Skip to content

Jailhouse: move config fragment to kernel features#1015

Merged
ricardosalveti merged 4 commits intofoundriesio:mainfrom
quaresmajose:jailhouse
Jan 25, 2023
Merged

Jailhouse: move config fragment to kernel features#1015
ricardosalveti merged 4 commits intofoundriesio:mainfrom
quaresmajose:jailhouse

Conversation

@quaresmajose
Copy link
Copy Markdown
Member

@quaresmajose quaresmajose commented Jan 24, 2023

No description provided.

@quaresmajose quaresmajose force-pushed the jailhouse branch 3 times, most recently from a424662 to 1afe399 Compare January 24, 2023 10:39
@quaresmajose
Copy link
Copy Markdown
Member Author

quaresmajose commented Jan 24, 2023

Tested on am62xx-evm and imx8mp-lpddr4-evk.

@quaresmajose quaresmajose mentioned this pull request Jan 24, 2023
Merged
MrCry0
MrCry0 approved these changes Jan 24, 2023
View reviewed changes
Copy link
Copy Markdown
Contributor

@MrCry0 MrCry0 left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

.

@angolini
Copy link
Copy Markdown
Contributor

angolini commented Jan 24, 2023

I always get confused with the commit order presented here in github, so in case I'm wrong, please ignore my comment. But it looks to me that the first commit should be the last. First, you make the file available for every machine, and then you remove it from one specific machine.

@angolini
Copy link
Copy Markdown
Contributor

angolini commented Jan 24, 2023

I wonder if it's not time to migrate the cfg file to the lmp-kernel-cache repository instead of keeping it as a file in the layer. Because this PR is making this accessible for all machines.

I know controlling kernel features from the distro POV always generates a lot of discussions, and I'm not trying to stress that. I'm good with whatever is proposed.

@ricardosalveti
Copy link
Copy Markdown
Member

ricardosalveti commented Jan 24, 2023

Yeah, I would prefer this one to be available in lmp-kernel-cache, and included as we include modsign (I added this one as part of linux-lmp-ti-staging because the kernel is still 5.10 based, but we can also move it to kernel cache).

meta-security/meta-integrity/recipes-kernel/linux/linux_ima.inc:KERNEL_FEATURES:append = " ${@bb.utils.contains('DISTRO_FEATURES', 'modsign', ' features/ima/modsign.scc', '', d)}"

@quaresmajose would you mind creating a features file for jailhouse and add in lmp-kernel-cache for both 5.10 and 5.15 (and master)?

@quaresmajose
Copy link
Copy Markdown
Member Author

quaresmajose commented Jan 24, 2023

@ricardosalveti and @angolini I will move the fragment to lmp-kernel-cache and made the required adaption on this PR

@MrCry0 MrCry0 self-requested a review January 25, 2023 11:11
MrCry0
MrCry0 suggested changes Jan 25, 2023
View reviewed changes
Copy link
Copy Markdown
Contributor

@MrCry0 MrCry0 left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we don't really need to add and then revert commits :)
Could you remove 1st 6 commits of this PR?

@quaresmajose
Copy link
Copy Markdown
Member Author

quaresmajose commented Jan 25, 2023

I am testing this PR on foundriesio/lmp-manifest#291 and if everything looks good I cleanup this PR

@quaresmajose quaresmajose marked this pull request as draft January 25, 2023 11:22
@quaresmajose
base: kmeta-linux-lmp-5.15.y: bump to 1bed6c0
d912608 
Relevant changes:
- 1bed6c0 Revert "bsp: imx8mmevk: add options for jailhouse"
- 93bfb76 Revert "bsp: imx8mn-evk: add options for jailhouse"
- 1e30c49 features: Adds jailhouse

Signed-off-by: Jose Quaresma <[email protected]>
@quaresmajose
base: kmeta-linux-lmp-5.10.y: bump to f9377bf
4cf7d9e 
Relevant changes:
- f9377bf features: Adds jailhouse

Signed-off-by: Jose Quaresma <[email protected]>
@quaresmajose
base: kernel: linux-lmp: Adds jailhouse features
2a5166c 
Signed-off-by: Jose Quaresma <[email protected]>
@quaresmajose
bsp: linux-lmp-ti-staging: remove jailhouse kernel config fragment
b0514a5 
The config fragment is now a kernel future and is enabled
with a machine future.

Signed-off-by: Jose Quaresma <[email protected]>
@quaresmajose quaresmajose changed the title Jailhouse: Makes jailhouse kernel config fragment global to all machines Jailhouse: move config fragment to kernel features Jan 25, 2023
@quaresmajose quaresmajose marked this pull request as ready for review January 25, 2023 14:50
ricardosalveti
ricardosalveti approved these changes Jan 25, 2023
View reviewed changes
Copy link
Copy Markdown
Member

@ricardosalveti ricardosalveti left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice, thanks for cleaning this up.

@ricardosalveti ricardosalveti merged commit 535d9db into foundriesio:main Jan 25, 2023
@quaresmajose quaresmajose deleted the jailhouse branch January 25, 2023 14:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@angolini angolini angolini approved these changes

@ricardosalveti ricardosalveti ricardosalveti approved these changes

+1 more reviewer

@MrCry0 MrCry0 MrCry0 requested changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@quaresmajose @angolini @ricardosalveti @MrCry0