* [PATCH] opkg-utils: Do not use --ignore-fail-on-non-empty with rmdir
From: Khem Raj @ 2016-12-21 17:34 UTC (permalink / raw)
To: openembedded-core; +Cc: adraszik
--ignore-fail-on-non-empty is coreutils specific, and you
are not always going to have coreutils on target systems
especially small ones. They will use the busybox applet which
does not support --ignore-fail-on-non-empty, use pipe and true
to ignore the errorcode from rmdir instead
Fixes upgrade errors on target e.g.
rmdir: unrecognized option '--ignore-fail-on-non-empty'
BusyBox v1.24.1 (2016-12-20 10:41:39 PST) multi-call binary.
Usage: rmdir [OPTIONS] DIRECTORY...
To remove package debris, try `opkg remove update-alternatives-opkg`.
To re-attempt the install, try `opkg install update-alternatives-opkg`.
Collected errors:
* pkg_run_script: package "update-alternatives-opkg" postrm script returned status 1.
* postrm_upgrade_old_pkg: postrm script for package "update-alternatives-opkg" failed
Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
meta/recipes-devtools/opkg-utils/opkg-utils_git.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-devtools/opkg-utils/opkg-utils_git.bb b/meta/recipes-devtools/opkg-utils/opkg-utils_git.bb
index 19a852ec62..a881bbb5d4 100644
--- a/meta/recipes-devtools/opkg-utils/opkg-utils_git.bb
+++ b/meta/recipes-devtools/opkg-utils/opkg-utils_git.bb
@@ -45,7 +45,7 @@ RCONFLICTS_update-alternatives-opkg = "update-alternatives-cworth"
pkg_postrm_update-alternatives-opkg() {
rm -rf $OPKG_OFFLINE_ROOT${nonarch_libdir}/opkg/alternatives
- rmdir --ignore-fail-on-non-empty $OPKG_OFFLINE_ROOT${nonarch_libdir}/opkg
+ rmdir $OPKG_OFFLINE_ROOT${nonarch_libdir}/opkg || true
}
BBCLASSEXTEND = "native nativesdk"
--
2.11.0
^ permalink raw reply related
* Re: [PATCH] gstreamer: Upgrade to 1.10.2
From: Khem Raj @ 2016-12-21 17:22 UTC (permalink / raw)
To: Alexander Kanavin; +Cc: Patches and discussions about the oe-core layer
In-Reply-To: <0e2947f3-9729-a463-3bb8-a11062749ac2@linux.intel.com>
On Wed, Dec 21, 2016 at 4:16 AM, Alexander Kanavin
<alexander.kanavin@linux.intel.com> wrote:
> On 12/21/2016 09:02 AM, Khem Raj wrote:
>>
>> .../gstreamer/gstreamer1.0-omx_1.10.2.bb | 10 +++++++
>
>
> You should remove the file with previous version, so it becomes a file
> rename like the others.
Old version is still used by some users.
>
> Alex
>
> --
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
^ permalink raw reply
* Re: [wic][PATCH v2] wic: fix parsing of 'bitbake -e' output
From: Maciej Borzęcki @ 2016-12-21 17:16 UTC (permalink / raw)
To: Ed Bartosh; +Cc: Patches and discussions about the oe-core layer
In-Reply-To: <1482332711-23829-1-git-send-email-ed.bartosh@linux.intel.com>
On Wed, Dec 21, 2016 at 4:05 PM, Ed Bartosh <ed.bartosh@linux.intel.com> wrote:
> Current parsing code can wrongly interpret arbitrary lines
> that are of 'key=value' format as legitimate bitbake variables.
>
> Implemented more strict parsing of key=value pairs using
> regular expressions.
>
> Signed-off-by: Ed Bartosh <ed.bartosh@linux.intel.com>
> ---
> scripts/lib/wic/utils/oe/misc.py | 14 ++++++--------
> 1 file changed, 6 insertions(+), 8 deletions(-)
>
> diff --git a/scripts/lib/wic/utils/oe/misc.py b/scripts/lib/wic/utils/oe/misc.py
> index fe188c9..2a2fcc9 100644
> --- a/scripts/lib/wic/utils/oe/misc.py
> +++ b/scripts/lib/wic/utils/oe/misc.py
> @@ -27,6 +27,7 @@
> """Miscellaneous functions."""
>
> import os
> +import re
> from collections import defaultdict
> from distutils import spawn
>
> @@ -148,21 +149,18 @@ class BitbakeVars(defaultdict):
> self.default_image = None
> self.vars_dir = None
>
> - def _parse_line(self, line, image):
> + def _parse_line(self, line, image, matcher=re.compile(r"^(\w+)=(.+)")):
> """
> Parse one line from bitbake -e output or from .env file.
> Put result key-value pair into the storage.
> """
> if "=" not in line:
> return
> - try:
> - key, val = line.split("=")
> - except ValueError:
> + match = matcher.match(line)
> + if not match:
> return
> - key = key.strip()
> - val = val.strip()
> - if key.replace('_', '').isalnum():
> - self[image][key] = val.strip('"')
> + key, val = match.groups()
> + self[image][key] = val.strip('"')
>
> def get_var(self, var, image=None):
> """
> --
> 2.1.4
>
Looks good to me.
Thanks for fixing this so quickly.
--
Maciej Borzecki
RnDity
^ permalink raw reply
* [PATCH 3/3] gummiboot: Remove gummiboot tests
From: Alejandro Hernandez @ 2016-12-21 17:08 UTC (permalink / raw)
To: openembedded-core
In-Reply-To: <cover.1482339995.git.alejandro.hernandez@linux.intel.com>
Since we replaced gummiboot with systemd-boot
along with its tests, the gummiboot tests are
no longer necessary.
[YOCTO #10332]
Signed-off-by: Alejandro Hernandez <alejandro.hernandez@linux.intel.com>
---
meta-yocto-bsp/lib/oeqa/selftest/gummiboot.py | 83 ---------------------------
1 file changed, 83 deletions(-)
delete mode 100644 meta-yocto-bsp/lib/oeqa/selftest/gummiboot.py
diff --git a/meta-yocto-bsp/lib/oeqa/selftest/gummiboot.py b/meta-yocto-bsp/lib/oeqa/selftest/gummiboot.py
deleted file mode 100644
index 00aa36f..0000000
--- a/meta-yocto-bsp/lib/oeqa/selftest/gummiboot.py
+++ /dev/null
@@ -1,83 +0,0 @@
-from oeqa.selftest.base import oeSelfTest
-from oeqa.utils.commands import runCmd, bitbake, get_bb_var, runqemu
-from oeqa.utils.decorators import testcase
-import re
-import os
-import sys
-import logging
-
-
-class Gummiboot(oeSelfTest):
-
- def _common_setup(self):
- """
- Common setup for test cases: 1101, 1103
- """
-
- # Set EFI_PROVIDER = "gummiboot" and MACHINE = "genericx86-64" in conf/local.conf
- features = 'EFI_PROVIDER = "gummiboot"\n'
- features += 'MACHINE = "genericx86-64"'
- self.append_config(features)
-
- def _common_build(self):
- """
- Common build for test cases: 1101, 1103
- """
-
- # Build a genericx86-64/efi gummiboot image
- bitbake('syslinux syslinux-native parted-native dosfstools-native mtools-native core-image-minimal')
-
-
- @testcase(1101)
- def test_efi_gummiboot_images_can_be_built(self):
- """
- Summary: Check if efi/gummiboot images can be built
- Expected: 1. File gummibootx64.efi should be available in build/tmp/deploy/images/genericx86-64
- 2. Efi/gummiboot images can be built
- Product: oe-core
- Author: Ionut Chisanovici <ionutx.chisanovici@intel.com>
- AutomatedBy: Daniel Istrate <daniel.alexandrux.istrate@intel.com>
- """
-
- # We'd use DEPLOY_DIR_IMAGE here, except that we need its value for
- # MACHINE="genericx86-64 which is probably not the one configured
- gummibootfile = os.path.join(get_bb_var('DEPLOY_DIR'), 'images', 'genericx86-64', 'gummibootx64.efi')
-
- self._common_setup()
-
- # Ensure we're actually testing that this gets built and not that
- # it was around from an earlier build
- bitbake('-c cleansstate gummiboot')
- runCmd('rm -f %s' % gummibootfile)
-
- self._common_build()
-
- found = os.path.isfile(gummibootfile)
- self.assertTrue(found, 'Gummiboot file %s not found' % gummibootfile)
-
- @testcase(1103)
- def test_wic_command_can_create_efi_gummiboot_installation_images(self):
- """
- Summary: Check that wic command can create efi/gummiboot installation images
- Expected: A .direct file in folder /var/tmp/wic/ must be created.
- Product: oe-core
- Author: Ionut Chisanovici <ionutx.chisanovici@intel.com>
- AutomatedBy: Daniel Istrate <daniel.alexandrux.istrate@intel.com>
- """
-
- self._common_setup()
- self._common_build()
-
- # Create efi/gummiboot installation images
- wic_create_cmd = 'wic create mkgummidisk -e core-image-minimal'
- result = runCmd(wic_create_cmd)
-
- # Find file written by wic from output
- res = re.search('(/var/tmp/wic/.*\.direct)', result.output)
- if res:
- direct_file = res.group(1)
- # Check it actually exists
- if not os.path.exists(direct_file):
- self.fail('wic reported direct file "%s" does not exist; wic output:\n%s' % (direct_file, result.output))
- else:
- self.fail('No .direct file reported in wic output:\n%s' % result.output)
--
2.10.1
^ permalink raw reply related
* [PATCH 2/3] gummiboot: Remove old gummiboot recipe, related class and wks file
From: Alejandro Hernandez @ 2016-12-21 17:08 UTC (permalink / raw)
To: openembedded-core
In-Reply-To: <cover.1482339995.git.alejandro.hernandez@linux.intel.com>
Since the gummiboot project is no longer being maintained
and we are using systemd-boot as a replacement instead,
we can now clean up all remaining gummiboot files.
[YOCTO #10332]
Signed-off-by: Alejandro Hernandez <alejandro.hernandez@linux.intel.com>
---
meta/classes/gummiboot.bbclass | 121 ---------------------
...-C-syntax-errors-for-function-declaration.patch | 74 -------------
.../gummiboot/gummiboot/fix-objcopy.patch | 45 --------
meta/recipes-bsp/gummiboot/gummiboot_git.bb | 39 -------
scripts/lib/wic/canned-wks/mkgummidisk.wks | 11 --
5 files changed, 290 deletions(-)
delete mode 100644 meta/classes/gummiboot.bbclass
delete mode 100644 meta/recipes-bsp/gummiboot/gummiboot/0001-console-Fix-C-syntax-errors-for-function-declaration.patch
delete mode 100644 meta/recipes-bsp/gummiboot/gummiboot/fix-objcopy.patch
delete mode 100644 meta/recipes-bsp/gummiboot/gummiboot_git.bb
delete mode 100644 scripts/lib/wic/canned-wks/mkgummidisk.wks
diff --git a/meta/classes/gummiboot.bbclass b/meta/classes/gummiboot.bbclass
deleted file mode 100644
index 4f2dea6..0000000
--- a/meta/classes/gummiboot.bbclass
+++ /dev/null
@@ -1,121 +0,0 @@
-# Copyright (C) 2014 Intel Corporation
-#
-# Released under the MIT license (see COPYING.MIT)
-
-# gummiboot.bbclass - equivalent of grub-efi.bbclass
-# Set EFI_PROVIDER = "gummiboot" to use gummiboot on your live images instead of grub-efi
-# (images built by image-live.bbclass or image-vm.bbclass)
-
-do_bootimg[depends] += "${MLPREFIX}gummiboot:do_deploy"
-do_bootdirectdisk[depends] += "${MLPREFIX}gummiboot:do_deploy"
-
-EFIDIR = "/EFI/BOOT"
-
-GUMMIBOOT_CFG ?= "${S}/loader.conf"
-GUMMIBOOT_ENTRIES ?= ""
-GUMMIBOOT_TIMEOUT ?= "10"
-
-# Need UUID utility code.
-inherit fs-uuid
-
-efi_populate() {
- DEST=$1
-
- EFI_IMAGE="gummibootia32.efi"
- DEST_EFI_IMAGE="bootia32.efi"
- if [ "${TARGET_ARCH}" = "x86_64" ]; then
- EFI_IMAGE="gummibootx64.efi"
- DEST_EFI_IMAGE="bootx64.efi"
- fi
-
- install -d ${DEST}${EFIDIR}
- # gummiboot requires these paths for configuration files
- # they are not customizable so no point in new vars
- install -d ${DEST}/loader
- install -d ${DEST}/loader/entries
- install -m 0644 ${DEPLOY_DIR_IMAGE}/${EFI_IMAGE} ${DEST}${EFIDIR}/${DEST_EFI_IMAGE}
- EFIPATH=$(echo "${EFIDIR}" | sed 's/\//\\/g')
- printf 'fs0:%s\%s\n' "$EFIPATH" "$DEST_EFI_IMAGE" >${DEST}/startup.nsh
- install -m 0644 ${GUMMIBOOT_CFG} ${DEST}/loader/loader.conf
- for i in ${GUMMIBOOT_ENTRIES}; do
- install -m 0644 ${i} ${DEST}/loader/entries
- done
-}
-
-efi_iso_populate() {
- iso_dir=$1
- efi_populate $iso_dir
- mkdir -p ${EFIIMGDIR}/${EFIDIR}
- cp $iso_dir/${EFIDIR}/* ${EFIIMGDIR}${EFIDIR}
- cp $iso_dir/vmlinuz ${EFIIMGDIR}
- EFIPATH=$(echo "${EFIDIR}" | sed 's/\//\\/g')
- echo "fs0:${EFIPATH}\\${DEST_EFI_IMAGE}" > ${EFIIMGDIR}/startup.nsh
- if [ -f "$iso_dir/initrd" ] ; then
- cp $iso_dir/initrd ${EFIIMGDIR}
- fi
-}
-
-efi_hddimg_populate() {
- efi_populate $1
-}
-
-python build_efi_cfg() {
- s = d.getVar("S", True)
- labels = d.getVar('LABELS', True)
- if not labels:
- bb.debug(1, "LABELS not defined, nothing to do")
- return
-
- if labels == []:
- bb.debug(1, "No labels, nothing to do")
- return
-
- cfile = d.getVar('GUMMIBOOT_CFG', True)
- try:
- cfgfile = open(cfile, 'w')
- except OSError:
- bb.fatal('Unable to open %s' % cfile)
-
- cfgfile.write('# Automatically created by OE\n')
- cfgfile.write('default %s\n' % (labels.split()[0]))
- timeout = d.getVar('GUMMIBOOT_TIMEOUT', True)
- if timeout:
- cfgfile.write('timeout %s\n' % timeout)
- else:
- cfgfile.write('timeout 10\n')
- cfgfile.close()
-
- for label in labels.split():
- localdata = d.createCopy()
-
- overrides = localdata.getVar('OVERRIDES', True)
- if not overrides:
- bb.fatal('OVERRIDES not defined')
-
- entryfile = "%s/%s.conf" % (s, label)
- d.appendVar("GUMMIBOOT_ENTRIES", " " + entryfile)
- try:
- entrycfg = open(entryfile, "w")
- except OSError:
- bb.fatal('Unable to open %s' % entryfile)
- localdata.setVar('OVERRIDES', label + ':' + overrides)
- bb.data.update_data(localdata)
-
- entrycfg.write('title %s\n' % label)
- entrycfg.write('linux /vmlinuz\n')
-
- append = localdata.getVar('APPEND', True)
- initrd = localdata.getVar('INITRD', True)
-
- if initrd:
- entrycfg.write('initrd /initrd\n')
- lb = label
- if label == "install":
- lb = "install-efi"
- entrycfg.write('options LABEL=%s ' % lb)
- if append:
- append = replace_rootfs_uuid(d, append)
- entrycfg.write('%s' % append)
- entrycfg.write('\n')
- entrycfg.close()
-}
diff --git a/meta/recipes-bsp/gummiboot/gummiboot/0001-console-Fix-C-syntax-errors-for-function-declaration.patch b/meta/recipes-bsp/gummiboot/gummiboot/0001-console-Fix-C-syntax-errors-for-function-declaration.patch
deleted file mode 100644
index fa50bc4..0000000
--- a/meta/recipes-bsp/gummiboot/gummiboot/0001-console-Fix-C-syntax-errors-for-function-declaration.patch
+++ /dev/null
@@ -1,74 +0,0 @@
-From 55957faf1272c8f5f304909faeebf647a78e3701 Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Wed, 9 Sep 2015 07:19:45 +0000
-Subject: [PATCH] console: Fix C syntax errors for function declaration
-
-To address this, the semicolons after the function parameters should be
-replaced by commas, and the last one should be omitted
-
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
-Upstream-Status: Pending
-
- src/efi/console.c | 26 +++++++++++++-------------
- 1 file changed, 13 insertions(+), 13 deletions(-)
-
-diff --git a/src/efi/console.c b/src/efi/console.c
-index 6206c80..66aa88f 100644
---- a/src/efi/console.c
-+++ b/src/efi/console.c
-@@ -27,8 +27,8 @@
- struct _EFI_SIMPLE_TEXT_INPUT_EX_PROTOCOL;
-
- typedef EFI_STATUS (EFIAPI *EFI_INPUT_RESET_EX)(
-- struct _EFI_SIMPLE_TEXT_INPUT_EX_PROTOCOL *This;
-- BOOLEAN ExtendedVerification;
-+ struct _EFI_SIMPLE_TEXT_INPUT_EX_PROTOCOL *This,
-+ BOOLEAN ExtendedVerification
- );
-
- typedef UINT8 EFI_KEY_TOGGLE_STATE;
-@@ -44,29 +44,29 @@ typedef struct {
- } EFI_KEY_DATA;
-
- typedef EFI_STATUS (EFIAPI *EFI_INPUT_READ_KEY_EX)(
-- struct _EFI_SIMPLE_TEXT_INPUT_EX_PROTOCOL *This;
-- EFI_KEY_DATA *KeyData;
-+ struct _EFI_SIMPLE_TEXT_INPUT_EX_PROTOCOL *This,
-+ EFI_KEY_DATA *KeyData
- );
-
- typedef EFI_STATUS (EFIAPI *EFI_SET_STATE)(
-- struct _EFI_SIMPLE_TEXT_INPUT_EX_PROTOCOL *This;
-- EFI_KEY_TOGGLE_STATE *KeyToggleState;
-+ struct _EFI_SIMPLE_TEXT_INPUT_EX_PROTOCOL *This,
-+ EFI_KEY_TOGGLE_STATE *KeyToggleState
- );
-
- typedef EFI_STATUS (EFIAPI *EFI_KEY_NOTIFY_FUNCTION)(
-- EFI_KEY_DATA *KeyData;
-+ EFI_KEY_DATA *KeyData
- );
-
- typedef EFI_STATUS (EFIAPI *EFI_REGISTER_KEYSTROKE_NOTIFY)(
-- struct _EFI_SIMPLE_TEXT_INPUT_EX_PROTOCOL *This;
-- EFI_KEY_DATA KeyData;
-- EFI_KEY_NOTIFY_FUNCTION KeyNotificationFunction;
-- VOID **NotifyHandle;
-+ struct _EFI_SIMPLE_TEXT_INPUT_EX_PROTOCOL *This,
-+ EFI_KEY_DATA KeyData,
-+ EFI_KEY_NOTIFY_FUNCTION KeyNotificationFunction,
-+ VOID **NotifyHandle
- );
-
- typedef EFI_STATUS (EFIAPI *EFI_UNREGISTER_KEYSTROKE_NOTIFY)(
-- struct _EFI_SIMPLE_TEXT_INPUT_EX_PROTOCOL *This;
-- VOID *NotificationHandle;
-+ struct _EFI_SIMPLE_TEXT_INPUT_EX_PROTOCOL *This,
-+ VOID *NotificationHandle
- );
-
- typedef struct _EFI_SIMPLE_TEXT_INPUT_EX_PROTOCOL {
---
-2.5.1
-
diff --git a/meta/recipes-bsp/gummiboot/gummiboot/fix-objcopy.patch b/meta/recipes-bsp/gummiboot/gummiboot/fix-objcopy.patch
deleted file mode 100644
index 49f5593..0000000
--- a/meta/recipes-bsp/gummiboot/gummiboot/fix-objcopy.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From 0f7f9e3bb1d0e1b93f3ad8a1d5d7bdd3fbf27494 Mon Sep 17 00:00:00 2001
-From: Robert Yang <liezhi.yang@windriver.com>
-Date: Thu, 27 Mar 2014 07:20:33 +0000
-Subject: [PATCH] Makefile.am: use objcopy from the env
-
-It uses the "objcopy" directly, which is not suitable for cross compile.
-
-Upstream-Status: Pending
-
-Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
----
- Makefile.am | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-Index: git/Makefile.am
-===================================================================
---- git.orig/Makefile.am
-+++ git/Makefile.am
-@@ -19,6 +19,8 @@
- ACLOCAL_AMFLAGS = -I m4 ${ACLOCAL_FLAGS}
- AM_MAKEFLAGS = --no-print-directory
-
-+OBJCOPY ?= objcopy
-+
- gummibootlibdir = $(prefix)/lib/gummiboot
-
- AM_CPPFLAGS = -include config.h
-@@ -148,7 +150,7 @@ $(gummiboot_solib): $(gummiboot_objects)
- .DELETE_ON_ERROR: $(gummboot_solib)
-
- $(gummiboot): $(gummiboot_solib)
-- $(AM_V_GEN) objcopy -j .text -j .sdata -j .data -j .dynamic \
-+ $(AM_V_GEN) $(OBJCOPY) -j .text -j .sdata -j .data -j .dynamic \
- -j .dynsym -j .rel -j .rela -j .reloc \
- --target=efi-app-$(ARCH) $< $@
-
-@@ -183,7 +185,7 @@ $(stub_solib): $(stub_objects)
- .DELETE_ON_ERROR: $(gummboot_solib)
-
- $(stub): $(stub_solib)
-- $(AM_V_GEN) objcopy -j .text -j .sdata -j .data -j .dynamic \
-+ $(AM_V_GEN) $(OBJCOPY) -j .text -j .sdata -j .data -j .dynamic \
- -j .dynsym -j .rel -j .rela -j .reloc \
- --target=efi-app-$(ARCH) $< $@
-
diff --git a/meta/recipes-bsp/gummiboot/gummiboot_git.bb b/meta/recipes-bsp/gummiboot/gummiboot_git.bb
deleted file mode 100644
index c684b83..0000000
--- a/meta/recipes-bsp/gummiboot/gummiboot_git.bb
+++ /dev/null
@@ -1,39 +0,0 @@
-SUMMARY = "Gummiboot is a simple UEFI boot manager which executes configured EFI images."
-HOMEPAGE = "http://freedesktop.org/wiki/Software/gummiboot"
-
-LICENSE = "LGPLv2.1"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=4fbd65380cdd255951079008b364516c"
-
-DEPENDS = "gnu-efi util-linux"
-
-inherit autotools pkgconfig manpages
-inherit deploy
-
-PV = "48+git${SRCPV}"
-SRCREV = "2bcd919c681c952eb867ef1bdb458f1bc49c2d55"
-SRC_URI = "git://anongit.freedesktop.org/gummiboot \
- file://fix-objcopy.patch \
- file://0001-console-Fix-C-syntax-errors-for-function-declaration.patch \
- "
-
-PACKAGECONFIG[manpages] = "--enable-manpages, --disable-manpages, libxslt-native xmlto-native"
-
-# Note: Add COMPATIBLE_HOST here is only because it depends on gnu-efi
-# which has set the COMPATIBLE_HOST, the gummiboot itself may work on
-# more hosts.
-COMPATIBLE_HOST = "(x86_64.*|i.86.*)-linux"
-
-S = "${WORKDIR}/git"
-
-EXTRA_OECONF = "--with-efi-includedir=${STAGING_INCDIR} \
- --with-efi-ldsdir=${STAGING_LIBDIR} \
- --with-efi-libdir=${STAGING_LIBDIR}"
-
-EXTRA_OEMAKE += "gummibootlibdir=${libdir}/gummiboot"
-
-TUNE_CCARGS_remove = "-mfpmath=sse"
-
-do_deploy () {
- install ${B}/gummiboot*.efi ${DEPLOYDIR}
-}
-addtask deploy before do_build after do_compile
diff --git a/scripts/lib/wic/canned-wks/mkgummidisk.wks b/scripts/lib/wic/canned-wks/mkgummidisk.wks
deleted file mode 100644
index f3ae090..0000000
--- a/scripts/lib/wic/canned-wks/mkgummidisk.wks
+++ /dev/null
@@ -1,11 +0,0 @@
-# short-description: Create an EFI disk image
-# long-description: Creates a partitioned EFI disk image that the user
-# can directly dd to boot media.
-
-part /boot --source bootimg-efi --sourceparams="loader=gummiboot" --ondisk sda --label msdos --active --align 1024
-
-part / --source rootfs --ondisk sda --fstype=ext4 --label platform --align 1024
-
-part swap --ondisk sda --size 44 --label swap1 --fstype=swap
-
-bootloader --ptable gpt --timeout=5 --append="rootwait rootfstype=ext4 console=ttyS0,115200 console=tty0"
--
2.10.1
^ permalink raw reply related
* [PATCH 1/3] gummiboot: Remove/change gummiboot references with systemd-boot
From: Alejandro Hernandez @ 2016-12-21 17:08 UTC (permalink / raw)
To: openembedded-core
In-Reply-To: <cover.1482339995.git.alejandro.hernandez@linux.intel.com>
After systemd-boot was introduced, its been tested for a while with no major
issues being found until now, this patch completely replaces all gummiboot
instances with systemd-boot ones, taking the next step into cleaning
up systemd-boot/gummiboot.
[YOCTO #10332]
Signed-off-by: Alejandro Hernandez <alejandro.hernandez@linux.intel.com>
---
meta/classes/fs-uuid.bbclass | 2 +-
meta/classes/systemd-boot.bbclass | 4 +---
meta/conf/distro/include/distro_alias.inc | 2 +-
meta/lib/oeqa/controllers/masterimage.py | 4 ++--
meta/recipes-bsp/systemd-boot/systemd-boot_232.bb | 2 +-
.../initrdscripts/files/init-install-efi-testfs.sh | 12 +++++-----
.../initrdscripts/files/init-install-efi.sh | 12 +++++-----
scripts/contrib/mkefidisk.sh | 26 +++++++++++-----------
scripts/lib/wic/plugins/source/bootimg-efi.py | 22 +++++++++---------
9 files changed, 41 insertions(+), 45 deletions(-)
diff --git a/meta/classes/fs-uuid.bbclass b/meta/classes/fs-uuid.bbclass
index 313c5a3..9b53dfb 100644
--- a/meta/classes/fs-uuid.bbclass
+++ b/meta/classes/fs-uuid.bbclass
@@ -13,7 +13,7 @@ def get_rootfs_uuid(d):
bb.fatal('Could not determine filesystem UUID of %s' % rootfs)
# Replace the special <<uuid-of-rootfs>> inside a string (like the
-# root= APPEND string in a syslinux.cfg or gummiboot entry) with the
+# root= APPEND string in a syslinux.cfg or systemd-boot entry) with the
# actual UUID of the rootfs. Does nothing if the special string
# is not used.
def replace_rootfs_uuid(d, string):
diff --git a/meta/classes/systemd-boot.bbclass b/meta/classes/systemd-boot.bbclass
index 60729a7..6718783 100644
--- a/meta/classes/systemd-boot.bbclass
+++ b/meta/classes/systemd-boot.bbclass
@@ -4,9 +4,7 @@
# systemd-boot.bbclass - The "systemd-boot" is essentially the gummiboot merged into systemd.
# The original standalone gummiboot project is dead without any more
-# maintenance. As a start point, we replace all gummitboot occurrences
-# with systemd-boot in gummiboot.bbclass to have a base version of this
-# systemd-boot.bbclass.
+# maintenance.
#
# Set EFI_PROVIDER = "systemd-boot" to use systemd-boot on your live images instead of grub-efi
# (images built by image-live.bbclass or image-vm.bbclass)
diff --git a/meta/conf/distro/include/distro_alias.inc b/meta/conf/distro/include/distro_alias.inc
index a59265a..489f5ea 100644
--- a/meta/conf/distro/include/distro_alias.inc
+++ b/meta/conf/distro/include/distro_alias.inc
@@ -135,7 +135,7 @@ DISTRO_PN_ALIAS_pn-gtk-doc = "Fedora=gtk-doc Ubuntu=gtk-doc"
DISTRO_PN_ALIAS_pn-gtk-engines = "Fedora=gtk2-engines OpenSuSE=gtk2-engines Ubuntu=gtk2-engines Mandriva=gtk-engines2 Debian=gtk2-engines"
DISTRO_PN_ALIAS_pn-gtk-sato-engine = "OpenedHand"
DISTRO_PN_ALIAS_pn-gtk-icon-utils-native = "OSPDT"
-DISTRO_PN_ALIAS_pn-gummiboot = "Debian=gummiboot Fedora=gummiboot"
+DISTRO_PN_ALIAS_pn-systemd-boot = "Ubuntu=systemd-boot Fedora=systemd-boot"
DISTRO_PN_ALIAS_pn-hello-mod = "OE-Core"
DISTRO_PN_ALIAS_pn-hostap-conf = "OE-Core"
DISTRO_PN_ALIAS_pn-hwlatdetect = "OSPDT"
diff --git a/meta/lib/oeqa/controllers/masterimage.py b/meta/lib/oeqa/controllers/masterimage.py
index d796fc3..07418fc 100644
--- a/meta/lib/oeqa/controllers/masterimage.py
+++ b/meta/lib/oeqa/controllers/masterimage.py
@@ -159,10 +159,10 @@ class MasterImageHardwareTarget(oeqa.targetcontrol.BaseTarget, metaclass=ABCMeta
self.power_cycle(self.connection)
-class GummibootTarget(MasterImageHardwareTarget):
+class SystemdbootTarget(MasterImageHardwareTarget):
def __init__(self, d):
- super(GummibootTarget, self).__init__(d)
+ super(SystemdbootTarget, self).__init__(d)
# this the value we need to set in the LoaderEntryOneShot EFI variable
# so the system boots the 'test' bootloader label and not the default
# The first four bytes are EFI bits, and the rest is an utf-16le string
diff --git a/meta/recipes-bsp/systemd-boot/systemd-boot_232.bb b/meta/recipes-bsp/systemd-boot/systemd-boot_232.bb
index 7036664..602052c 100644
--- a/meta/recipes-bsp/systemd-boot/systemd-boot_232.bb
+++ b/meta/recipes-bsp/systemd-boot/systemd-boot_232.bb
@@ -15,7 +15,7 @@ EXTRA_OECONF = " --enable-gnuefi \
--disable-manpages \
"
-# Imported from gummiboot recipe
+# Imported from the old gummiboot recipe
TUNE_CCARGS_remove = "-mfpmath=sse"
COMPATIBLE_HOST = "(x86_64.*|i.86.*)-linux"
diff --git a/meta/recipes-core/initrdscripts/files/init-install-efi-testfs.sh b/meta/recipes-core/initrdscripts/files/init-install-efi-testfs.sh
index b562109..9c4b263 100644
--- a/meta/recipes-core/initrdscripts/files/init-install-efi-testfs.sh
+++ b/meta/recipes-core/initrdscripts/files/init-install-efi-testfs.sh
@@ -171,19 +171,19 @@ if [ -f /run/media/$1/EFI/BOOT/grub.cfg ]; then
fi
if [ -d /run/media/$1/loader ]; then
- GUMMIBOOT_CFGS="/ssd/loader/entries/*.conf"
- # copy config files for gummiboot
+ SYSTEMDBOOT_CFGS="/ssd/loader/entries/*.conf"
+ # copy config files for systemd-boot
cp -dr /run/media/$1/loader /ssd
# delete the install entry
rm -f /ssd/loader/entries/install.conf
# delete the initrd lines
- sed -i "/initrd /d" $GUMMIBOOT_CFGS
+ sed -i "/initrd /d" $SYSTEMDBOOT_CFGS
# delete any LABEL= strings
- sed -i "s/ LABEL=[^ ]*/ /" $GUMMIBOOT_CFGS
+ sed -i "s/ LABEL=[^ ]*/ /" $SYSTEMDBOOT_CFGS
# delete any root= strings
- sed -i "s/ root=[^ ]*/ /" $GUMMIBOOT_CFGS
+ sed -i "s/ root=[^ ]*/ /" $SYSTEMDBOOT_CFGS
# add the root= and other standard boot options
- sed -i "s@options *@options root=$rootfs rw $rootwait quiet @" $GUMMIBOOT_CFGS
+ sed -i "s@options *@options root=$rootfs rw $rootwait quiet @" $SYSTEMDBOOT_CFGS
# Add the test label
echo -ne "title test\nlinux /test-kernel\noptions root=$testfs rw $rootwait quiet\n" > /ssd/loader/entries/test.conf
fi
diff --git a/meta/recipes-core/initrdscripts/files/init-install-efi.sh b/meta/recipes-core/initrdscripts/files/init-install-efi.sh
index ffb709c..5ad3a60 100644
--- a/meta/recipes-core/initrdscripts/files/init-install-efi.sh
+++ b/meta/recipes-core/initrdscripts/files/init-install-efi.sh
@@ -245,19 +245,19 @@ fi
if [ -d /run/media/$1/loader ]; then
rootuuid=$(blkid -o value -s PARTUUID ${rootfs})
- GUMMIBOOT_CFGS="/boot/loader/entries/*.conf"
- # copy config files for gummiboot
+ SYSTEMDBOOT_CFGS="/boot/loader/entries/*.conf"
+ # copy config files for systemd-boot
cp -dr /run/media/$1/loader /boot
# delete the install entry
rm -f /boot/loader/entries/install.conf
# delete the initrd lines
- sed -i "/initrd /d" $GUMMIBOOT_CFGS
+ sed -i "/initrd /d" $SYSTEMDBOOT_CFGS
# delete any LABEL= strings
- sed -i "s/ LABEL=[^ ]*/ /" $GUMMIBOOT_CFGS
+ sed -i "s/ LABEL=[^ ]*/ /" $SYSTEMDBOOT_CFGS
# delete any root= strings
- sed -i "s/ root=[^ ]*/ /" $GUMMIBOOT_CFGS
+ sed -i "s/ root=[^ ]*/ /" $SYSTEMDBOOT_CFGS
# add the root= and other standard boot options
- sed -i "s@options *@options root=PARTUUID=$rootuuid rw $rootwait quiet @" $GUMMIBOOT_CFGS
+ sed -i "s@options *@options root=PARTUUID=$rootuuid rw $rootwait quiet @" $SYSTEMDBOOT_CFGS
fi
umount /tgt_root
diff --git a/scripts/contrib/mkefidisk.sh b/scripts/contrib/mkefidisk.sh
index a175895..800733f 100755
--- a/scripts/contrib/mkefidisk.sh
+++ b/scripts/contrib/mkefidisk.sh
@@ -384,7 +384,7 @@ EFIDIR="$BOOTFS_MNT/EFI/BOOT"
cp $HDDIMG_MNT/vmlinuz $BOOTFS_MNT >$OUT 2>&1 || error "Failed to copy vmlinuz"
# Copy the efi loader and configs (booti*.efi and grub.cfg if it exists)
cp -r $HDDIMG_MNT/EFI $BOOTFS_MNT >$OUT 2>&1 || error "Failed to copy EFI dir"
-# Silently ignore a missing gummiboot loader dir (we might just be a GRUB image)
+# Silently ignore a missing systemd-boot loader dir (we might just be a GRUB image)
cp -r $HDDIMG_MNT/loader $BOOTFS_MNT >$OUT 2>&1
# Update the boot loaders configurations for an installed image
@@ -410,25 +410,25 @@ if [ -e "$GRUB_CFG" ]; then
sed -i "s@vmlinuz @vmlinuz root=$TARGET_ROOTFS ro rootwait console=ttyS0 console=tty0 @" $GRUB_CFG
fi
-# Look for a gummiboot installation
-GUMMI_ENTRIES="$BOOTFS_MNT/loader/entries"
-GUMMI_CFG="$GUMMI_ENTRIES/boot.conf"
-if [ -d "$GUMMI_ENTRIES" ]; then
- info "Configuring Gummiboot"
+# Look for a systemd-boot installation
+SYSTEMD_BOOT_ENTRIES="$BOOTFS_MNT/loader/entries"
+SYSTEMD_BOOT_CFG="$SYSTEMD_BOOT_ENTRIES/boot.conf"
+if [ -d "$SYSTEMD_BOOT_ENTRIES" ]; then
+ info "Configuring SystemD-boot"
# remove the install target if it exists
- rm $GUMMI_ENTRIES/install.conf >$OUT 2>&1
+ rm $SYSTEMD_BOOT_ENTRIES/install.conf >$OUT 2>&1
- if [ ! -e "$GUMMI_CFG" ]; then
- echo "ERROR: $GUMMI_CFG not found"
+ if [ ! -e "$SYSTEMD_BOOT_CFG" ]; then
+ echo "ERROR: $SYSTEMD_BOOT_CFG not found"
fi
- sed -i "/initrd /d" $GUMMI_CFG
- sed -i "s@ root=[^ ]*@ @" $GUMMI_CFG
- sed -i "s@options *LABEL=boot @options LABEL=Boot root=$TARGET_ROOTFS ro rootwait console=ttyS0 console=tty0 @" $GUMMI_CFG
+ sed -i "/initrd /d" $SYSTEMD_BOOT_CFG
+ sed -i "s@ root=[^ ]*@ @" $SYSTEMD_BOOT_CFG
+ sed -i "s@options *LABEL=boot @options LABEL=Boot root=$TARGET_ROOTFS ro rootwait console=ttyS0 console=tty0 @" $SYSTEMD_BOOT_CFG
fi
# Ensure we have at least one EFI bootloader configured
-if [ ! -e $GRUB_CFG ] && [ ! -e $GUMMI_CFG ]; then
+if [ ! -e $GRUB_CFG ] && [ ! -e $SYSTEMD_BOOT_CFG ]; then
die "No EFI bootloader configuration found"
fi
diff --git a/scripts/lib/wic/plugins/source/bootimg-efi.py b/scripts/lib/wic/plugins/source/bootimg-efi.py
index 4adb80b..305e910 100644
--- a/scripts/lib/wic/plugins/source/bootimg-efi.py
+++ b/scripts/lib/wic/plugins/source/bootimg-efi.py
@@ -36,7 +36,7 @@ from wic.utils.oe.misc import exec_cmd, exec_native_cmd, get_bitbake_var, \
class BootimgEFIPlugin(SourcePlugin):
"""
Create EFI boot partition.
- This plugin supports GRUB 2 and gummiboot bootloaders.
+ This plugin supports GRUB 2 and systemd-boot bootloaders.
"""
name = 'bootimg-efi'
@@ -82,7 +82,7 @@ class BootimgEFIPlugin(SourcePlugin):
cfg.close()
@classmethod
- def do_configure_gummiboot(cls, hdddir, creator, cr_workdir):
+ def do_configure_systemdboot(cls, hdddir, creator, cr_workdir):
"""
Create loader-specific systemd-boot/gummiboot config
"""
@@ -98,7 +98,7 @@ class BootimgEFIPlugin(SourcePlugin):
loader_conf += "default boot\n"
loader_conf += "timeout %d\n" % bootloader.timeout
- msger.debug("Writing gummiboot config %s/hdd/boot/loader/loader.conf" \
+ msger.debug("Writing systemd-boot config %s/hdd/boot/loader/loader.conf" \
% cr_workdir)
cfg = open("%s/hdd/boot/loader/loader.conf" % cr_workdir, "w")
cfg.write(loader_conf)
@@ -109,16 +109,16 @@ class BootimgEFIPlugin(SourcePlugin):
if configfile:
custom_cfg = get_custom_config(configfile)
if custom_cfg:
- # Use a custom configuration for gummiboot
+ # Use a custom configuration for systemd-boot
boot_conf = custom_cfg
msger.debug("Using custom configuration file "
- "%s for gummiboots's boot.conf" % configfile)
+ "%s for systemd-boots's boot.conf" % configfile)
else:
msger.error("configfile is specified but failed to "
"get it from %s." % configfile)
if not custom_cfg:
- # Create gummiboot configuration using parameters from wks file
+ # Create systemd-boot configuration using parameters from wks file
kernel = "/bzImage"
boot_conf = ""
@@ -127,7 +127,7 @@ class BootimgEFIPlugin(SourcePlugin):
boot_conf += "options LABEL=Boot root=%s %s\n" % \
(creator.rootdev, bootloader.append)
- msger.debug("Writing gummiboot config %s/hdd/boot/loader/entries/boot.conf" \
+ msger.debug("Writing systemd-boot config %s/hdd/boot/loader/entries/boot.conf" \
% cr_workdir)
cfg = open("%s/hdd/boot/loader/entries/boot.conf" % cr_workdir, "w")
cfg.write(boot_conf)
@@ -149,9 +149,8 @@ class BootimgEFIPlugin(SourcePlugin):
try:
if source_params['loader'] == 'grub-efi':
cls.do_configure_grubefi(hdddir, creator, cr_workdir)
- elif source_params['loader'] == 'gummiboot' \
- or source_params['loader'] == 'systemd-boot':
- cls.do_configure_gummiboot(hdddir, creator, cr_workdir)
+ elif source_params['loader'] == 'systemd-boot':
+ cls.do_configure_systemdboot(hdddir, creator, cr_workdir)
else:
msger.error("unrecognized bootimg-efi loader: %s" % source_params['loader'])
except KeyError:
@@ -190,8 +189,7 @@ class BootimgEFIPlugin(SourcePlugin):
exec_cmd(cp_cmd, True)
shutil.move("%s/grub.cfg" % cr_workdir,
"%s/hdd/boot/EFI/BOOT/grub.cfg" % cr_workdir)
- elif source_params['loader'] == 'gummiboot' \
- or source_params['loader'] == 'systemd-boot':
+ elif source_params['loader'] == 'systemd-boot':
cp_cmd = "cp %s/EFI/BOOT/* %s/EFI/BOOT" % (bootimg_dir, hdddir)
exec_cmd(cp_cmd, True)
else:
--
2.10.1
^ permalink raw reply related
* [PATCH 1/4] uninative: Parameterise the use of STAGING_DIR
From: Richard Purdie @ 2016-12-21 17:05 UTC (permalink / raw)
To: openembedded-core
This means that a user can change TMPDIR in a multiconfig situation
and still only have one path to the uninative setup. Without this change
its not possile to make such a setup work.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
meta/classes/uninative.bbclass | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/meta/classes/uninative.bbclass b/meta/classes/uninative.bbclass
index 177af73..03ad5d6 100644
--- a/meta/classes/uninative.bbclass
+++ b/meta/classes/uninative.bbclass
@@ -1,4 +1,5 @@
-UNINATIVE_LOADER ?= "${STAGING_DIR}-uninative/${BUILD_ARCH}-linux/lib/${@bb.utils.contains('BUILD_ARCH', 'x86_64', 'ld-linux-x86-64.so.2', 'ld-linux.so.2', d)}"
+UNINATIVE_LOADER ?= "${UNINATIVE_STAGING_DIR}-uninative/${BUILD_ARCH}-linux/lib/${@bb.utils.contains('BUILD_ARCH', 'x86_64', 'ld-linux-x86-64.so.2', 'ld-linux.so.2', d)}"
+UNINATIVE_STAGING_DIR ?= "${STAGING_DIR}"
UNINATIVE_URL ?= "unset"
UNINATIVE_TARBALL ?= "${BUILD_ARCH}-nativesdk-libc.tar.bz2"
@@ -58,7 +59,7 @@ python uninative_event_fetchloader() {
if localpath != tarballpath and os.path.exists(localpath) and not os.path.exists(tarballpath):
os.symlink(localpath, tarballpath)
- cmd = d.expand("mkdir -p ${STAGING_DIR}-uninative; cd ${STAGING_DIR}-uninative; tar -xjf ${UNINATIVE_DLDIR}/%s/${UNINATIVE_TARBALL}; ${STAGING_DIR}-uninative/relocate_sdk.py ${STAGING_DIR}-uninative/${BUILD_ARCH}-linux ${UNINATIVE_LOADER} ${UNINATIVE_LOADER} ${STAGING_DIR}-uninative/${BUILD_ARCH}-linux/${bindir_native}/patchelf-uninative ${STAGING_DIR}-uninative/${BUILD_ARCH}-linux${base_libdir_native}/libc*.so" % chksum)
+ cmd = d.expand("mkdir -p ${UNINATIVE_STAGING_DIR}-uninative; cd ${UNINATIVE_STAGING_DIR}-uninative; tar -xjf ${UNINATIVE_DLDIR}/%s/${UNINATIVE_TARBALL}; ${UNINATIVE_STAGING_DIR}-uninative/relocate_sdk.py ${UNINATIVE_STAGING_DIR}-uninative/${BUILD_ARCH}-linux ${UNINATIVE_LOADER} ${UNINATIVE_LOADER} ${UNINATIVE_STAGING_DIR}-uninative/${BUILD_ARCH}-linux/${bindir_native}/patchelf-uninative ${UNINATIVE_STAGING_DIR}-uninative/${BUILD_ARCH}-linux${base_libdir_native}/libc*.so" % chksum)
subprocess.check_call(cmd, shell=True)
with open(loaderchksum, "w") as f:
@@ -90,7 +91,7 @@ def enable_uninative(d):
bb.debug(2, "Enabling uninative")
d.setVar("NATIVELSBSTRING", "universal%s" % oe.utils.host_gcc_version(d))
d.appendVar("SSTATEPOSTUNPACKFUNCS", " uninative_changeinterp")
- d.prependVar("PATH", "${STAGING_DIR}-uninative/${BUILD_ARCH}-linux${bindir_native}:")
+ d.prependVar("PATH", "${UNINATIVE_STAGING_DIR}-uninative/${BUILD_ARCH}-linux${bindir_native}:")
python uninative_changeinterp () {
import subprocess
--
2.7.4
^ permalink raw reply related
* [PATCH 3/4] libgcc-common: Don't apply symlinks for nativesdk
From: Richard Purdie @ 2016-12-21 17:05 UTC (permalink / raw)
To: openembedded-core
In-Reply-To: <1482339945-26418-1-git-send-email-richard.purdie@linuxfoundation.org>
nativesdk-libgcc doesn't need a symlink into the target space and if we do this
sstate installation of the recipe can fail depending on whether it races with
the cross-canadian toolchains.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
meta/recipes-devtools/gcc/libgcc-common.inc | 3 +++
1 file changed, 3 insertions(+)
diff --git a/meta/recipes-devtools/gcc/libgcc-common.inc b/meta/recipes-devtools/gcc/libgcc-common.inc
index 74e9faa..7a3b410 100644
--- a/meta/recipes-devtools/gcc/libgcc-common.inc
+++ b/meta/recipes-devtools/gcc/libgcc-common.inc
@@ -144,6 +144,9 @@ BASETARGET_SYS = "${@get_original_os(d)}"
addtask extra_symlinks after do_multilib_install before do_package do_populate_sysroot
fakeroot python do_extra_symlinks() {
+ if bb.data.inherits_class('nativesdk', d):
+ return
+
targetsys = d.getVar('BASETARGET_SYS')
if targetsys != d.getVar('TARGET_SYS'):
--
2.7.4
^ permalink raw reply related
* [PATCH 4/4] lib/oe/utils: Drop python2 compatibility code
From: Richard Purdie @ 2016-12-21 17:05 UTC (permalink / raw)
To: openembedded-core
In-Reply-To: <1482339945-26418-1-git-send-email-richard.purdie@linuxfoundation.org>
We've moved to python3, we don't need this compatibility code which just makes
the code less readable.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
meta/lib/oe/utils.py | 9 ++-------
1 file changed, 2 insertions(+), 7 deletions(-)
diff --git a/meta/lib/oe/utils.py b/meta/lib/oe/utils.py
index bf440ec..3de21fc 100644
--- a/meta/lib/oe/utils.py
+++ b/meta/lib/oe/utils.py
@@ -1,9 +1,4 @@
-try:
- # Python 2
- import commands as cmdstatus
-except ImportError:
- # Python 3
- import subprocess as cmdstatus
+import subprocess
def read_file(filename):
try:
@@ -144,7 +139,7 @@ def packages_filter_out_system(d):
return pkgs
def getstatusoutput(cmd):
- return cmdstatus.getstatusoutput(cmd)
+ return subprocess.getstatusoutput(cmd)
def trim_version(version, num_parts=2):
--
2.7.4
^ permalink raw reply related
* [PATCH 2/4] bitbake.conf: Add inclusion of BB_CURRENT_MC.conf after local.conf
From: Richard Purdie @ 2016-12-21 17:05 UTC (permalink / raw)
To: openembedded-core
In-Reply-To: <1482339945-26418-1-git-send-email-richard.purdie@linuxfoundation.org>
People are strugling with multiconfig as the up front inclusion of the
configuration file doesn't do what people expect. The only way to meet
user expectations is to include the file immediately after local.conf.
We add BB_CURRENT_MC to bitbake so that the metadata can determine when
to include the extra configuration.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
meta/conf/bitbake.conf | 1 +
1 file changed, 1 insertion(+)
diff --git a/meta/conf/bitbake.conf b/meta/conf/bitbake.conf
index aee9919..7b0ae65 100644
--- a/meta/conf/bitbake.conf
+++ b/meta/conf/bitbake.conf
@@ -701,6 +701,7 @@ require conf/abi_version.conf
include conf/site.conf
include conf/auto.conf
include conf/local.conf
+include conf/multiconfig/${BB_CURRENT_MC}.conf
include conf/build/${BUILD_SYS}.conf
include conf/target/${TARGET_SYS}.conf
include conf/machine/${MACHINE}.conf
--
2.7.4
^ permalink raw reply related
* [PATCH] populate_sdk: don't force target debug packages into SDK
From: Ross Burton @ 2016-12-21 16:58 UTC (permalink / raw)
To: openembedded-core
TOOLCHAIN_TARGET_TASK doesn't need to explicitly list sdk-target-dbg because if
SDKIMAGE_FEATURES contains dbg-pkgs (as it does by default) then they'll all be
installed anyway. This means that if the user removes dbg-pkgs from
SDKIMAGE_FEATURES then the SDK correctly doesn't have debug packages in.
[ YOCTO #9078 ]
Signed-off-by: Ross Burton <ross.burton@intel.com>
---
meta/classes/populate_sdk_base.bbclass | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/meta/classes/populate_sdk_base.bbclass b/meta/classes/populate_sdk_base.bbclass
index 48bc395..8d117a9 100644
--- a/meta/classes/populate_sdk_base.bbclass
+++ b/meta/classes/populate_sdk_base.bbclass
@@ -34,10 +34,7 @@ SDKTARGETSYSROOT = "${SDKPATH}/sysroots/${REAL_MULTIMACH_TARGET_SYS}"
TOOLCHAIN_HOST_TASK ?= "nativesdk-packagegroup-sdk-host packagegroup-cross-canadian-${MACHINE}"
TOOLCHAIN_HOST_TASK_ATTEMPTONLY ?= ""
-TOOLCHAIN_TARGET_TASK ?= " \
- ${@multilib_pkg_extend(d, 'packagegroup-core-standalone-sdk-target')} \
- ${@multilib_pkg_extend(d, 'packagegroup-core-standalone-sdk-target-dbg')} \
- "
+TOOLCHAIN_TARGET_TASK ?= "${@multilib_pkg_extend(d, 'packagegroup-core-standalone-sdk-target')}"
TOOLCHAIN_TARGET_TASK_ATTEMPTONLY ?= ""
TOOLCHAIN_OUTPUTNAME ?= "${SDK_NAME}-toolchain-${SDK_VERSION}"
--
2.8.1
^ permalink raw reply related
* [PATCH 00/26] Consolidated pull
From: Ross Burton @ 2016-12-21 16:19 UTC (permalink / raw)
To: openembedded-core
A selection of patches from the list, some wic/selftest improvements, and most
importantly the ncurses fix for util-linux-native!
Ross
The following changes since commit 8ccf396c7284acd7e0fdf95473d317d23d05475f:
Revert "selftest/wic: extending test coverage for WIC script options" (2016-12-20 17:06:38 +0000)
are available in the git repository at:
ssh://git@git.yoctoproject.org/poky-contrib ross/mut
for you to fetch changes up to 2df1397b1894cd7cd67a33dde96e60fcc72c78f5:
ncurses.inc: add v6 binconfig-disabled entries (2016-12-20 18:16:19 +0000)
----------------------------------------------------------------
Alejandro Hernandez (1):
example-recipe: Fix LDFLAGS compilation issue on newly created recipes
Andre McCurdy (1):
glew: build for EGL in non-X11 distros
André Draszik (1):
initscripts: populate-volatile: suppress read-only-rootfs warnings
David Vincent (1):
kernel: Fix symlinks
Dengke Du (2):
Revert "subversion: fix "svnadmin create" fail on x86"
apr: fix off_t size can't match when configure and in target glibc
Ed Bartosh (2):
wic: look for wks files in <layer>/wic
wic: add kickstart file for MPC8315
Edwin Plauchu (1):
ruby: upgrade to 2.3.3
Jair Gonzalez (4):
selftest/wic: adding Testopia ID numbers to test cases missing it
selftest/wic: code cleanup
selftest/wic: reorganizing test methods by functionality
selftest/wic: extending test coverage for WIC script options
Khem Raj (4):
systemd: point to correct resolv.conf when resolved is enabled
x264: Fix build on mips architectures
gnutls: Do not use libunistring prefix
gstreamer1.0-libav: Fix build on mips64
Maciej Borzecki (2):
oeqa/utils/commands.py: allow use of binaries from native sysroot
wic: add --fixed-size wks option
Mans Rullgard (1):
initscripts: populate-volatile: don't run commands in background
Paul Eggleton (2):
devtool: modify: fix usage on the kernel
packagegroup-core-standalone-sdk-target: add libssp
Trevor Woerner (1):
ncurses.inc: add v6 binconfig-disabled entries
Zheng Ruoqin (1):
shared-mime-info 1.6 -> 1.8
Zubair Lutfullah Kakakhel (2):
openssl: Add support for many MIPS configurations
arch-mips: Add MIPS 64r6 N32 tune
meta/classes/binconfig-disabled.bbclass | 1 +
meta/classes/insane.bbclass | 2 +
meta/classes/kernel.bbclass | 6 +-
meta/classes/siteinfo.bbclass | 2 +
meta/conf/machine/include/tune-mips64r6.inc | 26 ++
meta/lib/oeqa/selftest/wic.py | 370 +++++++++++++--------
meta/lib/oeqa/utils/commands.py | 9 +-
meta/recipes-connectivity/openssl/openssl.inc | 24 +-
.../initscripts-1.0/populate-volatile.sh | 8 +-
meta/recipes-core/ncurses/ncurses.inc | 5 +-
.../packagegroup-core-standalone-sdk-target.bb | 5 +
meta/recipes-core/systemd/systemd_232.bb | 11 +-
.../ruby/{ruby_2.3.1.bb => ruby_2.3.3.bb} | 4 +-
.../0001-fix-svnadmin-create-fail-on-x86.patch | 56 ----
.../subversion/subversion_1.9.5.bb | 1 -
meta/recipes-graphics/glew/glew_2.0.0.bb | 19 +-
meta/recipes-kernel/linux/linux-dtb.inc | 4 +-
.../gstreamer1.0-libav/mips64_cpu_detection.patch | 32 ++
.../gstreamer/gstreamer1.0-libav_1.10.1.bb | 1 +
meta/recipes-multimedia/x264/x264_git.bb | 1 +
..._t-size-doesn-t-match-in-glibc-when-cross.patch | 76 +++++
meta/recipes-support/apr/apr_1.5.2.bb | 1 +
meta/recipes-support/gnutls/gnutls.inc | 1 +
.../shared-mime-info/shared-mime-info_1.6.bb | 7 -
.../shared-mime-info/shared-mime-info_1.8.bb | 7 +
.../recipes-example/example/example-recipe-0.1.bb | 2 +-
scripts/lib/devtool/standard.py | 2 +
scripts/lib/wic/canned-wks/mpc8315e-rdb.wks | 6 +
scripts/lib/wic/engine.py | 7 +-
scripts/lib/wic/help.py | 14 +-
scripts/lib/wic/imager/direct.py | 2 +-
scripts/lib/wic/ksparser.py | 41 ++-
scripts/lib/wic/partition.py | 88 +++--
scripts/lib/wic/utils/partitionedfs.py | 2 +-
34 files changed, 567 insertions(+), 276 deletions(-)
rename meta/recipes-devtools/ruby/{ruby_2.3.1.bb => ruby_2.3.3.bb} (89%)
delete mode 100644 meta/recipes-devtools/subversion/subversion/0001-fix-svnadmin-create-fail-on-x86.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-libav/mips64_cpu_detection.patch
create mode 100644 meta/recipes-support/apr/apr/0001-apr-fix-off_t-size-doesn-t-match-in-glibc-when-cross.patch
delete mode 100644 meta/recipes-support/shared-mime-info/shared-mime-info_1.6.bb
create mode 100644 meta/recipes-support/shared-mime-info/shared-mime-info_1.8.bb
create mode 100644 scripts/lib/wic/canned-wks/mpc8315e-rdb.wks
Alejandro Hernandez (1):
example-recipe: Fix LDFLAGS compilation issue on newly created recipes
Andre McCurdy (1):
glew: build for EGL in non-X11 distros
André Draszik (1):
initscripts: populate-volatile: suppress read-only-rootfs warnings
David Vincent (1):
kernel: Fix symlinks
Dengke Du (2):
Revert "subversion: fix "svnadmin create" fail on x86"
apr: fix off_t size can't match when configure and in target glibc
Ed Bartosh (2):
wic: look for wks files in <layer>/wic
wic: add kickstart file for MPC8315
Edwin Plauchu (1):
ruby: upgrade to 2.3.3
Jair Gonzalez (4):
selftest/wic: adding Testopia ID numbers to test cases missing it
selftest/wic: code cleanup
selftest/wic: reorganizing test methods by functionality
selftest/wic: extending test coverage for WIC script options
Khem Raj (4):
systemd: point to correct resolv.conf when resolved is enabled
x264: Fix build on mips architectures
gnutls: Do not use libunistring prefix
gstreamer1.0-libav: Fix build on mips64
Maciej Borzecki (2):
oeqa/utils/commands.py: allow use of binaries from native sysroot
wic: add --fixed-size wks option
Mans Rullgard (1):
initscripts: populate-volatile: don't run commands in background
Paul Eggleton (2):
devtool: modify: fix usage on the kernel
packagegroup-core-standalone-sdk-target: add libssp
Trevor Woerner (1):
ncurses.inc: add v6 binconfig-disabled entries
Zheng Ruoqin (1):
shared-mime-info 1.6 -> 1.8
Zubair Lutfullah Kakakhel (2):
openssl: Add support for many MIPS configurations
arch-mips: Add MIPS 64r6 N32 tune
meta/classes/binconfig-disabled.bbclass | 1 +
meta/classes/insane.bbclass | 2 +
meta/classes/kernel.bbclass | 6 +-
meta/classes/siteinfo.bbclass | 2 +
meta/conf/machine/include/tune-mips64r6.inc | 26 ++
meta/lib/oeqa/selftest/wic.py | 370 +++++++++++++--------
meta/lib/oeqa/utils/commands.py | 9 +-
meta/recipes-connectivity/openssl/openssl.inc | 24 +-
.../initscripts-1.0/populate-volatile.sh | 8 +-
meta/recipes-core/ncurses/ncurses.inc | 5 +-
.../packagegroup-core-standalone-sdk-target.bb | 5 +
meta/recipes-core/systemd/systemd_232.bb | 11 +-
.../ruby/{ruby_2.3.1.bb => ruby_2.3.3.bb} | 4 +-
.../0001-fix-svnadmin-create-fail-on-x86.patch | 56 ----
.../subversion/subversion_1.9.5.bb | 1 -
meta/recipes-graphics/glew/glew_2.0.0.bb | 19 +-
meta/recipes-kernel/linux/linux-dtb.inc | 4 +-
.../gstreamer1.0-libav/mips64_cpu_detection.patch | 32 ++
.../gstreamer/gstreamer1.0-libav_1.10.1.bb | 1 +
meta/recipes-multimedia/x264/x264_git.bb | 1 +
..._t-size-doesn-t-match-in-glibc-when-cross.patch | 76 +++++
meta/recipes-support/apr/apr_1.5.2.bb | 1 +
meta/recipes-support/gnutls/gnutls.inc | 1 +
...ed-mime-info_1.6.bb => shared-mime-info_1.8.bb} | 4 +-
.../recipes-example/example/example-recipe-0.1.bb | 2 +-
scripts/lib/devtool/standard.py | 2 +
scripts/lib/wic/canned-wks/mpc8315e-rdb.wks | 6 +
scripts/lib/wic/engine.py | 7 +-
scripts/lib/wic/help.py | 14 +-
scripts/lib/wic/imager/direct.py | 2 +-
scripts/lib/wic/ksparser.py | 41 ++-
scripts/lib/wic/partition.py | 88 +++--
scripts/lib/wic/utils/partitionedfs.py | 2 +-
33 files changed, 562 insertions(+), 271 deletions(-)
rename meta/recipes-devtools/ruby/{ruby_2.3.1.bb => ruby_2.3.3.bb} (89%)
delete mode 100644 meta/recipes-devtools/subversion/subversion/0001-fix-svnadmin-create-fail-on-x86.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-libav/mips64_cpu_detection.patch
create mode 100644 meta/recipes-support/apr/apr/0001-apr-fix-off_t-size-doesn-t-match-in-glibc-when-cross.patch
rename meta/recipes-support/shared-mime-info/{shared-mime-info_1.6.bb => shared-mime-info_1.8.bb} (43%)
create mode 100644 scripts/lib/wic/canned-wks/mpc8315e-rdb.wks
--
2.8.1
^ permalink raw reply
* Re: [PATCH 2/9] iasl: move from meta-luv to OE-core
From: Patrick Ohly @ 2016-12-21 15:38 UTC (permalink / raw)
To: Fathi Boudra; +Cc: meta-luv, Neri, Ricardo, openembedded-core
In-Reply-To: <CAGNsrLBx=+yvgDAsaqz8mYm30WG0TVEV3eR2PNMj+VHK4ceSOw@mail.gmail.com>
On Wed, 2016-12-21 at 16:11 +0200, Fathi Boudra wrote:
> On 21 December 2016 at 15:11, Patrick Ohly <patrick.ohly@intel.com> wrote:
> > iasl is also provided by the meta-oe layer's acpica recipe. iasl is a
> > bit simpler and thus seems more suitable for OE-core.
>
> Simpler in what sense?
Less code to compile, which might matter for people who just want a
working UEFI for qemu and nothing else. I haven't measured the
difference, though.
> acpica recipe is trivial and provide fully acpica tools.
> Would you mind to import meta-oe acpica recipe instead of providing a
> reduced set of acpica for not much benefit?
I don't have a strong opinion about this and would be fine with moving
acpica to OE-core instead, too.
--
Best Regards, Patrick Ohly
The content of this message is my personal opinion only and although
I am an employee of Intel, the statements I make here in no way
represent Intel's position on the issue, nor am I authorized to speak
on behalf of Intel on this matter.
^ permalink raw reply
* [PATCH 2/3] sqlite3: upgrade to 3.15.2
From: Maxin B. John @ 2016-12-21 15:20 UTC (permalink / raw)
To: openembedded-core
In-Reply-To: <1482333628-15689-1-git-send-email-maxin.john@intel.com>
Signed-off-by: Maxin B. John <maxin.john@intel.com>
---
meta/recipes-support/sqlite/{sqlite3_3.15.1.bb => sqlite3_3.15.2.bb} | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
rename meta/recipes-support/sqlite/{sqlite3_3.15.1.bb => sqlite3_3.15.2.bb} (66%)
diff --git a/meta/recipes-support/sqlite/sqlite3_3.15.1.bb b/meta/recipes-support/sqlite/sqlite3_3.15.2.bb
similarity index 66%
rename from meta/recipes-support/sqlite/sqlite3_3.15.1.bb
rename to meta/recipes-support/sqlite/sqlite3_3.15.2.bb
index c315a53..20bc515 100644
--- a/meta/recipes-support/sqlite/sqlite3_3.15.1.bb
+++ b/meta/recipes-support/sqlite/sqlite3_3.15.2.bb
@@ -8,5 +8,5 @@ SRC_URI = "\
file://0001-revert-ad601c7962-that-brings-2-increase-of-build-ti.patch \
"
-SRC_URI[md5sum] = "0259d52be88f085d104c6d2aaa8349ac"
-SRC_URI[sha256sum] = "5dfa89b7697ee3c2ac7b44e8e157e7f204bf999c866afcaa8bb1c7ff656ae2c5"
+SRC_URI[md5sum] = "6b4fc0d8f7f02dd56bbde10a7c497a05"
+SRC_URI[sha256sum] = "07b35063b9386865b78226cdaca9a299d938a87aaa8fdc4d73edb0cef30f3149"
--
2.4.0
^ permalink raw reply related
* [PATCH 3/3] ifupdown: upgrade to 0.8.16
From: Maxin B. John @ 2016-12-21 15:20 UTC (permalink / raw)
To: openembedded-core
In-Reply-To: <1482333628-15689-1-git-send-email-maxin.john@intel.com>
Refreshed the following patch:
* inet-6-.defn-fix-inverted-checks-for-loopback.patch
Signed-off-by: Maxin B. John <maxin.john@intel.com>
---
...-6-.defn-fix-inverted-checks-for-loopback.patch | 395 +++++++++++++++++++--
.../{ifupdown_0.8.2.bb => ifupdown_0.8.16.bb} | 4 +-
2 files changed, 359 insertions(+), 40 deletions(-)
rename meta/recipes-core/ifupdown/{ifupdown_0.8.2.bb => ifupdown_0.8.16.bb} (95%)
diff --git a/meta/recipes-core/ifupdown/files/inet-6-.defn-fix-inverted-checks-for-loopback.patch b/meta/recipes-core/ifupdown/files/inet-6-.defn-fix-inverted-checks-for-loopback.patch
index bff352e..2013933 100644
--- a/meta/recipes-core/ifupdown/files/inet-6-.defn-fix-inverted-checks-for-loopback.patch
+++ b/meta/recipes-core/ifupdown/files/inet-6-.defn-fix-inverted-checks-for-loopback.patch
@@ -1,7 +1,7 @@
-From 74152ac74a3e1ea0f3be292aa1eeca5ad1fe69c0 Mon Sep 17 00:00:00 2001
-From: Paul Gortmaker <paul.gortmaker@windriver.com>
-Date: Wed, 6 Aug 2014 15:12:11 -0400
-Subject: [PATCH 2/2] inet[6].defn: fix inverted checks for loopback
+From d88af5aa0312ea18aac791d66661da79b7bcd032 Mon Sep 17 00:00:00 2001
+From: "Maxin B. John" <maxin.john@intel.com>
+Date: Wed, 21 Dec 2016 15:32:07 +0200
+Subject: [PATCH] inet[6].defn: fix inverted checks for loopback
Compared to the hurd link.defn for loopback, we see these
are inverted, meaning that you would only be able to configure
@@ -11,60 +11,335 @@ The result was that we'd update /run/network/ifstate for "lo"
but never actually do anything for up/down, as shown below:
root@localhost:~# ifconfig -s
-Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
-eth0 1500 0 7736329 0 2016 0 5289422 0 0 0 BMRU
-lo 65536 0 18 0 0 0 18 0 0 0 LRU
+Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
+eth0 1500 0 7736329 0 2016 0 5289422 0 0 0 BMRU
+lo 65536 0 18 0 0 0 18 0 0 0 LRU
root@localhost:~# ifdown lo
root@localhost:~# echo $?
0
root@localhost:~# ifconfig -s
-Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
-eth0 1500 0 7736406 0 2016 0 5289455 0 0 0 BMRU
-lo 65536 0 18 0 0 0 18 0 0 0 LRU
+Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
+eth0 1500 0 7736406 0 2016 0 5289455 0 0 0 BMRU
+lo 65536 0 18 0 0 0 18 0 0 0 LRU
root@localhost:~# ifconfig lo down
root@localhost:~# ifconfig -s
Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
-eth0 1500 0 7736474 0 2016 0 5289481 0 0 0 BMRU
+eth0 1500 0 7736474 0 2016 0 5289481 0 0 0 BMRU
root@localhost:~#
+Also reverted the commit:
+commit 80b878497663dae08f70b4d3cffe127b57a3cfc
+which uses absolute paths to binaries called by ifup/ifdown.
+
+Upstream-Status: Inappropriate [OE specific]
+
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
+Signed-off-by: Maxin B. John <maxin.john@intel.com>
---
- inet.defn | 12 ++++++------
- inet6.defn | 8 ++++----
- 2 files changed, 10 insertions(+), 10 deletions(-)
+ inet.defn | 148 +++++++++++++++++++++++++++++++-------------------------------
+ 1 file changed, 74 insertions(+), 74 deletions(-)
diff --git a/inet.defn b/inet.defn
-index b176ab4ed03e..5fdfb14a0e1c 100644
+index 75e6744..b5f5da2 100644
--- a/inet.defn
+++ b/inet.defn
@@ -6,10 +6,10 @@ method loopback
This method may be used to define the IPv4 loopback interface.
up
-- ip link set dev %iface% up if (!iface_is_lo())
+- /bin/ip link set dev %iface% up if (!iface_is_lo())
+ ip link set dev %iface% up if (iface_is_lo())
down
-- ip link set dev %iface% down if (!iface_is_lo())
+- /bin/ip link set dev %iface% down if (!iface_is_lo())
+ ip link set dev %iface% down if (iface_is_lo())
method static
description
-@@ -212,11 +212,11 @@ method loopback
+@@ -36,17 +36,17 @@ method static
+ broadcast compute_v4_broadcast
+
+ up
+- /bin/ip addr add %address%[[/%netmask%]] [[broadcast %broadcast%]] \
++ ip addr add %address%[[/%netmask%]] [[broadcast %broadcast%]] \
+ [[peer %pointopoint%]] [[scope %scope%]] dev %iface% label %iface%
+- /bin/ip link set dev %iface% [[mtu %mtu%]] [[address %hwaddress%]] up
++ ip link set dev %iface% [[mtu %mtu%]] [[address %hwaddress%]] up
+
+- [[ /bin/ip route add default via %gateway% [[metric %metric%]] dev %iface% onlink ]]
++ [[ ip route add default via %gateway% [[metric %metric%]] dev %iface% onlink ]]
+
+ down
+- [[ /bin/ip route del default via %gateway% [[metric %metric%]] dev %iface% 2>&1 1>/dev/null || true ]]
+- /bin/ip addr del %address%[[/%netmask%]] [[broadcast %broadcast%]] \
++ [[ ip route del default via %gateway% [[metric %metric%]] dev %iface% 2>&1 1>/dev/null || true ]]
++ ip addr del %address%[[/%netmask%]] [[broadcast %broadcast%]] \
+ [[peer %pointopoint%]] [[scope %scope%]] dev %iface% label %iface%
+- /bin/ip link set dev %iface% down \
++ ip link set dev %iface% down \
+ if (iface_is_link())
+
+ method manual
+@@ -63,12 +63,12 @@ method manual
+ hwaddress cleanup_hwaddress
+
+ up
+- [[/bin/ip link set dev %iface% mtu %mtu%]]
+- [[/bin/ip link set dev %iface% address %hwaddress%]]
+- /bin/ip link set dev %iface% up 2>/dev/null || true
++ [[ip link set dev %iface% mtu %mtu%]]
++ [[ip link set dev %iface% address %hwaddress%]]
++ ip link set dev %iface% up 2>/dev/null || true
+
+ down
+- /bin/ip link set dev %iface% down 2>/dev/null || true \
++ ip link set dev %iface% down 2>/dev/null || true \
+ if (iface_is_link() && !do_all)
+
+ method dhcp
+@@ -93,33 +93,33 @@ method dhcp
+ hwaddress cleanup_hwaddress
+
+ up
+- [[/bin/ip link set dev %iface% address %hwaddress%]]
+- /sbin/dhclient -v -pf /run/dhclient.%iface%.pid -lf /var/lib/dhcp/dhclient.%iface%.leases -I -df /var/lib/dhcp/dhclient6.%iface%.leases %iface% \
++ [[ip link set dev %iface% address %hwaddress%]]
++ dhclient -v -pf /run/dhclient.%iface%.pid -lf /var/lib/dhcp/dhclient.%iface%.leases -I -df /var/lib/dhcp/dhclient6.%iface%.leases %iface% \
+ [[-e IF_METRIC=%metric%]] \
+ if (execable("/sbin/dhclient"))
+- /sbin/pump -i %iface% [[-h %hostname%]] [[-l %leasehours%]] \
++ pump -i %iface% [[-h %hostname%]] [[-l %leasehours%]] \
+ elsif (execable("/sbin/pump"))
+- /sbin/udhcpc -n -p /run/udhcpc.%iface%.pid -i %iface% [[-x hostname:%hostname%]] \
++ udhcpc -n -p /run/udhcpc.%iface%.pid -i %iface% [[-x hostname:%hostname%]] \
+ elsif (execable("/sbin/udhcpc"))
+- /sbin/dhcpcd [[-h %hostname%]] [[-i %vendor%]] [[-I %client%]] \
++ dhcpcd [[-h %hostname%]] [[-i %vendor%]] [[-I %client%]] \
+ [[-l %leasetime%]] [[-m %metric%]] %iface% \
+ elsif (execable("/sbin/dhcpcd"))
+ echo 'No DHCP client software found!' >/dev/stderr; false \
+ elsif (1)
+
+ down
+- /sbin/dhclient -v -r -pf /run/dhclient.%iface%.pid -lf /var/lib/dhcp/dhclient.%iface%.leases -I -df /var/lib/dhcp/dhclient6.%iface%.leases %iface% \
++ dhclient -v -r -pf /run/dhclient.%iface%.pid -lf /var/lib/dhcp/dhclient.%iface%.leases -I -df /var/lib/dhcp/dhclient6.%iface%.leases %iface% \
+ if (execable("/sbin/dhclient"))
+- /sbin/pump -i %iface% -r \
++ pump -i %iface% -r \
+ elsif (execable("/sbin/pump"))
+- if test -f /run/udhcpc.%iface%.pid; then kill -USR2 $(/bin/cat /run/udhcpc.%iface%.pid); kill -TERM $(/bin/cat /run/udhcpc.%iface%.pid); fi \
++ if test -f /run/udhcpc.%iface%.pid; then kill -USR2 $(cat /run/udhcpc.%iface%.pid); kill -TERM $(cat /run/udhcpc.%iface%.pid); fi \
+ elsif (execable("/sbin/udhcpc"))
+- /sbin/dhcpcd -k %iface% \
++ dhcpcd -k %iface% \
+ elsif (execable("/sbin/dhcpcd"))
+ echo 'No DHCP client software found!' >/dev/stderr; false \
+ elsif (1)
+
+- /bin/ip link set dev %iface% down \
++ ip link set dev %iface% down \
+ if (iface_is_link())
+
+ method bootp
+@@ -134,11 +134,11 @@ method bootp
+ whatever it really is.
+
+ up
+- /sbin/bootpc [[--bootfile %bootfile%]] --dev %iface% [[--server %server%]] \
++ bootpc [[--bootfile %bootfile%]] --dev %iface% [[--server %server%]] \
+ [[--hwaddr %hwaddr%]] --returniffail --serverbcast
+
+ down
+- /bin/ip link set dev %iface% down \
++ ip link set dev %iface% down \
+ if (iface_is_link())
+
+ method tunnel
+@@ -158,13 +158,13 @@ method tunnel
+ ttl time -- TTL setting
+ mtu size -- MTU size
+ up
+- /bin/ip tunnel add %iface% mode %mode% remote %endpoint% [[local %local%]] \
++ ip tunnel add %iface% mode %mode% remote %endpoint% [[local %local%]] \
+ [[ttl %ttl%]]
+- /bin/ip link set %iface% up [[mtu %mtu%]]
+- /bin/ip addr add %address%/%netmask% dev %iface% [[peer %dstaddr%]]
+- [[ /bin/ip route add default via %gateway% [[metric %metric%]] dev %iface% onlink ]]
++ ip link set %iface% up [[mtu %mtu%]]
++ ip addr add %address%/%netmask% dev %iface% [[peer %dstaddr%]]
++ [[ ip route add default via %gateway% [[metric %metric%]] dev %iface% onlink ]]
+ down
+- /bin/ip tunnel del %iface%
++ ip tunnel del %iface%
+
+ method ppp
+ description
+@@ -175,9 +175,9 @@ method ppp
+ unit number -- Use /number/ as the ppp unit number.
+ options string -- Pass /string/ as additional options to pon.
+ up
+- /usr/bin/pon [[%provider%]] [[unit %unit%]] [[%options%]]
++ pon [[%provider%]] [[unit %unit%]] [[%options%]]
+ down
+- /usr/bin/poff [[%provider%]]
++ poff [[%provider%]]
+
+ method wvdial
+ description
+@@ -186,10 +186,10 @@ method wvdial
+ options
+ provider name -- Use /name/ as the provider (from /etc/wvdial.conf).
+ up
+- /sbin/start-stop-daemon --start -x /usr/bin/wvdial \
++ start-stop-daemon --start -x /usr/bin/wvdial \
+ -p /run/wvdial.%iface%.pid -b -m -- [[ %provider% ]]
+ down
+- /sbin/start-stop-daemon --stop -x /usr/bin/wvdial \
++ start-stop-daemon --stop -x /usr/bin/wvdial \
+ -p /run/wvdial.%iface%.pid -s 2
+
+
+@@ -200,9 +200,9 @@ method ipv4ll
+ known as APIPA or IPAC, and often colloquially referred to
+ as "Zeroconf address".
+ up
+- /usr/sbin/avahi-autoipd -D %iface%
++ avahi-autoipd -D %iface%
+ down
+- /usr/sbin/avahi-autoipd --kill %iface%
++ avahi-autoipd --kill %iface%
+
+ architecture kfreebsd
+
+@@ -211,12 +211,12 @@ method loopback
+ This method may be used to define the IPv4 loopback interface.
up
- ifconfig %iface% 127.0.0.1 up \
+- /sbin/ifconfig %iface% 127.0.0.1 up \
- if (!iface_is_lo())
++ ifconfig %iface% 127.0.0.1 up \
+ if (iface_is_lo())
down
- ifconfig %iface% down \
+- /sbin/ifconfig %iface% down \
- if (!iface_is_lo())
++ ifconfig %iface% down \
+ if (iface_is_lo())
method static
description
-@@ -371,11 +371,11 @@ method loopback
+@@ -238,15 +238,15 @@ method static
+ hwaddress cleanup_hwaddress
+
+ up
+- [[ /sbin/ifconfig %iface% link %hwaddress%]]
+- /sbin/ifconfig %iface% %address% [[netmask %netmask%]] [[broadcast %broadcast%]] \
++ [[ ifconfig %iface% link %hwaddress%]]
++ ifconfig %iface% %address% [[netmask %netmask%]] [[broadcast %broadcast%]] \
+ [[pointopoint %pointopoint%]] [[media %media%]] [[mtu %mtu%]] \
+ up
+- [[ /sbin/route add default %gateway% ]]
++ [[ route add default %gateway% ]]
+
+ down
+- [[ /sbin/route del default %gateway% 2>&1 1>/dev/null || true ]]
+- /sbin/ifconfig %iface% down
++ [[ route del default %gateway% 2>&1 1>/dev/null || true ]]
++ ifconfig %iface% down
+
+ method manual
+ description
+@@ -279,30 +279,30 @@ method dhcp
+ hwaddress cleanup_hwaddress
+
+ up
+- [[/sbin/ifconfig %iface% link %hwaddress%]]
+- /sbin/dhclient -v -pf /run/dhclient.%iface%.pid -lf /var/lib/dhcp/dhclient.%iface%.leases -I -df /var/lib/dhcp/dhclient6.%iface%.leases %iface% \
++ [[ifconfig %iface% link %hwaddress%]]
++ dhclient -v -pf /run/dhclient.%iface%.pid -lf /var/lib/dhcp/dhclient.%iface%.leases -I -df /var/lib/dhcp/dhclient6.%iface%.leases %iface% \
+ [[-e IF_METRIC=%metric%]] \
+ if (execable("/sbin/dhclient"))
+- /sbin/udhcpc -n -p /run/udhcpc.%iface%.pid -i %iface% [[-H %hostname%]] \
++ udhcpc -n -p /run/udhcpc.%iface%.pid -i %iface% [[-H %hostname%]] \
+ [[-c %client%]] \
+ elsif (execable("/sbin/udhcpc"))
+- /sbin/dhcpcd [[-h %hostname%]] [[-i %vendor%]] [[-I %client%]] \
++ dhcpcd [[-h %hostname%]] [[-i %vendor%]] [[-I %client%]] \
+ [[-l %leasetime%]] %iface% \
+ elsif (execable("/sbin/dhcpcd"))
+ echo 'No DHCP client software found!' >/dev/stderr; false \
+ elsif (1)
+
+ down
+- /sbin/dhclient -v -r -pf /run/dhclient.%iface%.pid -lf /var/lib/dhcp/dhclient.%iface%.leases -I -df /var/lib/dhcp/dhclient6.%iface%.leases %iface% \
++ dhclient -v -r -pf /run/dhclient.%iface%.pid -lf /var/lib/dhcp/dhclient.%iface%.leases -I -df /var/lib/dhcp/dhclient6.%iface%.leases %iface% \
+ if (execable("/sbin/dhclient"))
+- if test -f /run/udhcpc.%iface%.pid; then kill -USR2 $(/bin/cat /run/udhcpc.%iface%.pid); kill -TERM $(/bin/cat /run/udhcpc.%iface%.pid); fi \
++ if test -f /run/udhcpc.%iface%.pid; then kill -USR2 $(cat /run/udhcpc.%iface%.pid); kill -TERM $(cat /run/udhcpc.%iface%.pid); fi \
+ elsif (execable("/sbin/udhcpc"))
+- /sbin/dhcpcd -k %iface% \
++ dhcpcd -k %iface% \
+ elsif (execable("/sbin/dhcpcd"))
+ echo 'No DHCP client software found!' >/dev/stderr; false \
+ elsif (1)
+
+- /sbin/ifconfig %iface% down
++ ifconfig %iface% down
+
+ method bootp
+ description
+@@ -316,11 +316,11 @@ method bootp
+ whatever it really is.
+
+ up
+- /sbin/bootpc [[--bootfile %bootfile%]] --dev %iface% [[--server %server%]] \
++ bootpc [[--bootfile %bootfile%]] --dev %iface% [[--server %server%]] \
+ [[--hwaddr %hwaddr%]] --returniffail --serverbcast
+
+ down
+- /sbin/ifconfig %iface% down
++ ifconfig %iface% down
+
+ method ppp
+ description
+@@ -331,9 +331,9 @@ method ppp
+ unit number -- Use /number/ as the ppp unit number.
+ options string -- Pass /string/ as additional options to pon.
+ up
+- /usr/bin/pon [[%provider%]] [[unit %unit%]] [[%options%]]
++ pon [[%provider%]] [[unit %unit%]] [[%options%]]
+ down
+- /usr/bin/poff [[%provider%]]
++ poff [[%provider%]]
+
+ method wvdial
+ description
+@@ -342,10 +342,10 @@ method wvdial
+ options
+ provider name -- Use /name/ as the provider (from /etc/wvdial.conf).
+ up
+- /sbin/start-stop-daemon --start -x /usr/bin/wvdial \
++ start-stop-daemon --start -x /usr/bin/wvdial \
+ -p /run/wvdial.%iface%.pid -b -m -- [[ %provider% ]]
+ down
+- /sbin/start-stop-daemon --stop -x /usr/bin/wvdial \
++ start-stop-daemon --stop -x /usr/bin/wvdial \
+ -p /run/wvdial.%iface%.pid -s 2
+
+
+@@ -356,9 +356,9 @@ method ipv4ll
+ known as APIPA or IPAC, and often colloquially referred to
+ as "Zeroconf address".
+ up
+- /usr/sbin/avahi-autoipd -D %iface%
++ avahi-autoipd -D %iface%
+ down
+- /usr/sbin/avahi-autoipd --kill %iface%
++ avahi-autoipd --kill %iface%
+ architecture hurd
+
+ method loopback
+@@ -367,11 +367,11 @@ method loopback
up
inetutils-ifconfig --interface %iface% --address 127.0.0.1 --up \
@@ -78,26 +353,70 @@ index b176ab4ed03e..5fdfb14a0e1c 100644
method static
description
-diff --git a/inet6.defn b/inet6.defn
-index 09325539cd01..4df64aff38cc 100644
---- a/inet6.defn
-+++ b/inet6.defn
-@@ -33,11 +33,11 @@ method loopback
- description
- This method may be used to define the IPv6 loopback interface.
+@@ -432,23 +432,23 @@ method dhcp
+
up
-- -ip link set dev %iface% up 2>/dev/null if (!iface_is_lo())
-- -ip addr add dev %iface% ::1 2>/dev/null if (!iface_is_lo())
-+ -ip link set dev %iface% up 2>/dev/null if (iface_is_lo())
-+ -ip addr add dev %iface% ::1 2>/dev/null if (iface_is_lo())
+ [[Warning: Option hwaddress: %hwaddress% not yet supported]]
+- /sbin/dhclient -v -pf /run/dhclient.%iface///.%.pid -lf /var/lib/dhcp/dhclient.%iface///.%.leases -I -df /var/lib/dhcp/dhclient6.%iface///.%.leases %iface% \
++ dhclient -v -pf /run/dhclient.%iface///.%.pid -lf /var/lib/dhcp/dhclient.%iface///.%.leases -I -df /var/lib/dhcp/dhclient6.%iface///.%.leases %iface% \
+ if (execable("/sbin/dhclient"))
+- /sbin/udhcpc -n -p /run/udhcpc.%iface///.%.pid -i %iface% [[-H %hostname%]] \
++ udhcpc -n -p /run/udhcpc.%iface///.%.pid -i %iface% [[-H %hostname%]] \
+ [[-c %client%]] \
+ elsif (execable("/sbin/udhcpc"))
+- /sbin/dhcpcd [[-h %hostname%]] [[-i %vendor%]] [[-I %client%]] \
++ dhcpcd [[-h %hostname%]] [[-i %vendor%]] [[-I %client%]] \
+ [[-l %leasetime%]] %iface% \
+ elsif (execable("/sbin/dhcpcd"))
+ echo 'No DHCP client software found!' >/dev/stderr; false \
+ elsif (1)
+
+ down
+- /sbin/dhclient -v -r -pf /run/dhclient.%iface///.%.pid -lf /var/lib/dhcp/dhclient.%iface///.%.leases -I -df /var/lib/dhcp/dhclient6.%iface///.%.leases %iface% \
++ dhclient -v -r -pf /run/dhclient.%iface///.%.pid -lf /var/lib/dhcp/dhclient.%iface///.%.leases -I -df /var/lib/dhcp/dhclient6.%iface///.%.leases %iface% \
+ if (execable("/sbin/dhclient"))
+- if test -f /run/udhcpc.%iface///.%.pid; then kill -USR2 $(/bin/cat /run/udhcpc.%iface///.%.pid); kill -TERM $(/bin/cat /run/udhcpc.%iface///.%.pid); fi \
++ if test -f /run/udhcpc.%iface///.%.pid; then kill -USR2 $(cat /run/udhcpc.%iface///.%.pid); kill -TERM $(cat /run/udhcpc.%iface///.%.pid); fi \
+ elsif (execable("/sbin/udhcpc"))
+- /sbin/dhcpcd -k %iface% \
++ dhcpcd -k %iface% \
+ elsif (execable("/sbin/dhcpcd"))
+ echo 'No DHCP client software found!' >/dev/stderr; false \
+ elsif (1)
+@@ -482,9 +482,9 @@ method ppp
+ unit number -- Use /number/ as the ppp unit number.
+ options string -- Pass /string/ as additional options to pon.
+ up
+- /usr/bin/pon [[%provider%]] [[unit %unit%]] [[%options%]]
++ pon [[%provider%]] [[unit %unit%]] [[%options%]]
down
-- -ip addr del dev %iface% ::1 2>/dev/null if (!iface_is_lo())
-- -ip link set dev %iface% down 2>/dev/null if (!iface_is_lo())
-+ -ip addr del dev %iface% ::1 2>/dev/null if (iface_is_lo())
-+ -ip link set dev %iface% down 2>/dev/null if (iface_is_lo())
+- /usr/bin/poff [[%provider%]]
++ poff [[%provider%]]
- method static
+ method wvdial
description
+@@ -493,10 +493,10 @@ method wvdial
+ options
+ provider name -- Use /name/ as the provider (from /etc/wvdial.conf).
+ up
+- /sbin/start-stop-daemon --start -x /usr/bin/wvdial \
++ start-stop-daemon --start -x /usr/bin/wvdial \
+ -p /run/wvdial.%iface///.%.pid -b -m -- [[ %provider% ]]
+ down
+- /sbin/start-stop-daemon --stop -x /usr/bin/wvdial \
++ start-stop-daemon --stop -x /usr/bin/wvdial \
+ -p /run/wvdial.%iface///.%.pid -s 2
+
+
+@@ -507,6 +507,6 @@ method ipv4ll
+ known as APIPA or IPAC, and often colloquially referred to
+ as "Zeroconf address".
+ up
+- /usr/sbin/avahi-autoipd -D %iface%
++ avahi-autoipd -D %iface%
+ down
+- /usr/sbin/avahi-autoipd --kill %iface%
++ avahi-autoipd --kill %iface%
--
-1.9.1
+2.4.0
diff --git a/meta/recipes-core/ifupdown/ifupdown_0.8.2.bb b/meta/recipes-core/ifupdown/ifupdown_0.8.16.bb
similarity index 95%
rename from meta/recipes-core/ifupdown/ifupdown_0.8.2.bb
rename to meta/recipes-core/ifupdown/ifupdown_0.8.16.bb
index 9de01f9..eb8426c 100644
--- a/meta/recipes-core/ifupdown/ifupdown_0.8.2.bb
+++ b/meta/recipes-core/ifupdown/ifupdown_0.8.16.bb
@@ -6,12 +6,12 @@ the file /etc/network/interfaces."
LICENSE = "GPLv2"
LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f"
-SRC_URI = "git://anonscm.debian.org/git/collab-maint/ifupdown.git;protocol=https \
+SRC_URI = "git://anonscm.debian.org/git/collab-maint/ifupdown.git \
file://defn2-c-man-don-t-rely-on-dpkg-architecture-to-set-a.patch \
file://inet-6-.defn-fix-inverted-checks-for-loopback.patch \
file://99_network \
"
-SRCREV = "05ea2fd4f49bb1201aeef2a42efbcff8f336112f"
+SRCREV = "11b9f99f7ecc7052497e6786156cfed531f11823"
S = "${WORKDIR}/git"
--
2.4.0
^ permalink raw reply related
* [PATCH 1/3 V2] curl: add ptest
From: Maxin B. John @ 2016-12-21 15:20 UTC (permalink / raw)
To: openembedded-core; +Cc: Cristian Iorga
Add ptest support to curl
[YOCTO #6707]
Signed-off-by: Cristian Iorga <cristian.iorga@intel.com>
Signed-off-by: Maxin B. John <maxin.john@intel.com>
---
Changes in V2:
Drop ptest dependency on openssh since the Test suite "will not run ssh
server as root to mitigate security risks".
---
.../curl/0001-runtests.pl-remove-warning.patch | 31 ++++++++++++++++++++++
meta/recipes-support/curl/curl/run-ptest | 5 ++++
meta/recipes-support/curl/curl_7.51.0.bb | 25 +++++++++++++++--
3 files changed, 59 insertions(+), 2 deletions(-)
create mode 100644 meta/recipes-support/curl/curl/0001-runtests.pl-remove-warning.patch
create mode 100644 meta/recipes-support/curl/curl/run-ptest
diff --git a/meta/recipes-support/curl/curl/0001-runtests.pl-remove-warning.patch b/meta/recipes-support/curl/curl/0001-runtests.pl-remove-warning.patch
new file mode 100644
index 0000000..283aa20
--- /dev/null
+++ b/meta/recipes-support/curl/curl/0001-runtests.pl-remove-warning.patch
@@ -0,0 +1,31 @@
+From c1d3bf13567909395715e441bc329793a5d2566b Mon Sep 17 00:00:00 2001
+From: "Maxin B. John" <maxin.john@intel.com>
+Date: Mon, 12 Dec 2016 12:49:46 +0200
+Subject: [PATCH] runtests.pl: remove warning
+
+Remove the warning which floods the console while executing tests.
+
+Upstream-Status: Inappropriate [oe specific]
+
+Signed-off-by: Maxin B. John <maxin.john@intel.com>
+---
+ tests/runtests.pl | 3 ---
+ 1 file changed, 3 deletions(-)
+
+diff --git a/tests/runtests.pl b/tests/runtests.pl
+index b8497f9..3cc6415 100755
+--- a/tests/runtests.pl
++++ b/tests/runtests.pl
+@@ -2879,9 +2879,6 @@ sub singletest {
+ # timestamp test preparation start
+ $timeprepini{$testnum} = Time::HiRes::time() if($timestats);
+
+- if($disttests !~ /test$testnum\W/ ) {
+- logmsg "Warning: test$testnum not present in tests/data/Makefile.inc\n";
+- }
+ if($disabled{$testnum}) {
+ logmsg "Warning: test$testnum is explicitly disabled\n";
+ }
+--
+2.4.0
+
diff --git a/meta/recipes-support/curl/curl/run-ptest b/meta/recipes-support/curl/curl/run-ptest
new file mode 100644
index 0000000..c91f294
--- /dev/null
+++ b/meta/recipes-support/curl/curl/run-ptest
@@ -0,0 +1,5 @@
+#!/bin/sh
+cd tests
+./runtests.pl -a -n -s | sed \
+ -e 's|\([^ ]* *\) \([^ ]* *\)...OK|PASS: \1 \2|' \
+ -e 's|\([^ ]* *\) \([^ ]* *\)...FAILED|FAIL: \1 \2|'
diff --git a/meta/recipes-support/curl/curl_7.51.0.bb b/meta/recipes-support/curl/curl_7.51.0.bb
index a9589b8..880ace2 100644
--- a/meta/recipes-support/curl/curl_7.51.0.bb
+++ b/meta/recipes-support/curl/curl_7.51.0.bb
@@ -7,6 +7,8 @@ LIC_FILES_CHKSUM = "file://COPYING;beginline=8;md5=3a34942f4ae3fbf1a303160714e66
SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2 \
file://0001-replace-krb5-config-with-pkg-config.patch \
+ file://0001-runtests.pl-remove-warning.patch \
+ file://run-ptest \
"
# curl likes to set -g0 in CFLAGS, so we stop it
@@ -18,7 +20,8 @@ SRC_URI[md5sum] = "09a7c5769a7eae676d5e2c86d51f167e"
SRC_URI[sha256sum] = "7f8240048907e5030f67be0a6129bc4b333783b9cca1391026d700835a788dde"
CVE_PRODUCT = "libcurl"
-inherit autotools pkgconfig binconfig multilib_header
+
+inherit autotools pkgconfig binconfig multilib_header ptest
PACKAGECONFIG ??= "${@bb.utils.contains("DISTRO_FEATURES", "ipv6", "ipv6", "", d)} gnutls proxy zlib"
PACKAGECONFIG_class-native = "ipv6 proxy ssl zlib"
@@ -62,11 +65,29 @@ do_install_append_class-target() {
sed -i -e 's,${STAGING_DIR_HOST},,g' ${D}${bindir}/curl-config
}
+do_compile_ptest() {
+ oe_runmake test
+ oe_runmake -C ${B}/tests/data/ show
+ oe_runmake -C ${B}/tests/server
+}
+
+do_install_ptest() {
+ cp -rf ${B}/tests ${D}${PTEST_PATH}
+ cp -rf ${S}/tests ${D}${PTEST_PATH}
+ install -d ${D}${PTEST_PATH}/src
+ ln -sf ${bindir}/curl ${D}${PTEST_PATH}/src/curl
+}
+
PACKAGES =+ "lib${BPN}"
FILES_lib${BPN} = "${libdir}/lib*.so.*"
RRECOMMENDS_lib${BPN} += "ca-certificates"
-
+RDEPENDS_${PN}-ptest += "make bash perl perl-module-cwd \
+ perl-module-ipc-open2 perl-module-digest-md5\
+ perl-module-file-basename perl-module-posix \
+ perl-module-errno python python-netserver \
+ python-argparse python-pprint diffutils \
+ "
FILES_${PN} += "${datadir}/zsh"
BBCLASSEXTEND = "native nativesdk"
--
2.4.0
^ permalink raw reply related
* [wic][PATCH v2] wic: fix parsing of 'bitbake -e' output
From: Ed Bartosh @ 2016-12-21 15:05 UTC (permalink / raw)
To: openembedded-core
In-Reply-To: <CAD4b0_Kh=LmRhtmKdpS48E5VAb66fj7f2PVbqYeirLj-ZrTX=Q@mail.gmail.com>
Current parsing code can wrongly interpret arbitrary lines
that are of 'key=value' format as legitimate bitbake variables.
Implemented more strict parsing of key=value pairs using
regular expressions.
Signed-off-by: Ed Bartosh <ed.bartosh@linux.intel.com>
---
scripts/lib/wic/utils/oe/misc.py | 14 ++++++--------
1 file changed, 6 insertions(+), 8 deletions(-)
diff --git a/scripts/lib/wic/utils/oe/misc.py b/scripts/lib/wic/utils/oe/misc.py
index fe188c9..2a2fcc9 100644
--- a/scripts/lib/wic/utils/oe/misc.py
+++ b/scripts/lib/wic/utils/oe/misc.py
@@ -27,6 +27,7 @@
"""Miscellaneous functions."""
import os
+import re
from collections import defaultdict
from distutils import spawn
@@ -148,21 +149,18 @@ class BitbakeVars(defaultdict):
self.default_image = None
self.vars_dir = None
- def _parse_line(self, line, image):
+ def _parse_line(self, line, image, matcher=re.compile(r"^(\w+)=(.+)")):
"""
Parse one line from bitbake -e output or from .env file.
Put result key-value pair into the storage.
"""
if "=" not in line:
return
- try:
- key, val = line.split("=")
- except ValueError:
+ match = matcher.match(line)
+ if not match:
return
- key = key.strip()
- val = val.strip()
- if key.replace('_', '').isalnum():
- self[image][key] = val.strip('"')
+ key, val = match.groups()
+ self[image][key] = val.strip('"')
def get_var(self, var, image=None):
"""
--
2.1.4
^ permalink raw reply related
* Re: [wic][PATCH] wic: fix parsing of 'bitbake -e' output
From: Maciej Borzęcki @ 2016-12-21 14:31 UTC (permalink / raw)
To: Ed Bartosh; +Cc: Patches and discussions about the oe-core layer
In-Reply-To: <1482329997-20677-1-git-send-email-ed.bartosh@linux.intel.com>
On Wed, Dec 21, 2016 at 3:19 PM, Ed Bartosh <ed.bartosh@linux.intel.com> wrote:
> Current parsing code can wrongly interpret arbitrary lines
> that are of 'key=value' format as legitimate bitbake variables.
>
> Implemented more strict parsing of key=value pairs using
> regular expressions.
>
> Signed-off-by: Ed Bartosh <ed.bartosh@linux.intel.com>
> ---
> scripts/lib/wic/utils/oe/misc.py | 12 +++++-------
> 1 file changed, 5 insertions(+), 7 deletions(-)
>
> diff --git a/scripts/lib/wic/utils/oe/misc.py b/scripts/lib/wic/utils/oe/misc.py
> index fe188c9..1dbbe92 100644
> --- a/scripts/lib/wic/utils/oe/misc.py
> +++ b/scripts/lib/wic/utils/oe/misc.py
> @@ -27,6 +27,7 @@
> """Miscellaneous functions."""
>
> import os
> +import re
> from collections import defaultdict
> from distutils import spawn
>
> @@ -155,14 +156,11 @@ class BitbakeVars(defaultdict):
> """
> if "=" not in line:
> return
> - try:
> - key, val = line.split("=")
> - except ValueError:
> + match = re.match("^(\w+)=(.+)", line)
match = re.match(r"^(\w+)=(.+)", line)
I don't remember if regexps are cached when compiled in re.match(), but
perhaps it would be better to `re.compile(r"^(\w+)=(.+)")` in
BitbakeVars.__init__() and just use a cached object here?
> + if not match:
> return
> - key = key.strip()
> - val = val.strip()
> - if key.replace('_', '').isalnum():
> - self[image][key] = val.strip('"')
> + key, val = match.groups()
> + self[image][key] = val.strip('"')
>
> def get_var(self, var, image=None):
> """
> --
> 2.1.4
>
--
Maciej Borzecki
RnDity
^ permalink raw reply
* [wic][PATCH] wic: fix parsing of 'bitbake -e' output
From: Ed Bartosh @ 2016-12-21 14:19 UTC (permalink / raw)
To: openembedded-core
Current parsing code can wrongly interpret arbitrary lines
that are of 'key=value' format as legitimate bitbake variables.
Implemented more strict parsing of key=value pairs using
regular expressions.
Signed-off-by: Ed Bartosh <ed.bartosh@linux.intel.com>
---
scripts/lib/wic/utils/oe/misc.py | 12 +++++-------
1 file changed, 5 insertions(+), 7 deletions(-)
diff --git a/scripts/lib/wic/utils/oe/misc.py b/scripts/lib/wic/utils/oe/misc.py
index fe188c9..1dbbe92 100644
--- a/scripts/lib/wic/utils/oe/misc.py
+++ b/scripts/lib/wic/utils/oe/misc.py
@@ -27,6 +27,7 @@
"""Miscellaneous functions."""
import os
+import re
from collections import defaultdict
from distutils import spawn
@@ -155,14 +156,11 @@ class BitbakeVars(defaultdict):
"""
if "=" not in line:
return
- try:
- key, val = line.split("=")
- except ValueError:
+ match = re.match("^(\w+)=(.+)", line)
+ if not match:
return
- key = key.strip()
- val = val.strip()
- if key.replace('_', '').isalnum():
- self[image][key] = val.strip('"')
+ key, val = match.groups()
+ self[image][key] = val.strip('"')
def get_var(self, var, image=None):
"""
--
2.1.4
^ permalink raw reply related
* Re: [PATCH v6 0/5] wic: bugfixes & --fixed-size support, tests, oeqa: enhancements
From: Maciej Borzęcki @ 2016-12-21 14:19 UTC (permalink / raw)
To: Ed Bartosh
Cc: Maciej Borzecki, Patches and discussions about the oe-core layer
In-Reply-To: <20161221130043.GA9628@linux.intel.com>
On Wed, Dec 21, 2016 at 2:00 PM, Ed Bartosh <ed.bartosh@linux.intel.com> wrote:
> On Tue, Dec 20, 2016 at 07:27:04PM +0100, Maciej Borzęcki wrote:
>> On Tue, Dec 20, 2016 at 3:04 PM, Ed Bartosh <ed.bartosh@linux.intel.com> wrote:
>> > On Mon, Dec 19, 2016 at 12:20:56PM +0100, Maciej Borzecki wrote:
>> >> v6 of a patch series previously posted here [1].
>> >>
>> >> Changes since v5:
>> >>
>> >> * `oe-selftest: enforce en_US.UTF-8 locale` was merged to master, hence it's no
>> >> longer part of this series
>> >>
>> >> * rebased on top of master (d0d260b0b85790ceb136dd6b0445e8e33d038f5e)
>> >>
>> >
>> > The patchset looks good to me. Thank you.
>> >
>> > Couple of questions:
>> > - did you test if Lars' change
>> > https://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?id=db08ffee0ad1451f3bf710f4d1b623938ba9aefb
>> > works with your patchset?
>>
>> Yes. The series was rebased on top of
>> d0d260b0b85790ceb136dd6b0445e8e33d038f5e, which includes Lars' patch.
>
> The series causes conflicts on the latest master. Can you check if it's
> really the case or it's just something wrong with my setup?
Just rebased on top current master d41d2fd and pushed to
https://github.com/bboozzoo/poky branch bboozzoo/wic-fixed-size-v7 in
case you want to test locally. I guess the conflict was with patch
aa1c50a `selftest/wic: extending test coverage for WIC script
options`, which has been reverted yesterday by RP.
Jair has posted a v2 yesterday and I expect it to be merged soon. So,
I think I'll just wait a couple of days (actually more like until the
beginning of January) before publishing a rebased version of my
series.
<snip>
>
>>
>> I've run it on beaglebone, vexpress-qemu, qemux86 and qemuarm. Agree
>> with your observation though. I think that at least these TCs could be
>> made machine agnostic:
>>
>> - test_build_artifacts
>> - test_build_image_name
>> - test_compress_*
>> - test_gpt_image
>> - test_wic_image_type
>> - test_wrong_compressor
>> - test_rootfs_*
>>
>>
>
> Yes, that's exactly my point. We should make generic tests work on any
> machine.
>
> Would you be willing to do this in a separate patchset together with
> your oe-selftest core fixes?
>
> I'd suggest to only include new testcase that works on qemu-x86* into
> this patchset. It will make it faster to get merged.
>
I would prefer to post these changes as a separate patchset. It looks
like there's already a couple of potentially conflicting patches
floating on the mailing list, so I would prefer to get --fixed-size
merged before starting another one.
Regards,
--
Maciej Borzecki
RnDity
^ permalink raw reply
* Re: [PATCH 0/9] UEFI + Secure Boot + qemu
From: Fathi Boudra @ 2016-12-21 14:19 UTC (permalink / raw)
To: Patrick Ohly; +Cc: Neri, Ricardo, openembedded-core
In-Reply-To: <cover.1482324587.git.patrick.ohly@intel.com>
Hi,
On 21 December 2016 at 15:11, Patrick Ohly <patrick.ohly@intel.com> wrote:
> There seems to be a consensus that supporting UEFI in OE-core for qemu
> would be valuable, and there have been some (stalled) attempts to add
> it. For reference, see:
> [OE-core] [PATCH V3 0/3] Add UEFI firmware for qemux86*
> [OE-core] Add ovmf-native to make qemu-native/runqemu support boot UEFI image?
> https://bugzilla.yoctoproject.org/show_bug.cgi?id=5654
> https://github.com/01org/luv-yocto/issues/38
>
> This patch set includes the necessary recipes (ovmf and iasl from
> meta-luv), some improvements to them (in particular, enabling Secure
> Boot), and changes to runqemu to make it easier to boot with UEFI. A
> special image recipes builds an image which can be used to lock down a
> virtual machine by enrolling the "normal" pre-installed certificates.
>
> I decided to keep the setup simple and use just a single file for UEFI
> code and variables because that makes the usage via runqemu very
> easy. See the "runqemu: support UEFI with OVMF firmware" patch for
> details. The downside is that the firmware can't be updated without
> loosing variables. I don't see a big need for long-lived virtual
> machine instances, but would like to hear from others about that.
>
> What's missing is automated testing of this new feature. I'm open for
> suggestions here; right now I don't know enough about the automated
> testing in the AB to propose something.
>
> I've discussed the usage of ovmf/iasl with Ricardo and he agreed that
> moving ovmf and iasl from meta-luv to OE-core makes sense. Ricardo,
> would you be willing to act as maintainer of it there, like you did in
> meta-luv?
fwiw, I've been maintaining acpica recipe in meta-oe, and will keep an
eye here as well.
meta-luv supports both x86* and arm*, and we have an interest in
having the same features available and working for qemuaarch64.
> Beware that "git am --keep-cr" must be used to import the ovmf patches
> correctly.
>
> The following changes since commit 5e21afc9395060b489156d3f90505a372b713f37:
>
> Revert "selftest/wic: extending test coverage for WIC script options" (2016-12-20 17:06:01 +0000)
>
> are available in the git repository at:
>
> git://github.com/pohly/openembedded-core secure-boot
> https://github.com/pohly/openembedded-core/tree/secure-boot
>
> Patrick Ohly (7):
> ovmf: explicitly depend on nasm-native
> ovmf: deploy firmware in image directory
> ovmf_git.bb: enable parallel compilation
> ovmf_git.bb: enable Secure Boot
> runqemu: let command line parameters override defaults
> runqemu: support UEFI with OVMF firmware
> ovmf: build image which enrolls standard keys
>
> meta-luv (2):
> ovmf: move from meta-luv to OE-core
> iasl: move from meta-luv to OE-core
>
> meta/recipes-core/ovmf/ovmf-shell-image.bb | 22 +
> ...s-Force-tools-variables-to-host-toolchain.patch | 48 +
> .../ovmf/0001-OvmfPkg-Enable-BGRT-in-OVMF.patch | 110 ++
> ...0002-ovmf-update-path-to-native-BaseTools.patch | 32 +
> ...makefile-adjust-to-build-in-under-bitbake.patch | 39 +
> ...ollDefaultKeys-application-for-enrolling-.patch | 1123 ++++++++++++++++++++
> meta/recipes-core/ovmf/ovmf/ovmf-shell-image.wks | 4 +
> meta/recipes-core/ovmf/ovmf_git.bb | 178 ++++
> meta/recipes-extended/iasl/iasl_20120215.bb | 27 +
> meta/recipes-extended/iasl/iasl_20150410.bb | 27 +
> meta/recipes-extended/iasl/iasl_20150515.bb | 27 +
> scripts/runqemu | 37 +-
> 12 files changed, 1673 insertions(+), 1 deletion(-)
> create mode 100644 meta/recipes-core/ovmf/ovmf-shell-image.bb
> create mode 100644 meta/recipes-core/ovmf/ovmf/0001-BaseTools-Force-tools-variables-to-host-toolchain.patch
> create mode 100644 meta/recipes-core/ovmf/ovmf/0001-OvmfPkg-Enable-BGRT-in-OVMF.patch
> create mode 100644 meta/recipes-core/ovmf/ovmf/0002-ovmf-update-path-to-native-BaseTools.patch
> create mode 100644 meta/recipes-core/ovmf/ovmf/0003-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch
> create mode 100644 meta/recipes-core/ovmf/ovmf/0007-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch
> create mode 100644 meta/recipes-core/ovmf/ovmf/ovmf-shell-image.wks
> create mode 100644 meta/recipes-core/ovmf/ovmf_git.bb
> create mode 100644 meta/recipes-extended/iasl/iasl_20120215.bb
> create mode 100644 meta/recipes-extended/iasl/iasl_20150410.bb
> create mode 100644 meta/recipes-extended/iasl/iasl_20150515.bb
>
> --
> 2.1.4
>
> --
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
Cheers,
--
Fathi
^ permalink raw reply
* Re: [PATCH 2/9] iasl: move from meta-luv to OE-core
From: Fathi Boudra @ 2016-12-21 14:11 UTC (permalink / raw)
To: Patrick Ohly; +Cc: meta-luv, Neri, Ricardo, openembedded-core
In-Reply-To: <374bb6a728f368a801f961fb524290f205bb4625.1482324587.git.patrick.ohly@intel.com>
Hi Patrick,
On 21 December 2016 at 15:11, Patrick Ohly <patrick.ohly@intel.com> wrote:
> From: meta-luv <luv@lists.01.org>
>
> This is an unmodified copy of
> github.com/01org/luv-yocto/meta-luv/recipes-extended/iasl revision
> 4be4329.
>
> iasl is also provided by the meta-oe layer's acpica recipe. iasl is a
> bit simpler and thus seems more suitable for OE-core.
Simpler in what sense? acpica recipe is trivial and provide fully acpica tools.
Would you mind to import meta-oe acpica recipe instead of providing a
reduced set of acpica for not much benefit?
> When the meta-oe layer is active, PREFERRED_PROVIDER_iasl-native must
> be set to avoid a warning. It can be set to "acpica-native" when
> something from acpica besides just iasl is needed.
>
> Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
> ---
> meta/recipes-extended/iasl/iasl_20120215.bb | 27 +++++++++++++++++++++++++++
> meta/recipes-extended/iasl/iasl_20150410.bb | 27 +++++++++++++++++++++++++++
> meta/recipes-extended/iasl/iasl_20150515.bb | 27 +++++++++++++++++++++++++++
> 3 files changed, 81 insertions(+)
> create mode 100644 meta/recipes-extended/iasl/iasl_20120215.bb
> create mode 100644 meta/recipes-extended/iasl/iasl_20150410.bb
> create mode 100644 meta/recipes-extended/iasl/iasl_20150515.bb
>
> diff --git a/meta/recipes-extended/iasl/iasl_20120215.bb b/meta/recipes-extended/iasl/iasl_20120215.bb
> new file mode 100644
> index 0000000..a14d2ec
> --- /dev/null
> +++ b/meta/recipes-extended/iasl/iasl_20120215.bb
> @@ -0,0 +1,27 @@
> +DESCRIPTION = "This is a cross development C compiler, assembler and linker environment for the production of 8086 executables (Optionally MSDOS COM)"
> +HOMEPAGE = "http://www.acpica.org/"
> +LICENSE = "Intel-ACPI"
> +LIC_FILES_CHKSUM = "file://asldefine.h;endline=115;md5=d4d7cf809b8b5e03131327b3f718e8f0"
> +SECTION = "console/tools"
> +PR="r1"
> +
> +DEPENDS="flex-native bison-native"
> +
> +SRC_URI="https://acpica.org/sites/acpica/files/acpica-unix-${PV}.tar.gz"
> +
> +SRC_URI[md5sum] = "324c89e5bb9002e2711e0494290ceacc"
> +SRC_URI[sha256sum] = "b2b497415f29ddbefe7be8b9429b62c1f1f6e1ec11456928e4e7da86578e5b8d"
> +
> +S="${WORKDIR}/acpica-unix-${PV}/source/compiler"
> +
> +NATIVE_INSTALL_WORKS = "1"
> +BBCLASSEXTEND = "native"
> +
> +do_compile() {
> + CFLAGS="-Wno-error=redundant-decls" $MAKE
> +}
> +
> +do_install() {
> + mkdir -p ${D}${prefix}/bin
> + cp ${S}/iasl ${D}${prefix}/bin
> +}
> diff --git a/meta/recipes-extended/iasl/iasl_20150410.bb b/meta/recipes-extended/iasl/iasl_20150410.bb
> new file mode 100644
> index 0000000..4e44817
> --- /dev/null
> +++ b/meta/recipes-extended/iasl/iasl_20150410.bb
> @@ -0,0 +1,27 @@
> +DESCRIPTION = "This is a cross development C compiler, assembler and linker environment for the production of 8086 executables (Optionally MSDOS COM)"
> +HOMEPAGE = "http://www.acpica.org/"
> +LICENSE = "Intel-ACPI"
> +LIC_FILES_CHKSUM = "file://Makefile;endline=22;md5=b15414d545d190713f1bab9023dba3be"
> +SECTION = "console/tools"
> +PR="r1"
> +
> +DEPENDS="flex-native bison-native"
> +
> +SRC_URI="https://acpica.org/sites/acpica/files/acpica-unix-${PV}.tar.gz"
> +
> +SRC_URI[md5sum] = "7b49c79728dde65ab1ba4edbee6f0b22"
> +SRC_URI[sha256sum] = "1dce8d9edeb234fd553806987471f6206f429c2aab45556f62a5b2bfe2464875"
> +
> +S="${WORKDIR}/acpica-unix-${PV}"
> +
> +NATIVE_INSTALL_WORKS = "1"
> +BBCLASSEXTEND = "native"
> +
> +do_compile() {
> + make iasl
> +}
> +
> +do_install() {
> + mkdir -p ${D}${prefix}/bin
> + cp ${S}/generate/unix/bin/iasl ${D}${prefix}/bin
> +}
> diff --git a/meta/recipes-extended/iasl/iasl_20150515.bb b/meta/recipes-extended/iasl/iasl_20150515.bb
> new file mode 100644
> index 0000000..c7e1cd5
> --- /dev/null
> +++ b/meta/recipes-extended/iasl/iasl_20150515.bb
> @@ -0,0 +1,27 @@
> +DESCRIPTION = "This is a cross development C compiler, assembler and linker environment for the production of 8086 executables (Optionally MSDOS COM)"
> +HOMEPAGE = "http://www.acpica.org/"
> +LICENSE = "Intel-ACPI"
> +LIC_FILES_CHKSUM = "file://Makefile;endline=22;md5=b15414d545d190713f1bab9023dba3be"
> +SECTION = "console/tools"
> +PR="r1"
> +
> +DEPENDS="flex-native bison-native"
> +
> +SRC_URI="https://acpica.org/sites/acpica/files/acpica-unix-${PV}.tar.gz"
> +
> +SRC_URI[md5sum] = "c8c128b2d4859b52bc9c802faba2e908"
> +SRC_URI[sha256sum] = "bfa1f296a3cc13421331dbaad3b62e0184678cc312104c3e8ac799ead0742c45"
> +
> +S="${WORKDIR}/acpica-unix-${PV}"
> +
> +NATIVE_INSTALL_WORKS = "1"
> +BBCLASSEXTEND = "native"
> +
> +do_compile() {
> + make iasl
> +}
> +
> +do_install() {
> + mkdir -p ${D}${prefix}/bin
> + cp ${S}/generate/unix/bin/iasl ${D}${prefix}/bin
> +}
> --
> 2.1.4
>
> --
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
Cheers,
--
Fathi
^ permalink raw reply
* Broadcom firmware alternatives
From: Burton, Ross @ 2016-12-21 13:27 UTC (permalink / raw)
To: OE-core
[-- Attachment #1: Type: text/plain, Size: 637 bytes --]
Hi,
So /lib/firmware/brcm/brcmfmac-sdio.bin is an alternative with five
possibilities:
/lib/firmware/brcm/brcmfmac4330-sdio.bin 10
/lib/firmware/brcm/brcmfmac4329-sdio.bin 10
/lib/firmware/brcm/brcmfmac4334-sdio.bin 10
/lib/firmware/brcm/brcmfmac4339-sdio.bin 20
/lib/firmware/brcm/brcmfmac43340-sdio.bin 10
/lib/firmware/brcm/brcmfmac43430-sdio.bin 10
Note that they're all the same priority, so the choice of what goes into
the rootfs is effectively random.
From reading the internet it looks like this alternative was only required
for kernels older than 3.13, so can we just remove this alternative now?
Ross
[-- Attachment #2: Type: text/html, Size: 826 bytes --]
^ permalink raw reply
* Re: [PATCH 5/5] hdparm: 9.48 -> 9.50
From: Andre McCurdy @ 2016-12-21 13:27 UTC (permalink / raw)
To: Robert Yang; +Cc: OE Core mailing list
In-Reply-To: <6efb8d002491cd1e736b9126e09a5a63b4acd4d1.1482300982.git.liezhi.yang@windriver.com>
On Tue, Dec 20, 2016 at 10:17 PM, Robert Yang <liezhi.yang@windriver.com> wrote:
> Add 0001-Makefile-use-weak-assignment-for-LDFALGS.patch to fix issues like:
> ERROR: hdparm-9.50-r0 do_package: QA Issue: File '/sbin/hdparm.hdparm' from hdparm was already stripped, this will prevent future debugging! [already-stripped]
> ERROR: hdparm-9.50-r0 do_package: Fatal QA errors found, failing task.
Passing LDFLAGS on the make command line might be a cleaner solution
than patching the Makefile.
> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
> ---
> ...-Makefile-use-weak-assignment-for-LDFALGS.patch | 30 ++++++++++++++++++++++
> .../hdparm/{hdparm_9.48.bb => hdparm_9.50.bb} | 8 +++---
> 2 files changed, 35 insertions(+), 3 deletions(-)
> create mode 100644 meta/recipes-extended/hdparm/hdparm/0001-Makefile-use-weak-assignment-for-LDFALGS.patch
> rename meta/recipes-extended/hdparm/{hdparm_9.48.bb => hdparm_9.50.bb} (80%)
>
> diff --git a/meta/recipes-extended/hdparm/hdparm/0001-Makefile-use-weak-assignment-for-LDFALGS.patch b/meta/recipes-extended/hdparm/hdparm/0001-Makefile-use-weak-assignment-for-LDFALGS.patch
> new file mode 100644
> index 00000000000..f74da5f18c9
> --- /dev/null
> +++ b/meta/recipes-extended/hdparm/hdparm/0001-Makefile-use-weak-assignment-for-LDFALGS.patch
> @@ -0,0 +1,30 @@
> +From 9532fbaade3b08cef936723a6a5adf191881edbf Mon Sep 17 00:00:00 2001
> +From: Robert Yang <liezhi.yang@windriver.com>
> +Date: Mon, 19 Dec 2016 22:36:16 -0800
> +Subject: [PATCH] Makefile: use weak assignment for LDFALGS
> +
> +So that it can use LDFLAGS from env vars.
> +
> +Upstream-Status: Pending
> +
> +Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
> +---
> + Makefile | 2 +-
> + 1 file changed, 1 insertion(+), 1 deletion(-)
> +
> +diff --git a/Makefile b/Makefile
> +index 05a1f78..60b67d9 100644
> +--- a/Makefile
> ++++ b/Makefile
> +@@ -15,7 +15,7 @@ STRIP ?= strip
> +
> + CFLAGS := -O2 -W -Wall -Wbad-function-cast -Wcast-align -Wpointer-arith -Wcast-qual -Wshadow -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -fkeep-inline-functions -Wwrite-strings -Waggregate-return -Wnested-externs -Wtrigraphs $(CFLAGS)
> +
> +-LDFLAGS = -s
> ++LDFLAGS ?= -s
> + #LDFLAGS = -s -static
> + INSTALL = install
> + INSTALL_DATA = $(INSTALL) -m 644
> +--
> +2.10.2
> +
^ permalink raw reply
* [PATCH 9/9] ovmf: build image which enrolls standard keys
From: Patrick Ohly @ 2016-12-21 13:11 UTC (permalink / raw)
To: openembedded-core, ricardo.neri
In-Reply-To: <cover.1482324587.git.patrick.ohly@intel.com>
When booting a qemu virtual machine with ovmf.secboot, it comes up
with no keys installed and thus Secure Boot disabled. To lock down
the machine like a typical PC, one has to enroll the same keys
that PC vendors normally install, i.e. the ones from Microsoft.
This can be done manually (see
https://wiki.ubuntu.com/SecurityTeam/SecureBoot and
https://github.com/tianocore-docs/Docs/raw/master/White_Papers/A_Tour_Beyond_BIOS_into_UEFI_Secure_Boot_White_Paper.pdf) or automatically with the EnrollDefaultKeys.efi helper
from the Fedora ovmf rpm.
To use this with qemu:
$ bitbake ovmf-shell-image
...
$ runqemu serial nographic qemux86 ovmf-shell-image wic ovmf.secboot
...
UEFI Interactive Shell v2.1
EDK II
UEFI v2.60 (EDK II, 0x00010000)
Mapping table
FS0: Alias(s):HD2b:;BLK4:
PciRoot(0x0)/Pci(0x5,0x0)/HD(1,GPT,06AEF759-3982-4AF6-B517-70BA6304FC1C,0x800,0x566C)
BLK0: Alias(s):
PciRoot(0x0)/Pci(0x1,0x0)/Floppy(0x0)
BLK1: Alias(s):
PciRoot(0x0)/Pci(0x1,0x0)/Floppy(0x1)
BLK2: Alias(s):
PciRoot(0x0)/Pci(0x1,0x1)/Ata(0x0)
BLK3: Alias(s):
PciRoot(0x0)/Pci(0x5,0x0)
Press ESC in 1 seconds to skip startup.nsh or any other key to continue.
Shell> fs0:EnrollDefaultKeys.efi
info: SetupMode=1 SecureBoot=0 SecureBootEnable=0 CustomMode=0 VendorKeys=1
info: SetupMode=0 SecureBoot=1 SecureBootEnable=1 CustomMode=0 VendorKeys=0
info: success
Shell> reset
Remember that this will modify
deploy/images/qemux86/ovmf.secboot.qcow2, so make a copy and use the
full path of that copy instead of the "ovmf" argument if needed.
The ovmf-shell-image contains an EFI shell, which is what got started
here directly. After enrolling the keys, Secure Boot is active and the
same image cannot be booted anymore, so the BIOS goes through the
normal boot targets (including network boot, which can take a while to
time out), and ends up in the internal EFI shell. Trying to invoke
bootia32.efi (the shell from the image) or EnrollDefaultKeys.efi then
fails:
Shell> bootia32.efi
Command Error Status: Security Violation
The main purpose at the moment is to test that Secure Boot enforcement
really works. If we had a way to sign generated images, that part could
also be tested by booting in a locked down qemu instance.
0007-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch is
from
https://src.fedoraproject.org/cgit/rpms/edk2.git/tree/0007-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch?id=b1781931894bf2057464e634beed68b1e3218c9e
with one line changed to fix
https://bugzilla.redhat.com/show_bug.cgi?id=132502:
"EFI_STATUS Status = EFI_SUCCESS;" in EnrollListOfX509Certs() lacked
the initializer.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
---
meta/recipes-core/ovmf/ovmf-shell-image.bb | 22 +
...ollDefaultKeys-application-for-enrolling-.patch | 1123 ++++++++++++++++++++
meta/recipes-core/ovmf/ovmf/ovmf-shell-image.wks | 4 +
meta/recipes-core/ovmf/ovmf_git.bb | 16 +
4 files changed, 1165 insertions(+)
create mode 100644 meta/recipes-core/ovmf/ovmf-shell-image.bb
create mode 100644 meta/recipes-core/ovmf/ovmf/0007-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch
create mode 100644 meta/recipes-core/ovmf/ovmf/ovmf-shell-image.wks
diff --git a/meta/recipes-core/ovmf/ovmf-shell-image.bb b/meta/recipes-core/ovmf/ovmf-shell-image.bb
new file mode 100644
index 0000000..fecde9c
--- /dev/null
+++ b/meta/recipes-core/ovmf/ovmf-shell-image.bb
@@ -0,0 +1,22 @@
+# This needs to run before image.bbclass reads IMAGE_FSTYPES,
+# which is guaranteed by the ordering of anonymous functions
+# in a recipe.
+python () {
+ # Ignore customization of IMAGE_FSTYPES because
+ # for this image recipe, only the .wic format
+ # with a single vfat partition makes sense.
+ d.setVar('IMAGE_FSTYPES', 'wic')
+}
+WKS_FILE = "ovmf/ovmf-shell-image.wks"
+
+inherit image
+
+# We want a minimal image with just ovmf-shell-efi
+# unpacked in it. We avoid installing unnecessary
+# stuff as much as possible, but some things still
+# get through and need to be removed.
+PACKAGE_INSTALL = "ovmf-shell-efi"
+LINGUAS_INSTALL = ""
+do_image () {
+ rm -rf `ls -d ${IMAGE_ROOTFS}/* | grep -v efi`
+}
diff --git a/meta/recipes-core/ovmf/ovmf/0007-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch b/meta/recipes-core/ovmf/ovmf/0007-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch
new file mode 100644
index 0000000..12d43df
--- /dev/null
+++ b/meta/recipes-core/ovmf/ovmf/0007-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch
@@ -0,0 +1,1123 @@
+From: Laszlo Ersek <lersek@redhat.com>
+Date: Mon, 6 Jul 2015 20:22:02 +0200
+Subject: [PATCH] OvmfPkg: EnrollDefaultKeys: application for enrolling default
+ keys
+
+(A port of the <https://bugzilla.redhat.com/show_bug.cgi?id=1148296> patch
+to Gerd's public RPMs.)
+
+This application is meant to be invoked by the management layer, after
+booting the UEFI shell and getting a shell prompt on the serial console.
+The app enrolls a number of certificates (see below), and then reports
+status to the serial console as well. The expected output is "info:
+success":
+
+> Shell> EnrollDefaultKeys.efi
+> info: SetupMode=1 SecureBoot=0 SecureBootEnable=0 CustomMode=0 VendorKeys=1
+> info: SetupMode=0 SecureBoot=1 SecureBootEnable=1 CustomMode=0 VendorKeys=0
+> info: success
+> Shell>
+
+In case of success, the management layer can force off or reboot the VM
+(for example with the "reset -s" or "reset -c" UEFI shell commands,
+respectively), and start the guest installation with SecureBoot enabled.
+
+PK:
+- A unique, static, ad-hoc certificate whose private half has been
+ destroyed (more precisely, never saved) and is therefore unusable for
+ signing. (The command for creating this certificate is saved in the
+ source code.)
+
+KEK:
+- same ad-hoc certificate as used for the PK,
+- "Microsoft Corporation KEK CA 2011" -- the dbx data in Fedora's dbxtool
+ package is signed (indirectly, through a chain) with this; enrolling
+ such a KEK should allow guests to install those updates.
+
+DB:
+- "Microsoft Windows Production PCA 2011" -- to load Windows 8 and Windows
+ Server 2012 R2,
+- "Microsoft Corporation UEFI CA 2011" -- to load Linux and signed PCI
+ oproms.
+
+Contributed-under: TianoCore Contribution Agreement 1.0
+Signed-off-by: Laszlo Ersek <lersek@redhat.com>
+Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
+---
+ OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c | 960 ++++++++++++++++++++++++
+ OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf | 51 ++
+ OvmfPkg/OvmfPkgIa32.dsc | 4 +
+ OvmfPkg/OvmfPkgIa32X64.dsc | 4 +
+ OvmfPkg/OvmfPkgX64.dsc | 4 +
+ 5 files changed, 1023 insertions(+)
+ create mode 100644 OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c
+ create mode 100644 OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf
+
+diff --git a/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c
+new file mode 100644
+index 0000000..081212b
+--- /dev/null
++++ b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c
+@@ -0,0 +1,960 @@
++/** @file
++ Enroll default PK, KEK, DB.
++
++ Copyright (C) 2014, Red Hat, Inc.
++
++ This program and the accompanying materials are licensed and made available
++ under the terms and conditions of the BSD License which accompanies this
++ distribution. The full text of the license may be found at
++ http://opensource.org/licenses/bsd-license.
++
++ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT
++ WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
++**/
++#include <Guid/AuthenticatedVariableFormat.h> // gEfiCustomModeEnableGuid
++#include <Guid/GlobalVariable.h> // EFI_SETUP_MODE_NAME
++#include <Guid/ImageAuthentication.h> // EFI_IMAGE_SECURITY_DATABASE
++#include <Library/BaseMemoryLib.h> // CopyGuid()
++#include <Library/DebugLib.h> // ASSERT()
++#include <Library/MemoryAllocationLib.h> // FreePool()
++#include <Library/ShellCEntryLib.h> // ShellAppMain()
++#include <Library/UefiLib.h> // AsciiPrint()
++#include <Library/UefiRuntimeServicesTableLib.h> // gRT
++
++//
++// The example self-signed certificate below, which we'll use for both Platform
++// Key, and first Key Exchange Key, has been generated with the following
++// non-interactive openssl command. The passphrase is read from /dev/urandom,
++// and not saved, and the private key is written to /dev/null. In other words,
++// we can't sign anything else against this certificate, which is our purpose.
++//
++/*
++ openssl req \
++ -passout file:<(head -c 16 /dev/urandom) \
++ -x509 \
++ -newkey rsa:2048 \
++ -keyout /dev/null \
++ -outform DER \
++ -subj $(
++ printf /C=US
++ printf /ST=TestStateOrProvince
++ printf /L=TestLocality
++ printf /O=TestOrganization
++ printf /OU=TestOrganizationalUnit
++ printf /CN=TestCommonName
++ printf /emailAddress=test@example.com
++ ) \
++ 2>/dev/null \
++ | xxd -i
++*/
++STATIC CONST UINT8 ExampleCert[] = {
++ 0x30, 0x82, 0x04, 0x45, 0x30, 0x82, 0x03, 0x2d, 0xa0, 0x03, 0x02, 0x01, 0x02,
++ 0x02, 0x09, 0x00, 0xcf, 0x9f, 0x51, 0xa3, 0x07, 0xdb, 0x54, 0xa1, 0x30, 0x0d,
++ 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00,
++ 0x30, 0x81, 0xb8, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
++ 0x02, 0x55, 0x53, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c,
++ 0x13, 0x54, 0x65, 0x73, 0x74, 0x53, 0x74, 0x61, 0x74, 0x65, 0x4f, 0x72, 0x50,
++ 0x72, 0x6f, 0x76, 0x69, 0x6e, 0x63, 0x65, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03,
++ 0x55, 0x04, 0x07, 0x0c, 0x0c, 0x54, 0x65, 0x73, 0x74, 0x4c, 0x6f, 0x63, 0x61,
++ 0x6c, 0x69, 0x74, 0x79, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0a,
++ 0x0c, 0x10, 0x54, 0x65, 0x73, 0x74, 0x4f, 0x72, 0x67, 0x61, 0x6e, 0x69, 0x7a,
++ 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04,
++ 0x0b, 0x0c, 0x16, 0x54, 0x65, 0x73, 0x74, 0x4f, 0x72, 0x67, 0x61, 0x6e, 0x69,
++ 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x55, 0x6e, 0x69, 0x74, 0x31,
++ 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0e, 0x54, 0x65, 0x73,
++ 0x74, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x4e, 0x61, 0x6d, 0x65, 0x31, 0x1f,
++ 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01,
++ 0x16, 0x10, 0x74, 0x65, 0x73, 0x74, 0x40, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c,
++ 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x34, 0x31, 0x30,
++ 0x30, 0x39, 0x31, 0x33, 0x32, 0x38, 0x32, 0x32, 0x5a, 0x17, 0x0d, 0x31, 0x34,
++ 0x31, 0x31, 0x30, 0x38, 0x31, 0x33, 0x32, 0x38, 0x32, 0x32, 0x5a, 0x30, 0x81,
++ 0xb8, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55,
++ 0x53, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x13, 0x54,
++ 0x65, 0x73, 0x74, 0x53, 0x74, 0x61, 0x74, 0x65, 0x4f, 0x72, 0x50, 0x72, 0x6f,
++ 0x76, 0x69, 0x6e, 0x63, 0x65, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04,
++ 0x07, 0x0c, 0x0c, 0x54, 0x65, 0x73, 0x74, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x69,
++ 0x74, 0x79, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x10,
++ 0x54, 0x65, 0x73, 0x74, 0x4f, 0x72, 0x67, 0x61, 0x6e, 0x69, 0x7a, 0x61, 0x74,
++ 0x69, 0x6f, 0x6e, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c,
++ 0x16, 0x54, 0x65, 0x73, 0x74, 0x4f, 0x72, 0x67, 0x61, 0x6e, 0x69, 0x7a, 0x61,
++ 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x55, 0x6e, 0x69, 0x74, 0x31, 0x17, 0x30,
++ 0x15, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0e, 0x54, 0x65, 0x73, 0x74, 0x43,
++ 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x4e, 0x61, 0x6d, 0x65, 0x31, 0x1f, 0x30, 0x1d,
++ 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10,
++ 0x74, 0x65, 0x73, 0x74, 0x40, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e,
++ 0x63, 0x6f, 0x6d, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86,
++ 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f,
++ 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xbf, 0xf1, 0xce,
++ 0x17, 0x32, 0xac, 0xc4, 0x4b, 0xb2, 0xed, 0x84, 0x76, 0xe5, 0xd0, 0xf8, 0x21,
++ 0xac, 0x10, 0xf8, 0x18, 0x09, 0x0e, 0x07, 0x13, 0x76, 0x21, 0x5c, 0xc4, 0xcc,
++ 0xd5, 0xe6, 0x25, 0xa7, 0x26, 0x53, 0x79, 0x2f, 0x16, 0x4b, 0x85, 0xbd, 0xae,
++ 0x42, 0x64, 0x58, 0xcb, 0x5e, 0xe8, 0x6e, 0x5a, 0xd0, 0xc4, 0x0f, 0x38, 0x16,
++ 0xbe, 0xd3, 0x22, 0xa7, 0x3c, 0x9b, 0x8b, 0x5e, 0xcb, 0x62, 0x35, 0xc5, 0x9b,
++ 0xe2, 0x8e, 0x4c, 0x65, 0x57, 0x4f, 0xcb, 0x27, 0xad, 0xe7, 0x63, 0xa7, 0x77,
++ 0x2b, 0xd5, 0x02, 0x42, 0x70, 0x46, 0xac, 0xba, 0xb6, 0x60, 0x57, 0xd9, 0xce,
++ 0x31, 0xc5, 0x12, 0x03, 0x4a, 0xf7, 0x2a, 0x2b, 0x40, 0x06, 0xb4, 0xdb, 0x31,
++ 0xb7, 0x83, 0x6c, 0x67, 0x87, 0x98, 0x8b, 0xce, 0x1b, 0x30, 0x7a, 0xfa, 0x35,
++ 0x6c, 0x86, 0x20, 0x74, 0xc5, 0x7d, 0x32, 0x31, 0x18, 0xeb, 0x69, 0xf7, 0x2d,
++ 0x20, 0xc4, 0xf0, 0xd2, 0xfa, 0x67, 0x81, 0xc1, 0xbb, 0x23, 0xbb, 0x75, 0x1a,
++ 0xe4, 0xb4, 0x49, 0x99, 0xdf, 0x12, 0x4c, 0xe3, 0x6d, 0x76, 0x24, 0x85, 0x24,
++ 0xae, 0x5a, 0x9e, 0xbd, 0x54, 0x1c, 0xf9, 0x0e, 0xed, 0x96, 0xb5, 0xd8, 0xa2,
++ 0x0d, 0x2a, 0x38, 0x5d, 0x12, 0x97, 0xb0, 0x4d, 0x75, 0x85, 0x1e, 0x47, 0x6d,
++ 0xe1, 0x25, 0x59, 0xcb, 0xe9, 0x33, 0x86, 0x6a, 0xef, 0x98, 0x24, 0xa0, 0x2b,
++ 0x02, 0x7b, 0xc0, 0x9f, 0x88, 0x03, 0xb0, 0xbe, 0x22, 0x65, 0x83, 0x77, 0xb3,
++ 0x30, 0xba, 0xe0, 0x3b, 0x54, 0x31, 0x3a, 0x45, 0x81, 0x9c, 0x48, 0xaf, 0xc1,
++ 0x11, 0x5b, 0xf2, 0x3a, 0x1e, 0x33, 0x1b, 0x8f, 0x0e, 0x04, 0xa4, 0x16, 0xd4,
++ 0x6b, 0x57, 0xee, 0xe7, 0xba, 0xf5, 0xee, 0xaf, 0xe2, 0x4c, 0x50, 0xf8, 0x68,
++ 0x57, 0x88, 0xfb, 0x7f, 0xa3, 0xcf, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x50,
++ 0x30, 0x4e, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14,
++ 0x1e, 0x44, 0xe5, 0xef, 0xcd, 0x6e, 0x1f, 0xdb, 0xcb, 0x4f, 0x94, 0x8f, 0xe3,
++ 0x3b, 0x1a, 0x8c, 0xe6, 0x95, 0x29, 0x61, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d,
++ 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x1e, 0x44, 0xe5, 0xef, 0xcd, 0x6e,
++ 0x1f, 0xdb, 0xcb, 0x4f, 0x94, 0x8f, 0xe3, 0x3b, 0x1a, 0x8c, 0xe6, 0x95, 0x29,
++ 0x61, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01,
++ 0x01, 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
++ 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x12, 0x9c, 0x3e, 0x38,
++ 0xfc, 0x26, 0xea, 0x6d, 0xb7, 0x5c, 0x29, 0x3c, 0x76, 0x20, 0x0c, 0xb2, 0xa9,
++ 0x0f, 0xdf, 0xc0, 0x85, 0xfe, 0xeb, 0xec, 0x1d, 0x5d, 0x73, 0x84, 0xac, 0x8a,
++ 0xb4, 0x2a, 0x86, 0x38, 0x30, 0xaf, 0xd2, 0x2d, 0x2a, 0xde, 0x54, 0xc8, 0x5c,
++ 0x29, 0x90, 0x24, 0xf2, 0x39, 0xc1, 0xa5, 0x00, 0xb4, 0xb7, 0xd8, 0xdc, 0x59,
++ 0x64, 0x50, 0x62, 0x5f, 0x54, 0xf1, 0x73, 0x02, 0x4d, 0x43, 0xc5, 0xc3, 0xc4,
++ 0x0e, 0x62, 0x60, 0x8c, 0x53, 0x66, 0x57, 0x77, 0xb5, 0x81, 0xda, 0x1f, 0x81,
++ 0xda, 0xe9, 0xd6, 0x5e, 0x82, 0xce, 0xa7, 0x5c, 0xc0, 0xa6, 0xbe, 0x9c, 0x5c,
++ 0x7b, 0xa5, 0x15, 0xc8, 0xd7, 0x14, 0x53, 0xd3, 0x5c, 0x1c, 0x9f, 0x8a, 0x9f,
++ 0x66, 0x15, 0xd5, 0xd3, 0x2a, 0x27, 0x0c, 0xee, 0x9f, 0x80, 0x39, 0x88, 0x7b,
++ 0x24, 0xde, 0x0c, 0x61, 0xa3, 0x44, 0xd8, 0x8d, 0x2e, 0x79, 0xf8, 0x1e, 0x04,
++ 0x5a, 0xcb, 0xd6, 0x9c, 0xa3, 0x22, 0x8f, 0x09, 0x32, 0x1e, 0xe1, 0x65, 0x8f,
++ 0x10, 0x5f, 0xd8, 0x52, 0x56, 0xd5, 0x77, 0xac, 0x58, 0x46, 0x60, 0xba, 0x2e,
++ 0xe2, 0x3f, 0x58, 0x7d, 0x60, 0xfc, 0x31, 0x4a, 0x3a, 0xaf, 0x61, 0x55, 0x5f,
++ 0xfb, 0x68, 0x14, 0x74, 0xda, 0xdc, 0x42, 0x78, 0xcc, 0xee, 0xff, 0x5c, 0x03,
++ 0x24, 0x26, 0x2c, 0xb8, 0x3a, 0x81, 0xad, 0xdb, 0xe7, 0xed, 0xe1, 0x62, 0x84,
++ 0x07, 0x1a, 0xc8, 0xa4, 0x4e, 0xb0, 0x87, 0xf7, 0x96, 0xd8, 0x33, 0x9b, 0x0d,
++ 0xa7, 0x77, 0xae, 0x5b, 0xaf, 0xad, 0xe6, 0x5a, 0xc9, 0xfa, 0xa4, 0xe4, 0xe5,
++ 0x57, 0xbb, 0x97, 0xdd, 0x92, 0x85, 0xd8, 0x03, 0x45, 0xfe, 0xd8, 0x6b, 0xb1,
++ 0xdb, 0x85, 0x36, 0xb9, 0xd9, 0x28, 0xbf, 0x17, 0xae, 0x11, 0xde, 0x10, 0x19,
++ 0x26, 0x5b, 0xc0, 0x3d, 0xc7
++};
++
++//
++// Second KEK: "Microsoft Corporation KEK CA 2011".
++// SHA1: 31:59:0b:fd:89:c9:d7:4e:d0:87:df:ac:66:33:4b:39:31:25:4b:30
++//
++// "dbx" updates in "dbxtool" are signed with a key derived from this KEK.
++//
++STATIC CONST UINT8 MicrosoftKEK[] = {
++ 0x30, 0x82, 0x05, 0xe8, 0x30, 0x82, 0x03, 0xd0, 0xa0, 0x03, 0x02, 0x01, 0x02,
++ 0x02, 0x0a, 0x61, 0x0a, 0xd1, 0x88, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, 0x30,
++ 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05,
++ 0x00, 0x30, 0x81, 0x91, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06,
++ 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08,
++ 0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31,
++ 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64,
++ 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a,
++ 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43,
++ 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x3b, 0x30,
++ 0x39, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x32, 0x4d, 0x69, 0x63, 0x72, 0x6f,
++ 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74,
++ 0x69, 0x6f, 0x6e, 0x20, 0x54, 0x68, 0x69, 0x72, 0x64, 0x20, 0x50, 0x61, 0x72,
++ 0x74, 0x79, 0x20, 0x4d, 0x61, 0x72, 0x6b, 0x65, 0x74, 0x70, 0x6c, 0x61, 0x63,
++ 0x65, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x31, 0x30,
++ 0x36, 0x32, 0x34, 0x32, 0x30, 0x34, 0x31, 0x32, 0x39, 0x5a, 0x17, 0x0d, 0x32,
++ 0x36, 0x30, 0x36, 0x32, 0x34, 0x32, 0x30, 0x35, 0x31, 0x32, 0x39, 0x5a, 0x30,
++ 0x81, 0x80, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
++ 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x0a,
++ 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30,
++ 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64, 0x6d, 0x6f,
++ 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x15,
++ 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72,
++ 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x2a, 0x30, 0x28, 0x06,
++ 0x03, 0x55, 0x04, 0x03, 0x13, 0x21, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f,
++ 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f,
++ 0x6e, 0x20, 0x4b, 0x45, 0x4b, 0x20, 0x43, 0x41, 0x20, 0x32, 0x30, 0x31, 0x31,
++ 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
++ 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82,
++ 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc4, 0xe8, 0xb5, 0x8a, 0xbf, 0xad,
++ 0x57, 0x26, 0xb0, 0x26, 0xc3, 0xea, 0xe7, 0xfb, 0x57, 0x7a, 0x44, 0x02, 0x5d,
++ 0x07, 0x0d, 0xda, 0x4a, 0xe5, 0x74, 0x2a, 0xe6, 0xb0, 0x0f, 0xec, 0x6d, 0xeb,
++ 0xec, 0x7f, 0xb9, 0xe3, 0x5a, 0x63, 0x32, 0x7c, 0x11, 0x17, 0x4f, 0x0e, 0xe3,
++ 0x0b, 0xa7, 0x38, 0x15, 0x93, 0x8e, 0xc6, 0xf5, 0xe0, 0x84, 0xb1, 0x9a, 0x9b,
++ 0x2c, 0xe7, 0xf5, 0xb7, 0x91, 0xd6, 0x09, 0xe1, 0xe2, 0xc0, 0x04, 0xa8, 0xac,
++ 0x30, 0x1c, 0xdf, 0x48, 0xf3, 0x06, 0x50, 0x9a, 0x64, 0xa7, 0x51, 0x7f, 0xc8,
++ 0x85, 0x4f, 0x8f, 0x20, 0x86, 0xce, 0xfe, 0x2f, 0xe1, 0x9f, 0xff, 0x82, 0xc0,
++ 0xed, 0xe9, 0xcd, 0xce, 0xf4, 0x53, 0x6a, 0x62, 0x3a, 0x0b, 0x43, 0xb9, 0xe2,
++ 0x25, 0xfd, 0xfe, 0x05, 0xf9, 0xd4, 0xc4, 0x14, 0xab, 0x11, 0xe2, 0x23, 0x89,
++ 0x8d, 0x70, 0xb7, 0xa4, 0x1d, 0x4d, 0xec, 0xae, 0xe5, 0x9c, 0xfa, 0x16, 0xc2,
++ 0xd7, 0xc1, 0xcb, 0xd4, 0xe8, 0xc4, 0x2f, 0xe5, 0x99, 0xee, 0x24, 0x8b, 0x03,
++ 0xec, 0x8d, 0xf2, 0x8b, 0xea, 0xc3, 0x4a, 0xfb, 0x43, 0x11, 0x12, 0x0b, 0x7e,
++ 0xb5, 0x47, 0x92, 0x6c, 0xdc, 0xe6, 0x04, 0x89, 0xeb, 0xf5, 0x33, 0x04, 0xeb,
++ 0x10, 0x01, 0x2a, 0x71, 0xe5, 0xf9, 0x83, 0x13, 0x3c, 0xff, 0x25, 0x09, 0x2f,
++ 0x68, 0x76, 0x46, 0xff, 0xba, 0x4f, 0xbe, 0xdc, 0xad, 0x71, 0x2a, 0x58, 0xaa,
++ 0xfb, 0x0e, 0xd2, 0x79, 0x3d, 0xe4, 0x9b, 0x65, 0x3b, 0xcc, 0x29, 0x2a, 0x9f,
++ 0xfc, 0x72, 0x59, 0xa2, 0xeb, 0xae, 0x92, 0xef, 0xf6, 0x35, 0x13, 0x80, 0xc6,
++ 0x02, 0xec, 0xe4, 0x5f, 0xcc, 0x9d, 0x76, 0xcd, 0xef, 0x63, 0x92, 0xc1, 0xaf,
++ 0x79, 0x40, 0x84, 0x79, 0x87, 0x7f, 0xe3, 0x52, 0xa8, 0xe8, 0x9d, 0x7b, 0x07,
++ 0x69, 0x8f, 0x15, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x4f, 0x30,
++ 0x82, 0x01, 0x4b, 0x30, 0x10, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82,
++ 0x37, 0x15, 0x01, 0x04, 0x03, 0x02, 0x01, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55,
++ 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x62, 0xfc, 0x43, 0xcd, 0xa0, 0x3e, 0xa4,
++ 0xcb, 0x67, 0x12, 0xd2, 0x5b, 0xd9, 0x55, 0xac, 0x7b, 0xcc, 0xb6, 0x8a, 0x5f,
++ 0x30, 0x19, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x14, 0x02,
++ 0x04, 0x0c, 0x1e, 0x0a, 0x00, 0x53, 0x00, 0x75, 0x00, 0x62, 0x00, 0x43, 0x00,
++ 0x41, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, 0x01,
++ 0x86, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05,
++ 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04,
++ 0x18, 0x30, 0x16, 0x80, 0x14, 0x45, 0x66, 0x52, 0x43, 0xe1, 0x7e, 0x58, 0x11,
++ 0xbf, 0xd6, 0x4e, 0x9e, 0x23, 0x55, 0x08, 0x3b, 0x3a, 0x22, 0x6a, 0xa8, 0x30,
++ 0x5c, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x55, 0x30, 0x53, 0x30, 0x51, 0xa0,
++ 0x4f, 0xa0, 0x4d, 0x86, 0x4b, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63,
++ 0x72, 0x6c, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x2e,
++ 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x63, 0x72, 0x6c, 0x2f, 0x70,
++ 0x72, 0x6f, 0x64, 0x75, 0x63, 0x74, 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x43, 0x6f,
++ 0x72, 0x54, 0x68, 0x69, 0x50, 0x61, 0x72, 0x4d, 0x61, 0x72, 0x52, 0x6f, 0x6f,
++ 0x5f, 0x32, 0x30, 0x31, 0x30, 0x2d, 0x31, 0x30, 0x2d, 0x30, 0x35, 0x2e, 0x63,
++ 0x72, 0x6c, 0x30, 0x60, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01,
++ 0x01, 0x04, 0x54, 0x30, 0x52, 0x30, 0x50, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05,
++ 0x05, 0x07, 0x30, 0x02, 0x86, 0x44, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f,
++ 0x77, 0x77, 0x77, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74,
++ 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x63, 0x65, 0x72, 0x74,
++ 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x43, 0x6f, 0x72, 0x54, 0x68, 0x69, 0x50, 0x61,
++ 0x72, 0x4d, 0x61, 0x72, 0x52, 0x6f, 0x6f, 0x5f, 0x32, 0x30, 0x31, 0x30, 0x2d,
++ 0x31, 0x30, 0x2d, 0x30, 0x35, 0x2e, 0x63, 0x72, 0x74, 0x30, 0x0d, 0x06, 0x09,
++ 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82,
++ 0x02, 0x01, 0x00, 0xd4, 0x84, 0x88, 0xf5, 0x14, 0x94, 0x18, 0x02, 0xca, 0x2a,
++ 0x3c, 0xfb, 0x2a, 0x92, 0x1c, 0x0c, 0xd7, 0xa0, 0xd1, 0xf1, 0xe8, 0x52, 0x66,
++ 0xa8, 0xee, 0xa2, 0xb5, 0x75, 0x7a, 0x90, 0x00, 0xaa, 0x2d, 0xa4, 0x76, 0x5a,
++ 0xea, 0x79, 0xb7, 0xb9, 0x37, 0x6a, 0x51, 0x7b, 0x10, 0x64, 0xf6, 0xe1, 0x64,
++ 0xf2, 0x02, 0x67, 0xbe, 0xf7, 0xa8, 0x1b, 0x78, 0xbd, 0xba, 0xce, 0x88, 0x58,
++ 0x64, 0x0c, 0xd6, 0x57, 0xc8, 0x19, 0xa3, 0x5f, 0x05, 0xd6, 0xdb, 0xc6, 0xd0,
++ 0x69, 0xce, 0x48, 0x4b, 0x32, 0xb7, 0xeb, 0x5d, 0xd2, 0x30, 0xf5, 0xc0, 0xf5,
++ 0xb8, 0xba, 0x78, 0x07, 0xa3, 0x2b, 0xfe, 0x9b, 0xdb, 0x34, 0x56, 0x84, 0xec,
++ 0x82, 0xca, 0xae, 0x41, 0x25, 0x70, 0x9c, 0x6b, 0xe9, 0xfe, 0x90, 0x0f, 0xd7,
++ 0x96, 0x1f, 0xe5, 0xe7, 0x94, 0x1f, 0xb2, 0x2a, 0x0c, 0x8d, 0x4b, 0xff, 0x28,
++ 0x29, 0x10, 0x7b, 0xf7, 0xd7, 0x7c, 0xa5, 0xd1, 0x76, 0xb9, 0x05, 0xc8, 0x79,
++ 0xed, 0x0f, 0x90, 0x92, 0x9c, 0xc2, 0xfe, 0xdf, 0x6f, 0x7e, 0x6c, 0x0f, 0x7b,
++ 0xd4, 0xc1, 0x45, 0xdd, 0x34, 0x51, 0x96, 0x39, 0x0f, 0xe5, 0x5e, 0x56, 0xd8,
++ 0x18, 0x05, 0x96, 0xf4, 0x07, 0xa6, 0x42, 0xb3, 0xa0, 0x77, 0xfd, 0x08, 0x19,
++ 0xf2, 0x71, 0x56, 0xcc, 0x9f, 0x86, 0x23, 0xa4, 0x87, 0xcb, 0xa6, 0xfd, 0x58,
++ 0x7e, 0xd4, 0x69, 0x67, 0x15, 0x91, 0x7e, 0x81, 0xf2, 0x7f, 0x13, 0xe5, 0x0d,
++ 0x8b, 0x8a, 0x3c, 0x87, 0x84, 0xeb, 0xe3, 0xce, 0xbd, 0x43, 0xe5, 0xad, 0x2d,
++ 0x84, 0x93, 0x8e, 0x6a, 0x2b, 0x5a, 0x7c, 0x44, 0xfa, 0x52, 0xaa, 0x81, 0xc8,
++ 0x2d, 0x1c, 0xbb, 0xe0, 0x52, 0xdf, 0x00, 0x11, 0xf8, 0x9a, 0x3d, 0xc1, 0x60,
++ 0xb0, 0xe1, 0x33, 0xb5, 0xa3, 0x88, 0xd1, 0x65, 0x19, 0x0a, 0x1a, 0xe7, 0xac,
++ 0x7c, 0xa4, 0xc1, 0x82, 0x87, 0x4e, 0x38, 0xb1, 0x2f, 0x0d, 0xc5, 0x14, 0x87,
++ 0x6f, 0xfd, 0x8d, 0x2e, 0xbc, 0x39, 0xb6, 0xe7, 0xe6, 0xc3, 0xe0, 0xe4, 0xcd,
++ 0x27, 0x84, 0xef, 0x94, 0x42, 0xef, 0x29, 0x8b, 0x90, 0x46, 0x41, 0x3b, 0x81,
++ 0x1b, 0x67, 0xd8, 0xf9, 0x43, 0x59, 0x65, 0xcb, 0x0d, 0xbc, 0xfd, 0x00, 0x92,
++ 0x4f, 0xf4, 0x75, 0x3b, 0xa7, 0xa9, 0x24, 0xfc, 0x50, 0x41, 0x40, 0x79, 0xe0,
++ 0x2d, 0x4f, 0x0a, 0x6a, 0x27, 0x76, 0x6e, 0x52, 0xed, 0x96, 0x69, 0x7b, 0xaf,
++ 0x0f, 0xf7, 0x87, 0x05, 0xd0, 0x45, 0xc2, 0xad, 0x53, 0x14, 0x81, 0x1f, 0xfb,
++ 0x30, 0x04, 0xaa, 0x37, 0x36, 0x61, 0xda, 0x4a, 0x69, 0x1b, 0x34, 0xd8, 0x68,
++ 0xed, 0xd6, 0x02, 0xcf, 0x6c, 0x94, 0x0c, 0xd3, 0xcf, 0x6c, 0x22, 0x79, 0xad,
++ 0xb1, 0xf0, 0xbc, 0x03, 0xa2, 0x46, 0x60, 0xa9, 0xc4, 0x07, 0xc2, 0x21, 0x82,
++ 0xf1, 0xfd, 0xf2, 0xe8, 0x79, 0x32, 0x60, 0xbf, 0xd8, 0xac, 0xa5, 0x22, 0x14,
++ 0x4b, 0xca, 0xc1, 0xd8, 0x4b, 0xeb, 0x7d, 0x3f, 0x57, 0x35, 0xb2, 0xe6, 0x4f,
++ 0x75, 0xb4, 0xb0, 0x60, 0x03, 0x22, 0x53, 0xae, 0x91, 0x79, 0x1d, 0xd6, 0x9b,
++ 0x41, 0x1f, 0x15, 0x86, 0x54, 0x70, 0xb2, 0xde, 0x0d, 0x35, 0x0f, 0x7c, 0xb0,
++ 0x34, 0x72, 0xba, 0x97, 0x60, 0x3b, 0xf0, 0x79, 0xeb, 0xa2, 0xb2, 0x1c, 0x5d,
++ 0xa2, 0x16, 0xb8, 0x87, 0xc5, 0xe9, 0x1b, 0xf6, 0xb5, 0x97, 0x25, 0x6f, 0x38,
++ 0x9f, 0xe3, 0x91, 0xfa, 0x8a, 0x79, 0x98, 0xc3, 0x69, 0x0e, 0xb7, 0xa3, 0x1c,
++ 0x20, 0x05, 0x97, 0xf8, 0xca, 0x14, 0xae, 0x00, 0xd7, 0xc4, 0xf3, 0xc0, 0x14,
++ 0x10, 0x75, 0x6b, 0x34, 0xa0, 0x1b, 0xb5, 0x99, 0x60, 0xf3, 0x5c, 0xb0, 0xc5,
++ 0x57, 0x4e, 0x36, 0xd2, 0x32, 0x84, 0xbf, 0x9e
++};
++
++//
++// First DB entry: "Microsoft Windows Production PCA 2011"
++// SHA1: 58:0a:6f:4c:c4:e4:b6:69:b9:eb:dc:1b:2b:3e:08:7b:80:d0:67:8d
++//
++// Windows 8 and Windows Server 2012 R2 boot loaders are signed with a chain
++// rooted in this certificate.
++//
++STATIC CONST UINT8 MicrosoftPCA[] = {
++ 0x30, 0x82, 0x05, 0xd7, 0x30, 0x82, 0x03, 0xbf, 0xa0, 0x03, 0x02, 0x01, 0x02,
++ 0x02, 0x0a, 0x61, 0x07, 0x76, 0x56, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x30,
++ 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05,
++ 0x00, 0x30, 0x81, 0x88, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06,
++ 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08,
++ 0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31,
++ 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64,
++ 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a,
++ 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43,
++ 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x32, 0x30,
++ 0x30, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x29, 0x4d, 0x69, 0x63, 0x72, 0x6f,
++ 0x73, 0x6f, 0x66, 0x74, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x65, 0x72,
++ 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68,
++ 0x6f, 0x72, 0x69, 0x74, 0x79, 0x20, 0x32, 0x30, 0x31, 0x30, 0x30, 0x1e, 0x17,
++ 0x0d, 0x31, 0x31, 0x31, 0x30, 0x31, 0x39, 0x31, 0x38, 0x34, 0x31, 0x34, 0x32,
++ 0x5a, 0x17, 0x0d, 0x32, 0x36, 0x31, 0x30, 0x31, 0x39, 0x31, 0x38, 0x35, 0x31,
++ 0x34, 0x32, 0x5a, 0x30, 0x81, 0x84, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55,
++ 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55,
++ 0x04, 0x08, 0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f,
++ 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52,
++ 0x65, 0x64, 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55,
++ 0x04, 0x0a, 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74,
++ 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31,
++ 0x2e, 0x30, 0x2c, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x25, 0x4d, 0x69, 0x63,
++ 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x57, 0x69, 0x6e, 0x64, 0x6f, 0x77,
++ 0x73, 0x20, 0x50, 0x72, 0x6f, 0x64, 0x75, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x20,
++ 0x50, 0x43, 0x41, 0x20, 0x32, 0x30, 0x31, 0x31, 0x30, 0x82, 0x01, 0x22, 0x30,
++ 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05,
++ 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01,
++ 0x01, 0x00, 0xdd, 0x0c, 0xbb, 0xa2, 0xe4, 0x2e, 0x09, 0xe3, 0xe7, 0xc5, 0xf7,
++ 0x96, 0x69, 0xbc, 0x00, 0x21, 0xbd, 0x69, 0x33, 0x33, 0xef, 0xad, 0x04, 0xcb,
++ 0x54, 0x80, 0xee, 0x06, 0x83, 0xbb, 0xc5, 0x20, 0x84, 0xd9, 0xf7, 0xd2, 0x8b,
++ 0xf3, 0x38, 0xb0, 0xab, 0xa4, 0xad, 0x2d, 0x7c, 0x62, 0x79, 0x05, 0xff, 0xe3,
++ 0x4a, 0x3f, 0x04, 0x35, 0x20, 0x70, 0xe3, 0xc4, 0xe7, 0x6b, 0xe0, 0x9c, 0xc0,
++ 0x36, 0x75, 0xe9, 0x8a, 0x31, 0xdd, 0x8d, 0x70, 0xe5, 0xdc, 0x37, 0xb5, 0x74,
++ 0x46, 0x96, 0x28, 0x5b, 0x87, 0x60, 0x23, 0x2c, 0xbf, 0xdc, 0x47, 0xa5, 0x67,
++ 0xf7, 0x51, 0x27, 0x9e, 0x72, 0xeb, 0x07, 0xa6, 0xc9, 0xb9, 0x1e, 0x3b, 0x53,
++ 0x35, 0x7c, 0xe5, 0xd3, 0xec, 0x27, 0xb9, 0x87, 0x1c, 0xfe, 0xb9, 0xc9, 0x23,
++ 0x09, 0x6f, 0xa8, 0x46, 0x91, 0xc1, 0x6e, 0x96, 0x3c, 0x41, 0xd3, 0xcb, 0xa3,
++ 0x3f, 0x5d, 0x02, 0x6a, 0x4d, 0xec, 0x69, 0x1f, 0x25, 0x28, 0x5c, 0x36, 0xff,
++ 0xfd, 0x43, 0x15, 0x0a, 0x94, 0xe0, 0x19, 0xb4, 0xcf, 0xdf, 0xc2, 0x12, 0xe2,
++ 0xc2, 0x5b, 0x27, 0xee, 0x27, 0x78, 0x30, 0x8b, 0x5b, 0x2a, 0x09, 0x6b, 0x22,
++ 0x89, 0x53, 0x60, 0x16, 0x2c, 0xc0, 0x68, 0x1d, 0x53, 0xba, 0xec, 0x49, 0xf3,
++ 0x9d, 0x61, 0x8c, 0x85, 0x68, 0x09, 0x73, 0x44, 0x5d, 0x7d, 0xa2, 0x54, 0x2b,
++ 0xdd, 0x79, 0xf7, 0x15, 0xcf, 0x35, 0x5d, 0x6c, 0x1c, 0x2b, 0x5c, 0xce, 0xbc,
++ 0x9c, 0x23, 0x8b, 0x6f, 0x6e, 0xb5, 0x26, 0xd9, 0x36, 0x13, 0xc3, 0x4f, 0xd6,
++ 0x27, 0xae, 0xb9, 0x32, 0x3b, 0x41, 0x92, 0x2c, 0xe1, 0xc7, 0xcd, 0x77, 0xe8,
++ 0xaa, 0x54, 0x4e, 0xf7, 0x5c, 0x0b, 0x04, 0x87, 0x65, 0xb4, 0x43, 0x18, 0xa8,
++ 0xb2, 0xe0, 0x6d, 0x19, 0x77, 0xec, 0x5a, 0x24, 0xfa, 0x48, 0x03, 0x02, 0x03,
++ 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x43, 0x30, 0x82, 0x01, 0x3f, 0x30, 0x10,
++ 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x15, 0x01, 0x04, 0x03,
++ 0x02, 0x01, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04,
++ 0x14, 0xa9, 0x29, 0x02, 0x39, 0x8e, 0x16, 0xc4, 0x97, 0x78, 0xcd, 0x90, 0xf9,
++ 0x9e, 0x4f, 0x9a, 0xe1, 0x7c, 0x55, 0xaf, 0x53, 0x30, 0x19, 0x06, 0x09, 0x2b,
++ 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x14, 0x02, 0x04, 0x0c, 0x1e, 0x0a, 0x00,
++ 0x53, 0x00, 0x75, 0x00, 0x62, 0x00, 0x43, 0x00, 0x41, 0x30, 0x0b, 0x06, 0x03,
++ 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, 0x01, 0x86, 0x30, 0x0f, 0x06, 0x03,
++ 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff,
++ 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14,
++ 0xd5, 0xf6, 0x56, 0xcb, 0x8f, 0xe8, 0xa2, 0x5c, 0x62, 0x68, 0xd1, 0x3d, 0x94,
++ 0x90, 0x5b, 0xd7, 0xce, 0x9a, 0x18, 0xc4, 0x30, 0x56, 0x06, 0x03, 0x55, 0x1d,
++ 0x1f, 0x04, 0x4f, 0x30, 0x4d, 0x30, 0x4b, 0xa0, 0x49, 0xa0, 0x47, 0x86, 0x45,
++ 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x72, 0x6c, 0x2e, 0x6d, 0x69,
++ 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70,
++ 0x6b, 0x69, 0x2f, 0x63, 0x72, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x64, 0x75, 0x63,
++ 0x74, 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x52, 0x6f, 0x6f, 0x43, 0x65, 0x72, 0x41,
++ 0x75, 0x74, 0x5f, 0x32, 0x30, 0x31, 0x30, 0x2d, 0x30, 0x36, 0x2d, 0x32, 0x33,
++ 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x5a, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05,
++ 0x07, 0x01, 0x01, 0x04, 0x4e, 0x30, 0x4c, 0x30, 0x4a, 0x06, 0x08, 0x2b, 0x06,
++ 0x01, 0x05, 0x05, 0x07, 0x30, 0x02, 0x86, 0x3e, 0x68, 0x74, 0x74, 0x70, 0x3a,
++ 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f,
++ 0x66, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x63, 0x65,
++ 0x72, 0x74, 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x52, 0x6f, 0x6f, 0x43, 0x65, 0x72,
++ 0x41, 0x75, 0x74, 0x5f, 0x32, 0x30, 0x31, 0x30, 0x2d, 0x30, 0x36, 0x2d, 0x32,
++ 0x33, 0x2e, 0x63, 0x72, 0x74, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
++ 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x02, 0x01, 0x00, 0x14,
++ 0xfc, 0x7c, 0x71, 0x51, 0xa5, 0x79, 0xc2, 0x6e, 0xb2, 0xef, 0x39, 0x3e, 0xbc,
++ 0x3c, 0x52, 0x0f, 0x6e, 0x2b, 0x3f, 0x10, 0x13, 0x73, 0xfe, 0xa8, 0x68, 0xd0,
++ 0x48, 0xa6, 0x34, 0x4d, 0x8a, 0x96, 0x05, 0x26, 0xee, 0x31, 0x46, 0x90, 0x61,
++ 0x79, 0xd6, 0xff, 0x38, 0x2e, 0x45, 0x6b, 0xf4, 0xc0, 0xe5, 0x28, 0xb8, 0xda,
++ 0x1d, 0x8f, 0x8a, 0xdb, 0x09, 0xd7, 0x1a, 0xc7, 0x4c, 0x0a, 0x36, 0x66, 0x6a,
++ 0x8c, 0xec, 0x1b, 0xd7, 0x04, 0x90, 0xa8, 0x18, 0x17, 0xa4, 0x9b, 0xb9, 0xe2,
++ 0x40, 0x32, 0x36, 0x76, 0xc4, 0xc1, 0x5a, 0xc6, 0xbf, 0xe4, 0x04, 0xc0, 0xea,
++ 0x16, 0xd3, 0xac, 0xc3, 0x68, 0xef, 0x62, 0xac, 0xdd, 0x54, 0x6c, 0x50, 0x30,
++ 0x58, 0xa6, 0xeb, 0x7c, 0xfe, 0x94, 0xa7, 0x4e, 0x8e, 0xf4, 0xec, 0x7c, 0x86,
++ 0x73, 0x57, 0xc2, 0x52, 0x21, 0x73, 0x34, 0x5a, 0xf3, 0xa3, 0x8a, 0x56, 0xc8,
++ 0x04, 0xda, 0x07, 0x09, 0xed, 0xf8, 0x8b, 0xe3, 0xce, 0xf4, 0x7e, 0x8e, 0xae,
++ 0xf0, 0xf6, 0x0b, 0x8a, 0x08, 0xfb, 0x3f, 0xc9, 0x1d, 0x72, 0x7f, 0x53, 0xb8,
++ 0xeb, 0xbe, 0x63, 0xe0, 0xe3, 0x3d, 0x31, 0x65, 0xb0, 0x81, 0xe5, 0xf2, 0xac,
++ 0xcd, 0x16, 0xa4, 0x9f, 0x3d, 0xa8, 0xb1, 0x9b, 0xc2, 0x42, 0xd0, 0x90, 0x84,
++ 0x5f, 0x54, 0x1d, 0xff, 0x89, 0xea, 0xba, 0x1d, 0x47, 0x90, 0x6f, 0xb0, 0x73,
++ 0x4e, 0x41, 0x9f, 0x40, 0x9f, 0x5f, 0xe5, 0xa1, 0x2a, 0xb2, 0x11, 0x91, 0x73,
++ 0x8a, 0x21, 0x28, 0xf0, 0xce, 0xde, 0x73, 0x39, 0x5f, 0x3e, 0xab, 0x5c, 0x60,
++ 0xec, 0xdf, 0x03, 0x10, 0xa8, 0xd3, 0x09, 0xe9, 0xf4, 0xf6, 0x96, 0x85, 0xb6,
++ 0x7f, 0x51, 0x88, 0x66, 0x47, 0x19, 0x8d, 0xa2, 0xb0, 0x12, 0x3d, 0x81, 0x2a,
++ 0x68, 0x05, 0x77, 0xbb, 0x91, 0x4c, 0x62, 0x7b, 0xb6, 0xc1, 0x07, 0xc7, 0xba,
++ 0x7a, 0x87, 0x34, 0x03, 0x0e, 0x4b, 0x62, 0x7a, 0x99, 0xe9, 0xca, 0xfc, 0xce,
++ 0x4a, 0x37, 0xc9, 0x2d, 0xa4, 0x57, 0x7c, 0x1c, 0xfe, 0x3d, 0xdc, 0xb8, 0x0f,
++ 0x5a, 0xfa, 0xd6, 0xc4, 0xb3, 0x02, 0x85, 0x02, 0x3a, 0xea, 0xb3, 0xd9, 0x6e,
++ 0xe4, 0x69, 0x21, 0x37, 0xde, 0x81, 0xd1, 0xf6, 0x75, 0x19, 0x05, 0x67, 0xd3,
++ 0x93, 0x57, 0x5e, 0x29, 0x1b, 0x39, 0xc8, 0xee, 0x2d, 0xe1, 0xcd, 0xe4, 0x45,
++ 0x73, 0x5b, 0xd0, 0xd2, 0xce, 0x7a, 0xab, 0x16, 0x19, 0x82, 0x46, 0x58, 0xd0,
++ 0x5e, 0x9d, 0x81, 0xb3, 0x67, 0xaf, 0x6c, 0x35, 0xf2, 0xbc, 0xe5, 0x3f, 0x24,
++ 0xe2, 0x35, 0xa2, 0x0a, 0x75, 0x06, 0xf6, 0x18, 0x56, 0x99, 0xd4, 0x78, 0x2c,
++ 0xd1, 0x05, 0x1b, 0xeb, 0xd0, 0x88, 0x01, 0x9d, 0xaa, 0x10, 0xf1, 0x05, 0xdf,
++ 0xba, 0x7e, 0x2c, 0x63, 0xb7, 0x06, 0x9b, 0x23, 0x21, 0xc4, 0xf9, 0x78, 0x6c,
++ 0xe2, 0x58, 0x17, 0x06, 0x36, 0x2b, 0x91, 0x12, 0x03, 0xcc, 0xa4, 0xd9, 0xf2,
++ 0x2d, 0xba, 0xf9, 0x94, 0x9d, 0x40, 0xed, 0x18, 0x45, 0xf1, 0xce, 0x8a, 0x5c,
++ 0x6b, 0x3e, 0xab, 0x03, 0xd3, 0x70, 0x18, 0x2a, 0x0a, 0x6a, 0xe0, 0x5f, 0x47,
++ 0xd1, 0xd5, 0x63, 0x0a, 0x32, 0xf2, 0xaf, 0xd7, 0x36, 0x1f, 0x2a, 0x70, 0x5a,
++ 0xe5, 0x42, 0x59, 0x08, 0x71, 0x4b, 0x57, 0xba, 0x7e, 0x83, 0x81, 0xf0, 0x21,
++ 0x3c, 0xf4, 0x1c, 0xc1, 0xc5, 0xb9, 0x90, 0x93, 0x0e, 0x88, 0x45, 0x93, 0x86,
++ 0xe9, 0xb1, 0x20, 0x99, 0xbe, 0x98, 0xcb, 0xc5, 0x95, 0xa4, 0x5d, 0x62, 0xd6,
++ 0xa0, 0x63, 0x08, 0x20, 0xbd, 0x75, 0x10, 0x77, 0x7d, 0x3d, 0xf3, 0x45, 0xb9,
++ 0x9f, 0x97, 0x9f, 0xcb, 0x57, 0x80, 0x6f, 0x33, 0xa9, 0x04, 0xcf, 0x77, 0xa4,
++ 0x62, 0x1c, 0x59, 0x7e
++};
++
++//
++// Second DB entry: "Microsoft Corporation UEFI CA 2011"
++// SHA1: 46:de:f6:3b:5c:e6:1c:f8:ba:0d:e2:e6:63:9c:10:19:d0:ed:14:f3
++//
++// To verify the "shim" binary and PCI expansion ROMs with.
++//
++STATIC CONST UINT8 MicrosoftUefiCA[] = {
++ 0x30, 0x82, 0x06, 0x10, 0x30, 0x82, 0x03, 0xf8, 0xa0, 0x03, 0x02, 0x01, 0x02,
++ 0x02, 0x0a, 0x61, 0x08, 0xd3, 0xc4, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x30,
++ 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05,
++ 0x00, 0x30, 0x81, 0x91, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06,
++ 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08,
++ 0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31,
++ 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64,
++ 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a,
++ 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43,
++ 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x3b, 0x30,
++ 0x39, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x32, 0x4d, 0x69, 0x63, 0x72, 0x6f,
++ 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74,
++ 0x69, 0x6f, 0x6e, 0x20, 0x54, 0x68, 0x69, 0x72, 0x64, 0x20, 0x50, 0x61, 0x72,
++ 0x74, 0x79, 0x20, 0x4d, 0x61, 0x72, 0x6b, 0x65, 0x74, 0x70, 0x6c, 0x61, 0x63,
++ 0x65, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x31, 0x30,
++ 0x36, 0x32, 0x37, 0x32, 0x31, 0x32, 0x32, 0x34, 0x35, 0x5a, 0x17, 0x0d, 0x32,
++ 0x36, 0x30, 0x36, 0x32, 0x37, 0x32, 0x31, 0x33, 0x32, 0x34, 0x35, 0x5a, 0x30,
++ 0x81, 0x81, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
++ 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x0a,
++ 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30,
++ 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64, 0x6d, 0x6f,
++ 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x15,
++ 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72,
++ 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x2b, 0x30, 0x29, 0x06,
++ 0x03, 0x55, 0x04, 0x03, 0x13, 0x22, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f,
++ 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f,
++ 0x6e, 0x20, 0x55, 0x45, 0x46, 0x49, 0x20, 0x43, 0x41, 0x20, 0x32, 0x30, 0x31,
++ 0x31, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
++ 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30,
++ 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xa5, 0x08, 0x6c, 0x4c, 0xc7,
++ 0x45, 0x09, 0x6a, 0x4b, 0x0c, 0xa4, 0xc0, 0x87, 0x7f, 0x06, 0x75, 0x0c, 0x43,
++ 0x01, 0x54, 0x64, 0xe0, 0x16, 0x7f, 0x07, 0xed, 0x92, 0x7d, 0x0b, 0xb2, 0x73,
++ 0xbf, 0x0c, 0x0a, 0xc6, 0x4a, 0x45, 0x61, 0xa0, 0xc5, 0x16, 0x2d, 0x96, 0xd3,
++ 0xf5, 0x2b, 0xa0, 0xfb, 0x4d, 0x49, 0x9b, 0x41, 0x80, 0x90, 0x3c, 0xb9, 0x54,
++ 0xfd, 0xe6, 0xbc, 0xd1, 0x9d, 0xc4, 0xa4, 0x18, 0x8a, 0x7f, 0x41, 0x8a, 0x5c,
++ 0x59, 0x83, 0x68, 0x32, 0xbb, 0x8c, 0x47, 0xc9, 0xee, 0x71, 0xbc, 0x21, 0x4f,
++ 0x9a, 0x8a, 0x7c, 0xff, 0x44, 0x3f, 0x8d, 0x8f, 0x32, 0xb2, 0x26, 0x48, 0xae,
++ 0x75, 0xb5, 0xee, 0xc9, 0x4c, 0x1e, 0x4a, 0x19, 0x7e, 0xe4, 0x82, 0x9a, 0x1d,
++ 0x78, 0x77, 0x4d, 0x0c, 0xb0, 0xbd, 0xf6, 0x0f, 0xd3, 0x16, 0xd3, 0xbc, 0xfa,
++ 0x2b, 0xa5, 0x51, 0x38, 0x5d, 0xf5, 0xfb, 0xba, 0xdb, 0x78, 0x02, 0xdb, 0xff,
++ 0xec, 0x0a, 0x1b, 0x96, 0xd5, 0x83, 0xb8, 0x19, 0x13, 0xe9, 0xb6, 0xc0, 0x7b,
++ 0x40, 0x7b, 0xe1, 0x1f, 0x28, 0x27, 0xc9, 0xfa, 0xef, 0x56, 0x5e, 0x1c, 0xe6,
++ 0x7e, 0x94, 0x7e, 0xc0, 0xf0, 0x44, 0xb2, 0x79, 0x39, 0xe5, 0xda, 0xb2, 0x62,
++ 0x8b, 0x4d, 0xbf, 0x38, 0x70, 0xe2, 0x68, 0x24, 0x14, 0xc9, 0x33, 0xa4, 0x08,
++ 0x37, 0xd5, 0x58, 0x69, 0x5e, 0xd3, 0x7c, 0xed, 0xc1, 0x04, 0x53, 0x08, 0xe7,
++ 0x4e, 0xb0, 0x2a, 0x87, 0x63, 0x08, 0x61, 0x6f, 0x63, 0x15, 0x59, 0xea, 0xb2,
++ 0x2b, 0x79, 0xd7, 0x0c, 0x61, 0x67, 0x8a, 0x5b, 0xfd, 0x5e, 0xad, 0x87, 0x7f,
++ 0xba, 0x86, 0x67, 0x4f, 0x71, 0x58, 0x12, 0x22, 0x04, 0x22, 0x22, 0xce, 0x8b,
++ 0xef, 0x54, 0x71, 0x00, 0xce, 0x50, 0x35, 0x58, 0x76, 0x95, 0x08, 0xee, 0x6a,
++ 0xb1, 0xa2, 0x01, 0xd5, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x76,
++ 0x30, 0x82, 0x01, 0x72, 0x30, 0x12, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01,
++ 0x82, 0x37, 0x15, 0x01, 0x04, 0x05, 0x02, 0x03, 0x01, 0x00, 0x01, 0x30, 0x23,
++ 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x15, 0x02, 0x04, 0x16,
++ 0x04, 0x14, 0xf8, 0xc1, 0x6b, 0xb7, 0x7f, 0x77, 0x53, 0x4a, 0xf3, 0x25, 0x37,
++ 0x1d, 0x4e, 0xa1, 0x26, 0x7b, 0x0f, 0x20, 0x70, 0x80, 0x30, 0x1d, 0x06, 0x03,
++ 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x13, 0xad, 0xbf, 0x43, 0x09, 0xbd,
++ 0x82, 0x70, 0x9c, 0x8c, 0xd5, 0x4f, 0x31, 0x6e, 0xd5, 0x22, 0x98, 0x8a, 0x1b,
++ 0xd4, 0x30, 0x19, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x14,
++ 0x02, 0x04, 0x0c, 0x1e, 0x0a, 0x00, 0x53, 0x00, 0x75, 0x00, 0x62, 0x00, 0x43,
++ 0x00, 0x41, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02,
++ 0x01, 0x86, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04,
++ 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23,
++ 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x45, 0x66, 0x52, 0x43, 0xe1, 0x7e, 0x58,
++ 0x11, 0xbf, 0xd6, 0x4e, 0x9e, 0x23, 0x55, 0x08, 0x3b, 0x3a, 0x22, 0x6a, 0xa8,
++ 0x30, 0x5c, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x55, 0x30, 0x53, 0x30, 0x51,
++ 0xa0, 0x4f, 0xa0, 0x4d, 0x86, 0x4b, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f,
++ 0x63, 0x72, 0x6c, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74,
++ 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x63, 0x72, 0x6c, 0x2f,
++ 0x70, 0x72, 0x6f, 0x64, 0x75, 0x63, 0x74, 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x43,
++ 0x6f, 0x72, 0x54, 0x68, 0x69, 0x50, 0x61, 0x72, 0x4d, 0x61, 0x72, 0x52, 0x6f,
++ 0x6f, 0x5f, 0x32, 0x30, 0x31, 0x30, 0x2d, 0x31, 0x30, 0x2d, 0x30, 0x35, 0x2e,
++ 0x63, 0x72, 0x6c, 0x30, 0x60, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07,
++ 0x01, 0x01, 0x04, 0x54, 0x30, 0x52, 0x30, 0x50, 0x06, 0x08, 0x2b, 0x06, 0x01,
++ 0x05, 0x05, 0x07, 0x30, 0x02, 0x86, 0x44, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f,
++ 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66,
++ 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x63, 0x65, 0x72,
++ 0x74, 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x43, 0x6f, 0x72, 0x54, 0x68, 0x69, 0x50,
++ 0x61, 0x72, 0x4d, 0x61, 0x72, 0x52, 0x6f, 0x6f, 0x5f, 0x32, 0x30, 0x31, 0x30,
++ 0x2d, 0x31, 0x30, 0x2d, 0x30, 0x35, 0x2e, 0x63, 0x72, 0x74, 0x30, 0x0d, 0x06,
++ 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03,
++ 0x82, 0x02, 0x01, 0x00, 0x35, 0x08, 0x42, 0xff, 0x30, 0xcc, 0xce, 0xf7, 0x76,
++ 0x0c, 0xad, 0x10, 0x68, 0x58, 0x35, 0x29, 0x46, 0x32, 0x76, 0x27, 0x7c, 0xef,
++ 0x12, 0x41, 0x27, 0x42, 0x1b, 0x4a, 0xaa, 0x6d, 0x81, 0x38, 0x48, 0x59, 0x13,
++ 0x55, 0xf3, 0xe9, 0x58, 0x34, 0xa6, 0x16, 0x0b, 0x82, 0xaa, 0x5d, 0xad, 0x82,
++ 0xda, 0x80, 0x83, 0x41, 0x06, 0x8f, 0xb4, 0x1d, 0xf2, 0x03, 0xb9, 0xf3, 0x1a,
++ 0x5d, 0x1b, 0xf1, 0x50, 0x90, 0xf9, 0xb3, 0x55, 0x84, 0x42, 0x28, 0x1c, 0x20,
++ 0xbd, 0xb2, 0xae, 0x51, 0x14, 0xc5, 0xc0, 0xac, 0x97, 0x95, 0x21, 0x1c, 0x90,
++ 0xdb, 0x0f, 0xfc, 0x77, 0x9e, 0x95, 0x73, 0x91, 0x88, 0xca, 0xbd, 0xbd, 0x52,
++ 0xb9, 0x05, 0x50, 0x0d, 0xdf, 0x57, 0x9e, 0xa0, 0x61, 0xed, 0x0d, 0xe5, 0x6d,
++ 0x25, 0xd9, 0x40, 0x0f, 0x17, 0x40, 0xc8, 0xce, 0xa3, 0x4a, 0xc2, 0x4d, 0xaf,
++ 0x9a, 0x12, 0x1d, 0x08, 0x54, 0x8f, 0xbd, 0xc7, 0xbc, 0xb9, 0x2b, 0x3d, 0x49,
++ 0x2b, 0x1f, 0x32, 0xfc, 0x6a, 0x21, 0x69, 0x4f, 0x9b, 0xc8, 0x7e, 0x42, 0x34,
++ 0xfc, 0x36, 0x06, 0x17, 0x8b, 0x8f, 0x20, 0x40, 0xc0, 0xb3, 0x9a, 0x25, 0x75,
++ 0x27, 0xcd, 0xc9, 0x03, 0xa3, 0xf6, 0x5d, 0xd1, 0xe7, 0x36, 0x54, 0x7a, 0xb9,
++ 0x50, 0xb5, 0xd3, 0x12, 0xd1, 0x07, 0xbf, 0xbb, 0x74, 0xdf, 0xdc, 0x1e, 0x8f,
++ 0x80, 0xd5, 0xed, 0x18, 0xf4, 0x2f, 0x14, 0x16, 0x6b, 0x2f, 0xde, 0x66, 0x8c,
++ 0xb0, 0x23, 0xe5, 0xc7, 0x84, 0xd8, 0xed, 0xea, 0xc1, 0x33, 0x82, 0xad, 0x56,
++ 0x4b, 0x18, 0x2d, 0xf1, 0x68, 0x95, 0x07, 0xcd, 0xcf, 0xf0, 0x72, 0xf0, 0xae,
++ 0xbb, 0xdd, 0x86, 0x85, 0x98, 0x2c, 0x21, 0x4c, 0x33, 0x2b, 0xf0, 0x0f, 0x4a,
++ 0xf0, 0x68, 0x87, 0xb5, 0x92, 0x55, 0x32, 0x75, 0xa1, 0x6a, 0x82, 0x6a, 0x3c,
++ 0xa3, 0x25, 0x11, 0xa4, 0xed, 0xad, 0xd7, 0x04, 0xae, 0xcb, 0xd8, 0x40, 0x59,
++ 0xa0, 0x84, 0xd1, 0x95, 0x4c, 0x62, 0x91, 0x22, 0x1a, 0x74, 0x1d, 0x8c, 0x3d,
++ 0x47, 0x0e, 0x44, 0xa6, 0xe4, 0xb0, 0x9b, 0x34, 0x35, 0xb1, 0xfa, 0xb6, 0x53,
++ 0xa8, 0x2c, 0x81, 0xec, 0xa4, 0x05, 0x71, 0xc8, 0x9d, 0xb8, 0xba, 0xe8, 0x1b,
++ 0x44, 0x66, 0xe4, 0x47, 0x54, 0x0e, 0x8e, 0x56, 0x7f, 0xb3, 0x9f, 0x16, 0x98,
++ 0xb2, 0x86, 0xd0, 0x68, 0x3e, 0x90, 0x23, 0xb5, 0x2f, 0x5e, 0x8f, 0x50, 0x85,
++ 0x8d, 0xc6, 0x8d, 0x82, 0x5f, 0x41, 0xa1, 0xf4, 0x2e, 0x0d, 0xe0, 0x99, 0xd2,
++ 0x6c, 0x75, 0xe4, 0xb6, 0x69, 0xb5, 0x21, 0x86, 0xfa, 0x07, 0xd1, 0xf6, 0xe2,
++ 0x4d, 0xd1, 0xda, 0xad, 0x2c, 0x77, 0x53, 0x1e, 0x25, 0x32, 0x37, 0xc7, 0x6c,
++ 0x52, 0x72, 0x95, 0x86, 0xb0, 0xf1, 0x35, 0x61, 0x6a, 0x19, 0xf5, 0xb2, 0x3b,
++ 0x81, 0x50, 0x56, 0xa6, 0x32, 0x2d, 0xfe, 0xa2, 0x89, 0xf9, 0x42, 0x86, 0x27,
++ 0x18, 0x55, 0xa1, 0x82, 0xca, 0x5a, 0x9b, 0xf8, 0x30, 0x98, 0x54, 0x14, 0xa6,
++ 0x47, 0x96, 0x25, 0x2f, 0xc8, 0x26, 0xe4, 0x41, 0x94, 0x1a, 0x5c, 0x02, 0x3f,
++ 0xe5, 0x96, 0xe3, 0x85, 0x5b, 0x3c, 0x3e, 0x3f, 0xbb, 0x47, 0x16, 0x72, 0x55,
++ 0xe2, 0x25, 0x22, 0xb1, 0xd9, 0x7b, 0xe7, 0x03, 0x06, 0x2a, 0xa3, 0xf7, 0x1e,
++ 0x90, 0x46, 0xc3, 0x00, 0x0d, 0xd6, 0x19, 0x89, 0xe3, 0x0e, 0x35, 0x27, 0x62,
++ 0x03, 0x71, 0x15, 0xa6, 0xef, 0xd0, 0x27, 0xa0, 0xa0, 0x59, 0x37, 0x60, 0xf8,
++ 0x38, 0x94, 0xb8, 0xe0, 0x78, 0x70, 0xf8, 0xba, 0x4c, 0x86, 0x87, 0x94, 0xf6,
++ 0xe0, 0xae, 0x02, 0x45, 0xee, 0x65, 0xc2, 0xb6, 0xa3, 0x7e, 0x69, 0x16, 0x75,
++ 0x07, 0x92, 0x9b, 0xf5, 0xa6, 0xbc, 0x59, 0x83, 0x58
++};
++
++//
++// The most important thing about the variable payload is that it is a list of
++// lists, where the element size of any given *inner* list is constant.
++//
++// Since X509 certificates vary in size, each of our *inner* lists will contain
++// one element only (one X.509 certificate). This is explicitly mentioned in
++// the UEFI specification, in "28.4.1 Signature Database", in a Note.
++//
++// The list structure looks as follows:
++//
++// struct EFI_VARIABLE_AUTHENTICATION_2 { |
++// struct EFI_TIME { |
++// UINT16 Year; |
++// UINT8 Month; |
++// UINT8 Day; |
++// UINT8 Hour; |
++// UINT8 Minute; |
++// UINT8 Second; |
++// UINT8 Pad1; |
++// UINT32 Nanosecond; |
++// INT16 TimeZone; |
++// UINT8 Daylight; |
++// UINT8 Pad2; |
++// } TimeStamp; |
++// |
++// struct WIN_CERTIFICATE_UEFI_GUID { | |
++// struct WIN_CERTIFICATE { | |
++// UINT32 dwLength; ----------------------------------------+ |
++// UINT16 wRevision; | |
++// UINT16 wCertificateType; | |
++// } Hdr; | +- DataSize
++// | |
++// EFI_GUID CertType; | |
++// UINT8 CertData[1] = { <--- "struct hack" | |
++// struct EFI_SIGNATURE_LIST { | | |
++// EFI_GUID SignatureType; | | |
++// UINT32 SignatureListSize; -------------------------+ | |
++// UINT32 SignatureHeaderSize; | | |
++// UINT32 SignatureSize; ---------------------------+ | | |
++// UINT8 SignatureHeader[SignatureHeaderSize]; | | | |
++// v | | |
++// struct EFI_SIGNATURE_DATA { | | | |
++// EFI_GUID SignatureOwner; | | | |
++// UINT8 SignatureData[1] = { <--- "struct hack" | | | |
++// X.509 payload | | | |
++// } | | | |
++// } Signatures[]; | | |
++// } SigLists[]; | |
++// }; | |
++// } AuthInfo; | |
++// }; |
++//
++// Given that the "struct hack" invokes undefined behavior (which is why C99
++// introduced the flexible array member), and because subtracting those pesky
++// sizes of 1 is annoying, and because the format is fully specified in the
++// UEFI specification, we'll introduce two matching convenience structures that
++// are customized for our X.509 purposes.
++//
++#pragma pack(1)
++typedef struct {
++ EFI_TIME TimeStamp;
++
++ //
++ // dwLength covers data below
++ //
++ UINT32 dwLength;
++ UINT16 wRevision;
++ UINT16 wCertificateType;
++ EFI_GUID CertType;
++} SINGLE_HEADER;
++
++typedef struct {
++ //
++ // SignatureListSize covers data below
++ //
++ EFI_GUID SignatureType;
++ UINT32 SignatureListSize;
++ UINT32 SignatureHeaderSize; // constant 0
++ UINT32 SignatureSize;
++
++ //
++ // SignatureSize covers data below
++ //
++ EFI_GUID SignatureOwner;
++
++ //
++ // X.509 certificate follows
++ //
++} REPEATING_HEADER;
++#pragma pack()
++
++/**
++ Enroll a set of DER-formatted X.509 certificates in a global variable,
++ overwriting it.
++
++ The variable will be rewritten with NV+BS+RT+AT attributes.
++
++ @param[in] VariableName The name of the variable to overwrite.
++
++ @param[in] VendorGuid The namespace (ie. vendor GUID) of the variable to
++ overwrite.
++
++ @param[in] ... A list of
++
++ IN CONST UINT8 *Cert,
++ IN UINTN CertSize,
++ IN CONST EFI_GUID *OwnerGuid
++
++ triplets. If the first component of a triplet is
++ NULL, then the other two components are not
++ accessed, and processing is terminated. The list of
++ X.509 certificates is enrolled in the variable
++ specified, overwriting it. The OwnerGuid component
++ identifies the agent installing the certificate.
++
++ @retval EFI_INVALID_PARAMETER The triplet list is empty (ie. the first Cert
++ value is NULL), or one of the CertSize values
++ is 0, or one of the CertSize values would
++ overflow the accumulated UINT32 data size.
++
++ @retval EFI_OUT_OF_RESOURCES Out of memory while formatting variable
++ payload.
++
++ @retval EFI_SUCCESS Enrollment successful; the variable has been
++ overwritten (or created).
++
++ @return Error codes from gRT->GetTime() and
++ gRT->SetVariable().
++**/
++STATIC
++EFI_STATUS
++EFIAPI
++EnrollListOfX509Certs (
++ IN CHAR16 *VariableName,
++ IN EFI_GUID *VendorGuid,
++ ...
++ )
++{
++ UINTN DataSize;
++ SINGLE_HEADER *SingleHeader;
++ REPEATING_HEADER *RepeatingHeader;
++ VA_LIST Marker;
++ CONST UINT8 *Cert;
++ EFI_STATUS Status = EFI_SUCCESS;
++ UINT8 *Data;
++ UINT8 *Position;
++
++ //
++ // compute total size first, for UINT32 range check, and allocation
++ //
++ DataSize = sizeof *SingleHeader;
++ VA_START (Marker, VendorGuid);
++ for (Cert = VA_ARG (Marker, CONST UINT8 *);
++ Cert != NULL;
++ Cert = VA_ARG (Marker, CONST UINT8 *)) {
++ UINTN CertSize;
++
++ CertSize = VA_ARG (Marker, UINTN);
++ (VOID)VA_ARG (Marker, CONST EFI_GUID *);
++
++ if (CertSize == 0 ||
++ CertSize > MAX_UINT32 - sizeof *RepeatingHeader ||
++ DataSize > MAX_UINT32 - sizeof *RepeatingHeader - CertSize) {
++ Status = EFI_INVALID_PARAMETER;
++ break;
++ }
++ DataSize += sizeof *RepeatingHeader + CertSize;
++ }
++ VA_END (Marker);
++
++ if (DataSize == sizeof *SingleHeader) {
++ Status = EFI_INVALID_PARAMETER;
++ }
++ if (EFI_ERROR (Status)) {
++ goto Out;
++ }
++
++ Data = AllocatePool (DataSize);
++ if (Data == NULL) {
++ Status = EFI_OUT_OF_RESOURCES;
++ goto Out;
++ }
++
++ Position = Data;
++
++ SingleHeader = (SINGLE_HEADER *)Position;
++ Status = gRT->GetTime (&SingleHeader->TimeStamp, NULL);
++ if (EFI_ERROR (Status)) {
++ goto FreeData;
++ }
++ SingleHeader->TimeStamp.Pad1 = 0;
++ SingleHeader->TimeStamp.Nanosecond = 0;
++ SingleHeader->TimeStamp.TimeZone = 0;
++ SingleHeader->TimeStamp.Daylight = 0;
++ SingleHeader->TimeStamp.Pad2 = 0;
++#if 0
++ SingleHeader->dwLength = DataSize - sizeof SingleHeader->TimeStamp;
++#else
++ //
++ // This looks like a bug in edk2. According to the UEFI specification,
++ // dwLength is "The length of the entire certificate, including the length of
++ // the header, in bytes". That shouldn't stop right after CertType -- it
++ // should include everything below it.
++ //
++ SingleHeader->dwLength = sizeof *SingleHeader
++ - sizeof SingleHeader->TimeStamp;
++#endif
++ SingleHeader->wRevision = 0x0200;
++ SingleHeader->wCertificateType = WIN_CERT_TYPE_EFI_GUID;
++ CopyGuid (&SingleHeader->CertType, &gEfiCertPkcs7Guid);
++ Position += sizeof *SingleHeader;
++
++ VA_START (Marker, VendorGuid);
++ for (Cert = VA_ARG (Marker, CONST UINT8 *);
++ Cert != NULL;
++ Cert = VA_ARG (Marker, CONST UINT8 *)) {
++ UINTN CertSize;
++ CONST EFI_GUID *OwnerGuid;
++
++ CertSize = VA_ARG (Marker, UINTN);
++ OwnerGuid = VA_ARG (Marker, CONST EFI_GUID *);
++
++ RepeatingHeader = (REPEATING_HEADER *)Position;
++ CopyGuid (&RepeatingHeader->SignatureType, &gEfiCertX509Guid);
++ RepeatingHeader->SignatureListSize = sizeof *RepeatingHeader + CertSize;
++ RepeatingHeader->SignatureHeaderSize = 0;
++ RepeatingHeader->SignatureSize =
++ sizeof RepeatingHeader->SignatureOwner + CertSize;
++ CopyGuid (&RepeatingHeader->SignatureOwner, OwnerGuid);
++ Position += sizeof *RepeatingHeader;
++
++ CopyMem (Position, Cert, CertSize);
++ Position += CertSize;
++ }
++ VA_END (Marker);
++
++ ASSERT (Data + DataSize == Position);
++
++ Status = gRT->SetVariable (VariableName, VendorGuid,
++ (EFI_VARIABLE_NON_VOLATILE |
++ EFI_VARIABLE_BOOTSERVICE_ACCESS |
++ EFI_VARIABLE_RUNTIME_ACCESS |
++ EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS),
++ DataSize, Data);
++
++FreeData:
++ FreePool (Data);
++
++Out:
++ if (EFI_ERROR (Status)) {
++ AsciiPrint ("error: %a(\"%s\", %g): %r\n", __FUNCTION__, VariableName,
++ VendorGuid, Status);
++ }
++ return Status;
++}
++
++
++STATIC
++EFI_STATUS
++EFIAPI
++GetExact (
++ IN CHAR16 *VariableName,
++ IN EFI_GUID *VendorGuid,
++ OUT VOID *Data,
++ IN UINTN DataSize,
++ IN BOOLEAN AllowMissing
++ )
++{
++ UINTN Size;
++ EFI_STATUS Status;
++
++ Size = DataSize;
++ Status = gRT->GetVariable (VariableName, VendorGuid, NULL, &Size, Data);
++ if (EFI_ERROR (Status)) {
++ if (Status == EFI_NOT_FOUND && AllowMissing) {
++ ZeroMem (Data, DataSize);
++ return EFI_SUCCESS;
++ }
++
++ AsciiPrint ("error: GetVariable(\"%s\", %g): %r\n", VariableName,
++ VendorGuid, Status);
++ return Status;
++ }
++
++ if (Size != DataSize) {
++ AsciiPrint ("error: GetVariable(\"%s\", %g): expected size 0x%Lx, "
++ "got 0x%Lx\n", VariableName, VendorGuid, (UINT64)DataSize, (UINT64)Size);
++ return EFI_PROTOCOL_ERROR;
++ }
++
++ return EFI_SUCCESS;
++}
++
++typedef struct {
++ UINT8 SetupMode;
++ UINT8 SecureBoot;
++ UINT8 SecureBootEnable;
++ UINT8 CustomMode;
++ UINT8 VendorKeys;
++} SETTINGS;
++
++STATIC
++EFI_STATUS
++EFIAPI
++GetSettings (
++ OUT SETTINGS *Settings
++ )
++{
++ EFI_STATUS Status;
++
++ Status = GetExact (EFI_SETUP_MODE_NAME, &gEfiGlobalVariableGuid,
++ &Settings->SetupMode, sizeof Settings->SetupMode, FALSE);
++ if (EFI_ERROR (Status)) {
++ return Status;
++ }
++
++ Status = GetExact (EFI_SECURE_BOOT_MODE_NAME, &gEfiGlobalVariableGuid,
++ &Settings->SecureBoot, sizeof Settings->SecureBoot, FALSE);
++ if (EFI_ERROR (Status)) {
++ return Status;
++ }
++
++ Status = GetExact (EFI_SECURE_BOOT_ENABLE_NAME,
++ &gEfiSecureBootEnableDisableGuid, &Settings->SecureBootEnable,
++ sizeof Settings->SecureBootEnable, TRUE);
++ if (EFI_ERROR (Status)) {
++ return Status;
++ }
++
++ Status = GetExact (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid,
++ &Settings->CustomMode, sizeof Settings->CustomMode, FALSE);
++ if (EFI_ERROR (Status)) {
++ return Status;
++ }
++
++ Status = GetExact (EFI_VENDOR_KEYS_VARIABLE_NAME, &gEfiGlobalVariableGuid,
++ &Settings->VendorKeys, sizeof Settings->VendorKeys, FALSE);
++ return Status;
++}
++
++STATIC
++VOID
++EFIAPI
++PrintSettings (
++ IN CONST SETTINGS *Settings
++ )
++{
++ AsciiPrint ("info: SetupMode=%d SecureBoot=%d SecureBootEnable=%d "
++ "CustomMode=%d VendorKeys=%d\n", Settings->SetupMode, Settings->SecureBoot,
++ Settings->SecureBootEnable, Settings->CustomMode, Settings->VendorKeys);
++}
++
++
++INTN
++EFIAPI
++ShellAppMain (
++ IN UINTN Argc,
++ IN CHAR16 **Argv
++ )
++{
++ EFI_STATUS Status;
++ SETTINGS Settings;
++
++ Status = GetSettings (&Settings);
++ if (EFI_ERROR (Status)) {
++ return 1;
++ }
++ PrintSettings (&Settings);
++
++ if (Settings.SetupMode != 1) {
++ AsciiPrint ("error: already in User Mode\n");
++ return 1;
++ }
++
++ if (Settings.CustomMode != CUSTOM_SECURE_BOOT_MODE) {
++ Settings.CustomMode = CUSTOM_SECURE_BOOT_MODE;
++ Status = gRT->SetVariable (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid,
++ (EFI_VARIABLE_NON_VOLATILE |
++ EFI_VARIABLE_BOOTSERVICE_ACCESS),
++ sizeof Settings.CustomMode, &Settings.CustomMode);
++ if (EFI_ERROR (Status)) {
++ AsciiPrint ("error: SetVariable(\"%s\", %g): %r\n", EFI_CUSTOM_MODE_NAME,
++ &gEfiCustomModeEnableGuid, Status);
++ return 1;
++ }
++ }
++
++ Status = EnrollListOfX509Certs (
++ EFI_IMAGE_SECURITY_DATABASE,
++ &gEfiImageSecurityDatabaseGuid,
++ MicrosoftPCA, sizeof MicrosoftPCA, &gEfiCallerIdGuid,
++ MicrosoftUefiCA, sizeof MicrosoftUefiCA, &gEfiCallerIdGuid,
++ NULL);
++ if (EFI_ERROR (Status)) {
++ return 1;
++ }
++
++ Status = EnrollListOfX509Certs (
++ EFI_KEY_EXCHANGE_KEY_NAME,
++ &gEfiGlobalVariableGuid,
++ ExampleCert, sizeof ExampleCert, &gEfiCallerIdGuid,
++ MicrosoftKEK, sizeof MicrosoftKEK, &gEfiCallerIdGuid,
++ NULL);
++ if (EFI_ERROR (Status)) {
++ return 1;
++ }
++
++ Status = EnrollListOfX509Certs (
++ EFI_PLATFORM_KEY_NAME,
++ &gEfiGlobalVariableGuid,
++ ExampleCert, sizeof ExampleCert, &gEfiGlobalVariableGuid,
++ NULL);
++ if (EFI_ERROR (Status)) {
++ return 1;
++ }
++
++ Settings.CustomMode = STANDARD_SECURE_BOOT_MODE;
++ Status = gRT->SetVariable (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid,
++ EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS,
++ sizeof Settings.CustomMode, &Settings.CustomMode);
++ if (EFI_ERROR (Status)) {
++ AsciiPrint ("error: SetVariable(\"%s\", %g): %r\n", EFI_CUSTOM_MODE_NAME,
++ &gEfiCustomModeEnableGuid, Status);
++ return 1;
++ }
++
++ Status = GetSettings (&Settings);
++ if (EFI_ERROR (Status)) {
++ return 1;
++ }
++ PrintSettings (&Settings);
++
++ if (Settings.SetupMode != 0 || Settings.SecureBoot != 1 ||
++ Settings.SecureBootEnable != 1 || Settings.CustomMode != 0 ||
++ Settings.VendorKeys != 0) {
++ AsciiPrint ("error: unexpected\n");
++ return 1;
++ }
++
++ AsciiPrint ("info: success\n");
++ return 0;
++}
+diff --git a/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf
+new file mode 100644
+index 0000000..ac919bb
+--- /dev/null
++++ b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf
+@@ -0,0 +1,51 @@
++## @file
++# Enroll default PK, KEK, DB.
++#
++# Copyright (C) 2014, Red Hat, Inc.
++#
++# This program and the accompanying materials are licensed and made available
++# under the terms and conditions of the BSD License which accompanies this
++# distribution. The full text of the license may be found at
++# http://opensource.org/licenses/bsd-license.
++#
++# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
++# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR
++# IMPLIED.
++##
++
++[Defines]
++ INF_VERSION = 0x00010006
++ BASE_NAME = EnrollDefaultKeys
++ FILE_GUID = D5C1DF0B-1BAC-4EDF-BA48-08834009CA5A
++ MODULE_TYPE = UEFI_APPLICATION
++ VERSION_STRING = 0.1
++ ENTRY_POINT = ShellCEntryLib
++
++#
++# VALID_ARCHITECTURES = IA32 X64
++#
++
++[Sources]
++ EnrollDefaultKeys.c
++
++[Packages]
++ MdePkg/MdePkg.dec
++ MdeModulePkg/MdeModulePkg.dec
++ SecurityPkg/SecurityPkg.dec
++ ShellPkg/ShellPkg.dec
++
++[Guids]
++ gEfiCertPkcs7Guid
++ gEfiCertX509Guid
++ gEfiCustomModeEnableGuid
++ gEfiGlobalVariableGuid
++ gEfiImageSecurityDatabaseGuid
++ gEfiSecureBootEnableDisableGuid
++
++[LibraryClasses]
++ BaseMemoryLib
++ DebugLib
++ MemoryAllocationLib
++ ShellCEntryLib
++ UefiLib
++ UefiRuntimeServicesTableLib
+diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
+index fa9661c..e2e6ba3 100644
+--- a/OvmfPkg/OvmfPkgIa32.dsc
++++ b/OvmfPkg/OvmfPkgIa32.dsc
+@@ -764,6 +764,10 @@
+
+ !if $(SECURE_BOOT_ENABLE) == TRUE
+ SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
++ OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf {
++ <LibraryClasses>
++ ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf
++ }
+ !endif
+
+ OvmfPkg/PlatformDxe/Platform.inf
+diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
+index 667584a..a0ae1aa 100644
+--- a/OvmfPkg/OvmfPkgIa32X64.dsc
++++ b/OvmfPkg/OvmfPkgIa32X64.dsc
+@@ -773,6 +773,10 @@
+
+ !if $(SECURE_BOOT_ENABLE) == TRUE
+ SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
++ OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf {
++ <LibraryClasses>
++ ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf
++ }
+ !endif
+
+ OvmfPkg/PlatformDxe/Platform.inf
+diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
+index 5ae8469..87cee52 100644
+--- a/OvmfPkg/OvmfPkgX64.dsc
++++ b/OvmfPkg/OvmfPkgX64.dsc
+@@ -771,6 +771,10 @@
+
+ !if $(SECURE_BOOT_ENABLE) == TRUE
+ SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
++ OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf {
++ <LibraryClasses>
++ ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf
++ }
+ !endif
+
+ OvmfPkg/PlatformDxe/Platform.inf
diff --git a/meta/recipes-core/ovmf/ovmf/ovmf-shell-image.wks b/meta/recipes-core/ovmf/ovmf/ovmf-shell-image.wks
new file mode 100644
index 0000000..1d2f16b
--- /dev/null
+++ b/meta/recipes-core/ovmf/ovmf/ovmf-shell-image.wks
@@ -0,0 +1,4 @@
+# short-description: Create an EFI disk image with just the EFI system partition
+
+part / --source rootfs --ondisk sda --fstype=vfat --align 1024
+bootloader --ptable gpt --timeout=5
diff --git a/meta/recipes-core/ovmf/ovmf_git.bb b/meta/recipes-core/ovmf/ovmf_git.bb
index c4eedf0..ef61b16 100644
--- a/meta/recipes-core/ovmf/ovmf_git.bb
+++ b/meta/recipes-core/ovmf/ovmf_git.bb
@@ -12,6 +12,7 @@ SRC_URI = "git://github.com/tianocore/edk2.git;branch=master \
SRC_URI_append_class-target = " \
http://www.openssl.org/source/openssl-1.0.2j.tar.gz;name=openssl;subdir=${S}/CryptoPkg/Library/OpensslLib \
+ file://0007-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch \
"
SRCREV="4575a602ca6072ee9d04150b38bfb143cbff8588"
@@ -136,6 +137,9 @@ do_compile_class-target() {
( cd ${S}/CryptoPkg/Library/OpensslLib/ && ./Install.sh )
${S}/OvmfPkg/build.sh $PARALLEL_JOBS -a $OVMF_ARCH -b RELEASE -t ${FIXED_GCCVER} ${OVMF_SECURE_BOOT_FLAGS}
ln ${build_dir}/FV/OVMF.fd ${WORKDIR}/ovmf/OVMF.secboot.fd
+ for i in Shell.efi EnrollDefaultKeys.efi; do
+ ln ${build_dir}/${OVMF_ARCH}/$i ${WORKDIR}/ovmf/$i
+ done
}
do_install_class-native() {
@@ -147,8 +151,20 @@ do_install_class-target() {
# Traditional location.
install -d ${D}${datadir}/ovmf
install -m 0755 ${WORKDIR}/ovmf/OVMF.fd ${D}${datadir}/ovmf/bios.bin
+ # Content for UEFI shell iso. We install the EFI shell as
+ # bootx64/ia32.efi because then it can be started even when the
+ # firmware itself does not contain it.
+ install -d ${D}/efi/boot
+ install ${WORKDIR}/ovmf/Shell.efi ${D}/efi/boot/boot${@ "ia32" if "${TARGET_ARCH}" != "x86_64" else "x64"}.efi
+ install ${WORKDIR}/ovmf/EnrollDefaultKeys.efi ${D}
}
+PACKAGES =+ "ovmf-shell-efi"
+FILES_ovmf-shell-efi = " \
+ EnrollDefaultKeys.efi \
+ efi/ \
+"
+
inherit deploy
do_deploy() {
}
--
2.1.4
^ permalink raw reply related
page: next (older) | prev (newer) | latest
- recent:[subjects (threaded)|topics (new)|topics (active)]
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox