From patchwork Mon Aug 28 10:43:13 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: tho1.nguyendat@toshiba.co.jp
X-Patchwork-Id: 13367794
Return-Path: <tho1.nguyendat@toshiba.co.jp>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 91725C71153
	for <webhook@archiver.kernel.org>; Mon, 28 Aug 2023 10:43:48 +0000 (UTC)
Received: from mo-csw.securemx.jp (mo-csw.securemx.jp [210.130.202.152])
 by mx.groups.io with SMTP id smtpd.web10.10515.1693219419449092380
 for <cip-dev@lists.cip-project.org>;
 Mon, 28 Aug 2023 03:43:40 -0700
Authentication-Results: mx.groups.io;
 dkim=none (message not signed);
 spf=pass (domain: toshiba.co.jp, ip: 210.130.202.152,
 mailfrom: tho1.nguyendat@toshiba.co.jp)
Received: by mo-csw.securemx.jp (mx-mo-csw1802) id 37SAhbT11559549;
 Mon, 28 Aug 2023 19:43:37 +0900
X-Iguazu-Qid: 2yAaansOw8X8FJiT4b
X-Iguazu-QSIG: v=2; s=0; t=1693219416; q=2yAaansOw8X8FJiT4b;
 m=9NIkVpLtTBVimP/rlqKb1zOQA/aL4DbFPFrk6YT/fK8=
Received: from imx2-a.toshiba.co.jp (imx2-a.toshiba.co.jp [106.186.93.35])
	by relay.securemx.jp (mx-mr1803) id 37SAhaTp3690390
	(version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT);
	Mon, 28 Aug 2023 19:43:36 +0900
From: tho1.nguyendat@toshiba.co.jp
To: jan.kiszka@siemens.com, cip-dev@lists.cip-project.org
Cc: tho1.nguyendat@toshiba.co.jp, kazuhiro3.hayashi@toshiba.co.jp
Subject: [PATCH 1/3] linux/cip-kernel-config: Use latest commit
Date: Mon, 28 Aug 2023 17:43:13 +0700
X-TSB-HOP2: ON
Message-Id: <20230828104315.466393-2-tho1.nguyendat@toshiba.co.jp>
X-Mailer: git-send-email 2.39.2
In-Reply-To: <20230828104315.466393-1-tho1.nguyendat@toshiba.co.jp>
References: <20230828104315.466393-1-tho1.nguyendat@toshiba.co.jp>
MIME-Version: 1.0
List-Id: <cip-dev.lists.cip-project.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <cip-dev@lists.cip-project.org>; Mon, 28 Aug 2023 10:43:48 -0000
X-Groupsio-URL: https://lists.cip-project.org/g/cip-dev/message/12881

From: Nguyen Dat Tho <tho1.nguyendat@toshiba.co.jp>

Signed-off-by: Nguyen Dat Tho <tho1.nguyendat@toshiba.co.jp>
---
 recipes-kernel/linux/cip-kernel-config.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/recipes-kernel/linux/cip-kernel-config.inc b/recipes-kernel/linux/cip-kernel-config.inc
index e104200..51b17c6 100644
--- a/recipes-kernel/linux/cip-kernel-config.inc
+++ b/recipes-kernel/linux/cip-kernel-config.inc
@@ -14,4 +14,4 @@ SRC_URI:append = " ${@ \
     if d.getVar('USE_CIP_KERNEL_CONFIG') == '1' else '' \
     }"
 
-SRCREV_cip-kernel-config ?= "a28b7a678418287b12161975fe8b9b04a3cc8c88"
+SRCREV_cip-kernel-config ?= "aca5978b5abf93b20df4efda067c3a3f461476e0"

From patchwork Mon Aug 28 10:43:14 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: tho1.nguyendat@toshiba.co.jp
X-Patchwork-Id: 13367797
Return-Path: <tho1.nguyendat@toshiba.co.jp>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id AE5A7C83F17
	for <webhook@archiver.kernel.org>; Mon, 28 Aug 2023 10:43:48 +0000 (UTC)
Received: from mo-csw.securemx.jp (mo-csw.securemx.jp [210.130.202.134])
 by mx.groups.io with SMTP id smtpd.web10.10517.1693219420482386177
 for <cip-dev@lists.cip-project.org>;
 Mon, 28 Aug 2023 03:43:40 -0700
Authentication-Results: mx.groups.io;
 dkim=none (message not signed);
 spf=pass (domain: toshiba.co.jp, ip: 210.130.202.134,
 mailfrom: tho1.nguyendat@toshiba.co.jp)
Received: by mo-csw.securemx.jp (mx-mo-csw1800) id 37SAhc643199682;
 Mon, 28 Aug 2023 19:43:38 +0900
X-Iguazu-Qid: 2yAb0Rwz50wvvLQ4Lx
X-Iguazu-QSIG: v=2; s=0; t=1693219418; q=2yAb0Rwz50wvvLQ4Lx;
 m=+CcSbILDLSUGFqyS70/oHQSS4lZZZAUMikR5rtbhJqo=
Received: from imx2-a.toshiba.co.jp (imx2-a.toshiba.co.jp [106.186.93.35])
	by relay.securemx.jp (mx-mr1800) id 37SAhbqH4192517
	(version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT);
	Mon, 28 Aug 2023 19:43:37 +0900
From: tho1.nguyendat@toshiba.co.jp
To: jan.kiszka@siemens.com, cip-dev@lists.cip-project.org
Cc: tho1.nguyendat@toshiba.co.jp, kazuhiro3.hayashi@toshiba.co.jp
Subject: [PATCH 2/3] bbb: Enable secured boot
Date: Mon, 28 Aug 2023 17:43:14 +0700
X-TSB-HOP2: ON
Message-Id: <20230828104315.466393-3-tho1.nguyendat@toshiba.co.jp>
X-Mailer: git-send-email 2.39.2
In-Reply-To: <20230828104315.466393-1-tho1.nguyendat@toshiba.co.jp>
References: <20230828104315.466393-1-tho1.nguyendat@toshiba.co.jp>
MIME-Version: 1.0
List-Id: <cip-dev.lists.cip-project.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <cip-dev@lists.cip-project.org>; Mon, 28 Aug 2023 10:43:48 -0000
X-Groupsio-URL: https://lists.cip-project.org/g/cip-dev/message/12882

From: Nguyen Dat Tho <tho1.nguyendat@toshiba.co.jp>

Signed-off-by: Nguyen Dat Tho <tho1.nguyendat@toshiba.co.jp>
---
 Kconfig                                |  2 +-
 wic/bbb-efibootguard-secureboot.wks.in | 13 +++++++++++++
 2 files changed, 14 insertions(+), 1 deletion(-)
 create mode 100644 wic/bbb-efibootguard-secureboot.wks.in

diff --git a/Kconfig b/Kconfig
index ec49631..3bbb5e3 100644
--- a/Kconfig
+++ b/Kconfig
@@ -190,7 +190,7 @@ config IMAGE_SWUPDATE
 
 config IMAGE_SECURE_BOOT
 	bool "Secure boot support"
-	depends on TARGET_QEMU_AMD64 || TARGET_QEMU_ARM64 || TARGET_QEMU_ARM
+	depends on TARGET_QEMU_AMD64 || TARGET_QEMU_ARM64 || TARGET_QEMU_ARM || TARGET_BBB
 	select IMAGE_SWUPDATE
 
 config KAS_INCLUDE_SWUPDATE_SECBOOT
diff --git a/wic/bbb-efibootguard-secureboot.wks.in b/wic/bbb-efibootguard-secureboot.wks.in
new file mode 100644
index 0000000..504e2d8
--- /dev/null
+++ b/wic/bbb-efibootguard-secureboot.wks.in
@@ -0,0 +1,13 @@
+part --source rawcopy --sourceparams "file=/usr/lib/u-boot/bbb/MLO" --no-table --align 128
+part --source rawcopy --sourceparams "file=/usr/lib/u-boot/bbb/u-boot.img" --no-table --align 384
+
+include ebg-signed-sysparts.inc
+
+part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.verity" --align 1024 --fixed-size 1G --uuid "${ABROOTFS_PART_UUID_A}"
+part --source empty --align 1024 --fixed-size 1G --uuid "${ABROOTFS_PART_UUID_B}"
+
+# home and var are extra partitions
+part /home --source rootfs --rootfs-dir=${IMAGE_ROOTFS}/home --fstype=ext4 --label home --align 1024 --size 1G
+part /var  --source rootfs --rootfs-dir=${IMAGE_ROOTFS}/var  --fstype=ext4 --label var  --align 1024 --size 2G
+
+bootloader --ptable gpt --append="rootwait console=ttyO0,115200 omap_wdt.early_enable=1 omap_wdt.nowayout=1 watchdog.handle_boot_enabled=0"

From patchwork Mon Aug 28 10:43:15 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: tho1.nguyendat@toshiba.co.jp
X-Patchwork-Id: 13367795
Return-Path: <tho1.nguyendat@toshiba.co.jp>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 906A7C83F11
	for <webhook@archiver.kernel.org>; Mon, 28 Aug 2023 10:43:48 +0000 (UTC)
Received: from mo-csw.securemx.jp (mo-csw.securemx.jp [210.130.202.158])
 by mx.groups.io with SMTP id smtpd.web11.10397.1693219422256616966
 for <cip-dev@lists.cip-project.org>;
 Mon, 28 Aug 2023 03:43:42 -0700
Authentication-Results: mx.groups.io;
 dkim=none (message not signed);
 spf=pass (domain: toshiba.co.jp, ip: 210.130.202.158,
 mailfrom: tho1.nguyendat@toshiba.co.jp)
Received: by mo-csw.securemx.jp (mx-mo-csw1122) id 37SAhd8D1952235;
 Mon, 28 Aug 2023 19:43:40 +0900
X-Iguazu-Qid: 2rWgoVec2A2abtgvhq
X-Iguazu-QSIG: v=2; s=0; t=1693219419; q=2rWgoVec2A2abtgvhq;
 m=WSoIbwCsVuj2Bg0F5x3EGeD1ju00F25gpenGIavjONU=
Received: from imx2-a.toshiba.co.jp (imx2-a.toshiba.co.jp [106.186.93.35])
	by relay.securemx.jp (mx-mr1123) id 37SAhcag1530531
	(version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT);
	Mon, 28 Aug 2023 19:43:39 +0900
From: tho1.nguyendat@toshiba.co.jp
To: jan.kiszka@siemens.com, cip-dev@lists.cip-project.org
Cc: tho1.nguyendat@toshiba.co.jp, kazuhiro3.hayashi@toshiba.co.jp
Subject: [PATCH 3/3] u-boot: Add EFI secure boot dependency
Date: Mon, 28 Aug 2023 17:43:15 +0700
X-TSB-HOP2: ON
Message-Id: <20230828104315.466393-4-tho1.nguyendat@toshiba.co.jp>
X-Mailer: git-send-email 2.39.2
In-Reply-To: <20230828104315.466393-1-tho1.nguyendat@toshiba.co.jp>
References: <20230828104315.466393-1-tho1.nguyendat@toshiba.co.jp>
MIME-Version: 1.0
List-Id: <cip-dev.lists.cip-project.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <cip-dev@lists.cip-project.org>; Mon, 28 Aug 2023 10:43:48 -0000
X-Groupsio-URL: https://lists.cip-project.org/g/cip-dev/message/12884

From: Nguyen Dat Tho <tho1.nguyendat@toshiba.co.jp>

CONFIG_EFI_SECURE_BOOT depends on CONFIG_FIT_SIGNATURE.
Enable CONFIG_FIT_SIGNATURE to make sure CONFIG_EFI_SECURE_BOOT enabled

Signed-off-by: Nguyen Dat Tho <tho1.nguyendat@toshiba.co.jp>
---
 recipes-bsp/u-boot/files/secure-boot.cfg.tmpl | 1 +
 1 file changed, 1 insertion(+)

diff --git a/recipes-bsp/u-boot/files/secure-boot.cfg.tmpl b/recipes-bsp/u-boot/files/secure-boot.cfg.tmpl
index 956dcbf..6111007 100644
--- a/recipes-bsp/u-boot/files/secure-boot.cfg.tmpl
+++ b/recipes-bsp/u-boot/files/secure-boot.cfg.tmpl
@@ -4,3 +4,4 @@ CONFIG_USE_BOOTCOMMAND=y
 CONFIG_BOOTCOMMAND="setenv scan_dev_for_boot 'if test -e ${devtype} ${devnum}:${distro_bootpart} efi/boot/boot${EFI_ARCH}.efi; then load ${devtype} ${devnum}:${distro_bootpart} ${kernel_addr_r} efi/boot/boot${EFI_ARCH}.efi; bootefi ${kernel_addr_r} ${fdtcontroladdr}; fi'; run distro_bootcmd; echo 'EFI Boot failed!'; sleep 1000; reset"
 CONFIG_EFI_VARIABLES_PRESEED=y
 CONFIG_EFI_SECURE_BOOT=y
+CONFIG_FIT_SIGNATURE=y