Do the changes necessary to get qemuarm64-secureboot to work with edk2
firmware, and add it to CI. The CI changes needed to make it dynamic
based on edk2.yml or u-boot.yml required moving the relevant parts into
inc files.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Enable execution of the tpm2-tools self-test against the Trusted
Services fTPM SP. The test is integrated into OEQA but is disabled by
default due to its long execution time (over three hours on fvp-base)
and inconsistent results. While individual tests pass when run in
isolation, running the full suite results in failures. Despite this,
it remains the most comprehensive verification currently available.
Testing can be enabled by setting the RUN_TPM2_TESTS variable.
Signed-off-by: Gabor Toth <gabor.toth2@arm.com>
Signed-off-by: Gyorgy Szing <gyorgy.szint@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add a CI test for the LTS versions of recipes currently supported.
Use fvp-base, since that provides good coverage and is being used for
the latest version testing.
Signed-off-by: Jon Mason <jon.mason@arm.com>
A recent change to image dependencies in oe-core master[1] means that
TESTIMAGE_AUTO tries to test more images than before.
Explicitly reset TESTIMAGE_AUTO for core-image-initramfs-boot so that it
doesn't try to testimage an initramfs.
[1] oe-core b75c21fb950 ("image_types_wic.bbclass: add depend on initramfs")
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
We currently don't have coverage for trusted-firmware-m 2.1.x, which is
the LTS. Since musca-b1 and musca-s1 are essentially the same, use b1
for the LTS coverage.
Signed-off-by: Jon Mason <jon.mason@arm.com>
For some reason, sgi575 won't boot to shell with
core-image-full-cmdline, but it will with other images. Since we're
going to drop this machine soon (as it has been EOL'ed), modify the
image type for CI to core-image-base (As that one appears to boot
faster).
Signed-off-by: Jon Mason <jon.mason@arm.com>
meta-arm-systemready was intended to allow people writing BSPs to run
the SystemReady Architecture Compliance Suite[1] within the Yocto build
environment. However, whilst this seems like a good idea, there are
several problems:
- This layer only supports the IR band and v2 of the ACS. The ACS is now
at v3 and the bands altered, so there is no value in running obsolete
tests.
- Execution of the tests takes a long time, we have integration to run
the tests on a virtual fvp-base machine but execution takes many tens
of hours (our CI times out after 12, on a high-performance worker).
Running the tests in CI, and in particular inside BitBake, isn't
obviously the right thing to do.
- Execution on the tests on real hardware is not trivial, as testimage
has virtual targets as a primary usecase. It is unclear if anyone has
managed to use this layer on physical hardware.
Because of these issues, remove the layer. There are better integration
points for automated ACS testing, and this integration is obsolete.
[1] https://github.com/ARM-software/arm-systemready
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The downloads page for FVPs is broken down into sub-pages for each
"Ecosystem". Organize this file to match that. Also, rename fvp-v3-r1
to "rd" to make more obvious what this refers to.
Signed-off-by: Jon Mason <jon.mason@arm.com>
The corstone1000-a320 FVP is a unique download and should be treated as
such in our CI. Split the relevant parts off, add it to the fvps.yml
file, workaround the staticdev and useless-rpath errors that were
present in the FVP tarball, and the correct depends in the machine
config file.
Also, add this machine to the CI so that any issues can be found with
this unique configuration.
Signed-off-by: Jon Mason <jon.mason@arm.com>
The kernel upgrades are now in oe-core, so we can drop this workaround.
This reverts commit 341a0fd976.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
In master, xen images fail to build as the xt-masquerade module is not
built by the kernel. This has been fixed in the linux-yocto 6.18.3
upgrade but that is not yet merged.
Until it is merged, we can temporarily update the kmeta in our CI.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add git recipe versions that track the latest git versions of u-boot and
the various OP-TEE recipes. This, in combination with the previously
existing trusted firmware a and m recipes, allows for using the latest
code in platform development and testing (as part of CI).
For CI usage, a KAS yml file has been created to allow for those recipes
to be used, and an entry for fvp-base has been added to the gitlab CI
yml file.
NOTE: the wildcard for corstone1000 u-boot PREFERRED_VERSION was causing
it to pick-up the newest version (and failing to apply the patches).
The wildcard is unnecessary, since it is using a layer supplied package.
So, remove it and everyone is happy.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Now that clang is in core, we don't need to use meta-clang anymore.
Also, use PREFERRED_TOOLCHAIN_TARGET to specify the toolchain to use.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Moving forwards, it's expected that the poky repository will no longer be
updated as the integration of bitbake-setup means that users are
encouraged to use bitbake+oe-core separately instead.
We also need to fetch meta-yocto as our CI is currently explicitly based
on the poky distribution.
This is effectively a no-op change, as poky is simply these component
repositories glued into a single repository for convenience.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
oe-selftest is now logging having rm_work enabled as an error, which is
causing the test to fail. Remove this from the selftest.yml file, and
everything works as before.
Signed-off-by: Jon Mason <jon.mason@arm.com>
The oe-core perf recipe will now enable coresight support automatically
if the coresight MACHINE_FEATURE is set[1], so we can remove the manual
configuration in our CI and let the machines enable it where appropriate.
[1] oe-core c455bd03910 ("perf: enable coresight if enabled in MACHINE_FEATURES")
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Originally we customised the CI build for speed, by switching to ipkg
instead of rpm for the packages and disabling graphical output support
in qemu-system-native.
These are admirable goals, but more admirable is sharing sstate and
people may wish to use the output of this CI without having to make the
same alterations.
Drop these two changes so that our configuration matches poky. I've
verified that with this change, a build of core-image-sato for qemuarm64
can be built almost entirely from the autobuilder's sstate[1].
[1] gator-daemon, opencsd, and perf are built as these are not built on
the AB in this configuration.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
testimage.yml was skipping the opkg tests, but we also need to skip the
dnf tests for when PACKAGE_CLASSES="package_rpm".
These skips are FVP-specific as they are due to the wrong IP being used
by the test suite. This should be fixed in the FVP test harness, but
for now move the exclusions into fvp.yml so they're isolated.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The caller should (and does) use ci/testimage.yml explicitly instead.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The test cases for fvp-base will not fully run because the trusted
servies ones are the only ones (instead of being appended to the list).
Correcting this issue so that all the tests can be run.
Signed-off-by: Jon Mason <jon.mason@arm.com>
The Yocto project changed the server name for sstate, though the
previous one does still appear to work. Update here to the one matching
the YP documentation.
Signed-off-by: Jon Mason <jon.mason@arm.com>
This switches CI back to using the master branches.
Currently there are two known failures:
- sbsa-ref
- perf on musl
This reverts commit e0c1f0f94a.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The logging service provides an SPMC agonistic to create log messages.
The current version will simply dump the incoming log messages to a
setial line. Future versions could provide access to log messages from
the NWd, could encrypt the essages and perform more efficient when
logging large messages.
This change enables the logging SP on the fvp_base platform. All log
messages made by SPs after the boot phase will be sent to UART3.
Signed-off-by: Gyorgy Szing <gyorgy.szing@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Bound Authenticated Variable configuration related settings to yocto
variables. The aim is easier configuration by hiding SmmGW build system
internals at the yocto recipe level.
For details please see documentation/trusted-services.md
Signed-off-by: Gyorgy Szing <gyorgy.szing@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Seeing the warning:
lack of whitespace around the assignment: 'TS_ENV="sp"'
Add the spaces to address the issue
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add FVP support to sgi575 and run a boot test as part of CI. Networking
is not currently working and seems to require an older version of edk2
to boot the kernel. Also, the unique files for grub and wks do not seem
to be necessary.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Instead of assuming that the repository was created with the latest URL,
fetch the repository explicitly when fetching.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Integrating the binary Arm GCC toolchain into OE is quite complicated
because the binary release and oe-core's toolchain are arranged slightly
differently, which makes it quite fragile.
As it's obviously a binary release we cannot patch it to fix issues.
Also it has some fairly sizable limitations: for example the kernel
headers are old (from linux 4.19) and the locale packaging is different
so locale package dependencies don't work.
The main historic users of the external toolchain no longer use it, so
remove it. The recipes will remain in the LTS branches for users who
are using it currently, but will not be part of the next release.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Acked-by: Romain Naour <romain.naour@smile.fr>
Acked-by: Sumit Garg <sumit.garg@linaro.org>
Acked-by: Denys Dmytriyenko <denys@konsulko.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Unified Kernel Image includes kernel and initrd which
both are signed with UEFI secure boot. This brings secure
boot closer to userspace.
Use core-image-initramfs-boot to find the real
rootfs and boot systemd init there. No need to hard code
rootfs via qemuboot/runqemu variables.
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Setting INIT_MANAGER to "systemd" already sets needed
feature flags. Appending to them only causes sstate
cache invalidation and recompilations.
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
xen-image-minimal now requires systemd. Add poky-altcfg (which has
systemd amongst other things) as an includes in the xen.yml file to work
around this. Also, xen requires openssh instead of dropbear. So,
override that entry.
Signed-off-by: Jon Mason <jon.mason@arm.com>
UEFI capsule update is a mechanism that allows firmware updates to be
delivered and applied in a standardized way. It is part of the UEFI
specification and provides a way to update system firmware components
like the BIOS, UEFI drivers, or other platform firmware.
Signed-off-by: Javier Tia <javier.tia@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Enable network boot via HTTP protocol. Many embedded and server-class
systems use network boot for booting. Enabling network boot on devices
allows:
- Shipping devices without OS images. When we power up the device, the
firmware can connect to the Internet and download and install suitable
boot images for this specific device. Administrators can centrally
manage the boot images and configuration files on a network server.
This centralization streamlines the management of boot options and
ensures consistency across all devices.
- This is particularly useful in enterprise environments. On mass
deployments, there is a need to install the operating system on
multiple devices simultaneously.
- Ability to maintain a completely diskless system if needed
The plain HTTP protocol lacks encryption. It's intended to be used on
local networks. Secure http protocol support is under review.
Signed-off-by: Javier Tia <javier.tia@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Encapsulate all UEFI Secure Boot required settings in one Kas
configuration file.
Introduce SBSIGN_KEYS_DIR variable where UEFI keys will be generated
to sign UEFI binaries.
Introduce uefi-secureboot machine feature, which is being used to
conditionally set the proper UEFI settings in recipes.
Replace Grub bootloader with systemd-boot, which it makes easier to
enable Secure Boot.
Advantages using systemd as Init Manager:
- Extending secure boot to userspace is a lot easier with systemd than
with sysvinit where custom scripts will need to be written for all use
cases.
- systemd supports dm-verity and TPM devices for encryption usecases out
of the box. Enabling them is a lot easier than writing custom scripts
for sysvinit.
- systemd also supports EUFI signing the UKI binaries which merge kernel,
command line and initrd which helps in bringing secure boot towards
rootfs.
- systemd offers a modular structure with unit files that are more
predictable and easier to manage than the complex and varied scripts
used by SysVinit. This modularity allows for better control and
customization of the boot process, which is beneficial in Secure Boot
environments.
- Add CI settings to build and test UEFI Secure Boot.
Add one test to verify Secure Boot using OE Testing infraestructure:
$ kas build ci/qemuarm64-secureboot.yml:ci/meta-secure-core.yml:ci/uefi-secureboot.yml:ci/testimage.yml
...
RESULTS - uefi_secureboot.UEFI_SB_TestSuite.test_uefi_secureboot: PASSED (0.62s)
...
SUMMARY:
core-image-base () - Ran 73 tests in 28.281s
core-image-base - OK - All required tests passed (successes=19, skipped=54, failures=0, errors=0)
Signed-off-by: Javier Tia <javier.tia@linaro.org>
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org> [yml file include fix]
Signed-off-by: Jon Mason <jon.mason@arm.com>
Using resulttool we can transform the oeqa JSON reports into JUnit XML,
which GitLab can display in pipelines and merge requests.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Re-enable parselogs testing for fvp-base and corstone1000-fvp, and add
an ignore file for the relevant entries. Also, increase the testing
being done on corstone1000-fvp.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add the bits to enable poky-altcfg to boot to prompt on fvp-base.
Unfortunately, ssh takes a very long time to come up, which causes the
ssh test to timeout. So, don't enable this by default in CI.
Also, switch to building full-cmdline instead of sato, since we're never
actually testing the graphics on this platform.
Signed-off-by: Jon Mason <jon.mason@arm.com>
The Secure Debug functionality can be enabled on MPS3 by using the new
corstone1000-mps3-secure-debug.yml kas file. The kas file adds the new
secure-debug machine feature. The TF-M recipe adds the needed TF-M
build flags and patches in order to make the Secure Debug work.
This way, the Corstone-1000 will only boot fully if a debugger is
connected and a debug authentication is initiated.
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The edk file removed xorg from being tested, which is currently working
on qemuarm and qemuarm64. Also, the section name collies with one in
fvp.yml, which has other things that are removed. Remove this removal
to get things working as expected.
Signed-off-by: Jon Mason <jon.mason@arm.com>
With the resolution of meta-clang issue 766 and
OE-Core 15d09b02b2632ab1cabc3b1bd9f521e6d3d3b83f
many of the settings are no longer necessary to be set as part of our
CI. Remove them, as it is causing other issues with CI.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Jon Mason
Gabor Toth
Ross Burton
Csaba Szilágyi
Gyorgy Szing
Mikko Rapeli
Javier Tia
Bence Balogh