WXrHeiQPRQYVKNeq57K
UPyviIUI6iAw-tKjHvHgLjCHzSQ1tYQxvx3SKqy/https%3A%2F%2Fs3.eu-central
-1.amazonaws.com%2Fdownload2.cip-project.org%2Fcip-testing%2Flinux-cip
%2FzImage_siemens_de0-nano-soc_defconfig_4.19.239_e5e741fbf%2Farm%2F
siemens_de0-nano-soc_defconfig%2Fdtb%2Fsocfpga_cyclone5_de0_nano_soc
.dtb'
(404)"]

which sounds like a test problem, not kernel problem.

Any ideas?
It looks like the pipeline 522211501's build job didn't build
socfpga_cyclone5_de0_nano_soc.dtb.
https://secure-web.cisco.com/1A642org3Qm5HN30l_4ROLIGL5W2Ab88JM0Ha
Ij
mjHVUNECJy4KkZJ9kQwpwJeNcB2zuVQJUodYZvM7Rmt03MBCOUB7HQcfpjN
odhosbBC1
I9IewJWYRRxG8Dmc2tyfdlfuSPosWN1jUtN1ymWINJeaJBkK6xPh6VD6v0rYNiBY
n9Ue
05j1-GRyAeKZUOoBd6PPk433wDVueaHS98VHasCDJpFpznvorpwl_3_a2zuk1fip
VJWh
FIZCue1eSDc_EKpa-3_EJiSLnhMc3gl0c2iB4sed22i4rn_8Qx6vF5yhc4LjydIQEu
K9
7AT9jZoiI1/https%3A%2F%2Fgitlab.com%2Fcip-project%2Fcip-kernel%2Flin
ux-cip%2F-%2Fjobs%2F2364180684%23L2417

An old build job(pipeline #523704627 . kernel 4.19.239-cip72) builds
the dtb file.
https://secure-web.cisco.com/1VU4bPqh7VgbVJP9jU93GuJlHMPpDNQiepTxed
k
bBE9YF1SRM0dNMe07in9Bc87ce9qxhLC3Vjfm4Du65tIP6lQy7EOvKO64xpQOEu
SqCYb
gCbJp9_InjkaIdUOVG9ESgt-bE75fKnblDG1hvYbjyI4pjat8kMpXhajYlS3DKc17Wx
H
MoarFjEGeYYN5BWNq2BlRBlFsGD-iF_QuBZaEhNi0InwishFl98a6q8QPGDLo83
vESJp
s3AfYymY1dbmEztJ4QyxsoHH91ZJ1ECNKQ-aLGYVdcDKWyQEEzdzDRatgblVqS
HJSezm
JNr5h7EJax/https%3A%2F%2Fgitlab.com%2Fcip-project%2Fcip-kernel%2Flin
ux-cip%2F-%2Fjobs%2F2371451342%23L2907
This is the backport patch is imported into the CIP kernel.

https://secure-web.cisco.com/1ApuiGL_0xOwfNNZcvULWOERf-s4HL6xZzlZ8t
zOY
eaV9h1EfF5R7PUodJJz0QzKqnf8CWLe0HgfxAbDYCxJQS9CaymOLUSxwNCadU
6EyGM-2g8
cml5kl9T_1EF43sJNlBumX4QCQe4me1yZp4gV7iszMA-0OjWcNUOpEEthuARXe
8uVhR4IN
3mPrq1qxkkVwcmLv8esU0mFU6QSuMF-y6WRxoPKHKFhSgknCr9Hdj3i-T4IZ2
RQdMrKiww
awNUyqjZZ9aFpY3MPYs1ygrZyq3_w5IoT-klGU7OgGiN_TuL9xpojOXZKN-yruHr
RdUbPw
/https%3A%2F%2Fgit.kernel.org%2Fpub%2Fscm%2Flinux%2Fkernel%2Fgit%2F
cip
%2Flinux-cip.git%2Fcommit%2F%3Fh%3Dlinux-4.19.y-cip%26id%3D64729dc
0be4
847961550cdcca4ddc66adf556aaa

I was revert E2423AA174E6 with a CIP kernel and confirmed. I think
this is the cause.
https://secure-web.cisco.com/1ZTiYQ1MlKN8-SRgBNnYLLSDw5yArMWHWW
MZdAmylKtYlap7PTxOBUlyqxkPH94yM8jKYiaO2CcmXSGchP_Q-nuLLfRWWXV
GOetLFf5d9hTpPOtRJw47SlicuiJGwXG1pg1RCwr8xI0idTaNChyacjoKxttcWGVB
YaRVXU3Yn6qNFcKHBxdu5WfD0uIdnmq2XD1So8rtvuKnim0__v35HUCAzHmU7
YA0okYZ0oKt5jairZG4c0hRW3sjFlSwX2A2wp9U6qtKw_D29aSv5xa9z_yfouO8n
Ty4qbZXo8uHk63rDk00sp_rRNanm-wP3DHjI/https%3A%2F%2Fgitlab.com%2F
cip-project%2Fcip-kernel%2Flinux-cip%2F-%2Fcommit%2F009b7940a6ca52f2
b39099c2c4d10bab337829b5

https://secure-web.cisco.com/1tK76i_ga9LliaGRryilcwTYWTMd2i-p3ZlQy_g5
0
qQVX_0IbwD9lubuPagOHOEK9napv3cu6BrVkN372e7-ryX63dyFyxXLpVqBB4jfo
AQo-Ka
MAo8SnlV--XsCRjJaeLiNMGF7K3LKuxvAAN-9QO5RxcwxJ3KrErvnygSk6wfNifn
K_L2XP
YNLaHINjNbBJm2MyB8Q_9F2aRfMblpRjftg4NL_8dZj8aHWwswhTX4tOYrJoV0P
RmP6BFK
DYyMp3Sit0-uuPtLRb995hq15CgzZH1YzWU7VQd7YImNJF64YptC_uhZlod-gJrX
wnDBqy
/https%3A%2F%2Fgitlab.com%2Fcip-project%2Fcip-kernel%2Flinux-cip%2F-%
2
Fjobs%2F2392927535

I will check the board supported by LTS.
This was also reproduced on other SOCFPGA boards.
And as you know, this commit has already been Revert in LTS.

Best regards,
Nobuhiro
One of my customer has reported to me the same issue(oops) and the same remedy(revert) for v5.10.112-cip6.
Is it not recognized yet by the upstream or CIP?

Best regards,

Takuo Koguchi


[isar-cip-core][PATCH v2 13/13] start-qemu.sh: Add support for SWUpdate and secure boot mode to arm64

Jan Kiszka
 

From: Jan Kiszka <jan.kiszka@...>

We just need to pick up the newly deployed firmware.bin as -bios,
analogously to the x86's OVMF, and switch to a disk image. A separate
key storage is not yet used, thus there is no difference between normal
and secure mode for arm64 so far.

Signed-off-by: Jan Kiszka <jan.kiszka@...>
---
start-qemu.sh | 67 ++++++++++++++++++++++++++++++++-------------------
1 file changed, 42 insertions(+), 25 deletions(-)

diff --git a/start-qemu.sh b/start-qemu.sh
index fe08ebd..ad4fca5 100755
--- a/start-qemu.sh
+++ b/start-qemu.sh
@@ -45,7 +45,10 @@ if [ -z "${TARGET_IMAGE}" ];then
fi
fi

-case "$1" in
+arch="$1"
+shift 1
+
+case "${arch}" in
x86|x86_64|amd64)
DISTRO_ARCH=amd64
QEMU=qemu-system-x86_64
@@ -98,7 +101,7 @@ case "$1" in
usage
;;
*)
- echo "Unsupported architecture: $1"
+ echo "Unsupported architecture: ${arch}"
exit 1
;;
esac
@@ -107,40 +110,54 @@ IMAGE_PREFIX="$(dirname $0)/build/tmp/deploy/images/qemu-${DISTRO_ARCH}/${TARGET

if [ -z "${DISPLAY}" ]; then
QEMU_EXTRA_ARGS="${QEMU_EXTRA_ARGS} -nographic"
- case "$1" in
+ case "${arch}" in
x86|x86_64|amd64)
KERNEL_CMDLINE="${KERNEL_CMDLINE} console=ttyS0"
esac
fi

-shift 1
-
QEMU_COMMON_OPTIONS=" \
-m 1G \
-serial mon:stdio \
-netdev user,id=net,hostfwd=tcp:127.0.0.1:22222-:22 \
${QEMU_EXTRA_ARGS}"

-if [ -n "${SECURE_BOOT}" ]; then
- ovmf_code=${OVMF_CODE:-./build/tmp/deploy/images/qemu-amd64/OVMF/OVMF_CODE_4M.secboot.fd}
- ovmf_vars=${OVMF_VARS:-./build/tmp/deploy/images/qemu-amd64/OVMF/OVMF_VARS_4M.snakeoil.fd}
-
- ${QEMU_PATH}${QEMU} \
- -global ICH9-LPC.disable_s3=1 \
- -global isa-fdc.driveA= \
- -drive if=pflash,format=raw,unit=0,readonly=on,file=${ovmf_code} \
- -drive if=pflash,format=raw,file=${ovmf_vars} \
- -drive file=${IMAGE_PREFIX}.wic.img,discard=unmap,if=none,id=disk,format=raw \
- ${QEMU_COMMON_OPTIONS} "$@"
-
-elif [ -n "${SWUPDATE_BOOT}" ]; then
- ovmf_code=${OVMF_CODE:-./build/tmp/deploy/images/qemu-amd64/OVMF/OVMF_CODE_4M.fd}
-
- ${QEMU_PATH}${QEMU} \
- -drive file=${IMAGE_PREFIX}.wic.img,discard=unmap,if=none,id=disk,format=raw \
- -drive if=pflash,format=raw,unit=0,readonly=on,file=${ovmf_code} \
- ${QEMU_COMMON_OPTIONS} "$@"
-
+if [ -n "${SECURE_BOOT}${SWUPDATE_BOOT}" ]; then
+ case "${arch}" in
+ x86|x86_64|amd64)
+ if [ -n "${SECURE_BOOT}" ]; then
+ ovmf_code=${OVMF_CODE:-./build/tmp/deploy/images/qemu-amd64/OVMF/OVMF_CODE_4M.secboot.fd}
+ ovmf_vars=${OVMF_VARS:-./build/tmp/deploy/images/qemu-amd64/OVMF/OVMF_VARS_4M.snakeoil.fd}
+
+ ${QEMU_PATH}${QEMU} \
+ -global ICH9-LPC.disable_s3=1 \
+ -global isa-fdc.driveA= \
+ -drive if=pflash,format=raw,unit=0,readonly=on,file=${ovmf_code} \
+ -drive if=pflash,format=raw,file=${ovmf_vars} \
+ -drive file=${IMAGE_PREFIX}.wic.img,discard=unmap,if=none,id=disk,format=raw \
+ ${QEMU_COMMON_OPTIONS} "$@"
+ else
+ ovmf_code=${OVMF_CODE:-./build/tmp/deploy/images/qemu-amd64/OVMF/OVMF_CODE_4M.fd}
+
+ ${QEMU_PATH}${QEMU} \
+ -drive file=${IMAGE_PREFIX}.wic.img,discard=unmap,if=none,id=disk,format=raw \
+ -drive if=pflash,format=raw,unit=0,readonly=on,file=${ovmf_code} \
+ ${QEMU_COMMON_OPTIONS} "$@"
+ fi
+ ;;
+ arm64|aarch64)
+ u_boot_bin=${FIRMWARE_BIN:-./build/tmp/deploy/images/qemu-arm64/firmware.bin}
+
+ ${QEMU_PATH}${QEMU} \
+ -drive file=${IMAGE_PREFIX}.wic.img,discard=unmap,if=none,id=disk,format=raw \
+ -bios ${u_boot_bin} \
+ ${QEMU_COMMON_OPTIONS} "$@"
+ ;;
+ *)
+ echo "Unsupported architecture: ${arch}"
+ exit 1
+ ;;
+ esac
else
IMAGE_FILE=$(ls ${IMAGE_PREFIX}.ext4.img)

--
2.34.1


[isar-cip-core][PATCH v2 08/13] efibootguard: Fix empty command line case

Jan Kiszka
 

From: Jan Kiszka <jan.kiszka@...>

We crash in case of an empty command line with non-unified kernel images
right now. Just avoid cmdline==None, will also make upcoming changes
simpler.

Signed-off-by: Jan Kiszka <jan.kiszka@...>
---
scripts/lib/wic/plugins/source/efibootguard-boot.py | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/scripts/lib/wic/plugins/source/efibootguard-boot.py b/scripts/lib/wic/plugins/source/efibootguard-boot.py
index 909e629..9267033 100644
--- a/scripts/lib/wic/plugins/source/efibootguard-boot.py
+++ b/scripts/lib/wic/plugins/source/efibootguard-boot.py
@@ -80,7 +80,7 @@ class EfibootguardBootPlugin(SourcePlugin):

boot_files = source_params.get("files", "").split(' ')
unified_kernel = source_params.get("unified-kernel") or 'y'
- cmdline = bootloader.append
+ cmdline = bootloader.append or ''
if unified_kernel == 'y':
boot_image = cls._create_unified_kernel_image(rootfs_dir,
cr_workdir,
@@ -113,7 +113,7 @@ class EfibootguardBootPlugin(SourcePlugin):
% (
part.label.upper(),
boot_image,
- '-a "%s"' % cmdline if cmdline else "",
+ '-a "%s"' % cmdline,
source_params.get("revision", 1),
wdog_timeout
)
--
2.34.1


[isar-cip-core][PATCH v2 11/13] u-boot-qemu-arm64: Add recipe for customized version based on 2022.04

Jan Kiszka
 

From: Jan Kiszka <jan.kiszka@...>

This will be used for booting via UEFI, both in open and locked-down
secure mode. The secure mode variations can be selected by adding
"secureboot" to OVERRIDES.

One extra patch is needed to add support for long-living certificates.
It is pending upstream.

Signed-off-by: Jan Kiszka <jan.kiszka@...>
---
...-rtc_mktime-and-mktime64-Y2038-ready.patch | 107 ++++++++++++++++++
recipes-bsp/u-boot/files/rules | 40 +++++++
recipes-bsp/u-boot/files/secure-boot.cfg | 6 +
.../u-boot/u-boot-qemu-arm64_2022.04.bb | 50 ++++++++
4 files changed, 203 insertions(+)
create mode 100644 recipes-bsp/u-boot/files/0001-lib-date-Make-rtc_mktime-and-mktime64-Y2038-ready.patch
create mode 100755 recipes-bsp/u-boot/files/rules
create mode 100644 recipes-bsp/u-boot/files/secure-boot.cfg
create mode 100644 recipes-bsp/u-boot/u-boot-qemu-arm64_2022.04.bb

diff --git a/recipes-bsp/u-boot/files/0001-lib-date-Make-rtc_mktime-and-mktime64-Y2038-ready.patch b/recipes-bsp/u-boot/files/0001-lib-date-Make-rtc_mktime-and-mktime64-Y2038-ready.patch
new file mode 100644
index 0000000..b2ff705
--- /dev/null
+++ b/recipes-bsp/u-boot/files/0001-lib-date-Make-rtc_mktime-and-mktime64-Y2038-ready.patch
@@ -0,0 +1,107 @@
+From 8b990a06685678abd8dbc8be86c27bf3e94e3694 Mon Sep 17 00:00:00 2001
+From: Jan Kiszka <jan.kiszka@...>
+Date: Sun, 24 Apr 2022 11:24:54 +0200
+Subject: [PATCH] lib/date: Make rtc_mktime and mktime64 Y2038-ready
+
+We currently overflow due to wrong types used internally in rtc_mktime,
+on all platforms, and we return a too small type on 32-bit.
+
+One consumer that directly benefits from this is mktime64. Many others
+may still store the result in a wrong type.
+
+While at it, drop the redundant cast of mon in rtc_mktime (obsoleted by
+714209832db1).
+
+Signed-off-by: Jan Kiszka <jan.kiszka@...>
+---
+ include/linux/time.h | 3 ---
+ include/rtc.h | 8 +++++---
+ lib/date.c | 13 +++++--------
+ 3 files changed, 10 insertions(+), 14 deletions(-)
+
+diff --git a/include/linux/time.h b/include/linux/time.h
+index 702dd276aea..14ff5b6f481 100644
+--- a/include/linux/time.h
++++ b/include/linux/time.h
+@@ -152,9 +152,6 @@ _DEFUN (ctime_r, (tim_p, result),
+ return asctime_r (localtime_r (tim_p, &tm), result);
+ }
+
+-/* for compatibility with linux code */
+-typedef __s64 time64_t;
+-
+ #ifdef CONFIG_LIB_DATE
+ time64_t mktime64(const unsigned int year, const unsigned int mon,
+ const unsigned int day, const unsigned int hour,
+diff --git a/include/rtc.h b/include/rtc.h
+index 6c7fcadd488..10104e3bf5a 100644
+--- a/include/rtc.h
++++ b/include/rtc.h
+@@ -16,6 +16,8 @@
+ #include <bcd.h>
+ #include <rtc_def.h>
+
++typedef int64_t time64_t;
++
+ #ifdef CONFIG_DM_RTC
+
+ struct udevice;
+@@ -301,7 +303,7 @@ int rtc_calc_weekday(struct rtc_time *time);
+ void rtc_to_tm(u64 time_t, struct rtc_time *time);
+
+ /**
+- * rtc_mktime() - Convert a broken-out time into a time_t value
++ * rtc_mktime() - Convert a broken-out time into a time64_t value
+ *
+ * The following fields need to be valid for this function to work:
+ * tm_sec, tm_min, tm_hour, tm_mday, tm_mon, tm_year
+@@ -309,9 +311,9 @@ void rtc_to_tm(u64 time_t, struct rtc_time *time);
+ * Note that tm_wday and tm_yday are ignored.
+ *
+ * @time: Broken-out time to convert
+- * Return: corresponding time_t value, seconds since 1970-01-01 00:00:00
++ * Return: corresponding time64_t value, seconds since 1970-01-01 00:00:00
+ */
+-unsigned long rtc_mktime(const struct rtc_time *time);
++time64_t rtc_mktime(const struct rtc_time *time);
+
+ /**
+ * rtc_month_days() - The number of days in the month
+diff --git a/lib/date.c b/lib/date.c
+index c589d9ed3a2..e3d22459cd0 100644
+--- a/lib/date.c
++++ b/lib/date.c
+@@ -71,19 +71,16 @@ int rtc_calc_weekday(struct rtc_time *tm)
+ * -year / 100 + year / 400 terms, and add 10.]
+ *
+ * This algorithm was first published by Gauss (I think).
+- *
+- * WARNING: this function will overflow on 2106-02-07 06:28:16 on
+- * machines where long is 32-bit! (However, as time_t is signed, we
+- * will already get problems at other places on 2038-01-19 03:14:08)
+ */
+-unsigned long rtc_mktime(const struct rtc_time *tm)
++time64_t rtc_mktime(const struct rtc_time *tm)
+ {
+ int mon = tm->tm_mon;
+ int year = tm->tm_year;
+- int days, hours;
++ unsigned long days;
++ time64_t hours;
+
+ mon -= 2;
+- if (0 >= (int)mon) { /* 1..12 -> 11, 12, 1..10 */
++ if (0 >= mon) { /* 1..12 -> 11, 12, 1..10 */
+ mon += 12; /* Puts Feb last since it has leap day */
+ year -= 1;
+ }
+@@ -109,5 +106,5 @@ time64_t mktime64(const unsigned int year, const unsigned int mon,
+ time.tm_min = min;
+ time.tm_sec = sec;
+
+- return (time64_t)rtc_mktime((const struct rtc_time *)&time);
++ return rtc_mktime((const struct rtc_time *)&time);
+ }
+--
+2.34.1
+
diff --git a/recipes-bsp/u-boot/files/rules b/recipes-bsp/u-boot/files/rules
new file mode 100755
index 0000000..36e1e1b
--- /dev/null
+++ b/recipes-bsp/u-boot/files/rules
@@ -0,0 +1,40 @@
+#!/usr/bin/make -f
+#
+# Copyright (c) Siemens AG, 2018-2022
+#
+# SPDX-License-Identifier: MIT
+
+ifneq ($(DEB_BUILD_GNU_TYPE),$(DEB_HOST_GNU_TYPE))
+export CROSS_COMPILE=$(DEB_HOST_GNU_TYPE)-
+SET_CROSS_BUILD_TOOLS=CROSS_BUILD_TOOLS=y
+endif
+
+override_dh_auto_build:
+ if [ -e /usr/share/secure-boot-secrets/secure-boot.pem ]; then \
+ openssl x509 -in /usr/share/secure-boot-secrets/secure-boot.pem -out secure-boot.der -outform der; \
+ rm -f secure-boot.esl; \
+ efisiglist -a -c secure-boot.der -o secure-boot.esl; \
+ rm -f ubootefi.var; \
+ tools/efivar.py set -i ubootefi.var -n PK -d secure-boot.esl -t file; \
+ tools/efivar.py set -i ubootefi.var -n KEK -d secure-boot.esl -t file; \
+ tools/efivar.py set -i ubootefi.var -n db -d secure-boot.esl -t file; \
+ fi
+ $(MAKE) $(PARALLEL_MAKE) $(U_BOOT_CONFIG)
+ $(MAKE) $(PARALLEL_MAKE) ${U_BOOT_BIN}
+ $(MAKE) -n u-boot-initial-env >/dev/null 2>&1; if [ $$? -ne 2 ]; then \
+ $(MAKE) $(PARALLEL_MAKE) u-boot-initial-env; \
+ else \
+ ./scripts/get_default_envs.sh >u-boot-initial-env; \
+ fi
+ $(MAKE) $(PARALLEL_MAKE) $(SET_CROSS_BUILD_TOOLS) NO_SDL=1 tools-only envtools
+
+override_dh_auto_install:
+ mv tools/env/lib.a tools/env/libubootenv.a
+
+override_dh_auto_test:
+
+override_dh_strip:
+ dh_strip -X libubootenv.a
+
+%:
+ dh $@ --parallel
diff --git a/recipes-bsp/u-boot/files/secure-boot.cfg b/recipes-bsp/u-boot/files/secure-boot.cfg
new file mode 100644
index 0000000..a1b9931
--- /dev/null
+++ b/recipes-bsp/u-boot/files/secure-boot.cfg
@@ -0,0 +1,6 @@
+### Secure boot config
+CONFIG_BOOTDELAY=-2
+CONFIG_USE_BOOTCOMMAND=y
+CONFIG_BOOTCOMMAND="setenv scan_dev_for_boot 'if test -e ${devtype} ${devnum}:${distro_bootpart} efi/boot/bootaa64.efi; then load ${devtype} ${devnum}:${distro_bootpart} ${kernel_addr_r} efi/boot/bootaa64.efi; bootefi ${kernel_addr_r} ${fdtcontroladdr}; fi'; run distro_bootcmd; echo 'EFI Boot failed!'; sleep 1000; reset"
+CONFIG_EFI_VARIABLES_PRESEED=y
+CONFIG_EFI_SECURE_BOOT=y
diff --git a/recipes-bsp/u-boot/u-boot-qemu-arm64_2022.04.bb b/recipes-bsp/u-boot/u-boot-qemu-arm64_2022.04.bb
new file mode 100644
index 0000000..e462258
--- /dev/null
+++ b/recipes-bsp/u-boot/u-boot-qemu-arm64_2022.04.bb
@@ -0,0 +1,50 @@
+#
+# CIP Core, generic profile
+#
+# Copyright (c) Siemens AG, 2022
+#
+# Authors:
+# Jan Kiszka <jan.kiszka@...>
+#
+# SPDX-License-Identifier: MIT
+#
+
+require recipes-bsp/u-boot/u-boot-custom.inc
+
+SRC_URI += " \
+ https://ftp.denx.de/pub/u-boot/u-boot-${PV}.tar.bz2 \
+ file://0001-lib-date-Make-rtc_mktime-and-mktime64-Y2038-ready.patch \
+ file://rules"
+SRC_URI[sha256sum] = "68e065413926778e276ec3abd28bb32fa82abaa4a6898d570c1f48fbdb08bcd0"
+
+SRC_URI_append_secureboot = " \
+ file://secure-boot.cfg"
+
+S = "${WORKDIR}/u-boot-${PV}"
+
+DEBIAN_BUILD_DEPENDS += ", libssl-dev:native, libssl-dev:arm64"
+
+DEBIAN_BUILD_DEPENDS_append_secureboot = ", \
+ openssl, pesign, secure-boot-secrets, python3-openssl:native"
+DEPENDS_append_secureboot = " secure-boot-secrets"
+
+U_BOOT_CONFIG = "qemu_arm64_defconfig"
+U_BOOT_BIN = "u-boot.bin"
+
+do_prepare_build_append() {
+ cp ${WORKDIR}/rules ${S}/debian/rules
+}
+
+do_prepare_build_append_secureboot() {
+ sed -ni '/### Secure boot config/q;p' ${S}/configs/${U_BOOT_CONFIG}
+ cat ${WORKDIR}/secure-boot.cfg >> ${S}/configs/${U_BOOT_CONFIG}
+}
+
+do_deploy[dirs] = "${DEPLOY_DIR_IMAGE}"
+do_deploy() {
+ dpkg --fsys-tarfile "${WORKDIR}/u-boot-${MACHINE}_${PV}_${DISTRO_ARCH}.deb" | \
+ tar xOf - "./usr/lib/u-boot/${MACHINE}/${U_BOOT_BIN}" \
+ > "${DEPLOY_DIR_IMAGE}/firmware.bin"
+}
+
+addtask deploy after do_dpkg_build before do_deploy_deb
--
2.34.1


[isar-cip-core][PATCH v2 09/13] efibootguard: Use new unified kernel image generation

Jan Kiszka
 

From: Jan Kiszka <jan.kiszka@...>

Switch to the unified kernel image and its generator script that EFI
Boot Guard now provides. So far this only simplifies the generation
process. But it will also allow to use the more advanced device tree
embedding of the EBG linux-stub later on.

As the linux-stub uses LINUX_EFI_INITRD_MEDIA_GUID for loading the
initrd, we need to restrict support to CIP kernel 5.10 as this feature
was only introduced with 5.8.

Signed-off-by: Jan Kiszka <jan.kiszka@...>
---
Kconfig | 2 +-
.../wic/plugins/source/efibootguard-boot.py | 27 +++++--------------
2 files changed, 7 insertions(+), 22 deletions(-)

diff --git a/Kconfig b/Kconfig
index 8032ede..135794d 100644
--- a/Kconfig
+++ b/Kconfig
@@ -127,7 +127,7 @@ config KAS_INCLUDE_TESTING
string
default "kas/opt/test.yml" if IMAGE_TESTING

-if IMAGE_FLASH
+if IMAGE_FLASH && !KERNEL_4_4 && !KERNEL_4_19

config IMAGE_SWUPDATE
bool "SWUpdate support for root partition"
diff --git a/scripts/lib/wic/plugins/source/efibootguard-boot.py b/scripts/lib/wic/plugins/source/efibootguard-boot.py
index 9267033..47c6884 100644
--- a/scripts/lib/wic/plugins/source/efibootguard-boot.py
+++ b/scripts/lib/wic/plugins/source/efibootguard-boot.py
@@ -113,7 +113,7 @@ class EfibootguardBootPlugin(SourcePlugin):
% (
part.label.upper(),
boot_image,
- '-a "%s"' % cmdline,
+ '-a "%s"' % cmdline if unified_kernel != 'y' else '',
source_params.get("revision", 1),
wdog_timeout
)
@@ -181,15 +181,9 @@ class EfibootguardBootPlugin(SourcePlugin):
"i386": "ia32"
}
rootfs_path = rootfs_dir.get('ROOTFS_DIR')
- os_release_file = "{root}/etc/os-release".format(root=rootfs_path)
- efistub = "{rootfs_path}/usr/lib/systemd/boot/efi/linux{efiarch}.efi.stub"\
+ efistub = "{rootfs_path}/usr/share/efibootguard/kernel-stub{efiarch}.efi"\
.format(rootfs_path=rootfs_path,
efiarch=distro_to_efi_arch[get_bitbake_var("DISTRO_ARCH")])
- msger.debug("osrelease path: %s", os_release_file)
- kernel_cmdline_file = "{cr_workdir}/kernel-command-line-file.txt"\
- .format(cr_workdir=cr_workdir)
- with open(kernel_cmdline_file, "w") as cmd_fd:
- cmd_fd.write(cmdline)
uefi_kernel_name = "linux.efi"
uefi_kernel_file = "{deploy_dir}/{uefi_kernel_name}"\
.format(deploy_dir=deploy_dir, uefi_kernel_name=uefi_kernel_name)
@@ -197,23 +191,14 @@ class EfibootguardBootPlugin(SourcePlugin):
.format(deploy_dir=deploy_dir, kernel_image=kernel_image)
initrd = "{deploy_dir}/{initrd_image}"\
.format(deploy_dir=deploy_dir, initrd_image=initrd_image)
- objcopy_cmd = 'objcopy \
- --add-section .osrel={os_release_file} \
- --change-section-vma .osrel=0x20000 \
- --add-section .cmdline={kernel_cmdline_file} \
- --change-section-vma .cmdline=0x30000 \
- --add-section .linux={kernel} \
- --change-section-vma .linux=0x2000000 \
- --add-section .initrd={initrd} \
- --change-section-vma .initrd=0x3000000 \
- {efistub} {uefi_kernel_file}'.format(
- os_release_file=os_release_file,
- kernel_cmdline_file=kernel_cmdline_file,
+ cmd = 'bg_gen_unified_kernel {efistub} {kernel} {uefi_kernel_file} \
+ -c "{cmdline}" -i {initrd}'.format(
+ cmdline=cmdline,
kernel=kernel,
initrd=initrd,
efistub=efistub,
uefi_kernel_file=uefi_kernel_file)
- exec_cmd(objcopy_cmd)
+ exec_cmd(cmd, as_shell=True)

cls._sign_file(signee=uefi_kernel_file, source_params=source_params)

--
2.34.1


[isar-cip-core][PATCH v2 10/13] efibootguard: Add support for embedding DTBs into unified kernel images

Jan Kiszka
 

From: Jan Kiszka <jan.kiszka@...>

Pick up the DTBs specified via DTB_FILES and embed them into the unified
kernel image that the wic plugin can generate. This does not work for
normal kernels, so bail out if DTB_FILES is set in that mode.

Signed-off-by: Jan Kiszka <jan.kiszka@...>
---
kas/opt/efibootguard.yml | 2 +-
.../lib/wic/plugins/source/efibootguard-boot.py | 15 +++++++++++++--
2 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/kas/opt/efibootguard.yml b/kas/opt/efibootguard.yml
index 2d84427..c71cdb3 100644
--- a/kas/opt/efibootguard.yml
+++ b/kas/opt/efibootguard.yml
@@ -23,7 +23,7 @@ local_conf_header:
efibootguard-wic: |
WIC_IMAGER_INSTALL_append = " efibootguard"
WDOG_TIMEOUT ?= "60"
- WICVARS += "WDOG_TIMEOUT KERNEL_IMAGE INITRD_IMAGE"
+ WICVARS += "WDOG_TIMEOUT KERNEL_IMAGE INITRD_IMAGE DTB_FILES"
IMAGE_FSTYPES ?= "wic-img"
WKS_FILE ?= "${MACHINE}-efibootguard.wks.in"

diff --git a/scripts/lib/wic/plugins/source/efibootguard-boot.py b/scripts/lib/wic/plugins/source/efibootguard-boot.py
index 47c6884..4b7fa8d 100644
--- a/scripts/lib/wic/plugins/source/efibootguard-boot.py
+++ b/scripts/lib/wic/plugins/source/efibootguard-boot.py
@@ -66,10 +66,12 @@ class EfibootguardBootPlugin(SourcePlugin):
initrd_image = "initrd.img"
bootloader = creator.ks.bootloader

+ dtb_files = (get_bitbake_var("DTB_FILES") or '').split()
+
deploy_dir = get_bitbake_var("DEPLOY_DIR_IMAGE")
if not deploy_dir:
msger.error("DEPLOY_DIR_IMAGE not set, exiting\n")
- sys.exit(1)
+ exit(1)
creator.deploy_dir = deploy_dir

wdog_timeout = get_bitbake_var("WDOG_TIMEOUT")
@@ -88,9 +90,13 @@ class EfibootguardBootPlugin(SourcePlugin):
deploy_dir,
kernel_image,
initrd_image,
+ dtb_files,
source_params)
boot_files.append(boot_image)
else:
+ if dtb_files:
+ msger.error("DTB_FILES specified while unified kernel is disabled\n")
+ exit(1)
root_dev = source_params.get("root", None)
if not root_dev:
msger.error("Specify root in source params")
@@ -173,7 +179,7 @@ class EfibootguardBootPlugin(SourcePlugin):
@classmethod
def _create_unified_kernel_image(cls, rootfs_dir, cr_workdir, cmdline,
deploy_dir, kernel_image, initrd_image,
- source_params):
+ dtb_files, source_params):
# we need to map the distro_arch to uefi values
distro_to_efi_arch = {
"amd64": "x64",
@@ -198,6 +204,11 @@ class EfibootguardBootPlugin(SourcePlugin):
initrd=initrd,
efistub=efistub,
uefi_kernel_file=uefi_kernel_file)
+ if dtb_files:
+ for dtb in dtb_files:
+ cmd += ' -d {deploy_dir}/{dtb_file}'.format(
+ deploy_dir=deploy_dir,
+ dtb_file=os.path.basename(dtb))
exec_cmd(cmd, as_shell=True)

cls._sign_file(signee=uefi_kernel_file, source_params=source_params)
--
2.34.1


[isar-cip-core][PATCH v2 12/13] Enable SWUpdate with and w/o secure boot for QEMU arm64

Jan Kiszka
 

From: Jan Kiszka <jan.kiszka@...>

Hook up the new U-Boot recipe, provide new wks files and disable the
watchdog for EFI Boot Guard - that's all what's need to allow offering
SWUpdate and secure boot for the QEMU arm64 target.

QEMU currently does not provide a watchdog for the virt machine which we
plan to use. A patch to change this has been sent, but for now we will
have to live without one.

Signed-off-by: Jan Kiszka <jan.kiszka@...>
---
Kconfig | 4 ++--
conf/machine/qemu-arm64.conf | 3 +++
kas/opt/ebg-secure-boot-snakeoil.yml | 3 +++
kas/opt/efibootguard.yml | 4 +++-
wic/qemu-arm64-efibootguard-secureboot.wks.in | 15 +++++++++++++++
wic/qemu-arm64-efibootguard.wks.in | 13 +++++++++++++
6 files changed, 39 insertions(+), 3 deletions(-)
create mode 100644 wic/qemu-arm64-efibootguard-secureboot.wks.in
create mode 100644 wic/qemu-arm64-efibootguard.wks.in

diff --git a/Kconfig b/Kconfig
index 135794d..651a726 100644
--- a/Kconfig
+++ b/Kconfig
@@ -131,11 +131,11 @@ if IMAGE_FLASH && !KERNEL_4_4 && !KERNEL_4_19

config IMAGE_SWUPDATE
bool "SWUpdate support for root partition"
- depends on TARGET_QEMU_AMD64 || TARGET_SIMATIC_IPC227E
+ depends on TARGET_QEMU_AMD64 || TARGET_SIMATIC_IPC227E || TARGET_QEMU_ARM64

config IMAGE_SECURE_BOOT
bool "Secure boot support"
- depends on TARGET_QEMU_AMD64
+ depends on TARGET_QEMU_AMD64 || TARGET_QEMU_ARM64
select IMAGE_SWUPDATE

config KAS_INCLUDE_SWUPDATE_SECBOOT
diff --git a/conf/machine/qemu-arm64.conf b/conf/machine/qemu-arm64.conf
index 0d21262..4e12cdb 100644
--- a/conf/machine/qemu-arm64.conf
+++ b/conf/machine/qemu-arm64.conf
@@ -11,3 +11,6 @@ DISTRO_ARCH = "arm64"
IMAGE_FSTYPES ?= "ext4-img"
USE_CIP_KERNEL_CONFIG = "1"
KERNEL_DEFCONFIG ?= "cip-kernel-config/${KERNEL_DEFCONFIG_VERSION}/arm64/qemu_arm64_defconfig"
+
+# for SWUpdate setups: watchdog is configured in U-Boot
+WDOG_TIMEOUT = "0"
diff --git a/kas/opt/ebg-secure-boot-snakeoil.yml b/kas/opt/ebg-secure-boot-snakeoil.yml
index 7442eb7..3f2a794 100644
--- a/kas/opt/ebg-secure-boot-snakeoil.yml
+++ b/kas/opt/ebg-secure-boot-snakeoil.yml
@@ -32,3 +32,6 @@ local_conf_header:
IMAGER_INSTALL += "ebg-secure-boot-signer"
# Use snakeoil keys
PREFERRED_PROVIDER_secure-boot-secrets = "secure-boot-snakeoil"
+
+ secureboot_override: |
+ OVERRIDES .= ":secureboot"
diff --git a/kas/opt/efibootguard.yml b/kas/opt/efibootguard.yml
index c71cdb3..d85aed7 100644
--- a/kas/opt/efibootguard.yml
+++ b/kas/opt/efibootguard.yml
@@ -27,10 +27,12 @@ local_conf_header:
IMAGE_FSTYPES ?= "wic-img"
WKS_FILE ?= "${MACHINE}-efibootguard.wks.in"

- ovmf-binaries: |
+ firmware-binaries: |
# Add ovmf binaries for qemu
IMAGER_BUILD_DEPS_append_qemu-amd64 += "ovmf-binaries"
# not needed for Debian 11 and later
OVERRIDES_append_qemu-amd64 = ":${BASE_DISTRO_CODENAME}"
DISTRO_APT_SOURCES_append_qemu-amd64_buster = " conf/distro/debian-buster-backports.list"
DISTRO_APT_PREFERENCES_append_qemu-amd64_buster = " conf/distro/preferences.ovmf-snakeoil.conf"
+ # Add U-Boot for qemu
+ IMAGER_BUILD_DEPS_append_qemu-arm64 += "u-boot-qemu-arm64"
diff --git a/wic/qemu-arm64-efibootguard-secureboot.wks.in b/wic/qemu-arm64-efibootguard-secureboot.wks.in
new file mode 100644
index 0000000..df6a9a1
--- /dev/null
+++ b/wic/qemu-arm64-efibootguard-secureboot.wks.in
@@ -0,0 +1,15 @@
+# EFI partition containing efibootguard bootloader binary
+include ebg-signed-bootloader.inc
+
+# EFI Boot Guard environment/config partitions plus Kernel files
+part --source efibootguard-boot --size 32M --extra-space 0 --overhead-factor 1 --label BOOT0 --align 1024 --part-type=0700 --sourceparams "revision=2,signwith=/usr/bin/sign_secure_image.sh"
+part --source efibootguard-boot --size 32M --extra-space 0 --overhead-factor 1 --label BOOT1 --align 1024 --part-type=0700 --sourceparams "revision=1,signwith=/usr/bin/sign_secure_image.sh"
+
+part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.${VERITY_IMAGE_TYPE}.verity.img" --align 1024 --fixed-size 1G --uuid "fedcba98-7654-3210-cafe-5e0710000001"
+part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.${VERITY_IMAGE_TYPE}.verity.img" --align 1024 --fixed-size 1G --uuid "fedcba98-7654-3210-cafe-5e0710000002"
+
+# home and var are extra partitions
+part /home --source rootfs --rootfs-dir=${IMAGE_ROOTFS}/home --fstype=ext4 --label home --align 1024 --size 1G
+part /var --source rootfs --rootfs-dir=${IMAGE_ROOTFS}/var --fstype=ext4 --label var --align 1024 --size 2G
+
+bootloader --ptable gpt --append="panic=5"
diff --git a/wic/qemu-arm64-efibootguard.wks.in b/wic/qemu-arm64-efibootguard.wks.in
new file mode 100644
index 0000000..a153205
--- /dev/null
+++ b/wic/qemu-arm64-efibootguard.wks.in
@@ -0,0 +1,13 @@
+# short-description: arm64 with EFI Boot Guard and SWUpdate
+# long-description: Disk image for arm64 machines with EFI Boot Guard and SWUpdate
+
+include ebg-sysparts.inc
+
+part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.squashfs.img" --align 1024 --fixed-size 1G --uuid "fedcba98-7654-3210-cafe-5e0710000001"
+part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.squashfs.img" --align 1024 --fixed-size 1G --uuid "fedcba98-7654-3210-cafe-5e0710000002"
+
+# home and var are extra partitions
+part /home --source rootfs --rootfs-dir=${IMAGE_ROOTFS}/home --fstype=ext4 --label home --align 1024 --size 1G
+part /var --source rootfs --rootfs-dir=${IMAGE_ROOTFS}/var --fstype=ext4 --label var --align 1024 --size 2G
+
+bootloader --ptable gpt
--
2.34.1


[isar-cip-core][PATCH v2 04/13] Rework secure boot key handling and signing recipes

Jan Kiszka
 

From: Jan Kiszka <jan.kiszka@...>

Simplify the signing recipe to a single, generic one. Instead, provide
secure-boot-secrets packages that contain the used image key and
certificate at a well-defined location. This allows for easy reuse in
other recipes than ebg-secure-boot-signer. U-Boot will be one.

Rather than using the OVMF package as build-time source for the snakeoil
keys, we import the two artifacts here. This allows to run the required
key removal upfront and simplifies the usage for buster. The certificate
has such a long lifetime that also future Debian should use the same
one, thus the snakeoil artifacts of OVMF should stay in sync with our
copy of key and cert. We may revisit this when discontinuing support for
buster, though.

Signed-off-by: Jan Kiszka <jan.kiszka@...>
---
doc/README.secureboot.md | 22 ++++----
kas/opt/ebg-secure-boot-snakeoil.yml | 7 +--
.../ebg-secure-boot-secrets_0.1.bb | 51 -------------------
.../ebg-secure-boot-secrets/files/README.md | 1 -
.../files/control.tmpl | 12 -----
.../files/sign_secure_image.sh.tmpl | 22 --------
.../ebg-secure-boot-signer_0.1.bb | 26 ++++++++++
.../files/sign_secure_image.sh | 33 ++++++++++++
.../ebg-secure-boot-snakeoil_0.1.bb | 34 -------------
.../files/control.tmpl | 12 -----
.../files/sign_secure_image.sh | 36 -------------
.../files/PkKek-1-snakeoil.key | 27 ++++++++++
.../files/PkKek-1-snakeoil.pem | 21 ++++++++
.../secure-boot-key_0.1.bb | 14 +++++
.../secure-boot-secrets.inc | 34 +++++++++++++
.../secure-boot-snakeoil_0.1.bb | 17 +++++++
16 files changed, 186 insertions(+), 183 deletions(-)
delete mode 100644 recipes-devtools/ebg-secure-boot-secrets/ebg-secure-boot-secrets_0.1.bb
delete mode 100644 recipes-devtools/ebg-secure-boot-secrets/files/README.md
delete mode 100644 recipes-devtools/ebg-secure-boot-secrets/files/control.tmpl
delete mode 100644 recipes-devtools/ebg-secure-boot-secrets/files/sign_secure_image.sh.tmpl
create mode 100644 recipes-devtools/ebg-secure-boot-signer/ebg-secure-boot-signer_0.1.bb
create mode 100644 recipes-devtools/ebg-secure-boot-signer/files/sign_secure_image.sh
delete mode 100644 recipes-devtools/ebg-secure-boot-snakeoil/ebg-secure-boot-snakeoil_0.1.bb
delete mode 100644 recipes-devtools/ebg-secure-boot-snakeoil/files/control.tmpl
delete mode 100644 recipes-devtools/ebg-secure-boot-snakeoil/files/sign_secure_image.sh
create mode 100644 recipes-devtools/secure-boot-secrets/files/PkKek-1-snakeoil.key
create mode 100644 recipes-devtools/secure-boot-secrets/files/PkKek-1-snakeoil.pem
create mode 100644 recipes-devtools/secure-boot-secrets/secure-boot-key_0.1.bb
create mode 100644 recipes-devtools/secure-boot-secrets/secure-boot-secrets.inc
create mode 100644 recipes-devtools/secure-boot-secrets/secure-boot-snakeoil_0.1.bb

diff --git a/doc/README.secureboot.md b/doc/README.secureboot.md
index b2d7be9..c1a0301 100644
--- a/doc/README.secureboot.md
+++ b/doc/README.secureboot.md
@@ -43,24 +43,22 @@ executable or script with the following interface:
Supply the script name and path to wic by adding
`signwith=<path and name of the script to sign>"` to sourceparams of the partition.

-### Existing packages to sign an image
+### Existing key packages for signing an image

-#### ebg-secure-boot-snakeoil
+#### secure-boot-snakeoil

This package uses the snakeoil key and certificate from the ovmf package(0.0~20200229-2)
-backported from Debian bullseye and signs the image.
+backported from Debian bullseye for signing the image.

-#### ebg-secure-boot-secrets
-This package takes a user-generated certificate and adds it to the build system.
+#### secure-boot-key
+
+This package takes a user-generated certificate and key adds them to the build system.
The following variable and steps are necessary to build a secure boot capable image:
- Set certification information to sign and verify the image with:
- - SB_CERTDB: The directory containing the certificate database create with certutil
- - SB_VERIFY_CERT: The certificate to verify the signing process
- - SB_KEY_NAME: Name of the key in the certificate database
-- if necessary change the script to select the boot partition after an update
- - recipes-support/initramfs-config/files/initramfs.selectrootfs.script
+ - SB_CERT: The certificate to verify the signing process
+ - SB_KEY: The private key of for the certificate

-The files referred by SB_CERTDB and SB_VERIFY_CERT must be store in `recipes-devtools/ebg-secure-boot-secrets/files/`
+The files referred by SB_CERT and SB_KEY must be store in `recipes-devtools/secure-boot-secrets/files/`.

## Running in QEMU

@@ -96,7 +94,7 @@ scripts/generate-sb-db-from-existing-certificate.sh
```
This will create the directory `SB_KEYDIR` and will store the `${SB_NAME}certdb` with the given name.

-Copy the used certificate and database to `recipes-devtools/ebg-secure-boot-secrets/files/`
+Copy the used certificate and private key to `recipes-devtools/secure-boot-secrets/files/`

#### Generate keys

diff --git a/kas/opt/ebg-secure-boot-snakeoil.yml b/kas/opt/ebg-secure-boot-snakeoil.yml
index b329f41..7442eb7 100644
--- a/kas/opt/ebg-secure-boot-snakeoil.yml
+++ b/kas/opt/ebg-secure-boot-snakeoil.yml
@@ -28,6 +28,7 @@ local_conf_header:
INITRAMFS_INSTALL_append = " initramfs-verity-hook"

secure-boot: |
- # Add snakeoil binaries for qemu
- IMAGER_BUILD_DEPS += "ebg-secure-boot-snakeoil"
- IMAGER_INSTALL += "ebg-secure-boot-snakeoil"
+ IMAGER_BUILD_DEPS += "ebg-secure-boot-signer"
+ IMAGER_INSTALL += "ebg-secure-boot-signer"
+ # Use snakeoil keys
+ PREFERRED_PROVIDER_secure-boot-secrets = "secure-boot-snakeoil"
diff --git a/recipes-devtools/ebg-secure-boot-secrets/ebg-secure-boot-secrets_0.1.bb b/recipes-devtools/ebg-secure-boot-secrets/ebg-secure-boot-secrets_0.1.bb
deleted file mode 100644
index 0d57910..0000000
--- a/recipes-devtools/ebg-secure-boot-secrets/ebg-secure-boot-secrets_0.1.bb
+++ /dev/null
@@ -1,51 +0,0 @@
-#
-# CIP Core, generic profile
-#
-# Copyright (c) Siemens AG, 2020
-#
-# Authors:
-# Quirin Gylstorff <quirin.gylstorff@...>
-#
-# SPDX-License-Identifier: MIT
-#
-
-inherit dpkg-raw
-
-DESCRIPTION = "Add user defined secureboot certifcates to the buildchroot and the script to \
- sign an image with the given keys"
-
-# variables
-SB_CERT_PATH = "/usr/share/ebg-secure-boot"
-SB_CERTDB ??= ""
-SB_VERIFY_CERT ??= ""
-SB_KEY_NAME ??= "demoDB"
-
-# used to sign the image
-DEBIAN_DEPENDS = "pesign, sbsigntool"
-
-# this package cannot be install together with:
-DEBIAN_CONFLICTS = "ebg-secure-boot-snakeoil"
-
-SRC_URI = " \
- file://sign_secure_image.sh.tmpl \
- file://control.tmpl"
-SRC_URI_append = " ${@ "file://"+d.getVar('SB_CERTDB') if d.getVar('SB_CERTDB') else '' }"
-SRC_URI_append = " ${@ "file://"+d.getVar('SB_VERIFY_CERT') if d.getVar('SB_VERIFY_CERT') else '' }"
-TEMPLATE_FILES = "sign_secure_image.sh.tmpl"
-TEMPLATE_VARS += "SB_CERT_PATH SB_CERTDB SB_VERIFY_CERT SB_KEY_NAME"
-
-TEMPLATE_FILES += "control.tmpl"
-TEMPLATE_VARS += "PN MAINTAINER DPKG_ARCH DEBIAN_DEPENDS DESCRIPTION DEBIAN_CONFLICTS"
-
-do_install() {
- TARGET=${D}${SB_CERT_PATH}
- install -m 0700 -d ${TARGET}
- cp -a ${WORKDIR}/${SB_CERTDB} ${TARGET}/${SB_CERTDB}
- chmod 700 ${TARGET}/${SB_CERTDB}
- install -m 0600 ${WORKDIR}/${SB_VERIFY_CERT} ${TARGET}/${SB_VERIFY_CERT}
- TARGET=${D}/usr/bin
- install -d ${TARGET}
- install -m 755 ${WORKDIR}/sign_secure_image.sh ${TARGET}/sign_secure_image.sh
-}
-
-addtask do_install after do_transform_template
diff --git a/recipes-devtools/ebg-secure-boot-secrets/files/README.md b/recipes-devtools/ebg-secure-boot-secrets/files/README.md
deleted file mode 100644
index c739c51..0000000
--- a/recipes-devtools/ebg-secure-boot-secrets/files/README.md
+++ /dev/null
@@ -1 +0,0 @@
-For a secure boot image this directory needs to contain the certdb directory and the db.crt file.
diff --git a/recipes-devtools/ebg-secure-boot-secrets/files/control.tmpl b/recipes-devtools/ebg-secure-boot-secrets/files/control.tmpl
deleted file mode 100644
index 8361a49..0000000
--- a/recipes-devtools/ebg-secure-boot-secrets/files/control.tmpl
+++ /dev/null
@@ -1,12 +0,0 @@
-Source: ${PN}
-Section: misc
-Priority: optional
-Standards-Version: 3.9.6
-Maintainer: ${MAINTAINER}
-Build-Depends: debhelper (>= 9)
-
-Package: ${PN}
-Architecture: ${DPKG_ARCH}
-Depends: ${DEBIAN_DEPENDS}
-Description: ${DESCRIPTION}
-Conflicts: ${DEBIAN_CONFLICTS}
diff --git a/recipes-devtools/ebg-secure-boot-secrets/files/sign_secure_image.sh.tmpl b/recipes-devtools/ebg-secure-boot-secrets/files/sign_secure_image.sh.tmpl
deleted file mode 100644
index e84fd4c..0000000
--- a/recipes-devtools/ebg-secure-boot-secrets/files/sign_secure_image.sh.tmpl
+++ /dev/null
@@ -1,22 +0,0 @@
-#!/bin/sh
-set -e
-set -x
-signee=$1
-signed=$2
-
-usage(){
- echo "sign with debian snakeoil"
- echo "$0 signee signed"
- echo "signee: path to the image to be signed"
- echo "signed: path to store the signed image"
-}
-
-
-if [ -z "$signee" ] || [ -z "$signed" ]; then
- usage
- exit 1
-fi
-
-pesign --force --verbose --padding -n ${SB_CERT_PATH}/${SB_CERTDB} -c "${SB_KEY_NAME}" -s -i $signee -o $signed
-sbverify --cert ${SB_CERT_PATH}/${SB_VERIFY_CERT} $signed
-exit 0
diff --git a/recipes-devtools/ebg-secure-boot-signer/ebg-secure-boot-signer_0.1.bb b/recipes-devtools/ebg-secure-boot-signer/ebg-secure-boot-signer_0.1.bb
new file mode 100644
index 0000000..546fded
--- /dev/null
+++ b/recipes-devtools/ebg-secure-boot-signer/ebg-secure-boot-signer_0.1.bb
@@ -0,0 +1,26 @@
+#
+# CIP Core, generic profile
+#
+# Copyright (c) Siemens AG, 2020-2022
+#
+# Authors:
+# Quirin Gylstorff <quirin.gylstorff@...>
+# Jan Kiszka <jan.kiszka@...>
+#
+# SPDX-License-Identifier: MIT
+#
+
+inherit dpkg-raw
+
+DESCRIPTION = "Signing script for EFI Boot Guard setups"
+
+DEPENDS = "secure-boot-secrets"
+DEBIAN_DEPENDS = "sbsigntool, secure-boot-secrets"
+
+SRC_URI = "file://sign_secure_image.sh"
+
+do_install() {
+ TARGET=${D}/usr/bin
+ install -d ${TARGET}
+ install -m 755 ${WORKDIR}/sign_secure_image.sh ${TARGET}/sign_secure_image.sh
+}
diff --git a/recipes-devtools/ebg-secure-boot-signer/files/sign_secure_image.sh b/recipes-devtools/ebg-secure-boot-signer/files/sign_secure_image.sh
new file mode 100644
index 0000000..0c9b898
--- /dev/null
+++ b/recipes-devtools/ebg-secure-boot-signer/files/sign_secure_image.sh
@@ -0,0 +1,33 @@
+#!/bin/sh
+#
+# CIP Core, generic profile
+#
+# Copyright (c) Siemens AG, 2020-2022
+#
+# Authors:
+# Quirin Gylstorff <quirin.gylstorff@...>
+# Jan Kiszka <jan.kiszka@...>
+#
+# SPDX-License-Identifier: MIT
+#
+
+set -e
+
+signee=$1
+signed=$2
+
+usage(){
+ echo "sign with image keys"
+ echo "$0 signee signed"
+ echo "signee: path to the image to be signed"
+ echo "signed: path to store the signed image"
+}
+
+if [ -z "$signee" ] || [ -z "$signed" ]; then
+ usage
+ exit 1
+fi
+
+keydir=/usr/share/secure-boot-secrets
+
+sbsign --key ${keydir}/secure-boot.key --cert ${keydir}/secure-boot.pem --output $signed $signee
diff --git a/recipes-devtools/ebg-secure-boot-snakeoil/ebg-secure-boot-snakeoil_0.1.bb b/recipes-devtools/ebg-secure-boot-snakeoil/ebg-secure-boot-snakeoil_0.1.bb
deleted file mode 100644
index 4975d92..0000000
--- a/recipes-devtools/ebg-secure-boot-snakeoil/ebg-secure-boot-snakeoil_0.1.bb
+++ /dev/null
@@ -1,34 +0,0 @@
-#
-# CIP Core, generic profile
-#
-# Copyright (c) Siemens AG, 2020
-#
-# Authors:
-# Quirin Gylstorff <quirin.gylstorff@...>
-#
-# SPDX-License-Identifier: MIT
-#
-
-inherit dpkg-raw
-
-DESCRIPTION = "Add script to sign for secure boot with the debian snakeoil keys"
-# used to sign the image
-DEBIAN_DEPENDS = "pesign, sbsigntool, ovmf, openssl, libnss3-tools"
-
-
-# this package cannot be install together with:
-DEBIAN_CONFLICTS = "ebg-secure-boot-secrets"
-
-SRC_URI = "file://sign_secure_image.sh \
- file://control.tmpl"
-
-TEMPLATE_FILES = "control.tmpl"
-TEMPLATE_VARS += "PN MAINTAINER DPKG_ARCH DEBIAN_DEPENDS DESCRIPTION DEBIAN_CONFLICTS"
-
-do_install() {
- TARGET=${D}/usr/bin
- install -d ${TARGET}
- install -m 755 ${WORKDIR}/sign_secure_image.sh ${TARGET}/sign_secure_image.sh
-}
-
-addtask do_install after do_transform_template
diff --git a/recipes-devtools/ebg-secure-boot-snakeoil/files/control.tmpl b/recipes-devtools/ebg-secure-boot-snakeoil/files/control.tmpl
deleted file mode 100644
index 8361a49..0000000
--- a/recipes-devtools/ebg-secure-boot-snakeoil/files/control.tmpl
+++ /dev/null
@@ -1,12 +0,0 @@
-Source: ${PN}
-Section: misc
-Priority: optional
-Standards-Version: 3.9.6
-Maintainer: ${MAINTAINER}
-Build-Depends: debhelper (>= 9)
-
-Package: ${PN}
-Architecture: ${DPKG_ARCH}
-Depends: ${DEBIAN_DEPENDS}
-Description: ${DESCRIPTION}
-Conflicts: ${DEBIAN_CONFLICTS}
diff --git a/recipes-devtools/ebg-secure-boot-snakeoil/files/sign_secure_image.sh b/recipes-devtools/ebg-secure-boot-snakeoil/files/sign_secure_image.sh
deleted file mode 100644
index 081dbe9..0000000
--- a/recipes-devtools/ebg-secure-boot-snakeoil/files/sign_secure_image.sh
+++ /dev/null
@@ -1,36 +0,0 @@
-#!/bin/sh
-set -e
-set -x
-signee=$1
-signed=$2
-
-usage(){
- echo "sign with debian snakeoil"
- echo "$0 signee signed"
- echo "signee: path to the image to be signed"
- echo "signed: path to store the signed image"
-}
-
-
-if [ -z "$signee" ] || [ -z "$signed" ]; then
- usage
- exit 1
-fi
-
-name=snakeoil
-keydir=$(mktemp -d)
-inkey=/usr/share/ovmf/PkKek-1-snakeoil.key
-incert=/usr/share/ovmf/PkKek-1-snakeoil.pem
-nick_name=snakeoil
-TMP=$(mktemp -d)
-mkdir -p ${keydir}/${name}certdb
-certutil -N --empty-password -d ${keydir}/${name}certdb
-openssl pkcs12 -export -passin pass:"snakeoil" -passout pass: -out ${TMP}/foo_key.p12 -inkey $inkey -in $incert -name $nick_name
-pk12util -W "" -i ${TMP}/foo_key.p12 -d ${keydir}/${name}certdb
-cp $incert ${keydir}/$(basename $incert)
-rm -rf $TMP
-
-pesign --force --verbose --padding -n ${keydir}/${name}certdb -c "$nick_name" -s -i $signee -o $signed
-sbverify --cert $incert $signed
-rm -rf $keydir
-exit 0
diff --git a/recipes-devtools/secure-boot-secrets/files/PkKek-1-snakeoil.key b/recipes-devtools/secure-boot-secrets/files/PkKek-1-snakeoil.key
new file mode 100644
index 0000000..193de62
--- /dev/null
+++ b/recipes-devtools/secure-boot-secrets/files/PkKek-1-snakeoil.key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAyIuuXei5qIw+UvavLxPyyNhx0G6Ijuf9SqxVXOpKcQ+l3ZCc
+KQaCLWCH0pbPQj587zVjgMUd4SHgXdVP6awDz8b0NcLgyzF31pHBmmB3z55nv2Jb
+gI56bix9TEHLpoDs4+cWAb2WZPkW8rV/6YR+xVuE8fi9aAWJ7H4dwUhPzU7RBB1d
+Z1wF6Wv3b8nn1jJa5W8I3zOd+tpWczOsqyRnDnFhMiOulGAiFTtmIXv2VReQf7Tx
+rXdqAAs9dcS3qizzNVgY5XpABtmYu1AjyLwwqXZ+blZ2tmUUJicgw3YdCWtlTAtf
+XZDHf+ZzgCNtTvhb2DzpAVmF/H+A8w8lUJZiBQIDAQABAoIBABET/BRZNj5JOyF7
+im2a6Ej8TazvTMfGr8ZFKLvR4+b+6yQUJYhE2p8colRnrVy5z4/bXw7fOm0qol27
+RaPjlyuBiNhvMQ98tfTa0r7fyjQvDCy7JomrGHf7Z+wvijUys3mw+ynIyF7u62pd
+1HfBZb5OzeKBSTfriNRP5R7JlqooDl+O9JVlnvlJIaFe1rX2sQxZ7F8gVINKIJDv
+n7ZZ0o351uIMjKLqwmliULPTjZ2ZeeJqnkB0pFcWZzEf2wAnrrglYRdnn10oNzhB
+6cXMHJeuEOedXECLZtmynRw1dWZK9+Xku1jEAqTWAoI0OIjrfYYzntwe/kab8w/R
+T7ojFGECgYEA9rGhtmSQiim2h+3iGyXNTEQiEOFFL7E8/1ibfWi3vzDhoLARrnH1
+p45DPgnL664xLHXIUl6/wto79Ij/2qA9mp054nVJ4X4AQgq3xCT/57nL0QHfQLaa
+VdzNIoz4jJT3cO0gYcBAK4Bg+dGGQ6ZUrRRt6VkHG/W6fW0D1e7PnEkCgYEA0Bxj
+Jr4ShNXb7J4YDQ24uSwmc2E1IgX5FjHu/JMKCiyIDWQkrxtVdIL9v6+kmYecyxFJ
+S3Qyr3ZqOHqwN1svYuB/CHyKg6dHrzJyZFTj8cr8h0ZKLDu2xZNFxfBIjn5vitSX
+W9q3477oFG/30Ew12Yee4NhDQkaEuB/Ic9+yv90CgYB2y00rLrwnvDSIunXiSs7U
+xg59gG03rSrJb5rYxj+NkvVj0sWA8qGwASLCUidfo69MUJ+ZgsTnCP5MIFjMp9Ni
+jAne0ko0it+G7fBWRNbyeJb8W+FtIUGqzTv/QlFCKU4KlDW+vLxp9lU8l7gHBabK
+/gZ7kwKIZUlbss5hC7Hv+QKBgQCsQBLBKmlhkTEqs9/sTgMrISPiM/8qXg9BE6tf
+WsTgjuM9UjoaxWEBwroMQnDWsqxQV8p2rYKWQEjC3qmj59Fc4bvDZnGvbnGizPpp
+mOniY8SIouEZo4MwHSmPH8auSnBAVJ3C5VF3K7gj0lknCy03E02phNaGsJ+BVq0v
+W2Qz8QKBgEB5RKiwJhgGQA2o+NJKKUUCDM9iBsO1Yy3QwtDWioKKcdAkxdTg3xR+
+XtJdXq6MkCMWM5em3v6GHPceexn81FZTxGBbIMBYNp0Sp4qs/3lK64ln8m5Qttxe
+70HVtrp9HhG5oFJ3fUuLPcYpE2GMgPM9fIbAWh9GZ4GpTLuPRtWg
+-----END RSA PRIVATE KEY-----
diff --git a/recipes-devtools/secure-boot-secrets/files/PkKek-1-snakeoil.pem b/recipes-devtools/secure-boot-secrets/files/PkKek-1-snakeoil.pem
new file mode 100644
index 0000000..dd02a82
--- /dev/null
+++ b/recipes-devtools/secure-boot-secrets/files/PkKek-1-snakeoil.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDdzCCAl+gAwIBAgIULTs+L+8XzClMGhAvyFIdsp/PYgUwDQYJKoZIhvcNAQEL
+BQAwSjELMAkGA1UEBhMCVVMxETAPBgNVBAgMCENvbG9yYWRvMRUwEwYDVQQHDAxG
+b3J0IENvbGxpbnMxETAPBgNVBAoMCFNuYWtlT2lsMCAXDTIwMDkwNzE4NDMyMloY
+DzIxMjAwODE0MTg0MzIyWjBKMQswCQYDVQQGEwJVUzERMA8GA1UECAwIQ29sb3Jh
+ZG8xFTATBgNVBAcMDEZvcnQgQ29sbGluczERMA8GA1UECgwIU25ha2VPaWwwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIi65d6LmojD5S9q8vE/LI2HHQ
+boiO5/1KrFVc6kpxD6XdkJwpBoItYIfSls9CPnzvNWOAxR3hIeBd1U/prAPPxvQ1
+wuDLMXfWkcGaYHfPnme/YluAjnpuLH1MQcumgOzj5xYBvZZk+RbytX/phH7FW4Tx
++L1oBYnsfh3BSE/NTtEEHV1nXAXpa/dvyefWMlrlbwjfM5362lZzM6yrJGcOcWEy
+I66UYCIVO2Yhe/ZVF5B/tPGtd2oACz11xLeqLPM1WBjlekAG2Zi7UCPIvDCpdn5u
+Vna2ZRQmJyDDdh0Ja2VMC19dkMd/5nOAI21O+FvYPOkBWYX8f4DzDyVQlmIFAgMB
+AAGjUzBRMB0GA1UdDgQWBBRjuNXuXfh7mi8I3eTboeYGyFTa2zAfBgNVHSMEGDAW
+gBRjuNXuXfh7mi8I3eTboeYGyFTa2zAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3
+DQEBCwUAA4IBAQBW2ckn0APqBnwSiOXCWkMCnvY7K7UOfxAlotEsMFSrkzdEa4IE
+sn0+A3RV/r3HZGqIaE8GMsBqp8UiVIbL5H67dkqvJEke94/7wEUC16JSSOBc0Mac
+HeArDWsL/WIbzKiVcRrmgX+XwJFlsUN5UtR/feTHR08yiy5srSCIJEqli/cTrOxS
+JAgvWPLxcoFhOKf6Mi+nwWdrQEbpXvvv8Jv/qyyz5e/VmTRY0wIVmUjd+Yseu+5M
+3+cpKtlYaawMxVni5RibA0A12fm+i60fGPrkCNhascUrNY+Oppaf/h+QmKOwEM7h
+pqKXyGFQyU6dB6cFBQ/uD5IABUYuEOuL7VFY
+-----END CERTIFICATE-----
diff --git a/recipes-devtools/secure-boot-secrets/secure-boot-key_0.1.bb b/recipes-devtools/secure-boot-secrets/secure-boot-key_0.1.bb
new file mode 100644
index 0000000..e6ef37c
--- /dev/null
+++ b/recipes-devtools/secure-boot-secrets/secure-boot-key_0.1.bb
@@ -0,0 +1,14 @@
+#
+# CIP Core, generic profile
+#
+# Copyright (c) Siemens AG, 2022
+#
+# Authors:
+# Jan Kiszka <jan.kiszka@...>
+#
+# SPDX-License-Identifier: MIT
+#
+
+require secure-boot-secrets.inc
+
+DEBIAN_CONFLICTS = "secure-boot-snakeoil"
diff --git a/recipes-devtools/secure-boot-secrets/secure-boot-secrets.inc b/recipes-devtools/secure-boot-secrets/secure-boot-secrets.inc
new file mode 100644
index 0000000..f53435a
--- /dev/null
+++ b/recipes-devtools/secure-boot-secrets/secure-boot-secrets.inc
@@ -0,0 +1,34 @@
+#
+# CIP Core, generic profile
+#
+# Copyright (c) Siemens AG, 2022
+#
+# Authors:
+# Jan Kiszka <jan.kiszka@...>
+#
+# SPDX-License-Identifier: MIT
+#
+
+inherit dpkg-raw
+
+PROVIDES += "secure-boot-secrets"
+
+SB_KEY ??= ""
+SB_CERT ??= ""
+
+SRC_URI_append = " ${@ "file://"+d.getVar('SB_KEY') if d.getVar('SB_KEY') else '' }"
+SRC_URI_append = " ${@ "file://"+d.getVar('SB_CERT') if d.getVar('SB_CERT') else '' }"
+
+do_install() {
+ if [ -z ${SB_KEY} ] || [ -z ${SB_CERT} ]; then
+ bbfatal "You must set SB_KEY and SB_CERT and provide the required files as artifacts to this recipe"
+ fi
+ TARGET=${D}/usr/share/secure-boot-secrets
+ install -d -m 0700 ${TARGET}
+ install -m 0700 ${WORKDIR}/${SB_KEY} ${TARGET}/secure-boot.key
+ install -m 0700 ${WORKDIR}/${SB_CERT} ${TARGET}/secure-boot.pem
+}
+
+do_prepare_build_append() {
+ echo "Provides: secure-boot-secrets" >> ${S}/debian/control
+}
diff --git a/recipes-devtools/secure-boot-secrets/secure-boot-snakeoil_0.1.bb b/recipes-devtools/secure-boot-secrets/secure-boot-snakeoil_0.1.bb
new file mode 100644
index 0000000..24a5352
--- /dev/null
+++ b/recipes-devtools/secure-boot-secrets/secure-boot-snakeoil_0.1.bb
@@ -0,0 +1,17 @@
+#
+# CIP Core, generic profile
+#
+# Copyright (c) Siemens AG, 2022
+#
+# Authors:
+# Jan Kiszka <jan.kiszka@...>
+#
+# SPDX-License-Identifier: MIT
+#
+
+require secure-boot-secrets.inc
+
+SB_KEY = "PkKek-1-snakeoil.key"
+SB_CERT = "PkKek-1-snakeoil.pem"
+
+DEBIAN_CONFLICTS = "secure-boot-key"
--
2.34.1


[isar-cip-core][PATCH v2 07/13] efibootguard: Update to 0.11 release

Jan Kiszka
 

From: Jan Kiszka <jan.kiszka@...>

This version bring the new unified kernel stub and script to generate
unified kernel images from that.

That script requires python3, so we need to expand the package
dependencies. As we package all tools into a single deb, and the target
usually requires bg_{print,set}env, python3 is now also pulled onto the
target. If that should be avoided, we will have to split packaging in
future.

One extra patch is needed that missed the release. It fixes building
under buster for arm64.

Signed-off-by: Jan Kiszka <jan.kiszka@...>
---
...bootguard_0.10.bb => efibootguard_0.11.bb} | 4 +--
...efile-Drop-nostdinc-for-EFI-binaries.patch | 28 +++++++++++++++++++
.../0001-configure-Fix-aarch64-EFI-arch.patch | 28 -------------------
.../efibootguard/files/debian/control.tmpl | 2 +-
.../files/debian/efibootguard.install | 3 +-
5 files changed, 33 insertions(+), 32 deletions(-)
rename recipes-bsp/efibootguard/{efibootguard_0.10.bb => efibootguard_0.11.bb} (90%)
create mode 100644 recipes-bsp/efibootguard/files/0001-Makefile-Drop-nostdinc-for-EFI-binaries.patch
delete mode 100644 recipes-bsp/efibootguard/files/0001-configure-Fix-aarch64-EFI-arch.patch

diff --git a/recipes-bsp/efibootguard/efibootguard_0.10.bb b/recipes-bsp/efibootguard/efibootguard_0.11.bb
similarity index 90%
rename from recipes-bsp/efibootguard/efibootguard_0.10.bb
rename to recipes-bsp/efibootguard/efibootguard_0.11.bb
index bfc0ede..ef6cd9c 100644
--- a/recipes-bsp/efibootguard/efibootguard_0.10.bb
+++ b/recipes-bsp/efibootguard/efibootguard_0.11.bb
@@ -19,9 +19,9 @@ MAINTAINER = "Jan Kiszka <jan.kiszka@...>"
SRC_URI = " \
https://github.com/siemens/efibootguard/archive/refs/tags/v${PV}.tar.gz;downloadfilename=efitbootguard-v${PV}.tar.gz \
file://debian \
- file://0001-configure-Fix-aarch64-EFI-arch.patch \
+ file://0001-Makefile-Drop-nostdinc-for-EFI-binaries.patch \
"
-SRC_URI[sha256sum] = "4d58574a0bb8f1e56056ab0bcc2487d37e49fa147dc991e719c2ec8e20f88dd3"
+SRC_URI[sha256sum] = "12bd84ff63a34bef56e489b48d4f97955aa4d864eeff9ea2dea1d24a286d8ebe"

PROVIDES = "${PN}"
PROVIDES += "${PN}-dev"
diff --git a/recipes-bsp/efibootguard/files/0001-Makefile-Drop-nostdinc-for-EFI-binaries.patch b/recipes-bsp/efibootguard/files/0001-Makefile-Drop-nostdinc-for-EFI-binaries.patch
new file mode 100644
index 0000000..8cc1654
--- /dev/null
+++ b/recipes-bsp/efibootguard/files/0001-Makefile-Drop-nostdinc-for-EFI-binaries.patch
@@ -0,0 +1,28 @@
+From daf4cb61bec56dac628be83b95a7072c184eabcd Mon Sep 17 00:00:00 2001
+From: Jan Kiszka <jan.kiszka@...>
+Date: Wed, 4 May 2022 11:52:53 +0200
+Subject: [PATCH] Makefile: Drop -nostdinc for EFI binaries
+
+Not needed, also systemd-boot does not use it, and it actually triggers
+a build failure on Debian 10, possibly on other distros as well.
+
+Signed-off-by: Jan Kiszka <jan.kiszka@...>
+---
+ Makefile.am | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/Makefile.am b/Makefile.am
+index f0daa15..7398b85 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -191,7 +191,6 @@ efi_cflags = \
+ -Wall \
+ -Wextra \
+ -std=gnu99 \
+- -nostdinc \
+ -ggdb -O0 \
+ -fpic \
+ -fshort-wchar \
+--
+2.34.1
+
diff --git a/recipes-bsp/efibootguard/files/0001-configure-Fix-aarch64-EFI-arch.patch b/recipes-bsp/efibootguard/files/0001-configure-Fix-aarch64-EFI-arch.patch
deleted file mode 100644
index ee05e94..0000000
--- a/recipes-bsp/efibootguard/files/0001-configure-Fix-aarch64-EFI-arch.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 3f11612fbcbd1c17988d634ecdaecf1ec241f6e0 Mon Sep 17 00:00:00 2001
-From: Jan Kiszka <jan.kiszka@...>
-Date: Mon, 21 Mar 2022 07:02:28 +0100
-Subject: [PATCH] configure: Fix aarch64 EFI arch
-
-It's aa64 here according to the UEFI spec.
-
-Signed-off-by: Jan Kiszka <jan.kiszka@...>
----
- configure.ac | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/configure.ac b/configure.ac
-index a1a83e9..09d06d7 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -102,7 +102,7 @@ AM_COND_IF(ARCH_X86_64, [
- MACHINE_TYPE_NAME=x64])
-
- AM_COND_IF(ARCH_AARCH64, [
-- MACHINE_TYPE_NAME=aarch64])
-+ MACHINE_TYPE_NAME=aa64])
-
- AC_SUBST([ARCH])
- AC_SUBST([MACHINE_TYPE_NAME])
---
-2.34.1
-
diff --git a/recipes-bsp/efibootguard/files/debian/control.tmpl b/recipes-bsp/efibootguard/files/debian/control.tmpl
index 54b1994..f8bdd8a 100644
--- a/recipes-bsp/efibootguard/files/debian/control.tmpl
+++ b/recipes-bsp/efibootguard/files/debian/control.tmpl
@@ -7,7 +7,7 @@ Homepage: ${HOMEPAGE}
Maintainer: ${MAINTAINER}

Package: ${PN}
-Depends: ${shlibs:Depends}
+Depends: ${shlibs:Depends}, python3
Section: base
Architecture: ${DISTRO_ARCH}
Priority: required
diff --git a/recipes-bsp/efibootguard/files/debian/efibootguard.install b/recipes-bsp/efibootguard/files/debian/efibootguard.install
index 910e153..d3ea007 100755
--- a/recipes-bsp/efibootguard/files/debian/efibootguard.install
+++ b/recipes-bsp/efibootguard/files/debian/efibootguard.install
@@ -1,6 +1,7 @@
#!/usr/bin/dh-exec
bg_setenv usr/bin
bg_printenv usr/bin
-efibootguard*.efi usr/share/efibootguard
+tools/bg_gen_unified_kernel usr/bin
+*.efi usr/share/efibootguard
completion/bash/bg_printenv.bash => usr/share/bash-completion/completions/bg_printenv
completion/bash/bg_setenv.bash => usr/share/bash-completion/completions/bg_setenv
--
2.34.1


[isar-cip-core][PATCH v2 03/13] initramfs-abrootfs-hook: Remove obsolete patch

Jan Kiszka
 

From: Jan Kiszka <jan.kiszka@...>

Forgotten to remove in f1e559498116.

Signed-off-by: Jan Kiszka <jan.kiszka@...>
---
.../files/debian-local-patch | 103 ------------------
1 file changed, 103 deletions(-)
delete mode 100644 recipes-initramfs/initramfs-abrootfs-hook/files/debian-local-patch

diff --git a/recipes-initramfs/initramfs-abrootfs-hook/files/debian-local-patch b/recipes-initramfs/initramfs-abrootfs-hook/files/debian-local-patch
deleted file mode 100644
index cd2d271..0000000
--- a/recipes-initramfs/initramfs-abrootfs-hook/files/debian-local-patch
+++ /dev/null
@@ -1,103 +0,0 @@
---- local.orig 2020-11-18 14:42:43.540055680 +0530
-+++ local 2020-11-18 20:15:48.687164540 +0530
-@@ -1,5 +1,4 @@
- # Local filesystem mounting -*- shell-script -*-
--
- local_top()
- {
- if [ "${local_top_used}" != "yes" ]; then
-@@ -152,36 +151,70 @@
- DEV="${real_dev}"
- }
-
--local_mount_root()
-+local_find_by_uuid()
- {
-- local_top
-- if [ -z "${ROOT}" ]; then
-- panic "No root device specified. Boot arguments must include a root= parameter."
-- fi
-- local_device_setup "${ROOT}" "root file system"
-- ROOT="${DEV}"
-+ partitions="$1"
-
-- # Get the root filesystem type if not set
-- if [ -z "${ROOTFSTYPE}" ] || [ "${ROOTFSTYPE}" = auto ]; then
-- FSTYPE=$(get_fstype "${ROOT}")
-- else
-- FSTYPE=${ROOTFSTYPE}
-- fi
-+ for part in $partitions; do
-+ if [ "$(blkid -p ${part} --match-types novfat -s USAGE -o value)" = "filesystem" ]; then
-+ local_device_setup "${part}" "root file system"
-+ ROOT="${DEV}"
-+
-+ # Get the root filesystem type if not set
-+ if [ -z "${ROOTFSTYPE}" ] || [ "${ROOTFSTYPE}" = auto ]; then
-+ FSTYPE=$(get_fstype "${ROOT}")
-+ else
-+ FSTYPE=${ROOTFSTYPE}
-+ fi
-
-- local_premount
-+ local_premount
-
-- if [ "${readonly?}" = "y" ]; then
-- roflag=-r
-- else
-- roflag=-w
-- fi
-+ if [ "${readonly?}" = "y" ]; then
-+ roflag=-r
-+ else
-+ roflag=-w
-+ fi
-+ checkfs "${ROOT}" root "${FSTYPE}"
-
-- checkfs "${ROOT}" root "${FSTYPE}"
-+ # Mount root
-+ # shellcheck disable=SC2086
-+ if mount ${roflag} ${FSTYPE:+-t "${FSTYPE}"} ${ROOTFLAGS} "${ROOT}" "${rootmnt?}"; then
-+ if [ -e "${rootmnt?}"/etc/os-release ]; then
-+ image_uuid=$(sed -n 's/^IMAGE_UUID=//p' "${rootmnt?}"/etc/os-release | tr -d '"' )
-+ if [ "${INITRAMFS_IMAGE_UUID}" = "${image_uuid}" ]; then
-+ return 0
-+ fi
-+ fi
-+ umount "${rootmnt?}"
-+ fi
-+ fi
-+ done
-+ return 1
-+}
-
-- # Mount root
-- # shellcheck disable=SC2086
-- if ! mount ${roflag} ${FSTYPE:+-t "${FSTYPE}"} ${ROOTFLAGS} "${ROOT}" "${rootmnt?}"; then
-- panic "Failed to mount ${ROOT} as root file system."
-+local_mount_root()
-+{
-+ local_top
-+ if [ ! -e /conf/image_uuid ]; then
-+ panic "could not find image_uuid to select correct root file system"
-+ fi
-+ local INITRAMFS_IMAGE_UUID=$(cat /conf/image_uuid)
-+ local partitions=""
-+ local ret=1
-+ local timeout_uuid=0
-+ while [ "${ret}" != 0 ] && [ "${timeout_uuid}" -le 10 ]; do
-+ wait_for_udev 10
-+ partitions=$(blkid -o device)
-+ local_find_by_uuid "$partitions"
-+ ret=$?
-+ timeout_uuid="$(cat /proc/uptime)"
-+ timeout_uuid="${timeout_uuid%%[. ]*}"
-+ timeout_uuid=$((timeout_uuid - local_top_time))
-+ done
-+ if [ "${ret}" != 0 ]; then
-+ panic "Could not find ROOTFS with matching UUID $INITRAMFS_IMAGE_UUID"
-+ else
-+ return $ret
- fi
- }
-
--
2.34.1


[isar-cip-core][PATCH v2 00/13] Fixes and improvements for SWUpdate images, kernel/config update

Jan Kiszka
 

Changes in v2:
- add plugin fix for empty command line case

Various update and enhancement I try to summarize here:
- qemu-arm64 enabling for SWUpdate/secure boot using the UEFI pattern
- update to EFI Boot Guard 0.11
- switch to unified kernel images built by EFI Boot Guard
- fix for verity setups with CONFIG_DM_VERITY=m
- improve error handling when mounting /etc overlay
- update to latest CIP kernels and cip-kernel-config

Jan

Jan Kiszka (13):
initramfs-etc-overlay-hook: Improve error reporting of script
initramfs-etc-overlay-hook: Install overlay module
initramfs-abrootfs-hook: Remove obsolete patch
Rework secure boot key handling and signing recipes
linux-cip: Update cip-kernel-config for QEMU and ipc227e
linux-cip: Update to 4.19.239-cip72 and 5.10.112-cip6
efibootguard: Update to 0.11 release
efibootguard: Fix empty command line case
efibootguard: Use new unified kernel image generation
efibootguard: Add support for embedding DTBs into unified kernel
images
u-boot-qemu-arm64: Add recipe for customized version based on 2022.04
Enable SWUpdate with and w/o secure boot for QEMU arm64
start-qemu.sh: Add support for SWUpdate and secure boot mode to arm64

Kconfig | 6 +-
conf/machine/qemu-arm64.conf | 3 +
doc/README.secureboot.md | 22 ++--
kas/opt/ebg-secure-boot-snakeoil.yml | 10 +-
kas/opt/efibootguard.yml | 6 +-
...bootguard_0.10.bb => efibootguard_0.11.bb} | 4 +-
...efile-Drop-nostdinc-for-EFI-binaries.patch | 28 +++++
.../0001-configure-Fix-aarch64-EFI-arch.patch | 28 -----
.../efibootguard/files/debian/control.tmpl | 2 +-
.../files/debian/efibootguard.install | 3 +-
...-rtc_mktime-and-mktime64-Y2038-ready.patch | 107 ++++++++++++++++++
recipes-bsp/u-boot/files/rules | 40 +++++++
recipes-bsp/u-boot/files/secure-boot.cfg | 6 +
.../u-boot/u-boot-qemu-arm64_2022.04.bb | 50 ++++++++
.../ebg-secure-boot-secrets_0.1.bb | 51 ---------
.../ebg-secure-boot-secrets/files/README.md | 1 -
.../files/control.tmpl | 12 --
.../files/sign_secure_image.sh.tmpl | 22 ----
.../ebg-secure-boot-signer_0.1.bb | 26 +++++
.../files/sign_secure_image.sh | 33 ++++++
.../ebg-secure-boot-snakeoil_0.1.bb | 34 ------
.../files/control.tmpl | 12 --
.../files/sign_secure_image.sh | 36 ------
.../files/PkKek-1-snakeoil.key | 27 +++++
.../files/PkKek-1-snakeoil.pem | 21 ++++
.../secure-boot-key_0.1.bb | 14 +++
.../secure-boot-secrets.inc | 34 ++++++
.../secure-boot-snakeoil_0.1.bb | 17 +++
.../files/debian-local-patch | 103 -----------------
.../files/etc-overlay.hook | 25 ++++
.../files/etc-overlay.script | 4 +-
.../initramfs-etc-overlay-hook_0.1.bb | 3 +
recipes-kernel/linux/linux-cip-common.inc | 2 +-
...5-cip70.bb => linux-cip_4.19.239-cip72.bb} | 2 +-
...106-cip4.bb => linux-cip_5.10.112-cip6.bb} | 2 +-
.../wic/plugins/source/efibootguard-boot.py | 44 ++++---
start-qemu.sh | 67 +++++++----
wic/qemu-arm64-efibootguard-secureboot.wks.in | 15 +++
wic/qemu-arm64-efibootguard.wks.in | 13 +++
39 files changed, 559 insertions(+), 376 deletions(-)
rename recipes-bsp/efibootguard/{efibootguard_0.10.bb => efibootguard_0.11.bb} (90%)
create mode 100644 recipes-bsp/efibootguard/files/0001-Makefile-Drop-nostdinc-for-EFI-binaries.patch
delete mode 100644 recipes-bsp/efibootguard/files/0001-configure-Fix-aarch64-EFI-arch.patch
create mode 100644 recipes-bsp/u-boot/files/0001-lib-date-Make-rtc_mktime-and-mktime64-Y2038-ready.patch
create mode 100755 recipes-bsp/u-boot/files/rules
create mode 100644 recipes-bsp/u-boot/files/secure-boot.cfg
create mode 100644 recipes-bsp/u-boot/u-boot-qemu-arm64_2022.04.bb
delete mode 100644 recipes-devtools/ebg-secure-boot-secrets/ebg-secure-boot-secrets_0.1.bb
delete mode 100644 recipes-devtools/ebg-secure-boot-secrets/files/README.md
delete mode 100644 recipes-devtools/ebg-secure-boot-secrets/files/control.tmpl
delete mode 100644 recipes-devtools/ebg-secure-boot-secrets/files/sign_secure_image.sh.tmpl
create mode 100644 recipes-devtools/ebg-secure-boot-signer/ebg-secure-boot-signer_0.1.bb
create mode 100644 recipes-devtools/ebg-secure-boot-signer/files/sign_secure_image.sh
delete mode 100644 recipes-devtools/ebg-secure-boot-snakeoil/ebg-secure-boot-snakeoil_0.1.bb
delete mode 100644 recipes-devtools/ebg-secure-boot-snakeoil/files/control.tmpl
delete mode 100644 recipes-devtools/ebg-secure-boot-snakeoil/files/sign_secure_image.sh
create mode 100644 recipes-devtools/secure-boot-secrets/files/PkKek-1-snakeoil.key
create mode 100644 recipes-devtools/secure-boot-secrets/files/PkKek-1-snakeoil.pem
create mode 100644 recipes-devtools/secure-boot-secrets/secure-boot-key_0.1.bb
create mode 100644 recipes-devtools/secure-boot-secrets/secure-boot-secrets.inc
create mode 100644 recipes-devtools/secure-boot-secrets/secure-boot-snakeoil_0.1.bb
delete mode 100644 recipes-initramfs/initramfs-abrootfs-hook/files/debian-local-patch
create mode 100644 recipes-initramfs/initramfs-etc-overlay-hook/files/etc-overlay.hook
rename recipes-kernel/linux/{linux-cip_4.19.235-cip70.bb => linux-cip_4.19.239-cip72.bb} (72%)
rename recipes-kernel/linux/{linux-cip_5.10.106-cip4.bb => linux-cip_5.10.112-cip6.bb} (72%)
create mode 100644 wic/qemu-arm64-efibootguard-secureboot.wks.in
create mode 100644 wic/qemu-arm64-efibootguard.wks.in

--
2.34.1


[isar-cip-core][PATCH v2 05/13] linux-cip: Update cip-kernel-config for QEMU and ipc227e

Jan Kiszka
 

From: Jan Kiszka <jan.kiszka@...>

Needed for iTCO under -rt kernels, swupdate support on arm64 and xattr
for squashfs in swupudate scenarios.

Signed-off-by: Jan Kiszka <jan.kiszka@...>
---
recipes-kernel/linux/linux-cip-common.inc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/recipes-kernel/linux/linux-cip-common.inc b/recipes-kernel/linux/linux-cip-common.inc
index 238e5b0..0e36bd5 100644
--- a/recipes-kernel/linux/linux-cip-common.inc
+++ b/recipes-kernel/linux/linux-cip-common.inc
@@ -25,6 +25,6 @@ SRC_URI_append = " ${@ "git://gitlab.com/cip-project/cip-kernel/cip-kernel-confi

SRC_URI_append_bbb = "file://${KERNEL_DEFCONFIG}"

-SRCREV_cip-kernel-config ?= "0150b63d0e74d64cc0d5baa9b9440cc148abad8b"
+SRCREV_cip-kernel-config ?= "a8d04df6595344091eee2b242c3a0f5e108f966c"

S = "${WORKDIR}/linux-cip-v${PV}"
--
2.34.1


[isar-cip-core][PATCH v2 06/13] linux-cip: Update to 4.19.239-cip72 and 5.10.112-cip6

Jan Kiszka
 

From: Jan Kiszka <jan.kiszka@...>

Signed-off-by: Jan Kiszka <jan.kiszka@...>
---
...{linux-cip_4.19.235-cip70.bb => linux-cip_4.19.239-cip72.bb} | 2 +-
.../{linux-cip_5.10.106-cip4.bb => linux-cip_5.10.112-cip6.bb} | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
rename recipes-kernel/linux/{linux-cip_4.19.235-cip70.bb => linux-cip_4.19.239-cip72.bb} (72%)
rename recipes-kernel/linux/{linux-cip_5.10.106-cip4.bb => linux-cip_5.10.112-cip6.bb} (72%)

diff --git a/recipes-kernel/linux/linux-cip_4.19.235-cip70.bb b/recipes-kernel/linux/linux-cip_4.19.239-cip72.bb
similarity index 72%
rename from recipes-kernel/linux/linux-cip_4.19.235-cip70.bb
rename to recipes-kernel/linux/linux-cip_4.19.239-cip72.bb
index eaad5e8..718bbfb 100644
--- a/recipes-kernel/linux/linux-cip_4.19.235-cip70.bb
+++ b/recipes-kernel/linux/linux-cip_4.19.239-cip72.bb
@@ -13,4 +13,4 @@ require linux-cip-common.inc

KERNEL_DEFCONFIG_VERSION ?= "4.19.y-cip"

-SRC_URI[sha256sum] = "b3bcb1ffd82c2ccdcb96aba55bdc46c72db12b6b5442591f804c8e298ad405c4"
+SRC_URI[sha256sum] = "5f22ea902c89b1cd178706411e48a40613c1db069fa7dc5993b979fd4652c2cd"
diff --git a/recipes-kernel/linux/linux-cip_5.10.106-cip4.bb b/recipes-kernel/linux/linux-cip_5.10.112-cip6.bb
similarity index 72%
rename from recipes-kernel/linux/linux-cip_5.10.106-cip4.bb
rename to recipes-kernel/linux/linux-cip_5.10.112-cip6.bb
index 2f52cdb..b54dcb5 100644
--- a/recipes-kernel/linux/linux-cip_5.10.106-cip4.bb
+++ b/recipes-kernel/linux/linux-cip_5.10.112-cip6.bb
@@ -13,4 +13,4 @@ require linux-cip-common.inc

KERNEL_DEFCONFIG_VERSION ?= "5.10.y-cip"

-SRC_URI[sha256sum] = "512787b7f75b25e2c7f64978957bb2e6613e7c9edccc6d677ddd256109244d25"
+SRC_URI[sha256sum] = "aedeaefcb3da02fe6ab36859eb15c2e36844b2a0ea828a902b85037ad145e1ee"
--
2.34.1

941 - 960 of 9214