OE-Core rev: fd1c26ab426c3699ffd8082b83d65a84c8eb8bff added an
additional parameter, tmpfsdir, to the API. This caused testimage to no
longer work in meta-zephyr. Add that parameter and everything is happy
now.

Signed-off-by: Jon Mason <jon.mason@...>
---
lib/oeqa/controllers/zephyrtargetcontrol.py | 6 +++---
lib/oeqa/utils/qemuzephyrrunner.py | 8 ++++++--
2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/lib/oeqa/controllers/zephyrtargetcontrol.py b/lib/oeqa/controllers/zephyrtargetcontrol.py
index 8e94cb53673d..1dd7fd22543f 100644
--- a/lib/oeqa/controllers/zephyrtargetcontrol.py
+++ b/lib/oeqa/controllers/zephyrtargetcontrol.py
@@ -14,8 +14,8 @@ class QemuTargetZephyr(OETarget):
def __init__(self, logger, ip, server_ip,
machine='', rootfs='', tmpdir ='',dir_image ='',display=None,
kernel='',boottime=60,bootlog='',kvm=False,slirp=False,
- dump_dir='',serial_ports=0,ovmf=None,target_modules_path='',powercontrol_cmd='',powercontrol_extra_args='',
- serialcontrol_cmd=None,serialcontrol_extra_args='',testimage_dump_target='' ):
+ dump_dir='',serial_ports=0,ovmf=None,tmpfsdir='' ,target_modules_path='',powercontrol_cmd='',powercontrol_extra_args='',
+ serialcontrol_cmd=None,serialcontrol_extra_args='',testimage_dump_target=''):

timeout = 300
user = 'root'
@@ -48,7 +48,7 @@ class QemuTargetZephyr(OETarget):
logfile=self.qemulog, boottime=boottime,
use_kvm=kvm, dump_dir=dump_dir,
dump_host_cmds=dump_host_cmds,
- logger = logger)
+ logger = logger, tmpfsdir=tmpfsdir)


def start(self, params=None, runqemuparams=None, extra_bootparams=None):
diff --git a/lib/oeqa/utils/qemuzephyrrunner.py b/lib/oeqa/utils/qemuzephyrrunner.py
index 0308f1e50e29..e8a1bd4544cf 100644
--- a/lib/oeqa/utils/qemuzephyrrunner.py
+++ b/lib/oeqa/utils/qemuzephyrrunner.py
@@ -18,11 +18,12 @@ from oeqa.utils.qemurunner import QemuRunner

class QemuZephyrRunner(QemuRunner):

- def __init__(self, machine, rootfs, display, tmpdir, deploy_dir_image, logfile, boottime, dump_dir, dump_host_cmds, use_kvm, logger):
+ def __init__(self, machine, rootfs, display, tmpdir, deploy_dir_image, logfile, boottime, dump_dir, dump_host_cmds, use_kvm, logger, tmpfsdir):
+

QemuRunner.__init__(self, machine, rootfs, display, tmpdir,
deploy_dir_image, logfile, boottime, None,
- None, use_kvm, logger)
+ None, use_kvm, logger, tmpfsdir)

# Popen object for runqemu
self.socketfile = tempfile.NamedTemporaryFile()
@@ -32,6 +33,7 @@ class QemuZephyrRunner(QemuRunner):

self.kernel = rootfs
self.deploy_dir_image = deploy_dir_image
+ self.tmpfsdir = tmpfsdir
self.logfile = logfile
self.use_kvm = use_kvm

@@ -73,6 +75,8 @@ class QemuZephyrRunner(QemuRunner):
return False
else:
os.environ["DEPLOY_DIR_IMAGE"] = self.deploy_dir_image
+ if self.tmpfsdir:
+ env["RUNQEMU_TMPFS_DIR"] = self.tmpfsdir

if not os.path.exists(self.kernel):
bb.error("Invalid kernel path: %s" % self.kernel)
--
2.20.1

Signed-off-by: Armin Kuster <akuster808@...>
---
...Makefile-drop-running-scrips-install.patch | 37 +++
.../0002-Makefile-don-t-set-uid-gid.patch | 251 ++++++++++++++++++
recipes-ids/ossec/ossec-hids_3.6.0.bb | 161 +++++++++++
3 files changed, 449 insertions(+)
create mode 100644 recipes-ids/ossec/files/0001-Makefile-drop-running-scrips-install.patch
create mode 100644 recipes-ids/ossec/files/0002-Makefile-don-t-set-uid-gid.patch
create mode 100644 recipes-ids/ossec/ossec-hids_3.6.0.bb

diff --git a/recipes-ids/ossec/files/0001-Makefile-drop-running-scrips-install.patch b/recipes-ids/ossec/files/0001-Makefile-drop-running-scrips-install.patch
new file mode 100644
index 0000000..08e018f
--- /dev/null
+++ b/recipes-ids/ossec/files/0001-Makefile-drop-running-scrips-install.patch
@@ -0,0 +1,37 @@
+From b948d36a8ca8e04794381f0f6eba29daf7e3fd01 Mon Sep 17 00:00:00 2001
+From: Armin Kuster <akuster808@...>
+Date: Wed, 21 Apr 2021 00:56:53 +0000
+Subject: [PATCH 1/2] Makefile: drop running scrips @ install
+
+Upstream-Status: Inappropriate [embedded specific]
+
+Signed-off-by: Armin Kuster <akuster808@...>
+---
+ src/Makefile | 4 ----
+ 1 file changed, 4 deletions(-)
+
+diff --git a/src/Makefile b/src/Makefile
+index 06a7094c..dfb8cb58 100644
+--- a/src/Makefile
++++ b/src/Makefile
+@@ -409,7 +409,6 @@ install-hybrid: install-server-generic
+ install-server: install-server-generic
+
+ install-common: build
+- ./init/adduser.sh ${OSSEC_USER} ${OSSEC_USER_MAIL} ${OSSEC_USER_REM} ${OSSEC_GROUP} ${PREFIX}
+ $(call INSTALL_CMD,0550,root,${OSSEC_GROUP}) -d ${PREFIX}/
+ $(call INSTALL_CMD,0750,${OSSEC_USER},${OSSEC_GROUP}) -d ${PREFIX}/logs
+ $(call INSTALL_CMD,0660,${OSSEC_USER},${OSSEC_GROUP}) /dev/null ${PREFIX}/logs/ossec.log
+@@ -485,9 +484,6 @@ endif
+ $(call INSTALL_CMD,0550,root,${OSSEC_GROUP}) -d ${PREFIX}/var
+ $(call INSTALL_CMD,0770,root,${OSSEC_GROUP}) -d ${PREFIX}/var/run
+
+- ./init/fw-check.sh execute
+-
+-
+
+ install-server-generic: install-common
+ $(call INSTALL_CMD,0660,${OSSEC_USER},${OSSEC_GROUP}) /dev/null ${PREFIX}/logs/active-responses.log
+--
+2.25.1
+
diff --git a/recipes-ids/ossec/files/0002-Makefile-don-t-set-uid-gid.patch b/recipes-ids/ossec/files/0002-Makefile-don-t-set-uid-gid.patch
new file mode 100644
index 0000000..d5e3403
--- /dev/null
+++ b/recipes-ids/ossec/files/0002-Makefile-don-t-set-uid-gid.patch
@@ -0,0 +1,251 @@
+From d9ec907881b72d42b4918f7cfb46516ce8e77772 Mon Sep 17 00:00:00 2001
+From: Armin Kuster <akuster808@...>
+Date: Sat, 24 Apr 2021 23:07:29 +0000
+Subject: [PATCH 2/2] Makefile: don't set uid/gid
+
+Upstream-Status: Inappropriate [embedded specific]
+
+Signed-off-by: Armin Kuster <akuster808@...>
+---
+ src/Makefile | 166 +++++++++++++++++++++++++--------------------------
+ 1 file changed, 83 insertions(+), 83 deletions(-)
+
+diff --git a/src/Makefile b/src/Makefile
+index dfb8cb58..a4d69ef6 100644
+--- a/src/Makefile
++++ b/src/Makefile
+@@ -21,7 +21,7 @@ OSSEC_USER?=ossec
+ OSSEC_USER_MAIL?=ossecm
+ OSSEC_USER_REM?=ossecr
+
+-INSTALL_CMD?=install -m $(1) -o $(2) -g $(3)
++INSTALL_CMD?=install -m $(1)
+ INSTALL_LOCALTIME?=yes
+ INSTALL_RESOLVCONF?=yes
+
+@@ -397,10 +397,10 @@ endif
+ install: install-${TARGET}
+
+ install-agent: install-common
+- $(call INSTALL_CMD,0550,root,0) ossec-agentd ${PREFIX}/bin
+- $(call INSTALL_CMD,0550,root,0) agent-auth ${PREFIX}/bin
++ $(call INSTALL_CMD,0550) ossec-agentd ${PREFIX}/bin
++ $(call INSTALL_CMD,0550) agent-auth ${PREFIX}/bin
+
+- $(call INSTALL_CMD,0750,${OSSEC_USER},${OSSEC_GROUP}) -d ${PREFIX}/queue/rids
++ $(call INSTALL_CMD,0750) -d ${PREFIX}/queue/rids
+
+ install-local: install-server-generic
+
+@@ -409,129 +409,129 @@ install-hybrid: install-server-generic
+ install-server: install-server-generic
+
+ install-common: build
+- $(call INSTALL_CMD,0550,root,${OSSEC_GROUP}) -d ${PREFIX}/
+- $(call INSTALL_CMD,0750,${OSSEC_USER},${OSSEC_GROUP}) -d ${PREFIX}/logs
+- $(call INSTALL_CMD,0660,${OSSEC_USER},${OSSEC_GROUP}) /dev/null ${PREFIX}/logs/ossec.log
+-
+- $(call INSTALL_CMD,0550,root,0) -d ${PREFIX}/bin
+- $(call INSTALL_CMD,0550,root,0) ossec-logcollector ${PREFIX}/bin
+- $(call INSTALL_CMD,0550,root,0) ossec-syscheckd ${PREFIX}/bin
+- $(call INSTALL_CMD,0550,root,0) ossec-execd ${PREFIX}/bin
+- $(call INSTALL_CMD,0550,root,0) manage_agents ${PREFIX}/bin
+- $(call INSTALL_CMD,0550,root,0) ../contrib/util.sh ${PREFIX}/bin/
+- $(call INSTALL_CMD,0550,root,0) ${OSSEC_CONTROL_SRC} ${PREFIX}/bin/ossec-control
++ $(call INSTALL_CMD,0550) -d ${PREFIX}/
++ $(call INSTALL_CMD,0750) -d ${PREFIX}/logs
++ $(call INSTALL_CMD,0660) /dev/null ${PREFIX}/logs/ossec.log
++
++ $(call INSTALL_CMD,0550) -d ${PREFIX}/bin
++ $(call INSTALL_CMD,0550) ossec-logcollector ${PREFIX}/bin
++ $(call INSTALL_CMD,0550) ossec-syscheckd ${PREFIX}/bin
++ $(call INSTALL_CMD,0550) ossec-execd ${PREFIX}/bin
++ $(call INSTALL_CMD,0550) manage_agents ${PREFIX}/bin
++ $(call INSTALL_CMD,0550) ../contrib/util.sh ${PREFIX}/bin/
++ $(call INSTALL_CMD,0550) ${OSSEC_CONTROL_SRC} ${PREFIX}/bin/ossec-control
+
+ ifeq (${LUA_ENABLE},yes)
+- $(call INSTALL_CMD,0550,root,0) -d ${PREFIX}/lua
+- $(call INSTALL_CMD,0550,root,0) -d ${PREFIX}/lua/native
+- $(call INSTALL_CMD,0550,root,0) -d ${PREFIX}/lua/compiled
+- $(call INSTALL_CMD,0550,root,0) ${EXTERNAL_LUA}src/ossec-lua ${PREFIX}/bin/
+- $(call INSTALL_CMD,0550,root,0) ${EXTERNAL_LUA}src/ossec-luac ${PREFIX}/bin/
++ $(call INSTALL_CMD,0550) -d ${PREFIX}/lua
++ $(call INSTALL_CMD,0550) -d ${PREFIX}/lua/native
++ $(call INSTALL_CMD,0550) -d ${PREFIX}/lua/compiled
++ $(call INSTALL_CMD,0550) ${EXTERNAL_LUA}src/ossec-lua ${PREFIX}/bin/
++ $(call INSTALL_CMD,0550) ${EXTERNAL_LUA}src/ossec-luac ${PREFIX}/bin/
+ endif
+
+- $(call INSTALL_CMD,0550,root,${OSSEC_GROUP}) -d ${PREFIX}/queue
+- $(call INSTALL_CMD,0770,${OSSEC_USER},${OSSEC_GROUP}) -d ${PREFIX}/queue/alerts
+- $(call INSTALL_CMD,0750,${OSSEC_USER},${OSSEC_GROUP}) -d ${PREFIX}/queue/ossec
+- $(call INSTALL_CMD,0750,${OSSEC_USER},${OSSEC_GROUP}) -d ${PREFIX}/queue/syscheck
+- $(call INSTALL_CMD,0750,${OSSEC_USER},${OSSEC_GROUP}) -d ${PREFIX}/queue/diff
++ $(call INSTALL_CMD,0550) -d ${PREFIX}/queue
++ $(call INSTALL_CMD,0770) -d ${PREFIX}/queue/alerts
++ $(call INSTALL_CMD,0750) -d ${PREFIX}/queue/ossec
++ $(call INSTALL_CMD,0750) -d ${PREFIX}/queue/syscheck
++ $(call INSTALL_CMD,0750) -d ${PREFIX}/queue/diff
+
+- $(call INSTALL_CMD,0550,root,${OSSEC_GROUP}) -d ${PREFIX}/etc
++ $(call INSTALL_CMD,0550) -d ${PREFIX}/etc
+ ifeq (${INSTALL_LOCALTIME},yes)
+- $(call INSTALL_CMD,0440,root,${OSSEC_GROUP}) /etc/localtime ${PREFIX}/etc
++ $(call INSTALL_CMD,0440) /etc/localtime ${PREFIX}/etc
+ endif
+ ifeq (${INSTALL_RESOLVCONF},yes)
+- $(call INSTALL_CMD,0440,root,${OSSEC_GROUP}) /etc/resolv.conf ${PREFIX}/etc
++ $(call INSTALL_CMD,0440) /etc/resolv.conf ${PREFIX}/etc
+ endif
+
+- $(call INSTALL_CMD,1550,root,${OSSEC_GROUP}) -d ${PREFIX}/tmp
++ $(call INSTALL_CMD,1550) -d ${PREFIX}/tmp
+
+ ifneq (,$(wildcard /etc/TIMEZONE))
+- $(call INSTALL_CMD,440,root,${OSSEC_GROUP}) /etc/TIMEZONE ${PREFIX}/etc/
++ $(call INSTALL_CMD,440) /etc/TIMEZONE ${PREFIX}/etc/
+ endif
+ # Solaris Needs some extra files
+ ifeq (${uname_S},SunOS)
+- $(call INSTALL_CMD,0550,root,${OSSEC_GROUP}) -d ${PREFIX}/usr/share/lib/zoneinfo/
++ $(call INSTALL_CMD,0550) -d ${PREFIX}/usr/share/lib/zoneinfo/
+ cp -r /usr/share/lib/zoneinfo/* ${PREFIX}/usr/share/lib/zoneinfo/
+ endif
+- $(call INSTALL_CMD,0640,root,${OSSEC_GROUP}) -b ../etc/internal_options.conf ${PREFIX}/etc/
++ $(call INSTALL_CMD,0640) -b ../etc/internal_options.conf ${PREFIX}/etc/
+ ifeq (,$(wildcard ${PREFIX}/etc/local_internal_options.conf))
+- $(call INSTALL_CMD,0640,root,${OSSEC_GROUP}) ../etc/local_internal_options.conf ${PREFIX}/etc/local_internal_options.conf
++ $(call INSTALL_CMD,0640) ../etc/local_internal_options.conf ${PREFIX}/etc/local_internal_options.conf
+ endif
+ ifeq (,$(wildcard ${PREFIX}/etc/client.keys))
+- $(call INSTALL_CMD,0640,root,${OSSEC_GROUP}) /dev/null ${PREFIX}/etc/client.keys
++ $(call INSTALL_CMD,0640) /dev/null ${PREFIX}/etc/client.keys
+ endif
+ ifeq (,$(wildcard ${PREFIX}/etc/ossec.conf))
+ ifneq (,$(wildcard ../etc/ossec.mc))
+- $(call INSTALL_CMD,0640,root,${OSSEC_GROUP}) ../etc/ossec.mc ${PREFIX}/etc/ossec.conf
++ $(call INSTALL_CMD,0640) ../etc/ossec.mc ${PREFIX}/etc/ossec.conf
+ else
+- $(call INSTALL_CMD,0640,root,${OSSEC_GROUP}) ${OSSEC_CONF_SRC} ${PREFIX}/etc/ossec.conf
++ $(call INSTALL_CMD,0640) ${OSSEC_CONF_SRC} ${PREFIX}/etc/ossec.conf
+ endif
+ endif
+
+- $(call INSTALL_CMD,0770,root,${OSSEC_GROUP}) -d ${PREFIX}/etc/shared
+- $(call INSTALL_CMD,0640,${OSSEC_USER},${OSSEC_GROUP}) rootcheck/db/*.txt ${PREFIX}/etc/shared/
++ $(call INSTALL_CMD,0770) -d ${PREFIX}/etc/shared
++ $(call INSTALL_CMD,0640) rootcheck/db/*.txt ${PREFIX}/etc/shared/
+
+- $(call INSTALL_CMD,0550,root,${OSSEC_GROUP}) -d ${PREFIX}/active-response
+- $(call INSTALL_CMD,0550,root,${OSSEC_GROUP}) -d ${PREFIX}/active-response/bin
+- $(call INSTALL_CMD,0550,root,${OSSEC_GROUP}) -d ${PREFIX}/agentless
+- $(call INSTALL_CMD,0550,root,${OSSEC_GROUP}) agentlessd/scripts/* ${PREFIX}/agentless/
++ $(call INSTALL_CMD,0550) -d ${PREFIX}/active-response
++ $(call INSTALL_CMD,0550) -d ${PREFIX}/active-response/bin
++ $(call INSTALL_CMD,0550) -d ${PREFIX}/agentless
++ $(call INSTALL_CMD,0550) agentlessd/scripts/* ${PREFIX}/agentless/
+
+- $(call INSTALL_CMD,0700,root,${OSSEC_GROUP}) -d ${PREFIX}/.ssh
++ $(call INSTALL_CMD,0700) -d ${PREFIX}/.ssh
+
+- $(call INSTALL_CMD,0550,root,${OSSEC_GROUP}) ../active-response/*.sh ${PREFIX}/active-response/bin/
+- $(call INSTALL_CMD,0550,root,${OSSEC_GROUP}) ../active-response/firewalls/*.sh ${PREFIX}/active-response/bin/
++ $(call INSTALL_CMD,0550) ../active-response/*.sh ${PREFIX}/active-response/bin/
++ $(call INSTALL_CMD,0550) ../active-response/firewalls/*.sh ${PREFIX}/active-response/bin/
+
+- $(call INSTALL_CMD,0550,root,${OSSEC_GROUP}) -d ${PREFIX}/var
+- $(call INSTALL_CMD,0770,root,${OSSEC_GROUP}) -d ${PREFIX}/var/run
++ $(call INSTALL_CMD,0550) -d ${PREFIX}/var
++ $(call INSTALL_CMD,0770) -d ${PREFIX}/var/run
+
+
+ install-server-generic: install-common
+- $(call INSTALL_CMD,0660,${OSSEC_USER},${OSSEC_GROUP}) /dev/null ${PREFIX}/logs/active-responses.log
+- $(call INSTALL_CMD,0750,${OSSEC_USER},${OSSEC_GROUP}) -d ${PREFIX}/logs/archives
+- $(call INSTALL_CMD,0750,${OSSEC_USER},${OSSEC_GROUP}) -d ${PREFIX}/logs/alerts
+- $(call INSTALL_CMD,0750,${OSSEC_USER},${OSSEC_GROUP}) -d ${PREFIX}/logs/firewall
+-
+- $(call INSTALL_CMD,0550,root,0) ossec-agentlessd ${PREFIX}/bin
+- $(call INSTALL_CMD,0550,root,0) ossec-analysisd ${PREFIX}/bin
+- $(call INSTALL_CMD,0550,root,0) ossec-monitord ${PREFIX}/bin
+- $(call INSTALL_CMD,0550,root,0) ossec-reportd ${PREFIX}/bin
+- $(call INSTALL_CMD,0550,root,0) ossec-maild ${PREFIX}/bin
+- $(call INSTALL_CMD,0550,root,0) ossec-remoted ${PREFIX}/bin
+- $(call INSTALL_CMD,0550,root,0) ossec-logtest ${PREFIX}/bin
+- $(call INSTALL_CMD,0550,root,0) ossec-csyslogd ${PREFIX}/bin
+- $(call INSTALL_CMD,0550,root,0) ossec-authd ${PREFIX}/bin
+- $(call INSTALL_CMD,0550,root,0) ossec-dbd ${PREFIX}/bin
+- $(call INSTALL_CMD,0550,root,0) ossec-makelists ${PREFIX}/bin
+- $(call INSTALL_CMD,0550,root,0) verify-agent-conf ${PREFIX}/bin/
+- $(call INSTALL_CMD,0550,root,0) clear_stats ${PREFIX}/bin/
+- $(call INSTALL_CMD,0550,root,0) list_agents ${PREFIX}/bin/
+- $(call INSTALL_CMD,0550,root,0) ossec-regex ${PREFIX}/bin/
+- $(call INSTALL_CMD,0550,root,0) syscheck_update ${PREFIX}/bin/
+- $(call INSTALL_CMD,0550,root,0) agent_control ${PREFIX}/bin/
+- $(call INSTALL_CMD,0550,root,0) syscheck_control ${PREFIX}/bin/
+- $(call INSTALL_CMD,0550,root,0) rootcheck_control ${PREFIX}/bin/
+-
+- $(call INSTALL_CMD,0750,${OSSEC_USER},${OSSEC_GROUP}) -d ${PREFIX}/stats
+- $(call INSTALL_CMD,0550,root,${OSSEC_GROUP}) -d ${PREFIX}/rules
++ $(call INSTALL_CMD,0660) /dev/null ${PREFIX}/logs/active-responses.log
++ $(call INSTALL_CMD,0750) -d ${PREFIX}/logs/archives
++ $(call INSTALL_CMD,0750) -d ${PREFIX}/logs/alerts
++ $(call INSTALL_CMD,0750) -d ${PREFIX}/logs/firewall
++
++ $(call INSTALL_CMD,0550) ossec-agentlessd ${PREFIX}/bin
++ $(call INSTALL_CMD,0550) ossec-analysisd ${PREFIX}/bin
++ $(call INSTALL_CMD,0550) ossec-monitord ${PREFIX}/bin
++ $(call INSTALL_CMD,0550) ossec-reportd ${PREFIX}/bin
++ $(call INSTALL_CMD,0550) ossec-maild ${PREFIX}/bin
++ $(call INSTALL_CMD,0550) ossec-remoted ${PREFIX}/bin
++ $(call INSTALL_CMD,0550) ossec-logtest ${PREFIX}/bin
++ $(call INSTALL_CMD,0550) ossec-csyslogd ${PREFIX}/bin
++ $(call INSTALL_CMD,0550) ossec-authd ${PREFIX}/bin
++ $(call INSTALL_CMD,0550) ossec-dbd ${PREFIX}/bin
++ $(call INSTALL_CMD,0550) ossec-makelists ${PREFIX}/bin
++ $(call INSTALL_CMD,0550) verify-agent-conf ${PREFIX}/bin/
++ $(call INSTALL_CMD,0550) clear_stats ${PREFIX}/bin/
++ $(call INSTALL_CMD,0550) list_agents ${PREFIX}/bin/
++ $(call INSTALL_CMD,0550) ossec-regex ${PREFIX}/bin/
++ $(call INSTALL_CMD,0550) syscheck_update ${PREFIX}/bin/
++ $(call INSTALL_CMD,0550) agent_control ${PREFIX}/bin/
++ $(call INSTALL_CMD,0550) syscheck_control ${PREFIX}/bin/
++ $(call INSTALL_CMD,0550) rootcheck_control ${PREFIX}/bin/
++
++ $(call INSTALL_CMD,0750) -d ${PREFIX}/stats
++ $(call INSTALL_CMD,0550) -d ${PREFIX}/rules
+ ifneq (,$(wildcard ${PREFIX}/rules/local_rules.xml))
+ cp ${PREFIX}/rules/local_rules.xml ${PREFIX}/rules/local_rules.xml.installbackup
+- $(call INSTALL_CMD,0640,root,${OSSEC_GROUP}) -b ../etc/rules/*.xml ${PREFIX}/rules
+- $(call INSTALL_CMD,0640,root,${OSSEC_GROUP}) ${PREFIX}/rules/local_rules.xml.installbackup ${PREFIX}/rules/local_rules.xml
++ $(call INSTALL_CMD,0640) -b ../etc/rules/*.xml ${PREFIX}/rules
++ $(call INSTALL_CMD,0640) ${PREFIX}/rules/local_rules.xml.installbackup ${PREFIX}/rules/local_rules.xml
+ rm ${PREFIX}/rules/local_rules.xml.installbackup
+ else
+- $(call INSTALL_CMD,0640,root,${OSSEC_GROUP}) -b ../etc/rules/*.xml ${PREFIX}/rules
++ $(call INSTALL_CMD,0640) -b ../etc/rules/*.xml ${PREFIX}/rules
+ endif
+
+- $(call INSTALL_CMD,0750,${OSSEC_USER},${OSSEC_GROUP}) -d ${PREFIX}/queue/fts
++ $(call INSTALL_CMD,0750) -d ${PREFIX}/queue/fts
+
+- $(call INSTALL_CMD,0750,${OSSEC_USER},${OSSEC_GROUP}) -d ${PREFIX}/queue/rootcheck
++ $(call INSTALL_CMD,0750) -d ${PREFIX}/queue/rootcheck
+
+- $(call INSTALL_CMD,0750,${OSSEC_USER_REM},${OSSEC_GROUP}) -d ${PREFIX}/queue/agent-info
+- $(call INSTALL_CMD,0750,${OSSEC_USER},${OSSEC_GROUP}) -d ${PREFIX}/queue/agentless
++ $(call INSTALL_CMD,0750) -d ${PREFIX}/queue/agent-info
++ $(call INSTALL_CMD,0750) -d ${PREFIX}/queue/agentless
+
+- $(call INSTALL_CMD,0750,${OSSEC_USER_REM},${OSSEC_GROUP}) -d ${PREFIX}/queue/rids
++ $(call INSTALL_CMD,0750) -d ${PREFIX}/queue/rids
+
+- $(call INSTALL_CMD,0640,root,${OSSEC_GROUP}) ../etc/decoder.xml ${PREFIX}/etc/
++ $(call INSTALL_CMD,0640) ../etc/decoder.xml ${PREFIX}/etc/
+
+ rm -f ${PREFIX}/etc/shared/merged.mg
+
+--
+2.25.1
+
diff --git a/recipes-ids/ossec/ossec-hids_3.6.0.bb b/recipes-ids/ossec/ossec-hids_3.6.0.bb
new file mode 100644
index 0000000..10354a7
--- /dev/null
+++ b/recipes-ids/ossec/ossec-hids_3.6.0.bb
@@ -0,0 +1,161 @@
+SUMMARY = "A full platform to monitor and control your systems"
+LICENSE = "GPL-2.0"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=d625d1520b5e38faefb81cf9772badc9"
+
+
+DEPENDS = "openssl libpcre2 zlib libevent"
+SRC_URI = "git://github.com/ossec/ossec-hids;branch=master \
+ file://0001-Makefile-drop-running-scrips-install.patch \
+ file://0002-Makefile-don-t-set-uid-gid.patch \
+ "
+
+SRCREV = "1303c78e2c67d7acee0508cb00c3bc63baaa27c2"
+
+inherit autotools-brokensep useradd
+
+S = "${WORKDIR}/git"
+
+OSSEC_UID ?= "ossec"
+OSSEC_RUID ?= "ossecr"
+OSSEC_GID ?= "ossec"
+OSSEC_EMAIL ?= "ossecm"
+
+do_configure[noexec] = "1"
+
+do_compile() {
+ cd ${S}/src
+ make PREFIX=${prefix} TARGET=local USE_SYSTEMD=No build
+}
+
+do_install(){
+ install -d ${D}${sysconfdir}
+ install -d ${D}/var/ossec/${sysconfdir}
+
+ cd ${S}/src
+ make TARGET=local PREFIX=${D}/var/ossec install
+
+ echo "DIRECTORY=\"/var/ossec\"" > ${D}/${sysconfdir}/ossec-init.conf
+ echo "VERSION=\"${PV}\"" >> ${D}/${sysconfdir}/ossec-init.conf
+ echo "DATE=\"`date`\"" >> ${D}/${sysconfdir}/ossec-init.conf
+ echo "TYPE=\"local\"" >> ${D}/${sysconfdir}/ossec-init.conf
+ chmod 600 ${D}/${sysconfdir}/ossec-init.conf
+ install -m 640 ${D}/${sysconfdir}/ossec-init.conf ${D}/var/ossec/${sysconfdir}/ossec-init.conf
+}
+
+pkg_postinst_ontarget_${PN} () {
+ DIR="/var/ossec"
+
+ usermod -g ossec -G ossec -a root
+
+ # Default for all directories
+ chmod -R 550 ${DIR}
+ chown -R root:${OSSEC_GID} ${DIR}
+
+ # To the ossec queue (default for agentd to read)
+ chown -R ${OSSEC_UUID}:${OSSEC_GID} ${DIR}/queue/ossec
+ chmod -R 770 ${DIR}/queue/ossec
+
+ # For the logging user
+ chown -R ${OSSEC_UUID}:${OSSEC_GID} ${DIR}/logs
+ chmod -R 750 ${DIR}/logs
+ chmod -R 775 ${DIR}/queue/rids
+ touch ${DIR}/logs/ossec.log
+ chown ${OSSEC_UUID}:${OSSEC_GID} ${DIR}/logs/ossec.log
+ chmod 664 ${DIR}/logs/ossec.log
+
+ chown -R ${OSSEC_UUID}:${OSSEC_GID} ${DIR}/queue/diff
+ chmod -R 750 ${DIR}/queue/diff
+ chmod 740 ${DIR}/queue/diff/* > /dev/null 2>&1 || true
+
+ # For the etc dir
+ chmod 550 ${DIR}/etc
+ chown -R root:${OSSEC_GID} ${DIR}/etc
+ if [ -f /etc/localtime ]; then
+ cp -pL /etc/localtime ${DIR}/etc/;
+ chmod 555 ${DIR}/etc/localtime
+ chown root:${OSSEC_GID} ${DIR}/etc/localtime
+ fi
+
+ if [ -f /etc/TIMEZONE ]; then
+ cp -p /etc/TIMEZONE ${DIR}/etc/;
+ chmod 555 ${DIR}/etc/TIMEZONE
+ fi
+
+ # More files
+ chown root:${OSSEC_GID} ${DIR}/etc/internal_options.conf
+ chown root:${OSSEC_GID} ${DIR}/etc/local_internal_options.conf >/dev/null 2>&1 || true
+ chown root:${OSSEC_GID} ${DIR}/etc/client.keys >/dev/null 2>&1 || true
+ chown root:${OSSEC_GID} ${DIR}/agentless/*
+ chown ${OSSEC_UUID}:${OSSEC_GID} ${DIR}/.ssh
+ chown root:${OSSEC_GID} ${DIR}/etc/shared/*
+
+ chmod 550 ${DIR}/etc
+ chmod 440 ${DIR}/etc/internal_options.conf
+ chmod 660 ${DIR}/etc/local_internal_options.conf >/dev/null 2>&1 || true
+ chmod 440 ${DIR}/etc/client.keys >/dev/null 2>&1 || true
+ chmod 550 ${DIR}/agentless/*
+ chmod 700 ${DIR}/.ssh
+ chmod 770 ${DIR}/etc/shared
+ chmod 660 ${DIR}/etc/shared/*
+
+ # For the /var/run
+ chmod 770 ${DIR}/var/run
+ chown root:${OSSEC_GID} ${DIR}/var/run
+
+ # For util.sh
+ chown root:${OSSEC_GID} ${DIR}/bin/util.sh
+ chmod +x ${DIR}/bin/util.sh
+
+ # For binaries and active response
+ chmod 755 ${DIR}/active-response/bin/*
+ chown root:${OSSEC_GID} ${DIR}/active-response/bin/*
+ chown root:${OSSEC_GID} ${DIR}/bin/*
+ chmod 550 ${DIR}/bin/*
+
+ # For ossec.conf
+ chown root:${OSSEC_GID} ${DIR}/etc/ossec.conf
+ chmod 660 ${DIR}/etc/ossec.conf
+
+ # Debconf
+ . /usr/share/debconf/confmodule
+ db_input high ossec-hids-agent/server-ip || true
+ db_go
+
+ db_get ossec-hids-agent/server-ip
+ SERVER_IP=$RET
+
+ sed -i "s/<server-ip>[^<]\+<\/server-ip>/<server-ip>${SERVER_IP}<\/server-ip>/" ${DIR}/etc/ossec.conf
+ db_stop
+
+ # ossec-init.conf
+ if [ -e ${DIR}/etc/ossec-init.conf ] && [ -d /etc/ ]; then
+ if [ -e /etc/ossec-init.conf ]; then
+ rm -f /etc/ossec-init.conf
+ fi
+ ln -s ${DIR}/etc/ossec-init.conf /etc/ossec-init.conf
+ fi
+
+ # init.d/ossec file
+ if [ -x ${DIR}/etc/init.d/ossec ] && [ -d /etc/init.d/ ]; then
+ if [ -e /etc/init.d/ossec ]; then
+ rm -f /etc/init.d/ossec
+ fi
+ ln -s ${DIR}/etc/init.d/ossec /etc/init.d/ossec
+ fi
+
+ # Service
+ if [ -x /etc/init.d/ossec ]; then
+ update-rc.d -f ossec defaults
+ fi
+
+ # Delete tmp directory
+ if [ -d ${OSSEC_HIDS_TMP_DIR} ]; then
+ rm -r ${OSSEC_HIDS_TMP_DIR}
+ fi
+}
+
+USERADD_PACKAGES = "${PN}"
+USERADD_PARAM_${PN} = "--system --home-dir /var/ossec -g ossec --shell /bin/false ossec"
+GROUPADD_PARAM_${PN} = "--system ossec"
+
+RDEPENDS_${PN} = "openssl bash"
--
2.25.1

--
Regards,
Sateesh

Hi Guys,

                I am newly facing this when I want to build core-image-sato image. how can I fix this issue can anybody know please suggest me.

local.conf I enabled EXTRA_IMAGE_FEATURES +=  "staticdev-pkgs"  but same issue I am facing.

--
Regards,
Sateesh

Hi Guys,

                I am newly facing this when I want to build core-image-sato image. how can I fix this issue can anybody know please suggest me.




--
Regards,
Sateesh

What is the relationship between OpenBIOS and YOCTO? Between OpenBIOS and U-boot?

Signed-off-by: Alexander Kanavin <alex.kanavin@...>
---
config.json | 5 +++++
1 file changed, 5 insertions(+)

diff --git a/config.json b/config.json
index 6de85a4..b38bc61 100644
--- a/config.json
+++ b/config.json
@@ -751,6 +751,11 @@
]
}
},
+ "only-x11" : {
+ "MACHINE" : "qemux86-64",
+ "BBTARGETS" : "core-image-sato core-image-sato:do_populate_sdk core-image-sato:do_populate_sdk_ext core-image-sato-sdk",
+ "SANITYTARGETS" : "core-image-sato:do_testimage core-image-sato:do_testsdk core-image-sato:do_testsdkext core-image-sato-sdk:do_testimage"
+ },
"musl-qemux86" : {
"MACHINE" : "qemux86",
"SDKMACHINE" : "x86_64",
--
2.30.2

Signed-off-by: Alexander Kanavin <alex.kanavin@...>
---
config.json | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/config.json b/config.json
index 8e0f0ac..6de85a4 100644
--- a/config.json
+++ b/config.json
@@ -976,7 +976,7 @@
"BBTARGETS" : "core-image-weston",
"SANITYTARGETS" : "core-image-weston:do_testimage",
"extravars" : [
- "DISTRO_FEATURES_append = ' systemd'",
+ "DISTRO_FEATURES_append = ' pam systemd'",
"VIRTUAL-RUNTIME_init_manager = 'systemd'",
"TEST_SUITES_append = ' systemd'"
]
@@ -996,7 +996,7 @@
"SANITYTARGETS" : "core-image-weston:do_testimage",
"extravars" : [
"TEST_SUITES_append = ' systemd'",
- "DISTRO_FEATURES_append = ' systemd'",
+ "DISTRO_FEATURES_append = ' pam systemd'",
"VIRTUAL-RUNTIME_init_manager = 'systemd'",
"DISTRO_FEATURES_BACKFILL_CONSIDERED = 'sysvinit'"
]
--
2.30.2

I believe the time has come for YP to be defaulting to Wayland
and not X11.

X11 is effectively deprecated technology at this point with
only minimal maintenance; standalone X server will not be
developed any further, and all attention currently is towards
making X apps work well under Wayland.

Weston is built with x11 support enabled via xwayland, so
x11 bits continue do be built and exercised in tests and SDKs;
for testing core-image-sato as a whole a separate target will
be added next.

Signed-off-by: Alexander Kanavin <alex.kanavin@...>
---
config.json | 176 ++++++++++++++++++++++++++--------------------------
1 file changed, 88 insertions(+), 88 deletions(-)

diff --git a/config.json b/config.json
index a1893db..8e0f0ac 100644
--- a/config.json
+++ b/config.json
@@ -66,13 +66,13 @@
"BUILDINFO" : true,
"BUILDHISTORY" : true,
"step1" : {
- "BBTARGETS" : "core-image-sato core-image-sato-sdk core-image-minimal core-image-minimal-dev core-image-sato:do_populate_sdk",
- "SANITYTARGETS" : "core-image-minimal:do_testimage core-image-sato:do_testimage core-image-sato-sdk:do_testimage core-image-sato:do_testsdk"
+ "BBTARGETS" : "core-image-weston core-image-weston-sdk core-image-minimal core-image-minimal-dev core-image-weston:do_populate_sdk",
+ "SANITYTARGETS" : "core-image-minimal:do_testimage core-image-weston:do_testimage core-image-weston-sdk:do_testimage core-image-weston:do_testsdk"
},
"step2" : {
"SDKMACHINE" : "x86_64",
- "BBTARGETS" : "core-image-sato:do_populate_sdk core-image-minimal:do_populate_sdk_ext core-image-sato:do_populate_sdk_ext",
- "SANITYTARGETS" : "core-image-sato:do_testsdk core-image-minimal:do_testsdkext core-image-sato:do_testsdkext"
+ "BBTARGETS" : "core-image-weston:do_populate_sdk core-image-minimal:do_populate_sdk_ext core-image-weston:do_populate_sdk_ext",
+ "SANITYTARGETS" : "core-image-weston:do_testsdk core-image-minimal:do_testsdkext core-image-weston:do_testsdkext"
},
"step3" : {
"shortname" : "Machine oe-selftest",
@@ -86,8 +86,8 @@
"BUILDINFO" : true,
"BUILDHISTORY" : true,
"step1" : {
- "BBTARGETS" : "core-image-full-cmdline core-image-sato core-image-sato-sdk",
- "SANITYTARGETS" : "core-image-full-cmdline:do_testimage core-image-sato:do_testimage core-image-sato-sdk:do_testimage"
+ "BBTARGETS" : "core-image-full-cmdline core-image-weston core-image-weston-sdk",
+ "SANITYTARGETS" : "core-image-full-cmdline:do_testimage core-image-weston:do_testimage core-image-weston-sdk:do_testimage"
}
},
"ptest-qemu" : {
@@ -108,8 +108,8 @@
},
"ltp-qemu" : {
"BUILDINFO" : true,
- "BBTARGETS" : "core-image-sato",
- "SANITYTARGETS" : "core-image-sato:do_testimage",
+ "BBTARGETS" : "core-image-weston",
+ "SANITYTARGETS" : "core-image-weston:do_testimage",
"extravars" : [
"IMAGE_INSTALL_append = ' ltp'",
"TEST_SUITES = 'ping ssh ltp ltp_compliance'",
@@ -121,16 +121,16 @@
"arch-hw" : {
"BUILDINFO" : true,
"step1" : {
- "BBTARGETS" : "core-image-sato core-image-sato-sdk core-image-minimal core-image-minimal-dev core-image-weston-ptest-all core-image-sato:do_populate_sdk",
- "SANITYTARGETS" : "core-image-sato:do_testsdk"
+ "BBTARGETS" : "core-image-weston core-image-weston-sdk core-image-minimal core-image-minimal-dev core-image-weston-ptest-all core-image-weston:do_populate_sdk",
+ "SANITYTARGETS" : "core-image-weston:do_testsdk"
}
},
"arch-hw-qemu" : {
"BUILDINFO" : true,
"step1" : {
"SDKMACHINE" : "x86_64",
- "BBTARGETS" : "core-image-minimal core-image-sato core-image-sato-sdk core-image-sato:do_populate_sdk core-image-sato:do_populate_sdk_ext",
- "SANITYTARGETS" : "core-image-minimal:do_testimage core-image-sato:do_testimage core-image-sato-sdk:do_testimage core-image-sato:do_testsdk core-image-sato:do_testsdkext"
+ "BBTARGETS" : "core-image-minimal core-image-weston core-image-weston-sdk core-image-weston:do_populate_sdk core-image-weston:do_populate_sdk_ext",
+ "SANITYTARGETS" : "core-image-minimal:do_testimage core-image-weston:do_testimage core-image-weston-sdk:do_testimage core-image-weston:do_testsdk core-image-weston:do_testsdkext"
},
"step2" : {
"shortname" : "Machine oe-selftest",
@@ -142,7 +142,7 @@
"DISTRO" : "poky-altcfg",
"BUILDINFO" : true,
"step1" : {
- "BBTARGETS" : "core-image-full-cmdline core-image-sato core-image-sato-sdk"
+ "BBTARGETS" : "core-image-full-cmdline core-image-weston core-image-weston-sdk"
}
},
"buildperf" : {
@@ -229,17 +229,17 @@
"BB_SIGNATURE_HANDLER = 'OEEquivHash'"
],
"step1" : {
- "BBTARGETS" : "core-image-sato",
- "SANITYTARGETS" : "core-image-sato:do_testimage"
+ "BBTARGETS" : "core-image-weston",
+ "SANITYTARGETS" : "core-image-weston:do_testimage"
},
"step2" : {
- "BBTARGETS" : "core-image-sato:do_populate_sdk",
- "SANITYTARGETS" : "core-image-sato:do_testsdk"
+ "BBTARGETS" : "core-image-weston:do_populate_sdk",
+ "SANITYTARGETS" : "core-image-weston:do_testsdk"
},
"step3" : {
"SDKMACHINE" : "x86_64",
- "BBTARGETS" : "core-image-sato:do_populate_sdk core-image-minimal:do_populate_sdk_ext",
- "SANITYTARGETS" : "core-image-sato:do_testsdk"
+ "BBTARGETS" : "core-image-weston:do_populate_sdk core-image-minimal:do_populate_sdk_ext",
+ "SANITYTARGETS" : "core-image-weston:do_testsdk"
}
},
"qemuarm" : {
@@ -251,8 +251,8 @@
"BUILDINFO" : true,
"step1" : {
"SDKMACHINE" : "aarch64",
- "BBTARGETS" : "core-image-sato core-image-sato-sdk core-image-minimal core-image-minimal-dev core-image-sato:do_populate_sdk core-image-minimal:do_populate_sdk_ext core-image-sato:do_populate_sdk_ext",
- "SANITYTARGETS" : "core-image-minimal:do_testimage core-image-sato:do_testimage core-image-sato-sdk:do_testimage core-image-sato:do_testsdk core-image-minimal:do_testsdkext core-image-sato:do_testsdkext"
+ "BBTARGETS" : "core-image-weston core-image-weston-sdk core-image-minimal core-image-minimal-dev core-image-weston:do_populate_sdk core-image-minimal:do_populate_sdk_ext core-image-weston:do_populate_sdk_ext",
+ "SANITYTARGETS" : "core-image-minimal:do_testimage core-image-weston:do_testimage core-image-weston-sdk:do_testimage core-image-weston:do_testsdk core-image-minimal:do_testsdkext core-image-weston:do_testsdkext"
}
},
"qemuarm-alt" : {
@@ -264,7 +264,7 @@
"TEMPLATE" : "arch-hw",
"step2" : {
"SDKMACHINE" : "x86_64",
- "BBTARGETS" : "core-image-minimal:do_populate_sdk_ext core-image-sato:do_populate_sdk"
+ "BBTARGETS" : "core-image-minimal:do_populate_sdk_ext core-image-weston:do_populate_sdk"
}
},
"beaglebone-alt" : {
@@ -280,8 +280,8 @@
"BUILDINFO" : true,
"step1" : {
"SDKMACHINE" : "aarch64",
- "BBTARGETS" : "core-image-sato core-image-sato-sdk core-image-minimal core-image-minimal-dev core-image-sato:do_populate_sdk core-image-minimal:do_populate_sdk_ext core-image-sato:do_populate_sdk_ext",
- "SANITYTARGETS" : "core-image-minimal:do_testimage core-image-sato:do_testimage core-image-sato-sdk:do_testimage core-image-sato:do_testsdk core-image-minimal:do_testsdkext core-image-sato:do_testsdkext"
+ "BBTARGETS" : "core-image-weston core-image-weston-sdk core-image-minimal core-image-minimal-dev core-image-weston:do_populate_sdk core-image-minimal:do_populate_sdk_ext core-image-weston:do_populate_sdk_ext",
+ "SANITYTARGETS" : "core-image-minimal:do_testimage core-image-weston:do_testimage core-image-weston-sdk:do_testimage core-image-weston:do_testsdk core-image-minimal:do_testsdkext core-image-weston:do_testsdkext"
}
},
"qemuarm64-ptest" : {
@@ -305,13 +305,13 @@
],
"step1": {
"MACHINE": "n1sdp",
- "BBTARGETS": "core-image-minimal core-image-sato core-image-sato:do_populate_sdk",
- "SANITYTARGETS" : "core-image-sato:do_testsdk"
+ "BBTARGETS": "core-image-minimal core-image-weston core-image-weston:do_populate_sdk",
+ "SANITYTARGETS" : "core-image-weston:do_testsdk"
},
"step2": {
"MACHINE": "juno",
- "BBTARGETS": "core-image-minimal core-image-sato core-image-sato:do_populate_sdk",
- "SANITYTARGETS" : "core-image-sato:do_testsdk"
+ "BBTARGETS": "core-image-minimal core-image-weston core-image-weston:do_populate_sdk",
+ "SANITYTARGETS" : "core-image-weston:do_testsdk"
}
},
"meta-agl-core" : {
@@ -336,24 +336,24 @@
"SSTATEDIR" : ["SSTATE_DIR ?= '${HELPERBUILDDIR}/sstate'"],
"MACHINE" : "qemuarm64",
"step1" : {
- "BBTARGETS" : "core-image-sato core-image-sato-sdk core-image-minimal core-image-minimal-dev core-image-sato:do_populate_sdk",
- "SANITYTARGETS" : "core-image-minimal:do_testimage core-image-sato:do_testimage core-image-sato-sdk:do_testimage core-image-sato:do_testsdk"
+ "BBTARGETS" : "core-image-weston core-image-weston-sdk core-image-minimal core-image-minimal-dev core-image-weston:do_populate_sdk",
+ "SANITYTARGETS" : "core-image-minimal:do_testimage core-image-weston:do_testimage core-image-weston-sdk:do_testimage core-image-weston:do_testsdk"
},
"step2" : {
"MACHINE" : "qemux86-64",
- "BBTARGETS" : "core-image-sato core-image-sato-sdk core-image-minimal core-image-minimal-dev core-image-weston-ptest-all core-image-sato:do_populate_sdk",
- "SANITYTARGETS" : "core-image-sato:do_testsdk"
+ "BBTARGETS" : "core-image-weston core-image-weston-sdk core-image-minimal core-image-minimal-dev core-image-weston-ptest-all core-image-weston:do_populate_sdk",
+ "SANITYTARGETS" : "core-image-weston:do_testsdk"

},
"step3" : {
"SDKMACHINE" : "x86_64",
- "BBTARGETS" : "core-image-sato:do_populate_sdk core-image-minimal:do_populate_sdk_ext core-image-sato:do_populate_sdk_ext",
- "SANITYTARGETS" : "core-image-sato:do_testsdk core-image-minimal:do_testsdkext core-image-sato:do_testsdkext"
+ "BBTARGETS" : "core-image-weston:do_populate_sdk core-image-minimal:do_populate_sdk_ext core-image-weston:do_populate_sdk_ext",
+ "SANITYTARGETS" : "core-image-weston:do_testsdk core-image-minimal:do_testsdkext core-image-weston:do_testsdkext"
},
"step4" : {
"MACHINE" : "qemux86-64",
"SDKMACHINE" : "x86_64",
- "BBTARGETS" : "core-image-minimal:do_populate_sdk_ext core-image-sato:do_populate_sdk"
+ "BBTARGETS" : "core-image-minimal:do_populate_sdk_ext core-image-weston:do_populate_sdk"
},
"step5" : {
"BUILDINFO" : false,
@@ -497,11 +497,11 @@
"baselib = \"${@d.getVar('BASE_LIB_tune-' + (d.getVar('DEFAULTTUNE', True) or 'INVALID'), True) or 'lib'}\""
],
"step1" : {
- "BBTARGETS" : "core-image-minimal core-image-sato",
+ "BBTARGETS" : "core-image-minimal core-image-weston",
"SANITYTARGETS" : "core-image-minimal:do_testimage"
},
"step2" : {
- "SANITYTARGETS" : "core-image-sato:do_testimage",
+ "SANITYTARGETS" : "core-image-weston:do_testimage",
"extravars" : [
"TEST_SUITES_append = ' x32lib'"
]
@@ -550,8 +550,8 @@
"step3" : {
"shortname" : "x86-64 lib32 rpm",
"description" : "qemux86-64 64bit image and 32 bit multilibs with rpm",
- "BBTARGETS" : "core-image-sato",
- "SANITYTARGETS" : "core-image-sato:do_testimage",
+ "BBTARGETS" : "core-image-weston",
+ "SANITYTARGETS" : "core-image-weston:do_testimage",
"extravars" : [
"TEST_SUITES_append = ' multilib'",
"require conf/multilib.conf",
@@ -565,8 +565,8 @@
"shortname" : "x86-64 lib32 ipk",
"description" : "qemux86-64 64bit image and 32 bit multilibs with ipk",
"PACKAGE_CLASSES" : "package_ipk",
- "BBTARGETS" : "core-image-sato",
- "SANITYTARGETS" : "core-image-sato:do_testimage",
+ "BBTARGETS" : "core-image-weston",
+ "SANITYTARGETS" : "core-image-weston:do_testimage",
"extravars" : [
"TEST_SUITES_append = ' multilib'",
"require conf/multilib.conf",
@@ -581,7 +581,7 @@
"description" : "x86 building 64bit multilib image",
"MACHINE" : "qemux86",
"SDKMACHINE" : "i686",
- "BBTARGETS" : "lib64-core-image-sato lib64-core-image-sato-sdk",
+ "BBTARGETS" : "lib64-core-image-weston lib64-core-image-weston-sdk",
"extravars" : [
"require conf/multilib.conf",
"MULTILIBS = 'multilib:lib64'",
@@ -606,26 +606,26 @@
"pkgman-rpm-non-rpm" : {
"MACHINE" : "qemux86",
"PACKAGE_CLASSES" : "package_rpm",
- "BBTARGETS" : "core-image-sato core-image-sato-sdk core-image-minimal core-image-minimal-dev",
- "SANITYTARGETS" : "core-image-minimal:do_testimage core-image-sato:do_testimage core-image-sato-sdk:do_testimage"
+ "BBTARGETS" : "core-image-weston core-image-weston-sdk core-image-minimal core-image-minimal-dev",
+ "SANITYTARGETS" : "core-image-minimal:do_testimage core-image-weston:do_testimage core-image-weston-sdk:do_testimage"
},
"pkgman-deb-non-deb" : {
"MACHINE" : "qemux86",
"PACKAGE_CLASSES" : "package_deb",
- "BBTARGETS" : "core-image-sato core-image-sato-sdk core-image-minimal core-image-minimal-dev core-image-sato:do_populate_sdk",
- "SANITYTARGETS" : "core-image-minimal:do_testimage core-image-sato:do_testimage core-image-sato-sdk:do_testimage core-image-sato:do_testsdk"
+ "BBTARGETS" : "core-image-weston core-image-weston-sdk core-image-minimal core-image-minimal-dev core-image-weston:do_populate_sdk",
+ "SANITYTARGETS" : "core-image-minimal:do_testimage core-image-weston:do_testimage core-image-weston-sdk:do_testimage core-image-weston:do_testsdk"
},
"pkgman-non-rpm" : {
"MACHINE" : "qemux86",
"step1" : {
"PACKAGE_CLASSES" : "package_ipk",
- "BBTARGETS" : "core-image-sato core-image-sato-sdk core-image-minimal core-image-minimal-dev",
- "SANITYTARGETS" : "core-image-minimal:do_testimage core-image-sato:do_testimage core-image-sato-sdk:do_testimage"
+ "BBTARGETS" : "core-image-weston core-image-weston-sdk core-image-minimal core-image-minimal-dev",
+ "SANITYTARGETS" : "core-image-minimal:do_testimage core-image-weston:do_testimage core-image-weston-sdk:do_testimage"
},
"step2" : {
"PACKAGE_CLASSES" : "package_deb",
- "BBTARGETS" : "core-image-sato core-image-sato-sdk core-image-minimal core-image-minimal-dev",
- "SANITYTARGETS" : "core-image-minimal:do_testimage core-image-sato:do_testimage core-image-sato-sdk:do_testimage"
+ "BBTARGETS" : "core-image-weston core-image-weston-sdk core-image-minimal core-image-minimal-dev",
+ "SANITYTARGETS" : "core-image-minimal:do_testimage core-image-weston:do_testimage core-image-weston-sdk:do_testimage"
}
},
"poky-tiny" : {
@@ -642,41 +642,41 @@
"step1" : {
"MACHINE" : "qemux86",
"shortname" : "qemux86 wic",
- "BBTARGETS" : "wic-tools core-image-sato",
+ "BBTARGETS" : "wic-tools core-image-weston",
"EXTRACMDS" : [
- "wic create directdisk -e core-image-sato -o ${BUILDDIR}/tmp/deploy/wic_images/qemux86/directdisk/core-image-sato/",
- "wic create directdisk-gpt -e core-image-sato -o ${BUILDDIR}/tmp/deploy/wic_images/qemux86/directdisk/core-image-sato/",
- "wic create mkefidisk -e core-image-sato -o ${BUILDDIR}/tmp/deploy/wic_images/qemux86/directdisk/core-image-sato/"
+ "wic create directdisk -e core-image-weston -o ${BUILDDIR}/tmp/deploy/wic_images/qemux86/directdisk/core-image-weston/",
+ "wic create directdisk-gpt -e core-image-weston -o ${BUILDDIR}/tmp/deploy/wic_images/qemux86/directdisk/core-image-weston/",
+ "wic create mkefidisk -e core-image-weston -o ${BUILDDIR}/tmp/deploy/wic_images/qemux86/directdisk/core-image-weston/"
]
},
"step2" : {
"MACHINE" : "genericx86",
"shortname" : "genericx86 wic",
- "BBTARGETS" : "wic-tools core-image-sato",
+ "BBTARGETS" : "wic-tools core-image-weston",
"EXTRACMDS" : [
- "wic create directdisk -e core-image-sato -o ${BUILDDIR}/tmp/deploy/wic_images/genericx86/directdisk/core-image-sato/",
- "wic create directdisk-gpt -e core-image-sato -o ${BUILDDIR}/tmp/deploy/wic_images/genericx86/directdisk/core-image-sato/",
- "wic create mkefidisk -e core-image-sato -o ${BUILDDIR}/tmp/deploy/wic_images/genericx86/directdisk/core-image-sato/"
+ "wic create directdisk -e core-image-weston -o ${BUILDDIR}/tmp/deploy/wic_images/genericx86/directdisk/core-image-weston/",
+ "wic create directdisk-gpt -e core-image-weston -o ${BUILDDIR}/tmp/deploy/wic_images/genericx86/directdisk/core-image-weston/",
+ "wic create mkefidisk -e core-image-weston -o ${BUILDDIR}/tmp/deploy/wic_images/genericx86/directdisk/core-image-weston/"
]
},
"step3" : {
"MACHINE" : "qemux86-64",
"shortname" : "qemux86-64 wic",
- "BBTARGETS" : "wic-tools core-image-sato",
+ "BBTARGETS" : "wic-tools core-image-weston",
"EXTRACMDS" : [
- "wic create directdisk -e core-image-sato -o ${BUILDDIR}/tmp/deploy/wic_images/qemux86-64/directdisk/core-image-sato/",
- "wic create directdisk-gpt -e core-image-sato -o ${BUILDDIR}/tmp/deploy/wic_images/qemux86-64/directdisk/core-image-sato/",
- "wic create mkefidisk -e core-image-sato -o ${BUILDDIR}/tmp/deploy/wic_images/qemux86-64/directdisk/core-image-sato/"
+ "wic create directdisk -e core-image-weston -o ${BUILDDIR}/tmp/deploy/wic_images/qemux86-64/directdisk/core-image-weston/",
+ "wic create directdisk-gpt -e core-image-weston -o ${BUILDDIR}/tmp/deploy/wic_images/qemux86-64/directdisk/core-image-weston/",
+ "wic create mkefidisk -e core-image-weston -o ${BUILDDIR}/tmp/deploy/wic_images/qemux86-64/directdisk/core-image-weston/"
]
},
"step4" : {
"MACHINE" : "genericx86-64",
"shortname" : "genericx86-64 wic",
- "BBTARGETS" : "wic-tools core-image-sato",
+ "BBTARGETS" : "wic-tools core-image-weston",
"EXTRACMDS" : [
- "wic create directdisk -e core-image-sato -o ${BUILDDIR}/tmp/deploy/wic_images/genericx86-64/directdisk/core-image-sato/",
- "wic create directdisk-gpt -e core-image-sato -o ${BUILDDIR}/tmp/deploy/wic_images/genericx86-64/directdisk/core-image-sato/",
- "wic create mkefidisk -e core-image-sato -o ${BUILDDIR}/tmp/deploy/wic_images/genericx86-64/directdisk/core-image-sato/"
+ "wic create directdisk -e core-image-weston -o ${BUILDDIR}/tmp/deploy/wic_images/genericx86-64/directdisk/core-image-weston/",
+ "wic create directdisk-gpt -e core-image-weston -o ${BUILDDIR}/tmp/deploy/wic_images/genericx86-64/directdisk/core-image-weston/",
+ "wic create mkefidisk -e core-image-weston -o ${BUILDDIR}/tmp/deploy/wic_images/genericx86-64/directdisk/core-image-weston/"
]
}
},
@@ -754,8 +754,8 @@
"musl-qemux86" : {
"MACHINE" : "qemux86",
"SDKMACHINE" : "x86_64",
- "BBTARGETS" : "core-image-minimal core-image-full-cmdline core-image-sato-sdk world",
- "SANITYTARGETS" : "core-image-minimal:do_testimage core-image-full-cmdline:do_testimage core-image-sato-sdk:do_testimage",
+ "BBTARGETS" : "core-image-minimal core-image-full-cmdline core-image-weston-sdk world",
+ "SANITYTARGETS" : "core-image-minimal:do_testimage core-image-full-cmdline:do_testimage core-image-weston-sdk:do_testimage",
"extravars" : [
"TCLIBC = 'musl'"
]
@@ -764,8 +764,8 @@
"MACHINE" : "qemux86-64",
"SDKMACHINE" : "x86_64",
"BUILDINFO" : true,
- "BBTARGETS" : "core-image-minimal core-image-full-cmdline core-image-sato-sdk world",
- "SANITYTARGETS" : "core-image-minimal:do_testimage core-image-full-cmdline:do_testimage core-image-sato-sdk:do_testimage",
+ "BBTARGETS" : "core-image-minimal core-image-full-cmdline core-image-weston-sdk world",
+ "SANITYTARGETS" : "core-image-minimal:do_testimage core-image-full-cmdline:do_testimage core-image-weston-sdk:do_testimage",
"extravars" : [
"TCLIBC = 'musl'"
]
@@ -916,18 +916,18 @@
"step4" : {
"shortname" : "Prep locked-sigs test",
"SDKMACHINE" : "x86_64",
- "BBTARGETS" : "core-image-sato core-image-sato:do_populate_sdk_ext"
+ "BBTARGETS" : "core-image-weston core-image-weston:do_populate_sdk_ext"
},
"step5" : {
"shortname" : "Prep #2 locked-sigs test",
"SDKMACHINE" : "x86_64",
- "BBTARGETS" : "core-image-sato -S none",
+ "BBTARGETS" : "core-image-weston -S none",
"EXTRACMDS" : ["${SCRIPTSDIR}/../janitor/clobberdir ${BUILDDIR}/../build/tmp"]
},
"step6" : {
"shortname" : "Test locked-sigs image",
"SDKMACHINE" : "x86_64",
- "BBTARGETS" : "core-image-sato",
+ "BBTARGETS" : "core-image-weston",
"extravars" : [
"TMPDIR = '${TOPDIR}/newtmp'",
"require ../locked-sigs.inc"
@@ -936,7 +936,7 @@
"step7" : {
"shortname" : "Test locked-sigs eSDK",
"SDKMACHINE" : "x86_64",
- "BBTARGETS" : "core-image-sato:do_populate_sdk_ext",
+ "BBTARGETS" : "core-image-weston:do_populate_sdk_ext",
"extravars" : [
"TMPDIR = '${TOPDIR}/sdktmp'"
]
@@ -946,16 +946,16 @@
"MACHINE" : "qemux86-64",
"step1" : {
"shortname" : "Test logrotate",
- "BBTARGETS" : "core-image-sato",
- "SANITYTARGETS" : "core-image-sato:do_testimage",
+ "BBTARGETS" : "core-image-weston",
+ "SANITYTARGETS" : "core-image-weston:do_testimage",
"extravars" : [
"IMAGE_INSTALL_append = ' logrotate'",
"TEST_SUITES_append = ' logrotate'"
]
},
"step2" : {
- "BBTARGETS" : "core-image-sato",
- "SANITYTARGETS" : "core-image-sato:do_testimage",
+ "BBTARGETS" : "core-image-weston",
+ "SANITYTARGETS" : "core-image-weston:do_testimage",
"extravars" : [
"DISTRO_FEATURES_append = ' pam'",
"TEST_SUITES_append = ' pam'"
@@ -963,8 +963,8 @@
},
"step3" : {
"shortname" : "Test skeletoninit",
- "BBTARGETS" : "core-image-sato",
- "SANITYTARGETS" : "core-image-sato:do_testimage",
+ "BBTARGETS" : "core-image-weston",
+ "SANITYTARGETS" : "core-image-weston:do_testimage",
"extravars" : [
"IMAGE_INSTALL_append = ' service hello-mod'",
"TEST_SUITES_append = ' skeletoninit'"
@@ -973,8 +973,8 @@
},
"step4" : {
"shortname" : "Systemd with sysvinit compat",
- "BBTARGETS" : "core-image-sato",
- "SANITYTARGETS" : "core-image-sato:do_testimage",
+ "BBTARGETS" : "core-image-weston",
+ "SANITYTARGETS" : "core-image-weston:do_testimage",
"extravars" : [
"DISTRO_FEATURES_append = ' systemd'",
"VIRTUAL-RUNTIME_init_manager = 'systemd'",
@@ -983,8 +983,8 @@
},
"step5" : {
"shortname" : "Sysvinit with systemd",
- "BBTARGETS" : "core-image-sato",
- "SANITYTARGETS" : "core-image-sato:do_testimage",
+ "BBTARGETS" : "core-image-weston",
+ "SANITYTARGETS" : "core-image-weston:do_testimage",
"extravars" : [
"DISTRO_FEATURES_append = ' systemd'",
"VIRTUAL-RUNTIME_init_manager = 'sysvinit'"
@@ -992,8 +992,8 @@
},
"step6" : {
"shortname" : "Systemd",
- "BBTARGETS" : "core-image-sato",
- "SANITYTARGETS" : "core-image-sato:do_testimage",
+ "BBTARGETS" : "core-image-weston",
+ "SANITYTARGETS" : "core-image-weston:do_testimage",
"extravars" : [
"TEST_SUITES_append = ' systemd'",
"DISTRO_FEATURES_append = ' systemd'",
@@ -1003,8 +1003,8 @@
},
"step7" : {
"shortname" : "Mesa gallium-llvm",
- "BBTARGETS" : "core-image-sato",
- "SANITYTARGETS" : "core-image-sato:do_testimage",
+ "BBTARGETS" : "core-image-weston",
+ "SANITYTARGETS" : "core-image-weston:do_testimage",
"extravars" : [
"PACKAGECONFIG_append_x86-64_pn-mesa = ' gallium-llvm gallium r600'"
]
--
2.30.2

Signed-off-by: Alexander Kanavin <alex.kanavin@...>
---
config.json | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/config.json b/config.json
index 8d8d1bf..a1893db 100644
--- a/config.json
+++ b/config.json
@@ -92,16 +92,16 @@
},
"ptest-qemu" : {
"BUILDINFO" : true,
- "BBTARGETS" : "core-image-sato-ptest",
- "SANITYTARGETS" : "core-image-sato-ptest:do_testimage",
+ "BBTARGETS" : "core-image-weston-ptest-all",
+ "SANITYTARGETS" : "core-image-weston-ptest-all:do_testimage",
"extravars" : [
"TEST_SUITES = 'ping ssh ptest'"
]
},
"ptest-qemu-fast" : {
"BUILDINFO" : true,
- "BBTARGETS" : "core-image-sato-ptest-fast",
- "SANITYTARGETS" : "core-image-sato-ptest-fast:do_testimage",
+ "BBTARGETS" : "core-image-weston-ptest-fast",
+ "SANITYTARGETS" : "core-image-weston-ptest-fast:do_testimage",
"extravars" : [
"TEST_SUITES = 'ping ssh ptest'"
]
@@ -121,7 +121,7 @@
"arch-hw" : {
"BUILDINFO" : true,
"step1" : {
- "BBTARGETS" : "core-image-sato core-image-sato-sdk core-image-minimal core-image-minimal-dev core-image-sato-ptest core-image-sato:do_populate_sdk",
+ "BBTARGETS" : "core-image-sato core-image-sato-sdk core-image-minimal core-image-minimal-dev core-image-weston-ptest-all core-image-sato:do_populate_sdk",
"SANITYTARGETS" : "core-image-sato:do_testsdk"
}
},
@@ -341,7 +341,7 @@
},
"step2" : {
"MACHINE" : "qemux86-64",
- "BBTARGETS" : "core-image-sato core-image-sato-sdk core-image-minimal core-image-minimal-dev core-image-sato-sdk-ptest core-image-sato:do_populate_sdk",
+ "BBTARGETS" : "core-image-sato core-image-sato-sdk core-image-minimal core-image-minimal-dev core-image-weston-ptest-all core-image-sato:do_populate_sdk",
"SANITYTARGETS" : "core-image-sato:do_testsdk"

},
--
2.30.2

From: Yann Dirson <yann@...>

Changes from v2:
 - turn the DISTRO_FEATURE idea into separate RFC patches so as to allow
   merging of basic support
 - remove optee-os patch that proved unnecessary

Changes from v1:
 - fix last-minute typo in TFA_SPD setting, which led to optee not being started
 - use PACKAGECONFIG[optee] to simplify recipes as suggested on meta-arm ml

Yann Dirson (7):
  trusted-firmware-a: include optee support when requested by
    DISTRO_FEATURE
  u-boot: include optee-os as BL32 when requested by DISTRO_FEATURE
  optee-os: enable rk3399 support, including serial console support
  RFC optee: new "optee" DISTRO_FEATURE to enable optee-os integration
  RFC: optee: only enable the recipes when "optee" is included in
    DISTRO_FEATURES
  WIP nanopi-m4: declare OP-TEE presence in devicetree
  WIP kernel config feature for OP-TEE activation

In general, it seems like a lot of these changes should be in the upstream recipes, not the meta-rockchip bbappends.

Also, the things that do belong in this layer need proper variable overrides to keep the layer (mostly) Yocto project compliant.

 conf/machine/include/rk3399.inc               |  2 +
 .../trusted-firmware-a_%.bbappend             | 14 +++++
 recipes-bsp/u-boot/u-boot%.bbappend           |  9 ++++
 .../0001-nanopi-declare-optee-presence.patch  | 30 +++++++++++
 recipes-kernel/linux/files/bsp/tee.cfg        |  2 +
 recipes-kernel/linux/linux-yocto%.bbappend    |  1 +
 ...399-enable-serial-console-by-default.patch | 52 +++++++++++++++++++
 recipes-security/optee/optee%.bbappend        |  4 ++
 recipes-security/optee/optee-os_%.bbappend    |  8 +++
 9 files changed, 122 insertions(+)
 create mode 100644 recipes-kernel/linux/files/0001-nanopi-declare-optee-presence.patch
 create mode 100644 recipes-kernel/linux/files/bsp/tee.cfg
 create mode 100644 recipes-security/optee/files/0001-rk3399-enable-serial-console-by-default.patch
 create mode 100644 recipes-security/optee/optee%.bbappend
 create mode 100644 recipes-security/optee/optee-os_%.bbappend

From: Yann Dirson <yann@...>

FIXME:
- provide an .scc with proper information
- maybe bundle with dts overlay
- select a more suitable path in config namespace
---
recipes-kernel/linux/files/bsp/tee.cfg | 2 ++
1 file changed, 2 insertions(+)
create mode 100644 recipes-kernel/linux/files/bsp/tee.cfg

diff --git a/recipes-kernel/linux/files/bsp/tee.cfg b/recipes-kernel/linu=
x/files/bsp/tee.cfg
new file mode 100644
index 0000000..82213a5
--- /dev/null
+++ b/recipes-kernel/linux/files/bsp/tee.cfg
@@ -0,0 +1,2 @@
+CONFIG_TEE=3Dm
+CONFIG_OPTEE=3Dm
--=20
2.30.2

From: Yann Dirson <yann@...>

FIXME:

- this is not specific to the board, and would indeed apply to any SoC
supported by OP-TEE.
- should rather be selected by "optee" in DISTRO_FEATURES, maybe using
a dts overlay
---
.../0001-nanopi-declare-optee-presence.patch | 30 +++++++++++++++++++
recipes-kernel/linux/linux-yocto%.bbappend | 1 +
2 files changed, 31 insertions(+)
create mode 100644 recipes-kernel/linux/files/0001-nanopi-declare-optee-=
presence.patch

diff --git a/recipes-kernel/linux/files/0001-nanopi-declare-optee-presenc=
e.patch b/recipes-kernel/linux/files/0001-nanopi-declare-optee-presence.p=
atch
new file mode 100644
index 0000000..aede781
--- /dev/null
+++ b/recipes-kernel/linux/files/0001-nanopi-declare-optee-presence.patch
@@ -0,0 +1,30 @@
+From 30cb714e717990276a5fabc50dc616c83b223ee7 Mon Sep 17 00:00:00 2001
+From: Yann Dirson <yann@...>
+Date: Mon, 12 Apr 2021 15:50:26 +0200
+Subject: [PATCH] nanopi: declare optee presence
+
+---
+ arch/arm64/boot/dts/rockchip/rk3399-nanopi-m4.dts | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/arch/arm64/boot/dts/rockchip/rk3399-nanopi-m4.dts b/arch/ar=
m64/boot/dts/rockchip/rk3399-nanopi-m4.dts
+index 60358ab8c7df..ef11639b03f6 100644
+--- a/arch/arm64/boot/dts/rockchip/rk3399-nanopi-m4.dts
++++ b/arch/arm64/boot/dts/rockchip/rk3399-nanopi-m4.dts
+@@ -16,6 +16,13 @@ / {
+ model =3D "FriendlyElec NanoPi M4";
+ compatible =3D "friendlyarm,nanopi-m4", "rockchip,rk3399";
+=20
++ firmware {
++ optee {
++ compatible =3D "linaro,optee-tz";
++ method =3D "smc";
++ };
++ };
++
+ vdd_5v: vdd-5v {
+ compatible =3D "regulator-fixed";
+ regulator-name =3D "vdd_5v";
+--=20
+2.30.2
+
diff --git a/recipes-kernel/linux/linux-yocto%.bbappend b/recipes-kernel/=
linux/linux-yocto%.bbappend
index 9658681..97b3238 100644
--- a/recipes-kernel/linux/linux-yocto%.bbappend
+++ b/recipes-kernel/linux/linux-yocto%.bbappend
@@ -2,6 +2,7 @@ FILESEXTRAPATHS_prepend :=3D "${THISDIR}/files:"
=20
SRC_URI_append =3D "\
file://bsp;type=3Dkmeta;subdir=3Dkernel-meta \
+ file://0001-nanopi-declare-optee-presence.patch \
"
=20
COMPATIBLE_MACHINE_marsboard-rk3066 =3D "marsboard-rk3066"
--=20
2.30.2

From: Yann Dirson <yann@...>

This is meant as a safeguard against having optee-os included without the
required support in u-boot and trusted-firmware-a.

Signed-off-by: Yann Dirson <yann@...>
---
recipes-security/optee/optee%.bbappend | 3 +++
1 file changed, 3 insertions(+)

diff --git a/recipes-security/optee/optee%.bbappend b/recipes-security/op=
tee/optee%.bbappend
index 9a156bb..ec11863 100644
--- a/recipes-security/optee/optee%.bbappend
+++ b/recipes-security/optee/optee%.bbappend
@@ -1 +1,4 @@
COMPATIBLE_MACHINE_rk3399 ?=3D "rk3399"
+
+inherit features_check
+REQUIRED_DISTRO_FEATURES =3D "optee"
--=20
2.30.2

From: Yann Dirson <yann@...>

This sets up a central switch for OP-TEE operation, activating support
in all dependent recipes at the same time:

- u-boot
- trusted-firmware-a
- kernel (not part of this patch, has to be implemented separately)

Signed-off-by: Yann Dirson <yann@...>
---
recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend | 1 +
recipes-bsp/u-boot/u-boot%.bbappend | 1 +
2 files changed, 2 insertions(+)

diff --git a/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend=
b/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend
index 638d53f..9887b6e 100644
--- a/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend
+++ b/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend
@@ -20,5 +20,6 @@ OPTEE_OEMAKE ?=3D " \
=20
EXTRA_OEMAKE_append =3D " ${PACKAGECONFIG_CONFARGS}"
PACKAGECONFIG[optee] =3D "${OPTEE_OEMAKE},,optee-os"
+PACKAGECONFIG_append =3D " ${@bb.utils.filter('DISTRO_FEATURES', 'optee'=
, d)}"
=20
TFA_SPD =3D "${@bb.utils.contains('PACKAGECONFIG', 'optee', 'opteed', ''=
, d)}"
diff --git a/recipes-bsp/u-boot/u-boot%.bbappend b/recipes-bsp/u-boot/u-b=
oot%.bbappend
index 767df5f..d947815 100644
--- a/recipes-bsp/u-boot/u-boot%.bbappend
+++ b/recipes-bsp/u-boot/u-boot%.bbappend
@@ -22,3 +22,4 @@ OPTEE_OEMAKE ?=3D " TEE=3D${DEPLOY_DIR_IMAGE}/optee/tee=
.elf"
=20
EXTRA_OEMAKE_append =3D " ${PACKAGECONFIG_CONFARGS}"
PACKAGECONFIG[optee] =3D "${OPTEE_OEMAKE},,optee-os"
+PACKAGECONFIG_append =3D " ${@bb.utils.filter('DISTRO_FEATURES', 'optee'=
, d)}"
--=20
2.30.2

From: Yann Dirson <yann@...>

As discussed in https://github.com/OP-TEE/optee_os/issues/4542, ASLR
support currently has to be disabled for OP-TEE to boot.

Signed-off-by: Yann Dirson <yann@...>
---
conf/machine/include/rk3399.inc | 2 +
...399-enable-serial-console-by-default.patch | 52 +++++++++++++++++++
recipes-security/optee/optee%.bbappend | 1 +
recipes-security/optee/optee-os_%.bbappend | 8 +++
4 files changed, 63 insertions(+)
create mode 100644 recipes-security/optee/files/0001-rk3399-enable-seria=
l-console-by-default.patch
create mode 100644 recipes-security/optee/optee%.bbappend
create mode 100644 recipes-security/optee/optee-os_%.bbappend

diff --git a/conf/machine/include/rk3399.inc b/conf/machine/include/rk339=
9.inc
index f6b7826..9ac434e 100644
--- a/conf/machine/include/rk3399.inc
+++ b/conf/machine/include/rk3399.inc
@@ -13,6 +13,8 @@ KBUILD_DEFCONFIG ?=3D "defconfig"
KERNEL_CLASSES =3D "kernel-fitimage"
KERNEL_IMAGETYPE =3D "fitImage"
=20
+OPTEEMACHINE =3D "rockchip-rk3399"
+
TFA_PLATFORM =3D "rk3399"
TFA_BUILD_TARGET =3D "bl31"
=20
diff --git a/recipes-security/optee/files/0001-rk3399-enable-serial-conso=
le-by-default.patch b/recipes-security/optee/files/0001-rk3399-enable-ser=
ial-console-by-default.patch
new file mode 100644
index 0000000..c09cfae
--- /dev/null
+++ b/recipes-security/optee/files/0001-rk3399-enable-serial-console-by-d=
efault.patch
@@ -0,0 +1,52 @@
+From 96a614759ff5572b16929379d72376fa6c805a37 Mon Sep 17 00:00:00 2001
+From: Yann Dirson <yann@...>
+Date: Mon, 12 Apr 2021 10:49:18 +0200
+Subject: [PATCH] rk3399: enable serial console by default
+Upstream-Status: Backport
+
+The definition is the same as for rk322x.
+
+Signed-off-by: Yann Dirson <yann@...>
+Acked-by: Jerome Forissier <jerome@...>
+---
+ core/arch/arm/plat-rockchip/conf.mk | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/core/arch/arm/plat-rockchip/conf.mk b/core/arch/arm/plat-ro=
ckchip/conf.mk
+index f6eef865..f180d63a 100644
+--- a/core/arch/arm/plat-rockchip/conf.mk
++++ b/core/arch/arm/plat-rockchip/conf.mk
+@@ -26,8 +26,6 @@ CFG_EARLY_CONSOLE_BAUDRATE ?=3D 1500000
+ CFG_EARLY_CONSOLE_CLK_IN_HZ ?=3D 24000000
+ endif
+=20
+-CFG_EARLY_CONSOLE ?=3D n
+-
+ ifeq ($(PLATFORM_FLAVOR),rk3399)
+ include core/arch/arm/cpu/cortex-armv8-0.mk
+ $(call force,CFG_TEE_CORE_NB_CORE,6)
+@@ -37,6 +35,12 @@ CFG_TZDRAM_START ?=3D 0x30000000
+ CFG_TZDRAM_SIZE ?=3D 0x02000000
+ CFG_SHMEM_START ?=3D 0x32000000
+ CFG_SHMEM_SIZE ?=3D 0x00400000
++
++CFG_EARLY_CONSOLE ?=3D y
++CFG_EARLY_CONSOLE_BASE ?=3D UART2_BASE
++CFG_EARLY_CONSOLE_SIZE ?=3D UART2_SIZE
++CFG_EARLY_CONSOLE_BAUDRATE ?=3D 1500000
++CFG_EARLY_CONSOLE_CLK_IN_HZ ?=3D 24000000
+ endif
+=20
+ ifeq ($(PLATFORM_FLAVOR),px30)
+@@ -47,6 +51,8 @@ CFG_TZDRAM_START ?=3D 0x30000000
+ CFG_TZDRAM_SIZE ?=3D 0x02000000
+ CFG_SHMEM_START ?=3D 0x32000000
+ CFG_SHMEM_SIZE ?=3D 0x00400000
++
++CFG_EARLY_CONSOLE ?=3D n
+ endif
+=20
+ ifeq ($(platform-flavor-armv8),1)
+--=20
+2.30.2
+
diff --git a/recipes-security/optee/optee%.bbappend b/recipes-security/op=
tee/optee%.bbappend
new file mode 100644
index 0000000..9a156bb
--- /dev/null
+++ b/recipes-security/optee/optee%.bbappend
@@ -0,0 +1 @@
+COMPATIBLE_MACHINE_rk3399 ?=3D "rk3399"
diff --git a/recipes-security/optee/optee-os_%.bbappend b/recipes-securit=
y/optee/optee-os_%.bbappend
new file mode 100644
index 0000000..a1b0c4f
--- /dev/null
+++ b/recipes-security/optee/optee-os_%.bbappend
@@ -0,0 +1,8 @@
+EXTRA_OEMAKE_append_rk3399 =3D " \
+ CFG_CORE_ASLR=3Dn \
+"
+
+FILESEXTRAPATHS_prepend :=3D "${THISDIR}/files:"
+SRC_URI +=3D "\
+ file://0001-rk3399-enable-serial-console-by-default.patch \
+"
--=20
2.30.2

From: Yann Dirson <yann@...>

This causes OP-TEE to get included into the u-boot.itb fitImage so u-boot
can load it for the trusted-firmware-a BL31 to run it.

This has to be enabled through PACKAGECONFIG +=3D "optee".

Signed-off-by: Yann Dirson <yann@...>
---
recipes-bsp/u-boot/u-boot%.bbappend | 8 ++++++++
1 file changed, 8 insertions(+)

diff --git a/recipes-bsp/u-boot/u-boot%.bbappend b/recipes-bsp/u-boot/u-b=
oot%.bbappend
index 95c019d..767df5f 100644
--- a/recipes-bsp/u-boot/u-boot%.bbappend
+++ b/recipes-bsp/u-boot/u-boot%.bbappend
@@ -5,6 +5,8 @@ do_compile_append_rock2-square () {
fi
}
=20
+# TF-A, when supported
+
ATF_DEPENDS ??=3D ""
=20
EXTRA_OEMAKE_append_rk3399 =3D " BL31=3D${DEPLOY_DIR_IMAGE}/bl31-rk3399.=
elf"
@@ -14,3 +16,9 @@ ATF_DEPENDS_rk3328 =3D " virtual/trusted-firmware-a:do_=
deploy"
=20
do_compile[depends] .=3D "${ATF_DEPENDS}"
=20
+# OP-TEE, dependent on "optee" DISTRO_FEATURES
+
+OPTEE_OEMAKE ?=3D " TEE=3D${DEPLOY_DIR_IMAGE}/optee/tee.elf"
+
+EXTRA_OEMAKE_append =3D " ${PACKAGECONFIG_CONFARGS}"
+PACKAGECONFIG[optee] =3D "${OPTEE_OEMAKE},,optee-os"
--=20
2.30.2

From: Yann Dirson <yann@...>

Changes from v2:
- turn the DISTRO_FEATURE idea into separate RFC patches so as to allow
merging of basic support
- remove optee-os patch that proved unnecessary

Changes from v1:
- fix last-minute typo in TFA_SPD setting, which led to optee not being =
started
- use PACKAGECONFIG[optee] to simplify recipes as suggested on meta-arm =
ml

Yann Dirson (7):
trusted-firmware-a: include optee support when requested by
DISTRO_FEATURE
u-boot: include optee-os as BL32 when requested by DISTRO_FEATURE
optee-os: enable rk3399 support, including serial console support
RFC optee: new "optee" DISTRO_FEATURE to enable optee-os integration
RFC: optee: only enable the recipes when "optee" is included in
DISTRO_FEATURES
WIP nanopi-m4: declare OP-TEE presence in devicetree
WIP kernel config feature for OP-TEE activation

conf/machine/include/rk3399.inc | 2 +
.../trusted-firmware-a_%.bbappend | 14 +++++
recipes-bsp/u-boot/u-boot%.bbappend | 9 ++++
.../0001-nanopi-declare-optee-presence.patch | 30 +++++++++++
recipes-kernel/linux/files/bsp/tee.cfg | 2 +
recipes-kernel/linux/linux-yocto%.bbappend | 1 +
...399-enable-serial-console-by-default.patch | 52 +++++++++++++++++++
recipes-security/optee/optee%.bbappend | 4 ++
recipes-security/optee/optee-os_%.bbappend | 8 +++
9 files changed, 122 insertions(+)
create mode 100644 recipes-kernel/linux/files/0001-nanopi-declare-optee-=
presence.patch
create mode 100644 recipes-kernel/linux/files/bsp/tee.cfg
create mode 100644 recipes-security/optee/files/0001-rk3399-enable-seria=
l-console-by-default.patch
create mode 100644 recipes-security/optee/optee%.bbappend
create mode 100644 recipes-security/optee/optee-os_%.bbappend

--=20
2.30.2

From: Yann Dirson <yann@...>

This instructs TF-A to:

- load OP-TEE OS as BL32, but still relies on the actual image to be
provided through other means, eg. in u-boot.itb
- run opteed as Secure Payload Dispatcher

This has to be enabled through PACKAGECONFIG +=3D "optee".

Signed-off-by: Yann Dirson <yann@...>
---
.../trusted-firmware-a_%.bbappend | 13 +++++++++++++
1 file changed, 13 insertions(+)

diff --git a/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend=
b/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend
index 1942c17..638d53f 100644
--- a/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend
+++ b/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend
@@ -9,3 +9,16 @@ FILESEXTRAPATHS_prepend :=3D "${THISDIR}/files:"
SRC_URI +=3D "\
file://serial-console-baudrate.patch \
"
+
+# OP-TEE, dependent on "optee" DISTRO_FEATURES
+
+OPTEE_OEMAKE ?=3D " \
+ BL32=3D${STAGING_DIR_TARGET}${nonarch_base_libdir}/firmware/tee-head=
er_v2.bin \
+ BL32_EXTRA1=3D${STAGING_DIR_TARGET}${nonarch_base_libdir}/firmware/t=
ee-pager_v2.bin \
+ BL32_EXTRA2=3D${STAGING_DIR_TARGET}${nonarch_base_libdir}/firmware/t=
ee-pageable_v2.bin \
+ "
+
+EXTRA_OEMAKE_append =3D " ${PACKAGECONFIG_CONFARGS}"
+PACKAGECONFIG[optee] =3D "${OPTEE_OEMAKE},,optee-os"
+
+TFA_SPD =3D "${@bb.utils.contains('PACKAGECONFIG', 'optee', 'opteed', ''=
, d)}"
--=20
2.30.2