poky: subtree update:835f7eac06..20946c63c2

Aaron Chan (1):
      python3-dbus: Add native and nativesdk variants

Adrian Bunk (8):
      gnome: Remove the gnome class
      bind: Remove RECIPE_NO_UPDATE_REASON and follow the ESV releases
      webkitgtk: Reenable on mips
      mtd-utils: Upgrade to 2.1.1
      Change ftp:// URIs to http(s)://
      webkitgtk: Stop disabling gold on aarch64 and mips
      grub/libmpc/gdb: Use GNU_MIRROR in more recipes
      screen: Backport fix for an implicit function declaration

Alexander Kanavin (28):
      btrfs-tools: update 5.1.1 -> 5.2.1
      libmodulemd: update to 2.6.0
      libwebp: upgrade 1.0.2 -> 1.0.3
      createrepo-c: upgrade 0.14.2 -> 0.14.3
      webkitgtk: upgrade 2.24.2 -> 2.24.3
      bzip2: fix upstream version check
      stress-ng: add a recipe that replaces the original stress
      meson: update 0.50.1 -> 0.51.1
      meson.bbclass: do not pass native compiler/linker flags via command line
      meson: add a backported patch to address vala cross-compilation errors
      libedit: fix upstream verison check
      maintainers.inc: assign acpica to Ross
      stress-ng: add a patch to remove unneeded bash dependency
      elfutils: use PRIVATE_LIBS for the ptest package
      apt: add a missing perl runtime dependency
      attr: add a missing perl runtime dependency
      ofono: correct the python3 runtime dependency
      bluez5: correct the python3 runtime dependency
      local.conf.sample: do not add sdl to nativesdk qemu config
      maintainers.inc: give python recipes to Oleksandr Kravchuk
      python-numpy: remove the python 2.x version of the recipe
      python-scons: remove the python 2.x version of the recipe
      python-nose: remove the python 2.x version of the recipe
      lib/oeqa/utils/qemurunner.py: add runqemuparams after kvm/nographic/snapshot/slirp
      mesa: enable glx-tls option in native and nativesdk builds
      insane.bbclass: in file-rdeps do not look into RDEPENDS recursively
      sudo: correct SRC_URI
      ovmf: fix upstream version check

Andreas Obergschwandtner (1):
      bzip2: set the autoconf package version to the recipe version

Anuj Mittal (11):
      mpg123: upgrade 1.25.10 -> 1.25.11
      libsdl: remove
      pulseaudio: don't include consolekit when systemd is enabled
      libsdl2: upgrade 2.0.9 -> 2.0.10
      grub: upgrade 2.02 -> 2.04
      patch: fix CVE-2019-13636
      python: fix CVE-2018-20852
      python: CVE-2019-9947 is same as CVE-2019-9740
      libtasn1: upgrade 4.13 -> 4.14
      pango: upgrade 1.42.4 -> 1.44.3
      harfbuzz: upgrade 2.4.0 -> 2.5.3

Bartosz Golaszewski (1):
      qemu: add a patch fixing the native build on newer kernels

Bedel, Alban (3):
      rng-tools: start rngd early in the boot process again
      kernel-uboot: remove useless special casing of arm64 Image
      boost: Fix build and enable context and coroutines on aarch64

Bruce Ashfield (2):
      linux-yocto/4.19: update to v4.19.61
      linux-yocto-dev: bump to 5.3-rcX

Changqing Li (6):
      runqemu: add lockfile for port used when slirp enabled
      runqemu: fix get portlock fail for multi users
      qemuboot-x86: move QB_SYSTEM_NAME to corresponding conf
      genericx86-64.conf/genericx86.conf: add QB_SYSTEM_NAME
      grub/grub-efi: fix conflict for aach64
      go-runtime: remove conflict files from -dev packages

Chen Qi (1):
      sudo: use nonarch_libdir instead of libdir for tmpfiles.d

Chin Huat Ang (1):
      cve-update-db-native: fix https proxy issues

Chris Laplante via bitbake-devel (1):
      bitbake: fetch2/wget: avoid 'maximum recursion depth' RuntimeErrors when handling 403 codes

Daniel Ammann (2):
      image_types: Remove remnants of hdddirect
      bitbake: toaster: Sync list of fs_types with oe-core

Denys Dmytriyenko (2):
      wayland-protocols: upgrade 1.17 -> 1.18
      weston: upgrade 6.0.0 -> 6.0.1

Diego Rondini (1):
      image_types.bbclass: make gzipped images rsyncable

Dmitry Eremin-Solenikov (1):
      kernel.bbclass: fix installation of modules signing certificates

Frederic Ouellet (1):
      systemd: Add partial support of drop-in configuration files to systemd-systemctl-native

Hongxu Jia (1):
      grub: add grub-native

Jason Wessel (6):
      sqlite3: Fix zlib determinism problem
      pseudo: Fix openat() with a symlink pointing to a directory
      image_types_wic.bbclass: Copy the .wks and .env files to deploy image dir
      wic: Add partition type for msdos partition tables
      wic: Make disk partition size consistently computed
      dpkg: Provide update-alternative for start-stop-daemon

Johann Fridriksson (1):
      ruby: Adding zlib-native to native dependencies

Joshua Lock via Openembedded-core (3):
      sstate: fix log message
      classes/sstate: don't use unsigned sstate when verification enabled
      classes/sstate: regenerate sstate when signing enabled

Joshua Watt (1):
      bitbake: hashserv: SQL Optimizations

Kai Kang (3):
      subversion: add packageconfig boost
      epiphany: set imcompatible with tune mips
      e2fsprogs: 1.44.5 -> 1.45.3

Khem Raj (23):
      strace: Upgrade to 5.2
      linux-libc-header: Fix ptrace.h and prctl.h conflict on aarch64
      libnss-nis: Fix build with glibc 2.30
      lttng-ust: Check for gettid libc API
      ltp: Fix build with glibc 2.30
      lttng-tools: Fix build with glibc 2.30
      xserver-xorg: Backport patch to remove using sys/io.h
      Apache-2.0-with-LLVM-exception: Add new license file
      libedit: Move from meta-oe
      groff: Fix math.h inclusion from system headers issue
      webkitgtk: Fix compile failures with clang
      glibc: Update to glibc 2.30
      virglrender: Fix endianness check on musl
      syslinux: Override hardcoded toolnames in Makefile
      systemd-boot: Add option to specify cross objcopy and use it
      mesa,llvm,meson: Update llvm to 8.0.1 plus define and use LLVM version globally
      musl: Update to master tip
      oeqa/buildgalculator.py: Add dependency on gtk+3
      oeqa/parselogs: grep for exact errors list keywords
      gcc-runtime: Move content from gcclibdir into libdir
      gdb: Do not set musl specific CFLAGS
      linuxloader: Add entries for riscv64
      musl: Delete GLIBC_LDSO before creating symlink with lnr

Luca Boccassi (1):
      python3-pygobject: remove python3-setuptools from RDEPENDS

Mads Andreasen (1):
      bitbake: fetch2/npm: Use npm pack to download node modules instead of wget

Mark Hatle (2):
      glibc-package.inc: Add linux-libc-headers-dev to glibc-dev
      bitbake: layerindexlib: Fix parsing of recursive layer dependencies

Martin Jansa (3):
      icecc.bbclass: catch subprocess.CalledProcessError
      powertop: import a fix from buildroot
      meson: backport fix for builds with -Werror=return-type

Ming Liu (5):
      libx11-compose-data: add recipe
      libxkbcommon: RDEPENDS on libx11 compose data
      weston: change to use meson build system
      license_image.bbclass: drop invalid comments
      opensbi: handle deploy task under sstate

Naveen Saini (2):
      gdk-pixbuf: enable x11 PACKAGECONFIG option
      image_types_wic: add syslinux-native dependency conditional

Oleksandr Kravchuk (17):
      python3-pip: update to 19.2.1
      python3-git: update to 2.1.12
      ethtool: update to 5.2
      python3-git: update to 2.1.13
      xorgproto: update to 2019.1
      xserver-xorg: update to 1.20.5
      ell: update to 0.21
      libinput: update to 1.14.0
      wpa-supplicant: update to 2.9
      aspell: update to 0.60.7
      linux-firmware: add PE back
      xf86-input-libinput: update to 0.29.0
      git: update to 2.22.1
      xrandr: update to 1.5.1
      python3-git: update to 3.0.0
      librepo: update to 1.10.5
      libevent: update to 2.1.11

Pascal Bach (2):
      cmake: 3.14.5 -> 3.15.1
      cmake: 3.15.1 -> 3.15.2

Paul Eggleton (2):
      scripts/create-pull-request: improve handling of non-SSH remote URLs
      scripts/create-pull-request: fix putting subject containing / into cover letter

Piotr Tworek (2):
      pulseaudio: Backport upstream fix new alsa compatibility.
      libdrm: Move amdgpu.ids file into libdrm-amdgpu package.

Randy MacLeod (1):
      ptest-runner: update from 2.3.1 to 2.3.2

Rasmus Villemoes (1):
      iproute2: drop pointless configure-cross.patch

Ricardo Neri (5):
      ovmf: Update to version edk2-stable201905
      ovmf: Set PV
      ovmf: Use HOSTTOOLS' python3
      ovmf: Generate test Platform key and first Key Exchange Key
      runqemu: Add support to handle EnrollDefaultKeys PK/KEK1 certificate

Ricardo Ribalda Delgado (2):
      packagegroup-core-base-utils: Make it machine specific
      inetutils: Fix abort on invalid files

Richard Purdie (50):
      package: Improve determinism
      sstate: Reduce race windows
      bitbake: siggen: Import unihash code from OE-Core
      bitbake: cache: Add SimpleCache class
      bitbake: runqueue: Improve scenequeue processing logic
      bitbake: siggen: Add new unitaskhashes data variable which is cached
      bitbake: siggen: Convert to use self.unitaskhashes
      bitbake: runqueue: Enable dynamic task adjustment to hash equivalency
      bitbake: runqueue: Improve determinism
      bitbake: cooker/hashserv: Allow autostarting of a local hash server using BB_HASHSERVE
      bitbake: hashserv: Turn off sqlite synchronous mode
      bitbake: prserv: Use a memory journal
      bitbake: hashserv: Use separate threads for answering requests and handling them
      bitbake: hashserv: Switch from threads to multiprocessing
      bitbake: runqueue: Clean up BB_HASHCHECK_FUNCTION API
      bitbake: siggen: Clean up task reference formats
      bitbake: build/utils: Drop bb.build.FuncFailed
      bitbake: tests/runqueue: Add hashserv+runqueue test
      bitbake: bitbake: Bump version to 1.43.1 for API changes
      sanity.conf: Require bitbake 1.43.1
      classes/lib: Remove bb.build.FuncFailed
      sstatesig: Move unihash siggen code to bitbake
      sstatesig: Add debug for incorrect hash server settings
      sstatesig: Adpat to recent bitbake hash equiv runqueue changes
      sstatesig: Update to handle BB_HASHSERVE
      sstate/sstatesig: Update to new form of BB_HASHCHECK_FUNCTION
      sstatesig: Updates to match bitbake siggen changes
      gstreamer: Add fix for glibc 2.30
      sstatesig: Fix leftover splitting issue from siggen change
      python3-pygobject: Add missing pkgutil RDEPENDS
      bitbake: runqueue: Fix corruption issue
      bitbake: runqueue: Improve setscene task handling logic
      bitbake: tests/runqueue: Add further hash equivalence tests
      bitbake: cooker: Improve hash server startup code to avoid exit tracebacks
      bitbake: runqueue: Wait for covered tasks to complete before trying setscene
      bitbake: runqueue: Fix next_buildable_task performance problem
      bitbake: runqueue: Improve scenequeue debugging
      bitbake: runqueue: Recompute holdoff tasks from scratch
      bitbake: runqueue: Fix event timing race
      bitbake: runqueue: Drop debug statement causing performance issues
      bitbake: runqueue: Add further debug information
      bitbake: runqueue: Add missing setscene task corner case
      bitbake: runqueue: Ensure we clear the stamp cache
      poky: Retire opensuse 42.3 from SANITY_TESTED_DISTROS
      gcc-cross-canadian: Drop obsolete shlibs exclusion
      bitbake: tests/runqueue: Fix tests
      bitbake: runqueue: Fix data corruption problem
      bitbake: runqueue: Ensure data is handled correctly
      bitbake: hashserv: Ensure we don't accumulate sockets in TIME_WAIT state
      bitbake: runqueue: Ensure target_tids is filtered

Robert Yang (3):
      bitbake: cooker: Cleanup the queue before call process.join()
      bitbake: knotty: Fix for the Second Keyboard Interrupt
      bitbake: bitbake: server/process: Handle BBHandledException to avoid unexpected exceptions

Ross Burton (23):
      libidn2: remove build paths from libidn2.pc
      gnutls: don't use HOSTTOOLS_DIR/bash as a shell on target
      libical: upgrade to 3.0.5
      perl: fix whitespace
      perl: add PACKAGECONFIG for db
      fortran-helloworld: neaten recipe
      python3: remove empty python3-distutils-staticdev
      python3: support recommends in manifest
      python3: split out the Windows distutils installer stubs
      insane: check if the recipe incorrectly uses DEPENDS_${PN}
      libxx86misc: remove this now redundant library
      xserver-xorg: clean up xorgproto dependencies
      xserver-xorg: add PACKAGECONFIG for DGA
      xdpyinfo: don't depend on DGA
      libxx86dga: remove obsolete client libary
      xserver-xorg: remove embedded build path in the source
      libx11: update to 1.6.8
      sanity: update for new bb.build.exec_func() behaviour
      libx11-diet: remove
      qemu: fix patch Upstream-Status
      xserver-xorg: refresh build path removal patch
      waffle: upgrade 1.5.2 -> 1.6.0
      libx11: replace libtool patch with upstreamed patch

Tim Blechmann (1):
      deb: allow custom dpkg command

Trevor Gamblin (2):
      gzip: update ptest package dependencies
      patch: fix CVE-2019-13638

Wenlin Kang (1):
      db: add switch for building database verification

Will Page (1):
      uboot: fixes to uboot-extlinux-config attribute values

William Bourque (1):
      meta/lib/oeqa: Remove ext4 for bootimg-biosplusefi

Yi Zhao (1):
      libx11-compose-data: upgrade 1.6.7 -> 1.6.8

Yuan Chao (4):
      glib-2.0:upgrade 2.60.5 -> 2.60.6
      nettle:upgrade 3.4.1 -> 3.5.1
      python3-pbr:upgrade 5.4.1 -> 5.4.2
      gpgme:upgrade 1.13.0 -> 1.13.1

Zang Ruochen (8):
      msmtp: upgrade 1.8.4 -> 1.8.5
      curl: upgrade 7.65.2 -> 7.65.3
      iso-codes: upgrade 4.2 -> 4.3
      python-scons:upgrade 3.0.5 -> 3.1.0
      libgudev:upgrade 232 -> 233
      libglu:upgrade 9.0.0 -> 9.0.1
      man-db:upgrade 2.8.5 -> 2.8.6.1
      libnewt:upgrade 0.52.20 -> 0.52.21

Zheng Ruoqin (1):
      python3-mako: 1.0.14 -> 1.1.0

Zoltan Kuscsik (1):
      kmscube: update to latest revision

Change-Id: I2cd1a0d59da46725b1aba5a79b63eb6121b3c79e
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
diff --git a/poky/scripts/create-pull-request b/poky/scripts/create-pull-request
index 3ce03d6..8eefcf6 100755
--- a/poky/scripts/create-pull-request
+++ b/poky/scripts/create-pull-request
@@ -123,20 +123,12 @@
 
 # Rewrite private URLs to public URLs
 # Determine the repository name for use in the WEB_URL later
-case "$REMOTE_URL" in
-*@*)
-	USER_RE="[A-Za-z0-9_.@][A-Za-z0-9_.@-]*\$\?"
-	PROTO_RE="[a-z][a-z+]*://"
-	GIT_RE="\(^\($PROTO_RE\)\?$USER_RE@\)\([^:/]*\)[:/]\(.*\)"
-	REMOTE_URL=${REMOTE_URL%.git}
-	REMOTE_REPO=$(echo $REMOTE_URL | sed "s#$GIT_RE#\4#")
-	REMOTE_URL=$(echo $REMOTE_URL | sed "s#$GIT_RE#git://\3/\4#")
-	;;
-*)
-	echo "WARNING: Unrecognized remote URL: $REMOTE_URL"
-	echo "         The pull and browse URLs will likely be incorrect"
-	;;
-esac
+USER_RE="[A-Za-z0-9_.@][A-Za-z0-9_.@-]*\$\?"
+PROTO_RE="[a-z][a-z+]*://"
+GIT_RE="\(^\($PROTO_RE\)\?\)\($USER_RE@\)\?\([^:/]*\)[:/]\(.*\)"
+REMOTE_URL=${REMOTE_URL%.git}
+REMOTE_REPO=$(echo $REMOTE_URL | sed "s#$GIT_RE#\5#")
+REMOTE_URL=$(echo $REMOTE_URL | sed "s#$GIT_RE#git://\4/\5#")
 
 if [ -z "$BRANCH" ]; then
 	BRANCH=$(git branch | grep -e "^\* " | cut -d' ' -f2)
@@ -265,7 +257,7 @@
 
 # Replace the SUBJECT token with it.
 if [ -n "$SUBJECT" ]; then
-	sed -i -e "s/\*\*\* SUBJECT HERE \*\*\*/$SUBJECT/" "$CL"
+	sed -i -e "s\`\*\*\* SUBJECT HERE \*\*\*\`$SUBJECT\`" "$CL"
 fi
 
 
diff --git a/poky/scripts/lib/wic/ksparser.py b/poky/scripts/lib/wic/ksparser.py
index 3e67003..6a643ba 100644
--- a/poky/scripts/lib/wic/ksparser.py
+++ b/poky/scripts/lib/wic/ksparser.py
@@ -151,6 +151,8 @@
         part.add_argument('--part-name')
         part.add_argument('--part-type')
         part.add_argument('--rootfs-dir')
+        part.add_argument('--type', default='primary',
+                choices = ('primary', 'logical'))
 
         # --size and --fixed-size cannot be specified together; options
         # ----extra-space and --overhead-factor should also raise a parser
diff --git a/poky/scripts/lib/wic/partition.py b/poky/scripts/lib/wic/partition.py
index 01466b2..2a71d7b 100644
--- a/poky/scripts/lib/wic/partition.py
+++ b/poky/scripts/lib/wic/partition.py
@@ -50,6 +50,7 @@
         self.use_uuid = args.use_uuid
         self.uuid = args.uuid
         self.fsuuid = args.fsuuid
+        self.type = args.type
 
         self.lineno = lineno
         self.source_file = ""
@@ -211,19 +212,13 @@
         if os.path.isfile(rootfs):
             os.remove(rootfs)
 
-        # Get rootfs size from bitbake variable if it's not set in .ks file
+        # If size is not specified compute it from the rootfs_dir size
         if not self.size and real_rootfs:
-            # Bitbake variable ROOTFS_SIZE is calculated in
-            # Image._get_rootfs_size method from meta/lib/oe/image.py
-            # using IMAGE_ROOTFS_SIZE, IMAGE_ROOTFS_ALIGNMENT,
-            # IMAGE_OVERHEAD_FACTOR and IMAGE_ROOTFS_EXTRA_SPACE
-            rsize_bb = get_bitbake_var('ROOTFS_SIZE')
-            if rsize_bb:
-                logger.warning('overhead-factor was specified, but size was not,'
-                               ' so bitbake variables will be used for the size.'
-                               ' In this case both IMAGE_OVERHEAD_FACTOR and '
-                               '--overhead-factor will be applied')
-                self.size = int(round(float(rsize_bb)))
+            # Use the same logic found in get_rootfs_size()
+            # from meta/classes/image.bbclass
+            du_cmd = "du -ks %s" % rootfs_dir
+            out = exec_cmd(du_cmd)
+            self.size = int(out.split()[0])
 
         prefix = "ext" if self.fstype.startswith("ext") else self.fstype
         method = getattr(self, "prepare_rootfs_" + prefix)
diff --git a/poky/scripts/lib/wic/plugins/imager/direct.py b/poky/scripts/lib/wic/plugins/imager/direct.py
index 91fc5e7..3ce6ad5 100644
--- a/poky/scripts/lib/wic/plugins/imager/direct.py
+++ b/poky/scripts/lib/wic/plugins/imager/direct.py
@@ -300,6 +300,10 @@
         self.path = path  # Path to the image file
         self.numpart = 0  # Number of allocated partitions
         self.realpart = 0 # Number of partitions in the partition table
+        self.primary_part_num = 0  # Number of primary partitions (msdos)
+        self.extendedpart = 0      # Create extended partition before this logical partition (msdos)
+        self.extended_size_sec = 0 # Size of exteded partition (msdos)
+        self.logical_part_cnt = 0  # Number of total logical paritions (msdos)
         self.offset = 0   # Offset of next partition (in sectors)
         self.min_size = 0 # Minimum required disk size to fit
                           # all partitions (in bytes)
@@ -391,12 +395,16 @@
                 # Skip one sector required for the partitioning scheme overhead
                 self.offset += overhead
 
-            if self.realpart > 3 and num_real_partitions > 4:
+            if self.ptable_format == "msdos":
+                if self.primary_part_num > 3 or \
+                   (self.extendedpart == 0 and self.primary_part_num >= 3 and num_real_partitions > 4):
+                    part.type = 'logical'
                 # Reserve a sector for EBR for every logical partition
                 # before alignment is performed.
-                if self.ptable_format == "msdos":
+                if part.type == 'logical':
                     self.offset += 1
 
+            align_sectors = 0
             if part.align:
                 # If not first partition and we do have alignment set we need
                 # to align the partition.
@@ -422,18 +430,25 @@
             part.start = self.offset
             self.offset += part.size_sec
 
-            part.type = 'primary'
             if not part.no_table:
                 part.num = self.realpart
             else:
                 part.num = 0
 
-            if self.ptable_format == "msdos":
-                # only count the partitions that are in partition table
-                if num_real_partitions > 4:
-                    if self.realpart > 3:
-                        part.type = 'logical'
-                        part.num = self.realpart + 1
+            if self.ptable_format == "msdos" and not part.no_table:
+                if part.type == 'logical':
+                    self.logical_part_cnt += 1
+                    part.num = self.logical_part_cnt + 4
+                    if self.extendedpart == 0:
+                        # Create extended partition as a primary partition
+                        self.primary_part_num += 1
+                        self.extendedpart = part.num
+                    else:
+                        self.extended_size_sec += align_sectors
+                    self.extended_size_sec += part.size_sec + 1
+                else:
+                    self.primary_part_num += 1
+                    part.num = self.primary_part_num
 
             logger.debug("Assigned %s to %s%d, sectors range %d-%d size %d "
                          "sectors (%d bytes).", part.mountpoint, part.disk,
@@ -483,7 +498,7 @@
             if part.num == 0:
                 continue
 
-            if self.ptable_format == "msdos" and part.num == 5:
+            if self.ptable_format == "msdos" and part.num == self.extendedpart:
                 # Create an extended partition (note: extended
                 # partition is described in MBR and contains all
                 # logical partitions). The logical partitions save a
@@ -497,7 +512,7 @@
                 # room for all logical partitions.
                 self._create_partition(self.path, "extended",
                                        None, part.start - 1,
-                                       self.offset - part.start + 1)
+                                       self.extended_size_sec)
 
             if part.fstype == "swap":
                 parted_fs_type = "linux-swap"
diff --git a/poky/scripts/runqemu b/poky/scripts/runqemu
index 4079f2b..df3c8aa 100755
--- a/poky/scripts/runqemu
+++ b/poky/scripts/runqemu
@@ -119,19 +119,6 @@
                     return f
     return ''
 
-def check_free_port(host, port):
-    """ Check whether the port is free or not """
-    import socket
-    from contextlib import closing
-
-    with closing(socket.socket(socket.AF_INET, socket.SOCK_STREAM)) as sock:
-        if sock.connect_ex((host, port)) == 0:
-            # Port is open, so not free
-            return False
-        else:
-            # Port is not open, so free
-            return True
-
 class BaseConfig(object):
     def __init__(self):
         # The self.d saved vars from self.set(), part of them are from qemuboot.conf
@@ -161,6 +148,10 @@
         # Setting one also adds "-vga std" because that is all that
         # OVMF supports.
         self.ovmf_bios = []
+        # When enrolling default Secure Boot keys, the hypervisor
+        # must provide the Platform Key and the first Key Exchange Key
+        # certificate in the Type 11 SMBIOS table.
+        self.ovmf_secboot_pkkek1 = ''
         self.qemuboot = ''
         self.qbconfload = False
         self.kernel = ''
@@ -181,14 +172,15 @@
         self.audio_enabled = False
         self.tcpserial_portnum = ''
         self.custombiosdir = ''
-        self.lock = ''
-        self.lock_descriptor = None
+        self.taplock = ''
+        self.taplock_descriptor = None
+        self.portlocks = {}
         self.bitbake_e = ''
         self.snapshot = False
         self.wictypes = ('wic', 'wic.vmdk', 'wic.qcow2', 'wic.vdi')
         self.fstypes = ('ext2', 'ext3', 'ext4', 'jffs2', 'nfs', 'btrfs',
                         'cpio.gz', 'cpio', 'ramfs', 'tar.bz2', 'tar.gz')
-        self.vmtypes = ('hddimg', 'hdddirect', 'iso')
+        self.vmtypes = ('hddimg', 'iso')
         self.fsinfo = {}
         self.network_device = "-device e1000,netdev=net0,mac=@MAC@"
         # Use different mac section for tap and slirp to avoid
@@ -204,30 +196,78 @@
         # avoid cleanup twice
         self.cleaned = False
 
-    def acquire_lock(self, error=True):
-        logger.debug("Acquiring lockfile %s..." % self.lock)
+    def acquire_taplock(self, error=True):
+        logger.debug("Acquiring lockfile %s..." % self.taplock)
         try:
-            self.lock_descriptor = open(self.lock, 'w')
-            fcntl.flock(self.lock_descriptor, fcntl.LOCK_EX|fcntl.LOCK_NB)
+            self.taplock_descriptor = open(self.taplock, 'w')
+            fcntl.flock(self.taplock_descriptor, fcntl.LOCK_EX|fcntl.LOCK_NB)
         except Exception as e:
-            msg = "Acquiring lockfile %s failed: %s" % (self.lock, e)
+            msg = "Acquiring lockfile %s failed: %s" % (self.taplock, e)
             if error:
                 logger.error(msg)
             else:
                 logger.info(msg)
-            if self.lock_descriptor:
-                self.lock_descriptor.close()
-                self.lock_descriptor = None
+            if self.taplock_descriptor:
+                self.taplock_descriptor.close()
+                self.taplock_descriptor = None
             return False
         return True
 
-    def release_lock(self):
-        if self.lock_descriptor:
+    def release_taplock(self):
+        if self.taplock_descriptor:
             logger.debug("Releasing lockfile for tap device '%s'" % self.tap)
-            fcntl.flock(self.lock_descriptor, fcntl.LOCK_UN)
-            self.lock_descriptor.close()
-            os.remove(self.lock)
-            self.lock_descriptor = None
+            fcntl.flock(self.taplock_descriptor, fcntl.LOCK_UN)
+            self.taplock_descriptor.close()
+            os.remove(self.taplock)
+            self.taplock_descriptor = None
+
+    def check_free_port(self, host, port, lockdir):
+        """ Check whether the port is free or not """
+        import socket
+        from contextlib import closing
+
+        lockfile = os.path.join(lockdir, str(port) + '.lock')
+        if self.acquire_portlock(lockfile):
+            with closing(socket.socket(socket.AF_INET, socket.SOCK_STREAM)) as sock:
+                if sock.connect_ex((host, port)) == 0:
+                    # Port is open, so not free
+                    self.release_portlock(lockfile)
+                    return False
+                else:
+                    # Port is not open, so free
+                    return True
+        else:
+            return False
+
+    def acquire_portlock(self, lockfile):
+        logger.debug("Acquiring lockfile %s..." % lockfile)
+        try:
+            portlock_descriptor = open(lockfile, 'w')
+            self.portlocks.update({lockfile: portlock_descriptor})
+            fcntl.flock(self.portlocks[lockfile], fcntl.LOCK_EX|fcntl.LOCK_NB)
+        except Exception as e:
+            msg = "Acquiring lockfile %s failed: %s" % (lockfile, e)
+            logger.info(msg)
+            if lockfile in self.portlocks.keys() and self.portlocks[lockfile]:
+                self.portlocks[lockfile].close()
+                del self.portlocks[lockfile]
+            return False
+        return True
+
+    def release_portlock(self, lockfile=None):
+        if lockfile != None:
+           logger.debug("Releasing lockfile '%s'" % lockfile)
+           fcntl.flock(self.portlocks[lockfile], fcntl.LOCK_UN)
+           self.portlocks[lockfile].close()
+           os.remove(lockfile)
+           del self.portlocks[lockfile]
+        elif len(self.portlocks):
+            for lockfile, descriptor in self.portlocks.items():
+                logger.debug("Releasing lockfile '%s'" % lockfile)
+                fcntl.flock(descriptor, fcntl.LOCK_UN)
+                descriptor.close()
+                os.remove(lockfile)
+            self.portlocks = {}
 
     def get(self, key):
         if key in self.d:
@@ -602,6 +642,23 @@
         if not os.path.exists(self.rootfs):
             raise RunQemuError("Can't find rootfs: %s" % self.rootfs)
 
+    def setup_pkkek1(self):
+        """
+        Extract from PEM certificate the Platform Key and first Key
+        Exchange Key certificate string. The hypervisor needs to provide
+        it in the Type 11 SMBIOS table
+        """
+        pemcert = '%s/%s' % (self.get('DEPLOY_DIR_IMAGE'), 'OvmfPkKek1.pem')
+        try:
+            with open(pemcert, 'r') as pemfile:
+                key = pemfile.read().replace('\n', ''). \
+                      replace('-----BEGIN CERTIFICATE-----', ''). \
+                      replace('-----END CERTIFICATE-----', '')
+                self.ovmf_secboot_pkkek1 = key
+
+        except FileNotFoundError:
+            raise RunQemuError("Can't open PEM certificate %s " % pemcert)
+
     def check_ovmf(self):
         """Check and set full path for OVMF firmware and variable file(s)."""
 
@@ -612,6 +669,8 @@
                 path = '%s/%s.%s' % (self.get('DEPLOY_DIR_IMAGE'), ovmf, suffix)
                 if os.path.exists(path):
                     self.ovmf_bios[index] = path
+                    if ovmf.endswith('secboot'):
+                        self.setup_pkkek1()
                     break
             else:
                 raise RunQemuError("Can't find OVMF firmware: %s" % ovmf)
@@ -878,6 +937,8 @@
             print('ROOTFS: [%s]' % self.rootfs)
         if self.ovmf_bios:
             print('OVMF: %s' % self.ovmf_bios)
+        if (self.ovmf_secboot_pkkek1):
+            print('SECBOOT PKKEK1: [%s...]' % self.ovmf_secboot_pkkek1[0:100])
         print('CONFFILE: [%s]' % self.qemuboot)
         print('')
 
@@ -958,10 +1019,21 @@
         ports = re.findall('hostfwd=[^-]*:([0-9]+)-[^,-]*', qb_slirp_opt)
         ports = [int(i) for i in ports]
         mac = 2
+
+        lockdir = "/tmp/qemu-port-locks"
+        if not os.path.exists(lockdir):
+            # There might be a race issue when multi runqemu processess are
+            # running at the same time.
+            try:
+                os.mkdir(lockdir)
+                os.chmod(lockdir, 0o777)
+            except FileExistsError:
+                pass
+
         # Find a free port to avoid conflicts
         for p in ports[:]:
             p_new = p
-            while not check_free_port('localhost', p_new):
+            while not self.check_free_port('localhost', p_new, lockdir):
                 p_new += 1
                 mac += 1
                 while p_new in ports:
@@ -1016,8 +1088,8 @@
             if os.path.exists('%s.skip' % lockfile):
                 logger.info('Found %s.skip, skipping %s' % (lockfile, p))
                 continue
-            self.lock = lockfile + '.lock'
-            if self.acquire_lock(error=False):
+            self.taplock = lockfile + '.lock'
+            if self.acquire_taplock(error=False):
                 tap = p
                 logger.info("Using preconfigured tap device %s" % tap)
                 logger.info("If this is not intended, touch %s.skip to make runqemu skip %s." %(lockfile, tap))
@@ -1035,8 +1107,8 @@
             cmd = ('sudo', self.qemuifup, str(uid), str(gid), self.bindir_native)
             tap = subprocess.check_output(cmd).decode('utf-8').strip()
             lockfile = os.path.join(lockdir, tap)
-            self.lock = lockfile + '.lock'
-            self.acquire_lock()
+            self.taplock = lockfile + '.lock'
+            self.acquire_taplock()
             self.cleantap = True
             logger.debug('Created tap: %s' % tap)
 
@@ -1215,6 +1287,13 @@
 
         self.qemu_opt += ' ' + self.qemu_opt_script
 
+        if self.ovmf_secboot_pkkek1:
+			# Provide the Platform Key and first Key Exchange Key certificate as an
+			# OEM string in the SMBIOS Type 11 table. Prepend the certificate string
+			# with "application prefix" of the EnrollDefaultKeys.efi application
+            self.qemu_opt += ' -smbios type=11,value=4e32566d-8e9e-4f52-81d3-5bb9715f9727:' \
+                             + self.ovmf_secboot_pkkek1
+
         # Append qemuparams to override previous settings
         if self.qemuparams:
             self.qemu_opt += ' ' + self.qemuparams
@@ -1268,8 +1347,11 @@
         cmds = shlex.split(cmd)
         logger.info('Running %s\n' % cmd)
         pass_fds = []
-        if self.lock_descriptor:
-            pass_fds = [self.lock_descriptor.fileno()]
+        if self.taplock_descriptor:
+            pass_fds = [self.taplock_descriptor.fileno()]
+        if len(self.portlocks):
+            for descriptor in self.portlocks.values():
+                pass_fds.append(descriptor.fileno())
         process = subprocess.Popen(cmds, stderr=subprocess.PIPE, pass_fds=pass_fds)
         self.qemupid = process.pid
         retcode = process.wait()
@@ -1291,7 +1373,8 @@
             cmd = ('sudo', self.qemuifdown, self.tap, self.bindir_native)
             logger.debug('Running %s' % str(cmd))
             subprocess.check_call(cmd)
-        self.release_lock()
+        self.release_taplock()
+        self.release_portlock()
 
         if self.nfs_running:
             logger.info("Shutting down the userspace NFS server...")