subtree updates: raspberrypi security arm
meta-arm: eb9c47a4e1..9b6c8c95e4:
Abdellatif El Khlifi (1):
CI: append classes to INHERIT in the common fvp.yml
Adam Johnston (1):
arm-bsp/linux-yocto: Update N1SDP PCI quirk patch
Jon Mason (10):
CI: add yml files for defaults
CI: add support for dev kernel, rt kernel, and poky-tiny
arm-bsp/fvp-base: update to u-boot 2023.01
arm-bsp/fvp-base-arm32: remove support
ci: add external-toolchain to qemuarm-secureboot
arm-bsp/optee: remove unused recipes
arm/optee: optee-os include cleanup
arm/optee-os: update to 3.20.0
arm/edk2: update version and relocate edk2-basetools to be with edk2
arm-bsp/fvp-base: Add edk2 build testing
Ross Burton (7):
arm-bsp/linux-arm64-ack: update Upstream-Status tags
CI: add CI_CLEAN_REPOS variable to allow cleaning the repo reference cache
arm/scp-firmware: fix up whitespace
arm/scp-firmware: enable verbose builds
arm/scp-firmware: remove textrel from INSANE_SKIP
arm/scp-firmware: improve debug packaging
CI: mask poky's llvm if we're using clang
Rui Miguel Silva (1):
arm-bsp/optee: bump corstone1000 to v3.20
Satish Kumar (1):
arm-bsp/corstone1000: new gpt based disk layout and fwu metadata
Xueliang Zhong (1):
arm-bsp/n1sdp: update to linux yocto kernel 6.1
meta-security: c06b9a18a6..a397a38ed9:
Armin Kuster (16):
openscap: update to 1.3.6
openscap: update to 1.3.7
openscap git: add DEFAULT_PREFERENCE
python3-fail2ban: update to 1.0.2
python3-privacyidea: update to 3.8.1
libhtp: update to 0.5.42
lkrg-modules: update to 0.9.6
chkrootkit: update to 0.57
fscrypt: update to 1.1.0
libmspack: update to 1.11
firejail: update 0.9.72
suricata: update to 6.0.10
apparmor: update to 3.1.3
krill: update 0.12.3
cryptmout: update to 6.2.0
packagegroup-core-security: refactor the inclusion of krill
Eero Aaltonen (1):
dm-verity-img.bbclass: fix syntax warning
Jose Quaresma (3):
meta-hardening/layer: lower the priority from 10 to 6
meta-security-compliance/layer: lower the priority from 10 to 6
meta-tpm/layer: lower the priority from 10 to 6
Kevin Hao (1):
dm-verity-img.bbclass: Fix the hash offset alignment issue
Mikko Rapeli (1):
ima-evm-utils: disable documentation from build
Paul Gortmaker (3):
dm-verity: update beaglebone wic to match meta-yocto
dm-verity: add basic non-arch/non-BSP yocto specific settings
dm-verity: document board specifics for Beaglebone Black
Peter Marko (1):
tpm2-tss: correct CVE product
meta-raspberrypi: e15b876155..3afdbbf782:
Carlos Alberto Lopez Perez (1):
mesa-demos: enable build with userland graphics drivers.
Khem Raj (6):
linux-raspberrypi: Add recipes for 6.1 kernel
psplash: Make psplash wait for the framebuffer to be ready
rpi-default-versions: Use 6.1 kernel as default
gstreamer1.0-plugins-bad: Drop gpl packageconfig
rpidistro-ffmpeg: Pin to use gcc always
rpidistro-vlc: Fix build with clang16
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: Ie6e60085306d31972098b87738eb550e5140b92a
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0033-nvmxip-provide-a-u-boot-shell-test-command.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0033-nvmxip-provide-a-u-boot-shell-test-command.patch
new file mode 100644
index 0000000..e8adbc1
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0033-nvmxip-provide-a-u-boot-shell-test-command.patch
@@ -0,0 +1,135 @@
+From 560ebe3eb6197322b9d00c8e3cf30fb7e679d8b2 Mon Sep 17 00:00:00 2001
+From: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
+Date: Thu, 22 Dec 2022 16:20:46 +0000
+Subject: [PATCH 33/43] nvmxip: provide a u-boot shell test command
+
+nvmxip command allows probing the NVM XIP devices manually
+
+The command is provided for test purposes only.
+
+Use:
+
+nvmxip probe
+
+Upstream-Status: Submitted
+Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
+Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
+---
+ cmd/Kconfig | 7 +++++
+ cmd/Makefile | 1 +
+ cmd/nvmxip.c | 47 ++++++++++++++++++++++++++++++++++
+ configs/corstone1000_defconfig | 1 +
+ configs/sandbox_defconfig | 1 +
+ 5 files changed, 57 insertions(+)
+ create mode 100644 cmd/nvmxip.c
+
+diff --git a/cmd/Kconfig b/cmd/Kconfig
+index 5e278ecb1597..b6a3e5908534 100644
+--- a/cmd/Kconfig
++++ b/cmd/Kconfig
+@@ -938,6 +938,13 @@ config CMD_ARMFFA
+ - Sending a data pattern to the specified partition
+ - Displaying the arm_ffa device info
+
++config CMD_NVMXIP
++ bool "NVM XIP probe command"
++ depends on NVMXIP
++ help
++ Probes all NVM XIP devices. The command is for
++ test purposes only (not to be upstreamed)
++
+ config CMD_ARMFLASH
+ #depends on FLASH_CFI_DRIVER
+ bool "armflash"
+diff --git a/cmd/Makefile b/cmd/Makefile
+index c757f1647da6..0a3d98100703 100644
+--- a/cmd/Makefile
++++ b/cmd/Makefile
+@@ -154,6 +154,7 @@ obj-$(CONFIG_CMD_RTC) += rtc.o
+ obj-$(CONFIG_SANDBOX) += host.o
+ obj-$(CONFIG_CMD_SATA) += sata.o
+ obj-$(CONFIG_CMD_NVME) += nvme.o
++obj-$(CONFIG_CMD_NVMXIP) += nvmxip.o
+ obj-$(CONFIG_SANDBOX) += sb.o
+ obj-$(CONFIG_CMD_SF) += sf.o
+ obj-$(CONFIG_CMD_SCSI) += scsi.o disk.o
+diff --git a/cmd/nvmxip.c b/cmd/nvmxip.c
+new file mode 100644
+index 000000000000..3eb0d84afc04
+--- /dev/null
++++ b/cmd/nvmxip.c
+@@ -0,0 +1,47 @@
++// SPDX-License-Identifier: GPL-2.0+
++/*
++ * (C) Copyright 2022 ARM Limited
++ * Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
++ */
++
++#include <common.h>
++#include <command.h>
++#include <dm.h>
++
++int do_nvmxip_probe(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[])
++{
++ struct udevice *dev = NULL;
++ for (uclass_first_device(UCLASS_NVMXIP, &dev); dev; uclass_next_device(&dev));
++
++ return 0;
++}
++
++static struct cmd_tbl nvmxip_commands[] = {
++ U_BOOT_CMD_MKENT(probe, 1, 1, do_nvmxip_probe, "", ""),
++};
++
++static int do_nvmxip(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[])
++{
++ struct cmd_tbl *nvmxip_cmd;
++ int ret;
++
++ if (argc < 2)
++ return CMD_RET_USAGE;
++
++ nvmxip_cmd = find_cmd_tbl(argv[1], nvmxip_commands, ARRAY_SIZE(nvmxip_commands));
++
++ argc -= 2;
++ argv += 2;
++
++ if (!nvmxip_cmd || argc > nvmxip_cmd->maxargs)
++ return CMD_RET_USAGE;
++
++ ret = nvmxip_cmd->cmd(nvmxip_cmd, flag, argc, argv);
++
++ return cmd_process_error(nvmxip_cmd, ret);
++}
++
++U_BOOT_CMD(nvmxip, 4, 1, do_nvmxip,
++ "NVM XIP probe command",
++ "probe\n"
++ " - probes all NVM XIP devices\n");
+diff --git a/configs/corstone1000_defconfig b/configs/corstone1000_defconfig
+index 2986cc95932f..e009faee0252 100644
+--- a/configs/corstone1000_defconfig
++++ b/configs/corstone1000_defconfig
+@@ -59,6 +59,7 @@ CONFIG_USB=y
+ CONFIG_USB_ISP1760=y
+ CONFIG_ERRNO_STR=y
+ CONFIG_NVMXIP_QSPI=y
++CONFIG_CMD_NVMXIP=y
+ CONFIG_EFI_MM_COMM_TEE=y
+ CONFIG_ARM_FFA_TRANSPORT=y
+ CONFIG_EFI_RUNTIME_UPDATE_CAPSULE=y
+diff --git a/configs/sandbox_defconfig b/configs/sandbox_defconfig
+index f22230b5cce2..3b895be9e4ba 100644
+--- a/configs/sandbox_defconfig
++++ b/configs/sandbox_defconfig
+@@ -139,6 +139,7 @@ CONFIG_IP_DEFRAG=y
+ CONFIG_BOOTP_SERVERIP=y
+ CONFIG_IPV6=y
+ CONFIG_NVMXIP_QSPI=y
++CONFIG_CMD_NVMXIP=y
+ CONFIG_DM_DMA=y
+ CONFIG_DEVRES=y
+ CONFIG_DEBUG_DEVRES=y
+--
+2.39.2
+