diff options
author | Patrick Williams <patrick@stwcx.xyz> | 2022-09-03 14:53:57 +0300 |
---|---|---|
committer | Patrick Williams <patrick@stwcx.xyz> | 2022-09-09 21:54:38 +0300 |
commit | 92b42cb35d755f8cfe6c17d403711a536e0f0721 (patch) | |
tree | 7b8663e1a7226f7a0811034af44979d1705b026f /meta-arm/meta-arm-bsp/recipes-security | |
parent | 497a421571ce561308d0501e73cb2c8128296fa7 (diff) | |
download | openbmc-92b42cb35d755f8cfe6c17d403711a536e0f0721.tar.xz |
subtree updates
meta-raspberrypi: b6a1645a97..c57b464b88:
Lluis Campos (1):
rpi-cmdline: do_compile: Use pure Python syntax to get `CMDLINE`
meta-openembedded: 2eb39477a7..a755af4fb5:
Adrian Zaharia (1):
lapack: add packageconfig for lapacke
Akash Hadke (1):
polkit: Add --shell /bin/nologin to polkitd user
Alex Kiernan (3):
ntpsec: Add UPSTREAM_CHECK_URI
libgpiod: Detect ptest using PTEST_ENABLED
ostree: Cleanup PACKAGECONFIGs
Anuj Mittal (1):
yasm: fix buildpaths warning
Atanas Bunchev (1):
python3-twitter: Upgrade 4.8.0 -> 4.10.1
Bartosz Golaszewski (4):
imagemagick: add PACKAGECONFIG for C++ bindings
python3-matplotlib: don't use PYTHON_PN
python3-matplotlib: add packaging to RDEPENDS
python3-matplotlib: bump to 3.5.2
Bruce Ashfield (3):
vboxguestdrivers: fix build against 5.19 kernel / libc-headers
zfs: update to v2.1.5
vboxguestdrivers: make kernel shared directory dependency explicit
Carsten Bäcker (1):
spdlog: Fix CMake flag
Changqing Li (3):
fuse3: support ptest
redis: fix do_patch fuzz warning
dlt-daemon: fix dlt-system.service failed since buffer overflow
Clément Péron (1):
python: add Pydantic data validation package
Devendra Tewari (1):
android-tools: sleep more in android-gadget-start
Ed Tanous (1):
Add python-requests-unixsocket recipe
Enguerrand de Ribaucourt (1):
mdio-tools: add recipes
Etienne Cordonnier (1):
uutils-coreutils: add recipe
Jagadeesh Krishnanjanappa (4):
python3-asgiref: add recipe
python3-django: make 3.2.x as default version
python3-django: Add python3-asgiref runtime dependency
python3-django: remove 2.2.x recipe
Jan Luebbe (2):
chrony: add support for config and source snippet includes
gensio: upgrade 2.3.1 -> 2.5.2
Jan Vermaete (1):
makeself: added makeself as new recipe
Jim Broadus (1):
networkmanager: fix iptables and nft paths
Jose Quaresma (2):
wireguard-module: 1.0.20210219 -> 1.0.20220627
wireguard-tools: Add a new package for wg-quick
Julian Haller (2):
pcsc-lite: upgrade 1.9.0 -> 1.9.8
ccid: upgrade 1.4.33 -> 1.5.0
Justin Bronder (1):
lmdb: only set SONAME on the shared library
Khem Raj (61):
mariadb: Inherit pkgconfig
mariadb: Add packageconfig for lz4 and enable it
ibus: Swith to use main branch instead of master
kronosnet: Upgrade to 1.24
ostree: Upgrade to 2022.5 release
sdbus-c++-libsystemd: Fix build with glibc 2.36
xfstests: Upgrade to v2022.07.10
autofs: Fix build with glibc 2.36
audit: Upgrade to 3.0.8 and fix build with linux 5.17+
pcp: Add to USERADD_PACKAGES instead of override
mozjs: Use RUST_HOST_SYS and RUST_TARGET_SYS
fluentbit: Fix build with clang
audit: Fix build with musl
fluentbit: Fix build with musl
klibc: Upgrade to 2.0.10
gnome-keyring,cunit,xfce4-panel: Do not inherit remove-libtool class here
mpd: Update to 0.23.8
openipmi: Enable largefile cflags
proftpd: Always enable largefile support
netperf: Always enable largefile support
openipmi: Always enable largefile support
unbound: Always enable largefile support
sysbench: Always enable largefile support
libmtp: Always enable largefile support
toybox: Fix build with glibc 2.36+
xfstests: Upgrade to 2022.07.31 release
libmpd: Fix function returns and casts
audit: Revert the tweak done in configure step in do_install
mpd: Upgrade to 0.23.9
fluentbit: Use CMAKE_C_STANDARD_LIBRARIES cmake var to pass libatomic
fluentbit: Upgrade to 1.9.7 and fix build on x86
klibc: Fix build with kernel 5.19 headers
ntpsec: Add -D_GNU_SOURCE and fix building with devtool
gd: Fix build with clang-15
cpulimit: Define -D_GNU_SOURCE
safec: Remove unused variable 'len'
ncftp: Enable autoreconf
ncftp: Fix TMPDIR path embedding into ncftpget
libb64: Switch to github fork and upgrade to 2.0.0.1+git
dhrystone: Disable warnings as errors with clang
dibbler: Fix build with musl
fio: Fix additional warnings seen with musl
ssmtp: Fix null pointer assignments
gst-editing-services: Add recipe
rygel: Upgrade to 0.40.4
libesmtp: Define _GNU_SOURCE
python3-grpcio: Enable largefile support explicitly
libteam: Include missing headers for strrchr and memcmp
neon: Upgrade to 0.32.2
satyr: Fix build on musl/clang
libmusicbrainz: Avoid -Wnonnull warning
aom: Upgrade to 3.4.0
vorbis-tools: Fix build on musl
dvb-apps: Use tarball for SRC_URI and fix build on musl
python3-netifaces: Fix build with python3 and musl
python3-pyephem: Fix build with python3 and musl
samba: Fix warnings in configure tests for rpath checks
lirc: Fix build on musl
mongodb: Fix boost build with clang-15
crda: Fix build with clang-15
monkey: Fix build with musl
Lei Maohui (2):
dnf-plugin-tui: Fix somw issue in postinstall process.
xrdp: Fix buildpaths warning.
Leon Anavi (16):
python3-nocasedict: Upgrade 1.0.3 -> 1.0.4
python3-frozenlist: Upgrade 1.3.0 -> 1.3.1
python3-networkx: Upgrade 2.8.4 -> 2.8.5
python3-pyhamcrest: Upgrade 2.0.3 -> 2.0.4
python3-aiohue: Upgrade 4.4.2 -> 4.5.0
python3-pyperf: Upgrade 2.3.0 -> 2.4.1
python3-eth-abi: Upgrade 3.0.0 -> 3.0.1
python3-cytoolz: Upgrade 0.11.2 -> 0.12.0
python3-yarl: Upgrade 1.7.2 -> 1.8.1
python3-term: Upgrade 2.3 -> 2.4
python3-coverage: Upgrade 6.4.1 -> 6.4.4
python3-regex: Upgrade 2022.7.25 -> 2022.8.17
python3-awesomeversion: Upgrade 22.6.0 -> 22.8.0
python3-typed-ast: Upgrade 1.5.2 -> 1.5.4
python3-prompt-toolkit: Upgrade 3.0.24 -> 3.0.30
python3-prettytable: Upgrade 3.1.1 -> 3.3.0
Markus Volk (6):
libass: update to v1.16.0
spdlog: update to v1.10.0
waylandpp: add recipe
wireplumber: update to v0.4.11
pipewire: update to v0.3.56
pipewire: improve runtime dependency settings
Marta Rybczynska (1):
polkit: update patches for musl compilation
Matthias Klein (1):
libftdi: update to 1.5
Mike Crowe (1):
yasm: Only depend on xmlto when docs are enabled
Mike Petersen (1):
sshpass: add recipe
Mingli Yu (10):
net-snmp: set ac_cv_path_PSPROG
postgresql: Fix the buildpaths issue
freeradius: Fix buildpaths issue
openipmi: Fix buildpaths issue
apache2: Fix the buildpaths issue
frr: fix buildpaths issue
nspr: fix buildpaths issue
liblockfile: fix buildpaths issue
freediameter: fix buildpaths issue
postgresql: make sure pam conf installed when pam enabled
Ovidiu Panait (1):
net-snmp: upgrade 5.9.1 -> 5.9.3
Paulo Neves (1):
fluentbit Upgrade to 1.3.5 -> 1.9.6
Philip Balister (2):
python3-pybind11: Update to Version 2.10.0.
Remove dead link and old information from the README.
Potin Lai (7):
libplist: add libplist_git.bb
libimobiledevice-glue: SRCREV bump bc6c44b..d2ff796
libimobiledevice: add libimobiledevice_git.bb
libirecovery: SRCREV bump e190945..ab5b4d8
libusbmuxd: add libusbmuxd_git.bb
usbmuxd: add usbmuxd_git.bb
idevicerestore: SRCREV bump 280575b..7d622d9
Richard Purdie (1):
lmdb: Don't inherit base
Sam Van Den Berge (1):
python3-jsonrpcserver: add patch to use importlib.resources instead of pkg_resources
Saul Wold (10):
libipc-signal-perl: Fix LICENSE string
libdigest-hmac-perl: Fix LICENSE string
libio-socket-ssl-perl: Fix LICENSE string
libdigest-sha1-perl: Fix LICENSE string
libmime-types-perl: Fix LICENSE string
libauthen-sasl-perl: Fix LICENSE string
libnet-ldap-perl: Fix LICENSE string
libxml-libxml-perl: Fix LICENSE string
libnet-telnet-perl: Fix LICENSE string
libproc-waitstat-perl: Fix LICENSE string
Sean Anderson (2):
image_types_sparse: Pad source image to block size
image_types_sparse: Generate "don't care" chunks
Vyacheslav Yurkov (4):
protobuf: correct ptest dependency
protobuf: 3.19.4 -> 3.21.5 upgrade
protobuf: change build system to cmake
protobuf: disable protoc binary for target
Wang Mingyu (60):
cifs-utils: upgrade 6.15 -> 7.0
geocode-glib: upgrade 3.26.3 -> 3.26.4
gjs: upgrade 1.72.1 -> 1.72.2
htpdate: upgrade 1.3.5 -> 1.3.6
icewm: upgrade 2.9.8 -> 2.9.9
ipc-run: upgrade 20200505.0 -> 20220807.0
iwd: upgrade 1.28 -> 1.29
ldns: upgrade 1.8.1 -> 1.8.2
libadwaita: upgrade 1.1.3 -> 1.1.4
libencode-perl: upgrade 3.18 -> 3.19
libmime-charset-perl: upgrade 1.012.2 -> 1.013.1
libtest-warn-perl: upgrade 0.36 -> 0.37
nano: upgrade 6.3 -> 6.4
nbdkit: upgrade 1.31.15 -> 1.32.1
netdata: upgrade 1.35.1 -> 1.36.0
fio: upgrade 3.30 -> 3.31
nlohmann-json: upgrade 3.10.5 -> 3.11.2
poco: upgrade 1.12.1 -> 1.12.2
postgresql: upgrade 14.4 -> 14.5
poppler: upgrade 22.07.0 -> 22.08.0
smarty: upgrade 4.1.1 -> 4.2.0
tracker: upgrade 3.3.2 -> 3.3.3
uftp: upgrade 5.0 -> 5.0.1
xdg-user-dirs: upgrade 0.17 -> 0.18
python3-pycodestyle: upgrade 2.9.0 -> 2.9.1
python3-pyzmq: upgrade 23.2.0 -> 23.2.1
python3-setuptools-declarative-requirements: upgrade 1.2.0 -> 1.3.0
python3-sqlalchemy: upgrade 1.4.39 -> 1.4.40
python3-werkzeug: upgrade 2.2.1 -> 2.2.2
python3-xmlschema: upgrade 2.0.1 -> 2.0.2
python3-yappi: upgrade 1.3.5 -> 1.3.6
ade: upgrade 0.1.1f -> 0.1.2
babl: upgrade 0.1.92 -> 0.1.94
ctags: upgrade 5.9.20220703.0 -> 5.9.20220821.0
grilo-plugins: upgrade 0.3.14 -> 0.3.15
ldns: upgrade 1.8.2 -> 1.8.3
libcurses-perl: upgrade 1.38 -> 1.41
mosquitto: upgrade 2.0.14 -> 2.0.15
nbdkit: upgrade 1.32.1 -> 1.33.1
netdata: upgrade 1.36.0 -> 1.36.1
libsdl2-ttf: upgrade 2.20.0 -> 2.20.1
xfstests: upgrade 2022.07.31 -> 2022.08.07
php: upgrade 8.1.8 -> 8.1.9
rdma-core: upgrade 41.0 -> 42.0
spitools: upgrade 1.0.1 -> 1.0.2
unbound: upgrade 1.16.1 -> 1.16.2
zlog: upgrade 1.2.15 -> 1.2.16
python3-hexbytes: upgrade 0.2.3 -> 0.3.0
python3-pythonping: upgrade 1.1.2 -> 1.1.3
python3-jsonrpcserver: Add dependence python3-typing-extensions
feh: upgrade 3.9 -> 3.9.1
gnome-bluetooth: upgrade 42.2 -> 42.3
hunspell: upgrade 1.7.0 -> 1.7.1
gtk4: upgrade 4.6.6 -> 4.6.7
logwatch: upgrade 7.6 -> 7.7
bdwgc: upgrade 8.2.0 -> 8.2.2
tcpreplay: upgrade 4.4.1 -> 4.4.2
tree: upgrade 2.0.2 -> 2.0.3
xfsdump: upgrade 3.1.10 -> 3.1.11
babl: upgrade 0.1.94 -> 0.1.96
Wolfgang Meyer (1):
libsdl2-ttf: upgrade 2.0.18 -> 2.20.0
Xu Huan (18):
python3-protobuf: upgrade 4.21.3 -> 4.21.4
python3-pycodestyle: upgrade 2.8.0 -> 2.9.0
python3-pyflakes: upgrade 2.4.0 -> 2.5.0
python3-pythonping: upgrade 1.1.1 -> 1.1.2
python3-regex: upgrade 2022.7.24 -> 2022.7.25
python3-werkzeug: upgrade 2.2.0 -> 2.2.1
python3-google-auth: upgrade 2.9.1 -> 2.10.0
python3-humanize: upgrade 4.2.3 -> 4.3.0
python3-hexbytes: upgrade 0.2.2 -> 0.2.3
python3-imageio: upgrade 2.21.0 -> 2.21.1
python3-nocaselist: upgrade 1.0.5 -> 1.0.6
python3-protobuf: upgrade 4.21.4 -> 4.21.5
python3-pycares: upgrade 4.2.1 -> 4.2.2
python3-fastjsonschema: upgrade 2.16.1 -> 2.16.2
python3-google-api-python-client: upgrade 2.56.0 -> 2.57.0
python3-google-auth: upgrade 2.10.0 -> 2.11.0
python3-grpcio-tools: upgrade 1.47.0 -> 1.48.0
python3-grpcio: upgrade 1.47.0 -> 1.48.0
Yi Zhao (5):
strongswan: upgrade 5.9.6 -> 5.9.7
libldb: upgrade 2.3.3 -> 2.3.4
samba: upgrade 4.14.13 -> 4.14.14
python3-jsonrpcserver: upgrade 5.0.7 -> 5.0.8
samba: fix buildpaths issue
wangmy (16):
gedit: upgrade 42.1 -> 42.2
libwacom: upgrade 2.3.0 -> 2.4.0
htpdate: upgrade 1.3.4 -> 1.3.5
nbdkit: upgrade 1.31.14 -> 1.31.15
pure-ftpd: upgrade 1.0.50 -> 1.0.51
avro-c: upgrade 1.11.0 -> 1.11.1
debootstrap: upgrade 1.0.126 -> 1.0.127
freerdp: upgrade 2.7.0 -> 2.8.0
icewm: upgrade 2.9.7 -> 2.9.8
libmxml: upgrade 3.3 -> 3.3.1
poco: upgrade 1.12.0 -> 1.12.1
xfontsel: upgrade 1.0.6 -> 1.1.0
xmessage: upgrade 1.0.5 -> 1.0.6
xrefresh: upgrade 1.0.6 -> 1.0.7
zabbix: upgrade 6.0.5 -> 6.2.1
xrdp: upgrade 0.9.18 -> 0.9.19
zhengrq.fnst (4):
python3-asttokens: upgrade 2.0.7 -> 2.0.8
python3-charset-normalizer: upgrade 2.1.0 -> 2.1.1
python3-eth-account: 0.6.1 -> 0.7.0
python3-cantools: upgrade 37.1.0 -> 37.1.2
zhengruoqin (12):
python3-dominate: upgrade 2.6.0 -> 2.7.0
python3-flask-login: upgrade 0.6.1 -> 0.6.2
python3-google-api-python-client: upgrade 2.54.0 -> 2.55.0
python3-haversine: upgrade 2.5.1 -> 2.6.0
python3-imageio: upgrade 2.19.5 -> 2.21.0
python3-autobahn: upgrade 22.6.1 -> 22.7.1
python3-engineio: upgrade 4.3.3 -> 4.3.4
python3-flask: upgrade 2.1.3 -> 2.2.2
python3-gcovr: upgrade 5.1 -> 5.2
python3-google-api-python-client: upgrade 2.55.0 -> 2.56.0
python3-asttokens: upgrade 2.0.5 -> 2.0.7
python3-zeroconf: upgrade 0.38.7 -> 0.39.0
meta-security: 2a2d650ee0..10fdc2b13a:
Anton Antonov (2):
Use CARGO_TARGET_SUBDIR in do_install
parsec-service: Update oeqa tests
Armin Kuster (8):
python3-privacyidea: update to 3.7.3
lkrg-module: update to 0.9.5
apparmor: update to 3.0.6
packagegroup-core-security: add space for appends
cryptmount: Add new pkg
packagegroup-core-security: add pkg to grp
cyptmount: Fix mount.h conflicts seen with glibc 2.36+
kas: update testimage inherit
John Edward Broadbent (1):
meta-security: Add recipe for Glome
Mingli Yu (1):
samhain-standalone: fix buildpaths issue
poky: fc59c28724..9b1db65e7d:
Alejandro Hernandez Samaniego (1):
baremetal-image.bbclass: Emulate image.bbclass to handle new classes scope
Alex Stewart (1):
maintainers: update opkg maintainer
Alexander Kanavin (113):
kmscube: address linux 5.19 fails
rpm: update 4.17.0 -> 4.17.1
go: update 1.18.4 -> 1.19
bluez5: update 5.64 -> 5.65
python3-pip: update 22.2.1 -> 22.2.2
ffmpeg: update 5.0.1 -> 5.1
iproute2: upgrade 5.18.0 -> 5.19.0
harfbuzz: upgrade 4.4.1 -> 5.1.0
libwpe: upgrade 1.12.0 -> 1.12.2
bind: upgrade 9.18.4 -> 9.18.5
diffoscope: upgrade 218 -> 220
ell: upgrade 0.51 -> 0.52
gnutls: upgrade 3.7.6 -> 3.7.7
iso-codes: upgrade 4.10.0 -> 4.11.0
kea: upgrade 2.0.2 -> 2.2.0
kexec-tools: upgrade 2.0.24 -> 2.0.25
libcap: upgrade 2.64 -> 2.65
libevdev: upgrade 1.12.1 -> 1.13.0
libnotify: upgrade 0.8.0 -> 0.8.1
libwebp: upgrade 1.2.2 -> 1.2.3
libxcvt: upgrade 0.1.1 -> 0.1.2
mesa: upgrade 22.1.3 -> 22.1.5
mobile-broadband-provider-info: upgrade 20220511 -> 20220725
nettle: upgrade 3.8 -> 3.8.1
piglit: upgrade to latest revision
puzzles: upgrade to latest revision
python3: upgrade 3.10.5 -> 3.10.6
python3-dtschema: upgrade 2022.7 -> 2022.8
python3-hypothesis: upgrade 6.50.1 -> 6.54.1
python3-jsonschema: upgrade 4.9.0 -> 4.9.1
python3-markdown: upgrade 3.3.7 -> 3.4.1
python3-setuptools: upgrade 63.3.0 -> 63.4.1
python3-sphinx: upgrade 5.0.2 -> 5.1.1
python3-urllib3: upgrade 1.26.10 -> 1.26.11
sqlite3: upgrade 3.39.1 -> 3.39.2
sysklogd: upgrade 2.4.0 -> 2.4.2
webkitgtk: upgrade 2.36.4 -> 2.36.5
kernel-dev: working with kernel using devtool does not require building and installing eSDK
sdk-manual: describe how to use extensible SDK functionality directly in a Yocto build
dropbear: merge .inc into .bb
rust: update 1.62.0 -> 1.62.1
cmake: update 3.23.2 -> 3.24.0
weston: upgrade 10.0.1 -> 10.0.2
patchelf: update 0.14.5 -> 0.15.0
patchelf: replace a rejected patch with an equivalent uninative.bbclass tweak
weston: exclude pre-releases from version check
tzdata: upgrade 2022a -> 2022b
libcgroup: update 2.0.2 -> 3.0.0
python3-setuptools-rust: update 1.4.1 -> 1.5.1
shadow: update 4.11.1 -> 4.12.1
slang: update 2.3.2 -> 2.3.3
xz: update 5.2.5 -> 5.2.6
gdk-pixbuf: update 2.42.8 -> 2.42.9
xorgproto: update 2022.1 -> 2022.2
boost-build-native: update 4.4.1 -> 1.80.0
boost: update 1.79.0 -> 1.80.0
vulkan-samples: update to latest revision
epiphany: upgrade 42.3 -> 42.4
git: upgrade 2.37.1 -> 2.37.2
glib-networking: upgrade 2.72.1 -> 2.72.2
gnu-efi: upgrade 3.0.14 -> 3.0.15
gpgme: upgrade 1.17.1 -> 1.18.0
libjpeg-turbo: upgrade 2.1.3 -> 2.1.4
libwebp: upgrade 1.2.3 -> 1.2.4
lighttpd: upgrade 1.4.65 -> 1.4.66
mesa: upgrade 22.1.5 -> 22.1.6
meson: upgrade 0.63.0 -> 0.63.1
mpg123: upgrade 1.30.1 -> 1.30.2
pango: upgrade 1.50.8 -> 1.50.9
piglit: upgrade to latest revision
pkgconf: upgrade 1.8.0 -> 1.9.2
python3-dtschema: upgrade 2022.8 -> 2022.8.1
python3-more-itertools: upgrade 8.13.0 -> 8.14.0
python3-numpy: upgrade 1.23.1 -> 1.23.2
python3-pbr: upgrade 5.9.0 -> 5.10.0
python3-pyelftools: upgrade 0.28 -> 0.29
python3-pytz: upgrade 2022.1 -> 2022.2.1
strace: upgrade 5.18 -> 5.19
sysklogd: upgrade 2.4.2 -> 2.4.4
wireless-regdb: upgrade 2022.06.06 -> 2022.08.12
wpebackend-fdo: upgrade 1.12.0 -> 1.12.1
python3-hatchling: update 1.6.0 -> 1.8.0
python3-setuptools: update 63.4.1 -> 65.0.2
devtool: do not leave behind source trees in workspace/sources
systemtap: add a patch to address a python 3.11 failure
bitbake: bitbake-layers: initialize tinfoil before registering command line arguments
scripts/oe-setup-builddir: add a check that TEMPLATECONF is valid
bitbake-layers: add a command to save the active build configuration as a template into a layer
bitbake-layers: add ability to save current layer repository configuration into a file
scripts/oe-setup-layers: add a script that restores the layer configuration from a json file
selftest/bblayers: add a test for creating a layer setup and using it to restore the layers
selftest/bblayers: adjust the revision for the layer setup test
perl: run builds from a pristine source tree
meta-poky/conf: move default templates to conf/templates/default/
syslinux: mark all pending patches as Inactive-Upstream
shadow: correct the pam patch status
mtd-utils: remove patch that adds -I option
gstreamer1.0-plugins-bad: remove an unneeded patch
ghostscript: remove unneeded patch
ovmf: drop the force no-stack-protector patch
python: submit CC to cc_basename patch upstream
mc: submit perl warnings patch upstream
sysvinit: send install.patch upstream
valgrind: (re)send ppc instructions patch upstream
gdk-pixbuf: submit fatal-loader.patch upstream
libsdl2: follow upstream version is even rule
python3-pip: submit reproducible.patch upstream
python3-pip: remove unneeded reproducible.patch
llvm: remove 0006-llvm-TargetLibraryInfo-Undefine-libc-functions-if-th.patch
scripts/oe-setup-builddir: migrate build/conf/templateconf.cfg to new template locations
meta/files/layers.schema.json: drop the layers property
scripts/oe-setup-builddir: write to conf/templateconf.cfg after the build is set up
scripts/oe-setup-builddir: make environment variable the highest priority source for TEMPLATECONF
Alexandre Belloni (1):
ruby: drop capstone support
Andrei Gherzan (7):
shadow: Enable subid support
rootfspostcommands.py: Restructure sort_passwd and related functions
rootfspostcommands.py: Cleanup subid backup files generated by shadow-utils
selftest: Add module for testing rootfs postcommands
rootfs-postcommands.bbclass: Follow function rename in rootfspostcommands.py
shadow: Avoid nss warning/error with musl
linux-yocto: Fix COMPATIBLE_MACHINE regex match
Andrey Konovalov (2):
mesa: add pipe-loader's libraries to libopencl-mesa package
mesa: build clover with native LLVM codegen support for freedreno
Anuj Mittal (1):
poky.conf: add ubuntu-22.04 to tested distros
Armin Kuster (1):
system-requirements.rst: remove EOL and Centos7 hosts
Aryaman Gupta (1):
bitbake: runqueue: add memory pressure regulation
Awais Belal (1):
kernel-fitimage.bbclass: only package unique DTBs
Beniamin Sandu (1):
libpam: use /run instead of /var/run in systemd tmpfiles
Bertrand Marquis (1):
sysvinit-inittab/start_getty: Fix respawn too fast
Bruce Ashfield (22):
linux-yocto/5.15: update to v5.15.58
linux-yocto/5.10: update to v5.10.134
linux-yocto-rt/5.15: update to -rt48 (and fix -stable merge)
linux-libc-headers: update to v5.19
kernel-devsrc: support arm v5.19+ on target build
kernel-devsrc: support powerpc on v5.19+
lttng-modules: fix build against mips and v5.19 kernel
linux-yocto: introduce v5.19 reference kernel recipes
meta/conf: update preferred linux-yocto version to v5.19
linux-yocto: drop v5.10 reference kernel recipes
linux-yocto/5.15: update to v5.15.59
linux-yocto/5.15: fix reproducibility issues
linux-yocto/5.19: cfg: update x32 configuration fragment
linux-yocto/5.19: fix reproducibility issues
poky: update preferred version to v5.19
poky: change preferred kernel version to 5.15 in poky-alt
yocto-bsp: drop v5.10 bbappend and create 5.19 placeholder
lttng-modules: replace mips compaction fix with upstream change
linux-yocto/5.15: update to v5.15.60
linux-yocto/5.19: update to v5.19.1
linux-yocto/5.19: update to v5.19.3
linux-yocto/5.15: update to v5.15.62
Changqing Li (1):
apt: fix nativesdk-apt build failure during the second time build
Chen Qi (2):
python3-hypothesis: revert back to 6.46.11
python3-requests: add python3-compression dependency
Drew Moseley (1):
rng-tools: Replace obsolete "wants systemd-udev-settle"
Enrico Scholz (2):
npm.bbclass: fix typo in 'fund' config option
npm.bbclass: fix architecture mapping
Ernst Sjöstrand (1):
cve-check: Don't use f-strings
Jacob Kroon (1):
python3-cython: Remove debug lines
Jan Luebbe (2):
openssh: sync local ssh_config + sshd_config files with upstream 8.7p1
openssh: add support for config snippet includes to ssh and sshd
JeongBong Seo (1):
wic: add 'none' fstype for custom image
Johannes Schneider (1):
classes: rootfs-postcommands: autologin root on serial-getty
Jon Mason (2):
oeqa/parselogs: add qemuarmv5 arm-charlcd masking
ref-manual: add numa to machine features
Jose Quaresma (4):
bitbake: build: prefix the tasks with a timestamp in the log task_order
archiver.bbclass: some recipes that uses the kernelsrc bbclass uses the shared source
linux-yocto: prepend the the value with a space when append to KERNEL_EXTRA_ARGS
shaderc: upgrade 2022.1 -> 2022.2
Joshua Watt (4):
bitbake: siggen: Fix insufficent entropy in sigtask file names
bitbake: utils: Pass lock argument in fileslocked
classes: cve-check: Get shared database lock
meta/files: add layer setup JSON schema and example
Kai Kang (1):
packagegroup-self-hosted: update for strace
Kevin Hao (1):
uboot-config.bbclass: Don't bail out early in multi configs
Khem Raj (83):
qemu: Fix build with glibc 2.36
mtd-utils: Fix build with glibc 2.36
stress-ng: Upgrade to 0.14.03
bootchart2: Fix build with glibc 2.36+
ltp: Fix sys/mount.h conflicts needed for glibc 2.36+ compile
efivar: Fix build with glibc 2.36
cracklib: Drop using register keyword
util-linux: Define pidfd_* function signatures
util-linux: Upgrade to 2.38.1
tcp-wrappers: Fix implicit-function-declaration warnings
perl-cross: Correct function signatures in configure_func.sh
perl: Pass additional flags to enable lfs and gnu source
sysvinit: Fix mount.h conflicts seen with glibc 2.36+
glibc: Bump to 2.36
glibc: Update patch status
zip: Enable largefile support based on distro feature
zip: Make configure checks to be more robust
unzip: Fix configure tests to use modern C
unzip: Enable largefile support when enabled in distro
iproute2: Fix netns check during configure
glibc: Bump to latest 2.36 branch
gstreamer1.0-plugins-base: Include required system headers for isspace() and sscanf()
musl: Upgrade to latest tip of trunk
zip: Always enable LARGE_FILE_SUPPORT
libmicrohttpd: Enable largefile support unconditionally
unzip: Always enable largefile support
default-distrovars: Remove largefile from defualt DISTRO_FEATURES
zlib: Resolve CVE-2022-37434
json-c: Fix function prototypes
rsync: Backport fix to address CVE-2022-29154
rsync: Upgrade to 3.2.5
libtirpc: Backport fix for CVE-2021-46828
libxml2: Ignore CVE-2016-3709
tiff: Backport a patch for CVE-2022-34526
libtirpc: Upgrade to 1.3.3
perf: Add packageconfig for libbfd support and use disabled as default
connman: Backports for security fixes
systemd: Upgrade to 251.4 and fix build with binutils 2.39
time: Add missing include for memset
screen: Add missing include files in configure checks
setserial: Fix build with clang
expect: Fix implicit-function-declaration warnings
spirv-tools: Remove default copy constructor in header
boost: Compile out stdlib unary/binary_functions for c++11 and newer
vulkan-samples: Qualify move as std::move
apt: Do not use std::binary_function
ltp: Fix sys/mount.h and linux/mount.h conflict
rpm: Remove -Wimplicit-function-declaration warnings
binutils: Upgrade to 2.39 release
binutils-cross: Disable gprofng for when building cross binutils
binutils: Package up gprofng
binutils: Disable gprofng when using clang
binutils-cross-canadian: Package up new gprofng.rc file
autoconf: Fix strict prototype errors in generated tests
rsync: Add missing prototypes to function declarations
nfs-utils: Upgrade to 2.6.2
webkitgtk: Upgrade to 2.36.6 minor update
musl: Update to tip
binutils: Disable gprofng on musl systems
binutils: Upgrade to latest on 2.39 release branch
cargo_common.bbclass: Add missing space in shell conditional code
rng-tools: Remove depndencies on hwrng
ccache: Update the patch status
ccache: Fix build with gcc12 on musl
alsa-plugins: Include missing string.h
xinetd: Pass missing -D_GNU_SOURCE
watchdog: Include needed system header for function decls
libcgroup: Use GNU strerror_r only when its available
pinentry: enable _XOPEN_SOURCE on musl for wchar usage in curses
apr: Use correct strerror_r implementation based on libc type
gcr: Define _GNU_SOURCE
ltp: Adjust types to match create_fifo_thread return
gcc: Upgrade to 12.2.0
glibc: Update to latest on 2.36
ltp: Remove -mfpmath=sse on x86-64 too
apr: Cache configure tests which use AC_TRY_RUN
rust: Fix build failure on riscv32
ncurses: Fix configure tests for exit and mbstate_t
rust-llvm: Update to matching LLVM_VERSION from rust-source
librepo: Fix build on musl
rsync: Turn on -pedantic-errors at the end of 'configure'
ccache: Upgrade to 4.6.2
xmlto: Update to use upstream tip of trunk
Konrad Weihmann (1):
python3: disable user site-pkg for native target
Lee Chee Yang (1):
migration guides: add release notes for 4.0.3
Luca Ceresoli (1):
libmnl: remove unneeded SRC_URI 'name' option
Markus Volk (2):
connman: add PACKAGECONFIG to support iwd
packagegroup-base.bb: add a configure option to set the wireless-daemon
Martin Jansa (5):
glibc: revert one upstream change to work around broken DEBUG_BUILD build
syslinux: Fix build with glibc-2.36
syslinux: refresh patches with devtool
glibc: fix new upstream build issue with DEBUG_BUILD build
glibc: apply proposed patch from upstream instead of revert
Mateusz Marciniec (2):
util-linux: Remove --enable-raw from EXTRA_OECONF
util-linux: Improve check for magic in configure.ac
Michael Halstead (1):
uninative: Upgrade to 3.7 to work with glibc 2.36
Michael Opdenacker (1):
dev-manual: use proper note directive
Mingli Yu (1):
bitbake: fetch: use BPN instead
Neil Horman (1):
bitbake: Fix npm to use https rather than http
Paul Eggleton (1):
relocate_sdk.py: ensure interpreter size error causes relocation to fail
Pavel Zhukov (6):
package_rpm: Do not replace square brackets in %files
selftest: Add regression test for rpm filesnames
parselogs: Ignore xf86OpenConsole error
bitbake: gitsm: Error out if submodule refers to parent repo
bitbake: tests: Add Timeout class
bitbake: tests: Add test for possible gitsm deadlock
Peter Bergin (3):
rust-cross-canadian: rename shell variables for easier appends
packagegroup-rust-cross-canadian: add native compiler environment
oeqa/sdk: extend rust test to also use a build script
Peter Marko (1):
create-spdx: handle links to inaccessible locations
Quentin Schulz (3):
docs: conf.py: update yocto_git base URL
docs: README: add TeX font package required for building PDF
docs: ref-manual: system-requirements: add missing packages
Randy MacLeod (1):
rust: update from 1.62.1 to 1.63.0
Rasmus Villemoes (1):
bitbake.conf: set BB_DEFAULT_UMASK using ??=
Richard Purdie (85):
oeqa/selftest/sstate: Ensure tests are deterministic
nativesdk: Clear TUNE_FEATURES
populate_sdk_base: Disable rust SDK for MIPS n32
selftest/reproducible: Exclude rust/rust-dbg for now until we can fix
conf/distro/no-static-libs: Allow static musl for rust
rust-target-config: Add mips n32 target information
rust-common: Add CXXFLAGS
rust-common: Drop export directive from wrappers
rust-common: Rework wrappers to handle musl
rust: Work around reproducibility issues
rust: Switch to use RUST_XXX_SYS consistently
rust.inc: Rename variables to make code clearer
rust.inc: Fix cross build llvm-config handling
rust/mesa: Drop obsolete YOCTO_ALTERNATE_MULTILIB_NAME
rust-target-config: Show clear error when target isn't defined
rust: Generate per recipe target configuration files
rust-common/rust: Improve bootstrap BUILD_SYS handling
cargo_common: Handle build SYS as well as HOST/TARGET
rust-llvm: Enable nativesdk variant
rust.inc: Fix for cross compilation configuration
rust-common: Update to match cross targets
rust-target-config: Make target workaround generic
rust-common: Simplify libc handling
cargo: Drop cross-canadian variant and fix/use nativesdk
rust-common: Set rustlibdir to match target expectation
rust-cross-canadian: Simplify and fix
rust: Drop cross/crosssdk
rust: Enable nativesdk and target builds + replace rust-tools-cross-canadian
rust: Fix musl builds
rust: Ensure buildpaths are handled in debug symbols correctly
rust: Update README
selftest/wic: Tweak test case to not depend on kernel size
bitbake: runqueue: Ensure deferred tasks are sorted by multiconfig
bitbake: runqueue: Improve deadlock warning messages
bitbake: runqueue: Drop deadlock breaking force fail
rust-common: Remove conflict with utils create_wrapper
kern-devsrc: Drop auto.conf creation
cargo: Work around host system library conflicts
rust-cross-canadian: Use shell from SDK, not the host
buildhistory: Only use image-artifact-names as an image class
rust: Remove unneeded RUST_TARGETGENS settings
meta-skeleton/hello-mod: Switch to SPDX-License-Identifier
perf: Fix reproducibility issues with 5.19 onwards
selftest/runtime_test/incompatible_lic: Use IMAGE_CLASSES for testimage
testexport: Fix to work as an image class
testexport: Use IMAGE_CLASSES for testimage
selftest/runtime_test: Use testexport in IMAGE_CLASSES, not globally
bitbake: BBHandler: Allow earlier exit for classes not found
bitbake: BBHandler: Make inherit calls more directly
bitbake: bitbake: Add copyright headers where missing
bitbake: BBHandler/cooker: Implement recipe and global classes
classes: Add copyright statements to files without one
scripts: Add copyright statements to files without one
classes: Add SPDX license identifiers
lib: Add copyright statements to files without one
insane: Update to allow for class layout changes
classes: Update classes to match new bitbake class scope functionality
recipetool: Update for class changes
package: Switch debug source handling to use prefix map
libgcc/gcc-runtime: Improve source reference handling
bitbake.conf: Handle S and B separately for debug mapping
python3-cython: Update code to match debug path changes
gcc-cross: Fix relative links
gcc: Resolve relative prefix-map filenames
gcc: Add a patch to avoid hardcoded paths in libgcc on powerpc
gcc: Update patch status to submitted for two patches
valgrind: Disable drd/tests/std_thread2 ptest
valgrind: Update to match debug file layout changes
skeleton/service: Ensure debug path handling works as intended
distrooverrides: Move back to classes whilst it's usage is clarified
vim: Upgrade 9.0.0115 -> 9.0.0242
icu: Drop binconfig support (icu-config)
libtirpc: Mark CVE-2021-46828 as resolved
bitbake: runqueue: Change pressure file warning to a note
rust-target-config: Drop has-elf-tls option
llvm: Add llvm-config wrapper to improve flags handling
mesa: Rework llvm handling
rust-target-config: Fix qemuppc target cpu option
rust: Fix crossbeam-utils for arches without atomics
pseudo: Update to include recent upstream minor fixes
bitbake: Revert "fetch: use BPN instead"
vim: Upgrade 9.0.0242 -> 9.0.0341
gcc-multilib-config: Fix i686 toolchain relocation issues
kernel: Always set CC and LD for the kernel build
kernel: Use consistent make flags for menuconfig
Robert Joslyn (1):
curl: Update to 7.85.0
Ross Burton (9):
oeqa/qemurunner: add run_serial() comment
oeqa/commands: add support for running cross tools to runCmd
oeqa/selftest: rewrite gdbserver test
libxml2: wrap xmllint to use the correct XML catalogues
oeqa/selftest: add test for debuginfod
libgcrypt: remove obsolete pkgconfig install
libgcrypt: remove obsolete patch
libgcrypt: rewrite ptest
cve-check: close cursors as soon as possible
Sakib Sajal (2):
qemu: fix CVE-2021-3507
qemu: fix CVE-2022-0216
Shubham Kulkarni (1):
sanity: add a comment to ensure CONNECTIVITY_CHECK_URIS is correct
Simone Weiss (1):
json-c: Add ptest for json-c
Sundeep KOKKONDA (1):
glibc : stable 2.35 branch updates
Thomas Roos (1):
oeqa devtool: Add tests to cover devtool handling of various git URL styles
Tom Hochstein (1):
piglit: Add PACKAGECONFIG for glx and opencl
Tom Rini (1):
qemux86-64: Allow higher tunes
Ulrich Ölmann (1):
scripts/runqemu.README: fix typos and trailing whitespaces
William A. Kennington III (1):
image_types: Set SOURCE_DATE_EPOCH for squashfs
Yang Xu (1):
insane.bbclass: Skip patches not in oe-core by full path
Yogesh Tyagi (1):
gdbserver : add selftest
Yongxin Liu (1):
grub2: fix several CVEs
wangmy (19):
msmtp: upgrade 1.8.20 -> 1.8.22
bind: upgrade 9.18.5 -> 9.18.6
btrfs-tools: upgrade 5.18.1 -> 5.19
libdnf: upgrade 0.67.0 -> 0.68.0
librepo: upgrade 1.14.3 -> 1.14.4
pkgconf: upgrade 1.9.2 -> 1.9.3
python3-pygments: upgrade 2.12.0 -> 2.13.0
ethtool: upgrade 5.18 -> 5.19
librsvg: upgrade 2.54.4 -> 2.54.5
libtasn1: upgrade 4.18.0 -> 4.19.0
liburcu: upgrade 0.13.1 -> 0.13.2
libwpe: upgrade 1.12.2 -> 1.12.3
lttng-tools: upgrade 2.13.7 -> 2.13.8
lttng-ust: upgrade 2.13.3 -> 2.13.4
libatomic-ops: upgrade 7.6.12 -> 7.6.14
lz4: upgrade 1.9.3 -> 1.9.4
python3-hatchling: upgrade 1.8.0 -> 1.8.1
python3-urllib3: upgrade 1.26.11 -> 1.26.12
repo: upgrade 2.28 -> 2.29.1
meta-arm: 20a629180c..52f07a4b0b:
Anton Antonov (11):
arm/optee-os: backport RWX permission error patch
work around for too few arguments to function init_disassemble_info() error
arm/optee-os: backport linker warning patches
arm/tf-a-tests: work around RWX permission error on segment
Recipes for Trusted Services dependencies.
Recipes for Trusted Services Secure Partitions
ARM-FFA kernel drivers and kernel configs for Trusted Services
Trusted Services test/demo NWd tools
psa-api-tests for Trusted Services
Include Trusted Services SPs into optee-os image
Define qemuarm64-secureboot-ts CI pipeline and include it into meta-arm
Gowtham Suresh Kumar (2):
arm-bsp/secure-partitions: fix SMM gateway bug for EFI GetVariable()
arm-bsp/u-boot: drop EFI GetVariable() workarounds patches
Jon Mason (11):
arm-bsp/fvp-base-arm32: Update kernel patch for v5.19
arm/qemuarm64-secureboot: remove tfa memory patch
arm/linux-yocto: remove optee num pages kernel config variable
arm-bsp/juno: drop scmi patch
arm/qemuarm-secureboot: remove vmalloc from QB_KERNEL_CMDLINE_APPEND
arm/fvp: use image-artifact-names as an image class
atp/atp: drop package inherits
arm/optee: Update to 3.18
arm-bsp/fvp-base: set preferred kernel to 5.15
arm/arm-bsp: Add yocto-kernel-cache bluetooth support
arm-bsp/corstone1000: use compressed kernel image
Khem Raj (2):
gator-daemon: Define _GNU_SOURCE feature test macro
optee-os: Add section attribute parameters when clang is used
Peter Hoyes (3):
docs: Update FVP_CONSOLES in runfvp documentation
docs: Introduce meta-arm OEQA documentation
arm/oeqa: Make linuxboot test case timeout configurable
Richard Purdie (1):
gem5/gem5-m5ops: Drop uneeded package inherit
Ross Burton (2):
arm/trusted-firmware-a: remove redundant patches
arm/trusted-firmware-a: work around RWX permission error on segment
Rui Miguel Silva (2):
arm-bsp:corstone500: rebase u-boot patches on v2022.07
arm-bsp/corstone1000: rebase u-boot patches on top v2022.07
Vishnu Banavath (3):
arm-bsp/trusted-firmware-a: Bump TF-A version for N1SDP
arm-bsp/optee: add optee-os support for N1SDP target
arm/optee: update optee-client to v3.18
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I90aa0a94410dd208163af126566d22c77787abc2
Diffstat (limited to 'meta-arm/meta-arm-bsp/recipes-security')
8 files changed, 777 insertions, 0 deletions
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/n1sdp/0001-core-arm-add-MPIDR-affinity-shift-and-mask-for-32-bi.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/n1sdp/0001-core-arm-add-MPIDR-affinity-shift-and-mask-for-32-bi.patch new file mode 100644 index 0000000000..f249e526a8 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/n1sdp/0001-core-arm-add-MPIDR-affinity-shift-and-mask-for-32-bi.patch @@ -0,0 +1,29 @@ +Upstream-Status: Pending [Not submitted to upstream yet] +Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com> + +From cf84c933bb7b8a95742d1e723950cb2cde2d5320 Mon Sep 17 00:00:00 2001 +From: Vishnu Banavath <vishnu.banavath@arm.com> +Date: Wed, 20 Jul 2022 16:37:10 +0100 +Subject: [PATCH] core: arm: add MPIDR affinity shift and mask for 32-bit + +This change is to add MPIDR affinity shift and mask for +32-bit + +Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com> + +diff --git a/core/arch/arm/include/arm.h b/core/arch/arm/include/arm.h +index f59478af..2f6f82e7 100644 +--- a/core/arch/arm/include/arm.h ++++ b/core/arch/arm/include/arm.h +@@ -63,6 +63,8 @@ + #define MPIDR_AFF1_MASK (MPIDR_AFFLVL_MASK << MPIDR_AFF1_SHIFT) + #define MPIDR_AFF2_SHIFT U(16) + #define MPIDR_AFF2_MASK (MPIDR_AFFLVL_MASK << MPIDR_AFF2_SHIFT) ++#define MPIDR_AFF3_SHIFT U(32) ++#define MPIDR_AFF3_MASK (MPIDR_AFFLVL_MASK << MPIDR_AFF3_SHIFT) + + #define MPIDR_MT_SHIFT U(24) + #define MPIDR_MT_MASK BIT(MPIDR_MT_SHIFT) +-- +2.17.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/n1sdp/0002-plat-n1sdp-add-N1SDP-platform-support.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/n1sdp/0002-plat-n1sdp-add-N1SDP-platform-support.patch new file mode 100644 index 0000000000..db195ab337 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/n1sdp/0002-plat-n1sdp-add-N1SDP-platform-support.patch @@ -0,0 +1,233 @@ +Upstream-Status: Pending [Not submitted to upstream yet] +Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com> + +From 22ba7c7789082dbc179921962cdcadece4499c89 Mon Sep 17 00:00:00 2001 +From: Vishnu Banavath <vishnu.banavath@arm.com> +Date: Thu, 30 Jun 2022 18:36:26 +0100 +Subject: [PATCH] plat-n1sdp: add N1SDP platform support + +These changes are to add N1SDP platform to optee-os + +Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com> + +diff --git a/core/arch/arm/plat-n1sdp/conf.mk b/core/arch/arm/plat-n1sdp/conf.mk +new file mode 100644 +index 00000000..06b4975a +--- /dev/null ++++ b/core/arch/arm/plat-n1sdp/conf.mk +@@ -0,0 +1,41 @@ ++include core/arch/arm/cpu/cortex-armv8-0.mk ++ ++CFG_DEBUG_INFO = y ++CFG_TEE_CORE_LOG_LEVEL = 4 ++ ++# Workaround 808870: Unconditional VLDM instructions might cause an ++# alignment fault even though the address is aligned ++# Either hard float must be disabled for AArch32 or strict alignment checks ++# must be disabled ++ifeq ($(CFG_SCTLR_ALIGNMENT_CHECK),y) ++$(call force,CFG_TA_ARM32_NO_HARD_FLOAT_SUPPORT,y) ++else ++$(call force,CFG_SCTLR_ALIGNMENT_CHECK,n) ++endif ++ ++CFG_ARM64_core ?= y ++ ++CFG_ARM_GICV3 = y ++ ++# ARM debugger needs this ++platform-cflags-debug-info = -gdwarf-4 ++platform-aflags-debug-info = -gdwarf-4 ++ ++CFG_CORE_SEL1_SPMC = y ++CFG_WITH_ARM_TRUSTED_FW = y ++ ++$(call force,CFG_GIC,y) ++$(call force,CFG_PL011,y) ++$(call force,CFG_SECURE_TIME_SOURCE_CNTPCT,y) ++ ++CFG_CORE_HEAP_SIZE = 0x32000 # 200kb ++ ++CFG_TEE_CORE_NB_CORE = 4 ++CFG_TZDRAM_START ?= 0x08000000 ++CFG_TZDRAM_SIZE ?= 0x02008000 ++ ++CFG_SHMEM_START ?= 0x83000000 ++CFG_SHMEM_SIZE ?= 0x00210000 ++# DRAM1 is defined above 4G ++$(call force,CFG_CORE_LARGE_PHYS_ADDR,y) ++$(call force,CFG_CORE_ARM64_PA_BITS,36) +diff --git a/core/arch/arm/plat-n1sdp/main.c b/core/arch/arm/plat-n1sdp/main.c +new file mode 100644 +index 00000000..cfb7f19b +--- /dev/null ++++ b/core/arch/arm/plat-n1sdp/main.c +@@ -0,0 +1,63 @@ ++// SPDX-License-Identifier: BSD-2-Clause ++/* ++ * Copyright (c) 2022, Arm Limited. ++ */ ++ ++#include <arm.h> ++#include <console.h> ++#include <drivers/gic.h> ++#include <drivers/pl011.h> ++#include <drivers/tpm2_mmio.h> ++#include <drivers/tpm2_ptp_fifo.h> ++#include <drivers/tzc400.h> ++#include <initcall.h> ++#include <keep.h> ++#include <kernel/boot.h> ++#include <kernel/interrupt.h> ++#include <kernel/misc.h> ++#include <kernel/notif.h> ++#include <kernel/panic.h> ++#include <kernel/spinlock.h> ++#include <kernel/tee_time.h> ++#include <mm/core_memprot.h> ++#include <mm/core_mmu.h> ++#include <platform_config.h> ++#include <sm/psci.h> ++#include <stdint.h> ++#include <string.h> ++#include <trace.h> ++ ++static struct gic_data gic_data __nex_bss; ++static struct pl011_data console_data __nex_bss; ++ ++register_phys_mem_pgdir(MEM_AREA_IO_SEC, CONSOLE_UART_BASE, PL011_REG_SIZE); ++ ++register_ddr(DRAM0_BASE, DRAM0_SIZE); ++ ++register_phys_mem_pgdir(MEM_AREA_IO_SEC, GICD_BASE, GIC_DIST_REG_SIZE); ++register_phys_mem_pgdir(MEM_AREA_IO_SEC, GICC_BASE, GIC_DIST_REG_SIZE); ++register_phys_mem_pgdir(MEM_AREA_IO_SEC, GICR_BASE, GIC_DIST_REG_SIZE); ++ ++void main_init_gic(void) ++{ ++ gic_init_base_addr(&gic_data, GICC_BASE, ++ GICD_BASE); ++ itr_init(&gic_data.chip); ++} ++ ++void main_secondary_init_gic(void) ++{ ++ gic_cpu_init(&gic_data); ++} ++ ++void itr_core_handler(void) ++{ ++ gic_it_handle(&gic_data); ++} ++ ++void console_init(void) ++{ ++ pl011_init(&console_data, CONSOLE_UART_BASE, CONSOLE_UART_CLK_IN_HZ, ++ CONSOLE_BAUDRATE); ++ register_serial_console(&console_data.chip); ++} +diff --git a/core/arch/arm/plat-n1sdp/n1sdp_core_pos.S b/core/arch/arm/plat-n1sdp/n1sdp_core_pos.S +new file mode 100644 +index 00000000..439d4e67 +--- /dev/null ++++ b/core/arch/arm/plat-n1sdp/n1sdp_core_pos.S +@@ -0,0 +1,32 @@ ++/* SPDX-License-Identifier: BSD-2-Clause */ ++/* ++ * Copyright (c) 2022, Arm Limited ++ */ ++ ++#include <asm.S> ++#include <arm.h> ++#include "platform_config.h" ++ ++FUNC get_core_pos_mpidr , : ++ mov x4, x0 ++ ++ /* ++ * The MT bit in MPIDR is always set for n1sdp and the ++ * affinity level 0 corresponds to thread affinity level. ++ */ ++ ++ /* Extract individual affinity fields from MPIDR */ ++ ubfx x0, x4, #MPIDR_AFF0_SHIFT, #MPIDR_AFFINITY_BITS ++ ubfx x1, x4, #MPIDR_AFF1_SHIFT, #MPIDR_AFFINITY_BITS ++ ubfx x2, x4, #MPIDR_AFF2_SHIFT, #MPIDR_AFFINITY_BITS ++ ubfx x3, x4, #MPIDR_AFF3_SHIFT, #MPIDR_AFFINITY_BITS ++ ++ /* Compute linear position */ ++ mov x4, #N1SDP_MAX_CLUSTERS_PER_CHIP ++ madd x2, x3, x4, x2 ++ mov x4, #N1SDP_MAX_CPUS_PER_CLUSTER ++ madd x1, x2, x4, x1 ++ mov x4, #N1SDP_MAX_PE_PER_CPU ++ madd x0, x1, x4, x0 ++ ret ++END_FUNC get_core_pos_mpidr +diff --git a/core/arch/arm/plat-n1sdp/platform_config.h b/core/arch/arm/plat-n1sdp/platform_config.h +new file mode 100644 +index 00000000..81b99409 +--- /dev/null ++++ b/core/arch/arm/plat-n1sdp/platform_config.h +@@ -0,0 +1,49 @@ ++/* SPDX-License-Identifier: BSD-2-Clause */ ++/* ++ * Copyright (c) 2022, Arm Limited ++ */ ++ ++#ifndef PLATFORM_CONFIG_H ++#define PLATFORM_CONFIG_H ++ ++#include <mm/generic_ram_layout.h> ++#include <stdint.h> ++ ++/* Make stacks aligned to data cache line length */ ++#define STACK_ALIGNMENT 64 ++ ++ /* N1SDP topology related constants */ ++#define N1SDP_MAX_CPUS_PER_CLUSTER U(2) ++#define PLAT_ARM_CLUSTER_COUNT U(2) ++#define PLAT_N1SDP_CHIP_COUNT U(2) ++#define N1SDP_MAX_CLUSTERS_PER_CHIP U(2) ++#define N1SDP_MAX_PE_PER_CPU U(1) ++ ++#define PLATFORM_CORE_COUNT (PLAT_N1SDP_CHIP_COUNT * \ ++ PLAT_ARM_CLUSTER_COUNT * \ ++ N1SDP_MAX_CPUS_PER_CLUSTER * \ ++ N1SDP_MAX_PE_PER_CPU) ++ ++#define GIC_BASE 0x2c010000 ++ ++#define UART1_BASE 0x1C0A0000 ++#define UART1_CLK_IN_HZ 24000000 /*24MHz*/ ++ ++#define CONSOLE_UART_BASE UART1_BASE ++#define CONSOLE_UART_CLK_IN_HZ UART1_CLK_IN_HZ ++ ++#define DRAM0_BASE 0x80000000 ++#define DRAM0_SIZE 0x80000000 ++ ++#define GICD_BASE 0x30000000 ++#define GICC_BASE 0x2C000000 ++#define GICR_BASE 0x300C0000 ++ ++#ifndef UART_BAUDRATE ++#define UART_BAUDRATE 115200 ++#endif ++#ifndef CONSOLE_BAUDRATE ++#define CONSOLE_BAUDRATE UART_BAUDRATE ++#endif ++ ++#endif /*PLATFORM_CONFIG_H*/ +diff --git a/core/arch/arm/plat-n1sdp/sub.mk b/core/arch/arm/plat-n1sdp/sub.mk +new file mode 100644 +index 00000000..a0b49da1 +--- /dev/null ++++ b/core/arch/arm/plat-n1sdp/sub.mk +@@ -0,0 +1,3 @@ ++global-incdirs-y += . ++srcs-y += main.c ++srcs-y += n1sdp_core_pos.S +-- +2.17.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/n1sdp/0003-HACK-disable-instruction-cache-and-data-cache.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/n1sdp/0003-HACK-disable-instruction-cache-and-data-cache.patch new file mode 100644 index 0000000000..e8f4cc44dc --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/n1sdp/0003-HACK-disable-instruction-cache-and-data-cache.patch @@ -0,0 +1,46 @@ +Upstream-Status: Pending [Not submitted to upstream yet] +Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com> + +From 0c3ce4c09cd7d2ff4cd2e62acab899dd88dc9514 Mon Sep 17 00:00:00 2001 +From: Vishnu Banavath <vishnu.banavath@arm.com> +Date: Wed, 20 Jul 2022 16:45:59 +0100 +Subject: [PATCH] HACK: disable instruction cache and data cache. + +For some reason, n1sdp fails to boot with instruction cache and +data cache enabled. This is a temporary change to disable I cache +and D cache until a proper fix is found. + +Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com> + +%% original patch: 0003-HACK-disable-instruction-cache-and-data-cache.patch + +diff --git a/core/arch/arm/kernel/entry_a64.S b/core/arch/arm/kernel/entry_a64.S +index 875b6e69..594d6928 100644 +--- a/core/arch/arm/kernel/entry_a64.S ++++ b/core/arch/arm/kernel/entry_a64.S +@@ -52,7 +52,7 @@ + + .macro set_sctlr_el1 + mrs x0, sctlr_el1 +- orr x0, x0, #SCTLR_I ++ bic x0, x0, #SCTLR_I + orr x0, x0, #SCTLR_SA + orr x0, x0, #SCTLR_SPAN + #if defined(CFG_CORE_RWDATA_NOEXEC) +@@ -490,11 +490,11 @@ LOCAL_FUNC enable_mmu , : , .identity_map + isb + + /* Enable I and D cache */ +- mrs x1, sctlr_el1 ++ /* mrs x1, sctlr_el1 + orr x1, x1, #SCTLR_I + orr x1, x1, #SCTLR_C + msr sctlr_el1, x1 +- isb ++ isb */ + + /* Adjust stack pointers and return address */ + msr spsel, #1 +-- +2.17.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/n1sdp/0004-Handle-logging-syscall.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/n1sdp/0004-Handle-logging-syscall.patch new file mode 100644 index 0000000000..356be9e04f --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/n1sdp/0004-Handle-logging-syscall.patch @@ -0,0 +1,33 @@ +Upstream-Status: Pending [Not submitted to upstream yet] +Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com> + +From b3fde6c2e1a950214f760ab9f194f3a6572292a8 Mon Sep 17 00:00:00 2001 +From: Balint Dobszay <balint.dobszay@arm.com> +Date: Fri, 15 Jul 2022 13:45:54 +0200 +Subject: [PATCH] Handle logging syscall + +Signed-off-by: Balint Dobszay <balint.dobszay@arm.com> +Change-Id: Ib8151cc9c66aea8bcc8fe8b1ecdc3f9f9c5f14e4 + +%% original patch: 0004-Handle-logging-syscall.patch + +diff --git a/core/arch/arm/kernel/spmc_sp_handler.c b/core/arch/arm/kernel/spmc_sp_handler.c +index e0fa0aa6..c7a45387 100644 +--- a/core/arch/arm/kernel/spmc_sp_handler.c ++++ b/core/arch/arm/kernel/spmc_sp_handler.c +@@ -1004,6 +1004,12 @@ void spmc_sp_msg_handler(struct thread_smc_args *args, + ffa_mem_reclaim(args, caller_sp); + sp_enter(args, caller_sp); + break; ++ case 0xdeadbeef: ++ ts_push_current_session(&caller_sp->ts_sess); ++ IMSG("%s", (char *)args->a1); ++ ts_pop_current_session(); ++ sp_enter(args, caller_sp); ++ break; + default: + EMSG("Unhandled FFA function ID %#"PRIx32, + (uint32_t)args->a0); +-- +2.17.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-n1sdp.inc b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-n1sdp.inc new file mode 100644 index 0000000000..219f08bfd7 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-n1sdp.inc @@ -0,0 +1,22 @@ +# N1 SDP specific configuration for optee-os + +COMPATIBLE_MACHINE:n1sdp = "n1sdp" +OPTEEMACHINE:n1sdp = "n1sdp" + +TS_INSTALL_PREFIX_PATH = "${RECIPE_SYSROOT}/firmware/sp/opteesp" + +FILESEXTRAPATHS:prepend := "${THISDIR}/files/optee-os/n1sdp:" +SRC_URI:append = " \ + file://0001-core-arm-add-MPIDR-affinity-shift-and-mask-for-32-bi.patch \ + file://0002-plat-n1sdp-add-N1SDP-platform-support.patch \ + file://0003-HACK-disable-instruction-cache-and-data-cache.patch \ + file://0004-Handle-logging-syscall.patch \ + " + +EXTRA_OEMAKE += " CFG_TEE_CORE_LOG_LEVEL=4" + +EXTRA_OEMAKE += " CFG_TEE_BENCHMARK=n" + +EXTRA_OEMAKE += " CFG_CORE_SEL1_SPMC=y CFG_CORE_FFA=y" + +EXTRA_OEMAKE += " CFG_WITH_SP=y" diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.18.0.bbappend b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.18.0.bbappend new file mode 100644 index 0000000000..f80e09f82d --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.18.0.bbappend @@ -0,0 +1,6 @@ +# Machine specific configurations + +MACHINE_OPTEE_OS_REQUIRE ?= "" +MACHINE_OPTEE_OS_REQUIRE:n1sdp = "optee-os-n1sdp.inc" + +require ${MACHINE_OPTEE_OS_REQUIRE} diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0048-Fix-UEFI-get_variable-with-small-buffer.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0048-Fix-UEFI-get_variable-with-small-buffer.patch new file mode 100644 index 0000000000..e4573a5196 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0048-Fix-UEFI-get_variable-with-small-buffer.patch @@ -0,0 +1,407 @@ +Upstream-Status: Pending +Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com> + +From 2d975e5ec5df6f81d6c35fe927f72d49181142f8 Mon Sep 17 00:00:00 2001 +From: Julian Hall <julian.hall@arm.com> +Date: Tue, 19 Jul 2022 12:43:30 +0100 +Subject: [PATCH] Fix UEFI get_variable with small buffer + +The handling of the UEFI get_variable operation was incorrect when +a small or zero data length was specified by a requester. A zero +length data length is a legitimate way to discover the size of a +variable without actually retrieving its data. This change adds +test cases that reproduce the problem and a fix. + +Signed-off-by: Julian Hall <julian.hall@arm.com> +Change-Id: Iec087fbf9305746d1438888e871602ec0ce15824 +--- + .../backend/test/variable_store_tests.cpp | 60 ++++++++++++++++-- + .../backend/uefi_variable_store.c | 46 +++++++++++--- + .../client/cpp/smm_variable_client.cpp | 33 +++++----- + .../client/cpp/smm_variable_client.h | 8 ++- + .../provider/smm_variable_provider.c | 2 +- + .../service/smm_variable_service_tests.cpp | 62 +++++++++++++++++++ + 6 files changed, 179 insertions(+), 32 deletions(-) + +diff --git a/components/service/smm_variable/backend/test/variable_store_tests.cpp b/components/service/smm_variable/backend/test/variable_store_tests.cpp +index 235642e6..98faf761 100644 +--- a/components/service/smm_variable/backend/test/variable_store_tests.cpp ++++ b/components/service/smm_variable/backend/test/variable_store_tests.cpp +@@ -128,7 +128,8 @@ TEST_GROUP(UefiVariableStoreTests) + + efi_status_t get_variable( + const std::wstring &name, +- std::string &data) ++ std::string &data, ++ size_t data_len_clamp = VARIABLE_BUFFER_SIZE) + { + std::vector<int16_t> var_name = to_variable_name(name); + size_t name_size = var_name.size() * sizeof(int16_t); +@@ -144,21 +145,40 @@ TEST_GROUP(UefiVariableStoreTests) + access_variable->NameSize = name_size; + memcpy(access_variable->Name, var_name.data(), name_size); + +- access_variable->DataSize = 0; ++ size_t max_data_len = (data_len_clamp == VARIABLE_BUFFER_SIZE) ? ++ VARIABLE_BUFFER_SIZE - ++ SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_DATA_OFFSET(access_variable) : ++ data_len_clamp; ++ ++ access_variable->DataSize = max_data_len; + + efi_status_t status = uefi_variable_store_get_variable( + &m_uefi_variable_store, + access_variable, +- VARIABLE_BUFFER_SIZE - +- SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_DATA_OFFSET(access_variable), ++ max_data_len, + &total_size); + ++ data.clear(); ++ + if (status == EFI_SUCCESS) { + + const char *data_start = (const char*)(msg_buffer + + SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_DATA_OFFSET(access_variable)); + + data = std::string(data_start, access_variable->DataSize); ++ ++ UNSIGNED_LONGLONGS_EQUAL( ++ SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_TOTAL_SIZE(access_variable), ++ total_size); ++ } ++ else if (status == EFI_BUFFER_TOO_SMALL) { ++ ++ /* String length set to reported variable length */ ++ data.insert(0, access_variable->DataSize, '!'); ++ ++ UNSIGNED_LONGLONGS_EQUAL( ++ SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_DATA_OFFSET(access_variable), ++ total_size); + } + + return status; +@@ -336,6 +356,38 @@ TEST(UefiVariableStoreTests, persistentSetGet) + LONGS_EQUAL(0, input_data.compare(output_data)); + } + ++TEST(UefiVariableStoreTests, getWithSmallBuffer) ++{ ++ efi_status_t status = EFI_SUCCESS; ++ std::wstring var_name = L"test_variable"; ++ std::string input_data = "quick brown fox"; ++ std::string output_data; ++ ++ /* A get with a zero length buffer is a legitimate way to ++ * discover the variable size. This test performs GetVariable ++ * operations with various buffer small buffer sizes. */ ++ status = set_variable(var_name, input_data, 0); ++ UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status); ++ ++ /* First get the variable without a constrained buffer */ ++ status = get_variable(var_name, output_data); ++ UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status); ++ ++ /* Expect got variable data to be the same as the set value */ ++ UNSIGNED_LONGLONGS_EQUAL(input_data.size(), output_data.size()); ++ LONGS_EQUAL(0, input_data.compare(output_data)); ++ ++ /* Now try with a zero length buffer */ ++ status = get_variable(var_name, output_data, 0); ++ UNSIGNED_LONGLONGS_EQUAL(EFI_BUFFER_TOO_SMALL, status); ++ UNSIGNED_LONGLONGS_EQUAL(input_data.size(), output_data.size()); ++ ++ /* Try with a non-zero length but too small buffer */ ++ status = get_variable(var_name, output_data, input_data.size() -1); ++ UNSIGNED_LONGLONGS_EQUAL(EFI_BUFFER_TOO_SMALL, status); ++ UNSIGNED_LONGLONGS_EQUAL(input_data.size(), output_data.size()); ++} ++ + TEST(UefiVariableStoreTests, removeVolatile) + { + efi_status_t status = EFI_SUCCESS; +diff --git a/components/service/smm_variable/backend/uefi_variable_store.c b/components/service/smm_variable/backend/uefi_variable_store.c +index e8771c21..90d648de 100644 +--- a/components/service/smm_variable/backend/uefi_variable_store.c ++++ b/components/service/smm_variable/backend/uefi_variable_store.c +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2021, Arm Limited. All rights reserved. ++ * Copyright (c) 2021-2022, Arm Limited. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + * +@@ -294,7 +294,10 @@ efi_status_t uefi_variable_store_get_variable( + + status = load_variable_data(context, info, var, max_data_len); + var->Attributes = info->metadata.attributes; +- *total_length = SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_TOTAL_SIZE(var); ++ ++ *total_length = (status == EFI_SUCCESS) ? ++ SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_TOTAL_SIZE(var) : ++ SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_DATA_OFFSET(var); + } + } + +@@ -682,7 +685,6 @@ static efi_status_t load_variable_data( + { + EMSG("In func %s\n", __func__); + psa_status_t psa_status = PSA_SUCCESS; +- size_t data_len = 0; + uint8_t *data = (uint8_t*)var + + SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_DATA_OFFSET(var); + +@@ -692,17 +694,41 @@ static efi_status_t load_variable_data( + + if (delegate_store->storage_backend) { + +- psa_status = delegate_store->storage_backend->interface->get( ++ struct psa_storage_info_t storage_info; ++ ++ psa_status = delegate_store->storage_backend->interface->get_info( + delegate_store->storage_backend->context, + context->owner_id, + info->metadata.uid, +- 0, +- max_data_len, +- data, +- &data_len); +- EMSG("In func %s get status is %d\n", __func__, psa_status); ++ &storage_info); ++ ++ if (psa_status == PSA_SUCCESS) { + +- var->DataSize = data_len; ++ size_t get_limit = (var->DataSize < max_data_len) ? ++ var->DataSize : ++ max_data_len; ++ ++ if (get_limit >= storage_info.size) { ++ ++ size_t got_len = 0; ++ ++ psa_status = delegate_store->storage_backend->interface->get( ++ delegate_store->storage_backend->context, ++ context->owner_id, ++ info->metadata.uid, ++ 0, ++ max_data_len, ++ data, ++ &got_len); ++ ++ var->DataSize = got_len; ++ } ++ else { ++ ++ var->DataSize = storage_info.size; ++ psa_status = PSA_ERROR_BUFFER_TOO_SMALL; ++ } ++ } + } + + return psa_to_efi_storage_status(psa_status); +diff --git a/components/service/smm_variable/client/cpp/smm_variable_client.cpp b/components/service/smm_variable/client/cpp/smm_variable_client.cpp +index 8438285b..b6b4ed90 100644 +--- a/components/service/smm_variable/client/cpp/smm_variable_client.cpp ++++ b/components/service/smm_variable/client/cpp/smm_variable_client.cpp +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. ++ * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ +@@ -122,21 +122,22 @@ efi_status_t smm_variable_client::get_variable( + guid, + name, + data, +- 0); ++ 0, ++ MAX_VAR_DATA_SIZE); + } + + efi_status_t smm_variable_client::get_variable( + const EFI_GUID &guid, + const std::wstring &name, + std::string &data, +- size_t override_name_size) ++ size_t override_name_size, ++ size_t max_data_size) + { + efi_status_t efi_status = EFI_NOT_READY; + + std::vector<int16_t> var_name = to_variable_name(name); + size_t name_size = var_name.size() * sizeof(int16_t); +- size_t data_size = 0; +- size_t req_len = SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_SIZE(name_size, data_size); ++ size_t req_len = SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_SIZE(name_size, 0); + + rpc_call_handle call_handle; + uint8_t *req_buf; +@@ -154,7 +155,7 @@ efi_status_t smm_variable_client::get_variable( + + access_var->Guid = guid; + access_var->NameSize = name_size; +- access_var->DataSize = data_size; ++ access_var->DataSize = max_data_size; + + memcpy(access_var->Name, var_name.data(), name_size); + +@@ -168,26 +169,28 @@ efi_status_t smm_variable_client::get_variable( + + efi_status = opstatus; + +- if (efi_status == EFI_SUCCESS) { +- +- efi_status = EFI_PROTOCOL_ERROR; ++ if (resp_len >= SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_NAME_OFFSET) { + +- if (resp_len >= SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_NAME_OFFSET) { ++ access_var = (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE*)resp_buf; ++ size_t data_size = access_var->DataSize; + +- access_var = (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE*)resp_buf; ++ if (resp_len >= ++ SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_TOTAL_SIZE(access_var)) { + +- if (resp_len >= +- SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_TOTAL_SIZE(access_var)) { ++ if (efi_status == EFI_SUCCESS) { + +- data_size = access_var->DataSize; + const char *data_start = (const char*) + &resp_buf[ + SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_DATA_OFFSET(access_var)]; + + data.assign(data_start, data_size); +- efi_status = EFI_SUCCESS; + } + } ++ else if (efi_status == EFI_BUFFER_TOO_SMALL) { ++ ++ data.clear(); ++ data.insert(0, data_size, '!'); ++ } + } + } + else { +diff --git a/components/service/smm_variable/client/cpp/smm_variable_client.h b/components/service/smm_variable/client/cpp/smm_variable_client.h +index c7973916..3d2371a8 100644 +--- a/components/service/smm_variable/client/cpp/smm_variable_client.h ++++ b/components/service/smm_variable/client/cpp/smm_variable_client.h +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. ++ * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ +@@ -56,7 +56,8 @@ public: + const EFI_GUID &guid, + const std::wstring &name, + std::string &data, +- size_t override_name_size); ++ size_t override_name_size, ++ size_t max_data_size = MAX_VAR_DATA_SIZE); + + /* Remove a variable */ + efi_status_t remove_variable( +@@ -113,6 +114,9 @@ public: + + + private: ++ ++ static const size_t MAX_VAR_DATA_SIZE = 65536; ++ + efi_status_t rpc_to_efi_status() const; + + static std::vector<int16_t> to_variable_name(const std::wstring &string); +diff --git a/components/service/smm_variable/provider/smm_variable_provider.c b/components/service/smm_variable/provider/smm_variable_provider.c +index 1f362c17..95c4fdc9 100644 +--- a/components/service/smm_variable/provider/smm_variable_provider.c ++++ b/components/service/smm_variable/provider/smm_variable_provider.c +@@ -165,7 +165,7 @@ static rpc_status_t get_variable_handler(void *context, struct call_req *req) + } + else { + +- /* Reponse buffer not big enough */ ++ /* Response buffer not big enough */ + efi_status = EFI_BAD_BUFFER_SIZE; + } + } +diff --git a/components/service/smm_variable/test/service/smm_variable_service_tests.cpp b/components/service/smm_variable/test/service/smm_variable_service_tests.cpp +index 38c08ebe..989a3e63 100644 +--- a/components/service/smm_variable/test/service/smm_variable_service_tests.cpp ++++ b/components/service/smm_variable/test/service/smm_variable_service_tests.cpp +@@ -284,6 +284,68 @@ TEST(SmmVariableServiceTests, setAndGetNv) + UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, efi_status); + } + ++TEST(SmmVariableServiceTests, getVarSize) ++{ ++ efi_status_t efi_status = EFI_SUCCESS; ++ std::wstring var_name = L"test_variable"; ++ std::string set_data = "UEFI variable data string"; ++ std::string get_data; ++ ++ efi_status = m_client->set_variable( ++ m_common_guid, ++ var_name, ++ set_data, ++ 0); ++ ++ UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, efi_status); ++ ++ /* Get with the data size set to zero. This is the standard way ++ * to discover the variable size. */ ++ efi_status = m_client->get_variable( ++ m_common_guid, ++ var_name, ++ get_data, ++ 0, 0); ++ ++ UNSIGNED_LONGLONGS_EQUAL(EFI_BUFFER_TOO_SMALL, efi_status); ++ UNSIGNED_LONGS_EQUAL(set_data.size(), get_data.size()); ++ ++ /* Expect remove to be permitted */ ++ efi_status = m_client->remove_variable(m_common_guid, var_name); ++ UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, efi_status); ++} ++ ++TEST(SmmVariableServiceTests, getVarSizeNv) ++{ ++ efi_status_t efi_status = EFI_SUCCESS; ++ std::wstring var_name = L"test_variable"; ++ std::string set_data = "UEFI variable data string"; ++ std::string get_data; ++ ++ efi_status = m_client->set_variable( ++ m_common_guid, ++ var_name, ++ set_data, ++ EFI_VARIABLE_NON_VOLATILE); ++ ++ UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, efi_status); ++ ++ /* Get with the data size set to zero. This is the standard way ++ * to discover the variable size. */ ++ efi_status = m_client->get_variable( ++ m_common_guid, ++ var_name, ++ get_data, ++ 0, 0); ++ ++ UNSIGNED_LONGLONGS_EQUAL(EFI_BUFFER_TOO_SMALL, efi_status); ++ UNSIGNED_LONGS_EQUAL(set_data.size(), get_data.size()); ++ ++ /* Expect remove to be permitted */ ++ efi_status = m_client->remove_variable(m_common_guid, var_name); ++ UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, efi_status); ++} ++ + TEST(SmmVariableServiceTests, enumerateStoreContents) + { + efi_status_t efi_status = EFI_SUCCESS; +-- +2.17.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-corstone1000.inc b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-corstone1000.inc index 88c46a74b9..b04863fcfa 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-corstone1000.inc +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-corstone1000.inc @@ -59,6 +59,7 @@ SRC_URI:append = " \ file://0046-Fix-update-psa_set_key_usage_flags-definition-to-the.patch \ file://0047-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch \ file://0003-corstone1000-port-crypto-config.patch;patchdir=../psa-arch-tests \ + file://0048-Fix-UEFI-get_variable-with-small-buffer.patch \ " SRC_URI_MBEDTLS = "git://github.com/ARMmbed/mbedtls.git;protocol=https;branch=development;name=mbedtls;destsuffix=git/mbedtls" |