[linux-yocto][linux-yocto v5.10] linux-yocto kernel code v5.10 for marvell cn96xx

[Ruiqiang Hao]

Hi Bruce,

Linux kernel for marvell cn96xx base on v5.10 is ready in my private repo.
Please help to create branch and merge code into our linux-yocto repo.

repo:
linux-yocto
branch:
v5.10/standard/sdkv4.18/cn96xx

Thanks,
Ruiqiang

The following changes since commit 3457d0ae8a4c3981f789b69144f9c860d63c2cdf:

  Merge tag 'v5.10.10' into v5.10/standard/base (2021-01-24 16:46:23 -0500)

are available in the Git repository at:

  https://github.com/cythe/linux.git 
linux-yocto/v5.10/standard/sdkv4.18/cn96xx.v3

for you to fetch changes up to f8720ba33b42b056c1f5957419a8c131ec6e174d:

  octeontx2-pf: Backport upstream kernel changes (2021-02-03 02:04:05 +)


Aaron Williams (3):
  octeontx2: mmc: Add tuning support for HS400 mode
  mmc: octeontx2: Use flags for hardware differences
  mmc: octeontx2: fix handling calibration glitch

Alex Belits (2):
  arm64: Add support for ASID locking
  kernel/exit.c: Add task cleanup callbacks

Andrew Pinski (3):
  arm64: Add MIDR encoding for some Marvell OcteonTX 2.
  arm64: Add workaround for Cavium erratum 36890
  arm64: Add workaround for Marvell erratum 37119

Angela Czubak (2):
  octeontx2-af: fix rvu_sso_ggrp_taq_flush
  octeontx2-af: fix cgx_lmac_rx_tx_enable

Bharat Bhushan (4):
  dt-bindings: perf: arm-smmuv3-pmu: Add documentation for arm-smmuv3 pmu
  perf/smmuv3: Add device tree support
  perf/smmuv3: Fix programming event type with global filtering
  coresight: Treat ETM4.2 as ETM4.3 on OcteonTx2

Chandrakala Chavva (11):
  mmc: cavium_thunderx: Use proper register to clear interrupts
  driver: mmc: octeontx2: Fix tuning for T96 C0
  driver: mmc: Configure flags for T96 pass B0
  octeontx2-serdes: Update PRBS APIs to start/stop per QLM lane
  octeontx2-serdes: Fix parameter passed to start_prbs().
  octeontx2-serdes: Fix prbs error reporting
  driver: serdes_debugfs: Allow user to clear prbs errors.
  octeontx2-serdes: Fix prbs per lane configuration
  driver: serdes_debugfs: Add new smc call to tune serdes
  driver: serdes_debugfs: Add new smc call for serdes loopback
  driver: serdes_debugfs: Add inject optional parameter to prbs command

Christina Jacob (18):
  octeontx2-pf: Adding ethtool support for link status information.
  octeontx2-af: Support to get link info like current speed, fec etc
  octeontx2-pf: Ethtool support for fec configuration
  octeontx2-af: Move to rvu_fwdata version 1.
  octeontx2-pf: Add ethtool -m option support.
  octeontx2-af: Update fwadata structure with few more reserved fields.
  octeontx2-af: Fetch FEC stats of the physical link
  octeontx2-pf: Support to display fec counters also in ethtool stats.
  octeontx2-pf: Support to display current settings of a vf network 
interface via ethtool
  net:thunderx: fix memory leak in nicvf driver.
  soc: octeontx2: Add mdio command interface using debugfs
  octeontx2-af: Introduce SET_LINK_MODE command to change various 
configurations of a network interface.
  octeontx2-pf: support to change link speed and autoneg
  octeontx2-pf: Disply the link detected status in ethtool command
  net: thunderx: Do a PCS reset upon SGMII link toggle
  octeontx2-pf: remove redundant changes from speed change suppcrt.
  octeontx-af: Interface mode change feature via ethtool
  octeontx2-pf: Interface Mode change using ethtool.

Felix Manlunas (5):
  octeontx2-af: Add new CGX_CMDs to set and get PHY modulation type
  octeontx2-pf: Add ethtool priv flag to control PAM4 on/off
  octeontx2-pf: Fix wrong info in ethtool's list of supported link modes
  octeontx2-pf: Add LIO3 link modes to ethtool's list of supported modes
  octeontx2-af: Add new CGX_CMD to get PHY FEC statistics

Geetha sowjanya (11):
  octeontx2-af: Check SQ counters to detect the deadlock
  octeontx2-af: Update hardware workarounds for 95xx A1 silicon
  PCI: quirks : Apply ACS quirk for all devices
  octeontx2-pf: Ignore NPC parser layer errors
  iommu/arm-smmu-v3: Force 32 byte command queue memory reads
  octeontx2-af: Fix return value in npc_set_pkind
  octeontx2-af: Update HW workarounds for 96xx C0, 98xx and F95xx B0 chips
  octeontx2-pf: Set SMQ MAXLEN to max hardware supported value
  octeontx2-af: Update NIX_TXSCHQ_CONFIG mbox to handle read request
  octeontx2-af: Disable SMQ sticky mode to avoid NIX PSE deadlock
  octeontx2-pf: Fix interface down flag on error

George Cherian (2):
  PCI: Add pci_iounmap
  octeontx2-af: Add support for RSS hashing based on Transport protocol 
field

Hao Zheng (1):
  octeontx2-af: Turn on L2 multicast address check

Hariprasad Kelam (18):
  net: thunderx: fix page reference release in interface tear down
  octeontx2-af: Update tx parse nibble 

[linux-yocto][linux-yocto v5.4/standard/ti-j72x][PATCH] arm64: mm: remove redundant definitions physvirt_offset & vmemmap

[Xulin Sun]

The commit 0edc78af73d0(arm64: mm: use single quantity to represent the PA to 
VA translation)
has removed the definitions physvirt_offset & vmemmap, however which are still
on there since the wrong code merging and caused the compiling error.

Signed-off-by: Xulin Sun 
---
 arch/arm64/mm/init.c | 6 --
 1 file changed, 6 deletions(-)

diff --git a/arch/arm64/mm/init.c b/arch/arm64/mm/init.c
index f1158e246215..22714db16feb 100644
--- a/arch/arm64/mm/init.c
+++ b/arch/arm64/mm/init.c
@@ -53,12 +53,6 @@
 s64 memstart_addr __ro_after_init = -1;
 EXPORT_SYMBOL(memstart_addr);
 
-s64 physvirt_offset __ro_after_init;
-EXPORT_SYMBOL(physvirt_offset);
-
-struct page *vmemmap __ro_after_init;
-EXPORT_SYMBOL(vmemmap);
-
 /*
  * We create both ZONE_DMA and ZONE_DMA32. ZONE_DMA covers the first 1G of
  * memory as some devices, namely the Raspberry Pi 4, have peripherals with
-- 
2.17.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#9476): 
https://lists.yoctoproject.org/g/linux-yocto/message/9476
Mute This Topic: https://lists.yoctoproject.org/mt/80723292/21656
Group Owner: linux-yocto+ow...@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/linux-yocto/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [yocto] QA notification for completed autobuilder build (yocto-3.2.2.rc1)

[Sangeeta Jain]

Hi all,

Intel and WR YP QA is planning for QA execution for YP build yocto-3.2.2.rc1. 
We are planning to execute following tests for this cycle:

OEQA-manual tests for following module:
1. OE-Core
2. BSP-hw

Runtime auto test for following platforms:
1. MinnowTurbot 32-bit
2. Coffee Lake
3. NUC 7
4. NUC 6
5. Edgerouter
6. Beaglebone

ETA for completion is next Monday, February 22.

Thanks,
Sangeeta

> -Original Message-
> From: yocto@lists.yoctoproject.org  On Behalf
> Of Pokybuild User
> Sent: Wednesday, 17 February, 2021 1:44 AM
> To: yocto@lists.yoctoproject.org
> Cc: qa-build-notificat...@lists.yoctoproject.org
> Subject: [yocto] QA notification for completed autobuilder build (yocto-
> 3.2.2.rc1)
> 
> 
> A build flagged for QA (yocto-3.2.2.rc1) was completed on the autobuilder and 
> is
> available at:
> 
> 
> https://autobuilder.yocto.io/pub/releases/yocto-3.2.2.rc1
> 
> 
> Build hash information:
> 
> bitbake: 0a3bf681530bd63fc0036ca81ef868ab53fde56c
> meta-arm: aa63e31b6edb5197764c21434219050ab51f0fbd
> meta-gplv2: 6e8e969590a22a729db1ff342de57f2fd5d02d43
> meta-intel: 1d866c58534eb1d317b7a674c6e6c57ab9594fb0
> meta-kernel: f793168bd19af3d8c5a260dd35f387ed9a31794b
> meta-mingw: 352d8b0aa3c7bbd5060a4cc2ebe7c0e964de4879
> oecore: ebaaee50cb3ac75112827f935c48affaf622ce7f
> poky: d5d6286a66f46f4523e35e0e3f20cd7396195fdc
> 
> 
> 
> This is an automated message from the Yocto Project Autobuilder
> Git: git://git.yoctoproject.org/yocto-autobuilder2
> Email: richard.pur...@linuxfoundation.org
> 
> 
> 

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#52376): https://lists.yoctoproject.org/g/yocto/message/52376
Mute This Topic: https://lists.yoctoproject.org/mt/80684208/21656
Group Owner: yocto+ow...@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[linux-yocto] [PATCH][linux-yocto-dev standard/xlnx-soc] [linux-yocto v5.10/standard/sdkv5.4/xlnx-soc] drm/xlnx: fix kmemleak by sending vblank_event in atomic_disable

[quanyang.wang]

From: Quanyang Wang 

commit a7e02f7796c163ac8297b30223bf24bade9f8a50 upstream

When running xrandr to change resolution of DP, the kmemleak as below
can be observed:

unreferenced object 0x00080a351000 (size 256):
  comm "Xorg", pid 248, jiffies 4294899614 (age 19.960s)
  hex dump (first 32 bytes):
98 a0 bc 01 08 00 ff ff 01 00 00 00 00 00 00 00  
ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00  
  backtrace:
[] kmemleak_alloc+0x30/0x40
[] kmem_cache_alloc+0x3d4/0x588
[<88ea9bd7>] drm_atomic_helper_setup_commit+0x84/0x5f8
[<2290a264>] drm_atomic_helper_commit+0x58/0x388
[] drm_atomic_commit+0x4c/0x60
[] drm_atomic_connector_commit_dpms+0xe8/0x110
[<20ade187>] drm_mode_obj_set_property_ioctl+0x1b0/0x450
[<918206d6>] drm_connector_property_set_ioctl+0x3c/0x68
[<8d51e7a5>] drm_ioctl_kernel+0xc4/0x118
[<2a819b75>] drm_ioctl+0x214/0x448
[<8ca4e588>] __arm64_sys_ioctl+0xa8/0xf0
[<34e15a35>] el0_svc_common.constprop.0+0x74/0x190
[<1b93d916>] do_el0_svc+0x24/0x90
[] el0_svc+0x14/0x20
[] el0_sync_handler+0xb0/0xb8
[<3e79c15f>] el0_sync+0x174/0x180

This is because there is a scenario that a drm_crtc_commit commit is
allocated but not freed. The drm subsystem require/release references
to a CRTC commit by calling drm_crtc_commit_get/put, and when
drm_crtc_commit_put find that commit.ref.refcount is zero, it will
call __drm_crtc_commit_free to free this CRTC commit. Among these
drm_crtc_commit_get/put pairs, there is a drm_crtc_commit_get in
drm_atomic_helper_setup_commit as below:

...
new_crtc_state->event->base.completion = >flip_done;
new_crtc_state->event->base.completion_release = release_crtc_commit;
drm_crtc_commit_get(commit);
...

This reference to the CRTC commit should be released at the function
release_crtc_commit by calling e->completion_release(e->completion) in
drm_send_event_locked. So we need to call drm_send_event_locked at
two places: handling vblank event in the irq handler and the crtc disable
helper. But in zynqmp_disp_crtc_atomic_disable, it only marks the flip
is done and not call drm_crtc_commit_put. This result that the refcount
of this commit is always non-zero and this commit will never be freed.

Since the function drm_crtc_send_vblank_event has operations both sending
a flip_done signal and releasing reference to the CRTC commit, let's use
it instead.

Signed-off-by: Quanyang Wang 
Signed-off-by: Daniel Vetter 
Link: 
https://patchwork.freedesktop.org/patch/msgid/20210202064121.173362-1-quanyang.w...@windriver.com
---
 drivers/gpu/drm/xlnx/zynqmp_disp.c | 14 --
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/drivers/gpu/drm/xlnx/zynqmp_disp.c 
b/drivers/gpu/drm/xlnx/zynqmp_disp.c
index da4f3c3f49bd..75c7137d8862 100644
--- a/drivers/gpu/drm/xlnx/zynqmp_disp.c
+++ b/drivers/gpu/drm/xlnx/zynqmp_disp.c
@@ -2265,12 +2265,6 @@ static void zynqmp_disp_disable(struct zynqmp_disp 
*disp, bool force)
zynqmp_disp_av_buf_disable_buf(>av_buf);
zynqmp_disp_av_buf_disable(>av_buf);
 
-   /* Mark the flip is done as crtc is disabled anyway */
-   if (crtc->state->event) {
-   complete_all(crtc->state->event->base.completion);
-   crtc->state->event = NULL;
-   }
-
disp->enabled = false;
 }
 
@@ -2959,6 +2953,14 @@ zynqmp_disp_crtc_atomic_disable(struct drm_crtc *crtc,
zynqmp_disp_plane_disable(crtc->primary);
zynqmp_disp_disable(disp, true);
drm_crtc_vblank_off(crtc);
+
+   spin_lock_irq(>dev->event_lock);
+   if (crtc->state->event) {
+   drm_crtc_send_vblank_event(crtc, crtc->state->event);
+   crtc->state->event = NULL;
+   }
+   spin_unlock_irq(>dev->event_lock);
+
pm_runtime_put_sync(disp->dev);
 }
 
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#9475): 
https://lists.yoctoproject.org/g/linux-yocto/message/9475
Mute This Topic: https://lists.yoctoproject.org/mt/80721150/21656
Group Owner: linux-yocto+ow...@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/linux-yocto/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[yocto] Deploying the kernel image to a dedicated partition with WIC

[Andrew Ellis via lists.yoctoproject.org]

Hello

I am trying to create a kickstart file which will deploy grub to a FAT 
FS partition, deploy the kernel to it's own partition and create a 
squash root fs. I can deploy grub and create a squash root fs which 
successfully. If I use a kernel which resides in the boot partition with 
grub, then the squash root fs is mounted successfully.


After much searching, Ive not been able to find what I need to add to my 
wks file to deploy the kernel to it's own partition. Can someone please 
tell my what I need to add to the wks file so that the kernel is copied 
to it's own partition please.


Thanks in advance

Andrew


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#52375): https://lists.yoctoproject.org/g/yocto/message/52375
Mute This Topic: https://lists.yoctoproject.org/mt/80713847/21656
Group Owner: yocto+ow...@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[yocto] [PATCH yocto-autobuilder2] schedulers: add appropriate meta-arm branches to the release selector

[Ross Burton]

Signed-off-by: Ross Burton 
---
 schedulers.py | 5 +
 1 file changed, 5 insertions(+)

diff --git a/schedulers.py b/schedulers.py
index dbf72c9..8479290 100644
--- a/schedulers.py
+++ b/schedulers.py
@@ -175,6 +175,7 @@ def parent_scheduler(target):
 'branch': 'master',
 'branch_poky': 'master',
 'branch_bitbake': 'master',
+'branch_meta-arm': 'master',
 'branch_meta-gplv2': 'master',
 'branch_meta-intel': 'master',
 'branch_meta-mingw': 'master',
@@ -184,6 +185,7 @@ def parent_scheduler(target):
 'branch': 'master',
 'branch_poky': 'master-next',
 'branch_bitbake': 'master-next',
+'branch_meta-arm': 'master',
 'branch_meta-gplv2': 'master',
 'branch_meta-intel': 'master',
 'branch_meta-mingw': 'master',
@@ -194,6 +196,7 @@ def parent_scheduler(target):
 'branch_poky': 'ross/mut',
 'repo_poky': 'git://git.yoctoproject.org/poky-contrib',
 'branch_bitbake': 'master',
+'branch_meta-arm': 'master',
 'branch_meta-gplv2': 'master',
 'branch_meta-intel': 'master',
 'branch_meta-mingw': 'master',
@@ -203,6 +206,7 @@ def parent_scheduler(target):
 'branch': 'gatesgarth',
 'branch_poky': 'gatesgarth',
 'branch_bitbake': '1.48',
+'branch_meta-arm': 'gatesgarth',
 'branch_meta-gplv2': 'gatesgarth',
 'branch_meta-intel': 'gatesgarth',
 'branch_meta-mingw': 'gatesgarth',
@@ -212,6 +216,7 @@ def parent_scheduler(target):
 'branch': 'dunfell',
 'branch_poky': 'dunfell',
 'branch_bitbake': '1.46',
+'branch_meta-arm': 'dunfell',
 'branch_meta-gplv2': 'dunfell',
 'branch_meta-intel': 'dunfell',
 'branch_meta-mingw': 'dunfell',
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#52374): https://lists.yoctoproject.org/g/yocto/message/52374
Mute This Topic: https://lists.yoctoproject.org/mt/80708917/21656
Group Owner: yocto+ow...@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[yocto] [PATCH yocto-autobuilder-helper] config: build and test SDKs when using package_deb

[Ross Burton]

Signed-off-by: Ross Burton 
---
 config.json | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/config.json b/config.json
index ea2d86b..3286e57 100644
--- a/config.json
+++ b/config.json
@@ -580,8 +580,8 @@
 "pkgman-deb-non-deb" : {
 "MACHINE" : "qemux86",
 "PACKAGE_CLASSES" : "package_deb",
-"BBTARGETS" : "core-image-sato core-image-sato-dev 
core-image-sato-sdk core-image-minimal core-image-minimal-dev",
-"SANITYTARGETS" : "core-image-minimal:do_testimage 
core-image-sato:do_testimage core-image-sato-sdk:do_testimage"
+"BBTARGETS" : "core-image-sato core-image-sato-dev 
core-image-sato-sdk core-image-minimal core-image-minimal-dev 
core-image-sato:do_populate_sdk",
+"SANITYTARGETS" : "core-image-minimal:do_testimage 
core-image-sato:do_testimage core-image-sato-sdk:do_testimage 
core-image-sato:do_testsdk"
 },
 "pkgman-non-rpm" : {
 "MACHINE" : "qemux86",
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#52373): https://lists.yoctoproject.org/g/yocto/message/52373
Mute This Topic: https://lists.yoctoproject.org/mt/80708714/21656
Group Owner: yocto+ow...@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[yocto] changing root password in readonly rootfs

[Marek Belisko]

Hi,

does anybody know if there is a way to have possibility to change root
pwd when readonly rootfs is used? I've added shadow package + overlay
/ect/shadow + /etc/passwd but chpasswd  complains and changis is not
possible.

Thanks and BR,

marek

-- 
as simple and primitive as possible
-
Marek Belisko - OPEN-NANDRA
Freelance Developer

Ruska Nova Ves 219 | Presov, 08005 Slovak Republic
Tel: +421 915 052 184
skype: marekwhite
twitter: #opennandra
web: http://open-nandra.com

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#52372): https://lists.yoctoproject.org/g/yocto/message/52372
Mute This Topic: https://lists.yoctoproject.org/mt/80705529/21656
Group Owner: yocto+ow...@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [yocto] Regarding Mender integration

[U RAVI KUMAR]

HI robert,

Thank you very much for your response.

Regards,
RAVI_UPPADA

On Wed, Feb 17, 2021 at 2:21 PM Robert ber...@yocto.user <
robert.berger.yocto.u...@gmail.com> wrote:

> Hi,
>
> Please see my comments in-line.
>
> On 16/02/2021 19:48, U RAVI KUMAR wrote:
> > I have some issues while integrating the mender on the yocto
> > project.I have included meta-mener-core,meta-mender-raspberrypi
> > layers.And iam getting the following error:
> >
> > ERROR: u-boot-1_2020.07-r0 do_patch: Command Error: 'quilt --quiltrc
> >
>  
> /home/ravi_uppada/work/vm/sato/poky/build/tmp/work/raspberrypi4_64-poky-linux/u-boot/1_2020.07-r0/recipe-sysroot-native/etc/quiltrc
> > push' exited with 0  Output:
> > Applying patch 0001-configs-rpi-enable-mender-requirements.patch
> > patching file configs/rpi_0_w_defconfig
> > Hunk #1 FAILED at 19.
>
> ...
>
> This looks like the patch you/mender try/tries to apply does not work
> with your u-boot version.[0]
>
> [0]
>
> https://github.com/mendersoftware/meta-mender/tree/master/meta-mender-core/recipes-bsp/u-boot
>
> Which Yocto version do you use?
>
> Which Mender version do you use?
>
> You could look into creating your own Mender integration[1] instead of
> the mender class.
>
> [1]
>
> https://docs.mender.io/system-updates-yocto-project/board-integration/bootloader-support/u-boot/manual-u-boot-integration
>
> I think the right place to ask Mender specific questions is here[2].
>
> [2] https://hub.mender.io/
>
> Regards,
>
> Robert
>
>
>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#52371): https://lists.yoctoproject.org/g/yocto/message/52371
Mute This Topic: https://lists.yoctoproject.org/mt/80585537/21656
Group Owner: yocto+ow...@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [yocto] [meta-security] [PATCH 0/5] Some fixes for IMA/EVM

[Dmitry Baryshkov]

I suppose, patch 3 can be split into logical chunks.
Other patches are:

Reviewed-by: Dmitry Baryshkov 

ср, 17 февр. 2021 г. в 17:09, Ming Liu :
>
> From: Ming Liu 
>
> Ming Liu (5):
>   ima-evm-utils: set native REQUIRED_DISTRO_FEATURES to empty
>   initramfs-framework-ima: fix a wrong path
>   meta: refactor IMA/EVM sign rootfs
>   initramfs-framework-ima: let ima_enabled return 0
>   ima-evm-rootfs.bbclass: avoid generating /etc/fstab for wic
>
>  meta-integrity/README.md  |  4 ++-
>  meta-integrity/classes/ima-evm-rootfs.bbclass | 33 +--
>  .../initrdscripts/initramfs-framework-ima.bb  |  2 +-
>  .../initrdscripts/initramfs-framework-ima/ima |  3 +-
>  .../ima-evm-keys/ima-evm-keys_1.0.bb  | 16 +
>  .../ima-evm-utils/ima-evm-utils_git.bb|  1 +
>  6 files changed, 38 insertions(+), 21 deletions(-)
>  create mode 100644 
> meta-integrity/recipes-security/ima-evm-keys/ima-evm-keys_1.0.bb
>
> --
> 2.29.0
>
>
> 
>


-- 
With best wishes
Dmitry

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#52370): https://lists.yoctoproject.org/g/yocto/message/52370
Mute This Topic: https://lists.yoctoproject.org/mt/80703833/21656
Group Owner: yocto+ow...@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[yocto] [meta-security] [PATCH 5/5] ima-evm-rootfs.bbclass: avoid generating /etc/fstab for wic

[Ming Liu]

From: Ming Liu 

Or else wic will fail without "--no-fstab-update" option.

Signed-off-by: Ming Liu 
---
 meta-integrity/classes/ima-evm-rootfs.bbclass | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/meta-integrity/classes/ima-evm-rootfs.bbclass 
b/meta-integrity/classes/ima-evm-rootfs.bbclass
index 4359af0..0acd6e7 100644
--- a/meta-integrity/classes/ima-evm-rootfs.bbclass
+++ b/meta-integrity/classes/ima-evm-rootfs.bbclass
@@ -28,6 +28,9 @@ IMA_EVM_ROOTFS_HASHED ?= ". -depth 0 -false"
 # the iversion flags (needed by IMA when allowing writing).
 IMA_EVM_ROOTFS_IVERSION ?= ""
 
+# Avoid re-generating fstab when ima is enabled.
+WIC_CREATE_EXTRA_ARGS_append = "${@bb.utils.contains('DISTRO_FEATURES', 'ima', 
' --no-fstab-update', '', d)}"
+
 ima_evm_sign_rootfs () {
 cd ${IMAGE_ROOTFS}
 
-- 
2.29.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#52369): https://lists.yoctoproject.org/g/yocto/message/52369
Mute This Topic: https://lists.yoctoproject.org/mt/80703847/21656
Group Owner: yocto+ow...@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[yocto] [meta-security] [PATCH 4/5] initramfs-framework-ima: let ima_enabled return 0

[Ming Liu]

From: Ming Liu 

Otherwise, ima script would not run as intended.

Signed-off-by: Ming Liu 
---
 .../recipes-core/initrdscripts/initramfs-framework-ima/ima   | 1 +
 1 file changed, 1 insertion(+)

diff --git 
a/meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima/ima 
b/meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima/ima
index 16ed53f..cff26a3 100644
--- a/meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima/ima
+++ b/meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima/ima
@@ -6,6 +6,7 @@ ima_enabled() {
 if [ "$bootparam_no_ima" = "true" ]; then
 return 1
 fi
+return 0
 }
 
 ima_run() {
-- 
2.29.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#52368): https://lists.yoctoproject.org/g/yocto/message/52368
Mute This Topic: https://lists.yoctoproject.org/mt/80703845/21656
Group Owner: yocto+ow...@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[yocto] [meta-security] [PATCH 3/5] meta: refactor IMA/EVM sign rootfs

[Ming Liu]

From: Ming Liu 

The current logic in ima-evm-rootfs.bbclass does not guarantee
ima_evm_sign_rootfs is the last function in IMAGE_PREPROCESS_COMMAND
by appending to it, for instance, if there are other "_append" being
used as it's the case in openembedded-core/meta/classes/image.bbclass:

| IMAGE_PREPROCESS_COMMAND_append = " ${@ 'systemd_preset_all;' \
| if bb.utils.contains('DISTRO_FEATURES', 'systemd', True, False, d) \
| and not bb.utils.contains('IMAGE_FEATURES', 'stateless-rootfs', True,
| False, d) else ''} reproducible_final_image_task; "

and ima-evm-rootfs should be in IMAGE_CLASSES instead of in INHERIT
since that would impact all recipes but not only image recipes.

To fix the above issues, we introduce a ima_evm_sign_handler setting
IMA/EVM rootfs signing requirements/dependencies in event
bb.event.RecipePreFinalise, it checks 'ima' distro feature to decide if
IMA/EVM rootfs signing logic should be applied or not.

We also need split public keys to ima-evm-keys recipe, so it could be
added both in initramfs and rootfs, so initramfs recipe does not have to
inherit ima-evm-rootfs

Signed-off-by: Ming Liu 
---
 meta-integrity/README.md  |  4 ++-
 meta-integrity/classes/ima-evm-rootfs.bbclass | 30 ---
 .../initrdscripts/initramfs-framework-ima.bb  |  2 +-
 .../ima-evm-keys/ima-evm-keys_1.0.bb  | 16 ++
 4 files changed, 32 insertions(+), 20 deletions(-)
 create mode 100644 
meta-integrity/recipes-security/ima-evm-keys/ima-evm-keys_1.0.bb

diff --git a/meta-integrity/README.md b/meta-integrity/README.md
index 4607948..5048fba 100644
--- a/meta-integrity/README.md
+++ b/meta-integrity/README.md
@@ -73,8 +73,10 @@ Adding the layer only enables IMA (see below regarding EVM) 
during
 compilation of the Linux kernel. To also activate it when building
 the image, enable image signing in the local.conf like this:
 
-INHERIT += "ima-evm-rootfs"
+IMAGE_CLASSES += "ima-evm-rootfs"
 IMA_EVM_KEY_DIR = "${INTEGRITY_BASE}/data/debug-keys"
+IMA_EVM_PRIVKEY = "${IMA_EVM_KEY_DIR}/privkey_ima.pem"
+IMA_EVM_X509 = "${IMA_EVM_KEY_DIR}/x509_ima.der"
 
 This uses the default keys provided in the "data" directory of the layer.
 Because everyone has access to these private keys, such an image
diff --git a/meta-integrity/classes/ima-evm-rootfs.bbclass 
b/meta-integrity/classes/ima-evm-rootfs.bbclass
index d6ade3b..4359af0 100644
--- a/meta-integrity/classes/ima-evm-rootfs.bbclass
+++ b/meta-integrity/classes/ima-evm-rootfs.bbclass
@@ -37,15 +37,6 @@ ima_evm_sign_rootfs () {
 # reasons (including a change of the signing keys) without also
 # re-running do_rootfs.
 
-# Copy file(s) which must be on the device. Note that
-# evmctl uses x509_evm.der also for "ima_verify", which is probably
-# a bug (should default to x509_ima.der). Does not matter for us
-# because we use the same key for both.
-install -d ./${sysconfdir}/keys
-rm -f ./${sysconfdir}/keys/x509_evm.der
-install "${IMA_EVM_X509}" ./${sysconfdir}/keys/x509_evm.der
-ln -sf x509_evm.der ./${sysconfdir}/keys/x509_ima.der
-
 # Fix /etc/fstab: it must include the "i_version" mount option for
 # those file systems where writing files is allowed, otherwise
 # these changes will not get detected at runtime.
@@ -80,13 +71,16 @@ ima_evm_sign_rootfs () {
 }
 
 # Signing must run as late as possible in the do_rootfs task.
-# IMAGE_PREPROCESS_COMMAND runs after ROOTFS_POSTPROCESS_COMMAND, so
-# append (not prepend!) to IMAGE_PREPROCESS_COMMAND, and do it with
-# _append instead of += because _append gets evaluated later. In
-# particular, we must run after prelink_image in
-# IMAGE_PREPROCESS_COMMAND, because prelinking changes executables.
-
-IMAGE_PREPROCESS_COMMAND_append = " ima_evm_sign_rootfs ; "
+# To guarantee that, we append it to IMAGE_PREPROCESS_COMMAND in
+# RecipePreFinalise event handler, this ensures it's the last
+# function in IMAGE_PREPROCESS_COMMAND.
+python ima_evm_sign_handler () {
+if not e.data or 'ima' not in e.data.getVar('DISTRO_FEATURES').split():
+return
 
-# evmctl must have been installed first.
-do_rootfs[depends] += "ima-evm-utils-native:do_populate_sysroot"
+e.data.appendVar('IMAGE_PREPROCESS_COMMAND', ' ima_evm_sign_rootfs; ')
+e.data.appendVar('IMAGE_INSTALL', ' ima-evm-keys')
+e.data.appendVarFlag('do_rootfs', 'depends', ' 
ima-evm-utils-native:do_populate_sysroot')
+}
+addhandler ima_evm_sign_handler
+ima_evm_sign_handler[eventmask] = "bb.event.RecipePreFinalise"
diff --git 
a/meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima.bb 
b/meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima.bb
index dacdc8b..77f6f7c 100644
--- a/meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima.bb
+++ b/meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima.bb
@@ -27,5 +27,5 @@ do_install () {
 
 FILES_${PN} = "/init.d ${sysconfdir}"
 
-RDEPENDS_${PN} = "keyutils 

[yocto] [meta-security] [PATCH 2/5] initramfs-framework-ima: fix a wrong path

[Ming Liu]

From: Ming Liu 

/etc/ima-policy > /etc/ima/ima-policy.

Signed-off-by: Ming Liu 
---
 .../recipes-core/initrdscripts/initramfs-framework-ima/ima  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git 
a/meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima/ima 
b/meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima/ima
index 8616f99..16ed53f 100644
--- a/meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima/ima
+++ b/meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima/ima
@@ -46,7 +46,7 @@ ima_run() {
 # ("[Linux-ima-user] IMA policy loading via cat") and we get better error 
reporting when
 # checking the write of each line. To minimize the risk of policy loading 
going wrong we
 # also remove comments and blank lines ourselves.
-if ! (set -e; while read i; do if echo "$i" | grep -q -e '^#' -e '^ *$'; 
then debug "Skipping IMA policy: $i"; else debug "Writing IMA policy: $i"; if 
echo $i; then sleep ${bootparam_ima_delay:-0}; else fatal "Invalid line in IMA 
policy: $i"; exit 1; fi; fi; done) /sys/kernel/security/ima/policy; then
+if ! (set -e; while read i; do if echo "$i" | grep -q -e '^#' -e '^ *$'; 
then debug "Skipping IMA policy: $i"; else debug "Writing IMA policy: $i"; if 
echo $i; then sleep ${bootparam_ima_delay:-0}; else fatal "Invalid line in IMA 
policy: $i"; exit 1; fi; fi; done) /sys/kernel/security/ima/policy; then
 fatal "Could not load IMA policy."
 fi
 }
-- 
2.29.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#52366): https://lists.yoctoproject.org/g/yocto/message/52366
Mute This Topic: https://lists.yoctoproject.org/mt/80703840/21656
Group Owner: yocto+ow...@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[yocto] [meta-security] [PATCH 1/5] ima-evm-utils: set native REQUIRED_DISTRO_FEATURES to empty

[Ming Liu]

From: Ming Liu 

'ima' does not have to be in native DISTRO_FEATURES, unset it to avoid
sanity check, this fixes a following error:

Signed-off-by: Ming Liu 
---
 .../recipes-security/ima-evm-utils/ima-evm-utils_git.bb  | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils_git.bb 
b/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils_git.bb
index 7f649c2..bd85583 100644
--- a/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils_git.bb
+++ b/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils_git.bb
@@ -26,6 +26,7 @@ S = "${WORKDIR}/git"
 inherit pkgconfig autotools features_check
 
 REQUIRED_DISTRO_FEATURES = "ima"
+REQUIRED_DISTRO_FEATURES_class-native = ""
 
 EXTRA_OECONF_append_class-target = " 
--with-kernel-headers=${STAGING_KERNEL_BUILDDIR}"
 
-- 
2.29.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#52365): https://lists.yoctoproject.org/g/yocto/message/52365
Mute This Topic: https://lists.yoctoproject.org/mt/80703837/21656
Group Owner: yocto+ow...@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[yocto] [meta-security] [PATCH 0/5] Some fixes for IMA/EVM

[Ming Liu]

From: Ming Liu 

Ming Liu (5):
  ima-evm-utils: set native REQUIRED_DISTRO_FEATURES to empty
  initramfs-framework-ima: fix a wrong path
  meta: refactor IMA/EVM sign rootfs
  initramfs-framework-ima: let ima_enabled return 0
  ima-evm-rootfs.bbclass: avoid generating /etc/fstab for wic

 meta-integrity/README.md  |  4 ++-
 meta-integrity/classes/ima-evm-rootfs.bbclass | 33 +--
 .../initrdscripts/initramfs-framework-ima.bb  |  2 +-
 .../initrdscripts/initramfs-framework-ima/ima |  3 +-
 .../ima-evm-keys/ima-evm-keys_1.0.bb  | 16 +
 .../ima-evm-utils/ima-evm-utils_git.bb|  1 +
 6 files changed, 38 insertions(+), 21 deletions(-)
 create mode 100644 
meta-integrity/recipes-security/ima-evm-keys/ima-evm-keys_1.0.bb

-- 
2.29.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#52364): https://lists.yoctoproject.org/g/yocto/message/52364
Mute This Topic: https://lists.yoctoproject.org/mt/80703833/21656
Group Owner: yocto+ow...@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [yocto] Timing a recipe

[Richard Purdie]

On Tue, 2021-02-16 at 11:43 -0800, rustyhow...@gmail.com wrote:
> "time bitbake recipe" is perfect for manual things. But I wanted to
> also measure the recipe times when building the entire image.  I
> ended up creating  a bbappend with new pre/post tasks for the main
> tasks (fetch, unpack, configure, compile, install, package).   The
> pre task drops a timestamp file and the post task reads the file,
> calculates the elapsed time and logs it to a file.  It's a bit clunky
> but it gives the information I want.  Thanks for the help.

As others have said, please look at the buildstats class and the data
it saves into TMPDIR/buildstats. It should do what you want and we have
tools like pybootchart which can show it visually.

Cheers,

Richard




-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#52363): https://lists.yoctoproject.org/g/yocto/message/52363
Mute This Topic: https://lists.yoctoproject.org/mt/80662724/21656
Group Owner: yocto+ow...@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [yocto] #av1 #armv6 #raspberrypi #neon

[Zoran]

So, what is your MACHINE variable set to?

Maybe knowing that, somebody can help.

Zee

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#52362): https://lists.yoctoproject.org/g/yocto/message/52362
Mute This Topic: https://lists.yoctoproject.org/mt/80700217/21656
Mute #raspberrypi:https://lists.yoctoproject.org/g/yocto/mutehashtag/raspberrypi
Mute #av1:https://lists.yoctoproject.org/g/yocto/mutehashtag/av1
Mute #neon:https://lists.yoctoproject.org/g/yocto/mutehashtag/neon
Mute #armv6:https://lists.yoctoproject.org/g/yocto/mutehashtag/armv6
Group Owner: yocto+ow...@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[yocto] #av1 #armv6 #raspberrypi #neon

[safouane maaloul]

Hello folks,

I have an issue integrating av1  in yocto. I get the  compile  error "compiling 
simd-neon.h requires -mfpu=neon or equivalent". The problem is that i use armv6 
(raspberrypi zero w) so i can't exactly do that. Anyone have a workaround this 
problem ?

Best regards,

Safouane.Maaloul

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#52360): https://lists.yoctoproject.org/g/yocto/message/52360
Mute This Topic: https://lists.yoctoproject.org/mt/80700217/21656
Mute #av1:https://lists.yoctoproject.org/g/yocto/mutehashtag/av1
Mute #armv6:https://lists.yoctoproject.org/g/yocto/mutehashtag/armv6
Mute #raspberrypi:https://lists.yoctoproject.org/g/yocto/mutehashtag/raspberrypi
Mute #neon:https://lists.yoctoproject.org/g/yocto/mutehashtag/neon
Group Owner: yocto+ow...@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [yocto] Regarding Mender integration

[Robert Berger]

Hi,

Please see my comments in-line.

On 16/02/2021 19:48, U RAVI KUMAR wrote:

I have some issues while integrating the mender on the yocto
project.I have included meta-mener-core,meta-mender-raspberrypi
layers.And iam getting the following error:

ERROR: u-boot-1_2020.07-r0 do_patch: Command Error: 'quilt --quiltrc

/home/ravi_uppada/work/vm/sato/poky/build/tmp/work/raspberrypi4_64-poky-linux/u-boot/1_2020.07-r0/recipe-sysroot-native/etc/quiltrc
push' exited with 0  Output:
Applying patch 0001-configs-rpi-enable-mender-requirements.patch
patching file configs/rpi_0_w_defconfig
Hunk #1 FAILED at 19.


...

This looks like the patch you/mender try/tries to apply does not work 
with your u-boot version.[0]


[0] 
https://github.com/mendersoftware/meta-mender/tree/master/meta-mender-core/recipes-bsp/u-boot


Which Yocto version do you use?

Which Mender version do you use?

You could look into creating your own Mender integration[1] instead of 
the mender class.


[1] 
https://docs.mender.io/system-updates-yocto-project/board-integration/bootloader-support/u-boot/manual-u-boot-integration


I think the right place to ask Mender specific questions is here[2].

[2] https://hub.mender.io/

Regards,

Robert



-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#52359): https://lists.yoctoproject.org/g/yocto/message/52359
Mute This Topic: https://lists.yoctoproject.org/mt/80585537/21656
Group Owner: yocto+ow...@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-