Merge tag '0.57' of ssh://git-amr-1.devtools.intel.com:29418/openbmc-openbmc into update

author: Jason M. Bills <jason.m.bills@linux.intel.com> 2021-06-24 01:22:00 +0300
committer: Jason M. Bills <jason.m.bills@linux.intel.com> 2021-06-24 01:22:00 +0300
commit: 5565c9abcc817b88098b849b2de5c017a8fb559f (patch)
tree: 2d2a10f694c3793a003a3cb1e2f9db52173cd3cb /meta-aspeed
parent: 2a64b8ae9b952b18b4aef38cb7c41ce6dba16c50 (diff)
parent: 000fd965915b31e7e613f7e9dfe7042f76dcc951 (diff)
download: openbmc-5565c9abcc817b88098b849b2de5c017a8fb559f.tar.xz
12 files changed, 257 insertions, 52 deletions
diff --git a/meta-aspeed/MAINTAINERS b/meta-aspeed/MAINTAINERS
index 453d5e497..f1f736f31 100644
--- a/meta-aspeed/MAINTAINERS
+++ b/meta-aspeed/MAINTAINERS
@@ -14,7 +14,7 @@ Description of section entries:
 
     Section entries are structured according to the following scheme:
 
-    X:  NAME <EMAIL_USERNAME@DOMAIN> <IRC_USERNAME!>
+    X:  NAME <EMAIL_USERNAME@DOMAIN> <DISCORD_USERNAME!>
     X:  ...
     .
     .
@@ -24,10 +24,10 @@ Description of section entries:
     organization; FILE_PATH is a file path within the repository, possibly with
     wildcards; X is a tag of one of the following types:
 
-    M:  Denotes maintainer; has fields NAME <EMAIL_USERNAME@DOMAIN> <IRC_USERNAME!>;
+    M:  Denotes maintainer; has fields NAME <EMAIL_USERNAME@DOMAIN> <DISCORD_USERNAME!>;
         if omitted from an entry, assume one of the maintainers from the
         MAINTAINERS entry.
-    R:  Denotes reviewer; has fields NAME <EMAIL_USERNAME@DOMAIN> <IRC_USERNAME!>;
+    R:  Denotes reviewer; has fields NAME <EMAIL_USERNAME@DOMAIN> <DISCORD_USERNAME!>;
         these people are to be added as reviewers for a change matching the repo
         path.
     F:  Denotes forked from an external repository; has fields URL.
@@ -46,4 +46,4 @@ START OF MAINTAINERS LIST
 # @openbmc and is synced by the maintainer using git-subtree. Please submit
 # changes against @openbmc.
 M:  Brad Bishop <bradleyb@fuzziesquirrel.com> <radsquirrel!>
-M:  Joel Stanley <joel@jms.id.au> <shenki!>
+M:  Joel Stanley <joel@jms.id.au>
diff --git a/meta-aspeed/README.md b/meta-aspeed/README.md
index b97bbc78d..c0fab4e9d 100644
--- a/meta-aspeed/README.md
+++ b/meta-aspeed/README.md
@@ -32,5 +32,5 @@ Patch checklist.  Please ensure patches adhere to the following guidelines:
    message](https://chris.beams.io/posts/git-commit/#seven-rules)
 
 For questions or help please come join us on the [mailing
-list](https://lists.ozlabs.org/listinfo/openbmc) or in
-[IRC](irc://freenode.net/openbmc).
+list](https://lists.ozlabs.org/listinfo/openbmc) or on
+[Discord](https://discord.gg/69Km47zH98).
diff --git a/meta-aspeed/classes/socsec-sign.bbclass b/meta-aspeed/classes/socsec-sign.bbclass
new file mode 100644
index 000000000..1b1576592
--- /dev/null
+++ b/meta-aspeed/classes/socsec-sign.bbclass
@@ -0,0 +1,66 @@
+# ASPEED AST2600 devices can use Aspeed's utility 'socsec'
+# to sign the SPL (pubkey written to OTP region)
+# The variables below carry default values to the spl_sign()
+# function below.
+SOCSEC_SIGN_ENABLE ?= "0"
+SOCSEC_SIGN_KEY ?= ""
+SOCSEC_SIGN_SOC ?= "2600"
+SOCSEC_SIGN_ALGO ?= "RSA4096_SHA512"
+SOCSEC_SIGN_HELPER ?= ""
+# u-boot-aspeed-sdk commit '2c3b53489c ast2600: Modify SPL SRAM layout'
+# changes the SDRAM layout so that the verification region does NOT
+# intersects the stack. The parameter below can be used to instruct
+# socsec to work in either mode (ommitting it throws a warning), but
+# newer (post v00.03.03) u-boot-aspeed-sdk need this set to false
+SOCSEC_SIGN_EXTRA_OPTS ?= "--stack_intersects_verification_region=false"
+DEPENDS += '${@oe.utils.conditional("SOCSEC_SIGN_ENABLE", "1", " socsec-native", "", d)}'
+
+
+# Signs the SPL binary with a pre-established key
+sign_spl_helper() {
+    signing_helper_args=""
+
+    if [ "${SOC_FAMILY}" != "aspeed-g6" ] ; then
+        echo "Warning: SPL signing is only supported on AST2600 boards"
+    elif [ ! -e "${SOCSEC_SIGN_KEY}" ] ; then
+        echo "Warning: Invalid socsec signing key - SPL verified boot won't be available"
+    else
+        rm -f ${SPL_BINARY}.staged
+
+        if [ -n "${SOCSEC_SIGN_HELPER}" ] ; then
+            signing_helper_args="--signing_helper ${SOCSEC_SIGN_HELPER}"
+        fi
+        socsec make_secure_bl1_image \
+            --soc ${SOCSEC_SIGN_SOC}  \
+            --algorithm ${SOCSEC_SIGN_ALGO} \
+            --rsa_sign_key ${SOCSEC_SIGN_KEY} \
+            --bl1_image ${DEPLOYDIR}/${SPL_IMAGE} \
+            ${signing_helper_args} \
+            ${SOCSEC_SIGN_EXTRA_OPTS} \
+            --output ${SPL_BINARY}.staged
+        cp -f ${SPL_BINARY}.staged ${B}/${CONFIG_B_PATH}/${SPL_BINARY}
+        mv -f ${SPL_BINARY}.staged ${DEPLOYDIR}/${SPL_IMAGE}
+    fi
+}
+
+sign_spl() {
+    mkdir -p ${DEPLOYDIR}
+    if [ -n "${UBOOT_CONFIG}" ]; then
+        for config in ${UBOOT_MACHINE}; do
+            CONFIG_B_PATH="${config}"
+            cd ${B}/${config}
+            sign_spl_helper
+        done
+    else
+        CONFIG_B_PATH=""
+        cd ${B}
+        sign_spl_helper
+    fi
+}
+
+
+do_deploy_append() {
+    if [ "${SOCSEC_SIGN_ENABLE}" = "1" -a -n "${SPL_BINARY}" ] ; then
+        sign_spl
+    fi
+}
diff --git a/meta-aspeed/recipes-bsp/u-boot/files/rsa_oem_dss_key.pem b/meta-aspeed/recipes-bsp/u-boot/files/rsa_oem_dss_key.pem
new file mode 100644
index 000000000..a3474c437
--- /dev/null
+++ b/meta-aspeed/recipes-bsp/u-boot/files/rsa_oem_dss_key.pem
@@ -0,0 +1,59 @@
+# U-Boot SPL 'Insecure' key (also known as 'development' or
+# 'imprint' key), used to sign development images of the ASPEED
+# AST2600 boards' U-boot SPL. This key SHOULD NOT be used to
+# sign production images.
+# This key is 4096 bits in size and any key overriding it must
+# also change the SOCSEC_SIGN_ALGO variable.
+# See meta-aspeed/classes/socsec-sign.bbclass for more info.
+
+-----BEGIN RSA PRIVATE KEY-----
+MIIJKQIBAAKCAgEA6hC1IHlB4SqRbesC8BtC00icAYUuYmAiO6CHCyph2Pv2CQT5
+Yct8WSKA/6kNAUpsJwlM18ZX0yMcGVZeS9058hgZdMgoDC57Jw5Tw5foN6CBBF72
+oJM5Z+wAjD41jiX1T2tsCvlWLeNOS1RcqViLDOdk++olpVgsSlAvW23DmblVxVhz
+67L55vK6lc4r/VcVtHJ2bdehjk6j/BcehdQchhz76fpL9EBZJ1tm9k+m7aRhhRqf
+BJUP5/Jl1+paRY1dBDVzjmE+DneVYvBuMfvh3gQlQVwomsdImH/VuWQc9xAozacB
+s6RtWHxIS+uf9qUDR622mKueKojH3PPMO+4su5EGRNKAAH9dS356pqhzpmZvgFvU
+J7zZFxQBfjpMrF+fGHUD0QkUofAxlpeyldv/+ubxzwUm0PrYGIhowuPItT7/ASqz
+xCKa/dfYVCTlPSJOP+Wi00pJBZOFuDk4HHao98BCUeGE4t065Di81GZ2F9amf5B/
+/jIjkM3o9vrThe3GWbWtP3kmw7OQyMeUzUKxIUTq3cvblNpo80gfYzYwWQakjhE6
+aV7xLQIxv28c8I2JrsvjXQIAg77W/XdT/+rS53k3DgrcjK7l7nWjmOxXr6p9f9fF
+HXF/fmEYeeuK6NaFH24LW97jk+IRjv8ig29ZyrzEctuzky80lHcVFYnE/3cCAwEA
+AQKCAgAqf0wTkFCIzEzJU0EeTSTN7cH9eKvaSrAMeXHrcg9/8QdTzeZlfieem2gm
+gxAMavHGCKc+ChIKELbaVtcaGRmbPgrpLCoxRAMyLSTCP4N3Dho+q+tFblWe67eR
+vv3ESFoIyG0+dNTT0hB2FuQYDy538k9gebvKEH9CItrmU8CO2ZqcERpC8iTzbKC5
+8EwGXFhhgeLEwMDhcJ/PdnchP0jKhNqsObiuqTxGrA6+q+mX/h+Cpjm3AEV6DIW3
+NSKcvDTmPbo0YK1+vPGPnC21v5Db2Y7WFiB9Ma+ZmKQ6W9Xyeame5TKm5jTAOxh5
+SFer1XwJ+J1NjONTv6/iCxXKz8ypDJ9wiFQ7Hb3u84+jQiTWhjpFbnvT3lkN+Z8i
+Q7z7QSYcIGHdH1q9x/LkuG5zzGB0yRMAnayzUiyTyQbNRZZHbB4mNB1zWFocUwv5
+bpnACt5NtsxwCJHVZRpffBcekM0AjKXWQ4oxJPcAmhqh2MIu4vmEG6cfMYGP+dpP
+R2unAbs3kSAEwvZaydPZmgi9TYLViYWrxXuloGBow1naisQCY3R9XVzLYmCVEvng
+20C7odj8or+Qrx6qa1m06RLUsHexKyniIYLbwfPcHIf9afdKv7N/ruGH4u+Nv/2B
+I62a9IfOUobBBnSbeA5nHk9bC2G2MBUCwW9jP1Vd4TcXwJwmsQKCAQEA98gY0ZGC
+rlj/SOxTYo/6GSfmjHeXJzxWXmH6UDFUMphkaO0RWa/cq2szShdaQa2JKrU4G5xR
+K+hYKSotlWb5EjQPQX5uaieI61UWsPbAqs6MSqZyYvgDKeBV40urXrR5ImivsUAO
+DKwoNMa4z8JIaKdHB0kT1vK9G/QiLPtJ6Wh8q0+hp+1T/IodXOR3zFHkURJVwVob
+Wbas0ZXXMhi1ywO7ZmZRXpnNOQv/m09hBUYGwITAp/KBxaeseGxhR3r6l9rmNtJI
+i40/90QHMCXtEwHRvUGTOP8he2n4AhhXQrlr3WOqFrku3y1e+BfLFEOo92j+WjA3
+skFsQsFy8motrwKCAQEA8dQlQMqeC69+ldd/64xaaqa5LuxLhPY5aYu5d3OCuoTF
+l6cviKut3h18QLyuy28ZFaI1b/pPS8lvZntw6ryXGNutH6sz0Wtf0Joe/2JT1ZLs
+Ra2Np0VZcJmlaFk0XC/CX344gGv5CqSwPqtNn2/Ej76ReRLh0q/hdJdTqKtTHYMe
+t3VDZIJwrd5iqFH8Yygd/FFqIfgPSRo1V7ylXj9UEke2zy82dki2kBeeMo+wDLGV
+rULejvN9h8IVBK0bBymBSjLXcSN5q4T092lGAV6aMBRcD5n2g6RMeFGE9oimfIWy
+WmThXgV6O1OQYA7t6SxCDAcfQZc41Zj2y3dOhPDEuQKCAQBN9MNyM9Ckn9V5kPjP
+GrM59ObBLOL+cipOOY8yacKuxGla5bM+v2iy+eBCIETCQyHTsP49GZokMU6DbQS4
+a5RTWNOv7GI6vcODHtsrxAZr9t4GooV8g8EjDLSY9XauLiOqYrtcDeYdsJBZwmfk
+3aBAZNig/ynhx68du1qBQnJHoBsRHtWiarWwz5dbYXoba2xk4VrfoUTXnfSTYAw7
+c7DGdZ8hIXHaTJNXrmG18Gx650Q6j8m5TT/s+sr1fEvC3Hs5CaLCfrhaR49ncRy9
+1kDXaQwe+iGingpftMBVkGjr0kCQf8nEqnCHwNOPRJUdBAiGBp93qpHrYE/6VLig
+ci17AoIBAQC3+F0y0jGz0Blr4tqFFmw+kIF2qfq1tx9sJQi+T9jXDmTHfz+RKJIH
+1MSO9zu+tdEOfS1L98/VZvPhsezwFvKXzZ8B5ZtxKM9mgaktPd9rLe+i/moyI3bs
+S2bjYGGN9CNZxEs1n26BY1JVCrrtnPibJi3DPtMfFgBdUzYordV4MSTwCjxvvS/9
+hZ3mUSDBSmataj5kgzMVuON10KS5c1IA6h+vtEopaB3CtsT50AftUDf+7E0l0STh
+X4vf19Uk+LVL/iuZ/ZP1IRu/EI5aQl7oTsTOdaFs+lPWgKW3a7PELW3GiNJOVbps
+YaEHArSJW8sPHWfw3Rs2m7y8gxHv3r65AoIBAQCmrMwqEnN3J4S0rx62/Kohkfqo
+QQNnG/r4d07z0UbBheO2PRWFqBbyv32j3stoQeNmbA1Fzn6Wsx434o5n/VyA+g9D
+dRc4X0l46UAPkuZrB20vxgso06QkPtSy7IFVGgqKYy+JG94me5nfIRUhqqF57N+x
+gR73fSnykARPFqvG8XG78Aki43U9gQUlq0094eenZu4ikZq1bHslR4/zPMGzwHzb
+6gMk5/nAdCrI9F1mKmSt3AnfpkWIYiGZUIoOnv12+dUZc7E5sT+cUI2JZr1CegJ1
+c4XKN2hkZb4MP95cE4rh7DGodZDW5KjiViXHVExUrdv3jBoZlX+Af6atm0K0
+-----END RSA PRIVATE KEY-----
diff --git a/meta-aspeed/recipes-bsp/u-boot/files/rsa_pub_oem_dss_key.pem b/meta-aspeed/recipes-bsp/u-boot/files/rsa_pub_oem_dss_key.pem
new file mode 100644
index 000000000..e3800179c
--- /dev/null
+++ b/meta-aspeed/recipes-bsp/u-boot/files/rsa_pub_oem_dss_key.pem
@@ -0,0 +1,18 @@
+# Public portion of the U-Boot SPL 'Insecure' key kept here
+# as a convenience.
+# Please refer to 'rsa_oem_dss_key.pem' for more info
+
+-----BEGIN PUBLIC KEY-----
+MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA6hC1IHlB4SqRbesC8BtC
+00icAYUuYmAiO6CHCyph2Pv2CQT5Yct8WSKA/6kNAUpsJwlM18ZX0yMcGVZeS905
+8hgZdMgoDC57Jw5Tw5foN6CBBF72oJM5Z+wAjD41jiX1T2tsCvlWLeNOS1RcqViL
+DOdk++olpVgsSlAvW23DmblVxVhz67L55vK6lc4r/VcVtHJ2bdehjk6j/BcehdQc
+hhz76fpL9EBZJ1tm9k+m7aRhhRqfBJUP5/Jl1+paRY1dBDVzjmE+DneVYvBuMfvh
+3gQlQVwomsdImH/VuWQc9xAozacBs6RtWHxIS+uf9qUDR622mKueKojH3PPMO+4s
+u5EGRNKAAH9dS356pqhzpmZvgFvUJ7zZFxQBfjpMrF+fGHUD0QkUofAxlpeyldv/
++ubxzwUm0PrYGIhowuPItT7/ASqzxCKa/dfYVCTlPSJOP+Wi00pJBZOFuDk4HHao
+98BCUeGE4t065Di81GZ2F9amf5B//jIjkM3o9vrThe3GWbWtP3kmw7OQyMeUzUKx
+IUTq3cvblNpo80gfYzYwWQakjhE6aV7xLQIxv28c8I2JrsvjXQIAg77W/XdT/+rS
+53k3DgrcjK7l7nWjmOxXr6p9f9fFHXF/fmEYeeuK6NaFH24LW97jk+IRjv8ig29Z
+yrzEctuzky80lHcVFYnE/3cCAwEAAQ==
+-----END PUBLIC KEY-----
diff --git a/meta-aspeed/recipes-bsp/u-boot/u-boot-aspeed-sdk_2019.04.bb b/meta-aspeed/recipes-bsp/u-boot/u-boot-aspeed-sdk_2019.04.bb
index 99bcafc09..727c62d27 100644
--- a/meta-aspeed/recipes-bsp/u-boot/u-boot-aspeed-sdk_2019.04.bb
+++ b/meta-aspeed/recipes-bsp/u-boot/u-boot-aspeed-sdk_2019.04.bb
@@ -3,11 +3,16 @@ require u-boot-common-aspeed-sdk_${PV}.inc
 UBOOT_MAKE_TARGET ?= "DEVICE_TREE=${UBOOT_DEVICETREE}"
 
 require u-boot-aspeed.inc
+inherit socsec-sign
 
 PROVIDES += "u-boot"
 DEPENDS += "bc-native dtc-native"
 
 SRC_URI_append_df-phosphor-mmc = " file://u-boot-env-ast2600.txt"
+SRC_URI += " \
+            file://rsa_oem_dss_key.pem;sha256sum=64a379979200d39949d3e5b0038e3fdd5548600b2f7077a17e35422336075ad4 \
+            file://rsa_pub_oem_dss_key.pem;sha256sum=40132a694a10af2d1b094b1cb5adab4d6b4db2a35e02d848b2b6a85e60738264 \
+           "
 
 UBOOT_ENV_SIZE_df-phosphor-mmc = "0x10000"
 UBOOT_ENV_df-phosphor-mmc = "u-boot-env"
diff --git a/meta-aspeed/recipes-bsp/u-boot/u-boot-aspeed.inc b/meta-aspeed/recipes-bsp/u-boot/u-boot-aspeed.inc
index 55d8b4787..0b9bc20d2 100644
--- a/meta-aspeed/recipes-bsp/u-boot/u-boot-aspeed.inc
+++ b/meta-aspeed/recipes-bsp/u-boot/u-boot-aspeed.inc
@@ -26,48 +26,6 @@ PACKAGECONFIG[openssl] = ",,openssl-native"
 # file already exists it will not be overwritten.
 UBOOT_LOCALVERSION ?= ""
 
-# Some versions of u-boot use .bin and others use .img.  By default use .bin
-# but enable individual recipes to change this value.
-UBOOT_SUFFIX ??= "bin"
-UBOOT_IMAGE ?= "u-boot-${MACHINE}-${PV}-${PR}.${UBOOT_SUFFIX}"
-UBOOT_SYMLINK ?= "u-boot-${MACHINE}.${UBOOT_SUFFIX}"
-UBOOT_MAKE_TARGET ?= "all"
-
-# Output the ELF generated. Some platforms can use the ELF file and directly
-# load it (JTAG booting, QEMU) additionally the ELF can be used for debugging
-# purposes.
-UBOOT_ELF ?= ""
-UBOOT_ELF_SUFFIX ?= "elf"
-UBOOT_ELF_IMAGE ?= "u-boot-${MACHINE}-${PV}-${PR}.${UBOOT_ELF_SUFFIX}"
-UBOOT_ELF_BINARY ?= "u-boot.${UBOOT_ELF_SUFFIX}"
-UBOOT_ELF_SYMLINK ?= "u-boot-${MACHINE}.${UBOOT_ELF_SUFFIX}"
-
-# Some versions of u-boot build an SPL (Second Program Loader) image that
-# should be packaged along with the u-boot binary as well as placed in the
-# deploy directory.  For those versions they can set the following variables
-# to allow packaging the SPL.
-SPL_BINARY ?= ""
-SPL_BINARYNAME ?= "${@os.path.basename(d.getVar("SPL_BINARY"))}"
-SPL_IMAGE ?= "${SPL_BINARYNAME}-${MACHINE}-${PV}-${PR}"
-SPL_SYMLINK ?= "${SPL_BINARYNAME}-${MACHINE}"
-
-# Additional environment variables or a script can be installed alongside
-# u-boot to be used automatically on boot.  This file, typically 'uEnv.txt'
-# or 'boot.scr', should be packaged along with u-boot as well as placed in the
-# deploy directory.  Machine configurations needing one of these files should
-# include it in the SRC_URI and set the UBOOT_ENV parameter.
-UBOOT_ENV_SUFFIX ?= "txt"
-UBOOT_ENV ?= ""
-UBOOT_ENV_BINARY ?= "${UBOOT_ENV}.${UBOOT_ENV_SUFFIX}"
-UBOOT_ENV_IMAGE ?= "${UBOOT_ENV}-${MACHINE}-${PV}-${PR}.${UBOOT_ENV_SUFFIX}"
-UBOOT_ENV_SYMLINK ?= "${UBOOT_ENV}-${MACHINE}.${UBOOT_ENV_SUFFIX}"
-
-# U-Boot EXTLINUX variables. U-Boot searches for /boot/extlinux/extlinux.conf
-# to find EXTLINUX conf file.
-UBOOT_EXTLINUX_INSTALL_DIR ?= "/boot/extlinux"
-UBOOT_EXTLINUX_CONF_NAME ?= "extlinux.conf"
-UBOOT_EXTLINUX_SYMLINK ?= "${UBOOT_EXTLINUX_CONF_NAME}-${MACHINE}-${PR}"
-
 # returns all the elements from the src uri that are .cfg files
 def find_cfgs(d):
     sources=src_patches(d, True)
diff --git a/meta-aspeed/recipes-bsp/u-boot/u-boot-common-aspeed-sdk_2019.04.inc b/meta-aspeed/recipes-bsp/u-boot/u-boot-common-aspeed-sdk_2019.04.inc
index 4e7a92c2e..b662bf442 100644
--- a/meta-aspeed/recipes-bsp/u-boot/u-boot-common-aspeed-sdk_2019.04.inc
+++ b/meta-aspeed/recipes-bsp/u-boot/u-boot-common-aspeed-sdk_2019.04.inc
@@ -8,7 +8,7 @@ PE = "1"
 
 # We use the revision in order to avoid having to fetch it from the
 # repo during parse
-SRCREV = "869b79f73711d5a7b6c0bfa3c8888dc2583d1526"
+SRCREV = "44a8c618c1215e0faac0f335f0afd56ed4240e76"
 
 SRC_URI = "git://git@github.com/openbmc/u-boot.git;nobranch=1;protocol=https"
 
diff --git a/meta-aspeed/recipes-kernel/linux/linux-aspeed.inc b/meta-aspeed/recipes-kernel/linux/linux-aspeed.inc
index 6a1471f26..aa060295f 100644
--- a/meta-aspeed/recipes-kernel/linux/linux-aspeed.inc
+++ b/meta-aspeed/recipes-kernel/linux/linux-aspeed.inc
@@ -8,7 +8,11 @@ KCONFIG_MODE="--alldefconfig"
 
 KSRC ?= "git://github.com/openbmc/linux;protocol=git;branch=${KBRANCH}"
 SRC_URI = "${KSRC}"
-SRC_URI += " file://defconfig"
+SRC_URI += " \
+             file://defconfig \
+             file://rsa_oem_fitimage_key.key;sha256sum=eeb4ff2ebbfbd97b6254fe6dbaeea41067e54c65176c233ec7b2ab2decf1ddcd \
+             file://rsa_oem_fitimage_key.crt;sha256sum=45f5a55497cce8040999bf9f3214d471ac7b83ab7acef41c4425a34662e8372e \
+           "
 
 LINUX_VERSION_EXTENSION ?= "-${SRCREV}"
 
diff --git a/meta-aspeed/recipes-kernel/linux/linux-aspeed/rsa_oem_fitimage_key.crt b/meta-aspeed/recipes-kernel/linux/linux-aspeed/rsa_oem_fitimage_key.crt
new file mode 100644
index 000000000..0e8f25704
--- /dev/null
+++ b/meta-aspeed/recipes-kernel/linux/linux-aspeed/rsa_oem_fitimage_key.crt
@@ -0,0 +1,35 @@
+# Certificate for the 'Insecure' Kernel fitimage key, required
+# by the signing process for U-Boot FIT Signature Validation.
+# Please refer to 'rsa_oem_fitimage_key.key' for more info
+
+-----BEGIN CERTIFICATE-----
+MIIFazCCA1OgAwIBAgIUMP4fGTalbDhpTcr7sr+VKnUunRUwDQYJKoZIhvcNAQEL
+BQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
+GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yMTA0MjgxMzAzMDhaFw0yMTA1
+MjgxMzAzMDhaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw
+HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggIiMA0GCSqGSIb3DQEB
+AQUAA4ICDwAwggIKAoICAQDMZ5gF78Jx+yzI4bh0imCi0kgRdljANokDu1DZpa2S
+tPybosJk1453fWy8ZEsJupS1l6IPhEvWkehxL4pviADKle1S4yx5vmKV7b+ppKqV
+LBXrVF4kphcbSTBqfOGa0mQeGBFUuhTKamjy9yyV6UhIBgutK5bJvQZThzU5ZBtG
+g4zWIHSSyVMc5ACWfZuLcfjAp1s3hqY1Fi2grcTHQquPvyuyT5Xr2utmT2tdNr6D
+9tdhdS3Xfb7HTjPRCcjRXhCPWxKqTneLrttRhK18vyg0LTPQ4vtVSHnCt2JpVCrV
+Vg5YqvyfEu+fSh8kL0aveLK0afEGorb9XY0e2JmIUtJoONRGUaZCHdJ6R7v8fpgu
+uEe0kBBOi1QLUUbFu7v/FQzgGbCaCA2E+aJRoBTooxM6RHsJp4s/LTsb+Pdl2sDM
+Hno8fJ2qDVPO3vserrHunwTXUWcwyWhpWaYx+P7tDilH5K6cNTgivbvepfcbNDNl
+8ZeZCK3EH6fdMkxTb0giqGpVjMlBgwf/RH2cYMzF83BchXoljpoyQmXhoi14uDS7
+LjgA5JUBeeqq1xEyFn+iYPrcnBFubetIg5zBiTjMZmz4aANQxlUGZ9sKAlHzQwPv
+J+rkpR3dHzi9PHpzY3+5ptwGfLYP1sLbozNY3qE3wAIerkGgCgMuVp5XDJAlkO4M
+HQIDAQABo1MwUTAdBgNVHQ4EFgQU5Du6F0E1sZpyDCGQswhvPuFlKUQwHwYDVR0j
+BBgwFoAU5Du6F0E1sZpyDCGQswhvPuFlKUQwDwYDVR0TAQH/BAUwAwEB/zANBgkq
+hkiG9w0BAQsFAAOCAgEAYnBJi9l9zvJldrVuVIa7IZQhKlLXuVU2yL3Az3Hr8ejg
+FNwF9XdxXDxvBiQatIdZ/fv8ukqo+OBCyw1sE8u668S9ca1rr5+vq2PaxNn//ZLV
+zmJ12yZa7SOkJgsWsjNlSwM+VWIbLKC+25nRYuA3S03XcLLmXzxEbxIYFuynds8W
+pQqYMn1CZ9y6Yz7MtDo9p+JU1kFqgxocBLKpgcRgqbQ1vWHjE91r10iS6E1N8YAi
+EPsO7Nh6DzfhFY4Wo+S9tTZwBL/dKqO4Ft4XPFKA1nEH8ZyGTI3jfRUYn5IaRc7g
+5Hy8Mla/n7UvKrZIEitD5fqOvxm2g7Bck28cpr2gH+Cy5q6ivfJkycGRfy6BDfDl
+fv41PJSnrrvxNuXB9ylBXat8K0nBPjY8vOr0uFXPzVHC3Rj2e8zD6GsOzFvkyvfQ
+qYrUYKVs1U74PMTdu9wc9z+sS1CBvdq2KZPaZImqvctS3VP3mfmqxCHQLYx3WX23
+J0KGpbfmBOtHwcgBHna0ZAY7ImbF47+FL1eHzITVoMagFteEYC4LI4uqsznI2dNi
+gjrTmQLnm8DkwvBFwXOa2QyaM2I4Dk+q7+FHwCxiTJdmTnd6LFH5nufmq5oIAy2d
+/G0EqPom0AZz1i+Ee90xCjiFLd2vzdv5U+EWKkOjUiM/XdvglrsVCUdQ41gorRo=
+-----END CERTIFICATE-----
diff --git a/meta-aspeed/recipes-kernel/linux/linux-aspeed/rsa_oem_fitimage_key.key b/meta-aspeed/recipes-kernel/linux/linux-aspeed/rsa_oem_fitimage_key.key
new file mode 100644
index 000000000..d9bc4a748
--- /dev/null
+++ b/meta-aspeed/recipes-kernel/linux/linux-aspeed/rsa_oem_fitimage_key.key
@@ -0,0 +1,60 @@
+# Kernel fitImage 'Insecure' key (also known as 'development' or
+# 'imprint' key), used to sign development images of the OpenBMC
+# Kernel fitImage. This key SHOULD NOT be used to sign
+# production images.
+# This key is 4096 bits in size and can be used by adjusting
+# the UBOOT_SIGN_KEYNAME, UBOOT_SIGN_KEYDIR and FIT_SIGN_ALG
+# variables (see uboot-sign.bbclass for more info)
+
+-----BEGIN PRIVATE KEY-----
+MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDMZ5gF78Jx+yzI
+4bh0imCi0kgRdljANokDu1DZpa2StPybosJk1453fWy8ZEsJupS1l6IPhEvWkehx
+L4pviADKle1S4yx5vmKV7b+ppKqVLBXrVF4kphcbSTBqfOGa0mQeGBFUuhTKamjy
+9yyV6UhIBgutK5bJvQZThzU5ZBtGg4zWIHSSyVMc5ACWfZuLcfjAp1s3hqY1Fi2g
+rcTHQquPvyuyT5Xr2utmT2tdNr6D9tdhdS3Xfb7HTjPRCcjRXhCPWxKqTneLrttR
+hK18vyg0LTPQ4vtVSHnCt2JpVCrVVg5YqvyfEu+fSh8kL0aveLK0afEGorb9XY0e
+2JmIUtJoONRGUaZCHdJ6R7v8fpguuEe0kBBOi1QLUUbFu7v/FQzgGbCaCA2E+aJR
+oBTooxM6RHsJp4s/LTsb+Pdl2sDMHno8fJ2qDVPO3vserrHunwTXUWcwyWhpWaYx
++P7tDilH5K6cNTgivbvepfcbNDNl8ZeZCK3EH6fdMkxTb0giqGpVjMlBgwf/RH2c
+YMzF83BchXoljpoyQmXhoi14uDS7LjgA5JUBeeqq1xEyFn+iYPrcnBFubetIg5zB
+iTjMZmz4aANQxlUGZ9sKAlHzQwPvJ+rkpR3dHzi9PHpzY3+5ptwGfLYP1sLbozNY
+3qE3wAIerkGgCgMuVp5XDJAlkO4MHQIDAQABAoICAQCQ0IgdFJtfI4O8ImcLcgo6
+8N4MORtxunFiCnCickXB3aXmIe61gR43O84wvqGHGABJk09GzQTp1N+oaPUcRW/C
+F2xXQAl/i0nPTOxwJPCR1PUGj/RO5LkUJMs/dpBjntE9nPGSZG9cZP1LvaCB6Q/D
+rzzQiERBU0FLJkyoB2tnjsXV4pKUeDwBCOv9sqnjpnCFFUyDz0qr67WR0+rI/UwN
+AHTV1JqzyZrjFjtLhAB///7h1iIPPNBP5fDCFbuH0avL1Mspi4QYm15Yp7Y93jR+
+mtPOFzHXXwyczk3Tr8TU9i4d1a46iTDpWpsriK78nHeHaFNRzy/z2zai9vP3aC4W
+UV0F/57y7KS++lQKG+fZZVz7DcV1CysehL/xxZo+B1RmBXfmWD0hGhnKeIL6jShh
+FfILWQ63EgTAMRzvEmOpnW6VemF5IHAA0yYHbfs8uebZrXRf7v3WdyWwK57/d9Gy
+YHCNMH3cP1J+/1BCzvNhXBRu/YDLgcPMJFklMm6gOdcsy3lA5GpNIRmOiiGaoYQs
+KozLyPlmt7s6dP3VrAnnRXCzm140wMzKAq8L1o1gNOsXV06ig609DUMHUbfxT04W
+4anjyiJTvBWrNr2FxOjuZPqleIApZR+GPFm17IFapmlPN7cOrYlXs786a5qyYoED
+jdjNh6RWNdDM0iiPVt9VBQKCAQEA+fBvRiphuSnqiSVvosb3gB1bY2phHzLJjTPB
+2sx2L9TdBQdv5JMh9ugbJO06CQgT1JLghtB4/CKDAjgAvSayXeNws1KVgpIUQdq4
+Nat6G+UNRtRuCQwrEkiKEmHbMQHdkzirzDPdzgp/tnl/HXDgji9UZEItnSi8OCdM
+Ofocp1SHBpdbxDm3OEGH/v46MhT0S+nfL6Y1V8pYBd52tTv+CWh5yDDHtrsDmJfq
+tVv6Gs1EOq4L8DcdDQltqf31KXC2YR6ANA4/XvuK+nsObjkj2jHIFrUMzaOWwxxd
+mLlLdqy98M3+kiLTzCyhxLY5/WPB1+stgDi9QSYm7cxfnNK3MwKCAQEA0Vx9v84a
+TH/2NUGciLTDmrwXZ5Au18JZJk6JYYRsxekT+C8HgGxKz3UY411Bxj2ZDRprrnMh
+XCQz0BjOrSpaDnB7mlLUWoo7ykLoDWWarSD4sJjlK6fJm0D3ke4Na8RJNWLUxqoH
+wyqx5ikJXc/g8aRFlHWu5g2gkjIp+Tl572xMx/XaT+IJ/ZCZU6Fzq+IBf258Z7Dn
+/HowxPgxd63wsZPTo4H+H0xUkjad9ggfurBgGfGUkxCOc2pw/vm4URuQGEHb6aNe
+DHoHT/8vI/wsAaLB0aCSq4aWRe/2GVYV1xueWpd8EWM0KE1N7PAMGCjE6AuWd7fU
+Ksu+D7onpVjvbwKCAQEAyBE6QUQzrXBsGRQqZHY4MAlP2iiRTdPtmmXPy0DXajpO
+IXRukN1l1qq877YlOo2IsiRQLho6fjlx/RivHroXFSi2UhTNMROVu5FE21FEEYgs
+NIJfAkcHQz9lpolGV9hScUJv4qmx5vhoeryOkBaG6cnhF9ARizfMUnbCgbY/sYHs
+A86s2koI67MpFWiTVPuJAitXSGEXWgrSowAMrc4z73v9382MUC0rF76jVkEl1sZw
+0zf2vnaffowJiIWM9XsPwnYT0ZeGCpX4DcDrMDf1BvfKXsLWWNWWHOBb26CXU4u7
+D0MVgAz41Pr1Eu17ReXQiPHsHjNM6xWLG9b4wiO6GQKCAQBibJMJiwE+GaJL4y6N
+7j1PD0IJg/UhpdJ3edCIMdNZL3wd3y4tp7t70FcE/KCha+/6AwPAnYt/X92j5SW0
+rwZrZ2IUaQBAGGCHc/DX635OCgQgMaD7ZwQWovJAfqN8mGi6Wl4hj2nazMWZqI0o
+t0PPFiVH6BNzP9DPKholemnirw1hrCkYCPIdbM9IS8yvb664k96UeMx3G5K15uCK
+nRFcylxisAgh+qZ/noGgWq1f/O8RA0uP3+a4R8AbfpayOr0BSmTyb8UVJIEvkI4+
+4pxloHhx7oVFch5PfsI5owjdebR2bmT7X6HzmHQcAbYN3YzEcj4oxhlOjT4q8p8U
+0rytAoIBAC0+u5KwNUYHzgi7nnQeCNwoYnJpo3+8Sm2GKxzntj7omyMJQd9MsvjI
+tWdvuwGv04B9WxEz+oY1RDP+5GETd0PrYaDJwIuqbsCHU4g0R5gy0gF5msb07NIw
+/+wTTTcYpgUc166KBCTXZk68W86KL2F2i3q4pHx4HB2xYdNnqFjn3Ih7c4sYTuX1
++iWxOQtgZVwAC6kc/FW1kV0Jhmq5FCsiIExfTRmObmjO/R1lZS5PuzYPmwpbJ/9m
+4dlne1W/MIiVLcQgXHnNzFLcOHrLCTR/TLV6l4vVe9BHFnc6OX4Vf/hAwA93sEm0
+xaPMnGMcWU4pg8ytNSMuYDfobC5hPxo=
+-----END PRIVATE KEY-----
diff --git a/meta-aspeed/recipes-kernel/linux/linux-aspeed_git.bb b/meta-aspeed/recipes-kernel/linux/linux-aspeed_git.bb
index 9df959114..084606b61 100644
--- a/meta-aspeed/recipes-kernel/linux/linux-aspeed_git.bb
+++ b/meta-aspeed/recipes-kernel/linux/linux-aspeed_git.bb
@@ -1,6 +1,6 @@
 KBRANCH ?= "dev-5.10"
-LINUX_VERSION ?= "5.10.30"
+LINUX_VERSION ?= "5.10.39"
 
-SRCREV="d538d632fb2046278ff3457994d64d43ee2901c7"
+SRCREV="45c6dc0de963bfdd8b468dceeea24f56a8e51424"
 
 require linux-aspeed.inc
author	Jason M. Bills <jason.m.bills@linux.intel.com>	2021-06-24 01:22:00 +0300
committer	Jason M. Bills <jason.m.bills@linux.intel.com>	2021-06-24 01:22:00 +0300
commit	5565c9abcc817b88098b849b2de5c017a8fb559f (patch)
tree	2d2a10f694c3793a003a3cb1e2f9db52173cd3cb /meta-aspeed
parent	2a64b8ae9b952b18b4aef38cb7c41ce6dba16c50 (diff)
parent	000fd965915b31e7e613f7e9dfe7042f76dcc951 (diff)
download	openbmc-5565c9abcc817b88098b849b2de5c017a8fb559f.tar.xz