refactor(submodules): remove submodules

.gitmodules

@@ -1,36 +0,0 @@
-[submodule "bitbake"]
-	path = bitbake
-	url = ssh://git@bitbucket.gad.local:7999/ico/bitbake.git
-	branch = 2.0
-[submodule "openembedded-core"]
-	path = external-layers/openembedded-core
-	url = ssh://git@bitbucket.gad.local:7999/ico/openembedded-core.git
-	branch = kirkstone
-[submodule "meta-openembedded"]
-	path = external-layers/meta-openembedded
-	url = ssh://git@bitbucket.gad.local:7999/ico/meta-openembedded.git
-	branch = kirkstone
-[submodule "meta-virtualization"]
-	path = external-layers/meta-virtualization
-	url = ssh://git@bitbucket.gad.local:7999/ico/meta-virtualization.git
-	branch = kirkstone
-[submodule "meta-efibootguard"]
-	path = external-layers/meta-efibootguard
-	url = ssh://git@bitbucket.gad.local:7999/ico/meta-efibootguard.git
-	branch = master
-[submodule "meta-swupdate"]
-	path = external-layers/meta-swupdate
-	url = ssh://git@bitbucket.gad.local:7999/ico/meta-swupdate.git
-	branch = kirkstone
-[submodule "meta-arm"]
-	path = external-layers/meta-arm
-	url = ssh://git@bitbucket.gad.local:7999/ico/meta-arm.git
-	branch = kirkstone
-[submodule "meta-ti"]
-	path = external-layers/meta-ti
-	url = ssh://git@bitbucket.gad.local:7999/ico/meta-ti.git
-	branch = kirkstone
-[submodule "meta-lts-kernel-mixin"]
-	path = external-layers/meta-lts-kernel-mixin
-	url = ssh://git@bitbucket.gad.local:7999/ico/meta-lts-mixins.git
-	branch = coreos/kirkstone/kernel

.vscode/extensions.json

@@ -2,9 +2,9 @@
     "recommendations": [
         "ms-vscode.makefile-tools",
         "timonwong.shellcheck",
+        "eugenwiens.bitbake",
         "kweihmann.oelint-vscode",
         "lextudio.restructuredtext",
-        "trond-snekvik.simple-rst",
-        "yocto-project.yocto-bitbake"
+        "trond-snekvik.simple-rst"
     ]
 }

.vscode/settings.json

@@ -1,47 +1,12 @@
 {
     "files.watcherExclude": {
-        "**/build/**": true,
-        "**/_build/**": true,
+        "**/build/cache/**": true,
+        "**/build/downloads/**": true,
+        "**/build/sstate-cache/**": true,
+        "**/build/tmp/**": true,
+        "**/documentation/_build/**": true,
+        "**/build/workspace": true
     },
-    "search.exclude": {
-        "**/build/**": true,
-        "**/_build/**": true,
-    },
-    "C_Cpp.files.exclude": {
-        "**/build": true,
-        "**/_build": true,
-    },
-    "python.analysis.exclude": [
-        "**/build/**",
-        "**/_build/**",
-    ],
     "python.formatting.provider": "black",
-    "editor.rulers": [80,100,120],
-    "bitbake.pathToBuildFolder": "${workspaceFolder}/build",
-    "bitbake.pathToEnvScript": "${workspaceFolder}/coreos-init-build-env",
-    "bitbake.pathToBitbakeFolder": "${workspaceFolder}/bitbake",
-    "python.autoComplete.extraPaths": [
-        "${workspaceFolder}/bitbake/lib",
-        "${workspaceFolder}/meta/lib"
-    ],
-    "python.analysis.extraPaths": [
-        "${workspaceFolder}/bitbake/lib",
-        "${workspaceFolder}/meta/lib"
-    ],
-    "[python]": {
-        "diffEditor.ignoreTrimWhitespace": false,
-        "gitlens.codeLens.symbolScopes": [
-            "!Module"
-        ],
-        "editor.formatOnType": true,
-        "editor.wordBasedSuggestions": "off",
-        "files.trimTrailingWhitespace": false
-    },
-    "[shellscript]": {
-        "files.eol": "\n",
-        "files.trimTrailingWhitespace": false
-    },
-    "bitbake.sdkImage": "coreos-image-minimal",
-    "bitbake.workingDirectory": "${workspaceFolder}",
-    "task.saveBeforeRun": "always",
+    "editor.rulers": [80,100,120]
 }

bitbake

@@ -1 +0,0 @@
-Subproject commit 40fd5f4eef7460ca67f32cfce8e229e67e1ff607

coreos-init-build-env

@@ -92,3 +92,18 @@ coreos-bblayers-envsub COREOS_EXTLAYERSDIR "${COREOS_ROOT}/external-layers"
 # stdout is redirected to reduce the amount of output but not stderr
 #
 #Note: if a final build is detected all the dev keys are deleted
+
+if [ "$CreateFinal" = "true" ]; then
+    echo "\nFinal build detected delete dev keys and dont use or generate them" >&2
+    rm -rf "${BUILDDIR}/keys"
+else
+    echo "\nNo final build detected use development keys" >&2
+    coreos-get-dev-keys > /dev/null || {
+        echo "The coreos-get-dev-keys script has failed" >&2
+    }
+
+    coreos-keygen > /dev/null || {
+        echo "The coreos-keygen script has failed" >&2
+        return 1
+    }
+fi

documentation/components/optional/installer.rst

@@ -3,35 +3,33 @@
 CoreOS Installer
 ****************
 
-The CoreOS installer is a set of scripts running on the target and a
+The CoreOS installer is a set of script running on the target and a
 corresponding bitbake image that is used into the bootstrap process of CoreOS.
 
 coreos-image-installer
 ======================
 
-The CoreOS image installer results in an image contairing only a single binary
-EFI file. This EFI file includes a kernel, a device tree and an initramfs with
-all (and only) the tools needed to install CoreOS.
+The CoreOS installer image is a single binary EFI file that include a kernel,
+device tree and an initramfs with all the tools needed to install CoreOS.
 
-The installer image is not automatically built in parallel of a normal image.
-This can be changed by setting `COREOS_IMAGE_GENERATE_INSTALLER` to 1 in the
-image file (as it is done for example in coreos-image-all-features.bb).
+An installer image is automatically built in parallel of a normal image.
+This can be deactivated by setting `COREOS_IMAGE_GENERATE_INSTALLER` to 0.
 
 The installer image build by default only a single EFI binary named
-coreos-installer-MACHINE.efi. An SDCard or USB image can be generated if
+coreos-installer-MACHINE.efi. An SDCard image can be generate if
 `COREOS_INSTALLER_WKS_FILE` is set to a wks file.
 
 coreos-installer
 ================
 
-The coreos-installer recipe installs scripts that are used at startup to
-automatically format the internal emmc of the device. The recipe also contains
+The coreos-installer recipe installs some script that is used at startup
+to automatically format the internal emmc of the device. It also contains
 a swupdate configuration file to setup swupdate correctly for that use case.
 
 coreos-installer-config
 =======================
 
 The coreos-installer-config recipe installs device specific configuration file
-used by the coreos-installer. This includes the partitioner config file. Distros
-and projects based on CoreOS can change the partioning scheme or partition size
+used by the coreos-installer. This includes the partitionner config file. Distro
+and project based on CoreOS can change the partionning scheme or partition size
 by installing their own version of this package using a `bbappend file`.

external-layers/meta-arm

@@ -1 +0,0 @@
-Subproject commit d7b7b6fb6c7c5545e718e44f38853d1718ce5446

external-layers/meta-efibootguard

@@ -1 +0,0 @@
-Subproject commit e3581b11d30d91d0363acb48a6aee47043b7e0bc

external-layers/meta-lts-kernel-mixin

@@ -1 +0,0 @@
-Subproject commit 09d2f9391813674627ec53cb222da6c7a51221e6

external-layers/meta-openembedded

@@ -1 +0,0 @@
-Subproject commit 8bb16533532b6abc2eded7d9961ab2a108fd7a5b

external-layers/meta-swupdate

@@ -1 +0,0 @@
-Subproject commit 3d12b2788a45d86efcb1ad3e01f209558c54795c

external-layers/meta-ti

@@ -1 +0,0 @@
-Subproject commit bae3658ac0bc1c9adac7a882439cabb385cae720

external-layers/meta-virtualization

@@ -1 +0,0 @@
-Subproject commit cb2bc17e96552cdfc141d27bd9f4dbd95a872846

external-layers/openembedded-core

@@ -1 +0,0 @@
-Subproject commit 1b5405955c7c2579ed1f52522e2e177d0281fa33

layers/meta-belden-coreos-bsp/classes/coreos-efi-secureboot.bbclass

@@ -3,7 +3,7 @@
 # UEFI Secure boot configuration
 # ==============================================================================
 
-COREOS_EFI_SECUREBOOT_KEYDIR ??= "${RECIPE_SYSROOT_NATIVE}/${datadir}/keys"
+COREOS_EFI_SECUREBOOT_KEYDIR ??= "${TOPDIR}/keys"
 COREOS_EFI_SECUREBOOT_INSTALL_PUBKEY_IN_EFIDIR ??= "0"
 
 # UEFI Secure boot helpers
@@ -16,12 +16,12 @@ HOSTTOOLS += "sbsign"
 
 # Ensure that the public keys are always deployed to the deploy directory
 # before running wic
-do_image_wic[depends] += "cos-certificates-and-keys-native:do_deploy"
+do_image_wic[depends] += "efi-secureboot-keys:do_deploy"
 
 COREOS_EFI_SECUREBOOT_INSTALL_PUBKEY_IN_EFIDIR ??= "0"
 def get_coreos_secureboot_efi_boot_files(d):
     """
-        Return the list of pubkey file inside deploy if
+        Return the list of pubkey file inside deploy if 
         COREOS_EFI_SECUREBOOT_INSTALL_PUBKEY_IN_EFIDIR is set or an empty string
         otherwise
     """
@@ -31,4 +31,26 @@ def get_coreos_secureboot_efi_boot_files(d):
 
 IMAGE_EFI_BOOT_FILES:append = " ${@get_coreos_secureboot_efi_boot_files(d)}"
 
+def get_coreos_secureboot_keydir_hash(d):
+    """
+        Generate a space separate list, with a value for each file inside of 
+        keydir. Fromat: <filename>:md5:<md5sum>
+    """
+    import hashlib
 
+    keydir = d.getVar('COREOS_EFI_SECUREBOOT_KEYDIR')
+    value = ""
+    
+    for keyname in os.listdir(keydir):
+        filepath = os.path.join(keydir, keyname)
+        if os.path.isfile(filepath): 
+            md5 = bb.utils.md5_file(filepath)
+            value += f"{keyname}:md5:{md5} "
+
+    return value
+
+# The build system should detect if someone change one of the key inside
+# COREOS_EFI_SECUREBOOT_KEYDIR and rebuild all the recipes and artifacts that
+# depends on this directory
+COREOS_EFI_SECUREBOOT_KEYDIR_HASH = "${@get_coreos_secureboot_keydir_hash(d)}"
+COREOS_EFI_SECUREBOOT_KEYDIR[vardeps] += "COREOS_EFI_SECUREBOOT_KEYDIR_HASH"

layers/meta-belden-coreos-bsp/conf/machine/beaglebone.conf

@@ -12,7 +12,7 @@ include conf/machine/include/arm/armv7a/tune-cortexa8.inc
 IMAGE_FSTYPES += "wic wic.xz wic.bmap"
 WKS_FILE ?= "beaglebone-sdcard.wks.in"
 COREOS_INSTALLER_WKS_FILE ?= "beaglebone-sdcard-installer.wks"
-MACHINE_ESSENTIAL_EXTRA_RDEPENDS += "kernel-image"
+MACHINE_ESSENTIAL_EXTRA_RDEPENDS += "kernel-image kernel-devicetree"
 do_image_wic[depends] += "mtools-native:do_populate_sysroot dosfstools-native:do_populate_sysroot gptfdisk-native:do_populate_sysroot virtual/bootloader:do_deploy"
 do_image_wic[recrdeptask] += "do_bootimg"
 
@@ -21,10 +21,10 @@ SERIAL_CONSOLES_CHECK = "${SERIAL_CONSOLES}"
 APPEND:append = " console=ttyS0,115200"
 
 PREFERRED_PROVIDER_virtual/kernel ?= "linux-yocto"
-PREFERRED_VERSION_linux-yocto ?= "6.6%"
+PREFERRED_VERSION_linux-yocto ?= "5.15%"
 
 KERNEL_IMAGETYPE = "zImage"
-DTB_FILES = "ti/omap/am335x-bone.dtb ti/omap/am335x-boneblack.dtb ti/omap/am335x-bonegreen.dtb"
+KERNEL_DEVICETREE = "am335x-bone.dtb am335x-boneblack.dtb am335x-bonegreen.dtb"
 KERNEL_EXTRA_ARGS += "LOADADDR=${UBOOT_ENTRYPOINT}"
 
 PREFERRED_PROVIDER_virtual/bootloader ?= "u-boot"

layers/meta-belden-coreos-bsp/conf/machine/eagle40-03.conf

@@ -5,12 +5,12 @@
 
 require include/coreos-generic-arch/x64.inc
 
-MACHINE_FEATURES += "pci usbhost x86 serial efi"
+MACHINE_FEATURES += "pci usbhost x86 acpi serial efi tpm2 "
 
 # Kernel configuration
 # ******************************************************************************
 
-PREFERRED_VERSION_linux-yocto ?= "6.6%"
+PREFERRED_VERSION_linux-yocto ?= "5.15%"
 PREFERRED_PROVIDER_virtual/kernel ?= "linux-yocto"
 
 KERNEL_IMAGETYPE = "bzImage"
@@ -28,10 +28,11 @@ APPEND += "console=ttyS0,115200"
 # Ensure that both flash-image.bin and boot.scr are generated as they are needed
 # for a wic image
 WKS_FILE = "generic-uefi.wks.in"
-COREOS_INSTALLER_WKS_FILE ?= "generic-uefi-usb-installer.wks"
+# COREOS_INSTALLER_WKS_FILE ?= ""  --> TBD
 IMAGE_FSTYPES += "wic.xz wic.bmap"
 
 MACHINE_ESSENTIAL_EXTRA_RDEPENDS += " kernel-modules"
+# COREOS_IMAGE_SWUPDATE_EXTRACLASSES += "" --> TBD
 
 # No watchdog available yet
 EFIBOOTGUARD_TIMEOUT ?= "0"

layers/meta-belden-coreos-bsp/conf/machine/include/coreos-generic-features/partitions.inc

@@ -1,20 +1,15 @@
-# Variables used in WKS file
+
+# Variable used in WKS file
+
 WKS_PART_EFI ??= 'part --source efibootguard-efi --label efi --part-type=EF00'
 WKS_PART_EFIBOOTGUARD_A ??= 'part --source efibootguard-boot --label ebg0 --part-type=0700 --sourceparams "args=coreos.root=rootfs0,watchdog=${EFIBOOTGUARD_TIMEOUT},revision=2,kernel=${COREOS_KERNEL_FILENAME};KERNEL.EFI"'
 WKS_PART_EFIBOOTGUARD_B ??= 'part --source efibootguard-boot --label ebg1 --part-type=0700 --sourceparams "args=coreos.root=rootfs1,watchdog=${EFIBOOTGUARD_TIMEOUT},revision=1,kernel=${COREOS_KERNEL_FILENAME};KERNEL.EFI"'
 WKS_PART_ROOT_A ??= 'part / --source rootfs --fstype=ext4 --label rootfs0'
 WKS_PART_ROOT_B ??= 'part --fstype=ext4 --label rootfs1'
-WKS_PART_USERDATA ??= 'part /usr/local/data --fstype=btrfs --label userdata'
+WKS_PART_ROOT_SIZE ??= '2G'
 
-PART_EFI_SIZE ??= '64M'
-PART_ROOT_SIZE ??= '1G'
-PART_EFIBG_SIZE ??= '128M'
-PART_USERDATA_SIZE ??= '1G'
-
-# Variables used in SFDISK file
 SFDISK_PART_EFI ??= 'type=C12A7328-F81F-11D2-BA4B-00A0C93EC93B, name="efi"'
 SFDISK_PART_EFIBOOTGUARD_A ??= 'type=EBD0A0A2-B9E5-4433-87C0-68B6B72699C7, name="ebg0"'
 SFDISK_PART_EFIBOOTGUARD_B ??= 'type=EBD0A0A2-B9E5-4433-87C0-68B6B72699C7, name="ebg1"'
 SFDISK_PART_ROOT_A ??= 'type=0FC63DAF-8483-4772-8E79-3D69D8477DE4, name="rootfs0"'
-SFDISK_PART_ROOT_B ??= 'type=0FC63DAF-8483-4772-8E79-3D69D8477DE4, name="rootfs1"'
-SFDISK_PART_USERDATA ??= 'type=0FC63DAF-8483-4772-8E79-3D69D8477DE4, name="userdata"'
+SFDISK_PART_ROOT_B ??= 'type=0FC63DAF-8483-4772-8E79-3D69D8477DE4, name="rootfs0"'

layers/meta-belden-coreos-bsp/conf/machine/include/coreos-generic-machine/vm.inc

@@ -6,7 +6,7 @@ MACHINE_FEATURES += "wifi efi"
 # Add an override that work for all pc image
 MACHINEOVERRIDES =. "vm:"
 
-PREFERRED_VERSION_linux-yocto ?= "6.6%"
+PREFERRED_VERSION_linux-yocto ?= "5.15%"
 PREFERRED_PROVIDER_virtual/kernel ?= "linux-yocto"
 
 MACHINE_EXTRA_RRECOMMENDS += "kernel-modules linux-firmware"

layers/meta-belden-coreos-bsp/conf/machine/qemu-coreos-arm64.conf

@@ -6,9 +6,9 @@
 require conf/machine/qemu-generic-arm64.conf
 MACHINEOVERRIDES =. "qemu-generic-arm64:"
 
-COREOS_IMAGE_GENERATE_INSTALLER = "0"
-
+IMAGE_FSTYPES += "wic.xz wic.bmap"
 WKS_FILE = "qemu-efi-coreos-generic.wks.in"
+QB_DRIVE_TYPE = "/dev/sd"
 
 EFIBOOTGUARD_TIMEOUT ?= "0"
 require conf/machine/include/coreos-generic-features/efi.inc

layers/meta-belden-coreos-bsp/recipes-bsp/u-boot/u-boot-coreos-efi.inc

@@ -1,23 +1,12 @@
-# Ensure that file are found event when this file is included in another layer
-# ==============================================================================
-FILESEXTRAPATHS:prepend := "${THISDIR}/u-boot:"
-
-# U-Boot CoreOS Distro Settings
-# ==============================================================================
-
-# Enable more debug option when debug-tweaks is enabled
-SRC_URI += " \
-    ${@bb.utils.contains("IMAGE_FEATURES", "debug-tweaks", "file://debug-tweaks.cfg", "", d)} \
-"
-
 inherit coreos-efi-secureboot
 
-# Make sure UEFI and secure boot is enabled for every u-boot build
 SRC_URI += " \
     file://uefi.cfg \
     file://uefi-secureboot.cfg \
 "
 
+DEPENDS:append = " ${PYTHON_PN}-pyopenssl-native u-boot-tools-native"
+
 # Generate a ubootefi.var file inside the build directory
 #
 # This file can be directly linked inside the u-boot binary to provide
@@ -26,7 +15,6 @@ SRC_URI += " \
 #
 # The efivar.py is taken from u-boot-tools recipes, so that we are sure that he
 # is found and don't depend on the u-boot version being used
-DEPENDS:append = " ${PYTHON_PN}-pyopenssl-native u-boot-tools-native cos-certificates-and-keys-native"
 addtask uboot_generate_efivar after do_configure before do_compile
 do_uboot_generate_efivar() {
     # Settings OPENSSL_MODULES is needed, otherwise efivar.py fail with

layers/meta-belden-coreos-bsp/recipes-bsp/u-boot/u-boot-coreos.inc

@@ -0,0 +1,12 @@
+# Ensure that file are found event when this file is included in another layer
+# ==============================================================================
+FILESEXTRAPATHS:prepend := "${THISDIR}/u-boot:"
+
+# Main include file for u-boot to ensure CoreOS compatibility
+# ==============================================================================
+
+SRC_URI += " \
+    ${@bb.utils.contains("IMAGE_FEATURES", "debug-tweaks", "file://debug-tweaks.cfg", "", d)} \
+"
+
+require ${@bb.utils.contains("COMBINED_FEATURES", "efi", "u-boot-coreos-efi.inc", "", d)}

layers/meta-belden-coreos-bsp/recipes-bsp/u-boot/u-boot_2022.01.bbappend

@@ -0,0 +1,2 @@
+FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:"
+require u-boot-coreos.inc

layers/meta-belden-coreos-bsp/recipes-bsp/u-boot/u-boot_2022.10.bb

@@ -4,3 +4,5 @@ require recipes-bsp/u-boot/u-boot.inc
 SRCREV = "4debc57a3da6c3f4d3f89a637e99206f4cea0a96"
 DEPENDS += "bc-native dtc-native python3-setuptools-native"
 LIC_FILES_CHKSUM = "file://Licenses/README;md5=2ca5f2c35c8cc335f0a19756634782f1"
+
+require u-boot-coreos.inc

layers/meta-belden-coreos-bsp/recipes-coreos/coreos-installer/coreos-installer-config/beaglebone_1.0.sfdisk

@@ -12,8 +12,8 @@ sector-size: 512
 /dev/mmcblk1p1 : start=         256, size=         512, type=4DA6E9DA-C803-4BE4-BAC4-8192717C5EB0, name="mlo", attrs="RequiredPartition"
 /dev/mmcblk1p2 : start=         768, size=        8192, type=5B97345D-B7A1-47D3-A491-ED40F4841639, name="uboot", attrs="RequiredPartition"
 
-/dev/mmcblk1p3 : size= ${PART_EFI_SIZE}, ${SFDISK_PART_EFI}
-/dev/mmcblk1p4 : size= ${PART_EFIBG_SIZE}, ${SFDISK_PART_EFIBOOTGUARD_A}
-/dev/mmcblk1p5 : size= ${PART_EFIBG_SIZE}, ${SFDISK_PART_EFIBOOTGUARD_B}
-/dev/mmcblk1p6 : size= ${PART_ROOT_SIZE}, ${SFDISK_PART_ROOT_A}
-/dev/mmcblk1p7 : size= ${PART_ROOT_SIZE}, ${SFDISK_PART_ROOT_B}
+/dev/mmcblk1p3 : start=        8960, size=      131072, ${SFDISK_PART_EFI}
+/dev/mmcblk1p4 : start=      140032, size=      262144, ${SFDISK_PART_EFIBOOTGUARD_A}
+/dev/mmcblk1p5 : start=      402176, size=      262144, ${SFDISK_PART_EFIBOOTGUARD_B}
+/dev/mmcblk1p6 : start=      664320, size=     3403375, ${SFDISK_PART_ROOT_A}
+/dev/mmcblk1p7 : start=     4067695, size=     3403375, ${SFDISK_PART_ROOT_B}

layers/meta-belden-coreos-bsp/recipes-coreos/coreos-installer/coreos-installer-config/eagle40-03_1.0.sfdisk

@@ -1,13 +0,0 @@
-label: gpt
-device: /dev/mmcblk2
-unit: sectors
-first-lba: 34
-last-lba: 7471070
-sector-size: 512
-
-/dev/mmcblk2p1 : start= 256, size= ${PART_EFI_SIZE}, ${SFDISK_PART_EFI}
-/dev/mmcblk2p2 : size= ${PART_ROOT_SIZE}, ${SFDISK_PART_ROOT_A}
-/dev/mmcblk2p3 : size= ${PART_ROOT_SIZE}, ${SFDISK_PART_ROOT_B}
-/dev/mmcblk2p4 : size= ${PART_EFIBG_SIZE}, ${SFDISK_PART_EFIBOOTGUARD_A}
-/dev/mmcblk2p5 : size= ${PART_EFIBG_SIZE}, ${SFDISK_PART_EFIBOOTGUARD_B}
-/dev/mmcblk2p6 : size= ${PART_USERDATA_SIZE}, ${SFDISK_PART_USERDATA}

layers/meta-belden-coreos-bsp/recipes-coreos/coreos-installer/coreos-installer-config_%.bbappend

@@ -1,4 +1,3 @@
 FILESEXTRAPATHS:prepend := "${THISDIR}/coreos-installer-config:"
 
 SRC_URI:append:beaglebone = " file://beaglebone_1.0.sfdisk"
-SRC_URI:append:eagle40-03 = " file://eagle40-03_1.0.sfdisk"

layers/meta-belden-coreos-bsp/recipes-kernel/linux/files/eagle40-03.cfg

@@ -1,2 +0,0 @@
-CONFIG_F71808E_WDT=y
-CONFIG_WATCHDOG_SYSFS=y

layers/meta-belden-coreos-bsp/recipes-kernel/linux/linux-yocto-coreos-efi.inc

@@ -0,0 +1,23 @@
+
+inherit coreos-efi-sbsign
+require conf/image-uefi.conf
+
+# Ensure EFI STUB is enabled
+KERNEL_FEATURES:append = " cfg/efi.scc cfg/efi-ext.scc"
+
+# By default we use a Unified Kernel Image that contain the kernel, the
+# kernel command line and some device tree, so we don't need to sign the output
+# of the kernel recipes
+COREOS_KERNEL_EFI_SIGNED ??= "0"
+
+# Extend the kernel_do_deploy function from kernel.bbclass to sign the kernel
+kernel_do_deploy:append() {
+    if [ "${COREOS_KERNEL_EFI_SIGNED}" == "1" ]; then
+      deployDir="${DEPLOYDIR}"
+      for imageType in ${KERNEL_IMAGETYPES} ; do
+        baseName="$imageType-${KERNEL_IMAGE_NAME}"
+        coreos_efi_secureboot_sign_app "$deployDir/$baseName${KERNEL_IMAGE_BIN_EXT}"
+      done
+    fi
+}
+

layers/meta-belden-coreos-bsp/recipes-kernel/linux/linux-yocto_5.15.bbappend

@@ -4,7 +4,7 @@ COMPATIBLE_MACHINE:vm-x64 = "vm-x64"
 
 # Enable some kernel features related to virtualiuzation
 KERNEL_FEATURES:append:vm-x64=" cfg/virtio.scc cfg/paravirt_kvm.scc"
-SRC_URI:append:vm-x64 = " file://hyperv.cfg"
+
 
 KMACHINE:eagle40-03 ?= "common-pc-64"
 KBRANCH:eagle40-03 = "v5.15/standard/base"
@@ -18,3 +18,8 @@ KMACHINE:beaglebone ?= "beaglebone"
 SRCREV_machine:beaglebone ?= "9aabbaa89fcb21af7028e814c1f5b61171314d5a"
 COMPATIBLE_MACHINE:beaglebone = "beaglebone"
 LINUX_VERSION:beaglebone = "5.15.54"
+
+require ${@bb.utils.contains("COMBINED_FEATURES", "efi", "linux-yocto-coreos-efi.inc", "", d)}
+
+SRC_URI += " file://k3s_kernel_adaptions.cfg"
+SRC_URI:append:vm-x64 = " file://hyperv.cfg"

layers/meta-belden-coreos-bsp/recipes-kernel/linux/linux-yocto_6.6.bbappend

@@ -1,14 +0,0 @@
-FILESEXTRAPATHS:prepend := "${THISDIR}/files:"
-
-KMACHINE:eagle40-03 ?= "common-pc-64"
-COMPATIBLE_MACHINE:eagle40-03 = "eagle40-03"
-
-KMACHINE:beaglebone ?= "beaglebone"
-COMPATIBLE_MACHINE:beaglebone = "beaglebone"
-
-KMACHINE:vm-x64 ?= "common-pc-64"
-COMPATIBLE_MACHINE:vm-x64 = "vm-x64"
-KERNEL_FEATURES:append:vm-x64=" cfg/virtio.scc cfg/paravirt_kvm.scc"
-SRC_URI:append:vm-x64 = " file://hyperv.cfg"
-
-SRC_URI += " file://eagle40-03.cfg"

layers/meta-belden-coreos-bsp/wic/beaglebone-sdcard.wks.in

@@ -13,8 +13,8 @@ part --offset 768S --source rawcopy --sourceparams="file=u-boot.img" --ondisk mm
 # Let's define a 4MiB maximum size for the bootloader
 # 4MiB => 4*1024*1024/512=8192S | 768S + 8192S => 8960S
 ${WKS_PART_EFI} --ondisk mmcblk0 --offset 8960S --fixed-size 32M
-${WKS_PART_EFIBOOTGUARD_A} --ondisk mmcblk0 --fixed-size ${PART_EFIBG_SIZE}
-${WKS_PART_EFIBOOTGUARD_B} --ondisk mmcblk0 --fixed-size ${PART_EFIBG_SIZE}
-${WKS_PART_ROOT_A} --ondisk mmcblk0 --fixed-size ${PART_ROOT_SIZE}
-${WKS_PART_ROOT_B} --ondisk mmcblk0 --fixed-size ${PART_ROOT_SIZE}
+${WKS_PART_EFIBOOTGUARD_A} --ondisk mmcblk0 --fixed-size 128M
+${WKS_PART_EFIBOOTGUARD_B} --ondisk mmcblk0 --fixed-size 128M
+${WKS_PART_ROOT_A} --ondisk mmcblk0 --fixed-size ${WKS_PART_ROOT_SIZE}
+${WKS_PART_ROOT_B} --ondisk mmcblk0 --fixed-size ${WKS_PART_ROOT_SIZE}
 bootloader --ptable gpt

layers/meta-belden-coreos-bsp/wic/generic-uefi-usb-installer.wks

@@ -1,16 +0,0 @@
-# short-description: Create USB image for Eagle 40-03
-# long-description: Creates a partitioned USB image for Eagle 40-03.
-
-# offset 1S => 1 sector (1x512 byte)
-# The bootloader can be at 4 different position in raw mode: 0S, 256S, 512S, 768S
-# MBR disk use only the sector 0, so 1S is free
-# GPT disk use sector 0-33S, so first free slot is 256S
-# Offset are from the BBB default settings
-
-# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-# Don't name partition in the installer disk image, otherwise the installer may not work as it rely on partition label!
-# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-
-part --offset 256S --source bootimg-partition --part-type=EF00 --ondisk mmcblk0
-part --fixed-size 3G --fstype=vfat --label=image
-bootloader --ptable gpt

layers/meta-belden-coreos-bsp/wic/generic-uefi.wks.in

@@ -1,11 +1,10 @@
 # short-description: Create an EFI disk image for genericx86*
 # long-description: Creates a partitioned EFI disk image for genericx86* machines
+${WKS_PART_EFI} --ondisk sda  --align 1024 --size 64M --extra-space 0 --overhead-factor 1
+${WKS_PART_ROOT_A} --ondisk sda --size ${WKS_PART_ROOT_SIZE} --extra-space 0 --overhead-factor 1
+${WKS_PART_ROOT_B} --ondisk sda --size ${WKS_PART_ROOT_SIZE} --extra-space 0 --overhead-factor 1
+${WKS_PART_EFIBOOTGUARD_A} --ondisk sda  --align 1024 --size 128M --extra-space 0 --overhead-factor 1
+${WKS_PART_EFIBOOTGUARD_B} --ondisk sda  --align 1024 --size 128M --extra-space 0 --overhead-factor 1
 
-${WKS_PART_EFI} --align 1024 --size ${PART_EFI_SIZE} --extra-space 0 --overhead-factor 1
-${WKS_PART_ROOT_A} --size ${PART_ROOT_SIZE} --extra-space 0 --overhead-factor 1
-${WKS_PART_ROOT_B} --size ${PART_ROOT_SIZE} --extra-space 0 --overhead-factor 1
-${WKS_PART_EFIBOOTGUARD_A} --align 1024 --size ${PART_EFIBG_SIZE} --extra-space 0 --overhead-factor 1
-${WKS_PART_EFIBOOTGUARD_B} --align 1024 --size ${PART_EFIBG_SIZE} --extra-space 0 --overhead-factor 1
-${WKS_PART_USERDATA} --size ${PART_USERDATA_SIZE} --extra-space 0 --overhead-factor 1
-
+part swap --ondisk sda --size 44 --label swap1 --fstype=swap
 bootloader --ptable gpt

layers/meta-belden-coreos-bsp/wic/qemu-efi-coreos-generic.wks.in

@@ -2,11 +2,10 @@
 # long-description: Creates a partitioned EFI disk image that the user
 # can directly dd to boot media.
 
-part --source efibootguard-efi --label efi --part-type=EF00 --use-uuid --offset 20480S --size ${PART_EFI_SIZE} --extra-space 0 --overhead-factor 1
-part / --source rootfs --fstype=ext4 --label rootfs0 --use-uuid --size ${PART_ROOT_SIZE} --extra-space 0 --overhead-factor 1
-part --fstype=ext4 --label rootfs1 --use-uuid --size ${PART_ROOT_SIZE} --extra-space 0 --overhead-factor 1
-part --source efibootguard-boot --label ebg0 --part-type=0700 --sourceparams "args=coreos.root=rootfs0,watchdog=${EFIBOOTGUARD_TIMEOUT},revision=2,kernel=${COREOS_KERNEL_FILENAME};KERNEL.EFI" --use-uuid --align 1024 --size ${PART_EFIBG_SIZE} --extra-space 0 --overhead-factor 1
-part --source efibootguard-boot --label ebg1 --part-type=0700 --sourceparams "args=coreos.root=rootfs1,watchdog=${EFIBOOTGUARD_TIMEOUT},revision=1,kernel=${COREOS_KERNEL_FILENAME};KERNEL.EFI" --use-uuid --align 1024 --size ${PART_EFIBG_SIZE} --extra-space 0 --overhead-factor 1
-${WKS_PART_USERDATA} --use-uuid --size ${PART_USERDATA_SIZE} --extra-space 0 --overhead-factor 1
+part --source efibootguard-efi --label efi --part-type=EF00 --ondisk mmcblk1 --offset 20480S --size 64M --extra-space 0 --overhead-factor 1
+part / --source rootfs --fstype=ext4 --label rootfs0 --ondisk mmcblk1 --size ${WKS_PART_ROOT_SIZE} --extra-space 0 --overhead-factor 1
+part --fstype=ext4 --label rootfs1 --ondisk mmcblk1 --size ${WKS_PART_ROOT_SIZE} --extra-space 0 --overhead-factor 1
+part --source efibootguard-boot --label ebg0 --part-type=0700 --sourceparams "args=coreos.root=rootfs0,watchdog=${EFIBOOTGUARD_TIMEOUT},revision=2,kernel=${COREOS_KERNEL_FILENAME};KERNEL.EFI" --ondisk mmcblk1  --align 1024 --size 128M --extra-space 0 --overhead-factor 1
+part --source efibootguard-boot --label ebg1 --part-type=0700 --sourceparams "args=coreos.root=rootfs1,watchdog=${EFIBOOTGUARD_TIMEOUT},revision=1,kernel=${COREOS_KERNEL_FILENAME};KERNEL.EFI" --ondisk mmcblk1  --align 1024 --size 128M --extra-space 0 --overhead-factor 1
 
 bootloader --ptable gpt

layers/meta-belden-coreos-demo/recipes-core/images/coreos-image-demo-k3s.bb

@@ -4,5 +4,3 @@ require recipes-core/images/coreos-image-all-features.bb
 
 IMAGE_INSTALL += "k3s-agent"
 
-# To use this image, please add k3s to DISTRO_FEATURE inside your
-# local.conf config file.

layers/meta-belden-coreos-demo/recipes-kernel/linux/linux-yocto_%.bbappend

@@ -1 +0,0 @@
-FILESEXTRAPATHS:prepend := "${THISDIR}/files:"

layers/meta-belden-coreos/classes/coreos-image-ci.bbclass

@@ -3,7 +3,6 @@
 # > COREOS_IMAGE_EXTRACLASSES += "coreos-image-ci"
 # in auto.conf (or local.conf)
 
-inherit kernel-artifact-names
 
 def get_coreos_ci_artifacts(d):
     artifacts = []
@@ -13,11 +12,11 @@ def get_coreos_ci_artifacts(d):
 
     # Container handling
     # ==========================================================================
-
+    
     if bb.utils.contains('IMAGE_FSTYPES', 'oci', True, False, d):
 
         artifacts.append(d.getVar('IMAGE_LINK_NAME') + '.rootfs-oci.tar')
-
+        
         # Special case for container, we just need the OCI tarball
         return " ".join(artifacts)
 
@@ -26,14 +25,10 @@ def get_coreos_ci_artifacts(d):
 
     if bb.utils.contains('IMAGE_FSTYPES', 'wic.xz', True, False, d):
         artifacts.append(d.getVar('IMAGE_LINK_NAME') + '.wic.xz')
-
+    
     if bb.utils.contains('IMAGE_FSTYPES', 'wic.bmap', True, False, d):
         artifacts.append(d.getVar('IMAGE_LINK_NAME') + '.wic.bmap')
 
-    # This is used for qemu-coreos-arm64
-    if bb.utils.contains('IMAGE_FSTYPES', 'wic.qcow2', True, False, d):
-        artifacts.append(d.getVar('IMAGE_LINK_NAME') + '.wic.qcow2')
-
     if d.getVar('COREOS_IMAGE_GENERATE_SWU') == '1':
         artifacts.append(d.getVar('IMAGE_LINK_NAME') + '.swu')
 
@@ -95,5 +90,5 @@ do_deploy_ci() {
     for file in ${COREOS_CI_DEPLOY_ARTIFACTS}; do
         echo $file >> $output
     done
-}
+} 
 addtask deploy_ci after do_image before do_build

layers/meta-belden-coreos/classes/coreos-image-installer.bbclass

@@ -1,41 +0,0 @@
-# Class used to generate image based on Belden CoreOS
-
-export IMAGE_BASENAME = "${MLPREFIX}${PN}"
-IMAGE_NAME_SUFFIX ?= ""
-IMAGE_LINGUAS = ""
-
-LICENSE = "MIT"
-
-IMAGE_FSTYPES = "cpio.gz"
-
-# Support for generating a SDCard or USB installer is optional
-COREOS_INSTALLER_WKS_FILE ??= ""
-WKS_FILE = "${COREOS_INSTALLER_WKS_FILE}"
-IMAGE_FSTYPES += "${@'wic.xz wic.bmap' if d.getVar('COREOS_INSTALLER_WKS_FILE') else ''}"
-IMAGE_BOOT_FILES =  "${COREOS_KERNEL_FILENAME};EFI/BOOT/${EFI_BOOT_IMAGE}"
-
-COREOS_IMAGE_GENERATE_UKI = "1"
-
-# IMGDEPLOYDIR has to be used instead of DEPLOY_DIR_IMAGE here, because it will
-# run during image generation
-COREOS_UKI_PART_INITRAMFS = "${IMGDEPLOYDIR}/${IMAGE_BASENAME}-${MACHINE}.cpio.gz"
-COREOS_IMAGE_GENERATE_SWU = "0"
-
-# Change generated UKI filename and reset the bundled command line to "APPEND"
-# to ensure that root is not set in the kernel command line
-COREOS_KERNEL_NAME ?= "coreos-installer-${MACHINE}"
-COREOS_KERNEL_CMDLINE ?= "${APPEND}"
-
-inherit coreos-image
-
-# Only install a reduced set of package and feature to keep image size small
-IMAGE_INSTALL = "packagegroup-coreos-boot coreos-installer coreos-installer-unattended util-linux-sfdisk util-linux-fdisk util-linux-cfdisk efibootguard efibootguard-tools"
-IMAGE_FEATURES = "debug-tweaks swupdate"
-NO_RECOMMENDATIONS = "1"
-
-IMAGE_ROOTFS_SIZE = "8192"
-INITRAMFS_MAXSIZE = "976562"
-IMAGE_ROOTFS_EXTRA_SPACE = "0"
-
-# Use the same restriction as initramfs-module-install
-COMPATIBLE_HOST = '(x86_64.*|i.86.*|arm.*|aarch64.*)-(linux.*|freebsd.*)'

layers/meta-belden-coreos/classes/coreos-image.bbclass

@@ -68,7 +68,6 @@ PACKAGE_EXCLUDE_COMPLEMENTARY:append = "${@bb.utils.contains_any('PACKAGE_INSTAL
 COREOS_IMAGE_BASE_INSTALL = "\
     packagegroup-coreos-boot \
     packagegroup-coreos-base \
-    secure-storage \
     "
 
 COREOS_IMAGE_EXTRA_INSTALL ?= ""
@@ -90,10 +89,8 @@ IMAGE_ROOTFS_EXTRA_SPACE:append = " ${@bb.utils.contains('DISTRO_FEATURES', 'sys
 # Unified kernel image and swupdate support
 # ==============================================================================
 
-# The CoreOS image installer is disabled by default.
-COREOS_IMAGE_GENERATE_INSTALLER ?= "0"
-
-# Support for Unified Kernel Image and Swupdate are optional.
+# Support for Unified Kernel Image and Swupdate are optional
+COREOS_IMAGE_GENERATE_INSTALLER ?= "${@"1" if "efi" in d.getVar('COMBINED_FEATURES') and "swupdate" in d.getVar("DISTRO_FEATURES") else "0"}"
 COREOS_IMAGE_GENERATE_UKI ?= "${@bb.utils.contains("COMBINED_FEATURES", "efi", "1", "0", d)}"
 COREOS_IMAGE_GENERATE_SWU ?= "${@"1" if "efi" in d.getVar('COMBINED_FEATURES') and "swupdate" in d.getVar("DISTRO_FEATURES") else "0"}"
 

layers/meta-belden-coreos/classes/coreos-sanity.bbclass

@@ -13,8 +13,6 @@ addhandler check_coreos_sanity_eventhandler
 check_coreos_sanity_eventhandler[eventmask] = "bb.event.SanityCheck"
 python check_coreos_sanity_eventhandler() {
 
-    import datetime
-
     # Checks related to the distribution configuration files
     # ==========================================================================
 
@@ -31,22 +29,13 @@ python check_coreos_sanity_eventhandler() {
             "systemd is not set as `INIT_MANAGER`. "
             "Using SystemD is mandatory on CoreOS based distribution"
         )
-
+    
     if e.data.getVar("TCLIBC") != "glibc":
         bb.fatal(
             "glibc is not set as `TCLIBC`. "
             "Using glibc is mandatory on CoreOS based distribution"
         )
-
-    # Check if the timestamp for REPRODUCIBLE_TIMESTAMP_ROOTFS is still up to date
-    first_of_year = datetime.datetime(datetime.date.today().year, 1, 1, tzinfo=datetime.timezone.utc)
-    foy_ts = str(int(first_of_year.timestamp()))
-    if e.data.getVar("REPRODUCIBLE_TIMESTAMP_ROOTFS") != foy_ts:
-        bb.warn(
-            "`REPRODUCIBLE_TIMESTAMP_ROOTFS` outdated!"
-            "Set to current 01. january of the year."
-        )
-
+    
     # Checks related to the machine configuration files
     # ==========================================================================
 
@@ -58,7 +47,7 @@ python check_coreos_sanity_eventhandler() {
                 "CoreOS recommands to use compressed wic image, please add "
                 "`wic.xz` to your machine `IMAGE_FSTYPES` variables"
             )
-
+        
         if not "wic.bmap":
             bb.warn(
                 "wic image should be flashed with bmaptools, but this require "

layers/meta-belden-coreos/conf/distro/include/belden-coreos-base.inc

@@ -2,11 +2,6 @@
 # it should support the most basic distro without optional coreos
 # features
 
-# Using :coreos override should work on all CoreOS based distro
-# Note that :belden-coreos does not work on CoreOS based distro but will
-# work when build for the belden-coreos distro
-DISTROOVERRIDES = "coreos:${DISTRO}"
-
 INHERIT += "coreos_metadata_scm"
 
 # Distro features and policies
@@ -111,8 +106,3 @@ PACKAGECONFIG:pn-systemd ?= " \
 # Distro based on CoreOS can provide their own configuration files for the
 # CoreOS installer by overriding this variable
 PREFERRED_PROVIDER_coreos-installer-config ??= "coreos-installer-config"
-
-# This TS represents 01.01.2024 generating it dynamically would cause a lot of
-# things to get re-build, we need a good solution for this or change it every
-# year
-REPRODUCIBLE_TIMESTAMP_ROOTFS = "1704067200"

layers/meta-belden-coreos/conf/distro/include/coreos-support.inc

@@ -1,149 +0,0 @@
-COREOS_RECIPE_MAINTAINER:pn-acl = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-arptables = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-attr = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-autoconf-archive = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-base-files = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-base-passwd = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-bash-completion = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-bash = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-binutils-cross-x86_64 = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-boost = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-bridge-utils = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-busybox = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-bzip2 = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-ca-certificates = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-conntrack-tools = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-coreutils = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-cppzmq = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-cracklib = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-cryptsetup = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-curl = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-dbus = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-depmodwrapper-cross = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-e2fsprogs = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-ebtables = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-efibootguard = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-elfutils = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-ethtool = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-expat = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-findutils = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-flatbuffers = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-flex = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-fmt = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-gawk = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-gcc-cross-x86_64 = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-gcc-runtime = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-gcc-source-11.4.0 = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-gdbm = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-glib-2.0 = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-glibc = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-glibc-locale = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-gmp = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-gnu-efi = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-gnutls = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-grub-bootconf = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-grub = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-grub-efi = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-icu = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-iproute2 = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-iptables = "Team CoreOS"
-#iw should be removed
-COREOS_RECIPE_MAINTAINER:pn-json-c = "Team CoreOS"
-# kbd check if it can be removed
-# kmod check if it can be removed
-COREOS_RECIPE_MAINTAINER:pn-libaio = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-libarchive = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-libcap = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-libcap-ng = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-libcheck = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-libconfig = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-libdevmapper = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-libestr = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-libfastjson = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-libffi = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-libgcc = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-libgcc-initial = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-libgcrypt = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-libgpg-error = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-libidn2 = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-liblogging = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-libmnl = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-libnet = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-libnetfilter-conntrack = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-libnetfilter-cthelper = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-libnetfilter-cttimeout = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-libnetfilter-log = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-libnetfilter-queue = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-libnfnetlink = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-libnl = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-libnsl2 = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-libpam = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-libpcap = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-libpcre = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-libseccomp = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-libsodium = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-libsolv = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-libssh2 = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-libssh = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-libtirpc = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-libtool-cross = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-libunistring = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-libusb1 = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-libxcrypt = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-libxml2 = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-linux-libc-headers = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-linux-yocto = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-logrotate = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-lrzsz = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-lvm2 = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-lzo = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-m4 = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-mtools = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-ncurses = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-netbase = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-nettle = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-openssh = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-openssl = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-opkg-arch-config = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-opkg = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-opkg-utils = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-os-release = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-packagegroup-base = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-packagegroup-core-boot = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-packagegroup-coreos-base = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-packagegroup-coreos-boot = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-pciutils = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-perl = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-popt = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-python3 = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-qemuwrapper-cross = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-readline = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-rsyslog = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-run-postinsts = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-secure-storage = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-setserial = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-sh = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-shared-mime-info = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-spdlog = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-sqlite3 = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-swupdate = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-sysfsutils = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-syslinux = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-syslog-ng = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-systemd-bootconf = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-systemd-boot = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-systemd-conf = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-systemd = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-systemd-serialgetty = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-tar = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-tcpdump = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-usbutils = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-util-linux = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-util-linux-libuuid = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-volatile-binds = "Team CoreOS"
-# wpa-supplicant should be removed
-COREOS_RECIPE_MAINTAINER:pn-xz = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-zeromq = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-zip = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-zlib = "Team CoreOS"
-COREOS_RECIPE_MAINTAINER:pn-zstd = "Team CoreOS"

layers/meta-belden-coreos/recipes-bsp/efi/efi-secureboot-keys.bb

@@ -0,0 +1,33 @@
+SUMMARY = "A recipe to deploy UEFI public keys update files"
+LICENSE = "CLOSED"
+
+
+INHIBIT_DEFAULT_DEPS = "1"
+inherit nopackages
+
+inherit deploy
+inherit coreos-efi-secureboot
+
+# Public key needed by firmware very depending on the implementation
+# So we copy all type of public key (*.auth, *.esl, *.crt, *der)
+addtask deploy after do_compile
+do_deploy() {
+    install -D -m 644 ${COREOS_EFI_SECUREBOOT_KEYDIR}/KEK.auth ${DEPLOYDIR}/KEK.auth
+    install -D -m 644 ${COREOS_EFI_SECUREBOOT_KEYDIR}/db.auth ${DEPLOYDIR}/db.auth
+    install -D -m 644 ${COREOS_EFI_SECUREBOOT_KEYDIR}/PK.auth ${DEPLOYDIR}/PK.auth
+    
+    install -D -m 644 ${COREOS_EFI_SECUREBOOT_KEYDIR}/KEK.esl ${DEPLOYDIR}/KEK.esl
+    install -D -m 644 ${COREOS_EFI_SECUREBOOT_KEYDIR}/db.esl ${DEPLOYDIR}/db.esl
+    install -D -m 644 ${COREOS_EFI_SECUREBOOT_KEYDIR}/PK.esl ${DEPLOYDIR}/PK.esl
+
+    install -D -m 644 ${COREOS_EFI_SECUREBOOT_KEYDIR}/KEK.crt ${DEPLOYDIR}/KEK.crt
+    install -D -m 644 ${COREOS_EFI_SECUREBOOT_KEYDIR}/db.crt ${DEPLOYDIR}/db.crt
+    install -D -m 644 ${COREOS_EFI_SECUREBOOT_KEYDIR}/PK.crt ${DEPLOYDIR}/PK.crt
+
+    install -D -m 644 ${COREOS_EFI_SECUREBOOT_KEYDIR}/KEK.der ${DEPLOYDIR}/KEK.der
+    install -D -m 644 ${COREOS_EFI_SECUREBOOT_KEYDIR}/db.der ${DEPLOYDIR}/db.der
+    install -D -m 644 ${COREOS_EFI_SECUREBOOT_KEYDIR}/PK.der ${DEPLOYDIR}/PK.der
+
+    # !SECURITY WARNING! 
+    # .key file are not copied to DEPLOYDIR, as they contains the PRIVATE keys
+}

layers/meta-belden-coreos/recipes-bsp/efibootguard/efibootguard_%.bbappend

@@ -9,8 +9,6 @@ SRC_URI += "file://0001-coreos-add-a-coreos-specific-rootfs-switch-to-the-UK.pat
 # Add signature support
 # ==============================================================================
 
-DEPENDS:append = " cos-certificates-and-keys-native"
-
 inherit coreos-efi-sbsign
 require conf/image-uefi.conf
 

layers/meta-belden-coreos/recipes-bsp/u-boot/u-boot_%.bbappend

@@ -1,5 +0,0 @@
-# Add CoreOS distro settings to u-boot
-UBOOT_COREOS_REQUIRE:coreos ?= "u-boot-coreos.inc"
-UBOOT_COREOS_REQUIRE ?= ""
-
-require ${UBOOT_COREOS_REQUIRE}

layers/meta-belden-coreos/recipes-core/images/coreos-image-all-features.bb

@@ -10,6 +10,3 @@ IMAGE_INSTALL:append = "${@bb.utils.contains("IMAGE_FEATURES", "swupdate", " swu
 
 # development tools
 IMAGE_INSTALL:append = " systemd-analyze"
-
-# Enable the optional image installer
-COREOS_IMAGE_GENERATE_INSTALLER = "1"

layers/meta-belden-coreos/recipes-core/images/coreos-image-installer.bb

@@ -1,4 +1,50 @@
 DESCRIPTION = "Initramfs image with the CoreOS emmc installer"
+
+
+
+# Don't reboot the device at reboot and don't do A/B switching
+BAD_RECOMMENDATIONS = "swupdate-progress swupdate-coreos-config"
+
+export IMAGE_BASENAME = "${MLPREFIX}${PN}"
+IMAGE_NAME_SUFFIX ?= ""
+IMAGE_LINGUAS = ""
+
 LICENSE = "MIT"
 
-inherit coreos-image-installer
+IMAGE_FSTYPES = "cpio.gz"
+
+# Support for generating a SDCard installer is optional
+COREOS_INSTALLER_WKS_FILE ??= ""
+WKS_FILE = "${COREOS_INSTALLER_WKS_FILE}"
+IMAGE_FSTYPES += "${@'wic.xz wic.bmap' if d.getVar('COREOS_INSTALLER_WKS_FILE') else ''}"
+IMAGE_BOOT_FILES =  "${COREOS_KERNEL_FILENAME};EFI/BOOT/${EFI_BOOT_IMAGE}"
+
+COREOS_IMAGE_GENERATE_UKI = "1"
+
+# Avoid dependancy loop, we are already in an installer image, so we don't need
+# to bundle another one
+COREOS_IMAGE_GENERATE_INSTALLER = "0"
+
+# IMGDEPLOYDIR has to be used instead of DEPLOY_DIR_IMAGE here, because it will
+# run during image generation
+COREOS_UKI_PART_INITRAMFS = "${IMGDEPLOYDIR}/${IMAGE_BASENAME}-${MACHINE}.cpio.gz"
+COREOS_IMAGE_GENERATE_SWU = "0"
+
+# Change generated UKI filename and reset the bundled command line to "APPEND"
+# to ensure that root is not set in the kernel command line
+COREOS_KERNEL_NAME ?= "coreos-installer-${MACHINE}"
+COREOS_KERNEL_CMDLINE ?= "${APPEND}"
+
+inherit coreos-image
+
+# Only install a reduced set of package and feature to keep image size small
+IMAGE_INSTALL = "packagegroup-coreos-boot coreos-installer swupdate-www util-linux-sfdisk util-linux-fdisk util-linux-cfdisk efibootguard efibootguard-tools"
+IMAGE_FEATURES = "debug-tweaks swupdate networkmanager"
+NO_RECOMMENDATIONS = "1"
+
+IMAGE_ROOTFS_SIZE = "8192"
+INITRAMFS_MAXSIZE = "976562"
+IMAGE_ROOTFS_EXTRA_SPACE = "0"
+
+# Use the same restriction as initramfs-module-install
+COMPATIBLE_HOST = '(x86_64.*|i.86.*|arm.*|aarch64.*)-(linux.*|freebsd.*)'

layers/meta-belden-coreos/recipes-core/packagegroups/packagegroup-coreos-base.bb

@@ -15,7 +15,7 @@ COREOS_IMAGE_EFI_PROVIDER_EXTRA = " \
 "
 
 RDEPENDS:${PN} = "\
-    packagegroup-base \
+    packagegroup-base-extended \
     os-release \
     ${@bb.utils.contains("MACHINE_FEATURES", "efi", "${COREOS_IMAGE_EFI_PROVIDER_EXTRA}", "", d)} \
 "

layers/meta-belden-coreos/recipes-core/systemd/systemd-conf/system.conf-watchdog

@@ -1,2 +0,0 @@
-[Manager]
-RuntimeWatchdogSec=5

layers/meta-belden-coreos/recipes-core/systemd/systemd_%.bbappend

@@ -1,15 +0,0 @@
-
-FILESEXTRAPATHS:prepend := "${THISDIR}/systemd-conf:"
-
-SRC_URI += " file://system.conf-watchdog"
-
-do_install:append(){
-	# the creation date/time of this file will be used as initial boot time.
-	# Creation time will be set to REPRODUCIBLE_TIMESTAMP_ROOTFS
-	# More info about the date/time handling here:
-	# https://www.freedesktop.org/software/systemd/man/latest/systemd-timesyncd.service.html
-	touch ${D}/${base_libdir}/clock-epoch
-	install -D -m0644 ${WORKDIR}/system.conf-watchdog ${D}${systemd_unitdir}/system.conf.d/01-${PN}-watchdog.conf
-}
-
-FILES:${PN} += "${base_libdir}/clock-epoch"

layers/meta-belden-coreos/recipes-coreos/coreos-installer/coreos-installer-unattended/99-overwrite.sh

@@ -1,23 +0,0 @@
-#!/usr/bin/env sh
-
-# catch errors from previous source files
-if [ "$SWUPDATE_EXIT" != "" ]; then
-  # Notify the installation status indicator about the failed installation.
-  # This can result in the red LED lighting up.
-  dbus-send --system /org/belden/CoreOSInstallationStatusIndicator org.belden.CoreOSInstallationStatusIndicator.InstallationStatusFailure
-  exit 1
-fi
-
-# Notify the installation status indicator about the success with partitioning
-# the blockdevice. This can result in the first green LED lighting up.
-dbus-send --system /org/belden/CoreOSInstallationStatusIndicator org.belden.CoreOSInstallationStatusIndicator.InstallationStatusPartitioningSuccess
-
-mount /dev/disk/by-label/image /mnt
-if [ ! -f "/mnt/image.swu" ]; then
-  echo "Could not find image.swu on the vfat partition!"
-  dbus-send --system /org/belden/CoreOSInstallationStatusIndicator org.belden.CoreOSInstallationStatusIndicator.InstallationStatusFailure
-  exit 1
-fi
-
-SWUPDATE_ARGS="${SWUPDATE_ARGS} -p /usr/lib/swupdate/post-install.sh"
-SWUPDATE_ARGS="${SWUPDATE_ARGS} -i /mnt/image.swu"

layers/meta-belden-coreos/recipes-coreos/coreos-installer/coreos-installer-unattended/post-install.sh

@@ -1,5 +0,0 @@
-#!/usr/bin/env sh
-
-# Notify the installation status indicator about the success with flashing the image.
-# This can result in the second green LED lighting up.
-dbus-send --system /org/belden/CoreOSInstallationStatusIndicator org.belden.CoreOSInstallationStatusIndicator.InstallationStatusImageFlashingSuccess

layers/meta-belden-coreos/recipes-coreos/coreos-installer/coreos-installer-unattended_1.0.bb

@@ -1,23 +0,0 @@
-DESCRIPTION = "CoreOS scripts for unattended installation"
-SECTION = "coreos"
-LICENSE = "CLOSED"
-
-SRC_URI += "\
-    file://99-overwrite.sh \
-    file://post-install.sh \
-"
-
-FILES:${PN} = "\
-    ${libdir}/swupdate/conf.d/99-overwrite.sh \
-    ${libdir}/swupdate/post-install.sh \
-"
-
-RDEPENDS:${PN} = "coreos-installer"
-
-RCONFLICTS:${PN} = "swupdate-www"
-
-do_install() {
-    install -d ${D}${libdir}/swupdate/conf.d
-    install -m 755 ${WORKDIR}/post-install.sh ${D}${libdir}/swupdate/
-    install -m 755 ${WORKDIR}/99-overwrite.sh ${D}${libdir}/swupdate/conf.d/
-}

layers/meta-belden-coreos/recipes-coreos/coreos-installer/coreos-installer/25-installer-config.sh

@@ -1,8 +1,5 @@
 #!/usr/bin/env sh
 
-set -o errtrace
-trap 'echo "An error occured in line $LINENO: $BASH_COMMAND, exiting..."; SWUPDATE_EXIT=1; exit;' ERR
-
 # Read /etc/hwrevision and turn it into a stripped string
 # with the format ${MACHINE}_${VERSION}
 HWREVISION=$(tr ' ' '_' < /etc/hwrevision | tr -d '[:space:]')
@@ -18,13 +15,6 @@ fi
 
 DISK=$(grep "^device:\s" < "${SFDISK_DUMP_FILE}" | cut -d ' ' -f 2)
 
-# Remove the partition table signature, if there is already one.
-# This ensures that sfdisk always finds a 'clean' disk to install / recover
-wipefs -a -f ${DISK}
-
-# Give the kernel some time to reload the partition
-sleep 3
-
 echo "Flashing ${SFDISK_DUMP_FILE} to ${DISK}"
 cat "${SFDISK_DUMP_FILE}"
 sfdisk "${DISK}" < "${SFDISK_DUMP_FILE}"
@@ -58,4 +48,3 @@ umount /mnt/ebg1
 umount /mnt/efi
 
 SWUPDATE_ARGS="${SWUPDATE_ARGS} -e stable,copy0"
-SWUPDATE_ARGS="${SWUPDATE_ARGS} -k /usr/lib/swupdate/swupdate.crt"

layers/meta-belden-coreos/recipes-coreos/coreos-installer/coreos-installer_1.0.bb

@@ -1,18 +1,22 @@
 DESCRIPTION = "CoreOS Installer scripts"
-SECTION = "coreos"
 LICENSE = "CLOSED"
+SECTION = "coreos"
 
-SRC_URI += "file://25-installer-config.sh"
+SRC_URI+= " \
+    file://25-installer-config.sh \
+"
 
-FILES:${PN} = "${libdir}/swupdate/conf.d/25-installer-config.sh"
+# This package ship an alternate configuration for SWUpade to disable A/B
+# switching and always flash A
+RCONFLICTS:${PN}= "swupdate-coreos-config"
+
+FILES:${PN} = " \
+    ${libdir}/swupdate/conf.d/25-installer-config.sh \
+"
 
 # glibc-utils provide iconv
 # glibc-gconv-utf-16 provide utf-16 support to iconv
-RDEPENDS:${PN} = "coreos-installer-config dosfstools glibc-gconv-utf-16 glibc-utils util-linux-lsblk util-linux-sfdisk util-linux-wipefs"
-
-# This package ships an alternate configuration for SWUpdate to disable A/B
-# switching and always flash A
-RCONFLICTS:${PN} = "swupdate-coreos-config"
+RDEPENDS:${PN} = "coreos-installer-config dosfstools util-linux-lsblk util-linux-sfdisk glibc-utils glibc-gconv-utf-16"
 
 do_install() {
     install -d ${D}${libdir}/swupdate/conf.d

layers/meta-belden-coreos/recipes-kernel/linux/files/secure-storage.cfg

@@ -1,4 +0,0 @@
-CONFIG_BLK_DEV_DM=y
-CONFIG_KEYS=y
-CONFIG_ENCRYPTED_KEYS=y
-CONFIG_DM_CRYPT=y

layers/meta-belden-coreos/recipes-kernel/linux/linux-yocto-coreos.inc

@@ -1,8 +0,0 @@
-FILESEXTRAPATHS:prepend := "${THISDIR}/files:"
-
-# Secure Storage
-# ==============================================================================
-SRC_URI += "file://secure-storage.cfg"
-
-# Ensure the Kernel EFI STUB is enabled
-KERNEL_FEATURES += "cfg/efi.scc cfg/efi-ext.scc"

layers/meta-belden-coreos/recipes-kernel/linux/linux-yocto_%.bbappend

@@ -1,6 +0,0 @@
-# Add CoreOS distro settings to the linux-yocto recipes
-
-LINUX_YOCTO_COREOS_REQUIRE ?= ""
-LINUX_YOCTO_COREOS_REQUIRE:coreos = "linux-yocto-coreos.inc"
-
-require ${LINUX_YOCTO_COREOS_REQUIRE}

layers/meta-belden-coreos/recipes-security/cos-certificates-and-keys/cos-certificates-and-keys-native_1.0.bb

@@ -1,65 +0,0 @@
-SUMMARY = "Installs CoreOS certificates and keys"
-DESCRIPTION = "Installs CoreOS certificates and keys that are used during the build"
-AUTHOR = "Patrick Vogelaar"
-LICENSE = "CLOSED"
-
-SRC_URI = "git://git@bitbucket.gad.local:7999/ico/development-keys.git;protocol=ssh;branch=master"
-SRCREV = "2b5d6941ea8759db90f07e195bb1855f618cccb7"
-
-S = "${WORKDIR}/git"
-
-inherit deploy native
-
-CERTIFICATES_AND_KEYS_DIR ?= "${datadir}/keys/"
-
-#FILES:${PN} += "${CERTIFICATES_AND_KEYS_DIR}/*"
-
-
-do_install() {
-    install -d "${D}/${CERTIFICATES_AND_KEYS_DIR}"
-    install -m 755 ${S}/db.auth ${D}/${CERTIFICATES_AND_KEYS_DIR}/db.auth
-    install -m 755 ${S}/db.crt ${D}/${CERTIFICATES_AND_KEYS_DIR}/db.crt
-    install -m 755 ${S}/db.der ${D}/${CERTIFICATES_AND_KEYS_DIR}/db.der
-    install -m 755 ${S}/db.esl ${D}/${CERTIFICATES_AND_KEYS_DIR}/db.esl
-    install -m 755 ${S}/db.key ${D}/${CERTIFICATES_AND_KEYS_DIR}/db.key
-    install -m 755 ${S}/KEK.auth ${D}/${CERTIFICATES_AND_KEYS_DIR}/KEK.auth
-    install -m 755 ${S}/KEK.crt ${D}/${CERTIFICATES_AND_KEYS_DIR}/KEK.crt
-    install -m 755 ${S}/KEK.der ${D}/${CERTIFICATES_AND_KEYS_DIR}/KEK.der
-    install -m 755 ${S}/KEK.esl ${D}/${CERTIFICATES_AND_KEYS_DIR}/KEK.esl
-    install -m 755 ${S}/KEK.key ${D}/${CERTIFICATES_AND_KEYS_DIR}/KEK.key
-    install -m 755 ${S}/PK.auth ${D}/${CERTIFICATES_AND_KEYS_DIR}/PK.auth
-    install -m 755 ${S}/PK.crt ${D}/${CERTIFICATES_AND_KEYS_DIR}/PK.crt
-    install -m 755 ${S}/PK.der ${D}/${CERTIFICATES_AND_KEYS_DIR}/PK.der
-    install -m 755 ${S}/PK.esl ${D}/${CERTIFICATES_AND_KEYS_DIR}/PK.esl
-    install -m 755 ${S}/PK.key ${D}/${CERTIFICATES_AND_KEYS_DIR}/PK.key
-    install -m 755 ${S}/swupdate.crt ${D}/${CERTIFICATES_AND_KEYS_DIR}/swupdate.crt
-    install -m 755 ${S}/swupdate.key ${D}/${CERTIFICATES_AND_KEYS_DIR}/swupdate.key
-
-    bbwarn "Development certificates and keys are added into the image (UNSECURE)! This image must not be released!"
-}
-
-
-# Public key needed by firmware very depending on the implementation
-# So we copy all type of public key (*.auth, *.esl, *.crt, *der)
-
-addtask deploy after do_compile
-do_deploy() {
-    install -D -m 644 ${S}/KEK.auth ${DEPLOYDIR}/KEK.auth
-    install -D -m 644 ${S}/db.auth ${DEPLOYDIR}/db.auth
-    install -D -m 644 ${S}/PK.auth ${DEPLOYDIR}/PK.auth
-
-    install -D -m 644 ${S}/KEK.esl ${DEPLOYDIR}/KEK.esl
-    install -D -m 644 ${S}/db.esl ${DEPLOYDIR}/db.esl
-    install -D -m 644 ${S}/PK.esl ${DEPLOYDIR}/PK.esl
-
-    install -D -m 644 ${S}/KEK.crt ${DEPLOYDIR}/KEK.crt
-    install -D -m 644 ${S}/db.crt ${DEPLOYDIR}/db.crt
-    install -D -m 644 ${S}/PK.crt ${DEPLOYDIR}/PK.crt
-
-    install -D -m 644 ${S}/KEK.der ${DEPLOYDIR}/KEK.der
-    install -D -m 644 ${S}/db.der ${DEPLOYDIR}/db.der
-    install -D -m 644 ${S}/PK.der ${DEPLOYDIR}/PK.der
-
-    # !SECURITY WARNING!
-    # .key file are not copied to DEPLOYDIR, as they contains the PRIVATE keys
-}

layers/meta-belden-coreos/recipes-security/secure-storage/files/sec-storage-loopback.sh

@@ -1,93 +0,0 @@
-#!/usr/bin/env sh
-
-loopdir=/usr/local/data/loopdevices
-loopfile=$loopdir/crypt.loop
-
-keyfiledir=/usr/local/data/.crypto
-keyfile=$keyfiledir/ss_crypto.keyfile
-
-#megabytes
-loopsize=16
-
-#/dev/mapper/xxxxx when open
-cryptmapper=secStorage
-
-makefilesystem=ext4
-
-#mountpoint of uncrypted device
-mountpoint=/usr/local/data/secure-storage
-
-create_keyfile() {
-	# echo "Create key file"
-	systemd-notify --status="Create key file"
-	mkdir -p $keyfiledir
-	dd if=/dev/urandom of=$keyfile bs=1 count=256
-	chown root:root $keyfiledir/*
-	chmod 000 $keyfiledir/*
-}
-
-error() {
-	echo "Error: $1"
-	exit $?
-}
-
-#creates a new file
-create_loopback_and_open() {
-	# echo "Creating a file with random bits.. this could take a while..."
-	systemd-notify --status="Creating a file with random bits.. this could take a while..."
-	mkdir -p $loopdir || error "Creating loopdir"
-	mkdir -p $mountpoint || error "Creating mountpoint"
-	dd if=/dev/urandom of=$loopfile bs=1M count=$loopsize || error "Creating loopfile"
-	loopdevice=$(losetup -f --show $loopfile) || error "Setting up loop device"
-	echo "Selected loop device: $loopdevice"
-	cryptsetup luksFormat -q --key-file $keyfile $loopdevice || error "Setting up encrypted loop device"
-	cryptsetup open --key-file $keyfile $loopdevice $cryptmapper || error "Opening encrypted loop device"
-	mkfs.$makefilesystem /dev/mapper/$cryptmapper || error "Creating encrypted FS"
-	mount /dev/mapper/$cryptmapper $mountpoint || error "Mounting encrypted FS"
-	systemd-notify --ready --status="Sucessfully mounted secure storage"
-}
-
-#mounts crypted loopback file
-open() {
-	#echo "Open secure-storage"
-	systemd-notify --status="Open secure storage"
-	loopdevice=$(losetup -f --show $loopfile) || error "Setting up loop device"
-	echo "Selected loop device: $ld"
-	cryptsetup open --key-file $keyfile $loopdevice $cryptmapper || error "Opening encrypted loop device"
-	mount /dev/mapper/$cryptmapper $mountpoint || error "Mounting encrypted FS"
-	systemd-notify --ready --status="Sucessfully mounted secure storage"
-}
-
-#unmounts previously mounted loopback file
-close() {
-	echo "Close secure-storage"
-	# get loopdevice
-	loopdevice=$(losetup --list --noheadings --output NAME,BACK-FILE | grep crypt.loop | awk '{print $1}')
-	umount $mountpoint
-	cryptsetup close $cryptmapper
-	losetup -d $loopdevice
-}
-
-if [ $# -eq 1 ]
-then
-	#echo "Parameter detected"
-	$1
-	exit 0
-fi
-
-if [ -e $keyfile ]
-then
-	#echo "Key file available"
-	if [ -e $loopfile ]
-	then
-		#echo "Loop file available"
-		open
-	else
-		#echo "Loop file not available"
-		create_loopback_and_open
-	fi
-else
-	#echo "Key file not available"
-	create_keyfile
-	create_loopback_and_open
-fi

layers/meta-belden-coreos/recipes-security/secure-storage/files/secure-storage.service

@@ -1,12 +0,0 @@
-[Unit]
-Description=Secure Storage Service
-RequiresMountsFor=/usr/local/data
-
-[Service]
-Type=notify
-ExecStart=/usr/bin/sec-storage-loopback.sh
-TimeoutSec=300
-
-[Install]
-WantedBy=local-fs.target
-

layers/meta-belden-coreos/recipes-security/secure-storage/secure-storage_1.0.bb

@@ -1,34 +0,0 @@
-SUMMARY = "Provides a Secure Storage"
-DESCRIPTION = "The secure storage is a loopback mount that is encrypted. It protects data in rest"
-AUTHOR = "Patrick Vogelaar"
-LICENSE = "CLOSED"
-
-SRC_URI = "\
-    file://sec-storage-loopback.sh \
-    file://secure-storage.service \
-    "
-
-S = "${WORKDIR}"
-
-inherit systemd
-
-FILES:${PN} += "\
-    /usr/local/data/ \
-    ${systemd_unitdir}/system \
-    ${bindir}/sec-storage-loopback.sh \
-    ${systemd_unitdir}/system/secure-storage.service \
-    "
-
-do_install() {
-    install -d ${D}$/usr/local/data/
-    install -d ${D}${bindir}
-    install -m 0731 ${S}/sec-storage-loopback.sh ${D}${bindir}/sec-storage-loopback.sh
-
-    install -d ${D}${systemd_unitdir}/system
-    install -m 0644 ${S}/secure-storage.service ${D}${systemd_unitdir}/system
-}
-
-SYSTEMD_SERVICE:${PN} = "secure-storage.service"
-SYSTEMD_AUTO_ENABLE = "enable"
-
-RDEPENDS:${PN} += "cryptsetup util-linux-losetup e2fsprogs-mke2fs"

layers/meta-belden-coreos/recipes-support/swupdate/swupdate/defconfig

@@ -24,7 +24,6 @@ CONFIG_DISKPART=y
 CONFIG_DISKPART_FORMAT=y
 CONFIG_FAT_FILESYSTEM=y
 CONFIG_EXT_FILESYSTEM=y
-CONFIG_SIGNED=y
 CONFIG_SIGNED_IMAGES=y
 CONFIG_SIGALG_RAWRSA=n
 CONFIG_SIGALG_CMS=y

layers/meta-belden-coreos/recipes-support/swupdate/swupdate_%.bbappend

@@ -5,8 +5,6 @@ REQUIRED_DISTRO_FEATURES = "swupdate"
 # same file in meta-swupdate
 FILESEXTRAPATHS:prepend := "${THISDIR}/swupdate:"
 
-DEPENDS += "cos-certificates-and-keys-native"
-
 SRC_URI += "\
     file://50-webserver-config.sh \
     file://25-sw-collections-config.sh \
@@ -48,6 +46,3 @@ do_install:append() {
     install -m 755 ${COREOS_EFI_SECUREBOOT_KEYDIR}/swupdate.crt ${D}${libdir}/swupdate/
     echo "${MACHINE} 1.0" > ${D}${sysconfdir}/hwrevision
 }
-
-# Fix: libgcc_s.so.1 must be installed for pthread_exit to work
-RDEPENDS:${PN} += "libgcc"

layers/meta-belden-marvell-bsp/conf/layer.conf

@@ -9,5 +9,5 @@ BBFILE_COLLECTIONS += "meta-belden-marvell-bsp"
 BBFILE_PATTERN_meta-belden-marvell-bsp = "^${LAYERDIR}/"
 BBFILE_PRIORITY_meta-belden-marvell-bsp = "6"
 
-LAYERDEPENDS_meta-belden-marvell-bsp = "core meta-belden-coreos meta-arm"
+LAYERDEPENDS_meta-belden-marvell-bsp = "core meta-belden-coreos"
 LAYERSERIES_COMPAT_meta-belden-marvell-bsp = "kirkstone"

layers/meta-belden-marvell-bsp/recipes-bsp/trusted-firmware-a/files/0001-ddr-spd-read-failover-to-defualt-config.patch

@@ -1,14 +1,14 @@
-From 3f8f24cf82848ef1778f3e1d0a0607d4860dd4f3 Mon Sep 17 00:00:00 2001
+From 5aeea052b30604b2f8640960b775cee0f5c877cb Mon Sep 17 00:00:00 2001
 From: Alon Rotman <alon.rotman@solid-run.com>
 Date: Mon, 22 Nov 2021 13:33:25 +0200
-Subject: [PATCH] ddr spd read failover to defualt config
+Subject: [PATCH 2/2] ddr spd read failover to defualt config
 
 ---
  .../octeontx/otx2/t91/t9130/board/dram_port.c | 100 ++++++++++++++++--
  1 file changed, 93 insertions(+), 7 deletions(-)
 
 diff --git a/plat/marvell/octeontx/otx2/t91/t9130/board/dram_port.c b/plat/marvell/octeontx/otx2/t91/t9130/board/dram_port.c
-index 82ce07b09..bb7814e9b 100644
+index 0befadfc6..5de71f095 100644
 --- a/plat/marvell/octeontx/otx2/t91/t9130/board/dram_port.c
 +++ b/plat/marvell/octeontx/otx2/t91/t9130/board/dram_port.c
 @@ -33,7 +33,7 @@ struct mv_ddr_iface dram_iface_ap0 = {
@@ -148,7 +148,7 @@ index 82ce07b09..bb7814e9b 100644
  {
  	struct mv_ddr_topology_map *tm = mv_ddr_topology_map_get();
 @@ -152,7 +236,9 @@ void plat_marvell_dram_update_topology(void)
- 		i2c_write(I2C_SPD_P0_ADDR, 0x0, 1, tm->spd_data.all_bytes, 0);
+ 		i2c_write(I2C_SPD_P0_ADDR, 0x0, 1, tm->spd_data.all_bytes, 1);
  
  		/* read data from spd */
 -		i2c_read(I2C_SPD_ADDR, 0x0, 1, tm->spd_data.all_bytes,
@@ -159,3 +159,6 @@ index 82ce07b09..bb7814e9b 100644
 +			set_param_based_on_som_strap();
  	}
  }
+-- 
+2.25.1
+

layers/meta-belden-marvell-bsp/recipes-bsp/trusted-firmware-a/files/0002-som-sdp-failover-using-crc-verification.patch

@@ -1,16 +1,15 @@
-From 6cbb01ba5a5a5ad2b2247c8401d5fac488bf05c3 Mon Sep 17 00:00:00 2001
+From da25bbba607de35267f4dbe74cd772588260de57 Mon Sep 17 00:00:00 2001
 From: Alon Rotman <alon.rotman@solid-run.com>
 Date: Mon, 6 Dec 2021 18:34:37 +0200
 Subject: [PATCH] som sdp failover using crc verification
 
 Signed-off-by: Alon Rotman <alon.rotman@solid-run.com>
-
 ---
  .../octeontx/otx2/t91/t9130/board/dram_port.c | 63 ++++++++++++-------
  1 file changed, 41 insertions(+), 22 deletions(-)
 
 diff --git a/plat/marvell/octeontx/otx2/t91/t9130/board/dram_port.c b/plat/marvell/octeontx/otx2/t91/t9130/board/dram_port.c
-index bb7814e9b..772774215 100644
+index 5de71f095..d59b8100d 100644
 --- a/plat/marvell/octeontx/otx2/t91/t9130/board/dram_port.c
 +++ b/plat/marvell/octeontx/otx2/t91/t9130/board/dram_port.c
 @@ -50,7 +50,7 @@ struct mv_ddr_iface dram_iface_ap0 = {
@@ -123,3 +122,6 @@ index bb7814e9b..772774215 100644
 +	
  	}
  }
+-- 
+2.25.1
+

layers/meta-belden-marvell-bsp/recipes-bsp/trusted-firmware-a/files/ssl.patch

@@ -0,0 +1,52 @@
+fiptool: respect OPENSSL_DIR
+
+fiptool links to libcrypto, so as with the other tools it should respect
+OPENSSL_DIR for include/library paths.
+
+Upstream-Status: Submitted
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+diff --git a/Makefile b/Makefile
+index ec6f88585..2d3b9fc26 100644
+--- a/Makefile
++++ b/Makefile
+@@ -1388,7 +1388,7 @@ fwu_fip: ${BUILD_PLAT}/${FWU_FIP_NAME}
+ 
+ ${FIPTOOL}: FORCE
+ ifdef UNIX_MK
+-	${Q}${MAKE} CPPFLAGS="-DVERSION='\"${VERSION_STRING}\"'" FIPTOOL=${FIPTOOL} --no-print-directory -C ${FIPTOOLPATH}
++	${Q}${MAKE} CPPFLAGS="-DVERSION='\"${VERSION_STRING}\"'" FIPTOOL=${FIPTOOL} OPENSSL_DIR=${OPENSSL_DIR} --no-print-directory -C ${FIPTOOLPATH}
+ else
+ # Clear the MAKEFLAGS as we do not want
+ # to pass the gnumake flags to nmake.
+diff --git a/tools/fiptool/Makefile b/tools/fiptool/Makefile
+index 11d2e7b0b..7c2a08379 100644
+--- a/tools/fiptool/Makefile
++++ b/tools/fiptool/Makefile
+@@ -12,6 +12,8 @@ FIPTOOL ?= fiptool${BIN_EXT}
+ PROJECT := $(notdir ${FIPTOOL})
+ OBJECTS := fiptool.o tbbr_config.o
+ V ?= 0
++OPENSSL_DIR := /usr
++
+ 
+ override CPPFLAGS += -D_GNU_SOURCE -D_XOPEN_SOURCE=700
+ HOSTCCFLAGS := -Wall -Werror -pedantic -std=c99
+@@ -20,7 +22,7 @@ ifeq (${DEBUG},1)
+ else
+   HOSTCCFLAGS += -O2
+ endif
+-LDLIBS := -lcrypto
++LDLIBS := -L${OPENSSL_DIR}/lib -lcrypto
+ 
+ ifeq (${V},0)
+   Q := @
+@@ -28,7 +30,7 @@ else
+   Q :=
+ endif
+ 
+-INCLUDE_PATHS := -I../../include/tools_share
++INCLUDE_PATHS := -I../../include/tools_share  -I${OPENSSL_DIR}/include
+ 
+ HOSTCC ?= gcc
+ 

layers/meta-belden-marvell-bsp/recipes-bsp/u-boot/u-boot_2019.10-solidrun.bb

@@ -51,6 +51,7 @@ SRC_URI = "git://git.denx.de/u-boot.git;branch=master \
 S = "${WORKDIR}/git"
 
 require recipes-bsp/u-boot/u-boot.inc
+require recipes-bsp/u-boot/u-boot-coreos.inc
 
 # Solidrun patches require to build out-of-the-tree
 B = "${WORKDIR}/build"

layers/meta-belden-marvell-bsp/recipes-bsp/u-boot/u-boot_2023.04-marvell.bb

@@ -30,6 +30,7 @@ SRC_URI = "git://source.denx.de/u-boot/custodians/u-boot-marvell.git;branch=mast
 S = "${WORKDIR}/git"
 
 require recipes-bsp/u-boot/u-boot.inc
+require recipes-bsp/u-boot/u-boot-coreos.inc
 
 # Solidrun patches require to build out-of-the-tree
 B = "${WORKDIR}/build"

layers/meta-belden-marvell-bsp/recipes-coreos/coreos-installer/coreos-installer-config/cn9130-cf-pro_1.0.sfdisk

@@ -18,8 +18,8 @@ sector-size: 512
 /dev/mmcblk0p1 : start=        4096, size=        8192, type=71B02716-C000-4F0D-AE03-2F5DC0A114CD, name="fw0", attrs="RequiredPartition"
 /dev/mmcblk0p2 : start=       12288, size=        8192, type=71B02716-C000-4F0D-AE03-2F5DC0A114CD, name="fw1", attrs="RequiredPartition"
 
-/dev/mmcblk0p3 : size= ${PART_EFI_SIZE}, ${SFDISK_PART_EFI}
-/dev/mmcblk0p4 : size= ${PART_EFIBG_SIZE}, ${SFDISK_PART_EFIBOOTGUARD_A}
-/dev/mmcblk0p5 : size= ${PART_EFIBG_SIZE}, ${SFDISK_PART_EFIBOOTGUARD_B}
-/dev/mmcblk0p6 : size= ${PART_ROOT_SIZE}, ${SFDISK_PART_ROOT_A}
-/dev/mmcblk0p7 : size= ${PART_ROOT_SIZE}, ${SFDISK_PART_ROOT_B}
+/dev/mmcblk0p3 : start=       20480, size=      131072, ${SFDISK_PART_EFI}
+/dev/mmcblk0p4 : start=      151552, size=      262144, ${SFDISK_PART_EFIBOOTGUARD_A}
+/dev/mmcblk0p5 : start=      413696, size=      262144, ${SFDISK_PART_EFIBOOTGUARD_B}
+/dev/mmcblk0p6 : start=      675840, size=     7294976, ${SFDISK_PART_ROOT_A}
+/dev/mmcblk0p7 : start=     7970816, size=     7294976, ${SFDISK_PART_ROOT_B}

layers/meta-belden-marvell-bsp/recipes-kernel/linux/linux-netmodule/cn913x_additions.cfg

@@ -18,12 +18,11 @@ CONFIG_ACPI_CPPC_CPUFREQ=y
 CONFIG_ARM_ARMADA_8K_CPUFREQ=y
 CONFIG_MICROSEMI_PHY=y
 # CONFIG_QRTR_MHI is not set
-# CONFIG_QRTR is not set
 # CONFIG_MHI_BUS is not set
-# CONFIG_ATH11K is not set
-# CONFIG_ATH11K_AHB is not set
-# CONFIG_ATH11K_PCI is not set
-# CONFIG_ATH11K_DEBUG is not set
+CONFIG_ATH11K=m
+CONFIG_ATH11K_AHB=m
+CONFIG_ATH11K_PCI=m
+CONFIG_ATH11K_DEBUG=y
 CONFIG_CRYPTO_MICHAEL_MIC=m
 CONFIG_R8169=y
 CONFIG_MTD=y
@@ -50,25 +49,25 @@ CONFIG_WEXT_CORE=y
 CONFIG_WEXT_PROC=y
 CONFIG_WEXT_SPY=y
 CONFIG_WEXT_PRIV=y
-# CONFIG_CFG80211_DEBUGFS is not set
-# CONFIG_CFG80211_WEXT is not set
-# CONFIG_CFG80211_WEXT_EXPORT is not set
-# CONFIG_LIB80211 is not set
-# CONFIG_LIB80211_CRYPT_WEP is not set
-# CONFIG_LIB80211_CRYPT_CCMP is not set
-# CONFIG_LIB80211_CRYPT_TKIP is not set
-# CONFIG_LIB80211_DEBUG is not set
-# CONFIG_MAC80211_DEBUGFS is not set
-# CONFIG_MAC80211_MESSAGE_TRACING is not set
-# CONFIG_MAC80211_DEBUG_MENU is not set
+CONFIG_CFG80211_DEBUGFS=y
+CONFIG_CFG80211_WEXT=y
+CONFIG_CFG80211_WEXT_EXPORT=y
+CONFIG_LIB80211=m
+CONFIG_LIB80211_CRYPT_WEP=m
+CONFIG_LIB80211_CRYPT_CCMP=m
+CONFIG_LIB80211_CRYPT_TKIP=m
+CONFIG_LIB80211_DEBUG=y
+CONFIG_MAC80211_DEBUGFS=y
+CONFIG_MAC80211_MESSAGE_TRACING=y
+CONFIG_MAC80211_DEBUG_MENU=y
 # CONFIG_MAC80211_NOINLINE is not set
-# CONFIG_MAC80211_VERBOSE_DEBUG is not set
+CONFIG_MAC80211_VERBOSE_DEBUG=y
 # CONFIG_MAC80211_MLME_DEBUG is not set
-# CONFIG_MAC80211_STA_DEBUG is not set
+CONFIG_MAC80211_STA_DEBUG=y
 # CONFIG_MAC80211_HT_DEBUG is not set
 # CONFIG_MAC80211_OCB_DEBUG is not set
 # CONFIG_MAC80211_IBSS_DEBUG is not set
-# CONFIG_MAC80211_PS_DEBUG is not set
+CONFIG_MAC80211_PS_DEBUG=y
 # CONFIG_MAC80211_TDLS_DEBUG is not set
 # CONFIG_MAC80211_DEBUG_COUNTERS is not set
 CONFIG_HOTPLUG_PCI_PCIE=y
@@ -80,38 +79,38 @@ CONFIG_PCI_DEBUG=y
 # CONFIG_ATH10K_TRACING is not set
 # CONFIG_ATH11K_DEBUGFS is not set
 # CONFIG_ATH11K_TRACING is not set
-# CONFIG_IPW2100 is not set
-# CONFIG_IPW2100_MONITOR is not set
-# CONFIG_IPW2100_DEBUG is not set
-# CONFIG_IPW2200 is not set
-# CONFIG_IPW2200_MONITOR is not set
-# CONFIG_IPW2200_RADIOTAP is not set
-# CONFIG_IPW2200_PROMISCUOUS is not set
-# CONFIG_IPW2200_QOS is not set
-# CONFIG_IPW2200_DEBUG is not set
-# CONFIG_LIBIPW is not set
-# CONFIG_LIBIPW_DEBUG is not set
-# CONFIG_IWLEGACY is not set
-# CONFIG_IWL4965 is not set
-# CONFIG_IWL3945 is not set
+CONFIG_IPW2100=m
+CONFIG_IPW2100_MONITOR=y
+CONFIG_IPW2100_DEBUG=y
+CONFIG_IPW2200=m
+CONFIG_IPW2200_MONITOR=y
+CONFIG_IPW2200_RADIOTAP=y
+CONFIG_IPW2200_PROMISCUOUS=y
+CONFIG_IPW2200_QOS=y
+CONFIG_IPW2200_DEBUG=y
+CONFIG_LIBIPW=m
+CONFIG_LIBIPW_DEBUG=y
+CONFIG_IWLEGACY=m
+CONFIG_IWL4965=m
+CONFIG_IWL3945=m
 #
 # iwl3945 / iwl4965 Debugging Options
 #
-# CONFIG_IWLEGACY_DEBUG is not set
+CONFIG_IWLEGACY_DEBUG=y
 # CONFIG_IWLEGACY_DEBUGFS is not set
 # end of iwl3945 / iwl4965 Debugging Options
-# CONFIG_IWLWIFI is not set
-# CONFIG_IWLWIFI_LEDS is not set
-# CONFIG_IWLDVM is not set
-# CONFIG_IWLMVM is not set
-# CONFIG_IWLWIFI_OPMODE_MODULAR is not set
-# CONFIG_IWLWIFI_BCAST_FILTERING is not set
+CONFIG_IWLWIFI=m
+CONFIG_IWLWIFI_LEDS=y
+CONFIG_IWLDVM=m
+CONFIG_IWLMVM=m
+CONFIG_IWLWIFI_OPMODE_MODULAR=y
+CONFIG_IWLWIFI_BCAST_FILTERING=y
 #
 # Debugging Options
 #
-# CONFIG_IWLWIFI_DEBUG is not set
+CONFIG_IWLWIFI_DEBUG=y
 # CONFIG_IWLWIFI_DEBUGFS is not set
-# CONFIG_IWLWIFI_DEVICE_TRACING is not set
+CONFIG_IWLWIFI_DEVICE_TRACING=y
 # end of Debugging Options
 # CONFIG_WLAN_VENDOR_INTERSIL is not set
 # CONFIG_WLAN_VENDOR_RALINK is not set
@@ -166,7 +165,7 @@ CONFIG_FTRACE_MCOUNT_USE_RECORDMCOUNT=y
 # CONFIG_RING_BUFFER_STARTUP_TEST is not set
 # CONFIG_RING_BUFFER_VALIDATE_TIME_DELTAS is not set
 # CONFIG_PREEMPTIRQ_DELAY_TEST is not set
-CONFIG_CMA_SIZE_MBYTES=256
+CONFIG_CMA_SIZE_MBYTES=128
 CONFIG_FUNCTION_TRACER
 CONFIG_FUNCTION_GRAPH_TRACER
 CONFIG_STACK_TRACER

layers/meta-belden-marvell-bsp/recipes-kernel/linux/linux-netmodule/secure-storage.cfg

@@ -1,4 +0,0 @@
-CONFIG_BLK_DEV_DM=y
-CONFIG_KEYS=y
-CONFIG_ENCRYPTED_KEYS=y
-CONFIG_DM_CRYPT=y

layers/meta-belden-marvell-bsp/recipes-kernel/linux/linux-netmodule_git-5.15-solidrun.bb

@@ -12,7 +12,6 @@ SRC_URI = "git://gitlab.com/netmodule/kernel/linux-netmodule.git;protocol=ssh;us
            file://0001-fix-phy-support-for-falcon-board.patch \
            file://0001-refactor-cn913x-defconfig-cleanup.patch \
            file://cn913x_additions.cfg \
-           file://secure-storage.cfg \
            "
 SRCREV ?= "be2f2f0c96e85ecec9d807397194e46bb8bea4a5"
 
@@ -32,7 +31,4 @@ do_configure:append(){
     fi
 }
 
-# linux-yocto-coreos.inc provide some kernel config fragment that we can apply
-# Note that KERNEL_FEATURES are not applied as this recipes doesn't ihnerit
-# the linux-yocto class.
-require recipes-kernel/linux/linux-yocto-coreos.inc
+require recipes-kernel/linux/linux-yocto-coreos-efi.inc

layers/meta-belden-marvell-bsp/wic/cn913x-sdcard.wks.in

@@ -11,11 +11,10 @@
 part --offset 4096S --source rawcopy --sourceparams="file=flash-image.bin" --ondisk mmcblk1 --size 4M --extra-space 0 --overhead-factor 1 --part-name fw0
 part --offset 12288S --source rawcopy --sourceparams="file=flash-image.bin" --ondisk mmcblk1 --size 4M --extra-space 0 --overhead-factor 1 --part-name fw1
 
-${WKS_PART_EFI} --ondisk mmcblk1 --offset 20480S --size ${PART_EFI_SIZE} --extra-space 0 --overhead-factor 1
-${WKS_PART_ROOT_A} --ondisk mmcblk1 --size ${PART_ROOT_SIZE} --extra-space 0 --overhead-factor 1
-${WKS_PART_ROOT_B} --ondisk mmcblk1 --size ${PART_ROOT_SIZE} --extra-space 0 --overhead-factor 1
-${WKS_PART_EFIBOOTGUARD_A} --ondisk mmcblk1  --align 1024 --size ${PART_EFIBG_SIZE} --extra-space 0 --overhead-factor 1
-${WKS_PART_EFIBOOTGUARD_B} --ondisk mmcblk1  --align 1024 --size ${PART_EFIBG_SIZE} --extra-space 0 --overhead-factor 1
-${WKS_PART_USERDATA} --ondisk mmcblk1 --size ${PART_USERDATA_SIZE} --extra-space 0 --overhead-factor 1
+${WKS_PART_EFI} --ondisk mmcblk1 --offset 20480S --size 64M --extra-space 0 --overhead-factor 1
+${WKS_PART_ROOT_A} --ondisk mmcblk1 --size ${WKS_PART_ROOT_SIZE} --extra-space 0 --overhead-factor 1
+${WKS_PART_ROOT_B} --ondisk mmcblk1 --size ${WKS_PART_ROOT_SIZE} --extra-space 0 --overhead-factor 1
+${WKS_PART_EFIBOOTGUARD_A} --ondisk mmcblk1  --align 1024 --size 128M --extra-space 0 --overhead-factor 1
+${WKS_PART_EFIBOOTGUARD_B} --ondisk mmcblk1  --align 1024 --size 128M --extra-space 0 --overhead-factor 1
 
 bootloader --ptable gpt

layers/meta-netmodule-coreos-bsp/README.md

@@ -1,26 +0,0 @@
-# meta-netmodule-coreos-bsp
-
-BSP layer for NetModule board
-
-This layer depends on:
-
-- meta-ti-bsp
-- meta-arm
-
-## SoC Family
-
-This layer contains all CoreOS supported board manufactured by NetModule
-
-## Availables Machines
-
-This layer contains the following machine configuration:
-
-### Based on the Gemini platform
-
-- netmodule-hw34 (Codename for XG900)
-
-**remarks**: Gemini based board use a TI am64xx (k3) family has a separate
-R5 core that use another architecture as the main core, so for each machine you
-will find a companion machine name `${MACHINE}-k3r5`. This config should not be
-used as is, but will be automatically used for some recipes under the hood when
-using `${MACHINE}` using Bitbake multiconfig feature.

layers/meta-netmodule-coreos-bsp/classes/coreos-image-swupdate-am64xx.bbclass

@@ -1,46 +0,0 @@
-
-SWUPDATE_IMAGES += "tiboot3-am64x-gemini-b"
-SWUPDATE_IMAGES += "tispl"
-SWUPDATE_IMAGES += "u-boot-${MACHINE}"
-SWUPDATE_IMAGES_FSTYPES[tiboot3-am64x-gemini-b] = ".bin"
-SWUPDATE_IMAGES_FSTYPES[tispl] = ".bin"
-
-python () {
-    machine = d.getVar('MACHINE')
-    d.setVarFlag("SWUPDATE_IMAGES_FSTYPES", "u-boot-" + machine, ".img")
-}
-COREOS_SWUPDATE_EXTENDS_FOR:append = "am64xx"
-
-def coreos_swupdate_extends_images_for_am64xx(d,s):
-    machine = d.getVar('MACHINE')
-    uboot_filename = "u-boot-" + machine + ".img"
-
-    SECTOR_SIZE = 512
-    OFFSET = [0x0*SECTOR_SIZE, 0x600*SECTOR_SIZE, 0x1600*SECTOR_SIZE]
-
-    return [
-        {
-            "filename" : "tiboot3-am64x-gemini-b.bin",
-            "installed-directly" : "true",
-            "device" : "/dev/mmcblk0boot0",
-            "offset": str(OFFSET[0]),
-            "type" : "raw",
-            "sha256" : swupdate_get_sha256(d, s, "tiboot3-am64x-gemini-b.bin"),
-        },
-        {
-            "filename" : "tispl.bin",
-            "installed-directly" : "true",
-            "device" : "/dev/mmcblk0boot0",
-            "offset": str(OFFSET[1]),
-            "type" : "raw",
-            "sha256" : swupdate_get_sha256(d, s, "tispl.bin"),
-        },
-        {
-            "filename" : uboot_filename,
-            "installed-directly" : "true",
-            "device" : "/dev/mmcblk0boot0",
-            "offset": str(OFFSET[2]),
-            "type" : "raw",
-            "sha256" : swupdate_get_sha256(d, s, uboot_filename),
-        }
-    ]

layers/meta-netmodule-coreos-bsp/conf/layer.conf

@@ -1,13 +0,0 @@
-# Add layer directory to bbpath
-BBPATH .= ":${LAYERDIR}"
-
-# Add recipe directories
-BBFILES += "${LAYERDIR}/recipes-*/*/*.bb \
-            ${LAYERDIR}/recipes-*/*/*.bbappend"
-
-BBFILE_COLLECTIONS += "netmodule-coreos-bsp-layer"
-BBFILE_PATTERN_netmodule-coreos-bsp-layer = "^${LAYERDIR}/"
-BBFILE_PRIORITY_netmodule-coreos-bsp-layer = "8"
-
-LAYERSERIES_COMPAT_netmodule-coreos-bsp-layer = "kirkstone"
-LAYERDEPENDS_netmodule-coreos-bsp-layer = "meta-arm meta-ti-bsp"

layers/meta-netmodule-coreos-bsp/conf/machine/include/netmodule-am64xx-common.inc

@@ -1,6 +0,0 @@
-# This file contains the part of the configuration that is common to all
-# board based on the Gemini platform and that are the same for both
-# the Cortex-A53 and Cortex-R5 core (Gemini use a multi-arch SOC)
-
-PREFERRED_PROVIDER_virtual/bootloader = "u-boot-ti-coreos"
-PREFERRED_PROVIDER_u-boot = "u-boot-ti-coreos"

layers/meta-netmodule-coreos-bsp/conf/machine/include/netmodule-am64xx-k3.inc

@@ -1,49 +0,0 @@
-# This file contains the part of the configuration that is common to all
-# board based on the Gemini platform and that are the Cortex-A53 core.
-
-# k3.inc from meta-ti set a default WKS_FILE and add wic to IMAGE_FSTYPE.
-# But we don't need a wic image
-WKS_FILE ?= ""
-
-require conf/machine/include/k3.inc
-require netmodule-am64xx-common.inc
-
-# Workarround to remove wic related settings added to IMAGE_FSTYPE in k3.inc
-# without too much risk of breaking a distro or local config (as remove)
-# are final
-IMAGE_FSTYPES:remove = "${@'wic.xz wic.bmap' if not d.getVar('WKS_FILE') else ''}"
-
-# meta-ti-bsp use the machine override in a lot of recipes, so by adding the
-# name of the machine in meta-ti-bsp to SOC_FAMILY, we ensure that we the
-# device override apply.
-#
-# We don't modify MACHINEOVERRIDES directly as this will not place the string
-# in the same place
-SOC_FAMILY:append = ":am64xx"
-
-# Install u-boot script
-MACHINE_ESSENTIAL_EXTRA_RDEPENDS += "kernel-devicetree"
-
-PREFERRED_PROVIDER_virtual/kernel = "linux-ti-coreos"
-
-KERNEL_DEFCONFIG ?= "gemini_defconfig"
-KERNEL_IMAGETYPE = "Image"
-
-UBOOT_ENTRYPOINT = "0x82000000"
-UBOOT_LOADADDRESS = "0x82000000"
-UBOOT_DTB_LOADADDRESS = "0x88000000"
-UBOOT_RD_LOADADDRESS = "0x88080000"
-UBOOT_RD_ENTRYPOINT = "0x88080000"
-
-
-TFA_BOARD = "lite"
-OPTEEMACHINE = "k3"
-
-
-
-# No watchdog available yet
-EFIBOOTGUARD_TIMEOUT ?= "0"
-
-COREOS_IMAGE_SWUPDATE_EXTRACLASSES += "coreos-image-swupdate-am64xx"
-
-require conf/machine/include/coreos-generic-features/efi.inc

layers/meta-netmodule-coreos-bsp/conf/machine/include/netmodule-am64xx-k3r5.inc

@@ -1,13 +0,0 @@
-# This file contains the part of the configuration that is common to all
-# board based on the Gemini platform and that are the Cortex-R5 core.
-
-require conf/machine/include/k3r5.inc
-require netmodule-am64xx-common.inc
-
-# A variant
-#SPL_BINARY = "tiboot3-am64x-gemini.${SPL_SUFFIX}"
-# B variant
-SPL_BINARY = "tiboot3-am64x-gemini-b.${SPL_SUFFIX}"
-
-# Sanity checks don't apply for real time cores
-INHERIT:remove = "coreos-sanity"

layers/meta-netmodule-coreos-bsp/conf/machine/netmodule-hw34-k3r5.conf

@@ -1,7 +0,0 @@
-#@TYPE: Machine
-#@NAME: AM64xx EVM (R5F)
-#@DESCRIPTION: Machine configuration for the TI AM64xx EVM (R5F core)
-
-
-require conf/machine/include/netmodule-am64xx-k3r5.inc
-UBOOT_MACHINE = "am64x_netmodule_hw34_r5_defconfig"

layers/meta-netmodule-coreos-bsp/conf/machine/netmodule-hw34.conf

@@ -1,17 +0,0 @@
-require conf/machine/include/netmodule-am64xx-k3.inc
-
-KERNEL_DEVICETREE = " \
-    ti/k3-am642-netmodule-hw34.dtb \
-"
-
-UBOOT_MACHINE = "am64x_netmodule_hw34_a53_defconfig"
-
-KERNEL_CONSOLE = "ttyS2"
-SERIAL_CONSOLES = "115200;ttyS2"
-
-
-APPEND += "console=ttyS2,115200"
-
-MACHINE_ESSENTIAL_EXTRA_RDEPENDS:append = " udev-gemini"
-MACHINE_EXTRA_RDEPENDS:append = " prueth-fw-am65x-sr2 linux-firmware-ath10k linux-firmware-ath11k linux-firmware-qca kernel-modules"
-

layers/meta-netmodule-coreos-bsp/recipes-bsp/u-boot/u-boot-ti-coreos_2023.04.bb

@@ -1,23 +0,0 @@
-require recipes-bsp/u-boot/u-boot-ti.inc
-
-SPL_UART_BINARY = "u-boot-spl.bin"
-SPL_UART_BINARY:netmodule-hw34-k3r5 = "u-boot-spl.bin"
-
-LIC_FILES_CHKSUM = "file://Licenses/README;md5=2ca5f2c35c8cc335f0a19756634782f1"
-
-PV = "2023.04"
-
-SRC_URI = "git://bitbucket.gad.local:7999/nm-nsp/netmodule-u-boot.git;protocol=ssh;user=git;branch=gemini/ti/ti-u-boot-2023.04 \
-           "
-SRCREV = "34cf1e583eb263dd6644d0ebf3468b3846fc0925"
-
-PACKAGECONFIG[atf] = "BL31=${STAGING_DIR_HOST}/firmware/bl31.bin,,trusted-firmware-a"
-
-# CoreOS enable EFI by default for all u-boot build, but this machine as a dual architecture u-boot
-# and EFI is not needed on the co-processor. So we enable it only for the main
-# machine
-UBOOT_COREOS_REQUIRE:coreos:netmodule-hw34 ?= "recipes-bsp/u-boot/u-boot-coreos.inc"
-UBOOT_COREOS_REQUIRE ?= ""
-
-require ${UBOOT_COREOS_REQUIRE}
-

layers/meta-netmodule-coreos-bsp/recipes-core/udev/udev-gemini/gemini-can.rules

@@ -1,5 +0,0 @@
-# CAN renaming
-SUBSYSTEM=="net", ACTION=="add", KERNEL=="can*", ENV{ID_PATH}=="platform-20701000.can", NAME="canfd0"
-SUBSYSTEM=="net", ACTION=="add", KERNEL=="can*", ENV{ID_PATH}=="platform-20711000.can", NAME="canfd1"
-SUBSYSTEM=="net", ACTION=="add", KERNEL=="can*", ENV{ID_PATH}=="platform-20110000.spi-cs-0", NAME="canstd0"
-SUBSYSTEM=="net", ACTION=="add", KERNEL=="can*", ENV{ID_PATH}=="platform-20110000.spi-cs-1", NAME="canstd1"

layers/meta-netmodule-coreos-bsp/recipes-core/udev/udev-gemini_1.0.bb

@@ -1,18 +0,0 @@
-SUMMARY = "Extra Gemini specific configuration files"
-DESCRIPTION = "Extra machine specific configuration files for udev that are Gemini related."
-LICENSE = "MIT"
-LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
-
-SRC_URI = " \
-       file://gemini-can.rules \
-"
-
-S = "${WORKDIR}"
-
-do_install() {
-    install -d ${D}${sysconfdir}/udev/rules.d
-
-    install -m 0644 ${WORKDIR}/gemini-can.rules ${D}${sysconfdir}/udev/rules.d/gemini-can.rules
-}
-
-RDEPENDS:${PN} = "udev"

layers/meta-netmodule-coreos-bsp/recipes-coreos/coreos-installer/coreos-installer-config/netmodule-hw34_1.0.sfdisk

@@ -1,12 +0,0 @@
-label: gpt
-device: /dev/mmcblk0
-unit: sectors
-first-lba: 34
-last-lba: 15273566
-sector-size: 512
-
-/dev/mmcblk0p1 : start=          34, size=      131072, type=C12A7328-F81F-11D2-BA4B-00A0C93EC93B, name="efi"
-/dev/mmcblk0p2 : start=      131106, size=      262144, type=EBD0A0A2-B9E5-4433-87C0-68B6B72699C7, name="ebg0"
-/dev/mmcblk0p3 : start=      393250, size=      262144, type=EBD0A0A2-B9E5-4433-87C0-68B6B72699C7, name="ebg1"
-/dev/mmcblk0p4 : start=      655394, size=     7309086, type=0FC63DAF-8483-4772-8E79-3D69D8477DE4, name="rootfs0"
-/dev/mmcblk0p5 : start=     7964480, size=     7309086, type=0FC63DAF-8483-4772-8E79-3D69D8477DE4, name="rootfs1"

layers/meta-netmodule-coreos-bsp/recipes-coreos/coreos-installer/coreos-installer-config_%.bbappend

@@ -1,7 +0,0 @@
-FILESEXTRAPATHS:prepend := "${THISDIR}/coreos-installer-config:"
-
-SRC_URI:append:netmodule-hw34 = " file://netmodule-hw34_1.0.sfdisk"
-
-do_install:append:netmodule-hw34() {
-    install -m 755 ${WORKDIR}/netmodule-hw34_1.0.sfdisk ${D}${sysconfdir}/
-}

layers/meta-netmodule-coreos-bsp/recipes-kernel/linux/linux-ti-coreos_git-5.10.bb

@@ -1,29 +0,0 @@
-DESCRIPTION = "Linux kernel for various NetModule hardware"
-COMPATIBLE_MACHINE = "k3"
-
-inherit kernel
-
-SRC_URI = "git://bitbucket.gad.local:7999/ico/ti-linux-kernel.git;protocol=ssh;user=git;branch=coreos/5.10 \
-           "
-SRCREV = "1debdf5926e98255e7c97e3c160a91f3aa094ffc"
-
-LICENSE = "GPLv2"
-LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-
-S = "${WORKDIR}/git"
-
-#If a KERNEL_DEFCONFIG is specified, the defconfig specified in SRC_URI will be overwritten!
-do_configure:append(){
-    if [ "${KERNEL_DEFCONFIG}" != "" ]; then
-        oe_runmake ${KERNEL_DEFCONFIG}
-    fi
-    configs="${@" ".join(find_cfgs(d))}"
-    if [ ! -z "${configs}" ]; then
-        ${S}/scripts/kconfig/merge_config.sh -m -O ${WORKDIR}/build ${WORKDIR}/build/.config ${WORKDIR}/*.cfg
-    fi
-}
-
-# linux-yocto-coreos.inc provide some kernel config fragment that we can apply
-# Note that KERNEL_FEATURES are not applied as this recipes doesn't ihnerit
-# the linux-yocto class.
-require recipes-kernel/linux/linux-yocto-coreos.inc

scripts/coreos-get-dev-keys

@@ -0,0 +1,88 @@
+#!/usr/bin/env bash
+
+# This script will get development keys needed by the UEFI secure boot
+# implementation from the k-stufen web share and put the under $BUILDDIR/keys
+#
+# The reason for every developer to have the same keys is that image/update
+# filest are interchangable.
+# Those developer keys are used for all builds except the ones that are marked
+# as final. Here the official keys will be used.
+#
+# Following keys will be downloaded
+# db.auth  db.der  db.key    KEK.crt  KEK.esl  PK.auth  PK.der  PK.key
+# db.crt   db.esl  KEK.auth  KEK.der  KEK.key  PK.crt   PK.esl
+
+# This script is used every time the build environment of CoreOS is sourced
+# Note: in the build environment stdout is redirected to /dev/null but not
+# stderr.
+
+set -e
+
+# Logging helper
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+BOLD='\033[1m'
+RESET='\033[0m'
+
+# Ensure that BUILDDIR is defined
+# ==============================================================================
+# This is usually done inside the coreos-init-build-env script
+
+
+if [ -z "$BUILDDIR" ]; then 
+    echo -e "${RED}BUILDDIR is not defined${RESET}" 2>&1
+    echo -e "Have you run the coreos-init-buildenv script?" 2>&1
+    exit 1
+fi
+
+# We need the KEYDIR directory to exist
+# ==============================================================================
+
+KEYDIR="${BUILDDIR}/keys"
+mkdir -p "${KEYDIR}"
+cd "${KEYDIR}"
+
+# we need wget and tar
+# ==============================================================================
+
+assert_command_in_path() {
+    if command -v "$1" >/dev/null 2>&1; then
+        echo -e "✓ Command ${GREEN}${1}${RESET} was found"
+    else
+        echo -e "✗ ${RED}Command ${BOLD}${1}${RESET}${RED} was not found in your path${RESET}" >&2 
+        echo -e "Please check the coreos-documentation for the list of required packages" >&2 
+        exit 1
+    fi
+}
+
+assert_command_in_path wget
+assert_command_in_path tar
+
+
+# Generate all they keys, as needed
+# ==============================================================================
+# Only generate the file if it's missing and don't fail if the file already
+# exist
+
+check_files_exist() {
+    RET=0
+    for file in "$@"; do
+        if [ ! -e "$file" ]; then
+            echo -e "𐄂 File ${RED}${file}${RESET} missing"
+            RET=1
+        else
+            echo -e "✓ File ${GREEN}${file}${RESET} already exist"
+        fi
+    done
+    return $RET
+}
+
+check_files_exist db.auth db.crt db.der db.esl db.key KEK.auth KEK.crt KEK.der \
+                  KEK.esl KEK.key PK.auth PK.crt PK.der PK.esl PK.key || \
+{
+    echo -e "${RED}Incosistent or no keys.${RESET}"
+    echo "Downloading Keys"
+    wget -q https://platform-nas.gad.local/K-Stufen/CoreOS/.signing/coreos_developer_signing.keys.tar.gz && \
+    tar -xzf coreos_developer_signing.keys.tar.gz -C ${BUILDDIR}/keys && \
+    rm coreos_developer_signing.keys.tar.gz
+}

scripts/coreos-keygen

@@ -0,0 +1,117 @@
+#!/usr/bin/env bash
+
+# This script will generate key needed by the UEFI secure boot implementation
+# under $BUILDDIR/keys
+# db.auth  db.der  db.key    KEK.crt  KEK.esl  PK.auth  PK.der  PK.key
+# db.crt   db.esl  KEK.auth  KEK.der  KEK.key  PK.crt   PK.esl
+
+# This script is used every time the build environment of CoreOS is sourced
+# Note: in the build environment stdout is redirected to /dev/null but not
+# stderr.
+
+set -e
+
+# Logging helper
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+BOLD='\033[1m'
+RESET='\033[0m'
+
+# Ensure that BUILDDIR is defined
+# ==============================================================================
+# This is usually done inside the coreos-init-build-env script
+
+
+if [ -z "$BUILDDIR" ]; then 
+    echo -e "${RED}BUILDDIR is not defined${RESET}" 2>&1
+    echo -e "Have you run the coreos-init-buildenv script?" 2>&1
+    exit 1
+fi
+
+# We need the KEYDIR directory to exist
+# ==============================================================================
+
+KEYDIR="${BUILDDIR}/keys"
+mkdir -p "${KEYDIR}"
+cd "${KEYDIR}"
+
+# we need openssl, cert-to-efi-sig-list and sign-efi-sig-list 
+# ==============================================================================
+
+assert_command_in_path() {
+    if command -v "$1" >/dev/null 2>&1; then
+        echo -e "✓ Command ${GREEN}${1}${RESET} was found"
+    else
+        echo -e "✗ ${RED}Command ${BOLD}${1}${RESET}${RED} was not found in your path${RESET}" >&2 
+        echo -e "Please check the coreos-documentation for the list of required packages" >&2 
+        exit 1
+    fi
+}
+
+assert_command_in_path openssl
+assert_command_in_path cert-to-efi-sig-list
+assert_command_in_path sign-efi-sig-list
+
+# Generate all they keys, as needed
+# ==============================================================================
+# Only generate the file if it's missing and don't fail if the file already
+# exist
+
+check_files_exist() {
+    RET=0
+    for file in "$@"; do
+        if [ ! -e "$file" ]; then
+            echo -e "𐄂 File ${RED}${file}${RESET} missing"
+            RET=1
+        else
+            echo -e "✓ File ${GREEN}${file}${RESET} already exist"
+        fi
+    done
+    return $RET
+}
+
+echo "Generating private/public keys in .key/.crt format for PK, KEK et db"
+
+check_files_exist PK.key PK.crt || \
+openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_PK/ \
+        -keyout PK.key -out PK.crt -nodes -days 365
+
+check_files_exist KEK.key KEK.crt || \
+openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_KEK/ \
+        -keyout KEK.key -out KEK.crt -nodes -days 365
+
+check_files_exist db.key db.crt || \
+openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_db/ \
+		-keyout db.key -out db.crt -nodes -days 365
+
+
+echo "Generatic EFI signature list file with PK, KEK et db public key"
+
+check_files_exist PK.esl || \
+cert-to-efi-sig-list -g 11111111-2222-3333-4444-123456789abc \
+        PK.crt PK.esl;
+
+check_files_exist KEK.esl || \
+cert-to-efi-sig-list -g 11111111-2222-3333-4444-123456789abc \
+        KEK.crt KEK.esl
+
+check_files_exist db.esl || \
+cert-to-efi-sig-list -g 11111111-2222-3333-4444-123456789abc \
+        db.crt db.esl
+
+echo "Generatic EFI AUTH file with PK, KEK et db public key"
+
+check_files_exist PK.auth || sign-efi-sig-list -c PK.crt -k PK.key PK PK.esl PK.auth
+check_files_exist KEK.auth || sign-efi-sig-list -c PK.crt -k PK.key KEK KEK.esl KEK.auth
+check_files_exist db.auth || sign-efi-sig-list -c KEK.crt -k KEK.key db db.esl db.auth
+
+echo "Generatic DER files with PK, KEK et db public key"
+
+# der certificate are need for OVMF based firmware (virtual machine)
+check_files_exist PK.der || openssl x509 -in PK.crt -outform der -out PK.der
+check_files_exist KEK.der || openssl x509 -in KEK.crt -outform der -out KEK.der
+check_files_exist db.der || openssl x509 -in db.crt -outform der -out db.der
+
+# keys needed to sign and verify SWUpdate
+check_files_exist swupdate.key swupdate.crt || openssl req -x509 -newkey rsa:4096 -nodes -keyout swupdate.key \
+    -out swupdate.crt -subj "/O=SWUpdate /CN=target"

scripts/coreos-resign-swu-file.sh

@@ -1,62 +0,0 @@
-#!/usr/bin/env bash
-#title           :coreos-resign-swu-file.sh
-#description     :This script signs/resigns an already existent swu file with a
-#                 provided private key and a certificate
-#author          :Patrick Vogelaar
-#date            :20240325
-#version         :0.1
-#usage           :coreos-resign-swu-file.sh -i <in>.swu -k <key> -c <cert>
-#                 -o <output_file>
-#notes           :openssl and cpio are required
-#==============================================================================
-
-SW_DESC_FILE_NAME="sw-description"
-SW_DESC_SIG_FILE_NAME="sw-description.sig"
-FIRMWARE_TMP_DIR="firmware_tmp"
-CPIO_ORDER_FILE="cpio_order"
-
-while getopts i:k:c:o flag
-do
-	case "${flag}" in
-		i) swupdate_in_file=${OPTARG};;
-		k) key_file=${OPTARG};;
-		c) certificate=${OPTARG};;
-		o) output_file=${OPTARG};;
-		*);; # TODO: error handling -> unknown flag
-	esac
-done
-
-### Some basic checks
-if [[ -d $FIRMWARE_TMP_DIR ]]; then
-	echo "ERROR: $FIRMWARE_TMP_DIR directory alread exists in this directory"
-	exit 1
-fi
-
-if ! command -v openssl &> /dev/null
-then
-	echo "openssl could not be found"
-	exit 1
-fi
-
-if ! command -v cpio &> /dev/null
-then
-	echo "cpio could not be found"
-	exit 1
-fi
-
-
-mkdir -p $FIRMWARE_TMP_DIR
-cd $FIRMWARE_TMP_DIR || exit 1
-
-# store the exact order in a file
-cpio --quiet --list < "../$swupdate_in_file" > $CPIO_ORDER_FILE
-
-cpio --quiet -id < "../$swupdate_in_file"
-
-# resign
-openssl cms -sign -in $SW_DESC_FILE_NAME -out $SW_DESC_SIG_FILE_NAME -signer\
-        "$certificate" -inkey "$key_file" -outform DER -nosmimecap -binary
-
-# recreate the swu file
-echo "cat < $CPIO_ORDER_FILE | cpio --quiet -ov > $output_file"
-cat < $CPIO_ORDER_FILE | cpio --quiet -ov > "$output_file"

scripts/coreos-supported-pkgs.py

@@ -1,164 +0,0 @@
-#!/usr/bin/env python3
-
-# Copyright (C) 2023 Hirschmann Automation and Control GmbH
-#
-# - list all recipes that are supported by the CoreOS team
-
-import sys
-import optparse
-import os
-import re
-
-scripts_path = os.path.abspath(os.path.dirname(os.path.abspath(sys.argv[0])))
-# Add the path if we have own libs
-lib_path = os.path.abspath(scripts_path + '/../lib')
-sys.path = sys.path + [lib_path]
-# Add the OE lib path
-lib_path = os.path.abspath(scripts_path + '/../external-layers/openembedded-core/scripts/lib')
-sys.path = sys.path + [lib_path]
-
-import scriptpath
-
-# For importing the following modules
-bitbakepath = scriptpath.add_bitbake_lib_path()
-if not bitbakepath:
-    sys.stderr.write("Unable to find bitbake by searching parent directory of this script or PATH\n")
-    sys.exit(1)
-
-import bb.cooker
-import bb.providers
-import bb.tinfoil
-from pprint import pprint
-
-def get_fnlist(bbhandler, pkg_pn):
-    ''' Get all recipe file names '''
-    (latest_versions, preferred_versions, required_versions) = bb.providers.findProviders(bbhandler.config_data, bbhandler.cooker.recipecaches[''], pkg_pn)
-
-    fn_list = []
-    for pn in sorted(pkg_pn):
-            # use the preferred version
-            fn_list.append(preferred_versions[pn][1])
-
-    return fn_list
-
-
-def get_recipesdata(bbhandler):
-    ''' Get data of all available recipes '''
-    pkg_pn = bbhandler.cooker.recipecaches[''].pkg_pn
-
-    pkg_dict = {}
-    supported_pkg_dict = {}
-    fn_list = get_fnlist(bbhandler, pkg_pn)
-    size = str(len(fn_list))
-    i = 0
-    for fn in fn_list:
-        print(size + "/" + str(i))
-        i += 1
-        data = bbhandler.parse_recipe_file(fn)
-        maintainer = data.getVar("COREOS_RECIPE_MAINTAINER")
-        pn = data.getVar("PN")
-        packages = data.getVar("PACKAGES")
-        packages += data.getVar("PROVIDES")
-        pkg_dict[pn] = data
-        if maintainer:
-            supported_pkg_dict[pn] = data
-        for pkg in packages.split():
-            pkg_dict[pkg] = data
-            if maintainer:
-                supported_pkg_dict[pkg] = data
-
-    return pkg_dict, supported_pkg_dict
-
-def resolve_dependencies(pkg_dict, supported_pkg_dict):
-    ''' Resolve dependencies and add them to supported packages '''
-    sup_with_dep_dict = {}
-    for pkg in supported_pkg_dict:
-        depends = supported_pkg_dict[pkg].getVar("DEPENDS") or ''
-        rdepends = supported_pkg_dict[pkg].getVar("RDEPENDS") or ''
-        sup_with_dep_dict[pkg] = pkg_dict[pkg]
-
-        for d_pkg in depends.split():
-            if ("virtual/" in d_pkg) or ("native" in d_pkg):
-                continue
-            sup_with_dep_dict[d_pkg] = pkg_dict[d_pkg]
-
-        for r_pkg in rdepends.split():
-            if ("virtual/" in r_pkg) or ("native" in r_pkg):
-                continue
-            sup_with_dep_dict[r_pkg] = pkg_dict[r_pkg]
-
-    return sup_with_dep_dict
-
-
-def display(supported_pkg_dict):
-    ''' Display all pkgs and COREOS_RECIPE_MAINTAINER information '''
-    print(f'{str("RECIPE NAMES:"):40} {str("META-LAYER:"):40} {str("COS-MAINTAINER:"):50}')
-    for pn in supported_pkg_dict:
-        recipe_name = supported_pkg_dict[pn].getVar("P")
-        recipe_path = supported_pkg_dict[pn].getVar("FILE")
-        meta_layer = re.search("(?<=/layers/)(.*)(?=/recipe)", recipe_path).group(0)
-        maintainer = supported_pkg_dict[pn].getVar("COREOS_RECIPE_MAINTAINER") or 'Supported by Dependency'
-
-        print(f'{recipe_name:40} {meta_layer:40} {maintainer:50}')
-
-
-def get_unique_list(supported_pkg_dict):
-    ''' Create a list that only contains one package based on PN '''
-    unique_dict = {}
-    for pkg in supported_pkg_dict:
-        pn = supported_pkg_dict[pkg].getVar("P")
-        unique_dict[pn] = supported_pkg_dict[pkg]
-
-    return unique_dict
-
-def print_to_file(supported_pkg_dict, file):
-    ''' print list to a file '''
-    with open(file, "w") as file:
-        file.write(f'{str("RECIPE NAMES:"):40} {str("META-LAYER:"):40} {str("COS-MAINTAINER:"):50}\n')
-        for pn in supported_pkg_dict:
-            recipe_name = supported_pkg_dict[pn].getVar("P")
-            recipe_path = supported_pkg_dict[pn].getVar("FILE")
-            meta_layer = re.search("(?<=/layers/)(.*)(?=/recipe)", recipe_path).group(0)
-            maintainer = supported_pkg_dict[pn].getVar("COREOS_RECIPE_MAINTAINER") or 'Supported by Dependency'
-
-            file.write(f'{recipe_name:40} {meta_layer:40} {maintainer:50}\n')
-
-def main():
-    parser = optparse.OptionParser(
-        description = "Lists all recipes supported by CoreOS.",
-        usage = """
-    %prog [options]""")
-
-    parser.add_option("-p", "--print",
-            help = "print all recipes that are supported",
-            action="store_const", dest="print", default=True)
-    parser.add_option("-f", "--file",
-            help = "store in file",
-            action="store", dest="file", type="string")
-
-    options, args = parser.parse_args(sys.argv)
-
-    with bb.tinfoil.Tinfoil() as bbhandler:
-        bbhandler.prepare()
-        print("Gathering recipe data...")
-        pkg_dict, supported_pkg_dict = get_recipesdata(bbhandler)
-        new_len = len(supported_pkg_dict)
-        old_len = 0
-
-        while old_len != new_len:
-            supported_pkg_dict = resolve_dependencies(pkg_dict, supported_pkg_dict)
-            old_len = new_len
-            new_len = len(supported_pkg_dict)
-
-        unique_dict = get_unique_list(supported_pkg_dict)
-        supported_pkg_dict = unique_dict
-
-        if options.print:
-            display(supported_pkg_dict)
-
-        if options.file:
-            print_to_file(supported_pkg_dict, options.file)
-
-
-if __name__ == "__main__":
-    main()

templates/bblayers.conf.sample

@@ -11,7 +11,6 @@ BBLAYERS ?= " \
   ##COREOS_LAYERSDIR##/meta-belden-coreos-bsp \
   ##COREOS_LAYERSDIR##/meta-belden-coreos-demo \
   ##COREOS_LAYERSDIR##/meta-belden-marvell-bsp \
-  ##COREOS_LAYERSDIR##/meta-netmodule-coreos-bsp \
   ##COREOS_EXTLAYERSDIR##/meta-openembedded/meta-oe \
   ##COREOS_EXTLAYERSDIR##/meta-openembedded/meta-networking \
   ##COREOS_EXTLAYERSDIR##/meta-openembedded/meta-filesystems \
@@ -22,6 +21,4 @@ BBLAYERS ?= " \
   ##COREOS_EXTLAYERSDIR##/meta-swupdate \
   ##COREOS_EXTLAYERSDIR##/meta-arm/meta-arm \
   ##COREOS_EXTLAYERSDIR##/meta-arm/meta-arm-toolchain \
-  ##COREOS_EXTLAYERSDIR##/meta-ti/meta-ti-bsp \
-  ##COREOS_EXTLAYERSDIR##/meta-lts-kernel-mixin \
   "