From patchwork Fri Jan 31 15:25:29 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Quirin Gylstorff <Quirin.Gylstorff@siemens.com>
X-Patchwork-Id: 13955461
Return-Path: <quirin.gylstorff@siemens.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 0A2B4C02190
	for <webhook@archiver.kernel.org>; Fri, 31 Jan 2025 15:26:02 +0000 (UTC)
Received: from mta-64-226.siemens.flowmailer.net
 (mta-64-226.siemens.flowmailer.net [185.136.64.226])
 by mx.groups.io with SMTP id smtpd.web10.21721.1738337157476519664
 for <cip-dev@lists.cip-project.org>;
 Fri, 31 Jan 2025 07:25:58 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=Quirin.Gylstorff@siemens.com header.s=fm2
 header.b=OuuUNzwz;
 spf=pass (domain: rts-flowmailer.siemens.com, ip: 185.136.64.226,
 mailfrom:
 fm-51332-20250131152554378cd7791c192b318f-vmkyrw@rts-flowmailer.siemens.com)
Received: by mta-64-226.siemens.flowmailer.net with ESMTPSA id
 20250131152554378cd7791c192b318f
        for <cip-dev@lists.cip-project.org>;
        Fri, 31 Jan 2025 16:25:54 +0100
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=fm2;
 d=siemens.com; i=Quirin.Gylstorff@siemens.com;
 h=Date:From:Subject:To:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding:References:In-Reply-To;
 bh=q1zWE6tQZEt1WfmdLU6EFPAps4Wd+/Sgb61nB+1kGQs=;
 b=OuuUNzwz1alzZeiMEYyDqNcLqU7lN9n4oSqTVgHz4HRwtGCuBZOPsxvEpcVa8pzTLMBp0g
 ecB9ui3vkbC7YAQ/PQORfkMwQ7FBw/O0Z3gcR4Uj85lfE1qiSaSfKzpNCyx/oo4VPHhvnPZh
 8GBTPsmittUgqU6lgkbXPuZSbmwspyVuXc3WSg/HmoVw0SXZRJsTqzM0FjYQJUdVd9BecI+R
 QJRnlaedguQIZBZSRxx12u5KjDltBzFgBw/Xtj0dbK0vJ9nsKQrbHW/49rgUv35A8FU1UDzE
 ztHi1QLKjBlHynTXiM0EulrHf4sqGgri8T8a7SlAhK8OHDdt4duAeW7g==;
From: Quirin Gylstorff <Quirin.Gylstorff@siemens.com>
To: Sai.Sathujoda@toshiba-tsip.com,
	jan.kiszka@siemens.com,
	cip-dev@lists.cip-project.org
Subject: [cip-dev][isar-cip-core][PATCH v3 1/4] build x86-uefi with secure
 boot
Date: Fri, 31 Jan 2025 16:25:29 +0100
Message-ID: <20250131152553.270393-2-Quirin.Gylstorff@siemens.com>
In-Reply-To: <20250131152553.270393-1-Quirin.Gylstorff@siemens.com>
References: <20250131152553.270393-1-Quirin.Gylstorff@siemens.com>
MIME-Version: 1.0
X-Flowmailer-Platform: Siemens
Feedback-ID: 519:519-51332:519-21489:flowmailer
List-Id: <cip-dev.lists.cip-project.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <cip-dev@lists.cip-project.org>; Fri, 31 Jan 2025 15:26:02 -0000
X-Groupsio-URL: https://lists.cip-project.org/g/cip-dev/message/17721

From: Quirin Gylstorff <quirin.gylstorff@siemens.com>

Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
---
 .gitlab-ci.yml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index d4bd283..c44cf8e 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -241,6 +241,15 @@ build:qemu-amd64-secure-boot-encrypt:
     deploy: disable
     encrypt: enable
 
+build:x86-uefi-secure-boot:
+  extends:
+    - .build_base
+  variables:
+    target: x86-uefi
+    extension: security
+    use_rt: disable
+    targz: disable
+
 build:qemu-amd64-swupdate:
   extends:
     - .build_base

From patchwork Fri Jan 31 15:25:30 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Quirin Gylstorff <Quirin.Gylstorff@siemens.com>
X-Patchwork-Id: 13955459
Return-Path: <quirin.gylstorff@siemens.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 26F04C02197
	for <webhook@archiver.kernel.org>; Fri, 31 Jan 2025 15:26:02 +0000 (UTC)
Received: from mta-64-228.siemens.flowmailer.net
 (mta-64-228.siemens.flowmailer.net [185.136.64.228])
 by mx.groups.io with SMTP id smtpd.web11.21433.1738337157618820253
 for <cip-dev@lists.cip-project.org>;
 Fri, 31 Jan 2025 07:25:58 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=Quirin.Gylstorff@siemens.com header.s=fm2
 header.b=eP5fHp89;
 spf=pass (domain: rts-flowmailer.siemens.com, ip: 185.136.64.228,
 mailfrom:
 fm-51332-20250131152554cd99033b46a12a5b9c-_zrnso@rts-flowmailer.siemens.com)
Received: by mta-64-228.siemens.flowmailer.net with ESMTPSA id
 20250131152554cd99033b46a12a5b9c
        for <cip-dev@lists.cip-project.org>;
        Fri, 31 Jan 2025 16:25:54 +0100
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=fm2;
 d=siemens.com; i=Quirin.Gylstorff@siemens.com;
 h=Date:From:Subject:To:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding:References:In-Reply-To;
 bh=Q+S201mhAEUPBZfjACdSvJT0NeD5q36GsHomf3PUBE4=;
 b=eP5fHp89sf5yIfQVwK9qy6rYTKptAWrvm7M+yOKPkJ3PtGZ133it8nNX1tfGh1s9HKBIIx
 361FTQcY+B2iyTuqOpvgHJLeseEg6DP6gRCnhUtOertQExn4gy0zTrmgO5rCGLbXZK97xHi1
 Sa3jjUjFiSl50YBY5SsBjNceDqJfX3AeK+lXuWVzcuNkRwbofBDv/S6k2PuEy1aeT2EgxBdy
 gJl6oMcFFxecJUMPsVoYjhzNpsJtbXwyDDboEn0p48vd5EwL0NylYxNFXwRxCIGPYXOrGNap
 cyIs6JXzdNQ/Rzrex7yGcThXI8/4MdBDIcOBbmthpfl13gLwYPHV9HHw==;
From: Quirin Gylstorff <Quirin.Gylstorff@siemens.com>
To: Sai.Sathujoda@toshiba-tsip.com,
	jan.kiszka@siemens.com,
	cip-dev@lists.cip-project.org
Subject: [cip-dev][isar-cip-core][PATCH v3 2/4] x86-uefi: disable watchdog for
 testing on mcom
Date: Fri, 31 Jan 2025 16:25:30 +0100
Message-ID: <20250131152553.270393-3-Quirin.Gylstorff@siemens.com>
In-Reply-To: <20250131152553.270393-1-Quirin.Gylstorff@siemens.com>
References: <20250131152553.270393-1-Quirin.Gylstorff@siemens.com>
MIME-Version: 1.0
X-Flowmailer-Platform: Siemens
Feedback-ID: 519:519-51332:519-21489:flowmailer
List-Id: <cip-dev.lists.cip-project.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <cip-dev@lists.cip-project.org>; Fri, 31 Jan 2025 15:26:02 -0000
X-Groupsio-URL: https://lists.cip-project.org/g/cip-dev/message/17722

From: Quirin Gylstorff <quirin.gylstorff@siemens.com>

Due to the multiple watchdogs available on the mcom
device efibootguard select the iTCO watchdog and the
Linux kernel selects the WDAT watchdog which leads to
an system reboot during booting as the Linux kernel no
longer drives the iTCO watchdog.

Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
---
 .gitlab-ci.yml               |  2 ++
 kas/opt/disable-watchdog.yml | 15 +++++++++++++++
 2 files changed, 17 insertions(+)
 create mode 100644 kas/opt/disable-watchdog.yml

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index c44cf8e..dd4baf4 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -64,6 +64,7 @@ default:
     - if [ "${release}" = "bookworm" ]; then base_yaml="${base_yaml}:kas/opt/bookworm.yml"; fi
     - if [ "${release}" = "trixie" ]; then base_yaml="${base_yaml}:kas/opt/trixie.yml"; fi
     - if [ "${encrypt}" = "enable" ]; then base_yaml="${base_yaml}:kas/opt/encrypt-data.yml"; fi
+    - if [ "${watchdog}" = "disable" ]; then base_yaml="${base_yaml}:kas/opt/disable-watchdog.yml"; fi
     - if [ "${swupdate_version}" = "2022.12" ]; then base_yaml="${base_yaml}:kas/opt/swupdate-2022.12.yaml"; fi
     - echo "Building ${base_yaml}"
     - kas build ${base_yaml}
@@ -249,6 +250,7 @@ build:x86-uefi-secure-boot:
     extension: security
     use_rt: disable
     targz: disable
+    watchdog: disable
 
 build:qemu-amd64-swupdate:
   extends:
diff --git a/kas/opt/disable-watchdog.yml b/kas/opt/disable-watchdog.yml
new file mode 100644
index 0000000..88ece6b
--- /dev/null
+++ b/kas/opt/disable-watchdog.yml
@@ -0,0 +1,15 @@
+#
+# Copyright (c) Siemens AG, 2025
+#
+# Authors:
+#  Quirin Gylstorff <quirin.gylstorff@siemens.com>
+#
+# SPDX-License-Identifier: MIT
+#
+
+header:
+  version: 14
+
+local_conf_header:
+  no-watchdog: |
+    WDOG_TIMEOUT = "0"

From patchwork Fri Jan 31 15:25:31 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Quirin Gylstorff <Quirin.Gylstorff@siemens.com>
X-Patchwork-Id: 13955462
Return-Path: <quirin.gylstorff@siemens.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 191BDC02195
	for <webhook@archiver.kernel.org>; Fri, 31 Jan 2025 15:26:02 +0000 (UTC)
Received: from mta-65-225.siemens.flowmailer.net
 (mta-65-225.siemens.flowmailer.net [185.136.65.225])
 by mx.groups.io with SMTP id smtpd.web10.21722.1738337157648893459
 for <cip-dev@lists.cip-project.org>;
 Fri, 31 Jan 2025 07:25:58 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=Quirin.Gylstorff@siemens.com header.s=fm2
 header.b=eE87hSPY;
 spf=pass (domain: rts-flowmailer.siemens.com, ip: 185.136.65.225,
 mailfrom:
 fm-51332-202501311525554b169568640a7df8a6-gtlxgx@rts-flowmailer.siemens.com)
Received: by mta-65-225.siemens.flowmailer.net with ESMTPSA id
 202501311525554b169568640a7df8a6
        for <cip-dev@lists.cip-project.org>;
        Fri, 31 Jan 2025 16:25:55 +0100
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=fm2;
 d=siemens.com; i=Quirin.Gylstorff@siemens.com;
 h=Date:From:Subject:To:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding:References:In-Reply-To;
 bh=VQXw2y3wgX1JgxqxQxeP6u9MfJMpuHHj4DjA5K3VSu4=;
 b=eE87hSPYz6emueDHPiKtmwG0YPdph3YbSXdJXEW65HEM+fzwC46qsS4UFO5OJLhi3Gnwr2
 oQT6ERH132F76RAMhmhi1IZd6tqbg5Rgvc1ahNA/P6E5faq34gDUIpWUiUHi2WNxz5OQ1SSP
 TZK/Fgagix5VR6eet/N50AiXjzp4XvR8xyPfr2PLcPwE37CPi7XOzsIM1cuU157JbqBtSQ8A
 xrwxeQPPsXHljYV8Eelm1T3ZbGkRn92q19zTpeS/5CZr8cfHw6g4toReSJn4Jeuk8GrR5urH
 DWMTQyYnUs4dXAsqDh6C+5HCyDwYTkLtsZKGwWyduErT5PTtLJvv9fVQ==;
From: Quirin Gylstorff <Quirin.Gylstorff@siemens.com>
To: Sai.Sathujoda@toshiba-tsip.com,
	jan.kiszka@siemens.com,
	cip-dev@lists.cip-project.org
Subject: [cip-dev][isar-cip-core][PATCH v3 3/4] kas/opt: add new option for
 security testing
Date: Fri, 31 Jan 2025 16:25:31 +0100
Message-ID: <20250131152553.270393-4-Quirin.Gylstorff@siemens.com>
In-Reply-To: <20250131152553.270393-1-Quirin.Gylstorff@siemens.com>
References: <20250131152553.270393-1-Quirin.Gylstorff@siemens.com>
MIME-Version: 1.0
X-Flowmailer-Platform: Siemens
Feedback-ID: 519:519-51332:519-21489:flowmailer
List-Id: <cip-dev.lists.cip-project.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <cip-dev@lists.cip-project.org>; Fri, 31 Jan 2025 15:26:02 -0000
X-Groupsio-URL: https://lists.cip-project.org/g/cip-dev/message/17723

From: Quirin Gylstorff <quirin.gylstorff@siemens.com>

Lava generates an directory, in LAVA called overlay, which contains
all scripts and tests of the test stage. The Device-under-test
needs to be instrumented with with this overlay.  LAVA provides the
possibility to download the overlay via http or NFS. We use curl
to download to the overlay from a http server.

Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
---
 .gitlab-ci.yml            |  2 ++
 kas/opt/security_test.yml | 16 ++++++++++++++++
 2 files changed, 18 insertions(+)
 create mode 100644 kas/opt/security_test.yml

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index dd4baf4..d7055f2 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -65,6 +65,7 @@ default:
     - if [ "${release}" = "trixie" ]; then base_yaml="${base_yaml}:kas/opt/trixie.yml"; fi
     - if [ "${encrypt}" = "enable" ]; then base_yaml="${base_yaml}:kas/opt/encrypt-data.yml"; fi
     - if [ "${watchdog}" = "disable" ]; then base_yaml="${base_yaml}:kas/opt/disable-watchdog.yml"; fi
+    - if [ "${security_test}" = "enable" ]; then base_yaml="${base_yaml}:kas/opt/security_test.yml"; fi
     - if [ "${swupdate_version}" = "2022.12" ]; then base_yaml="${base_yaml}:kas/opt/swupdate-2022.12.yaml"; fi
     - echo "Building ${base_yaml}"
     - kas build ${base_yaml}
@@ -251,6 +252,7 @@ build:x86-uefi-secure-boot:
     use_rt: disable
     targz: disable
     watchdog: disable
+    security_test: enable
 
 build:qemu-amd64-swupdate:
   extends:
diff --git a/kas/opt/security_test.yml b/kas/opt/security_test.yml
new file mode 100644
index 0000000..73d22eb
--- /dev/null
+++ b/kas/opt/security_test.yml
@@ -0,0 +1,16 @@
+#
+# Copyright (c) Siemens AG, 2025
+#
+# Authors:
+#  Quirin Gylstorff <quirin.gylstorff@siemens.com>
+#
+# SPDX-License-Identifier: MIT
+#
+
+header:
+  version: 14
+
+local_conf_header:
+  lava-testing-add-curl: |
+    IMAGE_PREINSTALL += "curl"
+

From patchwork Fri Jan 31 15:25:32 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Quirin Gylstorff <Quirin.Gylstorff@siemens.com>
X-Patchwork-Id: 13955463
Return-Path: <quirin.gylstorff@siemens.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 13E7EC02196
	for <webhook@archiver.kernel.org>; Fri, 31 Jan 2025 15:26:02 +0000 (UTC)
Received: from mta-64-226.siemens.flowmailer.net
 (mta-64-226.siemens.flowmailer.net [185.136.64.226])
 by mx.groups.io with SMTP id smtpd.web11.21432.1738337157534066047
 for <cip-dev@lists.cip-project.org>;
 Fri, 31 Jan 2025 07:25:58 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=Quirin.Gylstorff@siemens.com header.s=fm2
 header.b=YsP3Q71S;
 spf=pass (domain: rts-flowmailer.siemens.com, ip: 185.136.64.226,
 mailfrom:
 fm-51332-20250131152555f6dc902eb78023d794-a9elyf@rts-flowmailer.siemens.com)
Received: by mta-64-226.siemens.flowmailer.net with ESMTPSA id
 20250131152555f6dc902eb78023d794
        for <cip-dev@lists.cip-project.org>;
        Fri, 31 Jan 2025 16:25:55 +0100
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=fm2;
 d=siemens.com; i=Quirin.Gylstorff@siemens.com;
 h=Date:From:Subject:To:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding:References:In-Reply-To;
 bh=kvBxFGNKavrI+wbyUNiG7zXSi5d1HhnJXlbwN9o04S8=;
 b=YsP3Q71S94xP0w0WsKXvEQn5fE/zSCCfdVK8xaey0WV+r40O74SEmRACpBWvxPB1Ow51/q
 n/WSqO28ICpvxaZclT5IpRi29wlZA4xfWD0FUse1dFpnj3EAJpWA5ImN72onPd4etEngyDJX
 KwqibatLYlKWFuQ8YEFJNxMpeUnqJoLZPa3RSlIeODQGUjEhBxUCj02I7gJ8xcs5/3us34Ly
 eWg3X9QHJDzZZV68haQVOEnFckKkSSSV1zRPHwyciM5t4KTVpGz49UUudD3yP+FIItglPn/V
 Vy8f9sWy7KHudra0eGOotSMxqP8hl5SZVfPZhixD3xkelH2kmLJSa6Xg==;
From: Quirin Gylstorff <Quirin.Gylstorff@siemens.com>
To: Sai.Sathujoda@toshiba-tsip.com,
	jan.kiszka@siemens.com,
	cip-dev@lists.cip-project.org
Subject: [cip-dev][isar-cip-core][PATCH v3 4/4] .gitlab-ci.yml: Remove unused
 build jobs
Date: Fri, 31 Jan 2025 16:25:32 +0100
Message-ID: <20250131152553.270393-5-Quirin.Gylstorff@siemens.com>
In-Reply-To: <20250131152553.270393-1-Quirin.Gylstorff@siemens.com>
References: <20250131152553.270393-1-Quirin.Gylstorff@siemens.com>
MIME-Version: 1.0
X-Flowmailer-Platform: Siemens
Feedback-ID: 519:519-51332:519-21489:flowmailer
List-Id: <cip-dev.lists.cip-project.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <cip-dev@lists.cip-project.org>; Fri, 31 Jan 2025 15:26:02 -0000
X-Groupsio-URL: https://lists.cip-project.org/g/cip-dev/message/17725

From: Quirin Gylstorff <quirin.gylstorff@siemens.com>

These jobs are not used for further testing. qemu-<arch>-base
builds similar targets as the used security extensions contains
secure boot and disk encryption.

Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
---
 .gitlab-ci.yml | 44 --------------------------------------------
 1 file changed, 44 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index d7055f2..36f14db 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -221,28 +221,6 @@ build:qemu-arm-test:
     target:  qemu-arm
     extension: test
 
-# secure boot images
-build:qemu-amd64-secure-boot:
-  extends:
-    - .build_base
-  variables:
-    target: qemu-amd64
-    extension: ebg-secure-boot-snakeoil
-    use_rt: disable
-    targz: disable
-    deploy: disable
-
-build:qemu-amd64-secure-boot-encrypt:
-  extends:
-    - .build_base
-  variables:
-    target: qemu-amd64
-    extension: ebg-secure-boot-snakeoil
-    use_rt: disable
-    targz: disable
-    deploy: disable
-    encrypt: enable
-
 build:x86-uefi-secure-boot:
   extends:
     - .build_base
@@ -264,28 +242,6 @@ build:qemu-amd64-swupdate:
     targz: disable
     deploy: disable
 
-# secure boot images arm64
-build:qemu-arm64-secure-boot:
-  extends:
-    - .build_base
-  variables:
-    target: qemu-arm64
-    extension: ebg-secure-boot-snakeoil
-    use_rt: disable
-    targz: disable
-    deploy: disable
-
-# secure boot images arm
-build:qemu-arm-secure-boot:
-  extends:
-    - .build_base
-  variables:
-    target: qemu-arm
-    extension: ebg-secure-boot-snakeoil
-    use_rt: disable
-    targz: disable
-    deploy: disable
-
 # bullseye images
 build:iwg20m-bullseye:
   extends: