diff mbox series

[meta-oe] spectre-meltdown-checker: New recipe to check hardware vulnerability

Message ID e26acb8229abc26b88bcaa76a54829e9be2b2ee5.1736613424.git.joerg.sommer@navimatix.de
State Under Review
Headers show
Series [meta-oe] spectre-meltdown-checker: New recipe to check hardware vulnerability | expand

Commit Message

Jörg Sommer Jan. 11, 2025, 4:37 p.m. UTC
From: Jörg Sommer <joerg.sommer@navimatix.de>

Signed-off-by: Jörg Sommer <joerg.sommer@navimatix.de>
---
 .../spectre-meltdown-checker_0.46.bb          | 36 +++++++++++++++++++
 1 file changed, 36 insertions(+)
 create mode 100644 meta-oe/recipes-security/spectre-meltdown-checker/spectre-meltdown-checker_0.46.bb

Comments

Khem Raj Jan. 13, 2025, 6:10 p.m. UTC | #1
seeing this

ERROR: Nothing RPROVIDES 'msr-tools' (but
/mnt/jenkins/workspace/Yocto-world-musl/sources/meta-openembedded/meta-oe/recipes-security/spectre-meltdown-checker/spectre-meltdown-checker_0.46.bb
RDEPENDS on or otherwise requires it)
msr-tools was skipped: incompatible with host aarch64-yoe-linux-musl
(not in COMPATIBLE_HOST)

Perhaps this recipe should be limited to x86 arch like msr-tools

On Sat, Jan 11, 2025 at 8:37 AM Jörg Sommer via lists.openembedded.org
<joerg.sommer=navimatix.de@lists.openembedded.org> wrote:
>
> From: Jörg Sommer <joerg.sommer@navimatix.de>
>
> Signed-off-by: Jörg Sommer <joerg.sommer@navimatix.de>
> ---
>  .../spectre-meltdown-checker_0.46.bb          | 36 +++++++++++++++++++
>  1 file changed, 36 insertions(+)
>  create mode 100644 meta-oe/recipes-security/spectre-meltdown-checker/spectre-meltdown-checker_0.46.bb
>
> diff --git a/meta-oe/recipes-security/spectre-meltdown-checker/spectre-meltdown-checker_0.46.bb b/meta-oe/recipes-security/spectre-meltdown-checker/spectre-meltdown-checker_0.46.bb
> new file mode 100644
> index 0000000000..c2996415ad
> --- /dev/null
> +++ b/meta-oe/recipes-security/spectre-meltdown-checker/spectre-meltdown-checker_0.46.bb
> @@ -0,0 +1,36 @@
> +SUMMARY = "Hardware vulnerability and mitigation checker"
> +DESCRIPTION = "\
> +    Reptar, Downfall, Zenbleed, ZombieLoad, RIDL, Fallout, Foreshadow, Spectre, \
> +    Meltdown vulnerability/mitigation checker for Linux & BSD \
> +"
> +HOMEPAGE = "https://github.com/speed47/spectre-meltdown-checker"
> +BUGTRACKER = "https://github.com/speed47/spectre-meltdown-checker/issues"
> +LICENSE = "GPL-3.0-only"
> +LIC_FILES_CHKSUM = "file://spectre-meltdown-checker.sh;beginline=2;endline=2;md5=3ae5399e70af7be9b93f72568069e2f4"
> +
> +SRC_URI = "git://github.com/speed47/spectre-meltdown-checker;protocol=https;branch=master"
> +SRCREV = "b8f8c81d519435c0871b13f02b5c4a72c5bffd5e"
> +
> +S = "${UNPACKDIR}/git"
> +
> +# binutils: readelf,objdump might be used for deeper analysis
> +# coreutils: dd with iflag=skip_bytes oflag=seek_bytes in some cases
> +# kernel-dev: /boot/config is used
> +# perl: sometimes used when other tools (dd, rdmsr/wdmsr) are missing
> +RRECOMMENDS:${PN} = "\
> +    binutils \
> +    coreutils \
> +    kernel-dev \
> +    msr-tools \
> +    perl \
> +"
> +
> +INHIBIT_DEFAULT_DEPS = "1"
> +
> +inherit allarch
> +
> +do_compile[noexec] = "1"
> +
> +do_install() {
> +    install -m 755 -D ${S}/${PN}.sh ${D}${bindir}/${PN}
> +}
> --
> 2.45.2
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#114816): https://lists.openembedded.org/g/openembedded-devel/message/114816
> Mute This Topic: https://lists.openembedded.org/mt/110555586/1997914
> Group Owner: openembedded-devel+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [raj.khem@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
Jörg Sommer Jan. 13, 2025, 7:24 p.m. UTC | #2
Khem Raj schrieb am Mo 13. Jan, 10:10 (-0800):
> seeing this
> 
> ERROR: Nothing RPROVIDES 'msr-tools' (but
> /mnt/jenkins/workspace/Yocto-world-musl/sources/meta-openembedded/meta-oe/recipes-security/spectre-meltdown-checker/spectre-meltdown-checker_0.46.bb
> RDEPENDS on or otherwise requires it)
> msr-tools was skipped: incompatible with host aarch64-yoe-linux-musl
> (not in COMPATIBLE_HOST)
> 
> Perhaps this recipe should be limited to x86 arch like msr-tools

It works fine on arm. Instead I would remove the msr-tools. There are other
fall-back options using perl or something. And if everything fails, it
prints message and doesn't crash or something. The MSR is only checked for
some tests, so others report valuable results.

> On Sat, Jan 11, 2025 at 8:37 AM Jörg Sommer via lists.openembedded.org
> <joerg.sommer=navimatix.de@lists.openembedded.org> wrote:
> >
> > From: Jörg Sommer <joerg.sommer@navimatix.de>
> >
> > Signed-off-by: Jörg Sommer <joerg.sommer@navimatix.de>
> > ---
> >  .../spectre-meltdown-checker_0.46.bb          | 36 +++++++++++++++++++
> >  1 file changed, 36 insertions(+)
> >  create mode 100644 meta-oe/recipes-security/spectre-meltdown-checker/spectre-meltdown-checker_0.46.bb
> >
> > diff --git a/meta-oe/recipes-security/spectre-meltdown-checker/spectre-meltdown-checker_0.46.bb b/meta-oe/recipes-security/spectre-meltdown-checker/spectre-meltdown-checker_0.46.bb
> > new file mode 100644
> > index 0000000000..c2996415ad
> > --- /dev/null
> > +++ b/meta-oe/recipes-security/spectre-meltdown-checker/spectre-meltdown-checker_0.46.bb
> > @@ -0,0 +1,36 @@
> > +SUMMARY = "Hardware vulnerability and mitigation checker"
> > +DESCRIPTION = "\
> > +    Reptar, Downfall, Zenbleed, ZombieLoad, RIDL, Fallout, Foreshadow, Spectre, \
> > +    Meltdown vulnerability/mitigation checker for Linux & BSD \
> > +"
> > +HOMEPAGE = "https://github.com/speed47/spectre-meltdown-checker"
> > +BUGTRACKER = "https://github.com/speed47/spectre-meltdown-checker/issues"
> > +LICENSE = "GPL-3.0-only"
> > +LIC_FILES_CHKSUM = "file://spectre-meltdown-checker.sh;beginline=2;endline=2;md5=3ae5399e70af7be9b93f72568069e2f4"
> > +
> > +SRC_URI = "git://github.com/speed47/spectre-meltdown-checker;protocol=https;branch=master"
> > +SRCREV = "b8f8c81d519435c0871b13f02b5c4a72c5bffd5e"
> > +
> > +S = "${UNPACKDIR}/git"
> > +
> > +# binutils: readelf,objdump might be used for deeper analysis
> > +# coreutils: dd with iflag=skip_bytes oflag=seek_bytes in some cases
> > +# kernel-dev: /boot/config is used
> > +# perl: sometimes used when other tools (dd, rdmsr/wdmsr) are missing
> > +RRECOMMENDS:${PN} = "\
> > +    binutils \
> > +    coreutils \
> > +    kernel-dev \
> > +    msr-tools \
> > +    perl \
> > +"
> > +
> > +INHIBIT_DEFAULT_DEPS = "1"
> > +
> > +inherit allarch
> > +
> > +do_compile[noexec] = "1"
> > +
> > +do_install() {
> > +    install -m 755 -D ${S}/${PN}.sh ${D}${bindir}/${PN}
> > +}
> > --
> > 2.45.2
> >
> >
> > -=-=-=-=-=-=-=-=-=-=-=-
> > Links: You receive all messages sent to this group.
> > View/Reply Online (#114816): https://lists.openembedded.org/g/openembedded-devel/message/114816
> > Mute This Topic: https://lists.openembedded.org/mt/110555586/1997914
> > Group Owner: openembedded-devel+owner@lists.openembedded.org
> > Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [raj.khem@gmail.com]
> > -=-=-=-=-=-=-=-=-=-=-=-
> >
diff mbox series

Patch

diff --git a/meta-oe/recipes-security/spectre-meltdown-checker/spectre-meltdown-checker_0.46.bb b/meta-oe/recipes-security/spectre-meltdown-checker/spectre-meltdown-checker_0.46.bb
new file mode 100644
index 0000000000..c2996415ad
--- /dev/null
+++ b/meta-oe/recipes-security/spectre-meltdown-checker/spectre-meltdown-checker_0.46.bb
@@ -0,0 +1,36 @@ 
+SUMMARY = "Hardware vulnerability and mitigation checker"
+DESCRIPTION = "\
+    Reptar, Downfall, Zenbleed, ZombieLoad, RIDL, Fallout, Foreshadow, Spectre, \
+    Meltdown vulnerability/mitigation checker for Linux & BSD \
+"
+HOMEPAGE = "https://github.com/speed47/spectre-meltdown-checker"
+BUGTRACKER = "https://github.com/speed47/spectre-meltdown-checker/issues"
+LICENSE = "GPL-3.0-only"
+LIC_FILES_CHKSUM = "file://spectre-meltdown-checker.sh;beginline=2;endline=2;md5=3ae5399e70af7be9b93f72568069e2f4"
+
+SRC_URI = "git://github.com/speed47/spectre-meltdown-checker;protocol=https;branch=master"
+SRCREV = "b8f8c81d519435c0871b13f02b5c4a72c5bffd5e"
+
+S = "${UNPACKDIR}/git"
+
+# binutils: readelf,objdump might be used for deeper analysis
+# coreutils: dd with iflag=skip_bytes oflag=seek_bytes in some cases
+# kernel-dev: /boot/config is used
+# perl: sometimes used when other tools (dd, rdmsr/wdmsr) are missing
+RRECOMMENDS:${PN} = "\
+    binutils \
+    coreutils \
+    kernel-dev \
+    msr-tools \
+    perl \
+"
+
+INHIBIT_DEFAULT_DEPS = "1"
+
+inherit allarch
+
+do_compile[noexec] = "1"
+
+do_install() {
+    install -m 755 -D ${S}/${PN}.sh ${D}${bindir}/${PN}
+}