From patchwork Wed Aug 31 07:31:16 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jan Kiszka X-Patchwork-Id: 12960468 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id BF9E0ECAAD3 for ; Wed, 31 Aug 2022 07:36:09 +0000 (UTC) Received: from mta-64-228.siemens.flowmailer.net (mta-64-228.siemens.flowmailer.net [185.136.64.228]) by mx.groups.io with SMTP id smtpd.web10.22751.1661931368008648892 for ; Wed, 31 Aug 2022 00:36:09 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=jan.kiszka@siemens.com header.s=fm1 header.b=gkMIwgUy; spf=pass (domain: rts-flowmailer.siemens.com, ip: 185.136.64.228, mailfrom: fm-294854-20220831073123c63490164ec47f22c8-z_bcno@rts-flowmailer.siemens.com) Received: by mta-64-228.siemens.flowmailer.net with ESMTPSA id 20220831073123c63490164ec47f22c8 for ; Wed, 31 Aug 2022 09:36:05 +0200 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=fm1; d=siemens.com; i=jan.kiszka@siemens.com; h=Date:From:Subject:To:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding:References:In-Reply-To; bh=qn8yvx2u7/aaK86OPEojEq0cV1j1CbBrgRON/QsO6tA=; b=gkMIwgUyKlicM5+Jii69O4eH8LVgRCKNIztHv+9w3CqkNuOvBAIZG1uCU/ZU/I28ZQIKgS wYtQiKEkvfvFQLvWq1nQMhphybbqgjjscr9HcKtOC/gq0bSX6vxodhQtua/aG7NxjO4yCIP6 D++B5cmUtgPmdH1K5Qi50U1nRPnxs=; From: Jan Kiszka To: cip-dev@lists.cip-project.org Subject: [isar-cip-core][PATCH 1/6] swupdate: Use cpio from buildchroot Date: Wed, 31 Aug 2022 09:31:16 +0200 Message-Id: In-Reply-To: References: MIME-Version: 1.0 X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-294854:519-21489:flowmailer List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 31 Aug 2022 07:36:09 -0000 X-Groupsio-URL: https://lists.cip-project.org/g/cip-dev/message/9334 From: Jan Kiszka The cpio tool is not an essential dependency of Isar, so we cannot use it from the host environment. This only worked so far with the kas container by chance but will change with its next release. Signed-off-by: Jan Kiszka --- classes/swupdate.bbclass | 53 ++++++++++++++++++++-------------------- 1 file changed, 27 insertions(+), 26 deletions(-) diff --git a/classes/swupdate.bbclass b/classes/swupdate.bbclass index c3fc303..46d2a36 100644 --- a/classes/swupdate.bbclass +++ b/classes/swupdate.bbclass @@ -16,6 +16,9 @@ SWU_SIGNED ?= "" SWU_SIGNATURE_EXT ?= "sig" SWU_SIGNATURE_TYPE ?= "rsa" +BUILDCHROOT_IMAGE_FILE ?= "${PP_DEPLOY}/${@os.path.basename(d.getVar('SWU_IMAGE_FILE'))}" + +IMAGER_INSTALL += "cpio" IMAGER_INSTALL += "${@'openssl' if bb.utils.to_boolean(d.getVar('SWU_SIGNED')) else ''}" do_swupdate_binary[stamp-extra-info] = "${DISTRO}-${MACHINE}" @@ -46,16 +49,17 @@ do_swupdate_binary() { # Create symlinks for files used in the update image for file in ${SWU_ADDITIONAL_FILES}; do if [ -e "${WORKDIR}/$file" ]; then - ln -s "${WORKDIR}/$file" "${WORKDIR}/swu/$file" + ln -s "${PP_WORK}/$file" "${WORKDIR}/swu/$file" else - ln -s "${DEPLOY_DIR_IMAGE}/$file" "${WORKDIR}/swu/$file" + ln -s "${PP_DEPLOY}/$file" "${WORKDIR}/swu/$file" fi done + image_do_mounts + # Prepare for signing sign='${@'x' if bb.utils.to_boolean(d.getVar('SWU_SIGNED')) else ''}' if [ -n "$sign" ]; then - image_do_mounts cp -f '${SIGN_KEY}' '${WORKDIR}/dev.key' test -e '${SIGN_CRT}' && cp -f '${SIGN_CRT}' '${WORKDIR}/dev.crt' fi @@ -66,29 +70,26 @@ do_swupdate_binary() { '${WORKDIR}/swu/${SWU_DESCRIPTION_FILE}' done - cd "${WORKDIR}/swu" - for file in '${SWU_DESCRIPTION_FILE}' ${SWU_ADDITIONAL_FILES}; do - echo "$file" - if [ -n "$sign" -a \ - '${SWU_DESCRIPTION_FILE}' = "$file" ]; then - if [ "${SWU_SIGNATURE_TYPE}" = "rsa" ]; then - sudo chroot ${BUILDCHROOT_DIR} /usr/bin/openssl dgst \ - -sha256 -sign '${PP_WORK}/dev.key' \ - '${PP_WORK}/swu/'"$file" \ - > '${WORKDIR}/swu/'"$file".'${SWU_SIGNATURE_EXT}' - elif [ "${SWU_SIGNATURE_TYPE}" = "cms" ]; then - sudo chroot ${BUILDCHROOT_DIR} /usr/bin/openssl cms \ - -sign -in '${PP_WORK}/swu/'"$file" \ - -out '${WORKDIR}/swu/'"$file".'${SWU_SIGNATURE_EXT}' \ - -signer '${PP_WORK}/dev.crt' \ - -inkey '${PP_WORK}/dev.key' \ - -outform DER -nosmimecap -binary - fi - echo "$file".'${SWU_SIGNATURE_EXT}' - fi - done | cpio -ovL -H crc \ - > '${SWU_IMAGE_FILE}' - cd - + sudo -E chroot ${BUILDCHROOT_DIR} sh -c ' \ + cd "${PP_WORK}/swu" + for file in "${SWU_DESCRIPTION_FILE}" ${SWU_ADDITIONAL_FILES}; do + echo "$file" + if [ -n "$sign" -a "${SWU_DESCRIPTION_FILE}" = "$file" ]; then + if [ "${SWU_SIGNATURE_TYPE}" = "rsa" ]; then + openssl dgst \ + -sha256 -sign "${PP_WORK}/dev.key" "$file" \ + > "$file.${SWU_SIGNATURE_EXT}" + elif [ "${SWU_SIGNATURE_TYPE}" = "cms" ]; then + openssl cms \ + -sign -in "$file" \ + -out "$file"."${SWU_SIGNATURE_EXT}" \ + -signer "${PP_WORK}/dev.crt" \ + -inkey "${PP_WORK}/dev.key" \ + -outform DER -nosmimecap -binary + fi + echo "$file.${SWU_SIGNATURE_EXT}" + fi + done | cpio -ovL -H crc > "${BUILDCHROOT_IMAGE_FILE}"' } addtask swupdate_binary before do_build after do_deploy do_copy_boot_files do_install_imager_deps do_transform_template From patchwork Wed Aug 31 07:31:17 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jan Kiszka X-Patchwork-Id: 12960461 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id BC327C3DA6B for ; Wed, 31 Aug 2022 07:31:29 +0000 (UTC) Received: from mta-65-226.siemens.flowmailer.net (mta-65-226.siemens.flowmailer.net [185.136.65.226]) by mx.groups.io with SMTP id smtpd.web08.22386.1661931086169712338 for ; Wed, 31 Aug 2022 00:31:27 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=jan.kiszka@siemens.com header.s=fm1 header.b=VrGfh1aW; spf=pass (domain: rts-flowmailer.siemens.com, ip: 185.136.65.226, mailfrom: fm-294854-20220831073123f1fefb9610d34d77ad-rtt2z1@rts-flowmailer.siemens.com) Received: by mta-65-226.siemens.flowmailer.net with ESMTPSA id 20220831073123f1fefb9610d34d77ad for ; Wed, 31 Aug 2022 09:31:23 +0200 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=fm1; d=siemens.com; i=jan.kiszka@siemens.com; h=Date:From:Subject:To:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding:References:In-Reply-To; bh=pbsDyylxiwUUOLcjESPePXN4PQNfWQZo8lqvXIDlP74=; b=VrGfh1aWz4vM+8hlPmhpU76y10RN5X3lIatsOERlDTlRWtGjNPitTi4vL36uE1MysKWtLX SSiD06wJ9ggSUI3UFmX6FKvPsqDtwftShgMc7l2kbrXNYrIkPN3n4HmAYhidoClRhmFPA9HA S29qu5MFPvUlUFU6B7CDunAYuYnUQ=; From: Jan Kiszka To: cip-dev@lists.cip-project.org Subject: [isar-cip-core][PATCH 2/6] Update Isar revision Date: Wed, 31 Aug 2022 09:31:17 +0200 Message-Id: In-Reply-To: References: MIME-Version: 1.0 X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-294854:519-21489:flowmailer List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 31 Aug 2022 07:31:29 -0000 X-Groupsio-URL: https://lists.cip-project.org/g/cip-dev/message/9328 From: Jan Kiszka Allows to drop the meanwhile merged kernel recipe patch. Signed-off-by: Jan Kiszka --- ...ernel-Check-if-CONFIG_MODULES-is-set.patch | 33 ------------------- kas-cip.yml | 6 +--- 2 files changed, 1 insertion(+), 38 deletions(-) delete mode 100644 isar-patches/0001-recipes-kernel-Check-if-CONFIG_MODULES-is-set.patch diff --git a/isar-patches/0001-recipes-kernel-Check-if-CONFIG_MODULES-is-set.patch b/isar-patches/0001-recipes-kernel-Check-if-CONFIG_MODULES-is-set.patch deleted file mode 100644 index d07c36d..0000000 --- a/isar-patches/0001-recipes-kernel-Check-if-CONFIG_MODULES-is-set.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 6ad8f9bb92d3722ff5eb60f09e5ef75ba5febcbd Mon Sep 17 00:00:00 2001 -From: Quirin Gylstorff -Date: Thu, 28 Jul 2022 16:24:16 +0200 -Subject: [PATCH] recipes-kernel: Check if CONFIG_MODULES is set - -This fixes an error during the kernel build with sbuild if -Modules.symvers doesn't exist as find returns 1 if a name -could not be found. - -Signed-off-by: Quirin Gylstorff ---- - meta/recipes-kernel/linux/files/debian/isar/install.tmpl | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/meta/recipes-kernel/linux/files/debian/isar/install.tmpl b/meta/recipes-kernel/linux/files/debian/isar/install.tmpl -index c6b5059..909b01b 100644 ---- a/meta/recipes-kernel/linux/files/debian/isar/install.tmpl -+++ b/meta/recipes-kernel/linux/files/debian/isar/install.tmpl -@@ -173,7 +173,10 @@ kernel_headers() { - (cd ${S}; find arch/${ARCH} -name module.lds -o -name Kbuild.platforms -o -name Platform) >>${src_hdr_files} - (cd ${S}; find $(find arch/${ARCH} -name include -o -name scripts -type d) -type f) >>${src_hdr_files} - -- (cd ${O}; find arch/${ARCH}/include Module.symvers include scripts -type f) >>${obj_hdr_files} -+ if [ -n "${CONFIG_MODULES}" ]; then -+ echo Module.symvers >> ${obj_hdr_files} -+ fi -+ (cd ${O}; find arch/${ARCH}/include include scripts -type f) >>${obj_hdr_files} - if [ -n "${CONFIG_STACK_VALIDATION}" ]; then - (cd ${O}; find tools/objtool -type f -executable) >>${obj_hdr_files} - fi --- -2.35.1 - diff --git a/kas-cip.yml b/kas-cip.yml index 5a43cd1..d005b81 100644 --- a/kas-cip.yml +++ b/kas-cip.yml @@ -22,13 +22,9 @@ repos: isar: url: https://github.com/ilbers/isar.git - refspec: 64c755053d1252d183757b294cf9849fced64799 + refspec: 8dfa97cf6e25a7adec2e02c50c5ef6329f31931b layers: meta: - patches: - fix-hihope-kernel-build: - repo: cip-core - path: isar-patches/0001-recipes-kernel-Check-if-CONFIG_MODULES-is-set.patch bblayers_conf_header: standard: | From patchwork Wed Aug 31 07:31:18 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jan Kiszka X-Patchwork-Id: 12960467 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id C2ECCC3DA6B for ; Wed, 31 Aug 2022 07:36:09 +0000 (UTC) Received: from mta-64-227.siemens.flowmailer.net (mta-64-227.siemens.flowmailer.net [185.136.64.227]) by mx.groups.io with SMTP id smtpd.web12.22621.1661931368547651191 for ; Wed, 31 Aug 2022 00:36:08 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=jan.kiszka@siemens.com header.s=fm1 header.b=hqFpRhUt; spf=pass (domain: rts-flowmailer.siemens.com, ip: 185.136.64.227, mailfrom: fm-294854-202208310731238571d149e96b0e78c5-r9lhfy@rts-flowmailer.siemens.com) Received: by mta-64-227.siemens.flowmailer.net with ESMTPSA id 202208310731238571d149e96b0e78c5 for ; Wed, 31 Aug 2022 09:36:05 +0200 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=fm1; d=siemens.com; i=jan.kiszka@siemens.com; h=Date:From:Subject:To:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding:References:In-Reply-To; bh=LbuQ/cfeDG+vk554zIz5tfQ4VxlyaMVy206zZxq6Grg=; b=hqFpRhUtvnxvQnxdPuUts5xyRAv/vMHjSWBmhc05BJUocMemnYuELdxkTkvZvfUfwYRoIP SK/F9uiql+nDVFL5TtD4PDxNtFKLVvnj41l4N966y+dOhJi3Lj36e1dKP/6Nx+CXEcyOmiBn 571ZAIEzJFLLBiRmK6XgAdFGXYTas=; From: Jan Kiszka To: cip-dev@lists.cip-project.org Subject: [isar-cip-core][PATCH 3/6] linux-cip: Update cip-kernel-config revision Date: Wed, 31 Aug 2022 09:31:18 +0200 Message-Id: In-Reply-To: References: MIME-Version: 1.0 X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-294854:519-21489:flowmailer List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 31 Aug 2022 07:36:09 -0000 X-Groupsio-URL: https://lists.cip-project.org/g/cip-dev/message/9332 From: Jan Kiszka Will allow to use the BeagleBone Black with UEFI-based SWUpdate. Signed-off-by: Jan Kiszka --- recipes-kernel/linux/linux-cip-common.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/recipes-kernel/linux/linux-cip-common.inc b/recipes-kernel/linux/linux-cip-common.inc index 15d8370..9b6cd3b 100644 --- a/recipes-kernel/linux/linux-cip-common.inc +++ b/recipes-kernel/linux/linux-cip-common.inc @@ -23,6 +23,6 @@ SRC_URI_append = " ${@ "git://gitlab.com/cip-project/cip-kernel/cip-kernel-confi if d.getVar('USE_CIP_KERNEL_CONFIG') == '1' else '' \ }" -SRCREV_cip-kernel-config ?= "59f7903d120e529cc26b8e5fd7b13c3bbb632e15" +SRCREV_cip-kernel-config ?= "ce52837418aea714e780e0cbc8afb9515c12cc1b" S = "${WORKDIR}/linux-cip-${PV}" From patchwork Wed Aug 31 07:31:19 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jan Kiszka X-Patchwork-Id: 12960462 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D8FCBC65C0D for ; Wed, 31 Aug 2022 07:31:29 +0000 (UTC) Received: from mta-64-226.siemens.flowmailer.net (mta-64-226.siemens.flowmailer.net [185.136.64.226]) by mx.groups.io with SMTP id smtpd.web08.22387.1661931086467930376 for ; Wed, 31 Aug 2022 00:31:27 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=jan.kiszka@siemens.com header.s=fm1 header.b=DK0FLTWH; spf=pass (domain: rts-flowmailer.siemens.com, ip: 185.136.64.226, mailfrom: fm-294854-202208310731248fe11be5fc7ea2ff36-0k_vaj@rts-flowmailer.siemens.com) Received: by mta-64-226.siemens.flowmailer.net with ESMTPSA id 202208310731248fe11be5fc7ea2ff36 for ; Wed, 31 Aug 2022 09:31:24 +0200 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=fm1; d=siemens.com; i=jan.kiszka@siemens.com; h=Date:From:Subject:To:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding:References:In-Reply-To; bh=GpGO6Yj4dzvnqmnkm5FwliGsDax4RssUYZgTqqk5ICc=; b=DK0FLTWH0pYOu2dAITVj7DcBiwPrdwFfrbpLWgC0ghylkhbTcDSTeq70siGv34wjgicnmX P3k34Jaj/eOmgsTYIfkvze4hCNmW/3B2brYUqKTGSjV88TC5kfteRQ1MF6t0Qjh39QhsmX+S xcsC+ILoEpNnAPjq0V5tBxgTKJkQ0=; From: Jan Kiszka To: cip-dev@lists.cip-project.org Subject: [isar-cip-core][PATCH 4/6] u-boot-bbb: Switch BeagleBone Black to self-built U-Boot Date: Wed, 31 Aug 2022 09:31:19 +0200 Message-Id: <9c95ca26dbeb8dc1a8bdf377433e5dd94991d049.1661931081.git.jan.kiszka@siemens.com> In-Reply-To: References: MIME-Version: 1.0 X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-294854:519-21489:flowmailer List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 31 Aug 2022 07:31:29 -0000 X-Groupsio-URL: https://lists.cip-project.org/g/cip-dev/message/9329 From: Jan Kiszka This will allow to boot via UEFI and use EFI Boot Guard and our standard SWUpdate mode. Signed-off-by: Jan Kiszka --- conf/machine/bbb.conf | 5 +++- recipes-bsp/u-boot/u-boot-bbb_2022.07.bb | 22 ++++++++++++++++ ...boot-qemu-common.inc => u-boot-common.inc} | 11 -------- recipes-bsp/u-boot/u-boot-qemu-common.inc | 26 +------------------ wic/bbb.wks | 4 +-- 5 files changed, 29 insertions(+), 39 deletions(-) create mode 100644 recipes-bsp/u-boot/u-boot-bbb_2022.07.bb copy recipes-bsp/u-boot/{u-boot-qemu-common.inc => u-boot-common.inc} (75%) diff --git a/conf/machine/bbb.conf b/conf/machine/bbb.conf index 01206cc..eaec5a3 100644 --- a/conf/machine/bbb.conf +++ b/conf/machine/bbb.conf @@ -10,9 +10,12 @@ DISTRO_ARCH = "armhf" DTB_FILES = "am335x-boneblack.dtb" IMAGE_FSTYPES ?= "wic" -IMAGER_INSTALL += "u-boot-omap" +IMAGER_INSTALL += "u-boot-bbb" +IMAGER_BUILD_DEPS += "u-boot-bbb" IMAGE_INSTALL += "u-boot-script" USE_CIP_KERNEL_CONFIG = "1" KERNEL_DEFCONFIG = "cip-kernel-config/${KERNEL_DEFCONFIG_VERSION}/arm/cip_bbb_defconfig" + +PREFERRED_PROVIDER_u-boot-${MACHINE} = "u-boot-bbb" diff --git a/recipes-bsp/u-boot/u-boot-bbb_2022.07.bb b/recipes-bsp/u-boot/u-boot-bbb_2022.07.bb new file mode 100644 index 0000000..3be09dc --- /dev/null +++ b/recipes-bsp/u-boot/u-boot-bbb_2022.07.bb @@ -0,0 +1,22 @@ +# +# CIP Core, generic profile +# +# Copyright (c) Siemens AG, 2022 +# +# Authors: +# Jan Kiszka +# +# SPDX-License-Identifier: MIT +# + +require u-boot-common.inc + +U_BOOT_CONFIG = "am335x_evm_defconfig" +U_BOOT_BIN = "all" + +EFI_ARCH = "arm" + +do_prepare_build_append() { + echo "MLO u-boot.img /usr/lib/u-boot/${MACHINE}" > \ + ${S}/debian/u-boot-${MACHINE}.install +} diff --git a/recipes-bsp/u-boot/u-boot-qemu-common.inc b/recipes-bsp/u-boot/u-boot-common.inc similarity index 75% copy from recipes-bsp/u-boot/u-boot-qemu-common.inc copy to recipes-bsp/u-boot/u-boot-common.inc index 2bb9ac0..60f0da3 100644 --- a/recipes-bsp/u-boot/u-boot-qemu-common.inc +++ b/recipes-bsp/u-boot/u-boot-common.inc @@ -27,8 +27,6 @@ DEBIAN_BUILD_DEPENDS_append_secureboot = ", \ openssl, pesign, secure-boot-secrets, python3-openssl:native" DEPENDS_append_secureboot = " secure-boot-secrets" -U_BOOT_BIN = "u-boot.bin" - TEMPLATE_FILES_append_secureboot = " secure-boot.cfg.tmpl" TEMPLATE_VARS_append_secureboot = " EFI_ARCH" @@ -36,12 +34,3 @@ do_prepare_build_append_secureboot() { sed -ni '/### Secure boot config/q;p' ${S}/configs/${U_BOOT_CONFIG} cat ${WORKDIR}/secure-boot.cfg >> ${S}/configs/${U_BOOT_CONFIG} } - -do_deploy[dirs] = "${DEPLOY_DIR_IMAGE}" -do_deploy() { - dpkg --fsys-tarfile "${WORKDIR}/u-boot-${MACHINE}_${PV}_${DISTRO_ARCH}.deb" | \ - tar xOf - "./usr/lib/u-boot/${MACHINE}/${U_BOOT_BIN}" \ - > "${DEPLOY_DIR_IMAGE}/firmware.bin" -} - -addtask deploy after do_dpkg_build before do_deploy_deb diff --git a/recipes-bsp/u-boot/u-boot-qemu-common.inc b/recipes-bsp/u-boot/u-boot-qemu-common.inc index 2bb9ac0..0a9a15a 100644 --- a/recipes-bsp/u-boot/u-boot-qemu-common.inc +++ b/recipes-bsp/u-boot/u-boot-qemu-common.inc @@ -9,34 +9,10 @@ # SPDX-License-Identifier: MIT # -require recipes-bsp/u-boot/u-boot-custom.inc - -SRC_URI += " \ - https://ftp.denx.de/pub/u-boot/u-boot-${PV}.tar.bz2 \ - file://rules.tmpl;subdir=debian" -SRC_URI[sha256sum] = "92b08eb49c24da14c1adbf70a71ae8f37cc53eeb4230e859ad8b6733d13dcf5e" - -SRC_URI_append_secureboot = " \ - file://secure-boot.cfg.tmpl" - -S = "${WORKDIR}/u-boot-${PV}" - -DEBIAN_BUILD_DEPENDS += ", libssl-dev:native, libssl-dev:${DISTRO_ARCH}" - -DEBIAN_BUILD_DEPENDS_append_secureboot = ", \ - openssl, pesign, secure-boot-secrets, python3-openssl:native" -DEPENDS_append_secureboot = " secure-boot-secrets" +require recipes-bsp/u-boot/u-boot-common.inc U_BOOT_BIN = "u-boot.bin" -TEMPLATE_FILES_append_secureboot = " secure-boot.cfg.tmpl" -TEMPLATE_VARS_append_secureboot = " EFI_ARCH" - -do_prepare_build_append_secureboot() { - sed -ni '/### Secure boot config/q;p' ${S}/configs/${U_BOOT_CONFIG} - cat ${WORKDIR}/secure-boot.cfg >> ${S}/configs/${U_BOOT_CONFIG} -} - do_deploy[dirs] = "${DEPLOY_DIR_IMAGE}" do_deploy() { dpkg --fsys-tarfile "${WORKDIR}/u-boot-${MACHINE}_${PV}_${DISTRO_ARCH}.deb" | \ diff --git a/wic/bbb.wks b/wic/bbb.wks index 2822ce7..6131c78 100644 --- a/wic/bbb.wks +++ b/wic/bbb.wks @@ -6,8 +6,8 @@ # SPDX-License-Identifier: MIT # -part --source rawcopy --sourceparams "file=/usr/lib/u-boot/am335x_boneblack/MLO" --no-table --align 128 -part --source rawcopy --sourceparams "file=/usr/lib/u-boot/am335x_boneblack/u-boot.img" --no-table --align 384 +part --source rawcopy --sourceparams "file=/usr/lib/u-boot/bbb/MLO" --no-table --align 128 +part --source rawcopy --sourceparams "file=/usr/lib/u-boot/bbb/u-boot.img" --no-table --align 384 part / --source rootfs-u-boot --ondisk mmcblk0 --fstype ext4 --mkfs-extraopts "-T default" --label platform --align 1024 --active From patchwork Wed Aug 31 07:31:20 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jan Kiszka X-Patchwork-Id: 12960466 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id C02AEECAAD4 for ; Wed, 31 Aug 2022 07:36:09 +0000 (UTC) Received: from mta-65-225.siemens.flowmailer.net (mta-65-225.siemens.flowmailer.net [185.136.65.225]) by mx.groups.io with SMTP id smtpd.web11.22725.1661931368104827723 for ; Wed, 31 Aug 2022 00:36:09 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=jan.kiszka@siemens.com header.s=fm1 header.b=bv7Zsuzk; spf=pass (domain: rts-flowmailer.siemens.com, ip: 185.136.65.225, mailfrom: fm-294854-2022083107312483c17e78b2bddfc950-rd3lt9@rts-flowmailer.siemens.com) Received: by mta-65-225.siemens.flowmailer.net with ESMTPSA id 2022083107312483c17e78b2bddfc950 for ; Wed, 31 Aug 2022 09:36:06 +0200 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=fm1; d=siemens.com; i=jan.kiszka@siemens.com; h=Date:From:Subject:To:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding:References:In-Reply-To; bh=GbszdSrOuvVrIMi0+MYxuwahDUoLUZNTuSCDh7yIsVY=; b=bv7ZsuzkEQYLI1MzX8HKiwU5y1cPk2B5tpM0EJj6F4x10va07WW4onNxn5xzuHDtbXxpNL o8iiUjjF5oOy4qv8dvzIacGr9xYH7p3gj/vreuZu8cWoKZDadsSk2PrKVlmvEZn1PVjfvFuT bWqxuBib5lSrVAGOw2mSniGxlgmtg=; From: Jan Kiszka To: cip-dev@lists.cip-project.org Subject: [isar-cip-core][PATCH 5/6] swupdate: Drop u-boot-script from EFI Boot Guard images Date: Wed, 31 Aug 2022 09:31:20 +0200 Message-Id: In-Reply-To: References: MIME-Version: 1.0 X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-294854:519-21489:flowmailer List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 31 Aug 2022 07:36:09 -0000 X-Groupsio-URL: https://lists.cip-project.org/g/cip-dev/message/9333 From: Jan Kiszka This package is used for legacy distro boot via U-Boot, but that is not needed/used when UEFI is activated. Make sure the package is not installed, even if a machine config pulled it in. Signed-off-by: Jan Kiszka --- kas/opt/ebg-swu.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/kas/opt/ebg-swu.yml b/kas/opt/ebg-swu.yml index e0bbe2e..8b3ffec 100644 --- a/kas/opt/ebg-swu.yml +++ b/kas/opt/ebg-swu.yml @@ -18,6 +18,7 @@ local_conf_header: ebg_swu_bootloader: | WKS_FILE ?= "${MACHINE}-efibootguard.wks.in" SWUPDATE_BOOTLOADER = "efibootguard" + IMAGE_INSTALL_remove = "u-boot-script" ebg_swu_image_options: | CIP_IMAGE_OPTIONS_append = " efibootguard.inc image-uuid.inc" initramfs: | From patchwork Wed Aug 31 07:31:21 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jan Kiszka X-Patchwork-Id: 12960460 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id C022AC64991 for ; Wed, 31 Aug 2022 07:31:29 +0000 (UTC) Received: from mta-64-225.siemens.flowmailer.net (mta-64-225.siemens.flowmailer.net [185.136.64.225]) by mx.groups.io with SMTP id smtpd.web12.22583.1661931086804511377 for ; Wed, 31 Aug 2022 00:31:27 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=jan.kiszka@siemens.com header.s=fm1 header.b=LoF694yh; spf=pass (domain: rts-flowmailer.siemens.com, ip: 185.136.64.225, mailfrom: fm-294854-202208310731240c03233d5300afb99b-phjr_m@rts-flowmailer.siemens.com) Received: by mta-64-225.siemens.flowmailer.net with ESMTPSA id 202208310731240c03233d5300afb99b for ; Wed, 31 Aug 2022 09:31:24 +0200 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=fm1; d=siemens.com; i=jan.kiszka@siemens.com; h=Date:From:Subject:To:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding:References:In-Reply-To; bh=13+PIAm3CPw/Cq9H2UhWE1U3soBq3wnkXk5PuU0PODU=; b=LoF694yhj7SKJlHslTjTpuqgs4uHmOfpovca7ePqiwEaSI+3v+2Iu6hBMSVBx+WBfpZMaK QpEkNkmGbgffwQvCdGAM/IgNI56PV3zw81mVwh4c7i1I62UOSjWsejtj3z79kfJMnYwsYKr7 aail7BeBzctP87utW6GEHc87KPY/4=; From: Jan Kiszka To: cip-dev@lists.cip-project.org Subject: [isar-cip-core][PATCH 6/6] Enable BeagleBone Black images with A/B SWUpdate support Date: Wed, 31 Aug 2022 09:31:21 +0200 Message-Id: In-Reply-To: References: MIME-Version: 1.0 X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-294854:519-21489:flowmailer List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 31 Aug 2022 07:31:29 -0000 X-Groupsio-URL: https://lists.cip-project.org/g/cip-dev/message/9330 From: Jan Kiszka We only needs to add the related wks file and configure the EBG watchdog timeout to 0, and then also this target can gain support for A/B rootfs SWUpdate with EFI Boot Guard as switcher. Note that some extra kernel parameters are needed so that the omap_wdt is properly taken over by the kernel from U-Boot but without petting it too early during boot. This must only be done once userspace open the device and signals real system readiness. Signed-off-by: Jan Kiszka --- Kconfig | 2 +- conf/machine/bbb.conf | 3 +++ wic/bbb-efibootguard.wks.in | 21 +++++++++++++++++++++ 3 files changed, 25 insertions(+), 1 deletion(-) create mode 100644 wic/bbb-efibootguard.wks.in diff --git a/Kconfig b/Kconfig index c63000b..d87e0a6 100644 --- a/Kconfig +++ b/Kconfig @@ -132,7 +132,7 @@ if IMAGE_FLASH && !KERNEL_4_4 && !KERNEL_4_19 config IMAGE_SWUPDATE bool "SWUpdate support for root partition" - depends on TARGET_QEMU_AMD64 || TARGET_SIMATIC_IPC227E || TARGET_QEMU_ARM64 || TARGET_QEMU_ARM + depends on TARGET_QEMU_AMD64 || TARGET_SIMATIC_IPC227E || TARGET_QEMU_ARM64 || TARGET_QEMU_ARM || TARGET_BBB config IMAGE_SECURE_BOOT bool "Secure boot support" diff --git a/conf/machine/bbb.conf b/conf/machine/bbb.conf index eaec5a3..c8b4aaa 100644 --- a/conf/machine/bbb.conf +++ b/conf/machine/bbb.conf @@ -18,4 +18,7 @@ IMAGE_INSTALL += "u-boot-script" USE_CIP_KERNEL_CONFIG = "1" KERNEL_DEFCONFIG = "cip-kernel-config/${KERNEL_DEFCONFIG_VERSION}/arm/cip_bbb_defconfig" +# for SWUpdate setups: watchdog is configured in U-Boot +WDOG_TIMEOUT = "0" + PREFERRED_PROVIDER_u-boot-${MACHINE} = "u-boot-bbb" diff --git a/wic/bbb-efibootguard.wks.in b/wic/bbb-efibootguard.wks.in new file mode 100644 index 0000000..e48cc7f --- /dev/null +++ b/wic/bbb-efibootguard.wks.in @@ -0,0 +1,21 @@ +# +# CIP Core, generic profile +# +# Copyright (c) Siemens AG, 2019-2022 +# +# SPDX-License-Identifier: MIT +# + +part --source rawcopy --sourceparams "file=/usr/lib/u-boot/bbb/MLO" --no-table --align 128 +part --source rawcopy --sourceparams "file=/usr/lib/u-boot/bbb/u-boot.img" --no-table --align 384 + +include ebg-sysparts.inc + +part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.squashfs" --align 1024 --fixed-size 1G --uuid "fedcba98-7654-3210-cafe-5e0710000001" +part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.squashfs" --align 1024 --fixed-size 1G --uuid "fedcba98-7654-3210-cafe-5e0710000002" + +# home and var are extra partitions +part /home --source rootfs --rootfs-dir=${IMAGE_ROOTFS}/home --fstype=ext4 --label home --align 1024 --size 1G +part /var --source rootfs --rootfs-dir=${IMAGE_ROOTFS}/var --fstype=ext4 --label var --align 1024 --size 2G + +bootloader --ptable gpt --append="rootwait console=ttyO0,115200 omap_wdt.early_enable=1 omap_wdt.nowayout=1 watchdog.handle_boot_enabled=0"