summaryrefslogtreecommitdiffstats
path: root/meta-app-framework/recipes-kernel
diff options
context:
space:
mode:
authorJan-Simon Möller <jsmoeller@linuxfoundation.org>2018-02-14 10:55:35 +0100
committerJan-Simon Möller <jsmoeller@linuxfoundation.org>2018-02-14 10:55:35 +0100
commit317c8a08a6b5943517e67c5ea80b0a9a83a10d63 (patch)
treebf2b27dc9068924b59b46d2e153936c77be954c3 /meta-app-framework/recipes-kernel
parentb6dc44f585b839ab1a2f0133b74958037fe1cb64 (diff)
parentc9ce37905acd879db107eafe309678053073e086 (diff)
Merge remote-tracking branch 'agl/sandbox/ronan/rocko' into HEAD
* agl/sandbox/ronan/rocko: (58 commits) Update ulcb conf file Remove unsed gstreamer backport [GEN3] add preferred version on omx package run-(agl-)postinst: Emit progress to console meta-security: Remove unused content Upgrade wayland-ivi-extension Revert "Fix kernel gcc7 issue" remove backport commit Revert "Fix CVE-2017-1000364 by backporting the patches for gen3" Remove fix for optee-os Remove gcc 6 fix Update rcar gen3 kernel bbappend version Update rcar gen3 driver Remove porter machine dbus-cynara: Upgrade to 1.10.20 xmlsec1: switch to meta-security version systemd: earlier smack label switch cynara: upgrade to 0.14.10 Remove smack recipe Integrate parts of meta-intel-iot-security ... Bug-AGL: SPEC-1181 Signed-off-by: Jan-Simon Möller <jsmoeller@linuxfoundation.org> Conflicts: meta-app-framework/recipes-security/cynara/cynara_git.bbappend Change-Id: I9875fcb31e960038ce6c23165c99b52a3bd1a1c0
Diffstat (limited to 'meta-app-framework/recipes-kernel')
-rw-r--r--meta-app-framework/recipes-kernel/linux/linux-%.bbappend2
-rw-r--r--meta-app-framework/recipes-kernel/linux/linux-yocto_4.12.bbappend2
2 files changed, 2 insertions, 2 deletions
diff --git a/meta-app-framework/recipes-kernel/linux/linux-%.bbappend b/meta-app-framework/recipes-kernel/linux/linux-%.bbappend
index 02595efdf..fba5bf13d 100644
--- a/meta-app-framework/recipes-kernel/linux/linux-%.bbappend
+++ b/meta-app-framework/recipes-kernel/linux/linux-%.bbappend
@@ -1,3 +1,3 @@
FILESEXTRAPATHS_prepend := "${THISDIR}/linux:"
-SRC_URI_append_smack = " file://audit.cfg"
+SRC_URI_append_with-lsm-smack = " file://audit.cfg"
diff --git a/meta-app-framework/recipes-kernel/linux/linux-yocto_4.12.bbappend b/meta-app-framework/recipes-kernel/linux/linux-yocto_4.12.bbappend
index b1eadaffa..5ae62d586 100644
--- a/meta-app-framework/recipes-kernel/linux/linux-yocto_4.12.bbappend
+++ b/meta-app-framework/recipes-kernel/linux/linux-yocto_4.12.bbappend
@@ -3,7 +3,7 @@ FILESEXTRAPATHS_prepend := "${THISDIR}/linux/linux-yocto-4.12:"
#-------------------------------------------------------------------------
# smack patches for handling bluetooth
-SRC_URI_append_smack = "\
+SRC_URI_append_with-lsm-smack = "\
file://0002-smack-fix-cache-of-access-labels.patch \
file://0003-Smack-ignore-null-signal-in-smack_task_kill.patch \
file://0004-Smack-Assign-smack_known_web-label-for-kernel-thread.patch \
ound-color: #fff0f0 } /* Literal.String.Interpol */ .highlight .sx { color: #22bb22; background-color: #f0fff0 } /* Literal.String.Other */ .highlight .sr { color: #008800; background-color: #fff0ff } /* Literal.String.Regex */ .highlight .s1 { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Single */ .highlight .ss { color: #aa6600; background-color: #fff0f0 } /* Literal.String.Symbol */ .highlight .bp { color: #003388 } /* Name.Builtin.Pseudo */ .highlight .fm { color: #0066bb; font-weight: bold } /* Name.Function.Magic */ .highlight .vc { color: #336699 } /* Name.Variable.Class */ .highlight .vg { color: #dd7700 } /* Name.Variable.Global */ .highlight .vi { color: #3333bb } /* Name.Variable.Instance */ .highlight .vm { color: #336699 } /* Name.Variable.Magic */ .highlight .il { color: #0000DD; font-weight: bold } /* Literal.Number.Integer.Long */ } 
# Jailhouse support layer

Yocto layer that enables use of the Jailhouse partitioning hypervisor - <https://github.com/siemens/jailhouse>.

## How to use

The AGL feature `agl-jailhouse` has to be enabled. That needs to be done when including aglsetup.sh, for example:

    source meta-agl/scripts/aglsetup.sh -m raspberrypi4 agl-demo agl-netboot agl-appfw-smack agl-jailhouse

That will enable this layer and include the `jailhouse` package in the image.

Then, in the target system, the cell configurations (*.cell) are placed in `/usr/share/jailhouse/cells/` and the demo inmates (bare-metal applications to run in a non-root cell) are located in `/usr/share/jailhouse/inmates`.

## Raspberry Pi 4 example

Use this commands to enable Jailhouse and run the GIC demo inmate in a non-root cell. After issuing these commands, the GIC demo will be measuring jitter of a timer and print the output on the serial console of the RPi.

    jailhouse enable /usr/share/jailhouse/cells/rpi4.cell
    jailhouse cell create /usr/share/jailhouse/cells/rpi4-inmate-demo.cell
    jailhouse cell load inmate-demo /usr/share/jailhouse/inmates/gic-demo.bin
    jailhouse cell start inmate-demo

## Dependencies

This layer depends on:

* URI: git://git.yoctoproject.org/meta-arm
  * branch: dunfell
  * revision: 0bd9c740267c0926e89bcfdb489790b7bf1fbd4b
  * note: actually only required on the Raspberry Pi 4 target

## Supported targets

* Raspberry Pi 4
    * All (1G-8G) memory variants. But note that there is 256M reserved for Jailhouse and 256MiB for GPU in AGL, so the smaller variants are not recommended.

* QEMU x86-64
    * Work in progress. Requires KVM. Nested virtualization must be enabled on the host. Currently, the right configuration of QEMU and Jailhouse to work out-of-box is being worked on.