subtree updates oct 3 2023mickledore

poky: fc25449687..a61e021c65: Alberto Planas (1): bitbake.conf: add unzstd in HOSTTOOLS Alejandro Hernandez Samaniego (2): baremetal-helloworld: Update SRCREV to fix entry addresses for ARM architectures baremetal-helloworld: Fix race condition Alex Kiernan (2): rootfs: Add debugfs package db file copy and cleanup rpm: Pick debugfs package db files/dirs explicitly Alexander Kanavin (35): maintaines.inc: unassign Richard Weinberger from erofs-utils entry maintainers.inc: unassign Andreas Müller from itstool entry maintainers.inc: unassign Pascal Bach from cmake entry maintainers.inc: correct unassigned entries maintainers.inc: correct Carlos Rafael Giani's email address apr: upgrade 1.7.3 -> 1.7.4 scripts/runqemu: split lock dir creation into a reusable function scripts/runqemu: allocate unfsd ports in a way that doesn't race or clash with unrelated processes qemu: a pending patch was submitted and accepted upstream maintainers.inc: unassign Adrian Bunk from wireless-regdb maintainers.inc: unassign Alistair Francis from opensbi maintainers.inc: unassign Chase Qi from libc-test maintainers.inc: unassign Oleksandr Kravchuk from python3 and all other items maintainers.inc: unassign Ricardo Neri from ovmf grub: submit determinism.patch upstream gawk: upgrade 5.2.1 -> 5.2.2 gnupg: upgrade 2.4.0 -> 2.4.2 libx11: upgrade 1.8.4 -> 1.8.5 linux-firmware: upgrade 20230404 -> 20230515 serf: upgrade 1.3.9 -> 1.3.10 wget: upgrade 1.21.3 -> 1.21.4 wireless-regdb: upgrade 2023.02.13 -> 2023.05.03 gdb: upgrade 13.1 -> 13.2 sysfsutils: fetch a supported fork from github diffutils: update 3.9 -> 3.10 libproxy: fetch from git cargo.bbclass: set up cargo environment in common do_compile rust-common.bbclass: move musl-specific linking fix from rust-source.inc Revert "rootfs-postcommands.bbclass: add post func remove_unused_dnf_log_lock" ref-manual: document image-specific variant of INCOMPATIBLE_LICENSE glibc-locale: use stricter matching for metapackages' runtime dependencies devtool/upgrade: raise an error if extracting source produces more than one directory curl: ensure all ptest failures are caught python3: upgrade 3.11.2 -> 3.11.3 python3: update 3.11.3 -> 3.11.4 Alexis Lothoré (2): scripts/resulttool: add mention about new detected tests oeqa/utils/gitarchive: fix tag computation when creating archive Andrej Valek (2): busybox: 1.36.0 -> 1.36.1 maintainers.inc: Modify email address Anuj Mittal (7): gstreamer1.0: upgrade 1.22.2 -> 1.22.3 selftest/cases/glibc.py: fix the override syntax glibc/check-test-wrapper: don't emit warnings from ssh selftest/cases/glibc.py: increase the memory for testing oeqa/utils/nfs: allow requesting non-udp ports selftest/cases/glibc.py: switch to using NFS over TCP gstreamer1.0: upgrade 1.22.4 -> 1.22.5 Archana Polampalli (3): qemu: fix CVE-2023-0330 bind: upgrade 9.18.15 -> 9.18.16 vim: upgrade 9.0.1592 -> 9.0.1664 BELOUARGA Mohamed (2): meta: lib: oe: npm_registry: Add more safe caracters linux-firmware : Add firmware of RTL8822 serie Benjamin Bouvier (1): util-linux: add alternative links for ipcs,ipcrm Bruce Ashfield (33): linux-yocto/6.1: update to v6.1.26 linux-yocto/6.1: update to v6.1.27 linux-yocto/6.1: update to v6.1.28 linux-yocto/6.1: update to v6.1.29 linux-yocto/6.1: update to v6.1.30 linux-yocto/6.1: update to v6.1.31 linux-yocto/6.1: update to v6.1.32 linux-yocto/5.15: update to v5.15.114 linux-yocto/5.15: update to v5.15.115 linux-yocto/5.15: update to v5.15.116 linux-yocto/5.15: update to v5.15.117 linux-yocto/5.15: update to v5.15.118 linux-yocto/5.15: cfg: fix DECNET configuration warning linux-yocto/6.1: update to v6.1.33 linux-yocto/6.1: fix intermittent x86 boot hangs linux-yocto/6.1: update to v6.1.34 linux-yocto/6.1: update to v6.1.35 linux-yocto/5.15: update to v5.15.119 linux-yocto/5.15: update to v5.15.120 linux-yocto/6.1: update to v6.1.36 linux-yocto/6.1: update to v6.1.37 linux-yocto/6.1: update to v6.1.38 linux-yocto/5.15: update to v5.15.122 linux-yocto/5.15: update to v5.15.123 linux-yocto/5.15: update to v5.15.124 linux-yocto/6.1: cfg: update ima.cfg to match current meta-integrity linux-yocto/6.1: update to v6.1.41 linux-yocto/6.1: update to v6.1.43 linux-yocto/6.1: update to v6.1.44 linux-yocto/6.1: update to v6.1.45 linux-yocto/6.1: fix uninitialized read in nohz_full/isolcpus setup linux-yocto/6.1: update to v6.1.46 linux-yocto/6.1: fix IRQ-80 warnings Changqing Li (4): systemd: fix a dead link under /var/log dnf: only write the log lock to root for native dnf rootfs-postcommands.bbclass: add post func remove_unused_dnf_log_lock erofs-utils: fix CVE-2023-33551/CVE-2023-33552 Charlie Wu (1): devtool: Fix the wrong variable in srcuri_entry Chee Yang Lee (6): python3-requests: fix CVE-2023-32681 curl: fix CVE-2023-32001 ghostscript: fix CVE-2023-38559 librsvg: upgrade to 2.54.6 libssh2: fix CVE-2020-22218 python3: update to 3.11.5 Chen Qi (13): cmake.bbclass: do not search host paths for find_program() qemurunner.py: fix error message about qmp sdk.py: error out when moving file fails sdk.py: fix moving dnf contents rpm: write macros under libdir zip: fix configure check by using _Static_assert zip: remove unnecessary LARGE_FILE_SUPPORT CLFAGS unzip: fix configure check for cross compilation unzip: remove hardcoded LARGE_FILE_SUPPORT ncurses: fix CVE-2023-29491 cmake.bbclass: fix allarch override syntax multilib.conf: explicitly make MULTILIB_VARIANTS vardeps on MULTILIBS gcc-crosssdk: ignore MULTILIB_VARIANTS in signature computation Daniel Semkowicz (1): dev-manual: wic.rst: Update native tools build command Deepthi Hemraj (2): glibc: stable 2.37 branch updates. binutils: stable 2.40 branch updates Denys Dmytriyenko (1): binutils: move packaging of gprofng static lib into common .inc Dmitry Baryshkov (3): openssl: fix building on riscv32 linux-firmware: package firmare for Dragonboard 410c linux-firmware: split platform-specific Adreno shaders to separate packages Ed Beroset (1): ref-manual: add clarification for SRCREV Enrico Scholz (1): shadow-sysroot: add license information Etienne Cordonnier (2): libxcrypt: fix hard-coded ".so" extension vim: update obsolete comment Fabien Mahot (2): useradd-example: package typo correction oeqa/selftest/bbtests: add non-existent prefile/postfile tests Frieder Paape (1): image_types: Fix reproducible builds for initramfs and UKI img Frieder Schrempf (1): psmisc: Set ALTERNATIVE for pstree to resolve conflict with busybox Hannu Lounento (1): profile-manual: fix blktrace remote usage instructions Ian Ray (1): systemd-systemctl: support instance expansion in WantedBy Jaeyoon Jung (1): cml1: Fix KCONFIG_CONFIG_COMMAND not conveyed fully in do_menuconfig Jermain Horsman (1): logrotate: Do not create logrotate.status file Joe Slater (1): ghostscript: fix CVE-2023-36664 Joel Stanley (1): kernel: don't fail if Modules.symvers doesn't exist Jose Quaresma (8): kernel: config modules directories are handled by kernel-module-split kernel-module-split: install config modules directories only when they are needed kernel-module-split: use context manager to open files kernel-module-split: make autoload and probeconf distribution specific kernel-module-split add systemd modulesloaddir and modprobedir config openssl: add PERLEXTERNAL path to test its existence openssl: use a glob on the PERLEXTERNAL to track updates on the path go: update 1.20.5 -> 1.20.6 Julien Stephan (1): automake: fix buildtest patch Jörg Sommer (2): runqemu-gen-tapdevs: Refactoring runqemu-ifupdown/get-tapdevs: Add support for ip tuntap Kai Kang (4): pm-utils: fix multilib conflictions webkitgtk: 2.38.5 -> 2.38.6 webkitgtk: fix CVE-2023-32439 webkitgtk: fix CVE-2023-32435 Khem Raj (10): systemd: Drop a backport perf: Make built-in libtraceevent plugins cohabit with external libtraceevent glibc: Pass linker choice via compiler flags babeltrace2: Always use BFD linker when building tests with ld-is-lld distro feature parted: Add missing libuuid to linker cmdline for libparted-fs-resize.so rpcsvc-proto: Upgrade to 1.4.4 libxml2: Do not use lld linker when building with tests on rv64 python3-bcrypt: Use BFD linker when building tests meson.bbclass: Point to llvm-config from native sysroot build-sysroots: Add SUMMARY field Lee Chee Yang (7): migration-guides: add release notes for 4.0.10 migration-guides: add release notes for 4.0.11 migration-guides: add release notes for 4.2.2 migration-guides: add release notes for 4.2.3 migration-guides: add release notes for 4.0.12 bind: update to 9.18.19 ffmpeg: 5.1.2 -> 5.1.3 Marc Ferland (1): connman: fix warning by specifying runstatedir at configure time Marek Vasut (1): linux-firmware: Fix mediatek mt7601u firmware path Mark Hatle (1): tcf-agent: Update to 1.8.0 release Markus Niebel (1): wic: fix wrong attempt to create file system in upartitioned regions Markus Volk (3): ell: upgrade 0.56 -> 0.57 gtk4: upgrade 4.10.3 -> 4.10.4 gtk4: upgrade 4.10.4 -> 4.10.5 Martin Jansa (8): libx11: remove unused patch and FILESEXTRAPATHS qemu: remove unused qemu-7.0.0-glibc-2.36.patch minicom: remove unused patch files inetutils: remove unused patch files libgloss: remove unused patch file kmod: remove unused ptest.patch tcl: prevent installing another copy of tzdata gcc: backport a fix for ICE caused by CVE-2023-4039.patch Michael Halstead (4): resulttool/resultutils: allow index generation despite corrupt json yocto-uninative: Update hashes for uninative 4.1 yocto-uninative: Update to 4.2 for glibc 2.38 yocto-uninative: Update to 4.3 Michael Opdenacker (13): ref-manual: releases.svg: updates conf.py: add macro for Mitre CVE links ref-manual: LTS releases now supported for 4 years poky.conf: update SANITY_TESTED_DISTROS to match autobuilder scripts/create-pull-request: update URLs to git repositories ref-manual: system-requirements: update supported distros manuals: add new contributor guide dev-manual: disk-space: mention faster "find" command to trim sstate cache sdk-manual: extensible.rst: fix multiple formatting issues dev-manual: disk-space: improve wording for obsolete sstate cache files dev-manual: new-recipe.rst fix inconsistency with contributor guide contributor-guide: recipe-style-guide: add Upstream-Status dev-manual: licenses: mention SPDX for license compliance Mikko Rapeli (1): useradd-staticids.bbclass: improve error message Mingli Yu (5): curl: fix CVE-2023-28319 through CVE-2023-28322 python3-numpy: remove NPY_INLINE, use inline instead acpica: Update SRC_URI cups: Fix CVE-2023-34241 ruby: Fix CVE-2023-36617 Narpat Mali (5): python3-certifi: upgrade 2022.12.7 -> 2023.7.22 ffmpeg: add CVE_CHECK_IGNORE for CVE-2023-39018 python3-git: upgrade 3.1.31 -> 3.1.32 python3-pygments: fix for CVE-2022-40896 python3-git: upgrade 3.1.32 -> 3.1.37 Natasha Bailey (1): tiff: backport a fix for CVE-2023-2731 Oleksandr Hnatiuk (2): file: return wrapper to fix builds when file is in buildtools-tarball file: fix the way path is written to environment-setup.d Ovidiu Panait (7): mdadm: fix util-linux ptest dependency mdadm: fix 07revert-inplace ptest mdadm: fix segfaults when running ptests mdadm: skip running known broken ptests mdadm: re-add mdadm-ptest to PTESTS_SLOW mdadm: add util-linux-blockdev ptest dependency mdadm: skip running 04update-uuid and 07revert-inplace testcases Peter Marko (7): cve-update-nvd2-native: fix cvssV3 metrics cve-update-nvd2-native: retry all errors and sleep between retries cve-update-nvd2-native: increase retry count libjpeg-turbo: patch CVE-2023-2804 python3: ignore CVE-2023-36632 libarchive: ignore CVE-2023-30571 openssl: Upgrade 3.1.1 -> 3.1.2 Peter Suti (1): externalsrc: fix dependency chain issues Poonam Jadhav (1): pixman: Remove duplication of license MIT Quentin Schulz (3): docs: bsp-guide: bsp: fix typo docs: ref-manual: terms: fix typos in SPDX term uboot-extlinux-config.bbclass: fix old override syntax in comment Randolph Sapp (6): weston-init: make sure the render group exists weston-init: add weston user to the render group weston-init: add the weston user to the wayland group weston-init: fix the mixed indentation weston-init: guard against systemd configs weston-init: add profile to point users to global socket Richard Purdie (24): selftest/license: Exclude from world layer.conf: Add missing dependency exclusion v86d: Improve kernel dependency strace: Disable failing test bitbake: runqueue: Fix deferred task/multiconfig race issue strace: Merge two similar patches strace: Update patches/tests with upstream fixes ptest-runner: Pull in sync fix to improve log warnings ptest-runner: Ensure data writes don't race ptest-runner: Pull in "runner: Remove threads and mutexes" fix gcc-testsuite: Fix ppc cpu specification ptest-runner: Pull in parallel test fixes and output handling glibc-testsuite: Fix network restrictions causing test failures oeqa/target/ssh: Ensure EAGAIN doesn't truncate output oeqa/runtime/ltp: Increase ltp test output timeout ltp: Add kernel loopback module dependency target/ssh: Ensure exit code set for commands oeqa/ssh: Further improve process exit handling pseudo: Fix to work with glibc 2.38 lib/package_manager: Improve repo artefact filtering gnupg: Fix reproducibility failure resulttool/report: Avoid divide by zero build-sysroots: Ensure dependency chains are minimal vim: Upgrade 9.0.1664 -> 9.0.1894 Riyaz Khan (1): openssh: Remove BSD-4-clause contents completely from codebase Roland Hieber (2): template: fix typo in section header ref-manual: point outdated link to the new location Ross Burton (24): ninja: ignore CVE-2021-4336, wrong ninja binutils: fix CVE-2023-1972 pkgconf: upgrade 1.9.4 -> 1.9.5 git: upgrade to 2.39.3 gobject-introspection: remove obsolete DEPENDS cve-update-nvd2-native: handle all configuration nodes, not just first cve-update-nvd2-native: use exact times, don't truncate cve-update-nvd2-native: log a little more cve-update-nvd2-native: actually use API keys tiff: upgrade to 4.5.1 gcc: don't pass --enable-standard-branch-protection machine/arch-arm64: add -mbranch-protection=standard pkgconf: update SRC_URI python3: fix missing comma in get_module_deps3.py oeqa/runtime/cases/rpm: fix wait_for_no_process_for_user failure case rootfs_rpm: don't depend on opkg-native for update-alternatives ltp: add RDEPENDS on findutils openssh: upgrade to 9.3p2 linux-yocto: add script to generate kernel CVE_CHECK_IGNORE entries linux/cve-exclusion: add generated CVE_CHECK_IGNOREs procps: backport fix for CVE-2023-4016 graphene: fix runtime detection of IEEE754 behaviour gcc: Fix -fstack-protector issue on aarch64 linux-yocto: update CVE exclusions Sakib Sajal (4): go: Upgrade 1.20.4 -> 1.20.5 bno_plot.py, btt_plot.py: Ask for python3 specifically go: fix CVE-2023-24531 go: upgrade 1.20.6 -> 1.20.7 Sanjana (1): binutils: Fix CVE-2023-39128 Sanjay Chitroda (2): cups: Fix CVE-2023-32324 curl: Add CVE-2023-28320 follow-up fix Siddharth (1): tiff: Security fix for CVE-2023-25434 and CVE-2023-26965 Siddharth Doshi (1): gdb: Fix CVE-2023-39128 Soumya (1): perl: Fix CVE-2023-31484 & CVE-2023-31486 Staffan Rydén (1): kernel: Fix path comparison in kernel staging dir symlinking Steve Sakoman (6): maintainers.inc: update version for gcc-source Revert "systemd: fix a dead link under /var/log" poky.conf: bump version for 4.2.2 release build-appliance-image: Update to mickledore head revision poky.conf: bump version for 4.2.3 release build-appliance-image: Update to mickledore head revision Stéphane Veyret (1): scripts/oe-setup-builddir: copy conf-notes.txt to build dir Sudip Mukherjee (2): dpkg: upgrade to v1.21.22 bind: upgrade to v9.18.17 Sundeep KOKKONDA (1): gcc : upgrade to v12.3 Thomas Roos (1): testimage/oeqa: Drop testimage_dump_host functionality Tim Orling (1): openssl: upgrade 3.1.0 -> 3.1.1 Tom Hochstein (1): weston: Cleanup and fix x11 and xwayland dependencies Trevor Gamblin (4): bind: upgrade 9.18.13 -> 9.18.14 glib-networking: use correct error code in ptest vim: upgrade 9.0.1527 -> 9.0.1592 linux-firmware: upgrade 20230515 -> 20230625 Wang Mingyu (24): babeltrace2: upgrade 2.0.4 -> 2.0.5 fribidi: upgrade 1.0.12 -> 1.0.13 libdnf: upgrade 0.70.0 -> 0.70.1 libmicrohttpd: upgrade 0.9.76 -> 0.9.77 libxft: upgrade 2.3.7 -> 2.3.8 libxpm: upgrade 3.5.15 -> 3.5.16 mobile-broadband-provider-info: upgrade 20221107 -> 20230416 bind: upgrade 9.18.14 -> 9.18.15 xdpyinfo: upgrade 1.3.3 -> 1.3.4 libxml2: upgrade 2.10.3 -> 2.10.4 freetype: upgrade 2.13.0 -> 2.13.1 gstreamer1.0: upgrade 1.22.3 -> 1.22.4 libassuan: upgrade 2.5.5 -> 2.5.6 libksba: upgrade 1.6.3 -> 1.6.4 libx11: upgrade 1.8.5 -> 1.8.6 lttng-ust: upgrade 2.13.5 -> 2.13.6 taglib: upgrade 1.13 -> 1.13.1 libwebp: upgrade 1.3.0 -> 1.3.1 libnss-nis: upgrade 3.1 -> 3.2 opkg: upgrade 0.6.1 -> 0.6.2 opkg-utils: upgrade 0.5.0 -> 0.6.2 file: upgrade 5.44 -> 5.45 tar: upgrade 1.34 -> 1.35 bind: upgrade 9.18.17 -> 9.18.18 Xiangyu Chen (1): dbus: upgrade 1.14.6 -> 1.14.8 Yash Shinde (1): glibc: fix CVE-2023-4527 Yi Zhao (1): ifupdown: install missing directories Yoann Congal (3): recipetool: Fix inherit in created -native* recipes oeqa/selftest/devtool: add unit test for "devtool add -b" dev-manual: remove unsupported :term: markup inside markup Yogita Urade (8): dmidecode: fix CVE-2023-30630 qemu: fix CVE-2023-3301 qemu: fix CVE-2023-3255 qemu: fix CVE-2023-2861 inetutils: fix CVE-2023-40303 nghttp2: fix CVE-2023-35945 dropbear: fix CVE-2023-36328 qemu: fix CVE-2023-3354 Yuta Hayama (1): systemd-systemctl: fix errors in instance name expansion nikhil (1): libwebp: Fix CVE-2023-1999 sanjana (2): binutils: stable 2.40 branch updates glibc: stable 2.37 branch updates meta-openembedded: 9286582126..922f41b39f: Armin Kuster (1): openldap: update to 2.5.16. Beniamin Sandu (1): lmsensors: do not pull in unneeded perl modules for run-time dependencies Changqing Li (2): redis: upgrade 6.2.12 -> 6.2.13 redis: upgrade 7.0.11 -> 7.0.12 Chee Yang Lee (2): rabbitmq-c: Fix CVE-2023-35789 c-ares: upgrade 1.19.0 -> 1.19.1 Chen Qi (3): redis: use the files path correctly grpc: fix CVE-2023-32732 grpc: fix CVE-2023-33953 Chris Dimich (1): image_types_sparse: Fix syntax error Hitendra Prajapati (4): wireshark: Fix CVE-2023-2855 & CVE-2023-2856 wireshark: Fix CVE-2023-2858 & CVE-2023-2879 wireshark: CVE-2023-2952 XRA dissector infinite loop wireshark: Fix Multiple CVEs Jasper Orschulko (1): yaml-cpp: Fix cmake export Joe Slater (3): libgpiod: modify test 'gpioset: toggle (continuous)' python3-sqlparse: fix CVE-2023-30608 libgpiod: modify RDEPENDS for ptest Khem Raj (2): fftw: Check for TOOLCHAIN_OPTIONS to be non-empty before sed ops system-config-printer: Delete __pycache__ files Lee Chee Yang (2): opensc: fix CVE-2023-2977 x11vnc: Fix CVE-2020-29074 Linus Jacobson (1): khronos-cts: Replace wayland feature dependancy with vulkan Martin Jansa (5): libiio: use main branch instead of master mongodb: enable hardware crc32 only with crc in TUNE_FEATURES khronos-cts.inc: respect MLPREFIX when appending DEPENDS with anonymous python libcyusbserial: fix installed-vs-shipped QA issue with multilib tcpreplay: fix pcap detection with /usr/lib32 multilib Mingli Yu (6): dialog: Update the SRC_URI gnulib: Update SRC_URI yajl: Fix CVE-2023-33460 iniparser: Fix CVE-2023-33461 php: Upgrade to 8.2.8 mcelog: Drop unneeded autotools-brokensep Polampalli, Archana (6): tcpreplay: upgrade 4.4.3 -> 4.4.4 nodejs: upgrade 18.14.2 -> 18.16.1 yasm: fix CVE-2023-31975 nodejs: upgrade 18.16.1 -> 18.17.1 hwloc: fix CVE-2022-47022 python3-appdirs: print ptest results in unified format Ross Burton (5): glade: add autoconf-archive-native DEPENDS libgxim: add autoconf-archive-native DEPENDS libblockdev: clean up DEPENDS imsettings: add missing DEPENDS on autoconf-archive-native system-config-printer: clean up DEPENDS Sandeep Gundlupet Raju 837 (1): opencv: Revert fix runtime dependencies Sanjay Chitroda (1): netkit-telnet: Fix CVE-2022-39028 Soumya (1): yasm: fix CVE-2023-37732 Soumya Sambu (1): krb5: Fix CVE-2023-36054 Soumya via (1): opencv: Fix for CVE-2023-2617 Urade, Yogita t.mo (1): c-ares: fix CVE-2023-32067 Wang Mingyu (3): python3-django: upgrade 4.1.7 -> 4.2.1 iperf3: upgrade 3.13 -> 3.14 tcpdump: upgrade 4.99.3 -> 4.99.4 Xiangyu Chen (2): libbpf: installing uapi headers for native package meta-oe: add pahole to NON_MULTILIB_RECIPES Yi Zhao (4): frr: upgrade 8.4.2 -> 8.4.4 mbedtls: upgrade 2.28.2 -> 2.28.3 open-vm-tools: Security fix CVE-2023-20867 frr: Security fix CVE-2023-3748 Yogita Urade (1): poppler: fix CVE-2023-34872 meta-arm: 8db460fa5d..6e199b354e: Abdellatif El Khlifi (6): arm-bsp/documentation: corstone1000: Update change log arm-bsp/doc: corstone1000: Update the software architecture document arm-bsp/documentation: corstone1000: update the release note arm-bsp/documentation: corstone1000: update user guide kas: set the SHAs for 2023.06 release arm-bsp/trusted-firmware-a: corstone1000: enable ERRATA_A35_855472 Adam Johnston (2): CI: Platform specific Trusted Services config arm-bsp/trusted-firmware-a: Reserve OP-TEE memory from NWd on N1SDP Anton Antonov (1): arm/oeqa: Make ts-service-test config match selected SPs Denys Dmytriyenko (1): optee-os: do not explicitly set CFG_MAP_EXT_DT_SECURE=y Emekcan Aras (7): arm-bsp/u-boot: corstone1000: Fix EFI multiple protocol install failure arm-bsp/u-boot: corstone1000: Enable EFI set/get time services arm-bsp/trusted-services: corstone1000: GetNextVariableName Fix arm-bsp/optee-os:corstone1000: Drop SPMC non secure interrupt patches arm-bsp/u-boot: corstone1000: Fix u-boot compilation warnings arm-bsp/trusted-services: corstone1000: Fix PSA_RAW_KEY agreement test arm-bsp/trusted-services: corstone1000: Fix Capsule Update Gyorgy Szing (11): arm/trusted-services: update TS version optee-os: remove v3.18 pin of OP-TEE on qemuarm64-secureboot optee-os: Add support for TOS_FW_CONFIG on qemu arm/trusted-firmware-a: Add TOS_FW_CONFIG handling for quemu optee-test: backport SWd ABI compatibility changes optee-os: enable SPMC test arm/oeqa: enable OP-TEE SPMC tests trusted-services: update documentation arm/trusted-services: disable psa-iat on qemuarm64-secureboot arm/trusted-services: fix nanopb build error optee-os: unblock NWd interrupts Jon Mason (3): CI: remove master refspec for meta-virtualization yml file arm/linux-yocto: move 6.1 patches to a unique bbappend README: remove reference to meta-arm-autonomy Robbie Cao (1): arm/recipes-kernel: Add preempt-rt support for generic-arm64 Rui Miguel Silva (3): arm-bsp/trusted-services:corstone1000: remove already merged patches arm-bsp/trusted-services: remove merged patches for corstone1000 arm-bps/corstone1000: setup trusted service proxy configuration Tomás González (2): arm-bsp/documentation: corstone1000: Update the user guide arm-bsp/documentation: corstone1000: Update the release notes Change-Id: I19ad289a1580a28192b5c063d06553d4e171687b Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
author: Andrew Geissler <geissonator@yahoo.com> 2023-10-03 17:44:52 +0300
committer: Andrew Geissler <geissonator@yahoo.com> 2023-10-03 18:04:36 +0300
commit: 1e488cdf844bf4aa82d3c90875a56fb35c7f210d (patch)
tree: be163d890651760d24effea503cd567df3e119b5 /meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0003-FMP-Support-in-Corstone1000.patch
parent: 4f6b1c0dcf9f9cb734f71b277af913e0d58c503f (diff)
download: openbmc-1e488cdf844bf4aa82d3c90875a56fb35c7f210d.tar.xz
1 files changed, 418 insertions, 0 deletions
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0003-FMP-Support-in-Corstone1000.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0003-FMP-Support-in-Corstone1000.patch
new file mode 100644
index 0000000000..3d743d2827
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0003-FMP-Support-in-Corstone1000.patch
@@ -0,0 +1,418 @@
+From 5c8ac10337ac853d8a82992fb6e1d91b122b99d2 Mon Sep 17 00:00:00 2001
+From: Satish Kumar <satish.kumar01@arm.com>
+Date: Fri, 8 Jul 2022 09:48:06 +0100
+Subject: [PATCH 3/6] FMP Support in Corstone1000.
+
+The FMP support is used by u-boot to pupolate ESRT information
+for the kernel.
+
+The solution is platform specific and needs to be revisted.
+
+Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
+
+Upstream-Status: Inappropriate [The solution is platform specific and needs to be revisted]
+Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
+---
+ .../provider/capsule_update_provider.c        |   5 +
+ .../capsule_update/provider/component.cmake   |   1 +
+ .../provider/corstone1000_fmp_service.c       | 307 ++++++++++++++++++
+ .../provider/corstone1000_fmp_service.h       |  26 ++
+ 4 files changed, 339 insertions(+)
+ create mode 100644 components/service/capsule_update/provider/corstone1000_fmp_service.c
+ create mode 100644 components/service/capsule_update/provider/corstone1000_fmp_service.h
+
+diff --git a/components/service/capsule_update/provider/capsule_update_provider.c b/components/service/capsule_update/provider/capsule_update_provider.c
+index e133753f8560..991a2235cd73 100644
+--- a/components/service/capsule_update/provider/capsule_update_provider.c
++++ b/components/service/capsule_update/provider/capsule_update_provider.c
+@@ -11,6 +11,7 @@
+ #include <protocols/service/capsule_update/capsule_update_proto.h>
+ #include <protocols/rpc/common/packed-c/status.h>
+ #include "capsule_update_provider.h"
++#include "corstone1000_fmp_service.h"
+ 
+ 
+ #define CAPSULE_UPDATE_REQUEST (0x1)
+@@ -47,6 +48,8 @@ struct rpc_interface *capsule_update_provider_init(
+ 		rpc_interface = service_provider_get_rpc_interface(&context->base_provider);
+ 	}
+ 
++	provision_fmp_variables_metadata(context->client.caller);
++
+ 	return rpc_interface;
+ }
+ 
+@@ -85,6 +88,7 @@ static rpc_status_t event_handler(uint32_t opcode, struct rpc_caller *caller)
+ 		}
+ 		psa_call(caller,handle, PSA_IPC_CALL,
+ 			in_vec,IOVEC_LEN(in_vec), NULL, 0);
++		set_fmp_image_info(caller, handle);
+ 		break;
+ 
+ 		case KERNEL_STARTED_EVENT:
+@@ -99,6 +103,7 @@ static rpc_status_t event_handler(uint32_t opcode, struct rpc_caller *caller)
+ 		}
+ 		psa_call(caller,handle, PSA_IPC_CALL,
+ 			in_vec,IOVEC_LEN(in_vec), NULL, 0);
++		set_fmp_image_info(caller, handle);
+ 		break;
+ 		default:
+ 			EMSG("%s unsupported opcode", __func__);
+diff --git a/components/service/capsule_update/provider/component.cmake b/components/service/capsule_update/provider/component.cmake
+index 1d412eb234d9..6b0601494938 100644
+--- a/components/service/capsule_update/provider/component.cmake
++++ b/components/service/capsule_update/provider/component.cmake
+@@ -10,4 +10,5 @@ endif()
+ 
+ target_sources(${TGT} PRIVATE
+ 	"${CMAKE_CURRENT_LIST_DIR}/capsule_update_provider.c"
++	"${CMAKE_CURRENT_LIST_DIR}/corstone1000_fmp_service.c"
+ 	)
+diff --git a/components/service/capsule_update/provider/corstone1000_fmp_service.c b/components/service/capsule_update/provider/corstone1000_fmp_service.c
+new file mode 100644
+index 000000000000..6a7a47a7ed99
+--- /dev/null
++++ b/components/service/capsule_update/provider/corstone1000_fmp_service.c
+@@ -0,0 +1,307 @@
++/*
++ * Copyright (c) 2022, Arm Limited and Contributors. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ */
++
++#include "corstone1000_fmp_service.h"
++#include <psa/client.h>
++#include <psa/sid.h>
++#include <psa/storage_common.h>
++#include <trace.h>
++
++#include <service/smm_variable/backend/variable_index.h>
++
++#define VARIABLE_INDEX_STORAGE_UID			(0x787)
++
++/**
++ * Variable attributes
++ */
++#define	EFI_VARIABLE_NON_VOLATILE				(0x00000001)
++#define	EFI_VARIABLE_BOOTSERVICE_ACCESS				(0x00000002)
++#define	EFI_VARIABLE_RUNTIME_ACCESS				(0x00000004)
++#define	EFI_VARIABLE_HARDWARE_ERROR_RECORD			(0x00000008)
++#define	EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS			(0x00000010)
++#define	EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS	(0x00000020)
++#define	EFI_VARIABLE_APPEND_WRITE				(0x00000040)
++#define	EFI_VARIABLE_MASK \
++	(EFI_VARIABLE_NON_VOLATILE | \
++	 EFI_VARIABLE_BOOTSERVICE_ACCESS | \
++	 EFI_VARIABLE_RUNTIME_ACCESS | \
++	 EFI_VARIABLE_HARDWARE_ERROR_RECORD | \
++	 EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS | \
++	 EFI_VARIABLE_APPEND_WRITE)
++
++#define FMP_VARIABLES_COUNT	6
++
++static struct variable_metadata fmp_variables_metadata[FMP_VARIABLES_COUNT] = {
++    {
++	{ 0x86c77a67, 0x0b97, 0x4633, \
++		{ 0xa1, 0x87, 0x49, 0x10, 0x4d, 0x06, 0x85, 0xc7} },
++	/* name size = (variable_name + \0) * sizeof(u16) */
++	.name_size = 42, { 'F', 'm', 'p', 'D', 'e', 's', 'c', 'r', 'i', 'p', 't', 'o', 'r', 'V', 'e', 'r', 's', 'i', 'o', 'n' },
++	.attributes = EFI_VARIABLE_NON_VOLATILE, .uid = 0
++    },
++    {
++	{ 0x86c77a67, 0x0b97, 0x4633, \
++		{ 0xa1, 0x87, 0x49, 0x10, 0x4d, 0x06, 0x85, 0xc7} },
++	/* name size = (variable_name + \0) * sizeof(u16) */
++	.name_size = 34, { 'F', 'm', 'p', 'I', 'm', 'a', 'g', 'e', 'I', 'n', 'f', 'o', 'S', 'i', 'z', 'e' },
++	.attributes = EFI_VARIABLE_NON_VOLATILE, .uid = 0
++    },
++    {
++	{ 0x86c77a67, 0x0b97, 0x4633, \
++		{ 0xa1, 0x87, 0x49, 0x10, 0x4d, 0x06, 0x85, 0xc7} },
++	/* name size = (variable_name + \0) * sizeof(u16) */
++	.name_size = 38, { 'F', 'm', 'p', 'D', 'e', 's', 'c', 'r', 'i', 'p', 't', 'o', 'r', 'C', 'o', 'u', 'n', 't' },
++	.attributes = EFI_VARIABLE_NON_VOLATILE, .uid = 0
++    },
++    {
++	{ 0x86c77a67, 0x0b97, 0x4633, \
++		{ 0xa1, 0x87, 0x49, 0x10, 0x4d, 0x06, 0x85, 0xc7} },
++	/* name size = (variable_name + \0) * sizeof(u16) */
++	.name_size = 26, { 'F', 'm', 'p', 'I', 'm', 'a', 'g', 'e', 'I', 'n', 'f', 'o' },
++	.attributes = EFI_VARIABLE_NON_VOLATILE, .uid = 0
++    },
++    {
++	{ 0x86c77a67, 0x0b97, 0x4633, \
++		{ 0xa1, 0x87, 0x49, 0x10, 0x4d, 0x06, 0x85, 0xc7} },
++	/* name size = (variable_name + \0) * sizeof(u16) */
++	.name_size = 28, { 'F', 'm', 'p', 'I', 'm', 'a', 'g', 'e', 'N', 'a', 'm', 'e', '1' },
++	.attributes = EFI_VARIABLE_NON_VOLATILE, .uid = 0
++    },
++    {
++	{ 0x86c77a67, 0x0b97, 0x4633, \
++		{ 0xa1, 0x87, 0x49, 0x10, 0x4d, 0x06, 0x85, 0xc7} },
++	/* name size = (variable_name + \0) * sizeof(u16) */
++	.name_size = 32, { 'F', 'm', 'p', 'V', 'e', 'r', 's', 'i', 'o', 'n',  'N', 'a', 'm', 'e', '1' },
++	.attributes = EFI_VARIABLE_NON_VOLATILE, .uid = 0
++    },
++};
++
++static psa_status_t protected_storage_set(struct rpc_caller *caller,
++	psa_storage_uid_t uid, size_t data_length, const void *p_data)
++{
++	psa_status_t psa_status;
++	psa_storage_create_flags_t create_flags = PSA_STORAGE_FLAG_NONE;
++
++	struct psa_invec in_vec[] = {
++		{ .base = psa_ptr_to_u32(&uid), .len = sizeof(uid) },
++		{ .base = psa_ptr_const_to_u32(p_data), .len = data_length },
++		{ .base = psa_ptr_to_u32(&create_flags), .len = sizeof(create_flags) },
++	};
++
++	psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE, TFM_PS_ITS_SET,
++			      in_vec, IOVEC_LEN(in_vec), NULL, 0);
++	if (psa_status < 0)
++		EMSG("ipc_set: psa_call failed: %d", psa_status);
++
++	return psa_status;
++}
++
++static psa_status_t protected_storage_get(struct rpc_caller *caller,
++	psa_storage_uid_t uid, size_t data_size, void *p_data)
++{
++	psa_status_t psa_status;
++	uint32_t offset = 0;
++
++	struct psa_invec in_vec[] = {
++		{ .base = psa_ptr_to_u32(&uid), .len = sizeof(uid) },
++		{ .base = psa_ptr_to_u32(&offset), .len = sizeof(offset) },
++	};
++
++	struct psa_outvec out_vec[] = {
++		{ .base = psa_ptr_to_u32(p_data), .len = data_size },
++	};
++
++	psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE,
++			      TFM_PS_ITS_GET, in_vec, IOVEC_LEN(in_vec),
++			      out_vec, IOVEC_LEN(out_vec));
++
++	if (psa_status == PSA_SUCCESS && out_vec[0].len != data_size) {
++	    EMSG("Return size does not match with expected size.");
++	    return PSA_ERROR_BUFFER_TOO_SMALL;
++	}
++
++	return psa_status;
++}	
++
++static uint64_t name_hash(EFI_GUID *guid, size_t name_size,
++	const int16_t *name)
++{
++	/* Using djb2 hash by Dan Bernstein */
++	uint64_t hash = 5381;
++
++	/* Calculate hash over GUID */
++	hash = ((hash << 5) + hash) + guid->Data1;
++	hash = ((hash << 5) + hash) + guid->Data2;
++	hash = ((hash << 5) + hash) + guid->Data3;
++
++	for (int i = 0; i < 8; ++i) {
++
++		hash = ((hash << 5) + hash) + guid->Data4[i];
++	}   
++
++	/* Extend to cover name up to but not including null terminator */
++	for (int i = 0; i < name_size / sizeof(int16_t); ++i) {
++
++		if (!name[i]) break;
++		hash = ((hash << 5) + hash) + name[i];
++	}
++
++	return hash;
++}
++
++
++static void initialize_metadata(void)
++{
++    for (int i = 0; i < FMP_VARIABLES_COUNT; i++) {
++
++	fmp_variables_metadata[i].uid = name_hash(
++					&fmp_variables_metadata[i].guid,
++					fmp_variables_metadata[i].name_size,
++					fmp_variables_metadata[i].name);
++    }
++}
++
++
++void provision_fmp_variables_metadata(struct rpc_caller *caller)
++{
++    struct variable_metadata metadata;
++    psa_status_t status;
++    uint32_t dummy_values = 0xDEAD;
++
++    EMSG("Provisioning FMP metadata.");
++
++    initialize_metadata();
++
++    status = protected_storage_get(caller, VARIABLE_INDEX_STORAGE_UID,
++		sizeof(struct variable_metadata), &metadata);
++
++    if (status == PSA_SUCCESS) {
++	EMSG("UEFI variables store is already provisioned.");
++	return;
++    }
++
++    /* Provision FMP variables with dummy values. */
++    for (int i = 0; i < FMP_VARIABLES_COUNT; i++) {
++	protected_storage_set(caller, fmp_variables_metadata[i].uid,
++				sizeof(dummy_values), &dummy_values);
++    }
++
++    status = protected_storage_set(caller, VARIABLE_INDEX_STORAGE_UID,
++		    sizeof(struct variable_metadata) * FMP_VARIABLES_COUNT,
++		    fmp_variables_metadata);
++
++    if (status != EFI_SUCCESS) {
++	return;
++    }
++
++    EMSG("FMP metadata is provisioned");
++}
++
++typedef struct {
++    void *base;
++    int len;
++} variable_data_t;
++
++static variable_data_t fmp_variables_data[FMP_VARIABLES_COUNT];
++
++#define IMAGE_INFO_BUFFER_SIZE	256
++static char image_info_buffer[IMAGE_INFO_BUFFER_SIZE];
++#define IOCTL_CORSTONE1000_FMP_IMAGE_INFO	2
++
++static psa_status_t unpack_image_info(void *buffer, uint32_t size)
++{
++    typedef struct __attribute__ ((__packed__)) {
++	uint32_t variable_count;
++	uint32_t variable_size[FMP_VARIABLES_COUNT];
++	uint8_t variable[];
++    } packed_buffer_t;
++
++    packed_buffer_t *packed_buffer = buffer;
++    int runner = 0;
++
++    if (packed_buffer->variable_count != FMP_VARIABLES_COUNT) {
++	EMSG("Expected fmp varaibles = %u, but received = %u",
++		FMP_VARIABLES_COUNT, packed_buffer->variable_count);
++	return PSA_ERROR_PROGRAMMER_ERROR;
++    }
++
++    for (int i = 0; i < packed_buffer->variable_count; i++) {
++	EMSG("FMP variable %d : size %u", i, packed_buffer->variable_size[i]);
++	fmp_variables_data[i].base = &packed_buffer->variable[runner];
++	fmp_variables_data[i].len= packed_buffer->variable_size[i];
++	runner += packed_buffer->variable_size[i];
++    }
++
++    return PSA_SUCCESS;
++}
++
++static psa_status_t get_image_info(struct rpc_caller *caller,
++			   psa_handle_t platform_service_handle)
++{
++    psa_status_t status;
++    psa_handle_t handle;
++    uint32_t ioctl_id = IOCTL_CORSTONE1000_FMP_IMAGE_INFO;
++
++    struct psa_invec in_vec[] = {
++	{ .base = &ioctl_id, .len = sizeof(ioctl_id) },
++    };
++
++    struct psa_outvec out_vec[] = {
++	{ .base = image_info_buffer, .len = IMAGE_INFO_BUFFER_SIZE },
++    };
++
++    memset(image_info_buffer, 0, IMAGE_INFO_BUFFER_SIZE);
++
++    psa_call(caller, platform_service_handle, PSA_IPC_CALL,
++	     in_vec, IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
++
++    status = unpack_image_info(image_info_buffer, IMAGE_INFO_BUFFER_SIZE);
++    if (status != PSA_SUCCESS) {
++	return status;
++    }
++
++    return PSA_SUCCESS;
++}
++
++static psa_status_t set_image_info(struct rpc_caller *caller)
++{
++    psa_status_t status;
++
++    for (int i = 0; i < FMP_VARIABLES_COUNT; i++) {
++	
++	status = protected_storage_set(caller,
++			fmp_variables_metadata[i].uid,
++			fmp_variables_data[i].len, fmp_variables_data[i].base);
++
++	if (status != PSA_SUCCESS) {
++
++            EMSG("FMP variable %d set unsuccessful", i);
++	    return status;
++	}
++
++        EMSG("FMP variable %d set success", i);
++    }
++
++    return PSA_SUCCESS;
++}
++
++void set_fmp_image_info(struct rpc_caller *caller,
++			psa_handle_t platform_service_handle)
++{
++    psa_status_t status;
++
++    status = get_image_info(caller, platform_service_handle);
++    if (status != PSA_SUCCESS) {
++	return;
++    }
++
++    status = set_image_info(caller);
++    if (status != PSA_SUCCESS) {
++	return;
++    }
++
++    return;
++}
+diff --git a/components/service/capsule_update/provider/corstone1000_fmp_service.h b/components/service/capsule_update/provider/corstone1000_fmp_service.h
+new file mode 100644
+index 000000000000..95fba2a04d5c
+--- /dev/null
++++ b/components/service/capsule_update/provider/corstone1000_fmp_service.h
+@@ -0,0 +1,26 @@
++/*
++ * Copyright (c) 2022, Arm Limited and Contributors. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ */
++
++#ifndef CORSTONE1000_FMP_SERVICE_H
++#define CORSTONE1000_FMP_SERVICE_H
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++#include <rpc_caller.h>
++#include <psa/client.h>
++
++void provision_fmp_variables_metadata(struct rpc_caller *caller);
++
++void set_fmp_image_info(struct rpc_caller *caller,
++		psa_handle_t platform_service_handle);
++
++#ifdef __cplusplus
++} /* extern "C" */
++#endif
++
++#endif /* CORSTONE1000_FMP_SERVICE_H */
+-- 
+2.40.0
+
author	Andrew Geissler <geissonator@yahoo.com>	2023-10-03 17:44:52 +0300
committer	Andrew Geissler <geissonator@yahoo.com>	2023-10-03 18:04:36 +0300
commit	1e488cdf844bf4aa82d3c90875a56fb35c7f210d (patch)
tree	be163d890651760d24effea503cd567df3e119b5 /meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0003-FMP-Support-in-Corstone1000.patch
parent	4f6b1c0dcf9f9cb734f71b277af913e0d58c503f (diff)
download	openbmc-1e488cdf844bf4aa82d3c90875a56fb35c7f210d.tar.xz