diff options
Diffstat (limited to 'recipes-core')
10 files changed, 639 insertions, 0 deletions
diff --git a/recipes-core/images/core-image-minimal-initramfs.bbappend b/recipes-core/images/core-image-minimal-initramfs.bbappend new file mode 100644 index 00000000..4ddca375 --- /dev/null +++ b/recipes-core/images/core-image-minimal-initramfs.bbappend | |||
@@ -0,0 +1,6 @@ | |||
1 | # Use initramfs-framework instead of initramfs-live* | ||
2 | PACKAGE_INSTALL_remove_intel-x86-common = "initramfs-live-boot initramfs-live-install initramfs-live-install-efi" | ||
3 | PACKAGE_INSTALL_append_intel-x86-common = " initramfs-framework-base initramfs-module-udev initramfs-module-setup-live initramfs-module-install-efi" | ||
4 | |||
5 | # Add i915 graphics firmware | ||
6 | PACKAGE_INSTALL_append_intel-x86-common = " linux-firmware-i915" | ||
diff --git a/recipes-core/images/core-image-tiny.bb b/recipes-core/images/core-image-tiny.bb new file mode 100644 index 00000000..ed39fd77 --- /dev/null +++ b/recipes-core/images/core-image-tiny.bb | |||
@@ -0,0 +1,37 @@ | |||
1 | SUMMARY = "A tiny image just capable of allowing a device to boot from RAM, \ | ||
2 | this image recipe generates an image file which rather boots from initrd than \ | ||
3 | from storage, it achieves this by using wic to pick up the artifacts generated \ | ||
4 | by the core-image-tiny-initramfs image" | ||
5 | |||
6 | # The actual rootfs/initrd will be the one from core-image-tiny-initramfs, so | ||
7 | # we reset IMAGE_INSTALL to avoid building other things that will be pointless | ||
8 | IMAGE_INSTALL = "" | ||
9 | |||
10 | # Do not pollute the initrd image with rootfs features | ||
11 | IMAGE_FEATURES = "" | ||
12 | |||
13 | IMAGE_LINGUAS = " " | ||
14 | |||
15 | LICENSE = "MIT" | ||
16 | |||
17 | IMAGE_ROOTFS_SIZE ?= "8192" | ||
18 | |||
19 | IMAGE_FSTYPES = "wic" | ||
20 | inherit core-image | ||
21 | |||
22 | # We get some parts from image-live that we need in order to boot from initrd | ||
23 | INITRD_IMAGE_LIVE ?= "core-image-tiny-initramfs" | ||
24 | |||
25 | python() { | ||
26 | image_b = d.getVar('IMAGE_BASENAME') | ||
27 | initrd_i = d.getVar('INITRD_IMAGE_LIVE') | ||
28 | if image_b == initrd_i: | ||
29 | bb.error('INITRD_IMAGE_LIVE %s cannot use the requested IMAGE_FSTYPE' % initrd_i) | ||
30 | bb.fatal('Check IMAGE_FSTYPES and INITRAMFS_FSTYPES settings.') | ||
31 | elif initrd_i: | ||
32 | d.appendVarFlag('do_image', 'depends', ' %s:do_image_complete' % initrd_i) | ||
33 | } | ||
34 | |||
35 | WKS_FILE_intel-corei7-64 = "core-image-tiny.wks.in" | ||
36 | WKS_FILE_intel-core2-32 = "core-image-tiny.wks.in" | ||
37 | WKS_FILE_intel-quark = "mktinygalileodisk.wks" | ||
diff --git a/recipes-core/initrdscripts/files/intel-x86-common/init-install-efi.sh b/recipes-core/initrdscripts/files/intel-x86-common/init-install-efi.sh new file mode 100644 index 00000000..a7a2ad4c --- /dev/null +++ b/recipes-core/initrdscripts/files/intel-x86-common/init-install-efi.sh | |||
@@ -0,0 +1,342 @@ | |||
1 | #!/bin/sh -e | ||
2 | # | ||
3 | # Copyright (c) 2016, Intel Corporation. | ||
4 | # All rights reserved. | ||
5 | # | ||
6 | # install.sh [device_name] [rootfs_name] | ||
7 | # | ||
8 | # This file is a copy of file with same name in OE: | ||
9 | # meta/recipes-core/initrdscripts/files/. We modify | ||
10 | # it for RMC feature to deploy file blobs from RMC | ||
11 | # database file to target. | ||
12 | |||
13 | PATH=/sbin:/bin:/usr/sbin:/usr/bin | ||
14 | |||
15 | # We need 20 Mb for the boot partition | ||
16 | boot_size=20 | ||
17 | |||
18 | # 5% for swap | ||
19 | swap_ratio=5 | ||
20 | |||
21 | # Get a list of hard drives | ||
22 | hdnamelist="" | ||
23 | live_dev_name=`cat /proc/mounts | grep ${1%/} | awk '{print $1}'` | ||
24 | live_dev_name=${live_dev_name#\/dev/} | ||
25 | # Only strip the digit identifier if the device is not an mmc | ||
26 | case $live_dev_name in | ||
27 | mmcblk*) | ||
28 | ;; | ||
29 | nvme*) | ||
30 | ;; | ||
31 | *) | ||
32 | live_dev_name=${live_dev_name%%[0-9]*} | ||
33 | ;; | ||
34 | esac | ||
35 | |||
36 | echo "Searching for hard drives ..." | ||
37 | |||
38 | for device in `ls /sys/block/`; do | ||
39 | case $device in | ||
40 | loop*) | ||
41 | # skip loop device | ||
42 | ;; | ||
43 | sr*) | ||
44 | # skip CDROM device | ||
45 | ;; | ||
46 | ram*) | ||
47 | # skip ram device | ||
48 | ;; | ||
49 | *) | ||
50 | # skip the device LiveOS is on | ||
51 | # Add valid hard drive name to the list | ||
52 | case $device in | ||
53 | $live_dev_name*) | ||
54 | # skip the device we are running from | ||
55 | ;; | ||
56 | *) | ||
57 | hdnamelist="$hdnamelist $device" | ||
58 | ;; | ||
59 | esac | ||
60 | ;; | ||
61 | esac | ||
62 | done | ||
63 | |||
64 | if [ -z "${hdnamelist}" ]; then | ||
65 | echo "You need another device (besides the live device /dev/${live_dev_name}) to install the image. Installation aborted." | ||
66 | exit 1 | ||
67 | fi | ||
68 | |||
69 | TARGET_DEVICE_NAME="" | ||
70 | for hdname in $hdnamelist; do | ||
71 | # Display found hard drives and their basic info | ||
72 | echo "-------------------------------" | ||
73 | echo /dev/$hdname | ||
74 | if [ -r /sys/block/$hdname/device/vendor ]; then | ||
75 | echo -n "VENDOR=" | ||
76 | cat /sys/block/$hdname/device/vendor | ||
77 | fi | ||
78 | if [ -r /sys/block/$hdname/device/model ]; then | ||
79 | echo -n "MODEL=" | ||
80 | cat /sys/block/$hdname/device/model | ||
81 | fi | ||
82 | if [ -r /sys/block/$hdname/device/uevent ]; then | ||
83 | echo -n "UEVENT=" | ||
84 | cat /sys/block/$hdname/device/uevent | ||
85 | fi | ||
86 | echo | ||
87 | done | ||
88 | |||
89 | # Get user choice | ||
90 | while true; do | ||
91 | echo "Please select an install target or press n to exit ($hdnamelist ): " | ||
92 | read answer | ||
93 | if [ "$answer" = "n" ]; then | ||
94 | echo "Installation manually aborted." | ||
95 | exit 1 | ||
96 | fi | ||
97 | for hdname in $hdnamelist; do | ||
98 | if [ "$answer" = "$hdname" ]; then | ||
99 | TARGET_DEVICE_NAME=$answer | ||
100 | break | ||
101 | fi | ||
102 | done | ||
103 | if [ -n "$TARGET_DEVICE_NAME" ]; then | ||
104 | break | ||
105 | fi | ||
106 | done | ||
107 | |||
108 | if [ -n "$TARGET_DEVICE_NAME" ]; then | ||
109 | echo "Installing image on /dev/$TARGET_DEVICE_NAME ..." | ||
110 | else | ||
111 | echo "No hard drive selected. Installation aborted." | ||
112 | exit 1 | ||
113 | fi | ||
114 | |||
115 | device=/dev/$TARGET_DEVICE_NAME | ||
116 | |||
117 | # | ||
118 | # The udev automounter can cause pain here, kill it | ||
119 | # | ||
120 | rm -f /etc/udev/rules.d/automount.rules | ||
121 | rm -f /etc/udev/scripts/mount* | ||
122 | |||
123 | # | ||
124 | # Unmount anything the automounter had mounted | ||
125 | # | ||
126 | umount ${device}* 2> /dev/null || /bin/true | ||
127 | |||
128 | mkdir -p /tmp | ||
129 | |||
130 | # Create /etc/mtab if not present | ||
131 | if [ ! -e /etc/mtab ]; then | ||
132 | cat /proc/mounts > /etc/mtab | ||
133 | fi | ||
134 | |||
135 | disk_size=$(parted ${device} unit mb print | grep '^Disk .*: .*MB' | cut -d" " -f 3 | sed -e "s/MB//") | ||
136 | |||
137 | swap_size=$((disk_size*swap_ratio/100)) | ||
138 | rootfs_size=$((disk_size-boot_size-swap_size)) | ||
139 | |||
140 | rootfs_start=$((boot_size)) | ||
141 | rootfs_end=$((rootfs_start+rootfs_size)) | ||
142 | swap_start=$((rootfs_end)) | ||
143 | |||
144 | # MMC devices are special in a couple of ways | ||
145 | # 1) they use a partition prefix character 'p' | ||
146 | # 2) they are detected asynchronously (need rootwait) | ||
147 | rootwait="" | ||
148 | part_prefix="" | ||
149 | if [ ! "${device#/dev/mmcblk}" = "${device}" ] || \ | ||
150 | [ ! "${device#/dev/nvme}" = "${device}" ]; then | ||
151 | part_prefix="p" | ||
152 | rootwait="rootwait" | ||
153 | fi | ||
154 | bootfs=${device}${part_prefix}1 | ||
155 | rootfs=${device}${part_prefix}2 | ||
156 | swap=${device}${part_prefix}3 | ||
157 | |||
158 | echo "*****************" | ||
159 | echo "Boot partition size: $boot_size MB ($bootfs)" | ||
160 | echo "Rootfs partition size: $rootfs_size MB ($rootfs)" | ||
161 | echo "Swap partition size: $swap_size MB ($swap)" | ||
162 | echo "*****************" | ||
163 | echo "Deleting partition table on ${device} ..." | ||
164 | dd if=/dev/zero of=${device} bs=512 count=35 | ||
165 | |||
166 | echo "Creating new partition table on ${device} ..." | ||
167 | parted ${device} mklabel gpt | ||
168 | |||
169 | echo "Creating boot partition on $bootfs" | ||
170 | parted ${device} mkpart boot fat32 0% $boot_size | ||
171 | parted ${device} set 1 boot on | ||
172 | |||
173 | echo "Creating rootfs partition on $rootfs" | ||
174 | parted ${device} mkpart root ext3 $rootfs_start $rootfs_end | ||
175 | |||
176 | echo "Creating swap partition on $swap" | ||
177 | parted ${device} mkpart swap linux-swap $swap_start 100% | ||
178 | |||
179 | parted ${device} print | ||
180 | |||
181 | echo "Formatting $bootfs to vfat..." | ||
182 | mkfs.vfat $bootfs | ||
183 | |||
184 | echo "Formatting $rootfs to ext3..." | ||
185 | mkfs.ext3 $rootfs | ||
186 | |||
187 | echo "Formatting swap partition...($swap)" | ||
188 | mkswap $swap | ||
189 | |||
190 | mkdir /tgt_root | ||
191 | mkdir /src_root | ||
192 | mkdir -p /boot | ||
193 | |||
194 | # Handling of the target root partition | ||
195 | mount $rootfs /tgt_root | ||
196 | mount -o rw,loop,noatime,nodiratime /run/media/$1/$2 /src_root | ||
197 | echo "Copying rootfs files..." | ||
198 | cp -a /src_root/* /tgt_root | ||
199 | if [ -d /tgt_root/etc/ ] ; then | ||
200 | boot_uuid=$(blkid -o value -s UUID ${bootfs}) | ||
201 | swap_part_uuid=$(blkid -o value -s PARTUUID ${swap}) | ||
202 | echo "/dev/disk/by-partuuid/$swap_part_uuid swap swap defaults 0 0" >> /tgt_root/etc/fstab | ||
203 | echo "UUID=$boot_uuid /boot vfat defaults 1 2" >> /tgt_root/etc/fstab | ||
204 | # We dont want udev to mount our root device while we're booting... | ||
205 | if [ -d /tgt_root/etc/udev/ ] ; then | ||
206 | echo "${device}" >> /tgt_root/etc/udev/mount.blacklist | ||
207 | fi | ||
208 | fi | ||
209 | |||
210 | # Handling of the target boot partition | ||
211 | mount $bootfs /boot | ||
212 | echo "Preparing boot partition..." | ||
213 | |||
214 | EFIDIR="/boot/EFI/BOOT" | ||
215 | mkdir -p $EFIDIR | ||
216 | # Copy the efi loader | ||
217 | cp /run/media/$1/EFI/BOOT/*.efi $EFIDIR | ||
218 | |||
219 | # RMC deployment | ||
220 | RMC_CMD=/src_root/usr/bin/rmc | ||
221 | RMC_DB=/run/media/$1/rmc.db | ||
222 | |||
223 | # We don't want to quit when a step failed. For example, | ||
224 | # a file system could not support some operations. | ||
225 | set +e | ||
226 | |||
227 | if [ -f "${RMC_DB}" ] && [ -f "${RMC_CMD}" ]; then | ||
228 | echo "Found RMC database and tool, start RMC deployment" | ||
229 | # query INSTALLER.CONFIG from RMC DB | ||
230 | if ${RMC_CMD} -B INSTALLER.CONFIG -d "${RMC_DB}" -o /tmp/installer.config; then | ||
231 | while IFS=':' read -r NAME TGT_UID TGT_GID TGT_MODE TGT_PATH; do | ||
232 | # skip comment | ||
233 | # The regexp in grep works with busybox grep which doesn't | ||
234 | # seem to have a -P to recognize '\t'. But this expression could not | ||
235 | # work with gnu grep... | ||
236 | if echo "$NAME"|grep -q $'^[ \t]*#'; then | ||
237 | continue | ||
238 | fi | ||
239 | # check if we should create a directory (last char in target path is '/') | ||
240 | # or deploy a file | ||
241 | LAST_CHAR=$(echo "${TGT_PATH:$((${#TGT_PATH}-1)):1}") | ||
242 | |||
243 | # Do not bail out for failures but user should get stderr message | ||
244 | if [ ${LAST_CHAR} = "/" ]; then | ||
245 | # name field is skipped for directory | ||
246 | echo "DIR: ${TGT_UID}:${TGT_GID}:${TGT_MODE} => ${TGT_PATH}" | ||
247 | mkdir -p "$TGT_PATH" | ||
248 | chown "${TGT_UID}:${TGT_GID}" "$TGT_PATH" | ||
249 | chmod "${TGT_MODE}" "$TGT_PATH" | ||
250 | else | ||
251 | ${RMC_CMD} -B "${NAME}" -d "${RMC_DB}" -o "${TGT_PATH}" | ||
252 | echo "FILE: ${NAME}:${TGT_UID}:${TGT_GID}:${TGT_MODE} => ${TGT_PATH}" | ||
253 | chown "${TGT_UID}:${TGT_GID}" "$TGT_PATH" | ||
254 | chmod "${TGT_MODE}" "$TGT_PATH" | ||
255 | fi | ||
256 | done < /tmp/installer.config | ||
257 | rm -rf /tmp/installer.config | ||
258 | |||
259 | # remove rmc from target since we don't think it is a valid | ||
260 | # case to run rmc after installation. | ||
261 | rm -rf /tgt_root/usr/bin/rmc | ||
262 | echo "RMC deployment finished" | ||
263 | else | ||
264 | echo "INSTALLER.CONFIG is not found, skip RMC deployment" | ||
265 | fi | ||
266 | |||
267 | # Final retouching by calling post-install hook | ||
268 | if ${RMC_CMD} -B POSTINSTALL.sh -d "${RMC_DB}" -o /tmp/POSTINSTALL.sh; then | ||
269 | echo "Found POSTINSTALL.sh execute it..." | ||
270 | chmod 500 /tmp/POSTINSTALL.sh | ||
271 | /tmp/POSTINSTALL.sh | ||
272 | rm -rf /tmp/POSTINSTALL.sh | ||
273 | fi | ||
274 | fi | ||
275 | set -e | ||
276 | |||
277 | if [ -f /run/media/$1/EFI/BOOT/grub.cfg ]; then | ||
278 | root_part_uuid=$(blkid -o value -s PARTUUID ${rootfs}) | ||
279 | GRUBCFG="$EFIDIR/grub.cfg" | ||
280 | cp /run/media/$1/EFI/BOOT/grub.cfg $GRUBCFG | ||
281 | # Update grub config for the installed image | ||
282 | # Delete the install entry | ||
283 | sed -i "/menuentry 'install'/,/^}/d" $GRUBCFG | ||
284 | # Delete the initrd lines | ||
285 | sed -i "/initrd /d" $GRUBCFG | ||
286 | # Delete any LABEL= strings | ||
287 | sed -i "s/ LABEL=[^ ]*/ /" $GRUBCFG | ||
288 | # Delete any root= strings | ||
289 | sed -i "s/ root=[^ ]*/ /g" $GRUBCFG | ||
290 | # Add the root= and other standard boot options | ||
291 | sed -i "s@linux /vmlinuz *@linux /vmlinuz root=PARTUUID=$root_part_uuid rw $rootwait quiet @" $GRUBCFG | ||
292 | fi | ||
293 | |||
294 | if [ -d /run/media/$1/loader ]; then | ||
295 | rootuuid=$(blkid -o value -s PARTUUID ${rootfs}) | ||
296 | GUMMIBOOT_CFGS="/boot/loader/entries/*.conf" | ||
297 | if [ -d /boot/loader ]; then | ||
298 | # Don't override loader.conf RMC already deployed | ||
299 | if [ ! -f /boot/loader/loader.conf ]; then | ||
300 | cp /run/media/$1/loader/loader.conf /boot/loader/ | ||
301 | fi | ||
302 | # only copy built OE entries when RMC entries don't exist. | ||
303 | if [ ! -d /boot/loader/entries ] || [ ! ls /boot/loader/entries/*.conf &>/dev/null ]; then | ||
304 | cp -dr /run/media/$1/loader/entries /boot/loader | ||
305 | fi | ||
306 | else | ||
307 | # copy config files for gummiboot | ||
308 | cp -dr /run/media/$1/loader /boot | ||
309 | # delete the install entry | ||
310 | rm -f /boot/loader/entries/install.conf | ||
311 | fi | ||
312 | # delete the initrd lines | ||
313 | sed -i "/initrd /d" $GUMMIBOOT_CFGS | ||
314 | # delete any LABEL= strings | ||
315 | sed -i "s/ LABEL=[^ ]*/ /" $GUMMIBOOT_CFGS | ||
316 | # delete any root= strings | ||
317 | sed -i "s/ root=[^ ]*/ /" $GUMMIBOOT_CFGS | ||
318 | # add the root= and other standard boot options | ||
319 | sed -i "s@options *@options root=PARTUUID=$rootuuid rw $rootwait quiet @" $GUMMIBOOT_CFGS | ||
320 | # if RMC feature presents, append global kernel command line fragment when it exists. | ||
321 | if [ -f "${RMC_DB}" ] && [ -f "${RMC_CMD}" ]; then | ||
322 | if ${RMC_CMD} -B KBOOTPARAM -d "${RMC_DB}" -o /tmp/kbootparam; then | ||
323 | sed -i "/^[ \t]*options/ s/$/ $(cat /tmp/kbootparam)/" $GUMMIBOOT_CFGS | ||
324 | rm /tmp/kbootparam | ||
325 | fi | ||
326 | fi | ||
327 | fi | ||
328 | |||
329 | cp /run/media/$1/vmlinuz /boot | ||
330 | |||
331 | umount /src_root | ||
332 | umount /tgt_root | ||
333 | umount /boot | ||
334 | |||
335 | sync | ||
336 | |||
337 | echo "Remove your installation media, and press ENTER" | ||
338 | |||
339 | read enter | ||
340 | |||
341 | echo "Rebooting..." | ||
342 | reboot -f | ||
diff --git a/recipes-core/initrdscripts/initramfs-live-install-efi_%.bbappend b/recipes-core/initrdscripts/initramfs-live-install-efi_%.bbappend new file mode 100644 index 00000000..0b3a1d3d --- /dev/null +++ b/recipes-core/initrdscripts/initramfs-live-install-efi_%.bbappend | |||
@@ -0,0 +1,2 @@ | |||
1 | FILESEXTRAPATHS_prepend_intel-x86-common := "${THISDIR}/files:" | ||
2 | PACKAGE_ARCH_intel-x86-common = "${INTEL_COMMON_PACKAGE_ARCH}" | ||
diff --git a/recipes-core/microcode/intel-microcode_20170707.bb b/recipes-core/microcode/intel-microcode_20170707.bb new file mode 100644 index 00000000..2244088b --- /dev/null +++ b/recipes-core/microcode/intel-microcode_20170707.bb | |||
@@ -0,0 +1,66 @@ | |||
1 | SUMMARY = "Intel Processor Microcode Datafile for Linux" | ||
2 | HOMEPAGE = "http://www.intel.com/" | ||
3 | DESCRIPTION = "The microcode data file contains the latest microcode\ | ||
4 | definitions for all Intel processors. Intel releases microcode updates\ | ||
5 | to correct processor behavior as documented in the respective processor\ | ||
6 | specification updates. While the regular approach to getting this microcode\ | ||
7 | update is via a BIOS upgrade, Intel realizes that this can be an\ | ||
8 | administrative hassle. The Linux operating system and VMware ESX\ | ||
9 | products have a mechanism to update the microcode after booting.\ | ||
10 | For example, this file will be used by the operating system mechanism\ | ||
11 | if the file is placed in the /etc/firmware directory of the Linux system." | ||
12 | |||
13 | LICENSE = "Intel-Microcode-License" | ||
14 | LIC_FILES_CHKSUM = "file://microcode.dat;md5=e5b1dc41901d2de706d4bccee94bbadc" | ||
15 | |||
16 | SRC_URI = "https://downloadmirror.intel.com/26925/eng/microcode-${PV}.tgz" | ||
17 | SRC_URI[md5sum] = "fe4bcb12e4600629a81fb65208c34248" | ||
18 | SRC_URI[sha256sum] = "4fd44769bf52a7ac11e90651a307aa6e56ca6e1a814e50d750ba8207973bee93" | ||
19 | |||
20 | DEPENDS = "iucode-tool-native" | ||
21 | S = "${WORKDIR}" | ||
22 | |||
23 | COMPATIBLE_HOST = "(i.86|x86_64).*-linux" | ||
24 | PACKAGE_ARCH = "${MACHINE_ARCH}" | ||
25 | |||
26 | inherit deploy | ||
27 | |||
28 | # Use any of the iucode_tool parameters to filter specific microcodes from the data file | ||
29 | # For further information, check the iucode-tool's manpage : http://manned.org/iucode-tool | ||
30 | UCODE_FILTER_PARAMETERS ?= "" | ||
31 | |||
32 | do_compile() { | ||
33 | mkdir -p ${WORKDIR}/ucode/kernel/x86/microcode | ||
34 | ${STAGING_DIR_NATIVE}${sbindir_native}/iucode_tool \ | ||
35 | ${UCODE_FILTER_PARAMETERS} \ | ||
36 | --overwrite \ | ||
37 | --write-to=${WORKDIR}/microcode_${PV}.bin \ | ||
38 | ${WORKDIR}/microcode.dat | ||
39 | |||
40 | ${STAGING_DIR_NATIVE}${sbindir_native}/iucode_tool \ | ||
41 | ${UCODE_FILTER_PARAMETERS} \ | ||
42 | --overwrite \ | ||
43 | --write-earlyfw=${WORKDIR}/microcode_${PV}.cpio \ | ||
44 | ${WORKDIR}/microcode.dat | ||
45 | } | ||
46 | |||
47 | do_install() { | ||
48 | install -d ${D}${base_libdir}/firmware/intel-ucode/ | ||
49 | install ${WORKDIR}/microcode_${PV}.bin ${D}${base_libdir}/firmware/intel-ucode/ | ||
50 | cd ${D}${base_libdir}/firmware/intel-ucode/ | ||
51 | ln -sf microcode_${PV}.bin microcode.bin | ||
52 | } | ||
53 | |||
54 | do_deploy() { | ||
55 | install -d ${DEPLOYDIR} | ||
56 | install ${S}/microcode_${PV}.cpio ${DEPLOYDIR}/ | ||
57 | cd ${DEPLOYDIR} | ||
58 | rm -f microcode.cpio | ||
59 | ln -sf microcode_${PV}.cpio microcode.cpio | ||
60 | } | ||
61 | |||
62 | addtask deploy before do_build after do_compile | ||
63 | |||
64 | PACKAGES = "${PN}" | ||
65 | |||
66 | FILES_${PN} = "${base_libdir}" | ||
diff --git a/recipes-core/microcode/iucode-tool/0001-Makefile.am-Add-arg-parse-library-for-MUSL-support.patch b/recipes-core/microcode/iucode-tool/0001-Makefile.am-Add-arg-parse-library-for-MUSL-support.patch new file mode 100644 index 00000000..ca97d2ab --- /dev/null +++ b/recipes-core/microcode/iucode-tool/0001-Makefile.am-Add-arg-parse-library-for-MUSL-support.patch | |||
@@ -0,0 +1,29 @@ | |||
1 | From 5f6826b3a59dedf508d5a6122362d69a4813e8e6 Mon Sep 17 00:00:00 2001 | ||
2 | From: Saul Wold <sgw@linux.intel.com> | ||
3 | Date: Fri, 3 Feb 2017 16:08:51 -0800 | ||
4 | Subject: [PATCH] Makefile.am: Add arg-parse library for MUSL support | ||
5 | |||
6 | iucode-tool needs argp-standalone when used with MUSL, so add this | ||
7 | patch to the Makefile to link with argp | ||
8 | |||
9 | Upstream-Status: Pending | ||
10 | Signed-off-by: Saul Wold <sgw@linux.intel.com> | ||
11 | --- | ||
12 | Makefile.am | 1 + | ||
13 | 1 file changed, 1 insertion(+) | ||
14 | |||
15 | diff --git a/Makefile.am b/Makefile.am | ||
16 | index 415a241..764fb61 100644 | ||
17 | --- a/Makefile.am | ||
18 | +++ b/Makefile.am | ||
19 | @@ -5,6 +5,7 @@ | ||
20 | sbin_PROGRAMS = iucode_tool | ||
21 | man_MANS = iucode_tool.8 | ||
22 | |||
23 | +iucode_tool_LDADD = -largp | ||
24 | iucode_tool_SOURCES = intel_microcode.h intel_microcode.c iucode_tool.c | ||
25 | EXTRA_DIST = autogen.sh CONTRIBUTING | ||
26 | |||
27 | -- | ||
28 | 2.7.4 | ||
29 | |||
diff --git a/recipes-core/microcode/iucode-tool_2.1.2.bb b/recipes-core/microcode/iucode-tool_2.1.2.bb new file mode 100644 index 00000000..e1fb56f4 --- /dev/null +++ b/recipes-core/microcode/iucode-tool_2.1.2.bb | |||
@@ -0,0 +1,33 @@ | |||
1 | SUMMARY = "Update Intel CPU microcode" | ||
2 | |||
3 | DESCRIPTION = "iucode_tool is a program to manipulate Intel i686 and X86-64\ | ||
4 | processor microcode update collections, and to use the kernel facilities to\ | ||
5 | update the microcode on Intel system processors. It can load microcode data\ | ||
6 | files in text and binary format, sort, list and filter the microcode updates\ | ||
7 | contained in these files, write selected microcode updates to a new file in\ | ||
8 | binary format, or upload them to the kernel. \ | ||
9 | It operates on microcode data downloaded directly from Intel:\ | ||
10 | http://feeds.downloadcenter.intel.com/rss/?p=2371\ | ||
11 | " | ||
12 | HOMEPAGE = "https://gitlab.com/iucode-tool/" | ||
13 | BUGTRACKER = "https://bugs.debian.org/cgi-bin/pkgreport.cgi?ordering=normal;archive=0;src=iucode-tool;repeatmerged=0" | ||
14 | |||
15 | LICENSE = "GPLv2+" | ||
16 | LIC_FILES_CHKSUM = "file://COPYING;md5=751419260aa954499f7abaabaa882bbe \ | ||
17 | file://iucode_tool.c;beginline=1;endline=15;md5=5d8e3639c3b6a80e7d5e0e073933da16" | ||
18 | |||
19 | DEPENDS_append_libc-musl = " argp-standalone" | ||
20 | |||
21 | SRC_URI = "https://gitlab.com/iucode-tool/releases/raw/master/iucode-tool_${PV}.tar.xz" | ||
22 | SRC_URI_append_libc-musl = " file://0001-Makefile.am-Add-arg-parse-library-for-MUSL-support.patch" | ||
23 | |||
24 | SRC_URI[md5sum] = "c6f131a0b69443f5498782a2335973fa" | ||
25 | SRC_URI[sha256sum] = "01f1c02ba6935e0ac8440fb594c2ef57ce4437fcbce539e3ef329f55a6fd71ab" | ||
26 | |||
27 | inherit autotools | ||
28 | |||
29 | BBCLASSEXTEND = "native" | ||
30 | |||
31 | COMPATIBLE_HOST = "(i.86|x86_64).*-linux" | ||
32 | |||
33 | UPSTREAM_CHECK_URI = "https://gitlab.com/iucode-tool/releases" | ||
diff --git a/recipes-core/ovmf/files/0001-ovmf-RefkitTestCA-TEST-UEFI-SecureBoot.patch b/recipes-core/ovmf/files/0001-ovmf-RefkitTestCA-TEST-UEFI-SecureBoot.patch new file mode 100644 index 00000000..62db0633 --- /dev/null +++ b/recipes-core/ovmf/files/0001-ovmf-RefkitTestCA-TEST-UEFI-SecureBoot.patch | |||
@@ -0,0 +1,105 @@ | |||
1 | From 48e511481d83c1614cd00a5a2edcf6b5d746b9c4 Mon Sep 17 00:00:00 2001 | ||
2 | From: Mikko Ylinen <mikko.ylinen@linux.intel.com> | ||
3 | Date: Fri, 7 Apr 2017 12:06:14 +0300 | ||
4 | Subject: [PATCH] ovmf: RefkitTestCA: TEST UEFI SecureBoot | ||
5 | |||
6 | This patch adds refkit-db.cer (via xxd -i) in OVMF's db | ||
7 | signature database when used with EnrollDefaultKeys EFI | ||
8 | application. It's used for testing purposes only. | ||
9 | |||
10 | Images signed with refkit-db keys are allowed to boot. | ||
11 | |||
12 | Signed-off-by: Mikko Ylinen <mikko.ylinen@linux.intel.com> | ||
13 | --- | ||
14 | OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c | 68 +++++++++++++++++++++++++++ | ||
15 | 1 file changed, 68 insertions(+) | ||
16 | |||
17 | diff --git a/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c | ||
18 | index 24ab977..a3c12ba 100644 | ||
19 | --- a/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c | ||
20 | +++ b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c | ||
21 | @@ -516,6 +516,73 @@ STATIC CONST UINT8 MicrosoftUefiCA[] = { | ||
22 | 0x07, 0x92, 0x9b, 0xf5, 0xa6, 0xbc, 0x59, 0x83, 0x58 | ||
23 | }; | ||
24 | |||
25 | +STATIC CONST UINT8 RefkitTestCA[] = { | ||
26 | + 0x30, 0x82, 0x02, 0xfb, 0x30, 0x82, 0x01, 0xe3, 0xa0, 0x03, 0x02, 0x01, | ||
27 | + 0x02, 0x02, 0x09, 0x00, 0xd4, 0xf6, 0x48, 0xc2, 0x68, 0x19, 0x91, 0xac, | ||
28 | + 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, | ||
29 | + 0x0b, 0x05, 0x00, 0x30, 0x14, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, | ||
30 | + 0x04, 0x03, 0x0c, 0x09, 0x72, 0x65, 0x66, 0x6b, 0x69, 0x74, 0x2d, 0x64, | ||
31 | + 0x62, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x37, 0x30, 0x34, 0x32, 0x30, 0x31, | ||
32 | + 0x32, 0x30, 0x36, 0x33, 0x32, 0x5a, 0x17, 0x0d, 0x31, 0x38, 0x30, 0x34, | ||
33 | + 0x32, 0x30, 0x31, 0x32, 0x30, 0x36, 0x33, 0x32, 0x5a, 0x30, 0x14, 0x31, | ||
34 | + 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x09, 0x72, 0x65, | ||
35 | + 0x66, 0x6b, 0x69, 0x74, 0x2d, 0x64, 0x62, 0x30, 0x82, 0x01, 0x22, 0x30, | ||
36 | + 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, | ||
37 | + 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, | ||
38 | + 0x82, 0x01, 0x01, 0x00, 0xb4, 0x1c, 0x22, 0xa6, 0x22, 0x01, 0x57, 0xcd, | ||
39 | + 0xf1, 0x4f, 0xaf, 0x72, 0xe3, 0xd9, 0x01, 0x80, 0x50, 0x55, 0xef, 0x02, | ||
40 | + 0x5e, 0xeb, 0x99, 0x35, 0xcb, 0x7f, 0x2a, 0x79, 0xff, 0xb5, 0x3e, 0xec, | ||
41 | + 0x5d, 0x92, 0x06, 0x30, 0x20, 0xe7, 0x95, 0xad, 0xa4, 0x84, 0x2e, 0x3f, | ||
42 | + 0xfa, 0xd7, 0x46, 0xdd, 0x49, 0xa8, 0xe8, 0xe3, 0x79, 0x49, 0xf6, 0x8f, | ||
43 | + 0x0b, 0x1d, 0xfe, 0x63, 0xa8, 0xd1, 0x63, 0xa3, 0xd6, 0x0d, 0x4e, 0x6c, | ||
44 | + 0x66, 0x5c, 0xd6, 0x66, 0x26, 0xd1, 0x26, 0x98, 0xd4, 0x4f, 0x76, 0xc9, | ||
45 | + 0x65, 0x48, 0x58, 0x13, 0x08, 0x31, 0xbc, 0xe5, 0x47, 0x25, 0x65, 0x95, | ||
46 | + 0x39, 0x89, 0x5f, 0x02, 0xf1, 0xc5, 0x06, 0x17, 0x58, 0xca, 0x09, 0xfd, | ||
47 | + 0xf6, 0x1e, 0xc5, 0x97, 0xda, 0xa3, 0x4e, 0x1a, 0x48, 0xbe, 0xcf, 0x96, | ||
48 | + 0x27, 0x04, 0x4b, 0xb7, 0x6d, 0x67, 0xb6, 0x50, 0x18, 0x04, 0x73, 0x51, | ||
49 | + 0xd2, 0x6a, 0x2d, 0xdf, 0x3b, 0xab, 0xf2, 0x2d, 0x95, 0xd7, 0xa8, 0xb8, | ||
50 | + 0xa8, 0x30, 0xa1, 0xab, 0x8b, 0x92, 0x2b, 0x60, 0x3e, 0x3a, 0xe5, 0x86, | ||
51 | + 0x40, 0x71, 0xc1, 0x3f, 0x2d, 0x2e, 0x90, 0xe7, 0xd6, 0xec, 0xcc, 0xc2, | ||
52 | + 0x0b, 0x79, 0x83, 0x71, 0x6d, 0xf6, 0xa3, 0xa9, 0x4c, 0xcd, 0x46, 0x81, | ||
53 | + 0xdc, 0xef, 0xec, 0x51, 0xbe, 0x81, 0x2a, 0xf1, 0x78, 0x73, 0x41, 0xdb, | ||
54 | + 0x54, 0xce, 0x7c, 0xce, 0xa2, 0xe3, 0x90, 0x4f, 0x45, 0x1a, 0xf9, 0x3d, | ||
55 | + 0x88, 0xfc, 0x0e, 0xed, 0xd3, 0x69, 0x22, 0x4c, 0xfa, 0x0a, 0x69, 0xd1, | ||
56 | + 0x48, 0xc0, 0xaa, 0xa9, 0x3a, 0xb3, 0x8f, 0x10, 0x3a, 0x76, 0xa8, 0x0c, | ||
57 | + 0x7a, 0x3d, 0xd8, 0x79, 0xce, 0x1c, 0x96, 0x62, 0xf4, 0x06, 0xee, 0x47, | ||
58 | + 0xe8, 0xe0, 0x69, 0x91, 0xae, 0xea, 0x34, 0xcf, 0xda, 0xa8, 0xb4, 0x39, | ||
59 | + 0x5e, 0xf3, 0x7a, 0xd0, 0x88, 0x48, 0x47, 0x69, 0x02, 0x03, 0x01, 0x00, | ||
60 | + 0x01, 0xa3, 0x50, 0x30, 0x4e, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, | ||
61 | + 0x04, 0x16, 0x04, 0x14, 0x68, 0x60, 0x11, 0x25, 0x85, 0x14, 0x78, 0x1b, | ||
62 | + 0x1a, 0x9f, 0x46, 0x12, 0xe6, 0x21, 0xe4, 0xef, 0xfb, 0x3b, 0xaa, 0xdd, | ||
63 | + 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, | ||
64 | + 0x14, 0x68, 0x60, 0x11, 0x25, 0x85, 0x14, 0x78, 0x1b, 0x1a, 0x9f, 0x46, | ||
65 | + 0x12, 0xe6, 0x21, 0xe4, 0xef, 0xfb, 0x3b, 0xaa, 0xdd, 0x30, 0x0c, 0x06, | ||
66 | + 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, | ||
67 | + 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, | ||
68 | + 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x8f, 0xd2, 0x84, 0x7c, 0x43, | ||
69 | + 0x47, 0xca, 0x6b, 0xfd, 0x87, 0x83, 0xd0, 0xef, 0x75, 0xd3, 0x20, 0x52, | ||
70 | + 0x73, 0x18, 0xaa, 0x32, 0x71, 0xfb, 0xa5, 0xf4, 0xc9, 0x11, 0xa3, 0x68, | ||
71 | + 0x4d, 0xb7, 0x9d, 0xe6, 0xd9, 0x46, 0x24, 0xdc, 0xc7, 0xc2, 0x3b, 0xf9, | ||
72 | + 0xb0, 0x98, 0xfc, 0xee, 0x34, 0x6e, 0x10, 0x9b, 0x3d, 0x44, 0x6e, 0x33, | ||
73 | + 0x09, 0x11, 0xb8, 0x29, 0xd6, 0x2d, 0x06, 0xcf, 0x67, 0x8f, 0x96, 0x85, | ||
74 | + 0x9d, 0x63, 0x72, 0xbf, 0x64, 0x5f, 0x0d, 0xe3, 0xc9, 0x63, 0x19, 0x71, | ||
75 | + 0xd4, 0x7d, 0x4c, 0x9c, 0x77, 0x46, 0xda, 0x20, 0x97, 0x6d, 0xbc, 0xdd, | ||
76 | + 0xc2, 0x1f, 0xf3, 0x40, 0x38, 0x1e, 0xe7, 0xcc, 0x55, 0x05, 0x72, 0xba, | ||
77 | + 0x24, 0x4f, 0xb3, 0x8a, 0x93, 0x0c, 0x30, 0x60, 0xda, 0x9f, 0x6f, 0x35, | ||
78 | + 0xf6, 0xfb, 0xb0, 0x1f, 0xb3, 0x00, 0xdd, 0xc4, 0xa6, 0xbc, 0xe2, 0x37, | ||
79 | + 0xc1, 0xa3, 0xef, 0xd9, 0xa1, 0x86, 0xf9, 0xeb, 0xa4, 0xa5, 0x45, 0x38, | ||
80 | + 0xff, 0x4e, 0x87, 0x4a, 0x41, 0xcf, 0x6e, 0x69, 0x7e, 0x97, 0xbe, 0x2d, | ||
81 | + 0x22, 0xbc, 0x8d, 0xa0, 0x1a, 0x21, 0x8f, 0x4b, 0x72, 0x90, 0x01, 0x5c, | ||
82 | + 0xba, 0xa5, 0x9c, 0x2d, 0xd7, 0x25, 0x24, 0xfc, 0xff, 0x5c, 0x58, 0x14, | ||
83 | + 0x46, 0x30, 0x09, 0x7c, 0x55, 0x64, 0x83, 0x0b, 0xb9, 0xdf, 0xcf, 0x25, | ||
84 | + 0xee, 0xec, 0xf7, 0xcb, 0xdb, 0xd1, 0x5b, 0x93, 0x93, 0xc8, 0x8a, 0x10, | ||
85 | + 0x46, 0xb8, 0xb0, 0x35, 0x1c, 0x6c, 0x0d, 0x8f, 0x03, 0x6a, 0x8f, 0x1b, | ||
86 | + 0x36, 0x68, 0xf3, 0x53, 0x89, 0x36, 0x5b, 0x21, 0x80, 0xde, 0xe3, 0x92, | ||
87 | + 0x52, 0x94, 0x97, 0x9d, 0x49, 0x89, 0x7d, 0x3e, 0xde, 0x29, 0x51, 0xba, | ||
88 | + 0x11, 0xf7, 0xba, 0x01, 0xf7, 0xab, 0xea, 0xc1, 0xa7, 0x2e, 0xa3, 0x4d, | ||
89 | + 0x65, 0xfd, 0x40, 0x71, 0xf1, 0xe2, 0x3f, 0x6c, 0x28, 0xcb, 0xd3 | ||
90 | +}; | ||
91 | + | ||
92 | // | ||
93 | // The most important thing about the variable payload is that it is a list of | ||
94 | // lists, where the element size of any given *inner* list is constant. | ||
95 | @@ -908,6 +975,7 @@ ShellAppMain ( | ||
96 | &gEfiImageSecurityDatabaseGuid, | ||
97 | MicrosoftPCA, sizeof MicrosoftPCA, &gEfiCallerIdGuid, | ||
98 | MicrosoftUefiCA, sizeof MicrosoftUefiCA, &gEfiCallerIdGuid, | ||
99 | + RefkitTestCA, sizeof RefkitTestCA, &gEfiCallerIdGuid, | ||
100 | NULL); | ||
101 | if (EFI_ERROR (Status)) { | ||
102 | return 1; | ||
103 | -- | ||
104 | 2.1.4 | ||
105 | |||
diff --git a/recipes-core/ovmf/ovmf-shell-image-enrollkeys.bb b/recipes-core/ovmf/ovmf-shell-image-enrollkeys.bb new file mode 100644 index 00000000..b20f6e58 --- /dev/null +++ b/recipes-core/ovmf/ovmf-shell-image-enrollkeys.bb | |||
@@ -0,0 +1,13 @@ | |||
1 | require recipes-core/ovmf/ovmf-shell-image.bb | ||
2 | |||
3 | WKS_SEARCH_PATH_append = ":${COREBASE}/meta/recipes-core/ovmf" | ||
4 | |||
5 | QB_DRIVE_TYPE = "/dev/vd" | ||
6 | |||
7 | do_image_append() { | ||
8 | cat > ${IMAGE_ROOTFS}/startup.nsh << EOF | ||
9 | EnrollDefaultKeys | ||
10 | reset | ||
11 | EOF | ||
12 | |||
13 | } | ||
diff --git a/recipes-core/ovmf/ovmf_%.bbappend b/recipes-core/ovmf/ovmf_%.bbappend new file mode 100644 index 00000000..bbf5fa32 --- /dev/null +++ b/recipes-core/ovmf/ovmf_%.bbappend | |||
@@ -0,0 +1,6 @@ | |||
1 | FILESEXTRAPATHS_prepend_intel-x86-common := "${THISDIR}/files:" | ||
2 | |||
3 | SRC_URI_append_intel-x86-common = " \ | ||
4 | file://0001-ovmf-RefkitTestCA-TEST-UEFI-SecureBoot.patch \ | ||
5 | " | ||
6 | PACKAGECONFIG_append_intel-x86-common = " secureboot" | ||