1
0
mirror of https://git.yoctoproject.org/meta-arm synced 2026-07-18 04:27:08 +00:00

Compare commits

..

65 Commits

Author SHA1 Message Date
Jon Mason 18453b87f7 ci: make get-binary-toolchain run per build
In a distributed, non-homogeneous CI setup, the binary-toolchain setup
script might not run on the machine that needs the toolchains.  Make
this per-build and it will always be there, at the expense of running on
builds that might not need it (though it still should be fast).

Also, there is an issue with the directory where the binary toolchain is
located being global, and racing against other systems using, setting up,
and tearing down.  Link this to a local directory to avoid any races.

Signed-off-by: Jon Mason <jon.mason@arm.com>
2022-03-11 13:24:45 -05:00
Jon Mason cd1672a846 arm-bsp: fix yylloc kernel build error
Backport patch from upstream to address the following error:
scripts/dtc/dtc-parser.tab.o:(.bss+0x20): multiple definition of `yylloc'; scripts/dtc/dtc-lexer.lex.o:(.bss+0x0): first defined here

Signed-off-by: Jon Mason <jon.mason@arm.com>
2022-03-11 11:53:35 -05:00
Ross Burton a0382c6a57 CI: pin Kas container to 2.6.3
Pin the Kas container to the 2.6.3 release, using debian-10, as newer
images use debian-11 which isn't a supported host distribution for
Gatesgarth.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2022-01-28 15:00:10 -05:00
Sumit Garg 2a2123dac0 external-arm-toolchain: Misc. fixup for GCC 10.2 support
Arm GCC 10.2 prebuilt toolchain comes with ldd and tzselect scripts
which uses "/usr/bin/bash", so replace this with "/bin/sh" as the
default shell.

Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-09-14 11:49:28 -04:00
Ross Burton 8e1b0e4a57 CI: remove redundant interruptiple assignment
Change-Id: I2e95cb1bf88cf77a59b54cb529dad4d471b6eb06
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-09-14 11:49:28 -04:00
Jon Mason 9dcbf55176 juno: temporarily pin 5.4 kernel version
Recent changes in the 5.4 kernel are preventing the juno patches from
applying.  Temporarily pin the kernel to the version prior to this until
the patches can be rebased.

Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-08-09 16:06:19 -04:00
Jon Mason b4f3880979 CI: add ssh tests
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-08-09 16:06:19 -04:00
Jon Mason d841a47d6e CI: merge testimage into the build stage
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-08-09 16:06:19 -04:00
Anastasios Kavoukis b9d54fefa0 CI: enable debug-tweaks IMAGE_FEATURE
This makes the images suitable for development and test,
debug-tweaks includes settings like empty root password.

All CI image builds inheriting from base.yml will
have this include this setting.

Signed-off-by: Anastasios Kavoukis <anastasios.kavoukis@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-08-09 16:06:19 -04:00
Ross Burton a0b2c6fc71 CI: set interruptible on all jobs
The previous attempt at setting interruptible didn't work as it needs to
happen on all tasks, as once a single uninterruptible job has executed
the pipeline cannot be cancelled.  Unfortunately the setup jobs were
not interruptible, so the pipeline could never be cancelled.

Change-Id: I5416bc3f9a883ace24c12607b2ebc24bc428b50b
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-07-23 10:30:33 +01:00
Ross Burton 34f64a0523 ci/check-warnings: ignore warnings that we're using the mirror
SourceForge in particular doesn't like multiple connections from the
same IP, but when a source mirror is being populated for the first time
this will happen. Our fetch falls back to the Yocto mirror so it doesn't
cause a failure, but there is a warning logged which our CI then fails
because of.

As we don't care about these warnings, filter them out of the log before
checking if there were any errors.

Change-Id: I36c97c5d9923f1c4d14c4588f3780211cccb57b2
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
2021-07-23 10:29:48 +01:00
Ross Burton 3b8ad597c9 CI: don't execute a job we know fails
The n1sdp/armgcc job fails due to a GCC switch conflict in gcc-runtime:

cc1: error: switch '-mcpu=armv8.2-a' conflicts with '-march=armv8-a' switch

Currently we run this job anyway, and ignore the failure. But that's 10
minutes of build time wasted every run when we know it fails.

Instead, mark the job as manually executed until we have fixed the
underlying issue.

Change-Id: I3ee48ce4d1a4f2dacc30800ff18c72fcce4e9afb
Signed-off-by: Ross Burton <ross.burton@arm.com>
2021-07-14 10:38:38 +01:00
Timothy Mertz 6a6510b508 external-arm-sdk-toolchain: Fix parsing error with INCOMPATIBLE_LICENSE
This change fixes parsing error that occurs when INCOMPATIBLE_LICENSE =
"GPLv3" by defining EAT_BFD_LICENSE, EAT_GDB_LICENSE and EAT_RLE_LICENSE
in license.inc and requiring it in external-arm-sdk-toolchain.bb

Definitions in external-arm-toolchain-versions.inc are made redundant so
they are removed.

Signed-off-by: Timothy Mertz <timothy.mertz@garmin.com>
Signed-off-by: Joshua Watt <Joshua.Watt@garmin.com>
Reviewed-by: Denys Dmytriyenko <denis@denix.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-07-02 10:54:33 -04:00
Jon Mason 6ebec2da19 CI: add testing and testimage
Add a testing task to the gitlab CI and run testimage in that job.
Currently, it only runs against some of the qemu based machines.
Using slirp, there is no need for a privileged container or tun/tap
devices.

Change-Id: Ia85a3d0089f7d4dc7595c3a45d328c79d8e675f1
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-06-29 11:25:02 -04:00
Ross Burton aa5fb3d6f9 CI: mark build jobs as interruptible
Mark the build jobs as interruptible, as they don't write to shared
resources (unlike update-repos or get-binary-toolchains). This means
that if the same branch is pushed again GitLab is likely to be able to
abort the obsolete pipeline to start the new build sooner.

Change-Id: I9284273e9b3118b616d3cb062cb957d98fc5e37e
Signed-off-by: Ross Burton <ross.burton@arm.com>
2021-06-29 11:20:47 -04:00
Ross Burton 23d9da9cee CI: report disk usage before/after pruning sstate
Change-Id: I66853ce1bf5e33c37094cc8fff04cbd4daaadf91
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-06-29 11:20:47 -04:00
Jon Mason 8f13054eea ci: clean regularly to reduce size
The Gitlab CI executors do not clean-up after each run, which will
result in a ballooning size over time. Remove all files in the work
tree, removing the problem.  SSTATE should prevent this from causing
any performance by not having the files there.

Change-Id: I57df3cf470c519286fe194739a0a7722794f3b25
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-06-08 11:29:57 -04:00
Ross Burton b3427f9001 ci/base: don't try to make warnings fatal
The generated local.conf has ERROR_QA=${WARN_QA} in an attempt to make
warnings fatal, but this appears to be just disabling some warnings and
error instead.

As we already have warning detection in the GitLab CI script, this is
redundant and can be removed.

Change-Id: I393874edbae148ee338a7069bbf800603c028242
Signed-off-by: Ross Burton <ross.burton@arm.com>
2021-05-25 12:14:53 +01:00
Ross Burton 5fc1de74b8 CI: fix preferred version of armgcc
Change-Id: I290439c0f18e5ec525f2102966b1e2a10c027720
Signed-off-by: Ross Burton <ross.burton@arm.com>
2021-05-10 11:31:39 +01:00
Jon Mason 39bc4076b2 CI: enable non-arm64 builders
Abstract away all of the things preventing the current setup from
working on only internal, arm64 build hardware.

Change-Id: Ib8d0e8e76602d4553e044520a91349015b1aa19b
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-05-01 07:41:05 -04:00
Jon Mason b4abab2203 CI: use public KAS image
Use the KAS docker image provided by the KAs project for Gitlab CI.
This allows for the external (non-Arm Corp) users/developers to run
Gitlab CI.

Change-Id: I9fee9a0d571e3fd60862d4ccd36176f9e583fc91
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-05-01 07:41:05 -04:00
Jon Mason a6243e60bd CI: Reorder manual tasks to be alphabetical
Change-Id: I2e5bfdf5794c99da530bc2645fb56a5444444be3
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-05-01 07:41:05 -04:00
Jon Mason 54b55deeb8 CI: Add repo dir to disk usage and ability to purge everything
Add the newly added repo dir to the disk usage calculation and add the
ability to remove each of the persistent directories.

Change-Id: Ib922ad42c62efdeccf01851ac751742ed67748ae
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-05-01 07:41:05 -04:00
Jon Mason a11e752a28 Rename top-level kas/ to ci/
The files in kas/ are not generic Kas files, but instead designed
specifically and solely around the CI system.

Change-Id: I30082392ad2231a4c1c41e54a292595adf81715b
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-05-01 07:41:05 -04:00
Ross Burton f4129ee8a8 CI: move utility tasks to prep so they don't cause a fetch
Re-order the tasks so that the utility tasks don't cause update-repos to
run.

Change-Id: I86a528c98fe32e20428f9efbd5fb82c374aefc8a
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-05-01 07:41:05 -04:00
Ross Burton c200941b15 CI: maintain centralised repositories to speed fetching
Kas supports 'reference repositories' which are used as a local source
of git objects to speed up fetches.  At the beginning of the CI run we
can update these repositories once to speed up later fetches.

Change-Id: I138051fd3cf9b5675e0fa5007cd8088abd17db4e
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-05-01 07:41:05 -04:00
Ross Burton 2c5dea8979 CI: add qemuarm and qemuarmv5
Change-Id: Ie5e1fdf0870ed578faaf6ca2d6c6e73bad340f1e
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-05-01 07:41:05 -04:00
Ross Burton 498f88004c CI: delete-sstate needs to delete contents
Change-Id: I278d470540e20db8d789a1428e927356e3a5d8b1
2021-05-01 07:41:05 -04:00
Ross Burton 0f33099a82 CI: add task to delete all sstate
Change-Id: If89c6c27cafe6ae7e93b5db5d37b9e8ecdaee131
Signed-off-by: Ross Burton <ross.burton@arm.com>
2021-05-01 07:41:05 -04:00
Ross Burton aff8d93108 kas: add a test for the external toolchain support
meta-arm-toolchain supports using an external binary arm
toolchain[1] instead of the gcc-cross built by oe-core.

Add a test case to exercise this build in the CI.  Currently this
is only for the Aarch32 target as our CI runs on aarch64 and there
is no binary or aarch64 target on aarch64 host.

This depends on the image used by the CI having the relevant
compilers installed into /usr/local.

[1] https://developer.arm.com/tools-and-software/open-source-software/developer-tools/gnu-toolchain/gnu-a

Change-Id: I9f7ea66786e98a40cbd490386497e2d3aaa47e80
Signed-off-by: Ross Burton <ross.burton@arm.com>
Acked-by: Sumit Garg <sumit.garg@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-05-01 07:41:05 -04:00
Ross Burton 87ceedf4d2 kas: add testing of gcc-arm
Add a build to verify that setting GCCVERSION to arm-10.2 works.

Change-Id: I086fa786b11560a8e94ee646859c59288bacba5d
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-05-01 07:40:55 -04:00
Nathan Dunne e219ef606e arm-autonomy/u-boot: Modified kernel_addr for fvp-base with xen
Modified the default booti command for fvp-base with xen to boot
into xen at 0x84000000, rather than requiring the user to break
into the u-boot prompt.

Issue-Id: SCM-2195
Signed-off-by: Nathan Dunne <Nathan.Dunne@arm.com>
Change-Id: I91f324ce77716474596a78f97e74f432969d9803
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-03-25 09:32:52 -04:00
Richard Neill fc4b2f8907 arm-autonomy/linux-arm-autonomy: Drop XenStore initialisation patch
With the linux-yocto version upgrade, the xenstore initialisation patch is no
longer necessary.

Issue-Id: SCM-2263
Signed-off-by: Richard Neill <richard.neill@arm.com>
Change-Id: I293a5f81b48c57f3af1c99606af776537f35f0bb
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-03-15 22:59:44 -04:00
Richard Neill d8074cb6a0 arm-autonomy/xen: remove patches that have been mainlined in xen 4.14.1
Remove the 4 patches from recipes-extended/xen/xen_4.14.bbappend that
have been integrated in xen 4.14.1

Issue-Id: SCM-2133
Signed-off-by: Richard Neill <richard.neill@arm.com>
Change-Id: If38262d17699794eb600b11e131c168ed4de4391
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-03-08 09:12:15 -05:00
Richard Neill 48720822d6 arm-autonomy: Add meta-networking dependency to autonomy layer config
meta-arm-autonomy requires the bridge-utils package, which is provided by the
meta-openembedded/meta-networking layer. This patch adds the explicit
dependency.

Issue-Id: SCM-2166
Signed-off-by: Richard Neill <richard.neill@arm.com>
Change-Id: If2a79755ac1f16fafa994e16ac980a37999692db
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-03-04 15:17:22 -05:00
Ross Burton 7336830dab kas: update meta-clang to use the gatesgarth branch
When the CI was written there wasn't a gatesgarth branch, but there is now
and it is needed as master meta-clang doesn't work with gatesgarth oe-core.

Change-Id: Ief06b6c5be11dd7fc77520f5601b662bdca52891
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-03-04 15:17:11 -05:00
Ross Burton 332410055a arm/opencsd: backport patch to fix build race
Change-Id: I46ea9cfa5e149db000740b4a2c6730ced99340ef
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-03-04 15:17:11 -05:00
Richard Neill 7c3a55f8ff arm-autonomy/linux-arm-autonomy: Add Xen per-cpu address translation patch
Adds a kernel patch to avoid Xen guest initialisation failure when converting a
virtual address to a frame number when the initial address space has a
non-contiguous physical layout.

The patch is mainlined for kernel versions >= 5.9, so we only apply it for
earlier versions.

Issue-Id: SCM-1910
Change-Id: Icf84535718779f91eb668d178a118c96e05f54de
Signed-off-by: Richard Neill <richard.neill@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-03-03 15:10:06 -05:00
Ross Burton ac9f59ca62 CI: don't retry jobs
We can't retry jobs blindly because if a build fails with warnings we want
to fail the job.  With retries enabled the job fails, but is immediately
retried and builds quickly from sstate without any warnings.

Thus, all and any warnings are hidden.

Disabling retries. We may get occasional failures from Docker, we'll have
to see how bad they are.

Change-Id: Ib726f14a264c029fdf372fc1b8a02aca52bf5e4c
Signed-off-by: Ross Burton <ross.burton@arm.com>
2021-02-22 11:48:30 +00:00
Ross Burton fb196bacd6 kas: meta-kernel is no longer needed
Change-Id: I36d34828fe34c02c15afdf92330ec9a95a93c170
Signed-off-by: Ross Burton <ross.burton@arm.com>
2021-02-22 11:47:52 +00:00
Diego Sueiro 6e3e29857c arm-autonomy: Fix xenbus probe for guest kernels < 5.4.99
The arm64-autonomy-guest kernel from commit a09d4e7acdbf ("xen: Fix event
channel callback via INTX/GSI") are hanging at `hw-breakpoint: found 6
breakpoint and 4 watchpoint registers.`.
The arm-autonomy-guest kernels older than 5.4.99 need to backport the
0001-arm-xen-Don-t-probe-xenbus-as-part-of-an-early-initc.patch in order
to be able to boot.

Issue-Id: SCM-2151
Signed-off-by: Diego Sueiro <diego.sueiro@arm.com>
Change-Id: I56c558f518336567eadd5dc69fd9334c23b19cd8
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-02-18 22:50:18 -05:00
Diego Sueiro d235d4b53e arm-autonomy: Fix XenStore initialisation for host kernels < 5.4.95
The arm-autonomy-host kernels older than 5.4.95 need to backport the
0001-xen-Fix-XenStore-initialisation-for-XS_LOCAL.patch in order to be able to
use the `xl block-attach` and fix this issue:
```
xl block-attach 0 "phy:/dev/vg-xen-vda3/base" xvda w
libxl: error: libxl_xshelp.c:201:libxl__xs_read_mandatory: xenstore read failed: `/libxl/0/type': No such file or directory
libxl: warning: libxl_dom.c:52:libxl__domain_type: unable to get domain type for domid=0, assuming HVM
libxl: error: libxl_disk.c:314:device_disk_add: device already exists in xenstore
libxl: error: libxl_device.c:1407:device_addrm_aocomplete: unable to add device
```

This issue is not present in linux-linaro-arm[-rt] 5.4.0 used by N1SDP, hence
we do not apply this patch for it.

Issue-Id: SCM-2151
Signed-off-by: Diego Sueiro <diego.sueiro@arm.com>
Change-Id: Iea22c54e86db17952662faf75cae94d0ef18d4f3
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-02-18 22:50:18 -05:00
Diego Sueiro 5207074884 arm-autonomy/linux-arm-autonomy: apply runstate fix to kernels older than 5.10
The patch introduced in 82ffc86 is a backport from the 5.10 version. Hence,
just apply it for kernels older than 5.10.

Issue-Id: SCM-2033
Signed-off-by: Diego Sueiro <diego.sueiro@arm.com>
Change-Id: I6bccc0c75d931d8046260c61afb53395bb9d2d1b
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-02-18 22:50:18 -05:00
Jon Mason 7185d29de9 arm-toolchain: Fix potential runtime crash
GCCv9 tree vectorization code is faulty and can cause random crashes at
runtime (when using -O3).  Add the backported patch to address this
issue.

Change-Id: If7bb0ba0720bab42e7d34f3679d988934f657392
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-02-16 09:45:48 -05:00
Nathan Dunne 932d35bab0 arm-autonomy/documentation: Remove references to meta-kernel
Since meta-arm-bsp doesn't depend on meta-kernel anymore
it has been removed from the appropriate documentation.

Issue-Id: SCM-2005
Signed-off-by: Nathan Dunne <Nathan.Dunne@arm.com>
Change-Id: If3548b84c4cffc5cc105a1fc07a656dc814699f3
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-01-25 11:11:22 -05:00
Kamil Dziezyk d12eadacd0 arm-autonomy/juno-firmware: add compressed kernel support
This patch adds support for lzma compressed kernel,
by setting KERNEL_ALT_IMAGETYPE to 'Image.lzma' and
adding additional decompression step during u-boot boot stage.

U-boot automatic Image decompression cannot be used here,
because if xen binary is the target of 'booti' command,
Image is not being decompressed neither by u-boot nor by xen.

Lzma compression is supported in u-boot with 'lzmadec' command,
and does not require setting additional dependencies inside kernel recipe.

Change-Id: I51b9aea962f8905f88b60ac28e71017c7d500189
Issue-Id: SCM-1769
Signed-off-by: Kamil Dziezyk <kamil.dziezyk@arm.com>
Signed-off-by: Diego Sueiro <diego.sueiro@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-01-08 10:15:06 -05:00
Kamil Dziezyk e45752aa6f arm-autonomy/autonomy-host: add user defined partition to wic image
With this patch user can define additional partition entry,
via AUTONOMY_HOST_EXTRA_PARTITION variable.

Issue-Id: SCM-1514
Signed-off-by: Kamil Dziezyk <kamil.dziezyk@arm.com>
Change-Id: Ic103a40de44ea6cd88caa60f06033a9c678b265f
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-01-08 10:15:06 -05:00
Kamil Dziezyk a365b3bd7e arm-autonomy/juno-image-customization: add host wks file
This patch also appends 'wic wic.gz wic.bmap' images,
to IMAGE_FSTYPES.

WKS file contains two partition entries:
 * first is rootfs partition
 * second is empty partition (4 GiB by default)

Issue-Id: SCM-1520
Signed-off-by: Kamil Dziezyk <kamil.dziezyk@arm.com>
Change-Id: Ic0c79ee5eb4b08ad8f9c133b267feda1c85519a3
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-01-08 10:15:06 -05:00
Nathan Dunne 7b82307c0a arm-autonomy/arm-autonomy-host-image-minimal: Added multiconfig support
Added new documentation file arm-autonomy-multiconfig.md which explains
how to set up a multiconfig build, where both the host and guest are
built simultaneously in the same build dir.

To enable this feature the dependency between host and guest is set in
the image recipe, using the variables described in the documentation.

Issue-Id: SCM-638
Signed-off-by: Nathan Dunne <Nathan.Dunne@arm.com>
Change-Id: Iae315c128dc6d2b39281312bc1a2ab9b88f6241e
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-01-08 10:15:06 -05:00
Jon Mason a72b89ccd1 arm-bsp: fix sgi575 kernel compile warning
SGI575 throws a config warning when compiling the 5.7 kernel.

WARNING: linux-yocto-5.7.19+gitAUTOINC+b9e6fd082d_6b9830fecd-r0 do_kernel_configcheck: [kernel config]: specified values did not make it into the kernel's final configuration:

    [NOTE]: 'CONFIG_USB_CONN_GPIO' last val (m) and .config val (y) do not match
    [INFO]: CONFIG_USB_CONN_GPIO : y ## .config: 5334 :configs///defconfig (m)
    [INFO]: raw config text:

        config USB_CONN_GPIO
        	tristate "USB GPIO Based Connection Detection Driver"
        	select USB_ROLE_SWITCH
        	depends on GPIOLIB && USB_SUPPORT
        	help
        	  The driver supports USB role switch between host and device via GPIO
        	  based USB cable detection, used typically if an input GPIO is used
        	  to detect USB ID pin, and another input GPIO may be also used to detect
        	  Vbus pin at the same time, it also can be used to enable/disable
        	  device if an input GPIO is only used to detect Vbus pin.

        	  To compile the driver as a module, choose M here: the module will
        	  be called usb-conn-gpio.ko

        Config 'USB_CONN_GPIO' has the following Direct dependencies (USB_CONN_GPIO=y):
                GPIOLIB(=y) && USB_SUPPORT(=y)
        Parent dependencies are:
             USB_SUPPORT [y] GPIOLIB [y]

    [INFO]: selection details for 'CONFIG_USB_CONN_GPIO':
        Symbols currently y-selecting this symbol:
          - PHY_TEGRA_XUSB

It is using the defconfig from upstream Linux.  So, change that
defconfig to correct the warning by changing USB_CONN_GPIO from 'm' to
'y'.

Change-Id: Ia5080f7f22d0f1aef065b58d8c3b0222625c8f58
Signed-off-by: Jon Mason <jon.mason@arm.com>
2020-12-18 16:00:43 -05:00
Ross Burton 1cd14b33c1 ci: fail any build that emits warnings
Using a custom logging.yml we can instruct BitBake's logger to write all
warnings and errors into a separate log file.

Then after the build has finished we can see if the log file is empty and if
not show it and abort the build.

Change-Id: Ida835b5c822941fb513dfb1758b4ec195e0050fc
Signed-off-by: Ross Burton <ross.burton@arm.com>
2020-12-17 12:40:07 +00:00
Ross Burton 27ed22b040 ci: make bootstrap just another kas overlay
Simplify the gitlab-ci by having the bootstrap build as just another Kas
overlay file, so there's no duplication of build script.

Change-Id: I7341750d2ae7f3c146bfe323f61fa98c0f3121c0
Signed-off-by: Ross Burton <ross.burton@arm.com>
2020-12-17 12:40:05 +00:00
Ross Burton b97016fcfa kas: remove redundant env settings
These are left over from an experiment and are no longer needed.

Change-Id: I27677b58e4c196371a394f47b185f71917848528
Signed-off-by: Ross Burton <ross.burton@arm.com>
2020-12-17 12:40:03 +00:00
Ross Burton eff9e62526 gitlab-ci: force git updates
Explicitly force kas to update in case the repositories are reused.

Change-Id: Ieedf518c7586bb1a4eff274dc1a33b52a3c49d9f
Signed-off-by: Ross Burton <ross.burton@arm.com>
2020-12-17 12:39:55 +00:00
Jon Mason 892c9686bf arm-bsp: fix missing stable kernels
Corstone, a5ds, and sgi575 were using the meta-kernel, but recent
updates removed support for their non-LTS kernel.  Change to using the
respective kernels present in linux-yocto until it can be upgraded to
the latest version.

Change-Id: I63f2e511fe69051c06e6559950b798c1371cc8e9
Signed-off-by: Jon Mason <jon.mason@arm.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
2020-12-17 12:39:55 +00:00
Ross Burton e8cc03775e arm/qemuarm64-secureboot: don't use -dev kernel
According to the comment linux-yocto-dev was being used to get a 5.5
kernel as 5.4 was panicking on boot.  Now linux-yocto defaults to 5.8
so just use the standard kernel instead.

Change-Id: Id382c69f16f2ff4b2cbc63be94a645e56616549d
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2020-12-11 09:12:58 -05:00
Kamil Dziezyk 4cae9fe87b arm-autonomy/xen-tools: update vif hostname fix patch status
Fix for hostname setting in vif-nat script was merged in xen upstream repo,
(sha: 5499e0fc8082024bf7e2d0facd5c976e82105070),
hence correct patch status for 4.14 is 'Backport'.

Issue-Id: SCM-1523
Signed-off-by: Kamil Dziezyk <kamil.dziezyk@arm.com>
Change-Id: I35f04bfa0f0fff81a1ef20d500b9323e5f13b9ed
Signed-off-by: Jon Mason <jon.mason@arm.com>
2020-12-09 15:55:34 -05:00
Ross Burton 784ef62cc4 Add experimental CI using Kas+GitLab
Add kas scripts that generic to test builds, and a GitLab CI runner.

Change-Id: I9026fd1af4155288c4adb523d00b1562ea8515e9
Signed-off-by: Ross Burton <ross.burton@arm.com>
2020-11-30 15:51:41 +00:00
Ross Burton 1a0a9700f2 arm-bsp/external-system: remove coreutils-native DEPENDS
This recipe doesn't appear to actually need coreutils-native at all, and
using it exposes a bug in pseudo where cp crashes.

Change-Id: I2fbf9ee75165194866e4a14758ed06148340dc2b
Signed-off-by: Ross Burton <ross.burton@arm.com>
2020-11-25 17:48:17 +00:00
Khasim Mohammed ba30bf591e arm-bsp/n1sdp-board-firmware: include RAM firmware for secondary device
While testing multi-chip mode it was observed that n1sdp running
as secondary device needs scp and mcp RAM firmware as well.

This issue wasn't captured earlier as QSPI flash had RAM firmware installed
and it doesn't get erased automatically therefore the device was able to
load it on every reboot.

Change-Id: Ied9d24429c7025206e35f50c8e5b6f090a590015
Signed-off-by: Khasim Syed Mohammed <khasim.mohammed@arm.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
2020-11-25 16:06:33 +00:00
Khasim Syed Mohammed 0c59d1cf42 arm-bsp/n1sdp: add overview section to n1sdp documentation
Update the n1sdp documentation in meta-arm-bsp to include overview section
and link to Arm community portal for further details on hardware platform.

Change-Id: Ic7c212db18a8c1f24255615061eee862af3aafd1
Signed-off-by: Khasim Syed Mohammed <khasim.mohammed@arm.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
2020-11-25 16:06:31 +00:00
Kamil Dziezyk 289982e1cb arm-autonomy/xen-devicetree: check if kernel Image size is correct
This patch brings following improvements:
 * Adds a check for kernel size defined by XEN_DEVICETREE_DOM0_SIZE variable,
   whether it is greater or equal to actual kernel size.
   If not, bitbake warns user and adjusts value of XEN_DEVICETREE_DOM0_SIZE.
 * Adds 'virtual/kernel:do_deploy' as a mandatory xen-devicetree dependency via
   XEN_DEVICETREE_DEPEND variable.

Issue-Id: SCM-1567
Signed-off-by: Kamil Dziezyk <kamil.dziezyk@arm.com>
Change-Id: I4f250172f1fa599b7a3673ba0887cd49372b7556
Signed-off-by: Ross Burton <ross.burton@arm.com>
2020-11-25 12:50:03 +00:00
Kamil Dziezyk 44e51aa5be arm-autonomy/firmware-image-juno: update offset addresses for NOR flash images
This patch brings following improvements:
 * Remove images-r[012].txt and uEnv.txt source files
   and move all customization to add-xen-support.patch.
 * Move juno*-xen.dtb and xen binaries under dedicated
   'XEN' directory to be compatible with 8.3 format.
 * Increase XEN_DEVICETREE_DOM0_SIZE to 36 MiB.

Change-Id: I3d3ff963f97c738dcf2d90ba825729232d63ad06
Issue-Id: SCM-1567
Signed-off-by: Kamil Dziezyk <kamil.dziezyk@arm.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
2020-11-25 12:49:34 +00:00
Khasim Mohammed b8bb75b4d3 arm-bsp/n1sdp: remove swap parition entry from wic image
The swap partition on n1sdp seem to create an issue when shutdown or reboot is run
from the shell prompt, the console stops at "Deactivating swap ...". Hence
removing the swap partition entry from wic image.

Change-Id: I22cf971fdde7e3b8b386c74003983fab3d309cc5
Signed-off-by: Khasim Syed Mohammed <khasim.mohammed@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2020-11-19 08:48:44 -05:00
Kamil Dziezyk 0057143f4b arm-autonomy/xenguest-init: fix guest shutdown issues after host reboot
This patch contain following changes:
 * xenguest-init stop action uses now blocking call,
   and additional 'xl destroy guest' call if normal shutdown has failed.
 * xenguest-init stop action stops only running guest.
 * xenguest-init script is now caled before xen-tools scripts
   on host shutdown or reboot.
 * xenguest-network-bridge script is now called before ifupdown script
   on host shutdown or reboot.

Change-Id: I46e307fd0ad36b2e35559b4e8a071be9bbc50e34
Issue-Id: SCM-1632
Signed-off-by: Kamil Dziezyk <kamil.dziezyk@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2020-11-19 08:48:17 -05:00
1071 changed files with 43540 additions and 35915 deletions
-2
View File
@@ -1,2 +0,0 @@
[b4]
send-series-to = meta-arm@lists.yoctoproject.org
-2
View File
@@ -1,2 +0,0 @@
__pycache__
build
+116 -274
View File
@@ -1,249 +1,104 @@
image: ${MIRROR_GHCR}/siemens/kas/kas:4.7
variables:
# These are needed as the k8s executor doesn't respect the container
# entrypoint by default
FF_KUBERNETES_HONOR_ENTRYPOINT: 1
FF_USE_LEGACY_KUBERNETES_EXECUTION_STRATEGY: 0
# The default value for KUBERNETES_CPU_REQUEST
CPU_REQUEST: ""
# The default machine tag for the build jobs
DEFAULT_TAG: ""
# The machine tag for the ACS test jobs
ACS_TAG: "$DEFAULT_TAG"
# The directory to use as the persistent cache (the root for DL_DIR, SSTATE_DIR, etc)
CACHE_DIR: $CI_BUILDS_DIR/persist
# The container mirror to use
MIRROR_GHCR: ghcr.io
# Whether to run the SystemReady ACS tests
ACS_TEST: 0
# The list of extra Kas fragments to be used when building
EXTRA_KAS_FILES: ""
# The NVD API key to use when fetching CVEs
NVDCVE_API_KEY: ""
# We need 2.6.3 as this is the latest container with an old enough distro
image: ghcr.io/siemens/kas/kas:2.6.3
# First do a common bootstrap, and then build all the targets
stages:
- prep
- bootstrap
- build
# Common job fragment to get a worker ready
.setup:
tags:
- $DEFAULT_TAG
stage: build
interruptible: true
variables:
KUBERNETES_CPU_REQUEST: $CPU_REQUEST
KAS_WORK_DIR: $CI_PROJECT_DIR/work
KAS_BUILD_DIR: $KAS_WORK_DIR/build
# Set this in the environment to enable local repository caches
KAS_REPO_REF_DIR: ""
SSTATE_DIR: $CACHE_DIR/sstate
DL_DIR: $CACHE_DIR/downloads
KAS_REPO_REF_DIR: $CI_BUILDS_DIR/persist/repos
SSTATE_DIR: $CI_BUILDS_DIR/persist/sstate
DL_DIR: $CI_BUILDS_DIR/persist/downloads
BB_LOGCONFIG: $CI_PROJECT_DIR/ci/logging.yml
TOOLCHAIN_DIR: $CACHE_DIR/toolchains
IMAGE_DIR: $KAS_BUILD_DIR/tmp/deploy/images
TOOLCHAIN_LINK_DIR: $KAS_BUILD_DIR/toolchains
TOOLCHAIN_DIR: $CI_BUILDS_DIR/persist/toolchains
IMAGE_DIR: $CI_PROJECT_DIR/work/build/tmp/deploy/images
TOOLCHAIN_LINK_DIR: $CI_PROJECT_DIR/work/build/toolchains
before_script:
- echo KAS_WORK_DIR = $KAS_WORK_DIR
- echo SSTATE_DIR = $SSTATE_DIR
- echo DL_DIR = $DL_DIR
- rm -rf $KAS_WORK_DIR
- mkdir --verbose --parents $KAS_WORK_DIR $KAS_REPO_REF_DIR $SSTATE_DIR $DL_DIR $TOOLCHAIN_DIR $TOOLCHAIN_LINK_DIR
# Must do this here, as it's the only way to make sure the toolchain is installed on the same builder
- ./ci/get-binary-toolchains $DL_DIR $TOOLCHAIN_DIR $TOOLCHAIN_LINK_DIR
# Generalised fragment to do a Kas build
.build:
extends: .setup
rules:
# Don't run MR pipelines
- if: $CI_PIPELINE_SOURCE == "merge_request_event"
when: never
# Don't run pipelines for tags
- if: $CI_COMMIT_TAG
when: never
# Don't run if BUILD_ENABLE_REGEX is set, but the job doesn't match the regex
- if: '$BUILD_ENABLE_REGEX != null && $CI_JOB_NAME !~ $BUILD_ENABLE_REGEX'
when: never
# Allow the dev kernels to fail and not fail the overall build
- if: '$KERNEL == "linux-yocto-dev"'
allow_failure: true
# Catch all for everything else
- if: '$KERNEL != "linux-yocto-dev"'
script:
- KASFILES=$(./ci/jobs-to-kas "$CI_JOB_NAME" $EXTRA_KAS_FILES):lockfile.yml
- echo KASFILES=$KASFILES
- kas dump --update --force-checkout --resolve-refs --resolve-env $KASFILES
- KASFILES=$(./ci/jobs-to-kas $CI_JOB_NAME)
- kas shell --update --force-checkout $KASFILES -c 'cat conf/*.conf'
- kas build $KASFILES
- ./ci/check-warnings $KAS_BUILD_DIR/warnings.log
- kas shell ci/base.yml:lockfile.yml --command "$CI_PROJECT_DIR/ci/junit.sh $KAS_WORK_DIR/build"
artifacts:
name: "logs"
when: on_failure
expire_in: 1 week
paths:
- $KAS_BUILD_DIR/tmp*/work*/**/temp/log.do_*.*
- $KAS_BUILD_DIR/tmp*/work*/**/testimage/*
reports:
junit: $KAS_BUILD_DIR/tmp/log/oeqa/junit.xml
- ./ci/check-warnings $KAS_WORK_DIR/build/warnings.log
#
# Prep stage, update repositories once.
# Set the CI variable CI_CLEAN_REPOS=1 to refetch the respositories from scratch
# Prep stage, update repositories once
#
update-repos:
extends: .setup
stage: prep
allow_failure:
exit_codes: 128
script:
- |
exit_code=0
- flock --verbose --timeout 60 $KAS_REPO_REF_DIR ./ci/update-repos
# Dump the environment for reference
printenv
#
# Bootstrap stage, bootstrap and machine coverage
#
# Update the reference repositories if needed
if [ -n "$KAS_REPO_REF_DIR" ]; then
flock --verbose --timeout 60 $KAS_REPO_REF_DIR --command ./ci/update-repos || exit_code=$?
# Exit now if that failed, unless the status was 128 (fetch failed)
test $exit_code != 0 -a $exit_code != 128 && exit 1
fi
# Build a number of native tools first to ensure the other builders don't race
# over them
n1sdp/bootstrap:
extends: .build
stage: bootstrap
# What percentage of machines in the layer do we build
machine-coverage:
stage: bootstrap
interruptible: true
script:
- ./ci/check-machine-coverage
coverage: '/Coverage: \d+/'
# Only generate if doesn't already exist, to allow feature branches to drop one in.
if test -f lockfile.yml; then
echo Using existing lockfile.yml
else
# Be sure that this is the complete list of layers being fetched
kas dump --lock --update ci/qemuarm64.yml:ci/meta-openembedded.yml:ci/clang.yml:ci/meta-virtualization.yml | tee lockfile.yml
fi
exit $exit_code
artifacts:
name: "lockfile"
when: always
paths:
- lockfile.yml
#
# Build stage, the actual build jobs
#
# Available options for building are (VIRT _must_ be last for ssh override)
# DISTRO: [poky, poky-altcfg, poky-tiny]
# KERNEL: [linux-yocto, linux-yocto-dev]
# TOOLCHAINS: [gcc, clang]
# TCLIBC: [glibc, musl]
# FIRMWARE: [u-boot, edk2]
# TS: [none, trusted-services]
# TESTING: testimage
# SECUREDEBUG: [none, secure-debug]
# VIRT: [none, xen]
arm-systemready-ir-acs:
a5ds:
extends: .build
timeout: 12h
parallel:
matrix:
# arm-systemready-ir-acs must be specified after fvp-base for ordering
# purposes for the jobs-to-kas output. It is not enough to just have it
# in the job name because fvp-base.yml overwrites the target.
- PLATFORM: [fvp-base, corstone1000-fvp]
ARM_SYSTEMREADY_IR_ACS: arm-systemready-ir-acs
tags:
- ${ACS_TAG}
# Validate layers are Yocto Project Compatible
check-layers:
extends: .setup
script:
- kas shell --update --force-checkout ci/base.yml:ci/meta-openembedded.yml:lockfile.yml --command \
"yocto-check-layer-wrapper $CI_PROJECT_DIR/$LAYER --dependency $CI_PROJECT_DIR/meta-* $KAS_WORK_DIR/meta-openembedded/meta-oe --no-auto-dependency"
parallel:
matrix:
- LAYER: [meta-arm, meta-arm-bsp, meta-arm-toolchain]
corstone1000-fvp:
corstone700-fvp:
extends: .build
parallel:
matrix:
- FIRMWARE: corstone1000-firmware-only
TESTING: [testimage, tftf]
- FIRMWARE: none
TESTING: testimage
- SYSTEMREADY_FIRMWARE: arm-systemready-firmware
corstone1000-mps3:
corstone700-mps3:
extends: .build
parallel:
matrix:
- FIRMWARE: corstone1000-firmware-only
TESTING: [none, tftf]
- FIRMWARE: none
SECUREDEBUG: [none, secure-debug]
documentation:
extends: .setup
script:
- |
# This can be removed when the kas container has python3-venv installed
sudo apt-get update && sudo apt-get install --yes python3-venv
python3 -m venv venv
. ./venv/bin/activate
pip3 install -r meta-arm-bsp/documentation/requirements.txt
for CONF in meta-*/documentation/*/conf.py ; do
echo Building $CONF...
SOURCE_DIR=$(dirname $CONF)
MACHINE=$(basename $SOURCE_DIR)
sphinx-build -vW $SOURCE_DIR build-docs/$MACHINE
done
test -d build-docs/
artifacts:
paths:
- build-docs/
foundation-armv8:
extends: .build
fvp-base:
extends: .build
parallel:
matrix:
- TS: [none, fvp-base-ts]
TESTING: testimage
- FIRMWARE: [u-boot, edk2]
TESTING: testimage
- SYSTEMREADY_FIRMWARE: arm-systemready-firmware
fvps:
fvp-base-arm32:
extends: .build
genericarm64:
fvp-base-arm32/external-gccarm:
extends: .build
gem5-arm64:
extends: .build
parallel:
matrix:
- TOOLCHAINS: [gcc, clang]
TESTING: testimage
- KERNEL: linux-yocto-dev
TESTING: testimage
juno:
extends: .build
parallel:
matrix:
- TOOLCHAINS: [gcc, clang]
FIRMWARE: [u-boot, edk2]
# What percentage of machines in the layer do we build
machine-coverage:
extends: .setup
script:
- ./ci/check-machine-coverage
coverage: '/Coverage: \d+/'
metrics:
extends: .setup
artifacts:
reports:
metrics: metrics.txt
script:
- kas shell --update --force-checkout ci/base.yml --command \
"$CI_PROJECT_DIR/ci/patchreview $CI_PROJECT_DIR/meta-* --verbose --metrics $CI_PROJECT_DIR/metrics.txt"
juno/clang:
extends: .build
musca-b1:
extends: .build
@@ -251,101 +106,88 @@ musca-b1:
musca-s1:
extends: .build
pending-updates:
extends: .setup
# Only run this job for the default branch (master), or if forced with
# BUILD_FORCE_PENDING_UPDATES.
rules:
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
- if: $BUILD_FORCE_PENDING_UPDATES != null
artifacts:
paths:
- update-report
script:
- rm -fr update-report
# This configuration has all of the layers we need enabled
- kas shell --update --force-checkout ci/qemuarm64.yml:ci/meta-openembedded.yml:ci/meta-secure-core.yml:lockfile.yml --command \
"$CI_PROJECT_DIR/scripts/machine-summary.py -t report -o $CI_PROJECT_DIR/update-report $($CI_PROJECT_DIR/ci/listmachines.py meta-arm meta-arm-bsp)"
qemuarm64-secureboot:
n1sdp:
extends: .build
parallel:
matrix:
- TOOLCHAINS: [gcc, clang]
TCLIBC: [glibc, musl]
TS: [none, qemuarm64-secureboot-ts]
TESTING: testimage
- UEFISB: [none, uefi-secureboot]
TESTING: testimage
- KERNEL: linux-yocto-dev
TESTING: testimage
qemuarm64:
# This job currently fails when building gcc-runtime:
# cc1: error: switch '-mcpu=armv8.2-a' conflicts with '-march=armv8-a' switch [-Werror]
# Mark as manual so it doesn't get executed automatically
n1sdp/armgcc:
extends: .build
parallel:
matrix:
- DISTRO: poky-tiny
TESTING: testimage
- VIRT: xen
when: manual
qemuarm-secureboot:
qemuarm/testimage:
extends: .build
parallel:
matrix:
- TOOLCHAINS: [gcc, clang]
TCLIBC: [glibc, musl]
TESTING: testimage
- DISTRO: [poky, poky-altcfg]
TESTING: testimage
- KERNEL: linux-yocto-dev
TESTING: testimage
qemuarm:
qemuarm64-secureboot/testimage:
extends: .build
parallel:
matrix:
- TOOLCHAINS: [gcc, clang]
FIRMWARE: edk2
TESTING: testimage
- DISTRO: poky-tiny
TESTING: testimage
- VIRT: xen
qemuarmv5:
qemuarm64-secureboot/clang/testimage:
extends: .build
parallel:
matrix:
- DISTRO: poky
KERNEL: [linux-yocto, linux-yocto-dev]
TESTING: testimage
- DISTRO: poky-tiny
TESTING: testimage
sbsa-ref:
qemuarm64-secureboot/clang/musl/testimage:
extends: .build
parallel:
matrix:
- TOOLCHAINS: [gcc, clang]
TESTING: testimage
- DISTRO: poky-altcfg
TESTING: testimage
- KERNEL: linux-yocto-dev
TESTING: testimage
selftest:
extends: .setup
script:
- KASFILES=./ci/qemuarm64.yml:./ci/selftest.yml:lockfile.yml
- kas shell --update --force-checkout $KASFILES -c 'oe-selftest --num-processes 2 --select-tag meta-arm --run-all-tests'
qemuarm64-secureboot/musl/testimage:
extends: .build
qemuarmv5/testimage:
extends: .build
sgi575:
extends: .build
parallel:
matrix:
- TESTING: testimage
# FVP binary is x86-only
tags:
- x86_64
toolchains:
tc0:
extends: .build
#
# Utility tasks, not executed automatically
#
delete-dl-dir:
extends: .setup
stage: prep
when: manual
script:
- rm -rf $DL_DIR/*
delete-repo-dir:
extends: .setup
stage: prep
when: manual
script:
- rm -rf $KAS_REPO_REF_DIR/*
# Delete all sstate
delete-sstate:
extends: .setup
stage: prep
when: manual
script:
- rm -rf $SSTATE_DIR/*
delete-toolchains:
extends: .setup
stage: prep
when: manual
script:
- rm -rf $TOOLCHAIN_DIR/*
# Wipe out old sstate
prune-sstate:
extends: .setup
stage: prep
when: manual
script:
- du -h -s $SSTATE_DIR
- find $SSTATE_DIR -type f -atime +30 -delete
- du -h -s $SSTATE_DIR
# Report on disk usage
usage:
extends: .setup
stage: prep
when: manual
script:
- du -h -s $DL_DIR $SSTATE_DIR $KAS_REPO_REF_DIR $TOOLCHAIN_DIR
+18 -65
View File
@@ -1,44 +1,23 @@
Introduction
------------
This repository contains the Arm layers for OpenEmbedded.
This repository contains Arm layers for OpenEmbedded
* meta-arm
meta-arm:
This layer provides support for general recipes for the Arm
architecture. Anything that's not needed explicitly for BSPs, the IOTA
distribution, or destined to be upstreamed belongs here.
This layer contains general recipes for the Arm architecture, such as firmware, FVPs, and Arm-specific integration.
meta-arm-bsp:
This layer provides support for Arm reference platforms
* meta-arm-bsp
meta-arm-iota:
This layer provides support for Arm's IOTA Linux Distribution
This layer contains machines for Arm reference platforms, for example FVP Base, Corstone1000, and Juno.
meta-arm-toolchain:
This layer provides support for Arm's GNU-A toolset releases
* meta-arm-toolchain
This layer contains recipes for Arm's binary toolchains (GCC and Clang for -A and -M), and a recipe to build Arm's GCC.
Other Directories
-----------------
* ci
This directory contains gitlab continuous integration configuration files (KAS yaml files) as well as scripts needed for this.
* documentation
This directory contains information on the files in this repository, building, and other relevant documents.
* kas
This directory contains KAS yaml files to describe builds for systems not used in CI.
* scripts
This directory contains scripts used in running the CI tests.
Mailing List
------------
To interact with the meta-arm developer community, please email the meta-arm mailing list at <meta-arm@lists.yoctoproject.org>.
Currently, it is configured to only allow emails to members from those subscribed.
To subscribe to the meta-arm mailing list, please go to
https://lists.yoctoproject.org/g/meta-arm
meta-arm-autonomy:
This layer provides a reference stack for autonomous systems.
Contributing
------------
@@ -46,51 +25,25 @@ Currently, we only accept patches from the meta-arm mailing list. For general
information on how to submit a patch, please read
https://www.openembedded.org/wiki/How_to_submit_a_patch_to_OpenEmbedded
E-mail <meta-arm@lists.yoctoproject.org> with patches created using this process. You can configure git-send-email to automatically use this address for the meta-arm repository with the following git command:
E-mail meta-arm@lists.yoctoproject.org with patches created using this process. You can configure git-send-email to automatically use this address for the meta-arm repository with the following git command:
`$ git config --local --add sendemail.to meta-arm@lists.yoctoproject.org`
$ git config --local --add sendemail.to meta-arm@lists.yoctoproject.org
Commits and patches added should follow the OpenEmbedded patch guidelines:
https://www.openembedded.org/wiki/Commit_Patch_Message_Guidelines
The component being changed in the shortlog should be prefixed with the layer name (without the meta- prefix), for example:
> arm-bsp/trusted-firmware-a: decrease frobbing level
> arm-toolchain/gcc: enable foobar v2
arm-bsp/trusted-firmware-a: decrease frobbing level
All contributions are under the [MIT License](/COPYING.MIT).
For a quick start guide on how to build and use meta-arm, go to [quick-start.md](/documentation/quick-start.md).
For information on the continuous integration done on meta-arm and how to use it, go to [continuous-integration-and-kas.md](/documentation/continuous-integration-and-kas.md).
Backporting
--------------
Backporting patches to older releases may be done upon request, but only after a version of the patch has been accepted into the master branch. This is done by adding the branch name to email subject line. This should be between the square brackets (e.g., "[" and "]"), and before or after the "PATCH". For example,
> [nanbield PATCH] arm/linux-yocto: backport patch to fix 6.5.13 networking issues
Automatic backporting will be done to all branches if the "Fixes: <SHA>" wording is added to the patch commit message. This is similar to how the Linux kernel community does their LTS kernel backporting. For more information see the "Fixes" portion of
https://www.kernel.org/doc/html/latest/process/submitting-patches.html#submittingpatches
Releases and Release Schedule
--------------
We follow the Yocto Project release methodology, schedule, and stable/LTS support timelines. For more information on these, please reference:
* https://docs.yoctoproject.org/ref-manual/release-process.html
* https://wiki.yoctoproject.org/wiki/Releases
* https://wiki.yoctoproject.org/wiki/Stable_Release_and_LTS
For more in-depth information on the meta-arm release and branch methodology, go to </documentation/releases.md>.
arm-toolchain/gcc: enable foobar v2
Reporting bugs
--------------
E-mail <meta-arm@lists.yoctoproject.org> with the error encountered and the steps
E-mail meta-arm@lists.yoctoproject.org with the error encountered and the steps
to reproduce the issue.
Security and Reporting Security Issues
--------------
For information on the security of meta-arm and how to report issues, please consult [SECURITY.md](/SECURITY.md).
Maintainer(s)
-------------
* Jon Mason <jon.mason@arm.com>
-46
View File
@@ -1,46 +0,0 @@
# Reporting vulnerabilities
Arm takes security issues seriously and welcomes feedback from researchers and
the security community in order to improve the security of its products and
services. We operate a coordinated disclosure policy for disclosing
vulnerabilities and other security issues.
Security issues can be complex and one single timescale doesn't fit all
circumstances. We will make best endeavours to inform you when we expect
security notifications and fixes to be available and facilitate coordinated
disclosure when notifications and patches/mitigations are available.
## How to Report a Potential Vulnerability?
If you would like to report a public issue (for example, one with a released CVE
number), please contact the meta-arm mailing list at
meta-arm@lists.yoctoproject.org and arm-security@arm.com.
If you are dealing with a not-yet released or urgent issue, please send a mail
to the maintainers \(see [README.md](/README.md)\) and arm-security@arm.com, including as much
detail as possible. Encrypted emails using PGP are welcome.
For more information, please visit https://developer.arm.com/support/arm-security-updates/report-security-vulnerabilities.
## Branches maintained with security fixes
meta-arm follows the Yocto release model, so see
[Stable release and LTS](https://wiki.yoctoproject.org/wiki/Stable_Release_and_LTS)
for detailed info regarding the policies and maintenance of stable
branches.
The [Release page](https://wiki.yoctoproject.org/wiki/Releases) contains a list of all
releases of the Yocto Project. Versions in grey are no longer actively maintained with
security patches, but well-tested patches may still be accepted for them for
significant issues.
# Disclaimer
Arm reference solutions are Arm public example software projects that track and
pull upstream components, incorporating their respective security fixes
published over time. Arm partners are responsible for ensuring that the
components they use contain all the required security fixes, if and when they
deploy a product derived from Arm reference solutions.
+6
View File
@@ -0,0 +1,6 @@
header:
version: 9
includes:
- base.yml
machine: a5ds
-6
View File
@@ -1,6 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 11
includes:
- kas/arm-systemready-firmware.yml
-19
View File
@@ -1,19 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 11
includes:
- kas/arm-systemready-ir-acs.yml
env:
ACS_TEST: "0"
local_conf_header:
testimage: |
TESTIMAGE_AUTO = "${ACS_TEST}"
target:
- arm-systemready-ir-acs
- arm-systemready-linux-distros-debian
- arm-systemready-linux-distros-opensuse
- arm-systemready-linux-distros-fedora
+6
View File
@@ -0,0 +1,6 @@
header:
version: 9
local_conf_header:
libc: |
GCCVERSION = "arm-9.2"
+20 -26
View File
@@ -1,51 +1,45 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
version: 9
distro: poky
defaults:
repos:
branch: whinlatter
refspec: gatesgarth
repos:
bitbake:
url: https://git.openembedded.org/bitbake
branch: "2.16"
layers:
bitbake: disabled
core:
url: https://git.openembedded.org/openembedded-core
layers:
meta:
meta-yocto:
url: https://git.yoctoproject.org/meta-yocto
layers:
meta-poky:
meta-arm:
layers:
meta-arm:
meta-arm-bsp:
meta-arm-toolchain:
poky:
url: https://git.yoctoproject.org/git/poky
layers:
meta:
meta-poky:
env:
BB_LOGCONFIG: ""
TOOLCHAIN_DIR: ""
local_conf_header:
base: |
CONF_VERSION = "2"
BB_SERVER_TIMEOUT = "300"
CONF_VERSION = "1"
PACKAGE_CLASSES = "package_ipk"
LICENSE_FLAGS_WHITELIST += "armcompiler"
PACKAGECONFIG_remove_pn-qemu-system-native = "gtk+ sdl"
EXTRA_IMAGE_FEATURES_append = " debug-tweaks"
BB_NUMBER_THREADS = "16"
PARALLEL_MAKE = "-j16"
INHERIT += "rm_work"
extrapackages: |
CORE_IMAGE_EXTRA_INSTALL += "perf"
CORE_IMAGE_EXTRA_INSTALL:append:aarch64 = " gator-daemon"
PACKAGECONFIG_append_pn-perf = " coresight"
ptest: |
DISTRO_FEATURES_remove = "ptest"
machine: unset
target:
- core-image-sato
- core-image-base
- perf
+9
View File
@@ -0,0 +1,9 @@
header:
version: 9
target:
- binutils-cross-aarch64
- gcc-cross-aarch64
- python3-native
- opkg-native
- rpm-native
+6 -8
View File
@@ -2,7 +2,6 @@
from pathlib import Path
import sys
from listmachines import list_machines
metaarm = Path.cwd()
@@ -10,16 +9,15 @@ if metaarm.name != "meta-arm":
print("Not running inside meta-arm")
sys.exit(1)
# Find all layers
layers = (p.name for p in metaarm.glob("meta-*") if p.is_dir())
# All machine configurations
machines = list_machines(layers)
machines = metaarm.glob("meta-*/conf/machine/*.conf")
machines = set(p.stem for p in machines)
# All kas files
kas = metaarm.glob("ci/*.yml")
kas = set(p.stem for p in kas)
# All ci files
ci = metaarm.glob("ci/*.yml")
ci = set(p.stem for p in ci)
missing = machines - kas
missing = machines - ci
print(f"The following machines are missing: {', '.join(sorted(missing))}.")
covered = len(machines) - len(missing)
+8 -5
View File
@@ -1,8 +1,11 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
version: 9
repos:
meta-clang:
url: https://github.com/kraj/meta-clang
refspec: gatesgarth
local_conf_header:
toolchain: |
PREFERRED_TOOLCHAIN_TARGET = "clang"
clang: |
TOOLCHAIN = "clang"
-13
View File
@@ -1,13 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
includes:
- ci/base.yml
- ci/meta-openembedded.yml
- ci/meta-secure-core.yml
- kas/corstone1000-image-configuration.yml
target:
- core-image-minimal
- perf
-10
View File
@@ -1,10 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
includes:
- kas/corstone1000-firmware-only.yml
target:
- corstone1000-flash-firmware-image
- perf
-9
View File
@@ -1,9 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
includes:
- ci/corstone1000-common.yml
- ci/fvp.yml
machine: corstone1000-fvp
-8
View File
@@ -1,8 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
includes:
- ci/corstone1000-common.yml
machine: corstone1000-mps3
+10
View File
@@ -0,0 +1,10 @@
header:
version: 9
includes:
- base.yml
machine: corstone700-fvp
local_conf_header:
image: |
CORE_IMAGE_EXTRA_INSTALL = "corstone700-test-app"
+6
View File
@@ -0,0 +1,6 @@
header:
version: 9
includes:
- corstone700-fvp.yml
machine: corstone700-mps3
-21
View File
@@ -1,21 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
local_conf_header:
cve: |
INHERIT += "cve-check"
# Allow the runner environment to provide an API key
NVDCVE_API_KEY = "${@d.getVar('BB_ORIGENV').getVar('NVDCVE_API_KEY') or ''}"
# Just show the warnings for our layers
CVE_CHECK_SHOW_WARNINGS = "0"
CVE_CHECK_SHOW_WARNINGS:layer-arm-toolchain = "1"
CVE_CHECK_SHOW_WARNINGS:layer-meta-arm = "1"
CVE_CHECK_SHOW_WARNINGS:layer-meta-arm-bsp = "1"
CVE_CHECK_SHOW_WARNINGS:layer-meta-arm-systemready = "1"
# Ignore the kernel, we sometime carry kernels in meta-arm
CVE_CHECK_SHOW_WARNINGS:pn-linux-yocto = "0"
-9
View File
@@ -1,9 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
# Add universally helpful features when testing boards
local_conf_header:
rootlogin: |
EXTRA_IMAGE_FEATURES:append = " allow-empty-password empty-root-password allow-root-login"
-31
View File
@@ -1,31 +0,0 @@
#! /usr/bin/env python3
"""
Download the lockfile.yml produced by a CI pipeline, specified by the GitLab
server, full name of the meta-arm project, and the refspec that was executed.
For example,
$ ./download-lockfile.py https://gitlab.com/ rossburton/meta-arm master
SPDX-FileCopyrightText: Copyright 2023 Arm Limited and Contributors
SPDX-License-Identifier: GPL-2.0-only
"""
import argparse
import gitlab
import io
import zipfile
parser = argparse.ArgumentParser()
parser.add_argument("server", help="GitLab server name")
parser.add_argument("project", help="meta-arm project name")
parser.add_argument("refspec", help="Branch/commit")
args = parser.parse_args()
gl = gitlab.Gitlab(args.server)
project = gl.projects.get(args.project)
artefact = project.artifacts.download(ref_name=args.refspec, job="update-repos")
z = zipfile.ZipFile(io.BytesIO(artefact))
z.extract("lockfile.yml")
print("Fetched lockfile.yml")
-17
View File
@@ -1,17 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
local_conf_header:
bootfirmware: |
PREFERRED_PROVIDER_virtual/bootloader = "edk2-firmware"
MACHINE_FEATURES += "efi"
TFA_UBOOT = "0"
TFA_UEFI = "1"
EXTRA_IMAGEDEPENDS += "edk2-firmware"
EFI_PROVIDER ?= "grub-efi"
QB_DEFAULT_BIOS = "QEMU_EFI.fd"
WKS_FILE ?= "efi-disk.wks.in"
+8
View File
@@ -0,0 +1,8 @@
header:
version: 9
local_conf_header:
cc: |
PNBLACKLIST[gcc-cross-arm] = "Using external toolchain"
TCMODE = "external-arm"
EXTERNAL_TOOLCHAIN = "${TOPDIR}/toolchains/${TARGET_ARCH}"
+6
View File
@@ -0,0 +1,6 @@
header:
version: 9
includes:
- base.yml
machine: foundation-armv8
+6
View File
@@ -0,0 +1,6 @@
header:
version: 9
includes:
- base.yml
machine: fvp-base-arm32
-35
View File
@@ -1,35 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
includes:
- ci/fvp-base.yml
- ci/meta-openembedded.yml
local_conf_header:
trusted_services: |
# Enable the needed test suites
TEST_SUITES:append = " trusted_services"
# Include all Secure Partitions into the image
MACHINE_FEATURES:append = " arm-ffa ts-crypto ts-storage ts-its"
MACHINE_FEATURES:append = " ts-attestation ts-smm-gateway optee-spmc-test"
MACHINE_FEATURES:append = " ts-block-storage ts-fwu ts-logging"
MACHINE_FEATURES:append = " arm-branch-protection"
SMMGW_AUTH_VAR = "1"
# Include TS demo/test tools into image
IMAGE_INSTALL:append = " packagegroup-ts-tests"
# Include TS PSA Arch tests into image
IMAGE_INSTALL:append = " packagegroup-ts-tests-psa"
CORE_IMAGE_EXTRA_INSTALL += "optee-test"
# Set the TS environment
TS_ENV = "sp"
# Enable and configure semihosting
FVP_CONFIG[cluster0.cpu0.semihosting-cwd] = "${DEPLOY_DIR_IMAGE}"
FVP_CONFIG[cluster0.cpu1.semihosting-cwd] = "${DEPLOY_DIR_IMAGE}"
FVP_CONFIG[cluster0.cpu2.semihosting-cwd] = "${DEPLOY_DIR_IMAGE}"
FVP_CONFIG[cluster0.cpu3.semihosting-cwd] = "${DEPLOY_DIR_IMAGE}"
FVP_CONFIG[cluster1.cpu0.semihosting-cwd] = "${DEPLOY_DIR_IMAGE}"
FVP_CONFIG[cluster1.cpu1.semihosting-cwd] = "${DEPLOY_DIR_IMAGE}"
FVP_CONFIG[cluster1.cpu2.semihosting-cwd] = "${DEPLOY_DIR_IMAGE}"
FVP_CONFIG[cluster1.cpu3.semihosting-cwd] = "${DEPLOY_DIR_IMAGE}"
FVP_CONFIG[semihosting-enable] = "True"
+2 -8
View File
@@ -1,13 +1,7 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
version: 9
includes:
- ci/base.yml
- ci/fvp.yml
- base.yml
machine: fvp-base
target:
- core-image-full-cmdline
- boot-wrapper-aarch64
-12
View File
@@ -1,12 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
local_conf_header:
testimagefvp: |
LICENSE_FLAGS_ACCEPTED += "Arm-FVP-EULA"
IMAGE_CLASSES += "fvpboot"
networking_failing_tests: |
# These tests currently fail as the wrong IP for the build host is used
TEST_SUITES:remove = "opkg dnf"
-31
View File
@@ -1,31 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
# Simple target to build the FVPs that are publically available
header:
version: 14
includes:
- ci/base.yml
machine: qemuarm64
local_conf_header:
license: |
LICENSE_FLAGS_ACCEPTED += "Arm-FVP-EULA"
sdk: |
SDKMACHINE = "x86_64"
target:
# Target packages to test aarch64
- fvp-base-a-aem
- fvp-corstone1000
- fvp-rd1-ae
- fvp-v3-r1
# Nativesdk to test x86-64
- nativesdk-fvp-base-a-aem
- nativesdk-fvp-corstone1000
- nativesdk-fvp-rd1-ae
- nativesdk-fvp-v3-r1
# These are x86 only... :(
- nativesdk-fvp-sgi575
- nativesdk-fvp-tc3
-9
View File
@@ -1,9 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
#NOTE: This is the default. This is only being added for completeness/clarity
local_conf_header:
toolchain: |
PREFERRED_TOOLCHAIN_TARGET = "gcc"
+21
View File
@@ -0,0 +1,21 @@
header:
version: 9
includes:
- base.yml
repos:
meta-arm:
layers:
meta-gem5:
meta-openembedded:
url: https://git.openembedded.org/meta-openembedded
layers:
meta-oe:
machine: gem5-arm64
target:
- core-image-minimal
- perf
- gem5-aarch64-native
-21
View File
@@ -1,21 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
includes:
- ci/base.yml
repos:
meta-yocto:
layers:
meta-yocto-bsp:
local_conf_header:
bootloader: |
# If running genericarm64 in a qemu we need to manually build the bootloader
EXTRA_IMAGEDEPENDS += "virtual/bootloader"
sshpregen: |
# Allow the use of the pregen keys as this is CI so safe
COMPATIBLE_MACHINE:pn-ssh-pregen-hostkeys:genericarm64 = "genericarm64"
machine: genericarm64
+46
View File
@@ -0,0 +1,46 @@
#!/bin/bash
set -u
HOST_ARCH=$(uname -m)
VER="10.2-2020.11"
DOWNLOAD_DIR=$1
TOOLCHAIN_DIR=$2
TOOLCHAIN_LINK_DIR=$3
# These should be already created by .gitlab-ci.yml, but do here if run outside of that env
mkdir -p $DOWNLOAD_DIR $TOOLCHAIN_DIR $TOOLCHAIN_LINK_DIR
if [ $HOST_ARCH = "aarch64" ]; then
#AArch64 Linux hosted cross compilers
#AArch32 target with hard float (arm-none-linux-gnueabihf)
wget -P $DOWNLOAD_DIR -nc https://developer.arm.com/-/media/Files/downloads/gnu-a/$VER/binrel/gcc-arm-$VER-$HOST_ARCH-arm-none-linux-gnueabihf.tar.xz
elif [ $HOST_ARCH = "x86_64" ]; then
#x86_64 Linux hosted cross compilers
#AArch32 target with hard float (arm-linux-none-gnueabihf)
wget -P $DOWNLOAD_DIR -nc https://developer.arm.com/-/media/Files/downloads/gnu-a/$VER/binrel/gcc-arm-$VER-$HOST_ARCH-arm-none-linux-gnueabihf.tar.xz
#AArch64 GNU/Linux target (aarch64-none-linux-gnu)
wget -P $DOWNLOAD_DIR -nc https://developer.arm.com/-/media/Files/downloads/gnu-a/$VER/binrel/gcc-arm-$VER-$HOST_ARCH-aarch64-none-linux-gnu.tar.xz
#AArch64 GNU/Linux target (aarch64_be-none-linux-gnu)
wget -P $DOWNLOAD_DIR -nc https://developer.arm.com/-/media/Files/downloads/gnu-a/$VER/binrel/gcc-arm-$VER-$HOST_ARCH-aarch64_be-none-linux-gnu.tar.xz
else
echo "ERROR - Unknown build arch of $HOST_ARCH"
exit 1
fi
for i in arm aarch64 aarch64_be; do
if [ ! -d $TOOLCHAIN_DIR/gcc-arm-$VER-$HOST_ARCH-$i-none-linux-gnu*/ ]; then
if [ ! -f $DOWNLOAD_DIR/gcc-arm-$VER-$HOST_ARCH-$i-none-linux-gnu*.tar.xz ]; then
continue
fi
tar -C $TOOLCHAIN_DIR -axvf $DOWNLOAD_DIR/gcc-arm-$VER-$HOST_ARCH-$i-none-linux-gnu*.tar.xz
fi
# Setup a link for the toolchain to use local to the building machine (e.g., not in a shared location)
ln -s $TOOLCHAIN_DIR/gcc-arm-$VER-$HOST_ARCH-$i-none-linux-gnu* $TOOLCHAIN_LINK_DIR/$i
done
-9
View File
@@ -1,9 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
#NOTE: This is the default for poky. This is only being added for completeness/clarity
local_conf_header:
libc: |
TCLIBC = "glibc"
+11 -35
View File
@@ -1,43 +1,19 @@
#! /bin/bash
# This script is expecting an input of machine name, optionally followed by a
# colon and a list of one or more parameters separated by commas between
# brackets. For example, the following are acceptable:
# corstone1000-mps3
# fvp-base: [testimage]
# qemuarm64-secureboot: [clang, glibc, testimage]
# This argument should be quoted to avoid expansion and to be handled
# as a single value.
#
# Any further arguments will be handled as further yml file basenames.
#
# Turn this list into a series of yml files separated by colons to pass to kas
# Read a GitLab CI job name on $1 and transform it to a
# list of Kas yaml files
set -e -u
# First, parse the GitLab CI job name (CI_JOB_NAME via $1) and accumulate a list
# of Kas files.
JOBNAME="$1"
shift
# Read Job namne from $1 and split on /
IFS=/ read -r -a PARTS<<<$1
# The base name of the job
FILES="ci/$(echo $JOBNAME | cut -d ':' -f 1).yml"
# Prefix each part with ci/
PARTS=("${PARTS[@]/#/ci/}")
# The list of matrix variations
for i in $(echo $JOBNAME | cut -s -d ':' -f 2 | sed 's/[][,]//g'); do
# Given that there are no yml files for gcc or glibc, as those are the
# defaults, we can simply ignore those parameters. They are necessary
# to pass in so that matrix can correctly setup all of the permutations
# of each individual run.
if [[ $i == 'none' ]]; then
continue
fi
FILES+=":ci/$i.yml"
done
# Suffix each part with .yml
PARTS=("${PARTS[@]/%/.yml}")
# Now pick up any further names
for i in $*; do
FILES+=":ci/$i.yml"
done
echo $FILES
# Print colon-separated
IFS=":"
echo "${PARTS[*]}"
-15
View File
@@ -1,15 +0,0 @@
#! /bin/bash
# $ ci/junit.sh <build directory>
#
# If there is a OEQA test report in JSON format present in the build directory,
# transform it to JUnit XML using resulttool.
set -e -u
BUILDDIR=$1
JSON=$BUILDDIR/tmp/log/oeqa/testresults.json
if test -f $JSON; then
resulttool junit $JSON
fi
+2 -4
View File
@@ -1,8 +1,6 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
version: 9
includes:
- ci/base.yml
- base.yml
machine: juno
-8
View File
@@ -1,8 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
local_conf_header:
kernel: |
PREFERRED_PROVIDER_virtual/kernel = "linux-yocto-dev"
-8
View File
@@ -1,8 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
local_conf_header:
kernel: |
PREFERRED_PROVIDER_virtual/kernel = "linux-yocto-rt"
-9
View File
@@ -1,9 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
#NOTE: This is the default for poky. This is only being added for completeness/clarity
local_conf_header:
kernel: |
PREFERRED_PROVIDER_virtual/kernel = "linux-yocto"
-29
View File
@@ -1,29 +0,0 @@
#! /usr/bin/env python3
import pathlib
import typing
import sys
"""
List all of the machines available under the listed sub-layers of meta-arm.
"""
def list_machines(layers: typing.Sequence[str]) -> typing.Set[str]:
machines = set()
# We know we're in meta-arm/scripts, so find the top-level directory
metaarm = pathlib.Path(__file__).resolve().parent.parent
if metaarm.name != "meta-arm":
raise Exception("Not running inside meta-arm")
for layer in layers:
machines |= set(p.stem for p in (metaarm / layer / "conf" / "machine").glob("*.conf"))
return machines
if __name__ == "__main__":
if len(sys.argv) > 1:
machines = list_machines(sys.argv[1:])
print(" ".join(sorted(machines)))
sys.exit(0)
else:
print("Usage:\n$ %s [layer name ...] " % sys.argv[0])
sys.exit(1)
-14
View File
@@ -1,14 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
repos:
meta-openembedded:
url: https://git.openembedded.org/meta-openembedded
layers:
meta-filesystems:
meta-networking:
meta-oe:
meta-python:
meta-perl:
+9
View File
@@ -0,0 +1,9 @@
header:
version: 9
repos:
meta-openembedded:
url: https://git.openembedded.org/meta-openembedded
layers:
meta-oe:
meta-python:
-13
View File
@@ -1,13 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
repos:
meta-secure-core:
url: https://github.com/Wind-River/meta-secure-core.git
layers:
meta-secure-core-common:
meta-signing-key:
meta-efi-secure-boot:
-10
View File
@@ -1,10 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
includes:
- ci/meta-openembedded.yml
repos:
meta-virtualization:
url: https://git.yoctoproject.org/meta-virtualization
+8
View File
@@ -0,0 +1,8 @@
header:
version: 9
includes:
- meta-python.yml
repos:
meta-zephyr:
url: https://git.yoctoproject.org/git/meta-zephyr
+4 -5
View File
@@ -1,12 +1,11 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
version: 9
includes:
- ci/base.yml
- ci/meta-openembedded.yml
- base.yml
- meta-zephyr.yml
machine: musca-b1
target:
- trusted-firmware-m
- zephyr-philosophers
+3 -5
View File
@@ -1,10 +1,8 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
version: 9
includes:
- ci/base.yml
- ci/meta-openembedded.yml
- base.yml
- meta-python.yml
machine: musca-s1
+1 -3
View File
@@ -1,7 +1,5 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
version: 9
local_conf_header:
libc: |
+6
View File
@@ -0,0 +1,6 @@
header:
version: 9
includes:
- base.yml
machine: n1sdp
-286
View File
@@ -1,286 +0,0 @@
#! /usr/bin/env python3
#
# SPDX-License-Identifier: GPL-2.0-only
#
# TODO
# - option to just list all broken files
# - test suite
# - validate signed-off-by
import argparse
import collections
import json
import os
import re
import subprocess
status_values = (
"accepted",
"pending",
"inappropriate",
"backport",
"submitted",
"denied",
)
class PatchResult:
# Whether the patch has an Upstream-Status or not
missing_upstream_status = False
# If the Upstream-Status tag is malformed in some way (string for bad bit)
malformed_upstream_status = None
# If the Upstream-Status value is unknown (boolean)
unknown_upstream_status = False
# The upstream status value (Pending, etc)
upstream_status = None
# Whether the patch has a Signed-off-by or not
missing_sob = False
# Whether the Signed-off-by tag is malformed in some way
malformed_sob = False
# The Signed-off-by tag value
sob = None
# Whether a patch looks like a CVE but doesn't have a CVE tag
missing_cve = False
class Summary:
total = 0
cve_missing = 0
sob_missing = 0
sob_malformed = 0
status_missing = 0
status_malformed = 0
status_pending = 0
def blame_patch(patch):
"""
From a patch filename, return a list of "commit summary (author name <author
email>)" strings representing the history.
"""
return subprocess.check_output(("git", "log",
"--follow", "--find-renames", "--diff-filter=A",
"--format=%s (%aN <%aE>)",
"--", patch)).decode("utf-8").splitlines()
def patchreview(patches):
# General pattern: start of line, optional whitespace, tag with optional
# hyphen or spaces, maybe a colon, some whitespace, then the value, all case
# insensitive.
sob_re = re.compile(r"^[\t ]*(Signed[-_ ]off[-_ ]by:?)[\t ]*(.+)", re.IGNORECASE | re.MULTILINE)
status_re = re.compile(r"^[\t ]*(Upstream[-_ ]Status:?)[\t ]*(\w*)", re.IGNORECASE | re.MULTILINE)
cve_tag_re = re.compile(r"^[\t ]*(CVE:)[\t ]*(.*)", re.IGNORECASE | re.MULTILINE)
cve_re = re.compile(r"cve-[0-9]{4}-[0-9]{4,6}", re.IGNORECASE)
results = {}
for patch in patches:
result = PatchResult()
results[patch] = result
content = open(patch, encoding="ascii", errors="ignore").read()
# Find the Signed-off-by tag
match = sob_re.search(content)
if match:
value = match.group(1)
if value != "Signed-off-by:":
result.malformed_sob = value
result.sob = match.group(2)
else:
result.missing_sob = True
# Find the Upstream-Status tag
match = status_re.search(content)
if match:
value = match.group(1)
if value != "Upstream-Status:":
result.malformed_upstream_status = value
value = match.group(2).lower()
# TODO: check case
if value not in status_values:
result.unknown_upstream_status = True
result.upstream_status = value
else:
result.missing_upstream_status = True
# Check that patches which looks like CVEs have CVE tags
if cve_re.search(patch) or cve_re.search(content):
if not cve_tag_re.search(content):
result.missing_cve = True
# TODO: extract CVE list
return results
def analyse(results, want_blame=False, verbose=True):
"""
want_blame: display blame data for each malformed patch
verbose: display per-file results instead of just summary
"""
# want_blame requires verbose, so disable blame if we're not verbose
if want_blame and not verbose:
want_blame = False
summary = Summary()
for patch in sorted(results):
r = results[patch]
summary.total += 1
need_blame = False
# Build statistics
if r.missing_sob:
summary.sob_missing += 1
if r.malformed_sob:
summary.sob_malformed += 1
if r.missing_upstream_status:
summary.status_missing += 1
if r.malformed_upstream_status or r.unknown_upstream_status:
summary.status_malformed += 1
# Count patches with no status as pending
summary.status_pending += 1
if r.missing_cve:
summary.cve_missing += 1
if r.upstream_status == "pending":
summary.status_pending += 1
# Output warnings
if r.missing_sob:
need_blame = True
if verbose:
print("Missing Signed-off-by tag (%s)" % patch)
if r.malformed_sob:
need_blame = True
if verbose:
print("Malformed Signed-off-by '%s' (%s)" % (r.malformed_sob, patch))
if r.missing_cve:
need_blame = True
if verbose:
print("Missing CVE tag (%s)" % patch)
if r.missing_upstream_status:
need_blame = True
if verbose:
print("Missing Upstream-Status tag (%s)" % patch)
if r.malformed_upstream_status:
need_blame = True
if verbose:
print("Malformed Upstream-Status '%s' (%s)" % (r.malformed_upstream_status, patch))
if r.unknown_upstream_status:
need_blame = True
if verbose:
print("Unknown Upstream-Status value '%s' (%s)" % (r.upstream_status, patch))
if want_blame and need_blame:
print("\n".join(blame_patch(patch)) + "\n")
return summary
def display_summary(summary, verbose):
def percent(num):
try:
return "%d (%d%%)" % (num, round(num * 100.0 / summary.total))
except ZeroDivisionError:
return "N/A"
if verbose:
print()
print("""Total patches found: %d
Patches missing Signed-off-by: %s
Patches with malformed Signed-off-by: %s
Patches missing CVE: %s
Patches missing Upstream-Status: %s
Patches with malformed Upstream-Status: %s
Patches in Pending state: %s""" % (summary.total,
percent(summary.sob_missing),
percent(summary.sob_malformed),
percent(summary.cve_missing),
percent(summary.status_missing),
percent(summary.status_malformed),
percent(summary.status_pending)))
def generate_metrics(summary, output):
# https://github.com/OpenObservability/OpenMetrics/blob/main/specification/OpenMetrics.md
# Summary attribute name, MetricPoint help
mapping = (
("total", "Total patches"),
("cve_missing", "Patches missing CVE tag"),
("sob_malformed", "Patches with malformed Signed-off-by"),
("sob_missing", "Patches with missing Signed-off-by"),
("status_malformed", "Patches with malformed Upstream-Status"),
("status_missing", "Patches with missing Upstream-Status"),
("status_pending", "Patches with Pending Upstream-Status")
)
for attr, help in mapping:
metric = f"patch_check_{attr}"
value = getattr(summary, attr)
output.write(f"""
# TYPE {metric} gauge
# HELP {help}
{metric} {value}
""")
output.write("\n# EOF\n")
def histogram(results):
import math
from toolz import dicttoolz, recipes
counts = recipes.countby(lambda r: r.upstream_status, results.values())
bars = dicttoolz.valmap(lambda v: "#" * int(math.ceil(float(v) / len(results) * 100)), counts)
for k in bars:
print("%-20s %s (%d)" % (k.capitalize() if k else "No status", bars[k], counts[k]))
def gather_patches(directories):
patches = []
for directory in directories:
filenames = subprocess.check_output(("git", "-C", directory, "ls-files", "recipes-*/**/*.patch", "recipes-*/**/*.diff")).decode("utf-8").split()
patches += [os.path.join(directory, f) for f in filenames]
return patches
if __name__ == "__main__":
args = argparse.ArgumentParser(description="Patch Review Tool")
args.add_argument("-b", "--blame", action="store_true", help="show blame for malformed patches")
args.add_argument("-v", "--verbose", action="store_true", help="show per-patch results")
args.add_argument("-g", "--histogram", action="store_true", help="show patch histogram")
args.add_argument("-j", "--json", help="update JSON")
args.add_argument("-m", "--metrics", type=argparse.FileType('w'), help="write OpenMetrics")
args.add_argument("dirs", metavar="DIRECTORY", nargs="+", help="directory to scan")
args = args.parse_args()
patches = gather_patches(args.dirs)
results = patchreview(patches)
summary = analyse(results, want_blame=args.blame, verbose=args.verbose)
display_summary(summary, verbose=args.verbose)
if args.json:
if os.path.isfile(args.json):
data = json.load(open(args.json))
else:
data = []
row = collections.Counter()
row["total"] = len(results)
row["date"] = subprocess.check_output(["git", "-C", args.dirs[0], "show", "-s", "--pretty=format:%cd", "--date=format:%s"]).decode("utf-8").strip()
for r in results.values():
if r.upstream_status in status_values:
row[r.upstream_status] += 1
if r.malformed_upstream_status or r.missing_upstream_status:
row["malformed-upstream-status"] += 1
if r.malformed_sob or r.missing_sob:
row["malformed-sob"] += 1
data.append(row)
json.dump(data, open(args.json, "w"))
if args.metrics:
generate_metrics(summary, args.metrics)
if args.histogram:
print()
histogram(results)
-4
View File
@@ -1,4 +0,0 @@
header:
version: 14
distro: poky-altcfg
-16
View File
@@ -1,16 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
distro: poky-tiny
local_conf_header:
hacking: |
TEST_SUITES = "_qemutiny ping"
extrapackages: |
# Intentionally blank to prevent perf from being added to the image in base.yml
target:
- core-image-minimal
- perf
-6
View File
@@ -1,6 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
distro: poky
-16
View File
@@ -1,16 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
includes:
- ci/base.yml
machine: qemuarm-secureboot
target:
- core-image-base
local_conf_header:
optee: |
IMAGE_INSTALL:append = " optee-test optee-client optee-os-ta"
TEST_SUITES:append = " optee ftpm"
+2 -4
View File
@@ -1,8 +1,6 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
version: 9
includes:
- ci/base.yml
- base.yml
machine: qemuarm
-17
View File
@@ -1,17 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
includes:
- ci/meta-openembedded.yml
local_conf_header:
trusted_services: |
TEST_SUITES:append = " trusted_services"
# Include TS Crypto, TS Protected Storage, and TS Internal Trusted Storage and SPs into optee-os image
# FIXME - remove TS SMM Gateway due to QEMU v9.0.0 test failures
MACHINE_FEATURES:append = " arm-ffa ts-crypto ts-storage ts-its"
# Include TS demo/test tools into image
IMAGE_INSTALL:append = " packagegroup-ts-tests"
# Include TS PSA Arch tests into image
IMAGE_INSTALL:append = " packagegroup-ts-tests-psa"
+9 -10
View File
@@ -1,17 +1,16 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
version: 9
includes:
- ci/base.yml
- base.yml
machine: qemuarm64-secureboot
local_conf_header:
bugs: |
# Only ping until errors can be resolved
TEST_SUITES = "ping"
target:
- core-image-base
- hafnium
local_conf_header:
optee: |
IMAGE_INSTALL:append = " optee-test optee-client optee-os-ta"
TEST_SUITES:append = " optee ftpm"
- perf
- optee-examples
-8
View File
@@ -1,8 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
includes:
- ci/base.yml
machine: qemuarm64
+7 -4
View File
@@ -1,8 +1,11 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
version: 9
includes:
- ci/base.yml
- base.yml
machine: qemuarmv5
local_conf_header:
bugs: |
# Remove parselogs until errors can be resolved
TEST_SUITES_remove = "parselogs"
-12
View File
@@ -1,12 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
includes:
- ci/base.yml
machine: sbsa-ref
target:
- core-image-sato
- sbsa-acs
-8
View File
@@ -1,8 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
local_conf_header:
secure-debug: |
MACHINE_FEATURES += "secure-debug"
-10
View File
@@ -1,10 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
local_conf_header:
setup: |
BB_LOGCONFIG = ""
SANITY_TESTED_DISTROS = ""
INHERIT:remove = "rm_work"
+2 -10
View File
@@ -1,14 +1,6 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
version: 9
includes:
- ci/base.yml
- ci/fvp.yml
local_conf_header:
sshpregen: |
# Allow the use of the pregen keys as this is CI so safe
COMPATIBLE_MACHINE:pn-ssh-pregen-hostkeys:sgi575 = "sgi575"
- base.yml
machine: sgi575
-11
View File
@@ -1,11 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
local_conf_header:
sstate_mirror: |
BB_HASHSERVE_UPSTREAM = "wss://hashserv.yoctoproject.org/ws"
SSTATE_MIRRORS = "file://.* http://sstate.yoctoproject.org/all/PATH;downloadfilename=PATH"
BB_HASHSERVE = "auto"
BB_SIGNATURE_HANDLER = "OEEquivHash"
+6
View File
@@ -0,0 +1,6 @@
header:
version: 9
includes:
- base.yml
machine: tc0
+9 -11
View File
@@ -1,19 +1,17 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
includes:
- ci/debug.yml
version: 9
local_conf_header:
testimage: |
IMAGE_CLASSES += "testimage"
TESTIMAGE_AUTO = "1"
kvm: |
QEMU_USE_KVM = ""
slirp: |
TEST_RUNQEMUPARAMS = "slirp"
sshd: |
IMAGE_FEATURES += "ssh-server-dropbear"
sshkeys: |
CORE_IMAGE_EXTRA_INSTALL += "ssh-pregen-hostkeys"
TEST_SERVER_IP = "127.0.0.1"
QEMU_USE_SLIRP = "1"
packages: |
IMAGE_FEATURES_append = " ssh-server-dropbear"
# Multiple targets are available, put it down to just one
target:
- core-image-base
-10
View File
@@ -1,10 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
local_conf_header:
tftf: |
TFA_UBOOT = "0"
TFA_UEFI = "0"
TFTF_TESTS = "1"
-20
View File
@@ -1,20 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
includes:
- ci/base.yml
# Target is arm64 and SDK is x86-64 to ensure that we exercise both
# architectures
machine: qemuarm64
local_conf_header:
toolchains: |
SDKMACHINE = "x86_64"
target:
- gcc-aarch64-none-elf
- nativesdk-gcc-aarch64-none-elf
- gcc-arm-none-eabi
- nativesdk-gcc-arm-none-eabi
-10
View File
@@ -1,10 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
local_conf_header:
bootfirmware: |
PREFERRED_PROVIDER_virtual/bootloader = "u-boot"
TFA_UBOOT = "1"
TFA_UEFI = "0"
-51
View File
@@ -1,51 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
# UEFI Secure Boot: A mechanism to ensure that only trusted software is executed
# during the boot process.
header:
version: 14
includes:
- ci/meta-openembedded.yml
- ci/meta-secure-core.yml
local_conf_header:
uefi_secureboot: |
SBSIGN_KEYS_DIR = "${TOPDIR}/sbkeys"
BB_ENV_PASSTHROUGH_ADDITIONS = "SBSIGN_KEYS_DIR"
# Detected by passing kernel parameter
QB_KERNEL_ROOT = ""
# kernel is in the image, should not be loaded separately
QB_DEFAULT_KERNEL = "none"
WKS_FILE = "efi-disk.wks.in"
KERNEL_IMAGETYPE = "Image"
MACHINE_FEATURES:append = " efi uefi-secureboot uefi-http-boot uefi-capsule-updates"
EFI_PROVIDER = "systemd-boot"
# Use systemd as the init system
INIT_MANAGER = "systemd"
IMAGE_INSTALL:append = " systemd systemd-boot util-linux coreutils"
TEST_SUITES:append = " uefi_secureboot uki"
IMAGE_CLASSES += "uki"
IMAGE_CLASSES += "sbsign"
UKI_SB_KEY = "${SBSIGN_KEY}"
UKI_SB_CERT = "${SBSIGN_CERT}"
QB_KERNEL_ROOT = ""
IMAGE_BOOT_FILES:remove = "Image"
INITRAMFS_IMAGE = "core-image-initramfs-boot"
# not for initramfs image recipe
IMAGE_CLASSES:remove:pn-core-image-initramfs-boot = "uki"
IMAGE_CLASSES:remove:pn-core-image-initramfs-boot = "sbsign"
IMAGE_CLASSES:remove:pn-core-image-initramfs-boot = "testimage"
IMAGE_FEATURES:remove:pn-core-image-initramfs-boot = "ssh-server-dropbear"
CORE_IMAGE_EXTRA_INSTALL:remove:pn-core-image-initramfs-boot = "ssh-pregen-hostkeys"
+5 -19
View File
@@ -4,7 +4,6 @@
import sys
import os
import shutil
import subprocess
import pathlib
@@ -20,9 +19,11 @@ def repo_shortname(url):
.replace('*', '.'))
repositories = (
"https://git.yoctoproject.org/poky",
"https://git.yoctoproject.org/git/poky",
"https://git.openembedded.org/meta-openembedded",
"https://git.yoctoproject.org/meta-virtualization",
"https://git.yoctoproject.org/git/meta-virtualization",
"https://git.yoctoproject.org/git/meta-zephyr",
"https://github.com/kraj/meta-clang",
)
if __name__ == "__main__":
@@ -31,25 +32,10 @@ if __name__ == "__main__":
sys.exit(1)
base_repodir = pathlib.Path(os.environ["KAS_REPO_REF_DIR"])
failed = False
for repo in repositories:
repodir = base_repodir / repo_shortname(repo)
if "CI_CLEAN_REPOS" in os.environ:
print("Cleaning %s..." % repo)
shutil.rmtree(repodir, ignore_errors=True)
if repodir.exists():
try:
print("Updating %s..." % repo)
subprocess.run(["git", "-C", repodir, "-c", "gc.autoDetach=false", "fetch", repo], check=True)
except subprocess.CalledProcessError as e:
print(e)
failed = True
subprocess.run(["git", "-C", repodir, "fetch"], check=True)
else:
print("Cloning %s..." % repo)
subprocess.run(["git", "clone", "--bare", repo, repodir], check=True)
if failed:
sys.exit(128)
-16
View File
@@ -1,16 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
includes:
- ci/meta-virtualization.yml
- ci/poky-altcfg.yml
local_conf_header:
meta-virt: |
DISTRO_FEATURES:append = " virtualization xen"
sshd: |
IMAGE_FEATURES:append = " ssh-server-openssh"
target:
- xen-image-minimal
@@ -1,67 +0,0 @@
# **CI for Yocto Project and meta-arm**
# **CI for Yocto Project**
The Yocto Project has an autobuilder that performs nightly builds and image tests on all of the defined QEMU machines, including qemuarm and qemuarm64 Also, it currently runs builds on the hardware reference platforms including genericarm64 and meta-arm mahines fvp-base and sbsa-ref. More information on the autobuilder can be found at <https://autobuilder.yoctoproject.org/>.
More information on the image tests can be found at <https://wiki.yoctoproject.org/wiki/Image_tests>.
The Yocto Project also has the ability to have individual package tests, ptests.  For more information on those, go to <https://wiki.yoctoproject.org/wiki/Ptest>.
# **CI for meta-arm**
meta-arm is using the Gitlab CI infrastructure.  This is currently being done internal to Arm, but an external version can be seen at <https://gitlab.com/jonmason00/meta-arm/-/pipelines>.
This CI is constantly being expanded to provide increased coverage of the software and hardware supported in meta-arm. All platforms are required to add a kas file and `.gitlab-ci.yml` entry as part of the initial patch series. More information on kas can be found at <https://github.com/siemens/kas>.
To this end, it would be wise to run kas locally to verify everything works prior to pushing to the CI build system.
## **Running kas locally**
### **Install kas**
kas can be installed with pip, for example:
```
$ pip3 install --user kas
```
See <https://kas.readthedocs.io/en/latest/userguide/getting-started.html> for information on the dependencies and more.
This assumes that the kas path ($HOME/.local/bin) is in $PATH. If not, the user will need to manually add this or the kas command will not be found.
### **Run kas locally**
```
$ cd ~/meta-arm/
$ kas build kas/juno.yml
```
By default kas will create a build directory under meta-arm to contain the checked out layers, build directory, and downloads.  You can change this by setting environment variables. DL\_DIR and SSTATE\_DIR are respected so these can point at existing directories, and setting KAS\_WORK\_DIR to the directory where repositories are already cloned will save having to re-fetch. This can look something like:
```
$ SSTATE_DIR=/builds/persist/sstate DL_DIR=/builds/persist/downloads kas build ci/qemuarm64.yml:ci/testimage.yml
```
See the [quick start guide](/documentation/quick-start.md) for more information on how to set this up.
## **Locked Revisions in CI with lockfiles**
The CI in meta-arm will generate a kas "lock file" when it starts to ensure that all of the builds checkout the same revision of the various different layers that are used. If this isn't done then there's a chance that a layer will be modified upstream during the CI, which results in some builds failing and some builds passing.
This lock file is saved as an artefact of the update-repos job by the CI, and only generated if it doesn't already exist in the repository. This can be used to force specific revisions of layers to be used instead of HEAD, which can be useful if upstream changes are causing problems in development.
The lockfile.yml can be downloaded manually, but there's a script in meta-arm to fetch the lock file for the latest successful build of the specified branch:
```
$ ./ci/download-lockfile.py --help
usage: download-lockfile.py [-h] server project refspec
positional arguments:
server GitLab server name
project meta-arm project name
refspec Branch/commit
$ ./ci/download-lockfile.py https://gitlab.com/jonmason00/meta-arm master
Fetched lockfile.yml
Commit this lockfile.yml to the top-level of the meta-arm repository and the CI will use it automatically.
```
# **Relevant Links for kas, CI, and testing**
<https://github.com/siemens/kas.git>
<https://wiki.yoctoproject.org/wiki/Oe-selftest>
<https://wiki.yoctoproject.org/wiki/Image_tests>
<https://wiki.yoctoproject.org/wiki/Ptest>
<https://wiki.yoctoproject.org/wiki/BSP_Test_Plan>
-49
View File
@@ -1,49 +0,0 @@
# OEQA on Arm FVPs
OE-Core's [oeqa][OEQA] framework provides a method of performing runtime tests on machines using the `testimage` Yocto task. meta-arm has good support for writing test cases against [Arm FVPs][FVP], meaning the [runfvp][RUNFVP] boot configuration can be re-used.
Tests can be configured to run automatically post-build by setting the variable `TESTIMAGE_AUTO="1"`, e.g. in your Kas file or local.conf.
meta-arm provides the OEFVPTarget which must be set up in the machine configuration:
```
TEST_TARGET = "OEFVPTarget"
TEST_SERVER_IP = "127.0.0.1"
TEST_TARGET_IP = "127.0.0.1:2222"
IMAGE_FEATURES:append = " ssh-server-dropbear"
FVP_CONFIG[bp.virtio_net.hostbridge.userNetPorts] ?= "2222=22"
FVP_CONSOLES[default] = "terminal_0"
FVP_CONSOLES[tf-a] = "s_terminal_0"
```
The test target also generates a log file with the prefix 'fvp_log' in the image recipe's `${WORKDIR}/testimage` containing the FVP's stdout.
OEFVPTarget supports two different test interfaces - SSH and pexpect.
## SSH
As in OEQA in OE-core, tests cases can run commands on the machine using SSH. It therefore requires that an SSH server is installed in the image.
This uses the `run` method on the target, e.g:
```
(status, output) = self.target.run('uname -a')
```
which executes a single command on the target (using `ssh -c`) and returns the status code and the output. It is therefore useful for running tests in a Linux environment.
For examples of test cases, see meta/lib/oeqa/runtime/cases in OE-Core. The majority of test cases depend on `ssh.SSHTest.test_ssh`, which first validates that the SSH connection is functioning.
## pexpect
To support firmware and baremetal testing, OEFVPTarget also allows test cases to make assertions against one or more consoles using the pexpect library.
Internally, this test target launches a [Pexpect][PEXPECT] instance for each entry in FVP_CONSOLES which can be used with the provided alias. The whole Pexpect API is exposed on the target, where the alias is always passed as the first argument, e.g.:
```
self.target.expect('default', r'root@.*\:~#', timeout=30)
self.assertNotIn(b'ERROR:', self.target.before('tf-a'))
```
For an example of a full test case, see meta-arm/lib/oeqa/runtime/cases/linuxboot.py This test case can be used to minimally verify that a machine boots to a Linux shell. The default timeout is 10 minutes, but this can be configured with the variable TEST_FVP_LINUX_BOOT_TIMEOUT, which expects a value in seconds.
[OEQA]: https://docs.yoctoproject.org/test-manual/intro.html
[FVP]: https://developer.arm.com/tools-and-software/simulation-models/fixed-virtual-platforms
[RUNFVP]: runfvp.md
[PEXPECT]: https://pexpect.readthedocs.io/en/stable/overview.html
-105
View File
@@ -1,105 +0,0 @@
# **Yocto Project quick start for Arm system software developers**
If you want to read the The Yocto Project official quick start documentation, go to <https://docs.yoctoproject.org/brief-yoctoprojectqs/index.html>
If that looks like too much reading, then here is how to do it even faster!
# **Step 0: Install build deps and kas**
```
$ sudo apt install gawk wget git diffstat unzip texinfo gcc build-essential chrpath socat cpio python3 python3-pip python3-pexpect xz-utils debianutils iputils-ping python3-git python3-jinja2 libegl1-mesa libsdl1.2-dev python3-subunit mesa-common-dev zstd liblz4-tool file locales libacl1
$ pip install kas
```
OR, if you prefer to use a docker will all that stuff already installed:
```
$ sudo docker run -it --name kas-test --volume /mnt/yocto/:/builds/persist ghcr.io/siemens/kas/kas /bin/bash
```
> **_NOTE:_**
> the “--volume” is the directory where your persistent stuff (like downloads and build artifacts) will go to help speed up your builds and can be sharable amongst your builds/containers.  If you want to go completely clean-room, feel free to remove it
# **Step 1: clone meta-arm and build meta-arm**
```
$ git clone https://git.yoctoproject.org/meta-arm
$ cd meta-arm/
$ SSTATE_DIR=/builds/persist/sstate DL_DIR=/builds/persist/downloads kas build ci/fvp-base.yml:ci/testimage.yml
```
> **_NOTE:_**
> “ci/testimage.yml” will cause the build to run some basic system tests.  If you dont care about verifying basic functionality, then remove it and it should be faster (a few less programs will be added to the system image and the 2-3mins that it takes to run the test will not happen).
> **_NOTE:_**
> You may wish to add the Yocto Project SSTATE Mirror (especially the first time) to speed up the build by downloading the build fragments (built by the Yocto Project autobuilder) from the internet. This can be done by adding "ci/sstate-mirror.yml" in kas or adding the relevant lines to your local.conf. Using the above example:
```
$ SSTATE_DIR=/builds/persist/sstate DL_DIR=/builds/persist/downloads kas build ci/fvp-base.yml:ci/sstate-mirror.yml
```
> **_NOTE:_**
> This only fetches the parts necessary for your build and may take several minutes depending on your internet connection speed. Also, it only fetches what is available. There may still be a need to build things depending on your configuration.
For more information on kas and various commands, please reference <https://kas.readthedocs.io/en/latest/>.
Depending on what software you are building, fvp-base might not be the machine you want to build for.
The following website provides an EXTREMELY rough way to tell what software is in what machines, and what versions are being run:
<https://gitlab.com/jonmason00/meta-arm/-/jobs/artifacts/master/file/update-report/index.html?job=pending-updates>
If, as an example, were wanting to develop trusted-firmware-a; then fvp-base will work for us. 
### **Okay, you are done!  VICTORY!**
### **Oh, you actually wanted to mess around with the system software source code?**
# **Step 2: use devtool to get your source**
Setup your environment via the (non-kas) Yocto Project tools
```
$ source poky/oe-init-build-env
```
Use devtool to checkout the version of software being used on the machine above (in the above example, this will be trusted-firmware-a for fvp-base).
```
$ devtool modify trusted-firmware-a
```
This will download the source, hopefully in git (depending on how the Yocto Project recipe was written), and should print a path at the end where the source code was checked out.  In the trusted-firmware-a example, I got:
> /builder/meta-arm/build/workspace/sources/trusted-firmware-a
Inside of that directory, you should see the relevant source code.  In this example, it is a standard git tree.  So, you can add remotes, checkout different SHAs, etc
Ok, so you are set with your changes and want to build them.
```
$ devtool build trusted-firmware-a
```
This should build the software in question, but it is not yet integrated into a system image.  To do that, run:
```
$ devtool build-image core-image-sato
```
The image should match the image being used on your machine above.  Most of them in meta-arm are set to core-image-sato.  
Also, if you used testimage above, it will run testimage now
### **Okay, you are done!  VICTORY!**
# **Step 3.  Testing your patches outside of devtool**
At this point I will assume you have a patch and want to add it to the base recipe.  Using the above example, in the devtool directory:
```
$ git format-patch -1
0001-example.patch
$ mv 0001-example.patch ~/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/files/
$ cd ~/meta-arm
$ devtool reset trusted-firmware-a
$ echo SRC_URI:append = " file://0001-example.patch" >> meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.10.3.bb
```
> **_NOTE:_**
> there is a space before the “file” and yes it matters very much
At this point, you can go back using kas and verify that the patch works in a clean-ish tree.
```
$ SSTATE_DIR=/builds/persist/sstate DL_DIR=/builds/persist/downloads kas build ci/fvp-base.yml:ci/testimage.yml
```
There is obviously much more that can be done and other ways to do similar things.
## **If there are issues or questions then please ask them on the #meta-arm irc channel on libera.chat**
-43
View File
@@ -1,43 +0,0 @@
# **meta-arm Releases and Branching**
## **Release and Branching background**
The Yocto Project releases twice a year (April and October): "stable" releases are made every six months and have a lifetime of seven months to allow for migration, while "long term support" (LTS) releases are picked every two years starting from Dunfell in April 2020. The standard practice for all Yocto Compatible layers is to create a "named" branch consistent with the code name of that release. For example, the “dunfell” release of the Yocto Project will have a branch named “dunfell” in the official git repository, and layers compatible with dunfell will have a branch named “dunfell”. Thus, a customer can easily organize a collection of appropriate layers to make a product.
In the Yocto Project, these named branches are “stable”, and only take bug fixes or security-critical upgrades. Active development occurs on the master branch. However, this methodology can be problematic if mimicked with the compatible layers. Companies, like Arm, may not wish to release a snapshot of the relevant “master” branches under active development, due to the amount of testing, fixing, and hardening necessary to make a product from a non-stable release. Also, changes to keep the master branch of a layer working with the upstream master branch of the Yocto Project may result in that branch no longer being compatible with named branches (e.g., it might not be possible to mix and match master and dunfell). So, a decision must be made on the branching policy of meta-arm.
## **Adding new Hardware or Software features**
There are many different ways to resolve this issue. After some discussion, the best solution for us is to allow new hardware enablement (and relevant software features) to be included in LTS named branches (not just bug fixes). This will allow for a more stable software platform for software to be developed, tested, and released. Also, the single branch allows for focused testing (limiting the amount of resources needed for CI/CD), lessens/eliminates code diverging on various branches, and lessens confusion on which branch to use. The risk of making this choice is a potentially non-stable branch which will require more frequent testing to lessen the risk, and not following the “stable” methodology of the core Yocto Project layers (though it is not uncommon for BSP layers to behave this way).
## **Process**
The process for patches intended on being integrated into only the master branch is the normal internal process of pushing for code review and CI, approval and integration into upstream meta-arm master branch.
For patches intended on being included in an LTS named branch, the preferred process is to upstream via the master branch, rebase the patch (or series against the intended LTS branch) and send email with the release name in the subject line after the "PATCH" (e.g., "[PATCH dunfell] Add foo to bar").
If there is a time crunch and the preferred way above cannot be completed in time, upstreaming via the LTS branch can occur. This follows the normal process above but without the master integration step. However, any patches upstreamed in this manner must be pushed to master in a timely fashion (after the time crunch). Nagging emails will be sent and managers will be involved as the time grows.
## **Testing**
See [continuous-integration-and-kas.md](/documentation/continuous-integration-and-kas.md) for information how the layer is tested and what tests are run. It is presumed that all code will be compiled as part of the CI process of the gerrit code review. Also, testing on virtual platforms and code conformity checks will be run when enabled in the process.
## **Branching strategy and releases**
Named branches for meta-arm will be released as close as possible to the release of the YP LTS release. Meta-arm named branches will be created from the meta-arm master branch.
To minimize the additional work of maintaining multiple branches it is assumed that there will only be two active development branches at any given time: master and the most recent Long Term Stable (LTS) as the named branch. All previous named LTS branches will be EOLed when a new LTS has been released. Any branches that are EOLed will still exist in the meta-arm, but bug fix patches will be accepted. Limited to no testing will occur on EOLed branches. Exceptions to this can be made, but must be sized appropriately and agreed to by the relevant parties.
Named branch release will coincide with Yocto Project releases. These non-LTS branches will be bug fix only and will be EOLed on the next release (similar to the YP branching behavior).
### **Branch transitions**
When YP is approaching release, meta-arm will attempt to stabilize master so that the releases can coincide.
* T-6 weeks - Email is sent to meta-arm mailing list notifying of upcoming code freeze of features to meta-arm
* T-4 weeks - Code freeze to meta-arm. Only bug fixes are taken at this point.
* T-0 - Official upstream release occurs. With no outstanding critical bugs, a new named branch is created based on the current meta-arm master branch. Previous named branches are now frozen and will not accept new patches (but will continue to be present for reference and legacy usage).
## **Tagging**
### **Branch Tagging**
When each branch is released, a git tag with the Yocto Project version number will be added. For example, `4.3`. Also, this tag version number will be prepended with "yocto" in a duplicate tag (e.g., "yocto-4.3").
Conciding with the Yocto Project release schedule, every branch which has one or more changes added to it in the previous 6 months will get a minor versioned tag (e.g., "4.3.1" and "yocto-4.3.1").
### **BSP Release Tagging**
BSP releases for those boards supported in meta-arm-bsp maybe have an additional tag to denote their software releases. The tag will consist of the board name (in all capital letters), year, and month. For example, "CORSTONE1000-2023.11".
The release schedule for this is outside the standard Yocto Project release candence, but is generally encouraged to be as close to these releases as possible. Similarily, it is recommended the BSP releases be based on the latest LTS branch.
# **Relevant Links**
<https://wiki.yoctoproject.org/wiki/Releases>
-141
View File
@@ -1,141 +0,0 @@
# Running Images with a FVP
The `runfvp` tool in meta-arm makes it easy to run Yocto Project disk images inside a [Fixed Virtual Platform (FVP)][FVP]. Some FVPs, such as the [Arm Architecture Models][AEM], are available free to download, but others need registration or are only available commercially. The `fvp-base` machine in meta-arm-bsp uses one of these AEM models.
## Running images with `runfvp`
To build images with the FVP integration, the `fvpboot` image class needs to be inherited. If the machine does not do this explicitly it can be done in `local.conf`:
```
IMAGE_CLASSES += "fvpboot"
```
The class will download the correct FVP and write a `.fvpconf` configuration file when an image is built.
To run an image in a FVP, pass either a machine name or a `.fvpconf` path to `runfvp`.
```
$ ./meta-arm/scripts/runfvp tmp/deploy/images/fvp-base/core-image-minimal-fvp-base.fvpconf
```
When a machine name is passed, `runfvp` will start the latest image that has been built for that machine. This requires that the BitBake environment has been initialized (using `oe-init-build-env` or similar) as it will start BitBake to determine where the images are.
```
$ ./meta-arm/scripts/runfvp fvp-base
```
Note that currently meta-arm's `scripts` directory isn't in `PATH`, so a full path needs to be used.
`runfvp` will automatically start terminals connected to each of the serial ports that the machine specifies. This can be controlled by using the `--terminals` option, for example `--terminals=none` will mean no terminals are started, and `--terminals=tmux` will start the terminals in [`tmux`][tmux] sessions. Alternatively, passing `--console` will connect the serial port directly to the current session, without needing to open further windows.
The default terminal can also be configured by writing a [INI-style][INI] configuration file to `~/.config/runfvp.conf`:
```
[RunFVP]
Terminal=tmux
```
Arbitrary options can be passed directly to the FVP by specifying them after a double dash, for example this will list all of the FVP parameters:
```
$ runfvp fvp-base -- --list-params
```
## Configuring machines with `fvpboot`
To configure a machine so that it can be ran inside `runfvp`, a number of variables need to be set in the machine configuration file (such as `meta-arm-bsp/conf/machine/fvp-base.conf`).
Note that at present these variables are not stable and their behaviour may be changed in the future.
### `FVP_EXE`
The name of the FVP binary itself, for example `fvp-base` uses `FVP_Base_RevC-2xAEMvA`.
### `FVP_PROVIDER`
The name of the recipe that provides the FVP executable set in `FVP_EXE`, for example `fvp-base` uses `fvp-base-a-aem-native`. This *must* be a `-native` recipe as the binary will be executed on the build host.
There are recipes for common FVPs in meta-arm already, and writing new recipes is trivial. For FVPs which are free to download `fvp-base-a-aem.bb` is a good example. Some FVPs must be downloaded separately as they need an account on Arm's website.
If `FVP_PROVIDER` is not set then it is assumed that `FVP_EXE` is installed on the host already.
### `FVP_BINDIR`
Optional parameter to configure the path of the FVP binary. For example, `fvp-base` uses path from the build host by default. This path can be customized by configuring like below.
```
FVP_BINDIR ?= "utilities/fvp/usr/bin"
```
Potential use case for this parameter configuration is to execute `runfvp` script without the need for bitbake environment initialization.
### `FVP_CONFIG`
Parameters passed to the FVP with the `--parameter`/`-C` option. These are expressed as variable flags so individual parameters can be altered easily. For example:
```
FVP_CONFIG[bp.flashloader0.fname] = "fip-fvp.bin"
```
### `FVP_DATA`
Specify raw data to load at the specified address, passed to the FVP with the `--data` option. This is a space-separated list of parameters in the format `[INST=]FILE@[MEMSPACE:]ADDRESS`. For example:
```
FVP_DATA = "cluster0.cpu0=Image@0x80080000 \
cluster0.cpu0=fvp-base-revc.dtb@0x83000000"
```
### `FVP_APPLICATIONS`
Applications to load on the cores, passed to the FVP with the `--application` option. These are expressed as variable flags with the flag name being the instance and flag value the filename, for example:
```
FVP_APPLICATIONS[cluster0] = "linux-system.axf"
```
Note that symbols are not allowed in flag names, so if you need to use a wildcard in the instance then you'll need to use `FVP_EXTRA_ARGS` and `--application` directly.
### `FVP_TERMINALS`
Map hardware serial ports to abstract names. For example the `FVP_Base_RevC-2xAEMvA` FVP exposes four serial ports, `terminal_0` to `terminal_3`. Typically only `terminal_0` is used in the `fvp-base` machine so this can be named `"Console"` and the others `""`. When runfvp starts terminals it will only start named serial ports, so instead of opening four windows where only one is useful, it will only open one.
For example:
```
FVP_TERMINALS[bp.terminal_0] = "Console"
FVP_TERMINALS[bp.terminal_1] = ""
FVP_TERMINALS[bp.terminal_2] = ""
FVP_TERMINALS[bp.terminal_3] = ""
```
### `FVP_CONSOLES`
This specifies what serial ports can be used in oeqa tests, along with an alias to be used in the test cases. Note that the values have to be the FVP identifier but without the board prefix, for example:
```
FVP_CONSOLES[default] = "terminal_0"
FVP_CONSOLES[tf-a] = "s_terminal_0"
```
The 'default' console is also used when `--console` is passed to runfvp.
### `FVP_EXTRA_ARGS`
Arbitrary extra arguments that are passed directly to the FVP. For example:
```
FVP_EXTRA_ARGS = "--simlimit 60"
```
### `FVP_ENV_PASSTHROUGH`
The FVP is launched with an isolated set of environment variables. Add the name of a Bitbake variable to this list to pass it through to the FVP environment. For example:
```
FVP_ENV_PASSTHROUGH = "ARMLMD_LICENSE_FILE FM_TRACE_PLUGINS"
```
[AEM]: https://developer.arm.com/tools-and-software/simulation-models/fixed-virtual-platforms/arm-ecosystem-models
[FVP]: https://developer.arm.com/tools-and-software/simulation-models/fixed-virtual-platforms
[tmux]: https://tmux.github.io/
[INI]: https://docs.python.org/3/library/configparser.html
-81
View File
@@ -1,81 +0,0 @@
# The Trusted Services: framework for developing root-of-trust services
meta-arm layer includes recipes for [Trusted Services][^1] Secure Partitions and Normal World applications
in `meta-arm/recipes-security/trusted-services`
## Secure Partitions recipes
We define dedicated recipes for all supported Trusted Services (TS) Secure Partitions.
These recipes produce ELF and DTB files for SPs.
These files are automatically included into optee-os image accordingly to defined MACHINE_FEATURES.
### How to include TS SPs
To include TS SPs into optee-os image you need to add into MACHINE_FEATURES
features for each [Secure Partition][^2] you would like to include:
| Secure Partition | MACHINE_FEATURE |
| ----------------- | --------------- |
| Attestation | ts-attesation |
| Crypto | ts-crypto |
| Firmware Update | ts-fwu
| Internal Storage | ts-its |
| Protected Storage | ts-storage |
| se-proxy | ts-se-proxy |
| smm-gateway | ts-smm-gateway |
| spm-test[1-4] | optee-spmc-test |
| Logging | ts-logging |
Other steps depend on your machine/platform definition:
1. For communications between Secure and Normal Words Linux kernel option `CONFIG_ARM_FFA_TRANSPORT=y`
is required. If your platform doesn't include it already you can add `arm-ffa` into MACHINE_FEATURES.
(Please see ` meta-arm/recipes-kernel/arm-tstee`.)
For running the `uefi-test` or the `xtest -t ffa_spmc` tests under Linux the `arm-ffa-user` drivel is required. This is
enabled if the `ts-smm-gateway` and/or the `optee-spmc-test` machine features are enabled.
(Please see ` meta-arm/recipes-kernel/arm-ffa-user`.)
2. optee-os might require platform specific OP-TEE build parameters (for example what SEL the SPM Core is implemented at).
You can find examples in `meta-arm/recipes-security/optee/optee-os_%.bbappend` for qemuarm64-secureboot machine
and in `meta-arm-bsp/recipes-security/optee/optee-os-corstone1000-common.inc` for the Corstone1000 platform.
3. trusted-firmware-a might require platform specific TF-A build parameters (SPD and SPMC details on the platform).
See `meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend` for qemuarm64-secureboot machine
and in `meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone1000.inc` for theCorstone1000 platform.
4. Trusted Services supports an SPMC agonistic binary format. To build SPs to this format the `TS_ENV` variable is to be
set to `sp`. The resulting SP binaries should be able to boot under any FF-A v1.1 compliant SPMC implementation.
## Normal World applications
Optionally for testing purposes you can add `packagegroup-ts-tests` into your image. It includes
[Trusted Services test and demo tools][^3] and [xtest][^4] configured to include the `ffa_spmc` tests.
## OEQA Trusted Services tests
meta-arm also includes Trusted Service OEQA tests which can be used for automated testing.
See `ci/trusted-services.yml` for an example how to include them into an image.
## Configuration options
Some TS recipes support yocto variables to set build configuration. These variables can be set in .conf files (machine
specific or local.conf), or .bbappend files.
SmmGW SP recipe supports the following configuration variables
| Variable name | Type | Description |
|-----------------------|------|--------------------------------------------------------------------------------------------------------|
| SMMGW_AUTH_VAR | Bool | Enable Authenticated variable support |
| SMMGW_INTERNAL_CRYPTO | Bool | Use MbedTLS build into SmmGW for authentication related crypto operations. Depends on SMMGW_AUTH_VAR=1 |
------
[^1]: https://trusted-services.readthedocs.io/en/integration/overview/index.html
[^2]: https://trusted-services.readthedocs.io/en/integration/deployments/secure-partitions.html
[^3]: https://trusted-services.readthedocs.io/en/integration/deployments/test-executables.html
[^4]: https://optee.readthedocs.io/en/latest/building/gits/optee_test.html
-12
View File
@@ -1,12 +0,0 @@
header:
version: 13
repos:
meta-arm:
layers:
meta-arm-systemready:
distro: nodistro
target:
- arm-systemready-firmware
-12
View File
@@ -1,12 +0,0 @@
header:
version: 13
includes:
- kas/arm-systemready-firmware.yml
env:
TESTIMAGE_AUTO: "1"
# The full testimage run typically takes around 12-24h on fvp-base.
TEST_OVERALL_TIMEOUT: "${@ 24*60*60}"
target:
- arm-systemready-ir-acs
@@ -1,8 +0,0 @@
header:
version: 13
includes:
- kas/arm-systemready-firmware.yml
- kas/arm-systemready-linux-distros-unattended-installation.yml
target:
- arm-systemready-linux-distros-debian
@@ -1,8 +0,0 @@
header:
version: 16
includes:
- kas/arm-systemready-firmware.yml
- kas/arm-systemready-linux-distros-unattended-installation.yml
target:
- arm-systemready-linux-distros-fedora
@@ -1,8 +0,0 @@
header:
version: 13
includes:
- kas/arm-systemready-firmware.yml
- kas/arm-systemready-linux-distros-unattended-installation.yml
target:
- arm-systemready-linux-distros-opensuse
@@ -1,11 +0,0 @@
header:
version: 16
env:
DISTRO_UNATTENDED_INST_TESTS:
# The full testimage run typically takes around 12-24h on fvp-base.
TEST_OVERALL_TIMEOUT: "${@ 24*60*60}"
local_conf_header:
systemready-unattended-inst: |
TESTIMAGE_AUTO = "${@oe.utils.vartrue("DISTRO_UNATTENDED_INST_TESTS", "1", "", d)}"
-19
View File
@@ -1,19 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
local_conf_header:
a320: |
MACHINE_FEATURES += "cortexa320"
OVERRIDES .= ":cortexa320"
repos:
meta-ethos:
url: https://gitlab.arm.com/iot/meta-ethos.git
branch: whinlatter
commit: b919565c36b89af2ba61cc28024da633a9fae0da
meta-sca:
url: https://github.com/priv-kweihmann/meta-sca.git
branch: master
commit: e68f1a9d17553a2a1b5b20962749f90482112a3f
-64
View File
@@ -1,64 +0,0 @@
header:
version: 14
distro: poky
defaults:
repos:
branch: master
repos:
bitbake:
url: https://git.openembedded.org/bitbake
commit: 0dde1a3ff852be057be40d17f233ecca19e7b389
layers:
bitbake: disabled
core:
url: https://git.openembedded.org/openembedded-core
commit: 4bd920ad7d7279020ea6e561d0584ae70f33f751
layers:
meta:
meta-yocto:
url: https://git.yoctoproject.org/meta-yocto
commit: b3b659263566c4d2f2813190e72d93f8598a4c47
layers:
meta-poky:
meta-arm:
layers:
meta-arm:
meta-arm-bsp:
meta-arm-toolchain:
meta-openembedded:
url: https://git.openembedded.org/meta-openembedded
commit: fc0152e434307b98e1d16251f92ed81ac617c1db
layers:
meta-oe:
meta-python:
meta-perl:
meta-secure-core:
url: https://github.com/wind-river/meta-secure-core.git
commit: 63209fb1500cee88d5d4d74669bce4b613c03ff7
layers:
meta-secure-core-common:
meta-signing-key:
meta-efi-secure-boot:
local_conf_header:
base: |
CONF_VERSION = "2"
setup: |
PACKAGE_CLASSES = "package_ipk"
BB_NUMBER_THREADS ?= "16"
PARALLEL_MAKE ?= "-j16"
PACKAGECONFIG:append:pn-perf = " coresight"
machine: unset
target:
- corstone1000-flash-firmware-image
-9
View File
@@ -1,9 +0,0 @@
header:
version: 14
local_conf_header:
extsys: |
MACHINE_FEATURES += "corstone1000-extsys"
# external system firmware
CORE_IMAGE_EXTRA_INSTALL:firmware += "external-system-elf"
-23
View File
@@ -1,23 +0,0 @@
---
header:
version: 14
local_conf_header:
firmwarebuild: |
BBMULTICONFIG:remove = "firmware"
# Need to ensure the rescue linux options are selected
OVERRIDES .= ":firmware"
# Need to ensure we build with a small libc
TCLIBC = "musl"
mass-storage: |
# Ensure the Mass Storage device is absent
FVP_CONFIG[board.msd_mmc.p_mmc_file] = "invalid.dat"
test-configuration: |
TEST_SUITES = "_qemutiny ping"
# Remove Dropbear SSH as it will not fit into the corstone1000 image.
IMAGE_FEATURES:remove = "ssh-server-dropbear"
CORE_IMAGE_EXTRA_INSTALL:remove = "ssh-pregen-hostkeys"
-8
View File
@@ -1,8 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
local_conf_header:
fvp-multicore: |
MACHINE_FEATURES += "corstone1000_fvp_smp"
-22
View File
@@ -1,22 +0,0 @@
header:
version: 14
includes:
- kas/corstone1000-base.yml
- kas/corstone1000-image-configuration.yml
- kas/corstone1000-firmware-only.yml
- kas/fvp-eula.yml
env:
DISPLAY:
WAYLAND_DISPLAY:
XAUTHORITY:
local_conf_header:
testimagefvp: |
IMAGE_CLASSES += "fvpboot"
mass-storage: |
# Ensure the Mass Storage device is absent
FVP_CONFIG[board.msd_mmc.p_mmc_file] = "invalid.dat"
machine: corstone1000-fvp
-52
View File
@@ -1,52 +0,0 @@
header:
version: 14
local_conf_header:
extrapackages: |
# Intentionally blank to prevent perf from being added to the image in base.yml
firmwarebuild: |
# Only needed as kas doesn't add it automatically unless you have 2 targets in seperate configs
BBMULTICONFIG ?= "firmware"
distrosetup: |
DISTRO_FEATURES = "usbhost ipv4"
initramfsetup: |
# Telling the build system which image is responsible of the generation of the initramfs rootfs
INITRAMFS_IMAGE_BUNDLE:firmware = "1"
INITRAMFS_IMAGE:firmware ?= "corstone1000-recovery-image"
IMAGE_FSTYPES:firmware:pn-corstone1000-recovery-image = "${INITRAMFS_FSTYPES}"
IMAGE_NAME_SUFFIX:firmware = ""
# enable mdev/busybox for init
INIT_MANAGER:firmware = "mdev-busybox"
VIRTUAL-RUNTIME_init_manager:firmware = "busybox"
# This guarantees module auto-loading support at boot
# by adding /etc/init.d/modutils.sh and /etc/rcS.d/ files
CORE_IMAGE_EXTRA_INSTALL:append = " modutils-initscripts"
DISTRO_FEATURES:append = " sysvinit"
# prevent the kernel image from being included in the intramfs rootfs
PACKAGE_EXCLUDE:firmware += "kernel-image-*"
# Disable openssl in kmod to shrink the initramfs size
PACKAGECONFIG:remove:firmware:pn-kmod = "openssl"
imageextras: |
# Don't include kernel binary in rootfs /boot path
RRECOMMENDS:${KERNEL_PACKAGE_NAME}-base = ""
# all optee packages
CORE_IMAGE_EXTRA_INSTALL += "optee-client"
# TS PSA API tests commands for crypto, its, ps and iat
CORE_IMAGE_EXTRA_INSTALL += "packagegroup-ts-tests-psa"
CORE_IMAGE_EXTRA_INSTALL:firmware += "packagegroup-ts-tests-psa"
capsule: |
# These variables are set here since they are not defined in the arm-systemready-firmware recipe or under multiconfig mode.
CAPSULE_EXTENSION = "uefi.capsule"
CAPSULE_VERSION = "6"
CAPSULE_NAME = "${MACHINE}-v${CAPSULE_VERSION}"
-8
View File
@@ -1,8 +0,0 @@
header:
version: 14
includes:
- kas/corstone1000-base.yml
- kas/corstone1000-image-configuration.yml
- kas/corstone1000-firmware-only.yml
machine: corstone1000-mps3
-43
View File
@@ -1,43 +0,0 @@
header:
version: 13
includes:
- kas/fvp-eula.yml
env:
DISPLAY:
WAYLAND_DISPLAY:
XAUTHORITY:
distro: poky
machine: fvp-base
defaults:
repos:
refspec: master
repos:
meta-arm:
layers:
meta-arm:
meta-arm-bsp:
meta-arm-toolchain:
poky:
url: https://git.yoctoproject.org/git/poky
path: layers/poky
layers:
meta:
meta-poky:
local_conf_header:
base: |
CONF_VERSION = "2"
PACKAGE_CLASSES = "package_ipk"
PACKAGECONFIG:remove:pn-qemu-system-native = "gtk+ sdl"
EXTRA_IMAGE_FEATURES:append = " debug-tweaks ssh-server-openssh"
CORE_IMAGE_EXTRA_INSTALL:append = " ssh-pregen-hostkeys"
IMAGE_CLASSES:append = " testimage fvpboot"
target:
- core-image-minimal
-5
View File
@@ -1,5 +0,0 @@
header:
version: 13
env:
ARM_FVP_EULA_ACCEPT:
-7
View File
@@ -1,7 +0,0 @@
header:
version: 9
local_conf_header:
tftf: |
TFA_UBOOT = "0"
TFTF_TESTS = "1"
+92
View File
@@ -0,0 +1,92 @@
meta-arm-autonomy Yocto Layer
=============================
Introduction
------------
This layer provides an hypervisor based solution (currently based on Xen) for
autonomous system. It contains recipes and classes to build host and guests
systems.
To start using this layer, please check the
[Quick Start Guide](documentation/arm-autonomy-quickstart.md).
Dependencies
------------
This layer depends on several other Yocto layers:
* meta-openembedded (https://git.openembedded.org/meta-openembedded)
* poky (https://git.yoctoproject.org/poky)
* meta-virtualization (https://git.yoctoproject.org/meta-virtualization)
Distribution Features
---------------------
This layer is adding the following Yocto DISTRO_FEATURES:
* arm-autonomy-host: this feature activates functionalities required to build
an autonomy host system. It is doing the following:
- add 'xen' and 'ipv4' to DISTRO_FEATURES.
- add xen backend drivers to linux kernel configuration.
- To reduce the root filesystem image size the kernel image is not installed.
* arm-autonomy-guest: this feature activates functionalities to run as guest
of an autonomy system. It is doing the following:
- add 'ipv4' to DISTRO_FEATURES.
- add xen frontend drivers to linux kernel configuration.
- add console on hvc0 during init.
Bitbake variables
-----------------
Some recipes and classes in this layer are introducing variables which can be
modified by the user in local.conf.
Each recipe introducing such variables has a chapter "Bitbake parameters" in
its documentation.
Those documentation files should be checked for variables:
- [xen-devicetree](documentation/xen-devicetree.md)
- [xenguest-manager](documentation/xenguest-manager.md)
- [xenguest-network-bridge](documentation/xenguest-network-bridge.md)
BSPs
----
This layer is adding the following machines:
* arm64-autonomy-guest: this machines creates a minimal BSP suitable to be used
as an autonomy guest. It is in fact only activating ARM64 architecture and
SMP in the linux kernel and is enabling the DISTRO_FEATURE
arm-autonomy-guest.
Images
------
This layer is adding the following images:
* arm-autonomy-host-image-minimal: this image includes all elements required
to create a minimal arm-autonomy-host system. This includes xen and tools to
manage xen guests. This image depends on 'arm-autonomy-host' distribution
feature.
Recipes and classes
-------------------
This layer is adding the following recipes and classes:
* [xen-devicetree](documentation/xen-devicetree.md): this is a recipe to modify
a device tree blob to add information required to boot xen and a Dom0 linux.
* [xenguest-mkimage](documentation/xenguest-mkimage.md): this is a tool to
create and modify images to be used as Xen guests.
* [xenguest-manager](documentation/xenguest-manager.md): this is a tool to
create/remove/start/stop xen guest generated using xenguest-mkimage.
* [xenguest-network-bridge](documentation/xenguest-network-bridge.md): this
recipe add tools and init scripts to create a bridge connected to the
external network on the host and allow guests to be connected to it.
Contributing
------------
This project has not put in place a process for contributions currently. If you
would like to contribute, please contact the maintainers
Maintainer(s)
-------------
* Diego Sueiro <diego.sueiro@arm.com>
* Bertrand Marquis <bertrand.marquis@arm.com>
@@ -0,0 +1,5 @@
# Include arm-autonomy distro config files if the distro features are set
require ${@bb.utils.contains('DISTRO_FEATURES', 'arm-autonomy-host', '${ARM_AUTONOMY_DISTRO_CFGDIR}/arm-autonomy-host.inc', '', d)}
require ${@bb.utils.contains('DISTRO_FEATURES', 'arm-autonomy-guest', '${ARM_AUTONOMY_DISTRO_CFGDIR}/arm-autonomy-guest.inc', '', d)}
@@ -0,0 +1,108 @@
# Create a xenguest image with kernel and filesystem produced by Yocto
# This will create a .xenguest file that the xenguest-manager can use.
inherit xenguest-image
# We are creating our guest in a local subdirectory
# force the value so that we are not impacted if the user is changing it
XENGUEST_IMAGE_DEPLOY_DIR = "${WORKDIR}/tmp-xenguest"
# Name of deployed file (keep standard image name and add .xenguest)
XENGUEST_IMAGE_DEPLOY ??= "${IMAGE_NAME}"
# Add kernel XENGUEST_IMAGE_KERNEL from DEPLOY_DIR_IMAGE to image
xenguest_image_add_kernel() {
srcfile="${1:-}"
if [ -z "${srcfile}" ]; then
srcfile="${DEPLOY_DIR_IMAGE}/${XENGUEST_IMAGE_KERNEL}"
fi
call_xenguest_mkimage partial --xen-kernel=$srcfile
}
# Add rootfs file to the image
xenguest_image_add_rootfs() {
call_xenguest_mkimage partial \
--disk-add-file=${IMGDEPLOYDIR}/${IMAGE_LINK_NAME}.${IMAGE_TYPEDEP_xenguest}:rootfs.${IMAGE_TYPEDEP_xenguest}
}
# Pack xenguest image
xenguest_image_pack() {
mkdir -p ${IMGDEPLOYDIR}
rm -f ${IMGDEPLOYDIR}/${XENGUEST_IMAGE_DEPLOY}.xenguest
call_xenguest_mkimage pack \
${IMGDEPLOYDIR}/${XENGUEST_IMAGE_DEPLOY}.xenguest
}
#
# Task finishing the bootimg
# We need this task to actually create the symlinks
#
python do_bootimg_xenguest() {
subtasks = d.getVarFlag('do_bootimg_xenguest', 'subtasks')
bb.build.exec_func('xenguest_image_clone', d)
if subtasks:
for tk in subtasks.split():
bb.build.exec_func(tk, d)
bb.build.exec_func('xenguest_image_pack', d)
bb.build.exec_func('create_symlinks', d)
}
# This is used to add sub-tasks to do_bootimg_xenguest
do_bootimg_xenguest[subtasks] = ""
# Those are required by create_symlinks to find our image
do_bootimg_xenguest[subimages] = "xenguest"
do_bootimg_xenguest[imgsuffix] = "."
do_bootimg_xenguest[depends] += "xenguest-base-image:do_deploy"
# Need to have rootfs so all recipes have deployed their content
do_bootimg_xenguest[depends] += "${PN}:do_rootfs"
# This set in python anonymous after, just set a default value here
IMAGE_TYPEDEP_xenguest ?= "tar"
# We must not be built at rootfs build time because we need the kernel
IMAGE_TYPES_MASKED += "xenguest"
IMAGE_TYPES += "xenguest"
python __anonymous() {
# Do not do anything if we are not in the want FSTYPES
if bb.utils.contains_any('IMAGE_FSTYPES', 'xenguest', '1', '0', d):
# Check the coherency of the configuration
rootfs_needed = False
rootfs_file = ''
kernel_needed = False
rootfs_file = xenguest_image_rootfs_file(d)
if rootfs_file:
rootfs_needed = True
if d.getVar('XENGUEST_IMAGE_KERNEL') and not d.getVar('INITRAMFS_IMAGE'):
# If INITRAMFS_IMAGE is set, even if INITRAMFS_IMAGE_BUNDLE is not
# set to 1 to bundle the initramfs with the kernel, kernel.bbclass
# is setting a dependency on ${PN}:do_image_complete. We cannot
# in this case depend on do_deploy as it would create a circular
# dependency:
# do_image_complete would depend on kernel:do_deploy which would
# depend on ${PN}:do_image_complete
# In the case INITRAMFS_IMAGE_BUNDLE = 1, the kernel-xenguest class
# will handle the creation of a xenguest image with the kernel.
# In the other case the kernel can be added manually to the image.
kernel_needed = True
bb.build.addtask('do_bootimg_xenguest', 'do_image_complete', None, d)
if rootfs_needed:
# tell do_bootimg_xenguest to call add_rootfs
d.appendVarFlag('do_bootimg_xenguest', 'subtasks', ' xenguest_image_add_rootfs')
# do_bootimg_xenguest will need the tar file
d.appendVarFlag('do_bootimg_xenguest', 'depends', ' %s:do_image_tar' % (d.getVar('PN')))
# set our TYPEDEP to the proper compression
d.setVar('IMAGE_TYPEDEP_xenguest', 'tar' + (rootfs_file.split('.tar', 1)[1] or ''))
if kernel_needed:
# Tell do_bootimg_xenguest to call xenguest_image_add_kernel
d.appendVarFlag('do_bootimg_xenguest', 'subtasks', ' xenguest_image_add_kernel')
# we will need kernel do_deploy
d.appendVarFlag('do_bootimg_xenguest', 'depends', ' virtual/kernel:do_deploy')
}

Some files were not shown because too many files have changed in this diff Show More