summaryrefslogtreecommitdiffstats
path: root/meta-agl-core/recipes-kernel
AgeCommit message (Collapse)AuthorFilesLines
2024-04-26selinux.cfg: update to reflect upstream kernel changesDenys Dmytriyenko1-2/+0
SECURITY_SELINUX_DISABLE removed in f22f9aaf6c3d92ebd5ad9e67acc03afebaaeb289 SECURITY_SELINUX_CHECKREQPROT_VALUE removed in a7e4676e8e2cb158a4d24123de778087955e1b36 Both changes are in kernel 6.4+ Bug-AGL: SPEC-4578 Change-Id: I46d5f880c4d13372f09cc9cfdab4e7e0a9a02e42 Signed-off-by: Denys Dmytriyenko <denys@konsulko.com>
2024-04-24linux-agl: enable CONFIG_KALLSYMS_ALLScott Murray2-0/+2
Fixes build errors in lttng-tools. Bug-AGL: SPEC-4578 Signed-off-by: Scott Murray <scott.murray@konsulko.com> Change-Id: I52482329d18e7be8b74bfa8ef2d9d1d2f0e239f2
2022-12-16linux: config: add systemd sandboxing fragmentDenys Dmytriyenko2-0/+10
Add a kernel config fragment that enables additional features needed for systemd sandboxing support, using Classic BPF (Berkeley Packet Filter) kernel framework. Eventually this will be extended with more advanced features using eBPF (extended BPF), BTF (BPF Type Format) and LSM (Lunux Security Module) frameworks. Bug-AGL: SPEC-4627 Change-Id: I9ed21c654b2e0298be66073750dab6920e49b0c9 Signed-off-by: Denys Dmytriyenko <denys@konsulko.com> Reviewed-on: https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl/+/28297 Tested-by: Jenkins Job builder account ci-image-build: Jenkins Job builder account ci-image-boot-test: Jenkins Job builder account Reviewed-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
2022-12-16linux: config: move CONFIG_AUDIT* into own fragmentDenys Dmytriyenko3-2/+3
Enabling CONFIG_AUDIT* is needed by auditd and should be safe whether systemd is used or not and is not specific to SELinux. Note that systemd README has this old caveat mentioned | Note that kernel auditing is broken when used with systemd's | container code. When using systemd in conjunction with | containers, please make sure to either turn off auditing at | runtime using the kernel command line option "audit=0", or | turn it off at kernel compile time using: | CONFIG_AUDIT=n | If systemd is compiled with libseccomp support on | architectures which do not use socketcall() and where seccomp | is supported (this effectively means x86-64 and ARM, but | excludes 32-bit x86!), then nspawn will now install a | work-around seccomp filter that makes containers boot even | with audit being enabled. This works correctly only on kernels | 3.14 and newer though. TL;DR: turn audit off, still. But that seems to only apply to nspawn usage in some specific cases and on older kernels, plus there are even runtime workarounds available when needed, so let's enable it by default. Bug-AGL: SPEC-4627 Change-Id: I5fcd58ba41929d2966fadea27b6751e4fa6589c9 Signed-off-by: Denys Dmytriyenko <denys@konsulko.com> Reviewed-on: https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl/+/28276 Tested-by: Jenkins Job builder account ci-image-build: Jenkins Job builder account ci-image-boot-test: Jenkins Job builder account Reviewed-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
2022-12-16linux: config: enable kernel settings that systemd requiresDenys Dmytriyenko2-0/+44
Add kernel config fragment with all settings required by systemd. Some more generic settings need to be explicitly set here as well to satisfy necessary dependencies from systemd settings down the tree, otherwise some BSPs would break. Bug-AGL: SPEC-4627 Change-Id: I7a2796ea65da58a4f1fa0556cd94df67e7df7db9 Signed-off-by: Denys Dmytriyenko <denys@konsulko.com> Reviewed-on: https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl/+/28275 Tested-by: Jenkins Job builder account ci-image-build: Jenkins Job builder account ci-image-boot-test: Jenkins Job builder account Reviewed-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
2022-12-08linux-yocto: Rework virtio-aarch64 kernel configurationScott Murray1-0/+4
Changes: - Appending the virtio kernel metadata to SRC_URI in the linux-yocto bbappend was having the side-effect of overriding a lot of the changes from the other AGL configuration fragments. To avoid this, prepend the addition to AGL_KCONFIG_FRAGMENTS instead. - Add the HDA sound driver config fragment for virtio machines to allow using the QEMU emulation. - Add config fragment for the virtio kernel to ensure that CONFIG_DRM and the fbdev emulation are on. - Add config fragment for the virtio kernel to turn on CONFIG_PCI, as there are some peripherals that we may need to expose to guests with it. This and the DRM changes will be rationalized in the metadata repo once it's clear we do need them. Bug-AGL: SPEC-4618 Change-Id: I453b84d9840498772afd01404dd374f5c1d245da Signed-off-by: Scott Murray <scott.murray@konsulko.com> Reviewed-on: https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl/+/28191 ci-image-build: Jenkins Job builder account Tested-by: Jenkins Job builder account ci-image-boot-test: Jenkins Job builder account Reviewed-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
2022-12-08linux: config: move BBE-specific fragment from meta-agl-core to meta-agl-bspDenys Dmytriyenko2-2/+0
Commit d009fa0c42042a0b7d069779852953621e46469b as part of SPEC-4156 added a kernel config fragment to disable CONFIG_RELAY. Since this fragment is only applied to BBE, there's no need for it to reside in meta-agl-core and can be moved to meta-agl-bsp/meta-sancloud. Bug-AGL: SPEC-4156 Change-Id: I5da2632d6eb00bbf99ddb48cef861564d2ce868d Signed-off-by: Denys Dmytriyenko <denys@konsulko.com> Reviewed-on: https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl/+/28203 Tested-by: Jenkins Job builder account ci-image-build: Jenkins Job builder account ci-image-boot-test: Jenkins Job builder account Reviewed-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
2022-12-08linux-agl-config: correct override syntax for virtualmachineDenys Dmytriyenko1-1/+1
Commit dd6fc5dcaa0a027b7651bb365d5dd0f623498f8f as part of SPEC-4052 converted all overrides to the new syntax, but missed the one used for "virtualmachine" Bug-AGL: SPEC-4052 Change-Id: I1905c7e3b70b05c4ef06d8b4f240d0e144587fab Signed-off-by: Denys Dmytriyenko <denys@konsulko.com> Reviewed-on: https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl/+/28204 Tested-by: Jenkins Job builder account ci-image-build: Jenkins Job builder account ci-image-boot-test: Jenkins Job builder account Reviewed-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
2022-07-27Add SELinux featureScott Murray2-0/+19
Add agl-selinux feature to enable SELinux support. Notes: - SELinux is in permissive mode by default for now, and using the targeted policy by default. - The linux-yocto specific bbappend in meta-selinux is masked out in favor of adding a more universal kernel configuration fragment with AGL's own scheme. - SELinux specific recipes and bbappends are added via a meta-selinux dynamic-layers addition in meta-agl-core to keep using meta-selinux optional. This will avoid issues with the Yocto autobuilder testing of meta-agl-core. - To avoid the effectively hard-coded autorelabel on first boot, a bbappend is added to the selinux-autorelabel recipe to remove the flag creation. In the off chance that a build happens on a filesystem without xattr support, the logic in the selinux-image bbclass will still touch the /.autorelabel flag and trigger relabeling. - A systemd unit and script are added with a new systemd-selinux-relabel recipe to handle relabeling of some systemd generated files that do not get handled during root filesystem construction. Some of these can be addressed by some upstream tweaks, but /etc/machine-id will always need special handling unless there is a shift to using read-only or stateless root by default. With this workaround we still avoid doing a full relabel and reboot on first boot, which helps simplify CI. Bug-AGL: SPEC-4332 Signed-off-by: Scott Murray <scott.murray@konsulko.com> Change-Id: Ibf469e11eb3a67709074cc6794b3d12cd5071a90 Reviewed-on: https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl/+/27790 Tested-by: Jenkins Job builder account ci-image-build: Jenkins Job builder account ci-image-boot-test: Jenkins Job builder account Reviewed-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
2022-07-05x86-extra-graphic-devices: Build vmwgfx driver as built-inMarius Vlad1-1/+1
Rather than building the vmwgfx driver as a module, build it as a built-in in module to avoid a possible probe failure when the driver loads up. This is a temporary work-around which seems to work just fine on VBox but also on qemu. Bug-AGL: SPEC-4449 Signed-off-by: Marius Vlad <marius.vlad@collabora.com> Change-Id: I4f342854df1a0ed2d14ed0ca2bbe754618c61689 Reviewed-on: https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl/+/27695 Tested-by: Jenkins Job builder account ci-image-build: Jenkins Job builder account ci-image-boot-test: Jenkins Job builder account Reviewed-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
2022-03-30meta-agl-core: Update x86 kernel configurationScott Murray1-2/+0
Update x86 kernel configuration fragment that enables extra graphics drivers for removal of GMA600 and GMA3600 options in 5.13. Support for them is now enabled by default when GMA500 is enabled. Bug-AGL: SPEC-3819 Signed-off-by: Scott Murray <scott.murray@konsulko.com> Change-Id: If5bc8d36c4473a0adea71d9456e2938f20143a3d
2022-03-05Disable CONFIG_RELAY on BBE boardJan-Simon Moeller2-0/+2
The config option does provoke an Internal error at runtime. Disable it for the BBE. Bug-AGL: SPEC-4156 Signed-off-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org> Change-Id: I9c6c8a1279a3c4f40c383e036251f51bb4e9fc8e Reviewed-on: https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl/+/27240 Tested-by: Jenkins Job builder account ci-image-build: Jenkins Job builder account ci-image-boot-test: Jenkins Job builder account
2021-11-04Prepare master for new framework integrationJan-Simon Moeller3-157/+0
During the last workshop the transition to the new framework was presented. This change essentially deprecates the SMACK-based application framework. To prepare the integration of it, we remove the deprecated components: - meta-agl-core: remove Smack kernel patches - meta-app-framework - meta-pipewire/dynamic-layers/meta-app-framework/ v2: rebased Bug-AGL: SPEC-4121 Signed-off-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org> Change-Id: Icdaeadfb5d2193f3a4c535168c88da6073423e67 Reviewed-on: https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl/+/26752
2021-08-23Convert to new override syntaxScott Murray6-18/+18
This is mostly the result of running a slightly customized version of the convert-overrides.py script from poky with additional overrides added. A few minor fixups were done by hand afterwards during a review of the changes. The intent of these changes is to minimize the effort to keep the "next" branch that builds against poky master up to date and tested in preparation for the switch to the next Yocto LTS release in early 2022. Bug-AGL: SPEC-4052 Signed-off-by: Scott Murray <scott.murray@konsulko.com> Change-Id: Ia3bf63b7cb1aa1d95ada373d1a3ab56def0a125d Reviewed-on: https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl/+/26564 Tested-by: Jenkins Job builder account ci-image-build: Jenkins Job builder account ci-image-boot-test: Jenkins Job builder account Reviewed-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
2021-06-29Refactor kernel configuration fragment handlingScott Murray25-299/+121
Refactor the kernel configuration fragment handling to shift all AGL applied configuration fragments into a new AGL_KCONFIG_FRAGMENTS variable that is used to generate SRC_URI and KERNEL_CONFIG_FRAGMENTS additions for the various BSPs. The intent is to make it simple to disable AGL provided configuration in downstream builds as the IC EG has expressed as a requirement. Additionally, the rework has allowed for some clean up of accumulated cruft. In practice, clearing AGL_KCONFIG_FRAGMENTS drops all non-BSP provided kernel configuration with the exception of some qemu BSP related additions required for AGL CI and some explicitly configurable things like netboot support. Notable changes: - Instead of always using AGL's own fragment merging logic on top of the BSP kernel recipe, an effort is now made to leverage the BSP recipes' own merging schemes, so there are now separate include files for kernel-yocto.bbclass and plain kernel.bbclass based kernel recipes, as well as a common include file that defines the AGL_KCONFIG_FRAGMENTS variable and its derivations. That file can be included directly in bbappends for BSP kernel recipes that use the KERNEL_CONFIG_FRAGMENTS scheme (e.g. meta-ti, meta-qcom). - The SMACK enabling configuration in meta-app-framework has been updated to supply different fragments for enabling SMACK by default for 4.x and 5.x kernels. This removes a warning from always supplying the old configuration, and allows providing a CONFIG_LSM definition to ensure over-riding any BSP modifications. This allows removing the previous hack to handle CONFIG_LSM being set in the defconfigs in linux-raspberrypi. - By request, the linux-yocto support from meta-agl-bsp/meta-core has been rationalized into meta-agl-core to improve the experience when using meta-agl-core standalone for testing. - All demo supporting kernel configuration has been removed, a subsequent change to meta-agl-demo will add it there by leveraging AGL_KCONFIG_FRAGMENTS. - The hardware device support has been split out of the can-bus.cfg fragment, in favor of shifting it to meta-agl-demo. A few other stray non-CAN configuration options have also been removed from can-bus.cfg, as they do not seem to be required. Bug-AGL: SPEC-3983 Signed-off-by: Scott Murray <scott.murray@konsulko.com> Change-Id: If6662fd36e26cec767b1d53b1188a74d01ef9dcf Reviewed-on: https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl/+/26460 Reviewed-by: Hiroyuki Ishii <ishii.hiroyuki002@jp.panasonic.com> Reviewed-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org> Tested-by: Jenkins Job builder account ci-image-build: Jenkins Job builder account ci-image-boot-test: Jenkins Job builder account
2021-01-08meta-agl-bsp: enable HCI UART for i.MX8MQ EVKScott Murray1-5/+0
Changes: - Remove explicit "not set" options in btusb.cfg kernel configuration fragment to avoid over-riding BSP configuration. - Add helper script and systemd unit to detect HCI UART device on i.MX8MQ EVK and EVKB and run hciattach as necessary. While logic has been added for the QCA6174 on the i.MX8MQ EVK, note that it has not been tested due to lack of hardware availability to test. Bug-AGL: SPEC-3545, SPEC-3681 Signed-off-by: Scott Murray <scott.murray@konsulko.com> Change-Id: Iae3a58ccfbdb31698ae012ab7d03c9259ac83013 Reviewed-on: https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl/+/25842 Tested-by: Jenkins Job builder account <agl-jobbuilder@automotivelinux.org> ci-image-build: Jenkins Job builder account <agl-jobbuilder@automotivelinux.org> ci-image-boot-test: Jenkins Job builder account <agl-jobbuilder@automotivelinux.org>
2020-12-17SPEC-3723: restructure meta-aglJan-Simon Moeller42-0/+840
Goal is to reach a minimal meta-agl-core as base for IVI and IC work at the same time. Trim dependencies and move most 'demo' related recipes to meta-agl-demo. v2: changed to bbapend + .inc , added description v3: testbuild of all images v4: restore -test packagegroup and -qa images, compare manifests and adapt packagegroups. v5: rebased v6: merged meta-agl-distro into meta-agl-core, due to dependency on meta-oe, moved -test packagegroup and -qa images to own layer meta-agl-core-test v7: Fixed comments from Paul Barker v8: Update the markdown files v9: restore wayland/weston/agl-compositor recipes/appends, reworked to move app f/w specific changes to bbappends in meta-app-framework and only demo specific weston-init changes to meta-agl-demo v10: fix s/agldemo/aglcore/ missed in weston-init.bbappend Description: This patch is part 1 out of 2 large patches that implement the layer rework discussed during the previous workshop. Essentially meta-agl-core is the small but versatile new core layer of AGL serving as basis for the work done by the IC and IVI EGs. All demo related work is moved to meta-agl-demo in the 2nd patchset. This should be applied together as atomic change. The resulting meta-agl/* follows these guidelines: - only bsp adaptations in meta-agl-bsp - remove the agl-profile-* layers for simplicity -- the packagegroup-agl(-profile)-graphical and so on have been kept in meta-agl-demo - meta-agl-profile-core is now meta-agl-core - meta-agl-core does pass yocto-check-layer -- therefore use the bbappend + conditional + .inc file construct found in meta-virtualization - meta-agl/meta-security has been merged into meta-agl/meta-app-framework - meta-netboot does pass yocto-check-layer - meta-pipewire does pass yocto-check-layer Migration: All packagegroups are preserved but they're now enabled by 'agl-demo'. Bug-AGL: SPEC-3723 Signed-off-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org> Signed-off-by: Scott Murray <scott.murray@konsulko.com> Change-Id: Ia6c6e5e6ce2b4ffa69ea94959cdc57c310ba7c53 Reviewed-on: https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl/+/25769