add xen distro and image

Signed-off-by: Michał Iwanicki <[email protected]>
Signed-off-by: Eduard Kaverinskyi <[email protected]>
Signed-off-by: Maciej Pijanowski <[email protected]>

Author: EduKav1813

conf/distro/include/tb-distro-common.conf

@@ -0,0 +1,48 @@
+require conf/distro/poky.conf
+
+DISTRO_NAME = "Zarhus distro for demonstration purposes of TrenchBoot project"
+DISTRO_VERSION = "0.2.0"
+SDK_VENDOR = "-tbsdk"
+
+MAINTAINER = "3mdeb Sp. z o. o. <[email protected]>"
+
+TARGET_VENDOR = "-tb"
+
+DISTRO_FEATURES = " \
+    ext2 \
+    keyboard \
+    largefile \
+    ldconfig \
+    nfs \
+    pci \
+    systemd \
+    usbgadget \
+    usbhost \
+    tpm2 \
+    usrmerge \
+"
+
+# set content of boot partition
+IMAGE_EFI_BOOT_FILES = " \
+    skl.bin \
+    acm/*;acm/ \
+"
+
+# adds initramfs image to handle label option from grub.cfg
+INITRAMFS_IMAGE = "core-image-initramfs-boot"
+INITRAMFS_IMAGE_BUNDLE = "1"
+
+# wks related variables
+WKS_FILES = "trenchboot-image-efipluslegacy.wks"
+WKS_FILE_DEPENDS:append = " grub-native"
+
+# explicitly use systemd and disable sysvinit completely
+VIRTUAL-RUNTIME_init_manager = "systemd"
+VIRTUAL-RUNTIME_initscripts = ""
+VIRTUAL-RUNTIME_syslog = ""
+DISTRO_FEATURES_BACKFILL_CONSIDERED += "sysvinit"
+
+# use TrenchBoot Linux and GRUB
+PREFERRED_PROVIDER_virtual/kernel = "linux-tb"
+PREFERRED_PROVIDER_bootloader/kernel = "grub"
+PREFERRED_VERSION_linux-tb ?= "6.6%"

conf/distro/tb-distro.conf

@@ -1,50 +1,3 @@
-require conf/distro/poky.conf
+require conf/distro/include/tb-distro-common.conf
 
 DISTRO = "tb-distro"
-
-DISTRO_NAME = "Zarhus distro for demonstration purposes of TrenchBoot project"
-DISTRO_VERSION = "0.2.0"
-SDK_VENDOR = "-tbsdk"
-
-MAINTAINER = "3mdeb Sp. z o. o. <[email protected]>"
-
-TARGET_VENDOR = "-tb"
-
-DISTRO_FEATURES = " \
-    ext2 \
-    keyboard \
-    largefile \
-    ldconfig \
-    nfs \
-    pci \
-    systemd \
-    usbgadget \
-    usbhost \
-    tpm2 \
-    usrmerge \
-"
-
-# set content of boot partition
-IMAGE_EFI_BOOT_FILES = " \
-    skl.bin \
-    acm/*;acm/ \
-"
-
-# adds initramfs image to handle label option from grub.cfg
-INITRAMFS_IMAGE = "core-image-initramfs-boot"
-INITRAMFS_IMAGE_BUNDLE = "1"
-
-# wks related variables
-WKS_FILES = "trenchboot-image-efipluslegacy.wks"
-WKS_FILE_DEPENDS:append = " grub-native"
-
-# explicitly use systemd and disable sysvinit completely
-VIRTUAL-RUNTIME_init_manager = "systemd"
-VIRTUAL-RUNTIME_initscripts = ""
-VIRTUAL-RUNTIME_syslog = ""
-DISTRO_FEATURES_BACKFILL_CONSIDERED += "sysvinit"
-
-# use TrenchBoot Linux and GRUB
-PREFERRED_PROVIDER_virtual/kernel = "linux-tb"
-PREFERRED_PROVIDER_bootloader/kernel = "grub"
-PREFERRED_VERSION_linux-tb ?= "6.6%"

conf/distro/tb-xen-distro.conf

@@ -0,0 +1,13 @@
+require conf/distro/include/tb-distro-common.conf
+
+DISTRO = "tb-xen-distro"
+DISTRO_FEATURES += "virtualization xen"
+
+IMAGE_EFI_BOOT_FILES += " \
+    xen-${MACHINE};xen \
+"
+
+PREFERRED_VERSION_xen = "4.17+tb"
+# TODO: for some reason, building tools from TB fork does not build all of the
+# tools - many basic binaries are missing
+PREFERRED_VERSION_xen-tools = "4.17+stable"

kas-xen-tb.yml

@@ -0,0 +1,15 @@
+---
+header:
+  version: 8
+  includes:
+    - kas/common.yml
+
+repos:
+  meta-virtualization:
+    url: https://git.yoctoproject.org/git/meta-virtualization
+    refspec: 54b806b1985f3989722ee308e1073530fe3328c1
+
+distro: tb-xen-distro
+machine: genericx86-64
+target:
+  - tb-xen-image

kas/common.yml

@@ -9,7 +9,7 @@ repos:
 
   poky:
     url: https://github.com/zarhus/poky.git
-    refspec: 8bd68e6bf77a2b90ac7332e545d6f9761e814878
+    refspec: 0bb7dda99977a3366a0e2f55473dd516eec57346
     layers:
       meta:
       meta-poky:

recipes-bsp/grub/grub-tb-common.inc

@@ -5,7 +5,7 @@ SRC_URI = " \
            git://github.com/coreutils/gnulib;name=gnulib;branch=${BRANCH_gnulib};protocol=https;destsuffix=git/gnulib \
           "
 
-BRANCH_grub = "intel-txt-aem-2.06-rebased"
+BRANCH_grub = "intel-txt-aem-2.06"
 SRCREV_grub = "85ccfdc700a1640c148909cbbad777ba6d7d124b"
 
 # We add gnulib to SRC_URI to avoid downloading it during the do_configure().
@@ -17,7 +17,7 @@ SRCREV_grub = "85ccfdc700a1640c148909cbbad777ba6d7d124b"
 # with the bootstrap.conf, otherwise it will be sync during do_configure()
 # again.
 BRANCH_gnulib = "master"
-SRCREV_gnulib = "9f48fb992a3d7e96610c4ce8be969cff2d61a01b"
+SRCREV_gnulib = "e87d09bee37eeb742b8a34c9054cd2ebde22b835"
 
 SRCREV_FORMAT = "grub_gnulib"
 

recipes-extended/images/tb-xen-image.bb

@@ -0,0 +1,34 @@
+require tb-minimal-image.bb
+
+# Based on xen-image-minimal from meta-virtualization
+
+# Linux kernel option CONFIG_XEN_PCIDEV_BACKEND depends on X86
+XEN_PCIBACK_MODULE = ""
+XEN_PCIBACK_MODULE:x86 = "kernel-module-xen-pciback"
+XEN_PCIBACK_MODULE:x86-64 = "kernel-module-xen-pciback"
+XEN_ACPI_PROCESSOR_MODULE = ""
+XEN_ACPI_PROCESSOR_MODULE:x86 = "kernel-module-xen-acpi-processor"
+XEN_ACPI_PROCESSOR_MODULE:x86-64 = "kernel-module-xen-acpi-processor"
+
+XEN_KERNEL_MODULES ?= " \
+                       kernel-module-xen-blkback kernel-module-xen-gntalloc kernel-module-tun \
+                       kernel-module-xen-gntdev kernel-module-xen-netback kernel-module-xen-wdt \
+                       ${@bb.utils.contains('MACHINE_FEATURES', 'pci', "${XEN_PCIBACK_MODULE}", '', d)} \
+                       ${@bb.utils.contains('MACHINE_FEATURES', 'acpi', '${XEN_ACPI_PROCESSOR_MODULE}', '', d)} \
+                      "
+
+IMAGE_INSTALL:append = " \
+                        ${XEN_KERNEL_MODULES} \
+                        xen-tools \
+                        qemu \
+                        kernel-image \
+                        kernel-vmlinux \
+                        "
+
+do_check_xen_state() {
+    if [ "${@bb.utils.contains('DISTRO_FEATURES', 'xen', ' yes', 'no', d)}" = "no" ]; then
+        die "DISTRO_FEATURES does not contain 'xen'"
+    fi
+}
+
+addtask check_xen_state before do_rootfs

recipes-extended/xen/xen-tb.inc

@@ -0,0 +1,12 @@
+LIC_FILES_CHKSUM ?= "file://COPYING;md5=d1a1e216f80b6d8da95fec897d0dbec9"
+
+PV = "${XEN_REL}+tb"
+
+SRC_URI = "git://github.com/TrenchBoot/xen.git;branch=${XEN_BRANCH};protocol=https"
+
+SRCREV = "0b53c6a5b796f3b1a146f612fd06fa37d1bf7714"
+
+S = "${WORKDIR}/git"
+
+XEN_REL = "4.17"
+XEN_BRANCH = "aem_intel_fixes_v0.4.1"

recipes-extended/xen/xen-tools_tb.bb

@@ -0,0 +1,7 @@
+# nooelint: oelint.var.mandatoryvar.HOMEPAGE,oelint.var.mandatoryvar.SUMMARY,oelint.var.mandatoryvar.LICENSE
+
+require xen-tb.inc
+# nooelint: oelint.file.requirenotfound
+require recipes-extended/xen/xen.inc
+# nooelint: oelint.file.requirenotfound
+require recipes-extended/xen/xen-tools.inc

recipes-extended/xen/xen_tb.bb

@@ -0,0 +1,7 @@
+# nooelint: oelint.var.mandatoryvar.HOMEPAGE,oelint.var.mandatoryvar.SUMMARY,oelint.var.mandatoryvar.LICENSE
+
+require xen-tb.inc
+# nooelint: oelint.file.requirenotfound
+require recipes-extended/xen/xen.inc
+# nooelint: oelint.file.requirenotfound
+require recipes-extended/xen/xen-hypervisor.inc

recipes-support/skl/skl_git.bb

@@ -7,9 +7,8 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=4641e94ec96f98fabc56ff9cc48be14b"
 
 DEPENDS = "util-linux-native"
 
-SRC_URI = "git://github.com/TrenchBoot/secure-kernel-loader.git;protocol=https;branch=${BRANCH};name=skl"
-BRANCH = "shrink_measured_size"
-SRCREV = "18f535843b22e784dbbc8e1ec11d8dc099b3d0fe"
+SRC_URI = "git://github.com/TrenchBoot/secure-kernel-loader.git;protocol=https;nobranch=1;tag=${TAG};name=skl"
+TAG = "v0.4.0"
 
 TUNE_CCARGS:remove = "-msse3 -mfpmath=sse"
 

wic/grub.cfg

@@ -1,15 +1,22 @@
 serial --unit=0 --speed=115200 --word=8 --parity=no --stop=1
+set debug=linux,relocator,multiboot,multiboot_loader,slaunch
 terminal_output console serial
 terminal_input console serial
 default=boot
 timeout=5
 
-menuentry 'boot'{
+insmod multiboot2
+insmod slaunch
+
+menuentry 'Boot Linux normally'{
+  echo 'Loading Linux ...'
   linux /bzImage-initramfs-genericx86-64.bin rootwait root=LABEL=root rootfstype=ext4 console=ttyS0,115200 earlyprintk=serial,ttyS0,115200
 }
 
-menuentry 'slaunch-boot'{
+menuentry 'Boot Linux with DRTM'{
+  echo 'Enabling slaunch ...'
   slaunch
+  echo 'Loading ACMs ...'
   slaunch_module /skl.bin
   slaunch_module /acm/ADL_SINIT_v1_18_16_20230427_REL_NT_O1.PW_signed.bin
   slaunch_module /acm/BDW_SINIT_20190708_1.3.2_PW.bin
@@ -21,5 +28,34 @@ menuentry 'slaunch-boot'{
   slaunch_module /acm/SKL_KBL_AML_SINIT_20211019_PRODUCTION_REL_NT_O1_1.10.0.bin
   slaunch_module /acm/SNB_IVB_SINIT_20190708_PW.bin
   slaunch_module /acm/TGL_SINIT_v1_14_46_20220819_REL_NT_O1.PW_signed.bin
+  echo 'Loading Linux ...'
   linux /bzImage-initramfs-genericx86-64.bin rootwait root=LABEL=root rootfstype=ext4 console=ttyS0,115200 earlyprintk=serial,ttyS0,115200
 }
+
+menuentry 'Boot Xen normally' {
+  echo 'Loading Xen ...'
+  multiboot2 /xen placeholder console=tty0 console=ttyS0,115200 dom0_mem=min:512M dom0_mem=max:4096M ucode=scan smt=off gnttab_max_frames=2048 gnttab_max_maptrack_frames=4096 loglvl=all guest_loglvl=all com1=115200,8n1 console=com1 no-real-mode edd=off
+  echo 'Loading Linux ...'
+  module2  /bzImage rootwait root=LABEL=root rootfstype=ext4 console=ttyS0,115200 earlyprintk=serial,ttyS0,115200
+}
+
+menuentry 'Boot Xen with DRTM' {
+  echo 'Enabling slaunch ...'
+  slaunch
+  echo 'Loading ACMs ...'
+  slaunch_module /skl.bin
+  slaunch_module /acm/ADL_SINIT_v1_18_16_20230427_REL_NT_O1.PW_signed.bin
+  slaunch_module /acm/BDW_SINIT_20190708_1.3.2_PW.bin
+  slaunch_module /acm/CFL_SINIT_20221220_PRODUCTION_REL_NT_O1_1.10.1_signed.bin
+  slaunch_module /acm/CML_RKL_S_SINIT_v1.13.33_REL_NT_O1.PW_signed.bin
+  slaunch_module /acm/CML_S_SINIT_1_13_33_REL_NT_O1.PW_signed.bin
+  slaunch_module /acm/CMLSTGP_SINIT_v1_14_46_20220819_REL_NT_O1.PW_signed.bin
+  slaunch_module /acm/RKLS_SINIT_v1_14_46_20220819_REL_NT_O1.PW_signed.bin
+  slaunch_module /acm/SKL_KBL_AML_SINIT_20211019_PRODUCTION_REL_NT_O1_1.10.0.bin
+  slaunch_module /acm/SNB_IVB_SINIT_20190708_PW.bin
+  slaunch_module /acm/TGL_SINIT_v1_14_46_20220819_REL_NT_O1.PW_signed.bin
+  echo 'Loading Xen ...'
+  multiboot2 /xen placeholder console=tty0 console=ttyS0,115200 dom0_mem=min:512M dom0_mem=max:4096M ucode=scan smt=off gnttab_max_frames=2048 gnttab_max_maptrack_frames=4096 loglvl=all guest_loglvl=all com1=115200,8n1 console=com1 no-real-mode edd=off
+  echo 'Loading Linux ...'
+  module2  /bzImage rootwait root=LABEL=root rootfstype=ext4 console=ttyS0,115200 earlyprintk=serial,ttyS0,115200
+}