├── .dockerignore
├── conf
├── keys
│ ├── uefi
│ │ ├── noPK.esl
│ │ ├── noKEK.esl
│ │ ├── DB.cer
│ │ ├── DB.esl
│ │ ├── PK.cer
│ │ ├── PK.esl
│ │ ├── DB.auth
│ │ ├── DBX.auth
│ │ ├── DBX.cer
│ │ ├── DBX.esl
│ │ ├── KEK.auth
│ │ ├── KEK.cer
│ │ ├── KEK.esl
│ │ ├── PK.auth
│ │ ├── noKEK.auth
│ │ ├── noPK.auth
│ │ ├── PKnoauth.auth
│ │ ├── DB.crt
│ │ ├── DBX.crt
│ │ ├── KEK.crt
│ │ ├── PK.crt
│ │ ├── DB.key
│ │ ├── DBX.key
│ │ ├── KEK.key
│ │ └── PK.key
│ ├── cfs
│ │ ├── cfs-dev.pub
│ │ └── cfs-dev.sec
│ ├── tf-a
│ │ └── privkey_ec_prime256v1.pem
│ ├── x509.genkey
│ ├── platform
│ │ └── ti
│ │ │ ├── ti-degenerate-key.pem
│ │ │ └── custMpk.pem
│ ├── dev.crt
│ ├── opteedev.crt
│ ├── spldev.crt
│ ├── ubootdev.crt
│ ├── dev.key
│ ├── spldev.key
│ ├── ubootdev.key
│ ├── opteedev.key
│ ├── x509_modsign.crt
│ └── privkey_modsign.pem
├── update-manifest.conf
├── bblayers-partner.inc
├── bblayers.conf
├── bblayers-base.inc
├── bblayers-bsp.inc
└── local.conf
├── default.xml
├── arduino.xml
├── .github
└── workflows
│ ├── repo-sync.yml
│ ├── portenta-x8-promote.yml
│ ├── portenta-x8-prerelease.yml
│ ├── foundries-promote.yml
│ ├── foundries-target.yml
│ └── foundries-prerelease.yml
├── setup-environment
├── lmp-bsp.xml
├── LICENSE
├── lmp-base.xml
├── entrypoint
├── Dockerfile
├── README.md
└── setup-environment-internal
/.dockerignore:
--------------------------------------------------------------------------------
1 | .git
2 |
--------------------------------------------------------------------------------
/conf/keys/uefi/noPK.esl:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/conf/keys/uefi/noKEK.esl:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/conf/keys/cfs/cfs-dev.pub:
--------------------------------------------------------------------------------
1 | KQwl5q4hQjwQxu+BYfm4GpFkdgdP2qG19KOmuv67xjM=
--------------------------------------------------------------------------------
/conf/update-manifest.conf:
--------------------------------------------------------------------------------
1 | URL=https://github.com/arduino/lmp-manifest
2 | PREFIX=arduino
3 |
--------------------------------------------------------------------------------
/conf/keys/uefi/DB.cer:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arduino/lmp-manifest/HEAD/conf/keys/uefi/DB.cer
--------------------------------------------------------------------------------
/conf/keys/uefi/DB.esl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arduino/lmp-manifest/HEAD/conf/keys/uefi/DB.esl
--------------------------------------------------------------------------------
/conf/keys/uefi/PK.cer:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arduino/lmp-manifest/HEAD/conf/keys/uefi/PK.cer
--------------------------------------------------------------------------------
/conf/keys/uefi/PK.esl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arduino/lmp-manifest/HEAD/conf/keys/uefi/PK.esl
--------------------------------------------------------------------------------
/conf/keys/uefi/DB.auth:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arduino/lmp-manifest/HEAD/conf/keys/uefi/DB.auth
--------------------------------------------------------------------------------
/conf/keys/uefi/DBX.auth:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arduino/lmp-manifest/HEAD/conf/keys/uefi/DBX.auth
--------------------------------------------------------------------------------
/conf/keys/uefi/DBX.cer:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arduino/lmp-manifest/HEAD/conf/keys/uefi/DBX.cer
--------------------------------------------------------------------------------
/conf/keys/uefi/DBX.esl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arduino/lmp-manifest/HEAD/conf/keys/uefi/DBX.esl
--------------------------------------------------------------------------------
/conf/keys/uefi/KEK.auth:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arduino/lmp-manifest/HEAD/conf/keys/uefi/KEK.auth
--------------------------------------------------------------------------------
/conf/keys/uefi/KEK.cer:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arduino/lmp-manifest/HEAD/conf/keys/uefi/KEK.cer
--------------------------------------------------------------------------------
/conf/keys/uefi/KEK.esl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arduino/lmp-manifest/HEAD/conf/keys/uefi/KEK.esl
--------------------------------------------------------------------------------
/conf/keys/uefi/PK.auth:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arduino/lmp-manifest/HEAD/conf/keys/uefi/PK.auth
--------------------------------------------------------------------------------
/conf/keys/uefi/noKEK.auth:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arduino/lmp-manifest/HEAD/conf/keys/uefi/noKEK.auth
--------------------------------------------------------------------------------
/conf/keys/uefi/noPK.auth:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arduino/lmp-manifest/HEAD/conf/keys/uefi/noPK.auth
--------------------------------------------------------------------------------
/conf/keys/uefi/PKnoauth.auth:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arduino/lmp-manifest/HEAD/conf/keys/uefi/PKnoauth.auth
--------------------------------------------------------------------------------
/conf/keys/cfs/cfs-dev.sec:
--------------------------------------------------------------------------------
1 | Ga5I1u55+hH9kNKLFzztqBpKL0uI/IoAOg0jhwAwAWIpDCXmriFCPBDG74Fh+bgakWR2B0/aobX0
2 | o6a6/rvGMw==
3 |
--------------------------------------------------------------------------------
/default.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/conf/keys/tf-a/privkey_ec_prime256v1.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN EC PRIVATE KEY-----
2 | MHcCAQEEILtDgAB+8hu9mCqzmo8fhvAgnK+POB+RQAKwKjNkNCxioAoGCCqGSM49
3 | AwEHoUQDQgAE6YeeMCnAAcP7d1Wr9p6NX5MR1N65Dql72yYCf/BLJT99haQpaqll
4 | qtzqpVYnEjXDPzC3wVXadcyEj7rw2Pp/WA==
5 | -----END EC PRIVATE KEY-----
6 |
--------------------------------------------------------------------------------
/arduino.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
6 |
7 |
11 |
12 |
--------------------------------------------------------------------------------
/conf/bblayers-partner.inc:
--------------------------------------------------------------------------------
1 | # This is a FoundriesFactory Partner bblayers include file.
2 | # The layers meta-arduino-nxp and meta-arduino-lmp are
3 | # FoundriesFactory partner layers.
4 | # Do not remove unless you really know what you are doing.
5 | BASELAYERS += "${OEROOT}/layers/meta-arduino/meta-arduino-nxp"
6 | BASELAYERS += "${OEROOT}/layers/meta-arduino/meta-arduino-lmp"
7 |
--------------------------------------------------------------------------------
/conf/keys/x509.genkey:
--------------------------------------------------------------------------------
1 | [ req ]
2 | default_bits = 4096
3 | distinguished_name = req_distinguished_name
4 | prompt = no
5 | string_mask = utf8only
6 | x509_extensions = myexts
7 |
8 | [ req_distinguished_name ]
9 | #O = Unspecified company
10 | CN = Default insecure development key
11 | #emailAddress = unspecified.user@unspecified.company
12 |
13 | [ myexts ]
14 | basicConstraints=critical,CA:FALSE
15 | keyUsage=digitalSignature
16 | subjectKeyIdentifier=hash
17 | authorityKeyIdentifier=keyid
18 |
--------------------------------------------------------------------------------
/conf/keys/platform/ti/ti-degenerate-key.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN RSA PRIVATE KEY-----
2 | MIIBWwIBAAKBgQDRfrnXQaP0k6vRK/gZ+bDflSU6y1JagGeQ/b+QYuiDz14japog
3 | 8fRSu5WBsAxaSaySAUwS3L9Ppw+hGMecmyIJ494aMfZTtk1g49gU58joduiRnu7e
4 | QSZHMnehhuNlfD7A2tAAKnxIYuabs8zHYM/SS9Ne7t3kIQMbKfUSzNy6qQIBAQIB
5 | AQJBAOelUA376o6w3HkShXfN+shaOZYqFuTJ9exLMwsLp7DZKXB5F9I4JJ+Vkvho
6 | k6QWs7vkhleLSYUZknXHYm26ZE0CQQDnhTtd4PTBoZPjPXOeYMJFtEdMNy0XP6ey
7 | bcce389ugoY7BEkvASrd8PHgJQHziepgWOG4DGp33c64Hfq4zI3NAgEBAgEBAkA0
8 | RbK4uqoLciQluesTPU6lBy7Se3Dw0F9xBqlF5SR4KI6q+zQrHpBKyFOofMHZgizR
9 | iCrL55cxEM146zMw3AnF
10 | -----END RSA PRIVATE KEY-----
11 |
--------------------------------------------------------------------------------
/conf/bblayers.conf:
--------------------------------------------------------------------------------
1 | # LAYER_CONF_VERSION is increased each time build/conf/bblayers.conf
2 | # changes incompatibly
3 | LCONF_VERSION = "7"
4 | OEROOT := "${@os.path.abspath(os.path.dirname(d.getVar('FILE', True)))}/../.."
5 |
6 | BBPATH = "${TOPDIR}"
7 |
8 | BBFILES = ""
9 |
10 | require bblayers-base.inc
11 | require bblayers-bsp.inc
12 |
13 | include bblayers-partner.inc
14 | include bblayers-factory.inc
15 |
16 | BBLAYERS = " \
17 | ${OEROOT}/layers/meta-lmp/meta-lmp-base \
18 | ${BASELAYERS} \
19 | ${BSPLAYERS} \
20 | ${OEROOT}/layers/openembedded-core/meta \
21 | ${OEROOT}/layers/meta-openembedded/meta-multimedia \
22 | "
23 |
--------------------------------------------------------------------------------
/.github/workflows/repo-sync.yml:
--------------------------------------------------------------------------------
1 | name: Sync with foundries repo
2 | on:
3 | push:
4 | branches:
5 | - main
6 | - devel
7 | - next
8 |
9 | jobs:
10 | sync:
11 | if: github.repository == 'arduino/lmp-manifest'
12 | runs-on: ubuntu-latest
13 | steps:
14 |
15 | - name: Checkout source repository
16 | uses: actions/checkout@v4
17 | with:
18 | fetch-depth: 0
19 |
20 | - name: Sync repos
21 | uses: foundriesio/mirror-action@master
22 | with:
23 | REMOTE: "https://source.foundries.io/factories/arduino/lmp-manifest.git"
24 | GIT_ACCESS_TOKEN: ${{ secrets.FOUNDRIES_ACCESS_TOKEN }}
25 | PUSH_ALL_REFS: "false"
26 |
27 |
--------------------------------------------------------------------------------
/conf/bblayers-base.inc:
--------------------------------------------------------------------------------
1 | # These layers are the basic and required layers by LMP
2 | #
3 | # Only change if you really know what you are doing.
4 | #
5 | BASELAYERS = " \
6 | ${OEROOT}/layers/meta-openembedded/meta-oe \
7 | ${OEROOT}/layers/meta-openembedded/meta-networking \
8 | ${OEROOT}/layers/meta-openembedded/meta-filesystems \
9 | ${OEROOT}/layers/meta-openembedded/meta-perl \
10 | ${OEROOT}/layers/meta-openembedded/meta-python \
11 | ${OEROOT}/layers/meta-virtualization \
12 | ${OEROOT}/layers/meta-clang \
13 | ${OEROOT}/layers/meta-updater \
14 | ${OEROOT}/layers/meta-security \
15 | ${OEROOT}/layers/meta-security/meta-tpm \
16 | ${OEROOT}/layers/meta-security/meta-parsec \
17 | ${OEROOT}/layers/meta-security/meta-integrity \
18 | "
19 |
--------------------------------------------------------------------------------
/conf/bblayers-bsp.inc:
--------------------------------------------------------------------------------
1 | # These layers are all the BSP layers supported by default in LMP
2 | #
3 | # If you want to customize the default BSP layers in a factory,
4 | # change bblayers-factory.inc instead.
5 | #
6 | BSPLAYERS = " \
7 | ${OEROOT}/layers/meta-arm/meta-arm \
8 | ${OEROOT}/layers/meta-arm/meta-arm-toolchain \
9 | ${OEROOT}/layers/meta-arm/meta-arm-bsp \
10 | ${OEROOT}/layers/meta-freescale \
11 | ${OEROOT}/layers/meta-freescale-3rdparty \
12 | ${OEROOT}/layers/meta-raspberrypi \
13 | ${OEROOT}/layers/meta-intel \
14 | ${OEROOT}/layers/meta-yocto/meta-yocto-bsp \
15 | ${OEROOT}/layers/meta-tegra \
16 | ${OEROOT}/layers/meta-ti/meta-ti-bsp \
17 | ${OEROOT}/layers/meta-ti/meta-ti-extras \
18 | ${OEROOT}/layers/meta-lmp/meta-lmp-bsp \
19 | "
20 |
--------------------------------------------------------------------------------
/.github/workflows/portenta-x8-promote.yml:
--------------------------------------------------------------------------------
1 | name: Promote Portenta X8 image pre-release
2 |
3 | on:
4 | workflow_dispatch:
5 | inputs:
6 | target-version:
7 | description: 'Target version to promote (default: latest)'
8 | type: string
9 | required: false
10 |
11 | jobs:
12 | GetVersions:
13 | uses: ./.github/workflows/foundries-target.yml
14 | with:
15 | factory: arduino
16 | branch: main
17 | secrets: inherit
18 |
19 | Promote:
20 | needs: GetVersions
21 | uses: ./.github/workflows/foundries-promote.yml
22 | with:
23 | target-version: ${{ inputs.target-version || needs.GetVersions.outputs.bucket-version }}
24 | slack-message: "Portenta X8 target pre-release version ${{ needs.GetVersions.outputs.bucket-version }} has been promoted to production"
25 | secrets: inherit
26 |
--------------------------------------------------------------------------------
/setup-environment:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | # -*- mode: shell-script-mode; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
3 | #
4 | # Copyright (C) 2012-13 O.S. Systems Software LTDA.
5 | # Authored-by: Otavio Salvador
6 | # Adopted to Angstrom: Khem Raj
7 | #
8 | # This program is free software; you can redistribute it and/or modify
9 | # it under the terms of the GNU General Public License version 2 as
10 | # published by the Free Software Foundation.
11 | #
12 | # This program is distributed in the hope that it will be useful,
13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of
14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 | # GNU General Public License for more details.
16 | #
17 | # You should have received a copy of the GNU General Public License along
18 | # with this program; if not, write to the Free Software Foundation, Inc.,
19 | # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
20 | #
21 | . .repo/manifests/setup-environment-internal
22 |
--------------------------------------------------------------------------------
/.github/workflows/portenta-x8-prerelease.yml:
--------------------------------------------------------------------------------
1 | name: Upload Portenta X8 image pre-release
2 |
3 | on:
4 | schedule:
5 | # Runs every hour for testing
6 | - cron: '0 * * * *'
7 |
8 | jobs:
9 | GetVersions:
10 | uses: ./.github/workflows/foundries-target.yml
11 | with:
12 | factory: arduino
13 | branch: main
14 | secrets: inherit
15 |
16 | UploadPreRelease:
17 | needs: [GetVersions]
18 | uses: ./.github/workflows/foundries-prerelease.yml
19 | if: ${{ needs.GetVersions.outputs.factory-version != needs.GetVersions.outputs.bucket-version }}
20 | with:
21 | factory: arduino
22 | branch: main
23 | target-version: ${{ needs.GetVersions.outputs.factory-version }}
24 | artifacts: "portenta-x8-mfgtools/artifacts/mfgtool-files-portenta-x8.tar.gz,portenta-x8/artifacts/imx-boot-portenta-x8,portenta-x8/artifacts/u-boot-portenta-x8.itb,portenta-x8/artifacts/sit-portenta-x8.bin,assemble-system-image/artifacts/main/lmp-factory-image-portenta-x8.wic.gz"
25 | slack-message: Portenta X8 target version ${{ needs.GetVersions.outputs.factory-version }} is available for testing
26 | secrets: inherit
27 |
--------------------------------------------------------------------------------
/conf/keys/uefi/DB.crt:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIIDCTCCAfGgAwIBAgIUDh15JGayUkIizK5YwdXXQxwhXRAwDQYJKoZIhvcNAQEL
3 | BQAwFDESMBAGA1UEAwwJQ3VzdG9tIERCMB4XDTI0MDkwMzA2NTA0OVoXDTM0MDkw
4 | MTA2NTA0OVowFDESMBAGA1UEAwwJQ3VzdG9tIERCMIIBIjANBgkqhkiG9w0BAQEF
5 | AAOCAQ8AMIIBCgKCAQEAxKhYcB/rVU6bc7B/qbC5UU8ZSK2ckHWJZn79DXDACExJ
6 | U8u2A22kKyQrhFmVHVPUnKQ13e49MuZvdwemxYFbmlhBjd2HN/IsM+v7X2Z/9Vdq
7 | pY0yqcnTfQJsoE87kdWJG692MDHZr1Md7gdFgY2j3ec2hQboD49uwMOf4rq8k2Em
8 | 5UJU3BYjuwwbqrBh4gYFxsQjZQrf5Ls6HdU78wEd1cD9b9JAqlSE8VI3XdOZrnHn
9 | wXBBBN8ZGEi8MyxgtKjmf2z+hN5JElsfRDqxdSzosl5l2tXbYq+tjTlqBRkEJAS7
10 | W+hCjSsf99P3fYmxqFeX6ES8yTqRilHLln50iBMTKQIDAQABo1MwUTAdBgNVHQ4E
11 | FgQURWZfZO7gBe1JByhRJDkzDApviW0wHwYDVR0jBBgwFoAURWZfZO7gBe1JByhR
12 | JDkzDApviW0wDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAIVCu
13 | L+6iNsnI1RDoYH/LHZqSDt6glS50KsxPyhZL39Qsbm73jzajz0k+Tr4AmNKfF5W/
14 | cjH3A+lz98hGDGqrCPU4ucsLQsT1SKDIeGKnewQe9wmNK9agIW7EQyhS9R6qY9eR
15 | kuXdCRp4QRz0f3Mn5uRvWyBgIuPsJnliSO6qvUjAt1mRQbLeUuwz1JVqCekWza30
16 | b2/l2Gasiwv13r37qeHvxRyV6FrRDDjQkC4w+dN/3ZWxuO7sW+eKHNr2fgJm48W5
17 | ZQShbK81OYab48sdfuTVOkM2VQ7Z68h7MVr1zc2JNfA83m2Qo/Tpp9kK6kdf0hIt
18 | D768akIEmlB9/8ibDw==
19 | -----END CERTIFICATE-----
20 |
--------------------------------------------------------------------------------
/conf/keys/uefi/DBX.crt:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIIDCzCCAfOgAwIBAgIUSUrm534F2apEO/dAOddr3ITR6WIwDQYJKoZIhvcNAQEL
3 | BQAwFTETMBEGA1UEAwwKQ3VzdG9tIERCWDAeFw0yNDA5MDMwNjUwNDlaFw0zNDA5
4 | MDEwNjUwNDlaMBUxEzARBgNVBAMMCkN1c3RvbSBEQlgwggEiMA0GCSqGSIb3DQEB
5 | AQUAA4IBDwAwggEKAoIBAQDUbon/3FNyQEnfIl6UovreQtUbumtRrSJPJeqBZoFc
6 | 13vYdFdHVBSFUKRX6LwduMDnj6Zvjpg3g/K5mp5H8SYv/RvRLMSwNcx7ZcG+1Bsx
7 | XEqoyMQ4zHyKmUDbI8hn1ozFlE/kXGxt5pm9135Cj1o0l70p+osWoooFdYHPD7su
8 | FJtaz6E47Sek+uRtzjBELCH9go/RwEooYcNomoiTJ5z10nqW3jQhJbJ0t5+mdEYn
9 | r/9d3V3pkZYdi8KicVZOMWdjrncVT2sdrSQdXVBF+8hZ/BzLBczgbfxOPhA64Q0/
10 | M5Yg8t0NzV1T2cJWkju8dK2xv89XjOgq4KhBjwcB1g7rAgMBAAGjUzBRMB0GA1Ud
11 | DgQWBBQ0GIwYPsWzcYSEaGTr9xQH2uV29jAfBgNVHSMEGDAWgBQ0GIwYPsWzcYSE
12 | aGTr9xQH2uV29jAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBq
13 | 08ucmbt6Fm+p5h1i5OOH0gqGygwCn8pPRNr3JY1FAewLMu9RuobYG9NmmCLiZ1B+
14 | 0kgSQzR8CSih695b0XGQ1Ojw3reodVxeSHno6x/IR/4N4V26llHPedrBwxFgs+lD
15 | fibnhT85zA+4+4n0N+WKFr+/TMr7TZGqTUR6ciMMRPl2DnNCZPdsX5cf0o9L2d6y
16 | K21FUcLQsxyUI1ksWdNuQLzLEYcnz+/DZozM/HiBPzLhtnCoIw+uaSClCJzZIpUH
17 | B6SH5SHdbqu4j0oAhbc3ijalkNf9qB0pJHVZ+XrsRIP3FIZrl6BWOcUVRVnxA9m7
18 | +shNQGBeJz44Eutvmn2k
19 | -----END CERTIFICATE-----
20 |
--------------------------------------------------------------------------------
/conf/keys/uefi/KEK.crt:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIIDCzCCAfOgAwIBAgIUTaXqVPLcibzgUdO0L0auZE2CAXwwDQYJKoZIhvcNAQEL
3 | BQAwFTETMBEGA1UEAwwKQ3VzdG9tIEtFSzAeFw0yNDA5MDMwNjUwNDhaFw0zNDA5
4 | MDEwNjUwNDhaMBUxEzARBgNVBAMMCkN1c3RvbSBLRUswggEiMA0GCSqGSIb3DQEB
5 | AQUAA4IBDwAwggEKAoIBAQC+hH5jgzEvazq0c6qZXjCIPq6pjZqBr222ytOkNtq7
6 | x/6fHeCFmXieDKQRBz9MJs8HsG3N/j3J+pRuXAliopdECIyTGMVdhIhFbElIsZET
7 | Z+tINl21ekp6v6ZVEpifWRT4TcElkNv1G+Jf0s3ICF0W39+vPmPqwBRc3zwwH/Kq
8 | 87mtmI20K7t7div7NY9O0MeqOzZJVOB5Rauvs6hJDn9hqQx+jLQiyP9aMFjgZLAk
9 | SopGPyZinxkw2DsG0RB5nUQE++r3CS0DeJx3u2ctHdAGyJb0N79IfVq+DYoRtJxV
10 | abcIGRvvQ9cdS6srFyO4oFrd48UlK6LHAgUoV4w2JJRTAgMBAAGjUzBRMB0GA1Ud
11 | DgQWBBTL/HMpv0AclRRly43lEpeLVSllGzAfBgNVHSMEGDAWgBTL/HMpv0AclRRl
12 | y43lEpeLVSllGzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCb
13 | D561n1TLeODmzmoGtDQRRm/fsqYYBhi8uKcaORzwvLuAZHChCtQLn69en1E4rQ+H
14 | ER/F34RPkxWkTAcQWOp4jzMvYX53ohXWB7+YOQXW0Vv0/+4MDRCrCUNec7N2veXK
15 | Wld68BQEPB1jF0kggvm2K6oM7k+MHoylorPKEdYsqK4jjWfmmo99Ra+Z6h78tcYo
16 | FrGKK3qE6u8b6pn7j02l7PW21HmRtKJyZewlrcU9N+I2dZfMPimC2ZIjCc7ws2GK
17 | NpaSBi1mboNTmuhv8K8LCrLlUNQ7Rq50dU4vIphtxxwhGymHwcuYbSr1QJYppAGR
18 | fmzyVd+ZVxK3vXyX5uUj
19 | -----END CERTIFICATE-----
20 |
--------------------------------------------------------------------------------
/conf/keys/uefi/PK.crt:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIIDCTCCAfGgAwIBAgIUEnwCtt75Xr2eGTq+Vb3LCQspdwkwDQYJKoZIhvcNAQEL
3 | BQAwFDESMBAGA1UEAwwJQ3VzdG9tIFBLMB4XDTI0MDkwMzA2NTA0OFoXDTM0MDkw
4 | MTA2NTA0OFowFDESMBAGA1UEAwwJQ3VzdG9tIFBLMIIBIjANBgkqhkiG9w0BAQEF
5 | AAOCAQ8AMIIBCgKCAQEA0H6KbJprqQtGCHDziZAYdmQus3U0lH4UhqyH/wUDEUUy
6 | ivfFvxWN5OYrl8sjNhRaBRucVzCg3Yp60itpwFwQMfT1eYiYoNf+qyB6Yj/P9atC
7 | TG49GBApOmhHpdcHUGLyohv5A+QepI5ilJjseXFnTWNcnBySBC/svuOGGpEXFqtz
8 | ER2hcY1c9l7NfqrYGHYwkw/DgLlVxWOV3yK3uZZlvWiKLbSbfRhqq984O147x8ud
9 | rtacAWCXrzp7w0jRlkMMHJnvJ7acwpc3IWy7j5IcAgiosjv8kPJBZFxgxk0GjReu
10 | 8B2PKWF7fi4AjhxBKnOECeOsZoI2Wxa1zkAf4f0BtwIDAQABo1MwUTAdBgNVHQ4E
11 | FgQUxdmPQlKxjU2NwTWXK/05tCfYImAwHwYDVR0jBBgwFoAUxdmPQlKxjU2NwTWX
12 | K/05tCfYImAwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAOLRS
13 | m5XyJ0/PbEPi++YAceimG4nUHOhcVp8XrAvmVAuPnKme4u1J7g3zr/T+TLp4N9W0
14 | bSyR/VpWe7GqFn47g4naxt+b6BeHBeAmdpTl+qTac+QPjr51XwOu16hgKcVD2UVO
15 | yU0xiiBjcXZmyqpP6b1mT8AzChwmVW0hlz1QlkGh2jFP+0NpJeltaeWX5hDnz7aj
16 | UALMe+qIwDn1QUQAmPFwvzeG19uE1AByXoIZDsvhbhDKa+T81+DZ2PvE0rr/DvlZ
17 | 2Yvv1FSEhM3Pie5lcaGvVrPnB9XLNGHxNlguyictL2rdxZ5uN9qhFvIlx0FnE3ky
18 | YCjVjWRnZ4NVXwCqcw==
19 | -----END CERTIFICATE-----
20 |
--------------------------------------------------------------------------------
/lmp-bsp.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
--------------------------------------------------------------------------------
/conf/keys/dev.crt:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIIDazCCAlOgAwIBAgIUDPofWWHAQ0P/RzawuKpnqY4S86wwDQYJKoZIhvcNAQEL
3 | BQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
4 | GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0xOTA4MTUyMzEzMjJaFw0xOTA5
5 | MTQyMzEzMjJaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw
6 | HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3DQEB
7 | AQUAA4IBDwAwggEKAoIBAQDcuvnwFxUr5DjW83Tl2QmHtFGfWnsLCuJIeJQwzVSs
8 | UD9qDBcf6RBGjavgCahsLkUXbBsjBt1MEbU2uxskY7O9w5a0Wvqi0bwHduYQ7b6s
9 | s5hGa8GZlKFhCZUb8dbU48rRfQaawffK1IhixycYXf04dfvnjY8Wa5z2SMSHI/hZ
10 | rWjGaPq1cFP+XEJN8owvI3aF0ODezXAvG0z5fsggmjuu4O1M1RJV4voszcSGbey1
11 | 2GNvEZhroO9M04HmJkjN5AQzMm+kgltvryXQqCk6QDz8VKfEOXs0BgHOdU97ncX2
12 | EENh8/kS1xoMenwjZ8F64YYhaNdmhVXebdrc5UNNi1R/AgMBAAGjUzBRMB0GA1Ud
13 | DgQWBBShNOok0QTvIulhhzxDIhGgxpPPrDAfBgNVHSMEGDAWgBShNOok0QTvIulh
14 | hzxDIhGgxpPPrDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBL
15 | hUI7euyzlpF2tMLaNYbMb0Zdna3xkUO5kIPKznsJIv8HL6Ho7AMzeAYA9N9BABnC
16 | QC59fBDopIIDjwykqkW1vMEehWCwRlRpvdknnY3hLlNuLruw1eUcA06xswWbAmbs
17 | K4fpEpJJ/1KsF/0M0LfoKxC0yWRNTbnPPFpUrZdX2/9mkDUA30iNvYgmqzVnJmk3
18 | rxKXOxXZed81+dmZcu+3xdnSA9COQbXGtosCvR/mNKki6PB2kyMFO20apAw/T7jc
19 | jtc23nbApH26xEz4FL7bjQx9hhlMzyMCXZvYvWd6SgxO4pkt7NAFxElXRxc/VWtg
20 | 5Ai8yN/RUwsRB5JWWDdz
21 | -----END CERTIFICATE-----
22 |
--------------------------------------------------------------------------------
/conf/keys/opteedev.crt:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIIDazCCAlOgAwIBAgIUMyJN5xfF8F3+K6DQDSAS320JZEswDQYJKoZIhvcNAQEL
3 | BQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
4 | GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yMTA2MTcxODM1MzFaFw0yMTA3
5 | MTcxODM1MzFaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw
6 | HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3DQEB
7 | AQUAA4IBDwAwggEKAoIBAQDs9PL5l6OU8ldHx4ph/tbqDJLXue5XJd6L5f7sgvz1
8 | w9Q4nV1NdcY0GB/xKRZazby2hhF3SPR/Nyr1iHgX83cn3WPDuoaMt0XZAEst+M+N
9 | RYra+9Qq3/1We0CURlt0ZakvE97u4ci8LR/hVwCnIebHWVrgUXuNG7DgJQRq7rBk
10 | VOyfaCqZWmC0/de11zy+2BTSlqOiC6Ddnfitsl9mJQqO0spLFnWBq9lgvac1PFxy
11 | 1mmMpSmR1XddIteXACeJnBnoEG8ZWP3DPk2HNOJ6IsApawcuKJyIyF/6mX0utHjl
12 | b1n6/Zg5EyxJZ8311cHaGPuAKOJNwDh1tsMpSN9oi1/tAgMBAAGjUzBRMB0GA1Ud
13 | DgQWBBRfgG1HWRSVJ25Mtlbnfqb031hW4TAfBgNVHSMEGDAWgBRfgG1HWRSVJ25M
14 | tlbnfqb031hW4TAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAG
15 | Xbiyfv7BHMngV7frM3vYXLvAA6HTZqm85OnfrAoARy58GdOsLeJdOemzeJ5STDnX
16 | XspeSA/QuH00dO++dueKrbRTjwSKLEi9TU8uZ/Y3+veXjePgWRHyQcSiUwc2xHnP
17 | WX93B/6iR93/rlONTQEt5ZbD6NjeO3m2rBgD3SeInngp8+I1cLvOBmxNjdvyhWZr
18 | 7jjC210VQ41tPIxXntVdwr2gg4FlROK2MAulB1R7KKHi8Ipw0PZd/STA5n2WUn3p
19 | niKEtyN5Y5fAP0QIz+h0f3yBlz7zE93g64Rmwqzx4SBt0GC88KewZvc4M6SMiuSh
20 | +94qxLzADYaCyAcuAdFj
21 | -----END CERTIFICATE-----
22 |
--------------------------------------------------------------------------------
/conf/keys/spldev.crt:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIIDazCCAlOgAwIBAgIUM9mj6Oaw25geoFYSMa4U0sE8zlIwDQYJKoZIhvcNAQEL
3 | BQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
4 | GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yMjAyMTUxNzMzNDRaFw0yMjAz
5 | MTcxNzMzNDRaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw
6 | HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3DQEB
7 | AQUAA4IBDwAwggEKAoIBAQCfS8z4NRH577Uhzuc50gn0nL4HmA4oaNqOxw78ptpb
8 | nQkarHXnhDrueMqL7ukbYHq9ZuoDQ5fnLujKFyS1Ko/aDfwC3mft2Wyg3uHw5nDT
9 | zXyStcGuHtV/qPoQFOBkbuxNyztyAqJTJzJTFuKOy5+4AQHmGUlvDGErNIr2M4Uo
10 | ccxgY40hRnl7mDf0kDeXH4mQigZujpp8qq4+kCD+OPI2BTXrefVRV9L9OfsBtmrm
11 | N27VQFQ3R65Q20gSuGXxwmYO4X+ELFkZTIj/VYdTXiNPbAsSDBUA5G3cDYv4S46B
12 | /ZIUQo+WXpuBkFKubGwIqL0+wf1LIN5/ZGbI8A+1K5O5AgMBAAGjUzBRMB0GA1Ud
13 | DgQWBBSR45b28VjctaVXTBkXiXUPxr72UjAfBgNVHSMEGDAWgBSR45b28VjctaVX
14 | TBkXiXUPxr72UjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAl
15 | Cdhdy1R+EY4oQoRt+yAIynXi2N3AfRzOKwfwoTqGVMcybiaeiIIAMPcGyHACo099
16 | AW1D/MNWCl43cP8Px1KZGzED6qc0yL6dKkF54+a/71Gu8V040N0lVjO9G6vxFu2Y
17 | O/k7x5BbwhEcEoQ1ZRqBbt6dODMrlP5juCw0AJ40j7tJot5EHImXM5Inhq4cWZDw
18 | auHdD02Qe7KK2H3TYO68UjGKf7UoL6sYYc3bs2Pvmn9rJfhlY9BSsck9QQSB9Y8a
19 | lLhU61ocNIDQQuVpk7jEhGFrIeQOmL4cVngpUcPix6djZiSx7QPMCUtQj8Xtbvb7
20 | /QAMpEnsN55BX/1NO+zQ
21 | -----END CERTIFICATE-----
22 |
--------------------------------------------------------------------------------
/conf/keys/ubootdev.crt:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIIDazCCAlOgAwIBAgIUAR2w7SNt/Fd5QCgUoGOU0IIWKjAwDQYJKoZIhvcNAQEL
3 | BQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
4 | GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yMTA2MTcxODM1MzNaFw0yMTA3
5 | MTcxODM1MzNaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw
6 | HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3DQEB
7 | AQUAA4IBDwAwggEKAoIBAQC9DR72tRmHGM/8sOwRaDtEOrG/5TLR0B6ySoyjaXmL
8 | 9ShDhYdmEfcZuDa/E1w240Gp9VMFjNjUAcJw5ocBkcHfzs9v35QVYv491PPGzAON
9 | 7Ob/cmNkMJmQKUVf++AgvxbwDlxXFZwvNEX8ZGrfPTwqtRaSY3b5zJV0+3zkrsvP
10 | xGX98rPYBb1joV4sFFV5qxRpBj6GPpHU0zRg7r5EpoXYfP+0/3xiyRsrWKDs/X4U
11 | 4TRHLevPbcvSR8t5cZj9r945I3a8Fbjyegwe3xOgTae96jIh6+vP+HJPNWjCW9YR
12 | wees3QhX/572asMD3xkMXoofNgV8mZw+TQVKvhg2VBYzAgMBAAGjUzBRMB0GA1Ud
13 | DgQWBBQWlpg8NW3EZdPOpvOUceVMFyCXETAfBgNVHSMEGDAWgBQWlpg8NW3EZdPO
14 | pvOUceVMFyCXETAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBy
15 | i3q+mL6Gz4/h015Zx0Ez1Kt4JU9mcapSde63l0AIJ6VNsYIuxlSStTMNDyQwICUj
16 | wUuZC9qEO6mzq81NK+xhvbpXAMBsWHfzViUp3A/79QJX2vAJD+4lehBEkohVEdWp
17 | vjQSuhPQQJX2yxHEcw1S0FVMkpoV9gBrdkFQIv17rgGBUsjtGasNLVmHliyhi5Kw
18 | cBKbviWU91tYyRrv76EHP3bdPfbjC8H/HHYaPF/uaq/Xlpln8UCVUgS1gllymWV8
19 | Ll7CGMNV2GDOIzjJS9QPwmD6uGw8YliOteO6OSYKS3yN3j5rSndZsfWwEWxbdEEA
20 | HASVb8Jn8A14dislU6hP
21 | -----END CERTIFICATE-----
22 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | Portions of this software related to the Linux microPlatform were
2 | originally released under the following license.
3 |
4 | ----------------------------------------------------------------------
5 |
6 | The MIT License (MIT)
7 |
8 | Copyright (c) 2013 Khem Raj
9 |
10 | Permission is hereby granted, free of charge, to any person obtaining a copy of
11 | this software and associated documentation files (the "Software"), to deal in
12 | the Software without restriction, including without limitation the rights to
13 | use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
14 | the Software, and to permit persons to whom the Software is furnished to do so,
15 | subject to the following conditions:
16 |
17 | The above copyright notice and this permission notice shall be included in all
18 | copies or substantial portions of the Software.
19 |
20 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
21 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
22 | FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
23 | COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
24 | IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
25 | CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
26 |
--------------------------------------------------------------------------------
/lmp-base.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
--------------------------------------------------------------------------------
/entrypoint:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 |
3 | : '
4 | MIT License
5 |
6 | Copyright (c) 2022 Foundries.io
7 |
8 | Permission is hereby granted, free of charge, to any person obtaining a copy
9 | of this software and associated documentation files (the "Software"), to deal
10 | in the Software without restriction, including without limitation the rights
11 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12 | copies of the Software, and to permit persons to whom the Software is
13 | furnished to do so, subject to the following conditions:
14 |
15 | The above copyright notice and this permission notice shall be included in all
16 | copies or substantial portions of the Software.
17 |
18 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
21 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
24 | SOFTWARE.
25 | '
26 |
27 | set -e
28 | set -u
29 |
30 | : "${UID:=0}"
31 | : "${GID:=${UID}}"
32 |
33 | if [ "$#" = 0 ]; then
34 | set -- "$(command -v bash 2>/dev/null || command -v sh)" -l
35 | fi
36 |
37 | if [ "$UID" != 0 ]; then
38 | usermod -u "$UID" "@@DOCKER_USER@@" 2>/dev/null && {
39 | groupmod -g "$GID" "@@DOCKER_USER@@" 2>/dev/null ||
40 | usermod -a -G "$GID" "@@DOCKER_USER@@"
41 | }
42 | set -- gosu "${UID}:${GID}" "${@}"
43 | fi
44 |
45 | exec "$@"
46 |
--------------------------------------------------------------------------------
/conf/keys/dev.key:
--------------------------------------------------------------------------------
1 | -----BEGIN PRIVATE KEY-----
2 | MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDcuvnwFxUr5DjW
3 | 83Tl2QmHtFGfWnsLCuJIeJQwzVSsUD9qDBcf6RBGjavgCahsLkUXbBsjBt1MEbU2
4 | uxskY7O9w5a0Wvqi0bwHduYQ7b6ss5hGa8GZlKFhCZUb8dbU48rRfQaawffK1Ihi
5 | xycYXf04dfvnjY8Wa5z2SMSHI/hZrWjGaPq1cFP+XEJN8owvI3aF0ODezXAvG0z5
6 | fsggmjuu4O1M1RJV4voszcSGbey12GNvEZhroO9M04HmJkjN5AQzMm+kgltvryXQ
7 | qCk6QDz8VKfEOXs0BgHOdU97ncX2EENh8/kS1xoMenwjZ8F64YYhaNdmhVXebdrc
8 | 5UNNi1R/AgMBAAECggEBAJASGoDzEAaN9+uVDH/ZobbJo1z3mcgjWn8i9NbFrrap
9 | yjpVmeJiJRVn8v9QTnYN3VrkXPIH0PmNtVH73kNqMC90MjGWEHGlo6zbll8GTqY6
10 | svGD8+FiedL0hjavKyHZbNA/YsgwQqRJBJw0kPf+oQDxQXJpmzNvGgxGgsASYk9l
11 | Adyk9GI4ugS4lSoCJRSJYwgqhzgcoyZq6gNS+8T+wETnzn9tfo2fUuSd7SKNW1sW
12 | gFoMbVpz9tUkNFhmkZDgN33yu1vmQ1oxXneF0kJxHEHDV16tmo9ky6tZouZN3qjW
13 | Poc0yjP0PplloZt3WBaSe7GmUaEe71oamkfbgvT4lIECgYEA8V1bA7azocVjBM9X
14 | QBOk73lDFGb3sTTNAgikeGA4kLiE10psIU17ZFRR4ljYip3DdF6svR2YakT+cFKW
15 | acd56NRdIed6EHRuo9SAAofDSBy5i4AU2C3TydLV2l97kt6iKrstzcXGWDlQ3LUW
16 | rLrA7BgM48VvVDcsC7tKzpDzN0cCgYEA6h1R2USnv5h5KDi1uySNX0DyP72qNLzX
17 | yzb2kIeVfMlnB44Xj+tCkrXEmUIPYxjJ7/htPR/3qL2OcNMgKWHA9EQCNGtkUUxs
18 | dIawKPIlD8Nol9NQfCpxcj+sNAuD+7SIuEoo1fqtikDfQFcK62Wfs9FUp5p5u2k+
19 | hvcmPazGBQkCgYEAqWmNaJ3kl7ekOMwPwboIGs5Sdw+O66LUAoluZ8+h5HKfSz3B
20 | h96KrXFByE30L9dsSVHqjRMo1+51aQGO8dBBkVr9w75lvwb6YaPV9fC08Pi4g2Hz
21 | P4lrDk4eLJi4c+4whS28iKI5BdO1HjU9JSAwKYb4BSefbM0M7W8YosS68iECgYEA
22 | vIzslJ20tJxqR7iUtKpVqbe24xsv79V/vsz/e5uXC69xaSZJV8HUFjCKrBwGJHuc
23 | d8aOxEHwxlgUVk3Tg0CVlKUJWYp8evWgC6FGU1PiAXYR0OWB1t6gC7G4URpNK/VU
24 | f4hKpzuDdOuWYk04ICnym3ImSe4hyIyUrUJz7AwwV3ECgYBEXrnkgaSW8D/2vuq5
25 | 6p2R0c0Bm08sqWylaFavWbCrFmo58aYsTUaSakEHhV29E4qCqKPLSUQ3ADEcJex+
26 | 7DmXSzPFnpqxGu2WKg++qhODbdhSdXpDn0+gLgfzf5Ui9TXZnDjd/II6PgfBx6eX
27 | mg7z3IqWvYSJFok7V3UkQMFY3g==
28 | -----END PRIVATE KEY-----
29 |
--------------------------------------------------------------------------------
/conf/keys/spldev.key:
--------------------------------------------------------------------------------
1 | -----BEGIN PRIVATE KEY-----
2 | MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCfS8z4NRH577Uh
3 | zuc50gn0nL4HmA4oaNqOxw78ptpbnQkarHXnhDrueMqL7ukbYHq9ZuoDQ5fnLujK
4 | FyS1Ko/aDfwC3mft2Wyg3uHw5nDTzXyStcGuHtV/qPoQFOBkbuxNyztyAqJTJzJT
5 | FuKOy5+4AQHmGUlvDGErNIr2M4UoccxgY40hRnl7mDf0kDeXH4mQigZujpp8qq4+
6 | kCD+OPI2BTXrefVRV9L9OfsBtmrmN27VQFQ3R65Q20gSuGXxwmYO4X+ELFkZTIj/
7 | VYdTXiNPbAsSDBUA5G3cDYv4S46B/ZIUQo+WXpuBkFKubGwIqL0+wf1LIN5/ZGbI
8 | 8A+1K5O5AgMBAAECggEAHWBnPmbbF9Ki/scfUURw3ZGCYfgitEUR+T6wfttubXK6
9 | WRbw728tRwkzoTa/+nKCcCdohI2Ul+fIumwmMtrUiIwHq6fEVtK/+7LezARTTlwY
10 | 2x11yFybVt2csBaJgzwJjBcssUvXD6qs1zHjOh5HKDHXXc3QAxCvYr5f2iOKLPj1
11 | EjkP3iBLoe0eYTNcjQPKP4jZyFJawy26eJU9vr5KQB60+T/9IKPedzqG7qp12AtB
12 | LKWhaTRtiDCH9hmycVKrC1VGCM/vFwwLf+vUuRBerfbm307DiUJORfPovNvNlIp/
13 | S/gCOUJibMD9ETVVT5pcgeHbh0scRcS756EsfQyIAQKBgQDKd5JSVDyfdMOimvEf
14 | MUjIyj8/FxXAQ2/9rRAtxNleyO8UVxZemwOsb5Ug1i/1hBAhsyis3yZDR9gTsJWe
15 | oKmAP21GWTdWbtHjl1+qq/WJUoXawzNgXKNQu7tcori+34nKjXaXYwb0diojskii
16 | NPEf2armQP8LUi/9TuvR+Bc1OQKBgQDJahtHRdq/wcNAG9yRwpB9AgsJZzptvduM
17 | uPz/uLdJ6uJs0T6OLxWvG8saSE14Ky9zmdXyhWCxYx4PQopNaqk4i5++Wv9ZXMLd
18 | Ema0F/GxnpDEXMqqY6duNCShRk+y3N6JqqaPEijDZ1bk7hvwsky7AGKtnatNYBqT
19 | 1P1VX1nSgQKBgQCGoYoX2tHRCnjImJU7s679bZcu4a/iADXpDnqSpLISWDS6ZsqG
20 | MDf6ItycUDDl5mI/tn2WrnAoDw780NA9AgKUOBj2zX6BqAFDgLXprJ0CKnC9rk1s
21 | h01F8v+8sqt8qPJcUUMJmZzXU/fjcrrfuaqZDkmZAKFXqtgkbaVcIsdz6QKBgQCr
22 | 3Jc0JL34G6ywGlYGJf/GOyURu/yWQYeCNyLiTUpQj1TvR0haaIDXLx8J6SH5ZNgT
23 | ivONAhQ0qH+ww7VhQ57rOfBvrBPwu38mxhnOmBPK3KNoekkQRQJLvcB3wJgm5eIZ
24 | k/yVXghcW+RAaZB7vJhOhJCu1jeiSVvEQtx7qWXqgQKBgDeSt1+u0SMhjNg/f5az
25 | tzOEA93uRY+pUnzDgRVHaGrpEPeS1xYjpyX+YR525/b3wftf//+txJLPRPW45CUY
26 | 0o9cfWM8yLznGIVioI9GQBzPckn9+bBvUVg9GKY/5fAqURc60aemN8SSQSY3KROk
27 | I9sNnDbAYblD0G/x/yn+QKdQ
28 | -----END PRIVATE KEY-----
29 |
--------------------------------------------------------------------------------
/conf/keys/ubootdev.key:
--------------------------------------------------------------------------------
1 | -----BEGIN PRIVATE KEY-----
2 | MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC9DR72tRmHGM/8
3 | sOwRaDtEOrG/5TLR0B6ySoyjaXmL9ShDhYdmEfcZuDa/E1w240Gp9VMFjNjUAcJw
4 | 5ocBkcHfzs9v35QVYv491PPGzAON7Ob/cmNkMJmQKUVf++AgvxbwDlxXFZwvNEX8
5 | ZGrfPTwqtRaSY3b5zJV0+3zkrsvPxGX98rPYBb1joV4sFFV5qxRpBj6GPpHU0zRg
6 | 7r5EpoXYfP+0/3xiyRsrWKDs/X4U4TRHLevPbcvSR8t5cZj9r945I3a8Fbjyegwe
7 | 3xOgTae96jIh6+vP+HJPNWjCW9YRwees3QhX/572asMD3xkMXoofNgV8mZw+TQVK
8 | vhg2VBYzAgMBAAECggEABlH8+gR98P1MXsdPbRmN+a74qFCyTT9m91D0uLXbAWnV
9 | ycQaDbiGCU8WTXcJOzCHznXMK8BUs2nHpVyfoNbNo3zXhIb1/W0M0OZgrAHAEKud
10 | 4WZimkPhrmci0Z2rFY0t6CKixaqMSSu3N0PoKsRyUX8yXPyESr+jM4EA4OhTGgQJ
11 | JGXfc+k/yDxdYqS/nyDpwPCzcCGfxxpVmNF6ENOgZyuCiOgvz2ale57EGAA9zq+S
12 | 7ny9uYsK3oHaWNPAJupIUXw4yADQ348F6upzX96ot3m2epgprPQ3SZ1eTUbb9Cjo
13 | KxU54qvVxxv59mr4/b6DtPb1zQPFN53rHkV6uE54aQKBgQDpn2quQkibmShfoem5
14 | b6K+wieJ123dZPxxua14XXgto+QxZRDI4mqQCXboTGlVXd3OzkzmJ9uTSKsgnWph
15 | bmI9pf0QRDEJwT7qpFQFFktPvafvgPZtQ76qq6MkMf0J5NhBKF8Gry8p0Rtkad+S
16 | erljD4cFK+dCjeYaWlIixvv3ZQKBgQDPKMhNWdV4jC3K5Q23+owHYpTRVCOOYN69
17 | nH82ccqI88KNiIQstuGJWTxOj/K00QY+ylsYyIw2uH95WyP2ZrVa9t6g3OQ7Pdyq
18 | xlSTHe0+ZaCOijd6cdUIvVEUd3bXChw0XU3fFhgHcB4N0WN+ijmbB20/Lc+mho6O
19 | 2IQlXXH5twKBgQDArKttIFmFimETzhNWzk0oijPVqQiBCSJyILKCjIPrEDnIyxN2
20 | udUtCcE5gJt2vj2Kq/Yb809SPyJzeaAczs7TDSyS18qhwvDCz9hDgcmG8GGqU2/p
21 | WW/MjlW0Kk4IdOYthsAoYR7CnCS9QdwTkIeIvWubxkOqTiEyJr+K0xVHSQKBgDy4
22 | zY2uyV3eaQXSAiVtcWIwyUJakVmIl4Gov7krvZxLJznpTCT3LkDeQUkd9Jx/sH7z
23 | PaSUFFVt2x+tUWtGS95wAm3Qka2zwlzkaaH94a6qh1eAuCZR+4nmRD/ljJYXxpCq
24 | 0MqVZVG40XZna+yJg70nfiRIv1cmld7VJFb3fxMdAoGAK61o7+7DLEU5aPLDThn2
25 | 4kWsXb7e5gFmu6R9NzV6hCbqCTMUsjbnevrm7mqRk/3rr61WkMi5zIszA0SgcxfN
26 | QglXNTWs5hjeoSpWudMCExVDW7EIN6QINwax5uSGU+/nU+f6cEsUJOtfXe+EzWjI
27 | HWkpiosMZJT3aQwPKSqzeU4=
28 | -----END PRIVATE KEY-----
29 |
--------------------------------------------------------------------------------
/conf/keys/uefi/DB.key:
--------------------------------------------------------------------------------
1 | -----BEGIN PRIVATE KEY-----
2 | MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDEqFhwH+tVTptz
3 | sH+psLlRTxlIrZyQdYlmfv0NcMAITElTy7YDbaQrJCuEWZUdU9ScpDXd7j0y5m93
4 | B6bFgVuaWEGN3Yc38iwz6/tfZn/1V2qljTKpydN9AmygTzuR1Ykbr3YwMdmvUx3u
5 | B0WBjaPd5zaFBugPj27Aw5/iuryTYSblQlTcFiO7DBuqsGHiBgXGxCNlCt/kuzod
6 | 1TvzAR3VwP1v0kCqVITxUjdd05mucefBcEEE3xkYSLwzLGC0qOZ/bP6E3kkSWx9E
7 | OrF1LOiyXmXa1dtir62NOWoFGQQkBLtb6EKNKx/30/d9ibGoV5foRLzJOpGKUcuW
8 | fnSIExMpAgMBAAECggEADFwLtd1Nsi527ugPd/PdS8bJvyN5KOuYK3bM8uasjQD1
9 | ZVSy32eJRzRWX1KtgFq7zK313Dk8Q6oPpJaYpMZW4l4MXa0H8exQmqFIysPDhED+
10 | mQHFJr5iYjOQLemY4/ccjz7BcfE6Hg6eXY67r7MeEsTUrHrlBBBWzLrmvi5QCn+X
11 | ADLM5rMq9MwlJtVcCXXX6fqPxk93kFT/Awp9dBrUZ1nioDzJAe614esJG1FBMO7a
12 | 5F1H4qcxho3mpyK3CKapS+4/EAwYlH63nAMeuPbum7fHDcMSkgJbnnr7K4YHyAvj
13 | FVJrp5rCSM+bM8xZKzSgoACxpZVfqLA6g4v05qpCAQKBgQDrtzf5Ns/grLK7GXpd
14 | /Ugvpzx7qj2Wo+vwC/Ds9gxfi/Q4hpll9idlmilwKOf0thyONupFhot81iS0+XBm
15 | /4h7zcTAGSXszWMwfxFgt7mB1beL/dtKHJ669PjUQOSNC7ECozdFUysmpzvSzQ4w
16 | WNlZKJM2h2gCtO2uGfI6aCg2AQKBgQDVlK7K9h+R4De1hBqTMr47kVdUw3cIlHyy
17 | pcjWWelQfeGvYAxkWeay/ARk0+yJjoXi8pB4gKkDTNvhD7YrTF8P9+Ujd47lg0wQ
18 | 0ND7RklL5M8EF/g1VDXfv8h3F/t7ropEqUb3Lj4qLZ3mP0iItgzhiODKSh5ekWcd
19 | 9XfSIqRtKQKBgAU7sRtwUxcq3mD3BNd3WxXrwZUBR5LDmuZebX/lSosIgWiL3HX+
20 | DAvea1MZJWUycdnacEMQ5KHl4zS9YPh4beBJxjd5l3T1bmFSQOGD0rOGOif6f9ba
21 | Yc/Gxot30VssSkbDtuNsIEYgalyYvtrl7hVjqDkKso101N4Lp2wSieoBAoGBAI7M
22 | zFlzWgREr7qzSrlkUgCt2oAX+HxKG12urqtyjiZ9I+oIBAEMgszk52Mqtpn6KtZk
23 | a+fFzjsgplrCEIC+nUil7BRcmbQmpzMPCssWYWdW4nrQM+okFak2JyhJZqF5P4VM
24 | 0N/vkSzONyZ85VhSsCYTSIi4Kbn86b8EIkrjUqCRAoGBALd1rSnG6hi21s8XVZuL
25 | hg9cOxxCGu02Aanh/z5ogs+EXU5vo3B2Focra1o238F87oy+ya6jX8RMZJqdU2pa
26 | x6VTZtDRWx/tDdG38OBHYZ2M6/Z3TmInZMQ4/9dDyF4yN/dotiomzdNTeKpYs4dH
27 | n6tuMNsHnjb+bw/eFwLdJPGY
28 | -----END PRIVATE KEY-----
29 |
--------------------------------------------------------------------------------
/conf/keys/uefi/DBX.key:
--------------------------------------------------------------------------------
1 | -----BEGIN PRIVATE KEY-----
2 | MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDUbon/3FNyQEnf
3 | Il6UovreQtUbumtRrSJPJeqBZoFc13vYdFdHVBSFUKRX6LwduMDnj6Zvjpg3g/K5
4 | mp5H8SYv/RvRLMSwNcx7ZcG+1BsxXEqoyMQ4zHyKmUDbI8hn1ozFlE/kXGxt5pm9
5 | 135Cj1o0l70p+osWoooFdYHPD7suFJtaz6E47Sek+uRtzjBELCH9go/RwEooYcNo
6 | moiTJ5z10nqW3jQhJbJ0t5+mdEYnr/9d3V3pkZYdi8KicVZOMWdjrncVT2sdrSQd
7 | XVBF+8hZ/BzLBczgbfxOPhA64Q0/M5Yg8t0NzV1T2cJWkju8dK2xv89XjOgq4KhB
8 | jwcB1g7rAgMBAAECggEAC53/7f4ekiDx6UH36ij/jygYf2uycsUFG073hBwW9vzR
9 | yQSTwVLXzHKcijIwF3ADHKa+c1tY97A/lebewRBvBjDRVJ8eIoTOqfDmp4jx88EY
10 | VCKmmHSWWv4GjfVnAEa7bBKwS8zCIUB7J+ahAQLV7ApgTetlr9cztRi4AJrboall
11 | RPBoOzk+4KiUqD7tvvNf/dRo3ZQnIFFgqB5eQtlo1x7mj5yS0xMQ+KvD9l3UeHUb
12 | bn6B/1WKQahtlXzq70cxeSDU5Tdn87w9IfDyQhjoyRNJ5dN1jUKkVIex7gOwdwcy
13 | zf7LuStV2ryiu66dyd7B+9gjtryFZJw2zgfIBNwQAQKBgQD5j1s/vWwDZOQ+twAb
14 | 2qOGkKFZgiZyFkCacP/TNC1QHAVKnUh2j4KdiRxJ4BEObbaJwbz9SwC7OiP4mlTS
15 | M+wA7Fi3H1kiByGDjpjdlzIeoc0NHNJwYen7fbMdMsQSp81nW/U/BqSdg89uZAbp
16 | bhrEgtQbfTkriKJ+MNcv32wmbwKBgQDZ6egC7/hrivv7XoyCRyr36SMFBqvLLhfy
17 | kxpAtm4JYmQ1y6WRBcmmXiAln2cD2UpTESF8M73iX8j8d1x8X9VYuplR0IMPJj7+
18 | ZueTm7RQb1JHB4hDTMmalop86NrNQSMx07vHvqetF9zLWnKlIOI0/1cppb0n+0VZ
19 | VWP6zYz9RQKBgHsvtl0qRY0PWlNSxez56cpczih+xDeAoHcb3EwG728hxcLlDIXp
20 | pRHaQmp8/i5fHcG2LnHhegTxWBw5IjF4i8CQ6eHKyZawamykEPUg0w6n063rUj1D
21 | N9p6W9XH311OE2g3zkFEKDHQhK37FiZXwULLSaQgFf5VPdCIj1AEO0BlAoGBAItQ
22 | 8qbmGpFOwvibIwOrUjo6z8vHzw9QAblw+IjE2Sagw+ZsswY7iAcYCD9lYKviQJVI
23 | z3qjbdOLX2ihOvy9HB3k9l6LCy8lSYLF8Wm6UxZVhWmp1CEKt51gf1uKV1CAQ2r4
24 | rgXuyy5rohpUUhVmJ5iwYl5a+srT5ytM32WaAnhtAoGBAKZEy0hLxcIbm/1g0kGi
25 | kfMOa6vlIOKkT5gJNlQrgidXtvphGO1CsVWi5L2u4deJPRWiDPRH4MvxZZDqdT8W
26 | VDmKgiR+uBo9WUENhLj1wpWYLJtEHRj5bMIRwWJ8V/zmzP819R7eYF2Kmvg8getw
27 | 77geKM6qMTXx5IFyWlJgqQfc
28 | -----END PRIVATE KEY-----
29 |
--------------------------------------------------------------------------------
/conf/keys/uefi/KEK.key:
--------------------------------------------------------------------------------
1 | -----BEGIN PRIVATE KEY-----
2 | MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC+hH5jgzEvazq0
3 | c6qZXjCIPq6pjZqBr222ytOkNtq7x/6fHeCFmXieDKQRBz9MJs8HsG3N/j3J+pRu
4 | XAliopdECIyTGMVdhIhFbElIsZETZ+tINl21ekp6v6ZVEpifWRT4TcElkNv1G+Jf
5 | 0s3ICF0W39+vPmPqwBRc3zwwH/Kq87mtmI20K7t7div7NY9O0MeqOzZJVOB5Rauv
6 | s6hJDn9hqQx+jLQiyP9aMFjgZLAkSopGPyZinxkw2DsG0RB5nUQE++r3CS0DeJx3
7 | u2ctHdAGyJb0N79IfVq+DYoRtJxVabcIGRvvQ9cdS6srFyO4oFrd48UlK6LHAgUo
8 | V4w2JJRTAgMBAAECggEAPzkvyi1Mwrw2cJDb4eaAe441nz3HMtc5NQptHpc3kk5l
9 | wH8FNcC+5tAyGBaMGmTcmmQhpFUFQ0RdQpxXXvyu7xxZLi1vvb+QC13Kmg2XI9X+
10 | Heowwdsx4Tc9ZwjzThodW+NNv/4pCFe3EW6e7I1d+wvTKtAtD0er2kAYtK29dZ42
11 | NzXm4VO5I/Id/JH2vF3h2EQo9grhaXsoIYSd3iDrXb/ZGl0I33vrr4+I5xKLbJoZ
12 | TD+qSbtCYZVmqdFnTv8ByCRacQKE7avxJL5M2UXJl+bSby/tbzwHWqCgm+c6M5p8
13 | JVpgnDncUxE6a/8ClEqlU3JN0G69cZU2cVZjFrmtVQKBgQDrNtcY2VePpKeVWyW7
14 | TquMJOIqxKrqPKAdcMcrc0f0B96intfEGq77diRTNrDP27zXXzJiZbz7nmJ0HRnK
15 | nKrxMmonol267ilNk8UozOx8Ev7c9zaUcYSbQ3XoeZQ8dsvca+GU3iJ8vQin2tKF
16 | 6j7/juhwRPb+MpHj6bU9KVU83wKBgQDPWn+Jx+NeLm0+XVhEySN1X40j88iIEAo7
17 | Jxu4Rn2WlAZaVXAfO5uU6KoZp5EcV8RkxNgPkfYkdb9ZKINVCvkbL3zMSj88eefZ
18 | iz69XZPzxRN5Kmsds5Oxik6E6374ZjWpII0gT7d2D+UoV50oDVojxC1ucgLvi4mP
19 | hqCDvEIjDQKBgGk9uVIh9N6NcnoONTywf2sOGa+/HSX/CDkD++mCBCC44LFsVugk
20 | dESI4Mnmv4fRLpZCvt1t3ffLLwv69U5FeOrAfuTK7hs0coCGbIHL5sfBDA28Asy6
21 | WfXKYlgpBd1j3eT61AzyswWS4uuPqgBHBfb8bx3EjarA36vVJsV91+iLAoGACSMr
22 | y56LXnMdTUo/wYg7j8iOJ69uftB2IvUuO4ifsCsFvKVXM4kk6gL2u/quYllbxjUG
23 | cGk2N5UYwY0PfIfnQlNtZHNBJiEZHnUMZrvg8TUWDpjX748iSwiVPTZDeh7G7pUI
24 | owvgQcuhhY2W11T/S+QxPFS53GSBw1ljaWq6X2ECgYEAuE7T5X96vkfF0YVqufUp
25 | 1OxlDkvrJP+pncUtPXFHoxEZJPkNhQHKTjOHCwuIE00dFEFQrIuYzLFks+dAc42Q
26 | LQx2CbcHz7MR7aMpRG2typc2NyJaYQDo09XSDuFgF6BXt2TzjGzKD+OhiXWql9OV
27 | kEhTqK6qkGDY5TpPUf6a9ik=
28 | -----END PRIVATE KEY-----
29 |
--------------------------------------------------------------------------------
/conf/keys/uefi/PK.key:
--------------------------------------------------------------------------------
1 | -----BEGIN PRIVATE KEY-----
2 | MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDQfopsmmupC0YI
3 | cPOJkBh2ZC6zdTSUfhSGrIf/BQMRRTKK98W/FY3k5iuXyyM2FFoFG5xXMKDdinrS
4 | K2nAXBAx9PV5iJig1/6rIHpiP8/1q0JMbj0YECk6aEel1wdQYvKiG/kD5B6kjmKU
5 | mOx5cWdNY1ycHJIEL+y+44YakRcWq3MRHaFxjVz2Xs1+qtgYdjCTD8OAuVXFY5Xf
6 | Ire5lmW9aIottJt9GGqr3zg7XjvHy52u1pwBYJevOnvDSNGWQwwcme8ntpzClzch
7 | bLuPkhwCCKiyO/yQ8kFkXGDGTQaNF67wHY8pYXt+LgCOHEEqc4QJ46xmgjZbFrXO
8 | QB/h/QG3AgMBAAECggEAEbspP4o0bLhqOM6OT50jD3J+rEFj+trsGPX0TOJau+3E
9 | GiBvP0xweE6A15RthqxdaYDLH3khvSWJQ3VwtWy+7di0xaSxwkAMRvZoohFmOLDb
10 | Xw+i/3hkYTS8HyT12MbJdrLlTwjn+Dups5R7y+oyjFjOZ/JgEp4Wxrcn0PuU2JcN
11 | xOoQVpju3aDnsqKdf8TDsuw3GOj5yUgFKGJbPMx+ywTY/xbAJBHntpKa2ht/d5o2
12 | pe2KOQqJNGGnB0VKV86msZf3tPAzHdgrd+wf2yzlmwAFxDbiaxixl2U4qgmLheGq
13 | d2gVo0YU1TtloNSryJsBDT8gJsBKza2zeapVLGCLLQKBgQDzi+sfrnDVnok8Z/5w
14 | +pBBwpHVw00SCSYNuBHpP+IEVb14Z8whguH/yj96uXGEh7dE9H7ea197/dpKCoXs
15 | WVOqGWXRuDngyNNogaGLClJ9ougSJmj3OwzuyLWgh8AAoKm3NaVvUCoRhYVRJjUV
16 | oPtGU2OdJGy5fy+OXlBxY4kRFQKBgQDbJ8euZnpSojsnDbPQiQWJC1WTqYf5roQE
17 | SYlk/Hv44wi/DZiXPnzi+Hu7urndtqTKQ7FSxKizkdPJDAsvx9Un5dKoPsfx39il
18 | TfBzRLPzWZBN9pvCTJboo75y7fRGUrXtNOuvtoFKQ5vajFYFVQaHsn78Ih48NiiN
19 | u6+0zMeCmwKBgBGUyS1pT1XscuW8cB7Bx8YngJWY2qhxpqCY6BoZdXxwoBPgEllc
20 | 9GmdtQVr+6jgjzdYGwx9XdA6nBZ6Of682BBQcww3q13xwWkq6nl6DkhpiS0+PpeS
21 | WLWoIYxsIE0rS/Ug10d41wCazev0wSJFk74Y6PkAFyUw7ELvxgjZcZydAoGAcmQx
22 | NjcHYlqLxbbBRPhAi2f/IzQ6ZXlSL2qy7KNdkmvvBMpz+34CcfaBn1u36KKNIYZz
23 | 6F/+LrzPbwF6VVZZTJoJewhKFVZiHuavu3sA8uStDgTLCIAxxPyzTAoolwxVKZuV
24 | 6gG5OqpPj6Pwwpe+8NWassCcR5F9WX2+GQFKokECgYBA9+EC5SXGSvxqXvAlNtHM
25 | RMBkTmadYoQkxwHECO3B5GSD5C3NKtGo9VFX8wE8g2echErg8gwTl4f3nl1+sThE
26 | aDGNP014I5qXxpDCipfMEHbh90slVo+aIC5ZWmpMrzEaaEIzscxNFkkcmNLT+anf
27 | L2FjPll3d579QdOYQY4Btw==
28 | -----END PRIVATE KEY-----
29 |
--------------------------------------------------------------------------------
/conf/keys/opteedev.key:
--------------------------------------------------------------------------------
1 | -----BEGIN PRIVATE KEY-----
2 | MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQDs9PL5l6OU8ldH
3 | x4ph/tbqDJLXue5XJd6L5f7sgvz1w9Q4nV1NdcY0GB/xKRZazby2hhF3SPR/Nyr1
4 | iHgX83cn3WPDuoaMt0XZAEst+M+NRYra+9Qq3/1We0CURlt0ZakvE97u4ci8LR/h
5 | VwCnIebHWVrgUXuNG7DgJQRq7rBkVOyfaCqZWmC0/de11zy+2BTSlqOiC6Ddnfit
6 | sl9mJQqO0spLFnWBq9lgvac1PFxy1mmMpSmR1XddIteXACeJnBnoEG8ZWP3DPk2H
7 | NOJ6IsApawcuKJyIyF/6mX0utHjlb1n6/Zg5EyxJZ8311cHaGPuAKOJNwDh1tsMp
8 | SN9oi1/tAgMBAAECggEBAMAtaWJEOcdzRJZSn0kbBfKMgAu2IDdN31BXGIl5Mu+g
9 | A15nQmSwQC+/4SgVyquacJMX6NJ1uNX0SEMai0vhiaIrS95SSQ2XFm8IbfC6+pn4
10 | 7MTtuQWM5Epfa+DVrxaX3L7xvry/Ia58an63sS/bru++6JVFgI7RBoLDgvG25Bh5
11 | uG0LQ40QzHOWYZuFn+NU/Gk/WM6CqQP0kPufpBc/MllhhqxgUjZFwrUv1ScQYjur
12 | CbSLIcttkCk2DoTZo0UShcSo26ZmwPLoG5mw9ESAeF+k3fhgwaTpb4pDKh+M+V4x
13 | PUrv0mRvtPoOXQT28eRVA7olUApqHH4Z0cGQZQbt6AECgYEA9tiG6fNVP4xh75dU
14 | 4PwxOL1uJIXwp8AufNIoS/08hLR25fA3YfZNBNRyeGizBkf5hBgVPiTdqpPVSQYx
15 | FL00VyF2dQxzpLimmwfADXeTGwbq70FuLPVetk2CG4s99mWnWHxqHued1xnLKGAh
16 | VFql8mTmQokSpsSlfWkJVRLyqL0CgYEA9b6KF7A/kuGLUDiFdojorAEkerpCKVLt
17 | nEy9jft24yI9OJgGYoBP6f7fZntJVJFyD/7dfZSocoOb5Eh8RQyR8EjrgcKYtniX
18 | 74W3CcVtmURETgkX3SF2M9ScckVWBhE5J5TcYy5O1V7B/OFIlb85M0NxbcGfqihn
19 | 98lUxxnb/vECgYEA1/jCsdaQ87Tjyzjgrqh4eGhlAdeeo2bmRZeqYjICzSkIDk6K
20 | Zk+VO3CVZvxUBl7a1NQtYd3ng+MsbWPZdYfFT6abefWXCLv2KRYy1pWUQ8VdsE/T
21 | EcrtPxu5hlfhsr9mF2ljf/6ufxC2S3EwOBnHr7jQLc64XukW0g8gdyrI3RECgYEA
22 | uc8dOPYRy6xwGvLxrwOr8cpXW9iTiA1lDgZUWROm++x6n90LDtV4FzSYlDNp6eCj
23 | fwa1UGvjxdpPOBe6prbvbeCk+ZM6xtV+BCR1lpTJ3tZoUxy7B39ykZQTyq80cRf6
24 | wDvlO7Ta9KhWQy/QIzHYPTOkg1mgsRcmLYv0ZyrdVfECgYEA5Ywal/3/kIOao51r
25 | QkI7xYKB0KQm23yitfLa4ayeiWbX17GfeW5ZlDtWqFcIwP2FQlq+7YLKPMZSSlU3
26 | YA6CMQ7qx3jrnMm7vuuZlFPAFAEsyuic6Q1DunJH3EZgan2mft9PV9xW2+1b+wMh
27 | bBHuJQiYfDeyhHfGj+HxC+gcECE=
28 | -----END PRIVATE KEY-----
29 |
--------------------------------------------------------------------------------
/conf/keys/x509_modsign.crt:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIIFSzCCAzOgAwIBAgIUK6YaoE2ew8+UYrv80P763gszs8YwDQYJKoZIhvcNAQEL
3 | BQAwLzEtMCsGA1UEAwwkRGVmYXVsdCBpbnNlY3VyZSBrZXkgZnJvbSBGYWN0b3J5
4 | IElJMCAXDTIxMDYxNzE4MzUyOFoYDzIxMjEwNTI0MTgzNTI4WjAvMS0wKwYDVQQD
5 | DCREZWZhdWx0IGluc2VjdXJlIGtleSBmcm9tIEZhY3RvcnkgSUkwggIiMA0GCSqG
6 | SIb3DQEBAQUAA4ICDwAwggIKAoICAQC/t2OAb1ybzW6ehti8ZRp3oJkQNVkdPROI
7 | AjJ1X8x4X52p4Mv/vnNn5MOHprGFbDzmmU4rV48J8McvR+DomTLKZnPy0ei2n2gK
8 | nqngEtCl2aU8ETtg/o1n4DXB/fpFNV759E0IFfNo3l0XRMOzCQpHAUwZcRCf/9/P
9 | i16v2SDCV14CtbfbCeVYGVFvNn889CXDI9oehbpwh37TChJ7viZfKbEZRkVSRo5A
10 | 4lyKI57opOm0FZWQ01HJTEQFN4DzbpUW6FMuKUkZnF34xL+UchUkvZSxnNFzGQKu
11 | sZsK7/E3sfldczsjkyLNREXuyuFS+29+bnaE/HZokRUrpLPGn8IxlcKAe11WPISY
12 | Ietnj0plOdz+nLJJ0PJ/qDMHZUGXndbtOXv9a9bR82pEUqeAuzLju1L7t3StcqkG
13 | r7+XyJfi8Xsy2njD17Z+pi/t/xSNarZU7+nGJz16T+EAjNT3n3GvaB2GCLk52fTK
14 | NqBUumTj4y72x3S4YRoxiZZLrssMz6hcrhTUnnuHZAa/zj8L/Vlbvy9C+vUesa0Y
15 | rXKUtxTr/Ob1fGLiJk86brF1aXSA2Oh+dtoqQCwraJAjsQdnsvux28dsBVSKBW7D
16 | AIA0veSW3fybfD46qk4NaQJR4VoJOA7hZ+OvxhQW6C5Pgheepekt/uwmYg6QKj2P
17 | FXRo+YhdqwIDAQABo10wWzAMBgNVHRMBAf8EAjAAMAsGA1UdDwQEAwIHgDAdBgNV
18 | HQ4EFgQUGyMnwLddC8HkkUyBlbvwU2KbirswHwYDVR0jBBgwFoAUGyMnwLddC8Hk
19 | kUyBlbvwU2KbirswDQYJKoZIhvcNAQELBQADggIBAIgYL/+hSBg64SV79JioM61r
20 | gjaQbGwe38VdPqECOm897tntOncxtyvCIDdwRgyNNOv6XttSLvC1qwgZmevrBMOa
21 | vf1Befeqv8ZGmw5BfcTf0mmPi59HtS6rcQBYJOJ2V3zhwnry0o25w8bI7JOaMb0s
22 | QRXgOsp8fOvK5hVFk5NGVpOtZZ1f3ldwf1Uflx6YE/aFvR+DJh/rpYmOk92+g7kw
23 | c9gqyaubsrrt8XA7SFeMDCw5JZPz2X8OA0xQguu+zdxtOxQ5BO7qdBaOTub5+Xf/
24 | UJ9SnB3TbVfxjBQP+rAHYoBHbXsb5eZDtJAYmZQxiGESgsaTgFHtbiS7szSoiUye
25 | Kwtz03bIaJqZzxqFwSB88vQzhnK7onsdxnPsVR/bGeSck//AhvEQMeF+Nfj3w3RY
26 | o9PtQAFMhSfTZssDRDepz9O1Jjzai9NeNvz+hIhSHh9CtU53ZKJppmbSkUVG8a8d
27 | j9qIX4pbUsxldOtiFVwr58S7A6sSFr8M6jl5LZUT51I6g6R3OWUhehA9nfJlJLTN
28 | S6ZvJYKDwbZa/7SLcc8FWa6V0aJQ0zXE9of2fw9kQTtCx+KvEg60sbu187Rth/Yj
29 | OLtpLYaj2O/uozE4kBY6O3d2xW7ReAP05ao1ztRFPufiX1AwJzhDr6UPxYJx/UR5
30 | xaWAt1Hyu/GXHISkkDlo
31 | -----END CERTIFICATE-----
32 |
--------------------------------------------------------------------------------
/.github/workflows/foundries-promote.yml:
--------------------------------------------------------------------------------
1 | on:
2 | workflow_call:
3 | inputs:
4 | target-version:
5 | description: "Target version"
6 | type: string
7 | board:
8 | description: "Board name"
9 | type: string
10 | default: 'portentax8'
11 | environment:
12 | description: "Environment name"
13 | type: string
14 | default: 'production'
15 | slack-message:
16 | description: "Slack message text"
17 | type: string
18 | permissions:
19 | contents: read # Required to checkout repository.
20 | id-token: write # Required to access OIDC token.
21 | env:
22 | DOMAIN: '{"staging": "oniudra", "production": "arduino"}'
23 | jobs:
24 | Promote:
25 | runs-on: ubuntu-latest
26 | environment: ${{ inputs.environment }}
27 | steps:
28 | - name: Checkout repository
29 | uses: actions/checkout@v4
30 |
31 | - name: Authenticate AWS
32 | uses: aws-actions/configure-aws-credentials@v4
33 | with:
34 | aws-region: 'us-east-1'
35 | role-to-assume: ${{ secrets.AWS_IAM_ROLE }}
36 | role-session-name: GHA_FoundriesPromote_via_FederatedOIDC
37 | mask-aws-account-id: true
38 |
39 | - name: Promote pre-release ${{ inputs.target-version }} to release
40 | run: |
41 | aws s3 cp s3://${{ secrets.S3_BUCKET }}/$PREFIX/offline-update-$TARGET.tar.gz s3://${{ secrets.S3_BUCKET }}/$PREFIX/update-latest.tar.gz
42 | aws s3 cp s3://${{ secrets.S3_BUCKET }}/$PREFIX/$TARGET.tar.gz s3://${{ secrets.S3_BUCKET }}/$PREFIX/image-latest.tar.gz
43 | aws s3 cp s3://${{ secrets.S3_BUCKET }}/$PREFIX/info-pre.json s3://${{ secrets.S3_BUCKET }}/$PREFIX/info.json
44 | sleep 60
45 | env:
46 | TARGET: ${{ inputs.target-version }}
47 | PREFIX: ${{ inputs.board }}image
48 |
49 | - name: Get changelog
50 | id: get-changelog
51 | run: |
52 | CHANGELOG=$(curl https://downloads.${{ fromJSON(env.DOMAIN)[inputs.environment] }}.cc/$PREFIX/info.json | jq -r '.latest.changelog')
53 | echo "text=$CHANGELOG" >> $GITHUB_OUTPUT
54 | env:
55 | PREFIX: ${{ inputs.board }}image
56 |
57 | - name: Send message to Slack
58 | uses: archive/github-actions-slack@v2.0.0
59 | id: notify
60 | with:
61 | slack-bot-user-oauth-access-token: ${{ secrets.SLACK_BOT_USER_OAUTH_ACCESS_TOKEN }}
62 | slack-channel: ${{ secrets.SLACK_CHANNEL }}
63 | slack-text: "${{ inputs.slack-message }}:\n${{ steps.get-changelog.outputs.text }}"
64 | slack-optional-icon_emoji: ":fire:"
65 |
--------------------------------------------------------------------------------
/.github/workflows/foundries-target.yml:
--------------------------------------------------------------------------------
1 | on:
2 | workflow_call:
3 | inputs:
4 | factory:
5 | description: "Factory name"
6 | type: string
7 | default: 'arduino'
8 | branch:
9 | description: "Branch name"
10 | type: string
11 | default: 'main'
12 | environment:
13 | description: "Environment name"
14 | type: string
15 | default: 'production'
16 | outputs:
17 | factory-version:
18 | description: "Factory Target Latest Version"
19 | value: ${{ jobs.GetTargetVersion.outputs.target-version }}
20 | bucket-version:
21 | description: "Bucket Target Latest Version"
22 | value: ${{ jobs.GetDeployedVersion.outputs.bucket-version }}
23 | permissions:
24 | contents: read
25 | jobs:
26 | GetTargetVersion:
27 | runs-on: 'ubuntu-latest'
28 | outputs:
29 | target-version: ${{ steps.fetch-targets.outputs.target-version }}
30 | steps:
31 | - name: Checkout repository
32 | uses: actions/checkout@v4
33 | with:
34 | fetch-depth: 0
35 |
36 | - name: Install Fioctl
37 | run: |
38 | curl -o /usr/local/bin/fioctl -LO https://github.com/foundriesio/fioctl/releases/download/v0.44/fioctl-linux-amd64
39 | chmod +x /usr/local/bin/fioctl
40 |
41 | - name: Configure Login to FoundriesFactory
42 | run: |
43 | printf "clientcredentials:\n client_id: %s\n client_secret: %s" "${{ secrets.FOUNDRIES_CLIENT_ID }}" "${{ secrets.FOUNDRIES_CLIENT_SECRET }}" > $HOME/.config/fioctl.yaml
44 |
45 | - name: Fetch Latest Target
46 | id: fetch-targets
47 | run: |
48 | TARGETS=$(curl -H "osf-token: ${{ secrets.FOUNDRIES_TOKEN }}" \
49 | -H 'accept: application/json' \
50 | 'https://api.foundries.io/ota/factories/${{ inputs.factory }}/targets/')
51 | [[ -z $TARGETS ]] && echo "Token not valid" && exit 1
52 |
53 | echo $TARGETS | jq -r '.[] | .custom | select(has("tags")) | select(.tags | any(. == "main")) | "\(.version) \(."lmp-manifest-sha")"' | sort -r | while read TARGET SHA
54 | do
55 | if [[ -n $(git tag --points-at $SHA | grep arduino-) ]]; then
56 | echo "Found release target version: $TARGET"
57 | echo "target-version=$TARGET" >> $GITHUB_OUTPUT
58 | found=1
59 | break
60 | fi
61 | done
62 |
63 | GetDeployedVersion:
64 | runs-on: 'ubuntu-latest'
65 | environment: ${{ inputs.environment }}
66 | outputs:
67 | bucket-version: ${{ steps.get-info-pre-json.outputs.latest-version }}
68 | steps:
69 | - name: Get info-pre.json
70 | id: get-info-pre-json
71 | run: |
72 | LATEST_VERSION=$(curl https://downloads.${{ fromJSON(env.DOMAIN)[inputs.environment] }}.cc/portentax8image/info-pre.json | jq -r '.latest.version')
73 | echo "Latest published target version: $LATEST_VERSION"
74 | echo "latest-version=$LATEST_VERSION" >> $GITHUB_OUTPUT
75 | env:
76 | DOMAIN: '{"staging": "oniudra", "production": "arduino"}'
77 |
--------------------------------------------------------------------------------
/conf/keys/platform/ti/custMpk.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN RSA PRIVATE KEY-----
2 | MIIJKQIBAAKCAgEAvxSuSdh/ctNrI83rSA5l3CJN8g5PgvbttfLd23yR+m5Z/9X3
3 | tt4EHYrM0pXZ0eDEwfhQv/9IDJEiUJpMe4vzlgooJrOk2eCpVUEa+z5bJ2y/ysBx
4 | ry9yIu5GASVirT7HBPaxGLYswBJuD+KbPuWmoKgGRQNBF04WH6l01oRO1nmnELgR
5 | qQ6SHyXdf7Hy0bnyaNgzWUuCfXfM0Zz6I7T7WIjyzerVFvIsdS36YsPBCW7gBnDg
6 | tQcJmWLZ1uTnbG3IggdQk/fi2O3RX+PQns+TVNlf3V3ON2DxqxSKBHtlp7p/30VF
7 | fEuhW65OxpQ9jE6H0pQ8pPOf2vzyNnznDa1aQjfxKoHQbqGnZwMeh+0Au3NKaCgx
8 | ooKaowTB6If/RX6qwZ/UOwXHg/0hcf69fzjJFhlSDuYDM40dHsk2HM1OnYIpiM2b
9 | Kr5sX3uysjp5AGp99a0anR7NWCrPXvROgKs7T9341N40osQg2VkZLYUCXh9osUyN
10 | uREG6S12tViMUKg3bmZ4b4MwRk00n7QYSrm7+nvFrtYyEISEbD+agDM1/E281W5g
11 | VFDPfm2AlwT6jwsg/b2YK6E3vVn9SuxFoQmLF8lyFDO3BV4SXeJaHc4hVPbh6tVV
12 | qifrTQnfGUCCLmaJF2XZbrPWOE6NYRbWdNTeFl9RGdVCuIPSyN5LqWmXto0CAwEA
13 | AQKCAgAzkAwcJ0z1GnId/lJQZno8NhGckRoJuEKbR8dwlCP8VUz6Ca5H7Y9kvXDa
14 | Hs/hn+rYgP6hYOz7XyrIX2rmJ/T6dxEwqGeC1+o59FConcIRWHpE5zuGT6JYJL5F
15 | TuZa48bm4v8VMQvQZOjIZpkIFwao8c6HTwKAnHTB5IN/48I2hCt+Cn3RhfoOZ7Rm
16 | 4gkpaSkt+7GXlhXHb82YfujNO+hbktEamhUYlQ9EK70Wa8aqmf3gHxO0JgsEFjW8
17 | lJaSnultlTW8SDcx3LMUUjCYumECk4oX/VlJfmKYjPlVjkr3QQ+Cm3nNucb4K4hc
18 | c+JL+2ERhSj8RjXL7VgbNgdPnIjvQDJuTNqecTU8xWPYrkOLQpNibbLjnutLkhJz
19 | fMyRtmDtrsey8WiCDuCHkPJ8/f8RjL2zWI9fzTDDIzdlEKouUFGOovaHVnbua6pn
20 | hymcu9d9FV3p2rcbj0ivCs7e8j+vhSxFJEJoAbcQdXCTi/n2uR7pLtoMNiUzsejy
21 | d46Uz+KEU920NTwE2z6JJq8I2vegnxjc7PDDrV3/5rK04B93aXiqvwWseCpxelrI
22 | xaMkRHbXrIXRO6MXQ3N+zNq8Dg3hjGTTvaBKuwgvqLwlXY8+Aa3ooFzEOInIOSsI
23 | XcWqXxt/tgZgsj9RwpC42t8kbA+BkbNk9EIUa+P5kEr2P/fO7QKCAQEA4EtArnOX
24 | D6tQF8uTw8USOZC2P9s/ez1z4jRq3oKP0Kv4tJiuIObJ/dUvGVD7aM5v2xaCfhm8
25 | xpk09VPUgghfG5jR5qVvQr75kCNToJQudWi4ngk1HwKJzzTO11giFEdybvTUA+Pj
26 | fmxCM0dYYqRWZoj0hLqXlUCwxE74BFIhJVjeYbf+nTQrqpllTLoW7MTZHzGx5SXx
27 | 4dNzyVAUH49Yt2D8mgXXCkf5sGLh762wj34b/rR10Kr4O5utGMZrfTRIbuQ1pNjU
28 | m66baPzq+mC0BzqZEW70TgEb7lOr8rcVXLOi3r36omfd9/MHx7iZD6o3K1axSO15
29 | grD4ZrN7Ac3QJwKCAQEA2heCoBdpvy6YUk8AO2k8qDygTdmPQRuwjjT+Z2fMslBt
30 | D7DkpKwZ6Bl9OclcpiiLHmH+hv65KqYg+tR0RRb7PcogB9El9x7yKkGTPZEYWGky
31 | n8P84rJpKwjnwWQvPQktI1cs3YGvZA9DQTFBavRrwuzgd1oSJq5aPQ2tme0kMvWp
32 | l1/B/cPK+PKCi/Wfisaze1TjijP9qIeUwkdNN6WLrLU3QgsGppcg2I7RQtAIikT6
33 | GkuiOQAvWMsrJVV6PNrVKz4fJDJ59Rz6jbDHZNi1MEYNxQoB/Pl7QIakbfjWpHLv
34 | 8Ey7cB2JKxjQy8tmyl8WNQVbXbE6daPXcMTUmaRAKwKCAQBv1lYMJmq+T2eCVen6
35 | BbvOpE+bi5EdvEiaFBTtmiBnpjg+pJq+oRU60h/H+c9CNR0lGxY6Fk9An4f+g6xE
36 | ojP6KLsQzJCrsVny+wpp2TlJJcxYULMCIVvhy60PR0zG29E9biqBPhJjKUvhEcQK
37 | e3LxcXyq6fdHXphFajLUxLbuTl+kTgBRFoBnclFGbsubh5PTsA3J+p+fQLZNPPar
38 | veg4l82cZykQYU8pGkUaI3sUMYd3+zd7sqRP5JHs9pMGPRmY4YW2CsAIWIn5UZNB
39 | ARMDP76vKKn8cyUgMuxb+9pU/OVLN2NPs4bEaZQJjAwV+YPEwldny7F47xEM9JVz
40 | EtKlAoIBAQDUt62u3GdGE/p5/ZgqWoDRTyDEDfmN9aYFbmbdEP80xQE7FrxMaZhz
41 | K7laja6SWmUm40nQ/c45bQQp4uLtKHcxU15egX7YRBTLZl5o5IasZR79ebnEm2O8
42 | l9kEZeU1USf3mmWmP4GExOZCRfqaiYA6BbUCdJXTqKdXeWnkAssV8UrS3JFoJHpq
43 | yo7OWGqefyQ8nRW6jO9SW7uaqtUD+7H6aF5XSk3YWvusfdBZrHNH+fM/hpnZovaL
44 | Us7ogTDS/laA8PyK37jYfMVdQhmZoU1Iomt3zkUWK3gt/aWPpfAlQf4Jka4YspZB
45 | tNiijefaZ1hPqsPs5Joyd/YAhdsfaHc1AoIBAQCn/9j6RRjRaw0ip756oad4AXHz
46 | XBwVB2CrY96qT6Hj9Sq7tGgdskqGkOQkAivBLBizUdcWv0t1yenOsSgasQeMlvlh
47 | B8md9cLvpKXPB3HM3rTDH/xNXe0TpVKLf7SXC8HfDyIweHwMW3QgO2DWrvI4BV/T
48 | ckBatRNQ90HxkqGFhC/Mp529lQlyg3ifxPxJsvZOyPMUnrflAvsKQk5c2ZiQg3nZ
49 | h7I2pjSYgCl+Ib52l8p9bf1kcrVGgPM+auzm496i0RPobFeDBoBvSoznJktHJ7+3
50 | NnZH+jLiZCODiQPGtQUi+T6eIZUIJF0YASpsCCtUzXCxwW3lYIDNy7UlMivF
51 | -----END RSA PRIVATE KEY-----
52 |
--------------------------------------------------------------------------------
/conf/keys/privkey_modsign.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN PRIVATE KEY-----
2 | MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQC/t2OAb1ybzW6e
3 | hti8ZRp3oJkQNVkdPROIAjJ1X8x4X52p4Mv/vnNn5MOHprGFbDzmmU4rV48J8Mcv
4 | R+DomTLKZnPy0ei2n2gKnqngEtCl2aU8ETtg/o1n4DXB/fpFNV759E0IFfNo3l0X
5 | RMOzCQpHAUwZcRCf/9/Pi16v2SDCV14CtbfbCeVYGVFvNn889CXDI9oehbpwh37T
6 | ChJ7viZfKbEZRkVSRo5A4lyKI57opOm0FZWQ01HJTEQFN4DzbpUW6FMuKUkZnF34
7 | xL+UchUkvZSxnNFzGQKusZsK7/E3sfldczsjkyLNREXuyuFS+29+bnaE/HZokRUr
8 | pLPGn8IxlcKAe11WPISYIetnj0plOdz+nLJJ0PJ/qDMHZUGXndbtOXv9a9bR82pE
9 | UqeAuzLju1L7t3StcqkGr7+XyJfi8Xsy2njD17Z+pi/t/xSNarZU7+nGJz16T+EA
10 | jNT3n3GvaB2GCLk52fTKNqBUumTj4y72x3S4YRoxiZZLrssMz6hcrhTUnnuHZAa/
11 | zj8L/Vlbvy9C+vUesa0YrXKUtxTr/Ob1fGLiJk86brF1aXSA2Oh+dtoqQCwraJAj
12 | sQdnsvux28dsBVSKBW7DAIA0veSW3fybfD46qk4NaQJR4VoJOA7hZ+OvxhQW6C5P
13 | gheepekt/uwmYg6QKj2PFXRo+YhdqwIDAQABAoICAQC04Mk3+9lcBc5AMul5lcoK
14 | 47KF4E9bjqxGvgvtQZ0gVNXj2PufJoirlOIFsff68cvjpPBjZBDISCslKKPB0Ahj
15 | fZYXmoP9CRiYLGoJxrakQ1vp+DgVoxS21IrjpEPj2B7rpNqork0gu+sIcRBSck0I
16 | AOlTd6E/06HNpqiHMEwAD33bAKeeOQ/wtrJmQvx4/cBDBChec70bPjsh0Xbu2NBL
17 | KIK2Xd45aef8v5SfoEvlIvJ7vYGHSlj3msTyRxOamNKA8mDIRJt7VlQyyS4XWCsq
18 | ptMLX/EcrpQhTeABya/D5F5pFLbPMZq8H5X7Xd6I9ECVAJNBlRACSB+5NYOH+mKz
19 | 0lUGhCSBXgjvrCVN3qO1ydWvwFGb5UpxP2KCkLyhbrYNeoBTV9e5QcWMlGiDtRoh
20 | d4+W0gbMj5Ql9IOD2akwCilo73Iez5gXgmivLNJdWxsjhrm4BprCjaG9gi2lXV6O
21 | QCh2s7dxPhBFHzPKQ02EZkveqeq4HDphUxgwjKt0fhGdUFdJzmHzq5bf0hN+2PMf
22 | /wXoyCR8Xpw1WmVLPGdztj26iqUPbzo1VehV7crWdWnA2Z/ifTNxyIdXF3YA/GUO
23 | Kpe/NIGHAwOg+JgnHRIMks6ni52Im7At46uXJmus4Th8U5Qszcx1WgPWS7GlvdFR
24 | fxmIDJuiYFuBgFrYKM6EAQKCAQEA72XQh4R/TlSmI52kfiCFcXBwCm3cc74w68fd
25 | 4GMIyDusjyb+4xZ1Vq9Koo4guuCRXo7VdsCPx1kfjWbjCSelQ+2U/Vb+Ub/+m5QN
26 | m8gnP8BBWI/2SXEqEZwBBxsDsJfdcgPs8NcSnEfaaT1X+cjgqS7Sag4QuPmNM7/+
27 | 82lUaVQrIkmISharohmYAtU6G7uR7h8HaQ/mHf9mIBFT3JqqIs2jyUxeBFYJM/kP
28 | Uwz552d3Fnk1e9fyqyYbsps4nxm+vHzkpo99bGjY/K6CcuW4rZ9DLff/aIeIveqs
29 | y7ZuqnId4ti+d0kXzaUZcEMfn7k/iK949Oyv/JcZ2Sf4DQQx6wKCAQEAzQMOPv0E
30 | 5Kv2rPf3tvc+0fLkqekom3sHcyuXzUcEChLnsoWxSv/RqMIz6ISXKMXCAnijUJQx
31 | L0zmI0SQ/NvhYttoTU2y1duTX9S9jcmf1/0SKMSRwuQ5BelFMeGrBNxbBoipLFxJ
32 | ZmjKpD7P4DVvWqhhndnHU2QfIQjLs51VygixyVDWU1oE30MPUECDTClkyR9vvsD/
33 | /d2CXZLpvErTd0HCA8ZaLrf0x/7M33OqUQ9k9x0r5N0FDZkQ6JtyeJTltZMGggqo
34 | OCFbE3K0KMaWOlIsT3IZw/mNfve8l8OFCWZ0LPggsnwnMAb5ZF7OyL/y5gLiEJt4
35 | heVhz2AdCznTQQKCAQEAiWyj8TdRMTEMkkNrau/WSpFl78azF0oloSQBrU6Mew0u
36 | eJrFFK0OvK0xpfD6vuws5uANj/boUmJJ540ZZWb5yu22alum8FzLlpm92iBiz4jY
37 | ujMiCXTJ1oP8XwzV6Gi1OT8ho/uCdm4U5fbN6tiyhswXA8SBOv4eXYeonihnyXME
38 | s9EMSKOM8SfKCE5I5iSdl9j+EwSKb8vt3xizUF8ErafojqSlD84nyEr/zggT6Q+O
39 | 4DrCRg5oAnGE0tmh/kr0IBV92FNkh3gEn8C5p6VRh3F2Sgwj9OhgyczOVr6p9nQ9
40 | zbvoUmeGH4nX+Ya+v5zC6P7563d3awN+VhdIoIg48wKCAQEAozAme98dsQRtQ3vS
41 | s9KVL7ufZtyQlUrWQEfX+u/neDlaM1GWMbP2aNXFSfWY+TyJVTxAC5kamaMlobcn
42 | jg9cljs+CCKsEu1In0SRajavRNdOSCNIP5E5DsqDaNRQNHtO/aF0wDnpt1n8y8av
43 | 47HFJK3ZnjPHJUsSOFJvC1dW/Y30LuJo6EpEjI8ttlzT5qEgd7PNWFL6slJLPj7+
44 | TQJm14wBas3N5VhKwZPB8rB4RzPw039l/DQunIdV3UI3WWJ0gxc4W/UtuBhdDdsF
45 | K1wAIwZb/RU/Cy8vAX0jos5grH3gRhdwt4J6ExHKHKoXAddA+vQajMukoThYpiDE
46 | nbX2wQKCAQA5by+pc8W9nMoB0jPCf8BjJiSiNLuyaL006pCy/8wsurGgJGLMqT49
47 | AV0GHsyAmthDZwMS5+MJvw+mXsRgrqpBtCoybgRdjSLwtozJIeN/sfPTDW4lPs8a
48 | WTsBCNvcz9+fjDM+mZxU5ip2zxgf9llLylsGzQLlmetUYuZodg73CYC3A6TeypXq
49 | 1B2sqXjX8bqupOZmlDjAdxK5jrVa6QrCYGX7b5lY8Trwy/aXab+a7dE+lOsuEJvC
50 | SANiB6tSQDBdlqN8qLwjQmBWU18g8ds6Sr2uUIKaEf1K9FxkzGeG0Pne1iVsxiGv
51 | dHpKD0FEQJHwUhgqUN0LKkz5/cXCjsqz
52 | -----END PRIVATE KEY-----
53 |
--------------------------------------------------------------------------------
/conf/local.conf:
--------------------------------------------------------------------------------
1 | # CONF_VERSION is increased each time build/conf/ changes incompatibly
2 | CONF_VERSION = "2"
3 |
4 | # Which files do we want to parse:
5 | BBMASK = ""
6 |
7 | # Don't generate the mirror tarball for SCM repos, the snapshot is enough
8 | BB_GENERATE_MIRROR_TARBALLS = "0"
9 |
10 | # Disable build time patch resolution. This would launch a devshell
11 | # and wait for manual intervention. We disable it.
12 | PATCHRESOLVE = "noop"
13 |
14 | #
15 | # Parallelism Options
16 | #
17 | # These two options control how much parallelism BitBake should use. The first
18 | # option determines how many tasks bitbake should run in parallel:
19 | # Default to setting automatically based on cpu count
20 | BB_NUMBER_THREADS ?= "${@oe.utils.cpu_count()}"
21 | #
22 | # The second option controls how many processes make should run in parallel
23 | # when running compile tasks:
24 | # Default to setting automatically based on cpu count
25 | PARALLEL_MAKE ?= "-j ${@oe.utils.cpu_count()}"
26 |
27 | #
28 | # Shared-state files from other locations
29 | #
30 | # Shared state files are prebuilt cache data objects which can
31 | # used to accelerate build time. This variable can be used to configure the
32 | # system to search other mirror locations for these objects before it builds
33 | # the data itself.
34 | #
35 | # This can be a filesystem directory, or a remote url such as http or ftp.
36 | # These would contain the sstate-cache results from previous builds (possibly
37 | # from other machines). This variable works like fetcher MIRRORS/PREMIRRORS
38 | # and points to the cache locations to check for the shared objects.
39 | #SSTATE_MIRRORS ?= "\
40 | #file://.* https://storage.googleapis.com/lmp-cache/sstate-cache/PATH \n \
41 | #"
42 |
43 | # enable PR service on build machine itself
44 | # its good for a case when this is the only builder
45 | # generating the feeds
46 | #PRSERV_HOST = "localhost:0"
47 |
48 | #
49 | # Default kernel provider
50 | #
51 | # The default kernel provider in the Linux microPlatform is 'linux-lmp', but
52 | # if you wish to use the kernel provided by the board BSP layer, or your own
53 | # kernel, replace the line below with the recipe name used by the desired
54 | # kernel provider.
55 | PREFERRED_PROVIDER_virtual/kernel ?= "linux-lmp"
56 |
57 | # By default LmP kernel is configured to load only signed modules.
58 | # The default key provided should only be used for development purposes.
59 | # To create a custom signing key, follow the instructions on kernel documentation.
60 | MODSIGN_KEY_DIR ?= "${TOPDIR}/conf/keys"
61 | MODSIGN_KEY_DIR[vardepsexclude] += "TOPDIR"
62 |
63 | #
64 | # SPL / U-Boot proper signing support
65 | #
66 | # Supported key type: RSA 2048
67 | UBOOT_SPL_SIGN_KEYNAME ?= "spldev"
68 | #
69 | # U-Boot / fitImage signing support
70 | #
71 | # Supported key type: RSA 2048
72 | UBOOT_SIGN_KEYDIR ??= "${TOPDIR}/conf/keys"
73 | UBOOT_SIGN_KEYDIR[vardepsexclude] += "TOPDIR"
74 | UBOOT_SIGN_KEYNAME ?= "ubootdev"
75 | #UBOOT_SIGN_ENABLE ?= "1"
76 |
77 | #
78 | # OP-TEE: Custom TA signing key
79 | #
80 | # By default OP-TEE uses a development tree available as part of the git
81 | # repository, which should only be used for development purposes. To use a
82 | # custom signing key just generate a custom RSA 2048 key (PEM format) and
83 | # set via the OPTEE_TA_SIGN_KEY variable.
84 | OPTEE_TA_SIGN_KEY ??= "${TOPDIR}/conf/keys/opteedev.key"
85 | OPTEE_TA_SIGN_KEY[vardepsexclude] += "TOPDIR"
86 |
87 | #
88 | # TF-A Trusted Boot
89 | #
90 | # Supported key type: ECDSA (prime256v1)
91 | TF_A_SIGN_KEY_PATH ??= "${TOPDIR}/conf/keys/tf-a/privkey_ec_prime256v1.pem"
92 | TF_A_SIGN_KEY_PATH[vardepsexclude] += "TOPDIR"
93 | #TF_A_SIGN_ENABLE ?= "1"
94 |
95 | #
96 | # UEFI Secure Boot
97 | #
98 | # Folder for UEFI keys and certificates
99 | UEFI_SIGN_KEYDIR ??= "${TOPDIR}/conf/keys/uefi"
100 | UEFI_SIGN_KEYDIR[vardepsexclude] += "TOPDIR"
101 | #UEFI_SIGN_ENABLE ?= "1"
102 |
103 | #
104 | # STM32CubeProgrammer STM32MP Signing Tool configuration
105 | #
106 | #STM32_ROT_SIGN_ENABLE ??= "1"
107 | #STM32_CUBE_PATH ??= "/usr/local/STMicroelectronics/STM32Cube/STM32CubeProgrammer"
108 | STM32_ROT_KEY_PATH ??= "${TOPDIR}/../tools/lmp-tools/security/stm32mp1/"
109 | STM32_ROT_KEY_PATH[vardepsexclude] += "TOPDIR"
110 | STM32_ROT_KEY_PASSWORD ??= "foundries"
111 |
112 | #
113 | # ComposeFS signatures
114 | #
115 | CFS_SIGN_KEYDIR ??= "${TOPDIR}/conf/keys/cfs"
116 | CFS_SIGN_KEYNAME ?= "cfs-dev"
117 | CFS_SIGN_KEYDIR[vardepsexclude] += "TOPDIR"
118 |
119 | #
120 | # Arduino
121 | #
122 | # Extend non-clangable.inc
123 | TOOLCHAIN:pn-imx-vpu-hantro = "gcc"
124 | TOOLCHAIN:pn-bayer2rgb = "gcc"
125 | TOOLCHAIN:pn-gstreamer1.0-bayer2rgb-neon = "gcc"
126 |
--------------------------------------------------------------------------------
/Dockerfile:
--------------------------------------------------------------------------------
1 | # Build container tools
2 | FROM ubuntu:20.04 AS container-tools
3 | ARG DEBIAN_FRONTEND=noninteractive
4 |
5 | RUN apt-get update && apt-get install -y wget git make \
6 | libgpgme-dev libassuan-dev libbtrfs-dev libdevmapper-dev pkg-config \
7 | file
8 |
9 | # Detect host architecture
10 | RUN file /bin/bash | grep -q x86-64 && echo amd64 > /tmp/arch || true
11 | RUN file /bin/bash | grep -q aarch64 && echo arm64 > /tmp/arch || true
12 |
13 | RUN wget -P /tmp https://go.dev/dl/go1.18.linux-$(cat /tmp/arch).tar.gz && \
14 | tar -C /usr/local -xzf /tmp/go1.18.linux-$(cat /tmp/arch).tar.gz
15 | ENV PATH /usr/local/go/bin:$PATH
16 |
17 | # Build skopeo
18 | RUN git clone https://github.com/containers/skopeo.git /skopeo && \
19 | cd /skopeo && git checkout -q v1.8.0 && \
20 | GO_DYN_FLAGS= CGO_ENABLED=0 BUILDTAGS=containers_image_openpgp DISABLE_DOCS=1 make
21 |
22 | # Build ostreeuploader, aka fiopush/fiocheck
23 | FROM ubuntu:20.04 AS fiotools
24 | RUN apt-get update
25 | RUN apt-get install -y wget git gcc make file
26 |
27 | # Detect host architecture
28 | RUN file /bin/bash | grep -q x86-64 && echo amd64 > /tmp/arch || true
29 | RUN file /bin/bash | grep -q aarch64 && echo arm64 > /tmp/arch || true
30 |
31 | RUN wget -P /tmp https://go.dev/dl/go1.19.9.linux-$(cat /tmp/arch).tar.gz && \
32 | tar -C /usr/local -xzf /tmp/go1.19.9.linux-$(cat /tmp/arch).tar.gz
33 | ENV PATH /usr/local/go/bin:$PATH
34 |
35 | RUN git clone https://github.com/foundriesio/ostreeuploader.git /ostreeuploader && \
36 | cd /ostreeuploader && git checkout -q 2024.10.3 && \
37 | cd /ostreeuploader && make
38 |
39 |
40 | FROM ubuntu:20.04
41 |
42 | # bitbake requires a utf8 filesystem encoding
43 | ENV LANG en_US.UTF-8
44 | ENV LANGUAGE en_US:en
45 | ENV LC_ALL en_US.UTF-8
46 |
47 | ARG DEBIAN_FRONTEND=noninteractive
48 | ARG DEV_USER_NAME=Builder
49 | ARG DEV_USER=builder
50 | ARG DEV_USER_PASSWD=builder
51 |
52 | # FIO PPA for additional dependencies and newer packages
53 | RUN apt-get update \
54 | && apt-get install -y --no-install-recommends \
55 | software-properties-common \
56 | && add-apt-repository ppa:fio-maintainers/ppa \
57 | && apt-get clean \
58 | && rm -rf /var/lib/apt/lists/*
59 |
60 | RUN apt-get update \
61 | && apt-get install -y --no-install-recommends \
62 | android-sdk-libsparse-utils android-sdk-ext4-utils ca-certificates \
63 | chrpath cpio diffstat file gawk g++ iproute2 iputils-ping less libgcc1 libmagickwand-dev \
64 | libmath-prime-util-perl libsdl1.2-dev libssl-dev locales \
65 | openjdk-11-jre openssh-client perl-modules python3 python3-requests \
66 | make patch repo sudo texinfo vim-tiny wget whiptail libelf-dev git-lfs screen \
67 | socket corkscrew curl xz-utils tcl libtinfo5 device-tree-compiler python3-pip python3-dev \
68 | tmux libncurses-dev vim zstd lz4 liblz4-tool libc6-dev \
69 | awscli docker-compose gosu xvfb python3-cairo python3-gi-cairo yaru-theme-icon tree rsync \
70 | && ln -s /usr/bin/python3 /usr/bin/python \
71 | && pip3 --no-cache-dir install expandvars jsonFormatter \
72 | && apt-get autoremove -y \
73 | && apt-get clean \
74 | && rm -rf /var/lib/apt/lists/* \
75 | && locale-gen en_US.UTF-8
76 |
77 | # Create the user which will run the SDK binaries.
78 | RUN useradd -c $DEV_USER_NAME \
79 | -d /home/$DEV_USER \
80 | -G sudo,dialout,floppy,plugdev,users \
81 | -m \
82 | -s /bin/bash \
83 | $DEV_USER
84 |
85 | # Add entrypoint to run gosu
86 | COPY entrypoint /
87 | ENTRYPOINT ["/entrypoint"]
88 |
89 | # Add default password for the SDK user (useful with sudo)
90 | # and replace entrypoint with dev user name
91 | RUN echo $DEV_USER:$DEV_USER_PASSWD | chpasswd && \
92 | sed "s/@@DOCKER_USER@@/$DEV_USER/g" -i /entrypoint
93 |
94 | # Initialize development environment for $DEV_USER.
95 | RUN sudo -u $DEV_USER -H git config --global credential.helper 'cache --timeout=3600'
96 |
97 | # Install ostreeuploader, aka fiopush/fiocheck
98 | COPY --from=fiotools /ostreeuploader/bin/fiopush /usr/bin/
99 | COPY --from=fiotools /ostreeuploader/bin/fiocheck /usr/bin/
100 | ENV FIO_PUSH_CMD /usr/bin/fiopush
101 | ENV FIO_CHECK_CMD /usr/bin/fiocheck
102 |
103 | # Install skopeo
104 | COPY --from=container-tools /skopeo/bin/skopeo /usr/bin
105 |
106 | # Install docker CLI, v20.10.14, required by the oe-builtin App preload
107 | RUN mkdir -p /etc/apt/keyrings \
108 | && curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg \
109 | && echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null \
110 | && apt-get update && apt-get install -y docker-ce-cli=5:20.10.14~3-0~ubuntu-focal \
111 | && apt-get clean && rm -rf /var/lib/apt/lists/*
112 |
113 | # Install docker compose CLI plugin, v2.6.0, required by the oe-builtin App preload, `docker compose config`
114 | RUN mkdir -p /usr/lib/docker/cli-plugins \
115 | && wget https://github.com/docker/compose/releases/download/v2.6.0/docker-compose-linux-x86_64 -O /usr/lib/docker/cli-plugins/docker-compose \
116 | && chmod +x /usr/lib/docker/cli-plugins/docker-compose
117 |
--------------------------------------------------------------------------------
/.github/workflows/foundries-prerelease.yml:
--------------------------------------------------------------------------------
1 | on:
2 | workflow_call:
3 | inputs:
4 | factory:
5 | description: "Factory name"
6 | type: string
7 | default: 'arduino'
8 | branch:
9 | description: "Branch name"
10 | type: string
11 | default: 'main'
12 | target-version:
13 | description: "Target version"
14 | type: string
15 | board:
16 | description: "Board name"
17 | type: string
18 | default: 'portentax8'
19 | environment:
20 | description: "Environment name"
21 | type: string
22 | default: 'production'
23 | artifacts:
24 | description: "A comma-separated list of artifact names"
25 | type: string
26 | slack-message:
27 | description: "Slack message text"
28 | type: string
29 | permissions:
30 | contents: read # Required to checkout repository.
31 | id-token: write # Required to access OIDC token.
32 | env:
33 | DOMAIN: '{"staging": "oniudra", "production": "arduino"}'
34 | BOARDS: '{"portentax8": "portenta-x8"}'
35 | jobs:
36 | Deploy:
37 | runs-on: ubuntu-latest
38 | environment: ${{ inputs.environment }}
39 | steps:
40 | - name: Checkout repository
41 | uses: actions/checkout@v4
42 |
43 | - name: Install Fioctl
44 | run: |
45 | curl -o /usr/local/bin/fioctl -LO https://github.com/foundriesio/fioctl/releases/download/v0.44/fioctl-linux-amd64
46 | chmod +x /usr/local/bin/fioctl
47 |
48 | - name: Configure Login to FoundriesFactory
49 | run: |
50 | printf "clientcredentials:\n client_id: %s\n client_secret: %s" "${{ secrets.FOUNDRIES_CLIENT_ID }}" "${{ secrets.FOUNDRIES_CLIENT_SECRET }}" > $HOME/.config/fioctl.yaml
51 |
52 | - name: Get commit reason
53 | id: get-reason
54 | run: |
55 | REASON=$(fioctl http get https://api.foundries.io/projects/$FACTORY/lmp/builds/$TARGET/ | jq -r '.data.build.reason' | tail -n +7)
56 | echo "text=$REASON" >> $GITHUB_OUTPUT
57 | env:
58 | TARGET: ${{ inputs.target-version }}
59 | FACTORY: ${{ inputs.factory }}
60 |
61 | - name: Download Offline Update and TUF root keys
62 | id: download-offline-update
63 | run: |
64 | fioctl targets offline-update ${{ fromJSON(env.BOARDS)[inputs.board] }}-lmp-$TARGET offline-updates --tag $BRANCH --factory $FACTORY
65 | curl -H "osf-token: ${{ secrets.FOUNDRIES_TOKEN }}" "https://api.foundries.io/ota/repo/$FACTORY/api/v1/user_repo/1.root.json" > offline-updates/tuf/1.root.json
66 | curl -H "osf-token: ${{ secrets.FOUNDRIES_TOKEN }}" "https://api.foundries.io/ota/repo/$FACTORY/api/v1/user_repo/2.root.json" > offline-updates/tuf/2.root.json
67 | tar zcf offline-update-$TARGET.tar.gz offline-updates
68 | MD5SUM=($(md5sum offline-update-$TARGET.tar.gz))
69 | echo "md5sum=$MD5SUM" >> $GITHUB_OUTPUT
70 | env:
71 | TARGET: ${{ inputs.target-version }}
72 | BRANCH: ${{ inputs.branch }}
73 | FACTORY: ${{ inputs.factory }}
74 |
75 | - name: Authenticate AWS
76 | uses: aws-actions/configure-aws-credentials@v4
77 | with:
78 | aws-region: 'us-east-1'
79 | role-to-assume: ${{ secrets.AWS_IAM_ROLE }}
80 | role-session-name: GHA_FoundriesRelease_via_FederatedOIDC
81 | mask-aws-account-id: true
82 |
83 | - name: Get info.json
84 | run: |
85 | aws s3 cp s3://${{ secrets.S3_BUCKET }}/$PREFIX/info.json .
86 | env:
87 | PREFIX: ${{ inputs.board}}image
88 |
89 | - name: Update info.json
90 | run: |
91 | jq --arg target "$TARGET" '.latest.version |= $target' info.json > info.json.tmp && mv info.json.tmp info.json
92 | jq --arg url "$URL" '.latest.url |= $url' info.json > info.json.tmp && mv info.json.tmp info.json
93 | jq --arg md5sum "$MD5SUM" '.latest.md5sum |= $md5sum' info.json > info.json.tmp && mv info.json.tmp info.json
94 | jq --arg changelog "$CHANGELOG" '.latest.changelog |= $changelog' info.json > info.json.tmp && mv info.json.tmp info.json
95 | env:
96 | TARGET: ${{ inputs.target-version }}
97 | URL: https://downloads.${{ fromJSON(env.DOMAIN)[inputs.environment] }}.cc/${{ inputs.board}}image/offline-update-${{ inputs.target-version }}.tar.gz
98 | MD5SUM: ${{ steps.download-offline-update.outputs.md5sum }}
99 | CHANGELOG: ${{ steps.get-reason.outputs.text }}
100 |
101 | - name: Download artifacts
102 | run: |
103 | [ ! -d ${TARGET} ] && mkdir ${TARGET}
104 | cd ${TARGET}
105 | for ARTIFACT in $(echo ${{ inputs.artifacts }} | tr ',' '\n')
106 | do
107 | echo ${BASE_URL}/${ARTIFACT}
108 | curl -H "OSF-TOKEN: ${{ secrets.FOUNDRIES_TOKEN }}" -fLO ${BASE_URL}/${ARTIFACT}
109 | done
110 | cd ../
111 | tar zcvf $TARGET.tar.gz $TARGET
112 | env:
113 | TARGET: ${{ inputs.target-version }}
114 | BASE_URL: https://ci.foundries.io/projects/${{ inputs.factory }}/lmp/builds/${{ inputs.target-version }}
115 |
116 | - name: Upload "pre-release" artifacts
117 | run: |
118 | aws s3 cp info.json s3://${{ secrets.S3_BUCKET }}/$PREFIX/info-pre.json
119 | aws s3 cp offline-update-$TARGET.tar.gz s3://${{ secrets.S3_BUCKET }}/$PREFIX/
120 | aws s3 cp $TARGET.tar.gz s3://${{ secrets.S3_BUCKET }}/$PREFIX/
121 | env:
122 | TARGET: ${{ inputs.target-version }}
123 | PREFIX: ${{ inputs.board}}image
124 |
125 | - name: Send message to Slack
126 | uses: archive/github-actions-slack@v2.0.0
127 | id: notify
128 | with:
129 | slack-bot-user-oauth-access-token: ${{ secrets.SLACK_BOT_USER_OAUTH_ACCESS_TOKEN }}
130 | slack-channel: ${{ secrets.SLACK_CHANNEL }}
131 | slack-text: "${{ inputs.slack-message }}:\n${{ steps.get-reason.outputs.text }}"
132 | slack-optional-icon_emoji: ":bookmark:"
133 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | Arduino Linux microPlatform Manifest
2 | ============================
3 |
4 | Instructions for local builds (Arduino)
5 | ---------------------------------------
6 |
7 | Supported **MACHINE** targets (tested by Arduino):
8 |
9 | * portenta-x8 (Standard targets compatible with all carrier boards)
10 | * portenta-x8-ebbr (Arm SystemReady IR targets)
11 | * portenta-x8-preempt-rt (Preempt-rt patch targets) !!_**work in progress**_!!
12 |
13 | ```
14 | repo init -u https://github.com/arduino/lmp-manifest.git -m arduino.xml -b release
15 | repo sync
16 |
17 | DISTRO=lmp-xwayland MACHINE=portenta-x8 . setup-environment
18 | echo "ACCEPT_FSL_EULA = \"1\"" >> conf/local.conf
19 | bitbake lmp-devel-arduino-image
20 |
21 | DISTRO=lmp-mfgtool MACHINE=portenta-x8 . setup-environment
22 | echo "ACCEPT_FSL_EULA = \"1\"" >> conf/local.conf
23 | echo "MFGTOOL_FLASH_IMAGE = \"lmp-devel-arduino-image\"" >> conf/local.conf
24 | bitbake mfgtool-files
25 | ```
26 |
27 | alternatively you can build a devel image that for now doesn't have wayland support.
28 | This is currently our way to go for debugging kernel related issues and uses DISTRO lmp-base
29 | which doesn't include all the security features such as ostree, op-tee and sota that aren't
30 | strictly needed in this scenario
31 |
32 | ```
33 | DISTRO=lmp-base MACHINE=portenta-x8 . setup-environment
34 | echo "ACCEPT_FSL_EULA = \"1\"" >> conf/local.conf
35 | bitbake lmp-devel-arduino-image
36 | ```
37 |
38 | **Note**: To reduce bitbake parallelism (because you may want to use your computer while performing an image build) edit `conf/local.conf`:
39 | ```diff
40 | +BB_NUMBER_PARSE_THREADS = "4"
41 | +BB_NUMBER_THREADS = "4"
42 | +PARALLEL_MAKE = "-j 4"
43 | ```
44 |
45 | Instructions for local builds (Foundries.io)
46 | --------------------------------------------
47 |
48 | Foundries.io Linux microPlatform manifest.
49 |
50 | This directory contains a Repo manifest and setup scripts for the
51 | Linux microPlatform (LmP) build system. If you want to modify, extend or port
52 | the LmP to a new hardware platform, this is the manifest repository to use.
53 |
54 | The build system uses various components from the Yocto Project, most
55 | importantly the OpenEmbedded build system, the bitbake task executor, and
56 | various application and BSP layers.
57 |
58 | To configure the scripts and download the build metadata, do:
59 |
60 | ```
61 | mkdir ~/bin
62 | PATH=~/bin:$PATH
63 |
64 | curl http://commondatastorage.googleapis.com/git-repo-downloads/repo > ~/bin/repo
65 | chmod a+x ~/bin/repo
66 | ```
67 |
68 | Run `repo init` to bring down the latest stable version of Repo. You must
69 | specify a URL for the manifest, which specifies the various repositories that
70 | will be placed within your working directory.
71 |
72 | To check out the latest LmP subscriber continuous release:
73 |
74 | ```
75 | repo init -u https://github.com/foundriesio/lmp-manifest
76 | ```
77 |
78 | A successful initialization will end with a message stating that Repo
79 | is initialized in your working directory. Your client directory should
80 | now contain a `.repo/` directory where files such as the manifest will be kept.
81 |
82 | To pull down the metadata sources to your working directory from the
83 | repositories as specified in the LmP manifest, run:
84 |
85 | ```
86 | repo sync
87 | ```
88 |
89 | When downloading from behind a proxy (which is common in some
90 | corporate environments), it might be necessary to explicitly specify the proxy
91 | that is then used by repo:
92 |
93 | ```
94 | export HTTP_PROXY=http://:@:
95 | export HTTPS_PROXY=http://:@:
96 | ```
97 |
98 | More rarely, Linux clients experience connectivity issues, getting stuck in the
99 | middle of downloads (typically during "Receiving objects"). Tweaking the
100 | settings of the TCP/IP stack and using non-parallel commands can improve the
101 | situation. You need root access to modify the TCP setting:
102 |
103 | ```
104 | sudo sysctl -w net.ipv4.tcp_window_scaling=0
105 | repo sync -j1
106 | ```
107 |
108 | Setup Environment
109 | -----------------
110 |
111 | Supported **MACHINE** targets (officially tested by Foundries):
112 |
113 | * intel-corei7-64
114 | * am62xx-evm
115 | * am64xx-evm
116 | * beaglebone-yocto
117 | * generic-arm64
118 | * imx6ullevk
119 | * imx6ullevk-sec
120 | * imx8mm-lpddr4-evk
121 | * imx8mm-lpddr4-evk-sec
122 | * imx8mp-lpddr4-evk
123 | * imx8mp-lpddr4-evk-sec
124 | * imx8mn-ddr4-evk
125 | * imx8mn-ddr4-evk-sec
126 | * imx8mn-lpddr4-evk
127 | * imx8mn-lpddr4-evk-sec
128 | * imx8mq-evk
129 | * imx8ulp-lpddr4-evk
130 | * imx93-11x11-lpddr4x-evk
131 | * jetson-agx-orin-devkit
132 | * jetson-agx-xavier-devkit
133 | * qemuarm64-secureboot
134 | * raspberrypi4-64
135 | * stm32mp15-disco
136 | * stm32mp15-eval
137 | * stm32mp15-eval-sec
138 | * kv260
139 | * vck190-versal
140 |
141 | Supported image targets:
142 |
143 | * lmp-mini-image - minimal OSTree + OTA capable image
144 | * lmp-base-console-image - mini-image + Docker container runtime
145 | * lmp-gateway-image - base-console-image + edge gateway related utilities
146 | * lmp-factory-image - default (and only available) for a FoundriesFactory
147 | * mfgtool-files - (**only for DISTRO=lmp-mfgtool**) image flasher via
148 | USB SDP/FastBoot for i.MX-based machines
149 |
150 | The default distribution (DISTRO) variable is automatically set to `lmp`,
151 | which is provided by the `meta-lmp` layer.
152 |
153 | Setup the work environment by using the `setup-environment` script:
154 |
155 | ```
156 | [MACHINE=] source setup-environment [BUILDDIR]
157 | ```
158 |
159 | If **MACHINE** is not provided, the script will list all possible machines and
160 | force one to be selected.
161 |
162 | To build the LmP base console image:
163 |
164 | ```
165 | bitbake lmp-base-console-image
166 | ```
167 |
168 | Issues and Support
169 | ------------------
170 |
171 | Please report any bugs, issues or suggestions at .
172 |
--------------------------------------------------------------------------------
/setup-environment-internal:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | # -*- mode: shell-script-mode; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
3 | #
4 | # Copyright (C) 2012-13 O.S. Systems Software LTDA.
5 | # Copyright (C) 2017-2018 Foundries.io
6 | # Authored-by: Otavio Salvador
7 | # Adopted to Angstrom: Khem Raj
8 | #
9 | # This program is free software; you can redistribute it and/or modify
10 | # it under the terms of the GNU General Public License version 2 as
11 | # published by the Free Software Foundation.
12 | #
13 | # This program is distributed in the hope that it will be useful,
14 | # but WITHOUT ANY WARRANTY; without even the implied warranty of
15 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 | # GNU General Public License for more details.
17 | #
18 | # You should have received a copy of the GNU General Public License along
19 | # with this program; if not, write to the Free Software Foundation, Inc.,
20 | # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
21 | #
22 | env_cleanup() {
23 | unset MACHINETABLE MACHLAYERS DISTRO_DIRNAME OEROOT
24 | unset ITEM MANIFESTS EULA EULA_MACHINE REPLY READ_EULA
25 | unset usage oldmach
26 |
27 | if [ -n "$BUILDDIR" ]; then
28 | export BUILDDIR
29 | fi
30 | }
31 | trap env_cleanup RETURN
32 |
33 | if [ "$(whoami)" = "root" ]; then
34 | echo "ERROR: do not build LMP as root. Exiting..."
35 | return
36 | fi
37 |
38 | OEROOT=$(readlink -f $(pwd))
39 | cd "$OEROOT"
40 | if [ -n "$ZSH_VERSION" ]; then
41 | setopt sh_word_split
42 | setopt clobber
43 | elif [ -n "$BASH_VERSION" ]; then
44 | set +o noclobber
45 | fi
46 |
47 | # Set default distro to Linux microPlatform
48 | DISTRO="${DISTRO-lmp}"
49 |
50 | usage () {
51 | cat <] source ${BASH_SOURCE[0]} [BUILDDIR]
54 |
55 | If no MACHINE is set, list all possible machines, and ask user to choose.
56 | If no BUILDIR is set, it will be set to build-$DISTRO.
57 |
58 | EOF
59 | }
60 |
61 | if [ $# -gt 1 ]; then
62 | usage
63 | return 1
64 | fi
65 |
66 | # Create a common list of "()", sorted by
67 | # Blacklist OE-core and meta-linaro, we only want BSP layers
68 | MACHLAYERS=$(find layers -print | grep "conf/machine/.*\.conf" |
69 | grep -v scripts | grep -v openembedded-core | grep -v meta-linaro |
70 | sed -e 's/\.conf//g' -e 's/layers\///' |
71 | awk -F'/conf/machine/' '{print $NF "(" $1 ")"}' | LANG=C sort)
72 |
73 | if [ -z "${MACHINE}" ]; then
74 | # whiptail
75 | which whiptail > /dev/null 2>&1
76 | if [ $? -eq 0 ]; then
77 | MACHINETABLE=
78 | for ITEM in $MACHLAYERS; do
79 | MACHINETABLE="${MACHINETABLE} $(echo "$ITEM" | cut -d'(' -f1) \
80 | $(echo "$ITEM" | cut -d'(' -f2 | cut -d')' -f1)"
81 | done
82 | MACHINE=$(whiptail --title "Available Machines" --menu \
83 | "Please choose a machine" 0 0 20 \
84 | ${MACHINETABLE} 3>&1 1>&2 2>&3)
85 | fi
86 |
87 | # dialog
88 | if [ -z "$MACHINE" ]; then
89 | which dialog > /dev/null 2>&1
90 | if [ $? -eq 0 ]; then
91 | MACHINETABLE=
92 | for ITEM in $MACHLAYERS; do
93 | MACHINETABLE="$MACHINETABLE $(echo "$ITEM" | cut -d'(' -f1) \
94 | $(echo "$ITEM" | cut -d'(' -f2 | cut -d')' -f1)"
95 | done
96 | MACHINE=$(dialog --title "Available Machines" --menu \
97 | "Please choose a machine" 0 0 20 $MACHINETABLE \
98 | 3>&1 1>&2 2>&3)
99 | fi
100 | fi
101 | fi
102 |
103 | # guard against Ctrl-D or cancel
104 | if [ -z "$MACHINE" ]; then
105 | echo "To choose a machine interactively please install whiptail or dialog."
106 | echo "To choose a machine non-interactively please use the following:"
107 | echo " MACHINE= . ./setup-environment"
108 | echo ""
109 | echo "Press to see a list of your choices"
110 | read -r
111 | echo "$MACHLAYERS" | sed -e 's/(/ (/g' | sed -e 's/)/)\n/g' |
112 | sed -e 's/^ */\t/g'
113 | return
114 | fi
115 |
116 | if [ -z "${SDKMACHINE}" ]; then
117 | SDKMACHINE='x86_64'
118 | fi
119 |
120 | MANIFESTS="${OEROOT}"/.repo/manifests
121 |
122 | # We can be called with only 1 parameter max (build folder)
123 | BUILDDIR=build-$DISTRO
124 | if [ $# -eq 1 ]; then
125 | BUILDDIR=$1
126 | fi
127 | BUILDDIR=$OEROOT/$BUILDDIR
128 |
129 | # Clean up PATH, because if it includes tokens to current directories somehow,
130 | # wrong binaries can be used instead of the expected ones during task execution
131 | export PATH=$(echo "${PATH}" | sed 's/\(:.\|:\)*:/:/g;s/^.\?://;s/:.\?$//')
132 | export PATH="${OEROOT}/bitbake/bin:${OEROOT}/.repo/repo:${PATH}"
133 | export PATH="${OEROOT}/layers/openembedded-core/scripts:${PATH}"
134 | # Remove duplicate path entries
135 | export PATH=$(echo "$PATH" |
136 | awk -F: '{for (i=1;i<=NF;i++) { if ( !x[$i]++ ) printf("%s:",$i); }}' |
137 | sed 's/:$//')
138 | # Make sure Bitbake doesn't filter out the following variables from our env
139 | export BB_ENV_PASSTHROUGH_ADDITIONS="MACHINE DISTRO TCLIBC TCMODE GIT_PROXY_COMMAND \
140 | http_proxy ftp_proxy https_proxy all_proxy ALL_PROXY no_proxy \
141 | SSH_AGENT_PID SSH_AUTH_SOCK BB_SRCREV_POLICY SDKMACHINE \
142 | BB_NUMBER_THREADS BB_LOGCONFIG BB_CONSOLELOG"
143 |
144 | mkdir -p "${BUILDDIR}"/conf && cd "${BUILDDIR}"
145 | if [ -f "conf/auto.conf" ]; then
146 | oldmach=$(grep -E "^MACHINE" "conf/auto.conf" |
147 | sed -e 's%^MACHINE ?= %%' | sed -e 's/^"//' -e 's/"$//')
148 | fi
149 |
150 | if [ -e conf/checksum ] && [ "${MACHINE}" = "$oldmach" ]; then
151 | sha512sum --quiet -c conf/checksum > /dev/null 2>&1
152 | if [ $? -eq 0 ]; then
153 | return
154 | fi
155 | fi
156 |
157 | # Evaluate new checksum and regenerate the conf files
158 | sha512sum "${MANIFESTS}"/setup-environment-internal 2>&1 > conf/checksum
159 |
160 | if [ ! -f "conf/local.conf" ]; then
161 | cp "${MANIFESTS}"/conf/local.conf conf/local.conf
162 | fi
163 |
164 | # Copy default development keys if not set by the user
165 | if [ -d "${MANIFESTS}"/conf/keys ]; then
166 | mkdir -p conf/keys
167 | if [ ! -f "conf/keys/dev.key" ] && [ ! -f "conf/keys/dev.crt" ]; then
168 | ln -sf "${MANIFESTS}"/conf/keys/dev.key conf/keys/dev.key
169 | ln -sf "${MANIFESTS}"/conf/keys/dev.crt conf/keys/dev.crt
170 | fi
171 | # Copy default SPL development keys if not set by the user
172 | if [ ! -f "conf/keys/spldev.key" ] && [ ! -f "conf/keys/spldev.crt" ]; then
173 | ln -sf "${MANIFESTS}"/conf/keys/spldev.key conf/keys/spldev.key
174 | ln -sf "${MANIFESTS}"/conf/keys/spldev.crt conf/keys/spldev.crt
175 | fi
176 | # Copy default u-boot development keys if not set by the user
177 | if [ ! -f "conf/keys/ubootdev.key" ] && [ ! -f "conf/keys/ubootdev.crt" ]; then
178 | ln -sf "${MANIFESTS}"/conf/keys/ubootdev.key conf/keys/ubootdev.key
179 | ln -sf "${MANIFESTS}"/conf/keys/ubootdev.crt conf/keys/ubootdev.crt
180 | fi
181 | # Copy default optee development keys if not set by the user
182 | if [ ! -f "conf/keys/opteedev.key" ] && [ ! -f "conf/keys/opteedev.crt" ]; then
183 | ln -sf "${MANIFESTS}"/conf/keys/opteedev.key conf/keys/opteedev.key
184 | ln -sf "${MANIFESTS}"/conf/keys/opteedev.crt conf/keys/opteedev.crt
185 | fi
186 | # Copy default module kernel development keys if not set by the user
187 | if [ ! -f "conf/keys/privkey_modsign.pem" ] && [ ! -f "conf/keys/x509_modsign.crt" ]; then
188 | ln -sf "${MANIFESTS}"/conf/keys/privkey_modsign.pem conf/keys/privkey_modsign.pem
189 | ln -sf "${MANIFESTS}"/conf/keys/x509_modsign.crt conf/keys/x509_modsign.crt
190 | fi
191 | # Link default TF-A development keys if not set by the user
192 | if [ ! -d "conf/keys/tf-a" ]; then
193 | ln -sf "${MANIFESTS}"/conf/keys/tf-a conf/keys/tf-a
194 | fi
195 | # Link default UEFI development keys and certificates if not set by the user
196 | if [ ! -d "conf/keys/uefi" ]; then
197 | ln -sf "${MANIFESTS}"/conf/keys/uefi conf/keys/uefi
198 | fi
199 | # Link default TI K3 RoT keys if not set by the user
200 | if [ ! -d "conf/keys/platform" ]; then
201 | ln -sf "${MANIFESTS}"/conf/keys/platform conf/keys/platform
202 | fi
203 | # Link Composefs keys
204 | if [ ! -d "conf/keys/cfs" ]; then
205 | ln -sf "${MANIFESTS}"/conf/keys/cfs conf/keys/cfs
206 | fi
207 | fi
208 |
209 | # Factory specific keys (unique per factory)
210 | if [ -d "${MANIFESTS}"/factory-keys ]; then
211 | mkdir -p conf/factory-keys
212 | # Copy default factory SPL development keys if not set by the user
213 | if [ ! -f "conf/factory-keys/spldev.key" ] && [ ! -f "conf/factory-keys/spldev.crt" ]; then
214 | ln -sf "${MANIFESTS}"/factory-keys/spldev.key conf/factory-keys/spldev.key
215 | ln -sf "${MANIFESTS}"/factory-keys/spldev.crt conf/factory-keys/spldev.crt
216 | fi
217 | # Copy default factory u-boot development keys if not set by the user
218 | if [ ! -f "conf/factory-keys/ubootdev.key" ] && [ ! -f "conf/factory-keys/ubootdev.crt" ]; then
219 | ln -sf "${MANIFESTS}"/factory-keys/ubootdev.key conf/factory-keys/ubootdev.key
220 | ln -sf "${MANIFESTS}"/factory-keys/ubootdev.crt conf/factory-keys/ubootdev.crt
221 | fi
222 | # Copy default factory optee development keys if not set by the user
223 | if [ ! -f "conf/factory-keys/opteedev.key" ] && [ ! -f "conf/factory-keys/opteedev.crt" ]; then
224 | ln -sf "${MANIFESTS}"/factory-keys/opteedev.key conf/factory-keys/opteedev.key
225 | ln -sf "${MANIFESTS}"/factory-keys/opteedev.crt conf/factory-keys/opteedev.crt
226 | fi
227 | # Copy default factory module kernel development keys if not set by the user
228 | if [ ! -f "conf/factory-keys/privkey_modsign.pem" ] && [ ! -f "conf/factory-keys/x509_modsign.crt" ]; then
229 | ln -sf "${MANIFESTS}"/factory-keys/privkey_modsign.pem conf/factory-keys/privkey_modsign.pem
230 | ln -sf "${MANIFESTS}"/factory-keys/x509_modsign.crt conf/factory-keys/x509_modsign.crt
231 | fi
232 | # Link custom TF-A development keys set by the user
233 | if [ -d "${MANIFESTS}"/factory-keys/tf-a ] && [ ! -d "conf/factory-keys/tf-a" ]; then
234 | ln -sf "${MANIFESTS}"/factory-keys/tf-a conf/factory-keys/tf-a
235 | fi
236 | # Link custom UEFI development keys and certificates set by the user
237 | if [ -d "${MANIFESTS}"/factory-keys/uefi ] && [ ! -d "conf/factory-keys/uefi" ]; then
238 | ln -sf "${MANIFESTS}"/factory-keys/uefi conf/factory-keys/uefi
239 | fi
240 | # Link default TI K3 RoT keys if not set by the user
241 | if [ -d "${MANIFESTS}"/factory-keys/platform ] && [ ! -d "conf/factory-keys/platform" ]; then
242 | ln -sf "${MANIFESTS}"/factory-keys/platform conf/factory-keys/platform
243 | fi
244 | # Link Composefs keys if not set by the user
245 | if [ -d "${MANIFESTS}"/factory-keys/cfs ] && [ ! -d "conf/factory-keys/cfs" ]; then
246 | ln -sf "${MANIFESTS}"/factory-keys/cfs conf/factory-keys/cfs
247 | fi
248 | fi
249 |
250 | ln -sf "${MANIFESTS}"/conf/bblayers.conf conf/bblayers.conf
251 | ln -sf "${MANIFESTS}"/conf/bblayers-base.inc conf/bblayers-base.inc
252 | ln -sf "${MANIFESTS}"/conf/bblayers-bsp.inc conf/bblayers-bsp.inc
253 | if [ -f "${MANIFESTS}"/conf/bblayers-factory.inc ]; then
254 | ln -sf "${MANIFESTS}"/conf/bblayers-factory.inc conf/bblayers-factory.inc
255 | fi
256 | if [ -f "${MANIFESTS}"/conf/bblayers-partner.inc ]; then
257 | ln -sf "${MANIFESTS}"/conf/bblayers-partner.inc conf/bblayers-partner.inc
258 | fi
259 | ln -sf "${MANIFESTS}"/README.md README.md
260 |
261 | ln -sf "${MANIFESTS}" "${OEROOT}"/layers/
262 |
263 | DISTRO_DIRNAME=$(echo "${DISTRO}" | sed 's#[.-]#_#g')
264 |
265 | LMP_TAG="$(git --git-dir ${MANIFESTS}/.git describe HEAD --tags --abbrev=0)"
266 | # We want to truncate the value and still use the major version cache
267 | # (e.g. for 94.1 use 94. The .1 part of the sstate cache is
268 | # actually in the 95 bucket. 94.1 is small enough so this doesn't matter).
269 | # If we ever have a minor release that causes sufficient cache
270 | # invalidation, then we'll need to re-think how to produce the cache better.
271 | LMP_TAG="$(echo $LMP_TAG | sed 's/\.[0-9]*$//')"
272 |
273 | if [[ ! $LMP_TAG =~ ^[[:digit:]] ]]; then
274 | LMP_TAG_ARR=(${LMP_TAG//-/ })
275 | LMP_PARTNER_NAME="${LMP_TAG_ARR[0]}"
276 | LMP_VERSION_CACHE_TMP="${LMP_TAG_ARR[1]}"
277 | else
278 | LMP_VERSION_CACHE_TMP="${LMP_TAG}"
279 | fi
280 |
281 | if [ -z "$LMP_VERSION_CACHE" ]; then
282 | LMP_VERSION_CACHE="${LMP_VERSION_CACHE_TMP}"
283 |
284 | if [ -v LMP_VERSION_CACHE_DEV ]; then
285 | # to use the development version of the cache the user need to define the LMP_VERSION_CACHE_DEV env
286 | LMP_VERSION_CACHE=$(( $LMP_VERSION_CACHE + 1 ))
287 | fi
288 | fi
289 |
290 | if [[ ! -z "$LMP_PARTNER_NAME" ]]; then
291 | SSTATE_MIRRORS="file://.* https://storage.googleapis.com/lmp-cache/$LMP_PARTNER_NAME/v$LMP_VERSION_CACHE-sstate-cache/PATH"
292 | else
293 | SSTATE_MIRRORS="file://.* https://storage.googleapis.com/lmp-cache/v$LMP_VERSION_CACHE-sstate-cache/PATH"
294 | fi
295 |
296 | cat > conf/auto.conf < conf/site.conf <<_EOF
322 | SCONF_VERSION = "1"
323 |
324 | # Where to store sources
325 | DL_DIR ?= "${OEROOT}/downloads"
326 |
327 | # Where to save shared state
328 | SSTATE_DIR ?= "${OEROOT}/sstate-cache"
329 |
330 | # Where to save the build system work output
331 | TMPDIR = "${BUILDDIR}/tmp-${DISTRO_DIRNAME}"
332 |
333 | # Where to save the packages and images
334 | DEPLOY_DIR = "${BUILDDIR}/deploy"
335 |
336 | # Go through the Firewall
337 | #HTTP_PROXY = "http://${PROXYHOST}:${PROXYPORT}/"
338 | _EOF
339 |
340 | # LmP default mirrors cache location
341 | LMP_LOCAL_SSTATE_MIRRORS="${LMP_LOCAL_SSTATE_MIRRORS:-/yocto/lmp/cache/sstate-mirrors}"
342 | LMP_LOCAL_PRE_MIRRORS="${LMP_LOCAL_PRE_MIRRORS:-/yocto/lmp/cache/downloads-mirrors}"
343 |
344 | if [ -d "${LMP_LOCAL_SSTATE_MIRRORS}" ]; then
345 | cat >> conf/site.conf <<_EOF
346 |
347 | # State cache mirror is available locally on the file system
348 | SSTATE_MIRRORS += "file://.* file://${LMP_LOCAL_SSTATE_MIRRORS}/PATH"
349 | _EOF
350 | fi
351 |
352 | if [ -d "${LMP_LOCAL_PRE_MIRRORS}" ]; then
353 | cat >> conf/site.conf <<_EOF
354 |
355 | # Download mirror is available locally on the file system
356 | PREMIRRORS += " \
357 | git://.*/.* file://${LMP_LOCAL_PRE_MIRRORS} \
358 | ftp://.*/.* file://${LMP_LOCAL_PRE_MIRRORS} \
359 | http://.*/.* file://${LMP_LOCAL_PRE_MIRRORS} \
360 | https://.*/.* file://${LMP_LOCAL_PRE_MIRRORS} \
361 | "
362 | _EOF
363 | fi
364 | fi
365 |
366 | # Handle EULA , if needed. This is a generic method to handle BSPs
367 | # that might (or not) come with a EULA. If a machine has a EULA, we
368 | # assume that its corresponding layers has conf/EULA/$MACHINE file
369 | # with the EULA text, which we will display to the user and request
370 | # for acceptance. If accepted, the variable ACCEPT_EULA:$MACHINE is
371 | # set to 1 in auto.conf, which can later be used by the BSP.
372 | # If the env variable EULA_$MACHINE is set it is used by default,
373 | # without prompting the user.
374 | # FIXME: there is a potential issue if the same $MACHINE is set in
375 | # more than one layer.. but we should assert that earlier
376 | EULA=$(find ../layers -path "*/conf/eula/$MACHINE" -print | grep -v scripts |
377 | grep -v openembedded-core | grep -v meta-linaro || true)
378 |
379 | if [ -n "$EULA" ]; then
380 | # remove '-' since we are constructing a bash variable name here
381 | EULA_MACHINE="EULA_$(echo "$MACHINE" | sed 's/-//g')"
382 |
383 | # NOTE: indirect reference / dynamic variable
384 | if [ -n "${!EULA_MACHINE}" ]; then
385 | # the EULA_$MACHINE variable is set in the environment, so we just
386 | # configure # ACCEPT_EULA:$MACHINE in auto.conf
387 | echo "ACCEPT_EULA:$MACHINE = \"${!EULA_MACHINE}\"" >> conf/auto.conf
388 | else
389 | # so we need to ask user if he/she accepts the EULA:
390 | cat <> conf/auto.conf
427 | ;;
428 | n|N)
429 | echo "EULA has not been accepted."
430 | ;;
431 | *)
432 | REPLY=
433 | ;;
434 | esac
435 | done
436 | fi
437 | fi
438 | fi
439 |
440 | cat <'
456 |
457 | Some common targets are:
458 | EOF
459 |
460 | if [ "${DISTRO}" = 'lmp-mfgtool' ]; then
461 | if [[ "${MACHINE}" == *"stm32mp1"* ]]; then
462 | cat <