113 files changed, 2133 insertions, 3733 deletions
diff --git a/meta/recipes-bsp/acpid/acpid.inc b/meta/recipes-bsp/acpid/acpid.inc
index 98910bab29..ba954563b6 100644
--- a/meta/recipes-bsp/acpid/acpid.inc
+++ b/meta/recipes-bsp/acpid/acpid.inc
@@ -10,14 +10,16 @@ BUGTRACKER = "http://sourceforge.net/p/acpid2/tickets/?source=navbar"
 SECTION = "base"
 LICENSE = "GPL-2.0-or-later"
-SRC_URI = "${SOURCEFORGE_MIRROR}/acpid2/acpid-${PV}.tar.xz \
+SOURCEFORGE_PROJECT = "acpid2"
+SRC_URI = "${SOURCEFORGE_MIRROR}/${SOURCEFORGE_PROJECT}/acpid-${PV}.tar.xz \
           file://init \
           file://acpid.service \
-          "
+           file://0001-Replace-stat64-with-stat.patch \
+           "
 CVE_PRODUCT = "acpid2"
-inherit autotools update-rc.d systemd
+inherit autotools update-rc.d systemd sourceforge-releases
 INITSCRIPT_NAME = "acpid"
 INITSCRIPT_PARAMS = "defaults"
@@ -26,13 +28,13 @@ SYSTEMD_SERVICE:${PN} = "acpid.service"
 do_install:append () {
        install -d ${D}${sysconfdir}/init.d
-        sed -e 's,/usr/sbin,${sbindir},g' ${WORKDIR}/init > ${D}${sysconfdir}/init.d/acpid
+        sed -e 's,/usr/sbin,${sbindir},g' ${UNPACKDIR}/init > ${D}${sysconfdir}/init.d/acpid
        chmod 755 ${D}${sysconfdir}/init.d/acpid
        install -d ${D}${sysconfdir}/acpi
        install -d ${D}${sysconfdir}/acpi/events
        install -d ${D}${systemd_system_unitdir}
-        install -m 0644 ${WORKDIR}/acpid.service ${D}${systemd_system_unitdir}
+        install -m 0644 ${UNPACKDIR}/acpid.service ${D}${systemd_system_unitdir}
        sed -i -e 's,@SBINDIR@,${sbindir},g' ${D}${systemd_system_unitdir}/acpid.service
 }
diff --git a/meta/recipes-bsp/acpid/acpid/0001-Replace-stat64-with-stat.patch b/meta/recipes-bsp/acpid/acpid/0001-Replace-stat64-with-stat.patch
new file mode 100644
index 0000000000..10abfc8388
--- /dev/null
+++ b/meta/recipes-bsp/acpid/acpid/0001-Replace-stat64-with-stat.patch
@@ -0,0 +1,31 @@
+From 4b729235a9e96f120feee7e3746818aad0f3b924 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Wed, 14 Dec 2022 15:04:30 -0800
+Subject: [PATCH] Replace stat64 with stat
+It already checks for largefile support in configure.ac via
+AC_SYS_LARGEFILE macro, which will ensure that 64bit elements
+are correctly setup for stat APIs on platforms needing large
+file support.
+Upstream-Status: Submitted [https://sourceforge.net/p/acpid2/code/merge-requests/5/]
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ sock.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+diff --git a/sock.c b/sock.c
+index 9e04501..3121fb7 100644
+--- a/sock.c
+++ b/sock.c
+@@ -54,8 +54,8 @@ int non_root_clients;
+ static int
+ isfdtype(int fd, int fdtype)
+ {
+-       struct stat64 st;
+-       if (fstat64(fd, &st) != 0)
+       struct stat st;
+       if (fstat(fd, &st) != 0)
+                return -1;
+        return ((st.st_mode & S_IFMT) == (mode_t)fdtype);
+ }
diff --git a/meta/recipes-bsp/acpid/acpid_2.0.33.bb b/meta/recipes-bsp/acpid/acpid_2.0.34.bb
index 7094ba2662..1e0a6d5f24 100644
--- a/meta/recipes-bsp/acpid/acpid_2.0.33.bb
+++ b/meta/recipes-bsp/acpid/acpid_2.0.34.bb
@@ -3,4 +3,4 @@ require acpid.inc
 LIC_FILES_CHKSUM = "file://COPYING;md5=8ca43cbc842c2336e835926c2166c28b \
                    file://acpid.h;endline=24;md5=324a9cf225ae69ddaad1bf9d942115b5"
-SRC_URI[sha256sum] = "0856f71b3eb34a1b663d0a8e6363dfcbc519e63d847330498898658e2972dbe8"
+SRC_URI[sha256sum] = "2d095c8cfcbc847caec746d62cdc8d0bff1ec1bc72ef7c674c721e04da6ab333"
diff --git a/meta/recipes-bsp/alsa-state/alsa-state.bb b/meta/recipes-bsp/alsa-state/alsa-state.bb
index 27b2eccbe4..9452a1a4ce 100644
--- a/meta/recipes-bsp/alsa-state/alsa-state.bb
+++ b/meta/recipes-bsp/alsa-state/alsa-state.bb
@@ -14,7 +14,6 @@ LIC_FILES_CHKSUM = " \
    file://alsa-state-init;beginline=3;endline=4;md5=3ff7ecbf534d7d503941abe8e268ef50 \
 "
 PV = "0.2.0"
-PR = "r5"
 SRC_URI = "\
  file://asound.conf \
@@ -22,7 +21,7 @@ SRC_URI = "\
  file://alsa-state-init \
 "
-S = "${WORKDIR}"
+S = "${UNPACKDIR}"
 # As the recipe doesn't inherit systemd.bbclass, we need to set this variable
 # manually to avoid unnecessary postinst/preinst generated.
@@ -39,15 +38,15 @@ INITSCRIPT_PARAMS = "start 39 S . stop 31 0 6 ."
 do_install() {
    # Only install the init script when 'sysvinit' is in DISTRO_FEATURES.
    if ${@bb.utils.contains('DISTRO_FEATURES','sysvinit','true','false',d)}; then
-        sed -i -e "s:#STATEDIR#:${localstatedir}/lib/alsa:g" ${WORKDIR}/alsa-state-init
+        sed -i -e "s:#STATEDIR#:${localstatedir}/lib/alsa:g" ${S}/alsa-state-init
        install -d ${D}${sysconfdir}/init.d
-        install -m 0755 ${WORKDIR}/alsa-state-init ${D}${sysconfdir}/init.d/alsa-state
+        install -m 0755 ${S}/alsa-state-init ${D}${sysconfdir}/init.d/alsa-state
    fi
    install -d ${D}/${localstatedir}/lib/alsa
    install -d ${D}${sysconfdir}
-    install -m 0644 ${WORKDIR}/asound.conf ${D}${sysconfdir}
+    install -m 0644 ${S}/asound.conf ${D}${sysconfdir}
-    install -m 0644 ${WORKDIR}/*.state ${D}${localstatedir}/lib/alsa
+    install -m 0644 ${S}/*.state ${D}${localstatedir}/lib/alsa
 }
 PACKAGES += "alsa-states"
diff --git a/meta/recipes-bsp/apmd/apmd/apmd.service b/meta/recipes-bsp/apmd/apmd/apmd.service
deleted file mode 100644
index ffab82334f..0000000000
--- a/meta/recipes-bsp/apmd/apmd/apmd.service
+++ /dev/null
@@ -1,7 +0,0 @@
-[Unit]
-Description=Advanced Power Management daemon
-After=remote-fs.target
-[Service]
-EnvironmentFile=-@SYSCONFDIR@/default/apmd
-ExecStart=@SBINDIR@/apmd -P @SYSCONFDIR@/apm/apmd_proxy $APMD
diff --git a/meta/recipes-bsp/apmd/apmd/apmd_proxy b/meta/recipes-bsp/apmd/apmd/apmd_proxy
deleted file mode 100644
index c48ee4e5d5..0000000000
--- a/meta/recipes-bsp/apmd/apmd/apmd_proxy
+++ /dev/null
@@ -1,91 +0,0 @@
-#!/bin/sh
-# 
-# apmd_proxy - program dispatcher for APM daemon
-#
-# Written by Craig Markwardt (craigm@lheamail.gsfc.nasa.gov) 21 May 1999
-# Modified for Debian by Avery Pennarun
-#
-# This shell script is called by the APM daemon (apmd) when a power
-# management event occurs.  Its first and second arguments describe the
-# event.  For example, apmd will call "apmd_proxy suspend system" just
-# before the system is suspended.
-#
-# Here are the possible arguments:
-#
-# start              - APM daemon has started
-# stop               - APM daemon is shutting down
-# suspend critical   - APM system indicates critical suspend (++)
-# suspend system     - APM system has requested suspend mode
-# suspend user       - User has requested suspend mode
-# standby system     - APM system has requested standby mode 
-# standby user       - User has requested standby mode
-# resume suspend     - System has resumed from suspend mode
-# resume standby     - System has resumed from standby mode
-# resume critical    - System has resumed from critical suspend
-# change battery     - APM system reported low battery
-# change power       - APM system reported AC/battery change
-# change time        - APM system reported time change (*)
-# change capability  - APM system reported config. change (+)
-#
-# (*) - APM daemon may be configured to not call these sequences
-# (+) - Available if APM kernel supports it.
-# (++) - "suspend critical" is never passed to apmd from the kernel,
-#   so we will never see it here.  Scripts that process "resume
-#   critical" events need to take this into account.
-#
-# It is the proxy script's responsibility to examine the APM status
-# (via /proc/apm) or other status and to take appropriate actions.
-# For example, the script might unmount network drives before the
-# machine is suspended.
-#
-# In Debian, the usual way of adding functionality to the proxy is to
-# add a script to /etc/apm/event.d.  This script will be called by
-# apmd_proxy (via run-parts) with the same arguments.
-#
-# If it is important that a certain set of script be run in a certain
-# order on suspend and in a different order on resume, then put all
-# the scripts in /etc/apm/scripts.d instead of /etc/apm/event.d and
-# symlink to these from /etc/apm/suspend.d, /etc/apm/resume.d and
-# /etc/apm/other.d using names whose lexicographical order is the same
-# as the desired order of execution.
-#
-# If the kernel's APM driver supports it, apmd_proxy can return a non-zero
-# exit status on suspend and standby events, indicating that the suspend
-# or standby event should be rejected.
-#
-# *******************************************************************
-set -e
-# The following doesn't yet work, because current kernels (up to at least
-# 2.4.20) do not support rejection of APM events.  Supporting this would
-# require substantial modifications to the APM driver.  We will re-enable
-# this feature if the driver is ever modified.       -- cph@debian.org
-#
-#SUSPEND_ON_AC=false
-#[ -r /etc/apm/apmd_proxy.conf ] && . /etc/apm/apmd_proxy.conf
-#
-#if [ "${SUSPEND_ON_AC}" = "false" -a "${2}" = "system" ] \
-#       && on_ac_power >/dev/null; then
-#    # Reject system suspends and standbys if we are on AC power
-#    exit 1  # Reject (NOTE kernel support must be enabled)
-#fi
-if [ "${1}" = "suspend" -o "${1}" = "standby" ]; then
-    run-parts -a "${1}" -a "${2}" /etc/apm/event.d
-    if [ -d /etc/apm/suspend.d ]; then
-        run-parts -a "${1}" -a "${2}" /etc/apm/suspend.d
-    fi
-elif [ "${1}" = "resume" ]; then
-    if [ -d /etc/apm/resume.d ]; then
-        run-parts -a "${1}" -a "${2}" /etc/apm/resume.d
-    fi
-    run-parts -a "${1}" -a "${2}" /etc/apm/event.d
-else
-    run-parts -a "${1}" -a "${2}" /etc/apm/event.d
-    if [ -d /etc/apm/other.d ]; then
-        run-parts -a "${1}" -a "${2}" /etc/apm/other.d
-    fi
-fi
-exit 0
diff --git a/meta/recipes-bsp/apmd/apmd/apmd_proxy.conf b/meta/recipes-bsp/apmd/apmd/apmd_proxy.conf
deleted file mode 100644
index 751145c522..0000000000
--- a/meta/recipes-bsp/apmd/apmd/apmd_proxy.conf
+++ /dev/null
@@ -1,16 +0,0 @@
-# /etc/apm/apmd_proxy.conf: configuration file for apmd.
-#
-# This file is managed by debconf when installing or reconfiguring the
-# package.  It is generated by merging the answers gathered by debconf
-# into the template file "/usr/share/apmd/apmd_proxy.conf".
-# The following doesn't yet work, because current kernels (up to at least
-# 2.4.20) do not support rejection of APM events.  Supporting this would
-# require substantial modifications to the APM driver.  We will re-enable
-# this feature if the driver is ever modified.       -- cph@debian.org
-#
-# Set the following to "false" if you want to reject system suspend or
-# system standby requests when the computer is running on AC power.
-# Otherwise set this to "true".  Such requests are never rejected when
-# the computer is running on battery power.
-#SUSPEND_ON_AC=true
diff --git a/meta/recipes-bsp/apmd/apmd/default b/meta/recipes-bsp/apmd/apmd/default
deleted file mode 100644
index 4b7965abf8..0000000000
--- a/meta/recipes-bsp/apmd/apmd/default
+++ /dev/null
@@ -1,8 +0,0 @@
-#
-# Default for /etc/init.d/apmd
-#
-# As apmd can be called with arguments, we use the following variable
-# to store them, e.g., APMD="-w 5 -p 2".
-# See the manual page apmd(8) for details.
-APMD="--proxy-timeout 30"
diff --git a/meta/recipes-bsp/apmd/apmd/init b/meta/recipes-bsp/apmd/apmd/init
deleted file mode 100755
index c0b41aa9d1..0000000000
--- a/meta/recipes-bsp/apmd/apmd/init
+++ /dev/null
@@ -1,51 +0,0 @@
-#!/bin/sh
-### BEGIN INIT INFO
-# Provides:          apmd
-# Required-Start:    $remote_fs
-# Required-Stop:     $remote_fs
-# Default-Start:     2 3 4 5
-# Default-Stop:      0 1 6
-# Short-Description: Advanced Power Management daemon
-### END INIT INFO
-# Source function library.
-. /etc/init.d/functions
-PATH=/bin:/usr/bin:/sbin:/usr/sbin
-[ -f /etc/default/rcS ] && . /etc/default/rcS
-[ -f /etc/default/apmd ] && . /etc/default/apmd
-case "$1" in
-    start)
-        echo -n "Starting advanced power management daemon: "
-        start-stop-daemon -S -x /usr/sbin/apmd -- \
-                -P /etc/apm/apmd_proxy $APMD
-        if [ $? = 0 ]; then
-            echo "apmd."
-        else
-            echo "(failed.)"
-        fi
-        ;;
-    stop)
-        echo -n "Stopping advanced power management daemon: "
-        start-stop-daemon -K \
-                -x /usr/sbin/apmd
-        echo "apmd."
-        ;;
-    status)
-        status /usr/sbin/apmd;
-        exit $?
-        ;;
-    restart|force-reload) 
-        $0 stop
-        $0 start
-        exit
-        ;;
-    *)
-        echo "Usage: /etc/init.d/apmd {start|stop|status|restart|force-reload}"
-        exit 1
-        ;;
-esac
-exit 0
diff --git a/meta/recipes-bsp/apmd/apmd/legacy.patch b/meta/recipes-bsp/apmd/apmd/legacy.patch
deleted file mode 100644
index 8871311805..0000000000
--- a/meta/recipes-bsp/apmd/apmd/legacy.patch
+++ /dev/null
@@ -1,133 +0,0 @@
-From 3595933d221f0ba836917debc0776b8723972ec9 Mon Sep 17 00:00:00 2001
-From: Alexander Kanavin <alex.kanavin@gmail.com>
-Date: Tue, 11 Aug 2015 17:40:50 +0300
-Subject: [PATCH 1/3] Patch with fixes provided by Debian.
-This patch is taken from
-ftp://ftp.debian.org/debian/pool/main/a/apmd/apmd_3.2.2-15.debian.tar.xz
-Upstream-Status: Inappropriate [upstream is dead]
-Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
---
- Makefile |  2 +-
- apm.c    |  3 ++-
- apm.h    |  9 +++++++++
- apmd.c   | 15 ++++++++-------
- 4 files changed, 20 insertions(+), 9 deletions(-)
-diff --git a/Makefile b/Makefile
-index bf346d9..92fc0fd 100644
--- a/Makefile
-+++ b/Makefile
-@@ -43,7 +43,7 @@ DESTDIR=
- 
- CC=gcc
- CFLAGS=-O -g
-XTRACFLAGS=-Wall -pipe -I. -I/usr/src/linux/include \
-+XTRACFLAGS=-Wall -pipe -I. -I/usr/src/linux/include -I/usr/X11R6/include \
-                -I/usr/src/linux-2.2/include -I /usr/src/linux-2.0/include \
-                -DVERSION=\"$(VERSION)\" \
-                -DDEFAULT_PROXY_NAME=\"$(PROXY_DIR)/apmd_proxy\"
-diff --git a/apm.c b/apm.c
-index b21c057..0359b1c 100644
--- a/apm.c
-+++ b/apm.c
-@@ -219,12 +219,13 @@ int main(int argc, char **argv)
-                }
-        }
-                                                                                                            
-
-+#if 0
-     if (!(i.apm_flags & APM_32_BIT_SUPPORT))
-     {
-        fprintf(stderr, "32-bit APM interface not supported\n");
-        exit(1);
-     }
-+#endif
- 
-     if (verbose && (i.apm_flags & 0x10))
-        printf("APM BIOS Power Management is currently disabled\n");
-diff --git a/apm.h b/apm.h
-index fb24dfd..824cc06 100644
--- a/apm.h
-+++ b/apm.h
-@@ -20,6 +20,13 @@
-  * $Id: apm.h,v 1.7 1999/07/05 22:31:11 apenwarr Exp $
-  * 
-  */
-+#ifndef _APM_H
-+#define _APM_H 1
-+
-+#ifndef __KERNEL_STRICT_NAMES
-+#define __KERNEL_STRICT_NAMES
-+#endif
-+
- #include <linux/apm_bios.h>
- #include <sys/types.h>
- 
-@@ -93,3 +100,5 @@ extern int apm_reject(int fd);
- #else
- #define apm_reject(fd)   (-EINVAL)
- #endif
-+
-+#endif
-diff --git a/apmd.c b/apmd.c
-index 49ed3a1..560f536 100644
--- a/apmd.c
-+++ b/apmd.c
-@@ -343,7 +343,7 @@ static int call_proxy(apm_event_t event)
-                /* parent */
-                int status, retval;
-                ssize_t len;
-               time_t time_limit;
-+               time_t countdown;
- 
-                if (pid < 0) {
-                        /* Couldn't fork */
-@@ -356,8 +356,9 @@ static int call_proxy(apm_event_t event)
-                /* Capture the child's output, if any, but only until it terminates */
-                close(fds[1]);
-                fcntl(fds[0], F_SETFL, O_RDONLY|O_NONBLOCK);
-               time_limit = time(0) + proxy_timeout;
-+               countdown = proxy_timeout;
-                do {
-+                       countdown -= 1;
-                        while ((len = read(fds[0], line, sizeof(line)-1)) > 0) {
-                                line[len] = 0;
-                                APMD_SYSLOG(LOG_INFO, "+ %s", line);
-@@ -372,16 +373,16 @@ static int call_proxy(apm_event_t event)
-                                goto proxy_done;
-                        }
-                                
-                       sleep(1);
-+                       while (sleep(1) > 0) ;
-                } while (
-                       (time(0) < time_limit)
-+                       (countdown >= 0)
-                        || (proxy_timeout < 0)
-                );
- 
-                APMD_SYSLOG(LOG_NOTICE, "Proxy has been running more than %d seconds; killing it", proxy_timeout);
- 
-                kill(pid, SIGTERM);
-               time_limit = time(0) + 5;
-+               countdown = 5;
-                do {
-                        retval = waitpid(pid, &status, WNOHANG);
-                        if (retval == pid)
-@@ -392,9 +393,9 @@ static int call_proxy(apm_event_t event)
-                                goto proxy_done;
-                        }
- 
-                       sleep(1);
-+                       while (sleep(1) > 0) ;
- 
-               } while (time(0) < time_limit);
-+               } while (countdown >= 0);
- 
-                kill(pid, SIGKILL);
-                status = __W_EXITCODE(0, SIGKILL);
-- 
-2.1.4
diff --git a/meta/recipes-bsp/apmd/apmd/libtool.patch b/meta/recipes-bsp/apmd/apmd/libtool.patch
deleted file mode 100644
index fd0a952890..0000000000
--- a/meta/recipes-bsp/apmd/apmd/libtool.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From d5dde7ca91a5aed273d8fe269e1a5194e85c8c79 Mon Sep 17 00:00:00 2001
-From: Scott Garman <scott.a.garman@intel.com>
-Date: Tue, 13 Jul 2010 16:46:46 +0800
-Subject: [PATCH] apmd: upgrade to 3.2.2-14
-Add by RP to address "unable to infer tagged configuration" error:
-   commit 35de05e61b88c0808a5e885bb0efdf420555d5ad
-   Author: Richard Purdie <rpurdie@rpsys.net>
-   Date:   Sun Jun 1 16:13:38 2008 +0000
-   apmd: Use libtool --tag options to avoid problems with libtool 2.2.4 (from poky)
-However I didn't see same issue with current libtool-2.2.10. Also per my understanding,
-the default tag, if not specified, falls back to CC. So disable it from patching, but
-keep it here. If we encounter similar issue in the future, we could then push upstream
-Comment added by Kevin Tian <kevin.tian@intel.com>, 2010-07-16
-Upstream-Status: Pending
-Signed-off-by: Scott Garman <scott.a.garman@intel.com>
---
- Makefile | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-diff --git a/Makefile b/Makefile
-index 92fc0fd..8e283dc 100644
--- a/Makefile
-+++ b/Makefile
-@@ -59,8 +59,8 @@ RANLIB=ranlib
- #LDFLAGS=-s
- 
- LIBTOOL=libtool --quiet
-LT_COMPILE = $(LIBTOOL) --mode=compile $(CC)
-LT_LINK = $(LIBTOOL) --mode=link $(CC)
-+LT_COMPILE = $(LIBTOOL) --tag=CC --mode=compile $(CC)
-+LT_LINK = $(LIBTOOL)  --tag=CC --mode=link $(CC)
- LT_INSTALL = $(LIBTOOL) --mode=install install
- LT_CLEAN = $(LIBTOOL) --mode=clean rm
- 
diff --git a/meta/recipes-bsp/apmd/apmd/linkage.patch b/meta/recipes-bsp/apmd/apmd/linkage.patch
deleted file mode 100644
index 3d32c49cd2..0000000000
--- a/meta/recipes-bsp/apmd/apmd/linkage.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-When building use the libtool intermediate .lo files instead of explicitly using
-the .o files. Under libtool foo.lo is the libtool intermediate wrapper, foo.o is
-a static build, and .libs/foo.o is a shared build.
-If static libraries have been disabled globally then libtool won't generate them
-and explicit references to foo.o won't be satisfied.
-Upstream-Status: Pending
-Signed-off-by: Ross Burton <ross.burton@intel.com>
-diff --git a/Makefile b/Makefile
-index bb695c6..5f60146 100644
--- a/Makefile
-+++ b/Makefile
-@@ -28,7 +28,7 @@ endif
- 
- .SUFFIXES:
- 
-OBJS=apmlib.o
-+OBJS=apmlib.lo
- EXES=apm apmd xapm apmsleep
- HEADERS=apm.h
- 
-@@ -66,22 +66,22 @@ all: $(EXES)
- 
- $(OBJS): $(HEADERS)
- 
-%.o: %.c
-+%.lo: %.c
-        $(LT_COMPILE) -c $(CPPFLAGS) $(CFLAGS) $(XTRACFLAGS) $<
- 
-%: %.o $(LIBAPM)
-+%: %.lo $(LIBAPM)
-        $(LT_LINK) -o $@ $< $(LDFLAGS) $(LIBAPM)
- 
-xapm.o: xapm.c
-+xapm.lo: xapm.c
-        $(LT_COMPILE) -c $(CPPFLAGS) $(CFLAGS) $(XTRACFLAGS) -DNARROWPROTO $<
- 
-apmd: apmd.o
-+apmd: apmd.lo
- 
-apmsleep: apmsleep.o
-+apmsleep: apmsleep.lo
- 
-apmexists: apmexists.o
-+apmexists: apmexists.lo
- 
-xapm: xapm.o $(LIBAPM)
-+xapm: xapm.lo $(LIBAPM)
-        $(LT_LINK) -o $@ $< $(LDFLAGS) $(LIBAPM) $(XLDFLAGS) $(XLIBS)
- 
- $(LIBAPM): apmlib.lo
diff --git a/meta/recipes-bsp/apmd/apmd/unlinux.patch b/meta/recipes-bsp/apmd/apmd/unlinux.patch
deleted file mode 100644
index ec8206cf17..0000000000
--- a/meta/recipes-bsp/apmd/apmd/unlinux.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-copy OE commit message here:
-   commit 9456cdc1cf43e3ba9e6d88c63560c1b6fdee4359
-   Author: Michael Krelin <hacker@klever.net>
-   Date:   Tue May 29 12:27:45 2007 +0000
-   apmd: prevent build from interferring with host kernel headers. Closes #1257
-comment added by Kevin Tian <kevin.tian@intel.com>, 2010-07-13
-Upstream-Status: Pending
-Signed-off-by: Scott Garman <scott.a.garman@intel.com>
--- apmd-3.2.2.orig/Makefile
-+++ apmd-3.2.2/Makefile
-@@ -43,8 +43,7 @@
- 
- CC=gcc
- CFLAGS=-O -g
-XTRACFLAGS=-Wall -pipe -I. -I/usr/src/linux/include -I/usr/X11R6/include \
-               -I/usr/src/linux-2.2/include -I /usr/src/linux-2.0/include \
-+XTRACFLAGS=-Wall -pipe -I. \
-                -DVERSION=\"$(VERSION)\" \
-                -DDEFAULT_PROXY_NAME=\"$(PROXY_DIR)/apmd_proxy\"
- LDFLAGS=
diff --git a/meta/recipes-bsp/apmd/apmd/wexitcode.patch b/meta/recipes-bsp/apmd/apmd/wexitcode.patch
deleted file mode 100644
index c5faa85fa7..0000000000
--- a/meta/recipes-bsp/apmd/apmd/wexitcode.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-Define non-posix W* funcitons
-C libraries like musl dont define them
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
-Upstream-Status: Pending
-Index: apmd-3.2.2.orig/apmd.c
-===================================================================
--- apmd-3.2.2.orig.orig/apmd.c
-+++ apmd-3.2.2.orig/apmd.c
-@@ -55,6 +55,14 @@
- #define MINIMUM_RATE_CALC_TIME  120
- #endif
- 
-+#ifndef _POSIX_SOURCE
-+
-+#define        __WCOREFLAG  0200
-+#define __WCOREDUMP(x)  (_W_INT(x) & __WCOREFLAG)
-+#define        __W_EXITCODE(ret, sig) ((ret) << 8 | (sig))
-+
-+#endif
-+
- /*
-  * For the verbosity level feature to be useful,
-  * we rely on the fact that syslog.h assigns adjacent
diff --git a/meta/recipes-bsp/apmd/apmd_3.2.2-15.bb b/meta/recipes-bsp/apmd/apmd_3.2.2-15.bb
deleted file mode 100644
index 92c35c9896..0000000000
--- a/meta/recipes-bsp/apmd/apmd_3.2.2-15.bb
+++ /dev/null
@@ -1,85 +0,0 @@
-SUMMARY = "Utilities for Advanced Power Management"
-DESCRIPTION = "The Advanced Power Management (APM) support provides \
-access to battery status information and a set of tools for managing \
-notebook power consumption."
-HOMEPAGE = "http://apenwarr.ca/apmd/"
-SECTION = "base"
-LICENSE = "GPL-2.0-or-later"
-LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f \
-                    file://apm.h;beginline=6;endline=18;md5=7d4acc1250910a89f84ce3cc6557c4c2"
-DEPENDS = "libtool-cross"
-SRC_URI = "http://snapshot.debian.org/archive/debian/20160728T043443Z/pool/main/a/${BPN}/${BPN}_3.2.2.orig.tar.gz;name=tarball \
-           file://legacy.patch \
-           file://libtool.patch \
-           file://unlinux.patch \
-           file://wexitcode.patch \
-           file://linkage.patch \
-           file://init \
-           file://default \
-           file://apmd_proxy \
-           file://apmd_proxy.conf \
-           file://apmd.service"
-SRC_URI[tarball.md5sum] = "b1e6309e8331e0f4e6efd311c2d97fa8"
-SRC_URI[tarball.sha256sum] = "7f7d9f60b7766b852881d40b8ff91d8e39fccb0d1d913102a5c75a2dbb52332d"
-# for this package we're mostly interested in tracking debian patches,
-# and not in the upstream version where all development has effectively stopped
-UPSTREAM_CHECK_URI = "${DEBIAN_MIRROR}/main/a/apmd/"
-UPSTREAM_CHECK_REGEX = "(?P<pver>((\d+\.*)+)-((\d+\.*)+))\.(diff|debian\.tar)\.(gz|xz)"
-S = "${WORKDIR}/apmd-3.2.2.orig"
-inherit update-rc.d systemd
-INITSCRIPT_NAME = "apmd"
-INITSCRIPT_PARAMS = "defaults"
-SYSTEMD_SERVICE:${PN} = "apmd.service"
-SYSTEMD_AUTO_ENABLE = "disable"
-EXTRA_OEMAKE = "-e MAKEFLAGS="
-do_compile() {
-        # apmd doesn't use whole autotools. Just libtool for installation
-        oe_runmake apm apmd
-}
-do_install() {
-        install -d ${D}${sysconfdir}
-        install -d ${D}${sysconfdir}/apm
-        install -d ${D}${sysconfdir}/apm/event.d
-        install -d ${D}${sysconfdir}/apm/other.d
-        install -d ${D}${sysconfdir}/apm/suspend.d
-        install -d ${D}${sysconfdir}/apm/resume.d
-        install -d ${D}${sysconfdir}/apm/scripts.d
-        install -d ${D}${sysconfdir}/default
-        install -d ${D}${sysconfdir}/init.d
-        install -d ${D}${sbindir}
-        install -d ${D}${bindir}
-        install -d ${D}${libdir}
-        install -d ${D}${datadir}/apmd
-        install -d ${D}${includedir}
-        install -m 4755 ${S}/.libs/apm ${D}${bindir}/apm
-        install -m 0755 ${S}/.libs/apmd ${D}${sbindir}/apmd
-        install -m 0755 ${WORKDIR}/apmd_proxy ${D}${sysconfdir}/apm/
-        install -m 0644 ${WORKDIR}/apmd_proxy.conf ${D}${datadir}/apmd/
-        install -m 0644 ${WORKDIR}/default ${D}${sysconfdir}/default/apmd
-        oe_libinstall -so libapm ${D}${libdir}
-        install -m 0644 apm.h ${D}${includedir}
-        sed -e 's,/usr/sbin,${sbindir},g; s,/etc,${sysconfdir},g;' ${WORKDIR}/init > ${D}${sysconfdir}/init.d/apmd
-        chmod 755 ${D}${sysconfdir}/init.d/apmd
-        install -d ${D}${systemd_system_unitdir}
-        install -m 0644 ${WORKDIR}/apmd.service ${D}${systemd_system_unitdir}/
-        sed -i -e 's,@SYSCONFDIR@,${sysconfdir},g' \
-                -e 's,@SBINDIR@,${sbindir},g' ${D}${systemd_system_unitdir}/apmd.service
-}
-PACKAGES =+ "libapm apm"
-FILES:libapm = "${libdir}/libapm${SOLIBS}"
-FILES:apm = "${bindir}/apm*"
diff --git a/meta/recipes-bsp/barebox/barebox-common.inc b/meta/recipes-bsp/barebox/barebox-common.inc
new file mode 100644
index 0000000000..67bc964188
--- /dev/null
+++ b/meta/recipes-bsp/barebox/barebox-common.inc
@@ -0,0 +1,8 @@
+HOMEPAGE = "https://barebox.org/"
+SECTION = "bootloaders"
+LIC_FILES_CHKSUM = "file://COPYING;md5=f5125d13e000b9ca1f0d3364286c4192"
+PV = "2025.06.0"
+SRC_URI = "https://barebox.org/download/barebox-${PV}.tar.bz2"
+SRC_URI[sha256sum] = "d05bc1f85dc1d95b0b6b6a52cac0a469148fbb8f1edb0d352c3ca3b632426941"
diff --git a/meta/recipes-bsp/barebox/barebox-tools.bb b/meta/recipes-bsp/barebox/barebox-tools.bb
new file mode 100644
index 0000000000..e519796c1d
--- /dev/null
+++ b/meta/recipes-bsp/barebox/barebox-tools.bb
@@ -0,0 +1,55 @@
+SUMMARY = "barebox bootloader tools"
+require barebox-common.inc
+LICENSE = "GPL-2.0-only"
+DEPENDS = "bison-native flex-native libusb1"
+S = "${UNPACKDIR}/barebox-${PV}"
+B = "${WORKDIR}/build"
+inherit pkgconfig
+EXTRA_OEMAKE = " \
+  ARCH=sandbox \
+  CROSS_COMPILE=${TARGET_PREFIX} -C ${S} O=${B} \
+  CROSS_PKG_CONFIG=pkg-config \
+  CC='${CC}' \
+  LD='${LD}' \
+  "
+do_compile:class-target () {
+    export userccflags="${HOST_CC_ARCH}${TOOLCHAIN_OPTIONS}"
+    export userldflags="${TARGET_LDFLAGS}${TOOLCHAIN_OPTIONS}"
+    oe_runmake targettools_defconfig
+    oe_runmake scripts
+}
+do_compile:class-native () {
+    oe_runmake hosttools_defconfig
+    oe_runmake scripts
+}
+BAREBOX_TOOLS = " \
+         bareboxenv \
+         bareboxcrc32 \
+         kernel-install \
+         bareboximd \
+         omap3-usb-loader \
+         omap4_usbboot \
+         imx/imx-usb-loader \
+         "
+BAREBOX_TOOLS_SUFFIX = ""
+BAREBOX_TOOLS_SUFFIX:class-target = "-target"
+do_install () {
+        install -d ${D}${bindir}
+        for tool in ${BAREBOX_TOOLS}; do
+                install -m 0755 scripts/${tool}${BAREBOX_TOOLS_SUFFIX} ${D}${bindir}/${tool##*/}
+        done
+}
+BBCLASSEXTEND = "native nativesdk"
diff --git a/meta/recipes-bsp/barebox/barebox.bb b/meta/recipes-bsp/barebox/barebox.bb
new file mode 100644
index 0000000000..a48d97941c
--- /dev/null
+++ b/meta/recipes-bsp/barebox/barebox.bb
@@ -0,0 +1,10 @@
+SUMMARY = "barebox is a bootloader designed for embedded systems. It runs on a variety of architectures including x86, ARM, MIPS, PowerPC and others."
+DESCRIPTION = "barebox aims to be a versatile and flexible bootloader not only for booting embedded Linux systems, \
+but also for initial hardware bringup and development. \
+Users should feel right at home with a shell with UNIX-like virtual file system access to hardware, \
+Linux kernel driver API for making driver porting easier, \
+and a subset of the POSIX C library for writing more command-line utilities."
+require barebox-common.inc
+inherit barebox
diff --git a/meta/recipes-bsp/efibootmgr/efibootmgr_18.bb b/meta/recipes-bsp/efibootmgr/efibootmgr_18.bb
index cbcaac1e97..6f4178216b 100644
--- a/meta/recipes-bsp/efibootmgr/efibootmgr_18.bb
+++ b/meta/recipes-bsp/efibootmgr/efibootmgr_18.bb
@@ -13,8 +13,6 @@ COMPATIBLE_HOST = "(i.86|x86_64|arm|aarch64).*-linux"
 SRC_URI = "git://github.com/rhinstaller/efibootmgr.git;protocol=https;branch=main"
 SRCREV = "c3f9f0534e32158f62c43564036878b93b9e0fd6"
-S = "${WORKDIR}/git"
 inherit pkgconfig
 # The directory under the ESP that the default bootloader is found in.  When
@@ -30,6 +28,3 @@ do_install () {
 }
 CLEANBROKEN = "1"
-# https://github.com/rhboot/efivar/issues/202
-COMPATIBLE_HOST:libc-musl = 'null'
diff --git a/meta/recipes-bsp/efivar/efivar/0001-Fix-glibc-2.36-build-mount.h-conflicts.patch b/meta/recipes-bsp/efivar/efivar/0001-Fix-glibc-2.36-build-mount.h-conflicts.patch
deleted file mode 100644
index 28dadabe6b..0000000000
--- a/meta/recipes-bsp/efivar/efivar/0001-Fix-glibc-2.36-build-mount.h-conflicts.patch
+++ /dev/null
@@ -1,60 +0,0 @@
-From 7b0e7ba674321ec1ddd6b9cbb419e5fb44f88bb3 Mon Sep 17 00:00:00 2001
-From: Robbie Harwood <rharwood@redhat.com>
-Date: Thu, 28 Jul 2022 16:11:24 -0400
-Subject: [PATCH] Fix glibc 2.36 build (mount.h conflicts)
-glibc has decided that sys/mount.h and linux/mount.h are no longer
-usable at the same time.  This broke the build, since linux/fs.h itself
-includes linux/mount.h.  For now, fix the build by only including
-sys/mount.h where we need it.
-See-also: https://sourceware.org/glibc/wiki/Release/2.36#Usage_of_.3Clinux.2Fmount.h.3E_and_.3Csys.2Fmount.h.3E
-Resolves: #227
-Upstream-Status: Backport [https://github.com/rhboot/efivar/commit/bc65d63ebf8fe6ac8a099ff15ca200986dba1565]
-Signed-off-by: Robbie Harwood <rharwood@redhat.com>
---
- src/gpt.c   | 1 +
- src/linux.c | 1 +
- src/util.h  | 1 -
- 3 files changed, 2 insertions(+), 1 deletion(-)
-diff --git a/src/gpt.c b/src/gpt.c
-index 1eda049..21413c3 100644
--- a/src/gpt.c
-+++ b/src/gpt.c
-@@ -17,6 +17,7 @@
- #include <stdio.h>
- #include <stdlib.h>
- #include <string.h>
-+#include <sys/mount.h>
- #include <sys/param.h>
- #include <sys/stat.h>
- #include <sys/utsname.h>
-diff --git a/src/linux.c b/src/linux.c
-index 47e45ae..1780816 100644
--- a/src/linux.c
-+++ b/src/linux.c
-@@ -20,6 +20,7 @@
- #include <stdbool.h>
- #include <stdio.h>
- #include <sys/ioctl.h>
-+#include <sys/mount.h>
- #include <sys/socket.h>
- #include <sys/sysmacros.h>
- #include <sys/types.h>
-diff --git a/src/util.h b/src/util.h
-index 3300666..1e67e44 100644
--- a/src/util.h
-+++ b/src/util.h
-@@ -23,7 +23,6 @@
- #include <stdio.h>
- #include <string.h>
- #include <sys/ioctl.h>
-#include <sys/mount.h>
- #include <sys/stat.h>
- #include <sys/types.h>
- #include <tgmath.h>
-- 
-2.37.1
diff --git a/meta/recipes-bsp/efivar/efivar/0001-Fix-invalid-free-in-main.patch b/meta/recipes-bsp/efivar/efivar/0001-Fix-invalid-free-in-main.patch
deleted file mode 100644
index 7e63df578e..0000000000
--- a/meta/recipes-bsp/efivar/efivar/0001-Fix-invalid-free-in-main.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From 085f027e9e9f1478f68ddda705f83b244ee3bd88 Mon Sep 17 00:00:00 2001
-From: Robbie Harwood <rharwood@redhat.com>
-Date: Mon, 18 Apr 2022 13:08:18 -0400
-Subject: [PATCH] Fix invalid free in main()
-data is allocated by mmap() in prepare_data().
-Resolves: #173
-Signed-off-by: Robbie Harwood <rharwood@redhat.com>
-Upstream-Status: Backport
-Link: https://github.com/rhboot/efivar/commit/6be2cb1c0139ac177e754b0767abf1ca1533847f
-Signed-off-by: Grygorii Tertychnyi <grygorii.tertychnyi@leica-geosystems.com>
---
- src/efivar.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-diff --git a/src/efivar.c b/src/efivar.c
-index 5cd1eb2bc73c..09f85edd0a38 100644
--- a/src/efivar.c
-+++ b/src/efivar.c
-@@ -633,7 +633,7 @@ int main(int argc, char *argv[])
-                                if (sz < 0)
-                                        err(1, "Could not import data from \"%s\"", infile);
- 
-                               free(data);
-+                               munmap(data, data_size);
-                                data = NULL;
-                                data_size = 0;
- 
diff --git a/meta/recipes-bsp/efivar/efivar/0001-src-Makefile-build-util.c-separately-for-makeguids.patch b/meta/recipes-bsp/efivar/efivar/0001-src-Makefile-build-util.c-separately-for-makeguids.patch
deleted file mode 100644
index 02781eb67d..0000000000
--- a/meta/recipes-bsp/efivar/efivar/0001-src-Makefile-build-util.c-separately-for-makeguids.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From 80f11fcb46f6b52e13501cb323ca1a849c3f6e88 Mon Sep 17 00:00:00 2001
-From: Alexander Kanavin <alex@linutronix.de>
-Date: Tue, 18 Jan 2022 11:53:41 +0100
-Subject: [PATCH] src/Makefile: build util.c separately for makeguids
-util.c needs to be built twice when cross-compiling:
-for the build machine to be able to link with
-makeguids which then runs during the same build,
-and then for the actual target.
-Upstream-Status: Submitted [https://github.com/rhboot/efivar/pull/203]
-Signed-off-by: Alexander Kanavin <alex@linutronix.de>
---
- src/Makefile | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-diff --git a/src/Makefile b/src/Makefile
-index 0e423c4..b10051b 100644
--- a/src/Makefile
-+++ b/src/Makefile
-@@ -28,10 +28,13 @@ EFIVAR_OBJECTS = $(patsubst %.S,%.o,$(patsubst %.c,%.o,$(EFIVAR_SOURCES)))
- EFISECDB_SOURCES = efisecdb.c guid-symbols.c secdb-dump.c util.c
- EFISECDB_OBJECTS = $(patsubst %.S,%.o,$(patsubst %.c,%.o,$(EFISECDB_SOURCES)))
- GENERATED_SOURCES = include/efivar/efivar-guids.h guid-symbols.c
-MAKEGUIDS_SOURCES = makeguids.c util.c
-+MAKEGUIDS_SOURCES = makeguids.c util-makeguids.c
- MAKEGUIDS_OBJECTS = $(patsubst %.S,%.o,$(patsubst %.c,%.o,$(MAKEGUIDS_SOURCES)))
- MAKEGUIDS_OUTPUT = $(GENERATED_SOURCES) guids.lds
- 
-+util-makeguids.c :
-+       cp util.c util-makeguids.c
-+
- ALL_SOURCES=$(LIBEFISEC_SOURCES) $(LIBEFIBOOT_SOURCES) $(LIBEFIVAR_SOURCES) \
-            $(MAKEGUIDS_SOURCES) $(GENERATED_SOURCES) $(EFIVAR_SOURCES) \
-            $(sort $(wildcard include/efivar/*.h))
-- 
-2.20.1
diff --git a/meta/recipes-bsp/efivar/efivar/efisecdb-fix-build-with-musl-libc.patch b/meta/recipes-bsp/efivar/efivar/efisecdb-fix-build-with-musl-libc.patch
deleted file mode 100644
index ec5b285a06..0000000000
--- a/meta/recipes-bsp/efivar/efivar/efisecdb-fix-build-with-musl-libc.patch
+++ /dev/null
@@ -1,184 +0,0 @@
-From cece3ffd5be2f8641eb694513f2b73e5eb97ffd3 Mon Sep 17 00:00:00 2001
-From: Natanael Copa <ncopa@alpinelinux.org>
-Date: Fri, 28 Jan 2022 12:13:30 +0100
-Subject: [PATCH] efisecdb: fix build with musl libc
-Refactor code to use POSIX atexit(3) instead of the GNU specific
-on_exit(3).
-Resolves: #197
-Resolves: #202
-Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
-Upstream-Status: Backport
-https://github.com/rhboot/efivar/commit/cece3ffd5be2f8641eb694513f2b73e5eb97ffd3
-Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
---
- src/compiler.h |  2 --
- src/efisecdb.c | 68 +++++++++++++++++++-------------------------------
- 2 files changed, 26 insertions(+), 44 deletions(-)
-diff --git a/src/compiler.h b/src/compiler.h
-index e2f18f0b..d95fb014 100644
--- a/src/compiler.h
-+++ b/src/compiler.h
-@@ -7,8 +7,6 @@
- #ifndef COMPILER_H_
- #define COMPILER_H_
- 
-#include <sys/cdefs.h>
-
- /* GCC version checking borrowed from glibc. */
- #if defined(__GNUC__) && defined(__GNUC_MINOR__)
- #  define GNUC_PREREQ(maj,min) \
-diff --git a/src/efisecdb.c b/src/efisecdb.c
-index f8823737..6bd5ad90 100644
--- a/src/efisecdb.c
-+++ b/src/efisecdb.c
-@@ -25,6 +25,10 @@
- extern char *optarg;
- extern int optind, opterr, optopt;
- 
-+static efi_secdb_t *secdb = NULL;
-+static list_t infiles;
-+static list_t actions;
-+
- struct hash_param {
-        char *name;
-        efi_secdb_type_t algorithm;
-@@ -187,12 +191,11 @@ add_action(list_t *list, action_type_t action_type, const efi_guid_t *owner,
- }
- 
- static void
-free_actions(int status UNUSED, void *actionsp)
-+free_actions(void)
- {
-       list_t *actions = (list_t *)actionsp;
-        list_t *pos, *tmp;
- 
-       for_each_action_safe(pos, tmp, actions) {
-+       for_each_action_safe(pos, tmp, &actions) {
-                action_t *action = list_entry(pos, action_t, list);
- 
-                list_del(&action->list);
-@@ -202,12 +205,11 @@ free_actions(int status UNUSED, void *actionsp)
- }
- 
- static void
-free_infiles(int status UNUSED, void *infilesp)
-+free_infiles(void)
- {
-       list_t *infiles = (list_t *)infilesp;
-        list_t *pos, *tmp;
- 
-       for_each_ptr_safe(pos, tmp, infiles) {
-+       for_each_ptr_safe(pos, tmp, &infiles) {
-                ptrlist_t *entry = list_entry(pos, ptrlist_t, list);
- 
-                list_del(&entry->list);
-@@ -216,27 +218,12 @@ free_infiles(int status UNUSED, void *infilesp)
- }
- 
- static void
-maybe_free_secdb(int status UNUSED, void *voidp)
-+maybe_free_secdb(void)
- {
-       efi_secdb_t **secdbp = (efi_secdb_t **)voidp;
-
-       if (secdbp == NULL || *secdbp == NULL)
-+       if (secdb == NULL)
-                return;
- 
-       efi_secdb_free(*secdbp);
-}
-
-static void
-maybe_do_unlink(int status, void *filep)
-{
-       char **file = (char **)filep;
-
-       if (status == 0)
-               return;
-       if (file == NULL || *file == NULL)
-               return;
-
-       unlink(*file);
-+       efi_secdb_free(secdb);
- }
- 
- static void
-@@ -323,15 +310,6 @@ parse_input_files(list_t *infiles, char **outfile, efi_secdb_t **secdb,
-        return status;
- }
- 
-/*
- * These need to be static globals so that they're not on main's stack when
- * on_exit() fires.
- */
-static efi_secdb_t *secdb = NULL;
-static list_t infiles;
-static list_t actions;
-static char *outfile = NULL;
-
- int
- main(int argc, char *argv[])
- {
-@@ -351,6 +329,7 @@ main(int argc, char *argv[])
-        bool do_sort_data = false;
-        bool sort_descending = false;
-        int status = 0;
-+       char *outfile = NULL;
- 
-        const char sopts[] = ":aAc:dfg:h:i:Lo:rs:t:v?";
-        const struct option lopts[] = {
-@@ -376,10 +355,9 @@ main(int argc, char *argv[])
-        INIT_LIST_HEAD(&infiles);
-        INIT_LIST_HEAD(&actions);
- 
-       on_exit(free_actions, &actions);
-       on_exit(free_infiles, &infiles);
-       on_exit(maybe_free_secdb, &secdb);
-       on_exit(maybe_do_unlink, &outfile);
-+       atexit(free_actions);
-+       atexit(free_infiles);
-+       atexit(maybe_free_secdb);
- 
-        /*
-         * parse the command line.
-@@ -587,24 +565,30 @@ main(int argc, char *argv[])
-        outfd = open(outfile, flags, 0600);
-        if (outfd < 0) {
-                char *tmpoutfile = outfile;
-               if (errno == EEXIST)
-                       outfile = NULL;
-+               if (errno != EEXIST)
-+                       unlink(outfile);
-                err(1, "could not open \"%s\"", tmpoutfile);
-        }
- 
-        rc = ftruncate(outfd, 0);
-       if (rc < 0)
-+       if (rc < 0) {
-+               unlink(outfile);
-                err(1, "could not truncate output file \"%s\"", outfile);
-+       }
- 
-        void *output;
-        size_t size = 0;
-        rc = efi_secdb_realize(secdb, &output, &size);
-       if (rc < 0)
-+       if (rc < 0) {
-+               unlink(outfile);
-                secdb_err(1, "could not realize signature list");
-+       }
- 
-        rc = write(outfd, output, size);
-       if (rc < 0)
-+       if (rc < 0) {
-+               unlink(outfile);
-                err(1, "could not write signature list");
-+       }
- 
-        close(outfd);
-        xfree(output);
diff --git a/meta/recipes-bsp/efivar/efivar_38.bb b/meta/recipes-bsp/efivar/efivar_39.bb
index 6a6918931b..fb6b6b3821 100644
--- a/meta/recipes-bsp/efivar/efivar_38.bb
+++ b/meta/recipes-bsp/efivar/efivar_39.bb
@@ -5,27 +5,17 @@ HOMEPAGE = "https://github.com/rhboot/efivar"
 LICENSE = "LGPL-2.1-or-later"
 LIC_FILES_CHKSUM = "file://COPYING;md5=6626bb1e20189cfa95f2c508ba286393"
-COMPATIBLE_HOST = "(i.86|x86_64|arm|aarch64).*-linux"
+COMPATIBLE_HOST = "(i.86|x86_64|arm|aarch64|riscv64).*-linux"
 SRC_URI = "git://github.com/rhinstaller/efivar.git;branch=main;protocol=https \
           file://0001-docs-do-not-build-efisecdb-manpage.patch \
-           file://0001-src-Makefile-build-util.c-separately-for-makeguids.patch \
-           file://efisecdb-fix-build-with-musl-libc.patch \
-           file://0001-Fix-invalid-free-in-main.patch \
-           file://0001-Fix-glibc-2.36-build-mount.h-conflicts.patch \
           "
-SRCREV = "1753149d4176ebfb2b135ac0aaf79340bf0e7a93"
+SRCREV = "c47820c37ac26286559ec004de07d48d05f3308c"
-S = "${WORKDIR}/git"
 inherit pkgconfig
 export CCLD_FOR_BUILD = "${BUILD_CCLD}"
-# Upstream uses --add-needed in gcc.specs which gold doesn't support, so
-# enforce BFD.
-LDFLAGS += "-fuse-ld=bfd"
 do_compile() {
    oe_runmake ERRORS= HOST_CFLAGS="${BUILD_CFLAGS}" HOST_LDFLAGS="${BUILD_LDFLAGS}"
 }
diff --git a/meta/recipes-bsp/formfactor/files/qemuriscv32/machconfig b/meta/recipes-bsp/formfactor/files/qemuriscv32/machconfig
new file mode 100755
index 0000000000..2789b5fc2a
--- /dev/null
+++ b/meta/recipes-bsp/formfactor/files/qemuriscv32/machconfig
@@ -0,0 +1,10 @@
+HAVE_TOUCHSCREEN=1
+HAVE_KEYBOARD=1
+DISPLAY_CAN_ROTATE=0
+DISPLAY_ORIENTATION=0
+DISPLAY_WIDTH_PIXELS=640
+DISPLAY_HEIGHT_PIXELS=480
+DISPLAY_BPP=16
+DISPLAY_DPI=150
+DISPLAY_SUBPIXEL_ORDER=vrgb
diff --git a/meta/recipes-bsp/formfactor/files/qemuriscv64/machconfig b/meta/recipes-bsp/formfactor/files/qemuriscv64/machconfig
new file mode 100755
index 0000000000..2789b5fc2a
--- /dev/null
+++ b/meta/recipes-bsp/formfactor/files/qemuriscv64/machconfig
@@ -0,0 +1,10 @@
+HAVE_TOUCHSCREEN=1
+HAVE_KEYBOARD=1
+DISPLAY_CAN_ROTATE=0
+DISPLAY_ORIENTATION=0
+DISPLAY_WIDTH_PIXELS=640
+DISPLAY_HEIGHT_PIXELS=480
+DISPLAY_BPP=16
+DISPLAY_DPI=150
+DISPLAY_SUBPIXEL_ORDER=vrgb
diff --git a/meta/recipes-bsp/formfactor/formfactor_0.0.bb b/meta/recipes-bsp/formfactor/formfactor_0.0.bb
index ea1fa4c754..f8d5613ffa 100644
--- a/meta/recipes-bsp/formfactor/formfactor_0.0.bb
+++ b/meta/recipes-bsp/formfactor/formfactor_0.0.bb
@@ -5,10 +5,10 @@ build system cannot obtain from other sources such as the kernel."
 SECTION = "base"
 LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
-PR = "r45"
 SRC_URI = "file://config file://machconfig"
-S = "${WORKDIR}"
+S = "${UNPACKDIR}"
 PACKAGE_ARCH = "${MACHINE_ARCH}"
 INHIBIT_DEFAULT_DEPS = "1"
diff --git a/meta/recipes-bsp/gnu-efi/gnu-efi/0001-Do-not-treat-warnings-as-errors.patch b/meta/recipes-bsp/gnu-efi/gnu-efi/0001-Do-not-treat-warnings-as-errors.patch
new file mode 100644
index 0000000000..0c10e66a12
--- /dev/null
+++ b/meta/recipes-bsp/gnu-efi/gnu-efi/0001-Do-not-treat-warnings-as-errors.patch
@@ -0,0 +1,29 @@
+From 80e17bcdf45dcf40b8f356cf68389612407b9f7b Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Thu, 16 May 2024 21:38:32 +0800
+Subject: [PATCH] Do not treat warnings as errors
+There are additional warnings found with musl which are
+treated as errors and fails the build, we have more combinations
+then upstream supports to handle
+Upstream-Status: Inappropriate [OE specific]
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ Make.defaults | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/Make.defaults b/Make.defaults
+index 6d3cf51..23b9383 100755
+--- a/Make.defaults
+++ b/Make.defaults
+@@ -267,7 +267,7 @@ CFLAGS  += $(ARCH3264) -g -O2 -Wall -Wextra -Werror \
+            -fno-strict-aliasing \
+            -ffreestanding -fno-stack-protector
+ else
+-CFLAGS  += $(ARCH3264) -g -O2 -Wall -Wextra -Werror \
+CFLAGS  += $(ARCH3264) -g -O2 -Wall -Wextra \
+            -fno-strict-aliasing \
+            -ffreestanding -fno-stack-protector \
+            $(if $(findstring 0,$(USING_CLANG)),-fno-merge-all-constants,)
diff --git a/meta/recipes-bsp/gnu-efi/gnu-efi/gnu-efi-3.0.9-fix-clang-build.patch b/meta/recipes-bsp/gnu-efi/gnu-efi/gnu-efi-3.0.9-fix-clang-build.patch
deleted file mode 100644
index c6d660095e..0000000000
--- a/meta/recipes-bsp/gnu-efi/gnu-efi/gnu-efi-3.0.9-fix-clang-build.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-Fix building with CLANG-9.0.0 
-Fixes
-clang-9: error: unknown argument: '-maccumulate-outgoing-args'
-Upstream-Status: Submitted [https://sourceforge.net/p/gnu-efi/patches/70/]
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
--- a/Make.defaults
-+++ b/Make.defaults
-@@ -110,10 +110,10 @@
-                             || ( [ $(GCCVERSION) -eq "4" ]      \
-                                  && [ $(GCCMINOR) -ge "7" ] ) ) \
-                           && echo 1)
-  ifeq ($(GCCNEWENOUGH),1)
-    CPPFLAGS += -DGNU_EFI_USE_MS_ABI -maccumulate-outgoing-args --std=c11
-  else ifeq ($(USING_CLANG),clang)
-+  ifeq ($(USING_CLANG),clang)
-     CPPFLAGS += -DGNU_EFI_USE_MS_ABI --std=c11
-+  else ifeq ($(GCCNEWENOUGH),1)
-+    CPPFLAGS += -DGNU_EFI_USE_MS_ABI -maccumulate-outgoing-args --std=c11
-   endif
- 
-   CFLAGS += -mno-red-zone
diff --git a/meta/recipes-bsp/gnu-efi/gnu-efi/parallel-make-archives.patch b/meta/recipes-bsp/gnu-efi/gnu-efi/parallel-make-archives.patch
deleted file mode 100644
index 63d9b6fc31..0000000000
--- a/meta/recipes-bsp/gnu-efi/gnu-efi/parallel-make-archives.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From f56ddb00a656af2e84f839738fad19909ac65047 Mon Sep 17 00:00:00 2001
-From: Saul Wold <sgw@linux.intel.com>
-Date: Sun, 9 Mar 2014 15:22:15 +0200
-Subject: [PATCH] Fix parallel make failure for archives
-Upstream-Status: Pending
-The lib and gnuefi makefiles were using the lib.a() form which compiles
-and ar's as a pair instead of compiling all and then ar'ing which can
-parallelize better. This was resulting in build failures on larger values
-of -j.
-See http://www.chemie.fu-berlin.de/chemnet/use/info/make/make_toc.html#TOC105
-for details.
-Signed-off-by: Saul Wold <sgw@linux.intel.com>
-Signed-off-by: Darren Hart <dvhart@linux.intel.com>
-[Rebased for 3.0.6]
-Signed-off-by: California Sullivan <california.l.sullivan@intel.com>
-[Rebased for 3.0.8]
-Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
- lib/Makefile | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-diff --git a/lib/Makefile b/lib/Makefile
-index 1fc6a47..54b0ca7 100644
--- a/lib/Makefile
-+++ b/lib/Makefile
-@@ -77,7 +77,7 @@ libsubdirs:
- $(OBJS): libsubdirs
- 
- libefi.a: $(OBJS)
-       $(AR) $(ARFLAGS) $@ $^
-+       $(AR) $(ARFLAGS) $@ $(OBJS)
- 
- clean:
-        rm -f libefi.a *~ $(OBJS) */*.o
diff --git a/meta/recipes-bsp/gnu-efi/gnu-efi_3.0.15.bb b/meta/recipes-bsp/gnu-efi/gnu-efi_4.0.1.bb
index 5ae6f391ae..10a4ab6800 100644
--- a/meta/recipes-bsp/gnu-efi/gnu-efi_3.0.15.bb
+++ b/meta/recipes-bsp/gnu-efi/gnu-efi_4.0.1.bb
@@ -2,25 +2,29 @@ SUMMARY = "Libraries for producing EFI binaries"
 HOMEPAGE = "http://sourceforge.net/projects/gnu-efi/"
 DESCRIPTION = "GNU-EFI aims to Develop EFI applications for ARM-64, ARM-32, x86_64, IA-64 (IPF), IA-32 (x86), and MIPS platforms using the GNU toolchain and the EFI development environment."
 SECTION = "devel"
-LICENSE = "GPL-2.0-or-later | BSD-2-Clause"
+LICENSE = "GPL-2.0-or-later & BSD-2-Clause"
-LIC_FILES_CHKSUM = "file://gnuefi/crt0-efi-arm.S;beginline=4;endline=16;md5=e582764a4776e60c95bf9ab617343d36 \
+LIC_FILES_CHKSUM = "file://gnuefi/crt0-efi-arm.S;beginline=4;endline=16;md5=8b0a86085b86eda7a3c7e8a1eb7ec753 \
-                    file://gnuefi/crt0-efi-aarch64.S;beginline=4;endline=16;md5=e582764a4776e60c95bf9ab617343d36 \
+                    file://gnuefi/crt0-efi-aarch64.S;beginline=4;endline=16;md5=8b0a86085b86eda7a3c7e8a1eb7ec753 \
-                    file://inc/efishellintf.h;beginline=13;endline=20;md5=202766b79d708eff3cc70fce15fb80c7 \
+                    file://inc/efishellintf.h;beginline=13;endline=20;md5=ee14c1530c341a7050837adead6bc9a5 \
-                    file://lib/arm/math.c;beginline=2;endline=15;md5=8ed772501da77b2b3345aa6df8744c9e \
+                    file://lib/arm/math.c;beginline=2;endline=15;md5=ccb5c6b51053d1ee7277539ec38513d7 \
-                    file://lib/arm/initplat.c;beginline=2;endline=15;md5=8ed772501da77b2b3345aa6df8744c9e \
+                    file://lib/arm/initplat.c;beginline=2;endline=15;md5=ccb5c6b51053d1ee7277539ec38513d7 \
-                    file://lib/aarch64/math.c;beginline=2;endline=15;md5=8ed772501da77b2b3345aa6df8744c9e \
+                    file://lib/aarch64/math.c;beginline=2;endline=15;md5=ccb5c6b51053d1ee7277539ec38513d7 \
-                    file://lib/aarch64/initplat.c;beginline=2;endline=15;md5=8ed772501da77b2b3345aa6df8744c9e \
+                    file://lib/aarch64/initplat.c;beginline=2;endline=15;md5=ccb5c6b51053d1ee7277539ec38513d7 \
                   "
-SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/files/${BP}.tar.bz2 \
+COMPATIBLE_HOST = "(x86_64.*|i.86.*|aarch64.*|arm.*|riscv64.*)-linux"
-           file://parallel-make-archives.patch \
+COMPATIBLE_HOST:armv4 = 'null'
-           file://gnu-efi-3.0.9-fix-clang-build.patch \
+SRC_URI = "git://github.com/ncroxon/gnu-efi;protocol=https;branch=master \
+           file://0001-Do-not-treat-warnings-as-errors.patch \
           "
+SRCREV = "00cdfa66e923ab2f6683bb52cab0d0d1a9083b16"
-SRC_URI[sha256sum] = "931a257b9c5c1ba65ff519f18373c438a26825f2db7866b163e96d1b168f20ea"
+# llvm-objcopy fails
+# arm-poky-linux-gnueabi-llvm-objcopy: error: 't8.so': section '.dynstr' cannot be removed because it is referenced by the section '.dynamic'
+OBJCOPY:toolchain-clang = "${HOST_PREFIX}objcopy"
-COMPATIBLE_HOST = "(x86_64.*|i.86.*|aarch64.*|arm.*|riscv64.*)-linux"
+inherit github-releases
-COMPATIBLE_HOST:armv4 = 'null'
 do_configure:linux-gnux32:prepend() {
        cp ${STAGING_INCDIR}/gnu/stubs-x32.h ${STAGING_INCDIR}/gnu/stubs-64.h
@@ -34,8 +38,15 @@ def gnu_efi_arch(d):
        return "ia32"
    return tarch
-EXTRA_OEMAKE = "'ARCH=${@gnu_efi_arch(d)}' 'CC=${CC}' 'AS=${AS}' 'LD=${LD}' 'AR=${AR}' \
+do_compile:prepend() {
-                'RANLIB=${RANLIB}' 'OBJCOPY=${OBJCOPY}' 'PREFIX=${prefix}' 'LIBDIR=${libdir}' \
+    unset LDFLAGS
+}
+EXTRA_OEMAKE = "'V=1' 'ARCH=${@gnu_efi_arch(d)}' \
+                'HOSTCC=${BUILD_CC}' 'CC=${CC}' \
+                'AS=${AS}' 'LD=${LD}' 'AR=${AR}' \
+                'RANLIB=${RANLIB}' 'OBJCOPY=${OBJCOPY}' \
+                'PREFIX=${prefix}' 'LIBDIR=${libdir}' 'INCLUDEDIR=${includedir}' \
                "
 # gnu-efi's Makefile treats prefix as toolchain prefix, so don't
@@ -46,7 +57,7 @@ do_install() {
        oe_runmake install INSTALLROOT="${D}"
 }
-FILES:${PN} += "${libdir}/*.lds"
+FILES:${PN} += "${libdir}/*.lds ${libdir}/gnuefi/apps"
 # 64-bit binaries are expected for EFI when targeting X32
 INSANE_SKIP:${PN}-dev:append:linux-gnux32 = " arch"
diff --git a/meta/recipes-bsp/grub/files/0001-Disable-mfpmath-sse-as-well-when-SSE-is-disabled.patch b/meta/recipes-bsp/grub/files/0001-Disable-mfpmath-sse-as-well-when-SSE-is-disabled.patch
deleted file mode 100644
index 6b73878cc0..0000000000
--- a/meta/recipes-bsp/grub/files/0001-Disable-mfpmath-sse-as-well-when-SSE-is-disabled.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From 96d9aa55d29b24e2490d5647a9efc66940fc400f Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Wed, 13 Jan 2016 19:17:31 +0000
-Subject: [PATCH] Disable -mfpmath=sse as well when SSE is disabled
-Fixes
-configure:20574: i586-poky-linux-gcc  -m32    -march=core2 -msse3
-mtune=generic -mfpmath=sse
--sysroot=/usr/local/dev/yocto/grubtest2/build/tmp/sysroots/emenlow -o
-conftest -O2 -pipe -g -feliminate-unused-debug-types -Wall -W -Wshadow
-Wpointer-arith -Wmissing-prototypes -Wundef -Wstrict-prototypes -g
-falign-jumps=1 -falign-loops=1 -falign-functions=1 -mno-mmx -mno-sse
-mno-sse2 -mno-3dnow -fno-dwarf2-cfi-asm -m32 -fno-stack-protector
-mno-stack-arg-probe -Werror -nostdlib -Wl,--defsym,___main=0x8100
-Wall -W -I$(top_srcdir)/include -I$(top_builddir)/include
-DGRUB_MACHINE_PCBIOS=1 -DGRUB_MACHINE=I386_PC -Wl,-O1
-Wl,--hash-style=gnu -Wl,--as-needed conftest.c  >&5
-conftest.c:1:0: error: SSE instruction set disabled, using 387
-arithmetics [-Werror]
-cc1: all warnings being treated as errors
-Signed-off-by: Nitin A Kamble <nitin.a.kamble@intel.com>
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
-Upstream-Status: Pending
---
- configure.ac | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-diff --git a/configure.ac b/configure.ac
-index 7656f24..0868ea9 100644
--- a/configure.ac
-+++ b/configure.ac
-@@ -824,7 +824,7 @@ fi
- if ( test "x$target_cpu" = xi386 || test "x$target_cpu" = xx86_64 ) && test "x$platform" != xemu; then
-   # Some toolchains enable these features by default, but they need
-   # registers that aren't set up properly in GRUB.
-  TARGET_CFLAGS="$TARGET_CFLAGS -mno-mmx -mno-sse -mno-sse2 -mno-sse3 -mno-3dnow"
-+  TARGET_CFLAGS="$TARGET_CFLAGS -mno-mmx -mno-sse -mno-sse2 -mno-sse3 -mno-3dnow -mfpmath=387"
- fi
- 
- # GRUB doesn't use float or doubles at all. Yet some toolchains may decide
diff --git a/meta/recipes-bsp/grub/files/0001-RISC-V-Restore-the-typcast-to-long.patch b/meta/recipes-bsp/grub/files/0001-RISC-V-Restore-the-typcast-to-long.patch
index 2f15a91f68..cafa711731 100644
--- a/meta/recipes-bsp/grub/files/0001-RISC-V-Restore-the-typcast-to-long.patch
+++ b/meta/recipes-bsp/grub/files/0001-RISC-V-Restore-the-typcast-to-long.patch
@@ -1,4 +1,4 @@
-From e4c41db74b8972285cbdfe614c95c1ffd97d70e1 Mon Sep 17 00:00:00 2001
+From b47029e8e582d17c6874d2622fe1a5b834377dbb Mon Sep 17 00:00:00 2001
 From: Khem Raj <raj.khem@gmail.com>
 Date: Fri, 26 Mar 2021 11:59:43 -0700
 Subject: [PATCH] RISC-V: Restore the typcast to 64bit type
@@ -17,15 +17,16 @@ Cc: Daniel Kiper <daniel.kiper@oracle.com>
 Cc: Chester Lin <clin@suse.com>
 Cc: Nikita Ermakov <arei@altlinux.org>
 Cc: Alistair Francis <alistair.francis@wdc.com>
 ---
 util/grub-mkimagexx.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/util/grub-mkimagexx.c b/util/grub-mkimagexx.c
-index 00f49ccaa..ac677d03d 100644
+index e50b295..2f09255 100644
 --- a/util/grub-mkimagexx.c
 +++ b/util/grub-mkimagexx.c
-@@ -1242,7 +1242,7 @@ SUFFIX (relocate_addrs) (Elf_Ehdr *e, struct section_metadata *smd,
+@@ -1310,7 +1310,7 @@ SUFFIX (relocate_addrs) (Elf_Ehdr *e, struct section_metadata *smd,
                  */
 
                 sym_addr += addend;
@@ -34,6 +35,3 @@ index 00f49ccaa..ac677d03d 100644
 
                 switch (ELF_R_TYPE (info))
                   {
-- 
-2.31.1
diff --git a/meta/recipes-bsp/grub/files/0001-configure-Remove-obsoleted-malign-jumps-loops-functi.patch b/meta/recipes-bsp/grub/files/0001-configure-Remove-obsoleted-malign-jumps-loops-functi.patch
deleted file mode 100644
index 98142a7b60..0000000000
--- a/meta/recipes-bsp/grub/files/0001-configure-Remove-obsoleted-malign-jumps-loops-functi.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-From eb486898dac8cbc29b2cc39f911b657c3417ae34 Mon Sep 17 00:00:00 2001
-From: Fangrui Song via Grub-devel <grub-devel@gnu.org>
-Date: Thu, 26 Aug 2021 09:02:31 -0700
-Subject: [PATCH 1/2] configure: Remove obsoleted -malign-{jumps, loops,
- functions}
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-The GCC warns "cc1: warning: ‘-malign-loops’ is obsolete, use ‘-falign-loops’".
-The Clang silently ignores -malign-{jumps,loops,functions}.
-The preferred -falign-* forms have been supported since GCC 3.2. So, just
-remove -malign-{jumps,loops,functions}.
-Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=eb486898dac8cbc29b2cc39f911b657c3417ae34]
-Signed-off-by: Fangrui Song <maskray@google.com>
-Acked-by: Paul Menzel <pmenzel@molgen.mpg.de>
-Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
- configure.ac | 9 ---------
- 1 file changed, 9 deletions(-)
-diff --git a/configure.ac b/configure.ac
-index bee28dbeb..9a12151bd 100644
--- a/configure.ac
-+++ b/configure.ac
-@@ -805,17 +805,8 @@ if test "x$target_cpu" = xi386; then
-        [grub_cv_cc_falign_loop=no])
-   ])
- 
-  AC_CACHE_CHECK([whether -malign-loops works], [grub_cv_cc_malign_loop], [
-    CFLAGS="$TARGET_CFLAGS -malign-loops=1 -Werror"
-    AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[]])],
-        [grub_cv_cc_malign_loop=yes],
-       [grub_cv_cc_malign_loop=no])
-  ])
-
-   if test "x$grub_cv_cc_falign_loop" = xyes; then
-     TARGET_CFLAGS="$TARGET_CFLAGS -falign-jumps=1 -falign-loops=1 -falign-functions=1"
-  elif test "x$grub_cv_cc_malign_loop" = xyes; then
-    TARGET_CFLAGS="$TARGET_CFLAGS -malign-jumps=1 -malign-loops=1 -malign-functions=1"
-   fi
- fi
- 
-- 
-2.37.3
diff --git a/meta/recipes-bsp/grub/files/0001-configure.ac-Use-_zicsr_zifencei-extentions-on-riscv.patch b/meta/recipes-bsp/grub/files/0001-configure.ac-Use-_zicsr_zifencei-extentions-on-riscv.patch
deleted file mode 100644
index c575a31161..0000000000
--- a/meta/recipes-bsp/grub/files/0001-configure.ac-Use-_zicsr_zifencei-extentions-on-riscv.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-From f1217c803cec90813eb834dde7829f4961b2a2e4 Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Thu, 17 Feb 2022 15:07:02 -0800
-Subject: [PATCH] configure.ac: Use _zicsr_zifencei extentions on riscv
-From version 2.38, binutils defaults to ISA spec version 20191213. This
-means that the csr read/write (csrr*/csrw*) instructions and fence.i
-instruction has separated from the `I` extension, become two standalone
-extensions: Zicsr and Zifencei.
-The fix is to specify those extensions explicitely in -march. Since we
-are now using binutils 2.38+ in OE this is ok, a more upstreamable fix for
-grub will be to detect these extentions, however thats not easy to
-implement
-Upstream-Status: Inappropriate [OE specific]
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
- configure.ac | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-diff --git a/configure.ac b/configure.ac
-index c7fc55a..072f2c9 100644
--- a/configure.ac
-+++ b/configure.ac
-@@ -849,14 +849,14 @@ if test x"$platform" != xemu ; then
-                         [grub_cv_target_cc_soft_float="-mgeneral-regs-only"], [])
-     fi
-     if test "x$target_cpu" = xriscv32; then
-       CFLAGS="$TARGET_CFLAGS -march=rv32imac -mabi=ilp32 -Werror"
-+       CFLAGS="$TARGET_CFLAGS -march=rv32imac_zicsr_zifencei -mabi=ilp32 -Werror"
-        AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[]])],
-                        [grub_cv_target_cc_soft_float="-march=rv32imac -mabi=ilp32"], [])
-+                        [grub_cv_target_cc_soft_float="-march=rv32imac_zicsr_zifencei -mabi=ilp32"], [])
-     fi
-     if test "x$target_cpu" = xriscv64; then
-       CFLAGS="$TARGET_CFLAGS -march=rv64imac -mabi=lp64 -Werror"
-+       CFLAGS="$TARGET_CFLAGS -march=rv64imac_zicsr_zifencei -mabi=lp64 -Werror"
-        AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[]])],
-                        [grub_cv_target_cc_soft_float="-march=rv64imac -mabi=lp64"], [])
-+                        [grub_cv_target_cc_soft_float="-march=rv64imac_zicsr_zifencei -mabi=lp64"], [])
-     fi
-     if test "x$target_cpu" = xia64; then
-        CFLAGS="$TARGET_CFLAGS -mno-inline-float-divide -mno-inline-sqrt -Werror"
-- 
-2.35.1
diff --git a/meta/recipes-bsp/grub/files/0001-grub.d-10_linux.in-add-oe-s-kernel-name.patch b/meta/recipes-bsp/grub/files/0001-grub.d-10_linux.in-add-oe-s-kernel-name.patch
index 69b04aa56f..69dec7695a 100644
--- a/meta/recipes-bsp/grub/files/0001-grub.d-10_linux.in-add-oe-s-kernel-name.patch
+++ b/meta/recipes-bsp/grub/files/0001-grub.d-10_linux.in-add-oe-s-kernel-name.patch
@@ -1,4 +1,4 @@
-From 8f47ed4aaefba087b6ca76e59c9f832b6a0702bc Mon Sep 17 00:00:00 2001
+From a80592e20f6c4b928a22862f52f268ab9d9908b2 Mon Sep 17 00:00:00 2001
 From: Khem Raj <raj.khem@gmail.com>
 Date: Wed, 13 Jan 2016 19:28:00 +0000
 Subject: [PATCH] grub.d/10_linux.in: add oe's kernel name
@@ -20,10 +20,10 @@ Upstream-Status: Inappropriate [OE specific]
 2 files changed, 4 insertions(+), 4 deletions(-)
 diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in
-index 4532266..cba2617 100644
+index cc393be..8545cb6 100644
 --- a/util/grub.d/10_linux.in
 +++ b/util/grub.d/10_linux.in
-@@ -164,12 +164,12 @@ machine=`uname -m`
+@@ -166,12 +166,12 @@ machine=`uname -m`
 case "x$machine" in
     xi?86 | xx86_64)
        list=
@@ -40,10 +40,10 @@ index 4532266..cba2617 100644
        done ;;
 esac
 diff --git a/util/grub.d/20_linux_xen.in b/util/grub.d/20_linux_xen.in
-index 96179ea..98d16ae 100644
+index 94dd8be..36cd554 100644
 --- a/util/grub.d/20_linux_xen.in
 +++ b/util/grub.d/20_linux_xen.in
-@@ -154,7 +154,7 @@ EOF
+@@ -181,7 +181,7 @@ EOF
 }
 
 linux_list=
diff --git a/meta/recipes-bsp/grub/files/0001-misc-Implement-grub_strlcpy.patch b/meta/recipes-bsp/grub/files/0001-misc-Implement-grub_strlcpy.patch
new file mode 100644
index 0000000000..0ff6dff33a
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/0001-misc-Implement-grub_strlcpy.patch
@@ -0,0 +1,68 @@
+From ea703528a8581a2ea7e0bad424a70fdf0aec7d8f Mon Sep 17 00:00:00 2001
+From: B Horn <b@horn.uk>
+Date: Sat, 15 Jun 2024 02:33:08 +0100
+Subject: [PATCH 1/2] misc: Implement grub_strlcpy()
+grub_strlcpy() acts the same way as strlcpy() does on most *NIX,
+returning the length of src and ensuring dest is always NUL
+terminated except when size is 0.
+Signed-off-by: B Horn <b@horn.uk>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=ea703528a8581a2ea7e0bad424a70fdf0aec7d8f]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ include/grub/misc.h | 39 +++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 39 insertions(+)
+diff --git a/include/grub/misc.h b/include/grub/misc.h
+index 1578f36c3..14d8f37ac 100644
+--- a/include/grub/misc.h
+++ b/include/grub/misc.h
+@@ -64,6 +64,45 @@ grub_stpcpy (char *dest, const char *src)
+   return d - 1;
+ }
+ 
+static inline grub_size_t
+grub_strlcpy (char *dest, const char *src, grub_size_t size)
+{
+  char *d = dest;
+  grub_size_t res = 0;
+  /*
+   * We do not subtract one from size here to avoid dealing with underflowing
+   * the value, which is why to_copy is always checked to be greater than one
+   * throughout this function.
+   */
+  grub_size_t to_copy = size;
+
+  /* Copy size - 1 bytes to dest. */
+  if (to_copy > 1)
+    while ((*d++ = *src++) != '\0' && ++res && --to_copy > 1)
+      ;
+
+  /*
+   * NUL terminate if size != 0. The previous step may have copied a NUL byte
+   * if it reached the end of the string, but we know dest[size - 1] must always
+   * be a NUL byte.
+   */
+  if (size != 0)
+    dest[size - 1] = '\0';
+
+  /* If there is still space in dest, but are here, we reached the end of src. */
+  if (to_copy > 1)
+    return res;
+
+  /*
+   * If we haven't reached the end of the string, iterate through to determine
+   * the strings total length.
+   */
+  while (*src++ != '\0' && ++res)
+   ;
+
+  return res;
+}
+
+ /* XXX: If grub_memmove is too slow, we must implement grub_memcpy.  */
+ static inline void *
+ grub_memcpy (void *dest, const void *src, grub_size_t n)
diff --git a/meta/recipes-bsp/grub/files/0002-configure-Check-for-falign-jumps-1-beside-falign-loo.patch b/meta/recipes-bsp/grub/files/0002-configure-Check-for-falign-jumps-1-beside-falign-loo.patch
deleted file mode 100644
index 437e5b29b2..0000000000
--- a/meta/recipes-bsp/grub/files/0002-configure-Check-for-falign-jumps-1-beside-falign-loo.patch
+++ /dev/null
@@ -1,59 +0,0 @@
-From e372dcb0d4541ee9b9682cde088ec87a7b238ca2 Mon Sep 17 00:00:00 2001
-From: Fangrui Song via Grub-devel <grub-devel@gnu.org>
-Date: Thu, 26 Aug 2021 09:02:32 -0700
-Subject: [PATCH 2/2] configure: Check for -falign-jumps=1 beside
- -falign-loops=1
-The Clang does not support -falign-jumps and only recently gained support
-for -falign-loops. The -falign-jumps=1 should be tested beside
-fliang-loops=1 to avoid passing unrecognized options to the Clang:
-  clang-14: error: optimization flag '-falign-jumps=1' is not supported [-Werror,-Wignored-optimization-argument]
-The -falign-functions=1 is supported by GCC 5.1.0/Clang 3.8.0. So, just
-add the option unconditionally.
-Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=e372dcb0d4541ee9b9682cde088ec87a7b238ca2]
-Signed-off-by: Fangrui Song <maskray@google.com>
-Acked-by: Paul Menzel <pmenzel@molgen.mpg.de>
-Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
- configure.ac | 15 ++++++++++++++-
- 1 file changed, 14 insertions(+), 1 deletion(-)
-diff --git a/configure.ac b/configure.ac
-index 9a12151bd..eeb5d2211 100644
--- a/configure.ac
-+++ b/configure.ac
-@@ -798,6 +798,8 @@ fi
- 
- # Force no alignment to save space on i386.
- if test "x$target_cpu" = xi386; then
-+  TARGET_CFLAGS="$TARGET_CFLAGS -falign-functions=1"
-+
-   AC_CACHE_CHECK([whether -falign-loops works], [grub_cv_cc_falign_loop], [
-     CFLAGS="$TARGET_CFLAGS -falign-loops=1 -Werror"
-     AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[]])],
-@@ -806,7 +808,18 @@ if test "x$target_cpu" = xi386; then
-   ])
- 
-   if test "x$grub_cv_cc_falign_loop" = xyes; then
-    TARGET_CFLAGS="$TARGET_CFLAGS -falign-jumps=1 -falign-loops=1 -falign-functions=1"
-+    TARGET_CFLAGS="$TARGET_CFLAGS -falign-loops=1"
-+  fi
-+
-+  AC_CACHE_CHECK([whether -falign-jumps works], [grub_cv_cc_falign_jumps], [
-+    CFLAGS="$TARGET_CFLAGS -falign-jumps=1 -Werror"
-+    AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[]])],
-+        [grub_cv_cc_falign_jumps=yes],
-+        [grub_cv_cc_falign_jumps=no])
-+  ])
-+
-+  if test "x$grub_cv_cc_falign_jumps" = xyes; then
-+    TARGET_CFLAGS="$TARGET_CFLAGS -falign-jumps=1"
-   fi
- fi
- 
-- 
-2.37.3
diff --git a/meta/recipes-bsp/grub/files/CVE-2021-3695-video-readers-png-Drop-greyscale-support-to-fix-heap.patch b/meta/recipes-bsp/grub/files/CVE-2021-3695-video-readers-png-Drop-greyscale-support-to-fix-heap.patch
deleted file mode 100644
index 7f7bb1acfe..0000000000
--- a/meta/recipes-bsp/grub/files/CVE-2021-3695-video-readers-png-Drop-greyscale-support-to-fix-heap.patch
+++ /dev/null
@@ -1,179 +0,0 @@
-From e623866d9286410156e8b9d2c82d6253a1b22d08 Mon Sep 17 00:00:00 2001
-From: Daniel Axtens <dja@axtens.net>
-Date: Tue, 6 Jul 2021 18:51:35 +1000
-Subject: [PATCH] video/readers/png: Drop greyscale support to fix heap
- out-of-bounds write
-A 16-bit greyscale PNG without alpha is processed in the following loop:
-      for (i = 0; i < (data->image_width * data->image_height);
-           i++, d1 += 4, d2 += 2)
-        {
-          d1[R3] = d2[1];
-          d1[G3] = d2[1];
-          d1[B3] = d2[1];
-        }
-The increment of d1 is wrong. d1 is incremented by 4 bytes per iteration,
-but there are only 3 bytes allocated for storage. This means that image
-data will overwrite somewhat-attacker-controlled parts of memory - 3 bytes
-out of every 4 following the end of the image.
-This has existed since greyscale support was added in 2013 in commit
-3ccf16dff98f (grub-core/video/readers/png.c: Support grayscale).
-Saving starfield.png as a 16-bit greyscale image without alpha in the gimp
-and attempting to load it causes grub-emu to crash - I don't think this code
-has ever worked.
-Delete all PNG greyscale support.
-Fixes: CVE-2021-3695
-Signed-off-by: Daniel Axtens <dja@axtens.net>
-Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
-Upstream-Status: Backport
-CVE: CVE-2021-3695
-Reference to upstream patch:
-https://git.savannah.gnu.org/cgit/grub.git/commit/?id=e623866d9286410156e8b9d2c82d6253a1b22d08
-Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
---
- grub-core/video/readers/png.c | 87 +++--------------------------------
- 1 file changed, 7 insertions(+), 80 deletions(-)
-diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c
-index 35ae553c8..a3161e25b 100644
--- a/grub-core/video/readers/png.c
-+++ b/grub-core/video/readers/png.c
-@@ -100,7 +100,7 @@ struct grub_png_data
- 
-   unsigned image_width, image_height;
-   int bpp, is_16bit;
-  int raw_bytes, is_gray, is_alpha, is_palette;
-+  int raw_bytes, is_alpha, is_palette;
-   int row_bytes, color_bits;
-   grub_uint8_t *image_data;
- 
-@@ -296,13 +296,13 @@ grub_png_decode_image_header (struct grub_png_data *data)
-     data->bpp = 3;
-   else
-     {
-      data->is_gray = 1;
-      data->bpp = 1;
-+      return grub_error (GRUB_ERR_BAD_FILE_TYPE,
-+                        "png: color type not supported");
-     }
- 
-   if ((color_bits != 8) && (color_bits != 16)
-       && (color_bits != 4
-         || !(data->is_gray || data->is_palette)))
-+         || !data->is_palette))
-     return grub_error (GRUB_ERR_BAD_FILE_TYPE,
-                        "png: bit depth must be 8 or 16");
- 
-@@ -331,7 +331,7 @@ grub_png_decode_image_header (struct grub_png_data *data)
-     }
- 
- #ifndef GRUB_CPU_WORDS_BIGENDIAN
-  if (data->is_16bit || data->is_gray || data->is_palette)
-+  if (data->is_16bit || data->is_palette)
- #endif
-     {
-       data->image_data = grub_calloc (data->image_height, data->row_bytes);
-@@ -899,27 +899,8 @@ grub_png_convert_image (struct grub_png_data *data)
-       int shift;
-       int mask = (1 << data->color_bits) - 1;
-       unsigned j;
-      if (data->is_gray)
-       {
-         /* Generic formula is
-            (0xff * i) / ((1U << data->color_bits) - 1)
-            but for allowed bit depth of 1, 2 and for it's
-            equivalent to
-            (0xff / ((1U << data->color_bits) - 1)) * i
-            Precompute the multipliers to avoid division.
-         */
-
-         const grub_uint8_t multipliers[5] = { 0xff, 0xff, 0x55, 0x24, 0x11 };
-         for (i = 0; i < (1U << data->color_bits); i++)
-           {
-             grub_uint8_t col = multipliers[data->color_bits] * i;
-             palette[i][0] = col;
-             palette[i][1] = col;
-             palette[i][2] = col;
-           }
-       }
-      else
-       grub_memcpy (palette, data->palette, 3 << data->color_bits);
-+
-+      grub_memcpy (palette, data->palette, 3 << data->color_bits);
-       d1c = d1;
-       d2c = d2;
-       for (j = 0; j < data->image_height; j++, d1c += data->image_width * 3,
-@@ -957,60 +938,6 @@ grub_png_convert_image (struct grub_png_data *data)
-       return;
-     }
- 
-  if (data->is_gray)
-    {
-      switch (data->bpp)
-       {
-       case 4:
-         /* 16-bit gray with alpha.  */
-         for (i = 0; i < (data->image_width * data->image_height);
-              i++, d1 += 4, d2 += 4)
-           {
-             d1[R4] = d2[3];
-             d1[G4] = d2[3];
-             d1[B4] = d2[3];
-             d1[A4] = d2[1];
-           }
-         break;
-       case 2:
-         if (data->is_16bit)
-           /* 16-bit gray without alpha.  */
-           {
-             for (i = 0; i < (data->image_width * data->image_height);
-                  i++, d1 += 4, d2 += 2)
-               {
-                 d1[R3] = d2[1];
-                 d1[G3] = d2[1];
-                 d1[B3] = d2[1];
-               }
-           }
-         else
-           /* 8-bit gray with alpha.  */
-           {
-             for (i = 0; i < (data->image_width * data->image_height);
-                  i++, d1 += 4, d2 += 2)
-               {
-                 d1[R4] = d2[1];
-                 d1[G4] = d2[1];
-                 d1[B4] = d2[1];
-                 d1[A4] = d2[0];
-               }
-           }
-         break;
-         /* 8-bit gray without alpha.  */
-       case 1:
-         for (i = 0; i < (data->image_width * data->image_height);
-              i++, d1 += 3, d2++)
-           {
-             d1[R3] = d2[0];
-             d1[G3] = d2[0];
-             d1[B3] = d2[0];
-           }
-         break;
-       }
-      return;
-    }
-
-     {
-   /* Only copy the upper 8 bit.  */
- #ifndef GRUB_CPU_WORDS_BIGENDIAN
-- 
-2.34.1
diff --git a/meta/recipes-bsp/grub/files/CVE-2021-3696-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff.patch b/meta/recipes-bsp/grub/files/CVE-2021-3696-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff.patch
deleted file mode 100644
index f06514e665..0000000000
--- a/meta/recipes-bsp/grub/files/CVE-2021-3696-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From 210245129c932dc9e1c2748d9d35524fb95b5042 Mon Sep 17 00:00:00 2001
-From: Daniel Axtens <dja@axtens.net>
-Date: Tue, 6 Jul 2021 23:25:07 +1000
-Subject: [PATCH] video/readers/png: Avoid heap OOB R/W inserting huff table
- items
-In fuzzing we observed crashes where a code would attempt to be inserted
-into a huffman table before the start, leading to a set of heap OOB reads
-and writes as table entries with negative indices were shifted around and
-the new code written in.
-Catch the case where we would underflow the array and bail.
-Fixes: CVE-2021-3696
-Signed-off-by: Daniel Axtens <dja@axtens.net>
-Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
-Upstream-Status: Backport
-CVE: CVE-2021-3696
-Reference to upstream patch:
-https://git.savannah.gnu.org/cgit/grub.git/commit/?id=210245129c932dc9e1c2748d9d35524fb95b5042
-Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
---
- grub-core/video/readers/png.c | 7 +++++++
- 1 file changed, 7 insertions(+)
-diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c
-index a3161e25b..d7ed5aa6c 100644
--- a/grub-core/video/readers/png.c
-+++ b/grub-core/video/readers/png.c
-@@ -438,6 +438,13 @@ grub_png_insert_huff_item (struct huff_table *ht, int code, int len)
-   for (i = len; i < ht->max_length; i++)
-     n += ht->maxval[i];
- 
-+  if (n > ht->num_values)
-+    {
-+      grub_error (GRUB_ERR_BAD_FILE_TYPE,
-+                 "png: out of range inserting huffman table item");
-+      return;
-+    }
-+
-   for (i = 0; i < n; i++)
-     ht->values[ht->num_values - i] = ht->values[ht->num_values - i - 1];
- 
-- 
-2.34.1
diff --git a/meta/recipes-bsp/grub/files/CVE-2021-3697-video-readers-jpeg-Block-int-underflow-wild-pointer.patch b/meta/recipes-bsp/grub/files/CVE-2021-3697-video-readers-jpeg-Block-int-underflow-wild-pointer.patch
deleted file mode 100644
index e9fc52df86..0000000000
--- a/meta/recipes-bsp/grub/files/CVE-2021-3697-video-readers-jpeg-Block-int-underflow-wild-pointer.patch
+++ /dev/null
@@ -1,84 +0,0 @@
-From 22a3f97d39f6a10b08ad7fd1cc47c4dcd10413f6 Mon Sep 17 00:00:00 2001
-From: Daniel Axtens <dja@axtens.net>
-Date: Wed, 7 Jul 2021 15:38:19 +1000
-Subject: [PATCH] video/readers/jpeg: Block int underflow -> wild pointer write
-Certain 1 px wide images caused a wild pointer write in
-grub_jpeg_ycrcb_to_rgb(). This was caused because in grub_jpeg_decode_data(),
-we have the following loop:
-for (; data->r1 < nr1 && (!data->dri || rst);
-     data->r1++, data->bitmap_ptr += (vb * data->image_width - hb * nc1) * 3)
-We did not check if vb * width >= hb * nc1.
-On a 64-bit platform, if that turns out to be negative, it will underflow,
-be interpreted as unsigned 64-bit, then be added to the 64-bit pointer, so
-we see data->bitmap_ptr jump, e.g.:
-0x6180_0000_0480 to
-0x6181_0000_0498
-     ^
-     ~--- carry has occurred and this pointer is now far away from
-          any object.
-On a 32-bit platform, it will decrement the pointer, creating a pointer
-that won't crash but will overwrite random data.
-Catch the underflow and error out.
-Fixes: CVE-2021-3697
-Signed-off-by: Daniel Axtens <dja@axtens.net>
-Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
-Upstream-Status: Backport
-CVE: CVE-2021-3697
-Reference to upstream patch:
-https://git.savannah.gnu.org/cgit/grub.git/commit/?id=22a3f97d39f6a10b08ad7fd1cc47c4dcd10413f6
-Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
---
- grub-core/video/readers/jpeg.c | 10 +++++++++-
- 1 file changed, 9 insertions(+), 1 deletion(-)
-diff --git a/grub-core/video/readers/jpeg.c b/grub-core/video/readers/jpeg.c
-index 579bbe8a4..09596fbf5 100644
--- a/grub-core/video/readers/jpeg.c
-+++ b/grub-core/video/readers/jpeg.c
-@@ -23,6 +23,7 @@
- #include <grub/mm.h>
- #include <grub/misc.h>
- #include <grub/bufio.h>
-+#include <grub/safemath.h>
- 
- GRUB_MOD_LICENSE ("GPLv3+");
- 
-@@ -699,6 +700,7 @@ static grub_err_t
- grub_jpeg_decode_data (struct grub_jpeg_data *data)
- {
-   unsigned c1, vb, hb, nr1, nc1;
-+  unsigned stride_a, stride_b, stride;
-   int rst = data->dri;
-   grub_err_t err = GRUB_ERR_NONE;
- 
-@@ -711,8 +713,14 @@ grub_jpeg_decode_data (struct grub_jpeg_data *data)
-     return grub_error (GRUB_ERR_BAD_FILE_TYPE,
-                       "jpeg: attempted to decode data before start of stream");
- 
-+  if (grub_mul(vb, data->image_width, &stride_a) ||
-+      grub_mul(hb, nc1, &stride_b) ||
-+      grub_sub(stride_a, stride_b, &stride))
-+    return grub_error (GRUB_ERR_BAD_FILE_TYPE,
-+                      "jpeg: cannot decode image with these dimensions");
-+
-   for (; data->r1 < nr1 && (!data->dri || rst);
-       data->r1++, data->bitmap_ptr += (vb * data->image_width - hb * nc1) * 3)
-+       data->r1++, data->bitmap_ptr += stride * 3)
-     for (c1 = 0;  c1 < nc1 && (!data->dri || rst);
-        c1++, rst--, data->bitmap_ptr += hb * 3)
-       {
-- 
-2.34.1
diff --git a/meta/recipes-bsp/grub/files/CVE-2021-3981-grub-mkconfig-Restore-umask-for-the-grub.cfg.patch b/meta/recipes-bsp/grub/files/CVE-2021-3981-grub-mkconfig-Restore-umask-for-the-grub.cfg.patch
deleted file mode 100644
index dae26fd8bb..0000000000
--- a/meta/recipes-bsp/grub/files/CVE-2021-3981-grub-mkconfig-Restore-umask-for-the-grub.cfg.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From 0adec29674561034771c13e446069b41ef41e4d4 Mon Sep 17 00:00:00 2001
-From: Michael Chang <mchang@suse.com>
-Date: Fri, 3 Dec 2021 16:13:28 +0800
-Subject: [PATCH] grub-mkconfig: Restore umask for the grub.cfg
-The commit ab2e53c8a (grub-mkconfig: Honor a symlink when generating
-configuration by grub-mkconfig) has inadvertently discarded umask for
-creating grub.cfg in the process of running grub-mkconfig. The resulting
-wrong permission (0644) would allow unprivileged users to read GRUB
-configuration file content. This presents a low confidentiality risk
-as grub.cfg may contain non-secured plain-text passwords.
-This patch restores the missing umask and sets the creation file mode
-to 0600 preventing unprivileged access.
-Fixes: CVE-2021-3981
-Signed-off-by: Michael Chang <mchang@suse.com>
-Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
-Upstream-Status: Backport
-CVE: CVE-2021-3981
-Reference to upstream patch:
-https://git.savannah.gnu.org/cgit/grub.git/commit/?id=0adec29674561034771c13e446069b41ef41e4d4
-Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
---
- util/grub-mkconfig.in | 3 +++
- 1 file changed, 3 insertions(+)
-diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in
-index c3ea7612e..62335d027 100644
--- a/util/grub-mkconfig.in
-+++ b/util/grub-mkconfig.in
-@@ -301,7 +301,10 @@ and /etc/grub.d/* files or please file a bug report with
-     exit 1
-   else
-     # none of the children aborted with error, install the new grub.cfg
-+    oldumask=$(umask)
-+    umask 077
-     cat ${grub_cfg}.new > ${grub_cfg}
-+    umask $oldumask
-     rm -f ${grub_cfg}.new
-   fi
- fi
-- 
-2.31.1
diff --git a/meta/recipes-bsp/grub/files/CVE-2022-28733-net-ip-Do-IP-fragment-maths-safely.patch b/meta/recipes-bsp/grub/files/CVE-2022-28733-net-ip-Do-IP-fragment-maths-safely.patch
deleted file mode 100644
index 8bf9090f94..0000000000
--- a/meta/recipes-bsp/grub/files/CVE-2022-28733-net-ip-Do-IP-fragment-maths-safely.patch
+++ /dev/null
@@ -1,63 +0,0 @@
-From 3e4817538de828319ba6d59ced2fbb9b5ca13287 Mon Sep 17 00:00:00 2001
-From: Daniel Axtens <dja@axtens.net>
-Date: Mon, 20 Dec 2021 19:41:21 +1100
-Subject: [PATCH] net/ip: Do IP fragment maths safely
-We can receive packets with invalid IP fragmentation information. This
-can lead to rsm->total_len underflowing and becoming very large.
-Then, in grub_netbuff_alloc(), we add to this very large number, which can
-cause it to overflow and wrap back around to a small positive number.
-The allocation then succeeds, but the resulting buffer is too small and
-subsequent operations can write past the end of the buffer.
-Catch the underflow here.
-Fixes: CVE-2022-28733
-Signed-off-by: Daniel Axtens <dja@axtens.net>
-Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
-Upstream-Status: Backport
-CVE: CVE-2022-28733
-Reference to upstream patch:
-https://git.savannah.gnu.org/cgit/grub.git/commit/?id=3e4817538de828319ba6d59ced2fbb9b5ca13287
-Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
---
- grub-core/net/ip.c | 10 +++++++++-
- 1 file changed, 9 insertions(+), 1 deletion(-)
-diff --git a/grub-core/net/ip.c b/grub-core/net/ip.c
-index e3d62e97f..3c3d0be0e 100644
--- a/grub-core/net/ip.c
-+++ b/grub-core/net/ip.c
-@@ -25,6 +25,7 @@
- #include <grub/net/netbuff.h>
- #include <grub/mm.h>
- #include <grub/priority_queue.h>
-+#include <grub/safemath.h>
- #include <grub/time.h>
- 
- struct iphdr {
-@@ -512,7 +513,14 @@ grub_net_recv_ip4_packets (struct grub_net_buff *nb,
-     {
-       rsm->total_len = (8 * (grub_be_to_cpu16 (iph->frags) & OFFSET_MASK)
-                        + (nb->tail - nb->data));
-      rsm->total_len -= ((iph->verhdrlen & 0xf) * sizeof (grub_uint32_t));
-+
-+      if (grub_sub (rsm->total_len, (iph->verhdrlen & 0xf) * sizeof (grub_uint32_t),
-+                   &rsm->total_len))
-+       {
-+         grub_dprintf ("net", "IP reassembly size underflow\n");
-+         return GRUB_ERR_NONE;
-+       }
-+
-       rsm->asm_netbuff = grub_netbuff_alloc (rsm->total_len);
-       if (!rsm->asm_netbuff)
-        {
-- 
-2.34.1
diff --git a/meta/recipes-bsp/grub/files/CVE-2022-28734-net-http-Error-out-on-headers-with-LF-without-CR.patch b/meta/recipes-bsp/grub/files/CVE-2022-28734-net-http-Error-out-on-headers-with-LF-without-CR.patch
deleted file mode 100644
index f31167d315..0000000000
--- a/meta/recipes-bsp/grub/files/CVE-2022-28734-net-http-Error-out-on-headers-with-LF-without-CR.patch
+++ /dev/null
@@ -1,58 +0,0 @@
-From b26b4c08e7119281ff30d0fb4a6169bd2afa8fe4 Mon Sep 17 00:00:00 2001
-From: Daniel Axtens <dja@axtens.net>
-Date: Tue, 8 Mar 2022 19:04:40 +1100
-Subject: [PATCH] net/http: Error out on headers with LF without CR
-In a similar vein to the previous patch, parse_line() would write
-a NUL byte past the end of the buffer if there was an HTTP header
-with a LF rather than a CRLF.
-RFC-2616 says:
-  Many HTTP/1.1 header field values consist of words separated by LWS
-  or special characters. These special characters MUST be in a quoted
-  string to be used within a parameter value (as defined in section 3.6).
-We don't support quoted sections or continuation lines, etc.
-If we see an LF that's not part of a CRLF, bail out.
-Fixes: CVE-2022-28734
-Signed-off-by: Daniel Axtens <dja@axtens.net>
-Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
-Upstream-Status: Backport
-CVE: CVE-2022-28734
-Reference to upstream patch:
-https://git.savannah.gnu.org/cgit/grub.git/commit/?id=b26b4c08e7119281ff30d0fb4a6169bd2afa8fe4
-Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
---
- grub-core/net/http.c | 8 ++++++++
- 1 file changed, 8 insertions(+)
-diff --git a/grub-core/net/http.c b/grub-core/net/http.c
-index 33a0a28c4..9291a13e2 100644
--- a/grub-core/net/http.c
-+++ b/grub-core/net/http.c
-@@ -68,7 +68,15 @@ parse_line (grub_file_t file, http_data_t data, char *ptr, grub_size_t len)
-   char *end = ptr + len;
-   while (end > ptr && *(end - 1) == '\r')
-     end--;
-+
-+  /* LF without CR. */
-+  if (end == ptr + len)
-+    {
-+      data->errmsg = grub_strdup (_("invalid HTTP header - LF without CR"));
-+      return GRUB_ERR_NONE;
-+    }
-   *end = 0;
-+
-   /* Trailing CRLF.  */
-   if (data->in_chunk_len == 1)
-     {
-- 
-2.34.1
diff --git a/meta/recipes-bsp/grub/files/CVE-2022-28734-net-http-Fix-OOB-write-for-split-http-headers.patch b/meta/recipes-bsp/grub/files/CVE-2022-28734-net-http-Fix-OOB-write-for-split-http-headers.patch
deleted file mode 100644
index e0ca1eec44..0000000000
--- a/meta/recipes-bsp/grub/files/CVE-2022-28734-net-http-Fix-OOB-write-for-split-http-headers.patch
+++ /dev/null
@@ -1,56 +0,0 @@
-From ec6bfd3237394c1c7dbf2fd73417173318d22f4b Mon Sep 17 00:00:00 2001
-From: Daniel Axtens <dja@axtens.net>
-Date: Tue, 8 Mar 2022 18:17:03 +1100
-Subject: [PATCH] net/http: Fix OOB write for split http headers
-GRUB has special code for handling an http header that is split
-across two packets.
-The code tracks the end of line by looking for a "\n" byte. The
-code for split headers has always advanced the pointer just past the
-end of the line, whereas the code that handles unsplit headers does
-not advance the pointer. This extra advance causes the length to be
-one greater, which breaks an assumption in parse_line(), leading to
-it writing a NUL byte one byte past the end of the buffer where we
-reconstruct the line from the two packets.
-It's conceivable that an attacker controlled set of packets could
-cause this to zero out the first byte of the "next" pointer of the
-grub_mm_region structure following the current_line buffer.
-Do not advance the pointer in the split header case.
-Fixes: CVE-2022-28734
-Signed-off-by: Daniel Axtens <dja@axtens.net>
-Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
-Upstream-Status: Backport
-CVE: CVE-2022-28734
-Reference to upstream patch:
-https://git.savannah.gnu.org/cgit/grub.git/commit/?id=ec6bfd3237394c1c7dbf2fd73417173318d22f4b
-Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
---
- grub-core/net/http.c | 4 +---
- 1 file changed, 1 insertion(+), 3 deletions(-)
-diff --git a/grub-core/net/http.c b/grub-core/net/http.c
-index f8d7bf0cd..33a0a28c4 100644
--- a/grub-core/net/http.c
-+++ b/grub-core/net/http.c
-@@ -190,9 +190,7 @@ http_receive (grub_net_tcp_socket_t sock __attribute__ ((unused)),
-          int have_line = 1;
-          char *t;
-          ptr = grub_memchr (nb->data, '\n', nb->tail - nb->data);
-         if (ptr)
-           ptr++;
-         else
-+         if (ptr == NULL)
-            {
-              have_line = 0;
-              ptr = (char *) nb->tail;
-- 
-2.34.1
diff --git a/meta/recipes-bsp/grub/files/CVE-2022-28735-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch b/meta/recipes-bsp/grub/files/CVE-2022-28735-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch
deleted file mode 100644
index 7a59f10bfb..0000000000
--- a/meta/recipes-bsp/grub/files/CVE-2022-28735-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch
+++ /dev/null
@@ -1,111 +0,0 @@
-From 6fe755c5c07bb386fda58306bfd19e4a1c974c53 Mon Sep 17 00:00:00 2001
-From: Julian Andres Klode <julian.klode@canonical.com>
-Date: Thu, 2 Dec 2021 15:03:53 +0100
-Subject: [PATCH] kern/efi/sb: Reject non-kernel files in the shim_lock
- verifier
-We must not allow other verifiers to pass things like the GRUB modules.
-Instead of maintaining a blocklist, maintain an allowlist of things
-that we do not care about.
-This allowlist really should be made reusable, and shared by the
-lockdown verifier, but this is the minimal patch addressing
-security concerns where the TPM verifier was able to mark modules
-as verified (or the OpenPGP verifier for that matter), when it
-should not do so on shim-powered secure boot systems.
-Fixes: CVE-2022-28735
-Signed-off-by: Julian Andres Klode <julian.klode@canonical.com>
-Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
-Upstream-Status: Backport
-CVE:CVE-2022-28735
-Reference to upstream patch:
-https://git.savannah.gnu.org/cgit/grub.git/commit/?id=6fe755c5c07bb386fda58306bfd19e4a1c974c53
-Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
---
- grub-core/kern/efi/sb.c | 39 ++++++++++++++++++++++++++++++++++++---
- include/grub/verify.h   |  1 +
- 2 files changed, 37 insertions(+), 3 deletions(-)
-diff --git a/grub-core/kern/efi/sb.c b/grub-core/kern/efi/sb.c
-index c52ec6226..89c4bb3fd 100644
--- a/grub-core/kern/efi/sb.c
-+++ b/grub-core/kern/efi/sb.c
-@@ -119,10 +119,11 @@ shim_lock_verifier_init (grub_file_t io __attribute__ ((unused)),
-                         void **context __attribute__ ((unused)),
-                         enum grub_verify_flags *flags)
- {
-  *flags = GRUB_VERIFY_FLAGS_SKIP_VERIFICATION;
-+  *flags = GRUB_VERIFY_FLAGS_NONE;
- 
-   switch (type & GRUB_FILE_TYPE_MASK)
-     {
-+    /* Files we check. */
-     case GRUB_FILE_TYPE_LINUX_KERNEL:
-     case GRUB_FILE_TYPE_MULTIBOOT_KERNEL:
-     case GRUB_FILE_TYPE_BSD_KERNEL:
-@@ -130,11 +131,43 @@ shim_lock_verifier_init (grub_file_t io __attribute__ ((unused)),
-     case GRUB_FILE_TYPE_PLAN9_KERNEL:
-     case GRUB_FILE_TYPE_EFI_CHAINLOADED_IMAGE:
-       *flags = GRUB_VERIFY_FLAGS_SINGLE_CHUNK;
-+      return GRUB_ERR_NONE;
- 
-      /* Fall through. */
-+    /* Files that do not affect secureboot state. */
-+    case GRUB_FILE_TYPE_NONE:
-+    case GRUB_FILE_TYPE_LOOPBACK:
-+    case GRUB_FILE_TYPE_LINUX_INITRD:
-+    case GRUB_FILE_TYPE_OPENBSD_RAMDISK:
-+    case GRUB_FILE_TYPE_XNU_RAMDISK:
-+    case GRUB_FILE_TYPE_SIGNATURE:
-+    case GRUB_FILE_TYPE_PUBLIC_KEY:
-+    case GRUB_FILE_TYPE_PUBLIC_KEY_TRUST:
-+    case GRUB_FILE_TYPE_PRINT_BLOCKLIST:
-+    case GRUB_FILE_TYPE_TESTLOAD:
-+    case GRUB_FILE_TYPE_GET_SIZE:
-+    case GRUB_FILE_TYPE_FONT:
-+    case GRUB_FILE_TYPE_ZFS_ENCRYPTION_KEY:
-+    case GRUB_FILE_TYPE_CAT:
-+    case GRUB_FILE_TYPE_HEXCAT:
-+    case GRUB_FILE_TYPE_CMP:
-+    case GRUB_FILE_TYPE_HASHLIST:
-+    case GRUB_FILE_TYPE_TO_HASH:
-+    case GRUB_FILE_TYPE_KEYBOARD_LAYOUT:
-+    case GRUB_FILE_TYPE_PIXMAP:
-+    case GRUB_FILE_TYPE_GRUB_MODULE_LIST:
-+    case GRUB_FILE_TYPE_CONFIG:
-+    case GRUB_FILE_TYPE_THEME:
-+    case GRUB_FILE_TYPE_GETTEXT_CATALOG:
-+    case GRUB_FILE_TYPE_FS_SEARCH:
-+    case GRUB_FILE_TYPE_LOADENV:
-+    case GRUB_FILE_TYPE_SAVEENV:
-+    case GRUB_FILE_TYPE_VERIFY_SIGNATURE:
-+      *flags = GRUB_VERIFY_FLAGS_SKIP_VERIFICATION;
-+      return GRUB_ERR_NONE;
- 
-+    /* Other files. */
-     default:
-      return GRUB_ERR_NONE;
-+      return grub_error (GRUB_ERR_ACCESS_DENIED, N_("prohibited by secure boot policy"));
-     }
- }
- 
-diff --git a/include/grub/verify.h b/include/grub/verify.h
-index cd129c398..672ae1692 100644
--- a/include/grub/verify.h
-+++ b/include/grub/verify.h
-@@ -24,6 +24,7 @@
- 
- enum grub_verify_flags
-   {
-+    GRUB_VERIFY_FLAGS_NONE             = 0,
-     GRUB_VERIFY_FLAGS_SKIP_VERIFICATION        = 1,
-     GRUB_VERIFY_FLAGS_SINGLE_CHUNK     = 2,
-     /* Defer verification to another authority. */
-- 
-2.34.1
diff --git a/meta/recipes-bsp/grub/files/CVE-2024-45774.patch b/meta/recipes-bsp/grub/files/CVE-2024-45774.patch
new file mode 100644
index 0000000000..55aecc17d7
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/CVE-2024-45774.patch
@@ -0,0 +1,37 @@
+From 2c34af908ebf4856051ed29e46d88abd2b20387f Mon Sep 17 00:00:00 2001
+From: Daniel Axtens <dja@axtens.net>
+Date: Fri, 8 Mar 2024 22:47:20 +1100
+Subject: [PATCH] video/readers/jpeg: Do not permit duplicate SOF0 markers in
+ JPEG
+Otherwise a subsequent header could change the height and width
+allowing future OOB writes.
+Fixes: CVE-2024-45774
+Reported-by: Nils Langius <nils@langius.de>
+Signed-off-by: Daniel Axtens <dja@axtens.net>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+CVE: CVE-2024-45774
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=2c34af908ebf4856051ed29e46d88abd2b20387f]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ grub-core/video/readers/jpeg.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+diff --git a/grub-core/video/readers/jpeg.c b/grub-core/video/readers/jpeg.c
+index ae634fd41..631a89356 100644
+--- a/grub-core/video/readers/jpeg.c
+++ b/grub-core/video/readers/jpeg.c
+@@ -339,6 +339,10 @@ grub_jpeg_decode_sof (struct grub_jpeg_data *data)
+   if (grub_errno != GRUB_ERR_NONE)
+     return grub_errno;
+ 
+  if (data->image_height != 0 || data->image_width != 0)
+    return grub_error (GRUB_ERR_BAD_FILE_TYPE,
+                      "jpeg: cannot have duplicate SOF0 markers");
+
+   if (grub_jpeg_get_byte (data) != 8)
+     return grub_error (GRUB_ERR_BAD_FILE_TYPE,
+                       "jpeg: only 8-bit precision is supported");
diff --git a/meta/recipes-bsp/grub/files/CVE-2024-45775.patch b/meta/recipes-bsp/grub/files/CVE-2024-45775.patch
new file mode 100644
index 0000000000..70492b8c2e
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/CVE-2024-45775.patch
@@ -0,0 +1,38 @@
+From 05be856a8c3aae41f5df90cab7796ab7ee34b872 Mon Sep 17 00:00:00 2001
+From: Lidong Chen <lidong.chen@oracle.com>
+Date: Fri, 22 Nov 2024 06:27:55 +0000
+Subject: [PATCH] commands/extcmd: Missing check for failed allocation
+The grub_extcmd_dispatcher() calls grub_arg_list_alloc() to allocate
+a grub_arg_list struct but it does not verify the allocation was successful.
+In case of failed allocation the NULL state pointer can be accessed in
+parse_option() through grub_arg_parse() which may lead to a security issue.
+Fixes: CVE-2024-45775
+Reported-by: Nils Langius <nils@langius.de>
+Signed-off-by: Lidong Chen <lidong.chen@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Reviewed-by: Alec Brown <alec.r.brown@oracle.com>
+CVE: CVE-2024-45775
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=05be856a8c3aae41f5df90cab7796ab7ee34b872]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ grub-core/commands/extcmd.c | 3 +++
+ 1 file changed, 3 insertions(+)
+diff --git a/grub-core/commands/extcmd.c b/grub-core/commands/extcmd.c
+index 90a5ca24a..c236be13a 100644
+--- a/grub-core/commands/extcmd.c
+++ b/grub-core/commands/extcmd.c
+@@ -49,6 +49,9 @@ grub_extcmd_dispatcher (struct grub_command *cmd, int argc, char **args,
+     }
+ 
+   state = grub_arg_list_alloc (ext, argc, args);
+  if (state == NULL)
+    return grub_errno;
+
+   if (grub_arg_parse (ext, argc, args, state, &new_args, &new_argc))
+     {
+       context.state = state;
diff --git a/meta/recipes-bsp/grub/files/CVE-2024-45776.patch b/meta/recipes-bsp/grub/files/CVE-2024-45776.patch
new file mode 100644
index 0000000000..8deea958b8
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/CVE-2024-45776.patch
@@ -0,0 +1,39 @@
+From 09bd6eb58b0f71ec273916070fa1e2de16897a91 Mon Sep 17 00:00:00 2001
+From: Lidong Chen <lidong.chen@oracle.com>
+Date: Fri, 22 Nov 2024 06:27:56 +0000
+Subject: [PATCH] gettext: Integer overflow leads to heap OOB write or read
+Calculation of ctx->grub_gettext_msg_list size in grub_mofile_open() may
+overflow leading to subsequent OOB write or read. This patch fixes the
+issue by replacing grub_zalloc() and explicit multiplication with
+grub_calloc() which does the same thing in safe manner.
+Fixes: CVE-2024-45776
+Reported-by: Nils Langius <nils@langius.de>
+Signed-off-by: Lidong Chen <lidong.chen@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Reviewed-by: Alec Brown <alec.r.brown@oracle.com>
+CVE: CVE-2024-45776
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=09bd6eb58b0f71ec273916070fa1e2de16897a91]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ grub-core/gettext/gettext.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+diff --git a/grub-core/gettext/gettext.c b/grub-core/gettext/gettext.c
+index e4f4f8ee6..63bb1ab73 100644
+--- a/grub-core/gettext/gettext.c
+++ b/grub-core/gettext/gettext.c
+@@ -323,8 +323,8 @@ grub_mofile_open (struct grub_gettext_context *ctx,
+   for (ctx->grub_gettext_max_log = 0; ctx->grub_gettext_max >> ctx->grub_gettext_max_log;
+        ctx->grub_gettext_max_log++);
+ 
+-  ctx->grub_gettext_msg_list = grub_zalloc (ctx->grub_gettext_max
+-                                           * sizeof (ctx->grub_gettext_msg_list[0]));
+  ctx->grub_gettext_msg_list = grub_calloc (ctx->grub_gettext_max,
+                                           sizeof (ctx->grub_gettext_msg_list[0]));
+   if (!ctx->grub_gettext_msg_list)
+     {
+       grub_file_close (fd);
diff --git a/meta/recipes-bsp/grub/files/CVE-2024-45777.patch b/meta/recipes-bsp/grub/files/CVE-2024-45777.patch
new file mode 100644
index 0000000000..0305a95fd5
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/CVE-2024-45777.patch
@@ -0,0 +1,57 @@
+From b970a5ed967816bbca8225994cd0ee2557bad515 Mon Sep 17 00:00:00 2001
+From: Lidong Chen <lidong.chen@oracle.com>
+Date: Fri, 22 Nov 2024 06:27:57 +0000
+Subject: [PATCH] gettext: Integer overflow leads to heap OOB write
+The size calculation of the translation buffer in
+grub_gettext_getstr_from_position() may overflow
+to 0 leading to heap OOB write. This patch fixes
+the issue by using grub_add() and checking for
+an overflow.
+Fixes: CVE-2024-45777
+Reported-by: Nils Langius <nils@langius.de>
+Signed-off-by: Lidong Chen <lidong.chen@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Reviewed-by: Alec Brown <alec.r.brown@oracle.com>
+CVE: CVE-2024-45777
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=b970a5ed967816bbca8225994cd0ee2557bad515]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ grub-core/gettext/gettext.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+diff --git a/grub-core/gettext/gettext.c b/grub-core/gettext/gettext.c
+index 63bb1ab73..9ffc73428 100644
+--- a/grub-core/gettext/gettext.c
+++ b/grub-core/gettext/gettext.c
+@@ -26,6 +26,7 @@
+ #include <grub/file.h>
+ #include <grub/kernel.h>
+ #include <grub/i18n.h>
+#include <grub/safemath.h>
+ 
+ GRUB_MOD_LICENSE ("GPLv3+");
+ 
+@@ -99,6 +100,7 @@ grub_gettext_getstr_from_position (struct grub_gettext_context *ctx,
+   char *translation;
+   struct string_descriptor desc;
+   grub_err_t err;
+  grub_size_t alloc_sz;
+ 
+   internal_position = (off + position * sizeof (desc));
+ 
+@@ -109,7 +111,10 @@ grub_gettext_getstr_from_position (struct grub_gettext_context *ctx,
+   length = grub_cpu_to_le32 (desc.length);
+   offset = grub_cpu_to_le32 (desc.offset);
+ 
+-  translation = grub_malloc (length + 1);
+  if (grub_add (length, 1, &alloc_sz))
+    return NULL;
+
+  translation = grub_malloc (alloc_sz);
+   if (!translation)
+     return NULL;
+ 
diff --git a/meta/recipes-bsp/grub/files/CVE-2024-45778_CVE-2024-45779.patch b/meta/recipes-bsp/grub/files/CVE-2024-45778_CVE-2024-45779.patch
new file mode 100644
index 0000000000..eba013897f
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/CVE-2024-45778_CVE-2024-45779.patch
@@ -0,0 +1,55 @@
+From 26db6605036bd9e5b16d9068a8cc75be63b8b630 Mon Sep 17 00:00:00 2001
+From: Daniel Axtens <dja@axtens.net>
+Date: Sat, 23 Mar 2024 15:59:43 +1100
+Subject: [PATCH] fs/bfs: Disable under lockdown
+The BFS is not fuzz-clean. Don't allow it to be loaded under lockdown.
+This will also disable the AFS.
+Fixes: CVE-2024-45778
+Fixes: CVE-2024-45779
+Reported-by: Nils Langius <nils@langius.de>
+Signed-off-by: Daniel Axtens <dja@axtens.net>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+CVE: CVE-2024-45778
+CVE: CVE-2024-45779
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ grub-core/fs/bfs.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+diff --git a/grub-core/fs/bfs.c b/grub-core/fs/bfs.c
+index 022f69fe2..78aeb051f 100644
+--- a/grub-core/fs/bfs.c
+++ b/grub-core/fs/bfs.c
+@@ -30,6 +30,7 @@
+ #include <grub/types.h>
+ #include <grub/i18n.h>
+ #include <grub/fshelp.h>
+#include <grub/lockdown.h>
+ 
+ GRUB_MOD_LICENSE ("GPLv3+");
+ 
+@@ -1106,7 +1107,10 @@ GRUB_MOD_INIT (bfs)
+ {
+   COMPILE_TIME_ASSERT (1 << LOG_EXTENT_SIZE ==
+                       sizeof (struct grub_bfs_extent));
+-  grub_fs_register (&grub_bfs_fs);
+  if (!grub_is_lockdown ())
+    {
+      grub_fs_register (&grub_bfs_fs);
+    }
+ }
+ 
+ #ifdef MODE_AFS
+@@ -1115,5 +1119,6 @@ GRUB_MOD_FINI (afs)
+ GRUB_MOD_FINI (bfs)
+ #endif
+ {
+-  grub_fs_unregister (&grub_bfs_fs);
+  if (!grub_is_lockdown ())
+    grub_fs_unregister (&grub_bfs_fs);
+ }
diff --git a/meta/recipes-bsp/grub/files/CVE-2024-45780.patch b/meta/recipes-bsp/grub/files/CVE-2024-45780.patch
new file mode 100644
index 0000000000..1de0099f94
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/CVE-2024-45780.patch
@@ -0,0 +1,93 @@
+From 0087bc6902182fe5cedce2d034c75a79cf6dd4f3 Mon Sep 17 00:00:00 2001
+From: Lidong Chen <lidong.chen@oracle.com>
+Date: Fri, 22 Nov 2024 06:27:58 +0000
+Subject: [PATCH] fs/tar: Integer overflow leads to heap OOB write
+Both namesize and linksize are derived from hd.size, a 12-digit octal
+number parsed by read_number(). Later direct arithmetic calculation like
+"namesize + 1" and "linksize + 1" may exceed the maximum value of
+grub_size_t leading to heap OOB write. This patch fixes the issue by
+using grub_add() and checking for an overflow.
+Fixes: CVE-2024-45780
+Reported-by: Nils Langius <nils@langius.de>
+Signed-off-by: Lidong Chen <lidong.chen@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Reviewed-by: Alec Brown <alec.r.brown@oracle.com>
+CVE: CVE-2024-45780
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=0087bc6902182fe5cedce2d034c75a79cf6dd4f3]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ grub-core/fs/tar.c | 23 ++++++++++++++++++-----
+ 1 file changed, 18 insertions(+), 5 deletions(-)
+diff --git a/grub-core/fs/tar.c b/grub-core/fs/tar.c
+index 646bce5eb..386c09022 100644
+--- a/grub-core/fs/tar.c
+++ b/grub-core/fs/tar.c
+@@ -25,6 +25,7 @@
+ #include <grub/mm.h>
+ #include <grub/dl.h>
+ #include <grub/i18n.h>
+#include <grub/safemath.h>
+ 
+ GRUB_MOD_LICENSE ("GPLv3+");
+ 
+@@ -76,6 +77,7 @@ grub_cpio_find_file (struct grub_archelp_data *data, char **name,
+ {
+   struct head hd;
+   int reread = 0, have_longname = 0, have_longlink = 0;
+  grub_size_t sz;
+ 
+   data->hofs = data->next_hofs;
+ 
+@@ -97,7 +99,11 @@ grub_cpio_find_file (struct grub_archelp_data *data, char **name,
+        {
+          grub_err_t err;
+          grub_size_t namesize = read_number (hd.size, sizeof (hd.size));
+-         *name = grub_malloc (namesize + 1);
+
+         if (grub_add (namesize, 1, &sz))
+           return grub_error (GRUB_ERR_BAD_FS, N_("name size overflow"));
+
+         *name = grub_malloc (sz);
+          if (*name == NULL)
+            return grub_errno;
+          err = grub_disk_read (data->disk, 0,
+@@ -117,15 +123,19 @@ grub_cpio_find_file (struct grub_archelp_data *data, char **name,
+        {
+          grub_err_t err;
+          grub_size_t linksize = read_number (hd.size, sizeof (hd.size));
+-         if (data->linkname_alloc < linksize + 1)
+
+         if (grub_add (linksize, 1, &sz))
+           return grub_error (GRUB_ERR_BAD_FS, N_("link size overflow"));
+
+         if (data->linkname_alloc < sz)
+            {
+              char *n;
+-             n = grub_calloc (2, linksize + 1);
+             n = grub_calloc (2, sz);
+              if (!n)
+                return grub_errno;
+              grub_free (data->linkname);
+              data->linkname = n;
+-             data->linkname_alloc = 2 * (linksize + 1);
+             data->linkname_alloc = 2 * (sz);
+            }
+ 
+          err = grub_disk_read (data->disk, 0,
+@@ -148,7 +158,10 @@ grub_cpio_find_file (struct grub_archelp_data *data, char **name,
+          while (extra_size < sizeof (hd.prefix)
+                 && hd.prefix[extra_size])
+            extra_size++;
+-         *name = grub_malloc (sizeof (hd.name) + extra_size + 2);
+
+         if (grub_add (sizeof (hd.name) + 2, extra_size, &sz))
+           return grub_error (GRUB_ERR_BAD_FS, N_("long name size overflow"));
+         *name = grub_malloc (sz);
+          if (*name == NULL)
+            return grub_errno;
+          if (hd.prefix[0])
diff --git a/meta/recipes-bsp/grub/files/CVE-2024-45781.patch b/meta/recipes-bsp/grub/files/CVE-2024-45781.patch
new file mode 100644
index 0000000000..bd0b6aa04a
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/CVE-2024-45781.patch
@@ -0,0 +1,35 @@
+From c1a291b01f4f1dcd6a22b61f1c81a45a966d16ba Mon Sep 17 00:00:00 2001
+From: B Horn <b@horn.uk>
+Date: Sun, 12 May 2024 02:03:33 +0100
+Subject: [PATCH 2/2] fs/ufs: Fix a heap OOB write
+grub_strcpy() was used to copy a symlink name from the filesystem
+image to a heap allocated buffer. This led to a OOB write to adjacent
+heap allocations. Fix by using grub_strlcpy().
+Fixes: CVE-2024-45781
+Reported-by: B Horn <b@horn.uk>
+Signed-off-by: B Horn <b@horn.uk>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+CVE: CVE-2024-45781
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=c1a291b01f4f1dcd6a22b61f1c81a45a966d16ba]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ grub-core/fs/ufs.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/grub-core/fs/ufs.c b/grub-core/fs/ufs.c
+index a354c92d9..01235101b 100644
+--- a/grub-core/fs/ufs.c
+++ b/grub-core/fs/ufs.c
+@@ -463,7 +463,7 @@ grub_ufs_lookup_symlink (struct grub_ufs_data *data, int ino)
+   /* Check against zero is paylindromic, no need to swap.  */
+   if (data->inode.nblocks == 0
+       && INODE_SIZE (data) <= sizeof (data->inode.symlink))
+-    grub_strcpy (symlink, (char *) data->inode.symlink);
+    grub_strlcpy (symlink, (char *) data->inode.symlink, sz);
+   else
+     {
+       if (grub_ufs_read_file (data, 0, 0, 0, sz, symlink) < 0)
diff --git a/meta/recipes-bsp/grub/files/CVE-2024-45782_CVE-2024-56737.patch b/meta/recipes-bsp/grub/files/CVE-2024-45782_CVE-2024-56737.patch
new file mode 100644
index 0000000000..41cc025b81
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/CVE-2024-45782_CVE-2024-56737.patch
@@ -0,0 +1,36 @@
+From 417547c10410b714e43f08f74137c24015f8f4c3 Mon Sep 17 00:00:00 2001
+From: B Horn <b@horn.uk>
+Date: Sun, 12 May 2024 02:48:33 +0100
+Subject: [PATCH] fs/hfs: Fix stack OOB write with grub_strcpy()
+Replaced with grub_strlcpy().
+Fixes: CVE-2024-45782
+Fixes: CVE-2024-56737
+Fixes: https://savannah.gnu.org/bugs/?66599
+Reported-by: B Horn <b@horn.uk>
+Signed-off-by: B Horn <b@horn.uk>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+CVE: CVE-2024-45782
+CVE: CVE-2024-56737
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=417547c10410b714e43f08f74137c24015f8f4c3]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ grub-core/fs/hfs.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/grub-core/fs/hfs.c b/grub-core/fs/hfs.c
+index 91dc0e69c..920112b03 100644
+--- a/grub-core/fs/hfs.c
+++ b/grub-core/fs/hfs.c
+@@ -379,7 +379,7 @@ grub_hfs_mount (grub_disk_t disk)
+      volume name.  */
+   key.parent_dir = grub_cpu_to_be32_compile_time (1);
+   key.strlen = data->sblock.volname[0];
+-  grub_strcpy ((char *) key.str, (char *) (data->sblock.volname + 1));
+  grub_strlcpy ((char *) key.str, (char *) (data->sblock.volname + 1), sizeof (key.str));
+ 
+   if (grub_hfs_find_node (data, (char *) &key, data->cat_root,
+                          0, (char *) &dir, sizeof (dir)) == 0)
diff --git a/meta/recipes-bsp/grub/files/CVE-2024-45783.patch b/meta/recipes-bsp/grub/files/CVE-2024-45783.patch
new file mode 100644
index 0000000000..99c769961b
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/CVE-2024-45783.patch
@@ -0,0 +1,39 @@
+From f7c070a2e28dfab7137db0739fb8db1dc02d8898 Mon Sep 17 00:00:00 2001
+From: B Horn <b@horn.uk>
+Date: Sun, 12 May 2024 06:22:51 +0100
+Subject: [PATCH] fs/hfsplus: Set a grub_errno if mount fails
+It was possible for mount to fail but not set grub_errno. This led to
+a possible double decrement of the module reference count if the NULL
+page was mapped.
+Fixing in general as a similar bug was fixed in commit 61b13c187
+(fs/hfsplus: Set grub_errno to prevent NULL pointer access) and there
+are likely more variants around.
+Fixes: CVE-2024-45783
+Reported-by: B Horn <b@horn.uk>
+Signed-off-by: B Horn <b@horn.uk>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+CVE: CVE-2024-45783
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=f7c070a2e28dfab7137db0739fb8db1dc02d8898]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ grub-core/fs/hfsplus.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/grub-core/fs/hfsplus.c b/grub-core/fs/hfsplus.c
+index 295822f69..de71fd486 100644
+--- a/grub-core/fs/hfsplus.c
+++ b/grub-core/fs/hfsplus.c
+@@ -405,7 +405,7 @@ grub_hfsplus_mount (grub_disk_t disk)
+ 
+  fail:
+ 
+-  if (grub_errno == GRUB_ERR_OUT_OF_RANGE)
+  if (grub_errno == GRUB_ERR_OUT_OF_RANGE || grub_errno == GRUB_ERR_NONE)
+     grub_error (GRUB_ERR_BAD_FS, "not a HFS+ filesystem");
+ 
+   grub_free (data);
diff --git a/meta/recipes-bsp/grub/files/CVE-2025-0622-01.patch b/meta/recipes-bsp/grub/files/CVE-2025-0622-01.patch
new file mode 100644
index 0000000000..09dbfce5f8
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/CVE-2025-0622-01.patch
@@ -0,0 +1,35 @@
+From 2123c5bca7e21fbeb0263df4597ddd7054700726 Mon Sep 17 00:00:00 2001
+From: B Horn <b@horn.uk>
+Date: Fri, 1 Nov 2024 19:24:29 +0000
+Subject: [PATCH 1/3] commands/pgp: Unregister the "check_signatures" hooks on
+ module unload
+If the hooks are not removed they can be called after the module has
+been unloaded leading to an use-after-free.
+Fixes: CVE-2025-0622
+Reported-by: B Horn <b@horn.uk>
+Signed-off-by: B Horn <b@horn.uk>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+CVE: CVE-2025-0622
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=2123c5bca7e21fbeb0263df4597ddd7054700726]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ grub-core/commands/pgp.c | 2 ++
+ 1 file changed, 2 insertions(+)
+diff --git a/grub-core/commands/pgp.c b/grub-core/commands/pgp.c
+index c6766f044..5fadc33c4 100644
+--- a/grub-core/commands/pgp.c
+++ b/grub-core/commands/pgp.c
+@@ -1010,6 +1010,8 @@ GRUB_MOD_INIT(pgp)
+ 
+ GRUB_MOD_FINI(pgp)
+ {
+  grub_register_variable_hook ("check_signatures", NULL, NULL);
+  grub_env_unset ("check_signatures");
+   grub_verifier_unregister (&grub_pubkey_verifier);
+   grub_unregister_extcmd (cmd);
+   grub_unregister_extcmd (cmd_trust);
diff --git a/meta/recipes-bsp/grub/files/CVE-2025-0622-02.patch b/meta/recipes-bsp/grub/files/CVE-2025-0622-02.patch
new file mode 100644
index 0000000000..be01da3355
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/CVE-2025-0622-02.patch
@@ -0,0 +1,41 @@
+From 9c16197734ada8d0838407eebe081117799bfe67 Mon Sep 17 00:00:00 2001
+From: B Horn <b@horn.uk>
+Date: Fri, 1 Nov 2024 23:46:55 +0000
+Subject: [PATCH 2/3] normal: Remove variables hooks on module unload
+The normal module does not entirely cleanup after itself in
+its GRUB_MOD_FINI() leaving a few variables hooks in place.
+It is not possible to unload normal module now but fix the
+issues for completeness.
+On the occasion replace 0s with NULLs for "pager" variable
+hooks unregister.
+Fixes: CVE-2025-0622
+Reported-by: B Horn <b@horn.uk>
+Signed-off-by: B Horn <b@horn.uk>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+CVE: CVE-2025-0622
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=9c16197734ada8d0838407eebe081117799bfe67]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ grub-core/normal/main.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+diff --git a/grub-core/normal/main.c b/grub-core/normal/main.c
+index 838f57fa5..04d058f55 100644
+--- a/grub-core/normal/main.c
+++ b/grub-core/normal/main.c
+@@ -582,7 +582,9 @@ GRUB_MOD_FINI(normal)
+   grub_xputs = grub_xputs_saved;
+ 
+   grub_set_history (0);
+-  grub_register_variable_hook ("pager", 0, 0);
+  grub_register_variable_hook ("pager", NULL, NULL);
+  grub_register_variable_hook ("color_normal", NULL, NULL);
+  grub_register_variable_hook ("color_highlight", NULL, NULL);
+   grub_fs_autoload_hook = 0;
+   grub_unregister_command (cmd_clear);
+ }
diff --git a/meta/recipes-bsp/grub/files/CVE-2025-0622-03.patch b/meta/recipes-bsp/grub/files/CVE-2025-0622-03.patch
new file mode 100644
index 0000000000..79078a4350
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/CVE-2025-0622-03.patch
@@ -0,0 +1,38 @@
+From 7580addfc8c94cedb0cdfd7a1fd65b539215e637 Mon Sep 17 00:00:00 2001
+From: B Horn <b@horn.uk>
+Date: Fri, 1 Nov 2024 23:52:06 +0000
+Subject: [PATCH 3/3] gettext: Remove variables hooks on module unload
+The gettext module does not entirely cleanup after itself in
+its GRUB_MOD_FINI() leaving a few variables hooks in place.
+It is not possible to unload gettext module because normal
+module depends on it. Though fix the issues for completeness.
+Fixes: CVE-2025-0622
+Reported-by: B Horn <b@horn.uk>
+Signed-off-by: B Horn <b@horn.uk>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+CVE: CVE-2025-0622
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=7580addfc8c94cedb0cdfd7a1fd65b539215e637]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ grub-core/gettext/gettext.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+diff --git a/grub-core/gettext/gettext.c b/grub-core/gettext/gettext.c
+index 7a1c14e4f..e4f4f8ee6 100644
+--- a/grub-core/gettext/gettext.c
+++ b/grub-core/gettext/gettext.c
+@@ -535,6 +535,10 @@ GRUB_MOD_INIT (gettext)
+ 
+ GRUB_MOD_FINI (gettext)
+ {
+  grub_register_variable_hook ("locale_dir", NULL, NULL);
+  grub_register_variable_hook ("secondary_locale_dir", NULL, NULL);
+  grub_register_variable_hook ("lang", NULL, NULL);
+
+   grub_gettext_delete_list (&main_context);
+   grub_gettext_delete_list (&secondary_context);
+ 
diff --git a/meta/recipes-bsp/grub/files/CVE-2025-0624.patch b/meta/recipes-bsp/grub/files/CVE-2025-0624.patch
new file mode 100644
index 0000000000..229fe6399e
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/CVE-2025-0624.patch
@@ -0,0 +1,84 @@
+From 5eef88152833062a3f7e017535372d64ac8ef7e1 Mon Sep 17 00:00:00 2001
+From: B Horn <b@horn.uk>
+Date: Fri, 15 Nov 2024 13:12:09 +0000
+Subject: [PATCH] net: Fix OOB write in grub_net_search_config_file()
+The function included a call to grub_strcpy() which copied data from an
+environment variable to a buffer allocated in grub_cmd_normal(). The
+grub_cmd_normal() didn't consider the length of the environment variable.
+So, the copy operation could exceed the allocation and lead to an OOB
+write. Fix the issue by replacing grub_strcpy() with grub_strlcpy() and
+pass the underlying buffers size to the grub_net_search_config_file().
+Fixes: CVE-2025-0624
+Reported-by: B Horn <b@horn.uk>
+Signed-off-by: B Horn <b@horn.uk>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+CVE: CVE-2025-0624
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=5eef88152833062a3f7e017535372d64ac8ef7e1]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ grub-core/net/net.c     | 7 ++++---
+ grub-core/normal/main.c | 2 +-
+ include/grub/net.h      | 2 +-
+ 3 files changed, 6 insertions(+), 5 deletions(-)
+diff --git a/grub-core/net/net.c b/grub-core/net/net.c
+index 0e41e21a5..9939ff601 100644
+--- a/grub-core/net/net.c
+++ b/grub-core/net/net.c
+@@ -1909,14 +1909,15 @@ grub_config_search_through (char *config, char *suffix,
+ }
+ 
+ grub_err_t
+-grub_net_search_config_file (char *config)
+grub_net_search_config_file (char *config, grub_size_t config_buf_len)
+ {
+-  grub_size_t config_len;
+  grub_size_t config_len, suffix_len;
+   char *suffix;
+ 
+   config_len = grub_strlen (config);
+   config[config_len] = '-';
+   suffix = config + config_len + 1;
+  suffix_len = config_buf_len - (config_len + 1);
+ 
+   struct grub_net_network_level_interface *inf;
+   FOR_NET_NETWORK_LEVEL_INTERFACES (inf)
+@@ -1942,7 +1943,7 @@ grub_net_search_config_file (char *config)
+ 
+       if (client_uuid)
+         {
+-          grub_strcpy (suffix, client_uuid);
+          grub_strlcpy (suffix, client_uuid, suffix_len);
+           if (grub_config_search_through (config, suffix, 1, 0) == 0)
+             return GRUB_ERR_NONE;
+         }
+diff --git a/grub-core/normal/main.c b/grub-core/normal/main.c
+index 90879dc21..838f57fa5 100644
+--- a/grub-core/normal/main.c
+++ b/grub-core/normal/main.c
+@@ -344,7 +344,7 @@ grub_cmd_normal (struct grub_command *cmd __attribute__ ((unused)),
+ 
+           if (grub_strncmp (prefix + 1, "tftp", sizeof ("tftp") - 1) == 0 &&
+               !disable_net_search)
+-            grub_net_search_config_file (config);
+            grub_net_search_config_file (config, config_len);
+ 
+          grub_enter_normal_mode (config);
+          grub_free (config);
+diff --git a/include/grub/net.h b/include/grub/net.h
+index 228d04963..58a4f83fc 100644
+--- a/include/grub/net.h
+++ b/include/grub/net.h
+@@ -579,7 +579,7 @@ void
+ grub_net_remove_dns_server (const struct grub_net_network_level_address *s);
+ 
+ grub_err_t
+-grub_net_search_config_file (char *config);
+grub_net_search_config_file (char *config, grub_size_t config_buf_len);
+ 
+ extern char *grub_net_default_server;
+ 
diff --git a/meta/recipes-bsp/grub/files/CVE-2025-0677_CVE-2025-0684_CVE-2025-0685_CVE-2025-0686_CVE-2025-0689.patch b/meta/recipes-bsp/grub/files/CVE-2025-0677_CVE-2025-0684_CVE-2025-0685_CVE-2025-0686_CVE-2025-0689.patch
new file mode 100644
index 0000000000..d5563cecc4
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/CVE-2025-0677_CVE-2025-0684_CVE-2025-0685_CVE-2025-0686_CVE-2025-0689.patch
@@ -0,0 +1,377 @@
+From 47b2dfc7953f70f98ddf35dfdd6e7f4f20283b10 Mon Sep 17 00:00:00 2001
+From: Daniel Axtens <dja@axtens.net>
+Date: Sat, 23 Mar 2024 16:20:45 +1100
+Subject: [PATCH] fs: Disable many filesystems under lockdown
+The idea is to permit the following: btrfs, cpio, exfat, ext, f2fs, fat,
+hfsplus, iso9660, squash4, tar, xfs and zfs.
+The JFS, ReiserFS, romfs, UDF and UFS security vulnerabilities were
+reported by Jonathan Bar Or <jonathanbaror@gmail.com>.
+Fixes: CVE-2025-0677
+Fixes: CVE-2025-0684
+Fixes: CVE-2025-0685
+Fixes: CVE-2025-0686
+Fixes: CVE-2025-0689
+Suggested-by: Daniel Axtens <dja@axtens.net>
+Signed-off-by: Daniel Axtens <dja@axtens.net>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+CVE: CVE-2025-0677
+CVE: CVE-2025-0684
+CVE: CVE-2025-0685
+CVE: CVE-2025-0686
+CVE: CVE-2025-0689
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=47b2dfc7953f70f98ddf35dfdd6e7f4f20283b10]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ grub-core/fs/affs.c     | 9 +++++++--
+ grub-core/fs/cbfs.c     | 9 +++++++--
+ grub-core/fs/jfs.c      | 9 +++++++--
+ grub-core/fs/minix.c    | 9 +++++++--
+ grub-core/fs/nilfs2.c   | 9 +++++++--
+ grub-core/fs/ntfs.c     | 9 +++++++--
+ grub-core/fs/reiserfs.c | 9 +++++++--
+ grub-core/fs/romfs.c    | 9 +++++++--
+ grub-core/fs/sfs.c      | 9 +++++++--
+ grub-core/fs/udf.c      | 9 +++++++--
+ grub-core/fs/ufs.c      | 9 +++++++--
+ 11 files changed, 77 insertions(+), 22 deletions(-)
+diff --git a/grub-core/fs/affs.c b/grub-core/fs/affs.c
+index ed606b3f1..352f5d232 100644
+--- a/grub-core/fs/affs.c
+++ b/grub-core/fs/affs.c
+@@ -26,6 +26,7 @@
+ #include <grub/types.h>
+ #include <grub/fshelp.h>
+ #include <grub/charset.h>
+#include <grub/lockdown.h>
+ 
+ GRUB_MOD_LICENSE ("GPLv3+");
+ 
+@@ -703,11 +704,15 @@ static struct grub_fs grub_affs_fs =
+ 
+ GRUB_MOD_INIT(affs)
+ {
+-  grub_fs_register (&grub_affs_fs);
+  if (!grub_is_lockdown ())
+    {
+      grub_fs_register (&grub_affs_fs);
+    }
+   my_mod = mod;
+ }
+ 
+ GRUB_MOD_FINI(affs)
+ {
+-  grub_fs_unregister (&grub_affs_fs);
+  if (!grub_is_lockdown ())
+    grub_fs_unregister (&grub_affs_fs);
+ }
+diff --git a/grub-core/fs/cbfs.c b/grub-core/fs/cbfs.c
+index 8ab7106af..f6349df34 100644
+--- a/grub-core/fs/cbfs.c
+++ b/grub-core/fs/cbfs.c
+@@ -26,6 +26,7 @@
+ #include <grub/dl.h>
+ #include <grub/i18n.h>
+ #include <grub/cbfs_core.h>
+#include <grub/lockdown.h>
+ 
+ GRUB_MOD_LICENSE ("GPLv3+");
+ 
+@@ -390,12 +391,16 @@ GRUB_MOD_INIT (cbfs)
+ #if (defined (__i386__) || defined (__x86_64__)) && !defined (GRUB_UTIL) && !defined (GRUB_MACHINE_EMU) && !defined (GRUB_MACHINE_XEN)
+   init_cbfsdisk ();
+ #endif
+-  grub_fs_register (&grub_cbfs_fs);
+  if (!grub_is_lockdown ())
+    {
+      grub_fs_register (&grub_cbfs_fs);
+    }
+ }
+ 
+ GRUB_MOD_FINI (cbfs)
+ {
+-  grub_fs_unregister (&grub_cbfs_fs);
+  if (!grub_is_lockdown ())
+    grub_fs_unregister (&grub_cbfs_fs);
+ #if (defined (__i386__) || defined (__x86_64__)) && !defined (GRUB_UTIL) && !defined (GRUB_MACHINE_EMU) && !defined (GRUB_MACHINE_XEN)
+   fini_cbfsdisk ();
+ #endif
+diff --git a/grub-core/fs/jfs.c b/grub-core/fs/jfs.c
+index 6f7c43904..c0bbab8a9 100644
+--- a/grub-core/fs/jfs.c
+++ b/grub-core/fs/jfs.c
+@@ -26,6 +26,7 @@
+ #include <grub/types.h>
+ #include <grub/charset.h>
+ #include <grub/i18n.h>
+#include <grub/lockdown.h>
+ 
+ GRUB_MOD_LICENSE ("GPLv3+");
+ 
+@@ -963,11 +964,15 @@ static struct grub_fs grub_jfs_fs =
+ 
+ GRUB_MOD_INIT(jfs)
+ {
+-  grub_fs_register (&grub_jfs_fs);
+  if (!grub_is_lockdown ())
+    {
+      grub_fs_register (&grub_jfs_fs);
+    }
+   my_mod = mod;
+ }
+ 
+ GRUB_MOD_FINI(jfs)
+ {
+-  grub_fs_unregister (&grub_jfs_fs);
+  if (!grub_is_lockdown ())
+    grub_fs_unregister (&grub_jfs_fs);
+ }
+diff --git a/grub-core/fs/minix.c b/grub-core/fs/minix.c
+index 5354951d1..c267298b5 100644
+--- a/grub-core/fs/minix.c
+++ b/grub-core/fs/minix.c
+@@ -25,6 +25,7 @@
+ #include <grub/dl.h>
+ #include <grub/types.h>
+ #include <grub/i18n.h>
+#include <grub/lockdown.h>
+ 
+ GRUB_MOD_LICENSE ("GPLv3+");
+ 
+@@ -734,7 +735,10 @@ GRUB_MOD_INIT(minix)
+ #endif
+ #endif
+ {
+-  grub_fs_register (&grub_minix_fs);
+  if (!grub_is_lockdown ())
+    {
+      grub_fs_register (&grub_minix_fs);
+    }
+   my_mod = mod;
+ }
+ 
+@@ -756,5 +760,6 @@ GRUB_MOD_FINI(minix)
+ #endif
+ #endif
+ {
+-  grub_fs_unregister (&grub_minix_fs);
+  if (!grub_is_lockdown ())
+    grub_fs_unregister (&grub_minix_fs);
+ }
+diff --git a/grub-core/fs/nilfs2.c b/grub-core/fs/nilfs2.c
+index fc7374ead..08abf173f 100644
+--- a/grub-core/fs/nilfs2.c
+++ b/grub-core/fs/nilfs2.c
+@@ -34,6 +34,7 @@
+ #include <grub/dl.h>
+ #include <grub/types.h>
+ #include <grub/fshelp.h>
+#include <grub/lockdown.h>
+ 
+ GRUB_MOD_LICENSE ("GPLv3+");
+ 
+@@ -1231,11 +1232,15 @@ GRUB_MOD_INIT (nilfs2)
+                                  grub_nilfs2_dat_entry));
+   COMPILE_TIME_ASSERT (1 << LOG_INODE_SIZE
+                       == sizeof (struct grub_nilfs2_inode));
+-  grub_fs_register (&grub_nilfs2_fs);
+  if (!grub_is_lockdown ())
+    {
+      grub_fs_register (&grub_nilfs2_fs);
+    }
+   my_mod = mod;
+ }
+ 
+ GRUB_MOD_FINI (nilfs2)
+ {
+-  grub_fs_unregister (&grub_nilfs2_fs);
+  if (!grub_is_lockdown ())
+    grub_fs_unregister (&grub_nilfs2_fs);
+ }
+diff --git a/grub-core/fs/ntfs.c b/grub-core/fs/ntfs.c
+index de435aa14..8cc2ba3d5 100644
+--- a/grub-core/fs/ntfs.c
+++ b/grub-core/fs/ntfs.c
+@@ -27,6 +27,7 @@
+ #include <grub/fshelp.h>
+ #include <grub/ntfs.h>
+ #include <grub/charset.h>
+#include <grub/lockdown.h>
+ 
+ GRUB_MOD_LICENSE ("GPLv3+");
+ 
+@@ -1320,11 +1321,15 @@ static struct grub_fs grub_ntfs_fs =
+ 
+ GRUB_MOD_INIT (ntfs)
+ {
+-  grub_fs_register (&grub_ntfs_fs);
+  if (!grub_is_lockdown ())
+    {
+      grub_fs_register (&grub_ntfs_fs);
+    }
+   my_mod = mod;
+ }
+ 
+ GRUB_MOD_FINI (ntfs)
+ {
+-  grub_fs_unregister (&grub_ntfs_fs);
+  if (!grub_is_lockdown ())
+    grub_fs_unregister (&grub_ntfs_fs);
+ }
+diff --git a/grub-core/fs/reiserfs.c b/grub-core/fs/reiserfs.c
+index 36b26ac98..cdef2eba0 100644
+--- a/grub-core/fs/reiserfs.c
+++ b/grub-core/fs/reiserfs.c
+@@ -39,6 +39,7 @@
+ #include <grub/types.h>
+ #include <grub/fshelp.h>
+ #include <grub/i18n.h>
+#include <grub/lockdown.h>
+ 
+ GRUB_MOD_LICENSE ("GPLv3+");
+ 
+@@ -1417,11 +1418,15 @@ static struct grub_fs grub_reiserfs_fs =
+ 
+ GRUB_MOD_INIT(reiserfs)
+ {
+-  grub_fs_register (&grub_reiserfs_fs);
+  if (!grub_is_lockdown ())
+    {
+      grub_fs_register (&grub_reiserfs_fs);
+    }
+   my_mod = mod;
+ }
+ 
+ GRUB_MOD_FINI(reiserfs)
+ {
+-  grub_fs_unregister (&grub_reiserfs_fs);
+  if (!grub_is_lockdown ())
+    grub_fs_unregister (&grub_reiserfs_fs);
+ }
+diff --git a/grub-core/fs/romfs.c b/grub-core/fs/romfs.c
+index 1f7dcfca1..acf8dd21e 100644
+--- a/grub-core/fs/romfs.c
+++ b/grub-core/fs/romfs.c
+@@ -23,6 +23,7 @@
+ #include <grub/disk.h>
+ #include <grub/fs.h>
+ #include <grub/fshelp.h>
+#include <grub/lockdown.h>
+ 
+ GRUB_MOD_LICENSE ("GPLv3+");
+ 
+@@ -475,10 +476,14 @@ static struct grub_fs grub_romfs_fs =
+ 
+ GRUB_MOD_INIT(romfs)
+ {
+-  grub_fs_register (&grub_romfs_fs);
+  if (!grub_is_lockdown ())
+    {
+      grub_fs_register (&grub_romfs_fs);
+    }
+ }
+ 
+ GRUB_MOD_FINI(romfs)
+ {
+-  grub_fs_unregister (&grub_romfs_fs);
+  if (!grub_is_lockdown ())
+    grub_fs_unregister (&grub_romfs_fs);
+ }
+diff --git a/grub-core/fs/sfs.c b/grub-core/fs/sfs.c
+index 983e88008..f64bdd2df 100644
+--- a/grub-core/fs/sfs.c
+++ b/grub-core/fs/sfs.c
+@@ -26,6 +26,7 @@
+ #include <grub/types.h>
+ #include <grub/fshelp.h>
+ #include <grub/charset.h>
+#include <grub/lockdown.h>
+ #include <grub/safemath.h>
+ 
+ GRUB_MOD_LICENSE ("GPLv3+");
+@@ -779,11 +780,15 @@ static struct grub_fs grub_sfs_fs =
+ 
+ GRUB_MOD_INIT(sfs)
+ {
+-  grub_fs_register (&grub_sfs_fs);
+  if (!grub_is_lockdown ())
+    {
+      grub_fs_register (&grub_sfs_fs);
+    }
+   my_mod = mod;
+ }
+ 
+ GRUB_MOD_FINI(sfs)
+ {
+-  grub_fs_unregister (&grub_sfs_fs);
+  if (!grub_is_lockdown ())
+    grub_fs_unregister (&grub_sfs_fs);
+ }
+diff --git a/grub-core/fs/udf.c b/grub-core/fs/udf.c
+index b836e6107..a60643be1 100644
+--- a/grub-core/fs/udf.c
+++ b/grub-core/fs/udf.c
+@@ -27,6 +27,7 @@
+ #include <grub/fshelp.h>
+ #include <grub/charset.h>
+ #include <grub/datetime.h>
+#include <grub/lockdown.h>
+ #include <grub/udf.h>
+ #include <grub/safemath.h>
+ 
+@@ -1455,11 +1456,15 @@ static struct grub_fs grub_udf_fs = {
+ 
+ GRUB_MOD_INIT (udf)
+ {
+-  grub_fs_register (&grub_udf_fs);
+  if (!grub_is_lockdown ())
+    {
+      grub_fs_register (&grub_udf_fs);
+    }
+   my_mod = mod;
+ }
+ 
+ GRUB_MOD_FINI (udf)
+ {
+-  grub_fs_unregister (&grub_udf_fs);
+  if (!grub_is_lockdown ())
+    grub_fs_unregister (&grub_udf_fs);
+ }
+diff --git a/grub-core/fs/ufs.c b/grub-core/fs/ufs.c
+index 01235101b..6b496e7b8 100644
+--- a/grub-core/fs/ufs.c
+++ b/grub-core/fs/ufs.c
+@@ -25,6 +25,7 @@
+ #include <grub/dl.h>
+ #include <grub/types.h>
+ #include <grub/i18n.h>
+#include <grub/lockdown.h>
+ 
+ GRUB_MOD_LICENSE ("GPLv3+");
+ 
+@@ -899,7 +900,10 @@ GRUB_MOD_INIT(ufs1)
+ #endif
+ #endif
+ {
+-  grub_fs_register (&grub_ufs_fs);
+  if (!grub_is_lockdown ())
+    {
+      grub_fs_register (&grub_ufs_fs);
+    }
+   my_mod = mod;
+ }
+ 
+@@ -913,6 +917,7 @@ GRUB_MOD_FINI(ufs1)
+ #endif
+ #endif
+ {
+-  grub_fs_unregister (&grub_ufs_fs);
+  if (!grub_is_lockdown ())
+    grub_fs_unregister (&grub_ufs_fs);
+ }
+ 
diff --git a/meta/recipes-bsp/grub/files/CVE-2025-0678_CVE-2025-1125.patch b/meta/recipes-bsp/grub/files/CVE-2025-0678_CVE-2025-1125.patch
new file mode 100644
index 0000000000..14e67cf35b
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/CVE-2025-0678_CVE-2025-1125.patch
@@ -0,0 +1,87 @@
+From 84bc0a9a68835952ae69165c11709811dae7634e Mon Sep 17 00:00:00 2001
+From: Lidong Chen <lidong.chen@oracle.com>
+Date: Tue, 21 Jan 2025 19:02:37 +0000
+Subject: [PATCH] fs: Prevent overflows when allocating memory for arrays
+Use grub_calloc() when allocating memory for arrays to ensure proper
+overflow checks are in place.
+The HFS+ and squash4 security vulnerabilities were reported by
+Jonathan Bar Or <jonathanbaror@gmail.com>.
+Fixes: CVE-2025-0678
+Fixes: CVE-2025-1125
+Signed-off-by: Lidong Chen <lidong.chen@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+CVE: CVE-2025-0678
+CVE: CVE-2025-1125
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=84bc0a9a68835952ae69165c11709811dae7634e]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ grub-core/fs/btrfs.c       | 4 ++--
+ grub-core/fs/hfspluscomp.c | 9 +++++++--
+ grub-core/fs/squash4.c     | 8 ++++----
+ 3 files changed, 13 insertions(+), 8 deletions(-)
+diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c
+index 0625b1166..9c1e925c9 100644
+--- a/grub-core/fs/btrfs.c
+++ b/grub-core/fs/btrfs.c
+@@ -1276,8 +1276,8 @@ grub_btrfs_mount (grub_device_t dev)
+     }
+ 
+   data->n_devices_allocated = 16;
+-  data->devices_attached = grub_malloc (sizeof (data->devices_attached[0])
+-                                       * data->n_devices_allocated);
+  data->devices_attached = grub_calloc (data->n_devices_allocated,
+                                       sizeof (data->devices_attached[0]));
+   if (!data->devices_attached)
+     {
+       grub_free (data);
+diff --git a/grub-core/fs/hfspluscomp.c b/grub-core/fs/hfspluscomp.c
+index 48ae438d8..a80954ee6 100644
+--- a/grub-core/fs/hfspluscomp.c
+++ b/grub-core/fs/hfspluscomp.c
+@@ -244,14 +244,19 @@ hfsplus_open_compressed_real (struct grub_hfsplus_file *node)
+          return 0;
+        }
+       node->compress_index_size = grub_le_to_cpu32 (index_size);
+-      node->compress_index = grub_malloc (node->compress_index_size
+-                                         * sizeof (node->compress_index[0]));
+      node->compress_index = grub_calloc (node->compress_index_size,
+                                         sizeof (node->compress_index[0]));
+       if (!node->compress_index)
+        {
+          node->compressed = 0;
+          grub_free (attr_node);
+          return grub_errno;
+        }
+
+      /*
+       * The node->compress_index_size * sizeof (node->compress_index[0]) is safe here
+       * due to relevant checks done in grub_calloc() above.
+       */
+       if (grub_hfsplus_read_file (node, 0, 0,
+                                  0x104 + sizeof (index_size),
+                                  node->compress_index_size
+diff --git a/grub-core/fs/squash4.c b/grub-core/fs/squash4.c
+index f91ff3bfa..cf2bca822 100644
+--- a/grub-core/fs/squash4.c
+++ b/grub-core/fs/squash4.c
+@@ -816,10 +816,10 @@ direct_read (struct grub_squash_data *data,
+          break;
+        }
+       total_blocks = ((total_size + data->blksz - 1) >> data->log2_blksz);
+-      ino->block_sizes = grub_malloc (total_blocks
+-                                     * sizeof (ino->block_sizes[0]));
+-      ino->cumulated_block_sizes = grub_malloc (total_blocks
+-                                               * sizeof (ino->cumulated_block_sizes[0]));
+      ino->block_sizes = grub_calloc (total_blocks,
+                                     sizeof (ino->block_sizes[0]));
+      ino->cumulated_block_sizes = grub_calloc (total_blocks,
+                                               sizeof (ino->cumulated_block_sizes[0]));
+       if (!ino->block_sizes || !ino->cumulated_block_sizes)
+        {
+          grub_free (ino->block_sizes);
diff --git a/meta/recipes-bsp/grub/files/CVE-2025-0690.patch b/meta/recipes-bsp/grub/files/CVE-2025-0690.patch
new file mode 100644
index 0000000000..be585c96ad
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/CVE-2025-0690.patch
@@ -0,0 +1,73 @@
+From dad8f502974ed9ad0a70ae6820d17b4b142558fc Mon Sep 17 00:00:00 2001
+From: Jonathan Bar Or <jonathanbaror@gmail.com>
+Date: Thu, 23 Jan 2025 19:17:05 +0100
+Subject: [PATCH] commands/read: Fix an integer overflow when supplying more
+ than 2^31 characters
+The grub_getline() function currently has a signed integer variable "i"
+that can be overflown when user supplies more than 2^31 characters.
+It results in a memory corruption of the allocated line buffer as well
+as supplying large negative values to grub_realloc().
+Fixes: CVE-2025-0690
+Reported-by: Jonathan Bar Or <jonathanbaror@gmail.com>
+Signed-off-by: Jonathan Bar Or <jonathanbaror@gmail.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+CVE: CVE-2025-0690
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=dad8f502974ed9ad0a70ae6820d17b4b142558fc]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ grub-core/commands/read.c | 19 +++++++++++++++----
+ 1 file changed, 15 insertions(+), 4 deletions(-)
+diff --git a/grub-core/commands/read.c b/grub-core/commands/read.c
+index 597c90706..8d72e45c9 100644
+--- a/grub-core/commands/read.c
+++ b/grub-core/commands/read.c
+@@ -25,6 +25,7 @@
+ #include <grub/types.h>
+ #include <grub/extcmd.h>
+ #include <grub/i18n.h>
+#include <grub/safemath.h>
+ 
+ GRUB_MOD_LICENSE ("GPLv3+");
+ 
+@@ -37,13 +38,14 @@ static const struct grub_arg_option options[] =
+ static char *
+ grub_getline (int silent)
+ {
+-  int i;
+  grub_size_t i;
+   char *line;
+   char *tmp;
+   int c;
+  grub_size_t alloc_size;
+ 
+   i = 0;
+-  line = grub_malloc (1 + i + sizeof('\0'));
+  line = grub_malloc (1 + sizeof('\0'));
+   if (! line)
+     return NULL;
+ 
+@@ -59,8 +61,17 @@ grub_getline (int silent)
+       line[i] = (char) c;
+       if (!silent)
+        grub_printf ("%c", c);
+-      i++;
+-      tmp = grub_realloc (line, 1 + i + sizeof('\0'));
+      if (grub_add (i, 1, &i))
+        {
+          grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected"));
+          return NULL;
+        }
+      if (grub_add (i, 1 + sizeof('\0'), &alloc_size))
+        {
+          grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected"));
+          return NULL;
+        }
+      tmp = grub_realloc (line, alloc_size);
+       if (! tmp)
+        {
+          grub_free (line);
diff --git a/meta/recipes-bsp/grub/files/CVE-2025-1118.patch b/meta/recipes-bsp/grub/files/CVE-2025-1118.patch
new file mode 100644
index 0000000000..e6906d909c
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/CVE-2025-1118.patch
@@ -0,0 +1,37 @@
+From 34824806ac6302f91e8cabaa41308eaced25725f Mon Sep 17 00:00:00 2001
+From: B Horn <b@horn.uk>
+Date: Thu, 18 Apr 2024 20:29:39 +0100
+Subject: [PATCH] commands/minicmd: Block the dump command in lockdown mode
+The dump enables a user to read memory which should not be possible
+in lockdown mode.
+Fixes: CVE-2025-1118
+Reported-by: B Horn <b@horn.uk>
+Reported-by: Jonathan Bar Or <jonathanbaror@gmail.com>
+Signed-off-by: B Horn <b@horn.uk>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+CVE: CVE-2025-1118
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=34824806ac6302f91e8cabaa41308eaced25725f]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ grub-core/commands/minicmd.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+diff --git a/grub-core/commands/minicmd.c b/grub-core/commands/minicmd.c
+index 286290866..8c5ee3e60 100644
+--- a/grub-core/commands/minicmd.c
+++ b/grub-core/commands/minicmd.c
+@@ -203,8 +203,8 @@ GRUB_MOD_INIT(minicmd)
+     grub_register_command ("help", grub_mini_cmd_help,
+                           0, N_("Show this message."));
+   cmd_dump =
+-    grub_register_command ("dump", grub_mini_cmd_dump,
+-                          N_("ADDR [SIZE]"), N_("Show memory contents."));
+    grub_register_command_lockdown ("dump", grub_mini_cmd_dump,
+                                   N_("ADDR [SIZE]"), N_("Show memory contents."));
+   cmd_rmmod =
+     grub_register_command ("rmmod", grub_mini_cmd_rmmod,
+                           N_("MODULE"), N_("Remove a module."));
diff --git a/meta/recipes-bsp/grub/files/autogen.sh-exclude-pc.patch b/meta/recipes-bsp/grub/files/autogen.sh-exclude-pc.patch
index 1323a54a59..f8dfda90ab 100644
--- a/meta/recipes-bsp/grub/files/autogen.sh-exclude-pc.patch
+++ b/meta/recipes-bsp/grub/files/autogen.sh-exclude-pc.patch
@@ -1,4 +1,4 @@
-From 8790aa8bea736f52341a0430ff3e317d3be0f99b Mon Sep 17 00:00:00 2001
+From 14c1d0459fb3561e627d3a5f6e91a0d2f7b4aa45 Mon Sep 17 00:00:00 2001
 From: Naveen Saini <naveen.kumar.saini@intel.com>
 Date: Mon, 15 Mar 2021 14:44:15 +0800
 Subject: [PATCH] autogen.sh: exclude .pc from po/POTFILES.in
@@ -14,15 +14,16 @@ Upstream-Status: Inappropriate [OE specific]
 Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
 Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
 Signed-off-by: Naveen Saini <naveen.kumar.saini@intel.com>
 ---
 autogen.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/autogen.sh b/autogen.sh
-index 31b0ced7e..c63ae766c 100755
+index 195daa5..773b7b4 100755
 --- a/autogen.sh
 +++ b/autogen.sh
-@@ -13,7 +13,7 @@ fi
+@@ -26,7 +26,7 @@ fi
 export LC_COLLATE=C
 unset LC_ALL
 
@@ -31,6 +32,3 @@ index 31b0ced7e..c63ae766c 100755
 find util -iname '*.in' ! -name Makefile.in  |sort > po/POTFILES-shell.in
 
 echo "Importing unicode..."
-- 
-2.17.1
diff --git a/meta/recipes-bsp/grub/files/determinism.patch b/meta/recipes-bsp/grub/files/determinism.patch
deleted file mode 100644
index 2828e80975..0000000000
--- a/meta/recipes-bsp/grub/files/determinism.patch
+++ /dev/null
@@ -1,68 +0,0 @@
-From b6f9b3f6fa782807c4a7ec16ee8ef868cdfbf468 Mon Sep 17 00:00:00 2001
-From: Naveen Saini <naveen.kumar.saini@intel.com>
-Date: Mon, 15 Mar 2021 14:56:18 +0800
-Subject: [PATCH] The output in moddep.lst generated from syminfo.lst using
- genmoddep.awk is not deterministic since the order of the dependencies on
- each line can vary depending on how awk sorts the values in the array.
-Be deterministic in the output by sorting the dependencies on each line.
-Also, the output of the SOURCES lines in grub-core/Makefile.core.am, generated
-from grub-core/Makefile.core.def with gentpl.py is not deterministic due to
-missing sorting of the list used to generate it. Add such a sort.
-Also ensure the generated unidata.c file is deterministic by sorting the
-keys of the dict.
-Upstream-Status: Pending
-Richard Purdie <richard.purdie@linuxfoundation.org>
-Signed-off-by: Naveen Saini <naveen.kumar.saini@intel.com>
---
- gentpl.py               | 1 +
- grub-core/genmoddep.awk | 4 +++-
- util/import_unicode.py  | 2 +-
- 3 files changed, 5 insertions(+), 2 deletions(-)
-diff --git a/gentpl.py b/gentpl.py
-index c86550d4f..589285192 100644
--- a/gentpl.py
-+++ b/gentpl.py
-@@ -568,6 +568,7 @@ def foreach_platform_value(defn, platform, suffix, closure):
-     for group in RMAP[platform]:
-         for value in defn.find_all(group + suffix):
-             r.append(closure(value))
-+    r.sort()
-     return ''.join(r)
- 
- def platform_conditional(platform, closure):
-diff --git a/grub-core/genmoddep.awk b/grub-core/genmoddep.awk
-index 04c2863e5..247436392 100644
--- a/grub-core/genmoddep.awk
-+++ b/grub-core/genmoddep.awk
-@@ -59,7 +59,9 @@ END {
-     }
-     modlist = ""
-     depcount[mod] = 0
-    for (depmod in uniqmods) {
-+    n = asorti(uniqmods, w)
-+    for (i = 1; i <= n; i++) {
-+      depmod = w[i]
-       modlist = modlist " " depmod;
-       inverse_dependencies[depmod] = inverse_dependencies[depmod] " " mod
-       depcount[mod]++
-diff --git a/util/import_unicode.py b/util/import_unicode.py
-index 08f80591e..1f434a069 100644
--- a/util/import_unicode.py
-+++ b/util/import_unicode.py
-@@ -174,7 +174,7 @@ infile.close ()
- 
- outfile.write ("struct grub_unicode_arabic_shape grub_unicode_arabic_shapes[] = {\n ")
- 
-for x in arabicsubst:
-+for x in sorted(arabicsubst):
-     try:
-         if arabicsubst[x]['join'] == "DUAL":
-             outfile.write ("{0x%x, 0x%x, 0x%x, 0x%x, 0x%x},\n " % (arabicsubst[x][0], arabicsubst[x][1], arabicsubst[x][2], arabicsubst[x][3], arabicsubst[x][4]))
-- 
-2.17.1
diff --git a/meta/recipes-bsp/grub/files/grub-module-explicitly-keeps-symbole-.module_license.patch b/meta/recipes-bsp/grub/files/grub-module-explicitly-keeps-symbole-.module_license.patch
index 26890261b7..7c8770ce8b 100644
--- a/meta/recipes-bsp/grub/files/grub-module-explicitly-keeps-symbole-.module_license.patch
+++ b/meta/recipes-bsp/grub/files/grub-module-explicitly-keeps-symbole-.module_license.patch
@@ -1,4 +1,4 @@
-From 917133acc701dbc4636165d3b08d15dc5829a06f Mon Sep 17 00:00:00 2001
+From b316ed326bd492106006d78f5bfcd767b49a4f2e Mon Sep 17 00:00:00 2001
 From: Hongxu Jia <hongxu.jia@windriver.com>
 Date: Wed, 17 Aug 2016 04:06:34 -0400
 Subject: [PATCH] grub module explicitly keeps symbole .module_license
@@ -8,7 +8,7 @@ it stripped symbol table:
 ---------------
 root@localhost:~# objdump -t all_video.mod
- 
 all_video.mod:     file format elf64-x86-64
 SYMBOL TABLE:
@@ -37,15 +37,16 @@ SYMBOL TABLE:
 0000000000000000 l    d  .modname       0000000000000000 .modname
 --------------
-Upstream-Status: Pending
+Upstream-Status: Inappropriate [workaround that needs investigation into @TARGET_STRIP@ behaviour in oe-core vs toolchain used by upstream]
 Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
 ---
 grub-core/genmod.sh.in | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/grub-core/genmod.sh.in b/grub-core/genmod.sh.in
-index 1250589..dd14308 100644
+index e57c4d9..42bb1ba 100644
 --- a/grub-core/genmod.sh.in
 +++ b/grub-core/genmod.sh.in
 @@ -56,7 +56,7 @@ if test x@TARGET_APPLE_LINKER@ != x1; then
diff --git a/meta/recipes-bsp/grub/files/video-Remove-trailing-whitespaces.patch b/meta/recipes-bsp/grub/files/video-Remove-trailing-whitespaces.patch
deleted file mode 100644
index 2db9bcbbc5..0000000000
--- a/meta/recipes-bsp/grub/files/video-Remove-trailing-whitespaces.patch
+++ /dev/null
@@ -1,693 +0,0 @@
-From 1f48917d8ddb490dcdc70176e0f58136b7f7811a Mon Sep 17 00:00:00 2001
-From: Elyes Haouas <ehaouas@noos.fr>
-Date: Fri, 4 Mar 2022 07:42:13 +0100
-Subject: [PATCH] video: Remove trailing whitespaces
-Signed-off-by: Elyes Haouas <ehaouas@noos.fr>
-Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
-Upstream-Status: Backport
-Reference to upstream patch:
-https://git.savannah.gnu.org/cgit/grub.git/commit/?id=1f48917d8ddb490dcdc70176e0f58136b7f7811a
-Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
---
- grub-core/video/bochs.c             |  2 +-
- grub-core/video/capture.c           |  2 +-
- grub-core/video/cirrus.c            |  4 ++--
- grub-core/video/coreboot/cbfb.c     |  2 +-
- grub-core/video/efi_gop.c           | 22 +++++++++----------
- grub-core/video/fb/fbblit.c         |  8 +++----
- grub-core/video/fb/video_fb.c       | 10 ++++-----
- grub-core/video/i386/pc/vbe.c       | 34 ++++++++++++++---------------
- grub-core/video/i386/pc/vga.c       |  6 ++---
- grub-core/video/ieee1275.c          |  4 ++--
- grub-core/video/radeon_fuloong2e.c  |  6 ++---
- grub-core/video/radeon_yeeloong3a.c |  6 ++---
- grub-core/video/readers/png.c       |  2 +-
- grub-core/video/readers/tga.c       |  2 +-
- grub-core/video/sis315_init.c       |  2 +-
- grub-core/video/sis315pro.c         |  8 +++----
- grub-core/video/sm712.c             | 10 ++++-----
- grub-core/video/video.c             |  8 +++----
- 18 files changed, 69 insertions(+), 69 deletions(-)
-diff --git a/grub-core/video/bochs.c b/grub-core/video/bochs.c
-index 30ea1bd82..edc651697 100644
--- a/grub-core/video/bochs.c
-+++ b/grub-core/video/bochs.c
-@@ -212,7 +212,7 @@ find_card (grub_pci_device_t dev, grub_pci_id_t pciid, void *data)
- 
-   if (((class >> 16) & 0xffff) != 0x0300 || pciid != 0x11111234)
-     return 0;
-  
-+
-   addr = grub_pci_make_address (dev, GRUB_PCI_REG_ADDRESS_REG0);
-   framebuffer.base = grub_pci_read (addr) & GRUB_PCI_ADDR_MEM_MASK;
-   if (!framebuffer.base)
-diff --git a/grub-core/video/capture.c b/grub-core/video/capture.c
-index 4d3195e01..c653d89f9 100644
--- a/grub-core/video/capture.c
-+++ b/grub-core/video/capture.c
-@@ -92,7 +92,7 @@ grub_video_capture_start (const struct grub_video_mode_info *mode_info,
-   framebuffer.ptr = grub_calloc (framebuffer.mode_info.height, framebuffer.mode_info.pitch);
-   if (!framebuffer.ptr)
-     return grub_errno;
-  
-+
-   err = grub_video_fb_create_render_target_from_pointer (&framebuffer.render_target,
-                                                         &framebuffer.mode_info,
-                                                         framebuffer.ptr);
-diff --git a/grub-core/video/cirrus.c b/grub-core/video/cirrus.c
-index e2149e8ce..f5542ccdc 100644
--- a/grub-core/video/cirrus.c
-+++ b/grub-core/video/cirrus.c
-@@ -354,11 +354,11 @@ grub_video_cirrus_setup (unsigned int width, unsigned int height,
-     grub_uint8_t sr_ext = 0, hidden_dac = 0;
- 
-     grub_vga_set_geometry (&config, grub_vga_cr_write);
-    
-+
-     grub_vga_gr_write (GRUB_VGA_GR_MODE_256_COLOR | GRUB_VGA_GR_MODE_READ_MODE1,
-                       GRUB_VGA_GR_MODE);
-     grub_vga_gr_write (GRUB_VGA_GR_GR6_GRAPHICS_MODE, GRUB_VGA_GR_GR6);
-    
-+
-     grub_vga_sr_write (GRUB_VGA_SR_MEMORY_MODE_NORMAL, GRUB_VGA_SR_MEMORY_MODE);
- 
-     grub_vga_cr_write ((config.pitch >> CIRRUS_CR_EXTENDED_DISPLAY_PITCH_SHIFT)
-diff --git a/grub-core/video/coreboot/cbfb.c b/grub-core/video/coreboot/cbfb.c
-index 9af81fa5b..986003c51 100644
--- a/grub-core/video/coreboot/cbfb.c
-+++ b/grub-core/video/coreboot/cbfb.c
-@@ -106,7 +106,7 @@ grub_video_cbfb_setup (unsigned int width, unsigned int height,
- 
-   grub_video_fb_set_palette (0, GRUB_VIDEO_FBSTD_NUMCOLORS,
-                             grub_video_fbstd_colors);
-    
-+
-   return err;
- }
- 
-diff --git a/grub-core/video/efi_gop.c b/grub-core/video/efi_gop.c
-index b7590dc6c..7a5054631 100644
--- a/grub-core/video/efi_gop.c
-+++ b/grub-core/video/efi_gop.c
-@@ -273,7 +273,7 @@ grub_video_gop_iterate (int (*hook) (const struct grub_video_mode_info *info, vo
-       grub_efi_status_t status;
-       struct grub_efi_gop_mode_info *info = NULL;
-       struct grub_video_mode_info mode_info;
-        
-+
-       status = efi_call_4 (gop->query_mode, gop, mode, &size, &info);
- 
-       if (status)
-@@ -390,7 +390,7 @@ grub_video_gop_setup (unsigned int width, unsigned int height,
-          found = 1;
-        }
-     }
- 
-+
-   if (!found)
-     {
-       unsigned mode;
-@@ -399,7 +399,7 @@ grub_video_gop_setup (unsigned int width, unsigned int height,
-        {
-          grub_efi_uintn_t size;
-          grub_efi_status_t status;
-        
-+
-          status = efi_call_4 (gop->query_mode, gop, mode, &size, &info);
-          if (status)
-            {
-@@ -472,11 +472,11 @@ grub_video_gop_setup (unsigned int width, unsigned int height,
-   framebuffer.ptr = (void *) (grub_addr_t) gop->mode->fb_base;
-   framebuffer.offscreen
-     = grub_malloc (framebuffer.mode_info.height
-                  * framebuffer.mode_info.width 
-+                  * framebuffer.mode_info.width
-                   * sizeof (struct grub_efi_gop_blt_pixel));
- 
-   buffer = framebuffer.offscreen;
-      
-+
-   if (!buffer)
-     {
-       grub_dprintf ("video", "GOP: couldn't allocate shadow\n");
-@@ -485,11 +485,11 @@ grub_video_gop_setup (unsigned int width, unsigned int height,
-                                     &framebuffer.mode_info);
-       buffer = framebuffer.ptr;
-     }
-    
-+
-   grub_dprintf ("video", "GOP: initialising FB @ %p %dx%dx%d\n",
-                framebuffer.ptr, framebuffer.mode_info.width,
-                framebuffer.mode_info.height, framebuffer.mode_info.bpp);
- 
-+
-   err = grub_video_fb_create_render_target_from_pointer
-     (&framebuffer.render_target, &framebuffer.mode_info, buffer);
- 
-@@ -498,15 +498,15 @@ grub_video_gop_setup (unsigned int width, unsigned int height,
-       grub_dprintf ("video", "GOP: Couldn't create FB target\n");
-       return err;
-     }
- 
-+
-   err = grub_video_fb_set_active_render_target (framebuffer.render_target);
- 
-+
-   if (err)
-     {
-       grub_dprintf ("video", "GOP: Couldn't set FB target\n");
-       return err;
-     }
- 
-+
-   err = grub_video_fb_set_palette (0, GRUB_VIDEO_FBSTD_NUMCOLORS,
-                                   grub_video_fbstd_colors);
- 
-@@ -514,7 +514,7 @@ grub_video_gop_setup (unsigned int width, unsigned int height,
-     grub_dprintf ("video", "GOP: Couldn't set palette\n");
-   else
-     grub_dprintf ("video", "GOP: Success\n");
- 
-+
-   return err;
- }
- 
-diff --git a/grub-core/video/fb/fbblit.c b/grub-core/video/fb/fbblit.c
-index d55924837..1010ef393 100644
--- a/grub-core/video/fb/fbblit.c
-+++ b/grub-core/video/fb/fbblit.c
-@@ -466,7 +466,7 @@ grub_video_fbblit_replace_24bit_indexa (struct grub_video_fbblit_info *dst,
-       for (i = 0; i < width; i++)
-         {
-          register grub_uint32_t col;
-         if (*srcptr == 0xf0)        
-+         if (*srcptr == 0xf0)
-            col = palette[16];
-          else
-            col = palette[*srcptr & 0xf];
-@@ -478,7 +478,7 @@ grub_video_fbblit_replace_24bit_indexa (struct grub_video_fbblit_info *dst,
-          *dstptr++ = col >> 0;
-          *dstptr++ = col >> 8;
-          *dstptr++ = col >> 16;
-#endif   
-+#endif
-          srcptr++;
-         }
- 
-@@ -651,7 +651,7 @@ grub_video_fbblit_blend_24bit_indexa (struct grub_video_fbblit_info *dst,
-       for (i = 0; i < width; i++)
-         {
-          register grub_uint32_t col;
-         if (*srcptr != 0xf0)        
-+         if (*srcptr != 0xf0)
-            {
-              col = palette[*srcptr & 0xf];
- #ifdef GRUB_CPU_WORDS_BIGENDIAN
-@@ -662,7 +662,7 @@ grub_video_fbblit_blend_24bit_indexa (struct grub_video_fbblit_info *dst,
-              *dstptr++ = col >> 0;
-              *dstptr++ = col >> 8;
-              *dstptr++ = col >> 16;
-#endif   
-+#endif
-            }
-          else
-            dstptr += 3;
-diff --git a/grub-core/video/fb/video_fb.c b/grub-core/video/fb/video_fb.c
-index ae6b89f9a..fa4ebde26 100644
--- a/grub-core/video/fb/video_fb.c
-+++ b/grub-core/video/fb/video_fb.c
-@@ -754,7 +754,7 @@ grub_video_fb_unmap_color_int (struct grub_video_fbblit_info * source,
-           *alpha = 0;
-           return;
-         }
-       
-+
-       /* If we have an out-of-bounds color, return transparent black.  */
-       if (color > 255)
-         {
-@@ -1141,7 +1141,7 @@ grub_video_fb_scroll (grub_video_color_t color, int dx, int dy)
-       /* If everything is aligned on 32-bit use 32-bit copy.  */
-       if ((grub_addr_t) grub_video_fb_get_video_ptr (&target, src_x, src_y)
-          % sizeof (grub_uint32_t) == 0
-         && (grub_addr_t) grub_video_fb_get_video_ptr (&target, dst_x, dst_y) 
-+         && (grub_addr_t) grub_video_fb_get_video_ptr (&target, dst_x, dst_y)
-          % sizeof (grub_uint32_t) == 0
-          && linelen % sizeof (grub_uint32_t) == 0
-          && linedelta % sizeof (grub_uint32_t) == 0)
-@@ -1155,7 +1155,7 @@ grub_video_fb_scroll (grub_video_color_t color, int dx, int dy)
-       else if ((grub_addr_t) grub_video_fb_get_video_ptr (&target, src_x, src_y)
-               % sizeof (grub_uint16_t) == 0
-               && (grub_addr_t) grub_video_fb_get_video_ptr (&target,
-                                                            dst_x, dst_y) 
-+                                                            dst_x, dst_y)
-               % sizeof (grub_uint16_t) == 0
-               && linelen % sizeof (grub_uint16_t) == 0
-               && linedelta % sizeof (grub_uint16_t) == 0)
-@@ -1170,7 +1170,7 @@ grub_video_fb_scroll (grub_video_color_t color, int dx, int dy)
-        {
-          grub_uint8_t *src, *dst;
-          DO_SCROLL
-       }       
-+       }
-     }
- 
-   /* 4. Fill empty space with specified color.  In this implementation
-@@ -1615,7 +1615,7 @@ grub_video_fb_setup (unsigned int mode_type, unsigned int mode_mask,
-          framebuffer.render_target = framebuffer.back_target;
-          return GRUB_ERR_NONE;
-        }
-      
-+
-       mode_info->mode_type &= ~(GRUB_VIDEO_MODE_TYPE_DOUBLE_BUFFERED
-                                | GRUB_VIDEO_MODE_TYPE_UPDATING_SWAP);
- 
-diff --git a/grub-core/video/i386/pc/vbe.c b/grub-core/video/i386/pc/vbe.c
-index b7f911926..0e65b5206 100644
--- a/grub-core/video/i386/pc/vbe.c
-+++ b/grub-core/video/i386/pc/vbe.c
-@@ -219,7 +219,7 @@ grub_vbe_disable_mtrr (int mtrr)
- }
- 
- /* Call VESA BIOS 0x4f09 to set palette data, return status.  */
-static grub_vbe_status_t 
-+static grub_vbe_status_t
- grub_vbe_bios_set_palette_data (grub_uint32_t color_count,
-                                grub_uint32_t start_index,
-                                struct grub_vbe_palette_data *palette_data)
-@@ -237,7 +237,7 @@ grub_vbe_bios_set_palette_data (grub_uint32_t color_count,
- }
- 
- /* Call VESA BIOS 0x4f00 to get VBE Controller Information, return status.  */
-grub_vbe_status_t 
-+grub_vbe_status_t
- grub_vbe_bios_get_controller_info (struct grub_vbe_info_block *ci)
- {
-   struct grub_bios_int_registers regs;
-@@ -251,7 +251,7 @@ grub_vbe_bios_get_controller_info (struct grub_vbe_info_block *ci)
- }
- 
- /* Call VESA BIOS 0x4f01 to get VBE Mode Information, return status.  */
-grub_vbe_status_t 
-+grub_vbe_status_t
- grub_vbe_bios_get_mode_info (grub_uint32_t mode,
-                             struct grub_vbe_mode_info_block *mode_info)
- {
-@@ -285,7 +285,7 @@ grub_vbe_bios_set_mode (grub_uint32_t mode,
- }
- 
- /* Call VESA BIOS 0x4f03 to return current VBE Mode, return status.  */
-grub_vbe_status_t 
-+grub_vbe_status_t
- grub_vbe_bios_get_mode (grub_uint32_t *mode)
- {
-   struct grub_bios_int_registers regs;
-@@ -298,7 +298,7 @@ grub_vbe_bios_get_mode (grub_uint32_t *mode)
-   return regs.eax & 0xffff;
- }
- 
-grub_vbe_status_t 
-+grub_vbe_status_t
- grub_vbe_bios_getset_dac_palette_width (int set, int *dac_mask_size)
- {
-   struct grub_bios_int_registers regs;
-@@ -346,7 +346,7 @@ grub_vbe_bios_get_memory_window (grub_uint32_t window,
- }
- 
- /* Call VESA BIOS 0x4f06 to set scanline length (in bytes), return status.  */
-grub_vbe_status_t 
-+grub_vbe_status_t
- grub_vbe_bios_set_scanline_length (grub_uint32_t length)
- {
-   struct grub_bios_int_registers regs;
-@@ -354,14 +354,14 @@ grub_vbe_bios_set_scanline_length (grub_uint32_t length)
-   regs.ecx = length;
-   regs.eax = 0x4f06;
-   /* BL = 2, Set Scan Line in Bytes.  */
-  regs.ebx = 0x0002;   
-+  regs.ebx = 0x0002;
-   regs.flags = GRUB_CPU_INT_FLAGS_DEFAULT;
-   grub_bios_interrupt (0x10, &regs);
-   return regs.eax & 0xffff;
- }
- 
- /* Call VESA BIOS 0x4f06 to return scanline length (in bytes), return status.  */
-grub_vbe_status_t 
-+grub_vbe_status_t
- grub_vbe_bios_get_scanline_length (grub_uint32_t *length)
- {
-   struct grub_bios_int_registers regs;
-@@ -377,7 +377,7 @@ grub_vbe_bios_get_scanline_length (grub_uint32_t *length)
- }
- 
- /* Call VESA BIOS 0x4f07 to set display start, return status.  */
-static grub_vbe_status_t 
-+static grub_vbe_status_t
- grub_vbe_bios_set_display_start (grub_uint32_t x, grub_uint32_t y)
- {
-   struct grub_bios_int_registers regs;
-@@ -390,7 +390,7 @@ grub_vbe_bios_set_display_start (grub_uint32_t x, grub_uint32_t y)
-   regs.edx = y;
-   regs.eax = 0x4f07;
-   /* BL = 80h, Set Display Start during Vertical Retrace.  */
-  regs.ebx = 0x0080;   
-+  regs.ebx = 0x0080;
-   regs.flags = GRUB_CPU_INT_FLAGS_DEFAULT;
-   grub_bios_interrupt (0x10, &regs);
- 
-@@ -401,7 +401,7 @@ grub_vbe_bios_set_display_start (grub_uint32_t x, grub_uint32_t y)
- }
- 
- /* Call VESA BIOS 0x4f07 to get display start, return status.  */
-grub_vbe_status_t 
-+grub_vbe_status_t
- grub_vbe_bios_get_display_start (grub_uint32_t *x,
-                                 grub_uint32_t *y)
- {
-@@ -419,7 +419,7 @@ grub_vbe_bios_get_display_start (grub_uint32_t *x,
- }
- 
- /* Call VESA BIOS 0x4f0a.  */
-grub_vbe_status_t 
-+grub_vbe_status_t
- grub_vbe_bios_get_pm_interface (grub_uint16_t *segment, grub_uint16_t *offset,
-                                grub_uint16_t *length)
- {
-@@ -896,7 +896,7 @@ vbe2videoinfo (grub_uint32_t mode,
-     case GRUB_VBE_MEMORY_MODEL_YUV:
-       mode_info->mode_type |= GRUB_VIDEO_MODE_TYPE_YUV;
-       break;
-      
-+
-     case GRUB_VBE_MEMORY_MODEL_DIRECT_COLOR:
-       mode_info->mode_type |= GRUB_VIDEO_MODE_TYPE_RGB;
-       break;
-@@ -923,10 +923,10 @@ vbe2videoinfo (grub_uint32_t mode,
-       break;
-     case 8:
-       mode_info->bytes_per_pixel = 1;
-      break;  
-+      break;
-     case 4:
-       mode_info->bytes_per_pixel = 0;
-      break;  
-+      break;
-     }
- 
-   if (controller_info.version >= 0x300)
-@@ -976,7 +976,7 @@ grub_video_vbe_iterate (int (*hook) (const struct grub_video_mode_info *info, vo
- 
- static grub_err_t
- grub_video_vbe_setup (unsigned int width, unsigned int height,
-                      grub_video_mode_type_t mode_type, 
-+                      grub_video_mode_type_t mode_type,
-                      grub_video_mode_type_t mode_mask)
- {
-   grub_uint16_t *p;
-@@ -1193,7 +1193,7 @@ grub_video_vbe_print_adapter_specific_info (void)
-                controller_info.version & 0xFF,
-                controller_info.oem_software_rev >> 8,
-                controller_info.oem_software_rev & 0xFF);
-  
-+
-   /* The total_memory field is in 64 KiB units.  */
-   grub_printf_ (N_("              total memory: %d KiB\n"),
-                (controller_info.total_memory << 6));
-diff --git a/grub-core/video/i386/pc/vga.c b/grub-core/video/i386/pc/vga.c
-index b2f776c99..50d0b5e02 100644
--- a/grub-core/video/i386/pc/vga.c
-+++ b/grub-core/video/i386/pc/vga.c
-@@ -48,7 +48,7 @@ static struct
-   int back_page;
- } framebuffer;
- 
-static unsigned char 
-+static unsigned char
- grub_vga_set_mode (unsigned char mode)
- {
-   struct grub_bios_int_registers regs;
-@@ -182,10 +182,10 @@ grub_video_vga_setup (unsigned int width, unsigned int height,
- 
-   is_target = 1;
-   err = grub_video_fb_set_active_render_target (framebuffer.render_target);
- 
-+
-   if (err)
-     return err;
- 
-+
-   err = grub_video_fb_set_palette (0, GRUB_VIDEO_FBSTD_NUMCOLORS,
-                                   grub_video_fbstd_colors);
- 
-diff --git a/grub-core/video/ieee1275.c b/grub-core/video/ieee1275.c
-index f437fb0df..ca3d3c3b2 100644
--- a/grub-core/video/ieee1275.c
-+++ b/grub-core/video/ieee1275.c
-@@ -233,7 +233,7 @@ grub_video_ieee1275_setup (unsigned int width, unsigned int height,
-       /* TODO. */
-       return grub_error (GRUB_ERR_IO, "can't set mode %dx%d", width, height);
-     }
-  
-+
-   err = grub_video_ieee1275_fill_mode_info (dev, &framebuffer.mode_info);
-   if (err)
-     {
-@@ -260,7 +260,7 @@ grub_video_ieee1275_setup (unsigned int width, unsigned int height,
- 
-   grub_video_ieee1275_set_palette (0, framebuffer.mode_info.number_of_colors,
-                                   grub_video_fbstd_colors);
-    
-+
-   return err;
- }
- 
-diff --git a/grub-core/video/radeon_fuloong2e.c b/grub-core/video/radeon_fuloong2e.c
-index b4da34b5e..40917acb7 100644
--- a/grub-core/video/radeon_fuloong2e.c
-+++ b/grub-core/video/radeon_fuloong2e.c
-@@ -75,7 +75,7 @@ find_card (grub_pci_device_t dev, grub_pci_id_t pciid, void *data)
-   if (((class >> 16) & 0xffff) != GRUB_PCI_CLASS_SUBCLASS_VGA
-       || pciid != 0x515a1002)
-     return 0;
-  
-+
-   *found = 1;
- 
-   addr = grub_pci_make_address (dev, GRUB_PCI_REG_ADDRESS_REG0);
-@@ -139,7 +139,7 @@ grub_video_radeon_fuloong2e_setup (unsigned int width, unsigned int height,
-   framebuffer.mapped = 1;
- 
-   /* Prevent garbage from appearing on the screen.  */
-  grub_memset (framebuffer.ptr, 0x55, 
-+  grub_memset (framebuffer.ptr, 0x55,
-               framebuffer.mode_info.height * framebuffer.mode_info.pitch);
- 
- #ifndef TEST
-@@ -152,7 +152,7 @@ grub_video_radeon_fuloong2e_setup (unsigned int width, unsigned int height,
-     return err;
- 
-   err = grub_video_fb_set_active_render_target (framebuffer.render_target);
-  
-+
-   if (err)
-     return err;
- 
-diff --git a/grub-core/video/radeon_yeeloong3a.c b/grub-core/video/radeon_yeeloong3a.c
-index 52614feb6..48631c181 100644
--- a/grub-core/video/radeon_yeeloong3a.c
-+++ b/grub-core/video/radeon_yeeloong3a.c
-@@ -74,7 +74,7 @@ find_card (grub_pci_device_t dev, grub_pci_id_t pciid, void *data)
-   if (((class >> 16) & 0xffff) != GRUB_PCI_CLASS_SUBCLASS_VGA
-       || pciid != 0x96151002)
-     return 0;
-  
-+
-   *found = 1;
- 
-   addr = grub_pci_make_address (dev, GRUB_PCI_REG_ADDRESS_REG0);
-@@ -137,7 +137,7 @@ grub_video_radeon_yeeloong3a_setup (unsigned int width, unsigned int height,
- #endif
- 
-   /* Prevent garbage from appearing on the screen.  */
-  grub_memset (framebuffer.ptr, 0, 
-+  grub_memset (framebuffer.ptr, 0,
-               framebuffer.mode_info.height * framebuffer.mode_info.pitch);
- 
- #ifndef TEST
-@@ -150,7 +150,7 @@ grub_video_radeon_yeeloong3a_setup (unsigned int width, unsigned int height,
-     return err;
- 
-   err = grub_video_fb_set_active_render_target (framebuffer.render_target);
-  
-+
-   if (err)
-     return err;
- 
-diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c
-index 0157ff742..54dfedf43 100644
--- a/grub-core/video/readers/png.c
-+++ b/grub-core/video/readers/png.c
-@@ -916,7 +916,7 @@ grub_png_convert_image (struct grub_png_data *data)
-        }
-       return;
-     }
-  
-+
-   if (data->is_gray)
-     {
-       switch (data->bpp)
-diff --git a/grub-core/video/readers/tga.c b/grub-core/video/readers/tga.c
-index 7cb9d1d2a..a9ec3a1b6 100644
--- a/grub-core/video/readers/tga.c
-+++ b/grub-core/video/readers/tga.c
-@@ -127,7 +127,7 @@ tga_load_palette (struct tga_data *data)
- 
-   if (len > sizeof (data->palette))
-     len = sizeof (data->palette);
-  
-+
-   if (grub_file_read (data->file, &data->palette, len)
-       != (grub_ssize_t) len)
-     return grub_errno;
-diff --git a/grub-core/video/sis315_init.c b/grub-core/video/sis315_init.c
-index ae5c1419c..09c3c7bbe 100644
--- a/grub-core/video/sis315_init.c
-+++ b/grub-core/video/sis315_init.c
-@@ -1,4 +1,4 @@
-static const struct { grub_uint8_t reg; grub_uint8_t val; } sr_dump [] = 
-+static const struct { grub_uint8_t reg; grub_uint8_t val; } sr_dump [] =
- {
-   { 0x28, 0x81 },
-   { 0x2a, 0x00 },
-diff --git a/grub-core/video/sis315pro.c b/grub-core/video/sis315pro.c
-index 22a0c85a6..4d2f9999a 100644
--- a/grub-core/video/sis315pro.c
-+++ b/grub-core/video/sis315pro.c
-@@ -103,7 +103,7 @@ find_card (grub_pci_device_t dev, grub_pci_id_t pciid, void *data)
-   if (((class >> 16) & 0xffff) != GRUB_PCI_CLASS_SUBCLASS_VGA
-       || pciid != GRUB_SIS315PRO_PCIID)
-     return 0;
-  
-+
-   *found = 1;
- 
-   addr = grub_pci_make_address (dev, GRUB_PCI_REG_ADDRESS_REG0);
-@@ -218,7 +218,7 @@ grub_video_sis315pro_setup (unsigned int width, unsigned int height,
- 
- #ifndef TEST
-   /* Prevent garbage from appearing on the screen.  */
-  grub_memset (framebuffer.ptr, 0, 
-+  grub_memset (framebuffer.ptr, 0,
-               framebuffer.mode_info.height * framebuffer.mode_info.pitch);
-   grub_arch_sync_dma_caches (framebuffer.ptr,
-                             framebuffer.mode_info.height
-@@ -231,7 +231,7 @@ grub_video_sis315pro_setup (unsigned int width, unsigned int height,
-             | GRUB_VGA_IO_MISC_EXTERNAL_CLOCK_0
-             | GRUB_VGA_IO_MISC_28MHZ
-             | GRUB_VGA_IO_MISC_ENABLE_VRAM_ACCESS
-            | GRUB_VGA_IO_MISC_COLOR, 
-+            | GRUB_VGA_IO_MISC_COLOR,
-             GRUB_VGA_IO_MISC_WRITE + GRUB_MACHINE_PCI_IO_BASE);
- 
-   grub_vga_sr_write (0x86, 5);
-@@ -335,7 +335,7 @@ grub_video_sis315pro_setup (unsigned int width, unsigned int height,
-   {
-     if (read_sis_cmd (0x5) != 0xa1)
-       write_sis_cmd (0x86, 0x5);
-    
-+
-     write_sis_cmd (read_sis_cmd (0x20) | 0xa1, 0x20);
-     write_sis_cmd (read_sis_cmd (0x1e) | 0xda, 0x1e);
- 
-diff --git a/grub-core/video/sm712.c b/grub-core/video/sm712.c
-index 10c46eb65..65f59f84b 100644
--- a/grub-core/video/sm712.c
-+++ b/grub-core/video/sm712.c
-@@ -167,7 +167,7 @@ enum
-     GRUB_SM712_CR_SHADOW_VGA_VBLANK_START = 0x46,
-     GRUB_SM712_CR_SHADOW_VGA_VBLANK_END = 0x47,
-     GRUB_SM712_CR_SHADOW_VGA_VRETRACE_START = 0x48,
-    GRUB_SM712_CR_SHADOW_VGA_VRETRACE_END = 0x49,    
-+    GRUB_SM712_CR_SHADOW_VGA_VRETRACE_END = 0x49,
-     GRUB_SM712_CR_SHADOW_VGA_OVERFLOW = 0x4a,
-     GRUB_SM712_CR_SHADOW_VGA_CELL_HEIGHT = 0x4b,
-     GRUB_SM712_CR_SHADOW_VGA_HDISPLAY_END = 0x4c,
-@@ -375,7 +375,7 @@ find_card (grub_pci_device_t dev, grub_pci_id_t pciid, void *data)
-   if (((class >> 16) & 0xffff) != GRUB_PCI_CLASS_SUBCLASS_VGA
-       || pciid != GRUB_SM712_PCIID)
-     return 0;
-  
-+
-   *found = 1;
- 
-   addr = grub_pci_make_address (dev, GRUB_PCI_REG_ADDRESS_REG0);
-@@ -471,7 +471,7 @@ grub_video_sm712_setup (unsigned int width, unsigned int height,
- 
- #if !defined (TEST) && !defined(GENINIT)
-   /* Prevent garbage from appearing on the screen.  */
-  grub_memset ((void *) framebuffer.cached_ptr, 0, 
-+  grub_memset ((void *) framebuffer.cached_ptr, 0,
-               framebuffer.mode_info.height * framebuffer.mode_info.pitch);
- #endif
- 
-@@ -482,7 +482,7 @@ grub_video_sm712_setup (unsigned int width, unsigned int height,
-   grub_sm712_sr_write (0x2, 0x6b);
-   grub_sm712_write_reg (0, GRUB_VGA_IO_PIXEL_MASK);
-   grub_sm712_sr_write (GRUB_VGA_SR_RESET_ASYNC, GRUB_VGA_SR_RESET);
-  grub_sm712_write_reg (GRUB_VGA_IO_MISC_NEGATIVE_VERT_POLARITY 
-+  grub_sm712_write_reg (GRUB_VGA_IO_MISC_NEGATIVE_VERT_POLARITY
-                        | GRUB_VGA_IO_MISC_NEGATIVE_HORIZ_POLARITY
-                        | GRUB_VGA_IO_MISC_UPPER_64K
-                        | GRUB_VGA_IO_MISC_EXTERNAL_CLOCK_0
-@@ -694,7 +694,7 @@ grub_video_sm712_setup (unsigned int width, unsigned int height,
-   for (i = 0; i < ARRAY_SIZE (dda_lookups); i++)
-     grub_sm712_write_dda_lookup (i, dda_lookups[i].compare, dda_lookups[i].dda,
-                                 dda_lookups[i].vcentering);
-  
-+
-   /* Undocumented  */
-   grub_sm712_cr_write (0, 0x9c);
-   grub_sm712_cr_write (0, 0x9d);
-diff --git a/grub-core/video/video.c b/grub-core/video/video.c
-index 983424107..8937da745 100644
--- a/grub-core/video/video.c
-+++ b/grub-core/video/video.c
-@@ -491,13 +491,13 @@ parse_modespec (const char *current_mode, int *width, int *height, int *depth)
-                       current_mode);
- 
-   param++;
-  
-+
-   *width = grub_strtoul (value, 0, 0);
-   if (grub_errno != GRUB_ERR_NONE)
-       return grub_error (GRUB_ERR_BAD_ARGUMENT,
-                         N_("invalid video mode specification `%s'"),
-                         current_mode);
-  
-+
-   /* Find height value.  */
-   value = param;
-   param = grub_strchr(param, 'x');
-@@ -513,13 +513,13 @@ parse_modespec (const char *current_mode, int *width, int *height, int *depth)
-     {
-       /* We have optional color depth value.  */
-       param++;
-      
-+
-       *height = grub_strtoul (value, 0, 0);
-       if (grub_errno != GRUB_ERR_NONE)
-        return grub_error (GRUB_ERR_BAD_ARGUMENT,
-                           N_("invalid video mode specification `%s'"),
-                           current_mode);
-      
-+
-       /* Convert color depth value.  */
-       value = param;
-       *depth = grub_strtoul (value, 0, 0);
-- 
-2.34.1
diff --git a/meta/recipes-bsp/grub/files/video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch b/meta/recipes-bsp/grub/files/video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch
deleted file mode 100644
index 0c7deae858..0000000000
--- a/meta/recipes-bsp/grub/files/video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch
+++ /dev/null
@@ -1,264 +0,0 @@
-From d5caac8ab79d068ad9a41030c772d03a4d4fbd7b Mon Sep 17 00:00:00 2001
-From: Daniel Axtens <dja@axtens.net>
-Date: Mon, 28 Jun 2021 14:16:14 +1000
-Subject: [PATCH] video/readers/jpeg: Abort sooner if a read operation fails
-Fuzzing revealed some inputs that were taking a long time, potentially
-forever, because they did not bail quickly upon encountering an I/O error.
-Try to catch I/O errors sooner and bail out.
-Signed-off-by: Daniel Axtens <dja@axtens.net>
-Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
-Upstream-Status: Backport
-Reference to upstream patch:
-https://git.savannah.gnu.org/cgit/grub.git/commit/?id=d5caac8ab79d068ad9a41030c772d03a4d4fbd7b
-Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
---
- grub-core/video/readers/jpeg.c | 86 +++++++++++++++++++++++++++-------
- 1 file changed, 70 insertions(+), 16 deletions(-)
-diff --git a/grub-core/video/readers/jpeg.c b/grub-core/video/readers/jpeg.c
-index c47ffd651..806c56c78 100644
--- a/grub-core/video/readers/jpeg.c
-+++ b/grub-core/video/readers/jpeg.c
-@@ -109,9 +109,17 @@ static grub_uint8_t
- grub_jpeg_get_byte (struct grub_jpeg_data *data)
- {
-   grub_uint8_t r;
-+  grub_ssize_t bytes_read;
- 
-   r = 0;
-  grub_file_read (data->file, &r, 1);
-+  bytes_read = grub_file_read (data->file, &r, 1);
-+
-+  if (bytes_read != 1)
-+    {
-+      grub_error (GRUB_ERR_BAD_FILE_TYPE,
-+                 "jpeg: unexpected end of data");
-+      return 0;
-+    }
- 
-   return r;
- }
-@@ -120,9 +128,17 @@ static grub_uint16_t
- grub_jpeg_get_word (struct grub_jpeg_data *data)
- {
-   grub_uint16_t r;
-+  grub_ssize_t bytes_read;
- 
-   r = 0;
-  grub_file_read (data->file, &r, sizeof (grub_uint16_t));
-+  bytes_read = grub_file_read (data->file, &r, sizeof (grub_uint16_t));
-+
-+  if (bytes_read != sizeof (grub_uint16_t))
-+    {
-+      grub_error (GRUB_ERR_BAD_FILE_TYPE,
-+                 "jpeg: unexpected end of data");
-+      return 0;
-+    }
- 
-   return grub_be_to_cpu16 (r);
- }
-@@ -135,6 +151,11 @@ grub_jpeg_get_bit (struct grub_jpeg_data *data)
-   if (data->bit_mask == 0)
-     {
-       data->bit_save = grub_jpeg_get_byte (data);
-+      if (grub_errno != GRUB_ERR_NONE) {
-+       grub_error (GRUB_ERR_BAD_FILE_TYPE,
-+                   "jpeg: file read error");
-+       return 0;
-+      }
-       if (data->bit_save == JPEG_ESC_CHAR)
-        {
-          if (grub_jpeg_get_byte (data) != 0)
-@@ -143,6 +164,11 @@ grub_jpeg_get_bit (struct grub_jpeg_data *data)
-                          "jpeg: invalid 0xFF in data stream");
-              return 0;
-            }
-+         if (grub_errno != GRUB_ERR_NONE)
-+           {
-+             grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: file read error");
-+             return 0;
-+           }
-        }
-       data->bit_mask = 0x80;
-     }
-@@ -161,7 +187,7 @@ grub_jpeg_get_number (struct grub_jpeg_data *data, int num)
-     return 0;
- 
-   msb = value = grub_jpeg_get_bit (data);
-  for (i = 1; i < num; i++)
-+  for (i = 1; i < num && grub_errno == GRUB_ERR_NONE; i++)
-     value = (value << 1) + (grub_jpeg_get_bit (data) != 0);
-   if (!msb)
-     value += 1 - (1 << num);
-@@ -208,6 +234,8 @@ grub_jpeg_decode_huff_table (struct grub_jpeg_data *data)
-   while (data->file->offset + sizeof (count) + 1 <= next_marker)
-     {
-       id = grub_jpeg_get_byte (data);
-+      if (grub_errno != GRUB_ERR_NONE)
-+       return grub_errno;
-       ac = (id >> 4) & 1;
-       id &= 0xF;
-       if (id > 1)
-@@ -258,6 +286,8 @@ grub_jpeg_decode_quan_table (struct grub_jpeg_data *data)
- 
-   next_marker = data->file->offset;
-   next_marker += grub_jpeg_get_word (data);
-+  if (grub_errno != GRUB_ERR_NONE)
-+    return grub_errno;
- 
-   if (next_marker > data->file->size)
-     {
-@@ -269,6 +299,8 @@ grub_jpeg_decode_quan_table (struct grub_jpeg_data *data)
-         <= next_marker)
-     {
-       id = grub_jpeg_get_byte (data);
-+      if (grub_errno != GRUB_ERR_NONE)
-+        return grub_errno;
-       if (id >= 0x10)          /* Upper 4-bit is precision.  */
-        return grub_error (GRUB_ERR_BAD_FILE_TYPE,
-                           "jpeg: only 8-bit precision is supported");
-@@ -300,6 +332,9 @@ grub_jpeg_decode_sof (struct grub_jpeg_data *data)
-   next_marker = data->file->offset;
-   next_marker += grub_jpeg_get_word (data);
- 
-+  if (grub_errno != GRUB_ERR_NONE)
-+    return grub_errno;
-+
-   if (grub_jpeg_get_byte (data) != 8)
-     return grub_error (GRUB_ERR_BAD_FILE_TYPE,
-                       "jpeg: only 8-bit precision is supported");
-@@ -325,6 +360,8 @@ grub_jpeg_decode_sof (struct grub_jpeg_data *data)
-        return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: invalid index");
- 
-       ss = grub_jpeg_get_byte (data);  /* Sampling factor.  */
-+      if (grub_errno != GRUB_ERR_NONE)
-+       return grub_errno;
-       if (!id)
-        {
-          grub_uint8_t vs, hs;
-@@ -504,7 +541,7 @@ grub_jpeg_idct_transform (jpeg_data_unit_t du)
-     }
- }
- 
-static void
-+static grub_err_t
- grub_jpeg_decode_du (struct grub_jpeg_data *data, int id, jpeg_data_unit_t du)
- {
-   int h1, h2, qt;
-@@ -519,6 +556,9 @@ grub_jpeg_decode_du (struct grub_jpeg_data *data, int id, jpeg_data_unit_t du)
-   data->dc_value[id] +=
-     grub_jpeg_get_number (data, grub_jpeg_get_huff_code (data, h1));
- 
-+  if (grub_errno != GRUB_ERR_NONE)
-+    return grub_errno;
-+
-   du[0] = data->dc_value[id] * (int) data->quan_table[qt][0];
-   pos = 1;
-   while (pos < ARRAY_SIZE (data->quan_table[qt]))
-@@ -533,11 +573,13 @@ grub_jpeg_decode_du (struct grub_jpeg_data *data, int id, jpeg_data_unit_t du)
-       num >>= 4;
-       pos += num;
- 
-+      if (grub_errno != GRUB_ERR_NONE)
-+        return grub_errno;
-+
-       if (pos >= ARRAY_SIZE (jpeg_zigzag_order))
-        {
-         grub_error (GRUB_ERR_BAD_FILE_TYPE,
-                     "jpeg: invalid position in zigzag order!?");
-         return;
-+         return grub_error (GRUB_ERR_BAD_FILE_TYPE,
-+                            "jpeg: invalid position in zigzag order!?");
-        }
- 
-       du[jpeg_zigzag_order[pos]] = val * (int) data->quan_table[qt][pos];
-@@ -545,6 +587,7 @@ grub_jpeg_decode_du (struct grub_jpeg_data *data, int id, jpeg_data_unit_t du)
-     }
- 
-   grub_jpeg_idct_transform (du);
-+  return GRUB_ERR_NONE;
- }
- 
- static void
-@@ -603,7 +646,8 @@ grub_jpeg_decode_sos (struct grub_jpeg_data *data)
-   data_offset += grub_jpeg_get_word (data);
- 
-   cc = grub_jpeg_get_byte (data);
-
-+  if (grub_errno != GRUB_ERR_NONE)
-+    return grub_errno;
-   if (cc != 3 && cc != 1)
-     return grub_error (GRUB_ERR_BAD_FILE_TYPE,
-                       "jpeg: component count must be 1 or 3");
-@@ -616,7 +660,8 @@ grub_jpeg_decode_sos (struct grub_jpeg_data *data)
-       id = grub_jpeg_get_byte (data) - 1;
-       if ((id < 0) || (id >= 3))
-        return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: invalid index");
-
-+      if (grub_errno != GRUB_ERR_NONE)
-+       return grub_errno;
-       ht = grub_jpeg_get_byte (data);
-       data->comp_index[id][1] = (ht >> 4);
-       data->comp_index[id][2] = (ht & 0xF) + 2;
-@@ -624,11 +669,14 @@ grub_jpeg_decode_sos (struct grub_jpeg_data *data)
-       if ((data->comp_index[id][1] < 0) || (data->comp_index[id][1] > 3) ||
-          (data->comp_index[id][2] < 0) || (data->comp_index[id][2] > 3))
-        return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: invalid hufftable index");
-+      if (grub_errno != GRUB_ERR_NONE)
-+       return grub_errno;
-     }
- 
-   grub_jpeg_get_byte (data);   /* Skip 3 unused bytes.  */
-   grub_jpeg_get_word (data);
-
-+  if (grub_errno != GRUB_ERR_NONE)
-+    return grub_errno;
-   if (data->file->offset != data_offset)
-     return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: extra byte in sos");
- 
-@@ -646,6 +694,7 @@ grub_jpeg_decode_data (struct grub_jpeg_data *data)
- {
-   unsigned c1, vb, hb, nr1, nc1;
-   int rst = data->dri;
-+  grub_err_t err = GRUB_ERR_NONE;
- 
-   vb = 8 << data->log_vs;
-   hb = 8 << data->log_hs;
-@@ -666,17 +715,22 @@ grub_jpeg_decode_data (struct grub_jpeg_data *data)
- 
-        for (r2 = 0; r2 < (1U << data->log_vs); r2++)
-          for (c2 = 0; c2 < (1U << data->log_hs); c2++)
-           grub_jpeg_decode_du (data, 0, data->ydu[r2 * 2 + c2]);
-+            {
-+              err = grub_jpeg_decode_du (data, 0, data->ydu[r2 * 2 + c2]);
-+              if (err != GRUB_ERR_NONE)
-+                return err;
-+            }
- 
-        if (data->color_components >= 3)
-          {
-           grub_jpeg_decode_du (data, 1, data->cbdu);
-           grub_jpeg_decode_du (data, 2, data->crdu);
-+           err = grub_jpeg_decode_du (data, 1, data->cbdu);
-+           if (err != GRUB_ERR_NONE)
-+             return err;
-+           err = grub_jpeg_decode_du (data, 2, data->crdu);
-+           if (err != GRUB_ERR_NONE)
-+             return err;
-          }
- 
-       if (grub_errno)
-         return grub_errno;
-
-        nr2 = (data->r1 == nr1 - 1) ? (data->image_height - data->r1 * vb) : vb;
-        nc2 = (c1 == nc1 - 1) ? (data->image_width - c1 * hb) : hb;
- 
-- 
-2.34.1
diff --git a/meta/recipes-bsp/grub/files/video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch b/meta/recipes-bsp/grub/files/video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch
deleted file mode 100644
index 91ecaad98a..0000000000
--- a/meta/recipes-bsp/grub/files/video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-From 166a4d61448f74745afe1dac2f2cfb85d04909bf Mon Sep 17 00:00:00 2001
-From: Daniel Axtens <dja@axtens.net>
-Date: Mon, 28 Jun 2021 14:25:17 +1000
-Subject: [PATCH] video/readers/jpeg: Refuse to handle multiple start of
- streams
-An invalid file could contain multiple start of stream blocks, which
-would cause us to reallocate and leak our bitmap. Refuse to handle
-multiple start of streams.
-Additionally, fix a grub_error() call formatting.
-Signed-off-by: Daniel Axtens <dja@axtens.net>
-Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
-Upstream-Status: Backport
-Reference to upstream patch:
-https://git.savannah.gnu.org/cgit/grub.git/commit/?id=166a4d61448f74745afe1dac2f2cfb85d04909bf
-Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
---
- grub-core/video/readers/jpeg.c | 7 +++++--
- 1 file changed, 5 insertions(+), 2 deletions(-)
-diff --git a/grub-core/video/readers/jpeg.c b/grub-core/video/readers/jpeg.c
-index 2284a6c06..579bbe8a4 100644
--- a/grub-core/video/readers/jpeg.c
-+++ b/grub-core/video/readers/jpeg.c
-@@ -683,6 +683,9 @@ grub_jpeg_decode_sos (struct grub_jpeg_data *data)
-   if (data->file->offset != data_offset)
-     return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: extra byte in sos");
- 
-+  if (*data->bitmap)
-+    return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: too many start of scan blocks");
-+
-   if (grub_video_bitmap_create (data->bitmap, data->image_width,
-                                data->image_height,
-                                GRUB_VIDEO_BLIT_FORMAT_RGB_888))
-@@ -705,8 +708,8 @@ grub_jpeg_decode_data (struct grub_jpeg_data *data)
-   nc1 = (data->image_width + hb - 1)  >> (3 + data->log_hs);
- 
-   if (data->bitmap_ptr == NULL)
-    return grub_error(GRUB_ERR_BAD_FILE_TYPE,
-                     "jpeg: attempted to decode data before start of stream");
-+    return grub_error (GRUB_ERR_BAD_FILE_TYPE,
-+                      "jpeg: attempted to decode data before start of stream");
- 
-   for (; data->r1 < nr1 && (!data->dri || rst);
-        data->r1++, data->bitmap_ptr += (vb * data->image_width - hb * nc1) * 3)
-- 
-2.34.1
diff --git a/meta/recipes-bsp/grub/grub-bootconf_1.00.bb b/meta/recipes-bsp/grub/grub-bootconf_1.00.bb
index 783e30bf38..0b4005e5bf 100644
--- a/meta/recipes-bsp/grub/grub-bootconf_1.00.bb
+++ b/meta/recipes-bsp/grub/grub-bootconf_1.00.bb
@@ -11,7 +11,7 @@ inherit grub-efi-cfg
 require conf/image-uefi.conf
-S = "${WORKDIR}"
+S = "${UNPACKDIR}"
 GRUB_CFG = "${S}/grub-bootconf"
 LABELS = "boot"
@@ -22,7 +22,7 @@ python do_configure() {
    bb.build.exec_func('build_efi_cfg', d)
 }
-do_configure[vardeps] += "APPEND ROOT"
+do_configure[vardeps] += "APPEND ROOT GRUB_TITLE"
 do_install() {
        install -d ${D}${EFI_FILES_PATH}
diff --git a/meta/recipes-bsp/grub/grub-efi_2.06.bb b/meta/recipes-bsp/grub/grub-efi_2.12.bb
index 9857e8e036..6354b43989 100644
--- a/meta/recipes-bsp/grub/grub-efi_2.06.bb
+++ b/meta/recipes-bsp/grub/grub-efi_2.12.bb
@@ -11,7 +11,7 @@ SRC_URI += " \
           file://cfg \
          "
-S = "${WORKDIR}/grub-${PV}"
+S = "${UNPACKDIR}/grub-${PV}"
 # Determine the target arch for the grub modules
 python __anonymous () {
@@ -30,6 +30,8 @@ python __anonymous () {
        grubtarget = 'riscv64'
    elif re.match('riscv32', target):
        grubtarget = 'riscv32'
+    elif re.match('loongarch64', target):
+        grubtarget = 'loongarch64'
    else:
        raise bb.parse.SkipRecipe("grub-efi is incompatible with target %s" % target)
    grubimage = prefix + d.getVar("EFI_BOOT_IMAGE")
@@ -44,6 +46,9 @@ inherit deploy
 CACHED_CONFIGUREVARS += "ac_cv_path_HELP2MAN="
 EXTRA_OECONF += "--enable-efiemu=no"
+# Define GRUB_MKIMAGE_OPTS variable for additional grub-mkimage options (e.g., disabling shim lock)
+GRUB_MKIMAGE_OPTS ?= ""
 do_mkimage() {
        cd ${B}
@@ -58,9 +63,9 @@ do_mkimage() {
        # Search for the grub.cfg on the local boot media by using the
        # built in cfg file provided via this recipe
-        grub-mkimage -v -c ../cfg -p ${EFIDIR} -d ./grub-core/ \
+        grub-mkimage -v -c ${UNPACKDIR}/cfg -p ${EFIDIR} -d ./grub-core/ \
                       -O ${GRUB_TARGET}-efi -o ./${GRUB_IMAGE_PREFIX}${GRUB_IMAGE} \
-                       ${GRUB_MKIMAGE_MODULES}
+                       ${GRUB_MKIMAGE_OPTS} ${GRUB_MKIMAGE_MODULES}
 }
 addtask mkimage before do_install after do_compile
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index 2545b99b6a..ffa04e415d 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -14,50 +14,52 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
 CVE_PRODUCT = "grub2"
 SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
-           file://0001-Disable-mfpmath-sse-as-well-when-SSE-is-disabled.patch \
           file://autogen.sh-exclude-pc.patch \
           file://grub-module-explicitly-keeps-symbole-.module_license.patch \
           file://0001-grub.d-10_linux.in-add-oe-s-kernel-name.patch \
-           file://determinism.patch \
           file://0001-RISC-V-Restore-the-typcast-to-long.patch \
-           file://CVE-2021-3981-grub-mkconfig-Restore-umask-for-the-grub.cfg.patch \
+           file://0001-misc-Implement-grub_strlcpy.patch \
-           file://0001-configure.ac-Use-_zicsr_zifencei-extentions-on-riscv.patch \
+           file://CVE-2024-45781.patch \
-           file://video-Remove-trailing-whitespaces.patch \
+           file://CVE-2024-45782_CVE-2024-56737.patch \
-           file://CVE-2021-3695-video-readers-png-Drop-greyscale-support-to-fix-heap.patch \
+           file://CVE-2024-45780.patch \
-           file://CVE-2021-3696-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff.patch \
+           file://CVE-2024-45783.patch \
-           file://video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch \
+           file://CVE-2025-0624.patch \
-           file://video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch \
+           file://CVE-2024-45774.patch \
-           file://CVE-2021-3697-video-readers-jpeg-Block-int-underflow-wild-pointer.patch \
+           file://CVE-2024-45775.patch \
-           file://CVE-2022-28733-net-ip-Do-IP-fragment-maths-safely.patch \
+           file://CVE-2025-0622-01.patch \
-           file://CVE-2022-28734-net-http-Fix-OOB-write-for-split-http-headers.patch \
+           file://CVE-2025-0622-02.patch \
-           file://CVE-2022-28734-net-http-Error-out-on-headers-with-LF-without-CR.patch \
+           file://CVE-2025-0622-03.patch \
-           file://CVE-2022-28735-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch \
+           file://CVE-2024-45776.patch \
-           file://0001-configure-Remove-obsoleted-malign-jumps-loops-functi.patch \
+           file://CVE-2024-45777.patch \
-           file://0002-configure-Check-for-falign-jumps-1-beside-falign-loo.patch \
+           file://CVE-2025-0690.patch \
+           file://CVE-2025-1118.patch \
+           file://CVE-2024-45778_CVE-2024-45779.patch \
+           file://CVE-2025-0677_CVE-2025-0684_CVE-2025-0685_CVE-2025-0686_CVE-2025-0689.patch \
+           file://CVE-2025-0678_CVE-2025-1125.patch \
 "
-SRC_URI[sha256sum] = "23b64b4c741569f9426ed2e3d0e6780796fca081bee4c99f62aa3f53ae803f5f"
+SRC_URI[sha256sum] = "b30919fa5be280417c17ac561bb1650f60cfb80cc6237fa1e2b6f56154cb9c91"
-# Applies only to RHEL
+CVE_STATUS[CVE-2019-14865] = "not-applicable-platform: applies only to RHEL"
-CVE_CHECK_IGNORE += "CVE-2019-14865"
+CVE_STATUS[CVE-2023-4001]  = "not-applicable-platform: Applies only to RHEL/Fedora"
-# Applies only to SUSE
+CVE_STATUS[CVE-2024-1048]  = "not-applicable-platform: Applies only to RHEL/Fedora"
-CVE_CHECK_IGNORE += "CVE-2021-46705"
 DEPENDS = "flex-native bison-native gettext-native"
-GRUB_COMPATIBLE_HOST = '(x86_64.*|i.86.*|arm.*|aarch64.*|riscv.*)-(linux.*|freebsd.*)'
+GRUB_COMPATIBLE_HOST = '(x86_64.*|i.86.*|arm.*|aarch64.*|loongarch64.*|riscv.*)-(linux.*|freebsd.*)'
 COMPATIBLE_HOST = "${GRUB_COMPATIBLE_HOST}"
 # Grub doesn't support hard float toolchain and won't be able to forcefully
 # disable it on some of the target CPUs. See 'configure.ac' for
 # supported/unsupported CPUs in hardfp.
-COMPATIBLE_HOST:armv7a = "${@'null' if d.getVar('TUNE_CCARGS_MFLOAT') == 'hardfp' else d.getVar('GRUB_COMPATIBLE_HOST')}"
+COMPATIBLE_HOST:armv7a = "${@'null' if bb.utils.contains('TUNE_CCARGS_MFLOAT', 'hard', True, False, d) else d.getVar('GRUB_COMPATIBLE_HOST')}"
-COMPATIBLE_HOST:armv7ve = "${@'null' if d.getVar('TUNE_CCARGS_MFLOAT') == 'hardfp' else d.getVar('GRUB_COMPATIBLE_HOST')}"
+COMPATIBLE_HOST:armv7ve = "${@'null' if bb.utils.contains('TUNE_CCARGS_MFLOAT', 'hard', True, False, d) else d.getVar('GRUB_COMPATIBLE_HOST')}"
 # configure.ac has code to set this automagically from the target tuple
 # but the OE freeform one (core2-foo-bar-linux) don't work with that.
 GRUBPLATFORM:arm = "efi"
 GRUBPLATFORM:aarch64 = "efi"
+GRUBPLATFORM:loongarch64 = "efi"
 GRUBPLATFORM:riscv32 = "efi"
 GRUBPLATFORM:riscv64 = "efi"
 GRUBPLATFORM ??= "pc"
@@ -65,6 +67,10 @@ GRUBPLATFORM ??= "pc"
 inherit autotools gettext texinfo pkgconfig
 CFLAGS:remove = "-O2"
+# It doesn't support sse, its make.defaults sets:
+# CFLAGS += -mno-mmx -mno-sse
+# So also remove -mfpmath=sse from TUNE_CCARGS
+TUNE_CCARGS:remove = "-mfpmath=sse"
 EXTRA_OECONF = "--with-platform=${GRUBPLATFORM} \
                --disable-grub-mkfont \
@@ -92,6 +98,15 @@ export PYTHON = "python3"
 do_configure:prepend() {
        cd ${S}
+        # Remove in next version.
+        # See: https://git.savannah.gnu.org/cgit/grub.git/commit/?id=b835601c7639ed1890f2d3db91900a8506011a8e
+        echo "depends bli part_gpt" > ${S}/grub-core/extra_deps.lst
        FROM_BOOTSTRAP=1 ${S}/autogen.sh
        cd ${B}
 }
+# | aarch64-poky-linux-clang: error: invalid argument '-mcmodel=large' only allowed with '-fno-pic'
+# see - https://bugs.gentoo.org/942843
+TOOLCHAIN:aarch64 = "gcc"
diff --git a/meta/recipes-bsp/grub/grub_2.06.bb b/meta/recipes-bsp/grub/grub_2.12.bb
index 05d462785c..05d462785c 100644
--- a/meta/recipes-bsp/grub/grub_2.06.bb
+++ b/meta/recipes-bsp/grub/grub_2.12.bb
diff --git a/meta/recipes-bsp/keymaps/keymaps_1.0.bb b/meta/recipes-bsp/keymaps/keymaps_1.0.bb
index 84d09cb965..ab2d68d6a1 100644
--- a/meta/recipes-bsp/keymaps/keymaps_1.0.bb
+++ b/meta/recipes-bsp/keymaps/keymaps_1.0.bb
@@ -7,7 +7,6 @@ RDEPENDS:${PN} = "kbd"
 LICENSE = "GPL-2.0-only"
 LIC_FILES_CHKSUM = "file://keymap.sh;beginline=5;endline=5;md5=829e563511c9a1d6d41f17a7a4989d6a"
 PACKAGE_ARCH = "${MACHINE_ARCH}"
-PR = "r31"
 INHIBIT_DEFAULT_DEPS = "1"
@@ -25,14 +24,14 @@ SRC_URI = "file://keymap.sh"
 INITSCRIPT_NAME = "keymap.sh"
 INITSCRIPT_PARAMS = "start 01 S ."
-S = "${WORKDIR}"
+S = "${UNPACKDIR}"
 do_install () {
    # Only install the script if 'sysvinit' is in DISTRO_FEATURES
    # THe ulitity this script provides could be achieved by systemd-vconsole-setup.service
    if ${@bb.utils.contains('DISTRO_FEATURES','sysvinit','true','false',d)}; then
        install -d ${D}${sysconfdir}/init.d/
-        install -m 0755 ${WORKDIR}/keymap.sh ${D}${sysconfdir}/init.d/
+        install -m 0755 ${S}/keymap.sh ${D}${sysconfdir}/init.d/
    fi
 }
diff --git a/meta/recipes-bsp/libacpi/files/0001-libacpi-Fix-build-witth-fno-commom.patch b/meta/recipes-bsp/libacpi/files/0001-libacpi-Fix-build-witth-fno-commom.patch
index 32808fb92a..e8ff78082c 100644
--- a/meta/recipes-bsp/libacpi/files/0001-libacpi-Fix-build-witth-fno-commom.patch
+++ b/meta/recipes-bsp/libacpi/files/0001-libacpi-Fix-build-witth-fno-commom.patch
@@ -3,7 +3,7 @@ From: Khem Raj <raj.khem@gmail.com>
 Date: Wed, 5 Aug 2020 12:06:01 -0700
 Subject: [PATCH] libacpi: Fix build witth -fno-commom
-Upstream-Status: Pending
+Upstream-Status: Inactive-Upstream [last release before 2008, no vcs]
 Signed-off-by: Khem Raj <raj.khem@gmail.com>
 ---
diff --git a/meta/recipes-bsp/libacpi/files/ldflags.patch b/meta/recipes-bsp/libacpi/files/ldflags.patch
index a7424c39da..db0974104b 100644
--- a/meta/recipes-bsp/libacpi/files/ldflags.patch
+++ b/meta/recipes-bsp/libacpi/files/ldflags.patch
@@ -1,7 +1,6 @@
 libacpi: Remove QA warning: No GNU_HASH in the elf binary
-Upstream-Status: Inappropriate [other]
+Upstream-Status: Inactive-Upstream [last release before 2008, no vcs]
-  Useful within bitbake environment only.
 Signed-off-by: Muhammad Shakeel <muhammad_shakeel@mentor.com>
diff --git a/meta/recipes-bsp/libacpi/files/libacpi_fix_for_x32.patch b/meta/recipes-bsp/libacpi/files/libacpi_fix_for_x32.patch
index 06f20e5a78..955a175c96 100644
--- a/meta/recipes-bsp/libacpi/files/libacpi_fix_for_x32.patch
+++ b/meta/recipes-bsp/libacpi/files/libacpi_fix_for_x32.patch
@@ -1,4 +1,4 @@
-Upstream-Status: Pending
+Upstream-Status: Inactive-Upstream [last release before 2008, no vcs]
 Fix libacpi for x32
    
diff --git a/meta/recipes-bsp/libacpi/files/makefile-fix.patch b/meta/recipes-bsp/libacpi/files/makefile-fix.patch
index c34ef34e09..3b91bfaee1 100644
--- a/meta/recipes-bsp/libacpi/files/makefile-fix.patch
+++ b/meta/recipes-bsp/libacpi/files/makefile-fix.patch
@@ -1,4 +1,4 @@
-Upstream-Status: Pending
+Upstream-Status: Inactive-Upstream [last release before 2008, no vcs]
 ---
 Makefile  |    6 +++---
diff --git a/meta/recipes-bsp/libacpi/files/use_correct_strip_in_cross_environment.patch b/meta/recipes-bsp/libacpi/files/use_correct_strip_in_cross_environment.patch
index ef376aa316..901e5fa3b4 100644
--- a/meta/recipes-bsp/libacpi/files/use_correct_strip_in_cross_environment.patch
+++ b/meta/recipes-bsp/libacpi/files/use_correct_strip_in_cross_environment.patch
@@ -1,4 +1,4 @@
-Upstream-Status: Pending
+Upstream-Status: Inactive-Upstream [last release before 2008, no vcs]
 Used the cross strip instead of host strip to avoid this build error:
diff --git a/meta/recipes-bsp/libacpi/libacpi_0.2.bb b/meta/recipes-bsp/libacpi/libacpi_0.2.bb
index 6d4be76bab..f939d11f4c 100644
--- a/meta/recipes-bsp/libacpi/libacpi_0.2.bb
+++ b/meta/recipes-bsp/libacpi/libacpi_0.2.bb
@@ -5,7 +5,6 @@ SECTION = "base"
 HOMEPAGE = "http://www.ngolde.de/libacpi.html"
 LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=fec17f82f16630adf2dfb7d2a46f21c5"
-PR = "r6"
 SRC_URI = "http://www.ngolde.de/download/libacpi-${PV}.tar.gz \
           file://makefile-fix.patch \
@@ -15,7 +14,6 @@ SRC_URI = "http://www.ngolde.de/download/libacpi-${PV}.tar.gz \
           file://0001-libacpi-Fix-build-witth-fno-commom.patch \
           "
-SRC_URI[md5sum] = "05b53dd7bead66dda35fec502b91066c"
 SRC_URI[sha256sum] = "13086e31d428b9c125954d48ac497b754bbbce2ef34ea29ecd903e82e25bad29"
 UPSTREAM_CHECK_URI = "http://www.ngolde.de/libacpi.html"
diff --git a/meta/recipes-bsp/lrzsz/lrzsz-0.12.20/0001-Fix-build-with-GCC-15.patch b/meta/recipes-bsp/lrzsz/lrzsz-0.12.20/0001-Fix-build-with-GCC-15.patch
new file mode 100644
index 0000000000..e5e9125eea
--- /dev/null
+++ b/meta/recipes-bsp/lrzsz/lrzsz-0.12.20/0001-Fix-build-with-GCC-15.patch
@@ -0,0 +1,186 @@
+From 3739faa41f60841d5277344b17ddc69e78ed8996 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Sat, 22 Mar 2025 22:58:33 -0700
+Subject: [PATCH] Fix build with GCC 15
+This is collection of changes needed to get compiling with gcc-15
+which switched to use C23 as default std.
+Upstream-Status: Submitted [https://github.com/UweOhse/lrzsz/pull/8]
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ lib/error.c        | 2 +-
+ lib/getopt.h       | 2 +-
+ lib/long-options.c | 4 ++--
+ lib/long-options.h | 2 +-
+ lib/xstrtol.c      | 2 --
+ src/lrz.c          | 8 +-------
+ src/lsz.c          | 8 +-------
+ src/tcp.c          | 2 +-
+ src/zglobal.h      | 2 +-
+ src/zreadline.c    | 2 +-
+ 10 files changed, 10 insertions(+), 24 deletions(-)
+diff --git a/lib/error.c b/lib/error.c
+index 8f679c7..4632c9c 100644
+--- a/lib/error.c
+++ b/lib/error.c
+@@ -73,7 +73,7 @@ extern char *program_name;
+ 
+ # if HAVE_STRERROR
+ #  ifndef strerror             /* On some systems, strerror is a macro */
+-char *strerror ();
+char *strerror (int);
+ #  endif
+ # else
+ static char *
+diff --git a/lib/getopt.h b/lib/getopt.h
+index 4ac33b7..46971cb 100644
+--- a/lib/getopt.h
+++ b/lib/getopt.h
+@@ -101,7 +101,7 @@ struct option
+    errors, only prototype getopt for the GNU C library.  */
+ extern int getopt (int argc, char *const *argv, const char *shortopts);
+ #else /* not __GNU_LIBRARY__ */
+-extern int getopt ();
+extern int getopt (int, char * const [], const char *);
+ #endif /* __GNU_LIBRARY__ */
+ extern int getopt_long (int argc, char *const *argv, const char *shortopts,
+                        const struct option *longopts, int *longind);
+diff --git a/lib/long-options.c b/lib/long-options.c
+index 9ee8f66..2c8d267 100644
+--- a/lib/long-options.c
+++ b/lib/long-options.c
+@@ -40,7 +40,7 @@ parse_long_options (argc, argv,version, usage)
+      int argc;
+      char **argv;
+      void (*version)();
+-     void (*usage)();
+     void (*usage)(int);
+ {
+   int c;
+   int saved_opterr;
+@@ -61,7 +61,7 @@ parse_long_options (argc, argv,version, usage)
+          (*usage) (0);
+ 
+        case 'v':
+-         (*version) (0);
+         (*version) ();
+          /* printf ("%s (%s) %s\n", command_name, package, version_string); */
+          exit (0);
+ 
+diff --git a/lib/long-options.h b/lib/long-options.h
+index 14459cd..3fb8fa6 100644
+--- a/lib/long-options.h
+++ b/lib/long-options.h
+@@ -6,5 +6,5 @@
+ #endif
+ 
+ void parse_long_options __P ((int _argc, char **_argv, 
+-                                                         void (*_version) (void), 
+                                                         void (*_version) (), 
+                                                          void (*_usage) (int)));
+diff --git a/lib/xstrtol.c b/lib/xstrtol.c
+index 8755cf4..0ab337d 100644
+--- a/lib/xstrtol.c
+++ b/lib/xstrtol.c
+@@ -65,8 +65,6 @@ extern int errno;
+        }                                                               \
+       while (0)
+ 
+-__unsigned long int __strtol ();
+-
+ /* FIXME: comment.  */
+ 
+ strtol_error
+diff --git a/src/lrz.c b/src/lrz.c
+index b3cf1d5..ae3c62d 100644
+--- a/src/lrz.c
+++ b/src/lrz.c
+@@ -41,12 +41,6 @@
+ #include "xstrtoul.h"
+ #include "error.h"
+ 
+-#ifndef STRICT_PROTOTYPES
+-extern time_t time();
+-extern char *strerror();
+-extern char *strstr();
+-#endif
+-
+ #ifndef HAVE_ERRNO_DECLARATION
+ extern int errno;
+ #endif
+@@ -191,7 +185,7 @@ int enable_syslog=FALSE;
+ 
+ 
+ /* called by signal interrupt or terminate to clean things up */
+-RETSIGTYPE
+void
+ bibi(int n)
+ {
+        if (zmodem_requested)
+diff --git a/src/lsz.c b/src/lsz.c
+index e9e4660..69f4fb8 100644
+--- a/src/lsz.c
+++ b/src/lsz.c
+@@ -50,12 +50,6 @@ void *mm_addr=NULL;
+ #include "xstrtoul.h"
+ #include "error.h"
+ 
+-#ifndef STRICT_PROTOTYPES
+-extern time_t time();
+-extern char *strerror();
+-extern char *strstr();
+-#endif
+-
+ #ifndef HAVE_ERRNO_DECLARATION
+ extern int errno;
+ #endif
+@@ -218,7 +212,7 @@ static int zrqinits_sent=0;
+ static int play_with_sigint=0;
+ 
+ /* called by signal interrupt or terminate to clean things up */
+-RETSIGTYPE
+void
+ bibi (int n)
+ {
+        canit(STDOUT_FILENO);
+diff --git a/src/tcp.c b/src/tcp.c
+index 137f94c..a885d5b 100644
+--- a/src/tcp.c
+++ b/src/tcp.c
+@@ -38,7 +38,7 @@
+ #include <stdlib.h>
+ #include "error.h"
+ 
+-static RETSIGTYPE
+static void
+ tcp_alarm_handler(int dummy LRZSZ_ATTRIB_UNUSED)
+ {
+     /* doesn't need to do anything */
+diff --git a/src/zglobal.h b/src/zglobal.h
+index 573b461..55bd58f 100644
+--- a/src/zglobal.h
+++ b/src/zglobal.h
+@@ -357,7 +357,7 @@ extern int no_timeout;
+ extern int Zctlesc;    /* Encode control characters */
+ extern int under_rsh;
+ 
+-RETSIGTYPE bibi __P ((int n));
+void bibi __P ((int n));
+ 
+ #define sendline(c) putchar((c) & 0377)
+ #define xsendline(c) putchar(c)
+diff --git a/src/zreadline.c b/src/zreadline.c
+index aeda95c..c8f8263 100644
+--- a/src/zreadline.c
+++ b/src/zreadline.c
+@@ -43,7 +43,7 @@ static char *readline_buffer;
+ int readline_left=0;
+ char *readline_ptr;
+ 
+-static RETSIGTYPE
+static void
+ zreadline_alarm_handler(int dummy LRZSZ_ATTRIB_UNUSED)
+ {
+        /* doesn't need to do anything */
diff --git a/meta/recipes-bsp/lrzsz/lrzsz_0.12.20.bb b/meta/recipes-bsp/lrzsz/lrzsz_0.12.20.bb
index a34fb4eb03..777560bd22 100644
--- a/meta/recipes-bsp/lrzsz/lrzsz_0.12.20.bb
+++ b/meta/recipes-bsp/lrzsz/lrzsz_0.12.20.bb
@@ -10,19 +10,17 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=0636e73ff0215e8d672dc4c32c317bb3 \
                        file://src/lrz.c;beginline=1;endline=10;md5=5276956373ff7d8758837f6399a1045f"
 SECTION = "console/network"
 DEPENDS = ""
-PR = "r6"
-SRC_URI = "http://www.ohse.de/uwe/releases/lrzsz-${PV}.tar.gz \
+SRC_URI = "https://www.ohse.de/uwe/releases/lrzsz-${PV}.tar.gz \
           file://autotools-update.patch \
-           file://autotools.patch \
+           file://autotools.patch \
-           file://makefile.patch \
+           file://makefile.patch \
           file://lrzsz-check-locale.h.patch \
           file://cve-2018-10195.patch \
           file://include.patch \
           file://0001-Fix-cross-compilation-using-autoconf-detected-AR.patch \
+           file://0001-Fix-build-with-GCC-15.patch \
           "
-SRC_URI[md5sum] = "b5ce6a74abc9b9eb2af94dffdfd372a4"
 SRC_URI[sha256sum] = "c28b36b14bddb014d9e9c97c52459852f97bd405f89113f30bee45ed92728ff1"
 UPSTREAM_CHECK_URI = "http://ohse.de/uwe/software/lrzsz.html"
@@ -47,3 +45,9 @@ ALTERNATIVE_TARGET[rb] = "${bindir}/lrz"
 ALTERNATIVE_TARGET[sz] = "${bindir}/lsz"
 ALTERNATIVE_TARGET[sx] = "${bindir}/lsz"
 ALTERNATIVE_TARGET[sb] = "${bindir}/lsz"
+# http://errors.yoctoproject.org/Errors/Details/766929/
+# lrzsz-0.12.20/src/tcp.c:75:56: error: passing argument 3 of 'getsockname' from incompatible pointer type [-Wincompatible-pointer-types]
+# lrzsz-0.12.20/src/tcp.c:83:52: error: passing argument 3 of 'getsockname' from incompatible pointer type [-Wincompatible-pointer-types]
+# lrzsz-0.12.20/src/tcp.c:103:51: error: passing argument 3 of 'accept' from incompatible pointer type [-Wincompatible-pointer-types]
+CFLAGS += "-Wno-error=incompatible-pointer-types"
diff --git a/meta/recipes-bsp/opensbi/opensbi-payloads.inc b/meta/recipes-bsp/opensbi/opensbi-payloads.inc
index e590a27573..a55679632e 100644
--- a/meta/recipes-bsp/opensbi/opensbi-payloads.inc
+++ b/meta/recipes-bsp/opensbi/opensbi-payloads.inc
@@ -1,13 +1,15 @@
 def riscv_get_extra_oemake_image(d):
    sbi_payload = d.getVar('RISCV_SBI_PAYLOAD')
-    deploy_dir = d.getVar('DEPLOY_DIR_IMAGE')
    if sbi_payload is None:
        return ""
+    deploy_dir = d.getVar('DEPLOY_DIR_IMAGE')
    return "FW_PAYLOAD_PATH=" + deploy_dir + "/" + sbi_payload
 def riscv_get_extra_oemake_fdt(d):
+    if d.getVar('RISCV_SBI_PAYLOAD') is None:
+        return ""
    sbi_fdt = d.getVar('RISCV_SBI_FDT')
    deploy_dir = d.getVar('DEPLOY_DIR_IMAGE')
@@ -18,11 +20,11 @@ def riscv_get_extra_oemake_fdt(d):
 def riscv_get_do_compile_depends(d):
    sbi_payload = d.getVar('RISCV_SBI_PAYLOAD') or ""
-    sbi_fdt = d.getVar('RISCV_SBI_FDT') or ""
+    if sbi_payload == "":
-    if sbi_payload == "" and sbi_fdt == "":
        return ""
+    sbi_fdt = d.getVar('RISCV_SBI_FDT') or ""
    if sbi_fdt != "" and 'u-boot.bin' in sbi_payload:
        return "virtual/kernel:do_deploy virtual/bootloader:do_deploy"
diff --git a/meta/recipes-bsp/opensbi/opensbi_1.1.bb b/meta/recipes-bsp/opensbi/opensbi_1.7.bb
index d3a6296533..a460062e93 100644
--- a/meta/recipes-bsp/opensbi/opensbi_1.1.bb
+++ b/meta/recipes-bsp/opensbi/opensbi_1.7.bb
@@ -6,14 +6,18 @@ LIC_FILES_CHKSUM = "file://COPYING.BSD;md5=42dd9555eb177f35150cf9aa240b61e5"
 require opensbi-payloads.inc
-inherit autotools-brokensep deploy
+inherit deploy
-SRCREV = "4489876e933d8ba0d8bc6c64bae71e295d45faac"
+SRCREV = "a32a91069119e7a5aa31e6bc51d5e00860be3d80"
 SRC_URI = "git://github.com/riscv/opensbi.git;branch=master;protocol=https"
-S = "${WORKDIR}/git"
+TARGET_DBGSRC_DIR = "/share/opensbi/*/generic/firmware/"
-EXTRA_OEMAKE += "PLATFORM=${RISCV_SBI_PLAT} I=${D} FW_PIC=n CLANG_TARGET= "
+TARGET_CC_ARCH += "${LDFLAGS}"
+RISCV_SBI_FW_TEXT_START ??= "0x80000000"
+EXTRA_OEMAKE += "REPRODUCIBLE=y CROSS_COMPILE=${HOST_PREFIX} ELFFLAGS="${LDFLAGS}" PLATFORM=${RISCV_SBI_PLAT} I=${D} FW_TEXT_START=${RISCV_SBI_FW_TEXT_START}"
+EXTRA_OEMAKE:append:toolchain-clang = " LLVM=y"
 # If RISCV_SBI_PAYLOAD is set then include it as a payload
 EXTRA_OEMAKE:append = " ${@riscv_get_extra_oemake_image(d)}"
 EXTRA_OEMAKE:append = " ${@riscv_get_extra_oemake_fdt(d)}"
@@ -21,7 +25,12 @@ EXTRA_OEMAKE:append = " ${@riscv_get_extra_oemake_fdt(d)}"
 # Required if specifying a custom payload
 do_compile[depends] += "${@riscv_get_do_compile_depends(d)}"
-do_install:append() {
+do_compile() {
+        oe_runmake
+}
+do_install() {
+        oe_runmake DESTDIR=${D} install
        # In the future these might be required as a dependency for other packages.
        # At the moment just delete them to avoid warnings
        rm -r ${D}/include
@@ -42,6 +51,3 @@ FILES:${PN} += "/share/opensbi/*/${RISCV_SBI_PLAT}/firmware/fw_payload.*"
 FILES:${PN} += "/share/opensbi/*/${RISCV_SBI_PLAT}/firmware/fw_dynamic.*"
 COMPATIBLE_HOST = "(riscv64|riscv32).*"
-INHIBIT_PACKAGE_STRIP = "1"
-SECURITY_CFLAGS = ""
diff --git a/meta/recipes-bsp/pciutils/pciutils/configure.patch b/meta/recipes-bsp/pciutils/pciutils/configure.patch
deleted file mode 100644
index cf55b94808..0000000000
--- a/meta/recipes-bsp/pciutils/pciutils/configure.patch
+++ /dev/null
@@ -1,91 +0,0 @@
-From 502c01e180d9085fcbeaf2fb46239999c4f335d2 Mon Sep 17 00:00:00 2001
-From: Richard Purdie <rpurdie@linux.intel.com>
-Date: Wed, 31 Dec 2008 17:20:38 +0000
-Subject: [PATCH] pciutils: Upgarde 2.2.4 -> 3.0.3
-This patch:
-* ensures we link correctly
-* allows us to optionally pass target information to configure rather than using uname
-* select linux as the platform in most cases we care about
-This is a merge of various tweaks to allow us to build pciutils including
-work from:
-7/30/2010 - Qing He <qing.he@intel.com>
-1/22/2012 - Shane Wang <shane.wang@intel.com>
-Ionut Radu <ionutx.radu@intel.com>
-2017/6/15 - RP - Cleanups and merging patches
-Upstream-Status: Inappropriate [embedded specific]
---
- Makefile      |  2 +-
- lib/configure | 14 ++++++++++----
- 2 files changed, 11 insertions(+), 5 deletions(-)
-diff --git a/Makefile b/Makefile
-index 9319bb4..78a2d54 100644
--- a/Makefile
-+++ b/Makefile
-@@ -108,7 +108,7 @@ example$(EXEEXT): example.o lib/$(PCILIB)
- example.o: example.c $(PCIINC)
- 
- %$(EXEEXT): %.o
-       $(CC) $(LDFLAGS) $(TARGET_ARCH) $^ $(LDLIBS) -o $@
-+       $(CC) $(LDFLAGS) $(TARGET_ARCH) $^ $(LIB_LDLIBS) $(LDLIBS) -o $@
- 
- %.8 %.7 %.5: %.man
-        M=`echo $(DATE) | sed 's/-01-/-January-/;s/-02-/-February-/;s/-03-/-March-/;s/-04-/-April-/;s/-05-/-May-/;s/-06-/-June-/;s/-07-/-July-/;s/-08-/-August-/;s/-09-/-September-/;s/-10-/-October-/;s/-11-/-November-/;s/-12-/-December-/;s/\(.*\)-\(.*\)-\(.*\)/\3 \2 \1/'` ; sed <$< >$@ "s/@TODAY@/$$M/;s/@VERSION@/pciutils-$(VERSION)/;s#@IDSDIR@#$(IDSDIR)#;s#@PCI_IDS@#$(PCI_IDS)#"
-diff --git a/lib/configure b/lib/configure
-index 45a416a..1afdaa6 100755
--- a/lib/configure
-+++ b/lib/configure
-@@ -9,6 +9,10 @@ echo_n() {
-        printf '%s' "$*"
- }
- 
-+VERSION=$1
-+IDSDIR=$2
-+DNS=yes
-+
- if [ -z "$VERSION" ] ; then
-        echo >&2 "Please run the configure script from the top-level Makefile"
-        exit 1
-@@ -16,8 +20,8 @@ fi
- 
- echo_n "Configuring libpci for your system..."
- if [ -z "$HOST" ] ; then
-       sys=`uname -s`
-       rel=`uname -r`
-+       sys=${3:-`uname -s`}
-+       rel=
-        realsys="$sys"
-        if [ "$sys" = "AIX" -a -x /usr/bin/oslevel -a -x /usr/sbin/lsattr ]
-        then
-@@ -25,7 +29,7 @@ if [ -z "$HOST" ] ; then
-                proc=`/usr/sbin/lsdev -C -c processor -S available -F name | head -1`
-                cpu=`/usr/sbin/lsattr -F value -l $proc -a type | sed 's/_.*//'`
-        else
-               cpu=`uname -m | sed 's/^i.86-AT386/i386/;s/^i.86$/i386/;s/^sun4u$/sparc64/;s/^i86pc$/i386/;s/^BePC$/i386/;s/^BeMac$/powerpc/;s/^BeBox$/powerpc/'`
-+               cpu=${4:-`uname -m | sed 's/^i.86-AT386/i386/;s/^i.86$/i386/;s/^sun4u$/sparc64/;s/^i86pc$/i386/;s/^BePC$/i386/;s/^BeMac$/powerpc/;s/^BeBox$/powerpc/'`}
-        fi
-        if [ "$sys" = "DragonFly" ]
-        then
-@@ -43,7 +47,7 @@ if [ -z "$HOST" ] ; then
-        then
-                sys=cygwin
-        fi
-       HOST=${3:-$cpu-$sys}
-+       HOST=$cpu-$sys
- fi
- [ -n "$RELEASE" ] && rel="${RELEASE}"
- # CAVEAT: tr on Solaris is a bit weird and the extra [] is otherwise harmless.
-@@ -52,6 +56,8 @@ cpu=`echo $host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'`
- sys=`echo $host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'`
- echo " $host $rel $cpu $sys"
- 
-+{ echo "$host" | grep linux; } && sys=linux
-+
- c=config.h
- m=config.mk
- echo >$c '#define PCI_CONFIG_H'
diff --git a/meta/recipes-bsp/pciutils/pciutils_3.8.0.bb b/meta/recipes-bsp/pciutils/pciutils_3.14.0.bb
index 4f57342e1e..a267ea34b7 100644
--- a/meta/recipes-bsp/pciutils/pciutils_3.8.0.bb
+++ b/meta/recipes-bsp/pciutils/pciutils_3.14.0.bb
@@ -1,7 +1,7 @@
 SUMMARY = "PCI utilities"
 DESCRIPTION = 'The PCI Utilities package contains a library for portable access \
 to PCI bus configuration space and several utilities based on this library.'
-HOMEPAGE = "http://atrey.karlin.mff.cuni.cz/~mj/pciutils.shtml"
+HOMEPAGE = "https://mj.ucw.cz/sw/pciutils/"
 SECTION = "console/utils"
 LICENSE = "GPL-2.0-or-later"
@@ -9,44 +9,33 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=751419260aa954499f7abaabaa882bbe"
 # Can drop make-native when all systems have make 4.3
 # https://git.savannah.gnu.org/cgit/make.git/commit/?id=b90fabc8d6f34fb37d428dc0fb1b8b1951a9fbed
 # causes space issues in lib/libpci.pc
-DEPENDS = "zlib kmod make-native"
+DEPENDS = "make-native"
-SRC_URI = "${KERNELORG_MIRROR}/software/utils/pciutils/pciutils-${PV}.tar.xz \
+SRC_URI = "${KERNELORG_MIRROR}/software/utils/pciutils/pciutils-${PV}.tar.xz"
-           file://configure.patch"
+SRC_URI[sha256sum] = "e7713409882813991d2269d125e40dad1f54a019a52b78b3962941c1d4a6f86f"
-SRC_URI[sha256sum] = "91edbd0429a84705c9ad156d4ff38ccc724d41ea54c4c5b88e38e996f8a34f05"
 inherit multilib_header pkgconfig update-alternatives
-PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'hwdb', '', d)}"
+PACKAGECONFIG ??= "hwdb kmod zlib"
 PACKAGECONFIG[hwdb] = "HWDB=yes,HWDB=no,udev"
+PACKAGECONFIG[kmod] = "LIBKMOD=yes,LIBKMOD=no,kmod"
-PCI_CONF_FLAG = "ZLIB=yes DNS=yes SHARED=yes STRIP= LIBDIR=${libdir}"
+PACKAGECONFIG[zlib] = "ZLIB=yes,ZLIB=no,zlib"
-# see configure.patch
+# Configuration options
-do_configure () {
+EXTRA_OEMAKE += "${PACKAGECONFIG_CONFARGS} DNS=yes SHARED=yes"
-        (
+# Construct a HOST that matches what lib/configure expects
-          cd lib && \
+EXTRA_OEMAKE += "HOST="${HOST_ARCH}-${HOST_OS}""
-          # PACKAGECONFIG_CONFARGS for this recipe could only possibly contain 'HWDB=yes/no',
+# Toolchain. We need to pass CFLAGS via CC as this is the only variable
-          # so we put it before ./configure
+# available to the caller without clobbering assignments (notably, -fPIC)
-          ${PCI_CONF_FLAG} ${PACKAGECONFIG_CONFARGS} ./configure ${PV} ${datadir} ${TARGET_OS} ${TARGET_ARCH}
+EXTRA_OEMAKE += "CC="${CC} ${CFLAGS}" AR="${AR}" STRIP= LDFLAGS="${LDFLAGS}""
-        )
+# Paths
-}
+EXTRA_OEMAKE += "PREFIX=${prefix} LIBDIR=${libdir} SBINDIR=${sbindir} SHAREDIR=${datadir} MANDIR=${mandir}"
-export PREFIX = "${prefix}"
-export SBINDIR = "${sbindir}"
-export SHAREDIR = "${datadir}"
-export MANDIR = "${mandir}"
-EXTRA_OEMAKE = "-e MAKEFLAGS= ${PCI_CONF_FLAG}"
-ASNEEDED = ""
-# The configure script breaks if the HOST variable is set
-HOST[unexport] = "1"
 do_install () {
-        oe_runmake DESTDIR=${D} install install-lib
+        # Do these in separate calls as they expose a race in pseudo when creating
+        # symlinks when ran in parallel.
+        oe_runmake DESTDIR=${D} install
+        oe_runmake DESTDIR=${D} install-lib
        install -d ${D}${bindir}
@@ -54,11 +43,13 @@ do_install () {
 }
 PACKAGES =+ "${PN}-ids libpci"
 FILES:${PN}-ids = "${datadir}/pci.ids*"
-FILES:libpci = "${libdir}/libpci.so.*"
 SUMMARY:${PN}-ids = "PCI utilities - device ID database"
 DESCRIPTION:${PN}-ids = "Package providing the PCI device ID database for pciutils."
 RDEPENDS:${PN} += "${PN}-ids"
+FILES:libpci = "${libdir}/libpci.so.*"
 ALTERNATIVE:${PN} = "lspci"
 ALTERNATIVE_PRIORITY = "100"
diff --git a/meta/recipes-bsp/pm-utils/pm-utils_1.4.1.bb b/meta/recipes-bsp/pm-utils/pm-utils_1.4.1.bb
index c6a4bc4932..8756511c17 100644
--- a/meta/recipes-bsp/pm-utils/pm-utils_1.4.1.bb
+++ b/meta/recipes-bsp/pm-utils/pm-utils_1.4.1.bb
@@ -6,22 +6,22 @@ LICENSE = "GPL-2.0-only"
 LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f \
                    file://src/pm-pmu.c;beginline=1;endline=22;md5=3c1ddbc54e735fb4a0386e14c78a3147"
-PR = "r1"
 SRC_URI = "http://pm-utils.freedesktop.org/releases/pm-utils-${PV}.tar.gz"
-SRC_URI[md5sum] = "1742a556089c36c3a89eb1b957da5a60"
 SRC_URI[sha256sum] = "8ed899032866d88b2933a1d34cc75e8ae42dcde20e1cc21836baaae3d4370c0b"
 inherit pkgconfig autotools manpages
 PACKAGECONFIG[manpages] = "--enable-doc, --disable-doc, libxslt-native xmlto-native"
-RDEPENDS:${PN} = "grep bash"
+RDEPENDS:${PN} = "bash"
+EXTRA_OECONF = "--libdir=${nonarch_libdir}"
 do_configure:prepend () {
        ( cd ${S}; autoreconf -f -i -s )
 }
-FILES:${PN} += "${libdir}/${BPN}/*"
+FILES:${PN} += "${nonarch_libdir}/${BPN}/*"
 FILES:${PN}-dbg += "${datadir}/doc/pm-utils/README.debugging"
+FILES:${PN}-dev += "${nonarch_libdir}/pkgconfig/pm-utils.pc"
diff --git a/meta/recipes-bsp/setserial/setserial_2.17.bb b/meta/recipes-bsp/setserial/setserial_2.17.bb
index e46aeb90cb..e1e80e31ae 100644
--- a/meta/recipes-bsp/setserial/setserial_2.17.bb
+++ b/meta/recipes-bsp/setserial/setserial_2.17.bb
@@ -1,16 +1,14 @@
 SUMMARY = "Controls the configuration of serial ports"
 DESCRIPTION = "setserial is a program designed to set and/or report the configuration information associated with a serial port"
 HOMEPAGE = "http://setserial.sourceforge.net"
-AUTHOR = "Theodore Ts'o <tytso@mit.edu>"
 SECTION = "console/utils"
 LICENSE = "GPL-2.0-only"
 LIC_FILES_CHKSUM = "file://version.h;beginline=1;endline=6;md5=2e7c59cb9e57e356ae81f50f4e4dfd99"
-PR = "r3"
 DEPENDS += "groff-native"
-inherit autotools-brokensep
+inherit autotools-brokensep sourceforge-releases
 SRC_URI = "${SOURCEFORGE_MIRROR}/setserial/${BPN}-${PV}.tar.gz \
           file://add_stdlib.patch \
@@ -18,7 +16,6 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/setserial/${BPN}-${PV}.tar.gz \
           file://0001-setserial.c-Add-needed-system-headers-for-ioctl-and-.patch \
           "
-SRC_URI[md5sum] = "c4867d72c41564318e0107745eb7a0f2"
 SRC_URI[sha256sum] = "7e4487d320ac31558563424189435d396ddf77953bb23111a17a3d1487b5794a"
 do_install() {
diff --git a/meta/recipes-bsp/u-boot/files/0001-riscv-fix-build-with-binutils-2.38.patch b/meta/recipes-bsp/u-boot/files/0001-riscv-fix-build-with-binutils-2.38.patch
deleted file mode 100644
index 3598329b99..0000000000
--- a/meta/recipes-bsp/u-boot/files/0001-riscv-fix-build-with-binutils-2.38.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From 26a7f6b1e4c5f715c03e59a623f0d620498b92cf Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Sun, 13 Feb 2022 21:11:31 -0800
-Subject: [PATCH] riscv: fix build with binutils 2.38
-From version 2.38, binutils default to ISA spec version 20191213. This
-means that the csr read/write (csrr*/csrw*) instructions and fence.i
-instruction has separated from the `I` extension, become two standalone
-extensions: Zicsr and Zifencei.
-The fix is to specify those extensions explicitely in -march. However as
-older binutils version do not support this, we first need to detect
-that.
-Fixes
-arch/riscv/lib/cache.c: Assembler messages:
-arch/riscv/lib/cache.c:12: Error: unrecognized opcode `fence.i'
-Upstream-Status: Submitted []
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
- arch/riscv/Makefile | 7 ++++++-
- 1 file changed, 6 insertions(+), 1 deletion(-)
--- a/arch/riscv/Makefile
-+++ b/arch/riscv/Makefile
-@@ -28,7 +28,12 @@ ifeq ($(CONFIG_CMODEL_MEDANY),y)
-        CMODEL = medany
- endif
- 
-ARCH_FLAGS = -march=$(ARCH_BASE)$(ARCH_A)$(ARCH_F)$(ARCH_D)$(ARCH_C) -mabi=$(ABI) \
-+# Newer binutils versions default to ISA spec version 20191213 which moves some
-+# instructions from the I extension to the Zicsr and Zifencei extensions.
-+toolchain-need-zicsr-zifencei := $(call cc-option-yn, -march=$(ARCH_BASE)$(ARCH_A)$(ARCH_F)$(ARCH_D)$(ARCH_C)_zicsr_zifencei)
-+zicsr_zifencei-$(toolchain-need-zicsr-zifencei) := _zicsr_zifencei
-+
-+ARCH_FLAGS = -march=$(ARCH_BASE)$(ARCH_A)$(ARCH_F)$(ARCH_D)$(ARCH_C)$(zicsr_zifencei-y) -mabi=$(ABI) \
-             -mcmodel=$(CMODEL)
- 
- PLATFORM_CPPFLAGS      += $(ARCH_FLAGS)
diff --git a/meta/recipes-bsp/u-boot/files/0001-riscv32-Use-double-float-ABI-for-rv32.patch b/meta/recipes-bsp/u-boot/files/0001-riscv32-Use-double-float-ABI-for-rv32.patch
deleted file mode 100644
index 0bf1bef2c9..0000000000
--- a/meta/recipes-bsp/u-boot/files/0001-riscv32-Use-double-float-ABI-for-rv32.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From 66dfe0fa886f6289add06d1af8642ce2b5302852 Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Tue, 9 Feb 2021 16:40:12 -0800
-Subject: [PATCH] riscv32: Use double-float ABI for rv32
-So it can use libgcc built with OE toolchain
-Fixes
-error: "can't link hard-float modules with soft-float modules"
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
-Upstream-Status: Inappropriate [embedded specific]
---
- arch/riscv/Makefile | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
--- a/arch/riscv/Makefile
-+++ b/arch/riscv/Makefile
-@@ -5,11 +5,15 @@
- 
- ifeq ($(CONFIG_ARCH_RV64I),y)
-        ARCH_BASE = rv64im
-       ABI = lp64
-+       ABI = lp64d
-+       ARCH_D = d
-+       ARCH_F = f
- endif
- ifeq ($(CONFIG_ARCH_RV32I),y)
-        ARCH_BASE = rv32im
-       ABI = ilp32
-+       ABI = ilp32d
-+       ARCH_D = d
-+       ARCH_F = f
- endif
- ifeq ($(CONFIG_RISCV_ISA_A),y)
-        ARCH_A = a
-@@ -24,7 +28,7 @@ ifeq ($(CONFIG_CMODEL_MEDANY),y)
-        CMODEL = medany
- endif
- 
-ARCH_FLAGS = -march=$(ARCH_BASE)$(ARCH_A)$(ARCH_C) -mabi=$(ABI) \
-+ARCH_FLAGS = -march=$(ARCH_BASE)$(ARCH_A)$(ARCH_F)$(ARCH_D)$(ARCH_C) -mabi=$(ABI) \
-             -mcmodel=$(CMODEL)
- 
- PLATFORM_CPPFLAGS      += $(ARCH_FLAGS)
diff --git a/meta/recipes-bsp/u-boot/files/disable-CONFIG_BLOBLIST.cfg b/meta/recipes-bsp/u-boot/files/disable-CONFIG_BLOBLIST.cfg
new file mode 100644
index 0000000000..d01d3d12d8
--- /dev/null
+++ b/meta/recipes-bsp/u-boot/files/disable-CONFIG_BLOBLIST.cfg
@@ -0,0 +1 @@
+# CONFIG_BLOBLIST is not set
diff --git a/meta/recipes-bsp/u-boot/files/disable_CONFIG_USB.cfg b/meta/recipes-bsp/u-boot/files/disable_CONFIG_USB.cfg
new file mode 100644
index 0000000000..1d2509982b
--- /dev/null
+++ b/meta/recipes-bsp/u-boot/files/disable_CONFIG_USB.cfg
@@ -0,0 +1 @@
+# CONFIG_USB is not set
diff --git a/meta/recipes-bsp/u-boot/files/u-boot-riscv-isa_a.cfg b/meta/recipes-bsp/u-boot/files/u-boot-riscv-isa_a.cfg
new file mode 100644
index 0000000000..fc45b64480
--- /dev/null
+++ b/meta/recipes-bsp/u-boot/files/u-boot-riscv-isa_a.cfg
@@ -0,0 +1 @@
+CONFIG_RISCV_ISA_A=y
diff --git a/meta/recipes-bsp/u-boot/files/u-boot-riscv-isa_c.cfg b/meta/recipes-bsp/u-boot/files/u-boot-riscv-isa_c.cfg
new file mode 100644
index 0000000000..1cb459f636
--- /dev/null
+++ b/meta/recipes-bsp/u-boot/files/u-boot-riscv-isa_c.cfg
@@ -0,0 +1 @@
+CONFIG_RISCV_ISA_C=y
diff --git a/meta/recipes-bsp/u-boot/files/u-boot-riscv-isa_clear.cfg b/meta/recipes-bsp/u-boot/files/u-boot-riscv-isa_clear.cfg
new file mode 100644
index 0000000000..ce90da23ce
--- /dev/null
+++ b/meta/recipes-bsp/u-boot/files/u-boot-riscv-isa_clear.cfg
@@ -0,0 +1,6 @@
+# CONFIG_RISCV_ISA_C is not set
+# CONFIG_RISCV_ISA_F is not set
+# CONFIG_RISCV_ISA_D is not set
+# CONFIG_RISCV_ISA_ZBB is not set
+# CONFIG_RISCV_ISA_A is not set
+# CONFIG_RISCV_ISA_ZICBOM is not set
diff --git a/meta/recipes-bsp/u-boot/files/u-boot-riscv-isa_d.cfg b/meta/recipes-bsp/u-boot/files/u-boot-riscv-isa_d.cfg
new file mode 100644
index 0000000000..fd25fa4e89
--- /dev/null
+++ b/meta/recipes-bsp/u-boot/files/u-boot-riscv-isa_d.cfg
@@ -0,0 +1 @@
+CONFIG_RISCV_ISA_D=y
diff --git a/meta/recipes-bsp/u-boot/files/u-boot-riscv-isa_f.cfg b/meta/recipes-bsp/u-boot/files/u-boot-riscv-isa_f.cfg
new file mode 100644
index 0000000000..dfa9876f82
--- /dev/null
+++ b/meta/recipes-bsp/u-boot/files/u-boot-riscv-isa_f.cfg
@@ -0,0 +1 @@
+CONFIG_RISCV_ISA_F=y
diff --git a/meta/recipes-bsp/u-boot/files/u-boot-riscv-isa_zbb.cfg b/meta/recipes-bsp/u-boot/files/u-boot-riscv-isa_zbb.cfg
new file mode 100644
index 0000000000..2b71b016f8
--- /dev/null
+++ b/meta/recipes-bsp/u-boot/files/u-boot-riscv-isa_zbb.cfg
@@ -0,0 +1 @@
+CONFIG_RISCV_ISA_ZBB=y
diff --git a/meta/recipes-bsp/u-boot/files/u-boot-riscv-isa_zicbom.cfg b/meta/recipes-bsp/u-boot/files/u-boot-riscv-isa_zicbom.cfg
new file mode 100644
index 0000000000..96daf04b20
--- /dev/null
+++ b/meta/recipes-bsp/u-boot/files/u-boot-riscv-isa_zicbom.cfg
@@ -0,0 +1 @@
+CONFIG_RISCV_ISA_ZICBOM=y
diff --git a/meta/recipes-bsp/u-boot/libubootenv/0001-Update-cmake_minimum_required-to-3.5.patch b/meta/recipes-bsp/u-boot/libubootenv/0001-Update-cmake_minimum_required-to-3.5.patch
new file mode 100644
index 0000000000..ee174ca59e
--- /dev/null
+++ b/meta/recipes-bsp/u-boot/libubootenv/0001-Update-cmake_minimum_required-to-3.5.patch
@@ -0,0 +1,50 @@
+From cd12d9dd2bea8e4580f458df77229477fc55ba70 Mon Sep 17 00:00:00 2001
+From: James Hilliard <james.hilliard1@gmail.com>
+Date: Wed, 14 May 2025 14:17:40 -0600
+Subject: [PATCH] Update cmake_minimum_required to 3.5
+This supports compilation with cmake-4.0.0.
+Fixes:
+CMake Error at CMakeLists.txt:5 (cmake_minimum_required):
+  Compatibility with CMake < 3.5 has been removed from CMake.
+  Update the VERSION argument <min> value.  Or, use the <min>...<max> syntax
+  to tell CMake that the project requires at least <min> but has been updated
+  to work with policies introduced by <max> or earlier.
+  Or, add -DCMAKE_POLICY_VERSION_MINIMUM=3.5 to try configuring anyway.
+Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
+Upstream-Status: Backport [cd12d9dd2bea8e4580f458df77229477fc55ba70]
+---
+ CMakeLists.txt     | 2 +-
+ src/CMakeLists.txt | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index 796d7bc..0a11730 100644
+--- a/CMakeLists.txt
+++ b/CMakeLists.txt
+@@ -2,7 +2,7 @@
+ #
+ # SPDX-License-Identifier:     LGPL-2.1-or-later
+-cmake_minimum_required (VERSION 2.6)
+cmake_minimum_required (VERSION 3.5)
+ project (libubootenv C)
+ # The version number.
+diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
+index c56d0c7..3370232 100644
+--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
+@@ -1,7 +1,7 @@
+ # SPDX-FileCopyrightText: 2019-2021 Stefano Babic <stefano.babic@swupdate.org>
+ #
+ # SPDX-License-Identifier:     LGPL-2.1-or-later
+-cmake_minimum_required (VERSION 2.6)
+cmake_minimum_required (VERSION 3.5)
+ # Sources and private headers
+ SET(libubootenv_SOURCES
+   uboot_env.c
diff --git a/meta/recipes-bsp/u-boot/libubootenv_0.3.3.bb b/meta/recipes-bsp/u-boot/libubootenv_0.3.6.bb
index 55f91b6f05..b63b8ff87d 100644
--- a/meta/recipes-bsp/u-boot/libubootenv_0.3.3.bb
+++ b/meta/recipes-bsp/u-boot/libubootenv_0.3.6.bb
@@ -10,16 +10,16 @@ LICENSE = "LGPL-2.1-or-later"
 LIC_FILES_CHKSUM = "file://LICENSES/LGPL-2.1-or-later.txt;md5=4fbd65380cdd255951079008b364516c"
 SECTION = "libs"
-SRC_URI = "git://github.com/sbabic/libubootenv;protocol=https;branch=master"
+SRC_URI = "git://github.com/sbabic/libubootenv;protocol=https;branch=master \
-SRCREV = "108100622160bb0c7ef4b6186230fe1f26402791"
+           file://0001-Update-cmake_minimum_required-to-3.5.patch \
+           "
-S = "${WORKDIR}/git"
+SRCREV = "5507339628b5caf244e1ff9d58cb3fa534b16beb"
 inherit cmake lib_package
 EXTRA_OECMAKE = "-DCMAKE_BUILD_TYPE=Release"
-DEPENDS = "zlib"
+DEPENDS = "zlib libyaml"
 PROVIDES += "u-boot-fw-utils"
 RPROVIDES:${PN}-bin += "u-boot-fw-utils"
diff --git a/meta/recipes-bsp/u-boot/u-boot-common.inc b/meta/recipes-bsp/u-boot/u-boot-common.inc
index d7fd3c7227..8600d4bab6 100644
--- a/meta/recipes-bsp/u-boot/u-boot-common.inc
+++ b/meta/recipes-bsp/u-boot/u-boot-common.inc
@@ -4,7 +4,7 @@ ARM, MIPS and several other processors, which can be installed in a boot \
 ROM and used to initialize and test the hardware or to download and run \
 application code."
 SECTION = "bootloaders"
-DEPENDS += "flex-native bison-native"
+DEPENDS += "flex-native bison-native python3-setuptools-native"
 LICENSE = "GPL-2.0-or-later"
 LIC_FILES_CHKSUM = "file://Licenses/README;md5=2ca5f2c35c8cc335f0a19756634782f1"
@@ -12,11 +12,22 @@ PE = "1"
 # We use the revision in order to avoid having to fetch it from the
 # repo during parse
-SRCREV = "e092e3250270a1016c877da7bdd9384f14b1321e"
+SRCREV = "34820924edbc4ec7803eb89d9852f4b870fa760a"
-SRC_URI = "git://source.denx.de/u-boot/u-boot.git;protocol=https;branch=master"
+SRC_URI = "git://source.denx.de/u-boot/u-boot.git;protocol=https;branch=master;tag=v${PV}"
+SRC_URI_RISCV = "\
+    file://u-boot-riscv-isa_clear.cfg \
+    ${@bb.utils.contains    ("TUNE_FEATURES", "a",      "file://u-boot-riscv-isa_a.cfg", "", d)} \
+    ${@bb.utils.contains    ("TUNE_FEATURES", "f",      "file://u-boot-riscv-isa_f.cfg", "", d)} \
+    ${@bb.utils.contains    ("TUNE_FEATURES", "d",      "file://u-boot-riscv-isa_d.cfg", "", d)} \
+    ${@bb.utils.contains_any("TUNE_FEATURES", "b zbb",  "file://u-boot-riscv-isa_zbb.cfg", "", d)} \
+    ${@bb.utils.contains    ("TUNE_FEATURES", "zicbom", "file://u-boot-riscv-isa_zicbom.cfg", "", d)} \
+    "
+SRC_URI:append:riscv32 = "${SRC_URI_RISCV}"
+SRC_URI:append:riscv64 = "${SRC_URI_RISCV}"
-S = "${WORKDIR}/git"
 B = "${WORKDIR}/build"
 inherit pkgconfig
diff --git a/meta/recipes-bsp/u-boot/u-boot-configure.inc b/meta/recipes-bsp/u-boot/u-boot-configure.inc
index 04e0894752..a15511f8b2 100644
--- a/meta/recipes-bsp/u-boot/u-boot-configure.inc
+++ b/meta/recipes-bsp/u-boot/u-boot-configure.inc
@@ -8,6 +8,8 @@ inherit uboot-config cml1
 DEPENDS += "kern-tools-native"
+CONFIGURE_FILES = "${@d.getVar('UBOOT_MACHINE') or '.config'}"
 do_configure () {
    if [ -n "${UBOOT_CONFIG}" ]; then
        unset i j
@@ -16,24 +18,35 @@ do_configure () {
            for type in ${UBOOT_CONFIG}; do
                j=$(expr $j + 1);
                if [ $j -eq $i ]; then
-                    oe_runmake -C ${S} O=${B}/${config} ${config}
+                    uboot_configure_config $config $type
-                    if [ -n "${@' '.join(find_cfgs(d))}" ]; then
-                        merge_config.sh -m -O ${B}/${config} ${B}/${config}/.config ${@" ".join(find_cfgs(d))}
-                        oe_runmake -C ${S} O=${B}/${config} oldconfig
-                    fi
                fi
            done
            unset j
        done
        unset i
-        DEVTOOL_DISABLE_MENUCONFIG=true
    else
-        if [ -n "${UBOOT_MACHINE}" ]; then
+        uboot_configure
-            oe_runmake -C ${S} O=${B} ${UBOOT_MACHINE}
+    fi
-        else
+}
-            oe_runmake -C ${S} O=${B} oldconfig
-        fi
+uboot_configure_config () {
-        merge_config.sh -m .config ${@" ".join(find_cfgs(d))}
+    config=$1
-        cml1_do_configure
+    type=$2
+    oe_runmake -C ${S} O=${B}/${config} ${config}
+    if [ -n "${@' '.join(find_cfgs(d))}" ]; then
+        merge_config.sh -m -O ${B}/${config} ${B}/${config}/.config ${@" ".join(find_cfgs(d))}
+        oe_runmake -C ${S} O=${B}/${config} oldconfig
+    fi
+}
+uboot_configure () {
+    if [ -n "${UBOOT_MACHINE}" ]; then
+        oe_runmake -C ${S} O=${B} ${UBOOT_MACHINE}
+    else
+        oe_runmake -C ${S} O=${B} oldconfig
    fi
+    merge_config.sh -m .config ${@" ".join(find_cfgs(d))}
+    cml1_do_configure
 }
diff --git a/meta/recipes-bsp/u-boot/u-boot-tools.inc b/meta/recipes-bsp/u-boot/u-boot-tools.inc
index 0bdbce725a..4e4f7fa092 100644
--- a/meta/recipes-bsp/u-boot/u-boot-tools.inc
+++ b/meta/recipes-bsp/u-boot/u-boot-tools.inc
@@ -2,12 +2,12 @@ SUMMARY = "U-Boot bootloader tools"
 DEPENDS += "gnutls openssl util-linux swig-native"
 inherit python3native
-export STAGING_INCDIR="${STAGING_INCDIR_NATIVE}"
+export STAGING_INCDIR = "${STAGING_INCDIR_NATIVE}"
-PROVIDES = "${MLPREFIX}u-boot-mkimage ${MLPREFIX}u-boot-mkenvimage"
+PROVIDES = "${MLPREFIX}u-boot-mkimage ${MLPREFIX}u-boot-mkenvimage ${MLPREFIX}u-boot-mkeficapsule"
-PROVIDES:class-native = "u-boot-mkimage-native u-boot-mkenvimage-native"
+PROVIDES:class-native = "u-boot-mkimage-native u-boot-mkenvimage-native u-boot-mkeficapsule-native"
-PACKAGES += "${PN}-mkimage ${PN}-mkenvimage"
+PACKAGES += "${PN}-mkimage ${PN}-mkenvimage ${PN}-mkeficapsule"
 # Required for backward compatibility with "u-boot-mkimage-xxx.bb"
 RPROVIDES:${PN}-mkimage = "u-boot-mkimage"
@@ -24,6 +24,7 @@ SED_CONFIG_EFI:x86-64 = ''
 SED_CONFIG_EFI:arm = ''
 SED_CONFIG_EFI:armeb = ''
 SED_CONFIG_EFI:aarch64 = ''
+SED_CONFIG_EFI:loongarch64 = ''
 do_compile () {
        # Yes, this is crazy. If you build on a system with git < 2.14 from scratch, the tree will
@@ -69,15 +70,20 @@ do_install () {
        # fit_check_sign
        install -m 0755 tools/fit_check_sign ${D}${bindir}/uboot-fit_check_sign
        ln -sf uboot-fit_check_sign ${D}${bindir}/fit_check_sign
+        # mkeficapsule
+        install -m 0755 tools/mkeficapsule ${D}${bindir}/uboot-mkeficapsule
+        ln -sf uboot-mkeficapsule ${D}${bindir}/mkeficapsule
 }
 ALLOW_EMPTY:${PN} = "1"
 FILES:${PN} = ""
 FILES:${PN}-mkimage = "${bindir}/uboot-mkimage ${bindir}/mkimage ${bindir}/uboot-dumpimage ${bindir}/dumpimage ${bindir}/uboot-fit_check_sign ${bindir}/fit_check_sign"
 FILES:${PN}-mkenvimage = "${bindir}/uboot-mkenvimage ${bindir}/mkenvimage"
+FILES:${PN}-mkeficapsule = "${bindir}/uboot-mkeficapsule ${bindir}/mkeficapsule"
 RDEPENDS:${PN}-mkimage += "dtc"
-RDEPENDS:${PN} += "${PN}-mkimage ${PN}-mkenvimage"
+RDEPENDS:${PN} += "${PN}-mkimage ${PN}-mkenvimage ${PN}-mkeficapsule"
 RDEPENDS:${PN}:class-native = ""
 BBCLASSEXTEND = "native nativesdk"
diff --git a/meta/recipes-bsp/u-boot/u-boot-tools_2022.07.bb b/meta/recipes-bsp/u-boot/u-boot-tools_2025.04.bb
index ef386f76e6..7eaf721ca8 100644
--- a/meta/recipes-bsp/u-boot/u-boot-tools_2022.07.bb
+++ b/meta/recipes-bsp/u-boot/u-boot-tools_2025.04.bb
@@ -1,3 +1,2 @@
 require u-boot-common.inc
 require u-boot-tools.inc
diff --git a/meta/recipes-bsp/u-boot/u-boot.inc b/meta/recipes-bsp/u-boot/u-boot.inc
index f022aed732..b7242de5de 100644
--- a/meta/recipes-bsp/u-boot/u-boot.inc
+++ b/meta/recipes-bsp/u-boot/u-boot.inc
@@ -5,11 +5,12 @@ PACKAGE_ARCH = "${MACHINE_ARCH}"
 DEPENDS += "${@bb.utils.contains('UBOOT_ENV_SUFFIX', 'scr', 'u-boot-mkimage-native', '', d)}"
-inherit uboot-config uboot-extlinux-config uboot-sign deploy cml1 python3native kernel-arch
+inherit uboot-config uboot-extlinux-config uboot-sign deploy python3native kernel-arch
 DEPENDS += "swig-native"
-EXTRA_OEMAKE = 'CROSS_COMPILE=${TARGET_PREFIX} CC="${TARGET_PREFIX}gcc ${TOOLCHAIN_OPTIONS}" V=1'
+EXTRA_OEMAKE = 'CROSS_COMPILE=${TARGET_PREFIX} V=1'
+EXTRA_OEMAKE += 'CC="${TARGET_PREFIX}gcc ${TOOLCHAIN_OPTIONS} ${DEBUG_PREFIX_MAP}"'
 EXTRA_OEMAKE += 'HOSTCC="${BUILD_CC} ${BUILD_CFLAGS} ${BUILD_LDFLAGS}"'
 EXTRA_OEMAKE += 'STAGING_INCDIR=${STAGING_INCDIR_NATIVE} STAGING_LIBDIR=${STAGING_LIBDIR_NATIVE}'
@@ -19,18 +20,21 @@ PACKAGECONFIG ??= "openssl"
 # a host build dependency.
 PACKAGECONFIG[openssl] = ",,openssl-native"
+CVE_PRODUCT = "denx:u-boot"
 # Allow setting an additional version string that will be picked up by the
 # u-boot build system and appended to the u-boot version.  If the .scmversion
 # file already exists it will not be overwritten.
 UBOOT_LOCALVERSION ?= ""
+# Default name of u-boot initial env, but enable individual recipes to change
+# this value.
+UBOOT_INITIAL_ENV ?= "${PN}-initial-env"
 require u-boot-configure.inc
+UBOOT_ARCH_DIR = "${@'arm' if d.getVar('UBOOT_ARCH').startswith('arm') else d.getVar('UBOOT_ARCH')}"
 do_compile () {
-    if [ "${@bb.utils.filter('DISTRO_FEATURES', 'ld-is-gold', d)}" ]; then
-        sed -i 's/$(CROSS_COMPILE)ld$/$(CROSS_COMPILE)ld.bfd/g' ${S}/config.mk
-    fi
    unset LDFLAGS
    unset CFLAGS
    unset CPPFLAGS
@@ -43,45 +47,66 @@ do_compile () {
    if [ -n "${UBOOT_CONFIG}" -o -n "${UBOOT_DELTA_CONFIG}" ]
    then
-        unset i j k
+        unset i j
        for config in ${UBOOT_MACHINE}; do
            i=$(expr $i + 1);
            for type in ${UBOOT_CONFIG}; do
                j=$(expr $j + 1);
                if [ $j -eq $i ]
                then
-                    oe_runmake -C ${S} O=${B}/${config} ${UBOOT_MAKE_TARGET}
+                    uboot_compile_config $i $config $type
-                    for binary in ${UBOOT_BINARIES}; do
-                        k=$(expr $k + 1);
-                        if [ $k -eq $i ]; then
-                            cp ${B}/${config}/${binary} ${B}/${config}/${UBOOT_BINARYNAME}-${type}.${UBOOT_SUFFIX}
-                        fi
-                    done
-                    # Generate the uboot-initial-env
-                    if [ -n "${UBOOT_INITIAL_ENV}" ]; then
-                        oe_runmake -C ${S} O=${B}/${config} u-boot-initial-env
-                        cp ${B}/${config}/u-boot-initial-env ${B}/${config}/u-boot-initial-env-${type}
-                    fi
-                    unset k
                fi
            done
            unset j
        done
        unset i
    else
-        oe_runmake -C ${S} O=${B} ${UBOOT_MAKE_TARGET}
+        uboot_compile
-        # Generate the uboot-initial-env
-        if [ -n "${UBOOT_INITIAL_ENV}" ]; then
-            oe_runmake -C ${S} O=${B} u-boot-initial-env
-        fi
    fi
    if [ -n "${UBOOT_ENV}" ] && [ "${UBOOT_ENV_SUFFIX}" = "scr" ]
    then
-        ${UBOOT_MKIMAGE} -C none -A ${UBOOT_ARCH} -T script -d ${WORKDIR}/${UBOOT_ENV_SRC} ${WORKDIR}/${UBOOT_ENV_BINARY}
+        ${UBOOT_MKIMAGE} -C none -A ${UBOOT_ARCH} -T script -d ${UNPACKDIR}/${UBOOT_ENV_SRC} ${B}/${UBOOT_ENV_BINARY}
+    fi
+}
+uboot_compile_config () {
+    i=$1
+    config=$2
+    type=$3
+    oe_runmake -C ${S} O=${B}/${config} ${UBOOT_MAKE_TARGET}
+    unset k
+    for binary in ${UBOOT_BINARIES}; do
+        k=$(expr $k + 1);
+        if [ $k -eq $i ]; then
+            uboot_compile_config_copy_binary $config $type $binary
+        fi
+    done
+    unset k
+    # Generate the uboot-initial-env
+    if [ -n "${UBOOT_INITIAL_ENV}" ]; then
+        oe_runmake -C ${S} O=${B}/${config} u-boot-initial-env
+        cp ${B}/${config}/u-boot-initial-env ${B}/${config}/u-boot-initial-env-${type}
+    fi
+}
+uboot_compile_config_copy_binary () {
+    config=$1
+    type=$2
+    binary=$3
+    cp ${B}/${config}/${binary} ${B}/${config}/${UBOOT_BINARYNAME}-${type}.${UBOOT_SUFFIX}
+}
+uboot_compile () {
+    oe_runmake -C ${S} O=${B} ${UBOOT_MAKE_TARGET}
+    # Generate the uboot-initial-env
+    if [ -n "${UBOOT_INITIAL_ENV}" ]; then
+        oe_runmake -C ${S} O=${B} u-boot-initial-env
    fi
 }
@@ -94,32 +119,14 @@ do_install () {
                j=$(expr $j + 1);
                if [ $j -eq $i ]
                then
-                    install -D -m 644 ${B}/${config}/${UBOOT_BINARYNAME}-${type}.${UBOOT_SUFFIX} ${D}/boot/${UBOOT_BINARYNAME}-${type}-${PV}-${PR}.${UBOOT_SUFFIX}
+                    uboot_install_config $config $type
-                    ln -sf ${UBOOT_BINARYNAME}-${type}-${PV}-${PR}.${UBOOT_SUFFIX} ${D}/boot/${UBOOT_BINARY}-${type}
-                    ln -sf ${UBOOT_BINARYNAME}-${type}-${PV}-${PR}.${UBOOT_SUFFIX} ${D}/boot/${UBOOT_BINARY}
-                    # Install the uboot-initial-env
-                    if [ -n "${UBOOT_INITIAL_ENV}" ]; then
-                        install -D -m 644 ${B}/${config}/u-boot-initial-env-${type} ${D}/${sysconfdir}/${UBOOT_INITIAL_ENV}-${MACHINE}-${type}-${PV}-${PR}
-                        ln -sf ${UBOOT_INITIAL_ENV}-${MACHINE}-${type}-${PV}-${PR} ${D}/${sysconfdir}/${UBOOT_INITIAL_ENV}-${MACHINE}-${type}
-                        ln -sf ${UBOOT_INITIAL_ENV}-${MACHINE}-${type}-${PV}-${PR} ${D}/${sysconfdir}/${UBOOT_INITIAL_ENV}-${type}
-                        ln -sf ${UBOOT_INITIAL_ENV}-${MACHINE}-${type}-${PV}-${PR} ${D}/${sysconfdir}/${UBOOT_INITIAL_ENV}
-                    fi
                fi
            done
            unset j
        done
        unset i
    else
-        install -D -m 644 ${B}/${UBOOT_BINARY} ${D}/boot/${UBOOT_IMAGE}
+        uboot_install
-        ln -sf ${UBOOT_IMAGE} ${D}/boot/${UBOOT_BINARY}
-        # Install the uboot-initial-env
-        if [ -n "${UBOOT_INITIAL_ENV}" ]; then
-            install -D -m 644 ${B}/u-boot-initial-env ${D}/${sysconfdir}/${UBOOT_INITIAL_ENV}-${MACHINE}-${PV}-${PR}
-            ln -sf ${UBOOT_INITIAL_ENV}-${MACHINE}-${PV}-${PR} ${D}/${sysconfdir}/${UBOOT_INITIAL_ENV}-${MACHINE}
-            ln -sf ${UBOOT_INITIAL_ENV}-${MACHINE}-${PV}-${PR} ${D}/${sysconfdir}/${UBOOT_INITIAL_ENV}
-        fi
    fi
    if [ -n "${UBOOT_ELF}" ]
@@ -132,23 +139,20 @@ do_install () {
                    j=$(expr $j + 1);
                    if [ $j -eq $i ]
                    then
-                        install -m 644 ${B}/${config}/${UBOOT_ELF} ${D}/boot/u-boot-${type}-${PV}-${PR}.${UBOOT_ELF_SUFFIX}
+                        uboot_install_elf_config $config $type
-                        ln -sf u-boot-${type}-${PV}-${PR}.${UBOOT_ELF_SUFFIX} ${D}/boot/${UBOOT_BINARY}-${type}
-                        ln -sf u-boot-${type}-${PV}-${PR}.${UBOOT_ELF_SUFFIX} ${D}/boot/${UBOOT_BINARY}
                    fi
                done
                unset j
            done
            unset i
        else
-            install -m 644 ${B}/${UBOOT_ELF} ${D}/boot/${UBOOT_ELF_IMAGE}
+            uboot_install_elf
-            ln -sf ${UBOOT_ELF_IMAGE} ${D}/boot/${UBOOT_ELF_BINARY}
        fi
    fi
-    if [ -e ${WORKDIR}/fw_env.config ] ; then
+    if [ -e ${UNPACKDIR}/fw_env.config ] ; then
        install -d ${D}${sysconfdir}
-        install -m 644 ${WORKDIR}/fw_env.config ${D}${sysconfdir}/fw_env.config
+        install -m 644 ${UNPACKDIR}/fw_env.config ${D}${sysconfdir}/fw_env.config
    fi
    if [ -n "${SPL_BINARY}" ]
@@ -161,23 +165,20 @@ do_install () {
                    j=$(expr $j + 1);
                    if [ $j -eq $i ]
                    then
-                         install -m 644 ${B}/${config}/${SPL_BINARY} ${D}/boot/${SPL_BINARYNAME}-${type}-${PV}-${PR}${SPL_DELIMITER}${SPL_SUFFIX}
+                        uboot_install_spl_config $config $type
-                         ln -sf ${SPL_BINARYNAME}-${type}-${PV}-${PR}${SPL_DELIMITER}${SPL_SUFFIX} ${D}/boot/${SPL_BINARYFILE}-${type}
-                         ln -sf ${SPL_BINARYNAME}-${type}-${PV}-${PR}${SPL_DELIMITER}${SPL_SUFFIX} ${D}/boot/${SPL_BINARYFILE}
                    fi
                done
                unset j
            done
            unset i
        else
-            install -m 644 ${B}/${SPL_BINARY} ${D}/boot/${SPL_IMAGE}
+            uboot_install_spl
-            ln -sf ${SPL_IMAGE} ${D}/boot/${SPL_BINARYFILE}
        fi
    fi
    if [ -n "${UBOOT_ENV}" ]
    then
-        install -m 644 ${WORKDIR}/${UBOOT_ENV_BINARY} ${D}/boot/${UBOOT_ENV_IMAGE}
+        install -m 644 ${B}/${UBOOT_ENV_BINARY} ${D}/boot/${UBOOT_ENV_IMAGE}
        ln -sf ${UBOOT_ENV_IMAGE} ${D}/boot/${UBOOT_ENV_BINARY}
    fi
@@ -187,6 +188,63 @@ do_install () {
    fi
 }
+uboot_install_config () {
+    config=$1
+    type=$2
+    install -D -m 644 ${B}/${config}/${UBOOT_BINARYNAME}-${type}.${UBOOT_SUFFIX} ${D}/boot/${UBOOT_BINARYNAME}-${type}-${UBOOT_VERSION}.${UBOOT_SUFFIX}
+    ln -sf ${UBOOT_BINARYNAME}-${type}-${UBOOT_VERSION}.${UBOOT_SUFFIX} ${D}/boot/${UBOOT_BINARY}-${type}
+    ln -sf ${UBOOT_BINARYNAME}-${type}-${UBOOT_VERSION}.${UBOOT_SUFFIX} ${D}/boot/${UBOOT_BINARY}
+    # Install the uboot-initial-env
+    if [ -n "${UBOOT_INITIAL_ENV}" ]; then
+        install -D -m 644 ${B}/${config}/u-boot-initial-env-${type} ${D}/${sysconfdir}/${UBOOT_INITIAL_ENV}-${MACHINE}-${type}-${UBOOT_VERSION}
+        ln -sf ${UBOOT_INITIAL_ENV}-${MACHINE}-${type}-${UBOOT_VERSION} ${D}/${sysconfdir}/${UBOOT_INITIAL_ENV}-${MACHINE}-${type}
+        ln -sf ${UBOOT_INITIAL_ENV}-${MACHINE}-${type}-${UBOOT_VERSION} ${D}/${sysconfdir}/${UBOOT_INITIAL_ENV}-${type}
+        ln -sf ${UBOOT_INITIAL_ENV}-${MACHINE}-${type}-${UBOOT_VERSION} ${D}/${sysconfdir}/${UBOOT_INITIAL_ENV}
+    fi
+}
+uboot_install () {
+    install -D -m 644 ${B}/${UBOOT_BINARY} ${D}/boot/${UBOOT_IMAGE}
+    ln -sf ${UBOOT_IMAGE} ${D}/boot/${UBOOT_BINARY}
+    # Install the uboot-initial-env
+    if [ -n "${UBOOT_INITIAL_ENV}" ]; then
+        install -D -m 644 ${B}/u-boot-initial-env ${D}/${sysconfdir}/${UBOOT_INITIAL_ENV}-${MACHINE}-${UBOOT_VERSION}
+        ln -sf ${UBOOT_INITIAL_ENV}-${MACHINE}-${UBOOT_VERSION} ${D}/${sysconfdir}/${UBOOT_INITIAL_ENV}-${MACHINE}
+        ln -sf ${UBOOT_INITIAL_ENV}-${MACHINE}-${UBOOT_VERSION} ${D}/${sysconfdir}/${UBOOT_INITIAL_ENV}
+    fi
+}
+uboot_install_elf_config () {
+    config=$1
+    type=$2
+    install -m 644 ${B}/${config}/${UBOOT_ELF} ${D}/boot/u-boot-${type}-${UBOOT_VERSION}.${UBOOT_ELF_SUFFIX}
+    ln -sf u-boot-${type}-${UBOOT_VERSION}.${UBOOT_ELF_SUFFIX} ${D}/boot/${UBOOT_BINARY}-${type}
+    ln -sf u-boot-${type}-${UBOOT_VERSION}.${UBOOT_ELF_SUFFIX} ${D}/boot/${UBOOT_BINARY}
+}
+uboot_install_elf () {
+    install -m 644 ${B}/${UBOOT_ELF} ${D}/boot/${UBOOT_ELF_IMAGE}
+    ln -sf ${UBOOT_ELF_IMAGE} ${D}/boot/${UBOOT_ELF_BINARY}
+}
+uboot_install_spl_config () {
+    config=$1
+    type=$2
+    install -m 644 ${B}/${config}/${SPL_BINARY} ${D}/boot/${SPL_BINARYNAME}-${type}-${UBOOT_VERSION}${SPL_DELIMITER}${SPL_SUFFIX}
+    ln -sf ${SPL_BINARYNAME}-${type}-${UBOOT_VERSION}${SPL_DELIMITER}${SPL_SUFFIX} ${D}/boot/${SPL_BINARYFILE}-${type}
+    ln -sf ${SPL_BINARYNAME}-${type}-${UBOOT_VERSION}${SPL_DELIMITER}${SPL_SUFFIX} ${D}/boot/${SPL_BINARYFILE}
+}
+uboot_install_spl () {
+    install -m 644 ${B}/${SPL_BINARY} ${D}/boot/${SPL_IMAGE}
+    ln -sf ${SPL_IMAGE} ${D}/boot/${SPL_BINARYFILE}
+}
 PACKAGE_BEFORE_PN += "${PN}-env ${PN}-extlinux"
 RPROVIDES:${PN}-env += "u-boot-default-env"
@@ -199,59 +257,35 @@ FILES:${PN}-env = " \
 FILES:${PN}-extlinux = "${UBOOT_EXTLINUX_INSTALL_DIR}/${UBOOT_EXTLINUX_CONF_NAME}"
 RDEPENDS:${PN} += "${@bb.utils.contains('UBOOT_EXTLINUX', '1', '${PN}-extlinux', '', d)}"
+SYSROOT_DIRS += "/boot"
 FILES:${PN} = "/boot ${datadir}"
 RDEPENDS:${PN} += "${PN}-env"
 do_deploy () {
    if [ -n "${UBOOT_CONFIG}" ]
    then
+        unset i j
        for config in ${UBOOT_MACHINE}; do
            i=$(expr $i + 1);
            for type in ${UBOOT_CONFIG}; do
                j=$(expr $j + 1);
                if [ $j -eq $i ]
                then
-                    install -D -m 644 ${B}/${config}/${UBOOT_BINARYNAME}-${type}.${UBOOT_SUFFIX} ${DEPLOYDIR}/${UBOOT_BINARYNAME}-${type}-${PV}-${PR}.${UBOOT_SUFFIX}
+                    uboot_deploy_config $config $type
-                    cd ${DEPLOYDIR}
-                    ln -sf ${UBOOT_BINARYNAME}-${type}-${PV}-${PR}.${UBOOT_SUFFIX} ${UBOOT_SYMLINK}-${type}
-                    ln -sf ${UBOOT_BINARYNAME}-${type}-${PV}-${PR}.${UBOOT_SUFFIX} ${UBOOT_SYMLINK}
-                    ln -sf ${UBOOT_BINARYNAME}-${type}-${PV}-${PR}.${UBOOT_SUFFIX} ${UBOOT_BINARY}-${type}
-                    ln -sf ${UBOOT_BINARYNAME}-${type}-${PV}-${PR}.${UBOOT_SUFFIX} ${UBOOT_BINARY}
-                    # Deploy the uboot-initial-env
-                    if [ -n "${UBOOT_INITIAL_ENV}" ]; then
-                        install -D -m 644 ${B}/${config}/u-boot-initial-env-${type} ${DEPLOYDIR}/${UBOOT_INITIAL_ENV}-${MACHINE}-${type}-${PV}-${PR}
-                        cd ${DEPLOYDIR}
-                        ln -sf ${UBOOT_INITIAL_ENV}-${MACHINE}-${type}-${PV}-${PR} ${UBOOT_INITIAL_ENV}-${MACHINE}-${type}
-                        ln -sf ${UBOOT_INITIAL_ENV}-${MACHINE}-${type}-${PV}-${PR} ${UBOOT_INITIAL_ENV}-${type}
-                    fi
                fi
            done
            unset j
        done
        unset i
    else
-        install -D -m 644 ${B}/${UBOOT_BINARY} ${DEPLOYDIR}/${UBOOT_IMAGE}
+        uboot_deploy
-        cd ${DEPLOYDIR}
-        rm -f ${UBOOT_BINARY} ${UBOOT_SYMLINK}
-        ln -sf ${UBOOT_IMAGE} ${UBOOT_SYMLINK}
-        ln -sf ${UBOOT_IMAGE} ${UBOOT_BINARY}
-        # Deploy the uboot-initial-env
-        if [ -n "${UBOOT_INITIAL_ENV}" ]; then
-            install -D -m 644 ${B}/u-boot-initial-env ${DEPLOYDIR}/${UBOOT_INITIAL_ENV}-${MACHINE}-${PV}-${PR}
-            cd ${DEPLOYDIR}
-            ln -sf ${UBOOT_INITIAL_ENV}-${MACHINE}-${PV}-${PR} ${UBOOT_INITIAL_ENV}-${MACHINE}
-            ln -sf ${UBOOT_INITIAL_ENV}-${MACHINE}-${PV}-${PR} ${UBOOT_INITIAL_ENV}
-        fi
    fi
-    if [ -e ${WORKDIR}/fw_env.config ] ; then
+    if [ -e ${UNPACKDIR}/fw_env.config ] ; then
-        install -D -m 644 ${WORKDIR}/fw_env.config ${DEPLOYDIR}/fw_env.config-${MACHINE}-${PV}-${PR}
+        install -D -m 644 ${UNPACKDIR}/fw_env.config ${DEPLOYDIR}/fw_env.config-${MACHINE}-${UBOOT_VERSION}
        cd ${DEPLOYDIR}
-        ln -sf fw_env.config-${MACHINE}-${PV}-${PR} fw_env.config-${MACHINE}
+        ln -sf fw_env.config-${MACHINE}-${UBOOT_VERSION} fw_env.config-${MACHINE}
-        ln -sf fw_env.config-${MACHINE}-${PV}-${PR} fw_env.config
+        ln -sf fw_env.config-${MACHINE}-${UBOOT_VERSION} fw_env.config
    fi
    if [ -n "${UBOOT_ELF}" ]
@@ -264,24 +298,17 @@ do_deploy () {
                    j=$(expr $j + 1);
                    if [ $j -eq $i ]
                    then
-                        install -m 644 ${B}/${config}/${UBOOT_ELF} ${DEPLOYDIR}/u-boot-${type}-${PV}-${PR}.${UBOOT_ELF_SUFFIX}
+                        uboot_deploy_elf_config $config $type
-                        ln -sf u-boot-${type}-${PV}-${PR}.${UBOOT_ELF_SUFFIX} ${DEPLOYDIR}/${UBOOT_ELF_BINARY}-${type}
-                        ln -sf u-boot-${type}-${PV}-${PR}.${UBOOT_ELF_SUFFIX} ${DEPLOYDIR}/${UBOOT_ELF_BINARY}
-                        ln -sf u-boot-${type}-${PV}-${PR}.${UBOOT_ELF_SUFFIX} ${DEPLOYDIR}/${UBOOT_ELF_SYMLINK}-${type}
-                        ln -sf u-boot-${type}-${PV}-${PR}.${UBOOT_ELF_SUFFIX} ${DEPLOYDIR}/${UBOOT_ELF_SYMLINK}
                    fi
                done
                unset j
            done
            unset i
        else
-            install -m 644 ${B}/${UBOOT_ELF} ${DEPLOYDIR}/${UBOOT_ELF_IMAGE}
+            uboot_deploy_elf
-            ln -sf ${UBOOT_ELF_IMAGE} ${DEPLOYDIR}/${UBOOT_ELF_BINARY}
-            ln -sf ${UBOOT_ELF_IMAGE} ${DEPLOYDIR}/${UBOOT_ELF_SYMLINK}
        fi
    fi
     if [ -n "${SPL_BINARY}" ]
     then
        if [ -n "${UBOOT_CONFIG}" ]
@@ -292,30 +319,20 @@ do_deploy () {
                    j=$(expr $j + 1);
                    if [ $j -eq $i ]
                    then
-                        install -m 644 ${B}/${config}/${SPL_BINARY} ${DEPLOYDIR}/${SPL_BINARYNAME}-${type}-${PV}-${PR}${SPL_DELIMITER}${SPL_SUFFIX}
+                        uboot_deploy_spl_config $config $type
-                        rm -f ${DEPLOYDIR}/${SPL_BINARYFILE} ${DEPLOYDIR}/${SPL_SYMLINK}
-                        ln -sf ${SPL_BINARYNAME}-${type}-${PV}-${PR}${SPL_DELIMITER}${SPL_SUFFIX} ${DEPLOYDIR}/${SPL_BINARYFILE}-${type}
-                        ln -sf ${SPL_BINARYNAME}-${type}-${PV}-${PR}${SPL_DELIMITER}${SPL_SUFFIX} ${DEPLOYDIR}/${SPL_BINARYFILE}
-                        ln -sf ${SPL_BINARYNAME}-${type}-${PV}-${PR}${SPL_DELIMITER}${SPL_SUFFIX} ${DEPLOYDIR}/${SPL_SYMLINK}-${type}
-                        ln -sf ${SPL_BINARYNAME}-${type}-${PV}-${PR}${SPL_DELIMITER}${SPL_SUFFIX} ${DEPLOYDIR}/${SPL_SYMLINK}
                    fi
                done
                unset j
            done
            unset i
        else
-            install -m 644 ${B}/${SPL_BINARY} ${DEPLOYDIR}/${SPL_IMAGE}
+            uboot_deploy_spl
-            rm -f ${DEPLOYDIR}/${SPL_BINARYNAME} ${DEPLOYDIR}/${SPL_SYMLINK}
-            ln -sf ${SPL_IMAGE} ${DEPLOYDIR}/${SPL_BINARYNAME}
-            ln -sf ${SPL_IMAGE} ${DEPLOYDIR}/${SPL_SYMLINK}
        fi
    fi
    if [ -n "${UBOOT_ENV}" ]
    then
-        install -m 644 ${WORKDIR}/${UBOOT_ENV_BINARY} ${DEPLOYDIR}/${UBOOT_ENV_IMAGE}
+        install -m 644 ${B}/${UBOOT_ENV_BINARY} ${DEPLOYDIR}/${UBOOT_ENV_IMAGE}
-        rm -f ${DEPLOYDIR}/${UBOOT_ENV_BINARY} ${DEPLOYDIR}/${UBOOT_ENV_SYMLINK}
        ln -sf ${UBOOT_ENV_IMAGE} ${DEPLOYDIR}/${UBOOT_ENV_BINARY}
        ln -sf ${UBOOT_ENV_IMAGE} ${DEPLOYDIR}/${UBOOT_ENV_SYMLINK}
    fi
@@ -329,8 +346,80 @@ do_deploy () {
    if [ -n "${UBOOT_DTB}" ]
    then
-        install -m 644 ${B}/arch/${UBOOT_ARCH}/dts/${UBOOT_DTB_BINARY} ${DEPLOYDIR}/
+        install -m 644 ${B}/arch/${UBOOT_ARCH_DIR}/dts/${UBOOT_DTB_BINARY} ${DEPLOYDIR}/
    fi
 }
+uboot_deploy_config () {
+    config=$1
+    type=$2
+    install -D -m 644 ${B}/${config}/${UBOOT_BINARYNAME}-${type}.${UBOOT_SUFFIX} ${DEPLOYDIR}/${UBOOT_BINARYNAME}-${type}-${UBOOT_VERSION}.${UBOOT_SUFFIX}
+    cd ${DEPLOYDIR}
+    ln -sf ${UBOOT_BINARYNAME}-${type}-${UBOOT_VERSION}.${UBOOT_SUFFIX} ${UBOOT_SYMLINK}-${type}
+    ln -sf ${UBOOT_BINARYNAME}-${type}-${UBOOT_VERSION}.${UBOOT_SUFFIX} ${UBOOT_SYMLINK}
+    ln -sf ${UBOOT_BINARYNAME}-${type}-${UBOOT_VERSION}.${UBOOT_SUFFIX} ${UBOOT_BINARY}-${type}
+    ln -sf ${UBOOT_BINARYNAME}-${type}-${UBOOT_VERSION}.${UBOOT_SUFFIX} ${UBOOT_BINARY}
+    # Deploy the uboot-initial-env
+    if [ -n "${UBOOT_INITIAL_ENV}" ]; then
+        install -D -m 644 ${B}/${config}/u-boot-initial-env-${type} ${DEPLOYDIR}/${UBOOT_INITIAL_ENV}-${MACHINE}-${type}-${UBOOT_VERSION}
+        cd ${DEPLOYDIR}
+        ln -sf ${UBOOT_INITIAL_ENV}-${MACHINE}-${type}-${UBOOT_VERSION} ${UBOOT_INITIAL_ENV}-${MACHINE}-${type}
+        ln -sf ${UBOOT_INITIAL_ENV}-${MACHINE}-${type}-${UBOOT_VERSION} ${UBOOT_INITIAL_ENV}-${type}
+    fi
+}
+uboot_deploy () {
+    install -D -m 644 ${B}/${UBOOT_BINARY} ${DEPLOYDIR}/${UBOOT_IMAGE}
+    cd ${DEPLOYDIR}
+    rm -f ${UBOOT_BINARY} ${UBOOT_SYMLINK}
+    ln -sf ${UBOOT_IMAGE} ${UBOOT_SYMLINK}
+    ln -sf ${UBOOT_IMAGE} ${UBOOT_BINARY}
+    # Deploy the uboot-initial-env
+    if [ -n "${UBOOT_INITIAL_ENV}" ]; then
+        install -D -m 644 ${B}/u-boot-initial-env ${DEPLOYDIR}/${UBOOT_INITIAL_ENV}-${MACHINE}-${UBOOT_VERSION}
+        cd ${DEPLOYDIR}
+        ln -sf ${UBOOT_INITIAL_ENV}-${MACHINE}-${UBOOT_VERSION} ${UBOOT_INITIAL_ENV}-${MACHINE}
+        ln -sf ${UBOOT_INITIAL_ENV}-${MACHINE}-${UBOOT_VERSION} ${UBOOT_INITIAL_ENV}
+    fi
+}
+uboot_deploy_elf_config () {
+    config=$1
+    type=$2
+    install -m 644 ${B}/${config}/${UBOOT_ELF} ${DEPLOYDIR}/u-boot-${type}-${UBOOT_VERSION}.${UBOOT_ELF_SUFFIX}
+    ln -sf u-boot-${type}-${UBOOT_VERSION}.${UBOOT_ELF_SUFFIX} ${DEPLOYDIR}/${UBOOT_ELF_BINARY}-${type}
+    ln -sf u-boot-${type}-${UBOOT_VERSION}.${UBOOT_ELF_SUFFIX} ${DEPLOYDIR}/${UBOOT_ELF_BINARY}
+    ln -sf u-boot-${type}-${UBOOT_VERSION}.${UBOOT_ELF_SUFFIX} ${DEPLOYDIR}/${UBOOT_ELF_SYMLINK}-${type}
+    ln -sf u-boot-${type}-${UBOOT_VERSION}.${UBOOT_ELF_SUFFIX} ${DEPLOYDIR}/${UBOOT_ELF_SYMLINK}
+}
+uboot_deploy_elf () {
+    install -m 644 ${B}/${UBOOT_ELF} ${DEPLOYDIR}/${UBOOT_ELF_IMAGE}
+    ln -sf ${UBOOT_ELF_IMAGE} ${DEPLOYDIR}/${UBOOT_ELF_BINARY}
+    ln -sf ${UBOOT_ELF_IMAGE} ${DEPLOYDIR}/${UBOOT_ELF_SYMLINK}
+}
+uboot_deploy_spl_config () {
+    config=$1
+    type=$2
+    install -m 644 ${B}/${config}/${SPL_BINARY} ${DEPLOYDIR}/${SPL_BINARYNAME}-${type}-${UBOOT_VERSION}${SPL_DELIMITER}${SPL_SUFFIX}
+    rm -f ${DEPLOYDIR}/${SPL_BINARYFILE} ${DEPLOYDIR}/${SPL_SYMLINK}
+    ln -sf ${SPL_BINARYNAME}-${type}-${UBOOT_VERSION}${SPL_DELIMITER}${SPL_SUFFIX} ${DEPLOYDIR}/${SPL_BINARYFILE}-${type}
+    ln -sf ${SPL_BINARYNAME}-${type}-${UBOOT_VERSION}${SPL_DELIMITER}${SPL_SUFFIX} ${DEPLOYDIR}/${SPL_BINARYFILE}
+    ln -sf ${SPL_BINARYNAME}-${type}-${UBOOT_VERSION}${SPL_DELIMITER}${SPL_SUFFIX} ${DEPLOYDIR}/${SPL_SYMLINK}-${type}
+    ln -sf ${SPL_BINARYNAME}-${type}-${UBOOT_VERSION}${SPL_DELIMITER}${SPL_SUFFIX} ${DEPLOYDIR}/${SPL_SYMLINK}
+}
+uboot_deploy_spl () {
+    install -m 644 ${B}/${SPL_BINARY} ${DEPLOYDIR}/${SPL_IMAGE}
+    ln -sf ${SPL_IMAGE} ${DEPLOYDIR}/${SPL_BINARYNAME}
+    ln -sf ${SPL_IMAGE} ${DEPLOYDIR}/${SPL_SYMLINK}
+}
 addtask deploy before do_build after do_compile
diff --git a/meta/recipes-bsp/u-boot/u-boot_2022.07.bb b/meta/recipes-bsp/u-boot/u-boot_2022.07.bb
deleted file mode 100644
index 1ae575790c..0000000000
--- a/meta/recipes-bsp/u-boot/u-boot_2022.07.bb
+++ /dev/null
@@ -1,9 +0,0 @@
-require u-boot-common.inc
-require u-boot.inc
-SRC_URI +=       " file://0001-riscv32-Use-double-float-ABI-for-rv32.patch \
-                   file://0001-riscv-fix-build-with-binutils-2.38.patch \
-                 "
-DEPENDS += "bc-native dtc-native python3-setuptools-native"
diff --git a/meta/recipes-bsp/u-boot/u-boot_2025.04.bb b/meta/recipes-bsp/u-boot/u-boot_2025.04.bb
new file mode 100644
index 0000000000..89e964f627
--- /dev/null
+++ b/meta/recipes-bsp/u-boot/u-boot_2025.04.bb
@@ -0,0 +1,8 @@
+require u-boot-common.inc
+require u-boot.inc
+DEPENDS += "bc-native dtc-native gnutls-native python3-pyelftools-native"
+# workarounds for aarch64 kvm qemu boot regressions
+SRC_URI:append:qemuarm64 = " file://disable-CONFIG_BLOBLIST.cfg file://disable_CONFIG_USB.cfg"
+SRC_URI:append:genericarm64 = " file://disable-CONFIG_BLOBLIST.cfg file://disable_CONFIG_USB.cfg"
diff --git a/meta/recipes-bsp/usbinit/usbinit.bb b/meta/recipes-bsp/usbinit/usbinit.bb
deleted file mode 100644
index ffaca4b58d..0000000000
--- a/meta/recipes-bsp/usbinit/usbinit.bb
+++ /dev/null
@@ -1,25 +0,0 @@
-SUMMARY = "Initscript for enabling USB gadget Ethernet"
-DESCRIPTION = "This module allows ethernet emulation over USB, allowing for \
-all sorts of nifty things like SSH and NFS in one go plus charging over the \
-same wire, at higher speeds than most Wifi connections."
-HOMEPAGE = "http://linux-sunxi.org/USB_Gadget/Ethernet"
-LICENSE = "GPL-2.0-only"
-LIC_FILES_CHKSUM = "file://${WORKDIR}/COPYING.GPL;md5=751419260aa954499f7abaabaa882bbe"
-PR = "r3"
-SRC_URI = "file://usb-gether \
-           file://COPYING.GPL"
-S = "${WORKDIR}"
-do_install() {
-    install -d ${D}${sysconfdir}
-    install -d ${D}${sysconfdir}/init.d
-    install usb-gether ${D}${sysconfdir}/init.d
-}
-inherit update-rc.d allarch
-INITSCRIPT_NAME = "usb-gether"
-INITSCRIPT_PARAMS = "start 99 5 2 . stop 20 0 1 6 ."
diff --git a/meta/recipes-bsp/usbinit/usbinit/COPYING.GPL b/meta/recipes-bsp/usbinit/usbinit/COPYING.GPL
deleted file mode 100644
index d511905c16..0000000000
--- a/meta/recipes-bsp/usbinit/usbinit/COPYING.GPL
+++ /dev/null
@@ -1,339 +0,0 @@
-                    GNU GENERAL PUBLIC LICENSE
-                       Version 2, June 1991
- Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
- 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- Everyone is permitted to copy and distribute verbatim copies
- of this license document, but changing it is not allowed.
-                            Preamble
-  The licenses for most software are designed to take away your
-freedom to share and change it.  By contrast, the GNU General Public
-License is intended to guarantee your freedom to share and change free
-software--to make sure the software is free for all its users.  This
-General Public License applies to most of the Free Software
-Foundation's software and to any other program whose authors commit to
-using it.  (Some other Free Software Foundation software is covered by
-the GNU Lesser General Public License instead.)  You can apply it to
-your programs, too.
-  When we speak of free software, we are referring to freedom, not
-price.  Our General Public Licenses are designed to make sure that you
-have the freedom to distribute copies of free software (and charge for
-this service if you wish), that you receive source code or can get it
-if you want it, that you can change the software or use pieces of it
-in new free programs; and that you know you can do these things.
-  To protect your rights, we need to make restrictions that forbid
-anyone to deny you these rights or to ask you to surrender the rights.
-These restrictions translate to certain responsibilities for you if you
-distribute copies of the software, or if you modify it.
-  For example, if you distribute copies of such a program, whether
-gratis or for a fee, you must give the recipients all the rights that
-you have.  You must make sure that they, too, receive or can get the
-source code.  And you must show them these terms so they know their
-rights.
-  We protect your rights with two steps: (1) copyright the software, and
-(2) offer you this license which gives you legal permission to copy,
-distribute and/or modify the software.
-  Also, for each author's protection and ours, we want to make certain
-that everyone understands that there is no warranty for this free
-software.  If the software is modified by someone else and passed on, we
-want its recipients to know that what they have is not the original, so
-that any problems introduced by others will not reflect on the original
-authors' reputations.
-  Finally, any free program is threatened constantly by software
-patents.  We wish to avoid the danger that redistributors of a free
-program will individually obtain patent licenses, in effect making the
-program proprietary.  To prevent this, we have made it clear that any
-patent must be licensed for everyone's free use or not licensed at all.
-  The precise terms and conditions for copying, distribution and
-modification follow.
-                    GNU GENERAL PUBLIC LICENSE
-   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
-  0. This License applies to any program or other work which contains
-a notice placed by the copyright holder saying it may be distributed
-under the terms of this General Public License.  The "Program", below,
-refers to any such program or work, and a "work based on the Program"
-means either the Program or any derivative work under copyright law:
-that is to say, a work containing the Program or a portion of it,
-either verbatim or with modifications and/or translated into another
-language.  (Hereinafter, translation is included without limitation in
-the term "modification".)  Each licensee is addressed as "you".
-Activities other than copying, distribution and modification are not
-covered by this License; they are outside its scope.  The act of
-running the Program is not restricted, and the output from the Program
-is covered only if its contents constitute a work based on the
-Program (independent of having been made by running the Program).
-Whether that is true depends on what the Program does.
-  1. You may copy and distribute verbatim copies of the Program's
-source code as you receive it, in any medium, provided that you
-conspicuously and appropriately publish on each copy an appropriate
-copyright notice and disclaimer of warranty; keep intact all the
-notices that refer to this License and to the absence of any warranty;
-and give any other recipients of the Program a copy of this License
-along with the Program.
-You may charge a fee for the physical act of transferring a copy, and
-you may at your option offer warranty protection in exchange for a fee.
-  2. You may modify your copy or copies of the Program or any portion
-of it, thus forming a work based on the Program, and copy and
-distribute such modifications or work under the terms of Section 1
-above, provided that you also meet all of these conditions:
-    a) You must cause the modified files to carry prominent notices
-    stating that you changed the files and the date of any change.
-    b) You must cause any work that you distribute or publish, that in
-    whole or in part contains or is derived from the Program or any
-    part thereof, to be licensed as a whole at no charge to all third
-    parties under the terms of this License.
-    c) If the modified program normally reads commands interactively
-    when run, you must cause it, when started running for such
-    interactive use in the most ordinary way, to print or display an
-    announcement including an appropriate copyright notice and a
-    notice that there is no warranty (or else, saying that you provide
-    a warranty) and that users may redistribute the program under
-    these conditions, and telling the user how to view a copy of this
-    License.  (Exception: if the Program itself is interactive but
-    does not normally print such an announcement, your work based on
-    the Program is not required to print an announcement.)
-These requirements apply to the modified work as a whole.  If
-identifiable sections of that work are not derived from the Program,
-and can be reasonably considered independent and separate works in
-themselves, then this License, and its terms, do not apply to those
-sections when you distribute them as separate works.  But when you
-distribute the same sections as part of a whole which is a work based
-on the Program, the distribution of the whole must be on the terms of
-this License, whose permissions for other licensees extend to the
-entire whole, and thus to each and every part regardless of who wrote it.
-Thus, it is not the intent of this section to claim rights or contest
-your rights to work written entirely by you; rather, the intent is to
-exercise the right to control the distribution of derivative or
-collective works based on the Program.
-In addition, mere aggregation of another work not based on the Program
-with the Program (or with a work based on the Program) on a volume of
-a storage or distribution medium does not bring the other work under
-the scope of this License.
-  3. You may copy and distribute the Program (or a work based on it,
-under Section 2) in object code or executable form under the terms of
-Sections 1 and 2 above provided that you also do one of the following:
-    a) Accompany it with the complete corresponding machine-readable
-    source code, which must be distributed under the terms of Sections
-    1 and 2 above on a medium customarily used for software interchange; or,
-    b) Accompany it with a written offer, valid for at least three
-    years, to give any third party, for a charge no more than your
-    cost of physically performing source distribution, a complete
-    machine-readable copy of the corresponding source code, to be
-    distributed under the terms of Sections 1 and 2 above on a medium
-    customarily used for software interchange; or,
-    c) Accompany it with the information you received as to the offer
-    to distribute corresponding source code.  (This alternative is
-    allowed only for noncommercial distribution and only if you
-    received the program in object code or executable form with such
-    an offer, in accord with Subsection b above.)
-The source code for a work means the preferred form of the work for
-making modifications to it.  For an executable work, complete source
-code means all the source code for all modules it contains, plus any
-associated interface definition files, plus the scripts used to
-control compilation and installation of the executable.  However, as a
-special exception, the source code distributed need not include
-anything that is normally distributed (in either source or binary
-form) with the major components (compiler, kernel, and so on) of the
-operating system on which the executable runs, unless that component
-itself accompanies the executable.
-If distribution of executable or object code is made by offering
-access to copy from a designated place, then offering equivalent
-access to copy the source code from the same place counts as
-distribution of the source code, even though third parties are not
-compelled to copy the source along with the object code.
-  4. You may not copy, modify, sublicense, or distribute the Program
-except as expressly provided under this License.  Any attempt
-otherwise to copy, modify, sublicense or distribute the Program is
-void, and will automatically terminate your rights under this License.
-However, parties who have received copies, or rights, from you under
-this License will not have their licenses terminated so long as such
-parties remain in full compliance.
-  5. You are not required to accept this License, since you have not
-signed it.  However, nothing else grants you permission to modify or
-distribute the Program or its derivative works.  These actions are
-prohibited by law if you do not accept this License.  Therefore, by
-modifying or distributing the Program (or any work based on the
-Program), you indicate your acceptance of this License to do so, and
-all its terms and conditions for copying, distributing or modifying
-the Program or works based on it.
-  6. Each time you redistribute the Program (or any work based on the
-Program), the recipient automatically receives a license from the
-original licensor to copy, distribute or modify the Program subject to
-these terms and conditions.  You may not impose any further
-restrictions on the recipients' exercise of the rights granted herein.
-You are not responsible for enforcing compliance by third parties to
-this License.
-  7. If, as a consequence of a court judgment or allegation of patent
-infringement or for any other reason (not limited to patent issues),
-conditions are imposed on you (whether by court order, agreement or
-otherwise) that contradict the conditions of this License, they do not
-excuse you from the conditions of this License.  If you cannot
-distribute so as to satisfy simultaneously your obligations under this
-License and any other pertinent obligations, then as a consequence you
-may not distribute the Program at all.  For example, if a patent
-license would not permit royalty-free redistribution of the Program by
-all those who receive copies directly or indirectly through you, then
-the only way you could satisfy both it and this License would be to
-refrain entirely from distribution of the Program.
-If any portion of this section is held invalid or unenforceable under
-any particular circumstance, the balance of the section is intended to
-apply and the section as a whole is intended to apply in other
-circumstances.
-It is not the purpose of this section to induce you to infringe any
-patents or other property right claims or to contest validity of any
-such claims; this section has the sole purpose of protecting the
-integrity of the free software distribution system, which is
-implemented by public license practices.  Many people have made
-generous contributions to the wide range of software distributed
-through that system in reliance on consistent application of that
-system; it is up to the author/donor to decide if he or she is willing
-to distribute software through any other system and a licensee cannot
-impose that choice.
-This section is intended to make thoroughly clear what is believed to
-be a consequence of the rest of this License.
-  8. If the distribution and/or use of the Program is restricted in
-certain countries either by patents or by copyrighted interfaces, the
-original copyright holder who places the Program under this License
-may add an explicit geographical distribution limitation excluding
-those countries, so that distribution is permitted only in or among
-countries not thus excluded.  In such case, this License incorporates
-the limitation as if written in the body of this License.
-  9. The Free Software Foundation may publish revised and/or new versions
-of the General Public License from time to time.  Such new versions will
-be similar in spirit to the present version, but may differ in detail to
-address new problems or concerns.
-Each version is given a distinguishing version number.  If the Program
-specifies a version number of this License which applies to it and "any
-later version", you have the option of following the terms and conditions
-either of that version or of any later version published by the Free
-Software Foundation.  If the Program does not specify a version number of
-this License, you may choose any version ever published by the Free Software
-Foundation.
-  10. If you wish to incorporate parts of the Program into other free
-programs whose distribution conditions are different, write to the author
-to ask for permission.  For software which is copyrighted by the Free
-Software Foundation, write to the Free Software Foundation; we sometimes
-make exceptions for this.  Our decision will be guided by the two goals
-of preserving the free status of all derivatives of our free software and
-of promoting the sharing and reuse of software generally.
-                            NO WARRANTY
-  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
-FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
-OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
-PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
-OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
-TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
-PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
-REPAIR OR CORRECTION.
-  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
-WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
-REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
-INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
-OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
-TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
-YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
-PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
-POSSIBILITY OF SUCH DAMAGES.
-                     END OF TERMS AND CONDITIONS
-            How to Apply These Terms to Your New Programs
-  If you develop a new program, and you want it to be of the greatest
-possible use to the public, the best way to achieve this is to make it
-free software which everyone can redistribute and change under these terms.
-  To do so, attach the following notices to the program.  It is safest
-to attach them to the start of each source file to most effectively
-convey the exclusion of warranty; and each file should have at least
-the "copyright" line and a pointer to where the full notice is found.
-    <one line to give the program's name and a brief idea of what it does.>
-    Copyright (C) <year>  <name of author>
-    This program is free software; you can redistribute it and/or modify
-    it under the terms of the GNU General Public License as published by
-    the Free Software Foundation; either version 2 of the License, or
-    (at your option) any later version.
-    This program is distributed in the hope that it will be useful,
-    but WITHOUT ANY WARRANTY; without even the implied warranty of
-    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-    GNU General Public License for more details.
-    You should have received a copy of the GNU General Public License along
-    with this program; if not, write to the Free Software Foundation, Inc.,
-    51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-Also add information on how to contact you by electronic and paper mail.
-If the program is interactive, make it output a short notice like this
-when it starts in an interactive mode:
-    Gnomovision version 69, Copyright (C) year name of author
-    Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
-    This is free software, and you are welcome to redistribute it
-    under certain conditions; type `show c' for details.
-The hypothetical commands `show w' and `show c' should show the appropriate
-parts of the General Public License.  Of course, the commands you use may
-be called something other than `show w' and `show c'; they could even be
-mouse-clicks or menu items--whatever suits your program.
-You should also get your employer (if you work as a programmer) or your
-school, if any, to sign a "copyright disclaimer" for the program, if
-necessary.  Here is a sample; alter the names:
-  Yoyodyne, Inc., hereby disclaims all copyright interest in the program
-  `Gnomovision' (which makes passes at compilers) written by James Hacker.
-  <signature of Ty Coon>, 1 April 1989
-  Ty Coon, President of Vice
-This General Public License does not permit incorporating your program into
-proprietary programs.  If your program is a subroutine library, you may
-consider it more useful to permit linking proprietary applications with the
-library.  If this is what you want to do, use the GNU Lesser General
-Public License instead of this License.
diff --git a/meta/recipes-bsp/usbinit/usbinit/usb-gether b/meta/recipes-bsp/usbinit/usbinit/usb-gether
deleted file mode 100755
index e80a0bb30e..0000000000
--- a/meta/recipes-bsp/usbinit/usbinit/usb-gether
+++ /dev/null
@@ -1,23 +0,0 @@
-#! /bin/sh
-#
-# usb-ether     Start up the gadget usb ethernet interface.
-#
-case "$1" in
-        start|"")
-                test "$VERBOSE" != no && echo "Initializing g_ether gadget..."
-                modprobe g_ether
-                ifup usb0
-                ;;
-        stop)
-                test "$VERBOSE" != no && echo "Disabling g_ether..."
-                ifdown usb0
-                rmmod g_ether
-                ;;
-        *)
-                echo "Usage: usb-ether {start|stop}" >&2
-                exit 1
-                ;;
-esac
-exit 0
diff --git a/meta/recipes-bsp/usbutils/usbutils_014.bb b/meta/recipes-bsp/usbutils/usbutils_018.bb
index e728f1a190..b96a1b4f19 100644
--- a/meta/recipes-bsp/usbutils/usbutils_014.bb
+++ b/meta/recipes-bsp/usbutils/usbutils_018.bb
@@ -3,19 +3,21 @@ DESCRIPTION = "Contains the lsusb utility for inspecting the devices connected t
 HOMEPAGE = "http://www.linux-usb.org"
 SECTION = "base"
-LICENSE = "GPL-2.0-or-later & (GPL-2.0-only | GPL-3.0-only)"
+LICENSE = "GPL-2.0-or-later & (GPL-2.0-only | GPL-3.0-only) & CC0-1.0 & LGPL-2.1-or-later & MIT"
-# License files went missing in 010, when 011 is released add LICENSES/* back
+LIC_FILES_CHKSUM = "file://LICENSES/CC0-1.0.txt;md5=cf1af55fc6f5b9a23e12086005298dcd \
-LIC_FILES_CHKSUM = "file://lsusb.c;endline=1;md5=7226e442a172bcf25807246d7ef1eba1 \
+                    file://LICENSES/GPL-2.0-only.txt;md5=c89d4ad08368966d8df5a90ea96bebe4 \
-                    file://lsusb.py.in;beginline=2;endline=2;md5=c443ada211d701156e42ea36d41625b3 \
+                    file://LICENSES/GPL-2.0-or-later.txt;md5=c89d4ad08368966d8df5a90ea96bebe4 \
-                    "
+                    file://LICENSES/GPL-3.0-only.txt;md5=050f496cfea7876fc13cdea643e041e0 \
+                    file://LICENSES/LGPL-2.1-or-later.txt;md5=8c6e7513c570546f65ae570dae278c17 \
+                    file://LICENSES/MIT.txt;md5=e8f57dd048e186199433be2c41bd3d6d \
+                   "
 DEPENDS = "libusb1 virtual/libiconv udev"
 SRC_URI = "${KERNELORG_MIRROR}/linux/utils/usb/usbutils/usbutils-${PV}.tar.gz \
          "
-SRC_URI[sha256sum] = "59398ab012888dfe0fd12e447b45f36801e9d7b71d9a865fc38e2f549afdb9d0"
+SRC_URI[sha256sum] = "0048d2d8518fb0cc7c0516e16e52af023e52b55ddb3b2068a77041b5ef285768"
-inherit autotools pkgconfig update-alternatives
+inherit meson pkgconfig update-alternatives
 ALTERNATIVE:${PN} = "lsusb"
 ALTERNATIVE_PRIORITY = "100"
diff --git a/meta/recipes-bsp/v86d/v86d_0.1.10.bb b/meta/recipes-bsp/v86d/v86d_0.1.10.bb
index 5f342b1120..3bc9b24487 100644
--- a/meta/recipes-bsp/v86d/v86d_0.1.10.bb
+++ b/meta/recipes-bsp/v86d/v86d_0.1.10.bb
@@ -6,9 +6,7 @@ DESCRIPTION = "v86d provides a backend for kernel drivers that need to execute x
 LICENSE = "GPL-2.0-only"
 LIC_FILES_CHKSUM = "file://README;md5=94ac1971e4f2309dc322d598e7b1f7dd"
-DEPENDS = "virtual/kernel"
 RRECOMMENDS:${PN} = "kernel-module-uvesafb"
-PR = "r2"
 SRC_URI = "http://snapshot.debian.org/archive/debian/20110427T035506Z/pool/main/v/${BPN}/${BPN}_${PV}.orig.tar.gz \
           file://Update-x86emu-from-X.org.patch \
@@ -16,7 +14,6 @@ SRC_URI = "http://snapshot.debian.org/archive/debian/20110427T035506Z/pool/main/
           file://Support-for-cross-compilation.patch \
 "
-SRC_URI[md5sum] = "889686ec8424468fe0d205742e77a4c2"
 SRC_URI[sha256sum] = "93575c82e4307d8c4c370ec6b767f5cf87e527b2378146d652a6d8e25d5bdbc5"
 PACKAGE_ARCH = "${MACHINE_ARCH}"