33 files changed, 537 insertions, 0 deletions

diff --git a/meta-google/MAINTAINERS b/meta-google/MAINTAINERS
index b58705432..7b9b8f033 100644
--- a/meta-google/MAINTAINERS
+++ b/meta-google/MAINTAINERS
@@ -46,3 +46,4 @@ M:  Nancy Yuen <yuenn@google.com> <yuennancy!>
 M:  William Kennington <wak@google.com> <wak-work!>
 M:  Benjamin Fair <benjaminfair@google.com> <benjaminfair!>
 M:  Ed Tanous <edtanous@google.com> <edtanous!>
+M:  Brandon Kim <brandonkim@google.com> <brandonk!>
diff --git a/meta-google/OWNERS b/meta-google/OWNERS
index 1e2108aee..6608f2e5b 100644
--- a/meta-google/OWNERS
+++ b/meta-google/OWNERS
@@ -3,3 +3,4 @@ owners:
 - wak@google.com
 - benjaminfair@google.com
 - edtanous@google.com
+- brandonkim@google.com
diff --git a/meta-google/conf/distro/gbmc.conf b/meta-google/conf/distro/gbmc.conf
new file mode 100644
index 000000000..354c93991
--- /dev/null
+++ b/meta-google/conf/distro/gbmc.conf
@@ -0,0 +1,18 @@
+require conf/distro/openbmc-phosphor.conf
+require conf/distro/include/phosphor-isolation.inc
+
+GBMC_VERSION ?= "0.5.0.0"
+DISTRO = "gbmc"
+DISTRO_NAME = "gBMC (OpenBMC + Google customizations)"
+DISTRO_VERSION = "gbmc-release-${GBMC_VERSION}"
+DISTROOVERRIDES .= ":gbmc"
+
+DISTRO_FEATURES_remove = "ldap"
+DISTRO_FEATURES_remove = "slp"
+
+# Required to get entity-manager to build with FruDevice service
+DISTRO_FEATURES_append = " ipmi-fru"
+
+WATCHDOG_PKG ?= "watchdog"
+
+SANITY_TESTED_DISTROS_append = " Debian-rodete \n debian-rodete \n "
diff --git a/meta-google/recipes-connectivity/avahi/avahi_%.bbappend b/meta-google/recipes-connectivity/avahi/avahi_%.bbappend
new file mode 100644
index 000000000..8fb53d3f5
--- /dev/null
+++ b/meta-google/recipes-connectivity/avahi/avahi_%.bbappend
@@ -0,0 +1,5 @@
+FILESEXTRAPATHS_prepend_gbmc := "${THISDIR}/files:"
+SRC_URI_append_gbmc = " file://avahi-daemon.conf"
+do_install_append_gbmc() {
+  install -m0644 ${WORKDIR}/avahi-daemon.conf ${D}${sysconfdir}/avahi/
+}
diff --git a/meta-google/recipes-connectivity/avahi/files/avahi-daemon.conf b/meta-google/recipes-connectivity/avahi/files/avahi-daemon.conf
new file mode 100644
index 000000000..9688ffb39
--- /dev/null
+++ b/meta-google/recipes-connectivity/avahi/files/avahi-daemon.conf
@@ -0,0 +1,8 @@
+[server]
+allow-interfaces=mgmt
+
+[publish]
+disable-user-service-publishing=yes
+add-service-cookie=yes
+publish-hinfo=no
+publish-workstation=no
diff --git a/meta-google/recipes-core/busybox/busybox_%.bbappend b/meta-google/recipes-core/busybox/busybox_%.bbappend
new file mode 100644
index 000000000..38863ec45
--- /dev/null
+++ b/meta-google/recipes-core/busybox/busybox_%.bbappend
@@ -0,0 +1,6 @@
+FILESEXTRAPATHS_prepend_gbmc := "${THISDIR}/files:"
+SRC_URI_append_gbmc = " \
+    file://udhcpc6.cfg \
+    file://ip.cfg \
+    file://ls.cfg \
+"
diff --git a/meta-google/recipes-core/busybox/files/ip.cfg b/meta-google/recipes-core/busybox/files/ip.cfg
new file mode 100644
index 000000000..f9357715e
--- /dev/null
+++ b/meta-google/recipes-core/busybox/files/ip.cfg
@@ -0,0 +1 @@
+CONFIG_IPNEIGH=y
diff --git a/meta-google/recipes-core/busybox/files/ls.cfg b/meta-google/recipes-core/busybox/files/ls.cfg
new file mode 100644
index 000000000..a302cb8b1
--- /dev/null
+++ b/meta-google/recipes-core/busybox/files/ls.cfg
@@ -0,0 +1 @@
+CONFIG_LSOF=y
diff --git a/meta-google/recipes-core/busybox/files/udhcpc6.cfg b/meta-google/recipes-core/busybox/files/udhcpc6.cfg
new file mode 100644
index 000000000..1c2766fda
--- /dev/null
+++ b/meta-google/recipes-core/busybox/files/udhcpc6.cfg
@@ -0,0 +1,6 @@
+CONFIG_FEATURE_IPV6=y
+CONFIG_UDHCPC6=y
+CONFIG_FEATURE_UDHCPC6_RFC3646=y
+CONFIG_FEATURE_UDHCPC6_RFC4704=y
+CONFIG_FEATURE_UDHCPC6_RFC4833=y
+CONFIG_FEATURE_UDHCPC6_RFC5970=y
diff --git a/meta-google/recipes-core/systemd/systemd_%.bbappend b/meta-google/recipes-core/systemd/systemd_%.bbappend
new file mode 100644
index 000000000..88065e2e0
--- /dev/null
+++ b/meta-google/recipes-core/systemd/systemd_%.bbappend
@@ -0,0 +1,5 @@
+# We want to be able to manage our coredumps
+PACKAGECONFIG_append_gbmc = " coredump"
+
+# Disable timesync as we don't use it and it makes rebooting much slower
+PACKAGECONFIG_remove_gbmc = "timesyncd"
diff --git a/meta-google/recipes-extended/libconfig/conf2struct-native_git.bb b/meta-google/recipes-extended/libconfig/conf2struct-native_git.bb
new file mode 100644
index 000000000..1a77f4de1
--- /dev/null
+++ b/meta-google/recipes-extended/libconfig/conf2struct-native_git.bb
@@ -0,0 +1,32 @@
+LICENSE = "BSD"
+LIC_FILES_CHKSUM = "file://COPYING;md5=1b886630cdc9a17c26250934beda407d"
+
+PV = "0.1+git${SRCPV}"
+SRC_URI = "git://github.com/yrutschle/conf2struct"
+SRCREV = "e8468017b27211b1c452f8df0afe6f19e97035a4"
+S = "${WORKDIR}/git"
+
+SRC_URI += " \
+  file://0001-makefile-Add-missing-LDFLAGS.patch \
+  file://0001-conf2struct-Use-the-right-perl.patch \
+  "
+
+inherit native
+
+DEPENDS += " \
+  libconfig-native \
+  libconfig-perl-native \
+  "
+
+EXTRA_OEMAKE += " \
+  DESTDIR=${D} \
+  prefix=${prefix} \
+  "
+
+do_compile() {
+    oe_runmake checker
+}
+
+do_install() {
+    oe_runmake install
+}
diff --git a/meta-google/recipes-extended/libconfig/files/0001-conf2struct-Use-the-right-perl.patch b/meta-google/recipes-extended/libconfig/files/0001-conf2struct-Use-the-right-perl.patch
new file mode 100644
index 000000000..83402698e
--- /dev/null
+++ b/meta-google/recipes-extended/libconfig/files/0001-conf2struct-Use-the-right-perl.patch
@@ -0,0 +1,23 @@
+From b44f0d3dbcadb20396dc83a2aa307d54490388ea Mon Sep 17 00:00:00 2001
+From: "William A. Kennington III" <wak@google.com>
+Date: Thu, 28 May 2020 23:07:58 -0700
+Subject: [PATCH] conf2struct: Use the right perl
+
+---
+ conf2struct | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/conf2struct b/conf2struct
+index 8d68741..b88a9b7 100755
+--- a/conf2struct
++++ b/conf2struct
+@@ -1,4 +1,5 @@
+-#! /usr/bin/perl -w
++#!/usr/bin/env perl
++use warnings;
+ 
+ my $license = <<EOF;
+ # conf2struct: generate libconf parsers that read to structs
+-- 
+2.27.0.rc0.183.gde8f92d652-goog
+
diff --git a/meta-google/recipes-extended/libconfig/files/0001-makefile-Add-missing-LDFLAGS.patch b/meta-google/recipes-extended/libconfig/files/0001-makefile-Add-missing-LDFLAGS.patch
new file mode 100644
index 000000000..0dc88451c
--- /dev/null
+++ b/meta-google/recipes-extended/libconfig/files/0001-makefile-Add-missing-LDFLAGS.patch
@@ -0,0 +1,34 @@
+From 8fc429f59df50e1f468c8e9616a6e7ef42cc6ebf Mon Sep 17 00:00:00 2001
+From: "William A. Kennington III" <wak@google.com>
+Date: Thu, 28 May 2020 22:51:47 -0700
+Subject: [PATCH] makefile: Add missing LDFLAGS
+
+---
+ Makefile | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/Makefile b/Makefile
+index a4d5f10..4976726 100644
+--- a/Makefile
++++ b/Makefile
+@@ -6,7 +6,7 @@ all: example checker
+ CFLAGS=-g
+ 
+ checker: confcheck.o
+-	$(CC) $(CFLAGS) -o confcheck confcheck.o -lconfig
++	$(CC) $(CFLAGS) -o confcheck confcheck.o $(LDFLAGS) -lconfig
+ 
+ 
+ install:
+@@ -19,7 +19,7 @@ uninstall:
+ 	
+ EG_OBJ=example.o parser.o argtable3.o
+ example: $(EG_OBJ)
+-	$(CC) $(CFLAGS) -o example $(EG_OBJ) -lconfig
++	$(CC) $(CFLAGS) -o example $(EG_OBJ) $(LDFLAGS) -lconfig
+ 
+ example.c: eg_conf.cfg
+ 	./conf2struct eg_conf.cfg
+-- 
+2.27.0.rc0.183.gde8f92d652-goog
+
diff --git a/meta-google/recipes-extended/libconfig/libconfig-perl_0.100.bb b/meta-google/recipes-extended/libconfig/libconfig-perl_0.100.bb
new file mode 100644
index 000000000..2f4656d4e
--- /dev/null
+++ b/meta-google/recipes-extended/libconfig/libconfig-perl_0.100.bb
@@ -0,0 +1,16 @@
+HOMEPAGE = "https://metacpan.org/pod/Conf::Libconfig"
+LICENSE = "BSD"
+LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/BSD;md5=3775480a712fc46a69647678acb234cb"
+
+SRC_URI = "https://cpan.metacpan.org/authors/id/C/CN/CNANGEL/Conf-Libconfig-${PV}.tar.gz"
+SRC_URI[sha256sum] = "2f13d926a6e51fd549da9ea4ed01277a99748d75236c2a1b5f26f57a1abebe61"
+
+S = "${WORKDIR}/Conf-Libconfig-${PV}"
+
+DEPENDS += "libconfig"
+
+EXTRA_PERLFLAGS = "-I ${PERLHOSTLIB}"
+
+inherit cpan
+
+BBCLASSEXTEND += "native"
diff --git a/meta-google/recipes-extended/libconfig/libconfig_%.bbappend b/meta-google/recipes-extended/libconfig/libconfig_%.bbappend
new file mode 100644
index 000000000..d6f586995
--- /dev/null
+++ b/meta-google/recipes-extended/libconfig/libconfig_%.bbappend
@@ -0,0 +1 @@
+BBCLASSEXTEND += "native"
diff --git a/meta-google/recipes-extended/networking/files/bridge-stp b/meta-google/recipes-extended/networking/files/bridge-stp
new file mode 100644
index 000000000..c874f4420
--- /dev/null
+++ b/meta-google/recipes-extended/networking/files/bridge-stp
@@ -0,0 +1,31 @@
+PR = "r1"
+PV = "0.1+git${SRCPV}"
+LICENSE = "GPLv2"
+LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
+
+SRC_URI = "git://github.com/yrutschle/sslh"
+SRCREV = "de8e5725c27ba6941f47254e6fcb485e94f2de35"
+S = "${WORKDIR}/git"
+
+inherit perlnative
+
+DEPENDS += "conf2struct-native"
+DEPENDS += "libbsd"
+DEPENDS += "libcap"
+DEPENDS += "libconfig"
+DEPENDS += "systemd"
+DEPENDS += "pcre"
+
+EXTRA_OEMAKE += "DESTDIR=${D}"
+EXTRA_OEMAKE += "PREFIX=${prefix}"
+EXTRA_OEMAKE += "USELIBCAP=1"
+EXTRA_OEMAKE += "USELIBBSD=1"
+EXTRA_OEMAKE += "USESYSTEMD=1"
+
+do_compile() {
+    oe_runmake
+}
+
+do_install() {
+    oe_runmake install
+}
diff --git a/meta-google/recipes-extended/networking/files/mstpd.service b/meta-google/recipes-extended/networking/files/mstpd.service
new file mode 100644
index 000000000..ef8303416
--- /dev/null
+++ b/meta-google/recipes-extended/networking/files/mstpd.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=Multiple Spanning Tree Protocol Daemon
+Before=network-pre.target
+Wants=network-pre.target
+
+[Service]
+Restart=always
+Type=simple
+ExecStart=/usr/sbin/mstpd -d -v 3
+
+[Install]
+WantedBy=multi-user.target
diff --git a/meta-google/recipes-extended/networking/mstpd_git.bb b/meta-google/recipes-extended/networking/mstpd_git.bb
new file mode 100644
index 000000000..4c3f4abc2
--- /dev/null
+++ b/meta-google/recipes-extended/networking/mstpd_git.bb
@@ -0,0 +1,29 @@
+PR = "r1"
+PV = "0.1+git${SRCPV}"
+LICENSE = "GPLv2"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=4325afd396febcb659c36b49533135d4"
+
+SRC_URI = "git://github.com/mstpd/mstpd"
+SRCREV = "973c403c79f3d419d9e93a242766ddf0099d1299"
+S = "${WORKDIR}/git"
+
+SRC_URI += "file://bridge-stp"
+SRC_URI += "file://mstpd.service"
+
+inherit autotools pkgconfig systemd
+
+PACKAGES =+ "${PN}-mstpd"
+FILES_${PN}-mstpd = "${sbindir}/mstpd ${sbindir}/mstpctl /sbin/bridge-stp"
+
+SYSTEMD_PACKAGES = "${PN}-mstpd"
+SYSTEMD_SERVICE_${PN}-mstpd = "mstpd.service"
+
+do_install_append() {
+  rm -r ${D}${libexecdir}
+
+  install -d -m 0755 ${D}/sbin
+  install -m 0755 ${WORKDIR}/bridge-stp ${D}/sbin
+
+  install -d -m 0755 ${D}${systemd_system_unitdir}
+  install -m 0644 ${WORKDIR}/mstpd.service ${D}${systemd_system_unitdir}/
+}
diff --git a/meta-google/recipes-extended/networking/sslh_git.bb b/meta-google/recipes-extended/networking/sslh_git.bb
new file mode 100644
index 000000000..c874f4420
--- /dev/null
+++ b/meta-google/recipes-extended/networking/sslh_git.bb
@@ -0,0 +1,31 @@
+PR = "r1"
+PV = "0.1+git${SRCPV}"
+LICENSE = "GPLv2"
+LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
+
+SRC_URI = "git://github.com/yrutschle/sslh"
+SRCREV = "de8e5725c27ba6941f47254e6fcb485e94f2de35"
+S = "${WORKDIR}/git"
+
+inherit perlnative
+
+DEPENDS += "conf2struct-native"
+DEPENDS += "libbsd"
+DEPENDS += "libcap"
+DEPENDS += "libconfig"
+DEPENDS += "systemd"
+DEPENDS += "pcre"
+
+EXTRA_OEMAKE += "DESTDIR=${D}"
+EXTRA_OEMAKE += "PREFIX=${prefix}"
+EXTRA_OEMAKE += "USELIBCAP=1"
+EXTRA_OEMAKE += "USELIBBSD=1"
+EXTRA_OEMAKE += "USESYSTEMD=1"
+
+do_compile() {
+    oe_runmake
+}
+
+do_install() {
+    oe_runmake install
+}
diff --git a/meta-google/recipes-google/ipmi/google-ipmi-sys_git.bb b/meta-google/recipes-google/ipmi/google-ipmi-sys_git.bb
index f8af0a04c..c27248700 100644
--- a/meta-google/recipes-google/ipmi/google-ipmi-sys_git.bb
+++ b/meta-google/recipes-google/ipmi/google-ipmi-sys_git.bb
@@ -30,6 +30,9 @@ HOSTIPMI_PROVIDER_LIBRARY += "libsyscmds.so"
 SYSTEMD_PACKAGES = "${PN}"
 SYSTEMD_SERVICE_${PN} = "gbmc-psu-hardreset.target"
 
+CXXFLAGS_append_gbmc = '${@"" if not d.getVar("GBMC_NCSI_IF_NAME") else \
+  " -DNCSI_IPMI_CHANNEL=1 -DNCSI_IF_NAME=" + d.getVar("GBMC_NCSI_IF_NAME")}'
+
 do_install_append() {
 	install -d ${D}${systemd_system_unitdir}
 	install -m 0644 ${S}/gbmc-psu-hardreset.target ${D}${systemd_system_unitdir}
diff --git a/meta-google/recipes-google/ncsi/files/50-gbmc-ncsi.rules.in b/meta-google/recipes-google/ncsi/files/50-gbmc-ncsi.rules.in
new file mode 100644
index 000000000..33031f0db
--- /dev/null
+++ b/meta-google/recipes-google/ncsi/files/50-gbmc-ncsi.rules.in
@@ -0,0 +1,14 @@
+table inet filter {
+    chain ncsi_input {
+        type filter hook input priority 0; policy drop;
+        iifname != @NCSI_IF@ accept
+        ct state established accept
+        tcp dport 3959 accept
+        udp dport 3959 accept
+        tcp dport 3967 accept
+        udp dport 3967 accept
+        icmpv6 type nd-neighbor-advert accept
+        icmpv6 type nd-neighbor-solicit accept
+        icmpv6 type nd-router-advert accept
+    }
+}
diff --git a/meta-google/recipes-google/ncsi/files/gbmc-ncsi-sslh.service b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-sslh.service
new file mode 100644
index 000000000..e9bbd1d9b
--- /dev/null
+++ b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-sslh.service
@@ -0,0 +1,21 @@
+[Unit]
+Description=SSL/SSH multiplexer
+Requires=gbmc-ncsi-sslh.socket
+After=gbmc-ncsi-sslh.socket
+
+[Service]
+ExecStart=/usr/sbin/sslh -n -f --ssh [::1]:22 --http [::1]:80 --tls [::1]:443
+KillMode=process
+#Hardening
+PrivateTmp=true
+ProtectSystem=strict
+ProtectHome=true
+ProtectKernelModules=true
+ProtectKernelTunables=true
+ProtectControlGroups=true
+MountFlags=private
+NoNewPrivileges=true
+PrivateDevices=true
+RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
+MemoryDenyWriteExecute=true
+DynamicUser=true
diff --git a/meta-google/recipes-google/ncsi/files/gbmc-ncsi-sslh.socket.in b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-sslh.socket.in
new file mode 100644
index 000000000..c0abbc2fd
--- /dev/null
+++ b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-sslh.socket.in
@@ -0,0 +1,6 @@
+[Socket]
+BindToDevice=@NCSI_IF@
+ListenStream=3967
+
+[Install]
+WantedBy=sockets.target
diff --git a/meta-google/recipes-google/ncsi/gbmc-ncsi-config.bb b/meta-google/recipes-google/ncsi/gbmc-ncsi-config.bb
new file mode 100644
index 000000000..ecdda2cb6
--- /dev/null
+++ b/meta-google/recipes-google/ncsi/gbmc-ncsi-config.bb
@@ -0,0 +1,63 @@
+SUMMARY = "Configures ncsi for a gBMC system"
+PR = "r1"
+LICENSE = "Apache-2.0"
+LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/Apache-2.0;md5=89aea4e17d99a7cacdbeed46a0096b10"
+
+inherit systemd
+
+SRC_URI += " \
+  file://50-gbmc-ncsi.rules.in \
+  file://gbmc-ncsi-sslh.socket.in \
+  file://gbmc-ncsi-sslh.service \
+  "
+
+S = "${WORKDIR}"
+
+RDEPENDS_${PN} += " \
+  ncsid \
+  nftables-systemd \
+  sslh \
+  "
+
+FILES_${PN} += "${systemd_unitdir}"
+
+SYSTEMD_SERVICE_${PN} += " \
+  gbmc-ncsi-sslh.service \
+  gbmc-ncsi-sslh.socket \
+  "
+
+do_install_append() {
+  if_name='${GBMC_NCSI_IF_NAME}'
+  if [ -z "$if_name" ]; then
+    echo "Missing if_name" >&2
+    exit 1
+  fi
+
+  install -d -m0755 ${D}${sysconfdir}/sysctl.d
+  echo "net.ipv6.conf.$if_name.accept_dad=0" \
+    >>${D}${sysconfdir}/sysctl.d/25-gbmc-ncsi.conf
+  echo "net.ipv6.conf.$if_name.dad_transmits=0" \
+    >>${D}${sysconfdir}/sysctl.d/25-gbmc-ncsi.conf
+
+  netdir=${D}${systemd_unitdir}/network/00-bmc-$if_name.network.d
+  install -d -m0755 "$netdir"
+  echo '[Network]' >>"$netdir"/gbmc-ncsi.conf
+  echo 'DHCP=false' >>"$netdir"/gbmc-ncsi.conf
+  echo 'IPv6AcceptRA=false' >>"$netdir"/gbmc-ncsi.conf
+  echo 'LLMNR=false' >>"$netdir"/gbmc-ncsi.conf
+  echo 'MulticastDNS=false' >>"$netdir"/gbmc-ncsi.conf
+  echo 'LinkLocalAddressing=ipv6' >>"$netdir"/gbmc-ncsi.conf
+
+  nftdir=${D}${sysconfdir}/nftables
+  install -d -m0755 "$nftdir"
+  sed "s,@NCSI_IF@,$if_name," ${WORKDIR}/50-gbmc-ncsi.rules.in \
+    >"$nftdir"/50-gbmc-ncsi.rules
+
+  wantdir=${D}${systemd_system_unitdir}/multi-user.target.wants
+  install -d -m0755 "$wantdir"
+  ln -sv ../ncsid@.service "$wantdir"/ncsid@$if_name.service
+
+  install -m 0644 ${WORKDIR}/gbmc-ncsi-sslh.service ${D}${systemd_system_unitdir}
+  sed "s,@NCSI_IF@,$if_name," ${WORKDIR}/gbmc-ncsi-sslh.socket.in \
+    >${D}${systemd_system_unitdir}/gbmc-ncsi-sslh.socket
+}
diff --git a/meta-google/recipes-google/ncsi/ncsid_git.bb b/meta-google/recipes-google/ncsi/ncsid_git.bb
new file mode 100644
index 000000000..96833b885
--- /dev/null
+++ b/meta-google/recipes-google/ncsi/ncsid_git.bb
@@ -0,0 +1,40 @@
+SUMMARY = "Google NCSI daemon"
+DESCRIPTION = "Google NCSI daemon."
+HOMEPAGE = "http://github.com/openbmc/google-misc"
+PR = "r1"
+PV = "1.0+git${SRCPV}"
+
+LICENSE = "Apache-2.0"
+LIC_FILES_CHKSUM = "file://../LICENSE;md5=34400b68072d710fecd0a2940a0d1658"
+
+SRC_URI += "git://github.com/openbmc/google-misc"
+SRCREV = "a65b7b8174de2720b3abe97ebc95a4619bc1bd73"
+S = "${WORKDIR}/git/ncsid"
+
+inherit meson systemd
+
+SYSTEMD_SERVICE_${PN} += " \
+  dhcp4@.service \
+  dhcp6@.service \
+  ncsid@.service \
+  nic-hostful@.target \
+  nic-hostless@.target \
+  update-static-neighbors@.service \
+  update-static-neighbors@.timer \
+"
+
+DEPENDS += " \
+  fmt \
+  sdbusplus \
+  stdplus \
+"
+
+RDEPENDS_${PN} += " \
+  bash \
+  busybox \
+  iputils-arping \
+  jq \
+  ndisc6-ndisc6 \
+  ndisc6-rdisc6 \
+  systemd \
+"
diff --git a/meta-google/recipes-google/networking/files/iperf3.service b/meta-google/recipes-google/networking/files/iperf3.service
new file mode 100644
index 000000000..f2d9586e1
--- /dev/null
+++ b/meta-google/recipes-google/networking/files/iperf3.service
@@ -0,0 +1,21 @@
+[Unit]
+Description=IPERF3 Server
+
+[Service]
+ExecStart=/usr/bin/iperf3 -s
+#Hardening
+PrivateTmp=true
+ProtectSystem=strict
+ProtectHome=true
+ProtectKernelModules=true
+ProtectKernelTunables=true
+ProtectControlGroups=true
+MountFlags=private
+NoNewPrivileges=true
+PrivateDevices=true
+RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
+MemoryDenyWriteExecute=true
+DynamicUser=true
+
+[Install]
+WantedBy=multi-user.target
diff --git a/meta-google/recipes-google/networking/gbmc-iperf3.bb b/meta-google/recipes-google/networking/gbmc-iperf3.bb
new file mode 100644
index 000000000..f1a88b459
--- /dev/null
+++ b/meta-google/recipes-google/networking/gbmc-iperf3.bb
@@ -0,0 +1,18 @@
+PR = "r1"
+
+LICENSE = "Apache-2.0"
+LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/Apache-2.0;md5=89aea4e17d99a7cacdbeed46a0096b10"
+
+inherit systemd
+
+RDEPENDS_${PN} += "iperf3"
+
+SRC_URI += "file://iperf3.service"
+
+SYSTEMD_SERVICE_${PN} += "iperf3.service"
+
+do_install() {
+    # Install service definitions
+    install -d -m 0755 ${D}${systemd_system_unitdir}
+    install -m 0644 ${WORKDIR}/iperf3.service ${D}${systemd_system_unitdir}
+}
diff --git a/meta-google/recipes-google/nftables/files/nftables.service b/meta-google/recipes-google/nftables/files/nftables.service
new file mode 100644
index 000000000..3830988eb
--- /dev/null
+++ b/meta-google/recipes-google/nftables/files/nftables.service
@@ -0,0 +1,11 @@
+[Unit]
+Before=network-pre.target
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/bin/bash -c 'shopt -s nullglob; echo /etc/nftables/*.rules | xargs -r -n 1 nft -f'
+ExecStop=/bin/bash -c 'nft flush ruleset'
+
+[Install]
+WantedBy=multi-user.target
diff --git a/meta-google/recipes-google/nftables/nftables-systemd.bb b/meta-google/recipes-google/nftables/nftables-systemd.bb
new file mode 100644
index 000000000..24d3e821b
--- /dev/null
+++ b/meta-google/recipes-google/nftables/nftables-systemd.bb
@@ -0,0 +1,17 @@
+SUMMARY = "nftables systemd wrapper"
+DESCRIPTION = "nftables systemd wrapper"
+PR = "r1"
+PV = "1.0"
+
+LICENSE = "Apache-2.0"
+LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/Apache-2.0;md5=89aea4e17d99a7cacdbeed46a0096b10"
+
+inherit systemd
+
+SRC_URI += "file://nftables.service"
+SYSTEMD_SERVICE_${PN} += "nftables.service"
+
+do_install() {
+    install -d ${D}${systemd_system_unitdir}
+    install -m 0644 ${WORKDIR}/nftables.service ${D}${systemd_system_unitdir}
+}
diff --git a/meta-google/recipes-google/systemd/files/firmware-updates-pre.target b/meta-google/recipes-google/systemd/files/firmware-updates-pre.target
new file mode 100644
index 000000000..5e6c8e93a
--- /dev/null
+++ b/meta-google/recipes-google/systemd/files/firmware-updates-pre.target
@@ -0,0 +1,2 @@
+[Unit]
+Description=Firmware Update Preconditions
diff --git a/meta-google/recipes-google/systemd/files/firmware-updates.target b/meta-google/recipes-google/systemd/files/firmware-updates.target
new file mode 100644
index 000000000..e41fe25f6
--- /dev/null
+++ b/meta-google/recipes-google/systemd/files/firmware-updates.target
@@ -0,0 +1,6 @@
+[Unit]
+Description=Firmware Updates and Configuration
+Wants=firmware-updates-pre.target
+
+[Install]
+WantedBy=multi-user.target
diff --git a/meta-google/recipes-google/systemd/gbmc-systemd-config.bb b/meta-google/recipes-google/systemd/gbmc-systemd-config.bb
new file mode 100644
index 000000000..011b62edc
--- /dev/null
+++ b/meta-google/recipes-google/systemd/gbmc-systemd-config.bb
@@ -0,0 +1,49 @@
+SUMMARY = "Configures systemd settings for gBMC"
+PR = "r1"
+LICENSE = "Apache-2.0"
+LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/Apache-2.0;md5=89aea4e17d99a7cacdbeed46a0096b10"
+
+inherit systemd
+
+S = "${WORKDIR}"
+
+SRC_URI_append = " \
+  file://firmware-updates.target \
+  file://firmware-updates-pre.target \
+  "
+
+FILES_${PN}_append = " \
+  ${systemd_unitdir}/coredump.conf.d/40-gbmc-coredump.conf \
+  ${systemd_unitdir}/resolved.conf.d/40-gbmc-nomdns.conf \
+  "
+
+FILES_${PN}_append_dev = " \
+  ${libdir}/sysctl.d/40-gbmc-debug.conf \
+  "
+
+SYSTEMD_SERVICE_${PN}_append = " \
+  firmware-updates.target \
+  firmware-updates-pre.target \
+  "
+
+# Put coredumps in the journal to ensure they stay in ram
+do_install() {
+    install -d -m 0755 ${D}${systemd_unitdir}/coredump.conf.d
+    printf "[Coredump]\nStorage=journal\n" \
+        >${D}${systemd_unitdir}/coredump.conf.d/40-gbmc-coredump.conf
+
+    install -d -m 0755 ${D}${systemd_unitdir}/resolved.conf.d
+    printf "[Resolve]\nLLMNR=no\nMulticastDNS=resolve\n" \
+        >${D}${systemd_unitdir}/resolved.conf.d/40-gbmc-nomdns.conf
+
+    install -d -m 0755 ${D}${systemd_system_unitdir}
+    install -m 0644 ${WORKDIR}/firmware-updates.target ${D}${systemd_system_unitdir}/
+    install -m 0644 ${WORKDIR}/firmware-updates-pre.target ${D}${systemd_system_unitdir}/
+}
+
+do_install_append_dev() {
+    install -d -m 0755 ${D}${libdir}/sysctl.d
+    printf "kernel.sysrq = 1\n" \
+        >${D}${libdir}/sysctl.d/40-gbmc-debug.conf
+
+}
diff --git a/meta-google/recipes-phosphor/images/obmc-phosphor-image.bbappend b/meta-google/recipes-phosphor/images/obmc-phosphor-image.bbappend
index e755439be..37655b98f 100644
--- a/meta-google/recipes-phosphor/images/obmc-phosphor-image.bbappend
+++ b/meta-google/recipes-phosphor/images/obmc-phosphor-image.bbappend
@@ -3,3 +3,8 @@ OBMC_IMAGE_EXTRA_INSTALL_append = " google-ipmi-i2c"
 OBMC_IMAGE_EXTRA_INSTALL_append = " phosphor-ipmi-blobs"
 OBMC_IMAGE_EXTRA_INSTALL_append = " phosphor-ipmi-ethstats"
 OBMC_IMAGE_EXTRA_INSTALL_append = " phosphor-ipmi-flash"
+
+OBMC_IMAGE_EXTRA_INSTALL_append_gbmc = " gbmc-systemd-config"
+OBMC_IMAGE_EXTRA_INSTALL_append_gbmc = " gbmc-iperf3"
+OBMC_IMAGE_EXTRA_INSTALL_append_gbmc = \
+  '${@"" if not d.getVar("GBMC_NCSI_IF_NAME") else " gbmc-ncsi-config"}'