[linux-yocto][linux-yocto v5.10] linux-yocto kernel code v5.10 for marvell cn96xx
Hi Bruce, Linux kernel for marvell cn96xx base on v5.10 is ready in my private repo. Please help to create branch and merge code into our linux-yocto repo. repo: linux-yocto branch: v5.10/standard/sdkv4.18/cn96xx Thanks, Ruiqiang The following changes since commit 3457d0ae8a4c3981f789b69144f9c860d63c2cdf: Merge tag 'v5.10.10' into v5.10/standard/base (2021-01-24 16:46:23 -0500) are available in the Git repository at: https://github.com/cythe/linux.git linux-yocto/v5.10/standard/sdkv4.18/cn96xx.v3 for you to fetch changes up to f8720ba33b42b056c1f5957419a8c131ec6e174d: octeontx2-pf: Backport upstream kernel changes (2021-02-03 02:04:05 +) Aaron Williams (3): octeontx2: mmc: Add tuning support for HS400 mode mmc: octeontx2: Use flags for hardware differences mmc: octeontx2: fix handling calibration glitch Alex Belits (2): arm64: Add support for ASID locking kernel/exit.c: Add task cleanup callbacks Andrew Pinski (3): arm64: Add MIDR encoding for some Marvell OcteonTX 2. arm64: Add workaround for Cavium erratum 36890 arm64: Add workaround for Marvell erratum 37119 Angela Czubak (2): octeontx2-af: fix rvu_sso_ggrp_taq_flush octeontx2-af: fix cgx_lmac_rx_tx_enable Bharat Bhushan (4): dt-bindings: perf: arm-smmuv3-pmu: Add documentation for arm-smmuv3 pmu perf/smmuv3: Add device tree support perf/smmuv3: Fix programming event type with global filtering coresight: Treat ETM4.2 as ETM4.3 on OcteonTx2 Chandrakala Chavva (11): mmc: cavium_thunderx: Use proper register to clear interrupts driver: mmc: octeontx2: Fix tuning for T96 C0 driver: mmc: Configure flags for T96 pass B0 octeontx2-serdes: Update PRBS APIs to start/stop per QLM lane octeontx2-serdes: Fix parameter passed to start_prbs(). octeontx2-serdes: Fix prbs error reporting driver: serdes_debugfs: Allow user to clear prbs errors. octeontx2-serdes: Fix prbs per lane configuration driver: serdes_debugfs: Add new smc call to tune serdes driver: serdes_debugfs: Add new smc call for serdes loopback driver: serdes_debugfs: Add inject optional parameter to prbs command Christina Jacob (18): octeontx2-pf: Adding ethtool support for link status information. octeontx2-af: Support to get link info like current speed, fec etc octeontx2-pf: Ethtool support for fec configuration octeontx2-af: Move to rvu_fwdata version 1. octeontx2-pf: Add ethtool -m option support. octeontx2-af: Update fwadata structure with few more reserved fields. octeontx2-af: Fetch FEC stats of the physical link octeontx2-pf: Support to display fec counters also in ethtool stats. octeontx2-pf: Support to display current settings of a vf network interface via ethtool net:thunderx: fix memory leak in nicvf driver. soc: octeontx2: Add mdio command interface using debugfs octeontx2-af: Introduce SET_LINK_MODE command to change various configurations of a network interface. octeontx2-pf: support to change link speed and autoneg octeontx2-pf: Disply the link detected status in ethtool command net: thunderx: Do a PCS reset upon SGMII link toggle octeontx2-pf: remove redundant changes from speed change suppcrt. octeontx-af: Interface mode change feature via ethtool octeontx2-pf: Interface Mode change using ethtool. Felix Manlunas (5): octeontx2-af: Add new CGX_CMDs to set and get PHY modulation type octeontx2-pf: Add ethtool priv flag to control PAM4 on/off octeontx2-pf: Fix wrong info in ethtool's list of supported link modes octeontx2-pf: Add LIO3 link modes to ethtool's list of supported modes octeontx2-af: Add new CGX_CMD to get PHY FEC statistics Geetha sowjanya (11): octeontx2-af: Check SQ counters to detect the deadlock octeontx2-af: Update hardware workarounds for 95xx A1 silicon PCI: quirks : Apply ACS quirk for all devices octeontx2-pf: Ignore NPC parser layer errors iommu/arm-smmu-v3: Force 32 byte command queue memory reads octeontx2-af: Fix return value in npc_set_pkind octeontx2-af: Update HW workarounds for 96xx C0, 98xx and F95xx B0 chips octeontx2-pf: Set SMQ MAXLEN to max hardware supported value octeontx2-af: Update NIX_TXSCHQ_CONFIG mbox to handle read request octeontx2-af: Disable SMQ sticky mode to avoid NIX PSE deadlock octeontx2-pf: Fix interface down flag on error George Cherian (2): PCI: Add pci_iounmap octeontx2-af: Add support for RSS hashing based on Transport protocol field Hao Zheng (1): octeontx2-af: Turn on L2 multicast address check Hariprasad Kelam (18): net: thunderx: fix page reference release in interface tear down octeontx2-af: Update tx parse nibble
[linux-yocto][linux-yocto v5.4/standard/ti-j72x][PATCH] arm64: mm: remove redundant definitions physvirt_offset & vmemmap
The commit 0edc78af73d0(arm64: mm: use single quantity to represent the PA to VA translation) has removed the definitions physvirt_offset & vmemmap, however which are still on there since the wrong code merging and caused the compiling error. Signed-off-by: Xulin Sun --- arch/arm64/mm/init.c | 6 -- 1 file changed, 6 deletions(-) diff --git a/arch/arm64/mm/init.c b/arch/arm64/mm/init.c index f1158e246215..22714db16feb 100644 --- a/arch/arm64/mm/init.c +++ b/arch/arm64/mm/init.c @@ -53,12 +53,6 @@ s64 memstart_addr __ro_after_init = -1; EXPORT_SYMBOL(memstart_addr); -s64 physvirt_offset __ro_after_init; -EXPORT_SYMBOL(physvirt_offset); - -struct page *vmemmap __ro_after_init; -EXPORT_SYMBOL(vmemmap); - /* * We create both ZONE_DMA and ZONE_DMA32. ZONE_DMA covers the first 1G of * memory as some devices, namely the Raspberry Pi 4, have peripherals with -- 2.17.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#9476): https://lists.yoctoproject.org/g/linux-yocto/message/9476 Mute This Topic: https://lists.yoctoproject.org/mt/80723292/21656 Group Owner: linux-yocto+ow...@lists.yoctoproject.org Unsubscribe: https://lists.yoctoproject.org/g/linux-yocto/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [yocto] QA notification for completed autobuilder build (yocto-3.2.2.rc1)
Hi all, Intel and WR YP QA is planning for QA execution for YP build yocto-3.2.2.rc1. We are planning to execute following tests for this cycle: OEQA-manual tests for following module: 1. OE-Core 2. BSP-hw Runtime auto test for following platforms: 1. MinnowTurbot 32-bit 2. Coffee Lake 3. NUC 7 4. NUC 6 5. Edgerouter 6. Beaglebone ETA for completion is next Monday, February 22. Thanks, Sangeeta > -Original Message- > From: yocto@lists.yoctoproject.org On Behalf > Of Pokybuild User > Sent: Wednesday, 17 February, 2021 1:44 AM > To: yocto@lists.yoctoproject.org > Cc: qa-build-notificat...@lists.yoctoproject.org > Subject: [yocto] QA notification for completed autobuilder build (yocto- > 3.2.2.rc1) > > > A build flagged for QA (yocto-3.2.2.rc1) was completed on the autobuilder and > is > available at: > > > https://autobuilder.yocto.io/pub/releases/yocto-3.2.2.rc1 > > > Build hash information: > > bitbake: 0a3bf681530bd63fc0036ca81ef868ab53fde56c > meta-arm: aa63e31b6edb5197764c21434219050ab51f0fbd > meta-gplv2: 6e8e969590a22a729db1ff342de57f2fd5d02d43 > meta-intel: 1d866c58534eb1d317b7a674c6e6c57ab9594fb0 > meta-kernel: f793168bd19af3d8c5a260dd35f387ed9a31794b > meta-mingw: 352d8b0aa3c7bbd5060a4cc2ebe7c0e964de4879 > oecore: ebaaee50cb3ac75112827f935c48affaf622ce7f > poky: d5d6286a66f46f4523e35e0e3f20cd7396195fdc > > > > This is an automated message from the Yocto Project Autobuilder > Git: git://git.yoctoproject.org/yocto-autobuilder2 > Email: richard.pur...@linuxfoundation.org > > > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#52376): https://lists.yoctoproject.org/g/yocto/message/52376 Mute This Topic: https://lists.yoctoproject.org/mt/80684208/21656 Group Owner: yocto+ow...@lists.yoctoproject.org Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[linux-yocto] [PATCH][linux-yocto-dev standard/xlnx-soc] [linux-yocto v5.10/standard/sdkv5.4/xlnx-soc] drm/xlnx: fix kmemleak by sending vblank_event in atomic_disable
From: Quanyang Wang commit a7e02f7796c163ac8297b30223bf24bade9f8a50 upstream When running xrandr to change resolution of DP, the kmemleak as below can be observed: unreferenced object 0x00080a351000 (size 256): comm "Xorg", pid 248, jiffies 4294899614 (age 19.960s) hex dump (first 32 bytes): 98 a0 bc 01 08 00 ff ff 01 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 backtrace: [] kmemleak_alloc+0x30/0x40 [ ] kmem_cache_alloc+0x3d4/0x588 [<88ea9bd7>] drm_atomic_helper_setup_commit+0x84/0x5f8 [<2290a264>] drm_atomic_helper_commit+0x58/0x388 [ ] drm_atomic_commit+0x4c/0x60 [ ] drm_atomic_connector_commit_dpms+0xe8/0x110 [<20ade187>] drm_mode_obj_set_property_ioctl+0x1b0/0x450 [<918206d6>] drm_connector_property_set_ioctl+0x3c/0x68 [<8d51e7a5>] drm_ioctl_kernel+0xc4/0x118 [<2a819b75>] drm_ioctl+0x214/0x448 [<8ca4e588>] __arm64_sys_ioctl+0xa8/0xf0 [<34e15a35>] el0_svc_common.constprop.0+0x74/0x190 [<1b93d916>] do_el0_svc+0x24/0x90 [ ] el0_svc+0x14/0x20 [ ] el0_sync_handler+0xb0/0xb8 [<3e79c15f>] el0_sync+0x174/0x180 This is because there is a scenario that a drm_crtc_commit commit is allocated but not freed. The drm subsystem require/release references to a CRTC commit by calling drm_crtc_commit_get/put, and when drm_crtc_commit_put find that commit.ref.refcount is zero, it will call __drm_crtc_commit_free to free this CRTC commit. Among these drm_crtc_commit_get/put pairs, there is a drm_crtc_commit_get in drm_atomic_helper_setup_commit as below: ... new_crtc_state->event->base.completion = >flip_done; new_crtc_state->event->base.completion_release = release_crtc_commit; drm_crtc_commit_get(commit); ... This reference to the CRTC commit should be released at the function release_crtc_commit by calling e->completion_release(e->completion) in drm_send_event_locked. So we need to call drm_send_event_locked at two places: handling vblank event in the irq handler and the crtc disable helper. But in zynqmp_disp_crtc_atomic_disable, it only marks the flip is done and not call drm_crtc_commit_put. This result that the refcount of this commit is always non-zero and this commit will never be freed. Since the function drm_crtc_send_vblank_event has operations both sending a flip_done signal and releasing reference to the CRTC commit, let's use it instead. Signed-off-by: Quanyang Wang Signed-off-by: Daniel Vetter Link: https://patchwork.freedesktop.org/patch/msgid/20210202064121.173362-1-quanyang.w...@windriver.com --- drivers/gpu/drm/xlnx/zynqmp_disp.c | 14 -- 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/drivers/gpu/drm/xlnx/zynqmp_disp.c b/drivers/gpu/drm/xlnx/zynqmp_disp.c index da4f3c3f49bd..75c7137d8862 100644 --- a/drivers/gpu/drm/xlnx/zynqmp_disp.c +++ b/drivers/gpu/drm/xlnx/zynqmp_disp.c @@ -2265,12 +2265,6 @@ static void zynqmp_disp_disable(struct zynqmp_disp *disp, bool force) zynqmp_disp_av_buf_disable_buf(>av_buf); zynqmp_disp_av_buf_disable(>av_buf); - /* Mark the flip is done as crtc is disabled anyway */ - if (crtc->state->event) { - complete_all(crtc->state->event->base.completion); - crtc->state->event = NULL; - } - disp->enabled = false; } @@ -2959,6 +2953,14 @@ zynqmp_disp_crtc_atomic_disable(struct drm_crtc *crtc, zynqmp_disp_plane_disable(crtc->primary); zynqmp_disp_disable(disp, true); drm_crtc_vblank_off(crtc); + + spin_lock_irq(>dev->event_lock); + if (crtc->state->event) { + drm_crtc_send_vblank_event(crtc, crtc->state->event); + crtc->state->event = NULL; + } + spin_unlock_irq(>dev->event_lock); + pm_runtime_put_sync(disp->dev); } -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#9475): https://lists.yoctoproject.org/g/linux-yocto/message/9475 Mute This Topic: https://lists.yoctoproject.org/mt/80721150/21656 Group Owner: linux-yocto+ow...@lists.yoctoproject.org Unsubscribe: https://lists.yoctoproject.org/g/linux-yocto/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[yocto] Deploying the kernel image to a dedicated partition with WIC
Hello I am trying to create a kickstart file which will deploy grub to a FAT FS partition, deploy the kernel to it's own partition and create a squash root fs. I can deploy grub and create a squash root fs which successfully. If I use a kernel which resides in the boot partition with grub, then the squash root fs is mounted successfully. After much searching, Ive not been able to find what I need to add to my wks file to deploy the kernel to it's own partition. Can someone please tell my what I need to add to the wks file so that the kernel is copied to it's own partition please. Thanks in advance Andrew -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#52375): https://lists.yoctoproject.org/g/yocto/message/52375 Mute This Topic: https://lists.yoctoproject.org/mt/80713847/21656 Group Owner: yocto+ow...@lists.yoctoproject.org Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[yocto] [PATCH yocto-autobuilder2] schedulers: add appropriate meta-arm branches to the release selector
Signed-off-by: Ross Burton --- schedulers.py | 5 + 1 file changed, 5 insertions(+) diff --git a/schedulers.py b/schedulers.py index dbf72c9..8479290 100644 --- a/schedulers.py +++ b/schedulers.py @@ -175,6 +175,7 @@ def parent_scheduler(target): 'branch': 'master', 'branch_poky': 'master', 'branch_bitbake': 'master', +'branch_meta-arm': 'master', 'branch_meta-gplv2': 'master', 'branch_meta-intel': 'master', 'branch_meta-mingw': 'master', @@ -184,6 +185,7 @@ def parent_scheduler(target): 'branch': 'master', 'branch_poky': 'master-next', 'branch_bitbake': 'master-next', +'branch_meta-arm': 'master', 'branch_meta-gplv2': 'master', 'branch_meta-intel': 'master', 'branch_meta-mingw': 'master', @@ -194,6 +196,7 @@ def parent_scheduler(target): 'branch_poky': 'ross/mut', 'repo_poky': 'git://git.yoctoproject.org/poky-contrib', 'branch_bitbake': 'master', +'branch_meta-arm': 'master', 'branch_meta-gplv2': 'master', 'branch_meta-intel': 'master', 'branch_meta-mingw': 'master', @@ -203,6 +206,7 @@ def parent_scheduler(target): 'branch': 'gatesgarth', 'branch_poky': 'gatesgarth', 'branch_bitbake': '1.48', +'branch_meta-arm': 'gatesgarth', 'branch_meta-gplv2': 'gatesgarth', 'branch_meta-intel': 'gatesgarth', 'branch_meta-mingw': 'gatesgarth', @@ -212,6 +216,7 @@ def parent_scheduler(target): 'branch': 'dunfell', 'branch_poky': 'dunfell', 'branch_bitbake': '1.46', +'branch_meta-arm': 'dunfell', 'branch_meta-gplv2': 'dunfell', 'branch_meta-intel': 'dunfell', 'branch_meta-mingw': 'dunfell', -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#52374): https://lists.yoctoproject.org/g/yocto/message/52374 Mute This Topic: https://lists.yoctoproject.org/mt/80708917/21656 Group Owner: yocto+ow...@lists.yoctoproject.org Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[yocto] [PATCH yocto-autobuilder-helper] config: build and test SDKs when using package_deb
Signed-off-by: Ross Burton --- config.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/config.json b/config.json index ea2d86b..3286e57 100644 --- a/config.json +++ b/config.json @@ -580,8 +580,8 @@ "pkgman-deb-non-deb" : { "MACHINE" : "qemux86", "PACKAGE_CLASSES" : "package_deb", -"BBTARGETS" : "core-image-sato core-image-sato-dev core-image-sato-sdk core-image-minimal core-image-minimal-dev", -"SANITYTARGETS" : "core-image-minimal:do_testimage core-image-sato:do_testimage core-image-sato-sdk:do_testimage" +"BBTARGETS" : "core-image-sato core-image-sato-dev core-image-sato-sdk core-image-minimal core-image-minimal-dev core-image-sato:do_populate_sdk", +"SANITYTARGETS" : "core-image-minimal:do_testimage core-image-sato:do_testimage core-image-sato-sdk:do_testimage core-image-sato:do_testsdk" }, "pkgman-non-rpm" : { "MACHINE" : "qemux86", -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#52373): https://lists.yoctoproject.org/g/yocto/message/52373 Mute This Topic: https://lists.yoctoproject.org/mt/80708714/21656 Group Owner: yocto+ow...@lists.yoctoproject.org Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[yocto] changing root password in readonly rootfs
Hi, does anybody know if there is a way to have possibility to change root pwd when readonly rootfs is used? I've added shadow package + overlay /ect/shadow + /etc/passwd but chpasswd complains and changis is not possible. Thanks and BR, marek -- as simple and primitive as possible - Marek Belisko - OPEN-NANDRA Freelance Developer Ruska Nova Ves 219 | Presov, 08005 Slovak Republic Tel: +421 915 052 184 skype: marekwhite twitter: #opennandra web: http://open-nandra.com -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#52372): https://lists.yoctoproject.org/g/yocto/message/52372 Mute This Topic: https://lists.yoctoproject.org/mt/80705529/21656 Group Owner: yocto+ow...@lists.yoctoproject.org Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [yocto] Regarding Mender integration
HI robert, Thank you very much for your response. Regards, RAVI_UPPADA On Wed, Feb 17, 2021 at 2:21 PM Robert ber...@yocto.user < robert.berger.yocto.u...@gmail.com> wrote: > Hi, > > Please see my comments in-line. > > On 16/02/2021 19:48, U RAVI KUMAR wrote: > > I have some issues while integrating the mender on the yocto > > project.I have included meta-mener-core,meta-mender-raspberrypi > > layers.And iam getting the following error: > > > > ERROR: u-boot-1_2020.07-r0 do_patch: Command Error: 'quilt --quiltrc > > > > /home/ravi_uppada/work/vm/sato/poky/build/tmp/work/raspberrypi4_64-poky-linux/u-boot/1_2020.07-r0/recipe-sysroot-native/etc/quiltrc > > push' exited with 0 Output: > > Applying patch 0001-configs-rpi-enable-mender-requirements.patch > > patching file configs/rpi_0_w_defconfig > > Hunk #1 FAILED at 19. > > ... > > This looks like the patch you/mender try/tries to apply does not work > with your u-boot version.[0] > > [0] > > https://github.com/mendersoftware/meta-mender/tree/master/meta-mender-core/recipes-bsp/u-boot > > Which Yocto version do you use? > > Which Mender version do you use? > > You could look into creating your own Mender integration[1] instead of > the mender class. > > [1] > > https://docs.mender.io/system-updates-yocto-project/board-integration/bootloader-support/u-boot/manual-u-boot-integration > > I think the right place to ask Mender specific questions is here[2]. > > [2] https://hub.mender.io/ > > Regards, > > Robert > > > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#52371): https://lists.yoctoproject.org/g/yocto/message/52371 Mute This Topic: https://lists.yoctoproject.org/mt/80585537/21656 Group Owner: yocto+ow...@lists.yoctoproject.org Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [yocto] [meta-security] [PATCH 0/5] Some fixes for IMA/EVM
I suppose, patch 3 can be split into logical chunks. Other patches are: Reviewed-by: Dmitry Baryshkov ср, 17 февр. 2021 г. в 17:09, Ming Liu : > > From: Ming Liu > > Ming Liu (5): > ima-evm-utils: set native REQUIRED_DISTRO_FEATURES to empty > initramfs-framework-ima: fix a wrong path > meta: refactor IMA/EVM sign rootfs > initramfs-framework-ima: let ima_enabled return 0 > ima-evm-rootfs.bbclass: avoid generating /etc/fstab for wic > > meta-integrity/README.md | 4 ++- > meta-integrity/classes/ima-evm-rootfs.bbclass | 33 +-- > .../initrdscripts/initramfs-framework-ima.bb | 2 +- > .../initrdscripts/initramfs-framework-ima/ima | 3 +- > .../ima-evm-keys/ima-evm-keys_1.0.bb | 16 + > .../ima-evm-utils/ima-evm-utils_git.bb| 1 + > 6 files changed, 38 insertions(+), 21 deletions(-) > create mode 100644 > meta-integrity/recipes-security/ima-evm-keys/ima-evm-keys_1.0.bb > > -- > 2.29.0 > > > > -- With best wishes Dmitry -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#52370): https://lists.yoctoproject.org/g/yocto/message/52370 Mute This Topic: https://lists.yoctoproject.org/mt/80703833/21656 Group Owner: yocto+ow...@lists.yoctoproject.org Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[yocto] [meta-security] [PATCH 5/5] ima-evm-rootfs.bbclass: avoid generating /etc/fstab for wic
From: Ming Liu Or else wic will fail without "--no-fstab-update" option. Signed-off-by: Ming Liu --- meta-integrity/classes/ima-evm-rootfs.bbclass | 3 +++ 1 file changed, 3 insertions(+) diff --git a/meta-integrity/classes/ima-evm-rootfs.bbclass b/meta-integrity/classes/ima-evm-rootfs.bbclass index 4359af0..0acd6e7 100644 --- a/meta-integrity/classes/ima-evm-rootfs.bbclass +++ b/meta-integrity/classes/ima-evm-rootfs.bbclass @@ -28,6 +28,9 @@ IMA_EVM_ROOTFS_HASHED ?= ". -depth 0 -false" # the iversion flags (needed by IMA when allowing writing). IMA_EVM_ROOTFS_IVERSION ?= "" +# Avoid re-generating fstab when ima is enabled. +WIC_CREATE_EXTRA_ARGS_append = "${@bb.utils.contains('DISTRO_FEATURES', 'ima', ' --no-fstab-update', '', d)}" + ima_evm_sign_rootfs () { cd ${IMAGE_ROOTFS} -- 2.29.0 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#52369): https://lists.yoctoproject.org/g/yocto/message/52369 Mute This Topic: https://lists.yoctoproject.org/mt/80703847/21656 Group Owner: yocto+ow...@lists.yoctoproject.org Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[yocto] [meta-security] [PATCH 4/5] initramfs-framework-ima: let ima_enabled return 0
From: Ming Liu Otherwise, ima script would not run as intended. Signed-off-by: Ming Liu --- .../recipes-core/initrdscripts/initramfs-framework-ima/ima | 1 + 1 file changed, 1 insertion(+) diff --git a/meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima/ima b/meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima/ima index 16ed53f..cff26a3 100644 --- a/meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima/ima +++ b/meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima/ima @@ -6,6 +6,7 @@ ima_enabled() { if [ "$bootparam_no_ima" = "true" ]; then return 1 fi +return 0 } ima_run() { -- 2.29.0 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#52368): https://lists.yoctoproject.org/g/yocto/message/52368 Mute This Topic: https://lists.yoctoproject.org/mt/80703845/21656 Group Owner: yocto+ow...@lists.yoctoproject.org Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[yocto] [meta-security] [PATCH 3/5] meta: refactor IMA/EVM sign rootfs
From: Ming Liu The current logic in ima-evm-rootfs.bbclass does not guarantee ima_evm_sign_rootfs is the last function in IMAGE_PREPROCESS_COMMAND by appending to it, for instance, if there are other "_append" being used as it's the case in openembedded-core/meta/classes/image.bbclass: | IMAGE_PREPROCESS_COMMAND_append = " ${@ 'systemd_preset_all;' \ | if bb.utils.contains('DISTRO_FEATURES', 'systemd', True, False, d) \ | and not bb.utils.contains('IMAGE_FEATURES', 'stateless-rootfs', True, | False, d) else ''} reproducible_final_image_task; " and ima-evm-rootfs should be in IMAGE_CLASSES instead of in INHERIT since that would impact all recipes but not only image recipes. To fix the above issues, we introduce a ima_evm_sign_handler setting IMA/EVM rootfs signing requirements/dependencies in event bb.event.RecipePreFinalise, it checks 'ima' distro feature to decide if IMA/EVM rootfs signing logic should be applied or not. We also need split public keys to ima-evm-keys recipe, so it could be added both in initramfs and rootfs, so initramfs recipe does not have to inherit ima-evm-rootfs Signed-off-by: Ming Liu --- meta-integrity/README.md | 4 ++- meta-integrity/classes/ima-evm-rootfs.bbclass | 30 --- .../initrdscripts/initramfs-framework-ima.bb | 2 +- .../ima-evm-keys/ima-evm-keys_1.0.bb | 16 ++ 4 files changed, 32 insertions(+), 20 deletions(-) create mode 100644 meta-integrity/recipes-security/ima-evm-keys/ima-evm-keys_1.0.bb diff --git a/meta-integrity/README.md b/meta-integrity/README.md index 4607948..5048fba 100644 --- a/meta-integrity/README.md +++ b/meta-integrity/README.md @@ -73,8 +73,10 @@ Adding the layer only enables IMA (see below regarding EVM) during compilation of the Linux kernel. To also activate it when building the image, enable image signing in the local.conf like this: -INHERIT += "ima-evm-rootfs" +IMAGE_CLASSES += "ima-evm-rootfs" IMA_EVM_KEY_DIR = "${INTEGRITY_BASE}/data/debug-keys" +IMA_EVM_PRIVKEY = "${IMA_EVM_KEY_DIR}/privkey_ima.pem" +IMA_EVM_X509 = "${IMA_EVM_KEY_DIR}/x509_ima.der" This uses the default keys provided in the "data" directory of the layer. Because everyone has access to these private keys, such an image diff --git a/meta-integrity/classes/ima-evm-rootfs.bbclass b/meta-integrity/classes/ima-evm-rootfs.bbclass index d6ade3b..4359af0 100644 --- a/meta-integrity/classes/ima-evm-rootfs.bbclass +++ b/meta-integrity/classes/ima-evm-rootfs.bbclass @@ -37,15 +37,6 @@ ima_evm_sign_rootfs () { # reasons (including a change of the signing keys) without also # re-running do_rootfs. -# Copy file(s) which must be on the device. Note that -# evmctl uses x509_evm.der also for "ima_verify", which is probably -# a bug (should default to x509_ima.der). Does not matter for us -# because we use the same key for both. -install -d ./${sysconfdir}/keys -rm -f ./${sysconfdir}/keys/x509_evm.der -install "${IMA_EVM_X509}" ./${sysconfdir}/keys/x509_evm.der -ln -sf x509_evm.der ./${sysconfdir}/keys/x509_ima.der - # Fix /etc/fstab: it must include the "i_version" mount option for # those file systems where writing files is allowed, otherwise # these changes will not get detected at runtime. @@ -80,13 +71,16 @@ ima_evm_sign_rootfs () { } # Signing must run as late as possible in the do_rootfs task. -# IMAGE_PREPROCESS_COMMAND runs after ROOTFS_POSTPROCESS_COMMAND, so -# append (not prepend!) to IMAGE_PREPROCESS_COMMAND, and do it with -# _append instead of += because _append gets evaluated later. In -# particular, we must run after prelink_image in -# IMAGE_PREPROCESS_COMMAND, because prelinking changes executables. - -IMAGE_PREPROCESS_COMMAND_append = " ima_evm_sign_rootfs ; " +# To guarantee that, we append it to IMAGE_PREPROCESS_COMMAND in +# RecipePreFinalise event handler, this ensures it's the last +# function in IMAGE_PREPROCESS_COMMAND. +python ima_evm_sign_handler () { +if not e.data or 'ima' not in e.data.getVar('DISTRO_FEATURES').split(): +return -# evmctl must have been installed first. -do_rootfs[depends] += "ima-evm-utils-native:do_populate_sysroot" +e.data.appendVar('IMAGE_PREPROCESS_COMMAND', ' ima_evm_sign_rootfs; ') +e.data.appendVar('IMAGE_INSTALL', ' ima-evm-keys') +e.data.appendVarFlag('do_rootfs', 'depends', ' ima-evm-utils-native:do_populate_sysroot') +} +addhandler ima_evm_sign_handler +ima_evm_sign_handler[eventmask] = "bb.event.RecipePreFinalise" diff --git a/meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima.bb b/meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima.bb index dacdc8b..77f6f7c 100644 --- a/meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima.bb +++ b/meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima.bb @@ -27,5 +27,5 @@ do_install () { FILES_${PN} = "/init.d ${sysconfdir}" -RDEPENDS_${PN} = "keyutils
[yocto] [meta-security] [PATCH 2/5] initramfs-framework-ima: fix a wrong path
From: Ming Liu /etc/ima-policy > /etc/ima/ima-policy. Signed-off-by: Ming Liu --- .../recipes-core/initrdscripts/initramfs-framework-ima/ima | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima/ima b/meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima/ima index 8616f99..16ed53f 100644 --- a/meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima/ima +++ b/meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima/ima @@ -46,7 +46,7 @@ ima_run() { # ("[Linux-ima-user] IMA policy loading via cat") and we get better error reporting when # checking the write of each line. To minimize the risk of policy loading going wrong we # also remove comments and blank lines ourselves. -if ! (set -e; while read i; do if echo "$i" | grep -q -e '^#' -e '^ *$'; then debug "Skipping IMA policy: $i"; else debug "Writing IMA policy: $i"; if echo $i; then sleep ${bootparam_ima_delay:-0}; else fatal "Invalid line in IMA policy: $i"; exit 1; fi; fi; done) /sys/kernel/security/ima/policy; then +if ! (set -e; while read i; do if echo "$i" | grep -q -e '^#' -e '^ *$'; then debug "Skipping IMA policy: $i"; else debug "Writing IMA policy: $i"; if echo $i; then sleep ${bootparam_ima_delay:-0}; else fatal "Invalid line in IMA policy: $i"; exit 1; fi; fi; done) /sys/kernel/security/ima/policy; then fatal "Could not load IMA policy." fi } -- 2.29.0 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#52366): https://lists.yoctoproject.org/g/yocto/message/52366 Mute This Topic: https://lists.yoctoproject.org/mt/80703840/21656 Group Owner: yocto+ow...@lists.yoctoproject.org Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[yocto] [meta-security] [PATCH 1/5] ima-evm-utils: set native REQUIRED_DISTRO_FEATURES to empty
From: Ming Liu 'ima' does not have to be in native DISTRO_FEATURES, unset it to avoid sanity check, this fixes a following error: Signed-off-by: Ming Liu --- .../recipes-security/ima-evm-utils/ima-evm-utils_git.bb | 1 + 1 file changed, 1 insertion(+) diff --git a/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils_git.bb b/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils_git.bb index 7f649c2..bd85583 100644 --- a/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils_git.bb +++ b/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils_git.bb @@ -26,6 +26,7 @@ S = "${WORKDIR}/git" inherit pkgconfig autotools features_check REQUIRED_DISTRO_FEATURES = "ima" +REQUIRED_DISTRO_FEATURES_class-native = "" EXTRA_OECONF_append_class-target = " --with-kernel-headers=${STAGING_KERNEL_BUILDDIR}" -- 2.29.0 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#52365): https://lists.yoctoproject.org/g/yocto/message/52365 Mute This Topic: https://lists.yoctoproject.org/mt/80703837/21656 Group Owner: yocto+ow...@lists.yoctoproject.org Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[yocto] [meta-security] [PATCH 0/5] Some fixes for IMA/EVM
From: Ming Liu Ming Liu (5): ima-evm-utils: set native REQUIRED_DISTRO_FEATURES to empty initramfs-framework-ima: fix a wrong path meta: refactor IMA/EVM sign rootfs initramfs-framework-ima: let ima_enabled return 0 ima-evm-rootfs.bbclass: avoid generating /etc/fstab for wic meta-integrity/README.md | 4 ++- meta-integrity/classes/ima-evm-rootfs.bbclass | 33 +-- .../initrdscripts/initramfs-framework-ima.bb | 2 +- .../initrdscripts/initramfs-framework-ima/ima | 3 +- .../ima-evm-keys/ima-evm-keys_1.0.bb | 16 + .../ima-evm-utils/ima-evm-utils_git.bb| 1 + 6 files changed, 38 insertions(+), 21 deletions(-) create mode 100644 meta-integrity/recipes-security/ima-evm-keys/ima-evm-keys_1.0.bb -- 2.29.0 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#52364): https://lists.yoctoproject.org/g/yocto/message/52364 Mute This Topic: https://lists.yoctoproject.org/mt/80703833/21656 Group Owner: yocto+ow...@lists.yoctoproject.org Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [yocto] Timing a recipe
On Tue, 2021-02-16 at 11:43 -0800, rustyhow...@gmail.com wrote: > "time bitbake recipe" is perfect for manual things. But I wanted to > also measure the recipe times when building the entire image. I > ended up creating a bbappend with new pre/post tasks for the main > tasks (fetch, unpack, configure, compile, install, package). The > pre task drops a timestamp file and the post task reads the file, > calculates the elapsed time and logs it to a file. It's a bit clunky > but it gives the information I want. Thanks for the help. As others have said, please look at the buildstats class and the data it saves into TMPDIR/buildstats. It should do what you want and we have tools like pybootchart which can show it visually. Cheers, Richard -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#52363): https://lists.yoctoproject.org/g/yocto/message/52363 Mute This Topic: https://lists.yoctoproject.org/mt/80662724/21656 Group Owner: yocto+ow...@lists.yoctoproject.org Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [yocto] #av1 #armv6 #raspberrypi #neon
So, what is your MACHINE variable set to? Maybe knowing that, somebody can help. Zee -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#52362): https://lists.yoctoproject.org/g/yocto/message/52362 Mute This Topic: https://lists.yoctoproject.org/mt/80700217/21656 Mute #raspberrypi:https://lists.yoctoproject.org/g/yocto/mutehashtag/raspberrypi Mute #av1:https://lists.yoctoproject.org/g/yocto/mutehashtag/av1 Mute #neon:https://lists.yoctoproject.org/g/yocto/mutehashtag/neon Mute #armv6:https://lists.yoctoproject.org/g/yocto/mutehashtag/armv6 Group Owner: yocto+ow...@lists.yoctoproject.org Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[yocto] #av1 #armv6 #raspberrypi #neon
Hello folks, I have an issue integrating av1 in yocto. I get the compile error "compiling simd-neon.h requires -mfpu=neon or equivalent". The problem is that i use armv6 (raspberrypi zero w) so i can't exactly do that. Anyone have a workaround this problem ? Best regards, Safouane.Maaloul -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#52360): https://lists.yoctoproject.org/g/yocto/message/52360 Mute This Topic: https://lists.yoctoproject.org/mt/80700217/21656 Mute #av1:https://lists.yoctoproject.org/g/yocto/mutehashtag/av1 Mute #armv6:https://lists.yoctoproject.org/g/yocto/mutehashtag/armv6 Mute #raspberrypi:https://lists.yoctoproject.org/g/yocto/mutehashtag/raspberrypi Mute #neon:https://lists.yoctoproject.org/g/yocto/mutehashtag/neon Group Owner: yocto+ow...@lists.yoctoproject.org Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [yocto] Regarding Mender integration
Hi, Please see my comments in-line. On 16/02/2021 19:48, U RAVI KUMAR wrote: I have some issues while integrating the mender on the yocto project.I have included meta-mener-core,meta-mender-raspberrypi layers.And iam getting the following error: ERROR: u-boot-1_2020.07-r0 do_patch: Command Error: 'quilt --quiltrc /home/ravi_uppada/work/vm/sato/poky/build/tmp/work/raspberrypi4_64-poky-linux/u-boot/1_2020.07-r0/recipe-sysroot-native/etc/quiltrc push' exited with 0 Output: Applying patch 0001-configs-rpi-enable-mender-requirements.patch patching file configs/rpi_0_w_defconfig Hunk #1 FAILED at 19. ... This looks like the patch you/mender try/tries to apply does not work with your u-boot version.[0] [0] https://github.com/mendersoftware/meta-mender/tree/master/meta-mender-core/recipes-bsp/u-boot Which Yocto version do you use? Which Mender version do you use? You could look into creating your own Mender integration[1] instead of the mender class. [1] https://docs.mender.io/system-updates-yocto-project/board-integration/bootloader-support/u-boot/manual-u-boot-integration I think the right place to ask Mender specific questions is here[2]. [2] https://hub.mender.io/ Regards, Robert -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#52359): https://lists.yoctoproject.org/g/yocto/message/52359 Mute This Topic: https://lists.yoctoproject.org/mt/80585537/21656 Group Owner: yocto+ow...@lists.yoctoproject.org Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-