* [isar-cip-core][PATCH 0/6] Enable SWUpdate support for bbb, update Isar
@ 2022-08-31 7:31 Jan Kiszka
2022-08-31 7:31 ` [isar-cip-core][PATCH 1/6] swupdate: Use cpio from buildchroot Jan Kiszka
` (5 more replies)
0 siblings, 6 replies; 7+ messages in thread
From: Jan Kiszka @ 2022-08-31 7:31 UTC (permalink / raw)
To: cip-dev
Cc: dinesh.kumar, kazuhiro3.hayashi, quirin.gylstorff,
Shivanand.Kunijadar
This primarily enables A/B rootfs SWUpdate for the BeagleBone Black, but
also updates the Isar revision and fixes an accidental host-side
dependency of the SWUpdate build.
Does anyone know how to make secure boot work with the BBB? Enabling the
software path should be just about building the needed config, but then
we still lack first-stage firmware validation by the hardware.
Next, it would be good to enable also a physical arm64 reference board
for SWUpdate. Any suggestions?
Jan
CC: dinesh.kumar@toshiba-tsip.com
CC: kazuhiro3.hayashi@toshiba.co.jp
CC: quirin.gylstorff@siemens.com
CC: Shivanand.Kunijadar@toshiba-tsip.com
Jan Kiszka (6):
swupdate: Use cpio from buildchroot
Update Isar revision
linux-cip: Update cip-kernel-config revision
u-boot-bbb: Switch BeagleBone Black to self-built U-Boot
swupdate: Drop u-boot-script from EFI Boot Guard images
Enable BeagleBone Black images with A/B SWUpdate support
Kconfig | 2 +-
classes/swupdate.bbclass | 53 ++++++++++---------
conf/machine/bbb.conf | 8 ++-
...ernel-Check-if-CONFIG_MODULES-is-set.patch | 33 ------------
kas-cip.yml | 6 +--
kas/opt/ebg-swu.yml | 1 +
recipes-bsp/u-boot/u-boot-bbb_2022.07.bb | 22 ++++++++
...boot-qemu-common.inc => u-boot-common.inc} | 11 ----
recipes-bsp/u-boot/u-boot-qemu-common.inc | 26 +--------
recipes-kernel/linux/linux-cip-common.inc | 2 +-
wic/bbb-efibootguard.wks.in | 21 ++++++++
wic/bbb.wks | 4 +-
12 files changed, 84 insertions(+), 105 deletions(-)
delete mode 100644 isar-patches/0001-recipes-kernel-Check-if-CONFIG_MODULES-is-set.patch
create mode 100644 recipes-bsp/u-boot/u-boot-bbb_2022.07.bb
copy recipes-bsp/u-boot/{u-boot-qemu-common.inc => u-boot-common.inc} (75%)
create mode 100644 wic/bbb-efibootguard.wks.in
--
2.35.3
^ permalink raw reply [flat|nested] 7+ messages in thread
* [isar-cip-core][PATCH 1/6] swupdate: Use cpio from buildchroot
2022-08-31 7:31 [isar-cip-core][PATCH 0/6] Enable SWUpdate support for bbb, update Isar Jan Kiszka
@ 2022-08-31 7:31 ` Jan Kiszka
2022-08-31 7:31 ` [isar-cip-core][PATCH 2/6] Update Isar revision Jan Kiszka
` (4 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: Jan Kiszka @ 2022-08-31 7:31 UTC (permalink / raw)
To: cip-dev
From: Jan Kiszka <jan.kiszka@siemens.com>
The cpio tool is not an essential dependency of Isar, so we cannot use
it from the host environment. This only worked so far with the kas
container by chance but will change with its next release.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
---
classes/swupdate.bbclass | 53 ++++++++++++++++++++--------------------
1 file changed, 27 insertions(+), 26 deletions(-)
diff --git a/classes/swupdate.bbclass b/classes/swupdate.bbclass
index c3fc303..46d2a36 100644
--- a/classes/swupdate.bbclass
+++ b/classes/swupdate.bbclass
@@ -16,6 +16,9 @@ SWU_SIGNED ?= ""
SWU_SIGNATURE_EXT ?= "sig"
SWU_SIGNATURE_TYPE ?= "rsa"
+BUILDCHROOT_IMAGE_FILE ?= "${PP_DEPLOY}/${@os.path.basename(d.getVar('SWU_IMAGE_FILE'))}"
+
+IMAGER_INSTALL += "cpio"
IMAGER_INSTALL += "${@'openssl' if bb.utils.to_boolean(d.getVar('SWU_SIGNED')) else ''}"
do_swupdate_binary[stamp-extra-info] = "${DISTRO}-${MACHINE}"
@@ -46,16 +49,17 @@ do_swupdate_binary() {
# Create symlinks for files used in the update image
for file in ${SWU_ADDITIONAL_FILES}; do
if [ -e "${WORKDIR}/$file" ]; then
- ln -s "${WORKDIR}/$file" "${WORKDIR}/swu/$file"
+ ln -s "${PP_WORK}/$file" "${WORKDIR}/swu/$file"
else
- ln -s "${DEPLOY_DIR_IMAGE}/$file" "${WORKDIR}/swu/$file"
+ ln -s "${PP_DEPLOY}/$file" "${WORKDIR}/swu/$file"
fi
done
+ image_do_mounts
+
# Prepare for signing
sign='${@'x' if bb.utils.to_boolean(d.getVar('SWU_SIGNED')) else ''}'
if [ -n "$sign" ]; then
- image_do_mounts
cp -f '${SIGN_KEY}' '${WORKDIR}/dev.key'
test -e '${SIGN_CRT}' && cp -f '${SIGN_CRT}' '${WORKDIR}/dev.crt'
fi
@@ -66,29 +70,26 @@ do_swupdate_binary() {
'${WORKDIR}/swu/${SWU_DESCRIPTION_FILE}'
done
- cd "${WORKDIR}/swu"
- for file in '${SWU_DESCRIPTION_FILE}' ${SWU_ADDITIONAL_FILES}; do
- echo "$file"
- if [ -n "$sign" -a \
- '${SWU_DESCRIPTION_FILE}' = "$file" ]; then
- if [ "${SWU_SIGNATURE_TYPE}" = "rsa" ]; then
- sudo chroot ${BUILDCHROOT_DIR} /usr/bin/openssl dgst \
- -sha256 -sign '${PP_WORK}/dev.key' \
- '${PP_WORK}/swu/'"$file" \
- > '${WORKDIR}/swu/'"$file".'${SWU_SIGNATURE_EXT}'
- elif [ "${SWU_SIGNATURE_TYPE}" = "cms" ]; then
- sudo chroot ${BUILDCHROOT_DIR} /usr/bin/openssl cms \
- -sign -in '${PP_WORK}/swu/'"$file" \
- -out '${WORKDIR}/swu/'"$file".'${SWU_SIGNATURE_EXT}' \
- -signer '${PP_WORK}/dev.crt' \
- -inkey '${PP_WORK}/dev.key' \
- -outform DER -nosmimecap -binary
- fi
- echo "$file".'${SWU_SIGNATURE_EXT}'
- fi
- done | cpio -ovL -H crc \
- > '${SWU_IMAGE_FILE}'
- cd -
+ sudo -E chroot ${BUILDCHROOT_DIR} sh -c ' \
+ cd "${PP_WORK}/swu"
+ for file in "${SWU_DESCRIPTION_FILE}" ${SWU_ADDITIONAL_FILES}; do
+ echo "$file"
+ if [ -n "$sign" -a "${SWU_DESCRIPTION_FILE}" = "$file" ]; then
+ if [ "${SWU_SIGNATURE_TYPE}" = "rsa" ]; then
+ openssl dgst \
+ -sha256 -sign "${PP_WORK}/dev.key" "$file" \
+ > "$file.${SWU_SIGNATURE_EXT}"
+ elif [ "${SWU_SIGNATURE_TYPE}" = "cms" ]; then
+ openssl cms \
+ -sign -in "$file" \
+ -out "$file"."${SWU_SIGNATURE_EXT}" \
+ -signer "${PP_WORK}/dev.crt" \
+ -inkey "${PP_WORK}/dev.key" \
+ -outform DER -nosmimecap -binary
+ fi
+ echo "$file.${SWU_SIGNATURE_EXT}"
+ fi
+ done | cpio -ovL -H crc > "${BUILDCHROOT_IMAGE_FILE}"'
}
addtask swupdate_binary before do_build after do_deploy do_copy_boot_files do_install_imager_deps do_transform_template
--
2.35.3
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [isar-cip-core][PATCH 2/6] Update Isar revision
2022-08-31 7:31 [isar-cip-core][PATCH 0/6] Enable SWUpdate support for bbb, update Isar Jan Kiszka
2022-08-31 7:31 ` [isar-cip-core][PATCH 1/6] swupdate: Use cpio from buildchroot Jan Kiszka
@ 2022-08-31 7:31 ` Jan Kiszka
2022-08-31 7:31 ` [isar-cip-core][PATCH 3/6] linux-cip: Update cip-kernel-config revision Jan Kiszka
` (3 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: Jan Kiszka @ 2022-08-31 7:31 UTC (permalink / raw)
To: cip-dev
From: Jan Kiszka <jan.kiszka@siemens.com>
Allows to drop the meanwhile merged kernel recipe patch.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
---
...ernel-Check-if-CONFIG_MODULES-is-set.patch | 33 -------------------
kas-cip.yml | 6 +---
2 files changed, 1 insertion(+), 38 deletions(-)
delete mode 100644 isar-patches/0001-recipes-kernel-Check-if-CONFIG_MODULES-is-set.patch
diff --git a/isar-patches/0001-recipes-kernel-Check-if-CONFIG_MODULES-is-set.patch b/isar-patches/0001-recipes-kernel-Check-if-CONFIG_MODULES-is-set.patch
deleted file mode 100644
index d07c36d..0000000
--- a/isar-patches/0001-recipes-kernel-Check-if-CONFIG_MODULES-is-set.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From 6ad8f9bb92d3722ff5eb60f09e5ef75ba5febcbd Mon Sep 17 00:00:00 2001
-From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
-Date: Thu, 28 Jul 2022 16:24:16 +0200
-Subject: [PATCH] recipes-kernel: Check if CONFIG_MODULES is set
-
-This fixes an error during the kernel build with sbuild if
-Modules.symvers doesn't exist as find returns 1 if a name
-could not be found.
-
-Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
----
- meta/recipes-kernel/linux/files/debian/isar/install.tmpl | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/meta/recipes-kernel/linux/files/debian/isar/install.tmpl b/meta/recipes-kernel/linux/files/debian/isar/install.tmpl
-index c6b5059..909b01b 100644
---- a/meta/recipes-kernel/linux/files/debian/isar/install.tmpl
-+++ b/meta/recipes-kernel/linux/files/debian/isar/install.tmpl
-@@ -173,7 +173,10 @@ kernel_headers() {
- (cd ${S}; find arch/${ARCH} -name module.lds -o -name Kbuild.platforms -o -name Platform) >>${src_hdr_files}
- (cd ${S}; find $(find arch/${ARCH} -name include -o -name scripts -type d) -type f) >>${src_hdr_files}
-
-- (cd ${O}; find arch/${ARCH}/include Module.symvers include scripts -type f) >>${obj_hdr_files}
-+ if [ -n "${CONFIG_MODULES}" ]; then
-+ echo Module.symvers >> ${obj_hdr_files}
-+ fi
-+ (cd ${O}; find arch/${ARCH}/include include scripts -type f) >>${obj_hdr_files}
- if [ -n "${CONFIG_STACK_VALIDATION}" ]; then
- (cd ${O}; find tools/objtool -type f -executable) >>${obj_hdr_files}
- fi
---
-2.35.1
-
diff --git a/kas-cip.yml b/kas-cip.yml
index 5a43cd1..d005b81 100644
--- a/kas-cip.yml
+++ b/kas-cip.yml
@@ -22,13 +22,9 @@ repos:
isar:
url: https://github.com/ilbers/isar.git
- refspec: 64c755053d1252d183757b294cf9849fced64799
+ refspec: 8dfa97cf6e25a7adec2e02c50c5ef6329f31931b
layers:
meta:
- patches:
- fix-hihope-kernel-build:
- repo: cip-core
- path: isar-patches/0001-recipes-kernel-Check-if-CONFIG_MODULES-is-set.patch
bblayers_conf_header:
standard: |
--
2.35.3
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [isar-cip-core][PATCH 3/6] linux-cip: Update cip-kernel-config revision
2022-08-31 7:31 [isar-cip-core][PATCH 0/6] Enable SWUpdate support for bbb, update Isar Jan Kiszka
2022-08-31 7:31 ` [isar-cip-core][PATCH 1/6] swupdate: Use cpio from buildchroot Jan Kiszka
2022-08-31 7:31 ` [isar-cip-core][PATCH 2/6] Update Isar revision Jan Kiszka
@ 2022-08-31 7:31 ` Jan Kiszka
2022-08-31 7:31 ` [isar-cip-core][PATCH 4/6] u-boot-bbb: Switch BeagleBone Black to self-built U-Boot Jan Kiszka
` (2 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: Jan Kiszka @ 2022-08-31 7:31 UTC (permalink / raw)
To: cip-dev
From: Jan Kiszka <jan.kiszka@siemens.com>
Will allow to use the BeagleBone Black with UEFI-based SWUpdate.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
---
recipes-kernel/linux/linux-cip-common.inc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/recipes-kernel/linux/linux-cip-common.inc b/recipes-kernel/linux/linux-cip-common.inc
index 15d8370..9b6cd3b 100644
--- a/recipes-kernel/linux/linux-cip-common.inc
+++ b/recipes-kernel/linux/linux-cip-common.inc
@@ -23,6 +23,6 @@ SRC_URI_append = " ${@ "git://gitlab.com/cip-project/cip-kernel/cip-kernel-confi
if d.getVar('USE_CIP_KERNEL_CONFIG') == '1' else '' \
}"
-SRCREV_cip-kernel-config ?= "59f7903d120e529cc26b8e5fd7b13c3bbb632e15"
+SRCREV_cip-kernel-config ?= "ce52837418aea714e780e0cbc8afb9515c12cc1b"
S = "${WORKDIR}/linux-cip-${PV}"
--
2.35.3
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [isar-cip-core][PATCH 4/6] u-boot-bbb: Switch BeagleBone Black to self-built U-Boot
2022-08-31 7:31 [isar-cip-core][PATCH 0/6] Enable SWUpdate support for bbb, update Isar Jan Kiszka
` (2 preceding siblings ...)
2022-08-31 7:31 ` [isar-cip-core][PATCH 3/6] linux-cip: Update cip-kernel-config revision Jan Kiszka
@ 2022-08-31 7:31 ` Jan Kiszka
2022-08-31 7:31 ` [isar-cip-core][PATCH 5/6] swupdate: Drop u-boot-script from EFI Boot Guard images Jan Kiszka
2022-08-31 7:31 ` [isar-cip-core][PATCH 6/6] Enable BeagleBone Black images with A/B SWUpdate support Jan Kiszka
5 siblings, 0 replies; 7+ messages in thread
From: Jan Kiszka @ 2022-08-31 7:31 UTC (permalink / raw)
To: cip-dev
From: Jan Kiszka <jan.kiszka@siemens.com>
This will allow to boot via UEFI and use EFI Boot Guard and our standard
SWUpdate mode.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
---
conf/machine/bbb.conf | 5 +++-
recipes-bsp/u-boot/u-boot-bbb_2022.07.bb | 22 ++++++++++++++++
...boot-qemu-common.inc => u-boot-common.inc} | 11 --------
recipes-bsp/u-boot/u-boot-qemu-common.inc | 26 +------------------
wic/bbb.wks | 4 +--
5 files changed, 29 insertions(+), 39 deletions(-)
create mode 100644 recipes-bsp/u-boot/u-boot-bbb_2022.07.bb
copy recipes-bsp/u-boot/{u-boot-qemu-common.inc => u-boot-common.inc} (75%)
diff --git a/conf/machine/bbb.conf b/conf/machine/bbb.conf
index 01206cc..eaec5a3 100644
--- a/conf/machine/bbb.conf
+++ b/conf/machine/bbb.conf
@@ -10,9 +10,12 @@ DISTRO_ARCH = "armhf"
DTB_FILES = "am335x-boneblack.dtb"
IMAGE_FSTYPES ?= "wic"
-IMAGER_INSTALL += "u-boot-omap"
+IMAGER_INSTALL += "u-boot-bbb"
+IMAGER_BUILD_DEPS += "u-boot-bbb"
IMAGE_INSTALL += "u-boot-script"
USE_CIP_KERNEL_CONFIG = "1"
KERNEL_DEFCONFIG = "cip-kernel-config/${KERNEL_DEFCONFIG_VERSION}/arm/cip_bbb_defconfig"
+
+PREFERRED_PROVIDER_u-boot-${MACHINE} = "u-boot-bbb"
diff --git a/recipes-bsp/u-boot/u-boot-bbb_2022.07.bb b/recipes-bsp/u-boot/u-boot-bbb_2022.07.bb
new file mode 100644
index 0000000..3be09dc
--- /dev/null
+++ b/recipes-bsp/u-boot/u-boot-bbb_2022.07.bb
@@ -0,0 +1,22 @@
+#
+# CIP Core, generic profile
+#
+# Copyright (c) Siemens AG, 2022
+#
+# Authors:
+# Jan Kiszka <jan.kiszka@siemens.com>
+#
+# SPDX-License-Identifier: MIT
+#
+
+require u-boot-common.inc
+
+U_BOOT_CONFIG = "am335x_evm_defconfig"
+U_BOOT_BIN = "all"
+
+EFI_ARCH = "arm"
+
+do_prepare_build_append() {
+ echo "MLO u-boot.img /usr/lib/u-boot/${MACHINE}" > \
+ ${S}/debian/u-boot-${MACHINE}.install
+}
diff --git a/recipes-bsp/u-boot/u-boot-qemu-common.inc b/recipes-bsp/u-boot/u-boot-common.inc
similarity index 75%
copy from recipes-bsp/u-boot/u-boot-qemu-common.inc
copy to recipes-bsp/u-boot/u-boot-common.inc
index 2bb9ac0..60f0da3 100644
--- a/recipes-bsp/u-boot/u-boot-qemu-common.inc
+++ b/recipes-bsp/u-boot/u-boot-common.inc
@@ -27,8 +27,6 @@ DEBIAN_BUILD_DEPENDS_append_secureboot = ", \
openssl, pesign, secure-boot-secrets, python3-openssl:native"
DEPENDS_append_secureboot = " secure-boot-secrets"
-U_BOOT_BIN = "u-boot.bin"
-
TEMPLATE_FILES_append_secureboot = " secure-boot.cfg.tmpl"
TEMPLATE_VARS_append_secureboot = " EFI_ARCH"
@@ -36,12 +34,3 @@ do_prepare_build_append_secureboot() {
sed -ni '/### Secure boot config/q;p' ${S}/configs/${U_BOOT_CONFIG}
cat ${WORKDIR}/secure-boot.cfg >> ${S}/configs/${U_BOOT_CONFIG}
}
-
-do_deploy[dirs] = "${DEPLOY_DIR_IMAGE}"
-do_deploy() {
- dpkg --fsys-tarfile "${WORKDIR}/u-boot-${MACHINE}_${PV}_${DISTRO_ARCH}.deb" | \
- tar xOf - "./usr/lib/u-boot/${MACHINE}/${U_BOOT_BIN}" \
- > "${DEPLOY_DIR_IMAGE}/firmware.bin"
-}
-
-addtask deploy after do_dpkg_build before do_deploy_deb
diff --git a/recipes-bsp/u-boot/u-boot-qemu-common.inc b/recipes-bsp/u-boot/u-boot-qemu-common.inc
index 2bb9ac0..0a9a15a 100644
--- a/recipes-bsp/u-boot/u-boot-qemu-common.inc
+++ b/recipes-bsp/u-boot/u-boot-qemu-common.inc
@@ -9,34 +9,10 @@
# SPDX-License-Identifier: MIT
#
-require recipes-bsp/u-boot/u-boot-custom.inc
-
-SRC_URI += " \
- https://ftp.denx.de/pub/u-boot/u-boot-${PV}.tar.bz2 \
- file://rules.tmpl;subdir=debian"
-SRC_URI[sha256sum] = "92b08eb49c24da14c1adbf70a71ae8f37cc53eeb4230e859ad8b6733d13dcf5e"
-
-SRC_URI_append_secureboot = " \
- file://secure-boot.cfg.tmpl"
-
-S = "${WORKDIR}/u-boot-${PV}"
-
-DEBIAN_BUILD_DEPENDS += ", libssl-dev:native, libssl-dev:${DISTRO_ARCH}"
-
-DEBIAN_BUILD_DEPENDS_append_secureboot = ", \
- openssl, pesign, secure-boot-secrets, python3-openssl:native"
-DEPENDS_append_secureboot = " secure-boot-secrets"
+require recipes-bsp/u-boot/u-boot-common.inc
U_BOOT_BIN = "u-boot.bin"
-TEMPLATE_FILES_append_secureboot = " secure-boot.cfg.tmpl"
-TEMPLATE_VARS_append_secureboot = " EFI_ARCH"
-
-do_prepare_build_append_secureboot() {
- sed -ni '/### Secure boot config/q;p' ${S}/configs/${U_BOOT_CONFIG}
- cat ${WORKDIR}/secure-boot.cfg >> ${S}/configs/${U_BOOT_CONFIG}
-}
-
do_deploy[dirs] = "${DEPLOY_DIR_IMAGE}"
do_deploy() {
dpkg --fsys-tarfile "${WORKDIR}/u-boot-${MACHINE}_${PV}_${DISTRO_ARCH}.deb" | \
diff --git a/wic/bbb.wks b/wic/bbb.wks
index 2822ce7..6131c78 100644
--- a/wic/bbb.wks
+++ b/wic/bbb.wks
@@ -6,8 +6,8 @@
# SPDX-License-Identifier: MIT
#
-part --source rawcopy --sourceparams "file=/usr/lib/u-boot/am335x_boneblack/MLO" --no-table --align 128
-part --source rawcopy --sourceparams "file=/usr/lib/u-boot/am335x_boneblack/u-boot.img" --no-table --align 384
+part --source rawcopy --sourceparams "file=/usr/lib/u-boot/bbb/MLO" --no-table --align 128
+part --source rawcopy --sourceparams "file=/usr/lib/u-boot/bbb/u-boot.img" --no-table --align 384
part / --source rootfs-u-boot --ondisk mmcblk0 --fstype ext4 --mkfs-extraopts "-T default" --label platform --align 1024 --active
--
2.35.3
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [isar-cip-core][PATCH 5/6] swupdate: Drop u-boot-script from EFI Boot Guard images
2022-08-31 7:31 [isar-cip-core][PATCH 0/6] Enable SWUpdate support for bbb, update Isar Jan Kiszka
` (3 preceding siblings ...)
2022-08-31 7:31 ` [isar-cip-core][PATCH 4/6] u-boot-bbb: Switch BeagleBone Black to self-built U-Boot Jan Kiszka
@ 2022-08-31 7:31 ` Jan Kiszka
2022-08-31 7:31 ` [isar-cip-core][PATCH 6/6] Enable BeagleBone Black images with A/B SWUpdate support Jan Kiszka
5 siblings, 0 replies; 7+ messages in thread
From: Jan Kiszka @ 2022-08-31 7:31 UTC (permalink / raw)
To: cip-dev
From: Jan Kiszka <jan.kiszka@siemens.com>
This package is used for legacy distro boot via U-Boot, but that is not
needed/used when UEFI is activated. Make sure the package is not
installed, even if a machine config pulled it in.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
---
kas/opt/ebg-swu.yml | 1 +
1 file changed, 1 insertion(+)
diff --git a/kas/opt/ebg-swu.yml b/kas/opt/ebg-swu.yml
index e0bbe2e..8b3ffec 100644
--- a/kas/opt/ebg-swu.yml
+++ b/kas/opt/ebg-swu.yml
@@ -18,6 +18,7 @@ local_conf_header:
ebg_swu_bootloader: |
WKS_FILE ?= "${MACHINE}-efibootguard.wks.in"
SWUPDATE_BOOTLOADER = "efibootguard"
+ IMAGE_INSTALL_remove = "u-boot-script"
ebg_swu_image_options: |
CIP_IMAGE_OPTIONS_append = " efibootguard.inc image-uuid.inc"
initramfs: |
--
2.35.3
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [isar-cip-core][PATCH 6/6] Enable BeagleBone Black images with A/B SWUpdate support
2022-08-31 7:31 [isar-cip-core][PATCH 0/6] Enable SWUpdate support for bbb, update Isar Jan Kiszka
` (4 preceding siblings ...)
2022-08-31 7:31 ` [isar-cip-core][PATCH 5/6] swupdate: Drop u-boot-script from EFI Boot Guard images Jan Kiszka
@ 2022-08-31 7:31 ` Jan Kiszka
5 siblings, 0 replies; 7+ messages in thread
From: Jan Kiszka @ 2022-08-31 7:31 UTC (permalink / raw)
To: cip-dev
From: Jan Kiszka <jan.kiszka@siemens.com>
We only needs to add the related wks file and configure the EBG watchdog
timeout to 0, and then also this target can gain support for A/B rootfs
SWUpdate with EFI Boot Guard as switcher.
Note that some extra kernel parameters are needed so that the omap_wdt
is properly taken over by the kernel from U-Boot but without petting it
too early during boot. This must only be done once userspace open the
device and signals real system readiness.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
---
Kconfig | 2 +-
conf/machine/bbb.conf | 3 +++
wic/bbb-efibootguard.wks.in | 21 +++++++++++++++++++++
3 files changed, 25 insertions(+), 1 deletion(-)
create mode 100644 wic/bbb-efibootguard.wks.in
diff --git a/Kconfig b/Kconfig
index c63000b..d87e0a6 100644
--- a/Kconfig
+++ b/Kconfig
@@ -132,7 +132,7 @@ if IMAGE_FLASH && !KERNEL_4_4 && !KERNEL_4_19
config IMAGE_SWUPDATE
bool "SWUpdate support for root partition"
- depends on TARGET_QEMU_AMD64 || TARGET_SIMATIC_IPC227E || TARGET_QEMU_ARM64 || TARGET_QEMU_ARM
+ depends on TARGET_QEMU_AMD64 || TARGET_SIMATIC_IPC227E || TARGET_QEMU_ARM64 || TARGET_QEMU_ARM || TARGET_BBB
config IMAGE_SECURE_BOOT
bool "Secure boot support"
diff --git a/conf/machine/bbb.conf b/conf/machine/bbb.conf
index eaec5a3..c8b4aaa 100644
--- a/conf/machine/bbb.conf
+++ b/conf/machine/bbb.conf
@@ -18,4 +18,7 @@ IMAGE_INSTALL += "u-boot-script"
USE_CIP_KERNEL_CONFIG = "1"
KERNEL_DEFCONFIG = "cip-kernel-config/${KERNEL_DEFCONFIG_VERSION}/arm/cip_bbb_defconfig"
+# for SWUpdate setups: watchdog is configured in U-Boot
+WDOG_TIMEOUT = "0"
+
PREFERRED_PROVIDER_u-boot-${MACHINE} = "u-boot-bbb"
diff --git a/wic/bbb-efibootguard.wks.in b/wic/bbb-efibootguard.wks.in
new file mode 100644
index 0000000..e48cc7f
--- /dev/null
+++ b/wic/bbb-efibootguard.wks.in
@@ -0,0 +1,21 @@
+#
+# CIP Core, generic profile
+#
+# Copyright (c) Siemens AG, 2019-2022
+#
+# SPDX-License-Identifier: MIT
+#
+
+part --source rawcopy --sourceparams "file=/usr/lib/u-boot/bbb/MLO" --no-table --align 128
+part --source rawcopy --sourceparams "file=/usr/lib/u-boot/bbb/u-boot.img" --no-table --align 384
+
+include ebg-sysparts.inc
+
+part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.squashfs" --align 1024 --fixed-size 1G --uuid "fedcba98-7654-3210-cafe-5e0710000001"
+part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.squashfs" --align 1024 --fixed-size 1G --uuid "fedcba98-7654-3210-cafe-5e0710000002"
+
+# home and var are extra partitions
+part /home --source rootfs --rootfs-dir=${IMAGE_ROOTFS}/home --fstype=ext4 --label home --align 1024 --size 1G
+part /var --source rootfs --rootfs-dir=${IMAGE_ROOTFS}/var --fstype=ext4 --label var --align 1024 --size 2G
+
+bootloader --ptable gpt --append="rootwait console=ttyO0,115200 omap_wdt.early_enable=1 omap_wdt.nowayout=1 watchdog.handle_boot_enabled=0"
--
2.35.3
^ permalink raw reply related [flat|nested] 7+ messages in thread
end of thread, other threads:[~2022-08-31 7:36 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-08-31 7:31 [isar-cip-core][PATCH 0/6] Enable SWUpdate support for bbb, update Isar Jan Kiszka
2022-08-31 7:31 ` [isar-cip-core][PATCH 1/6] swupdate: Use cpio from buildchroot Jan Kiszka
2022-08-31 7:31 ` [isar-cip-core][PATCH 2/6] Update Isar revision Jan Kiszka
2022-08-31 7:31 ` [isar-cip-core][PATCH 3/6] linux-cip: Update cip-kernel-config revision Jan Kiszka
2022-08-31 7:31 ` [isar-cip-core][PATCH 4/6] u-boot-bbb: Switch BeagleBone Black to self-built U-Boot Jan Kiszka
2022-08-31 7:31 ` [isar-cip-core][PATCH 5/6] swupdate: Drop u-boot-script from EFI Boot Guard images Jan Kiszka
2022-08-31 7:31 ` [isar-cip-core][PATCH 6/6] Enable BeagleBone Black images with A/B SWUpdate support Jan Kiszka
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox