date:20220620

[yocto] verification requested but nobody cares : bzImage while booting in secureboot mode #dunfell #yocto

2022-06-20 Thread Pavan

Hi ,
I have been trying to enable Secureboot to my board having Intel-x86 
architecture  and I am following the steps given in this link 
https://github.com/jiazhang0/meta-secure-core for Yocto Dunfell branch.

Problem: In non Secureboot mode Yocto Boots normally and everything works fine 
but when Secureboot is enabled till grub it boots and loads grub-menu then after
If I press boot option it will simply throw this error
> 
> verification requested but nobody cares: bzImage

and stucks there.

I am not getting why this error is coming and what fixes to be made.

BTW grub version is grub-efi-2.04.

Below are the local.conf settings for Secureboot.

> 
> UEFI_SB = "1"
> BUNDLE = "1"
> GRUB_SIGN_VERIFY='0'
> GRUB_SIGN_VERIFY_STRICT='0'
> DEBUG_FLAGS_forcevariable = ""
> IMAGE_INSTALL += "kernel-image-bzimage"
> USER_CLASSES_remove = "image-prelink"
> 

> 
> MASTER_KEYS_DIR =
> "/home/yocto/poky/meta-secure-core/meta-signing-key/scripts/user-keys"
> 
> IMA_KEYS_DIR = "${MASTER_KEYS_DIR}/ima_keys"
> IMA_EVM_KEY_DIR = "${MASTER_KEYS_DIR}/ima_keys"
> RPM_KEYS_DIR = "${MASTER_KEYS_DIR}/rpm_keys"
> BOOT_KEYS_DIR = "${MASTER_KEYS_DIR}/boot_keys"
> MOK_SB_KEYS_DIR = "${MASTER_KEYS_DIR}/mok_sb_keys"
> SYSTEM_TRUSTED_KEYS_DIR = "${MASTER_KEYS_DIR}/system_trusted_keys"
> SECONDARY_TRUSTED_KEYS_DIR = "${MASTER_KEYS_DIR}/secondary_trusted_keys"
> MODSIGN_KEYS_DIR = "${MASTER_KEYS_DIR}/modsign_keys"
> UEFI_SB_KEYS_DIR = "${MASTER_KEYS_DIR}/uefi_sb_keys"
> GRUB_PUB_KEY = "${MASTER_KEYS_DIR}/boot_keys/boot_pub_key"
> GRUB_PW_FILE = "${MASTER_KEYS_DIR}/boot_keys/boot_cfg_pw"
> OSTREE_GPGDIR = "${MASTER_KEYS_DIR}/rpm_keys"
> 
> RPM_GPG_NAME = "PKG-SecureCore"
> RPM_GPG_PASSPHRASE = "root"
> RPM_FSK_PASSWORD = "root"
> BOOT_GPG_NAME = "BOOT-SecureCore"
> BOOT_GPG_PASSPHRASE = "root"
> OSTREE_GPGID = "PKG-SecureCore"
> OSTREE_GPG_PASSPHRASE = "root"
> OSTREE_GRUB_PW_FILE = "${GRUB_PW_FILE}"
> 

I am stuck with this issue from last 5 days ,please help me to solve this issue.

Thanks and Regards
Pavan

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#57363): https://lists.yoctoproject.org/g/yocto/message/57363
Mute This Topic: https://lists.yoctoproject.org/mt/91873367/21656
Mute #dunfell:https://lists.yoctoproject.org/g/yocto/mutehashtag/dunfell
Mute #yocto:https://lists.yoctoproject.org/g/yocto/mutehashtag/yocto
Group Owner: yocto+ow...@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[yocto] Yocto Project Newcomer & Unassigned Bugs - Help Needed

2022-06-20 Thread Stephen Jolley

All,

 

The triage team is starting to try and collect up and classify bugs which a
newcomer to the project would be able to work on in a way which means people
can find them. They're being listed on the triage page under the appropriate
heading:

https://wiki.yoctoproject.org/wiki/Bug_Triage#Newcomer_Bugs  Also please
review:
https://www.openembedded.org/wiki/How_to_submit_a_patch_to_OpenEmbedded and
how to create a bugzilla account at:

https://bugzilla.yoctoproject.org/createaccount.cgi

The idea is these bugs should be straight forward for a person to help work
on who doesn't have deep experience with the project.  If anyone can help,
please take ownership of the bug and send patches!  If anyone needs
help/advice there are people on irc who can likely do so, or some of the
more experienced contributors will likely be happy to help too.

 

Also, the triage team meets weekly and does its best to handle the bugs
reported into the Bugzilla. The number of people attending that meeting has
fallen, as have the number of people available to help fix bugs. One of the
things we hear users report is they don't know how to help. We (the triage
team) are therefore going to start reporting out the currently 418
unassigned or newcomer bugs.

 

We're hoping people may be able to spare some time now and again to help out
with these.  Bugs are split into two types, "true bugs" where things don't
work as they should and "enhancements" which are features we'd want to add
to the system.  There are also roughly four different "priority" classes
right now,  "4.1", "4.2", "4.99" and "Future", the more pressing/urgent
issues being in "4.1" and then "4.2".

 

Please review this link and if a bug is something you would be able to help
with either take ownership of the bug, or send me (sjolley.yp...@gmail.com
 ) an e-mail with the bug number you would
like and I will assign it to you (please make sure you have a Bugzilla
account).  The list is at:
https://wiki.yoctoproject.org/wiki/Bug_Triage_Archive#Unassigned_or_Newcomer
_Bugs

 

Thanks,

 

Stephen K. Jolley

Yocto Project Program Manager

*Cell:(208) 244-4460

* Email:  sjolley.yp...@gmail.com
 

 


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#57364): https://lists.yoctoproject.org/g/yocto/message/57364
Mute This Topic: https://lists.yoctoproject.org/mt/91889480/21656
Group Owner: yocto+ow...@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[yocto] Current high bug count owners for Yocto Project 4.1

2022-06-20 Thread Stephen Jolley

All,

Below is the list as of top 39 bug owners as of the end of WW25 of who have
open medium or higher bugs and enhancements against YP 4.1.   There are 91
possible work days left until the final release candidates for YP 4.1 needs
to be released.


Who

Count


michael.opdenac...@bootlin.com

37


ross.bur...@arm.com

26


david.re...@windriver.com

23


bruce.ashfi...@gmail.com

20


randy.macl...@windriver.com

15


richard.pur...@linuxfoundation.org

11


sakib.sa...@windriver.com

10


saul.w...@windriver.com

9


jpewhac...@gmail.com

9


tim.orl...@konsulko.com

8


aryaman.gu...@windriver.com

5


jon.ma...@arm.com

4


mhalst...@linuxfoundation.org

4


akuster...@gmail.com

3


pgowda@gmail.com

2


raj.k...@gmail.com

2


hongxu@windriver.com

2


qi.c...@windriver.com

2


tvgamb...@gmail.com

2


jay.shen.t...@intel.com

1


martin.bee...@online.de

1


piotr.lob...@vm.pl

1


nicolas.deche...@linaro.org

1


thomas.per...@bootlin.com

1


ola.x.nils...@axis.com

1


beh...@converseincode.com

1


sundeep.kokko...@gmail.com

1


pa...@zhukoff.net

1


abongwabonal...@gmail.com

1


martin.ja...@gmail.com

1


liezhi.y...@windriver.com

1


shac...@vdoo.com

1


mostthings...@gmail.com

1


alexandre.bell...@bootlin.com

1


thr...@amazon.de

1


alejan...@enedino.org

1


qorin.qori...@nl.abb.com

1


open.sou...@oleksandr-kravchuk.com

1


aeh...@gmail.com

1


Grand Total

214

Thanks,

 

Stephen K. Jolley

Yocto Project Program Manager

*Cell:(208) 244-4460

* Email:  sjolley.yp...@gmail.com
 

 


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#57365): https://lists.yoctoproject.org/g/yocto/message/57365
Mute This Topic: https://lists.yoctoproject.org/mt/91889592/21656
Group Owner: yocto+ow...@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[yocto] Enhancements/Bugs closed WW25!

2022-06-20 Thread Stephen Jolley

All,

The below were the owners of enhancements or bugs closed during the last
week!


Who

Count


michael.opdenac...@bootlin.com

2


ross.bur...@arm.com

1


pa...@zhukoff.net

1


richard.pur...@linuxfoundation.org

1


randy.macl...@windriver.com

1


akuster...@gmail.com

1


Grand Total

7

Thanks,

 

Stephen K. Jolley

Yocto Project Program Manager

*Cell:(208) 244-4460

* Email:  sjolley.yp...@gmail.com
 

 


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#57366): https://lists.yoctoproject.org/g/yocto/message/57366
Mute This Topic: https://lists.yoctoproject.org/mt/91889655/21656
Group Owner: yocto+ow...@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[yocto] M+ & H bugs with Milestone Movements WW25

2022-06-20 Thread Stephen Jolley

All,

YP M+ or high bugs which moved to a new milestone in WW25 are listed below: 


Priority

Bug ID

Short Description

Changer

Owner

Was

Became


Medium+

  5322

Global DNS fallback mechanism not present in poky distro

randy.macl...@windriver.com

unassig...@yoctoproject.org

4.1 M1

4.1 M3


 

  7600

syslinux: port extX support patches to syslinux community

randy.macl...@windriver.com

sakib.sa...@windriver.com

4.1 M1

4.1 M3


 

  10693

Add a testcase for multilib eSDK on the autobuilder

randy.macl...@windriver.com

qi.c...@windriver.com

4.1 M1

4.1 M2


 

  12060

It is possible to specify a PACKAGE and a PKG_ rename that conflict

randy.macl...@windriver.com

unassig...@yoctoproject.org

4.1 M1

4.1 M3


 

  12279

enhance manifest not found warning

randy.macl...@windriver.com

aryaman.gu...@windriver.com

4.1 M1

4.1 M2


 

  12917

Warnings from nightly-multilib builds (build-deps)

randy.macl...@windriver.com

unassig...@yoctoproject.org

4.1 M1

4.1 M3


 

  12937

Consistent naming scheme for deployed artifacts

richard.pur...@linuxfoundation.org

martin.ja...@gmail.com

4.1 M1

4.1 M3


 

  13025

WIC image install support

kexin@windriver.com

kexin@windriver.com

4.1 M1

Future


 

  13226

Support out of tree modules for alternate kernels

randy.macl...@windriver.com

bruce.ashfi...@gmail.com

4.1 M1

4.1 M3


 

  13251

Symlinks overridden when building multitple kernels

randy.macl...@windriver.com

bruce.ashfi...@gmail.com

4.1 M1

4.1 M3


 

  13288

pseudo should not follow symlinks in /proc

randy.macl...@windriver.com

sakib.sa...@windriver.com

4.1 M1

4.1 M2


 

  14007

When qemu hangs, try to create a snapshot or core file.

randy.macl...@windriver.com

saul.w...@windriver.com

4.1 M1

4.1 M2


 

  14553

insane.bbclass: host-user-contaminated QA doesn't skip the home directory

randy.macl...@windriver.com

unassig...@yoctoproject.org

4.1 M1

4.1 M3


 

  14691

Bitbake does not check for all required perl modules to build oe-core

randy.macl...@windriver.com

sakib.sa...@windriver.com

4.1 M1

4.1 M3


 

  14745

cve-checker update to support NVD json 5.0 format

richard.pur...@linuxfoundation.org

akuster...@gmail.com

4.1 M1

4.1 M3

Thanks, 

 

Stephen K. Jolley

Yocto Project Program Manager

*Cell:(208) 244-4460

* Email:  sjolley.yp...@gmail.com  

 


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#57367): https://lists.yoctoproject.org/g/yocto/message/57367
Mute This Topic: https://lists.yoctoproject.org/mt/91889674/21656
Group Owner: yocto+ow...@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[yocto] [meta-security][PATCH] packagegroup-core-security: skip mips firejail

2022-06-20 Thread Armin Kuster

Signed-off-by: Armin Kuster 
---
 recipes-core/packagegroup/packagegroup-core-security.bb | 2 ++
 recipes-security/Firejail/firejail_0.9.70.bb| 2 ++
 2 files changed, 4 insertions(+)

diff --git a/recipes-core/packagegroup/packagegroup-core-security.bb 
b/recipes-core/packagegroup/packagegroup-core-security.bb
index ef65428..05951da 100644
--- a/recipes-core/packagegroup/packagegroup-core-security.bb
+++ b/recipes-core/packagegroup/packagegroup-core-security.bb
@@ -41,6 +41,8 @@ RDEPENDS:packagegroup-security-utils = "\
 ${@bb.utils.contains("DISTRO_FEATURES", "pax", "pax-utils packctl", "",d)} 
\
 "
 
+RDEPENDS:packagegroup-security-utils:remove:mipsarch = "firejail"
+
 SUMMARY:packagegroup-security-scanners = "Security scanners"
 RDEPENDS:packagegroup-security-scanners = "\
 ${@bb.utils.contains_any("TUNE_FEATURES", "riscv32 riscv64", "", " 
arpwatch",d)} \
diff --git a/recipes-security/Firejail/firejail_0.9.70.bb 
b/recipes-security/Firejail/firejail_0.9.70.bb
index fc9066b..35f7b07 100644
--- a/recipes-security/Firejail/firejail_0.9.70.bb
+++ b/recipes-security/Firejail/firejail_0.9.70.bb
@@ -58,4 +58,6 @@ pkg_postinst_ontarget:${PN} () {
 ${libdir}/${BPN}/fseccomp memory-deny-write-execute 
${libdir}/${BPN}/seccomp.mdwx
 }
 
+COMPATIBLE_MACHINE:mips64 = "(!.*mips64).*"
+
 RDEPENDS:${PN} = "bash"
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#57368): https://lists.yoctoproject.org/g/yocto/message/57368
Mute This Topic: https://lists.yoctoproject.org/mt/91893684/21656
Group Owner: yocto+ow...@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[yocto] verification requested but nobody cares : bzImage while booting in secureboot mode #dunfell #yocto

[yocto] Yocto Project Newcomer & Unassigned Bugs - Help Needed

[yocto] Current high bug count owners for Yocto Project 4.1

[yocto] Enhancements/Bugs closed WW25!

[yocto] M+ & H bugs with Milestone Movements WW25

[yocto] [meta-security][PATCH] packagegroup-core-security: skip mips firejail

6 matches

Site Navigation

Mail list logo

Footer information