Message ID | 20240926154739.2379609-1-jon.mason@arm.com |
---|---|
Headers | show |
Series | UEFI secureboot | expand |
Hi Jon, On 9/26/24 9:47 AM, Jon Mason via lists.yoctoproject.org wrote: > Sending a modified version of Javier's patches, combined with a subset > of the patches sent out by Mikko recently. This was done to expedite > the acceptance of this series (given the code freeze tomorrow). Also, > the optee update that Mikko's series included cannot be included (given > the code freeze). 2 of that series are needed for this one. So, > combining everything into this and sending it out publicly for Javier, > Mikko, and anyone else to ack/nack. Thank you for sending them ahead of me, as I was just preparing the cover letter to send them out as v7. > Thanks, > Jon > > > Javier Tia (3): > arm/optee: Add optee udev rules > arm: Enable Secure Boot in all required recipes > arm/qemuarm64-secureboot: Enable UEFI Secure Boot > > Mikko Rapeli (1): > arm/optee-client: fix systemd service dependencies > > .gitlab-ci.yml | 1 + > ci/uefi-secureboot.yml | 37 +++++++++++++ > meta-arm/classes/sbsign.bbclass | 31 +++++++++++ > .../lib/oeqa/runtime/cases/uefi_secureboot.py | 29 +++++++++++ > .../u-boot/u-boot-uefi-secureboot.inc | 17 ++++++ > .../u-boot/u-boot/uefi-secureboot.cfg | 10 ++++ > meta-arm/recipes-bsp/u-boot/u-boot_%.bbappend | 2 + > meta-arm/recipes-bsp/uefi/gen-sbkeys.bb | 48 +++++++++++++++++ > .../recipes-bsp/uefi/gen-sbkeys/gen_sbkeys.sh | 52 +++++++++++++++++++ > .../systemd/systemd-boot-uefi-secureboot.inc | 7 +++ > .../systemd/systemd-boot_%.bbappend | 1 + > meta-arm/recipes-core/systemd/systemd-efi.inc | 1 + > .../recipes-core/systemd/systemd_%.bbappend | 1 + > .../linux/linux-yocto%.bbappend | 2 + > .../linux/linux-yocto-uefi-secureboot.inc | 14 +++++ > .../recipes-security/optee/optee-client.inc | 8 ++- > .../optee/optee-client/optee-udev.rules | 6 +++ > .../optee-client/tee-supplicant@.service | 10 ++-- > 18 files changed, 272 insertions(+), 5 deletions(-) > create mode 100644 ci/uefi-secureboot.yml > create mode 100644 meta-arm/classes/sbsign.bbclass > create mode 100644 meta-arm/lib/oeqa/runtime/cases/uefi_secureboot.py > create mode 100644 meta-arm/recipes-bsp/u-boot/u-boot-uefi-secureboot.inc > create mode 100644 meta-arm/recipes-bsp/u-boot/u-boot/uefi-secureboot.cfg > create mode 100644 meta-arm/recipes-bsp/uefi/gen-sbkeys.bb > create mode 100755 meta-arm/recipes-bsp/uefi/gen-sbkeys/gen_sbkeys.sh > create mode 100644 meta-arm/recipes-core/systemd/systemd-boot-uefi-secureboot.inc > create mode 100644 meta-arm/recipes-core/systemd/systemd-boot_%.bbappend > create mode 100644 meta-arm/recipes-core/systemd/systemd-efi.inc > create mode 100644 meta-arm/recipes-core/systemd/systemd_%.bbappend > create mode 100644 meta-arm/recipes-kernel/linux/linux-yocto-uefi-secureboot.inc > create mode 100644 meta-arm/recipes-security/optee/optee-client/optee-udev.rules > > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#6117): https://lists.yoctoproject.org/g/meta-arm/message/6117 > Mute This Topic: https://lists.yoctoproject.org/mt/108670112/7165667 > Group Owner: meta-arm+owner@lists.yoctoproject.org > Unsubscribe: https://lists.yoctoproject.org/g/meta-arm/unsub [javier.tia@linaro.org] > -=-=-=-=-=-=-=-=-=-=-=- > » Javier Tia
Hi, On Thu, Sep 26, 2024 at 11:47:35AM -0400, Jon Mason via lists.yoctoproject.org wrote: > Sending a modified version of Javier's patches, combined with a subset > of the patches sent out by Mikko recently. This was done to expedite > the acceptance of this series (given the code freeze tomorrow). Also, > the optee update that Mikko's series included cannot be included (given > the code freeze). 2 of that series are needed for this one. So, > combining everything into this and sending it out publicly for Javier, > Mikko, and anyone else to ack/nack. ACK, optee 4.3 stuff later then. Cheers, -Mikko > Thanks, > Jon > > > Javier Tia (3): > arm/optee: Add optee udev rules > arm: Enable Secure Boot in all required recipes > arm/qemuarm64-secureboot: Enable UEFI Secure Boot > > Mikko Rapeli (1): > arm/optee-client: fix systemd service dependencies > > .gitlab-ci.yml | 1 + > ci/uefi-secureboot.yml | 37 +++++++++++++ > meta-arm/classes/sbsign.bbclass | 31 +++++++++++ > .../lib/oeqa/runtime/cases/uefi_secureboot.py | 29 +++++++++++ > .../u-boot/u-boot-uefi-secureboot.inc | 17 ++++++ > .../u-boot/u-boot/uefi-secureboot.cfg | 10 ++++ > meta-arm/recipes-bsp/u-boot/u-boot_%.bbappend | 2 + > meta-arm/recipes-bsp/uefi/gen-sbkeys.bb | 48 +++++++++++++++++ > .../recipes-bsp/uefi/gen-sbkeys/gen_sbkeys.sh | 52 +++++++++++++++++++ > .../systemd/systemd-boot-uefi-secureboot.inc | 7 +++ > .../systemd/systemd-boot_%.bbappend | 1 + > meta-arm/recipes-core/systemd/systemd-efi.inc | 1 + > .../recipes-core/systemd/systemd_%.bbappend | 1 + > .../linux/linux-yocto%.bbappend | 2 + > .../linux/linux-yocto-uefi-secureboot.inc | 14 +++++ > .../recipes-security/optee/optee-client.inc | 8 ++- > .../optee/optee-client/optee-udev.rules | 6 +++ > .../optee-client/tee-supplicant@.service | 10 ++-- > 18 files changed, 272 insertions(+), 5 deletions(-) > create mode 100644 ci/uefi-secureboot.yml > create mode 100644 meta-arm/classes/sbsign.bbclass > create mode 100644 meta-arm/lib/oeqa/runtime/cases/uefi_secureboot.py > create mode 100644 meta-arm/recipes-bsp/u-boot/u-boot-uefi-secureboot.inc > create mode 100644 meta-arm/recipes-bsp/u-boot/u-boot/uefi-secureboot.cfg > create mode 100644 meta-arm/recipes-bsp/uefi/gen-sbkeys.bb > create mode 100755 meta-arm/recipes-bsp/uefi/gen-sbkeys/gen_sbkeys.sh > create mode 100644 meta-arm/recipes-core/systemd/systemd-boot-uefi-secureboot.inc > create mode 100644 meta-arm/recipes-core/systemd/systemd-boot_%.bbappend > create mode 100644 meta-arm/recipes-core/systemd/systemd-efi.inc > create mode 100644 meta-arm/recipes-core/systemd/systemd_%.bbappend > create mode 100644 meta-arm/recipes-kernel/linux/linux-yocto-uefi-secureboot.inc > create mode 100644 meta-arm/recipes-security/optee/optee-client/optee-udev.rules > > -- > 2.39.5 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#6117): https://lists.yoctoproject.org/g/meta-arm/message/6117 > Mute This Topic: https://lists.yoctoproject.org/mt/108670112/7159507 > Group Owner: meta-arm+owner@lists.yoctoproject.org > Unsubscribe: https://lists.yoctoproject.org/g/meta-arm/unsub [mikko.rapeli@linaro.org] > -=-=-=-=-=-=-=-=-=-=-=- >
On Thu, Sep 26, 2024 at 11:55 AM Javier Tia <javier.tia@linaro.org> wrote: > > Hi Jon, > > On 9/26/24 9:47 AM, Jon Mason via lists.yoctoproject.org wrote: > > Sending a modified version of Javier's patches, combined with a subset > > of the patches sent out by Mikko recently. This was done to expedite > > the acceptance of this series (given the code freeze tomorrow). Also, > > the optee update that Mikko's series included cannot be included (given > > the code freeze). 2 of that series are needed for this one. So, > > combining everything into this and sending it out publicly for Javier, > > Mikko, and anyone else to ack/nack. > > Thank you for sending them ahead of me, as I was just preparing the cover letter to send them out as v7. Sorry about that. I'm very eager to get this in (as I'm sure you are too). It's in master-next now > > > Thanks, > > Jon > > > > > > Javier Tia (3): > > arm/optee: Add optee udev rules > > arm: Enable Secure Boot in all required recipes > > arm/qemuarm64-secureboot: Enable UEFI Secure Boot > > > > Mikko Rapeli (1): > > arm/optee-client: fix systemd service dependencies > > > > .gitlab-ci.yml | 1 + > > ci/uefi-secureboot.yml | 37 +++++++++++++ > > meta-arm/classes/sbsign.bbclass | 31 +++++++++++ > > .../lib/oeqa/runtime/cases/uefi_secureboot.py | 29 +++++++++++ > > .../u-boot/u-boot-uefi-secureboot.inc | 17 ++++++ > > .../u-boot/u-boot/uefi-secureboot.cfg | 10 ++++ > > meta-arm/recipes-bsp/u-boot/u-boot_%.bbappend | 2 + > > meta-arm/recipes-bsp/uefi/gen-sbkeys.bb | 48 +++++++++++++++++ > > .../recipes-bsp/uefi/gen-sbkeys/gen_sbkeys.sh | 52 +++++++++++++++++++ > > .../systemd/systemd-boot-uefi-secureboot.inc | 7 +++ > > .../systemd/systemd-boot_%.bbappend | 1 + > > meta-arm/recipes-core/systemd/systemd-efi.inc | 1 + > > .../recipes-core/systemd/systemd_%.bbappend | 1 + > > .../linux/linux-yocto%.bbappend | 2 + > > .../linux/linux-yocto-uefi-secureboot.inc | 14 +++++ > > .../recipes-security/optee/optee-client.inc | 8 ++- > > .../optee/optee-client/optee-udev.rules | 6 +++ > > .../optee-client/tee-supplicant@.service | 10 ++-- > > 18 files changed, 272 insertions(+), 5 deletions(-) > > create mode 100644 ci/uefi-secureboot.yml > > create mode 100644 meta-arm/classes/sbsign.bbclass > > create mode 100644 meta-arm/lib/oeqa/runtime/cases/uefi_secureboot.py > > create mode 100644 meta-arm/recipes-bsp/u-boot/u-boot-uefi-secureboot.inc > > create mode 100644 meta-arm/recipes-bsp/u-boot/u-boot/uefi-secureboot.cfg > > create mode 100644 meta-arm/recipes-bsp/uefi/gen-sbkeys.bb > > create mode 100755 meta-arm/recipes-bsp/uefi/gen-sbkeys/gen_sbkeys.sh > > create mode 100644 meta-arm/recipes-core/systemd/systemd-boot-uefi-secureboot.inc > > create mode 100644 meta-arm/recipes-core/systemd/systemd-boot_%.bbappend > > create mode 100644 meta-arm/recipes-core/systemd/systemd-efi.inc > > create mode 100644 meta-arm/recipes-core/systemd/systemd_%.bbappend > > create mode 100644 meta-arm/recipes-kernel/linux/linux-yocto-uefi-secureboot.inc > > create mode 100644 meta-arm/recipes-security/optee/optee-client/optee-udev.rules > > > > > > > > -=-=-=-=-=-=-=-=-=-=-=- > > Links: You receive all messages sent to this group. > > View/Reply Online (#6117): https://lists.yoctoproject.org/g/meta-arm/message/6117 > > Mute This Topic: https://lists.yoctoproject.org/mt/108670112/7165667 > > Group Owner: meta-arm+owner@lists.yoctoproject.org > > Unsubscribe: https://lists.yoctoproject.org/g/meta-arm/unsub [javier.tia@linaro.org] > > -=-=-=-=-=-=-=-=-=-=-=- > > > > > » Javier Tia
On Thu, Sep 26, 2024 at 11:58 AM Mikko Rapeli <mikko.rapeli@linaro.org> wrote: > > Hi, > > On Thu, Sep 26, 2024 at 11:47:35AM -0400, Jon Mason via lists.yoctoproject.org wrote: > > Sending a modified version of Javier's patches, combined with a subset > > of the patches sent out by Mikko recently. This was done to expedite > > the acceptance of this series (given the code freeze tomorrow). Also, > > the optee update that Mikko's series included cannot be included (given > > the code freeze). 2 of that series are needed for this one. So, > > combining everything into this and sending it out publicly for Javier, > > Mikko, and anyone else to ack/nack. > > ACK, optee 4.3 stuff later then. We'll probably create a styhead branch soon(-ish). Once that happens, I can apply the other patches from that series to master-next. > > Cheers, > > -Mikko > > > Thanks, > > Jon > > > > > > Javier Tia (3): > > arm/optee: Add optee udev rules > > arm: Enable Secure Boot in all required recipes > > arm/qemuarm64-secureboot: Enable UEFI Secure Boot > > > > Mikko Rapeli (1): > > arm/optee-client: fix systemd service dependencies > > > > .gitlab-ci.yml | 1 + > > ci/uefi-secureboot.yml | 37 +++++++++++++ > > meta-arm/classes/sbsign.bbclass | 31 +++++++++++ > > .../lib/oeqa/runtime/cases/uefi_secureboot.py | 29 +++++++++++ > > .../u-boot/u-boot-uefi-secureboot.inc | 17 ++++++ > > .../u-boot/u-boot/uefi-secureboot.cfg | 10 ++++ > > meta-arm/recipes-bsp/u-boot/u-boot_%.bbappend | 2 + > > meta-arm/recipes-bsp/uefi/gen-sbkeys.bb | 48 +++++++++++++++++ > > .../recipes-bsp/uefi/gen-sbkeys/gen_sbkeys.sh | 52 +++++++++++++++++++ > > .../systemd/systemd-boot-uefi-secureboot.inc | 7 +++ > > .../systemd/systemd-boot_%.bbappend | 1 + > > meta-arm/recipes-core/systemd/systemd-efi.inc | 1 + > > .../recipes-core/systemd/systemd_%.bbappend | 1 + > > .../linux/linux-yocto%.bbappend | 2 + > > .../linux/linux-yocto-uefi-secureboot.inc | 14 +++++ > > .../recipes-security/optee/optee-client.inc | 8 ++- > > .../optee/optee-client/optee-udev.rules | 6 +++ > > .../optee-client/tee-supplicant@.service | 10 ++-- > > 18 files changed, 272 insertions(+), 5 deletions(-) > > create mode 100644 ci/uefi-secureboot.yml > > create mode 100644 meta-arm/classes/sbsign.bbclass > > create mode 100644 meta-arm/lib/oeqa/runtime/cases/uefi_secureboot.py > > create mode 100644 meta-arm/recipes-bsp/u-boot/u-boot-uefi-secureboot.inc > > create mode 100644 meta-arm/recipes-bsp/u-boot/u-boot/uefi-secureboot.cfg > > create mode 100644 meta-arm/recipes-bsp/uefi/gen-sbkeys.bb > > create mode 100755 meta-arm/recipes-bsp/uefi/gen-sbkeys/gen_sbkeys.sh > > create mode 100644 meta-arm/recipes-core/systemd/systemd-boot-uefi-secureboot.inc > > create mode 100644 meta-arm/recipes-core/systemd/systemd-boot_%.bbappend > > create mode 100644 meta-arm/recipes-core/systemd/systemd-efi.inc > > create mode 100644 meta-arm/recipes-core/systemd/systemd_%.bbappend > > create mode 100644 meta-arm/recipes-kernel/linux/linux-yocto-uefi-secureboot.inc > > create mode 100644 meta-arm/recipes-security/optee/optee-client/optee-udev.rules > > > > -- > > 2.39.5 > > > > > > > -=-=-=-=-=-=-=-=-=-=-=- > > Links: You receive all messages sent to this group. > > View/Reply Online (#6117): https://lists.yoctoproject.org/g/meta-arm/message/6117 > > Mute This Topic: https://lists.yoctoproject.org/mt/108670112/7159507 > > Group Owner: meta-arm+owner@lists.yoctoproject.org > > Unsubscribe: https://lists.yoctoproject.org/g/meta-arm/unsub [mikko.rapeli@linaro.org] > > -=-=-=-=-=-=-=-=-=-=-=- > > >