Mariano Lopez [Tue, 21 Feb 2017 18:20:35 +0000 (12:20 -0600)]
insane.bbclass: Add missing dependencies
package_qa task requires some tools installed in sysroot; with
the introduction of recipe specific sysroot this task won't
have such tools installed if it's forced to run.
Signed-off-by: Mariano Lopez <mariano.lopez@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Ming Liu [Sun, 26 Feb 2017 07:44:45 +0000 (08:44 +0100)]
generate-manifest-3.5.py: add logic to generate native manifest
python3-native supposes to RPROVIDE all native packages as added in
generate-manifest-3.5.py, but it does not so far, this leads a problem
that sometimes bitbake cant find a runtime provider for a python3-*-native
when a new runtime dependency on it being required, this usualy happens
after a new native python3-* recipe is created or the old native python3-*
recipes are upgraded.
To avoid manually extending RPROVIDE every time when a new runtime
dependency is introduced, an argument '-n/--native' is added to the
manifest generator, allowing it create a native python3 manifest, with a
RPROVIDE line only, the RPROVIDE should contain all the sub-packages.
The generated python-native-3.5-manifest.inc is also added which is
included by python3-native recipe.
Signed-off-by: Ming Liu <peter.x.liu@external.atlascopco.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Ming Liu [Sun, 26 Feb 2017 07:39:19 +0000 (08:39 +0100)]
generate-manifest-2.7.py: add logic to generate native manifest
python-native supposes to RPROVIDE all native packages as added in
generate-manifest-2.7.py, but it does not so far, this leads a problem
that sometimes bitbake cant find a runtime provider for a python-*-native
when a new runtime dependency on it being required, this usualy happens
after a new native python-* recipe is created or the old native python-*
recipes are upgraded.
To give a example, the following commit is trying to address such a issue:
commit 4583cd1bb15306e8f0ab7bcd80732e6f35aa4533:
[ python-native: Make python-native also RPROVIDE python-unittest-native ]
To avoid manually extending RPROVIDE every time when a new runtime
dependency is introduced, an argument '-n/--native' is added to the
manifest generator, allowing it create a native python manifest, with a
RPROVIDE line only, the RPROVIDE should contain all the sub-packages.
The generated python-native-2.7-manifest.inc is also added which is
included by python-native recipe.
Signed-off-by: Ming Liu <peter.x.liu@external.atlascopco.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Humberto Ibarra [Mon, 27 Feb 2017 16:49:09 +0000 (10:49 -0600)]
oelib/buildhistory.py: Add unittest for buildhistory_analysis
The buildhistory_analysis module (in which buildhistory-diff is
based) was lacking unittest for its functions. Created selftest
module for this and a few testcases to cover basic cases.
[YOCTO #10727]
Signed-off-by: Humberto Ibarra <humberto.ibarra.lopez@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Mariano Lopez [Mon, 27 Feb 2017 07:45:01 +0000 (07:45 +0000)]
oeqa/core/loader.py: Avoid importing tests with built-ins name
If importing a test with the same name as a built-in module,
it will silently import the built-in and check for tests in
built-in module. This happened with syslog module in debian
based machines, so add a raise to avoid this behavior.
[YOCTO #10978]
Signed-off-by: Mariano Lopez <mariano.lopez@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Mariano Lopez [Tue, 21 Feb 2017 14:33:08 +0000 (14:33 +0000)]
selftest: Optimize get_bb_var use
get_bb_var calls bitbake every time it is used and every call
would take about 7 seconds. There are tests that calls get_bb_var
several times when they can use get_bb_vars. Also there are tests
that calls it to fetch the same variable over and over again.
This will optimize the use of get_bb_var and get_bb_vars for a
little speed up in the tests.
[YOCTO #11037]
Signed-off-by: Mariano Lopez <mariano.lopez@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Maxin B. John [Fri, 24 Feb 2017 16:07:08 +0000 (18:07 +0200)]
gstreamer: update to 1.10.4
bug-fix release:
*) Various fixes for crashes, assertions, deadlocks and memory leaks on
fuzzed input files and in other situations (CVE-2017-5847, CVE-2017-5848)
*) gst-libav was updated to ffmpeg 3.2.4, fixing a couple of CVEs
Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Pavel Modilaynen [Fri, 24 Feb 2017 10:22:20 +0000 (11:22 +0100)]
buildstats.bbclass: Avoid index exception in /proc/PID/io parsing
There is some probability (depends on system load) to get empty
or line containing "0" as the last line while reading /proc/PID/io.
Avoid build failure by checking if line contains separator
":" before split.
Signed-off-by: Pavel Modilaynen <pavelmn@axis.com> Signed-off-by: Daniel Lublin <daniel@lublin.se> Signed-off-by: Ross Burton <ross.burton@intel.com>
Remove a reference to WebKit/LICENSE, as the directory is not there anymore
(and the LICENSE file in it hasn't been moved somewhere else) - it was
a relic of webkit 1.x era.
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Rebase monitor-option.patch and no-msgfmt-check.patch
Add support for python 3 probes
(this necessitates the 0001-Do-not-let-configure-write-a-python-location-into-th.patch
and the Add 0001-Install-python-modules-to-correct-library-dir.patch to
install python modules to correct destination).
Add perl to RDEPENDS to fix a QA warning about one of the installed files.
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
fcntl-fix-the-time-def-to-use-time_t.patch to
0039-fcntl-fix-the-time-def-to-use-time_t.patch
7. The new version of ltp add the checking for ksh and csh, we doesn't support
ksh and csh in oe-core, so remove the checking files when the system executes
do_install function.
Signed-off-by: Dengke Du <dengke.du@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Nathan Rossi [Wed, 22 Feb 2017 05:58:57 +0000 (15:58 +1000)]
glib-2.0/glib.inc: If 'charset.alias' exists drop it
Delete the 'charset.alias' file during the do_install task if it exists.
This file is not shipped in any packages and on the targets that it is
generated (musl and mingw32) it is undesired.
Signed-off-by: Nathan Rossi <nathan@nathanrossi.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Nathan Rossi [Wed, 22 Feb 2017 05:58:57 +0000 (15:58 +1000)]
glib-2.0/glib.inc: Only apply MLPREFIX renaming to class-target
When renaming the 'gio-querymodules' binary to prefix with the current
MLPREFIX, only do this for target packages where the MLPREFIX makes
sense. This skips renaming for nativesdk targets which have MLPREFIX set
to 'nativesdk-'.
Signed-off-by: Nathan Rossi <nathan@nathanrossi.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Markus Lehtonen [Wed, 22 Feb 2017 15:26:50 +0000 (17:26 +0200)]
license.bbclass: run chown only under pseudo
The copy_license_files() function in license.bbclass is called in two
different contexts. First, it is run as part of the do_populate_lic
task. In addition, it is called from do_package task when
LICENSE_CREATE_PACKAGE is enabled. The function has code that changes
the owner of license files to root which is meant only to happend in the
latter case - i.e. under do_package which is run under pseudo.
Previously, the code was blindly always running chown and just ignored
errors that happened when running from do_populate_lic. This patch
changes it to be more intelligent, only doing chown when running under
pseudo.
[YOCTO #10897]
Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Drop backported 0002-boost-test-execution_monitor.hpp-fix-mips-soft-float.patch
Rebase consider-hardfp.patch to 0001-When-using-soft-float-on-ARM-we-should-not-expect-th.patch
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Zhixiong Chi [Wed, 22 Feb 2017 07:14:42 +0000 (15:14 +0800)]
unzip: CVE-2014-9913 CVE-2016-9844
Backport the patches for CVE-2014-9913 CVE-2016-9844
CVE-2016-9844:
Buffer overflow in the zi_short function in zipinfo.c in Info-Zip
UnZip 6.0 allows remote attackers to cause a denial of service
(crash) via a large compression method value in the central
directory file header.
CVE-2014-9913:
Buffer overflow in the list_files function in list.c in Info-Zip
UnZip 6.0 allows remote attackers to cause a denial of service
(crash) via vectors related to the compression method.
Patches come from:
https://github.com/NixOS/nixpkgs/blob/master/pkgs/tools/archivers/unzip/ or
https://release.debian.org/proposed-updates/stable_diffs/unzip_6.0-16+deb8u3.debdiff
Mike Looijmans [Wed, 22 Feb 2017 14:32:09 +0000 (15:32 +0100)]
initscripts/sysfs.sh: mount configfs if present
configfs is another kernel virtual file system that should be mounted
if configured, so if it's configured into the kernel, mount it. It is
used to configure e.g. USB gadget mode and devicetree overlays.
Signed-off-by: Mike Looijmans <mike.looijmans@topic.nl> Signed-off-by: Ross Burton <ross.burton@intel.com>
Andre McCurdy [Wed, 22 Feb 2017 10:21:42 +0000 (02:21 -0800)]
bitbake.conf: fix ineffective include conf/target/${TARGET_SYS}.conf
TARGET_SYS is defined in terms of TARGET_ARCH, so it's not valid
until after TUNE_ARCH has been set by the machine config. The
original order of includes resulted in an attempt to include
non-existent files such as:
conf/target/INVALID-oe-linux.conf
Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Mariano Lopez [Tue, 21 Feb 2017 14:33:07 +0000 (14:33 +0000)]
selftest: Avoid sstate corruption by calling cleansstate
Currently selftest doesn't use sstates because some tests
clean sstate cache; using sstates would give a performance
boost instead of building everything from scratch.
With this sstates are not corrupted using different methods
depending on tests:
devtool: These tests needed to delete the cache so SSTATE_DIR
as SSTATE_MIRRORS and set a temporal SSTATE_DIR.
sstatetests: This module already used a temporal SSTATE_DIR, so
just set up the SSTATE_MIRRORS.
Rest: Removed cleansstate, some of them required to force a
certain task, others were just removed or changed for another
task.
[YOCTO #10929]
Signed-off-by: Mariano Lopez <mariano.lopez@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Markus Lehtonen [Thu, 23 Feb 2017 10:24:18 +0000 (12:24 +0200)]
rpm: support customizing gpg command line
Add a new %_gpg_sign_cmd_extra_args macro that allows customizing the
gpg options used when signing rpm packages. This is needed to be able to
sign packages with gpg 2.1 which requires "--pinentry-mode loopback" to
allow non-interactive signing.
[YOCTO #11054]
Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Chen Qi [Wed, 22 Feb 2017 03:13:44 +0000 (11:13 +0800)]
sudo: upgrade to 1.8.19p2
The license checksum for doc/LICENSE is changed. It's a small change.
'2015' is changed to '2017'. Nothing else is changed. So the licenses
remain the same.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Aníbal Limón [Tue, 21 Feb 2017 18:34:52 +0000 (12:34 -0600)]
dpkg: Upgrade to 1.18.10
Add a patch to don't use --clamp-time when call tar because
isn't supported in tar hosts versions. See
0007-dpkg-deb-build.c-Remove-usage-of-clamp-mtime-in-tar.patch
patch for details.
Multiple people have expressed issues with flex-2.6.2; personally I had
problems compiling libsepol from meta-selinux (for libselinux). I tried
upgrading to flex-2.6.3, but that caused binutils-cross_2.27 to fail.
The simplest for now is to downgrade to flex-2.6.0.
Signed-off-by: Ross Burton <ross.burton@intel.com>
It is generated by kernel's "make clean _mrproper_scripts", the
kernel-devsrc includeds full sources, this symlink is not needed, and
the path is invalid on target, so remove it.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Aníbal Limón [Thu, 16 Feb 2017 16:45:32 +0000 (10:45 -0600)]
classes/license.bbclass: Don't copy unneeded licenses by package
Usually a recipe only provides one package but when provides more
than one package the LICENSE variable per package (i.e. linux-firmware)
needs to take into account to avoid unnecesary copy of licenses into
packages.
The patch validates if LICENSE exists in package LICENSES in order to
don't copy unneeded licenses.
As result of this patch some packages will not contain licenses there
are not into LICENSE variable.
For example:
acl contains GPLv2+ instead of GPLv2+ and LGPLv2.1+
libacl contains LGPLv2+ instead of GPLv2+ and LGPLv2.1+
This behaviour is declared on the acl recipe as:
SUMMARY = "Utilities for managing POSIX Access Control Lists"
HOMEPAGE = "http://savannah.nongnu.org/projects/acl/"
SECTION = "libs"
Aníbal Limón [Thu, 16 Feb 2017 16:45:31 +0000 (10:45 -0600)]
license.bbclass: Don't copy again LICENSE already handled as no-generic
The NO_GENERIC_LICENSE mapping was added [1] to enable copy LICENSES
from upstream source code into recipe licenses, previously that only
common-licenses was processed.
This result on copy twice the NO_GENERIC_LICENSE specified because there
is a mapping between license in LIC_CHKSUM and NO_GENERIC_LICENSE.
In order to avoid double copy one as generic_ and other as LICENSE. keep
track of licenses already copied.
For linux-firmware the result will be only generic_ licenses into
common-licenses.
It isn't clear that the README_-_DO_NOT_DELETE_FILES_IN_THIS_DIRECTORY.txt
file in the deploy directory warrants the complexity it brings elsewhere.
Let's just remove it entirely.
In particular, if two do_image_complete tasks run in parallel they risk
both trying to put their image into ${DEPLOY_DIR_IMAGE} at the same time.
Both will contain a README_-_DO_NOT_DELETE_FILES_IN_THIS_DIRECTORY.txt
file. In theory this should be safe because "cp -alf" will just cause one
to overwrite the other. Unfortunately, coreutils cp also has a race[1]
which means that if one copy creates the file at just the wrong point the
other will fail with:
cp: cannot create hard link ‘..../tmp-glibc/deploy/images/pantera/README_-_DO_NOT_DELETE_FILES_IN_THIS_D.txt’ to
+‘..../tmp-glibc/work/rage_against-oe-linux-gnueabi/my-own-image/1.0-r0/deploy-my-own-image-complete/README_-_DO_NOT_DELETE_FILES_IN_THIS_DIRECTORY.txt’: File exists
Patrick Ohly [Thu, 23 Feb 2017 17:38:55 +0000 (18:38 +0100)]
ovmf: increase path length limit
The VfrCompile tool has a hard-coded maximum length for path names
which turned out to be too small by around 20 characters in the
Yocto autobuilder setup. Increasing the maximum by a factor of 4
is relatively easy and makes the problem less likely.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Patrick Ohly [Wed, 21 Dec 2016 08:18:05 +0000 (09:18 +0100)]
ovmf: build image which enrolls standard keys
When booting a qemu virtual machine with ovmf.secboot, it comes up
with no keys installed and thus Secure Boot disabled. To lock down
the machine like a typical PC, one has to enroll the same keys
that PC vendors normally install, i.e. the ones from Microsoft.
This can be done manually (see
https://wiki.ubuntu.com/SecurityTeam/SecureBoot and
https://github.com/tianocore-docs/Docs/raw/master/White_Papers/A_Tour_Beyond_BIOS_into_UEFI_Secure_Boot_White_Paper.pdf) or automatically with the EnrollDefaultKeys.efi helper
from the Fedora ovmf rpm.
To use this with qemu:
$ bitbake ovmf-shell-image
...
$ runqemu serial nographic qemux86 ovmf-shell-image wic ovmf.secboot
...
UEFI Interactive Shell v2.1
EDK II
UEFI v2.60 (EDK II, 0x00010000)
Mapping table
FS0: Alias(s):HD2b:;BLK4:
PciRoot(0x0)/Pci(0x5,0x0)/HD(1,GPT,06AEF759-3982-4AF6-B517-70BA6304FC1C,0x800,0x566C)
BLK0: Alias(s):
PciRoot(0x0)/Pci(0x1,0x0)/Floppy(0x0)
BLK1: Alias(s):
PciRoot(0x0)/Pci(0x1,0x0)/Floppy(0x1)
BLK2: Alias(s):
PciRoot(0x0)/Pci(0x1,0x1)/Ata(0x0)
BLK3: Alias(s):
PciRoot(0x0)/Pci(0x5,0x0)
Press ESC in 1 seconds to skip startup.nsh or any other key to continue.
Shell> fs0:EnrollDefaultKeys.efi
info: SetupMode=1 SecureBoot=0 SecureBootEnable=0 CustomMode=0 VendorKeys=1
info: SetupMode=0 SecureBoot=1 SecureBootEnable=1 CustomMode=0 VendorKeys=0
info: success
Shell> reset
Remember that this will modify
deploy/images/qemux86/ovmf.secboot.qcow2, so make a copy and use the
full path of that copy instead of the "ovmf" argument if needed.
The ovmf-shell-image contains an EFI shell, which is what got started
here directly. After enrolling the keys, Secure Boot is active and the
same image cannot be booted anymore, so the BIOS goes through the
normal boot targets (including network boot, which can take a while to
time out), and ends up in the internal EFI shell. Trying to invoke
bootia32.efi (the shell from the image) or EnrollDefaultKeys.efi then
fails:
Shell> bootia32.efi
Command Error Status: Security Violation
The main purpose at the moment is to test that Secure Boot enforcement
really works. If we had a way to sign generated images, that part could
also be tested by booting in a locked down qemu instance.
0007-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch is
from
https://src.fedoraproject.org/cgit/rpms/edk2.git/tree/0007-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch?id=b1781931894bf2057464e634beed68b1e3218c9e
with one line changed to fix
https://bugzilla.redhat.com/show_bug.cgi?id=132502:
"EFI_STATUS Status = EFI_SUCCESS;" in EnrollListOfX509Certs() lacked
the initializer.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Patrick Ohly [Fri, 16 Dec 2016 14:18:12 +0000 (15:18 +0100)]
runqemu: support UEFI with OVMF firmware
In the simplest case, "runqemu qemux86 <some-image> qcow2 ovmf" for an
EFI-enabled image in the qcow2 format will locate the ovmf.qcow2
firmware file deployed by the ovmf recipe in the image deploy
directory, override the graphics hardware with "-vga std" because that
is all that OVMF supports, and boot with UEFI enabled.
ovmf is not built by default. Either do it explicitly ("bitbake ovmf")
or make it a part of the normal build
("MACHINE_ESSENTIAL_EXTRA_RDEPENDS_append = ' ovmf'").
The firmware file is activated as a flash drive instead of using the
qemu BIOS parameters, because that is the recommended method
(https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=764918#47) as it
allows storing UEFI variables in the file.
Instead of just "ovmf", a full path to an existing file can also be
used, just as with the rootfs. That may be useful when making a
permanent copy of the virtual machine data files.
It is possible to specify "ovmf*" parameters more than once, then
each parameter creates a separate flash drive. This way it is possible
to use separate flash drives for firmware code and variables:
$ runqemu qemux86 <some-image> qcow2 ovmf.code ovmf.vars"
Note that rebuilding ovmf will overwrite the ovmf.vars.qcow2 file in
the image deploy directory. So when the goal is to update the firmware
while keeping variables, make a copy of the variable file and use
that:
$ mkdir my-machine
$ cp tmp/deploy/images/qemux86/ovmf.vars.qcow2 my-machine/
$ runqemu qemux86 <some-image> qcow2 ovmf.code my-machine/ovmf.vars.qcow2
When Secure Boot was enabled in ovmf, one can pick that instead of
the non-Secure-Boot enabled ovmf.code:
$ runqemu qemux86 <some-image> qcow2 ovmf.secboot.code my-machine/ovmf.vars.qcow2
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Patrick Ohly [Tue, 10 Jan 2017 11:11:21 +0000 (12:11 +0100)]
runqemu: also accept -image suffix for rootfs parameter
The magic detection of the rootfs parameter only worked for image
recipes which embedd the "image" string in the middle, as in
"core-image-minimal".
Sometimes it is more natural to call an image "something-image". To
get such an image detected by runqemu, "-image" at the end of a
parameter must also cause that parameter to be treated as the rootfs
parameter.
Inside the image directory, "something-image" has an -<arch> suffix
and thus no change is needed for those usages of
re.search('-image-'). However, while at it also enhance those string
searches a bit (no need for re; any()+map() a bit closer to the
intended logic).
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Patrick Ohly [Tue, 20 Dec 2016 07:47:21 +0000 (08:47 +0100)]
ovmf_git.bb: enable Secure Boot
When enabled via PACCKAGECONFIG = "secureboot" (off by default because
of the extra work and license change), the recipe compiles OVMF twice,
once without Secure Boot, once with. This is the same approach as in
https://src.fedoraproject.org/cgit/rpms/edk2.git/tree/edk2.spec
The results are "ovmf.qcow2" and "ovmf.secboot.qcow2" in the
image deploy directory, so
runqemu <machine> <image> ovmf.secboot
will boot with Secure Boot enabled.
ovmf.secboot.code.qcow2 is provided for those who want separate code
and variable flash drives. The normal ovmf.vars.qcow2 can be used with
it.
In contrast to Fedora, no attempt is made to strip potentially patent
encumbered algorithms out of the OpenSSL archive. OVMF does not use
the ones considered problematic for Fedora, so this shouldn't be a
problem.
Fixes: luv-yocto/#38 Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Patrick Ohly [Mon, 19 Dec 2016 16:02:43 +0000 (17:02 +0100)]
ovmf_git.bb: enable parallel compilation
The Fedora srpm [1] seems to have no problems with parallel
compilation, so let's also use that for the target. The native
tools however indeed have dependency problems:
Patrick Ohly [Fri, 16 Dec 2016 14:07:29 +0000 (15:07 +0100)]
ovmf: deploy firmware in image directory
When used with '-drive if=pflash', qemu will store UEFI variables
inside the firmware image file. That is unexpected for a file located in
the sysroot, which should be read-only, while it is normal for image
files in the deploy/images directory. Therefore that directory is a
better place for use with runqemu.
The name was chose so that "runqemu ovmf" can be used as shorthand for
"runqemu <full path>/ovmf.qcow2" by treating "ovmf" as the base name
of the firmware file. "ovmf.secboot.qcow2" is meant to be used for the
Secure Boot enabled firmware.
qcow2 is used because it is needed for "savevm" snapshots of a virtual
machine.
With code and variables stored in the same ovmf.qcow2 it is not
possible to update the firmware code without also overwriting the
variables. For users who care about persistent variables, the code and
variables are also provided as separate files, in ovmf.code.qcow2 and
ovmf.vars.qcow2.
The traditional usage of OVMF via the qemu bios parameter ("biosdir"
and/or "biosfilename" in runqemu) is no longer recommended, and
therefore this recipe no longer provides the bios.bin file. Instead,
OVMF is meant to be used as flash drive in qemu. See the "runqemu:
support UEFI with OVMF firmware" patch for details on how to use OVMF
that way.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Patrick Ohly [Fri, 20 Jan 2017 13:26:59 +0000 (14:26 +0100)]
acpica: work around flex 2.6.2 code generation issue
Without this patch, linking fails with a missing implementation of
yy_scan_string. This looks like a regression in flex, because 2.6.0 generated
different code that called PrParser_scan_string
resp. DtParser_scan_string.
Working around that in acpica until this is better understood or fixed
in flex is the easiest solution for now.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Fathi Boudra [Tue, 10 Jan 2017 14:55:10 +0000 (15:55 +0100)]
acpica: move from meta-oe to OE-core
qemu support for UEFI in OE-core depends on OVMF, which needs the iasl
tools provided by this recipe. There's also an iasl recipe in
meta-luv, but than can and will be replaced by this one, thus reducing
overall maintenance work.
Copied from meta-openembedded rev fa65be9ba (current master).
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Patrick Ohly [Fri, 20 Jan 2017 07:51:07 +0000 (08:51 +0100)]
qemu: support virtual TPM
This enables the use of swtpm (from meta-security) as a virtual TPM in
qemu. These patches extend the existing support in qemu for TPM
passthrough so that a swtpm daemon can be accessed via CUSE (character
device in user space).
To use this:
- add the meta-security layer including the swtpm enhancements for qemu
- bitbake swtpm-native
- create a TPM instance and initialize it with:
$ mkdir -p my-machine/myvtpm0
$ tmp-glibc/sysroots/x86_64-linux/usr/bin/swtpm_setup_oe.sh --tpm-state my-machine/myvtpm0 --createek
Starting vTPM manufacturing as root:root @ Fri 20 Jan 2017 08:56:18 AM CET
TPM is listening on TCP port 52167.
Successfully created EK.
Successfully authored TPM state.
Ending vTPM manufacturing @ Fri 20 Jan 2017 08:56:19 AM CET
- run swtpm *before each runqemu invocation* (it shuts down after use) and
do it as root (required to set up the /dev/vtpm0 CUSE device):
