Age | Commit message (Collapse) | Author | Files | Lines |
|
u-boot hashing does not confer any additional security in gBMC (we don't
sign the kernel and hashes live with the image). We can use a much
faster, but bus verifying algorithm instead. Ideally this would be
xxhash, but our u-boot is currently too old.
Change-Id: I796a4ed2db380eb86a9acbeae1f8a5e56cc8cb62
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
The DISTRO_FEATURE option for this is merged,
https://gerrit.openbmc-project.xyz/c/openbmc/openbmc/+/45523
Signed-off-by: Vivekanand Veeracholan <vveerach@google.com>
Change-Id: I70ba330f1f39aa785a31b63d1640a4c4b3c3eba8
|
|
GBMC_CONFIG variable controls dev/prod configuration for the builds.
Possible values: dev, prod
This variable is defaulted to "dev" through weak assignment.
Can be explicitly set through local.conf file or in build command.
To set it in build command, additional step of including this variable
to the "BB_ENV_EXTRAWHITE" environment variable is needed.
https://docs.yoctoproject.org/bitbake/bitbake-user-manual/bitbake-user-manual-metadata.html#passing-information-into-the-build-task-environment
Signed-off-by: Vivekanand Veeracholan <vveerach@google.com>
Change-Id: I46c34d47c958a96ce00e2c89a2bc771a483a83ab
|
|
```
convert-overrides.py meta-google
git grep "_[a-z0-9_/-]*[ :]" -- meta-google | grep ".bb"
git grep -l _gbmc -- meta-google | grep ".bb" \
| xargs sed -i 's/_gbmc/:gbmc/'
git grep -l _prod -- meta-google | grep ".bb" \
| xargs sed -i 's/_prod/:prod/'
git grep -l _dev -- meta-google | grep ".bb" \
| xargs sed -i 's/_dev/:dev/'
git grep -l _hoth -- meta-google | grep ".bb" \
| xargs sed -i 's/_hoth/:hoth/'
git grep -l _bandaid -- meta-google | grep ".bb" \
| xargs sed -i 's/_bandaid/:bandaid/'
```
Some small fix includes
```
platforms_gbmc_bringup
platforms_gbmc_secure
```
Tested:
```
$ git grep "_[a-z0-9_/-]*[ :]" -- meta-google | grep ".bb"
meta-google/recipes-connectivity/avahi/avahi_%.bbappend:do_install:append:gbmc() {
meta-google/recipes-core/dropbear/dropbear_%.bbappend:do_install:append:gbmc:dev() {
meta-google/recipes-core/dropbear/dropbear_%.bbappend: echo ' chain gbmc_br_pub_input {' >>"$rules"
meta-google/recipes-extended/libconfig/conf2struct-native_git.bb: oe_runmake checker
meta-google/recipes-extended/libconfig/conf2struct-native_git.bb: oe_runmake install
meta-google/recipes-extended/networking/mstpd_git.bb:do_install:append() {
meta-google/recipes-extended/networking/sslh_git.bb: oe_runmake distclean
meta-google/recipes-extended/networking/sslh_git.bb: oe_runmake sslh-conf.h
meta-google/recipes-extended/networking/sslh_git.bb: oe_runmake install
meta-google/recipes-google/ipmi/ipmi-fru-sh.bb:do_install:append() {
meta-google/recipes-google/ncsi/gbmc-ncsi-config.bb:do_install:append() {
meta-google/recipes-google/networking/gbmc-bridge.bb:do_rm_work:prepend() {
meta-google/recipes-google/networking/gbmc-bridge.bb: # HACK: Work around broken do_rm_work not properly calling rm with `--`
meta-google/recipes-google/networking/gbmc-ip-monitor.bb:do_install:append() {
meta-google/recipes-google/networking/gbmc-iperf3.bb:do_install:append:dev() {
meta-google/recipes-google/networking/gbmc-iperf3.bb: echo ' chain gbmc_br_pub_input {' >>"$rules"
meta-google/recipes-google/networking/gbmc-mac-config.bb:do_install:append() {
meta-google/recipes-google/networking/network-sh.bb:do_install:append() {
meta-google/recipes-google/ssh/authorized-keys-comp.bb:SUMMARY = "Compiles a set of authorized_keys files into a single file"
meta-google/recipes-google/ssh/authorized-keys-comp.bb:do_install:append() {
meta-google/recipes-google/systemd/gbmc-systemd-config.bb:do_install:append:dev() {
meta-google/recipes-google/test/test-sh.bb:do_install:append() {
meta-google/recipes-phosphor/flash/inplace-gbmc-update.bb:do_install:prepend:dev() {
meta-google/recipes-phosphor/host/phosphor-host-postd_%.bbappend:do_install:append:gbmc:dev() {
meta-google/recipes-phosphor/initrdscripts/obmc-phosphor-initfs.bbappend:do_install:append:gbmc:dev() {
meta-google/recipes-phosphor/initrdscripts/obmc-phosphor-initfs.bbappend:do_install:append:gbmc:prod() {
meta-google/recipes-phosphor/ipmi/phosphor-ipmi-config.bbappend:do_install:append:gbmc() {
meta-google/recipes-phosphor/ipmi/phosphor-ipmi-config.bbappend: overlapping="$(jq '."${GBMCBR_IPMI_CHANNEL}" | .is_valid and .name != "gbmcbr"' $chjson)"
```
Change-Id: I9d610c664bd44e8bd81fb8f7e76249a0b43b9ffd
Signed-off-by: Willy Tu <wltu@google.com>
|
|
For gbmc override, add inplace-gbmc-update and set it as the
PREFERRED_PROVIDER for virtual/bmc-update.
Google-Bug-Id: 179618452
Google-Bug-Id: 179618500
Signed-off-by: Brandon Kim <brandonkim@google.com>
Change-Id: If8b7a3640b66fd323ee5c1a98619a09463933898
|
|
Upstream our base distro
Upstream: 1fe32412faa5dbe9691b977c100712d2baa89887
Google-Bug-Id: 179617826
Signed-off-by: Brandon Kim <brandonkim@google.com>
Change-Id: Ib0795ffb39ea8124c808f7ecb1d48808bce3e46e
|