* [isar-cip-core][PATCH 0/3] Enable TPM-based encrypted data partition also for qemu-arm/arm64
@ 2023-03-23 13:43 Jan Kiszka
2023-03-23 13:43 ` [isar-cip-core][PATCH 1/3] linux-cip: Bump cip-kernel-config revision Jan Kiszka
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Jan Kiszka @ 2023-03-23 13:43 UTC (permalink / raw)
To: cip-dev; +Cc: Quirin Gylstorff
Simple follow-up to the already existing enabling for x86, so I think we
can safely squeeze this after rc1 and before final 1.0.
Jan
Jan Kiszka (3):
linux-cip: Bump cip-kernel-config revision
kconfig: Allow to select encryption also for qemu-arm and qemu-arm64
start-qemu: Add TPM support also for arm and arm64
Kconfig | 2 +-
recipes-kernel/linux/linux-cip-common.inc | 2 +-
start-qemu.sh | 8 +++++++-
3 files changed, 9 insertions(+), 3 deletions(-)
--
2.35.3
^ permalink raw reply [flat|nested] 4+ messages in thread
* [isar-cip-core][PATCH 1/3] linux-cip: Bump cip-kernel-config revision
2023-03-23 13:43 [isar-cip-core][PATCH 0/3] Enable TPM-based encrypted data partition also for qemu-arm/arm64 Jan Kiszka
@ 2023-03-23 13:43 ` Jan Kiszka
2023-03-23 13:43 ` [isar-cip-core][PATCH 2/3] kconfig: Allow to select encryption also for qemu-arm and qemu-arm64 Jan Kiszka
2023-03-23 13:43 ` [isar-cip-core][PATCH 3/3] start-qemu: Add TPM support also for arm and arm64 Jan Kiszka
2 siblings, 0 replies; 4+ messages in thread
From: Jan Kiszka @ 2023-03-23 13:43 UTC (permalink / raw)
To: cip-dev; +Cc: Quirin Gylstorff
From: Jan Kiszka <jan.kiszka@siemens.com>
This brings TPM/encryption support for qemu-arm/arm64 and fixes mqueues
on some arm targets.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
---
recipes-kernel/linux/linux-cip-common.inc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/recipes-kernel/linux/linux-cip-common.inc b/recipes-kernel/linux/linux-cip-common.inc
index 6dda973a..2d878a1d 100644
--- a/recipes-kernel/linux/linux-cip-common.inc
+++ b/recipes-kernel/linux/linux-cip-common.inc
@@ -23,6 +23,6 @@ SRC_URI:append = " ${@ "git://gitlab.com/cip-project/cip-kernel/cip-kernel-confi
if d.getVar('USE_CIP_KERNEL_CONFIG') == '1' else '' \
}"
-SRCREV_cip-kernel-config ?= "351538952cfa7c6336e83bf66ca4f3bbdc06f89b"
+SRCREV_cip-kernel-config ?= "0188d9a54615767c00b77116146409edfa35497c"
S = "${WORKDIR}/linux-cip-${PV}"
--
2.35.3
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [isar-cip-core][PATCH 2/3] kconfig: Allow to select encryption also for qemu-arm and qemu-arm64
2023-03-23 13:43 [isar-cip-core][PATCH 0/3] Enable TPM-based encrypted data partition also for qemu-arm/arm64 Jan Kiszka
2023-03-23 13:43 ` [isar-cip-core][PATCH 1/3] linux-cip: Bump cip-kernel-config revision Jan Kiszka
@ 2023-03-23 13:43 ` Jan Kiszka
2023-03-23 13:43 ` [isar-cip-core][PATCH 3/3] start-qemu: Add TPM support also for arm and arm64 Jan Kiszka
2 siblings, 0 replies; 4+ messages in thread
From: Jan Kiszka @ 2023-03-23 13:43 UTC (permalink / raw)
To: cip-dev; +Cc: Quirin Gylstorff
From: Jan Kiszka <jan.kiszka@siemens.com>
This is now possible with latest kernel configs.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
---
Kconfig | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Kconfig b/Kconfig
index e1e187f9..630cd78d 100644
--- a/Kconfig
+++ b/Kconfig
@@ -195,7 +195,7 @@ config KAS_INCLUDE_SWUPDATE_SECBOOT
config IMAGE_DATA_ENCRYPTION
bool "Encrypt data partitions on first boot"
- depends on TARGET_QEMU_AMD64
+ depends on TARGET_QEMU_AMD64 || TARGET_QEMU_ARM64 || TARGET_QEMU_ARM
select IMAGE_SECURE_BOOT
help
This enables LUKS encryption for the partitions /var and /home.
--
2.35.3
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [isar-cip-core][PATCH 3/3] start-qemu: Add TPM support also for arm and arm64
2023-03-23 13:43 [isar-cip-core][PATCH 0/3] Enable TPM-based encrypted data partition also for qemu-arm/arm64 Jan Kiszka
2023-03-23 13:43 ` [isar-cip-core][PATCH 1/3] linux-cip: Bump cip-kernel-config revision Jan Kiszka
2023-03-23 13:43 ` [isar-cip-core][PATCH 2/3] kconfig: Allow to select encryption also for qemu-arm and qemu-arm64 Jan Kiszka
@ 2023-03-23 13:43 ` Jan Kiszka
2 siblings, 0 replies; 4+ messages in thread
From: Jan Kiszka @ 2023-03-23 13:43 UTC (permalink / raw)
To: cip-dev; +Cc: Quirin Gylstorff
From: Jan Kiszka <jan.kiszka@siemens.com>
Just requires to use a different device model than on x86.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
---
start-qemu.sh | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/start-qemu.sh b/start-qemu.sh
index 9dce0183..88104742 100755
--- a/start-qemu.sh
+++ b/start-qemu.sh
@@ -156,10 +156,16 @@ if [ "$TPM2_ENCRYPTION" = "true" ] && [ -x /usr/bin/swtpm ]; then
if swtpm socket -d --tpmstate dir="${SWTPM_DIR}" \
--ctrl type=unixio,path=/tmp/qemu-swtpm.sock \
--tpm2; then
+ TPM_DEVICE=tpm-tis-device
+ case "${arch}" in
+ x86|x86_64|amd64)
+ TPM_DEVICE=tpm-tis
+ ;;
+ esac
QEMU_EXTRA_ARGS="${QEMU_EXTRA_ARGS} \
-chardev socket,id=chrtpm,path=/tmp/qemu-swtpm.sock \
-tpmdev emulator,id=tpm0,chardev=chrtpm \
- -device tpm-tis,tpmdev=tpm0"
+ -device ${TPM_DEVICE},tpmdev=tpm0"
fi
fi
--
2.35.3
^ permalink raw reply related [flat|nested] 4+ messages in thread
end of thread, other threads:[~2023-03-23 13:43 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-03-23 13:43 [isar-cip-core][PATCH 0/3] Enable TPM-based encrypted data partition also for qemu-arm/arm64 Jan Kiszka
2023-03-23 13:43 ` [isar-cip-core][PATCH 1/3] linux-cip: Bump cip-kernel-config revision Jan Kiszka
2023-03-23 13:43 ` [isar-cip-core][PATCH 2/3] kconfig: Allow to select encryption also for qemu-arm and qemu-arm64 Jan Kiszka
2023-03-23 13:43 ` [isar-cip-core][PATCH 3/3] start-qemu: Add TPM support also for arm and arm64 Jan Kiszka
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).