Pull request #186: Various small changes

Merge in ICO/coreos from various_small_changes to master

* commit 'a0910ef3ff70a53ea410ba205e36a2f5620481b3':
  chore(submodules): update third-party submodules
  feat(coreos-supportd-pkgs): create list of CoreOS supported packages
  chore(belden-coreos): move the initial timestamp to a generic file
  fix(swupdate): add libgcc as a dependency to terminate swupdate correctly
  feat(eagle40-03): strip out unused MACHINE_FEATURES for eagle40-03

.gitmodules

@@ -2,23 +2,35 @@
 	path = bitbake
 	url = ssh://git@bitbucket.gad.local:7999/ico/bitbake.git
 	branch = 2.0
-[submodule "layers/openembedded-core"]
+[submodule "openembedded-core"]
 	path = external-layers/openembedded-core
 	url = ssh://git@bitbucket.gad.local:7999/ico/openembedded-core.git
-	branch = master
-[submodule "layers/meta-openembedded"]
+	branch = kirkstone
+[submodule "meta-openembedded"]
 	path = external-layers/meta-openembedded
 	url = ssh://git@bitbucket.gad.local:7999/ico/meta-openembedded.git
-	branch = master
-[submodule "layers/meta-virtualization"]
+	branch = kirkstone
+[submodule "meta-virtualization"]
 	path = external-layers/meta-virtualization
 	url = ssh://git@bitbucket.gad.local:7999/ico/meta-virtualization.git
-	branch = master
-[submodule "layers/meta-efibootguard"]
+	branch = kirkstone
+[submodule "meta-efibootguard"]
 	path = external-layers/meta-efibootguard
 	url = ssh://git@bitbucket.gad.local:7999/ico/meta-efibootguard.git
 	branch = master
-[submodule "layers/meta-swupdate"]
+[submodule "meta-swupdate"]
 	path = external-layers/meta-swupdate
 	url = ssh://git@bitbucket.gad.local:7999/ico/meta-swupdate.git
-	branch = master
+	branch = kirkstone
+[submodule "meta-arm"]
+	path = external-layers/meta-arm
+	url = ssh://git@bitbucket.gad.local:7999/ico/meta-arm.git
+	branch = kirkstone
+[submodule "meta-ti"]
+	path = external-layers/meta-ti
+	url = ssh://git@bitbucket.gad.local:7999/ico/meta-ti.git
+	branch = kirkstone
+[submodule "meta-lts-kernel-mixin"]
+	path = external-layers/meta-lts-kernel-mixin
+	url = ssh://git@bitbucket.gad.local:7999/ico/meta-lts-mixins.git
+	branch = coreos/kirkstone/kernel

.vscode/extensions.json

@@ -2,9 +2,9 @@
     "recommendations": [
         "ms-vscode.makefile-tools",
         "timonwong.shellcheck",
-        "eugenwiens.bitbake",
         "kweihmann.oelint-vscode",
         "lextudio.restructuredtext",
-        "trond-snekvik.simple-rst"
+        "trond-snekvik.simple-rst",
+        "yocto-project.yocto-bitbake"
     ]
 }

.vscode/settings.json

@@ -1,12 +1,47 @@
 {
     "files.watcherExclude": {
-        "**/build/cache/**": true,
-        "**/build/downloads/**": true,
-        "**/build/sstate-cache/**": true,
-        "**/build/tmp/**": true,
-        "**/documentation/_build/**": true,
-        "**/build/workspace": true
+        "**/build/**": true,
+        "**/_build/**": true,
     },
+    "search.exclude": {
+        "**/build/**": true,
+        "**/_build/**": true,
+    },
+    "C_Cpp.files.exclude": {
+        "**/build": true,
+        "**/_build": true,
+    },
+    "python.analysis.exclude": [
+        "**/build/**",
+        "**/_build/**",
+    ],
     "python.formatting.provider": "black",
-    "editor.rulers": [80,100,120]
+    "editor.rulers": [80,100,120],
+    "bitbake.pathToBuildFolder": "${workspaceFolder}/build",
+    "bitbake.pathToEnvScript": "${workspaceFolder}/coreos-init-build-env",
+    "bitbake.pathToBitbakeFolder": "${workspaceFolder}/bitbake",
+    "python.autoComplete.extraPaths": [
+        "${workspaceFolder}/bitbake/lib",
+        "${workspaceFolder}/meta/lib"
+    ],
+    "python.analysis.extraPaths": [
+        "${workspaceFolder}/bitbake/lib",
+        "${workspaceFolder}/meta/lib"
+    ],
+    "[python]": {
+        "diffEditor.ignoreTrimWhitespace": false,
+        "gitlens.codeLens.symbolScopes": [
+            "!Module"
+        ],
+        "editor.formatOnType": true,
+        "editor.wordBasedSuggestions": "off",
+        "files.trimTrailingWhitespace": false
+    },
+    "[shellscript]": {
+        "files.eol": "\n",
+        "files.trimTrailingWhitespace": false
+    },
+    "bitbake.sdkImage": "coreos-image-minimal",
+    "bitbake.workingDirectory": "${workspaceFolder}",
+    "task.saveBeforeRun": "always",
 }

bitbake

@@ -1 +1 @@
-Subproject commit c0e87e005a5b135353ffdf1d17b77f40bff29af2
+Subproject commit 40fd5f4eef7460ca67f32cfce8e229e67e1ff607

coreos-init-build-env

@@ -27,7 +27,7 @@ COREOS_ROOT=$(readlink -f "${COREOS_ROOT}")
 # All theses values can be overriden by the caller of coreos-init-build-env
 BITBAKEDIR="${BITBAKEDIR:-${COREOS_ROOT}/bitbake}"
 OEROOT="${OEROOT:-${COREOS_ROOT}/external-layers/openembedded-core}"
-TEMPLATECONF="${TEMPLATECONF:-${COREOS_ROOT}/layers/meta-belden-coreos/conf/templates/default}"
+TEMPLATECONF="${TEMPLATECONF:-${COREOS_ROOT}/templates}"
 
 # Sanity checks
 # ------------------------------------------------------------------------------
@@ -92,18 +92,3 @@ coreos-bblayers-envsub COREOS_EXTLAYERSDIR "${COREOS_ROOT}/external-layers"
 # stdout is redirected to reduce the amount of output but not stderr
 #
 #Note: if a final build is detected all the dev keys are deleted
-
-if [ "$CreateFinal" = "true" ]; then
-    echo "\nFinal build detected delete dev keys and dont use or generate them" >&2
-    rm -rf "${BUILDDIR}/keys"
-else
-    echo "\nNo final build detected use development keys" >&2
-    coreos-get-dev-keys > /dev/null || {
-        echo "The coreos-get-dev-keys script has failed" >&2
-    }
-
-    coreos-keygen > /dev/null || {
-        echo "The coreos-keygen script has failed" >&2
-        return 1
-    }
-fi

documentation/components/optional/installer.rst

@@ -3,33 +3,35 @@
 CoreOS Installer
 ****************
 
-The CoreOS installer is a set of script running on the target and a
+The CoreOS installer is a set of scripts running on the target and a
 corresponding bitbake image that is used into the bootstrap process of CoreOS.
 
 coreos-image-installer
 ======================
 
-The CoreOS installer image is a single binary EFI file that include a kernel,
-device tree and an initramfs with all the tools needed to install CoreOS.
+The CoreOS image installer results in an image contairing only a single binary
+EFI file. This EFI file includes a kernel, a device tree and an initramfs with
+all (and only) the tools needed to install CoreOS.
 
-An installer image is automatically built in parallel of a normal image.
-This can be deactivated by setting `COREOS_IMAGE_GENERATE_INSTALLER` to 0.
+The installer image is not automatically built in parallel of a normal image.
+This can be changed by setting `COREOS_IMAGE_GENERATE_INSTALLER` to 1 in the
+image file (as it is done for example in coreos-image-all-features.bb).
 
 The installer image build by default only a single EFI binary named
-coreos-installer-MACHINE.efi. An SDCard image can be generate if
+coreos-installer-MACHINE.efi. An SDCard or USB image can be generated if
 `COREOS_INSTALLER_WKS_FILE` is set to a wks file.
 
 coreos-installer
 ================
 
-The coreos-installer recipe installs some script that is used at startup
-to automatically format the internal emmc of the device. It also contains
+The coreos-installer recipe installs scripts that are used at startup to
+automatically format the internal emmc of the device. The recipe also contains
 a swupdate configuration file to setup swupdate correctly for that use case.
 
 coreos-installer-config
 =======================
 
 The coreos-installer-config recipe installs device specific configuration file
-used by the coreos-installer. This includes the partitionner config file. Distro
-and project based on CoreOS can change the partionning scheme or partition size
+used by the coreos-installer. This includes the partitioner config file. Distros
+and projects based on CoreOS can change the partioning scheme or partition size
 by installing their own version of this package using a `bbappend file`.

external-layers/meta-arm

@@ -0,0 +1 @@
+Subproject commit d7b7b6fb6c7c5545e718e44f38853d1718ce5446

external-layers/meta-efibootguard

@@ -1 +1 @@
-Subproject commit 058e3ad8650344eb46920ecd5b3b0ebf473aebe1
+Subproject commit e3581b11d30d91d0363acb48a6aee47043b7e0bc

external-layers/meta-lts-kernel-mixin

@@ -0,0 +1 @@
+Subproject commit 09d2f9391813674627ec53cb222da6c7a51221e6

external-layers/meta-openembedded

@@ -1 +1 @@
-Subproject commit 6f26ff340bc9d07e7bdf6f4f75b2c81935230069
+Subproject commit 8bb16533532b6abc2eded7d9961ab2a108fd7a5b

external-layers/meta-swupdate

@@ -1 +1 @@
-Subproject commit 4c1a75f43ea1fe1063b45aa372627e6c67e2875c
+Subproject commit 3d12b2788a45d86efcb1ad3e01f209558c54795c

external-layers/meta-ti

@@ -0,0 +1 @@
+Subproject commit bae3658ac0bc1c9adac7a882439cabb385cae720

external-layers/meta-virtualization

@@ -1 +1 @@
-Subproject commit a215d8320edee0a317a6511e7e2efa5bba867486
+Subproject commit cb2bc17e96552cdfc141d27bd9f4dbd95a872846

external-layers/openembedded-core

@@ -1 +1 @@
-Subproject commit 5ea298680a8f17d3b808a2c43b0182e9c391f663
+Subproject commit 1b5405955c7c2579ed1f52522e2e177d0281fa33

layers/meta-belden-coreos-bsp/classes/coreos-efi-secureboot.bbclass

@@ -3,7 +3,7 @@
 # UEFI Secure boot configuration
 # ==============================================================================
 
-COREOS_EFI_SECUREBOOT_KEYDIR ??= "${TOPDIR}/keys"
+COREOS_EFI_SECUREBOOT_KEYDIR ??= "${RECIPE_SYSROOT_NATIVE}/${datadir}/keys"
 COREOS_EFI_SECUREBOOT_INSTALL_PUBKEY_IN_EFIDIR ??= "0"
 
 # UEFI Secure boot helpers
@@ -16,12 +16,12 @@ HOSTTOOLS += "sbsign"
 
 # Ensure that the public keys are always deployed to the deploy directory
 # before running wic
-do_image_wic[depends] += "efi-secureboot-keys:do_deploy"
+do_image_wic[depends] += "cos-certificates-and-keys-native:do_deploy"
 
 COREOS_EFI_SECUREBOOT_INSTALL_PUBKEY_IN_EFIDIR ??= "0"
 def get_coreos_secureboot_efi_boot_files(d):
     """
-        Return the list of pubkey file inside deploy if 
+        Return the list of pubkey file inside deploy if
         COREOS_EFI_SECUREBOOT_INSTALL_PUBKEY_IN_EFIDIR is set or an empty string
         otherwise
     """
@@ -31,26 +31,4 @@ def get_coreos_secureboot_efi_boot_files(d):
 
 IMAGE_EFI_BOOT_FILES:append = " ${@get_coreos_secureboot_efi_boot_files(d)}"
 
-def get_coreos_secureboot_keydir_hash(d):
-    """
-        Generate a space separate list, with a value for each file inside of 
-        keydir. Fromat: <filename>:md5:<md5sum>
-    """
-    import hashlib
 
-    keydir = d.getVar('COREOS_EFI_SECUREBOOT_KEYDIR')
-    value = ""
-    
-    for keyname in os.listdir(keydir):
-        filepath = os.path.join(keydir, keyname)
-        if os.path.isfile(filepath): 
-            md5 = bb.utils.md5_file(filepath)
-            value += f"{keyname}:md5:{md5} "
-
-    return value
-
-# The build system should detect if someone change one of the key inside
-# COREOS_EFI_SECUREBOOT_KEYDIR and rebuild all the recipes and artifacts that
-# depends on this directory
-COREOS_EFI_SECUREBOOT_KEYDIR_HASH = "${@get_coreos_secureboot_keydir_hash(d)}"
-COREOS_EFI_SECUREBOOT_KEYDIR[vardeps] += "COREOS_EFI_SECUREBOOT_KEYDIR_HASH"

layers/meta-belden-coreos-bsp/conf/layer.conf

@@ -10,4 +10,4 @@ BBFILE_PATTERN_meta-belden-coreos-bsp = "^${LAYERDIR}/"
 BBFILE_PRIORITY_meta-belden-coreos-bsp = "6"
 
 LAYERDEPENDS_meta-belden-coreos-bsp = "core meta-belden-coreos"
-LAYERSERIES_COMPAT_meta-belden-coreos-bsp = "nanbield"
+LAYERSERIES_COMPAT_meta-belden-coreos-bsp = "kirkstone"

layers/meta-belden-coreos-bsp/conf/machine/beaglebone.conf

@@ -2,8 +2,6 @@
 #@NAME: Beaglebone-yocto machine
 #@DESCRIPTION: Reference machine configuration for http://beagleboard.org/bone and http://beagleboard.org/black boards
 
-require conf/machine/include/coreos.inc
-
 MACHINE_EXTRA_RRECOMMENDS = "kernel-modules kernel-devicetree"
 EXTRA_IMAGEDEPENDS += "virtual/bootloader"
 
@@ -14,17 +12,19 @@ include conf/machine/include/arm/armv7a/tune-cortexa8.inc
 IMAGE_FSTYPES += "wic wic.xz wic.bmap"
 WKS_FILE ?= "beaglebone-sdcard.wks.in"
 COREOS_INSTALLER_WKS_FILE ?= "beaglebone-sdcard-installer.wks"
-MACHINE_ESSENTIAL_EXTRA_RDEPENDS += "kernel-image kernel-devicetree"
+MACHINE_ESSENTIAL_EXTRA_RDEPENDS += "kernel-image"
 do_image_wic[depends] += "mtools-native:do_populate_sysroot dosfstools-native:do_populate_sysroot gptfdisk-native:do_populate_sysroot virtual/bootloader:do_deploy"
 do_image_wic[recrdeptask] += "do_bootimg"
 
 SERIAL_CONSOLES ?= "115200;ttyS0 115200;ttyO0 115200;ttyAMA0"
+SERIAL_CONSOLES_CHECK = "${SERIAL_CONSOLES}"
 APPEND:append = " console=ttyS0,115200"
 
-KERNEL_IMAGETYPE = "zImage"
+PREFERRED_PROVIDER_virtual/kernel ?= "linux-yocto"
+PREFERRED_VERSION_linux-yocto ?= "6.6%"
 
-# ti/omap/ prefix was added in 6.5, need to be removed if someone want to build linux-yocto_6.1
-KERNEL_DEVICETREE = "ti/omap/am335x-bone.dtb ti/omap/am335x-boneblack.dtb ti/omap/am335x-bonegreen.dtb"
+KERNEL_IMAGETYPE = "zImage"
+DTB_FILES = "ti/omap/am335x-bone.dtb ti/omap/am335x-boneblack.dtb ti/omap/am335x-bonegreen.dtb"
 KERNEL_EXTRA_ARGS += "LOADADDR=${UBOOT_ENTRYPOINT}"
 
 PREFERRED_PROVIDER_virtual/bootloader ?= "u-boot"
@@ -35,7 +35,7 @@ UBOOT_MACHINE = "am335x_evm_defconfig"
 UBOOT_ENTRYPOINT = "0x80008000"
 UBOOT_LOADADDRESS = "0x80008000"
 
-MACHINE_FEATURES += "usbgadget usbhost vfat alsa"
+MACHINE_FEATURES = "usbgadget usbhost vfat alsa"
 
 # support runqemu
 EXTRA_IMAGEDEPENDS += "qemu-native qemu-helper-native"
@@ -59,4 +59,5 @@ EFIBOOTGUARD_TIMEOUT ?= "0"
 
 COREOS_IMAGE_SWUPDATE_EXTRACLASSES += "coreos-image-swupdate-beaglebone"
 
-
+require conf/machine/include/coreos-generic-features/efi.inc
+require conf/machine/include/coreos-generic-features/partitions.inc

layers/meta-belden-coreos-bsp/conf/machine/eagle40-03.conf

@@ -3,14 +3,16 @@
 #@DESCRIPTION: Machine support for EAGLE40-03
 #
 
-require conf/machine/include/coreos.inc
 require include/coreos-generic-arch/x64.inc
 
-MACHINE_FEATURES += "pci usbhost x86 acpi serial efi tpm2 "
+MACHINE_FEATURES += "pci usbhost x86 serial efi"
 
 # Kernel configuration
 # ******************************************************************************
 
+PREFERRED_VERSION_linux-yocto ?= "6.6%"
+PREFERRED_PROVIDER_virtual/kernel ?= "linux-yocto"
+
 KERNEL_IMAGETYPE = "bzImage"
 
 #  getty configuration
@@ -26,13 +28,12 @@ APPEND += "console=ttyS0,115200"
 # Ensure that both flash-image.bin and boot.scr are generated as they are needed
 # for a wic image
 WKS_FILE = "generic-uefi.wks.in"
-# COREOS_INSTALLER_WKS_FILE ?= ""  --> TBD
+COREOS_INSTALLER_WKS_FILE ?= "generic-uefi-usb-installer.wks"
 IMAGE_FSTYPES += "wic.xz wic.bmap"
 
 MACHINE_ESSENTIAL_EXTRA_RDEPENDS += " kernel-modules"
-# COREOS_IMAGE_SWUPDATE_EXTRACLASSES += "" --> TBD
 
 # No watchdog available yet
 EFIBOOTGUARD_TIMEOUT ?= "0"
-
-
+require conf/machine/include/coreos-generic-features/efi.inc
+require conf/machine/include/coreos-generic-features/partitions.inc

layers/meta-belden-coreos-bsp/conf/machine/include/coreos-generic-features/efi.inc

@@ -1,5 +1,6 @@
 # EFI Configuration
 # ==============================================================================
 
-MACHINE_FEATURES += " efi"
+MACHINE_FEATURES:append = " efi"
+
 do_image_wic[depends] += "efibootguard-native:do_populate_sysroot efibootguard:do_deploy"

layers/meta-belden-coreos-bsp/conf/machine/include/coreos-generic-features/kernel.inc

@@ -1 +0,0 @@
-PREFERRED_PROVIDER_virtual/kernel ?= "linux-coreos"

layers/meta-belden-coreos-bsp/conf/machine/include/coreos-generic-features/partitions.inc

@@ -1,15 +1,20 @@
-
-# Variable used in WKS file
-
+# Variables used in WKS file
 WKS_PART_EFI ??= 'part --source efibootguard-efi --label efi --part-type=EF00'
 WKS_PART_EFIBOOTGUARD_A ??= 'part --source efibootguard-boot --label ebg0 --part-type=0700 --sourceparams "args=coreos.root=rootfs0,watchdog=${EFIBOOTGUARD_TIMEOUT},revision=2,kernel=${COREOS_KERNEL_FILENAME};KERNEL.EFI"'
 WKS_PART_EFIBOOTGUARD_B ??= 'part --source efibootguard-boot --label ebg1 --part-type=0700 --sourceparams "args=coreos.root=rootfs1,watchdog=${EFIBOOTGUARD_TIMEOUT},revision=1,kernel=${COREOS_KERNEL_FILENAME};KERNEL.EFI"'
 WKS_PART_ROOT_A ??= 'part / --source rootfs --fstype=ext4 --label rootfs0'
 WKS_PART_ROOT_B ??= 'part --fstype=ext4 --label rootfs1'
-WKS_PART_ROOT_SIZE ??= '2G'
+WKS_PART_USERDATA ??= 'part /usr/local/data --fstype=btrfs --label userdata'
 
+PART_EFI_SIZE ??= '64M'
+PART_ROOT_SIZE ??= '1G'
+PART_EFIBG_SIZE ??= '128M'
+PART_USERDATA_SIZE ??= '1G'
+
+# Variables used in SFDISK file
 SFDISK_PART_EFI ??= 'type=C12A7328-F81F-11D2-BA4B-00A0C93EC93B, name="efi"'
 SFDISK_PART_EFIBOOTGUARD_A ??= 'type=EBD0A0A2-B9E5-4433-87C0-68B6B72699C7, name="ebg0"'
 SFDISK_PART_EFIBOOTGUARD_B ??= 'type=EBD0A0A2-B9E5-4433-87C0-68B6B72699C7, name="ebg1"'
 SFDISK_PART_ROOT_A ??= 'type=0FC63DAF-8483-4772-8E79-3D69D8477DE4, name="rootfs0"'
-SFDISK_PART_ROOT_B ??= 'type=0FC63DAF-8483-4772-8E79-3D69D8477DE4, name="rootfs0"'
+SFDISK_PART_ROOT_B ??= 'type=0FC63DAF-8483-4772-8E79-3D69D8477DE4, name="rootfs1"'
+SFDISK_PART_USERDATA ??= 'type=0FC63DAF-8483-4772-8E79-3D69D8477DE4, name="userdata"'

layers/meta-belden-coreos-bsp/conf/machine/include/coreos-generic-machine/vm.inc

@@ -6,7 +6,7 @@ MACHINE_FEATURES += "wifi efi"
 # Add an override that work for all pc image
 MACHINEOVERRIDES =. "vm:"
 
-PREFERRED_VERSION_linux-yocto ?= "6.5%"
+PREFERRED_VERSION_linux-yocto ?= "6.6%"
 PREFERRED_PROVIDER_virtual/kernel ?= "linux-yocto"
 
 MACHINE_EXTRA_RRECOMMENDS += "kernel-modules linux-firmware"
@@ -21,3 +21,5 @@ do_image_wic[recrdeptask] += "do_bootimg"
 # ==============================================================================
 COREOS_EFI_SECUREBOOT_INSTALL_PUBKEY_IN_EFIDIR = "1"
 
+require conf/machine/include/coreos-generic-features/efi.inc
+require conf/machine/include/coreos-generic-features/partitions.inc

layers/meta-belden-coreos-bsp/conf/machine/include/coreos.inc

@@ -1,5 +0,0 @@
-# Common configuration for all coreos machine
-
-require conf/machine/include/coreos-generic-features/kernel.inc
-require conf/machine/include/coreos-generic-features/efi.inc
-require conf/machine/include/coreos-generic-features/partitions.inc

layers/meta-belden-coreos-bsp/conf/machine/qemu-coreos-arm64.conf

@@ -0,0 +1,15 @@
+#@TYPE: Machine
+#@NAME: qemu-generic-arm64
+#@DESCRIPTION: Generic Arm64 machine for typical SystemReady platforms, which
+#have working firmware and boot via EFI.
+
+require conf/machine/qemu-generic-arm64.conf
+MACHINEOVERRIDES =. "qemu-generic-arm64:"
+
+COREOS_IMAGE_GENERATE_INSTALLER = "0"
+
+WKS_FILE = "qemu-efi-coreos-generic.wks.in"
+
+EFIBOOTGUARD_TIMEOUT ?= "0"
+require conf/machine/include/coreos-generic-features/efi.inc
+require conf/machine/include/coreos-generic-features/partitions.inc

layers/meta-belden-coreos-bsp/conf/machine/vm-x64.conf

@@ -2,13 +2,11 @@
 #@NAME: Generic x86_64
 #@DESCRIPTION: Machine configuration for generic x86_64 (64-bit) PCs and servers. Supports a moderately wide range of drivers that should boot and be usable on "typical" hardware.
 
-require conf/machine/include/coreos.inc
 require include/coreos-generic-arch/x64.inc
 require include/coreos-generic-machine/vm.inc
 
+SERIAL_CONSOLES_CHECK = "ttyS0"
 QB_SYSTEM_NAME = "qemu-system-x86_64"
 
 # Currently we don't support the watchdog
 EFIBOOTGUARD_TIMEOUT ?= "0"
-
-

layers/meta-belden-coreos-bsp/recipes-bsp/u-boot/u-boot-coreos.inc

@@ -1,12 +0,0 @@
-# Ensure that file are found event when this file is included in another layer
-# ==============================================================================
-FILESEXTRAPATHS:prepend := "${THISDIR}/u-boot:"
-
-# Main include file for u-boot to ensure CoreOS compatibility
-# ==============================================================================
-
-SRC_URI += " \
-    ${@bb.utils.contains("IMAGE_FEATURES", "debug-tweaks", "file://debug-tweaks.cfg", "", d)} \
-"
-
-require ${@bb.utils.contains("COMBINED_FEATURES", "efi", "u-boot-coreos-efi.inc", "", d)}

layers/meta-belden-coreos-bsp/recipes-bsp/u-boot/u-boot_2023.10.bbappend

@@ -1,2 +0,0 @@
-FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:"
-require u-boot-coreos.inc

layers/meta-belden-coreos-bsp/recipes-coreos/coreos-installer/coreos-installer-config/beaglebone_1.0.sfdisk

@@ -12,8 +12,8 @@ sector-size: 512
 /dev/mmcblk1p1 : start=         256, size=         512, type=4DA6E9DA-C803-4BE4-BAC4-8192717C5EB0, name="mlo", attrs="RequiredPartition"
 /dev/mmcblk1p2 : start=         768, size=        8192, type=5B97345D-B7A1-47D3-A491-ED40F4841639, name="uboot", attrs="RequiredPartition"
 
-/dev/mmcblk1p3 : start=        8960, size=      131072, ${SFDISK_PART_EFI}
-/dev/mmcblk1p4 : start=      140032, size=      262144, ${SFDISK_PART_EFIBOOTGUARD_A}
-/dev/mmcblk1p5 : start=      402176, size=      262144, ${SFDISK_PART_EFIBOOTGUARD_B}
-/dev/mmcblk1p6 : start=      664320, size=     3403375, ${SFDISK_PART_ROOT_A}
-/dev/mmcblk1p7 : start=     4067695, size=     3403375, ${SFDISK_PART_ROOT_B}
+/dev/mmcblk1p3 : size= ${PART_EFI_SIZE}, ${SFDISK_PART_EFI}
+/dev/mmcblk1p4 : size= ${PART_EFIBG_SIZE}, ${SFDISK_PART_EFIBOOTGUARD_A}
+/dev/mmcblk1p5 : size= ${PART_EFIBG_SIZE}, ${SFDISK_PART_EFIBOOTGUARD_B}
+/dev/mmcblk1p6 : size= ${PART_ROOT_SIZE}, ${SFDISK_PART_ROOT_A}
+/dev/mmcblk1p7 : size= ${PART_ROOT_SIZE}, ${SFDISK_PART_ROOT_B}

layers/meta-belden-coreos-bsp/recipes-coreos/coreos-installer/coreos-installer-config/eagle40-03_1.0.sfdisk

@@ -0,0 +1,13 @@
+label: gpt
+device: /dev/mmcblk2
+unit: sectors
+first-lba: 34
+last-lba: 7471070
+sector-size: 512
+
+/dev/mmcblk2p1 : start= 256, size= ${PART_EFI_SIZE}, ${SFDISK_PART_EFI}
+/dev/mmcblk2p2 : size= ${PART_ROOT_SIZE}, ${SFDISK_PART_ROOT_A}
+/dev/mmcblk2p3 : size= ${PART_ROOT_SIZE}, ${SFDISK_PART_ROOT_B}
+/dev/mmcblk2p4 : size= ${PART_EFIBG_SIZE}, ${SFDISK_PART_EFIBOOTGUARD_A}
+/dev/mmcblk2p5 : size= ${PART_EFIBG_SIZE}, ${SFDISK_PART_EFIBOOTGUARD_B}
+/dev/mmcblk2p6 : size= ${PART_USERDATA_SIZE}, ${SFDISK_PART_USERDATA}

layers/meta-belden-coreos-bsp/recipes-coreos/coreos-installer/coreos-installer-config_%.bbappend

@@ -1,3 +1,4 @@
 FILESEXTRAPATHS:prepend := "${THISDIR}/coreos-installer-config:"
 
 SRC_URI:append:beaglebone = " file://beaglebone_1.0.sfdisk"
+SRC_URI:append:eagle40-03 = " file://eagle40-03_1.0.sfdisk"

layers/meta-belden-coreos-bsp/recipes-kernel/linux/files/eagle40-03.cfg

@@ -0,0 +1,2 @@
+CONFIG_F71808E_WDT=y
+CONFIG_WATCHDOG_SYSFS=y

layers/meta-belden-coreos-bsp/recipes-kernel/linux/linux-coreos/coreos-kmeta/bsp/beaglebone-coreos.scc

@@ -1,9 +0,0 @@
-# SPDX-License-Identifier: MIT
-define KMACHINE beaglebone
-define KTYPE coreos
-define KARCH arm
-
-include ktypes/coreos.scc
-
-# Include beaglebone.scc from yocto-kernel-cache
-include bsp/beaglebone/beaglebone.scc

layers/meta-belden-coreos-bsp/recipes-kernel/linux/linux-coreos/coreos-kmeta/bsp/vm-x64-coreos.scc

@@ -1,11 +0,0 @@
-# SPDX-License-Identifier: MIT
-define KMACHINE vm-x64
-define KTYPE coreos
-define KARCH arm
-
-include ktypes/coreos.scc
-
-include bsp/common-pc-64/common-pc-64.scc
-include cfg/virtio.scc
-include cfg/paravirt_kvm.scc
-include cfg/hyperv.cfg

layers/meta-belden-coreos-bsp/recipes-kernel/linux/linux-coreos/coreos-kmeta/cfg/hyperv.scc

@@ -1,4 +0,0 @@
-define KFEATURE_DESCRIPTION "HyperV Guest support"
-define KFEATURE_COMPATIBILITY arch
-
-kconf hardware hyperv.cfg

layers/meta-belden-coreos-bsp/recipes-kernel/linux/linux-coreos/coreos-kmeta/cfg/k3s.scc

@@ -1,4 +0,0 @@
-define KFEATURE_DESCRIPTION "kernel requirement for running k3s"
-define KFEATURE_COMPATIBILITY all
-
-kconf non-hardware k3s.cfg

layers/meta-belden-coreos-bsp/recipes-kernel/linux/linux-coreos/coreos-kmeta/ktypes/coreos.scc

@@ -1,6 +0,0 @@
-# For now one, just fall-back to OE standard ktypes
-include ktypes/standard/standard.scc
-
-include features/netfilter/netfilter.scc
-include cfg/efi.scc
-include cfg/efi-ext.scc

layers/meta-belden-coreos-bsp/recipes-kernel/linux/linux-coreos_6.5.bb

@@ -1,32 +0,0 @@
-KBRANCH ?= "v6.5/standard/base"
-require recipes-kernel/linux/linux-yocto.inc
-
-# CVE exclusions
-include recipes-kernel/linux/cve-exclusion.inc
-include recipes-kernel/linux/cve-exclusion_6.5.inc
-
-SRCREV_machine ?= "128116621dee1ddbc7cf5f58cddc708d7b823600"
-SRCREV_meta ?= "e4aaaaddfaf695039a7fc41815e24f57c29e30c0"
-LINUX_VERSION ?= "6.5.10"
-PV = "${LINUX_VERSION}+git"
-
-SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRANCH};protocol=https \
-           git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.5;destsuffix=${KMETA};protocol=https \
-           file://coreos-kmeta;type=kmeta;name=coreos-kmeta;destsuffix=coreos-kmeta"
-
-LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-
-KMETA = "kernel-meta"
-
-# The distro or local.conf should set this, but we should fallback to coreos
-# instead of standard if it's not the case
-LINUX_KERNEL_TYPE ??= "coreos"
-
-COMPATIBLE_MACHINE = "^(beaglebone|cn9130-cf-pro|vm-x64)$"
-
-# Functionality flags
-KERNEL_EXTRA_FEATURES ?= ""
-KERNEL_FEATURES:append = " ${KERNEL_EXTRA_FEATURES}"
-KERNEL_FEATURES:append = " ${@bb.utils.contains("TUNE_FEATURES", "mx32", " cfg/x32.scc", "", d)}"
-KERNEL_FEATURES:append = " ${@bb.utils.contains("DISTRO_FEATURES", "ptest", " features/scsi/scsi-debug.scc", "", d)}"
-KERNEL_FEATURES:append = " ${@bb.utils.contains("DISTRO_FEATURES", "ptest", " features/gpio/mockup.scc", "", d)}"

layers/meta-belden-coreos-bsp/recipes-kernel/linux/linux-yocto_5.15.bbappend

@@ -0,0 +1,20 @@
+FILESEXTRAPATHS:prepend := "${THISDIR}/files:"
+KMACHINE:vm-x64 ?= "common-pc-64"
+COMPATIBLE_MACHINE:vm-x64 = "vm-x64"
+
+# Enable some kernel features related to virtualiuzation
+KERNEL_FEATURES:append:vm-x64=" cfg/virtio.scc cfg/paravirt_kvm.scc"
+SRC_URI:append:vm-x64 = " file://hyperv.cfg"
+
+KMACHINE:eagle40-03 ?= "common-pc-64"
+KBRANCH:eagle40-03 = "v5.15/standard/base"
+SRCREV_machine:eagle40-03 ?= "3baf1c5c0e6084b3f4a1d2d805168d657f872e60"
+COMPATIBLE_MACHINE:eagle40-03 = "eagle40-03"
+LINUX_VERSION:eagle40-03 = "5.15.134"
+
+
+KBRANCH:beaglebone = "v5.15/standard/beaglebone"
+KMACHINE:beaglebone ?= "beaglebone"
+SRCREV_machine:beaglebone ?= "9aabbaa89fcb21af7028e814c1f5b61171314d5a"
+COMPATIBLE_MACHINE:beaglebone = "beaglebone"
+LINUX_VERSION:beaglebone = "5.15.54"

layers/meta-belden-coreos-bsp/recipes-kernel/linux/linux-yocto_6.6.bbappend

@@ -0,0 +1,14 @@
+FILESEXTRAPATHS:prepend := "${THISDIR}/files:"
+
+KMACHINE:eagle40-03 ?= "common-pc-64"
+COMPATIBLE_MACHINE:eagle40-03 = "eagle40-03"
+
+KMACHINE:beaglebone ?= "beaglebone"
+COMPATIBLE_MACHINE:beaglebone = "beaglebone"
+
+KMACHINE:vm-x64 ?= "common-pc-64"
+COMPATIBLE_MACHINE:vm-x64 = "vm-x64"
+KERNEL_FEATURES:append:vm-x64=" cfg/virtio.scc cfg/paravirt_kvm.scc"
+SRC_URI:append:vm-x64 = " file://hyperv.cfg"
+
+SRC_URI += " file://eagle40-03.cfg"

layers/meta-belden-coreos-bsp/wic/beaglebone-sdcard.wks.in

@@ -13,8 +13,8 @@ part --offset 768S --source rawcopy --sourceparams="file=u-boot.img" --ondisk mm
 # Let's define a 4MiB maximum size for the bootloader
 # 4MiB => 4*1024*1024/512=8192S | 768S + 8192S => 8960S
 ${WKS_PART_EFI} --ondisk mmcblk0 --offset 8960S --fixed-size 32M
-${WKS_PART_EFIBOOTGUARD_A} --ondisk mmcblk0 --fixed-size 128M
-${WKS_PART_EFIBOOTGUARD_B} --ondisk mmcblk0 --fixed-size 128M
-${WKS_PART_ROOT_A} --ondisk mmcblk0 --fixed-size ${WKS_PART_ROOT_SIZE}
-${WKS_PART_ROOT_B} --ondisk mmcblk0 --fixed-size ${WKS_PART_ROOT_SIZE}
+${WKS_PART_EFIBOOTGUARD_A} --ondisk mmcblk0 --fixed-size ${PART_EFIBG_SIZE}
+${WKS_PART_EFIBOOTGUARD_B} --ondisk mmcblk0 --fixed-size ${PART_EFIBG_SIZE}
+${WKS_PART_ROOT_A} --ondisk mmcblk0 --fixed-size ${PART_ROOT_SIZE}
+${WKS_PART_ROOT_B} --ondisk mmcblk0 --fixed-size ${PART_ROOT_SIZE}
 bootloader --ptable gpt

layers/meta-belden-coreos-bsp/wic/generic-uefi-usb-installer.wks

@@ -0,0 +1,16 @@
+# short-description: Create USB image for Eagle 40-03
+# long-description: Creates a partitioned USB image for Eagle 40-03.
+
+# offset 1S => 1 sector (1x512 byte)
+# The bootloader can be at 4 different position in raw mode: 0S, 256S, 512S, 768S
+# MBR disk use only the sector 0, so 1S is free
+# GPT disk use sector 0-33S, so first free slot is 256S
+# Offset are from the BBB default settings
+
+# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+# Don't name partition in the installer disk image, otherwise the installer may not work as it rely on partition label!
+# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+part --offset 256S --source bootimg-partition --part-type=EF00 --ondisk mmcblk0
+part --fixed-size 3G --fstype=vfat --label=image
+bootloader --ptable gpt

layers/meta-belden-coreos-bsp/wic/generic-uefi.wks.in

@@ -1,10 +1,11 @@
 # short-description: Create an EFI disk image for genericx86*
 # long-description: Creates a partitioned EFI disk image for genericx86* machines
-${WKS_PART_EFI} --ondisk sda  --align 1024 --size 64M --extra-space 0 --overhead-factor 1
-${WKS_PART_ROOT_A} --ondisk sda --size ${WKS_PART_ROOT_SIZE} --extra-space 0 --overhead-factor 1
-${WKS_PART_ROOT_B} --ondisk sda --size ${WKS_PART_ROOT_SIZE} --extra-space 0 --overhead-factor 1
-${WKS_PART_EFIBOOTGUARD_A} --ondisk sda  --align 1024 --size 128M --extra-space 0 --overhead-factor 1
-${WKS_PART_EFIBOOTGUARD_B} --ondisk sda  --align 1024 --size 128M --extra-space 0 --overhead-factor 1
 
-part swap --ondisk sda --size 44 --label swap1 --fstype=swap
+${WKS_PART_EFI} --align 1024 --size ${PART_EFI_SIZE} --extra-space 0 --overhead-factor 1
+${WKS_PART_ROOT_A} --size ${PART_ROOT_SIZE} --extra-space 0 --overhead-factor 1
+${WKS_PART_ROOT_B} --size ${PART_ROOT_SIZE} --extra-space 0 --overhead-factor 1
+${WKS_PART_EFIBOOTGUARD_A} --align 1024 --size ${PART_EFIBG_SIZE} --extra-space 0 --overhead-factor 1
+${WKS_PART_EFIBOOTGUARD_B} --align 1024 --size ${PART_EFIBG_SIZE} --extra-space 0 --overhead-factor 1
+${WKS_PART_USERDATA} --size ${PART_USERDATA_SIZE} --extra-space 0 --overhead-factor 1
+
 bootloader --ptable gpt

layers/meta-belden-coreos-bsp/wic/qemu-efi-coreos-generic.wks.in

@@ -0,0 +1,12 @@
+# short-description: Create an EFI disk image
+# long-description: Creates a partitioned EFI disk image that the user
+# can directly dd to boot media.
+
+part --source efibootguard-efi --label efi --part-type=EF00 --use-uuid --offset 20480S --size ${PART_EFI_SIZE} --extra-space 0 --overhead-factor 1
+part / --source rootfs --fstype=ext4 --label rootfs0 --use-uuid --size ${PART_ROOT_SIZE} --extra-space 0 --overhead-factor 1
+part --fstype=ext4 --label rootfs1 --use-uuid --size ${PART_ROOT_SIZE} --extra-space 0 --overhead-factor 1
+part --source efibootguard-boot --label ebg0 --part-type=0700 --sourceparams "args=coreos.root=rootfs0,watchdog=${EFIBOOTGUARD_TIMEOUT},revision=2,kernel=${COREOS_KERNEL_FILENAME};KERNEL.EFI" --use-uuid --align 1024 --size ${PART_EFIBG_SIZE} --extra-space 0 --overhead-factor 1
+part --source efibootguard-boot --label ebg1 --part-type=0700 --sourceparams "args=coreos.root=rootfs1,watchdog=${EFIBOOTGUARD_TIMEOUT},revision=1,kernel=${COREOS_KERNEL_FILENAME};KERNEL.EFI" --use-uuid --align 1024 --size ${PART_EFIBG_SIZE} --extra-space 0 --overhead-factor 1
+${WKS_PART_USERDATA} --use-uuid --size ${PART_USERDATA_SIZE} --extra-space 0 --overhead-factor 1
+
+bootloader --ptable gpt

layers/meta-belden-coreos-demo/conf/layer.conf

@@ -10,4 +10,4 @@ BBFILE_PATTERN_meta-belden-coreos-demo = "^${LAYERDIR}/"
 BBFILE_PRIORITY_meta-belden-coreos-demo = "6"
 
 LAYERDEPENDS_meta-belden-coreos-demo = "meta-belden-coreos meta-belden-coreos-bsp"
-LAYERSERIES_COMPAT_meta-belden-coreos-demo = "nanbield"
+LAYERSERIES_COMPAT_meta-belden-coreos-demo = "kirkstone"

layers/meta-belden-coreos-demo/recipes-core/images/coreos-image-demo-k3s.bb

@@ -4,3 +4,5 @@ require recipes-core/images/coreos-image-all-features.bb
 
 IMAGE_INSTALL += "k3s-agent"
 
+# To use this image, please add k3s to DISTRO_FEATURE inside your
+# local.conf config file.

layers/meta-belden-coreos-demo/recipes-kernel/linux/linux-yocto_%.bbappend

@@ -0,0 +1 @@
+FILESEXTRAPATHS:prepend := "${THISDIR}/files:"

layers/meta-belden-coreos/classes/coreos-image-ci.bbclass

@@ -3,6 +3,7 @@
 # > COREOS_IMAGE_EXTRACLASSES += "coreos-image-ci"
 # in auto.conf (or local.conf)
 
+inherit kernel-artifact-names
 
 def get_coreos_ci_artifacts(d):
     artifacts = []
@@ -12,11 +13,11 @@ def get_coreos_ci_artifacts(d):
 
     # Container handling
     # ==========================================================================
-    
+
     if bb.utils.contains('IMAGE_FSTYPES', 'oci', True, False, d):
 
         artifacts.append(d.getVar('IMAGE_LINK_NAME') + '.rootfs-oci.tar')
-        
+
         # Special case for container, we just need the OCI tarball
         return " ".join(artifacts)
 
@@ -25,10 +26,14 @@ def get_coreos_ci_artifacts(d):
 
     if bb.utils.contains('IMAGE_FSTYPES', 'wic.xz', True, False, d):
         artifacts.append(d.getVar('IMAGE_LINK_NAME') + '.wic.xz')
-    
+
     if bb.utils.contains('IMAGE_FSTYPES', 'wic.bmap', True, False, d):
         artifacts.append(d.getVar('IMAGE_LINK_NAME') + '.wic.bmap')
 
+    # This is used for qemu-coreos-arm64
+    if bb.utils.contains('IMAGE_FSTYPES', 'wic.qcow2', True, False, d):
+        artifacts.append(d.getVar('IMAGE_LINK_NAME') + '.wic.qcow2')
+
     if d.getVar('COREOS_IMAGE_GENERATE_SWU') == '1':
         artifacts.append(d.getVar('IMAGE_LINK_NAME') + '.swu')
 
@@ -90,5 +95,5 @@ do_deploy_ci() {
     for file in ${COREOS_CI_DEPLOY_ARTIFACTS}; do
         echo $file >> $output
     done
-} 
+}
 addtask deploy_ci after do_image before do_build

layers/meta-belden-coreos/classes/coreos-image-installer.bbclass

@@ -0,0 +1,41 @@
+# Class used to generate image based on Belden CoreOS
+
+export IMAGE_BASENAME = "${MLPREFIX}${PN}"
+IMAGE_NAME_SUFFIX ?= ""
+IMAGE_LINGUAS = ""
+
+LICENSE = "MIT"
+
+IMAGE_FSTYPES = "cpio.gz"
+
+# Support for generating a SDCard or USB installer is optional
+COREOS_INSTALLER_WKS_FILE ??= ""
+WKS_FILE = "${COREOS_INSTALLER_WKS_FILE}"
+IMAGE_FSTYPES += "${@'wic.xz wic.bmap' if d.getVar('COREOS_INSTALLER_WKS_FILE') else ''}"
+IMAGE_BOOT_FILES =  "${COREOS_KERNEL_FILENAME};EFI/BOOT/${EFI_BOOT_IMAGE}"
+
+COREOS_IMAGE_GENERATE_UKI = "1"
+
+# IMGDEPLOYDIR has to be used instead of DEPLOY_DIR_IMAGE here, because it will
+# run during image generation
+COREOS_UKI_PART_INITRAMFS = "${IMGDEPLOYDIR}/${IMAGE_BASENAME}-${MACHINE}.cpio.gz"
+COREOS_IMAGE_GENERATE_SWU = "0"
+
+# Change generated UKI filename and reset the bundled command line to "APPEND"
+# to ensure that root is not set in the kernel command line
+COREOS_KERNEL_NAME ?= "coreos-installer-${MACHINE}"
+COREOS_KERNEL_CMDLINE ?= "${APPEND}"
+
+inherit coreos-image
+
+# Only install a reduced set of package and feature to keep image size small
+IMAGE_INSTALL = "packagegroup-coreos-boot coreos-installer coreos-installer-unattended util-linux-sfdisk util-linux-fdisk util-linux-cfdisk efibootguard efibootguard-tools"
+IMAGE_FEATURES = "debug-tweaks swupdate"
+NO_RECOMMENDATIONS = "1"
+
+IMAGE_ROOTFS_SIZE = "8192"
+INITRAMFS_MAXSIZE = "976562"
+IMAGE_ROOTFS_EXTRA_SPACE = "0"
+
+# Use the same restriction as initramfs-module-install
+COMPATIBLE_HOST = '(x86_64.*|i.86.*|arm.*|aarch64.*)-(linux.*|freebsd.*)'

layers/meta-belden-coreos/classes/coreos-image-swupdate.bbclass

@@ -9,8 +9,7 @@
 
 IMAGE_FSTYPES:append = " ext4.zst"
 python () {
-    image = d.getVar('IMAGE_LINK_NAME')
-
+    image = d.getVar('IMAGE_BASENAME')
     d.setVarFlag("SWUPDATE_IMAGES_FSTYPES", image, ".ext4.zst")
 }
 

layers/meta-belden-coreos/classes/coreos-image.bbclass

@@ -68,6 +68,7 @@ PACKAGE_EXCLUDE_COMPLEMENTARY:append = "${@bb.utils.contains_any('PACKAGE_INSTAL
 COREOS_IMAGE_BASE_INSTALL = "\
     packagegroup-coreos-boot \
     packagegroup-coreos-base \
+    secure-storage \
     "
 
 COREOS_IMAGE_EXTRA_INSTALL ?= ""
@@ -89,10 +90,12 @@ IMAGE_ROOTFS_EXTRA_SPACE:append = " ${@bb.utils.contains('DISTRO_FEATURES', 'sys
 # Unified kernel image and swupdate support
 # ==============================================================================
 
-# Support for Unified Kernel Image and Swupdate are optional
-COREOS_IMAGE_GENERATE_INSTALLER ?= "${@bb.utils.contains("DISTRO_FEATURES", "swupdate", "1", "0", d)}"
+# The CoreOS image installer is disabled by default.
+COREOS_IMAGE_GENERATE_INSTALLER ?= "0"
+
+# Support for Unified Kernel Image and Swupdate are optional.
 COREOS_IMAGE_GENERATE_UKI ?= "${@bb.utils.contains("COMBINED_FEATURES", "efi", "1", "0", d)}"
-COREOS_IMAGE_GENERATE_SWU ?= "${@bb.utils.contains("DISTRO_FEATURES", "swupdate", "1", "0", d)}"
+COREOS_IMAGE_GENERATE_SWU ?= "${@"1" if "efi" in d.getVar('COMBINED_FEATURES') and "swupdate" in d.getVar("DISTRO_FEATURES") else "0"}"
 
 # Generate the installer image if needed
 do_build[depends] += "${@'coreos-image-installer:do_build' if d.getVar('COREOS_IMAGE_GENERATE_INSTALLER') == '1' else ''}"

layers/meta-belden-coreos/classes/coreos-sanity.bbclass

@@ -13,6 +13,8 @@ addhandler check_coreos_sanity_eventhandler
 check_coreos_sanity_eventhandler[eventmask] = "bb.event.SanityCheck"
 python check_coreos_sanity_eventhandler() {
 
+    import datetime
+
     # Checks related to the distribution configuration files
     # ==========================================================================
 
@@ -29,13 +31,22 @@ python check_coreos_sanity_eventhandler() {
             "systemd is not set as `INIT_MANAGER`. "
             "Using SystemD is mandatory on CoreOS based distribution"
         )
-    
+
     if e.data.getVar("TCLIBC") != "glibc":
         bb.fatal(
             "glibc is not set as `TCLIBC`. "
             "Using glibc is mandatory on CoreOS based distribution"
         )
-    
+
+    # Check if the timestamp for REPRODUCIBLE_TIMESTAMP_ROOTFS is still up to date
+    first_of_year = datetime.datetime(datetime.date.today().year, 1, 1, tzinfo=datetime.timezone.utc)
+    foy_ts = str(int(first_of_year.timestamp()))
+    if e.data.getVar("REPRODUCIBLE_TIMESTAMP_ROOTFS") != foy_ts:
+        bb.warn(
+            "`REPRODUCIBLE_TIMESTAMP_ROOTFS` outdated!"
+            "Set to current 01. january of the year."
+        )
+
     # Checks related to the machine configuration files
     # ==========================================================================
 
@@ -47,7 +58,7 @@ python check_coreos_sanity_eventhandler() {
                 "CoreOS recommands to use compressed wic image, please add "
                 "`wic.xz` to your machine `IMAGE_FSTYPES` variables"
             )
-        
+
         if not "wic.bmap":
             bb.warn(
                 "wic image should be flashed with bmaptools, but this require "

layers/meta-belden-coreos/classes/coreos_metadata_scm.bbclass

@@ -9,11 +9,11 @@ def coreos_get_scmbasepath(d):
 
 def coreos_detect_revision(d):
     path = coreos_get_scmbasepath(d)
-    return oe.buildcfg.get_metadata_git_revision(path)
+    return base_get_metadata_git_revision(path, d)
 
 def coreos_detect_branch(d):
     path = coreos_get_scmbasepath(d)
-    return oe.buildcfg.get_metadata_git_branch(path)
+    return base_get_metadata_git_branch(path, d)
 
 COREOS_METADATA_BRANCH := "${@coreos_detect_branch(d)}"
 COREOS_METADATA_REVISION := "${@coreos_detect_revision(d)}"

layers/meta-belden-coreos/conf/distro/belden-coreos-base.conf

@@ -5,4 +5,4 @@ DISTRO_NAME = "Belden CoreOS (Base)"
 MAINTAINER = "Belden CoreOS Team"
 
 DISTRO_VERSION = "0.0.1"
-DISTRO_CODENAME = "master"
+DISTRO_CODENAME = "kirkstone"

layers/meta-belden-coreos/conf/distro/belden-coreos.conf

@@ -6,4 +6,4 @@ DISTRO_NAME = "Belden CoreOS"
 MAINTAINER = "Belden CoreOS Team"
 
 DISTRO_VERSION = "0.0.1"
-DISTRO_CODENAME = "master"
+DISTRO_CODENAME = "kirkstone"

layers/meta-belden-coreos/conf/distro/include/belden-coreos-base.inc

@@ -2,6 +2,11 @@
 # it should support the most basic distro without optional coreos
 # features
 
+# Using :coreos override should work on all CoreOS based distro
+# Note that :belden-coreos does not work on CoreOS based distro but will
+# work when build for the belden-coreos distro
+DISTROOVERRIDES = "coreos:${DISTRO}"
+
 INHERIT += "coreos_metadata_scm"
 
 # Distro features and policies
@@ -106,3 +111,8 @@ PACKAGECONFIG:pn-systemd ?= " \
 # Distro based on CoreOS can provide their own configuration files for the
 # CoreOS installer by overriding this variable
 PREFERRED_PROVIDER_coreos-installer-config ??= "coreos-installer-config"
+
+# This TS represents 01.01.2024 generating it dynamically would cause a lot of
+# things to get re-build, we need a good solution for this or change it every
+# year
+REPRODUCIBLE_TIMESTAMP_ROOTFS = "1704067200"

layers/meta-belden-coreos/conf/distro/include/coreos-support.inc

@@ -0,0 +1,149 @@
+COREOS_RECIPE_MAINTAINER:pn-acl = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-arptables = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-attr = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-autoconf-archive = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-base-files = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-base-passwd = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-bash-completion = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-bash = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-binutils-cross-x86_64 = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-boost = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-bridge-utils = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-busybox = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-bzip2 = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-ca-certificates = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-conntrack-tools = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-coreutils = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-cppzmq = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-cracklib = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-cryptsetup = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-curl = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-dbus = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-depmodwrapper-cross = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-e2fsprogs = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-ebtables = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-efibootguard = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-elfutils = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-ethtool = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-expat = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-findutils = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-flatbuffers = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-flex = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-fmt = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-gawk = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-gcc-cross-x86_64 = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-gcc-runtime = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-gcc-source-11.4.0 = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-gdbm = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-glib-2.0 = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-glibc = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-glibc-locale = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-gmp = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-gnu-efi = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-gnutls = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-grub-bootconf = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-grub = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-grub-efi = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-icu = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-iproute2 = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-iptables = "Team CoreOS"
+#iw should be removed
+COREOS_RECIPE_MAINTAINER:pn-json-c = "Team CoreOS"
+# kbd check if it can be removed
+# kmod check if it can be removed
+COREOS_RECIPE_MAINTAINER:pn-libaio = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-libarchive = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-libcap = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-libcap-ng = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-libcheck = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-libconfig = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-libdevmapper = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-libestr = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-libfastjson = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-libffi = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-libgcc = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-libgcc-initial = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-libgcrypt = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-libgpg-error = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-libidn2 = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-liblogging = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-libmnl = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-libnet = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-libnetfilter-conntrack = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-libnetfilter-cthelper = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-libnetfilter-cttimeout = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-libnetfilter-log = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-libnetfilter-queue = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-libnfnetlink = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-libnl = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-libnsl2 = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-libpam = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-libpcap = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-libpcre = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-libseccomp = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-libsodium = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-libsolv = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-libssh2 = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-libssh = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-libtirpc = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-libtool-cross = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-libunistring = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-libusb1 = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-libxcrypt = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-libxml2 = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-linux-libc-headers = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-linux-yocto = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-logrotate = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-lrzsz = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-lvm2 = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-lzo = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-m4 = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-mtools = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-ncurses = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-netbase = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-nettle = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-openssh = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-openssl = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-opkg-arch-config = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-opkg = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-opkg-utils = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-os-release = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-packagegroup-base = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-packagegroup-core-boot = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-packagegroup-coreos-base = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-packagegroup-coreos-boot = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-pciutils = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-perl = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-popt = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-python3 = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-qemuwrapper-cross = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-readline = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-rsyslog = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-run-postinsts = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-secure-storage = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-setserial = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-sh = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-shared-mime-info = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-spdlog = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-sqlite3 = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-swupdate = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-sysfsutils = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-syslinux = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-syslog-ng = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-systemd-bootconf = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-systemd-boot = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-systemd-conf = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-systemd = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-systemd-serialgetty = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-tar = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-tcpdump = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-usbutils = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-util-linux = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-util-linux-libuuid = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-volatile-binds = "Team CoreOS"
+# wpa-supplicant should be removed
+COREOS_RECIPE_MAINTAINER:pn-xz = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-zeromq = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-zip = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-zlib = "Team CoreOS"
+COREOS_RECIPE_MAINTAINER:pn-zstd = "Team CoreOS"

layers/meta-belden-coreos/conf/layer.conf

@@ -15,9 +15,10 @@ LAYERDEPENDS_meta-belden-coreos = "\
     networking-layer \
     virtualization-layer \
     webserver \
+    meta-arm \
 "
 
-LAYERSERIES_COMPAT_meta-belden-coreos = "nanbield"
+LAYERSERIES_COMPAT_meta-belden-coreos = "kirkstone"
 
 # Set a variable to get to the top of the metadata location
 COREOS_ROOT = '${@os.path.normpath("${LAYERDIR}/../../")}'

layers/meta-belden-coreos/files/sw-description

@@ -7,14 +7,14 @@ software =
             copy0 = {
                 images: (
                     {
-                        filename = "@@IMAGE_LINK_NAME@@.ext4.zst";
+                        filename = "@@PN@@-@@MACHINE@@.ext4.zst";
                         compressed = "zstd";
                         installed-directly = true;
                         # partlabel are stored inside the GPT partition table.
                         # The partition table is flashed only once and never updated
                         device = "/dev/disk/by-partlabel/rootfs0";
                         type = "raw";
-                        sha256 = "$swupdate_get_sha256(@@IMAGE_LINK_NAME@@.ext4.zst)";
+                        sha256 = "$swupdate_get_sha256(@@PN@@-@@MACHINE@@.ext4.zst)";
                     }
                     # Don't remove the trailing whitspace on the next line otherwise
                     # it will not work due to a regex bug in meta-swupdate
@@ -64,14 +64,14 @@ software =
             copy1 = {
                 images: (
                     {
-                        filename = "@@IMAGE_LINK_NAME@@.ext4.zst";
+                        filename = "@@PN@@-@@MACHINE@@.ext4.zst";
                         compressed = "zstd";
                         installed-directly = true;
                         # partlabel are stored inside the GPT partition table.
                         # The partition table is flashed only once and never updated
                         device = "/dev/disk/by-partlabel/rootfs1";
                         type = "raw";
-                        sha256 = "$swupdate_get_sha256(@@IMAGE_LINK_NAME@@.ext4.zst)";
+                        sha256 = "$swupdate_get_sha256(@@PN@@-@@MACHINE@@.ext4.zst)";
                     }
                     # Don't remove the trailing whitspace on the next line otherwise
                     # it will not work due to a regex bug in meta-swupdate

layers/meta-belden-coreos/recipes-bsp/efi/efi-secureboot-keys.bb

@@ -1,33 +0,0 @@
-SUMMARY = "A recipe to deploy UEFI public keys update files"
-LICENSE = "CLOSED"
-
-
-INHIBIT_DEFAULT_DEPS = "1"
-inherit nopackages
-
-inherit deploy
-inherit coreos-efi-secureboot
-
-# Public key needed by firmware very depending on the implementation
-# So we copy all type of public key (*.auth, *.esl, *.crt, *der)
-addtask deploy after do_compile
-do_deploy() {
-    install -D -m 644 ${COREOS_EFI_SECUREBOOT_KEYDIR}/KEK.auth ${DEPLOYDIR}/KEK.auth
-    install -D -m 644 ${COREOS_EFI_SECUREBOOT_KEYDIR}/db.auth ${DEPLOYDIR}/db.auth
-    install -D -m 644 ${COREOS_EFI_SECUREBOOT_KEYDIR}/PK.auth ${DEPLOYDIR}/PK.auth
-    
-    install -D -m 644 ${COREOS_EFI_SECUREBOOT_KEYDIR}/KEK.esl ${DEPLOYDIR}/KEK.esl
-    install -D -m 644 ${COREOS_EFI_SECUREBOOT_KEYDIR}/db.esl ${DEPLOYDIR}/db.esl
-    install -D -m 644 ${COREOS_EFI_SECUREBOOT_KEYDIR}/PK.esl ${DEPLOYDIR}/PK.esl
-
-    install -D -m 644 ${COREOS_EFI_SECUREBOOT_KEYDIR}/KEK.crt ${DEPLOYDIR}/KEK.crt
-    install -D -m 644 ${COREOS_EFI_SECUREBOOT_KEYDIR}/db.crt ${DEPLOYDIR}/db.crt
-    install -D -m 644 ${COREOS_EFI_SECUREBOOT_KEYDIR}/PK.crt ${DEPLOYDIR}/PK.crt
-
-    install -D -m 644 ${COREOS_EFI_SECUREBOOT_KEYDIR}/KEK.der ${DEPLOYDIR}/KEK.der
-    install -D -m 644 ${COREOS_EFI_SECUREBOOT_KEYDIR}/db.der ${DEPLOYDIR}/db.der
-    install -D -m 644 ${COREOS_EFI_SECUREBOOT_KEYDIR}/PK.der ${DEPLOYDIR}/PK.der
-
-    # !SECURITY WARNING! 
-    # .key file are not copied to DEPLOYDIR, as they contains the PRIVATE keys
-}

layers/meta-belden-coreos/recipes-bsp/efibootguard/efibootguard/0001-coreos-add-a-coreos-specific-rootfs-switch-to-the-UK.patch

@@ -1,4 +1,4 @@
-From af89555f84e4d7fd9229d417c691bda26190b651 Mon Sep 17 00:00:00 2001
+From 2e8b73826c6ecaf5168002a18282ba7e4ac95e76 Mon Sep 17 00:00:00 2001
 From: Samuel Dolt <samuel.dolt@netmodule.com>
 Date: Mon, 12 Jun 2023 16:29:49 +0200
 Subject: [PATCH] coreos: add a coreos specific rootfs switch to the UKI stub
@@ -14,16 +14,15 @@ by looking the LoadOption string passed by ther firmware:
 
 In all other case, the stub will exist without booting the kernel
 with a INVALID PARAMETER error.
-
 ---
  kernel-stub/main.c | 55 +++++++++++++++++++++++++++++++++++++++++-----
  1 file changed, 50 insertions(+), 5 deletions(-)
 
 diff --git a/kernel-stub/main.c b/kernel-stub/main.c
-index 55873e5..ba903a9 100644
+index c0be1f6..6f456d3 100644
 --- a/kernel-stub/main.c
 +++ b/kernel-stub/main.c
-@@ -129,11 +129,6 @@ EFI_STATUS efi_main(EFI_HANDLE image_handle, EFI_SYSTEM_TABLE *system_table)
+@@ -128,11 +128,6 @@ EFI_STATUS efi_main(EFI_HANDLE image_handle, EFI_SYSTEM_TABLE *system_table)
  		error_exit(L"Error getting LoadedImageProtocol", status);
  	}
  
@@ -35,7 +34,7 @@ index 55873e5..ba903a9 100644
  	pe_header = get_pe_header(stub_image->ImageBase);
  	for (n = 0, section = get_sections(pe_header);
  	     n < pe_header->Coff.NumberOfSections;
-@@ -162,6 +157,56 @@ EFI_STATUS efi_main(EFI_HANDLE image_handle, EFI_SYSTEM_TABLE *system_table)
+@@ -161,6 +156,56 @@ EFI_STATUS efi_main(EFI_HANDLE image_handle, EFI_SYSTEM_TABLE *system_table)
  		kernel_image.LoadOptions = (UINT8 *) stub_image->ImageBase +
  			cmdline_section->VirtualAddress;
  		kernel_image.LoadOptionsSize = cmdline_section->VirtualSize;
@@ -77,7 +76,7 @@ index 55873e5..ba903a9 100644
 +					break;
 +				}
 +
-+				if(StrnCmp(str, symbol, StrLen(symbol)) == 0) {
++				if(StrnCmp(str, &symbol, StrLen(symbol)) == 0) {
 +					/* Replace symbol by rootfs, works because symbole and rootfs has the same length */
 +					StrnCpy(str, rootfs, StrLen(rootfs));
 +				}

layers/meta-belden-coreos/recipes-bsp/efibootguard/efibootguard_%.bbappend

@@ -9,6 +9,8 @@ SRC_URI += "file://0001-coreos-add-a-coreos-specific-rootfs-switch-to-the-UK.pat
 # Add signature support
 # ==============================================================================
 
+DEPENDS:append = " cos-certificates-and-keys-native"
+
 inherit coreos-efi-sbsign
 require conf/image-uefi.conf
 

layers/meta-belden-coreos/recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc

@@ -1,244 +0,0 @@
-DESCRIPTION = "Trusted Firmware-A"
-LICENSE = "BSD-3-Clause & MIT"
-
-PACKAGE_ARCH = "${MACHINE_ARCH}"
-
-inherit deploy
-
-SRC_URI = "git://git.trustedfirmware.org/TF-A/trusted-firmware-a.git;protocol=https;name=tfa;branch=master"
-
-UPSTREAM_CHECK_GITTAGREGEX = "^v(?P<pver>\d+(\.\d+)+)$"
-
-SRCREV_FORMAT = "tfa"
-
-COMPATIBLE_MACHINE ?= "invalid"
-
-# Platform must be set for each machine
-TFA_PLATFORM ?= "invalid"
-
-# Some platforms can have multiple board configurations
-# Leave empty for default behavior
-TFA_BOARD ?= ""
-
-# Some platforms use SPD (Secure Payload Dispatcher) services
-# Few options are "opteed", "tlkd", "trusty", "tspd", "spmd"...
-# Leave empty to not use SPD
-TFA_SPD ?= ""
-
-# Variable used when TFA_SPD=spmd
-TFA_SPMD_SPM_AT_SEL2 ?= "1"
-
-# SP layout file location. Used when TFA_SPD=spmd and TFA_SPMD_SPM_AT_SEL2=1
-TFA_SP_LAYOUT_FILE ?= ""
-
-# SPMC manifest file location. Used when TFA_SPD=spmd and TFA_SPMD_SPM_AT_SEL2=1
-TFA_ARM_SPMC_MANIFEST_DTS ?= ""
-
-# Build for debug (set TFA_DEBUG to 1 to activate)
-TFA_DEBUG ?= "0"
-
-S = "${WORKDIR}/git"
-B = "${WORKDIR}/build"
-
-# mbed TLS support (set TFA_MBEDTLS to 1 to activate)
-TFA_MBEDTLS ?= "0"
-# sub-directory in which mbedtls will be downloaded
-TFA_MBEDTLS_DIR ?= "mbedtls"
-# This should be set to MBEDTLS download URL if MBEDTLS is needed
-SRC_URI_MBEDTLS ??= ""
-# This should be set to MBEDTLS LIC FILES checksum
-LIC_FILES_CHKSUM_MBEDTLS ??= ""
-# add MBEDTLS to our sources if activated
-SRC_URI:append = " ${@bb.utils.contains('TFA_MBEDTLS', '1', '${SRC_URI_MBEDTLS}', '', d)}"
-# Update license variables
-LICENSE:append = "${@bb.utils.contains('TFA_MBEDTLS', '1', ' & Apache-2.0', '', d)}"
-LIC_FILES_CHKSUM:append = "${@bb.utils.contains('TFA_MBEDTLS', '1', ' ${LIC_FILES_CHKSUM_MBEDTLS}', '', d)}"
-# add mbed TLS to version
-SRCREV_FORMAT:append = "${@bb.utils.contains('TFA_MBEDTLS', '1', '_mbedtls', '', d)}"
-
-# U-boot support (set TFA_UBOOT to 1 to activate)
-# When U-Boot support is activated BL33 is activated with u-boot.bin file
-TFA_UBOOT ??= "0"
-
-# UEFI support (set TFA_UEFI to 1 to activate)
-# When UEFI support is activated BL33 is activated with uefi.bin file
-TFA_UEFI ??= "0"
-
-# What to build
-# By default we only build bl1, do_deploy will copy
-# everything listed in this variable (by default bl1.bin)
-TFA_BUILD_TARGET ?= "bl1"
-
-# What to install
-# do_install and do_deploy will install everything listed in this
-# variable. It is set by default to TFA_BUILD_TARGET
-TFA_INSTALL_TARGET ?= "${TFA_BUILD_TARGET}"
-
-# Requires CROSS_COMPILE set by hand as there is no configure script
-export CROSS_COMPILE="${TARGET_PREFIX}"
-
-# Let the Makefile handle setting up the CFLAGS and LDFLAGS as it is a standalone application
-CFLAGS[unexport] = "1"
-LDFLAGS[unexport] = "1"
-AS[unexport] = "1"
-LD[unexport] = "1"
-
-# No configure
-do_configure[noexec] = "1"
-
-# Baremetal, just need a compiler
-DEPENDS:remove = "virtual/${TARGET_PREFIX}compilerlibs virtual/libc"
-
-# We need dtc for dtbs compilation
-# We need openssl for fiptool
-DEPENDS = "dtc-native openssl-native"
-DEPENDS:append:toolchain-clang = " compiler-rt"
-
-# CC and LD introduce arguments which conflict with those otherwise provided by
-# this recipe. The heads of these variables excluding those arguments
-# are therefore used instead.
-def remove_options_tail (in_string):
-    from itertools import takewhile
-    return ' '.join(takewhile(lambda x: not x.startswith('-'), in_string.split(' ')))
-
-EXTRA_OEMAKE += "LD=${@remove_options_tail(d.getVar('LD'))}"
-
-EXTRA_OEMAKE += "CC=${@remove_options_tail(d.getVar('CC'))}"
-
-# Verbose builds, no -Werror
-EXTRA_OEMAKE += "V=1 E=0"
-
-# Add platform parameter
-EXTRA_OEMAKE += "BUILD_BASE=${B} PLAT=${TFA_PLATFORM}"
-
-# Handle TFA_BOARD parameter
-EXTRA_OEMAKE += "${@'TARGET_BOARD=${TFA_BOARD}' if d.getVar('TFA_BOARD') else ''}"
-
-# Handle TFA_SPD parameter
-EXTRA_OEMAKE += "${@'SPD=${TFA_SPD}' if d.getVar('TFA_SPD') else ''}"
-
-# If TFA_SPD is spmd, set SPMD_SPM_AT_SEL2
-EXTRA_OEMAKE += "${@'SPMD_SPM_AT_SEL2=${TFA_SPMD_SPM_AT_SEL2}' if d.getVar('TFA_SPD', True) == 'spmd' else ''}"
-
-# Handle TFA_DEBUG parameter
-EXTRA_OEMAKE += "${@bb.utils.contains('TFA_DEBUG', '1', 'DEBUG=${TFA_DEBUG}', '', d)}"
-
-# Handle MBEDTLS
-EXTRA_OEMAKE += "${@bb.utils.contains('TFA_MBEDTLS', '1', 'MBEDTLS_DIR=${TFA_MBEDTLS_DIR}', '', d)}"
-
-# Uboot support
-DEPENDS += " ${@bb.utils.contains('TFA_UBOOT', '1', 'u-boot', '', d)}"
-do_compile[depends] += " ${@bb.utils.contains('TFA_UBOOT', '1', 'u-boot:do_deploy', '', d)}"
-EXTRA_OEMAKE += "${@bb.utils.contains('TFA_UBOOT', '1', 'BL33=${DEPLOY_DIR_IMAGE}/u-boot.bin', '', d)}"
-
-# UEFI support
-DEPENDS += " ${@bb.utils.contains('TFA_UEFI', '1', 'edk2-firmware', '', d)}"
-EXTRA_OEMAKE += "${@bb.utils.contains('TFA_UEFI', '1', 'BL33=${RECIPE_SYSROOT}/firmware/uefi.bin', '', d)}"
-
-# TFTF test support
-DEPENDS += " ${@bb.utils.contains('TFTF_TESTS', '1', 'tf-a-tests', '', d)}"
-EXTRA_OEMAKE += "${@bb.utils.contains('TFTF_TESTS', '1', 'BL33=${RECIPE_SYSROOT}/firmware/tftf.bin', '',d)}"
-
-# Hafnium support
-SEL2_SPMC = "${@'${TFA_SPMD_SPM_AT_SEL2}' if d.getVar('TFA_SPD', True) == 'spmd' else ''}"
-
-DEPENDS += " ${@bb.utils.contains('SEL2_SPMC', '1', 'hafnium', '', d)}"
-
-EXTRA_OEMAKE += "${@bb.utils.contains('SEL2_SPMC', '1', 'CTX_INCLUDE_EL2_REGS=1 ARM_ARCH_MINOR=4 BL32=${RECIPE_SYSROOT}/firmware/hafnium.bin', '', d)}"
-
-# Add SP layout file and spmc manifest for hafnium
-EXTRA_OEMAKE += "${@bb.utils.contains('SEL2_SPMC', '1', 'SP_LAYOUT_FILE=${TFA_SP_LAYOUT_FILE}' if d.getVar('TFA_SP_LAYOUT_FILE') else '', '', d)}"
-
-EXTRA_OEMAKE += "${@bb.utils.contains('SEL2_SPMC', '1', 'ARM_SPMC_MANIFEST_DTS=${TFA_ARM_SPMC_MANIFEST_DTS}' if d.getVar('TFA_ARM_SPMC_MANIFEST_DTS') else '', '', d)}"
-
-# Tell the tools where the native OpenSSL is located
-EXTRA_OEMAKE += "OPENSSL_DIR=${STAGING_DIR_NATIVE}/${prefix_native}"
-# Use the correct native compiler
-EXTRA_OEMAKE += "HOSTCC='${BUILD_CC}'"
-
-# Runtime variables
-EXTRA_OEMAKE += "RUNTIME_SYSROOT=${STAGING_DIR_HOST}"
-
-BUILD_DIR = "${B}/${TFA_PLATFORM}"
-BUILD_DIR .= "${@'/${TFA_BOARD}' if d.getVar('TFA_BOARD') else ''}"
-BUILD_DIR .= "/${@'debug' if d.getVar("TFA_DEBUG") == '1' else 'release'}"
-
-do_compile() {
-    # This is still needed to have the native tools executing properly by
-    # setting the RPATH
-    sed -i '/^LDLIBS/ s,$, \$\{BUILD_LDFLAGS},' ${S}/tools/fiptool/Makefile
-    sed -i '/^INCLUDE_PATHS/ s,$, \$\{BUILD_CFLAGS},' ${S}/tools/fiptool/Makefile
-    sed -i '/^LIB/ s,$, \$\{BUILD_LDFLAGS},' ${S}/tools/cert_create/Makefile
-
-    # Currently there are races if you build all the targets at once in parallel
-    for T in ${TFA_BUILD_TARGET}; do
-        oe_runmake -C ${S} $T
-    done
-}
-do_compile[cleandirs] = "${B}"
-
-do_install() {
-    install -d -m 755 ${D}/firmware
-    for atfbin in ${TFA_INSTALL_TARGET}; do
-        processed="0"
-        if [ "$atfbin" = "all" ]; then
-            # Target all is not handled by default
-            bberror "all as TFA_INSTALL_TARGET is not handled by do_install"
-            bberror "Please specify valid targets in TFA_INSTALL_TARGET or"
-            bberror "rewrite or turn off do_install"
-            exit 1
-        fi
-
-        if [ -f ${BUILD_DIR}/$atfbin.bin ]; then
-            echo "Install $atfbin.bin"
-            install -m 0644 ${BUILD_DIR}/$atfbin.bin \
-                ${D}/firmware/$atfbin-${TFA_PLATFORM}.bin
-            ln -sf $atfbin-${TFA_PLATFORM}.bin ${D}/firmware/$atfbin.bin
-            processed="1"
-        fi
-        if [ -f ${BUILD_DIR}/$atfbin/$atfbin.elf ]; then
-            echo "Install $atfbin.elf"
-            install -m 0644 ${BUILD_DIR}/$atfbin/$atfbin.elf \
-                ${D}/firmware/$atfbin-${TFA_PLATFORM}.elf
-            ln -sf $atfbin-${TFA_PLATFORM}.elf ${D}/firmware/$atfbin.elf
-            processed="1"
-        fi
-        if [ -f ${BUILD_DIR}/$atfbin ]; then
-            echo "Install $atfbin"
-            install -m 0644 ${BUILD_DIR}/$atfbin \
-                ${D}/firmware/$atfbin-${TFA_PLATFORM}
-            ln -sf $atfbin-${TFA_PLATFORM} ${D}/firmware/$atfbin
-            processed="1"
-        fi
-        if [ -f ${BUILD_DIR}/fdts/$atfbin.dtb ]; then
-            echo "Install $atfbin.dtb"
-            install -m 0644 "${BUILD_DIR}/fdts/$atfbin.dtb" \
-                "${D}/firmware/$atfbin.dtb"
-            processed="1"
-        elif [ "$atfbin" = "dtbs" ]; then
-            echo "dtbs install, skipped: set dtbs in TFA_INSTALL_TARGET"
-        elif [ -f ${B}/tools/$atfbin/$atfbin ]; then
-            echo "Tools $atfbin install, skipped"
-        elif [ "$processed" = "0" ]; then
-            bberror "Unsupported TFA_INSTALL_TARGET target $atfbin"
-            exit 1
-        fi
-    done
-}
-
-FILES:${PN} = "/firmware"
-SYSROOT_DIRS += "/firmware"
-
-FILES:${PN}-dbg = "/firmware/*.elf"
-# Skip QA check for relocations in .text of elf binaries
-INSANE_SKIP:${PN}-dbg = "textrel"
-
-do_deploy() {
-    cp -rf ${D}/firmware/* ${DEPLOYDIR}/
-}
-addtask deploy after do_install
-
-CVE_PRODUCT = "arm:arm-trusted-firmware \
-               arm:trusted_firmware-a \
-               arm:arm_trusted_firmware \
-               arm_trusted_firmware_project:arm_trusted_firmware"

layers/meta-belden-coreos/recipes-bsp/u-boot/u-boot-coreos.inc

@@ -1,12 +1,23 @@
+# Ensure that file are found event when this file is included in another layer
+# ==============================================================================
+FILESEXTRAPATHS:prepend := "${THISDIR}/u-boot:"
+
+# U-Boot CoreOS Distro Settings
+# ==============================================================================
+
+# Enable more debug option when debug-tweaks is enabled
+SRC_URI += " \
+    ${@bb.utils.contains("IMAGE_FEATURES", "debug-tweaks", "file://debug-tweaks.cfg", "", d)} \
+"
+
 inherit coreos-efi-secureboot
 
+# Make sure UEFI and secure boot is enabled for every u-boot build
 SRC_URI += " \
     file://uefi.cfg \
     file://uefi-secureboot.cfg \
 "
 
-DEPENDS:append = " ${PYTHON_PN}-pyopenssl-native u-boot-tools-native"
-
 # Generate a ubootefi.var file inside the build directory
 #
 # This file can be directly linked inside the u-boot binary to provide
@@ -15,6 +26,7 @@ DEPENDS:append = " ${PYTHON_PN}-pyopenssl-native u-boot-tools-native"
 #
 # The efivar.py is taken from u-boot-tools recipes, so that we are sure that he
 # is found and don't depend on the u-boot version being used
+DEPENDS:append = " ${PYTHON_PN}-pyopenssl-native u-boot-tools-native cos-certificates-and-keys-native"
 addtask uboot_generate_efivar after do_configure before do_compile
 do_uboot_generate_efivar() {
     # Settings OPENSSL_MODULES is needed, otherwise efivar.py fail with

layers/meta-belden-coreos/recipes-bsp/u-boot/u-boot_%.bbappend

@@ -0,0 +1,5 @@
+# Add CoreOS distro settings to u-boot
+UBOOT_COREOS_REQUIRE:coreos ?= "u-boot-coreos.inc"
+UBOOT_COREOS_REQUIRE ?= ""
+
+require ${UBOOT_COREOS_REQUIRE}

layers/meta-belden-coreos/recipes-bsp/u-boot/u-boot_2022.10.bb

@@ -4,5 +4,3 @@ require recipes-bsp/u-boot/u-boot.inc
 SRCREV = "4debc57a3da6c3f4d3f89a637e99206f4cea0a96"
 DEPENDS += "bc-native dtc-native python3-setuptools-native"
 LIC_FILES_CHKSUM = "file://Licenses/README;md5=2ca5f2c35c8cc335f0a19756634782f1"
-
-require u-boot-coreos.inc

layers/meta-belden-coreos/recipes-core/images/coreos-image-all-features.bb

@@ -10,3 +10,6 @@ IMAGE_INSTALL:append = "${@bb.utils.contains("IMAGE_FEATURES", "swupdate", " swu
 
 # development tools
 IMAGE_INSTALL:append = " systemd-analyze"
+
+# Enable the optional image installer
+COREOS_IMAGE_GENERATE_INSTALLER = "1"

layers/meta-belden-coreos/recipes-core/images/coreos-image-installer.bb

@@ -1,50 +1,4 @@
 DESCRIPTION = "Initramfs image with the CoreOS emmc installer"
-
-
-
-# Don't reboot the device at reboot and don't do A/B switching
-BAD_RECOMMENDATIONS = "swupdate-progress swupdate-coreos-config"
-
-export IMAGE_BASENAME = "${MLPREFIX}${PN}"
-IMAGE_NAME_SUFFIX ?= ""
-IMAGE_LINGUAS = ""
-
 LICENSE = "MIT"
 
-IMAGE_FSTYPES = "cpio.gz"
-
-# Support for generating a SDCard installer is optional
-COREOS_INSTALLER_WKS_FILE ??= ""
-WKS_FILE = "${COREOS_INSTALLER_WKS_FILE}"
-IMAGE_FSTYPES += "${@'wic.xz wic.bmap' if d.getVar('COREOS_INSTALLER_WKS_FILE') else ''}"
-IMAGE_BOOT_FILES =  "${COREOS_KERNEL_FILENAME};EFI/BOOT/${EFI_BOOT_IMAGE}"
-
-COREOS_IMAGE_GENERATE_UKI = "1"
-
-# Avoid dependancy loop, we are already in an installer image, so we don't need
-# to bundle another one
-COREOS_IMAGE_GENERATE_INSTALLER = "0"
-
-# IMGDEPLOYDIR has to be used instead of DEPLOY_DIR_IMAGE here, because it will
-# run during image generation
-COREOS_UKI_PART_INITRAMFS = "${IMGDEPLOYDIR}/${IMAGE_BASENAME}-${MACHINE}.cpio.gz"
-COREOS_IMAGE_GENERATE_SWU = "0"
-
-# Change generated UKI filename and reset the bundled command line to "APPEND"
-# to ensure that root is not set in the kernel command line
-COREOS_KERNEL_NAME ?= "coreos-installer-${MACHINE}"
-COREOS_KERNEL_CMDLINE ?= "${APPEND}"
-
-inherit coreos-image
-
-# Only install a reduced set of package and feature to keep image size small
-IMAGE_INSTALL = "packagegroup-coreos-boot coreos-installer swupdate-www util-linux-sfdisk util-linux-fdisk util-linux-cfdisk efibootguard efibootguard-tools"
-IMAGE_FEATURES = "debug-tweaks swupdate networkmanager"
-NO_RECOMMENDATIONS = "1"
-
-IMAGE_ROOTFS_SIZE = "8192"
-INITRAMFS_MAXSIZE = "976562"
-IMAGE_ROOTFS_EXTRA_SPACE = "0"
-
-# Use the same restriction as initramfs-module-install
-COMPATIBLE_HOST = '(x86_64.*|i.86.*|arm.*|aarch64.*)-(linux.*|freebsd.*)'
+inherit coreos-image-installer

layers/meta-belden-coreos/recipes-core/packagegroups/packagegroup-coreos-base.bb

@@ -15,7 +15,7 @@ COREOS_IMAGE_EFI_PROVIDER_EXTRA = " \
 "
 
 RDEPENDS:${PN} = "\
-    packagegroup-base-extended \
+    packagegroup-base \
     os-release \
     ${@bb.utils.contains("MACHINE_FEATURES", "efi", "${COREOS_IMAGE_EFI_PROVIDER_EXTRA}", "", d)} \
 "

layers/meta-belden-coreos/recipes-core/packagegroups/packagegroup-coreos-cockpit.bb

@@ -17,4 +17,5 @@ RDEPENDS:${PN} = "\
     cockpit-dashboard \
     cockpit-kdump \
     cockpit-sosreport \
+    cockpit-tuned \
 "

layers/meta-belden-coreos/recipes-core/systemd/systemd-conf/system.conf-watchdog

@@ -0,0 +1,2 @@
+[Manager]
+RuntimeWatchdogSec=5

layers/meta-belden-coreos/recipes-core/systemd/systemd_%.bbappend

@@ -0,0 +1,15 @@
+
+FILESEXTRAPATHS:prepend := "${THISDIR}/systemd-conf:"
+
+SRC_URI += " file://system.conf-watchdog"
+
+do_install:append(){
+	# the creation date/time of this file will be used as initial boot time.
+	# Creation time will be set to REPRODUCIBLE_TIMESTAMP_ROOTFS
+	# More info about the date/time handling here:
+	# https://www.freedesktop.org/software/systemd/man/latest/systemd-timesyncd.service.html
+	touch ${D}/${base_libdir}/clock-epoch
+	install -D -m0644 ${WORKDIR}/system.conf-watchdog ${D}${systemd_unitdir}/system.conf.d/01-${PN}-watchdog.conf
+}
+
+FILES:${PN} += "${base_libdir}/clock-epoch"

layers/meta-belden-coreos/recipes-coreos/coreos-installer/coreos-installer-unattended/99-overwrite.sh

@@ -0,0 +1,23 @@
+#!/usr/bin/env sh
+
+# catch errors from previous source files
+if [ "$SWUPDATE_EXIT" != "" ]; then
+  # Notify the installation status indicator about the failed installation.
+  # This can result in the red LED lighting up.
+  dbus-send --system /org/belden/CoreOSInstallationStatusIndicator org.belden.CoreOSInstallationStatusIndicator.InstallationStatusFailure
+  exit 1
+fi
+
+# Notify the installation status indicator about the success with partitioning
+# the blockdevice. This can result in the first green LED lighting up.
+dbus-send --system /org/belden/CoreOSInstallationStatusIndicator org.belden.CoreOSInstallationStatusIndicator.InstallationStatusPartitioningSuccess
+
+mount /dev/disk/by-label/image /mnt
+if [ ! -f "/mnt/image.swu" ]; then
+  echo "Could not find image.swu on the vfat partition!"
+  dbus-send --system /org/belden/CoreOSInstallationStatusIndicator org.belden.CoreOSInstallationStatusIndicator.InstallationStatusFailure
+  exit 1
+fi
+
+SWUPDATE_ARGS="${SWUPDATE_ARGS} -p /usr/lib/swupdate/post-install.sh"
+SWUPDATE_ARGS="${SWUPDATE_ARGS} -i /mnt/image.swu"

layers/meta-belden-coreos/recipes-coreos/coreos-installer/coreos-installer-unattended/post-install.sh

@@ -0,0 +1,5 @@
+#!/usr/bin/env sh
+
+# Notify the installation status indicator about the success with flashing the image.
+# This can result in the second green LED lighting up.
+dbus-send --system /org/belden/CoreOSInstallationStatusIndicator org.belden.CoreOSInstallationStatusIndicator.InstallationStatusImageFlashingSuccess

layers/meta-belden-coreos/recipes-coreos/coreos-installer/coreos-installer-unattended_1.0.bb

@@ -0,0 +1,23 @@
+DESCRIPTION = "CoreOS scripts for unattended installation"
+SECTION = "coreos"
+LICENSE = "CLOSED"
+
+SRC_URI += "\
+    file://99-overwrite.sh \
+    file://post-install.sh \
+"
+
+FILES:${PN} = "\
+    ${libdir}/swupdate/conf.d/99-overwrite.sh \
+    ${libdir}/swupdate/post-install.sh \
+"
+
+RDEPENDS:${PN} = "coreos-installer"
+
+RCONFLICTS:${PN} = "swupdate-www"
+
+do_install() {
+    install -d ${D}${libdir}/swupdate/conf.d
+    install -m 755 ${WORKDIR}/post-install.sh ${D}${libdir}/swupdate/
+    install -m 755 ${WORKDIR}/99-overwrite.sh ${D}${libdir}/swupdate/conf.d/
+}

layers/meta-belden-coreos/recipes-coreos/coreos-installer/coreos-installer/25-installer-config.sh

@@ -1,5 +1,8 @@
 #!/usr/bin/env sh
 
+set -o errtrace
+trap 'echo "An error occured in line $LINENO: $BASH_COMMAND, exiting..."; SWUPDATE_EXIT=1; exit;' ERR
+
 # Read /etc/hwrevision and turn it into a stripped string
 # with the format ${MACHINE}_${VERSION}
 HWREVISION=$(tr ' ' '_' < /etc/hwrevision | tr -d '[:space:]')
@@ -15,6 +18,13 @@ fi
 
 DISK=$(grep "^device:\s" < "${SFDISK_DUMP_FILE}" | cut -d ' ' -f 2)
 
+# Remove the partition table signature, if there is already one.
+# This ensures that sfdisk always finds a 'clean' disk to install / recover
+wipefs -a -f ${DISK}
+
+# Give the kernel some time to reload the partition
+sleep 3
+
 echo "Flashing ${SFDISK_DUMP_FILE} to ${DISK}"
 cat "${SFDISK_DUMP_FILE}"
 sfdisk "${DISK}" < "${SFDISK_DUMP_FILE}"
@@ -48,3 +58,4 @@ umount /mnt/ebg1
 umount /mnt/efi
 
 SWUPDATE_ARGS="${SWUPDATE_ARGS} -e stable,copy0"
+SWUPDATE_ARGS="${SWUPDATE_ARGS} -k /usr/lib/swupdate/swupdate.crt"

layers/meta-belden-coreos/recipes-coreos/coreos-installer/coreos-installer_1.0.bb

@@ -1,22 +1,18 @@
 DESCRIPTION = "CoreOS Installer scripts"
-LICENSE = "CLOSED"
 SECTION = "coreos"
+LICENSE = "CLOSED"
 
-SRC_URI+= " \
-    file://25-installer-config.sh \
-"
+SRC_URI += "file://25-installer-config.sh"
 
-# This package ship an alternate configuration for SWUpade to disable A/B
-# switching and always flash A
-RCONFLICTS:${PN}= "swupdate-coreos-config"
-
-FILES:${PN} = " \
-    ${libdir}/swupdate/conf.d/25-installer-config.sh \
-"
+FILES:${PN} = "${libdir}/swupdate/conf.d/25-installer-config.sh"
 
 # glibc-utils provide iconv
 # glibc-gconv-utf-16 provide utf-16 support to iconv
-RDEPENDS:${PN} = "coreos-installer-config dosfstools util-linux-lsblk util-linux-sfdisk glibc-utils glibc-gconv-utf-16"
+RDEPENDS:${PN} = "coreos-installer-config dosfstools glibc-gconv-utf-16 glibc-utils util-linux-lsblk util-linux-sfdisk util-linux-wipefs"
+
+# This package ships an alternate configuration for SWUpdate to disable A/B
+# switching and always flash A
+RCONFLICTS:${PN} = "swupdate-coreos-config"
 
 do_install() {
     install -d ${D}${libdir}/swupdate/conf.d

layers/meta-belden-coreos/recipes-kernel/linux/files/secure-storage.cfg

@@ -0,0 +1,4 @@
+CONFIG_BLK_DEV_DM=y
+CONFIG_KEYS=y
+CONFIG_ENCRYPTED_KEYS=y
+CONFIG_DM_CRYPT=y

layers/meta-belden-coreos/recipes-kernel/linux/linux-yocto-coreos.inc

@@ -0,0 +1,8 @@
+FILESEXTRAPATHS:prepend := "${THISDIR}/files:"
+
+# Secure Storage
+# ==============================================================================
+SRC_URI += "file://secure-storage.cfg"
+
+# Ensure the Kernel EFI STUB is enabled
+KERNEL_FEATURES += "cfg/efi.scc cfg/efi-ext.scc"

layers/meta-belden-coreos/recipes-kernel/linux/linux-yocto_%.bbappend

@@ -0,0 +1,6 @@
+# Add CoreOS distro settings to the linux-yocto recipes
+
+LINUX_YOCTO_COREOS_REQUIRE ?= ""
+LINUX_YOCTO_COREOS_REQUIRE:coreos = "linux-yocto-coreos.inc"
+
+require ${LINUX_YOCTO_COREOS_REQUIRE}

layers/meta-belden-coreos/recipes-security/cos-certificates-and-keys/cos-certificates-and-keys-native_1.0.bb

@@ -0,0 +1,65 @@
+SUMMARY = "Installs CoreOS certificates and keys"
+DESCRIPTION = "Installs CoreOS certificates and keys that are used during the build"
+AUTHOR = "Patrick Vogelaar"
+LICENSE = "CLOSED"
+
+SRC_URI = "git://git@bitbucket.gad.local:7999/ico/development-keys.git;protocol=ssh;branch=master"
+SRCREV = "2b5d6941ea8759db90f07e195bb1855f618cccb7"
+
+S = "${WORKDIR}/git"
+
+inherit deploy native
+
+CERTIFICATES_AND_KEYS_DIR ?= "${datadir}/keys/"
+
+#FILES:${PN} += "${CERTIFICATES_AND_KEYS_DIR}/*"
+
+
+do_install() {
+    install -d "${D}/${CERTIFICATES_AND_KEYS_DIR}"
+    install -m 755 ${S}/db.auth ${D}/${CERTIFICATES_AND_KEYS_DIR}/db.auth
+    install -m 755 ${S}/db.crt ${D}/${CERTIFICATES_AND_KEYS_DIR}/db.crt
+    install -m 755 ${S}/db.der ${D}/${CERTIFICATES_AND_KEYS_DIR}/db.der
+    install -m 755 ${S}/db.esl ${D}/${CERTIFICATES_AND_KEYS_DIR}/db.esl
+    install -m 755 ${S}/db.key ${D}/${CERTIFICATES_AND_KEYS_DIR}/db.key
+    install -m 755 ${S}/KEK.auth ${D}/${CERTIFICATES_AND_KEYS_DIR}/KEK.auth
+    install -m 755 ${S}/KEK.crt ${D}/${CERTIFICATES_AND_KEYS_DIR}/KEK.crt
+    install -m 755 ${S}/KEK.der ${D}/${CERTIFICATES_AND_KEYS_DIR}/KEK.der
+    install -m 755 ${S}/KEK.esl ${D}/${CERTIFICATES_AND_KEYS_DIR}/KEK.esl
+    install -m 755 ${S}/KEK.key ${D}/${CERTIFICATES_AND_KEYS_DIR}/KEK.key
+    install -m 755 ${S}/PK.auth ${D}/${CERTIFICATES_AND_KEYS_DIR}/PK.auth
+    install -m 755 ${S}/PK.crt ${D}/${CERTIFICATES_AND_KEYS_DIR}/PK.crt
+    install -m 755 ${S}/PK.der ${D}/${CERTIFICATES_AND_KEYS_DIR}/PK.der
+    install -m 755 ${S}/PK.esl ${D}/${CERTIFICATES_AND_KEYS_DIR}/PK.esl
+    install -m 755 ${S}/PK.key ${D}/${CERTIFICATES_AND_KEYS_DIR}/PK.key
+    install -m 755 ${S}/swupdate.crt ${D}/${CERTIFICATES_AND_KEYS_DIR}/swupdate.crt
+    install -m 755 ${S}/swupdate.key ${D}/${CERTIFICATES_AND_KEYS_DIR}/swupdate.key
+
+    bbwarn "Development certificates and keys are added into the image (UNSECURE)! This image must not be released!"
+}
+
+
+# Public key needed by firmware very depending on the implementation
+# So we copy all type of public key (*.auth, *.esl, *.crt, *der)
+
+addtask deploy after do_compile
+do_deploy() {
+    install -D -m 644 ${S}/KEK.auth ${DEPLOYDIR}/KEK.auth
+    install -D -m 644 ${S}/db.auth ${DEPLOYDIR}/db.auth
+    install -D -m 644 ${S}/PK.auth ${DEPLOYDIR}/PK.auth
+
+    install -D -m 644 ${S}/KEK.esl ${DEPLOYDIR}/KEK.esl
+    install -D -m 644 ${S}/db.esl ${DEPLOYDIR}/db.esl
+    install -D -m 644 ${S}/PK.esl ${DEPLOYDIR}/PK.esl
+
+    install -D -m 644 ${S}/KEK.crt ${DEPLOYDIR}/KEK.crt
+    install -D -m 644 ${S}/db.crt ${DEPLOYDIR}/db.crt
+    install -D -m 644 ${S}/PK.crt ${DEPLOYDIR}/PK.crt
+
+    install -D -m 644 ${S}/KEK.der ${DEPLOYDIR}/KEK.der
+    install -D -m 644 ${S}/db.der ${DEPLOYDIR}/db.der
+    install -D -m 644 ${S}/PK.der ${DEPLOYDIR}/PK.der
+
+    # !SECURITY WARNING!
+    # .key file are not copied to DEPLOYDIR, as they contains the PRIVATE keys
+}

layers/meta-belden-coreos/recipes-security/secure-storage/files/sec-storage-loopback.sh

@@ -0,0 +1,93 @@
+#!/usr/bin/env sh
+
+loopdir=/usr/local/data/loopdevices
+loopfile=$loopdir/crypt.loop
+
+keyfiledir=/usr/local/data/.crypto
+keyfile=$keyfiledir/ss_crypto.keyfile
+
+#megabytes
+loopsize=16
+
+#/dev/mapper/xxxxx when open
+cryptmapper=secStorage
+
+makefilesystem=ext4
+
+#mountpoint of uncrypted device
+mountpoint=/usr/local/data/secure-storage
+
+create_keyfile() {
+	# echo "Create key file"
+	systemd-notify --status="Create key file"
+	mkdir -p $keyfiledir
+	dd if=/dev/urandom of=$keyfile bs=1 count=256
+	chown root:root $keyfiledir/*
+	chmod 000 $keyfiledir/*
+}
+
+error() {
+	echo "Error: $1"
+	exit $?
+}
+
+#creates a new file
+create_loopback_and_open() {
+	# echo "Creating a file with random bits.. this could take a while..."
+	systemd-notify --status="Creating a file with random bits.. this could take a while..."
+	mkdir -p $loopdir || error "Creating loopdir"
+	mkdir -p $mountpoint || error "Creating mountpoint"
+	dd if=/dev/urandom of=$loopfile bs=1M count=$loopsize || error "Creating loopfile"
+	loopdevice=$(losetup -f --show $loopfile) || error "Setting up loop device"
+	echo "Selected loop device: $loopdevice"
+	cryptsetup luksFormat -q --key-file $keyfile $loopdevice || error "Setting up encrypted loop device"
+	cryptsetup open --key-file $keyfile $loopdevice $cryptmapper || error "Opening encrypted loop device"
+	mkfs.$makefilesystem /dev/mapper/$cryptmapper || error "Creating encrypted FS"
+	mount /dev/mapper/$cryptmapper $mountpoint || error "Mounting encrypted FS"
+	systemd-notify --ready --status="Sucessfully mounted secure storage"
+}
+
+#mounts crypted loopback file
+open() {
+	#echo "Open secure-storage"
+	systemd-notify --status="Open secure storage"
+	loopdevice=$(losetup -f --show $loopfile) || error "Setting up loop device"
+	echo "Selected loop device: $ld"
+	cryptsetup open --key-file $keyfile $loopdevice $cryptmapper || error "Opening encrypted loop device"
+	mount /dev/mapper/$cryptmapper $mountpoint || error "Mounting encrypted FS"
+	systemd-notify --ready --status="Sucessfully mounted secure storage"
+}
+
+#unmounts previously mounted loopback file
+close() {
+	echo "Close secure-storage"
+	# get loopdevice
+	loopdevice=$(losetup --list --noheadings --output NAME,BACK-FILE | grep crypt.loop | awk '{print $1}')
+	umount $mountpoint
+	cryptsetup close $cryptmapper
+	losetup -d $loopdevice
+}
+
+if [ $# -eq 1 ]
+then
+	#echo "Parameter detected"
+	$1
+	exit 0
+fi
+
+if [ -e $keyfile ]
+then
+	#echo "Key file available"
+	if [ -e $loopfile ]
+	then
+		#echo "Loop file available"
+		open
+	else
+		#echo "Loop file not available"
+		create_loopback_and_open
+	fi
+else
+	#echo "Key file not available"
+	create_keyfile
+	create_loopback_and_open
+fi

layers/meta-belden-coreos/recipes-security/secure-storage/files/secure-storage.service

@@ -0,0 +1,12 @@
+[Unit]
+Description=Secure Storage Service
+RequiresMountsFor=/usr/local/data
+
+[Service]
+Type=notify
+ExecStart=/usr/bin/sec-storage-loopback.sh
+TimeoutSec=300
+
+[Install]
+WantedBy=local-fs.target
+

layers/meta-belden-coreos/recipes-security/secure-storage/secure-storage_1.0.bb

@@ -0,0 +1,34 @@
+SUMMARY = "Provides a Secure Storage"
+DESCRIPTION = "The secure storage is a loopback mount that is encrypted. It protects data in rest"
+AUTHOR = "Patrick Vogelaar"
+LICENSE = "CLOSED"
+
+SRC_URI = "\
+    file://sec-storage-loopback.sh \
+    file://secure-storage.service \
+    "
+
+S = "${WORKDIR}"
+
+inherit systemd
+
+FILES:${PN} += "\
+    /usr/local/data/ \
+    ${systemd_unitdir}/system \
+    ${bindir}/sec-storage-loopback.sh \
+    ${systemd_unitdir}/system/secure-storage.service \
+    "
+
+do_install() {
+    install -d ${D}$/usr/local/data/
+    install -d ${D}${bindir}
+    install -m 0731 ${S}/sec-storage-loopback.sh ${D}${bindir}/sec-storage-loopback.sh
+
+    install -d ${D}${systemd_unitdir}/system
+    install -m 0644 ${S}/secure-storage.service ${D}${systemd_unitdir}/system
+}
+
+SYSTEMD_SERVICE:${PN} = "secure-storage.service"
+SYSTEMD_AUTO_ENABLE = "enable"
+
+RDEPENDS:${PN} += "cryptsetup util-linux-losetup e2fsprogs-mke2fs"

layers/meta-belden-coreos/recipes-support/swupdate/swupdate/defconfig

@@ -24,6 +24,7 @@ CONFIG_DISKPART=y
 CONFIG_DISKPART_FORMAT=y
 CONFIG_FAT_FILESYSTEM=y
 CONFIG_EXT_FILESYSTEM=y
+CONFIG_SIGNED=y
 CONFIG_SIGNED_IMAGES=y
 CONFIG_SIGALG_RAWRSA=n
 CONFIG_SIGALG_CMS=y

layers/meta-belden-coreos/recipes-support/swupdate/swupdate_%.bbappend

@@ -5,6 +5,8 @@ REQUIRED_DISTRO_FEATURES = "swupdate"
 # same file in meta-swupdate
 FILESEXTRAPATHS:prepend := "${THISDIR}/swupdate:"
 
+DEPENDS += "cos-certificates-and-keys-native"
+
 SRC_URI += "\
     file://50-webserver-config.sh \
     file://25-sw-collections-config.sh \
@@ -46,3 +48,6 @@ do_install:append() {
     install -m 755 ${COREOS_EFI_SECUREBOOT_KEYDIR}/swupdate.crt ${D}${libdir}/swupdate/
     echo "${MACHINE} 1.0" > ${D}${sysconfdir}/hwrevision
 }
+
+# Fix: libgcc_s.so.1 must be installed for pthread_exit to work
+RDEPENDS:${PN} += "libgcc"

layers/meta-belden-marvell-bsp/COPYING.MIT

@@ -0,0 +1,17 @@
+Permission is hereby granted, free of charge, to any person obtaining a copy 
+of this software and associated documentation files (the "Software"), to deal 
+in the Software without restriction, including without limitation the rights 
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 
+copies of the Software, and to permit persons to whom the Software is 
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in 
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 
+THE SOFTWARE.

layers/meta-belden-marvell-bsp/README

@@ -0,0 +1,41 @@
+This README file contains information on the contents of the meta-belden-marvell-bsp layer.
+
+Please see the corresponding sections below for details.
+
+Dependencies
+============
+
+  URI: <first dependency>
+  branch: <branch name>
+
+  URI: <second dependency>
+  branch: <branch name>
+
+  .
+  .
+  .
+
+Patches
+=======
+
+Please submit any patches against the meta-belden-marvell-bsp layer to the xxxx mailing list (xxxx@zzzz.org)
+and cc: the maintainer:
+
+Maintainer: XXX YYYYYY <xxx.yyyyyy@zzzzz.com>
+
+Table of Contents
+=================
+
+  I. Adding the meta-belden-marvell-bsp layer to your build
+ II. Misc
+
+
+I. Adding the meta-belden-marvell-bsp layer to your build
+=================================================
+
+Run 'bitbake-layers add-layer meta-belden-marvell-bsp'
+
+II. Misc
+========
+
+--- replace with specific information about the meta-belden-marvell-bsp layer ---

layers/meta-belden-marvell-bsp/classes/coreos-image-swupdate-cn913x.bbclass

@@ -0,0 +1,20 @@
+
+SWUPDATE_IMAGES += "flash-image"
+SWUPDATE_IMAGES_FSTYPES[flash-image] = ".bin"
+
+COREOS_SWUPDATE_EXTENDS_FOR:append = "cn913x"
+
+def coreos_swupdate_extends_images_for_cn913x(d,s):
+    boot0 = {
+        "filename" : "flash-image.bin",
+        "installed-directly" : "true",
+        "device" : "/dev/disk/by-partlabel/fw0",
+        "type" : "raw",
+        "sha256" : swupdate_get_sha256(d, s, "flash-image.bin"),
+    }
+
+    boot1 = boot0.copy()
+    boot1["device"] = "/dev/disk/by-partlabel/fw1"
+
+
+    return [boot0, boot1]

layers/meta-belden-marvell-bsp/conf/layer.conf

@@ -0,0 +1,13 @@
+# We have a conf and classes directory, add to BBPATH
+BBPATH .= ":${LAYERDIR}"
+
+# We have recipes-* directories, add to BBFILES
+BBFILES += "${LAYERDIR}/recipes-*/*/*.bb \
+            ${LAYERDIR}/recipes-*/*/*.bbappend"
+
+BBFILE_COLLECTIONS += "meta-belden-marvell-bsp"
+BBFILE_PATTERN_meta-belden-marvell-bsp = "^${LAYERDIR}/"
+BBFILE_PRIORITY_meta-belden-marvell-bsp = "6"
+
+LAYERDEPENDS_meta-belden-marvell-bsp = "core meta-belden-coreos meta-arm"
+LAYERSERIES_COMPAT_meta-belden-marvell-bsp = "kirkstone"

layers/meta-belden-marvell-bsp/conf/machine/cn9130-cf-pro.conf

@@ -0,0 +1,6 @@
+#@TYPE: Machine
+#@NAME: cn9130-cf-pro
+#@DESCRIPTION: Machine support for Solidrun ClearFog CN9130 Pro
+#
+
+require conf/machine/include/cn913x.inc

layers/meta-belden-marvell-bsp/conf/machine/cn9131-bldn-mbv.conf

@@ -0,0 +1,10 @@
+#@TYPE: Machine
+#@NAME: cn9131-bldn-mbv
+#@DESCRIPTION: CN9131 SOM based on Bldn MBV-A/B
+#
+
+require conf/machine/include/cn913x.inc
+
+### Device specific settings
+# Needed for phy firmware
+MACHINE_EXTRA_RDEPENDS += "linux-firmware-microchip"

layers/meta-belden-marvell-bsp/conf/machine/include/cn913x.inc

@@ -0,0 +1,63 @@
+# cn913x is from Marvell octeon tx2 family, but it's based on a cortex-A72
+# so we can't use the armv8-2a/tune-octeontx2.inc (armv8a vs arm8-2a)
+# instead we can use the older octeontx family previously known as thunderx
+require conf/machine/include/arm/armv8a/tune-thunderx.inc
+
+# SOC_FAMILY is added to MACHINE_OVERRIDES in the soc-family.inc file
+SOC_FAMILY = "cn913x"
+require conf/machine/include/soc-family.inc
+
+# Bootloader configuration
+# *****************************************************************************
+
+PREFERRED_PROVIDER_virtual/bootloader = "u-boot"
+PREFERRED_VERSION_u-boot ?= "2019.10-solidrun"
+
+# All cn913x use the same defconfig for u-boot, but another devicetree by
+# settings UBOOT_BUILDENV_DEVICE_TREE in the machine configuration file
+UBOOT_MACHINE = "sr_cn913x_cex7_defconfig"
+UBOOT_BUILDENV_DEVICE_TREE ??= "${MACHINE}"
+
+UBOOT_ENTRYPOINT = "0x7000000"
+UBOOT_LOADADDRESS = "0x7000000"
+
+# Kernel configuration
+# ******************************************************************************
+
+PREFERRED_PROVIDER_virtual/kernel ?= "linux-netmodule"
+PREFERRED_VERSION_linux-netmodule ?= "git-5.15-solidrun"
+PREFERRED_VERSION_trusted_firmware_a = "2.6"
+
+KERNEL_IMAGETYPE = "Image"
+KERNEL_EXTRA_ARGS += "LOADADDR=${UBOOT_ENTRYPOINT}"
+
+KERNEL_DEFCONFIG ?= "cn9130-netmodule_defconfig"
+
+KERNEL_DEVICETREE ?= "\
+    marvell/${MACHINE}.dtb \
+"
+
+#  getty configuration
+# ******************************************************************************
+
+SERIAL_CONSOLES = "115200;ttyS0 115200;ttyAMA0"
+SERIAL_CONSOLES_CHECK ?= "${SERIAL_CONSOLES}"
+APPEND += "console=ttyS0,115200"
+
+# Image generation
+# ******************************************************************************
+
+# Ensure that both flash-image.bin and boot.scr are generated as they are needed
+# for a wic image
+do_image_wic[depends] += "trusted-firmware-a:do_deploy"
+WKS_FILE = "cn913x-sdcard.wks.in"
+COREOS_INSTALLER_WKS_FILE ?= "cn913x-sdcard-installer.wks"
+IMAGE_FSTYPES += "wic.xz wic.bmap"
+
+MACHINE_ESSENTIAL_EXTRA_RDEPENDS += " kernel-modules kernel-devicetree"
+COREOS_IMAGE_SWUPDATE_EXTRACLASSES += " coreos-image-swupdate-cn913x"
+
+# No watchdog available yet
+EFIBOOTGUARD_TIMEOUT ?= "0"
+require conf/machine/include/coreos-generic-features/efi.inc
+require conf/machine/include/coreos-generic-features/partitions.inc

layers/meta-belden-marvell-bsp/recipes-bsp/mv-ddr-marvell/mv-ddr-marvell/0001-COMPILE-fix-stack-overflow-warning.patch

@@ -0,0 +1,23 @@
+From 85df3fa1ce20e577b2a1c83af01a88b7abc373ac Mon Sep 17 00:00:00 2001
+From: Alon Rotman <alon.rotman@solid-run.com>
+Date: Wed, 24 Mar 2021 15:47:08 +0200
+Subject: [PATCH] COMPILE: fix stack overflow warning
+
+Signed-off-by: Alon Rotman <alon.rotman@solid-run.com>
+---
+ drivers/snps/snps_fw.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/snps/snps_fw.c b/drivers/snps/snps_fw.c
+index e2bbe57..811d70c 100644
+--- a/drivers/snps/snps_fw.c
++++ b/drivers/snps/snps_fw.c
+@@ -451,7 +451,7 @@ static void snps_mail_box_print_stream_msg(int msg_id, int msg_log_index)
+ 
+ 	/* 1D and 2D have different mail box dictionary database */
+ 	mb_stream_database = (snps_get_state() == TRAINING_2D ? two_d_messages : one_d_messages);
+-	stream_msg_count = sizeof(mb_stream_database) / sizeof(mb_stream_database[0]);
++	stream_msg_count = sizeof(mb_stream_database) / sizeof(struct mail_box_stream_message);
+ 
+ 	/* Most of the dictionary msg_id's are continuous, so first check database if
+ 	 * msg_id cell holds this msg_id */

layers/meta-belden-marvell-bsp/recipes-bsp/mv-ddr-marvell/mv-ddr-marvell/0001-fix-compilation-errors-popped-up-by-GCC-10.patch

@@ -0,0 +1,62 @@
+From 18c20824d9cb05c461c30f86484c0f2b0132bb85 Mon Sep 17 00:00:00 2001
+From: Konstantin Porotchkin <kostap@marvell.com>
+Date: Tue, 19 Jan 2021 14:06:36 +0200
+Subject: [PATCH] fix compilation errors popped up by GCC-10
+
+1. Multiple structure definitions due to define usage
+   in a header file.
+2. Computing static array size from a derived pointer
+
+Change-Id: Ic016813c3f06e2ec8ff9b7ad33c182c85faaa7d5
+Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
+Reviewed-on: https://sj1git1.cavium.com/c/IP/SW/boot/mv_ddr/+/43918
+Tested-by: sa_ip-sw-jenkins <sa_ip-sw-jenkins@marvell.com>
+Reviewed-by: Ofer Heifetz <oferh@marvell.com>
+Reviewed-by: Nadav Haklai <nadavh@marvell.com>
+---
+ drivers/snps/snps.h    |  2 +-
+ drivers/snps/snps_fw.c | 11 +++++++++--
+ 2 files changed, 10 insertions(+), 3 deletions(-)
+
+diff --git a/drivers/snps/snps.h b/drivers/snps/snps.h
+index 2ed1fec..6964c1c 100644
+--- a/drivers/snps/snps.h
++++ b/drivers/snps/snps.h
+@@ -322,7 +322,7 @@ struct snps_global_data {
+ 	int current_run_num;
+ };
+ 
+-struct snps_global_data gd;
++extern struct snps_global_data gd;
+ 
+ 
+ extern int static_section_completed;
+diff --git a/drivers/snps/snps_fw.c b/drivers/snps/snps_fw.c
+index 811d70c..7417e06 100644
+--- a/drivers/snps/snps_fw.c
++++ b/drivers/snps/snps_fw.c
+@@ -101,6 +101,8 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ #include "ddr_topology_def.h"
+ #include "ddr3_training_ip_db.h"
+ 
++struct snps_global_data gd;
++
+ struct mail_box_major_message mb_major_messages[] = {
+ /*	ID,					Message string	*/
+ 	{MB_MAJOR_ID_END_INIT,			"End of initialization"},
+@@ -450,8 +452,13 @@ static void snps_mail_box_print_stream_msg(int msg_id, int msg_log_index)
+ 	debug_enter();
+ 
+ 	/* 1D and 2D have different mail box dictionary database */
+-	mb_stream_database = (snps_get_state() == TRAINING_2D ? two_d_messages : one_d_messages);
+-	stream_msg_count = sizeof(mb_stream_database) / sizeof(struct mail_box_stream_message);
++	if (snps_get_state() == TRAINING_2D) {
++		mb_stream_database = two_d_messages;
++		stream_msg_count = ARRAY_SIZE(two_d_messages);
++	} else {
++		mb_stream_database = one_d_messages;
++		stream_msg_count = ARRAY_SIZE(one_d_messages);
++	}
+ 
+ 	/* Most of the dictionary msg_id's are continuous, so first check database if
+ 	 * msg_id cell holds this msg_id */