meta-security: subtree update:775870980b..ca9264b1e1

Anton Antonov (4):
      Use libest "main" branch instead of "master".
      Add meta-parsec layer into meta-security.
      Define secure images with parsec-service and parsec-tool included and add the images into gitlab CI
      Clearly define clang toolchain in Parsec recipes

Armin Kuster (16):
      packagegroup-core-security: drop clamav-cvd
      clamav: upgrade 104.0
      python3-privacyidea: upgrade 3.5.1 -> 3.5.2
      clamav: fix systemd service install
      swtpm: now need python-cryptography, pull in layer
      swtpm: file pip3 issue
      swtpm: fix check for tscd deamon on host
      python3-suricata-update: update to 1.2.1
      suricata: update to 6.0.2
      layer.conf: add dynamic-layer for rust pkg
      README: cleanup
      .gitlab-ci.yml: reorder to speed up builds
      kas-security-base.yml: tweek build vars
      gitlab-ci: fine tune order
      clamav: remove rest of mirror.dat ref
      lkrg-module: Add Linux Kernel Runtime Guard

Ming Liu (2):
      meta: drop IMA_POLICY from policy recipes
      initramfs-framework-ima: introduce IMA_FORCE

Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: Ifac35a0d7b7e724f1e30dce5f6634d5d4fc9b5b9
47 files changed
tree: 44dffb1d845b35c3f4bf0629a622d8ae04abda41
  1. .github/
  2. meta-alibaba/
  3. meta-amd/
  4. meta-ampere/
  5. meta-arm/
  6. meta-aspeed/
  7. meta-bytedance/
  8. meta-evb/
  9. meta-facebook/
  10. meta-fii/
  11. meta-google/
  12. meta-hpe/
  13. meta-hxt/
  14. meta-ibm/
  15. meta-ingrasys/
  16. meta-inspur/
  17. meta-intel-openbmc/
  18. meta-inventec/
  19. meta-lenovo/
  20. meta-microsoft/
  21. meta-nuvoton/
  22. meta-openembedded/
  23. meta-openpower/
  24. meta-phosphor/
  25. meta-portwell/
  26. meta-qualcomm/
  27. meta-quanta/
  28. meta-raspberrypi/
  29. meta-security/
  30. meta-supermicro/
  31. meta-x86/
  32. meta-xilinx/
  33. meta-yadro/
  34. poky/
  35. .gitignore
  36. .gitreview
  37. .templateconf
  38. MAINTAINERS
  39. openbmc-env
  40. OWNERS
  41. README.md
  42. setup
README.md

OpenBMC

Build Status

The OpenBMC project can be described as a Linux distribution for embedded devices that have a BMC; typically, but not limited to, things like servers, top of rack switches or RAID appliances. The OpenBMC stack uses technologies such as Yocto, OpenEmbedded, systemd, and D-Bus to allow easy customization for your server platform.

Setting up your OpenBMC project

1) Prerequisite

  • Ubuntu 14.04
sudo apt-get install -y git build-essential libsdl1.2-dev texinfo gawk chrpath diffstat
  • Fedora 28
sudo dnf install -y git patch diffstat texinfo chrpath SDL-devel bitbake \
    rpcgen perl-Thread-Queue perl-bignum perl-Crypt-OpenSSL-Bignum
sudo dnf groupinstall "C Development Tools and Libraries"

2) Download the source

git clone git@github.com:openbmc/openbmc.git
cd openbmc

3) Target your hardware

Any build requires an environment set up according to your hardware target. There is a special script in the root of this repository that can be used to configure the environment as needed. The script is called setup and takes the name of your hardware target as an argument.

The script needs to be sourced while in the top directory of the OpenBMC repository clone, and, if run without arguments, will display the list of supported hardware targets, see the following example:

$ . setup <machine> [build_dir]
Target machine must be specified. Use one of:

centriq2400-rep         f0b                     fp5280g2
gsj                     hr630                   hr855xg2
lanyang                 mihawk                  msn
neptune                 nicole                  olympus
olympus-nuvoton         on5263m5                p10bmc
palmetto                qemuarm                 quanta-q71l
romulus                 s2600wf                 stardragon4800-rep2
swift                   tiogapass               vesnin
witherspoon             witherspoon-tacoma      yosemitev2
zaius

Once you know the target (e.g. romulus), source the setup script as follows:

. setup romulus build

For evb-ast2500, please use the below command to specify the machine config, because the machine in meta-aspeed layer is in a BSP layer and does not build the openbmc image.

TEMPLATECONF=meta-evb/meta-evb-aspeed/meta-evb-ast2500/conf . openbmc-env

4) Build

bitbake obmc-phosphor-image

Additional details can be found in the docs repository.

OpenBMC Development

The OpenBMC community maintains a set of tutorials new users can go through to get up to speed on OpenBMC development out here

Build Validation and Testing

Commits submitted by members of the OpenBMC GitHub community are compiled and tested via our Jenkins server. Commits are run through two levels of testing. At the repository level the makefile make check directive is run. At the system level, the commit is built into a firmware image and run with an arm-softmmu QEMU model against a barrage of CI tests.

Commits submitted by non-members do not automatically proceed through CI testing. After visual inspection of the commit, a CI run can be manually performed by the reviewer.

Automated testing against the QEMU model along with supported systems are performed. The OpenBMC project uses the Robot Framework for all automation. Our complete test repository can be found here.

Submitting Patches

Support of additional hardware and software packages is always welcome. Please follow the contributing guidelines when making a submission. It is expected that contributions contain test cases.

Bug Reporting

Issues are managed on GitHub. It is recommended you search through the issues before opening a new one.

Questions

First, please do a search on the internet. There's a good chance your question has already been asked.

For general questions, please use the openbmc tag on Stack Overflow. Please review the discussion on Stack Overflow licensing before posting any code.

For technical discussions, please see contact info below for Discord and mailing list information. Please don't file an issue to ask a question. You'll get faster results by using the mailing list or Discord.

Features of OpenBMC

Feature List

  • Host management: Power, Cooling, LEDs, Inventory, Events, Watchdog
  • Full IPMI 2.0 Compliance with DCMI
  • Code Update Support for multiple BMC/BIOS images
  • Web-based user interface
  • REST interfaces
  • D-Bus based interfaces
  • SSH based SOL
  • Remote KVM
  • Hardware Simulation
  • Automated Testing
  • User management
  • Virtual media

Features In Progress

  • OpenCompute Redfish Compliance
  • Verified Boot

Features Requested but need help

  • OpenBMC performance monitoring

Finding out more

Dive deeper into OpenBMC by opening the docs repository.

Technical Steering Committee

The Technical Steering Committee (TSC) guides the project. Members are:

  • Brad Bishop (chair), IBM
  • Nancy Yuen, Google
  • Sai Dasari, Facebook
  • James Mihm, Intel
  • Sagar Dharia, Microsoft
  • Supreeth Venkatesh, Arm

Contact