Merge pull request #54 from chetan-rathore/LatestRel2

Updates for SystemReady v23.01_SR_REL2.0.0_BETA-0_ES_REL_1.2.0 release

Author: chetan-rathore

ES/README.md

@@ -6,14 +6,14 @@ SystemReady Embedded Server (ES) is a band of system certification in the Arm Sy
 
 SystemReady ES-certified platforms implement a minimum set of hardware and firmware features that an operating system can depend on to deploy the operating system image. Compliant systems must conform to the:
 * [Base System Architecture (BSA) specification](https://developer.arm.com/documentation/den0094/latest)
-* SBBR recipe of the [Base Boot Requirements (BBR) specification](https://developer.arm.com/documentation/den0044/latest)
+* SBBR recipe of the [Base Boot Requirements (BBR) specification](https://developer.arm.com/documentation/den0044/f/?lang=en)
 * The SystemReady ES certification and testing requirements are specified in the [Arm SystemReady Requirements Specification (SRS)](https://developer.arm.com/documentation/den0109/latest)
 
 This section contains the build scripts and the live-images for the SystemReady ES Band.
 
 ## Release details
- - Code Quality: v1.1.0
- - **The latest pre-built release of ACS is available for download here: [v22.10_1.1.0](prebuilt_images/v22.10_1.1.0)**
+ - Code Quality: v1.2.0
+ - **The latest pre-built release of ACS is available for download here: [v23.01_1.2.0](prebuilt_images/v23.01_1.2.0)**
  - The BSA tests are written for version 1.0 of the BSA specification.
  - The BBR tests are written for version 1.0 of the BBR specification.
  - The compliance suite is not a substitute for design verification.
@@ -34,7 +34,7 @@ This section contains the build scripts and the live-images for the SystemReady
 - The prebuilt images are archived after compression to the .xz format. On Linux, use the xz utility to uncompress the image `xz -d es_acs_live_image.img.xz`. On Windows, use the 7zip or a similar utility.
 - If you choose to use the prebuilt image, skip the build steps, and navigate to the "Verification" section below.
 
-Note: The latest pre-built image contains Linux kernel version 5.13. To build a image with a different Linux kernel version, update the `LINUX_KERNEL_VERSION` in the configuration file `<path to arm-systemready>/common/config/common_config.cfg` before the build (after step 3 below). To see the list of kernel versions for which Linux BSA patches are available, see the [folder](https://gitlab.arm.com/linux-arm/linux-acs/-/tree/master/kernel/src)
+Note: The latest pre-built image contains Linux kernel version 6.0. To build a image with a different Linux kernel version, update the `LINUX_KERNEL_VERSION` in the configuration file `<path to arm-systemready>/common/config/common_config.cfg` before the build (after step 3 below). To see the list of kernel versions for which Linux BSA patches are available, see the [folder](https://gitlab.arm.com/linux-arm/linux-acs/-/tree/master/kernel/src)
 
 ### Prerequisites
 Before starting the ACS build, ensure that the following requirements are met:
@@ -60,7 +60,7 @@ Before starting the ACS build, ensure that the following requirements are met:
 5. If all the above steps are successful, then the  bootable image will be available at **/path-to-arm-systemready/ES/scripts/output/es_acs_live_image.img.xz**
 
 Note: The image is generated in a compressed (.xz) format. The image must be uncompressed before it is used.<br />
-Note: For the build instructions of the Security Interface Extension ACS, refer to the [SIE README](./../SIE//README.md) for further details.<br />
+
 
 ## Build output
 This image comprises of two FAT file system partitions recognized by UEFI: <br />
@@ -127,19 +127,24 @@ The live image boots to UEFI Shell. The different test applications can be run i
 1. [SCT tests](https://github.com/ARM-software/bbr-acs/blob/main/README.md) for BBR compliance.
 2. [UEFI Shell application](https://github.com/ARM-software/bsa-acs/blob/main/README.md) for BSA compliance.
 3. [FWTS tests](https://github.com/ARM-software/bbr-acs/blob/main/README.md) for BBR compliance.
-4. [OS tests](https://github.com/ARM-software/bsa-acs/blob/main/README.md) for Linux BSA compliance. <br />
-Note: To skip FWTS and OS tests for debugging, append "noacs" to the Linux command by editing the "Linux Boot" option in the grub menu during image boot.<br />
-To start an extended run of UEFI-SCT append "-nostartup startup.nsh sct_extd" to the shell.efi command by editing the "bbr/bsa" option in the grub menu during image boot.<br />
+4. [OS tests](https://github.com/ARM-software/bsa-acs/blob/main/README.md) for Linux BSA compliance.
+Note: To skip FWTS and OS tests for debugging, append "noacs" to the Linux command by editing the "Linux Boot" option in the grub menu during image boot.
+To start an extended run of UEFI-SCT append "-nostartup startup.nsh sct_extd" to the shell.efi command by editing the "bbr/bsa" option in the grub menu during image boot.
+
+### Running Security interface extension (SIE) ACS components.
+Now SIE ACS is integrated with ES ACS image, which can be accessed through GRUB options.
+
+For the verification steps of SIE ACS on QEMU with TPM support, refer to the [SIE ACS Verification](../common/docs/SIE_ACS_Verification.md).
 
 ## Baselines for Open Source Software in this release:
 
-- [Firmware Test Suite (FWTS)](http://kernel.ubuntu.com/git/hwe/fwts.git) TAG: v22.09.00
+- [Firmware Test Suite (FWTS)](http://kernel.ubuntu.com/git/hwe/fwts.git) TAG: v22.11.00
 
-- [Base System Architecture (BSA)](https://github.com/ARM-software/bsa-acs) TAG: v22.10_REL1.0.2
+- [Base System Architecture (BSA)](https://github.com/ARM-software/bsa-acs) TAG: v23.01_REL1.0.3
 
-- [Base Boot Requirements (BBR)](https://github.com/ARM-software/bbr-acs) TAG: : v22.10_REL1.1.0
+- [Base Boot Requirements (BBR)](https://github.com/ARM-software/bbr-acs) TAG: : v23.01_SR_REL2.0.0_BETA-0_ES_REL_1.2.0
 
-- [UEFI Self Certification Tests (UEFI-SCT)](https://github.com/tianocore/edk2-test) TAG: f628bec2193da1f9402ef749fbca50f61c812d6f
+- [UEFI Self Certification Tests (UEFI-SCT)](https://github.com/tianocore/edk2-test) TAG: 06f84debb796b2f6ac893b130e90ab5599195b29
 
 
 
@@ -158,5 +163,5 @@ System Ready ACS is distributed under Apache v2.0 License.
 
 --------------
 
-*Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved.*
+*Copyright (c) 2021-2023, Arm Limited and Contributors. All rights reserved.*
 

ES/scripts/build-scripts/build-es-live-image.sh

@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 
-# Copyright (c) 2021, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2021-2023, ARM Limited and Contributors. All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions are met:
@@ -38,13 +38,15 @@ create_scripts_link()
  ln -s $TOP_DIR/../../common/scripts/build-linux.sh             $TOP_DIR/build-scripts/build-linux.sh
  ln -s $TOP_DIR/../../common/scripts/build-linux-bsa.sh         $TOP_DIR/build-scripts/build-linux-bsa.sh
  ln -s $TOP_DIR/../../common/scripts/build-grub.sh              $TOP_DIR/build-scripts/build-grub.sh
- ln -s $TOP_DIR/../../common/scripts/build-busybox.sh           $TOP_DIR/build-scripts/build-busybox.sh
+ ln -s $TOP_DIR/../../common/scripts/build-buildroot.sh         $TOP_DIR/build-scripts/build-buildroot.sh
  ln -s $TOP_DIR/../../common/scripts/framework.sh               $TOP_DIR/build-scripts/framework.sh
  ln -s $TOP_DIR/../../common/scripts/parse_params.sh            $TOP_DIR/build-scripts/parse_params.sh
  ln -s $TOP_DIR/../../common/scripts/make_image.sh              $TOP_DIR/build-scripts/make_image.sh
  ln -s $TOP_DIR/bbr-acs/common/scripts/build-sct.sh             $TOP_DIR/build-scripts/build-sct.sh
- ln -s $TOP_DIR/bbr-acs/common/scripts/build-fwts.sh            $TOP_DIR/build-scripts/build-fwts.sh
+
  ln -s $TOP_DIR/bbr-acs/common/scripts/build-uefi-apps.sh       $TOP_DIR/build-scripts/build-uefi-apps.sh
+ ln -s $TOP_DIR/../../common/scripts/build-efitools.sh          $TOP_DIR/build-scripts/build-efitools.sh
+ ln -s $TOP_DIR/../../common/scripts/build-sie-keys.sh          $TOP_DIR/build-scripts/build-sie-keys.sh
 }
 
 init_dir()
@@ -53,6 +55,7 @@ init_dir()
  rm -rf $TOP_DIR/build-scripts/config
  cp -r $TOP_DIR/../../common/ramdisk                      $TOP_DIR 
  cp -r $TOP_DIR/../../common/config                       $TOP_DIR/build-scripts 
+ mkdir -p $TOP_DIR/output
 }
 
 create_scripts_link

IR/README.md

@@ -142,5 +142,5 @@ System Ready ACS is distributed under Apache v2.0 License.
 
 --------------
 
-*Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved.*
+*Copyright (c) 2021-2023, Arm Limited and Contributors. All rights reserved.*
 

IR/Yocto/README.md

@@ -116,7 +116,9 @@ The live image boots to UEFI Shell. The different test applications can be run i
 2. [UEFI Shell application](https://github.com/ARM-software/bsa-acs/blob/main/README.md) for BSA compliance.
 3. [FWTS tests](https://github.com/ARM-software/bbr-acs/blob/main/README.md) for BBR compliance.
 
-For the verification steps of SIE ACS on QEMU with TPM support, refer to the [SIE ACS Verification](SIE_ACS_Verification.md).
+### Running Security interface extension (SIE) ACS.
+
+For the verification steps of SIE ACS on QEMU with TPM support, refer to the [SIE ACS Verification](../../common/docs/SIE_ACS_Verification.md).
 
 ## Baselines for Open Source Software in this release:
 
@@ -145,5 +147,5 @@ System Ready ACS is distributed under Apache v2.0 License.
 
 --------------
 
-*Copyright (c) 2022, Arm Limited and Contributors. All rights reserved.*
+*Copyright (c) 2022-2023, Arm Limited and Contributors. All rights reserved.*
 

IR/Yocto/build-scripts/get_source.sh

@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 
-# Copyright (c) 2022, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2022-2023, ARM Limited and Contributors. All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions are met:
@@ -48,7 +48,8 @@ export GIT_SSL_NO_VERIFY=1
 sudo apt install git curl mtools gdisk gcc liblz4-tool zstd \
  openssl automake autotools-dev libtool bison flex \
  bc uuid-dev python3 libglib2.0-dev libssl-dev autopoint \
- make gcc g++ python gnu-efi libfile-slurp-perl help2man 
+ make gcc g++ python gnu-efi libfile-slurp-perl help2man \
+ python3-pip chrpath diffstat -y
 
 sudo pip3 install kas
 

IR/Yocto/meta-woden/recipes-acs/ebbr-sct/ebbr-sct.bb

@@ -40,9 +40,7 @@ do_configure() {
     cp -r ${SBBR_TEST_DIR}/SbbrBootServices uefi-sct/SctPkg/TestCase/UEFI/EFI/BootServices/
     cp -r ${SBBR_TEST_DIR}/SbbrEfiSpecVerLvl ${SBBR_TEST_DIR}/SbbrRequiredUefiProtocols ${SBBR_TEST_DIR}/SbbrSmbios ${SBBR_TEST_DIR}/SbbrSysEnvConfig uefi-sct/SctPkg/TestCase/UEFI/EFI/Generic/
     cp -r ${SBBR_TEST_DIR}/SBBRRuntimeServices uefi-sct/SctPkg/TestCase/UEFI/EFI/RuntimeServices/
-    # This code shall be updated to the commented code when SIE ACS is integrated to SR and ES images
-    #cp ${SBBR_TEST_DIR}/BBR_SCT.dsc uefi-sct/SctPkg/UEFI/
-    cp ${S}/BBR_SCT.dsc uefi-sct/SctPkg/UEFI/
+    cp ${SBBR_TEST_DIR}/BBR_SCT.dsc uefi-sct/SctPkg/UEFI/
     cp ${SBBR_TEST_DIR}/build_bbr.sh uefi-sct/SctPkg/
     cp ${S}/bbr-acs/ebbr/config/EfiCompliant_EBBR.ini uefi-sct/SctPkg/UEFI/
 

IR/Yocto/meta-woden/recipes-acs/install-files/files/init.sh

@@ -1,6 +1,6 @@
 #!/bin/sh
 
-# Copyright (c) 2022, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2022-2023, ARM Limited and Contributors. All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions are met:
@@ -135,7 +135,7 @@ if [ -f /sys/firmware/fdt ]; then
 
  sed -i '1s/^/DeviceTree bindings of Linux kernel version: 5.19.10 \ndtschema version: 2022.9 \n\n/' /mnt/acs_results/linux_tools/dt-validate.log
  if [ ! -s /mnt/acs_results/linux_tools/dt-validate.log ]; then
-    echo $'The FDT is compliant according to schema ' >> /mnt/acs_results/linux_tools/dt-validate.log
+  echo $'The FDT is compliant according to schema ' >> /mnt/acs_results/linux_tools/dt-validate.log
  fi
 else
  echo  $'Error: The FDT devicetree file ,fdt , does not exist at /sys/firmware/fdt. Cannot run dt-schema tool ' | tee /mnt/acs_results/linux_tools/dt-validate.log

IR/scripts/build-scripts/build-ir-live-image.sh

@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 
-# Copyright (c) 2021, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2021-2023, ARM Limited and Contributors. All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions are met:
@@ -45,14 +45,17 @@ create_scripts_link()
  ln -s $TOP_DIR/bbr-acs/common/scripts/build-sct.sh             $TOP_DIR/build-scripts/build-sct.sh
  ln -s $TOP_DIR/bbr-acs/common/scripts/build-fwts.sh            $TOP_DIR/build-scripts/build-fwts.sh
  ln -s $TOP_DIR/bbr-acs/common/scripts/build-uefi-apps.sh       $TOP_DIR/build-scripts/build-uefi-apps.sh
+ ln -s $TOP_DIR/../../common/scripts/build-efitools.sh          $TOP_DIR/build-scripts/build-efitools.sh
+ ln -s $TOP_DIR/../../common/scripts/build-sie-keys.sh          $TOP_DIR/build-scripts/build-sie-keys.sh
 }
 
 init_dir()
 {
  rm -rf $TOP_DIR/ramdisk
  rm -rf $TOP_DIR/build-scripts/config
  cp -r $TOP_DIR/../../common/ramdisk                      $TOP_DIR 
- cp -r $TOP_DIR/../../common/config                       $TOP_DIR/build-scripts 
+ cp -r $TOP_DIR/../../common/config                       $TOP_DIR/build-scripts
+ mkdir -p $TOP_DIR/output
 }
 
 create_scripts_link

SIE/scripts/build-scripts/build-security-extension-live-image.sh

@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 
-# Copyright (c) 2021, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2021-2023, ARM Limited and Contributors. All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions are met:
@@ -39,7 +39,7 @@ create_scripts_link()
  ln -s $TOP_DIR/../../common/scripts/framework.sh               $TOP_DIR/build-scripts/framework.sh
  ln -s $TOP_DIR/../../common/scripts/parse_params.sh            $TOP_DIR/build-scripts/parse_params.sh
  ln -s $TOP_DIR/../../common/scripts/make_image_sie.sh          $TOP_DIR/build-scripts/make_image_sie.sh
- ln -s $TOP_DIR/../../common/scripts/build-buildroot.sh         $TOP_DIR/build-scripts/build-buildroot.sh
+ ln -s $TOP_DIR/../../common/scripts/build-buildroot-sie.sh     $TOP_DIR/build-scripts/build-buildroot-sie.sh
  ln -s $TOP_DIR/../../common/scripts/build-sie-keys.sh          $TOP_DIR/build-scripts/build-sie-keys.sh
  ln -s $TOP_DIR/bbr-acs/common/scripts/build-sct.sh             $TOP_DIR/build-scripts/build-sct.sh
  ln -s $TOP_DIR/bbr-acs/common/scripts/build-uefi-apps.sh       $TOP_DIR/build-scripts/build-uefi-apps.sh

SIE/scripts/build-scripts/config/grub-initial.cfg

@@ -1,6 +1,3 @@
-# Enforce that all loaded files must have a valid signature.
-set check_signatures=enforce
-export check_signatures
 
 # set $root to the filesystem labeled "BOOT"
 search --label --set=root BOOT