[isar-cip-core][PATCH 0/2] kas update and menu support

[isar-cip-core][PATCH 0/2] kas update and menu support

[Jan Kiszka]

With kas 2.6 being released, this now allows to adopt the new "menu"
feature and make the various image flavors and options more accessible.

Quirin, please have a look if I modeled the dependencies for secure boot
and SWUpdate correctly, exposed reasonable combinations and didn't
forget something useful.

@all: Please play a bit with the options and check if you find anything
that does not work (crowd-sourced randconfig...).

Thanks,
Jan

Jan Kiszka (2):
  Update to kas 2.6
  Add kconfig menu

 .gitlab-ci.yml                       |   2 +-
 Kconfig                              | 146 +++++++++++++++++++++++++++
 README.md                            |  39 ++++---
 kas/opt/ebg-secure-boot-base.yml     |   2 +-
 kas/opt/ebg-secure-boot-snakeoil.yml |   2 +-
 kas/opt/ebg-snakeoil-swu.yml         |   4 +-
 kas/opt/ebg-swu.yml                  |   4 +-
 7 files changed, 177 insertions(+), 22 deletions(-)
 create mode 100644 Kconfig

-- 
2.31.1

[isar-cip-core][PATCH 1/2] Update to kas 2.6

[Jan Kiszka]

From: Jan Kiszka <jan.kiszka@siemens.com>

Include paths are now repo-relative, adjust this.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
---
 .gitlab-ci.yml                       | 2 +-
 README.md                            | 2 +-
 kas/opt/ebg-secure-boot-base.yml     | 2 +-
 kas/opt/ebg-secure-boot-snakeoil.yml | 2 +-
 kas/opt/ebg-snakeoil-swu.yml         | 4 ++--
 kas/opt/ebg-swu.yml                  | 4 ++--
 6 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 40bf7f5..b23090b 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,4 +1,4 @@
-image: ghcr.io/siemens/kas/kas-isar:2.5
+image: ghcr.io/siemens/kas/kas-isar:2.6
 
 variables:
   GIT_STRATEGY: clone
diff --git a/README.md b/README.md
index 32812a2..537a615 100644
--- a/README.md
+++ b/README.md
@@ -12,7 +12,7 @@ from scratch.
 
 Install `kas-container` from the [kas project](https://github.com/siemens/kas):
 
-    wget https://raw.githubusercontent.com/siemens/kas/2.5/kas-container
+    wget https://raw.githubusercontent.com/siemens/kas/2.6/kas-container
     chmod a+x kas-container
 
 Furthermore, install docker and make sure you have required permissions to
diff --git a/kas/opt/ebg-secure-boot-base.yml b/kas/opt/ebg-secure-boot-base.yml
index 8182bd8..8f769b6 100644
--- a/kas/opt/ebg-secure-boot-base.yml
+++ b/kas/opt/ebg-secure-boot-base.yml
@@ -12,7 +12,7 @@
 header:
   version: 10
   includes:
-   - efibootguard.yml
+   - kas/opt/efibootguard.yml
 
 local_conf_header:
   initramfs: |
diff --git a/kas/opt/ebg-secure-boot-snakeoil.yml b/kas/opt/ebg-secure-boot-snakeoil.yml
index c0ed1a2..2f45bde 100644
--- a/kas/opt/ebg-secure-boot-snakeoil.yml
+++ b/kas/opt/ebg-secure-boot-snakeoil.yml
@@ -12,7 +12,7 @@
 header:
   version: 10
   includes:
-   - ebg-secure-boot-base.yml
+   - kas/opt/ebg-secure-boot-base.yml
 
 
 local_conf_header:
diff --git a/kas/opt/ebg-snakeoil-swu.yml b/kas/opt/ebg-snakeoil-swu.yml
index d613532..2f15c0e 100644
--- a/kas/opt/ebg-snakeoil-swu.yml
+++ b/kas/opt/ebg-snakeoil-swu.yml
@@ -12,5 +12,5 @@
 header:
   version: 10
   includes:
-   - ebg-secure-boot-snakeoil.yml
-   - swupdate.yml
+   - kas/opt/ebg-secure-boot-snakeoil.yml
+   - kas/opt/swupdate.yml
diff --git a/kas/opt/ebg-swu.yml b/kas/opt/ebg-swu.yml
index 8c56182..e708d0a 100644
--- a/kas/opt/ebg-swu.yml
+++ b/kas/opt/ebg-swu.yml
@@ -12,5 +12,5 @@
 header:
   version: 10
   includes:
-   - efibootguard.yml
-   - swupdate.yml
+   - kas/opt/efibootguard.yml
+   - kas/opt/swupdate.yml
-- 
2.31.1

[isar-cip-core][PATCH 2/2] Add kconfig menu

[Jan Kiszka]

From: Jan Kiszka <jan.kiszka@siemens.com>

Use the new kas menu plugin to present available image options to the
user. This also allows to model their dependencies, specifically as not
all options are supported on all boards.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
---
 Kconfig   | 146 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 README.md |  37 ++++++++------
 2 files changed, 169 insertions(+), 14 deletions(-)
 create mode 100644 Kconfig

diff --git a/Kconfig b/Kconfig
new file mode 100644
index 0000000..72c75bf
--- /dev/null
+++ b/Kconfig
@@ -0,0 +1,146 @@
+mainmenu "Isar core layer of the Civil Infrastructure Platform project"
+
+config KAS_INCLUDE_MAIN
+	string
+	default "kas-cip.yml"
+
+config KAS_BUILD_SYSTEM
+	string
+	default "isar"
+
+choice
+	prompt "Target board"
+	default TARGET_QEMU_AMD64
+
+config TARGET_QEMU_AMD64
+	bool "QEMU AMD64 (x86-64)"
+
+config TARGET_SIMATIC_IPC227E
+	bool "Siemens SIMATIC IPC227E"
+
+config TARGET_QEMU_ARM64
+	bool "QEMU ARM64 (aarch64)"
+
+config TARGET_HIHOPE_RZG2M
+	bool "HopeRun HiHope-RZ/G2M"
+
+config TARGET_QEMU_ARM
+	bool "QEMU ARM (armhf)"
+
+config TARGET_BBB
+	bool "BeagleBone Black"
+
+config TARGET_IWG20D
+	bool "iWave Systems RainboW-G20D-Qseven"
+
+endchoice
+
+config KAS_INCLUDE_BOARD
+	string
+	default "kas/board/qemu-amd64.yml" if TARGET_QEMU_AMD64
+	default "kas/board/simatic-ipc227e.yml" if TARGET_SIMATIC_IPC227E
+	default "kas/board/qemu-arm64.yml" if TARGET_QEMU_ARM64
+	default "kas/board/hihope-rzg2m.yml" if TARGET_HIHOPE_RZG2M
+	default "kas/board/qemu-arm.yml" if TARGET_QEMU_ARM
+	default "kas/board/bbb.yml" if TARGET_BBB
+	default "kas/board/iwg20m.yml" if TARGET_IWG20D
+
+comment "Kernel options"
+
+choice
+	prompt "CIP kernel version"
+	default KERNEL_4_19
+
+config KERNEL_4_4
+	bool "Kernel 4.4.x-cip"
+
+config KERNEL_4_19
+	bool "Kernel 4.19.x-cip"
+
+endchoice
+
+config KAS_INCLUDE_KERNEL
+	string
+	default "kas/opt/4.4.yml"
+	depends on KERNEL_4_4
+
+config KERNEL_RT
+	bool "Real-time CIP kernel"
+
+config KAS_INCLUDE_KERNEL_RT
+	string
+	default "kas/opt/rt.yml"
+	depends on KERNEL_RT
+
+comment "Debian distribution options"
+
+choice
+	prompt "Debian Release"
+	default DEBIAN_BUSTER
+
+config DEBIAN_STRETCH
+	bool "stretch (9)"
+
+config DEBIAN_BUSTER
+	bool "buster (10)"
+
+config DEBIAN_BULLSEYE
+	bool "bullseye (11)"
+
+endchoice
+
+config KAS_INCLUDE_DEBIAN
+	string
+	default "kas/opt/stretch.yml" if DEBIAN_STRETCH
+	default "kas/opt/bullseye.yml" if DEBIAN_BULLSEYE
+
+comment "Image features"
+
+choice
+	prompt "Image formats"
+	default IMAGE_FLASH
+
+config IMAGE_FLASH
+	bool "Flashable image"
+
+config IMAGE_ARTIFACTS
+	bool "Separate artifacts for NFS boot"
+
+endchoice
+
+config KAS_INCLUDE_IMAGE_FORMAT
+	string
+	default "kas/opt/targz.yml" if IMAGE_ARTIFACTS && (TARGET_QEMU_AMD64 || TARGET_QEMU_ARM64 || TARGET_QEMU_ARM)
+	default "kas/opt/wic-targz.yml" if IMAGE_ARTIFACTS && !(TARGET_QEMU_AMD64 || TARGET_QEMU_ARM64 || TARGET_QEMU_ARM)
+
+config IMAGE_SECURITY
+	bool "Security extensions"
+
+config KAS_INCLUDE_SECURITY
+	string
+	default "kas/opt/security.yml" if IMAGE_SECURITY
+
+config IMAGE_TESTING
+	bool "Test extensions"
+
+config KAS_INCLUDE_TESTING
+	string
+	default "kas/opt/test.yml" if IMAGE_TESTING
+
+if IMAGE_FLASH
+
+config IMAGE_SWUPDATE
+	bool "SWUpdate support for root partition"
+	depends on TARGET_QEMU_AMD64 || TARGET_SIMATIC_IPC227E
+
+config IMAGE_SECURE_BOOT
+	bool "Secure boot support"
+	depends on TARGET_QEMU_AMD64
+
+config KAS_INCLUDE_SWUPDATE_SECBOOT
+	string
+	default "kas/opt/ebg-swu.yml" if IMAGE_SWUPDATE && !IMAGE_SECURE_BOOT
+	default "kas/opt/ebg-secure-boot-snakeoil.yml" if !IMAGE_SWUPDATE && IMAGE_SECURE_BOOT
+	default "kas/opt/ebg-snakeoil-swu.yml" if IMAGE_SWUPDATE && IMAGE_SECURE_BOOT
+
+endif
diff --git a/README.md b/README.md
index 537a615..d245111 100644
--- a/README.md
+++ b/README.md
@@ -18,16 +18,30 @@ Install `kas-container` from the [kas project](https://github.com/siemens/kas):
 Furthermore, install docker and make sure you have required permissions to
 start containers.
 
-To build, e.g., the QEMU AMD64 target inside Docker, invoke kas-container like
-this:
+Open up the image configuration menu and select the desired target and its
+options:
 
-    ./kas-container build kas-cip.yml:kas/board/qemu-amd64.yml
+    ./kas-container menu
 
-This image can be run using `start-qemu.sh x86`.
+You can direct start the build from the menu.
 
-The BeagleBone Black target is selected by `... kas-cip.yml:kas/board/bbb.yml`. In
-order to build the image with the PREEMPT-RT kernel, append `:kas/opt/rt.yml` to
-the above. Append `:kas/opt/4.4.yml` to use the kernel version 4.4 instead of 4.19.
+If you prefer selecting the configuration via the command line, this builds
+the BeagleBone Black target image with real-time kernel, e.g.:
+
+    ./kas-container build kas-cip.yml:kas/board/bbb.yml:kas/opt/rt.yml
+
+
+## Running Target Images
+
+When having built a virtual QEMU target image, this can be started directly.
+Run, e.g.,
+
+    ./start-qemu.sh x86
+
+when having built a QEMU AMD64 image. A security image for QEMU can be started
+like this:
+
+    TARGET_IMAGE=cip-core-image-security ./start-qemu.sh x86
 
 Physical targets will generate ready-to-boot images under
 `build/tmp/deploy/images/`. To flash, e.g., the BeagleBone Black image to an SD
@@ -36,14 +50,9 @@ card, run
     dd if=build/tmp/deploy/images/bbb/cip-core-image-cip-core-buster-bbb.wic.img \
        of=/dev/<medium-device> bs=1M status=progress
 
-## Building Security target images
-Building images for QEMU x86-64bit machine
-
-    ./kas-container build kas-cip.yml:kas/board/qemu-amd64.yml:kas/opt/security.yml
-
-Run the generated securiy images on QEMU (x86-64bit)
+or via bmap-tools
 
-    TARGET_IMAGE=cip-core-image-security ./start-qemu.sh amd64
+    bmaptool copy build/tmp/deploy/images/bbb/cip-core-image-cip-core-buster-bbb.wic.img /dev/<medium-device>
 
 
 ## Community Resources
-- 
2.31.1

Re: [isar-cip-core][PATCH 0/2] kas update and menu support

[Gylstorff Quirin]

Hi,

On 10/22/21 7:40 PM, Jan Kiszka wrote:
> With kas 2.6 being released, this now allows to adopt the new "menu"
> feature and make the various image flavors and options more accessible.
> 
> Quirin, please have a look if I modeled the dependencies for secure boot
> and SWUpdate correctly, exposed reasonable combinations and didn't
> forget something useful.

I check it and all option are there.

Quirin

> 
> @all: Please play a bit with the options and check if you find anything
> that does not work (crowd-sourced randconfig...).
> 
> Thanks,
> Jan
> 
> Jan Kiszka (2):
>    Update to kas 2.6
>    Add kconfig menu
> 
>   .gitlab-ci.yml                       |   2 +-
>   Kconfig                              | 146 +++++++++++++++++++++++++++
>   README.md                            |  39 ++++---
>   kas/opt/ebg-secure-boot-base.yml     |   2 +-
>   kas/opt/ebg-secure-boot-snakeoil.yml |   2 +-
>   kas/opt/ebg-snakeoil-swu.yml         |   4 +-
>   kas/opt/ebg-swu.yml                  |   4 +-
>   7 files changed, 177 insertions(+), 22 deletions(-)
>   create mode 100644 Kconfig
> 

Re: [isar-cip-core][PATCH 0/2] kas update and menu support

[Jan Kiszka]

On 26.10.21 10:21, Gylstorff Quirin wrote:
> Hi,
> 
> On 10/22/21 7:40 PM, Jan Kiszka wrote:
>> With kas 2.6 being released, this now allows to adopt the new "menu"
>> feature and make the various image flavors and options more accessible.
>>
>> Quirin, please have a look if I modeled the dependencies for secure boot
>> and SWUpdate correctly, exposed reasonable combinations and didn't
>> forget something useful.
> 
> I check it and all option are there.
> 

Thanks for checking, Quirin.

It looks like we still have some issues around the security image. For
which Debian releases is this supported, Venkata?

Jan

> Quirin
> 
>>
>> @all: Please play a bit with the options and check if you find anything
>> that does not work (crowd-sourced randconfig...).
>>
>> Thanks,
>> Jan
>>
>> Jan Kiszka (2):
>>    Update to kas 2.6
>>    Add kconfig menu
>>
>>   .gitlab-ci.yml                       |   2 +-
>>   Kconfig                              | 146 +++++++++++++++++++++++++++
>>   README.md                            |  39 ++++---
>>   kas/opt/ebg-secure-boot-base.yml     |   2 +-
>>   kas/opt/ebg-secure-boot-snakeoil.yml |   2 +-
>>   kas/opt/ebg-snakeoil-swu.yml         |   4 +-
>>   kas/opt/ebg-swu.yml                  |   4 +-
>>   7 files changed, 177 insertions(+), 22 deletions(-)
>>   create mode 100644 Kconfig
>>
> 
> 
> 
> 
> 


-- 
Siemens AG, T RDA IOT
Corporate Competence Center Embedded Linux

RE: [cip-dev] [isar-cip-core][PATCH 0/2] kas update and menu support

[Venkata.Pyla]

Hi Jan

Sorry for delayed response.
Please find my inline comments.

>-----Original Message-----
>From: cip-dev@lists.cip-project.org <cip-dev@lists.cip-project.org> On Behalf Of
>Jan Kiszka
>Sent: 28 October 2021 11:44
>To: Gylstorff Quirin <quirin.gylstorff@siemens.com>; cip-dev@lists.cip-
>project.org; pyla venkata(ＴＳＩＰ) <Venkata.Pyla@toshiba-tsip.com>
>Subject: Re: [cip-dev] [isar-cip-core][PATCH 0/2] kas update and menu support
>
>On 26.10.21 10:21, Gylstorff Quirin wrote:
>> Hi,
>>
>> On 10/22/21 7:40 PM, Jan Kiszka wrote:
>>> With kas 2.6 being released, this now allows to adopt the new "menu"
>>> feature and make the various image flavors and options more accessible.
>>>
>>> Quirin, please have a look if I modeled the dependencies for secure
>>> boot and SWUpdate correctly, exposed reasonable combinations and
>>> didn't forget something useful.
>>
>> I check it and all option are there.
>>
>
>Thanks for checking, Quirin.
>
>It looks like we still have some issues around the security image. For which
>Debian releases is this supported, Venkata?

We have implemented security extensions originally for Buster version, 
Of course we are not finalized which Debian release to go for IEC certification, currently under discussion in security WG.

I have checked the current kas and menu implementation against the security extensions and it works fine with buster release,
but not with bullseye, looks like some security packages are not available in bullseye,
we will internally discuss this in Security WG and finalize the security packages for bullseye version,
and then we can enable the security extensions for bullseye version.

Please let me know if there are any other issues you see with security image.

>>Jan
>
>> Quirin
>>
>>>
>>> @all: Please play a bit with the options and check if you find
>>> anything that does not work (crowd-sourced randconfig...).
>>>
>>> Thanks,
>>> Jan
>>>
>>> Jan Kiszka (2):
>>>    Update to kas 2.6
>>>    Add kconfig menu
>>>
>>>   .gitlab-ci.yml                       |   2 +-
>>>   Kconfig                              | 146
>>> +++++++++++++++++++++++++++
>>>   README.md                            |  39 ++++---
>>>   kas/opt/ebg-secure-boot-base.yml     |   2 +-
>>>   kas/opt/ebg-secure-boot-snakeoil.yml |   2 +-
>>>   kas/opt/ebg-snakeoil-swu.yml         |   4 +-
>>>   kas/opt/ebg-swu.yml                  |   4 +-
>>>   7 files changed, 177 insertions(+), 22 deletions(-)
>>>   create mode 100644 Kconfig
>>>
>>
>>
>>
>>
>>
>
>
>--
>Siemens AG, T RDA IOT
>Corporate Competence Center Embedded Linux