subtree updates: raspberrypi security arm

meta-arm: eb9c47a4e1..9b6c8c95e4:
  Abdellatif El Khlifi (1):
        CI: append classes to INHERIT in the common fvp.yml

  Adam Johnston (1):
        arm-bsp/linux-yocto: Update N1SDP PCI quirk patch

  Jon Mason (10):
        CI: add yml files for defaults
        CI: add support for dev kernel, rt kernel, and poky-tiny
        arm-bsp/fvp-base: update to u-boot 2023.01
        arm-bsp/fvp-base-arm32: remove support
        ci: add external-toolchain to qemuarm-secureboot
        arm-bsp/optee: remove unused recipes
        arm/optee: optee-os include cleanup
        arm/optee-os: update to 3.20.0
        arm/edk2: update version and relocate edk2-basetools to be with edk2
        arm-bsp/fvp-base: Add edk2 build testing

  Ross Burton (7):
        arm-bsp/linux-arm64-ack: update Upstream-Status tags
        CI: add CI_CLEAN_REPOS variable to allow cleaning the repo reference cache
        arm/scp-firmware: fix up whitespace
        arm/scp-firmware: enable verbose builds
        arm/scp-firmware: remove textrel from INSANE_SKIP
        arm/scp-firmware: improve debug packaging
        CI: mask poky's llvm if we're using clang

  Rui Miguel Silva (1):
        arm-bsp/optee: bump corstone1000 to v3.20

  Satish Kumar (1):
        arm-bsp/corstone1000: new gpt based disk layout and fwu metadata

  Xueliang Zhong (1):
        arm-bsp/n1sdp: update to linux yocto kernel 6.1

meta-security: c06b9a18a6..a397a38ed9:
  Armin Kuster (16):
        openscap: update to 1.3.6
        openscap: update to 1.3.7
        openscap git: add DEFAULT_PREFERENCE
        python3-fail2ban: update to 1.0.2
        python3-privacyidea: update to 3.8.1
        libhtp: update to 0.5.42
        lkrg-modules: update to 0.9.6
        chkrootkit: update to 0.57
        fscrypt: update to 1.1.0
        libmspack: update to 1.11
        firejail: update 0.9.72
        suricata: update to 6.0.10
        apparmor: update to 3.1.3
        krill: update 0.12.3
        cryptmout: update to 6.2.0
        packagegroup-core-security: refactor the inclusion of krill

  Eero Aaltonen (1):
        dm-verity-img.bbclass: fix syntax warning

  Jose Quaresma (3):
        meta-hardening/layer: lower the priority from 10 to 6
        meta-security-compliance/layer: lower the priority from 10 to 6
        meta-tpm/layer: lower the priority from 10 to 6

  Kevin Hao (1):
        dm-verity-img.bbclass: Fix the hash offset alignment issue

  Mikko Rapeli (1):
        ima-evm-utils: disable documentation from build

  Paul Gortmaker (3):
        dm-verity: update beaglebone wic to match meta-yocto
        dm-verity: add basic non-arch/non-BSP yocto specific settings
        dm-verity: document board specifics for Beaglebone Black

  Peter Marko (1):
        tpm2-tss: correct CVE product

meta-raspberrypi: e15b876155..3afdbbf782:
  Carlos Alberto Lopez Perez (1):
        mesa-demos: enable build with userland graphics drivers.

  Khem Raj (6):
        linux-raspberrypi: Add recipes for 6.1 kernel
        psplash: Make psplash wait for the framebuffer to be ready
        rpi-default-versions: Use 6.1 kernel as default
        gstreamer1.0-plugins-bad: Drop gpl packageconfig
        rpidistro-ffmpeg: Pin to use gcc always
        rpidistro-vlc: Fix build with clang16

Signed-off-by: Andrew Geissler <>
Change-Id: Ie6e60085306d31972098b87738eb550e5140b92a
176 files changed
tree: 04a2402d258019103ad1a4c9da71d78301cd5d42
  1. .github/
  2. meta-amd/
  3. meta-ampere/
  4. meta-arm/
  5. meta-aspeed/
  6. meta-asrock/
  7. meta-bytedance/
  8. meta-delta/
  9. meta-evb/
  10. meta-facebook/
  11. meta-fii/
  12. meta-google/
  13. meta-hpe/
  14. meta-ibm/
  15. meta-ingrasys/
  16. meta-inspur/
  17. meta-intel-openbmc/
  18. meta-inventec/
  19. meta-nuvoton/
  20. meta-openembedded/
  21. meta-openpower/
  22. meta-phosphor/
  23. meta-qualcomm/
  24. meta-quanta/
  25. meta-raspberrypi/
  26. meta-security/
  27. meta-supermicro/
  28. meta-tyan/
  29. meta-wistron/
  30. meta-yadro/
  31. poky/
  32. .eslintrc.json
  33. .gitignore
  34. .gitreview
  35. openbmc-env
  36. OWNERS
  38. setup


Build Status

OpenBMC is a Linux distribution for management controllers used in devices such as servers, top of rack switches or RAID appliances. It uses Yocto, OpenEmbedded, systemd, and D-Bus to allow easy customization for your platform.

Setting up your OpenBMC project

1) Prerequisite

See the Yocto documentation for the latest requirements


sudo apt install git python3-distutils gcc g++ make file wget \
    gawk diffstat bzip2 cpio chrpath zstd lz4 bzip2


sudo dnf install git python3 gcc g++ gawk which bzip2 chrpath cpio \
    hostname file diffutils diffstat lz4 wget zstd rpcgen patch

2) Download the source

git clone
cd openbmc

3) Target your hardware

Any build requires an environment set up according to your hardware target. There is a special script in the root of this repository that can be used to configure the environment as needed. The script is called setup and takes the name of your hardware target as an argument.

The script needs to be sourced while in the top directory of the OpenBMC repository clone, and, if run without arguments, will display the list of supported hardware targets, see the following example:

$ . setup <machine> [build_dir]
Target machine must be specified. Use one of:

bletchley               mori                    s8036
dl360poc                mtjade                  swift
e3c246d4i               mtmitchell              tatlin-archive-x86
ethanolx                nicole                  tiogapass
evb-ast2500             olympus-nuvoton         transformers
evb-ast2600             on5263m5                vegman-n110
evb-npcm750             p10bmc                  vegman-rx20
f0b                     palmetto                vegman-sx20
fp5280g2                qcom-dc-scm-v1          witherspoon
g220a                   quanta-q71l             witherspoon-tacoma
gbs                     romed8hm3               x11spi
greatlakes              romulus                 yosemitev2
gsj                     s2600wf                 zaius
kudo                    s6q
lannister               s7106

Once you know the target (e.g. romulus), source the setup script as follows:

. setup romulus

4) Build

bitbake obmc-phosphor-image

Additional details can be found in the docs repository.

OpenBMC Development

The OpenBMC community maintains a set of tutorials new users can go through to get up to speed on OpenBMC development out here

Build Validation and Testing

Commits submitted by members of the OpenBMC GitHub community are compiled and tested via our Jenkins server. Commits are run through two levels of testing. At the repository level the makefile make check directive is run. At the system level, the commit is built into a firmware image and run with an arm-softmmu QEMU model against a barrage of CI tests.

Commits submitted by non-members do not automatically proceed through CI testing. After visual inspection of the commit, a CI run can be manually performed by the reviewer.

Automated testing against the QEMU model along with supported systems are performed. The OpenBMC project uses the Robot Framework for all automation. Our complete test repository can be found here.

Submitting Patches

Support of additional hardware and software packages is always welcome. Please follow the contributing guidelines when making a submission. It is expected that contributions contain test cases.

Bug Reporting

Issues are managed on GitHub. It is recommended you search through the issues before opening a new one.


First, please do a search on the internet. There's a good chance your question has already been asked.

For general questions, please use the openbmc tag on Stack Overflow. Please review the discussion on Stack Overflow licensing before posting any code.

For technical discussions, please see contact info below for Discord and mailing list information. Please don't file an issue to ask a question. You'll get faster results by using the mailing list or Discord.

Will OpenBMC run on my Acme Server Corp. XYZ5000 motherboard?

This is a common question, particularly regarding boards from popular COTS (commercial off-the-shelf) vendors such as Supermicro and ASRock. You can see the list of supported boards by running . setup (with no further arguments) in the root of the OpenBMC source tree. Most of the platforms supported by OpenBMC are specialized servers operated by companies running large datacenters, but some more generic COTS servers are supported to varying degrees.

If your motherboard is not listed in the output of . setup it is not currently supported. Porting OpenBMC to a new platform is a non-trivial undertaking, ideally done with the assistance of schematics and other documentation from the manufacturer (it is not completely infeasible to take on a porting effort without documentation via reverse engineering, but it is considerably more difficult, and probably involves a greater risk of hardware damage).

However, even if your motherboard is among those listed in the output of . setup, there are two significant caveats to bear in mind. First, not all ports are equally mature -- some platforms are better supported than others, and functionality on some "supported" boards may be fairly limited. Second, support for a motherboard is not the same as support for a complete system -- in particular, fan control is critically dependent on not just the motherboard but also the fans connected to it and the chassis that the board and fans are housed in, both of which can vary dramatically between systems using the same board model. So while you may be able to compile and install an OpenBMC build on your system and get some basic functionality, rough edges (such as your cooling fans running continuously at full throttle) are likely.

Features of OpenBMC

Feature List

  • Host management: Power, Cooling, LEDs, Inventory, Events, Watchdog
  • Full IPMI 2.0 Compliance with DCMI
  • Code Update Support for multiple BMC/BIOS images
  • Web-based user interface
  • REST interfaces
  • D-Bus based interfaces
  • SSH based SOL
  • Remote KVM
  • Hardware Simulation
  • Automated Testing
  • User management
  • Virtual media

Features In Progress

  • OpenCompute Redfish Compliance
  • Verified Boot

Features Requested but need help

  • OpenBMC performance monitoring

Finding out more

Dive deeper into OpenBMC by opening the docs repository.

Technical Steering Committee

The Technical Steering Committee (TSC) guides the project. Members are:

  • Roxanne Clarke, IBM
  • Nancy Yuen, Google
  • Patrick Williams, Meta
  • Terry Duncan, Intel
  • Sagar Dharia, Microsoft
  • Samer El-Haj-Mahmoud, Arm