cip-dev.lists.cip-project.org archive mirror
 help / color / mirror / Atom feed
* [isar-cip-core][PATCH 0/3] Enable TPM-based encrypted data partition also for qemu-arm/arm64
@ 2023-03-23 13:43 Jan Kiszka
  2023-03-23 13:43 ` [isar-cip-core][PATCH 1/3] linux-cip: Bump cip-kernel-config revision Jan Kiszka
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: Jan Kiszka @ 2023-03-23 13:43 UTC (permalink / raw)
  To: cip-dev; +Cc: Quirin Gylstorff

Simple follow-up to the already existing enabling for x86, so I think we
can safely squeeze this after rc1 and before final 1.0.

Jan

Jan Kiszka (3):
  linux-cip: Bump cip-kernel-config revision
  kconfig: Allow to select encryption also for qemu-arm and qemu-arm64
  start-qemu: Add TPM support also for arm and arm64

 Kconfig                                   | 2 +-
 recipes-kernel/linux/linux-cip-common.inc | 2 +-
 start-qemu.sh                             | 8 +++++++-
 3 files changed, 9 insertions(+), 3 deletions(-)

-- 
2.35.3



^ permalink raw reply	[flat|nested] 4+ messages in thread

* [isar-cip-core][PATCH 1/3] linux-cip: Bump cip-kernel-config revision
  2023-03-23 13:43 [isar-cip-core][PATCH 0/3] Enable TPM-based encrypted data partition also for qemu-arm/arm64 Jan Kiszka
@ 2023-03-23 13:43 ` Jan Kiszka
  2023-03-23 13:43 ` [isar-cip-core][PATCH 2/3] kconfig: Allow to select encryption also for qemu-arm and qemu-arm64 Jan Kiszka
  2023-03-23 13:43 ` [isar-cip-core][PATCH 3/3] start-qemu: Add TPM support also for arm and arm64 Jan Kiszka
  2 siblings, 0 replies; 4+ messages in thread
From: Jan Kiszka @ 2023-03-23 13:43 UTC (permalink / raw)
  To: cip-dev; +Cc: Quirin Gylstorff

From: Jan Kiszka <jan.kiszka@siemens.com>

This brings TPM/encryption support for qemu-arm/arm64 and fixes mqueues
on some arm targets.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
---
 recipes-kernel/linux/linux-cip-common.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/recipes-kernel/linux/linux-cip-common.inc b/recipes-kernel/linux/linux-cip-common.inc
index 6dda973a..2d878a1d 100644
--- a/recipes-kernel/linux/linux-cip-common.inc
+++ b/recipes-kernel/linux/linux-cip-common.inc
@@ -23,6 +23,6 @@ SRC_URI:append = " ${@ "git://gitlab.com/cip-project/cip-kernel/cip-kernel-confi
     if d.getVar('USE_CIP_KERNEL_CONFIG') == '1' else '' \
     }"
 
-SRCREV_cip-kernel-config ?= "351538952cfa7c6336e83bf66ca4f3bbdc06f89b"
+SRCREV_cip-kernel-config ?= "0188d9a54615767c00b77116146409edfa35497c"
 
 S = "${WORKDIR}/linux-cip-${PV}"
-- 
2.35.3



^ permalink raw reply related	[flat|nested] 4+ messages in thread

* [isar-cip-core][PATCH 2/3] kconfig: Allow to select encryption also for qemu-arm and qemu-arm64
  2023-03-23 13:43 [isar-cip-core][PATCH 0/3] Enable TPM-based encrypted data partition also for qemu-arm/arm64 Jan Kiszka
  2023-03-23 13:43 ` [isar-cip-core][PATCH 1/3] linux-cip: Bump cip-kernel-config revision Jan Kiszka
@ 2023-03-23 13:43 ` Jan Kiszka
  2023-03-23 13:43 ` [isar-cip-core][PATCH 3/3] start-qemu: Add TPM support also for arm and arm64 Jan Kiszka
  2 siblings, 0 replies; 4+ messages in thread
From: Jan Kiszka @ 2023-03-23 13:43 UTC (permalink / raw)
  To: cip-dev; +Cc: Quirin Gylstorff

From: Jan Kiszka <jan.kiszka@siemens.com>

This is now possible with latest kernel configs.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
---
 Kconfig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Kconfig b/Kconfig
index e1e187f9..630cd78d 100644
--- a/Kconfig
+++ b/Kconfig
@@ -195,7 +195,7 @@ config KAS_INCLUDE_SWUPDATE_SECBOOT
 
 config IMAGE_DATA_ENCRYPTION
 	bool "Encrypt data partitions on first boot"
-	depends on TARGET_QEMU_AMD64
+	depends on TARGET_QEMU_AMD64 || TARGET_QEMU_ARM64 || TARGET_QEMU_ARM
 	select IMAGE_SECURE_BOOT
 	help
 	  This enables LUKS encryption for the partitions /var and /home.
-- 
2.35.3



^ permalink raw reply related	[flat|nested] 4+ messages in thread

* [isar-cip-core][PATCH 3/3] start-qemu: Add TPM support also for arm and arm64
  2023-03-23 13:43 [isar-cip-core][PATCH 0/3] Enable TPM-based encrypted data partition also for qemu-arm/arm64 Jan Kiszka
  2023-03-23 13:43 ` [isar-cip-core][PATCH 1/3] linux-cip: Bump cip-kernel-config revision Jan Kiszka
  2023-03-23 13:43 ` [isar-cip-core][PATCH 2/3] kconfig: Allow to select encryption also for qemu-arm and qemu-arm64 Jan Kiszka
@ 2023-03-23 13:43 ` Jan Kiszka
  2 siblings, 0 replies; 4+ messages in thread
From: Jan Kiszka @ 2023-03-23 13:43 UTC (permalink / raw)
  To: cip-dev; +Cc: Quirin Gylstorff

From: Jan Kiszka <jan.kiszka@siemens.com>

Just requires to use a different device model than on x86.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
---
 start-qemu.sh | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/start-qemu.sh b/start-qemu.sh
index 9dce0183..88104742 100755
--- a/start-qemu.sh
+++ b/start-qemu.sh
@@ -156,10 +156,16 @@ if [ "$TPM2_ENCRYPTION" = "true" ] && [ -x /usr/bin/swtpm ]; then
 	if swtpm socket -d --tpmstate dir="${SWTPM_DIR}" \
 			 --ctrl type=unixio,path=/tmp/qemu-swtpm.sock \
 			 --tpm2; then
+		TPM_DEVICE=tpm-tis-device
+		case "${arch}" in
+			x86|x86_64|amd64)
+				TPM_DEVICE=tpm-tis
+				;;
+		esac
 		QEMU_EXTRA_ARGS="${QEMU_EXTRA_ARGS} \
 			 -chardev socket,id=chrtpm,path=/tmp/qemu-swtpm.sock \
 			 -tpmdev emulator,id=tpm0,chardev=chrtpm \
-			 -device tpm-tis,tpmdev=tpm0"
+			 -device ${TPM_DEVICE},tpmdev=tpm0"
 	fi
 fi
 
-- 
2.35.3



^ permalink raw reply related	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2023-03-23 13:43 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-03-23 13:43 [isar-cip-core][PATCH 0/3] Enable TPM-based encrypted data partition also for qemu-arm/arm64 Jan Kiszka
2023-03-23 13:43 ` [isar-cip-core][PATCH 1/3] linux-cip: Bump cip-kernel-config revision Jan Kiszka
2023-03-23 13:43 ` [isar-cip-core][PATCH 2/3] kconfig: Allow to select encryption also for qemu-arm and qemu-arm64 Jan Kiszka
2023-03-23 13:43 ` [isar-cip-core][PATCH 3/3] start-qemu: Add TPM support also for arm and arm64 Jan Kiszka

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).