subtree updates

meta-security: 53c5cc794f..ddf301c45c:
  Adrian Zaharia (1):
        libmhash: fix multilib header conflict - mutils/mhash_config.h

  Alexander Kanavin (1): rename to avoid clashes with oe-core

  Armin Kuster (15):
        meta-tpm: rename recipes-tpm to recipes-tpm1
        recipes-tpm: use this for common tpm recipes
        swtpm: update to 0.8.0
        libtpm: update to 0.9.6
        ossec-hids: update to tip of 3.7.0
        libhtp: update to 0.5.43
        suricata: update to 6.0.11
        fscryptctl: update to 1.0.1
        oeqa: fix hash test to match new changes
        integrity-image-minimal: adapt QEMU cmdline to new changes
        lynis: Add decoding OE and Poky
        os-release.bbappend: drop now CPE_NAME is in core
        openembedded-release: drop as os-release does this now
        tpm2-tss: drop vendor from PACKAGECONFIG
        packagegroup-security-tpm2: restore pkgs removed earlier

  Paul Gortmaker (4):
        dm-verity: ensure people don't ignore the DISTRO_FEATURES warning
        dm-verity: don't make read-only-rootfs sound like a requirement
        dm-verity: document the meta-intel dependency in the systemd example
        dm-verity: add x86-64 systemd based example instructions

  Peter Hoyes (1):
        meta-parsec/layer.conf: Insert addpylib declaration

  Peter Kjellerstedt (1):
        tpm2-tools: Remove unnecessary and optional dependencies

  Stefan Berger (12):
        ima: Document and replace keys and adapt scripts for EC keys
        ima: Fix the ima_policy_appraise_all to appraise executables & libraries
        ima: Fix the IMA kernel feature
        ima: Sign all executables and the ima-policy in the root filesystem
        integrity: Update the README for IMA support
        linux: overlayfs: Add kernel patch resolving a file change notification issue
        ima-evm-utils: Update ima-evm-utils to v1.5 and add a patch
        linux: overlayfs: Drop kernel patch resolving a file change notification issue
        ima: Drop kernel config option CONFIG_SQUASHFS_XATTR=y from ima.cfg
        integrity: Fix the do_configure function
        integrity: Rename linux-%.bbappend to linux-yocto%.bbappend

meta-raspberrypi: bf948e0aa8..928bb234bb:
  Martin Jansa (3):
        rpi-libcamera-apps: fix flags used in aarch64 builds
        rpi-libcamera-apps: fix version generation on hosts with older python
        rpi-libcamera-apps: bump to latest SRCREV and set PV

meta-arm: 0b5724266a..f9d80e1a14:
  Emekcan Aras (2):
        arm-bsp/trusted-firmware-m: Align Capsule Update with GPT changes
        arm-bsp/wic: corstone1000: Fix and limit the partition size for corstone1000
Signed-off-by: Andrew Geissler <>
Change-Id: I56f7d26070d879e3138618332841c30cf57eb7d9
69 files changed
tree: b96ac45842c6be65a4967ef904dfd95ab307e10c
  1. .github/
  2. meta-amd/
  3. meta-ampere/
  4. meta-arm/
  5. meta-aspeed/
  6. meta-asrock/
  7. meta-bytedance/
  8. meta-delta/
  9. meta-evb/
  10. meta-facebook/
  11. meta-fii/
  12. meta-google/
  13. meta-hpe/
  14. meta-ibm/
  15. meta-ingrasys/
  16. meta-inspur/
  17. meta-intel-openbmc/
  18. meta-inventec/
  19. meta-nuvoton/
  20. meta-openembedded/
  21. meta-openpower/
  22. meta-phosphor/
  23. meta-qualcomm/
  24. meta-quanta/
  25. meta-raspberrypi/
  26. meta-security/
  27. meta-supermicro/
  28. meta-tyan/
  29. meta-ufispace/
  30. meta-wistron/
  31. meta-yadro/
  32. poky/
  33. .eslintrc.json
  34. .gitignore
  35. .gitreview
  36. openbmc-env
  37. OWNERS
  39. setup


Build Status

OpenBMC is a Linux distribution for management controllers used in devices such as servers, top of rack switches or RAID appliances. It uses Yocto, OpenEmbedded, systemd, and D-Bus to allow easy customization for your platform.

Setting up your OpenBMC project

1) Prerequisite

See the Yocto documentation for the latest requirements


sudo apt install git python3-distutils gcc g++ make file wget \
    gawk diffstat bzip2 cpio chrpath zstd lz4 bzip2


sudo dnf install git python3 gcc g++ gawk which bzip2 chrpath cpio \
    hostname file diffutils diffstat lz4 wget zstd rpcgen patch

2) Download the source

git clone
cd openbmc

3) Target your hardware

Any build requires an environment set up according to your hardware target. There is a special script in the root of this repository that can be used to configure the environment as needed. The script is called setup and takes the name of your hardware target as an argument.

The script needs to be sourced while in the top directory of the OpenBMC repository clone, and, if run without arguments, will display the list of supported hardware targets, see the following example:

$ . setup <machine> [build_dir]
Target machine must be specified. Use one of:

bletchley               mori                    s8036
dl360poc                mtjade                  swift
e3c246d4i               mtmitchell              tatlin-archive-x86
ethanolx                nicole                  tiogapass
evb-ast2500             olympus-nuvoton         transformers
evb-ast2600             on5263m5                vegman-n110
evb-npcm750             p10bmc                  vegman-rx20
f0b                     palmetto                vegman-sx20
fp5280g2                qcom-dc-scm-v1          witherspoon
g220a                   quanta-q71l             witherspoon-tacoma
gbs                     romed8hm3               x11spi
greatlakes              romulus                 yosemitev2
gsj                     s2600wf                 zaius
kudo                    s6q
lannister               s7106

Once you know the target (e.g. romulus), source the setup script as follows:

. setup romulus

4) Build

bitbake obmc-phosphor-image

Additional details can be found in the docs repository.

OpenBMC Development

The OpenBMC community maintains a set of tutorials new users can go through to get up to speed on OpenBMC development out here

Build Validation and Testing

Commits submitted by members of the OpenBMC GitHub community are compiled and tested via our Jenkins server. Commits are run through two levels of testing. At the repository level the makefile make check directive is run. At the system level, the commit is built into a firmware image and run with an arm-softmmu QEMU model against a barrage of CI tests.

Commits submitted by non-members do not automatically proceed through CI testing. After visual inspection of the commit, a CI run can be manually performed by the reviewer.

Automated testing against the QEMU model along with supported systems are performed. The OpenBMC project uses the Robot Framework for all automation. Our complete test repository can be found here.

Submitting Patches

Support of additional hardware and software packages is always welcome. Please follow the contributing guidelines when making a submission. It is expected that contributions contain test cases.

Bug Reporting

Issues are managed on GitHub. It is recommended you search through the issues before opening a new one.


First, please do a search on the internet. There's a good chance your question has already been asked.

For general questions, please use the openbmc tag on Stack Overflow. Please review the discussion on Stack Overflow licensing before posting any code.

For technical discussions, please see contact info below for Discord and mailing list information. Please don't file an issue to ask a question. You'll get faster results by using the mailing list or Discord.

Will OpenBMC run on my Acme Server Corp. XYZ5000 motherboard?

This is a common question, particularly regarding boards from popular COTS (commercial off-the-shelf) vendors such as Supermicro and ASRock. You can see the list of supported boards by running . setup (with no further arguments) in the root of the OpenBMC source tree. Most of the platforms supported by OpenBMC are specialized servers operated by companies running large datacenters, but some more generic COTS servers are supported to varying degrees.

If your motherboard is not listed in the output of . setup it is not currently supported. Porting OpenBMC to a new platform is a non-trivial undertaking, ideally done with the assistance of schematics and other documentation from the manufacturer (it is not completely infeasible to take on a porting effort without documentation via reverse engineering, but it is considerably more difficult, and probably involves a greater risk of hardware damage).

However, even if your motherboard is among those listed in the output of . setup, there are two significant caveats to bear in mind. First, not all ports are equally mature -- some platforms are better supported than others, and functionality on some "supported" boards may be fairly limited. Second, support for a motherboard is not the same as support for a complete system -- in particular, fan control is critically dependent on not just the motherboard but also the fans connected to it and the chassis that the board and fans are housed in, both of which can vary dramatically between systems using the same board model. So while you may be able to compile and install an OpenBMC build on your system and get some basic functionality, rough edges (such as your cooling fans running continuously at full throttle) are likely.

Features of OpenBMC

Feature List

  • Host management: Power, Cooling, LEDs, Inventory, Events, Watchdog
  • Full IPMI 2.0 Compliance with DCMI
  • Code Update Support for multiple BMC/BIOS images
  • Web-based user interface
  • REST interfaces
  • D-Bus based interfaces
  • SSH based SOL
  • Remote KVM
  • Hardware Simulation
  • Automated Testing
  • User management
  • Virtual media

Features In Progress

  • OpenCompute Redfish Compliance
  • Verified Boot

Features Requested but need help

  • OpenBMC performance monitoring

Finding out more

Dive deeper into OpenBMC by opening the docs repository.

Technical Steering Committee

The Technical Steering Committee (TSC) guides the project. Members are:

  • Roxanne Clarke, IBM
  • Nancy Yuen, Google
  • Patrick Williams, Meta
  • Terry Duncan, Intel
  • Sagar Dharia, Microsoft
  • Samer El-Haj-Mahmoud, Arm