diff options
Diffstat (limited to 'bsp/meta-freescale/dynamic-layers')
84 files changed, 3147 insertions, 0 deletions
diff --git a/bsp/meta-freescale/dynamic-layers/browser-layer/recipes-browser/chromium/chromium-imx.inc b/bsp/meta-freescale/dynamic-layers/browser-layer/recipes-browser/chromium/chromium-imx.inc new file mode 100644 index 00000000..cdd0f08f --- /dev/null +++ b/bsp/meta-freescale/dynamic-layers/browser-layer/recipes-browser/chromium/chromium-imx.inc @@ -0,0 +1,44 @@ +DEPENDS_append_imxvpu = " imx-vpuwrap" + +# Additional imx code and patches are included in the chromium-imx git repository. +# The code below fetches this repository, copies the extra source over to the main +# chromium source directory, and applies the patches. + +CHROMIUM_IMX_BRANCH ?= "master" +CHROMIUM_IMX_SRCREV ?= "HEAD" +CHROMIUM_IMX_DESTSUFFIX ?= "chromium-imx-git" + +PATCH_BASE_DIR = "${WORKDIR}/${CHROMIUM_IMX_DESTSUFFIX}/patches" + +CHROMIUM_IMX_COMMON_PATCHES ?= " " +CHROMIUM_IMX_VPU_PATCHES ?= " " +CHROMIUM_IMX_WAYLAND_PATCHES ?= " " + +SRC_URI += "git://github.com/Freescale/chromium-imx.git;destsuffix=${CHROMIUM_IMX_DESTSUFFIX};branch=${CHROMIUM_IMX_BRANCH};rev=${CHROMIUM_IMX_SRCREV}" + +do_unpack[postfuncs] += "copy_chromium_imx_files" +# using =+ instead of += to make sure add_chromium_imx_patches is +# executed before add_ozone_wayland_patches in the main recipe; +# this is necessary because add_chromium_imx_patches appends +# patches to the OZONE_WAYLAND_EXTRA_PATCHES variable +do_patch[prefuncs] =+ "add_chromium_imx_patches" + +# * Lost context problems are not known to happen with Vivante GPUs, +# so it is safe to use ignore-lost-context +# * Proprietary codecs need to be enabled for h.264 and MP4 support +PACKAGECONFIG_append = " ignore-lost-context proprietary-codecs" + +copy_chromium_imx_files() { + # sources in src/ are already organized in a manner + # that matches the subdirectories in the chromium + # source directory; just copy over the files in src/ + cp -r ${WORKDIR}/chromium-imx-git/src/* ${S}/ +} + +python add_chromium_imx_patches() { + d.appendVar('SRC_URI', ' ' + d.getVar('CHROMIUM_IMX_COMMON_PATCHES', 1)) + d.appendVar('SRC_URI', ' ' + d.getVar('CHROMIUM_IMX_VPU_PATCHES', 1)) + d.appendVar('OZONE_WAYLAND_EXTRA_PATCHES', ' ' + d.getVar('CHROMIUM_IMX_WAYLAND_PATCHES', 1)) +} + +COMPATIBLE_MACHINE = "(mx6)" diff --git a/bsp/meta-freescale/dynamic-layers/browser-layer/recipes-browser/chromium/chromium/chromium.patch b/bsp/meta-freescale/dynamic-layers/browser-layer/recipes-browser/chromium/chromium/chromium.patch new file mode 100644 index 00000000..0329d42e --- /dev/null +++ b/bsp/meta-freescale/dynamic-layers/browser-layer/recipes-browser/chromium/chromium/chromium.patch @@ -0,0 +1,51 @@ +diff -Naur chromium-48.0.2548.0_org/third_party/libva/va/va_dec_jpeg.h chromium-48.0.2548.0/third_party/libva/va/va_dec_jpeg.h +--- chromium-48.0.2548.0_org/third_party/libva/va/va_dec_jpeg.h 2016-05-27 11:45:31.248306710 -0500 ++++ chromium-48.0.2548.0/third_party/libva/va/va_dec_jpeg.h 2016-05-27 11:49:53.000000000 -0500 +@@ -36,7 +36,7 @@ + extern "C" { + #endif + +-#include <va/va.h> ++#include <libva/va/va.h> + + /** + * \defgroup api_dec_jpeg JPEG decoding API +diff -Naur chromium-48.0.2548.0_org/third_party/libva/va/va.h chromium-48.0.2548.0/third_party/libva/va/va.h +--- chromium-48.0.2548.0_org/third_party/libva/va/va.h 2016-05-27 11:45:31.248306710 -0500 ++++ chromium-48.0.2548.0/third_party/libva/va/va.h 2016-05-27 11:49:16.000000000 -0500 +@@ -80,7 +80,7 @@ + + #include <stddef.h> + #include <stdint.h> +-#include <va/va_version.h> ++#include <libva/va/va_version.h> + + #ifdef __cplusplus + extern "C" { +@@ -2836,16 +2836,16 @@ + */ + #define VA_PICTURE_HEVC_RPS_LT_CURR 0x00000040 + +-#include <va/va_dec_hevc.h> +-#include <va/va_dec_jpeg.h> +-#include <va/va_dec_vp8.h> +-#include <va/va_dec_vp9.h> +-#include <va/va_enc_hevc.h> +-#include <va/va_enc_h264.h> +-#include <va/va_enc_jpeg.h> +-#include <va/va_enc_mpeg2.h> +-#include <va/va_enc_vp8.h> +-#include <va/va_vpp.h> ++#include <libva/va/va_dec_hevc.h> ++#include <libva/va/va_dec_jpeg.h> ++#include <libva/va/va_dec_vp8.h> ++#include <libva/va/va_dec_vp9.h> ++#include <libva/va/va_enc_hevc.h> ++#include <libva/va/va_enc_h264.h> ++#include <libva/va/va_enc_jpeg.h> ++#include <libva/va/va_enc_mpeg2.h> ++#include <libva/va/va_enc_vp8.h> ++#include <libva/va/va_vpp.h> + + /**@}*/ + diff --git a/bsp/meta-freescale/dynamic-layers/filesystem-layer/recipes-fsl/packagegroups/packagegroup-fsl-mfgtool.bbappend b/bsp/meta-freescale/dynamic-layers/filesystem-layer/recipes-fsl/packagegroups/packagegroup-fsl-mfgtool.bbappend new file mode 100644 index 00000000..1080a9f5 --- /dev/null +++ b/bsp/meta-freescale/dynamic-layers/filesystem-layer/recipes-fsl/packagegroups/packagegroup-fsl-mfgtool.bbappend @@ -0,0 +1,10 @@ +# Copyright (C) 2015 O.S. Systems Software LTDA. + +PACKAGES += " \ + ${PN}-f2fs \ +" + +RDEPENDS_${PN}-f2fs = " \ + ${PN}-base \ + f2fs-tools \ +" diff --git a/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/README b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/README new file mode 100644 index 00000000..9578982d --- /dev/null +++ b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/README @@ -0,0 +1,77 @@ +test_setkey script usage + +The scripts in this directory may be used for testing +native Linux IPsec with the talitos driver as a loadable module. + +It's assumed that these scripts have been placed in the directory +named /test_setkey. + +The scripts setup_left and setup_right configure the ip addresses +for two boards named 'left' and 'right', which are two gateways for +an IPsec tunnel. Connect the eth1 interfaces of left and right boards together. +For smartbits testing, connect eth0 on each board to a smartbits port. +For other testing (ping, netperf, iperf), connect eth0 on each board to another system. + +The scripts named left.conf-* and right.conf-* are setkey scripts +which configure the IPsec SA and SPD entries. +The scripts ending in -tunnel use tunnel mode IPsec, and the scripts +ending in -transport used transport mode IPsec. +Transport mode is useful for quickly testing security functionality +using ping or netperf between two boards. +Tunnel mode can be used for testing throughput using smartbits or other +performance test equipment. + +There is a top level script called 'setup' which +is used for a one-step setup on the left and right boards. +'setup' uses two or three parameters. The first parameter is the side, left or right. +The second parameter is the setkey suffix for the left.conf- and right.conf- files. +If the third parameter is supplied, the setup will modprobe that name, so +typically you should provide talitos as the third parameter if you want to load the driver. +If you have built the talitos driver into the kernel, omit the third parameter to setup. +You may test software encryption if talitos is built as a module and you omit the third parameter. + +Below are example uses of the 'setup' script. + +1) One-step setup for smartbits + Use a tunnel mode setup on each side. + AES-HMAC-SHA1: + Left side: + /test_setkey/setup left aes-sha1-tunnel talitos + Right side: + /test_setkey/setup right aes-sha1-tunnel talitos + + 3DES-HMAC-SHA1: + Left side: + /test_setkey/setup left 3des-sha1-tunnel talitos + Right side: + /test_setkey/setup right 3des-sha1-tunnel talitos + +2) One-step setup for testing ping, netperf, or iperf between two boards. + Use a transport mode setup on each side. + AES-HMAC-SHA1: + Left side: + /test_setkey/setup left aes-sha1-transport talitos + Right side: + /test_setkey/setup right aes-sha1-transport talitos + + 3DES-HMAC-SHA1: + Left side: + /test_setkey/setup left 3des-sha1-transport talitos + Right side: + /test_setkey/setup right 3des-sha1-transport talitos + +3) Testing ipv4 + To test ipv4 (with no security) over the two gateways, use steps below. + Testing ipv4 is helpful to get your smartbits configuration verified + and also establish a baseline performance for throughput. + + On the left board: + cd /test_setkey + ./setup_left + ./left.ipv4 + + On the right board: + cd /test_setkey + ./setup_right + ./right.ipv4 + diff --git a/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/auto_left.conf-3des-sha1-tunnel b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/auto_left.conf-3des-sha1-tunnel new file mode 100755 index 00000000..6bd6c5d8 --- /dev/null +++ b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/auto_left.conf-3des-sha1-tunnel @@ -0,0 +1,32 @@ +#!/usr/sbin/setkey -f +# +# +# Example ESP Tunnel for VPN. +# +# ========= ESP ========= +# | | +# Network-A Gateway-A Gateway-B Network-B +# 192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24 +# +# ====== 83xx board A ====== ===== 83xx board B ===== +# | | | | +# eth0 eth1 eth1 eth0 +# 192.168.1.130 200.200.200.10 200.200.200.20 192.168.2.130 +# +# +# Board A setup +# +# Flush the SAD and SPD +flush; +spdflush; + +# I am gateway A (eth0:192.168.1.130, eth1:200.200.200.10) +# +# Security policies +spdadd 192.168.1.0/24 192.168.2.0/24 any -P out ipsec + esp/tunnel/200.200.200.10-200.200.200.20/require; + +spdadd 192.168.2.0/24 192.168.1.0/24 any -P in ipsec + esp/tunnel/200.200.200.20-200.200.200.10/require; + + diff --git a/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/auto_right.conf-3des-sha1-tunnel b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/auto_right.conf-3des-sha1-tunnel new file mode 100755 index 00000000..eebf307a --- /dev/null +++ b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/auto_right.conf-3des-sha1-tunnel @@ -0,0 +1,31 @@ +#!/usr/sbin/setkey -f +# +# +# Example ESP Tunnel for VPN. +# +# ========= ESP ========= +# | | +# Network-A Gateway-A Gateway-B Network-B +# 192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24 +# +# ====== 83xx board A ====== ===== 83xx board B ===== +# | | | | +# eth0 eth1 eth1 eth0 +# 192.168.1.130 200.200.200.10 200.200.200.20 192.168.2.130 +# +# +# Board B setup +# Flush the SAD and SPD +flush; +spdflush; + +# I am gateway B (eth0:192.168.2.130, eth1:200.200.200.20) +# +# Security policies + +spdadd 192.168.2.0/24 192.168.1.0/24 any -P out ipsec + esp/tunnel/200.200.200.20-200.200.200.10/require; + +spdadd 192.168.1.0/24 192.168.2.0/24 any -P in ipsec + esp/tunnel/200.200.200.10-200.200.200.20/require; + diff --git a/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/flush-setkey b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/flush-setkey new file mode 100755 index 00000000..0be30562 --- /dev/null +++ b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/flush-setkey @@ -0,0 +1,4 @@ +#!/usr/sbin/setkey -f + +flush; +spdflush; diff --git a/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.conf.left b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.conf.left new file mode 100644 index 00000000..d9d6c0c6 --- /dev/null +++ b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.conf.left @@ -0,0 +1,29 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + charondebug="chd 2, knl 2" + crlcheckinterval=180 + strictcrlpolicy=no + plutostart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + type=tunnel + auth=esp + compress=no + mobike=no + +conn net-net + left=200.200.200.10 + leftsubnet=192.168.1.0/24 + leftcert=moonCert.pem + leftid="C=CH, O=Linux strongSwan, CN=moon.strongswan.org" + leftfirewall=yes + right=200.200.200.20 + rightsubnet=192.168.2.0/24 + rightid="C=CH, O=Linux strongSwan, CN=sun.strongswan.org" + auto=add diff --git a/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.conf.right b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.conf.right new file mode 100644 index 00000000..c14dee2b --- /dev/null +++ b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.conf.right @@ -0,0 +1,28 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + charondebug="chd 2, knl 2" + crlcheckinterval=180 + strictcrlpolicy=no + plutostart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + auth=esp + compress=no + mobike=no + +conn net-net + left=200.200.200.20 + leftcert=sunCert.pem + leftid="C=CH, O=Linux strongSwan, CN=sun.strongswan.org" + leftsubnet=192.168.2.0/24 + leftfirewall=yes + right=200.200.200.10 + rightid="C=CH, O=Linux strongSwan, CN=moon.strongswan.org" + rightsubnet=192.168.1.0/24 + auto=add diff --git a/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.secrets.left b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.secrets.left new file mode 100644 index 00000000..e86d6aa5 --- /dev/null +++ b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.secrets.left @@ -0,0 +1,3 @@ +# /etc/ipsec.secrets - strongSwan IPsec secrets file + +: RSA moonKey.pem diff --git a/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.secrets.right b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.secrets.right new file mode 100644 index 00000000..1095b74c --- /dev/null +++ b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.secrets.right @@ -0,0 +1,8 @@ +# /etc/ipsec.secrets - strongSwan IPsec secrets file + +: RSA sunKey.pem + + + + + diff --git a/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec_ikev1.conf.left b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec_ikev1.conf.left new file mode 100644 index 00000000..55025dbc --- /dev/null +++ b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec_ikev1.conf.left @@ -0,0 +1,39 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + plutodebug=control + crlcheckinterval=180 + strictcrlpolicy=no + charonstart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev1 + left=200.200.200.10 + leftcert=moonCert.pem + leftid="C=CH, O=Linux strongSwan, CN=moon.strongswan.org" + leftfirewall=yes + +conn net-net + left=%defaultroute + leftsubnet=192.168.1.0/24 + leftcert=moonCert.pem + right=200.200.200.20 + rightsubnet=192.168.2.0/24 + rightid="C=CH, O=Linux strongSwan, CN=sun.strongswan.org" + auto=add + +conn host-host + left=%defaultroute + leftcert=moonCert.pem + right=200.200.200.20 + rightid="C=CH, O=Linux strongSwan, CN=sun.strongswan.org" + auto=add + +conn rw + leftsubnet=192.168.1.0/24 + right=%any + auto=add diff --git a/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec_ikev1.conf.right b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec_ikev1.conf.right new file mode 100644 index 00000000..479791ea --- /dev/null +++ b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec_ikev1.conf.right @@ -0,0 +1,34 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + plutodebug=control + crlcheckinterval=180 + strictcrlpolicy=no + charonstart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev1 + left=200.200.200.20 + leftcert=sunCert.pem + leftid="C=CH, O=Linux strongSwan, CN=sun.strongswan.org" + leftfirewall=yes + +conn net-net + left=%defaultroute + leftsubnet=192.168.2.0/24 + leftcert=sunCert.pem + right=200.200.200.10 + rightsubnet=192.168.1.0/24 + rightid="C=CH, O=Linux strongSwan, CN=moon.strongswan.org" + auto=add + +conn host-host + left=%defaultroute + leftcert=sunCert.pem + right=200.200.200.10 + rightid="C=CH, O=Linux strongSwan, CN=moon.strongswan.org" + auto=add diff --git a/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-md5-transport b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-md5-transport new file mode 100755 index 00000000..5422771b --- /dev/null +++ b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-md5-transport @@ -0,0 +1,23 @@ +#!/usr/sbin/setkey -f +#I am 200.200.200.10 + +flush; +spdflush; + +# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity) +# and hmac-md5 authentication using 128 bit long keys +add 200.200.200.10 200.200.200.20 esp 0x10513 + -E 3des-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 + -A hmac-md5 0xd5f603abc8cd9d19319ca32fb955b10f; + +add 200.200.200.20 200.200.200.10 esp 0x10514 + -E 3des-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df + -A hmac-md5 0x1dd90b4c32dcbe9d37b555a23df5170e; + + +spdadd 200.200.200.20 200.200.200.10 any -P in ipsec + esp/transport//require; + +spdadd 200.200.200.10 200.200.200.20 any -P out ipsec + esp/transport//require; + diff --git a/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-md5-tunnel b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-md5-tunnel new file mode 100755 index 00000000..52bf9c3f --- /dev/null +++ b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-md5-tunnel @@ -0,0 +1,42 @@ +#!/usr/sbin/setkey -f +# +# +# Example ESP Tunnel for VPN. +# +# ========= ESP ========= +# | | +# Network-A Gateway-A Gateway-B Network-B +# 192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24 +# +# ====== 83xx board A ====== ===== 83xx board B ===== +# | | | | +# eth0 eth1 eth1 eth0 +# 192.168.1.130 200.200.200.10 200.200.200.20 192.168.2.130 +# +# +# Board A setup +# +# Flush the SAD and SPD +flush; +spdflush; + +# I am gateway A (eth0:192.168.1.130, eth1:200.200.200.10) +# +# Security policies +spdadd 192.168.1.0/24 192.168.2.0/24 any -P out ipsec + esp/tunnel/200.200.200.10-200.200.200.20/require; + +spdadd 192.168.2.0/24 192.168.1.0/24 any -P in ipsec + esp/tunnel/200.200.200.20-200.200.200.10/require; + + +# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity) +# and hmac-md5 authentication using 128 bit long keys +add 200.200.200.10 200.200.200.20 esp 0x201 -m tunnel + -E 3des-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 + -A hmac-md5 0xd5f603abc8cd9d19319ca32fb955b10f; + +add 200.200.200.20 200.200.200.10 esp 0x301 -m tunnel + -E 3des-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df + -A hmac-md5 0x1dd90b4c32dcbe9d37b555a23df5170e; + diff --git a/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha1-transport b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha1-transport new file mode 100755 index 00000000..e5ee0054 --- /dev/null +++ b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha1-transport @@ -0,0 +1,22 @@ +#!/usr/sbin/setkey -f +#I am 200.200.200.10 + +flush; +spdflush; + +# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity) +# and hmac-sha1 authentication using 160 bit long keys +add 200.200.200.10 200.200.200.20 esp 0x10513 + -E 3des-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 + -A hmac-sha1 0xe9c43acd5e8d779b6e09c87347852708ab49bdd3; + +add 200.200.200.20 200.200.200.10 esp 0x10514 + -E 3des-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df + -A hmac-sha1 0xea6856479330dc9c17b8f6c37e2a895363d83f21; + +spdadd 200.200.200.20 200.200.200.10 any -P in ipsec + esp/transport//require; + +spdadd 200.200.200.10 200.200.200.20 any -P out ipsec + esp/transport//require; + diff --git a/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha1-tunnel b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha1-tunnel new file mode 100755 index 00000000..eb2881db --- /dev/null +++ b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha1-tunnel @@ -0,0 +1,42 @@ +#!/usr/sbin/setkey -f +# +# +# Example ESP Tunnel for VPN. +# +# ========= ESP ========= +# | | +# Network-A Gateway-A Gateway-B Network-B +# 192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24 +# +# ====== 83xx board A ====== ===== 83xx board B ===== +# | | | | +# eth0 eth1 eth1 eth0 +# 192.168.1.130 200.200.200.10 200.200.200.20 192.168.2.130 +# +# +# Board A setup +# +# Flush the SAD and SPD +flush; +spdflush; + +# I am gateway A (eth0:192.168.1.130, eth1:200.200.200.10) +# +# Security policies +spdadd 192.168.1.0/24 192.168.2.0/24 any -P out ipsec + esp/tunnel/200.200.200.10-200.200.200.20/require; + +spdadd 192.168.2.0/24 192.168.1.0/24 any -P in ipsec + esp/tunnel/200.200.200.20-200.200.200.10/require; + + +# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity) +# and hmac-sha1 authentication using 160 bit long keys +add 200.200.200.10 200.200.200.20 esp 0x201 -m tunnel + -E 3des-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 + -A hmac-sha1 0xe9c43acd5e8d779b6e09c87347852708ab49bdd3; + +add 200.200.200.20 200.200.200.10 esp 0x301 -m tunnel + -E 3des-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df + -A hmac-sha1 0xea6856479330dc9c17b8f6c37e2a895363d83f21; + diff --git a/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha256-transport b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha256-transport new file mode 100755 index 00000000..b5286320 --- /dev/null +++ b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha256-transport @@ -0,0 +1,23 @@ +#!/usr/sbin/setkey -f +#I am 200.200.200.10 + +flush; +spdflush; + +# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity) +# and hmac-sha2-256 authentication using 256 bit long keys +add 200.200.200.10 200.200.200.20 esp 0x10513 + -E 3des-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 + -A hmac-sha2-256 0x4de03bebf6beb4fdef5a67d349a09580466cc4e54503333b2a5fd34538c91198; + +add 200.200.200.20 200.200.200.10 esp 0x10514 + -E 3des-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df + -A hmac-sha2-256 0x5e01eb780b7ecc074ca2ca4fa4a5ea2ff841c977da0ce61c49d1fe767ea5452c; + + +spdadd 200.200.200.20 200.200.200.10 any -P in ipsec + esp/transport//require; + +spdadd 200.200.200.10 200.200.200.20 any -P out ipsec + esp/transport//require; + diff --git a/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha256-tunnel b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha256-tunnel new file mode 100755 index 00000000..e7726f08 --- /dev/null +++ b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha256-tunnel @@ -0,0 +1,42 @@ +#!/usr/sbin/setkey -f +# +# +# Example ESP Tunnel for VPN. +# +# ========= ESP ========= +# | | +# Network-A Gateway-A Gateway-B Network-B +# 192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24 +# +# ====== 83xx board A ====== ===== 83xx board B ===== +# | | | | +# eth0 eth1 eth1 eth0 +# 192.168.1.130 200.200.200.10 200.200.200.20 192.168.2.130 +# +# +# Board A setup +# +# Flush the SAD and SPD +flush; +spdflush; + +# I am gateway A (eth0:192.168.1.130, eth1:200.200.200.10) +# +# Security policies +spdadd 192.168.1.0/24 192.168.2.0/24 any -P out ipsec + esp/tunnel/200.200.200.10-200.200.200.20/require; + +spdadd 192.168.2.0/24 192.168.1.0/24 any -P in ipsec + esp/tunnel/200.200.200.20-200.200.200.10/require; + + +# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity) +# and hmac-sha2-256 authentication using 256 bit long keys +add 200.200.200.10 200.200.200.20 esp 0x10513 -m tunnel + -E 3des-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 + -A hmac-sha2-256 0x4de03bebf6beb4fdef5a67d349a09580466cc4e54503333b2a5fd34538c91198; + +add 200.200.200.20 200.200.200.10 esp 0x10514 -m tunnel + -E 3des-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df + -A hmac-sha2-256 0x5e01eb780b7ecc074ca2ca4fa4a5ea2ff841c977da0ce61c49d1fe767ea5452c; + diff --git a/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-md5-transport b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-md5-transport new file mode 100755 index 00000000..96f57837 --- /dev/null +++ b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-md5-transport @@ -0,0 +1,23 @@ +#!/usr/sbin/setkey -f +#I am 200.200.200.10 + +flush; +spdflush; + +# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity) +# and hmac-md5 authentication using 128 bit long keys +add 200.200.200.10 200.200.200.20 esp 0x10513 + -E aes-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 + -A hmac-md5 0xd5f603abc8cd9d19319ca32fb955b10f; + +add 200.200.200.20 200.200.200.10 esp 0x10514 + -E aes-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df + -A hmac-md5 0x1dd90b4c32dcbe9d37b555a23df5170e; + + +spdadd 200.200.200.20 200.200.200.10 any -P in ipsec + esp/transport//require; + +spdadd 200.200.200.10 200.200.200.20 any -P out ipsec + esp/transport//require; + diff --git a/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-md5-tunnel b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-md5-tunnel new file mode 100755 index 00000000..b2cf84bf --- /dev/null +++ b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-md5-tunnel @@ -0,0 +1,42 @@ +#!/usr/sbin/setkey -f +# +# +# Example ESP Tunnel for VPN. +# +# ========= ESP ========= +# | | +# Network-A Gateway-A Gateway-B Network-B +# 192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24 +# +# ====== 83xx board A ====== ===== 83xx board B ===== +# | | | | +# eth0 eth1 eth1 eth0 +# 192.168.1.130 200.200.200.10 200.200.200.20 192.168.2.130 +# +# +# Board A setup +# +# Flush the SAD and SPD +flush; +spdflush; + +# I am gateway A (eth0:192.168.1.130, eth1:200.200.200.10) +# +# Security policies +spdadd 192.168.1.0/24 192.168.2.0/24 any -P out ipsec + esp/tunnel/200.200.200.10-200.200.200.20/require; + +spdadd 192.168.2.0/24 192.168.1.0/24 any -P in ipsec + esp/tunnel/200.200.200.20-200.200.200.10/require; + + +# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity) +# and hmac-md5 authentication using 128 bit long keys +add 200.200.200.10 200.200.200.20 esp 0x201 -m tunnel + -E aes-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 + -A hmac-md5 0xd5f603abc8cd9d19319ca32fb955b10f; + +add 200.200.200.20 200.200.200.10 esp 0x301 -m tunnel + -E aes-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df + -A hmac-md5 0x1dd90b4c32dcbe9d37b555a23df5170e; + diff --git a/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha1-transport b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha1-transport new file mode 100755 index 00000000..f3ffaf5c --- /dev/null +++ b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha1-transport @@ -0,0 +1,22 @@ +#!/usr/sbin/setkey -f +#I am 200.200.200.10 + +flush; +spdflush; + +# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity) +# and hmac-sha1 authentication using 160 bit long keys +add 200.200.200.10 200.200.200.20 esp 0x10513 + -E aes-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 + -A hmac-sha1 0xe9c43acd5e8d779b6e09c87347852708ab49bdd3; + +add 200.200.200.20 200.200.200.10 esp 0x10514 + -E aes-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df + -A hmac-sha1 0xea6856479330dc9c17b8f6c37e2a895363d83f21; + +spdadd 200.200.200.20 200.200.200.10 any -P in ipsec + esp/transport//require; + +spdadd 200.200.200.10 200.200.200.20 any -P out ipsec + esp/transport//require; + diff --git a/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha1-tunnel b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha1-tunnel new file mode 100755 index 00000000..1ab7874f --- /dev/null +++ b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha1-tunnel @@ -0,0 +1,42 @@ +#!/usr/sbin/setkey -f +# +# +# Example ESP Tunnel for VPN. +# +# ========= ESP ========= +# | | +# Network-A Gateway-A Gateway-B Network-B +# 192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24 +# +# ====== 83xx board A ====== ===== 83xx board B ===== +# | | | | +# eth0 eth1 eth1 eth0 +# 192.168.1.130 200.200.200.10 200.200.200.20 192.168.2.130 +# +# +# Board A setup +# +# Flush the SAD and SPD +flush; +spdflush; + +# I am gateway A (eth0:192.168.1.130, eth1:200.200.200.10) +# +# Security policies +spdadd 192.168.1.0/24 192.168.2.0/24 any -P out ipsec + esp/tunnel/200.200.200.10-200.200.200.20/require; + +spdadd 192.168.2.0/24 192.168.1.0/24 any -P in ipsec + esp/tunnel/200.200.200.20-200.200.200.10/require; + + +# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity) +# and hmac-sha1 authentication using 160 bit long keys +add 200.200.200.10 200.200.200.20 esp 0x201 -m tunnel + -E aes-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 + -A hmac-sha1 0xe9c43acd5e8d779b6e09c87347852708ab49bdd3; + +add 200.200.200.20 200.200.200.10 esp 0x301 -m tunnel + -E aes-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df + -A hmac-sha1 0xea6856479330dc9c17b8f6c37e2a895363d83f21; + diff --git a/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha256-transport b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha256-transport new file mode 100755 index 00000000..d2645d6f --- /dev/null +++ b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha256-transport @@ -0,0 +1,23 @@ +#!/usr/sbin/setkey -f +#I am 200.200.200.10 + +flush; +spdflush; + +# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity) +# and hmac-sha2-256 authentication using 256 bit long keys +add 200.200.200.10 200.200.200.20 esp 0x10513 + -E aes-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 + -A hmac-sha2-256 0x4de03bebf6beb4fdef5a67d349a09580466cc4e54503333b2a5fd34538c91198; + +add 200.200.200.20 200.200.200.10 esp 0x10514 + -E aes-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df + -A hmac-sha2-256 0x5e01eb780b7ecc074ca2ca4fa4a5ea2ff841c977da0ce61c49d1fe767ea5452c; + + +spdadd 200.200.200.20 200.200.200.10 any -P in ipsec + esp/transport//require; + +spdadd 200.200.200.10 200.200.200.20 any -P out ipsec + esp/transport//require; + diff --git a/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha256-tunnel b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha256-tunnel new file mode 100755 index 00000000..8ed697d1 --- /dev/null +++ b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha256-tunnel @@ -0,0 +1,42 @@ +#!/usr/sbin/setkey -f +# +# +# Example ESP Tunnel for VPN. +# +# ========= ESP ========= +# | | +# Network-A Gateway-A Gateway-B Network-B +# 192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24 +# +# ====== 83xx board A ====== ===== 83xx board B ===== +# | | | | +# eth0 eth1 eth1 eth0 +# 192.168.1.130 200.200.200.10 200.200.200.20 192.168.2.130 +# +# +# Board A setup +# +# Flush the SAD and SPD +flush; +spdflush; + +# I am gateway A (eth0:192.168.1.130, eth1:200.200.200.10) +# +# Security policies +spdadd 192.168.1.0/24 192.168.2.0/24 any -P out ipsec + esp/tunnel/200.200.200.10-200.200.200.20/require; + +spdadd 192.168.2.0/24 192.168.1.0/24 any -P in ipsec + esp/tunnel/200.200.200.20-200.200.200.10/require; + + +# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity) +# and hmac-sha2-256 authentication using 256 bit long keys +add 200.200.200.10 200.200.200.20 esp 0x10513 -m tunnel + -E aes-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 + -A hmac-sha2-256 0x4de03bebf6beb4fdef5a67d349a09580466cc4e54503333b2a5fd34538c91198; + +add 200.200.200.20 200.200.200.10 esp 0x10514 -m tunnel + -E aes-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df + -A hmac-sha2-256 0x5e01eb780b7ecc074ca2ca4fa4a5ea2ff841c977da0ce61c49d1fe767ea5452c; + diff --git a/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-null-null-transport b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-null-null-transport new file mode 100755 index 00000000..84275d07 --- /dev/null +++ b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-null-null-transport @@ -0,0 +1,23 @@ +#!/usr/sbin/setkey -f +#I am 200.200.200.10 + +flush; +spdflush; + +# ESP SAs doing null encryption +# and null authentication +add 200.200.200.10 200.200.200.20 esp 0x10513 + -E null + -A null; + +add 200.200.200.20 200.200.200.10 esp 0x10514 + -E null + -A null; + + +spdadd 200.200.200.20 200.200.200.10 any -P in ipsec + esp/transport//require; + +spdadd 200.200.200.10 200.200.200.20 any -P out ipsec + esp/transport//require; + diff --git a/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-null-null-tunnel b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-null-null-tunnel new file mode 100755 index 00000000..478d14a8 --- /dev/null +++ b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-null-null-tunnel @@ -0,0 +1,42 @@ +#!/usr/sbin/setkey -f +# +# +# Example ESP Tunnel for VPN. +# +# ========= ESP ========= +# | | +# Network-A Gateway-A Gateway-B Network-B +# 192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24 +# +# ====== 83xx board A ====== ===== 83xx board B ===== +# | | | | +# eth0 eth1 eth1 eth0 +# 192.168.1.130 200.200.200.10 200.200.200.20 192.168.2.130 +# +# +# Board A setup +# +# Flush the SAD and SPD +flush; +spdflush; + +# I am gateway A (eth0:192.168.1.130, eth1:200.200.200.10) +# +# Security policies +spdadd 192.168.1.0/24 192.168.2.0/24 any -P out ipsec + esp/tunnel/200.200.200.10-200.200.200.20/require; + +spdadd 192.168.2.0/24 192.168.1.0/24 any -P in ipsec + esp/tunnel/200.200.200.20-200.200.200.10/require; + + +# ESP SAs doing null encryption +# and null authentication +add 200.200.200.10 200.200.200.20 esp 0x201 -m tunnel + -E null + -A null; + +add 200.200.200.20 200.200.200.10 esp 0x301 -m tunnel + -E null + -A null; + diff --git a/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.ipv4 b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.ipv4 new file mode 100755 index 00000000..e219f2ad --- /dev/null +++ b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.ipv4 @@ -0,0 +1,2 @@ +set -v +route add -net 192.168.2.0 netmask 255.255.255.0 gw 200.200.200.20 diff --git a/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/moonCert.pem b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/moonCert.pem new file mode 100644 index 00000000..d5c970f4 --- /dev/null +++ b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/moonCert.pem @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIEIjCCAwqgAwIBAgIBFzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ +MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS +b290IENBMB4XDTA5MDgyNzEwMDMzMloXDTE0MDgyNjEwMDMzMlowRjELMAkGA1UE +BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHDAaBgNVBAMTE21vb24u +c3Ryb25nc3dhbi5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDK +L2M91Lu6BYYhWxWgMS9z9TMSTwszm5rhO7ZIsCtMRo4PAeYw+++SGXt3CPXb/+p+ +SWKGlm11rPE71eQ3ehgh2C3hAurfmWO0iQQaCw+fdreeIVCqOQIOP6UqZ327h5yY +YpHk8VQv4vBJTpxclU1PqnWheqe1ZlLxsW773LRml/fQt/UgvJkCBTZZONLNMfK+ +7TDnYaVsAtncgvDN78nUNEe2qY92KK7SrBJ6SpUEg49m51F+XgsGcsgWVHS85on3 +Om/G48crLEVJjdu8CxewSRVgb+lPJWzHd8QsU0Vg/7vlqs3ZRMyNtNKrr4opSvVb +A6agGlTXhDCreDiXU8KHAgMBAAGjggEaMIIBFjAJBgNVHRMEAjAAMAsGA1UdDwQE +AwIDqDAdBgNVHQ4EFgQUapx00fiJeYn2WpTpifH6w2SdKS4wbQYDVR0jBGYwZIAU +XafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNIMRkwFwYDVQQK +ExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2FuIFJvb3QgQ0GC +AQAwHgYDVR0RBBcwFYITbW9vbi5zdHJvbmdzd2FuLm9yZzATBgNVHSUEDDAKBggr +BgEFBQcDATA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4u +b3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQCctXg2xeMozaTV +jiBL1P8MY9uEH5JtU0EceQ1RbI5/2vGRdnECND9oADY5vamaaE2Mdq2Qh/vlXnML +o3ii5ELjsQlYdTYZOcMOdcUUXYvbbFX1cwpkBhyBl1H25KptHcgQ/HnceKp3kOuq +wYOYjgwePXulcpWXx0E2QtQCFQQZFPyEWeNJxH0oglg53QPXfHY9I2/Gukj5V0bz +p7ME0Gs8KdnYdmbbDqzQgPsta96/m+HoJlsrVF+4Gqihj6BWMBQ2ybjPWZdG3oH9 +25cE8v60Ry98D0Z/tygbAUFnh5oOvaf642paVgc3aoA77I8U+UZjECxISoiHultY +7QTufOwP +-----END CERTIFICATE----- diff --git a/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/moonKey.pem b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/moonKey.pem new file mode 100644 index 00000000..4d99866f --- /dev/null +++ b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/moonKey.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAyi9jPdS7ugWGIVsVoDEvc/UzEk8LM5ua4Tu2SLArTEaODwHm +MPvvkhl7dwj12//qfklihpZtdazxO9XkN3oYIdgt4QLq35ljtIkEGgsPn3a3niFQ +qjkCDj+lKmd9u4ecmGKR5PFUL+LwSU6cXJVNT6p1oXqntWZS8bFu+9y0Zpf30Lf1 +ILyZAgU2WTjSzTHyvu0w52GlbALZ3ILwze/J1DRHtqmPdiiu0qwSekqVBIOPZudR +fl4LBnLIFlR0vOaJ9zpvxuPHKyxFSY3bvAsXsEkVYG/pTyVsx3fELFNFYP+75arN +2UTMjbTSq6+KKUr1WwOmoBpU14Qwq3g4l1PChwIDAQABAoIBACBFB/Xqajv6fbn9 +K6pxrz02uXwGmacXAtVIDoPzejWmXS4QA4l17HrJDmelSnhelDKry8nnYHkTrTz7 +mn0wQ4HDWy86o/okJUG/TKRLd6bf79aRQqqohqd3iQkHk43GyzuXH+oGioVKF0fc +ACDWw4wfjL7FMNdHCZ4Bz9DrHO/ysHe9B6rvSYm3VZRhSxaneIkaLkkDadKpVx3f +XNFlMxY4qKPJYYSoJZ61iMqrO7+rnA93tmyDDs8PKU3BtnpfNrdePgleJHhk8Zqy +Ev2/NOCSUxbKE8NCtLpGTs+T0qjjnu4k3WPd3ZOBAan0uPDekHZeHB/aXGLhYcxx +J5SurqECgYEA+F1gppkER5Jtoaudt/CUpdQ1sR9wxf75VBqJ4FiYABGQz9xlG4oj +zL/o572s0iV3bwFpnQa+WuWrxGkP6ZuB/Z82npc0N/vLou/b4dxvg4n7K+eOOEf0 +8FMjsse2tqTIXKCqcmQnR0NPQ1jwuvEKsXP5w/JOlnRXAXnd4jxsJI0CgYEA0GaT +61ySttUW9jC3mxuY6jkQy8TEQqR3nOFvWwmCXIWOpN/MTTPus+Telxp/pdKhU+mo +PmX3Unyne5PvwleWDq3YzltX5ZDZGJ5UJlKuNnfGIzQ6OcHRbb7zBpQG6qSRPuug +bgo688hTnb1L59nK88zWVK45euf6pyuoI+SwIGMCgYEA7yvE8knyhBXvezuv0z1b +eGHmHp5/VDwY0DQKSEAoiBBiWrkLqLybgwXf/KJ8dZZc8En08aFX2GLJyYe/KiB1 +ys3ypEBJqgvRayP+o/9KZ+qNNRd0rqAksPXvL7ABNNt0kzapTSVDae3Yu6s/j1am +DIL5qAeERIDedG5uDPpQzdUCgYB7MtjpP63ABhLv8XbpbBQnCxtByw3W89F+Xcrt +v55gQdhE4cSuMzA/CuMH4vNpPS6AI9aBJNhj3CtKo/cOJachAGb1/wvkO5ALvLW0 +fhZdPstUTnDJain7vfF/hwzbs/PlhXgu9T9KlLfRvXFdG+Sd4g8mumRiozcLkoRw +y6XPTwKBgDJP+s9wXmdG90HST/aqC7FKrVXLpB63dY5swNUfQP6sa0pFnON0r0JC +h/YCsGFFIAebQ2uOkM3g3f9nkwTp7910ov+/5uThvRI2w2BBPy0mVuALPjyyF1Z2 +cb9zpyKiIuXoXRCf4sd8r1lR9bn0Fxx0Svpxf+fpMGSI5quHNBKY +-----END RSA PRIVATE KEY----- diff --git a/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/pingsizes.sh b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/pingsizes.sh new file mode 100755 index 00000000..faefb245 --- /dev/null +++ b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/pingsizes.sh @@ -0,0 +1,19 @@ +#!/bin/bash +# +# Usage: ./pingsizes.sh 1440 20 (or greater) +# + +PINGDEST=${PINGDEST:-200.200.200.10} +k=$1 +lim="$((k+$2))" +((k-=1)) +while [ "$k" != "$lim" ] ; do + echo -n "ping -s $((k+=1)) : " + ping -i 1000 -c 1 -s $k $PINGDEST | grep packets & + sleep 1 + PID=`ps -eaf | grep 'ping -i' | grep -v grep | sed 's/[ ][ ]*/ /g' | cut -d " " -f 2` + if [ -n "$PID" ] ; then + echo "****************** killing $PID" + kill $PID > /dev/null + fi +done diff --git a/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/pingsizest.sh b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/pingsizest.sh new file mode 100755 index 00000000..d5ff0f7d --- /dev/null +++ b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/pingsizest.sh @@ -0,0 +1,19 @@ +#!/bin/bash +# +# Usage: ./pingsizes.sh 1440 20 (or greater) +# + +PINGDEST=${PINGDEST:-200.200.200.10} +k=$1 +lim="$((k+$2))" +((k-=1)) +while [ "$k" != "$lim" ] ; do + echo ping -s $((k+=1)) + ping -i 1000 -c 1 -s $k $PINGDEST & + sleep 1 + PID=`ps -eaf | grep 'ping -i' | sed 's/[ ][ ]*/ /g' | cut -d " " -f 2` + if [ -n "$PID" ] ; then + echo "****************** killing $PID" + kill $PID + fi +done diff --git a/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/psk.txt b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/psk.txt new file mode 100644 index 00000000..46c1ff41 --- /dev/null +++ b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/psk.txt @@ -0,0 +1,2 @@ +200.200.200.20 secretkeyracoon +200.200.200.10 secretkeyracoon diff --git a/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/racoon.conf b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/racoon.conf new file mode 100644 index 00000000..cf561f51 --- /dev/null +++ b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/racoon.conf @@ -0,0 +1,22 @@ +path pre_shared_key "/test_setkey/psk.txt" ; + + remote anonymous + { + exchange_mode main ; + lifetime time 1 hour ; + proposal { + encryption_algorithm 3des; + hash_algorithm sha1; + authentication_method pre_shared_key ; + dh_group 2 ; + } + } + + sainfo anonymous + { + pfs_group 2; + lifetime time 1 hour ; + encryption_algorithm 3des ; + authentication_algorithm hmac_sha1 ; + compression_algorithm deflate ; + } diff --git a/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-md5-transport b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-md5-transport new file mode 100755 index 00000000..7f82fb46 --- /dev/null +++ b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-md5-transport @@ -0,0 +1,23 @@ +#!/usr/sbin/setkey -f +#I am 200.200.200.20 + +flush; +spdflush; + +# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity) +# and hmac-md5 authentication using 128 bit long keys +add 200.200.200.10 200.200.200.20 esp 0x10513 + -E 3des-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 + -A hmac-md5 0xd5f603abc8cd9d19319ca32fb955b10f; + +add 200.200.200.20 200.200.200.10 esp 0x10514 + -E 3des-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df + -A hmac-md5 0x1dd90b4c32dcbe9d37b555a23df5170e; + + +spdadd 200.200.200.20 200.200.200.10 any -P out ipsec + esp/transport//require; + +spdadd 200.200.200.10 200.200.200.20 any -P in ipsec + esp/transport//require; + diff --git a/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-md5-tunnel b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-md5-tunnel new file mode 100755 index 00000000..5a752579 --- /dev/null +++ b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-md5-tunnel @@ -0,0 +1,42 @@ +#!/usr/sbin/setkey -f +# +# +# Example ESP Tunnel for VPN. +# +# ========= ESP ========= +# | | +# Network-A Gateway-A Gateway-B Network-B +# 192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24 +# +# ====== 83xx board A ====== ===== 83xx board B ===== +# | | | | +# eth0 eth1 eth1 eth0 +# 192.168.1.130 200.200.200.10 200.200.200.20 192.168.2.130 +# +# +# Board B setup +# +# Flush the SAD and SPD +flush; +spdflush; + +# I am gateway B (eth0:192.168.2.130, eth1:200.200.200.20) +# +# Security policies +spdadd 192.168.2.0/24 192.168.1.0/24 any -P out ipsec + esp/tunnel/200.200.200.20-200.200.200.10/require; + +spdadd 192.168.1.0/24 192.168.2.0/24 any -P in ipsec + esp/tunnel/200.200.200.10-200.200.200.20/require; + + +# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity) +# and hmac-md5 authentication using 128 bit long keys +add 200.200.200.10 200.200.200.20 esp 0x201 -m tunnel + -E 3des-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 + -A hmac-md5 0xd5f603abc8cd9d19319ca32fb955b10f; + +add 200.200.200.20 200.200.200.10 esp 0x301 -m tunnel + -E 3des-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df + -A hmac-md5 0x1dd90b4c32dcbe9d37b555a23df5170e; + diff --git a/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha1-transport b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha1-transport new file mode 100755 index 00000000..6ef885d4 --- /dev/null +++ b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha1-transport @@ -0,0 +1,22 @@ +#!/usr/sbin/setkey -f +#I am 200.200.200.20 + +flush; +spdflush; + +# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity) +# and hmac-sha1 authentication using 160 bit long keys +add 200.200.200.10 200.200.200.20 esp 0x10513 + -E 3des-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 + -A hmac-sha1 0xe9c43acd5e8d779b6e09c87347852708ab49bdd3; + +add 200.200.200.20 200.200.200.10 esp 0x10514 + -E 3des-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df + -A hmac-sha1 0xea6856479330dc9c17b8f6c37e2a895363d83f21; + +# Security policies +spdadd 200.200.200.20 200.200.200.10 any -P out ipsec + esp/transport//require; + +spdadd 200.200.200.10 200.200.200.20 any -P in ipsec + esp/transport//require; diff --git a/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha1-tunnel b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha1-tunnel new file mode 100755 index 00000000..16c31578 --- /dev/null +++ b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha1-tunnel @@ -0,0 +1,41 @@ +#!/usr/sbin/setkey -f +# +# +# Example ESP Tunnel for VPN. +# +# ========= ESP ========= +# | | +# Network-A Gateway-A Gateway-B Network-B +# 192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24 +# +# ====== 83xx board A ====== ===== 83xx board B ===== +# | | | | +# eth0 eth1 eth1 eth0 +# 192.168.1.130 200.200.200.10 200.200.200.20 192.168.2.130 +# +# +# Board B setup +# Flush the SAD and SPD +flush; +spdflush; + +# I am gateway B (eth0:192.168.2.130, eth1:200.200.200.20) +# +# Security policies + +spdadd 192.168.2.0/24 192.168.1.0/24 any -P out ipsec + esp/tunnel/200.200.200.20-200.200.200.10/require; + +spdadd 192.168.1.0/24 192.168.2.0/24 any -P in ipsec + esp/tunnel/200.200.200.10-200.200.200.20/require; + +# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity) +# and hmac-sha1 authentication using 160 bit long keys +add 200.200.200.10 200.200.200.20 esp 0x201 -m tunnel + -E 3des-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 + -A hmac-sha1 0xe9c43acd5e8d779b6e09c87347852708ab49bdd3; + +add 200.200.200.20 200.200.200.10 esp 0x301 -m tunnel + -E 3des-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df + -A hmac-sha1 0xea6856479330dc9c17b8f6c37e2a895363d83f21; + diff --git a/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha256-transport b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha256-transport new file mode 100755 index 00000000..b9772092 --- /dev/null +++ b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha256-transport @@ -0,0 +1,23 @@ +#!/usr/sbin/setkey -f +#I am 200.200.200.20 + +flush; +spdflush; + +# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity) +# and hmac-sha2-256 authentication using 256 bit long keys +add 200.200.200.10 200.200.200.20 esp 0x10513 + -E 3des-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 + -A hmac-sha2-256 0x4de03bebf6beb4fdef5a67d349a09580466cc4e54503333b2a5fd34538c91198; + +add 200.200.200.20 200.200.200.10 esp 0x10514 + -E 3des-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df + -A hmac-sha2-256 0x5e01eb780b7ecc074ca2ca4fa4a5ea2ff841c977da0ce61c49d1fe767ea5452c; + + +spdadd 200.200.200.20 200.200.200.10 any -P out ipsec + esp/transport//require; + +spdadd 200.200.200.10 200.200.200.20 any -P in ipsec + esp/transport//require; + diff --git a/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha256-tunnel b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha256-tunnel new file mode 100755 index 00000000..e7c5b4e6 --- /dev/null +++ b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha256-tunnel @@ -0,0 +1,42 @@ +#!/usr/sbin/setkey -f +# +# +# Example ESP Tunnel for VPN. +# +# ========= ESP ========= +# | | +# Network-A Gateway-A Gateway-B Network-B +# 192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24 +# +# ====== 83xx board A ====== ===== 83xx board B ===== +# | | | | +# eth0 eth1 eth1 eth0 +# 192.168.1.130 200.200.200.10 200.200.200.20 192.168.2.130 +# +# +# Board A setup +# +# Flush the SAD and SPD +flush; +spdflush; + +# I am gateway B (eth0:192.168.2.130, eth1:200.200.200.20) +# +# Security policies +spdadd 192.168.2.0/24 192.168.1.0/24 any -P out ipsec + esp/tunnel/200.200.200.20-200.200.200.10/require; + +spdadd 192.168.1.0/24 192.168.2.0/24 any -P in ipsec + esp/tunnel/200.200.200.10-200.200.200.20/require; + + +# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity) +# and hmac-sha2-256 authentication using 256 bit long keys +add 200.200.200.10 200.200.200.20 esp 0x10513 -m tunnel + -E 3des-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 + -A hmac-sha2-256 0x4de03bebf6beb4fdef5a67d349a09580466cc4e54503333b2a5fd34538c91198; + +add 200.200.200.20 200.200.200.10 esp 0x10514 -m tunnel + -E 3des-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df + -A hmac-sha2-256 0x5e01eb780b7ecc074ca2ca4fa4a5ea2ff841c977da0ce61c49d1fe767ea5452c; + diff --git a/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-md5-transport b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-md5-transport new file mode 100755 index 00000000..5d55d001 --- /dev/null +++ b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-md5-transport @@ -0,0 +1,23 @@ +#!/usr/sbin/setkey -f +#I am 200.200.200.20 + +flush; +spdflush; + +# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity) +# and hmac-md5 authentication using 128 bit long keys +add 200.200.200.10 200.200.200.20 esp 0x10513 + -E aes-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 + -A hmac-md5 0xd5f603abc8cd9d19319ca32fb955b10f; + +add 200.200.200.20 200.200.200.10 esp 0x10514 + -E aes-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df + -A hmac-md5 0x1dd90b4c32dcbe9d37b555a23df5170e; + + +spdadd 200.200.200.20 200.200.200.10 any -P out ipsec + esp/transport//require; + +spdadd 200.200.200.10 200.200.200.20 any -P in ipsec + esp/transport//require; + diff --git a/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-md5-tunnel b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-md5-tunnel new file mode 100755 index 00000000..f49bd54a --- /dev/null +++ b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-md5-tunnel @@ -0,0 +1,42 @@ +#!/usr/sbin/setkey -f +# +# +# Example ESP Tunnel for VPN. +# +# ========= ESP ========= +# | | +# Network-A Gateway-A Gateway-B Network-B +# 192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24 +# +# ====== 83xx board A ====== ===== 83xx board B ===== +# | | | | +# eth0 eth1 eth1 eth0 +# 192.168.1.130 200.200.200.10 200.200.200.20 192.168.2.130 +# +# +# Board B setup +# +# Flush the SAD and SPD +flush; +spdflush; + +# I am gateway B (eth0:192.168.2.130, eth1:200.200.200.20) +# +# Security policies +spdadd 192.168.2.0/24 192.168.1.0/24 any -P out ipsec + esp/tunnel/200.200.200.20-200.200.200.10/require; + +spdadd 192.168.1.0/24 192.168.2.0/24 any -P in ipsec + esp/tunnel/200.200.200.10-200.200.200.20/require; + + +# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity) +# and hmac-md5 authentication using 128 bit long keys +add 200.200.200.10 200.200.200.20 esp 0x201 -m tunnel + -E aes-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 + -A hmac-md5 0xd5f603abc8cd9d19319ca32fb955b10f; + +add 200.200.200.20 200.200.200.10 esp 0x301 -m tunnel + -E aes-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df + -A hmac-md5 0x1dd90b4c32dcbe9d37b555a23df5170e; + diff --git a/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha1-transport b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha1-transport new file mode 100755 index 00000000..d9c65a45 --- /dev/null +++ b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha1-transport @@ -0,0 +1,22 @@ +#!/usr/sbin/setkey -f +#I am 200.200.200.20 + +flush; +spdflush; + +# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity) +# and hmac-sha1 authentication using 160 bit long keys +add 200.200.200.10 200.200.200.20 esp 0x10513 + -E aes-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 + -A hmac-sha1 0xe9c43acd5e8d779b6e09c87347852708ab49bdd3; + +add 200.200.200.20 200.200.200.10 esp 0x10514 + -E aes-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df + -A hmac-sha1 0xea6856479330dc9c17b8f6c37e2a895363d83f21; + +# Security policies +spdadd 200.200.200.20 200.200.200.10 any -P out ipsec + esp/transport//require; + +spdadd 200.200.200.10 200.200.200.20 any -P in ipsec + esp/transport//require; diff --git a/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha1-tunnel b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha1-tunnel new file mode 100755 index 00000000..1f10136a --- /dev/null +++ b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha1-tunnel @@ -0,0 +1,41 @@ +#!/usr/sbin/setkey -f +# +# +# Example ESP Tunnel for VPN. +# +# ========= ESP ========= +# | | +# Network-A Gateway-A Gateway-B Network-B +# 192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24 +# +# ====== 83xx board A ====== ===== 83xx board B ===== +# | | | | +# eth0 eth1 eth1 eth0 +# 192.168.1.130 200.200.200.10 200.200.200.20 192.168.2.130 +# +# +# Board B setup +# Flush the SAD and SPD +flush; +spdflush; + +# I am gateway B (eth0:192.168.2.130, eth1:200.200.200.20) +# +# Security policies + +spdadd 192.168.2.0/24 192.168.1.0/24 any -P out ipsec + esp/tunnel/200.200.200.20-200.200.200.10/require; + +spdadd 192.168.1.0/24 192.168.2.0/24 any -P in ipsec + esp/tunnel/200.200.200.10-200.200.200.20/require; + +# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity) +# and hmac-sha1 authentication using 160 bit long keys +add 200.200.200.10 200.200.200.20 esp 0x201 -m tunnel + -E aes-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 + -A hmac-sha1 0xe9c43acd5e8d779b6e09c87347852708ab49bdd3; + +add 200.200.200.20 200.200.200.10 esp 0x301 -m tunnel + -E aes-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df + -A hmac-sha1 0xea6856479330dc9c17b8f6c37e2a895363d83f21; + diff --git a/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha256-transport b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha256-transport new file mode 100755 index 00000000..817a8bd4 --- /dev/null +++ b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha256-transport @@ -0,0 +1,23 @@ +#!/usr/sbin/setkey -f +#I am 200.200.200.20 + +flush; +spdflush; + +# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity) +# and hmac-sha2-256 authentication using 256 bit long keys +add 200.200.200.10 200.200.200.20 esp 0x10513 + -E aes-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 + -A hmac-sha2-256 0x4de03bebf6beb4fdef5a67d349a09580466cc4e54503333b2a5fd34538c91198; + +add 200.200.200.20 200.200.200.10 esp 0x10514 + -E aes-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df + -A hmac-sha2-256 0x5e01eb780b7ecc074ca2ca4fa4a5ea2ff841c977da0ce61c49d1fe767ea5452c; + + +spdadd 200.200.200.20 200.200.200.10 any -P out ipsec + esp/transport//require; + +spdadd 200.200.200.10 200.200.200.20 any -P in ipsec + esp/transport//require; + diff --git a/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha256-tunnel b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha256-tunnel new file mode 100755 index 00000000..9bca18fb --- /dev/null +++ b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha256-tunnel @@ -0,0 +1,42 @@ +#!/usr/sbin/setkey -f +# +# +# Example ESP Tunnel for VPN. +# +# ========= ESP ========= +# | | +# Network-A Gateway-A Gateway-B Network-B +# 192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24 +# +# ====== 83xx board A ====== ===== 83xx board B ===== +# | | | | +# eth0 eth1 eth1 eth0 +# 192.168.1.130 200.200.200.10 200.200.200.20 192.168.2.130 +# +# +# Board A setup +# +# Flush the SAD and SPD +flush; +spdflush; + +# I am gateway B (eth0:192.168.2.130, eth1:200.200.200.20) +# +# Security policies +spdadd 192.168.2.0/24 192.168.1.0/24 any -P out ipsec + esp/tunnel/200.200.200.20-200.200.200.10/require; + +spdadd 192.168.1.0/24 192.168.2.0/24 any -P in ipsec + esp/tunnel/200.200.200.10-200.200.200.20/require; + + +# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity) +# and hmac-sha2-256 authentication using 256 bit long keys +add 200.200.200.10 200.200.200.20 esp 0x10513 -m tunnel + -E aes-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 + -A hmac-sha2-256 0x4de03bebf6beb4fdef5a67d349a09580466cc4e54503333b2a5fd34538c91198; + +add 200.200.200.20 200.200.200.10 esp 0x10514 -m tunnel + -E aes-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df + -A hmac-sha2-256 0x5e01eb780b7ecc074ca2ca4fa4a5ea2ff841c977da0ce61c49d1fe767ea5452c; + diff --git a/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-null-null-transport b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-null-null-transport new file mode 100755 index 00000000..26dfe2e1 --- /dev/null +++ b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-null-null-transport @@ -0,0 +1,23 @@ +#!/usr/sbin/setkey -f +#I am 200.200.200.20 + +flush; +spdflush; + +# ESP SAs doing null encryption +# and null authentication +add 200.200.200.10 200.200.200.20 esp 0x10513 + -E null + -A null; + +add 200.200.200.20 200.200.200.10 esp 0x10514 + -E null + -A null; + + +spdadd 200.200.200.20 200.200.200.10 any -P out ipsec + esp/transport//require; + +spdadd 200.200.200.10 200.200.200.20 any -P in ipsec + esp/transport//require; + diff --git a/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-null-null-tunnel b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-null-null-tunnel new file mode 100755 index 00000000..bc4f38eb --- /dev/null +++ b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-null-null-tunnel @@ -0,0 +1,42 @@ +#!/usr/sbin/setkey -f +# +# +# Example ESP Tunnel for VPN. +# +# ========= ESP ========= +# | | +# Network-A Gateway-A Gateway-B Network-B +# 192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24 +# +# ====== 83xx board A ====== ===== 83xx board B ===== +# | | | | +# eth0 eth1 eth1 eth0 +# 192.168.1.130 200.200.200.10 200.200.200.20 192.168.2.130 +# +# +# Board B setup +# +# Flush the SAD and SPD +flush; +spdflush; + +# I am gateway B (eth0:192.168.2.130, eth1:200.200.200.20) +# +# Security policies +spdadd 192.168.2.0/24 192.168.1.0/24 any -P out ipsec + esp/tunnel/200.200.200.20-200.200.200.10/require; + +spdadd 192.168.1.0/24 192.168.2.0/24 any -P in ipsec + esp/tunnel/200.200.200.10-200.200.200.20/require; + + +# ESP SAs doing null encryption +# and null authentication +add 200.200.200.10 200.200.200.20 esp 0x201 -m tunnel + -E null + -A null; + +add 200.200.200.20 200.200.200.10 esp 0x301 -m tunnel + -E null + -A null; + diff --git a/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.ipv4 b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.ipv4 new file mode 100755 index 00000000..67cd1b2c --- /dev/null +++ b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.ipv4 @@ -0,0 +1,2 @@ +set -v +route add -net 192.168.1.0 netmask 255.255.255.0 gw 200.200.200.10 diff --git a/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/setup b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/setup new file mode 100755 index 00000000..9e6fa7fa --- /dev/null +++ b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/setup @@ -0,0 +1,47 @@ +# setup - quick setup for left or right side of ipsec test +# see README for example use. + +SCRIPT_HOME=/test_setkey/ +cd $SCRIPT_HOME + +export PATH=$SCRIPT_HOME:$PATH + +if [ "$1" != "left" -a "$1" != "right" ] ; then + echo "Usage: $0 side [config] [driver]" + echo " where side is either left or right." + echo " where config is either" + echo " aes-sha1-tunnel (default)" + echo " or 3des-sha1-tunnel" + echo " if driver is supplied, script does 'modprobe driver'" + exit 1 +fi + +SIDE=$1 +POLICY_CFG=$SIDE.conf +DEFAULT_POLICY=aes-sha1-tunnel + +if [ -n "$2" ] ; then + POLICY=$2 +else + POLICY=$DEFAULT_POLICY +fi + +SETKEY_FILE=$POLICY_CFG-$POLICY + +if [ ! -f $SETKEY_FILE ] ; then + echo "Missing setkey command file: $SETKEY_FILE" + exit 1 +fi + +# modprobe any driver name given as last parameter +if [ -n "$3" ] ; then + modprobe $3 +fi + +SETUP_CMD_FILE=./setup_$SIDE +. $SETUP_CMD_FILE + +$SETKEY_FILE + +setkey -D +setkey -D -P diff --git a/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/setup_left b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/setup_left new file mode 100755 index 00000000..da769099 --- /dev/null +++ b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/setup_left @@ -0,0 +1,13 @@ +# board on left setup +set -v +ifconfig eth0 down +ifconfig eth0 hw ether 00:04:9F:11:22:33 +ifconfig eth0 192.168.1.130 netmask 255.255.255.0 +ifconfig eth0 up +ifconfig eth1 down +ifconfig eth1 hw ether 00:E0:0C:00:7D:FD +ifconfig eth1 200.200.200.10 netmask 255.255.255.0 +ifconfig eth1 up +arp -s 192.168.1.21 00:00:00:00:00:01 +route add default dev eth1 +echo 1 > /proc/sys/net/ipv4/ip_forward diff --git a/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/setup_right b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/setup_right new file mode 100755 index 00000000..f0e333ee --- /dev/null +++ b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/setup_right @@ -0,0 +1,13 @@ +# board on right setup +set -v +ifconfig eth0 down +ifconfig eth0 hw ether 00:E0:0C:00:01:FD +ifconfig eth0 192.168.2.130 netmask 255.255.255.0 +ifconfig eth0 up +ifconfig eth1 down +ifconfig eth1 hw ether 00:E0:0C:00:00:FD +ifconfig eth1 200.200.200.20 netmask 255.255.255.0 +ifconfig eth1 up +arp -s 192.168.2.21 00:00:00:00:00:02 +route add default dev eth1 +echo 1 > /proc/sys/net/ipv4/ip_forward diff --git a/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswan.conf b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswan.conf new file mode 100644 index 00000000..1701f4ab --- /dev/null +++ b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswan.conf @@ -0,0 +1,19 @@ +# strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-raw updown + multiple_authentication = no +} + +pluto { + + # plugins to load in pluto + #load = aes des sha1 md5 sha2 hmac gmp random pubkey + +} + +libstrongswan { + + # set to no, the DH exponent size is optimized + # dh_exponent_ansi_x9_42 = no +} diff --git a/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswanCert.pem b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswanCert.pem new file mode 100644 index 00000000..0865ad22 --- /dev/null +++ b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswanCert.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDuDCCAqCgAwIBAgIBADANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ +MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS +b290IENBMB4XDTA0MDkxMDEwMDExOFoXDTE5MDkwNzEwMDExOFowRTELMAkGA1UE +BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9u +Z1N3YW4gUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL/y +X2LqPVZuWLPIeknK86xhz6ljd3NNhC2z+P1uoCP3sBMuZiZQEjFzhnKcbXxCeo2f +FnvhOOjrrisSuVkzuu82oxXD3fIkzuS7m9V4E10EZzgmKWIf+WuNRfbgAuUINmLc +4YGAXBQLPyzpP4Ou48hhz/YQo58Bics6PHy5v34qCVROIXDvqhj91P8g+pS+F21/ +7P+CH2jRcVIEHZtG8M/PweTPQ95dPzpYd2Ov6SZ/U7EWmbMmT8VcUYn1aChxFmy5 +gweVBWlkH6MP+1DeE0/tL5c87xo5KCeGK8Tdqpe7sBRC4pPEEHDQciTUvkeuJ1Pr +K+1LwdqRxo7HgMRiDw8CAwEAAaOBsjCBrzASBgNVHRMBAf8ECDAGAQH/AgEBMAsG +A1UdDwQEAwIBBjAdBgNVHQ4EFgQUXafdcAZRMn7ntm2zteXgYOouTe8wbQYDVR0j +BGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNIMRkw +FwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2FuIFJv +b3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBACOSmqEBtBLR9aV3UyCI8gmzR5in +Lte9aUXXS+qis6F2h2Stf4sN+Nl6Gj7REC6SpfEH4wWdwiUL5J0CJhyoOjQuDl3n +1Dw3dE4/zqMZdyDKEYTU75TmvusNJBdGsLkrf7EATAjoi/nrTOYPPhSUZvPp/D+Y +vORJ9Ej51GXlK1nwEB5iA8+tDYniNQn6BD1MEgIejzK+fbiy7braZB1kqhoEr2Si +7luBSnU912sw494E88a2EWbmMvg2TVHPNzCpVkpNk7kifCiwmw9VldkqYy9y/lCa +Epyp7lTfKw7cbD04Vk8QJW782L6Csuxkl346b17wmOqn8AZips3tFsuAY3w= +-----END CERTIFICATE----- diff --git a/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswan_left b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswan_left new file mode 100755 index 00000000..e55c3e42 --- /dev/null +++ b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswan_left @@ -0,0 +1,10 @@ +#strongswan on left board +set -v +cp -rf ipsec.conf.left /etc/ipsec.conf +cp -rf ipsec.secrets.left /etc/ipsec.secrets +cp -rf strongswan.conf /etc/ +cp -rf strongswanCert.pem /etc/ipsec.d/cacerts/ +cp -rf moonCert.pem /etc/ipsec.d/certs/ +mkdir /etc/ipsec.d/private +cp -rf sunKey.pem /etc/ipsec.d/private/ +cp -rf moonKey.pem /etc/ipsec.d/private/ diff --git a/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswan_right b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswan_right new file mode 100755 index 00000000..bcdbb731 --- /dev/null +++ b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswan_right @@ -0,0 +1,10 @@ +#strongswan on left board +set -v +cp -rf ipsec.conf.right /etc/ipsec.conf +cp -rf ipsec.secrets.right /etc/ipsec.secrets +cp -rf strongswan.conf /etc/ +cp -rf strongswanCert.pem /etc/ipsec.d/cacerts/ +cp -rf sunCert.pem /etc/ipsec.d/certs/ +mkdir /etc/ipsec.d/private +cp -rf sunKey.pem /etc/ipsec.d/private/ +cp -rf moonKey.pem /etc/ipsec.d/private/ diff --git a/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/sunCert.pem b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/sunCert.pem new file mode 100644 index 00000000..d0937bab --- /dev/null +++ b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/sunCert.pem @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIEIDCCAwigAwIBAgIBFjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ +MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS +b290IENBMB4XDTA5MDgyNzA5NTkwNFoXDTE0MDgyNjA5NTkwNFowRTELMAkGA1UE +BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN1bi5z +dHJvbmdzd2FuLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN+V +VIpn6Q5jaU//EN6p6A5cSfUfhBK0mFa2laFFZh/Y0h66AXqqrQ3X917h7YNsSk68 +oowY9h9I3gOx7hNVBsJr2VjdYC+b0q5NTha09/A5mimv/prYj6o0yawxoPjoDs9Y +h7D7Kf+F8fkgk0stlHJZX66J7dNrFXbg1xBld+Ep5Or2FbEZ9QWUpRQTuhdpNt/4 +9YuxQ59DemY9IRbwsrKCHH0mGrJsDdqeb0ap+8QvSXHjCt1fr9MNKWaAFAQLKQI4 +e0da1ntPCEQLeE833+NNRBgGufk0KqGT3eAXqrxa9AEIUJnVcPexQdqUMjcUpXFb +8WNzRWB8Egh3BDK6FsECAwEAAaOCARkwggEVMAkGA1UdEwQCMAAwCwYDVR0PBAQD +AgOoMB0GA1UdDgQWBBRW1p4v2qihzRlcI1PnxbZwluML+zBtBgNVHSMEZjBkgBRd +p91wBlEyfue2bbO15eBg6i5N76FJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoT +EExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIB +ADAdBgNVHREEFjAUghJzdW4uc3Ryb25nc3dhbi5vcmcwEwYDVR0lBAwwCgYIKwYB +BQUHAwEwOQYDVR0fBDIwMDAuoCygKoYoaHR0cDovL2NybC5zdHJvbmdzd2FuLm9y +Zy9zdHJvbmdzd2FuLmNybDANBgkqhkiG9w0BAQsFAAOCAQEAo37LYT9Awx0MK/nA +FZpPJqUr0Ey+O5Ukcsdx7nd00SlmpiQRY8KmuRXCBQnDEgdLstd3slQjT0pJEgWF +0pzxybnI6eOzYAhLfhart+X1hURiNGbXjggm2s4I5+K32bVIkNEqlsYnd/6F9oo5 +ZNO0/eTTruLZfkNe/zchBGKe/Z7MacVwlYWWCbMtBV4K1d5dGcRRgpQ9WivDlmat +Nh9wlscDSgSGk3HJkbxnq695VN7zUbDWAUvWWhV5bIDjlAR/xyT9ApqIxiyVVRul +fYrE7U05Hbt6GgAroAKLp6qJup9+TxQAKSjKIwJ0hf7OuYyQ8TZtVHS7AOhm+T/5 +G/jGGA== +-----END CERTIFICATE----- diff --git a/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/sunKey.pem b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/sunKey.pem new file mode 100644 index 00000000..d8fad9aa --- /dev/null +++ b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/sunKey.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA35VUimfpDmNpT/8Q3qnoDlxJ9R+EErSYVraVoUVmH9jSHroB +eqqtDdf3XuHtg2xKTryijBj2H0jeA7HuE1UGwmvZWN1gL5vSrk1OFrT38DmaKa/+ +mtiPqjTJrDGg+OgOz1iHsPsp/4Xx+SCTSy2Ucllfront02sVduDXEGV34Snk6vYV +sRn1BZSlFBO6F2k23/j1i7FDn0N6Zj0hFvCysoIcfSYasmwN2p5vRqn7xC9JceMK +3V+v0w0pZoAUBAspAjh7R1rWe08IRAt4Tzff401EGAa5+TQqoZPd4BeqvFr0AQhQ +mdVw97FB2pQyNxSlcVvxY3NFYHwSCHcEMroWwQIDAQABAoIBADH51hjN2zk9HVgl +QmcTAWzcUie5cLMhrP+M9mtC8O3jcCwwFY6OwfnbMU8DHy0GMqHg5lB8b99UUVPw +HLAzjDw/ESkc6pgZs4EEhJTsxJLsvTnePgHssEgyXnXf7gRVEqJkPohfy+Zy0UCH +eIUQXiMlOQ7xg7iDMhwNa+UdWSt539DztSKilQn2xdPZjFnMT0/prvl4NA/8Zn54 +/SdWDq5yRdLWb6EK1V7yJ3687GXR1jzGtgy7TXuncUJVTYgX7RdP1Tn6gWD8YAQ/ +RfT0DdWYm4WHSgSb9/NW8lBZH2yy3hg+lNgofXEvTfBkO5QyW31LIr0tCV6zhJIc +Y9MxaKUCgYEA9sktaXfhPLe0ECjdeQEOq5EKuDrCviSKCOuAV4BDSOsdw6+5LWfY +Vb/oke8N70lL3RCblcj1pOKWUi2O/SpEJdDRduiw2gM9cXt3/bChSTHC4TsIxxN/ +Db9OGg72kZ4sRY5Au+zyAAQYBwXhFWux194Jk5qK0JblNG9J5QMqZDcCgYEA5+5h +BgHUMEO+pdME5lAiSc5PcNTejpA6j+OikCh4/HFXy3C/dLx+Cs1+egw64c8iVaIv +NEo7n7E9I0e3XqanPRXhMnBRrP+39OVsWPmZ18Li2Hi84KwJyi8Y11l3XJOqaYpF +wMVUuZpxR0dfG5k/5GwT/tEkmQBglOgG3m2zUMcCgYEA4m3Vd9ahV5dp5AXKpzKc +JjiPMFfhxJo7+FEz0ZUCp03qYljBu/Jy4MKS/grrqyiCLdQGHNlk4SNxLvdUId78 +5gGBnuuDEJU2dAAIKUE9yq2YlBUZSacOxStI2snt28/X6P3LUWHm7LLU5OS1D3Vf +mKPF/6MlSJuas5CEqVZNN+MCgYBH9Qh7IaQgmVQUBKVXg3Mv7OduvUyTdKIGtHxi +N3xZ7hxsDP4JjNWaKmlcGmFGX8pqQRheI83d3NJ4GK8GmbP3Wst0p65fezMqsudr +r30QmPFicgs/tYCQDw6o+aPzwAi2F+VOSqrfrtAIaldSq7hL+VA21dKB+cD9UgOX +jPd+TwKBgQCbKeg2QNS2qhPIG9eaqJDROuxmxb/07d7OBctgMgxVvKhqW9hW42Sy +gJ59fyz5QjFBaSfcOdf4gkKyEawVo45/q6ymIQU37R4vF4CW9Z3CfaIbwJp7LcHV +zH07so/HNsZua6GWCSCLJU5MeCRiZzk2RFiS9KIaLP4gZndv4lXOiQ== +-----END RSA PRIVATE KEY----- diff --git a/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo_0.1.bb b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo_0.1.bb new file mode 100644 index 00000000..1a4ae6dd --- /dev/null +++ b/bsp/meta-freescale/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo_0.1.bb @@ -0,0 +1,26 @@ +SUMMARY = "Scripts and configuration files for ipsec demo" +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420" + +RDEPENDS_${PN} = "ipsec-tools bash" + +inherit allarch + +SRC_URI = "file://test_setkey" + +S = "${WORKDIR}" + +do_configure[noexec] = "1" +do_compile[noexec] = "1" + +do_install(){ + install -d ${D}${datadir} + cp -a ${WORKDIR}/test_setkey ${D}${datadir}/ + chown -R root:root ${D}${datadir}/test_setkey +} + +FILES_${PN} = "${datadir}/*" + +COMPATIBLE_MACHINE = "(qoriq)" +PACKAGE_ARCH = "${MACHINE_SOCARCH}" + diff --git a/bsp/meta-freescale/dynamic-layers/openembedded-layer/recipes-benchmark/glmark2/glmark2_%.bbappend b/bsp/meta-freescale/dynamic-layers/openembedded-layer/recipes-benchmark/glmark2/glmark2_%.bbappend new file mode 100644 index 00000000..b579028b --- /dev/null +++ b/bsp/meta-freescale/dynamic-layers/openembedded-layer/recipes-benchmark/glmark2/glmark2_%.bbappend @@ -0,0 +1,4 @@ +PACKAGECONFIG_imxgpu3d = "${@bb.utils.contains('DISTRO_FEATURES', 'wayland opengl', 'wayland-gles2', \ + bb.utils.contains('DISTRO_FEATURES', 'x11 opengl', 'x11-gl x11-gles2', '', d), d)}" +PACKAGECONFIG_imxgpu2d = "${@bb.utils.contains('DISTRO_FEATURES', 'wayland opengl', '', \ + bb.utils.contains('DISTRO_FEATURES', 'x11 opengl', 'x11-gl', '', d), d)}" diff --git a/bsp/meta-freescale/dynamic-layers/openembedded-layer/recipes-devtools/luajit/luajit/ppc-fixplt.patch b/bsp/meta-freescale/dynamic-layers/openembedded-layer/recipes-devtools/luajit/luajit/ppc-fixplt.patch new file mode 100644 index 00000000..b9f17f4e --- /dev/null +++ b/bsp/meta-freescale/dynamic-layers/openembedded-layer/recipes-devtools/luajit/luajit/ppc-fixplt.patch @@ -0,0 +1,105 @@ +Upstream-Status: Unknown + +Signed-off-by: Khem Raj <raj.khem@gmail.com> + +libluajit is having symbols that can't be +resolved the reloc cannot accommodate an offset greater than 24 bits. + +Looking at libluajit with readelf -r, you see a bunch of entries that look like: + 000082f0 00003c0a R_PPC_REL24 00000000 sqrt + 0 + +These should not occur when the code is compiled and linked with -fPIC. + +It turns out that libluajit *is* compiled and linked with -fPIC, however... +There is one assembler file called lj_vm.s which is generated during the build. +This file is missing the `@plt' qualifier from external references. + +This file is generated by a program called buildvm. This in turn uses tables +in a file called buildvm_arch.h which is generated by dynasm.lua. + +Index: LuaJIT-2.0.1/src/host/buildvm.c +=================================================================== +--- LuaJIT-2.0.1.orig/src/host/buildvm.c 2013-02-19 12:15:00.000000000 -0800 ++++ LuaJIT-2.0.1/src/host/buildvm.c 2013-05-14 20:26:05.933444512 -0700 +@@ -107,12 +107,14 @@ + #endif + sprintf(name, "%s%s%s", symprefix, prefix, suffix); + p = strchr(name, '@'); ++#if 0 + if (p) { + if (!LJ_64 && (ctx->mode == BUILD_coffasm || ctx->mode == BUILD_peobj)) + name[0] = '@'; + else + *p = '\0'; + } ++#endif + p = (char *)malloc(strlen(name)+1); /* MSVC doesn't like strdup. */ + strcpy(p, name); + return p; +Index: LuaJIT-2.0.1/src/vm_ppcspe.dasc +=================================================================== +--- LuaJIT-2.0.1.orig/src/vm_ppcspe.dasc 2013-02-19 12:15:00.000000000 -0800 ++++ LuaJIT-2.0.1/src/vm_ppcspe.dasc 2013-05-14 20:26:05.937444512 -0700 +@@ -1390,7 +1390,7 @@ + | checknum CARG2 + | evmergehi CARG1, CARG2, CARG2 + | checkfail ->fff_fallback +- | bl extern func ++ | bl extern func@plt + | evmergelo CRET1, CRET1, CRET2 + | b ->fff_restv + |.endmacro +@@ -1405,7 +1405,7 @@ + | checknum CARG1 + | evmergehi CARG3, CARG4, CARG4 + | checkanyfail ->fff_fallback +- | bl extern func ++ | bl extern func@plt + | evmergelo CRET1, CRET1, CRET2 + | b ->fff_restv + |.endmacro +@@ -1437,7 +1437,7 @@ + | checknum CARG2 + | evmergehi CARG1, CARG2, CARG2 + | checkfail ->fff_fallback +- | bl extern log ++ | bl extern log@plt + | evmergelo CRET1, CRET1, CRET2 + | b ->fff_restv + | +@@ -1471,7 +1471,7 @@ + | checknum CARG1 + | checkanyfail ->fff_fallback + | efdctsi CARG3, CARG4 +- | bl extern ldexp ++ | bl extern ldexp@plt + | evmergelo CRET1, CRET1, CRET2 + | b ->fff_restv + | +@@ -1484,7 +1484,7 @@ + | checkfail ->fff_fallback + | la CARG3, DISPATCH_GL(tmptv)(DISPATCH) + | lwz PC, FRAME_PC(BASE) +- | bl extern frexp ++ | bl extern frexp@plt + | lwz TMP1, DISPATCH_GL(tmptv)(DISPATCH) + | evmergelo CRET1, CRET1, CRET2 + | efdcfsi CRET2, TMP1 +@@ -1503,7 +1503,7 @@ + | checkfail ->fff_fallback + | la CARG3, -8(BASE) + | lwz PC, FRAME_PC(BASE) +- | bl extern modf ++ | bl extern modf@plt + | evmergelo CRET1, CRET1, CRET2 + | la RA, -8(BASE) + | evstdd CRET1, 0(BASE) +@@ -2399,7 +2399,7 @@ + | checknum CARG1 + | evmergehi CARG3, CARG4, CARG4 + | checkanyfail ->vmeta_arith_vv +- | bl extern pow ++ | bl extern pow@plt + | evmergelo CRET2, CRET1, CRET2 + | evstddx CRET2, BASE, RA + | ins_next diff --git a/bsp/meta-freescale/dynamic-layers/openembedded-layer/recipes-devtools/luajit/luajit_%.bbappend b/bsp/meta-freescale/dynamic-layers/openembedded-layer/recipes-devtools/luajit/luajit_%.bbappend new file mode 100644 index 00000000..8c6138c5 --- /dev/null +++ b/bsp/meta-freescale/dynamic-layers/openembedded-layer/recipes-devtools/luajit/luajit_%.bbappend @@ -0,0 +1,4 @@ +FILESEXTRAPATHS_prepend := "${THISDIR}/${BPN}:" + +SRC_URI_append_qoriq-ppc = " file://ppc-fixplt.patch " + diff --git a/bsp/meta-freescale/dynamic-layers/openembedded-layer/recipes-dpaa/fmc/fmc_git.bb b/bsp/meta-freescale/dynamic-layers/openembedded-layer/recipes-dpaa/fmc/fmc_git.bb new file mode 100644 index 00000000..cbf8e24f --- /dev/null +++ b/bsp/meta-freescale/dynamic-layers/openembedded-layer/recipes-dpaa/fmc/fmc_git.bb @@ -0,0 +1,55 @@ +SUMMARY = "Frame Manager Configuration tool" +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://COPYING;md5=a504ab5a8ff235e67c7301214749346c" + +PR = "r2" + +DEPENDS = "libxml2 fmlib tclap" + +SRC_URI = "git://source.codeaurora.org/external/qoriq/qoriq-components/fmc;nobranch=1" +SRCREV = "c7576ab7fb6fb09b68ebc40531e5452fc89e5cd5" + +S = "${WORKDIR}/git" + +EXTRA_OEMAKE = 'FMD_USPACE_HEADER_PATH="${STAGING_INCDIR}/fmd" \ + FMD_USPACE_LIB_PATH="${STAGING_LIBDIR}" LIBXML2_HEADER_PATH="${STAGING_INCDIR}/libxml2" \ + TCLAP_HEADER_PATH="${STAGING_INCDIR}" ' +EXTRA_OEMAKE_virtclass-native = 'FMCHOSTMODE=1 FMD_USPACE_HEADER_PATH="${STAGING_INCDIR}/fmd" \ + FMD_USPACE_LIB_PATH="${STAGING_LIBDIR}" LIBXML2_HEADER_PATH="${STAGING_INCDIR}/libxml2" \ + TCLAP_HEADER_PATH="${STAGING_INCDIR}" ' + +EXTRA_OEMAKE_PLATFORM ?= "" +EXTRA_OEMAKE_PLATFORM_ls1043a = "ls1043" +EXTRA_OEMAKE_PLATFORM_ls1046a = "ls1046" +EXTRA_OEMAKE_PLATFORM_ls1088a = "ls1088" +EXTRA_OEMAKE_PLATFORM_p1020 = "p4080ds" +EXTRA_OEMAKE_PLATFORM_p2020 = "p4080ds" +EXTRA_OEMAKE_PLATFORM_p2041 = "p4080ds" +EXTRA_OEMAKE_PLATFORM_p3041 = "p4080ds" +EXTRA_OEMAKE_PLATFORM_p4080 = "p4080ds" +EXTRA_OEMAKE_PLATFORM_p5040 = "p4080ds" + + +do_compile () { + oe_runmake MACHINE=${EXTRA_OEMAKE_PLATFORM} -C source +} + +do_install () { + install -d ${D}/${bindir} + install -m 755 ${S}/source/fmc ${D}/${bindir} + + install -d ${D}${sysconfdir}/fmc/config + install -m 644 ${S}${sysconfdir}/fmc/config/hxs_pdl_v3.xml ${D}${sysconfdir}/fmc/config + + install -d ${D}/${includedir}/fmc + install ${S}/source/fmc.h ${D}/${includedir}/fmc + + install -d ${D}/${libdir} + install ${S}/source/libfmc.a ${D}/${libdir} +} + +PARALLEL_MAKE = "" + +PACKAGE_ARCH = "${MACHINE_SOCARCH}" + +COMPATIBLE_MACHINE = "(qoriq)" diff --git a/bsp/meta-freescale/dynamic-layers/openembedded-layer/recipes-graphics/xserver-common/xserver-common/imx/0016-xserver-common-enable-iglx-module.patch b/bsp/meta-freescale/dynamic-layers/openembedded-layer/recipes-graphics/xserver-common/xserver-common/imx/0016-xserver-common-enable-iglx-module.patch new file mode 100644 index 00000000..283a081b --- /dev/null +++ b/bsp/meta-freescale/dynamic-layers/openembedded-layer/recipes-graphics/xserver-common/xserver-common/imx/0016-xserver-common-enable-iglx-module.patch @@ -0,0 +1,30 @@ +From 8ad045e5e664fe2d1bd9f88616d5bf83437aab4e Mon Sep 17 00:00:00 2001 +From: Yang Dong <b56112@freescale.com> +Date: Wed, 9 Sep 2015 13:08:57 +0800 +Subject: [PATCH] xserver-common: enable iglx module + +Enable iglx module to pass indirect glx rendering test case. + +Upstream-Status: Inappropriate [imx specific] + +Date: Sep 9, 2015 +Signed-off-by Yang Dong <b56112@freescale.com> +--- + X11/xserver-common | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/X11/xserver-common b/X11/xserver-common +index 4dc48c4..d19b858 100644 +--- a/X11/xserver-common ++++ b/X11/xserver-common +@@ -44,6 +44,7 @@ SCREEN_SIZE=`fallback_screen_arg` + export USER=root + export XSERVER_DEFAULT_ORIENTATION=normal + ++INPUT_EXTRA_ARGS="+iglx" + ARGS="-br -pn -nolisten tcp $INPUT_EXTRA_ARGS" + DPI="100" + MOUSE="" +-- +1.9.1 + diff --git a/bsp/meta-freescale/dynamic-layers/openembedded-layer/recipes-graphics/xserver-common/xserver-common_%.bbappend b/bsp/meta-freescale/dynamic-layers/openembedded-layer/recipes-graphics/xserver-common/xserver-common_%.bbappend new file mode 100644 index 00000000..f4f43504 --- /dev/null +++ b/bsp/meta-freescale/dynamic-layers/openembedded-layer/recipes-graphics/xserver-common/xserver-common_%.bbappend @@ -0,0 +1,8 @@ +# i.MX extra configuration +FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" + +SRC_URI_append_imxgpu3d = " \ + file://0016-xserver-common-enable-iglx-module.patch \ +" + +PACKAGE_ARCH_imxgpu3d = "${MACHINE_SOCARCH}" diff --git a/bsp/meta-freescale/dynamic-layers/openembedded-layer/recipes-support/opencv/opencv/0001-MGS-515-ccc-Opencv-app-can-t-run-on-imx6sx-with-cam.patch b/bsp/meta-freescale/dynamic-layers/openembedded-layer/recipes-support/opencv/opencv/0001-MGS-515-ccc-Opencv-app-can-t-run-on-imx6sx-with-cam.patch new file mode 100644 index 00000000..274fbe74 --- /dev/null +++ b/bsp/meta-freescale/dynamic-layers/openembedded-layer/recipes-support/opencv/opencv/0001-MGS-515-ccc-Opencv-app-can-t-run-on-imx6sx-with-cam.patch @@ -0,0 +1,46 @@ +From 90f869763026e8ff18aeecde217d778f00e4f294 Mon Sep 17 00:00:00 2001 +From: Shawn Xiao <b49994@freescale.com> +Date: Tue, 10 Feb 2015 16:11:59 +0800 +Subject: [PATCH] MGS-515 [#ccc] Opencv app can't run on imx6sx with cam + +This issue is caused by the no support of VIDIOC_QUERYCTRL ioctl +item in latest cam driver. + +Modified the errno in check logic to compatible with new driver. + +Feb 10, 2015 + +Upstream-Status: Pending + +Signed-off-by: Shawn Xiao <b49994@freescale.com> +--- + modules/highgui/src/cap_v4l.cpp | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/modules/highgui/src/cap_v4l.cpp b/modules/highgui/src/cap_v4l.cpp +index c9fca05..8c46b6c 100644 +--- a/modules/highgui/src/cap_v4l.cpp ++++ b/modules/highgui/src/cap_v4l.cpp +@@ -707,7 +707,8 @@ static void v4l2_scan_controls(CvCaptureCAM_V4L* capture) + + } else { + +- if (errno == EINVAL) ++ if (errno == ENOTTY || ++ errno == EINVAL) + continue; + + perror ("VIDIOC_QUERYCTRL"); +@@ -774,7 +775,8 @@ static void v4l2_scan_controls(CvCaptureCAM_V4L* capture) + + } else { + +- if (errno == EINVAL) ++ if (errno == ENOTTY || ++ errno == EINVAL) + break; + + perror ("VIDIOC_QUERYCTRL"); +-- +2.3.0 + diff --git a/bsp/meta-freescale/dynamic-layers/openembedded-layer/recipes-support/opencv/opencv_3.4.%.bbappend b/bsp/meta-freescale/dynamic-layers/openembedded-layer/recipes-support/opencv/opencv_3.4.%.bbappend new file mode 100644 index 00000000..3c4c7f5e --- /dev/null +++ b/bsp/meta-freescale/dynamic-layers/openembedded-layer/recipes-support/opencv/opencv_3.4.%.bbappend @@ -0,0 +1,5 @@ +FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" + +SRC_URI_append_mx6sx = " file://0001-MGS-515-ccc-Opencv-app-can-t-run-on-imx6sx-with-cam.patch" + +PACKAGECONFIG_remove_imxgpu2d = "v4l" diff --git a/bsp/meta-freescale/dynamic-layers/openembedded-layer/recipes-support/sg3-utils/sg3-utils_%.bbappend b/bsp/meta-freescale/dynamic-layers/openembedded-layer/recipes-support/sg3-utils/sg3-utils_%.bbappend new file mode 100644 index 00000000..608377e3 --- /dev/null +++ b/bsp/meta-freescale/dynamic-layers/openembedded-layer/recipes-support/sg3-utils/sg3-utils_%.bbappend @@ -0,0 +1 @@ +BBCLASSEXTEND = "native nativesdk" diff --git a/bsp/meta-freescale/dynamic-layers/qt4-layer/recipes-qt4/qt4/qt4-embedded_%.bbappend b/bsp/meta-freescale/dynamic-layers/qt4-layer/recipes-qt4/qt4/qt4-embedded_%.bbappend new file mode 100644 index 00000000..14324ca1 --- /dev/null +++ b/bsp/meta-freescale/dynamic-layers/qt4-layer/recipes-qt4/qt4/qt4-embedded_%.bbappend @@ -0,0 +1 @@ +include qt4-imx-support.inc diff --git a/bsp/meta-freescale/dynamic-layers/qt4-layer/recipes-qt4/qt4/qt4-imx-support.inc b/bsp/meta-freescale/dynamic-layers/qt4-layer/recipes-qt4/qt4/qt4-imx-support.inc new file mode 100644 index 00000000..b7171ebc --- /dev/null +++ b/bsp/meta-freescale/dynamic-layers/qt4-layer/recipes-qt4/qt4/qt4-imx-support.inc @@ -0,0 +1,28 @@ +FILESEXTRAPATHS_prepend := "${THISDIR}/qt4:" + +python __anonymous () { + families = ['mx6'] + cur_families = (d.getVar('MACHINEOVERRIDES', True) or '').split(':') + if any(map(lambda x: x in cur_families, + families)): + d.appendVarFlag('do_configure', 'depends', ' virtual/kernel:do_shared_workdir') +} + +SRC_URI_append_imxgpu2d += " \ + file://0001-Add-support-for-i.MX-codecs-to-phonon.patch \ + file://0002-i.MX-video-renderer-Allow-v4l-device-from-environmen.patch \ + file://0003-i.MX6-force-egl-visual-ID-33.patch \ +" + +DEPENDS_append_imxgpu2d = " virtual/kernel virtual/libgles2" +QT_GLFLAGS_imxgpu2d = "-opengl es2 -openvg" +QT_CONFIG_FLAGS_append_imxgpu2d = " -I${STAGING_KERNEL_DIR}/include/uapi \ + -I${STAGING_KERNEL_DIR}/include/ \ + -DLINUX=1 -DEGL_API_FB=1 \ + -DQT_QPA_EXPERIMENTAL_TOUCHEVENT=1" + +# The QT_CONFIG_FLAGS can pollute *.la files with -Dxxx +do_compile_append_mx6 () { + find lib -name "*.la" | xargs -n1 sed -i 's/-D.*=1//g' +} + diff --git a/bsp/meta-freescale/dynamic-layers/qt4-layer/recipes-qt4/qt4/qt4-x11-free_%.bbappend b/bsp/meta-freescale/dynamic-layers/qt4-layer/recipes-qt4/qt4/qt4-x11-free_%.bbappend new file mode 100644 index 00000000..14324ca1 --- /dev/null +++ b/bsp/meta-freescale/dynamic-layers/qt4-layer/recipes-qt4/qt4/qt4-x11-free_%.bbappend @@ -0,0 +1 @@ +include qt4-imx-support.inc diff --git a/bsp/meta-freescale/dynamic-layers/qt4-layer/recipes-qt4/qt4/qt4/0001-Add-support-for-i.MX-codecs-to-phonon.patch b/bsp/meta-freescale/dynamic-layers/qt4-layer/recipes-qt4/qt4/qt4/0001-Add-support-for-i.MX-codecs-to-phonon.patch new file mode 100644 index 00000000..1213650c --- /dev/null +++ b/bsp/meta-freescale/dynamic-layers/qt4-layer/recipes-qt4/qt4/qt4/0001-Add-support-for-i.MX-codecs-to-phonon.patch @@ -0,0 +1,468 @@ +From 2ff5682e42771519757756dedbf27b7a9e8e25d9 Mon Sep 17 00:00:00 2001 +From: Rogerio Pimentel <rogerio.pimentel@freescale.com> +Date: Tue, 24 Jul 2012 13:47:01 -0300 +Subject: [PATCH] Add support for i.MX codecs to phonon + +Add support for i.MX codecs to phonon + +Signed-off-by: Daniele Dall'Acqua <daniele.d@freescale.com> +Signed-off-by: Rogerio Pimentel <rogerio.pimentel@freescale.com> +--- + src/3rdparty/phonon/gstreamer/abstractrenderer.h | 1 + + src/3rdparty/phonon/gstreamer/mediaobject.cpp | 4 + + src/3rdparty/phonon/gstreamer/videowidget.cpp | 60 ++------ + src/3rdparty/phonon/gstreamer/videowidget.h | 1 + + src/3rdparty/phonon/gstreamer/widgetrenderer.cpp | 169 ++++++++++++++-------- + src/3rdparty/phonon/gstreamer/widgetrenderer.h | 17 ++- + src/3rdparty/phonon/gstreamer/x11renderer.cpp | 22 +--- + 7 files changed, 141 insertions(+), 133 deletions(-) + +diff --git a/src/3rdparty/phonon/gstreamer/abstractrenderer.h b/src/3rdparty/phonon/gstreamer/abstractrenderer.h +index 10a2822..fa0d87d 100644 +--- a/src/3rdparty/phonon/gstreamer/abstractrenderer.h ++++ b/src/3rdparty/phonon/gstreamer/abstractrenderer.h +@@ -49,6 +49,7 @@ public: + virtual bool eventFilter(QEvent *) = 0; + virtual void handlePaint(QPaintEvent *) {} + virtual bool paintsOnWidget() { return true; } // Controls overlays ++ virtual void handleMove(QMoveEvent * event ) {}; + + protected: + VideoWidget *m_videoWidget; +diff --git a/src/3rdparty/phonon/gstreamer/mediaobject.cpp b/src/3rdparty/phonon/gstreamer/mediaobject.cpp +index 23a60c0..f806d64 100644 +--- a/src/3rdparty/phonon/gstreamer/mediaobject.cpp ++++ b/src/3rdparty/phonon/gstreamer/mediaobject.cpp +@@ -515,6 +515,9 @@ void MediaObject::createPipeline() + // reduce buffer overruns as these are not gracefully handled at the moment. + m_audioPipe = gst_element_factory_make("queue", NULL); + g_object_set(G_OBJECT(m_audioPipe), "max-size-time", MAX_QUEUE_TIME, (const char*)NULL); ++ g_object_set(G_OBJECT(m_audioPipe), "max-size-time", 0, (const char*)NULL); ++ g_object_set(G_OBJECT(m_audioPipe), "max-size-buffers", 0, (const char*)NULL); ++ g_object_set(G_OBJECT(m_audioPipe), "max-size-bytes", 0, (const char*)NULL); + gst_bin_add(GST_BIN(m_audioGraph), m_audioPipe); + GstPad *audiopad = gst_element_get_pad (m_audioPipe, "sink"); + gst_element_add_pad (m_audioGraph, gst_ghost_pad_new ("sink", audiopad)); +@@ -527,6 +530,7 @@ void MediaObject::createPipeline() + + m_videoPipe = gst_element_factory_make("queue", NULL); + g_object_set(G_OBJECT(m_videoPipe), "max-size-time", MAX_QUEUE_TIME, (const char*)NULL); ++ g_object_set(G_OBJECT(m_videoPipe), "max-size-time", 33000, (const char*)NULL); + gst_bin_add(GST_BIN(m_videoGraph), m_videoPipe); + GstPad *videopad = gst_element_get_pad (m_videoPipe, "sink"); + gst_element_add_pad (m_videoGraph, gst_ghost_pad_new ("sink", videopad)); +diff --git a/src/3rdparty/phonon/gstreamer/videowidget.cpp b/src/3rdparty/phonon/gstreamer/videowidget.cpp +index a4c6f79..3682d3f 100644 +--- a/src/3rdparty/phonon/gstreamer/videowidget.cpp ++++ b/src/3rdparty/phonon/gstreamer/videowidget.cpp +@@ -83,50 +83,16 @@ void VideoWidget::setupVideoBin() + Q_ASSERT(m_videoBin); + gst_object_ref (GST_OBJECT (m_videoBin)); //Take ownership + gst_object_sink (GST_OBJECT (m_videoBin)); +- +- //The videoplug element is the final element before the pluggable videosink +- m_videoplug = gst_element_factory_make ("identity", NULL); +- +- //Colorspace ensures that the output of the stream matches the input format accepted by our video sink +- m_colorspace = gst_element_factory_make ("ffmpegcolorspace", NULL); +- +- //Video scale is used to prepare the correct aspect ratio and scale. +- GstElement *videoScale = gst_element_factory_make ("videoscale", NULL); +- +- //We need a queue to support the tee from parent node +- GstElement *queue = gst_element_factory_make ("queue", NULL); +- +- if (queue && m_videoBin && videoScale && m_colorspace && videoSink && m_videoplug) { +- //Ensure that the bare essentials are prepared +- gst_bin_add_many (GST_BIN (m_videoBin), queue, m_colorspace, m_videoplug, videoScale, videoSink, (const char*)NULL); +- bool success = false; +- //Video balance controls color/sat/hue in the YUV colorspace +- m_videoBalance = gst_element_factory_make ("videobalance", NULL); +- if (m_videoBalance) { +- // For video balance to work we have to first ensure that the video is in YUV colorspace, +- // then hand it off to the videobalance filter before finally converting it back to RGB. +- // Hence we nede a videoFilter to convert the colorspace before and after videobalance +- GstElement *m_colorspace2 = gst_element_factory_make ("ffmpegcolorspace", NULL); +- gst_bin_add_many(GST_BIN(m_videoBin), m_videoBalance, m_colorspace2, (const char*)NULL); +- success = gst_element_link_many(queue, m_colorspace, m_videoBalance, m_colorspace2, videoScale, m_videoplug, videoSink, (const char*)NULL); +- } else { +- //If video balance is not available, just connect to sink directly +- success = gst_element_link_many(queue, m_colorspace, videoScale, m_videoplug, videoSink, (const char*)NULL); +- } +- +- if (success) { +- GstPad *videopad = gst_element_get_pad (queue, "sink"); +- gst_element_add_pad (m_videoBin, gst_ghost_pad_new ("sink", videopad)); +- gst_object_unref (videopad); +-#ifndef Q_WS_QPA +- QWidget *parentWidget = qobject_cast<QWidget*>(parent()); +- if (parentWidget) +- parentWidget->winId(); // Due to some existing issues with alien in 4.4, +- // we must currently force the creation of a parent widget. +-#endif +- m_isValid = true; //initialization ok, accept input +- } +- } ++ gst_bin_add_many (GST_BIN (m_videoBin), videoSink, NULL); ++ GstPad *videopad = gst_element_get_pad (videoSink,"sink"); ++ gst_element_add_pad (m_videoBin, gst_ghost_pad_new ("sink", videopad)); ++ gst_object_unref (videopad); ++ QWidget *parentWidget = qobject_cast<QWidget*>(parent()); ++ ++ if (parentWidget) ++ parentWidget->winId(); // Due to some existing issues with alien in 4.4, ++ // we must currently force the creation of a parent widget. ++ m_isValid = true; //initialization ok, accept input + } + + void VideoWidget::paintEvent(QPaintEvent *event) +@@ -135,6 +101,12 @@ void VideoWidget::paintEvent(QPaintEvent *event) + m_renderer->handlePaint(event); + } + ++void VideoWidget::moveEvent(QMoveEvent * event ) ++{ ++ Q_ASSERT(m_renderer); ++ m_renderer->handleMove(event); ++} ++ + void VideoWidget::setVisible(bool val) { + Q_ASSERT(m_renderer); + +diff --git a/src/3rdparty/phonon/gstreamer/videowidget.h b/src/3rdparty/phonon/gstreamer/videowidget.h +index 8603f6a..38c7b17 100644 +--- a/src/3rdparty/phonon/gstreamer/videowidget.h ++++ b/src/3rdparty/phonon/gstreamer/videowidget.h +@@ -65,6 +65,7 @@ public: + qreal saturation() const; + void setSaturation(qreal); + void setMovieSize(const QSize &size); ++ void moveEvent(QMoveEvent * event ); + QSize sizeHint() const; + QRect scaleToAspect(QRect srcRect, int w, int h) const; + QRect calculateDrawFrameRect() const; +diff --git a/src/3rdparty/phonon/gstreamer/widgetrenderer.cpp b/src/3rdparty/phonon/gstreamer/widgetrenderer.cpp +index 423af9d..aa4925a 100644 +--- a/src/3rdparty/phonon/gstreamer/widgetrenderer.cpp ++++ b/src/3rdparty/phonon/gstreamer/widgetrenderer.cpp +@@ -15,7 +15,9 @@ + along with this library. If not, see <http://www.gnu.org/licenses/>. + */ + ++#include <QMouseEvent> + #include <QtGui/QPainter> ++#include <QPaintEvent> + #include <gst/gst.h> + #include "common.h" + #include "message.h" +@@ -24,6 +26,18 @@ + #include "widgetrenderer.h" + #include "qrgb.h" + ++#include <stdio.h> ++#include <stdlib.h> ++#include <errno.h> ++#include <stdint.h> ++#include <fcntl.h> ++#include <sys/ioctl.h> ++#include <unistd.h> ++#include <linux/mxcfb.h> ++ ++#define MXCFB_GBL_ALPHA 255 ++#define MXCFB_CLR_KEY 0x00000000 // ARGB8888 ++ + // support old OpenGL installations (1.2) + // assume that if TEXTURE0 isn't defined, none are + #ifndef GL_TEXTURE0 +@@ -35,26 +49,6 @@ + #ifndef QT_NO_PHONON_VIDEO + QT_BEGIN_NAMESPACE + +-static void frameRendered() +-{ +- static QString displayFps = qgetenv("PHONON_GST_FPS"); +- if (displayFps.isEmpty()) +- return; +- +- static int frames = 0; +- static QTime lastTime = QTime::currentTime(); +- QTime time = QTime::currentTime(); +- +- int delta = lastTime.msecsTo(time); +- if (delta > 2000) { +- printf("FPS: %f\n", 1000.0 * frames / qreal(delta)); +- lastTime = time; +- frames = 0; +- } +- +- ++frames; +-} +- + namespace Phonon + { + namespace Gstreamer +@@ -62,17 +56,11 @@ namespace Gstreamer + + WidgetRenderer::WidgetRenderer(VideoWidget *videoWidget) + : AbstractRenderer(videoWidget) +- , m_width(0) +- , m_height(0) + { +- videoWidget->backend()->logMessage("Creating QWidget renderer"); +- if ((m_videoSink = GST_ELEMENT(g_object_new(get_type_RGB(), NULL)))) { +- gst_object_ref (GST_OBJECT (m_videoSink)); //Take ownership ++ if ((m_videoSink = gst_element_factory_make("mfw_v4lsink", NULL)) && m_videoSink != NULL) { ++ ++ gst_object_ref (GST_OBJECT (m_videoSink)); //Take ownership + gst_object_sink (GST_OBJECT (m_videoSink)); +- +- QWidgetVideoSinkBase* sink = reinterpret_cast<QWidgetVideoSinkBase*>(m_videoSink); +- // Let the videosink know which widget to direct frame updates to +- sink->renderWidget = videoWidget; + } + + // Clear the background with black by default +@@ -84,67 +72,124 @@ WidgetRenderer::WidgetRenderer(VideoWidget *videoWidget) + m_videoWidget->setAttribute(Qt::WA_PaintOnScreen, false); + } + +-void WidgetRenderer::setNextFrame(const QByteArray &array, int w, int h) ++WidgetRenderer::~WidgetRenderer() + { +- if (m_videoWidget->root()->state() == Phonon::LoadingState) +- return; +- +- m_frame = QImage(); +- { +- m_frame = QImage((uchar *)array.constData(), w, h, QImage::Format_RGB32); +- } ++ if (m_videoSink) { ++ gst_object_unref (GST_OBJECT (m_videoSink)); ++ m_videoSink = 0; ++ } ++} + +- m_array = array; +- m_width = w; +- m_height = h; ++void WidgetRenderer::setVideoSize(void) ++{ + +- m_videoWidget->update(); ++ int adj_x; ++ int adj_y; ++ ++ QSize wSize = m_videoWidget->size(); ++ m_drawFrameRect = m_videoWidget->calculateDrawFrameRect(); ++ framePos = m_videoWidget->mapToGlobal(QPoint(0,0)); ++ ++ //Center the video in the widget ++ ++ adj_x = (wSize.width()/2) - (m_drawFrameRect.width()/2); ++ adj_y = (wSize.height()/2) - (m_drawFrameRect.height()/2); ++ g_object_set(G_OBJECT(m_videoSink), "axis-left",adj_x + framePos.x(),(const char*)NULL); ++ g_object_set(G_OBJECT(m_videoSink), "axis-top", adj_y + framePos.y(), (const char*)NULL); ++ g_object_set(G_OBJECT(m_videoSink), "disp-width", m_drawFrameRect.width(), (const char*)NULL); ++ g_object_set(G_OBJECT(m_videoSink), "disp-height", m_drawFrameRect.height(), (const char*)NULL); ++ g_object_set(G_OBJECT(m_videoSink), "setpara", 1, (const char*)NULL); + } + + void WidgetRenderer::handleMediaNodeEvent(const MediaNodeEvent *event) + { + switch (event->type()) { +- case MediaNodeEvent::SourceChanged: +- { +- clearFrame(); +- break; +- } + default: + break; + } + } + +-void WidgetRenderer::clearFrame() ++void WidgetRenderer::handlePaint(QPaintEvent *event) + { +- m_frame = QImage(); +- m_array = QByteArray(); +- m_videoWidget->update(); ++ Q_UNUSED(event); ++ QPainter painter(m_videoWidget); ++ painter.fillRect(m_videoWidget->rect(), m_videoWidget->palette().background()); + } + +-const QImage &WidgetRenderer::currentFrame() const ++int WidgetRenderer::setOverlay(void) + { +- return m_frame; ++ struct mxcfb_color_key color_key; ++ struct mxcfb_gbl_alpha alpha; ++ int fd_fb; ++ ++ if ((fd_fb = open("/dev/fb0", O_RDWR, 0)) < 0) ++ { ++ printf("Unable to open %s\n", "/dev/fb0"); ++ return -1; ++ ++ } ++ ++ alpha.alpha = MXCFB_GBL_ALPHA; ++ alpha.enable = 1; ++ ++ if (ioctl(fd_fb, MXCFB_SET_GBL_ALPHA, &alpha) < 0) { ++ printf("Error in applying Alpha\n"); ++ } ++ ++ color_key.color_key = MXCFB_CLR_KEY & 0x00FFFFFF; ++ color_key.enable = 1; ++ if ( ioctl(fd_fb, MXCFB_SET_CLR_KEY, &color_key) < 0) { ++ ++ printf("Error in applying Color Key\n"); ++ return -1; ++ } ++ ++ close (fd_fb); ++ ++ return 0; + } + +-void WidgetRenderer::handlePaint(QPaintEvent *event) ++void WidgetRenderer::handleMove( QMoveEvent * event) + { +- Q_UNUSED(event); +- QPainter painter(m_videoWidget); +- m_drawFrameRect = m_videoWidget->calculateDrawFrameRect(); +- painter.drawImage(drawFrameRect(), currentFrame()); +- frameRendered(); ++ Q_UNUSED(event); ++ ++ if (framePos != m_videoWidget->mapToGlobal(QPoint(0,0))) ++ setVideoSize(); + } + + bool WidgetRenderer::eventFilter(QEvent * event) + { +- if (event->type() == QEvent::User) { +- NewFrameEvent *frameEvent= static_cast <NewFrameEvent *>(event); +- setNextFrame(frameEvent->frame, frameEvent->width, frameEvent->height); +- return true; ++ if (event->type() == QEvent::Show) { ++ ++ setOverlay(); ++ return true; ++ ++ } else if (event->type() == QEvent::Resize) { ++ ++ setVideoSize(); ++ return true; + } ++ if (framePos != m_videoWidget->mapToGlobal(QPoint(0,0))) ++ setVideoSize(); + return false; + } + ++void WidgetRenderer::aspectRatioChanged(Phonon::VideoWidget::AspectRatio) ++{ ++ setVideoSize(); ++} ++ ++void WidgetRenderer::scaleModeChanged(Phonon::VideoWidget::ScaleMode) ++{ ++ setVideoSize(); ++} ++ ++void WidgetRenderer::movieSizeChanged(const QSize &movieSize) ++{ ++ Q_UNUSED(movieSize); ++ setVideoSize(); ++} ++ + } + } //namespace Phonon::Gstreamer + +diff --git a/src/3rdparty/phonon/gstreamer/widgetrenderer.h b/src/3rdparty/phonon/gstreamer/widgetrenderer.h +index 03ee9c0..6de1a03 100644 +--- a/src/3rdparty/phonon/gstreamer/widgetrenderer.h ++++ b/src/3rdparty/phonon/gstreamer/widgetrenderer.h +@@ -40,20 +40,21 @@ class WidgetRenderer : public AbstractRenderer + { + public: + WidgetRenderer(VideoWidget *videoWidget); ++ ~WidgetRenderer(void); + bool eventFilter(QEvent * event); + void handlePaint(QPaintEvent *paintEvent); + void handleMediaNodeEvent(const MediaNodeEvent *event); +- const QImage& currentFrame() const; + QRect drawFrameRect() const { return m_drawFrameRect; } +- void setNextFrame(const QByteArray &array, int width, int height); +- bool frameIsSet() { return !m_array.isNull(); } +- void clearFrame(); ++ void aspectRatioChanged(Phonon::VideoWidget::AspectRatio aspectRatio); ++ void scaleModeChanged(Phonon::VideoWidget::ScaleMode scaleMode); ++ void movieSizeChanged(const QSize &movieSize); ++ void setVideoSize(void); ++ int setOverlay(void); ++ void handleMove(QMoveEvent* event); + private: +- mutable QImage m_frame; +- QByteArray m_array; +- int m_width; +- int m_height; ++ void paintEvent ( QPaintEvent * event ); + QRect m_drawFrameRect; ++ QPoint framePos; + }; + + } +diff --git a/src/3rdparty/phonon/gstreamer/x11renderer.cpp b/src/3rdparty/phonon/gstreamer/x11renderer.cpp +index 968f3a8..c4662e7 100644 +--- a/src/3rdparty/phonon/gstreamer/x11renderer.cpp ++++ b/src/3rdparty/phonon/gstreamer/x11renderer.cpp +@@ -31,6 +31,8 @@ + #include "mediaobject.h" + #include "message.h" + ++#define FSL_GSTREAMER 1 ++ + QT_BEGIN_NAMESPACE + + namespace Phonon +@@ -78,31 +80,16 @@ X11Renderer::~X11Renderer() + { + m_renderWidget->setAttribute(Qt::WA_PaintOnScreen, false); + m_renderWidget->setAttribute(Qt::WA_NoSystemBackground, false); ++ if (m_videoSink) { ++ gst_object_unref (GST_OBJECT (m_videoSink)); ++ } + delete m_renderWidget; + } + + GstElement* X11Renderer::createVideoSink() + { +- GstElement *videoSink = gst_element_factory_make ("xvimagesink", NULL); +- if (videoSink) { +- // Check if the xv sink is usable +- if (gst_element_set_state(videoSink, GST_STATE_READY) != GST_STATE_CHANGE_SUCCESS) { +- gst_object_unref(GST_OBJECT(videoSink)); +- videoSink = 0; +- } else { +- // Note that this should not really be necessary as these are +- // default values, though under certain conditions values are retained +- // even between application instances. (reproducible on 0.10.16/Gutsy) +- g_object_set(G_OBJECT(videoSink), "brightness", 0, (const char*)NULL); +- g_object_set(G_OBJECT(videoSink), "contrast", 0, (const char*)NULL); +- g_object_set(G_OBJECT(videoSink), "hue", 0, (const char*)NULL); +- g_object_set(G_OBJECT(videoSink), "saturation", 0, (const char*)NULL); +- } +- } +- +- if (!videoSink) +- videoSink = gst_element_factory_make ("ximagesink", NULL); + ++ GstElement *videoSink = gst_element_factory_make ("mfw_v4lsink", NULL); + gst_object_ref (GST_OBJECT (videoSink)); //Take ownership + gst_object_sink (GST_OBJECT (videoSink)); + +-- +1.7.1 + diff --git a/bsp/meta-freescale/dynamic-layers/qt4-layer/recipes-qt4/qt4/qt4/0002-i.MX-video-renderer-Allow-v4l-device-from-environmen.patch b/bsp/meta-freescale/dynamic-layers/qt4-layer/recipes-qt4/qt4/qt4/0002-i.MX-video-renderer-Allow-v4l-device-from-environmen.patch new file mode 100644 index 00000000..0226db59 --- /dev/null +++ b/bsp/meta-freescale/dynamic-layers/qt4-layer/recipes-qt4/qt4/qt4/0002-i.MX-video-renderer-Allow-v4l-device-from-environmen.patch @@ -0,0 +1,46 @@ +From 023befba9aad60ef58177fd987a6aa40c357b2b2 Mon Sep 17 00:00:00 2001 +From: Eric Nelson <eric.nelson@boundarydevices.com> +Date: Fri, 16 Aug 2013 11:42:23 -0700 +Subject: [PATCH] i.MX video renderer: Allow v4l device from environment + +The i.MX6 supports multiple IPUs and multiple V4L2 output +devices for each. + +Devices are numbered starting with /dev/video16 and defined +for each configured display. In general, /dev/video16 will +correspond to the RGB (background) layer for /dev/fb0. +If a display is the first on an IPU, an additional V4L2 +output will be defined that corresponds to the normally +YUV overlay (foreground) layer. + +This patch allows association of the proper device for +a particular session for use in multi-headed applications. +The default is /dev/video17: + export v4lsinkdev=/dev/video17 + +Signed-off-by: Eric Nelson <eric.nelson@boundarydevices.com> +--- + src/3rdparty/phonon/gstreamer/widgetrenderer.cpp | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/src/3rdparty/phonon/gstreamer/widgetrenderer.cpp b/src/3rdparty/phonon/gstreamer/widgetrenderer.cpp +index aa4925a..a502ccd 100644 +--- a/src/3rdparty/phonon/gstreamer/widgetrenderer.cpp ++++ b/src/3rdparty/phonon/gstreamer/widgetrenderer.cpp +@@ -58,9 +58,12 @@ WidgetRenderer::WidgetRenderer(VideoWidget *videoWidget) + : AbstractRenderer(videoWidget) + { + if ((m_videoSink = gst_element_factory_make("mfw_v4lsink", NULL)) && m_videoSink != NULL) { +- ++ char *videodev; + gst_object_ref (GST_OBJECT (m_videoSink)); //Take ownership + gst_object_sink (GST_OBJECT (m_videoSink)); ++ videodev=getenv("v4lsinkdev"); ++ if (videodev) ++ g_object_set (G_OBJECT (m_videoSink), "device", videodev, NULL); + } + + // Clear the background with black by default +-- +1.8.1.2 + diff --git a/bsp/meta-freescale/dynamic-layers/qt4-layer/recipes-qt4/qt4/qt4/0003-i.MX6-force-egl-visual-ID-33.patch b/bsp/meta-freescale/dynamic-layers/qt4-layer/recipes-qt4/qt4/qt4/0003-i.MX6-force-egl-visual-ID-33.patch new file mode 100644 index 00000000..9aa158d7 --- /dev/null +++ b/bsp/meta-freescale/dynamic-layers/qt4-layer/recipes-qt4/qt4/qt4/0003-i.MX6-force-egl-visual-ID-33.patch @@ -0,0 +1,35 @@ +From: Javier Viguera <javier.viguera@digi.com> +Date: Mon, 3 Mar 2014 17:10:41 +0100 +Subject: [PATCH] i.MX6: force egl visual ID 33 + +Workaround mismatch between EGL binary libraries and QT for FSL MX6 +based platforms. + +Error: +Warning: EGL suggested using X Visual ID 33 (ARGB0888) for EGL config 28 (ARGB0444), but this is incompatable +Unable to find an X11 visual which matches EGL config 28 + +Patch adapted from: + +http://wiki.wandboard.org/index.php/Integrate_Qt5_into_yocto_sato_image_on_Wandboard + +Upstream-Status: Inappropriate [workaround] + +Signed-off-by: Javier Viguera <javier.viguera@digi.com> +--- + src/gui/egl/qegl_x11.cpp | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/gui/egl/qegl_x11.cpp b/src/gui/egl/qegl_x11.cpp +index 196d0f77bf2d..8acf5a6c99d4 100644 +--- a/src/gui/egl/qegl_x11.cpp ++++ b/src/gui/egl/qegl_x11.cpp +@@ -319,7 +319,7 @@ VisualID QEgl::getCompatibleVisualId(EGLConfig config) + } + + qWarning("Unable to find an X11 visual which matches EGL config %d", configId); +- return (VisualID)0; ++ return (VisualID)33; + } + + void qt_set_winid_on_widget(QWidget* w, Qt::HANDLE id) diff --git a/bsp/meta-freescale/dynamic-layers/qt4-layer/recipes-qt4/qt4/qt4/mx6/g++.conf b/bsp/meta-freescale/dynamic-layers/qt4-layer/recipes-qt4/qt4/qt4/mx6/g++.conf new file mode 100644 index 00000000..915ecba0 --- /dev/null +++ b/bsp/meta-freescale/dynamic-layers/qt4-layer/recipes-qt4/qt4/qt4/mx6/g++.conf @@ -0,0 +1,40 @@ +# +# qmake configuration for common gcc +# + +QMAKE_COMPILER = gcc + +QMAKE_CC = $(OE_QMAKE_CC) +QMAKE_CFLAGS += $(OE_QMAKE_CFLAGS) -DLINUX=1 -DEGL_API_FB=1 +QMAKE_CFLAGS_RELEASE_WITH_DEBUGINFO += $(OE_QMAKE_CFLAGS) +QMAKE_CFLAGS_PRECOMPILE += -x c-header -c ${QMAKE_PCH_INPUT} -o ${QMAKE_PCH_OUTPUT} +QMAKE_CFLAGS_USE_PRECOMPILE += -include ${QMAKE_PCH_OUTPUT_BASE} + +QMAKE_CXX = $(OE_QMAKE_CXX) +QMAKE_CXXFLAGS += $(OE_QMAKE_CXXFLAGS) -DLINUX=1 -DEGL_API_FB=1 +QMAKE_CXXFLAGS_RELEASE_WITH_DEBUGINFO += $$QMAKE_CFLAGS_RELEASE_WITH_DEBUGINFO +QMAKE_CXXFLAGS_PRECOMPILE += -x c++-header -c ${QMAKE_PCH_INPUT} -o ${QMAKE_PCH_OUTPUT} +QMAKE_CXXFLAGS_USE_PRECOMPILE = $$QMAKE_CFLAGS_USE_PRECOMPILE + +QMAKE_LINK = $(OE_QMAKE_LINK) +QMAKE_LINK_SHLIB = $(OE_QMAKE_LINK) +QMAKE_LINK_C = $(OE_QMAKE_LINK) +QMAKE_LINK_C_SHLIB = $(OE_QMAKE_LINK) +QMAKE_LFLAGS += $(OE_QMAKE_LDFLAGS) +QMAKE_LFLAGS_NOUNDEF += -Wl,--no-undefined +QMAKE_LFLAGS_RPATH = -Wl,-rpath-link, + +QMAKE_PCH_OUTPUT_EXT = .gch + +# -Bsymbolic-functions (ld) support +QMAKE_LFLAGS_BSYMBOLIC_FUNC = -Wl,-Bsymbolic-functions +QMAKE_LFLAGS_DYNAMIC_LIST = -Wl,--dynamic-list, + +# do not depend on gdb +CONFIG -= gdb_dwarf_index + +# some linking helper... +CONFIG += rpath_libdirs + +# for the SDK +isEmpty(QMAKE_QT_CONFIG):QMAKE_QT_CONFIG = $(OE_QMAKE_QT_CONFIG) diff --git a/bsp/meta-freescale/dynamic-layers/qt4-layer/recipes-qt4/qt4/qt4/mx6/linux.conf b/bsp/meta-freescale/dynamic-layers/qt4-layer/recipes-qt4/qt4/qt4/mx6/linux.conf new file mode 100644 index 00000000..c644d8ba --- /dev/null +++ b/bsp/meta-freescale/dynamic-layers/qt4-layer/recipes-qt4/qt4/qt4/mx6/linux.conf @@ -0,0 +1,66 @@ +# +# qmake configuration for common linux +# + +QMAKE_CFLAGS_THREAD += -D_REENTRANT +QMAKE_CXXFLAGS_THREAD += $$QMAKE_CFLAGS_THREAD + +QMAKE_INCDIR = +QMAKE_LIBDIR = +QMAKE_INCDIR_X11 = +QMAKE_LIBDIR_X11 = +QMAKE_INCDIR_QT = $(OE_QMAKE_INCDIR_QT) +QMAKE_LIBDIR_QT = $(OE_QMAKE_LIBDIR_QT) +QMAKE_INCDIR_OPENGL = +QMAKE_LIBDIR_OPENGL = +QMAKE_INCDIR_OPENGL_ES1 = $$QMAKE_INCDIR_OPENGL +QMAKE_LIBDIR_OPENGL_ES1 = $$QMAKE_LIBDIR_OPENGL +QMAKE_INCDIR_OPENGL_ES2 = $$QMAKE_INCDIR_OPENGL +QMAKE_LIBDIR_OPENGL_ES2 = $$QMAKE_LIBDIR_OPENGL +QMAKE_INCDIR_EGL = +QMAKE_LIBDIR_EGL = +QMAKE_INCDIR_OPENVG = +QMAKE_LIBDIR_OPENVG = + + +QMAKE_LIBS = +QMAKE_LIBS_DYNLOAD = -ldl +QMAKE_LIBS_X11 = $(OE_QMAKE_LIBS_X11) +QMAKE_LIBS_X11SM = $(OE_QMAKE_LIBS_X11SM) +QMAKE_LIBS_NIS = -lnsl +QMAKE_LIBS_EGL = -lEGL -lGAL -DLINUX=1 -DEGL_API_FB=1 +QMAKE_LIBS_OPENGL = -lGL +QMAKE_LIBS_OPENGL_QT = -lGL +QMAKE_LIBS_OPENGL_ES1 = -lGLES_CM +QMAKE_LIBS_OPENGL_ES2 = -lGLESv2 -lGAL -lEGL -DLINUX=1 -DEGL_API_FB=1 +QMAKE_LIBS_OPENVG = -lOpenVG -lGAL -lEGL -DLINUX=1 -DEGL_API_FB=1 +QMAKE_LIBS_THREAD = -lpthread + +QMAKE_MOC = $(OE_QMAKE_MOC) +QMAKE_UIC = $(OE_QMAKE_UIC) +QMAKE_UIC3 = $(OE_QMAKE_UIC3) +QMAKE_RCC = $(OE_QMAKE_RCC) +QMAKE_QDBUSCPP2XML = $(OE_QMAKE_QDBUSCPP2XML) +QMAKE_QDBUSXML2CPP = $(OE_QMAKE_QDBUSXML2CPP) + +QMAKE_AR = $(OE_QMAKE_AR) cqs +QMAKE_OBJCOPY = objcopy +QMAKE_RANLIB = + +QMAKE_TAR = tar -cf +QMAKE_GZIP = gzip -9f + +QMAKE_COPY = cp -f +QMAKE_COPY_FILE = $(COPY) +QMAKE_COPY_DIR = $(COPY) -r +QMAKE_MOVE = mv -f +QMAKE_DEL_FILE = rm -f +QMAKE_DEL_DIR = rmdir +QMAKE_STRIP = $(OE_QMAKE_STRIP) +QMAKE_STRIPFLAGS_LIB += --strip-unneeded +QMAKE_CHK_DIR_EXISTS = test -d +QMAKE_MKDIR = mkdir -p +QMAKE_INSTALL_FILE = install -m 644 -p +QMAKE_INSTALL_PROGRAM = install -m 755 -p + +include(unix.conf) diff --git a/bsp/meta-freescale/dynamic-layers/qt5-layer/recipes-qt/qt5/qtbase/0001-egl.prf-Fix-build-error-when-egl-headers-need-platfo.patch b/bsp/meta-freescale/dynamic-layers/qt5-layer/recipes-qt/qt5/qtbase/0001-egl.prf-Fix-build-error-when-egl-headers-need-platfo.patch new file mode 100644 index 00000000..7e625fd1 --- /dev/null +++ b/bsp/meta-freescale/dynamic-layers/qt5-layer/recipes-qt/qt5/qtbase/0001-egl.prf-Fix-build-error-when-egl-headers-need-platfo.patch @@ -0,0 +1,32 @@ +From 3f9703fecd670b36030e1093466f6d11b370c19f Mon Sep 17 00:00:00 2001 +From: Yuqing Zhu <carol.zhu@nxp.com> +Date: Mon, 27 Mar 2017 15:33:35 +0800 +Subject: [PATCH] egl.prf: Fix build error when egl headers need platform + definition + +Gain the value through pkg-config and pass it through QMAKE_CFLAGS_EGL. + +Upstream-Status: Pending + +Signed-off-by: Yuqing Zhu <carol.zhu@nxp.com> +--- + mkspecs/features/egl.prf | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/mkspecs/features/egl.prf b/mkspecs/features/egl.prf +index 9fa0c9e..85d5852 100644 +--- a/mkspecs/features/egl.prf ++++ b/mkspecs/features/egl.prf +@@ -1,3 +1,9 @@ ++# egl headers need a definition ++PKG_CONFIG = $$pkgConfigExecutable() ++PKGCONFIG_CFLAGS = $$system($$PKG_CONFIG --cflags egl) ++PKGCONFIG_CFLAGS = $$find(PKGCONFIG_CFLAGS, ^-D.*) ++QMAKE_CFLAGS_EGL = $$PKGCONFIG_CFLAGS ++ + INCLUDEPATH += $$QMAKE_INCDIR_EGL + LIBS_PRIVATE += $$QMAKE_LIBS_EGL + QMAKE_CFLAGS += $$QMAKE_CFLAGS_EGL +-- +1.9.1 + diff --git a/bsp/meta-freescale/dynamic-layers/qt5-layer/recipes-qt/qt5/qtbase/0014-Add-IMX-GPU-support.patch b/bsp/meta-freescale/dynamic-layers/qt5-layer/recipes-qt/qt5/qtbase/0014-Add-IMX-GPU-support.patch new file mode 100644 index 00000000..e86d9ed5 --- /dev/null +++ b/bsp/meta-freescale/dynamic-layers/qt5-layer/recipes-qt/qt5/qtbase/0014-Add-IMX-GPU-support.patch @@ -0,0 +1,14 @@ +Index: git/mkspecs/linux-oe-g++/qmake.conf +=================================================================== +--- git.orig/mkspecs/linux-oe-g++/qmake.conf 2017-06-26 10:20:57.139653321 -0500 ++++ git/mkspecs/linux-oe-g++/qmake.conf 2017-06-26 10:30:12.000000000 -0500 +@@ -39,5 +39,9 @@ + + include(../oe-device-extra.pri) + ++QMAKE_LIBS_EGL += -lEGL ++QMAKE_LIBS_OPENGL_ES2 += -lEGL -lGLESv2 ++QMAKE_LIBS_OPENVG += -lEGL -lOpenVG ++ + load(device_config) + load(qt_config) diff --git a/bsp/meta-freescale/dynamic-layers/qt5-layer/recipes-qt/qt5/qtbase/0015-Add-eglfs-to-IMX-GPU.patch b/bsp/meta-freescale/dynamic-layers/qt5-layer/recipes-qt/qt5/qtbase/0015-Add-eglfs-to-IMX-GPU.patch new file mode 100644 index 00000000..8e7129e3 --- /dev/null +++ b/bsp/meta-freescale/dynamic-layers/qt5-layer/recipes-qt/qt5/qtbase/0015-Add-eglfs-to-IMX-GPU.patch @@ -0,0 +1,13 @@ +Index: git/mkspecs/linux-oe-g++/qmake.conf +=================================================================== +--- git.orig/mkspecs/linux-oe-g++/qmake.conf 2016-12-14 17:03:17.000000000 -0600 ++++ git/mkspecs/linux-oe-g++/qmake.conf 2016-12-14 17:06:23.000000000 -0600 +@@ -37,6 +37,8 @@ QMAKE_LINK_C_SHLIB = $$(OE_QMAKE_LINK) + # for the SDK + isEmpty(QMAKE_QT_CONFIG):QMAKE_QT_CONFIG = $$(OE_QMAKE_QT_CONFIG) + ++EGLFS_DEVICE_INTEGRATION = eglfs_viv ++ + include(../oe-device-extra.pri) + + QMAKE_LIBS_EGL += -lEGL diff --git a/bsp/meta-freescale/dynamic-layers/qt5-layer/recipes-qt/qt5/qtbase/0016-Configure-eglfs-with-egl-pkg-config.patch b/bsp/meta-freescale/dynamic-layers/qt5-layer/recipes-qt/qt5/qtbase/0016-Configure-eglfs-with-egl-pkg-config.patch new file mode 100644 index 00000000..a245d79a --- /dev/null +++ b/bsp/meta-freescale/dynamic-layers/qt5-layer/recipes-qt/qt5/qtbase/0016-Configure-eglfs-with-egl-pkg-config.patch @@ -0,0 +1,13 @@ +Index: git/src/plugins/platforms/eglfs/eglfs-plugin.pro +=================================================================== +--- git.orig/src/plugins/platforms/eglfs/eglfs-plugin.pro 2017-01-04 16:54:05.000000000 -0600 ++++ git/src/plugins/platforms/eglfs/eglfs-plugin.pro 2017-01-04 16:56:25.000000000 -0600 +@@ -2,6 +2,8 @@ + + QT += platformsupport-private eglfs_device_lib-private + ++CONFIG += egl ++ + SOURCES += $$PWD/qeglfsmain.cpp + + OTHER_FILES += $$PWD/eglfs.json diff --git a/bsp/meta-freescale/dynamic-layers/qt5-layer/recipes-qt/qt5/qtbase_%.bbappend b/bsp/meta-freescale/dynamic-layers/qt5-layer/recipes-qt/qt5/qtbase_%.bbappend new file mode 100644 index 00000000..08a2cbe3 --- /dev/null +++ b/bsp/meta-freescale/dynamic-layers/qt5-layer/recipes-qt/qt5/qtbase_%.bbappend @@ -0,0 +1,32 @@ +# Copyright (C) 2013 Eric Bénard - Eukréa Electromatique +# Copyright (C) 2016 Freescale Semiconductor +# Copyright (C) 2016, 2017 O.S. Systems Software LTDA. +# Copyright (C) 2017-2018 NXP + +FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" + +SRC_URI_append_imxgpu2d = " \ + file://0014-Add-IMX-GPU-support.patch \ + file://0001-egl.prf-Fix-build-error-when-egl-headers-need-platfo.patch \ +" +SRC_URI_APPEND_3D_NOT_X11 = " \ + file://0015-Add-eglfs-to-IMX-GPU.patch \ + file://0016-Configure-eglfs-with-egl-pkg-config.patch \ +" +SRC_URI_append_imxgpu3d = " \ + ${@bb.utils.contains('DISTRO_FEATURES', 'x11', '', '${SRC_URI_APPEND_3D_NOT_X11}', d)} \ +" + +PACKAGECONFIG_GL_imxpxp = "gles2" +PACKAGECONFIG_GL_imxgpu2d = "${@bb.utils.contains('DISTRO_FEATURES', 'x11', ' gl', '', d)}" +PACKAGECONFIG_GL_imxgpu3d = "gles2" +PACKAGECONFIG_GL_append_use-mainline-bsp = " gbm kms" + +PACKAGECONFIG_PLATFORM = "" +PACKAGECONFIG_PLATFORM_imxgpu2d = "no-opengl linuxfb" +PACKAGECONFIG_PLATFORM_imxgpu3d = " \ + ${@bb.utils.contains('DISTRO_FEATURES', 'x11', '', \ + bb.utils.contains('DISTRO_FEATURES', 'wayland', '', \ + 'eglfs', d), d)}" +PACKAGECONFIG_PLATFORM_use-mainline-bsp = "${@bb.utils.contains('DISTRO_FEATURES', 'x11', '', 'eglfs', d)}" +PACKAGECONFIG += "${PACKAGECONFIG_PLATFORM}" diff --git a/bsp/meta-freescale/dynamic-layers/qt5-layer/recipes-qt/qt5/qtwayland_%.bbappend b/bsp/meta-freescale/dynamic-layers/qt5-layer/recipes-qt/qt5/qtwayland_%.bbappend new file mode 100644 index 00000000..7f61dc50 --- /dev/null +++ b/bsp/meta-freescale/dynamic-layers/qt5-layer/recipes-qt/qt5/qtwayland_%.bbappend @@ -0,0 +1,2 @@ +# etnaviv mesa does not have glx +PACKAGECONFIG_remove_use-mainline-bsp = "xcomposite-glx" diff --git a/bsp/meta-freescale/dynamic-layers/virtualization-layer/recipes-extended/libvirt/libvirt/qoriq-ppc/qemu.conf b/bsp/meta-freescale/dynamic-layers/virtualization-layer/recipes-extended/libvirt/libvirt/qoriq-ppc/qemu.conf new file mode 100644 index 00000000..cc22fa13 --- /dev/null +++ b/bsp/meta-freescale/dynamic-layers/virtualization-layer/recipes-extended/libvirt/libvirt/qoriq-ppc/qemu.conf @@ -0,0 +1,465 @@ +# Master configuration file for the QEMU driver. +# All settings described here are optional - if omitted, sensible +# defaults are used. + +# VNC is configured to listen on 127.0.0.1 by default. +# To make it listen on all public interfaces, uncomment +# this next option. +# +# NB, strong recommendation to enable TLS + x509 certificate +# verification when allowing public access +# +#vnc_listen = "0.0.0.0" + +# Enable this option to have VNC served over an automatically created +# unix socket. This prevents unprivileged access from users on the +# host machine, though most VNC clients do not support it. +# +# This will only be enabled for VNC configurations that do not have +# a hardcoded 'listen' or 'socket' value. This setting takes preference +# over vnc_listen. +# +#vnc_auto_unix_socket = 1 + +# Enable use of TLS encryption on the VNC server. This requires +# a VNC client which supports the VeNCrypt protocol extension. +# Examples include vinagre, virt-viewer, virt-manager and vencrypt +# itself. UltraVNC, RealVNC, TightVNC do not support this +# +# It is necessary to setup CA and issue a server certificate +# before enabling this. +# +#vnc_tls = 1 + + +# Use of TLS requires that x509 certificates be issued. The +# default it to keep them in /etc/pki/libvirt-vnc. This directory +# must contain +# +# ca-cert.pem - the CA master certificate +# server-cert.pem - the server certificate signed with ca-cert.pem +# server-key.pem - the server private key +# +# This option allows the certificate directory to be changed +# +#vnc_tls_x509_cert_dir = "/etc/pki/libvirt-vnc" + + +# The default TLS configuration only uses certificates for the server +# allowing the client to verify the server's identity and establish +# an encrypted channel. +# +# It is possible to use x509 certificates for authentication too, by +# issuing a x509 certificate to every client who needs to connect. +# +# Enabling this option will reject any client who does not have a +# certificate signed by the CA in /etc/pki/libvirt-vnc/ca-cert.pem +# +#vnc_tls_x509_verify = 1 + + +# The default VNC password. Only 8 letters are significant for +# VNC passwords. This parameter is only used if the per-domain +# XML config does not already provide a password. To allow +# access without passwords, leave this commented out. An empty +# string will still enable passwords, but be rejected by QEMU, +# effectively preventing any use of VNC. Obviously change this +# example here before you set this. +# +#vnc_password = "XYZ12345" + + +# Enable use of SASL encryption on the VNC server. This requires +# a VNC client which supports the SASL protocol extension. +# Examples include vinagre, virt-viewer and virt-manager +# itself. UltraVNC, RealVNC, TightVNC do not support this +# +# It is necessary to configure /etc/sasl2/qemu.conf to choose +# the desired SASL plugin (eg, GSSPI for Kerberos) +# +#vnc_sasl = 1 + + +# The default SASL configuration file is located in /etc/sasl2/ +# When running libvirtd unprivileged, it may be desirable to +# override the configs in this location. Set this parameter to +# point to the directory, and create a qemu.conf in that location +# +#vnc_sasl_dir = "/some/directory/sasl2" + + +# QEMU implements an extension for providing audio over a VNC connection, +# though if your VNC client does not support it, your only chance for getting +# sound output is through regular audio backends. By default, libvirt will +# disable all QEMU sound backends if using VNC, since they can cause +# permissions issues. Enabling this option will make libvirtd honor the +# QEMU_AUDIO_DRV environment variable when using VNC. +# +#vnc_allow_host_audio = 0 + + + +# SPICE is configured to listen on 127.0.0.1 by default. +# To make it listen on all public interfaces, uncomment +# this next option. +# +# NB, strong recommendation to enable TLS + x509 certificate +# verification when allowing public access +# +#spice_listen = "0.0.0.0" + + +# Enable use of TLS encryption on the SPICE server. +# +# It is necessary to setup CA and issue a server certificate +# before enabling this. +# +#spice_tls = 1 + + +# Use of TLS requires that x509 certificates be issued. The +# default it to keep them in /etc/pki/libvirt-spice. This directory +# must contain +# +# ca-cert.pem - the CA master certificate +# server-cert.pem - the server certificate signed with ca-cert.pem +# server-key.pem - the server private key +# +# This option allows the certificate directory to be changed. +# +#spice_tls_x509_cert_dir = "/etc/pki/libvirt-spice" + + +# The default SPICE password. This parameter is only used if the +# per-domain XML config does not already provide a password. To +# allow access without passwords, leave this commented out. An +# empty string will still enable passwords, but be rejected by +# QEMU, effectively preventing any use of SPICE. Obviously change +# this example here before you set this. +# +#spice_password = "XYZ12345" + + +# Enable use of SASL encryption on the SPICE server. This requires +# a SPICE client which supports the SASL protocol extension. +# +# It is necessary to configure /etc/sasl2/qemu.conf to choose +# the desired SASL plugin (eg, GSSPI for Kerberos) +# +#spice_sasl = 1 + +# The default SASL configuration file is located in /etc/sasl2/ +# When running libvirtd unprivileged, it may be desirable to +# override the configs in this location. Set this parameter to +# point to the directory, and create a qemu.conf in that location +# +#spice_sasl_dir = "/some/directory/sasl2" + + +# By default, if no graphical front end is configured, libvirt will disable +# QEMU audio output since directly talking to alsa/pulseaudio may not work +# with various security settings. If you know what you're doing, enable +# the setting below and libvirt will passthrough the QEMU_AUDIO_DRV +# environment variable when using nographics. +# +#nographics_allow_host_audio = 1 + + +# Override the port for creating both VNC and SPICE sessions (min). +# This defaults to 5900 and increases for consecutive sessions +# or when ports are occupied, until it hits the maximum. +# +# Minimum must be greater than or equal to 5900 as lower number would +# result into negative vnc display number. +# +# Maximum must be less than 65536, because higher numbers do not make +# sense as a port number. +# +#remote_display_port_min = 5900 +#remote_display_port_max = 65535 + +# VNC WebSocket port policies, same rules apply as with remote display +# ports. VNC WebSockets use similar display <-> port mappings, with +# the exception being that ports starts from 5700 instead of 5900. +# +#remote_websocket_port_min = 5700 +#remote_websocket_port_max = 65535 + +# The default security driver is SELinux. If SELinux is disabled +# on the host, then the security driver will automatically disable +# itself. If you wish to disable QEMU SELinux security driver while +# leaving SELinux enabled for the host in general, then set this +# to 'none' instead. It's also possible to use more than one security +# driver at the same time, for this use a list of names separated by +# comma and delimited by square brackets. For example: +# +# security_driver = [ "selinux", "apparmor" ] +# +# Notes: The DAC security driver is always enabled; as a result, the +# value of security_driver cannot contain "dac". The value "none" is +# a special value; security_driver can be set to that value in +# isolation, but it cannot appear in a list of drivers. +# +#security_driver = "selinux" + +# If set to non-zero, then the default security labeling +# will make guests confined. If set to zero, then guests +# will be unconfined by default. Defaults to 1. +#security_default_confined = 1 + +# If set to non-zero, then attempts to create unconfined +# guests will be blocked. Defaults to 0. +#security_require_confined = 1 + +# The user for QEMU processes run by the system instance. It can be +# specified as a user name or as a user id. The qemu driver will try to +# parse this value first as a name and then, if the name doesn't exist, +# as a user id. +# +# Since a sequence of digits is a valid user name, a leading plus sign +# can be used to ensure that a user id will not be interpreted as a user +# name. +# +# Some examples of valid values are: +# +# user = "qemu" # A user named "qemu" +# user = "+0" # Super user (uid=0) +# user = "100" # A user named "100" or a user with uid=100 +# +#user = "root" + +# The group for QEMU processes run by the system instance. It can be +# specified in a similar way to user. +#group = "root" + +# Whether libvirt should dynamically change file ownership +# to match the configured user/group above. Defaults to 1. +# Set to 0 to disable file ownership changes. +#dynamic_ownership = 1 + + +# What cgroup controllers to make use of with QEMU guests +# +# - 'cpu' - use for schedular tunables +# - 'devices' - use for device whitelisting +# - 'memory' - use for memory tunables +# - 'blkio' - use for block devices I/O tunables +# - 'cpuset' - use for CPUs and memory nodes +# - 'cpuacct' - use for CPUs statistics. +# +# NB, even if configured here, they won't be used unless +# the administrator has mounted cgroups, e.g.: +# +# mkdir /dev/cgroup +# mount -t cgroup -o devices,cpu,memory,blkio,cpuset none /dev/cgroup +# +# They can be mounted anywhere, and different controllers +# can be mounted in different locations. libvirt will detect +# where they are located. +# +#cgroup_controllers = [ "cpu", "devices", "memory", "blkio", "cpuset", "cpuacct" ] + +# This is the basic set of devices allowed / required by +# all virtual machines. +# +# As well as this, any configured block backed disks, +# all sound device, and all PTY devices are allowed. +# +# This will only need setting if newer QEMU suddenly +# wants some device we don't already know about. +# +cgroup_device_acl = [ + "/dev/null", "/dev/full", "/dev/zero", + "/dev/random", "/dev/urandom", + "/dev/ptmx", "/dev/kvm", "/dev/kqemu", + "/dev/rtc", "/dev/hpet", "/dev/vfio/vfio", "/dev/net/tun" +] + + +# The default format for Qemu/KVM guest save images is raw; that is, the +# memory from the domain is dumped out directly to a file. If you have +# guests with a large amount of memory, however, this can take up quite +# a bit of space. If you would like to compress the images while they +# are being saved to disk, you can also set "lzop", "gzip", "bzip2", or "xz" +# for save_image_format. Note that this means you slow down the process of +# saving a domain in order to save disk space; the list above is in descending +# order by performance and ascending order by compression ratio. +# +# save_image_format is used when you use 'virsh save' or 'virsh managedsave' +# at scheduled saving, and it is an error if the specified save_image_format +# is not valid, or the requested compression program can't be found. +# +# dump_image_format is used when you use 'virsh dump' at emergency +# crashdump, and if the specified dump_image_format is not valid, or +# the requested compression program can't be found, this falls +# back to "raw" compression. +# +# snapshot_image_format specifies the compression algorithm of the memory save +# image when an external snapshot of a domain is taken. This does not apply +# on disk image format. It is an error if the specified format isn't valid, +# or the requested compression program can't be found. +# +#save_image_format = "raw" +#dump_image_format = "raw" +#snapshot_image_format = "raw" + +# When a domain is configured to be auto-dumped when libvirtd receives a +# watchdog event from qemu guest, libvirtd will save dump files in directory +# specified by auto_dump_path. Default value is /var/lib/libvirt/qemu/dump +# +#auto_dump_path = "/var/lib/libvirt/qemu/dump" + +# When a domain is configured to be auto-dumped, enabling this flag +# has the same effect as using the VIR_DUMP_BYPASS_CACHE flag with the +# virDomainCoreDump API. That is, the system will avoid using the +# file system cache while writing the dump file, but may cause +# slower operation. +# +#auto_dump_bypass_cache = 0 + +# When a domain is configured to be auto-started, enabling this flag +# has the same effect as using the VIR_DOMAIN_START_BYPASS_CACHE flag +# with the virDomainCreateWithFlags API. That is, the system will +# avoid using the file system cache when restoring any managed state +# file, but may cause slower operation. +# +#auto_start_bypass_cache = 0 + +# If provided by the host and a hugetlbfs mount point is configured, +# a guest may request huge page backing. When this mount point is +# unspecified here, determination of a host mount point in /proc/mounts +# will be attempted. Specifying an explicit mount overrides detection +# of the same in /proc/mounts. Setting the mount point to "" will +# disable guest hugepage backing. +# +# NB, within this mount point, guests will create memory backing files +# in a location of $MOUNTPOINT/libvirt/qemu +# +#hugetlbfs_mount = "/dev/hugepages" + + +# Path to the setuid helper for creating tap devices. This executable +# is used to create <source type='bridge'> interfaces when libvirtd is +# running unprivileged. libvirt invokes the helper directly, instead +# of using "-netdev bridge", for security reasons. +#bridge_helper = "/usr/libexec/qemu-bridge-helper" + + + +# If clear_emulator_capabilities is enabled, libvirt will drop all +# privileged capabilities of the QEmu/KVM emulator. This is enabled by +# default. +# +# Warning: Disabling this option means that a compromised guest can +# exploit the privileges and possibly do damage to the host. +# +#clear_emulator_capabilities = 1 + + +# If enabled, libvirt will have QEMU set its process name to +# "qemu:VM_NAME", where VM_NAME is the name of the VM. The QEMU +# process will appear as "qemu:VM_NAME" in process listings and +# other system monitoring tools. By default, QEMU does not set +# its process title, so the complete QEMU command (emulator and +# its arguments) appear in process listings. +# +#set_process_name = 1 + + +# If max_processes is set to a positive integer, libvirt will use +# it to set the maximum number of processes that can be run by qemu +# user. This can be used to override default value set by host OS. +# The same applies to max_files which sets the limit on the maximum +# number of opened files. +# +#max_processes = 0 +#max_files = 0 + + + +# mac_filter enables MAC addressed based filtering on bridge ports. +# This currently requires ebtables to be installed. +# +#mac_filter = 1 + + +# By default, PCI devices below non-ACS switch are not allowed to be assigned +# to guests. By setting relaxed_acs_check to 1 such devices will be allowed to +# be assigned to guests. +# +#relaxed_acs_check = 1 + + +# If allow_disk_format_probing is enabled, libvirt will probe disk +# images to attempt to identify their format, when not otherwise +# specified in the XML. This is disabled by default. +# +# WARNING: Enabling probing is a security hole in almost all +# deployments. It is strongly recommended that users update their +# guest XML <disk> elements to include <driver type='XXXX'/> +# elements instead of enabling this option. +# +#allow_disk_format_probing = 1 + + +# To enable 'Sanlock' project based locking of the file +# content (to prevent two VMs writing to the same +# disk), uncomment this +# +#lock_manager = "sanlock" + + + +# Set limit of maximum APIs queued on one domain. All other APIs +# over this threshold will fail on acquiring job lock. Specially, +# setting to zero turns this feature off. +# Note, that job lock is per domain. +# +#max_queued = 0 + +################################################################### +# Keepalive protocol: +# This allows qemu driver to detect broken connections to remote +# libvirtd during peer-to-peer migration. A keepalive message is +# sent to the deamon after keepalive_interval seconds of inactivity +# to check if the deamon is still responding; keepalive_count is a +# maximum number of keepalive messages that are allowed to be sent +# to the deamon without getting any response before the connection +# is considered broken. In other words, the connection is +# automatically closed approximately after +# keepalive_interval * (keepalive_count + 1) seconds since the last +# message received from the deamon. If keepalive_interval is set to +# -1, qemu driver will not send keepalive requests during +# peer-to-peer migration; however, the remote libvirtd can still +# send them and source libvirtd will send responses. When +# keepalive_count is set to 0, connections will be automatically +# closed after keepalive_interval seconds of inactivity without +# sending any keepalive messages. +# +#keepalive_interval = 5 +#keepalive_count = 5 + + + +# Use seccomp syscall whitelisting in QEMU. +# 1 = on, 0 = off, -1 = use QEMU default +# Defaults to -1. +# +#seccomp_sandbox = 1 + + + +# Override the listen address for all incoming migrations. Defaults to +# 0.0.0.0 or :: in case if both host and qemu are capable of IPv6. +#migration_address = "127.0.0.1" + + +# Override the port range used for incoming migrations. +# +# Minimum must be greater than 0, however when QEMU is not running as root, +# setting the minimum to be lower than 1024 will not work. +# +# Maximum must not be greater than 65535. +# +#migration_port_min = 49152 +#migration_port_max = 49215 diff --git a/bsp/meta-freescale/dynamic-layers/virtualization-layer/recipes-extended/libvirt/libvirt_%.bbappend b/bsp/meta-freescale/dynamic-layers/virtualization-layer/recipes-extended/libvirt/libvirt_%.bbappend new file mode 100644 index 00000000..c7e6d32e --- /dev/null +++ b/bsp/meta-freescale/dynamic-layers/virtualization-layer/recipes-extended/libvirt/libvirt_%.bbappend @@ -0,0 +1,9 @@ +PACKAGECONFIG_qoriq-ppc = "qemu yajl lxc test remote macvtap libvirtd netcf udev python" + +FILESEXTRAPATHS_prepend := "${THISDIR}/${BPN}:" +SRC_URI_append_qoriq-ppc = " file://qemu.conf" + +do_install_append_qoriq-ppc() { + install -m 0644 ${WORKDIR}/qemu.conf ${D}${sysconfdir}/libvirt/qemu.conf +} + |