Age | Commit message (Collapse) | Author | Files | Lines |
|
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I28ee50fa55ae47dd7fd8c99f8f6db8f5f6dfa53d
|
|
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I85272779478b66452acd11be93f5fea99e4c3a34
|
|
bmcweb is already added as a default in the meta-phosphor package
groups. A large number of machines have mistakenly also explicitly
added a RDEPEND on assorted package groups, which is not necessary.
Clean these up.
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: Ifd3726d18aab45475f80d054a4640196ac0b71d2
|
|
The webui-vue package is now enabled by default. Clean up all the meta
layers to clean up the explicit enablement.
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I4895be56c70d2c8666dd96cec18d2c097f0c05a3
|
|
This moves the OpenBMC kernel to a v6.5 base for ASPEED.
The 6.5 kernel moved all 32-bit ARM device trees, so our BMC device
tress are now under an 'aspeed' subdirectory. This change means systems
must describe the KERNEL_DEVICETREE with the aspeed directory prefix.
There are 78 patches in the tree, with 40 of those patches not
yet queued for merging in v6.6.
The remaining out of tree patches include:
Andrew Jeffery (6):
dt-bindings: hwmon: pmbus: Add Maxim MAX31785 documentation
pmbus (max31785): Add support for devicetree configuration
pmbus (core): One-shot retries for failure to set page
pmbus (max31785): Wrap all I2C accessors in one-shot failure handlers
ARM: dts: aspeed: witherspoon: Update max31785 node
ipmi: kcs_bmc: Add a "raw" character device interface
Cédric Le Goater (1):
/dev/mem: add a devmem kernel parameter to activate the device
Eddie James (16):
ARM: dts: aspeed: bonnell: Add reserved memory for TPM event log
dt-bindings: soc: Add Aspeed XDMA Engine
soc: aspeed: Add XDMA Engine Driver
soc: aspeed: xdma: Add user interface
soc: aspeed: xdma: Add reset ioctl
soc: aspeed: xdma: Add trace events
i2c: core: Add mux root adapter operations
iio: si7020: Lock root adapter to wait for reset
eeprom: ee1004: Enable devices on multiple busses
dt-bindings: trivial-devices: Add Atmel AT30TSE004A serial eeprom
eeprom: ee1004: Add OF matching support
leds: pca955x: Refactor with helper functions and renaming
leds: pca955x: Use pointers to driver data rather than I2C client
leds: pca955x: Optimize probe led selection
leds: pca955x: Add HW blink support
leds: Ensure hardware blinking turns off when requested
Jae Hyun Yoo (1):
clk: ast2600: enable BCLK for PCI/PCIe bus always
Joel Stanley (14):
net: ftgmac100: Ensure tx descriptor updates are visible
ARM: aspeed: Add debugfs directory
ARM: soc: aspeed: Add secure boot controller support
dt-bindings: trivial-devices: Remove Infineon SLB9673 TPM
ARM: dts: nuvoton: npmc750-evb: Add default console
tpm: tis-i2c: Add more compatible strings
leds: pca955x: Revert "Remove the unused function pca95xx_num_led_regs()"
arm64: configs: Add Nuvoton NPCM defconfig
ARM: configs: aspeed: Add new FSI drivers
ARM: config: aspeed_g5: Enable SSIF BMC driver
ARM: config: aspeed: Remove FIRMWARE_MEMMAP
ARM: config: aspeed: Add Ampere SMPro drivers
ARM: config: Add openbmc defconfig
ARM: config: openbmc: Add HPE GPX and Nuvoton 7xx
Johannes Holland (1):
dt-bindings: tpm: Add schema for TIS I2C devices
Potin Lai (1):
mtd: spi-nor: winbond: Add support for w25q01jvq
Change-Id: Ib97af192391af6e71c96fe14e12cfc88c23d7a7d
Signed-off-by: Joel Stanley <joel@jms.id.au>
|
|
This updates to libpam 1.5.2. This version removes support for
pam_cracklib and pam_tally2. They are replaced by pam_pwquality and
pam_faillock respectively.
Since parameters of pam_cracklb and pam_tally2 are configurable through
Redfish, it's possible that they will remain in the overlay of
/etc/pam.d with the old module names preventing PAM from working
correctly. To avoid this, this commit includes a script that will detect
if the old modules are in the overlay and update the overlay with the
new modules and configuration.
The script will allow updates from libpam 1.3.1 to libpam 1.5.2, but if there
are configured parameters during a downgrade from libpam 1.5.2 to libpam
1.3.1, it will require a factory reset before the downgrade.
pam_pwquality was selected over pam_passwdqc because of better security
and compatibility with pam_cracklib.
Note pam_faillock is necessarily configured into the pam module stack
differently than pam_tally2.
This patchset causes a BMC operational change:
- The pam_tally2 command (invoked from the BMC's command line) is no
longer present. If you used the "pam_tally2 -u USER -r" command
to unlock a user after repeated authentication failures, change to
use: faillock --user USER --reset
Compatibility note / migration issue. If your BMC cannot authenticate
users after installing this change, the cause might be an overlayfs file
hiding the new /etc/pam.d/common-auth file. To find out, use
`grep deny= /etc/pam.d/common-auth` on your BMC. If it shows "tally2"
then your BMC is affected. The recovery is to delete the overlay file,
to factory reset the BMC, or manually-install the changed files.
The convert-pam-configs service is intended to handle this problem.
Tested: as follows, for local users only (not tested with LDAP)
Note OpenBMC configuration defaults to an AccountLockoutThreshold
value of 0 which does not lock account passwords no matter how many
consecutive failed authentication attempts. To configure this on
the BMC, for example, use:
curl -X PATCH https://${bmc}/redfish/v1/AccountService
-d '{"AccountLockoutThreshold": 3, "AccountLockoutDuration": 60}'
Tested update scenarios:
1. Install from scratch. Success.
2. Install over firmware which had old PAM configs. Success.
Tested update scenarios for the convert-pam-configs service.
Tested changing the password via various interfaces:
- the passwd command
- the PATCH Refish AccountService {Password: NEW}
- SSH (accessible only when the password is expired)
- IPMI user set password (accessible for unexpired password)
Tested both good and bad (unacceptable) passwords.
Tested account lockout after N bad passwords
Tested unlock via Redfish.
Also, because its implementation changed, ensure reading and writing the
D-Bus User AccountPolicy RememberOldPasswordTimes property continues to
work. There is no Redfish API for this.
Signed-off-by: Joseph Reynolds <joseph-reynolds@charter.net>
Signed-off-by: Jason M. Bills <jason.m.bills@linux.intel.com>
Change-Id: I7b712cf7cfbf7b0bc79da42f822540baee66ca4f
|
|
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: I8e54833ac78e540e9dd5011533d53ff9a3af6763
|
|
The code for obmc-op-control-host is only useful for OpenPower
machines, but somehow it is being included in many other machines.
Remove it from all of them except meta-openpower.
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I4e7c7365eb320c3fb9ea7a57aca2ed0b1832e85e
|
|
This package is an old interface from 'skeleton' for which there
are no users outside of an IBM IPMI OEM handler, but the package isn't
even installed on any IBM machines. Remove all references to this
package from the tree so that it can be further removed.
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: Icda5c156940450ab033365d7f93d5542d6646696
|
|
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: I65febeeec11e6e5b40ee728f42cfbe77023dae1e
|
|
We also need to move the conf-notes.txt files.
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: Ic44e015c0216b526de4fec277ad42f162bca1f33
|
|
The latest poky commit is requiring us to have all of
our template configs in a subdirectory instead of directly in
the `conf` directory. Without this we end up with errors during
setup like:
```
Error: TEMPLATECONF value (which is .../openbmc/meta-facebook/meta-bletchley/conf) must point to meta-some-layer/conf/templates/template-name
```
Fix this by moving all of our template files into the 'default'
template subdirectory (following the pattern of poky) and modifying
`setup` as necessary to follow.
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: Iecefde73d55acbb6bc63ae3d68c4311adaf327ae
|
|
For the moment, phosphor-webui is deprecated and unmaintained. The
replacement for it is webui-vue, which already has feature parity, and
many more features than its predecessor. Several calls have been made
asking if there is anyone still using phosphor-webui and would like to
maintain it into the future, but no such volunteer has stepped up.
Moving to webui-vue is the recommended option these days, and this
patchset is done under the assumption that these platforms would
actually like to move off the deprecated UI, and just don't have patches
to that effect. For the machine maintainers reading this, if you would
like to stay on phosphor-webui, please start that discussion here about
who would like to maintain it.
This commit ports the last few platforms over to webui-vue.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I9c74442b850aceca130545f37d5bc694a4f4424d
|
|
The only recipes which use content from meta-perl are openpower
machines:
```
meta-openpower/recipes-bsp/pdata/pdata_git.bb: libxml-libxml-perl-native \
meta-yadro/meta-nicole/recipes-phosphor/logging/openpower-esel-parser_git.bb: libxml-libxml-perl-native \
```
Remove meta-perl from the bblayers of every layer except openpower
machines.
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I51f1a8fbfbe879295c64d2339fc115dbd8823681
|
|
No systems use content from meta-webserver (nginx, apache, etc.), so
remove the clutter from our bblayers.conf.samples.
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I89ab5ac8c19cd8aa486a2f42d24dcf68688e2408
|
|
This was added with cde0f094f for libseccomp, but shortly after that
upstream moved libseccomp from meta-security to core (241c7d2e6). As
such, meta-security is no longer used or required.
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
Change-Id: I371e54b11f6336720dfc6edf0ef733d22b7fb4f2
|
|
Per [1][2], Yocto is starting to deprecate ABORT and has replaced
the "ABORT" action in BB_DISKMON_DIRS entries with "HALT".
1. https://wiki.yoctoproject.org/wiki/Inclusive_language
2. https://git.yoctoproject.org/poky/commit/?id=4f77505d94a8f6260933f457e9848d1d2fa98ce5
Tested:
Built obmc-phosphor-image successfully and eliminate the following
warnings:
```
WARNING: The BB_DISKMON_DIRS "ABORT" action has been renamed to
"HALT", update configuration
```
Signed-off-by: George Liu <liuxiwei@inspur.com>
Change-Id: If57d0ded9fac41e23b31b01e2a0e309ac7388148
|
|
* Deprecate N-1 release (hardknott).
* Enable N+1 release (kirkstone).
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I39e027e02dab64b4390b46ffbd9c299c858f403e
|
|
The MAINTAINERS files are no longer used and are out of date (references
to IRC still exist in most of them). Remove them and rely on the OWNERS
exclusively.
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I0f5d2719ad97e218ce03c4503efe1b1c92ac455e
|
|
This sets u-boot to the package containing the v2016.07-aspeed-openbmc
branch. This ensures there will be no change if the default changes in
the future.
Change-Id: Iea12e1691dbdda34a3f95d6d0862add0b15bcf37
Signed-off-by: Joel Stanley <joel@jms.id.au>
|
|
The obmc-system-mgmt feature is currently used in the image to trigger
inclusion of a virtual-provider which provides a number of packages many
systems need. Partially revert the removal of this feature so that
the outcome is:
1. The empty obmc-phosphor-sysd package is still removed.
2. By default the 'obmc-system-mgmt' feature is included, unless
specifically exempted.
3. All EVB platforms remove the 'obmc-system-mgmt' feature since
they have no system they are managing.
This partially reverts commit 060ad3ff7fcc30aff78a9e504efee9d8fa0d4526.
Tested:
* Built `bletchley` and confirmed `packagegroup-fb-apps-system` and
`entity-manager` are present.
```
entity-manager armv7ahf-vfpv4d16 0.1+git0+6bf41588ab-r0
packagegroup-fb-apps-system all 1.0-r1
```
* Built `witherspoon` and confirmed `packagegroup-op-apps-system` and
`pdbg` are present.
```
packagegroup-op-apps-system noarch 1.0
pdbg arm1176jzs 3.3
```
* Ran `bitbake -p` on `evb-ast2600` to confirm the undefined
`virtual-obmc-system-mgmt` is not being included in the image.
Change-Id: I8b7804d5101cc84a2c57473b3f85672bf7767c67
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
|
|
Every machine layer treats 'system-management' as either part of a
package-group or removes the feature. The sample implementation in
meta-phosphor is a do-nothing shell script (and up until recently was a
Python script). There appears to be no useful purpose to this feature
as a stand-alone concept, so remove it.
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I20ca1fa8ff3cb01cac2d07d4ded84e0769e4514b
|
|
Modify the machine meta-layer configs to remove the use of the
OBMC_MACHINE_FEATURES indirection and favor the Yocto MACHINE_FEATURES
variable instead.
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: Ifafb79e4e4c010e9476b9547cd4982f5b645060e
|
|
Signed-off-by: Ryan Sie <ryans@supermicro.com.tw>
Change-Id: I05c85576fad2dae9f9a3e90afdac7565d9cefcf4
|
|
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: Ia05891430c6c97a89b7bc8ba4558ae496866bf7d
|
|
bitbake offers a choice of DEB, RPM or IPK packaging. To a degree the
choice is functionally arbitrary for image generation but control over
the package format becomes important if we want to:
1. Include runtime package management functionality in the firmware image
2. Mess about with the packages on the build system
With respect to 1 the IPK format and opkg (an ipk package manager) are
designed for embedded systems[1] - by contrast to RPMs have heavier
dependencies and a greater impact on the size and complexity of the
firmware image.
Regarding 2, the embedded nature and the need for opkg to work without
much fuss leads to a lower configuration barrier by comparison to RPMs.
With ipk it becomes possible to reuse the packages built during image
preparation for core analysis without needing to generate an SDK:
```
$ export LD_LIBRARY_PATH=./tmp/work/x86_64-linux/opkg-native/*/recipe-sysroot-native/usr/lib
$ MY_DEBUG_ROOT=tmp/rootfs-debug
$ ./tmp/sysroots-components/x86_64/opkg-native/usr/bin/opkg \
-f ./tmp/work/p10bmc-openbmc-linux-gnueabi/obmc-phosphor-image/*/opkg.conf \
-o $MY_DEBUG_ROOT \
update
$ fakeroot ./tmp/sysroots-components/x86_64/opkg-native/usr/bin/opkg \
-f ./tmp/work/p10bmc-openbmc-linux-gnueabi/obmc-phosphor-image/1.0-r0/opkg.conf \
-o $MY_DEBUG_ROOT \
install dbus-sensors dbus-sensors-dbg
$ gdb-multiarch
(gdb) set solib-absolute-prefix .../tmp/rootfs-debug
(gdb) add-auto-load-safe-path .../tmp/rootfs-debug
(gdb) file tmp/rootfs-debug/usr/bin/nvmesensor
(gdb) core-file obmcdump_17_9597/core.nvmesensor.0.aae91b519d0e4e0e8bbe746e3f6cd25f.2779.9594000000
Core was generated by `/usr/bin/nvmesensor'.
Program terminated with signal SIGABRT, Aborted.
pthread_kill.c:45
45 pthread_kill.c: No such file or directory.
(gdb) bt
pthread_kill.c:45
../sysdeps/posix/raise.c:26
/home/andrew/src/openbmc/openbmc/build/p10bmc/tmp/rootfs-debug/usr/lib/libstdc++.so.6
/home/andrew/src/openbmc/openbmc/build/p10bmc/tmp/rootfs-debug/usr/lib/libstdc++.so.6
/home/andrew/src/openbmc/openbmc/build/p10bmc/tmp/rootfs-debug/usr/lib/libstdc++.so.6
/home/andrew/src/openbmc/openbmc/build/p10bmc/tmp/rootfs-debug/usr/lib/libstdc++.so.6
"xyz.openbmc_project.NVMeSensor", this=0x488f04) at
/usr/include/sdbusplus/bus.hpp:234
../../../../../../workspace/sources/dbus-sensors/src/NVMeSensorMain.cpp:159
(gdb)
```
This approach documented in the Poky Reference Manual:
https://www.yoctoproject.org/docs/1.0/poky-ref-manual/poky-ref-manual.html#platdev-gdb-remotedebug-launch-gdb-inferiorbins
Switch all machines to IPK to align the debugging experience with
upstream's documentation and to facilitate efficient use of packaged
software at runtime.
[1] https://openwrt.org/docs/guide-user/additional-software/opkg
Change-Id: I8ef526add2d7a6790de1b3eb3fb85cd39b864f23
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
|
|
We've typically kept these LAYERSERIES_COMPAT to 2 releases: the current
and the upcoming. Remove 'gatesgarth' is it is now 2 releases back.
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I5e812a94fed1738898af75c0fdee81996a5bbf20
|
|
Background: The OpenBmc project default root account password is set
in meta-phosphor/conf/distro/include/phosphor-defaults.inc and can be
customized in each layer's local.conf file.
Many of these local.conf.sample files had redundant code to set the
password, which probably should not have been there. Removing them
allows the defaults in phosphor-defaults.inc to take effect.
Tested: No. Only meta-ibm was tested.
Signed-off-by: Joseph Reynolds <joseph-reynolds@charter.net>
Change-Id: I76dce00d269d7afa005d7bcfd63f846d3cf45596
|
|
This is apparently not actually working anymore and is removed in the
next poky update.
Change-Id: Ia1c6a258d124a4a30a14fc42e8e0bba95e64faeb
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
Please see https://gerrit.openbmc-project.xyz/c/openbmc/openbmc/+/39379
for details about why this is necessary.
Signed-off-by: Ryan Sie <ryans@supermicro.com.tw>
Change-Id: I733df953fe7fabf93d96b3b554ea4a732c2cffba
|
|
Latest upstream yocto has moved on to the 3.3 hardknott release
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: Ieae36798d66d21c2c642931f06407d3bb2acf163
|
|
This layer provides libseccomp.
Signed-off-by: Anton D. Kachalov <gmouse@google.com>
Change-Id: I84513d56f2ed75fab49043196b98ef8b858e394f
|
|
Signed-off-by: Ryan Sie <ryans@supermicro.com.tw>
Change-Id: I7b69a9315a709e296eacd949c8226ac83ba09466
|