Date   

[isar-cip-core][PATCH v4 5/6] secure-boot: Add Debian snakeoil keys for ease-of-use

Quirin Gylstorff
 

From: Quirin Gylstorff <quirin.gylstorff@siemens.com>

Use the Debian snakeoil keys to have a demo case available without
the OVMF setup. Copy the used keys from the build to the deploy
directory to allow usage in non-Debian distributions.

Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
---
conf/distro/debian-buster-backports.list | 1 +
conf/distro/preferences.ovmf-snakeoil.conf | 3 ++
kas/opt/ebg-secure-boot-snakeoil.yml | 28 +++++++++++++++
.../ebg-secure-boot-snakeoil_0.1.bb | 34 ++++++++++++++++++
.../files/control.tmpl | 12 +++++++
.../files/sign_secure_image.sh | 36 +++++++++++++++++++
.../ovmf-binaries/files/control.tmpl | 11 ++++++
.../ovmf-binaries/ovmf-binaries_0.1.bb | 30 ++++++++++++++++
start-qemu.sh | 4 +--
9 files changed, 157 insertions(+), 2 deletions(-)
create mode 100644 conf/distro/debian-buster-backports.list
create mode 100644 conf/distro/preferences.ovmf-snakeoil.conf
create mode 100644 kas/opt/ebg-secure-boot-snakeoil.yml
create mode 100644 recipes-devtools/ebg-secure-boot-snakeoil/ebg-secure-boot-snakeoil_0.1.bb
create mode 100644 recipes-devtools/ebg-secure-boot-snakeoil/files/control.tmpl
create mode 100644 recipes-devtools/ebg-secure-boot-snakeoil/files/sign_secure_image.sh
create mode 100644 recipes-devtools/ovmf-binaries/files/control.tmpl
create mode 100644 recipes-devtools/ovmf-binaries/ovmf-binaries_0.1.bb

diff --git a/conf/distro/debian-buster-backports.list b/conf/distro/debian-buster-backports.list
new file mode 100644
index 0000000..f2dd104
--- /dev/null
+++ b/conf/distro/debian-buster-backports.list
@@ -0,0 +1 @@
+deb http://ftp.us.debian.org/debian buster-backports main contrib non-free
diff --git a/conf/distro/preferences.ovmf-snakeoil.conf b/conf/distro/preferences.ovmf-snakeoil.conf
new file mode 100644
index 0000000..b51d1d4
--- /dev/null
+++ b/conf/distro/preferences.ovmf-snakeoil.conf
@@ -0,0 +1,3 @@
+Package: ovmf
+Pin: release n=buster-backports
+Pin-Priority: 801
diff --git a/kas/opt/ebg-secure-boot-snakeoil.yml b/kas/opt/ebg-secure-boot-snakeoil.yml
new file mode 100644
index 0000000..cda8177
--- /dev/null
+++ b/kas/opt/ebg-secure-boot-snakeoil.yml
@@ -0,0 +1,28 @@
+#
+# CIP Core, generic profile
+#
+# Copyright (c) Siemens AG, 2020
+#
+# Authors:
+# Quirin Gylstorff <quirin.gylstorff@siemens.com>
+#
+# SPDX-License-Identifier: MIT
+#
+
+header:
+ version: 8
+ includes:
+ - ebg-secure-boot-base.yml
+
+
+local_conf_header:
+ secure-boot: |
+ # Add snakeoil and ovmf binaries for qemu
+ IMAGER_BUILD_DEPS += "ebg-secure-boot-snakeoil ovmf-binaries"
+ IMAGER_INSTALL += "ebg-secure-boot-snakeoil"
+ WKS_FILE = "${MACHINE}-${BOOTLOADER}-secureboot.wks"
+
+ ovmf: |
+ # snakeoil certs are only part of backports
+ DISTRO_APT_SOURCES_append = " conf/distro/debian-buster-backports.list"
+ DISTRO_APT_PREFERENCES_append = " conf/distro/preferences.ovmf-snakeoil.conf"
diff --git a/recipes-devtools/ebg-secure-boot-snakeoil/ebg-secure-boot-snakeoil_0.1.bb b/recipes-devtools/ebg-secure-boot-snakeoil/ebg-secure-boot-snakeoil_0.1.bb
new file mode 100644
index 0000000..4975d92
--- /dev/null
+++ b/recipes-devtools/ebg-secure-boot-snakeoil/ebg-secure-boot-snakeoil_0.1.bb
@@ -0,0 +1,34 @@
+#
+# CIP Core, generic profile
+#
+# Copyright (c) Siemens AG, 2020
+#
+# Authors:
+# Quirin Gylstorff <quirin.gylstorff@siemens.com>
+#
+# SPDX-License-Identifier: MIT
+#
+
+inherit dpkg-raw
+
+DESCRIPTION = "Add script to sign for secure boot with the debian snakeoil keys"
+# used to sign the image
+DEBIAN_DEPENDS = "pesign, sbsigntool, ovmf, openssl, libnss3-tools"
+
+
+# this package cannot be install together with:
+DEBIAN_CONFLICTS = "ebg-secure-boot-secrets"
+
+SRC_URI = "file://sign_secure_image.sh \
+ file://control.tmpl"
+
+TEMPLATE_FILES = "control.tmpl"
+TEMPLATE_VARS += "PN MAINTAINER DPKG_ARCH DEBIAN_DEPENDS DESCRIPTION DEBIAN_CONFLICTS"
+
+do_install() {
+ TARGET=${D}/usr/bin
+ install -d ${TARGET}
+ install -m 755 ${WORKDIR}/sign_secure_image.sh ${TARGET}/sign_secure_image.sh
+}
+
+addtask do_install after do_transform_template
diff --git a/recipes-devtools/ebg-secure-boot-snakeoil/files/control.tmpl b/recipes-devtools/ebg-secure-boot-snakeoil/files/control.tmpl
new file mode 100644
index 0000000..8361a49
--- /dev/null
+++ b/recipes-devtools/ebg-secure-boot-snakeoil/files/control.tmpl
@@ -0,0 +1,12 @@
+Source: ${PN}
+Section: misc
+Priority: optional
+Standards-Version: 3.9.6
+Maintainer: ${MAINTAINER}
+Build-Depends: debhelper (>= 9)
+
+Package: ${PN}
+Architecture: ${DPKG_ARCH}
+Depends: ${DEBIAN_DEPENDS}
+Description: ${DESCRIPTION}
+Conflicts: ${DEBIAN_CONFLICTS}
diff --git a/recipes-devtools/ebg-secure-boot-snakeoil/files/sign_secure_image.sh b/recipes-devtools/ebg-secure-boot-snakeoil/files/sign_secure_image.sh
new file mode 100644
index 0000000..081dbe9
--- /dev/null
+++ b/recipes-devtools/ebg-secure-boot-snakeoil/files/sign_secure_image.sh
@@ -0,0 +1,36 @@
+#!/bin/sh
+set -e
+set -x
+signee=$1
+signed=$2
+
+usage(){
+ echo "sign with debian snakeoil"
+ echo "$0 signee signed"
+ echo "signee: path to the image to be signed"
+ echo "signed: path to store the signed image"
+}
+
+
+if [ -z "$signee" ] || [ -z "$signed" ]; then
+ usage
+ exit 1
+fi
+
+name=snakeoil
+keydir=$(mktemp -d)
+inkey=/usr/share/ovmf/PkKek-1-snakeoil.key
+incert=/usr/share/ovmf/PkKek-1-snakeoil.pem
+nick_name=snakeoil
+TMP=$(mktemp -d)
+mkdir -p ${keydir}/${name}certdb
+certutil -N --empty-password -d ${keydir}/${name}certdb
+openssl pkcs12 -export -passin pass:"snakeoil" -passout pass: -out ${TMP}/foo_key.p12 -inkey $inkey -in $incert -name $nick_name
+pk12util -W "" -i ${TMP}/foo_key.p12 -d ${keydir}/${name}certdb
+cp $incert ${keydir}/$(basename $incert)
+rm -rf $TMP
+
+pesign --force --verbose --padding -n ${keydir}/${name}certdb -c "$nick_name" -s -i $signee -o $signed
+sbverify --cert $incert $signed
+rm -rf $keydir
+exit 0
diff --git a/recipes-devtools/ovmf-binaries/files/control.tmpl b/recipes-devtools/ovmf-binaries/files/control.tmpl
new file mode 100644
index 0000000..54641d6
--- /dev/null
+++ b/recipes-devtools/ovmf-binaries/files/control.tmpl
@@ -0,0 +1,11 @@
+Source: ${PN}
+Section: misc
+Priority: optional
+Standards-Version: 3.9.6
+Maintainer: ${MAINTAINER}
+Build-Depends: debhelper (>= 9), ${DEBIAN_BUILD_DEPENDS}
+
+Package: ${PN}
+Architecture: ${DPKG_ARCH}
+Depends: ${DEBIAN_DEPENDS}
+Description: ${DESCRIPTION}
diff --git a/recipes-devtools/ovmf-binaries/ovmf-binaries_0.1.bb b/recipes-devtools/ovmf-binaries/ovmf-binaries_0.1.bb
new file mode 100644
index 0000000..025b970
--- /dev/null
+++ b/recipes-devtools/ovmf-binaries/ovmf-binaries_0.1.bb
@@ -0,0 +1,30 @@
+#
+# CIP Core, generic profile
+#
+# Copyright (c) Siemens AG, 2020
+#
+# Authors:
+# Quirin Gylstorff <quirin.gylstorff@siemens.com>
+#
+# SPDX-License-Identifier: MIT
+#
+
+inherit dpkg-raw
+
+DESCRIPTION = "Copy the OVMF biniaries from the build changeroot to the deploy dir"
+
+# this is a empty debian package
+SRC_URI = "file://control.tmpl"
+
+DEBIAN_BUILD_DEPENDS = "ovmf"
+TEMPLATE_FILES = "control.tmpl"
+TEMPLATE_VARS += "PN DEBIAN_DEPENDS MAINTAINER DESCRIPTION DPKG_ARCH DEBIAN_BUILD_DEPENDS"
+
+
+do_extract_ovmf() {
+ install -m 0755 -d ${DEPLOY_DIR_IMAGE}
+ cp -r ${BUILDCHROOT_DIR}/usr/share/OVMF ${DEPLOY_DIR_IMAGE}
+ chown $(id -u):$(id -g) ${DEPLOY_DIR_IMAGE}/OVMF
+}
+
+addtask do_extract_ovmf after do_install_builddeps before do_dpkg_build
diff --git a/start-qemu.sh b/start-qemu.sh
index c10a34d..e53cd99 100755
--- a/start-qemu.sh
+++ b/start-qemu.sh
@@ -94,8 +94,8 @@ fi
shift 1

if [ -n "${SECURE_BOOT}" ]; then
- ovmf_code=${OVMF_CODE:-/usr/share/OVMF/OVMF_CODE.secboot.fd}
- ovmf_vars=${OVMF_VARS:-./OVMF_VARS.fd}
+ ovmf_code=${OVMF_CODE:-./build/tmp/deploy/images/qemu-amd64/OVMF/OVMF_CODE.secboot.fd}
+ ovmf_vars=${OVMF_VARS:-./build/tmp/deploy/images/qemu-amd64/OVMF/OVMF_VARS.snakeoil.fd}
QEMU_EXTRA_ARGS=" ${QEMU_EXTRA_ARGS} \
-global ICH9-LPC.disable_s3=1 \
-global isa-fdc.driveA= "
--
2.20.1


[isar-cip-core][PATCH v4 4/6] secure-boot: Add secure boot with unified kernel image

Quirin Gylstorff
 

From: Quirin Gylstorff <quirin.gylstorff@siemens.com>

A unified kernel image contains the os-release, kernel,
kernel commandline, initramfs and efi-stub in one binary.
This binary can be boot by systemd-boot and efibootguard.
It also allows to sign kernel and initramfs as one packages.

Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
---
kas/opt/ebg-secure-boot-base.yml | 18 ++++
kas/opt/ebg-swu.yml | 4 +-
recipes-core/images/cip-core-image.bb | 12 +--
.../files/secure-boot/sw-description.tmpl | 29 +++++++
recipes-core/images/files/sw-description.tmpl | 19 ++--
recipes-core/images/secureboot.inc | 21 +++++
recipes-core/images/swupdate.inc | 21 +++++
.../ebg-secure-boot-secrets_0.1.bb | 51 +++++++++++
.../ebg-secure-boot-secrets/files/README.md | 1 +
.../files/control.tmpl | 12 +++
.../files/sign_secure_image.sh.tmpl | 22 +++++
.../initramfs-config/files/postinst.tmpl | 31 -------
...enerate-sb-db-from-existing-certificate.sh | 16 ++++
scripts/generate_secure_boot_keys.sh | 51 +++++++++++
.../wic/plugins/source/efibootguard-boot.py | 87 +++++++++++++++++--
.../wic/plugins/source/efibootguard-efi.py | 40 ++++++++-
scripts/start-efishell.sh | 12 +++
start-qemu.sh | 59 +++++++++----
wic/ebg-signed-bootloader.inc | 2 +
wic/qemu-amd64-efibootguard-secureboot.wks | 9 ++
wic/qemu-amd64-efibootguard.wks | 1 -
21 files changed, 440 insertions(+), 78 deletions(-)
create mode 100644 kas/opt/ebg-secure-boot-base.yml
create mode 100644 recipes-core/images/files/secure-boot/sw-description.tmpl
create mode 100644 recipes-core/images/secureboot.inc
create mode 100644 recipes-core/images/swupdate.inc
create mode 100644 recipes-devtools/ebg-secure-boot-secrets/ebg-secure-boot-secrets_0.1.bb
create mode 100644 recipes-devtools/ebg-secure-boot-secrets/files/README.md
create mode 100644 recipes-devtools/ebg-secure-boot-secrets/files/control.tmpl
create mode 100644 recipes-devtools/ebg-secure-boot-secrets/files/sign_secure_image.sh.tmpl
delete mode 100644 recipes-support/initramfs-config/files/postinst.tmpl
create mode 100755 scripts/generate-sb-db-from-existing-certificate.sh
create mode 100755 scripts/generate_secure_boot_keys.sh
create mode 100755 scripts/start-efishell.sh
create mode 100644 wic/ebg-signed-bootloader.inc
create mode 100644 wic/qemu-amd64-efibootguard-secureboot.wks

diff --git a/kas/opt/ebg-secure-boot-base.yml b/kas/opt/ebg-secure-boot-base.yml
new file mode 100644
index 0000000..c1d98b1
--- /dev/null
+++ b/kas/opt/ebg-secure-boot-base.yml
@@ -0,0 +1,18 @@
+#
+# CIP Core, generic profile
+#
+# Copyright (c) Siemens AG, 2020
+#
+# Authors:
+# Quirin Gylstorff <quirin.gylstorff@siemens.com>
+#
+# SPDX-License-Identifier: MIT
+#
+
+header:
+ version: 8
+
+local_conf_header:
+ initramfs: |
+ IMAGE_INSTALL += "initramfs-abrootfs-secureboot"
+ SWU_DESCRIPTION = "secureboot"
diff --git a/kas/opt/ebg-swu.yml b/kas/opt/ebg-swu.yml
index 5b39730..304fa4d 100644
--- a/kas/opt/ebg-swu.yml
+++ b/kas/opt/ebg-swu.yml
@@ -22,5 +22,5 @@ local_conf_header:
WICVARS += "WDOG_TIMEOUT"

wic: |
- IMAGE_TYPE = "wic-img"
- WKS_FILE = "${MACHINE}-${BOOTLOADER}.wks"
+ IMAGE_TYPE = "wic-swu-img"
+ WKS_FILE ?= "${MACHINE}-${BOOTLOADER}.wks"
diff --git a/recipes-core/images/cip-core-image.bb b/recipes-core/images/cip-core-image.bb
index fd2fd83..2cecde3 100644
--- a/recipes-core/images/cip-core-image.bb
+++ b/recipes-core/images/cip-core-image.bb
@@ -10,18 +10,12 @@
#

inherit image
-
+inherit image_uuid
ISAR_RELEASE_CMD = "git -C ${LAYERDIR_cip-core} describe --tags --dirty --always --match 'v[0-9].[0-9]*'"
DESCRIPTION = "CIP Core image"

IMAGE_INSTALL += "customizations"

# for swupdate
-EXTRACT_PARTITIONS = "img4"
-ROOTFS_PARTITION_NAME="img4.gz"
-
-SRC_URI += "file://sw-description.tmpl"
-TEMPLATE_FILES += "sw-description.tmpl"
-TEMPLATE_VARS += "PN ROOTFS_PARTITION_NAME"
-
-SWU_ADDITIONAL_FILES += "linux.signed.efi ${ROOTFS_PARTITION_NAME}"
+SWU_DESCRIPTION ??= "swupdate"
+include ${SWU_DESCRIPTION}.inc
diff --git a/recipes-core/images/files/secure-boot/sw-description.tmpl b/recipes-core/images/files/secure-boot/sw-description.tmpl
new file mode 100644
index 0000000..bce97d0
--- /dev/null
+++ b/recipes-core/images/files/secure-boot/sw-description.tmpl
@@ -0,0 +1,29 @@
+#
+# CIP Core, generic profile
+#
+# Copyright (c) Siemens AG, 2020
+#
+# Authors:
+# Quirin Gylstorff <quirin.gylstorff@siemens.com>
+#
+# SPDX-License-Identifier: MIT
+#
+software =
+{
+ version = "0.2";
+ name = "secure boot update"
+ images: ({
+ filename = "${ROOTFS_PARTITION_NAME}";
+ device = "fedcba98-7654-3210-cafe-5e0710000001,fedcba98-7654-3210-cafe-5e0710000002";
+ type = "roundrobin";
+ compressed = "true";
+ filesystem = "ext4";
+ });
+ files: ({
+ filename = "linux.signed.efi";
+ path = "linux.signed.efi";
+ type = "kernelfile";
+ device = "sda2,sda3";
+ filesystem = "vfat";
+ })
+}
diff --git a/recipes-core/images/files/sw-description.tmpl b/recipes-core/images/files/sw-description.tmpl
index bef1984..bb34088 100644
--- a/recipes-core/images/files/sw-description.tmpl
+++ b/recipes-core/images/files/sw-description.tmpl
@@ -11,19 +11,26 @@
software =
{
version = "0.2";
- name = "ebsy secure boot update"
+ name = "cip software update"
images: ({
- filename = "${EXTRACTED_PARTITION_NAME}";
+ filename = "${ROOTFS_PARTITION_NAME}";
device = "fedcba98-7654-3210-cafe-5e0710000001,fedcba98-7654-3210-cafe-5e0710000002";
type = "roundrobin";
- compressed = true;
+ compressed = "true";
filesystem = "ext4";
});
files: ({
- filename = "linux.signed.efi";
- path = "linux.signed.efi";
+ filename = "${KERNEL_IMAGE}";
+ path = "vmlinuz";
type = "kernelfile";
device = "sda2,sda3";
filesystem = "vfat";
- })
+ },
+ {
+ filename = "${INITRD_IMAGE}";
+ path = "initrd.img";
+ type = "kernelfile";
+ device = "sda2,sda3";
+ filesystem = "vfat";
+ });
}
diff --git a/recipes-core/images/secureboot.inc b/recipes-core/images/secureboot.inc
new file mode 100644
index 0000000..3e284e0
--- /dev/null
+++ b/recipes-core/images/secureboot.inc
@@ -0,0 +1,21 @@
+#
+# CIP Core, generic profile
+#
+# Copyright (c) Siemens AG, 2020
+#
+# Authors:
+# Quirin Gylstorff <quirin.gylstorff@siemens.com>
+#
+# SPDX-License-Identifier: MIT
+#
+
+EXTRACT_PARTITIONS = "img4"
+ROOTFS_PARTITION_NAME="img4.gz"
+
+SRC_URI += "file://sw-description.tmpl"
+TEMPLATE_FILES += "sw-description.tmpl"
+
+TEMPLATE_VARS += "PN ROOTFS_PARTITION_NAME"
+
+SWU_DESCRIPTION_FILE = "sw-description"
+SWU_ADDITIONAL_FILES += "linux.signed.efi ${ROOTFS_PARTITION_NAME}"
diff --git a/recipes-core/images/swupdate.inc b/recipes-core/images/swupdate.inc
new file mode 100644
index 0000000..a88ed14
--- /dev/null
+++ b/recipes-core/images/swupdate.inc
@@ -0,0 +1,21 @@
+#
+# CIP Core, generic profile
+#
+# Copyright (c) Siemens AG, 2020
+#
+# Authors:
+# Quirin Gylstorff <quirin.gylstorff@siemens.com>
+#
+# SPDX-License-Identifier: MIT
+#
+
+FILESEXTRAPATHS_prepend := "${THISDIR}/files/secure-boot:"
+
+EXTRACT_PARTITIONS = "img4"
+ROOTFS_PARTITION_NAME="img4.gz"
+
+SRC_URI += "file://sw-description.tmpl"
+TEMPLATE_FILES += "sw-description.tmpl"
+TEMPLATE_VARS += "PN ROOTFS_PARTITION_NAME KERNEL_IMAGE INITRD_IMAGE"
+
+SWU_ADDITIONAL_FILES += "${INITRD_IMAGE} ${KERNEL_IMAGE} ${ROOTFS_PARTITION_NAME}"
diff --git a/recipes-devtools/ebg-secure-boot-secrets/ebg-secure-boot-secrets_0.1.bb b/recipes-devtools/ebg-secure-boot-secrets/ebg-secure-boot-secrets_0.1.bb
new file mode 100644
index 0000000..37b35c9
--- /dev/null
+++ b/recipes-devtools/ebg-secure-boot-secrets/ebg-secure-boot-secrets_0.1.bb
@@ -0,0 +1,51 @@
+#
+# CIP Core, generic profile
+#
+# Copyright (c) Siemens AG, 2020
+#
+# Authors:
+# Quirin Gylstorff <quirin.gylstorff@siemens.com>
+#
+# SPDX-License-Identifier: MIT
+#
+
+inherit dpkg-raw
+
+DESCRIPTION = "Add user defined secureboot certifcates to the buildchroot and the script to \
+ sign an image with the given keys"
+
+# variables
+SB_CERT_PATH = "/usr/share/ebg-secure-boot"
+SB_CERTDB ??= ""
+SB_VERIFY_CERT ??= ""
+SB_KEY_NAME ??= "demoDB"
+
+# used to sign the image
+DEBIAN_DEPENDS = "pesign, sbsigntool"
+
+# this package cannot be install together with:
+DEBIAN_CONFLICTS = "ebg-secure-boot-snakeoil"
+
+SRC_URI = " \
+ file://sign_secure_image.sh.tmpl \
+ file://control.tmpl"
+SRC_URI_append = " ${@ d.getVar(SB_CERTDB) or "" }"
+SRC_URI_append = " ${@ d.getVar(SB_VERIFY_CERT) or "" }"
+TEMPLATE_FILES = "sign_secure_image.sh.tmpl"
+TEMPLATE_VARS += "SB_CERT_PATH SB_CERTDB SB_VERIFY_CERT SB_KEY_NAME"
+
+TEMPLATE_FILES += "control.tmpl"
+TEMPLATE_VARS += "PN MAINTAINER DPKG_ARCH DEBIAN_DEPENDS DESCRIPTION DEBIAN_CONFLICTS"
+
+do_install() {
+ TARGET=${D}${SB_CERT_PATH}
+ install -m 0700 -d ${TARGET}
+ cp -a ${WORKDIR}/${SB_CERTDB} ${TARGET}/${SB_CERTDB}
+ chmod 700 ${TARGET}/${SB_CERTDB}
+ install -m 0600 ${WORKDIR}/${SB_VERIFY_CERT} ${TARGET}/${SB_VERIFY_CERT}
+ TARGET=${D}/usr/bin
+ install -d ${TARGET}
+ install -m 755 ${WORKDIR}/sign_secure_image.sh ${TARGET}/sign_secure_image.sh
+}
+
+addtask do_install after do_transform_template
diff --git a/recipes-devtools/ebg-secure-boot-secrets/files/README.md b/recipes-devtools/ebg-secure-boot-secrets/files/README.md
new file mode 100644
index 0000000..c739c51
--- /dev/null
+++ b/recipes-devtools/ebg-secure-boot-secrets/files/README.md
@@ -0,0 +1 @@
+For a secure boot image this directory needs to contain the certdb directory and the db.crt file.
diff --git a/recipes-devtools/ebg-secure-boot-secrets/files/control.tmpl b/recipes-devtools/ebg-secure-boot-secrets/files/control.tmpl
new file mode 100644
index 0000000..8361a49
--- /dev/null
+++ b/recipes-devtools/ebg-secure-boot-secrets/files/control.tmpl
@@ -0,0 +1,12 @@
+Source: ${PN}
+Section: misc
+Priority: optional
+Standards-Version: 3.9.6
+Maintainer: ${MAINTAINER}
+Build-Depends: debhelper (>= 9)
+
+Package: ${PN}
+Architecture: ${DPKG_ARCH}
+Depends: ${DEBIAN_DEPENDS}
+Description: ${DESCRIPTION}
+Conflicts: ${DEBIAN_CONFLICTS}
diff --git a/recipes-devtools/ebg-secure-boot-secrets/files/sign_secure_image.sh.tmpl b/recipes-devtools/ebg-secure-boot-secrets/files/sign_secure_image.sh.tmpl
new file mode 100644
index 0000000..e84fd4c
--- /dev/null
+++ b/recipes-devtools/ebg-secure-boot-secrets/files/sign_secure_image.sh.tmpl
@@ -0,0 +1,22 @@
+#!/bin/sh
+set -e
+set -x
+signee=$1
+signed=$2
+
+usage(){
+ echo "sign with debian snakeoil"
+ echo "$0 signee signed"
+ echo "signee: path to the image to be signed"
+ echo "signed: path to store the signed image"
+}
+
+
+if [ -z "$signee" ] || [ -z "$signed" ]; then
+ usage
+ exit 1
+fi
+
+pesign --force --verbose --padding -n ${SB_CERT_PATH}/${SB_CERTDB} -c "${SB_KEY_NAME}" -s -i $signee -o $signed
+sbverify --cert ${SB_CERT_PATH}/${SB_VERIFY_CERT} $signed
+exit 0
diff --git a/recipes-support/initramfs-config/files/postinst.tmpl b/recipes-support/initramfs-config/files/postinst.tmpl
deleted file mode 100644
index 008f68d..0000000
--- a/recipes-support/initramfs-config/files/postinst.tmpl
+++ /dev/null
@@ -1,31 +0,0 @@
-#!/bin/sh
-if [ -d /usr/share/secureboot ]; then
- patch -s -p0 /usr/share/initramfs-tools/scripts/local /usr/share/secureboot/secure-boot-debian-local.patch
-fi
-
-INITRAMFS_CONF=/etc/initramfs-tools/initramfs.conf
-if [ -f ${INITRAMFS_CONF} ]; then
- sed -i -E 's/(^MODULES=).*/\1${INITRAMFS_MODULES}/' ${INITRAMFS_CONF}
- sed -i -E 's/(^BUSYBOX=).*/\1${INITRAMFS_BUSYBOX}/' ${INITRAMFS_CONF}
- sed -i -E 's/(^COMPRESS=).*/\1${INITRAMFS_COMPRESS}/' ${INITRAMFS_CONF}
- sed -i -E 's/(^KEYMAP=).*/\1${INITRAMFS_KEYMAP}/' ${INITRAMFS_CONF}
- sed -i -E 's/(^DEVICE=).*/\1${INITRAMFS_NET_DEVICE}/' ${INITRAMFS_CONF}
- sed -i -E 's/(^NFSROOT=).*/\1${INITRAMFS_NFSROOT}/' ${INITRAMFS_CONF}
- sed -i -E 's/(^RUNSIZE=).*/\1${INITRAMFS_RUNSIZE}/' ${INITRAMFS_CONF}
- if grep -Fxq "ROOT=" "${INITRAMFS_CONF}"; then
- sed -i -E 's/(^ROOT=).*/\1${INITRAMFS_ROOT}/' ${INITRAMFS_CONF}
- else
- sed -i -E "\$aROOT=${INITRAMFS_ROOT}" ${INITRAMFS_CONF}
- fi
-fi
-
-MODULES_LIST_FILE=/etc/initramfs-tools/modules
-if [ -f ${MODULES_LIST_FILE} ]; then
- for modname in ${INITRAMFS_MODULE_LIST}; do
- if ! grep -Fxq "$modname" "${MODULES_LIST_FILE}"; then
- echo "$modname" >> "${MODULES_LIST_FILE}"
- fi
- done
-fi
-
-update-initramfs -v -u
diff --git a/scripts/generate-sb-db-from-existing-certificate.sh b/scripts/generate-sb-db-from-existing-certificate.sh
new file mode 100755
index 0000000..035f189
--- /dev/null
+++ b/scripts/generate-sb-db-from-existing-certificate.sh
@@ -0,0 +1,16 @@
+#!/bin/sh
+name=${SB_NAME:-snakeoil}
+keydir=${SB_KEYDIR:-./keys}
+if [ ! -d ${keydir} ]; then
+ mkdir -p ${keydir}
+fi
+inkey=${INKEY:-/usr/share/ovmf/PkKek-1-snakeoil.key}
+incert=${INCERT:-/usr/share/ovmf/PkKek-1-snakeoil.pem}
+nick_name=${IN_NICK:-snakeoil}
+TMP=$(mktemp -d)
+mkdir -p ${keydir}/${name}certdb
+certutil -N --empty-password -d ${keydir}/${name}certdb
+openssl pkcs12 -export -out ${TMP}/foo_key.p12 -inkey $inkey -in $incert -name $nick_name
+pk12util -i ${TMP}/foo_key.p12 -d ${keydir}/${name}certdb
+cp $incert ${keydir}/$(basename $incert)
+rm -rf $TMP
diff --git a/scripts/generate_secure_boot_keys.sh b/scripts/generate_secure_boot_keys.sh
new file mode 100755
index 0000000..8d3f8c0
--- /dev/null
+++ b/scripts/generate_secure_boot_keys.sh
@@ -0,0 +1,51 @@
+#!/bin/sh
+name=${SB_NAME:-demo}
+keydir=${SB_KEYDIR:-./keys}
+if [ ! -d ${keydir} ]; then
+ mkdir -p ${keydir}
+fi
+openssl req -new -x509 -newkey rsa:4096 -subj "/CN=${name}PK/" -outform PEM \
+ -keyout ${keydir}/${name}PK.key -out ${keydir}/${name}PK.crt -days 3650 -nodes -sha256
+openssl req -new -x509 -newkey rsa:4096 -subj "/CN=${name}KEK/" -outform PEM \
+ -keyout ${keydir}/${name}KEK.key -out ${keydir}/${name}KEK.crt -days 3650 -nodes -sha256
+openssl req -new -x509 -newkey rsa:4096 -subj "/CN=${name}DB/" -outform PEM \
+ -keyout ${keydir}/${name}DB.key -out ${keydir}/${name}DB.crt -days 3650 -nodes -sha256
+openssl x509 -in ${keydir}/${name}PK.crt -out ${keydir}/${name}PK.cer -outform DER
+openssl x509 -in ${keydir}/${name}KEK.crt -out ${keydir}/${name}KEK.cer -outform DER
+openssl x509 -in ${keydir}/${name}DB.crt -out ${keydir}/${name}DB.cer -outform DER
+
+openssl pkcs12 -export -out ${keydir}/${name}DB.p12 \
+ -in ${keydir}/${name}DB.crt -inkey ${keydir}/${name}DB.key -passout pass:
+
+GUID=$(uuidgen --random)
+echo $GUID > ${keydir}/${name}GUID
+
+cert-to-efi-sig-list -g $GUID ${keydir}/${name}PK.crt ${keydir}/${name}PK.esl
+cert-to-efi-sig-list -g $GUID ${keydir}/${name}KEK.crt ${keydir}/${name}KEK.esl
+cert-to-efi-sig-list -g $GUID ${keydir}/${name}DB.crt ${keydir}/${name}DB.esl
+rm -f ${keydir}/${name}noPK.esl
+touch ${keydir}/${name}noPK.esl
+
+sign-efi-sig-list -g $GUID \
+ -k ${keydir}/${name}PK.key -c ${keydir}/${name}PK.crt \
+ PK ${keydir}/${name}PK.esl ${keydir}/${name}PK.auth
+sign-efi-sig-list -g $GUID \
+ -k ${keydir}/${name}PK.key -c ${keydir}/${name}PK.crt \
+ PK ${keydir}/${name}noPK.esl ${keydir}/${name}noPK.auth
+sign-efi-sig-list -g $GUID \
+ -k ${keydir}/${name}PK.key -c ${keydir}/${name}PK.crt \
+ KEK ${keydir}/${name}KEK.esl ${keydir}/${name}KEK.auth
+sign-efi-sig-list -g $GUID \
+ -k ${keydir}/${name}PK.key -c ${keydir}/${name}PK.crt \
+ DB ${keydir}/${name}DB.esl ${keydir}/${name}DB.auth
+
+chmod 0600 ${keydir}/${name}*.key
+mkdir -p ${keydir}/${name}certdb
+certutil -N --empty-password -d ${keydir}/${name}certdb
+
+certutil -A -n 'PK' -d ${keydir}/${name}certdb -t CT,CT,CT -i ${keydir}/${name}PK.crt
+pk12util -W "" -d ${keydir}/${name}certdb -i ${keydir}/${name}DB.p12
+certutil -d ${keydir}/${name}certdb -A -i ${keydir}/${name}DB.crt -n "" -t u
+
+certutil -d ${keydir}/${name}certdb -K
+certutil -d ${keydir}/${name}certdb -L
diff --git a/scripts/lib/wic/plugins/source/efibootguard-boot.py b/scripts/lib/wic/plugins/source/efibootguard-boot.py
index 38d2b2e..d291f75 100644
--- a/scripts/lib/wic/plugins/source/efibootguard-boot.py
+++ b/scripts/lib/wic/plugins/source/efibootguard-boot.py
@@ -80,17 +80,29 @@ class EfibootguardBootPlugin(SourcePlugin):


boot_files = source_params.get("files", "").split(' ')
+ uefi_kernel = source_params.get("unified-kernel")
cmdline = bootloader.append
- root_dev = source_params.get("root", None)
- if not root_dev:
- msger.error("Specify root in source params")
- exit(1)
+ if uefi_kernel:
+ boot_image = cls._create_unified_kernel_image(rootfs_dir,
+ cr_workdir,
+ cmdline,
+ uefi_kernel,
+ deploy_dir,
+ kernel_image,
+ initrd_image,
+ source_params)
+ boot_files.append(boot_image)
+ else:
+ root_dev = source_params.get("root", None)
+ if not root_dev:
+ msger.error("Specify root in source params")
+ exit(1)
root_dev = root_dev.replace(":", "=")

- cmdline += " root=%s rw" % root_dev
- boot_files.append(kernel_image)
- boot_files.append(initrd_image)
- cmdline += "initrd=%s" % initrd_image if initrd_image else ""
+ cmdline += " root=%s rw" % root_dev
+ boot_files.append(kernel_image)
+ boot_files.append(initrd_image)
+ cmdline += "initrd=%s" % initrd_image if initrd_image else ""

part_rootfs_dir = "%s/disk/%s.%s" % (cr_workdir,
part.label, part.lineno)
@@ -160,3 +172,62 @@ class EfibootguardBootPlugin(SourcePlugin):

part.size = bootimg_size
part.source_file = bootimg
+
+ @classmethod
+ def _create_unified_kernel_image(cls, rootfs_dir, cr_workdir, cmdline,
+ uefi_kernel, deploy_dir, kernel_image,
+ initrd_image, source_params):
+ rootfs_path = rootfs_dir.get('ROOTFS_DIR')
+ os_release_file = "{root}/etc/os-release".format(root=rootfs_path)
+ efistub = "{rootfs_path}/usr/lib/systemd/boot/efi/linuxx64.efi.stub"\
+ .format(rootfs_path=rootfs_path)
+ msger.debug("osrelease path: %s", os_release_file)
+ kernel_cmdline_file = "{cr_workdir}/kernel-command-line-file.txt"\
+ .format(cr_workdir=cr_workdir)
+ with open(kernel_cmdline_file, "w") as cmd_fd:
+ cmd_fd.write(cmdline)
+ uefi_kernel_name = "linux.efi"
+ uefi_kernel_file = "{deploy_dir}/{uefi_kernel_name}"\
+ .format(deploy_dir=deploy_dir, uefi_kernel_name=uefi_kernel_name)
+ kernel = "{deploy_dir}/{kernel_image}"\
+ .format(deploy_dir=deploy_dir, kernel_image=kernel_image)
+ initrd = "{deploy_dir}/{initrd_image}"\
+ .format(deploy_dir=deploy_dir, initrd_image=initrd_image)
+ objcopy_cmd = 'objcopy \
+ --add-section .osrel={os_release_file} \
+ --change-section-vma .osrel=0x20000 \
+ --add-section .cmdline={kernel_cmdline_file} \
+ --change-section-vma .cmdline=0x30000 \
+ --add-section .linux={kernel} \
+ --change-section-vma .linux=0x2000000 \
+ --add-section .initrd={initrd} \
+ --change-section-vma .initrd=0x3000000 \
+ {efistub} {uefi_kernel_file}'.format(
+ os_release_file=os_release_file,
+ kernel_cmdline_file=kernel_cmdline_file,
+ kernel=kernel,
+ initrd=initrd,
+ efistub=efistub,
+ uefi_kernel_file=uefi_kernel_file)
+ exec_cmd(objcopy_cmd)
+
+ return cls._sign_file(name=uefi_kernel_name,
+ signee=uefi_kernel_file,
+ deploy_dir=deploy_dir,
+ source_params=source_params)
+
+ @classmethod
+ def _sign_file(cls, name, signee, deploy_dir, source_params):
+ sign_script = source_params.get("signwith")
+ if sign_script and os.path.exists(sign_script):
+ msger.info("sign with script %s", sign_script)
+ name = name.replace(".efi", ".signed.efi")
+ sign_cmd = "{sign_script} {signee} {deploy_dir}/{name}"\
+ .format(sign_script=sign_script, signee=signee,
+ deploy_dir=deploy_dir, name=name)
+ exec_cmd(sign_cmd)
+ elif sign_script and not os.path.exists(sign_script):
+ msger.error("Could not find script %s", sign_script)
+ exit(1)
+
+ return name
diff --git a/scripts/lib/wic/plugins/source/efibootguard-efi.py b/scripts/lib/wic/plugins/source/efibootguard-efi.py
index 5ee451f..6647212 100644
--- a/scripts/lib/wic/plugins/source/efibootguard-efi.py
+++ b/scripts/lib/wic/plugins/source/efibootguard-efi.py
@@ -64,10 +64,17 @@ class EfibootguardEFIPlugin(SourcePlugin):
exec_cmd(create_dir_cmd)

for bootloader in bootloader_files:
- cp_cmd = "cp %s/%s %s/EFI/BOOT/%s" % (deploy_dir,
- bootloader,
- part_rootfs_dir,
- bootloader)
+ signed_bootloader = cls._sign_file(bootloader,
+ "{}/{}".format(deploy_dir,
+ bootloader
+ ),
+ cr_workdir,
+ source_params)
+ # important the bootloader in deploy_dir is no longer signed
+ cp_cmd = "cp %s/%s %s/EFI/BOOT/%s" % (cr_workdir,
+ signed_bootloader,
+ part_rootfs_dir,
+ bootloader)
exec_cmd(cp_cmd, True)
du_cmd = "du --apparent-size -ks %s" % part_rootfs_dir
blocks = int(exec_cmd(du_cmd).split()[0])
@@ -100,3 +107,28 @@ class EfibootguardEFIPlugin(SourcePlugin):

part.size = efi_part_image_size
part.source_file = efi_part_image
+
+
+ @classmethod
+ def _sign_file(cls, name, signee, cr_workdir, source_params):
+ sign_script = source_params.get("signwith")
+ if sign_script and os.path.exists(sign_script):
+ work_name = name.replace(".efi", ".signed.efi")
+ sign_cmd = "{sign_script} {signee} \
+ {cr_workdir}/{work_name}".format(sign_script=sign_script,
+ signee=signee,
+ cr_workdir=cr_workdir,
+ work_name=work_name)
+ exec_cmd(sign_cmd)
+ elif sign_script and not os.path.exists(sign_script):
+ msger.error("Could not find script %s", sign_script)
+ exit(1)
+ else:
+ # if we do nothing copy the signee to the work directory
+ work_name = name
+ cp_cmd = "cp {signee} {cr_workdir}/{work_name}".format(
+ signee=signee,
+ cr_workdir=cr_workdir,
+ work_name=work_name)
+ exec_cmd(cp_cmd)
+ return work_name
diff --git a/scripts/start-efishell.sh b/scripts/start-efishell.sh
new file mode 100755
index 0000000..d451f43
--- /dev/null
+++ b/scripts/start-efishell.sh
@@ -0,0 +1,12 @@
+#!/bin/sh
+ovmf_code=${OVMF_CODE:-/usr/share/OVMF/OVMF_CODE.secboot.fd}
+ovmf_vars=${OVMF_VARS:-./OVMF_VARS.fd}
+DISK=$1
+qemu-system-x86_64 -enable-kvm -M q35 \
+ -cpu host,hv_relaxed,hv_vapic,hv-spinlocks=0xfff -smp 2 -m 2G -no-hpet \
+ -global ICH9-LPC.disable_s3=1 \
+ -global isa-fdc.driveA= \
+ -boot menu=on \
+ -drive if=pflash,format=raw,unit=0,readonly=on,file=${ovmf_code} \
+ -drive if=pflash,format=raw,file=${ovmf_vars} \
+ -drive file=fat:rw:$DISK
diff --git a/start-qemu.sh b/start-qemu.sh
index 5c17d74..c10a34d 100755
--- a/start-qemu.sh
+++ b/start-qemu.sh
@@ -15,6 +15,8 @@ usage()
echo "Usage: $0 ARCHITECTURE [QEMU_OPTIONS]"
echo -e "\nSet QEMU_PATH environment variable to use a locally " \
"built QEMU version"
+ echo -e "\nSet SECURE_BOOT environment variable to boot a secure boot environment " \
+ "This environment also needs the variables OVMF_VARS and OVMF_CODE set"
exit 1
}

@@ -22,17 +24,25 @@ if [ -n "${QEMU_PATH}" ]; then
QEMU_PATH="${QEMU_PATH}/"
fi

+if [ -z "${DISTRO_RELEASE}" ]; then
+ DISTRO_RELEASE="buster"
+fi
+if [ -z "${TARGET_IMAGE}" ];then
+ TARGET_IMAGE="cip-core-image"
+fi
+
case "$1" in
x86|x86_64|amd64)
DISTRO_ARCH=amd64
QEMU=qemu-system-x86_64
QEMU_EXTRA_ARGS=" \
- -cpu host -smp 4 \
- -enable-kvm -machine q35 \
+ -cpu qemu64 \
+ -smp 4 \
+ -machine q35,accel=kvm:tcg \
-device ide-hd,drive=disk \
-device virtio-net-pci,netdev=net"
KERNEL_CMDLINE=" \
- root=/dev/sda vga=0x305 console=ttyS0"
+ root=/dev/sda"
;;
arm64|aarch64)
DISTRO_ARCH=arm64
@@ -71,25 +81,40 @@ case "$1" in
;;
esac

-if [ -z "${DISTRO_RELEASE}" ]; then
- DISTRO_RELEASE="buster"
-fi
-
-if [ -z "${TARGET_IMAGE}" ]; then
- TARGET_IMAGE="cip-core-image"
-fi
-
IMAGE_PREFIX="$(dirname $0)/build/tmp/deploy/images/qemu-${DISTRO_ARCH}/${TARGET_IMAGE}-cip-core-${DISTRO_RELEASE}-qemu-${DISTRO_ARCH}"
-IMAGE_FILE=$(ls ${IMAGE_PREFIX}.ext4.img)

if [ -z "${DISPLAY}" ]; then
QEMU_EXTRA_ARGS="${QEMU_EXTRA_ARGS} -nographic"
+ case "$1" in
+ x86|x86_64|amd64)
+ KERNEL_CMDLINE="${KERNEL_CMDLINE} console=ttyS0"
+ esac
fi

shift 1

-${QEMU_PATH}${QEMU} \
- -drive file=${IMAGE_FILE},discard=unmap,if=none,id=disk,format=raw \
- -m 1G -serial mon:stdio -netdev user,id=net \
- -kernel ${IMAGE_PREFIX}-vmlinuz -append "${KERNEL_CMDLINE}" \
- -initrd ${IMAGE_PREFIX}-initrd.img ${QEMU_EXTRA_ARGS} "$@"
+if [ -n "${SECURE_BOOT}" ]; then
+ ovmf_code=${OVMF_CODE:-/usr/share/OVMF/OVMF_CODE.secboot.fd}
+ ovmf_vars=${OVMF_VARS:-./OVMF_VARS.fd}
+ QEMU_EXTRA_ARGS=" ${QEMU_EXTRA_ARGS} \
+ -global ICH9-LPC.disable_s3=1 \
+ -global isa-fdc.driveA= "
+
+ BOOT_FILES="-drive if=pflash,format=raw,unit=0,readonly=on,file=${ovmf_code} \
+ -drive if=pflash,format=raw,file=${ovmf_vars} \
+ -drive file=${IMAGE_PREFIX}.wic.img,discard=unmap,if=none,id=disk,format=raw"
+ ${QEMU_PATH}${QEMU} \
+ -m 1G -serial mon:stdio -netdev user,id=net \
+ ${BOOT_FILES} ${QEMU_EXTRA_ARGS} "$@"
+else
+ IMAGE_FILE=$(ls ${IMAGE_PREFIX}.ext4.img)
+
+ KERNEL_FILE=$(ls ${IMAGE_PREFIX}-vmlinuz* | tail -1)
+ INITRD_FILE=$(ls ${IMAGE_PREFIX}-initrd.img* | tail -1)
+
+ ${QEMU_PATH}${QEMU} \
+ -m 1G -serial mon:stdio -netdev user,id=net \
+ -drive file=${IMAGE_FILE},discard=unmap,if=none,id=disk,format=raw \
+ -kernel ${KERNEL_FILE} -append "${KERNEL_CMDLINE}" \
+ -initrd ${INITRD_FILE} ${QEMU_EXTRA_ARGS} "$@"
+fi
diff --git a/wic/ebg-signed-bootloader.inc b/wic/ebg-signed-bootloader.inc
new file mode 100644
index 0000000..667e014
--- /dev/null
+++ b/wic/ebg-signed-bootloader.inc
@@ -0,0 +1,2 @@
+# EFI partition containing efibootguard bootloader binary
+part --source efibootguard-efi --ondisk sda --size 16M --extra-space 0 --overhead-factor 1 --label efi --align 1024 --part-type=EF00 --active --sourceparams "signwith=/usr/bin/sign_secure_image.sh"
diff --git a/wic/qemu-amd64-efibootguard-secureboot.wks b/wic/qemu-amd64-efibootguard-secureboot.wks
new file mode 100644
index 0000000..9ccf501
--- /dev/null
+++ b/wic/qemu-amd64-efibootguard-secureboot.wks
@@ -0,0 +1,9 @@
+# short-description: Qemu-amd64 with Efibootguard and SWUpdate
+# long-description: Disk image for qemu-amd64 with EFI Boot Guard and SWUpdate
+include ebg-signed-bootloader.inc
+
+# EFI Boot Guard environment/config partitions plus Kernel files
+part --source efibootguard-boot --ondisk sda --size 32M --extra-space 0 --overhead-factor 1 --label BOOT0 --align 1024 --part-type=0700 --sourceparams "revision=2,unified-kernel=y,signwith=/usr/bin/sign_secure_image.sh"
+part --source efibootguard-boot --ondisk sda --size 32M --extra-space 0 --overhead-factor 1 --label BOOT1 --align 1024 --part-type=0700 --sourceparams "revision=1,unified-kernel=y,signwith=/usr/bin/sign_secure_image.sh"
+
+include swupdate-partition.inc
diff --git a/wic/qemu-amd64-efibootguard.wks b/wic/qemu-amd64-efibootguard.wks
index 3cd7360..a9a8446 100644
--- a/wic/qemu-amd64-efibootguard.wks
+++ b/wic/qemu-amd64-efibootguard.wks
@@ -1,5 +1,4 @@
# short-description: Qemu-amd64 with Efibootguard and SWUpdate
# long-description: Disk image for qemu-amd64 with EFI Boot Guard and SWUpdate
-
include ebg-sysparts.inc
include swupdate-partition.inc
--
2.20.1


[isar-cip-core][PATCH v4 3/6] secure-boot: select boot partition in initramfs

Quirin Gylstorff
 

From: Quirin Gylstorff <quirin.gylstorff@siemens.com>

As the usage of a unified kernel image freeze the kernel commmandline
during build time the rootfs selection for swupdate can no longer be
done with the kernel commandline and must be done later in the boot
process. Read the root filesystem /etc/os-release and check if it contains
the same uuid as stored in the initramfs . If the uuids are the same
boot the root file system.

Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
---
classes/image_uuid.bbclass | 33 ++++++++
.../files/initramfs.image_uuid.hook | 33 ++++++++
.../files/initramfs.lsblk.hook | 29 +++++++
.../initramfs-config/files/postinst.ext | 3 +
.../initramfs-config/files/postinst.tmpl | 31 ++++++++
.../files/secure-boot-debian-local-patch | 79 +++++++++++++++++++
.../initramfs-abrootfs-secureboot_0.1.bb | 38 +++++++++
7 files changed, 246 insertions(+)
create mode 100644 classes/image_uuid.bbclass
create mode 100644 recipes-support/initramfs-config/files/initramfs.image_uuid.hook
create mode 100644 recipes-support/initramfs-config/files/initramfs.lsblk.hook
create mode 100644 recipes-support/initramfs-config/files/postinst.ext
create mode 100644 recipes-support/initramfs-config/files/postinst.tmpl
create mode 100644 recipes-support/initramfs-config/files/secure-boot-debian-local-patch
create mode 100644 recipes-support/initramfs-config/initramfs-abrootfs-secureboot_0.1.bb

diff --git a/classes/image_uuid.bbclass b/classes/image_uuid.bbclass
new file mode 100644
index 0000000..d5337b8
--- /dev/null
+++ b/classes/image_uuid.bbclass
@@ -0,0 +1,33 @@
+#
+# CIP Core, generic profile
+#
+# Copyright (c) Siemens AG, 2020
+#
+# Authors:
+# Quirin Gylstorff <quirin.gylstorff@siemens.com>
+#
+# SPDX-License-Identifier: MIT
+#
+
+def generate_image_uuid(d):
+ import uuid
+
+ base_hash = d.getVar("BB_BASEHASH_task-do_rootfs_install", True)
+ if base_hash is None:
+ return None
+ return str(uuid.UUID(base_hash[:32], version=4))
+
+IMAGE_UUID ?= "${@generate_image_uuid(d)}"
+
+do_generate_image_uuid[vardeps] += "IMAGE_UUID"
+do_generate_image_uuid[depends] = "buildchroot-target:do_build"
+do_generate_image_uuid() {
+ sudo sed -i '/^IMAGE_UUID=.*/d' '${IMAGE_ROOTFS}/etc/os-release'
+ echo "IMAGE_UUID=\"${IMAGE_UUID}\"" | \
+ sudo tee -a '${IMAGE_ROOTFS}/etc/os-release'
+ image_do_mounts
+
+ # update initramfs to add uuid
+ sudo chroot '${IMAGE_ROOTFS}' update-initramfs -u
+}
+addtask generate_image_uuid before do_copy_boot_files after do_rootfs_install
diff --git a/recipes-support/initramfs-config/files/initramfs.image_uuid.hook b/recipes-support/initramfs-config/files/initramfs.image_uuid.hook
new file mode 100644
index 0000000..910ce84
--- /dev/null
+++ b/recipes-support/initramfs-config/files/initramfs.image_uuid.hook
@@ -0,0 +1,33 @@
+# This software is a part of ISAR.
+# Copyright (C) Siemens AG, 2020
+#
+# SPDX-License-Identifier: MIT
+
+#!/bin/sh
+set -x
+PREREQ=""
+
+prereqs()
+{
+ echo "$PREREQ"
+}
+
+case $1 in
+prereqs)
+ prereqs
+ exit 0
+ ;;
+esac
+
+. /usr/share/initramfs-tools/scripts/functions
+. /usr/share/initramfs-tools/hook-functions
+
+if [ ! -e /etc/os-release ]; then
+ echo "Warning: couldn't find /etc/os-release!"
+ exit 0
+fi
+
+IMAGE_UUID=$(sed -n 's/^IMAGE_UUID="\(.*\)"/\1/p' /etc/os-release)
+echo "${IMAGE_UUID}" > "${DESTDIR}/conf/image_uuid"
+
+exit 0
\ No newline at end of file
diff --git a/recipes-support/initramfs-config/files/initramfs.lsblk.hook b/recipes-support/initramfs-config/files/initramfs.lsblk.hook
new file mode 100644
index 0000000..cf32404
--- /dev/null
+++ b/recipes-support/initramfs-config/files/initramfs.lsblk.hook
@@ -0,0 +1,29 @@
+# This software is a part of ISAR.
+# Copyright (C) Siemens AG, 2020
+#
+# SPDX-License-Identifier: MIT
+
+#!/bin/sh
+PREREQ=""
+
+prereqs()
+{
+ echo "$PREREQ"
+}
+
+case $1 in
+prereqs)
+ prereqs
+ exit 0
+ ;;
+esac
+
+. /usr/share/initramfs-tools/scripts/functions
+. /usr/share/initramfs-tools/hook-functions
+
+if [ ! -x /usr/bin/lsblk ]; then
+ echo "Warning: couldn't find /usr/bin/lsblk!"
+ exit 0
+fi
+
+copy_exec /usr/bin/lsblk
diff --git a/recipes-support/initramfs-config/files/postinst.ext b/recipes-support/initramfs-config/files/postinst.ext
new file mode 100644
index 0000000..cdafa74
--- /dev/null
+++ b/recipes-support/initramfs-config/files/postinst.ext
@@ -0,0 +1,3 @@
+if [ -d /usr/share/secureboot ]; then
+ patch -s -p0 /usr/share/initramfs-tools/scripts/local /usr/share/secureboot/secure-boot-debian-local.patch
+fi
diff --git a/recipes-support/initramfs-config/files/postinst.tmpl b/recipes-support/initramfs-config/files/postinst.tmpl
new file mode 100644
index 0000000..008f68d
--- /dev/null
+++ b/recipes-support/initramfs-config/files/postinst.tmpl
@@ -0,0 +1,31 @@
+#!/bin/sh
+if [ -d /usr/share/secureboot ]; then
+ patch -s -p0 /usr/share/initramfs-tools/scripts/local /usr/share/secureboot/secure-boot-debian-local.patch
+fi
+
+INITRAMFS_CONF=/etc/initramfs-tools/initramfs.conf
+if [ -f ${INITRAMFS_CONF} ]; then
+ sed -i -E 's/(^MODULES=).*/\1${INITRAMFS_MODULES}/' ${INITRAMFS_CONF}
+ sed -i -E 's/(^BUSYBOX=).*/\1${INITRAMFS_BUSYBOX}/' ${INITRAMFS_CONF}
+ sed -i -E 's/(^COMPRESS=).*/\1${INITRAMFS_COMPRESS}/' ${INITRAMFS_CONF}
+ sed -i -E 's/(^KEYMAP=).*/\1${INITRAMFS_KEYMAP}/' ${INITRAMFS_CONF}
+ sed -i -E 's/(^DEVICE=).*/\1${INITRAMFS_NET_DEVICE}/' ${INITRAMFS_CONF}
+ sed -i -E 's/(^NFSROOT=).*/\1${INITRAMFS_NFSROOT}/' ${INITRAMFS_CONF}
+ sed -i -E 's/(^RUNSIZE=).*/\1${INITRAMFS_RUNSIZE}/' ${INITRAMFS_CONF}
+ if grep -Fxq "ROOT=" "${INITRAMFS_CONF}"; then
+ sed -i -E 's/(^ROOT=).*/\1${INITRAMFS_ROOT}/' ${INITRAMFS_CONF}
+ else
+ sed -i -E "\$aROOT=${INITRAMFS_ROOT}" ${INITRAMFS_CONF}
+ fi
+fi
+
+MODULES_LIST_FILE=/etc/initramfs-tools/modules
+if [ -f ${MODULES_LIST_FILE} ]; then
+ for modname in ${INITRAMFS_MODULE_LIST}; do
+ if ! grep -Fxq "$modname" "${MODULES_LIST_FILE}"; then
+ echo "$modname" >> "${MODULES_LIST_FILE}"
+ fi
+ done
+fi
+
+update-initramfs -v -u
diff --git a/recipes-support/initramfs-config/files/secure-boot-debian-local-patch b/recipes-support/initramfs-config/files/secure-boot-debian-local-patch
new file mode 100644
index 0000000..219578c
--- /dev/null
+++ b/recipes-support/initramfs-config/files/secure-boot-debian-local-patch
@@ -0,0 +1,79 @@
+--- local 2020-07-02 14:59:15.461895194 +0200
++++ ../../../../../../../../../../../recipes-support/initramfs-config/files/local 2020-07-02 14:58:58.405730914 +0200
+@@ -1,5 +1,4 @@
+ # Local filesystem mounting -*- shell-script -*-
+-
+ local_top()
+ {
+ if [ "${local_top_used}" != "yes" ]; then
+@@ -155,34 +154,47 @@
+ local_mount_root()
+ {
+ local_top
+- if [ -z "${ROOT}" ]; then
+- panic "No root device specified. Boot arguments must include a root= parameter."
+- fi
+- local_device_setup "${ROOT}" "root file system"
+- ROOT="${DEV}"
+-
+- # Get the root filesystem type if not set
+- if [ -z "${ROOTFSTYPE}" ] || [ "${ROOTFSTYPE}" = auto ]; then
+- FSTYPE=$(get_fstype "${ROOT}")
+- else
+- FSTYPE=${ROOTFSTYPE}
++ if [ ! -e /conf/image_uuid ]; then
++ panic "could not find image_uuid to select correct root file system"
+ fi
++ local INITRAMFS_IMAGE_UUID=$(cat /conf/image_uuid)
++ local partitions=$(blkid -o device)
++ for part in $partitions; do
++ if [ "$(blkid -p ${part} --match-types novfat -s USAGE -o value)" = "filesystem" ]; then
++ local_device_setup "${part}" "root file system"
++ ROOT="${DEV}"
++
++ # Get the root filesystem type if not set
++ if [ -z "${ROOTFSTYPE}" ] || [ "${ROOTFSTYPE}" = auto ]; then
++ FSTYPE=$(get_fstype "${ROOT}")
++ else
++ FSTYPE=${ROOTFSTYPE}
++ fi
+
+- local_premount
++ local_premount
+
+- if [ "${readonly?}" = "y" ]; then
+- roflag=-r
+- else
+- roflag=-w
+- fi
++ if [ "${readonly?}" = "y" ]; then
++ roflag=-r
++ else
++ roflag=-w
++ fi
++ checkfs "${ROOT}" root "${FSTYPE}"
+
+- checkfs "${ROOT}" root "${FSTYPE}"
++ # Mount root
++ # shellcheck disable=SC2086
++ if mount ${roflag} ${FSTYPE:+-t "${FSTYPE}"} ${ROOTFLAGS} "${ROOT}" "${rootmnt?}"; then
++ if [ -e "${rootmnt?}"/etc/os-release ]; then
++ image_uuid=$(sed -n 's/^IMAGE_UUID=//p' "${rootmnt?}"/etc/os-release | tr -d '"' )
++ if [ "${INITRAMFS_IMAGE_UUID}" = "${image_uuid}" ]; then
++ return
++ fi
++ fi
++ umount "${rootmnt?}"
++ fi
++ fi
++ done
++ panic "Could not find ROOTFS with matching UUID $INITRAMFS_IMAGE_UUID"
+
+- # Mount root
+- # shellcheck disable=SC2086
+- if ! mount ${roflag} ${FSTYPE:+-t "${FSTYPE}"} ${ROOTFLAGS} "${ROOT}" "${rootmnt?}"; then
+- panic "Failed to mount ${ROOT} as root file system."
+- fi
+ }
+
+ local_mount_fs()
diff --git a/recipes-support/initramfs-config/initramfs-abrootfs-secureboot_0.1.bb b/recipes-support/initramfs-config/initramfs-abrootfs-secureboot_0.1.bb
new file mode 100644
index 0000000..0be9871
--- /dev/null
+++ b/recipes-support/initramfs-config/initramfs-abrootfs-secureboot_0.1.bb
@@ -0,0 +1,38 @@
+#
+# CIP Core, generic profile
+#
+# Copyright (c) Siemens AG, 2020
+#
+# Authors:
+# Quirin Gylstorff <quirin.gylstorff@siemens.com>
+#
+# SPDX-License-Identifier: MIT
+
+require recipes-support/initramfs-config/initramfs-config.inc
+
+FILESPATH =. "${LAYERDIR_isar-siemens}/recipes-support/initramfs-config/files:"
+
+DEBIAN_DEPENDS += ", busybox, patch"
+
+SRC_URI += "file://postinst.ext \
+ file://initramfs.lsblk.hook \
+ file://initramfs.image_uuid.hook \
+ file://secure-boot-debian-local-patch"
+
+INITRAMFS_BUSYBOX = "y"
+
+do_install() {
+ # add patch for local to /usr/share/secure boot
+ TARGET=${D}/usr/share/secureboot
+ install -m 0755 -d ${TARGET}
+ install -m 0644 ${WORKDIR}/secure-boot-debian-local-patch ${TARGET}/secure-boot-debian-local.patch
+ # patch postinst
+ sed -i -e '/configure)/r ${WORKDIR}/postinst.ext' ${WORKDIR}/postinst
+
+ # add hooks for secure boot
+ HOOKS=${D}/etc/initramfs-tools/hooks
+install -m 0755 -d ${HOOKS}
+ install -m 0740 ${WORKDIR}/initramfs.lsblk.hook ${HOOKS}/lsblk.hook
+ install -m 0740 ${WORKDIR}/initramfs.image_uuid.hook ${HOOKS}/image_uuid.hook
+}
+addtask do_install after do_transform_template
--
2.20.1


[isar-cip-core][PATCH v4 2/6] isar-patch: Add initramfs-config patch

Quirin Gylstorff
 

From: Quirin Gylstorff <quirin.gylstorff@siemens.com>

Adapt the initramfs generation to set for example the root device
in the initramfs

Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
---
.../0001-u-boot-add-libubootenv.patch | 161 +++++++-------
...-support-Generate-a-custom-initramfs.patch | 207 ++++++++++++++++++
kas-cip.yml | 3 +
3 files changed, 290 insertions(+), 81 deletions(-)
create mode 100644 isar-patches/v7-0001-meta-support-Generate-a-custom-initramfs.patch

diff --git a/isar-patches/0001-u-boot-add-libubootenv.patch b/isar-patches/0001-u-boot-add-libubootenv.patch
index 10a5b4a..6002cf1 100644
--- a/isar-patches/0001-u-boot-add-libubootenv.patch
+++ b/isar-patches/0001-u-boot-add-libubootenv.patch
@@ -1,4 +1,4 @@
-From 76897e89977f895495e21e37cb76f90392d55ef9 Mon Sep 17 00:00:00 2001
+From dda00e6addc7c51862b8175d473a1ea42dcd5c9e Mon Sep 17 00:00:00 2001
From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
Date: Fri, 19 Jun 2020 17:00:36 +0200
Subject: [PATCH v2] u-boot: add libubootenv
@@ -16,20 +16,25 @@ as both try to install fw_printenv and fw_sentenv. This conflict is not
part of the control file as it breaks the installation of custom u-boot-tools
from the u-boot-sources.

+This patch uses dpkg-gdb to build the package from salsa.debian.org and adds
+a fix for https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=967487.
+
Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
---
+
+Changes V2:
+- use dpkg-gbd instead dpkg
+- use salsa.debian.org as source
+- add fix for https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=967487
+
meta-isar/conf/machine/de0-nano-soc.conf | 2 +-
- .../libubootenv/files/debian/compat | 1 +
- .../libubootenv/files/debian/control.tmpl | 15 +++++++++
- .../libubootenv/files/debian/rules.tmpl | 24 ++++++++++++++
- .../libubootenv/libubootenv_0.2.bb | 32 +++++++++++++++++++
+ .../0002-Add-support-GNUInstallDirs.patch | 48 +++++++++++++++++++
+ .../libubootenv/libubootenv_0.2.bb | 30 ++++++++++++
.../files/debian/u-boot-tools.conffiles | 1 -
- .../u-boot/files/debian/u-boot-tools.install | 2 --
+ .../u-boot/files/debian/u-boot-tools.install | 2 -
.../u-boot/files/debian/u-boot-tools.links | 1 -
- 8 files changed, 73 insertions(+), 5 deletions(-)
- create mode 100644 meta/recipes-bsp/libubootenv/files/debian/compat
- create mode 100644 meta/recipes-bsp/libubootenv/files/debian/control.tmpl
- create mode 100644 meta/recipes-bsp/libubootenv/files/debian/rules.tmpl
+ 6 files changed, 79 insertions(+), 5 deletions(-)
+ create mode 100644 meta/recipes-bsp/libubootenv/files/0002-Add-support-GNUInstallDirs.patch
create mode 100644 meta/recipes-bsp/libubootenv/libubootenv_0.2.bb
delete mode 100644 meta/recipes-bsp/u-boot/files/debian/u-boot-tools.conffiles
delete mode 100644 meta/recipes-bsp/u-boot/files/debian/u-boot-tools.links
@@ -44,70 +49,66 @@ index 3a2c009..6558d90 100644

-IMAGE_INSTALL += "u-boot-tools u-boot-script"
+IMAGE_INSTALL += "u-boot-tools libubootenv u-boot-script"
-diff --git a/meta/recipes-bsp/libubootenv/files/debian/compat b/meta/recipes-bsp/libubootenv/files/debian/compat
-new file mode 100644
-index 0000000..b4de394
---- /dev/null
-+++ b/meta/recipes-bsp/libubootenv/files/debian/compat
-@@ -0,0 +1 @@
-+11
-diff --git a/meta/recipes-bsp/libubootenv/files/debian/control.tmpl b/meta/recipes-bsp/libubootenv/files/debian/control.tmpl
+diff --git a/meta/recipes-bsp/libubootenv/files/0002-Add-support-GNUInstallDirs.patch b/meta/recipes-bsp/libubootenv/files/0002-Add-support-GNUInstallDirs.patch
new file mode 100644
-index 0000000..fade69a
+index 0000000..f8c3038
--- /dev/null
-+++ b/meta/recipes-bsp/libubootenv/files/debian/control.tmpl
-@@ -0,0 +1,15 @@
-+Source: libubootenv
-+Section: embedded
-+Priority: optional
-+Maintainer: Stefano Babic <sbabic@denx.de>
-+Build-Depends: ${BUILD_DEB_DEPENDS}
-+Standards-Version: 4.2.1
-+Homepage: https://sbabic.github.io/libubootenv
-+
-+Package: libubootenv
-+Architecture: any
-+Depends: ${DEBIAN_DEPENDS}
-+Description: libubootenv is a library that provides a hardware independent
-+ way to access to U-Boot environment. U-Boot has its default environment
-+ compiled board-dependently and this means that tools to access the environment
-+ are also board specific, too.
-diff --git a/meta/recipes-bsp/libubootenv/files/debian/rules.tmpl b/meta/recipes-bsp/libubootenv/files/debian/rules.tmpl
-new file mode 100644
-index 0000000..56ccd19
---- /dev/null
-+++ b/meta/recipes-bsp/libubootenv/files/debian/rules.tmpl
-@@ -0,0 +1,24 @@
-+#!/usr/bin/make -f
-+
-+ifneq ($(DEB_BUILD_GNU_TYPE),$(DEB_HOST_GNU_TYPE))
-+export CROSS_COMPILE=$(DEB_HOST_GNU_TYPE)-
-+export CC=$(DEB_HOST_GNU_TYPE)-gcc
-+export LD=$(DEB_HOST_GNU_TYPE)-gcc
-+endif
-+
-+export DH_VERBOSE = 1
++++ b/meta/recipes-bsp/libubootenv/files/0002-Add-support-GNUInstallDirs.patch
+@@ -0,0 +1,48 @@
++From b17d194bd8285a19382a902a0bec9e5e042df064 Mon Sep 17 00:00:00 2001
++From: Nobuhiro Iwamatsu <nobuhiro1.iwamatsu@toshiba.co.jp>
++Date: Tue, 16 Apr 2019 08:52:01 +0900
++Subject: [PATCH 2/4] Add support GNUInstallDirs
++
++This adds the functionality of the module "GNUInstallDirs" to make the
++installation compatible with GNU.
++
++https://cmake.org/cmake/help/v3.14/module/GNUInstallDirs.html
++
++Signed-off-by: Nobuhiro Iwamatsu <nobuhiro1.iwamatsu@toshiba.co.jp>
++---
++ CMakeLists.txt | 2 ++
++ src/CMakeLists.txt | 8 ++++----
++ 2 files changed, 6 insertions(+), 4 deletions(-)
++
++diff --git a/CMakeLists.txt b/CMakeLists.txt
++index 104969e..57477fc 100644
++--- a/CMakeLists.txt
+++++ b/CMakeLists.txt
++@@ -10,6 +10,8 @@ add_definitions(-DVERSION="${VERSION}")
++
++ set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -std=gnu99")
++
+++include("GNUInstallDirs")
+++
++ #set(CMAKE_C_FLAGS_DEBUG "-g")
++ include_directories ("${PROJECT_SOURCE_DIR}/src")
++ add_subdirectory (src)
++diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
++index ea5979c..d97f221 100644
++--- a/src/CMakeLists.txt
+++++ b/src/CMakeLists.txt
++@@ -19,7 +19,7 @@ add_executable(fw_setenv fw_setenv.c)
++ target_link_libraries(fw_printenv ubootenv z)
++ target_link_libraries(fw_setenv ubootenv z)
++
++-install (TARGETS ubootenv DESTINATION lib)
++-install (FILES libuboot.h DESTINATION include)
++-install (TARGETS fw_printenv DESTINATION bin)
++-install (TARGETS fw_setenv DESTINATION bin)
+++install (TARGETS ubootenv DESTINATION "${CMAKE_INSTALL_LIBDIR}")
+++install (FILES libuboot.h DESTINATION "${CMAKE_INSTALL_INCLUDEDIR}")
+++install (TARGETS fw_printenv DESTINATION "${CMAKE_INSTALL_BINDIR}")
+++install (TARGETS fw_setenv DESTINATION "${CMAKE_INSTALL_BINDIR}")
++--
++2.20.1
+
-+export DEB_BUILD_MAINT_OPTIONS = hardening=+bindnow
-+
-+override_dh_auto_configure:
-+ dh_auto_configure --
-+
-+%:
-+ echo $@
-+ dh $@
-+
-+override_dh_installchangelogs:
-+ true
-+
-+override_dh_installdocs:
-+ true
diff --git a/meta/recipes-bsp/libubootenv/libubootenv_0.2.bb b/meta/recipes-bsp/libubootenv/libubootenv_0.2.bb
new file mode 100644
-index 0000000..1be058c
+index 0000000..995e581
--- /dev/null
+++ b/meta/recipes-bsp/libubootenv/libubootenv_0.2.bb
-@@ -0,0 +1,32 @@
+@@ -0,0 +1,30 @@
+# libubootenv
+#
+# This software is a part of ISAR.
@@ -119,26 +120,24 @@ index 0000000..1be058c
+HOMEPAGE= "https://github.com/sbabic/swupdate"
+LICENSE = "GPL-2.0"
+LIC_FILES_CHKSUM = "file://${LAYERDIR_isar}/licenses/COPYING.GPLv2;md5=751419260aa954499f7abaabaa882bbe"
-+SRC_URI = "gitsm://github.com/sbabic/libubootenv.git;branch=master;protocol=https"
-+
-+SRCREV = "bf6ff631c0e38cede67268ceb8bf1383b5f8848e"
+
-+BUILD_DEB_DEPENDS = "cmake, zlib1g-dev"
++inherit dpkg-gbp
+
-+SRC_URI += "file://debian"
-+TEMPLATE_FILES = "debian/control.tmpl debian/rules.tmpl"
-+TEMPLATE_VARS += "BUILD_DEB_DEPENDS DEFCONFIG DEBIAN_DEPENDS"
-+
-+
-+inherit dpkg
++SRC_URI = "git://salsa.debian.org/debian/libubootenv.git;protocol=https \
++ file://0002-Add-support-GNUInstallDirs.patch;apply=no "
++SRCREV = "2c7cb6d941d906dcc1d2e447cc17e418485dff12"
+
+S = "${WORKDIR}/git"
+
+do_prepare_build() {
-+ DEBDIR=${S}/debian
-+ install -d ${DEBDIR}
-+ cp -R ${WORKDIR}/debian ${S}
-+ deb_add_changelog
++ cd ${S}
++ export QUILT_PATCHES=debian/patches
++ quilt import -f ${WORKDIR}/*.patch
++ quilt push -a
++}
++
++dpkg_runbuild_prepend() {
++ export DEB_BUILD_OPTIONS="nocheck"
+}
diff --git a/meta/recipes-bsp/u-boot/files/debian/u-boot-tools.conffiles b/meta/recipes-bsp/u-boot/files/debian/u-boot-tools.conffiles
deleted file mode 100644
diff --git a/isar-patches/v7-0001-meta-support-Generate-a-custom-initramfs.patch b/isar-patches/v7-0001-meta-support-Generate-a-custom-initramfs.patch
new file mode 100644
index 0000000..f8fb28e
--- /dev/null
+++ b/isar-patches/v7-0001-meta-support-Generate-a-custom-initramfs.patch
@@ -0,0 +1,207 @@
+From 7c85e2e363fd39e60bf5041d02e14e8bd62c1a68 Mon Sep 17 00:00:00 2001
+From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
+Date: Tue, 24 Mar 2020 17:58:08 +0100
+Subject: [PATCH v7 1/3] meta/support: Generate a custom initramfs
+
+This package sets the Parameters for mkinitramfs/update-intramfs
+before it regenerates the initrd.img of debian with a modified version.
+
+Use cases are the remove unnecessary kernel modules to reduce the
+size of the initrd by using the parameters:
+```
+INITRAMFS_MODULES = "list"
+INITRAMFS_MODULE_LIST += "ext4"
+```
+
+Set the boot root during the initrd generation by setting `INITRAMFS_ROOT`.
+
+see also man pages of mkinitramfs and initramfs.conf.
+
+Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
+---
+ .../initramfs-config/initramfs-config_0.1.bb | 6 +++
+ .../initramfs-config/files/control.tmpl | 12 +++++
+ .../initramfs-config/files/postinst.tmpl | 50 +++++++++++++++++++
+ .../initramfs-config/files/postrm.tmpl | 41 +++++++++++++++
+ .../initramfs-config/initramfs-config.inc | 32 ++++++++++++
+ 5 files changed, 141 insertions(+)
+ create mode 100644 meta-isar/recipes-support/initramfs-config/initramfs-config_0.1.bb
+ create mode 100644 meta/recipes-support/initramfs-config/files/control.tmpl
+ create mode 100644 meta/recipes-support/initramfs-config/files/postinst.tmpl
+ create mode 100644 meta/recipes-support/initramfs-config/files/postrm.tmpl
+ create mode 100644 meta/recipes-support/initramfs-config/initramfs-config.inc
+
+diff --git a/meta-isar/recipes-support/initramfs-config/initramfs-config_0.1.bb b/meta-isar/recipes-support/initramfs-config/initramfs-config_0.1.bb
+new file mode 100644
+index 0000000..c951e8a
+--- /dev/null
++++ b/meta-isar/recipes-support/initramfs-config/initramfs-config_0.1.bb
+@@ -0,0 +1,6 @@
++#
++# Copyright (C) Siemens AG, 2020
++#
++# SPDX-License-Identifier: MIT
++
++require recipes-support/initramfs-config/initramfs-config.inc
+diff --git a/meta/recipes-support/initramfs-config/files/control.tmpl b/meta/recipes-support/initramfs-config/files/control.tmpl
+new file mode 100644
+index 0000000..66984eb
+--- /dev/null
++++ b/meta/recipes-support/initramfs-config/files/control.tmpl
+@@ -0,0 +1,12 @@
++Source: ${PN}
++Section: misc
++Priority: optional
++Standards-Version: 3.9.6
++Maintainer: isar-users <isar-users@googlegroups.com>
++Build-Depends: debhelper (>= 9)
++
++
++Package: ${PN}
++Architecture: any
++Depends: ${shlibs:Depends}, ${misc:Depends}, initramfs-tools-core, ${DEBIAN_DEPENDS}
++Description: Configuration files for a custom initramfs
+diff --git a/meta/recipes-support/initramfs-config/files/postinst.tmpl b/meta/recipes-support/initramfs-config/files/postinst.tmpl
+new file mode 100644
+index 0000000..e523906
+--- /dev/null
++++ b/meta/recipes-support/initramfs-config/files/postinst.tmpl
+@@ -0,0 +1,50 @@
++#!/bin/sh
++# postinst script for initramfs-config
++#
++# see: dh_installdeb(1)
++
++set -e
++
++case "$1" in
++ configure)
++ INITRAMFS_CONF=/etc/initramfs-tools/initramfs.conf
++ if [ -f ${INITRAMFS_CONF} ]; then
++ sed -i -E 's/(^MODULES=).*/\1${INITRAMFS_MODULES}/' ${INITRAMFS_CONF}
++ sed -i -E 's/(^BUSYBOX=).*/\1${INITRAMFS_BUSYBOX}/' ${INITRAMFS_CONF}
++ sed -i -E 's/(^COMPRESS=).*/\1${INITRAMFS_COMPRESS}/' ${INITRAMFS_CONF}
++ sed -i -E 's/(^KEYMAP=).*/\1${INITRAMFS_KEYMAP}/' ${INITRAMFS_CONF}
++ sed -i -E 's/(^DEVICE=).*/\1${INITRAMFS_NET_DEVICE}/' ${INITRAMFS_CONF}
++ sed -i -E 's/(^NFSROOT=).*/\1${INITRAMFS_NFSROOT}/' ${INITRAMFS_CONF}
++ sed -i -E 's/(^RUNSIZE=).*/\1${INITRAMFS_RUNSIZE}/' ${INITRAMFS_CONF}
++ if grep -Fxq "ROOT=" "${INITRAMFS_CONF}"; then
++ sed -i -E 's/(^ROOT=).*/\1${INITRAMFS_ROOT}/' ${INITRAMFS_CONF}
++ else
++ sed -i -E "\$aROOT=${INITRAMFS_ROOT}" ${INITRAMFS_CONF}
++ fi
++ fi
++
++ MODULES_LIST_FILE=/etc/initramfs-tools/modules
++ if [ -f ${MODULES_LIST_FILE} ]; then
++ for modname in ${INITRAMFS_MODULE_LIST}; do
++ if ! grep -Fxq "$modname" "${MODULES_LIST_FILE}"; then
++ echo "$modname" >> "${MODULES_LIST_FILE}"
++ fi
++ done
++ fi
++
++ update-initramfs -v -u
++
++ ;;
++ abort-upgrade|abort-remove|abort-deconfigure)
++ ;;
++
++ *)
++ echo "postinst called with unknown argument \`$1'" >&2
++ exit 1
++ ;;
++esac
++# dh_installdeb will replace this with shell code automatically
++# generated by other debhelper scripts.
++#DEBHELPER#
++
++exit 0
+diff --git a/meta/recipes-support/initramfs-config/files/postrm.tmpl b/meta/recipes-support/initramfs-config/files/postrm.tmpl
+new file mode 100644
+index 0000000..115d9b6
+--- /dev/null
++++ b/meta/recipes-support/initramfs-config/files/postrm.tmpl
+@@ -0,0 +1,41 @@
++#!/bin/sh
++# postrm script for initramfs-config
++#
++# see: dh_installdeb(1)
++
++set -e
++
++case "$1" in
++ purge|remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
++ # back to the debian defaults
++ INITRAMFS_CONF=/etc/initramfs-tools/initramfs.conf
++ sed -i -E 's/(^MODULES=).*/\1most/' ${INITRAMFS_CONF}
++ sed -i -E 's/(^BUSYBOX=).*/\1auto/' ${INITRAMFS_CONF}
++ sed -i -E 's/(^COMPRESS=).*/\1gzip/' ${INITRAMFS_CONF}
++ sed -i -E 's/(^KEYMAP=).*/\1n/' ${INITRAMFS_CONF}
++ sed -i -E 's/(^DEVICE=).*/\1/' ${INITRAMFS_CONF}
++ sed -i -E 's/(^NFSROOT=).*/\1auto/' ${INITRAMFS_CONF}
++ sed -i -E 's/(^RUNSIZE=).*/\110%/' ${INITRAMFS_CONF}
++ sed -i -E 's/(^ROOT=).*//' ${INITRAMFS_CONF}
++
++ # remove the added modules
++ MODULES_LIST_FILE=/etc/initramfs-tools/modules
++ for modname in ${INITRAMFS_MODULE_LIST}; do
++ sed -i -E 's/$modname//'
++ done
++
++ update-initramfs -v -u
++ ;;
++
++ *)
++ echo "postrm called with unknown argument \`$1'" >&2
++ exit 1
++ ;;
++esac
++
++# dh_installdeb will replace this with shell code automatically
++# generated by other debhelper scripts.
++
++#DEBHELPER#
++
++exit 0
+diff --git a/meta/recipes-support/initramfs-config/initramfs-config.inc b/meta/recipes-support/initramfs-config/initramfs-config.inc
+new file mode 100644
+index 0000000..16049a9
+--- /dev/null
++++ b/meta/recipes-support/initramfs-config/initramfs-config.inc
+@@ -0,0 +1,32 @@
++# This software is a part of ISAR.
++# Copyright (C) 2020 Siemens AG
++#
++# SPDX-License-Identifier: MIT
++inherit dpkg-raw
++inherit template
++DESCRIPTION = "Recipe to set the initramfs configuration and generate a new ramfs"
++
++FILESEXTRAPATHS_prepend := "${FILE_DIRNAME}/files:"
++
++SRC_URI = "file://postinst.tmpl \
++ file://postrm.tmpl \
++ file://control.tmpl \
++ "
++
++INITRAMFS_MODULES ?= "most"
++INITRAMFS_BUSYBOX ?= "auto"
++INITRAMFS_COMPRESS ?= "gzip"
++INITRAMFS_KEYMAP ?= "n"
++INITRAMFS_NET_DEVICE ?= ""
++INITRAMFS_NFSROOT ?= "auto"
++INITRAMFS_RUNSIZE ?= "10%"
++INITRAMFS_ROOT ?= ""
++INITRAMFS_MODULE_LIST ?= ""
++CREATE_NEW_INITRAMFS ?= "n"
++KERNEL_PACKAGE = "${@ ("linux-image-" + d.getVar("KERNEL_NAME", True)) if d.getVar("KERNEL_NAME", True) else ""}"
++DEBIAN_DEPENDS += ", ${KERNEL_PACKAGE}"
++TEMPLATE_FILES = "postinst.tmpl control.tmpl postrm.tmpl"
++TEMPLATE_VARS += "INITRAMFS_MODULES INITRAMFS_BUSYBOX INITRAMFS_COMPRESS \
++ INITRAMFS_KEYMAP INITRAMFS_NET_DEVICE INITRAMFS_NFSROOT \
++ INITRAMFS_RUNSIZE INITRAMFS_ROOT INITRAMFS_MODULE_LIST \
++ CREATE_NEW_INITRAMFS DEBIAN_DEPENDS PN"
+--
+2.20.1
+
diff --git a/kas-cip.yml b/kas-cip.yml
index f4edd0f..66a58f1 100644
--- a/kas-cip.yml
+++ b/kas-cip.yml
@@ -27,6 +27,9 @@ repos:
01-libubootenv:
path: isar-patches/0001-u-boot-add-libubootenv.patch
repo: cip-core
+ 02-initramfs:
+ path: isar-patches/v7-0001-meta-support-Generate-a-custom-initramfs.patch
+ repo: cip-core

bblayers_conf_header:
standard: |
--
2.20.1


[isar-cip-core][PATCH v4 1/6] linux-cip: Update revision of kernel config

Quirin Gylstorff
 

From: Quirin Gylstorff <quirin.gylstorff@siemens.com>

Update the kernel configuration to the lasted version to
avoid a qemu runtime error.

Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
---
recipes-kernel/linux/linux-cip-common.inc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/recipes-kernel/linux/linux-cip-common.inc b/recipes-kernel/linux/linux-cip-common.inc
index d45a3b0..0c76835 100644
--- a/recipes-kernel/linux/linux-cip-common.inc
+++ b/recipes-kernel/linux/linux-cip-common.inc
@@ -26,4 +26,4 @@ SRC_URI += " \
SRC_URI_append = " ${@conditional("USE_CIP_KERNEL_CONFIG", "1", \
"git://gitlab.com/cip-project/cip-kernel/cip-kernel-config.git;protocol=https;destsuffix=cip-kernel-config;name=cip-kernel-config", \
"file://${KERNEL_DEFCONFIG}",d)}"
-SRCREV_cip-kernel-config ?= "db2085219b5f28ed7c3e0fbdf93b7867947958a8"
+SRCREV_cip-kernel-config ?= "ca24d965adf77730caf1cd32bdfcffd69e369502"
--
2.20.1


[isar-cip-core][PATCH v4 0/6] secureboot with efibootguard

Quirin Gylstorff
 

From: Quirin Gylstorff <quirin.gylstorff@siemens.com>

This patchset adds secureboot with efibootguard to cip-core.

The image build signs the efibootguard bootloader (bootx64.efi) and generates
a signed [unified kernel image](https://systemd.io/BOOT_LOADER_SPECIFICATION/).
A unified kernel image packs the kernel, initramfs and the kernel command-line
in one binary object. As the kernel command-line is immutable after the build
process, the previous selection of the root file system with a command-line parameter is no longer
possible. Therefore the selection of the root file-system occurs now in the initramfs.

The image uses an A/B partition layout to update the root file system. The sample implementation to
select the root file system generates a uuid and stores the id in /etc/os-release and in the initramfs.
During boot the initramfs compares its own uuid with the uuid stored in /etc/os-release of each rootfs.
If a match is found the rootfs is used for the boot.

Changes V2:

- rebase to [1]
- removed luahandler patch as it now part of [1]
- add handling for sw-description

Changes V3:

- rewrite the image id creation to ensure a new uuid is generated if a new package is
added or another change of the rootfs
- add readme section how to execute/test the software update mechnism
- adapt to version v3 of [1]
- update the patch
- add wks file for efibootguard and swupdate

[1]: a/b rootfsupdate with software update

Changes V4:

- rebase onto next 619edb509bd287277749580cbc842e57d5044756
- fix indent of ./start-qemu.sh
- whitespace fixes
- update libubootenv patch to v2
- update revision of cip-kernel-config to ca24d965adf77730caf1cd32bdfcffd69e369502
to boot secureboot with qemu
- swupdate swdescription for non-secure-boot images

Quirin Gylstorff (6):
linux-cip: Update revision of kernel config
isar-patch: Add initramfs-config patch
secure-boot: select boot partition in initramfs
secure-boot: Add secure boot with unified kernel image
secure-boot: Add Debian snakeoil keys for ease-of-use
doc: Add README for secureboot

classes/image_uuid.bbclass | 33 +++
conf/distro/debian-buster-backports.list | 1 +
conf/distro/preferences.ovmf-snakeoil.conf | 3 +
doc/README.secureboot.md | 229 ++++++++++++++++++
.../0001-u-boot-add-libubootenv.patch | 161 ++++++------
...-support-Generate-a-custom-initramfs.patch | 207 ++++++++++++++++
kas-cip.yml | 3 +
kas/opt/ebg-secure-boot-base.yml | 18 ++
kas/opt/ebg-secure-boot-snakeoil.yml | 28 +++
kas/opt/ebg-swu.yml | 4 +-
recipes-core/images/cip-core-image.bb | 12 +-
.../files/secure-boot/sw-description.tmpl | 29 +++
recipes-core/images/files/sw-description.tmpl | 19 +-
recipes-core/images/secureboot.inc | 21 ++
recipes-core/images/swupdate.inc | 21 ++
.../ebg-secure-boot-secrets_0.1.bb | 51 ++++
.../ebg-secure-boot-secrets/files/README.md | 1 +
.../files/control.tmpl | 12 +
.../files/sign_secure_image.sh.tmpl | 22 ++
.../ebg-secure-boot-snakeoil_0.1.bb | 34 +++
.../files/control.tmpl | 12 +
.../files/sign_secure_image.sh | 36 +++
.../ovmf-binaries/files/control.tmpl | 11 +
.../ovmf-binaries/ovmf-binaries_0.1.bb | 30 +++
recipes-kernel/linux/linux-cip-common.inc | 2 +-
.../files/initramfs.image_uuid.hook | 33 +++
.../files/initramfs.lsblk.hook | 29 +++
.../initramfs-config/files/postinst.ext | 3 +
.../files/secure-boot-debian-local-patch | 79 ++++++
.../initramfs-abrootfs-secureboot_0.1.bb | 38 +++
...enerate-sb-db-from-existing-certificate.sh | 16 ++
scripts/generate_secure_boot_keys.sh | 51 ++++
.../wic/plugins/source/efibootguard-boot.py | 87 ++++++-
.../wic/plugins/source/efibootguard-efi.py | 40 ++-
scripts/start-efishell.sh | 12 +
start-qemu.sh | 59 +++--
wic/ebg-signed-bootloader.inc | 2 +
wic/qemu-amd64-efibootguard-secureboot.wks | 9 +
wic/qemu-amd64-efibootguard.wks | 1 -
39 files changed, 1330 insertions(+), 129 deletions(-)
create mode 100644 classes/image_uuid.bbclass
create mode 100644 conf/distro/debian-buster-backports.list
create mode 100644 conf/distro/preferences.ovmf-snakeoil.conf
create mode 100644 doc/README.secureboot.md
create mode 100644 isar-patches/v7-0001-meta-support-Generate-a-custom-initramfs.patch
create mode 100644 kas/opt/ebg-secure-boot-base.yml
create mode 100644 kas/opt/ebg-secure-boot-snakeoil.yml
create mode 100644 recipes-core/images/files/secure-boot/sw-description.tmpl
create mode 100644 recipes-core/images/secureboot.inc
create mode 100644 recipes-core/images/swupdate.inc
create mode 100644 recipes-devtools/ebg-secure-boot-secrets/ebg-secure-boot-secrets_0.1.bb
create mode 100644 recipes-devtools/ebg-secure-boot-secrets/files/README.md
create mode 100644 recipes-devtools/ebg-secure-boot-secrets/files/control.tmpl
create mode 100644 recipes-devtools/ebg-secure-boot-secrets/files/sign_secure_image.sh.tmpl
create mode 100644 recipes-devtools/ebg-secure-boot-snakeoil/ebg-secure-boot-snakeoil_0.1.bb
create mode 100644 recipes-devtools/ebg-secure-boot-snakeoil/files/control.tmpl
create mode 100644 recipes-devtools/ebg-secure-boot-snakeoil/files/sign_secure_image.sh
create mode 100644 recipes-devtools/ovmf-binaries/files/control.tmpl
create mode 100644 recipes-devtools/ovmf-binaries/ovmf-binaries_0.1.bb
create mode 100644 recipes-support/initramfs-config/files/initramfs.image_uuid.hook
create mode 100644 recipes-support/initramfs-config/files/initramfs.lsblk.hook
create mode 100644 recipes-support/initramfs-config/files/postinst.ext
create mode 100644 recipes-support/initramfs-config/files/secure-boot-debian-local-patch
create mode 100644 recipes-support/initramfs-config/initramfs-abrootfs-secureboot_0.1.bb
create mode 100755 scripts/generate-sb-db-from-existing-certificate.sh
create mode 100755 scripts/generate_secure_boot_keys.sh
create mode 100755 scripts/start-efishell.sh
create mode 100644 wic/ebg-signed-bootloader.inc
create mode 100644 wic/qemu-amd64-efibootguard-secureboot.wks

--
2.20.1


Re: [cip-kernel-config ][ RFC 1/1] 4.19.y-cip/cip_bbb_defconfig: Add config switches from isar-cip-core

Quirin Gylstorff
 

On 8/21/20 1:34 AM, Nobuhiro Iwamatsu wrote:
Hi,

-----Original Message-----
From: cip-dev@lists.cip-project.org [mailto:cip-dev@lists.cip-project.org] On Behalf Of Quirin Gylstorff
Sent: Monday, August 17, 2020 6:29 PM
To: sangorrin daniel(サンゴリン ダニエル □SWC◯ACT) <daniel.sangorrin@toshiba.co.jp>;
cip-dev@lists.cip-project.org; jan.kiszka@siemens.com
Cc: Quirin Gylstorff <quirin.gylstorff@siemens.com>
Subject: [cip-dev] [cip-kernel-config ][ RFC 1/1] 4.19.y-cip/cip_bbb_defconfig: Add config switches from isar-cip-core

From: Quirin Gylstorff <quirin.gylstorff@siemens.com>

Add the config switches which exist only in isar-cip-core
to the defconfig in cip-kernel-config for the beagle bone black.
Thanks for your patch.
The cip_bbb_defconfig created by me had minimal functionality enabled. I didn't know that Siemens didn't include the required features.
So I think this patch is necessary.
However, we think that it is difficult to do it with one defconfig when testing the necessary functions as CIP in the future.
Therefore, it may be necessary to prepare defconfig for each required function in the future.
By the way, is this only 4.19? Do I need to change RT or 4.4.y?
This patch is only for 4.19. I can prepare a v2 which includes v4.4. As posted it was intented to show the current difference between the bbb
config in isar-cip-core and cip-kernel-config.

Best regards,
Quirin
Best regards,
Nobuhiro

Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
---
4.19.y-cip/arm/cip_bbb_defconfig | 339 +++++++++++++++++++++++++++++++
1 file changed, 339 insertions(+)

diff --git a/4.19.y-cip/arm/cip_bbb_defconfig b/4.19.y-cip/arm/cip_bbb_defconfig
index 3e22365..445cdee 100644
--- a/4.19.y-cip/arm/cip_bbb_defconfig
+++ b/4.19.y-cip/arm/cip_bbb_defconfig
@@ -1,6 +1,9 @@
# CONFIG_LOCALVERSION_AUTO is not set
+CONFIG_KERNEL_LZMA=y
CONFIG_SYSVIPC=y
CONFIG_POSIX_MQUEUE=y
+CONFIG_FHANDLE=y
+CONFIG_AUDIT=y
CONFIG_NO_HZ=y
CONFIG_HIGH_RES_TIMERS=y
CONFIG_PREEMPT=y
@@ -8,6 +11,7 @@ CONFIG_BSD_PROCESS_ACCT=y
CONFIG_BSD_PROCESS_ACCT_V3=y
CONFIG_IKCONFIG=y
CONFIG_IKCONFIG_PROC=y
+CONFIG_LOG_BUF_SHIFT=16
CONFIG_CGROUPS=y
CONFIG_MEMCG=y
CONFIG_MEMCG_SWAP=y
@@ -17,24 +21,67 @@ CONFIG_RT_GROUP_SCHED=y
CONFIG_CGROUP_PIDS=y
CONFIG_CGROUP_FREEZER=y
CONFIG_CGROUP_DEVICE=y
+CONFIG_CPUSETS=y
CONFIG_CGROUP_CPUACCT=y
+CONFIG_MEMCG=y
+CONFIG_MEMCG_SWAP=y
+CONFIG_MEMCG_KMEM=y
CONFIG_CGROUP_PERF=y
CONFIG_CGROUP_DEBUG=y
CONFIG_USER_NS=y
+CONFIG_CGROUP_SCHED=y
+CONFIG_CFS_BANDWIDTH=y
+CONFIG_RT_GROUP_SCHED=y
+CONFIG_BLK_CGROUP=y
+CONFIG_NAMESPACES=y
CONFIG_BLK_DEV_INITRD=y
CONFIG_CC_OPTIMIZE_FOR_SIZE=y
CONFIG_BPF_SYSCALL=y
+CONFIG_EXPERT=y
+CONFIG_SLAB=y
CONFIG_PROFILING=y
CONFIG_ARCH_VIRT=y
+CONFIG_OPROFILE=y
+CONFIG_KPROBES=y
+CONFIG_MODULES=y
+CONFIG_MODULE_FORCE_LOAD=y
+CONFIG_MODULE_UNLOAD=y
+CONFIG_MODULE_FORCE_UNLOAD=y
+CONFIG_MODVERSIONS=y
+CONFIG_MODULE_SRCVERSION_ALL=y
+# CONFIG_BLK_DEV_BSG is not set
+CONFIG_PARTITION_ADVANCED=y
+CONFIG_POWER_AVS_OMAP=y
+CONFIG_POWER_AVS_OMAP_CLASS3=y
CONFIG_OMAP_RESET_CLOCKS=y
CONFIG_ARCH_OMAP3=y
+CONFIG_OMAP_MUX_DEBUG=y
CONFIG_SOC_AM33XX=y
CONFIG_ARM_THUMBEE=y
CONFIG_OABI_COMPAT=y
+CONFIG_ARM_ERRATA_411920=y
+CONFIG_ARM_ERRATA_430973=y
+CONFIG_SMP=y
+CONFIG_NR_CPUS=2
+CONFIG_CMA=y
+CONFIG_SECCOMP=y
+CONFIG_ZBOOT_ROM_TEXT=0x0
+CONFIG_ZBOOT_ROM_BSS=0x0
CONFIG_ARM_APPENDED_DTB=y
CONFIG_ARM_ATAG_DTB_COMPAT=y
+CONFIG_CMDLINE=""
+CONFIG_KEXEC=y
+CONFIG_CPU_FREQ=y
+CONFIG_CPU_FREQ_STAT_DETAILS=y
+CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND=y
+CONFIG_CPU_FREQ_GOV_POWERSAVE=y
+CONFIG_CPU_FREQ_GOV_USERSPACE=y
+CONFIG_CPU_FREQ_GOV_CONSERVATIVE=y
+CONFIG_CPUFREQ_DT=y
+# CONFIG_ARM_OMAP2PLUS_CPUFREQ is not set
CONFIG_CPU_IDLE=y
CONFIG_CPU_IDLE_GOV_LADDER=y
+CONFIG_BINFMT_MISC=y
CONFIG_PM_DEBUG=y
CONFIG_OPROFILE=y
CONFIG_KPROBES=y
@@ -48,6 +95,8 @@ CONFIG_UNIX=y
CONFIG_XFRM_USER=m
CONFIG_XFRM_SUB_POLICY=y
CONFIG_NET_KEY=m
+CONFIG_XFRM_USER=y
+CONFIG_NET_KEY=y
CONFIG_NET_KEY_MIGRATE=y
CONFIG_INET=y
CONFIG_IP_MULTICAST=y
@@ -74,6 +123,7 @@ CONFIG_INET6_AH=y
CONFIG_INET6_ESP=y
CONFIG_INET6_IPCOMP=m
CONFIG_IPV6_TUNNEL=m
+# CONFIG_INET_LRO is not set
CONFIG_NETFILTER=y
CONFIG_NF_CONNTRACK=m
CONFIG_NF_CONNTRACK_AMANDA=m
@@ -196,40 +246,108 @@ CONFIG_NET_PKTGEN=m
CONFIG_CFG80211=y
CONFIG_MAC80211=y
CONFIG_RFKILL=y
+CONFIG_PHONET=m
+CONFIG_CAN=m
+CONFIG_CAN_C_CAN=m
+CONFIG_CAN_C_CAN_PLATFORM=m
+CONFIG_BT=m
+CONFIG_BT_RFCOMM=m
+CONFIG_BT_RFCOMM_TTY=y
+CONFIG_BT_BNEP=m
+CONFIG_BT_BNEP_MC_FILTER=y
+CONFIG_BT_BNEP_PROTO_FILTER=y
+CONFIG_BT_HIDP=m
+CONFIG_BT_HCIBTUSB=m
+CONFIG_BT_HCIBTSDIO=m
+CONFIG_BT_HCIUART=m
+CONFIG_BT_HCIUART_H4=y
+CONFIG_BT_HCIUART_BCSP=y
+CONFIG_BT_HCIUART_LL=y
+CONFIG_BT_HCIUART_3WIRE=y
+CONFIG_BT_HCIBCM203X=m
+CONFIG_BT_HCIBPA10X=m
+CONFIG_CFG80211=m
+CONFIG_BT_HCIBFUSB=m
+CONFIG_BT_HCIVHCI=m
+CONFIG_BT_MRVL=m
+CONFIG_BT_MRVL_SDIO=m
+CONFIG_AF_RXRPC=m
+CONFIG_RXKAD=m
+CONFIG_MAC80211=m
CONFIG_DEVTMPFS=y
CONFIG_DEVTMPFS_MOUNT=y
CONFIG_DMA_CMA=y
CONFIG_OMAP_OCP2SCP=y
+CONFIG_CONNECTOR=m
CONFIG_MTD=y
CONFIG_MTD_CMDLINE_PARTS=y
CONFIG_MTD_BLOCK=y
CONFIG_MTD_OOPS=y
CONFIG_MTD_CFI=y
CONFIG_MTD_CFI_INTELEXT=y
+CONFIG_MTD_PHYSMAP=y
+CONFIG_MTD_PHYSMAP_OF=y
CONFIG_MTD_NAND=y
+CONFIG_MTD_NAND_ECC_BCH=y
CONFIG_MTD_NAND_OMAP2=y
CONFIG_MTD_NAND_OMAP_BCH=y
+CONFIG_MTD_ONENAND=y
+CONFIG_MTD_ONENAND_VERIFY_WRITE=y
+CONFIG_MTD_ONENAND_OMAP2=y
CONFIG_MTD_UBI=y
CONFIG_OF_OVERLAY=y
CONFIG_BLK_DEV_LOOP=m
CONFIG_BLK_DEV_CRYPTOLOOP=m
CONFIG_BLK_DEV_NBD=m
+CONFIG_MTD_SPI_NOR=m
+CONFIG_MTD_M25P80=m
+CONFIG_BLK_DEV_LOOP=y
CONFIG_BLK_DEV_RAM=y
CONFIG_VIRTIO_BLK=y
CONFIG_EEPROM_93CX6=y
CONFIG_SCSI=y
# CONFIG_SCSI_MQ_DEFAULT is not set
+CONFIG_BLK_DEV_RAM_SIZE=16384
+CONFIG_SENSORS_TSL2550=m
+CONFIG_BMP085_I2C=m
+CONFIG_SRAM=y
+CONFIG_SENSORS_LIS3_I2C=m
CONFIG_BLK_DEV_SD=y
CONFIG_SCSI_VIRTIO=y
+CONFIG_SCSI_SCAN_ASYNC=y
+CONFIG_ATA=y
+CONFIG_SATA_AHCI_PLATFORM=y
CONFIG_NETDEVICES=y
CONFIG_BONDING=m
CONFIG_DUMMY=m
CONFIG_NETCONSOLE=y
CONFIG_TUN=m
CONFIG_VIRTIO_NET=y
+# CONFIG_NET_VENDOR_ARC is not set
+# CONFIG_NET_CADENCE is not set
+# CONFIG_NET_VENDOR_BROADCOM is not set
+# CONFIG_NET_VENDOR_CIRRUS is not set
+CONFIG_DM9000=y
+# CONFIG_NET_VENDOR_FARADAY is not set
+# CONFIG_NET_VENDOR_HISILICON is not set
+# CONFIG_NET_VENDOR_INTEL is not set
+# CONFIG_NET_VENDOR_MARVELL is not set
+CONFIG_KS8851=y
+CONFIG_KS8851_MLL=y
+# CONFIG_NET_VENDOR_MICROCHIP is not set
+# CONFIG_NET_VENDOR_NATSEMI is not set
+# CONFIG_NET_VENDOR_QUALCOMM is not set
+# CONFIG_NET_VENDOR_SAMSUNG is not set
+# CONFIG_NET_VENDOR_SEEQ is not set
CONFIG_SMC91X=y
CONFIG_SMSC911X=y
+# CONFIG_NET_VENDOR_STMICRO is not set
+CONFIG_TI_DAVINCI_EMAC=y
CONFIG_TI_CPSW=y
+CONFIG_TI_CPTS=y
+# CONFIG_NET_VENDOR_VIA is not set
+# CONFIG_NET_VENDOR_WIZNET is not set
+CONFIG_AT803X_PHY=y
CONFIG_SMSC_PHY=y
CONFIG_PPP=m
CONFIG_PPP_BSDCOMP=m
@@ -257,16 +375,49 @@ CONFIG_USB_NET_MCS7830=m
CONFIG_USB_NET_RNDIS_HOST=m
CONFIG_USB_ALI_M5632=y
CONFIG_USB_AN2720=y
+CONFIG_USB_EPSON2888=y
+CONFIG_USB_EHCI_HCD=m
+CONFIG_USB_OHCI_HCD=m
CONFIG_USB_KC2190=y
CONFIG_INPUT_FF_MEMLESS=y
CONFIG_INPUT_EVDEV=y
CONFIG_KEYBOARD_GPIO=y
+CONFIG_USB_CDC_PHONET=m
+CONFIG_LIBERTAS=m
+CONFIG_LIBERTAS_USB=m
+CONFIG_LIBERTAS_SDIO=m
+CONFIG_LIBERTAS_DEBUG=y
+CONFIG_WL_TI=y
+CONFIG_WL12XX=m
+CONFIG_WL18XX=m
+CONFIG_WLCORE_SPI=m
+CONFIG_WLCORE_SDIO=m
+CONFIG_MWIFIEX=m
+CONFIG_MWIFIEX_SDIO=m
+CONFIG_MWIFIEX_USB=m
+CONFIG_INPUT_JOYDEV=m
+CONFIG_INPUT_EVDEV=m
+CONFIG_KEYBOARD_ATKBD=m
+CONFIG_KEYBOARD_GPIO=m
CONFIG_KEYBOARD_MATRIX=m
CONFIG_KEYBOARD_TWL4030=y
+CONFIG_KEYBOARD_OMAP4=m
+CONFIG_KEYBOARD_TWL4030=m
+# CONFIG_INPUT_MOUSE is not set
CONFIG_INPUT_TOUCHSCREEN=y
CONFIG_TOUCHSCREEN_ADS7846=y
+CONFIG_TOUCHSCREEN_ADS7846=m
+CONFIG_TOUCHSCREEN_EDT_FT5X06=m
+CONFIG_TOUCHSCREEN_PIXCIR=m
+CONFIG_TOUCHSCREEN_TSC2005=m
+CONFIG_TOUCHSCREEN_TSC2007=m
+CONFIG_TOUCHSCREEN_TI_AM335X_TSC=m
CONFIG_INPUT_MISC=y
CONFIG_INPUT_TWL4030_PWRBUTTON=y
+CONFIG_INPUT_TPS65218_PWRBUTTON=m
+CONFIG_INPUT_TWL4030_PWRBUTTON=m
+CONFIG_INPUT_PALMAS_PWRBUTTON=m
+CONFIG_SERIO=m
# CONFIG_LEGACY_PTYS is not set
CONFIG_SERIAL_8250=y
CONFIG_SERIAL_8250_CONSOLE=y
@@ -276,30 +427,79 @@ CONFIG_SERIAL_AMBA_PL011_CONSOLE=y
CONFIG_VIRTIO_CONSOLE=y
CONFIG_HW_RANDOM=y
CONFIG_HW_RANDOM_VIRTIO=y
+CONFIG_SERIAL_8250_NR_UARTS=32
+CONFIG_SERIAL_8250_RUNTIME_UARTS=6
+CONFIG_SERIAL_8250_EXTENDED=y
+CONFIG_SERIAL_8250_MANY_PORTS=y
+CONFIG_SERIAL_8250_SHARE_IRQ=y
+CONFIG_SERIAL_8250_DETECT_IRQ=y
+CONFIG_SERIAL_8250_RSA=y
+CONFIG_SERIAL_OF_PLATFORM=y
+CONFIG_SERIAL_OMAP=y
+CONFIG_SERIAL_OMAP_CONSOLE=y
CONFIG_I2C_CHARDEV=y
CONFIG_SPI=y
CONFIG_SPI_OMAP24XX=y
CONFIG_SPI_PL022=y
+CONFIG_SPI_TI_QSPI=m
+CONFIG_HSI=m
+CONFIG_OMAP_SSI=m
+CONFIG_NOKIA_MODEM=m
+CONFIG_SSI_PROTOCOL=m
CONFIG_PINCTRL_SINGLE=y
+CONFIG_DEBUG_GPIO=y
CONFIG_GPIO_SYSFS=y
+CONFIG_GPIO_PCA953X=m
CONFIG_GPIO_PCF857X=y
CONFIG_GPIO_TWL4030=y
CONFIG_POWER_SUPPLY=y
+CONFIG_GPIO_PALMAS=y
+CONFIG_W1=m
+CONFIG_HDQ_MASTER_OMAP=m
+CONFIG_BATTERY_BQ27XXX=m
+CONFIG_CHARGER_ISP1704=m
+CONFIG_CHARGER_TWL4030=m
+CONFIG_CHARGER_BQ2415X=m
+CONFIG_CHARGER_BQ24190=m
+CONFIG_CHARGER_BQ24735=m
+CONFIG_POWER_RESET=y
+CONFIG_POWER_AVS=y
+CONFIG_HWMON=m
+CONFIG_SENSORS_GPIO_FAN=m
+CONFIG_SENSORS_LM75=m
+CONFIG_SENSORS_TMP102=m
+CONFIG_THERMAL=m
+CONFIG_THERMAL_GOV_FAIR_SHARE=y
+CONFIG_THERMAL_GOV_USER_SPACE=y
+CONFIG_CPU_THERMAL=y
+CONFIG_TI_SOC_THERMAL=m
+CONFIG_TI_THERMAL=y
+CONFIG_OMAP4_THERMAL=y
+CONFIG_OMAP5_THERMAL=y
+CONFIG_DRA752_THERMAL=y
CONFIG_WATCHDOG=y
CONFIG_WATCHDOG_NOWAYOUT=y
CONFIG_SOFT_WATCHDOG=m
CONFIG_ARM_SP805_WATCHDOG=y
CONFIG_OMAP_WATCHDOG=y
CONFIG_TWL4030_WATCHDOG=y
+CONFIG_OMAP_WATCHDOG=m
+CONFIG_TWL4030_WATCHDOG=m
CONFIG_MFD_PALMAS=y
CONFIG_MFD_TPS65217=y
+CONFIG_MFD_TPS65218=y
CONFIG_MFD_TPS65910=y
CONFIG_MFD_TWL4030_AUDIO=y
+CONFIG_MFD_TI_AM335X_TSCADC=m
CONFIG_TWL6040_CORE=y
CONFIG_REGULATOR_PALMAS=y
+CONFIG_REGULATOR_PBIAS=y
+CONFIG_REGULATOR_TI_ABB=y
+CONFIG_REGULATOR_TPS62360=m
CONFIG_REGULATOR_TPS65023=y
CONFIG_REGULATOR_TPS6507X=y
CONFIG_REGULATOR_TPS65217=y
+CONFIG_REGULATOR_TPS65218=y
CONFIG_REGULATOR_TPS65910=y
CONFIG_REGULATOR_TWL4030=y
CONFIG_DRM=y
@@ -308,15 +508,55 @@ CONFIG_DRM_OMAP=y
CONFIG_OMAP2_DSS_DSI=y
CONFIG_DRM_TILCDC=y
CONFIG_DRM_VIRTIO_GPU=y
+CONFIG_FB=y
+CONFIG_FIRMWARE_EDID=y
CONFIG_FB_MODE_HELPERS=y
CONFIG_FB_TILEBLITTING=y
+CONFIG_OMAP2_DSS=m
+CONFIG_OMAP5_DSS_HDMI=y
+CONFIG_OMAP2_DSS_SDI=y
+CONFIG_OMAP2_DSS_DSI=y
+CONFIG_FB_OMAP2=m
+CONFIG_DISPLAY_ENCODER_TFP410=m
+CONFIG_DISPLAY_ENCODER_TPD12S015=m
+CONFIG_DISPLAY_CONNECTOR_DVI=m
+CONFIG_DISPLAY_CONNECTOR_HDMI=m
+CONFIG_DISPLAY_CONNECTOR_ANALOG_TV=m
+CONFIG_DISPLAY_PANEL_DPI=m
+CONFIG_DISPLAY_PANEL_DSI_CM=m
+CONFIG_DISPLAY_PANEL_SONY_ACX565AKM=m
+CONFIG_DISPLAY_PANEL_LGPHILIPS_LB035Q02=m
+CONFIG_DISPLAY_PANEL_SHARP_LS037V7DW01=m
+CONFIG_DISPLAY_PANEL_TPO_TD028TTEC1=m
+CONFIG_DISPLAY_PANEL_TPO_TD043MTEA1=m
+CONFIG_DISPLAY_PANEL_NEC_NL8048HL11=m
+CONFIG_BACKLIGHT_LCD_SUPPORT=y
CONFIG_LCD_CLASS_DEVICE=y
CONFIG_LCD_PLATFORM=y
+CONFIG_BACKLIGHT_CLASS_DEVICE=y
+CONFIG_BACKLIGHT_GENERIC=m
+CONFIG_BACKLIGHT_PWM=m
+CONFIG_BACKLIGHT_PANDORA=m
+CONFIG_BACKLIGHT_GPIO=m
+CONFIG_FRAMEBUFFER_CONSOLE=y
+CONFIG_FRAMEBUFFER_CONSOLE_DETECT_PRIMARY=y
CONFIG_FRAMEBUFFER_CONSOLE_ROTATION=y
CONFIG_LOGO=y
CONFIG_SOUND=m
CONFIG_SND=m
+CONFIG_SND_MIXER_OSS=m
+CONFIG_SND_PCM_OSS=m
+CONFIG_SND_VERBOSE_PRINTK=y
+CONFIG_SND_DEBUG=y
+CONFIG_SND_USB_AUDIO=m
CONFIG_SND_SOC=m
+CONFIG_SND_EDMA_SOC=m
+CONFIG_SND_AM33XX_SOC_EVM=m
+CONFIG_SND_DAVINCI_SOC_MCASP=m
+CONFIG_SND_OMAP_SOC=m
+CONFIG_SND_OMAP_SOC_OMAP_TWL4030=m
+CONFIG_SND_OMAP_SOC_OMAP_ABE_TWL6040=m
+CONFIG_SND_OMAP_SOC_OMAP3_PANDORA=m
CONFIG_SND_SIMPLE_CARD=m
CONFIG_USB=y
CONFIG_USB_EHCI_HCD=y
@@ -324,22 +564,79 @@ CONFIG_USB_STORAGE=y
CONFIG_USB_MUSB_HDRC=y
CONFIG_USB_MUSB_OMAP2PLUS=y
CONFIG_USB_MUSB_DSPS=y
+CONFIG_SND_SOC_TLV320AIC3X=m
+CONFIG_HID_GENERIC=m
+CONFIG_USB_HIDDEV=y
+CONFIG_USB_KBD=m
+CONFIG_USB_MOUSE=m
+CONFIG_USB=m
+CONFIG_USB_ANNOUNCE_NEW_DEVICES=y
+CONFIG_USB_MON=m
+CONFIG_USB_XHCI_HCD=m
+CONFIG_USB_WDM=m
+CONFIG_USB_STORAGE=m
+CONFIG_USB_MUSB_HDRC=m
+CONFIG_USB_MUSB_OMAP2PLUS=m
+CONFIG_USB_MUSB_AM35X=m
+CONFIG_USB_MUSB_DSPS=m
+CONFIG_USB_INVENTRA_DMA=y
CONFIG_USB_TI_CPPI41_DMA=y
CONFIG_NOP_USB_XCEIV=y
+CONFIG_USB_DWC3=m
+CONFIG_USB_TEST=m
CONFIG_AM335X_PHY_USB=y
CONFIG_USB_GADGET=y
CONFIG_USB_G_NCM=m
CONFIG_USB_MASS_STORAGE=m
+CONFIG_USB_GADGET=m
+CONFIG_USB_GADGET_DEBUG=y
+CONFIG_USB_GADGET_DEBUG_FILES=y
+CONFIG_USB_GADGET_DEBUG_FS=y
+CONFIG_USB_CONFIGFS=m
+CONFIG_USB_CONFIGFS_SERIAL=y
+CONFIG_USB_CONFIGFS_ACM=y
+CONFIG_USB_CONFIGFS_OBEX=y
+CONFIG_USB_CONFIGFS_NCM=y
+CONFIG_USB_CONFIGFS_ECM=y
+CONFIG_USB_CONFIGFS_ECM_SUBSET=y
+CONFIG_USB_CONFIGFS_RNDIS=y
+CONFIG_USB_CONFIGFS_EEM=y
+CONFIG_USB_CONFIGFS_PHONET=y
+CONFIG_USB_CONFIGFS_MASS_STORAGE=y
+CONFIG_USB_CONFIGFS_F_LB_SS=y
+CONFIG_USB_CONFIGFS_F_FS=y
+CONFIG_USB_CONFIGFS_F_UAC1=y
+CONFIG_USB_CONFIGFS_F_UAC2=y
+CONFIG_USB_CONFIGFS_F_MIDI=y
+CONFIG_USB_CONFIGFS_F_HID=y
+CONFIG_USB_ZERO=m
+CONFIG_USB_G_NOKIA=m
CONFIG_MMC=y
CONFIG_SDIO_UART=y
CONFIG_MMC_OMAP=y
CONFIG_MMC_OMAP_HS=y
CONFIG_NEW_LEDS=y
+CONFIG_LEDS_CLASS=m
+CONFIG_LEDS_GPIO=m
+CONFIG_LEDS_PWM=m
+CONFIG_LEDS_TRIGGERS=y
+CONFIG_LEDS_TRIGGER_TIMER=m
+CONFIG_LEDS_TRIGGER_ONESHOT=m
+CONFIG_LEDS_TRIGGER_HEARTBEAT=m
+CONFIG_LEDS_TRIGGER_BACKLIGHT=m
+CONFIG_LEDS_TRIGGER_CPU=y
+CONFIG_LEDS_TRIGGER_GPIO=m
+CONFIG_LEDS_TRIGGER_DEFAULT_ON=m
CONFIG_RTC_CLASS=y
CONFIG_RTC_DRV_TWL4030=y
CONFIG_RTC_DRV_PALMAS=y
CONFIG_RTC_DRV_OMAP=y
CONFIG_RTC_DRV_PL031=y
+CONFIG_RTC_DRV_DS1307=m
+CONFIG_RTC_DRV_PALMAS=m
+CONFIG_RTC_DRV_TWL92330=y
+CONFIG_RTC_DRV_TWL4030=m
+CONFIG_RTC_DRV_OMAP=m
CONFIG_DMADEVICES=y
CONFIG_PL330_DMA=y
CONFIG_VIRTIO_BALLOON=y
@@ -348,6 +645,27 @@ CONFIG_VIRTIO_MMIO=y
CONFIG_ARM_TIMER_SP804=y
CONFIG_EXTCON_PALMAS=y
CONFIG_OMAP_USB2=y
+CONFIG_TI_EDMA=y
+CONFIG_DMA_OMAP=y
+# CONFIG_IOMMU_SUPPORT is not set
+CONFIG_EXTCON=m
+CONFIG_EXTCON_USB_GPIO=m
+CONFIG_EXTCON_PALMAS=m
+CONFIG_TI_EMIF=m
+CONFIG_IIO=m
+CONFIG_TI_AM335X_ADC=m
+CONFIG_PWM=y
+CONFIG_PWM_TIECAP=m
+CONFIG_PWM_TIEHRPWM=m
+CONFIG_PWM_TWL=m
+CONFIG_PWM_TWL_LED=m
+CONFIG_PHY_DM816X_USB=m
+CONFIG_OMAP_USB2=m
+CONFIG_TI_PIPE3=y
+CONFIG_TWL4030_USB=m
+CONFIG_EXT2_FS=y
+CONFIG_EXT3_FS=y
+# CONFIG_EXT3_FS_XATTR is not set
CONFIG_EXT4_FS=y
CONFIG_EXT4_FS_POSIX_ACL=y
CONFIG_EXT4_FS_SECURITY=y
@@ -355,12 +673,20 @@ CONFIG_EXT4_ENCRYPTION=y
CONFIG_AUTOFS4_FS=y
CONFIG_FUSE_FS=m
CONFIG_CUSE=m
+CONFIG_FANOTIFY=y
+CONFIG_QUOTA=y
+CONFIG_QFMT_V2=y
+CONFIG_AUTOFS4_FS=m
CONFIG_MSDOS_FS=y
CONFIG_VFAT_FS=y
CONFIG_TMPFS=y
CONFIG_TMPFS_POSIX_ACL=y
CONFIG_ROMFS_FS=m
+CONFIG_CONFIGFS_FS=y
+CONFIG_UBIFS_FS=y
+CONFIG_CRAMFS=y
CONFIG_NFS_FS=y
+CONFIG_NFS_V3_ACL=y
CONFIG_NFS_V4=y
CONFIG_ROOT_NFS=y
CONFIG_CIFS=m
@@ -405,6 +731,13 @@ CONFIG_NLS_KOI8_R=m
CONFIG_NLS_KOI8_U=m
CONFIG_NLS_UTF8=m
CONFIG_ENCRYPTED_KEYS=y
+CONFIG_PRINTK_TIME=y
+CONFIG_DEBUG_INFO=y
+CONFIG_MAGIC_SYSRQ=y
+CONFIG_SCHEDSTATS=y
+CONFIG_TIMER_STATS=y
+CONFIG_PROVE_LOCKING=y
+# CONFIG_DEBUG_BUGVERBOSE is not set
CONFIG_SECURITY=y
CONFIG_CRYPTO_TEST=m
CONFIG_CRYPTO_XCBC=m
@@ -419,6 +752,12 @@ CONFIG_CRYPTO_KHAZAD=m
CONFIG_CRYPTO_SERPENT=m
CONFIG_CRYPTO_TEA=m
CONFIG_CRYPTO_TWOFISH=m
+CONFIG_CRYPTO_MICHAEL_MIC=y
+# CONFIG_CRYPTO_ANSI_CPRNG is not set
+CONFIG_CRC_CCITT=y
+CONFIG_CRC_T10DIF=y
+CONFIG_CRC_ITU_T=y
+CONFIG_CRC7=y
CONFIG_LIBCRC32C=y
CONFIG_FONTS=y
CONFIG_FONT_8x8=y
--
2.20.1
--
Quirin Gylstorff

Siemens AG
Corporate Technology
Research in Digitalization and Automation
Smart Embedded Systems
CT RDA IOT SES-DE
Otto-Hahn-Ring 6
81739 Muenchen, Germany
Mobile: +49 173 3746683
mailto:quirin.gylstorff@siemens.com
www.siemens.com/ingenuityforlife

Siemens Aktiengesellschaft: Chairman of the Supervisory Board: Jim Hagemann Snabe; Managing Board: Joe Kaeser, Chairman, President and Chief Executive Officer; Roland Busch, Lisa Davis, Klaus Helmrich, Cedrik Neike, Michael Sen, Ralf P. Thomas; Registered offices: Berlin and Munich, Germany; Commercial registries: Berlin Charlottenburg, HRB 12300, Munich, HRB 6684; WEEE-Reg.-No. DE 23691322

Important notice: This e-mail and any attachment thereof contain corporate proprietary information. If you have received it by mistake, please notify us immediately by reply e-mail and delete this e-mail and its attachments from your system. Thank you.


Re: [isar-cip-core][PATCH 2/2] ci: Add support for test image

Jan Kiszka
 

On 20.08.20 10:24, Nobuhiro Iwamatsu wrote:
Signed-off-by: Nobuhiro Iwamatsu <nobuhiro1.iwamatsu@toshiba.co.jp>
---
.gitlab-ci.yml | 32 ++++++++++++++++++++++++++++++++
1 file changed, 32 insertions(+)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index e23345f..802dbcd 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -68,3 +68,35 @@ build:qemu-amd64-base:
extention: security
use_rt: disable
targz: disable
+
+# test
+build:simatic-ipc227e-test:
+ extends:
+ - .build_base
+ variables:
+ target: simatic-ipc227e
+ extention: test
+
+build:bbb-test:
+ extends:
+ - .build_base
+ variables:
+ target: bbb
+ extention: test
+ dtb: am335x-boneblack.dtb
+
+build:iwg20m-test:
+ extends:
+ - .build_base
+ variables:
+ target: iwg20m
+ extention: test
+ dtb: r8a7743-iwg20d-q7-dbcm-ca.dtb
+
+build:hihope-rzg2m-test:
+ extends:
+ - .build_base
+ variables:
+ target: rzg2m
+ extention: test
+ dtb: renesas/r8a774a1-hihope-rzg2m-ex.dtb
Thanks, both applied to next.

Jan

--
Siemens AG, Corporate Technology, CT RDA IOT SES-DE
Corporate Competence Center Embedded Linux


Re: [cip-kernel-config ][ RFC 1/1] 4.19.y-cip/cip_bbb_defconfig: Add config switches from isar-cip-core

Nobuhiro Iwamatsu
 

Hi,

-----Original Message-----
From: cip-dev@lists.cip-project.org [mailto:cip-dev@lists.cip-project.org] On Behalf Of Quirin Gylstorff
Sent: Monday, August 17, 2020 6:29 PM
To: sangorrin daniel(サンゴリン ダニエル □SWC◯ACT) <daniel.sangorrin@toshiba.co.jp>;
cip-dev@lists.cip-project.org; jan.kiszka@siemens.com
Cc: Quirin Gylstorff <quirin.gylstorff@siemens.com>
Subject: [cip-dev] [cip-kernel-config ][ RFC 1/1] 4.19.y-cip/cip_bbb_defconfig: Add config switches from isar-cip-core

From: Quirin Gylstorff <quirin.gylstorff@siemens.com>

Add the config switches which exist only in isar-cip-core
to the defconfig in cip-kernel-config for the beagle bone black.
Thanks for your patch.
The cip_bbb_defconfig created by me had minimal functionality enabled. I didn't know that Siemens didn't include the required features.
So I think this patch is necessary.
However, we think that it is difficult to do it with one defconfig when testing the necessary functions as CIP in the future.
Therefore, it may be necessary to prepare defconfig for each required function in the future.

By the way, is this only 4.19? Do I need to change RT or 4.4.y?

Best regards,
Nobuhiro

Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
---
4.19.y-cip/arm/cip_bbb_defconfig | 339 +++++++++++++++++++++++++++++++
1 file changed, 339 insertions(+)

diff --git a/4.19.y-cip/arm/cip_bbb_defconfig b/4.19.y-cip/arm/cip_bbb_defconfig
index 3e22365..445cdee 100644
--- a/4.19.y-cip/arm/cip_bbb_defconfig
+++ b/4.19.y-cip/arm/cip_bbb_defconfig
@@ -1,6 +1,9 @@
# CONFIG_LOCALVERSION_AUTO is not set
+CONFIG_KERNEL_LZMA=y
CONFIG_SYSVIPC=y
CONFIG_POSIX_MQUEUE=y
+CONFIG_FHANDLE=y
+CONFIG_AUDIT=y
CONFIG_NO_HZ=y
CONFIG_HIGH_RES_TIMERS=y
CONFIG_PREEMPT=y
@@ -8,6 +11,7 @@ CONFIG_BSD_PROCESS_ACCT=y
CONFIG_BSD_PROCESS_ACCT_V3=y
CONFIG_IKCONFIG=y
CONFIG_IKCONFIG_PROC=y
+CONFIG_LOG_BUF_SHIFT=16
CONFIG_CGROUPS=y
CONFIG_MEMCG=y
CONFIG_MEMCG_SWAP=y
@@ -17,24 +21,67 @@ CONFIG_RT_GROUP_SCHED=y
CONFIG_CGROUP_PIDS=y
CONFIG_CGROUP_FREEZER=y
CONFIG_CGROUP_DEVICE=y
+CONFIG_CPUSETS=y
CONFIG_CGROUP_CPUACCT=y
+CONFIG_MEMCG=y
+CONFIG_MEMCG_SWAP=y
+CONFIG_MEMCG_KMEM=y
CONFIG_CGROUP_PERF=y
CONFIG_CGROUP_DEBUG=y
CONFIG_USER_NS=y
+CONFIG_CGROUP_SCHED=y
+CONFIG_CFS_BANDWIDTH=y
+CONFIG_RT_GROUP_SCHED=y
+CONFIG_BLK_CGROUP=y
+CONFIG_NAMESPACES=y
CONFIG_BLK_DEV_INITRD=y
CONFIG_CC_OPTIMIZE_FOR_SIZE=y
CONFIG_BPF_SYSCALL=y
+CONFIG_EXPERT=y
+CONFIG_SLAB=y
CONFIG_PROFILING=y
CONFIG_ARCH_VIRT=y
+CONFIG_OPROFILE=y
+CONFIG_KPROBES=y
+CONFIG_MODULES=y
+CONFIG_MODULE_FORCE_LOAD=y
+CONFIG_MODULE_UNLOAD=y
+CONFIG_MODULE_FORCE_UNLOAD=y
+CONFIG_MODVERSIONS=y
+CONFIG_MODULE_SRCVERSION_ALL=y
+# CONFIG_BLK_DEV_BSG is not set
+CONFIG_PARTITION_ADVANCED=y
+CONFIG_POWER_AVS_OMAP=y
+CONFIG_POWER_AVS_OMAP_CLASS3=y
CONFIG_OMAP_RESET_CLOCKS=y
CONFIG_ARCH_OMAP3=y
+CONFIG_OMAP_MUX_DEBUG=y
CONFIG_SOC_AM33XX=y
CONFIG_ARM_THUMBEE=y
CONFIG_OABI_COMPAT=y
+CONFIG_ARM_ERRATA_411920=y
+CONFIG_ARM_ERRATA_430973=y
+CONFIG_SMP=y
+CONFIG_NR_CPUS=2
+CONFIG_CMA=y
+CONFIG_SECCOMP=y
+CONFIG_ZBOOT_ROM_TEXT=0x0
+CONFIG_ZBOOT_ROM_BSS=0x0
CONFIG_ARM_APPENDED_DTB=y
CONFIG_ARM_ATAG_DTB_COMPAT=y
+CONFIG_CMDLINE=""
+CONFIG_KEXEC=y
+CONFIG_CPU_FREQ=y
+CONFIG_CPU_FREQ_STAT_DETAILS=y
+CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND=y
+CONFIG_CPU_FREQ_GOV_POWERSAVE=y
+CONFIG_CPU_FREQ_GOV_USERSPACE=y
+CONFIG_CPU_FREQ_GOV_CONSERVATIVE=y
+CONFIG_CPUFREQ_DT=y
+# CONFIG_ARM_OMAP2PLUS_CPUFREQ is not set
CONFIG_CPU_IDLE=y
CONFIG_CPU_IDLE_GOV_LADDER=y
+CONFIG_BINFMT_MISC=y
CONFIG_PM_DEBUG=y
CONFIG_OPROFILE=y
CONFIG_KPROBES=y
@@ -48,6 +95,8 @@ CONFIG_UNIX=y
CONFIG_XFRM_USER=m
CONFIG_XFRM_SUB_POLICY=y
CONFIG_NET_KEY=m
+CONFIG_XFRM_USER=y
+CONFIG_NET_KEY=y
CONFIG_NET_KEY_MIGRATE=y
CONFIG_INET=y
CONFIG_IP_MULTICAST=y
@@ -74,6 +123,7 @@ CONFIG_INET6_AH=y
CONFIG_INET6_ESP=y
CONFIG_INET6_IPCOMP=m
CONFIG_IPV6_TUNNEL=m
+# CONFIG_INET_LRO is not set
CONFIG_NETFILTER=y
CONFIG_NF_CONNTRACK=m
CONFIG_NF_CONNTRACK_AMANDA=m
@@ -196,40 +246,108 @@ CONFIG_NET_PKTGEN=m
CONFIG_CFG80211=y
CONFIG_MAC80211=y
CONFIG_RFKILL=y
+CONFIG_PHONET=m
+CONFIG_CAN=m
+CONFIG_CAN_C_CAN=m
+CONFIG_CAN_C_CAN_PLATFORM=m
+CONFIG_BT=m
+CONFIG_BT_RFCOMM=m
+CONFIG_BT_RFCOMM_TTY=y
+CONFIG_BT_BNEP=m
+CONFIG_BT_BNEP_MC_FILTER=y
+CONFIG_BT_BNEP_PROTO_FILTER=y
+CONFIG_BT_HIDP=m
+CONFIG_BT_HCIBTUSB=m
+CONFIG_BT_HCIBTSDIO=m
+CONFIG_BT_HCIUART=m
+CONFIG_BT_HCIUART_H4=y
+CONFIG_BT_HCIUART_BCSP=y
+CONFIG_BT_HCIUART_LL=y
+CONFIG_BT_HCIUART_3WIRE=y
+CONFIG_BT_HCIBCM203X=m
+CONFIG_BT_HCIBPA10X=m
+CONFIG_CFG80211=m
+CONFIG_BT_HCIBFUSB=m
+CONFIG_BT_HCIVHCI=m
+CONFIG_BT_MRVL=m
+CONFIG_BT_MRVL_SDIO=m
+CONFIG_AF_RXRPC=m
+CONFIG_RXKAD=m
+CONFIG_MAC80211=m
CONFIG_DEVTMPFS=y
CONFIG_DEVTMPFS_MOUNT=y
CONFIG_DMA_CMA=y
CONFIG_OMAP_OCP2SCP=y
+CONFIG_CONNECTOR=m
CONFIG_MTD=y
CONFIG_MTD_CMDLINE_PARTS=y
CONFIG_MTD_BLOCK=y
CONFIG_MTD_OOPS=y
CONFIG_MTD_CFI=y
CONFIG_MTD_CFI_INTELEXT=y
+CONFIG_MTD_PHYSMAP=y
+CONFIG_MTD_PHYSMAP_OF=y
CONFIG_MTD_NAND=y
+CONFIG_MTD_NAND_ECC_BCH=y
CONFIG_MTD_NAND_OMAP2=y
CONFIG_MTD_NAND_OMAP_BCH=y
+CONFIG_MTD_ONENAND=y
+CONFIG_MTD_ONENAND_VERIFY_WRITE=y
+CONFIG_MTD_ONENAND_OMAP2=y
CONFIG_MTD_UBI=y
CONFIG_OF_OVERLAY=y
CONFIG_BLK_DEV_LOOP=m
CONFIG_BLK_DEV_CRYPTOLOOP=m
CONFIG_BLK_DEV_NBD=m
+CONFIG_MTD_SPI_NOR=m
+CONFIG_MTD_M25P80=m
+CONFIG_BLK_DEV_LOOP=y
CONFIG_BLK_DEV_RAM=y
CONFIG_VIRTIO_BLK=y
CONFIG_EEPROM_93CX6=y
CONFIG_SCSI=y
# CONFIG_SCSI_MQ_DEFAULT is not set
+CONFIG_BLK_DEV_RAM_SIZE=16384
+CONFIG_SENSORS_TSL2550=m
+CONFIG_BMP085_I2C=m
+CONFIG_SRAM=y
+CONFIG_SENSORS_LIS3_I2C=m
CONFIG_BLK_DEV_SD=y
CONFIG_SCSI_VIRTIO=y
+CONFIG_SCSI_SCAN_ASYNC=y
+CONFIG_ATA=y
+CONFIG_SATA_AHCI_PLATFORM=y
CONFIG_NETDEVICES=y
CONFIG_BONDING=m
CONFIG_DUMMY=m
CONFIG_NETCONSOLE=y
CONFIG_TUN=m
CONFIG_VIRTIO_NET=y
+# CONFIG_NET_VENDOR_ARC is not set
+# CONFIG_NET_CADENCE is not set
+# CONFIG_NET_VENDOR_BROADCOM is not set
+# CONFIG_NET_VENDOR_CIRRUS is not set
+CONFIG_DM9000=y
+# CONFIG_NET_VENDOR_FARADAY is not set
+# CONFIG_NET_VENDOR_HISILICON is not set
+# CONFIG_NET_VENDOR_INTEL is not set
+# CONFIG_NET_VENDOR_MARVELL is not set
+CONFIG_KS8851=y
+CONFIG_KS8851_MLL=y
+# CONFIG_NET_VENDOR_MICROCHIP is not set
+# CONFIG_NET_VENDOR_NATSEMI is not set
+# CONFIG_NET_VENDOR_QUALCOMM is not set
+# CONFIG_NET_VENDOR_SAMSUNG is not set
+# CONFIG_NET_VENDOR_SEEQ is not set
CONFIG_SMC91X=y
CONFIG_SMSC911X=y
+# CONFIG_NET_VENDOR_STMICRO is not set
+CONFIG_TI_DAVINCI_EMAC=y
CONFIG_TI_CPSW=y
+CONFIG_TI_CPTS=y
+# CONFIG_NET_VENDOR_VIA is not set
+# CONFIG_NET_VENDOR_WIZNET is not set
+CONFIG_AT803X_PHY=y
CONFIG_SMSC_PHY=y
CONFIG_PPP=m
CONFIG_PPP_BSDCOMP=m
@@ -257,16 +375,49 @@ CONFIG_USB_NET_MCS7830=m
CONFIG_USB_NET_RNDIS_HOST=m
CONFIG_USB_ALI_M5632=y
CONFIG_USB_AN2720=y
+CONFIG_USB_EPSON2888=y
+CONFIG_USB_EHCI_HCD=m
+CONFIG_USB_OHCI_HCD=m
CONFIG_USB_KC2190=y
CONFIG_INPUT_FF_MEMLESS=y
CONFIG_INPUT_EVDEV=y
CONFIG_KEYBOARD_GPIO=y
+CONFIG_USB_CDC_PHONET=m
+CONFIG_LIBERTAS=m
+CONFIG_LIBERTAS_USB=m
+CONFIG_LIBERTAS_SDIO=m
+CONFIG_LIBERTAS_DEBUG=y
+CONFIG_WL_TI=y
+CONFIG_WL12XX=m
+CONFIG_WL18XX=m
+CONFIG_WLCORE_SPI=m
+CONFIG_WLCORE_SDIO=m
+CONFIG_MWIFIEX=m
+CONFIG_MWIFIEX_SDIO=m
+CONFIG_MWIFIEX_USB=m
+CONFIG_INPUT_JOYDEV=m
+CONFIG_INPUT_EVDEV=m
+CONFIG_KEYBOARD_ATKBD=m
+CONFIG_KEYBOARD_GPIO=m
CONFIG_KEYBOARD_MATRIX=m
CONFIG_KEYBOARD_TWL4030=y
+CONFIG_KEYBOARD_OMAP4=m
+CONFIG_KEYBOARD_TWL4030=m
+# CONFIG_INPUT_MOUSE is not set
CONFIG_INPUT_TOUCHSCREEN=y
CONFIG_TOUCHSCREEN_ADS7846=y
+CONFIG_TOUCHSCREEN_ADS7846=m
+CONFIG_TOUCHSCREEN_EDT_FT5X06=m
+CONFIG_TOUCHSCREEN_PIXCIR=m
+CONFIG_TOUCHSCREEN_TSC2005=m
+CONFIG_TOUCHSCREEN_TSC2007=m
+CONFIG_TOUCHSCREEN_TI_AM335X_TSC=m
CONFIG_INPUT_MISC=y
CONFIG_INPUT_TWL4030_PWRBUTTON=y
+CONFIG_INPUT_TPS65218_PWRBUTTON=m
+CONFIG_INPUT_TWL4030_PWRBUTTON=m
+CONFIG_INPUT_PALMAS_PWRBUTTON=m
+CONFIG_SERIO=m
# CONFIG_LEGACY_PTYS is not set
CONFIG_SERIAL_8250=y
CONFIG_SERIAL_8250_CONSOLE=y
@@ -276,30 +427,79 @@ CONFIG_SERIAL_AMBA_PL011_CONSOLE=y
CONFIG_VIRTIO_CONSOLE=y
CONFIG_HW_RANDOM=y
CONFIG_HW_RANDOM_VIRTIO=y
+CONFIG_SERIAL_8250_NR_UARTS=32
+CONFIG_SERIAL_8250_RUNTIME_UARTS=6
+CONFIG_SERIAL_8250_EXTENDED=y
+CONFIG_SERIAL_8250_MANY_PORTS=y
+CONFIG_SERIAL_8250_SHARE_IRQ=y
+CONFIG_SERIAL_8250_DETECT_IRQ=y
+CONFIG_SERIAL_8250_RSA=y
+CONFIG_SERIAL_OF_PLATFORM=y
+CONFIG_SERIAL_OMAP=y
+CONFIG_SERIAL_OMAP_CONSOLE=y
CONFIG_I2C_CHARDEV=y
CONFIG_SPI=y
CONFIG_SPI_OMAP24XX=y
CONFIG_SPI_PL022=y
+CONFIG_SPI_TI_QSPI=m
+CONFIG_HSI=m
+CONFIG_OMAP_SSI=m
+CONFIG_NOKIA_MODEM=m
+CONFIG_SSI_PROTOCOL=m
CONFIG_PINCTRL_SINGLE=y
+CONFIG_DEBUG_GPIO=y
CONFIG_GPIO_SYSFS=y
+CONFIG_GPIO_PCA953X=m
CONFIG_GPIO_PCF857X=y
CONFIG_GPIO_TWL4030=y
CONFIG_POWER_SUPPLY=y
+CONFIG_GPIO_PALMAS=y
+CONFIG_W1=m
+CONFIG_HDQ_MASTER_OMAP=m
+CONFIG_BATTERY_BQ27XXX=m
+CONFIG_CHARGER_ISP1704=m
+CONFIG_CHARGER_TWL4030=m
+CONFIG_CHARGER_BQ2415X=m
+CONFIG_CHARGER_BQ24190=m
+CONFIG_CHARGER_BQ24735=m
+CONFIG_POWER_RESET=y
+CONFIG_POWER_AVS=y
+CONFIG_HWMON=m
+CONFIG_SENSORS_GPIO_FAN=m
+CONFIG_SENSORS_LM75=m
+CONFIG_SENSORS_TMP102=m
+CONFIG_THERMAL=m
+CONFIG_THERMAL_GOV_FAIR_SHARE=y
+CONFIG_THERMAL_GOV_USER_SPACE=y
+CONFIG_CPU_THERMAL=y
+CONFIG_TI_SOC_THERMAL=m
+CONFIG_TI_THERMAL=y
+CONFIG_OMAP4_THERMAL=y
+CONFIG_OMAP5_THERMAL=y
+CONFIG_DRA752_THERMAL=y
CONFIG_WATCHDOG=y
CONFIG_WATCHDOG_NOWAYOUT=y
CONFIG_SOFT_WATCHDOG=m
CONFIG_ARM_SP805_WATCHDOG=y
CONFIG_OMAP_WATCHDOG=y
CONFIG_TWL4030_WATCHDOG=y
+CONFIG_OMAP_WATCHDOG=m
+CONFIG_TWL4030_WATCHDOG=m
CONFIG_MFD_PALMAS=y
CONFIG_MFD_TPS65217=y
+CONFIG_MFD_TPS65218=y
CONFIG_MFD_TPS65910=y
CONFIG_MFD_TWL4030_AUDIO=y
+CONFIG_MFD_TI_AM335X_TSCADC=m
CONFIG_TWL6040_CORE=y
CONFIG_REGULATOR_PALMAS=y
+CONFIG_REGULATOR_PBIAS=y
+CONFIG_REGULATOR_TI_ABB=y
+CONFIG_REGULATOR_TPS62360=m
CONFIG_REGULATOR_TPS65023=y
CONFIG_REGULATOR_TPS6507X=y
CONFIG_REGULATOR_TPS65217=y
+CONFIG_REGULATOR_TPS65218=y
CONFIG_REGULATOR_TPS65910=y
CONFIG_REGULATOR_TWL4030=y
CONFIG_DRM=y
@@ -308,15 +508,55 @@ CONFIG_DRM_OMAP=y
CONFIG_OMAP2_DSS_DSI=y
CONFIG_DRM_TILCDC=y
CONFIG_DRM_VIRTIO_GPU=y
+CONFIG_FB=y
+CONFIG_FIRMWARE_EDID=y
CONFIG_FB_MODE_HELPERS=y
CONFIG_FB_TILEBLITTING=y
+CONFIG_OMAP2_DSS=m
+CONFIG_OMAP5_DSS_HDMI=y
+CONFIG_OMAP2_DSS_SDI=y
+CONFIG_OMAP2_DSS_DSI=y
+CONFIG_FB_OMAP2=m
+CONFIG_DISPLAY_ENCODER_TFP410=m
+CONFIG_DISPLAY_ENCODER_TPD12S015=m
+CONFIG_DISPLAY_CONNECTOR_DVI=m
+CONFIG_DISPLAY_CONNECTOR_HDMI=m
+CONFIG_DISPLAY_CONNECTOR_ANALOG_TV=m
+CONFIG_DISPLAY_PANEL_DPI=m
+CONFIG_DISPLAY_PANEL_DSI_CM=m
+CONFIG_DISPLAY_PANEL_SONY_ACX565AKM=m
+CONFIG_DISPLAY_PANEL_LGPHILIPS_LB035Q02=m
+CONFIG_DISPLAY_PANEL_SHARP_LS037V7DW01=m
+CONFIG_DISPLAY_PANEL_TPO_TD028TTEC1=m
+CONFIG_DISPLAY_PANEL_TPO_TD043MTEA1=m
+CONFIG_DISPLAY_PANEL_NEC_NL8048HL11=m
+CONFIG_BACKLIGHT_LCD_SUPPORT=y
CONFIG_LCD_CLASS_DEVICE=y
CONFIG_LCD_PLATFORM=y
+CONFIG_BACKLIGHT_CLASS_DEVICE=y
+CONFIG_BACKLIGHT_GENERIC=m
+CONFIG_BACKLIGHT_PWM=m
+CONFIG_BACKLIGHT_PANDORA=m
+CONFIG_BACKLIGHT_GPIO=m
+CONFIG_FRAMEBUFFER_CONSOLE=y
+CONFIG_FRAMEBUFFER_CONSOLE_DETECT_PRIMARY=y
CONFIG_FRAMEBUFFER_CONSOLE_ROTATION=y
CONFIG_LOGO=y
CONFIG_SOUND=m
CONFIG_SND=m
+CONFIG_SND_MIXER_OSS=m
+CONFIG_SND_PCM_OSS=m
+CONFIG_SND_VERBOSE_PRINTK=y
+CONFIG_SND_DEBUG=y
+CONFIG_SND_USB_AUDIO=m
CONFIG_SND_SOC=m
+CONFIG_SND_EDMA_SOC=m
+CONFIG_SND_AM33XX_SOC_EVM=m
+CONFIG_SND_DAVINCI_SOC_MCASP=m
+CONFIG_SND_OMAP_SOC=m
+CONFIG_SND_OMAP_SOC_OMAP_TWL4030=m
+CONFIG_SND_OMAP_SOC_OMAP_ABE_TWL6040=m
+CONFIG_SND_OMAP_SOC_OMAP3_PANDORA=m
CONFIG_SND_SIMPLE_CARD=m
CONFIG_USB=y
CONFIG_USB_EHCI_HCD=y
@@ -324,22 +564,79 @@ CONFIG_USB_STORAGE=y
CONFIG_USB_MUSB_HDRC=y
CONFIG_USB_MUSB_OMAP2PLUS=y
CONFIG_USB_MUSB_DSPS=y
+CONFIG_SND_SOC_TLV320AIC3X=m
+CONFIG_HID_GENERIC=m
+CONFIG_USB_HIDDEV=y
+CONFIG_USB_KBD=m
+CONFIG_USB_MOUSE=m
+CONFIG_USB=m
+CONFIG_USB_ANNOUNCE_NEW_DEVICES=y
+CONFIG_USB_MON=m
+CONFIG_USB_XHCI_HCD=m
+CONFIG_USB_WDM=m
+CONFIG_USB_STORAGE=m
+CONFIG_USB_MUSB_HDRC=m
+CONFIG_USB_MUSB_OMAP2PLUS=m
+CONFIG_USB_MUSB_AM35X=m
+CONFIG_USB_MUSB_DSPS=m
+CONFIG_USB_INVENTRA_DMA=y
CONFIG_USB_TI_CPPI41_DMA=y
CONFIG_NOP_USB_XCEIV=y
+CONFIG_USB_DWC3=m
+CONFIG_USB_TEST=m
CONFIG_AM335X_PHY_USB=y
CONFIG_USB_GADGET=y
CONFIG_USB_G_NCM=m
CONFIG_USB_MASS_STORAGE=m
+CONFIG_USB_GADGET=m
+CONFIG_USB_GADGET_DEBUG=y
+CONFIG_USB_GADGET_DEBUG_FILES=y
+CONFIG_USB_GADGET_DEBUG_FS=y
+CONFIG_USB_CONFIGFS=m
+CONFIG_USB_CONFIGFS_SERIAL=y
+CONFIG_USB_CONFIGFS_ACM=y
+CONFIG_USB_CONFIGFS_OBEX=y
+CONFIG_USB_CONFIGFS_NCM=y
+CONFIG_USB_CONFIGFS_ECM=y
+CONFIG_USB_CONFIGFS_ECM_SUBSET=y
+CONFIG_USB_CONFIGFS_RNDIS=y
+CONFIG_USB_CONFIGFS_EEM=y
+CONFIG_USB_CONFIGFS_PHONET=y
+CONFIG_USB_CONFIGFS_MASS_STORAGE=y
+CONFIG_USB_CONFIGFS_F_LB_SS=y
+CONFIG_USB_CONFIGFS_F_FS=y
+CONFIG_USB_CONFIGFS_F_UAC1=y
+CONFIG_USB_CONFIGFS_F_UAC2=y
+CONFIG_USB_CONFIGFS_F_MIDI=y
+CONFIG_USB_CONFIGFS_F_HID=y
+CONFIG_USB_ZERO=m
+CONFIG_USB_G_NOKIA=m
CONFIG_MMC=y
CONFIG_SDIO_UART=y
CONFIG_MMC_OMAP=y
CONFIG_MMC_OMAP_HS=y
CONFIG_NEW_LEDS=y
+CONFIG_LEDS_CLASS=m
+CONFIG_LEDS_GPIO=m
+CONFIG_LEDS_PWM=m
+CONFIG_LEDS_TRIGGERS=y
+CONFIG_LEDS_TRIGGER_TIMER=m
+CONFIG_LEDS_TRIGGER_ONESHOT=m
+CONFIG_LEDS_TRIGGER_HEARTBEAT=m
+CONFIG_LEDS_TRIGGER_BACKLIGHT=m
+CONFIG_LEDS_TRIGGER_CPU=y
+CONFIG_LEDS_TRIGGER_GPIO=m
+CONFIG_LEDS_TRIGGER_DEFAULT_ON=m
CONFIG_RTC_CLASS=y
CONFIG_RTC_DRV_TWL4030=y
CONFIG_RTC_DRV_PALMAS=y
CONFIG_RTC_DRV_OMAP=y
CONFIG_RTC_DRV_PL031=y
+CONFIG_RTC_DRV_DS1307=m
+CONFIG_RTC_DRV_PALMAS=m
+CONFIG_RTC_DRV_TWL92330=y
+CONFIG_RTC_DRV_TWL4030=m
+CONFIG_RTC_DRV_OMAP=m
CONFIG_DMADEVICES=y
CONFIG_PL330_DMA=y
CONFIG_VIRTIO_BALLOON=y
@@ -348,6 +645,27 @@ CONFIG_VIRTIO_MMIO=y
CONFIG_ARM_TIMER_SP804=y
CONFIG_EXTCON_PALMAS=y
CONFIG_OMAP_USB2=y
+CONFIG_TI_EDMA=y
+CONFIG_DMA_OMAP=y
+# CONFIG_IOMMU_SUPPORT is not set
+CONFIG_EXTCON=m
+CONFIG_EXTCON_USB_GPIO=m
+CONFIG_EXTCON_PALMAS=m
+CONFIG_TI_EMIF=m
+CONFIG_IIO=m
+CONFIG_TI_AM335X_ADC=m
+CONFIG_PWM=y
+CONFIG_PWM_TIECAP=m
+CONFIG_PWM_TIEHRPWM=m
+CONFIG_PWM_TWL=m
+CONFIG_PWM_TWL_LED=m
+CONFIG_PHY_DM816X_USB=m
+CONFIG_OMAP_USB2=m
+CONFIG_TI_PIPE3=y
+CONFIG_TWL4030_USB=m
+CONFIG_EXT2_FS=y
+CONFIG_EXT3_FS=y
+# CONFIG_EXT3_FS_XATTR is not set
CONFIG_EXT4_FS=y
CONFIG_EXT4_FS_POSIX_ACL=y
CONFIG_EXT4_FS_SECURITY=y
@@ -355,12 +673,20 @@ CONFIG_EXT4_ENCRYPTION=y
CONFIG_AUTOFS4_FS=y
CONFIG_FUSE_FS=m
CONFIG_CUSE=m
+CONFIG_FANOTIFY=y
+CONFIG_QUOTA=y
+CONFIG_QFMT_V2=y
+CONFIG_AUTOFS4_FS=m
CONFIG_MSDOS_FS=y
CONFIG_VFAT_FS=y
CONFIG_TMPFS=y
CONFIG_TMPFS_POSIX_ACL=y
CONFIG_ROMFS_FS=m
+CONFIG_CONFIGFS_FS=y
+CONFIG_UBIFS_FS=y
+CONFIG_CRAMFS=y
CONFIG_NFS_FS=y
+CONFIG_NFS_V3_ACL=y
CONFIG_NFS_V4=y
CONFIG_ROOT_NFS=y
CONFIG_CIFS=m
@@ -405,6 +731,13 @@ CONFIG_NLS_KOI8_R=m
CONFIG_NLS_KOI8_U=m
CONFIG_NLS_UTF8=m
CONFIG_ENCRYPTED_KEYS=y
+CONFIG_PRINTK_TIME=y
+CONFIG_DEBUG_INFO=y
+CONFIG_MAGIC_SYSRQ=y
+CONFIG_SCHEDSTATS=y
+CONFIG_TIMER_STATS=y
+CONFIG_PROVE_LOCKING=y
+# CONFIG_DEBUG_BUGVERBOSE is not set
CONFIG_SECURITY=y
CONFIG_CRYPTO_TEST=m
CONFIG_CRYPTO_XCBC=m
@@ -419,6 +752,12 @@ CONFIG_CRYPTO_KHAZAD=m
CONFIG_CRYPTO_SERPENT=m
CONFIG_CRYPTO_TEA=m
CONFIG_CRYPTO_TWOFISH=m
+CONFIG_CRYPTO_MICHAEL_MIC=y
+# CONFIG_CRYPTO_ANSI_CPRNG is not set
+CONFIG_CRC_CCITT=y
+CONFIG_CRC_T10DIF=y
+CONFIG_CRC_ITU_T=y
+CONFIG_CRC7=y
CONFIG_LIBCRC32C=y
CONFIG_FONTS=y
CONFIG_FONT_8x8=y
--
2.20.1


Re: [cip-kernel-config PATCH] qemu_cip_defconfig: Add EFI_STUB to config

Nobuhiro Iwamatsu
 

Hi,

-----Original Message-----
From: cip-dev@lists.cip-project.org [mailto:cip-dev@lists.cip-project.org] On Behalf Of Quirin Gylstorff
Sent: Thursday, August 20, 2020 5:50 PM
To: cip-dev@lists.cip-project.org; iwamatsu nobuhiro(岩松 信洋 □SWC◯ACT) <nobuhiro1.iwamatsu@toshiba.co.jp>
Subject: Re: [cip-dev] [cip-kernel-config PATCH] qemu_cip_defconfig: Add EFI_STUB to config
<snip>


Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
---
4.19.y-cip/x86/cip_qemu_defconfig | 1 +
1 file changed, 1 insertion(+)
Please update cip_qemu.sources too.
When i try to generate the sources - all .c and asm files are no longer
part of the cip-qemu.sources. Did I miss something? Or should I try
again like the last time this happened?
Thanks for your check.
Sorry, I wanted to check if there was a fix in cip_qemu.sources.
I applied this patch.
Hi,

I didn't find the patch applied to cip-kernel-config. Is something missing?
Sorry, I just pushed.

Kind regards,
quirin
Best regards,
Nobuhiro


Re: [PATCH 4.19.y-cip 01/12] arm64: dts: renesas: r8a774a1-hihope-rzg2m[-ex/-ex-idk-1110wr]: Rename HiHope RZ/G2M boards

Biju Das <biju.das.jz@...>
 

Hi Pavel,

Thanks for the feedback.

Subject: Re: [PATCH 4.19.y-cip 01/12] arm64: dts: renesas: r8a774a1-hihope-
rzg2m[-ex/-ex-idk-1110wr]: Rename HiHope RZ/G2M boards

Hi!

Ok, so this is anti-social:

-dtb-$(CONFIG_ARCH_R8A774A1) += r8a774a1-hihope-rzg2m.dtb
+dtb-$(CONFIG_ARCH_R8A774A1) += r8a774a1-hihope-rzg2m-rev2.dtb
This renames dts away, but at the end of series, new dts is created with the
r8a774a1-hihope-rzg2m.dts name, but this time it is for rev4 (not rev2) board.

So... people with rev2 boards and existing build script will get rev4 dts..
without any error.
Yes, that is true. But if you agree, We need to use our latest/greatest SoC/board as the main SoC/Board and rest are with explicit revision in dts/dtb .

The existing users can read gpio values to differentiate rev2.0/rev4.0 boards and load the appropriate dtb/execute the test script accordingly.


Would it be better to always require explicit revision in dts/dtb name?
This is our thoughts on this. We need to use our latest/greatest SoC/board as the main SoC/Board and rest are with explicit revision in dts/dtb .
So this is inline with your suggested comment.

Please share your comments, I may be wrong.

Cheers,
Biju


Renesas Electronics Europe GmbH, Geschaeftsfuehrer/President: Carsten Jauch, Sitz der Gesellschaft/Registered office: Duesseldorf, Arcadiastrasse 10, 40472 Duesseldorf, Germany, Handelsregister/Commercial Register: Duesseldorf, HRB 3708 USt-IDNr./Tax identification no.: DE 119353406 WEEE-Reg.-Nr./WEEE reg. no.: DE 14978647


Re: [PATCH 4.19.y-cip 2/2] drm: atomic helper: fix W=1 warnings

Pavel Machek
 

Hi!

commit bf5d837a0a4ced7cc223befc9e76d4ad30697d27 upstream.

Few for_each macro set variables that are never used later which led
to generate unused-but-set-variable warnings.
Add (void)(foo) inside the macros to remove these warnings

Signed-off-by: Benjamin Gaignard <benjamin.gaignard@st.com>
Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Link: https://patchwork.freedesktop.org/patch/msgid/20191008124254.2144-1-benjamin.gaignard@st.com
Signed-off-by: Biju Das <biju.das.jz@bp.renesas.com>
Thanks for the fixes. Applied and pushed out.
This patch doesn't seem to have been pushed yet.
Could you push me?
Sorry for that, should be fixed now.

Best regards,
Pavel
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany


Re: [PATCH 4.19.y-cip 00/12] Support RZ/G2[MN] rev4 board

Chris Paterson
 

Hello Pavel,

From: Pavel Machek <pavel@denx.de>
Sent: 19 August 2020 18:39

*** gpg4o | The signature of this email could not be verified because the
following public key is missing. Click here to search and import the key
30E7F06A95DBFAF2 ***

Hi!

This patch series for supporting RZ/G2[MN] rev4 board to cip-4.19.y
kernel.
  arch/arm64/boot/dts/renesas/r8a774a1.dtsi | 11 -----------
  1 file changed, 11 deletions(-)
I'm pretty sure this is not the real diffstat.

Let me go through the changes. One concern: you are renaming dts
files. New names make a lot of sense, but that will likely break the
users, including our test infrastructure, no?
Technically yes, it would cause problems. However this seems to be the way of doing things upstream.
I guess upstream is a bit different though as users would expect such things when upgrading Kernel versions.
For SLTS perhaps users wouldn't expect to see such changes? It may be easier to keep things in sync with upstream though.

FYI the "rev4" dts does actually boot on "rev2" boards. It's just that some functionality like WiFi/BT and audio won't work.
(and the rev2 dts will boot on rev4 boards)

lab-cip-renesas uses rev4 boards, so from a CIP testing point of view there will be no issues.

Kind regards, Chris


Best regards,
                                                              Pavel
--
DENX Software Engineering GmbH,      Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany


Re: [cip-kernel-config PATCH] qemu_cip_defconfig: Add EFI_STUB to config

Quirin Gylstorff
 

On 8/7/20 11:31 PM, Nobuhiro Iwamatsu wrote:
Hi,

-----Original Message-----
From: cip-dev@lists.cip-project.org [mailto:cip-dev@lists.cip-project.org] On Behalf Of Quirin Gylstorff
Sent: Thursday, August 6, 2020 11:27 PM
To: cip-dev@lists.cip-project.org; sangorrin daniel(サンゴリン ダニエル □SWC◯ACT)
<daniel.sangorrin@toshiba.co.jp>; jan.kiszka@siemens.com
Subject: Re: [cip-dev] [cip-kernel-config PATCH] qemu_cip_defconfig: Add EFI_STUB to config



On 8/6/20 8:46 AM, Nobuhiro Iwamatsu wrote:
Hi,

Thanks for your patch.

-----Original Message-----
From: cip-dev@lists.cip-project.org [mailto:cip-dev@lists.cip-project.org] On Behalf Of Quirin Gylstorff
Sent: Monday, August 3, 2020 7:12 PM
To: cip-dev@lists.cip-project.org; sangorrin daniel(サンゴリン ダニエル □SWC◯ACT)
<daniel.sangorrin@toshiba.co.jp>; jan.kiszka@siemens.com
Cc: Quirin Gylstorff <quirin.gylstorff@siemens.com>
Subject: [cip-dev] [cip-kernel-config PATCH] qemu_cip_defconfig: Add EFI_STUB to config

From: Quirin Gylstorff <quirin.gylstorff@siemens.com>

If EFI_STUB is not active booting QEMU with OVMF efi will fail
with the following error message `KVM internal error. Suberror: 3`.

OVMF efi is used in isar-cip-core to demonstrate secure-boot with
a unified kernel image.

Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
---
4.19.y-cip/x86/cip_qemu_defconfig | 1 +
1 file changed, 1 insertion(+)
Please update cip_qemu.sources too.
When i try to generate the sources - all .c and asm files are no longer
part of the cip-qemu.sources. Did I miss something? Or should I try
again like the last time this happened?
Thanks for your check.
Sorry, I wanted to check if there was a fix in cip_qemu.sources.
I applied this patch.
Hi,

I didn't find the patch applied to cip-kernel-config. Is something missing?

Kind regards,
quirin

Thanks,
Quirin
Best regards,
Nobuhiro
--
Quirin Gylstorff

Siemens AG
Corporate Technology
Research in Digitalization and Automation
Smart Embedded Systems
CT RDA IOT SES-DE
Otto-Hahn-Ring 6
81739 Muenchen, Germany
Mobile: +49 173 3746683
mailto:quirin.gylstorff@siemens.com
www.siemens.com/ingenuityforlife

Siemens Aktiengesellschaft: Chairman of the Supervisory Board: Jim Hagemann Snabe; Managing Board: Joe Kaeser, Chairman, President and Chief Executive Officer; Roland Busch, Lisa Davis, Klaus Helmrich, Cedrik Neike, Michael Sen, Ralf P. Thomas; Registered offices: Berlin and Munich, Germany; Commercial registries: Berlin Charlottenburg, HRB 12300, Munich, HRB 6684; WEEE-Reg.-No. DE 23691322

Important notice: This e-mail and any attachment thereof contain corporate proprietary information. If you have received it by mistake, please notify us immediately by reply e-mail and delete this e-mail and its attachments from your system. Thank you.


Re: [isar-cip-core][PATCH v2 3/3] testing: Add test.yml

Nobuhiro Iwamatsu
 

Hi,

-----Original Message-----
From: cip-dev@lists.cip-project.org [mailto:cip-dev@lists.cip-project.org] On Behalf Of Jan Kiszka
Sent: Wednesday, August 19, 2020 3:33 PM
To: iwamatsu nobuhiro(岩松 信洋 □SWC◯ACT) <nobuhiro1.iwamatsu@toshiba.co.jp>; cip-dev@lists.cip-project.org
Subject: Re: [cip-dev] [isar-cip-core][PATCH v2 3/3] testing: Add test.yml
<snip>


Ah, nice solution with the _append.

Can you follow up with a patch for CI that adds the test feature at
least to some of your images? I actually wonder if we shouldn't add it
to all, or even have to in case the CI images are directly used for testing.
Yes, I planned to do it after it was applied.
I will add this to v3 patch series.
No need to resend, the patches are already in next, locally. Just add
that patch on top.
Okay, I send a patch for CI only.

Jan
Best regards,
Nobuhiro


[isar-cip-core][PATCH 2/2] ci: Add support for test image

Nobuhiro Iwamatsu
 

Signed-off-by: Nobuhiro Iwamatsu <nobuhiro1.iwamatsu@toshiba.co.jp>
---
.gitlab-ci.yml | 32 ++++++++++++++++++++++++++++++++
1 file changed, 32 insertions(+)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index e23345f..802dbcd 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -68,3 +68,35 @@ build:qemu-amd64-base:
extention: security
use_rt: disable
targz: disable
+
+# test
+build:simatic-ipc227e-test:
+ extends:
+ - .build_base
+ variables:
+ target: simatic-ipc227e
+ extention: test
+
+build:bbb-test:
+ extends:
+ - .build_base
+ variables:
+ target: bbb
+ extention: test
+ dtb: am335x-boneblack.dtb
+
+build:iwg20m-test:
+ extends:
+ - .build_base
+ variables:
+ target: iwg20m
+ extention: test
+ dtb: r8a7743-iwg20d-q7-dbcm-ca.dtb
+
+build:hihope-rzg2m-test:
+ extends:
+ - .build_base
+ variables:
+ target: rzg2m
+ extention: test
+ dtb: renesas/r8a774a1-hihope-rzg2m-ex.dtb
--
2.27.0


[isar-cip-core][PATCH 1/2] ci: Rewrite using extends

Nobuhiro Iwamatsu
 

Signed-off-by: Nobuhiro Iwamatsu <nobuhiro1.iwamatsu@toshiba.co.jp>
---
.gitlab-ci.yml | 70 +++++++++++++++++++++++++++++---------
scripts/deploy-cip-core.sh | 8 +++--
2 files changed, 60 insertions(+), 18 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 3fe7af2..e23345f 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -2,10 +2,17 @@ image: kasproject/kas-isar:1.1

variables:
GIT_STRATEGY: clone
+ release: buster
+ extention: base
+ use_rt: enable
+ targz: enable
+ dtb: none

-all:
- stage: build
- script:
+stages:
+ - build
+
+default:
+ before_script:
- export http_proxy=$HTTP_PROXY
- export https_proxy=$HTTPS_PROXY
- export ftp_proxy=$FTP_PROXY
@@ -13,20 +20,51 @@ all:
- export AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID
- export AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY

- - kas build kas-cip.yml:kas/board/simatic-ipc227e.yml:kas/opt/rt.yml:kas/opt/targz-img.yml
- - scripts/deploy-cip-core.sh buster simatic-ipc227e
-
+.build_base:
+ stage: build
+ variables:
+ base_yaml: "kas-cip.yml:kas/board/${target}.yml"
+ script:
- sudo rm -rf build/tmp
- - kas build kas-cip.yml:kas/board/bbb.yml:kas/opt/rt.yml:kas/opt/targz-img.yml
- - scripts/deploy-cip-core.sh buster bbb am335x-boneblack.dtb
+ - if [ "${use_rt}" = "enable" ]; then base_yaml="${base_yaml}:kas/opt/rt.yml"; fi;
+ - if [ "${extention}" != "base" ]; then base_yaml="${base_yaml}:kas/opt/${extention}.yml"; fi;
+ - if [ "${targz}" = "enable" ]; then base_yaml="${base_yaml}:kas/opt/targz-img.yml"; fi;
+ - kas build ${base_yaml}
+ - scripts/deploy-cip-core.sh ${release} ${target} ${extention} ${dtb}

- - sudo rm -rf build/tmp
- - kas build kas-cip.yml:kas/board/iwg20m.yml:kas/opt/rt.yml:kas/opt/targz-img.yml
- - scripts/deploy-cip-core.sh buster iwg20m r8a7743-iwg20d-q7-dbcm-ca.dtb
+# base image
+build:simatic-ipc227e-base:
+ extends:
+ - .build_base
+ variables:
+ target: simatic-ipc227e

- - sudo rm -rf build/tmp
- - kas build kas-cip.yml:kas/board/rzg2m.yml:kas/opt/rt.yml:kas/opt/targz-img.yml
- - scripts/deploy-cip-core.sh buster hihope-rzg2m renesas/r8a774a1-hihope-rzg2m-ex.dtb
+build:bbb-base:
+ extends:
+ - .build_base
+ variables:
+ target: bbb
+ dtb: am335x-boneblack.dtb

- - sudo rm -rf build/tmp
- - kas build kas-cip.yml:kas/board/qemu-amd64.yml:kas/opt/security.yml
+build:iwg20m-base:
+ extends:
+ - .build_base
+ variables:
+ target: iwg20m
+ dtb: r8a7743-iwg20d-q7-dbcm-ca.dtb
+
+build:hihope-rzg2m-base:
+ extends:
+ - .build_base
+ variables:
+ target: rzg2m
+ dtb: renesas/r8a774a1-hihope-rzg2m-ex.dtb
+
+build:qemu-amd64-base:
+ extends:
+ - .build_base
+ variables:
+ target: qemu-amd64
+ extention: security
+ use_rt: disable
+ targz: disable
diff --git a/scripts/deploy-cip-core.sh b/scripts/deploy-cip-core.sh
index 4c8d4c9..5b7eab9 100755
--- a/scripts/deploy-cip-core.sh
+++ b/scripts/deploy-cip-core.sh
@@ -16,9 +16,13 @@ fi

RELEASE=$1
TARGET=$2
-DTB=$3
+EXTENSION=$3
+DTB=$4

BASE_PATH=build/tmp/deploy/images/$TARGET/cip-core-image-cip-core-$RELEASE-$TARGET
+if [ "${EXTENSION}" != "base" ] ; then
+ BASE_PATH=build/tmp/deploy/images/$TARGET/cip-core-image-cip-core-$RELEASE-$TARGET-$EXTENSION
+fi

echo "Compressing cip-core-image-cip-core-$RELEASE-$TARGET.wic.img..."
xz -9 -k $BASE_PATH.wic.img
@@ -38,6 +42,6 @@ fi
aws s3 cp --no-progress $KERNEL_IMAGE s3://download.cip-project.org/cip-core/$TARGET/
aws s3 cp --no-progress $BASE_PATH-initrd.img s3://download.cip-project.org/cip-core/$TARGET/

-if [ -n "$DTB" ]; then
+if [ "$DTB" != "none" ]; then
aws s3 cp --no-progress build/tmp/work/cip-core-*/linux-cip*/*/linux-cip-*/debian/linux-image-cip*/usr/lib/linux-image-*/$DTB s3://download.cip-project.org/cip-core/$TARGET/
fi
--
2.27.0


CIP IRC weekly meeting today

masashi.kudo@cybertrust.co.jp <masashi.kudo@...>
 

Hi all,

Kindly be reminded to attend the weekly meeting through IRC to discuss technical topics with CIP kernel today.

*Please note that the IRC meeting was rescheduled to UTC (GMT) 09:00 starting from the first week of Apr. according to TSC meeting*
https://www.timeanddate.com/worldclock/meetingdetails.html?year=2020&month=8&day=20&hour=9&min=0&sec=0&p1=224&p2=179&p3=136&p4=37&p5=241&p6=248

USWest USEast UK DE TW JP
02:00 05:00 10:00 11:00 17:00 18:00

Channel:
* irc:chat.freenode.net:6667/cip

Last meeting minutes:
https://irclogs.baserock.org/meetings/cip/2020/08/cip.2020-08-06-09.00.log.html

Agenda:

* Action item
1. Combine root filesystem with kselftest binary - iwamatsu
2. Post LTP results to KernelCI - patersonc

* Kernel maintenance updates
* Kernel testing
* Software update
* CIP Security
* AOB

The meeting will take 30 min, although it can be extended to an hour if it makes sense and those involved in the topics can stay. Otherwise, the topic will be taken offline or in the next meeting.

Best regards,
--
M. Kudo
Cybertrust Japan Co., Ltd.


Re: [PATCH 4.19.y-cip 2/2] drm: atomic helper: fix W=1 warnings

Nobuhiro Iwamatsu
 

Hi Pavel,

-----Original Message-----
From: Pavel Machek [mailto:pavel@denx.de]
Sent: Friday, August 14, 2020 5:49 AM
To: Biju Das <biju.das.jz@bp.renesas.com>
Cc: cip-dev@lists.cip-project.org; iwamatsu nobuhiro(岩松 信洋 □SWC◯ACT)
<nobuhiro1.iwamatsu@toshiba.co.jp>; Pavel Machek <pavel@denx.de>; Chris Paterson <chris.paterson2@renesas.com>;
Prabhakar Mahadev Lad <prabhakar.mahadev-lad.rj@bp.renesas.com>
Subject: Re: [PATCH 4.19.y-cip 2/2] drm: atomic helper: fix W=1 warnings

Hi!

From: Benjamin Gaignard <benjamin.gaignard@st.com>

commit bf5d837a0a4ced7cc223befc9e76d4ad30697d27 upstream.

Few for_each macro set variables that are never used later which led
to generate unused-but-set-variable warnings.
Add (void)(foo) inside the macros to remove these warnings

Signed-off-by: Benjamin Gaignard <benjamin.gaignard@st.com>
Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Link: https://patchwork.freedesktop.org/patch/msgid/20191008124254.2144-1-benjamin.gaignard@st.com
Signed-off-by: Biju Das <biju.das.jz@bp.renesas.com>
Thanks for the fixes. Applied and pushed out.
This patch doesn't seem to have been pushed yet.
Could you push me?


Best regards,
Pavel
Best regards,
Nobuhiro


--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany


Re: [PATCH 4.19.y-cip 01/12] arm64: dts: renesas: r8a774a1-hihope-rzg2m[-ex/-ex-idk-1110wr]: Rename HiHope RZ/G2M boards

Pavel Machek
 

Hi!

Ok, so this is anti-social:

-dtb-$(CONFIG_ARCH_R8A774A1) += r8a774a1-hihope-rzg2m.dtb
+dtb-$(CONFIG_ARCH_R8A774A1) += r8a774a1-hihope-rzg2m-rev2.dtb
This renames dts away, but at the end of series, new dts is created
with the r8a774a1-hihope-rzg2m.dts name, but this time it is for rev4
(not rev2) board.

So... people with rev2 boards and existing build script will get rev4
dts.. without any error.

Would it be better to always require explicit revision in dts/dtb
name?

Tests are running at
https://gitlab.com/cip-project/cip-kernel/linux-cip/tree/ci/pavel/linux-test
.

Best regards,

Pavel
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany

1901 - 1920 of 7074