diff options
| author | Patrick Williams <patrick@stwcx.xyz> | 2022-11-03 19:10:55 +0300 |
|---|---|---|
| committer | Patrick Williams <patrick@stwcx.xyz> | 2022-11-03 20:06:15 +0300 |
| commit | f241bb5774c192f7e64e38b87e0a455f90c5ce54 (patch) | |
| tree | d595fe987ebf6fc69dee469462408df06b5b4a9e | |
| parent | 5641269ed7838c5ea402b23c5e0ac0af5d6a866b (diff) | |
| download | openbmc-f241bb5774c192f7e64e38b87e0a455f90c5ce54.tar.xz | |
subtree updates
meta-arm: 14c7e5b336..4ee457693e:
Abdellatif El Khlifi (1):
kas: corstone1000: set branches to langdale
Jon Mason (2):
CI: fix to langdale
CI: Remove host bitbake variables
Mohamed Omar Asaker (5):
arm-bsp/u-boot: corstone1000: support 32bit ffa direct messaging
Revert "arm-bsp/trusted-firmware-m: corstone1000: secure debug code checkout from yocto"
Revert "arm-bsp/trusted-firmware-m: corstone1000: bump tfm SHA"
arm-bsp/trusted-firmware-m: corstone1000 support FMP image info
arm-bsp/corstone1000: add msd configs for fvp
Ross Burton (5):
arm/hafnium: add missing Upstream-Status
arm-bsp/hafnium: add missing Upstream-Status
arm-bsp/linux-arm64-ack: fix malformed Upstream-Status tag
CI: add documentation job
CI: track meta-openembedded's langdale branch
Rui Miguel Silva (2):
arm/trusted-services: port crypto config
arm-bsp/corstone1000: apply ts patch to psa crypto api test
Satish Kumar (1):
arm-bsp/trusted-service: corstone1000: esrt support
Vishnu Banavath (2):
runfvp: corstone1000: add mmc card configuration
meta-arm-bsp/doc: add readthedocs for corstone1000
meta-security: e8e7318189..2aa48e6f4e:
Armin Kuster (1):
kas-security-base.yml: make work again
Gowtham Suresh Kumar (1):
Update PARSEC recipe to latest v1.1.0 release
Michael Haener (1):
tpm2-openssl: update to 1.1.1
meta-openembedded: 8073ec2275..c5668905a6:
Akash Hadke (1):
audit: Fix compile error for audit_2.8.5
Armin Kuster (1):
meta-openemnedded: Add myself as langdale maintainer
Etienne Cordonnier (1):
uutils-coreutils: upgrade 0.0.15 -> 0.0.16
Gianfranco Costamagna (1):
vboxguestdrivers: upgrade 6.1.38 -> 7.0.0
Khem Raj (3):
postfix: Upgrade to 3.7.3
msktutil: Add recipe
protobuf: Enable protoc binary in nativesdk
Markus Volk (1):
perfetto: build libperfetto
Ovidiu Panait (1):
syzkaller: add recipe and selftest for syzkaller fuzzing
Sebastian Trahm (1):
Add recipe for python3-pytest-json-report
Zheng Qiu (1):
jq: improve ptest and disable valgrind by default
poky: 95c802b0be..6b9db5a99b:
Adrian Freihofer (1):
own-mirrors: add crate
Alex Kiernan (2):
u-boot: Remove duplicate inherit of cml1
u-boot: Add savedefconfig task
Bartosz Golaszewski (1):
bluez5: add dbus to RDEPENDS
Chen Qi (1):
openssl: export necessary env vars in SDK
Frank de Brabander (1):
cve-update-db-native: add timeout to urlopen() calls
Johan Korsnes (1):
bitbake: bitbake: user-manual: inform about spaces in :remove
Jon Mason (1):
linux-yocto: add efi entry for machine features
Keiya Nobuta (1):
gnutls: Unified package names to lower-case
Khem Raj (1):
perf: Depend on native setuptools3
Lee Chee Yang (2):
migration-guides/release-notes-4.1.rst: update Repositories / Downloads
migration-guides/release-notes-4.1.rst: update Repositories / Downloads
Mark Asselstine (1):
bitbake: tests: bb.tests.fetch.URLHandle: add 2 new tests
Mark Hatle (2):
insane.bbclass: Allow hashlib version that only accepts on parameter
bitbake: utils/ply: Update md5 to better report errors with hashlib
Michael Opdenacker (4):
manuals: updates for building on Windows (WSL 2)
ref-manual: classes.rst: add links to all references to a class
poky.conf: remove Ubuntu 21.10
bitbake: doc: bitbake-user-manual: expand description of BB_PRESSURE_MAX variables
Ming Liu (1):
dropbear: add pam to PACKAGECONFIG
Paul Eggleton (1):
install-buildtools: support buildtools-make-tarball and update to 4.1
Peter Kjellerstedt (1):
gcc: Allow -Wno-error=poison-system-directories to take effect
Quentin Schulz (1):
docs: add support for langdale (4.1) release
Richard Purdie (2):
openssl: Fix SSL_CERT_FILE to match ca-certs location
bitbake: tests/fetch: Allow handling of a file:// url within a submodule
Ross Burton (9):
populate_sdk_base: ensure ptest-pkgs pulls in ptest-runner
scripts/oe-check-sstate: cleanup
scripts/oe-check-sstate: force build to run for all targets, specifically populate_sysroot
externalsrc: move back to classes
opkg-utils: use a git clone, not a dynamic snapshot
oe/packagemanager/rpm: don't leak file objects
zlib: use .gz archive and set a PREMIRROR
glib-2.0: fix rare GFileInfo test case failure
lighttpd: fix CVE-2022-41556
Thomas Perrot (1):
psplash: add psplash-default in rdepends
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I120c51ea936c5a6bddf80ea25879b9f023365c38
111 files changed, 4898 insertions, 901 deletions
diff --git a/meta-arm/.gitlab-ci.yml b/meta-arm/.gitlab-ci.yml index 98a95c1391..7d050a551b 100644 --- a/meta-arm/.gitlab-ci.yml +++ b/meta-arm/.gitlab-ci.yml @@ -242,3 +242,18 @@ metrics: script: - kas shell --update --force-checkout ci/base.yml --command \ "$CI_PROJECT_DIR/ci/patchreview $CI_PROJECT_DIR/meta-* --verbose --metrics $CI_PROJECT_DIR/metrics.txt" + +documentation: + extends: .setup + script: + - | + sudo pip3 install -r meta-arm-bsp/documentation/requirements.txt + for CONF in meta-*/documentation/*/conf.py ; do + SOURCE_DIR=$(dirname $CONF) + MACHINE=$(basename $SOURCE_DIR) + sphinx-build -vW $SOURCE_DIR build-docs/$MACHINE + done + test -d build-docs/ + artifacts: + paths: + - build-docs/ diff --git a/meta-arm/ci/base.yml b/meta-arm/ci/base.yml index 49812656dd..c4e68886b3 100644 --- a/meta-arm/ci/base.yml +++ b/meta-arm/ci/base.yml @@ -26,13 +26,7 @@ env: local_conf_header: base: | - BB_SERVER_TIMEOUT = "60" CONF_VERSION = "2" - BB_NUMBER_THREADS = "16" - PARALLEL_MAKE = "-j16" - XZ_MEMLIMIT = "25%" - XZ_THREADS = "16" - ZSTD_THREADS = "16" LICENSE_FLAGS_ACCEPTED += "Arm-FVP-EULA" setup: | PACKAGE_CLASSES = "package_ipk" diff --git a/meta-arm/ci/meta-openembedded.yml b/meta-arm/ci/meta-openembedded.yml index dd0f6633cb..bed338dae0 100644 --- a/meta-arm/ci/meta-openembedded.yml +++ b/meta-arm/ci/meta-openembedded.yml @@ -4,7 +4,6 @@ header: repos: meta-openembedded: url: https://git.openembedded.org/meta-openembedded - refspec: master layers: meta-filesystems: meta-networking: diff --git a/meta-arm/kas/corstone1000-base.yml b/meta-arm/kas/corstone1000-base.yml index 21e5280a6c..5fe7f4da58 100644 --- a/meta-arm/kas/corstone1000-base.yml +++ b/meta-arm/kas/corstone1000-base.yml @@ -5,7 +5,7 @@ distro: poky-tiny defaults: repos: - refspec: master + refspec: langdale repos: meta-arm: @@ -16,7 +16,6 @@ repos: poky: url: https://git.yoctoproject.org/git/poky - refspec: master layers: meta: meta-poky: @@ -24,7 +23,6 @@ repos: meta-openembedded: url: https://git.openembedded.org/meta-openembedded - refspec: master layers: meta-oe: meta-python: diff --git a/meta-arm/meta-arm-bsp/conf/machine/corstone1000-fvp.conf b/meta-arm/meta-arm-bsp/conf/machine/corstone1000-fvp.conf index 4433f8bd3a..2a72f7ff23 100644 --- a/meta-arm/meta-arm-bsp/conf/machine/corstone1000-fvp.conf +++ b/meta-arm/meta-arm-bsp/conf/machine/corstone1000-fvp.conf @@ -42,3 +42,9 @@ FVP_TERMINALS[host.host_terminal_1] ?= "Secure World Console" FVP_TERMINALS[se.secenc_terminal] ?= "Secure Enclave Console" FVP_TERMINALS[extsys0.extsys_terminal] ?= "Cortex M3" +# MMC card configuration +FVP_CONFIG[board.msd_mmc.card_type] ?= "SDHC" +FVP_CONFIG[board.msd_mmc.p_fast_access] ?= "0" +FVP_CONFIG[board.msd_mmc.diagnostics] ?= "2" +FVP_CONFIG[board.msd_mmc.p_max_block_count] ?= "0xFFFF" +FVP_CONFIG[board.msd_config.pl180_fifo_depth] ?= "16" diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/change-log.rst b/meta-arm/meta-arm-bsp/documentation/corstone1000/change-log.rst new file mode 100644 index 0000000000..5d6493a490 --- /dev/null +++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/change-log.rst @@ -0,0 +1,98 @@ +.. + # Copyright (c) 2022, Arm Limited. + # + # SPDX-License-Identifier: MIT + +########## +Change Log +########## + +This document contains a summary of the new features, changes and +fixes in each release of corstone1000 software stack. + +****************** +Version 2022.04.04 +****************** + +Changes +======= +- Linux distro openSUSE, raw image installation and boot in the FVP. +- SCT test support in FVP. +- Manual capsule update support in FVP. + +****************** +Version 2022.02.25 +****************** + +Changes +======= +- Building and running psa-arch-tests on corstone1000 FVP +- Enabled smm-gateway partition in Trusted Service on corstone1000 FVP +- Enabled MHU driver in Trusted Service on corstone1000 FVP +- Enabled OpenAMP support in SE proxy SP on corstone1000 FVP + +****************** +Version 2022.02.21 +****************** + +Changes +======= +- psa-arch-tests: recipe is dropped and merged into the secure-partitons recipe. +- psa-arch-tests: The tests are align with latest tfm version for psa-crypto-api suite. + +****************** +Version 2022.01.18 +****************** + +Changes +======= +- psa-arch-tests: change master to main for psa-arch-tests +- U-Boot: fix null pointer exception for get_image_info +- TF-M: fix capsule instability issue for corstone1000 + +****************** +Version 2022.01.07 +****************** + +Changes +======= +- corstone1000: fix SystemReady-IR ACS test (SCT, FWTS) failures. +- U-Boot: send bootcomplete event to secure enclave. +- U-Boot: support populating corstone1000 image_info to ESRT table. +- U-Boot: add ethernet device and enable configs to support bootfromnetwork SCT. + +****************** +Version 2021.12.15 +****************** + +Changes +======= +- Enabling corstone1000 FPGA support on: + - Linux 5.10 + - OP-TEE 3.14 + - Trusted Firmware-A 2.5 + - Trusted Firmware-M 1.5 +- Building and running psa-arch-tests +- Adding openamp support in SE proxy SP +- OP-TEE: adding smm-gateway partition +- U-Boot: introducing Arm FF-A and MM support + +****************** +Version 2021.10.29 +****************** + +Changes +======= +- Enabling corstone1000 FVP support on: + - Linux 5.10 + - OP-TEE 3.14 + - Trusted Firmware-A 2.5 + - Trusted Firmware-M 1.4 +- Linux kernel: enabling EFI, adding FF-A debugfs driver, integrating ARM_FFA_TRANSPORT. +- U-Boot: Extending EFI support +- python3-imgtool: adding recipe for Trusted-firmware-m +- python3-imgtool: adding the Yocto recipe used in signing host images (based on MCUBOOT format) + +-------------- + +*Copyright (c) 2021, Arm Limited. All rights reserved.* diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/conf.py b/meta-arm/meta-arm-bsp/documentation/corstone1000/conf.py new file mode 100644 index 0000000000..e9cab63359 --- /dev/null +++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/conf.py @@ -0,0 +1,52 @@ +# Configuration file for the Sphinx documentation builder. +# +# This file only contains a selection of the most common options. For a full +# list see the documentation: +# https://www.sphinx-doc.org/en/master/usage/configuration.html + +# -- Path setup -------------------------------------------------------------- + +# If extensions (or modules to document with autodoc) are in another directory, +# add these directories to sys.path here. If the directory is relative to the +# documentation root, use os.path.abspath to make it absolute, like shown here. +# +# import os +# import sys +# sys.path.insert(0, os.path.abspath('.')) + + +# -- Project information ----------------------------------------------------- + +project = 'corstone1000' +copyright = '2020-2022, Arm Limited' +author = 'Arm Limited' + + +# -- General configuration --------------------------------------------------- + +# Add any Sphinx extension module names here, as strings. They can be +# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom +# ones. +extensions = [ +] + +# Add any paths that contain templates here, relative to this directory. +templates_path = ['_templates'] + +# List of patterns, relative to source directory, that match files and +# directories to ignore when looking for source files. +# This pattern also affects html_static_path and html_extra_path. +exclude_patterns = ['_build', 'Thumbs.db', '.DS_Store', 'docs/infra'] + + +# -- Options for HTML output ------------------------------------------------- + +# The theme to use for HTML and HTML Help pages. See the documentation for +# a list of builtin themes. +# +html_theme = 'sphinx_rtd_theme' + +# Add any paths that contain custom static files (such as style sheets) here, +# relative to this directory. They are copied after the builtin static files, +# so a file named "default.css" will overwrite the builtin "default.css". +#html_static_path = ['_static'] diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/images/CorstoneSubsystems.png b/meta-arm/meta-arm-bsp/documentation/corstone1000/images/CorstoneSubsystems.png Binary files differnew file mode 100644 index 0000000000..a41e721027 --- /dev/null +++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/images/CorstoneSubsystems.png diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/images/ExternalFlash.png b/meta-arm/meta-arm-bsp/documentation/corstone1000/images/ExternalFlash.png Binary files differnew file mode 100644 index 0000000000..38407c08d9 --- /dev/null +++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/images/ExternalFlash.png diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/images/SecureBootChain.png b/meta-arm/meta-arm-bsp/documentation/corstone1000/images/SecureBootChain.png Binary files differnew file mode 100644 index 0000000000..bc5b4ba35e --- /dev/null +++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/images/SecureBootChain.png diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/images/SecureFirmwareUpdate.png b/meta-arm/meta-arm-bsp/documentation/corstone1000/images/SecureFirmwareUpdate.png Binary files differnew file mode 100644 index 0000000000..5fdae9db29 --- /dev/null +++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/images/SecureFirmwareUpdate.png diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/images/SecureServices.png b/meta-arm/meta-arm-bsp/documentation/corstone1000/images/SecureServices.png Binary files differnew file mode 100644 index 0000000000..b7631b0230 --- /dev/null +++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/images/SecureServices.png diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/images/UEFISupport.png b/meta-arm/meta-arm-bsp/documentation/corstone1000/images/UEFISupport.png Binary files differnew file mode 100644 index 0000000000..f58531719d --- /dev/null +++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/images/UEFISupport.png diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/index.rst b/meta-arm/meta-arm-bsp/documentation/corstone1000/index.rst new file mode 100644 index 0000000000..8626c42c2b --- /dev/null +++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/index.rst @@ -0,0 +1,16 @@ +.. + # Copyright (c) 2022, Arm Limited. + # + # SPDX-License-Identifier: MIT + +################ +ARM Corstone1000 +################ + +.. toctree:: + :maxdepth: 1 + + software-architecture + user-guide + release-notes + change-log diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/release-notes.rst b/meta-arm/meta-arm-bsp/documentation/corstone1000/release-notes.rst new file mode 100644 index 0000000000..385331bd23 --- /dev/null +++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/release-notes.rst @@ -0,0 +1,137 @@ +.. + # Copyright (c) 2022, Arm Limited. + # + # SPDX-License-Identifier: MIT + +############# +Release notes +############# + +************************** +Release notes - 2022.04.04 +************************** + +Known Issues or Limitations +--------------------------- + - FGPA support Linux distro install and boot through installer. However, + FVP only support openSUSE raw image installation and boot. + - Due to the performance uplimit of MPS3 FPGA and FVP, some Linux distros like Fedora Rawhide + cannot boot on corstone1000 (i.e. user may experience timeouts or boot hang). + - Below SCT FAILURE is a known issues in the FVP: + UEFI Compliant - Boot from network protocols must be implemented -- FAILURE + +Platform Support +----------------- + - This software release is tested on corstone1000 FPGA version AN550_v1 + - This software release is tested on corstone1000 Fast Model platform (FVP) version 11.17_23 + https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps + +************************** +Release notes - 2022.02.25 +************************** + +Known Issues or Limitations +--------------------------- + - The following tests only work on corstone1000 FPGA: ACS tests (SCT, FWTS, + BSA), manual capsule update test, Linux distro install and boot. + +Platform Support +---------------- + - This software release is tested on corstone1000 FPGA version AN550_v1 + - This software release is tested on corstone1000 Fast Model platform (FVP) version 11.17_23 + https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps + +Release notes - 2022.02.21 +-------------------------- + +Known Issues or Limitations +--------------------------- + - The following tests only work on corstone1000 FPGA: ACS tests (SCT, FWTS, + BSA), manual capsule update test, Linux distro install and boot, psa-arch-test. + +Platform Support +---------------- + - This software release is tested on corstone1000 FPGA version AN550_v1 + - This software release is tested on corstone1000 Fast Model platform (FVP) version 11.16.21 + https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps + +Release notes - 2022.01.18 +-------------------------- + +Known Issues or Limitations +--------------------------- + + - Before running each SystemReady-IR tests: ACS tests (SCT, FWTS, BSA), manual + capsule update test, Linux distro install and boot, etc., the SecureEnclave + flash must be cleaned. See user-guide "Clean Secure Flash Before Testing" + section. + +Release notes - 2021.12.15 +-------------------------- + +Software Features +------------------ +The following components are present in the release: + + - Yocto version Honister + - Linux kernel version 5.10 + - U-Boot 2021.07 + - OP-TEE version 3.14 + - Trusted Firmware-A 2.5 + - Trusted Firmware-M 1.5 + - OpenAMP 347397decaa43372fc4d00f965640ebde042966d + - Trusted Services a365a04f937b9b76ebb2e0eeade226f208cbc0d2 + + +Platform Support +---------------- + - This software release is tested on corstone1000 FPGA version AN550_v1 + - This software release is tested on corstone1000 Fast Model platform (FVP) version 11.16.21 + https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps + +Known Issues or Limitations +--------------------------- + - The following tests only work on corstone1000 FPGA: ACS tests (SCT, FWTS, + BSA), manual capsule update test, Linux distro install and boot, and + psa-arch-tests. + - Only the manual capsule update from UEFI shell is supported on FPGA. + - Due to flash size limitation and to support A/B banks,the wic image provided + by the user should be smaller than 15MB. + - The failures in PSA Arch Crypto Test are known limitations with crypto + library. It requires further investigation. The user can refer to `PSA Arch Crypto Test Failure Analysis In TF-M V1.5 Release <https://developer.trustedfirmware.org/w/tf_m/release/psa_arch_crypto_test_failure_analysis_in_tf-m_v1.5_release/>`__ + for the reason for each failing test. + + +Release notes - 2021.10.29 +-------------------------- + +Software Features +----------------- +This initial release of corstone1000 supports booting Linux on the Cortex-A35 +and TF-M/MCUBOOT in the Secure Enclave. The following components are present in +the release: + + - Linux kernel version 5.10 + - U-Boot 2021.07 + - OP-TEE version 3.14 + - Trusted Firmware-A 2.5 + - Trusted Firmware-M 1.4 + +Platform Support +---------------- + - This Software release is tested on corstone1000 Fast Model platform (FVP) version 11.16.21 + https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps + +Known Issues or Limitations +--------------------------- + - No software support for external system(Cortex M3) + - No communication established between A35 and M0+ + - Very basic functionality of booting Secure Enclave, Trusted Firmware-A , OP-TEE , u-boot and Linux are performed + +Support +------- +For support email: support-subsystem-iot@arm.com + +-------------- + +*Copyright (c) 2021, Arm Limited. All rights reserved.* diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/software-architecture.rst b/meta-arm/meta-arm-bsp/documentation/corstone1000/software-architecture.rst new file mode 100644 index 0000000000..a17f1b8a68 --- /dev/null +++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/software-architecture.rst @@ -0,0 +1,239 @@ +.. + # Copyright (c) 2022, Arm Limited. + # + # SPDX-License-Identifier: MIT + +###################### +Software architecture +###################### + + +***************** +ARM corstone1000 +***************** + +ARM corstone1000 is a reference solution for IoT devices. It is part of +Total Solution for IoT which consists of hardware and software reference +implementation. + +Corstone1000 software plus hardware reference solution is PSA Level-2 ready +certified (`PSA L2 Ready`_) as well as System Ready IR certified(`SRIR cert`_). +More information on the corstone1000 subsystem product and design can be +found at: +`Arm corstone1000 Software`_ and `Arm corstone1000 Technical Overview`_. + +This readme explicitly focuses on the software part of the solution and +provides internal details on the software components. The reference +software package of the platform can be retrieved following instructions +present in the user-guide document. + +*************** +Design Overview +*************** + +The software architecture of corstone1000 platform is a reference +implementation of Platform Security Architecture (`PSA`_) which provides +framework to build secure IoT devices. + +The base system architecture of the platform is created from three +different tyes of systems: Secure Enclave, Host and External System. +Each subsystem provides different functionality to overall SoC. + + +.. image:: images/CorstoneSubsystems.png + :width: 720 + :alt: CorstoneSubsystems + + +The Secure Enclave System, provides PSA Root of Trust (RoT) and +cryptographic functions. It is based on an Cortex-M0+ processor, +CC312 Cryptographic Accelerator and peripherals, such as watchdog and +secure flash. Software running on the Secure Enclave is isolated via +hardware for enhanced security. Communication with the Secure Encalve +is achieved using Message Hnadling Units (MHUs) and shared memory. +On system power on, the Secure Enclaves boots first. Its software +comprises of two boot loading stages, both based on mcuboot, and +TrustedFirmware-M(`TF-M`_) as runtime software. The software design on +Secure Enclave follows Firmware Framework for M class +processor (`FF-M`_) specification. + +The Host System is based on ARM Cotex-A35 processor with standardized +peripherals to allow for the booting of a Linux OS. The Cortex-A35 has +the TrustZone technology that allows secure and non-secure security +states in the processor. The software design in the Host System follows +Firmware Framework for A class procseeor (`FF-A`_) specification. +The boot process follows Trusted Boot Base Requirement (`TBBR`_). +The Host Subsystem is taken out of reset by the Secure Enclave system +during its final stages of the initialization. The Host subsystem runs +FF-A Secure Partitions(based on `Trusted Services`_) and OPTEE-OS +(`OPTEE-OS`_) in the secure world, and u-boot(`u-boot repo`_) and +linux (`linux repo`_) in the non-secure world. The communication between +non-secure and the secure world is performed via FF-A messages. + +An external system is intended to implement use-case specific +functionality. The system is based on Cortex-M3 and run RTX RTOS. +Communictaion between external system and Host(cortex-A35) is performed +using MHU as transport mechanism and rpmsg messaging system. + +Overall, the corstone1000 architecture is designed to cover a range +of Power, Performance, and Area (PPA) applications, and enable extension +for use-case specific applications, for example, sensors, cloud +connectivitiy, and edge computing. + +***************** +Secure Boot Chain +***************** + +For the security of a device, it is essential that only authorized +software should run on the device. The corstone1000 boot uses a +Secure Boot Chain process where an already authenticated image verifies +and loads the following software in the chain. For the boot chain +process to work, the start of the chain should be trusted, forming the +Root of Trust (RoT) of the device. The RoT of the device is immutable in +nature and encoded into the device by the device owner before it +is deployed into the field. In Corstone1000, the BL1 image of the secure +enclave and content of the CC312 OTP (One Time Programmable) memory +forms the RoT. The BL1 image exists in ROM (Read Only Memory). + +.. image:: images/SecureBootChain.png + :width: 870 + :alt: SecureBootChain + +It is a lengthy chain to boot the software on corstone1000. On power on, +the secure enclave starts executing BL1 code from the ROM which is the RoT +of the device. Authentication of an image involves the steps listed below: + +- Load image from flash to dynamic RAM. +- The public key present in the image header is validated by comparing with the hash. Depending on the image, the hash of the public key is either stored in the OTP or part of the software which is being already verfied in the previous stages. +- The image is validated using the public key. + +In the secure enclave, BL1 authenticates the BL2 and passes the execution +control. BL2 authenticates the initial boot loader of the host (Host BL2) +and TF-M. The execution control is now passed to TF-M. TF-M being the run +time executable of secure enclaves initializes itself and, in the end, +brings the host CPU out of rest. The host follows the boot standard defined +in the `TBBR`_ to authenticate the secure and non-secure software. + +*************** +Secure Services +*************** + +corstone1000 is unique in providing a secure environment to run a secure +workload. The platform has Trustzone technology in the Host subsystem but +it also has hardware isolated secure enclave environment to run such secure +workloads. In corstone1000, known Secure Services such as Crypto, Protected +Storage, Internal Trusted Storage and Attestation are available via PSA +Functional APIs in TF-M. There is no difference for a user communicating to +these services which are running on a secure enclave instead of the +secure world of the host subsystem. The below diagram presents the data +flow path for such calls. + + +.. image:: images/SecureServices.png + :width: 930 + :alt: SecureServices + + +The SE Proxy SP (Secure Enclave Proxy Secure Partition) is a proxy partition +managed by OPTEE which forwards such calls to the secure enclave. The +solution relies on OpenAMP which uses shared memory and MHU interrupts as +a doorbell for communication between two cores. corstone1000 implements +isolation level 2. Cortex-M0+ MPU (Memory Protection Unit) is used to implement +isolation level 2. + +For a user to define its own secure service, both the options of the host +secure world or secure encalve are available. It's a trade-off between +lower latency vs higher security. Services running on a secure enclave are +secure by real hardware isolation but have a higher latency path. In the +second scenario, the services running on the secure world of the host +subsystem have lower latency but virtual hardware isolation created by +Trustzone technology. + + +********************** +Secure Firmware Update +********************** + +Apart from always booting the authorized images, it is also essential that +the device only accepts the authorized images in the firmware update +process. corstone1000 supports OTA (Over the Air) firmware updates and +follows Platform Security Firmware Update sepcification (`FWU`_). + +As standardized into `FWU`_, the external flash is divided into two +banks of which one bank has currently running images and the other bank is +used for staging new images. There are four updatable units, i.e. Secure +Enclave's BL2 and TF-M, and Host's FIP (Firmware Image Package) and Kernel +Image. The new images are accepted in the form of a UEFI capsule. + + +.. image:: images/ExternalFlash.png + :width: 690 + :alt: ExternalFlash + + +The Metadata Block in the flash has the below firmware update state machine. +TF-M runs an OTA service that is responsible for accepting and updating the +images in the flash. The communication between the UEFI Capsule update +subsystem and the OTA service follows the same data path explained above. +The OTA service writes the new images to the passive bank after successful +capsule verification. It changes the state of the system to trial state and +triggers the reset. Boot loaders in Secure Enclave and Host read the Metadata +block to get the information on the boot bank. In the successful trial stage, +the acknowledgment from the host moves the state of the system from trial to +regular. Any failure in the trial stage or system hangs leads to a system +reset. This is made sure by the use of watchdog hardware. The Secure Enclave's +BL1 has the logic to identify multiple resets and eventually switch back to the +previous good bank. The ability to revert to the previous bank is crucial to +guarantee the availability of the device. + + +.. image:: images/SecureFirmwareUpdate.png + :width: 430 + :alt: SecureFirmwareUpdate + + + +****************************** +UEFI Runtime Support in u-boot +****************************** + +Implementation of UEFI boottime and runtime APIs require variable storage. +In corstone1000, these UEFI variables are stored in the Protected Storage +service. The below diagram presents the data flow to store UEFI variables. +The u-boot implementation of the UEFI subsystem uses the FF-A driver to +communicate with the SMM Service in the secure world. The backend of the +SMM service uses the proxy PS from the SE Proxy SP. From there on, the PS +calls are forwarded to the secure enclave as explained above. + + +.. image:: images/UEFISupport.png + :width: 590 + :alt: UEFISupport + + +*************** +References +*************** +`ARM corstone1000 Search`_ +`Arm security features`_ + +-------------- + +*Copyright (c) 2022, Arm Limited. All rights reserved.* + +.. _Arm corstone1000 Technical Overview: https://developer.arm.com/documentation/102360/0000 +.. _Arm corstone1000 Software: https://developer.arm.com/Tools%20and%20Software/Corstone-1000%20Software +.. _Arm corstone1000 Search: https://developer.arm.com/search#q=corstone-1000 +.. _Arm security features: https://www.arm.com/architecture/security-features/platform-security +.. _linux repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ +.. _FF-A: https://developer.arm.com/documentation/den0077/latest +.. _FF-M: https://developer.arm.com/-/media/Files/pdf/PlatformSecurityArchitecture/Architect/DEN0063-PSA_Firmware_Framework-1.0.0-2.pdf?revision=2d1429fa-4b5b-461a-a60e-4ef3d8f7f4b4&hash=3BFD6F3E687F324672F18E5BE9F08EDC48087C93 +.. _FWU: https://developer.arm.com/documentation/den0118/a/ +.. _OPTEE-OS: https://github.com/OP-TEE/optee_os +.. _PSA: https://www.psacertified.org/ +.. _PSA L2 Ready: https://www.psacertified.org/products/corstone-1000/ +.. _SRIR cert: https://armkeil.blob.core.windows.net/developer/Files/pdf/certificate-list/arm-systemready-ir-certification-arm-corstone-1000.pdf +.. _TBBR: https://developer.arm.com/documentation/den0006/latest +.. _TF-M: https://www.trustedfirmware.org/projects/tf-m/ +.. _Trusted Services: https://www.trustedfirmware.org/projects/trusted-services/ +.. _u-boot repo: https://github.com/u-boot/u-boot.git diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/user-guide.rst b/meta-arm/meta-arm-bsp/documentation/corstone1000/user-guide.rst new file mode 100644 index 0000000000..d5930fc8e5 --- /dev/null +++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/user-guide.rst @@ -0,0 +1,685 @@ +.. + # Copyright (c) 2022, Arm Limited. + # + # SPDX-License-Identifier: MIT + +########## +User Guide +########## + +Notice +------ +The corstone1000 software stack uses the `Yocto Project <https://www.yoctoproject.org/>`__ to build +a tiny Linux distribution suitable for the corstone1000 platform. The Yocto Project relies on the +`Bitbake <https://docs.yoctoproject.org/bitbake.html#bitbake-documentation>`__ +tool as its build tool. Please see `Yocto Project documentation <https://docs.yoctoproject.org/>`__ +for more information. + + +Prerequisites +------------- +These instructions assume your host PC is running Ubuntu Linux 18.04 or 20.04 LTS, with +at least 32GB of free disk space and 16GB of RAM as minimum requirement. The +following instructions expect that you are using a bash shell. + +The following prerequisites must be available on the host system. To resolve these dependencies, run: + +:: + + sudo apt-get update + sudo apt-get install gawk wget git-core diffstat unzip texinfo gcc-multilib \ + build-essential chrpath socat cpio python3 python3-pip python3-pexpect \ + xz-utils debianutils iputils-ping python3-git libegl1-mesa libsdl1.2-dev \ + xterm zstd liblz4-tool picocom + sudo apt-get upgrade libstdc++6 + +Provided components +------------------- +Within the Yocto Project, each component included in the corstone1000 software stack is specified as +a `bitbake recipe <https://www.yoctoproject.org/docs/1.6/bitbake-user-manual/bitbake-user-manual.html#recipes>`__. +The recipes specific to the corstone1000 BSP are located at: +``<_workspace>/meta-arm/meta-arm-bsp/``. + +The Yocto machine config files for the corstone1000 FVP and FPGA are: + + - ``<_workspace>/meta-arm/meta-arm-bsp/conf/machine/include/corstone1000.inc`` + - ``<_workspace>/meta-arm/meta-arm-bsp/conf/machine/corstone1000-fvp.conf`` + - ``<_workspace>/meta-arm/meta-arm-bsp/conf/machine/corstone1000-mps3.conf`` + +***************** +Software for Host +***************** + +Trusted Firmware-A +================== +Based on `Trusted Firmware-A <https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git>`__ + ++----------+---------------------------------------------------------------------------------------------------+ +| bbappend | <_workspace>/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.7.bbappend | ++----------+---------------------------------------------------------------------------------------------------+ +| Recipe | <_workspace>/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.7.bb | ++----------+---------------------------------------------------------------------------------------------------+ + +OP-TEE +====== +Based on `OP-TEE <https://git.trustedfirmware.org/OP-TEE/optee_os.git>`__ + ++----------+------------------------------------------------------------------------------------+ +| bbappend | <_workspace>/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.18.0.bbappend | ++----------+------------------------------------------------------------------------------------+ +| Recipe | <_workspace>/meta-arm/meta-arm/recipes-security/optee/optee-os_3.18.0.bb | ++----------+------------------------------------------------------------------------------------+ + +U-Boot +======= +Based on `U-Boot <https://gitlab.com/u-boot>`__ + ++----------+---------------------------------------------------------------------+ +| bbappend | <_workspace>/meta-arm/meta-arm/recipes-bsp/u-boot/u-boot_%.bbappend | ++----------+---------------------------------------------------------------------+ +| Recipe | <_workspace>/poky/meta/recipes-bsp/u-boot/u-boot_2022.07.bb | ++----------+---------------------------------------------------------------------+ + +Linux +===== +The distro is based on the `poky-tiny <https://wiki.yoctoproject.org/wiki/Poky-Tiny>`__ +distribution which is a Linux distribution stripped down to a minimal configuration. + +The provided distribution is based on busybox and built using muslibc. The +recipe responsible for building a tiny version of linux is listed below. + ++-----------+----------------------------------------------------------------------------------------------+ +| bbappend | <_workspace>/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto_%.bbappend | ++-----------+----------------------------------------------------------------------------------------------+ +| Recipe | <_workspace>/poky/meta/recipes-kernel/linux/linux-yocto_5.19.bb | ++-----------+----------------------------------------------------------------------------------------------+ +| defconfig | <_workspace>/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/corstone1000/defconfig | ++-----------+----------------------------------------------------------------------------------------------+ + +************************************************** +Software for Boot Processor (a.k.a Secure Enclave) +************************************************** +Based on `Trusted Firmware-M <https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git>`__ + ++----------+-------------------------------------------------------------------------------------------------+ +| bbappend | <_workspace>/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m_%.bbappend | ++----------+-------------------------------------------------------------------------------------------------+ +| Recipe | <_workspace>/meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.6.0.bb | ++----------+-------------------------------------------------------------------------------------------------+ + +Building the software stack +--------------------------- +Create a new folder that will be your workspace and will henceforth be referred +to as ``<_workspace>`` in these instructions. To create the folder, run: + +:: + + mkdir <_workspace> + cd <_workspace> + +corstone1000 is a Bitbake based Yocto Project which uses kas and bitbake +commands to build the stack. To install kas tool, run: + +:: + + pip3 install kas + +In the top directory of the workspace ``<_workspace>``, run: + +:: + + git clone https://git.yoctoproject.org/git/meta-arm -b CORSTONE1000-2022.04.07 + +To build corstone1000 image for MPS3 FPGA, run: + +:: + + kas build meta-arm/kas/corstone1000-mps3.yml + +Alternatively, to build corstone1000 image for FVP, run: + +:: + + kas build meta-arm/kas/corstone1000-fvp.yml + +The initial clean build will be lengthy, given that all host utilities are to +be built as well as the target images. This includes host executables (python, +cmake, etc.) and the required toolchain(s). + +Once the build is successful, all output binaries will be placed in the following folders: + - ``<_workspace>/build/tmp/deploy/images/corstone1000-fvp/`` folder for FVP build; + - ``<_workspace>/build/tmp/deploy/images/corstone1000-mps3/`` folder for FPGA build. + +Everything apart from the ROM firmware is bundled into a single binary, the +``corstone1000-image-corstone1000-{mps3,fvp}.wic.nopt`` file. The ROM firmware is the +``bl1.bin`` file. + +The output binaries used by FVP are the following: + - The ROM firmware: ``<_workspace>/build/tmp/deploy/images/corstone1000-fvp/bl1.bin`` + - The flash image: ``<_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.wic.nopt`` + +The output binaries used by FPGA are the following: + - The ROM firmware: ``<_workspace>/build/tmp/deploy/images/corstone1000-mps3/bl1.bin`` + - The flash image: ``<_workspace>/build/tmp/deploy/images/corstone1000-mps3/corstone1000-image-corstone1000-mps3.wic.nopt`` + +Flash the firmware image on FPGA +-------------------------------- + +The user should download the FPGA bit file image from `this link <https://developer.arm.com/tools-and-software/development-boards/fpga-prototyping-boards/download-fpga-images>`__ +and under the section ``Arm® Corstone™-1000 for MPS3``. + +The directory structure of the FPGA bundle is shown below. + +:: + + Boardfiles + ├── MB + │  ├── BRD_LOG.TXT + │  ├── HBI0309B + │  │  ├── AN550 + │  │  │  ├── AN550_v1.bit + │  │  │  ├── an550_v1.txt + │  │  │  └── images.txt + │  │  ├── board.txt + │  │  └── mbb_v210.ebf + │  └── HBI0309C + │  ├── AN550 + │  │  ├── AN550_v1.bit + │  │  ├── an550_v1.txt + │  │  └── images.txt + │  ├── board.txt + │  └── mbb_v210.ebf + ├── SOFTWARE + │  ├── ES0.bin + │  ├── SE.bin + │  └── an550_st.axf + └── config.txt + +Depending upon the MPS3 board version (printed on the MPS3 board) you should update the images.txt file +(in corresponding HBI0309x folder) so that the file points to the images under SOFTWARE directory. + +Here is an example + +:: + + ;************************************************ + ; Preload port mapping * + ;************************************************ + ; PORT 0 & ADDRESS: 0x00_0000_0000 QSPI Flash (XNVM) (32MB) + ; PORT 0 & ADDRESS: 0x00_8000_0000 OCVM (DDR4 2GB) + ; PORT 1 Secure Enclave (M0+) ROM (64KB) + ; PORT 2 External System 0 (M3) Code RAM (256KB) + ; PORT 3 Secure Enclave OTP memory (8KB) + ; PORT 4 CVM (4MB) + ;************************************************ + + [IMAGES] + TOTALIMAGES: 2 ;Number of Images (Max: 32) + + IMAGE0PORT: 1 + IMAGE0ADDRESS: 0x00_0000_0000 + IMAGE0UPDATE: RAM + IMAGE0FILE: \SOFTWARE\bl1.bin + + IMAGE1PORT: 0 + IMAGE1ADDRESS: 0x00_00010_0000 + IMAGE1UPDATE: AUTOQSPI + IMAGE1FILE: \SOFTWARE\cs1000.bin + +OUTPUT_DIR = ``<_workspace>/build/tmp/deploy/images/corstone1000-mps3`` + +1. Copy ``bl1.bin`` from OUTPUT_DIR directory to SOFTWARE directory of the FPGA bundle. +2. Copy ``corstone1000-image-corstone1000-mps3.wic.nopt`` from OUTPUT_DIR directory to SOFTWARE + directory of the FPGA bundle and rename the wic image to ``cs1000.bin``. + +**NOTE:** Renaming of the images are required because MCC firmware has +limitation of 8 characters before .(dot) and 3 characters after .(dot). + +Now, copy the entire folder to board's SDCard and reboot the board. + +Running the software on FPGA +---------------------------- + +On the host machine, open 3 minicom sessions. In case of Linux machine it will +be ttyUSB0, ttyUSB1, ttyUSB2 and it might be different on Window machine. + + - ttyUSB0 for MCC, OP-TEE and Secure Partition + - ttyUSB1 for Boot Processor (Cortex-M0+) + - ttyUSB2 for Host Processor (Cortex-A35) + +Run following commands to open minicom sessions on Linux: + +:: + + sudo picocom -b 115200 /dev/ttyUSB0 # in one terminal + sudo picocom -b 115200 /dev/ttyUSB1 # in another terminal + sudo picocom -b 115200 /dev/ttyUSB2 # in another terminal. + +Once the system boot is completed, you should see console +logs on the minicom sessions. Once the HOST(Cortex-A35) is +booted completely, user can login to the shell using +**"root"** login. + +Running the software on FVP +--------------------------- +An FVP (Fixed Virtual Platform) of the corstone1000 platform must be available to execute the +included run script. + +The Fixed Virtual Platform (FVP) version 11.17_23 can be downloaded from the +`Arm Ecosystem FVPs`_ page. On this page, navigate to "Corstone IoT FVPs" +section to download the Corstone1000 platform FVP installer. Follow the +instructions of the installer and setup the FVP. + +<_workspace>/meta-arm/scripts/runfvp --terminals=xterm <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.fvpconf + +When the script is executed, three terminal instances will be launched, one for the boot processor +(aka Secure Enclave) processing element and two for the Host processing element. Once the FVP is +executing, the Boot Processor will start to boot, wherein the relevant memory contents of the .wic +file are copied to their respective memory locations within the model, enforce firewall policies +on memories and peripherals and then, bring the host out of reset. + +The host will boot trusted-firmware-a, OP-TEE, U-Boot and then Linux, and present a login prompt +(FVP host_terminal_0): + +:: + corstone1000-fvp login: + +Login using the username root. + +Running test applications +------------------------- + +**NOTE**: Running the SystemReady-IR tests described below requires the user to +work with USB sticks. In our testing, not all USB stick models work well with +MPS3 FPGA. Here are the USB sticks models that are stable in our test +environment. + + - HP V165W 8 GB USB Flash Drive + - SanDisk Ultra 32GB Dual USB Flash Drive USB M3.0 + - SanDisk Ultra 16GB Dual USB Flash Drive USB M3.0 + +**NOTE**: +Before running each of the tests in this chapter, the user should follow the +steps described in following section "Clean Secure Flash Before Testing" to +erase the SecureEnclave flash cleanly and prepare a clean board environment for +the testing. + +Clean Secure Flash Before Testing (applicable to FPGA only) +----------------------------------------------------------- +To prepare a clean board environment with clean secure flash for the testing, +the user should prepare an image that erases the secure flash cleanly during +boot. Run following commands to build such image. + +:: + + cd <_workspace> + git clone https://git.yoctoproject.org/git/meta-arm -b CORSTONE1000-2022.02.18 + git clone https://git.gitlab.arm.com/arm-reference-solutions/systemready-patch.git + cp -f systemready-patch/embedded-a/corstone1000/erase_flash/0001-arm-bsp-trusted-firmware-m-corstone1000-Clean-Secure.patch meta-arm + cd meta-arm + git apply 0001-arm-bsp-trusted-firmware-m-corstone1000-Clean-Secure.patch + cd .. + kas build meta-arm/kas/corstone1000-mps3.yml + +Replace the bl1.bin and cs1000.bin files on the SD card with following files: + - The ROM firmware: <_workspace>/build/tmp/deploy/images/corstone1000-mps3/bl1.bin + - The flash image: <_workspace>/build/tmp/deploy/images/corstone1000-mps3/corstone1000-image-corstone1000-mps3.wic.nopt + +Now reboot the board. This step erases the Corstone1000 SecureEnclave flash +completely, the user should expect following message from TF-M log: + +:: + + !!!SECURE FLASH HAS BEEN CLEANED!!! + NOW YOU CAN FLASH THE ACTUAL CORSTONE1000 IMAGE + PLEASE REMOVE THE LATEST ERASE SECURE FLASH PATCH AND BUILD THE IMAGE AGAIN + +Then the user should follow "Building the software stack" to build a clean +software stack and flash the FPGA as normal. And continue the testing. + +Run SystemReady-IR ACS tests +----------------------------- + +ACS image contains two partitions. BOOT partition and RESULTS partition. +Following packages are under BOOT partition + + * SCT + * FWTS + * BSA uefi + * BSA linux + * grub + * uefi manual capsule application + +RESULTS partition is used to store the test results. +PLEASE MAKE SURE THAT THE RESULTS PARTITION IS EMPTY BEFORE YOU START THE TESTING. OTHERWISE THE TEST RESULTS +WILL NOT BE CONSISTENT + +FPGA instructions for ACS image +------------------------------- + +This section describes how the user can build and run Architecture Compliance +Suite (ACS) tests on Corstone1000. + +First, the user should download the `Arm SystemReady ACS repository <https://github.com/ARM-software/arm-systemready/>`__. +This repository contains the infrastructure to build the Architecture +Compliance Suite (ACS) and the bootable prebuilt images to be used for the +certifications of SystemReady-IR. To download the repository, run command: + +:: + + cd <_workspace> + git clone https://github.com/ARM-software/arm-systemready.git -b v21.09_REL1.0 + +Once the repository is successfully downloaded, the prebuilt ACS live image can be found in: + - ``<_workspace>/arm-systemready/IR/prebuilt_images/v21.07_0.9_BETA/ir_acs_live_image.img.xz`` + +**NOTE**: This prebuilt ACS image includes v5.13 kernel, which doesn't provide +USB driver support for Corstone1000. The ACS image with newer kernel version +and with full USB support for Corstone1000 will be available in the next +SystemReady release in this repository. + +Then, the user should prepare a USB stick with ACS image. In the given example here, +we assume the USB device is ``/dev/sdb`` (the user should use ``lsblk`` command to +confirm). Be cautious here and don't confuse your host PC's own hard drive with the +USB drive. Run the following commands to prepare the ACS image in USB stick: + +:: + + cd <_workspace>/arm-systemready/IR/scripts/output/ + unxz ir_acs_live_image.img.xz + sudo dd if=ir_acs_live_image.img of=/dev/sdb iflag=direct oflag=direct bs=1M status=progress; sync + +Once the USB stick with ACS image is prepared, the user should make sure that +ensure that only the USB stick with the ACS image is connected to the board, +and then boot the board. + +FVP instructions for ACS image and run +--------------------------------------- + +Download acs image from: + - ``https://gitlab.arm.com/systemready/acs/arm-systemready/-/tree/linux-5.17-rc7/IR/prebuilt_images/v22.04_1.0-Linux-v5.17-rc7`` + +Use the below command to run the FVP with acs image support in the +SD card. + +:: + + unxz ${<path-to-img>/ir_acs_live_image.img.xz} + +<_workspace>/meta-arm/scripts/runfvp --terminals=xterm <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.fvpconf -- -C board.msd_mmc.p_mmc_file="${<path-to-img>/ir_acs_live_image.img}" + +The test results can be fetched using following commands: + +:: + + sudo mkdir /mnt/test + sudo mount -o rw,offset=<offset_2nd_partition> <path-to-img>/ir_acs_live_image.img /mnt/test/ + fdisk -lu <path-to-img>/ir_acs_live_image.img + -> Device Start End Sectors Size Type + /home/emeara01/Downloads/ir_acs_live_image_modified.img1 2048 1050622 1048575 512M Microsoft basic data + /home/emeara01/Downloads/ir_acs_live_image_modified.img2 1050624 1153022 102399 50M Microsoft basic data + + -> <offset_2nd_partition> = 1050624 * 512 (sector size) = 537919488 + +The FVP will reset multiple times during the test, and it might take up to 1 day to finish +the test. At the end of test, the FVP host terminal will halt showing a shell prompt. +Once test is finished, the FVP can be stoped, and result can be copied following above +instructions. + +Common to FVP and FPGA +----------------------- + +U-Boot should be able to boot the grub bootloader from +the 1st partition and if grub is not interrupted, tests are executed +automatically in the following sequence: + + - SCT + - UEFI BSA + - FWTS + - BSA Linux + +The results can be fetched from the ``acs_results`` partition of the USB stick (FPGA) / SD Card (FVP). + +Manual capsule update test +-------------------------- + +The following steps describe running manual capsule update with the ``direct`` +method. + +Check the "Run SystemReady-IR ACS tests" section above to download and unpack the acs image file + - ``ir_acs_live_image.img.xz`` + +Download edk2 and generate capsule file: + +:: + + git clone https://github.com/tianocore/edk2.git + edk2/BaseTools/BinWrappers/PosixLike/GenerateCapsule -e -o \ + cs1k_cap --fw-version 1 --lsv 0 --guid \ + e2bb9c06-70e9-4b14-97a3-5a7913176e3f --verbose --update-image-index \ + 0 --verbose <binary_file> + +The <binary_file> here should be a corstone1000-image-corstone1000-fvp.wic.nopt image for FVP and +corstone1000-image-corstone1000-mps3.wic.nopt for FPGA. And this input binary file +(capsule) should be less than 15 MB. + +Based on the user's requirement, the user can change the firmware version +number given to ``--fw-version`` option (the version number needs to be >= 1). + +Capsule Copy instructions for FPGA +----------------------------------- + +The user should prepare a USB stick as explained in ACS image section (see above). +Place the generated ``cs1k_cap`` file in the root directory of the boot partition +in the USB stick. Note: As we are running the direct method, the ``cs1k_cap`` file +should not be under the EFI/UpdateCapsule directory as this may or may not trigger +the on disk method. + +Capsule Copy instructions for FVP +--------------------------------- + +Run below commands to copy capsule into the +image file and run FVP software. + +:: + + sudo mkdir /mnt/test + sudo mount -o rw,offset=<offset_1st_partition> <path-to-img>/ir_acs_live_image.img /mnt/test/ + sudo cp cs1k_cap /mnt/test/ + sudo umount /mnt/test + exit + +<_workspace>/meta-arm/scripts/runfvp --terminals=xterm <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.fvpconf -- -C "board.msd_mmc.p_mmc_file ${<path-to-img>/ir_acs_live_image.img}" + +Size of first partition in the image file is calculated in the following way. The data is +just an example and might vary with different ir_acs_live_image.img files. + +:: + + fdisk -lu <path-to-img>/ir_acs_live_image.img + -> Device Start End Sectors Size Type + /home/emeara01/Downloads/ir_acs_live_image_modified.img1 2048 1050622 1048575 512M Microsoft basic data + /home/emeara01/Downloads/ir_acs_live_image_modified.img2 1050624 1153022 102399 50M Microsoft basic data + + -> <offset_1st_partition> = 2048 * 512 (sector size) = 1048576 + +Common to FVP and FPGA +----------------------- +Reach u-boot then interrupt shell to reach EFI shell. Use below command at EFI shell. + +:: + + FS0: + EFI/BOOT/app/CapsuleApp.efi cs1k_cap + +For this test, the user can provide two capsules for testing: a positive test +case capsule which boots the board correctly, and a negative test case with an +incorrect capsule which fails to boot the host software. + +In the positive case scenario, the user should see following log in TF-M log, +indicating the new capsule image is successfully applied, and the board boots +correctly. + +:: + + ... + SysTick_Handler: counted = 10, expiring on = 360 + SysTick_Handler: counted = 20, expiring on = 360 + SysTick_Handler: counted = 30, expiring on = 360 + ... + metadata_write: success: active = 1, previous = 0 + accept_full_capsule: exit: fwu state is changed to regular + ... + + +In the negative case scenario, the user should see appropriate logs in +the secure enclave terminal. If capsule pass initial verification, but fails +verifications performed during boot time, secure enclave will try new images +predetermined number of times (defined in the code), before reverting back to +the previous good bank. + +:: + + ... + metadata_write: success: active = 0, previous = 1 + fwu_select_previous: in regular state by choosing previous active bank + ... + +******************************************************* +Linux distro install and boot (applicable to FPGA only) +******************************************************* + +To test Linux distro install and boot, the user should prepare two empty USB sticks. + +Download one of following Linux distro images: + - Debian installer image: https://cdimage.debian.org/cdimage/weekly-builds/arm64/iso-dvd/ + - OpenSUSE Tumbleweed installer image: http://download.opensuse.org/ports/aarch64/tumbleweed/iso/ + - The user should look for a DVD Snapshot like openSUSE-Tumbleweed-DVD-aarch64-Snapshot20211125-Media.iso + +Once the .iso file is downloaded, the .iso file needs to be flashed to your USB drive. + +In the given example here, we assume the USB device is ``/dev/sdb`` (the user +should use `lsblk` command to confirm). Be cautious here and don't confuse your +host PC's own hard drive with the USB drive. Then copy the contents of an iso +file into the first USB stick, run: + +:: + + sudo dd if=</path/to/iso_file> of=/dev/sdb iflag=direct oflag=direct status=progress bs=1M; sync; + +Boot the MSP3 board with the first USB stick connected. Open following minicom sessions: + +:: + + sudo picocom -b 115200 /dev/ttyUSB0 # in one terminal + sudo picocom -b 115200 /dev/ttyUSB2 # in another terminal. + +Press <Ctrl+x>. + +Now plug in the second USB stick, the distro installation process will start. + +**NOTE:** Due to the performance limitation of Corstone1000 MPS3 FPGA, the +distro installation process can take up to 24 hours to complete. + +Once installation is complete, unplug the first USB stick and reboot the board. +After successfully installing and booting the Linux distro, the user should see +a login prompt: + +:: + + debian login: + +Login with the username root. + +Run psa-arch-test (applicable to both FPGA and FVP) +--------------------------------------------------- + +When running psa-arch-test on MPS3 FPGA, the user should make sure there is no +USB stick connected to the board. Power on the board and boot the board to +Linux. Then, the user should follow the steps below to run the psa_arch_tests. + +When running psa-arch-test on Corstone1000 FVP, the user should follow the +instructions in `Running the software on FVP`_ section to boot Linux in FVP +host_terminal_0, and login using the username ``root``. + +As a reference for the user's test results, the psa-arch-test report for `Corstone1000 software (CORSTONE1000-2022.02.18) <https://git.yoctoproject.org/meta-arm/tag/?h=CORSTONE1000-2022.02.18>`__ +can be found in `here <https://gitlab.arm.com/arm-reference-solutions/arm-reference-solutions-test-report/-/tree/master/embedded-a/corstone1000>`__. + +First, create a file containing SE_PROXY_SP UUID. Run: + +:: + + echo 46bb39d1-b4d9-45b5-88ff-040027dab249 > sp_uuid_list.txt + +Then, load FFA driver module into Linux kernel. Run: + +:: + + load_ffa_debugfs.sh . + +Then, check whether the FFA driver loaded correctly by using the following command: + +:: + + cat /proc/modules | grep arm_ffa_user + +The output should be: + +:: + + arm_ffa_user 16384 - - Live 0xffffffc0084b0000 (O) + +Now, run the PSA arch tests with following commands. The user should run the +tests in following order: + +:: + + psa-iat-api-test + psa-crypto-api-test + psa-its-api-test + psa-ps-api-test + +******************************************************** +Linux distro: OpenSUSE Raw image installation (FVP Only) +******************************************************** + +Steps to download openSUSE Tumbleweed raw image: + - Go to: http://download.opensuse.org/ports/aarch64/tumbleweed/appliances/ + - The user should look for a Tumbleweed-ARM-JeOS-efi.aarch64-* Snapshot, for example, ``openSUSE-Tumbleweed-ARM-JeOS-efi.aarch64-2022.03.18-Snapshot20220331.raw.xz`` + +Once the .raw.xz file is downloaded, the raw image file needs to be extracted: + +:: + + unxz <file-name.raw.xz> + + +The above command will generate a file ending with extension .raw image. Now, use the following command +to run FVP with raw image installation process. + +:: + +<_workspace>/meta-arm/scripts/runfvp --terminals=xterm <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.fvpconf -- -C board.msd_mmc.p_mmc_file="${openSUSE raw image file path}" + +After successfully installing and booting the Linux distro, the user should see +a openSUSE login prompt. + +:: + + localhost login: + +Login with the username 'root' and password 'linux'. + +************************************** +Running the software on FVP on Windows +************************************** +If the user needs to run the Corstone1000 software on FVP on Windows. The user +should follow the build instructions in this document to build on Linux host +PC, and copy the output binaries to the Windows PC where the FVP is located, +and launch the FVP binary. + +-------------- + +*Copyright (c) 2021, Arm Limited. All rights reserved.* + +.. _Arm Ecosystem FVPs: https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps diff --git a/meta-arm/meta-arm-bsp/documentation/requirements.txt b/meta-arm/meta-arm-bsp/documentation/requirements.txt new file mode 100644 index 0000000000..b82e5e071a --- /dev/null +++ b/meta-arm/meta-arm-bsp/documentation/requirements.txt @@ -0,0 +1,12 @@ +# Copyright (c) 2022, Arm Limited. +# +# SPDX-License-Identifier: MIT + +# Read The Docs specific +jinja2==3.1.1 + +# Required to build the documentation +sphinx==4.5.0 +sphinx_rtd_theme==1.0.0 +sphinx-copybutton==0.5.0 +docutils==0.17.1 diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0003-tc-increase-heap-pages.patch b/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0003-tc-increase-heap-pages.patch index e86707389e..dfec5d8394 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0003-tc-increase-heap-pages.patch +++ b/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0003-tc-increase-heap-pages.patch @@ -3,6 +3,7 @@ From: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com> Date: Fri, 29 Apr 2022 20:07:50 +0100 Subject: [PATCH] tc: increase heap pages +Upstream-Status: Pending Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com> --- /BUILD.gn | 2 +- diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0001-corstone1000-platform-secure-test-framework.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0001-corstone1000-platform-secure-test-framework.patch new file mode 100644 index 0000000000..8f63319149 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0001-corstone1000-platform-secure-test-framework.patch @@ -0,0 +1,359 @@ +From 6ab17eeb8225cdf4afc6956c9a2774d60866c36d Mon Sep 17 00:00:00 2001 +From: Satish Kumar <satish.kumar01@arm.com> +Date: Mon, 28 Mar 2022 05:16:50 +0100 +Subject: [PATCH 1/6] corstone1000: platform secure test framework + +Change-Id: Ib781927f0add93ec9c06515d251e79518ee1db6e +Signed-off-by: Satish Kumar <satish.kumar01@arm.com> +Upstream-Status: Accepted [TF-Mv1.7.0] +--- + .../arm/corstone1000/Native_Driver/firewall.c | 15 ++ + .../arm/corstone1000/Native_Driver/firewall.h | 5 + + .../ci_regression_tests/CMakeLists.txt | 45 +++++ + .../corstone1000/ci_regression_tests/s_test.c | 186 ++++++++++++++++++ + .../corstone1000/ci_regression_tests/s_test.h | 30 +++ + .../ci_regression_tests/s_test_config.cmake | 8 + + 6 files changed, 289 insertions(+) + create mode 100644 platform/ext/target/arm/corstone1000/ci_regression_tests/CMakeLists.txt + create mode 100644 platform/ext/target/arm/corstone1000/ci_regression_tests/s_test.c + create mode 100644 platform/ext/target/arm/corstone1000/ci_regression_tests/s_test.h + create mode 100644 platform/ext/target/arm/corstone1000/ci_regression_tests/s_test_config.cmake + +diff --git a/platform/ext/target/arm/corstone1000/Native_Driver/firewall.c b/platform/ext/target/arm/corstone1000/Native_Driver/firewall.c +index 788cc3ec92..356b85e9d5 100755 +--- a/platform/ext/target/arm/corstone1000/Native_Driver/firewall.c ++++ b/platform/ext/target/arm/corstone1000/Native_Driver/firewall.c +@@ -293,6 +293,21 @@ void fc_enable_mpl(enum rgn_mpe_t mpe, enum rgn_mpl_t mpl) + ptr->rgn_mpl3 |= (mpl & RGN_MPL_EN_MASK); + } + ++void fc_read_mpl(enum rgn_mpe_t mpe, enum rgn_mpl_t* mpl) ++{ ++ struct _firewall_pe_rwe_reg_map_t *ptr = ++ (struct _firewall_pe_rwe_reg_map_t *)fw_data.rwe_ptr; ++ if (mpe == RGN_MPE0) ++ *mpl = (ptr->rgn_mpl0 & RGN_MPL_EN_MASK); ++ else if (mpe == RGN_MPE1) ++ *mpl = (ptr->rgn_mpl1 & RGN_MPL_EN_MASK); ++ else if (mpe == RGN_MPE2) ++ *mpl = (ptr->rgn_mpl2 & RGN_MPL_EN_MASK); ++ else if (mpe == RGN_MPE3) ++ *mpl = (ptr->rgn_mpl3 & RGN_MPL_EN_MASK); ++} ++ ++ + void fc_disable_mpl(enum rgn_mpe_t mpe, enum rgn_mpl_t mpl) + { + struct _firewall_pe_rwe_reg_map_t *ptr = +diff --git a/platform/ext/target/arm/corstone1000/Native_Driver/firewall.h b/platform/ext/target/arm/corstone1000/Native_Driver/firewall.h +index 48c86725ef..17afe6a92f 100755 +--- a/platform/ext/target/arm/corstone1000/Native_Driver/firewall.h ++++ b/platform/ext/target/arm/corstone1000/Native_Driver/firewall.h +@@ -247,6 +247,11 @@ void fc_init_mpl(enum rgn_mpe_t mpe); + */ + void fc_enable_mpl(enum rgn_mpe_t mpe, enum rgn_mpl_t mpl); + ++/** ++ * \brief Reads Master Permission List in the selected Firewall Component ++ */ ++void fc_read_mpl(enum rgn_mpe_t mpe, enum rgn_mpl_t* mpl); ++ + /** + * \brief Disables Master Permission List in the selected Firewall Component + */ +diff --git a/platform/ext/target/arm/corstone1000/ci_regression_tests/CMakeLists.txt b/platform/ext/target/arm/corstone1000/ci_regression_tests/CMakeLists.txt +new file mode 100644 +index 0000000000..70e1c20e4e +--- /dev/null ++++ b/platform/ext/target/arm/corstone1000/ci_regression_tests/CMakeLists.txt +@@ -0,0 +1,45 @@ ++#------------------------------------------------------------------------------- ++# Copyright (c) 2021-22, Arm Limited. All rights reserved. ++# ++# SPDX-License-Identifier: BSD-3-Clause ++# ++#------------------------------------------------------------------------------- ++ ++cmake_policy(SET CMP0079 NEW) ++ ++include(${CMAKE_CURRENT_SOURCE_DIR}/s_test_config.cmake) ++ ++####################### Secure ################################################# ++ ++add_library(corstone1000_test_s STATIC EXCLUDE_FROM_ALL) ++ ++target_sources(corstone1000_test_s ++ PRIVATE ++ ${CMAKE_CURRENT_SOURCE_DIR}/s_test.c ++ ../Native_Driver/firewall.c ++) ++ ++target_include_directories(corstone1000_test_s ++ PRIVATE ++ ${CMAKE_CURRENT_SOURCE_DIR} ++ ../Device/Include ++ ../Native_Driver ++) ++ ++# Example test links tfm_test_suite_extra_common to use related interface ++target_link_libraries(corstone1000_test_s ++ PRIVATE ++ tfm_test_suite_extra_common ++ tfm_log ++) ++ ++target_compile_definitions(corstone1000_test_s ++ PRIVATE ++ $<$<BOOL:${PLATFORM_IS_FVP}>:PLATFORM_IS_FVP> ++) ++ ++# The corstone1000_test_s library is linked by tfm_test_suite_extra_s ++target_link_libraries(tfm_test_suite_extra_s ++ PRIVATE ++ corstone1000_test_s ++) +diff --git a/platform/ext/target/arm/corstone1000/ci_regression_tests/s_test.c b/platform/ext/target/arm/corstone1000/ci_regression_tests/s_test.c +new file mode 100644 +index 0000000000..963f46d2ab +--- /dev/null ++++ b/platform/ext/target/arm/corstone1000/ci_regression_tests/s_test.c +@@ -0,0 +1,186 @@ ++/* ++ * Copyright (c) 2021-22, Arm Limited. All rights reserved. ++ * ++ * SPDX-License-Identifier: BSD-3-Clause ++ * ++ */ ++ ++#include "s_test.h" ++#include "platform_base_address.h" ++#include "firewall.h" ++#include "tfm_log_raw.h" ++ ++#define DISABLED_TEST 0 ++ ++enum host_firewall_host_comp_id_t { ++ HOST_FCTRL = (0x00u), ++ COMP_SYSPERIPH, ++ COMP_DBGPERIPH, ++ COMP_AONPERIPH, ++ COMP_XNVM, ++ COMP_CVM, ++ COMP_HOSTCPU, ++ COMP_EXTSYS0, ++ COMP_EXTSYS1, ++ COMP_EXPSLV0, ++ COMP_EXPSLV1, ++ COMP_EXPMST0, ++ COMP_EXPMST1, ++ COMP_OCVM, ++ COMP_DEBUG, ++}; ++ ++const struct extra_tests_t plat_s_t = { ++ .test_entry = s_test, ++ .expected_ret = EXTRA_TEST_SUCCESS ++}; ++ ++static int test_host_firewall_status(void) ++{ ++ enum fw_lockdown_status_t status; ++ uint32_t any_component_id = 2; ++ ++ fc_select((void *)CORSTONE1000_HOST_FIREWALL_BASE, any_component_id); ++ status = fw_get_lockdown_status(); ++ if (status != FW_LOCKED) { ++ tfm_log_printf("FAIL: %s.\n\r", __func__); ++ return EXTRA_TEST_FAILED; ++ } ++ ++ tfm_log_printf("PASS: %s\n\r", __func__); ++ return EXTRA_TEST_SUCCESS; ++} ++ ++static int test_host_firewall_external_flash_configurations(void) ++{ ++ enum rgn_mpl_t mpl_rights = 0; ++ enum rgn_mpl_t expected_rights = 0; ++ ++#if !(PLATFORM_IS_FVP) ++ /* External flash */ ++ fc_select((void *)CORSTONE1000_HOST_FIREWALL_BASE, COMP_EXPMST0); ++ fc_select_region(3); ++ fc_read_mpl(RGN_MPE0, &mpl_rights); ++ expected_rights = (RGN_MPL_ANY_MST_MASK | RGN_MPL_SECURE_READ_MASK | ++ RGN_MPL_SECURE_WRITE_MASK); ++ if (mpl_rights != expected_rights) { ++ tfm_log_printf("FAIL1: %s.\n\r", __func__); ++ return EXTRA_TEST_FAILED; ++ } ++ /* XIP Permissions */ ++ fc_select((void *)CORSTONE1000_HOST_FIREWALL_BASE, COMP_XNVM); ++ fc_select_region(1); ++ fc_read_mpl(RGN_MPE0, &mpl_rights); ++ expected_rights = (RGN_MPL_ANY_MST_MASK | ++ RGN_MPL_SECURE_READ_MASK | ++ RGN_MPL_NONSECURE_READ_MASK); ++ if (mpl_rights != expected_rights) { ++ tfm_log_printf("FAIL2: %s.\n\r", __func__); ++ return EXTRA_TEST_FAILED; ++ } ++#else ++ /* Enable the below test when FVP Host Firewall is configured. */ ++ /* ++ fc_select((void *)CORSTONE1000_HOST_FIREWALL_BASE, COMP_XNVM); ++ fc_select_region(1); ++ fc_read_mpl(RGN_MPE0, &mpl_rights); ++ tfm_log_printf("mpl rights = %d\n\r", mpl_rights); ++ expected_rights = (RGN_MPL_ANY_MST_MASK | ++ RGN_MPL_SECURE_READ_MASK | ++ RGN_MPL_SECURE_WRITE_MASK | ++ RGN_MPL_NONSECURE_READ_MASK | ++ RGN_MPL_NONSECURE_WRITE_MASK); ++ if (mpl_rights != expected_rights) { ++ tfm_log_printf("FAIL1: %s.\n\r", __func__); ++ return EXTRA_TEST_FAILED; ++ } ++ */ ++#endif ++ ++ tfm_log_printf("PASS: %s\n\r", __func__); ++ return EXTRA_TEST_SUCCESS; ++} ++ ++static int test_host_firewall_secure_flash_configurations(void) ++{ ++ enum rgn_mpl_t mpl_rights = 0; ++ enum rgn_mpl_t expected_rights = 0; ++ ++#if !(PLATFORM_IS_FVP) ++ /* External flash */ ++ fc_select((void *)CORSTONE1000_HOST_FIREWALL_BASE, COMP_EXPMST1); ++ fc_select_region(1); ++ fc_read_mpl(RGN_MPE0, &mpl_rights); ++ expected_rights = (RGN_MPL_ANY_MST_MASK | RGN_MPL_SECURE_READ_MASK | ++ RGN_MPL_SECURE_WRITE_MASK); ++ if (mpl_rights != expected_rights) { ++ tfm_log_printf("FAIL: %s.\n\r", __func__); ++ return EXTRA_TEST_FAILED; ++ } ++#endif ++ ++ tfm_log_printf("PASS: %s\n\r", __func__); ++ return EXTRA_TEST_SUCCESS; ++} ++ ++static int test_bir_programming(void) ++{ ++ /* BIR is expected to bhaive like write once register */ ++ ++ volatile uint32_t *bir_base = (uint32_t *)CORSTONE1000_HOST_BIR_BASE; ++ ++ bir_base[0] = 0x1; ++ bir_base[0] = 0x2; ++ if (bir_base[0] != 0x1) { ++ tfm_log_printf("FAIL: %s : (%u)\n\r", __func__, bir_base[0]); ++ return EXTRA_TEST_FAILED; ++ } ++ ++ tfm_log_printf("PASS: %s\n\r", __func__); ++ return EXTRA_TEST_SUCCESS; ++} ++ ++int32_t s_test(void) ++{ ++ int status; ++ int failures = 0; ++ ++#if (DISABLED_TEST == 1) ++ status = test_host_firewall_status(); ++ if (status) { ++ failures++; ++ } ++#endif ++ ++ status = test_host_firewall_secure_flash_configurations(); ++ if (status) { ++ failures++; ++ } ++ ++ status = test_host_firewall_external_flash_configurations(); ++ if (status) { ++ failures++; ++ } ++ ++#if (DISABLED_TEST == 1) ++ status = test_bir_programming(); ++ if (status) { ++ failures++; ++ } ++#endif ++ ++ if (failures) { ++ tfm_log_printf("Not all platform test could pass: failures=%d\n\r", failures); ++ return EXTRA_TEST_FAILED; ++ } ++ ++ tfm_log_printf("ALL_PASS: corstone1000 platform test cases passed.\n\r"); ++ return EXTRA_TEST_SUCCESS; ++} ++ ++int32_t extra_tests_init(struct extra_tests_t *internal_test_t) ++{ ++ /* Add platform init code here. */ ++ ++ return register_extra_tests(internal_test_t, &plat_s_t); ++} +diff --git a/platform/ext/target/arm/corstone1000/ci_regression_tests/s_test.h b/platform/ext/target/arm/corstone1000/ci_regression_tests/s_test.h +new file mode 100644 +index 0000000000..8aff4d679c +--- /dev/null ++++ b/platform/ext/target/arm/corstone1000/ci_regression_tests/s_test.h +@@ -0,0 +1,30 @@ ++/* ++ * Copyright (c) 2021-22, Arm Limited. All rights reserved. ++ * ++ * SPDX-License-Identifier: BSD-3-Clause ++ * ++ */ ++ ++#ifndef __S_TESTS_H__ ++#define __S_TESTS_H__ ++ ++#include "extra_tests_common.h" ++ ++#ifdef __cplusplus ++extern "C" { ++#endif ++ ++const struct extra_tests_t plat_s_t; ++ ++/** ++ * \brief Platform specific secure test function. ++ * ++ * \returns Returns error code as specified in \ref int32_t ++ */ ++int32_t s_test(void); ++ ++#ifdef __cplusplus ++} ++#endif ++ ++#endif /* __S_TESTS_H__ */ +diff --git a/platform/ext/target/arm/corstone1000/ci_regression_tests/s_test_config.cmake b/platform/ext/target/arm/corstone1000/ci_regression_tests/s_test_config.cmake +new file mode 100644 +index 0000000000..bb8d26bf1c +--- /dev/null ++++ b/platform/ext/target/arm/corstone1000/ci_regression_tests/s_test_config.cmake +@@ -0,0 +1,8 @@ ++#------------------------------------------------------------------------------- ++# Copyright (c) 2021-22, Arm Limited. All rights reserved. ++# ++# SPDX-License-Identifier: BSD-3-Clause ++# ++#------------------------------------------------------------------------------- ++ ++############ Define secure test specific cmake configurations here ############# +-- +2.25.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0002-corstone1000-make-external-system-support-optional.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0002-corstone1000-make-external-system-support-optional.patch new file mode 100644 index 0000000000..c6bacb49f9 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0002-corstone1000-make-external-system-support-optional.patch @@ -0,0 +1,77 @@ +From 6fd49ab55c3419429e437845864c5bb2d731da29 Mon Sep 17 00:00:00 2001 +From: Satish Kumar <satish.kumar01@arm.com> +Date: Mon, 25 Apr 2022 05:26:38 +0100 +Subject: [PATCH 2/6] corstone1000: make external system support optional + +The commits introduce build time variables to make +external system support in the platform optional. + +Change-Id: I593014e0da4ac553c105c66ae55f6fd83ffe427e +Signed-off-by: Satish Kumar <satish.kumar01@arm.com> +Upstream-Status: Accepted [TF-Mv1.7.0] +--- + .../ext/target/arm/corstone1000/CMakeLists.txt | 1 + + platform/ext/target/arm/corstone1000/config.cmake | 1 + + .../target/arm/corstone1000/tfm_hal_multi_core.c | 15 +++++++++++++++ + 3 files changed, 17 insertions(+) + +diff --git a/platform/ext/target/arm/corstone1000/CMakeLists.txt b/platform/ext/target/arm/corstone1000/CMakeLists.txt +index 16bc708964..39d7b03455 100644 +--- a/platform/ext/target/arm/corstone1000/CMakeLists.txt ++++ b/platform/ext/target/arm/corstone1000/CMakeLists.txt +@@ -97,6 +97,7 @@ target_compile_definitions(platform_s + PRIVATE + $<$<BOOL:${PLATFORM_IS_FVP}>:PLATFORM_IS_FVP> + $<$<BOOL:${TEST_S}>:TEST_S> ++ $<$<BOOL:${EXTERNAL_SYSTEM_SUPPORT}>:EXTERNAL_SYSTEM_SUPPORT> + ) + + #========================= Platform BL2 =======================================# +diff --git a/platform/ext/target/arm/corstone1000/config.cmake b/platform/ext/target/arm/corstone1000/config.cmake +index e5f91108ee..a3399db318 100644 +--- a/platform/ext/target/arm/corstone1000/config.cmake ++++ b/platform/ext/target/arm/corstone1000/config.cmake +@@ -21,6 +21,7 @@ set(CRYPTO_HW_ACCELERATOR ON CACHE BOOL "Whether to en + set(CRYPTO_NV_SEED OFF CACHE BOOL "Use stored NV seed to provide entropy") + set(TFM_CRYPTO_TEST_ALG_CFB OFF CACHE BOOL "Test CFB cryptography mode") + set(NS FALSE CACHE BOOL "Whether to build NS app") ++set(EXTERNAL_SYSTEM_SUPPORT OFF CACHE BOOL "Whether to include external system support.") + + # FVP is not integrated/tested with CC312. + if (${PLATFORM_IS_FVP}) +diff --git a/platform/ext/target/arm/corstone1000/tfm_hal_multi_core.c b/platform/ext/target/arm/corstone1000/tfm_hal_multi_core.c +index 8e1b455086..8622844d91 100644 +--- a/platform/ext/target/arm/corstone1000/tfm_hal_multi_core.c ++++ b/platform/ext/target/arm/corstone1000/tfm_hal_multi_core.c +@@ -16,6 +16,16 @@ + #define HOST_CPU_PE0_CONFIG_OFFSET 0x010 + #define AA64nAA32_MASK (1 << 3) + ++#ifdef EXTERNAL_SYSTEM_SUPPORT ++void tfm_external_system_boot() ++{ ++ volatile uint32_t *ext_sys_reset_ctl_reg = (uint32_t *)(CORSTONE1000_EXT_SYS_RESET_REG); ++ ++ /* de-assert CPU_WAIT signal*/ ++ *ext_sys_reset_ctl_reg = 0x0; ++} ++#endif ++ + void tfm_hal_boot_ns_cpu(uintptr_t start_addr) + { + /* Switch the shared flash to XiP mode for the host */ +@@ -53,6 +63,11 @@ void tfm_hal_boot_ns_cpu(uintptr_t start_addr) + *reset_ctl_reg = 0; + + (void) start_addr; ++ ++#ifdef EXTERNAL_SYSTEM_SUPPORT ++ /*release EXT SYS out of reset*/ ++ tfm_external_system_boot(); ++#endif + } + + void tfm_hal_wait_for_ns_cpu_ready(void) +-- +2.25.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0003-corstone1000-enable-secure-enclave-run-without-host-.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0003-corstone1000-enable-secure-enclave-run-without-host-.patch new file mode 100644 index 0000000000..6422952264 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0003-corstone1000-enable-secure-enclave-run-without-host-.patch @@ -0,0 +1,298 @@ +From 2e56f2601249243f2fb3ba67caf9febe4bfc8371 Mon Sep 17 00:00:00 2001 +From: Satish Kumar <satish.kumar01@arm.com> +Date: Tue, 26 Apr 2022 20:17:13 +0100 +Subject: [PATCH 3/6] corstone1000: enable secure enclave run without host + binaries + +In TEST_S configuration, the build disables part of the code which +assumes that the host binaries are present in the flash. This change +will allow secure enclave's part of the platforms software to build +and run without the host support. The configuration can be used to run +CI and test secure enclave software independently. + +Change-Id: I29325750a3bea270fe5b3b8b47932a7071a59482 +Signed-off-by: Satish Kumar <satish.kumar01@arm.com> +Upstream-Status: Accepted [TF-Mv1.7.0] +--- + .../ext/target/arm/corstone1000/readme.rst | 88 +++++++++++++++---- + .../target/arm/corstone1000/CMakeLists.txt | 8 +- + .../arm/corstone1000/bl1/CMakeLists.txt | 2 +- + .../target/arm/corstone1000/bl2_flash_map.c | 2 + + .../target/arm/corstone1000/boot_hal_bl2.c | 2 + + .../ext/target/arm/corstone1000/config.cmake | 11 ++- + .../arm/corstone1000/partition/flash_layout.h | 2 +- + .../arm/corstone1000/tfm_hal_multi_core.c | 2 + + 8 files changed, 94 insertions(+), 23 deletions(-) + +diff --git a/docs/platform/ext/target/arm/corstone1000/readme.rst b/docs/platform/ext/target/arm/corstone1000/readme.rst +index 94b58ac6fc..10c9c58f78 100644 +--- a/docs/platform/ext/target/arm/corstone1000/readme.rst ++++ b/docs/platform/ext/target/arm/corstone1000/readme.rst +@@ -7,22 +7,27 @@ Introduction + ************ + + The ARM's Corstone-1000 platform is a reference implementation of PSA FF-M +-architecture where NSPE and SPE environments are partitioned into ++architecture where NSPE and SPE environments are partitioned/isolated into + Cortex-A35 and Cortex-M0+ respectively. + + Cortex-M0+ acting as Secure Enclave is the Root-of-trust of SoC. Its +-software comprises of two boot loading stages, i.e. Bl1 and Bl2, based on +-mcuboot, and TF-M as run time software. Cortex-A35, also referred as host, +-is completely treated as non-secure from the Secure Enclave perspective. ++software comprises of two boot loading stages, i.e. Bl1 and Bl2 (based on ++mcuboot) and TF-M as run time software. Cortex-A35, also referred as host, ++is treated as non-secure from the Secure Enclave perspective. + The Cortex-A35 is brought out of rest by Secure Enclave in aarch64 bit mode, + and boots the software ecosystem based on linux, u-boot, UEFI run time +-services, TF-A and Optee. ++services, TF-A, Secure Partitions and Optee. + + The communication between NSPE and SPE is based on PSA IPC protocol running on +-top of OpenAMP. ++top of FF-A/OpenAMP. + + The secure enclave subsystem has ARM's CC-312 (Crypto Cell) hardware to +-accelerate cryptographic operations. ++accelerate cryptographic operations. Additionaly, platform supports Secure Debug ++using SDC-600 as the communication interface between host debugger and platform ++target. The platform has the build option to enable secure debug protocol to ++unlock debug ports during boot time. The protocol is based on ARM's ADAC ++(Authenticated Debug Access Control) standard. ++ + + *********** + System boot +@@ -33,23 +38,76 @@ System boot + - BL1 load, verifies and transfer execution to BL2 which is again based on mcuboot. + - BL2 loads and verifies TF-M and host's initial boot loader image. + - BL2 transfer the execution to the TF-M. +-- During TF-M initialization, the host is reset. ++- During TF-M initialization, the host is taken out of rest. ++- Hashes of the keys used for image verification are stored in the OTP memory. + + ***** + Build + ***** + +-.. code-block:: ++Platform solution ++================= ++ ++The platform binaries are build using Yocto. Below is the user guide: ++ ++`Arm Corstone-1000 User Guide`_ ++ ++Secure Test ++=========== ++ ++This section can be used to test the secure enclave software indedendently from ++the host. The below configuration builds the secure enclave binaries with CI test ++frame integrated. On boot, secure enclave softwares stack is brought up, and ++CI tests starts executing at the end of the initialization process. In the ++below configuration, host software support is disabled, and meant only ++to test/verify the secure enclave softwares. ++ ++FVP ++--- + +- cmake -B build/ -S <tf-m-root>/ -DCMAKE_BUILD_TYPE=Debug -DTFM_TOOLCHAIN_FILE=<tf-m-root>/toolchain_GNUARM.cmake -DTFM_PLATFORM=arm/corstone1000 ++- Download Corstone-1000 FVP from : `Arm Ecosystem FVPs`_ ++- Install FVP by running the shell script. ++- Running of the binary will boot secure enclave software stack and at the end all CI test ++ from tf-m-test along with platform specific tests are executed. ++ ++.. code-block:: bash ++ ++ cmake -B build/ -S <tf-m-root>/ -DCMAKE_BUILD_TYPE=Debug -DTFM_TOOLCHAIN_FILE=<tf-m-root>/toolchain_GNUARM.cmake -DTFM_PLATFORM=arm/corstone1000 -DPLATFORM_IS_FVP=TRUE -DTEST_NS=OFF -DTEST_S=ON -DEXTRA_S_TEST_SUITES_PATHS=<tf-m-root>/trusted-firmware-m/platform/ext/target/arm/corstone1000/ci_regression_tests/ + cmake --build build -- install ++ cd ./build/install/outputs/ ++ cat bl2_signed.bin bl2_signed.bin tfm_s_signed.bin > cs1000.bin ++ cd <path-to-FVP-installation>/models/Linux64_GCC-9.3/ ++ ./FVP_Corstone-1000 -C board.flashloader0.fname="none" -C se.trustedBootROMloader.fname="./<path-to-build-dir>/install/outputs/bl1.bin" -C board.xnvm_size=64 -C se.trustedSRAM_config=6 -C se.BootROM_config="3" -C board.smsc_91c111.enabled=0 -C board.hostbridge.userNetworking=true --data board.flash0=./<path-to-build-dir>/install/outputs/cs1000.bin@0x68100000 -C diagnostics=4 -C disable_visualisation=true -C board.se_flash_size=8192 -C diagnostics=4 -C disable_visualisation=true ++ ++FPGA ++---- + +-The binaries will be installed inside: ++- Follow the above pointed platform user guide to setup the FPGA board. ++- Use the BL1 generated from the below commands to place it inside FPGA board SD Card. ++- Use the cs1000.bin created from the below commands to place it inside FPGA board SD Card. ++ ++.. code-block:: bash ++ ++ cmake -B build/ -S <tf-m-root>/ -DCMAKE_BUILD_TYPE=Debug -DTFM_TOOLCHAIN_FILE=<tf-m-root>/toolchain_GNUARM.cmake -DTFM_PLATFORM=arm/corstone1000 -DTEST_NS=OFF -DTEST_S=ON -DEXTRA_S_TEST_SUITES_PATHS=<tf-m-root>/trusted-firmware-m/platform/ext/target/arm/corstone1000/ci_regression_tests/ -DTEST_S_PS=OFF -DTEST_S_PLATFORM=OFF ++ cmake --build build -- install ++ cd ./build/install/outputs/ ++ cat bl2_signed.bin bl2_signed.bin tfm_s_signed.bin > cs1000.bin ++ cp bl1.bin <path-to-FPGA-SD-CARD>/SOFTWARE/ ++ cp cs1000.bin <path-to-FPGA-SD-CARD>/SOFTWARE/ + +-.. code-block:: ++FPGA build can not compile all the CI tests into a single build as it exceeds ++the available RAM size. So there is a need to select few tests but not all. ++The above configuration disable build of -DTEST_S_PS and -DTEST_S_PLATFORM. ++Other test configurations are: + +- ./build/install/outputs/ARM/CORSTONE1000 ++- -DTEST_S_ATTESTATION=ON/OFF ++- -DTEST_S_AUDIT=ON/OFF ++- -DTEST_S_CRYPTO=ON/OFF ++- -DTEST_S_ITS=ON/OFF ++- -DTEST_S_PS=ON/OFF ++- -DTEST_S_PLATFORM=ON/OFF + +--------------- ++*Copyright (c) 2021-2022, Arm Limited. All rights reserved.* + +-*Copyright (c) 2021, Arm Limited. All rights reserved.* ++.. _Arm Ecosystem FVPs: https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps ++.. _Arm Corstone-1000 User Guide: https://gitlab.arm.com/arm-reference-solutions/arm-reference-solutions-docs/-/blob/CORSTONE1000-2022.04.19/docs/embedded-a/corstone1000/user-guide.rst +diff --git a/platform/ext/target/arm/corstone1000/CMakeLists.txt b/platform/ext/target/arm/corstone1000/CMakeLists.txt +index 39d7b03455..81522c7cf0 100644 +--- a/platform/ext/target/arm/corstone1000/CMakeLists.txt ++++ b/platform/ext/target/arm/corstone1000/CMakeLists.txt +@@ -18,7 +18,7 @@ target_include_directories(platform_region_defs + + target_compile_definitions(platform_region_defs + INTERFACE +- $<$<BOOL:${TEST_S}>:TEST_S> ++ $<$<BOOL:${TFM_S_REG_TEST}>:TFM_S_REG_TEST> + ) + #========================= Platform common defs ===============================# + +@@ -75,7 +75,7 @@ target_sources(platform_s + $<$<BOOL:TFM_PARTITION_PLATFORM>:${CMAKE_CURRENT_SOURCE_DIR}/services/src/tfm_platform_system.c> + fw_update_agent/uefi_capsule_parser.c + fw_update_agent/fwu_agent.c +- $<$<BOOL:${TEST_S}>:${CMAKE_CURRENT_SOURCE_DIR}/target_cfg.c> ++ $<$<BOOL:${TFM_S_REG_TEST}>:${CMAKE_CURRENT_SOURCE_DIR}/target_cfg.c> + ) + + if (PLATFORM_IS_FVP) +@@ -96,7 +96,7 @@ endif() + target_compile_definitions(platform_s + PRIVATE + $<$<BOOL:${PLATFORM_IS_FVP}>:PLATFORM_IS_FVP> +- $<$<BOOL:${TEST_S}>:TEST_S> ++ $<$<BOOL:${TFM_S_REG_TEST}>:TFM_S_REG_TEST> + $<$<BOOL:${EXTERNAL_SYSTEM_SUPPORT}>:EXTERNAL_SYSTEM_SUPPORT> + ) + +@@ -136,7 +136,7 @@ endif() + target_compile_definitions(platform_bl2 + PRIVATE + $<$<BOOL:${PLATFORM_IS_FVP}>:PLATFORM_IS_FVP> +- $<$<BOOL:${TEST_S}>:TEST_S> ++ $<$<BOOL:${TFM_S_REG_TEST}>:TFM_S_REG_TEST> + ) + + # boot_hal_bl2.c is compiled as part of 'bl2' target and not inside +diff --git a/platform/ext/target/arm/corstone1000/bl1/CMakeLists.txt b/platform/ext/target/arm/corstone1000/bl1/CMakeLists.txt +index 369695f148..d39c5ae91d 100644 +--- a/platform/ext/target/arm/corstone1000/bl1/CMakeLists.txt ++++ b/platform/ext/target/arm/corstone1000/bl1/CMakeLists.txt +@@ -291,7 +291,7 @@ target_compile_definitions(signing_layout_for_bl2 + PRIVATE + MCUBOOT_IMAGE_NUMBER=${BL1_IMAGE_NUMBER} + BL1 +- $<$<BOOL:${TEST_S}>:TEST_S> ++ $<$<BOOL:${TFM_S_REG_TEST}>:TFM_S_REG_TEST> + ) + + target_include_directories(signing_layout_for_bl2 +diff --git a/platform/ext/target/arm/corstone1000/bl2_flash_map.c b/platform/ext/target/arm/corstone1000/bl2_flash_map.c +index 6bffa274df..0a6a592d94 100644 +--- a/platform/ext/target/arm/corstone1000/bl2_flash_map.c ++++ b/platform/ext/target/arm/corstone1000/bl2_flash_map.c +@@ -38,6 +38,7 @@ struct flash_area flash_map[] = { + .fa_off = FLASH_AREA_1_OFFSET, + .fa_size = FLASH_AREA_1_SIZE, + }, ++#ifndef TFM_S_REG_TEST + { + .fa_id = FLASH_AREA_2_ID, + .fa_device_id = FLASH_DEVICE_ID, +@@ -52,6 +53,7 @@ struct flash_area flash_map[] = { + .fa_off = FLASH_INVALID_OFFSET, + .fa_size = FLASH_INVALID_SIZE, + }, ++#endif + }; + + const int flash_map_entry_num = ARRAY_SIZE(flash_map); +diff --git a/platform/ext/target/arm/corstone1000/boot_hal_bl2.c b/platform/ext/target/arm/corstone1000/boot_hal_bl2.c +index 792e06f81e..134315a17b 100644 +--- a/platform/ext/target/arm/corstone1000/boot_hal_bl2.c ++++ b/platform/ext/target/arm/corstone1000/boot_hal_bl2.c +@@ -100,10 +100,12 @@ int32_t boot_platform_init(void) + return 1; + } + ++#ifndef TFM_S_REG_TEST + result = fill_bl2_flash_map_by_parsing_fips(BANK_0_PARTITION_OFFSET); + if (result) { + return 1; + } ++#endif + + result = FLASH_DEV_NAME.Initialize(NULL); + if (result != ARM_DRIVER_OK) { +diff --git a/platform/ext/target/arm/corstone1000/config.cmake b/platform/ext/target/arm/corstone1000/config.cmake +index a3399db318..a6a1a33c42 100644 +--- a/platform/ext/target/arm/corstone1000/config.cmake ++++ b/platform/ext/target/arm/corstone1000/config.cmake +@@ -13,8 +13,15 @@ set(DEFAULT_MCUBOOT_FLASH_MAP OFF CACHE BOOL "Whether to us + set(MCUBOOT_UPGRADE_STRATEGY "RAM_LOAD" CACHE STRING "Upgrade strategy when multiple boot images are loaded") + set(MCUBOOT_SECURITY_COUNTER_S "1" CACHE STRING "Security counter for S image. auto sets it to IMAGE_VERSION_S") + +-set(TFM_ISOLATION_LEVEL 2 CACHE STRING "Isolation level") +-set(MCUBOOT_IMAGE_NUMBER 2 CACHE STRING "Whether to combine S and NS into either 1 image, or sign each separately") ++if (TEST_S OR TEST_S_ATTESTATION OR TEST_S_AUDIT OR TEST_S_CRYPTO OR TEST_S_ITS OR TEST_S_PS OR TEST_S_PLATFORM OR EXTRA_S_TEST_SUITES_PATHS) ++ # Test configuration: host images are not needed and work only with isolation level 1 ++ set(MCUBOOT_IMAGE_NUMBER 1 CACHE STRING "Whether to combine S and NS into either 1 image, or sign each separately") ++ set(TFM_ISOLATION_LEVEL 1 CACHE STRING "Isolation level") ++else() ++ set(MCUBOOT_IMAGE_NUMBER 2 CACHE STRING "Whether to combine S and NS into either 1 image, or sign each separately") ++ set(TFM_ISOLATION_LEVEL 2 CACHE STRING "Isolation level") ++endif() ++ + set(TFM_MULTI_CORE_TOPOLOGY ON CACHE BOOL "Whether to build for a dual-cpu architecture") + set(TFM_PLAT_SPECIFIC_MULTI_CORE_COMM ON CACHE BOOL "Whether to use a platform specific inter core communication instead of mailbox in dual-cpu topology") + set(CRYPTO_HW_ACCELERATOR ON CACHE BOOL "Whether to enable the crypto hardware accelerator on supported platforms") +diff --git a/platform/ext/target/arm/corstone1000/partition/flash_layout.h b/platform/ext/target/arm/corstone1000/partition/flash_layout.h +index aa5a8fe463..b0319bb319 100644 +--- a/platform/ext/target/arm/corstone1000/partition/flash_layout.h ++++ b/platform/ext/target/arm/corstone1000/partition/flash_layout.h +@@ -119,7 +119,7 @@ + * + */ + #define SE_BL2_PARTITION_SIZE (0x19000) /* 100 KB */ +-#ifdef TEST_S ++#ifdef TFM_S_REG_TEST + #define TFM_PARTITION_SIZE (0x61C00) /* 391 KB */ + #else + #define TFM_PARTITION_SIZE (0x5E000) /* 376 KB */ +diff --git a/platform/ext/target/arm/corstone1000/tfm_hal_multi_core.c b/platform/ext/target/arm/corstone1000/tfm_hal_multi_core.c +index 8622844d91..1146ffe22a 100644 +--- a/platform/ext/target/arm/corstone1000/tfm_hal_multi_core.c ++++ b/platform/ext/target/arm/corstone1000/tfm_hal_multi_core.c +@@ -31,6 +31,7 @@ void tfm_hal_boot_ns_cpu(uintptr_t start_addr) + /* Switch the shared flash to XiP mode for the host */ + Select_XIP_Mode_For_Shared_Flash(); + ++#ifndef TFM_S_REG_TEST + volatile uint32_t *bir_base = (uint32_t *)CORSTONE1000_HOST_BIR_BASE; + + /* Program Boot Instruction Register to jump to BL2 (TF-A) base address +@@ -68,6 +69,7 @@ void tfm_hal_boot_ns_cpu(uintptr_t start_addr) + /*release EXT SYS out of reset*/ + tfm_external_system_boot(); + #endif ++#endif /* !TFM_S_REG_TEST */ + } + + void tfm_hal_wait_for_ns_cpu_ready(void) +-- +2.25.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0004-Platform-Partition-Allow-configuration-of-input-and-.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0004-Platform-Partition-Allow-configuration-of-input-and-.patch new file mode 100644 index 0000000000..211fb9e669 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0004-Platform-Partition-Allow-configuration-of-input-and-.patch @@ -0,0 +1,72 @@ +From f3686dfb8fb97cb42c3d4f8ee2d7aa736d5cb760 Mon Sep 17 00:00:00 2001 +From: Satish Kumar <satish.kumar01@arm.com> +Date: Wed, 3 Aug 2022 15:50:27 +0100 +Subject: [PATCH 4/6] Platform Partition: Allow configuration of input and + output buffer + +The change makes input and output buffer size macros used by +the platform partition to be configured by cmake. This will +allow platforms to set the buffer size accordingly. + +Change-Id: Ia492ce02f8744b0157228d9be51a9ec5b7c88ef6 +Signed-off-by: Satish Kumar <satish.kumar01@arm.com> +Upstream-Status: Accepted [TF-Mv1.7.0] +--- + config/config_default.cmake | 2 ++ + secure_fw/partitions/platform/CMakeLists.txt | 6 ++++++ + secure_fw/partitions/platform/platform_sp.c | 9 +++++++-- + 3 files changed, 15 insertions(+), 2 deletions(-) + +diff --git a/config/config_default.cmake b/config/config_default.cmake +index 3112b707bc..497c972dc9 100755 +--- a/config/config_default.cmake ++++ b/config/config_default.cmake +@@ -141,6 +141,8 @@ set(ATTEST_INCLUDE_OPTIONAL_CLAIMS ON CACHE BOOL "Include opt + set(ATTEST_INCLUDE_COSE_KEY_ID OFF CACHE BOOL "Include COSE key-id in initial attestation token") + + set(TFM_PARTITION_PLATFORM ON CACHE BOOL "Enable Platform partition") ++set(PLATFORM_SERVICE_INPUT_BUFFER_SIZE 64 CACHE STRING "Size of input buffer in platform service.") ++set(PLATFORM_SERVICE_OUTPUT_BUFFER_SIZE 64 CACHE STRING "Size of output buffer in platform service.") + + set(TFM_PARTITION_AUDIT_LOG OFF CACHE BOOL "Enable Audit Log partition") + +diff --git a/secure_fw/partitions/platform/CMakeLists.txt b/secure_fw/partitions/platform/CMakeLists.txt +index 4b37cd780c..3070f89d6d 100644 +--- a/secure_fw/partitions/platform/CMakeLists.txt ++++ b/secure_fw/partitions/platform/CMakeLists.txt +@@ -47,6 +47,12 @@ target_link_libraries(tfm_psa_rot_partition_platform + tfm_spm + ) + ++target_compile_definitions(tfm_psa_rot_partition_platform ++ PRIVATE ++ INPUT_BUFFER_SIZE=${PLATFORM_SERVICE_INPUT_BUFFER_SIZE} ++ OUTPUT_BUFFER_SIZE=${PLATFORM_SERVICE_OUTPUT_BUFFER_SIZE} ++) ++ + ############################ Secure API ######################################## + + target_sources(tfm_sprt +diff --git a/secure_fw/partitions/platform/platform_sp.c b/secure_fw/partitions/platform/platform_sp.c +index 673cb0ee06..87bd434720 100644 +--- a/secure_fw/partitions/platform/platform_sp.c ++++ b/secure_fw/partitions/platform/platform_sp.c +@@ -38,8 +38,13 @@ static const int32_t nv_counter_access_map[NV_COUNTER_MAP_SIZE] = { + #include "psa/service.h" + #include "region_defs.h" + +-#define INPUT_BUFFER_SIZE 64 +-#define OUTPUT_BUFFER_SIZE 64 ++#ifndef INPUT_BUFFER_SIZE ++#define INPUT_BUFFER_SIZE 64 ++#endif ++ ++#ifndef OUTPUT_BUFFER_SIZE ++#define OUTPUT_BUFFER_SIZE 64 ++#endif + + typedef enum tfm_platform_err_t (*plat_func_t)(const psa_msg_t *msg); + #endif /* TFM_PSA_API */ +-- +2.25.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0005-corstone1000-support-for-UEFI-FMP-image-Information.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0005-corstone1000-support-for-UEFI-FMP-image-Information.patch new file mode 100644 index 0000000000..14e4b7ff8e --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0005-corstone1000-support-for-UEFI-FMP-image-Information.patch @@ -0,0 +1,573 @@ +From 9d70628b7dc1dbc3c1ac7f4f3c0f6aa6b237510d Mon Sep 17 00:00:00 2001 +From: Satish Kumar <satish.kumar01@arm.com> +Date: Wed, 6 Jul 2022 11:19:39 +0100 +Subject: [PATCH 5/6] corstone1000: support for UEFI FMP image Information + +The commit provides the support for UEFI FMP (Firmware Management +Protocol) SET and GET Image info APIs. + +The APIs to SET and GET image info is implemented. In current design, +SET is called by secure encalve and GET is called by the host. + +FMP image information is initialized on every boot and retained +in SRAM. The updatable values of the FMP are stored in private +metadata section of the flash. + +Change-Id: Iaf0b4a13a9c24f05e4a32509e61a8b96ee8e9e4b +Signed-off-by: Satish Kumar <satish.kumar01@arm.com> +Upstream-Status: Accepted [TF-Mv1.7.0] +--- + .../target/arm/corstone1000/CMakeLists.txt | 2 + + .../ext/target/arm/corstone1000/config.cmake | 8 +- + .../corstone1000/fw_update_agent/fwu_agent.c | 61 ++++- + .../corstone1000/fw_update_agent/fwu_agent.h | 3 + + .../corstone1000/fw_update_agent/uefi_fmp.c | 240 ++++++++++++++++++ + .../corstone1000/fw_update_agent/uefi_fmp.h | 56 ++++ + .../include/corstone1000_ioctl_requests.h | 14 +- + .../services/src/tfm_platform_system.c | 9 + + 8 files changed, 374 insertions(+), 19 deletions(-) + create mode 100644 platform/ext/target/arm/corstone1000/fw_update_agent/uefi_fmp.c + create mode 100644 platform/ext/target/arm/corstone1000/fw_update_agent/uefi_fmp.h + +diff --git a/platform/ext/target/arm/corstone1000/CMakeLists.txt b/platform/ext/target/arm/corstone1000/CMakeLists.txt +index 81522c7cf0..3602312a3a 100644 +--- a/platform/ext/target/arm/corstone1000/CMakeLists.txt ++++ b/platform/ext/target/arm/corstone1000/CMakeLists.txt +@@ -76,6 +76,8 @@ target_sources(platform_s + fw_update_agent/uefi_capsule_parser.c + fw_update_agent/fwu_agent.c + $<$<BOOL:${TFM_S_REG_TEST}>:${CMAKE_CURRENT_SOURCE_DIR}/target_cfg.c> ++ fw_update_agent/uefi_fmp.c ++ $<$<NOT:$<BOOL:${PLATFORM_DEFAULT_OTP}>>:${PLATFORM_DIR}/ext/accelerator/cc312/otp_cc312.c> + ) + + if (PLATFORM_IS_FVP) +diff --git a/platform/ext/target/arm/corstone1000/config.cmake b/platform/ext/target/arm/corstone1000/config.cmake +index a6a1a33c42..ab0fe17ba8 100644 +--- a/platform/ext/target/arm/corstone1000/config.cmake ++++ b/platform/ext/target/arm/corstone1000/config.cmake +@@ -50,7 +50,9 @@ else() + set(PLATFORM_PSA_ADAC_SECURE_DEBUG FALSE CACHE BOOL "Whether to use psa-adac secure debug.") + endif() + +-set(DEFAULT_MCUBOOT_SECURITY_COUNTERS OFF CACHE BOOL "Whether to use the default security counter configuration defined by TF-M project") ++set(DEFAULT_MCUBOOT_SECURITY_COUNTERS OFF CACHE BOOL "Whether to use the default security counter configuration defined by TF-M project") + +-set(PS_ENCRYPTION OFF CACHE BOOL "Enable encryption for Protected Storage partition") +-set(PS_ROLLBACK_PROTECTION OFF CACHE BOOL "Enable rollback protection for Protected Storage partition") ++set(PS_ENCRYPTION OFF CACHE BOOL "Enable encryption for Protected Storage partition") ++set(PS_ROLLBACK_PROTECTION OFF CACHE BOOL "Enable rollback protection for Protected Storage partition") ++ ++set(PLATFORM_SERVICE_OUTPUT_BUFFER_SIZE 256 CACHE STRING "Size of output buffer in platform service.") +diff --git a/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c b/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c +index 3abb5dd0dc..72a5fc9c1d 100644 +--- a/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c ++++ b/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c +@@ -18,6 +18,7 @@ + #include "platform_description.h" + #include "tfm_plat_nv_counters.h" + #include "tfm_plat_defs.h" ++#include "uefi_fmp.h" + + /* Properties of image in a bank */ + struct fwu_image_properties { +@@ -84,6 +85,11 @@ struct fwu_private_metadata { + /* staged nv_counter: temprary location before written to the otp */ + uint32_t nv_counter[NR_OF_IMAGES_IN_FW_BANK]; + ++ /* FMP information */ ++ uint32_t fmp_version; ++ uint32_t fmp_last_attempt_version; ++ uint32_t fmp_last_attempt_status; ++ + } __packed; + + #define MAX_BOOT_ATTEMPTS_PER_BANK 3 +@@ -278,7 +284,7 @@ enum fwu_agent_error_t fwu_metadata_provision(void) + { + enum fwu_agent_error_t ret; + struct fwu_private_metadata priv_metadata; +- uint32_t image_version = 0; ++ uint32_t image_version = FWU_IMAGE_INITIAL_VERSION; + + FWU_LOG_MSG("%s: enter\n\r", __func__); + +@@ -302,8 +308,8 @@ enum fwu_agent_error_t fwu_metadata_provision(void) + memset(&_metadata, 0, sizeof(struct fwu_metadata)); + + _metadata.version = 1; +- _metadata.active_index = 0; +- _metadata.previous_active_index = 1; ++ _metadata.active_index = BANK_0; ++ _metadata.previous_active_index = BANK_1; + + /* bank 0 is the place where images are located at the + * start of device lifecycle */ +@@ -339,6 +345,10 @@ enum fwu_agent_error_t fwu_metadata_provision(void) + priv_metadata.boot_index = BANK_0; + priv_metadata.boot_attempted = 0; + ++ priv_metadata.fmp_version = FWU_IMAGE_INITIAL_VERSION; ++ priv_metadata.fmp_last_attempt_version = FWU_IMAGE_INITIAL_VERSION; ++ priv_metadata.fmp_last_attempt_status = LAST_ATTEMPT_STATUS_SUCCESS; ++ + ret = private_metadata_write(&priv_metadata); + if (ret) { + return ret; +@@ -540,9 +550,25 @@ enum fwu_agent_error_t corstone1000_fwu_flash_image(void) + &image_bank_offset); + switch(image_index) { + case IMAGE_ALL: ++ + ret = flash_full_capsule(&_metadata, capsule_info.image[i], + capsule_info.size[i], + capsule_info.version[i]); ++ ++ if (ret != FWU_AGENT_SUCCESS) { ++ ++ priv_metadata.fmp_last_attempt_version = capsule_info.version[i]; ++ priv_metadata.fmp_last_attempt_status = LAST_ATTEMPT_STATUS_ERROR_UNSUCCESSFUL; ++ ++ private_metadata_write(&priv_metadata); ++ ++ fmp_set_image_info(&full_capsule_image_guid, ++ priv_metadata.fmp_version, ++ priv_metadata.fmp_last_attempt_version, ++ priv_metadata.fmp_last_attempt_status); ++ } ++ ++ + break; + default: + FWU_LOG_MSG("%s: sent image not recognized\n\r", __func__); +@@ -866,17 +892,42 @@ enum fwu_agent_error_t corstone1000_fwu_host_ack(void) + + current_state = get_fwu_agent_state(&_metadata, &priv_metadata); + if (current_state == FWU_AGENT_STATE_REGULAR) { ++ + ret = FWU_AGENT_SUCCESS; /* nothing to be done */ ++ ++ fmp_set_image_info(&full_capsule_image_guid, ++ priv_metadata.fmp_version, ++ priv_metadata.fmp_last_attempt_version, ++ priv_metadata.fmp_last_attempt_status); ++ + goto out; ++ + } else if (current_state != FWU_AGENT_STATE_TRIAL) { + FWU_ASSERT(0); + } + + if (_metadata.active_index != priv_metadata.boot_index) { ++ + /* firmware update failed, revert back to previous bank */ ++ ++ priv_metadata.fmp_last_attempt_version = ++ _metadata.img_entry[IMAGE_0].img_props[_metadata.active_index].version; ++ ++ priv_metadata.fmp_last_attempt_status = LAST_ATTEMPT_STATUS_ERROR_UNSUCCESSFUL; ++ + ret = fwu_select_previous(&_metadata, &priv_metadata); ++ + } else { ++ + /* firmware update successful */ ++ ++ priv_metadata.fmp_version = ++ _metadata.img_entry[IMAGE_0].img_props[_metadata.active_index].version; ++ priv_metadata.fmp_last_attempt_version = ++ _metadata.img_entry[IMAGE_0].img_props[_metadata.active_index].version; ++ ++ priv_metadata.fmp_last_attempt_status = LAST_ATTEMPT_STATUS_SUCCESS; ++ + ret = fwu_accept_image(&full_capsule_image_guid, &_metadata, + &priv_metadata); + if (!ret) { +@@ -886,6 +937,10 @@ enum fwu_agent_error_t corstone1000_fwu_host_ack(void) + + if (ret == FWU_AGENT_SUCCESS) { + disable_host_ack_timer(); ++ fmp_set_image_info(&full_capsule_image_guid, ++ priv_metadata.fmp_version, ++ priv_metadata.fmp_last_attempt_version, ++ priv_metadata.fmp_last_attempt_status); + } + + out: +diff --git a/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.h b/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.h +index 57b07e8d2c..aa18179024 100644 +--- a/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.h ++++ b/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.h +@@ -30,6 +30,9 @@ enum fwu_agent_error_t { + } \ + + ++/* Version used for the very first image of the device. */ ++#define FWU_IMAGE_INITIAL_VERSION 0 ++ + enum fwu_agent_error_t fwu_metadata_provision(void); + enum fwu_agent_error_t fwu_metadata_init(void); + +diff --git a/platform/ext/target/arm/corstone1000/fw_update_agent/uefi_fmp.c b/platform/ext/target/arm/corstone1000/fw_update_agent/uefi_fmp.c +new file mode 100644 +index 0000000000..ce576e1794 +--- /dev/null ++++ b/platform/ext/target/arm/corstone1000/fw_update_agent/uefi_fmp.c +@@ -0,0 +1,240 @@ ++/* ++ * Copyright (c) 2022, Arm Limited. All rights reserved. ++ * ++ * SPDX-License-Identifier: BSD-3-Clause ++ * ++ */ ++ ++#include <string.h> ++#include <stdbool.h> ++#include "cmsis.h" ++#include "uefi_fmp.h" ++ ++/* The count will increase when partial update is supported. ++ * At present, only full WIC is considered as updatable image. ++ */ ++#define NUMBER_OF_FMP_IMAGES 1 ++#define NO_OF_FMP_VARIABLES_PER_IMAGE 6 ++ ++#define UEFI_ARCHITECTURE_64 ++ ++#ifdef UEFI_ARCHITECTURE_64 ++typedef uint64_t uefi_ptr_t; ++typedef uint64_t efi_uintn_t; ++#else ++typedef uint32_t uefi_ptr_t; ++typedef uint32_t efi_uintn_t; ++#endif ++ ++/* Below macro definations and struct declarations taken from UEFI spec 2.9 */ ++ ++/* ++ * Image Attribute Definitions ++ */ ++#define IMAGE_ATTRIBUTE_IMAGE_UPDATABLE 0x00000001 ++#define IMAGE_ATTRIBUTE_RESET_REQUIRED 0x00000002 ++#define IMAGE_ATTRIBUTE_AUTHENTICATION_REQUIRED 0x00000004 ++#define IMAGE_ATTRIBUTE_IN_USE 0x00000008 ++#define IMAGE_ATTRIBUTE_UEFI_IMAGE 0x00000010 ++#define IMAGE_ATTRIBUTE_DEPENDENCY 0x00000020 ++ ++typedef uint32_t DescriptorVersion_t; ++typedef uint32_t DescriptorSize_t; ++typedef uint8_t DescriptorCount_t; ++ ++typedef __PACKED_STRUCT { ++ uint8_t ImageIndex; ++ struct efi_guid ImageTypeId; ++ uint64_t ImageId; ++ uefi_ptr_t PtrImageIdName; ++ uint32_t Version; ++ uefi_ptr_t PtrVersionName; ++ efi_uintn_t Size; ++ uint64_t AttributesSupported; ++ uint64_t AttributesSetting; ++ uint64_t Compatibilities; ++ /* Introduced with DescriptorVersion 2+ */ ++ uint32_t LowestSupportedImageVersion; ++ /* Introduced with DescriptorVersion 3+ */ ++ uint32_t LastAttemptVersion; ++ uint32_t LastAttemptStatus; ++ uint64_t HardwareInstance; ++ /* Introduced with DescriptorVersion 4+ */ ++ uefi_ptr_t PtrDependencies; ++} EFI_FIRMWARE_IMAGE_DESCRIPTOR; ++ ++typedef __PACKED_STRUCT { ++ DescriptorVersion_t DescriptorVersion; ++ DescriptorSize_t DescriptorsSize; ++ DescriptorCount_t DescriptorCount; ++ EFI_FIRMWARE_IMAGE_DESCRIPTOR ImageDescriptor; ++ uint16_t *ImageName; ++ uint32_t ImageNameSize; ++ uint16_t *ImageVersionName; ++ uint32_t ImageVersionNameSize; ++} EFI_FIRMWARE_MANAGEMENT_PROTOCOL_IMAGE_INFO; ++ ++ ++static uint16_t corstone_image_name0[] = { 'C', 'O', 'R', 'S', 'T', 'O', 'N', 'E', '1', '0', '0', '0', '_', 'W', 'I', 'C', '\0' }; ++static uint16_t corstone_version_name0[] = { 'C', 'O', 'R', 'S', 'T', 'O', 'N', 'E', '1', '0', '0', '0', '_', 'B', 'E', 'S', 'T', '\0'}; ++ ++static EFI_FIRMWARE_MANAGEMENT_PROTOCOL_IMAGE_INFO fmp_info[NUMBER_OF_FMP_IMAGES]; ++ ++extern struct efi_guid full_capsule_image_guid; ++ ++static bool is_fmp_info_initialized = false; ++ ++static void init_fmp_info(void) ++{ ++ memset(fmp_info, 0, ++ sizeof(EFI_FIRMWARE_MANAGEMENT_PROTOCOL_IMAGE_INFO) * NUMBER_OF_FMP_IMAGES); ++ ++ /* Fill information for the WIC. ++ * Add further details when partial image is supported. ++ */ ++ ++ fmp_info[0].DescriptorVersion = 4; ++ fmp_info[0].DescriptorCount = NUMBER_OF_FMP_IMAGES; ++ fmp_info[0].DescriptorsSize = ++ sizeof(EFI_FIRMWARE_IMAGE_DESCRIPTOR) + ++ sizeof(corstone_image_name0) + sizeof(corstone_version_name0); ++ ++ fmp_info[0].ImageDescriptor.ImageIndex = 1; ++ ++ memcpy(&fmp_info[0].ImageDescriptor.ImageTypeId, &full_capsule_image_guid, ++ sizeof(struct efi_guid)); ++ ++ fmp_info[0].ImageDescriptor.ImageId = 1; ++ fmp_info[0].ImageDescriptor.Version = FWU_IMAGE_INITIAL_VERSION; ++ fmp_info[0].ImageDescriptor.AttributesSupported = 1; ++ fmp_info[0].ImageDescriptor.AttributesSetting = ( ++ IMAGE_ATTRIBUTE_IMAGE_UPDATABLE | IMAGE_ATTRIBUTE_RESET_REQUIRED); ++ fmp_info[0].ImageDescriptor.LowestSupportedImageVersion = ++ FWU_IMAGE_INITIAL_VERSION; ++ fmp_info[0].ImageDescriptor.LastAttemptVersion = FWU_IMAGE_INITIAL_VERSION; ++ fmp_info[0].ImageDescriptor.LastAttemptStatus = LAST_ATTEMPT_STATUS_SUCCESS; ++ ++ fmp_info[0].ImageName = corstone_image_name0; ++ fmp_info[0].ImageNameSize = sizeof(corstone_image_name0); ++ fmp_info[0].ImageVersionName = corstone_version_name0; ++ fmp_info[0].ImageVersionNameSize = sizeof(corstone_version_name0); ++ ++ is_fmp_info_initialized = true; ++ ++ return; ++} ++ ++enum fwu_agent_error_t fmp_set_image_info(struct efi_guid *guid, ++ uint32_t current_version, uint32_t attempt_version, ++ uint32_t last_attempt_status) ++{ ++ enum fwu_agent_error_t status = FWU_AGENT_ERROR; ++ ++ FWU_LOG_MSG("%s:%d Enter\n\r", __func__, __LINE__); ++ ++ if (is_fmp_info_initialized == false) { ++ init_fmp_info(); ++ } ++ ++ for (int i = 0; i < NUMBER_OF_FMP_IMAGES; i++) { ++ if ((memcmp(guid, &fmp_info[i].ImageDescriptor.ImageTypeId, ++ sizeof(struct efi_guid))) == 0) ++ { ++ FWU_LOG_MSG("FMP image update: image id = %u\n\r", ++ fmp_info[i].ImageDescriptor.ImageId); ++ fmp_info[i].ImageDescriptor.Version = current_version; ++ fmp_info[i].ImageDescriptor.LastAttemptVersion = attempt_version; ++ fmp_info[i].ImageDescriptor.LastAttemptStatus = last_attempt_status; ++ FWU_LOG_MSG("FMP image update: status = %u" ++ "version=%u last_attempt_version=%u.\n\r", ++ last_attempt_status, current_version, ++ attempt_version); ++ status = FWU_AGENT_SUCCESS; ++ break; ++ } ++ } ++ ++ FWU_LOG_MSG("%s:%d Exit.\n\r", __func__, __LINE__); ++ return status; ++} ++ ++ ++#define NO_OF_FMP_VARIABLES (NUMBER_OF_FMP_IMAGES * NO_OF_FMP_VARIABLES_PER_IMAGE) ++ ++static enum fwu_agent_error_t pack_image_info(void *buffer, uint32_t size) ++{ ++ typedef __PACKED_STRUCT { ++ uint32_t variable_count; ++ uint32_t variable_size[NO_OF_FMP_VARIABLES]; ++ uint8_t variable[]; ++ } packed_buffer_t; ++ ++ packed_buffer_t *packed_buffer = buffer; ++ int runner = 0; ++ int index = 0; ++ int current_size = sizeof(packed_buffer_t); ++ int size_requirement_1 = 0; ++ int size_requirement_2 = 0; ++ ++ if (size < current_size) { ++ FWU_LOG_MSG("%s:%d Buffer too small.\n\r", __func__, __LINE__); ++ return FWU_AGENT_ERROR; ++ } ++ ++ packed_buffer->variable_count = NO_OF_FMP_VARIABLES; ++ ++ for (int i = 0; i < NUMBER_OF_FMP_IMAGES; i++) { ++ ++ packed_buffer->variable_size[index++] = sizeof(DescriptorVersion_t); ++ packed_buffer->variable_size[index++] = sizeof(DescriptorSize_t); ++ packed_buffer->variable_size[index++] = sizeof(DescriptorCount_t); ++ packed_buffer->variable_size[index++] = sizeof(EFI_FIRMWARE_IMAGE_DESCRIPTOR); ++ packed_buffer->variable_size[index++] = fmp_info[i].ImageNameSize; ++ packed_buffer->variable_size[index++] = fmp_info[i].ImageVersionNameSize; ++ ++ size_requirement_1 = sizeof(DescriptorVersion_t) + sizeof(DescriptorSize_t) + ++ sizeof(DescriptorCount_t) + sizeof(EFI_FIRMWARE_IMAGE_DESCRIPTOR); ++ ++ size_requirement_2 = fmp_info[i].ImageNameSize + fmp_info[i].ImageVersionNameSize; ++ ++ current_size += size_requirement_1 + size_requirement_2; ++ ++ if (size < current_size) { ++ FWU_LOG_MSG("%s:%d Buffer too small.\n\r", __func__, __LINE__); ++ return FWU_AGENT_ERROR; ++ } ++ ++ FWU_LOG_MSG("%s:%d ImageInfo size = %u, ImageName size = %u, " ++ "ImageVersionName size = %u\n\r", __func__, __LINE__, ++ sizeof(EFI_FIRMWARE_IMAGE_DESCRIPTOR), fmp_info[i].ImageNameSize, ++ fmp_info[i].ImageVersionNameSize); ++ ++ memcpy(&packed_buffer->variable[runner], &fmp_info[i], size_requirement_1); ++ runner += size_requirement_1; ++ ++ memcpy(&packed_buffer->variable[runner], fmp_info[i].ImageName, ++ fmp_info[i].ImageNameSize); ++ runner += fmp_info[i].ImageNameSize; ++ ++ memcpy(&packed_buffer->variable[runner], fmp_info[i].ImageVersionName, ++ fmp_info[i].ImageVersionNameSize); ++ runner += fmp_info[i].ImageVersionNameSize; ++ ++ } ++ ++ return FWU_AGENT_SUCCESS; ++} ++ ++enum fwu_agent_error_t fmp_get_image_info(void *buffer, uint32_t size) ++{ ++ enum fwu_agent_error_t status; ++ ++ FWU_LOG_MSG("%s:%d Enter\n\r", __func__, __LINE__); ++ ++ status = pack_image_info(buffer, size); ++ ++ FWU_LOG_MSG("%s:%d Exit\n\r", __func__, __LINE__); ++ ++ return status; ++} ++ +diff --git a/platform/ext/target/arm/corstone1000/fw_update_agent/uefi_fmp.h b/platform/ext/target/arm/corstone1000/fw_update_agent/uefi_fmp.h +new file mode 100644 +index 0000000000..d876bd7cff +--- /dev/null ++++ b/platform/ext/target/arm/corstone1000/fw_update_agent/uefi_fmp.h +@@ -0,0 +1,56 @@ ++/* ++ * Copyright (c) 2022, Arm Limited. All rights reserved. ++ * ++ * SPDX-License-Identifier: BSD-3-Clause ++ * ++ */ ++ ++#ifndef UEFI_FMP_H ++#define UEFI_FMP_H ++ ++ ++#include <stdint.h> ++#include "fwu_agent.h" ++#include "../fip_parser/external/uuid.h" ++ ++/* ++ * Last Attempt Status Value ++ */ ++ ++#define LAST_ATTEMPT_STATUS_SUCCESS 0x00000000 ++#define LAST_ATTEMPT_STATUS_ERROR_UNSUCCESSFUL 0x00000001 ++#define LAST_ATTEMPT_STATUS_ERROR_INSUFFICIENT_RESOURCES 0x00000002 ++#define LAST_ATTEMPT_STATUS_ERROR_INCORRECT_VERSION 0x00000003 ++#define LAST_ATTEMPT_STATUS_ERROR_INVALID_FORMAT 0x00000004 ++#define LAST_ATTEMPT_STATUS_ERROR_AUTH_ERROR 0x00000005 ++#define LAST_ATTEMPT_STATUS_ERROR_PWR_EVT_AC 0x00000006 ++#define LAST_ATTEMPT_STATUS_ERROR_PWR_EVT_BATT 0x00000007 ++#define LAST_ATTEMPT_STATUS_ERROR_UNSATISFIED_DEPENDENCIES 0x00000008 ++/* The LastAttemptStatus values of 0x1000 - 0x4000 are reserved for vendor usage. */ ++#define LAST_ATTEMPT_STATUS_ERROR_UNSUCCESSFUL_VENDOR_RANGE_MIN 0x00001000 ++#define LAST_ATTEMPT_STATUS_ERROR_UNSUCCESSFUL_VENDOR_RANGE_MAX 0x00004000 ++ ++ ++ ++/* ++ * Updates FMP information for the image matched by guid. ++ * ++ * guid : guid of the image ++ * current_version: current versions for the image ++ * attempt_version: attempted versions for the image ++ * ++ */ ++enum fwu_agent_error_t fmp_set_image_info(struct efi_guid *guid, ++ uint32_t current_version, uint32_t attempt_version, ++ uint32_t last_attempt_status); ++ ++/* ++ * Return fmp image information for all the updable images. ++ * ++ * buffer : pointer to the out buffer ++ * size : size of the buffer ++ * ++ */ ++enum fwu_agent_error_t fmp_get_image_info(void *buffer, uint32_t size); ++ ++#endif /* UEFI_FMP_H */ +diff --git a/platform/ext/target/arm/corstone1000/services/include/corstone1000_ioctl_requests.h b/platform/ext/target/arm/corstone1000/services/include/corstone1000_ioctl_requests.h +index 8ac67346b6..c5f3537e9d 100644 +--- a/platform/ext/target/arm/corstone1000/services/include/corstone1000_ioctl_requests.h ++++ b/platform/ext/target/arm/corstone1000/services/include/corstone1000_ioctl_requests.h +@@ -14,19 +14,7 @@ + enum corstone1000_ioctl_id_t { + IOCTL_CORSTONE1000_FWU_FLASH_IMAGES = 0, + IOCTL_CORSTONE1000_FWU_HOST_ACK, ++ IOCTL_CORSTONE1000_FMP_GET_IMAGE_INFO, + }; + +- +-typedef struct corstone1000_ioctl_in_params { +- +- uint32_t ioctl_id; +- +-} corstone1000_ioctl_in_params_t; +- +-typedef struct corstone1000_ioctl_out_params { +- +- int32_t result; +- +-} corstone1000_ioctl_out_params_t; +- + #endif /* CORSTONE1000_IOCTL_REQUESTS_H */ +diff --git a/platform/ext/target/arm/corstone1000/services/src/tfm_platform_system.c b/platform/ext/target/arm/corstone1000/services/src/tfm_platform_system.c +index 5b3f3e14a2..41305ed966 100644 +--- a/platform/ext/target/arm/corstone1000/services/src/tfm_platform_system.c ++++ b/platform/ext/target/arm/corstone1000/services/src/tfm_platform_system.c +@@ -9,6 +9,7 @@ + #include "platform_description.h" + #include "corstone1000_ioctl_requests.h" + #include "fwu_agent.h" ++#include "uefi_fmp.h" + + void tfm_platform_hal_system_reset(void) + { +@@ -36,6 +37,14 @@ enum tfm_platform_err_t tfm_platform_hal_ioctl(tfm_platform_ioctl_req_t request, + corstone1000_fwu_host_ack(); + break; + ++ case IOCTL_CORSTONE1000_FMP_GET_IMAGE_INFO: ++ if (out_vec == NULL) { ++ ret = TFM_PLATFORM_ERR_INVALID_PARAM; ++ break; ++ } ++ fmp_get_image_info(out_vec[0].base, out_vec[0].len); ++ break; ++ + default: + ret = TFM_PLATFORM_ERR_NOT_SUPPORTED; + break; +-- +2.25.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0006-corstone1000-remove-two-partition-configuration.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0006-corstone1000-remove-two-partition-configuration.patch new file mode 100644 index 0000000000..ade2c8c8f5 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0006-corstone1000-remove-two-partition-configuration.patch @@ -0,0 +1,51 @@ +From 492c887c8dff97ea1b8a11b4e729620d3744ac38 Mon Sep 17 00:00:00 2001 +From: Satish Kumar <satish.kumar01@arm.com> +Date: Mon, 30 May 2022 12:38:23 +0100 +Subject: [PATCH 6/6] corstone1000: remove two partition configuration + +Previously to run tf-m test, a larger partition was created +which allowed all default test binaries to be included. +The patch revert the change because any partition might +not be enough to hold all test binaries in the future. +So its better to run few test at a time instead of creating +a larger partition. + +Signed-off-by: Satish Kumar <satish.kumar01@arm.com> +Change-Id: I223fe45f2de014dbcadc6ac12c321c524701116a +Upstream-Status: Accepted [TF-Mv1.7.0] +--- + platform/ext/target/arm/corstone1000/bl1/CMakeLists.txt | 1 - + platform/ext/target/arm/corstone1000/partition/flash_layout.h | 4 ---- + 2 files changed, 5 deletions(-) + +diff --git a/platform/ext/target/arm/corstone1000/bl1/CMakeLists.txt b/platform/ext/target/arm/corstone1000/bl1/CMakeLists.txt +index d39c5ae91d..f1ae1ebd47 100644 +--- a/platform/ext/target/arm/corstone1000/bl1/CMakeLists.txt ++++ b/platform/ext/target/arm/corstone1000/bl1/CMakeLists.txt +@@ -291,7 +291,6 @@ target_compile_definitions(signing_layout_for_bl2 + PRIVATE + MCUBOOT_IMAGE_NUMBER=${BL1_IMAGE_NUMBER} + BL1 +- $<$<BOOL:${TFM_S_REG_TEST}>:TFM_S_REG_TEST> + ) + + target_include_directories(signing_layout_for_bl2 +diff --git a/platform/ext/target/arm/corstone1000/partition/flash_layout.h b/platform/ext/target/arm/corstone1000/partition/flash_layout.h +index b0319bb319..50a0a11fc8 100644 +--- a/platform/ext/target/arm/corstone1000/partition/flash_layout.h ++++ b/platform/ext/target/arm/corstone1000/partition/flash_layout.h +@@ -119,11 +119,7 @@ + * + */ + #define SE_BL2_PARTITION_SIZE (0x19000) /* 100 KB */ +-#ifdef TFM_S_REG_TEST +-#define TFM_PARTITION_SIZE (0x61C00) /* 391 KB */ +-#else + #define TFM_PARTITION_SIZE (0x5E000) /* 376 KB */ +-#endif + #define FIP_PARTITION_SIZE (0x200000) /* 2 MB */ + #define KERNEL_PARTITION_SIZE (0xC00000) /* 12 MB */ + +-- +2.25.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-corstone1000.inc b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-corstone1000.inc index dc57eacb82..341a5942e0 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-corstone1000.inc +++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-corstone1000.inc @@ -11,22 +11,6 @@ TFM_PLATFORM_IS_FVP ?= "FALSE" EXTRA_OECMAKE += "-DPLATFORM_IS_FVP=${TFM_PLATFORM_IS_FVP}" EXTRA_OECMAKE += "-DCC312_LEGACY_DRIVER_API_ENABLED=OFF" -SRCBRANCH_tfm = "master" -SRC_URI = "git://git.trustedfirmware.org/TF-M/trusted-firmware-m.git;protocol=https;branch=${SRCBRANCH_tfm};name=tfm;destsuffix=git/tfm \ - git://git.trustedfirmware.org/TF-M/tf-m-tests.git;protocol=https;branch=master;name=tfm-tests;destsuffix=git/tf-m-tests \ - git://github.com/ARMmbed/mbedtls.git;protocol=https;branch=master;name=mbedtls;destsuffix=git/mbedtls \ - git://github.com/mcu-tools/mcuboot.git;protocol=https;branch=main;name=mcuboot;destsuffix=git/mcuboot \ - " - -# Bumping the SHA of TFM is required as multiple changes are needed in the TFM to support the ESRT -# The most crucial change needed is TFM support for UEFI FMP Image Information -SRCREV_tfm = "b065a6b28cc6c692b99e4f7e9387d96f51bf4d07" -SRCREV_mbedtls = "869298bffeea13b205343361b7a7daf2b210e33d" -SRCREV_mcuboot = "c657cbea75f2bb1faf1fceacf972a0537a8d26dd" -SRCREV_tfm-tests = "3e6c52b4b255e4b1343ba6a257a77fa7a976e8fb" -PV .= "+git${SRCPV}" -SRCREV_FORMAT ?= "tfm" - # libmetal LICENSE += "& BSD-3-Clause" LIC_FILES_CHKSUM += "file://../libmetal/LICENSE.md;md5=fe0b8a4beea8f0813b606d15a3df3d3c" @@ -41,16 +25,16 @@ SRC_URI += "git://github.com/OpenAMP/open-amp.git;protocol=https;branch=main;nam SRCREV_openamp = "347397decaa43372fc4d00f965640ebde042966d" EXTRA_OECMAKE += "-DLIBOPENAMP_SRC_PATH=${S}/../openamp -DLIBOPENAMP_BIN_PATH=${B}/libopenamp-build" -# Secure Debug ADAC -LICENSE += "& BSD-3-Clause" -LIC_FILES_CHKSUM += "file://../psa-adac/license.rst;md5=07f368487da347f3c7bd0fc3085f3afa" -SRC_URI += "git://git.trustedfirmware.org/shared/psa-adac.git;protocol=https;branch=master;name=psa-adac;destsuffix=git/psa-adac" -SRCREV_psa-adac = "427923cc0152578d536fb2065154d5d0dd874910" -# Secure debug is disabled by default -EXTRA_OECMAKE += "-DPLATFORM_PSA_ADAC_SECURE_DEBUG=OFF" -EXTRA_OECMAKE += "-DPLATFORM_PSA_ADAC_SOURCE_PATH=${S}/../psa-adac -DPLATFORM_PSA_ADAC_BUILD_PATH=${B}/libpsa-adac-build" - -DEPENDS += "trusted-firmware-a" +# Apply the necessary changes for supporting FMP image info +FILESEXTRAPATHS:prepend := "${THISDIR}/corstone1000:" +SRC_URI:append:corstone1000 = " \ + file://0001-corstone1000-platform-secure-test-framework.patch \ + file://0002-corstone1000-make-external-system-support-optional.patch \ + file://0003-corstone1000-enable-secure-enclave-run-without-host-.patch \ + file://0004-Platform-Partition-Allow-configuration-of-input-and-.patch \ + file://0005-corstone1000-support-for-UEFI-FMP-image-Information.patch \ + file://0006-corstone1000-remove-two-partition-configuration.patch \ + " do_install() { install -D -p -m 0644 ${B}/install/outputs/tfm_s_signed.bin ${D}/firmware/tfm_s_signed.bin diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm64-ack-5.15/tc/0025-perf-arm-cmn-Support-new-IP-features.patch b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm64-ack-5.15/tc/0025-perf-arm-cmn-Support-new-IP-features.patch index fc9e5839b3..8c3c7c1516 100644 --- a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm64-ack-5.15/tc/0025-perf-arm-cmn-Support-new-IP-features.patch +++ b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm64-ack-5.15/tc/0025-perf-arm-cmn-Support-new-IP-features.patch @@ -13,7 +13,8 @@ it around as necessary, and handling (most of) the new choices. Signed-off-by: Robin Murphy <robin.murphy@arm.com> Link: https://lore.kernel.org/r/e58b495bcc7deec3882be4bac910ed0bf6979674.1638530442.git.robin.murphy@arm.com Signed-off-by: Will Deacon <will@kernel.org> -Upstream-Status = Backport [https://lore.kernel.org/r/e58b495bcc7deec3882be4bac910ed0bf6979674.1638530442.git.robin.murphy@arm.com] + +Upstream-Status: Backport [https://lore.kernel.org/r/e58b495bcc7deec3882be4bac910ed0bf6979674.1638530442.git.robin.murphy@arm.com] Signed-off-by: Rupinderjit Singh <rupinderjit.singh@arm.com> Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com> --- diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0018-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0018-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch index 0fdb254f99..9ab1157ead 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0018-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0018-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch @@ -1,9 +1,11 @@ +Upstream-Status: Pending [Not submitted to upstream yet] +Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com> + From a1da63a8c4d55d52321608a72129af49e0a498b2 Mon Sep 17 00:00:00 2001 From: Satish Kumar <satish.kumar01@arm.com> Date: Mon, 14 Feb 2022 08:22:25 +0000 Subject: [PATCH 18/19] Fixes in AEAD for psa-arch test 54 and 58. -Upstream-Status: Pending Signed-off-by: Satish Kumar <satish.kumar01@arm.com> Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> --- diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0020-FMP-Support-in-Corstone1000.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0020-FMP-Support-in-Corstone1000.patch new file mode 100644 index 0000000000..79429c7747 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0020-FMP-Support-in-Corstone1000.patch @@ -0,0 +1,417 @@ +From 6430bf31a25a1ef67e9141f85dbd070feb0d1a1e Mon Sep 17 00:00:00 2001 +From: Satish Kumar <satish.kumar01@arm.com> +Date: Fri, 8 Jul 2022 09:48:06 +0100 +Subject: [PATCH] FMP Support in Corstone1000. + +The FMP support is used by u-boot to pupolate ESRT information +for the kernel. + +The solution is platform specific and needs to be revisted. + +Signed-off-by: Satish Kumar <satish.kumar01@arm.com> + +Upstream-Status: Inappropriate [The solution is platform specific and needs to be revisted] +--- + .../provider/capsule_update_provider.c | 5 + + .../capsule_update/provider/component.cmake | 1 + + .../provider/corstone1000_fmp_service.c | 307 ++++++++++++++++++ + .../provider/corstone1000_fmp_service.h | 26 ++ + 4 files changed, 339 insertions(+) + create mode 100644 components/service/capsule_update/provider/corstone1000_fmp_service.c + create mode 100644 components/service/capsule_update/provider/corstone1000_fmp_service.h + +diff --git a/components/service/capsule_update/provider/capsule_update_provider.c b/components/service/capsule_update/provider/capsule_update_provider.c +index 9bbd7abc..871d6bcf 100644 +--- a/components/service/capsule_update/provider/capsule_update_provider.c ++++ b/components/service/capsule_update/provider/capsule_update_provider.c +@@ -11,6 +11,7 @@ + #include <protocols/service/capsule_update/capsule_update_proto.h> + #include <protocols/rpc/common/packed-c/status.h> + #include "capsule_update_provider.h" ++#include "corstone1000_fmp_service.h" + + + #define CAPSULE_UPDATE_REQUEST (0x1) +@@ -47,6 +48,8 @@ struct rpc_interface *capsule_update_provider_init( + rpc_interface = service_provider_get_rpc_interface(&context->base_provider); + } + ++ provision_fmp_variables_metadata(context->client.caller); ++ + return rpc_interface; + } + +@@ -85,6 +88,7 @@ static rpc_status_t event_handler(uint32_t opcode, struct rpc_caller *caller) + } + psa_call(caller,handle, PSA_IPC_CALL, + in_vec,IOVEC_LEN(in_vec), NULL, 0); ++ set_fmp_image_info(caller, handle); + break; + + case KERNEL_STARTED_EVENT: +@@ -99,6 +103,7 @@ static rpc_status_t event_handler(uint32_t opcode, struct rpc_caller *caller) + } + psa_call(caller,handle, PSA_IPC_CALL, + in_vec,IOVEC_LEN(in_vec), NULL, 0); ++ set_fmp_image_info(caller, handle); + break; + default: + EMSG("%s unsupported opcode", __func__); +diff --git a/components/service/capsule_update/provider/component.cmake b/components/service/capsule_update/provider/component.cmake +index 1d412eb2..6b060149 100644 +--- a/components/service/capsule_update/provider/component.cmake ++++ b/components/service/capsule_update/provider/component.cmake +@@ -10,4 +10,5 @@ endif() + + target_sources(${TGT} PRIVATE + "${CMAKE_CURRENT_LIST_DIR}/capsule_update_provider.c" ++ "${CMAKE_CURRENT_LIST_DIR}/corstone1000_fmp_service.c" + ) +diff --git a/components/service/capsule_update/provider/corstone1000_fmp_service.c b/components/service/capsule_update/provider/corstone1000_fmp_service.c +new file mode 100644 +index 00000000..6a7a47a7 +--- /dev/null ++++ b/components/service/capsule_update/provider/corstone1000_fmp_service.c +@@ -0,0 +1,307 @@ ++/* ++ * Copyright (c) 2022, Arm Limited and Contributors. All rights reserved. ++ * ++ * SPDX-License-Identifier: BSD-3-Clause ++ */ ++ ++#include "corstone1000_fmp_service.h" ++#include <psa/client.h> ++#include <psa/sid.h> ++#include <psa/storage_common.h> ++#include <trace.h> ++ ++#include <service/smm_variable/backend/variable_index.h> ++ ++#define VARIABLE_INDEX_STORAGE_UID (0x787) ++ ++/** ++ * Variable attributes ++ */ ++#define EFI_VARIABLE_NON_VOLATILE (0x00000001) ++#define EFI_VARIABLE_BOOTSERVICE_ACCESS (0x00000002) ++#define EFI_VARIABLE_RUNTIME_ACCESS (0x00000004) ++#define EFI_VARIABLE_HARDWARE_ERROR_RECORD (0x00000008) ++#define EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS (0x00000010) ++#define EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS (0x00000020) ++#define EFI_VARIABLE_APPEND_WRITE (0x00000040) ++#define EFI_VARIABLE_MASK \ ++ (EFI_VARIABLE_NON_VOLATILE | \ ++ EFI_VARIABLE_BOOTSERVICE_ACCESS | \ ++ EFI_VARIABLE_RUNTIME_ACCESS | \ ++ EFI_VARIABLE_HARDWARE_ERROR_RECORD | \ ++ EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS | \ ++ EFI_VARIABLE_APPEND_WRITE) ++ ++#define FMP_VARIABLES_COUNT 6 ++ ++static struct variable_metadata fmp_variables_metadata[FMP_VARIABLES_COUNT] = { ++ { ++ { 0x86c77a67, 0x0b97, 0x4633, \ ++ { 0xa1, 0x87, 0x49, 0x10, 0x4d, 0x06, 0x85, 0xc7} }, ++ /* name size = (variable_name + \0) * sizeof(u16) */ ++ .name_size = 42, { 'F', 'm', 'p', 'D', 'e', 's', 'c', 'r', 'i', 'p', 't', 'o', 'r', 'V', 'e', 'r', 's', 'i', 'o', 'n' }, ++ .attributes = EFI_VARIABLE_NON_VOLATILE, .uid = 0 ++ }, ++ { ++ { 0x86c77a67, 0x0b97, 0x4633, \ ++ { 0xa1, 0x87, 0x49, 0x10, 0x4d, 0x06, 0x85, 0xc7} }, ++ /* name size = (variable_name + \0) * sizeof(u16) */ ++ .name_size = 34, { 'F', 'm', 'p', 'I', 'm', 'a', 'g', 'e', 'I', 'n', 'f', 'o', 'S', 'i', 'z', 'e' }, ++ .attributes = EFI_VARIABLE_NON_VOLATILE, .uid = 0 ++ }, ++ { ++ { 0x86c77a67, 0x0b97, 0x4633, \ ++ { 0xa1, 0x87, 0x49, 0x10, 0x4d, 0x06, 0x85, 0xc7} }, ++ /* name size = (variable_name + \0) * sizeof(u16) */ ++ .name_size = 38, { 'F', 'm', 'p', 'D', 'e', 's', 'c', 'r', 'i', 'p', 't', 'o', 'r', 'C', 'o', 'u', 'n', 't' }, ++ .attributes = EFI_VARIABLE_NON_VOLATILE, .uid = 0 ++ }, ++ { ++ { 0x86c77a67, 0x0b97, 0x4633, \ ++ { 0xa1, 0x87, 0x49, 0x10, 0x4d, 0x06, 0x85, 0xc7} }, ++ /* name size = (variable_name + \0) * sizeof(u16) */ ++ .name_size = 26, { 'F', 'm', 'p', 'I', 'm', 'a', 'g', 'e', 'I', 'n', 'f', 'o' }, ++ .attributes = EFI_VARIABLE_NON_VOLATILE, .uid = 0 ++ }, ++ { ++ { 0x86c77a67, 0x0b97, 0x4633, \ ++ { 0xa1, 0x87, 0x49, 0x10, 0x4d, 0x06, 0x85, 0xc7} }, ++ /* name size = (variable_name + \0) * sizeof(u16) */ ++ .name_size = 28, { 'F', 'm', 'p', 'I', 'm', 'a', 'g', 'e', 'N', 'a', 'm', 'e', '1' }, ++ .attributes = EFI_VARIABLE_NON_VOLATILE, .uid = 0 ++ }, ++ { ++ { 0x86c77a67, 0x0b97, 0x4633, \ ++ { 0xa1, 0x87, 0x49, 0x10, 0x4d, 0x06, 0x85, 0xc7} }, ++ /* name size = (variable_name + \0) * sizeof(u16) */ ++ .name_size = 32, { 'F', 'm', 'p', 'V', 'e', 'r', 's', 'i', 'o', 'n', 'N', 'a', 'm', 'e', '1' }, ++ .attributes = EFI_VARIABLE_NON_VOLATILE, .uid = 0 ++ }, ++}; ++ ++static psa_status_t protected_storage_set(struct rpc_caller *caller, ++ psa_storage_uid_t uid, size_t data_length, const void *p_data) ++{ ++ psa_status_t psa_status; ++ psa_storage_create_flags_t create_flags = PSA_STORAGE_FLAG_NONE; ++ ++ struct psa_invec in_vec[] = { ++ { .base = psa_ptr_to_u32(&uid), .len = sizeof(uid) }, ++ { .base = psa_ptr_const_to_u32(p_data), .len = data_length }, ++ { .base = psa_ptr_to_u32(&create_flags), .len = sizeof(create_flags) }, ++ }; ++ ++ psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE, TFM_PS_ITS_SET, ++ in_vec, IOVEC_LEN(in_vec), NULL, 0); ++ if (psa_status < 0) ++ EMSG("ipc_set: psa_call failed: %d", psa_status); ++ ++ return psa_status; ++} ++ ++static psa_status_t protected_storage_get(struct rpc_caller *caller, ++ psa_storage_uid_t uid, size_t data_size, void *p_data) ++{ ++ psa_status_t psa_status; ++ uint32_t offset = 0; ++ ++ struct psa_invec in_vec[] = { ++ { .base = psa_ptr_to_u32(&uid), .len = sizeof(uid) }, ++ { .base = psa_ptr_to_u32(&offset), .len = sizeof(offset) }, ++ }; ++ ++ struct psa_outvec out_vec[] = { ++ { .base = psa_ptr_to_u32(p_data), .len = data_size }, ++ }; ++ ++ psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE, ++ TFM_PS_ITS_GET, in_vec, IOVEC_LEN(in_vec), ++ out_vec, IOVEC_LEN(out_vec)); ++ ++ if (psa_status == PSA_SUCCESS && out_vec[0].len != data_size) { ++ EMSG("Return size does not match with expected size."); ++ return PSA_ERROR_BUFFER_TOO_SMALL; ++ } ++ ++ return psa_status; ++} ++ ++static uint64_t name_hash(EFI_GUID *guid, size_t name_size, ++ const int16_t *name) ++{ ++ /* Using djb2 hash by Dan Bernstein */ ++ uint64_t hash = 5381; ++ ++ /* Calculate hash over GUID */ ++ hash = ((hash << 5) + hash) + guid->Data1; ++ hash = ((hash << 5) + hash) + guid->Data2; ++ hash = ((hash << 5) + hash) + guid->Data3; ++ ++ for (int i = 0; i < 8; ++i) { ++ ++ hash = ((hash << 5) + hash) + guid->Data4[i]; ++ } ++ ++ /* Extend to cover name up to but not including null terminator */ ++ for (int i = 0; i < name_size / sizeof(int16_t); ++i) { ++ ++ if (!name[i]) break; ++ hash = ((hash << 5) + hash) + name[i]; ++ } ++ ++ return hash; ++} ++ ++ ++static void initialize_metadata(void) ++{ ++ for (int i = 0; i < FMP_VARIABLES_COUNT; i++) { ++ ++ fmp_variables_metadata[i].uid = name_hash( ++ &fmp_variables_metadata[i].guid, ++ fmp_variables_metadata[i].name_size, ++ fmp_variables_metadata[i].name); ++ } ++} ++ ++ ++void provision_fmp_variables_metadata(struct rpc_caller *caller) ++{ ++ struct variable_metadata metadata; ++ psa_status_t status; ++ uint32_t dummy_values = 0xDEAD; ++ ++ EMSG("Provisioning FMP metadata."); ++ ++ initialize_metadata(); ++ ++ status = protected_storage_get(caller, VARIABLE_INDEX_STORAGE_UID, ++ sizeof(struct variable_metadata), &metadata); ++ ++ if (status == PSA_SUCCESS) { ++ EMSG("UEFI variables store is already provisioned."); ++ return; ++ } ++ ++ /* Provision FMP variables with dummy values. */ ++ for (int i = 0; i < FMP_VARIABLES_COUNT; i++) { ++ protected_storage_set(caller, fmp_variables_metadata[i].uid, ++ sizeof(dummy_values), &dummy_values); ++ } ++ ++ status = protected_storage_set(caller, VARIABLE_INDEX_STORAGE_UID, ++ sizeof(struct variable_metadata) * FMP_VARIABLES_COUNT, ++ fmp_variables_metadata); ++ ++ if (status != EFI_SUCCESS) { ++ return; ++ } ++ ++ EMSG("FMP metadata is provisioned"); ++} ++ ++typedef struct { ++ void *base; ++ int len; ++} variable_data_t; ++ ++static variable_data_t fmp_variables_data[FMP_VARIABLES_COUNT]; ++ ++#define IMAGE_INFO_BUFFER_SIZE 256 ++static char image_info_buffer[IMAGE_INFO_BUFFER_SIZE]; ++#define IOCTL_CORSTONE1000_FMP_IMAGE_INFO 2 ++ ++static psa_status_t unpack_image_info(void *buffer, uint32_t size) ++{ ++ typedef struct __attribute__ ((__packed__)) { ++ uint32_t variable_count; ++ uint32_t variable_size[FMP_VARIABLES_COUNT]; ++ uint8_t variable[]; ++ } packed_buffer_t; ++ ++ packed_buffer_t *packed_buffer = buffer; ++ int runner = 0; ++ ++ if (packed_buffer->variable_count != FMP_VARIABLES_COUNT) { ++ EMSG("Expected fmp varaibles = %u, but received = %u", ++ FMP_VARIABLES_COUNT, packed_buffer->variable_count); ++ return PSA_ERROR_PROGRAMMER_ERROR; ++ } ++ ++ for (int i = 0; i < packed_buffer->variable_count; i++) { ++ EMSG("FMP variable %d : size %u", i, packed_buffer->variable_size[i]); ++ fmp_variables_data[i].base = &packed_buffer->variable[runner]; ++ fmp_variables_data[i].len= packed_buffer->variable_size[i]; ++ runner += packed_buffer->variable_size[i]; ++ } ++ ++ return PSA_SUCCESS; ++} ++ ++static psa_status_t get_image_info(struct rpc_caller *caller, ++ psa_handle_t platform_service_handle) ++{ ++ psa_status_t status; ++ psa_handle_t handle; ++ uint32_t ioctl_id = IOCTL_CORSTONE1000_FMP_IMAGE_INFO; ++ ++ struct psa_invec in_vec[] = { ++ { .base = &ioctl_id, .len = sizeof(ioctl_id) }, ++ }; ++ ++ struct psa_outvec out_vec[] = { ++ { .base = image_info_buffer, .len = IMAGE_INFO_BUFFER_SIZE }, ++ }; ++ ++ memset(image_info_buffer, 0, IMAGE_INFO_BUFFER_SIZE); ++ ++ psa_call(caller, platform_service_handle, PSA_IPC_CALL, ++ in_vec, IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); ++ ++ status = unpack_image_info(image_info_buffer, IMAGE_INFO_BUFFER_SIZE); ++ if (status != PSA_SUCCESS) { ++ return status; ++ } ++ ++ return PSA_SUCCESS; ++} ++ ++static psa_status_t set_image_info(struct rpc_caller *caller) ++{ ++ psa_status_t status; ++ ++ for (int i = 0; i < FMP_VARIABLES_COUNT; i++) { ++ ++ status = protected_storage_set(caller, ++ fmp_variables_metadata[i].uid, ++ fmp_variables_data[i].len, fmp_variables_data[i].base); ++ ++ if (status != PSA_SUCCESS) { ++ ++ EMSG("FMP variable %d set unsuccessful", i); ++ return status; ++ } ++ ++ EMSG("FMP variable %d set success", i); ++ } ++ ++ return PSA_SUCCESS; ++} ++ ++void set_fmp_image_info(struct rpc_caller *caller, ++ psa_handle_t platform_service_handle) ++{ ++ psa_status_t status; ++ ++ status = get_image_info(caller, platform_service_handle); ++ if (status != PSA_SUCCESS) { ++ return; ++ } ++ ++ status = set_image_info(caller); ++ if (status != PSA_SUCCESS) { ++ return; ++ } ++ ++ return; ++} +diff --git a/components/service/capsule_update/provider/corstone1000_fmp_service.h b/components/service/capsule_update/provider/corstone1000_fmp_service.h +new file mode 100644 +index 00000000..95fba2a0 +--- /dev/null ++++ b/components/service/capsule_update/provider/corstone1000_fmp_service.h +@@ -0,0 +1,26 @@ ++/* ++ * Copyright (c) 2022, Arm Limited and Contributors. All rights reserved. ++ * ++ * SPDX-License-Identifier: BSD-3-Clause ++ */ ++ ++#ifndef CORSTONE1000_FMP_SERVICE_H ++#define CORSTONE1000_FMP_SERVICE_H ++ ++#ifdef __cplusplus ++extern "C" { ++#endif ++ ++#include <rpc_caller.h> ++#include <psa/client.h> ++ ++void provision_fmp_variables_metadata(struct rpc_caller *caller); ++ ++void set_fmp_image_info(struct rpc_caller *caller, ++ psa_handle_t platform_service_handle); ++ ++#ifdef __cplusplus ++} /* extern "C" */ ++#endif ++ ++#endif /* CORSTONE1000_FMP_SERVICE_H */ +-- +2.17.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/ts-psa-crypto-api-test/0001-corstone1000-port-crypto-config.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/ts-psa-crypto-api-test/0001-corstone1000-port-crypto-config.patch new file mode 100644 index 0000000000..c7289562bd --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/ts-psa-crypto-api-test/0001-corstone1000-port-crypto-config.patch @@ -0,0 +1,230 @@ +Upstream-Status: Pending [Not submitted to upstream yet] +Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com> + +From c1bcab09bb5b73e0f7131d9433f5e23c3943f007 Mon Sep 17 00:00:00 2001 +From: Satish Kumar <satish.kumar01@arm.com> +Date: Sat, 11 Dec 2021 11:06:57 +0000 +Subject: [PATCH] corstone1000: port crypto config + + +Signed-off-by: Satish Kumar <satish.kumar01@arm.com> + +%% original patch: 0002-corstone1000-port-crypto-config.patch + +Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> +--- + .../nspe/pal_crypto_config.h | 81 +++++++++++++++---- + 1 file changed, 65 insertions(+), 16 deletions(-) + +diff --git a/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_crypto_config.h b/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_crypto_config.h +index 218a94c69502..c6d4aadd8476 100755 +--- a/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_crypto_config.h ++++ b/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_crypto_config.h +@@ -34,10 +34,14 @@ + * + * Comment macros to disable the types + */ ++#ifndef TF_M_PROFILE_SMALL ++#ifndef TF_M_PROFILE_MEDIUM + #define ARCH_TEST_RSA + #define ARCH_TEST_RSA_1024 + #define ARCH_TEST_RSA_2048 + #define ARCH_TEST_RSA_3072 ++#endif ++#endif + + /** + * \def ARCH_TEST_ECC +@@ -50,11 +54,17 @@ + * Requires: ARCH_TEST_ECC + * Comment macros to disable the curve + */ ++#ifndef TF_M_PROFILE_SMALL + #define ARCH_TEST_ECC + #define ARCH_TEST_ECC_CURVE_SECP192R1 ++#ifndef TF_M_PROFILE_MEDIUM + #define ARCH_TEST_ECC_CURVE_SECP224R1 ++#endif + #define ARCH_TEST_ECC_CURVE_SECP256R1 ++#ifndef TF_M_PROFILE_MEDIUM + #define ARCH_TEST_ECC_CURVE_SECP384R1 ++#endif ++#endif + + /** + * \def ARCH_TEST_AES +@@ -78,10 +88,10 @@ + * + * Comment macros to disable the types + */ +-#define ARCH_TEST_DES +-#define ARCH_TEST_DES_1KEY +-#define ARCH_TEST_DES_2KEY +-#define ARCH_TEST_DES_3KEY ++//#define ARCH_TEST_DES ++//#define ARCH_TEST_DES_1KEY ++//#define ARCH_TEST_DES_2KEY ++//#define ARCH_TEST_DES_3KEY + + /** + * \def ARCH_TEST_RAW +@@ -104,7 +114,7 @@ + * + * Enable the ARC4 key type. + */ +-#define ARCH_TEST_ARC4 ++//#define ARCH_TEST_ARC4 + + /** + * \def ARCH_TEST_CIPHER_MODE_CTR +@@ -113,7 +123,11 @@ + * + * Requires: ARCH_TEST_CIPHER + */ ++#ifndef TF_M_PROFILE_SMALL ++#ifndef TF_M_PROFILE_MEDIUM + #define ARCH_TEST_CIPHER_MODE_CTR ++#endif ++#endif + + /** + * \def ARCH_TEST_CIPHER_MODE_CFB +@@ -138,7 +152,11 @@ + * + * Requires: ARCH_TEST_CIPHER, ARCH_TEST_AES, ARCH_TEST_CIPHER_MODE_CTR + */ ++#ifndef TF_M_PROFILE_SMALL ++#ifndef TF_M_PROFILE_MEDIUM + #define ARCH_TEST_CTR_AES ++#endif ++#endif + + /** + * \def ARCH_TEST_CBC_AES +@@ -157,7 +175,11 @@ + * + * Comment macros to disable the types + */ ++#ifndef TF_M_PROFILE_SMALL ++#ifndef TF_M_PROFILE_MEDIUM + #define ARCH_TEST_CBC_NO_PADDING ++#endif ++#endif + + /** + * \def ARCH_TEST_CFB_AES +@@ -177,11 +199,15 @@ + * + * Comment macros to disable the types + */ ++#ifndef TF_M_PROFILE_SMALL ++#ifndef TF_M_PROFILE_MEDIUM + #define ARCH_TEST_PKCS1V15 + #define ARCH_TEST_RSA_PKCS1V15_SIGN + #define ARCH_TEST_RSA_PKCS1V15_SIGN_RAW + #define ARCH_TEST_RSA_PKCS1V15_CRYPT + #define ARCH_TEST_RSA_OAEP ++#endif ++#endif + + /** + * \def ARCH_TEST_CBC_PKCS7 +@@ -190,7 +216,11 @@ + * + * Comment macros to disable the types + */ ++#ifndef TF_M_PROFILE_SMALL ++#ifndef TF_M_PROFILE_MEDIUM + #define ARCH_TEST_CBC_PKCS7 ++#endif ++#endif + + /** + * \def ARCH_TEST_ASYMMETRIC_ENCRYPTION +@@ -227,21 +257,27 @@ + * + * Comment macros to disable the types + */ +-// #define ARCH_TEST_MD2 +-// #define ARCH_TEST_MD4 +-#define ARCH_TEST_MD5 +-#define ARCH_TEST_RIPEMD160 +-#define ARCH_TEST_SHA1 ++//#define ARCH_TEST_MD2 ++//#define ARCH_TEST_MD4 ++//#define ARCH_TEST_MD5 ++//#define ARCH_TEST_RIPEMD160 ++//#define ARCH_TEST_SHA1 ++#ifndef TF_M_PROFILE_SMALL + #define ARCH_TEST_SHA224 ++#endif + #define ARCH_TEST_SHA256 ++#ifndef TF_M_PROFILE_SMALL ++#ifndef TF_M_PROFILE_MEDIUM + #define ARCH_TEST_SHA384 + #define ARCH_TEST_SHA512 +-// #define ARCH_TEST_SHA512_224 +-// #define ARCH_TEST_SHA512_256 +-// #define ARCH_TEST_SHA3_224 +-// #define ARCH_TEST_SHA3_256 +-// #define ARCH_TEST_SHA3_384 +-// #define ARCH_TEST_SHA3_512 ++#endif ++#endif ++//#define ARCH_TEST_SHA512_224 ++//#define ARCH_TEST_SHA512_256 ++//#define ARCH_TEST_SHA3_224 ++//#define ARCH_TEST_SHA3_256 ++//#define ARCH_TEST_SHA3_384 ++//#define ARCH_TEST_SHA3_512 + + /** + * \def ARCH_TEST_HKDF +@@ -270,7 +306,12 @@ + * + * Comment macros to disable the types + */ ++#ifndef TF_M_PROFILE_SMALL ++#ifndef TF_M_PROFILE_MEDIUM + #define ARCH_TEST_CMAC ++#endif ++#endif ++//#define ARCH_TEST_GMAC + #define ARCH_TEST_HMAC + + /** +@@ -290,7 +331,11 @@ + * Requires: ARCH_TEST_AES + * + */ ++#ifndef TF_M_PROFILE_SMALL ++#ifndef TF_M_PROFILE_MEDIUM + #define ARCH_TEST_GCM ++#endif ++#endif + + /** + * \def ARCH_TEST_TRUNCATED_MAC +@@ -309,7 +354,9 @@ + * + * Requires: ARCH_TEST_ECC + */ ++#ifndef TF_M_PROFILE_SMALL + #define ARCH_TEST_ECDH ++#endif + + /** + * \def ARCH_TEST_ECDSA +@@ -317,7 +364,9 @@ + * Enable the elliptic curve DSA library. + * Requires: ARCH_TEST_ECC + */ ++#ifndef TF_M_PROFILE_SMALL + #define ARCH_TEST_ECDSA ++#endif + + /** + * \def ARCH_TEST_DETERMINISTIC_ECDSA +-- +2.38.0 + diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-corstone1000.inc b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-corstone1000.inc index aa8f271df2..03f7dff2ef 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-corstone1000.inc +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-corstone1000.inc @@ -20,6 +20,7 @@ SRC_URI:append = " \ file://0017-Fix-update-psa_set_key_usage_flags-definition-to-the.patch \ file://0018-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch \ file://0019-plat-corstone1000-change-default-smm-values.patch \ + file://0020-FMP-Support-in-Corstone1000.patch \ " diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-crypto-api-test_git.bbappend b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-crypto-api-test_git.bbappend new file mode 100644 index 0000000000..6595c92a28 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-crypto-api-test_git.bbappend @@ -0,0 +1,7 @@ +FILESEXTRAPATHS:prepend := "${THISDIR}/corstone1000:" +FILESEXTRAPATHS:prepend := "${THISDIR}/corstone1000/${PN}:" + +SRC_URI:append:corstone1000 = " \ + file://0001-corstone1000-port-crypto-config.patch;patchdir=../psatest \ + file://0018-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch;patchdir=../trusted-services \ + " diff --git a/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium/0001-define-_Noreturn-if-needed.patch b/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium/0001-define-_Noreturn-if-needed.patch index 6f61177ac3..7c6a8b2a00 100644 --- a/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium/0001-define-_Noreturn-if-needed.patch +++ b/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium/0001-define-_Noreturn-if-needed.patch @@ -10,6 +10,7 @@ Fixes noreturn void panic(const char *fmt, ...); ^ +Upstream-Status: Pending Signed-off-by: Khem Raj <raj.khem@gmail.com> --- diff --git a/meta-openembedded/README b/meta-openembedded/README index 7318f09cdb..82f2e9699a 100644 --- a/meta-openembedded/README +++ b/meta-openembedded/README @@ -1,6 +1,6 @@ Collection of layers for the OE-core universe -Main layer maintainer: Khem Raj <raj.khem@gmail.com> +Main layer maintainer: Armin Kuster <akuster808@gmail.com> This repository is a collection of layers to suppliment OE-Core with additional packages, Each layer have designated maintainer diff --git a/meta-openembedded/meta-filesystems/README b/meta-openembedded/meta-filesystems/README index 78a4429ce2..344bc441e1 100644 --- a/meta-openembedded/meta-filesystems/README +++ b/meta-openembedded/meta-filesystems/README @@ -11,26 +11,26 @@ This layer depends on: URI: git://git.openembedded.org/openembedded-core layers: meta - branch: master + branch: langdale URI: git://git.openembedded.org/meta-openembedded layers: meta-oe - branch: master + branch: langdale Patches ======= Please submit any patches against the filesystems layer to the OpenEmbedded development mailing list (openembedded-devel@lists.openembedded.org) -with '[meta-filesystems]' in the subject. +with '[meta-filesystems][langdale]' in the subject. -Layer maintainer: Khem Raj <raj.khem@gmail.com> +Layer maintainer: Armin Kuster <akuster808@gmail.com> When sending single patches, please use something like: git send-email -1 -M \ --to openembedded-devel@lists.openembedded.org \ - --subject-prefix='meta-filesystems][PATCH' + --subject-prefix='meta-filesystems][langdale][PATCH' Table of Contents diff --git a/meta-openembedded/meta-gnome/README b/meta-openembedded/meta-gnome/README index fbb0d72476..2085c846e0 100644 --- a/meta-openembedded/meta-gnome/README +++ b/meta-openembedded/meta-gnome/README @@ -3,14 +3,14 @@ Dependencies This layer depends on: URI: git://git.openembedded.org/openembedded-core -branch: master +branch: langdale URI: git://git.openembedded.org/meta-openembedded -branch: master +branch: langdale -Send pull requests to openembedded-devel@lists.openembedded.org with '[meta-gnome]' in the subject' +Send pull requests to openembedded-devel@lists.openembedded.org with '[meta-gnome][langdale]' in the subject' When sending single patches, please using something like: -git send-email -M -1 --to openembedded-devel@lists.openembedded.org --subject-prefix='meta-gnome][PATCH' +git send-email -M -1 --to openembedded-devel@lists.openembedded.org --subject-prefix='meta-gnome][langdale][PATCH' -Layer maintainer: Andreas Müller <schnitzeltony@gmail.com> +Layer maintainer: Armin Kuster <akuster808@gmail.com> diff --git a/meta-openembedded/meta-initramfs/README b/meta-openembedded/meta-initramfs/README index 119293a741..af98c5e4e8 100644 --- a/meta-openembedded/meta-initramfs/README +++ b/meta-openembedded/meta-initramfs/README @@ -12,19 +12,19 @@ Dependencies This layer depends on: URI: git://git.openembedded.org/meta-openembedded -branch: master +branch: langdale Maintenance ----------- Send patches / pull requests to openembedded-devel@lists.openembedded.org -with '[meta-initramfs]' in the subject. +with '[meta-initramfs][langdale]' in the subject. When sending single patches, please using something like: -git send-email -M -1 --to openembedded-devel@lists.openembedded.org --subject-prefix='meta-initramfs][PATCH' +git send-email -M -1 --to openembedded-devel@lists.openembedded.org --subject-prefix='meta-initramfs][langdale][PATCH' -Interm layer maintainer: Khem Raj <raj.khem@gmail.com> +Interm layer maintainer: Armin Kuster <akuster808@gmail.com> License diff --git a/meta-openembedded/meta-multimedia/README b/meta-openembedded/meta-multimedia/README index 235c34331b..9f6df31ecc 100644 --- a/meta-openembedded/meta-multimedia/README +++ b/meta-openembedded/meta-multimedia/README @@ -1,17 +1,17 @@ This layer depends on: URI: git://git.openembedded.org/openembedded-core -branch: master +branch: langdale URI: git://git.openembedded.org/meta-openembedded layers: meta-oe -branch: master +branch: langdale -Send pull requests to openembedded-devel@lists.openembedded.org with '[meta-multimedia]' in the subject +Send pull requests to openembedded-devel@lists.openembedded.org with '[meta-multimedia][langdale]' in the subject When sending single patches, please use something like: -git send-email -M -1 --to openembedded-devel@lists.openembedded.org --subject-prefix='meta-multimedia][PATCH' +git send-email -M -1 --to openembedded-devel@lists.openembedded.org --subject-prefix='meta-multimedia][langdale][PATCH' You are encouraged to fork the mirror on github https://github.com/openembedded/meta-openembedded to share your patches, this is preferred for patch sets consisting of more than one patch. Other services like GitLab, repo.or.cz or self hosted setups are of course accepted as well, 'git fetch <remote>' works the same on all of them. We recommend github because it is free, easy to use, has been proven to be reliable and has a really good web GUI. -Layer maintainer: Andreas Müller <schnitzeltony@gmail.com> +Layer maintainer: Armin Kuster <akuster808@gmail.com> diff --git a/meta-openembedded/meta-networking/MAINTAINERS b/meta-openembedded/meta-networking/MAINTAINERS index ce53ec471b..9b5441da85 100644 --- a/meta-openembedded/meta-networking/MAINTAINERS +++ b/meta-openembedded/meta-networking/MAINTAINERS @@ -2,13 +2,13 @@ This file contains a list of maintainers for the meta-networking layer. Please submit any patches against meta-networking to the OpenEmbedded development mailing list (openembedded-devel@lists.openembedded.org) with -'[meta-networking]' in the subject. +'[meta-networking][langdale]' in the subject. When sending single patches, please use something like: git send-email -1 -M \ --to openembedded-devel@lists.openembedded.org \ - --subject-prefix='meta-networking][PATCH' + --subject-prefix='meta-networking][langdale][PATCH' You may also contact the maintainers directly. @@ -26,18 +26,9 @@ Please keep this list in alphabetical order. Maintainers List (try to look for most precise areas first) COMMON -M: Khem Raj <raj.khem@gmail.com> -M: "Joe MacDonald (backup)" <joe@deserted.net> +M: Armin Kuster <akuster808@gmail.com> L: openembedded-devel@lists.openembedded.org Q: https://patchwork.openembedded.org/project/oe/ S: Maintained F: conf F: recipes-* - -NETKIT -M: Armin Kuster <akuster808@gmail.com> -F: recipes-netkit - -OPENTHREAD -M: Stefan Schmidt <stefan@datenfreihafen.org> -F: recipes-connectivity/openthread/ diff --git a/meta-openembedded/meta-networking/README b/meta-openembedded/meta-networking/README index 34e11a96dd..46d60e2811 100644 --- a/meta-openembedded/meta-networking/README +++ b/meta-openembedded/meta-networking/README @@ -18,22 +18,21 @@ Dependencies This layer depends on: URI: git://git.openembedded.org/openembedded-core -branch: master +branch: langdale For some recipes, the meta-oe layer is required: URI: git://git.openembedded.org/meta-openembedded subdirectory: meta-oe -branch: master +branch: langdale URI: git://git.openembedded.org/meta-openembedded subdirectory: meta-python -branch: master +branch: langdale Maintenance ----------- -Layer maintainers: Khem Raj <raj.khem@gmail.com> - Armin Kuster <akuster808@gmail.com> (recipes-netkit) +Layer maintainers: Armin Kuster <akuster808@gmail.com> Please see the MAINTAINERS file for information on contacting the diff --git a/meta-openembedded/meta-networking/recipes-daemons/postfix/files/0006-makedefs-Account-for-linux-6.x-version.patch b/meta-openembedded/meta-networking/recipes-daemons/postfix/files/0006-makedefs-Account-for-linux-6.x-version.patch new file mode 100644 index 0000000000..ad1704520c --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-daemons/postfix/files/0006-makedefs-Account-for-linux-6.x-version.patch @@ -0,0 +1,35 @@ +From e5ddcf9575437bacd64c2b68501b413014186a6a Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Wed, 19 Oct 2022 10:15:01 -0700 +Subject: [PATCH] makedefs: Account for linux 6.x version + +Major version has bumped to 6 and script needs to know that + +Upstream-Status: Pending +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + makedefs | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/makedefs ++++ b/makedefs +@@ -613,7 +613,7 @@ EOF + : ${SHLIB_ENV="LD_LIBRARY_PATH=`pwd`/lib"} + : ${PLUGIN_LD="${CC-gcc} -shared"} + ;; +- Linux.[345].*) SYSTYPE=LINUX$RELEASE_MAJOR ++ Linux.[3-6]*) SYSTYPE=LINUX$RELEASE_MAJOR + case "$CCARGS" in + *-DNO_DB*) ;; + *-DHAS_DB*) ;; +--- a/src/util/sys_defs.h ++++ b/src/util/sys_defs.h +@@ -751,7 +751,7 @@ extern int initgroups(const char *, int) + /* + * LINUX. + */ +-#if defined(LINUX2) || defined(LINUX3) || defined(LINUX4) || defined(LINUX5) ++#if defined(LINUX2) || defined(LINUX3) || defined(LINUX4) || defined(LINUX5) || defined(LINUX6) + #define SUPPORTED + #define UINT32_TYPE unsigned int + #define UINT16_TYPE unsigned short diff --git a/meta-openembedded/meta-networking/recipes-daemons/postfix/postfix_3.6.5.bb b/meta-openembedded/meta-networking/recipes-daemons/postfix/postfix_3.6.5.bb deleted file mode 100644 index 343a8b2df0..0000000000 --- a/meta-openembedded/meta-networking/recipes-daemons/postfix/postfix_3.6.5.bb +++ /dev/null @@ -1,17 +0,0 @@ -require postfix.inc - -SRC_URI += "ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-${PV}.tar.gz \ - file://main.cf \ - file://postfix \ - file://internal_recipient \ - file://postfix.service \ - file://aliasesdb \ - file://check_hostname.sh \ - file://0001-Fix-makedefs.patch \ - file://0002-Change-fixed-postconf-to-a-variable-for-cross-compil.patch \ - file://0003-makedefs-Use-native-compiler-to-build-makedefs.test.patch \ - file://0004-Fix-icu-config.patch \ - file://0005-makedefs-add-lnsl-and-lresolv-to-SYSLIBS-by-default.patch \ - " -SRC_URI[sha256sum] = "300fa8811cea20d01d25c619d359bffab82656e704daa719e0c9afc4ecff4808" -UPSTREAM_CHECK_REGEX = "postfix\-(?P<pver>3\.6(\.\d+)+).tar.gz" diff --git a/meta-openembedded/meta-networking/recipes-daemons/postfix/postfix_3.7.3.bb b/meta-openembedded/meta-networking/recipes-daemons/postfix/postfix_3.7.3.bb new file mode 100644 index 0000000000..b54a97aeaf --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-daemons/postfix/postfix_3.7.3.bb @@ -0,0 +1,18 @@ +require postfix.inc + +SRC_URI += "ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-${PV}.tar.gz \ + file://main.cf \ + file://postfix \ + file://internal_recipient \ + file://postfix.service \ + file://aliasesdb \ + file://check_hostname.sh \ + file://0001-Fix-makedefs.patch \ + file://0002-Change-fixed-postconf-to-a-variable-for-cross-compil.patch \ + file://0003-makedefs-Use-native-compiler-to-build-makedefs.test.patch \ + file://0004-Fix-icu-config.patch \ + file://0005-makedefs-add-lnsl-and-lresolv-to-SYSLIBS-by-default.patch \ + file://0006-makedefs-Account-for-linux-6.x-version.patch \ + " +SRC_URI[sha256sum] = "d22f3d37ef75613d5d573b56fc51ef097f2c0d0b0e407923711f71c1fb72911b" +UPSTREAM_CHECK_REGEX = "postfix\-(?P<pver>3\.6(\.\d+)+).tar.gz" diff --git a/meta-openembedded/meta-oe/README b/meta-openembedded/meta-oe/README index 676a2c8925..57a45f14da 100644 --- a/meta-openembedded/meta-oe/README +++ b/meta-openembedded/meta-oe/README @@ -4,7 +4,7 @@ meta-oe This layer depends on: URI: git://github.com/openembedded/openembedded-core.git -branch: master +branch: langdale luajit recipe requires host compiler to be able to generate 32bit code when target is 32bit e.g. arm, so ensure that $CC -m32 is functional on build host, if building this recipe, needed @@ -16,10 +16,10 @@ pacman -S lib32-gcc-libs lib32-glibc Ubuntu sudo apt-get install gcc-multilib linux-libc-dev:i386 -Send pull requests to openembedded-devel@lists.openembedded.org with '[meta-oe]' in the subject' +Send pull requests to openembedded-devel@lists.openembedded.org with '[meta-oe][langdale]' in the subject' When sending single patches, please use something like: -'git send-email -M -1 --to openembedded-devel@lists.openembedded.org --subject-prefix="meta-oe][PATCH"' +'git send-email -M -1 --to openembedded-devel@lists.openembedded.org --subject-prefix="meta-oe][langdale][PATCH"' You are encouraged to fork the mirror on GitHub https://github.com/openembedded/meta-openembedded to share your patches, this is preferred for patch sets consisting of more than one patch. @@ -28,4 +28,4 @@ Other services like GitLab, repo.or.cz or self-hosted setups are of course accep 'git fetch <remote>' works the same on all of them. We recommend GitHub because it is free, easy to use, has been proven to be reliable and has a really good web GUI. -layer maintainer: Khem Raj <raj.khem@gmail.com> +layer maintainer: Armin Kuster <akuster808@gmail.com> diff --git a/meta-openembedded/meta-oe/lib/oeqa/selftest/cases/syzkaller.py b/meta-openembedded/meta-oe/lib/oeqa/selftest/cases/syzkaller.py new file mode 100644 index 0000000000..64fc864bf8 --- /dev/null +++ b/meta-openembedded/meta-oe/lib/oeqa/selftest/cases/syzkaller.py @@ -0,0 +1,124 @@ +# +# SPDX-License-Identifier: MIT +# + +from oeqa.selftest.case import OESelftestTestCase +from oeqa.utils.commands import runCmd, bitbake, get_bb_var, get_bb_vars +from oeqa.utils.network import get_free_port + +class TestSyzkaller(OESelftestTestCase): + def setUpSyzkallerConfig(self, os_arch, qemu_postfix): + syz_target_sysroot = get_bb_var('PKGD', 'syzkaller') + syz_target = os.path.join(syz_target_sysroot, 'usr') + + qemu_native_bin = os.path.join(self.syz_native_sysroot, 'usr/bin/qemu-system-' + qemu_postfix) + kernel_cmdline = "ip=dhcp rootfs=/dev/sda dummy_hcd.num=%s" % (self.dummy_hcd_num) + kernel_objdir = self.deploy_dir_image + port = get_free_port() + + if not os.path.exists(self.syz_workdir): + os.mkdir(self.syz_workdir) + + with open(self.syz_cfg, 'w') as f: + f.write( +""" +{ + "target": "%s", + "http": "127.0.0.1:%s", + "workdir": "%s", + "kernel_obj": "%s", + "kernel_src": "%s", + "image": "%s", + "syzkaller": "%s", + "type": "qemu", + "reproduce" : false, + "sandbox": "none", + "vm": { + "count": %s, + "kernel": "%s", + "cmdline": "%s", + "cpu": %s, + "mem": %s, + "qemu": "%s", + "qemu_args": "-device virtio-scsi-pci,id=scsi -device scsi-hd,drive=rootfs -enable-kvm -cpu host,migratable=off", + "image_device": "drive index=0,id=rootfs,if=none,media=disk,file=" + } +} +""" +% (os_arch, port, self.syz_workdir, kernel_objdir, self.kernel_src, + self.rootfs, syz_target, self.syz_qemu_vms, self.kernel, kernel_cmdline, + self.syz_qemu_cpus, self.syz_qemu_mem, qemu_native_bin)) + + def test_syzkallerFuzzingQemux86_64(self): + self.image = 'core-image-minimal' + self.machine = 'qemux86-64' + self.fstype = "ext4" + + self.write_config( +""" +MACHINE = "%s" +IMAGE_FSTYPES = "%s" +KERNEL_IMAGETYPES += "vmlinux" +EXTRA_IMAGE_FEATURES += " ssh-server-openssh" +IMAGE_ROOTFS_EXTRA_SPACE = "512000" +KERNEL_EXTRA_FEATURES += " \ + cfg/debug/syzkaller/debug-syzkaller.scc \ +" +IMAGE_INSTALL:append = " syzkaller" +""" +% (self.machine, self.fstype)) + + build_vars = ['TOPDIR', 'DEPLOY_DIR_IMAGE', 'STAGING_KERNEL_DIR'] + syz_fuzz_vars = ['SYZ_WORKDIR', 'SYZ_FUZZTIME', 'SYZ_QEMU_MEM', 'SYZ_QEMU_CPUS', 'SYZ_QEMU_VM_COUNT'] + syz_aux_vars = ['SYZ_DUMMY_HCD_NUM'] + + needed_vars = build_vars + syz_fuzz_vars + syz_aux_vars + bb_vars = get_bb_vars(needed_vars) + + for var in syz_fuzz_vars: + if not bb_vars[var]: + self.skipTest( +""" +%s variable not set. +Please configure %s fuzzing parameters to run this test. + +Example local.conf config: +SYZ_WORKDIR="<path>" # syzkaller workdir location (must be persistent across os-selftest runs) +SYZ_FUZZTIME="30" # fuzzing time in minutes +SYZ_QEMU_VM_COUNT="1" # number of qemu VMs to be used for fuzzing +SYZ_QEMU_MEM="2048"' # memory used by each qemu VM +SYZ_QEMU_CPUS="2"' # number of cpus used by each qemu VM +""" +% (var, ', '.join(syz_fuzz_vars))) + + self.topdir = bb_vars['TOPDIR'] + self.deploy_dir_image = bb_vars['DEPLOY_DIR_IMAGE'] + self.kernel_src = bb_vars['STAGING_KERNEL_DIR'] + + """ + SYZ_WORKDIR must be set to an absolute path where syzkaller will store + the corpus database, config, runtime and crash data generated during + fuzzing. It must be persistent between oe-selftest runs, so the fuzzer + does not start over again on each run. + """ + self.syz_workdir = bb_vars['SYZ_WORKDIR'] + self.syz_fuzztime = int(bb_vars['SYZ_FUZZTIME']) * 60 + self.syz_qemu_mem = int(bb_vars['SYZ_QEMU_MEM']) + self.syz_qemu_cpus = int(bb_vars['SYZ_QEMU_CPUS']) + self.syz_qemu_vms = int(bb_vars['SYZ_QEMU_VM_COUNT']) + self.dummy_hcd_num = int(bb_vars['SYZ_DUMMY_HCD_NUM'] or 8) + + self.syz_cfg = os.path.join(self.syz_workdir, 'syzkaller.cfg') + self.kernel = os.path.join(self.deploy_dir_image, 'bzImage') + self.rootfs = os.path.join(self.deploy_dir_image, '%s-%s.%s' % (self.image, self.machine, self.fstype)) + + self.syz_native_sysroot = get_bb_var('RECIPE_SYSROOT_NATIVE', 'syzkaller-native') + + self.setUpSyzkallerConfig("linux/amd64", "x86_64") + + bitbake(self.image) + bitbake('syzkaller') + bitbake('syzkaller-native -c addto_recipe_sysroot') + + cmd = "syz-manager -config %s" % self.syz_cfg + runCmd(cmd, native_sysroot = self.syz_native_sysroot, timeout=self.syz_fuzztime, output_log=self.logger, ignore_status=True, shell=True) diff --git a/meta-openembedded/meta-oe/recipes-core/uutils-coreutils/uutils-coreutils_0.0.15.bb b/meta-openembedded/meta-oe/recipes-core/uutils-coreutils/uutils-coreutils_0.0.16.bb index 07004635f0..4b4f5f5102 100644 --- a/meta-openembedded/meta-oe/recipes-core/uutils-coreutils/uutils-coreutils_0.0.15.bb +++ b/meta-openembedded/meta-oe/recipes-core/uutils-coreutils/uutils-coreutils_0.0.16.bb @@ -6,9 +6,9 @@ inherit cargo # DEFAULT_PREFERENCE = "-1" # how to get coreutils could be as easy as but default to a git checkout: -# SRC_URI += "crate://crates.io/coreutils/0.0.15" +# SRC_URI += "crate://crates.io/coreutils/0.0.16" SRC_URI += "git://github.com/uutils/coreutils.git;protocol=https;nobranch=1" -SRCREV = "5b6cd6146b40f5c1391cd812b1b929edd2283994" +SRCREV = "af13472223a1b6b6b4111a06faa8f561f04c3e59" S = "${WORKDIR}/git" CARGO_SRC_DIR = "" @@ -19,9 +19,9 @@ SRC_URI += " \ crate://crates.io/Inflector/0.11.4 \ crate://crates.io/adler/1.0.2 \ crate://crates.io/ahash/0.7.6 \ - crate://crates.io/aho-corasick/0.7.18 \ + crate://crates.io/aho-corasick/0.7.19 \ crate://crates.io/aliasable/0.1.3 \ - crate://crates.io/android_system_properties/0.1.4 \ + crate://crates.io/android_system_properties/0.1.5 \ crate://crates.io/ansi_term/0.12.1 \ crate://crates.io/arrayref/0.3.6 \ crate://crates.io/arrayvec/0.7.2 \ @@ -29,25 +29,23 @@ SRC_URI += " \ crate://crates.io/autocfg/1.1.0 \ crate://crates.io/bigdecimal/0.3.0 \ crate://crates.io/binary-heap-plus/0.4.1 \ - crate://crates.io/bindgen/0.59.2 \ + crate://crates.io/bindgen/0.60.1 \ crate://crates.io/bitflags/1.3.2 \ crate://crates.io/blake2b_simd/1.0.0 \ crate://crates.io/blake3/1.3.1 \ - crate://crates.io/block-buffer/0.10.2 \ + crate://crates.io/block-buffer/0.10.3 \ crate://crates.io/bstr/0.2.17 \ - crate://crates.io/bumpalo/3.10.0 \ + crate://crates.io/bumpalo/3.11.0 \ crate://crates.io/byte-unit/4.0.14 \ crate://crates.io/bytecount/0.6.3 \ crate://crates.io/byteorder/1.4.3 \ crate://crates.io/cc/1.0.73 \ crate://crates.io/cexpr/0.6.0 \ - crate://crates.io/cfg-if/0.1.10 \ crate://crates.io/cfg-if/1.0.0 \ crate://crates.io/chrono/0.4.22 \ crate://crates.io/clang-sys/1.3.3 \ - crate://crates.io/clap/2.34.0 \ - crate://crates.io/clap/3.2.17 \ - crate://crates.io/clap_complete/3.2.4 \ + crate://crates.io/clap/3.2.22 \ + crate://crates.io/clap_complete/3.2.5 \ crate://crates.io/clap_lex/0.2.4 \ crate://crates.io/compare/0.1.0 \ crate://crates.io/constant_time_eq/0.1.5 \ @@ -55,14 +53,10 @@ SRC_URI += " \ crate://crates.io/core-foundation-sys/0.8.3 \ crate://crates.io/coz/0.1.3 \ crate://crates.io/cpp/0.5.7 \ - crate://crates.io/cpp_build/0.4.0 \ - crate://crates.io/cpp_common/0.4.0 \ + crate://crates.io/cpp_build/0.5.7 \ crate://crates.io/cpp_common/0.5.7 \ crate://crates.io/cpp_macros/0.5.7 \ - crate://crates.io/cpp_syn/0.12.0 \ - crate://crates.io/cpp_synmap/0.3.0 \ - crate://crates.io/cpp_synom/0.12.0 \ - crate://crates.io/cpufeatures/0.2.2 \ + crate://crates.io/cpufeatures/0.2.5 \ crate://crates.io/crc32fast/1.3.2 \ crate://crates.io/crossbeam-channel/0.5.6 \ crate://crates.io/crossbeam-deque/0.8.2 \ @@ -70,6 +64,7 @@ SRC_URI += " \ crate://crates.io/crossbeam-utils/0.8.11 \ crate://crates.io/crossterm/0.25.0 \ crate://crates.io/crossterm_winapi/0.9.0 \ + crate://crates.io/crunchy/0.2.2 \ crate://crates.io/crypto-common/0.1.6 \ crate://crates.io/ctor/0.1.23 \ crate://crates.io/ctrlc/3.2.3 \ @@ -78,13 +73,15 @@ SRC_URI += " \ crate://crates.io/data-encoding-macro/0.1.12 \ crate://crates.io/data-encoding/2.3.2 \ crate://crates.io/diff/0.1.13 \ - crate://crates.io/digest/0.10.3 \ + crate://crates.io/digest/0.10.5 \ crate://crates.io/dlv-list/0.3.0 \ crate://crates.io/dns-lookup/1.0.8 \ crate://crates.io/dunce/1.0.2 \ - crate://crates.io/either/1.7.0 \ + crate://crates.io/either/1.8.0 \ crate://crates.io/env_logger/0.8.4 \ crate://crates.io/env_logger/0.9.0 \ + crate://crates.io/errno-dragonfly/0.1.2 \ + crate://crates.io/errno/0.2.8 \ crate://crates.io/exacl/0.9.0 \ crate://crates.io/fastrand/1.8.0 \ crate://crates.io/file_diff/1.0.0 \ @@ -93,12 +90,12 @@ SRC_URI += " \ crate://crates.io/fnv/1.0.7 \ crate://crates.io/fs_extra/1.2.0 \ crate://crates.io/fsevent-sys/4.1.0 \ - crate://crates.io/fts-sys/0.2.1 \ + crate://crates.io/fts-sys/0.2.2 \ crate://crates.io/gcd/2.1.0 \ crate://crates.io/generic-array/0.14.6 \ crate://crates.io/getrandom/0.2.7 \ crate://crates.io/glob/0.3.0 \ - crate://crates.io/half/1.8.2 \ + crate://crates.io/half/2.1.0 \ crate://crates.io/hashbrown/0.12.3 \ crate://crates.io/heck/0.4.0 \ crate://crates.io/hermit-abi/0.1.19 \ @@ -106,56 +103,55 @@ SRC_URI += " \ crate://crates.io/hex/0.4.3 \ crate://crates.io/hostname/0.3.1 \ crate://crates.io/humantime/2.1.0 \ - crate://crates.io/iana-time-zone/0.1.45 \ + crate://crates.io/iana-time-zone/0.1.48 \ crate://crates.io/indexmap/1.9.1 \ crate://crates.io/inotify-sys/0.1.5 \ crate://crates.io/inotify/0.9.6 \ crate://crates.io/instant/0.1.12 \ - crate://crates.io/itertools/0.10.3 \ + crate://crates.io/io-lifetimes/0.7.3 \ + crate://crates.io/itertools/0.10.4 \ crate://crates.io/itoa/1.0.3 \ - crate://crates.io/js-sys/0.3.59 \ + crate://crates.io/js-sys/0.3.60 \ crate://crates.io/keccak/0.1.2 \ - crate://crates.io/kernel32-sys/0.2.2 \ crate://crates.io/kqueue-sys/1.0.3 \ crate://crates.io/kqueue/1.0.6 \ crate://crates.io/lazy_static/1.4.0 \ crate://crates.io/lazycell/1.3.0 \ crate://crates.io/libc/0.2.132 \ crate://crates.io/libloading/0.7.3 \ - crate://crates.io/lock_api/0.4.7 \ + crate://crates.io/linux-raw-sys/0.0.46 \ + crate://crates.io/lock_api/0.4.8 \ crate://crates.io/log/0.4.17 \ crate://crates.io/lscolors/0.12.0 \ crate://crates.io/match_cfg/0.1.0 \ - crate://crates.io/md-5/0.10.1 \ - crate://crates.io/memchr/1.0.2 \ + crate://crates.io/md-5/0.10.5 \ crate://crates.io/memchr/2.5.0 \ crate://crates.io/memmap2/0.5.7 \ crate://crates.io/memoffset/0.6.5 \ crate://crates.io/minimal-lexical/0.2.1 \ - crate://crates.io/miniz_oxide/0.5.3 \ + crate://crates.io/miniz_oxide/0.5.4 \ crate://crates.io/mio/0.8.4 \ crate://crates.io/nix/0.25.0 \ crate://crates.io/nom/7.1.1 \ - crate://crates.io/notify/5.0.0-pre.16 \ + crate://crates.io/notify/5.0.0 \ crate://crates.io/num-bigint/0.4.3 \ crate://crates.io/num-integer/0.1.45 \ crate://crates.io/num-traits/0.2.15 \ crate://crates.io/num_cpus/1.13.1 \ crate://crates.io/num_threads/0.1.6 \ crate://crates.io/number_prefix/0.4.0 \ - crate://crates.io/numtoa/0.1.0 \ - crate://crates.io/once_cell/1.13.1 \ - crate://crates.io/onig/6.3.2 \ + crate://crates.io/once_cell/1.14.0 \ + crate://crates.io/onig/6.4.0 \ crate://crates.io/onig_sys/69.8.1 \ crate://crates.io/ordered-multimap/0.4.3 \ crate://crates.io/os_display/0.1.3 \ - crate://crates.io/os_str_bytes/6.0.1 \ - crate://crates.io/ouroboros/0.15.2 \ - crate://crates.io/ouroboros_macro/0.15.2 \ + crate://crates.io/os_str_bytes/6.3.0 \ + crate://crates.io/ouroboros/0.15.5 \ + crate://crates.io/ouroboros_macro/0.15.5 \ crate://crates.io/output_vt100/0.1.3 \ crate://crates.io/parking_lot/0.12.1 \ crate://crates.io/parking_lot_core/0.9.3 \ - crate://crates.io/paste/1.0.8 \ + crate://crates.io/paste/1.0.9 \ crate://crates.io/peeking_take_while/0.1.2 \ crate://crates.io/phf/0.10.1 \ crate://crates.io/phf_codegen/0.10.0 \ @@ -165,22 +161,21 @@ SRC_URI += " \ crate://crates.io/pkg-config/0.3.25 \ crate://crates.io/platform-info/1.0.0 \ crate://crates.io/ppv-lite86/0.2.16 \ - crate://crates.io/pretty_assertions/1.2.1 \ + crate://crates.io/pretty_assertions/1.3.0 \ crate://crates.io/proc-macro-error-attr/1.0.4 \ crate://crates.io/proc-macro-error/1.0.4 \ crate://crates.io/proc-macro2/1.0.43 \ + crate://crates.io/procfs/0.14.1 \ crate://crates.io/quick-error/2.0.1 \ crate://crates.io/quickcheck/1.0.3 \ - crate://crates.io/quote/0.3.15 \ crate://crates.io/quote/1.0.21 \ crate://crates.io/rand/0.8.5 \ crate://crates.io/rand_chacha/0.3.1 \ - crate://crates.io/rand_core/0.6.3 \ + crate://crates.io/rand_core/0.6.4 \ crate://crates.io/rayon-core/1.9.3 \ crate://crates.io/rayon/1.5.3 \ crate://crates.io/redox_syscall/0.2.16 \ - crate://crates.io/redox_termios/0.1.2 \ - crate://crates.io/reference-counted-singleton/0.1.1 \ + crate://crates.io/reference-counted-singleton/0.1.2 \ crate://crates.io/regex-automata/0.1.10 \ crate://crates.io/regex-syntax/0.6.27 \ crate://crates.io/regex/1.6.0 \ @@ -190,14 +185,15 @@ SRC_URI += " \ crate://crates.io/rlimit/0.8.3 \ crate://crates.io/rust-ini/0.18.0 \ crate://crates.io/rustc-hash/1.1.0 \ + crate://crates.io/rustix/0.35.9 \ crate://crates.io/rustversion/1.0.9 \ crate://crates.io/same-file/1.0.6 \ crate://crates.io/scopeguard/1.1.0 \ - crate://crates.io/selinux-sys/0.5.2 \ - crate://crates.io/selinux/0.2.7 \ - crate://crates.io/sha1/0.10.1 \ - crate://crates.io/sha2/0.10.2 \ - crate://crates.io/sha3/0.10.2 \ + crate://crates.io/selinux-sys/0.5.3 \ + crate://crates.io/selinux/0.3.0 \ + crate://crates.io/sha1/0.10.5 \ + crate://crates.io/sha2/0.10.6 \ + crate://crates.io/sha3/0.10.5 \ crate://crates.io/shlex/1.1.0 \ crate://crates.io/signal-hook-mio/0.2.3 \ crate://crates.io/signal-hook-registry/1.4.0 \ @@ -205,9 +201,8 @@ SRC_URI += " \ crate://crates.io/siphasher/0.3.10 \ crate://crates.io/smallvec/1.9.0 \ crate://crates.io/smawk/0.3.1 \ - crate://crates.io/socket2/0.4.4 \ + crate://crates.io/socket2/0.4.7 \ crate://crates.io/strsim/0.10.0 \ - crate://crates.io/strsim/0.8.0 \ crate://crates.io/strum/0.24.1 \ crate://crates.io/strum_macros/0.24.3 \ crate://crates.io/subtle/2.4.1 \ @@ -215,43 +210,36 @@ SRC_URI += " \ crate://crates.io/tempfile/3.3.0 \ crate://crates.io/term_grid/0.1.7 \ crate://crates.io/termcolor/1.1.3 \ - crate://crates.io/terminal_size/0.1.17 \ - crate://crates.io/termion/1.5.6 \ - crate://crates.io/termsize/0.1.6 \ - crate://crates.io/textwrap/0.11.0 \ - crate://crates.io/textwrap/0.15.0 \ - crate://crates.io/thiserror-impl/1.0.32 \ - crate://crates.io/thiserror/1.0.32 \ + crate://crates.io/terminal_size/0.2.1 \ + crate://crates.io/textwrap/0.15.1 \ + crate://crates.io/thiserror-impl/1.0.36 \ + crate://crates.io/thiserror/1.0.36 \ crate://crates.io/time-macros/0.2.4 \ - crate://crates.io/time/0.3.9 \ + crate://crates.io/time/0.3.14 \ crate://crates.io/typenum/1.15.0 \ - crate://crates.io/unicode-ident/1.0.3 \ + crate://crates.io/unicode-ident/1.0.4 \ crate://crates.io/unicode-linebreak/0.1.2 \ - crate://crates.io/unicode-segmentation/1.9.0 \ - crate://crates.io/unicode-width/0.1.9 \ - crate://crates.io/unicode-xid/0.0.4 \ + crate://crates.io/unicode-segmentation/1.10.0 \ + crate://crates.io/unicode-width/0.1.10 \ + crate://crates.io/unicode-xid/0.2.4 \ crate://crates.io/unindent/0.1.10 \ - crate://crates.io/unix_socket/0.5.0 \ crate://crates.io/users/0.11.0 \ crate://crates.io/utf-8/0.7.6 \ crate://crates.io/utf8-width/0.1.6 \ crate://crates.io/uuid/1.1.2 \ - crate://crates.io/vec_map/0.8.2 \ crate://crates.io/version_check/0.9.4 \ crate://crates.io/walkdir/2.3.2 \ crate://crates.io/wasi/0.11.0+wasi-snapshot-preview1 \ - crate://crates.io/wasm-bindgen-backend/0.2.82 \ - crate://crates.io/wasm-bindgen-macro-support/0.2.82 \ - crate://crates.io/wasm-bindgen-macro/0.2.82 \ - crate://crates.io/wasm-bindgen-shared/0.2.82 \ - crate://crates.io/wasm-bindgen/0.2.82 \ - crate://crates.io/which/4.2.5 \ + crate://crates.io/wasm-bindgen-backend/0.2.83 \ + crate://crates.io/wasm-bindgen-macro-support/0.2.83 \ + crate://crates.io/wasm-bindgen-macro/0.2.83 \ + crate://crates.io/wasm-bindgen-shared/0.2.83 \ + crate://crates.io/wasm-bindgen/0.2.83 \ + crate://crates.io/which/4.3.0 \ crate://crates.io/wild/2.1.0 \ - crate://crates.io/winapi-build/0.1.1 \ crate://crates.io/winapi-i686-pc-windows-gnu/0.4.0 \ crate://crates.io/winapi-util/0.1.5 \ crate://crates.io/winapi-x86_64-pc-windows-gnu/0.4.0 \ - crate://crates.io/winapi/0.2.8 \ crate://crates.io/winapi/0.3.9 \ crate://crates.io/windows-sys/0.36.1 \ crate://crates.io/windows_aarch64_msvc/0.36.1 \ @@ -260,6 +248,7 @@ SRC_URI += " \ crate://crates.io/windows_x86_64_gnu/0.36.1 \ crate://crates.io/windows_x86_64_msvc/0.36.1 \ crate://crates.io/xattr/0.2.3 \ + crate://crates.io/yansi/0.5.1 \ crate://crates.io/z85/3.0.5 \ crate://crates.io/zip/0.6.2 \ " diff --git a/meta-openembedded/meta-oe/recipes-devtools/jq/jq/run-ptest b/meta-openembedded/meta-oe/recipes-devtools/jq/jq/run-ptest index 0e4c707e96..a813958b5a 100644..100755 --- a/meta-openembedded/meta-oe/recipes-devtools/jq/jq/run-ptest +++ b/meta-openembedded/meta-oe/recipes-devtools/jq/jq/run-ptest @@ -1,11 +1,37 @@ #!/bin/sh +JQ_LIB=@libdir@/jq +LOG="${JQ_LIB}/ptest/jq_ptest_$(date +%Y%m%d-%H%M%S).log" + +# clean up the log file to avoid a file has the same name and has existing content +echo "" > ${LOG} + +# The purpose of ptest is doing intergration test, so disable valgrind by default +# change PACKAGECOFIG to enable valgrind. +#export NO_VALGRIND=1 +# The --enable-valgrind configure option for jq only can be used within Makefiles, +# and it cannot be utilized here since it also checks compile, which cannot be avoid +# Requested enhancement to jq: https://github.com/stedolan/jq/issues/2493 + for test in optionaltest mantest jqtest onigtest shtest utf8test base64test; do - ./tests/${test} + ./tests/${test} >> ${LOG} 2>> ${LOG} if [ $? -eq 0 ]; then echo "PASS: ${test}" + echo "PASS: ${test}" >> ${LOG} else echo "FAIL: ${test}" + echo "FAIL: ${test}" >> ${LOG} fi done +passed=`grep PASS: ${LOG}|wc -l` +failed=`grep FAIL: ${LOG}|wc -l` +skipped=`grep SKIP: ${LOG}|wc -l` +all=$((passed + failed + skipped)) + +( echo "=== Test Summary ===" + echo "TOTAL: ${all}" + echo "PASSED: ${passed}" + echo "FAILED: ${failed}" + echo "SKIPPED: ${skipped}" +) | tee -a /${LOG} diff --git a/meta-openembedded/meta-oe/recipes-devtools/jq/jq_git.bb b/meta-openembedded/meta-oe/recipes-devtools/jq/jq_git.bb index c6634cd300..4fa98aa44f 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/jq/jq_git.bb +++ b/meta-openembedded/meta-oe/recipes-devtools/jq/jq_git.bb @@ -24,10 +24,8 @@ PACKAGECONFIG ?= "oniguruma" PACKAGECONFIG[docs] = "--enable-docs,--disable-docs,ruby-native" PACKAGECONFIG[maintainer-mode] = "--enable-maintainer-mode,--disable-maintainer-mode,flex-native bison-native" PACKAGECONFIG[oniguruma] = "--with-oniguruma,--without-oniguruma,onig" - -EXTRA_OECONF += " \ - --disable-valgrind \ -" +# enable if you want ptest running under valgrind +PACKAGECONFIG[valgrind] = "--enable-valgrind,--disable-valgrind,valgrind" do_install_ptest() { cp -rf ${B}/tests ${D}${PTEST_PATH} @@ -35,6 +33,11 @@ do_install_ptest() { # libjq.so.* is packaged in the main jq component, so remove it from ptest rm -f ${D}${PTEST_PATH}/.libs/libjq.so.* ln -sf ${bindir}/jq ${D}${PTEST_PATH} + if [ "${@bb.utils.contains('PACKAGECONFIG', 'valgrind', 'true', 'false', d)}" = "false" ]; then + sed -i 's:#export NO_VALGRIND=1:export NO_VALGRIND=1:g' ${D}${PTEST_PATH}/run-ptest + fi + # handle multilib + sed -i s:@libdir@:${libdir}:g ${D}${PTEST_PATH}/run-ptest } BBCLASSEXTEND = "native" diff --git a/meta-openembedded/meta-oe/recipes-devtools/perfetto/files/0001-meson-add-pc-file-for-lib_perfetto.patch b/meta-openembedded/meta-oe/recipes-devtools/perfetto/files/0001-meson-add-pc-file-for-lib_perfetto.patch new file mode 100644 index 0000000000..70de44173d --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-devtools/perfetto/files/0001-meson-add-pc-file-for-lib_perfetto.patch @@ -0,0 +1,52 @@ +From 027f90dc9386ec08f2a5107025683e5fed6f3444 Mon Sep 17 00:00:00 2001 +From: Markus Volk <f_l_k@t-online.de> +Date: Mon, 17 Oct 2022 19:20:53 +0200 +Subject: [PATCH] meson: add PC file for lib_perfetto + +--- + meson.build | 12 ++++++++++-- + 1 file changed, 10 insertions(+), 2 deletions(-) + +diff --git a/meson.build b/meson.build +index 06015141c..752b4d928 100644 +--- a/meson.build ++++ b/meson.build +@@ -19,9 +19,12 @@ + project( + 'perfetto', + ['c','cpp'], +- default_options: ['c_std=c99', 'cpp_std=c++11'] ++ default_options: ['c_std=c99', 'cpp_std=c++11'], ++ version: '27.1' + ) + ++soversion = meson.project_version() ++ + fs = import('fs') + + if not fs.is_dir('sdk') +@@ -30,8 +33,9 @@ endif + + dep_threads = dependency('threads') + +-lib_perfetto = static_library( ++lib_perfetto = shared_library( + 'perfetto', ++ version: soversion, + sources: 'sdk/perfetto.cc', + dependencies: dep_threads, + install: true, +@@ -39,6 +43,10 @@ lib_perfetto = static_library( + + inc_perfetto = include_directories('sdk') + ++install_headers('sdk/perfetto.h') ++pkg = import('pkgconfig') ++pkg.generate(lib_perfetto) ++ + dep_perfetto = declare_dependency( + link_with: lib_perfetto, + include_directories: inc_perfetto, +-- +2.34.1 + diff --git a/meta-openembedded/meta-oe/recipes-devtools/perfetto/libperfetto.bb b/meta-openembedded/meta-oe/recipes-devtools/perfetto/libperfetto.bb new file mode 100644 index 0000000000..c8f56fd527 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-devtools/perfetto/libperfetto.bb @@ -0,0 +1,14 @@ +LICENSE = "Apache-2.0" +LIC_FILES_CHKSUM = "file://LICENSE;md5=f87516e0b698007e9e75a1fe1012b390" + +require perfetto.inc + +inherit meson + +SRC_URI:append = " file://0001-meson-add-pc-file-for-lib_perfetto.patch" + +LDFLAGS += "-Wl,--as-needed -latomic -Wl,--no-as-needed" + +FILES:${PN} += "${datadir}" + +BBCLASSEXTEND = "native nativesdk" diff --git a/meta-openembedded/meta-oe/recipes-devtools/perfetto/perfetto.bb b/meta-openembedded/meta-oe/recipes-devtools/perfetto/perfetto.bb index 143445c145..98e39f068d 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/perfetto/perfetto.bb +++ b/meta-openembedded/meta-oe/recipes-devtools/perfetto/perfetto.bb @@ -10,7 +10,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=f87516e0b698007e9e75a1fe1012b390 \ file://debian/copyright;md5=4e08364c82141f181de69d0a2b89d612 \ file://python/LICENSE;md5=c602a632c34ade9c78a976734077bce7" -SRC_URI = "git://github.com/google/perfetto.git;branch=master;protocol=https;name=perfetto \ +SRC_URI:append = " \ git://github.com/protocolbuffers/protobuf.git;branch=3.9.x;protocol=https;destsuffix=git/buildtools/protobuf;name=protobuf \ git://chromium.googlesource.com/external/github.com/llvm/llvm-project/libcxx.git;protocol=https;destsuffix=git/buildtools/libcxx;branch=main;name=libcxx \ git://chromium.googlesource.com/external/github.com/llvm/llvm-project/libcxxabi.git;protocol=https;destsuffix=git/buildtools/libcxxabi;branch=main;name=libcxxabi \ @@ -19,7 +19,6 @@ SRC_URI = "git://github.com/google/perfetto.git;branch=master;protocol=https;nam https://storage.googleapis.com/perfetto/gn-linux64-1968-0725d782;subdir=git/buildtools/;name=gn \ file://0001-Remove-check_build_deps-build-steps.patch " -SRCREV_perfetto = "5bd3f582c075d0d026c5fe0b5e291d34dee0d976" SRCREV_protobuf = "6a59a2ad1f61d9696092f79b6d74368b4d7970a3" SRCREV_libcxx = "d9040c75cfea5928c804ab7c235fed06a63f743a" SRCREV_libcxxabi = "196ba1aaa8ac285d94f4ea8d9836390a45360533" @@ -27,6 +26,8 @@ SRCREV_libunwind = "d999d54f4bca789543a2eb6c995af2d9b5a1f3ed" SRCREV_zlib = "5c85a2da4c13eda07f69d81a1579a5afddd35f59" SRC_URI[gn.sha256sum] = "f706aaa0676e3e22f5fc9ca482295d7caee8535d1869f99efa2358177b64f5cd" +require perfetto.inc + DEPENDS += " ninja-native" COMPATIBLE_HOST = "(i.86|x86_64|aarch64|arm).*-linux*" @@ -35,7 +36,6 @@ FILES:${PN}:append = " \ ${bindir}/tracebox \ " -S = "${WORKDIR}/git" B = "${WORKDIR}/build" # Run the GN (Generate Ninja) script, and replace the compiler flags where applicable diff --git a/meta-openembedded/meta-oe/recipes-devtools/perfetto/perfetto.inc b/meta-openembedded/meta-oe/recipes-devtools/perfetto/perfetto.inc new file mode 100644 index 0000000000..5cb6f8bb34 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-devtools/perfetto/perfetto.inc @@ -0,0 +1,9 @@ +SUMMARY = "Perfetto - System profiling, app tracing and trace analysis." +HOMEPAGE = "https://github.com/google/perfetto" + +SRC_URI = "git://github.com/google/perfetto.git;protocol=https;name=perfetto;nobranch=1" + +SRCREV_perfetto = "1c52b5e132312aeb007ed180d4ba1d8d66227923" +PV = "27.1" + +S = "${WORKDIR}/git" diff --git a/meta-openembedded/meta-oe/recipes-devtools/protobuf/protobuf_3.21.5.bb b/meta-openembedded/meta-oe/recipes-devtools/protobuf/protobuf_3.21.5.bb index 0bc9cbedc0..c8b9158e6c 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/protobuf/protobuf_3.21.5.bb +++ b/meta-openembedded/meta-oe/recipes-devtools/protobuf/protobuf_3.21.5.bb @@ -26,6 +26,7 @@ inherit cmake pkgconfig ptest PACKAGECONFIG ??= "" PACKAGECONFIG:class-native ?= "compiler" +PACKAGECONFIG:class-nativesdk ?= "compiler" PACKAGECONFIG[python] = ",," PACKAGECONFIG[compiler] = "-Dprotobuf_BUILD_PROTOC_BINARIES=ON,-Dprotobuf_BUILD_PROTOC_BINARIES=OFF" diff --git a/meta-openembedded/meta-oe/recipes-security/audit/audit/0001-Make-IPX-packet-interpretation-dependent-on-the-ipx-header.patch b/meta-openembedded/meta-oe/recipes-security/audit/audit/0001-Make-IPX-packet-interpretation-dependent-on-the-ipx-header.patch new file mode 100644 index 0000000000..054f50ab23 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-security/audit/audit/0001-Make-IPX-packet-interpretation-dependent-on-the-ipx-header.patch @@ -0,0 +1,65 @@ +From 6b09724c69d91668418ddb3af00da6db6755208c Mon Sep 17 00:00:00 2001 +From: Steve Grubb <sgrubb@redhat.com> +Date: Thu, 2 Sep 2021 15:01:12 -0400 +Subject: [PATCH] Make IPX packet interpretation dependent on the ipx header + file existing + +Upstream-Status: Backport [https://github.com/linux-audit/audit-userspace/commit/6b09724c69d91668418ddb3af00da6db6755208c.patch] +Comment: Remove one hunk from changelog file and refresh rest hunks as per codebase of audit_2.8.5 +Signed-off-by: Akash Hadke <akash.hadke@kpit.com> +--- + auparse/interpret.c | 8 ++++++-- + configure.ac | 6 ++++++ + 2 files changed, 12 insertions(+), 2 deletions(-) + +diff --git a/auparse/interpret.c b/auparse/interpret.c +index 63829aa0e..6c316456d 100644 +--- a/auparse/interpret.c 2022-10-14 11:22:20.833880000 +0200 ++++ b/auparse/interpret.c 2022-10-14 11:35:13.196455950 +0200 +@@ -44,8 +44,10 @@ + #include <linux/ax25.h> + #include <linux/atm.h> + #include <linux/x25.h> +-#include <linux/if.h> // FIXME: remove when ipx.h is fixed +-#include <linux/ipx.h> ++#ifdef HAVE_IPX_HEADERS ++ #include <linux/if.h> // FIXME: remove when ipx.h is fixed ++ #include <linux/ipx.h> ++#endif + #include <linux/capability.h> + #include <sys/personality.h> + #include <sys/prctl.h> +@@ -1158,6 +1160,7 @@ + x->sax25_call.ax25_call[6]); + } + break; ++#ifdef HAVE_IPX_HEADERS + case AF_IPX: + { + const struct sockaddr_ipx *ip = +@@ -1167,6 +1170,7 @@ + str, ip->sipx_port, ip->sipx_network); + } + break; ++#endif + case AF_ATMPVC: + { + const struct sockaddr_atmpvc* at = +diff --git a/configure.ac b/configure.ac +index 8f541e4c0..005eb0b5b 100644 +--- a/configure.ac 2022-10-14 11:22:20.833880000 +0200 ++++ b/configure.ac 2022-10-14 11:36:32.391044084 +0200 +@@ -414,6 +414,12 @@ + AC_DEFINE_UNQUOTED(HAVE_LIBWRAP, [], Define if tcp_wrappers support is enabled ) + fi + ++# linux/ipx.h - deprecated in 2018 ++AC_CHECK_HEADER(linux/ipx.h, ipx_headers=yes, ipx_headers=no) ++if test $ipx_headers = yes ; then ++ AC_DEFINE(HAVE_IPX_HEADERS,1,[IPX packet interpretation]) ++fi ++ + # See if we want to support lower capabilities for plugins + LIBCAP_NG_PATH + + diff --git a/meta-openembedded/meta-oe/recipes-security/audit/audit/0002-Fixed-swig-host-contamination-issue.patch b/meta-openembedded/meta-oe/recipes-security/audit/audit/0002-Fixed-swig-host-contamination-issue.patch index 4a1b979975..39a090c83b 100644 --- a/meta-openembedded/meta-oe/recipes-security/audit/audit/0002-Fixed-swig-host-contamination-issue.patch +++ b/meta-openembedded/meta-oe/recipes-security/audit/audit/0002-Fixed-swig-host-contamination-issue.patch @@ -13,6 +13,11 @@ Upstream-Status: Inappropriate [embedded specific] Signed-off-by: Anders Hedlund <anders.hedlund@windriver.com> Signed-off-by: Joe Slater <jslater@windriver.com> Signed-off-by: Yi Zhao <yi.zhao@windriver.com> + +Comment: Refresh hunk from auditswig.i to fix build with linux 5.17+ +Reference-Commit: ee3c680c3 audit: Upgrade to 3.0.8 and fix build with linux 5.17+ +Signed-off-by: Akash Hadke <akash.hadke@kpit.com> +Signed-off-by: Akash Hadke <hadkeakash4@gmail.com> --- bindings/swig/python3/Makefile.am | 3 ++- bindings/swig/src/auditswig.i | 2 +- @@ -43,12 +48,12 @@ diff --git a/bindings/swig/src/auditswig.i b/bindings/swig/src/auditswig.i index 7ebb373..424fb68 100644 --- a/bindings/swig/src/auditswig.i +++ b/bindings/swig/src/auditswig.i -@@ -39,7 +39,7 @@ signed +@@ -39,7 +39,7 @@ #define __attribute(X) /*nothing*/ typedef unsigned __u32; typedef unsigned uid_t; -%include "/usr/include/linux/audit.h" -+%include "linux/audit.h" ++%include "../lib/audit.h" #define __extension__ /*nothing*/ #include <stdint.h> %include "../lib/libaudit.h" diff --git a/meta-openembedded/meta-oe/recipes-security/audit/audit_2.8.5.bb b/meta-openembedded/meta-oe/recipes-security/audit/audit_2.8.5.bb index 347c855063..f846b27f90 100644 --- a/meta-openembedded/meta-oe/recipes-security/audit/audit_2.8.5.bb +++ b/meta-openembedded/meta-oe/recipes-security/audit/audit_2.8.5.bb @@ -14,6 +14,7 @@ SRC_URI = "git://github.com/linux-audit/${BPN}-userspace.git;branch=2.8_maintena file://auditd \ file://auditd.service \ file://audit-volatile.conf \ + file://0001-Make-IPX-packet-interpretation-dependent-on-the-ipx-header.patch \ " S = "${WORKDIR}/git" @@ -72,6 +73,11 @@ FILES:${PN}-python = "${libdir}/python${PYTHON_BASEVERSION}" CONFFILES:auditd = "${sysconfdir}/audit/audit.rules" RDEPENDS:auditd = "bash" +do_configure:prepend() { + sed -e 's|buf\[];|buf[0];|g' ${STAGING_INCDIR}/linux/audit.h > ${S}/lib/audit.h + sed -i -e 's|#include <linux/audit.h>|#include "audit.h"|g' ${S}/lib/libaudit.h +} + do_install:append() { rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.a rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.la diff --git a/meta-openembedded/meta-oe/recipes-support/msktutil/msktutil_1.2.bb b/meta-openembedded/meta-oe/recipes-support/msktutil/msktutil_1.2.bb new file mode 100644 index 0000000000..1b9a04ef29 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-support/msktutil/msktutil_1.2.bb @@ -0,0 +1,15 @@ +SUMMARY = "Program for interoperability with Active Directory" +DESCRIPTION = "Msktutil creates user or computer accounts in Active Directory, \ + creates Kerberos keytabs on Unix/Linux systems, adds and removes \ + principals to and from keytabs and changes the user or computer \ + account's password." + +LICENSE = "GPL-2.0-only" +LIC_FILES_CHKSUM = "file://LICENSE;md5=eb723b61539feef013de476e68b5c50a" + +SRC_URI = "https://github.com/msktutil/msktutil/releases/download/v${PV}/msktutil-${PV}.tar.bz2" +SRC_URI[sha256sum] = "27dc078cbac3186540d8ea845fc0ced6b1d9f844e586ccd9eaa2d9f4650c2ce6" + +DEPENDS += "krb5 cyrus-sasl openldap" + +inherit autotools diff --git a/meta-openembedded/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers_6.1.38.bb b/meta-openembedded/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers_7.0.0.bb index 235bc30614..46484475ed 100644 --- a/meta-openembedded/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers_6.1.38.bb +++ b/meta-openembedded/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers_7.0.0.bb @@ -1,7 +1,7 @@ SUMMARY = "VirtualBox Linux Guest Drivers" SECTION = "core" -LICENSE = "GPL-2.0-only" -LIC_FILES_CHKSUM = "file://${WORKDIR}/${VBOX_NAME}/COPYING;md5=e197d5641bb35b29d46ca8c4bf7f2660" +LICENSE = "GPL-3.0-only" +LIC_FILES_CHKSUM = "file://${WORKDIR}/${VBOX_NAME}/COPYING;md5=fff5fe1c81dd6dc3d522e7862e44881e" DEPENDS = "virtual/kernel" @@ -15,7 +15,7 @@ SRC_URI = "http://download.virtualbox.org/virtualbox/${PV}/${VBOX_NAME}.tar.bz2 file://Makefile.utils \ " -SRC_URI[sha256sum] = "56d997b58154df3974ce040a64970fa774add41e84b23dfb84b279b24545d7e4" +SRC_URI[sha256sum] = "1e5b321bf20eec03154e2b3e16331f827a472d6e8e5b1e04c27041978975a97a" S ?= "${WORKDIR}/vbox_module" S:task-patch = "${WORKDIR}/${VBOX_NAME}" diff --git a/meta-openembedded/meta-oe/recipes-test/syzkaller/syzkaller/0001-sys-targets-targets.go-allow-users-to-override-hardc.patch b/meta-openembedded/meta-oe/recipes-test/syzkaller/syzkaller/0001-sys-targets-targets.go-allow-users-to-override-hardc.patch new file mode 100644 index 0000000000..d647b8d4a0 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-test/syzkaller/syzkaller/0001-sys-targets-targets.go-allow-users-to-override-hardc.patch @@ -0,0 +1,67 @@ +From aca1030d29f627314d13884ebc7b2c313d718df7 Mon Sep 17 00:00:00 2001 +From: Ovidiu Panait <ovidiu.panait@windriver.com> +Date: Wed, 13 Apr 2022 17:17:54 +0300 +Subject: [PATCH] sys/targets/targets.go: allow users to override hardcoded + cross-compilers + +Currently, cross compiler names are hardcoded for each os/arch combo. However, +toolchain tuples differ, especially when using vendor provided toolchains. +Allow users to specify the cross compiler for an os/arch combo using +SYZ_CC_<os>_<arch> environment variables. + +Also, remove hardcoded "-march=armv6" flag to fix compilation on arm. + +Upstream-Status: Inappropriate [embedded specific] + +Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> +--- + sys/targets/targets.go | 19 +++++++++++-------- + 1 file changed, 11 insertions(+), 8 deletions(-) + +diff --git a/sys/targets/targets.go b/sys/targets/targets.go +index f3be708f3..19a8bb681 100644 +--- a/sys/targets/targets.go ++++ b/sys/targets/targets.go +@@ -258,7 +258,6 @@ var List = map[string]map[string]*Target{ + PtrSize: 4, + PageSize: 4 << 10, + LittleEndian: true, +- CFlags: []string{"-D__LINUX_ARM_ARCH__=6", "-march=armv6"}, + Triple: "arm-linux-gnueabi", + KernelArch: "arm", + KernelHeaderArch: "arm", +@@ -670,12 +669,16 @@ func initTarget(target *Target, OS, arch string) { + for i := range target.CFlags { + target.replaceSourceDir(&target.CFlags[i], sourceDir) + } +- if OS == Linux && arch == runtime.GOARCH { +- // Don't use cross-compiler for native compilation, there are cases when this does not work: +- // https://github.com/google/syzkaller/pull/619 +- // https://github.com/google/syzkaller/issues/387 +- // https://github.com/google/syzkaller/commit/06db3cec94c54e1cf720cdd5db72761514569d56 +- target.Triple = "" ++ if OS == Linux { ++ if cc := os.Getenv("SYZ_CC_" + OS + "_" + arch); cc != "" { ++ target.CCompiler = cc ++ } else if arch == runtime.GOARCH { ++ // Don't use cross-compiler for native compilation, there are cases when this does not work: ++ // https://github.com/google/syzkaller/pull/619 ++ // https://github.com/google/syzkaller/issues/387 ++ // https://github.com/google/syzkaller/commit/06db3cec94c54e1cf720cdd5db72761514569d56 ++ target.Triple = "" ++ } + } + if target.CCompiler == "" { + target.setCompiler(useClang) +@@ -803,7 +806,7 @@ func (target *Target) lazyInit() { + // On CI we want to fail loudly if cross-compilation breaks. + // Also fail if SOURCEDIR_GOOS is set b/c in that case user probably assumes it will work. + if (target.OS != runtime.GOOS || !runningOnCI) && os.Getenv("SOURCEDIR_"+strings.ToUpper(target.OS)) == "" { +- if _, err := exec.LookPath(target.CCompiler); err != nil { ++ if _, err := exec.LookPath(strings.Fields(target.CCompiler)[0]); err != nil { + target.BrokenCompiler = fmt.Sprintf("%v is missing (%v)", target.CCompiler, err) + return + } +-- +2.25.1 + diff --git a/meta-openembedded/meta-oe/recipes-test/syzkaller/syzkaller_git.bb b/meta-openembedded/meta-oe/recipes-test/syzkaller/syzkaller_git.bb new file mode 100644 index 0000000000..f7c751f806 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-test/syzkaller/syzkaller_git.bb @@ -0,0 +1,73 @@ +DESCRIPTION = "syzkaller is an unsupervised coverage-guided kernel fuzzer" +LICENSE = "Apache-2.0" +LIC_FILES_CHKSUM = "file://src/${GO_IMPORT}/LICENSE;md5=5335066555b14d832335aa4660d6c376" + +inherit go-mod + +GO_IMPORT = "github.com/google/syzkaller" + +SRC_URI = "git://${GO_IMPORT};protocol=https;destsuffix=${BPN}-${PV}/src/${GO_IMPORT};branch=master \ + file://0001-sys-targets-targets.go-allow-users-to-override-hardc.patch;patchdir=src/${GO_IMPORT} \ + " +SRCREV = "67cb024cd1a3c95e311263a5c95e957f9abfd8ca" + +COMPATIBLE_HOST = "(x86_64|i.86|arm|aarch64).*-linux" + +B = "${S}/src/${GO_IMPORT}/bin" + +GO_EXTRA_LDFLAGS += ' -X ${GO_IMPORT}/prog.GitRevision=${SRCREV}' + +export GOHOSTFLAGS="${GO_LINKSHARED} ${GOBUILDFLAGS}" +export GOTARGETFLAGS="${GO_LINKSHARED} ${GOBUILDFLAGS}" +export TARGETOS = '${GOOS}' +export TARGETARCH = '${GOARCH}' +export TARGETVMARCH = '${GOARCH}' + +CGO_ENABLED = "0" + +DEPENDS:class-native += "qemu-system-native" + +do_compile:class-native() { + export HOSTOS="${GOHOSTOS}" + export HOSTARCH="${GOHOSTARCH}" + + oe_runmake HOSTGO="${GO}" host +} + +do_compile:class-target() { + export HOSTOS="${GOOS}" + export HOSTARCH="${GOARCH}" + export SYZ_CC_${TARGETOS}_${TARGETARCH}="${CC}" + + # Unset GOOS and GOARCH so that the correct syz-sysgen binary can be + # generated. Fixes: + # go install: cannot install cross-compiled binaries when GOBIN is set + unset GOOS + unset GOARCH + + oe_runmake GO="${GO}" CC="${CXX}" CFLAGS="${CXXFLAGS} ${LDFLAGS}" REV=${SRCREV} target +} + +do_install:class-native() { + SYZ_BINS_NATIVE="syz-manager syz-runtest syz-repro syz-mutate syz-prog2c \ + syz-db syz-upgrade" + + install -d ${D}${bindir} + + for i in ${SYZ_BINS_NATIVE}; do + install -m 0755 ${B}/${i} ${D}${bindir} + done +} + +do_install:class-target() { + SYZ_TARGET_DIR="${TARGETOS}_${TARGETARCH}" + SYZ_BINS_TARGET="syz-fuzzer syz-execprog syz-stress syz-executor" + + install -d ${D}${bindir}/${SYZ_TARGET_DIR} + + for i in ${SYZ_BINS_TARGET}; do + install -m 0755 ${B}/${SYZ_TARGET_DIR}/${i} ${D}${bindir}/${SYZ_TARGET_DIR} + done +} + +BBCLASSEXTEND += "native" diff --git a/meta-openembedded/meta-perl/README b/meta-openembedded/meta-perl/README index 13014b0ff3..01283226d5 100644 --- a/meta-openembedded/meta-perl/README +++ b/meta-openembedded/meta-perl/README @@ -52,7 +52,7 @@ Dependencies This layer depends on: URI: git://git.openembedded.org/openembedded-core - branch: master + branch: langdale Adding the meta-perl layer to your build --------------------------------------- @@ -73,14 +73,13 @@ Maintenance ----------- Send patches / pull requests to openembedded-devel@lists.openembedded.org with -'[meta-perl]' in the subject. +'[meta-perl][langdale]' in the subject. When sending single patches, please using something like: -git send-email -M -1 --to openembedded-devel@lists.openembedded.org --subject-prefix='meta-perl][PATCH' +git send-email -M -1 --to openembedded-devel@lists.openembedded.org --subject-prefix='meta-perl][langdale][PATCH' -Layer maintainers: - Hongxu Jia <hongxu.jia@windriver.com> - Tim "moto-timo" Orling <ticotimo@gmail.com> +Layer maintainers: Armin Kuster <akuster808@gmail.com> + License ------- diff --git a/meta-openembedded/meta-python/README b/meta-openembedded/meta-python/README index 36c193957c..d188471e83 100644 --- a/meta-openembedded/meta-python/README +++ b/meta-openembedded/meta-python/README @@ -13,11 +13,11 @@ The meta-python layer depends on: URI: git://git.openembedded.org/openembedded-core layers: meta - branch: master + branch: langdale URI: git://git.openembedded.org/meta-openembedded layers: meta-oe - branch: master + branch: langdale Contributing ------------------------- @@ -28,14 +28,12 @@ comments and patch review. It is subscriber only, so please register before posting. Send pull requests to openembedded-devel@lists.openembedded.org with -'[meta-python]' in the subject. +'[meta-python][langdale]' in the subject. When sending single patches, please use something like: -git send-email -M -1 --to=openembedded-devel@lists.openembedded.org --subject-prefix='meta-python][PATCH' +git send-email -M -1 --to=openembedded-devel@lists.openembedded.org --subject-prefix='meta-python][langdale][PATCH' Maintenance ------------------------- -Layer maintainers: - Tim "moto-timo" Orling <TicoTimo@gmail.com> - Derek Straka <derek@asterius.io> +Layer maintainers: Armin Kuster <akuster808@gmail.com> diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-pytest-json-report_1.5.0.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-pytest-json-report_1.5.0.bb new file mode 100644 index 0000000000..493c241df2 --- /dev/null +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-pytest-json-report_1.5.0.bb @@ -0,0 +1,18 @@ +SUMMARY = "pytest-json-report is a plugin that creates test reports as JSON" +HOMEPAGE = "https://github.com/numirias/pytest-json-report" +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://LICENSE;md5=8b4ca2f2ad5aaaebd8eb24f262f8fe60" + +SRC_URI[sha256sum] = "2dde3c647851a19b5f3700729e8310a6e66efb2077d674f27ddea3d34dc615de" + +PYPI_PACKAGE = "pytest-json-report" + +inherit pypi setuptools3 + +DEPENDS += "${PYTHON_PN}-setuptools-scm-native" + +RDEPENDS:${PN} = "\ + ${PYTHON_PN}-pytest \ + ${PYTHON_PN}-pytest-metadata \ +" + diff --git a/meta-openembedded/meta-webserver/README b/meta-openembedded/meta-webserver/README index d23f6cc65c..4a281b8089 100644 --- a/meta-openembedded/meta-webserver/README +++ b/meta-openembedded/meta-webserver/README @@ -13,13 +13,13 @@ This layer depends on: URI: git://git.openembedded.org/openembedded-core subdirectory: meta -branch: master +branch: langdale For some recipes, the meta-oe layer is required: URI: git://git.openembedded.org/meta-openembedded subdirectory: meta-oe -branch: master +branch: langdale @@ -50,9 +50,12 @@ Maintenance ----------- Send patches / pull requests to openembedded-devel@lists.openembedded.org -with '[meta-webserver]' in the subject. +with '[meta-webserver][langdale]' in the subject. -Layer maintainer: Derek Straka <derek@asterius.io> +When sending single patches, please using something like: +git send-email -M -1 --to openembedded-devel@lists.openembedded.org --subject-prefix='meta-webserver][langdale][PATCH' + +Layer maintainer: Armin Kuster <akuster808@gmail.com> License diff --git a/meta-openembedded/meta-xfce/README b/meta-openembedded/meta-xfce/README index 3d6158628f..6eeb0e60e4 100644 --- a/meta-openembedded/meta-xfce/README +++ b/meta-openembedded/meta-xfce/README @@ -1,10 +1,10 @@ This layer depends on: URI: git://git.openembedded.org/openembedded-core -branch: master +branch: langdale URI: git://git.openembedded.org/meta-openembedded -branch: master +branch: langdale meta-xfce depends on meta-oe, meta-gnome and meta-multimedia in this repository. @@ -13,10 +13,9 @@ this to local.conf: BBMASK = "meta-xfce/recipes-multimedia" -Send pull requests to openembedded-devel@lists.openembedded.org with '[meta-xfce]' in the subject' +Send pull requests to openembedded-devel@lists.openembedded.org with '[meta-xfce][langdale]' in the subject' When sending single patches, please using something like: -git send-email -M -1 --to openembedded-devel@lists.openembedded.org --subject-prefix='meta-xfce][PATCH' +git send-email -M -1 --to openembedded-devel@lists.openembedded.org --subject-prefix='meta-xfce][langdale][PATCH' -Layer maintainer: Kai Kang <kai.kang@windriver.com> -Layer maintainer: Andreas Müller <schnitzeltony@gmail.com> +Layer maintainer: Armin Kuster <akuster808@gmail.com> diff --git a/meta-security/kas/kas-security-base.yml b/meta-security/kas/kas-security-base.yml index a594fd7879..e7abb3c43e 100644 --- a/meta-security/kas/kas-security-base.yml +++ b/meta-security/kas/kas-security-base.yml @@ -34,9 +34,6 @@ local_conf_header: base: | CONF_VERSION = "2" SOURCE_MIRROR_URL = "http://downloads.yoctoproject.org/mirror/sources/" - SSTATE_MIRRORS = "file://.* http://sstate.yoctoproject.org/dev/PATH;downloadfilename=PATH \n" - BB_HASHSERVE = "auto" - BB_SIGNATURE_HANDLER = "OEEquivHash" INHERIT += "buildstats buildstats-summary buildhistory" INHERIT += "report-error" IMAGE_CLASSES += "testimage" @@ -59,10 +56,10 @@ local_conf_header: STOPTASKS,${DL_DIR},1G,100K \ STOPTASKS,${SSTATE_DIR},1G,100K \ STOPTASKS,/tmp,100M,100K \ - ABORT,${TMPDIR},100M,1K \ - ABORT,${DL_DIR},100M,1K \ - ABORT,${SSTATE_DIR},100M,1K \ - ABORT,/tmp,10M,1K" + HALT,${TMPDIR},100M,1K \ + HALT,${DL_DIR},100M,1K \ + HALT,${SSTATE_DIR},100M,1K \ + HALT,/tmp,10M,1K" bblayers_conf_header: base: | diff --git a/meta-security/meta-parsec/README.md b/meta-security/meta-parsec/README.md index 99935bcf8d..9b231f6b78 100644 --- a/meta-security/meta-parsec/README.md +++ b/meta-security/meta-parsec/README.md @@ -48,6 +48,7 @@ PKCS11 and MBED-CRYPTO providers build-in. - DISTRO_FEATURES contains "tmp2" and - "tpm-layer" (meta-tpm) is included in BBLAYERS +The trusted service provider depends on libts recipe from meta-arm layer. You can use PACKAGECONFIG for Parsec servic recipe to define what providers should be built in. For example: diff --git a/meta-security/meta-parsec/recipes-parsec/parsec-service/parsec-service_1.0.0.bb b/meta-security/meta-parsec/recipes-parsec/parsec-service/parsec-service_1.1.0.bb index 931abee5b9..218b776866 100644 --- a/meta-security/meta-parsec/recipes-parsec/parsec-service/parsec-service_1.0.0.bb +++ b/meta-security/meta-parsec/recipes-parsec/parsec-service/parsec-service_1.1.0.bb @@ -83,3 +83,8 @@ FILES:${PN} += " \ " require parsec-service_${PV}.inc + +# The QA check has been temporarily disabled. An issue has been created +# upstream to fix this. +# https://github.com/parallaxsecond/parsec/issues/645 +INSANE_SKIP:${PN}-dbg += "buildpaths" diff --git a/meta-security/meta-parsec/recipes-parsec/parsec-service/parsec-service_1.0.0.inc b/meta-security/meta-parsec/recipes-parsec/parsec-service/parsec-service_1.1.0.inc index b6934f8147..c04bcbd8b6 100644 --- a/meta-security/meta-parsec/recipes-parsec/parsec-service/parsec-service_1.0.0.inc +++ b/meta-security/meta-parsec/recipes-parsec/parsec-service/parsec-service_1.1.0.inc @@ -2,61 +2,59 @@ SRC_URI += " \ crate://crates.io/ahash/0.7.6 \ - crate://crates.io/aho-corasick/0.7.18 \ + crate://crates.io/aho-corasick/0.7.19 \ crate://crates.io/ansi_term/0.12.1 \ - crate://crates.io/anyhow/1.0.56 \ - crate://crates.io/arrayvec/0.5.2 \ + crate://crates.io/anyhow/1.0.64 \ + crate://crates.io/asn1-rs-derive/0.1.0 \ + crate://crates.io/asn1-rs-impl/0.1.0 \ + crate://crates.io/asn1-rs/0.3.1 \ crate://crates.io/atty/0.2.14 \ crate://crates.io/autocfg/1.1.0 \ - crate://crates.io/base64/0.12.3 \ crate://crates.io/base64/0.13.0 \ crate://crates.io/bincode/1.3.3 \ crate://crates.io/bindgen/0.57.0 \ crate://crates.io/bindgen/0.59.2 \ crate://crates.io/bitfield/0.13.2 \ crate://crates.io/bitflags/1.3.2 \ - crate://crates.io/bitvec/0.19.6 \ - crate://crates.io/bumpalo/3.9.1 \ - crate://crates.io/bytes/1.1.0 \ + crate://crates.io/bumpalo/3.11.0 \ + crate://crates.io/bytes/1.2.1 \ crate://crates.io/cc/1.0.73 \ crate://crates.io/cexpr/0.4.0 \ crate://crates.io/cexpr/0.6.0 \ crate://crates.io/cfg-if/1.0.0 \ - crate://crates.io/chrono/0.4.19 \ - crate://crates.io/clang-sys/1.3.1 \ + crate://crates.io/clang-sys/1.3.3 \ crate://crates.io/clap/2.34.0 \ crate://crates.io/cmake/0.1.45 \ - crate://crates.io/const-oid/0.6.2 \ + crate://crates.io/const-oid/0.7.1 \ crate://crates.io/cryptoauthlib-sys/0.2.2 \ - crate://crates.io/cryptoki-sys/0.1.3 \ - crate://crates.io/cryptoki/0.2.1 \ + crate://crates.io/cryptoki-sys/0.1.4 \ + crate://crates.io/cryptoki/0.3.0 \ crate://crates.io/data-encoding/2.3.2 \ - crate://crates.io/der-oid-macro/0.4.0 \ - crate://crates.io/der-parser/5.1.2 \ - crate://crates.io/der/0.4.5 \ + crate://crates.io/der-parser/7.0.0 \ + crate://crates.io/der/0.5.1 \ crate://crates.io/derivative/2.2.0 \ - crate://crates.io/either/1.6.1 \ - crate://crates.io/enumflags2/0.7.3 \ - crate://crates.io/enumflags2_derive/0.7.3 \ + crate://crates.io/displaydoc/0.2.3 \ + crate://crates.io/either/1.8.0 \ + crate://crates.io/enumflags2/0.7.5 \ + crate://crates.io/enumflags2_derive/0.7.4 \ crate://crates.io/env_logger/0.8.4 \ crate://crates.io/env_logger/0.9.0 \ crate://crates.io/fallible-iterator/0.2.0 \ crate://crates.io/fallible-streaming-iterator/0.1.9 \ - crate://crates.io/fastrand/1.7.0 \ + crate://crates.io/fastrand/1.8.0 \ crate://crates.io/fixedbitset/0.2.0 \ crate://crates.io/form_urlencoded/1.0.1 \ - crate://crates.io/funty/1.1.0 \ - crate://crates.io/futures-channel/0.3.21 \ - crate://crates.io/futures-core/0.3.21 \ - crate://crates.io/futures-executor/0.3.21 \ - crate://crates.io/futures-io/0.3.21 \ - crate://crates.io/futures-macro/0.3.21 \ - crate://crates.io/futures-sink/0.3.21 \ - crate://crates.io/futures-task/0.3.21 \ - crate://crates.io/futures-util/0.3.21 \ - crate://crates.io/futures/0.3.21 \ - crate://crates.io/generic-array/0.14.5 \ - crate://crates.io/getrandom/0.2.5 \ + crate://crates.io/futures-channel/0.3.24 \ + crate://crates.io/futures-core/0.3.24 \ + crate://crates.io/futures-executor/0.3.24 \ + crate://crates.io/futures-io/0.3.24 \ + crate://crates.io/futures-macro/0.3.24 \ + crate://crates.io/futures-sink/0.3.24 \ + crate://crates.io/futures-task/0.3.24 \ + crate://crates.io/futures-util/0.3.24 \ + crate://crates.io/futures/0.3.24 \ + crate://crates.io/generic-array/0.14.6 \ + crate://crates.io/getrandom/0.2.7 \ crate://crates.io/glob/0.3.0 \ crate://crates.io/grpcio-sys/0.9.1+1.38.0 \ crate://crates.io/grpcio/0.9.1 \ @@ -65,140 +63,134 @@ SRC_URI += " \ crate://crates.io/heck/0.3.3 \ crate://crates.io/hermit-abi/0.1.19 \ crate://crates.io/hex/0.4.3 \ - crate://crates.io/hostname-validator/1.1.0 \ + crate://crates.io/hostname-validator/1.1.1 \ crate://crates.io/humantime/2.1.0 \ crate://crates.io/idna/0.2.3 \ - crate://crates.io/indexmap/1.8.0 \ + crate://crates.io/indexmap/1.8.2 \ crate://crates.io/instant/0.1.12 \ crate://crates.io/itertools/0.10.3 \ - crate://crates.io/itoa/1.0.1 \ - crate://crates.io/js-sys/0.3.56 \ - crate://crates.io/jsonwebkey/0.3.2 \ - crate://crates.io/jsonwebtoken/7.2.0 \ + crate://crates.io/itoa/1.0.3 \ + crate://crates.io/js-sys/0.3.59 \ + crate://crates.io/jsonwebkey/0.3.5 \ + crate://crates.io/jsonwebtoken/8.1.1 \ crate://crates.io/lazy_static/1.4.0 \ crate://crates.io/lazycell/1.3.0 \ - crate://crates.io/lexical-core/0.7.6 \ - crate://crates.io/libc/0.2.120 \ + crate://crates.io/libc/0.2.132 \ crate://crates.io/libloading/0.7.3 \ crate://crates.io/libsqlite3-sys/0.23.2 \ - crate://crates.io/libz-sys/1.1.5 \ - crate://crates.io/lock_api/0.4.6 \ - crate://crates.io/log/0.4.14 \ + crate://crates.io/libz-sys/1.1.8 \ + crate://crates.io/lock_api/0.4.8 \ + crate://crates.io/log/0.4.17 \ crate://crates.io/matches/0.1.9 \ crate://crates.io/mbox/0.6.0 \ - crate://crates.io/memchr/2.4.1 \ + crate://crates.io/memchr/2.5.0 \ crate://crates.io/minimal-lexical/0.2.1 \ crate://crates.io/multimap/0.8.3 \ crate://crates.io/nom/5.1.2 \ - crate://crates.io/nom/6.1.2 \ crate://crates.io/nom/7.1.1 \ - crate://crates.io/num-bigint/0.2.6 \ - crate://crates.io/num-bigint/0.3.3 \ crate://crates.io/num-bigint/0.4.3 \ - crate://crates.io/num-complex/0.3.1 \ + crate://crates.io/num-complex/0.4.2 \ crate://crates.io/num-derive/0.3.3 \ - crate://crates.io/num-integer/0.1.44 \ - crate://crates.io/num-iter/0.1.42 \ - crate://crates.io/num-rational/0.3.2 \ - crate://crates.io/num-traits/0.2.14 \ - crate://crates.io/num/0.3.1 \ + crate://crates.io/num-integer/0.1.45 \ + crate://crates.io/num-iter/0.1.43 \ + crate://crates.io/num-rational/0.4.1 \ + crate://crates.io/num-traits/0.2.15 \ + crate://crates.io/num/0.4.0 \ crate://crates.io/num_cpus/1.13.1 \ - crate://crates.io/oid-registry/0.1.5 \ + crate://crates.io/num_threads/0.1.6 \ + crate://crates.io/oid-registry/0.4.0 \ crate://crates.io/oid/0.2.1 \ - crate://crates.io/once_cell/1.10.0 \ + crate://crates.io/once_cell/1.14.0 \ crate://crates.io/parking_lot/0.11.2 \ crate://crates.io/parking_lot_core/0.8.5 \ - crate://crates.io/parsec-interface/0.26.0 \ + crate://crates.io/parsec-interface/0.27.0 \ crate://crates.io/peeking_take_while/0.1.2 \ - crate://crates.io/pem/0.8.3 \ + crate://crates.io/pem/1.1.0 \ crate://crates.io/percent-encoding/2.1.0 \ - crate://crates.io/pest/2.1.3 \ + crate://crates.io/pest/2.3.0 \ crate://crates.io/petgraph/0.5.1 \ crate://crates.io/picky-asn1-der/0.2.5 \ crate://crates.io/picky-asn1-x509/0.6.1 \ crate://crates.io/picky-asn1/0.3.3 \ - crate://crates.io/pin-project-lite/0.2.8 \ + crate://crates.io/pin-project-lite/0.2.9 \ crate://crates.io/pin-utils/0.1.0 \ - crate://crates.io/pkcs8/0.7.6 \ - crate://crates.io/pkg-config/0.3.24 \ + crate://crates.io/pkcs8/0.8.0 \ + crate://crates.io/pkg-config/0.3.25 \ crate://crates.io/ppv-lite86/0.2.16 \ crate://crates.io/proc-macro-error-attr/1.0.4 \ crate://crates.io/proc-macro-error/1.0.4 \ - crate://crates.io/proc-macro2/1.0.36 \ + crate://crates.io/proc-macro2/1.0.43 \ crate://crates.io/prost-build/0.8.0 \ crate://crates.io/prost-derive/0.8.0 \ crate://crates.io/prost-types/0.8.0 \ crate://crates.io/prost/0.8.0 \ crate://crates.io/protobuf/2.27.1 \ - crate://crates.io/psa-crypto-sys/0.9.2 \ - crate://crates.io/psa-crypto/0.9.1 \ - crate://crates.io/quote/1.0.15 \ - crate://crates.io/radium/0.5.3 \ + crate://crates.io/psa-crypto-sys/0.9.3 \ + crate://crates.io/psa-crypto/0.9.2 \ + crate://crates.io/quote/1.0.21 \ crate://crates.io/rand/0.8.5 \ crate://crates.io/rand_chacha/0.3.1 \ crate://crates.io/rand_core/0.6.3 \ - crate://crates.io/redox_syscall/0.2.11 \ - crate://crates.io/regex-syntax/0.6.25 \ - crate://crates.io/regex/1.5.5 \ + crate://crates.io/redox_syscall/0.2.16 \ + crate://crates.io/regex-syntax/0.6.27 \ + crate://crates.io/regex/1.6.0 \ crate://crates.io/remove_dir_all/0.5.3 \ crate://crates.io/ring/0.16.20 \ crate://crates.io/rusqlite/0.26.3 \ crate://crates.io/rust-cryptoauthlib/0.4.5 \ crate://crates.io/rustc-hash/1.1.0 \ crate://crates.io/rustc_version/0.3.3 \ - crate://crates.io/rusticata-macros/3.2.0 \ - crate://crates.io/rustversion/1.0.6 \ - crate://crates.io/ryu/1.0.9 \ + crate://crates.io/rusticata-macros/4.1.0 \ + crate://crates.io/ryu/1.0.11 \ crate://crates.io/same-file/1.0.6 \ crate://crates.io/scopeguard/1.1.0 \ crate://crates.io/sd-notify/0.2.0 \ crate://crates.io/secrecy/0.7.0 \ crate://crates.io/semver-parser/0.10.2 \ crate://crates.io/semver/0.11.0 \ - crate://crates.io/serde/1.0.136 \ - crate://crates.io/serde_bytes/0.11.5 \ - crate://crates.io/serde_derive/1.0.136 \ - crate://crates.io/serde_json/1.0.79 \ + crate://crates.io/serde/1.0.144 \ + crate://crates.io/serde_bytes/0.11.7 \ + crate://crates.io/serde_derive/1.0.144 \ + crate://crates.io/serde_json/1.0.85 \ crate://crates.io/shlex/0.1.1 \ crate://crates.io/shlex/1.1.0 \ crate://crates.io/signal-hook-registry/1.4.0 \ - crate://crates.io/signal-hook/0.3.13 \ - crate://crates.io/simple_asn1/0.4.1 \ - crate://crates.io/simple_asn1/0.5.4 \ - crate://crates.io/slab/0.4.5 \ - crate://crates.io/smallvec/1.8.0 \ - crate://crates.io/spiffe/0.2.0 \ + crate://crates.io/signal-hook/0.3.14 \ + crate://crates.io/simple_asn1/0.6.2 \ + crate://crates.io/slab/0.4.7 \ + crate://crates.io/smallvec/1.9.0 \ + crate://crates.io/spiffe/0.2.1 \ crate://crates.io/spin/0.5.2 \ - crate://crates.io/spki/0.4.1 \ + crate://crates.io/spki/0.5.4 \ crate://crates.io/stable_deref_trait/1.2.0 \ - crate://crates.io/static_assertions/1.1.0 \ crate://crates.io/strsim/0.8.0 \ crate://crates.io/structopt-derive/0.4.18 \ crate://crates.io/structopt/0.3.26 \ crate://crates.io/strum_macros/0.21.1 \ - crate://crates.io/syn/1.0.88 \ + crate://crates.io/syn/1.0.99 \ crate://crates.io/synstructure/0.12.6 \ - crate://crates.io/tap/1.0.1 \ - crate://crates.io/target-lexicon/0.12.3 \ + crate://crates.io/target-lexicon/0.12.4 \ crate://crates.io/tempfile/3.3.0 \ crate://crates.io/termcolor/1.1.3 \ crate://crates.io/textwrap/0.11.0 \ - crate://crates.io/thiserror-impl/1.0.30 \ - crate://crates.io/thiserror/1.0.30 \ + crate://crates.io/thiserror-impl/1.0.33 \ + crate://crates.io/thiserror/1.0.33 \ crate://crates.io/threadpool/1.8.1 \ - crate://crates.io/time/0.1.44 \ - crate://crates.io/tinyvec/1.5.1 \ + crate://crates.io/time-macros/0.2.4 \ + crate://crates.io/time/0.3.14 \ + crate://crates.io/tinyvec/1.6.0 \ crate://crates.io/tinyvec_macros/0.1.0 \ - crate://crates.io/toml/0.5.8 \ + crate://crates.io/toml/0.5.9 \ crate://crates.io/tss-esapi-sys/0.3.0 \ - crate://crates.io/tss-esapi/7.0.1 \ + crate://crates.io/tss-esapi/7.1.0 \ crate://crates.io/typenum/1.15.0 \ - crate://crates.io/ucd-trie/0.1.3 \ - crate://crates.io/unicode-bidi/0.3.7 \ - crate://crates.io/unicode-normalization/0.1.19 \ + crate://crates.io/ucd-trie/0.1.4 \ + crate://crates.io/unicode-bidi/0.3.8 \ + crate://crates.io/unicode-ident/1.0.3 \ + crate://crates.io/unicode-normalization/0.1.21 \ crate://crates.io/unicode-segmentation/1.9.0 \ crate://crates.io/unicode-width/0.1.9 \ - crate://crates.io/unicode-xid/0.2.2 \ + crate://crates.io/unicode-xid/0.2.3 \ crate://crates.io/untrusted/0.7.1 \ crate://crates.io/url/2.2.2 \ crate://crates.io/users/0.11.0 \ @@ -208,22 +200,21 @@ SRC_URI += " \ crate://crates.io/version/3.0.0 \ crate://crates.io/version_check/0.9.4 \ crate://crates.io/walkdir/2.3.2 \ - crate://crates.io/wasi/0.10.0+wasi-snapshot-preview1 \ - crate://crates.io/wasm-bindgen-backend/0.2.79 \ - crate://crates.io/wasm-bindgen-macro-support/0.2.79 \ - crate://crates.io/wasm-bindgen-macro/0.2.79 \ - crate://crates.io/wasm-bindgen-shared/0.2.79 \ - crate://crates.io/wasm-bindgen/0.2.79 \ - crate://crates.io/web-sys/0.3.56 \ - crate://crates.io/which/4.2.4 \ + crate://crates.io/wasi/0.11.0+wasi-snapshot-preview1 \ + crate://crates.io/wasm-bindgen-backend/0.2.82 \ + crate://crates.io/wasm-bindgen-macro-support/0.2.82 \ + crate://crates.io/wasm-bindgen-macro/0.2.82 \ + crate://crates.io/wasm-bindgen-shared/0.2.82 \ + crate://crates.io/wasm-bindgen/0.2.82 \ + crate://crates.io/web-sys/0.3.59 \ + crate://crates.io/which/4.3.0 \ crate://crates.io/winapi-i686-pc-windows-gnu/0.4.0 \ crate://crates.io/winapi-util/0.1.5 \ crate://crates.io/winapi-x86_64-pc-windows-gnu/0.4.0 \ crate://crates.io/winapi/0.3.9 \ - crate://crates.io/wyz/0.2.0 \ - crate://crates.io/x509-parser/0.9.2 \ - crate://crates.io/yasna/0.3.2 \ - crate://crates.io/zeroize/1.3.0 \ + crate://crates.io/x509-parser/0.13.2 \ + crate://crates.io/yasna/0.4.0 \ + crate://crates.io/zeroize/1.5.7 \ crate://crates.io/zeroize_derive/1.3.2 \ " diff --git a/meta-security/meta-parsec/recipes-parsec/parsec-tool/parsec-tool_0.5.2.inc b/meta-security/meta-parsec/recipes-parsec/parsec-tool/parsec-tool_0.5.2.inc deleted file mode 100644 index d17ec25d73..0000000000 --- a/meta-security/meta-parsec/recipes-parsec/parsec-tool/parsec-tool_0.5.2.inc +++ /dev/null @@ -1,196 +0,0 @@ -# This file is created from parsec-tool repository Cargo.lock using cargo-bitbake tool - -SRC_URI += " \ - crate://crates.io/aho-corasick/0.7.18 \ - crate://crates.io/ansi_term/0.12.1 \ - crate://crates.io/anyhow/1.0.56 \ - crate://crates.io/arrayvec/0.5.2 \ - crate://crates.io/atty/0.2.14 \ - crate://crates.io/autocfg/1.1.0 \ - crate://crates.io/base64/0.12.3 \ - crate://crates.io/base64/0.13.0 \ - crate://crates.io/bincode/1.3.3 \ - crate://crates.io/bindgen/0.57.0 \ - crate://crates.io/bitflags/1.3.2 \ - crate://crates.io/bitvec/0.19.6 \ - crate://crates.io/block-buffer/0.9.0 \ - crate://crates.io/bumpalo/3.9.1 \ - crate://crates.io/bytes/1.1.0 \ - crate://crates.io/cc/1.0.73 \ - crate://crates.io/cexpr/0.4.0 \ - crate://crates.io/cfg-if/1.0.0 \ - crate://crates.io/chrono/0.4.19 \ - crate://crates.io/clang-sys/1.3.1 \ - crate://crates.io/clap/2.34.0 \ - crate://crates.io/clap/3.0.0-beta.5 \ - crate://crates.io/clap_derive/3.0.0-beta.5 \ - crate://crates.io/cmake/0.1.48 \ - crate://crates.io/const-oid/0.6.2 \ - crate://crates.io/cpufeatures/0.2.1 \ - crate://crates.io/data-encoding/2.3.2 \ - crate://crates.io/der-oid-macro/0.4.0 \ - crate://crates.io/der-parser/5.1.2 \ - crate://crates.io/der/0.4.5 \ - crate://crates.io/derivative/2.2.0 \ - crate://crates.io/digest/0.9.0 \ - crate://crates.io/either/1.6.1 \ - crate://crates.io/env_logger/0.8.4 \ - crate://crates.io/form_urlencoded/1.0.1 \ - crate://crates.io/funty/1.1.0 \ - crate://crates.io/futures-channel/0.3.21 \ - crate://crates.io/futures-core/0.3.21 \ - crate://crates.io/futures-executor/0.3.21 \ - crate://crates.io/futures-io/0.3.21 \ - crate://crates.io/futures-macro/0.3.21 \ - crate://crates.io/futures-sink/0.3.21 \ - crate://crates.io/futures-task/0.3.21 \ - crate://crates.io/futures-util/0.3.21 \ - crate://crates.io/futures/0.3.21 \ - crate://crates.io/generic-array/0.14.5 \ - crate://crates.io/glob/0.3.0 \ - crate://crates.io/grpcio-sys/0.9.1+1.38.0 \ - crate://crates.io/grpcio/0.9.1 \ - crate://crates.io/hashbrown/0.11.2 \ - crate://crates.io/heck/0.3.3 \ - crate://crates.io/hermit-abi/0.1.19 \ - crate://crates.io/humantime/2.1.0 \ - crate://crates.io/idna/0.2.3 \ - crate://crates.io/indexmap/1.8.0 \ - crate://crates.io/instant/0.1.12 \ - crate://crates.io/itertools/0.10.3 \ - crate://crates.io/itoa/1.0.1 \ - crate://crates.io/js-sys/0.3.56 \ - crate://crates.io/jsonwebkey/0.3.2 \ - crate://crates.io/jsonwebtoken/7.2.0 \ - crate://crates.io/lazy_static/1.4.0 \ - crate://crates.io/lazycell/1.3.0 \ - crate://crates.io/lexical-core/0.7.6 \ - crate://crates.io/libc/0.2.120 \ - crate://crates.io/libloading/0.7.3 \ - crate://crates.io/libz-sys/1.1.5 \ - crate://crates.io/lock_api/0.4.6 \ - crate://crates.io/log/0.4.14 \ - crate://crates.io/matches/0.1.9 \ - crate://crates.io/memchr/2.4.1 \ - crate://crates.io/nom/5.1.2 \ - crate://crates.io/nom/6.1.2 \ - crate://crates.io/num-bigint/0.2.6 \ - crate://crates.io/num-bigint/0.3.3 \ - crate://crates.io/num-bigint/0.4.3 \ - crate://crates.io/num-complex/0.3.1 \ - crate://crates.io/num-derive/0.3.3 \ - crate://crates.io/num-integer/0.1.44 \ - crate://crates.io/num-iter/0.1.42 \ - crate://crates.io/num-rational/0.3.2 \ - crate://crates.io/num-traits/0.2.14 \ - crate://crates.io/num/0.3.1 \ - crate://crates.io/num_threads/0.1.5 \ - crate://crates.io/oid-registry/0.1.5 \ - crate://crates.io/oid/0.2.1 \ - crate://crates.io/once_cell/1.10.0 \ - crate://crates.io/opaque-debug/0.3.0 \ - crate://crates.io/os_str_bytes/4.1.1 \ - crate://crates.io/parking_lot/0.11.2 \ - crate://crates.io/parking_lot_core/0.8.5 \ - crate://crates.io/parsec-client/0.14.0 \ - crate://crates.io/parsec-interface/0.26.0 \ - crate://crates.io/peeking_take_while/0.1.2 \ - crate://crates.io/pem/0.8.3 \ - crate://crates.io/pem/1.0.2 \ - crate://crates.io/percent-encoding/2.1.0 \ - crate://crates.io/picky-asn1-der/0.2.5 \ - crate://crates.io/picky-asn1-x509/0.6.1 \ - crate://crates.io/picky-asn1/0.3.3 \ - crate://crates.io/pin-project-lite/0.2.8 \ - crate://crates.io/pin-utils/0.1.0 \ - crate://crates.io/pkcs8/0.7.6 \ - crate://crates.io/pkg-config/0.3.24 \ - crate://crates.io/proc-macro-error-attr/1.0.4 \ - crate://crates.io/proc-macro-error/1.0.4 \ - crate://crates.io/proc-macro2/1.0.36 \ - crate://crates.io/prost-derive/0.8.0 \ - crate://crates.io/prost/0.8.0 \ - crate://crates.io/protobuf/2.27.1 \ - crate://crates.io/psa-crypto-sys/0.9.2 \ - crate://crates.io/psa-crypto/0.9.1 \ - crate://crates.io/quote/1.0.15 \ - crate://crates.io/radium/0.5.3 \ - crate://crates.io/rcgen/0.9.2 \ - crate://crates.io/redox_syscall/0.2.11 \ - crate://crates.io/regex-syntax/0.6.25 \ - crate://crates.io/regex/1.5.5 \ - crate://crates.io/ring/0.16.20 \ - crate://crates.io/rustc-hash/1.1.0 \ - crate://crates.io/rusticata-macros/3.2.0 \ - crate://crates.io/rustversion/1.0.6 \ - crate://crates.io/ryu/1.0.9 \ - crate://crates.io/same-file/1.0.6 \ - crate://crates.io/scopeguard/1.1.0 \ - crate://crates.io/secrecy/0.7.0 \ - crate://crates.io/serde/1.0.136 \ - crate://crates.io/serde_bytes/0.11.5 \ - crate://crates.io/serde_derive/1.0.136 \ - crate://crates.io/serde_json/1.0.79 \ - crate://crates.io/sha2/0.9.9 \ - crate://crates.io/shlex/0.1.1 \ - crate://crates.io/simple_asn1/0.4.1 \ - crate://crates.io/simple_asn1/0.5.4 \ - crate://crates.io/slab/0.4.5 \ - crate://crates.io/smallvec/1.8.0 \ - crate://crates.io/spiffe/0.2.0 \ - crate://crates.io/spin/0.5.2 \ - crate://crates.io/spki/0.4.1 \ - crate://crates.io/static_assertions/1.1.0 \ - crate://crates.io/strsim/0.10.0 \ - crate://crates.io/strsim/0.8.0 \ - crate://crates.io/structopt-derive/0.4.18 \ - crate://crates.io/structopt/0.3.26 \ - crate://crates.io/syn/1.0.89 \ - crate://crates.io/synstructure/0.12.6 \ - crate://crates.io/tap/1.0.1 \ - crate://crates.io/termcolor/1.1.3 \ - crate://crates.io/textwrap/0.11.0 \ - crate://crates.io/textwrap/0.14.2 \ - crate://crates.io/thiserror-impl/1.0.30 \ - crate://crates.io/thiserror/1.0.30 \ - crate://crates.io/time/0.1.44 \ - crate://crates.io/time/0.3.7 \ - crate://crates.io/tinyvec/1.5.1 \ - crate://crates.io/tinyvec_macros/0.1.0 \ - crate://crates.io/typenum/1.15.0 \ - crate://crates.io/unicase/2.6.0 \ - crate://crates.io/unicode-bidi/0.3.7 \ - crate://crates.io/unicode-normalization/0.1.19 \ - crate://crates.io/unicode-segmentation/1.9.0 \ - crate://crates.io/unicode-width/0.1.9 \ - crate://crates.io/unicode-xid/0.2.2 \ - crate://crates.io/untrusted/0.7.1 \ - crate://crates.io/url/2.2.2 \ - crate://crates.io/users/0.10.0 \ - crate://crates.io/uuid/0.8.2 \ - crate://crates.io/vcpkg/0.2.15 \ - crate://crates.io/vec_map/0.8.2 \ - crate://crates.io/version_check/0.9.4 \ - crate://crates.io/walkdir/2.3.2 \ - crate://crates.io/wasi/0.10.0+wasi-snapshot-preview1 \ - crate://crates.io/wasm-bindgen-backend/0.2.79 \ - crate://crates.io/wasm-bindgen-macro-support/0.2.79 \ - crate://crates.io/wasm-bindgen-macro/0.2.79 \ - crate://crates.io/wasm-bindgen-shared/0.2.79 \ - crate://crates.io/wasm-bindgen/0.2.79 \ - crate://crates.io/web-sys/0.3.56 \ - crate://crates.io/winapi-i686-pc-windows-gnu/0.4.0 \ - crate://crates.io/winapi-util/0.1.5 \ - crate://crates.io/winapi-x86_64-pc-windows-gnu/0.4.0 \ - crate://crates.io/winapi/0.3.9 \ - crate://crates.io/wyz/0.2.0 \ - crate://crates.io/x509-parser/0.9.2 \ - crate://crates.io/yasna/0.3.2 \ - crate://crates.io/yasna/0.5.0 \ - crate://crates.io/zeroize/1.3.0 \ - crate://crates.io/zeroize_derive/1.3.2 \ -" - -LIC_FILES_CHKSUM = " \ - file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57 \ -" diff --git a/meta-security/meta-parsec/recipes-parsec/parsec-tool/parsec-tool_0.5.2.bb b/meta-security/meta-parsec/recipes-parsec/parsec-tool/parsec-tool_0.5.4.bb index 6ecce8e883..0f620096a8 100644 --- a/meta-security/meta-parsec/recipes-parsec/parsec-tool/parsec-tool_0.5.2.bb +++ b/meta-security/meta-parsec/recipes-parsec/parsec-tool/parsec-tool_0.5.4.bb @@ -16,3 +16,8 @@ do_install() { } require parsec-tool_${PV}.inc + +# The QA check has been temporarily disabled. An issue has been created +# upstream to fix this. +# https://github.com/parallaxsecond/parsec-tool/issues/94 +INSANE_SKIP:${PN}-dbg += "buildpaths" diff --git a/meta-security/meta-parsec/recipes-parsec/parsec-tool/parsec-tool_0.5.4.inc b/meta-security/meta-parsec/recipes-parsec/parsec-tool/parsec-tool_0.5.4.inc new file mode 100644 index 0000000000..36d98d3c72 --- /dev/null +++ b/meta-security/meta-parsec/recipes-parsec/parsec-tool/parsec-tool_0.5.4.inc @@ -0,0 +1,176 @@ +# This file is created from parsec-tool repository Cargo.lock using cargo-bitbake tool + +SRC_URI += " \ + crate://crates.io/aho-corasick/0.7.19 \ + crate://crates.io/ansi_term/0.12.1 \ + crate://crates.io/anyhow/1.0.64 \ + crate://crates.io/asn1-rs-derive/0.1.0 \ + crate://crates.io/asn1-rs-impl/0.1.0 \ + crate://crates.io/asn1-rs/0.3.1 \ + crate://crates.io/atty/0.2.14 \ + crate://crates.io/autocfg/1.1.0 \ + crate://crates.io/base64/0.13.0 \ + crate://crates.io/bincode/1.3.3 \ + crate://crates.io/bindgen/0.57.0 \ + crate://crates.io/bitflags/1.3.2 \ + crate://crates.io/block-buffer/0.9.0 \ + crate://crates.io/bumpalo/3.11.0 \ + crate://crates.io/bytes/1.2.1 \ + crate://crates.io/cc/1.0.73 \ + crate://crates.io/cexpr/0.4.0 \ + crate://crates.io/cfg-if/1.0.0 \ + crate://crates.io/clang-sys/1.3.3 \ + crate://crates.io/clap/2.34.0 \ + crate://crates.io/cmake/0.1.45 \ + crate://crates.io/const-oid/0.7.1 \ + crate://crates.io/cpufeatures/0.2.5 \ + crate://crates.io/data-encoding/2.3.2 \ + crate://crates.io/der-parser/7.0.0 \ + crate://crates.io/der/0.5.1 \ + crate://crates.io/derivative/2.2.0 \ + crate://crates.io/digest/0.9.0 \ + crate://crates.io/displaydoc/0.2.3 \ + crate://crates.io/either/1.8.0 \ + crate://crates.io/env_logger/0.8.4 \ + crate://crates.io/form_urlencoded/1.1.0 \ + crate://crates.io/futures-channel/0.3.24 \ + crate://crates.io/futures-core/0.3.24 \ + crate://crates.io/futures-executor/0.3.24 \ + crate://crates.io/futures-io/0.3.24 \ + crate://crates.io/futures-macro/0.3.24 \ + crate://crates.io/futures-sink/0.3.24 \ + crate://crates.io/futures-task/0.3.24 \ + crate://crates.io/futures-util/0.3.24 \ + crate://crates.io/futures/0.3.24 \ + crate://crates.io/generic-array/0.14.6 \ + crate://crates.io/glob/0.3.0 \ + crate://crates.io/grpcio-sys/0.9.1+1.38.0 \ + crate://crates.io/grpcio/0.9.1 \ + crate://crates.io/heck/0.3.3 \ + crate://crates.io/hermit-abi/0.1.19 \ + crate://crates.io/humantime/2.1.0 \ + crate://crates.io/idna/0.3.0 \ + crate://crates.io/instant/0.1.12 \ + crate://crates.io/itertools/0.10.3 \ + crate://crates.io/itoa/1.0.3 \ + crate://crates.io/js-sys/0.3.59 \ + crate://crates.io/jsonwebkey/0.3.5 \ + crate://crates.io/jsonwebtoken/8.1.1 \ + crate://crates.io/lazy_static/1.4.0 \ + crate://crates.io/lazycell/1.3.0 \ + crate://crates.io/libc/0.2.132 \ + crate://crates.io/libloading/0.7.3 \ + crate://crates.io/libz-sys/1.1.8 \ + crate://crates.io/lock_api/0.4.8 \ + crate://crates.io/log/0.4.17 \ + crate://crates.io/memchr/2.5.0 \ + crate://crates.io/minimal-lexical/0.2.1 \ + crate://crates.io/nom/5.1.2 \ + crate://crates.io/nom/7.1.1 \ + crate://crates.io/num-bigint/0.4.3 \ + crate://crates.io/num-complex/0.4.2 \ + crate://crates.io/num-derive/0.3.3 \ + crate://crates.io/num-integer/0.1.45 \ + crate://crates.io/num-iter/0.1.43 \ + crate://crates.io/num-rational/0.4.1 \ + crate://crates.io/num-traits/0.2.15 \ + crate://crates.io/num/0.4.0 \ + crate://crates.io/num_threads/0.1.6 \ + crate://crates.io/oid-registry/0.4.0 \ + crate://crates.io/oid/0.2.1 \ + crate://crates.io/once_cell/1.14.0 \ + crate://crates.io/opaque-debug/0.3.0 \ + crate://crates.io/parking_lot/0.11.2 \ + crate://crates.io/parking_lot_core/0.8.5 \ + crate://crates.io/parsec-client/0.14.1 \ + crate://crates.io/parsec-interface/0.27.0 \ + crate://crates.io/peeking_take_while/0.1.2 \ + crate://crates.io/pem/1.1.0 \ + crate://crates.io/percent-encoding/2.2.0 \ + crate://crates.io/picky-asn1-der/0.2.5 \ + crate://crates.io/picky-asn1-x509/0.6.1 \ + crate://crates.io/picky-asn1/0.3.3 \ + crate://crates.io/pin-project-lite/0.2.9 \ + crate://crates.io/pin-utils/0.1.0 \ + crate://crates.io/pkcs8/0.8.0 \ + crate://crates.io/pkg-config/0.3.25 \ + crate://crates.io/proc-macro-error-attr/1.0.4 \ + crate://crates.io/proc-macro-error/1.0.4 \ + crate://crates.io/proc-macro2/1.0.43 \ + crate://crates.io/prost-derive/0.8.0 \ + crate://crates.io/prost/0.8.0 \ + crate://crates.io/protobuf/2.27.1 \ + crate://crates.io/psa-crypto-sys/0.9.3 \ + crate://crates.io/psa-crypto/0.9.2 \ + crate://crates.io/quote/1.0.21 \ + crate://crates.io/rcgen/0.9.3 \ + crate://crates.io/redox_syscall/0.2.16 \ + crate://crates.io/regex-syntax/0.6.27 \ + crate://crates.io/regex/1.6.0 \ + crate://crates.io/ring/0.16.20 \ + crate://crates.io/rustc-hash/1.1.0 \ + crate://crates.io/rusticata-macros/4.1.0 \ + crate://crates.io/ryu/1.0.11 \ + crate://crates.io/same-file/1.0.6 \ + crate://crates.io/scopeguard/1.1.0 \ + crate://crates.io/secrecy/0.7.0 \ + crate://crates.io/serde/1.0.144 \ + crate://crates.io/serde_bytes/0.11.7 \ + crate://crates.io/serde_derive/1.0.144 \ + crate://crates.io/serde_json/1.0.85 \ + crate://crates.io/sha2/0.9.9 \ + crate://crates.io/shlex/0.1.1 \ + crate://crates.io/simple_asn1/0.6.2 \ + crate://crates.io/slab/0.4.7 \ + crate://crates.io/smallvec/1.9.0 \ + crate://crates.io/spiffe/0.2.1 \ + crate://crates.io/spin/0.5.2 \ + crate://crates.io/spki/0.5.4 \ + crate://crates.io/strsim/0.8.0 \ + crate://crates.io/structopt-derive/0.4.18 \ + crate://crates.io/structopt/0.3.26 \ + crate://crates.io/syn/1.0.99 \ + crate://crates.io/synstructure/0.12.6 \ + crate://crates.io/termcolor/1.1.3 \ + crate://crates.io/textwrap/0.11.0 \ + crate://crates.io/thiserror-impl/1.0.34 \ + crate://crates.io/thiserror/1.0.34 \ + crate://crates.io/time-macros/0.2.3 \ + crate://crates.io/time/0.3.7 \ + crate://crates.io/tinyvec/1.6.0 \ + crate://crates.io/tinyvec_macros/0.1.0 \ + crate://crates.io/typenum/1.15.0 \ + crate://crates.io/unicode-bidi/0.3.8 \ + crate://crates.io/unicode-ident/1.0.3 \ + crate://crates.io/unicode-normalization/0.1.21 \ + crate://crates.io/unicode-segmentation/1.9.0 \ + crate://crates.io/unicode-width/0.1.9 \ + crate://crates.io/unicode-xid/0.2.3 \ + crate://crates.io/untrusted/0.7.1 \ + crate://crates.io/url/2.3.1 \ + crate://crates.io/users/0.11.0 \ + crate://crates.io/uuid/0.8.2 \ + crate://crates.io/vcpkg/0.2.15 \ + crate://crates.io/vec_map/0.8.2 \ + crate://crates.io/version_check/0.9.4 \ + crate://crates.io/walkdir/2.3.2 \ + crate://crates.io/wasm-bindgen-backend/0.2.82 \ + crate://crates.io/wasm-bindgen-macro-support/0.2.82 \ + crate://crates.io/wasm-bindgen-macro/0.2.82 \ + crate://crates.io/wasm-bindgen-shared/0.2.82 \ + crate://crates.io/wasm-bindgen/0.2.82 \ + crate://crates.io/web-sys/0.3.59 \ + crate://crates.io/winapi-i686-pc-windows-gnu/0.4.0 \ + crate://crates.io/winapi-util/0.1.5 \ + crate://crates.io/winapi-x86_64-pc-windows-gnu/0.4.0 \ + crate://crates.io/winapi/0.3.9 \ + crate://crates.io/x509-parser/0.13.2 \ + crate://crates.io/yasna/0.4.0 \ + crate://crates.io/yasna/0.5.0 \ + crate://crates.io/zeroize/1.5.7 \ + crate://crates.io/zeroize_derive/1.3.2 \ +" + +LIC_FILES_CHKSUM = " \ + file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57 \ +" diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-openssl/tpm2-openssl_1.1.0.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-openssl/tpm2-openssl_1.1.1.bb index 263ca2c36a..b6768719cb 100644 --- a/meta-security/meta-tpm/recipes-tpm2/tpm2-openssl/tpm2-openssl_1.1.0.bb +++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-openssl/tpm2-openssl_1.1.1.bb @@ -6,7 +6,7 @@ DEPENDS = "autoconf-archive-native tpm2-tss openssl" SRC_URI = "https://github.com/tpm2-software/${BPN}/releases/download/${PV}/${BPN}-${PV}.tar.gz" -SRC_URI[sha256sum] = "eedcc0b72ad6d232e6f9f55a780290c4d33a4d06efca9314f8a36d7384eb1dfc" +SRC_URI[sha256sum] = "5a9bb0c6c61d026272b8843cbc291b5dfa9a55c1661a513b1c980807ad2dad01" UPSTREAM_CHECK_URI = "https://github.com/tpm2-software/${BPN}/releases" diff --git a/poky/bitbake/doc/bitbake-user-manual/bitbake-user-manual-metadata.rst b/poky/bitbake/doc/bitbake-user-manual/bitbake-user-manual-metadata.rst index af9947199c..b533d9dc0e 100644 --- a/poky/bitbake/doc/bitbake-user-manual/bitbake-user-manual-metadata.rst +++ b/poky/bitbake/doc/bitbake-user-manual/bitbake-user-manual-metadata.rst @@ -330,7 +330,8 @@ Removal (Override Style Syntax) You can remove values from lists using the removal override style syntax. Specifying a value for removal causes all occurrences of that -value to be removed from the variable. +value to be removed from the variable. Unlike ":append" and ":prepend", +there is no need to add a leading or trailing space to the value. When you use this syntax, BitBake expects one or more strings. Surrounding spaces and spacing are preserved. Here is an example:: diff --git a/poky/bitbake/doc/bitbake-user-manual/bitbake-user-manual-ref-variables.rst b/poky/bitbake/doc/bitbake-user-manual/bitbake-user-manual-ref-variables.rst index 725e6c2cd5..3522d2b77b 100644 --- a/poky/bitbake/doc/bitbake-user-manual/bitbake-user-manual-ref-variables.rst +++ b/poky/bitbake/doc/bitbake-user-manual/bitbake-user-manual-ref-variables.rst @@ -484,29 +484,55 @@ overview of their function and contents. for it to work. :term:`BB_PRESSURE_MAX_CPU` - The threshold for maximum CPU pressure before BitBake prevents the - scheduling of new tasks. Once the :term:`BB_PRESSURE_MAX_CPU` threshold - is exceeded, new tasks are not started until the pressure subsides to - below the threshold. If :term:`BB_PRESSURE_MAX_CPU` is not set, CPU - pressure is not monitored. A threshold can be set in ``conf/local.conf`` - as:: + Specifies a maximum CPU pressure threshold, above which BitBake's + scheduler will not start new tasks (providing there is at least + one active task). If no value is set, CPU pressure is not + monitored when starting tasks. + + The pressure data is calculated based upon what Linux kernels since + version 4.20 expose under ``/proc/pressure``. The threshold represents + the difference in "total" pressure from the previous second. The + minimum value is 1.0 (extremely slow builds) and the maximum is + 1000000 (a pressure value unlikely to ever be reached). + + This threshold can be set in ``conf/local.conf`` as:: BB_PRESSURE_MAX_CPU = "500" :term:`BB_PRESSURE_MAX_IO` - The threshold for maximum IO pressure experienced before BitBake - prevents the scheduling of new tasks. The IO pressure is regulated in the - same way as :term:`BB_PRESSURE_MAX_CPU`. At this point in time, - experiments show that IO pressure tends to be short-lived and regulating - just the CPU can help to reduce it. + Specifies a maximum I/O pressure threshold, above which BitBake's + scheduler will not start new tasks (providing there is at least + one active task). If no value is set, I/O pressure is not + monitored when starting tasks. + + The pressure data is calculated based upon what Linux kernels since + version 4.20 expose under ``/proc/pressure``. The threshold represents + the difference in "total" pressure from the previous second. The + minimum value is 1.0 (extremely slow builds) and the maximum is + 1000000 (a pressure value unlikely to ever be reached). + + At this point in time, experiments show that IO pressure tends to + be short-lived and regulating just the CPU with + :term:`BB_PRESSURE_MAX_CPU` can help to reduce it. :term:`BB_PRESSURE_MAX_MEMORY` - The threshold for maximum memory pressure experienced before BitBake - prevents the scheduling of new tasks. The memory pressure is regulated in - the same way as :term:`BB_PRESSURE_MAX_CPU`. Note that any memory - pressure indicates that a system is being pushed beyond its capacity. At - this point in time, experiments show that memory pressure tends to be - short-lived and regulating just the CPU can help to reduce it. + + Specifies a maximum memory pressure threshold, above which BitBake's + scheduler will not start new tasks (providing there is at least + one active task). If no value is set, memory pressure is not + monitored when starting tasks. + + The pressure data is calculated based upon what Linux kernels since + version 4.20 expose under ``/proc/pressure``. The threshold represents + the difference in "total" pressure from the previous second. The + minimum value is 1.0 (extremely slow builds) and the maximum is + 1000000 (a pressure value unlikely to ever be reached). + + Memory pressure is experienced when time is spent swapping, + refaulting pages from the page cache or performing direct reclaim. + This is why memory pressure is rarely seen, but setting this variable + might be useful as a last resort to prevent OOM errors if they are + occurring during builds. :term:`BB_RUNFMT` Specifies the name of the executable script files (i.e. run files) diff --git a/poky/bitbake/lib/bb/tests/fetch.py b/poky/bitbake/lib/bb/tests/fetch.py index b4ed691f33..0af06e46e5 100644 --- a/poky/bitbake/lib/bb/tests/fetch.py +++ b/poky/bitbake/lib/bb/tests/fetch.py @@ -1331,12 +1331,14 @@ class URLHandle(unittest.TestCase): "cvs://anoncvs:anonymous@cvs.handhelds.org/cvs;tag=V0-99-81;module=familiar/dist/ipkg" : ('cvs', 'cvs.handhelds.org', '/cvs', 'anoncvs', 'anonymous', collections.OrderedDict([('tag', 'V0-99-81'), ('module', 'familiar/dist/ipkg')])), "git://git.openembedded.org/bitbake;branch=@foo" : ('git', 'git.openembedded.org', '/bitbake', '', '', {'branch': '@foo'}), "file://somelocation;someparam=1": ('file', '', 'somelocation', '', '', {'someparam': '1'}), + r'git://s.o-me_ONE:!#$%^&*()-_={}[]\|:?,.<>~`@git.openembedded.org/bitbake;branch=main': ('git', 'git.openembedded.org', '/bitbake', 's.o-me_ONE', r'!#$%^&*()-_={}[]\|:?,.<>~`', {'branch': 'main'}), } # we require a pathname to encodeurl but users can still pass such urls to # decodeurl and we need to handle them decodedata = datatable.copy() decodedata.update({ "http://somesite.net;someparam=1": ('http', 'somesite.net', '/', '', '', {'someparam': '1'}), + "npmsw://some.registry.url;package=@pkg;version=latest": ('npmsw', 'some.registry.url', '/', '', '', {'package': '@pkg', 'version': 'latest'}), }) def test_decodeurl(self): @@ -1869,7 +1871,7 @@ class GitShallowTest(FetcherTest): self.add_empty_file('bsub', cwd=smdir) self.git('submodule init', cwd=self.srcdir) - self.git('submodule add file://%s' % smdir, cwd=self.srcdir) + self.git('-c protocol.file.allow=always submodule add file://%s' % smdir, cwd=self.srcdir) self.git('submodule update', cwd=self.srcdir) self.git('commit -m submodule -a', cwd=self.srcdir) @@ -1899,7 +1901,7 @@ class GitShallowTest(FetcherTest): self.add_empty_file('bsub', cwd=smdir) self.git('submodule init', cwd=self.srcdir) - self.git('submodule add file://%s' % smdir, cwd=self.srcdir) + self.git('-c protocol.file.allow=always submodule add file://%s' % smdir, cwd=self.srcdir) self.git('submodule update', cwd=self.srcdir) self.git('commit -m submodule -a', cwd=self.srcdir) diff --git a/poky/bitbake/lib/bb/utils.py b/poky/bitbake/lib/bb/utils.py index e6e21e20fe..64a004d0d8 100644 --- a/poky/bitbake/lib/bb/utils.py +++ b/poky/bitbake/lib/bb/utils.py @@ -547,7 +547,12 @@ def md5_file(filename): Return the hex string representation of the MD5 checksum of filename. """ import hashlib - return _hasher(hashlib.new('MD5', usedforsecurity=False), filename) + try: + sig = hashlib.new('MD5', usedforsecurity=False) + except TypeError: + # Some configurations don't appear to support two arguments + sig = hashlib.new('MD5') + return _hasher(sig, filename) def sha256_file(filename): """ diff --git a/poky/bitbake/lib/ply/yacc.py b/poky/bitbake/lib/ply/yacc.py index 767c4e4674..381b50cf0b 100644 --- a/poky/bitbake/lib/ply/yacc.py +++ b/poky/bitbake/lib/ply/yacc.py @@ -2798,7 +2798,14 @@ class ParserReflect(object): def signature(self): try: import hashlib + except ImportError: + raise RuntimeError("Unable to import hashlib") + try: sig = hashlib.new('MD5', usedforsecurity=False) + except TypeError: + # Some configurations don't appear to support two arguments + sig = hashlib.new('MD5') + try: if self.start: sig.update(self.start.encode('latin-1')) if self.prec: diff --git a/poky/documentation/brief-yoctoprojectqs/index.rst b/poky/documentation/brief-yoctoprojectqs/index.rst index 7ae0ddc349..100022ceba 100644 --- a/poky/documentation/brief-yoctoprojectqs/index.rst +++ b/poky/documentation/brief-yoctoprojectqs/index.rst @@ -25,18 +25,11 @@ build a reference embedded OS called Poky. in the Yocto Project Development Tasks Manual for more information. - - You may use Windows Subsystem For Linux v2 to set up a build host - using Windows 10. - - .. note:: - - The Yocto Project is not compatible with WSLv1, it is - compatible but not officially supported nor validated with - WSLv2, if you still decide to use WSL please upgrade to WSLv2. - - See the :ref:`dev-manual/start:setting up to use windows - subsystem for linux (wslv2)` section in the Yocto Project Development - Tasks Manual for more information. + - You may use version 2 of Windows Subsystem For Linux (WSL 2) to set + up a build host using Windows 10 or later, Windows Server 2019 or later. + See the :ref:`dev-manual/start:setting up to use windows subsystem for + linux (wsl 2)` section in the Yocto Project Development Tasks Manual + for more information. If you want more conceptual or background information on the Yocto Project, see the :doc:`/overview-manual/index`. diff --git a/poky/documentation/dev-manual/start.rst b/poky/documentation/dev-manual/start.rst index 6816ce5846..23d5643d12 100644 --- a/poky/documentation/dev-manual/start.rst +++ b/poky/documentation/dev-manual/start.rst @@ -267,16 +267,16 @@ development using the Yocto Project. Your build host can be a native Linux machine (recommended), it can be a machine (Linux, Mac, or Windows) that uses `CROPS <https://github.com/crops/poky-container>`__, which leverages `Docker Containers <https://www.docker.com/>`__ or it -can be a Windows machine capable of running Windows Subsystem For Linux -v2 (WSL). +can be a Windows machine capable of running version 2 of Windows Subsystem +For Linux (WSL 2). .. note:: - The Yocto Project is not compatible with - `Windows Subsystem for Linux v1 <https://en.wikipedia.org/wiki/Windows_Subsystem_for_Linux>`__. - It is compatible but not officially supported nor validated with - WSLv2. If you still decide to use WSL please upgrade to - `WSLv2 <https://docs.microsoft.com/en-us/windows/wsl/install-win10>`__. + The Yocto Project is not compatible with version 1 of + `Windows Subsystem for Linux <https://en.wikipedia.org/wiki/Windows_Subsystem_for_Linux>`__. + It is compatible but neither officially supported nor validated with + WSL 2. If you still decide to use WSL please upgrade to + `WSL 2 <https://learn.microsoft.com/en-us/windows/wsl/install>`__. Once your build host is set up to use the Yocto Project, further steps are necessary depending on what you want to accomplish. See the @@ -441,35 +441,36 @@ Kit (eSDK) manual. If you are going to use the Toaster container, see the ":doc:`/toaster-manual/setup-and-use`" section in the Toaster User Manual. -Setting Up to Use Windows Subsystem For Linux (WSLv2) +Setting Up to Use Windows Subsystem For Linux (WSL 2) ----------------------------------------------------- -With `Windows Subsystem for Linux -(WSLv2) <https://docs.microsoft.com/en-us/windows/wsl/wsl2-about>`__, +With `Windows Subsystem for Linux (WSL 2) +<https://learn.microsoft.com/en-us/windows/wsl/>`__, you can create a Yocto Project development environment that allows you to build on Windows. You can set up a Linux distribution inside Windows in which you can develop using the Yocto Project. -Follow these general steps to prepare a Windows machine using WSLv2 as +Follow these general steps to prepare a Windows machine using WSL 2 as your Yocto Project build host: -1. *Make sure your Windows 10 machine is capable of running WSLv2:* - WSLv2 is only available for Windows 10 builds > 18917. To check which - build version you are running, you may open a command prompt on - Windows and execute the command "ver". - :: +1. *Make sure your Windows machine is capable of running WSL 2:* + + While all Windows 11 and Windows Server 2022 builds support WSL 2, + the first versions of Windows 10 and Windows Server 2019 didn't. + Check the minimum build numbers for `Windows 10 + <https://learn.microsoft.com/en-us/windows/wsl/install-manual#step-2---check-requirements-for-running-wsl-2>`__ + and for `Windows Server 2019 + <https://learn.microsoft.com/en-us/windows/wsl/install-on-server>`__. + + To check which build version you are running, you may open a command + prompt on Windows and execute the command "ver":: C:\Users\myuser> ver Microsoft Windows [Version 10.0.19041.153] - If your build is capable of running - WSLv2 you may continue, for more information on this subject or - instructions on how to upgrade to WSLv2 visit `Windows 10 - WSLv2 <https://docs.microsoft.com/en-us/windows/wsl/wsl2-install>`__ - -2. *Install the Linux distribution of your choice inside Windows 10:* - Once you know your version of Windows 10 supports WSLv2, you can +2. *Install the Linux distribution of your choice inside WSL 2:* + Once you know your version of Windows supports WSL 2, you can install the distribution of your choice from the Microsoft Store. Open the Microsoft Store and search for Linux. While there are several Linux distributions available, the assumption is that your @@ -478,31 +479,28 @@ your Yocto Project build host: making your selection, simply click "Get" to download and install the distribution. -3. *Check your Linux distribution is using WSLv2:* Open a Windows +3. *Check which Linux distribution WSL 2 is using:* Open a Windows PowerShell and run:: C:\WINDOWS\system32> wsl -l -v NAME STATE VERSION *Ubuntu Running 2 - Note the version column which says the WSL version - being used by your distribution, on compatible systems, this can be - changed back at any point in time. + Note that WSL 2 supports running as many different Linux distributions + as you want to install. -4. *Optionally Orient Yourself on WSL:* If you are unfamiliar with WSL, - you can learn more here - +4. *Optionally Get Familiar with WSL:* You can learn more on https://docs.microsoft.com/en-us/windows/wsl/wsl2-about. 5. *Launch your WSL Distibution:* From the Windows start menu simply launch your WSL distribution just like any other application. -6. *Optimize your WSLv2 storage often:* Due to the way storage is - handled on WSLv2, the storage space used by the underlying Linux +6. *Optimize your WSL 2 storage often:* Due to the way storage is + handled on WSL 2, the storage space used by the underlying Linux distribution is not reflected immediately, and since BitBake heavily uses storage, after several builds, you may be unaware you are - running out of space. WSLv2 uses a VHDX file for storage, this issue - can be easily avoided by manually optimizing this file often, this - can be done in the following way: + running out of space. As WSL 2 uses a VHDX file for storage, this issue + can be easily avoided by regularly optimizing this file in a manual way: 1. *Find the location of your VHDX file:* @@ -556,14 +554,14 @@ your Yocto Project build host: .. note:: - The current implementation of WSLv2 does not have out-of-the-box + The current implementation of WSL 2 does not have out-of-the-box access to external devices such as those connected through a USB port, but it automatically mounts your ``C:`` drive on ``/mnt/c/`` (and others), which you can use to share deploy artifacts to be later flashed on hardware through Windows, but your build directory should not reside inside this mountpoint. -Once you have WSLv2 set up, everything is in place to develop just as if +Once you have WSL 2 set up, everything is in place to develop just as if you were running on a native Linux machine. If you are going to use the Extensible SDK container, see the ":doc:`/sdk-manual/extensible`" Chapter in the Yocto Project Application Development and the Extensible Software Development diff --git a/poky/documentation/migration-guides/release-notes-4.1.rst b/poky/documentation/migration-guides/release-notes-4.1.rst index a2d4b3d6cb..d4ed23f63d 100644 --- a/poky/documentation/migration-guides/release-notes-4.1.rst +++ b/poky/documentation/migration-guides/release-notes-4.1.rst @@ -699,7 +699,60 @@ Thanks to the following people who contributed to this release: - Zheng Ruoqin - Zoltán Böszörményi - - Repositories / Downloads for 4.1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +poky + +- Repository Location: https://git.yoctoproject.org/git/poky +- Branch: :yocto_git:`langdale </poky/log/?h=langdale>` +- Tag: :yocto_git:`yocto-4.1 </poky/log/?h=yocto-4.1>` +- Git Revision: :yocto_git:`5200799866b92259e855051112520006e1aaaac0 </poky/commit/?id=5200799866b92259e855051112520006e1aaaac0>` +- Release Artefact: poky-5200799866b92259e855051112520006e1aaaac0 +- sha: 9d9a2f7ecf2502f89f43bf45d63e6b61cdcb95ed1d75c8281372f550d809c823 +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.1/poky-5200799866b92259e855051112520006e1aaaac0.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.1/poky-5200799866b92259e855051112520006e1aaaac0.tar.bz2 + +openembedded-core + +- Repository Location: https://git.openembedded.org/openembedded-core +- Branch: :oe_git:`langdale </openembedded-core/log/?h=langdale>` +- Tag: :oe_git:`yocto-4.1 </openembedded-core/log/?h=yocto-4.1>` +- Git Revision: :oe_git:`744a2277844ec9a384a9ca7dae2a634d5a0d3590 </openembedded-core/commit/?id=744a2277844ec9a384a9ca7dae2a634d5a0d3590>` +- Release Artefact: oecore-744a2277844ec9a384a9ca7dae2a634d5a0d3590 +- sha: 34f1fd5bb83514bf0ec8ad7f8cce088a8e28677e1338db94c188283da704c663 +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.1/oecore-744a2277844ec9a384a9ca7dae2a634d5a0d3590.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.1/oecore-744a2277844ec9a384a9ca7dae2a634d5a0d3590.tar.bz2 + +meta-mingw + +- Repository Location: https://git.yoctoproject.org/git/meta-mingw +- Branch: :yocto_git:`langdale </meta-mingw/log/?h=langdale>` +- Tag: :yocto_git:`yocto-4.1 </meta-mingw/log/?h=yocto-4.1>` +- Git Revision: :yocto_git:`b0067202db8573df3d23d199f82987cebe1bee2c </meta-mingw/commit/?id=b0067202db8573df3d23d199f82987cebe1bee2c>` +- Release Artefact: meta-mingw-b0067202db8573df3d23d199f82987cebe1bee2c +- sha: 704f2940322b81ce774e9cbd27c3cfa843111d497dc7b1eeaa39cd694d9a2366 +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.1/meta-mingw-b0067202db8573df3d23d199f82987cebe1bee2c.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.1/meta-mingw-b0067202db8573df3d23d199f82987cebe1bee2c.tar.bz2 + +bitbake + +- Repository Location: https://git.openembedded.org/bitbake +- Branch: :oe_git:`2.2 </bitbake/log/?h=2.2>` +- Tag: :oe_git:`yocto-4.1 </bitbake/log/?h=yocto-4.1>` +- Git Revision: :oe_git:`074da4c469d1f4177a1c5be72b9f3ccdfd379d67 </bitbake/commit/?id=074da4c469d1f4177a1c5be72b9f3ccdfd379d67>` +- Release Artefact: bitbake-074da4c469d1f4177a1c5be72b9f3ccdfd379d67 +- sha: e32c300e0c8522d8d49ef10aae473bd5f293202672eb9d38e90ed92594ed1fe8 +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.1/bitbake-074da4c469d1f4177a1c5be72b9f3ccdfd379d67.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.1/bitbake-074da4c469d1f4177a1c5be72b9f3ccdfd379d67.tar.bz2 + +yocto-docs + +- Repository Location: https://git.yoctoproject.org/git/yocto-docs +- Branch: :yocto_git:`langdale </yocto-docs/log/?h=langdale>` +- Tag: :yocto_git:`yocto-4.1 </yocto-docs/log/?h=yocto-4.1>` +- Git Revision: :yocto_git:`42d3e26a0d04bc5951e640b471686f347dc9b74a </yocto-docs/commit/?id=42d3e26a0d04bc5951e640b471686f347dc9b74a>` diff --git a/poky/documentation/overview-manual/yp-intro.rst b/poky/documentation/overview-manual/yp-intro.rst index 4e3b7c3250..8b476f43c4 100644 --- a/poky/documentation/overview-manual/yp-intro.rst +++ b/poky/documentation/overview-manual/yp-intro.rst @@ -584,20 +584,15 @@ Build Host runs, you have several choices. ":ref:`dev-manual/start:setting up to use cross platforms (crops)`" section in the Yocto Project Development Tasks Manual. -- *Windows Subsystem For Linux (WSLv2):* You may use Windows Subsystem - For Linux v2 to set up a Build Host using Windows 10. +- *Windows Subsystem For Linux (WSL 2):* You may use Windows Subsystem + For Linux version 2 to set up a Build Host using Windows 10 or later, + or Windows Server 2019 or later. - .. note:: - - The Yocto Project is not compatible with WSLv1, it is compatible - but not officially supported nor validated with WSLv2, if you - still decide to use WSL please upgrade to WSLv2. - - The Windows Subsystem For Linux allows Windows 10 to run a real Linux + The Windows Subsystem For Linux allows Windows to run a real Linux kernel inside of a lightweight virtual machine (VM). - For information on how to set up a Build Host with WSLv2, see the - ":ref:`dev-manual/start:setting up to use windows subsystem for linux (wslv2)`" + For information on how to set up a Build Host with WSL 2, see the + ":ref:`dev-manual/start:setting up to use windows subsystem for linux (wsl 2)`" section in the Yocto Project Development Tasks Manual. - *Toaster:* Regardless of what your Build Host is running, you can use diff --git a/poky/documentation/poky.yaml.in b/poky/documentation/poky.yaml.in index 6b942f0959..5639f3ca7a 100644 --- a/poky/documentation/poky.yaml.in +++ b/poky/documentation/poky.yaml.in @@ -1,10 +1,10 @@ -DISTRO : "4.0" -DISTRO_NAME_NO_CAP : "kirkstone" -DISTRO_NAME : "Kirkstone" -DISTRO_NAME_NO_CAP_MINUS_ONE : "honister" -DISTRO_NAME_NO_CAP_LTS : "dunfell" -YOCTO_DOC_VERSION : "4.0" -DISTRO_REL_TAG : "yocto-4.0" +DISTRO : "4.1" +DISTRO_NAME_NO_CAP : "langdale" +DISTRO_NAME : "Langdale" +DISTRO_NAME_NO_CAP_MINUS_ONE : "kirkstone" +DISTRO_NAME_NO_CAP_LTS : "kirkstone" +YOCTO_DOC_VERSION : "4.1" +DISTRO_REL_TAG : "yocto-4.1" DOCCONF_VERSION : "dev" BITBAKE_SERIES : "" YOCTO_DL_URL : "https://downloads.yoctoproject.org" diff --git a/poky/documentation/ref-manual/classes.rst b/poky/documentation/ref-manual/classes.rst index cd5a51695b..1880e44486 100644 --- a/poky/documentation/ref-manual/classes.rst +++ b/poky/documentation/ref-manual/classes.rst @@ -37,7 +37,7 @@ information. ``allarch.bbclass`` =================== -The ``allarch`` class is inherited by recipes that do not produce +The :ref:`allarch <ref-classes-allarch>` class is inherited by recipes that do not produce architecture-specific output. The class disables functionality that is normally needed for recipes that produce executable binaries (such as building the cross-compiler and a C library as pre-requisites, and @@ -49,7 +49,7 @@ splitting out of debug symbols during packaging). produce packages that depend on tunings through use of the :term:`RDEPENDS` and :term:`TUNE_PKGARCH` variables, should never be - configured for all architectures using ``allarch``. This is the case + configured for all architectures using :ref:`allarch <ref-classes-allarch>`. This is the case even if the recipes do not produce architecture-specific output. Configuring such recipes for all architectures causes the @@ -63,17 +63,17 @@ By default, all recipes inherit the :ref:`base <ref-classes-base>` and functionality needed for recipes that produce executable output. If your recipe, for example, only produces packages that contain configuration files, media files, or scripts (e.g. Python and Perl), then it should -inherit the ``allarch`` class. +inherit the :ref:`allarch <ref-classes-allarch>` class. .. _ref-classes-archiver: ``archiver.bbclass`` ==================== -The ``archiver`` class supports releasing source code and other +The :ref:`archiver <ref-classes-archiver>` class supports releasing source code and other materials with the binaries. -For more details on the source archiver, see the +For more details on the source :ref:`archiver <ref-classes-archiver>`, see the ":ref:`dev-manual/common-tasks:maintaining open source license compliance during your product's lifecycle`" section in the Yocto Project Development Tasks Manual. You can also see the :term:`ARCHIVER_MODE` variable for information @@ -84,7 +84,7 @@ about the variable flags (varflags) that help control archive creation. ``autotools*.bbclass`` ====================== -The ``autotools*`` classes support packages built with the +The :ref:`autotools* <ref-classes-autotools>` classes support packages built with the `GNU Autotools <https://en.wikipedia.org/wiki/GNU_Autotools>`__. The ``autoconf``, ``automake``, and ``libtool`` packages bring @@ -96,13 +96,13 @@ that emulates Autotools. For more information, see the ":ref:`dev-manual/common-tasks:autotooled package`" section in the Yocto Project Development Tasks Manual. -By default, the ``autotools*`` classes use out-of-tree builds (i.e. +By default, the :ref:`autotools* <ref-classes-autotools>` classes use out-of-tree builds (i.e. ``autotools.bbclass`` building with ``B != S``). If the software being built by a recipe does not support using out-of-tree builds, you should have the recipe inherit the -``autotools-brokensep`` class. The ``autotools-brokensep`` class behaves -the same as the ``autotools`` class but builds with :term:`B` +:ref:`autotools-brokensep <ref-classes-autotools>` class. The :ref:`autotools-brokensep <ref-classes-autotools>` class behaves +the same as the :ref:`autotools <ref-classes-autotools>` class but builds with :term:`B` == :term:`S`. This method is useful when out-of-tree build support is either not present or is broken. @@ -112,7 +112,7 @@ support is either not present or is broken. all possible. It's useful to have some idea of how the tasks defined by the -``autotools*`` classes work and what they do behind the scenes. +:ref:`autotools* <ref-classes-autotools>` classes work and what they do behind the scenes. - :ref:`ref-tasks-configure` --- regenerates the configure script (using ``autoreconf``) and then launches it with a @@ -133,7 +133,7 @@ It's useful to have some idea of how the tasks defined by the ``base.bbclass`` ================ -The ``base`` class is special in that every ``.bb`` file implicitly +The :ref:`base <ref-classes-base>` class is special in that every ``.bb`` file implicitly inherits the class. This class contains definitions for standard basic tasks such as fetching, unpacking, configuring (empty by default), compiling (runs any ``Makefile`` present), installing (empty by default) @@ -160,7 +160,7 @@ software that includes bash-completion data. ``bin_package.bbclass`` ======================= -The ``bin_package`` class is a helper class for recipes that extract the +The :ref:`bin_package <ref-classes-bin-package>` class is a helper class for recipes that extract the contents of a binary package (e.g. an RPM) and install those contents rather than building the binary from source. The binary package is extracted and new packages in the configured output package format are @@ -187,7 +187,7 @@ example use for this class. ``binconfig.bbclass`` ===================== -The ``binconfig`` class helps to correct paths in shell scripts. +The :ref:`binconfig <ref-classes-binconfig>` class helps to correct paths in shell scripts. Before ``pkg-config`` had become widespread, libraries shipped shell scripts to give information about the libraries and include paths needed @@ -219,7 +219,7 @@ the class. ``buildhistory.bbclass`` ======================== -The ``buildhistory`` class records a history of build output metadata, +The :ref:`buildhistory <ref-classes-buildhistory>` class records a history of build output metadata, which can be used to detect possible regressions as well as used for analysis of the build output. For more information on using Build History, see the @@ -231,7 +231,7 @@ section in the Yocto Project Development Tasks Manual. ``buildstats.bbclass`` ====================== -The ``buildstats`` class records performance statistics about each task +The :ref:`buildstats <ref-classes-buildstats>` class records performance statistics about each task executed during the build (e.g. elapsed time, CPU usage, and I/O usage). When you use this class, the output goes into the @@ -245,7 +245,7 @@ Collecting build statistics is enabled by default through the :term:`USER_CLASSES` variable from your ``local.conf`` file. Consequently, you do not have to do anything to enable the class. However, if you want to disable the class, simply -remove "buildstats" from the :term:`USER_CLASSES` list. +remove ":ref:`buildstats <ref-classes-buildstats>`" from the :term:`USER_CLASSES` list. .. _ref-classes-buildstats-summary: @@ -261,7 +261,7 @@ sstate re-use. In order to function, this class requires the ``ccache.bbclass`` ================== -The ``ccache`` class enables the C/C++ Compiler Cache for the build. +The :ref:`ccache <ref-classes-ccache>` class enables the C/C++ Compiler Cache for the build. This class is used to give a minor performance boost during the build. See https://ccache.samba.org/ for information on the C/C++ Compiler @@ -278,9 +278,9 @@ this class is not recommended. ``chrpath.bbclass`` =================== -The ``chrpath`` class is a wrapper around the "chrpath" utility, which -is used during the build process for ``nativesdk``, ``cross``, and -``cross-canadian`` recipes to change ``RPATH`` records within binaries +The :ref:`chrpath <ref-classes-chrpath>` class is a wrapper around the "chrpath" utility, which +is used during the build process for :ref:`nativesdk <ref-classes-nativesdk>`, :ref:`cross <ref-classes-cross>`, and +:ref:`cross-canadian <ref-classes-cross-canadian>` recipes to change ``RPATH`` records within binaries in order to make them relocatable. .. _ref-classes-cmake: @@ -288,7 +288,7 @@ in order to make them relocatable. ``cmake.bbclass`` ================= -The ``cmake`` class allows for recipes that need to build software using +The ref:`cmake <ref-classes-cmake>` class allows for recipes that need to build software using the `CMake <https://cmake.org/overview/>`__ build system. You can use the :term:`EXTRA_OECMAKE` variable to specify additional configuration options to be passed using the ``cmake`` @@ -305,7 +305,7 @@ Modules during ``cml1.bbclass`` ================ -The ``cml1`` class provides basic support for the Linux kernel style +The :ref:`cml1 <ref-classes-cml1>` class provides basic support for the Linux kernel style build configuration system. .. _ref-classes-compress_doc: @@ -323,8 +323,8 @@ but you can select an alternative mechanism by setting the ``copyleft_compliance.bbclass`` =============================== -The ``copyleft_compliance`` class preserves source code for the purposes -of license compliance. This class is an alternative to the ``archiver`` +The :ref:`copyleft_compliance <ref-classes-copyleft_compliance>` class preserves source code for the purposes +of license compliance. This class is an alternative to the :ref:`archiver <ref-classes-archiver>` class and is still used by some users even though it has been deprecated in favor of the :ref:`archiver <ref-classes-archiver>` class. @@ -343,7 +343,7 @@ class and is not intended to be used directly. ``core-image.bbclass`` ====================== -The ``core-image`` class provides common definitions for the +The :ref:`core-image <ref-classes-core-image>` class provides common definitions for the ``core-image-*`` image recipes, such as support for additional :term:`IMAGE_FEATURES`. @@ -352,7 +352,7 @@ The ``core-image`` class provides common definitions for the ``cpan*.bbclass`` ================= -The ``cpan*`` classes support Perl modules. +The :ref:`cpan* <ref-classes-cpan>` classes support Perl modules. Recipes for Perl modules are simple. These recipes usually only need to point to the source's archive and then inherit the proper class file. @@ -365,7 +365,7 @@ authors used. - Modules that use ``Build.PL``-based build system require using ``cpan_build.bbclass`` in their recipes. -Both build methods inherit the ``cpan-base`` class for basic Perl +Both build methods inherit the :ref:`cpan-base <ref-classes-cpan>` class for basic Perl support. .. _ref-classes-create-spdx: @@ -373,7 +373,7 @@ support. ``create-spdx.bbclass`` ======================= -The ``create-spdx`` class provides support for automatically creating +The :ref:`create-spdx <ref-classes-create-spdx>` class provides support for automatically creating SPDX SBoM documents based upon image and SDK contents. .. _ref-classes-cross: @@ -381,7 +381,7 @@ SPDX SBoM documents based upon image and SDK contents. ``cross.bbclass`` ================= -The ``cross`` class provides support for the recipes that build the +The :ref:`cross <ref-classes-cross>` class provides support for the recipes that build the cross-compilation tools. .. _ref-classes-cross-canadian: @@ -389,7 +389,7 @@ cross-compilation tools. ``cross-canadian.bbclass`` ========================== -The ``cross-canadian`` class provides support for the recipes that build +The :ref:`cross-canadian <ref-classes-cross-canadian>` class provides support for the recipes that build the Canadian Cross-compilation tools for SDKs. See the ":ref:`overview-manual/concepts:cross-development toolchain generation`" section in the Yocto Project Overview and Concepts Manual for more @@ -400,7 +400,7 @@ discussion on these cross-compilation tools. ``crosssdk.bbclass`` ==================== -The ``crosssdk`` class provides support for the recipes that build the +The :ref:`crosssdk <ref-classes-crosssdk>` class provides support for the recipes that build the cross-compilation tools used for building SDKs. See the ":ref:`overview-manual/concepts:cross-development toolchain generation`" section in the Yocto Project Overview and Concepts Manual for more @@ -411,7 +411,7 @@ discussion on these cross-compilation tools. ``cve-check.bbclass`` ===================== -The ``cve-check`` class looks for known CVEs (Common Vulnerabilities +The :ref:`cve-check <ref-classes-cve-check>` class looks for known CVEs (Common Vulnerabilities and Exposures) while building an image. This class is meant to be inherited globally from a configuration file:: @@ -427,7 +427,7 @@ section in the Development Tasks Manual. ``debian.bbclass`` ================== -The ``debian`` class renames output packages so that they follow the +The :ref:`debian <ref-classes-debian>` class renames output packages so that they follow the Debian naming policy (i.e. ``glibc`` becomes ``libc6`` and ``glibc-devel`` becomes ``libc6-dev``.) Renaming includes the library name and version as part of the package name. @@ -442,7 +442,7 @@ naming scheme. ``deploy.bbclass`` ================== -The ``deploy`` class handles deploying files to the +The :ref:`deploy <ref-classes-deploy>` class handles deploying files to the :term:`DEPLOY_DIR_IMAGE` directory. The main function of this class is to allow the deploy step to be accelerated by shared state. Recipes that inherit this class should define their own @@ -458,17 +458,17 @@ staging the files from :term:`DEPLOYDIR` to :term:`DEPLOY_DIR_IMAGE`. ``devshell.bbclass`` ==================== -The ``devshell`` class adds the :ref:`ref-tasks-devshell` task. Distribution +The :ref:`devshell <ref-classes-devshell>` class adds the :ref:`ref-tasks-devshell` task. Distribution policy dictates whether to include this class. See the ":ref:`dev-manual/common-tasks:using a development shell`" section in the Yocto Project Development Tasks Manual for more -information about using ``devshell``. +information about using :ref:`devshell <ref-classes-devshell>`. .. _ref-classes-devupstream: ``devupstream.bbclass`` ======================= -The ``devupstream`` class uses +The :ref:`devupstream <ref-classes-devupstream>` class uses :term:`BBCLASSEXTEND` to add a variant of the recipe that fetches from an alternative URI (e.g. Git) instead of a tarball. Following is an example:: @@ -490,10 +490,10 @@ Any development-specific adjustments can be done by using the The class currently only supports creating a development variant of the target -recipe, not ``native`` or ``nativesdk`` variants. +recipe, not :ref:`native <ref-classes-native>` or :ref:`nativesdk <ref-classes-nativesdk>` variants. The :term:`BBCLASSEXTEND` syntax (i.e. ``devupstream:target``) provides -support for ``native`` and ``nativesdk`` variants. Consequently, this +support for :ref:`native <ref-classes-native>` and :ref:`nativesdk <ref-classes-nativesdk>` variants. Consequently, this functionality can be added in a future release. Support for other version control systems such as Subversion is limited @@ -505,7 +505,7 @@ due to BitBake's automatic fetch dependencies (e.g. ``externalsrc.bbclass`` ======================= -The ``externalsrc`` class supports building software from source code +The :ref:`externalsrc <ref-classes-externalsrc>` class supports building software from source code that is external to the OpenEmbedded build system. Building software from an external source tree means that the build system's normal fetch, unpack, and patch process is not used. @@ -513,7 +513,7 @@ unpack, and patch process is not used. By default, the OpenEmbedded build system uses the :term:`S` and :term:`B` variables to locate unpacked recipe source code and to build it, respectively. When your recipe inherits the -``externalsrc`` class, you use the +:ref:`externalsrc <ref-classes-externalsrc>` class, you use the :term:`EXTERNALSRC` and :term:`EXTERNALSRC_BUILD` variables to ultimately define :term:`S` and :term:`B`. @@ -530,10 +530,10 @@ See these variables for more information: :term:`WORKDIR`, :term:`BPN`, and :term:`PV`, -For more information on the ``externalsrc`` class, see the comments in +For more information on the :ref:`externalsrc <ref-classes-externalsrc>` class, see the comments in ``meta/classes/externalsrc.bbclass`` in the :term:`Source Directory`. For information on how to use the -``externalsrc`` class, see the +:ref:`externalsrc <ref-classes-externalsrc>` class, see the ":ref:`dev-manual/common-tasks:building software from an external source`" section in the Yocto Project Development Tasks Manual. @@ -542,7 +542,7 @@ section in the Yocto Project Development Tasks Manual. ``extrausers.bbclass`` ====================== -The ``extrausers`` class allows additional user and group configuration +The :ref:`extrausers <ref-classes-extrausers>` class allows additional user and group configuration to be applied at the image level. Inheriting this class either globally or from an image recipe allows additional user and group operations to be performed using the @@ -604,7 +604,7 @@ Finally, here is an example that sets the root password:: ``features_check.bbclass`` ================================= -The ``features_check`` class allows individual recipes to check +The :ref:`features_check <ref-classes-features_check>` class allows individual recipes to check for required and conflicting :term:`DISTRO_FEATURES`, :term:`MACHINE_FEATURES` or :term:`COMBINED_FEATURES`. @@ -630,7 +630,7 @@ triggered. ``fontcache.bbclass`` ===================== -The ``fontcache`` class generates the proper post-install and +The :ref:`fontcache <ref-classes-fontcache>` class generates the proper post-install and post-remove (postinst and postrm) scriptlets for font packages. These scriptlets call ``fc-cache`` (part of ``Fontconfig``) to add the fonts to the font information cache. Since the cache files are @@ -646,9 +646,9 @@ packages containing the fonts. ``fs-uuid.bbclass`` =================== -The ``fs-uuid`` class extracts UUID from +The :ref:`fs-uuid <ref-classes-fs-uuid>` class extracts UUID from ``${``\ :term:`ROOTFS`\ ``}``, which must have been built -by the time that this function gets called. The ``fs-uuid`` class only +by the time that this function gets called. The :ref:`fs-uuid <ref-classes-fs-uuid>` class only works on ``ext`` file systems and depends on ``tune2fs``. .. _ref-classes-gconf: @@ -656,7 +656,7 @@ works on ``ext`` file systems and depends on ``tune2fs``. ``gconf.bbclass`` ================= -The ``gconf`` class provides common functionality for recipes that need +The :ref:`gconf <ref-classes-gconf>` class provides common functionality for recipes that need to install GConf schemas. The schemas will be put into a separate package (``${``\ :term:`PN`\ ``}-gconf``) that is created automatically when this class is inherited. This package uses the @@ -668,7 +668,7 @@ register and unregister the schemas in the target image. ``gettext.bbclass`` =================== -The ``gettext`` class provides support for building software that uses +The :ref:`gettext <ref-classes-gettext>` class provides support for building software that uses the GNU ``gettext`` internationalization and localization system. All recipes building software that use ``gettext`` should inherit this class. @@ -678,11 +678,11 @@ class. ``github-releases`` =================== -For recipes that fetch release tarballs from github, the ``github-releases`` +For recipes that fetch release tarballs from github, the :ref:`github-releases <ref-classes-github-releases>` class sets up a standard way for checking available upstream versions (to support ``devtool upgrade`` and the Automated Upgrade Helper (AUH)). -To use it, add ``github-releases`` to the inherit line in the recipe, +To use it, add ":ref:`github-releases <ref-classes-github-releases>`" to the inherit line in the recipe, and if the default value of :term:`GITHUB_BASE_URI` is not suitable, then set your own value in the recipe. You should then use ``${GITHUB_BASE_URI}`` in the value you set for :term:`SRC_URI` within the recipe. @@ -692,7 +692,7 @@ in the value you set for :term:`SRC_URI` within the recipe. ``gnomebase.bbclass`` ===================== -The ``gnomebase`` class is the base class for recipes that build +The :ref:`gnomebase <ref-classes-gnomebase>` class is the base class for recipes that build software from the GNOME stack. This class sets :term:`SRC_URI` to download the source from the GNOME mirrors as well as extending :term:`FILES` with the typical @@ -721,7 +721,7 @@ introspection. This functionality is only enabled if the ``grub-efi.bbclass`` ==================== -The ``grub-efi`` class provides ``grub-efi``-specific functions for +The :ref:`grub-efi <ref-classes-grub-efi>` class provides ``grub-efi``-specific functions for building bootable images. This class supports several variables: @@ -753,7 +753,7 @@ This class supports several variables: ``gsettings.bbclass`` ===================== -The ``gsettings`` class provides common functionality for recipes that +The :ref:`gsettings <ref-classes-gsettings>` class provides common functionality for recipes that need to install GSettings (glib) schemas. The schemas are assumed to be part of the main package. Appropriate post-install and post-remove (postinst/postrm) scriptlets are added to register and unregister the @@ -764,7 +764,7 @@ schemas in the target image. ``gtk-doc.bbclass`` =================== -The ``gtk-doc`` class is a helper class to pull in the appropriate +The :ref:`gtk-doc <ref-classes-gtk-doc>` class is a helper class to pull in the appropriate ``gtk-doc`` dependencies and disable ``gtk-doc``. .. _ref-classes-gtk-icon-cache: @@ -772,7 +772,7 @@ The ``gtk-doc`` class is a helper class to pull in the appropriate ``gtk-icon-cache.bbclass`` ========================== -The ``gtk-icon-cache`` class generates the proper post-install and +The :ref:`gtk-icon-cache <ref-classes-gtk-icon-cache>` class generates the proper post-install and post-remove (postinst/postrm) scriptlets for packages that use GTK+ and install icons. These scriptlets call ``gtk-update-icon-cache`` to add the fonts to GTK+'s icon cache. Since the cache files are @@ -785,7 +785,7 @@ creation. ``gtk-immodules-cache.bbclass`` =============================== -The ``gtk-immodules-cache`` class generates the proper post-install and +The :ref:`gtk-immodules-cache <ref-classes-gtk-immodules-cache>` class generates the proper post-install and post-remove (postinst/postrm) scriptlets for packages that install GTK+ input method modules for virtual keyboards. These scriptlets call ``gtk-update-icon-cache`` to add the input method modules to the cache. @@ -803,7 +803,7 @@ the packages containing the modules. ``gzipnative.bbclass`` ====================== -The ``gzipnative`` class enables the use of different native versions of +The :ref:`gzipnative <ref-classes-gzipnative>` class enables the use of different native versions of ``gzip`` and ``pigz`` rather than the versions of these tools from the build host. @@ -812,7 +812,7 @@ build host. ``icecc.bbclass`` ================= -The ``icecc`` class supports +The :ref:`icecc <ref-classes-icecc>` class supports `Icecream <https://github.com/icecc/icecream>`__, which facilitates taking compile jobs and distributing them among remote machines. @@ -860,13 +860,13 @@ Additionally, you can list recipes using the your ``local.conf`` file to force ``icecc`` to be enabled for recipes using an empty :term:`PARALLEL_MAKE` variable. -Inheriting the ``icecc`` class changes all sstate signatures. +Inheriting the :ref:`icecc <ref-classes-icecc>` class changes all sstate signatures. Consequently, if a development team has a dedicated build system that populates :term:`SSTATE_MIRRORS` and they want to reuse sstate from :term:`SSTATE_MIRRORS`, then all developers and the build -system need to either inherit the ``icecc`` class or nobody should. +system need to either inherit the :ref:`icecc <ref-classes-icecc>` class or nobody should. -At the distribution level, you can inherit the ``icecc`` class to be +At the distribution level, you can inherit the :ref:`icecc <ref-classes-icecc>` class to be sure that all builders start with the same sstate signatures. After inheriting the class, you can then disable the feature by setting the :term:`ICECC_DISABLED` variable to "1" as follows:: @@ -886,7 +886,7 @@ individually as follows in your ``local.conf`` file:: ``image.bbclass`` ================= -The ``image`` class helps support creating images in different formats. +The :ref:`image <ref-classes-image>` class helps support creating images in different formats. First, the root filesystem is created from packages using one of the ``rootfs*.bbclass`` files (depending on the package format used) and then one or more image files are created. @@ -909,7 +909,7 @@ Yocto Project Overview and Concepts Manual. ``image-buildinfo.bbclass`` =========================== -The ``image-buildinfo`` class writes a plain text file containing +The :ref:`image-buildinfo <ref-classes-image-buildinfo>` class writes a plain text file containing build information to the target filesystem at ``${sysconfdir}/buildinfo`` by default (as specified by :term:`IMAGE_BUILDINFO_FILE`. This can be useful for manually determining the origin of any given @@ -931,14 +931,14 @@ to ``/buildinfo`` by default (as specified by ``image_types.bbclass`` ======================= -The ``image_types`` class defines all of the standard image output types +The :ref:`image_types <ref-classes-image_types>` class defines all of the standard image output types that you can enable through the :term:`IMAGE_FSTYPES` variable. You can use this class as a reference on how to add support for custom image output types. By default, the :ref:`image <ref-classes-image>` class automatically -enables the ``image_types`` class. The ``image`` class uses the +enables the :ref:`image_types <ref-classes-image_types>` class. The :ref:`image <ref-classes-image>` class uses the ``IMGCLASSES`` variable as follows:: IMGCLASSES = "rootfs_${IMAGE_PKGTYPE} image_types ${IMAGE_CLASSES}" @@ -950,7 +950,7 @@ enables the ``image_types`` class. The ``image`` class uses the IMGCLASSES += "image-postinst-intercepts" inherit ${IMGCLASSES} -The ``image_types`` class also handles conversion and compression of images. +The :ref:`image_types <ref-classes-image_types>` class also handles conversion and compression of images. .. note:: @@ -976,7 +976,7 @@ Normally, you do not use this class directly. Instead, you add "live" to ``insane.bbclass`` ================== -The ``insane`` class adds a step to the package generation process so +The :ref:`insane <ref-classes-insane>` class adds a step to the package generation process so that output quality assurance checks are generated by the OpenEmbedded build system. A range of checks are performed that check the build's output for common problems that show up during runtime. Distribution @@ -1276,7 +1276,7 @@ Here are the tests you can list with the :term:`WARN_QA` and ``insserv.bbclass`` =================== -The ``insserv`` class uses the ``insserv`` utility to update the order +The :ref:`insserv <ref-classes-insserv>` class uses the ``insserv`` utility to update the order of symbolic links in ``/etc/rc?.d/`` within an image based on dependencies specified by LSB headers in the ``init.d`` scripts themselves. @@ -1286,7 +1286,7 @@ themselves. ``kernel.bbclass`` ================== -The ``kernel`` class handles building Linux kernels. The class contains +The :ref:`kernel <ref-classes-kernel>` class handles building Linux kernels. The class contains code to build all kernel trees. All needed headers are staged into the :term:`STAGING_KERNEL_DIR` directory to allow out-of-tree module builds using the :ref:`module <ref-classes-module>` class. @@ -1297,13 +1297,13 @@ If all modules are required, then installing the ``kernel-modules`` package installs all packages with modules and various other kernel packages such as ``kernel-vmlinux``. -The ``kernel`` class contains logic that allows you to embed an initial +The :ref:`kernel <ref-classes-kernel>` class contains logic that allows you to embed an initial RAM filesystem (:term:`Initramfs`) image when you build the kernel image. For information on how to build an :term:`Initramfs`, see the ":ref:`dev-manual/common-tasks:building an initial ram filesystem (Initramfs) image`" section in the Yocto Project Development Tasks Manual. -Various other classes are used by the ``kernel`` and ``module`` classes +Various other classes are used by the :ref:`kernel <ref-classes-kernel>` and :ref:`module <ref-classes-module>` classes internally including the :ref:`kernel-arch <ref-classes-kernel-arch>`, :ref:`module-base <ref-classes-module-base>`, and :ref:`linux-kernel-base <ref-classes-linux-kernel-base>` classes. @@ -1313,7 +1313,7 @@ internally including the :ref:`kernel-arch <ref-classes-kernel-arch>`, ``kernel-arch.bbclass`` ======================= -The ``kernel-arch`` class sets the ``ARCH`` environment variable for +The :ref:`kernel-arch <ref-classes-kernel-arch>` class sets the ``ARCH`` environment variable for Linux kernel compilation (including modules). .. _ref-classes-kernel-devicetree: @@ -1321,7 +1321,7 @@ Linux kernel compilation (including modules). ``kernel-devicetree.bbclass`` ============================= -The ``kernel-devicetree`` class, which is inherited by the +The :ref:`kernel-devicetree <ref-classes-kernel-devicetree>` class, which is inherited by the :ref:`kernel <ref-classes-kernel>` class, supports device tree generation. @@ -1330,11 +1330,11 @@ generation. ``kernel-fitimage.bbclass`` =========================== -The ``kernel-fitimage`` class provides support to pack a kernel image, +The :ref:`kernel-fitimage <ref-classes-kernel-fitimage>` class provides support to pack a kernel image, device trees, a U-boot script, a Initramfs bundle and a RAM disk into a single FIT image. In theory, a FIT image can support any number of kernels, U-boot scripts, Initramfs bundles, RAM disks and device-trees. -However, ``kernel-fitimage`` currently only supports +However, :ref:`kernel-fitimage <ref-classes-kernel-fitimage>` currently only supports limited usecases: just one kernel image, an optional U-boot script, an optional Initramfs bundle, an optional RAM disk, and any number of device tree. @@ -1348,19 +1348,19 @@ when creating the FIT image are specified using the :term:`UBOOT_MKIMAGE_DTCOPTS` variable. Only a single kernel can be added to the FIT image created by -``kernel-fitimage`` and the kernel image in FIT is mandatory. The +:ref:`kernel-fitimage <ref-classes-kernel-fitimage>` and the kernel image in FIT is mandatory. The address where the kernel image is to be loaded by U-Boot is specified by :term:`UBOOT_LOADADDRESS` and the entrypoint by :term:`UBOOT_ENTRYPOINT`. Multiple device trees can be added to the FIT image created by -``kernel-fitimage`` and the device tree is optional. +:ref:`kernel-fitimage <ref-classes-kernel-fitimage>` and the device tree is optional. The address where the device tree is to be loaded by U-Boot is specified by :term:`UBOOT_DTBO_LOADADDRESS` for device tree overlays and by :term:`UBOOT_DTB_LOADADDRESS` for device tree binaries. Only a single RAM disk can be added to the FIT image created by -``kernel-fitimage`` and the RAM disk in FIT is optional. +:ref:`kernel-fitimage <ref-classes-kernel-fitimage>` and the RAM disk in FIT is optional. The address where the RAM disk image is to be loaded by U-Boot is specified by :term:`UBOOT_RD_LOADADDRESS` and the entrypoint by :term:`UBOOT_RD_ENTRYPOINT`. The ramdisk is added to FIT image when @@ -1368,7 +1368,7 @@ is specified by :term:`UBOOT_RD_LOADADDRESS` and the entrypoint by is set to 0. Only a single Initramfs bundle can be added to the FIT image created by -``kernel-fitimage`` and the Initramfs bundle in FIT is optional. +:ref:`kernel-fitimage <ref-classes-kernel-fitimage>` and the Initramfs bundle in FIT is optional. In case of Initramfs, the kernel is configured to be bundled with the root filesystem in the same binary (example: zImage-initramfs-:term:`MACHINE`.bin). When the kernel is copied to RAM and executed, it unpacks the Initramfs root filesystem. @@ -1378,21 +1378,21 @@ The address where the Initramfs bundle is to be loaded by U-boot is specified by :term:`UBOOT_LOADADDRESS` and the entrypoint by :term:`UBOOT_ENTRYPOINT`. Only a single U-boot boot script can be added to the FIT image created by -``kernel-fitimage`` and the boot script is optional. +:ref:`kernel-fitimage <ref-classes-kernel-fitimage>` and the boot script is optional. The boot script is specified in the ITS file as a text file containing U-boot commands. When using a boot script the user should configure the U-boot :ref:`ref-tasks-install` task to copy the script to sysroot. -So the script can be included in the FIT image by the ``kernel-fitimage`` +So the script can be included in the FIT image by the :ref:`kernel-fitimage <ref-classes-kernel-fitimage>` class. At run-time, U-boot CONFIG_BOOTCOMMAND define can be configured to load the boot script from the FIT image and executes it. -The FIT image generated by ``kernel-fitimage`` class is signed when the +The FIT image generated by :ref:`kernel-fitimage <ref-classes-kernel-fitimage>` class is signed when the variables :term:`UBOOT_SIGN_ENABLE`, :term:`UBOOT_MKIMAGE_DTCOPTS`, :term:`UBOOT_SIGN_KEYDIR` and :term:`UBOOT_SIGN_KEYNAME` are set appropriately. The default values used for :term:`FIT_HASH_ALG` and -:term:`FIT_SIGN_ALG` in ``kernel-fitimage`` are "sha256" and +:term:`FIT_SIGN_ALG` in :ref:`kernel-fitimage <ref-classes-kernel-fitimage>` are "sha256" and "rsa2048" respectively. The keys for signing fitImage can be generated using -the ``kernel-fitimage`` class when both :term:`FIT_GENERATE_KEYS` and +the :ref:`kernel-fitimage <ref-classes-kernel-fitimage>` class when both :term:`FIT_GENERATE_KEYS` and :term:`UBOOT_SIGN_ENABLE` are set to "1". @@ -1401,7 +1401,7 @@ the ``kernel-fitimage`` class when both :term:`FIT_GENERATE_KEYS` and ``kernel-grub.bbclass`` ======================= -The ``kernel-grub`` class updates the boot area and the boot menu with +The :ref:`kernel-grub <ref-classes-kernel-grub>` class updates the boot area and the boot menu with the kernel as the priority boot mechanism while installing a RPM to update the kernel on a deployed target. @@ -1410,7 +1410,7 @@ update the kernel on a deployed target. ``kernel-module-split.bbclass`` =============================== -The ``kernel-module-split`` class provides common functionality for +The :ref:`kernel-module-split <ref-classes-kernel-module-split>` class provides common functionality for splitting Linux kernel modules into separate packages. .. _ref-classes-kernel-uboot: @@ -1418,7 +1418,7 @@ splitting Linux kernel modules into separate packages. ``kernel-uboot.bbclass`` ======================== -The ``kernel-uboot`` class provides support for building from +The :ref:`kernel-uboot <ref-classes-kernel-uboot>` class provides support for building from vmlinux-style kernel sources. .. _ref-classes-kernel-uimage: @@ -1426,14 +1426,14 @@ vmlinux-style kernel sources. ``kernel-uimage.bbclass`` ========================= -The ``kernel-uimage`` class provides support to pack uImage. +The :ref:`kernel-uimage <ref-classes-kernel-uimage>` class provides support to pack uImage. .. _ref-classes-kernel-yocto: ``kernel-yocto.bbclass`` ======================== -The ``kernel-yocto`` class provides common functionality for building +The :ref:`kernel-yocto <ref-classes-kernel-yocto>` class provides common functionality for building from linux-yocto style kernel source repositories. .. _ref-classes-kernelsrc: @@ -1441,14 +1441,14 @@ from linux-yocto style kernel source repositories. ``kernelsrc.bbclass`` ===================== -The ``kernelsrc`` class sets the Linux kernel source and version. +The :ref:`kernelsrc <ref-classes-kernelsrc>` class sets the Linux kernel source and version. .. _ref-classes-lib_package: ``lib_package.bbclass`` ======================= -The ``lib_package`` class supports recipes that build libraries and +The :ref:`lib_package <ref-classes-lib_package>` class supports recipes that build libraries and produce executable binaries, where those binaries should not be installed by default along with the library. Instead, the binaries are added to a separate ``${``\ :term:`PN`\ ``}-bin`` package to @@ -1459,12 +1459,12 @@ make their installation optional. ``libc*.bbclass`` ================= -The ``libc*`` classes support recipes that build packages with ``libc``: +The :ref:`libc* <ref-classes-libc*>` classes support recipes that build packages with ``libc``: -- The ``libc-common`` class provides common support for building with +- The :ref:`libc-common <ref-classes-libc*>` class provides common support for building with ``libc``. -- The ``libc-package`` class supports packaging up ``glibc`` and +- The :ref:`libc-package <ref-classes-libc*>` class supports packaging up ``glibc`` and ``eglibc``. .. _ref-classes-license: @@ -1472,7 +1472,7 @@ The ``libc*`` classes support recipes that build packages with ``libc``: ``license.bbclass`` =================== -The ``license`` class provides license manifest creation and license +The :ref:`license <ref-classes-license>` class provides license manifest creation and license exclusion. This class is enabled by default using the default value for the :term:`INHERIT_DISTRO` variable. @@ -1481,7 +1481,7 @@ the :term:`INHERIT_DISTRO` variable. ``linux-kernel-base.bbclass`` ============================= -The ``linux-kernel-base`` class provides common functionality for +The :ref:`linux-kernel-base <ref-classes-linux-kernel-base>` class provides common functionality for recipes that build out of the Linux kernel source tree. These builds goes beyond the kernel itself. For example, the Perf recipe also inherits this class. @@ -1500,11 +1500,11 @@ number of other classes. ``logging.bbclass`` =================== -The ``logging`` class provides the standard shell functions used to log +The :ref:`logging <ref-classes-logging>` class provides the standard shell functions used to log messages for various BitBake severity levels (i.e. ``bbplain``, ``bbnote``, ``bbwarn``, ``bberror``, ``bbfatal``, and ``bbdebug``). -This class is enabled by default since it is inherited by the ``base`` +This class is enabled by default since it is inherited by the :ref:`base <ref-classes-base>` class. .. _ref-classes-metadata_scm: @@ -1512,20 +1512,20 @@ class. ``metadata_scm.bbclass`` ======================== -The ``metadata_scm`` class provides functionality for querying the +The :ref:`metadata_scm <ref-classes-metadata_scm>` class provides functionality for querying the branch and revision of a Source Code Manager (SCM) repository. The :ref:`base <ref-classes-base>` class uses this class to print the revisions of each layer before starting every build. The -``metadata_scm`` class is enabled by default because it is inherited by -the ``base`` class. +:ref:`metadata_scm <ref-classes-metadata_scm>` class is enabled by default because it is inherited by +the :ref:`base <ref-classes-base>` class. .. _ref-classes-migrate_localcount: ``migrate_localcount.bbclass`` ============================== -The ``migrate_localcount`` class verifies a recipe's localcount data and +The :ref:`migrate_localcount <ref-classes-migrate_localcount>` class verifies a recipe's localcount data and increments it appropriately. .. _ref-classes-mime: @@ -1533,7 +1533,7 @@ increments it appropriately. ``mime.bbclass`` ================ -The ``mime`` class generates the proper post-install and post-remove +The :ref:`mime <ref-classes-mime>` class generates the proper post-install and post-remove (postinst/postrm) scriptlets for packages that install MIME type files. These scriptlets call ``update-mime-database`` to add the MIME types to the shared database. @@ -1543,7 +1543,7 @@ the shared database. ``mirrors.bbclass`` =================== -The ``mirrors`` class sets up some standard +The :ref:`mirrors <ref-classes-mirrors>` class sets up some standard :term:`MIRRORS` entries for source code mirrors. These mirrors provide a fall-back path in case the upstream source specified in :term:`SRC_URI` within recipes is unavailable. @@ -1556,7 +1556,7 @@ This class is enabled by default since it is inherited by the ``module.bbclass`` ================== -The ``module`` class provides support for building out-of-tree Linux +The :ref:`module <ref-classes-module>` class provides support for building out-of-tree Linux kernel modules. The class inherits the :ref:`module-base <ref-classes-module-base>` and :ref:`kernel-module-split <ref-classes-kernel-module-split>` classes, @@ -1573,7 +1573,7 @@ section in the Yocto Project Linux Kernel Development Manual. ``module-base.bbclass`` ======================= -The ``module-base`` class provides the base functionality for building +The :ref:`module-base <ref-classes-module-base>` class provides the base functionality for building Linux kernel modules. Typically, a recipe that builds software that includes one or more kernel modules and has its own means of building the module inherits this class as opposed to inheriting the @@ -1584,7 +1584,7 @@ the module inherits this class as opposed to inheriting the ``multilib*.bbclass`` ===================== -The ``multilib*`` classes provide support for building libraries with +The :ref:`multilib* <ref-classes-multilib*>` classes provide support for building libraries with different target optimizations or target architectures and installing them side-by-side in the same image. @@ -1597,17 +1597,17 @@ section in the Yocto Project Development Tasks Manual. ``native.bbclass`` ================== -The ``native`` class provides common functionality for recipes that +The :ref:`native <ref-classes-native>` class provides common functionality for recipes that build tools to run on the :term:`Build Host` (i.e. tools that use the compiler or other tools from the build host). You can create a recipe that builds tools that run natively on the host a couple different ways: -- Create a ``myrecipe-native.bb`` recipe that inherits the ``native`` +- Create a ``myrecipe-native.bb`` recipe that inherits the :ref:`native <ref-classes-native>` class. If you use this method, you must order the inherit statement in the recipe after all other inherit statements so that the - ``native`` class is inherited last. + :ref:`native <ref-classes-native>` class is inherited last. .. note:: @@ -1629,7 +1629,7 @@ a couple different ways: specify any functionality specific to the respective native or target case. -Although applied differently, the ``native`` class is used with both +Although applied differently, the :ref:`native <ref-classes-native>` class is used with both methods. The advantage of the second method is that you do not need to have two separate recipes (assuming you need both) for native and target. All common parts of the recipe are automatically shared. @@ -1639,7 +1639,7 @@ target. All common parts of the recipe are automatically shared. ``nativesdk.bbclass`` ===================== -The ``nativesdk`` class provides common functionality for recipes that +The :ref:`nativesdk <ref-classes-nativesdk>` class provides common functionality for recipes that wish to build tools to run as part of an SDK (i.e. tools that run on :term:`SDKMACHINE`). @@ -1647,11 +1647,11 @@ You can create a recipe that builds tools that run on the SDK machine a couple different ways: - Create a ``nativesdk-myrecipe.bb`` recipe that inherits the - ``nativesdk`` class. If you use this method, you must order the + :ref:`nativesdk <ref-classes-nativesdk>` class. If you use this method, you must order the inherit statement in the recipe after all other inherit statements so - that the ``nativesdk`` class is inherited last. + that the :ref:`nativesdk <ref-classes-nativesdk>` class is inherited last. -- Create a ``nativesdk`` variant of any recipe by adding the following:: +- Create a :ref:`nativesdk <ref-classes-nativesdk>` variant of any recipe by adding the following:: BBCLASSEXTEND = "nativesdk" @@ -1670,7 +1670,7 @@ couple different ways: Not doing so can lead to subtle problems because there is code that depends on the naming convention. -Although applied differently, the ``nativesdk`` class is used with both +Although applied differently, the :ref:`nativesdk <ref-classes-nativesdk>` class is used with both methods. The advantage of the second method is that you do not need to have two separate recipes (assuming you need both) for the SDK machine and the target. All common parts of the recipe are automatically shared. @@ -1705,11 +1705,11 @@ section in the Yocto Project Development Tasks Manual. ``oelint.bbclass`` ================== -The ``oelint`` class is an obsolete lint checking tool available in +The :ref:`oelint <ref-classes-oelint>` class is an obsolete lint checking tool available in ``meta/classes`` in the :term:`Source Directory`. There are some classes that could be generally useful in OE-Core but -are never actually used within OE-Core itself. The ``oelint`` class is +are never actually used within OE-Core itself. The :ref:`oelint <ref-classes-oelint>` class is one such example. However, being aware of this class can reduce the proliferation of different versions of similar classes across multiple layers. @@ -1828,7 +1828,7 @@ The class provides two options for ``/sbin/init`` generation: ``own-mirrors.bbclass`` ======================= -The ``own-mirrors`` class makes it easier to set up your own +The :ref:`own-mirrors <ref-classes-own-mirrors>` class makes it easier to set up your own :term:`PREMIRRORS` from which to first fetch source before attempting to fetch it from the upstream specified in :term:`SRC_URI` within each recipe. @@ -1847,7 +1847,7 @@ in :term:`SOURCE_MIRROR_URL`. ``package.bbclass`` =================== -The ``package`` class supports generating packages from a build's +The :ref:`package <ref-classes-package>` class supports generating packages from a build's output. The core generic functionality is in ``package.bbclass``. The code specific to particular package types resides in these package-specific classes: @@ -1858,10 +1858,8 @@ package-specific classes: .. note:: - The - package_tar - class is broken and not supported. It is recommended that you do not - use this class. + The :ref:`package_tar <ref-classes-package_tar>` class is broken and + not supported. It is recommended that you do not use this class. You can control the list of resulting package formats by using the :term:`PACKAGE_CLASSES` variable defined in your ``conf/local.conf`` @@ -1886,7 +1884,7 @@ complete build of the package with all dependencies previously built. The reason for this discrepancy is because the RPM package manager creates and processes more :term:`Metadata` than the IPK package manager. Consequently, you might consider setting :term:`PACKAGE_CLASSES` to -"package_ipk" if you are building smaller systems. +":ref:`package_ipk <ref-classes-package_ipk>`" if you are building smaller systems. Before making your package manager decision, however, you should consider some further things about using RPM: @@ -1914,7 +1912,7 @@ at these two Yocto Project mailing list links: ``package_deb.bbclass`` ======================= -The ``package_deb`` class provides support for creating packages that +The :ref:`package_deb <ref-classes-package_deb>` class provides support for creating packages that use the Debian (i.e. ``.deb``) file format. The class ensures the packages are written out in a ``.deb`` file format to the ``${``\ :term:`DEPLOY_DIR_DEB`\ ``}`` directory. @@ -1928,7 +1926,7 @@ variable in the ``local.conf`` file. ``package_ipk.bbclass`` ======================= -The ``package_ipk`` class provides support for creating packages that +The :ref:`package_ipk <ref-classes-package_ipk>` class provides support for creating packages that use the IPK (i.e. ``.ipk``) file format. The class ensures the packages are written out in a ``.ipk`` file format to the ``${``\ :term:`DEPLOY_DIR_IPK`\ ``}`` directory. @@ -1942,7 +1940,7 @@ variable in the ``local.conf`` file. ``package_rpm.bbclass`` ======================= -The ``package_rpm`` class provides support for creating packages that +The :ref:`package_rpm <ref-classes-package_rpm>` class provides support for creating packages that use the RPM (i.e. ``.rpm``) file format. The class ensures the packages are written out in a ``.rpm`` file format to the ``${``\ :term:`DEPLOY_DIR_RPM`\ ``}`` directory. @@ -1956,7 +1954,7 @@ variable in the ``local.conf`` file. ``package_tar.bbclass`` ======================= -The ``package_tar`` class provides support for creating tarballs. The +The :ref:`package_tar <ref-classes-package_tar>` class provides support for creating tarballs. The class ensures the packages are written out in a tarball format to the ``${``\ :term:`DEPLOY_DIR_TAR`\ ``}`` directory. @@ -1966,7 +1964,7 @@ variable in the ``local.conf`` file. .. note:: - You cannot specify the ``package_tar`` class first using the + You cannot specify the :ref:`package_tar <ref-classes-package_tar>` class first using the :term:`PACKAGE_CLASSES` variable. You must use ``.deb``, ``.ipk``, or ``.rpm`` file formats for your image or SDK. @@ -1975,7 +1973,7 @@ variable in the ``local.conf`` file. ``packagedata.bbclass`` ======================= -The ``packagedata`` class provides common functionality for reading +The :ref:`packagedata <ref-classes-packagedata>` class provides common functionality for reading ``pkgdata`` files found in :term:`PKGDATA_DIR`. These files contain information about each output package produced by the OpenEmbedded build system. @@ -1988,7 +1986,7 @@ This class is enabled by default because it is inherited by the ``packagegroup.bbclass`` ======================== -The ``packagegroup`` class sets default values appropriate for package +The :ref:`packagegroup <ref-classes-packagegroup>` class sets default values appropriate for package group recipes (e.g. :term:`PACKAGES`, :term:`PACKAGE_ARCH`, :term:`ALLOW_EMPTY`, and so forth). It is highly recommended that all package group recipes inherit this class. @@ -2004,7 +2002,7 @@ Previously, this class was called the ``task`` class. ``patch.bbclass`` ================= -The ``patch`` class provides all functionality for applying patches +The :ref:`patch <ref-classes-patch>` class provides all functionality for applying patches during the :ref:`ref-tasks-patch` task. This class is enabled by default because it is inherited by the @@ -2015,7 +2013,7 @@ This class is enabled by default because it is inherited by the ``perlnative.bbclass`` ====================== -When inherited by a recipe, the ``perlnative`` class supports using the +When inherited by a recipe, the :ref:`perlnative <ref-classes-perlnative>` class supports using the native version of Perl built by the build system rather than using the version provided by the build host. @@ -2024,14 +2022,14 @@ version provided by the build host. ``pypi.bbclass`` ================ -The ``pypi`` class sets variables appropriately for recipes that build +The :ref:`pypi <ref-classes-pypi>` class sets variables appropriately for recipes that build Python modules from `PyPI <https://pypi.org/>`__, the Python Package Index. By default it determines the PyPI package name based upon :term:`BPN` (stripping the "python-" or "python3-" prefix off if present), however in some cases you may need to set it manually in the recipe by setting :term:`PYPI_PACKAGE`. -Variables set by the ``pypi`` class include :term:`SRC_URI`, :term:`SECTION`, +Variables set by the :ref:`pypi <ref-classes-pypi>` class include :term:`SRC_URI`, :term:`SECTION`, :term:`HOMEPAGE`, :term:`UPSTREAM_CHECK_URI`, :term:`UPSTREAM_CHECK_REGEX` and :term:`CVE_PRODUCT`. @@ -2040,7 +2038,7 @@ and :term:`CVE_PRODUCT`. ``python_flit_core.bbclass`` ============================ -The ``python_flit_core`` class enables building Python modules which declare +The :ref:`python_flit_core <ref-classes-python_flit_core>` class enables building Python modules which declare the `PEP-517 <https://www.python.org/dev/peps/pep-0517/>`__ compliant ``flit_core.buildapi`` ``build-backend`` in the ``[build-system]`` section of ``pyproject.toml`` (See `PEP-518 <https://www.python.org/dev/peps/pep-0518/>`__). @@ -2055,7 +2053,7 @@ Internally this uses the :ref:`python_pep517 <ref-classes-python_pep517>` class. ``python_pep517.bbclass`` ========================= -The ``python_pep517`` class builds and installs a Python ``wheel`` binary +The :ref:`python_pep517 <ref-classes-python_pep517>` class builds and installs a Python ``wheel`` binary archive (see `PEP-517 <https://peps.python.org/pep-0517/>`__). Recipes wouldn't inherit this directly, instead typically another class will @@ -2071,7 +2069,7 @@ Examples of classes which do this are :ref:`python_flit_core ``python_poetry_core.bbclass`` ============================== -The ``python_poetry_core`` class enables building Python modules which use the +The :ref:`python_poetry_core <ref-classes-python_poetry_core>` class enables building Python modules which use the `Poetry Core <https://python-poetry.org>`__ build system. Internally this uses the :ref:`python_pep517 <ref-classes-python_pep517>` class. @@ -2081,7 +2079,7 @@ Internally this uses the :ref:`python_pep517 <ref-classes-python_pep517>` class. ``pixbufcache.bbclass`` ======================= -The ``pixbufcache`` class generates the proper post-install and +The :ref:`pixbufcache <ref-classes-pixbufcache>` class generates the proper post-install and post-remove (postinst/postrm) scriptlets for packages that install pixbuf loaders, which are used with ``gdk-pixbuf``. These scriptlets call ``update_pixbuf_cache`` to add the pixbuf loaders to the cache. @@ -2099,13 +2097,13 @@ containing the loaders. ``pkgconfig.bbclass`` ===================== -The ``pkgconfig`` class provides a standard way to get header and +The :ref:`pkgconfig <ref-classes-pkgconfig>` class provides a standard way to get header and library information by using ``pkg-config``. This class aims to smooth integration of ``pkg-config`` into libraries that use it. During staging, BitBake installs ``pkg-config`` data into the ``sysroots/`` directory. By making use of sysroot functionality within -``pkg-config``, the ``pkgconfig`` class no longer has to manipulate the +``pkg-config``, the :ref:`pkgconfig <ref-classes-pkgconfig>` class no longer has to manipulate the files. .. _ref-classes-populate-sdk: @@ -2113,7 +2111,7 @@ files. ``populate_sdk.bbclass`` ======================== -The ``populate_sdk`` class provides support for SDK-only recipes. For +The :ref:`populate_sdk <ref-classes-populate-sdk>` class provides support for SDK-only recipes. For information on advantages gained when building a cross-development toolchain using the :ref:`ref-tasks-populate_sdk` task, see the ":ref:`sdk-manual/appendix-obtain:building an sdk installer`" @@ -2125,31 +2123,31 @@ Software Development Kit (eSDK) manual. ``populate_sdk_*.bbclass`` ========================== -The ``populate_sdk_*`` classes support SDK creation and consist of the +The :ref:`populate_sdk_* <ref-classes-populate-sdk-*>` classes support SDK creation and consist of the following classes: -- ``populate_sdk_base``: The base class supporting SDK creation under +- :ref:`populate_sdk_base <ref-classes-populate-sdk-*>`: The base class supporting SDK creation under all package managers (i.e. DEB, RPM, and opkg). -- ``populate_sdk_deb``: Supports creation of the SDK given the Debian +- :ref:`populate_sdk_deb <ref-classes-populate-sdk-*>`: Supports creation of the SDK given the Debian package manager. -- ``populate_sdk_rpm``: Supports creation of the SDK given the RPM +- :ref:`populate_sdk_rpm <ref-classes-populate-sdk-*>`: Supports creation of the SDK given the RPM package manager. -- ``populate_sdk_ipk``: Supports creation of the SDK given the opkg +- :ref:`populate_sdk_ipk <ref-classes-populate-sdk-*>`: Supports creation of the SDK given the opkg (IPK format) package manager. -- ``populate_sdk_ext``: Supports extensible SDK creation under all +- :ref:`populate_sdk_ext <ref-classes-populate-sdk-*>`: Supports extensible SDK creation under all package managers. -The ``populate_sdk_base`` class inherits the appropriate +The :ref:`populate_sdk_base <ref-classes-populate-sdk-*>` class inherits the appropriate ``populate_sdk_*`` (i.e. ``deb``, ``rpm``, and ``ipk``) based on :term:`IMAGE_PKGTYPE`. The base class ensures all source and destination directories are established and then populates the SDK. After populating the SDK, the -``populate_sdk_base`` class constructs two sysroots: +:ref:`populate_sdk_base <ref-classes-populate-sdk-*>` class constructs two sysroots: ``${``\ :term:`SDK_ARCH`\ ``}-nativesdk``, which contains the cross-compiler and associated tooling, and the target, which contains a target root filesystem that is configured for the SDK @@ -2162,9 +2160,9 @@ which consists of the following:: Finally, the base populate SDK class creates the toolchain environment setup script, the tarball of the SDK, and the installer. -The respective ``populate_sdk_deb``, ``populate_sdk_rpm``, and -``populate_sdk_ipk`` classes each support the specific type of SDK. -These classes are inherited by and used with the ``populate_sdk_base`` +The respective :ref:`populate_sdk_deb <ref-classes-populate-sdk-*>`, :ref:`populate_sdk_rpm <ref-classes-populate-sdk-*>`, and +:ref:`populate_sdk_ipk <ref-classes-populate-sdk-*>` classes each support the specific type of SDK. +These classes are inherited by and used with the :ref:`populate_sdk_base <ref-classes-populate-sdk-*>` class. For more information on the cross-development toolchain generation, see @@ -2182,7 +2180,7 @@ Software Development Kit (eSDK) manual. ``prexport.bbclass`` ==================== -The ``prexport`` class provides functionality for exporting +The :ref:`prexport <ref-classes-prexport>` class provides functionality for exporting :term:`PR` values. .. note:: @@ -2195,7 +2193,7 @@ The ``prexport`` class provides functionality for exporting ``primport.bbclass`` ==================== -The ``primport`` class provides functionality for importing +The :ref:`primport <ref-classes-primport>` class provides functionality for importing :term:`PR` values. .. note:: @@ -2208,7 +2206,7 @@ The ``primport`` class provides functionality for importing ``prserv.bbclass`` ================== -The ``prserv`` class provides functionality for using a :ref:`PR +The :ref:`prserv <ref-classes-prserv>` class provides functionality for using a :ref:`PR service <dev-manual/common-tasks:working with a pr service>` in order to automatically manage the incrementing of the :term:`PR` variable for each recipe. @@ -2223,7 +2221,7 @@ build system will not enable the functionality of this class unless ``ptest.bbclass`` ================= -The ``ptest`` class provides functionality for packaging and installing +The :ref:`ptest <ref-classes-ptest>` class provides functionality for packaging and installing runtime tests for recipes that build software that provides these tests. This class is intended to be inherited by individual recipes. However, @@ -2250,7 +2248,7 @@ section in the Yocto Project Development Tasks Manual. ``python3-dir.bbclass`` ======================= -The ``python3-dir`` class provides the base version, location, and site +The :ref:`python3-dir <ref-classes-python3-dir>` class provides the base version, location, and site package location for Python 3. .. _ref-classes-python3native: @@ -2258,7 +2256,7 @@ package location for Python 3. ``python3native.bbclass`` ========================= -The ``python3native`` class supports using the native version of Python +The :ref:`python3native <ref-classes-python3native>` class supports using the native version of Python 3 built by the build system rather than support of the version provided by the build host. @@ -2267,7 +2265,7 @@ by the build host. ``python3targetconfig.bbclass`` =============================== -The ``python3targetconfig`` class supports using the native version of Python +The :ref:`python3targetconfig <ref-classes-python3targetconfig>` class supports using the native version of Python 3 built by the build system rather than support of the version provided by the build host, except that the configuration for the target machine is accessible (such as correct installation directories). This also adds a @@ -2279,7 +2277,7 @@ in order to avoid unnecessarily lengthening builds. ``qemu.bbclass`` ================ -The ``qemu`` class provides functionality for recipes that either need +The :ref:`qemu <ref-classes-qemu>` class provides functionality for recipes that either need QEMU or test for the existence of QEMU. Typically, this class is used to run programs for a target system on the build host using QEMU's application emulation mode. @@ -2289,7 +2287,7 @@ application emulation mode. ``recipe_sanity.bbclass`` ========================= -The ``recipe_sanity`` class checks for the presence of any host system +The :ref:`recipe_sanity <ref-classes-recipe_sanity>` class checks for the presence of any host system recipe prerequisites that might affect the build (e.g. variables that are set or software that is present). @@ -2298,7 +2296,7 @@ are set or software that is present). ``relocatable.bbclass`` ======================= -The ``relocatable`` class enables relocation of binaries when they are +The :ref:`relocatable <ref-classes-relocatable>` class enables relocation of binaries when they are installed into the sysroot. This class makes use of the :ref:`chrpath <ref-classes-chrpath>` class @@ -2310,7 +2308,7 @@ and is used by both the :ref:`cross <ref-classes-cross>` and ``remove-libtool.bbclass`` ========================== -The ``remove-libtool`` class adds a post function to the +The :ref:`remove-libtool <ref-classes-remove-libtool>` class adds a post function to the :ref:`ref-tasks-install` task to remove all ``.la`` files installed by ``libtool``. Removing these files results in them being absent from both the sysroot and target packages. @@ -2322,14 +2320,14 @@ override the removal by setting ``REMOVE_LIBTOOL_LA`` to "0" as follows:: .. note:: - The ``remove-libtool`` class is not enabled by default. + The :ref:`remove-libtool <ref-classes-remove-libtool>` class is not enabled by default. .. _ref-classes-report-error: ``report-error.bbclass`` ======================== -The ``report-error`` class supports enabling the :ref:`error reporting +The :ref:`report-error <ref-classes-report-error>` class supports enabling the :ref:`error reporting tool <dev-manual/common-tasks:using the error reporting tool>`", which allows you to submit build error information to a central database. @@ -2344,7 +2342,7 @@ are created and stored in ``rm_work.bbclass`` =================== -The ``rm_work`` class supports deletion of temporary workspace, which +The :ref:`rm_work <ref-classes-rm-work>` class supports deletion of temporary workspace, which can ease your hard drive demands during builds. The OpenEmbedded build system can use a substantial amount of disk space @@ -2354,7 +2352,7 @@ system generates the packages for a recipe, the work files for that recipe are no longer needed. However, by default, the build system preserves these files for inspection and possible debugging purposes. If you would rather have these files deleted to save disk space as the -build progresses, you can enable ``rm_work`` by adding the following to +build progresses, you can enable :ref:`rm_work <ref-classes-rm-work>` by adding the following to your ``local.conf`` file, which is found in the :term:`Build Directory`. :: @@ -2362,9 +2360,9 @@ your ``local.conf`` file, which is found in the :term:`Build Directory`. If you are modifying and building source code out of the work directory for a -recipe, enabling ``rm_work`` will potentially result in your changes to +recipe, enabling :ref:`rm_work <ref-classes-rm-work>` will potentially result in your changes to the source being lost. To exclude some recipes from having their work -directories deleted by ``rm_work``, you can add the names of the recipe +directories deleted by :ref:`rm_work <ref-classes-rm-work>`, you can add the names of the recipe or recipes you are working on to the :term:`RM_WORK_EXCLUDE` variable, which can also be set in your ``local.conf`` file. Here is an example:: @@ -2375,26 +2373,26 @@ can also be set in your ``local.conf`` file. Here is an example:: ``rootfs*.bbclass`` =================== -The ``rootfs*`` classes support creating the root filesystem for an +The :ref:`rootfs* <ref-classes-rootfs*>` classes support creating the root filesystem for an image and consist of the following classes: -- The ``rootfs-postcommands`` class, which defines filesystem +- The :ref:`rootfs-postcommands <ref-classes-rootfs*>` class, which defines filesystem post-processing functions for image recipes. -- The ``rootfs_deb`` class, which supports creation of root filesystems +- The :ref:`rootfs_deb <ref-classes-rootfs*>` class, which supports creation of root filesystems for images built using ``.deb`` packages. -- The ``rootfs_rpm`` class, which supports creation of root filesystems +- The :ref:`rootfs_rpm <ref-classes-rootfs*>` class, which supports creation of root filesystems for images built using ``.rpm`` packages. -- The ``rootfs_ipk`` class, which supports creation of root filesystems +- The :ref:`rootfs_ipk <ref-classes-rootfs*>` class, which supports creation of root filesystems for images built using ``.ipk`` packages. -- The ``rootfsdebugfiles`` class, which installs additional files found +- The :ref:`rootfsdebugfiles <ref-classes-rootfs*>` class, which installs additional files found on the build host directly into the root filesystem. The root filesystem is created from packages using one of the -``rootfs*.bbclass`` files as determined by the +:ref:`rootfs*.bbclass <ref-classes-rootfs*>` files as determined by the :term:`PACKAGE_CLASSES` variable. For information on how root filesystem images are created, see the @@ -2406,7 +2404,7 @@ section in the Yocto Project Overview and Concepts Manual. ``sanity.bbclass`` ================== -The ``sanity`` class checks to see if prerequisite software is present +The :ref:`sanity <ref-classes-sanity>` class checks to see if prerequisite software is present on the host system so that users can be notified of potential problems that might affect their build. The class also performs basic user configuration checks from the ``local.conf`` configuration file to @@ -2418,7 +2416,7 @@ usually determines whether to include this class. ``scons.bbclass`` ================= -The ``scons`` class supports recipes that need to build software that +The :ref:`scons <ref-classes-scons>` class supports recipes that need to build software that uses the SCons build system. You can use the :term:`EXTRA_OESCONS` variable to specify additional configuration options you want to pass SCons command line. @@ -2428,7 +2426,7 @@ additional configuration options you want to pass SCons command line. ``sdl.bbclass`` =============== -The ``sdl`` class supports recipes that need to build software that uses +The :ref:`sdl <ref-classes-sdl>` class supports recipes that need to build software that uses the Simple DirectMedia Layer (SDL) library. .. _ref-classes-python_setuptools_build_meta: @@ -2436,7 +2434,7 @@ the Simple DirectMedia Layer (SDL) library. ``python_setuptools_build_meta.bbclass`` ======================================== -The ``python_setuptools_build_meta`` class enables building Python modules which +The :ref:`python_setuptools_build_meta <ref-classes-python_setuptools_build_meta>` class enables building Python modules which declare the `PEP-517 <https://www.python.org/dev/peps/pep-0517/>`__ compliant ``setuptools.build_meta`` ``build-backend`` in the ``[build-system]`` @@ -2452,14 +2450,14 @@ Internally this uses the :ref:`python_pep517 <ref-classes-python_pep517>` class. ``setuptools3.bbclass`` ======================= -The ``setuptools3`` class supports Python version 3.x extensions that +The :ref:`setuptools3 <ref-classes-setuptools3>` class supports Python version 3.x extensions that use build systems based on ``setuptools`` (e.g. only have a ``setup.py`` and have not migrated to the official ``pyproject.toml`` format). If your recipe -uses these build systems, the recipe needs to inherit the ``setuptools3`` class. +uses these build systems, the recipe needs to inherit the :ref:`setuptools3 <ref-classes-setuptools3>` class. .. note:: - The ``setuptools3`` class :ref:`ref-tasks-compile` task now calls + The :ref:`setuptools3 <ref-classes-setuptools3>` class :ref:`ref-tasks-compile` task now calls ``setup.py bdist_wheel`` to build the ``wheel`` binary archive format (See `PEP-427 <https://www.python.org/dev/peps/pep-0427/>`__). @@ -2470,7 +2468,7 @@ uses these build systems, the recipe needs to inherit the ``setuptools3`` class. .. note:: - The ``setuptools3`` class :ref:`ref-tasks-install` task now installs the ``wheel`` + The :ref:`setuptools3 <ref-classes-setuptools3>` class :ref:`ref-tasks-install` task now installs the ``wheel`` binary archive. In current versions of ``setuptools`` the legacy ``setup.py install`` method is deprecated. If the ``setup.py`` cannot be used with wheels, for example it creates files outside of the Python module or @@ -2482,7 +2480,7 @@ uses these build systems, the recipe needs to inherit the ``setuptools3`` class. ``setuptools3_legacy.bbclass`` ============================== -The ``setuptools3_legacy`` class supports Python version 3.x extensions that use +The :ref:`setuptools3_legacy <ref-classes-setuptools3_legacy>` class supports Python version 3.x extensions that use build systems based on ``setuptools`` (e.g. only have a ``setup.py`` and have not migrated to the official ``pyproject.toml`` format). Unlike ``setuptools3.bbclass``, this uses the traditional ``setup.py`` ``build`` and @@ -2495,7 +2493,7 @@ but still relatively common. ``setuptools3-base.bbclass`` ============================ -The ``setuptools3-base`` class provides a reusable base for other classes +The :ref:`setuptools3-base <ref-classes-setuptools3-base>` class provides a reusable base for other classes that support building Python version 3.x extensions. If you need functionality that is not provided by the :ref:`setuptools3 <ref-classes-setuptools3>` class, you may want to ``inherit setuptools3-base``. Some recipes do not need the tasks @@ -2506,14 +2504,14 @@ in the :ref:`setuptools3 <ref-classes-setuptools3>` class and inherit this class ``sign_rpm.bbclass`` ==================== -The ``sign_rpm`` class supports generating signed RPM packages. +The :ref:`sign_rpm <ref-classes-sign_rpm>` class supports generating signed RPM packages. .. _ref-classes-sip: ``sip.bbclass`` =============== -The ``sip`` class supports recipes that build or package SIP-based +The :ref:`sip <ref-classes-sip>` class supports recipes that build or package SIP-based Python bindings. .. _ref-classes-siteconfig: @@ -2521,7 +2519,7 @@ Python bindings. ``siteconfig.bbclass`` ====================== -The ``siteconfig`` class provides functionality for handling site +The :ref:`siteconfig <ref-classes-siteconfig>` class provides functionality for handling site configuration. The class is used by the :ref:`autotools <ref-classes-autotools>` class to accelerate the :ref:`ref-tasks-configure` task. @@ -2531,7 +2529,7 @@ configuration. The class is used by the ``siteinfo.bbclass`` ==================== -The ``siteinfo`` class provides information about the targets that might +The :ref:`siteinfo <ref-classes-siteinfo>` class provides information about the targets that might be needed by other classes or recipes. As an example, consider Autotools, which can require tests that must @@ -2552,7 +2550,7 @@ The class also provides variables like :term:`SITEINFO_ENDIANNESS` and ``sstate.bbclass`` ================== -The ``sstate`` class provides support for Shared State (sstate). By +The :ref:`sstate <ref-classes-sstate>` class provides support for Shared State (sstate). By default, the class is enabled through the :term:`INHERIT_DISTRO` variable's default value. @@ -2565,7 +2563,7 @@ section in the Yocto Project Overview and Concepts Manual. ``staging.bbclass`` =================== -The ``staging`` class installs files into individual recipe work +The :ref:`staging <ref-classes-staging>` class installs files into individual recipe work directories for sysroots. The class contains the following key tasks: - The :ref:`ref-tasks-populate_sysroot` task, @@ -2578,7 +2576,7 @@ directories for sysroots. The class contains the following key tasks: installs the files into the individual recipe work directories (i.e. :term:`WORKDIR`). -The code in the ``staging`` class is complex and basically works in two +The code in the :ref:`staging <ref-classes-staging>` class is complex and basically works in two stages: - *Stage One:* The first stage addresses recipes that have files they @@ -2665,7 +2663,7 @@ stages: ``syslinux.bbclass`` ==================== -The ``syslinux`` class provides syslinux-specific functions for building +The :ref:`syslinux <ref-classes-syslinux>` class provides syslinux-specific functions for building bootable images. The class supports the following variables: @@ -2708,7 +2706,7 @@ The class supports the following variables: ``systemd.bbclass`` =================== -The ``systemd`` class provides support for recipes that install systemd +The :ref:`systemd <ref-classes-systemd>` class provides support for recipes that install systemd unit files. The functionality for this class is disabled unless you have "systemd" @@ -2734,7 +2732,7 @@ Services are set up to start on boot automatically unless you have set :term:`SYSTEMD_AUTO_ENABLE` to "disable". -For more information on ``systemd``, see the +For more information on :ref:`systemd <ref-classes-systemd>`, see the ":ref:`dev-manual/common-tasks:selecting an initialization manager`" section in the Yocto Project Development Tasks Manual. @@ -2743,17 +2741,17 @@ section in the Yocto Project Development Tasks Manual. ``systemd-boot.bbclass`` ======================== -The ``systemd-boot`` class provides functions specific to the +The :ref:`systemd-boot <ref-classes-systemd-boot>` class provides functions specific to the systemd-boot bootloader for building bootable images. This is an internal class and is not intended to be used directly. .. note:: - The ``systemd-boot`` class is a result from merging the ``gummiboot`` class + The :ref:`systemd-boot <ref-classes-systemd-boot>` class is a result from merging the ``gummiboot`` class used in previous Yocto Project releases with the ``systemd`` project. Set the :term:`EFI_PROVIDER` variable to -"systemd-boot" to use this class. Doing so creates a standalone EFI +":ref:`systemd-boot <ref-classes-systemd-boot>`" to use this class. Doing so creates a standalone EFI bootloader that is not dependent on systemd. For information on more variables used and supported in this class, see @@ -2770,16 +2768,16 @@ for more information. ``terminal.bbclass`` ==================== -The ``terminal`` class provides support for starting a terminal session. +The :ref:`terminal <ref-classes-terminal>` class provides support for starting a terminal session. The :term:`OE_TERMINAL` variable controls which terminal emulator is used for the session. -Other classes use the ``terminal`` class anywhere a separate terminal +Other classes use the :ref:`terminal <ref-classes-terminal>` class anywhere a separate terminal session needs to be started. For example, the :ref:`patch <ref-classes-patch>` class assuming :term:`PATCHRESOLVE` is set to "user", the :ref:`cml1 <ref-classes-cml1>` class, and the -:ref:`devshell <ref-classes-devshell>` class all use the ``terminal`` +:ref:`devshell <ref-classes-devshell>` class all use the :ref:`terminal <ref-classes-terminal>` class. .. _ref-classes-testimage: @@ -2787,7 +2785,7 @@ class. ``testimage.bbclass`` ===================== -The ``testimage`` class supports running automated tests against +The :ref:`testimage <ref-classes-testimage>` class supports running automated tests against images using QEMU and on actual hardware. The classes handle loading the tests and starting the image. To use the classes, you need to perform steps to set up the environment. @@ -2799,7 +2797,7 @@ To enable this class, add the following to your configuration:: The tests are commands that run on the target system over ``ssh``. Each test is written in Python and makes use of the ``unittest`` module. -The ``testimage`` class runs tests on an image when called using the +The :ref:`testimage <ref-classes-testimage>` class runs tests on an image when called using the following:: $ bitbake -c testimage image @@ -2819,7 +2817,7 @@ section in the Yocto Project Development Tasks Manual. =================== This class supports running automated tests against software development -kits (SDKs). The ``testsdk`` class runs tests on an SDK when called +kits (SDKs). The :ref:`testsdk <ref-classes-testsdk>` class runs tests on an SDK when called using the following:: $ bitbake -c testsdk image @@ -2827,7 +2825,7 @@ using the following:: .. note:: Best practices include using :term:`IMAGE_CLASSES` rather than - :term:`INHERIT` to inherit the ``testsdk`` class for automated SDK + :term:`INHERIT` to inherit the :ref:`testsdk <ref-classes-testsdk>` class for automated SDK testing. .. _ref-classes-texinfo: @@ -2853,7 +2851,7 @@ host system. ``toaster.bbclass`` =================== -The ``toaster`` class collects information about packages and images and +The :ref:`toaster <ref-classes-toaster>` class collects information about packages and images and sends them as events that the BitBake user interface can receive. The class is enabled when the Toaster user interface is running. @@ -2864,7 +2862,7 @@ This class is not intended to be used directly. ``toolchain-scripts.bbclass`` ============================= -The ``toolchain-scripts`` class provides the scripts used for setting up +The :ref:`toolchain-scripts <ref-classes-toolchain-scripts>` class provides the scripts used for setting up the environment for installed SDKs. .. _ref-classes-typecheck: @@ -2872,7 +2870,7 @@ the environment for installed SDKs. ``typecheck.bbclass`` ===================== -The ``typecheck`` class provides support for validating the values of +The :ref:`typecheck <ref-classes-typecheck>` class provides support for validating the values of variables set at the configuration level against their defined types. The OpenEmbedded build system allows you to define the type of a variable using the "type" varflag. Here is an example:: @@ -2884,7 +2882,7 @@ variable using the "type" varflag. Here is an example:: ``uboot-config.bbclass`` ======================== -The ``uboot-config`` class provides support for U-Boot configuration for +The :ref:`uboot-config <ref-classes-uboot-config>` class provides support for U-Boot configuration for a machine. Specify the machine in your recipe as follows:: UBOOT_CONFIG ??= <default> @@ -2915,7 +2913,7 @@ yourself, publish the resulting tarball (e.g. via HTTP) and set ``UNINATIVE_URL`` and ``UNINATIVE_CHECKSUM`` appropriately. For an example, see the ``meta/conf/distro/include/yocto-uninative.inc``. -The ``uninative`` class is also used unconditionally by the extensible +The :ref:`uninative <ref-classes-uninative>` class is also used unconditionally by the extensible SDK. When building the extensible SDK, ``uninative-tarball`` is built and the resulting tarball is included within the SDK. @@ -2924,12 +2922,12 @@ and the resulting tarball is included within the SDK. ``update-alternatives.bbclass`` =============================== -The ``update-alternatives`` class helps the alternatives system when +The :ref:`update-alternatives <ref-classes-update-alternatives>` class helps the alternatives system when multiple sources provide the same command. This situation occurs when several programs that have the same or similar function are installed with the same name. For example, the ``ar`` command is available from the ``busybox``, ``binutils`` and ``elfutils`` packages. The -``update-alternatives`` class handles renaming the binaries so that +:ref:`update-alternatives <ref-classes-update-alternatives>` class handles renaming the binaries so that multiple packages can be installed without conflicts. The ``ar`` command still works regardless of which packages are installed or subsequently removed. The class renames the conflicting binary in each package and @@ -2962,7 +2960,7 @@ file. ``update-rc.d.bbclass`` ======================= -The ``update-rc.d`` class uses ``update-rc.d`` to safely install an +The :ref:`update-rc.d <ref-classes-update-rc.d>` class uses ``update-rc.d`` to safely install an initialization script on behalf of the package. The OpenEmbedded build system takes care of details such as making sure the script is stopped before a package is removed and started when the package is installed. @@ -2976,7 +2974,7 @@ for details. ``useradd*.bbclass`` ==================== -The ``useradd*`` classes support the addition of users or groups for +The :ref:`useradd* <ref-classes-useradd>` classes support the addition of users or groups for usage by the package on the target. For example, if you have packages that contain system services that should be run under their own user or group, you can use these classes to enable creation of the user or @@ -2985,16 +2983,16 @@ group. The :oe_git:`meta-skeleton/recipes-skeleton/useradd/useradd-example.bb recipe in the :term:`Source Directory` provides a simple example that shows how to add three users and groups to two packages. -The ``useradd_base`` class provides basic functionality for user or +The :ref:`useradd_base <ref-classes-useradd>` class provides basic functionality for user or groups settings. -The ``useradd*`` classes support the +The :ref:`useradd* <ref-classes-useradd>` classes support the :term:`USERADD_PACKAGES`, :term:`USERADD_PARAM`, :term:`GROUPADD_PARAM`, and :term:`GROUPMEMS_PARAM` variables. -The ``useradd-staticids`` class supports the addition of users or groups +The :ref:`useradd-staticids <ref-classes-useradd>` class supports the addition of users or groups that have static user identification (``uid``) and group identification (``gid``) values. @@ -3020,7 +3018,7 @@ additional information. .. note:: - You do not use the ``useradd-staticids`` class directly. You either enable + You do not use the :ref:`useradd-staticids <ref-classes-useradd>` class directly. You either enable or disable the class by setting the :term:`USERADDEXTENSION` variable. If you enable or disable the class in a configured system, :term:`TMPDIR` might contain incorrect ``uid`` and ``gid`` values. Deleting the :term:`TMPDIR` @@ -3031,7 +3029,7 @@ additional information. ``utility-tasks.bbclass`` ========================= -The ``utility-tasks`` class provides support for various "utility" type +The :ref:`utility-tasks <ref-classes-utility-tasks>` class provides support for various "utility" type tasks that are applicable to all recipes, such as :ref:`ref-tasks-clean` and :ref:`ref-tasks-listtasks`. @@ -3044,7 +3042,7 @@ This class is enabled by default because it is inherited by the ``utils.bbclass`` ================= -The ``utils`` class provides some useful Python functions that are +The :ref:`utils <ref-classes-utils>` class provides some useful Python functions that are typically used in inline Python expressions (e.g. ``${@...}``). One example use is for ``bb.utils.contains()``. @@ -3056,7 +3054,7 @@ This class is enabled by default because it is inherited by the ``vala.bbclass`` ================ -The ``vala`` class supports recipes that need to build software written +The :ref:`vala <ref-classes-vala>` class supports recipes that need to build software written using the Vala programming language. .. _ref-classes-waf: @@ -3064,7 +3062,7 @@ using the Vala programming language. ``waf.bbclass`` =============== -The ``waf`` class supports recipes that need to build software that uses +The :ref:`waf <ref-classes-waf>` class supports recipes that need to build software that uses the Waf build system. You can use the :term:`EXTRA_OECONF` or :term:`PACKAGECONFIG_CONFARGS` variables diff --git a/poky/documentation/ref-manual/system-requirements.rst b/poky/documentation/ref-manual/system-requirements.rst index acc97c9d08..2a6d444040 100644 --- a/poky/documentation/ref-manual/system-requirements.rst +++ b/poky/documentation/ref-manual/system-requirements.rst @@ -74,12 +74,12 @@ distributions: the supported platforms listed below. - You may use Windows Subsystem For Linux v2 to set up a build host - using Windows 10, but validation is not performed against build - hosts using WSLv2. + using Windows 10 or later, or Windows Server 2019 or later, but validation + is not performed against build hosts using WSL 2. - - The Yocto Project is not compatible with WSLv1, it is - compatible but not officially supported nor validated with - WSLv2, if you still decide to use WSL please upgrade to WSLv2. + See the + :ref:`dev-manual/start:setting up to use windows subsystem for linux (wsl 2)` + section in the Yocto Project Development Tasks Manual for more information. - If you encounter problems, please go to :yocto_bugs:`Yocto Project Bugzilla <>` and submit a bug. We are diff --git a/poky/documentation/set_versions.py b/poky/documentation/set_versions.py index ddf70851cb..efaebe43b5 100755 --- a/poky/documentation/set_versions.py +++ b/poky/documentation/set_versions.py @@ -26,8 +26,8 @@ ourversion = None if len(sys.argv) == 2: ourversion = sys.argv[1] -activereleases = ["kirkstone", "dunfell"] -devbranch = "langdale" +activereleases = ["langdale", "kirkstone", "dunfell"] +devbranch = "mickledore" ltsseries = ["kirkstone", "dunfell"] # used by run-docs-builds to get the default page @@ -36,6 +36,7 @@ if ourversion == "getlatest": sys.exit(0) release_series = collections.OrderedDict() +release_series["mickledore"] = "4.2" release_series["langdale"] = "4.1" release_series["kirkstone"] = "4.0" release_series["honister"] = "3.4" @@ -65,6 +66,7 @@ release_series["laverne"] = "0.9" bitbake_mapping = { + "mickledore" : "2.4", "langdale" : "2.2", "kirkstone" : "2.0", "honister" : "1.52", diff --git a/poky/meta-poky/conf/distro/poky.conf b/poky/meta-poky/conf/distro/poky.conf index 4dc5db4f2e..3e90766349 100644 --- a/poky/meta-poky/conf/distro/poky.conf +++ b/poky/meta-poky/conf/distro/poky.conf @@ -38,7 +38,6 @@ SANITY_TESTED_DISTROS ?= " \ poky-4.1 \n \ ubuntu-18.04 \n \ ubuntu-20.04 \n \ - ubuntu-21.10 \n \ ubuntu-22.04 \n \ fedora-34 \n \ fedora-35 \n \ diff --git a/poky/meta/classes-global/insane.bbclass b/poky/meta/classes-global/insane.bbclass index db34b4bdb5..dc46857a19 100644 --- a/poky/meta/classes-global/insane.bbclass +++ b/poky/meta/classes-global/insane.bbclass @@ -555,7 +555,10 @@ python populate_lic_qa_checksum() { import hashlib lineno = 0 license = [] - m = hashlib.new('MD5', usedforsecurity=False) + try: + m = hashlib.new('MD5', usedforsecurity=False) + except TypeError: + m = hashlib.new('MD5') for line in f: lineno += 1 if (lineno >= beginline): diff --git a/poky/meta/classes-global/sanity.bbclass b/poky/meta/classes-global/sanity.bbclass index 4a403a2590..15067e78d3 100644 --- a/poky/meta/classes-global/sanity.bbclass +++ b/poky/meta/classes-global/sanity.bbclass @@ -865,7 +865,7 @@ def check_sanity_everybuild(status, d): mirror_vars = ['MIRRORS', 'PREMIRRORS', 'SSTATE_MIRRORS'] protocols = ['http', 'ftp', 'file', 'https', \ 'git', 'gitsm', 'hg', 'osc', 'p4', 'svn', \ - 'bzr', 'cvs', 'npm', 'sftp', 'ssh', 's3', 'az', 'ftps'] + 'bzr', 'cvs', 'npm', 'sftp', 'ssh', 's3', 'az', 'ftps', 'crate'] for mirror_var in mirror_vars: mirrors = (d.getVar(mirror_var) or '').replace('\\n', ' ').split() diff --git a/poky/meta/classes-recipe/populate_sdk_base.bbclass b/poky/meta/classes-recipe/populate_sdk_base.bbclass index 0be108ad98..64a4a58bef 100644 --- a/poky/meta/classes-recipe/populate_sdk_base.bbclass +++ b/poky/meta/classes-recipe/populate_sdk_base.bbclass @@ -15,7 +15,7 @@ COMPLEMENTARY_GLOB[staticdev-pkgs] = '*-staticdev' COMPLEMENTARY_GLOB[doc-pkgs] = '*-doc' COMPLEMENTARY_GLOB[dbg-pkgs] = '*-dbg' COMPLEMENTARY_GLOB[src-pkgs] = '*-src' -COMPLEMENTARY_GLOB[ptest-pkgs] = '*-ptest' +COMPLEMENTARY_GLOB[ptest-pkgs] = '*-ptest ptest-runner' COMPLEMENTARY_GLOB[bash-completion-pkgs] = '*-bash-completion' def complementary_globs(featurevar, d): diff --git a/poky/meta/classes-recipe/externalsrc.bbclass b/poky/meta/classes/externalsrc.bbclass index 06a9548a20..06a9548a20 100644 --- a/poky/meta/classes-recipe/externalsrc.bbclass +++ b/poky/meta/classes/externalsrc.bbclass diff --git a/poky/meta/classes/own-mirrors.bbclass b/poky/meta/classes/own-mirrors.bbclass index 2f24ff1830..62258e4160 100644 --- a/poky/meta/classes/own-mirrors.bbclass +++ b/poky/meta/classes/own-mirrors.bbclass @@ -17,4 +17,5 @@ https?://.*/.* ${SOURCE_MIRROR_URL} \ ftp://.*/.* ${SOURCE_MIRROR_URL} \ npm://.*/?.* ${SOURCE_MIRROR_URL} \ s3://.*/.* ${SOURCE_MIRROR_URL} \ +crate://.*/.* ${SOURCE_MIRROR_URL} \ " diff --git a/poky/meta/lib/oe/package_manager/rpm/__init__.py b/poky/meta/lib/oe/package_manager/rpm/__init__.py index 18ec5c895d..fa218485f5 100644 --- a/poky/meta/lib/oe/package_manager/rpm/__init__.py +++ b/poky/meta/lib/oe/package_manager/rpm/__init__.py @@ -98,11 +98,15 @@ class RpmPM(PackageManager): archs = ["sdk_provides_dummy_target"] + archs confdir = "%s/%s" %(self.target_rootfs, "etc/dnf/vars/") bb.utils.mkdirhier(confdir) - open(confdir + "arch", 'w').write(":".join(archs)) + with open(confdir + "arch", 'w') as f: + f.write(":".join(archs)) + distro_codename = self.d.getVar('DISTRO_CODENAME') - open(confdir + "releasever", 'w').write(distro_codename if distro_codename is not None else '') + with open(confdir + "releasever", 'w') as f: + f.write(distro_codename if distro_codename is not None else '') - open(oe.path.join(self.target_rootfs, "etc/dnf/dnf.conf"), 'w').write("") + with open(oe.path.join(self.target_rootfs, "etc/dnf/dnf.conf"), 'w') as f: + f.write("") def _configure_rpm(self): @@ -112,14 +116,17 @@ class RpmPM(PackageManager): platformconfdir = "%s/%s" %(self.target_rootfs, "etc/rpm/") rpmrcconfdir = "%s/%s" %(self.target_rootfs, "etc/") bb.utils.mkdirhier(platformconfdir) - open(platformconfdir + "platform", 'w').write("%s-pc-linux" % self.primary_arch) + with open(platformconfdir + "platform", 'w') as f: + f.write("%s-pc-linux" % self.primary_arch) with open(rpmrcconfdir + "rpmrc", 'w') as f: f.write("arch_compat: %s: %s\n" % (self.primary_arch, self.archs if len(self.archs) > 0 else self.primary_arch)) f.write("buildarch_compat: %s: noarch\n" % self.primary_arch) - open(platformconfdir + "macros", 'w').write("%_transaction_color 7\n") + with open(platformconfdir + "macros", 'w') as f: + f.write("%_transaction_color 7\n") if self.d.getVar('RPM_PREFER_ELF_ARCH'): - open(platformconfdir + "macros", 'a').write("%%_prefer_color %s" % (self.d.getVar('RPM_PREFER_ELF_ARCH'))) + with open(platformconfdir + "macros", 'a') as f: + f.write("%%_prefer_color %s" % (self.d.getVar('RPM_PREFER_ELF_ARCH'))) if self.d.getVar('RPM_SIGN_PACKAGES') == '1': signer = get_signer(self.d, self.d.getVar('RPM_GPG_BACKEND')) @@ -166,13 +173,13 @@ class RpmPM(PackageManager): repo_uri = uri + "/" + arch repo_id = "oe-remote-repo" + "-".join(urlparse(repo_uri).path.split("/")) repo_name = "OE Remote Repo:" + " ".join(urlparse(repo_uri).path.split("/")) - open(oe.path.join(self.target_rootfs, "etc", "yum.repos.d", repo_base + ".repo"), 'a').write( - "[%s]\nname=%s\nbaseurl=%s\n%s\n" % (repo_id, repo_name, repo_uri, gpg_opts)) + with open(oe.path.join(self.target_rootfs, "etc", "yum.repos.d", repo_base + ".repo"), 'a') as f: + f.write("[%s]\nname=%s\nbaseurl=%s\n%s\n" % (repo_id, repo_name, repo_uri, gpg_opts)) else: repo_name = "OE Remote Repo:" + " ".join(urlparse(uri).path.split("/")) repo_uri = uri - open(oe.path.join(self.target_rootfs, "etc", "yum.repos.d", repo_base + ".repo"), 'w').write( - "[%s]\nname=%s\nbaseurl=%s\n%s" % (repo_base, repo_name, repo_uri, gpg_opts)) + with open(oe.path.join(self.target_rootfs, "etc", "yum.repos.d", repo_base + ".repo"), 'w') as f: + f.write("[%s]\nname=%s\nbaseurl=%s\n%s" % (repo_base, repo_name, repo_uri, gpg_opts)) def _prepare_pkg_transaction(self): os.environ['D'] = self.target_rootfs @@ -331,7 +338,8 @@ class RpmPM(PackageManager): return e.output.decode("utf-8") def dump_install_solution(self, pkgs): - open(self.solution_manifest, 'w').write(" ".join(pkgs)) + with open(self.solution_manifest, 'w') as f: + f.write(" ".join(pkgs)) return pkgs def load_old_install_solution(self): @@ -365,7 +373,8 @@ class RpmPM(PackageManager): bb.utils.mkdirhier(target_path) num = self._script_num_prefix(target_path) saved_script_name = oe.path.join(target_path, "%d-%s" % (num, pkg)) - open(saved_script_name, 'w').write(output) + with open(saved_script_name, 'w') as f: + f.write(output) os.chmod(saved_script_name, 0o755) def _handle_intercept_failure(self, registered_pkgs): diff --git a/poky/meta/recipes-bsp/u-boot/u-boot.inc b/poky/meta/recipes-bsp/u-boot/u-boot.inc index f022aed732..5705e5835b 100644 --- a/poky/meta/recipes-bsp/u-boot/u-boot.inc +++ b/poky/meta/recipes-bsp/u-boot/u-boot.inc @@ -5,7 +5,7 @@ PACKAGE_ARCH = "${MACHINE_ARCH}" DEPENDS += "${@bb.utils.contains('UBOOT_ENV_SUFFIX', 'scr', 'u-boot-mkimage-native', '', d)}" -inherit uboot-config uboot-extlinux-config uboot-sign deploy cml1 python3native kernel-arch +inherit uboot-config uboot-extlinux-config uboot-sign deploy python3native kernel-arch DEPENDS += "swig-native" @@ -26,6 +26,13 @@ UBOOT_LOCALVERSION ?= "" require u-boot-configure.inc +do_savedefconfig() { + bbplain "Saving defconfig to:\n${B}/defconfig" + oe_runmake -C ${B} savedefconfig +} +do_savedefconfig[nostamp] = "1" +addtask savedefconfig after do_configure + do_compile () { if [ "${@bb.utils.filter('DISTRO_FEATURES', 'ld-is-gold', d)}" ]; then sed -i 's/$(CROSS_COMPILE)ld$/$(CROSS_COMPILE)ld.bfd/g' ${S}/config.mk diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5.inc b/poky/meta/recipes-connectivity/bluez5/bluez5.inc index 79d4645ca8..f07e318897 100644 --- a/poky/meta/recipes-connectivity/bluez5/bluez5.inc +++ b/poky/meta/recipes-connectivity/bluez5/bluez5.inc @@ -7,6 +7,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=12f884d2ae1ff87c09e5b7ccc2c4ca7e \ file://COPYING.LIB;md5=fb504b67c50331fc78734fed90fb0e09 \ file://src/main.c;beginline=1;endline=24;md5=0ad83ca0dc37ab08af448777c581e7ac" DEPENDS = "dbus glib-2.0" +RDEPENDS:${PN} += "dbus" PROVIDES += "bluez-hcidump" RPROVIDES:${PN} += "bluez-hcidump" diff --git a/poky/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh b/poky/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh index b9cc24a7ac..6f23490c87 100644 --- a/poky/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh +++ b/poky/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh @@ -1 +1,5 @@ export OPENSSL_CONF="$OECORE_NATIVE_SYSROOT/usr/lib/ssl/openssl.cnf" +export SSL_CERT_DIR="$OECORE_NATIVE_SYSROOT/usr/lib/ssl/certs" +export SSL_CERT_FILE="$OECORE_NATIVE_SYSROOT/usr/lib/ssl/certs/ca-certificates.crt" +export OPENSSL_MODULES="$OECORE_NATIVE_SYSROOT/usr/lib/ossl-modules/" +export OPENSSL_ENGINES="$OECORE_NATIVE_SYSROOT/usr/lib/engines-3" diff --git a/poky/meta/recipes-core/dropbear/dropbear_2022.82.bb b/poky/meta/recipes-core/dropbear/dropbear_2022.82.bb index 41c14ff2f1..4ed4c65cc1 100644 --- a/poky/meta/recipes-core/dropbear/dropbear_2022.82.bb +++ b/poky/meta/recipes-core/dropbear/dropbear_2022.82.bb @@ -12,8 +12,6 @@ DEPENDS = "zlib virtual/crypt" RPROVIDES:${PN} = "ssh sshd" RCONFLICTS:${PN} = "openssh-sshd openssh" -DEPENDS += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}" - SRC_URI = "http://matt.ucc.asn.au/dropbear/releases/dropbear-${PV}.tar.bz2 \ file://0001-urandom-xauth-changes-to-options.h.patch \ file://init \ @@ -36,8 +34,6 @@ PAM_PLUGINS = "libpam-runtime \ pam-plugin-permit \ pam-plugin-unix \ " -RDEPENDS:${PN} += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_PLUGINS}', '', d)}" - inherit autotools update-rc.d systemd CVE_PRODUCT = "dropbear_ssh" @@ -51,14 +47,12 @@ SBINCOMMANDS = "dropbear dropbearkey dropbearconvert" BINCOMMANDS = "dbclient ssh scp" EXTRA_OEMAKE = 'MULTI=1 SCPPROGRESS=1 PROGRAMS="${SBINCOMMANDS} ${BINCOMMANDS}"' -PACKAGECONFIG ?= "disable-weak-ciphers" +PACKAGECONFIG ?= "disable-weak-ciphers ${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}" +PACKAGECONFIG[pam] = "--enable-pam,--disable-pam,libpam,${PAM_PLUGINS}" PACKAGECONFIG[system-libtom] = "--disable-bundled-libtom,--enable-bundled-libtom,libtommath libtomcrypt" PACKAGECONFIG[disable-weak-ciphers] = "" PACKAGECONFIG[enable-x11-forwarding] = "" -EXTRA_OECONF += "\ - ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '--enable-pam', '--disable-pam', d)}" - # This option appends to CFLAGS and LDFLAGS from OE # This is causing [textrel] QA warning EXTRA_OECONF += "--disable-harden" diff --git a/poky/meta/recipes-core/glib-2.0/glib-2.0/0001-gio-tests-g-file-info-don-t-assume-million-in-one-ev.patch b/poky/meta/recipes-core/glib-2.0/glib-2.0/0001-gio-tests-g-file-info-don-t-assume-million-in-one-ev.patch new file mode 100644 index 0000000000..c33fa88a76 --- /dev/null +++ b/poky/meta/recipes-core/glib-2.0/glib-2.0/0001-gio-tests-g-file-info-don-t-assume-million-in-one-ev.patch @@ -0,0 +1,51 @@ +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glib/-/merge_requests/2990] +Signed-off-by: Ross Burton <ross.burton@arm.com> + +From 14838522a706ebdcc3cdab661d4c368099fe3a4e Mon Sep 17 00:00:00 2001 +From: Ross Burton <ross.burton@arm.com> +Date: Tue, 6 Jul 2021 19:26:03 +0100 +Subject: [PATCH] gio/tests/g-file-info: don't assume million-in-one events + don't happen + +The access and creation time tests create a file, gets the time in +seconds, then gets the time in microseconds and assumes that the +difference between the two has to be above 0. + +As rare as this may be, it can happen: + +$ stat g-file-info-test-50A450 -c %y +2021-07-06 18:24:56.000000767 +0100 + +Change the test to simply assert that the difference not negative to +handle this case. + +This is the same fix as 289f8b, but that was just modification time. +--- + gio/tests/g-file-info.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/gio/tests/g-file-info.c b/gio/tests/g-file-info.c +index 59411c3a8..a213e4b92 100644 +--- a/gio/tests/g-file-info.c ++++ b/gio/tests/g-file-info.c +@@ -239,7 +239,7 @@ test_g_file_info_access_time (void) + g_assert_nonnull (dt_usecs); + + ts = g_date_time_difference (dt_usecs, dt); +- g_assert_cmpint (ts, >, 0); ++ g_assert_cmpint (ts, >=, 0); + g_assert_cmpint (ts, <, G_USEC_PER_SEC); + + /* Try round-tripping the access time. */ +@@ -316,7 +316,7 @@ test_g_file_info_creation_time (void) + g_assert_nonnull (dt_usecs); + + ts = g_date_time_difference (dt_usecs, dt); +- g_assert_cmpint (ts, >, 0); ++ g_assert_cmpint (ts, >=, 0); + g_assert_cmpint (ts, <, G_USEC_PER_SEC); + + /* Try round-tripping the creation time. */ +-- +2.34.1 + diff --git a/poky/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb b/poky/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb index dd1ea508d2..b5ab6502a3 100644 --- a/poky/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb +++ b/poky/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb @@ -16,6 +16,7 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \ file://0001-Do-not-write-bindir-into-pkg-config-files.patch \ file://0001-meson-Run-atomics-test-on-clang-as-well.patch \ file://0001-gio-tests-resources.c-comment-out-a-build-host-only-.patch \ + file://0001-gio-tests-g-file-info-don-t-assume-million-in-one-ev.patch \ " SRC_URI:append:class-native = " file://relocate-modules.patch" diff --git a/poky/meta/recipes-core/meta/cve-update-db-native.bb b/poky/meta/recipes-core/meta/cve-update-db-native.bb index 944243fce9..9b9dbbd75f 100644 --- a/poky/meta/recipes-core/meta/cve-update-db-native.bb +++ b/poky/meta/recipes-core/meta/cve-update-db-native.bb @@ -18,6 +18,9 @@ NVDCVE_URL ?= "https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-" # Use a negative value to skip the update CVE_DB_UPDATE_INTERVAL ?= "86400" +# Timeout for blocking socket operations, such as the connection attempt. +CVE_SOCKET_TIMEOUT ?= "60" + python () { if not bb.data.inherits_class("cve-check", d): raise bb.parse.SkipRecipe("Skip recipe when cve-check class is not loaded.") @@ -39,6 +42,8 @@ python do_fetch() { db_file = d.getVar("CVE_CHECK_DB_FILE") db_dir = os.path.dirname(db_file) + cve_socket_timeout = int(d.getVar("CVE_SOCKET_TIMEOUT")) + if os.path.exists("{0}-journal".format(db_file)): # If a journal is present the last update might have been interrupted. In that case, # just wipe any leftovers and force the DB to be recreated. @@ -79,7 +84,7 @@ python do_fetch() { # Retrieve meta last modified date try: - response = urllib.request.urlopen(meta_url) + response = urllib.request.urlopen(meta_url, timeout=cve_socket_timeout) except urllib.error.URLError as e: cve_f.write('Warning: CVE db update error, Unable to fetch CVE data.\n\n') bb.warn("Failed to fetch CVE data (%s)" % e.reason) @@ -107,7 +112,7 @@ python do_fetch() { # Update db with current year json file try: - response = urllib.request.urlopen(json_url) + response = urllib.request.urlopen(json_url, timeout=cve_socket_timeout) if response: update_db(conn, gzip.decompress(response.read()).decode('utf-8')) conn.execute("insert or replace into META values (?, ?)", [year, last_modified]).close() diff --git a/poky/meta/recipes-core/psplash/psplash_git.bb b/poky/meta/recipes-core/psplash/psplash_git.bb index edc0ac1d89..9532ed1534 100644 --- a/poky/meta/recipes-core/psplash/psplash_git.bb +++ b/poky/meta/recipes-core/psplash/psplash_git.bb @@ -58,7 +58,7 @@ python __anonymous() { d.setVarFlag("ALTERNATIVE_TARGET_%s" % ep, 'psplash', '${bindir}/%s' % p) d.appendVar("RDEPENDS:%s" % ep, " %s" % pn) if p == "psplash-default": - d.appendVar("RRECOMMENDS:%s" % pn, " %s" % ep) + d.appendVar("RDEPENDS:%s" % pn, " %s" % ep) } S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-core/zlib/zlib_1.2.12.bb b/poky/meta/recipes-core/zlib/zlib_1.2.12.bb index b999f13530..2491cb941f 100644 --- a/poky/meta/recipes-core/zlib/zlib_1.2.12.bb +++ b/poky/meta/recipes-core/zlib/zlib_1.2.12.bb @@ -6,7 +6,8 @@ SECTION = "libs" LICENSE = "Zlib" LIC_FILES_CHKSUM = "file://zlib.h;beginline=6;endline=23;md5=5377232268e952e9ef63bc555f7aa6c0" -SRC_URI = "https://zlib.net/${BP}.tar.xz \ +# The source tarball needs to be .gz as only the .gz ends up in fossils/ +SRC_URI = "https://zlib.net/${BP}.tar.gz \ file://cc.patch \ file://ldflags-tests.patch \ file://0001-configure-Pass-LDFLAGS-to-link-tests.patch \ @@ -17,7 +18,11 @@ SRC_URI = "https://zlib.net/${BP}.tar.xz \ " UPSTREAM_CHECK_URI = "http://zlib.net/" -SRC_URI[sha256sum] = "7db46b8d7726232a621befaab4a1c870f00a90805511c0e0090441dac57def18" +SRC_URI[sha256sum] = "91844808532e5ce316b3c010929493c0244f3d37593afd6de04f71821d5136d9" + +# When a new release is made the previous release is moved to fossils/, so add this +# to PREMIRRORS so it is also searched automatically. +PREMIRRORS:append = " https://zlib.net/ https://zlib.net/fossils/" CFLAGS += "-D_REENTRANT" diff --git a/poky/meta/recipes-devtools/gcc/gcc/0002-gcc-poison-system-directories.patch b/poky/meta/recipes-devtools/gcc/gcc/0002-gcc-poison-system-directories.patch index bfec4477c1..5aa635b3d4 100644 --- a/poky/meta/recipes-devtools/gcc/gcc/0002-gcc-poison-system-directories.patch +++ b/poky/meta/recipes-devtools/gcc/gcc/0002-gcc-poison-system-directories.patch @@ -1,4 +1,4 @@ -From e1dbdcd0ea667bab4b551294354e04c6fe288ab6 Mon Sep 17 00:00:00 2001 +From 99f1e61b2957226254a116fde7fd73bf07034012 Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@gmail.com> Date: Mon, 8 Mar 2021 16:04:20 -0800 Subject: [PATCH] gcc: poison-system-directories @@ -20,12 +20,12 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com> gcc/configure | 19 +++++++++++++++++++ gcc/configure.ac | 16 ++++++++++++++++ gcc/doc/invoke.texi | 9 +++++++++ - gcc/gcc.cc | 9 +++++++-- + gcc/gcc.cc | 15 ++++++++++++--- gcc/incpath.cc | 21 +++++++++++++++++++++ - 7 files changed, 86 insertions(+), 2 deletions(-) + 7 files changed, 91 insertions(+), 3 deletions(-) diff --git a/gcc/common.opt b/gcc/common.opt -index 8a0dafc522d..0357868e22c 100644 +index 8a0dafc52..0357868e2 100644 --- a/gcc/common.opt +++ b/gcc/common.opt @@ -710,6 +710,10 @@ Wreturn-local-addr @@ -40,7 +40,7 @@ index 8a0dafc522d..0357868e22c 100644 Common Var(warn_shadow) Warning Warn when one variable shadows another. Same as -Wshadow=global. diff --git a/gcc/config.in b/gcc/config.in -index 64c27c9cfac..a693cb8a886 100644 +index 64c27c9cf..a693cb8a8 100644 --- a/gcc/config.in +++ b/gcc/config.in @@ -230,6 +230,16 @@ @@ -61,7 +61,7 @@ index 64c27c9cfac..a693cb8a886 100644 optimizer and back end) to be checked for dynamic type safety at runtime. This is quite expensive. */ diff --git a/gcc/configure b/gcc/configure -index 5ce0557719a..dc2d59701ad 100755 +index 2b83acfb0..8bb97578c 100755 --- a/gcc/configure +++ b/gcc/configure @@ -1023,6 +1023,7 @@ enable_maintainer_mode @@ -81,7 +81,7 @@ index 5ce0557719a..dc2d59701ad 100755 --enable-plugin enable plugin support --enable-host-shared build host code as shared libraries --disable-libquadmath-support -@@ -31982,6 +31985,22 @@ if test "${enable_version_specific_runtime_libs+set}" = set; then : +@@ -31996,6 +31999,22 @@ if test "${enable_version_specific_runtime_libs+set}" = set; then : fi @@ -105,10 +105,10 @@ index 5ce0557719a..dc2d59701ad 100755 diff --git a/gcc/configure.ac b/gcc/configure.ac -index 23bee7010a3..36ce78924de 100644 +index daf2a708c..6155b83a7 100644 --- a/gcc/configure.ac +++ b/gcc/configure.ac -@@ -7421,6 +7421,22 @@ AC_ARG_ENABLE(version-specific-runtime-libs, +@@ -7435,6 +7435,22 @@ AC_ARG_ENABLE(version-specific-runtime-libs, [specify that runtime libraries should be installed in a compiler-specific directory])]) @@ -132,7 +132,7 @@ index 23bee7010a3..36ce78924de 100644 AC_SUBST(subdirs) AC_SUBST(srcdir) diff --git a/gcc/doc/invoke.texi b/gcc/doc/invoke.texi -index 07b440190c3..b2de464798a 100644 +index ff6c338be..a8ebfa59a 100644 --- a/gcc/doc/invoke.texi +++ b/gcc/doc/invoke.texi @@ -379,6 +379,7 @@ Objective-C and Objective-C++ Dialects}. @@ -159,10 +159,10 @@ index 07b440190c3..b2de464798a 100644 @opindex Wfloat-equal @opindex Wno-float-equal diff --git a/gcc/gcc.cc b/gcc/gcc.cc -index bb07cc244e3..ce161d3c853 100644 +index beefde7f6..4e6557b3c 100644 --- a/gcc/gcc.cc +++ b/gcc/gcc.cc -@@ -1159,6 +1159,8 @@ proper position among the other output files. */ +@@ -1162,6 +1162,8 @@ proper position among the other output files. */ "%{fuse-ld=*:-fuse-ld=%*} " LINK_COMPRESS_DEBUG_SPEC \ "%X %{o*} %{e*} %{N} %{n} %{r}\ %{s} %{t} %{u*} %{z} %{Z} %{!nostdlib:%{!r:%{!nostartfiles:%S}}} \ @@ -171,7 +171,7 @@ index bb07cc244e3..ce161d3c853 100644 %{static|no-pie|static-pie:} %@{L*} %(mfwrap) %(link_libgcc) " \ VTABLE_VERIFICATION_SPEC " " SANITIZER_EARLY_SPEC " %o "" \ %{fopenacc|fopenmp|%:gt(%{ftree-parallelize-loops=*:%*} 1):\ -@@ -1254,8 +1256,11 @@ static const char *cpp_unique_options = +@@ -1257,8 +1259,11 @@ static const char *cpp_unique_options = static const char *cpp_options = "%(cpp_unique_options) %1 %{m*} %{std*&ansi&trigraphs} %{W*&pedantic*} %{w}\ %{f*} %{g*:%{%:debug-level-gt(0):%{g*}\ @@ -179,27 +179,27 @@ index bb07cc244e3..ce161d3c853 100644 - %{undef} %{save-temps*:-fpch-preprocess}"; + %{!fno-working-directory:-fworking-directory}}} %{O*}" +#ifdef POISON_BY_DEFAULT -+ " -Werror=poison-system-directories" ++ " %{!Wno-error=poison-system-directories:-Werror=poison-system-directories}" +#endif + " %{undef} %{save-temps*:-fpch-preprocess}"; /* Pass -d* flags, possibly modifying -dumpdir, -dumpbase et al. -@@ -1265,7 +1270,11 @@ static const char *cc1_options = +@@ -1287,7 +1292,11 @@ static const char *cc1_options = %{coverage:-fprofile-arcs -ftest-coverage}\ %{fprofile-arcs|fprofile-generate*|coverage:\ %{!fprofile-update=single:\ - %{pthread:-fprofile-update=prefer-atomic}}}"; + %{pthread:-fprofile-update=prefer-atomic}}}" +#ifdef POISON_BY_DEFAULT -+ " -Werror=poison-system-directories" ++ " %{!Wno-error=poison-system-directories:-Werror=poison-system-directories}" +#endif + ; - + static const char *asm_options = "%{-target-help:%:print-asm-header()} " diff --git a/gcc/incpath.cc b/gcc/incpath.cc -index bd2a97938eb..c80f100f476 100644 +index 622204a38..5ac03c086 100644 --- a/gcc/incpath.cc +++ b/gcc/incpath.cc @@ -26,6 +26,7 @@ diff --git a/poky/meta/recipes-devtools/opkg-utils/opkg-utils_0.5.0.bb b/poky/meta/recipes-devtools/opkg-utils/opkg-utils_0.5.0.bb index e72c171b92..b27e3ded33 100644 --- a/poky/meta/recipes-devtools/opkg-utils/opkg-utils_0.5.0.bb +++ b/poky/meta/recipes-devtools/opkg-utils/opkg-utils_0.5.0.bb @@ -7,12 +7,12 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f \ file://opkg.py;beginline=2;endline=18;md5=ffa11ff3c15eb31c6a7ceaa00cc9f986" PROVIDES += "${@bb.utils.contains('PACKAGECONFIG', 'update-alternatives', 'virtual/update-alternatives', '', d)}" -SRC_URI = "http://git.yoctoproject.org/cgit/cgit.cgi/${BPN}/snapshot/${BPN}-${PV}.tar.gz \ +SRC_URI = "git://git.yoctoproject.org/opkg-utils;protocol=https;branch=master \ file://0001-update-alternatives-correctly-match-priority.patch \ " -UPSTREAM_CHECK_URI = "http://git.yoctoproject.org/cgit/cgit.cgi/opkg-utils/refs/" +SRCREV = "9239541f14a2529b9d01c0a253ab11afa2822dab" -SRC_URI[sha256sum] = "55733c0f8ffde2bb4f9593cfd66a1f68e6a2f814e8e62f6fd78472911c818c32" +S = "${WORKDIR}/git" TARGET_CC_ARCH += "${LDFLAGS}" diff --git a/poky/meta/recipes-extended/lighttpd/lighttpd/CVE-2022-41556.patch b/poky/meta/recipes-extended/lighttpd/lighttpd/CVE-2022-41556.patch new file mode 100644 index 0000000000..284a5a3ea9 --- /dev/null +++ b/poky/meta/recipes-extended/lighttpd/lighttpd/CVE-2022-41556.patch @@ -0,0 +1,31 @@ +CVE: CVE-2022-41556 +Upstream-Status: Backport +Signed-off-by: Ross Burton <ross.burton@arm.com> + +From b18de6f9264f914f7bf493abd3b6059343548e50 Mon Sep 17 00:00:00 2001 +From: Glenn Strauss <gstrauss@gluelogic.com> +Date: Sun, 11 Sep 2022 22:31:34 -0400 +Subject: [PATCH] [core] handle RDHUP when collecting chunked body + +handle RDHUP as soon as RDHUP detected when collecting HTTP/1.1 chunked +request body (and when not streaming request body to backend) + +x-ref: + https://github.com/lighttpd/lighttpd1.4/pull/115 +--- + src/gw_backend.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/gw_backend.c b/src/gw_backend.c +index df9d8217..5db56287 100644 +--- a/src/gw_backend.c ++++ b/src/gw_backend.c +@@ -2228,7 +2228,7 @@ handler_t gw_handle_subrequest(request_st * const r, void *p_d) { + * and module is flagged to stream request body to backend) */ + return (r->conf.stream_request_body & FDEVENT_STREAM_REQUEST) + ? http_response_reqbody_read_error(r, 411) +- : HANDLER_WAIT_FOR_EVENT; ++ : (rc == HANDLER_GO_ON) ? HANDLER_WAIT_FOR_EVENT : rc; + } + + if (hctx->wb_reqlen < -1 && r->reqbody_length >= 0) { diff --git a/poky/meta/recipes-extended/lighttpd/lighttpd_1.4.66.bb b/poky/meta/recipes-extended/lighttpd/lighttpd_1.4.66.bb index 801162867c..78978105b2 100644 --- a/poky/meta/recipes-extended/lighttpd/lighttpd_1.4.66.bb +++ b/poky/meta/recipes-extended/lighttpd/lighttpd_1.4.66.bb @@ -14,6 +14,7 @@ RRECOMMENDS:${PN} = "lighttpd-module-access \ lighttpd-module-accesslog" SRC_URI = "http://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-${PV}.tar.xz \ + file://CVE-2022-41556.patch \ file://index.html.lighttpd \ file://lighttpd.conf \ file://lighttpd \ diff --git a/poky/meta/recipes-kernel/linux/linux-yocto.inc b/poky/meta/recipes-kernel/linux/linux-yocto.inc index 7ea661e138..091003ed82 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto.inc +++ b/poky/meta/recipes-kernel/linux/linux-yocto.inc @@ -33,6 +33,7 @@ KERNEL_LD:append:arc = " ${TOOLCHAIN_OPTIONS}" KERNEL_FEATURES:append:qemuall=" features/debug/printk.scc" +KERNEL_FEATURES:append = " ${@bb.utils.contains('MACHINE_FEATURES', 'efi', 'cfg/efi.scc', '', d)}" KERNEL_FEATURES:append = " ${@bb.utils.contains('MACHINE_FEATURES', 'numa', 'features/numa/numa.scc', '', d)}" KERNEL_FEATURES:append = " ${@bb.utils.contains('MACHINE_FEATURES', 'vfat', 'cfg/fs/vfat.scc', '', d)}" diff --git a/poky/meta/recipes-kernel/perf/perf.bb b/poky/meta/recipes-kernel/perf/perf.bb index 2591171eca..5b2f5956a6 100644 --- a/poky/meta/recipes-kernel/perf/perf.bb +++ b/poky/meta/recipes-kernel/perf/perf.bb @@ -13,7 +13,7 @@ PR = "r9" PACKAGECONFIG ??= "scripting tui libunwind" PACKAGECONFIG[dwarf] = ",NO_DWARF=1" -PACKAGECONFIG[scripting] = ",NO_LIBPERL=1 NO_LIBPYTHON=1,perl python3" +PACKAGECONFIG[scripting] = ",NO_LIBPERL=1 NO_LIBPYTHON=1,perl python3 python3-setuptools-native" # gui support was added with kernel 3.6.35 # since 3.10 libnewt was replaced by slang # to cover a wide range of kernel we add both dependencies diff --git a/poky/meta/recipes-support/gnutls/gnutls_3.7.7.bb b/poky/meta/recipes-support/gnutls/gnutls_3.7.7.bb index 01fd4dba3d..c7d782e4eb 100644 --- a/poky/meta/recipes-support/gnutls/gnutls_3.7.7.bb +++ b/poky/meta/recipes-support/gnutls/gnutls_3.7.7.bb @@ -8,7 +8,7 @@ LICENSE = "GPL-3.0-or-later & LGPL-2.1-or-later" LICENSE:${PN} = "LGPL-2.1-or-later" LICENSE:${PN}-xx = "LGPL-2.1-or-later" LICENSE:${PN}-bin = "GPL-3.0-or-later" -LICENSE:${PN}-OpenSSL = "GPL-3.0-or-later" +LICENSE:${PN}-openssl = "GPL-3.0-or-later" LIC_FILES_CHKSUM = "file://LICENSE;md5=71391c8e0c1cfe68077e7fce3b586283 \ file://doc/COPYING;md5=c678957b0c8e964aa6c70fd77641a71e \ diff --git a/poky/scripts/install-buildtools b/poky/scripts/install-buildtools index 10c3d043de..2218f3ffac 100755 --- a/poky/scripts/install-buildtools +++ b/poky/scripts/install-buildtools @@ -57,8 +57,8 @@ logger = scriptutils.logger_create(PROGNAME, stream=sys.stdout) DEFAULT_INSTALL_DIR = os.path.join(os.path.split(scripts_path)[0],'buildtools') DEFAULT_BASE_URL = 'http://downloads.yoctoproject.org/releases/yocto' -DEFAULT_RELEASE = 'yocto-3.4' -DEFAULT_INSTALLER_VERSION = '3.4' +DEFAULT_RELEASE = 'yocto-4.1' +DEFAULT_INSTALLER_VERSION = '4.1' DEFAULT_BUILDDATE = '202110XX' # Python version sanity check @@ -154,6 +154,8 @@ def main(): group.add_argument('--without-extended-buildtools', action='store_false', dest='with_extended_buildtools', help='disable extended buildtools (traditional buildtools tarball)') + group.add_argument('--make-only', action='store_true', + help='only install make tarball') group = parser.add_mutually_exclusive_group() group.add_argument('-c', '--check', help='enable checksum validation', default=True, action='store_true') @@ -170,6 +172,9 @@ def main(): args = parser.parse_args() + if args.make_only: + args.with_extended_buildtools = False + if args.debug: logger.setLevel(logging.DEBUG) elif args.quiet: @@ -197,7 +202,10 @@ def main(): if not args.build_date: logger.error("Milestone installers require --build-date") else: - if args.with_extended_buildtools: + if args.make_only: + filename = "%s-buildtools-make-nativesdk-standalone-%s-%s.sh" % ( + arch, args.installer_version, args.build_date) + elif args.with_extended_buildtools: filename = "%s-buildtools-extended-nativesdk-standalone-%s-%s.sh" % ( arch, args.installer_version, args.build_date) else: @@ -207,6 +215,8 @@ def main(): buildtools_url = "%s/milestones/%s/buildtools/%s" % (base_url, args.release, safe_filename) # regular release SDK else: + if args.make_only: + filename = "%s-buildtools-make-nativesdk-standalone-%s.sh" % (arch, args.installer_version) if args.with_extended_buildtools: filename = "%s-buildtools-extended-nativesdk-standalone-%s.sh" % (arch, args.installer_version) else: @@ -303,7 +313,9 @@ def main(): if args.with_extended_buildtools and not m: logger.info("Ignoring --with-extended-buildtools as filename " "does not contain 'extended'") - if args.with_extended_buildtools and m: + if args.make_only: + tool = 'make' + elif args.with_extended_buildtools and m: tool = 'gcc' else: tool = 'tar' diff --git a/poky/scripts/oe-check-sstate b/poky/scripts/oe-check-sstate index f4cc5869de..4187e77458 100755 --- a/poky/scripts/oe-check-sstate +++ b/poky/scripts/oe-check-sstate @@ -18,7 +18,6 @@ import re scripts_path = os.path.dirname(os.path.realpath(__file__)) lib_path = scripts_path + '/lib' sys.path = sys.path + [lib_path] -import scriptutils import scriptpath scriptpath.add_bitbake_lib_path() import argparse_oe @@ -51,11 +50,8 @@ def check(args): env['TMPDIR:forcevariable'] = tmpdir try: - output = subprocess.check_output( - 'bitbake -n %s' % ' '.join(args.target), - stderr=subprocess.STDOUT, - env=env, - shell=True) + cmd = ['bitbake', '--dry-run', '--runall=build'] + args.target + output = subprocess.check_output(cmd, stderr=subprocess.STDOUT, env=env) task_re = re.compile('NOTE: Running setscene task [0-9]+ of [0-9]+ \(([^)]+)\)') tasks = [] |
