- Sep 05, 2024
-
-
Luca Fancellu authoredAdd a disclaimer regarding the Arm registered trademark to the README.md file. Signed-off-by:
Luca Fancellu <luca.fancellu@arm.com> -
Luca Fancellu authored
The change 8c167615 ("doc: Add info on unattended openSUSE") introduced a term that is not known for the spell checker, fix the issue adding the new entry. Signed-off-by:
Luca Fancellu <luca.fancellu@arm.com> -
Peter Hoyes authored
68743453 created a dedicated Kas file for "actuation" and updated the user-facing Kconfig, but omitted updating the CI config. Append actuation.yml to Image-Build-baremetal and Image-Build-virtualization so that the actuation packages and tests are included in the builds. Signed-off-by:
Peter Hoyes <peter.hoyes@arm.com>
-
The FVP can be fetched from different URL depending on the development phase, the current KAS configuration already accepts FVP_BUILD_NUMBER to be passed through the environment, so to offer more flexibility add the remaining variables that allows the URL to be changed together with optional access control variables for username and password. While there, add also FVP_OVERRIDE, since the current configuration allows to change the FVP build number, but without the former, the recipe will complain on the binary SHA check. Signed-off-by:Luca Fancellu <luca.fancellu@arm.com> -
Backport a patch from TF-M to fix a bug in which the MHU interrupt occurs while the scheduler is locked. This causes the RSE communication request from AP to be not handled by RSE, resulting in the hang of the Application Processor indefinitely waiting for a reply from RSE. Signed-off-by:Ziad Elhanafy <ziad.elhanafy@arm.com>
-
Add documentation on openSUSE installation options Signed-off-by:Ben Cownley <ben.cownley@arm.com>
-
Add patches for unattended openSUSE installation Signed-off-by:
-
- Sep 04, 2024
-
-
Luca Fancellu authored
The KAS lockfile feature is able to include implicitly a file having a name <filename>.lock.<ext> when processing another KAS file <filename>.<ext>, this is convenient for overriding settings and in this case is used to pin the repository to a certain SHA. However it has been tested that using --update argument will bump the repository SHA as the lockfile was never included. For this reason explicitly include the pinned repository file and change its name in order not to trigger the KAS lockfile feature. Signed-off-by:Luca Fancellu <luca.fancellu@arm.com>
-
- Sep 03, 2024
-
-
Read the Docs will stop defining html_baseurl Sphinx configuration, which means that you will need to define it by yourself to keep the canonical custom domain properly configured. Use READTHEDOCS_CANONICAL_URL environment variable to define html_baseurl to keep the previous behavior. Also inject READTHEDOCS variable into the html_context. Code fragment taken from the blog post here: https://about.readthedocs.com/blog/2024/07/addons-by-default/ Signed-off-by:
Vineeth Raveendran <vineeth.raveendran@arm.com>
-
Amr Mohamed authored
Arm SystemReady IR ACS Tests runs the SIE tests, which enrolls the authenticated variables for UEFI Secure Boot, so running the Linux distros installation after running the ACS tests will result in a failure. Update the Distros installations instructions to include recreating the firmware flash images to address this issue. Signed-off-by:Amr Mohamed <amr.mohamed@arm.com>
-
Ziad Elhanafy authored
In the documentation, clarify which images are stored in each of the RSE flash and the AP Secure flash. Signed-off-by:
-
- Sep 02, 2024
-
-
Luca Fancellu authored
Add missing 'meta-perl' layer to the meta-openembedded entry in the third-party Yocto layers list. Signed-off-by:Luca Fancellu <luca.fancellu@arm.com> -
Luca Fancellu authored
Update the Safety Island Actuation Demo to the latest version v2.1, mention the change in the release note. After this change, some variable and values of rst_prolog in conf.py won't be used anymore, so remove them. Signed-off-by:Luca Fancellu <luca.fancellu@arm.com>
-
- Aug 30, 2024
-
-
Prior to this change, the document contained inconsistencies in terminology, formatting, and style. There were also grammatical errors, such as incorrect punctuation and sentence structure, which affected readability. Signed-off-by:
<Shishir.Boxey@arm.com> Signed-off-by:
Michael Zhao <michael.zhao2@arm.com> Signed-off-by:
Jun Wu <jun.wu@arm.com>
-
Add the change of ESP for Arm Systemready IR ACS test into change list in release note. Signed-off-by:
David Hu <david.hu2@arm.com> -
Update the workarounds in systemready-scripts to support ESP check in Arm Systemready IR ACS test. Signed-off-by:David Hu <david.hu2@arm.com> -
Create fw folder and logs when arm-systemready-acs.bbclass in meat-arm handles ACS test output logs, to support ESP checks in ACS tests. Signed-off-by:David Hu <david.hu2@arm.com> -
Convert the partition in efi-capsule-update-disk image to EFI System Partition (ESP) type for Arm SystemReady IR ACS test. Otherwise, the related UEFI-SCT tests can fail. - Change partition type to 0xEF. - Remove the label of the Capsule Update partition. Otherwise, ACS test will dump some test results to Capsule Update partition rather than the BOOT partition of ACS image. - Update the dependency to make sure the Capsule Update image is deployed. Signed-off-by:David Hu <david.hu2@arm.com> -
Peter Hoyes authored
This is the validation candidate for the 11.27 release. Signed-off-by: -
Peter Hoyes authored
On upgrading to scarthgap, the EDK2 capsule generation tool was replaced by U-Boot's mkeficapsule, so update the reference in the secure firmware update documentation. Signed-off-by: -
Add UEFI Secure Boot test suite to cam baremetal use case. Signed-off-by: -
Add the unsigned kernel image to the EFI boot files to be deployed to the boot partition for UEFI Secure Boot oeqa test suite. Signed-off-by: -
The test suite verifies: - Successful enrollment of 4 authenticated variables. - Not booting an unsigned kernel image. Signed-off-by: -
Deploy an unsigned kernel image for UEFI Secure Boot oeqa test suite. Signed-off-by: -
Isaac Perry authored
The files ethtool-test.log and read_blk_devices.log which contain results from the ACS tests are no longer randomly unavailable and so aren't considered optional files as a workaround. Signed-off-by:Isaac Perry <isaac.perry@arm.com>
-
Add text in documentation that Safety Island clusters 1 and 2 Zephyr images are enabled with SMP support. Signed-off-by:Rahul Singh <rahul.singh@arm.com>
-
The Yocto layers of meta-secure-core repo were introduced for UEFI Secure Boot feature. Signed-off-by: -
The documentation work covers: - Design document of the feature - Architecture diagram of the feature - Changenotes Signed-off-by:
-
- Aug 29, 2024
-
-
Michael Zhao authored
The documentation work includes: - Introducing the SIE SCT - Updating the output of the ACS with the SIE SCT - Updating the release notes Signed-off-by: -
Michael Zhao authored
Applied 3 kas patches to enable ACS SIE test. Signed-off-by: -
Michael Zhao authored
Updated check-sr-results.yaml to work with SIE SCT testing. Signed-off-by: -
Peter Hoyes authored
Signed-off-by: -
Peter Hoyes authored
81ae99bb refactored the test assignment variables in arm_auto_solutions_image_features.bbclass, but incorrectly assigned the baremetal HIPC and PTP test cases when running the virtualization architecture. Fix the assignment by running test_30_hipc and test_30_ptp only on baremetal and test_30_hipc_virtualization and test_30_ptp_virtualization only on virtualization. Signed-off-by:
-
Enable UEFI Secure Boot in baremetal use cases and disable it in virtualization use cases. Signed-off-by: -
Create linux-yocto-uefi-secure-boot.inc file to sign the kernel image. Modify linux-yocto%.bbappend file to include linux-yocto-uefi-secure-boot.inc file. Signed-off-by: -
Add 0001-verifiers-Don-t-return-error-for-deferred-image.patch file. Create grub-efi-uefi-secure-boot.inc file to: - Disable shim-lock in do_mkimage task. - Apply 0001-verifiers-Don-t-return-error-for-deferred-image.patch file to print error message instead of returning an error when deferring "/Image" authentication to be handled by "U-Boot". - sign the grub image. Create grub-efi%.bbappend file to include grub-efi-uefi-secure-boot.inc file. Signed-off-by: -
Define UEFI Secure Boot image signing function to sign the kernel and the grub-efi images. Signed-off-by: -
Modify U-Boot kronos.cfg file to enable UEFI Secure Boot. Modify boot.cmd to enroll the authenticated variables for UEFI Secure Boot. Modify fvp-rd-kronos.conf file to add the generated authenticated variables to the EFI boot files to be deployed to the boot partition. Modify u-boot-fvp-rd-kronos.inc file to pass authenticated variables folder name to the boot.cmd file. Signed-off-by: -
Create u-boot-uefi-secure-boot.inc file to generate the UEFI Secure Boot authenticated variables. Modify u-boot_%.bbappend file to include u-boot-uefi-secure-boot.inc file. Signed-off-by: -
Add “meta-secure-core” layer which has the ssl certs/keys, efitools-native and sbsigntool-native packages that will be used in UEFI Secure Boot. This feature is only enabled for baremetal use cases and disabled for Virtualization, SystemReady IR ACS and Distro installation use cases. Signed-off-by:
-
