From: Jan Kiszka <jan.kiszka@siemens.com>
To: cip-dev@lists.cip-project.org
Cc: Quirin Gylstorff <quirin.gylstorff@siemens.com>,
Christian Storm <christian.storm@siemens.com>
Subject: [isar-cip-core][PATCH 10/12] u-boot-qemu-arm64: Add recipe for customized version based on 2022.04
Date: Wed, 4 May 2022 21:45:58 +0200 [thread overview]
Message-ID: <7b1860e3dbd4d5f2de5ec2b9a8acf6ed4fd3da31.1651693560.git.jan.kiszka@siemens.com> (raw)
In-Reply-To: <cover.1651693560.git.jan.kiszka@siemens.com>
From: Jan Kiszka <jan.kiszka@siemens.com>
This will be used for booting via UEFI, both in open and locked-down
secure mode. The secure mode variations can be selected by adding
"secureboot" to OVERRIDES.
One extra patch is needed to add support for long-living certificates.
It is pending upstream.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
---
...-rtc_mktime-and-mktime64-Y2038-ready.patch | 107 ++++++++++++++++++
recipes-bsp/u-boot/files/rules | 40 +++++++
recipes-bsp/u-boot/files/secure-boot.cfg | 6 +
.../u-boot/u-boot-qemu-arm64_2022.04.bb | 50 ++++++++
4 files changed, 203 insertions(+)
create mode 100644 recipes-bsp/u-boot/files/0001-lib-date-Make-rtc_mktime-and-mktime64-Y2038-ready.patch
create mode 100755 recipes-bsp/u-boot/files/rules
create mode 100644 recipes-bsp/u-boot/files/secure-boot.cfg
create mode 100644 recipes-bsp/u-boot/u-boot-qemu-arm64_2022.04.bb
diff --git a/recipes-bsp/u-boot/files/0001-lib-date-Make-rtc_mktime-and-mktime64-Y2038-ready.patch b/recipes-bsp/u-boot/files/0001-lib-date-Make-rtc_mktime-and-mktime64-Y2038-ready.patch
new file mode 100644
index 0000000..b2ff705
--- /dev/null
+++ b/recipes-bsp/u-boot/files/0001-lib-date-Make-rtc_mktime-and-mktime64-Y2038-ready.patch
@@ -0,0 +1,107 @@
+From 8b990a06685678abd8dbc8be86c27bf3e94e3694 Mon Sep 17 00:00:00 2001
+From: Jan Kiszka <jan.kiszka@siemens.com>
+Date: Sun, 24 Apr 2022 11:24:54 +0200
+Subject: [PATCH] lib/date: Make rtc_mktime and mktime64 Y2038-ready
+
+We currently overflow due to wrong types used internally in rtc_mktime,
+on all platforms, and we return a too small type on 32-bit.
+
+One consumer that directly benefits from this is mktime64. Many others
+may still store the result in a wrong type.
+
+While at it, drop the redundant cast of mon in rtc_mktime (obsoleted by
+714209832db1).
+
+Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
+---
+ include/linux/time.h | 3 ---
+ include/rtc.h | 8 +++++---
+ lib/date.c | 13 +++++--------
+ 3 files changed, 10 insertions(+), 14 deletions(-)
+
+diff --git a/include/linux/time.h b/include/linux/time.h
+index 702dd276aea..14ff5b6f481 100644
+--- a/include/linux/time.h
++++ b/include/linux/time.h
+@@ -152,9 +152,6 @@ _DEFUN (ctime_r, (tim_p, result),
+ return asctime_r (localtime_r (tim_p, &tm), result);
+ }
+
+-/* for compatibility with linux code */
+-typedef __s64 time64_t;
+-
+ #ifdef CONFIG_LIB_DATE
+ time64_t mktime64(const unsigned int year, const unsigned int mon,
+ const unsigned int day, const unsigned int hour,
+diff --git a/include/rtc.h b/include/rtc.h
+index 6c7fcadd488..10104e3bf5a 100644
+--- a/include/rtc.h
++++ b/include/rtc.h
+@@ -16,6 +16,8 @@
+ #include <bcd.h>
+ #include <rtc_def.h>
+
++typedef int64_t time64_t;
++
+ #ifdef CONFIG_DM_RTC
+
+ struct udevice;
+@@ -301,7 +303,7 @@ int rtc_calc_weekday(struct rtc_time *time);
+ void rtc_to_tm(u64 time_t, struct rtc_time *time);
+
+ /**
+- * rtc_mktime() - Convert a broken-out time into a time_t value
++ * rtc_mktime() - Convert a broken-out time into a time64_t value
+ *
+ * The following fields need to be valid for this function to work:
+ * tm_sec, tm_min, tm_hour, tm_mday, tm_mon, tm_year
+@@ -309,9 +311,9 @@ void rtc_to_tm(u64 time_t, struct rtc_time *time);
+ * Note that tm_wday and tm_yday are ignored.
+ *
+ * @time: Broken-out time to convert
+- * Return: corresponding time_t value, seconds since 1970-01-01 00:00:00
++ * Return: corresponding time64_t value, seconds since 1970-01-01 00:00:00
+ */
+-unsigned long rtc_mktime(const struct rtc_time *time);
++time64_t rtc_mktime(const struct rtc_time *time);
+
+ /**
+ * rtc_month_days() - The number of days in the month
+diff --git a/lib/date.c b/lib/date.c
+index c589d9ed3a2..e3d22459cd0 100644
+--- a/lib/date.c
++++ b/lib/date.c
+@@ -71,19 +71,16 @@ int rtc_calc_weekday(struct rtc_time *tm)
+ * -year / 100 + year / 400 terms, and add 10.]
+ *
+ * This algorithm was first published by Gauss (I think).
+- *
+- * WARNING: this function will overflow on 2106-02-07 06:28:16 on
+- * machines where long is 32-bit! (However, as time_t is signed, we
+- * will already get problems at other places on 2038-01-19 03:14:08)
+ */
+-unsigned long rtc_mktime(const struct rtc_time *tm)
++time64_t rtc_mktime(const struct rtc_time *tm)
+ {
+ int mon = tm->tm_mon;
+ int year = tm->tm_year;
+- int days, hours;
++ unsigned long days;
++ time64_t hours;
+
+ mon -= 2;
+- if (0 >= (int)mon) { /* 1..12 -> 11, 12, 1..10 */
++ if (0 >= mon) { /* 1..12 -> 11, 12, 1..10 */
+ mon += 12; /* Puts Feb last since it has leap day */
+ year -= 1;
+ }
+@@ -109,5 +106,5 @@ time64_t mktime64(const unsigned int year, const unsigned int mon,
+ time.tm_min = min;
+ time.tm_sec = sec;
+
+- return (time64_t)rtc_mktime((const struct rtc_time *)&time);
++ return rtc_mktime((const struct rtc_time *)&time);
+ }
+--
+2.34.1
+
diff --git a/recipes-bsp/u-boot/files/rules b/recipes-bsp/u-boot/files/rules
new file mode 100755
index 0000000..36e1e1b
--- /dev/null
+++ b/recipes-bsp/u-boot/files/rules
@@ -0,0 +1,40 @@
+#!/usr/bin/make -f
+#
+# Copyright (c) Siemens AG, 2018-2022
+#
+# SPDX-License-Identifier: MIT
+
+ifneq ($(DEB_BUILD_GNU_TYPE),$(DEB_HOST_GNU_TYPE))
+export CROSS_COMPILE=$(DEB_HOST_GNU_TYPE)-
+SET_CROSS_BUILD_TOOLS=CROSS_BUILD_TOOLS=y
+endif
+
+override_dh_auto_build:
+ if [ -e /usr/share/secure-boot-secrets/secure-boot.pem ]; then \
+ openssl x509 -in /usr/share/secure-boot-secrets/secure-boot.pem -out secure-boot.der -outform der; \
+ rm -f secure-boot.esl; \
+ efisiglist -a -c secure-boot.der -o secure-boot.esl; \
+ rm -f ubootefi.var; \
+ tools/efivar.py set -i ubootefi.var -n PK -d secure-boot.esl -t file; \
+ tools/efivar.py set -i ubootefi.var -n KEK -d secure-boot.esl -t file; \
+ tools/efivar.py set -i ubootefi.var -n db -d secure-boot.esl -t file; \
+ fi
+ $(MAKE) $(PARALLEL_MAKE) $(U_BOOT_CONFIG)
+ $(MAKE) $(PARALLEL_MAKE) ${U_BOOT_BIN}
+ $(MAKE) -n u-boot-initial-env >/dev/null 2>&1; if [ $$? -ne 2 ]; then \
+ $(MAKE) $(PARALLEL_MAKE) u-boot-initial-env; \
+ else \
+ ./scripts/get_default_envs.sh >u-boot-initial-env; \
+ fi
+ $(MAKE) $(PARALLEL_MAKE) $(SET_CROSS_BUILD_TOOLS) NO_SDL=1 tools-only envtools
+
+override_dh_auto_install:
+ mv tools/env/lib.a tools/env/libubootenv.a
+
+override_dh_auto_test:
+
+override_dh_strip:
+ dh_strip -X libubootenv.a
+
+%:
+ dh $@ --parallel
diff --git a/recipes-bsp/u-boot/files/secure-boot.cfg b/recipes-bsp/u-boot/files/secure-boot.cfg
new file mode 100644
index 0000000..a1b9931
--- /dev/null
+++ b/recipes-bsp/u-boot/files/secure-boot.cfg
@@ -0,0 +1,6 @@
+### Secure boot config
+CONFIG_BOOTDELAY=-2
+CONFIG_USE_BOOTCOMMAND=y
+CONFIG_BOOTCOMMAND="setenv scan_dev_for_boot 'if test -e ${devtype} ${devnum}:${distro_bootpart} efi/boot/bootaa64.efi; then load ${devtype} ${devnum}:${distro_bootpart} ${kernel_addr_r} efi/boot/bootaa64.efi; bootefi ${kernel_addr_r} ${fdtcontroladdr}; fi'; run distro_bootcmd; echo 'EFI Boot failed!'; sleep 1000; reset"
+CONFIG_EFI_VARIABLES_PRESEED=y
+CONFIG_EFI_SECURE_BOOT=y
diff --git a/recipes-bsp/u-boot/u-boot-qemu-arm64_2022.04.bb b/recipes-bsp/u-boot/u-boot-qemu-arm64_2022.04.bb
new file mode 100644
index 0000000..e462258
--- /dev/null
+++ b/recipes-bsp/u-boot/u-boot-qemu-arm64_2022.04.bb
@@ -0,0 +1,50 @@
+#
+# CIP Core, generic profile
+#
+# Copyright (c) Siemens AG, 2022
+#
+# Authors:
+# Jan Kiszka <jan.kiszka@siemens.com>
+#
+# SPDX-License-Identifier: MIT
+#
+
+require recipes-bsp/u-boot/u-boot-custom.inc
+
+SRC_URI += " \
+ https://ftp.denx.de/pub/u-boot/u-boot-${PV}.tar.bz2 \
+ file://0001-lib-date-Make-rtc_mktime-and-mktime64-Y2038-ready.patch \
+ file://rules"
+SRC_URI[sha256sum] = "68e065413926778e276ec3abd28bb32fa82abaa4a6898d570c1f48fbdb08bcd0"
+
+SRC_URI_append_secureboot = " \
+ file://secure-boot.cfg"
+
+S = "${WORKDIR}/u-boot-${PV}"
+
+DEBIAN_BUILD_DEPENDS += ", libssl-dev:native, libssl-dev:arm64"
+
+DEBIAN_BUILD_DEPENDS_append_secureboot = ", \
+ openssl, pesign, secure-boot-secrets, python3-openssl:native"
+DEPENDS_append_secureboot = " secure-boot-secrets"
+
+U_BOOT_CONFIG = "qemu_arm64_defconfig"
+U_BOOT_BIN = "u-boot.bin"
+
+do_prepare_build_append() {
+ cp ${WORKDIR}/rules ${S}/debian/rules
+}
+
+do_prepare_build_append_secureboot() {
+ sed -ni '/### Secure boot config/q;p' ${S}/configs/${U_BOOT_CONFIG}
+ cat ${WORKDIR}/secure-boot.cfg >> ${S}/configs/${U_BOOT_CONFIG}
+}
+
+do_deploy[dirs] = "${DEPLOY_DIR_IMAGE}"
+do_deploy() {
+ dpkg --fsys-tarfile "${WORKDIR}/u-boot-${MACHINE}_${PV}_${DISTRO_ARCH}.deb" | \
+ tar xOf - "./usr/lib/u-boot/${MACHINE}/${U_BOOT_BIN}" \
+ > "${DEPLOY_DIR_IMAGE}/firmware.bin"
+}
+
+addtask deploy after do_dpkg_build before do_deploy_deb
--
2.34.1
next prev parent reply other threads:[~2022-05-04 19:46 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-05-04 19:45 [isar-cip-core][PATCH 00/12] Fixes and improvements for SWUpdate images, kernel/config update Jan Kiszka
2022-05-04 19:45 ` [isar-cip-core][PATCH 01/12] initramfs-etc-overlay-hook: Improve error reporting of script Jan Kiszka
2022-05-04 19:45 ` [isar-cip-core][PATCH 02/12] initramfs-etc-overlay-hook: Install overlay module Jan Kiszka
2022-05-04 19:45 ` [isar-cip-core][PATCH 03/12] initramfs-abrootfs-hook: Remove obsolete patch Jan Kiszka
2022-05-04 19:45 ` [isar-cip-core][PATCH 04/12] Rework secure boot key handling and signing recipes Jan Kiszka
2022-05-04 19:45 ` [isar-cip-core][PATCH 05/12] linux-cip: Update cip-kernel-config for QEMU and ipc227e Jan Kiszka
2022-05-04 19:45 ` [isar-cip-core][PATCH 06/12] linux-cip: Update to 4.19.239-cip72 and 5.10.112-cip6 Jan Kiszka
2022-05-04 19:45 ` [isar-cip-core][PATCH 07/12] efibootguard: Update to 0.11 release Jan Kiszka
2022-05-04 19:45 ` [isar-cip-core][PATCH 08/12] efibootguard: Use new unified kernel image generation Jan Kiszka
2022-05-04 19:45 ` [isar-cip-core][PATCH 09/12] efibootguard: Add support for embedding DTBs into unified kernel images Jan Kiszka
2022-05-04 19:45 ` Jan Kiszka [this message]
2022-05-04 19:45 ` [isar-cip-core][PATCH 11/12] Enable SWUpdate with and w/o secure boot for QEMU arm64 Jan Kiszka
2022-05-04 19:46 ` [isar-cip-core][PATCH 12/12] start-qemu.sh: Add support for SWUpdate and secure boot mode to arm64 Jan Kiszka
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7b1860e3dbd4d5f2de5ec2b9a8acf6ed4fd3da31.1651693560.git.jan.kiszka@siemens.com \
--to=jan.kiszka@siemens.com \
--cc=christian.storm@siemens.com \
--cc=cip-dev@lists.cip-project.org \
--cc=quirin.gylstorff@siemens.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.