From 67ca3fcdbff916e57cef93c9f235b57c0e5649c4 Mon Sep 17 00:00:00 2001 From: Janis Danisevskis Date: Wed, 11 Feb 2026 14:07:41 -0800 Subject: [PATCH 01/49] Add nat20lib kernel module example and br environment. Add a kernel module that provides libnat20 functionality to linux kernel modules. Also add a configuration to build a minimal linux image with buildroot and run in on qemu and a workflow to test build nat20lib.ko --- .github/license-check/license-config.json | 8 +- .github/workflows/linux-kmod-build.yml | 94 + examples/linux/br_external/Config.in | 36 + examples/linux/br_external/bootstrap.sh | 108 + .../br_external/configs/qemu_br_defconfig | 5221 +++++++++++++++++ .../br_external/configs/qemu_linux_defconfig | 3888 ++++++++++++ examples/linux/br_external/external.desc | 37 + examples/linux/br_external/external.mk | 36 + .../br_external/package/nat20lib/Config.in | 39 + .../br_external/package/nat20lib/nat20lib.mk | 44 + examples/linux/br_external/run-qemu.sh | 52 + examples/linux/br_external/utils/envsetup.sh | 81 + examples/linux/nat20lib/Kbuild | 61 + examples/linux/nat20lib/Makefile | 51 + examples/linux/nat20lib/include | 1 + examples/linux/nat20lib/mod.c | 96 + 16 files changed, 9852 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/linux-kmod-build.yml create mode 100644 examples/linux/br_external/Config.in create mode 100644 examples/linux/br_external/bootstrap.sh create mode 100644 examples/linux/br_external/configs/qemu_br_defconfig create mode 100644 examples/linux/br_external/configs/qemu_linux_defconfig create mode 100644 examples/linux/br_external/external.desc create mode 100644 examples/linux/br_external/external.mk create mode 100644 examples/linux/br_external/package/nat20lib/Config.in create mode 100644 examples/linux/br_external/package/nat20lib/nat20lib.mk create mode 100755 examples/linux/br_external/run-qemu.sh create mode 100644 examples/linux/br_external/utils/envsetup.sh create mode 100644 examples/linux/nat20lib/Kbuild create mode 100644 examples/linux/nat20lib/Makefile create mode 120000 examples/linux/nat20lib/include create mode 100644 examples/linux/nat20lib/mod.c diff --git a/.github/license-check/license-config.json b/.github/license-check/license-config.json index 1953e283..48d3de5f 100644 --- a/.github/license-check/license-config.json +++ b/.github/license-check/license-config.json @@ -4,6 +4,11 @@ "**/*.yml", "**/CMakeLists.txt", "**/*.cmake.in", + "**/*.mk", + "**/*.sh", + "**/Config.in", + "**/Kbuild", + "examples/linux/br_external/external.desc", ".clang-format", ".gitignore" ], @@ -26,7 +31,8 @@ { "include": [ "**/*.md", - "**/*.txt" + "**/*.txt", + "examples/linux/br_external/configs/*" ], "exclude": [ "**/CMakeLists.txt" diff --git a/.github/workflows/linux-kmod-build.yml b/.github/workflows/linux-kmod-build.yml new file mode 100644 index 00000000..2e06a43b --- /dev/null +++ b/.github/workflows/linux-kmod-build.yml @@ -0,0 +1,94 @@ +# Copyright 2026 Aurora Operations, Inc. +# +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0 +# +# This work is dual licensed. +# You may use it under Apache-2.0 or GPL-2.0 at your option. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# OR +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see +# . + + +name: linux-kmod-build + +on: + push: + branches: + - main + pull_request: + +jobs: + build-nat20lib-kmod: + name: Build nat20lib kernel module (Buildroot) + runs-on: ubuntu-22.04 + steps: + - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b #v4.1.5 + + - name: Install Buildroot dependencies + run: | + sudo apt-get update + sudo apt-get install -y \ + build-essential \ + bc \ + cpio \ + file \ + git \ + libncurses-dev \ + python3 \ + rsync \ + unzip \ + wget + + - name: Cache Buildroot toolchain and kernel + id: cache-buildroot + uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 #v4.3.0 + with: + path: buildroot.build + key: buildroot-${{ hashFiles('examples/linux/br_external/configs/qemu_br_defconfig', 'examples/linux/br_external/configs/qemu_linux_defconfig') }} + + - name: Bootstrap Buildroot + if: steps.cache-buildroot.outputs.cache-hit != 'true' + run: examples/linux/br_external/bootstrap.sh qemu buildroot.build "${{ github.workspace }}" + + - name: Build toolchain and kernel + if: steps.cache-buildroot.outputs.cache-hit != 'true' + run: make -C buildroot.build/buildroot linux -j $(( $(nproc) + 1 )) + + - name: Build nat20lib kernel module + env: + NAT20LIB_OVERRIDE_SRCDIR: ${{ github.workspace }} + run: | + cd buildroot.build/buildroot + make nat20lib-dirclean + make nat20lib -j $(( $(nproc) + 1 )) + + - name: Verify nat20lib.ko was produced + run: | + find buildroot.build -name 'nat20lib.ko' | grep -q nat20lib.ko + echo "nat20lib.ko built successfully:" + find buildroot.build -name 'nat20lib.ko' -exec ls -la {} \; diff --git a/examples/linux/br_external/Config.in b/examples/linux/br_external/Config.in new file mode 100644 index 00000000..75cfa0f9 --- /dev/null +++ b/examples/linux/br_external/Config.in @@ -0,0 +1,36 @@ +# Copyright 2026 Aurora Operations, Inc. +# +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0 +# +# This work is dual licensed. +# You may use it under Apache-2.0 or GPL-2.0 at your option. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# OR +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see +# . + +source "$BR2_EXTERNAL_NAT20_PATH/package/nat20lib/Config.in" diff --git a/examples/linux/br_external/bootstrap.sh b/examples/linux/br_external/bootstrap.sh new file mode 100644 index 00000000..e3278c0d --- /dev/null +++ b/examples/linux/br_external/bootstrap.sh @@ -0,0 +1,108 @@ +#!/bin/bash + +# Copyright 2026 Aurora Operations, Inc. +# +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0 +# +# This work is dual licensed. +# You may use it under Apache-2.0 or GPL-2.0 at your option. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# OR +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see +# . + +PROJECT="$1" +LIBNAT20_BR_BUILD_DIR="${2:-${LIBNAT20_ROOT}/buildroot.build}" +LIBNAT20_ROOT="${3:-$(pwd)}" + +LIBNAT20_BR_BUILD_DIR="$(readlink -f "${LIBNAT20_BR_BUILD_DIR}")" +LIBNAT20_ROOT="$(readlink -f "${LIBNAT20_ROOT}")" + + +case "$PROJECT" in + qemu) + ;; + *) + echo "Usage: bootstrap.sh " + echo + echo "This script bootstraps the Buildroot environment for the Dice project." + echo + echo "This script may be run from any directory, as long as the libnat20 root" + echo "directory is specified correctly. The first parameter specifies the project." + echo "See valid options below." + echo "The second parameter specifies the out of tree Buildroot build directory." + echo "It uses \"buildroot.build\" inside of the libnat20 root directory by default." + echo "The third parameter specifies the libnat20 root directory." + echo "It uses the current working directory by default." + echo + echo "Available projects:" + echo " qemu - Setup Buildroot for the QEMU-based Dice emulator" + exit 0 + ;; +esac + +if [ -e "${LIBNAT20_BR_BUILD_DIR}" ]; then + echo "Buildroot build directory ${LIBNAT20_BR_BUILD_DIR} already exists." + exit 1 +fi + +if [ ! -d "${LIBNAT20_ROOT}/examples/linux/br_external" ]; then + echo "Directory ${LIBNAT20_ROOT}/examples/linux/br_external does not exist." + echo "Please make sure \"${LIBNAT20_ROOT}\" points to the libnat20 root directory." + exit 1 +fi + +mkdir -p "${LIBNAT20_BR_BUILD_DIR}" +pushd ${LIBNAT20_BR_BUILD_DIR} + +echo "LIBNAT20_BR_BUILD_DIR=${LIBNAT20_BR_BUILD_DIR}" | tee .env +echo "LIBNAT20_ROOT=${LIBNAT20_ROOT}" | tee -a .env + +cp ${LIBNAT20_ROOT}/examples/linux/br_external/utils/envsetup.sh ./ + +# Checkout buildroot +git clone --depth 1 --branch "2025.08.1" https://gitlab.com/buildroot.org/buildroot.git + +# Install the buildroot config +case "$PROJECT" in + qemu) + cp ${LIBNAT20_ROOT}/examples/linux/br_external/configs/qemu_br_defconfig buildroot/.config + cp ${LIBNAT20_ROOT}/examples/linux/br_external/run-qemu.sh ./ + ;; + esac + +pushd buildroot + +make BR2_EXTERNAL=${LIBNAT20_ROOT}/examples/linux/br_external oldconfig + +popd +popd + +echo +echo "Now enter buildroot and run make:" +echo " $ cd ${LIBNAT20_BR_BUILD_DIR}/buildroot" +echo ' $ make' diff --git a/examples/linux/br_external/configs/qemu_br_defconfig b/examples/linux/br_external/configs/qemu_br_defconfig new file mode 100644 index 00000000..645f6610 --- /dev/null +++ b/examples/linux/br_external/configs/qemu_br_defconfig @@ -0,0 +1,5221 @@ +# +# Automatically generated file; DO NOT EDIT. +# Buildroot 2025.08.1 Configuration +# +BR2_HAVE_DOT_CONFIG=y +BR2_HOST_GCC_AT_LEAST_4_9=y +BR2_HOST_GCC_AT_LEAST_5=y +BR2_HOST_GCC_AT_LEAST_6=y +BR2_HOST_GCC_AT_LEAST_7=y +BR2_HOST_GCC_AT_LEAST_8=y +BR2_HOST_GCC_AT_LEAST_9=y +BR2_HOST_GCC_AT_LEAST_10=y +BR2_HOST_GCC_AT_LEAST_11=y + +# +# Target options +# +BR2_ARCH_IS_64=y +BR2_USE_MMU=y +# BR2_arcle is not set +# BR2_arceb is not set +# BR2_arm is not set +# BR2_armeb is not set +# BR2_aarch64 is not set +# BR2_aarch64_be is not set +# BR2_i386 is not set +# BR2_loongarch64 is not set +# BR2_m68k is not set +# BR2_microblazeel is not set +# BR2_microblazebe is not set +# BR2_mips is not set +# BR2_mipsel is not set +# BR2_mips64 is not set +# BR2_mips64el is not set +# BR2_or1k is not set +# BR2_powerpc is not set +# BR2_powerpc64 is not set +# BR2_powerpc64le is not set +# BR2_riscv is not set +# BR2_s390x is not set +# BR2_sh is not set +# BR2_sparc is not set +# BR2_sparc64 is not set +BR2_x86_64=y +# BR2_xtensa is not set +BR2_ARCH_HAS_TOOLCHAIN_BUILDROOT=y +BR2_ARCH="x86_64" +BR2_NORMALIZED_ARCH="x86_64" +BR2_ENDIAN="LITTLE" +BR2_GCC_TARGET_ARCH="x86-64" +BR2_BINFMT_SUPPORTS_SHARED=y +BR2_READELF_ARCH_NAME="Advanced Micro Devices X86-64" +BR2_X86_CPU_HAS_MMX=y +BR2_X86_CPU_HAS_SSE=y +BR2_X86_CPU_HAS_SSE2=y +BR2_x86_x86_64=y +# BR2_x86_x86_64_v2 is not set +# BR2_x86_x86_64_v3 is not set +# BR2_x86_x86_64_v4 is not set +# BR2_x86_nocona is not set +# BR2_x86_core2 is not set +# BR2_x86_corei7 is not set +# BR2_x86_nehalem is not set +# BR2_x86_westmere is not set +# BR2_x86_corei7_avx is not set +# BR2_x86_sandybridge is not set +# BR2_x86_ivybridge is not set +# BR2_x86_core_avx2 is not set +# BR2_x86_haswell is not set +# BR2_x86_broadwell is not set +# BR2_x86_skylake is not set +# BR2_x86_atom is not set +# BR2_x86_bonnell is not set +# BR2_x86_silvermont is not set +# BR2_x86_goldmont is not set +# BR2_x86_goldmont_plus is not set +# BR2_x86_tremont is not set +# BR2_x86_sierraforest is not set +# BR2_x86_grandridge is not set +# BR2_x86_skylake_avx512 is not set +# BR2_x86_cannonlake is not set +# BR2_x86_icelake_client is not set +# BR2_x86_icelake_server is not set +# BR2_x86_cascadelake is not set +# BR2_x86_cooperlake is not set +# BR2_x86_tigerlake is not set +# BR2_x86_sapphirerapids is not set +# BR2_x86_alderlake is not set +# BR2_x86_rocketlake is not set +# BR2_x86_graniterapids is not set +# BR2_x86_graniterapids_d is not set +# BR2_x86_opteron is not set +# BR2_x86_opteron_sse3 is not set +# BR2_x86_barcelona is not set +# BR2_x86_bobcat is not set +# BR2_x86_jaguar is not set +# BR2_x86_bulldozer is not set +# BR2_x86_piledriver is not set +# BR2_x86_steamroller is not set +# BR2_x86_excavator is not set +# BR2_x86_zen is not set +# BR2_x86_zen2 is not set +# BR2_x86_zen3 is not set +# BR2_x86_zen4 is not set +BR2_BINFMT_ELF=y + +# +# Toolchain +# +BR2_TOOLCHAIN=y +BR2_TOOLCHAIN_USES_GLIBC=y +BR2_TOOLCHAIN_BUILDROOT=y +# BR2_TOOLCHAIN_EXTERNAL is not set + +# +# Toolchain Buildroot Options +# +BR2_TOOLCHAIN_BUILDROOT_VENDOR="buildroot" +# BR2_TOOLCHAIN_BUILDROOT_UCLIBC is not set +BR2_TOOLCHAIN_BUILDROOT_GLIBC=y +# BR2_TOOLCHAIN_BUILDROOT_MUSL is not set +BR2_TOOLCHAIN_BUILDROOT_LIBC="glibc" + +# +# Kernel Header Options +# +BR2_KERNEL_HEADERS_AS_KERNEL=y +# BR2_KERNEL_HEADERS_5_4 is not set +# BR2_KERNEL_HEADERS_5_10 is not set +# BR2_KERNEL_HEADERS_5_15 is not set +# BR2_KERNEL_HEADERS_6_1 is not set +# BR2_KERNEL_HEADERS_6_6 is not set +# BR2_KERNEL_HEADERS_6_12 is not set +# BR2_KERNEL_HEADERS_6_16 is not set +# BR2_KERNEL_HEADERS_VERSION is not set +# BR2_KERNEL_HEADERS_CUSTOM_TARBALL is not set +# BR2_KERNEL_HEADERS_CUSTOM_GIT is not set +# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_6_16 is not set +# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_6_15 is not set +# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_6_14 is not set +# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_6_13 is not set +BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_6_12=y +# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_6_11 is not set +# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_6_10 is not set +# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_6_9 is not set +# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_6_8 is not set +# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_6_7 is not set +# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_6_6 is not set +# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_6_5 is not set +# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_6_4 is not set +# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_6_3 is not set +# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_6_2 is not set +# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_6_1 is not set +# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_6_0 is not set +# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_5_19 is not set +# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_5_18 is not set +# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_5_17 is not set +# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_5_16 is not set +# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_5_15 is not set +# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_5_14 is not set +# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_5_13 is not set +# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_5_12 is not set +# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_5_11 is not set +# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_5_10 is not set +# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_5_9 is not set +# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_5_8 is not set +# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_5_7 is not set +# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_5_6 is not set +# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_5_5 is not set +# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_5_4 is not set +# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_5_3 is not set +# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_5_2 is not set +# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_5_1 is not set +# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_5_0 is not set +# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_20 is not set +# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19 is not set +# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_18 is not set +# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_17 is not set +# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16 is not set +# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_15 is not set +# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_14 is not set +# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_13 is not set +# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_12 is not set +# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_11 is not set +# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_10 is not set +# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_9 is not set +# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_8 is not set +# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_7 is not set +# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_6 is not set +# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_5 is not set +# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_4 is not set +# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_3 is not set +# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_2 is not set +# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_1 is not set +# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_0 is not set +# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_3_19 is not set +# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_3_18 is not set +# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_3_17 is not set +# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_3_16 is not set +# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_3_15 is not set +# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_3_14 is not set +# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_3_13 is not set +# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_3_12 is not set +# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_3_11 is not set +# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_3_10 is not set +# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_3_9 is not set +# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_3_8 is not set +# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_3_7 is not set +# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_3_6 is not set +# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_3_5 is not set +# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_3_4 is not set +# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_3_3 is not set +# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_3_2 is not set +# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_3_1 is not set +# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_3_0 is not set +# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_REALLY_OLD is not set +BR2_PACKAGE_LINUX_HEADERS=y +BR2_PACKAGE_MUSL_ARCH_SUPPORTS=y +BR2_PACKAGE_MUSL_SUPPORTS=y +BR2_PACKAGE_UCLIBC_ARCH_SUPPORTS=y +BR2_PACKAGE_UCLIBC_SUPPORTS=y +BR2_PACKAGE_GLIBC_ARCH_SUPPORTS=y +BR2_PACKAGE_GLIBC_SUPPORTS=y + +# +# Glibc Options +# +BR2_PACKAGE_GLIBC=y +# BR2_PACKAGE_GLIBC_KERNEL_COMPAT is not set +# BR2_PACKAGE_GLIBC_UTILS is not set + +# +# Binutils Options +# +BR2_PACKAGE_HOST_BINUTILS_SUPPORTS_CFI=y +# BR2_BINUTILS_VERSION_2_42_X is not set +BR2_BINUTILS_VERSION_2_43_X=y +# BR2_BINUTILS_VERSION_2_44_X is not set +BR2_BINUTILS_VERSION="2.43.1" +# BR2_BINUTILS_GPROFNG is not set +BR2_BINUTILS_EXTRA_CONFIG_OPTIONS="" + +# +# GCC Options +# +# BR2_GCC_VERSION_13_X is not set +BR2_GCC_VERSION_14_X=y +# BR2_GCC_VERSION_15_X is not set +BR2_GCC_VERSION="14.3.0" +BR2_EXTRA_GCC_CONFIG_OPTIONS="" +# BR2_TOOLCHAIN_BUILDROOT_CXX is not set +# BR2_TOOLCHAIN_BUILDROOT_FORTRAN is not set +# BR2_GCC_ENABLE_OPENMP is not set +# BR2_GCC_ENABLE_GRAPHITE is not set +BR2_PACKAGE_GCC_FINAL=y +BR2_PACKAGE_HOST_GDB_ARCH_SUPPORTS=y + +# +# Host GDB Options +# +# BR2_PACKAGE_HOST_GDB is not set + +# +# Toolchain Generic Options +# +BR2_TOOLCHAIN_SUPPORTS_ALWAYS_LOCKFREE_ATOMIC_INTS=y +BR2_TOOLCHAIN_SUPPORTS_VARIADIC_MI_THUNK=y +BR2_USE_WCHAR=y +BR2_ENABLE_LOCALE=y +BR2_TOOLCHAIN_HAS_THREADS=y +BR2_TOOLCHAIN_HAS_THREADS_DEBUG=y +BR2_TOOLCHAIN_HAS_THREADS_NPTL=y +BR2_TOOLCHAIN_HAS_SSP=y +BR2_TOOLCHAIN_HAS_SSP_STRONG=y +BR2_TOOLCHAIN_HAS_UCONTEXT=y +BR2_TOOLCHAIN_SUPPORTS_PIE=y +# BR2_TOOLCHAIN_GLIBC_GCONV_LIBS_COPY is not set +BR2_TOOLCHAIN_EXTRA_LIBS="" +BR2_TOOLCHAIN_HAS_FULL_GETTEXT=y +BR2_TARGET_OPTIMIZATION="" +BR2_TARGET_LDFLAGS="" +BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_0=y +BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_1=y +BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_2=y +BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_3=y +BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_4=y +BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_5=y +BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_6=y +BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_7=y +BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_8=y +BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_9=y +BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_10=y +BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_11=y +BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_12=y +BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_13=y +BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_14=y +BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_15=y +BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_16=y +BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_17=y +BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_18=y +BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_19=y +BR2_TOOLCHAIN_HEADERS_AT_LEAST_4_0=y +BR2_TOOLCHAIN_HEADERS_AT_LEAST_4_1=y +BR2_TOOLCHAIN_HEADERS_AT_LEAST_4_2=y +BR2_TOOLCHAIN_HEADERS_AT_LEAST_4_3=y +BR2_TOOLCHAIN_HEADERS_AT_LEAST_4_4=y +BR2_TOOLCHAIN_HEADERS_AT_LEAST_4_5=y +BR2_TOOLCHAIN_HEADERS_AT_LEAST_4_6=y +BR2_TOOLCHAIN_HEADERS_AT_LEAST_4_7=y +BR2_TOOLCHAIN_HEADERS_AT_LEAST_4_8=y +BR2_TOOLCHAIN_HEADERS_AT_LEAST_4_9=y +BR2_TOOLCHAIN_HEADERS_AT_LEAST_4_10=y +BR2_TOOLCHAIN_HEADERS_AT_LEAST_4_11=y +BR2_TOOLCHAIN_HEADERS_AT_LEAST_4_12=y +BR2_TOOLCHAIN_HEADERS_AT_LEAST_4_13=y +BR2_TOOLCHAIN_HEADERS_AT_LEAST_4_14=y +BR2_TOOLCHAIN_HEADERS_AT_LEAST_4_15=y +BR2_TOOLCHAIN_HEADERS_AT_LEAST_4_16=y +BR2_TOOLCHAIN_HEADERS_AT_LEAST_4_17=y +BR2_TOOLCHAIN_HEADERS_AT_LEAST_4_18=y +BR2_TOOLCHAIN_HEADERS_AT_LEAST_4_19=y +BR2_TOOLCHAIN_HEADERS_AT_LEAST_4_20=y +BR2_TOOLCHAIN_HEADERS_AT_LEAST_5_0=y +BR2_TOOLCHAIN_HEADERS_AT_LEAST_5_1=y +BR2_TOOLCHAIN_HEADERS_AT_LEAST_5_2=y +BR2_TOOLCHAIN_HEADERS_AT_LEAST_5_3=y +BR2_TOOLCHAIN_HEADERS_AT_LEAST_5_4=y +BR2_TOOLCHAIN_HEADERS_AT_LEAST_5_5=y +BR2_TOOLCHAIN_HEADERS_AT_LEAST_5_6=y +BR2_TOOLCHAIN_HEADERS_AT_LEAST_5_7=y +BR2_TOOLCHAIN_HEADERS_AT_LEAST_5_8=y +BR2_TOOLCHAIN_HEADERS_AT_LEAST_5_9=y +BR2_TOOLCHAIN_HEADERS_AT_LEAST_5_10=y +BR2_TOOLCHAIN_HEADERS_AT_LEAST_5_11=y +BR2_TOOLCHAIN_HEADERS_AT_LEAST_5_12=y +BR2_TOOLCHAIN_HEADERS_AT_LEAST_5_13=y +BR2_TOOLCHAIN_HEADERS_AT_LEAST_5_14=y +BR2_TOOLCHAIN_HEADERS_AT_LEAST_5_15=y +BR2_TOOLCHAIN_HEADERS_AT_LEAST_5_16=y +BR2_TOOLCHAIN_HEADERS_AT_LEAST_5_17=y +BR2_TOOLCHAIN_HEADERS_AT_LEAST_5_18=y +BR2_TOOLCHAIN_HEADERS_AT_LEAST_5_19=y +BR2_TOOLCHAIN_HEADERS_AT_LEAST_6_0=y +BR2_TOOLCHAIN_HEADERS_AT_LEAST_6_1=y +BR2_TOOLCHAIN_HEADERS_AT_LEAST_6_2=y +BR2_TOOLCHAIN_HEADERS_AT_LEAST_6_3=y +BR2_TOOLCHAIN_HEADERS_AT_LEAST_6_4=y +BR2_TOOLCHAIN_HEADERS_AT_LEAST_6_5=y +BR2_TOOLCHAIN_HEADERS_AT_LEAST_6_6=y +BR2_TOOLCHAIN_HEADERS_AT_LEAST_6_7=y +BR2_TOOLCHAIN_HEADERS_AT_LEAST_6_8=y +BR2_TOOLCHAIN_HEADERS_AT_LEAST_6_9=y +BR2_TOOLCHAIN_HEADERS_AT_LEAST_6_10=y +BR2_TOOLCHAIN_HEADERS_AT_LEAST_6_11=y +BR2_TOOLCHAIN_HEADERS_AT_LEAST_6_12=y +BR2_TOOLCHAIN_HEADERS_AT_LEAST="6.12" +BR2_TOOLCHAIN_GCC_AT_LEAST_4_3=y +BR2_TOOLCHAIN_GCC_AT_LEAST_4_4=y +BR2_TOOLCHAIN_GCC_AT_LEAST_4_5=y +BR2_TOOLCHAIN_GCC_AT_LEAST_4_6=y +BR2_TOOLCHAIN_GCC_AT_LEAST_4_7=y +BR2_TOOLCHAIN_GCC_AT_LEAST_4_8=y +BR2_TOOLCHAIN_GCC_AT_LEAST_4_9=y +BR2_TOOLCHAIN_GCC_AT_LEAST_5=y +BR2_TOOLCHAIN_GCC_AT_LEAST_6=y +BR2_TOOLCHAIN_GCC_AT_LEAST_7=y +BR2_TOOLCHAIN_GCC_AT_LEAST_8=y +BR2_TOOLCHAIN_GCC_AT_LEAST_9=y +BR2_TOOLCHAIN_GCC_AT_LEAST_10=y +BR2_TOOLCHAIN_GCC_AT_LEAST_11=y +BR2_TOOLCHAIN_GCC_AT_LEAST_12=y +BR2_TOOLCHAIN_GCC_AT_LEAST_13=y +BR2_TOOLCHAIN_GCC_AT_LEAST_14=y +BR2_TOOLCHAIN_GCC_AT_LEAST="14" +BR2_TOOLCHAIN_HAS_MNAN_OPTION=y +BR2_TOOLCHAIN_HAS_SYNC_1=y +BR2_TOOLCHAIN_HAS_SYNC_2=y +BR2_TOOLCHAIN_HAS_SYNC_4=y +BR2_TOOLCHAIN_HAS_SYNC_8=y +BR2_TOOLCHAIN_HAS_LIBATOMIC=y +BR2_TOOLCHAIN_HAS_ATOMIC=y +BR2_TOOLCHAIN_HAS_LIBQUADMATH=y + +# +# Bare metal toolchain +# +# BR2_TOOLCHAIN_BARE_METAL_BUILDROOT is not set + +# +# Build options +# + +# +# Commands +# +BR2_CURL="curl -q --ftp-pasv --retry 3 --connect-timeout 10" +BR2_WGET="wget -nd -t 3 --connect-timeout=10" +BR2_SVN="svn --non-interactive --config-option servers:global:http-timeout=10" +BR2_BZR="bzr" +BR2_GIT="git" +BR2_CVS="cvs" +BR2_LOCALFILES="cp" +BR2_SCP="scp -o ConnectTimeout=10" +BR2_SFTP="sftp -o ConnectTimeout=10" +BR2_HG="hg" +BR2_ZCAT="gzip -d -c" +BR2_BZCAT="bzcat" +BR2_XZCAT="xzcat" +BR2_LZCAT="lzip -d -c" +BR2_ZSTDCAT="zstdcat" +BR2_TAR_OPTIONS="" +BR2_DEFCONFIG="$(CONFIG_DIR)/defconfig" +BR2_DL_DIR="$(TOPDIR)/dl" +BR2_HOST_DIR="$(BASE_DIR)/host" + +# +# Mirrors and Download locations +# +BR2_PRIMARY_SITE="" +BR2_BACKUP_SITE="https://sources.buildroot.net" +BR2_KERNEL_MIRROR="https://cdn.kernel.org/pub" +BR2_GNU_MIRROR="https://ftpmirror.gnu.org" +BR2_LUAROCKS_MIRROR="http://rocks.moonscript.org" +BR2_CPAN_MIRROR="https://cpan.metacpan.org" +BR2_JLEVEL=0 +# BR2_CCACHE is not set +# BR2_ENABLE_DEBUG is not set +# BR2_ENABLE_RUNTIME_DEBUG is not set +BR2_STRIP_strip=y +BR2_STRIP_EXCLUDE_FILES="" +BR2_STRIP_EXCLUDE_DIRS="" +# BR2_OPTIMIZE_0 is not set +# BR2_OPTIMIZE_1 is not set +BR2_OPTIMIZE_2=y +# BR2_OPTIMIZE_3 is not set +# BR2_OPTIMIZE_G is not set +# BR2_OPTIMIZE_S is not set +# BR2_OPTIMIZE_FAST is not set +# BR2_ENABLE_LTO is not set + +# +# static only needs a toolchain w/ uclibc or musl +# +BR2_SHARED_LIBS=y +# BR2_SHARED_STATIC_LIBS is not set +BR2_PACKAGE_OVERRIDE_FILE="$(CONFIG_DIR)/local.mk" +BR2_GLOBAL_PATCH_DIR="board/qemu/patches" + +# +# Advanced +# +# BR2_FORCE_HOST_BUILD is not set +BR2_DOWNLOAD_FORCE_CHECK_HASHES=y +# BR2_REPRODUCIBLE is not set +# BR2_PER_PACKAGE_DIRECTORIES is not set + +# +# Security Hardening Options +# +BR2_PIC_PIE_ARCH_SUPPORTS=y +BR2_PIC_PIE=y +# BR2_SSP_NONE is not set +# BR2_SSP_REGULAR is not set +BR2_SSP_STRONG=y +# BR2_SSP_ALL is not set +BR2_SSP_OPTION="-fstack-protector-strong" +# BR2_RELRO_NONE is not set +# BR2_RELRO_PARTIAL is not set +BR2_RELRO_FULL=y +BR2_FORTIFY_SOURCE_ARCH_SUPPORTS=y +# BR2_FORTIFY_SOURCE_NONE is not set +BR2_FORTIFY_SOURCE_1=y +# BR2_FORTIFY_SOURCE_2 is not set +# BR2_FORTIFY_SOURCE_3 is not set + +# +# System configuration +# +BR2_ROOTFS_SKELETON_DEFAULT=y +# BR2_ROOTFS_SKELETON_CUSTOM is not set +BR2_TARGET_GENERIC_HOSTNAME="buildroot" +BR2_TARGET_GENERIC_ISSUE="Welcome to Buildroot" +BR2_TARGET_GENERIC_PASSWD_SHA256=y +# BR2_TARGET_GENERIC_PASSWD_SHA512 is not set +BR2_TARGET_GENERIC_PASSWD_METHOD="sha-256" + +# +# General purpose +# +BR2_INIT_BUSYBOX=y +# BR2_INIT_SYSV is not set +# BR2_INIT_OPENRC is not set +# BR2_INIT_SYSTEMD is not set + +# +# Special purpose (read help) +# +# BR2_INIT_CATATONIT is not set +# BR2_INIT_TINI is not set +# BR2_INIT_TINYINIT is not set +# BR2_INIT_NONE is not set +# BR2_ROOTFS_DEVICE_CREATION_STATIC is not set +BR2_ROOTFS_DEVICE_CREATION_DYNAMIC_DEVTMPFS=y +# BR2_ROOTFS_DEVICE_CREATION_DYNAMIC_MDEV is not set +# BR2_ROOTFS_DEVICE_CREATION_DYNAMIC_EUDEV is not set +BR2_ROOTFS_DEVICE_TABLE="system/device_table.txt" +# BR2_ROOTFS_DEVICE_TABLE_SUPPORTS_EXTENDED_ATTRIBUTES is not set +# BR2_ROOTFS_MERGED_USR is not set +BR2_TARGET_ENABLE_ROOT_LOGIN=y +BR2_TARGET_GENERIC_ROOT_PASSWD="" +BR2_SYSTEM_BIN_SH_BUSYBOX=y + +# +# bash, dash, mksh, zsh need BR2_PACKAGE_BUSYBOX_SHOW_OTHERS +# +# BR2_SYSTEM_BIN_SH_NONE is not set +BR2_TARGET_GENERIC_GETTY=y +BR2_TARGET_GENERIC_GETTY_PORT="console" +BR2_TARGET_GENERIC_GETTY_BAUDRATE_KEEP=y +# BR2_TARGET_GENERIC_GETTY_BAUDRATE_9600 is not set +# BR2_TARGET_GENERIC_GETTY_BAUDRATE_19200 is not set +# BR2_TARGET_GENERIC_GETTY_BAUDRATE_38400 is not set +# BR2_TARGET_GENERIC_GETTY_BAUDRATE_57600 is not set +# BR2_TARGET_GENERIC_GETTY_BAUDRATE_115200 is not set +BR2_TARGET_GENERIC_GETTY_BAUDRATE="0" +BR2_TARGET_GENERIC_GETTY_TERM="vt100" +BR2_TARGET_GENERIC_GETTY_OPTIONS="" +BR2_TARGET_GENERIC_REMOUNT_ROOTFS_RW=y +BR2_SYSTEM_DHCP="eth0" +BR2_SYSTEM_DEFAULT_PATH="/bin:/sbin:/usr/bin:/usr/sbin" +BR2_ENABLE_LOCALE_PURGE=y +BR2_ENABLE_LOCALE_WHITELIST="C en_US" +BR2_GENERATE_LOCALE="" +# BR2_SYSTEM_ENABLE_NLS is not set +# BR2_TARGET_TZ_INFO is not set +BR2_ROOTFS_USERS_TABLES="" +BR2_ROOTFS_OVERLAY="" +BR2_ROOTFS_PRE_BUILD_SCRIPT="" +BR2_ROOTFS_POST_BUILD_SCRIPT="board/qemu/x86_64/post-build.sh" +BR2_ROOTFS_POST_FAKEROOT_SCRIPT="" +BR2_ROOTFS_POST_IMAGE_SCRIPT="board/qemu/post-image.sh" +BR2_ROOTFS_POST_SCRIPT_ARGS="$(BR2_DEFCONFIG)" +BR2_ROOTFS_POST_BUILD_SCRIPT_ARGS="" +BR2_ROOTFS_POST_IMAGE_SCRIPT_ARGS="" + +# +# Kernel +# +BR2_LINUX_KERNEL=y +# BR2_LINUX_KERNEL_LATEST_VERSION is not set +# BR2_LINUX_KERNEL_LATEST_CIP_VERSION is not set +# BR2_LINUX_KERNEL_LATEST_CIP_RT_VERSION is not set +BR2_LINUX_KERNEL_CUSTOM_VERSION=y +# BR2_LINUX_KERNEL_CUSTOM_TARBALL is not set +# BR2_LINUX_KERNEL_CUSTOM_GIT is not set +# BR2_LINUX_KERNEL_CUSTOM_HG is not set +# BR2_LINUX_KERNEL_CUSTOM_SVN is not set +BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="6.12.47" +BR2_LINUX_KERNEL_VERSION="6.12.47" +BR2_LINUX_KERNEL_PATCH="" +# BR2_LINUX_KERNEL_USE_DEFCONFIG is not set +# BR2_LINUX_KERNEL_USE_ARCH_DEFAULT_CONFIG is not set +BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y +BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="$(BR2_EXTERNAL_NAT20_PATH)/configs/qemu_linux_defconfig" +BR2_LINUX_KERNEL_CONFIG_FRAGMENT_FILES="" +BR2_LINUX_KERNEL_CUSTOM_LOGO_PATH="" +BR2_LINUX_KERNEL_BZIMAGE=y +# BR2_LINUX_KERNEL_VMLINUX is not set +# BR2_LINUX_KERNEL_IMAGE_TARGET_CUSTOM is not set +BR2_LINUX_KERNEL_GZIP=y +# BR2_LINUX_KERNEL_LZ4 is not set +# BR2_LINUX_KERNEL_LZMA is not set +# BR2_LINUX_KERNEL_LZO is not set +# BR2_LINUX_KERNEL_XZ is not set +# BR2_LINUX_KERNEL_ZSTD is not set +# BR2_LINUX_KERNEL_DTS_SUPPORT is not set +# BR2_LINUX_KERNEL_INSTALL_TARGET is not set +# BR2_LINUX_KERNEL_NEEDS_HOST_OPENSSL is not set +BR2_LINUX_KERNEL_NEEDS_HOST_LIBELF=y +# BR2_LINUX_KERNEL_NEEDS_HOST_PAHOLE is not set +# BR2_LINUX_KERNEL_NEEDS_HOST_PYTHON3 is not set + +# +# Linux Kernel Extensions +# +# BR2_LINUX_KERNEL_EXT_XENOMAI is not set +# BR2_LINUX_KERNEL_EXT_RTAI is not set +# BR2_LINUX_KERNEL_EXT_EV3DEV_LINUX_DRIVERS is not set +# BR2_LINUX_KERNEL_EXT_FBTFT is not set +# BR2_LINUX_KERNEL_EXT_AUFS is not set + +# +# Linux Kernel Tools +# +# BR2_PACKAGE_LINUX_TOOLS_CPUPOWER is not set +# BR2_PACKAGE_LINUX_TOOLS_GPIO is not set +# BR2_PACKAGE_LINUX_TOOLS_IIO is not set +# BR2_PACKAGE_LINUX_TOOLS_MM is not set +# BR2_PACKAGE_LINUX_TOOLS_PCI is not set +# BR2_PACKAGE_LINUX_TOOLS_PERF is not set +# BR2_PACKAGE_LINUX_TOOLS_RTLA is not set + +# +# selftests needs BR2_PACKAGE_BUSYBOX_SHOW_OTHERS and a toolchain w/ dynamic library and headers >= 3.14 +# +# BR2_PACKAGE_LINUX_TOOLS_USBTOOLS is not set +# BR2_PACKAGE_LINUX_TOOLS_TMON is not set +# BR2_PACKAGE_LINUX_TOOLS_HV is not set + +# +# Target packages +# +BR2_PACKAGE_BUSYBOX=y +BR2_PACKAGE_BUSYBOX_CONFIG="package/busybox/busybox.config" +BR2_PACKAGE_BUSYBOX_CONFIG_FRAGMENT_FILES="" +# BR2_PACKAGE_BUSYBOX_SHOW_OTHERS is not set +# BR2_PACKAGE_BUSYBOX_INDIVIDUAL_BINARIES is not set +# BR2_PACKAGE_BUSYBOX_HTTPD is not set +# BR2_PACKAGE_BUSYBOX_WATCHDOG is not set +BR2_PACKAGE_SKELETON=y +BR2_PACKAGE_HAS_SKELETON=y +BR2_PACKAGE_PROVIDES_SKELETON="skeleton-init-sysv" +BR2_PACKAGE_SKELETON_INIT_COMMON=y +BR2_PACKAGE_SKELETON_INIT_SYSV=y + +# +# Audio and video applications +# +# BR2_PACKAGE_ALSA_UTILS is not set +# BR2_PACKAGE_ATEST is not set +# BR2_PACKAGE_AUMIX is not set +# BR2_PACKAGE_BLUEZ_ALSA is not set +# BR2_PACKAGE_DVBLAST is not set +# BR2_PACKAGE_DVDAUTHOR is not set + +# +# dvdrw-tools needs a toolchain w/ threads, C++, wchar +# + +# +# espeak needs a toolchain w/ C++, wchar, threads, dynamic library +# +# BR2_PACKAGE_FAAD2 is not set +BR2_PACKAGE_FFMPEG_ARCH_SUPPORTS=y +# BR2_PACKAGE_FFMPEG is not set +# BR2_PACKAGE_FLAC is not set +# BR2_PACKAGE_FLITE is not set +# BR2_PACKAGE_FLUID_SOUNDFONT is not set + +# +# fluidsynth needs a toolchain w/ threads, wchar, dynamic library, C++ +# +# BR2_PACKAGE_GMRENDER_RESURRECT is not set +# BR2_PACKAGE_GSTREAMER1 is not set +# BR2_PACKAGE_JACK1 is not set + +# +# jack2 needs a toolchain w/ threads, C++, dynamic library +# +BR2_PACKAGE_KODI_ARCH_SUPPORTS=y + +# +# kodi needs python3 w/ .py modules, a uClibc or glibc toolchain w/ C++, threads, wchar, dynamic library, gcc >= 9.x, host gcc >= 9.x +# + +# +# kodi needs udev support for gbm +# + +# +# kodi needs an OpenGL EGL backend with OpenGL or GLES support +# +# BR2_PACKAGE_LAME is not set +# BR2_PACKAGE_MADPLAY is not set +# BR2_PACKAGE_MINIMODEM is not set + +# +# miraclecast needs systemd and a glibc toolchain w/ threads and wchar +# +BR2_PACKAGE_MJPEGTOOLS_SIMD_SUPPORT=y + +# +# mjpegtools needs a toolchain w/ C++, threads +# + +# +# modplugtools needs a toolchain w/ C++ +# +# BR2_PACKAGE_MOTION is not set + +# +# mpd needs a toolchain w/ C++, threads, wchar, host-gcc 10, gcc 12, headers 5.6 +# +# BR2_PACKAGE_MPD_MPC is not set +# BR2_PACKAGE_MPG123 is not set + +# +# mpv needs a toolchain w/ C++, NPTL, gcc >= 4.9 +# +# BR2_PACKAGE_MULTICAT is not set +# BR2_PACKAGE_MUSEPACK is not set + +# +# ncmpc needs a toolchain w/ C++, wchar, threads, gcc >= 10 +# +# BR2_PACKAGE_OPUS_TOOLS is not set +# BR2_PACKAGE_PIPEWIRE is not set +BR2_PACKAGE_PULSEAUDIO_HAS_ATOMIC=y +# BR2_PACKAGE_PULSEAUDIO is not set +# BR2_PACKAGE_SOX is not set +# BR2_PACKAGE_SPEECHD is not set +# BR2_PACKAGE_SQUEEZELITE is not set +# BR2_PACKAGE_TINYCOMPRESS is not set +# BR2_PACKAGE_TSTOOLS is not set +# BR2_PACKAGE_TWOLAME is not set +# BR2_PACKAGE_UDPXY is not set + +# +# upmpdcli needs a toolchain w/ C++, NPTL, gcc >= 4.9 +# + +# +# v4l2grab needs a toolchain w/ threads, dynamic library, C++ and headers >= 3.0 +# +# BR2_PACKAGE_V4L2LOOPBACK is not set + +# +# vlc needs a toolchain w/ C++, dynamic library, wchar, threads, gcc >= 4.9, headers >= 3.7 +# +# BR2_PACKAGE_VORBIS_TOOLS is not set +# BR2_PACKAGE_WAVPACK is not set +# BR2_PACKAGE_YAVTA is not set +# BR2_PACKAGE_YMPD is not set + +# +# zynaddsubfx needs a toolchain w/ C++11 and threads +# + +# +# Compressors and decompressors +# +# BR2_PACKAGE_BROTLI is not set +# BR2_PACKAGE_BZIP2 is not set + +# +# lrzip needs a toolchain w/ wchar, threads, C++ +# + +# +# lzip needs a toolchain w/ C++ +# +# BR2_PACKAGE_LZOP is not set + +# +# p7zip needs a toolchain w/ threads, wchar, C++ +# +# BR2_PACKAGE_PIGZ is not set +# BR2_PACKAGE_PIXZ is not set + +# +# unrar needs a toolchain w/ C++, wchar, threads, gcc >= 4.8 +# +# BR2_PACKAGE_XZ is not set +# BR2_PACKAGE_ZIP is not set +# BR2_PACKAGE_ZSTD is not set + +# +# Debugging, profiling and benchmark +# +# BR2_PACKAGE_BABELTRACE2 is not set + +# +# bcc needs a glibc toolchain, C++, wchar, threads, dynamic libs, gcc >= 7, host gcc >= 7 +# +# BR2_PACKAGE_BLKTRACE is not set + +# +# bonnie++ needs a toolchain w/ C++ +# +BR2_PACKAGE_BPFTOOL_ARCH_SUPPORTS=y +# BR2_PACKAGE_BPFTOOL is not set +BR2_PACKAGE_BPFTRACE_ARCH_SUPPORTS=y + +# +# bpftrace needs a glibc toolchain w/ C++, gcc >= 7, host gcc >= 7, kernel headers >= 4.13 +# +# BR2_PACKAGE_CACHE_CALIBRATOR is not set + +# +# clinfo needs an OpenCL provider +# + +# +# clpeak needs an OpenCL provider, a toolchain w/ C++, gcc >= 4.8 +# +# BR2_PACKAGE_COREMARK is not set +# BR2_PACKAGE_COREMARK_PRO is not set + +# +# dacapo needs OpenJDK +# +BR2_PACKAGE_DELVE_ARCH_SUPPORTS=y +# BR2_PACKAGE_DELVE is not set +# BR2_PACKAGE_DHRYSTONE is not set +# BR2_PACKAGE_DIEHARDER is not set +# BR2_PACKAGE_DMALLOC is not set +# BR2_PACKAGE_DROPWATCH is not set +# BR2_PACKAGE_DSTAT is not set +# BR2_PACKAGE_DT is not set + +# +# duma needs a toolchain w/ C++, threads, dynamic library +# +# BR2_PACKAGE_FIO is not set +BR2_PACKAGE_FWTS_ARCH_SUPPORTS=y +# BR2_PACKAGE_FWTS is not set +BR2_PACKAGE_GDB_ARCH_SUPPORTS=y + +# +# gdb/gdbserver >= 8.x needs a toolchain w/ C++, gcc >= 4.8 +# +BR2_PACKAGE_GOOGLE_BREAKPAD_ARCH_SUPPORTS=y + +# +# google-breakpad requires a glibc toolchain w/ wchar, threads, C++, gcc >= 7 +# +# BR2_PACKAGE_HYPERFINE is not set +# BR2_PACKAGE_IOZONE is not set +BR2_PACKAGE_KEXEC_ARCH_SUPPORTS=y +# BR2_PACKAGE_KEXEC is not set +# BR2_PACKAGE_KMEMD is not set +BR2_PACKAGE_KVM_UNIT_TESTS_ARCH_SUPPORTS=y +# BR2_PACKAGE_KVM_UNIT_TESTS is not set +# BR2_PACKAGE_LIBBPF is not set +# BR2_PACKAGE_LIBTRACEEVENT is not set +# BR2_PACKAGE_LIBTRACEFS is not set +# BR2_PACKAGE_LMBENCH is not set +BR2_PACKAGE_LTP_TESTSUITE_ARCH_SUPPORTS=y +# BR2_PACKAGE_LTP_TESTSUITE is not set +BR2_PACKAGE_LTRACE_ARCH_SUPPORTS=y +# BR2_PACKAGE_LTRACE is not set +# BR2_PACKAGE_LTTNG_BABELTRACE is not set +# BR2_PACKAGE_LTTNG_MODULES is not set + +# +# lttng-tools needs a toolchain w/ threads, dynamic library, C++ +# +# BR2_PACKAGE_MBPOLL is not set +# BR2_PACKAGE_MBW is not set +# BR2_PACKAGE_MCELOG is not set +# BR2_PACKAGE_MEMSTAT is not set +# BR2_PACKAGE_NETPERF is not set + +# +# netsniff-ng needs a toolchain w/ NPTL, C++, headers >= 3.0 +# +# BR2_PACKAGE_NMON is not set +BR2_PACKAGE_OPROFILE_ARCH_SUPPORTS=y + +# +# oprofile needs a toolchain w/ C++, wchar +# +# BR2_PACKAGE_PAX_UTILS is not set + +# +# pcm-tools needs a toolchain w/ C++, NPTL +# +BR2_PACKAGE_PERFTEST_ARCH_SUPPORTS=y +# BR2_PACKAGE_PERFTEST is not set + +# +# piglit needs a glibc or musl toolchain w/ C++, gcc >= 9, host gcc >= 9 +# +BR2_PACKAGE_PLY_ARCH_SUPPORTS=y +# BR2_PACKAGE_PLY is not set +# BR2_PACKAGE_POKE is not set +# BR2_PACKAGE_PV is not set + +# +# racehound needs a toolchain w/ C++, wchar, dynamic library, threads +# +# BR2_PACKAGE_RAMSPEED is not set +# BR2_PACKAGE_RT_TESTS is not set + +# +# rwmem needs a toolchain w/ C++, wchar, gcc >= 10 +# + +# +# sentry-native needs a glibc toolchain with w/ wchar, threads, C++, gcc >= 7 +# + +# +# signal-estimator needs a toochain w/ C++, threads, gcc >= 7 +# +# BR2_PACKAGE_SPIDEV_TEST is not set +# BR2_PACKAGE_STRACE is not set +# BR2_PACKAGE_STRESS is not set +# BR2_PACKAGE_STRESS_NG is not set + +# +# sysdig needs a glibc toolchain w/ C++, threads, gcc >= 8, dynamic library, a Linux kernel, and luajit or lua 5.1 to be built +# + +# +# sysprof needs a toolchain w/ dynamic library, wchar, threads, C++, gcc >= 7, headers >= 5.12 +# + +# +# tbtools needs udev /dev management w/ glibc toolchain +# +# BR2_PACKAGE_TCF_AGENT is not set +BR2_PACKAGE_TCF_AGENT_ARCH="x86_64" +BR2_PACKAGE_TCF_AGENT_ARCH_SUPPORTS=y +# BR2_PACKAGE_TRACE_CMD is not set +BR2_PACKAGE_TRINITY_ARCH_SUPPORTS=y +# BR2_PACKAGE_TRINITY is not set +# BR2_PACKAGE_UCLIBC_NG_TEST is not set +BR2_PACKAGE_UFTRACE_ARCH_SUPPORTS=y +# BR2_PACKAGE_UFTRACE is not set +BR2_PACKAGE_VALGRIND_ARCH_SUPPORTS=y +# BR2_PACKAGE_VALGRIND is not set +# BR2_PACKAGE_VMTOUCH is not set +# BR2_PACKAGE_WHETSTONE is not set + +# +# Development tools +# +# BR2_PACKAGE_AVOCADO is not set +# BR2_PACKAGE_BINUTILS is not set +# BR2_PACKAGE_BITWISE is not set +# BR2_PACKAGE_CHECK is not set +BR2_PACKAGE_CMAKE_ARCH_SUPPORTS=y + +# +# ctest needs a toolchain w/ C++, wchar, dynamic library, gcc >= 4.9, NPTL +# + +# +# cppunit needs a toolchain w/ C++, dynamic library +# +# BR2_PACKAGE_CUKINIA is not set +# BR2_PACKAGE_CUNIT is not set +# BR2_PACKAGE_CVS is not set + +# +# cxxtest needs a toolchain w/ C++ support +# +# BR2_PACKAGE_FD is not set +# BR2_PACKAGE_FLEX is not set +# BR2_PACKAGE_GETTEXT is not set +BR2_PACKAGE_PROVIDES_HOST_GETTEXT="host-gettext-tiny" +# BR2_PACKAGE_GIT is not set + +# +# git-crypt needs a toolchain w/ C++, gcc >= 4.9 +# + +# +# gperf needs a toolchain w/ C++ +# +# BR2_PACKAGE_JO is not set +# BR2_PACKAGE_JQ is not set +# BR2_PACKAGE_LIBTOOL is not set +# BR2_PACKAGE_MAKE is not set +# BR2_PACKAGE_MAWK is not set +# BR2_PACKAGE_PKGCONF is not set +# BR2_PACKAGE_RIPGREP is not set +# BR2_PACKAGE_SUBVERSION is not set +# BR2_PACKAGE_TIG is not set +# BR2_PACKAGE_TREE is not set +# BR2_PACKAGE_UNIFDEF is not set +# BR2_PACKAGE_YASM is not set + +# +# Filesystem and flash utilities +# +# BR2_PACKAGE_ABOOTIMG is not set +# BR2_PACKAGE_AUFS_UTIL is not set +# BR2_PACKAGE_AUTOFS is not set + +# +# bmap-writer needs a toolchain w/ C++, wchar +# +# BR2_PACKAGE_BTRFS_PROGS is not set +# BR2_PACKAGE_CIFS_UTILS is not set +# BR2_PACKAGE_CPIO is not set +# BR2_PACKAGE_CRAMFS is not set +# BR2_PACKAGE_CURLFTPFS is not set +# BR2_PACKAGE_DAVFS2 is not set +# BR2_PACKAGE_DOSFSTOOLS is not set +# BR2_PACKAGE_DUST is not set +# BR2_PACKAGE_E2FSPROGS is not set +# BR2_PACKAGE_E2TOOLS is not set +# BR2_PACKAGE_ECRYPTFS_UTILS is not set +# BR2_PACKAGE_EROFS_UTILS is not set +# BR2_PACKAGE_EXFAT is not set +# BR2_PACKAGE_EXFAT_UTILS is not set +# BR2_PACKAGE_EXFATPROGS is not set +# BR2_PACKAGE_F2FS_TOOLS is not set +# BR2_PACKAGE_FIRMWARE_UTILS is not set +# BR2_PACKAGE_FLASHBENCH is not set +# BR2_PACKAGE_FSCRYPTCTL is not set +# BR2_PACKAGE_FUSE_OVERLAYFS is not set +# BR2_PACKAGE_FWUP is not set +# BR2_PACKAGE_GENEXT2FS is not set +# BR2_PACKAGE_GENPART is not set +# BR2_PACKAGE_GOCRYPTFS is not set +# BR2_PACKAGE_IMX_USB_LOADER is not set +# BR2_PACKAGE_MMC_UTILS is not set +# BR2_PACKAGE_MTD is not set +# BR2_PACKAGE_MTOOLS is not set +# BR2_PACKAGE_NFS_UTILS is not set +# BR2_PACKAGE_NILFS_UTILS is not set +# BR2_PACKAGE_NTFS_3G is not set +# BR2_PACKAGE_SP_OOPS_EXTRACT is not set +# BR2_PACKAGE_SQUASHFS is not set +# BR2_PACKAGE_SSHFS is not set +# BR2_PACKAGE_UDFTOOLS is not set +# BR2_PACKAGE_UFS_UTILS is not set +# BR2_PACKAGE_UNIONFS is not set + +# +# xfsprogs needs a toolchain w/ threads, C++ +# +# BR2_PACKAGE_ZEROFREE is not set + +# +# zfs needs udev /dev management +# + +# +# Fonts, cursors, icons, sounds and themes +# + +# +# Cursors +# +# BR2_PACKAGE_COMIX_CURSORS is not set + +# +# Fonts +# +# BR2_PACKAGE_BITSTREAM_VERA is not set +# BR2_PACKAGE_CANTARELL is not set +# BR2_PACKAGE_DEJAVU is not set +# BR2_PACKAGE_FONT_AWESOME is not set +# BR2_PACKAGE_GHOSTSCRIPT_FONTS is not set +# BR2_PACKAGE_INCONSOLATA is not set +# BR2_PACKAGE_LIBERATION is not set +# BR2_PACKAGE_WQY_ZENHEI is not set + +# +# Icons +# +# BR2_PACKAGE_HICOLOR_ICON_THEME is not set + +# +# Sounds +# +# BR2_PACKAGE_SOUND_THEME_BOREALIS is not set +# BR2_PACKAGE_SOUND_THEME_FREEDESKTOP is not set + +# +# Themes +# + +# +# Games +# +# BR2_PACKAGE_ASCII_INVADERS is not set +# BR2_PACKAGE_CHOCOLATE_DOOM is not set + +# +# flare-engine needs a toolchain w/ C++, dynamic library +# + +# +# gnuchess needs a toolchain w/ C++, threads +# +# BR2_PACKAGE_LBREAKOUT2 is not set +# BR2_PACKAGE_LTRIS is not set + +# +# minetest needs a toolchain w/ C++, gcc >= 9, threads +# +# BR2_PACKAGE_OPENTYRIAN is not set +# BR2_PACKAGE_PRBOOM is not set +# BR2_PACKAGE_SL is not set + +# +# solarus needs OpenGL and a toolchain w/ C++, gcc >= 9, NPTL, dynamic library, and luajit or lua 5.1 +# + +# +# stella needs a toolchain w/ dynamic library, C++, threads, gcc >= 7 +# +# BR2_PACKAGE_XORCURSES is not set + +# +# Graphic libraries and applications (graphic/text) +# + +# +# Graphic applications +# + +# +# cage needs udev, EGL and OpenGL ES support +# + +# +# cog needs wpewebkit and a toolchain w/ threads +# + +# +# dmenu-wayland needs a toolchain w/ wchar, threads, C++, dynamic library, gcc >= 4.9 +# + +# +# flutter packages need flutter-engine +# + +# +# flutter-pi needs a glibc toolchain w/ wchar, C++, gcc >= 5, dynamic library, host gcc >= 5 +# + +# +# flutter-pi needs an OpenGL or OpenGLES backend +# + +# +# flutter-pi needs GBM, systemd, and udev +# +# BR2_PACKAGE_FOOT is not set +# BR2_PACKAGE_FSWEBCAM is not set +# BR2_PACKAGE_GHOSTSCRIPT is not set + +# +# glmark2 needs a toolchain w/ C++, gcc >= 4.9 +# + +# +# glslsandbox-player needs openGL ES and EGL driver +# +# BR2_PACKAGE_GNUPLOT is not set + +# +# igt-gpu-tools needs udev /dev management and toolchain w/ NPTL, wchar, dynamic library, locale, headers >= 4.11 +# + +# +# ivi-homescreen needs a glibc toolchain w/ wchar, C++, gcc >= 8, dynamic library, host gcc >= 5 +# + +# +# ivi-homescreen needs an OpenGL or OpenGLES backend +# +# BR2_PACKAGE_JHEAD is not set + +# +# kmscube needs EGL, GBM and OpenGL ES, and a toolchain w/ thread support +# + +# +# libva-utils needs a toolchain w/ C++, threads, dynamic library +# +BR2_PACKAGE_NETSURF_ARCH_SUPPORTS=y +# BR2_PACKAGE_NETSURF is not set +# BR2_PACKAGE_PNGQUANT is not set +# BR2_PACKAGE_RRDTOOL is not set + +# +# spirv-translator needs a toolchain w/ wchar, threads, C++, gcc >= 7, dynamic library, host gcc >= 7 +# + +# +# spirv-tools needs a toolchain w/ C++, dynamic library, gcc >= 8 +# + +# +# stellarium needs Qt5 and an OpenGL provider +# + +# +# sway needs systemd, udev, EGL and OpenGL ES support +# + +# +# sway needs a toolchain w/ wchar, threads, C++, dynamic library, gcc >= 4.9 +# +# BR2_PACKAGE_SWAYBG is not set + +# +# tesseract-ocr needs a toolchain w/ threads, C++, gcc >= 8, dynamic library, wchar +# +# BR2_PACKAGE_TINIFIER is not set + +# +# Graphic libraries +# + +# +# cegui needs a toolchain w/ C++, threads, dynamic library, wchar, gcc >= 5 +# + +# +# efl needs a toolchain w/ C++, dynamic library, gcc >= 4.9, host gcc >= 4.9, threads, wchar +# +# BR2_PACKAGE_FB_TEST_APP is not set +# BR2_PACKAGE_FBDUMP is not set +# BR2_PACKAGE_FBGRAB is not set + +# +# fbterm needs a toolchain w/ C++, wchar, locale +# +# BR2_PACKAGE_FBV is not set + +# +# freerdp needs a toolchain w/ wchar, dynamic library, threads, C++ +# +# BR2_PACKAGE_GRAPHICSMAGICK is not set +# BR2_PACKAGE_IMAGEMAGICK is not set +# BR2_PACKAGE_LIBGLVND is not set + +# +# mesa3d needs a toolchain w/ gcc >=8, C++, NPTL, dynamic library +# + +# +# ocrad needs a toolchain w/ C++ +# + +# +# ogre needs a toolchain w/ C++, dynamic library, gcc >= 4.8, threads, wchar +# +# BR2_PACKAGE_PSPLASH is not set +# BR2_PACKAGE_SDL is not set +# BR2_PACKAGE_SDL2 is not set + +# +# spirv-headers needs a toolchain w/ C++ +# + +# +# vulkan-headers needs a toolchain w/ C++ +# + +# +# vulkan-loader needs a toolchain w/ C++, dynamic library, threads +# + +# +# Vulkan-SDK needs toolchain w/ C++, dynamic library +# + +# +# vulkan-tools needs a toolchain w/ C++, dynamic library, threads, gcc >= 4.9 +# + +# +# Other GUIs +# +BR2_PACKAGE_QT5_JSCORE_AVAILABLE=y + +# +# Qt5 needs host g++ >= 5.0, and a toolchain w/ gcc >= 5.0, wchar, NPTL, C++, dynamic library +# +BR2_PACKAGE_QT6_ARCH_SUPPORTS=y + +# +# qt6 needs a toolchain w/ C++, threads, wchar, dynamic library, gcc >= 8, host gcc >= 8 +# + +# +# tekui needs a Lua interpreter and a toolchain w/ threads, dynamic library +# + +# +# weston needs udev and a toolchain w/ locale, threads, dynamic library, headers >= 3.0 +# +# BR2_PACKAGE_XORG7 is not set + +# +# apitrace needs a toolchain w/ C++, wchar, dynamic library, threads, gcc >= 7 +# + +# +# mupdf needs a toolchain w/ C++, gcc >= 4.9 +# + +# +# vte needs a uClibc or glibc toolchain w/ wchar, threads, C++, gcc >= 10 +# + +# +# vte needs an OpenGL or an OpenGL-EGL backend +# +# BR2_PACKAGE_XKEYBOARD_CONFIG is not set + +# +# Hardware handling +# + +# +# Firmware +# +# BR2_PACKAGE_ARMBIAN_FIRMWARE is not set +# BR2_PACKAGE_B43_FIRMWARE is not set +# BR2_PACKAGE_BRCMFMAC_SDIO_FIRMWARE_RPI is not set +# BR2_PACKAGE_LINUX_FIRMWARE is not set +# BR2_PACKAGE_MURATA_CYW_FW is not set +# BR2_PACKAGE_NXP_BT_WIFI_FIRMWARE is not set +# BR2_PACKAGE_ODROIDC2_FIRMWARE is not set +# BR2_PACKAGE_PANEL_MIPI_DBI_FIRMWARE is not set +# BR2_PACKAGE_QCOM_DB410C_FIRMWARE is not set +# BR2_PACKAGE_QORIQ_DDR_PHY_BINARY is not set +# BR2_PACKAGE_QORIQ_FIRMWARE_INPHI is not set +# BR2_PACKAGE_QORIQ_FM_UCODE is not set +# BR2_PACKAGE_QORIQ_MC_BINARY is not set +# BR2_PACKAGE_QORIQ_MC_UTILS is not set +# BR2_PACKAGE_RCW_SMARC_SAL28 is not set +# BR2_PACKAGE_UX500_FIRMWARE is not set +# BR2_PACKAGE_WILC1000_FIRMWARE is not set +# BR2_PACKAGE_WILC3000_FIRMWARE is not set +# BR2_PACKAGE_WILINK_BT_FIRMWARE is not set +# BR2_PACKAGE_ZD1211_FIRMWARE is not set +# BR2_PACKAGE_18XX_TI_UTILS is not set +# BR2_PACKAGE_ACPICA is not set +# BR2_PACKAGE_ACPID is not set + +# +# acpitool needs a toolchain w/ threads, C++, dynamic library +# +# BR2_PACKAGE_AER_INJECT is not set +# BR2_PACKAGE_ALTERA_STAPL is not set + +# +# apcupsd needs a toolchain w/ C++, threads +# +# BR2_PACKAGE_AVRDUDE is not set + +# +# bcache-tools needs udev /dev management +# +# BR2_PACKAGE_BFSCRIPTS is not set + +# +# brickd needs udev /dev management, a toolchain w/ threads, wchar +# +# BR2_PACKAGE_BRLTTY is not set + +# +# cc-tool needs a toolchain w/ C++, threads, wchar, gcc >= 4.9 +# +# BR2_PACKAGE_CDRKIT is not set +# BR2_PACKAGE_CRUCIBLE is not set +# BR2_PACKAGE_CRYPTSETUP is not set +# BR2_PACKAGE_CWIID is not set +# BR2_PACKAGE_DAHDI_LINUX is not set +# BR2_PACKAGE_DAHDI_TOOLS is not set +# BR2_PACKAGE_DBUS is not set + +# +# dbusbroker needs systemd and a toolchain w/ threads +# + +# +# dbus-cxx needs a toolchain w/ C++, threads, gcc >= 7 and dynamic library support +# +# BR2_PACKAGE_DFU_PROGRAMMER is not set +# BR2_PACKAGE_DFU_UTIL is not set +# BR2_PACKAGE_DMIDECODE is not set +# BR2_PACKAGE_DMRAID is not set + +# +# dt-utils needs udev /dev management +# +# BR2_PACKAGE_DTBOCFG is not set +# BR2_PACKAGE_DTV_SCAN_TABLES is not set +# BR2_PACKAGE_DUMP1090 is not set +# BR2_PACKAGE_DVBSNOOP is not set + +# +# edid-decode needs a toolchain w/ C++, gcc >= 4.7 +# +# BR2_PACKAGE_ESP_HOSTED is not set + +# +# espflash needs udev /dev management +# + +# +# eudev needs eudev /dev management +# +# BR2_PACKAGE_EVEMU is not set +# BR2_PACKAGE_EVTEST is not set +BR2_PACKAGE_FLASHROM_ARCH_SUPPORTS=y +# BR2_PACKAGE_FLASHROM is not set +# BR2_PACKAGE_FMTOOLS is not set +# BR2_PACKAGE_FREEIPMI is not set +# BR2_PACKAGE_FWUPD is not set +# BR2_PACKAGE_FWUPD_EFI is not set +# BR2_PACKAGE_FXLOAD is not set +# BR2_PACKAGE_GPM is not set +# BR2_PACKAGE_GPSD is not set + +# +# gptfdisk needs a toolchain w/ C++ +# +# BR2_PACKAGE_GVFS is not set +# BR2_PACKAGE_HDDTEMP is not set +# BR2_PACKAGE_HWDATA is not set +# BR2_PACKAGE_HWLOC is not set +# BR2_PACKAGE_I7Z is not set +# BR2_PACKAGE_INPUT_EVENT_DAEMON is not set +# BR2_PACKAGE_INTEL_MICROCODE is not set +# BR2_PACKAGE_IOTOOLS is not set +# BR2_PACKAGE_IPMITOOL is not set +# BR2_PACKAGE_IPMIUTIL is not set +# BR2_PACKAGE_IRDA_UTILS is not set +# BR2_PACKAGE_IUCODE_TOOL is not set +# BR2_PACKAGE_KBD is not set +# BR2_PACKAGE_LCDPROC is not set + +# +# ledmon needs udev and a toolchain w/ threads +# + +# +# libiec61850 needs a toolchain w/ C++, threads, dynamic library +# + +# +# libmanette needs a toolchain w/ wchar, NPTL threads, gcc >= 4.9, headers >= 4.16, udev +# +# BR2_PACKAGE_LIBUBOOTENV is not set +# BR2_PACKAGE_LIBUIO is not set +# BR2_PACKAGE_LINUX_BACKPORTS is not set +# BR2_PACKAGE_LINUX_SERIAL_TEST is not set +# BR2_PACKAGE_LINUXCONSOLETOOLS is not set + +# +# lirc-tools needs a toolchain w/ threads, dynamic library, C++ +# +# BR2_PACKAGE_LM_SENSORS is not set + +# +# lshw needs a toolchain w/ C++, wchar +# +# BR2_PACKAGE_LSSCSI is not set +# BR2_PACKAGE_LSUIO is not set +# BR2_PACKAGE_LUKSMETA is not set +# BR2_PACKAGE_LVM2 is not set +# BR2_PACKAGE_MBPFAN is not set +# BR2_PACKAGE_MDADM is not set +# BR2_PACKAGE_MDEVD is not set +# BR2_PACKAGE_MDIO_TOOLS is not set +# BR2_PACKAGE_MEMTEST86 is not set +# BR2_PACKAGE_MEMTESTER is not set +# BR2_PACKAGE_MEMTOOL is not set +# BR2_PACKAGE_MHZ is not set +# BR2_PACKAGE_MINICOM is not set +# BR2_PACKAGE_MSR_TOOLS is not set +# BR2_PACKAGE_MXT_APP is not set +# BR2_PACKAGE_NANOCOM is not set +# BR2_PACKAGE_NEARD is not set +# BR2_PACKAGE_NVIDIA_DRIVER is not set +# BR2_PACKAGE_NVIDIA_MODPROBE is not set +# BR2_PACKAGE_NVIDIA_PERSISTENCED is not set +# BR2_PACKAGE_NVME is not set +# BR2_PACKAGE_NXP_MWIFIEX is not set +# BR2_PACKAGE_OFONO is not set + +# +# ola needs a toolchain w/ C++, threads, dynamic library, gcc >= 4.8 +# +# BR2_PACKAGE_OPEN2300 is not set + +# +# openfpgaloader needs a toolchain w/ threads, C++, gcc >= 4.9 +# +# BR2_PACKAGE_OPENIPMI is not set +# BR2_PACKAGE_OPENOCD is not set + +# +# openpowerlink needs a toolchain w/ C++, threads +# +# BR2_PACKAGE_PARTED is not set +# BR2_PACKAGE_PCIUTILS is not set +# BR2_PACKAGE_PDBG is not set +# BR2_PACKAGE_PICOCOM is not set + +# +# picotool needs a toolchain w/ C++, threads, gcc >= 4.9 +# + +# +# powertop needs a toolchain w/ C++, threads, wchar +# +# BR2_PACKAGE_PPS_TOOLS is not set + +# +# pulseview needs a toolchain w/ locale, wchar, threads, dynamic library, C++, gcc >= 7, host gcc >= 5 +# +# BR2_PACKAGE_QORIQ_CADENCE_DP_FIRMWARE is not set +# BR2_PACKAGE_RASPI_GPIO is not set +# BR2_PACKAGE_RDMA_CORE is not set +# BR2_PACKAGE_READ_EDID is not set +# BR2_PACKAGE_RNG_TOOLS is not set +# BR2_PACKAGE_RS485CONF is not set +# BR2_PACKAGE_RTC_TOOLS is not set +# BR2_PACKAGE_RTL8188EU is not set +# BR2_PACKAGE_RTL8189ES is not set +# BR2_PACKAGE_RTL8189FS is not set +# BR2_PACKAGE_RTL8192EU is not set +# BR2_PACKAGE_RTL8723BU is not set +# BR2_PACKAGE_RTL8723DS is not set +# BR2_PACKAGE_RTL8723DS_BT is not set +# BR2_PACKAGE_RTL8812AU_AIRCRACK_NG is not set +# BR2_PACKAGE_RTL8821AU is not set +# BR2_PACKAGE_RTL8821CU is not set +# BR2_PACKAGE_RTL8822CS is not set +# BR2_PACKAGE_SANE_AIRSCAN is not set +# BR2_PACKAGE_SANE_BACKENDS is not set +# BR2_PACKAGE_SDPARM is not set +BR2_PACKAGE_SEDUTIL_ARCH_SUPPORTS=y + +# +# sedutil needs a toolchain w/ C++, gcc >= 4.8, headers >= 3.12 +# +# BR2_PACKAGE_SETSERIAL is not set +# BR2_PACKAGE_SG3_UTILS is not set +# BR2_PACKAGE_SIGROK_CLI is not set +# BR2_PACKAGE_SISPMCTL is not set + +# +# smartmontools needs a toolchain w/ C++ +# +# BR2_PACKAGE_SMSTOOLS3 is not set +# BR2_PACKAGE_SPI_TOOLS is not set +# BR2_PACKAGE_SREDIRD is not set +# BR2_PACKAGE_STATSERIAL is not set +# BR2_PACKAGE_STM32FLASH is not set +# BR2_PACKAGE_SUPERIOTOOL is not set +# BR2_PACKAGE_SYSSTAT is not set +# BR2_PACKAGE_TI_UIM is not set +# BR2_PACKAGE_TI_UTILS is not set + +# +# tio needs lua (but not luajit) +# +# BR2_PACKAGE_TRIGGERHAPPY is not set +# BR2_PACKAGE_UBOOT_BOOTCOUNT is not set +# BR2_PACKAGE_UBOOT_TOOLS is not set +# BR2_PACKAGE_UBUS is not set + +# +# udisks needs udev /dev management +# +# BR2_PACKAGE_UEFISETTINGS is not set +# BR2_PACKAGE_UHUBCTL is not set +# BR2_PACKAGE_UMTPRD is not set + +# +# upower needs udev /dev management +# +# BR2_PACKAGE_USB_MODESWITCH is not set +# BR2_PACKAGE_USB_MODESWITCH_DATA is not set + +# +# usbguard needs a toolchain w/ C++, threads, dynamic library, gcc >= 8 +# + +# +# usbip needs udev /dev management +# + +# +# usbmount requires udev to be enabled +# + +# +# usbutils needs udev /dev management and toolchain w/ threads, gcc >= 4.9 +# +# BR2_PACKAGE_WILC_DRIVER is not set +# BR2_PACKAGE_WIPE is not set +# BR2_PACKAGE_XORRISO is not set + +# +# Interpreter languages and scripting +# +# BR2_PACKAGE_4TH is not set +# BR2_PACKAGE_CHICKEN is not set +# BR2_PACKAGE_ENSCRIPT is not set +BR2_PACKAGE_HOST_ERLANG_ARCH_SUPPORTS=y +BR2_PACKAGE_ERLANG_ARCH_SUPPORTS=y +# BR2_PACKAGE_ERLANG is not set +# BR2_PACKAGE_EXECLINE is not set +# BR2_PACKAGE_FICL is not set +BR2_PACKAGE_GAUCHE_ARCH_SUPPORTS=y +# BR2_PACKAGE_GAUCHE is not set +# BR2_PACKAGE_GUILE is not set +# BR2_PACKAGE_HASERL is not set +# BR2_PACKAGE_JANET is not set +# BR2_PACKAGE_JIMTCL is not set +# BR2_PACKAGE_LUA is not set +BR2_PACKAGE_PROVIDES_HOST_LUAINTERPRETER="host-lua" +BR2_PACKAGE_LUAJIT_ARCH_SUPPORTS=y +# BR2_PACKAGE_LUAJIT is not set +# BR2_PACKAGE_MICROPYTHON is not set +# BR2_PACKAGE_MOARVM is not set +BR2_PACKAGE_HOST_MONO_ARCH_SUPPORTS=y +BR2_PACKAGE_MONO_ARCH_SUPPORTS=y + +# +# mono needs a toolchain w/ C++, NPTL, dynamic library +# +BR2_PACKAGE_NODEJS_ARCH_SUPPORTS=y + +# +# nodejs needs a toolchain w/ C++, dynamic library, NPTL, gcc >= 10, wchar, host gcc >= 10 +# +BR2_PACKAGE_PROVIDES_NODEJS="nodejs-src" + +# +# octave needs a toolchain w/ C++ and fortran, gcc >= 7 +# +BR2_PACKAGE_HOST_OPENJDK_BIN_ARCH_SUPPORTS=y +BR2_PACKAGE_OPENJDK_ARCH_SUPPORTS=y + +# +# openjdk needs X.Org +# + +# +# openjdk needs glibc, and a toolchain w/ wchar, dynamic library, threads, C++, gcc >= 4.9, host gcc >= 4.9 +# +# BR2_PACKAGE_PERL is not set +BR2_PACKAGE_PHP_ARCH_SUPPORTS=y +# BR2_PACKAGE_PHP is not set +# BR2_PACKAGE_PYTHON3 is not set +# BR2_PACKAGE_QUICKJS is not set +# BR2_PACKAGE_RUBY is not set +BR2_PACKAGE_SWIPL_ARCH_SUPPORTS=y +# BR2_PACKAGE_SWIPL is not set +# BR2_PACKAGE_TCL is not set + +# +# Libraries +# + +# +# Audio/Sound +# +# BR2_PACKAGE_ALSA_LIB is not set + +# +# alure needs a toolchain w/ C++, gcc >= 9, NPTL, wchar +# +# BR2_PACKAGE_AUBIO is not set +# BR2_PACKAGE_BCG729 is not set + +# +# caps needs a toolchain w/ C++, dynamic library +# +BR2_PACKAGE_FDK_AAC_ARCH_SUPPORTS=y + +# +# fdk-aac needs a toolchain w/ C++ +# +BR2_PACKAGE_GTKIOSTREAM_ARCH_SUPPORTS=y + +# +# gtkiostream needs a toolchain w/ C++, threads +# +# BR2_PACKAGE_LIBAO is not set +# BR2_PACKAGE_LIBBROADVOICE is not set +# BR2_PACKAGE_LIBCANBERRA is not set +# BR2_PACKAGE_LIBCDAUDIO is not set +# BR2_PACKAGE_LIBCDDB is not set +# BR2_PACKAGE_LIBCDIO is not set +# BR2_PACKAGE_LIBCDIO_PARANOIA is not set +# BR2_PACKAGE_LIBCODEC2 is not set +# BR2_PACKAGE_LIBCUE is not set +# BR2_PACKAGE_LIBCUEFILE is not set +# BR2_PACKAGE_LIBG7221 is not set +# BR2_PACKAGE_LIBGSM is not set +# BR2_PACKAGE_LIBID3TAG is not set +# BR2_PACKAGE_LIBILBC is not set +# BR2_PACKAGE_LIBLO is not set +# BR2_PACKAGE_LIBMAD is not set + +# +# libmodplug needs a toolchain w/ C++ +# +# BR2_PACKAGE_LIBMPDCLIENT is not set + +# +# libopenmpt needs a toolchain w/ threads, C++, gcc >= 7 +# +# BR2_PACKAGE_LIBREPLAYGAIN is not set +# BR2_PACKAGE_LIBSAMPLERATE is not set + +# +# libsidplay2 needs a toolchain w/ C++ +# +# BR2_PACKAGE_LIBSILK is not set +# BR2_PACKAGE_LIBSNDFILE is not set + +# +# libsoundtouch needs a toolchain w/ C++ +# +# BR2_PACKAGE_LIBSOXR is not set +# BR2_PACKAGE_LIBVORBIS is not set +# BR2_PACKAGE_LILV is not set +# BR2_PACKAGE_LV2 is not set + +# +# mp4v2 needs a toolchain w/ C++ +# +BR2_PACKAGE_OPENAL_ARCH_SUPPORTS=y + +# +# openal needs a toolchain w/ NPTL, C++, gcc >= 7 +# + +# +# opencore-amr needs a toolchain w/ C++ +# +# BR2_PACKAGE_OPUS is not set +# BR2_PACKAGE_OPUSFILE is not set +# BR2_PACKAGE_PORTAUDIO is not set +# BR2_PACKAGE_RNNOISE is not set +# BR2_PACKAGE_SBC is not set +# BR2_PACKAGE_SPANDSP is not set +# BR2_PACKAGE_SPEEX is not set +# BR2_PACKAGE_SPEEXDSP is not set +# BR2_PACKAGE_SRATOM is not set + +# +# taglib needs a toolchain w/ C++, wchar +# +# BR2_PACKAGE_TINYALSA is not set +# BR2_PACKAGE_TREMOR is not set +# BR2_PACKAGE_VO_AACENC is not set +BR2_PACKAGE_WEBRTC_AUDIO_PROCESSING_ARCH_SUPPORTS=y + +# +# webrtc-audio-processing needs a toolchain w/ C++, NPTL, dynamic library, gcc >= 8 +# + +# +# Compression and decompression +# +# BR2_PACKAGE_LIBARCHIVE is not set +# BR2_PACKAGE_LIBDEFLATE is not set +# BR2_PACKAGE_LIBJCAT is not set +# BR2_PACKAGE_LIBMSPACK is not set + +# +# libsquish needs a toolchain w/ C++ +# +# BR2_PACKAGE_LIBZIP is not set +# BR2_PACKAGE_LZ4 is not set +# BR2_PACKAGE_LZO is not set +# BR2_PACKAGE_MINIZIP is not set +# BR2_PACKAGE_MINIZIP_ZLIB is not set + +# +# snappy needs a toolchain w/ C++ +# +# BR2_PACKAGE_SZIP is not set +# BR2_PACKAGE_ZCHUNK is not set +BR2_PACKAGE_ZLIB_NG_ARCH_SUPPORTS=y +BR2_PACKAGE_ZLIB=y +BR2_PACKAGE_LIBZLIB=y +# BR2_PACKAGE_ZLIB_NG is not set +BR2_PACKAGE_HAS_ZLIB=y +BR2_PACKAGE_PROVIDES_ZLIB="libzlib" +BR2_PACKAGE_PROVIDES_HOST_ZLIB="host-libzlib" +# BR2_PACKAGE_ZZIPLIB is not set + +# +# Crypto +# +# BR2_PACKAGE_BEARSSL is not set +BR2_PACKAGE_BOTAN_ARCH_SUPPORTS=y + +# +# botan needs a toolchain w/ threads, C++, gcc >= 11 +# +# BR2_PACKAGE_CA_CERTIFICATES is not set +# BR2_PACKAGE_CRYPTODEV_LINUX is not set + +# +# cryptopp needs a toolchain w/ C++, dynamic library, wchar +# +# BR2_PACKAGE_GCR is not set +# BR2_PACKAGE_GNUTLS is not set +# BR2_PACKAGE_LIBARGON2 is not set +# BR2_PACKAGE_LIBASSUAN is not set +# BR2_PACKAGE_LIBB2 is not set +# BR2_PACKAGE_LIBGCRYPT is not set +BR2_PACKAGE_LIBGPG_ERROR_ARCH_SUPPORTS=y +# BR2_PACKAGE_LIBGPG_ERROR is not set +BR2_PACKAGE_LIBGPG_ERROR_SYSCFG="x86_64-unknown-linux-gnu" +# BR2_PACKAGE_LIBGPGME is not set +# BR2_PACKAGE_LIBKCAPI is not set +# BR2_PACKAGE_LIBKSBA is not set +# BR2_PACKAGE_LIBMD is not set +# BR2_PACKAGE_LIBMHASH is not set +# BR2_PACKAGE_LIBNSS is not set +# BR2_PACKAGE_LIBP11 is not set +# BR2_PACKAGE_LIBSCRYPT is not set +# BR2_PACKAGE_LIBSECRET is not set +# BR2_PACKAGE_LIBSHA1 is not set +# BR2_PACKAGE_LIBSODIUM is not set +BR2_PACKAGE_LIBSPDM_CPU_FAMILY="x64" +BR2_PACKAGE_LIBSPDM_ARCH_SUPPORTS=y +# BR2_PACKAGE_LIBSPDM is not set +# BR2_PACKAGE_LIBSSH is not set +# BR2_PACKAGE_LIBSSH2 is not set +# BR2_PACKAGE_LIBTOMCRYPT is not set +# BR2_PACKAGE_LIBUECC is not set +# BR2_PACKAGE_LIBXCRYPT is not set +# BR2_PACKAGE_MBEDTLS is not set +# BR2_PACKAGE_NETTLE is not set +# BR2_PACKAGE_OATH_TOOLKIT is not set +BR2_PACKAGE_LIBRESSL_ARCH_SUPPORTS=y +BR2_PACKAGE_OPENSSL=y +BR2_PACKAGE_LIBOPENSSL=y +BR2_PACKAGE_LIBOPENSSL_TARGET_ARCH="linux-x86_64" +BR2_PACKAGE_LIBOPENSSL_BIN=y +# BR2_PACKAGE_LIBOPENSSL_ENGINES is not set +BR2_PACKAGE_LIBOPENSSL_ENABLE_CHACHA=y +BR2_PACKAGE_LIBOPENSSL_ENABLE_RC2=y +BR2_PACKAGE_LIBOPENSSL_ENABLE_RC4=y +BR2_PACKAGE_LIBOPENSSL_ENABLE_MD2=y +BR2_PACKAGE_LIBOPENSSL_ENABLE_MD4=y +BR2_PACKAGE_LIBOPENSSL_ENABLE_MDC2=y +BR2_PACKAGE_LIBOPENSSL_ENABLE_BLAKE2=y +BR2_PACKAGE_LIBOPENSSL_ENABLE_IDEA=y +BR2_PACKAGE_LIBOPENSSL_ENABLE_SEED=y +BR2_PACKAGE_LIBOPENSSL_ENABLE_DES=y +BR2_PACKAGE_LIBOPENSSL_ENABLE_RMD160=y +BR2_PACKAGE_LIBOPENSSL_ENABLE_WHIRLPOOL=y +BR2_PACKAGE_LIBOPENSSL_ENABLE_BLOWFISH=y +BR2_PACKAGE_LIBOPENSSL_ENABLE_SSL=y +BR2_PACKAGE_LIBOPENSSL_ENABLE_SSL3=y +BR2_PACKAGE_LIBOPENSSL_ENABLE_WEAK_SSL=y +BR2_PACKAGE_LIBOPENSSL_ENABLE_PSK=y +BR2_PACKAGE_LIBOPENSSL_ENABLE_CAST=y +BR2_PACKAGE_LIBOPENSSL_UNSECURE=y +BR2_PACKAGE_LIBOPENSSL_DYNAMIC_ENGINE=y +BR2_PACKAGE_LIBOPENSSL_ENABLE_COMP=y +BR2_PACKAGE_LIBOPENSSL_ENABLE_ARGON2=y +BR2_PACKAGE_LIBOPENSSL_ENABLE_CACHED_FETCH=y +BR2_PACKAGE_LIBOPENSSL_ENABLE_CMP=y +BR2_PACKAGE_LIBOPENSSL_ENABLE_THREAD_POOL=y +BR2_PACKAGE_LIBOPENSSL_ENABLE_ECX=y +BR2_PACKAGE_LIBOPENSSL_ENABLE_LOADER_ENGINE=y +BR2_PACKAGE_LIBOPENSSL_ENABLE_PADLOCK_ENGINE=y +BR2_PACKAGE_LIBOPENSSL_ENABLE_MODULE=y +BR2_PACKAGE_LIBOPENSSL_ENABLE_QUIC=y +BR2_PACKAGE_LIBOPENSSL_SECURE_MEMORY=y +BR2_PACKAGE_LIBOPENSSL_ENABLE_SIV=y +BR2_PACKAGE_LIBOPENSSL_ENABLE_SSL_TRACE=y +# BR2_PACKAGE_LIBRESSL is not set +BR2_PACKAGE_HAS_OPENSSL=y +BR2_PACKAGE_PROVIDES_OPENSSL="libopenssl" +BR2_PACKAGE_PROVIDES_HOST_OPENSSL="host-libopenssl" +# BR2_PACKAGE_PARSEC is not set +# BR2_PACKAGE_PARSEC_TOOL is not set +# BR2_PACKAGE_PKCS11_HELPER is not set +# BR2_PACKAGE_RHASH is not set +# BR2_PACKAGE_TINYDTLS is not set +# BR2_PACKAGE_TPM2_OPENSSL is not set +# BR2_PACKAGE_TPM2_PKCS11 is not set +# BR2_PACKAGE_TPM2_TSS is not set +# BR2_PACKAGE_TROUSERS is not set +# BR2_PACKAGE_USTREAM_SSL is not set +# BR2_PACKAGE_WOLFSSL is not set +# BR2_PACKAGE_WOLFTPM is not set + +# +# Database +# +# BR2_PACKAGE_BERKELEYDB is not set +# BR2_PACKAGE_GDBM is not set +# BR2_PACKAGE_HIREDIS is not set + +# +# kompexsqlite needs a toolchain w/ C++, wchar, threads, dynamic library +# + +# +# leveldb needs a toolchain w/ C++, threads, gcc >= 4.8 +# +# BR2_PACKAGE_LIBDBI is not set +# BR2_PACKAGE_LIBDBI_DRIVERS is not set +# BR2_PACKAGE_LIBGIT2 is not set +# BR2_PACKAGE_LIBMDBX is not set + +# +# libodb needs a toolchain w/ C++, threads +# +# BR2_PACKAGE_LMDB is not set + +# +# mariadb needs a toolchain w/ dynamic library, C++, threads, wchar +# +# BR2_PACKAGE_POSTGRESQL is not set + +# +# redis needs a toolchain w/ gcc>=4.9, dynamic library, nptl, C++ +# + +# +# redis-plus-plus needs a toolchain w/ C++, threads +# +BR2_PACKAGE_ROCKSDB_ARCH_SUPPORTS=y + +# +# rocksdb needs a toolchain w/ C++, threads, wchar, gcc >= 4.8 +# +# BR2_PACKAGE_SQLCIPHER is not set +# BR2_PACKAGE_SQLITE is not set + +# +# sqlitecpp needs a toolchain w/ C++11, gcc >= 4.9 +# +# BR2_PACKAGE_UNIXODBC is not set + +# +# Filesystem +# +# BR2_PACKAGE_LIBCONFIG is not set +# BR2_PACKAGE_LIBCONFUSE is not set +# BR2_PACKAGE_LIBFUSE is not set +# BR2_PACKAGE_LIBFUSE3 is not set +# BR2_PACKAGE_LIBLOCKFILE is not set +# BR2_PACKAGE_LIBNFS is not set +# BR2_PACKAGE_LIBSYSFS is not set +# BR2_PACKAGE_LOCKDEV is not set + +# +# physfs needs a toolchain w/ C++, threads +# + +# +# Graphics +# + +# +# assimp needs a toolchain w/ C++, wchar, gcc >= 7 +# +# BR2_PACKAGE_AT_SPI2_CORE is not set + +# +# atkmm needs a toolchain w/ C++, wchar, threads, gcc >= 7, dynamic library +# + +# +# atkmm (2.28.x) needs a toolchain w/ C++, wchar, threads, gcc >= 4.9, dynamic library +# + +# +# bullet needs a toolchain w/ C++, dynamic library, threads, wchar +# +# BR2_PACKAGE_CAIRO is not set + +# +# cairomm needs a toolchain w/ C++, wchar, threads, gcc >= 7 +# + +# +# cairomm (1.14.x) needs a toolchain w/ C++, wchar, threads, gcc >= 4.9 +# + +# +# chipmunk needs an OpenGL backend +# + +# +# exempi needs a toolchain w/ C++, dynamic library, threads, wchar +# + +# +# exiv2 needs a uClibc or glibc toolchain w/ C++, wchar, dynamic library, threads +# +BR2_PACKAGE_FLUTTER_ENGINE_ARCH_SUPPORTS=y + +# +# flutter-engine needs an OpenGL or OpenGLES backend +# + +# +# flutter-engine needs a glibc toolchain w/ wchar, C++, gcc >= 5, dynamic library, host gcc >= 5 +# +# BR2_PACKAGE_FONTCONFIG is not set +# BR2_PACKAGE_FREETYPE is not set +# BR2_PACKAGE_GD is not set +# BR2_PACKAGE_GDK_PIXBUF is not set +# BR2_PACKAGE_GIFLIB is not set + +# +# granite needs libgtk3 and a toolchain w/ wchar, threads, gcc >= 4.9 +# +# BR2_PACKAGE_GRAPHENE is not set + +# +# graphite2 needs a toolchain w/ C++ +# + +# +# gtkmm3 needs libgtk3 and a toolchain w/ C++, wchar, threads, gcc >= 4.9, dynamic library +# + +# +# harfbuzz needs a toolchain w/ C++, gcc >= 4.9 +# +# BR2_PACKAGE_IJS is not set +# BR2_PACKAGE_IMLIB2 is not set + +# +# intel-gmmlib needs a toolchain w/ dynamic library, C++, threads +# + +# +# intel-mediadriver needs a toolchain w/ dynamic library, gcc >= 8, C++, NPTL +# + +# +# intel-mediasdk needs a toolchain w/ dynamic library, C++, NPTL +# + +# +# intel-vpl-gpu-rt needs a toolchain w/ dynamic library, gcc >= 7, C++, NPTL +# + +# +# irrlicht needs a toolchain w/ C++ +# +# BR2_PACKAGE_JASPER is not set +# BR2_PACKAGE_JBIG2DEC is not set +BR2_PACKAGE_JPEG_SIMD_SUPPORT=y +# BR2_PACKAGE_JPEG is not set + +# +# kms++ needs a toolchain w/ threads, C++, gcc >= 4.8, headers >= 4.11, wchar +# +# BR2_PACKAGE_LCMS2 is not set + +# +# lensfun needs a toolchain w/ C++, threads, wchar +# +# BR2_PACKAGE_LEPTONICA is not set +# BR2_PACKAGE_LIBART is not set +# BR2_PACKAGE_LIBAVIF is not set + +# +# libdecor needs a toolchain w/ wchar, threads, C++, gcc >= 4.9 +# +# BR2_PACKAGE_LIBDMTX is not set +# BR2_PACKAGE_LIBDRM is not set + +# +# libepoxy needs an OpenGL and/or OpenGL EGL backend +# +# BR2_PACKAGE_LIBEXIF is not set + +# +# libfm needs X.org and a toolchain w/ wchar, threads, C++, gcc >= 4.9 +# +# BR2_PACKAGE_LIBFM_EXTRA is not set + +# +# libfreeglut depends on X.org and needs an OpenGL backend +# + +# +# libfreeimage needs a toolchain w/ C++, dynamic library, wchar +# + +# +# libgeotiff needs a toolchain w/ C++, gcc >= 4.7, NPTL, wchar +# + +# +# libglew depends on X.org and needs an OpenGL backend +# + +# +# libglfw depends on X.org or Wayland and an OpenGL or GLES backend +# + +# +# libglu needs an OpenGL backend +# +# BR2_PACKAGE_LIBGTA is not set + +# +# libgtk3 needs a toolchain w/ wchar, threads, C++, gcc >= 4.9 +# + +# +# libgtk3 needs an OpenGL or an OpenGL-EGL backend +# + +# +# libgtk4 needs a toolchain w/ wchar, threads, C++, gcc >= 4.9 +# + +# +# libgtk4 needs an OpenGL(ES) EGL backend +# + +# +# libjxl needs a toolchain with C++, threads, gcc >= 7, dynamic library +# +# BR2_PACKAGE_LIBMEDIAART is not set +# BR2_PACKAGE_LIBMNG is not set +# BR2_PACKAGE_LIBPNG is not set +# BR2_PACKAGE_LIBQRENCODE is not set + +# +# libraw needs a toolchain w/ C++ +# + +# +# librsvg needs a toolchain w/ wchar, threads, C++, gcc >= 4.9 +# +# BR2_PACKAGE_LIBSVG is not set +# BR2_PACKAGE_LIBSVG_CAIRO is not set +# BR2_PACKAGE_LIBVA is not set +# BR2_PACKAGE_LIBVA_INTEL_DRIVER is not set + +# +# libvips needs a toolchain w/ wchar, threads, C++ +# +BR2_PACKAGE_LIBVPL_ARCH_SUPPORTS=y + +# +# libvpl needs a toolchain w/ dynamic library, gcc >= 7, C++, threads +# + +# +# libwpe needs a toolchain w/ C++, dynamic library and an OpenEGL-capable backend +# +# BR2_PACKAGE_MENU_CACHE is not set +# BR2_PACKAGE_OPENCL_HEADERS is not set + +# +# opencv3 needs a toolchain w/ C++, NPTL, wchar, dynamic library +# + +# +# opencv4 needs a toolchain w/ C++, NPTL, wchar, dynamic library, gcc >= 4.8 +# +# BR2_PACKAGE_OPENJPEG is not set + +# +# pango needs a toolchain w/ wchar, threads, C++, gcc >= 4.9 +# + +# +# pangomm needs a toolchain w/ C++, wchar, threads, gcc >= 7 +# + +# +# pangomm (2.46.x) needs a toolchain w/ C++, wchar, threads, gcc >= 4.9 +# +# BR2_PACKAGE_PIXMAN is not set + +# +# poppler needs a toolchain w/ wchar, C++, threads, dynamic library, gcc >= 7 +# +# BR2_PACKAGE_STB is not set +# BR2_PACKAGE_TIFF is not set +# BR2_PACKAGE_WAYLAND is not set +BR2_PACKAGE_WEBKITGTK_ARCH_SUPPORTS=y + +# +# webkitgtk needs libgtk3 or libgtk4 and a toolchain w/ C++, wchar, NPTL, dynamic library, gcc >= 11, host gcc >= 4.9 +# +# BR2_PACKAGE_WEBP is not set + +# +# wlroots needs udev, EGL, OpenGL ES and GBM support +# + +# +# woff2 needs a toolchain w/ C++ +# + +# +# wpebackend-fdo needs a toolchain w/ C++, wchar, threads, dynamic library and EGL support +# +BR2_PACKAGE_WPEWEBKIT_ARCH_SUPPORTS=y + +# +# wpewebkit needs a toolchain w/ C++, wchar, NPTL, dynamic library, gcc >= 11, host gcc >= 4.9 +# + +# +# wpewebkit needs an OpenGL ES w/ EGL-capable Wayland backend +# + +# +# zbar needs a toolchain w/ threads, C++ and headers >= 3.0 +# + +# +# zxing-cpp needs a toolchain w/ C++, wchar, dynamic library, threads +# + +# +# Hardware handling +# +# BR2_PACKAGE_ACSCCID is not set +# BR2_PACKAGE_C_PERIPHERY is not set +# BR2_PACKAGE_CCID is not set +BR2_PACKAGE_CPUINFO_ARCH_SUPPORTS=y +# BR2_PACKAGE_CPUINFO is not set +# BR2_PACKAGE_DTC is not set +BR2_PACKAGE_GNU_EFI_ARCH_SUPPORTS=y +# BR2_PACKAGE_GNU_EFI is not set +# BR2_PACKAGE_HACKRF is not set + +# +# hidapi needs udev /dev management and a toolchain w/ NPTL, gcc >= 4.9 +# +# BR2_PACKAGE_JITTERENTROPY_LIBRARY is not set + +# +# lcdapi needs a toolchain w/ C++, threads +# + +# +# let-me-create needs a toolchain w/ C++, threads, dynamic library +# +# BR2_PACKAGE_LIBAIO is not set + +# +# libatasmart requires udev to be enabled +# + +# +# libblockdev needs udev /dev management and a toolchain w/ wchar, threads, dynamic library, locale +# + +# +# libcec needs a toolchain w/ C++, wchar, threads, dynamic library, gcc >= 4.7 +# +# BR2_PACKAGE_LIBDISPLAY_INFO is not set +# BR2_PACKAGE_LIBFREEFARE is not set +# BR2_PACKAGE_LIBFTDI is not set +# BR2_PACKAGE_LIBFTDI1 is not set +# BR2_PACKAGE_LIBGPHOTO2 is not set +# BR2_PACKAGE_LIBGPIOD is not set +# BR2_PACKAGE_LIBGPIOD2 is not set + +# +# libgudev needs udev /dev handling and a toolchain w/ wchar, threads +# +# BR2_PACKAGE_LIBIIO is not set + +# +# libinput needs udev /dev management +# +# BR2_PACKAGE_LIBIQRF is not set +# BR2_PACKAGE_LIBLLCP is not set +# BR2_PACKAGE_LIBMBIM is not set +# BR2_PACKAGE_LIBNFC is not set +# BR2_PACKAGE_LIBNVME is not set +# BR2_PACKAGE_LIBPCIACCESS is not set +# BR2_PACKAGE_LIBPHIDGET is not set +# BR2_PACKAGE_LIBPRI is not set +# BR2_PACKAGE_LIBQMI is not set +# BR2_PACKAGE_LIBQRTR_GLIB is not set +# BR2_PACKAGE_LIBRAW1394 is not set +# BR2_PACKAGE_LIBRTLSDR is not set + +# +# libserial needs a toolchain w/ C++, gcc >= 5, threads, wchar +# +# BR2_PACKAGE_LIBSERIALPORT is not set +# BR2_PACKAGE_LIBSIGROK is not set +# BR2_PACKAGE_LIBSIGROKDECODE is not set +# BR2_PACKAGE_LIBSOC is not set +# BR2_PACKAGE_LIBSS7 is not set +# BR2_PACKAGE_LIBUSB is not set +# BR2_PACKAGE_LIBUSBGX is not set + +# +# libv4l needs a toolchain w/ threads, C++ and headers >= 3.0 +# +# BR2_PACKAGE_LIBXKBCOMMON is not set +BR2_PACKAGE_MRAA_ARCH_SUPPORTS=y +# BR2_PACKAGE_MRAA is not set +# BR2_PACKAGE_MTDEV is not set +# BR2_PACKAGE_NEARDAL is not set +# BR2_PACKAGE_OPENSC is not set +# BR2_PACKAGE_OWFS is not set +# BR2_PACKAGE_PCSC_LITE is not set +# BR2_PACKAGE_PICO_SDK is not set + +# +# SoapySDR needs a toolchain w/ C++, threads, dynamic library +# +# BR2_PACKAGE_TSLIB is not set + +# +# uhd needs a toolchain w/ C++, NPTL, wchar, dynamic library, gcc >= 7 +# + +# +# urg needs a toolchain w/ C++ +# + +# +# Javascript +# +# BR2_PACKAGE_BOOTSTRAP is not set +# BR2_PACKAGE_CHARTJS is not set +# BR2_PACKAGE_DATATABLES is not set +# BR2_PACKAGE_DUKTAPE is not set +# BR2_PACKAGE_EXPLORERCANVAS is not set +# BR2_PACKAGE_FLOT is not set +# BR2_PACKAGE_FORGE is not set +# BR2_PACKAGE_JQUERY is not set +# BR2_PACKAGE_JSMIN is not set +# BR2_PACKAGE_JSON_JAVASCRIPT is not set +# BR2_PACKAGE_JSZIP is not set +# BR2_PACKAGE_OPENLAYERS is not set +# BR2_PACKAGE_VIS_NETWORK is not set +# BR2_PACKAGE_VUEJS is not set + +# +# JSON/XML +# + +# +# benejson needs a toolchain w/ C++ +# +# BR2_PACKAGE_CJSON is not set +# BR2_PACKAGE_EXPAT is not set +# BR2_PACKAGE_JANSSON is not set +# BR2_PACKAGE_JOSE is not set +# BR2_PACKAGE_JSMN is not set +# BR2_PACKAGE_JSON_C is not set + +# +# json-for-modern-cpp needs a toolchain w/ C++, gcc >= 4.9 +# +# BR2_PACKAGE_JSON_GLIB is not set + +# +# jsoncpp needs a toolchain w/ C++, gcc >= 4.7 +# +# BR2_PACKAGE_LIBBSON is not set +# BR2_PACKAGE_LIBFASTJSON is not set + +# +# libjson needs a toolchain w/ C++ +# +# BR2_PACKAGE_LIBJWT is not set +# BR2_PACKAGE_LIBROXML is not set +# BR2_PACKAGE_LIBUCL is not set +# BR2_PACKAGE_LIBXML2 is not set +# BR2_PACKAGE_LIBXMLB is not set + +# +# libxml++ needs a toolchain w/ C++, wchar, threads, gcc >= 7 +# +# BR2_PACKAGE_LIBXMLRPC is not set +# BR2_PACKAGE_LIBXSLT is not set +# BR2_PACKAGE_LIBYAML is not set +# BR2_PACKAGE_MXML is not set + +# +# pugixml needs a toolchain w/ C++ +# + +# +# rapidjson needs a toolchain w/ C++ +# +# BR2_PACKAGE_RAPIDXML is not set +# BR2_PACKAGE_RAPTOR is not set +# BR2_PACKAGE_SERD is not set +# BR2_PACKAGE_SORD is not set + +# +# tinyxml needs a toolchain w/ C++ +# + +# +# tinyxml2 needs a toolchain w/ C++ +# + +# +# valijson needs a toolchain w/ C++ +# + +# +# xerces-c++ needs a toolchain w/ C++, dynamic library, wchar +# + +# +# xml-security-c needs a toolchain w/ C++, wchar, dynamic library, threads, gcc >= 4.7 +# +# BR2_PACKAGE_YAJL is not set + +# +# yaml-cpp needs a toolchain w/ C++, gcc >= 4.7 +# + +# +# Logging +# + +# +# glog needs a toolchain w/ C++, threads, gcc >= 6 +# + +# +# hawktracer needs a toolchain w/ C++, gcc >= 4.8 +# +# BR2_PACKAGE_LIBLOG4C_LOCALTIME is not set +# BR2_PACKAGE_LIBLOGGING is not set + +# +# log4cplus needs a toolchain w/ C++, wchar, threads, gcc >= 4.8 +# + +# +# log4cpp needs a toolchain w/ C++, threads +# + +# +# log4cxx needs a toolchain w/ C++, threads, dynamic library, wchar +# + +# +# log4qt needs qt5 +# + +# +# opentracing-cpp needs a toolchain w/ C++, threads, dynamic library, gcc >= 4.8 +# + +# +# spdlog needs a toolchain w/ C++, threads, wchar +# + +# +# ulog needs a toolchain w/ C++, threads +# +# BR2_PACKAGE_ZLOG is not set + +# +# Multimedia +# + +# +# bento4 support needs a toolchain with C++ +# +# BR2_PACKAGE_BITSTREAM is not set +# BR2_PACKAGE_DAV1D is not set + +# +# kvazaar needs a toolchain w/ C++, threads +# +# BR2_PACKAGE_LIBAACS is not set + +# +# libass needs a toolchain w/ C++, gcc >= 4.9 +# +# BR2_PACKAGE_LIBBDPLUS is not set +# BR2_PACKAGE_LIBBLURAY is not set +BR2_PACKAGE_LIBCAMERA_ARCH_SUPPORTS=y + +# +# libcamera needs a toolchain w/ C++, threads, wchar, dynamic library, gcc >= 8 +# + +# +# libcamera-apps needs a toolchain w/ C++, threads, wchar, dynamic library, gcc >= 8, headers >= 5.5 +# + +# +# libde265 needs a toolchain w/ threads, C++ +# +# BR2_PACKAGE_LIBDVBCSA is not set +# BR2_PACKAGE_LIBDVBPSI is not set + +# +# libdvbsi++ needs a toolchain w/ C++, wchar, threads +# +# BR2_PACKAGE_LIBDVDCSS is not set +# BR2_PACKAGE_LIBDVDNAV is not set +# BR2_PACKAGE_LIBDVDREAD is not set + +# +# libebml needs a toolchain w/ C++, wchar, gcc >= 4.9 +# +# BR2_PACKAGE_LIBHDHOMERUN is not set + +# +# libheif needs a toolchain w/ C++, gcc >= 4.8 +# + +# +# libmatroska needs a toolchain w/ C++, wchar, gcc >= 4.9 +# +# BR2_PACKAGE_LIBMMS is not set +# BR2_PACKAGE_LIBMPEG2 is not set +# BR2_PACKAGE_LIBOGG is not set +# BR2_PACKAGE_LIBOPENAPTX is not set +BR2_PACKAGE_LIBOPENH264_ARCH_SUPPORTS=y + +# +# libopenh264 needs a toolchain w/ C++, dynamic library, threads +# +# BR2_PACKAGE_LIBOPUSENC is not set +# BR2_PACKAGE_LIBTHEORA is not set +# BR2_PACKAGE_LIBUDFREAD is not set +# BR2_PACKAGE_LIBVPX is not set + +# +# libyuv needs a toolchain w/ C++, dynamic library +# + +# +# live555 needs a toolchain w/ C++ +# + +# +# mediastreamer needs a toolchain w/ threads, C++, dynamic library, gcc >= 5 +# +# BR2_PACKAGE_X264 is not set + +# +# x265 needs a toolchain w/ C++, threads, dynamic library +# + +# +# Networking +# + +# +# agent++ needs a toolchain w/ threads, C++, dynamic library +# + +# +# azmq needs a toolchain w/ C++11, wchar and threads +# + +# +# azure-iot-sdk-c needs a toolchain w/ C++, NPTL and wchar +# +# BR2_PACKAGE_BATMAN_ADV is not set + +# +# belle-sip needs a toolchain w/ threads, C++, dynamic library, wchar +# +# BR2_PACKAGE_C_ARES is not set +# BR2_PACKAGE_CNI_PLUGINS is not set + +# +# cpp-httplib needs a toolchain w/ C++, wchar, threads +# + +# +# cppzmq needs a toolchain w/ C++, threads +# + +# +# curlpp needs a toolchain w/ C++, dynamic library +# + +# +# czmq needs a toolchain w/ C++, threads +# +# BR2_PACKAGE_DAQ is not set +# BR2_PACKAGE_DAQ3 is not set +# BR2_PACKAGE_DAVICI is not set +# BR2_PACKAGE_DHT is not set +# BR2_PACKAGE_ENET is not set + +# +# filemq needs a toolchain w/ C++, threads +# +# BR2_PACKAGE_FREERADIUS_CLIENT is not set +# BR2_PACKAGE_GENSIO is not set +# BR2_PACKAGE_GEOIP is not set +# BR2_PACKAGE_GLIB_NETWORKING is not set + +# +# grpc needs a toolchain w/ C++, threads, dynamic library, gcc >= 8 +# +# BR2_PACKAGE_GSSDP is not set +# BR2_PACKAGE_GUPNP is not set +# BR2_PACKAGE_GUPNP_AV is not set +# BR2_PACKAGE_GUPNP_DLNA is not set + +# +# ibrcommon needs a toolchain w/ C++, threads +# + +# +# ibrdtn needs a toolchain w/ C++, threads +# +# BR2_PACKAGE_LIBCGI is not set + +# +# libcgicc needs a toolchain w/ C++ +# +# BR2_PACKAGE_LIBCOAP is not set + +# +# libcpprestsdk needs a toolchain w/ NPTL, C++, wchar, locale +# +# BR2_PACKAGE_LIBCURL is not set +# BR2_PACKAGE_LIBDNET is not set +# BR2_PACKAGE_LIBEXOSIP2 is not set +# BR2_PACKAGE_LIBEST is not set +# BR2_PACKAGE_LIBFCGI is not set +# BR2_PACKAGE_LIBGSASL is not set +# BR2_PACKAGE_LIBHTP is not set +# BR2_PACKAGE_LIBHTTPPARSER is not set + +# +# libhttpserver needs a toolchain w/ C++, threads, gcc >= 7 +# +# BR2_PACKAGE_LIBIDN is not set +# BR2_PACKAGE_LIBIDN2 is not set +# BR2_PACKAGE_LIBISCSI is not set +# BR2_PACKAGE_LIBKRB5 is not set +# BR2_PACKAGE_LIBLDNS is not set +# BR2_PACKAGE_LIBMAXMINDDB is not set +# BR2_PACKAGE_LIBMBUS is not set + +# +# libmemcached needs a toolchain w/ C++, threads +# +# BR2_PACKAGE_LIBMICROHTTPD is not set +# BR2_PACKAGE_LIBMINIUPNPC is not set +# BR2_PACKAGE_LIBMNL is not set +# BR2_PACKAGE_LIBMODBUS is not set + +# +# libmodsecurity needs a toolchain w/ C++, threads, dynamic library +# +# BR2_PACKAGE_LIBNATPMP is not set +# BR2_PACKAGE_LIBNDP is not set +# BR2_PACKAGE_LIBNET is not set +# BR2_PACKAGE_LIBNETCONF2 is not set +# BR2_PACKAGE_LIBNETFILTER_ACCT is not set +# BR2_PACKAGE_LIBNETFILTER_CONNTRACK is not set +# BR2_PACKAGE_LIBNETFILTER_CTHELPER is not set +# BR2_PACKAGE_LIBNETFILTER_CTTIMEOUT is not set +# BR2_PACKAGE_LIBNETFILTER_LOG is not set +# BR2_PACKAGE_LIBNETFILTER_QUEUE is not set +# BR2_PACKAGE_LIBNFNETLINK is not set +# BR2_PACKAGE_LIBNFTNL is not set +# BR2_PACKAGE_LIBNICE is not set +# BR2_PACKAGE_LIBNIDS is not set +# BR2_PACKAGE_LIBNL is not set + +# +# libnpupnp needs a toolchain w/ C++, threads, gcc >= 4.9 +# +# BR2_PACKAGE_LIBOPING is not set +# BR2_PACKAGE_LIBOSIP2 is not set +# BR2_PACKAGE_LIBPAGEKITE is not set +# BR2_PACKAGE_LIBPCAP is not set + +# +# libpjsip needs a toolchain w/ C++, threads +# +# BR2_PACKAGE_LIBPSL is not set +# BR2_PACKAGE_LIBRELP is not set +# BR2_PACKAGE_LIBRSYNC is not set +# BR2_PACKAGE_LIBSHAIRPLAY is not set +# BR2_PACKAGE_LIBSHOUT is not set +# BR2_PACKAGE_LIBSOCKETCAN is not set +# BR2_PACKAGE_LIBSOUP is not set +# BR2_PACKAGE_LIBSOUP3 is not set +# BR2_PACKAGE_LIBSRTP is not set +# BR2_PACKAGE_LIBSTROPHE is not set +# BR2_PACKAGE_LIBTEAM is not set +# BR2_PACKAGE_LIBTELNET is not set +# BR2_PACKAGE_LIBTIRPC is not set + +# +# libtorrent needs a toolchain w/ C++, threads +# + +# +# libtorrent-rasterbar needs a toolchain w/ C++, threads, wchar, gcc >= 4.9 +# +# BR2_PACKAGE_LIBUEV is not set +# BR2_PACKAGE_LIBUHTTPD is not set +# BR2_PACKAGE_LIBUPNP is not set + +# +# libupnpp needs a toolchain w/ C++, threads, gcc >= 4.9 +# +# BR2_PACKAGE_LIBURIPARSER is not set + +# +# libutp support needs a toolchain with C++ +# +# BR2_PACKAGE_LIBUWSC is not set +# BR2_PACKAGE_LIBVNCSERVER is not set +# BR2_PACKAGE_LIBWEBSOCKETS is not set +# BR2_PACKAGE_LIBYANG is not set +BR2_PACKAGE_LIBZENOH_C_ARCH_SUPPORTS=y +# BR2_PACKAGE_LIBZENOH_C is not set +# BR2_PACKAGE_LIBZENOH_PICO is not set +# BR2_PACKAGE_LKSCTP_TOOLS is not set +# BR2_PACKAGE_MBUFFER is not set +# BR2_PACKAGE_MDNSD is not set +# BR2_PACKAGE_MONGOOSE is not set +# BR2_PACKAGE_NANOMSG is not set +# BR2_PACKAGE_NEON is not set + +# +# netopeer2 needs a toolchain w/ gcc >= 4.8, C++, threads, dynamic library +# +# BR2_PACKAGE_NGHTTP2 is not set + +# +# norm needs a toolchain w/ C++, threads, dynamic library +# +# BR2_PACKAGE_NSS_MYHOSTNAME is not set +# BR2_PACKAGE_NSS_PAM_LDAPD is not set + +# +# oatpp needs a toolchain w/ C++, threads +# + +# +# omniORB needs a toolchain w/ C++, threads +# +# BR2_PACKAGE_OPEN_ISNS is not set +# BR2_PACKAGE_OPEN62541 is not set +# BR2_PACKAGE_OPENLDAP is not set + +# +# openmpi needs a toolchain w/ dynamic library, NPTL, wchar, C++ +# +# BR2_PACKAGE_OPENPGM is not set + +# +# openzwave needs a toolchain w/ C++, dynamic library, NPTL, wchar +# + +# +# ortp needs a toolchain w/ C++, threads +# +# BR2_PACKAGE_PAHO_MQTT_C is not set + +# +# paho-mqtt-cpp needs a toolchain w/ threads, C++ +# + +# +# pistache needs a toolchain w/ C++, gcc >= 7, NPTL, wchar +# +# BR2_PACKAGE_QDECODER is not set + +# +# qpid-proton needs a toolchain w/ C++, dynamic library, threads +# +# BR2_PACKAGE_RABBITMQ_C is not set + +# +# resiprocate needs a toolchain w/ C++, threads, wchar +# + +# +# restclient-cpp needs a toolchain w/ C++, gcc >= 4.8 +# +# BR2_PACKAGE_RTMPDUMP is not set +# BR2_PACKAGE_SIPROXD is not set +# BR2_PACKAGE_SLIRP is not set +# BR2_PACKAGE_SLIRP4NETNS is not set + +# +# snmp++ needs a toolchain w/ threads, C++, dynamic library +# +# BR2_PACKAGE_SOFIA_SIP is not set +# BR2_PACKAGE_SSCEP is not set + +# +# sysrepo needs a toolchain w/ C++, NPTL, dynamic library, gcc >= 4.8 +# + +# +# thrift needs a toolchain w/ C++, wchar, threads +# +# BR2_PACKAGE_USBREDIR is not set + +# +# wampcc needs a toolchain w/ C++, NPTL, dynamic library, gcc >= 4.9 +# + +# +# websocketpp needs a toolchain w/ C++ and gcc >= 4.8 +# + +# +# zeromq needs a toolchain w/ C++, threads +# + +# +# zmqpp needs a toolchain w/ C++, threads, gcc >= 4.7 +# + +# +# zyre needs a toolchain w/ C++, threads +# + +# +# Other +# + +# +# ACE needs a glibc toolchain, dynamic library, C++, gcc >= 4.9 +# +# BR2_PACKAGE_APR is not set +# BR2_PACKAGE_APR_UTIL is not set + +# +# atf needs a toolchain w/ C++ +# +# BR2_PACKAGE_AVRO_C is not set +# BR2_PACKAGE_BASU is not set + +# +# bctoolbox needs a toolchain w/ C++, threads +# +# BR2_PACKAGE_BDWGC is not set + +# +# belr needs a toolchain w/ threads, C++ +# + +# +# boost needs a toolchain w/ C++, threads, wchar +# + +# +# c-capnproto needs host and target gcc >= 5 w/ C++14, threads, atomic, ucontext and not gcc bug 64735 +# + +# +# capnproto needs host and target gcc >= 5 w/ C++14, threads, atomic, ucontext and not gcc bug 64735 +# + +# +# catch2 needs a toolchain w/ C++, wchar, threads, gcc >= 5 +# + +# +# cctz needs a toolchain w/ C++, threads, gcc >= 4.8 +# + +# +# cereal needs a toolchain w/ C++, gcc >= 4.7, threads, wchar +# + +# +# clang needs a toolchain w/ wchar, threads, C++, gcc >= 7, dynamic library, host gcc >= 7 +# +# BR2_PACKAGE_CMOCKA is not set + +# +# cppcms needs a toolchain w/ C++, NPTL, wchar, dynamic library +# +# BR2_PACKAGE_CRACKLIB is not set + +# +# dawgdic needs a toolchain w/ C++, gcc >= 4.6 +# +# BR2_PACKAGE_DING_LIBS is not set + +# +# dlib needs a toolchain w/ C++, threads, wchar +# +# BR2_PACKAGE_DOTCONF is not set + +# +# double-conversion needs a toolchain w/ C++ +# + +# +# eigen needs a toolchain w/ C++ +# +# BR2_PACKAGE_ELFUTILS is not set +# BR2_PACKAGE_ELL is not set + +# +# farmhash needs a toolchain w/ C++11 +# +# BR2_PACKAGE_FFT2D is not set +# BR2_PACKAGE_FFTW is not set + +# +# flann needs a toolchain w/ C++, dynamic library, gcc >= 4.7 +# + +# +# flatbuffers needs a toolchain w/ C++, gcc >= 4.7 +# +# BR2_PACKAGE_FLATCC is not set +# BR2_PACKAGE_FP16 is not set +# BR2_PACKAGE_FXDIV is not set +# BR2_PACKAGE_GCONF is not set + +# +# gdal needs a toolchain w/ C++, dynamic library, gcc >= 4.7, NPTL, wchar +# + +# +# gemmlowp needs a toolchain w/ C++11 +# + +# +# gflags needs a toolchain w/ C++ +# + +# +# gli needs a toolchain w/ C++ +# + +# +# glibmm needs a toolchain w/ C++, wchar, threads, gcc >= 7 +# + +# +# glibmm (2.66.x) needs a toolchain w/ C++, wchar, threads, gcc >= 4.9 +# + +# +# glm needs a toolchain w/ C++ +# +# BR2_PACKAGE_GMP is not set +BR2_PACKAGE_GOBJECT_INTROSPECTION_ARCH_SUPPORTS=y + +# +# gobject-introspection needs python3 +# +# BR2_PACKAGE_GSL is not set + +# +# gtest needs a toolchain w/ C++, wchar, threads, gcc >= 7 +# +# BR2_PACKAGE_GUMBO_PARSER is not set + +# +# highway needs a toolchain w/ C++, gcc >= 7 +# +BR2_PACKAGE_JEMALLOC_ARCH_SUPPORTS=y +# BR2_PACKAGE_JEMALLOC is not set +BR2_PACKAGE_LAPACK_ARCH_SUPPORTS=y + +# +# lapack/blas needs a toolchain w/ fortran +# +BR2_PACKAGE_LIBABSEIL_CPP_ARCH_SUPPORTS=y + +# +# libabseil-cpp needs a toolchain w/ gcc >= 8, C++, threads, dynamic library +# +# BR2_PACKAGE_LIBARGTABLE2 is not set +BR2_PACKAGE_LIBATOMIC_OPS_ARCH_SUPPORTS=y +# BR2_PACKAGE_LIBATOMIC_OPS is not set +# BR2_PACKAGE_LIBAVL is not set +# BR2_PACKAGE_LIBB64 is not set +# BR2_PACKAGE_LIBBACKTRACE is not set +BR2_PACKAGE_LIBBSD_ARCH_SUPPORTS=y +# BR2_PACKAGE_LIBBSD is not set +# BR2_PACKAGE_LIBBYTESIZE is not set +# BR2_PACKAGE_LIBCAP is not set +# BR2_PACKAGE_LIBCAP_NG is not set + +# +# libcgroup needs a toolchain w/ C++, threads +# +# BR2_PACKAGE_LIBCLC is not set +# BR2_PACKAGE_LIBCORRECT is not set + +# +# libcrossguid needs a toolchain w/ C++, gcc >= 4.7 +# +# BR2_PACKAGE_LIBCSV is not set +# BR2_PACKAGE_LIBDAEMON is not set +# BR2_PACKAGE_LIBDEX is not set +# BR2_PACKAGE_LIBDILL is not set +BR2_PACKAGE_LIBEASTL_ARCH_SUPPORTS=y + +# +# libeastl needs a toolchain w/ C++, threads, gcc >= 4.9 +# +# BR2_PACKAGE_LIBEE is not set +# BR2_PACKAGE_LIBEV is not set +# BR2_PACKAGE_LIBEVDEV is not set +# BR2_PACKAGE_LIBEVENT is not set + +# +# libexecinfo needs a musl or uclibc toolchain w/ dynamic library +# +# BR2_PACKAGE_LIBFFI is not set + +# +# libfutils needs a toolchain w/ C++, threads +# +# BR2_PACKAGE_LIBGEE is not set + +# +# libgeos needs a toolchain w/ C++, wchar, gcc >= 4.9, threads +# +# BR2_PACKAGE_LIBGLIB2 is not set +# BR2_PACKAGE_LIBGLOB is not set + +# +# libical needs a toolchain w/ C++, dynamic library, wchar +# +# BR2_PACKAGE_LIBITE is not set + +# +# libks needs a toolchain w/ C++, NPTL, dynamic library +# + +# +# liblinear needs a toolchain w/ C++ +# + +# +# libloki needs a toolchain w/ C++, threads +# +# BR2_PACKAGE_LIBNPTH is not set +BR2_PACKAGE_LIBNSPR_ARCH_SUPPORT=y +# BR2_PACKAGE_LIBNSPR is not set + +# +# libosmium needs a toolchain w/ C++, wchar, threads, gcc >= 5 +# + +# +# libpeas needs python3 +# +# BR2_PACKAGE_LIBPFM4 is not set + +# +# libplist needs a toolchain w/ C++, threads +# +# BR2_PACKAGE_LIBPTHREAD_STUBS is not set +# BR2_PACKAGE_LIBPTHSEM is not set +# BR2_PACKAGE_LIBPWQUALITY is not set +# BR2_PACKAGE_LIBQB is not set +BR2_PACKAGE_LIBSECCOMP_ARCH_SUPPORTS=y +# BR2_PACKAGE_LIBSECCOMP is not set + +# +# libshdata needs a toolchain w/ C++, threads +# + +# +# libsigc++ needs a toolchain w/ C++, gcc >= 7 +# + +# +# libsigc++ (2.x.x) needs a toolchain w/ C++, gcc >= 4.9 +# +BR2_PACKAGE_LIBSIGSEGV_ARCH_SUPPORTS=y +# BR2_PACKAGE_LIBSIGSEGV is not set +# BR2_PACKAGE_LIBSOLV is not set + +# +# libspatialindex needs a toolchain w/ C++, gcc >= 4.7 +# +# BR2_PACKAGE_LIBTALLOC is not set +# BR2_PACKAGE_LIBTASN1 is not set +# BR2_PACKAGE_LIBTOMMATH is not set +# BR2_PACKAGE_LIBTPL is not set +# BR2_PACKAGE_LIBUBOX is not set +# BR2_PACKAGE_LIBUCI is not set +BR2_PACKAGE_LIBUNWIND_ARCH_SUPPORTS=y +# BR2_PACKAGE_LIBUNWIND is not set +BR2_PACKAGE_LIBURCU_ARCH_SUPPORTS=y + +# +# liburcu needs a toolchain w/ threads, C++ +# +# BR2_PACKAGE_LIBURING is not set +# BR2_PACKAGE_LIBUTEMPTER is not set +# BR2_PACKAGE_LIBUV is not set +# BR2_PACKAGE_LIGHTNING is not set +# BR2_PACKAGE_LINUX_PAM is not set +# BR2_PACKAGE_LIQUID_DSP is not set +BR2_PACKAGE_LLVM_ARCH_SUPPORTS=y +BR2_PACKAGE_LLVM_TARGET_ARCH="X86" + +# +# llvm needs a toolchain w/ wchar, threads, C++, gcc >= 7, dynamic library, host gcc >= 7 +# + +# +# lttng-libust needs a toolchain w/ dynamic library, wchar, threads, C++ +# +# BR2_PACKAGE_MATIO is not set +# BR2_PACKAGE_MPC is not set +# BR2_PACKAGE_MPDECIMAL is not set +# BR2_PACKAGE_MPFR is not set +# BR2_PACKAGE_MPIR is not set + +# +# msgpack needs a toolchain w/ C++ +# +# BR2_PACKAGE_MSGPACK_C is not set +# BR2_PACKAGE_NEON_2_SSE is not set +# BR2_PACKAGE_ORC is not set +# BR2_PACKAGE_P11_KIT is not set +BR2_PACKAGE_POCO_ARCH_SUPPORTS=y + +# +# poco needs a toolchain w/ wchar, NPTL, C++, dynamic library, gcc >= 8 +# +BR2_PACKAGE_HOST_PROTOBUF_ARCH_SUPPORTS=y +BR2_PACKAGE_PROTOBUF_ARCH_SUPPORTS=y + +# +# protobuf needs a toolchain w/ C++, threads, dynamic library, gcc >= 8 +# + +# +# protobuf-c needs a toolchain w/ C++, threads, host gcc >= 7 +# + +# +# protozero needs a toolchain w/ C++, gcc >= 4.7 +# +# BR2_PACKAGE_PSIMD is not set +# BR2_PACKAGE_PTHREADPOOL is not set + +# +# qhull needs a toolchain w/ C++, gcc >= 4.4 +# +# BR2_PACKAGE_QLIBC is not set +# BR2_PACKAGE_REPROC is not set + +# +# riemann-c-client needs a toolchain w/ C++, threads, host gcc >= 7 +# +BR2_PACKAGE_RUY_ARCH_SUPPORTS=y + +# +# ruy needs a toolchain w/ C++14, threads +# + +# +# shapelib needs a toolchain w/ C++, threads +# +# BR2_PACKAGE_SKALIBS is not set +# BR2_PACKAGE_SPHINXBASE is not set + +# +# tbb needs a glibc or musl toolchain w/ dynamic library, threads, C++ +# +BR2_PACKAGE_TENSORFLOW_LITE_ARCH_SUPPORTS=y + +# +# tensorflow-lite needs a toolchain w/ gcc >= 8, C++, threads +# +# BR2_PACKAGE_TINYCBOR is not set + +# +# tl-expected needs a toolchain w/ C++, gcc >= 4.8 +# +# BR2_PACKAGE_TLLIST is not set + +# +# uvw needs a toolchain w/ NPTL, dynamic library, C++, gcc >= 7 +# + +# +# volk needs a toolchain w/ C++, NPTL, wchar, dynamic library +# + +# +# xapian needs a toolchain w/ C++ +# +BR2_PACKAGE_XNNPACK_ARCH_SUPPORTS=y + +# +# xnnpack needs a toolchain w/ C++14, threads +# + +# +# Security +# +# BR2_PACKAGE_LIBAPPARMOR is not set +# BR2_PACKAGE_LIBSELINUX is not set +# BR2_PACKAGE_LIBSEMANAGE is not set +# BR2_PACKAGE_LIBSEPOL is not set +# BR2_PACKAGE_SAFECLIB is not set + +# +# softhsm2 needs a toolchain w/ C++, threads, gcc >= 4.8 and dynamic library support +# + +# +# Text and terminal handling +# +# BR2_PACKAGE_AUGEAS is not set + +# +# cli11 needs a toolchain w/ C++, gcc >= 4.8 +# + +# +# docopt-cpp needs a toolchain w/ C++, gcc >= 4.7 +# + +# +# enchant needs a toolchain w/ C++, threads, wchar +# +# BR2_PACKAGE_FCFT is not set + +# +# fmt needs a toolchain w/ C++, wchar +# +# BR2_PACKAGE_FSTRCMP is not set + +# +# icu needs a toolchain w/ C++, wchar, threads, gcc >= 4.9, host gcc >= 4.9 +# +# BR2_PACKAGE_INIH is not set +# BR2_PACKAGE_LIBCLI is not set +# BR2_PACKAGE_LIBECOLI is not set +# BR2_PACKAGE_LIBEDIT is not set +# BR2_PACKAGE_LIBENCA is not set +# BR2_PACKAGE_LIBESTR is not set +# BR2_PACKAGE_LIBFRIBIDI is not set +# BR2_PACKAGE_LIBUNIBREAK is not set +# BR2_PACKAGE_LIBUNISTRING is not set +# BR2_PACKAGE_LINENOISE is not set +BR2_PACKAGE_NCURSES=y +# BR2_PACKAGE_NCURSES_WCHAR is not set +# BR2_PACKAGE_NCURSES_TARGET_PROGS is not set +BR2_PACKAGE_NCURSES_ADDITIONAL_TERMINFO="" +# BR2_PACKAGE_NEWT is not set +# BR2_PACKAGE_ONIGURUMA is not set +# BR2_PACKAGE_PCRE is not set +# BR2_PACKAGE_PCRE2 is not set +# BR2_PACKAGE_POPT is not set + +# +# re2 needs a toolchain w/ C++, threads, dynamic library, gcc >= 8 +# +# BR2_PACKAGE_READLINE is not set +# BR2_PACKAGE_SLANG is not set + +# +# tclap needs a toolchain w/ C++ +# + +# +# termcolor needs a toolchain w/ C++, gcc >= 4.8 +# +# BR2_PACKAGE_UTF8PROC is not set + +# +# taglib needs a toolchain w/ C++ +# + +# +# Mail +# +# BR2_PACKAGE_DOVECOT is not set +# BR2_PACKAGE_EXIM is not set +# BR2_PACKAGE_FETCHMAIL is not set +# BR2_PACKAGE_HEIRLOOM_MAILX is not set +# BR2_PACKAGE_LIBESMTP is not set +# BR2_PACKAGE_MSMTP is not set +# BR2_PACKAGE_MUTT is not set + +# +# Miscellaneous +# +# BR2_PACKAGE_AESPIPE is not set +# BR2_PACKAGE_BC is not set +BR2_PACKAGE_BITCOIN_ARCH_SUPPORTS=y + +# +# bitcoin needs a toolchain w/ C++, threads, wchar, gcc >= 11 +# + +# +# clamav needs a toolchain w/ C++, dynamic library, threads, wchar +# +# BR2_PACKAGE_COLLECTD is not set +# BR2_PACKAGE_COLLECTL is not set + +# +# domoticz needs lua 5.3 and a toolchain w/ C++, gcc >= 6, NPTL, wchar, dynamic library +# +# BR2_PACKAGE_EMPTY is not set +# BR2_PACKAGE_FFT_EVAL is not set +# BR2_PACKAGE_GITLAB_RUNNER is not set + +# +# gnuradio needs a toolchain w/ C++, NPTL, wchar, dynamic library, gcc >= 8 +# +# BR2_PACKAGE_GOOGLEFONTDIRECTORY is not set + +# +# gqrx needs a toolchain w/ C++, threads, wchar, dynamic library, gcc >= 8 +# + +# +# gqrx needs qt5 +# +# BR2_PACKAGE_GSETTINGS_DESKTOP_SCHEMAS is not set +# BR2_PACKAGE_HAVEGED is not set +# BR2_PACKAGE_LINUX_SYSCALL_SUPPORT is not set +# BR2_PACKAGE_MOBILE_BROADBAND_PROVIDER_INFO is not set +# BR2_PACKAGE_NETDATA is not set + +# +# proj needs a toolchain w/ C++, gcc >= 4.7, NPTL, wchar +# +BR2_PACKAGE_QEMU_ARCH_SUPPORTS_TARGET=y +# BR2_PACKAGE_QEMU is not set + +# +# qpdf needs a toolchain w/ C++, gcc >= 5 +# +# BR2_PACKAGE_RTL_433 is not set +# BR2_PACKAGE_SHARED_MIME_INFO is not set +# BR2_PACKAGE_SNOOZE is not set + +# +# sunwait needs a toolchain w/ C++ +# + +# +# taskd needs a toolchain w/ C++, wchar, dynamic library +# +BR2_PACKAGE_XMRIG_ARCH_SUPPORTS=y + +# +# xmrig needs a glibc or musl toolchain w/ NPTL, dynamic library, C++, gcc >= 4.9 +# +# BR2_PACKAGE_XUTIL_UTIL_MACROS is not set +BR2_PACKAGE_Z3_ARCH_SUPPORTS=y + +# +# Networking applications +# +# BR2_PACKAGE_AARDVARK_DNS is not set + +# +# aircrack-ng needs a toolchain w/ dynamic library, threads, C++ +# +# BR2_PACKAGE_ALFRED is not set +# BR2_PACKAGE_AOETOOLS is not set +# BR2_PACKAGE_APACHE is not set +# BR2_PACKAGE_ARGUS is not set +# BR2_PACKAGE_ARP_SCAN is not set +# BR2_PACKAGE_ARPTABLES is not set + +# +# asterisk needs a glibc or uClibc toolchain w/ C++, dynamic library, threads, wchar +# +# BR2_PACKAGE_ATFTP is not set +# BR2_PACKAGE_AVAHI is not set +# BR2_PACKAGE_AXEL is not set +# BR2_PACKAGE_BABELD is not set +# BR2_PACKAGE_BANDWIDTHD is not set +# BR2_PACKAGE_BATCTL is not set + +# +# bcusdk needs a toolchain w/ C++ +# +# BR2_PACKAGE_BIND is not set +# BR2_PACKAGE_BIRD is not set +# BR2_PACKAGE_BLUEZ5_UTILS is not set +# BR2_PACKAGE_BMON is not set +# BR2_PACKAGE_BMX7 is not set + +# +# boinc needs a toolchain w/ dynamic library, C++, threads, gcc >= 4.8 +# +# BR2_PACKAGE_BRCM_PATCHRAM_PLUS is not set +# BR2_PACKAGE_BRIDGE_UTILS is not set +# BR2_PACKAGE_BWM_NG is not set +# BR2_PACKAGE_C_ICAP is not set +# BR2_PACKAGE_CAN_UTILS is not set + +# +# cannelloni needs a toolchain w/ C++, threads, dynamic library, gcc >= 8 +# +# BR2_PACKAGE_CASYNC is not set +# BR2_PACKAGE_CASYNC_NANO is not set +# BR2_PACKAGE_CFM is not set +# BR2_PACKAGE_CHRONY is not set +# BR2_PACKAGE_CIVETWEB is not set +# BR2_PACKAGE_CLOUDFLARED is not set +# BR2_PACKAGE_CONNMAN is not set + +# +# connman-gtk needs libgtk3 and a glibc or uClibc toolchain w/ wchar, threads, resolver, dynamic library +# +# BR2_PACKAGE_CONNTRACK_TOOLS is not set +# BR2_PACKAGE_CORKSCREW is not set +# BR2_PACKAGE_CRDA is not set + +# +# ctorrent needs a toolchain w/ C++ +# + +# +# cups needs a toolchain w/ C++, threads +# + +# +# cups-filters needs a toolchain w/ wchar, C++, threads and dynamic library, gcc >= 5 +# +# BR2_PACKAGE_DANTE is not set +# BR2_PACKAGE_DARKHTTPD is not set +# BR2_PACKAGE_DEHYDRATED is not set +# BR2_PACKAGE_DHCPCD is not set +# BR2_PACKAGE_DHCPDUMP is not set +# BR2_PACKAGE_DNSMASQ is not set +# BR2_PACKAGE_DRBD_UTILS is not set +# BR2_PACKAGE_DROPBEAR is not set +# BR2_PACKAGE_EASYFRAMES is not set +# BR2_PACKAGE_EBTABLES is not set + +# +# ejabberd needs erlang, toolchain w/ C++ +# +# BR2_PACKAGE_ETHTOOL is not set +# BR2_PACKAGE_FAIFA is not set +# BR2_PACKAGE_FASTD is not set +# BR2_PACKAGE_FCGIWRAP is not set +# BR2_PACKAGE_FIREWALLD is not set +# BR2_PACKAGE_FLANNEL is not set +# BR2_PACKAGE_FPING is not set +# BR2_PACKAGE_FREERADIUS_SERVER is not set + +# +# freeswitch needs a toolchain w/ C++, dynamic library, threads, wchar +# + +# +# frr needs a toolchain w/ threads, dynamic library, C++, host gcc >= 7 +# + +# +# gerbera needs a toolchain w/ C++, dynamic library, threads, wchar, gcc >= 8 +# +# BR2_PACKAGE_GESFTPSERVER is not set + +# +# gloox needs a toolchain w/ C++ +# +# BR2_PACKAGE_GLORYTUN is not set + +# +# gupnp-tools needs libgtk3 +# + +# +# hans needs a toolchain w/ C++ +# +BR2_PACKAGE_HAPROXY_ARCH_SUPPORTS=y +# BR2_PACKAGE_HAPROXY is not set +# BR2_PACKAGE_HOSTAPD is not set +# BR2_PACKAGE_HTPDATE is not set +# BR2_PACKAGE_HTTPING is not set + +# +# i2pd needs a toolchain w/ C++, NPTL, wchar +# +# BR2_PACKAGE_IANA_ASSIGNMENTS is not set + +# +# ibrdtn-tools needs a toolchain w/ C++, threads +# + +# +# ibrdtnd needs a toolchain w/ C++, threads +# +# BR2_PACKAGE_IFMETRIC is not set +# BR2_PACKAGE_IFTOP is not set +BR2_PACKAGE_IFUPDOWN_SCRIPTS=y +# BR2_PACKAGE_IGD2_FOR_LINUX is not set +# BR2_PACKAGE_IGH_ETHERCAT is not set +# BR2_PACKAGE_IGMPPROXY is not set +# BR2_PACKAGE_INADYN is not set +# BR2_PACKAGE_IODINE is not set + +# +# iperf needs a toolchain w/ C++ +# +# BR2_PACKAGE_IPERF3 is not set +# BR2_PACKAGE_IPROUTE2 is not set +# BR2_PACKAGE_IPSET is not set +# BR2_PACKAGE_IPTABLES is not set +# BR2_PACKAGE_IPTRAF_NG is not set +# BR2_PACKAGE_IPUTILS is not set +# BR2_PACKAGE_IRSSI is not set +# BR2_PACKAGE_IW is not set +# BR2_PACKAGE_IWD is not set +# BR2_PACKAGE_JANUS_GATEWAY is not set +# BR2_PACKAGE_KEEPALIVED is not set + +# +# kismet needs a toolchain w/ threads, C++, gcc >= 5, host gcc >= 7 +# +# BR2_PACKAGE_KNOCK is not set +# BR2_PACKAGE_KSMBD_TOOLS is not set +# BR2_PACKAGE_LEAFNODE2 is not set +# BR2_PACKAGE_LFT is not set + +# +# lftp requires a toolchain w/ C++, wchar +# +# BR2_PACKAGE_LIGHTTPD is not set + +# +# linknx needs a toolchain w/ C++ +# +# BR2_PACKAGE_LINKS is not set + +# +# linphone needs a toolchain w/ threads, C++, dynamic library, wchar, gcc >= 5 +# +# BR2_PACKAGE_LINUX_ZIGBEE is not set +# BR2_PACKAGE_LINUXPTP is not set +# BR2_PACKAGE_LLDPD is not set +# BR2_PACKAGE_LPAC is not set +# BR2_PACKAGE_LRZSZ is not set +# BR2_PACKAGE_LYNX is not set +# BR2_PACKAGE_MACCHANGER is not set +# BR2_PACKAGE_MEMCACHED is not set +# BR2_PACKAGE_MII_DIAG is not set +# BR2_PACKAGE_MINI_SNMPD is not set +# BR2_PACKAGE_MINIDLNA is not set +# BR2_PACKAGE_MINISSDPD is not set +# BR2_PACKAGE_MJPG_STREAMER is not set +# BR2_PACKAGE_MODEM_MANAGER is not set +BR2_PACKAGE_MONGREL2_LIBC_SUPPORTS=y + +# +# mongrel2 needs a uClibc or glibc toolchain w/ C++, threads, dynamic library +# + +# +# mosh needs a toolchain w/ C++, threads, dynamic library, wchar, gcc >= 8 +# +# BR2_PACKAGE_MOSQUITTO is not set +# BR2_PACKAGE_MROUTED is not set +# BR2_PACKAGE_MRP is not set +# BR2_PACKAGE_MSTPD is not set +# BR2_PACKAGE_MTR is not set +# BR2_PACKAGE_NBD is not set +# BR2_PACKAGE_NCFTP is not set +# BR2_PACKAGE_NDISC6 is not set +# BR2_PACKAGE_NETATALK is not set +# BR2_PACKAGE_NETAVARK is not set +# BR2_PACKAGE_NETCALC is not set + +# +# nethogs needs a toolchain w/ C++ +# +# BR2_PACKAGE_NETPLUG is not set +# BR2_PACKAGE_NETSNMP is not set + +# +# NetworkManager needs udev /dev management and a glibc or musl toolchain w/ headers >= 5.4, dynamic library, wchar, threads, gcc >= 4.9 +# +# BR2_PACKAGE_NFACCT is not set +# BR2_PACKAGE_NFTABLES is not set +# BR2_PACKAGE_NGINX is not set +# BR2_PACKAGE_NGIRCD is not set +# BR2_PACKAGE_NGREP is not set + +# +# nload needs a toolchain w/ C++ +# + +# +# nmap-nmap needs a toolchain w/ C++, threads +# +# BR2_PACKAGE_NOIP is not set +# BR2_PACKAGE_NTP is not set +# BR2_PACKAGE_NTPSEC is not set +# BR2_PACKAGE_NUTTCP is not set +# BR2_PACKAGE_ODHCP6C is not set +# BR2_PACKAGE_ODHCPLOC is not set +# BR2_PACKAGE_OLSR is not set +# BR2_PACKAGE_OPEN_ISCSI is not set +# BR2_PACKAGE_OPEN_LLDP is not set +# BR2_PACKAGE_OPEN_PLC_UTILS is not set +# BR2_PACKAGE_OPENCONNECT is not set +# BR2_PACKAGE_OPENNTPD is not set +# BR2_PACKAGE_OPENOBEX is not set +# BR2_PACKAGE_OPENRESOLV is not set +# BR2_PACKAGE_OPENSSH is not set +# BR2_PACKAGE_OPENSWAN is not set +# BR2_PACKAGE_OPENVPN is not set +# BR2_PACKAGE_P910ND is not set +# BR2_PACKAGE_PARPROUTED is not set +# BR2_PACKAGE_PASST is not set +# BR2_PACKAGE_PHIDGETWEBSERVICE is not set +# BR2_PACKAGE_PHYTOOL is not set +# BR2_PACKAGE_PIMD is not set +# BR2_PACKAGE_PIXIEWPS is not set +# BR2_PACKAGE_POUND is not set +# BR2_PACKAGE_PPPD is not set +# BR2_PACKAGE_PPTP_LINUX is not set +# BR2_PACKAGE_PRIVOXY is not set +# BR2_PACKAGE_PROFTPD is not set + +# +# prosody needs the lua interpreter, dynamic library +# +# BR2_PACKAGE_PROXYCHAINS_NG is not set +# BR2_PACKAGE_PTPD is not set +# BR2_PACKAGE_PTPD2 is not set +# BR2_PACKAGE_PURE_FTPD is not set +# BR2_PACKAGE_PUTTY is not set +# BR2_PACKAGE_RADVD is not set +# BR2_PACKAGE_REAVER is not set +# BR2_PACKAGE_REDIR is not set +# BR2_PACKAGE_RP_PPPOE is not set +# BR2_PACKAGE_RPCBIND is not set +# BR2_PACKAGE_RSH_REDONE is not set +# BR2_PACKAGE_RSYNC is not set + +# +# rtorrent needs a toolchain w/ C++, threads, wchar, gcc >= 4.9 +# +# BR2_PACKAGE_RTPTOOLS is not set +# BR2_PACKAGE_S6_DNS is not set +# BR2_PACKAGE_S6_NETWORKING is not set +# BR2_PACKAGE_SAMBA4 is not set + +# +# sconeserver needs a toolchain with dynamic library, C++, NPTL +# +# BR2_PACKAGE_SER2NET is not set +# BR2_PACKAGE_SHADOWSOCKS_LIBEV is not set + +# +# shairport-sync needs a toolchain w/ C++, NPTL +# +# BR2_PACKAGE_SHELLINABOX is not set +# BR2_PACKAGE_SMCROUTE is not set +# BR2_PACKAGE_SNGREP is not set +# BR2_PACKAGE_SNORT is not set + +# +# snort3 needs a toolchain w/ C++, wchar, threads, dynamic library, gcc >= 4.9 +# +# BR2_PACKAGE_SOCAT is not set +# BR2_PACKAGE_SOCKETCAND is not set +# BR2_PACKAGE_SOFTETHER is not set +# BR2_PACKAGE_SPAWN_FCGI is not set + +# +# spice server needs a toolchain w/ wchar, threads, C++ +# +# BR2_PACKAGE_SPICE_PROTOCOL is not set + +# +# squid needs a toolchain w/ C++, threads, gcc >= 8, host gcc >= 8 +# +# BR2_PACKAGE_SSDP_RESPONDER is not set +# BR2_PACKAGE_SSHGUARD is not set +# BR2_PACKAGE_SSHPASS is not set +# BR2_PACKAGE_SSLH is not set +# BR2_PACKAGE_STRONGSWAN is not set +# BR2_PACKAGE_STUNNEL is not set +# BR2_PACKAGE_SURICATA is not set +# BR2_PACKAGE_TAILSCALE is not set +# BR2_PACKAGE_TCPDUMP is not set +# BR2_PACKAGE_TCPING is not set +# BR2_PACKAGE_TCPREPLAY is not set +# BR2_PACKAGE_TINC is not set +# BR2_PACKAGE_TINYPROXY is not set +# BR2_PACKAGE_TINYSSH is not set +# BR2_PACKAGE_TIPIDEE is not set +# BR2_PACKAGE_TOR is not set +# BR2_PACKAGE_TRACEROUTE is not set + +# +# transmission needs a toolchain w/ dynamic library, threads, C++, gcc >= 7 +# +# BR2_PACKAGE_TUNCTL is not set +# BR2_PACKAGE_TVHEADEND is not set +# BR2_PACKAGE_UACME is not set +# BR2_PACKAGE_UDPCAST is not set +# BR2_PACKAGE_UFTP is not set +# BR2_PACKAGE_UHTTPD is not set +# BR2_PACKAGE_ULOGD is not set +# BR2_PACKAGE_UNBOUND is not set +# BR2_PACKAGE_UQMI is not set +# BR2_PACKAGE_UREDIR is not set +# BR2_PACKAGE_USHARE is not set +# BR2_PACKAGE_USSP_PUSH is not set +# BR2_PACKAGE_USTREAMER is not set +# BR2_PACKAGE_VDE2 is not set + +# +# vdr needs a toolchain w/ C++, dynamic library, NPTL, wchar, headers >= 3.9 +# +# BR2_PACKAGE_VNSTAT is not set +# BR2_PACKAGE_VPNC is not set +# BR2_PACKAGE_VSFTPD is not set +# BR2_PACKAGE_VTUN is not set +# BR2_PACKAGE_WAVEMON is not set +# BR2_PACKAGE_WIREGUARD_TOOLS is not set +# BR2_PACKAGE_WIRELESS_REGDB is not set +# BR2_PACKAGE_WIRELESS_TOOLS is not set + +# +# wireshark needs a toolchain w/ wchar, threads, dynamic library, C++ +# +# BR2_PACKAGE_WPA_SUPPLICANT is not set +# BR2_PACKAGE_WPAN_TOOLS is not set +# BR2_PACKAGE_XINETD is not set +# BR2_PACKAGE_XL2TP is not set +# BR2_PACKAGE_XTABLES_ADDONS is not set +# BR2_PACKAGE_ZABBIX is not set + +# +# zeek needs a toolchain w/ C++, wchar, threads, dynamic library, gcc >= 7, host gcc >= 7 +# + +# +# znc needs a toolchain w/ C++, dynamic library, gcc >= 8, threads +# + +# +# Package managers +# + +# +# ------------------------------------------------------- +# + +# +# Please note: +# + +# +# - Buildroot does *not* generate binary packages, +# + +# +# - Buildroot does *not* install any package database. +# + +# +# * +# + +# +# It is up to you to provide those by yourself if you +# + +# +# want to use any of those package managers. +# + +# +# * +# + +# +# See the manual: +# + +# +# http://buildroot.org/manual.html#faq-no-binary-packages +# + +# +# ------------------------------------------------------- +# +# BR2_PACKAGE_OPKG is not set +# BR2_PACKAGE_OPKG_UTILS is not set + +# +# Real-Time +# +BR2_PACKAGE_XENOMAI_COBALT_ARCH_SUPPORTS=y +# BR2_PACKAGE_XENOMAI is not set + +# +# Security +# + +# +# apparmor needs a toolchain w/ headers >= 3.16, threads, C++ +# +# BR2_PACKAGE_CHECKPOLICY is not set +# BR2_PACKAGE_IMA_EVM_UTILS is not set +# BR2_PACKAGE_LYNIS is not set +# BR2_PACKAGE_OPTEE_CLIENT is not set +# BR2_PACKAGE_PAXTEST is not set +# BR2_PACKAGE_POLICYCOREUTILS is not set +# BR2_PACKAGE_REFPOLICY is not set +# BR2_PACKAGE_RESTORECOND is not set +# BR2_PACKAGE_SELINUX_PYTHON is not set +# BR2_PACKAGE_SEMODULE_UTILS is not set + +# +# setools needs python3 +# +BR2_PACKAGE_URANDOM_SCRIPTS=y + +# +# Shell and utilities +# + +# +# Shells +# +# BR2_PACKAGE_MKSH is not set +# BR2_PACKAGE_NUSHELL is not set +# BR2_PACKAGE_ZSH is not set + +# +# Utilities +# +# BR2_PACKAGE_APG is not set +# BR2_PACKAGE_AT is not set +# BR2_PACKAGE_CATATONIT is not set +# BR2_PACKAGE_CCRYPT is not set +# BR2_PACKAGE_DIALOG is not set +# BR2_PACKAGE_DTACH is not set +# BR2_PACKAGE_EASY_RSA is not set +# BR2_PACKAGE_EZA is not set +# BR2_PACKAGE_FILE is not set +# BR2_PACKAGE_GNUPG is not set +BR2_PACKAGE_GNUPG2_DEPENDS=y +# BR2_PACKAGE_GNUPG2 is not set +# BR2_PACKAGE_INOTIFY_TOOLS is not set +# BR2_PACKAGE_LOCKFILE_PROGS is not set +# BR2_PACKAGE_LOGROTATE is not set +# BR2_PACKAGE_LOGSURFER is not set +# BR2_PACKAGE_LOWDOWN is not set + +# +# lowdown needs a toolchain w/ wchar and shared library support +# +# BR2_PACKAGE_MINISIGN is not set +# BR2_PACKAGE_PDMENU is not set +# BR2_PACKAGE_PINENTRY is not set +# BR2_PACKAGE_QPRINT is not set +# BR2_PACKAGE_RANGER is not set +# BR2_PACKAGE_RLWRAP is not set +# BR2_PACKAGE_RTTY is not set +# BR2_PACKAGE_SCREEN is not set +# BR2_PACKAGE_SEXPECT is not set +# BR2_PACKAGE_SUDO is not set +# BR2_PACKAGE_TINI is not set +# BR2_PACKAGE_TMUX is not set +# BR2_PACKAGE_TTYD is not set + +# +# uuu needs a toolchain w/ C++14, threads, atomic, wchar +# +# BR2_PACKAGE_WTFUTIL is not set +# BR2_PACKAGE_XMLSTARLET is not set +# BR2_PACKAGE_XXHASH is not set +# BR2_PACKAGE_YTREE is not set +# BR2_PACKAGE_ZOXIDE is not set + +# +# System tools +# +# BR2_PACKAGE_ACL is not set +# BR2_PACKAGE_AMAZON_ECR_CREDENTIAL_HELPER is not set +# BR2_PACKAGE_ANDROID_TOOLS is not set +# BR2_PACKAGE_ATOP is not set +# BR2_PACKAGE_ATTR is not set +BR2_PACKAGE_AUDIT_ARCH_SUPPORTS=y +# BR2_PACKAGE_AUDIT is not set +# BR2_PACKAGE_BALENA_ENGINE is not set +# BR2_PACKAGE_BUBBLEWRAP is not set +# BR2_PACKAGE_CGROUPFS_MOUNT is not set +# BR2_PACKAGE_CGROUPFS_V2_MOUNT is not set + +# +# circus needs Python 3 and a toolchain w/ C++, threads +# +# BR2_PACKAGE_CONMON is not set +# BR2_PACKAGE_CONTAINERD is not set +# BR2_PACKAGE_CONTAINERS_IMAGE_CONFIG is not set +# BR2_PACKAGE_CPULIMIT is not set +# BR2_PACKAGE_CPULOAD is not set +BR2_PACKAGE_CRIU_ARCH_SUPPORTS=y + +# +# criu needs a glibc or musl toolchain w/ threads, host gcc >= 7, gcc >= 8, headers >= 4.18, C++, dynamic library, wchar +# +# BR2_PACKAGE_CRUN is not set +# BR2_PACKAGE_DAEMON is not set +# BR2_PACKAGE_DC3DD is not set + +# +# ddrescue needs a toolchain w/ C++ +# +# BR2_PACKAGE_DISTRIBUTION_REGISTRY is not set +# BR2_PACKAGE_DOCKER_CLI is not set +# BR2_PACKAGE_DOCKER_CLI_BUILDX is not set + +# +# docker-compose needs docker-cli and a toolchain w/ threads +# +# BR2_PACKAGE_DOCKER_CREDENTIAL_ACR_ENV is not set +# BR2_PACKAGE_DOCKER_CREDENTIAL_GCR is not set +# BR2_PACKAGE_DOCKER_ENGINE is not set +# BR2_PACKAGE_EARLYOOM is not set +# BR2_PACKAGE_EFIBOOTMGR is not set +BR2_PACKAGE_EFIVAR_ARCH_SUPPORTS=y +# BR2_PACKAGE_EFIVAR is not set +# BR2_PACKAGE_EMBIGGEN_DISK is not set +# BR2_PACKAGE_EMLOG is not set +# BR2_PACKAGE_FLUENT_BIT is not set +# BR2_PACKAGE_FTOP is not set +# BR2_PACKAGE_GETENT is not set +# BR2_PACKAGE_GKRELLM is not set +# BR2_PACKAGE_HTOP is not set +# BR2_PACKAGE_HWCLOCK_INITSCRIPT is not set +# BR2_PACKAGE_IBM_SW_TPM2 is not set +BR2_PACKAGE_INITSCRIPTS=y + +# +# iotop depends on python3 +# +# BR2_PACKAGE_IPRUTILS is not set +# BR2_PACKAGE_IRQBALANCE is not set +# BR2_PACKAGE_JAILHOUSE is not set +# BR2_PACKAGE_KEYUTILS is not set +# BR2_PACKAGE_KMOD is not set +# BR2_PACKAGE_KMON is not set +# BR2_PACKAGE_KVMTOOL is not set +# BR2_PACKAGE_LIBOSTREE is not set +BR2_PACKAGE_LIBVIRT_ARCH_SUPPORTS=y + +# +# libvirt needs udev /dev management, a toolchain w/ threads, dynamic library, wchar, kernel headers >= 3.12 (4.11 for AArch64) +# +# BR2_PACKAGE_LXC is not set +BR2_PACKAGE_MAKEDUMPFILE_ARCH_SUPPORTS=y +# BR2_PACKAGE_MAKEDUMPFILE is not set +# BR2_PACKAGE_MENDER is not set +# BR2_PACKAGE_MENDER_CONNECT is not set + +# +# mender-update-modules needs mender +# +# BR2_PACKAGE_MFOC is not set +# BR2_PACKAGE_MOBY_BUILDKIT is not set +# BR2_PACKAGE_MOKUTIL is not set +# BR2_PACKAGE_MONIT is not set + +# +# multipath-tools needs udev and a toolchain w/ threads, dynamic library, C++ +# +# BR2_PACKAGE_NCDU is not set +# BR2_PACKAGE_NERDCTL is not set + +# +# netifrc needs openrc as init system +# +# BR2_PACKAGE_NUMACTL is not set + +# +# nut needs a toolchain w/ C++, threads +# +BR2_PACKAGE_OPENVMTOOLS_ARCH_SUPPORTS=y +# BR2_PACKAGE_OPENVMTOOLS is not set + +# +# pamtester depends on linux-pam +# + +# +# petitboot needs a toolchain w/ wchar, dynamic library, threads, udev /dev management +# +# BR2_PACKAGE_PODMAN is not set +# BR2_PACKAGE_POLKIT is not set +# BR2_PACKAGE_PROCRANK_LINUX is not set +# BR2_PACKAGE_PROCS is not set +# BR2_PACKAGE_PWGEN is not set +# BR2_PACKAGE_QBEE_AGENT is not set +# BR2_PACKAGE_QUOTA is not set +# BR2_PACKAGE_QUOTATOOL is not set +# BR2_PACKAGE_RAUC is not set +# BR2_PACKAGE_RAUC_HAWKBIT_UPDATER is not set +# BR2_PACKAGE_RUNC is not set +# BR2_PACKAGE_S6 is not set +# BR2_PACKAGE_S6_LINUX_INIT is not set +# BR2_PACKAGE_S6_LINUX_UTILS is not set +# BR2_PACKAGE_S6_PORTABLE_UTILS is not set +# BR2_PACKAGE_S6_RC is not set +# BR2_PACKAGE_SCRUB is not set +# BR2_PACKAGE_SCRYPT is not set + +# +# sdbus-c++ needs systemd and a toolchain w/ C++, gcc >= 8 +# + +# +# sdbusplus needs systemd and a toolchain w/ C++, gcc >= 7 +# +# BR2_PACKAGE_SEATD is not set +# BR2_PACKAGE_SHADOW is not set +# BR2_PACKAGE_SKOPEO is not set +# BR2_PACKAGE_SMACK is not set + +# +# supervisor needs a python interpreter +# +# BR2_PACKAGE_SWUPDATE is not set +BR2_PACKAGE_SYSTEMD_ARCH_SUPPORTS=y +BR2_PACKAGE_SYSTEMD_BOOTCHART_ARCH_SUPPORTS=y +# BR2_PACKAGE_TEALDEER is not set + +# +# thermald needs a toolchain w/ C++, wchar, threads +# + +# +# thermald needs udev /dev management +# +# BR2_PACKAGE_TPM_TOOLS is not set +# BR2_PACKAGE_TPM2_ABRMD is not set +# BR2_PACKAGE_TPM2_TOOLS is not set +# BR2_PACKAGE_TPM2_TOTP is not set +# BR2_PACKAGE_UNSCD is not set +# BR2_PACKAGE_UTIL_LINUX is not set +# BR2_PACKAGE_WATCHDOG is not set +# BR2_PACKAGE_WATCHDOGD is not set +# BR2_PACKAGE_XDG_DBUS_PROXY is not set +BR2_PACKAGE_XVISOR_ARCH_SUPPORTS=y +# BR2_PACKAGE_XVISOR is not set + +# +# Text editors and viewers +# +# BR2_PACKAGE_BAT is not set +# BR2_PACKAGE_ED is not set +# BR2_PACKAGE_JOE is not set +# BR2_PACKAGE_MC is not set +# BR2_PACKAGE_MG is not set +# BR2_PACKAGE_MOST is not set +BR2_PACKAGE_NANO=y +BR2_PACKAGE_NANO_TINY=y +# BR2_PACKAGE_UEMACS is not set + +# +# Filesystem images +# +# BR2_TARGET_ROOTFS_AXFS is not set +# BR2_TARGET_ROOTFS_BTRFS is not set +# BR2_TARGET_ROOTFS_CLOOP is not set +# BR2_TARGET_ROOTFS_CPIO is not set +# BR2_TARGET_ROOTFS_CRAMFS is not set +# BR2_TARGET_ROOTFS_EROFS is not set +BR2_TARGET_ROOTFS_EXT2=y +BR2_TARGET_ROOTFS_EXT2_2=y +BR2_TARGET_ROOTFS_EXT2_2r1=y +# BR2_TARGET_ROOTFS_EXT2_3 is not set +# BR2_TARGET_ROOTFS_EXT2_4 is not set +BR2_TARGET_ROOTFS_EXT2_GEN=2 +BR2_TARGET_ROOTFS_EXT2_LABEL="rootfs" +BR2_TARGET_ROOTFS_EXT2_SIZE="60M" +BR2_TARGET_ROOTFS_EXT2_INODES=0 +BR2_TARGET_ROOTFS_EXT2_INODE_SIZE=256 +BR2_TARGET_ROOTFS_EXT2_RESBLKS=5 +BR2_TARGET_ROOTFS_EXT2_MKFS_OPTIONS="-O ^64bit" +BR2_TARGET_ROOTFS_EXT2_NONE=y +# BR2_TARGET_ROOTFS_EXT2_GZIP is not set +# BR2_TARGET_ROOTFS_EXT2_BZIP2 is not set +# BR2_TARGET_ROOTFS_EXT2_LZ4 is not set +# BR2_TARGET_ROOTFS_EXT2_LZMA is not set +# BR2_TARGET_ROOTFS_EXT2_LZO is not set +# BR2_TARGET_ROOTFS_EXT2_XZ is not set +# BR2_TARGET_ROOTFS_EXT2_ZSTD is not set +# BR2_TARGET_ROOTFS_F2FS is not set +# BR2_TARGET_ROOTFS_INITRAMFS is not set + +# +# iso image needs a Linux kernel and either grub2 or isolinux to be built +# +# BR2_TARGET_ROOTFS_JFFS2 is not set +# BR2_TARGET_ROOTFS_OCI is not set +# BR2_TARGET_ROOTFS_SQUASHFS is not set +# BR2_TARGET_ROOTFS_TAR is not set +# BR2_TARGET_ROOTFS_UBI is not set +# BR2_TARGET_ROOTFS_UBIFS is not set +# BR2_TARGET_ROOTFS_YAFFS2 is not set + +# +# Bootloaders +# +# BR2_TARGET_BAREBOX is not set +BR2_TARGET_EDK2_ARCH_SUPPORTS=y +# BR2_TARGET_EDK2 is not set +BR2_TARGET_GRUB2_ARCH_SUPPORTS=y +# BR2_TARGET_GRUB2 is not set +BR2_PACKAGE_SHIM_ARCH_SUPPORTS=y +# BR2_TARGET_SHIM is not set +# BR2_TARGET_SYSLINUX is not set +# BR2_TARGET_UBOOT is not set + +# +# Host utilities +# +# BR2_PACKAGE_HOST_ABOOTIMG is not set +# BR2_PACKAGE_HOST_AESPIPE is not set +# BR2_PACKAGE_HOST_AGENT_PROXY is not set +# BR2_PACKAGE_HOST_AMLOGIC_BOOT_FIP is not set +# BR2_PACKAGE_HOST_ANDROID_TOOLS is not set +BR2_PACKAGE_HOST_ARM_GNU_TOOLCHAIN_SUPPORTS=y +# BR2_PACKAGE_HOST_ASN1C is not set +# BR2_PACKAGE_HOST_BABELTRACE2 is not set +# BR2_PACKAGE_HOST_BMAP_TOOLS is not set +# BR2_PACKAGE_HOST_BMAP_WRITER is not set +# BR2_PACKAGE_HOST_BOOTGEN is not set +# BR2_PACKAGE_HOST_BTRFS_PROGS is not set +# BR2_PACKAGE_HOST_CASYNC_NANO is not set +# BR2_PACKAGE_HOST_CHECKPOLICY is not set +# BR2_PACKAGE_HOST_CHECKSEC is not set +# BR2_PACKAGE_HOST_CMAKE is not set +BR2_HOST_CMAKE_AT_LEAST="3.18" +# BR2_PACKAGE_HOST_COMPOSER is not set +# BR2_PACKAGE_HOST_CRAMFS is not set +# BR2_PACKAGE_HOST_CRUDINI is not set +# BR2_PACKAGE_HOST_CRYPTSETUP is not set +# BR2_PACKAGE_HOST_DBUS_PYTHON is not set +# BR2_PACKAGE_HOST_DELVE is not set +# BR2_PACKAGE_HOST_DEPOT_TOOLS is not set +# BR2_PACKAGE_HOST_DFU_UTIL is not set +# BR2_PACKAGE_HOST_DOS2UNIX is not set +# BR2_PACKAGE_HOST_DOSFSTOOLS is not set +# BR2_PACKAGE_HOST_DOXYGEN is not set +# BR2_PACKAGE_HOST_DTC is not set +BR2_PACKAGE_HOST_E2FSPROGS=y +# BR2_PACKAGE_HOST_E2TOOLS is not set +# BR2_PACKAGE_HOST_ENVIRONMENT_SETUP is not set +# BR2_PACKAGE_HOST_EROFS_UTILS is not set +# BR2_PACKAGE_HOST_EXFATPROGS is not set +# BR2_PACKAGE_HOST_F2FS_TOOLS is not set +# BR2_PACKAGE_HOST_FAKETIME is not set +# BR2_PACKAGE_HOST_FATCAT is not set +# BR2_PACKAGE_HOST_FIRMWARE_UTILS is not set +BR2_PACKAGE_HOST_FLUTTER_SDK_BIN_ARCH_SUPPORTS=y +# BR2_PACKAGE_HOST_FLUTTER_SDK_BIN is not set +# BR2_PACKAGE_HOST_FWUP is not set +# BR2_PACKAGE_HOST_GENEXT2FS is not set +# BR2_PACKAGE_HOST_GENIMAGE is not set +# BR2_PACKAGE_HOST_GENPART is not set +# BR2_PACKAGE_HOST_GNUPG is not set +# BR2_PACKAGE_HOST_GNUPG2 is not set +BR2_PACKAGE_HOST_GO_TARGET_ARCH_SUPPORTS=y +BR2_PACKAGE_HOST_GO_TARGET_CGO_LINKING_SUPPORTS=y +BR2_PACKAGE_HOST_GO_HOST_ARCH_SUPPORTS=y +BR2_PACKAGE_HOST_GO_HOST_CGO_LINKING_SUPPORTS=y +# BR2_PACKAGE_HOST_GO is not set +BR2_PACKAGE_PROVIDES_HOST_GO="host-go-bin" +BR2_PACKAGE_HOST_GO_BIN_HOST_ARCH="amd64" +BR2_PACKAGE_HOST_GO_BIN_HOST_ARCH_SUPPORTS=y +BR2_PACKAGE_HOST_GO_BOOTSTRAP_STAGE1_ARCH_SUPPORTS=y +BR2_PACKAGE_HOST_GO_BOOTSTRAP_STAGE2_ARCH_SUPPORTS=y +BR2_PACKAGE_HOST_GO_BOOTSTRAP_STAGE3_ARCH_SUPPORTS=y +BR2_PACKAGE_HOST_GOOGLE_BREAKPAD_ARCH_SUPPORTS=y +# BR2_PACKAGE_HOST_GPTFDISK is not set +# BR2_PACKAGE_HOST_IMAGEMAGICK is not set +# BR2_PACKAGE_HOST_IMX_MKIMAGE is not set +# BR2_PACKAGE_HOST_JQ is not set +# BR2_PACKAGE_HOST_JSMIN is not set +BR2_PACKAGE_HOST_KMOD=y +# BR2_PACKAGE_HOST_KMOD_GZ is not set +# BR2_PACKAGE_HOST_KMOD_ZSTD is not set +# BR2_PACKAGE_HOST_KMOD_XZ is not set +# BR2_PACKAGE_HOST_LIBP11 is not set +# BR2_PACKAGE_HOST_LLD is not set +# BR2_PACKAGE_HOST_LPC3250LOADER is not set +# BR2_PACKAGE_HOST_LTTNG_BABELTRACE is not set +# BR2_PACKAGE_HOST_LZMA_ALONE is not set +# BR2_PACKAGE_HOST_MENDER_ARTIFACT is not set +# BR2_PACKAGE_HOST_MESON_TOOLS is not set +# BR2_PACKAGE_HOST_MICROCHIP_HSS_PAYLOAD_GENERATOR is not set +# BR2_PACKAGE_HOST_MINISIGN is not set +BR2_PACKAGE_HOST_MKPASSWD=y +# BR2_PACKAGE_HOST_MOBY_BUILDKIT is not set +# BR2_PACKAGE_HOST_MOSQUITTO is not set +# BR2_PACKAGE_HOST_MTD is not set +# BR2_PACKAGE_HOST_MTOOLS is not set +BR2_PACKAGE_HOST_NODEJS_BIN_ARCH_SUPPORTS=y +# BR2_PACKAGE_HOST_NODEJS is not set +BR2_PACKAGE_PROVIDES_HOST_NODEJS="host-nodejs-bin" +# BR2_PACKAGE_HOST_ODB is not set +# BR2_PACKAGE_HOST_OPENOCD is not set +# BR2_PACKAGE_HOST_OPKG_UTILS is not set +# BR2_PACKAGE_HOST_PAHOLE is not set +# BR2_PACKAGE_HOST_PARTED is not set +BR2_PACKAGE_HOST_PATCHELF=y +# BR2_PACKAGE_HOST_PIGZ is not set +# BR2_PACKAGE_HOST_PKGCONF is not set +# BR2_PACKAGE_HOST_PWGEN is not set +# BR2_PACKAGE_HOST_PYTHON_CYTHON is not set +# BR2_PACKAGE_HOST_PYTHON_GREENLET is not set +# BR2_PACKAGE_HOST_PYTHON_INIPARSE is not set +# BR2_PACKAGE_HOST_PYTHON_LXML is not set +# BR2_PACKAGE_HOST_PYTHON_PYYAML is not set +# BR2_PACKAGE_HOST_PYTHON_SIX is not set +# BR2_PACKAGE_HOST_PYTHON_USWID is not set +# BR2_PACKAGE_HOST_PYTHON_XLRD is not set +# BR2_PACKAGE_HOST_PYTHON3 is not set +BR2_PACKAGE_HOST_QEMU_ARCH_SUPPORTS=y +BR2_PACKAGE_HOST_QEMU_SYSTEM_ARCH_SUPPORTS=y +BR2_PACKAGE_HOST_QEMU_USER_ARCH_SUPPORTS=y +BR2_PACKAGE_HOST_QEMU=y + +# +# Emulators selection +# +BR2_PACKAGE_HOST_QEMU_SYSTEM_MODE=y +# BR2_PACKAGE_HOST_QEMU_LINUX_USER_MODE is not set +# BR2_PACKAGE_HOST_QEMU_VDE2 is not set +# BR2_PACKAGE_HOST_QEMU_VIRTFS is not set +# BR2_PACKAGE_HOST_QEMU_USB is not set +# BR2_PACKAGE_HOST_QORIQ_RCW is not set +# BR2_PACKAGE_HOST_RAUC is not set +# BR2_PACKAGE_HOST_RISCV_ISA_SIM is not set +# BR2_PACKAGE_HOST_RUNC is not set +BR2_PACKAGE_HOST_RUSTC_ARCH_SUPPORTS=y +BR2_PACKAGE_HOST_RUSTC_TARGET_TIER1_PLATFORMS=y +BR2_PACKAGE_HOST_RUSTC_TARGET_ARCH_SUPPORTS=y +BR2_PACKAGE_HOST_RUSTC_ARCH="x86_64" +# BR2_PACKAGE_HOST_RUSTC is not set +BR2_PACKAGE_PROVIDES_HOST_RUSTC="host-rust-bin" +# BR2_PACKAGE_HOST_SAM_BA is not set +# BR2_PACKAGE_HOST_SDBUS_CPP is not set +# BR2_PACKAGE_HOST_SDBUSPLUS is not set +# BR2_PACKAGE_HOST_SENTRY_CLI is not set +# BR2_PACKAGE_HOST_SKOPEO is not set +# BR2_PACKAGE_HOST_SLOCI_IMAGE is not set +# BR2_PACKAGE_HOST_SQUASHFS is not set +# BR2_PACKAGE_HOST_SWIG is not set +# BR2_PACKAGE_HOST_SWTPM is not set +# BR2_PACKAGE_HOST_SWUGENERATOR is not set +# BR2_PACKAGE_HOST_TIPIDEE is not set +# BR2_PACKAGE_HOST_UBOOT_TOOLS is not set +BR2_PACKAGE_HOST_UTIL_LINUX=y +# BR2_PACKAGE_HOST_UTP_COM is not set +# BR2_PACKAGE_HOST_UUU is not set +# BR2_PACKAGE_HOST_VBOOT_UTILS is not set +# BR2_PACKAGE_HOST_XORRISO is not set +# BR2_PACKAGE_HOST_ZIP is not set +# BR2_PACKAGE_HOST_ZSTD is not set + +# +# Legacy config options +# + +# +# Legacy options removed in 2025.08 +# +# BR2_PACKAGE_NETSTAT_NAT is not set +# BR2_PACKAGE_LIGHTTPD_LIBEV is not set +# BR2_PACKAGE_LIBSVGTINY is not set +# BR2_PACKAGE_THTTPD is not set +# BR2_KERNEL_HEADERS_6_15 is not set +# BR2_PACKAGE_LIBCURL_BEARSSL is not set +# BR2_PACKAGE_LIBOLM is not set +# BR2_PACKAGE_LIBWEBSOCK is not set +# BR2_TARGET_EDK2_PLATFORM_SOCIONEXT_DEVELOPERBOX is not set +# BR2_PACKAGE_LIBEBUR128 is not set +# BR2_KERNEL_HEADERS_6_14 is not set +# BR2_PACKAGE_GPSD_OCEANSERVER is not set +# BR2_PACKAGE_MESA3D_OSMESA_GALLIUM is not set +# BR2_PACKAGE_ALSA_LIB_ALISP is not set + +# +# Legacy options removed in 2025.05 +# +# BR2_GCC_VERSION_12_X is not set +# BR2_PACKAGE_MESA3D_GALLIUM_DRIVER_SWRAST is not set +# BR2_PACKAGE_MBEDTLS_COMPRESSION is not set +# BR2_KERNEL_HEADERS_6_13 is not set +# BR2_PACKAGE_MPD_SOUNDCLOUD is not set +# BR2_PACKAGE_DOCKER_ENGINE_DOCKER_INIT is not set + +# +# Legacy options removed in 2025.02 +# +# BR2_PACKAGE_SQLITE_ENABLE_JSON1 is not set +# BR2_PACKAGE_ANGULARJS is not set +# BR2_PACKAGE_ANGULAR_WEBSOCKET is not set +# BR2_PACKAGE_LATENCYTOP is not set +# BR2_PACKAGE_OBSIDIAN_CURSORS is not set +# BR2_PACKAGE_W_SCAN is not set +# BR2_PACKAGE_GENROMFS is not set +# BR2_TARGET_ROOTFS_ROMFS is not set +# BR2_BINUTILS_VERSION_2_41_X is not set +# BR2_TARGET_ROOTFS_EXT2_2r0 is not set +# BR2_GDB_VERSION_13 is not set +# BR2_nios2 is not set +# BR2_TOOLCHAIN_EXTERNAL_BOOTLIN_NIOS2_GLIBC_BLEEDING_EDGE is not set +# BR2_TOOLCHAIN_EXTERNAL_BOOTLIN_NIOS2_GLIBC_STABLE is not set +# BR2_PACKAGE_DIRECTFB is not set +# BR2_PACKAGE_GST_OMX is not set +# BR2_PACKAGE_MIMIC is not set +# BR2_PACKAGE_SDL2_DIRECTFB is not set +# BR2_PACKAGE_SDL_DIRECTFB is not set +# BR2_PACKAGE_QT5BASE_DIRECTFB is not set +# BR2_PACKAGE_GST1_PLUGINS_BAD_PLUGIN_DIRECTFB is not set +# BR2_PACKAGE_LITE is not set +# BR2_PACKAGE_LINUX_FUSION is not set +# BR2_PACKAGE_DIRECTFB_EXAMPLES is not set +# BR2_PACKAGE_HIAWATHA is not set +# BR2_PACKAGE_MONGODB is not set +# BR2_PACKAGE_PYTHON_M2CRYPTO is not set +# BR2_KERNEL_HEADERS_4_19 is not set +# BR2_KERNEL_HEADERS_6_11 is not set +# BR2_PACKAGE_GIBLIB is not set +# BR2_PACKAGE_FCONFIG is not set +# BR2_PACKAGE_LIBHID is not set +# BR2_PACKAGE_QUAGGA is not set +# BR2_PACKAGE_RAMSMP is not set + +# +# Legacy options removed in 2024.11 +# +# BR2_PACKAGE_BSDIFF is not set +# BR2_PACKAGE_PROCPS_NS_ORIGINAL_TOP is not set +# BR2_PACKAGE_QEMU_TARGET_NIOS2 is not set +# BR2_PACKAGE_POPPERJS is not set +# BR2_KERNEL_HEADERS_6_10 is not set +BR2_PACKAGE_IPMITOOL_PEN_REG_URI="" +# BR2_PACKAGE_ERLANG_P1_YAML is not set +# BR2_PACKAGE_ERLANG_P1_XMPP is not set +# BR2_PACKAGE_ERLANG_P1_XML is not set +# BR2_PACKAGE_ERLANG_P1_STUN is not set +# BR2_PACKAGE_FBV_GIF is not set +# BR2_BINUTILS_VERSION_2_40_X is not set + +# +# Legacy options removed in 2024.08 +# +# BR2_PACKAGE_MIDORI is not set +# BR2_PACKAGE_FROTZ is not set +# BR2_PACKAGE_FAN_CTRL is not set +# BR2_PACKAGE_FLUTTER_DYNAMIC_LAYOUTS_EXAMPLE is not set +# BR2_KERNEL_HEADERS_6_9 is not set +# BR2_x86_knightslanding is not set +# BR2_x86_knightsmill is not set +# BR2_PACKAGE_DVB_APPS is not set +# BR2_PACKAGE_GAMIN is not set +# BR2_PACKAGE_CAIRO_SVG is not set +# BR2_PACKAGE_CAIRO_SCRIPT is not set +# BR2_PACKAGE_CAIRO_PS is not set +# BR2_PACKAGE_CAIRO_PDF is not set +# BR2_PACKAGE_CAIRO_XML is not set +# BR2_GDB_VERSION_12 is not set +# BR2_TARGET_BEAGLEV_DDRINIT is not set +# BR2_TARGET_BEAGLEV_SECONDBOOT is not set +# BR2_PACKAGE_ONEVPL_INTEL_GPU is not set +# BR2_PACKAGE_CGIC is not set +# BR2_PACKAGE_BEECRYPT is not set +# BR2_PACKAGE_VERSAL_FIRMWARE is not set +# BR2_KERNEL_HEADERS_6_8 is not set +# BR2_TARGET_AT91BOOTSTRAP is not set +# BR2_TARGET_AT91DATAFLASHBOOT is not set +# BR2_PACKAGE_ON2_8170_MODULES is not set +# BR2_PACKAGE_ON2_8170_LIBS is not set +# BR2_GCC_VERSION_11_X is not set +# BR2_BINFMT_FLAT_SHARED is not set +# BR2_PACKAGE_OMXPLAYER is not set +# BR2_KERNEL_HEADERS_6_7 is not set +# BR2_TARGET_TI_K3_IMAGE_GEN is not set +# BR2_TARGET_UBOOT_NEEDS_TI_K3_DM is not set +# BR2_PACKAGE_FLUTTER_GALLERY is not set +# BR2_TOOLCHAIN_EXTERNAL_CODESCAPE_IMG_MIPS is not set +# BR2_TOOLCHAIN_EXTERNAL_CODESCAPE_MTI_MIPS is not set +# BR2_TOOLCHAIN_EXTERNAL_CODESOURCERY_AARCH64 is not set +# BR2_TOOLCHAIN_EXTERNAL_CODESOURCERY_ARM is not set +# BR2_BINUTILS_VERSION_2_39_X is not set + +# +# Legacy options removed in 2024.02 +# +# BR2_PACKAGE_MYSQL is not set +# BR2_PACKAGE_ORACLE_MYSQL is not set +# BR2_PACKAGE_STRONGSWAN_SCEP is not set +# BR2_PACKAGE_SHADOW_UTMPX is not set +# BR2_PACKAGE_TINYMEMBENCH is not set +# BR2_PACKAGE_DAVINCI_BOOTCOUNT is not set +# BR2_PACKAGE_PYTHON_CROSSBAR is not set +# BR2_PACKAGE_PYTHON_PYGAME is not set +# BR2_KERNEL_HEADERS_4_14 is not set +# BR2_GDB_VERSION_11 is not set +# BR2_PACKAGE_LIBMPD is not set +# BR2_PACKAGE_GMPC is not set +# BR2_PACKAGE_FLICKCURL is not set +# BR2_PACKAGE_ONEVPL is not set +# BR2_KERNEL_HEADERS_6_5 is not set +BR2_PACKAGE_WATCHDOGD_GENERIC_POLL=0 +BR2_PACKAGE_WATCHDOGD_LOADAVG_POLL=0 +BR2_PACKAGE_WATCHDOGD_FILENR_POLL=0 +BR2_PACKAGE_WATCHDOGD_MEMINFO_POLL=0 + +# +# Legacy options removed in 2023.11 +# +# BR2_PACKAGE_PYTHON_PYXB is not set +# BR2_PACKAGE_OPENJDK_VERSION_11 is not set +# BR2_KERNEL_HEADERS_6_4 is not set +# BR2_PACKAGE_GOOGLE_MATERIAL_DESIGN_ICONS is not set +# BR2_GDB_VERSION_10 is not set + +# +# Legacy options removed in 2023.08 +# +# BR2_TARGET_LPC32XXCDL is not set +# BR2_BINUTILS_VERSION_2_38_X is not set +# BR2_GCC_VERSION_10_X is not set +# BR2_KERNEL_HEADERS_6_3 is not set +# BR2_PACKAGE_TOVID is not set +# BR2_PACKAGE_LIBASPLIB is not set +# BR2_PACKAGE_OCF_LINUX is not set +# BR2_BINUTILS_VERSION_2_37_X is not set + +# +# Legacy options removed in 2023.05 +# +# BR2_KERNEL_HEADERS_6_2 is not set +# BR2_PACKAGE_ATK is not set +# BR2_PACKAGE_AT_SPI2_ATK is not set +# BR2_PACKAGE_OPTEE_BENCHMARK is not set +# BR2_PACAKGE_OPENFPGALOADER_CMSIS is not set + +# +# Legacy options removed in 2023.02 +# +# BR2_PACKAGE_PUGIXML_HEADER_ONLY is not set +# BR2_PACKAGE_UCCP420WLAN is not set +# BR2_PACKAGE_IMX_GPU_G2D_EXAMPLES is not set +# BR2_KERNEL_HEADERS_6_0 is not set +# BR2_KERNEL_HEADERS_4_9 is not set +# BR2_PACKAGE_DOCKER_PROXY is not set +# BR2_PACKAGE_PYTHON_BUNCH is not set +# BR2_TARGET_GUMMIBOOT is not set +# BR2_PACKAGE_IPUTILS_NINFOD is not set +# BR2_PACKAGE_IPUTILS_RARPD is not set +# BR2_PACKAGE_IPUTILS_RDISC is not set +# BR2_PACKAGE_IPUTILS_RDISC_SERVER is not set +# BR2_PACKAGE_GST1_PLUGINS_UGLY_PLUGIN_XINGMUX is not set +# BR2_PACKAGE_GST1_PLUGINS_BASE_PLUGIN_VIDEOSCALE is not set +# BR2_PACKAGE_GST1_PLUGINS_BASE_PLUGIN_VIDEOCONVERT is not set +# BR2_PACKAGE_IMX_GPU_VIV_OUTPUT_X11 is not set +# BR2_PACKAGE_XDRIVER_XF86_VIDEO_IMX_VIV is not set +BR2_PACKAGE_QEMU_CUSTOM_TARGETS="" +# BR2_PACKAGE_XDRIVER_XF86_INPUT_KEYBOARD is not set +# BR2_TARGET_SUN20I_D1_SPL is not set +# BR2_PACKAGE_PYTHON_M2R is not set +# BR2_PACKAGE_MESA3D_XVMC is not set +# BR2_KERNEL_HEADERS_5_19 is not set +# BR2_PACKAGE_XDRIVER_XF86_VIDEO_TGA is not set +# BR2_PACKAGE_XDRIVER_XF86_VIDEO_GLINT is not set +# BR2_PACKAGE_USBREDIR_SERVER is not set + +# +# Legacy options removed in 2022.11 +# +# BR2_BINUTILS_VERSION_2_36_X is not set +# BR2_PACKAGE_RABBITMQ_SERVER is not set +# BR2_PACKAGE_LIBOPENSSL_ENABLE_RC5 is not set +# BR2_PACKAGE_LIBDCADEC is not set +# BR2_KERNEL_HEADERS_5_17 is not set +# BR2_iwmmxt is not set +# BR2_PACKAGE_UHD_N230 is not set +# BR2_PACKAGE_UHD_RFNOC is not set +# BR2_PACKAGE_GPSD_OLDSTYLE is not set +# BR2_GDB_VERSION_9_2 is not set + +# +# Legacy options removed in 2022.08 +# +# BR2_ECLIPSE_REGISTER is not set +# BR2_csky is not set +# BR2_PACKAGE_MESA3D_DRI_DRIVER_I915 is not set +# BR2_PACKAGE_MESA3D_DRI_DRIVER_I965 is not set +# BR2_PACKAGE_MESA3D_DRI_DRIVER_NOUVEAU is not set +# BR2_PACKAGE_MESA3D_DRI_DRIVER_RADEON is not set +# BR2_GCC_VERSION_9_X is not set +# BR2_PACKAGE_PHP_EXT_WDDX is not set +# BR2_nds32 is not set +# BR2_PACKAGE_RTL8723BS is not set + +# +# Legacy options removed in 2022.05 +# +# BR2_PACKAGE_KTAP is not set +# BR2_KERNEL_HEADERS_5_16 is not set +# BR2_KERNEL_HEADERS_4_4 is not set +# BR2_BINUTILS_VERSION_2_32_X is not set +# BR2_sh2a is not set +# BR2_BINUTILS_VERSION_2_35_X is not set +# BR2_PACKAGE_BOOST_LAYOUT_TAGGED is not set +# BR2_PACKAGE_BOOST_LAYOUT_VERSIONED is not set + +# +# Legacy options removed in 2022.02 +# +BR2_TARGET_ROOTFS_OCI_ENTRYPOINT_ARGS="" +# BR2_PACKAGE_LIBCURL_LIBNSS is not set +# BR2_PACKAGE_WESTON_DEFAULT_FBDEV is not set +# BR2_PACKAGE_WESTON_FBDEV is not set +# BR2_PACKAGE_PYTHON_PYCLI is not set +# BR2_PACKAGE_LINUX_TOOLS_BPFTOOL is not set +# BR2_TARGET_UBOOT_NEEDS_PYTHON2 is not set +# BR2_PACKAGE_GST1_PLUGINS_BAD_PLUGIN_LIBMMS is not set +# BR2_PACKAGE_PYTHON_FUNCTOOLS32 is not set +# BR2_PACKAGE_PYTHON_ENUM34 is not set +# BR2_PACKAGE_PYTHON_ENUM is not set +# BR2_PACKAGE_PYTHON_DIALOG is not set +# BR2_PACKAGE_PYTHON_YIELDFROM is not set +# BR2_PACKAGE_PYTHON_TYPING is not set +# BR2_PACKAGE_PYTHON_SUBPROCESS32 is not set +# BR2_PACKAGE_PYTHON_SINGLEDISPATCH is not set +# BR2_PACKAGE_PYTHON_PYRO is not set +# BR2_PACKAGE_PYTHON_PYPCAP is not set +# BR2_PACKAGE_PYTHON_PATHLIB2 is not set +# BR2_PACKAGE_PYTHON_PAM is not set +# BR2_PACKAGE_PYTHON_NFC is not set +# BR2_PACKAGE_PYTHON_MAD is not set +# BR2_PACKAGE_PYTHON_IPADDRESS is not set +# BR2_PACKAGE_PYTHON_IPADDR is not set +# BR2_PACKAGE_PYTHON_ID3 is not set +# BR2_PACKAGE_PYTHON_FUTURES is not set +# BR2_PACKAGE_PYTHON_BACKPORTS_SSL_MATCH_HOSTNAME is not set +# BR2_PACKAGE_PYTHON_BACKPORTS_SHUTIL_GET_TERMINAL_SIZE is not set +# BR2_PACKAGE_PYTHON_BACKPORTS_ABC is not set +# BR2_PACKAGE_PYTHON is not set +# BR2_TARGET_UBOOT_ZYNQ_IMAGE is not set +# BR2_PACKAGE_HOST_GDB_PYTHON is not set +# BR2_PACKAGE_GSTREAMER1_MM is not set +# BR2_KERNEL_HEADERS_5_14 is not set +# BR2_PACKAGE_PYTHON_BACKPORTS_FUNCTOOLS_LRU_CACHE is not set +# BR2_PACKAGE_CIVETWEB_WITH_LUA is not set +# BR2_PACKAGE_SUNXI_MALI_MAINLINE_DRIVER is not set +# BR2_PACKAGE_SUNXI_MALI_MAINLINE is not set +# BR2_PACKAGE_SUNXI_MALI_MAINLINE_R6P2 is not set +# BR2_PACKAGE_SUNXI_MALI_MAINLINE_R8P1 is not set +# BR2_PACKAGE_QT5WEBKIT_EXAMPLES is not set +# BR2_TOOLCHAIN_EXTERNAL_BOOTLIN_RISCV64_GLIBC_BLEEDING_EDGE is not set +# BR2_TOOLCHAIN_EXTERNAL_BOOTLIN_RISCV64_MUSL_BLEEDING_EDGE is not set +# BR2_PACKAGE_IPUTILS_TFTPD is not set +# BR2_PACKAGE_IPUTILS_TRACEROUTE6 is not set +# BR2_PACKAGE_LIBMEDIAART_BACKEND_NONE is not set +# BR2_PACKAGE_MPD_UPNP is not set + +# +# Legacy options removed in 2021.11 +# +# BR2_OPENJDK_VERSION_LTS is not set +# BR2_OPENJDK_VERSION_LATEST is not set +# BR2_PACKAGE_MPD_TIDAL is not set +# BR2_PACKAGE_MROUTED_RSRR is not set +# BR2_BINUTILS_VERSION_CSKY is not set +# BR2_GCC_VERSION_CSKY is not set +# BR2_PACKAGE_CANFESTIVAL is not set +# BR2_PACKAGE_NMAP_NDIFF is not set +# BR2_GDB_VERSION_8_3 is not set +# BR2_PACKAGE_PYTHON_MELD3 is not set +# BR2_PACKAGE_STRONGSWAN_EAP is not set +# BR2_PACKAGE_GNURADIO_PAGER is not set +# BR2_KERNEL_HEADERS_5_11 is not set +# BR2_KERNEL_HEADERS_5_12 is not set +# BR2_KERNEL_HEADERS_5_13 is not set + +# +# Legacy options removed in 2021.08 +# +BR2_TARGET_GRUB2_BUILTIN_MODULES="" +BR2_TARGET_GRUB2_BUILTIN_CONFIG="" +# BR2_PACKAGE_LIBMCRYPT is not set +# BR2_PACKAGE_MCRYPT is not set +# BR2_PACKAGE_PHP_EXT_MCRYPT is not set +# BR2_BINUTILS_VERSION_2_34_X is not set +# BR2_PACKAGE_LIBSOIL is not set +# BR2_PACKAGE_CLAPACK is not set +# BR2_PACKAGE_SPIDERMONKEY is not set +# BR2_PACKAGE_KODI_LIBVA is not set +# BR2_PACKAGE_PYTHON_COHERENCE is not set +# BR2_PACKAGE_PHP_EXT_XMLRPC is not set +# BR2_GCC_VERSION_8_X is not set + +# +# Legacy options removed in 2021.05 +# +# BR2_PACKAGE_UDISKS_LVM2 is not set +# BR2_PACKAGE_LVM2_APP_LIBRARY is not set +# BR2_PACKAGE_LVM2_LVMETAD is not set +# BR2_PACKAGE_MONKEY is not set +# BR2_PACKAGE_DOCKER_CONTAINERD is not set +# BR2_PACKAGE_IOSTAT is not set +# BR2_PACKAGE_SCONESERVER_HTTP_SCONESITE_IMAGE is not set +# BR2_PACKAGE_XSERVER_XORG_SERVER_KDRIVE_EVDEV is not set +# BR2_PACKAGE_XSERVER_XORG_SERVER_KDRIVE_KBD is not set +# BR2_PACKAGE_XSERVER_XORG_SERVER_KDRIVE_MOUSE is not set +# BR2_PACKAGE_MESA3D_OSMESA_CLASSIC is not set +# BR2_PACKAGE_MESA3D_DRI_DRIVER_SWRAST is not set +# BR2_PACKAGE_KODI_SCREENSAVER_CRYSTALMORPH is not set + +# +# Legacy options removed in 2021.02 +# +# BR2_PACKAGE_MPD_AUDIOFILE is not set +# BR2_PACKAGE_AUDIOFILE is not set +# BR2_BINUTILS_VERSION_2_33_X is not set +# BR2_PACKAGE_LIBUPNP18 is not set +# BR2_PACKAGE_BOA is not set +# BR2_PACKAGE_LINUX_FIRMWARE_IMX_SDMA is not set +# BR2_GDB_VERSION_8_2 is not set +# BR2_PACKAGE_HOST_RCW is not set +# BR2_KERNEL_HEADERS_5_9 is not set +# BR2_KERNEL_HEADERS_5_8 is not set +# BR2_powerpc_601 is not set +# BR2_PACKAGE_TI_SGX_LIBGBM is not set +# BR2_PACKAGE_IPSEC_TOOLS is not set + +# +# Legacy options removed in 2020.11 +# +# BR2_PACKAGE_GPSD_FIXED_PORT_SPEED is not set +# BR2_PACKAGE_GPSD_RECONFIGURE is not set +# BR2_PACKAGE_GPSD_CONTROLSEND is not set +# BR2_PACKAGE_OPENCV is not set +# BR2_PACKAGE_LIBCROCO is not set +# BR2_PACKAGE_BELLAGIO is not set +# BR2_PACKAGE_SYSTEMD_JOURNAL_GATEWAY is not set +# BR2_TARGET_UBOOT_BOOT_SCRIPT is not set +# BR2_TARGET_UBOOT_ENVIMAGE is not set +# BR2_PACKAGE_KISMET_CLIENT is not set +# BR2_PACKAGE_KISMET_DRONE is not set +# BR2_GCC_VERSION_7_X is not set +# BR2_PACKAGE_GST1_VALIDATE is not set +# BR2_PACKAGE_GST1_PLUGINS_BAD_PLUGIN_YADIF is not set +# BR2_PACKAGE_GQVIEW is not set +# BR2_PACKAGE_WESTON_IMX is not set +# BR2_KERNEL_HEADERS_5_7 is not set +# BR2_PACKAGE_TINYHTTPD is not set +# BR2_PACKAGE_XSERVER_XORG_SERVER_AIGLX is not set +# BR2_PACKAGE_AMD_CATALYST is not set +# BR2_PACKAGE_NVIDIA_TEGRA23 is not set +# BR2_GDB_VERSION_8_1 is not set + +# +# Legacy options removed in 2020.08 +# +# BR2_TOOLCHAIN_EXTERNAL_CODESOURCERY_AMD64 is not set +# BR2_KERNEL_HEADERS_5_6 is not set +# BR2_KERNEL_HEADERS_5_5 is not set +# BR2_BINUTILS_VERSION_2_31_X is not set +# BR2_PACKAGE_KODI_PERIPHERAL_STEAMCONTROLLER is not set + +# +# Legacy options removed in 2020.05 +# +# BR2_PACKAGE_WIRINGPI is not set +# BR2_PACKAGE_PYTHON_PYCRYPTO is not set +# BR2_PACKAGE_MTDEV2TUIO is not set +# BR2_PACKAGE_EZXML is not set +# BR2_PACKAGE_COLLECTD_LVM is not set +# BR2_PACKAGE_PYTHON_PYASN is not set +# BR2_PACKAGE_PYTHON_PYASN_MODULES is not set +# BR2_PACKAGE_LINUX_FIRMWARE_ATHEROS_10K_QCA6174 is not set +# BR2_PACKAGE_QT5CANVAS3D is not set +# BR2_PACKAGE_KODI_LIBTHEORA is not set +# BR2_PACKAGE_CEGUI06 is not set +# BR2_GCC_VERSION_5_X is not set + +# +# Legacy options removed in 2020.02 +# +# BR2_PACKAGE_JAMVM is not set +# BR2_PACKAGE_CLASSPATH is not set +# BR2_PACKAGE_QT5_VERSION_5_6 is not set +# BR2_PACKAGE_CURL is not set +# BR2_PACKAGE_GSTREAMER is not set +# BR2_PACKAGE_NVIDIA_TEGRA23_BINARIES_GSTREAMER_PLUGINS is not set +# BR2_PACKAGE_NVIDIA_TEGRA23_BINARIES_NV_SAMPLE_APPS is not set +# BR2_PACKAGE_FREERDP_GSTREAMER is not set +# BR2_PACKAGE_OPENCV3_WITH_GSTREAMER is not set +# BR2_PACKAGE_OPENCV_WITH_GSTREAMER is not set +# BR2_PACKAGE_LIBPLAYER is not set +# BR2_GCC_VERSION_OR1K is not set +# BR2_PACKAGE_BLUEZ_UTILS is not set +# BR2_PACKAGE_GADGETFS_TEST is not set +# BR2_PACKAGE_FIS is not set +BR2_PACKAGE_REFPOLICY_POLICY_VERSION="" +# BR2_PACKAGE_CELT051 is not set +# BR2_PACKAGE_WIREGUARD is not set +# BR2_PACKAGE_PERL_NET_PING is not set +# BR2_PACKAGE_PERL_MIME_BASE64 is not set +# BR2_PACKAGE_PERL_DIGEST_MD5 is not set +# BR2_PACKAGE_ERLANG_P1_ICONV is not set +# BR2_KERNEL_HEADERS_5_3 is not set +# BR2_PACKAGE_PYTHON_SCAPY3K is not set +# BR2_BINUTILS_VERSION_2_30_X is not set +# BR2_PACKAGE_RPI_USERLAND_START_VCFILED is not set +# BR2_PACKAGE_TI_SGX_KM_AM335X is not set +# BR2_PACKAGE_TI_SGX_KM_AM437X is not set +# BR2_PACKAGE_TI_SGX_KM_AM4430 is not set +# BR2_PACKAGE_TI_SGX_KM_AM5430 is not set + +# +# Legacy options removed in 2019.11 +# +# BR2_PACKAGE_OPENVMTOOLS_PROCPS is not set +# BR2_PACKAGE_ALLJOYN is not set +# BR2_PACKAGE_ALLJOYN_BASE is not set +# BR2_PACKAGE_ALLJOYN_BASE_CONTROLPANEL is not set +# BR2_PACKAGE_ALLJOYN_BASE_NOTIFICATION is not set +# BR2_PACKAGE_ALLJOYN_BASE_ONBOARDING is not set +# BR2_PACKAGE_ALLJOYN_TCL_BASE is not set +# BR2_PACKAGE_ALLJOYN_TCL is not set +BR2_TOOLCHAIN_EXTRA_EXTERNAL_LIBS="" +# BR2_PACKAGE_PYTHON_PYSNMP_APPS is not set +# BR2_KERNEL_HEADERS_5_2 is not set +# BR2_TARGET_RISCV_PK is not set +# BR2_PACKAGE_SQLITE_STAT3 is not set +# BR2_KERNEL_HEADERS_5_1 is not set +# BR2_PACKAGE_DEVMEM2 is not set +# BR2_PACKAGE_USTR is not set +# BR2_PACKAGE_KODI_SCREENSAVER_PLANESTATE is not set +# BR2_PACKAGE_KODI_VISUALISATION_WAVEFORHUE is not set +# BR2_PACKAGE_KODI_AUDIODECODER_OPUS is not set +# BR2_PACKAGE_MESA3D_OSMESA is not set +# BR2_PACKAGE_HOSTAPD_DRIVER_RTW is not set +# BR2_PACKAGE_WPA_SUPPLICANT_DBUS_NEW is not set +# BR2_PACKAGE_WPA_SUPPLICANT_DBUS_OLD is not set + +# +# Legacy options removed in 2019.08 +# +# BR2_TARGET_TS4800_MBRBOOT is not set +# BR2_PACKAGE_LIBAMCODEC is not set +# BR2_PACKAGE_ODROID_SCRIPTS is not set +# BR2_PACKAGE_ODROID_MALI is not set +# BR2_PACKAGE_KODI_PLATFORM_AML is not set +# BR2_GCC_VERSION_6_X is not set +# BR2_GCC_VERSION_4_9_X is not set +# BR2_GDB_VERSION_7_12 is not set +# BR2_PACKAGE_XAPP_MKFONTDIR is not set +# BR2_GDB_VERSION_8_0 is not set +# BR2_KERNEL_HEADERS_4_20 is not set +# BR2_KERNEL_HEADERS_5_0 is not set + +# +# Legacy options removed in 2019.05 +# +# BR2_CSKY_DSP is not set +# BR2_PACKAGE_GST1_PLUGINS_BAD_PLUGIN_COMPOSITOR is not set +# BR2_PACKAGE_GST1_PLUGINS_BAD_PLUGIN_IQA is not set +# BR2_PACKAGE_GST1_PLUGINS_BAD_PLUGIN_OPENCV is not set +# BR2_PACKAGE_GST1_PLUGINS_BAD_PLUGIN_STEREO is not set +# BR2_PACKAGE_GST1_PLUGINS_BAD_PLUGIN_VCD is not set +# BR2_PACKAGE_LUNIT is not set +# BR2_PACKAGE_FFMPEG_FFSERVER is not set +# BR2_PACKAGE_LIBUMP is not set +# BR2_PACKAGE_SUNXI_MALI is not set +# BR2_BINUTILS_VERSION_2_29_X is not set +# BR2_BINUTILS_VERSION_2_28_X is not set +# BR2_PACKAGE_GST_PLUGINS_BAD_PLUGIN_APEXSINK is not set + +# +# Legacy options removed in 2019.02 +# +# BR2_PACKAGE_QT is not set +# BR2_PACKAGE_QTUIO is not set +# BR2_PACKAGE_PINENTRY_QT4 is not set +# BR2_PACKAGE_POPPLER_QT is not set +# BR2_PACKAGE_OPENCV3_WITH_QT is not set +# BR2_PACKAGE_OPENCV_WITH_QT is not set +# BR2_PACKAGE_AMD_CATALYST_CCCLE is not set +# BR2_PACKAGE_SDL_QTOPIA is not set +# BR2_PACKAGE_PYTHON_PYQT is not set +# BR2_PACKAGE_LUACRYPTO is not set +# BR2_PACKAGE_TN5250 is not set +# BR2_PACKAGE_BOOST_SIGNALS is not set +# BR2_PACKAGE_FFTW_PRECISION_SINGLE is not set +# BR2_PACKAGE_FFTW_PRECISION_DOUBLE is not set +# BR2_PACKAGE_FFTW_PRECISION_LONG_DOUBLE is not set +# BR2_PACKAGE_FFTW_PRECISION_QUAD is not set +# BR2_PACKAGE_LUA_5_2 is not set +# BR2_TARGET_GENERIC_PASSWD_MD5 is not set + +# +# Legacy options removed in 2018.11 +# +# BR2_TARGET_XLOADER is not set +# BR2_PACKAGE_TIDSP_BINARIES is not set +# BR2_PACKAGE_DSP_TOOLS is not set +# BR2_PACKAGE_GST_DSP is not set +# BR2_PACKAGE_BOOTUTILS is not set +# BR2_PACKAGE_EXPEDITE is not set +# BR2_PACKAGE_MESA3D_OPENGL_TEXTURE_FLOAT is not set +# BR2_KERNEL_HEADERS_4_10 is not set +# BR2_KERNEL_HEADERS_4_11 is not set +# BR2_KERNEL_HEADERS_4_12 is not set +# BR2_KERNEL_HEADERS_4_13 is not set +# BR2_KERNEL_HEADERS_4_15 is not set +# BR2_KERNEL_HEADERS_4_17 is not set +# BR2_PACKAGE_LIBNFTNL_XML is not set +# BR2_KERNEL_HEADERS_3_2 is not set +# BR2_KERNEL_HEADERS_4_1 is not set +# BR2_KERNEL_HEADERS_4_16 is not set +# BR2_KERNEL_HEADERS_4_18 is not set + +# +# Legacy options removed in 2018.08 +# +# BR2_PACKAGE_DOCKER_ENGINE_STATIC_CLIENT is not set +# BR2_PACKAGE_XPROTO_APPLEWMPROTO is not set +# BR2_PACKAGE_XPROTO_BIGREQSPROTO is not set +# BR2_PACKAGE_XPROTO_COMPOSITEPROTO is not set +# BR2_PACKAGE_XPROTO_DAMAGEPROTO is not set +# BR2_PACKAGE_XPROTO_DMXPROTO is not set +# BR2_PACKAGE_XPROTO_DRI2PROTO is not set +# BR2_PACKAGE_XPROTO_DRI3PROTO is not set +# BR2_PACKAGE_XPROTO_FIXESPROTO is not set +# BR2_PACKAGE_XPROTO_FONTCACHEPROTO is not set +# BR2_PACKAGE_XPROTO_FONTSPROTO is not set +# BR2_PACKAGE_XPROTO_GLPROTO is not set +# BR2_PACKAGE_XPROTO_INPUTPROTO is not set +# BR2_PACKAGE_XPROTO_KBPROTO is not set +# BR2_PACKAGE_XPROTO_PRESENTPROTO is not set +# BR2_PACKAGE_XPROTO_RANDRPROTO is not set +# BR2_PACKAGE_XPROTO_RECORDPROTO is not set +# BR2_PACKAGE_XPROTO_RENDERPROTO is not set +# BR2_PACKAGE_XPROTO_RESOURCEPROTO is not set +# BR2_PACKAGE_XPROTO_SCRNSAVERPROTO is not set +# BR2_PACKAGE_XPROTO_VIDEOPROTO is not set +# BR2_PACKAGE_XPROTO_WINDOWSWMPROTO is not set +# BR2_PACKAGE_XPROTO_XCMISCPROTO is not set +# BR2_PACKAGE_XPROTO_XEXTPROTO is not set +# BR2_PACKAGE_XPROTO_XF86BIGFONTPROTO is not set +# BR2_PACKAGE_XPROTO_XF86DGAPROTO is not set +# BR2_PACKAGE_XPROTO_XF86DRIPROTO is not set +# BR2_PACKAGE_XPROTO_XF86VIDMODEPROTO is not set +# BR2_PACKAGE_XPROTO_XINERAMAPROTO is not set +# BR2_PACKAGE_XPROTO_XPROTO is not set +# BR2_PACKAGE_XPROTO_XPROXYMANAGEMENTPROTOCOL is not set +# BR2_PACKAGE_GST1_PLUGINS_BAD_LIB_OPENGL_OPENGL is not set +# BR2_PACKAGE_GST1_PLUGINS_BAD_LIB_OPENGL_GLES2 is not set +# BR2_PACKAGE_GST1_PLUGINS_BAD_LIB_OPENGL_GLX is not set +# BR2_PACKAGE_GST1_PLUGINS_BAD_LIB_OPENGL_EGL is not set +# BR2_PACKAGE_GST1_PLUGINS_BAD_LIB_OPENGL_X11 is not set +# BR2_PACKAGE_GST1_PLUGINS_BAD_LIB_OPENGL_WAYLAND is not set +# BR2_PACKAGE_GST1_PLUGINS_BAD_LIB_OPENGL_DISPMANX is not set +# BR2_PACKAGE_GST1_PLUGINS_BAD_PLUGIN_AUDIOMIXER is not set +# BR2_PACKAGE_GST1_PLUGINS_UGLY_PLUGIN_LAME is not set +# BR2_PACKAGE_GST1_PLUGINS_UGLY_PLUGIN_MPG123 is not set +# BR2_GDB_VERSION_7_11 is not set +# BR2_GDB_VERSION_7_10 is not set + +# +# Legacy options removed in 2018.05 +# +# BR2_PACKAGE_MEDIAART_BACKEND_NONE is not set +# BR2_PACKAGE_MEDIAART_BACKEND_GDK_PIXBUF is not set +# BR2_PACKAGE_MEDIAART_BACKEND_QT is not set +# BR2_PACKAGE_TI_SGX_AM335X is not set +# BR2_PACKAGE_TI_SGX_AM437X is not set +# BR2_PACKAGE_TI_SGX_AM4430 is not set +# BR2_PACKAGE_TI_SGX_AM5430 is not set +# BR2_PACKAGE_JANUS_AUDIO_BRIDGE is not set +# BR2_PACKAGE_JANUS_ECHO_TEST is not set +# BR2_PACKAGE_JANUS_RECORDPLAY is not set +# BR2_PACKAGE_JANUS_SIP_GATEWAY is not set +# BR2_PACKAGE_JANUS_STREAMING is not set +# BR2_PACKAGE_JANUS_TEXT_ROOM is not set +# BR2_PACKAGE_JANUS_VIDEO_CALL is not set +# BR2_PACKAGE_JANUS_VIDEO_ROOM is not set +# BR2_PACKAGE_JANUS_MQTT is not set +# BR2_PACKAGE_JANUS_RABBITMQ is not set +# BR2_PACKAGE_JANUS_REST is not set +# BR2_PACKAGE_JANUS_UNIX_SOCKETS is not set +# BR2_PACKAGE_JANUS_WEBSOCKETS is not set +# BR2_PACKAGE_IPSEC_SECCTX_DISABLE is not set +# BR2_PACKAGE_IPSEC_SECCTX_ENABLE is not set +# BR2_PACKAGE_IPSEC_SECCTX_KERNEL is not set +# BR2_PACKAGE_LIBTFDI_CPP is not set +# BR2_PACKAGE_JQUERY_UI_THEME_BLACK_TIE is not set +# BR2_PACKAGE_JQUERY_UI_THEME_BLITZER is not set +# BR2_PACKAGE_JQUERY_UI_THEME_CUPERTINO is not set +# BR2_PACKAGE_JQUERY_UI_THEME_DARK_HIVE is not set +# BR2_PACKAGE_JQUERY_UI_THEME_DOT_LUV is not set +# BR2_PACKAGE_JQUERY_UI_THEME_EGGPLANT is not set +# BR2_PACKAGE_JQUERY_UI_THEME_EXCITE_BIKE is not set +# BR2_PACKAGE_JQUERY_UI_THEME_FLICK is not set +# BR2_PACKAGE_JQUERY_UI_THEME_HOT_SNEAKS is not set +# BR2_PACKAGE_JQUERY_UI_THEME_HUMANITY is not set +# BR2_PACKAGE_JQUERY_UI_THEME_LE_FROG is not set +# BR2_PACKAGE_JQUERY_UI_THEME_MINT_CHOC is not set +# BR2_PACKAGE_JQUERY_UI_THEME_OVERCAST is not set +# BR2_PACKAGE_JQUERY_UI_THEME_PEPPER_GRINDER is not set +# BR2_PACKAGE_JQUERY_UI_THEME_REDMOND is not set +# BR2_PACKAGE_JQUERY_UI_THEME_SMOOTHNESS is not set +# BR2_PACKAGE_JQUERY_UI_THEME_SOUTH_STREET is not set +# BR2_PACKAGE_JQUERY_UI_THEME_START is not set +# BR2_PACKAGE_JQUERY_UI_THEME_SUNNY is not set +# BR2_PACKAGE_JQUERY_UI_THEME_SWANKY_PURSE is not set +# BR2_PACKAGE_JQUERY_UI_THEME_TRONTASTIC is not set +# BR2_PACKAGE_JQUERY_UI_THEME_UI_DARKNESS is not set +# BR2_PACKAGE_JQUERY_UI_THEME_UI_LIGHTNESS is not set +# BR2_PACKAGE_JQUERY_UI_THEME_VADER is not set +# BR2_PACKAGE_BLUEZ5_PLUGINS_HEALTH is not set +# BR2_PACKAGE_BLUEZ5_PLUGINS_MIDI is not set +# BR2_PACKAGE_BLUEZ5_PLUGINS_NFC is not set +# BR2_PACKAGE_BLUEZ5_PLUGINS_SAP is not set +# BR2_PACKAGE_BLUEZ5_PLUGINS_SIXAXIS is not set +# BR2_PACKAGE_TRANSMISSION_REMOTE is not set +# BR2_PACKAGE_LIBKCAPI_APPS is not set +# BR2_PACKAGE_MPLAYER is not set +# BR2_PACKAGE_MPLAYER_MPLAYER is not set +# BR2_PACKAGE_MPLAYER_MENCODER is not set +# BR2_PACKAGE_LIBPLAYER_MPLAYER is not set +# BR2_PACKAGE_IQVLINUX is not set +# BR2_BINFMT_FLAT_SEP_DATA is not set +# BR2_bfin is not set +# BR2_PACKAGE_KODI_ADSP_BASIC is not set +# BR2_PACKAGE_KODI_ADSP_FREESURROUND is not set + +# +# Legacy options removed in 2018.02 +# +# BR2_KERNEL_HEADERS_3_4 is not set +# BR2_KERNEL_HEADERS_3_10 is not set +# BR2_KERNEL_HEADERS_3_12 is not set +# BR2_BINUTILS_VERSION_2_27_X is not set +# BR2_PACKAGE_EEPROG is not set +# BR2_PACKAGE_GNUPG2_GPGV2 is not set +# BR2_PACKAGE_IMX_GPU_VIV_APITRACE is not set +# BR2_PACKAGE_IMX_GPU_VIV_G2D is not set + +# +# Legacy options removed in 2017.11 +# +# BR2_PACKAGE_RFKILL is not set +# BR2_PACKAGE_UTIL_LINUX_RESET is not set +# BR2_PACKAGE_POLICYCOREUTILS_AUDIT2ALLOW is not set +# BR2_PACKAGE_POLICYCOREUTILS_RESTORECOND is not set +# BR2_PACKAGE_SEPOLGEN is not set +# BR2_PACKAGE_OPENOBEX_BLUEZ is not set +# BR2_PACKAGE_OPENOBEX_LIBUSB is not set +# BR2_PACKAGE_OPENOBEX_APPS is not set +# BR2_PACKAGE_OPENOBEX_SYSLOG is not set +# BR2_PACKAGE_OPENOBEX_DUMP is not set +# BR2_PACKAGE_AICCU is not set +# BR2_PACKAGE_UTIL_LINUX_LOGIN_UTILS is not set + +# +# Legacy options removed in 2017.08 +# +# BR2_TARGET_GRUB is not set +# BR2_PACKAGE_SIMICSFS is not set +# BR2_BINUTILS_VERSION_2_26_X is not set +BR2_XTENSA_OVERLAY_DIR="" +BR2_XTENSA_CUSTOM_NAME="" +# BR2_PACKAGE_HOST_MKE2IMG is not set +BR2_TARGET_ROOTFS_EXT2_BLOCKS=0 +BR2_TARGET_ROOTFS_EXT2_EXTRA_INODES=0 +# BR2_PACKAGE_GST1_PLUGINS_BAD_PLUGIN_CDXAPARSE is not set +# BR2_PACKAGE_GST1_PLUGINS_BAD_PLUGIN_DATAURISRC is not set +# BR2_PACKAGE_GST1_PLUGINS_BAD_PLUGIN_DCCP is not set +# BR2_PACKAGE_GST1_PLUGINS_BAD_PLUGIN_HDVPARSE is not set +# BR2_PACKAGE_GST1_PLUGINS_BAD_PLUGIN_MVE is not set +# BR2_PACKAGE_GST1_PLUGINS_BAD_PLUGIN_NUVDEMUX is not set +# BR2_PACKAGE_GST1_PLUGINS_BAD_PLUGIN_PATCHDETECT is not set +# BR2_PACKAGE_GST1_PLUGINS_BAD_PLUGIN_SDI is not set +# BR2_PACKAGE_GST1_PLUGINS_BAD_PLUGIN_TTA is not set +# BR2_PACKAGE_GST1_PLUGINS_BAD_PLUGIN_VIDEOMEASURE is not set +# BR2_PACKAGE_GST1_PLUGINS_BAD_PLUGIN_APEXSINK is not set +# BR2_PACKAGE_GST1_PLUGINS_BAD_PLUGIN_SDL is not set +# BR2_PACKAGE_GST1_PLUGINS_UGLY_PLUGIN_MAD is not set +# BR2_STRIP_none is not set +# BR2_PACKAGE_BEECRYPT_CPP is not set +# BR2_PACKAGE_SPICE_CLIENT is not set +# BR2_PACKAGE_SPICE_GUI is not set +# BR2_PACKAGE_SPICE_TUNNEL is not set +# BR2_PACKAGE_INPUT_TOOLS is not set +# BR2_PACKAGE_INPUT_TOOLS_INPUTATTACH is not set +# BR2_PACKAGE_INPUT_TOOLS_JSCAL is not set +# BR2_PACKAGE_INPUT_TOOLS_JSTEST is not set +# BR2_TOOLCHAIN_EXTERNAL_CODESOURCERY_SH is not set +# BR2_TOOLCHAIN_EXTERNAL_CODESOURCERY_X86 is not set +# BR2_GCC_VERSION_4_8_X is not set + +# +# Legacy options removed in 2017.05 +# +# BR2_PACKAGE_SUNXI_MALI_R2P4 is not set +# BR2_PACKAGE_NODEJS_MODULES_COFFEESCRIPT is not set +# BR2_PACKAGE_NODEJS_MODULES_EXPRESS is not set +# BR2_PACKAGE_BLUEZ5_UTILS_GATTTOOL is not set +# BR2_PACKAGE_OPENOCD_FT2XXX is not set +# BR2_PACKAGE_KODI_RTMPDUMP is not set +# BR2_PACKAGE_KODI_VISUALISATION_FOUNTAIN is not set +# BR2_PACKAGE_PORTMAP is not set +# BR2_BINUTILS_VERSION_2_25_X is not set +# BR2_TOOLCHAIN_BUILDROOT_INET_RPC is not set +BR2_TARGET_ROOTFS_EXT2_EXTRA_BLOCKS=0 +# BR2_PACKAGE_SYSTEMD_KDBUS is not set +# BR2_PACKAGE_POLARSSL is not set +# BR2_NBD_CLIENT is not set +# BR2_NBD_SERVER is not set +# BR2_PACKAGE_GMOCK is not set +# BR2_KERNEL_HEADERS_4_8 is not set +# BR2_KERNEL_HEADERS_3_18 is not set +# BR2_GLIBC_VERSION_2_22 is not set + +# +# Legacy options removed in 2017.02 +# +# BR2_PACKAGE_PERL_DB_FILE is not set +# BR2_KERNEL_HEADERS_4_7 is not set +# BR2_KERNEL_HEADERS_4_6 is not set +# BR2_KERNEL_HEADERS_4_5 is not set +# BR2_KERNEL_HEADERS_3_14 is not set +# BR2_TOOLCHAIN_EXTERNAL_MUSL_CROSS is not set +# BR2_UCLIBC_INSTALL_TEST_SUITE is not set +# BR2_TOOLCHAIN_EXTERNAL_BLACKFIN_UCLINUX is not set +# BR2_PACKAGE_MAKEDEVS is not set +# BR2_TOOLCHAIN_EXTERNAL_ARAGO_ARMV7A is not set +# BR2_TOOLCHAIN_EXTERNAL_ARAGO_ARMV5TE is not set +# BR2_PACKAGE_SNOWBALL_HDMISERVICE is not set +# BR2_PACKAGE_SNOWBALL_INIT is not set +# BR2_GDB_VERSION_7_9 is not set + +# +# Legacy options removed in 2016.11 +# +# BR2_PACKAGE_PHP_SAPI_CLI_CGI is not set +# BR2_PACKAGE_PHP_SAPI_CLI_FPM is not set +# BR2_PACKAGE_WVSTREAMS is not set +# BR2_PACKAGE_WVDIAL is not set +# BR2_PACKAGE_WEBKITGTK24 is not set +# BR2_PACKAGE_TORSMO is not set +# BR2_PACKAGE_SSTRIP is not set +# BR2_KERNEL_HEADERS_4_3 is not set +# BR2_KERNEL_HEADERS_4_2 is not set +# BR2_PACKAGE_KODI_ADDON_XVDR is not set +# BR2_PACKAGE_IPKG is not set +# BR2_GCC_VERSION_4_7_X is not set +# BR2_BINUTILS_VERSION_2_24_X is not set +# BR2_PACKAGE_WESTON_RPI is not set +# BR2_LINUX_KERNEL_TOOL_CPUPOWER is not set +# BR2_LINUX_KERNEL_TOOL_PERF is not set +# BR2_LINUX_KERNEL_TOOL_SELFTESTS is not set +# BR2_GCC_VERSION_4_8_ARC is not set +# BR2_KERNEL_HEADERS_4_0 is not set +# BR2_KERNEL_HEADERS_3_19 is not set +# BR2_PACKAGE_LIBEVAS_GENERIC_LOADERS is not set +# BR2_PACKAGE_ELEMENTARY is not set +# BR2_LINUX_KERNEL_CUSTOM_LOCAL is not set + +# +# Legacy options removed in 2016.08 +# +# BR2_PACKAGE_EFL_JP2K is not set +# BR2_PACKAGE_SYSTEMD_COMPAT is not set +# BR2_PACKAGE_GST1_PLUGINS_BAD_PLUGIN_LIVEADDER is not set +# BR2_PACKAGE_LIBFSLVPUWRAP is not set +# BR2_PACKAGE_LIBFSLPARSER is not set +# BR2_PACKAGE_LIBFSLCODEC is not set +# BR2_PACKAGE_UBOOT_TOOLS_MKIMAGE_FIT_SIGNATURE_SUPPORT is not set +# BR2_PTHREADS_OLD is not set +# BR2_BINUTILS_VERSION_2_23_X is not set +# BR2_TOOLCHAIN_BUILDROOT_EGLIBC is not set +# BR2_GDB_VERSION_7_8 is not set + +# +# Legacy options removed in 2016.05 +# +# BR2_PACKAGE_OPENVPN_CRYPTO_POLARSSL is not set +# BR2_PACKAGE_NGINX_HTTP_SPDY_MODULE is not set +# BR2_PACKAGE_GST1_PLUGINS_BAD_PLUGIN_RTP is not set +# BR2_PACKAGE_GST1_PLUGINS_BAD_PLUGIN_MPG123 is not set +# BR2_TOOLCHAIN_EXTERNAL_CODESOURCERY_POWERPC is not set +# BR2_TOOLCHAIN_EXTERNAL_CODESOURCERY_POWERPC_E500V2 is not set +# BR2_x86_i386 is not set +# BR2_PACKAGE_QT5QUICK1 is not set +BR2_TARGET_UBOOT_CUSTOM_PATCH_DIR="" +# BR2_PACKAGE_XDRIVER_XF86_INPUT_VOID is not set +# BR2_KERNEL_HEADERS_3_17 is not set +# BR2_GDB_VERSION_7_7 is not set +# BR2_PACKAGE_FOOMATIC_FILTERS is not set +# BR2_PACKAGE_SAMBA is not set +# BR2_PACKAGE_KODI_WAVPACK is not set +# BR2_PACKAGE_KODI_RSXS is not set +# BR2_PACKAGE_KODI_GOOM is not set +# BR2_PACKAGE_SYSTEMD_ALL_EXTRAS is not set +# BR2_GCC_VERSION_4_5_X is not set +# BR2_PACKAGE_SQLITE_READLINE is not set + +# +# Legacy options removed in 2016.02 +# +# BR2_PACKAGE_DOVECOT_BZIP2 is not set +# BR2_PACKAGE_DOVECOT_ZLIB is not set +# BR2_PACKAGE_E2FSPROGS_FINDFS is not set +# BR2_PACKAGE_OPENPOWERLINK_DEBUG_LEVEL is not set +# BR2_PACKAGE_OPENPOWERLINK_KERNEL_MODULE is not set +# BR2_PACKAGE_OPENPOWERLINK_LIBPCAP is not set +# BR2_LINUX_KERNEL_SAME_AS_HEADERS is not set +# BR2_PACKAGE_CUPS_PDFTOPS is not set +# BR2_KERNEL_HEADERS_3_16 is not set +# BR2_PACKAGE_PYTHON_PYXML is not set +# BR2_ENABLE_SSP is not set +# BR2_PACKAGE_DIRECTFB_CLE266 is not set +# BR2_PACKAGE_DIRECTFB_UNICHROME is not set +# BR2_PACKAGE_LIBELEMENTARY is not set +# BR2_PACKAGE_LIBEINA is not set +# BR2_PACKAGE_LIBEET is not set +# BR2_PACKAGE_LIBEVAS is not set +# BR2_PACKAGE_LIBECORE is not set +# BR2_PACKAGE_LIBEDBUS is not set +# BR2_PACKAGE_LIBEFREET is not set +# BR2_PACKAGE_LIBEIO is not set +# BR2_PACKAGE_LIBEMBRYO is not set +# BR2_PACKAGE_LIBEDJE is not set +# BR2_PACKAGE_LIBETHUMB is not set +# BR2_PACKAGE_INFOZIP is not set +# BR2_BR2_PACKAGE_NODEJS_0_10_X is not set +# BR2_BR2_PACKAGE_NODEJS_0_12_X is not set +# BR2_BR2_PACKAGE_NODEJS_4_X is not set + +# +# Legacy options removed in 2015.11 +# +# BR2_PACKAGE_GST1_PLUGINS_BAD_PLUGIN_REAL is not set +# BR2_PACKAGE_MEDIA_CTL is not set +# BR2_PACKAGE_SCHIFRA is not set +# BR2_PACKAGE_ZXING is not set +# BR2_PACKAGE_BLACKBOX is not set +# BR2_KERNEL_HEADERS_3_0 is not set +# BR2_KERNEL_HEADERS_3_11 is not set +# BR2_KERNEL_HEADERS_3_13 is not set +# BR2_KERNEL_HEADERS_3_15 is not set +# BR2_PACKAGE_DIRECTFB_EXAMPLES_ANDI is not set +# BR2_PACKAGE_DIRECTFB_EXAMPLES_BLTLOAD is not set +# BR2_PACKAGE_DIRECTFB_EXAMPLES_CPULOAD is not set +# BR2_PACKAGE_DIRECTFB_EXAMPLES_DATABUFFER is not set +# BR2_PACKAGE_DIRECTFB_EXAMPLES_DIOLOAD is not set +# BR2_PACKAGE_DIRECTFB_EXAMPLES_DOK is not set +# BR2_PACKAGE_DIRECTFB_EXAMPLES_DRIVERTEST is not set +# BR2_PACKAGE_DIRECTFB_EXAMPLES_FIRE is not set +# BR2_PACKAGE_DIRECTFB_EXAMPLES_FLIP is not set +# BR2_PACKAGE_DIRECTFB_EXAMPLES_FONTS is not set +# BR2_PACKAGE_DIRECTFB_EXAMPLES_INPUT is not set +# BR2_PACKAGE_DIRECTFB_EXAMPLES_JOYSTICK is not set +# BR2_PACKAGE_DIRECTFB_EXAMPLES_KNUCKLES is not set +# BR2_PACKAGE_DIRECTFB_EXAMPLES_LAYER is not set +# BR2_PACKAGE_DIRECTFB_EXAMPLES_MATRIX is not set +# BR2_PACKAGE_DIRECTFB_EXAMPLES_MATRIX_WATER is not set +# BR2_PACKAGE_DIRECTFB_EXAMPLES_NEO is not set +# BR2_PACKAGE_DIRECTFB_EXAMPLES_NETLOAD is not set +# BR2_PACKAGE_DIRECTFB_EXAMPLES_PALETTE is not set +# BR2_PACKAGE_DIRECTFB_EXAMPLES_PARTICLE is not set +# BR2_PACKAGE_DIRECTFB_EXAMPLES_PORTER is not set +# BR2_PACKAGE_DIRECTFB_EXAMPLES_STRESS is not set +# BR2_PACKAGE_DIRECTFB_EXAMPLES_TEXTURE is not set +# BR2_PACKAGE_DIRECTFB_EXAMPLES_VIDEO is not set +# BR2_PACKAGE_DIRECTFB_EXAMPLES_VIDEO_PARTICLE is not set +# BR2_PACKAGE_DIRECTFB_EXAMPLES_WINDOW is not set +# BR2_PACKAGE_KOBS_NG is not set +# BR2_PACKAGE_SAWMAN is not set +# BR2_PACKAGE_DIVINE is not set + +# +# Legacy options removed in 2015.08 +# +# BR2_PACKAGE_KODI_PVR_ADDONS is not set +# BR2_BINUTILS_VERSION_2_23_2 is not set +# BR2_BINUTILS_VERSION_2_24 is not set +# BR2_BINUTILS_VERSION_2_25 is not set +# BR2_PACKAGE_PERF is not set +# BR2_BINUTILS_VERSION_2_22 is not set +# BR2_PACKAGE_GPU_VIV_BIN_MX6Q is not set +# BR2_TARGET_UBOOT_NETWORK is not set + +# +# External options +# + +# +# +# Provides NAT20 related packages package. +# +BR2_PACKAGE_NAT20LIB=y diff --git a/examples/linux/br_external/configs/qemu_linux_defconfig b/examples/linux/br_external/configs/qemu_linux_defconfig new file mode 100644 index 00000000..b5873aa6 --- /dev/null +++ b/examples/linux/br_external/configs/qemu_linux_defconfig @@ -0,0 +1,3888 @@ +# +# Automatically generated file; DO NOT EDIT. +# Linux/x86_64 6.12.47 Kernel Configuration +# +CONFIG_CC_VERSION_TEXT="x86_64-buildroot-linux-gnu-gcc.br_real (Buildroot 2025.08.1) 14.3.0" +CONFIG_CC_IS_GCC=y +CONFIG_GCC_VERSION=140300 +CONFIG_CLANG_VERSION=0 +CONFIG_AS_IS_GNU=y +CONFIG_AS_VERSION=24301 +CONFIG_LD_IS_BFD=y +CONFIG_LD_VERSION=24301 +CONFIG_LLD_VERSION=0 +CONFIG_RUSTC_VERSION=108500 +CONFIG_RUSTC_LLVM_VERSION=190107 +CONFIG_CC_CAN_LINK=y +CONFIG_CC_CAN_LINK_STATIC=y +CONFIG_CC_HAS_ASM_GOTO_OUTPUT=y +CONFIG_CC_HAS_ASM_GOTO_TIED_OUTPUT=y +CONFIG_TOOLS_SUPPORT_RELR=y +CONFIG_CC_HAS_ASM_INLINE=y +CONFIG_CC_HAS_NO_PROFILE_FN_ATTR=y +CONFIG_LD_CAN_USE_KEEP_IN_OVERLAY=y +CONFIG_PAHOLE_VERSION=0 +CONFIG_IRQ_WORK=y +CONFIG_BUILDTIME_TABLE_SORT=y +CONFIG_THREAD_INFO_IN_TASK=y + +# +# General setup +# +CONFIG_INIT_ENV_ARG_LIMIT=32 +# CONFIG_COMPILE_TEST is not set +# CONFIG_WERROR is not set +CONFIG_LOCALVERSION="" +CONFIG_LOCALVERSION_AUTO=y +CONFIG_BUILD_SALT="" +CONFIG_HAVE_KERNEL_GZIP=y +CONFIG_HAVE_KERNEL_BZIP2=y +CONFIG_HAVE_KERNEL_LZMA=y +CONFIG_HAVE_KERNEL_XZ=y +CONFIG_HAVE_KERNEL_LZO=y +CONFIG_HAVE_KERNEL_LZ4=y +CONFIG_HAVE_KERNEL_ZSTD=y +CONFIG_KERNEL_GZIP=y +# CONFIG_KERNEL_BZIP2 is not set +# CONFIG_KERNEL_LZMA is not set +# CONFIG_KERNEL_XZ is not set +# CONFIG_KERNEL_LZO is not set +# CONFIG_KERNEL_LZ4 is not set +# CONFIG_KERNEL_ZSTD is not set +CONFIG_DEFAULT_INIT="" +CONFIG_DEFAULT_HOSTNAME="(none)" +CONFIG_SYSVIPC=y +CONFIG_SYSVIPC_SYSCTL=y +# CONFIG_POSIX_MQUEUE is not set +# CONFIG_WATCH_QUEUE is not set +CONFIG_CROSS_MEMORY_ATTACH=y +# CONFIG_USELIB is not set +# CONFIG_AUDIT is not set +CONFIG_HAVE_ARCH_AUDITSYSCALL=y + +# +# IRQ subsystem +# +CONFIG_GENERIC_IRQ_PROBE=y +CONFIG_GENERIC_IRQ_SHOW=y +CONFIG_GENERIC_IRQ_EFFECTIVE_AFF_MASK=y +CONFIG_GENERIC_PENDING_IRQ=y +CONFIG_GENERIC_IRQ_MIGRATION=y +CONFIG_HARDIRQS_SW_RESEND=y +CONFIG_IRQ_DOMAIN=y +CONFIG_IRQ_DOMAIN_HIERARCHY=y +CONFIG_IRQ_MSI_IOMMU=y +CONFIG_GENERIC_IRQ_MATRIX_ALLOCATOR=y +CONFIG_GENERIC_IRQ_RESERVATION_MODE=y +CONFIG_IRQ_FORCED_THREADING=y +CONFIG_SPARSE_IRQ=y +# end of IRQ subsystem + +CONFIG_CLOCKSOURCE_WATCHDOG=y +CONFIG_ARCH_CLOCKSOURCE_INIT=y +CONFIG_GENERIC_TIME_VSYSCALL=y +CONFIG_GENERIC_CLOCKEVENTS=y +CONFIG_GENERIC_CLOCKEVENTS_BROADCAST=y +CONFIG_GENERIC_CLOCKEVENTS_BROADCAST_IDLE=y +CONFIG_GENERIC_CLOCKEVENTS_MIN_ADJUST=y +CONFIG_GENERIC_CMOS_UPDATE=y +CONFIG_HAVE_POSIX_CPU_TIMERS_TASK_WORK=y +CONFIG_POSIX_CPU_TIMERS_TASK_WORK=y +CONFIG_CONTEXT_TRACKING=y +CONFIG_CONTEXT_TRACKING_IDLE=y + +# +# Timers subsystem +# +CONFIG_HZ_PERIODIC=y +# CONFIG_NO_HZ_IDLE is not set +# CONFIG_NO_HZ_FULL is not set +# CONFIG_NO_HZ is not set +# CONFIG_HIGH_RES_TIMERS is not set +CONFIG_CLOCKSOURCE_WATCHDOG_MAX_SKEW_US=125 +# end of Timers subsystem + +CONFIG_BPF=y +CONFIG_HAVE_EBPF_JIT=y +CONFIG_ARCH_WANT_DEFAULT_BPF_JIT=y + +# +# BPF subsystem +# +# CONFIG_BPF_SYSCALL is not set +# CONFIG_BPF_JIT is not set +# end of BPF subsystem + +CONFIG_PREEMPT_BUILD=y +CONFIG_PREEMPT_NONE=y +# CONFIG_PREEMPT_VOLUNTARY is not set +# CONFIG_PREEMPT is not set +CONFIG_PREEMPT_COUNT=y +CONFIG_PREEMPTION=y +CONFIG_PREEMPT_DYNAMIC=y +# CONFIG_SCHED_CORE is not set + +# +# CPU/Task time and stats accounting +# +CONFIG_TICK_CPU_ACCOUNTING=y +# CONFIG_VIRT_CPU_ACCOUNTING_GEN is not set +# CONFIG_IRQ_TIME_ACCOUNTING is not set +# CONFIG_BSD_PROCESS_ACCT is not set +# CONFIG_TASKSTATS is not set +# CONFIG_PSI is not set +# end of CPU/Task time and stats accounting + +CONFIG_CPU_ISOLATION=y + +# +# RCU Subsystem +# +CONFIG_TREE_RCU=y +CONFIG_PREEMPT_RCU=y +# CONFIG_RCU_EXPERT is not set +CONFIG_TREE_SRCU=y +CONFIG_RCU_STALL_COMMON=y +CONFIG_RCU_NEED_SEGCBLIST=y +# end of RCU Subsystem + +# CONFIG_IKCONFIG is not set +# CONFIG_IKHEADERS is not set +CONFIG_LOG_BUF_SHIFT=17 +CONFIG_LOG_CPU_MAX_BUF_SHIFT=12 +CONFIG_HAVE_UNSTABLE_SCHED_CLOCK=y + +# +# Scheduler features +# +# CONFIG_UCLAMP_TASK is not set +# end of Scheduler features + +CONFIG_ARCH_SUPPORTS_NUMA_BALANCING=y +CONFIG_ARCH_WANT_BATCHED_UNMAP_TLB_FLUSH=y +CONFIG_CC_HAS_INT128=y +CONFIG_CC_IMPLICIT_FALLTHROUGH="-Wimplicit-fallthrough=5" +CONFIG_GCC10_NO_ARRAY_BOUNDS=y +CONFIG_CC_NO_ARRAY_BOUNDS=y +CONFIG_GCC_NO_STRINGOP_OVERFLOW=y +CONFIG_CC_NO_STRINGOP_OVERFLOW=y +CONFIG_ARCH_SUPPORTS_INT128=y +CONFIG_CGROUPS=y +# CONFIG_CGROUP_FAVOR_DYNMODS is not set +# CONFIG_MEMCG is not set +# CONFIG_BLK_CGROUP is not set +# CONFIG_CGROUP_SCHED is not set +CONFIG_SCHED_MM_CID=y +# CONFIG_CGROUP_PIDS is not set +# CONFIG_CGROUP_RDMA is not set +# CONFIG_CGROUP_FREEZER is not set +# CONFIG_CPUSETS is not set +# CONFIG_CGROUP_DEVICE is not set +# CONFIG_CGROUP_CPUACCT is not set +# CONFIG_CGROUP_PERF is not set +# CONFIG_CGROUP_MISC is not set +CONFIG_NAMESPACES=y +CONFIG_UTS_NS=y +CONFIG_TIME_NS=y +CONFIG_IPC_NS=y +# CONFIG_USER_NS is not set +CONFIG_PID_NS=y +CONFIG_NET_NS=y +# CONFIG_CHECKPOINT_RESTORE is not set +# CONFIG_SCHED_AUTOGROUP is not set +# CONFIG_RELAY is not set +# CONFIG_BLK_DEV_INITRD is not set +# CONFIG_BOOT_CONFIG is not set +CONFIG_INITRAMFS_PRESERVE_MTIME=y +CONFIG_CC_OPTIMIZE_FOR_PERFORMANCE=y +# CONFIG_CC_OPTIMIZE_FOR_SIZE is not set +CONFIG_LD_ORPHAN_WARN=y +CONFIG_LD_ORPHAN_WARN_LEVEL="warn" +CONFIG_SYSCTL=y +CONFIG_SYSCTL_EXCEPTION_TRACE=y +CONFIG_HAVE_PCSPKR_PLATFORM=y +# CONFIG_EXPERT is not set +CONFIG_MULTIUSER=y +CONFIG_SGETMASK_SYSCALL=y +CONFIG_SYSFS_SYSCALL=y +CONFIG_FHANDLE=y +CONFIG_POSIX_TIMERS=y +CONFIG_PRINTK=y +CONFIG_BUG=y +CONFIG_ELF_CORE=y +CONFIG_PCSPKR_PLATFORM=y +CONFIG_FUTEX=y +CONFIG_FUTEX_PI=y +CONFIG_EPOLL=y +CONFIG_SIGNALFD=y +CONFIG_TIMERFD=y +CONFIG_EVENTFD=y +CONFIG_SHMEM=y +CONFIG_AIO=y +CONFIG_IO_URING=y +CONFIG_ADVISE_SYSCALLS=y +CONFIG_MEMBARRIER=y +CONFIG_KCMP=y +CONFIG_RSEQ=y +CONFIG_CACHESTAT_SYSCALL=y +CONFIG_KALLSYMS=y +# CONFIG_KALLSYMS_SELFTEST is not set +CONFIG_KALLSYMS_ABSOLUTE_PERCPU=y +CONFIG_ARCH_HAS_MEMBARRIER_SYNC_CORE=y +CONFIG_HAVE_PERF_EVENTS=y + +# +# Kernel Performance Events And Counters +# +CONFIG_PERF_EVENTS=y +# end of Kernel Performance Events And Counters + +# CONFIG_PROFILING is not set + +# +# Kexec and crash features +# +# CONFIG_KEXEC is not set +# CONFIG_KEXEC_FILE is not set +# end of Kexec and crash features +# end of General setup + +CONFIG_64BIT=y +CONFIG_X86_64=y +CONFIG_X86=y +CONFIG_INSTRUCTION_DECODER=y +CONFIG_OUTPUT_FORMAT="elf64-x86-64" +CONFIG_LOCKDEP_SUPPORT=y +CONFIG_STACKTRACE_SUPPORT=y +CONFIG_MMU=y +CONFIG_ARCH_MMAP_RND_BITS_MIN=28 +CONFIG_ARCH_MMAP_RND_BITS_MAX=32 +CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MIN=8 +CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MAX=16 +CONFIG_GENERIC_ISA_DMA=y +CONFIG_GENERIC_BUG=y +CONFIG_GENERIC_BUG_RELATIVE_POINTERS=y +CONFIG_ARCH_MAY_HAVE_PC_FDC=y +CONFIG_GENERIC_CALIBRATE_DELAY=y +CONFIG_ARCH_HAS_CPU_RELAX=y +CONFIG_ARCH_HIBERNATION_POSSIBLE=y +CONFIG_ARCH_SUSPEND_POSSIBLE=y +CONFIG_AUDIT_ARCH=y +CONFIG_X86_64_SMP=y +CONFIG_ARCH_SUPPORTS_UPROBES=y +CONFIG_FIX_EARLYCON_MEM=y +CONFIG_PGTABLE_LEVELS=5 +CONFIG_CC_HAS_SANE_STACKPROTECTOR=y + +# +# Processor type and features +# +CONFIG_SMP=y +# CONFIG_X86_X2APIC is not set +CONFIG_X86_MPPARSE=y +# CONFIG_X86_CPU_RESCTRL is not set +# CONFIG_X86_FRED is not set +CONFIG_X86_EXTENDED_PLATFORM=y +# CONFIG_X86_VSMP is not set +# CONFIG_X86_GOLDFISH is not set +# CONFIG_X86_INTEL_MID is not set +# CONFIG_X86_INTEL_LPSS is not set +# CONFIG_X86_AMD_PLATFORM_DEVICE is not set +# CONFIG_IOSF_MBI is not set +CONFIG_X86_SUPPORTS_MEMORY_FAILURE=y +CONFIG_SCHED_OMIT_FRAME_POINTER=y +CONFIG_HYPERVISOR_GUEST=y +CONFIG_PARAVIRT=y +# CONFIG_PARAVIRT_SPINLOCKS is not set +CONFIG_X86_HV_CALLBACK_VECTOR=y +# CONFIG_XEN is not set +CONFIG_KVM_GUEST=y +CONFIG_ARCH_CPUIDLE_HALTPOLL=y +# CONFIG_PVH is not set +# CONFIG_PARAVIRT_TIME_ACCOUNTING is not set +CONFIG_PARAVIRT_CLOCK=y +# CONFIG_JAILHOUSE_GUEST is not set +# CONFIG_ACRN_GUEST is not set +# CONFIG_MK8 is not set +# CONFIG_MPSC is not set +# CONFIG_MCORE2 is not set +# CONFIG_MATOM is not set +CONFIG_GENERIC_CPU=y +CONFIG_X86_INTERNODE_CACHE_SHIFT=6 +CONFIG_X86_L1_CACHE_SHIFT=6 +CONFIG_X86_TSC=y +CONFIG_X86_HAVE_PAE=y +CONFIG_X86_CMPXCHG64=y +CONFIG_X86_CMOV=y +CONFIG_X86_MINIMUM_CPU_FAMILY=64 +CONFIG_X86_DEBUGCTLMSR=y +CONFIG_IA32_FEAT_CTL=y +CONFIG_X86_VMX_FEATURE_NAMES=y +CONFIG_CPU_SUP_INTEL=y +CONFIG_CPU_SUP_AMD=y +CONFIG_CPU_SUP_HYGON=y +CONFIG_CPU_SUP_CENTAUR=y +CONFIG_CPU_SUP_ZHAOXIN=y +CONFIG_HPET_TIMER=y +CONFIG_DMI=y +# CONFIG_GART_IOMMU is not set +CONFIG_NR_CPUS_RANGE_BEGIN=2 +CONFIG_NR_CPUS_RANGE_END=512 +CONFIG_NR_CPUS_DEFAULT=64 +CONFIG_NR_CPUS=64 +CONFIG_SCHED_CLUSTER=y +CONFIG_SCHED_SMT=y +CONFIG_SCHED_MC=y +CONFIG_SCHED_MC_PRIO=y +CONFIG_X86_LOCAL_APIC=y +CONFIG_ACPI_MADT_WAKEUP=y +CONFIG_X86_IO_APIC=y +# CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS is not set +CONFIG_X86_MCE=y +# CONFIG_X86_MCELOG_LEGACY is not set +CONFIG_X86_MCE_INTEL=y +CONFIG_X86_MCE_AMD=y +CONFIG_X86_MCE_THRESHOLD=y + +# +# Performance monitoring +# +CONFIG_PERF_EVENTS_INTEL_UNCORE=y +CONFIG_PERF_EVENTS_INTEL_RAPL=y +CONFIG_PERF_EVENTS_INTEL_CSTATE=y +# CONFIG_PERF_EVENTS_AMD_POWER is not set +CONFIG_PERF_EVENTS_AMD_UNCORE=y +# CONFIG_PERF_EVENTS_AMD_BRS is not set +# end of Performance monitoring + +CONFIG_X86_16BIT=y +CONFIG_X86_ESPFIX64=y +CONFIG_X86_VSYSCALL_EMULATION=y +CONFIG_X86_IOPL_IOPERM=y +CONFIG_MICROCODE=y +# CONFIG_MICROCODE_LATE_LOADING is not set +# CONFIG_X86_MSR is not set +# CONFIG_X86_CPUID is not set +CONFIG_X86_5LEVEL=y +CONFIG_X86_DIRECT_GBPAGES=y +# CONFIG_NUMA is not set +CONFIG_ARCH_SPARSEMEM_ENABLE=y +CONFIG_ARCH_SPARSEMEM_DEFAULT=y +CONFIG_ILLEGAL_POINTER_VALUE=0xdead000000000000 +# CONFIG_X86_PMEM_LEGACY is not set +# CONFIG_X86_CHECK_BIOS_CORRUPTION is not set +CONFIG_MTRR=y +CONFIG_MTRR_SANITIZER=y +CONFIG_MTRR_SANITIZER_ENABLE_DEFAULT=0 +CONFIG_MTRR_SANITIZER_SPARE_REG_NR_DEFAULT=1 +CONFIG_X86_PAT=y +CONFIG_X86_UMIP=y +CONFIG_CC_HAS_IBT=y +CONFIG_X86_CET=y +CONFIG_X86_KERNEL_IBT=y +CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS=y +CONFIG_ARCH_PKEY_BITS=4 +CONFIG_X86_INTEL_TSX_MODE_OFF=y +# CONFIG_X86_INTEL_TSX_MODE_ON is not set +# CONFIG_X86_INTEL_TSX_MODE_AUTO is not set +# CONFIG_X86_USER_SHADOW_STACK is not set +# CONFIG_EFI is not set +# CONFIG_HZ_100 is not set +CONFIG_HZ_250=y +# CONFIG_HZ_300 is not set +# CONFIG_HZ_1000 is not set +CONFIG_HZ=250 +CONFIG_ARCH_SUPPORTS_KEXEC=y +CONFIG_ARCH_SUPPORTS_KEXEC_FILE=y +CONFIG_ARCH_SUPPORTS_KEXEC_PURGATORY=y +CONFIG_ARCH_SUPPORTS_KEXEC_SIG=y +CONFIG_ARCH_SUPPORTS_KEXEC_SIG_FORCE=y +CONFIG_ARCH_SUPPORTS_KEXEC_BZIMAGE_VERIFY_SIG=y +CONFIG_ARCH_SUPPORTS_KEXEC_JUMP=y +CONFIG_ARCH_SUPPORTS_CRASH_DUMP=y +CONFIG_ARCH_DEFAULT_CRASH_DUMP=y +CONFIG_ARCH_SUPPORTS_CRASH_HOTPLUG=y +CONFIG_PHYSICAL_START=0x1000000 +CONFIG_RELOCATABLE=y +CONFIG_RANDOMIZE_BASE=y +CONFIG_X86_NEED_RELOCS=y +CONFIG_PHYSICAL_ALIGN=0x200000 +CONFIG_DYNAMIC_MEMORY_LAYOUT=y +CONFIG_RANDOMIZE_MEMORY=y +CONFIG_RANDOMIZE_MEMORY_PHYSICAL_PADDING=0x0 +CONFIG_HOTPLUG_CPU=y +CONFIG_LEGACY_VSYSCALL_XONLY=y +# CONFIG_LEGACY_VSYSCALL_NONE is not set +# CONFIG_CMDLINE_BOOL is not set +CONFIG_MODIFY_LDT_SYSCALL=y +# CONFIG_STRICT_SIGALTSTACK_SIZE is not set +CONFIG_HAVE_LIVEPATCH=y +# end of Processor type and features + +CONFIG_CC_HAS_NAMED_AS=y +CONFIG_CC_HAS_NAMED_AS_FIXED_SANITIZERS=y +CONFIG_USE_X86_SEG_SUPPORT=y +CONFIG_CC_HAS_SLS=y +CONFIG_CC_HAS_RETURN_THUNK=y +CONFIG_CC_HAS_ENTRY_PADDING=y +CONFIG_FUNCTION_PADDING_CFI=11 +CONFIG_FUNCTION_PADDING_BYTES=16 +CONFIG_CALL_PADDING=y +CONFIG_HAVE_CALL_THUNKS=y +CONFIG_CALL_THUNKS=y +CONFIG_PREFIX_SYMBOLS=y +CONFIG_CPU_MITIGATIONS=y +CONFIG_MITIGATION_PAGE_TABLE_ISOLATION=y +CONFIG_MITIGATION_RETPOLINE=y +CONFIG_MITIGATION_RETHUNK=y +CONFIG_MITIGATION_UNRET_ENTRY=y +CONFIG_MITIGATION_CALL_DEPTH_TRACKING=y +# CONFIG_CALL_THUNKS_DEBUG is not set +CONFIG_MITIGATION_IBPB_ENTRY=y +CONFIG_MITIGATION_IBRS_ENTRY=y +CONFIG_MITIGATION_SRSO=y +# CONFIG_MITIGATION_SLS is not set +CONFIG_MITIGATION_GDS=y +CONFIG_MITIGATION_RFDS=y +CONFIG_MITIGATION_SPECTRE_BHI=y +CONFIG_MITIGATION_MDS=y +CONFIG_MITIGATION_TAA=y +CONFIG_MITIGATION_MMIO_STALE_DATA=y +CONFIG_MITIGATION_L1TF=y +CONFIG_MITIGATION_RETBLEED=y +CONFIG_MITIGATION_SPECTRE_V1=y +CONFIG_MITIGATION_SPECTRE_V2=y +CONFIG_MITIGATION_SRBDS=y +CONFIG_MITIGATION_SSB=y +CONFIG_MITIGATION_ITS=y +CONFIG_MITIGATION_TSA=y +CONFIG_ARCH_HAS_ADD_PAGES=y + +# +# Power management and ACPI options +# +CONFIG_SUSPEND=y +CONFIG_SUSPEND_FREEZER=y +# CONFIG_HIBERNATION is not set +CONFIG_PM_SLEEP=y +CONFIG_PM_SLEEP_SMP=y +# CONFIG_PM_AUTOSLEEP is not set +# CONFIG_PM_USERSPACE_AUTOSLEEP is not set +# CONFIG_PM_WAKELOCKS is not set +CONFIG_PM=y +# CONFIG_PM_DEBUG is not set +# CONFIG_WQ_POWER_EFFICIENT_DEFAULT is not set +# CONFIG_ENERGY_MODEL is not set +CONFIG_ARCH_SUPPORTS_ACPI=y +CONFIG_ACPI=y +CONFIG_ACPI_LEGACY_TABLES_LOOKUP=y +CONFIG_ARCH_MIGHT_HAVE_ACPI_PDC=y +CONFIG_ACPI_SYSTEM_POWER_STATES_SUPPORT=y +CONFIG_ACPI_THERMAL_LIB=y +# CONFIG_ACPI_DEBUGGER is not set +CONFIG_ACPI_SPCR_TABLE=y +# CONFIG_ACPI_FPDT is not set +CONFIG_ACPI_LPIT=y +CONFIG_ACPI_SLEEP=y +CONFIG_ACPI_REV_OVERRIDE_POSSIBLE=y +# CONFIG_ACPI_EC_DEBUGFS is not set +CONFIG_ACPI_AC=y +CONFIG_ACPI_BATTERY=y +CONFIG_ACPI_BUTTON=y +CONFIG_ACPI_FAN=y +# CONFIG_ACPI_TAD is not set +# CONFIG_ACPI_DOCK is not set +CONFIG_ACPI_CPU_FREQ_PSS=y +CONFIG_ACPI_PROCESSOR_CSTATE=y +CONFIG_ACPI_PROCESSOR_IDLE=y +CONFIG_ACPI_CPPC_LIB=y +CONFIG_ACPI_PROCESSOR=y +CONFIG_ACPI_HOTPLUG_CPU=y +# CONFIG_ACPI_PROCESSOR_AGGREGATOR is not set +CONFIG_ACPI_THERMAL=y +CONFIG_ARCH_HAS_ACPI_TABLE_UPGRADE=y +# CONFIG_ACPI_DEBUG is not set +# CONFIG_ACPI_PCI_SLOT is not set +CONFIG_ACPI_CONTAINER=y +CONFIG_ACPI_HOTPLUG_IOAPIC=y +# CONFIG_ACPI_SBS is not set +# CONFIG_ACPI_HED is not set +CONFIG_ACPI_NHLT=y +# CONFIG_ACPI_NFIT is not set +CONFIG_HAVE_ACPI_APEI=y +CONFIG_HAVE_ACPI_APEI_NMI=y +# CONFIG_ACPI_APEI is not set +# CONFIG_ACPI_DPTF is not set +# CONFIG_ACPI_CONFIGFS is not set +# CONFIG_ACPI_PFRUT is not set +CONFIG_ACPI_PCC=y +# CONFIG_ACPI_FFH is not set +# CONFIG_PMIC_OPREGION is not set +CONFIG_X86_PM_TIMER=y + +# +# CPU Frequency scaling +# +CONFIG_CPU_FREQ=y +CONFIG_CPU_FREQ_GOV_ATTR_SET=y +# CONFIG_CPU_FREQ_STAT is not set +# CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE is not set +# CONFIG_CPU_FREQ_DEFAULT_GOV_POWERSAVE is not set +# CONFIG_CPU_FREQ_DEFAULT_GOV_USERSPACE is not set +CONFIG_CPU_FREQ_DEFAULT_GOV_SCHEDUTIL=y +CONFIG_CPU_FREQ_GOV_PERFORMANCE=y +# CONFIG_CPU_FREQ_GOV_POWERSAVE is not set +# CONFIG_CPU_FREQ_GOV_USERSPACE is not set +# CONFIG_CPU_FREQ_GOV_ONDEMAND is not set +# CONFIG_CPU_FREQ_GOV_CONSERVATIVE is not set +CONFIG_CPU_FREQ_GOV_SCHEDUTIL=y + +# +# CPU frequency scaling drivers +# +CONFIG_X86_INTEL_PSTATE=y +# CONFIG_X86_PCC_CPUFREQ is not set +CONFIG_X86_AMD_PSTATE=y +CONFIG_X86_AMD_PSTATE_DEFAULT_MODE=3 +# CONFIG_X86_AMD_PSTATE_UT is not set +# CONFIG_X86_ACPI_CPUFREQ is not set +# CONFIG_X86_SPEEDSTEP_CENTRINO is not set +# CONFIG_X86_P4_CLOCKMOD is not set + +# +# shared options +# +# end of CPU Frequency scaling + +# +# CPU Idle +# +CONFIG_CPU_IDLE=y +CONFIG_CPU_IDLE_GOV_LADDER=y +# CONFIG_CPU_IDLE_GOV_MENU is not set +# CONFIG_CPU_IDLE_GOV_TEO is not set +CONFIG_CPU_IDLE_GOV_HALTPOLL=y +CONFIG_HALTPOLL_CPUIDLE=y +# end of CPU Idle + +# CONFIG_INTEL_IDLE is not set +# end of Power management and ACPI options + +# +# Bus options (PCI etc.) +# +CONFIG_PCI_DIRECT=y +CONFIG_PCI_MMCONFIG=y +CONFIG_MMCONF_FAM10H=y +CONFIG_ISA_DMA_API=y +CONFIG_AMD_NB=y +# end of Bus options (PCI etc.) + +# +# Binary Emulations +# +# CONFIG_IA32_EMULATION is not set +# CONFIG_X86_X32_ABI is not set +# end of Binary Emulations + +CONFIG_VIRTUALIZATION=y +# CONFIG_KVM is not set +CONFIG_AS_AVX512=y +CONFIG_AS_SHA1_NI=y +CONFIG_AS_SHA256_NI=y +CONFIG_AS_TPAUSE=y +CONFIG_AS_GFNI=y +CONFIG_AS_VAES=y +CONFIG_AS_VPCLMULQDQ=y +CONFIG_AS_WRUSS=y +CONFIG_ARCH_CONFIGURES_CPU_MITIGATIONS=y + +# +# General architecture-dependent options +# +CONFIG_HOTPLUG_SMT=y +CONFIG_HOTPLUG_CORE_SYNC=y +CONFIG_HOTPLUG_CORE_SYNC_DEAD=y +CONFIG_HOTPLUG_CORE_SYNC_FULL=y +CONFIG_HOTPLUG_SPLIT_STARTUP=y +CONFIG_HOTPLUG_PARALLEL=y +CONFIG_GENERIC_ENTRY=y +# CONFIG_KPROBES is not set +# CONFIG_JUMP_LABEL is not set +# CONFIG_STATIC_CALL_SELFTEST is not set +CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS=y +CONFIG_ARCH_USE_BUILTIN_BSWAP=y +CONFIG_HAVE_IOREMAP_PROT=y +CONFIG_HAVE_KPROBES=y +CONFIG_HAVE_KRETPROBES=y +CONFIG_HAVE_OPTPROBES=y +CONFIG_HAVE_KPROBES_ON_FTRACE=y +CONFIG_ARCH_CORRECT_STACKTRACE_ON_KRETPROBE=y +CONFIG_HAVE_FUNCTION_ERROR_INJECTION=y +CONFIG_HAVE_NMI=y +CONFIG_TRACE_IRQFLAGS_SUPPORT=y +CONFIG_TRACE_IRQFLAGS_NMI_SUPPORT=y +CONFIG_HAVE_ARCH_TRACEHOOK=y +CONFIG_HAVE_DMA_CONTIGUOUS=y +CONFIG_GENERIC_SMP_IDLE_THREAD=y +CONFIG_ARCH_HAS_FORTIFY_SOURCE=y +CONFIG_ARCH_HAS_SET_MEMORY=y +CONFIG_ARCH_HAS_SET_DIRECT_MAP=y +CONFIG_ARCH_HAS_CPU_FINALIZE_INIT=y +CONFIG_HAVE_ARCH_THREAD_STRUCT_WHITELIST=y +CONFIG_ARCH_WANTS_DYNAMIC_TASK_STRUCT=y +CONFIG_ARCH_WANTS_NO_INSTR=y +CONFIG_HAVE_ASM_MODVERSIONS=y +CONFIG_HAVE_REGS_AND_STACK_ACCESS_API=y +CONFIG_HAVE_RSEQ=y +CONFIG_HAVE_RUST=y +CONFIG_HAVE_FUNCTION_ARG_ACCESS_API=y +CONFIG_HAVE_HW_BREAKPOINT=y +CONFIG_HAVE_MIXED_BREAKPOINTS_REGS=y +CONFIG_HAVE_USER_RETURN_NOTIFIER=y +CONFIG_HAVE_PERF_EVENTS_NMI=y +CONFIG_HAVE_HARDLOCKUP_DETECTOR_PERF=y +CONFIG_HAVE_PERF_REGS=y +CONFIG_HAVE_PERF_USER_STACK_DUMP=y +CONFIG_HAVE_ARCH_JUMP_LABEL=y +CONFIG_HAVE_ARCH_JUMP_LABEL_RELATIVE=y +CONFIG_MMU_GATHER_TABLE_FREE=y +CONFIG_MMU_GATHER_RCU_TABLE_FREE=y +CONFIG_MMU_GATHER_MERGE_VMAS=y +CONFIG_MMU_LAZY_TLB_REFCOUNT=y +CONFIG_ARCH_HAVE_NMI_SAFE_CMPXCHG=y +CONFIG_ARCH_HAVE_EXTRA_ELF_NOTES=y +CONFIG_ARCH_HAS_NMI_SAFE_THIS_CPU_OPS=y +CONFIG_HAVE_ALIGNED_STRUCT_PAGE=y +CONFIG_HAVE_CMPXCHG_LOCAL=y +CONFIG_HAVE_CMPXCHG_DOUBLE=y +CONFIG_HAVE_ARCH_SECCOMP=y +CONFIG_HAVE_ARCH_SECCOMP_FILTER=y +CONFIG_SECCOMP=y +CONFIG_SECCOMP_FILTER=y +# CONFIG_SECCOMP_CACHE_DEBUG is not set +CONFIG_HAVE_ARCH_STACKLEAK=y +CONFIG_HAVE_STACKPROTECTOR=y +CONFIG_STACKPROTECTOR=y +CONFIG_STACKPROTECTOR_STRONG=y +CONFIG_ARCH_SUPPORTS_LTO_CLANG=y +CONFIG_ARCH_SUPPORTS_LTO_CLANG_THIN=y +CONFIG_LTO_NONE=y +CONFIG_ARCH_SUPPORTS_CFI_CLANG=y +CONFIG_HAVE_ARCH_WITHIN_STACK_FRAMES=y +CONFIG_HAVE_CONTEXT_TRACKING_USER=y +CONFIG_HAVE_CONTEXT_TRACKING_USER_OFFSTACK=y +CONFIG_HAVE_VIRT_CPU_ACCOUNTING_GEN=y +CONFIG_HAVE_IRQ_TIME_ACCOUNTING=y +CONFIG_HAVE_MOVE_PUD=y +CONFIG_HAVE_MOVE_PMD=y +CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE=y +CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE_PUD=y +CONFIG_HAVE_ARCH_HUGE_VMAP=y +CONFIG_HAVE_ARCH_HUGE_VMALLOC=y +CONFIG_ARCH_WANT_HUGE_PMD_SHARE=y +CONFIG_HAVE_ARCH_SOFT_DIRTY=y +CONFIG_HAVE_MOD_ARCH_SPECIFIC=y +CONFIG_MODULES_USE_ELF_RELA=y +CONFIG_HAVE_IRQ_EXIT_ON_IRQ_STACK=y +CONFIG_HAVE_SOFTIRQ_ON_OWN_STACK=y +CONFIG_SOFTIRQ_ON_OWN_STACK=y +CONFIG_ARCH_HAS_ELF_RANDOMIZE=y +CONFIG_HAVE_ARCH_MMAP_RND_BITS=y +CONFIG_HAVE_EXIT_THREAD=y +CONFIG_ARCH_MMAP_RND_BITS=28 +CONFIG_HAVE_PAGE_SIZE_4KB=y +CONFIG_PAGE_SIZE_4KB=y +CONFIG_PAGE_SIZE_LESS_THAN_64KB=y +CONFIG_PAGE_SIZE_LESS_THAN_256KB=y +CONFIG_PAGE_SHIFT=12 +CONFIG_HAVE_OBJTOOL=y +CONFIG_HAVE_JUMP_LABEL_HACK=y +CONFIG_HAVE_NOINSTR_HACK=y +CONFIG_HAVE_NOINSTR_VALIDATION=y +CONFIG_HAVE_UACCESS_VALIDATION=y +CONFIG_HAVE_STACK_VALIDATION=y +# CONFIG_COMPAT_32BIT_TIME is not set +CONFIG_ARCH_SUPPORTS_RT=y +CONFIG_HAVE_ARCH_VMAP_STACK=y +CONFIG_VMAP_STACK=y +CONFIG_HAVE_ARCH_RANDOMIZE_KSTACK_OFFSET=y +CONFIG_RANDOMIZE_KSTACK_OFFSET=y +# CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT is not set +CONFIG_ARCH_HAS_STRICT_KERNEL_RWX=y +CONFIG_STRICT_KERNEL_RWX=y +CONFIG_ARCH_HAS_STRICT_MODULE_RWX=y +CONFIG_STRICT_MODULE_RWX=y +CONFIG_HAVE_ARCH_PREL32_RELOCATIONS=y +CONFIG_ARCH_HAS_MEM_ENCRYPT=y +CONFIG_HAVE_STATIC_CALL=y +CONFIG_HAVE_STATIC_CALL_INLINE=y +CONFIG_HAVE_PREEMPT_DYNAMIC=y +CONFIG_HAVE_PREEMPT_DYNAMIC_CALL=y +CONFIG_ARCH_WANT_LD_ORPHAN_WARN=y +CONFIG_ARCH_SUPPORTS_DEBUG_PAGEALLOC=y +CONFIG_ARCH_SUPPORTS_PAGE_TABLE_CHECK=y +CONFIG_ARCH_HAS_ELFCORE_COMPAT=y +CONFIG_ARCH_HAS_PARANOID_L1D_FLUSH=y +CONFIG_DYNAMIC_SIGFRAME=y +CONFIG_ARCH_HAS_HW_PTE_YOUNG=y +CONFIG_ARCH_HAS_NONLEAF_PMD_YOUNG=y +CONFIG_ARCH_HAS_KERNEL_FPU_SUPPORT=y + +# +# GCOV-based kernel profiling +# +CONFIG_ARCH_HAS_GCOV_PROFILE_ALL=y +# end of GCOV-based kernel profiling + +CONFIG_HAVE_GCC_PLUGINS=y +# CONFIG_GCC_PLUGINS is not set +CONFIG_FUNCTION_ALIGNMENT_4B=y +CONFIG_FUNCTION_ALIGNMENT_16B=y +CONFIG_FUNCTION_ALIGNMENT=16 +CONFIG_CC_HAS_MIN_FUNCTION_ALIGNMENT=y +CONFIG_CC_HAS_SANE_FUNCTION_ALIGNMENT=y +# end of General architecture-dependent options + +CONFIG_RT_MUTEXES=y +CONFIG_MODULES=y +# CONFIG_MODULE_FORCE_LOAD is not set +CONFIG_MODULE_UNLOAD=y +# CONFIG_MODULE_FORCE_UNLOAD is not set +# CONFIG_MODULE_UNLOAD_TAINT_TRACKING is not set +# CONFIG_MODVERSIONS is not set +# CONFIG_MODULE_SRCVERSION_ALL is not set +# CONFIG_MODULE_SIG is not set +# CONFIG_MODULE_COMPRESS is not set +# CONFIG_MODULE_ALLOW_MISSING_NAMESPACE_IMPORTS is not set +CONFIG_MODPROBE_PATH="/sbin/modprobe" +# CONFIG_TRIM_UNUSED_KSYMS is not set +CONFIG_MODULES_TREE_LOOKUP=y +CONFIG_BLOCK=y +CONFIG_BLOCK_LEGACY_AUTOLOAD=y +CONFIG_BLK_DEV_BSG_COMMON=y +# CONFIG_BLK_DEV_BSGLIB is not set +# CONFIG_BLK_DEV_INTEGRITY is not set +CONFIG_BLK_DEV_WRITE_MOUNTED=y +# CONFIG_BLK_DEV_ZONED is not set +# CONFIG_BLK_WBT is not set +# CONFIG_BLK_INLINE_ENCRYPTION is not set + +# +# Partition Types +# +# CONFIG_PARTITION_ADVANCED is not set +CONFIG_MSDOS_PARTITION=y +CONFIG_EFI_PARTITION=y +# end of Partition Types + +CONFIG_BLK_MQ_PCI=y +CONFIG_BLK_MQ_VIRTIO=y +CONFIG_BLK_PM=y + +# +# IO Schedulers +# +CONFIG_MQ_IOSCHED_DEADLINE=y +CONFIG_MQ_IOSCHED_KYBER=y +# CONFIG_IOSCHED_BFQ is not set +# end of IO Schedulers + +CONFIG_ASN1=y +CONFIG_UNINLINE_SPIN_UNLOCK=y +CONFIG_ARCH_SUPPORTS_ATOMIC_RMW=y +CONFIG_MUTEX_SPIN_ON_OWNER=y +CONFIG_RWSEM_SPIN_ON_OWNER=y +CONFIG_LOCK_SPIN_ON_OWNER=y +CONFIG_ARCH_USE_QUEUED_SPINLOCKS=y +CONFIG_QUEUED_SPINLOCKS=y +CONFIG_ARCH_USE_QUEUED_RWLOCKS=y +CONFIG_QUEUED_RWLOCKS=y +CONFIG_ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE=y +CONFIG_ARCH_HAS_SYNC_CORE_BEFORE_USERMODE=y +CONFIG_ARCH_HAS_SYSCALL_WRAPPER=y +CONFIG_FREEZER=y + +# +# Executable file formats +# +CONFIG_BINFMT_ELF=y +CONFIG_ELFCORE=y +CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS=y +CONFIG_BINFMT_SCRIPT=y +# CONFIG_BINFMT_MISC is not set +CONFIG_COREDUMP=y +# end of Executable file formats + +# +# Memory Management options +# +CONFIG_SWAP=y +# CONFIG_ZSWAP is not set + +# +# Slab allocator options +# +CONFIG_SLUB=y +CONFIG_SLAB_MERGE_DEFAULT=y +# CONFIG_SLAB_FREELIST_RANDOM is not set +# CONFIG_SLAB_FREELIST_HARDENED is not set +# CONFIG_SLAB_BUCKETS is not set +# CONFIG_SLUB_STATS is not set +CONFIG_SLUB_CPU_PARTIAL=y +# CONFIG_RANDOM_KMALLOC_CACHES is not set +# end of Slab allocator options + +# CONFIG_SHUFFLE_PAGE_ALLOCATOR is not set +CONFIG_COMPAT_BRK=y +CONFIG_SPARSEMEM=y +CONFIG_SPARSEMEM_EXTREME=y +CONFIG_SPARSEMEM_VMEMMAP_ENABLE=y +CONFIG_SPARSEMEM_VMEMMAP=y +CONFIG_ARCH_WANT_OPTIMIZE_DAX_VMEMMAP=y +CONFIG_ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP=y +CONFIG_HAVE_GUP_FAST=y +CONFIG_EXCLUSIVE_SYSTEM_RAM=y +CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y +# CONFIG_MEMORY_HOTPLUG is not set +CONFIG_ARCH_MHP_MEMMAP_ON_MEMORY_ENABLE=y +CONFIG_SPLIT_PTE_PTLOCKS=y +CONFIG_ARCH_ENABLE_SPLIT_PMD_PTLOCK=y +CONFIG_SPLIT_PMD_PTLOCKS=y +CONFIG_MEMORY_BALLOON=y +CONFIG_BALLOON_COMPACTION=y +CONFIG_COMPACTION=y +CONFIG_COMPACT_UNEVICTABLE_DEFAULT=1 +CONFIG_PAGE_REPORTING=y +CONFIG_MIGRATION=y +CONFIG_PCP_BATCH_SCALE_MAX=5 +CONFIG_PHYS_ADDR_T_64BIT=y +# CONFIG_KSM is not set +CONFIG_DEFAULT_MMAP_MIN_ADDR=4096 +CONFIG_ARCH_SUPPORTS_MEMORY_FAILURE=y +# CONFIG_MEMORY_FAILURE is not set +CONFIG_ARCH_WANT_GENERAL_HUGETLB=y +CONFIG_ARCH_WANTS_THP_SWAP=y +# CONFIG_TRANSPARENT_HUGEPAGE is not set +CONFIG_NEED_PER_CPU_EMBED_FIRST_CHUNK=y +CONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK=y +CONFIG_HAVE_SETUP_PER_CPU_AREA=y +# CONFIG_CMA is not set +CONFIG_GENERIC_EARLY_IOREMAP=y +# CONFIG_DEFERRED_STRUCT_PAGE_INIT is not set +# CONFIG_IDLE_PAGE_TRACKING is not set +CONFIG_ARCH_HAS_CACHE_LINE_SIZE=y +CONFIG_ARCH_HAS_CURRENT_STACK_POINTER=y +CONFIG_ARCH_HAS_PTE_DEVMAP=y +CONFIG_ZONE_DMA=y +CONFIG_ZONE_DMA32=y +CONFIG_ARCH_USES_HIGH_VMA_FLAGS=y +CONFIG_ARCH_HAS_PKEYS=y +CONFIG_ARCH_USES_PG_ARCH_2=y +CONFIG_VM_EVENT_COUNTERS=y +# CONFIG_PERCPU_STATS is not set + +# +# GUP_TEST needs to have DEBUG_FS enabled +# +# CONFIG_DMAPOOL_TEST is not set +CONFIG_ARCH_HAS_PTE_SPECIAL=y +CONFIG_MEMFD_CREATE=y +CONFIG_SECRETMEM=y +# CONFIG_ANON_VMA_NAME is not set +# CONFIG_USERFAULTFD is not set +# CONFIG_LRU_GEN is not set +CONFIG_ARCH_SUPPORTS_PER_VMA_LOCK=y +CONFIG_PER_VMA_LOCK=y +CONFIG_LOCK_MM_AND_FIND_VMA=y +CONFIG_EXECMEM=y + +# +# Data Access Monitoring +# +# CONFIG_DAMON is not set +# end of Data Access Monitoring +# end of Memory Management options + +CONFIG_NET=y + +# +# Networking options +# +CONFIG_PACKET=y +# CONFIG_PACKET_DIAG is not set +CONFIG_UNIX=y +CONFIG_AF_UNIX_OOB=y +# CONFIG_UNIX_DIAG is not set +# CONFIG_TLS is not set +# CONFIG_XFRM_USER is not set +# CONFIG_NET_KEY is not set +CONFIG_INET=y +# CONFIG_IP_MULTICAST is not set +# CONFIG_IP_ADVANCED_ROUTER is not set +# CONFIG_IP_PNP is not set +# CONFIG_NET_IPIP is not set +# CONFIG_NET_IPGRE_DEMUX is not set +CONFIG_NET_IP_TUNNEL=y +# CONFIG_SYN_COOKIES is not set +# CONFIG_NET_IPVTI is not set +# CONFIG_NET_FOU is not set +# CONFIG_NET_FOU_IP_TUNNELS is not set +# CONFIG_INET_AH is not set +# CONFIG_INET_ESP is not set +# CONFIG_INET_IPCOMP is not set +CONFIG_INET_TABLE_PERTURB_ORDER=16 +CONFIG_INET_TUNNEL=y +CONFIG_INET_DIAG=y +CONFIG_INET_TCP_DIAG=y +# CONFIG_INET_UDP_DIAG is not set +# CONFIG_INET_RAW_DIAG is not set +# CONFIG_INET_DIAG_DESTROY is not set +# CONFIG_TCP_CONG_ADVANCED is not set +CONFIG_TCP_CONG_CUBIC=y +CONFIG_DEFAULT_TCP_CONG="cubic" +# CONFIG_TCP_AO is not set +# CONFIG_TCP_MD5SIG is not set +CONFIG_IPV6=y +# CONFIG_IPV6_ROUTER_PREF is not set +# CONFIG_IPV6_OPTIMISTIC_DAD is not set +# CONFIG_INET6_AH is not set +# CONFIG_INET6_ESP is not set +# CONFIG_INET6_IPCOMP is not set +# CONFIG_IPV6_MIP6 is not set +# CONFIG_IPV6_VTI is not set +CONFIG_IPV6_SIT=y +# CONFIG_IPV6_SIT_6RD is not set +CONFIG_IPV6_NDISC_NODETYPE=y +# CONFIG_IPV6_TUNNEL is not set +# CONFIG_IPV6_MULTIPLE_TABLES is not set +# CONFIG_IPV6_MROUTE is not set +# CONFIG_IPV6_SEG6_LWTUNNEL is not set +# CONFIG_IPV6_SEG6_HMAC is not set +# CONFIG_IPV6_RPL_LWTUNNEL is not set +# CONFIG_IPV6_IOAM6_LWTUNNEL is not set +# CONFIG_MPTCP is not set +# CONFIG_NETWORK_SECMARK is not set +CONFIG_NET_PTP_CLASSIFY=y +# CONFIG_NETWORK_PHY_TIMESTAMPING is not set +# CONFIG_NETFILTER is not set +# CONFIG_IP_DCCP is not set +# CONFIG_IP_SCTP is not set +# CONFIG_RDS is not set +# CONFIG_TIPC is not set +# CONFIG_ATM is not set +# CONFIG_L2TP is not set +# CONFIG_BRIDGE is not set +# CONFIG_NET_DSA is not set +# CONFIG_VLAN_8021Q is not set +# CONFIG_LLC2 is not set +# CONFIG_ATALK is not set +# CONFIG_X25 is not set +# CONFIG_LAPB is not set +# CONFIG_PHONET is not set +# CONFIG_6LOWPAN is not set +# CONFIG_IEEE802154 is not set +# CONFIG_NET_SCHED is not set +# CONFIG_DCB is not set +# CONFIG_BATMAN_ADV is not set +# CONFIG_OPENVSWITCH is not set +# CONFIG_VSOCKETS is not set +# CONFIG_NETLINK_DIAG is not set +# CONFIG_MPLS is not set +# CONFIG_NET_NSH is not set +# CONFIG_HSR is not set +# CONFIG_NET_SWITCHDEV is not set +# CONFIG_NET_L3_MASTER_DEV is not set +# CONFIG_QRTR is not set +# CONFIG_NET_NCSI is not set +CONFIG_PCPU_DEV_REFCNT=y +CONFIG_MAX_SKB_FRAGS=17 +CONFIG_RPS=y +CONFIG_RFS_ACCEL=y +CONFIG_SOCK_RX_QUEUE_MAPPING=y +CONFIG_XPS=y +# CONFIG_CGROUP_NET_PRIO is not set +# CONFIG_CGROUP_NET_CLASSID is not set +CONFIG_NET_RX_BUSY_POLL=y +CONFIG_BQL=y +CONFIG_NET_FLOW_LIMIT=y + +# +# Network testing +# +# CONFIG_NET_PKTGEN is not set +# end of Network testing +# end of Networking options + +# CONFIG_HAMRADIO is not set +# CONFIG_CAN is not set +# CONFIG_BT is not set +# CONFIG_AF_RXRPC is not set +# CONFIG_AF_KCM is not set +# CONFIG_MCTP is not set +# CONFIG_WIRELESS is not set +# CONFIG_RFKILL is not set +# CONFIG_NET_9P is not set +# CONFIG_CAIF is not set +# CONFIG_CEPH_LIB is not set +# CONFIG_NFC is not set +# CONFIG_PSAMPLE is not set +# CONFIG_NET_IFE is not set +# CONFIG_LWTUNNEL is not set +CONFIG_DST_CACHE=y +CONFIG_GRO_CELLS=y +CONFIG_FAILOVER=y +CONFIG_ETHTOOL_NETLINK=y + +# +# Device Drivers +# +CONFIG_HAVE_PCI=y +CONFIG_GENERIC_PCI_IOMAP=y +CONFIG_PCI=y +CONFIG_PCI_DOMAINS=y +# CONFIG_PCIEPORTBUS is not set +CONFIG_PCIEASPM=y +CONFIG_PCIEASPM_DEFAULT=y +# CONFIG_PCIEASPM_POWERSAVE is not set +# CONFIG_PCIEASPM_POWER_SUPERSAVE is not set +# CONFIG_PCIEASPM_PERFORMANCE is not set +# CONFIG_PCIE_PTM is not set +# CONFIG_PCI_MSI is not set +CONFIG_PCI_QUIRKS=y +# CONFIG_PCI_STUB is not set +CONFIG_PCI_LOCKLESS_CONFIG=y +# CONFIG_PCI_IOV is not set +# CONFIG_PCI_PRI is not set +# CONFIG_PCI_PASID is not set +CONFIG_PCI_LABEL=y +CONFIG_VGA_ARB=y +CONFIG_VGA_ARB_MAX_GPUS=16 +# CONFIG_HOTPLUG_PCI is not set + +# +# PCI controller drivers +# + +# +# Cadence-based PCIe controllers +# +# end of Cadence-based PCIe controllers + +# +# DesignWare-based PCIe controllers +# +# end of DesignWare-based PCIe controllers + +# +# Mobiveil-based PCIe controllers +# +# end of Mobiveil-based PCIe controllers + +# +# PLDA-based PCIe controllers +# +# end of PLDA-based PCIe controllers +# end of PCI controller drivers + +# +# PCI Endpoint +# +# CONFIG_PCI_ENDPOINT is not set +# end of PCI Endpoint + +# +# PCI switch controller drivers +# +# CONFIG_PCI_SW_SWITCHTEC is not set +# end of PCI switch controller drivers + +# CONFIG_CXL_BUS is not set +# CONFIG_PCCARD is not set +# CONFIG_RAPIDIO is not set + +# +# Generic Driver Options +# +# CONFIG_UEVENT_HELPER is not set +CONFIG_DEVTMPFS=y +CONFIG_DEVTMPFS_MOUNT=y +# CONFIG_DEVTMPFS_SAFE is not set +CONFIG_STANDALONE=y +CONFIG_PREVENT_FIRMWARE_BUILD=y + +# +# Firmware loader +# +CONFIG_FW_LOADER=y +CONFIG_EXTRA_FIRMWARE="" +# CONFIG_FW_LOADER_USER_HELPER is not set +# CONFIG_FW_LOADER_COMPRESS is not set +CONFIG_FW_CACHE=y +# CONFIG_FW_UPLOAD is not set +# end of Firmware loader + +CONFIG_ALLOW_DEV_COREDUMP=y +# CONFIG_TEST_ASYNC_DRIVER_PROBE is not set +CONFIG_GENERIC_CPU_DEVICES=y +CONFIG_GENERIC_CPU_AUTOPROBE=y +CONFIG_GENERIC_CPU_VULNERABILITIES=y +CONFIG_REGMAP=y +CONFIG_DMA_SHARED_BUFFER=y +# CONFIG_DMA_FENCE_TRACE is not set +# CONFIG_FW_DEVLINK_SYNC_STATE_TIMEOUT is not set +# end of Generic Driver Options + +# +# Bus devices +# +# CONFIG_MHI_BUS is not set +# CONFIG_MHI_BUS_EP is not set +# end of Bus devices + +# +# Cache Drivers +# +# end of Cache Drivers + +# CONFIG_CONNECTOR is not set + +# +# Firmware Drivers +# + +# +# ARM System Control and Management Interface Protocol +# +# end of ARM System Control and Management Interface Protocol + +# CONFIG_EDD is not set +CONFIG_FIRMWARE_MEMMAP=y +CONFIG_DMIID=y +# CONFIG_DMI_SYSFS is not set +CONFIG_DMI_SCAN_MACHINE_NON_EFI_FALLBACK=y +# CONFIG_ISCSI_IBFT is not set +# CONFIG_FW_CFG_SYSFS is not set +# CONFIG_SYSFB_SIMPLEFB is not set +# CONFIG_GOOGLE_FIRMWARE is not set + +# +# Qualcomm firmware drivers +# +# end of Qualcomm firmware drivers + +# +# Tegra firmware driver +# +# end of Tegra firmware driver +# end of Firmware Drivers + +# CONFIG_GNSS is not set +# CONFIG_MTD is not set +# CONFIG_OF is not set +CONFIG_ARCH_MIGHT_HAVE_PC_PARPORT=y +# CONFIG_PARPORT is not set +CONFIG_PNP=y +CONFIG_PNP_DEBUG_MESSAGES=y + +# +# Protocols +# +CONFIG_PNPACPI=y +CONFIG_BLK_DEV=y +# CONFIG_BLK_DEV_NULL_BLK is not set +# CONFIG_BLK_DEV_FD is not set +# CONFIG_BLK_DEV_PCIESSD_MTIP32XX is not set +# CONFIG_ZRAM is not set +# CONFIG_BLK_DEV_LOOP is not set +# CONFIG_BLK_DEV_DRBD is not set +# CONFIG_BLK_DEV_NBD is not set +# CONFIG_BLK_DEV_RAM is not set +# CONFIG_CDROM_PKTCDVD is not set +# CONFIG_ATA_OVER_ETH is not set +CONFIG_VIRTIO_BLK=y +# CONFIG_BLK_DEV_RBD is not set +# CONFIG_BLK_DEV_UBLK is not set + +# +# NVME Support +# +# CONFIG_BLK_DEV_NVME is not set +# CONFIG_NVME_FC is not set +# CONFIG_NVME_TCP is not set +# end of NVME Support + +# +# Misc devices +# +# CONFIG_AD525X_DPOT is not set +# CONFIG_DUMMY_IRQ is not set +# CONFIG_IBM_ASM is not set +# CONFIG_PHANTOM is not set +# CONFIG_TIFM_CORE is not set +# CONFIG_ICS932S401 is not set +# CONFIG_ENCLOSURE_SERVICES is not set +# CONFIG_HP_ILO is not set +# CONFIG_APDS9802ALS is not set +# CONFIG_ISL29003 is not set +# CONFIG_ISL29020 is not set +# CONFIG_SENSORS_TSL2550 is not set +# CONFIG_SENSORS_BH1770 is not set +# CONFIG_SENSORS_APDS990X is not set +# CONFIG_HMC6352 is not set +# CONFIG_DS1682 is not set +# CONFIG_SRAM is not set +# CONFIG_DW_XDATA_PCIE is not set +# CONFIG_PCI_ENDPOINT_TEST is not set +# CONFIG_XILINX_SDFEC is not set +# CONFIG_NSM is not set +# CONFIG_C2PORT is not set + +# +# EEPROM support +# +# CONFIG_EEPROM_AT24 is not set +# CONFIG_EEPROM_MAX6875 is not set +# CONFIG_EEPROM_93CX6 is not set +# CONFIG_EEPROM_IDT_89HPESX is not set +# CONFIG_EEPROM_EE1004 is not set +# end of EEPROM support + +# CONFIG_CB710_CORE is not set + +# +# Texas Instruments shared transport line discipline +# +# end of Texas Instruments shared transport line discipline + +# CONFIG_SENSORS_LIS3_I2C is not set +# CONFIG_ALTERA_STAPL is not set +CONFIG_INTEL_MEI=y +CONFIG_INTEL_MEI_ME=y +# CONFIG_INTEL_MEI_TXE is not set +# CONFIG_VMWARE_VMCI is not set +# CONFIG_GENWQE is not set +# CONFIG_ECHO is not set +# CONFIG_MISC_ALCOR_PCI is not set +# CONFIG_MISC_RTSX_PCI is not set +# CONFIG_MISC_RTSX_USB is not set +# CONFIG_UACCE is not set +# CONFIG_PVPANIC is not set +# CONFIG_KEBA_CP500 is not set +# end of Misc devices + +# +# SCSI device support +# +CONFIG_SCSI_MOD=y +# CONFIG_RAID_ATTRS is not set +CONFIG_SCSI_COMMON=y +CONFIG_SCSI=y +CONFIG_SCSI_DMA=y +CONFIG_SCSI_PROC_FS=y + +# +# SCSI support type (disk, tape, CD-ROM) +# +CONFIG_BLK_DEV_SD=y +# CONFIG_CHR_DEV_ST is not set +# CONFIG_BLK_DEV_SR is not set +# CONFIG_CHR_DEV_SG is not set +CONFIG_BLK_DEV_BSG=y +# CONFIG_CHR_DEV_SCH is not set +# CONFIG_SCSI_CONSTANTS is not set +# CONFIG_SCSI_LOGGING is not set +# CONFIG_SCSI_SCAN_ASYNC is not set + +# +# SCSI Transports +# +# CONFIG_SCSI_SPI_ATTRS is not set +# CONFIG_SCSI_FC_ATTRS is not set +# CONFIG_SCSI_ISCSI_ATTRS is not set +# CONFIG_SCSI_SAS_ATTRS is not set +# CONFIG_SCSI_SAS_LIBSAS is not set +# CONFIG_SCSI_SRP_ATTRS is not set +# end of SCSI Transports + +CONFIG_SCSI_LOWLEVEL=y +# CONFIG_ISCSI_TCP is not set +# CONFIG_ISCSI_BOOT_SYSFS is not set +# CONFIG_SCSI_CXGB3_ISCSI is not set +# CONFIG_SCSI_CXGB4_ISCSI is not set +# CONFIG_SCSI_BNX2_ISCSI is not set +# CONFIG_BE2ISCSI is not set +# CONFIG_BLK_DEV_3W_XXXX_RAID is not set +# CONFIG_SCSI_HPSA is not set +# CONFIG_SCSI_3W_9XXX is not set +# CONFIG_SCSI_3W_SAS is not set +# CONFIG_SCSI_ACARD is not set +# CONFIG_SCSI_AACRAID is not set +# CONFIG_SCSI_AIC7XXX is not set +# CONFIG_SCSI_AIC79XX is not set +# CONFIG_SCSI_AIC94XX is not set +# CONFIG_SCSI_MVSAS is not set +# CONFIG_SCSI_MVUMI is not set +# CONFIG_SCSI_ADVANSYS is not set +# CONFIG_SCSI_ARCMSR is not set +# CONFIG_SCSI_ESAS2R is not set +# CONFIG_MEGARAID_NEWGEN is not set +# CONFIG_MEGARAID_LEGACY is not set +# CONFIG_MEGARAID_SAS is not set +# CONFIG_SCSI_MPT3SAS is not set +# CONFIG_SCSI_MPT2SAS is not set +# CONFIG_SCSI_MPI3MR is not set +# CONFIG_SCSI_SMARTPQI is not set +# CONFIG_SCSI_HPTIOP is not set +# CONFIG_SCSI_BUSLOGIC is not set +# CONFIG_SCSI_MYRB is not set +# CONFIG_SCSI_MYRS is not set +# CONFIG_VMWARE_PVSCSI is not set +# CONFIG_SCSI_SNIC is not set +# CONFIG_SCSI_DMX3191D is not set +# CONFIG_SCSI_FDOMAIN_PCI is not set +# CONFIG_SCSI_ISCI is not set +# CONFIG_SCSI_IPS is not set +# CONFIG_SCSI_INITIO is not set +# CONFIG_SCSI_INIA100 is not set +# CONFIG_SCSI_STEX is not set +# CONFIG_SCSI_SYM53C8XX_2 is not set +# CONFIG_SCSI_IPR is not set +# CONFIG_SCSI_QLOGIC_1280 is not set +# CONFIG_SCSI_QLA_ISCSI is not set +# CONFIG_SCSI_DC395x is not set +# CONFIG_SCSI_AM53C974 is not set +# CONFIG_SCSI_WD719X is not set +# CONFIG_SCSI_DEBUG is not set +# CONFIG_SCSI_PMCRAID is not set +# CONFIG_SCSI_PM8001 is not set +CONFIG_SCSI_VIRTIO=y +# CONFIG_SCSI_DH is not set +# end of SCSI device support + +CONFIG_ATA=y +CONFIG_SATA_HOST=y +CONFIG_PATA_TIMINGS=y +CONFIG_ATA_VERBOSE_ERROR=y +CONFIG_ATA_FORCE=y +CONFIG_ATA_ACPI=y +# CONFIG_SATA_ZPODD is not set +CONFIG_SATA_PMP=y + +# +# Controllers with non-SFF native interface +# +# CONFIG_SATA_AHCI is not set +# CONFIG_SATA_AHCI_PLATFORM is not set +# CONFIG_AHCI_DWC is not set +# CONFIG_SATA_INIC162X is not set +# CONFIG_SATA_ACARD_AHCI is not set +# CONFIG_SATA_SIL24 is not set +CONFIG_ATA_SFF=y + +# +# SFF controllers with custom DMA interface +# +# CONFIG_PDC_ADMA is not set +# CONFIG_SATA_QSTOR is not set +# CONFIG_SATA_SX4 is not set +CONFIG_ATA_BMDMA=y + +# +# SATA SFF controllers with BMDMA +# +CONFIG_ATA_PIIX=y +# CONFIG_SATA_MV is not set +# CONFIG_SATA_NV is not set +# CONFIG_SATA_PROMISE is not set +# CONFIG_SATA_SIL is not set +# CONFIG_SATA_SIS is not set +# CONFIG_SATA_SVW is not set +# CONFIG_SATA_ULI is not set +# CONFIG_SATA_VIA is not set +# CONFIG_SATA_VITESSE is not set + +# +# PATA SFF controllers with BMDMA +# +# CONFIG_PATA_ALI is not set +# CONFIG_PATA_AMD is not set +# CONFIG_PATA_ARTOP is not set +# CONFIG_PATA_ATIIXP is not set +# CONFIG_PATA_ATP867X is not set +# CONFIG_PATA_CMD64X is not set +# CONFIG_PATA_CYPRESS is not set +# CONFIG_PATA_EFAR is not set +# CONFIG_PATA_HPT366 is not set +# CONFIG_PATA_HPT37X is not set +# CONFIG_PATA_HPT3X2N is not set +# CONFIG_PATA_HPT3X3 is not set +# CONFIG_PATA_IT8213 is not set +# CONFIG_PATA_IT821X is not set +# CONFIG_PATA_JMICRON is not set +# CONFIG_PATA_MARVELL is not set +# CONFIG_PATA_NETCELL is not set +# CONFIG_PATA_NINJA32 is not set +# CONFIG_PATA_NS87415 is not set +# CONFIG_PATA_OLDPIIX is not set +# CONFIG_PATA_OPTIDMA is not set +# CONFIG_PATA_PDC2027X is not set +# CONFIG_PATA_PDC_OLD is not set +# CONFIG_PATA_RADISYS is not set +# CONFIG_PATA_RDC is not set +# CONFIG_PATA_SCH is not set +# CONFIG_PATA_SERVERWORKS is not set +# CONFIG_PATA_SIL680 is not set +# CONFIG_PATA_SIS is not set +# CONFIG_PATA_TOSHIBA is not set +# CONFIG_PATA_TRIFLEX is not set +# CONFIG_PATA_VIA is not set +# CONFIG_PATA_WINBOND is not set + +# +# PIO-only SFF controllers +# +# CONFIG_PATA_CMD640_PCI is not set +# CONFIG_PATA_MPIIX is not set +# CONFIG_PATA_NS87410 is not set +# CONFIG_PATA_OPTI is not set +# CONFIG_PATA_RZ1000 is not set + +# +# Generic fallback / legacy drivers +# +# CONFIG_PATA_ACPI is not set +# CONFIG_ATA_GENERIC is not set +# CONFIG_PATA_LEGACY is not set +# CONFIG_MD is not set +# CONFIG_TARGET_CORE is not set +# CONFIG_FUSION is not set + +# +# IEEE 1394 (FireWire) support +# +# CONFIG_FIREWIRE is not set +# CONFIG_FIREWIRE_NOSY is not set +# end of IEEE 1394 (FireWire) support + +# CONFIG_MACINTOSH_DRIVERS is not set +CONFIG_NETDEVICES=y +CONFIG_MII=y +CONFIG_NET_CORE=y +# CONFIG_BONDING is not set +# CONFIG_DUMMY is not set +# CONFIG_WIREGUARD is not set +# CONFIG_EQUALIZER is not set +# CONFIG_NET_FC is not set +# CONFIG_NET_TEAM is not set +# CONFIG_MACVLAN is not set +# CONFIG_IPVLAN is not set +# CONFIG_VXLAN is not set +# CONFIG_GENEVE is not set +# CONFIG_BAREUDP is not set +# CONFIG_GTP is not set +# CONFIG_PFCP is not set +# CONFIG_MACSEC is not set +# CONFIG_NETCONSOLE is not set +# CONFIG_TUN is not set +# CONFIG_TUN_VNET_CROSS_LE is not set +# CONFIG_VETH is not set +CONFIG_VIRTIO_NET=y +# CONFIG_NLMON is not set +# CONFIG_ARCNET is not set +CONFIG_ETHERNET=y +CONFIG_NET_VENDOR_3COM=y +# CONFIG_VORTEX is not set +# CONFIG_TYPHOON is not set +CONFIG_NET_VENDOR_ADAPTEC=y +# CONFIG_ADAPTEC_STARFIRE is not set +CONFIG_NET_VENDOR_AGERE=y +# CONFIG_ET131X is not set +CONFIG_NET_VENDOR_ALACRITECH=y +# CONFIG_SLICOSS is not set +CONFIG_NET_VENDOR_ALTEON=y +# CONFIG_ACENIC is not set +# CONFIG_ALTERA_TSE is not set +CONFIG_NET_VENDOR_AMAZON=y +CONFIG_NET_VENDOR_AMD=y +# CONFIG_AMD8111_ETH is not set +# CONFIG_PCNET32 is not set +# CONFIG_AMD_XGBE is not set +# CONFIG_PDS_CORE is not set +CONFIG_NET_VENDOR_AQUANTIA=y +# CONFIG_AQTION is not set +CONFIG_NET_VENDOR_ARC=y +CONFIG_NET_VENDOR_ASIX=y +CONFIG_NET_VENDOR_ATHEROS=y +# CONFIG_ATL2 is not set +# CONFIG_ATL1 is not set +# CONFIG_ATL1E is not set +# CONFIG_ATL1C is not set +# CONFIG_ALX is not set +# CONFIG_CX_ECAT is not set +CONFIG_NET_VENDOR_BROADCOM=y +# CONFIG_B44 is not set +# CONFIG_BCMGENET is not set +# CONFIG_BNX2 is not set +# CONFIG_CNIC is not set +# CONFIG_TIGON3 is not set +# CONFIG_BNX2X is not set +# CONFIG_SYSTEMPORT is not set +# CONFIG_BNXT is not set +CONFIG_NET_VENDOR_CADENCE=y +CONFIG_NET_VENDOR_CAVIUM=y +# CONFIG_THUNDER_NIC_PF is not set +# CONFIG_THUNDER_NIC_VF is not set +# CONFIG_THUNDER_NIC_BGX is not set +# CONFIG_THUNDER_NIC_RGX is not set +# CONFIG_CAVIUM_PTP is not set +# CONFIG_LIQUIDIO is not set +CONFIG_NET_VENDOR_CHELSIO=y +# CONFIG_CHELSIO_T1 is not set +# CONFIG_CHELSIO_T3 is not set +# CONFIG_CHELSIO_T4 is not set +# CONFIG_CHELSIO_T4VF is not set +CONFIG_NET_VENDOR_CISCO=y +# CONFIG_ENIC is not set +CONFIG_NET_VENDOR_CORTINA=y +CONFIG_NET_VENDOR_DAVICOM=y +# CONFIG_DNET is not set +CONFIG_NET_VENDOR_DEC=y +# CONFIG_NET_TULIP is not set +CONFIG_NET_VENDOR_DLINK=y +# CONFIG_DL2K is not set +# CONFIG_SUNDANCE is not set +CONFIG_NET_VENDOR_EMULEX=y +# CONFIG_BE2NET is not set +CONFIG_NET_VENDOR_ENGLEDER=y +# CONFIG_TSNEP is not set +CONFIG_NET_VENDOR_EZCHIP=y +CONFIG_NET_VENDOR_FUNGIBLE=y +CONFIG_NET_VENDOR_GOOGLE=y +CONFIG_NET_VENDOR_HUAWEI=y +CONFIG_NET_VENDOR_I825XX=y +CONFIG_NET_VENDOR_INTEL=y +# CONFIG_E100 is not set +# CONFIG_E1000 is not set +# CONFIG_E1000E is not set +# CONFIG_IGB is not set +# CONFIG_IGBVF is not set +# CONFIG_IXGBE is not set +# CONFIG_I40E is not set +# CONFIG_IGC is not set +# CONFIG_JME is not set +CONFIG_NET_VENDOR_LITEX=y +CONFIG_NET_VENDOR_MARVELL=y +# CONFIG_MVMDIO is not set +# CONFIG_SKGE is not set +# CONFIG_SKY2 is not set +# CONFIG_OCTEON_EP is not set +# CONFIG_OCTEON_EP_VF is not set +CONFIG_NET_VENDOR_MELLANOX=y +# CONFIG_MLX4_EN is not set +# CONFIG_MLX5_CORE is not set +# CONFIG_MLXSW_CORE is not set +# CONFIG_MLXFW is not set +CONFIG_NET_VENDOR_META=y +CONFIG_NET_VENDOR_MICREL=y +# CONFIG_KS8851_MLL is not set +# CONFIG_KSZ884X_PCI is not set +CONFIG_NET_VENDOR_MICROCHIP=y +# CONFIG_LAN743X is not set +# CONFIG_VCAP is not set +CONFIG_NET_VENDOR_MICROSEMI=y +CONFIG_NET_VENDOR_MICROSOFT=y +CONFIG_NET_VENDOR_MYRI=y +# CONFIG_MYRI10GE is not set +# CONFIG_FEALNX is not set +CONFIG_NET_VENDOR_NI=y +# CONFIG_NI_XGE_MANAGEMENT_ENET is not set +CONFIG_NET_VENDOR_NATSEMI=y +# CONFIG_NATSEMI is not set +# CONFIG_NS83820 is not set +CONFIG_NET_VENDOR_NETERION=y +# CONFIG_S2IO is not set +CONFIG_NET_VENDOR_NETRONOME=y +CONFIG_NET_VENDOR_8390=y +CONFIG_NE2K_PCI=y +CONFIG_NET_VENDOR_NVIDIA=y +# CONFIG_FORCEDETH is not set +CONFIG_NET_VENDOR_OKI=y +# CONFIG_ETHOC is not set +CONFIG_NET_VENDOR_PACKET_ENGINES=y +# CONFIG_HAMACHI is not set +# CONFIG_YELLOWFIN is not set +CONFIG_NET_VENDOR_PENSANDO=y +# CONFIG_IONIC is not set +CONFIG_NET_VENDOR_QLOGIC=y +# CONFIG_QLA3XXX is not set +# CONFIG_QLCNIC is not set +# CONFIG_NETXEN_NIC is not set +# CONFIG_QED is not set +CONFIG_NET_VENDOR_BROCADE=y +# CONFIG_BNA is not set +CONFIG_NET_VENDOR_QUALCOMM=y +# CONFIG_QCOM_EMAC is not set +# CONFIG_RMNET is not set +CONFIG_NET_VENDOR_RDC=y +# CONFIG_R6040 is not set +CONFIG_NET_VENDOR_REALTEK=y +CONFIG_8139CP=y +# CONFIG_8139TOO is not set +# CONFIG_R8169 is not set +# CONFIG_RTASE is not set +CONFIG_NET_VENDOR_RENESAS=y +CONFIG_NET_VENDOR_ROCKER=y +CONFIG_NET_VENDOR_SAMSUNG=y +# CONFIG_SXGBE_ETH is not set +CONFIG_NET_VENDOR_SEEQ=y +CONFIG_NET_VENDOR_SILAN=y +# CONFIG_SC92031 is not set +CONFIG_NET_VENDOR_SIS=y +# CONFIG_SIS900 is not set +# CONFIG_SIS190 is not set +CONFIG_NET_VENDOR_SOLARFLARE=y +# CONFIG_SFC is not set +# CONFIG_SFC_FALCON is not set +# CONFIG_SFC_SIENA is not set +CONFIG_NET_VENDOR_SMSC=y +# CONFIG_EPIC100 is not set +# CONFIG_SMSC911X is not set +# CONFIG_SMSC9420 is not set +CONFIG_NET_VENDOR_SOCIONEXT=y +CONFIG_NET_VENDOR_STMICRO=y +# CONFIG_STMMAC_ETH is not set +CONFIG_NET_VENDOR_SUN=y +# CONFIG_HAPPYMEAL is not set +# CONFIG_SUNGEM is not set +# CONFIG_CASSINI is not set +# CONFIG_NIU is not set +CONFIG_NET_VENDOR_SYNOPSYS=y +# CONFIG_DWC_XLGMAC is not set +CONFIG_NET_VENDOR_TEHUTI=y +# CONFIG_TEHUTI is not set +# CONFIG_TEHUTI_TN40 is not set +CONFIG_NET_VENDOR_TI=y +# CONFIG_TI_CPSW_PHY_SEL is not set +# CONFIG_TLAN is not set +CONFIG_NET_VENDOR_VERTEXCOM=y +CONFIG_NET_VENDOR_VIA=y +# CONFIG_VIA_RHINE is not set +# CONFIG_VIA_VELOCITY is not set +CONFIG_NET_VENDOR_WANGXUN=y +# CONFIG_NGBE is not set +CONFIG_NET_VENDOR_WIZNET=y +# CONFIG_WIZNET_W5100 is not set +# CONFIG_WIZNET_W5300 is not set +CONFIG_NET_VENDOR_XILINX=y +# CONFIG_XILINX_EMACLITE is not set +# CONFIG_XILINX_LL_TEMAC is not set +# CONFIG_FDDI is not set +# CONFIG_HIPPI is not set +# CONFIG_PHYLIB is not set +# CONFIG_MDIO_DEVICE is not set + +# +# PCS device drivers +# +# CONFIG_PCS_XPCS is not set +# end of PCS device drivers + +# CONFIG_PPP is not set +# CONFIG_SLIP is not set +CONFIG_USB_NET_DRIVERS=y +# CONFIG_USB_CATC is not set +# CONFIG_USB_KAWETH is not set +# CONFIG_USB_PEGASUS is not set +# CONFIG_USB_RTL8150 is not set +# CONFIG_USB_RTL8152 is not set +# CONFIG_USB_LAN78XX is not set +# CONFIG_USB_USBNET is not set +# CONFIG_USB_IPHETH is not set +# CONFIG_WLAN is not set +# CONFIG_WAN is not set + +# +# Wireless WAN +# +# CONFIG_WWAN is not set +# end of Wireless WAN + +# CONFIG_VMXNET3 is not set +# CONFIG_FUJITSU_ES is not set +CONFIG_NET_FAILOVER=y +# CONFIG_ISDN is not set + +# +# Input device support +# +CONFIG_INPUT=y +CONFIG_INPUT_FF_MEMLESS=y +# CONFIG_INPUT_SPARSEKMAP is not set +# CONFIG_INPUT_MATRIXKMAP is not set +CONFIG_INPUT_VIVALDIFMAP=y + +# +# Userland interfaces +# +# CONFIG_INPUT_MOUSEDEV is not set +# CONFIG_INPUT_JOYDEV is not set +CONFIG_INPUT_EVDEV=y +# CONFIG_INPUT_EVBUG is not set + +# +# Input Device Drivers +# +CONFIG_INPUT_KEYBOARD=y +# CONFIG_KEYBOARD_ADP5588 is not set +# CONFIG_KEYBOARD_ADP5589 is not set +CONFIG_KEYBOARD_ATKBD=y +# CONFIG_KEYBOARD_QT1050 is not set +# CONFIG_KEYBOARD_QT1070 is not set +# CONFIG_KEYBOARD_QT2160 is not set +# CONFIG_KEYBOARD_DLINK_DIR685 is not set +# CONFIG_KEYBOARD_LKKBD is not set +# CONFIG_KEYBOARD_TCA6416 is not set +# CONFIG_KEYBOARD_TCA8418 is not set +# CONFIG_KEYBOARD_LM8333 is not set +# CONFIG_KEYBOARD_MAX7359 is not set +# CONFIG_KEYBOARD_MPR121 is not set +# CONFIG_KEYBOARD_NEWTON is not set +# CONFIG_KEYBOARD_OPENCORES is not set +# CONFIG_KEYBOARD_STOWAWAY is not set +# CONFIG_KEYBOARD_SUNKBD is not set +# CONFIG_KEYBOARD_XTKBD is not set +# CONFIG_KEYBOARD_CYPRESS_SF is not set +CONFIG_INPUT_MOUSE=y +CONFIG_MOUSE_PS2=y +CONFIG_MOUSE_PS2_ALPS=y +CONFIG_MOUSE_PS2_BYD=y +CONFIG_MOUSE_PS2_LOGIPS2PP=y +CONFIG_MOUSE_PS2_SYNAPTICS=y +CONFIG_MOUSE_PS2_SYNAPTICS_SMBUS=y +CONFIG_MOUSE_PS2_CYPRESS=y +CONFIG_MOUSE_PS2_LIFEBOOK=y +CONFIG_MOUSE_PS2_TRACKPOINT=y +# CONFIG_MOUSE_PS2_ELANTECH is not set +# CONFIG_MOUSE_PS2_SENTELIC is not set +# CONFIG_MOUSE_PS2_TOUCHKIT is not set +CONFIG_MOUSE_PS2_FOCALTECH=y +# CONFIG_MOUSE_PS2_VMMOUSE is not set +CONFIG_MOUSE_PS2_SMBUS=y +# CONFIG_MOUSE_SERIAL is not set +# CONFIG_MOUSE_APPLETOUCH is not set +# CONFIG_MOUSE_BCM5974 is not set +# CONFIG_MOUSE_CYAPA is not set +# CONFIG_MOUSE_ELAN_I2C is not set +# CONFIG_MOUSE_VSXXXAA is not set +# CONFIG_MOUSE_SYNAPTICS_I2C is not set +# CONFIG_MOUSE_SYNAPTICS_USB is not set +# CONFIG_INPUT_JOYSTICK is not set +# CONFIG_INPUT_TABLET is not set +# CONFIG_INPUT_TOUCHSCREEN is not set +# CONFIG_INPUT_MISC is not set +# CONFIG_RMI4_CORE is not set + +# +# Hardware I/O ports +# +CONFIG_SERIO=y +CONFIG_ARCH_MIGHT_HAVE_PC_SERIO=y +CONFIG_SERIO_I8042=y +CONFIG_SERIO_SERPORT=y +# CONFIG_SERIO_CT82C710 is not set +# CONFIG_SERIO_PCIPS2 is not set +CONFIG_SERIO_LIBPS2=y +# CONFIG_SERIO_RAW is not set +# CONFIG_SERIO_ALTERA_PS2 is not set +# CONFIG_SERIO_PS2MULT is not set +# CONFIG_SERIO_ARC_PS2 is not set +# CONFIG_USERIO is not set +# CONFIG_GAMEPORT is not set +# end of Hardware I/O ports +# end of Input device support + +# +# Character devices +# +CONFIG_TTY=y +CONFIG_VT=y +CONFIG_CONSOLE_TRANSLATIONS=y +CONFIG_VT_CONSOLE=y +CONFIG_VT_CONSOLE_SLEEP=y +# CONFIG_VT_HW_CONSOLE_BINDING is not set +CONFIG_UNIX98_PTYS=y +CONFIG_LEGACY_PTYS=y +CONFIG_LEGACY_PTY_COUNT=256 +CONFIG_LEGACY_TIOCSTI=y +CONFIG_LDISC_AUTOLOAD=y + +# +# Serial drivers +# +CONFIG_SERIAL_EARLYCON=y +CONFIG_SERIAL_8250=y +CONFIG_SERIAL_8250_DEPRECATED_OPTIONS=y +CONFIG_SERIAL_8250_PNP=y +# CONFIG_SERIAL_8250_16550A_VARIANTS is not set +# CONFIG_SERIAL_8250_FINTEK is not set +CONFIG_SERIAL_8250_CONSOLE=y +CONFIG_SERIAL_8250_PCILIB=y +CONFIG_SERIAL_8250_PCI=y +CONFIG_SERIAL_8250_EXAR=y +CONFIG_SERIAL_8250_NR_UARTS=4 +CONFIG_SERIAL_8250_RUNTIME_UARTS=4 +# CONFIG_SERIAL_8250_EXTENDED is not set +# CONFIG_SERIAL_8250_PCI1XXXX is not set +CONFIG_SERIAL_8250_DWLIB=y +# CONFIG_SERIAL_8250_DW is not set +# CONFIG_SERIAL_8250_RT288X is not set +CONFIG_SERIAL_8250_LPSS=y +CONFIG_SERIAL_8250_MID=y +CONFIG_SERIAL_8250_PERICOM=y + +# +# Non-8250 serial port support +# +# CONFIG_SERIAL_UARTLITE is not set +CONFIG_SERIAL_CORE=y +CONFIG_SERIAL_CORE_CONSOLE=y +# CONFIG_SERIAL_JSM is not set +# CONFIG_SERIAL_LANTIQ is not set +# CONFIG_SERIAL_SCCNXP is not set +# CONFIG_SERIAL_SC16IS7XX is not set +# CONFIG_SERIAL_ALTERA_JTAGUART is not set +# CONFIG_SERIAL_ALTERA_UART is not set +# CONFIG_SERIAL_ARC is not set +# CONFIG_SERIAL_RP2 is not set +# CONFIG_SERIAL_FSL_LPUART is not set +# CONFIG_SERIAL_FSL_LINFLEXUART is not set +# end of Serial drivers + +# CONFIG_SERIAL_NONSTANDARD is not set +# CONFIG_N_GSM is not set +# CONFIG_NOZOMI is not set +# CONFIG_NULL_TTY is not set +CONFIG_HVC_DRIVER=y +# CONFIG_SERIAL_DEV_BUS is not set +CONFIG_VIRTIO_CONSOLE=y +# CONFIG_IPMI_HANDLER is not set +CONFIG_HW_RANDOM=m +# CONFIG_HW_RANDOM_TIMERIOMEM is not set +CONFIG_HW_RANDOM_INTEL=m +CONFIG_HW_RANDOM_AMD=m +# CONFIG_HW_RANDOM_BA431 is not set +CONFIG_HW_RANDOM_VIA=m +CONFIG_HW_RANDOM_VIRTIO=m +# CONFIG_HW_RANDOM_XIPHERA is not set +# CONFIG_APPLICOM is not set +# CONFIG_MWAVE is not set +CONFIG_DEVMEM=y +# CONFIG_NVRAM is not set +CONFIG_DEVPORT=y +# CONFIG_HPET is not set +# CONFIG_HANGCHECK_TIMER is not set +# CONFIG_TCG_TPM is not set +# CONFIG_TELCLOCK is not set +# CONFIG_XILLYBUS is not set +# CONFIG_XILLYUSB is not set +# end of Character devices + +# +# I2C support +# +CONFIG_I2C=y +CONFIG_ACPI_I2C_OPREGION=y +CONFIG_I2C_BOARDINFO=y +# CONFIG_I2C_CHARDEV is not set +# CONFIG_I2C_MUX is not set +CONFIG_I2C_HELPER_AUTO=y + +# +# I2C Hardware Bus support +# + +# +# PC SMBus host controller drivers +# +# CONFIG_I2C_ALI1535 is not set +# CONFIG_I2C_ALI1563 is not set +# CONFIG_I2C_ALI15X3 is not set +# CONFIG_I2C_AMD756 is not set +# CONFIG_I2C_AMD8111 is not set +# CONFIG_I2C_AMD_MP2 is not set +# CONFIG_I2C_I801 is not set +# CONFIG_I2C_ISCH is not set +# CONFIG_I2C_ISMT is not set +# CONFIG_I2C_PIIX4 is not set +# CONFIG_I2C_NFORCE2 is not set +# CONFIG_I2C_NVIDIA_GPU is not set +# CONFIG_I2C_SIS5595 is not set +# CONFIG_I2C_SIS630 is not set +# CONFIG_I2C_SIS96X is not set +# CONFIG_I2C_VIA is not set +# CONFIG_I2C_VIAPRO is not set +# CONFIG_I2C_ZHAOXIN is not set + +# +# ACPI drivers +# +# CONFIG_I2C_SCMI is not set + +# +# I2C system bus drivers (mostly embedded / system-on-chip) +# +# CONFIG_I2C_DESIGNWARE_CORE is not set +# CONFIG_I2C_OCORES is not set +# CONFIG_I2C_PCA_PLATFORM is not set +# CONFIG_I2C_SIMTEC is not set +# CONFIG_I2C_XILINX is not set + +# +# External I2C/SMBus adapter drivers +# +# CONFIG_I2C_DIOLAN_U2C is not set +# CONFIG_I2C_CP2615 is not set +# CONFIG_I2C_PCI1XXXX is not set +# CONFIG_I2C_ROBOTFUZZ_OSIF is not set +# CONFIG_I2C_TAOS_EVM is not set +# CONFIG_I2C_TINY_USB is not set + +# +# Other I2C/SMBus bus drivers +# +# CONFIG_I2C_MLXCPLD is not set +# CONFIG_I2C_VIRTIO is not set +# end of I2C Hardware Bus support + +# CONFIG_I2C_STUB is not set +# CONFIG_I2C_SLAVE is not set +# CONFIG_I2C_DEBUG_CORE is not set +# CONFIG_I2C_DEBUG_ALGO is not set +# CONFIG_I2C_DEBUG_BUS is not set +# end of I2C support + +# CONFIG_I3C is not set +# CONFIG_SPI is not set +# CONFIG_SPMI is not set +# CONFIG_HSI is not set +CONFIG_PPS=y +# CONFIG_PPS_DEBUG is not set +# CONFIG_NTP_PPS is not set + +# +# PPS clients support +# +# CONFIG_PPS_CLIENT_KTIMER is not set +# CONFIG_PPS_CLIENT_LDISC is not set +# CONFIG_PPS_CLIENT_GPIO is not set + +# +# PPS generators support +# + +# +# PTP clock support +# +CONFIG_PTP_1588_CLOCK=y +CONFIG_PTP_1588_CLOCK_OPTIONAL=y + +# +# Enable PHYLIB and NETWORK_PHY_TIMESTAMPING to see the additional clocks. +# +CONFIG_PTP_1588_CLOCK_KVM=y +# CONFIG_PTP_1588_CLOCK_IDT82P33 is not set +# CONFIG_PTP_1588_CLOCK_IDTCM is not set +# CONFIG_PTP_1588_CLOCK_FC3W is not set +# CONFIG_PTP_1588_CLOCK_MOCK is not set +# CONFIG_PTP_1588_CLOCK_VMW is not set +# end of PTP clock support + +# CONFIG_PINCTRL is not set +# CONFIG_GPIOLIB is not set +# CONFIG_W1 is not set +# CONFIG_POWER_RESET is not set +# CONFIG_POWER_SEQUENCING is not set +CONFIG_POWER_SUPPLY=y +# CONFIG_POWER_SUPPLY_DEBUG is not set +CONFIG_POWER_SUPPLY_HWMON=y +# CONFIG_IP5XXX_POWER is not set +# CONFIG_TEST_POWER is not set +# CONFIG_CHARGER_ADP5061 is not set +# CONFIG_BATTERY_CW2015 is not set +# CONFIG_BATTERY_DS2780 is not set +# CONFIG_BATTERY_DS2781 is not set +# CONFIG_BATTERY_DS2782 is not set +# CONFIG_BATTERY_SAMSUNG_SDI is not set +# CONFIG_BATTERY_SBS is not set +# CONFIG_CHARGER_SBS is not set +# CONFIG_BATTERY_BQ27XXX is not set +# CONFIG_BATTERY_MAX17042 is not set +# CONFIG_BATTERY_MAX1720X is not set +# CONFIG_CHARGER_MAX8903 is not set +# CONFIG_CHARGER_LP8727 is not set +# CONFIG_CHARGER_LTC4162L is not set +# CONFIG_CHARGER_MAX77976 is not set +# CONFIG_CHARGER_BQ2415X is not set +# CONFIG_BATTERY_GAUGE_LTC2941 is not set +# CONFIG_BATTERY_GOLDFISH is not set +# CONFIG_BATTERY_RT5033 is not set +# CONFIG_CHARGER_BD99954 is not set +# CONFIG_BATTERY_UG3105 is not set +# CONFIG_FUEL_GAUGE_MM8013 is not set +CONFIG_HWMON=y +# CONFIG_HWMON_DEBUG_CHIP is not set + +# +# Native drivers +# +# CONFIG_SENSORS_ABITUGURU is not set +# CONFIG_SENSORS_ABITUGURU3 is not set +# CONFIG_SENSORS_AD7414 is not set +# CONFIG_SENSORS_AD7418 is not set +# CONFIG_SENSORS_ADM1025 is not set +# CONFIG_SENSORS_ADM1026 is not set +# CONFIG_SENSORS_ADM1029 is not set +# CONFIG_SENSORS_ADM1031 is not set +# CONFIG_SENSORS_ADM1177 is not set +# CONFIG_SENSORS_ADM9240 is not set +# CONFIG_SENSORS_ADT7410 is not set +# CONFIG_SENSORS_ADT7411 is not set +# CONFIG_SENSORS_ADT7462 is not set +# CONFIG_SENSORS_ADT7470 is not set +# CONFIG_SENSORS_ADT7475 is not set +# CONFIG_SENSORS_AHT10 is not set +# CONFIG_SENSORS_AQUACOMPUTER_D5NEXT is not set +# CONFIG_SENSORS_AS370 is not set +# CONFIG_SENSORS_ASC7621 is not set +# CONFIG_SENSORS_ASUS_ROG_RYUJIN is not set +# CONFIG_SENSORS_AXI_FAN_CONTROL is not set +# CONFIG_SENSORS_K8TEMP is not set +# CONFIG_SENSORS_K10TEMP is not set +# CONFIG_SENSORS_FAM15H_POWER is not set +# CONFIG_SENSORS_APPLESMC is not set +# CONFIG_SENSORS_ASB100 is not set +# CONFIG_SENSORS_ATXP1 is not set +# CONFIG_SENSORS_CHIPCAP2 is not set +# CONFIG_SENSORS_CORSAIR_CPRO is not set +# CONFIG_SENSORS_CORSAIR_PSU is not set +# CONFIG_SENSORS_DRIVETEMP is not set +# CONFIG_SENSORS_DS620 is not set +# CONFIG_SENSORS_DS1621 is not set +# CONFIG_SENSORS_I5K_AMB is not set +# CONFIG_SENSORS_F71805F is not set +# CONFIG_SENSORS_F71882FG is not set +# CONFIG_SENSORS_F75375S is not set +# CONFIG_SENSORS_FSCHMD is not set +# CONFIG_SENSORS_GIGABYTE_WATERFORCE is not set +# CONFIG_SENSORS_GL518SM is not set +# CONFIG_SENSORS_GL520SM is not set +# CONFIG_SENSORS_G760A is not set +# CONFIG_SENSORS_G762 is not set +# CONFIG_SENSORS_HIH6130 is not set +# CONFIG_SENSORS_HS3001 is not set +# CONFIG_SENSORS_I5500 is not set +# CONFIG_SENSORS_CORETEMP is not set +# CONFIG_SENSORS_IT87 is not set +# CONFIG_SENSORS_JC42 is not set +# CONFIG_SENSORS_POWERZ is not set +# CONFIG_SENSORS_POWR1220 is not set +# CONFIG_SENSORS_LENOVO_EC is not set +# CONFIG_SENSORS_LINEAGE is not set +# CONFIG_SENSORS_LTC2945 is not set +# CONFIG_SENSORS_LTC2947_I2C is not set +# CONFIG_SENSORS_LTC2990 is not set +# CONFIG_SENSORS_LTC2991 is not set +# CONFIG_SENSORS_LTC4151 is not set +# CONFIG_SENSORS_LTC4215 is not set +# CONFIG_SENSORS_LTC4222 is not set +# CONFIG_SENSORS_LTC4245 is not set +# CONFIG_SENSORS_LTC4260 is not set +# CONFIG_SENSORS_LTC4261 is not set +# CONFIG_SENSORS_LTC4282 is not set +# CONFIG_SENSORS_MAX127 is not set +# CONFIG_SENSORS_MAX16065 is not set +# CONFIG_SENSORS_MAX1619 is not set +# CONFIG_SENSORS_MAX1668 is not set +# CONFIG_SENSORS_MAX197 is not set +# CONFIG_SENSORS_MAX31730 is not set +# CONFIG_SENSORS_MAX31760 is not set +# CONFIG_MAX31827 is not set +# CONFIG_SENSORS_MAX6620 is not set +# CONFIG_SENSORS_MAX6621 is not set +# CONFIG_SENSORS_MAX6639 is not set +# CONFIG_SENSORS_MAX6650 is not set +# CONFIG_SENSORS_MAX6697 is not set +# CONFIG_SENSORS_MAX31790 is not set +# CONFIG_SENSORS_MC34VR500 is not set +# CONFIG_SENSORS_MCP3021 is not set +# CONFIG_SENSORS_TC654 is not set +# CONFIG_SENSORS_TPS23861 is not set +# CONFIG_SENSORS_MR75203 is not set +# CONFIG_SENSORS_LM63 is not set +# CONFIG_SENSORS_LM73 is not set +# CONFIG_SENSORS_LM75 is not set +# CONFIG_SENSORS_LM77 is not set +# CONFIG_SENSORS_LM78 is not set +# CONFIG_SENSORS_LM80 is not set +# CONFIG_SENSORS_LM83 is not set +# CONFIG_SENSORS_LM85 is not set +# CONFIG_SENSORS_LM87 is not set +# CONFIG_SENSORS_LM90 is not set +# CONFIG_SENSORS_LM92 is not set +# CONFIG_SENSORS_LM93 is not set +# CONFIG_SENSORS_LM95234 is not set +# CONFIG_SENSORS_LM95241 is not set +# CONFIG_SENSORS_LM95245 is not set +# CONFIG_SENSORS_PC87360 is not set +# CONFIG_SENSORS_PC87427 is not set +# CONFIG_SENSORS_NCT6683 is not set +# CONFIG_SENSORS_NCT6775 is not set +# CONFIG_SENSORS_NCT6775_I2C is not set +# CONFIG_SENSORS_NCT7802 is not set +# CONFIG_SENSORS_NPCM7XX is not set +# CONFIG_SENSORS_NZXT_KRAKEN2 is not set +# CONFIG_SENSORS_NZXT_KRAKEN3 is not set +# CONFIG_SENSORS_NZXT_SMART2 is not set +# CONFIG_SENSORS_OCC_P8_I2C is not set +# CONFIG_SENSORS_OXP is not set +# CONFIG_SENSORS_PCF8591 is not set +# CONFIG_PMBUS is not set +# CONFIG_SENSORS_PT5161L is not set +# CONFIG_SENSORS_SBTSI is not set +# CONFIG_SENSORS_SBRMI is not set +# CONFIG_SENSORS_SHT21 is not set +# CONFIG_SENSORS_SHT3x is not set +# CONFIG_SENSORS_SHT4x is not set +# CONFIG_SENSORS_SHTC1 is not set +# CONFIG_SENSORS_SIS5595 is not set +# CONFIG_SENSORS_DME1737 is not set +# CONFIG_SENSORS_EMC1403 is not set +# CONFIG_SENSORS_EMC2103 is not set +# CONFIG_SENSORS_EMC2305 is not set +# CONFIG_SENSORS_EMC6W201 is not set +# CONFIG_SENSORS_SMSC47M1 is not set +# CONFIG_SENSORS_SMSC47M192 is not set +# CONFIG_SENSORS_SMSC47B397 is not set +# CONFIG_SENSORS_STTS751 is not set +# CONFIG_SENSORS_ADC128D818 is not set +# CONFIG_SENSORS_ADS7828 is not set +# CONFIG_SENSORS_AMC6821 is not set +# CONFIG_SENSORS_INA209 is not set +# CONFIG_SENSORS_INA2XX is not set +# CONFIG_SENSORS_INA238 is not set +# CONFIG_SENSORS_INA3221 is not set +# CONFIG_SENSORS_SPD5118 is not set +# CONFIG_SENSORS_TC74 is not set +# CONFIG_SENSORS_THMC50 is not set +# CONFIG_SENSORS_TMP102 is not set +# CONFIG_SENSORS_TMP103 is not set +# CONFIG_SENSORS_TMP108 is not set +# CONFIG_SENSORS_TMP401 is not set +# CONFIG_SENSORS_TMP421 is not set +# CONFIG_SENSORS_TMP464 is not set +# CONFIG_SENSORS_TMP513 is not set +# CONFIG_SENSORS_VIA_CPUTEMP is not set +# CONFIG_SENSORS_VIA686A is not set +# CONFIG_SENSORS_VT1211 is not set +# CONFIG_SENSORS_VT8231 is not set +# CONFIG_SENSORS_W83773G is not set +# CONFIG_SENSORS_W83781D is not set +# CONFIG_SENSORS_W83791D is not set +# CONFIG_SENSORS_W83792D is not set +# CONFIG_SENSORS_W83793 is not set +# CONFIG_SENSORS_W83795 is not set +# CONFIG_SENSORS_W83L785TS is not set +# CONFIG_SENSORS_W83L786NG is not set +# CONFIG_SENSORS_W83627HF is not set +# CONFIG_SENSORS_W83627EHF is not set +# CONFIG_SENSORS_XGENE is not set + +# +# ACPI drivers +# +# CONFIG_SENSORS_ACPI_POWER is not set +# CONFIG_SENSORS_ATK0110 is not set +# CONFIG_SENSORS_ASUS_EC is not set +CONFIG_THERMAL=y +# CONFIG_THERMAL_NETLINK is not set +# CONFIG_THERMAL_STATISTICS is not set +CONFIG_THERMAL_EMERGENCY_POWEROFF_DELAY_MS=0 +CONFIG_THERMAL_HWMON=y +CONFIG_THERMAL_DEFAULT_GOV_STEP_WISE=y +# CONFIG_THERMAL_DEFAULT_GOV_FAIR_SHARE is not set +# CONFIG_THERMAL_DEFAULT_GOV_USER_SPACE is not set +# CONFIG_THERMAL_GOV_FAIR_SHARE is not set +CONFIG_THERMAL_GOV_STEP_WISE=y +# CONFIG_THERMAL_GOV_BANG_BANG is not set +CONFIG_THERMAL_GOV_USER_SPACE=y +# CONFIG_THERMAL_EMULATION is not set + +# +# Intel thermal drivers +# +# CONFIG_INTEL_POWERCLAMP is not set +CONFIG_X86_THERMAL_VECTOR=y +CONFIG_INTEL_TCC=y +CONFIG_X86_PKG_TEMP_THERMAL=m +# CONFIG_INTEL_SOC_DTS_THERMAL is not set + +# +# ACPI INT340X thermal drivers +# +# CONFIG_INT340X_THERMAL is not set +# end of ACPI INT340X thermal drivers + +# CONFIG_INTEL_PCH_THERMAL is not set +# CONFIG_INTEL_TCC_COOLING is not set +# CONFIG_INTEL_HFI_THERMAL is not set +# end of Intel thermal drivers + +# CONFIG_WATCHDOG is not set +CONFIG_SSB_POSSIBLE=y +# CONFIG_SSB is not set +CONFIG_BCMA_POSSIBLE=y +# CONFIG_BCMA is not set + +# +# Multifunction device drivers +# +# CONFIG_MFD_AS3711 is not set +# CONFIG_MFD_SMPRO is not set +# CONFIG_PMIC_ADP5520 is not set +# CONFIG_MFD_BCM590XX is not set +# CONFIG_MFD_BD9571MWV is not set +# CONFIG_MFD_AXP20X_I2C is not set +# CONFIG_MFD_CS42L43_I2C is not set +# CONFIG_MFD_MADERA is not set +# CONFIG_PMIC_DA903X is not set +# CONFIG_MFD_DA9052_I2C is not set +# CONFIG_MFD_DA9055 is not set +# CONFIG_MFD_DA9062 is not set +# CONFIG_MFD_DA9063 is not set +# CONFIG_MFD_DA9150 is not set +# CONFIG_MFD_DLN2 is not set +# CONFIG_MFD_MC13XXX_I2C is not set +# CONFIG_MFD_MP2629 is not set +# CONFIG_LPC_ICH is not set +# CONFIG_LPC_SCH is not set +# CONFIG_MFD_INTEL_LPSS_ACPI is not set +# CONFIG_MFD_INTEL_LPSS_PCI is not set +# CONFIG_MFD_INTEL_PMC_BXT is not set +# CONFIG_MFD_IQS62X is not set +# CONFIG_MFD_JANZ_CMODIO is not set +# CONFIG_MFD_KEMPLD is not set +# CONFIG_MFD_88PM800 is not set +# CONFIG_MFD_88PM805 is not set +# CONFIG_MFD_88PM860X is not set +# CONFIG_MFD_MAX14577 is not set +# CONFIG_MFD_MAX77541 is not set +# CONFIG_MFD_MAX77693 is not set +# CONFIG_MFD_MAX77843 is not set +# CONFIG_MFD_MAX8907 is not set +# CONFIG_MFD_MAX8925 is not set +# CONFIG_MFD_MAX8997 is not set +# CONFIG_MFD_MAX8998 is not set +# CONFIG_MFD_MT6360 is not set +# CONFIG_MFD_MT6370 is not set +# CONFIG_MFD_MT6397 is not set +# CONFIG_MFD_MENF21BMC is not set +# CONFIG_MFD_VIPERBOARD is not set +# CONFIG_MFD_RETU is not set +# CONFIG_MFD_PCF50633 is not set +# CONFIG_MFD_SY7636A is not set +# CONFIG_MFD_RDC321X is not set +# CONFIG_MFD_RT4831 is not set +# CONFIG_MFD_RT5033 is not set +# CONFIG_MFD_RT5120 is not set +# CONFIG_MFD_RC5T583 is not set +# CONFIG_MFD_SI476X_CORE is not set +# CONFIG_MFD_SM501 is not set +# CONFIG_MFD_SKY81452 is not set +# CONFIG_MFD_SYSCON is not set +# CONFIG_MFD_LP3943 is not set +# CONFIG_MFD_LP8788 is not set +# CONFIG_MFD_TI_LMU is not set +# CONFIG_MFD_PALMAS is not set +# CONFIG_TPS6105X is not set +# CONFIG_TPS6507X is not set +# CONFIG_MFD_TPS65086 is not set +# CONFIG_MFD_TPS65090 is not set +# CONFIG_MFD_TI_LP873X is not set +# CONFIG_MFD_TPS6586X is not set +# CONFIG_MFD_TPS65912_I2C is not set +# CONFIG_MFD_TPS6594_I2C is not set +# CONFIG_TWL4030_CORE is not set +# CONFIG_TWL6040_CORE is not set +# CONFIG_MFD_WL1273_CORE is not set +# CONFIG_MFD_LM3533 is not set +# CONFIG_MFD_TQMX86 is not set +# CONFIG_MFD_VX855 is not set +# CONFIG_MFD_ARIZONA_I2C is not set +# CONFIG_MFD_WM8400 is not set +# CONFIG_MFD_WM831X_I2C is not set +# CONFIG_MFD_WM8350_I2C is not set +# CONFIG_MFD_WM8994 is not set +# CONFIG_MFD_ATC260X_I2C is not set +# CONFIG_MFD_CS40L50_I2C is not set +# end of Multifunction device drivers + +# CONFIG_REGULATOR is not set +# CONFIG_RC_CORE is not set + +# +# CEC support +# +# CONFIG_MEDIA_CEC_SUPPORT is not set +# end of CEC support + +# CONFIG_MEDIA_SUPPORT is not set + +# +# Graphics support +# +CONFIG_APERTURE_HELPERS=y +CONFIG_VIDEO=y +# CONFIG_AUXDISPLAY is not set +# CONFIG_AGP is not set +# CONFIG_VGA_SWITCHEROO is not set +CONFIG_DRM=y +# CONFIG_DRM_DEBUG_MM is not set +CONFIG_DRM_KMS_HELPER=y +# CONFIG_DRM_PANIC is not set +# CONFIG_DRM_FBDEV_EMULATION is not set +# CONFIG_DRM_LOAD_EDID_FIRMWARE is not set +CONFIG_DRM_TTM=y +CONFIG_DRM_VRAM_HELPER=y +CONFIG_DRM_TTM_HELPER=y +CONFIG_DRM_GEM_SHMEM_HELPER=y + +# +# I2C encoder or helper chips +# +# CONFIG_DRM_I2C_CH7006 is not set +# CONFIG_DRM_I2C_SIL164 is not set +# CONFIG_DRM_I2C_NXP_TDA998X is not set +# CONFIG_DRM_I2C_NXP_TDA9950 is not set +# end of I2C encoder or helper chips + +# +# ARM devices +# +# end of ARM devices + +# CONFIG_DRM_RADEON is not set +# CONFIG_DRM_AMDGPU is not set +# CONFIG_DRM_NOUVEAU is not set +# CONFIG_DRM_I915 is not set +# CONFIG_DRM_XE is not set +# CONFIG_DRM_VGEM is not set +# CONFIG_DRM_VKMS is not set +# CONFIG_DRM_VMWGFX is not set +# CONFIG_DRM_GMA500 is not set +# CONFIG_DRM_UDL is not set +# CONFIG_DRM_AST is not set +# CONFIG_DRM_MGAG200 is not set +CONFIG_DRM_QXL=y +CONFIG_DRM_VIRTIO_GPU=y +CONFIG_DRM_VIRTIO_GPU_KMS=y +CONFIG_DRM_PANEL=y + +# +# Display Panels +# +# end of Display Panels + +CONFIG_DRM_BRIDGE=y +CONFIG_DRM_PANEL_BRIDGE=y + +# +# Display Interface Bridges +# +# CONFIG_DRM_ANALOGIX_ANX78XX is not set +# end of Display Interface Bridges + +# CONFIG_DRM_ETNAVIV is not set +CONFIG_DRM_BOCHS=y +# CONFIG_DRM_CIRRUS_QEMU is not set +# CONFIG_DRM_GM12U320 is not set +# CONFIG_DRM_SIMPLEDRM is not set +# CONFIG_DRM_VBOXVIDEO is not set +# CONFIG_DRM_GUD is not set +# CONFIG_DRM_SSD130X is not set +CONFIG_DRM_PANEL_ORIENTATION_QUIRKS=y + +# +# Frame buffer Devices +# +# CONFIG_FB is not set +# end of Frame buffer Devices + +# +# Backlight & LCD device support +# +# CONFIG_LCD_CLASS_DEVICE is not set +# CONFIG_BACKLIGHT_CLASS_DEVICE is not set +# end of Backlight & LCD device support + +CONFIG_HDMI=y + +# +# Console display driver support +# +CONFIG_VGA_CONSOLE=y +CONFIG_DUMMY_CONSOLE=y +CONFIG_DUMMY_CONSOLE_COLUMNS=80 +CONFIG_DUMMY_CONSOLE_ROWS=25 +# end of Console display driver support +# end of Graphics support + +# CONFIG_DRM_ACCEL is not set +CONFIG_SOUND=y +CONFIG_SND=y +CONFIG_SND_TIMER=y +CONFIG_SND_PCM=y +CONFIG_SND_JACK=y +CONFIG_SND_JACK_INPUT_DEV=y +# CONFIG_SND_OSSEMUL is not set +CONFIG_SND_PCM_TIMER=y +# CONFIG_SND_DYNAMIC_MINORS is not set +CONFIG_SND_SUPPORT_OLD_API=y +CONFIG_SND_PROC_FS=y +CONFIG_SND_VERBOSE_PROCFS=y +CONFIG_SND_CTL_FAST_LOOKUP=y +# CONFIG_SND_DEBUG is not set +# CONFIG_SND_CTL_INPUT_VALIDATION is not set +# CONFIG_SND_UTIMER is not set +CONFIG_SND_VMASTER=y +CONFIG_SND_DMA_SGBUF=y +# CONFIG_SND_SEQUENCER is not set +CONFIG_SND_DRIVERS=y +# CONFIG_SND_DUMMY is not set +# CONFIG_SND_ALOOP is not set +# CONFIG_SND_MTPAV is not set +# CONFIG_SND_SERIAL_U16550 is not set +# CONFIG_SND_MPU401 is not set +CONFIG_SND_PCI=y +# CONFIG_SND_AD1889 is not set +# CONFIG_SND_ALS300 is not set +# CONFIG_SND_ALS4000 is not set +# CONFIG_SND_ALI5451 is not set +# CONFIG_SND_ASIHPI is not set +# CONFIG_SND_ATIIXP is not set +# CONFIG_SND_ATIIXP_MODEM is not set +# CONFIG_SND_AU8810 is not set +# CONFIG_SND_AU8820 is not set +# CONFIG_SND_AU8830 is not set +# CONFIG_SND_AW2 is not set +# CONFIG_SND_AZT3328 is not set +# CONFIG_SND_BT87X is not set +# CONFIG_SND_CA0106 is not set +# CONFIG_SND_CMIPCI is not set +# CONFIG_SND_OXYGEN is not set +# CONFIG_SND_CS4281 is not set +# CONFIG_SND_CS46XX is not set +# CONFIG_SND_CTXFI is not set +# CONFIG_SND_DARLA20 is not set +# CONFIG_SND_GINA20 is not set +# CONFIG_SND_LAYLA20 is not set +# CONFIG_SND_DARLA24 is not set +# CONFIG_SND_GINA24 is not set +# CONFIG_SND_LAYLA24 is not set +# CONFIG_SND_MONA is not set +# CONFIG_SND_MIA is not set +# CONFIG_SND_ECHO3G is not set +# CONFIG_SND_INDIGO is not set +# CONFIG_SND_INDIGOIO is not set +# CONFIG_SND_INDIGODJ is not set +# CONFIG_SND_INDIGOIOX is not set +# CONFIG_SND_INDIGODJX is not set +# CONFIG_SND_EMU10K1 is not set +# CONFIG_SND_EMU10K1X is not set +# CONFIG_SND_ENS1370 is not set +# CONFIG_SND_ENS1371 is not set +# CONFIG_SND_ES1938 is not set +# CONFIG_SND_ES1968 is not set +# CONFIG_SND_FM801 is not set +# CONFIG_SND_HDSP is not set +# CONFIG_SND_HDSPM is not set +# CONFIG_SND_ICE1712 is not set +# CONFIG_SND_ICE1724 is not set +# CONFIG_SND_INTEL8X0 is not set +# CONFIG_SND_INTEL8X0M is not set +# CONFIG_SND_KORG1212 is not set +# CONFIG_SND_LOLA is not set +# CONFIG_SND_LX6464ES is not set +# CONFIG_SND_MAESTRO3 is not set +# CONFIG_SND_MIXART is not set +# CONFIG_SND_NM256 is not set +# CONFIG_SND_PCXHR is not set +# CONFIG_SND_RIPTIDE is not set +# CONFIG_SND_RME32 is not set +# CONFIG_SND_RME96 is not set +# CONFIG_SND_RME9652 is not set +# CONFIG_SND_SE6X is not set +# CONFIG_SND_SONICVIBES is not set +# CONFIG_SND_TRIDENT is not set +# CONFIG_SND_VIA82XX is not set +# CONFIG_SND_VIA82XX_MODEM is not set +# CONFIG_SND_VIRTUOSO is not set +# CONFIG_SND_VX222 is not set +# CONFIG_SND_YMFPCI is not set + +# +# HD-Audio +# +CONFIG_SND_HDA=y +CONFIG_SND_HDA_INTEL=y +# CONFIG_SND_HDA_HWDEP is not set +# CONFIG_SND_HDA_RECONFIG is not set +# CONFIG_SND_HDA_INPUT_BEEP is not set +# CONFIG_SND_HDA_PATCH_LOADER is not set +# CONFIG_SND_HDA_CODEC_REALTEK is not set +# CONFIG_SND_HDA_CODEC_ANALOG is not set +# CONFIG_SND_HDA_CODEC_SIGMATEL is not set +# CONFIG_SND_HDA_CODEC_VIA is not set +# CONFIG_SND_HDA_CODEC_HDMI is not set +# CONFIG_SND_HDA_CODEC_CIRRUS is not set +# CONFIG_SND_HDA_CODEC_CS8409 is not set +# CONFIG_SND_HDA_CODEC_CONEXANT is not set +# CONFIG_SND_HDA_CODEC_SENARYTECH is not set +# CONFIG_SND_HDA_CODEC_CA0110 is not set +# CONFIG_SND_HDA_CODEC_CA0132 is not set +# CONFIG_SND_HDA_CODEC_CMEDIA is not set +# CONFIG_SND_HDA_CODEC_SI3054 is not set +CONFIG_SND_HDA_GENERIC=y +CONFIG_SND_HDA_POWER_SAVE_DEFAULT=0 +# CONFIG_SND_HDA_INTEL_HDMI_SILENT_STREAM is not set +# CONFIG_SND_HDA_CTL_DEV_ID is not set +# end of HD-Audio + +CONFIG_SND_HDA_CORE=y +CONFIG_SND_HDA_PREALLOC_SIZE=0 +CONFIG_SND_INTEL_NHLT=y +CONFIG_SND_INTEL_DSP_CONFIG=y +CONFIG_SND_INTEL_SOUNDWIRE_ACPI=y +CONFIG_SND_USB=y +# CONFIG_SND_USB_AUDIO is not set +# CONFIG_SND_USB_UA101 is not set +# CONFIG_SND_USB_USX2Y is not set +# CONFIG_SND_USB_CAIAQ is not set +# CONFIG_SND_USB_US122L is not set +# CONFIG_SND_USB_6FIRE is not set +# CONFIG_SND_USB_HIFACE is not set +# CONFIG_SND_BCD2000 is not set +# CONFIG_SND_USB_POD is not set +# CONFIG_SND_USB_PODHD is not set +# CONFIG_SND_USB_TONEPORT is not set +# CONFIG_SND_USB_VARIAX is not set +# CONFIG_SND_SOC is not set +CONFIG_SND_X86=y +# CONFIG_SND_VIRTIO is not set +CONFIG_HID_SUPPORT=y +CONFIG_HID=y +# CONFIG_HID_BATTERY_STRENGTH is not set +# CONFIG_HIDRAW is not set +# CONFIG_UHID is not set +CONFIG_HID_GENERIC=y + +# +# Special HID drivers +# +CONFIG_HID_A4TECH=y +# CONFIG_HID_ACCUTOUCH is not set +# CONFIG_HID_ACRUX is not set +# CONFIG_HID_APPLEIR is not set +# CONFIG_HID_AUREAL is not set +CONFIG_HID_BELKIN=y +# CONFIG_HID_BETOP_FF is not set +CONFIG_HID_CHERRY=y +CONFIG_HID_CHICONY=y +# CONFIG_HID_COUGAR is not set +# CONFIG_HID_MACALLY is not set +# CONFIG_HID_PRODIKEYS is not set +# CONFIG_HID_CMEDIA is not set +# CONFIG_HID_CREATIVE_SB0540 is not set +CONFIG_HID_CYPRESS=y +# CONFIG_HID_DRAGONRISE is not set +# CONFIG_HID_EMS_FF is not set +# CONFIG_HID_ELECOM is not set +# CONFIG_HID_ELO is not set +# CONFIG_HID_EVISION is not set +CONFIG_HID_EZKEY=y +# CONFIG_HID_GEMBIRD is not set +# CONFIG_HID_GFRM is not set +# CONFIG_HID_GLORIOUS is not set +# CONFIG_HID_HOLTEK is not set +# CONFIG_HID_GOOGLE_STADIA_FF is not set +# CONFIG_HID_VIVALDI is not set +# CONFIG_HID_KEYTOUCH is not set +# CONFIG_HID_KYE is not set +# CONFIG_HID_UCLOGIC is not set +# CONFIG_HID_WALTOP is not set +# CONFIG_HID_VIEWSONIC is not set +# CONFIG_HID_VRC2 is not set +# CONFIG_HID_XIAOMI is not set +# CONFIG_HID_GYRATION is not set +# CONFIG_HID_ICADE is not set +CONFIG_HID_ITE=y +# CONFIG_HID_JABRA is not set +# CONFIG_HID_TWINHAN is not set +CONFIG_HID_KENSINGTON=y +# CONFIG_HID_LCPOWER is not set +# CONFIG_HID_LENOVO is not set +# CONFIG_HID_LETSKETCH is not set +# CONFIG_HID_MAGICMOUSE is not set +# CONFIG_HID_MALTRON is not set +# CONFIG_HID_MAYFLASH is not set +# CONFIG_HID_MEGAWORLD_FF is not set +CONFIG_HID_REDRAGON=y +CONFIG_HID_MICROSOFT=y +CONFIG_HID_MONTEREY=y +# CONFIG_HID_MULTITOUCH is not set +# CONFIG_HID_NTI is not set +# CONFIG_HID_NTRIG is not set +# CONFIG_HID_ORTEK is not set +# CONFIG_HID_PANTHERLORD is not set +# CONFIG_HID_PENMOUNT is not set +# CONFIG_HID_PETALYNX is not set +# CONFIG_HID_PICOLCD is not set +# CONFIG_HID_PLANTRONICS is not set +# CONFIG_HID_PXRC is not set +# CONFIG_HID_RAZER is not set +# CONFIG_HID_PRIMAX is not set +# CONFIG_HID_RETRODE is not set +# CONFIG_HID_ROCCAT is not set +# CONFIG_HID_SAITEK is not set +# CONFIG_HID_SAMSUNG is not set +# CONFIG_HID_SEMITEK is not set +# CONFIG_HID_SIGMAMICRO is not set +# CONFIG_HID_SPEEDLINK is not set +# CONFIG_HID_STEAM is not set +# CONFIG_HID_STEELSERIES is not set +# CONFIG_HID_SUNPLUS is not set +# CONFIG_HID_RMI is not set +# CONFIG_HID_GREENASIA is not set +# CONFIG_HID_SMARTJOYPLUS is not set +# CONFIG_HID_TIVO is not set +# CONFIG_HID_TOPSEED is not set +# CONFIG_HID_TOPRE is not set +# CONFIG_HID_THRUSTMASTER is not set +# CONFIG_HID_UDRAW_PS3 is not set +# CONFIG_HID_WACOM is not set +# CONFIG_HID_XINMO is not set +# CONFIG_HID_ZEROPLUS is not set +# CONFIG_HID_ZYDACRON is not set +# CONFIG_HID_SENSOR_HUB is not set +# CONFIG_HID_ALPS is not set +# CONFIG_HID_MCP2221 is not set +# end of Special HID drivers + +# +# HID-BPF support +# +# end of HID-BPF support + +# +# USB HID support +# +CONFIG_USB_HID=y +# CONFIG_HID_PID is not set +# CONFIG_USB_HIDDEV is not set +# end of USB HID support + +CONFIG_I2C_HID=y +# CONFIG_I2C_HID_ACPI is not set +# CONFIG_I2C_HID_OF is not set + +# +# Intel ISH HID support +# +# CONFIG_INTEL_ISH_HID is not set +# end of Intel ISH HID support + +# +# AMD SFH HID Support +# +# CONFIG_AMD_SFH_HID is not set +# end of AMD SFH HID Support + +CONFIG_USB_OHCI_LITTLE_ENDIAN=y +CONFIG_USB_SUPPORT=y +CONFIG_USB_COMMON=y +# CONFIG_USB_ULPI_BUS is not set +CONFIG_USB_ARCH_HAS_HCD=y +CONFIG_USB=y +CONFIG_USB_PCI=y +CONFIG_USB_PCI_AMD=y +# CONFIG_USB_ANNOUNCE_NEW_DEVICES is not set + +# +# Miscellaneous USB options +# +CONFIG_USB_DEFAULT_PERSIST=y +# CONFIG_USB_FEW_INIT_RETRIES is not set +# CONFIG_USB_DYNAMIC_MINORS is not set +# CONFIG_USB_OTG is not set +# CONFIG_USB_OTG_PRODUCTLIST is not set +CONFIG_USB_AUTOSUSPEND_DELAY=2 +CONFIG_USB_DEFAULT_AUTHORIZATION_MODE=1 +# CONFIG_USB_MON is not set + +# +# USB Host Controller Drivers +# +# CONFIG_USB_C67X00_HCD is not set +CONFIG_USB_XHCI_HCD=y +# CONFIG_USB_XHCI_DBGCAP is not set +CONFIG_USB_XHCI_PCI=y +# CONFIG_USB_XHCI_PCI_RENESAS is not set +# CONFIG_USB_XHCI_PLATFORM is not set +CONFIG_USB_EHCI_HCD=y +# CONFIG_USB_EHCI_ROOT_HUB_TT is not set +CONFIG_USB_EHCI_TT_NEWSCHED=y +CONFIG_USB_EHCI_PCI=y +# CONFIG_USB_EHCI_FSL is not set +# CONFIG_USB_EHCI_HCD_PLATFORM is not set +# CONFIG_USB_OXU210HP_HCD is not set +# CONFIG_USB_ISP116X_HCD is not set +# CONFIG_USB_OHCI_HCD is not set +CONFIG_USB_UHCI_HCD=y +# CONFIG_USB_SL811_HCD is not set +# CONFIG_USB_R8A66597_HCD is not set +# CONFIG_USB_HCD_TEST_MODE is not set + +# +# USB Device Class drivers +# +# CONFIG_USB_ACM is not set +# CONFIG_USB_PRINTER is not set +# CONFIG_USB_WDM is not set +# CONFIG_USB_TMC is not set + +# +# NOTE: USB_STORAGE depends on SCSI but BLK_DEV_SD may +# + +# +# also be needed; see USB_STORAGE Help for more info +# +CONFIG_USB_STORAGE=y +# CONFIG_USB_STORAGE_DEBUG is not set +# CONFIG_USB_STORAGE_REALTEK is not set +# CONFIG_USB_STORAGE_DATAFAB is not set +# CONFIG_USB_STORAGE_FREECOM is not set +# CONFIG_USB_STORAGE_ISD200 is not set +# CONFIG_USB_STORAGE_USBAT is not set +# CONFIG_USB_STORAGE_SDDR09 is not set +# CONFIG_USB_STORAGE_SDDR55 is not set +# CONFIG_USB_STORAGE_JUMPSHOT is not set +# CONFIG_USB_STORAGE_ALAUDA is not set +# CONFIG_USB_STORAGE_ONETOUCH is not set +# CONFIG_USB_STORAGE_KARMA is not set +# CONFIG_USB_STORAGE_CYPRESS_ATACB is not set +# CONFIG_USB_STORAGE_ENE_UB6250 is not set +# CONFIG_USB_UAS is not set + +# +# USB Imaging devices +# +# CONFIG_USB_MDC800 is not set +# CONFIG_USB_MICROTEK is not set +# CONFIG_USBIP_CORE is not set + +# +# USB dual-mode controller drivers +# +# CONFIG_USB_CDNS_SUPPORT is not set +# CONFIG_USB_MUSB_HDRC is not set +# CONFIG_USB_DWC3 is not set +# CONFIG_USB_DWC2 is not set +# CONFIG_USB_CHIPIDEA is not set +# CONFIG_USB_ISP1760 is not set + +# +# USB port drivers +# +# CONFIG_USB_SERIAL is not set + +# +# USB Miscellaneous drivers +# +# CONFIG_USB_EMI62 is not set +# CONFIG_USB_EMI26 is not set +# CONFIG_USB_ADUTUX is not set +# CONFIG_USB_SEVSEG is not set +# CONFIG_USB_LEGOTOWER is not set +# CONFIG_USB_LCD is not set +# CONFIG_USB_CYPRESS_CY7C63 is not set +# CONFIG_USB_CYTHERM is not set +# CONFIG_USB_IDMOUSE is not set +# CONFIG_USB_APPLEDISPLAY is not set +# CONFIG_APPLE_MFI_FASTCHARGE is not set +# CONFIG_USB_LJCA is not set +# CONFIG_USB_SISUSBVGA is not set +# CONFIG_USB_LD is not set +# CONFIG_USB_TRANCEVIBRATOR is not set +# CONFIG_USB_IOWARRIOR is not set +# CONFIG_USB_TEST is not set +# CONFIG_USB_EHSET_TEST_FIXTURE is not set +# CONFIG_USB_ISIGHTFW is not set +# CONFIG_USB_YUREX is not set +# CONFIG_USB_EZUSB_FX2 is not set +# CONFIG_USB_HUB_USB251XB is not set +# CONFIG_USB_HSIC_USB3503 is not set +# CONFIG_USB_HSIC_USB4604 is not set +# CONFIG_USB_LINK_LAYER_TEST is not set +# CONFIG_USB_CHAOSKEY is not set + +# +# USB Physical Layer drivers +# +# CONFIG_NOP_USB_XCEIV is not set +# CONFIG_USB_ISP1301 is not set +# end of USB Physical Layer drivers + +# CONFIG_USB_GADGET is not set +# CONFIG_TYPEC is not set +# CONFIG_USB_ROLE_SWITCH is not set +# CONFIG_MMC is not set +# CONFIG_SCSI_UFSHCD is not set +# CONFIG_MEMSTICK is not set +# CONFIG_NEW_LEDS is not set +# CONFIG_ACCESSIBILITY is not set +# CONFIG_INFINIBAND is not set +CONFIG_EDAC_ATOMIC_SCRUB=y +CONFIG_EDAC_SUPPORT=y +CONFIG_RTC_LIB=y +CONFIG_RTC_MC146818_LIB=y +# CONFIG_RTC_CLASS is not set +# CONFIG_DMADEVICES is not set + +# +# DMABUF options +# +CONFIG_SYNC_FILE=y +# CONFIG_UDMABUF is not set +# CONFIG_DMABUF_MOVE_NOTIFY is not set +# CONFIG_DMABUF_DEBUG is not set +# CONFIG_DMABUF_SELFTESTS is not set +# CONFIG_DMABUF_HEAPS is not set +# CONFIG_DMABUF_SYSFS_STATS is not set +# end of DMABUF options + +# CONFIG_UIO is not set +# CONFIG_VFIO is not set +# CONFIG_VIRT_DRIVERS is not set +CONFIG_VIRTIO_ANCHOR=y +CONFIG_VIRTIO=y +CONFIG_VIRTIO_PCI_LIB=y +CONFIG_VIRTIO_PCI_LIB_LEGACY=y +CONFIG_VIRTIO_MENU=y +CONFIG_VIRTIO_PCI=y +CONFIG_VIRTIO_PCI_ADMIN_LEGACY=y +CONFIG_VIRTIO_PCI_LEGACY=y +CONFIG_VIRTIO_BALLOON=y +CONFIG_VIRTIO_INPUT=y +CONFIG_VIRTIO_MMIO=y +CONFIG_VIRTIO_MMIO_CMDLINE_DEVICES=y +CONFIG_VIRTIO_DMA_SHARED_BUFFER=y +# CONFIG_VIRTIO_DEBUG is not set +# CONFIG_VDPA is not set +CONFIG_VHOST_MENU=y +# CONFIG_VHOST_NET is not set +# CONFIG_VHOST_CROSS_ENDIAN_LEGACY is not set +CONFIG_VHOST_ENABLE_FORK_OWNER_CONTROL=y + +# +# Microsoft Hyper-V guest support +# +# CONFIG_HYPERV is not set +# end of Microsoft Hyper-V guest support + +# CONFIG_GREYBUS is not set +# CONFIG_COMEDI is not set +# CONFIG_STAGING is not set +# CONFIG_GOLDFISH is not set +# CONFIG_CHROME_PLATFORMS is not set +# CONFIG_MELLANOX_PLATFORM is not set +CONFIG_SURFACE_PLATFORMS=y +# CONFIG_SURFACE_3_POWER_OPREGION is not set +# CONFIG_SURFACE_GPE is not set +# CONFIG_SURFACE_PRO3_BUTTON is not set +CONFIG_X86_PLATFORM_DEVICES=y +# CONFIG_ACPI_WMI is not set +# CONFIG_ACERHDF is not set +# CONFIG_ACER_WIRELESS is not set +# CONFIG_AMD_HSMP is not set +# CONFIG_AMD_WBRF is not set +# CONFIG_ADV_SWBUTTON is not set +# CONFIG_ASUS_WIRELESS is not set +# CONFIG_X86_PLATFORM_DRIVERS_DELL is not set +# CONFIG_FUJITSU_TABLET is not set +# CONFIG_GPD_POCKET_FAN is not set +# CONFIG_X86_PLATFORM_DRIVERS_HP is not set +# CONFIG_WIRELESS_HOTKEY is not set +# CONFIG_IBM_RTL is not set +# CONFIG_SENSORS_HDAPS is not set +# CONFIG_INTEL_IFS is not set +# CONFIG_INTEL_SAR_INT1092 is not set + +# +# Intel Speed Select Technology interface support +# +# CONFIG_INTEL_SPEED_SELECT_INTERFACE is not set +# end of Intel Speed Select Technology interface support + +# +# Intel Uncore Frequency Control +# +# CONFIG_INTEL_UNCORE_FREQ_CONTROL is not set +# end of Intel Uncore Frequency Control + +# CONFIG_INTEL_HID_EVENT is not set +# CONFIG_INTEL_VBTN is not set +# CONFIG_INTEL_PUNIT_IPC is not set +# CONFIG_INTEL_RST is not set +# CONFIG_INTEL_SMARTCONNECT is not set +# CONFIG_INTEL_TURBO_MAX_3 is not set +# CONFIG_INTEL_VSEC is not set +# CONFIG_ACPI_QUICKSTART is not set +# CONFIG_MSI_EC is not set +# CONFIG_SAMSUNG_Q10 is not set +# CONFIG_TOSHIBA_BT_RFKILL is not set +# CONFIG_TOSHIBA_HAPS is not set +# CONFIG_ACPI_CMPC is not set +# CONFIG_SYSTEM76_ACPI is not set +# CONFIG_TOPSTAR_LAPTOP is not set +# CONFIG_SERIAL_MULTI_INSTANTIATE is not set +# CONFIG_MLX_PLATFORM is not set +# CONFIG_INTEL_IPS is not set +# CONFIG_INTEL_SCU_PCI is not set +# CONFIG_INTEL_SCU_PLATFORM is not set +# CONFIG_SIEMENS_SIMATIC_IPC is not set +# CONFIG_WINMATE_FM07_KEYS is not set +# CONFIG_COMMON_CLK is not set +# CONFIG_HWSPINLOCK is not set + +# +# Clock Source drivers +# +CONFIG_CLKEVT_I8253=y +CONFIG_I8253_LOCK=y +CONFIG_CLKBLD_I8253=y +# end of Clock Source drivers + +CONFIG_MAILBOX=y +CONFIG_PCC=y +# CONFIG_ALTERA_MBOX is not set +CONFIG_IOMMU_IOVA=y +CONFIG_IOMMU_API=y +CONFIG_IOMMU_SUPPORT=y + +# +# Generic IOMMU Pagetable Support +# +# end of Generic IOMMU Pagetable Support + +# CONFIG_IOMMU_DEFAULT_DMA_STRICT is not set +CONFIG_IOMMU_DEFAULT_DMA_LAZY=y +# CONFIG_IOMMU_DEFAULT_PASSTHROUGH is not set +CONFIG_IOMMU_DMA=y +# CONFIG_AMD_IOMMU is not set +# CONFIG_IOMMUFD is not set +# CONFIG_VIRTIO_IOMMU is not set + +# +# Remoteproc drivers +# +# CONFIG_REMOTEPROC is not set +# end of Remoteproc drivers + +# +# Rpmsg drivers +# +# CONFIG_RPMSG_QCOM_GLINK_RPM is not set +# CONFIG_RPMSG_VIRTIO is not set +# end of Rpmsg drivers + +# CONFIG_SOUNDWIRE is not set + +# +# SOC (System On Chip) specific Drivers +# + +# +# Amlogic SoC drivers +# +# end of Amlogic SoC drivers + +# +# Broadcom SoC drivers +# +# end of Broadcom SoC drivers + +# +# NXP/Freescale QorIQ SoC drivers +# +# end of NXP/Freescale QorIQ SoC drivers + +# +# fujitsu SoC drivers +# +# end of fujitsu SoC drivers + +# +# i.MX SoC drivers +# +# end of i.MX SoC drivers + +# +# Enable LiteX SoC Builder specific drivers +# +# end of Enable LiteX SoC Builder specific drivers + +# CONFIG_WPCM450_SOC is not set + +# +# Qualcomm SoC drivers +# +# end of Qualcomm SoC drivers + +# CONFIG_SOC_TI is not set + +# +# Xilinx SoC drivers +# +# end of Xilinx SoC drivers +# end of SOC (System On Chip) specific Drivers + +# +# PM Domains +# + +# +# Amlogic PM Domains +# +# end of Amlogic PM Domains + +# +# Broadcom PM Domains +# +# end of Broadcom PM Domains + +# +# i.MX PM Domains +# +# end of i.MX PM Domains + +# +# Qualcomm PM Domains +# +# end of Qualcomm PM Domains +# end of PM Domains + +# CONFIG_PM_DEVFREQ is not set +# CONFIG_EXTCON is not set +# CONFIG_MEMORY is not set +# CONFIG_IIO is not set +# CONFIG_NTB is not set +# CONFIG_PWM is not set + +# +# IRQ chip support +# +# end of IRQ chip support + +# CONFIG_IPACK_BUS is not set +# CONFIG_RESET_CONTROLLER is not set + +# +# PHY Subsystem +# +# CONFIG_GENERIC_PHY is not set +# CONFIG_USB_LGM_PHY is not set +# CONFIG_PHY_CAN_TRANSCEIVER is not set + +# +# PHY drivers for Broadcom platforms +# +# CONFIG_BCM_KONA_USB2_PHY is not set +# end of PHY drivers for Broadcom platforms + +# CONFIG_PHY_PXA_28NM_HSIC is not set +# CONFIG_PHY_PXA_28NM_USB2 is not set +# CONFIG_PHY_INTEL_LGM_EMMC is not set +# end of PHY Subsystem + +# CONFIG_POWERCAP is not set +# CONFIG_MCB is not set + +# +# Performance monitor support +# +# CONFIG_DWC_PCIE_PMU is not set +# end of Performance monitor support + +# CONFIG_RAS is not set +# CONFIG_USB4 is not set + +# +# Android +# +# CONFIG_ANDROID_BINDER_IPC is not set +# end of Android + +# CONFIG_LIBNVDIMM is not set +# CONFIG_DAX is not set +# CONFIG_NVMEM is not set + +# +# HW tracing support +# +# CONFIG_STM is not set +# CONFIG_INTEL_TH is not set +# end of HW tracing support + +# CONFIG_FPGA is not set +# CONFIG_TEE is not set +# CONFIG_SIOX is not set +# CONFIG_SLIMBUS is not set +# CONFIG_INTERCONNECT is not set +# CONFIG_COUNTER is not set +# CONFIG_PECI is not set +# CONFIG_HTE is not set +# end of Device Drivers + +# +# File systems +# +CONFIG_DCACHE_WORD_ACCESS=y +# CONFIG_VALIDATE_FS_PARSER is not set +CONFIG_FS_IOMAP=y +CONFIG_BUFFER_HEAD=y +# CONFIG_EXT2_FS is not set +# CONFIG_EXT3_FS is not set +CONFIG_EXT4_FS=y +CONFIG_EXT4_USE_FOR_EXT2=y +# CONFIG_EXT4_FS_POSIX_ACL is not set +# CONFIG_EXT4_FS_SECURITY is not set +# CONFIG_EXT4_DEBUG is not set +CONFIG_JBD2=y +# CONFIG_JBD2_DEBUG is not set +CONFIG_FS_MBCACHE=y +# CONFIG_REISERFS_FS is not set +# CONFIG_JFS_FS is not set +# CONFIG_XFS_FS is not set +# CONFIG_GFS2_FS is not set +# CONFIG_BTRFS_FS is not set +# CONFIG_NILFS2_FS is not set +# CONFIG_F2FS_FS is not set +# CONFIG_BCACHEFS_FS is not set +CONFIG_FS_POSIX_ACL=y +CONFIG_EXPORTFS=y +# CONFIG_EXPORTFS_BLOCK_OPS is not set +CONFIG_FILE_LOCKING=y +# CONFIG_FS_ENCRYPTION is not set +# CONFIG_FS_VERITY is not set +CONFIG_FSNOTIFY=y +CONFIG_DNOTIFY=y +CONFIG_INOTIFY_USER=y +# CONFIG_FANOTIFY is not set +# CONFIG_QUOTA is not set +# CONFIG_AUTOFS_FS is not set +# CONFIG_FUSE_FS is not set +# CONFIG_OVERLAY_FS is not set + +# +# Caches +# +# end of Caches + +# +# CD-ROM/DVD Filesystems +# +# CONFIG_ISO9660_FS is not set +# CONFIG_UDF_FS is not set +# end of CD-ROM/DVD Filesystems + +# +# DOS/FAT/EXFAT/NT Filesystems +# +# CONFIG_MSDOS_FS is not set +# CONFIG_VFAT_FS is not set +# CONFIG_EXFAT_FS is not set +# CONFIG_NTFS3_FS is not set +# CONFIG_NTFS_FS is not set +# end of DOS/FAT/EXFAT/NT Filesystems + +# +# Pseudo filesystems +# +CONFIG_PROC_FS=y +# CONFIG_PROC_KCORE is not set +CONFIG_PROC_SYSCTL=y +CONFIG_PROC_PAGE_MONITOR=y +# CONFIG_PROC_CHILDREN is not set +CONFIG_PROC_PID_ARCH_STATUS=y +CONFIG_KERNFS=y +CONFIG_SYSFS=y +CONFIG_TMPFS=y +CONFIG_TMPFS_POSIX_ACL=y +CONFIG_TMPFS_XATTR=y +# CONFIG_TMPFS_INODE64 is not set +# CONFIG_TMPFS_QUOTA is not set +# CONFIG_HUGETLBFS is not set +CONFIG_ARCH_HAS_GIGANTIC_PAGE=y +# CONFIG_CONFIGFS_FS is not set +# end of Pseudo filesystems + +CONFIG_MISC_FILESYSTEMS=y +# CONFIG_ORANGEFS_FS is not set +# CONFIG_ADFS_FS is not set +# CONFIG_AFFS_FS is not set +# CONFIG_HFS_FS is not set +# CONFIG_HFSPLUS_FS is not set +# CONFIG_BEFS_FS is not set +# CONFIG_BFS_FS is not set +# CONFIG_EFS_FS is not set +# CONFIG_CRAMFS is not set +# CONFIG_SQUASHFS is not set +# CONFIG_VXFS_FS is not set +# CONFIG_MINIX_FS is not set +# CONFIG_OMFS_FS is not set +# CONFIG_HPFS_FS is not set +# CONFIG_QNX4FS_FS is not set +# CONFIG_QNX6FS_FS is not set +# CONFIG_ROMFS_FS is not set +# CONFIG_PSTORE is not set +# CONFIG_SYSV_FS is not set +# CONFIG_UFS_FS is not set +# CONFIG_EROFS_FS is not set +CONFIG_NETWORK_FILESYSTEMS=y +# CONFIG_NFS_FS is not set +# CONFIG_NFSD is not set +# CONFIG_CEPH_FS is not set +# CONFIG_CIFS is not set +# CONFIG_SMB_SERVER is not set +# CONFIG_CODA_FS is not set +# CONFIG_AFS_FS is not set +CONFIG_NLS=y +CONFIG_NLS_DEFAULT="iso8859-1" +# CONFIG_NLS_CODEPAGE_437 is not set +# CONFIG_NLS_CODEPAGE_737 is not set +# CONFIG_NLS_CODEPAGE_775 is not set +# CONFIG_NLS_CODEPAGE_850 is not set +# CONFIG_NLS_CODEPAGE_852 is not set +# CONFIG_NLS_CODEPAGE_855 is not set +# CONFIG_NLS_CODEPAGE_857 is not set +# CONFIG_NLS_CODEPAGE_860 is not set +# CONFIG_NLS_CODEPAGE_861 is not set +# CONFIG_NLS_CODEPAGE_862 is not set +# CONFIG_NLS_CODEPAGE_863 is not set +# CONFIG_NLS_CODEPAGE_864 is not set +# CONFIG_NLS_CODEPAGE_865 is not set +# CONFIG_NLS_CODEPAGE_866 is not set +# CONFIG_NLS_CODEPAGE_869 is not set +# CONFIG_NLS_CODEPAGE_936 is not set +# CONFIG_NLS_CODEPAGE_950 is not set +# CONFIG_NLS_CODEPAGE_932 is not set +# CONFIG_NLS_CODEPAGE_949 is not set +# CONFIG_NLS_CODEPAGE_874 is not set +# CONFIG_NLS_ISO8859_8 is not set +# CONFIG_NLS_CODEPAGE_1250 is not set +# CONFIG_NLS_CODEPAGE_1251 is not set +# CONFIG_NLS_ASCII is not set +# CONFIG_NLS_ISO8859_1 is not set +# CONFIG_NLS_ISO8859_2 is not set +# CONFIG_NLS_ISO8859_3 is not set +# CONFIG_NLS_ISO8859_4 is not set +# CONFIG_NLS_ISO8859_5 is not set +# CONFIG_NLS_ISO8859_6 is not set +# CONFIG_NLS_ISO8859_7 is not set +# CONFIG_NLS_ISO8859_9 is not set +# CONFIG_NLS_ISO8859_13 is not set +# CONFIG_NLS_ISO8859_14 is not set +# CONFIG_NLS_ISO8859_15 is not set +# CONFIG_NLS_KOI8_R is not set +# CONFIG_NLS_KOI8_U is not set +# CONFIG_NLS_MAC_ROMAN is not set +# CONFIG_NLS_MAC_CELTIC is not set +# CONFIG_NLS_MAC_CENTEURO is not set +# CONFIG_NLS_MAC_CROATIAN is not set +# CONFIG_NLS_MAC_CYRILLIC is not set +# CONFIG_NLS_MAC_GAELIC is not set +# CONFIG_NLS_MAC_GREEK is not set +# CONFIG_NLS_MAC_ICELAND is not set +# CONFIG_NLS_MAC_INUIT is not set +# CONFIG_NLS_MAC_ROMANIAN is not set +# CONFIG_NLS_MAC_TURKISH is not set +# CONFIG_NLS_UTF8 is not set +# CONFIG_UNICODE is not set +CONFIG_IO_WQ=y +# end of File systems + +# +# Security options +# +# CONFIG_KEYS is not set +# CONFIG_SECURITY_DMESG_RESTRICT is not set +CONFIG_PROC_MEM_ALWAYS_FORCE=y +# CONFIG_PROC_MEM_FORCE_PTRACE is not set +# CONFIG_PROC_MEM_NO_FORCE is not set +# CONFIG_SECURITY is not set +CONFIG_SECURITYFS=y +# CONFIG_HARDENED_USERCOPY is not set +# CONFIG_FORTIFY_SOURCE is not set +# CONFIG_STATIC_USERMODEHELPER is not set +CONFIG_DEFAULT_SECURITY_DAC=y +CONFIG_LSM="landlock,lockdown,yama,loadpin,safesetid,ipe,bpf" + +# +# Kernel hardening options +# + +# +# Memory initialization +# +CONFIG_CC_HAS_AUTO_VAR_INIT_PATTERN=y +CONFIG_CC_HAS_AUTO_VAR_INIT_ZERO_BARE=y +CONFIG_CC_HAS_AUTO_VAR_INIT_ZERO=y +# CONFIG_INIT_STACK_NONE is not set +# CONFIG_INIT_STACK_ALL_PATTERN is not set +CONFIG_INIT_STACK_ALL_ZERO=y +# CONFIG_INIT_ON_ALLOC_DEFAULT_ON is not set +# CONFIG_INIT_ON_FREE_DEFAULT_ON is not set +CONFIG_CC_HAS_ZERO_CALL_USED_REGS=y +# CONFIG_ZERO_CALL_USED_REGS is not set +# end of Memory initialization + +# +# Hardening of kernel data structures +# +# CONFIG_LIST_HARDENED is not set +# CONFIG_BUG_ON_DATA_CORRUPTION is not set +# end of Hardening of kernel data structures + +CONFIG_RANDSTRUCT_NONE=y +# end of Kernel hardening options +# end of Security options + +CONFIG_CRYPTO=y + +# +# Crypto core or helper +# +CONFIG_CRYPTO_ALGAPI=y +CONFIG_CRYPTO_ALGAPI2=y +CONFIG_CRYPTO_AEAD2=y +CONFIG_CRYPTO_SIG2=y +CONFIG_CRYPTO_SKCIPHER2=y +CONFIG_CRYPTO_HASH=y +CONFIG_CRYPTO_HASH2=y +CONFIG_CRYPTO_RNG=y +CONFIG_CRYPTO_RNG2=y +CONFIG_CRYPTO_RNG_DEFAULT=y +CONFIG_CRYPTO_AKCIPHER2=y +CONFIG_CRYPTO_AKCIPHER=y +CONFIG_CRYPTO_KPP2=y +CONFIG_CRYPTO_ACOMP2=y +CONFIG_CRYPTO_MANAGER=y +CONFIG_CRYPTO_MANAGER2=y +# CONFIG_CRYPTO_USER is not set +CONFIG_CRYPTO_MANAGER_DISABLE_TESTS=y +# CONFIG_CRYPTO_NULL is not set +# CONFIG_CRYPTO_PCRYPT is not set +# CONFIG_CRYPTO_CRYPTD is not set +# CONFIG_CRYPTO_AUTHENC is not set +# CONFIG_CRYPTO_TEST is not set +# end of Crypto core or helper + +# +# Public-key cryptography +# +# CONFIG_CRYPTO_RSA is not set +# CONFIG_CRYPTO_DH is not set +CONFIG_CRYPTO_ECC=y +# CONFIG_CRYPTO_ECDH is not set +CONFIG_CRYPTO_ECDSA=y +# CONFIG_CRYPTO_ECRDSA is not set +# CONFIG_CRYPTO_CURVE25519 is not set +# end of Public-key cryptography + +# +# Block ciphers +# +# CONFIG_CRYPTO_AES is not set +# CONFIG_CRYPTO_AES_TI is not set +# CONFIG_CRYPTO_ARIA is not set +# CONFIG_CRYPTO_BLOWFISH is not set +# CONFIG_CRYPTO_CAMELLIA is not set +# CONFIG_CRYPTO_CAST5 is not set +# CONFIG_CRYPTO_CAST6 is not set +# CONFIG_CRYPTO_DES is not set +# CONFIG_CRYPTO_FCRYPT is not set +# CONFIG_CRYPTO_SERPENT is not set +# CONFIG_CRYPTO_SM4_GENERIC is not set +# CONFIG_CRYPTO_TWOFISH is not set +# end of Block ciphers + +# +# Length-preserving ciphers and modes +# +# CONFIG_CRYPTO_ADIANTUM is not set +# CONFIG_CRYPTO_CHACHA20 is not set +# CONFIG_CRYPTO_CBC is not set +# CONFIG_CRYPTO_CTR is not set +# CONFIG_CRYPTO_CTS is not set +# CONFIG_CRYPTO_ECB is not set +# CONFIG_CRYPTO_HCTR2 is not set +# CONFIG_CRYPTO_KEYWRAP is not set +# CONFIG_CRYPTO_LRW is not set +# CONFIG_CRYPTO_PCBC is not set +# CONFIG_CRYPTO_XTS is not set +# end of Length-preserving ciphers and modes + +# +# AEAD (authenticated encryption with associated data) ciphers +# +# CONFIG_CRYPTO_AEGIS128 is not set +# CONFIG_CRYPTO_CHACHA20POLY1305 is not set +# CONFIG_CRYPTO_CCM is not set +# CONFIG_CRYPTO_GCM is not set +# CONFIG_CRYPTO_SEQIV is not set +# CONFIG_CRYPTO_ECHAINIV is not set +# CONFIG_CRYPTO_ESSIV is not set +# end of AEAD (authenticated encryption with associated data) ciphers + +# +# Hashes, digests, and MACs +# +# CONFIG_CRYPTO_BLAKE2B is not set +# CONFIG_CRYPTO_CMAC is not set +# CONFIG_CRYPTO_GHASH is not set +CONFIG_CRYPTO_HMAC=y +# CONFIG_CRYPTO_MD4 is not set +# CONFIG_CRYPTO_MD5 is not set +# CONFIG_CRYPTO_MICHAEL_MIC is not set +# CONFIG_CRYPTO_POLY1305 is not set +# CONFIG_CRYPTO_RMD160 is not set +# CONFIG_CRYPTO_SHA1 is not set +CONFIG_CRYPTO_SHA256=y +CONFIG_CRYPTO_SHA512=y +CONFIG_CRYPTO_SHA3=y +# CONFIG_CRYPTO_SM3_GENERIC is not set +# CONFIG_CRYPTO_STREEBOG is not set +# CONFIG_CRYPTO_VMAC is not set +# CONFIG_CRYPTO_WP512 is not set +# CONFIG_CRYPTO_XCBC is not set +# CONFIG_CRYPTO_XXHASH is not set +# end of Hashes, digests, and MACs + +# +# CRCs (cyclic redundancy checks) +# +CONFIG_CRYPTO_CRC32C=y +# CONFIG_CRYPTO_CRC32 is not set +# CONFIG_CRYPTO_CRCT10DIF is not set +# end of CRCs (cyclic redundancy checks) + +# +# Compression +# +# CONFIG_CRYPTO_DEFLATE is not set +# CONFIG_CRYPTO_LZO is not set +# CONFIG_CRYPTO_842 is not set +# CONFIG_CRYPTO_LZ4 is not set +# CONFIG_CRYPTO_LZ4HC is not set +# CONFIG_CRYPTO_ZSTD is not set +# end of Compression + +# +# Random number generation +# +# CONFIG_CRYPTO_ANSI_CPRNG is not set +CONFIG_CRYPTO_DRBG_MENU=y +CONFIG_CRYPTO_DRBG_HMAC=y +# CONFIG_CRYPTO_DRBG_HASH is not set +# CONFIG_CRYPTO_DRBG_CTR is not set +CONFIG_CRYPTO_DRBG=y +CONFIG_CRYPTO_JITTERENTROPY=y +CONFIG_CRYPTO_JITTERENTROPY_MEMORY_BLOCKS=64 +CONFIG_CRYPTO_JITTERENTROPY_MEMORY_BLOCKSIZE=32 +CONFIG_CRYPTO_JITTERENTROPY_OSR=1 +# end of Random number generation + +# +# Userspace interface +# +# CONFIG_CRYPTO_USER_API_HASH is not set +# CONFIG_CRYPTO_USER_API_SKCIPHER is not set +# CONFIG_CRYPTO_USER_API_RNG is not set +# CONFIG_CRYPTO_USER_API_AEAD is not set +# end of Userspace interface + +# +# Accelerated Cryptographic Algorithms for CPU (x86) +# +# CONFIG_CRYPTO_AES_NI_INTEL is not set +# CONFIG_CRYPTO_BLOWFISH_X86_64 is not set +# CONFIG_CRYPTO_CAMELLIA_X86_64 is not set +# CONFIG_CRYPTO_CAMELLIA_AESNI_AVX_X86_64 is not set +# CONFIG_CRYPTO_CAMELLIA_AESNI_AVX2_X86_64 is not set +# CONFIG_CRYPTO_CAST5_AVX_X86_64 is not set +# CONFIG_CRYPTO_CAST6_AVX_X86_64 is not set +# CONFIG_CRYPTO_DES3_EDE_X86_64 is not set +# CONFIG_CRYPTO_SERPENT_SSE2_X86_64 is not set +# CONFIG_CRYPTO_SERPENT_AVX_X86_64 is not set +# CONFIG_CRYPTO_SERPENT_AVX2_X86_64 is not set +# CONFIG_CRYPTO_SM4_AESNI_AVX_X86_64 is not set +# CONFIG_CRYPTO_SM4_AESNI_AVX2_X86_64 is not set +# CONFIG_CRYPTO_TWOFISH_X86_64 is not set +# CONFIG_CRYPTO_TWOFISH_X86_64_3WAY is not set +# CONFIG_CRYPTO_TWOFISH_AVX_X86_64 is not set +# CONFIG_CRYPTO_ARIA_AESNI_AVX_X86_64 is not set +# CONFIG_CRYPTO_ARIA_AESNI_AVX2_X86_64 is not set +# CONFIG_CRYPTO_ARIA_GFNI_AVX512_X86_64 is not set +# CONFIG_CRYPTO_AEGIS128_AESNI_SSE2 is not set +# CONFIG_CRYPTO_NHPOLY1305_SSE2 is not set +# CONFIG_CRYPTO_NHPOLY1305_AVX2 is not set +# CONFIG_CRYPTO_BLAKE2S_X86 is not set +# CONFIG_CRYPTO_POLYVAL_CLMUL_NI is not set +# CONFIG_CRYPTO_SHA1_SSSE3 is not set +# CONFIG_CRYPTO_SHA256_SSSE3 is not set +# CONFIG_CRYPTO_SHA512_SSSE3 is not set +# CONFIG_CRYPTO_SM3_AVX_X86_64 is not set +# CONFIG_CRYPTO_GHASH_CLMUL_NI_INTEL is not set +# CONFIG_CRYPTO_CRC32C_INTEL is not set +# CONFIG_CRYPTO_CRC32_PCLMUL is not set +# end of Accelerated Cryptographic Algorithms for CPU (x86) + +CONFIG_CRYPTO_HW=y +# CONFIG_CRYPTO_DEV_PADLOCK is not set +# CONFIG_CRYPTO_DEV_ATMEL_ECC is not set +# CONFIG_CRYPTO_DEV_ATMEL_SHA204A is not set +# CONFIG_CRYPTO_DEV_CCP is not set +# CONFIG_CRYPTO_DEV_QAT_DH895xCC is not set +# CONFIG_CRYPTO_DEV_QAT_C3XXX is not set +# CONFIG_CRYPTO_DEV_QAT_C62X is not set +# CONFIG_CRYPTO_DEV_QAT_4XXX is not set +# CONFIG_CRYPTO_DEV_QAT_420XX is not set +# CONFIG_CRYPTO_DEV_QAT_DH895xCCVF is not set +# CONFIG_CRYPTO_DEV_QAT_C3XXXVF is not set +# CONFIG_CRYPTO_DEV_QAT_C62XVF is not set +# CONFIG_CRYPTO_DEV_VIRTIO is not set +# CONFIG_CRYPTO_DEV_SAFEXCEL is not set +# CONFIG_CRYPTO_DEV_AMLOGIC_GXL is not set + +# +# Certificates for signature checking +# +# end of Certificates for signature checking + +# +# Library routines +# +# CONFIG_PACKING is not set +CONFIG_BITREVERSE=y +CONFIG_GENERIC_STRNCPY_FROM_USER=y +CONFIG_GENERIC_STRNLEN_USER=y +CONFIG_GENERIC_NET_UTILS=y +# CONFIG_CORDIC is not set +# CONFIG_PRIME_NUMBERS is not set +CONFIG_RATIONAL=y +CONFIG_GENERIC_IOMAP=y +CONFIG_ARCH_USE_CMPXCHG_LOCKREF=y +CONFIG_ARCH_HAS_FAST_MULTIPLIER=y +CONFIG_ARCH_USE_SYM_ANNOTATIONS=y + +# +# Crypto library routines +# +CONFIG_CRYPTO_LIB_UTILS=y +CONFIG_CRYPTO_LIB_BLAKE2S_GENERIC=y +# CONFIG_CRYPTO_LIB_CHACHA is not set +# CONFIG_CRYPTO_LIB_CURVE25519 is not set +CONFIG_CRYPTO_LIB_POLY1305_RSIZE=11 +# CONFIG_CRYPTO_LIB_POLY1305 is not set +# CONFIG_CRYPTO_LIB_CHACHA20POLY1305 is not set +CONFIG_CRYPTO_LIB_SHA1=y +CONFIG_CRYPTO_LIB_SHA256=y +# end of Crypto library routines + +# CONFIG_CRC_CCITT is not set +CONFIG_CRC16=y +# CONFIG_CRC_T10DIF is not set +# CONFIG_CRC64_ROCKSOFT is not set +# CONFIG_CRC_ITU_T is not set +CONFIG_CRC32=y +# CONFIG_CRC32_SELFTEST is not set +CONFIG_CRC32_SLICEBY8=y +# CONFIG_CRC32_SLICEBY4 is not set +# CONFIG_CRC32_SARWATE is not set +# CONFIG_CRC32_BIT is not set +# CONFIG_CRC64 is not set +# CONFIG_CRC4 is not set +# CONFIG_CRC7 is not set +# CONFIG_LIBCRC32C is not set +# CONFIG_CRC8 is not set +# CONFIG_RANDOM32_SELFTEST is not set +# CONFIG_XZ_DEC is not set +CONFIG_GENERIC_ALLOCATOR=y +CONFIG_XARRAY_MULTI=y +CONFIG_HAS_IOMEM=y +CONFIG_HAS_IOPORT=y +CONFIG_HAS_IOPORT_MAP=y +CONFIG_HAS_DMA=y +CONFIG_DMA_OPS_HELPERS=y +CONFIG_NEED_SG_DMA_FLAGS=y +CONFIG_NEED_SG_DMA_LENGTH=y +CONFIG_NEED_DMA_MAP_STATE=y +CONFIG_ARCH_DMA_ADDR_T_64BIT=y +CONFIG_SWIOTLB=y +# CONFIG_SWIOTLB_DYNAMIC is not set +CONFIG_DMA_NEED_SYNC=y +# CONFIG_DMA_API_DEBUG is not set +CONFIG_SGL_ALLOC=y +CONFIG_CPU_RMAP=y +CONFIG_DQL=y +CONFIG_GLOB=y +# CONFIG_GLOB_SELFTEST is not set +CONFIG_NLATTR=y +# CONFIG_IRQ_POLL is not set +CONFIG_DIMLIB=y +CONFIG_HAVE_GENERIC_VDSO=y +CONFIG_GENERIC_GETTIMEOFDAY=y +CONFIG_GENERIC_VDSO_TIME_NS=y +CONFIG_GENERIC_VDSO_OVERFLOW_PROTECT=y +CONFIG_VDSO_GETRANDOM=y +CONFIG_SG_POOL=y +CONFIG_ARCH_HAS_PMEM_API=y +CONFIG_ARCH_HAS_CPU_CACHE_INVALIDATE_MEMREGION=y +CONFIG_ARCH_HAS_UACCESS_FLUSHCACHE=y +CONFIG_ARCH_HAS_COPY_MC=y +CONFIG_ARCH_STACKWALK=y +CONFIG_STACKDEPOT=y +CONFIG_STACKDEPOT_MAX_FRAMES=64 +CONFIG_SBITMAP=y +# CONFIG_LWQ_TEST is not set +# end of Library routines + +CONFIG_FIRMWARE_TABLE=y + +# +# Kernel hacking +# + +# +# printk and dmesg options +# +# CONFIG_PRINTK_TIME is not set +# CONFIG_PRINTK_CALLER is not set +# CONFIG_STACKTRACE_BUILD_ID is not set +CONFIG_CONSOLE_LOGLEVEL_DEFAULT=7 +CONFIG_CONSOLE_LOGLEVEL_QUIET=4 +CONFIG_MESSAGE_LOGLEVEL_DEFAULT=4 +# CONFIG_DYNAMIC_DEBUG is not set +# CONFIG_DYNAMIC_DEBUG_CORE is not set +CONFIG_SYMBOLIC_ERRNAME=y +CONFIG_DEBUG_BUGVERBOSE=y +# end of printk and dmesg options + +# CONFIG_DEBUG_KERNEL is not set + +# +# Compile-time checks and compiler options +# +CONFIG_AS_HAS_NON_CONST_ULEB128=y +CONFIG_FRAME_WARN=2048 +# CONFIG_STRIP_ASM_SYMS is not set +# CONFIG_HEADERS_INSTALL is not set +# CONFIG_DEBUG_SECTION_MISMATCH is not set +CONFIG_SECTION_MISMATCH_WARN_ONLY=y +CONFIG_ARCH_WANT_FRAME_POINTERS=y +CONFIG_FRAME_POINTER=y +CONFIG_OBJTOOL=y +# CONFIG_STACK_VALIDATION is not set +# end of Compile-time checks and compiler options + +# +# Generic Kernel Debugging Instruments +# +# CONFIG_MAGIC_SYSRQ is not set +# CONFIG_DEBUG_FS is not set +CONFIG_HAVE_ARCH_KGDB=y +CONFIG_ARCH_HAS_UBSAN=y +# CONFIG_UBSAN is not set +CONFIG_HAVE_ARCH_KCSAN=y +CONFIG_HAVE_KCSAN_COMPILER=y +# end of Generic Kernel Debugging Instruments + +# +# Networking Debugging +# +# end of Networking Debugging + +# +# Memory Debugging +# +# CONFIG_PAGE_EXTENSION is not set +CONFIG_SLUB_DEBUG=y +# CONFIG_SLUB_DEBUG_ON is not set +# CONFIG_PAGE_TABLE_CHECK is not set +# CONFIG_PAGE_POISONING is not set +# CONFIG_DEBUG_RODATA_TEST is not set +CONFIG_ARCH_HAS_DEBUG_WX=y +# CONFIG_DEBUG_WX is not set +CONFIG_GENERIC_PTDUMP=y +CONFIG_HAVE_DEBUG_KMEMLEAK=y +# CONFIG_PER_VMA_LOCK_STATS is not set +CONFIG_ARCH_HAS_DEBUG_VM_PGTABLE=y +# CONFIG_DEBUG_VM_PGTABLE is not set +CONFIG_ARCH_HAS_DEBUG_VIRTUAL=y +CONFIG_DEBUG_MEMORY_INIT=y +CONFIG_ARCH_SUPPORTS_KMAP_LOCAL_FORCE_MAP=y +# CONFIG_MEM_ALLOC_PROFILING is not set +CONFIG_HAVE_ARCH_KASAN=y +CONFIG_HAVE_ARCH_KASAN_VMALLOC=y +CONFIG_CC_HAS_KASAN_GENERIC=y +CONFIG_CC_HAS_KASAN_SW_TAGS=y +CONFIG_CC_HAS_WORKING_NOSANITIZE_ADDRESS=y +# CONFIG_KASAN is not set +CONFIG_HAVE_ARCH_KFENCE=y +# CONFIG_KFENCE is not set +CONFIG_HAVE_ARCH_KMSAN=y +# end of Memory Debugging + +# +# Debug Oops, Lockups and Hangs +# +# CONFIG_PANIC_ON_OOPS is not set +CONFIG_PANIC_ON_OOPS_VALUE=0 +CONFIG_PANIC_TIMEOUT=0 +CONFIG_HAVE_HARDLOCKUP_DETECTOR_BUDDY=y +CONFIG_HARDLOCKUP_CHECK_TIMESTAMP=y +# CONFIG_TEST_LOCKUP is not set +# end of Debug Oops, Lockups and Hangs + +# +# Scheduler Debugging +# +# CONFIG_SCHEDSTATS is not set +# end of Scheduler Debugging + +# +# Lock Debugging (spinlocks, mutexes, etc...) +# +CONFIG_LOCK_DEBUGGING_SUPPORT=y +# CONFIG_WW_MUTEX_SELFTEST is not set +# end of Lock Debugging (spinlocks, mutexes, etc...) + +# CONFIG_DEBUG_IRQFLAGS is not set +CONFIG_STACKTRACE=y +# CONFIG_WARN_ALL_UNSEEDED_RANDOM is not set + +# +# Debug kernel data structures +# +# end of Debug kernel data structures + +# +# RCU Debugging +# +CONFIG_RCU_CPU_STALL_TIMEOUT=21 +CONFIG_RCU_EXP_CPU_STALL_TIMEOUT=0 +# CONFIG_RCU_CPU_STALL_CPUTIME is not set +# end of RCU Debugging + +CONFIG_USER_STACKTRACE_SUPPORT=y +CONFIG_HAVE_RETHOOK=y +CONFIG_HAVE_FUNCTION_TRACER=y +CONFIG_HAVE_DYNAMIC_FTRACE=y +CONFIG_HAVE_DYNAMIC_FTRACE_WITH_REGS=y +CONFIG_HAVE_DYNAMIC_FTRACE_WITH_DIRECT_CALLS=y +CONFIG_HAVE_DYNAMIC_FTRACE_WITH_ARGS=y +CONFIG_HAVE_DYNAMIC_FTRACE_NO_PATCHABLE=y +CONFIG_HAVE_FTRACE_MCOUNT_RECORD=y +CONFIG_HAVE_SYSCALL_TRACEPOINTS=y +CONFIG_HAVE_FENTRY=y +CONFIG_HAVE_OBJTOOL_MCOUNT=y +CONFIG_HAVE_OBJTOOL_NOP_MCOUNT=y +CONFIG_HAVE_C_RECORDMCOUNT=y +CONFIG_HAVE_BUILDTIME_MCOUNT_SORT=y +CONFIG_TRACING_SUPPORT=y +# CONFIG_FTRACE is not set +# CONFIG_PROVIDE_OHCI1394_DMA_INIT is not set +# CONFIG_SAMPLES is not set +CONFIG_HAVE_SAMPLE_FTRACE_DIRECT=y +CONFIG_HAVE_SAMPLE_FTRACE_DIRECT_MULTI=y +CONFIG_ARCH_HAS_DEVMEM_IS_ALLOWED=y +CONFIG_STRICT_DEVMEM=y +# CONFIG_IO_STRICT_DEVMEM is not set + +# +# x86 Debugging +# +CONFIG_X86_VERBOSE_BOOTUP=y +CONFIG_EARLY_PRINTK=y +# CONFIG_EARLY_PRINTK_DBGP is not set +# CONFIG_EARLY_PRINTK_USB_XDBC is not set +CONFIG_HAVE_MMIOTRACE_SUPPORT=y +CONFIG_IO_DELAY_0X80=y +# CONFIG_IO_DELAY_0XED is not set +# CONFIG_IO_DELAY_UDELAY is not set +# CONFIG_IO_DELAY_NONE is not set +# CONFIG_PUNIT_ATOM_DEBUG is not set +# CONFIG_UNWINDER_ORC is not set +CONFIG_UNWINDER_FRAME_POINTER=y +# end of x86 Debugging + +# +# Kernel Testing and Coverage +# +# CONFIG_KUNIT is not set +CONFIG_ARCH_HAS_KCOV=y +CONFIG_CC_HAS_SANCOV_TRACE_PC=y +# CONFIG_KCOV is not set +CONFIG_RUNTIME_TESTING_MENU=y +# CONFIG_TEST_DHRY is not set +# CONFIG_TEST_MIN_HEAP is not set +# CONFIG_TEST_DIV64 is not set +# CONFIG_TEST_MULDIV64 is not set +# CONFIG_REED_SOLOMON_TEST is not set +# CONFIG_ATOMIC64_SELFTEST is not set +# CONFIG_TEST_HEXDUMP is not set +# CONFIG_TEST_KSTRTOX is not set +# CONFIG_TEST_PRINTF is not set +# CONFIG_TEST_SCANF is not set +# CONFIG_TEST_BITMAP is not set +# CONFIG_TEST_UUID is not set +# CONFIG_TEST_XARRAY is not set +# CONFIG_TEST_MAPLE_TREE is not set +# CONFIG_TEST_RHASHTABLE is not set +# CONFIG_TEST_IDA is not set +# CONFIG_TEST_LKM is not set +# CONFIG_TEST_BITOPS is not set +# CONFIG_TEST_VMALLOC is not set +# CONFIG_TEST_BPF is not set +# CONFIG_TEST_BLACKHOLE_DEV is not set +# CONFIG_FIND_BIT_BENCHMARK is not set +# CONFIG_TEST_FIRMWARE is not set +# CONFIG_TEST_SYSCTL is not set +# CONFIG_TEST_UDELAY is not set +# CONFIG_TEST_STATIC_KEYS is not set +# CONFIG_TEST_KMOD is not set +# CONFIG_TEST_MEMCAT_P is not set +# CONFIG_TEST_MEMINIT is not set +# CONFIG_TEST_FREE_PAGES is not set +# CONFIG_TEST_FPU is not set +# CONFIG_TEST_CLOCKSOURCE_WATCHDOG is not set +CONFIG_ARCH_USE_MEMTEST=y +# CONFIG_MEMTEST is not set +# end of Kernel Testing and Coverage + +# +# Rust hacking +# +# end of Rust hacking +# end of Kernel hacking diff --git a/examples/linux/br_external/external.desc b/examples/linux/br_external/external.desc new file mode 100644 index 00000000..b23a9e37 --- /dev/null +++ b/examples/linux/br_external/external.desc @@ -0,0 +1,37 @@ +# Copyright 2026 Aurora Operations, Inc. +# +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0 +# +# This work is dual licensed. +# You may use it under Apache-2.0 or GPL-2.0 at your option. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# OR +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see +# . + +name: NAT20 +desc: Provides NAT20 related packages package. diff --git a/examples/linux/br_external/external.mk b/examples/linux/br_external/external.mk new file mode 100644 index 00000000..6a966ad8 --- /dev/null +++ b/examples/linux/br_external/external.mk @@ -0,0 +1,36 @@ +# Copyright 2026 Aurora Operations, Inc. +# +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0 +# +# This work is dual licensed. +# You may use it under Apache-2.0 or GPL-2.0 at your option. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# OR +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see +# . + +include $(sort $(wildcard $(BR2_EXTERNAL_NAT20_PATH)/package/*/*.mk)) diff --git a/examples/linux/br_external/package/nat20lib/Config.in b/examples/linux/br_external/package/nat20lib/Config.in new file mode 100644 index 00000000..4d6e2b3f --- /dev/null +++ b/examples/linux/br_external/package/nat20lib/Config.in @@ -0,0 +1,39 @@ +# Copyright 2026 Aurora Operations, Inc. +# +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0 +# +# This work is dual licensed. +# You may use it under Apache-2.0 or GPL-2.0 at your option. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# OR +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see +# . + +config BR2_PACKAGE_NAT20LIB + bool "nat20lib" + help + Add the libnat20 DICE module diff --git a/examples/linux/br_external/package/nat20lib/nat20lib.mk b/examples/linux/br_external/package/nat20lib/nat20lib.mk new file mode 100644 index 00000000..b59489b8 --- /dev/null +++ b/examples/linux/br_external/package/nat20lib/nat20lib.mk @@ -0,0 +1,44 @@ +# Copyright 2026 Aurora Operations, Inc. +# +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0 +# +# This work is dual licensed. +# You may use it under Apache-2.0 or GPL-2.0 at your option. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# OR +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see +# . + +NAT20LIB_VERSION = origin/main +NAT20LIB_SITE = https://github.com/aurora-opensource/libnat20.git +NAT20LIB_SITE_METHOD = git +NAT20LIB_LICENSE = GPL-2.0 + +NAT20LIB_MODULE_SUBDIRS = examples/linux/nat20lib + +$(eval $(kernel-module)) +$(eval $(generic-package)) diff --git a/examples/linux/br_external/run-qemu.sh b/examples/linux/br_external/run-qemu.sh new file mode 100755 index 00000000..26fffcd6 --- /dev/null +++ b/examples/linux/br_external/run-qemu.sh @@ -0,0 +1,52 @@ +#!/bin/bash + +# Copyright 2026 Aurora Operations, Inc. +# +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0 +# +# This work is dual licensed. +# You may use it under Apache-2.0 or GPL-2.0 at your option. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# OR +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see +# . + +QEMU_BIN=qemu-system-x86_64 + +if [ ! -f ".env" ]; then + echo ".env file not found. Please run bootstrap.sh first." + exit 1 +fi + +source .env + +BUILDROOT_DIR=${LIBNAT20_BR_BUILD_DIR}/buildroot +KERNEL_IMAGE=${BUILDROOT_DIR}/output/images/bzImage +FS_IMAGE=${BUILDROOT_DIR}/output/images/rootfs.ext2 + + +${QEMU_BIN} -M pc -kernel ${KERNEL_IMAGE} -nographic -drive file=${FS_IMAGE},if=virtio,format=raw -append "rootwait root=/dev/vda console=ttyS0" -serial mon:stdio -net nic,model=virtio -net user diff --git a/examples/linux/br_external/utils/envsetup.sh b/examples/linux/br_external/utils/envsetup.sh new file mode 100644 index 00000000..c93080e9 --- /dev/null +++ b/examples/linux/br_external/utils/envsetup.sh @@ -0,0 +1,81 @@ +#!/bin/bash + +# Copyright 2026 Aurora Operations, Inc. +# +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0 +# +# This work is dual licensed. +# You may use it under Apache-2.0 or GPL-2.0 at your option. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# OR +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see +# . + +if [ ! -f ".env" ]; then + echo ".env file not found. Please run bootstrap.sh first." + exit 1 +fi + +source .env + +export NAT20LIB_OVERRIDE_SRCDIR="$LIBNAT20_ROOT" +# export LINUX_OVERRIDE_SRCDIR= + +function ensure_popd() { + "$@" + local rc=$? + popd + return $rc +} + +function brbuild() { + pushd "${LIBNAT20_BR_BUILD_DIR}/buildroot" || return 1 + ensure_popd make +} + +function brrebuild() { + pushd "${LIBNAT20_BR_BUILD_DIR}/buildroot" || return 1 + + if [ "$#" -eq 0 ]; then + echo "Usage: brrebuild [ ...]" + echo "Available targets:" + echo " all - Rebuild all components" + echo " linux - Rebuild the linux kernel" + echo " nat20lib - Rebuild the nat20lib library" + popd + return 1 + fi + + case "$1" in + all) + ensure_popd make linux-rebuild nat20lib-rebuild all + ;; + *) + ensure_popd make $1-rebuild all + ;; + esac +} diff --git a/examples/linux/nat20lib/Kbuild b/examples/linux/nat20lib/Kbuild new file mode 100644 index 00000000..0f26bfc5 --- /dev/null +++ b/examples/linux/nat20lib/Kbuild @@ -0,0 +1,61 @@ +# Copyright 2026 Aurora Operations, Inc. +# +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0 +# +# This work is dual licensed. +# You may use it under Apache-2.0 or GPL-2.0 at your option. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# OR +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see +# . + +obj-m := nat20lib.o +ccflags-y := -I $(src)/../../../include +ccflags-y += -I $(srctree) +ccflags-y += -std=gnu11 +ccflags-y += -DN20_WITH_X509 + +nat20lib-y := mod.o +nat20lib-y += ../../../src/core/x509_ext_open_dice_input.o +nat20lib-y += ../../../src/core/x509_ext_tcg_dice_tcb_freshness.o +nat20lib-y += ../../../src/core/oid.o +nat20lib-y += ../../../src/core/x509.o +nat20lib-y += ../../../src/core/stream.o +nat20lib-y += ../../../src/core/asn1.o +nat20lib-y += ../../../src/core/functionality.o +nat20lib-y += ../../../src/core/cbor.o +nat20lib-y += ../../../src/core/x509_ext_tcg_dice_tcb_info.o +nat20lib-y += ../../../src/core/x509_ext_tcg_dice_ueid.o +nat20lib-y += ../../../src/core/cwt.o +nat20lib-y += ../../../src/core/cose.o +nat20lib-y += ../../../src/crypto/nat20/rfc6979.o +nat20lib-y += ../../../src/crypto/nat20/crypto.o +nat20lib-y += ../../../src/crypto/nat20/sha256.o +nat20lib-y += ../../../src/crypto/nat20/sha512.o +nat20lib-y += ../../../src/service/messages.o +nat20lib-y += ../../../src/service/gnostic.o +nat20lib-y += ../../../src/service/service_message_dispatch.o diff --git a/examples/linux/nat20lib/Makefile b/examples/linux/nat20lib/Makefile new file mode 100644 index 00000000..28701172 --- /dev/null +++ b/examples/linux/nat20lib/Makefile @@ -0,0 +1,51 @@ +# Copyright 2026 Aurora Operations, Inc. +# +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0 +# +# This work is dual licensed. +# You may use it under Apache-2.0 or GPL-2.0 at your option. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# OR +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see +# . + +KDIR ?= /lib/modules/`uname -r`/build +INSTALL_MOD_PATH ?= /lib/modules/`uname -r`/extra + + +all: modules + +modules: + $(MAKE) -C $(KDIR) M=$$PWD + +modules_install: + $(MAKE) -C $(KDIR) M=$$PWD modules_install + +clean: + $(MAKE) -C $(KDIR) M=$$PWD clean + +.PHONY: all modules clean diff --git a/examples/linux/nat20lib/include b/examples/linux/nat20lib/include new file mode 120000 index 00000000..8a5dba6c --- /dev/null +++ b/examples/linux/nat20lib/include @@ -0,0 +1 @@ +../../../include \ No newline at end of file diff --git a/examples/linux/nat20lib/mod.c b/examples/linux/nat20lib/mod.c new file mode 100644 index 00000000..98594ba1 --- /dev/null +++ b/examples/linux/nat20lib/mod.c @@ -0,0 +1,96 @@ +/* + * Copyright 2026 Aurora Operations, Inc. + * + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0 + * + * This work is dual licensed. + * You may use it under Apache-2.0 or GPL-2.0 at your option. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * OR + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see + * . + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +static int __init nat20lib_init(void) { + printk(KERN_INFO "nat20lib - init\n"); + return 0; +} + +static void __exit nat20lib_exit(void) { printk(KERN_INFO "nat20lib - cleanup\n"); } + +EXPORT_SYMBOL(n20_cbor_read_header); +EXPORT_SYMBOL(n20_cbor_read_skip_item); +EXPORT_SYMBOL(n20_cbor_write_byte_string); +EXPORT_SYMBOL(n20_cbor_write_int); +EXPORT_SYMBOL(n20_cbor_write_map_header); +EXPORT_SYMBOL(n20_cbor_write_null); +EXPORT_SYMBOL(n20_cbor_write_text_string); +EXPORT_SYMBOL(n20_cbor_write_header); +EXPORT_SYMBOL(n20_compress_input); +EXPORT_SYMBOL(n20_cose_get_signature_size); +EXPORT_SYMBOL(n20_cose_render_sign1_with_payload); +EXPORT_SYMBOL(n20_cose_write_key); +EXPORT_SYMBOL(n20_cwt_key_info_to_cose); +EXPORT_SYMBOL(n20_gnostic_service_ops); +EXPORT_SYMBOL(n20_hmac); +EXPORT_SYMBOL(n20_hkdf); +EXPORT_SYMBOL(n20_hkdf_expand); +EXPORT_SYMBOL(n20_hkdf_extract); +EXPORT_SYMBOL(n20_issue_certificate); +EXPORT_SYMBOL(n20_istream_get_slice); +EXPORT_SYMBOL(n20_istream_get_string_slice); +EXPORT_SYMBOL(n20_istream_has_buffer_underrun); +EXPORT_SYMBOL(n20_istream_init); +EXPORT_SYMBOL(n20_istream_read_position); +EXPORT_SYMBOL(n20_open_dice_cdi_id); +EXPORT_SYMBOL(n20_open_dice_cwt_write); +EXPORT_SYMBOL(n20_rfc6979_k_generation); +EXPORT_SYMBOL(n20_service_message_dispatch); +EXPORT_SYMBOL(n20_stream_byte_count); +EXPORT_SYMBOL(n20_stream_has_write_position_overflow); +EXPORT_SYMBOL(n20_stream_init); +EXPORT_SYMBOL(n20_stream_prepend); +EXPORT_SYMBOL(n20_stream_skip); + +module_init(nat20lib_init); +module_exit(nat20lib_exit); + +MODULE_LICENSE("GPL v2"); +MODULE_AUTHOR("Aurora Operations, Inc."); +MODULE_DESCRIPTION("NAT20 Library Module"); From 4070f7669ac252c39c48b98e176a1cd870eef0ab Mon Sep 17 00:00:00 2001 From: Janis Danisevskis Date: Wed, 29 Apr 2026 09:57:21 -0700 Subject: [PATCH 02/49] Fixup lint and add Makefiles to license checker. --- .github/license-check/license-config.json | 1 + examples/linux/nat20lib/mod.c | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/license-check/license-config.json b/.github/license-check/license-config.json index 48d3de5f..f05119d9 100644 --- a/.github/license-check/license-config.json +++ b/.github/license-check/license-config.json @@ -9,6 +9,7 @@ "**/Config.in", "**/Kbuild", "examples/linux/br_external/external.desc", + "examples/linux/**/Makefile", ".clang-format", ".gitignore" ], diff --git a/examples/linux/nat20lib/mod.c b/examples/linux/nat20lib/mod.c index 98594ba1..417553e0 100644 --- a/examples/linux/nat20lib/mod.c +++ b/examples/linux/nat20lib/mod.c @@ -38,10 +38,10 @@ #include #include #include -#include -#include #include #include +#include +#include #include #include #include From de1ea2a19f092df219969d5d0dde844de2d59d82 Mon Sep 17 00:00:00 2001 From: Janis Danisevskis Date: Wed, 29 Apr 2026 09:58:54 -0700 Subject: [PATCH 03/49] Make bootstrap executable --- examples/linux/br_external/bootstrap.sh | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 examples/linux/br_external/bootstrap.sh diff --git a/examples/linux/br_external/bootstrap.sh b/examples/linux/br_external/bootstrap.sh old mode 100644 new mode 100755 From 36bc19257fadca6aa97bcdae13ca2d21f57d3713 Mon Sep 17 00:00:00 2001 From: Janis Danisevskis Date: Wed, 29 Apr 2026 14:44:45 -0700 Subject: [PATCH 04/49] Use prebuild toolchain and stop building qemu from scratch. --- .../br_external/configs/qemu_br_defconfig | 2054 ++++------------- 1 file changed, 406 insertions(+), 1648 deletions(-) diff --git a/examples/linux/br_external/configs/qemu_br_defconfig b/examples/linux/br_external/configs/qemu_br_defconfig index 645f6610..863df018 100644 --- a/examples/linux/br_external/configs/qemu_br_defconfig +++ b/examples/linux/br_external/configs/qemu_br_defconfig @@ -109,150 +109,28 @@ BR2_BINFMT_ELF=y # BR2_TOOLCHAIN=y BR2_TOOLCHAIN_USES_GLIBC=y -BR2_TOOLCHAIN_BUILDROOT=y -# BR2_TOOLCHAIN_EXTERNAL is not set - -# -# Toolchain Buildroot Options -# -BR2_TOOLCHAIN_BUILDROOT_VENDOR="buildroot" -# BR2_TOOLCHAIN_BUILDROOT_UCLIBC is not set -BR2_TOOLCHAIN_BUILDROOT_GLIBC=y -# BR2_TOOLCHAIN_BUILDROOT_MUSL is not set -BR2_TOOLCHAIN_BUILDROOT_LIBC="glibc" - -# -# Kernel Header Options -# -BR2_KERNEL_HEADERS_AS_KERNEL=y -# BR2_KERNEL_HEADERS_5_4 is not set -# BR2_KERNEL_HEADERS_5_10 is not set -# BR2_KERNEL_HEADERS_5_15 is not set -# BR2_KERNEL_HEADERS_6_1 is not set -# BR2_KERNEL_HEADERS_6_6 is not set -# BR2_KERNEL_HEADERS_6_12 is not set -# BR2_KERNEL_HEADERS_6_16 is not set -# BR2_KERNEL_HEADERS_VERSION is not set -# BR2_KERNEL_HEADERS_CUSTOM_TARBALL is not set -# BR2_KERNEL_HEADERS_CUSTOM_GIT is not set -# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_6_16 is not set -# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_6_15 is not set -# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_6_14 is not set -# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_6_13 is not set -BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_6_12=y -# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_6_11 is not set -# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_6_10 is not set -# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_6_9 is not set -# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_6_8 is not set -# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_6_7 is not set -# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_6_6 is not set -# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_6_5 is not set -# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_6_4 is not set -# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_6_3 is not set -# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_6_2 is not set -# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_6_1 is not set -# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_6_0 is not set -# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_5_19 is not set -# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_5_18 is not set -# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_5_17 is not set -# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_5_16 is not set -# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_5_15 is not set -# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_5_14 is not set -# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_5_13 is not set -# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_5_12 is not set -# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_5_11 is not set -# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_5_10 is not set -# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_5_9 is not set -# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_5_8 is not set -# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_5_7 is not set -# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_5_6 is not set -# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_5_5 is not set -# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_5_4 is not set -# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_5_3 is not set -# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_5_2 is not set -# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_5_1 is not set -# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_5_0 is not set -# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_20 is not set -# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19 is not set -# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_18 is not set -# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_17 is not set -# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16 is not set -# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_15 is not set -# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_14 is not set -# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_13 is not set -# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_12 is not set -# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_11 is not set -# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_10 is not set -# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_9 is not set -# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_8 is not set -# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_7 is not set -# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_6 is not set -# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_5 is not set -# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_4 is not set -# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_3 is not set -# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_2 is not set -# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_1 is not set -# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_0 is not set -# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_3_19 is not set -# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_3_18 is not set -# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_3_17 is not set -# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_3_16 is not set -# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_3_15 is not set -# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_3_14 is not set -# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_3_13 is not set -# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_3_12 is not set -# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_3_11 is not set -# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_3_10 is not set -# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_3_9 is not set -# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_3_8 is not set -# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_3_7 is not set -# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_3_6 is not set -# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_3_5 is not set -# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_3_4 is not set -# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_3_3 is not set -# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_3_2 is not set -# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_3_1 is not set -# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_3_0 is not set -# BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_REALLY_OLD is not set -BR2_PACKAGE_LINUX_HEADERS=y -BR2_PACKAGE_MUSL_ARCH_SUPPORTS=y -BR2_PACKAGE_MUSL_SUPPORTS=y -BR2_PACKAGE_UCLIBC_ARCH_SUPPORTS=y -BR2_PACKAGE_UCLIBC_SUPPORTS=y -BR2_PACKAGE_GLIBC_ARCH_SUPPORTS=y -BR2_PACKAGE_GLIBC_SUPPORTS=y - -# -# Glibc Options -# -BR2_PACKAGE_GLIBC=y -# BR2_PACKAGE_GLIBC_KERNEL_COMPAT is not set -# BR2_PACKAGE_GLIBC_UTILS is not set - -# -# Binutils Options -# -BR2_PACKAGE_HOST_BINUTILS_SUPPORTS_CFI=y -# BR2_BINUTILS_VERSION_2_42_X is not set -BR2_BINUTILS_VERSION_2_43_X=y -# BR2_BINUTILS_VERSION_2_44_X is not set -BR2_BINUTILS_VERSION="2.43.1" -# BR2_BINUTILS_GPROFNG is not set -BR2_BINUTILS_EXTRA_CONFIG_OPTIONS="" - -# -# GCC Options -# -# BR2_GCC_VERSION_13_X is not set -BR2_GCC_VERSION_14_X=y -# BR2_GCC_VERSION_15_X is not set -BR2_GCC_VERSION="14.3.0" -BR2_EXTRA_GCC_CONFIG_OPTIONS="" -# BR2_TOOLCHAIN_BUILDROOT_CXX is not set -# BR2_TOOLCHAIN_BUILDROOT_FORTRAN is not set -# BR2_GCC_ENABLE_OPENMP is not set -# BR2_GCC_ENABLE_GRAPHITE is not set -BR2_PACKAGE_GCC_FINAL=y +# BR2_TOOLCHAIN_BUILDROOT is not set +BR2_TOOLCHAIN_EXTERNAL=y + +# +# Toolchain External Options +# +BR2_TOOLCHAIN_EXTERNAL_BOOTLIN=y +# BR2_TOOLCHAIN_EXTERNAL_CUSTOM is not set +BR2_TOOLCHAIN_EXTERNAL_DOWNLOAD=y +# BR2_TOOLCHAIN_EXTERNAL_PREINSTALLED is not set +BR2_TOOLCHAIN_EXTERNAL_GLIBC=y +BR2_PACKAGE_HAS_TOOLCHAIN_EXTERNAL=y +BR2_PACKAGE_PROVIDES_TOOLCHAIN_EXTERNAL="toolchain-external-bootlin" +BR2_TOOLCHAIN_EXTERNAL_PREFIX="$(ARCH)-linux" +BR2_TOOLCHAIN_EXTERNAL_BOOTLIN_ARCH_SUPPORTS=y +# BR2_TOOLCHAIN_EXTERNAL_BOOTLIN_X86_64_GLIBC_BLEEDING_EDGE is not set +BR2_TOOLCHAIN_EXTERNAL_BOOTLIN_X86_64_GLIBC_STABLE=y +# BR2_TOOLCHAIN_EXTERNAL_BOOTLIN_X86_64_MUSL_BLEEDING_EDGE is not set +# BR2_TOOLCHAIN_EXTERNAL_BOOTLIN_X86_64_MUSL_STABLE is not set +# BR2_TOOLCHAIN_EXTERNAL_BOOTLIN_X86_64_UCLIBC_BLEEDING_EDGE is not set +# BR2_TOOLCHAIN_EXTERNAL_BOOTLIN_X86_64_UCLIBC_STABLE is not set +# BR2_TOOLCHAIN_EXTERNAL_GDB_SERVER_COPY is not set BR2_PACKAGE_HOST_GDB_ARCH_SUPPORTS=y # @@ -325,35 +203,7 @@ BR2_TOOLCHAIN_HEADERS_AT_LEAST_5_1=y BR2_TOOLCHAIN_HEADERS_AT_LEAST_5_2=y BR2_TOOLCHAIN_HEADERS_AT_LEAST_5_3=y BR2_TOOLCHAIN_HEADERS_AT_LEAST_5_4=y -BR2_TOOLCHAIN_HEADERS_AT_LEAST_5_5=y -BR2_TOOLCHAIN_HEADERS_AT_LEAST_5_6=y -BR2_TOOLCHAIN_HEADERS_AT_LEAST_5_7=y -BR2_TOOLCHAIN_HEADERS_AT_LEAST_5_8=y -BR2_TOOLCHAIN_HEADERS_AT_LEAST_5_9=y -BR2_TOOLCHAIN_HEADERS_AT_LEAST_5_10=y -BR2_TOOLCHAIN_HEADERS_AT_LEAST_5_11=y -BR2_TOOLCHAIN_HEADERS_AT_LEAST_5_12=y -BR2_TOOLCHAIN_HEADERS_AT_LEAST_5_13=y -BR2_TOOLCHAIN_HEADERS_AT_LEAST_5_14=y -BR2_TOOLCHAIN_HEADERS_AT_LEAST_5_15=y -BR2_TOOLCHAIN_HEADERS_AT_LEAST_5_16=y -BR2_TOOLCHAIN_HEADERS_AT_LEAST_5_17=y -BR2_TOOLCHAIN_HEADERS_AT_LEAST_5_18=y -BR2_TOOLCHAIN_HEADERS_AT_LEAST_5_19=y -BR2_TOOLCHAIN_HEADERS_AT_LEAST_6_0=y -BR2_TOOLCHAIN_HEADERS_AT_LEAST_6_1=y -BR2_TOOLCHAIN_HEADERS_AT_LEAST_6_2=y -BR2_TOOLCHAIN_HEADERS_AT_LEAST_6_3=y -BR2_TOOLCHAIN_HEADERS_AT_LEAST_6_4=y -BR2_TOOLCHAIN_HEADERS_AT_LEAST_6_5=y -BR2_TOOLCHAIN_HEADERS_AT_LEAST_6_6=y -BR2_TOOLCHAIN_HEADERS_AT_LEAST_6_7=y -BR2_TOOLCHAIN_HEADERS_AT_LEAST_6_8=y -BR2_TOOLCHAIN_HEADERS_AT_LEAST_6_9=y -BR2_TOOLCHAIN_HEADERS_AT_LEAST_6_10=y -BR2_TOOLCHAIN_HEADERS_AT_LEAST_6_11=y -BR2_TOOLCHAIN_HEADERS_AT_LEAST_6_12=y -BR2_TOOLCHAIN_HEADERS_AT_LEAST="6.12" +BR2_TOOLCHAIN_HEADERS_AT_LEAST="5.4" BR2_TOOLCHAIN_GCC_AT_LEAST_4_3=y BR2_TOOLCHAIN_GCC_AT_LEAST_4_4=y BR2_TOOLCHAIN_GCC_AT_LEAST_4_5=y @@ -437,6 +287,7 @@ BR2_OPTIMIZE_2=y # BR2_OPTIMIZE_S is not set # BR2_OPTIMIZE_FAST is not set # BR2_ENABLE_LTO is not set +# BR2_GOOGLE_BREAKPAD_ENABLE is not set # # static only needs a toolchain w/ uclibc or musl @@ -632,31 +483,19 @@ BR2_PACKAGE_SKELETON_INIT_SYSV=y # BR2_PACKAGE_BLUEZ_ALSA is not set # BR2_PACKAGE_DVBLAST is not set # BR2_PACKAGE_DVDAUTHOR is not set - -# -# dvdrw-tools needs a toolchain w/ threads, C++, wchar -# - -# -# espeak needs a toolchain w/ C++, wchar, threads, dynamic library -# +# BR2_PACKAGE_DVDRW_TOOLS is not set +# BR2_PACKAGE_ESPEAK is not set # BR2_PACKAGE_FAAD2 is not set BR2_PACKAGE_FFMPEG_ARCH_SUPPORTS=y # BR2_PACKAGE_FFMPEG is not set # BR2_PACKAGE_FLAC is not set # BR2_PACKAGE_FLITE is not set # BR2_PACKAGE_FLUID_SOUNDFONT is not set - -# -# fluidsynth needs a toolchain w/ threads, wchar, dynamic library, C++ -# +# BR2_PACKAGE_FLUIDSYNTH is not set # BR2_PACKAGE_GMRENDER_RESURRECT is not set # BR2_PACKAGE_GSTREAMER1 is not set # BR2_PACKAGE_JACK1 is not set - -# -# jack2 needs a toolchain w/ threads, C++, dynamic library -# +# BR2_PACKAGE_JACK2 is not set BR2_PACKAGE_KODI_ARCH_SUPPORTS=y # @@ -677,15 +516,9 @@ BR2_PACKAGE_KODI_ARCH_SUPPORTS=y # # miraclecast needs systemd and a glibc toolchain w/ threads and wchar # +# BR2_PACKAGE_MJPEGTOOLS is not set BR2_PACKAGE_MJPEGTOOLS_SIMD_SUPPORT=y - -# -# mjpegtools needs a toolchain w/ C++, threads -# - -# -# modplugtools needs a toolchain w/ C++ -# +# BR2_PACKAGE_MODPLUGTOOLS is not set # BR2_PACKAGE_MOTION is not set # @@ -693,16 +526,10 @@ BR2_PACKAGE_MJPEGTOOLS_SIMD_SUPPORT=y # # BR2_PACKAGE_MPD_MPC is not set # BR2_PACKAGE_MPG123 is not set - -# -# mpv needs a toolchain w/ C++, NPTL, gcc >= 4.9 -# +# BR2_PACKAGE_MPV is not set # BR2_PACKAGE_MULTICAT is not set # BR2_PACKAGE_MUSEPACK is not set - -# -# ncmpc needs a toolchain w/ C++, wchar, threads, gcc >= 10 -# +# BR2_PACKAGE_NCMPC is not set # BR2_PACKAGE_OPUS_TOOLS is not set # BR2_PACKAGE_PIPEWIRE is not set BR2_PACKAGE_PULSEAUDIO_HAS_ATOMIC=y @@ -714,52 +541,28 @@ BR2_PACKAGE_PULSEAUDIO_HAS_ATOMIC=y # BR2_PACKAGE_TSTOOLS is not set # BR2_PACKAGE_TWOLAME is not set # BR2_PACKAGE_UDPXY is not set - -# -# upmpdcli needs a toolchain w/ C++, NPTL, gcc >= 4.9 -# - -# -# v4l2grab needs a toolchain w/ threads, dynamic library, C++ and headers >= 3.0 -# +# BR2_PACKAGE_UPMPDCLI is not set +# BR2_PACKAGE_V4L2GRAB is not set # BR2_PACKAGE_V4L2LOOPBACK is not set - -# -# vlc needs a toolchain w/ C++, dynamic library, wchar, threads, gcc >= 4.9, headers >= 3.7 -# +# BR2_PACKAGE_VLC is not set # BR2_PACKAGE_VORBIS_TOOLS is not set # BR2_PACKAGE_WAVPACK is not set # BR2_PACKAGE_YAVTA is not set # BR2_PACKAGE_YMPD is not set - -# -# zynaddsubfx needs a toolchain w/ C++11 and threads -# +# BR2_PACKAGE_ZYNADDSUBFX is not set # # Compressors and decompressors # # BR2_PACKAGE_BROTLI is not set # BR2_PACKAGE_BZIP2 is not set - -# -# lrzip needs a toolchain w/ wchar, threads, C++ -# - -# -# lzip needs a toolchain w/ C++ -# +# BR2_PACKAGE_LRZIP is not set +# BR2_PACKAGE_LZIP is not set # BR2_PACKAGE_LZOP is not set - -# -# p7zip needs a toolchain w/ threads, wchar, C++ -# +# BR2_PACKAGE_P7ZIP is not set # BR2_PACKAGE_PIGZ is not set # BR2_PACKAGE_PIXZ is not set - -# -# unrar needs a toolchain w/ C++, wchar, threads, gcc >= 4.8 -# +# BR2_PACKAGE_UNRAR is not set # BR2_PACKAGE_XZ is not set # BR2_PACKAGE_ZIP is not set # BR2_PACKAGE_ZSTD is not set @@ -768,22 +571,13 @@ BR2_PACKAGE_PULSEAUDIO_HAS_ATOMIC=y # Debugging, profiling and benchmark # # BR2_PACKAGE_BABELTRACE2 is not set - -# -# bcc needs a glibc toolchain, C++, wchar, threads, dynamic libs, gcc >= 7, host gcc >= 7 -# +# BR2_PACKAGE_BCC is not set # BR2_PACKAGE_BLKTRACE is not set - -# -# bonnie++ needs a toolchain w/ C++ -# +# BR2_PACKAGE_BONNIE is not set BR2_PACKAGE_BPFTOOL_ARCH_SUPPORTS=y # BR2_PACKAGE_BPFTOOL is not set BR2_PACKAGE_BPFTRACE_ARCH_SUPPORTS=y - -# -# bpftrace needs a glibc toolchain w/ C++, gcc >= 7, host gcc >= 7, kernel headers >= 4.13 -# +# BR2_PACKAGE_BPFTRACE is not set # BR2_PACKAGE_CACHE_CALIBRATOR is not set # @@ -807,28 +601,18 @@ BR2_PACKAGE_DELVE_ARCH_SUPPORTS=y # BR2_PACKAGE_DROPWATCH is not set # BR2_PACKAGE_DSTAT is not set # BR2_PACKAGE_DT is not set - -# -# duma needs a toolchain w/ C++, threads, dynamic library -# +# BR2_PACKAGE_DUMA is not set # BR2_PACKAGE_FIO is not set BR2_PACKAGE_FWTS_ARCH_SUPPORTS=y # BR2_PACKAGE_FWTS is not set BR2_PACKAGE_GDB_ARCH_SUPPORTS=y - -# -# gdb/gdbserver >= 8.x needs a toolchain w/ C++, gcc >= 4.8 -# +# BR2_PACKAGE_GDB is not set BR2_PACKAGE_GOOGLE_BREAKPAD_ARCH_SUPPORTS=y - -# -# google-breakpad requires a glibc toolchain w/ wchar, threads, C++, gcc >= 7 -# +# BR2_PACKAGE_GOOGLE_BREAKPAD is not set # BR2_PACKAGE_HYPERFINE is not set # BR2_PACKAGE_IOZONE is not set BR2_PACKAGE_KEXEC_ARCH_SUPPORTS=y # BR2_PACKAGE_KEXEC is not set -# BR2_PACKAGE_KMEMD is not set BR2_PACKAGE_KVM_UNIT_TESTS_ARCH_SUPPORTS=y # BR2_PACKAGE_KVM_UNIT_TESTS is not set # BR2_PACKAGE_LIBBPF is not set @@ -841,58 +625,33 @@ BR2_PACKAGE_LTRACE_ARCH_SUPPORTS=y # BR2_PACKAGE_LTRACE is not set # BR2_PACKAGE_LTTNG_BABELTRACE is not set # BR2_PACKAGE_LTTNG_MODULES is not set - -# -# lttng-tools needs a toolchain w/ threads, dynamic library, C++ -# +# BR2_PACKAGE_LTTNG_TOOLS is not set # BR2_PACKAGE_MBPOLL is not set # BR2_PACKAGE_MBW is not set # BR2_PACKAGE_MCELOG is not set # BR2_PACKAGE_MEMSTAT is not set # BR2_PACKAGE_NETPERF is not set - -# -# netsniff-ng needs a toolchain w/ NPTL, C++, headers >= 3.0 -# +# BR2_PACKAGE_NETSNIFF_NG is not set # BR2_PACKAGE_NMON is not set BR2_PACKAGE_OPROFILE_ARCH_SUPPORTS=y - -# -# oprofile needs a toolchain w/ C++, wchar -# +# BR2_PACKAGE_OPROFILE is not set # BR2_PACKAGE_PAX_UTILS is not set - -# -# pcm-tools needs a toolchain w/ C++, NPTL -# +# BR2_PACKAGE_PCM_TOOLS is not set BR2_PACKAGE_PERFTEST_ARCH_SUPPORTS=y # BR2_PACKAGE_PERFTEST is not set +BR2_PACKAGE_PLY_ARCH_SUPPORTS=y # -# piglit needs a glibc or musl toolchain w/ C++, gcc >= 9, host gcc >= 9 +# ply needs a toolchain w/ dynamic library, headers >= 5.5 # -BR2_PACKAGE_PLY_ARCH_SUPPORTS=y -# BR2_PACKAGE_PLY is not set # BR2_PACKAGE_POKE is not set # BR2_PACKAGE_PV is not set - -# -# racehound needs a toolchain w/ C++, wchar, dynamic library, threads -# +# BR2_PACKAGE_RACEHOUND is not set # BR2_PACKAGE_RAMSPEED is not set # BR2_PACKAGE_RT_TESTS is not set - -# -# rwmem needs a toolchain w/ C++, wchar, gcc >= 10 -# - -# -# sentry-native needs a glibc toolchain with w/ wchar, threads, C++, gcc >= 7 -# - -# -# signal-estimator needs a toochain w/ C++, threads, gcc >= 7 -# +# BR2_PACKAGE_RWMEM is not set +# BR2_PACKAGE_SENTRY_NATIVE is not set +# BR2_PACKAGE_SIGNAL_ESTIMATOR is not set # BR2_PACKAGE_SPIDEV_TEST is not set # BR2_PACKAGE_STRACE is not set # BR2_PACKAGE_STRESS is not set @@ -931,34 +690,19 @@ BR2_PACKAGE_VALGRIND_ARCH_SUPPORTS=y # BR2_PACKAGE_BITWISE is not set # BR2_PACKAGE_CHECK is not set BR2_PACKAGE_CMAKE_ARCH_SUPPORTS=y - -# -# ctest needs a toolchain w/ C++, wchar, dynamic library, gcc >= 4.9, NPTL -# - -# -# cppunit needs a toolchain w/ C++, dynamic library -# +# BR2_PACKAGE_CMAKE_CTEST is not set +# BR2_PACKAGE_CPPUNIT is not set # BR2_PACKAGE_CUKINIA is not set # BR2_PACKAGE_CUNIT is not set # BR2_PACKAGE_CVS is not set - -# -# cxxtest needs a toolchain w/ C++ support -# +# BR2_PACKAGE_CXXTEST is not set # BR2_PACKAGE_FD is not set # BR2_PACKAGE_FLEX is not set # BR2_PACKAGE_GETTEXT is not set BR2_PACKAGE_PROVIDES_HOST_GETTEXT="host-gettext-tiny" # BR2_PACKAGE_GIT is not set - -# -# git-crypt needs a toolchain w/ C++, gcc >= 4.9 -# - -# -# gperf needs a toolchain w/ C++ -# +# BR2_PACKAGE_GIT_CRYPT is not set +# BR2_PACKAGE_GPERF is not set # BR2_PACKAGE_JO is not set # BR2_PACKAGE_JQ is not set # BR2_PACKAGE_LIBTOOL is not set @@ -978,10 +722,7 @@ BR2_PACKAGE_PROVIDES_HOST_GETTEXT="host-gettext-tiny" # BR2_PACKAGE_ABOOTIMG is not set # BR2_PACKAGE_AUFS_UTIL is not set # BR2_PACKAGE_AUTOFS is not set - -# -# bmap-writer needs a toolchain w/ C++, wchar -# +# BR2_PACKAGE_BMAP_WRITER is not set # BR2_PACKAGE_BTRFS_PROGS is not set # BR2_PACKAGE_CIFS_UTILS is not set # BR2_PACKAGE_CPIO is not set @@ -1019,10 +760,7 @@ BR2_PACKAGE_PROVIDES_HOST_GETTEXT="host-gettext-tiny" # BR2_PACKAGE_UDFTOOLS is not set # BR2_PACKAGE_UFS_UTILS is not set # BR2_PACKAGE_UNIONFS is not set - -# -# xfsprogs needs a toolchain w/ threads, C++ -# +# BR2_PACKAGE_XFSPROGS is not set # BR2_PACKAGE_ZEROFREE is not set # @@ -1070,19 +808,13 @@ BR2_PACKAGE_PROVIDES_HOST_GETTEXT="host-gettext-tiny" # # BR2_PACKAGE_ASCII_INVADERS is not set # BR2_PACKAGE_CHOCOLATE_DOOM is not set - -# -# flare-engine needs a toolchain w/ C++, dynamic library -# - -# -# gnuchess needs a toolchain w/ C++, threads -# +# BR2_PACKAGE_FLARE_ENGINE is not set +# BR2_PACKAGE_GNUCHESS is not set # BR2_PACKAGE_LBREAKOUT2 is not set # BR2_PACKAGE_LTRIS is not set # -# minetest needs a toolchain w/ C++, gcc >= 9, threads +# minetest needs X11 and an OpenGL provider # # BR2_PACKAGE_OPENTYRIAN is not set # BR2_PACKAGE_PRBOOM is not set @@ -1091,10 +823,7 @@ BR2_PACKAGE_PROVIDES_HOST_GETTEXT="host-gettext-tiny" # # solarus needs OpenGL and a toolchain w/ C++, gcc >= 9, NPTL, dynamic library, and luajit or lua 5.1 # - -# -# stella needs a toolchain w/ dynamic library, C++, threads, gcc >= 7 -# +# BR2_PACKAGE_STELLA is not set # BR2_PACKAGE_XORCURSES is not set # @@ -1112,19 +841,12 @@ BR2_PACKAGE_PROVIDES_HOST_GETTEXT="host-gettext-tiny" # # cog needs wpewebkit and a toolchain w/ threads # - -# -# dmenu-wayland needs a toolchain w/ wchar, threads, C++, dynamic library, gcc >= 4.9 -# +# BR2_PACKAGE_DMENU_WAYLAND is not set # # flutter packages need flutter-engine # -# -# flutter-pi needs a glibc toolchain w/ wchar, C++, gcc >= 5, dynamic library, host gcc >= 5 -# - # # flutter-pi needs an OpenGL or OpenGLES backend # @@ -1137,7 +859,7 @@ BR2_PACKAGE_PROVIDES_HOST_GETTEXT="host-gettext-tiny" # BR2_PACKAGE_GHOSTSCRIPT is not set # -# glmark2 needs a toolchain w/ C++, gcc >= 4.9 +# glmark2 needs an OpenGL or an openGL ES and EGL backend # # @@ -1149,10 +871,6 @@ BR2_PACKAGE_PROVIDES_HOST_GETTEXT="host-gettext-tiny" # igt-gpu-tools needs udev /dev management and toolchain w/ NPTL, wchar, dynamic library, locale, headers >= 4.11 # -# -# ivi-homescreen needs a glibc toolchain w/ wchar, C++, gcc >= 8, dynamic library, host gcc >= 5 -# - # # ivi-homescreen needs an OpenGL or OpenGLES backend # @@ -1161,22 +879,13 @@ BR2_PACKAGE_PROVIDES_HOST_GETTEXT="host-gettext-tiny" # # kmscube needs EGL, GBM and OpenGL ES, and a toolchain w/ thread support # - -# -# libva-utils needs a toolchain w/ C++, threads, dynamic library -# +# BR2_PACKAGE_LIBVA_UTILS is not set BR2_PACKAGE_NETSURF_ARCH_SUPPORTS=y # BR2_PACKAGE_NETSURF is not set # BR2_PACKAGE_PNGQUANT is not set # BR2_PACKAGE_RRDTOOL is not set - -# -# spirv-translator needs a toolchain w/ wchar, threads, C++, gcc >= 7, dynamic library, host gcc >= 7 -# - -# -# spirv-tools needs a toolchain w/ C++, dynamic library, gcc >= 8 -# +# BR2_PACKAGE_SPIRV_LLVM_TRANSLATOR is not set +# BR2_PACKAGE_SPIRV_TOOLS is not set # # stellarium needs Qt5 and an OpenGL provider @@ -1185,92 +894,45 @@ BR2_PACKAGE_NETSURF_ARCH_SUPPORTS=y # # sway needs systemd, udev, EGL and OpenGL ES support # - -# -# sway needs a toolchain w/ wchar, threads, C++, dynamic library, gcc >= 4.9 -# # BR2_PACKAGE_SWAYBG is not set - -# -# tesseract-ocr needs a toolchain w/ threads, C++, gcc >= 8, dynamic library, wchar -# +# BR2_PACKAGE_TESSERACT_OCR is not set # BR2_PACKAGE_TINIFIER is not set # # Graphic libraries # - -# -# cegui needs a toolchain w/ C++, threads, dynamic library, wchar, gcc >= 5 -# - -# -# efl needs a toolchain w/ C++, dynamic library, gcc >= 4.9, host gcc >= 4.9, threads, wchar -# +# BR2_PACKAGE_CEGUI is not set # BR2_PACKAGE_FB_TEST_APP is not set # BR2_PACKAGE_FBDUMP is not set # BR2_PACKAGE_FBGRAB is not set - -# -# fbterm needs a toolchain w/ C++, wchar, locale -# +# BR2_PACKAGE_FBTERM is not set # BR2_PACKAGE_FBV is not set - -# -# freerdp needs a toolchain w/ wchar, dynamic library, threads, C++ -# +# BR2_PACKAGE_FREERDP is not set # BR2_PACKAGE_GRAPHICSMAGICK is not set # BR2_PACKAGE_IMAGEMAGICK is not set # BR2_PACKAGE_LIBGLVND is not set +# BR2_PACKAGE_MESA3D is not set +# BR2_PACKAGE_OCRAD is not set # -# mesa3d needs a toolchain w/ gcc >=8, C++, NPTL, dynamic library -# - -# -# ocrad needs a toolchain w/ C++ -# - -# -# ogre needs a toolchain w/ C++, dynamic library, gcc >= 4.8, threads, wchar +# ogre needs X11 and an OpenGL provider # # BR2_PACKAGE_PSPLASH is not set # BR2_PACKAGE_SDL is not set # BR2_PACKAGE_SDL2 is not set - -# -# spirv-headers needs a toolchain w/ C++ -# - -# -# vulkan-headers needs a toolchain w/ C++ -# - -# -# vulkan-loader needs a toolchain w/ C++, dynamic library, threads -# - -# -# Vulkan-SDK needs toolchain w/ C++, dynamic library -# - -# -# vulkan-tools needs a toolchain w/ C++, dynamic library, threads, gcc >= 4.9 -# +# BR2_PACKAGE_SPIRV_HEADERS is not set +# BR2_PACKAGE_VULKAN_HEADERS is not set +# BR2_PACKAGE_VULKAN_LOADER is not set +# BR2_PACKAGE_VULKAN_SDK is not set +# BR2_PACKAGE_VULKAN_TOOLS is not set # # Other GUIs # BR2_PACKAGE_QT5_JSCORE_AVAILABLE=y - -# -# Qt5 needs host g++ >= 5.0, and a toolchain w/ gcc >= 5.0, wchar, NPTL, C++, dynamic library -# +# BR2_PACKAGE_QT5 is not set BR2_PACKAGE_QT6_ARCH_SUPPORTS=y - -# -# qt6 needs a toolchain w/ C++, threads, wchar, dynamic library, gcc >= 8, host gcc >= 8 -# +# BR2_PACKAGE_QT6 is not set # # tekui needs a Lua interpreter and a toolchain w/ threads, dynamic library @@ -1280,18 +942,8 @@ BR2_PACKAGE_QT6_ARCH_SUPPORTS=y # weston needs udev and a toolchain w/ locale, threads, dynamic library, headers >= 3.0 # # BR2_PACKAGE_XORG7 is not set - -# -# apitrace needs a toolchain w/ C++, wchar, dynamic library, threads, gcc >= 7 -# - -# -# mupdf needs a toolchain w/ C++, gcc >= 4.9 -# - -# -# vte needs a uClibc or glibc toolchain w/ wchar, threads, C++, gcc >= 10 -# +# BR2_PACKAGE_APITRACE is not set +# BR2_PACKAGE_MUPDF is not set # # vte needs an OpenGL or an OpenGL-EGL backend @@ -1328,16 +980,10 @@ BR2_PACKAGE_QT6_ARCH_SUPPORTS=y # BR2_PACKAGE_18XX_TI_UTILS is not set # BR2_PACKAGE_ACPICA is not set # BR2_PACKAGE_ACPID is not set - -# -# acpitool needs a toolchain w/ threads, C++, dynamic library -# +# BR2_PACKAGE_ACPITOOL is not set # BR2_PACKAGE_AER_INJECT is not set # BR2_PACKAGE_ALTERA_STAPL is not set - -# -# apcupsd needs a toolchain w/ C++, threads -# +# BR2_PACKAGE_APCUPSD is not set # BR2_PACKAGE_AVRDUDE is not set # @@ -1349,10 +995,7 @@ BR2_PACKAGE_QT6_ARCH_SUPPORTS=y # brickd needs udev /dev management, a toolchain w/ threads, wchar # # BR2_PACKAGE_BRLTTY is not set - -# -# cc-tool needs a toolchain w/ C++, threads, wchar, gcc >= 4.9 -# +# BR2_PACKAGE_CC_TOOL is not set # BR2_PACKAGE_CDRKIT is not set # BR2_PACKAGE_CRUCIBLE is not set # BR2_PACKAGE_CRYPTSETUP is not set @@ -1364,10 +1007,7 @@ BR2_PACKAGE_QT6_ARCH_SUPPORTS=y # # dbusbroker needs systemd and a toolchain w/ threads # - -# -# dbus-cxx needs a toolchain w/ C++, threads, gcc >= 7 and dynamic library support -# +# BR2_PACKAGE_DBUS_CXX is not set # BR2_PACKAGE_DFU_PROGRAMMER is not set # BR2_PACKAGE_DFU_UTIL is not set # BR2_PACKAGE_DMIDECODE is not set @@ -1380,10 +1020,7 @@ BR2_PACKAGE_QT6_ARCH_SUPPORTS=y # BR2_PACKAGE_DTV_SCAN_TABLES is not set # BR2_PACKAGE_DUMP1090 is not set # BR2_PACKAGE_DVBSNOOP is not set - -# -# edid-decode needs a toolchain w/ C++, gcc >= 4.7 -# +# BR2_PACKAGE_EDID_DECODE is not set # BR2_PACKAGE_ESP_HOSTED is not set # @@ -1404,10 +1041,7 @@ BR2_PACKAGE_FLASHROM_ARCH_SUPPORTS=y # BR2_PACKAGE_FXLOAD is not set # BR2_PACKAGE_GPM is not set # BR2_PACKAGE_GPSD is not set - -# -# gptfdisk needs a toolchain w/ C++ -# +# BR2_PACKAGE_GPTFDISK is not set # BR2_PACKAGE_GVFS is not set # BR2_PACKAGE_HDDTEMP is not set # BR2_PACKAGE_HWDATA is not set @@ -1426,10 +1060,7 @@ BR2_PACKAGE_FLASHROM_ARCH_SUPPORTS=y # # ledmon needs udev and a toolchain w/ threads # - -# -# libiec61850 needs a toolchain w/ C++, threads, dynamic library -# +# BR2_PACKAGE_LIBIEC61850 is not set # # libmanette needs a toolchain w/ wchar, NPTL threads, gcc >= 4.9, headers >= 4.16, udev @@ -1439,15 +1070,9 @@ BR2_PACKAGE_FLASHROM_ARCH_SUPPORTS=y # BR2_PACKAGE_LINUX_BACKPORTS is not set # BR2_PACKAGE_LINUX_SERIAL_TEST is not set # BR2_PACKAGE_LINUXCONSOLETOOLS is not set - -# -# lirc-tools needs a toolchain w/ threads, dynamic library, C++ -# +# BR2_PACKAGE_LIRC_TOOLS is not set # BR2_PACKAGE_LM_SENSORS is not set - -# -# lshw needs a toolchain w/ C++, wchar -# +# BR2_PACKAGE_LSHW is not set # BR2_PACKAGE_LSSCSI is not set # BR2_PACKAGE_LSUIO is not set # BR2_PACKAGE_LUKSMETA is not set @@ -1471,38 +1096,20 @@ BR2_PACKAGE_FLASHROM_ARCH_SUPPORTS=y # BR2_PACKAGE_NVME is not set # BR2_PACKAGE_NXP_MWIFIEX is not set # BR2_PACKAGE_OFONO is not set - -# -# ola needs a toolchain w/ C++, threads, dynamic library, gcc >= 4.8 -# +# BR2_PACKAGE_OLA is not set # BR2_PACKAGE_OPEN2300 is not set - -# -# openfpgaloader needs a toolchain w/ threads, C++, gcc >= 4.9 -# +# BR2_PACKAGE_OPENFPGALOADER is not set # BR2_PACKAGE_OPENIPMI is not set # BR2_PACKAGE_OPENOCD is not set - -# -# openpowerlink needs a toolchain w/ C++, threads -# +# BR2_PACKAGE_OPENPOWERLINK is not set # BR2_PACKAGE_PARTED is not set # BR2_PACKAGE_PCIUTILS is not set # BR2_PACKAGE_PDBG is not set # BR2_PACKAGE_PICOCOM is not set - -# -# picotool needs a toolchain w/ C++, threads, gcc >= 4.9 -# - -# -# powertop needs a toolchain w/ C++, threads, wchar -# +# BR2_PACKAGE_PICOTOOL is not set +# BR2_PACKAGE_POWERTOP is not set # BR2_PACKAGE_PPS_TOOLS is not set - -# -# pulseview needs a toolchain w/ locale, wchar, threads, dynamic library, C++, gcc >= 7, host gcc >= 5 -# +# BR2_PACKAGE_PULSEVIEW is not set # BR2_PACKAGE_QORIQ_CADENCE_DP_FIRMWARE is not set # BR2_PACKAGE_RASPI_GPIO is not set # BR2_PACKAGE_RDMA_CORE is not set @@ -1525,18 +1132,12 @@ BR2_PACKAGE_FLASHROM_ARCH_SUPPORTS=y # BR2_PACKAGE_SANE_BACKENDS is not set # BR2_PACKAGE_SDPARM is not set BR2_PACKAGE_SEDUTIL_ARCH_SUPPORTS=y - -# -# sedutil needs a toolchain w/ C++, gcc >= 4.8, headers >= 3.12 -# +# BR2_PACKAGE_SEDUTIL is not set # BR2_PACKAGE_SETSERIAL is not set # BR2_PACKAGE_SG3_UTILS is not set # BR2_PACKAGE_SIGROK_CLI is not set # BR2_PACKAGE_SISPMCTL is not set - -# -# smartmontools needs a toolchain w/ C++ -# +# BR2_PACKAGE_SMARTMONTOOLS is not set # BR2_PACKAGE_SMSTOOLS3 is not set # BR2_PACKAGE_SPI_TOOLS is not set # BR2_PACKAGE_SREDIRD is not set @@ -1567,10 +1168,7 @@ BR2_PACKAGE_SEDUTIL_ARCH_SUPPORTS=y # # BR2_PACKAGE_USB_MODESWITCH is not set # BR2_PACKAGE_USB_MODESWITCH_DATA is not set - -# -# usbguard needs a toolchain w/ C++, threads, dynamic library, gcc >= 8 -# +# BR2_PACKAGE_USBGUARD is not set # # usbip needs udev /dev management @@ -1612,15 +1210,9 @@ BR2_PACKAGE_LUAJIT_ARCH_SUPPORTS=y # BR2_PACKAGE_MOARVM is not set BR2_PACKAGE_HOST_MONO_ARCH_SUPPORTS=y BR2_PACKAGE_MONO_ARCH_SUPPORTS=y - -# -# mono needs a toolchain w/ C++, NPTL, dynamic library -# +# BR2_PACKAGE_MONO is not set BR2_PACKAGE_NODEJS_ARCH_SUPPORTS=y - -# -# nodejs needs a toolchain w/ C++, dynamic library, NPTL, gcc >= 10, wchar, host gcc >= 10 -# +# BR2_PACKAGE_NODEJS is not set BR2_PACKAGE_PROVIDES_NODEJS="nodejs-src" # @@ -1632,13 +1224,10 @@ BR2_PACKAGE_OPENJDK_ARCH_SUPPORTS=y # # openjdk needs X.Org # - -# -# openjdk needs glibc, and a toolchain w/ wchar, dynamic library, threads, C++, gcc >= 4.9, host gcc >= 4.9 -# # BR2_PACKAGE_PERL is not set BR2_PACKAGE_PHP_ARCH_SUPPORTS=y # BR2_PACKAGE_PHP is not set +# BR2_PACKAGE_POCKETPY is not set # BR2_PACKAGE_PYTHON3 is not set # BR2_PACKAGE_QUICKJS is not set # BR2_PACKAGE_RUBY is not set @@ -1654,26 +1243,14 @@ BR2_PACKAGE_SWIPL_ARCH_SUPPORTS=y # Audio/Sound # # BR2_PACKAGE_ALSA_LIB is not set - -# -# alure needs a toolchain w/ C++, gcc >= 9, NPTL, wchar -# +# BR2_PACKAGE_ALURE is not set # BR2_PACKAGE_AUBIO is not set # BR2_PACKAGE_BCG729 is not set - -# -# caps needs a toolchain w/ C++, dynamic library -# +# BR2_PACKAGE_CAPS is not set BR2_PACKAGE_FDK_AAC_ARCH_SUPPORTS=y - -# -# fdk-aac needs a toolchain w/ C++ -# +# BR2_PACKAGE_FDK_AAC is not set BR2_PACKAGE_GTKIOSTREAM_ARCH_SUPPORTS=y - -# -# gtkiostream needs a toolchain w/ C++, threads -# +# BR2_PACKAGE_GTKIOSTREAM is not set # BR2_PACKAGE_LIBAO is not set # BR2_PACKAGE_LIBBROADVOICE is not set # BR2_PACKAGE_LIBCANBERRA is not set @@ -1690,44 +1267,23 @@ BR2_PACKAGE_GTKIOSTREAM_ARCH_SUPPORTS=y # BR2_PACKAGE_LIBILBC is not set # BR2_PACKAGE_LIBLO is not set # BR2_PACKAGE_LIBMAD is not set - -# -# libmodplug needs a toolchain w/ C++ -# +# BR2_PACKAGE_LIBMODPLUG is not set # BR2_PACKAGE_LIBMPDCLIENT is not set - -# -# libopenmpt needs a toolchain w/ threads, C++, gcc >= 7 -# +# BR2_PACKAGE_LIBOPENMPT is not set # BR2_PACKAGE_LIBREPLAYGAIN is not set # BR2_PACKAGE_LIBSAMPLERATE is not set - -# -# libsidplay2 needs a toolchain w/ C++ -# +# BR2_PACKAGE_LIBSIDPLAY2 is not set # BR2_PACKAGE_LIBSILK is not set # BR2_PACKAGE_LIBSNDFILE is not set - -# -# libsoundtouch needs a toolchain w/ C++ -# +# BR2_PACKAGE_LIBSOUNDTOUCH is not set # BR2_PACKAGE_LIBSOXR is not set # BR2_PACKAGE_LIBVORBIS is not set # BR2_PACKAGE_LILV is not set # BR2_PACKAGE_LV2 is not set - -# -# mp4v2 needs a toolchain w/ C++ -# +# BR2_PACKAGE_MP4V2 is not set BR2_PACKAGE_OPENAL_ARCH_SUPPORTS=y - -# -# openal needs a toolchain w/ NPTL, C++, gcc >= 7 -# - -# -# opencore-amr needs a toolchain w/ C++ -# +# BR2_PACKAGE_OPENAL is not set +# BR2_PACKAGE_OPENCORE_AMR is not set # BR2_PACKAGE_OPUS is not set # BR2_PACKAGE_OPUSFILE is not set # BR2_PACKAGE_PORTAUDIO is not set @@ -1737,18 +1293,12 @@ BR2_PACKAGE_OPENAL_ARCH_SUPPORTS=y # BR2_PACKAGE_SPEEX is not set # BR2_PACKAGE_SPEEXDSP is not set # BR2_PACKAGE_SRATOM is not set - -# -# taglib needs a toolchain w/ C++, wchar -# +# BR2_PACKAGE_TAGLIB is not set # BR2_PACKAGE_TINYALSA is not set # BR2_PACKAGE_TREMOR is not set # BR2_PACKAGE_VO_AACENC is not set BR2_PACKAGE_WEBRTC_AUDIO_PROCESSING_ARCH_SUPPORTS=y - -# -# webrtc-audio-processing needs a toolchain w/ C++, NPTL, dynamic library, gcc >= 8 -# +# BR2_PACKAGE_WEBRTC_AUDIO_PROCESSING is not set # # Compression and decompression @@ -1757,19 +1307,13 @@ BR2_PACKAGE_WEBRTC_AUDIO_PROCESSING_ARCH_SUPPORTS=y # BR2_PACKAGE_LIBDEFLATE is not set # BR2_PACKAGE_LIBJCAT is not set # BR2_PACKAGE_LIBMSPACK is not set - -# -# libsquish needs a toolchain w/ C++ -# +# BR2_PACKAGE_LIBSQUISH is not set # BR2_PACKAGE_LIBZIP is not set # BR2_PACKAGE_LZ4 is not set # BR2_PACKAGE_LZO is not set # BR2_PACKAGE_MINIZIP is not set # BR2_PACKAGE_MINIZIP_ZLIB is not set - -# -# snappy needs a toolchain w/ C++ -# +# BR2_PACKAGE_SNAPPY is not set # BR2_PACKAGE_SZIP is not set # BR2_PACKAGE_ZCHUNK is not set BR2_PACKAGE_ZLIB_NG_ARCH_SUPPORTS=y @@ -1786,16 +1330,10 @@ BR2_PACKAGE_PROVIDES_HOST_ZLIB="host-libzlib" # # BR2_PACKAGE_BEARSSL is not set BR2_PACKAGE_BOTAN_ARCH_SUPPORTS=y - -# -# botan needs a toolchain w/ threads, C++, gcc >= 11 -# +# BR2_PACKAGE_BOTAN is not set # BR2_PACKAGE_CA_CERTIFICATES is not set # BR2_PACKAGE_CRYPTODEV_LINUX is not set - -# -# cryptopp needs a toolchain w/ C++, dynamic library, wchar -# +# BR2_PACKAGE_CRYPTOPP is not set # BR2_PACKAGE_GCR is not set # BR2_PACKAGE_GNUTLS is not set # BR2_PACKAGE_LIBARGON2 is not set @@ -1889,47 +1427,23 @@ BR2_PACKAGE_PROVIDES_HOST_OPENSSL="host-libopenssl" # BR2_PACKAGE_BERKELEYDB is not set # BR2_PACKAGE_GDBM is not set # BR2_PACKAGE_HIREDIS is not set - -# -# kompexsqlite needs a toolchain w/ C++, wchar, threads, dynamic library -# - -# -# leveldb needs a toolchain w/ C++, threads, gcc >= 4.8 -# +# BR2_PACKAGE_KOMPEXSQLITE is not set +# BR2_PACKAGE_LEVELDB is not set # BR2_PACKAGE_LIBDBI is not set # BR2_PACKAGE_LIBDBI_DRIVERS is not set # BR2_PACKAGE_LIBGIT2 is not set # BR2_PACKAGE_LIBMDBX is not set - -# -# libodb needs a toolchain w/ C++, threads -# +# BR2_PACKAGE_LIBODB is not set # BR2_PACKAGE_LMDB is not set - -# -# mariadb needs a toolchain w/ dynamic library, C++, threads, wchar -# +# BR2_PACKAGE_MARIADB is not set # BR2_PACKAGE_POSTGRESQL is not set - -# -# redis needs a toolchain w/ gcc>=4.9, dynamic library, nptl, C++ -# - -# -# redis-plus-plus needs a toolchain w/ C++, threads -# +# BR2_PACKAGE_REDIS is not set +# BR2_PACKAGE_REDIS_PLUS_PLUS is not set BR2_PACKAGE_ROCKSDB_ARCH_SUPPORTS=y - -# -# rocksdb needs a toolchain w/ C++, threads, wchar, gcc >= 4.8 -# +# BR2_PACKAGE_ROCKSDB is not set # BR2_PACKAGE_SQLCIPHER is not set # BR2_PACKAGE_SQLITE is not set - -# -# sqlitecpp needs a toolchain w/ C++11, gcc >= 4.9 -# +# BR2_PACKAGE_SQLITECPP is not set # BR2_PACKAGE_UNIXODBC is not set # @@ -1943,61 +1457,30 @@ BR2_PACKAGE_ROCKSDB_ARCH_SUPPORTS=y # BR2_PACKAGE_LIBNFS is not set # BR2_PACKAGE_LIBSYSFS is not set # BR2_PACKAGE_LOCKDEV is not set - -# -# physfs needs a toolchain w/ C++, threads -# +# BR2_PACKAGE_PHYSFS is not set # # Graphics # - -# -# assimp needs a toolchain w/ C++, wchar, gcc >= 7 -# +# BR2_PACKAGE_ASSIMP is not set # BR2_PACKAGE_AT_SPI2_CORE is not set - -# -# atkmm needs a toolchain w/ C++, wchar, threads, gcc >= 7, dynamic library -# - -# -# atkmm (2.28.x) needs a toolchain w/ C++, wchar, threads, gcc >= 4.9, dynamic library -# - -# -# bullet needs a toolchain w/ C++, dynamic library, threads, wchar -# +# BR2_PACKAGE_ATKMM is not set +# BR2_PACKAGE_ATKMM2_28 is not set +# BR2_PACKAGE_BULLET is not set # BR2_PACKAGE_CAIRO is not set - -# -# cairomm needs a toolchain w/ C++, wchar, threads, gcc >= 7 -# - -# -# cairomm (1.14.x) needs a toolchain w/ C++, wchar, threads, gcc >= 4.9 -# +# BR2_PACKAGE_CAIROMM is not set +# BR2_PACKAGE_CAIROMM1_14 is not set # # chipmunk needs an OpenGL backend # - -# -# exempi needs a toolchain w/ C++, dynamic library, threads, wchar -# - -# -# exiv2 needs a uClibc or glibc toolchain w/ C++, wchar, dynamic library, threads -# +# BR2_PACKAGE_EXEMPI is not set +# BR2_PACKAGE_EXIV2 is not set BR2_PACKAGE_FLUTTER_ENGINE_ARCH_SUPPORTS=y # # flutter-engine needs an OpenGL or OpenGLES backend # - -# -# flutter-engine needs a glibc toolchain w/ wchar, C++, gcc >= 5, dynamic library, host gcc >= 5 -# # BR2_PACKAGE_FONTCONFIG is not set # BR2_PACKAGE_FREETYPE is not set # BR2_PACKAGE_GD is not set @@ -2008,60 +1491,33 @@ BR2_PACKAGE_FLUTTER_ENGINE_ARCH_SUPPORTS=y # granite needs libgtk3 and a toolchain w/ wchar, threads, gcc >= 4.9 # # BR2_PACKAGE_GRAPHENE is not set - -# -# graphite2 needs a toolchain w/ C++ -# +# BR2_PACKAGE_GRAPHITE2 is not set # # gtkmm3 needs libgtk3 and a toolchain w/ C++, wchar, threads, gcc >= 4.9, dynamic library # - -# -# harfbuzz needs a toolchain w/ C++, gcc >= 4.9 -# +# BR2_PACKAGE_HARFBUZZ is not set # BR2_PACKAGE_IJS is not set # BR2_PACKAGE_IMLIB2 is not set +# BR2_PACKAGE_INTEL_GMMLIB is not set +# BR2_PACKAGE_INTEL_MEDIADRIVER is not set +# BR2_PACKAGE_INTEL_MEDIASDK is not set +# BR2_PACKAGE_INTEL_VPL_GPU_RT is not set # -# intel-gmmlib needs a toolchain w/ dynamic library, C++, threads -# - -# -# intel-mediadriver needs a toolchain w/ dynamic library, gcc >= 8, C++, NPTL -# - -# -# intel-mediasdk needs a toolchain w/ dynamic library, C++, NPTL -# - -# -# intel-vpl-gpu-rt needs a toolchain w/ dynamic library, gcc >= 7, C++, NPTL -# - -# -# irrlicht needs a toolchain w/ C++ +# irrlicht needs X11 and an OpenGL provider # # BR2_PACKAGE_JASPER is not set # BR2_PACKAGE_JBIG2DEC is not set BR2_PACKAGE_JPEG_SIMD_SUPPORT=y # BR2_PACKAGE_JPEG is not set - -# -# kms++ needs a toolchain w/ threads, C++, gcc >= 4.8, headers >= 4.11, wchar -# +# BR2_PACKAGE_KMSXX is not set # BR2_PACKAGE_LCMS2 is not set - -# -# lensfun needs a toolchain w/ C++, threads, wchar -# +# BR2_PACKAGE_LENSFUN is not set # BR2_PACKAGE_LEPTONICA is not set # BR2_PACKAGE_LIBART is not set # BR2_PACKAGE_LIBAVIF is not set - -# -# libdecor needs a toolchain w/ wchar, threads, C++, gcc >= 4.9 -# +# BR2_PACKAGE_LIBDECOR is not set # BR2_PACKAGE_LIBDMTX is not set # BR2_PACKAGE_LIBDRM is not set @@ -2078,14 +1534,8 @@ BR2_PACKAGE_JPEG_SIMD_SUPPORT=y # # libfreeglut depends on X.org and needs an OpenGL backend # - -# -# libfreeimage needs a toolchain w/ C++, dynamic library, wchar -# - -# -# libgeotiff needs a toolchain w/ C++, gcc >= 4.7, NPTL, wchar -# +# BR2_PACKAGE_LIBFREEIMAGE is not set +# BR2_PACKAGE_LIBGEOTIFF is not set # # libglew depends on X.org and needs an OpenGL backend @@ -2100,82 +1550,41 @@ BR2_PACKAGE_JPEG_SIMD_SUPPORT=y # # BR2_PACKAGE_LIBGTA is not set -# -# libgtk3 needs a toolchain w/ wchar, threads, C++, gcc >= 4.9 -# - # # libgtk3 needs an OpenGL or an OpenGL-EGL backend # -# -# libgtk4 needs a toolchain w/ wchar, threads, C++, gcc >= 4.9 -# - # # libgtk4 needs an OpenGL(ES) EGL backend # - -# -# libjxl needs a toolchain with C++, threads, gcc >= 7, dynamic library -# +# BR2_PACKAGE_LIBJXL is not set # BR2_PACKAGE_LIBMEDIAART is not set # BR2_PACKAGE_LIBMNG is not set # BR2_PACKAGE_LIBPNG is not set # BR2_PACKAGE_LIBQRENCODE is not set - -# -# libraw needs a toolchain w/ C++ -# - -# -# librsvg needs a toolchain w/ wchar, threads, C++, gcc >= 4.9 -# +# BR2_PACKAGE_LIBRAW is not set +# BR2_PACKAGE_LIBRSVG is not set # BR2_PACKAGE_LIBSVG is not set # BR2_PACKAGE_LIBSVG_CAIRO is not set # BR2_PACKAGE_LIBVA is not set # BR2_PACKAGE_LIBVA_INTEL_DRIVER is not set - -# -# libvips needs a toolchain w/ wchar, threads, C++ -# +# BR2_PACKAGE_LIBVIPS is not set BR2_PACKAGE_LIBVPL_ARCH_SUPPORTS=y - -# -# libvpl needs a toolchain w/ dynamic library, gcc >= 7, C++, threads -# +# BR2_PACKAGE_LIBVPL is not set # # libwpe needs a toolchain w/ C++, dynamic library and an OpenEGL-capable backend # # BR2_PACKAGE_MENU_CACHE is not set # BR2_PACKAGE_OPENCL_HEADERS is not set - -# -# opencv3 needs a toolchain w/ C++, NPTL, wchar, dynamic library -# - -# -# opencv4 needs a toolchain w/ C++, NPTL, wchar, dynamic library, gcc >= 4.8 -# +# BR2_PACKAGE_OPENCV3 is not set +# BR2_PACKAGE_OPENCV4 is not set # BR2_PACKAGE_OPENJPEG is not set - -# -# pango needs a toolchain w/ wchar, threads, C++, gcc >= 4.9 -# - -# -# pangomm needs a toolchain w/ C++, wchar, threads, gcc >= 7 -# - -# -# pangomm (2.46.x) needs a toolchain w/ C++, wchar, threads, gcc >= 4.9 -# +# BR2_PACKAGE_PANGO is not set +# BR2_PACKAGE_PANGOMM is not set +# BR2_PACKAGE_PANGOMM2_46 is not set # BR2_PACKAGE_PIXMAN is not set - -# -# poppler needs a toolchain w/ wchar, C++, threads, dynamic library, gcc >= 7 -# +# BR2_PACKAGE_POPPLER is not set # BR2_PACKAGE_STB is not set # BR2_PACKAGE_TIFF is not set # BR2_PACKAGE_WAYLAND is not set @@ -2189,31 +1598,18 @@ BR2_PACKAGE_WEBKITGTK_ARCH_SUPPORTS=y # # wlroots needs udev, EGL, OpenGL ES and GBM support # - -# -# woff2 needs a toolchain w/ C++ -# +# BR2_PACKAGE_WOFF2 is not set # # wpebackend-fdo needs a toolchain w/ C++, wchar, threads, dynamic library and EGL support # BR2_PACKAGE_WPEWEBKIT_ARCH_SUPPORTS=y -# -# wpewebkit needs a toolchain w/ C++, wchar, NPTL, dynamic library, gcc >= 11, host gcc >= 4.9 -# - # # wpewebkit needs an OpenGL ES w/ EGL-capable Wayland backend # - -# -# zbar needs a toolchain w/ threads, C++ and headers >= 3.0 -# - -# -# zxing-cpp needs a toolchain w/ C++, wchar, dynamic library, threads -# +# BR2_PACKAGE_ZBAR is not set +# BR2_PACKAGE_ZXING_CPP is not set # # Hardware handling @@ -2232,14 +1628,8 @@ BR2_PACKAGE_GNU_EFI_ARCH_SUPPORTS=y # hidapi needs udev /dev management and a toolchain w/ NPTL, gcc >= 4.9 # # BR2_PACKAGE_JITTERENTROPY_LIBRARY is not set - -# -# lcdapi needs a toolchain w/ C++, threads -# - -# -# let-me-create needs a toolchain w/ C++, threads, dynamic library -# +# BR2_PACKAGE_LCDAPI is not set +# BR2_PACKAGE_LET_ME_CREATE is not set # BR2_PACKAGE_LIBAIO is not set # @@ -2249,17 +1639,17 @@ BR2_PACKAGE_GNU_EFI_ARCH_SUPPORTS=y # # libblockdev needs udev /dev management and a toolchain w/ wchar, threads, dynamic library, locale # - -# -# libcec needs a toolchain w/ C++, wchar, threads, dynamic library, gcc >= 4.7 -# +# BR2_PACKAGE_LIBCEC is not set # BR2_PACKAGE_LIBDISPLAY_INFO is not set # BR2_PACKAGE_LIBFREEFARE is not set # BR2_PACKAGE_LIBFTDI is not set # BR2_PACKAGE_LIBFTDI1 is not set # BR2_PACKAGE_LIBGPHOTO2 is not set # BR2_PACKAGE_LIBGPIOD is not set -# BR2_PACKAGE_LIBGPIOD2 is not set + +# +# libgpiod2 needs kernel headers >= 5.10 +# # # libgudev needs udev /dev handling and a toolchain w/ wchar, threads @@ -2281,10 +1671,7 @@ BR2_PACKAGE_GNU_EFI_ARCH_SUPPORTS=y # BR2_PACKAGE_LIBQRTR_GLIB is not set # BR2_PACKAGE_LIBRAW1394 is not set # BR2_PACKAGE_LIBRTLSDR is not set - -# -# libserial needs a toolchain w/ C++, gcc >= 5, threads, wchar -# +# BR2_PACKAGE_LIBSERIAL is not set # BR2_PACKAGE_LIBSERIALPORT is not set # BR2_PACKAGE_LIBSIGROK is not set # BR2_PACKAGE_LIBSIGROKDECODE is not set @@ -2292,10 +1679,7 @@ BR2_PACKAGE_GNU_EFI_ARCH_SUPPORTS=y # BR2_PACKAGE_LIBSS7 is not set # BR2_PACKAGE_LIBUSB is not set # BR2_PACKAGE_LIBUSBGX is not set - -# -# libv4l needs a toolchain w/ threads, C++ and headers >= 3.0 -# +# BR2_PACKAGE_LIBV4L is not set # BR2_PACKAGE_LIBXKBCOMMON is not set BR2_PACKAGE_MRAA_ARCH_SUPPORTS=y # BR2_PACKAGE_MRAA is not set @@ -2305,19 +1689,10 @@ BR2_PACKAGE_MRAA_ARCH_SUPPORTS=y # BR2_PACKAGE_OWFS is not set # BR2_PACKAGE_PCSC_LITE is not set # BR2_PACKAGE_PICO_SDK is not set - -# -# SoapySDR needs a toolchain w/ C++, threads, dynamic library -# +# BR2_PACKAGE_SOAPY_SDR is not set # BR2_PACKAGE_TSLIB is not set - -# -# uhd needs a toolchain w/ C++, NPTL, wchar, dynamic library, gcc >= 7 -# - -# -# urg needs a toolchain w/ C++ -# +# BR2_PACKAGE_UHD is not set +# BR2_PACKAGE_URG is not set # # Javascript @@ -2340,288 +1715,141 @@ BR2_PACKAGE_MRAA_ARCH_SUPPORTS=y # # JSON/XML # - -# -# benejson needs a toolchain w/ C++ -# +# BR2_PACKAGE_BENEJSON is not set # BR2_PACKAGE_CJSON is not set # BR2_PACKAGE_EXPAT is not set # BR2_PACKAGE_JANSSON is not set # BR2_PACKAGE_JOSE is not set # BR2_PACKAGE_JSMN is not set # BR2_PACKAGE_JSON_C is not set - -# -# json-for-modern-cpp needs a toolchain w/ C++, gcc >= 4.9 -# +# BR2_PACKAGE_JSON_FOR_MODERN_CPP is not set # BR2_PACKAGE_JSON_GLIB is not set - -# -# jsoncpp needs a toolchain w/ C++, gcc >= 4.7 -# +# BR2_PACKAGE_JSONCPP is not set # BR2_PACKAGE_LIBBSON is not set # BR2_PACKAGE_LIBFASTJSON is not set - -# -# libjson needs a toolchain w/ C++ -# +# BR2_PACKAGE_LIBJSON is not set # BR2_PACKAGE_LIBJWT is not set # BR2_PACKAGE_LIBROXML is not set # BR2_PACKAGE_LIBUCL is not set # BR2_PACKAGE_LIBXML2 is not set # BR2_PACKAGE_LIBXMLB is not set - -# -# libxml++ needs a toolchain w/ C++, wchar, threads, gcc >= 7 -# +# BR2_PACKAGE_LIBXMLPP is not set # BR2_PACKAGE_LIBXMLRPC is not set # BR2_PACKAGE_LIBXSLT is not set # BR2_PACKAGE_LIBYAML is not set # BR2_PACKAGE_MXML is not set - -# -# pugixml needs a toolchain w/ C++ -# - -# -# rapidjson needs a toolchain w/ C++ -# +# BR2_PACKAGE_PUGIXML is not set +# BR2_PACKAGE_RAPIDJSON is not set # BR2_PACKAGE_RAPIDXML is not set # BR2_PACKAGE_RAPTOR is not set # BR2_PACKAGE_SERD is not set # BR2_PACKAGE_SORD is not set +# BR2_PACKAGE_TINYXML is not set +# BR2_PACKAGE_TINYXML2 is not set +# BR2_PACKAGE_VALIJSON is not set +# BR2_PACKAGE_XERCES is not set +# BR2_PACKAGE_XML_SECURITY_C is not set +# BR2_PACKAGE_YAJL is not set +# BR2_PACKAGE_YAML_CPP is not set # -# tinyxml needs a toolchain w/ C++ -# - -# -# tinyxml2 needs a toolchain w/ C++ +# Logging # +# BR2_PACKAGE_GLOG is not set +# BR2_PACKAGE_HAWKTRACER is not set +# BR2_PACKAGE_LIBLOG4C_LOCALTIME is not set +# BR2_PACKAGE_LIBLOGGING is not set +# BR2_PACKAGE_LOG4CPLUS is not set +# BR2_PACKAGE_LOG4CPP is not set +# BR2_PACKAGE_LOG4CXX is not set # -# valijson needs a toolchain w/ C++ +# log4qt needs qt5 # +# BR2_PACKAGE_OPENTRACING_CPP is not set +# BR2_PACKAGE_SPDLOG is not set +# BR2_PACKAGE_ULOG is not set +# BR2_PACKAGE_ZLOG is not set # -# xerces-c++ needs a toolchain w/ C++, dynamic library, wchar +# Multimedia # +# BR2_PACKAGE_BENTO4 is not set +# BR2_PACKAGE_BITSTREAM is not set +# BR2_PACKAGE_DAV1D is not set +# BR2_PACKAGE_KVAZAAR is not set +# BR2_PACKAGE_LIBAACS is not set +# BR2_PACKAGE_LIBASS is not set +# BR2_PACKAGE_LIBBDPLUS is not set +# BR2_PACKAGE_LIBBLURAY is not set +BR2_PACKAGE_LIBCAMERA_ARCH_SUPPORTS=y +# BR2_PACKAGE_LIBCAMERA is not set # -# xml-security-c needs a toolchain w/ C++, wchar, dynamic library, threads, gcc >= 4.7 -# -# BR2_PACKAGE_YAJL is not set - -# -# yaml-cpp needs a toolchain w/ C++, gcc >= 4.7 -# - -# -# Logging -# - -# -# glog needs a toolchain w/ C++, threads, gcc >= 6 -# - -# -# hawktracer needs a toolchain w/ C++, gcc >= 4.8 -# -# BR2_PACKAGE_LIBLOG4C_LOCALTIME is not set -# BR2_PACKAGE_LIBLOGGING is not set - -# -# log4cplus needs a toolchain w/ C++, wchar, threads, gcc >= 4.8 -# - -# -# log4cpp needs a toolchain w/ C++, threads -# - -# -# log4cxx needs a toolchain w/ C++, threads, dynamic library, wchar -# - -# -# log4qt needs qt5 -# - -# -# opentracing-cpp needs a toolchain w/ C++, threads, dynamic library, gcc >= 4.8 -# - -# -# spdlog needs a toolchain w/ C++, threads, wchar -# - -# -# ulog needs a toolchain w/ C++, threads -# -# BR2_PACKAGE_ZLOG is not set - -# -# Multimedia -# - -# -# bento4 support needs a toolchain with C++ -# -# BR2_PACKAGE_BITSTREAM is not set -# BR2_PACKAGE_DAV1D is not set - -# -# kvazaar needs a toolchain w/ C++, threads -# -# BR2_PACKAGE_LIBAACS is not set - -# -# libass needs a toolchain w/ C++, gcc >= 4.9 -# -# BR2_PACKAGE_LIBBDPLUS is not set -# BR2_PACKAGE_LIBBLURAY is not set -BR2_PACKAGE_LIBCAMERA_ARCH_SUPPORTS=y - -# -# libcamera needs a toolchain w/ C++, threads, wchar, dynamic library, gcc >= 8 -# - -# -# libcamera-apps needs a toolchain w/ C++, threads, wchar, dynamic library, gcc >= 8, headers >= 5.5 -# - -# -# libde265 needs a toolchain w/ threads, C++ +# libcamera-apps needs a toolchain w/ C++, threads, wchar, dynamic library, gcc >= 8, headers >= 5.5 # +# BR2_PACKAGE_LIBDE265 is not set # BR2_PACKAGE_LIBDVBCSA is not set # BR2_PACKAGE_LIBDVBPSI is not set - -# -# libdvbsi++ needs a toolchain w/ C++, wchar, threads -# +# BR2_PACKAGE_LIBDVBSI is not set # BR2_PACKAGE_LIBDVDCSS is not set # BR2_PACKAGE_LIBDVDNAV is not set # BR2_PACKAGE_LIBDVDREAD is not set - -# -# libebml needs a toolchain w/ C++, wchar, gcc >= 4.9 -# +# BR2_PACKAGE_LIBEBML is not set # BR2_PACKAGE_LIBHDHOMERUN is not set - -# -# libheif needs a toolchain w/ C++, gcc >= 4.8 -# - -# -# libmatroska needs a toolchain w/ C++, wchar, gcc >= 4.9 -# +# BR2_PACKAGE_LIBHEIF is not set +# BR2_PACKAGE_LIBMATROSKA is not set # BR2_PACKAGE_LIBMMS is not set # BR2_PACKAGE_LIBMPEG2 is not set # BR2_PACKAGE_LIBOGG is not set # BR2_PACKAGE_LIBOPENAPTX is not set BR2_PACKAGE_LIBOPENH264_ARCH_SUPPORTS=y - -# -# libopenh264 needs a toolchain w/ C++, dynamic library, threads -# +# BR2_PACKAGE_LIBOPENH264 is not set # BR2_PACKAGE_LIBOPUSENC is not set # BR2_PACKAGE_LIBTHEORA is not set # BR2_PACKAGE_LIBUDFREAD is not set # BR2_PACKAGE_LIBVPX is not set - -# -# libyuv needs a toolchain w/ C++, dynamic library -# - -# -# live555 needs a toolchain w/ C++ -# - -# -# mediastreamer needs a toolchain w/ threads, C++, dynamic library, gcc >= 5 -# +# BR2_PACKAGE_LIBYUV is not set +# BR2_PACKAGE_LIVE555 is not set +# BR2_PACKAGE_MEDIASTREAMER is not set # BR2_PACKAGE_X264 is not set - -# -# x265 needs a toolchain w/ C++, threads, dynamic library -# +# BR2_PACKAGE_X265 is not set # # Networking # - -# -# agent++ needs a toolchain w/ threads, C++, dynamic library -# - -# -# azmq needs a toolchain w/ C++11, wchar and threads -# - -# -# azure-iot-sdk-c needs a toolchain w/ C++, NPTL and wchar -# +# BR2_PACKAGE_AGENTPP is not set +# BR2_PACKAGE_AZMQ is not set +# BR2_PACKAGE_AZURE_IOT_SDK_C is not set # BR2_PACKAGE_BATMAN_ADV is not set - -# -# belle-sip needs a toolchain w/ threads, C++, dynamic library, wchar -# +# BR2_PACKAGE_BELLE_SIP is not set # BR2_PACKAGE_C_ARES is not set # BR2_PACKAGE_CNI_PLUGINS is not set - -# -# cpp-httplib needs a toolchain w/ C++, wchar, threads -# - -# -# cppzmq needs a toolchain w/ C++, threads -# - -# -# curlpp needs a toolchain w/ C++, dynamic library -# - -# -# czmq needs a toolchain w/ C++, threads -# +# BR2_PACKAGE_CPP_HTTPLIB is not set +# BR2_PACKAGE_CPPZMQ is not set +# BR2_PACKAGE_CURLPP is not set +# BR2_PACKAGE_CZMQ is not set # BR2_PACKAGE_DAQ is not set # BR2_PACKAGE_DAQ3 is not set # BR2_PACKAGE_DAVICI is not set # BR2_PACKAGE_DHT is not set # BR2_PACKAGE_ENET is not set - -# -# filemq needs a toolchain w/ C++, threads -# +# BR2_PACKAGE_FILEMQ is not set # BR2_PACKAGE_FREERADIUS_CLIENT is not set # BR2_PACKAGE_GENSIO is not set # BR2_PACKAGE_GEOIP is not set # BR2_PACKAGE_GLIB_NETWORKING is not set - -# -# grpc needs a toolchain w/ C++, threads, dynamic library, gcc >= 8 -# +# BR2_PACKAGE_GRPC is not set # BR2_PACKAGE_GSSDP is not set # BR2_PACKAGE_GUPNP is not set # BR2_PACKAGE_GUPNP_AV is not set # BR2_PACKAGE_GUPNP_DLNA is not set - -# -# ibrcommon needs a toolchain w/ C++, threads -# - -# -# ibrdtn needs a toolchain w/ C++, threads -# +# BR2_PACKAGE_IBRCOMMON is not set +# BR2_PACKAGE_IBRDTN is not set # BR2_PACKAGE_LIBCGI is not set - -# -# libcgicc needs a toolchain w/ C++ -# +# BR2_PACKAGE_LIBCGICC is not set # BR2_PACKAGE_LIBCOAP is not set - -# -# libcpprestsdk needs a toolchain w/ NPTL, C++, wchar, locale -# +# BR2_PACKAGE_LIBCPPRESTSDK is not set # BR2_PACKAGE_LIBCURL is not set # BR2_PACKAGE_LIBDNET is not set # BR2_PACKAGE_LIBEXOSIP2 is not set @@ -2630,10 +1858,7 @@ BR2_PACKAGE_LIBOPENH264_ARCH_SUPPORTS=y # BR2_PACKAGE_LIBGSASL is not set # BR2_PACKAGE_LIBHTP is not set # BR2_PACKAGE_LIBHTTPPARSER is not set - -# -# libhttpserver needs a toolchain w/ C++, threads, gcc >= 7 -# +# BR2_PACKAGE_LIBHTTPSERVER is not set # BR2_PACKAGE_LIBIDN is not set # BR2_PACKAGE_LIBIDN2 is not set # BR2_PACKAGE_LIBISCSI is not set @@ -2641,18 +1866,12 @@ BR2_PACKAGE_LIBOPENH264_ARCH_SUPPORTS=y # BR2_PACKAGE_LIBLDNS is not set # BR2_PACKAGE_LIBMAXMINDDB is not set # BR2_PACKAGE_LIBMBUS is not set - -# -# libmemcached needs a toolchain w/ C++, threads -# +# BR2_PACKAGE_LIBMEMCACHED is not set # BR2_PACKAGE_LIBMICROHTTPD is not set # BR2_PACKAGE_LIBMINIUPNPC is not set # BR2_PACKAGE_LIBMNL is not set # BR2_PACKAGE_LIBMODBUS is not set - -# -# libmodsecurity needs a toolchain w/ C++, threads, dynamic library -# +# BR2_PACKAGE_LIBMODSECURITY is not set # BR2_PACKAGE_LIBNATPMP is not set # BR2_PACKAGE_LIBNDP is not set # BR2_PACKAGE_LIBNET is not set @@ -2668,18 +1887,12 @@ BR2_PACKAGE_LIBOPENH264_ARCH_SUPPORTS=y # BR2_PACKAGE_LIBNICE is not set # BR2_PACKAGE_LIBNIDS is not set # BR2_PACKAGE_LIBNL is not set - -# -# libnpupnp needs a toolchain w/ C++, threads, gcc >= 4.9 -# +# BR2_PACKAGE_LIBNPUPNP is not set # BR2_PACKAGE_LIBOPING is not set # BR2_PACKAGE_LIBOSIP2 is not set # BR2_PACKAGE_LIBPAGEKITE is not set # BR2_PACKAGE_LIBPCAP is not set - -# -# libpjsip needs a toolchain w/ C++, threads -# +# BR2_PACKAGE_LIBPJSIP is not set # BR2_PACKAGE_LIBPSL is not set # BR2_PACKAGE_LIBRELP is not set # BR2_PACKAGE_LIBRSYNC is not set @@ -2693,26 +1906,14 @@ BR2_PACKAGE_LIBOPENH264_ARCH_SUPPORTS=y # BR2_PACKAGE_LIBTEAM is not set # BR2_PACKAGE_LIBTELNET is not set # BR2_PACKAGE_LIBTIRPC is not set - -# -# libtorrent needs a toolchain w/ C++, threads -# - -# -# libtorrent-rasterbar needs a toolchain w/ C++, threads, wchar, gcc >= 4.9 -# +# BR2_PACKAGE_LIBTORRENT is not set +# BR2_PACKAGE_LIBTORRENT_RASTERBAR is not set # BR2_PACKAGE_LIBUEV is not set # BR2_PACKAGE_LIBUHTTPD is not set # BR2_PACKAGE_LIBUPNP is not set - -# -# libupnpp needs a toolchain w/ C++, threads, gcc >= 4.9 -# +# BR2_PACKAGE_LIBUPNPP is not set # BR2_PACKAGE_LIBURIPARSER is not set - -# -# libutp support needs a toolchain with C++ -# +# BR2_PACKAGE_LIBUTP is not set # BR2_PACKAGE_LIBUWSC is not set # BR2_PACKAGE_LIBVNCSERVER is not set # BR2_PACKAGE_LIBWEBSOCKETS is not set @@ -2726,228 +1927,90 @@ BR2_PACKAGE_LIBZENOH_C_ARCH_SUPPORTS=y # BR2_PACKAGE_MONGOOSE is not set # BR2_PACKAGE_NANOMSG is not set # BR2_PACKAGE_NEON is not set - -# -# netopeer2 needs a toolchain w/ gcc >= 4.8, C++, threads, dynamic library -# +# BR2_PACKAGE_NETOPEER2 is not set # BR2_PACKAGE_NGHTTP2 is not set - -# -# norm needs a toolchain w/ C++, threads, dynamic library -# +# BR2_PACKAGE_NORM is not set # BR2_PACKAGE_NSS_MYHOSTNAME is not set # BR2_PACKAGE_NSS_PAM_LDAPD is not set - -# -# oatpp needs a toolchain w/ C++, threads -# - -# -# omniORB needs a toolchain w/ C++, threads -# +# BR2_PACKAGE_OATPP is not set +# BR2_PACKAGE_OMNIORB is not set # BR2_PACKAGE_OPEN_ISNS is not set # BR2_PACKAGE_OPEN62541 is not set # BR2_PACKAGE_OPENLDAP is not set - -# -# openmpi needs a toolchain w/ dynamic library, NPTL, wchar, C++ -# +# BR2_PACKAGE_OPENMPI is not set # BR2_PACKAGE_OPENPGM is not set - -# -# openzwave needs a toolchain w/ C++, dynamic library, NPTL, wchar -# - -# -# ortp needs a toolchain w/ C++, threads -# +# BR2_PACKAGE_OPENZWAVE is not set +# BR2_PACKAGE_ORTP is not set # BR2_PACKAGE_PAHO_MQTT_C is not set - -# -# paho-mqtt-cpp needs a toolchain w/ threads, C++ -# - -# -# pistache needs a toolchain w/ C++, gcc >= 7, NPTL, wchar -# +# BR2_PACKAGE_PAHO_MQTT_CPP is not set +# BR2_PACKAGE_PISTACHE is not set # BR2_PACKAGE_QDECODER is not set - -# -# qpid-proton needs a toolchain w/ C++, dynamic library, threads -# +# BR2_PACKAGE_QPID_PROTON is not set # BR2_PACKAGE_RABBITMQ_C is not set - -# -# resiprocate needs a toolchain w/ C++, threads, wchar -# - -# -# restclient-cpp needs a toolchain w/ C++, gcc >= 4.8 -# +# BR2_PACKAGE_RESIPROCATE is not set +# BR2_PACKAGE_RESTCLIENT_CPP is not set # BR2_PACKAGE_RTMPDUMP is not set # BR2_PACKAGE_SIPROXD is not set # BR2_PACKAGE_SLIRP is not set # BR2_PACKAGE_SLIRP4NETNS is not set - -# -# snmp++ needs a toolchain w/ threads, C++, dynamic library -# +# BR2_PACKAGE_SNMPPP is not set # BR2_PACKAGE_SOFIA_SIP is not set # BR2_PACKAGE_SSCEP is not set - -# -# sysrepo needs a toolchain w/ C++, NPTL, dynamic library, gcc >= 4.8 -# - -# -# thrift needs a toolchain w/ C++, wchar, threads -# +# BR2_PACKAGE_SYSREPO is not set +# BR2_PACKAGE_THRIFT is not set # BR2_PACKAGE_USBREDIR is not set - -# -# wampcc needs a toolchain w/ C++, NPTL, dynamic library, gcc >= 4.9 -# - -# -# websocketpp needs a toolchain w/ C++ and gcc >= 4.8 -# - -# -# zeromq needs a toolchain w/ C++, threads -# - -# -# zmqpp needs a toolchain w/ C++, threads, gcc >= 4.7 -# - -# -# zyre needs a toolchain w/ C++, threads -# +# BR2_PACKAGE_WAMPCC is not set +# BR2_PACKAGE_WEBSOCKETPP is not set +# BR2_PACKAGE_ZEROMQ is not set +# BR2_PACKAGE_ZMQPP is not set +# BR2_PACKAGE_ZYRE is not set # # Other # - -# -# ACE needs a glibc toolchain, dynamic library, C++, gcc >= 4.9 -# +# BR2_PACKAGE_ACE is not set # BR2_PACKAGE_APR is not set # BR2_PACKAGE_APR_UTIL is not set - -# -# atf needs a toolchain w/ C++ -# +# BR2_PACKAGE_ATF is not set # BR2_PACKAGE_AVRO_C is not set # BR2_PACKAGE_BASU is not set - -# -# bctoolbox needs a toolchain w/ C++, threads -# +# BR2_PACKAGE_BCTOOLBOX is not set # BR2_PACKAGE_BDWGC is not set - -# -# belr needs a toolchain w/ threads, C++ -# - -# -# boost needs a toolchain w/ C++, threads, wchar -# - -# -# c-capnproto needs host and target gcc >= 5 w/ C++14, threads, atomic, ucontext and not gcc bug 64735 -# - -# -# capnproto needs host and target gcc >= 5 w/ C++14, threads, atomic, ucontext and not gcc bug 64735 -# - -# -# catch2 needs a toolchain w/ C++, wchar, threads, gcc >= 5 -# - -# -# cctz needs a toolchain w/ C++, threads, gcc >= 4.8 -# - -# -# cereal needs a toolchain w/ C++, gcc >= 4.7, threads, wchar -# - -# -# clang needs a toolchain w/ wchar, threads, C++, gcc >= 7, dynamic library, host gcc >= 7 -# +# BR2_PACKAGE_BELR is not set +# BR2_PACKAGE_BOOST is not set +# BR2_PACKAGE_C_CAPNPROTO is not set +# BR2_PACKAGE_CAPNPROTO is not set +# BR2_PACKAGE_CATCH2 is not set +# BR2_PACKAGE_CCTZ is not set +# BR2_PACKAGE_CEREAL is not set +# BR2_PACKAGE_CLANG is not set # BR2_PACKAGE_CMOCKA is not set - -# -# cppcms needs a toolchain w/ C++, NPTL, wchar, dynamic library -# +# BR2_PACKAGE_CPPCMS is not set # BR2_PACKAGE_CRACKLIB is not set - -# -# dawgdic needs a toolchain w/ C++, gcc >= 4.6 -# +# BR2_PACKAGE_DAWGDIC is not set # BR2_PACKAGE_DING_LIBS is not set - -# -# dlib needs a toolchain w/ C++, threads, wchar -# +# BR2_PACKAGE_DLIB is not set # BR2_PACKAGE_DOTCONF is not set - -# -# double-conversion needs a toolchain w/ C++ -# - -# -# eigen needs a toolchain w/ C++ -# +# BR2_PACKAGE_DOUBLE_CONVERSION is not set +# BR2_PACKAGE_EIGEN is not set # BR2_PACKAGE_ELFUTILS is not set # BR2_PACKAGE_ELL is not set - -# -# farmhash needs a toolchain w/ C++11 -# +# BR2_PACKAGE_FARMHASH is not set # BR2_PACKAGE_FFT2D is not set # BR2_PACKAGE_FFTW is not set - -# -# flann needs a toolchain w/ C++, dynamic library, gcc >= 4.7 -# - -# -# flatbuffers needs a toolchain w/ C++, gcc >= 4.7 -# +# BR2_PACKAGE_FLANN is not set +# BR2_PACKAGE_FLATBUFFERS is not set # BR2_PACKAGE_FLATCC is not set # BR2_PACKAGE_FP16 is not set # BR2_PACKAGE_FXDIV is not set # BR2_PACKAGE_GCONF is not set - -# -# gdal needs a toolchain w/ C++, dynamic library, gcc >= 4.7, NPTL, wchar -# - -# -# gemmlowp needs a toolchain w/ C++11 -# - -# -# gflags needs a toolchain w/ C++ -# - -# -# gli needs a toolchain w/ C++ -# - -# -# glibmm needs a toolchain w/ C++, wchar, threads, gcc >= 7 -# - -# -# glibmm (2.66.x) needs a toolchain w/ C++, wchar, threads, gcc >= 4.9 -# - -# -# glm needs a toolchain w/ C++ -# +# BR2_PACKAGE_GDAL is not set +# BR2_PACKAGE_GEMMLOWP is not set +# BR2_PACKAGE_GFLAGS is not set +# BR2_PACKAGE_GLI is not set +# BR2_PACKAGE_GLIBMM is not set +# BR2_PACKAGE_GLIBMM2_66 is not set +# BR2_PACKAGE_GLM is not set # BR2_PACKAGE_GMP is not set BR2_PACKAGE_GOBJECT_INTROSPECTION_ARCH_SUPPORTS=y @@ -2955,15 +2018,9 @@ BR2_PACKAGE_GOBJECT_INTROSPECTION_ARCH_SUPPORTS=y # gobject-introspection needs python3 # # BR2_PACKAGE_GSL is not set - -# -# gtest needs a toolchain w/ C++, wchar, threads, gcc >= 7 -# +# BR2_PACKAGE_GTEST is not set # BR2_PACKAGE_GUMBO_PARSER is not set - -# -# highway needs a toolchain w/ C++, gcc >= 7 -# +# BR2_PACKAGE_HIGHWAY is not set BR2_PACKAGE_JEMALLOC_ARCH_SUPPORTS=y # BR2_PACKAGE_JEMALLOC is not set BR2_PACKAGE_LAPACK_ARCH_SUPPORTS=y @@ -2972,10 +2029,7 @@ BR2_PACKAGE_LAPACK_ARCH_SUPPORTS=y # lapack/blas needs a toolchain w/ fortran # BR2_PACKAGE_LIBABSEIL_CPP_ARCH_SUPPORTS=y - -# -# libabseil-cpp needs a toolchain w/ gcc >= 8, C++, threads, dynamic library -# +# BR2_PACKAGE_LIBABSEIL_CPP is not set # BR2_PACKAGE_LIBARGTABLE2 is not set BR2_PACKAGE_LIBATOMIC_OPS_ARCH_SUPPORTS=y # BR2_PACKAGE_LIBATOMIC_OPS is not set @@ -2987,25 +2041,16 @@ BR2_PACKAGE_LIBBSD_ARCH_SUPPORTS=y # BR2_PACKAGE_LIBBYTESIZE is not set # BR2_PACKAGE_LIBCAP is not set # BR2_PACKAGE_LIBCAP_NG is not set - -# -# libcgroup needs a toolchain w/ C++, threads -# +# BR2_PACKAGE_LIBCGROUP is not set # BR2_PACKAGE_LIBCLC is not set # BR2_PACKAGE_LIBCORRECT is not set - -# -# libcrossguid needs a toolchain w/ C++, gcc >= 4.7 -# +# BR2_PACKAGE_LIBCROSSGUID is not set # BR2_PACKAGE_LIBCSV is not set # BR2_PACKAGE_LIBDAEMON is not set # BR2_PACKAGE_LIBDEX is not set # BR2_PACKAGE_LIBDILL is not set BR2_PACKAGE_LIBEASTL_ARCH_SUPPORTS=y - -# -# libeastl needs a toolchain w/ C++, threads, gcc >= 4.9 -# +# BR2_PACKAGE_LIBEASTL is not set # BR2_PACKAGE_LIBEE is not set # BR2_PACKAGE_LIBEV is not set # BR2_PACKAGE_LIBEVDEV is not set @@ -3015,75 +2060,39 @@ BR2_PACKAGE_LIBEASTL_ARCH_SUPPORTS=y # libexecinfo needs a musl or uclibc toolchain w/ dynamic library # # BR2_PACKAGE_LIBFFI is not set - -# -# libfutils needs a toolchain w/ C++, threads -# +# BR2_PACKAGE_LIBFUTILS is not set # BR2_PACKAGE_LIBGEE is not set - -# -# libgeos needs a toolchain w/ C++, wchar, gcc >= 4.9, threads -# +# BR2_PACKAGE_LIBGEOS is not set # BR2_PACKAGE_LIBGLIB2 is not set # BR2_PACKAGE_LIBGLOB is not set - -# -# libical needs a toolchain w/ C++, dynamic library, wchar -# +# BR2_PACKAGE_LIBICAL is not set # BR2_PACKAGE_LIBITE is not set - -# -# libks needs a toolchain w/ C++, NPTL, dynamic library -# - -# -# liblinear needs a toolchain w/ C++ -# - -# -# libloki needs a toolchain w/ C++, threads -# +# BR2_PACKAGE_LIBKS is not set +# BR2_PACKAGE_LIBLINEAR is not set +# BR2_PACKAGE_LIBLOKI is not set # BR2_PACKAGE_LIBNPTH is not set BR2_PACKAGE_LIBNSPR_ARCH_SUPPORT=y # BR2_PACKAGE_LIBNSPR is not set - -# -# libosmium needs a toolchain w/ C++, wchar, threads, gcc >= 5 -# +# BR2_PACKAGE_LIBOSMIUM is not set # # libpeas needs python3 # # BR2_PACKAGE_LIBPFM4 is not set - -# -# libplist needs a toolchain w/ C++, threads -# +# BR2_PACKAGE_LIBPLIST is not set # BR2_PACKAGE_LIBPTHREAD_STUBS is not set # BR2_PACKAGE_LIBPTHSEM is not set # BR2_PACKAGE_LIBPWQUALITY is not set -# BR2_PACKAGE_LIBQB is not set -BR2_PACKAGE_LIBSECCOMP_ARCH_SUPPORTS=y -# BR2_PACKAGE_LIBSECCOMP is not set - -# -# libshdata needs a toolchain w/ C++, threads -# - -# -# libsigc++ needs a toolchain w/ C++, gcc >= 7 -# - -# -# libsigc++ (2.x.x) needs a toolchain w/ C++, gcc >= 4.9 -# +# BR2_PACKAGE_LIBQB is not set +BR2_PACKAGE_LIBSECCOMP_ARCH_SUPPORTS=y +# BR2_PACKAGE_LIBSECCOMP is not set +# BR2_PACKAGE_LIBSHDATA is not set +# BR2_PACKAGE_LIBSIGC is not set +# BR2_PACKAGE_LIBSIGC2 is not set BR2_PACKAGE_LIBSIGSEGV_ARCH_SUPPORTS=y # BR2_PACKAGE_LIBSIGSEGV is not set # BR2_PACKAGE_LIBSOLV is not set - -# -# libspatialindex needs a toolchain w/ C++, gcc >= 4.7 -# +# BR2_PACKAGE_LIBSPATIALINDEX is not set # BR2_PACKAGE_LIBTALLOC is not set # BR2_PACKAGE_LIBTASN1 is not set # BR2_PACKAGE_LIBTOMMATH is not set @@ -3093,10 +2102,7 @@ BR2_PACKAGE_LIBSIGSEGV_ARCH_SUPPORTS=y BR2_PACKAGE_LIBUNWIND_ARCH_SUPPORTS=y # BR2_PACKAGE_LIBUNWIND is not set BR2_PACKAGE_LIBURCU_ARCH_SUPPORTS=y - -# -# liburcu needs a toolchain w/ threads, C++ -# +# BR2_PACKAGE_LIBURCU is not set # BR2_PACKAGE_LIBURING is not set # BR2_PACKAGE_LIBUTEMPTER is not set # BR2_PACKAGE_LIBUV is not set @@ -3105,101 +2111,47 @@ BR2_PACKAGE_LIBURCU_ARCH_SUPPORTS=y # BR2_PACKAGE_LIQUID_DSP is not set BR2_PACKAGE_LLVM_ARCH_SUPPORTS=y BR2_PACKAGE_LLVM_TARGET_ARCH="X86" - -# -# llvm needs a toolchain w/ wchar, threads, C++, gcc >= 7, dynamic library, host gcc >= 7 -# - -# -# lttng-libust needs a toolchain w/ dynamic library, wchar, threads, C++ -# +# BR2_PACKAGE_LLVM is not set +# BR2_PACKAGE_LTTNG_LIBUST is not set # BR2_PACKAGE_MATIO is not set # BR2_PACKAGE_MPC is not set # BR2_PACKAGE_MPDECIMAL is not set # BR2_PACKAGE_MPFR is not set # BR2_PACKAGE_MPIR is not set - -# -# msgpack needs a toolchain w/ C++ -# +# BR2_PACKAGE_MSGPACK is not set # BR2_PACKAGE_MSGPACK_C is not set # BR2_PACKAGE_NEON_2_SSE is not set # BR2_PACKAGE_ORC is not set # BR2_PACKAGE_P11_KIT is not set BR2_PACKAGE_POCO_ARCH_SUPPORTS=y - -# -# poco needs a toolchain w/ wchar, NPTL, C++, dynamic library, gcc >= 8 -# +# BR2_PACKAGE_POCO is not set BR2_PACKAGE_HOST_PROTOBUF_ARCH_SUPPORTS=y BR2_PACKAGE_PROTOBUF_ARCH_SUPPORTS=y - -# -# protobuf needs a toolchain w/ C++, threads, dynamic library, gcc >= 8 -# - -# -# protobuf-c needs a toolchain w/ C++, threads, host gcc >= 7 -# - -# -# protozero needs a toolchain w/ C++, gcc >= 4.7 -# +# BR2_PACKAGE_PROTOBUF is not set +# BR2_PACKAGE_PROTOBUF_C is not set +# BR2_PACKAGE_PROTOZERO is not set # BR2_PACKAGE_PSIMD is not set # BR2_PACKAGE_PTHREADPOOL is not set - -# -# qhull needs a toolchain w/ C++, gcc >= 4.4 -# +# BR2_PACKAGE_QHULL is not set # BR2_PACKAGE_QLIBC is not set # BR2_PACKAGE_REPROC is not set - -# -# riemann-c-client needs a toolchain w/ C++, threads, host gcc >= 7 -# +# BR2_PACKAGE_RIEMANN_C_CLIENT is not set BR2_PACKAGE_RUY_ARCH_SUPPORTS=y - -# -# ruy needs a toolchain w/ C++14, threads -# - -# -# shapelib needs a toolchain w/ C++, threads -# +# BR2_PACKAGE_RUY is not set +# BR2_PACKAGE_SHAPELIB is not set # BR2_PACKAGE_SKALIBS is not set # BR2_PACKAGE_SPHINXBASE is not set - -# -# tbb needs a glibc or musl toolchain w/ dynamic library, threads, C++ -# +# BR2_PACKAGE_TBB is not set BR2_PACKAGE_TENSORFLOW_LITE_ARCH_SUPPORTS=y - -# -# tensorflow-lite needs a toolchain w/ gcc >= 8, C++, threads -# +# BR2_PACKAGE_TENSORFLOW_LITE is not set # BR2_PACKAGE_TINYCBOR is not set - -# -# tl-expected needs a toolchain w/ C++, gcc >= 4.8 -# +# BR2_PACKAGE_TL_EXPECTED is not set # BR2_PACKAGE_TLLIST is not set - -# -# uvw needs a toolchain w/ NPTL, dynamic library, C++, gcc >= 7 -# - -# -# volk needs a toolchain w/ C++, NPTL, wchar, dynamic library -# - -# -# xapian needs a toolchain w/ C++ -# +# BR2_PACKAGE_UVW is not set +# BR2_PACKAGE_VOLK is not set +# BR2_PACKAGE_XAPIAN is not set BR2_PACKAGE_XNNPACK_ARCH_SUPPORTS=y - -# -# xnnpack needs a toolchain w/ C++14, threads -# +# BR2_PACKAGE_XNNPACK is not set # # Security @@ -3209,37 +2161,19 @@ BR2_PACKAGE_XNNPACK_ARCH_SUPPORTS=y # BR2_PACKAGE_LIBSEMANAGE is not set # BR2_PACKAGE_LIBSEPOL is not set # BR2_PACKAGE_SAFECLIB is not set - -# -# softhsm2 needs a toolchain w/ C++, threads, gcc >= 4.8 and dynamic library support -# +# BR2_PACKAGE_SOFTHSM2 is not set # # Text and terminal handling # # BR2_PACKAGE_AUGEAS is not set - -# -# cli11 needs a toolchain w/ C++, gcc >= 4.8 -# - -# -# docopt-cpp needs a toolchain w/ C++, gcc >= 4.7 -# - -# -# enchant needs a toolchain w/ C++, threads, wchar -# +# BR2_PACKAGE_CLI11 is not set +# BR2_PACKAGE_DOCOPT_CPP is not set +# BR2_PACKAGE_ENCHANT is not set # BR2_PACKAGE_FCFT is not set - -# -# fmt needs a toolchain w/ C++, wchar -# +# BR2_PACKAGE_FMT is not set # BR2_PACKAGE_FSTRCMP is not set - -# -# icu needs a toolchain w/ C++, wchar, threads, gcc >= 4.9, host gcc >= 4.9 -# +# BR2_PACKAGE_ICU is not set # BR2_PACKAGE_INIH is not set # BR2_PACKAGE_LIBCLI is not set # BR2_PACKAGE_LIBECOLI is not set @@ -3259,25 +2193,13 @@ BR2_PACKAGE_NCURSES_ADDITIONAL_TERMINFO="" # BR2_PACKAGE_PCRE is not set # BR2_PACKAGE_PCRE2 is not set # BR2_PACKAGE_POPT is not set - -# -# re2 needs a toolchain w/ C++, threads, dynamic library, gcc >= 8 -# +# BR2_PACKAGE_RE2 is not set # BR2_PACKAGE_READLINE is not set # BR2_PACKAGE_SLANG is not set - -# -# tclap needs a toolchain w/ C++ -# - -# -# termcolor needs a toolchain w/ C++, gcc >= 4.8 -# +# BR2_PACKAGE_TCLAP is not set +# BR2_PACKAGE_TERMCOLOR is not set # BR2_PACKAGE_UTF8PROC is not set - -# -# taglib needs a toolchain w/ C++ -# +# BR2_PACKAGE_UTFCPP is not set # # Mail @@ -3296,14 +2218,8 @@ BR2_PACKAGE_NCURSES_ADDITIONAL_TERMINFO="" # BR2_PACKAGE_AESPIPE is not set # BR2_PACKAGE_BC is not set BR2_PACKAGE_BITCOIN_ARCH_SUPPORTS=y - -# -# bitcoin needs a toolchain w/ C++, threads, wchar, gcc >= 11 -# - -# -# clamav needs a toolchain w/ C++, dynamic library, threads, wchar -# +# BR2_PACKAGE_BITCOIN is not set +# BR2_PACKAGE_CLAMAV is not set # BR2_PACKAGE_COLLECTD is not set # BR2_PACKAGE_COLLECTL is not set @@ -3313,16 +2229,9 @@ BR2_PACKAGE_BITCOIN_ARCH_SUPPORTS=y # BR2_PACKAGE_EMPTY is not set # BR2_PACKAGE_FFT_EVAL is not set # BR2_PACKAGE_GITLAB_RUNNER is not set - -# -# gnuradio needs a toolchain w/ C++, NPTL, wchar, dynamic library, gcc >= 8 -# +# BR2_PACKAGE_GNURADIO is not set # BR2_PACKAGE_GOOGLEFONTDIRECTORY is not set -# -# gqrx needs a toolchain w/ C++, threads, wchar, dynamic library, gcc >= 8 -# - # # gqrx needs qt5 # @@ -3331,81 +2240,52 @@ BR2_PACKAGE_BITCOIN_ARCH_SUPPORTS=y # BR2_PACKAGE_LINUX_SYSCALL_SUPPORT is not set # BR2_PACKAGE_MOBILE_BROADBAND_PROVIDER_INFO is not set # BR2_PACKAGE_NETDATA is not set - -# -# proj needs a toolchain w/ C++, gcc >= 4.7, NPTL, wchar -# +# BR2_PACKAGE_PROJ is not set BR2_PACKAGE_QEMU_ARCH_SUPPORTS_TARGET=y # BR2_PACKAGE_QEMU is not set - -# -# qpdf needs a toolchain w/ C++, gcc >= 5 -# +# BR2_PACKAGE_QPDF is not set # BR2_PACKAGE_RTL_433 is not set # BR2_PACKAGE_SHARED_MIME_INFO is not set # BR2_PACKAGE_SNOOZE is not set - -# -# sunwait needs a toolchain w/ C++ -# - -# -# taskd needs a toolchain w/ C++, wchar, dynamic library -# +# BR2_PACKAGE_SUNWAIT is not set +# BR2_PACKAGE_TASKD is not set BR2_PACKAGE_XMRIG_ARCH_SUPPORTS=y - -# -# xmrig needs a glibc or musl toolchain w/ NPTL, dynamic library, C++, gcc >= 4.9 -# +# BR2_PACKAGE_XMRIG is not set # BR2_PACKAGE_XUTIL_UTIL_MACROS is not set BR2_PACKAGE_Z3_ARCH_SUPPORTS=y +# BR2_PACKAGE_Z3 is not set # # Networking applications # # BR2_PACKAGE_AARDVARK_DNS is not set - -# -# aircrack-ng needs a toolchain w/ dynamic library, threads, C++ -# +# BR2_PACKAGE_AIRCRACK_NG is not set # BR2_PACKAGE_ALFRED is not set # BR2_PACKAGE_AOETOOLS is not set # BR2_PACKAGE_APACHE is not set # BR2_PACKAGE_ARGUS is not set # BR2_PACKAGE_ARP_SCAN is not set # BR2_PACKAGE_ARPTABLES is not set - -# -# asterisk needs a glibc or uClibc toolchain w/ C++, dynamic library, threads, wchar -# +# BR2_PACKAGE_ASTERISK is not set # BR2_PACKAGE_ATFTP is not set # BR2_PACKAGE_AVAHI is not set # BR2_PACKAGE_AXEL is not set # BR2_PACKAGE_BABELD is not set # BR2_PACKAGE_BANDWIDTHD is not set # BR2_PACKAGE_BATCTL is not set - -# -# bcusdk needs a toolchain w/ C++ -# +# BR2_PACKAGE_BCUSDK is not set # BR2_PACKAGE_BIND is not set # BR2_PACKAGE_BIRD is not set # BR2_PACKAGE_BLUEZ5_UTILS is not set # BR2_PACKAGE_BMON is not set # BR2_PACKAGE_BMX7 is not set - -# -# boinc needs a toolchain w/ dynamic library, C++, threads, gcc >= 4.8 -# +# BR2_PACKAGE_BOINC is not set # BR2_PACKAGE_BRCM_PATCHRAM_PLUS is not set # BR2_PACKAGE_BRIDGE_UTILS is not set # BR2_PACKAGE_BWM_NG is not set # BR2_PACKAGE_C_ICAP is not set # BR2_PACKAGE_CAN_UTILS is not set - -# -# cannelloni needs a toolchain w/ C++, threads, dynamic library, gcc >= 8 -# +# BR2_PACKAGE_CANNELLONI is not set # BR2_PACKAGE_CASYNC is not set # BR2_PACKAGE_CASYNC_NANO is not set # BR2_PACKAGE_CFM is not set @@ -3420,18 +2300,8 @@ BR2_PACKAGE_Z3_ARCH_SUPPORTS=y # BR2_PACKAGE_CONNTRACK_TOOLS is not set # BR2_PACKAGE_CORKSCREW is not set # BR2_PACKAGE_CRDA is not set - -# -# ctorrent needs a toolchain w/ C++ -# - -# -# cups needs a toolchain w/ C++, threads -# - -# -# cups-filters needs a toolchain w/ wchar, C++, threads and dynamic library, gcc >= 5 -# +# BR2_PACKAGE_CTORRENT is not set +# BR2_PACKAGE_CUPS is not set # BR2_PACKAGE_DANTE is not set # BR2_PACKAGE_DARKHTTPD is not set # BR2_PACKAGE_DEHYDRATED is not set @@ -3454,50 +2324,26 @@ BR2_PACKAGE_Z3_ARCH_SUPPORTS=y # BR2_PACKAGE_FLANNEL is not set # BR2_PACKAGE_FPING is not set # BR2_PACKAGE_FREERADIUS_SERVER is not set - -# -# freeswitch needs a toolchain w/ C++, dynamic library, threads, wchar -# - -# -# frr needs a toolchain w/ threads, dynamic library, C++, host gcc >= 7 -# - -# -# gerbera needs a toolchain w/ C++, dynamic library, threads, wchar, gcc >= 8 -# +# BR2_PACKAGE_FREESWITCH is not set +# BR2_PACKAGE_FRR is not set +# BR2_PACKAGE_GERBERA is not set # BR2_PACKAGE_GESFTPSERVER is not set - -# -# gloox needs a toolchain w/ C++ -# +# BR2_PACKAGE_GLOOX is not set # BR2_PACKAGE_GLORYTUN is not set # # gupnp-tools needs libgtk3 # - -# -# hans needs a toolchain w/ C++ -# +# BR2_PACKAGE_HANS is not set BR2_PACKAGE_HAPROXY_ARCH_SUPPORTS=y # BR2_PACKAGE_HAPROXY is not set # BR2_PACKAGE_HOSTAPD is not set # BR2_PACKAGE_HTPDATE is not set # BR2_PACKAGE_HTTPING is not set - -# -# i2pd needs a toolchain w/ C++, NPTL, wchar -# +# BR2_PACKAGE_I2PD is not set # BR2_PACKAGE_IANA_ASSIGNMENTS is not set - -# -# ibrdtn-tools needs a toolchain w/ C++, threads -# - -# -# ibrdtnd needs a toolchain w/ C++, threads -# +# BR2_PACKAGE_IBRDTN_TOOLS is not set +# BR2_PACKAGE_IBRDTND is not set # BR2_PACKAGE_IFMETRIC is not set # BR2_PACKAGE_IFTOP is not set BR2_PACKAGE_IFUPDOWN_SCRIPTS=y @@ -3506,10 +2352,7 @@ BR2_PACKAGE_IFUPDOWN_SCRIPTS=y # BR2_PACKAGE_IGMPPROXY is not set # BR2_PACKAGE_INADYN is not set # BR2_PACKAGE_IODINE is not set - -# -# iperf needs a toolchain w/ C++ -# +# BR2_PACKAGE_IPERF is not set # BR2_PACKAGE_IPERF3 is not set # BR2_PACKAGE_IPROUTE2 is not set # BR2_PACKAGE_IPSET is not set @@ -3521,28 +2364,16 @@ BR2_PACKAGE_IFUPDOWN_SCRIPTS=y # BR2_PACKAGE_IWD is not set # BR2_PACKAGE_JANUS_GATEWAY is not set # BR2_PACKAGE_KEEPALIVED is not set - -# -# kismet needs a toolchain w/ threads, C++, gcc >= 5, host gcc >= 7 -# +# BR2_PACKAGE_KISMET is not set # BR2_PACKAGE_KNOCK is not set # BR2_PACKAGE_KSMBD_TOOLS is not set # BR2_PACKAGE_LEAFNODE2 is not set # BR2_PACKAGE_LFT is not set - -# -# lftp requires a toolchain w/ C++, wchar -# +# BR2_PACKAGE_LFTP is not set # BR2_PACKAGE_LIGHTTPD is not set - -# -# linknx needs a toolchain w/ C++ -# +# BR2_PACKAGE_LINKNX is not set # BR2_PACKAGE_LINKS is not set - -# -# linphone needs a toolchain w/ threads, C++, dynamic library, wchar, gcc >= 5 -# +# BR2_PACKAGE_LINPHONE is not set # BR2_PACKAGE_LINUX_ZIGBEE is not set # BR2_PACKAGE_LINUXPTP is not set # BR2_PACKAGE_LLDPD is not set @@ -3558,14 +2389,8 @@ BR2_PACKAGE_IFUPDOWN_SCRIPTS=y # BR2_PACKAGE_MJPG_STREAMER is not set # BR2_PACKAGE_MODEM_MANAGER is not set BR2_PACKAGE_MONGREL2_LIBC_SUPPORTS=y - -# -# mongrel2 needs a uClibc or glibc toolchain w/ C++, threads, dynamic library -# - -# -# mosh needs a toolchain w/ C++, threads, dynamic library, wchar, gcc >= 8 -# +# BR2_PACKAGE_MONGREL2 is not set +# BR2_PACKAGE_MOSH is not set # BR2_PACKAGE_MOSQUITTO is not set # BR2_PACKAGE_MROUTED is not set # BR2_PACKAGE_MRP is not set @@ -3577,10 +2402,7 @@ BR2_PACKAGE_MONGREL2_LIBC_SUPPORTS=y # BR2_PACKAGE_NETATALK is not set # BR2_PACKAGE_NETAVARK is not set # BR2_PACKAGE_NETCALC is not set - -# -# nethogs needs a toolchain w/ C++ -# +# BR2_PACKAGE_NETHOGS is not set # BR2_PACKAGE_NETPLUG is not set # BR2_PACKAGE_NETSNMP is not set @@ -3592,14 +2414,8 @@ BR2_PACKAGE_MONGREL2_LIBC_SUPPORTS=y # BR2_PACKAGE_NGINX is not set # BR2_PACKAGE_NGIRCD is not set # BR2_PACKAGE_NGREP is not set - -# -# nload needs a toolchain w/ C++ -# - -# -# nmap-nmap needs a toolchain w/ C++, threads -# +# BR2_PACKAGE_NLOAD is not set +# BR2_PACKAGE_NMAP is not set # BR2_PACKAGE_NOIP is not set # BR2_PACKAGE_NTP is not set # BR2_PACKAGE_NTPSEC is not set @@ -3645,45 +2461,27 @@ BR2_PACKAGE_MONGREL2_LIBC_SUPPORTS=y # BR2_PACKAGE_RPCBIND is not set # BR2_PACKAGE_RSH_REDONE is not set # BR2_PACKAGE_RSYNC is not set - -# -# rtorrent needs a toolchain w/ C++, threads, wchar, gcc >= 4.9 -# +# BR2_PACKAGE_RTORRENT is not set # BR2_PACKAGE_RTPTOOLS is not set # BR2_PACKAGE_S6_DNS is not set # BR2_PACKAGE_S6_NETWORKING is not set # BR2_PACKAGE_SAMBA4 is not set - -# -# sconeserver needs a toolchain with dynamic library, C++, NPTL -# +# BR2_PACKAGE_SCONESERVER is not set # BR2_PACKAGE_SER2NET is not set # BR2_PACKAGE_SHADOWSOCKS_LIBEV is not set - -# -# shairport-sync needs a toolchain w/ C++, NPTL -# +# BR2_PACKAGE_SHAIRPORT_SYNC is not set # BR2_PACKAGE_SHELLINABOX is not set # BR2_PACKAGE_SMCROUTE is not set # BR2_PACKAGE_SNGREP is not set # BR2_PACKAGE_SNORT is not set - -# -# snort3 needs a toolchain w/ C++, wchar, threads, dynamic library, gcc >= 4.9 -# +# BR2_PACKAGE_SNORT3 is not set # BR2_PACKAGE_SOCAT is not set # BR2_PACKAGE_SOCKETCAND is not set # BR2_PACKAGE_SOFTETHER is not set # BR2_PACKAGE_SPAWN_FCGI is not set - -# -# spice server needs a toolchain w/ wchar, threads, C++ -# +# BR2_PACKAGE_SPICE is not set # BR2_PACKAGE_SPICE_PROTOCOL is not set - -# -# squid needs a toolchain w/ C++, threads, gcc >= 8, host gcc >= 8 -# +# BR2_PACKAGE_SQUID is not set # BR2_PACKAGE_SSDP_RESPONDER is not set # BR2_PACKAGE_SSHGUARD is not set # BR2_PACKAGE_SSHPASS is not set @@ -3701,10 +2499,7 @@ BR2_PACKAGE_MONGREL2_LIBC_SUPPORTS=y # BR2_PACKAGE_TIPIDEE is not set # BR2_PACKAGE_TOR is not set # BR2_PACKAGE_TRACEROUTE is not set - -# -# transmission needs a toolchain w/ dynamic library, threads, C++, gcc >= 7 -# +# BR2_PACKAGE_TRANSMISSION is not set # BR2_PACKAGE_TUNCTL is not set # BR2_PACKAGE_TVHEADEND is not set # BR2_PACKAGE_UACME is not set @@ -3719,36 +2514,25 @@ BR2_PACKAGE_MONGREL2_LIBC_SUPPORTS=y # BR2_PACKAGE_USSP_PUSH is not set # BR2_PACKAGE_USTREAMER is not set # BR2_PACKAGE_VDE2 is not set - -# -# vdr needs a toolchain w/ C++, dynamic library, NPTL, wchar, headers >= 3.9 -# +# BR2_PACKAGE_VDR is not set # BR2_PACKAGE_VNSTAT is not set # BR2_PACKAGE_VPNC is not set # BR2_PACKAGE_VSFTPD is not set # BR2_PACKAGE_VTUN is not set # BR2_PACKAGE_WAVEMON is not set +# BR2_PACKAGE_WIREGUARD_LINUX_COMPAT is not set # BR2_PACKAGE_WIREGUARD_TOOLS is not set # BR2_PACKAGE_WIRELESS_REGDB is not set # BR2_PACKAGE_WIRELESS_TOOLS is not set - -# -# wireshark needs a toolchain w/ wchar, threads, dynamic library, C++ -# +# BR2_PACKAGE_WIRESHARK is not set # BR2_PACKAGE_WPA_SUPPLICANT is not set # BR2_PACKAGE_WPAN_TOOLS is not set # BR2_PACKAGE_XINETD is not set # BR2_PACKAGE_XL2TP is not set # BR2_PACKAGE_XTABLES_ADDONS is not set # BR2_PACKAGE_ZABBIX is not set - -# -# zeek needs a toolchain w/ C++, wchar, threads, dynamic library, gcc >= 7, host gcc >= 7 -# - -# -# znc needs a toolchain w/ C++, dynamic library, gcc >= 8, threads -# +# BR2_PACKAGE_ZEEK is not set +# BR2_PACKAGE_ZNC is not set # # Package managers @@ -3809,10 +2593,7 @@ BR2_PACKAGE_XENOMAI_COBALT_ARCH_SUPPORTS=y # # Security # - -# -# apparmor needs a toolchain w/ headers >= 3.16, threads, C++ -# +# BR2_PACKAGE_APPARMOR is not set # BR2_PACKAGE_CHECKPOLICY is not set # BR2_PACKAGE_IMA_EVM_UTILS is not set # BR2_PACKAGE_LYNIS is not set @@ -3877,10 +2658,7 @@ BR2_PACKAGE_GNUPG2_DEPENDS=y # BR2_PACKAGE_TINI is not set # BR2_PACKAGE_TMUX is not set # BR2_PACKAGE_TTYD is not set - -# -# uuu needs a toolchain w/ C++14, threads, atomic, wchar -# +# BR2_PACKAGE_UUU is not set # BR2_PACKAGE_WTFUTIL is not set # BR2_PACKAGE_XMLSTARLET is not set # BR2_PACKAGE_XXHASH is not set @@ -3911,17 +2689,11 @@ BR2_PACKAGE_AUDIT_ARCH_SUPPORTS=y # BR2_PACKAGE_CPULIMIT is not set # BR2_PACKAGE_CPULOAD is not set BR2_PACKAGE_CRIU_ARCH_SUPPORTS=y - -# -# criu needs a glibc or musl toolchain w/ threads, host gcc >= 7, gcc >= 8, headers >= 4.18, C++, dynamic library, wchar -# +# BR2_PACKAGE_CRIU is not set # BR2_PACKAGE_CRUN is not set # BR2_PACKAGE_DAEMON is not set # BR2_PACKAGE_DC3DD is not set - -# -# ddrescue needs a toolchain w/ C++ -# +# BR2_PACKAGE_DDRESCUE is not set # BR2_PACKAGE_DISTRIBUTION_REGISTRY is not set # BR2_PACKAGE_DOCKER_CLI is not set # BR2_PACKAGE_DOCKER_CLI_BUILDX is not set @@ -3957,7 +2729,10 @@ BR2_PACKAGE_INITSCRIPTS=y # BR2_PACKAGE_KMOD is not set # BR2_PACKAGE_KMON is not set # BR2_PACKAGE_KVMTOOL is not set -# BR2_PACKAGE_LIBOSTREE is not set + +# +# libostree needs a uClibc or glibc toolchain w/ threads, dynamic library, wchar, headers >= 5.8 +# BR2_PACKAGE_LIBVIRT_ARCH_SUPPORTS=y # @@ -3987,10 +2762,7 @@ BR2_PACKAGE_MAKEDUMPFILE_ARCH_SUPPORTS=y # netifrc needs openrc as init system # # BR2_PACKAGE_NUMACTL is not set - -# -# nut needs a toolchain w/ C++, threads -# +# BR2_PACKAGE_NUT is not set BR2_PACKAGE_OPENVMTOOLS_ARCH_SUPPORTS=y # BR2_PACKAGE_OPENVMTOOLS is not set @@ -4040,10 +2812,6 @@ BR2_PACKAGE_SYSTEMD_ARCH_SUPPORTS=y BR2_PACKAGE_SYSTEMD_BOOTCHART_ARCH_SUPPORTS=y # BR2_PACKAGE_TEALDEER is not set -# -# thermald needs a toolchain w/ C++, wchar, threads -# - # # thermald needs udev /dev management # @@ -4236,16 +3004,7 @@ BR2_PACKAGE_HOST_PATCHELF=y BR2_PACKAGE_HOST_QEMU_ARCH_SUPPORTS=y BR2_PACKAGE_HOST_QEMU_SYSTEM_ARCH_SUPPORTS=y BR2_PACKAGE_HOST_QEMU_USER_ARCH_SUPPORTS=y -BR2_PACKAGE_HOST_QEMU=y - -# -# Emulators selection -# -BR2_PACKAGE_HOST_QEMU_SYSTEM_MODE=y -# BR2_PACKAGE_HOST_QEMU_LINUX_USER_MODE is not set -# BR2_PACKAGE_HOST_QEMU_VDE2 is not set -# BR2_PACKAGE_HOST_QEMU_VIRTFS is not set -# BR2_PACKAGE_HOST_QEMU_USB is not set +# BR2_PACKAGE_HOST_QEMU is not set # BR2_PACKAGE_HOST_QORIQ_RCW is not set # BR2_PACKAGE_HOST_RAUC is not set # BR2_PACKAGE_HOST_RISCV_ISA_SIM is not set @@ -5215,7 +3974,6 @@ BR2_TARGET_UBOOT_CUSTOM_PATCH_DIR="" # # -# -# Provides NAT20 related packages package. +# Provides NAT20 related packages. # BR2_PACKAGE_NAT20LIB=y From 44c8f8f2b9a2b2a8d55e8e0f91f1b355d5a45db0 Mon Sep 17 00:00:00 2001 From: Janis Danisevskis Date: Wed, 29 Apr 2026 15:26:40 -0700 Subject: [PATCH 05/49] address comments and also resolve circular dependency when using OVERRIDE_DIR --- .github/workflows/linux-kmod-build.yml | 12 ++--- examples/linux/br_external/bootstrap.sh | 52 +++++++++++++------ .../br_external/package/nat20lib/nat20lib.mk | 4 ++ examples/linux/br_external/run-qemu.sh | 8 +-- examples/linux/br_external/utils/envsetup.sh | 7 ++- examples/linux/nat20lib/Makefile | 4 +- 6 files changed, 56 insertions(+), 31 deletions(-) diff --git a/.github/workflows/linux-kmod-build.yml b/.github/workflows/linux-kmod-build.yml index 2e06a43b..374bcee1 100644 --- a/.github/workflows/linux-kmod-build.yml +++ b/.github/workflows/linux-kmod-build.yml @@ -68,27 +68,27 @@ jobs: id: cache-buildroot uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 #v4.3.0 with: - path: buildroot.build + path: ../buildroot.build key: buildroot-${{ hashFiles('examples/linux/br_external/configs/qemu_br_defconfig', 'examples/linux/br_external/configs/qemu_linux_defconfig') }} - name: Bootstrap Buildroot if: steps.cache-buildroot.outputs.cache-hit != 'true' - run: examples/linux/br_external/bootstrap.sh qemu buildroot.build "${{ github.workspace }}" + run: examples/linux/br_external/bootstrap.sh qemu ../buildroot.build "${{ github.workspace }}" - name: Build toolchain and kernel if: steps.cache-buildroot.outputs.cache-hit != 'true' - run: make -C buildroot.build/buildroot linux -j $(( $(nproc) + 1 )) + run: make -C ../buildroot.build/buildroot linux -j $(( $(nproc) + 1 )) - name: Build nat20lib kernel module env: NAT20LIB_OVERRIDE_SRCDIR: ${{ github.workspace }} run: | - cd buildroot.build/buildroot + cd ../buildroot.build/buildroot make nat20lib-dirclean make nat20lib -j $(( $(nproc) + 1 )) - name: Verify nat20lib.ko was produced run: | - find buildroot.build -name 'nat20lib.ko' | grep -q nat20lib.ko + find ../buildroot.build -name 'nat20lib.ko' | grep -q nat20lib.ko echo "nat20lib.ko built successfully:" - find buildroot.build -name 'nat20lib.ko' -exec ls -la {} \; + find ../buildroot.build -name 'nat20lib.ko' -exec ls -la {} \; diff --git a/examples/linux/br_external/bootstrap.sh b/examples/linux/br_external/bootstrap.sh index e3278c0d..0eaf1d7e 100755 --- a/examples/linux/br_external/bootstrap.sh +++ b/examples/linux/br_external/bootstrap.sh @@ -36,35 +36,53 @@ # . PROJECT="$1" -LIBNAT20_BR_BUILD_DIR="${2:-${LIBNAT20_ROOT}/buildroot.build}" +LIBNAT20_BR_BUILD_DIR="$2" LIBNAT20_ROOT="${3:-$(pwd)}" - -LIBNAT20_BR_BUILD_DIR="$(readlink -f "${LIBNAT20_BR_BUILD_DIR}")" LIBNAT20_ROOT="$(readlink -f "${LIBNAT20_ROOT}")" +usage() { + echo "Usage: bootstrap.sh " + echo + echo "This script bootstraps the Buildroot environment for the Dice project." + echo + echo "This script may be run from any directory, as long as the libnat20 root" + echo "directory is specified correctly. The first parameter specifies the project." + echo "See valid options below." + echo "The second parameter specifies the out of tree Buildroot build directory." + echo "The third parameter specifies the libnat20 root directory." + echo "It uses the current working directory by default." + echo + echo "Available projects:" + echo " qemu - Setup Buildroot for the QEMU-based Dice emulator" +} case "$PROJECT" in qemu) ;; *) - echo "Usage: bootstrap.sh " - echo - echo "This script bootstraps the Buildroot environment for the Dice project." - echo - echo "This script may be run from any directory, as long as the libnat20 root" - echo "directory is specified correctly. The first parameter specifies the project." - echo "See valid options below." - echo "The second parameter specifies the out of tree Buildroot build directory." - echo "It uses \"buildroot.build\" inside of the libnat20 root directory by default." - echo "The third parameter specifies the libnat20 root directory." - echo "It uses the current working directory by default." - echo - echo "Available projects:" - echo " qemu - Setup Buildroot for the QEMU-based Dice emulator" + usage exit 0 ;; esac +if [ -z "${LIBNAT20_BR_BUILD_DIR}" ]; then + echo "Error: buildroot_build_dir must be specified." + echo + usage + exit 1 +fi + +LIBNAT20_BR_BUILD_DIR="$(readlink -f "${LIBNAT20_BR_BUILD_DIR}")" + +case "${LIBNAT20_BR_BUILD_DIR}" in + "${LIBNAT20_ROOT}"|"${LIBNAT20_ROOT}"/*) + echo "Error: buildroot_build_dir must not be inside libnat20_root." + echo " buildroot_build_dir: ${LIBNAT20_BR_BUILD_DIR}" + echo " libnat20_root: ${LIBNAT20_ROOT}" + exit 1 + ;; +esac + if [ -e "${LIBNAT20_BR_BUILD_DIR}" ]; then echo "Buildroot build directory ${LIBNAT20_BR_BUILD_DIR} already exists." exit 1 diff --git a/examples/linux/br_external/package/nat20lib/nat20lib.mk b/examples/linux/br_external/package/nat20lib/nat20lib.mk index b59489b8..2fff5fa1 100644 --- a/examples/linux/br_external/package/nat20lib/nat20lib.mk +++ b/examples/linux/br_external/package/nat20lib/nat20lib.mk @@ -33,6 +33,10 @@ # along with this program; if not, see # . +# In CI NAT20LIB_OVERRIDE_SRCDIR is set to the root of the repository, +# so that the source under test is always the current branch. +# Integrators who use this configuration should pin the version +# to a specific commit or branch to avoid breakages when the main branch changes. NAT20LIB_VERSION = origin/main NAT20LIB_SITE = https://github.com/aurora-opensource/libnat20.git NAT20LIB_SITE_METHOD = git diff --git a/examples/linux/br_external/run-qemu.sh b/examples/linux/br_external/run-qemu.sh index 26fffcd6..a37bc9a8 100755 --- a/examples/linux/br_external/run-qemu.sh +++ b/examples/linux/br_external/run-qemu.sh @@ -44,9 +44,9 @@ fi source .env -BUILDROOT_DIR=${LIBNAT20_BR_BUILD_DIR}/buildroot -KERNEL_IMAGE=${BUILDROOT_DIR}/output/images/bzImage -FS_IMAGE=${BUILDROOT_DIR}/output/images/rootfs.ext2 +BUILDROOT_DIR="${LIBNAT20_BR_BUILD_DIR}/buildroot" +KERNEL_IMAGE="${BUILDROOT_DIR}/output/images/bzImage" +FS_IMAGE="${BUILDROOT_DIR}/output/images/rootfs.ext2" -${QEMU_BIN} -M pc -kernel ${KERNEL_IMAGE} -nographic -drive file=${FS_IMAGE},if=virtio,format=raw -append "rootwait root=/dev/vda console=ttyS0" -serial mon:stdio -net nic,model=virtio -net user +"${QEMU_BIN}" -M pc -kernel "${KERNEL_IMAGE}" -nographic -drive file="${FS_IMAGE}",if=virtio,format=raw -append "rootwait root=/dev/vda console=ttyS0" -serial mon:stdio -net nic,model=virtio -net user diff --git a/examples/linux/br_external/utils/envsetup.sh b/examples/linux/br_external/utils/envsetup.sh index c93080e9..61de8b3b 100644 --- a/examples/linux/br_external/utils/envsetup.sh +++ b/examples/linux/br_external/utils/envsetup.sh @@ -37,13 +37,16 @@ if [ ! -f ".env" ]; then echo ".env file not found. Please run bootstrap.sh first." - exit 1 + if (return 0 2>/dev/null); then + return 1 + else + exit 1 + fi fi source .env export NAT20LIB_OVERRIDE_SRCDIR="$LIBNAT20_ROOT" -# export LINUX_OVERRIDE_SRCDIR= function ensure_popd() { "$@" diff --git a/examples/linux/nat20lib/Makefile b/examples/linux/nat20lib/Makefile index 28701172..c0f2fe42 100644 --- a/examples/linux/nat20lib/Makefile +++ b/examples/linux/nat20lib/Makefile @@ -40,10 +40,10 @@ INSTALL_MOD_PATH ?= /lib/modules/`uname -r`/extra all: modules modules: - $(MAKE) -C $(KDIR) M=$$PWD + $(MAKE) -C $(KDIR) M=$$PWD modules modules_install: - $(MAKE) -C $(KDIR) M=$$PWD modules_install + $(MAKE) -C $(KDIR) M=$$PWD INSTALL_MOD_PATH="$(INSTALL_MOD_PATH)" modules_install clean: $(MAKE) -C $(KDIR) M=$$PWD clean From 6627ce34814aa6e91b406304e7f045223558a0b2 Mon Sep 17 00:00:00 2001 From: Janis Danisevskis Date: Wed, 29 Apr 2026 15:47:23 -0700 Subject: [PATCH 06/49] Do not use relative paths --- .github/workflows/linux-kmod-build.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/linux-kmod-build.yml b/.github/workflows/linux-kmod-build.yml index 374bcee1..bb2f9504 100644 --- a/.github/workflows/linux-kmod-build.yml +++ b/.github/workflows/linux-kmod-build.yml @@ -68,27 +68,27 @@ jobs: id: cache-buildroot uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 #v4.3.0 with: - path: ../buildroot.build + path: ${{ runner.temp }}/buildroot.build key: buildroot-${{ hashFiles('examples/linux/br_external/configs/qemu_br_defconfig', 'examples/linux/br_external/configs/qemu_linux_defconfig') }} - name: Bootstrap Buildroot if: steps.cache-buildroot.outputs.cache-hit != 'true' - run: examples/linux/br_external/bootstrap.sh qemu ../buildroot.build "${{ github.workspace }}" + run: examples/linux/br_external/bootstrap.sh qemu ${{ runner.temp }}/buildroot.build "${{ github.workspace }}" - name: Build toolchain and kernel if: steps.cache-buildroot.outputs.cache-hit != 'true' - run: make -C ../buildroot.build/buildroot linux -j $(( $(nproc) + 1 )) + run: make -C ${{ runner.temp }}/buildroot.build/buildroot linux -j $(( $(nproc) + 1 )) - name: Build nat20lib kernel module env: NAT20LIB_OVERRIDE_SRCDIR: ${{ github.workspace }} run: | - cd ../buildroot.build/buildroot + cd ${{ runner.temp }}/buildroot.build/buildroot make nat20lib-dirclean make nat20lib -j $(( $(nproc) + 1 )) - name: Verify nat20lib.ko was produced run: | - find ../buildroot.build -name 'nat20lib.ko' | grep -q nat20lib.ko + find ${{ runner.temp }}/buildroot.build -name 'nat20lib.ko' | grep -q nat20lib.ko echo "nat20lib.ko built successfully:" - find ../buildroot.build -name 'nat20lib.ko' -exec ls -la {} \; + find ${{ runner.temp }}/buildroot.build -name 'nat20lib.ko' -exec ls -la {} \; From edbd43634ea4fdb4fa2742289ed0aedc8cc58ff1 Mon Sep 17 00:00:00 2001 From: Janis Danisevskis Date: Tue, 28 Apr 2026 13:26:47 -0700 Subject: [PATCH 07/49] Add module nat20device to linux examples. This module creates a new character device class intended to implement the nat20 service protocol implementing DICE based device state attestation and an embedded CA. --- examples/linux/br_external/Config.in | 1 + .../br_external/configs/qemu_br_defconfig | 1 + .../br_external/package/nat20device/Config.in | 57 +++ .../package/nat20device/nat20device.mk | 49 +++ examples/linux/br_external/utils/envsetup.sh | 4 +- examples/linux/nat20device/Kbuild | 38 ++ examples/linux/nat20device/Makefile | 50 +++ .../linux/nat20device/include/nat20device.h | 123 ++++++ examples/linux/nat20device/nat20device.c | 401 ++++++++++++++++++ 9 files changed, 723 insertions(+), 1 deletion(-) create mode 100644 examples/linux/br_external/package/nat20device/Config.in create mode 100644 examples/linux/br_external/package/nat20device/nat20device.mk create mode 100644 examples/linux/nat20device/Kbuild create mode 100644 examples/linux/nat20device/Makefile create mode 100644 examples/linux/nat20device/include/nat20device.h create mode 100644 examples/linux/nat20device/nat20device.c diff --git a/examples/linux/br_external/Config.in b/examples/linux/br_external/Config.in index 75cfa0f9..82c6f7ff 100644 --- a/examples/linux/br_external/Config.in +++ b/examples/linux/br_external/Config.in @@ -33,4 +33,5 @@ # along with this program; if not, see # . +source "$BR2_EXTERNAL_NAT20_PATH/package/nat20device/Config.in" source "$BR2_EXTERNAL_NAT20_PATH/package/nat20lib/Config.in" diff --git a/examples/linux/br_external/configs/qemu_br_defconfig b/examples/linux/br_external/configs/qemu_br_defconfig index 863df018..502a1e96 100644 --- a/examples/linux/br_external/configs/qemu_br_defconfig +++ b/examples/linux/br_external/configs/qemu_br_defconfig @@ -3976,4 +3976,5 @@ BR2_TARGET_UBOOT_CUSTOM_PATCH_DIR="" # # Provides NAT20 related packages. # +BR2_PACKAGE_NAT20DEVICE=y BR2_PACKAGE_NAT20LIB=y diff --git a/examples/linux/br_external/package/nat20device/Config.in b/examples/linux/br_external/package/nat20device/Config.in new file mode 100644 index 00000000..0cbd663b --- /dev/null +++ b/examples/linux/br_external/package/nat20device/Config.in @@ -0,0 +1,57 @@ +# Copyright 2026 Aurora Operations, Inc. +# +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0 +# +# This work is dual licensed. +# You may use it under Apache-2.0 or GPL-2.0 at your option. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# OR +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see +# . + +config BR2_PACKAGE_NAT20DEVICE + bool "nat20device" + help + Say Y if you want to enable libnat20 based DICE support. + + Congratulations, you rolled a natural 20. You just enabled + DICE (Device Identifier Composition Engine) support which + is one step in the direction of establishing the root of + trust for your ZTA infrastructure. + + To compile this driver as a module, choose M here: the + module will be called nat20device. + + If in doubt, read up on ZTA, device state attestation, OpenDICE, + DICE Attestation Architecture, and DICE Layering Architecture. + Then come back and, enthusiastically, say Y here. + + Privacy notice: This is a trusted computing feature. It is + very useful for fleet management and establishing authenticity + and integrity to a remote relying party. It can also be + used for tracking, so protecting this feature from unauthorized + access is crucial for privacy on personal end user devices. diff --git a/examples/linux/br_external/package/nat20device/nat20device.mk b/examples/linux/br_external/package/nat20device/nat20device.mk new file mode 100644 index 00000000..f06e18c0 --- /dev/null +++ b/examples/linux/br_external/package/nat20device/nat20device.mk @@ -0,0 +1,49 @@ +# Copyright 2026 Aurora Operations, Inc. +# +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0 +# +# This work is dual licensed. +# You may use it under Apache-2.0 or GPL-2.0 at your option. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# OR +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see +# . + +# In CI NAT20DEVICE_OVERRIDE_SRCDIR is set to the root of the repository, +# so that the source under test is always the current branch. +# Integrators who use this configuration should pin the version +# to a specific commit or branch to avoid breakages when the main branch changes. +NAT20DEVICE_VERSION = origin/main +NAT20DEVICE_SITE = https://github.com/aurora-opensource/libnat20.git +NAT20DEVICE_SITE_METHOD = git + +NAT20DEVICE_LICENSE = GPL-2.0 + +NAT20DEVICE_MODULE_SUBDIRS = examples/linux/nat20device + +$(eval $(kernel-module)) +$(eval $(generic-package)) diff --git a/examples/linux/br_external/utils/envsetup.sh b/examples/linux/br_external/utils/envsetup.sh index 61de8b3b..299193cf 100644 --- a/examples/linux/br_external/utils/envsetup.sh +++ b/examples/linux/br_external/utils/envsetup.sh @@ -46,6 +46,7 @@ fi source .env +export NAT20DEVICE_OVERRIDE_SRCDIR="$LIBNAT20_ROOT" export NAT20LIB_OVERRIDE_SRCDIR="$LIBNAT20_ROOT" function ensure_popd() { @@ -68,6 +69,7 @@ function brrebuild() { echo "Available targets:" echo " all - Rebuild all components" echo " linux - Rebuild the linux kernel" + echo " nat20device - Rebuild the nat20device module" echo " nat20lib - Rebuild the nat20lib library" popd return 1 @@ -75,7 +77,7 @@ function brrebuild() { case "$1" in all) - ensure_popd make linux-rebuild nat20lib-rebuild all + ensure_popd make linux-rebuild nat20device-rebuild nat20lib-rebuild all ;; *) ensure_popd make $1-rebuild all diff --git a/examples/linux/nat20device/Kbuild b/examples/linux/nat20device/Kbuild new file mode 100644 index 00000000..41d3b911 --- /dev/null +++ b/examples/linux/nat20device/Kbuild @@ -0,0 +1,38 @@ +# Copyright 2026 Aurora Operations, Inc. +# +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0 +# +# This work is dual licensed. +# You may use it under Apache-2.0 or GPL-2.0 at your option. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# OR +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see +# . + +obj-m := nat20device.o + +ccflags-y := -I $(src)/include diff --git a/examples/linux/nat20device/Makefile b/examples/linux/nat20device/Makefile new file mode 100644 index 00000000..69f48d91 --- /dev/null +++ b/examples/linux/nat20device/Makefile @@ -0,0 +1,50 @@ +# Copyright 2026 Aurora Operations, Inc. +# +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0 +# +# This work is dual licensed. +# You may use it under Apache-2.0 or GPL-2.0 at your option. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# OR +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see +# . + +KDIR ?= /lib/modules/`uname -r`/build +INSTALL_MOD_PATH ?= /lib/modules/`uname -r`/extra + +all: modules + +modules: + $(MAKE) -C $(KDIR) M=$$PWD modules + +modules_install: + $(MAKE) -C $(KDIR) M=$$PWD INSTALL_MOD_PATH="$(INSTALL_MOD_PATH)" modules_install + +clean: + $(MAKE) -C $(KDIR) M=$$PWD clean + +.PHONY: all modules modules_install clean diff --git a/examples/linux/nat20device/include/nat20device.h b/examples/linux/nat20device/include/nat20device.h new file mode 100644 index 00000000..cd5bce6f --- /dev/null +++ b/examples/linux/nat20device/include/nat20device.h @@ -0,0 +1,123 @@ +/* + * Copyright 2026 Aurora Operations, Inc. + * + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0 + * + * This work is dual licensed. + * You may use it under Apache-2.0 or GPL-2.0 at your option. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * OR + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see + * . + */ + +#pragma once +#ifndef NAT20_DEVICE_H +#define NAT20_DEVICE_H + +#include +#include + +struct nat20device_driver {}; + +/** + * struct nat20device_buffer - Buffer for dispatch function response + * @data: Pointer to buffer data + * @size: Size of the buffer in bytes + */ +struct nat20device_buffer { + void* data; + size_t size; +}; + +/** + * typedef nat20device_dispatch_fn - Dispatch function callback + * @ctx: Driver-specific context + * @request: Request buffer from userspace + * @request_len: Length of request buffer + * @response: Pointer to response buffer (allocated by driver) + * + * The dispatch function processes a request and returns a response buffer. + * The driver must allocate the response buffer, which will be freed by + * the framework using kfree after the read operation completes. + * + * Return: 0 on success, negative error code on failure + */ +typedef int (*nat20device_dispatch_fn)(void* ctx, + void const* request, + size_t request_len, + struct nat20device_buffer* response); + +/** + * typedef nat20device_cert_read - Certificate read function callback + * @ctx: Driver-specific context + * @buf: User-space buffer to read certificate data into + * @len: Length of the buffer + * @f_pos: File position offset + * + * The certificate read function reads certificate data into the provided + * user-space buffer. It behaves similarly to a read file operation. + * + * Return: Number of bytes read on success, negative error code on failure + */ +typedef ssize_t (*nat20device_cert_read)(void* ctx, char __user* buf, size_t len, loff_t* f_pos); + +/** + * struct nat20device_driver_ops - Driver operations + * @dispatch: Dispatch function for handling requests + * @cert_read: Certificate read function for reading certificate data + */ +struct nat20device_driver_ops { + nat20device_dispatch_fn dispatch; + nat20device_cert_read cert_read; +}; + +/** + * nat20device_register_driver - Register a new NAT20 driver instance + * @ops: Driver operations structure + * @ctx: Driver-specific context + * @owner: Module owner (usually THIS_MODULE). This is used to manage module + * reference counting for the driver instance. Blocks the removal + * of the module while a device node remains open. + * + * Registers a new driver instance and creates a character device node + * with the name "nat20X" where X is an automatically assigned number. + * + * Return: Pointer to registered driver on success, ERR_PTR on failure + */ +struct nat20device_driver* nat20device_register_driver(const struct nat20device_driver_ops* ops, + void* ctx, + struct module* owner); + +/** + * nat20device_unregister_driver - Unregister a NAT20 driver instance + * @driver: Driver instance to unregister + * + * Unregisters a driver instance and removes its character device node. + */ +void nat20device_unregister_driver(struct nat20device_driver* driver); +#endif /* NAT20_DEVICE_H */ diff --git a/examples/linux/nat20device/nat20device.c b/examples/linux/nat20device/nat20device.c new file mode 100644 index 00000000..08a567cc --- /dev/null +++ b/examples/linux/nat20device/nat20device.c @@ -0,0 +1,401 @@ +/* + * Copyright 2026 Aurora Operations, Inc. + * + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0 + * + * This work is dual licensed. + * You may use it under Apache-2.0 or GPL-2.0 at your option. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * OR + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see + * . + */ + +#include "nat20device.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#define NAT20DEVICE_DEVICE_NAME "nat20" +#define NAT20DEVICE_MAX_REQUEST_SIZE (1024 * 1024) /* 1 MB max request */ + +/** + * struct nat20device_driver_instance - Internal driver instance data + * @driver: Embedded driver structure (opaque to external users) + * @cdev: Character device structure + * @device: Device structure + * @ops: Driver operations + * @cdev_fops: File operations for the character device. + * @cert_fops: File operations for certificate sysfs files. + * @ctx: Driver-specific context. Will be passed to ops callbacks. + * @id: Instance ID (used for device numbering) + */ +struct nat20device_driver_instance { + struct nat20device_driver driver; + struct cdev cdev; + struct device* device; + const struct nat20device_driver_ops* ops; + struct file_operations cdev_fops; + struct file_operations cert_fops; + void* ctx; + int id; + struct dentry* nat20device_cert_dir; + struct dentry* nat20device_cert_file; +}; + +struct nat20device_file_private { + struct nat20device_driver_instance* instance; + struct nat20device_buffer response; +}; + +static dev_t nat20device_dev_number; +static struct class* nat20device_class; +static DEFINE_IDA(nat20device_ida); + +#define to_nat20device_instance(drv) container_of(drv, struct nat20device_driver_instance, driver) + +/** + * nat20device_open - Open file operation + */ +static int nat20device_open(struct inode* inode, struct file* filp) { + struct nat20device_driver_instance* instance; + instance = container_of(inode->i_cdev, struct nat20device_driver_instance, cdev); + struct nat20device_file_private* file_priv = kzalloc(sizeof(*file_priv), GFP_KERNEL); + if (!file_priv) return -ENOMEM; + + file_priv->instance = instance; + filp->private_data = file_priv; + return 0; +} + +/** + * nat20device_release - Release file operation + */ +static int nat20device_release(struct inode* inode, struct file* filp) { + struct nat20device_file_private* file_priv = filp->private_data; + + /* Free any pending response buffer */ + kfree(file_priv->response.data); + file_priv->response.data = NULL; + file_priv->response.size = 0; + + kfree(file_priv); + filp->private_data = NULL; + + return 0; +} + +/** + * nat20device_write - Write file operation + * + * Receives a request from userspace and dispatches it to the driver's + * dispatch function. + */ +static ssize_t nat20device_write(struct file* filp, + char __user const* buf, + size_t count, + loff_t* f_pos) { + struct nat20device_file_private* file_priv = filp->private_data; + struct nat20device_driver_instance* instance = file_priv->instance; + void* request_buf; + int ret; + + if (count == 0) return 0; + + if (count > NAT20DEVICE_MAX_REQUEST_SIZE) return -EINVAL; + + /* Allocate request buffer */ + request_buf = kmalloc(count, GFP_KERNEL); + if (!request_buf) return -ENOMEM; + + /* Copy request from userspace */ + if (copy_from_user(request_buf, buf, count)) { + kfree(request_buf); + return -EFAULT; + } + + /* Free any previous response buffer */ + kfree(file_priv->response.data); + file_priv->response.data = NULL; + file_priv->response.size = 0; + + if (!instance->ops) { + /* Instance has been unregistered */ + ret = -ENODEV; + goto out; + } + + /* Dispatch the request */ + ret = instance->ops->dispatch(instance->ctx, request_buf, count, &file_priv->response); + if (ret < 0) goto out; + + if (f_pos) { + *f_pos = 0; /* Reset file offset for reading the response */ + } + + ret = count; + +out: + kfree(request_buf); + return ret; +} + +/** + * nat20device_read - Read file operation + * + * Returns the response buffer from the dispatch function to userspace. + */ +static ssize_t nat20device_read(struct file* filp, char __user* buf, size_t count, loff_t* f_pos) { + struct nat20device_file_private* file_priv = filp->private_data; + size_t bytes_to_read; + size_t bytes_remaining; + int ret; + + /* No check if the instance has been unregistered. + * If there is a response buffer it can still be read + * from the open file descriptor until the user closes it. + */ + + /* Check if we have a response buffer */ + if (!file_priv->response.data) return -EAGAIN; + + /* Calculate bytes remaining from current offset */ + if (file_priv->response.size <= *f_pos) { + /* All data has been read */ + return 0; + } + bytes_remaining = file_priv->response.size - *f_pos; + + /* Read up to count bytes */ + bytes_to_read = min(count, bytes_remaining); + + /* Copy to userspace */ + ret = copy_to_user(buf, (char*)file_priv->response.data + *f_pos, bytes_to_read); + if (ret) return -EFAULT; + + /* Update offset */ + *f_pos += bytes_to_read; + + return bytes_to_read; +} + +static int nat20device_cert_fops_open(struct inode* inode, struct file* filp) { + filp->private_data = inode->i_private; + return 0; +} + +static int nat20device_cert_fops_release(struct inode* inode, struct file* filp) { + filp->private_data = NULL; + return 0; +} + +static ssize_t nat20device_cert_fops_read(struct file* filp, + char __user* buf, + size_t len, + loff_t* f_pos) { + struct nat20device_driver_instance* instance = filp->private_data; + if (!instance->ops || !instance->ops->cert_read) { + return -ENODEV; + } + return instance->ops->cert_read(instance->ctx, buf, len, f_pos); +} + +/** + * nat20device_register_driver - Register a new NAT20 driver instance + */ +struct nat20device_driver* nat20device_register_driver(const struct nat20device_driver_ops* ops, + void* ctx, + struct module* owner) { + struct nat20device_driver_instance* instance; + int ret; + int id; + + if (!ops || !ops->dispatch) return ERR_PTR(-EINVAL); + + /* Allocate instance */ + instance = kzalloc(sizeof(*instance), GFP_KERNEL); + if (!instance) return ERR_PTR(-ENOMEM); + + /* Allocate ID */ + ret = ida_alloc(&nat20device_ida, GFP_KERNEL); + if (ret < 0) goto err_free_instance; + id = ret; + + /* Initialize instance */ + instance->ops = ops; + instance->ctx = ctx; + instance->id = id; + instance->cdev_fops.owner = owner; + instance->cdev_fops.open = nat20device_open; + instance->cdev_fops.release = nat20device_release; + instance->cdev_fops.write = nat20device_write; + instance->cdev_fops.read = nat20device_read; + instance->cert_fops.owner = owner; + instance->cert_fops.open = nat20device_cert_fops_open; + instance->cert_fops.release = nat20device_cert_fops_release; + instance->cert_fops.read = nat20device_cert_fops_read; + + /* Initialize character device */ + cdev_init(&instance->cdev, &instance->cdev_fops); + instance->cdev.owner = owner; + + /* Add character device */ + ret = cdev_add(&instance->cdev, nat20device_dev_number + id, 1); + if (ret) goto err_free_id; + + /* Create device node */ + instance->device = device_create(nat20device_class, + NULL, + nat20device_dev_number + id, + NULL, + NAT20DEVICE_DEVICE_NAME "%d", + id); + if (IS_ERR(instance->device)) { + ret = PTR_ERR(instance->device); + goto err_del_cdev; + } + + if (ops->cert_read) { + /* Create certificate sysfs file */ + char cert_dir_name[32]; + snprintf(cert_dir_name, sizeof(cert_dir_name), NAT20DEVICE_DEVICE_NAME "%d", id); + instance->nat20device_cert_dir = securityfs_create_dir(cert_dir_name, NULL); + if (IS_ERR(instance->nat20device_cert_dir)) { + ret = PTR_ERR(instance->nat20device_cert_dir); + goto err_destroy_device; + } + + instance->nat20device_cert_file = securityfs_create_file( + "certificate", 0444, instance->nat20device_cert_dir, instance, &instance->cert_fops); + if (IS_ERR(instance->nat20device_cert_file)) { + ret = PTR_ERR(instance->nat20device_cert_file); + goto err_destroy_cert_dir; + } + } + + pr_info("NAT20: Registered driver instance %s%d\n", NAT20DEVICE_DEVICE_NAME, id); + + return &instance->driver; + +err_destroy_cert_dir: + securityfs_remove(instance->nat20device_cert_dir); +err_destroy_device: + device_destroy(nat20device_class, nat20device_dev_number + id); +err_del_cdev: + cdev_del(&instance->cdev); +err_free_id: + ida_free(&nat20device_ida, id); +err_free_instance: + kfree(instance); + return ERR_PTR(ret); +} +EXPORT_SYMBOL(nat20device_register_driver); + +/** + * nat20device_unregister_driver - Unregister a NAT20 driver instance + */ +void nat20device_unregister_driver(struct nat20device_driver* driver) { + struct nat20device_driver_instance* instance; + + if (!driver) return; + + instance = to_nat20device_instance(driver); + + pr_info("NAT20: Unregistering driver instance %s%d\n", NAT20DEVICE_DEVICE_NAME, instance->id); + + if (instance->nat20device_cert_file) { + /* Remove certificate sysfs file and directory */ + securityfs_remove(instance->nat20device_cert_file); + } + if (instance->nat20device_cert_dir) { + securityfs_remove(instance->nat20device_cert_dir); + } + + /* Remove device node */ + device_destroy(nat20device_class, nat20device_dev_number + instance->id); + + /* Remove character device */ + cdev_del(&instance->cdev); + + /* Free ID */ + ida_free(&nat20device_ida, instance->id); + + /* Free instance */ + kfree(instance); +} +EXPORT_SYMBOL(nat20device_unregister_driver); + +static int __init nat20device_device_init(void) { + int ret; + + /* Allocate device numbers */ + ret = alloc_chrdev_region(&nat20device_dev_number, 0, 256, NAT20DEVICE_DEVICE_NAME); + if (ret < 0) { + pr_err("NAT20: Failed to allocate device numbers: %d\n", ret); + return ret; + } + + /* Create device class */ + nat20device_class = class_create(NAT20DEVICE_DEVICE_NAME); + if (IS_ERR(nat20device_class)) { + ret = PTR_ERR(nat20device_class); + pr_err("NAT20: Failed to create device class: %d\n", ret); + goto err_unregister_chrdev; + } + + pr_info("NAT20: Device framework initialized\n"); + return 0; + +err_unregister_chrdev: + unregister_chrdev_region(nat20device_dev_number, 256); + return ret; +} + +static void __exit nat20device_device_exit(void) { + /* Destroy device class */ + class_destroy(nat20device_class); + + /* Unregister device numbers */ + unregister_chrdev_region(nat20device_dev_number, 256); + + pr_info("NAT20: Device framework exited\n"); +} + +module_init(nat20device_device_init); +module_exit(nat20device_device_exit); + +MODULE_LICENSE("GPL v2"); +MODULE_AUTHOR("Aurora Operations, Inc."); +MODULE_DESCRIPTION("NAT20 device driver framework"); From 2fd948f7d1ff7f588f99938b8610c5e29629b232 Mon Sep 17 00:00:00 2001 From: Janis Danisevskis Date: Wed, 29 Apr 2026 16:00:52 -0700 Subject: [PATCH 08/49] Add nat20device to linux-kmod-build github action. --- .github/workflows/linux-kmod-build.yml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/.github/workflows/linux-kmod-build.yml b/.github/workflows/linux-kmod-build.yml index bb2f9504..2498c1e7 100644 --- a/.github/workflows/linux-kmod-build.yml +++ b/.github/workflows/linux-kmod-build.yml @@ -92,3 +92,17 @@ jobs: find ${{ runner.temp }}/buildroot.build -name 'nat20lib.ko' | grep -q nat20lib.ko echo "nat20lib.ko built successfully:" find ${{ runner.temp }}/buildroot.build -name 'nat20lib.ko' -exec ls -la {} \; + + - name: Build nat20device kernel module + env: + NAT20DEVICE_OVERRIDE_SRCDIR: ${{ github.workspace }} + run: | + cd ${{ runner.temp }}/buildroot.build/buildroot + make nat20device-dirclean + make nat20device -j $(( $(nproc) + 1 )) + + - name: Verify nat20device.ko was produced + run: | + find ${{ runner.temp }}/buildroot.build -name 'nat20device.ko' | grep -q nat20device.ko + echo "nat20device.ko built successfully:" + find ${{ runner.temp }}/buildroot.build -name 'nat20device.ko' -exec ls -la {} \; From b9669afb0904ac7d102db2fe72fbba04a71995a5 Mon Sep 17 00:00:00 2001 From: Janis Danisevskis Date: Thu, 30 Apr 2026 13:08:20 -0700 Subject: [PATCH 09/49] nat20device fixups --- .../linux/nat20device/include/nat20device.h | 18 +++-- examples/linux/nat20device/nat20device.c | 72 ++++++++++--------- 2 files changed, 48 insertions(+), 42 deletions(-) diff --git a/examples/linux/nat20device/include/nat20device.h b/examples/linux/nat20device/include/nat20device.h index cd5bce6f..82e8b5d9 100644 --- a/examples/linux/nat20device/include/nat20device.h +++ b/examples/linux/nat20device/include/nat20device.h @@ -73,27 +73,31 @@ typedef int (*nat20device_dispatch_fn)(void* ctx, struct nat20device_buffer* response); /** - * typedef nat20device_cert_read - Certificate read function callback + * typedef nat20device_dice_chain_read - DICE chain read function callback * @ctx: Driver-specific context - * @buf: User-space buffer to read certificate data into + * @buf: User-space buffer to read DICE chain data into * @len: Length of the buffer * @f_pos: File position offset * - * The certificate read function reads certificate data into the provided - * user-space buffer. It behaves similarly to a read file operation. + * Reads the DICE certificate chain into the provided user-space buffer. + * The data is encoded as a CBOR indefinite-length array. See + * examples/linux/README.md for the encoding specification. * * Return: Number of bytes read on success, negative error code on failure */ -typedef ssize_t (*nat20device_cert_read)(void* ctx, char __user* buf, size_t len, loff_t* f_pos); +typedef ssize_t (*nat20device_dice_chain_read)(void* ctx, + char __user* buf, + size_t len, + loff_t* f_pos); /** * struct nat20device_driver_ops - Driver operations * @dispatch: Dispatch function for handling requests - * @cert_read: Certificate read function for reading certificate data + * @dice_chain_read: DICE chain read function for reading the boot certificate chain */ struct nat20device_driver_ops { nat20device_dispatch_fn dispatch; - nat20device_cert_read cert_read; + nat20device_dice_chain_read dice_chain_read; }; /** diff --git a/examples/linux/nat20device/nat20device.c b/examples/linux/nat20device/nat20device.c index 08a567cc..c1a5ca97 100644 --- a/examples/linux/nat20device/nat20device.c +++ b/examples/linux/nat20device/nat20device.c @@ -58,7 +58,7 @@ * @device: Device structure * @ops: Driver operations * @cdev_fops: File operations for the character device. - * @cert_fops: File operations for certificate sysfs files. + * @dice_chain_fops: File operations for DICE chain security file. * @ctx: Driver-specific context. Will be passed to ops callbacks. * @id: Instance ID (used for device numbering) */ @@ -68,11 +68,11 @@ struct nat20device_driver_instance { struct device* device; const struct nat20device_driver_ops* ops; struct file_operations cdev_fops; - struct file_operations cert_fops; + struct file_operations dice_chain_fops; void* ctx; int id; - struct dentry* nat20device_cert_dir; - struct dentry* nat20device_cert_file; + struct dentry* nat20device_dice_chain_dir; + struct dentry* nat20device_dice_chain_file; }; struct nat20device_file_private { @@ -211,25 +211,25 @@ static ssize_t nat20device_read(struct file* filp, char __user* buf, size_t coun return bytes_to_read; } -static int nat20device_cert_fops_open(struct inode* inode, struct file* filp) { +static int nat20device_dice_chain_fops_open(struct inode* inode, struct file* filp) { filp->private_data = inode->i_private; return 0; } -static int nat20device_cert_fops_release(struct inode* inode, struct file* filp) { +static int nat20device_dice_chain_fops_release(struct inode* inode, struct file* filp) { filp->private_data = NULL; return 0; } -static ssize_t nat20device_cert_fops_read(struct file* filp, - char __user* buf, - size_t len, - loff_t* f_pos) { +static ssize_t nat20device_dice_chain_fops_read(struct file* filp, + char __user* buf, + size_t len, + loff_t* f_pos) { struct nat20device_driver_instance* instance = filp->private_data; - if (!instance->ops || !instance->ops->cert_read) { + if (!instance->ops || !instance->ops->dice_chain_read) { return -ENODEV; } - return instance->ops->cert_read(instance->ctx, buf, len, f_pos); + return instance->ops->dice_chain_read(instance->ctx, buf, len, f_pos); } /** @@ -262,10 +262,10 @@ struct nat20device_driver* nat20device_register_driver(const struct nat20device_ instance->cdev_fops.release = nat20device_release; instance->cdev_fops.write = nat20device_write; instance->cdev_fops.read = nat20device_read; - instance->cert_fops.owner = owner; - instance->cert_fops.open = nat20device_cert_fops_open; - instance->cert_fops.release = nat20device_cert_fops_release; - instance->cert_fops.read = nat20device_cert_fops_read; + instance->dice_chain_fops.owner = owner; + instance->dice_chain_fops.open = nat20device_dice_chain_fops_open; + instance->dice_chain_fops.release = nat20device_dice_chain_fops_release; + instance->dice_chain_fops.read = nat20device_dice_chain_fops_read; /* Initialize character device */ cdev_init(&instance->cdev, &instance->cdev_fops); @@ -287,21 +287,24 @@ struct nat20device_driver* nat20device_register_driver(const struct nat20device_ goto err_del_cdev; } - if (ops->cert_read) { - /* Create certificate sysfs file */ - char cert_dir_name[32]; - snprintf(cert_dir_name, sizeof(cert_dir_name), NAT20DEVICE_DEVICE_NAME "%d", id); - instance->nat20device_cert_dir = securityfs_create_dir(cert_dir_name, NULL); - if (IS_ERR(instance->nat20device_cert_dir)) { - ret = PTR_ERR(instance->nat20device_cert_dir); + if (ops->dice_chain_read) { + char dir_name[32]; + snprintf(dir_name, sizeof(dir_name), NAT20DEVICE_DEVICE_NAME "%d", id); + instance->nat20device_dice_chain_dir = securityfs_create_dir(dir_name, NULL); + if (IS_ERR(instance->nat20device_dice_chain_dir)) { + ret = PTR_ERR(instance->nat20device_dice_chain_dir); goto err_destroy_device; } - instance->nat20device_cert_file = securityfs_create_file( - "certificate", 0444, instance->nat20device_cert_dir, instance, &instance->cert_fops); - if (IS_ERR(instance->nat20device_cert_file)) { - ret = PTR_ERR(instance->nat20device_cert_file); - goto err_destroy_cert_dir; + instance->nat20device_dice_chain_file = + securityfs_create_file("dice_chain", + 0444, + instance->nat20device_dice_chain_dir, + instance, + &instance->dice_chain_fops); + if (IS_ERR(instance->nat20device_dice_chain_file)) { + ret = PTR_ERR(instance->nat20device_dice_chain_file); + goto err_destroy_dice_chain_dir; } } @@ -309,8 +312,8 @@ struct nat20device_driver* nat20device_register_driver(const struct nat20device_ return &instance->driver; -err_destroy_cert_dir: - securityfs_remove(instance->nat20device_cert_dir); +err_destroy_dice_chain_dir: + securityfs_remove(instance->nat20device_dice_chain_dir); err_destroy_device: device_destroy(nat20device_class, nat20device_dev_number + id); err_del_cdev: @@ -335,12 +338,11 @@ void nat20device_unregister_driver(struct nat20device_driver* driver) { pr_info("NAT20: Unregistering driver instance %s%d\n", NAT20DEVICE_DEVICE_NAME, instance->id); - if (instance->nat20device_cert_file) { - /* Remove certificate sysfs file and directory */ - securityfs_remove(instance->nat20device_cert_file); + if (instance->nat20device_dice_chain_file) { + securityfs_remove(instance->nat20device_dice_chain_file); } - if (instance->nat20device_cert_dir) { - securityfs_remove(instance->nat20device_cert_dir); + if (instance->nat20device_dice_chain_dir) { + securityfs_remove(instance->nat20device_dice_chain_dir); } /* Remove device node */ From d40b5bf6ad5164e37b0e05d71ec99d5e8bc70175 Mon Sep 17 00:00:00 2001 From: Janis Danisevskis Date: Tue, 28 Apr 2026 13:31:51 -0700 Subject: [PATCH 10/49] Add nat20crypto module to linux examples The nat20crypto module implements the libnat20 crypto interface in terms of linux kernel crypto primitives. The module implements - deterministic ECDSA with curves P256 and P384. - Bytewise SHA-2 224/256/384/512 - HMAC - HKDF ED25519 is currently not supported. --- .github/workflows/linux-kmod-build.yml | 14 + examples/linux/br_external/Config.in | 1 + .../br_external/configs/qemu_br_defconfig | 1 + .../br_external/package/nat20crypto/Config.in | 42 ++ .../package/nat20crypto/nat20crypto.mk | 48 ++ examples/linux/br_external/utils/envsetup.sh | 4 +- examples/linux/nat20crypto/Kbuild | 45 ++ examples/linux/nat20crypto/Makefile | 52 ++ .../linux/nat20crypto/include/nat20crypto.h | 48 ++ examples/linux/nat20crypto/nat20crypto.c | 650 ++++++++++++++++++ 10 files changed, 904 insertions(+), 1 deletion(-) create mode 100644 examples/linux/br_external/package/nat20crypto/Config.in create mode 100644 examples/linux/br_external/package/nat20crypto/nat20crypto.mk create mode 100644 examples/linux/nat20crypto/Kbuild create mode 100644 examples/linux/nat20crypto/Makefile create mode 100644 examples/linux/nat20crypto/include/nat20crypto.h create mode 100644 examples/linux/nat20crypto/nat20crypto.c diff --git a/.github/workflows/linux-kmod-build.yml b/.github/workflows/linux-kmod-build.yml index 2498c1e7..5425d3bd 100644 --- a/.github/workflows/linux-kmod-build.yml +++ b/.github/workflows/linux-kmod-build.yml @@ -106,3 +106,17 @@ jobs: find ${{ runner.temp }}/buildroot.build -name 'nat20device.ko' | grep -q nat20device.ko echo "nat20device.ko built successfully:" find ${{ runner.temp }}/buildroot.build -name 'nat20device.ko' -exec ls -la {} \; + + - name: Build nat20crypto kernel module + env: + NAT20CRYPTO_OVERRIDE_SRCDIR: ${{ github.workspace }} + run: | + cd ${{ runner.temp }}/buildroot.build/buildroot + make nat20crypto-dirclean + make nat20crypto -j $(( $(nproc) + 1 )) + + - name: Verify nat20crypto.ko was produced + run: | + find ${{ runner.temp }}/buildroot.build -name 'nat20crypto.ko' | grep -q nat20crypto.ko + echo "nat20crypto.ko built successfully:" + find ${{ runner.temp }}/buildroot.build -name 'nat20crypto.ko' -exec ls -la {} \; diff --git a/examples/linux/br_external/Config.in b/examples/linux/br_external/Config.in index 82c6f7ff..63f749bc 100644 --- a/examples/linux/br_external/Config.in +++ b/examples/linux/br_external/Config.in @@ -33,5 +33,6 @@ # along with this program; if not, see # . +source "$BR2_EXTERNAL_NAT20_PATH/package/nat20crypto/Config.in" source "$BR2_EXTERNAL_NAT20_PATH/package/nat20device/Config.in" source "$BR2_EXTERNAL_NAT20_PATH/package/nat20lib/Config.in" diff --git a/examples/linux/br_external/configs/qemu_br_defconfig b/examples/linux/br_external/configs/qemu_br_defconfig index 502a1e96..3f62d470 100644 --- a/examples/linux/br_external/configs/qemu_br_defconfig +++ b/examples/linux/br_external/configs/qemu_br_defconfig @@ -3976,5 +3976,6 @@ BR2_TARGET_UBOOT_CUSTOM_PATCH_DIR="" # # Provides NAT20 related packages. # +BR2_PACKAGE_NAT20CRYPTO=y BR2_PACKAGE_NAT20DEVICE=y BR2_PACKAGE_NAT20LIB=y diff --git a/examples/linux/br_external/package/nat20crypto/Config.in b/examples/linux/br_external/package/nat20crypto/Config.in new file mode 100644 index 00000000..c6eb0ce1 --- /dev/null +++ b/examples/linux/br_external/package/nat20crypto/Config.in @@ -0,0 +1,42 @@ +# Copyright 2026 Aurora Operations, Inc. +# +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0 +# +# This work is dual licensed. +# You may use it under Apache-2.0 or GPL-2.0 at your option. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# OR +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see +# . + +config BR2_PACKAGE_NAT20CRYPTO + bool "nat20crypto" + depends on BR2_PACKAGE_NAT20LIB + help + Add the nat20crypto kernel module. It implements + the libnat20 crypto interface in terms of linux + kernel crypto primitives. diff --git a/examples/linux/br_external/package/nat20crypto/nat20crypto.mk b/examples/linux/br_external/package/nat20crypto/nat20crypto.mk new file mode 100644 index 00000000..d944e5e9 --- /dev/null +++ b/examples/linux/br_external/package/nat20crypto/nat20crypto.mk @@ -0,0 +1,48 @@ +# Copyright 2026 Aurora Operations, Inc. +# +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0 +# +# This work is dual licensed. +# You may use it under Apache-2.0 or GPL-2.0 at your option. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# OR +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see +# . + +NAT20CRYPTO_VERSION = origin/main +NAT20CRYPTO_SITE = https://github.com/aurora-opensource/libnat20.git +NAT20CRYPTO_SITE_METHOD = git + +NAT20CRYPTO_LICENSE = GPL-2.0 + +NAT20CRYPTO_DEPENDENCIES += nat20lib +NAT20CRYPTO_MODULE_MAKE_OPTS += NAT20CRYPTO_NAT20LIB_DIR=$(NAT20LIB_DIR)/examples/linux/nat20lib + +NAT20CRYPTO_MODULE_SUBDIRS = examples/linux/nat20crypto + +$(eval $(kernel-module)) +$(eval $(generic-package)) diff --git a/examples/linux/br_external/utils/envsetup.sh b/examples/linux/br_external/utils/envsetup.sh index 299193cf..377e8c2e 100644 --- a/examples/linux/br_external/utils/envsetup.sh +++ b/examples/linux/br_external/utils/envsetup.sh @@ -46,6 +46,7 @@ fi source .env +export NAT20CRYPTO_OVERRIDE_SRCDIR="$LIBNAT20_ROOT" export NAT20DEVICE_OVERRIDE_SRCDIR="$LIBNAT20_ROOT" export NAT20LIB_OVERRIDE_SRCDIR="$LIBNAT20_ROOT" @@ -69,6 +70,7 @@ function brrebuild() { echo "Available targets:" echo " all - Rebuild all components" echo " linux - Rebuild the linux kernel" + echo " nat20crypto - Rebuild the nat20crypto module" echo " nat20device - Rebuild the nat20device module" echo " nat20lib - Rebuild the nat20lib library" popd @@ -77,7 +79,7 @@ function brrebuild() { case "$1" in all) - ensure_popd make linux-rebuild nat20device-rebuild nat20lib-rebuild all + ensure_popd make linux-rebuild nat20crypto-rebuild nat20device-rebuild nat20lib-rebuild all ;; *) ensure_popd make $1-rebuild all diff --git a/examples/linux/nat20crypto/Kbuild b/examples/linux/nat20crypto/Kbuild new file mode 100644 index 00000000..6fc2de77 --- /dev/null +++ b/examples/linux/nat20crypto/Kbuild @@ -0,0 +1,45 @@ +# Copyright 2026 Aurora Operations, Inc. +# +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0 +# +# This work is dual licensed. +# You may use it under Apache-2.0 or GPL-2.0 at your option. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# OR +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see +# . + +KBUILD_EXTRA_SYMBOLS := $(NAT20CRYPTO_NAT20LIB_DIR)/Module.symvers + +obj-m := nat20crypto.o + +# The following two paths are added to allow the module to include +# crypto/ecc.h (or crypto/internal/ecc.h for 6.0+). +ccflags-y := -I $(src)/include +ccflags-y += -I $(srctree) +ccflags-y += -I $(NAT20CRYPTO_NAT20LIB_DIR)/include +ccflags-y += -std=gnu11 diff --git a/examples/linux/nat20crypto/Makefile b/examples/linux/nat20crypto/Makefile new file mode 100644 index 00000000..2d54c0dd --- /dev/null +++ b/examples/linux/nat20crypto/Makefile @@ -0,0 +1,52 @@ +# Copyright 2026 Aurora Operations, Inc. +# +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0 +# +# This work is dual licensed. +# You may use it under Apache-2.0 or GPL-2.0 at your option. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# OR +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see +# . + +KDIR ?= /lib/modules/`uname -r`/build +INSTALL_MOD_PATH ?= /lib/modules/`uname -r`/extra + +NAT20CRYPTO_NAT20LIB_DIR ?= $(PWD)/../nat20lib + +all: modules + +modules: + $(MAKE) -C $(KDIR) M=$$PWD NAT20CRYPTO_NAT20LIB_DIR="$(NAT20CRYPTO_NAT20LIB_DIR)" modules + +modules_install: + $(MAKE) -C $(KDIR) M=$$PWD INSTALL_MOD_PATH="$(INSTALL_MOD_PATH)" modules_install + +clean: + $(MAKE) -C $(KDIR) M=$$PWD clean + +.PHONY: all modules clean diff --git a/examples/linux/nat20crypto/include/nat20crypto.h b/examples/linux/nat20crypto/include/nat20crypto.h new file mode 100644 index 00000000..26c70e3d --- /dev/null +++ b/examples/linux/nat20crypto/include/nat20crypto.h @@ -0,0 +1,48 @@ +/* + * Copyright 2026 Aurora Operations, Inc. + * + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0 + * + * This work is dual licensed. + * You may use it under Apache-2.0 or GPL-2.0 at your option. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * OR + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see + * . + */ + +#pragma once + +#include +#include +#include + +n20_error_t nat20crypto_open(n20_crypto_context_t** ctx); +n20_error_t nat20crypto_close(n20_crypto_context_t* ctx); +n20_error_t nat20crypto_make_secret(struct n20_crypto_context_s* ctx, + n20_slice_t const* secret_in, + n20_crypto_key_t* key_out); diff --git a/examples/linux/nat20crypto/nat20crypto.c b/examples/linux/nat20crypto/nat20crypto.c new file mode 100644 index 00000000..c22fb0c9 --- /dev/null +++ b/examples/linux/nat20crypto/nat20crypto.c @@ -0,0 +1,650 @@ +/* + * Copyright 2026 Aurora Operations, Inc. + * + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0 + * + * This work is dual licensed. + * You may use it under Apache-2.0 or GPL-2.0 at your option. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * OR + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see + * . + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#if LINUX_VERSION_CODE < KERNEL_VERSION(6, 0, 0) +#include +#else +#include +#endif + +static n20_error_t nat20crypto_digest(n20_crypto_digest_context_t* ctx, + n20_crypto_digest_algorithm_t alg_in, + n20_crypto_gather_list_t const* msg_in, + size_t msg_count, + uint8_t* digest_out, + size_t* digest_size_in_out) { + if (ctx == NULL) { + return n20_error_crypto_invalid_context_e; + } + + if (digest_size_in_out == NULL) { + return n20_error_crypto_unexpected_null_size_e; + } + + char const* digest_name = NULL; + + switch (alg_in) { + case n20_crypto_digest_algorithm_sha2_224_e: + digest_name = "sha224"; + break; + case n20_crypto_digest_algorithm_sha2_256_e: + digest_name = "sha256"; + break; + case n20_crypto_digest_algorithm_sha2_384_e: + digest_name = "sha384"; + break; + case n20_crypto_digest_algorithm_sha2_512_e: + digest_name = "sha512"; + break; + default: + return n20_error_crypto_unknown_algorithm_e; + } + + struct crypto_shash* md_tfm = crypto_alloc_shash(digest_name, 0, 0); + if (IS_ERR(md_tfm)) { + printk(KERN_ERR "Failed to allocate hash context: %ld\n", PTR_ERR(md_tfm)); + return n20_error_crypto_no_resources_e; + } + + size_t digest_size = crypto_shash_digestsize(md_tfm); + + if (*digest_size_in_out < digest_size || digest_out == NULL) { + *digest_size_in_out = digest_size; + crypto_free_shash(md_tfm); + return n20_error_crypto_insufficient_buffer_size_e; + } + + struct shash_desc* md_ctx = + kmalloc(sizeof(struct shash_desc) + crypto_shash_descsize(md_tfm), GFP_KERNEL); + if (md_ctx == NULL) { + crypto_free_shash(md_tfm); + printk(KERN_ERR "Failed to allocate hash descriptor.\n"); + return n20_error_crypto_no_resources_e; + } + md_ctx->tfm = md_tfm; + + if (0 > crypto_shash_init(md_ctx)) { + kfree(md_ctx); + crypto_free_shash(md_tfm); + return n20_error_crypto_implementation_specific_e; + } + + for (size_t list_index = 0; list_index < msg_count; ++list_index) { + if (msg_in[list_index].count == 0 || msg_in[list_index].list == NULL) { + continue; // Skip empty gather lists + } + for (size_t slice_index = 0; slice_index < msg_in[list_index].count; ++slice_index) { + if (msg_in[list_index].list[slice_index].size == 0) continue; + if (msg_in[list_index].list[slice_index].buffer == NULL) { + kfree(md_ctx); + crypto_free_shash(md_tfm); + return n20_error_crypto_unexpected_null_slice_e; + } + if (0 > crypto_shash_update(md_ctx, + msg_in[list_index].list[slice_index].buffer, + msg_in[list_index].list[slice_index].size)) { + kfree(md_ctx); + crypto_free_shash(md_tfm); + return n20_error_crypto_implementation_specific_e; + } + } + } + + if (0 > crypto_shash_final(md_ctx, digest_out)) { + kfree(md_ctx); + crypto_free_shash(md_tfm); + return n20_error_crypto_implementation_specific_e; + } + + *digest_size_in_out = digest_size; + kfree(md_ctx); + crypto_free_shash(md_tfm); + return n20_error_ok_e; +} + +struct nat20crypto_key { + n20_crypto_key_type_t type; + union { + /* This variant is used for ECC keys. */ + struct { + size_t ndigits; + uint64_t digits[6]; + }; + /* This variant is used for CDIs. */ + struct { + uint8_t bits[32]; + }; + }; +}; + +typedef struct nat20crypto_key nat20crypto_key_t; + +static nat20crypto_key_t* nat20crypto_key_alloc(n20_crypto_key_type_t type) { + nat20crypto_key_t* key = (nat20crypto_key_t*)kmalloc(sizeof(nat20crypto_key_t), GFP_KERNEL); + if (key == NULL) { + return NULL; + } + key->type = type; + return key; +} + +static void nat20crypto_key_destroy(nat20crypto_key_t* key) { + if (key != NULL) { + memzero_explicit(key, sizeof(nat20crypto_key_t)); + kfree(key); + } +} + +static n20_error_t nat20crypto_kdf(struct n20_crypto_context_s* ctx, + n20_crypto_key_t key_in, + n20_crypto_key_type_t key_type_in, + n20_crypto_gather_list_t const* context_in, + n20_crypto_key_t* key_out) { + if (ctx == NULL) { + return n20_error_crypto_invalid_context_e; + } + + if (key_in == NULL) { + return n20_error_crypto_unexpected_null_key_in_e; + } + + nat20crypto_key_t* cdi_key = (nat20crypto_key_t*)key_in; + if (cdi_key->type != n20_crypto_key_type_cdi_e) { + return n20_error_crypto_invalid_key_e; + } + + if (key_out == NULL) { + return n20_error_crypto_unexpected_null_key_out_e; + } + + /* Compute the total length of the context and copy it + * into a consecutive buffer. */ + size_t context_size = 0; + for (size_t i = 0; i < context_in->count; ++i) { + context_size += context_in->list[i].size; + } + uint8_t* context_buffer = (uint8_t*)kmalloc(context_size, GFP_KERNEL); + if (context_buffer == NULL) { + return n20_error_crypto_no_resources_e; + } + size_t copied = 0; + for (size_t i = 0; i < context_in->count; ++i) { + memcpy(context_buffer + copied, context_in->list[i].buffer, context_in->list[i].size); + copied += context_in->list[i].size; + } + + uint8_t derived[32]; + + n20_error_t rc; + rc = ctx->digest_ctx.hkdf_expand(&ctx->digest_ctx, + n20_crypto_digest_algorithm_sha2_512_e, + (n20_slice_t){ + .size = sizeof(cdi_key->bits), + .buffer = cdi_key->bits, + }, + (n20_slice_t){ + .size = context_size, + .buffer = context_buffer, + }, + 32, + derived); + kfree(context_buffer); + + if (rc != n20_error_ok_e) { + return rc; + } + + switch (key_type_in) { + case n20_crypto_key_type_cdi_e: { + nat20crypto_key_t* new_cdi_key = nat20crypto_key_alloc(n20_crypto_key_type_cdi_e); + if (new_cdi_key == NULL) { + return n20_error_crypto_no_resources_e; + } + memcpy(new_cdi_key->bits, derived, 32); + *key_out = new_cdi_key; + return n20_error_ok_e; + } + case n20_crypto_key_type_secp256r1_e: + case n20_crypto_key_type_secp384r1_e: { + n20_slice_t x_octets = { + .size = 32, + .buffer = derived, + }; + nat20crypto_key_t* new_ecc_key = nat20crypto_key_alloc(key_type_in); + if (new_ecc_key == NULL) { + return n20_error_crypto_no_resources_e; + } + + n20_bn_t k_bn; + k_bn.word_count = key_type_in == n20_crypto_key_type_secp256r1_e ? 8 : 12; + k_bn.words = (uint32_t*)new_ecc_key->digits; + new_ecc_key->ndigits = k_bn.word_count / 2; + rc = n20_rfc6979_k_generation(&ctx->digest_ctx, + n20_crypto_digest_algorithm_sha2_512_e, + key_type_in, + &x_octets, + NULL, + &k_bn, + 0); + if (rc != n20_error_ok_e) { + nat20crypto_key_destroy(new_ecc_key); + return rc; + } + *key_out = new_ecc_key; + return n20_error_ok_e; + } + + case n20_crypto_key_type_ed25519_e: + /* fallthrough */ + default: + /* Unsupported key type for KDF. */ + break; + } + + return n20_error_crypto_invalid_key_type_e; +} + +/* The kernel's ECC library does not export a general scalar-point + * multiplication function. However, ecc_make_pub_key computes + * k * G (the generator point multiplication) which is exactly + * what ECDSA signing needs for computing the nonce point. The + * output is byte-swapped relative to the internal VLI representation, + * so callers must ecc_swap_digits the x-coordinate back. */ +static int nat20crypto_mult_g(unsigned int curve_id, + size_t ndigits, + uint64_t* k, + uint64_t* pubkey_xy) { +#if LINUX_VERSION_CODE < KERNEL_VERSION(6, 10, 0) + /* Before version 6.10.0 ecc_make_pub_key swapped the bytes + * of the key, so we have to swap them back before calling + * ecc_make_pub_key. */ + uint64_t privkey[6] = {0}; + ecc_swap_digits(k, privkey, ndigits); + return ecc_make_pub_key(curve_id, ndigits, privkey, pubkey_xy); +#else + return ecc_make_pub_key(curve_id, ndigits, k, pubkey_xy); +#endif +} + +static n20_error_t nat20crypto_sign(struct n20_crypto_context_s* ctx, + n20_crypto_key_t key_in, + n20_crypto_gather_list_t const* msg_in, + uint8_t* signature_out, + size_t* signature_size_in_out) { + + if (ctx == NULL) { + return n20_error_crypto_invalid_context_e; + } + + if (key_in == NULL) { + return n20_error_crypto_unexpected_null_key_in_e; + } + + if (signature_size_in_out == NULL) { + return n20_error_crypto_unexpected_null_size_e; + } + + nat20crypto_key_t* priv_key = (nat20crypto_key_t*)key_in; + int err; + + size_t ndigits = 0; + struct ecc_curve const* curve = NULL; + n20_crypto_digest_algorithm_t digest_algorithm; + unsigned int curve_id = 0; + switch (priv_key->type) { + case n20_crypto_key_type_secp256r1_e: + ndigits = 4; + curve = ecc_get_curve(ECC_CURVE_NIST_P256); + curve_id = ECC_CURVE_NIST_P256; + digest_algorithm = n20_crypto_digest_algorithm_sha2_256_e; + break; + case n20_crypto_key_type_secp384r1_e: + ndigits = 6; + curve = ecc_get_curve(ECC_CURVE_NIST_P384); + curve_id = ECC_CURVE_NIST_P384; + digest_algorithm = n20_crypto_digest_algorithm_sha2_384_e; + break; + default: + return n20_error_crypto_invalid_key_e; + } + size_t expected_signature_size = ndigits * 16; + + if (*signature_size_in_out < expected_signature_size || signature_out == NULL) { + *signature_size_in_out = expected_signature_size; + return n20_error_crypto_insufficient_buffer_size_e; + } + + if (curve == NULL) { + return n20_error_crypto_invalid_key_e; + } + + n20_error_t result = n20_error_crypto_implementation_specific_e; + uint64_t z[6] = {0}; + uint64_t k[6] = {0}; + uint64_t k_inv[6] = {0}; + uint64_t rs[12] = {0}; + uint64_t* r = &rs[0]; + uint64_t* s = &rs[ndigits]; + uint64_t* xy = rs; // Reuse rs buffer for point multiplication + uint64_t* key_bytes = k_inv; // Reuse k_inv buffer for key bytes + + size_t digest_size = 6 * 8; + + /* Digest the message into s (temporary). */ + n20_error_t n20_err = ctx->digest_ctx.digest( + &ctx->digest_ctx, digest_algorithm, msg_in, 1, (uint8_t*)s, &digest_size); + if (n20_err != n20_error_ok_e) { + printk(KERN_ERR "Failed to digest message: %d\n", n20_err); + result = n20_err; + goto cleanup; + } + + n20_slice_t z_slice = { + .size = digest_size, + .buffer = (uint8_t*)s, + }; + + n20_crypto_gather_list_t gather_list = { + .count = 1, + .list = &z_slice, + }; + + /* Convert digest to little-endian big number for modular arithmetic. + * z is stable across loop iterations. */ + ecc_swap_digits(s, z, ndigits); + + /* k_bn uses 32bit words instead of 64bit words. + * But the in memory representation is compatible + * on little-endian systems. */ +#ifndef __LITTLE_ENDIAN +#error "Big-endian systems are not supported" +#endif + n20_bn_t k_bn = { + .word_count = ndigits * 2, + .words = (uint32_t*)k, + }; + + /* On the first iteration, s still holds the big-endian digest as needed by gather_list. + * It is clobbered during the loop body and must be restored between iterations. + * Since z is stable, s can be restored by swapping digits back from z. */ + for (unsigned int skip = 0; skip < 8; ++skip, ecc_swap_digits(z, s, ndigits)) { + /* key_bytes aliases k_inv which is clobbered below. + * Recompute on each iteration. */ + ecc_swap_digits(priv_key->digits, key_bytes, ndigits); + + n20_slice_t key_slice = { + .size = ndigits * 8, + .buffer = (uint8_t*)key_bytes, + }; + + /* Generate k (deterministic per RFC 6979; skip selects the candidate). */ + n20_err = n20_rfc6979_k_generation(&ctx->digest_ctx, + digest_algorithm, + priv_key->type, + &key_slice, + &gather_list, + &k_bn, + skip); + if (n20_err != n20_error_ok_e) { + result = n20_err; + goto cleanup; + } + + /* Mod Invert k */ + vli_mod_inv(k_inv, k, curve->n, ndigits); + + /* Compute x1 = (k * G).x */ + err = nat20crypto_mult_g(curve_id, ndigits, k, xy); + if (err) { + printk(KERN_ERR "Failed to compute nonce point: %d\n", err); + result = n20_error_crypto_implementation_specific_e; + goto cleanup; + } + ecc_swap_digits(xy, s, ndigits); + for (size_t i = 0; i < ndigits; i++) { + r[i] = s[i]; + } + + /* r = x1 mod n */ + if (vli_cmp(r, curve->n, ndigits) >= 0) { + vli_sub(r, r, curve->n, ndigits); + } + + if (vli_is_zero(r, ndigits)) continue; + + /* s = k^-1 (H(m) + d_A * r) mod n */ + + /* s = d_A * r mod n */ + vli_mod_mult_slow(s, priv_key->digits, r, curve->n, ndigits); + + /* Modular add z (H(m)) and s: s = (s + z) mod n. + * Compute n - z into k (scratch). */ + vli_sub(k, curve->n, z, ndigits); + + if (vli_cmp(k, s, ndigits) <= 0) { + /* If s >= n - z, we can compute s + z mod n as s - (n - z) <=> s - k. */ + vli_sub(s, s, k, ndigits); + } else { + /* If s fits into k (i.e. n - z), we can just add s and z. */ + uint64_t carry = 0; + for (size_t i = 0; i < ndigits; i++) { + carry = __builtin_add_overflow(s[i], carry, &s[i]); + carry |= __builtin_add_overflow(s[i], z[i], &s[i]); + } + } + + vli_mod_mult_slow(s, k_inv, s, curve->n, ndigits); + + if (vli_is_zero(s, ndigits)) continue; + + ecc_swap_digits(r, (uint64_t*)signature_out, ndigits); + ecc_swap_digits(s, ((uint64_t*)signature_out) + ndigits, ndigits); + + *signature_size_in_out = expected_signature_size; + result = n20_error_ok_e; + goto cleanup; + } + +cleanup: + memzero_explicit(z, sizeof(z)); + memzero_explicit(k, sizeof(k)); + memzero_explicit(k_inv, sizeof(k_inv)); + memzero_explicit(rs, sizeof(rs)); + return result; +} + +static n20_error_t nat20crypto_key_get_public_key(struct n20_crypto_context_s* ctx, + n20_crypto_key_t key_in, + uint8_t* public_key_out, + size_t* public_key_size_in_out) { + if (ctx == NULL) { + return n20_error_crypto_invalid_context_e; + } + + if (key_in == NULL) { + return n20_error_crypto_unexpected_null_key_in_e; + } + + if (public_key_size_in_out == NULL) { + return n20_error_crypto_unexpected_null_size_e; + } + + nat20crypto_key_t* priv_key = (nat20crypto_key_t*)key_in; + + /* Determine public key size based on curve type */ + size_t public_key_size = 0; + unsigned int curve_id = 0; + + switch (priv_key->type) { + case n20_crypto_key_type_secp256r1_e: + public_key_size = 64; /* 32 bytes x + 32 bytes y */ + curve_id = ECC_CURVE_NIST_P256; + break; + case n20_crypto_key_type_secp384r1_e: + public_key_size = 96; /* 48 bytes x + 48 bytes y */ + curve_id = ECC_CURVE_NIST_P384; + break; + case n20_crypto_key_type_ed25519_e: + case n20_crypto_key_type_cdi_e: + default: + return n20_error_crypto_invalid_key_e; + } + + if (*public_key_size_in_out < public_key_size || public_key_out == NULL) { + *public_key_size_in_out = public_key_size; + return n20_error_crypto_insufficient_buffer_size_e; + } + + *public_key_size_in_out = public_key_size; + + int err = nat20crypto_mult_g( + curve_id, priv_key->ndigits, priv_key->digits, (uint64_t*)public_key_out); + + if (err) { + printk(KERN_ERR "Failed to generate public key: %d\n", err); + return n20_error_crypto_implementation_specific_e; + } + + return n20_error_ok_e; +} + +static n20_error_t nat20crypto_key_free(struct n20_crypto_context_s* ctx, n20_crypto_key_t key_in) { + if (ctx == NULL) { + return n20_error_crypto_invalid_context_e; + } + + if (key_in == NULL) { + return n20_error_ok_e; + } + + nat20crypto_key_t* priv_key = (nat20crypto_key_t*)key_in; + nat20crypto_key_destroy(priv_key); + + return n20_error_ok_e; +} + +static n20_crypto_context_t linux_crypto_ctx = { + {nat20crypto_digest, n20_hmac, n20_hkdf, n20_hkdf_extract, n20_hkdf_expand}, + nat20crypto_kdf, + nat20crypto_sign, + nat20crypto_key_get_public_key, + nat20crypto_key_free}; + +n20_error_t nat20crypto_open(n20_crypto_context_t** ctx) { + if (ctx == NULL) { + return n20_error_crypto_unexpected_null_e; + } + + *ctx = &linux_crypto_ctx; + + return n20_error_ok_e; +} +EXPORT_SYMBOL(nat20crypto_open); + +n20_error_t nat20crypto_close(n20_crypto_context_t* ctx) { + if (ctx == NULL) { + return n20_error_crypto_unexpected_null_e; + } + + return n20_error_ok_e; +} +EXPORT_SYMBOL(nat20crypto_close); + +n20_error_t nat20crypto_make_secret(struct n20_crypto_context_s* ctx, + n20_slice_t const* secret_in, + n20_crypto_key_t* key_out) { + if (ctx == NULL) { + return n20_error_crypto_invalid_context_e; + } + + if (secret_in == NULL || secret_in->buffer == NULL || secret_in->size == 0) { + return n20_error_crypto_unexpected_null_data_e; + } + + if (key_out == NULL) { + return n20_error_crypto_unexpected_null_key_out_e; + } + + nat20crypto_key_t* new_key = nat20crypto_key_alloc(n20_crypto_key_type_cdi_e); + if (!new_key) { + return n20_error_crypto_no_resources_e; + } + memzero_explicit(new_key->bits, sizeof(new_key->bits)); + + memcpy(new_key->bits, + secret_in->buffer, + sizeof(new_key->bits) < secret_in->size ? sizeof(new_key->bits) : secret_in->size); + + *key_out = new_key; + return n20_error_ok_e; +} +EXPORT_SYMBOL(nat20crypto_make_secret); + +static int __init nat20crypto_init(void) { + printk(KERN_INFO "nat20crypto - init\n"); + // Currently, there is nothing to initialize in this module. + return 0; +} + +static void __exit nat20crypto_exit(void) { + printk(KERN_INFO "nat20crypto - cleanup\n"); + // Currently, there is nothing to clean up in this module. +} + +MODULE_LICENSE("GPL v2"); +MODULE_AUTHOR("Aurora Operations, Inc."); +MODULE_DESCRIPTION("NAT20 Crypto Module using Linux Kernel Crypto API"); + +module_init(nat20crypto_init); +module_exit(nat20crypto_exit); From 49d49010bd3843dcec6344e4d6f083edcccfd173 Mon Sep 17 00:00:00 2001 From: Janis Danisevskis Date: Mon, 4 May 2026 17:10:19 -0700 Subject: [PATCH 11/49] Set override SRCDIR for dependencies. --- .github/workflows/linux-kmod-build.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/linux-kmod-build.yml b/.github/workflows/linux-kmod-build.yml index 5425d3bd..64c19cea 100644 --- a/.github/workflows/linux-kmod-build.yml +++ b/.github/workflows/linux-kmod-build.yml @@ -109,6 +109,7 @@ jobs: - name: Build nat20crypto kernel module env: + NAT20LIB_OVERRIDE_SRCDIR: ${{ github.workspace }} NAT20CRYPTO_OVERRIDE_SRCDIR: ${{ github.workspace }} run: | cd ${{ runner.temp }}/buildroot.build/buildroot From 4b64988ed7a7d4c76a42ad8fcdfdc1c77d4e492a Mon Sep 17 00:00:00 2001 From: Janis Danisevskis Date: Tue, 5 May 2026 13:50:42 -0700 Subject: [PATCH 12/49] Address comments. --- .github/workflows/linux-kmod-build.yml | 2 +- examples/linux/br_external/package/nat20lib/nat20lib.mk | 3 ++- examples/linux/nat20lib/Kbuild | 5 +---- 3 files changed, 4 insertions(+), 6 deletions(-) diff --git a/.github/workflows/linux-kmod-build.yml b/.github/workflows/linux-kmod-build.yml index bb2f9504..a48529a9 100644 --- a/.github/workflows/linux-kmod-build.yml +++ b/.github/workflows/linux-kmod-build.yml @@ -69,7 +69,7 @@ jobs: uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 #v4.3.0 with: path: ${{ runner.temp }}/buildroot.build - key: buildroot-${{ hashFiles('examples/linux/br_external/configs/qemu_br_defconfig', 'examples/linux/br_external/configs/qemu_linux_defconfig') }} + key: buildroot-${{ hashFiles('examples/linux/br_external/configs/qemu_br_defconfig', 'examples/linux/br_external/configs/qemu_linux_defconfig', 'examples/linux/br_external/bootstrap.sh') }} - name: Bootstrap Buildroot if: steps.cache-buildroot.outputs.cache-hit != 'true' diff --git a/examples/linux/br_external/package/nat20lib/nat20lib.mk b/examples/linux/br_external/package/nat20lib/nat20lib.mk index 2fff5fa1..e6652619 100644 --- a/examples/linux/br_external/package/nat20lib/nat20lib.mk +++ b/examples/linux/br_external/package/nat20lib/nat20lib.mk @@ -40,7 +40,8 @@ NAT20LIB_VERSION = origin/main NAT20LIB_SITE = https://github.com/aurora-opensource/libnat20.git NAT20LIB_SITE_METHOD = git -NAT20LIB_LICENSE = GPL-2.0 +NAT20LIB_LICENSE = Apache-2.0 OR GPL-2.0 +NAT20LIB_LICENSE_FILES = LICENSE-Apache-2.0.txt LICENSE-GPL-2.0.txt NAT20LIB_MODULE_SUBDIRS = examples/linux/nat20lib diff --git a/examples/linux/nat20lib/Kbuild b/examples/linux/nat20lib/Kbuild index 0f26bfc5..aab5d7e7 100644 --- a/examples/linux/nat20lib/Kbuild +++ b/examples/linux/nat20lib/Kbuild @@ -34,10 +34,7 @@ # . obj-m := nat20lib.o -ccflags-y := -I $(src)/../../../include -ccflags-y += -I $(srctree) -ccflags-y += -std=gnu11 -ccflags-y += -DN20_WITH_X509 +ccflags-y := -I $(src)/include nat20lib-y := mod.o nat20lib-y += ../../../src/core/x509_ext_open_dice_input.o From fee93e2185025603e4e827caa129ee73b7e606fe Mon Sep 17 00:00:00 2001 From: Janis Danisevskis Date: Tue, 5 May 2026 14:13:43 -0700 Subject: [PATCH 13/49] address comments --- .../package/nat20device/nat20device.mk | 4 +- .../linux/nat20device/include/nat20device.h | 15 +++-- examples/linux/nat20device/nat20device.c | 64 +++++++++++-------- 3 files changed, 50 insertions(+), 33 deletions(-) diff --git a/examples/linux/br_external/package/nat20device/nat20device.mk b/examples/linux/br_external/package/nat20device/nat20device.mk index f06e18c0..d466b101 100644 --- a/examples/linux/br_external/package/nat20device/nat20device.mk +++ b/examples/linux/br_external/package/nat20device/nat20device.mk @@ -40,8 +40,8 @@ NAT20DEVICE_VERSION = origin/main NAT20DEVICE_SITE = https://github.com/aurora-opensource/libnat20.git NAT20DEVICE_SITE_METHOD = git - -NAT20DEVICE_LICENSE = GPL-2.0 +NAT20DEVICE_LICENSE = Apache-2.0 OR GPL-2.0 +NAT20DEVICE_LICENSE_FILES = LICENSE-Apache-2.0.txt LICENSE-GPL-2.0.txt NAT20DEVICE_MODULE_SUBDIRS = examples/linux/nat20device diff --git a/examples/linux/nat20device/include/nat20device.h b/examples/linux/nat20device/include/nat20device.h index 82e8b5d9..97995b2f 100644 --- a/examples/linux/nat20device/include/nat20device.h +++ b/examples/linux/nat20device/include/nat20device.h @@ -36,8 +36,6 @@ */ #pragma once -#ifndef NAT20_DEVICE_H -#define NAT20_DEVICE_H #include #include @@ -63,7 +61,8 @@ struct nat20device_buffer { * * The dispatch function processes a request and returns a response buffer. * The driver must allocate the response buffer, which will be freed by - * the framework using kfree after the read operation completes. + * the framework using kfree after the read operation completes, + * on the next write if the buffer has not been read yet, or when the file is closed. * * Return: 0 on success, negative error code on failure */ @@ -122,6 +121,14 @@ struct nat20device_driver* nat20device_register_driver(const struct nat20device_ * @driver: Driver instance to unregister * * Unregisters a driver instance and removes its character device node. + * + * IMPORTANT: + * This function must only be called from the registering module's exit + * function. The file_operations.owner field is set to the registering + * module, causing the kernel to hold a module reference for each open + * file descriptor. This guarantees that module unload (and thus this + * function) cannot execute while any file descriptor is still open. + * Calling this function from any other context voids this guarantee + * and results in undefined behavior. */ void nat20device_unregister_driver(struct nat20device_driver* driver); -#endif /* NAT20_DEVICE_H */ diff --git a/examples/linux/nat20device/nat20device.c b/examples/linux/nat20device/nat20device.c index c1a5ca97..7a1de846 100644 --- a/examples/linux/nat20device/nat20device.c +++ b/examples/linux/nat20device/nat20device.c @@ -53,14 +53,16 @@ /** * struct nat20device_driver_instance - Internal driver instance data - * @driver: Embedded driver structure (opaque to external users) + * @driver: Embedded driver structure (returned as opaque handle to callers) * @cdev: Character device structure - * @device: Device structure - * @ops: Driver operations - * @cdev_fops: File operations for the character device. - * @dice_chain_fops: File operations for DICE chain security file. - * @ctx: Driver-specific context. Will be passed to ops callbacks. - * @id: Instance ID (used for device numbering) + * @device: Device structure for /dev/nat20 + * @ops: Driver operations (dispatch and dice_chain_read callbacks) + * @cdev_fops: File operations for the character device + * @dice_chain_fops: File operations for the DICE chain securityfs file + * @ctx: Driver-specific context passed to ops callbacks + * @id: Instance ID (minor number and securityfs directory suffix) + * @nat20device_dice_chain_dir: Securityfs directory dentry, or NULL + * @nat20device_dice_chain_file: Securityfs dice_chain file dentry, or NULL */ struct nat20device_driver_instance { struct nat20device_driver driver; @@ -75,6 +77,11 @@ struct nat20device_driver_instance { struct dentry* nat20device_dice_chain_file; }; +/** + * struct nat20device_file_private - Per-file-descriptor state + * @instance: Back-pointer to the owning driver instance + * @response: Response buffer from the most recent dispatch, or empty + */ struct nat20device_file_private { struct nat20device_driver_instance* instance; struct nat20device_buffer response; @@ -104,6 +111,7 @@ static int nat20device_open(struct inode* inode, struct file* filp) { * nat20device_release - Release file operation */ static int nat20device_release(struct inode* inode, struct file* filp) { + (void)inode; struct nat20device_file_private* file_priv = filp->private_data; /* Free any pending response buffer */ @@ -120,8 +128,9 @@ static int nat20device_release(struct inode* inode, struct file* filp) { /** * nat20device_write - Write file operation * - * Receives a request from userspace and dispatches it to the driver's - * dispatch function. + * Copies a request from userspace, frees any unconsumed prior response, + * dispatches the request to the driver, and resets the file position to 0 + * so that the response can be read back. */ static ssize_t nat20device_write(struct file* filp, char __user const* buf, @@ -151,19 +160,12 @@ static ssize_t nat20device_write(struct file* filp, file_priv->response.data = NULL; file_priv->response.size = 0; - if (!instance->ops) { - /* Instance has been unregistered */ - ret = -ENODEV; - goto out; - } - /* Dispatch the request */ ret = instance->ops->dispatch(instance->ctx, request_buf, count, &file_priv->response); if (ret < 0) goto out; - if (f_pos) { - *f_pos = 0; /* Reset file offset for reading the response */ - } + /* Reset file position so that a subsequent read starts at offset 0. */ + *f_pos = 0; ret = count; @@ -175,22 +177,20 @@ static ssize_t nat20device_write(struct file* filp, /** * nat20device_read - Read file operation * - * Returns the response buffer from the dispatch function to userspace. + * Returns the current response buffer to userspace. Once the entire + * response has been read, the buffer is freed and subsequent reads + * return -EAGAIN until a new request is dispatched via write. */ static ssize_t nat20device_read(struct file* filp, char __user* buf, size_t count, loff_t* f_pos) { struct nat20device_file_private* file_priv = filp->private_data; size_t bytes_to_read; size_t bytes_remaining; - int ret; - - /* No check if the instance has been unregistered. - * If there is a response buffer it can still be read - * from the open file descriptor until the user closes it. - */ /* Check if we have a response buffer */ if (!file_priv->response.data) return -EAGAIN; + if (*f_pos < 0) return -EINVAL; + /* Calculate bytes remaining from current offset */ if (file_priv->response.size <= *f_pos) { /* All data has been read */ @@ -202,12 +202,21 @@ static ssize_t nat20device_read(struct file* filp, char __user* buf, size_t coun bytes_to_read = min(count, bytes_remaining); /* Copy to userspace */ - ret = copy_to_user(buf, (char*)file_priv->response.data + *f_pos, bytes_to_read); - if (ret) return -EFAULT; + if (copy_to_user(buf, (char*)file_priv->response.data + *f_pos, bytes_to_read)) { + return -EFAULT; + } /* Update offset */ *f_pos += bytes_to_read; + /* Response fully consumed — free it so subsequent reads + * return -EAGAIN until the next write/dispatch cycle. */ + if (*f_pos >= file_priv->response.size) { + kfree(file_priv->response.data); + file_priv->response.data = NULL; + file_priv->response.size = 0; + } + return bytes_to_read; } @@ -217,6 +226,7 @@ static int nat20device_dice_chain_fops_open(struct inode* inode, struct file* fi } static int nat20device_dice_chain_fops_release(struct inode* inode, struct file* filp) { + (void)inode; filp->private_data = NULL; return 0; } From e5a700134a150059fe3a813546062c8d090298ab Mon Sep 17 00:00:00 2001 From: Janis Danisevskis Date: Tue, 5 May 2026 15:22:07 -0700 Subject: [PATCH 14/49] Serialize read and write access and document concurrency contracts. --- .../linux/nat20device/include/nat20device.h | 9 +++++ examples/linux/nat20device/nat20device.c | 36 +++++++++++++------ 2 files changed, 34 insertions(+), 11 deletions(-) diff --git a/examples/linux/nat20device/include/nat20device.h b/examples/linux/nat20device/include/nat20device.h index 97995b2f..3683f129 100644 --- a/examples/linux/nat20device/include/nat20device.h +++ b/examples/linux/nat20device/include/nat20device.h @@ -64,6 +64,11 @@ struct nat20device_buffer { * the framework using kfree after the read operation completes, * on the next write if the buffer has not been read yet, or when the file is closed. * + * The framework serializes calls per open file descriptor. However, if the + * device is opened multiple times, dispatch may be called concurrently with + * the same @ctx from different file descriptors. The implementer must protect + * shared state in @ctx against concurrent access. + * * Return: 0 on success, negative error code on failure */ typedef int (*nat20device_dispatch_fn)(void* ctx, @@ -82,6 +87,10 @@ typedef int (*nat20device_dispatch_fn)(void* ctx, * The data is encoded as a CBOR indefinite-length array. See * examples/linux/README.md for the encoding specification. * + * This function may be called concurrently from multiple readers via the + * securityfs interface. The implementer must ensure that concurrent access + * to the underlying data is safe. + * * Return: Number of bytes read on success, negative error code on failure */ typedef ssize_t (*nat20device_dice_chain_read)(void* ctx, diff --git a/examples/linux/nat20device/nat20device.c b/examples/linux/nat20device/nat20device.c index 7a1de846..88822b18 100644 --- a/examples/linux/nat20device/nat20device.c +++ b/examples/linux/nat20device/nat20device.c @@ -80,10 +80,12 @@ struct nat20device_driver_instance { /** * struct nat20device_file_private - Per-file-descriptor state * @instance: Back-pointer to the owning driver instance + * @lock: Protects @response against concurrent read/write * @response: Response buffer from the most recent dispatch, or empty */ struct nat20device_file_private { struct nat20device_driver_instance* instance; + struct mutex lock; struct nat20device_buffer response; }; @@ -103,6 +105,7 @@ static int nat20device_open(struct inode* inode, struct file* filp) { if (!file_priv) return -ENOMEM; file_priv->instance = instance; + mutex_init(&file_priv->lock); filp->private_data = file_priv; return 0; } @@ -114,11 +117,8 @@ static int nat20device_release(struct inode* inode, struct file* filp) { (void)inode; struct nat20device_file_private* file_priv = filp->private_data; - /* Free any pending response buffer */ + mutex_destroy(&file_priv->lock); kfree(file_priv->response.data); - file_priv->response.data = NULL; - file_priv->response.size = 0; - kfree(file_priv); filp->private_data = NULL; @@ -155,6 +155,8 @@ static ssize_t nat20device_write(struct file* filp, return -EFAULT; } + mutex_lock(&file_priv->lock); + /* Free any previous response buffer */ kfree(file_priv->response.data); file_priv->response.data = NULL; @@ -170,6 +172,7 @@ static ssize_t nat20device_write(struct file* filp, ret = count; out: + mutex_unlock(&file_priv->lock); kfree(request_buf); return ret; } @@ -185,16 +188,22 @@ static ssize_t nat20device_read(struct file* filp, char __user* buf, size_t coun struct nat20device_file_private* file_priv = filp->private_data; size_t bytes_to_read; size_t bytes_remaining; - - /* Check if we have a response buffer */ - if (!file_priv->response.data) return -EAGAIN; + ssize_t ret; if (*f_pos < 0) return -EINVAL; + mutex_lock(&file_priv->lock); + + /* Check if we have a response buffer */ + if (!file_priv->response.data) { + ret = -EAGAIN; + goto out; + } + /* Calculate bytes remaining from current offset */ if (file_priv->response.size <= *f_pos) { - /* All data has been read */ - return 0; + ret = 0; + goto out; } bytes_remaining = file_priv->response.size - *f_pos; @@ -203,7 +212,8 @@ static ssize_t nat20device_read(struct file* filp, char __user* buf, size_t coun /* Copy to userspace */ if (copy_to_user(buf, (char*)file_priv->response.data + *f_pos, bytes_to_read)) { - return -EFAULT; + ret = -EFAULT; + goto out; } /* Update offset */ @@ -217,7 +227,11 @@ static ssize_t nat20device_read(struct file* filp, char __user* buf, size_t coun file_priv->response.size = 0; } - return bytes_to_read; + ret = bytes_to_read; + +out: + mutex_unlock(&file_priv->lock); + return ret; } static int nat20device_dice_chain_fops_open(struct inode* inode, struct file* filp) { From b491dbb2044bff35ba720a090d84c240933296a6 Mon Sep 17 00:00:00 2001 From: Janis Danisevskis Date: Tue, 5 May 2026 15:25:55 -0700 Subject: [PATCH 15/49] Add macro for max instances --- examples/linux/nat20device/nat20device.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/examples/linux/nat20device/nat20device.c b/examples/linux/nat20device/nat20device.c index 88822b18..8eaf8fa8 100644 --- a/examples/linux/nat20device/nat20device.c +++ b/examples/linux/nat20device/nat20device.c @@ -49,6 +49,7 @@ #include #define NAT20DEVICE_DEVICE_NAME "nat20" +#define NAT20DEVICE_MAX_INSTANCES 256 #define NAT20DEVICE_MAX_REQUEST_SIZE (1024 * 1024) /* 1 MB max request */ /** @@ -387,7 +388,8 @@ static int __init nat20device_device_init(void) { int ret; /* Allocate device numbers */ - ret = alloc_chrdev_region(&nat20device_dev_number, 0, 256, NAT20DEVICE_DEVICE_NAME); + ret = alloc_chrdev_region( + &nat20device_dev_number, 0, NAT20DEVICE_MAX_INSTANCES, NAT20DEVICE_DEVICE_NAME); if (ret < 0) { pr_err("NAT20: Failed to allocate device numbers: %d\n", ret); return ret; @@ -405,7 +407,7 @@ static int __init nat20device_device_init(void) { return 0; err_unregister_chrdev: - unregister_chrdev_region(nat20device_dev_number, 256); + unregister_chrdev_region(nat20device_dev_number, NAT20DEVICE_MAX_INSTANCES); return ret; } @@ -414,7 +416,7 @@ static void __exit nat20device_device_exit(void) { class_destroy(nat20device_class); /* Unregister device numbers */ - unregister_chrdev_region(nat20device_dev_number, 256); + unregister_chrdev_region(nat20device_dev_number, NAT20DEVICE_MAX_INSTANCES); pr_info("NAT20: Device framework exited\n"); } From 1afed4381d3d9e9b935e0a6357da5982339cee9f Mon Sep 17 00:00:00 2001 From: Janis Danisevskis Date: Tue, 5 May 2026 15:32:51 -0700 Subject: [PATCH 16/49] Update license in package config. --- examples/linux/br_external/package/nat20crypto/nat20crypto.mk | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/examples/linux/br_external/package/nat20crypto/nat20crypto.mk b/examples/linux/br_external/package/nat20crypto/nat20crypto.mk index d944e5e9..924805af 100644 --- a/examples/linux/br_external/package/nat20crypto/nat20crypto.mk +++ b/examples/linux/br_external/package/nat20crypto/nat20crypto.mk @@ -36,8 +36,8 @@ NAT20CRYPTO_VERSION = origin/main NAT20CRYPTO_SITE = https://github.com/aurora-opensource/libnat20.git NAT20CRYPTO_SITE_METHOD = git - -NAT20CRYPTO_LICENSE = GPL-2.0 +NAT20CRYPTO_LICENSE = Apache-2.0 OR GPL-2.0 +NAT20CRYPTO_LICENSE_FILES = LICENSE-Apache-2.0.txt LICENSE-GPL-2.0.txt NAT20CRYPTO_DEPENDENCIES += nat20lib NAT20CRYPTO_MODULE_MAKE_OPTS += NAT20CRYPTO_NAT20LIB_DIR=$(NAT20LIB_DIR)/examples/linux/nat20lib From 0eae0d8fd7a7240310137012188516d2fc2ccd2a Mon Sep 17 00:00:00 2001 From: Janis Danisevskis Date: Tue, 5 May 2026 15:34:50 -0700 Subject: [PATCH 17/49] tidy --- examples/linux/nat20crypto/Kbuild | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/examples/linux/nat20crypto/Kbuild b/examples/linux/nat20crypto/Kbuild index 6fc2de77..6dd050bf 100644 --- a/examples/linux/nat20crypto/Kbuild +++ b/examples/linux/nat20crypto/Kbuild @@ -37,9 +37,8 @@ KBUILD_EXTRA_SYMBOLS := $(NAT20CRYPTO_NAT20LIB_DIR)/Module.symvers obj-m := nat20crypto.o -# The following two paths are added to allow the module to include +# The following path is added to allow the module to include # crypto/ecc.h (or crypto/internal/ecc.h for 6.0+). -ccflags-y := -I $(src)/include ccflags-y += -I $(srctree) -ccflags-y += -I $(NAT20CRYPTO_NAT20LIB_DIR)/include +ccflags-y := -I $(src)/include ccflags-y += -std=gnu11 From 47f9055a89d86ed54a653ce0a6dfd23557380054 Mon Sep 17 00:00:00 2001 From: Janis Danisevskis Date: Tue, 5 May 2026 16:38:30 -0700 Subject: [PATCH 18/49] Add SECURITY.md and fix some issues. --- examples/linux/nat20crypto/SECURITY.md | 98 ++++++++++++++++++++++++ examples/linux/nat20crypto/nat20crypto.c | 23 ++++-- 2 files changed, 114 insertions(+), 7 deletions(-) create mode 100644 examples/linux/nat20crypto/SECURITY.md diff --git a/examples/linux/nat20crypto/SECURITY.md b/examples/linux/nat20crypto/SECURITY.md new file mode 100644 index 00000000..ca24b596 --- /dev/null +++ b/examples/linux/nat20crypto/SECURITY.md @@ -0,0 +1,98 @@ +# Security Assessment - nat20crypto + +This module implements the libnat20 crypto interface in terms of +kernel-provided primitives. It attempts to provide a functionally correct +implementation and makes an effort to clean sensitive key material from +memory. But it is **not suitable for production**, specifically the ECC +signing operation is not constant-time and susceptible to leaking private +key information through timing side channels. + +## Key Material Leak Analysis + +### Addressed + +- **`nat20crypto_sign`** — stack buffers `z`, `k`, `k_inv`, `rs` are wiped via + `memzero_explicit` on all exit paths. This covers the nonce, the inverted + nonce, the byte-swapped private key (in `k_inv` via the `key_bytes` alias), + and intermediate signature values. +- **`nat20crypto_key_destroy`** — uses `memzero_explicit` before `kfree`. +- **`nat20crypto_make_secret`** — the input `secret_in` buffer is caller-owned; + the output key is heap-allocated and properly zeroed on free. + +### Outstanding issues + +#### `n20_rfc6979_k_generation` internal state + +This function (from nat20lib) uses HMAC internally with the private key as +input. Whether its internal buffers are zeroed depends on its implementation. +Out of scope for this module but noted as a dependency. + +## Timing Side Channel Analysis + +### Threat model + +In a DICE boot-time context where signing happens once during module init with +no concurrent attacker (single-threaded init, no network, no user interaction), +timing side channels are not practically exploitable. For a general-purpose +signing oracle accessible from userspace, the issues below would be exploitable. + +### High risk + +#### `vli_mod_inv` — variable-time modular inverse + +The kernel's `vli_mod_inv` computes the modular inverse of `k` using a binary +extended GCD with data-dependent branches and loop counts. The number of +iterations depends on the value of `k`, leaking nonce information through +timing. Partial nonce knowledge enables private key recovery via lattice +attacks. + +#### `ecc_make_pub_key` — variable-time point multiplication + +The kernel's ECC point multiplication uses a double-and-add algorithm. Older +kernels (pre-6.10) use a naive implementation with data-dependent +doublings/additions, leaking the scalar `k` through timing. + +### Medium risk + +#### `vli_mod_mult_slow` — conditional subtraction + +The kernel's `vli_mod_mult_slow` is a shift-and-add modular multiplication. +The loop count is constant, but the conditional subtraction after each shift +(`if (result >= mod) result -= mod`) is data-dependent. This leaks +intermediate state of `d_A * r` and `k_inv * s`, exposing bits of the private +key and nonce inverse. + +#### Conditional mod-n reduction branches + +```c +if (vli_cmp(k, s, ndigits) <= 0) { + vli_sub(s, s, k, ndigits); +} else { + /* addition path */ +} +``` + +The branch taken depends on `s` which embeds `d_A * r`, leaking information +about the private key. + +### Low risk + +#### RFC 6979 / HMAC-SHA + +The kernel's SHA implementations are generally constant-time for the +compression function. HMAC processes fixed-size blocks. Low timing risk. + +#### `ecc_swap_digits` / `memcpy` / simple copies + +These process a fixed number of bytes regardless of value. Constant-time. + +### Summary table + +| Operation | Timing risk | Impact | +|---|---|---| +| `vli_mod_inv(k_inv, k, ...)` | Variable-time | Nonce leak, key recovery | +| `ecc_make_pub_key(k * G)` | Variable-time (pre-6.10) | Nonce leak, key recovery | +| `vli_mod_mult_slow(s, d_A, r)` | Conditional subtract | Private key leak | +| Conditional mod-n reduction | Branch on secret | Minor info leak | +| RFC 6979 / HMAC-SHA | Constant-time | Safe | +| `ecc_swap_digits` / copies | Constant-time | Safe | diff --git a/examples/linux/nat20crypto/nat20crypto.c b/examples/linux/nat20crypto/nat20crypto.c index c22fb0c9..aa35980c 100644 --- a/examples/linux/nat20crypto/nat20crypto.c +++ b/examples/linux/nat20crypto/nat20crypto.c @@ -242,7 +242,7 @@ static n20_error_t nat20crypto_kdf(struct n20_crypto_context_s* ctx, kfree(context_buffer); if (rc != n20_error_ok_e) { - return rc; + goto out; } switch (key_type_in) { @@ -253,7 +253,8 @@ static n20_error_t nat20crypto_kdf(struct n20_crypto_context_s* ctx, } memcpy(new_cdi_key->bits, derived, 32); *key_out = new_cdi_key; - return n20_error_ok_e; + rc = n20_error_ok_e; + goto out; } case n20_crypto_key_type_secp256r1_e: case n20_crypto_key_type_secp384r1_e: { @@ -263,7 +264,8 @@ static n20_error_t nat20crypto_kdf(struct n20_crypto_context_s* ctx, }; nat20crypto_key_t* new_ecc_key = nat20crypto_key_alloc(key_type_in); if (new_ecc_key == NULL) { - return n20_error_crypto_no_resources_e; + rc = n20_error_crypto_no_resources_e; + goto out; } n20_bn_t k_bn; @@ -279,10 +281,11 @@ static n20_error_t nat20crypto_kdf(struct n20_crypto_context_s* ctx, 0); if (rc != n20_error_ok_e) { nat20crypto_key_destroy(new_ecc_key); - return rc; + goto out; } *key_out = new_ecc_key; - return n20_error_ok_e; + rc = n20_error_ok_e; + goto out; } case n20_crypto_key_type_ed25519_e: @@ -292,7 +295,10 @@ static n20_error_t nat20crypto_kdf(struct n20_crypto_context_s* ctx, break; } - return n20_error_crypto_invalid_key_type_e; + rc = n20_error_crypto_invalid_key_type_e; +out: + memzero_explicit(derived, sizeof(derived)); + return rc; } /* The kernel's ECC library does not export a general scalar-point @@ -306,12 +312,15 @@ static int nat20crypto_mult_g(unsigned int curve_id, uint64_t* k, uint64_t* pubkey_xy) { #if LINUX_VERSION_CODE < KERNEL_VERSION(6, 10, 0) + int ret = 0; /* Before version 6.10.0 ecc_make_pub_key swapped the bytes * of the key, so we have to swap them back before calling * ecc_make_pub_key. */ uint64_t privkey[6] = {0}; ecc_swap_digits(k, privkey, ndigits); - return ecc_make_pub_key(curve_id, ndigits, privkey, pubkey_xy); + ret = ecc_make_pub_key(curve_id, ndigits, privkey, pubkey_xy); + memzero_explicit(privkey, sizeof(privkey)); + return ret; #else return ecc_make_pub_key(curve_id, ndigits, k, pubkey_xy); #endif From 6a478705553a25be5d470015b23ea45301ab12de Mon Sep 17 00:00:00 2001 From: Janis Danisevskis Date: Wed, 6 May 2026 15:16:35 -0700 Subject: [PATCH 19/49] fix error handling contract. --- examples/linux/nat20crypto/nat20crypto.c | 31 ++++++++++++++++++++++-- 1 file changed, 29 insertions(+), 2 deletions(-) diff --git a/examples/linux/nat20crypto/nat20crypto.c b/examples/linux/nat20crypto/nat20crypto.c index aa35980c..c75db759 100644 --- a/examples/linux/nat20crypto/nat20crypto.c +++ b/examples/linux/nat20crypto/nat20crypto.c @@ -105,6 +105,11 @@ static n20_error_t nat20crypto_digest(n20_crypto_digest_context_t* ctx, return n20_error_crypto_insufficient_buffer_size_e; } + if (msg_in == NULL) { + crypto_free_shash(md_tfm); + return n20_error_crypto_unexpected_null_data_e; + } + struct shash_desc* md_ctx = kmalloc(sizeof(struct shash_desc) + crypto_shash_descsize(md_tfm), GFP_KERNEL); if (md_ctx == NULL) { @@ -121,8 +126,11 @@ static n20_error_t nat20crypto_digest(n20_crypto_digest_context_t* ctx, } for (size_t list_index = 0; list_index < msg_count; ++list_index) { - if (msg_in[list_index].count == 0 || msg_in[list_index].list == NULL) { - continue; // Skip empty gather lists + if (msg_in[list_index].count == 0) continue; + if (msg_in[list_index].list == NULL) { + kfree(md_ctx); + crypto_free_shash(md_tfm); + return n20_error_crypto_unexpected_null_list_e; } for (size_t slice_index = 0; slice_index < msg_in[list_index].count; ++slice_index) { if (msg_in[list_index].list[slice_index].size == 0) continue; @@ -208,10 +216,21 @@ static n20_error_t nat20crypto_kdf(struct n20_crypto_context_s* ctx, return n20_error_crypto_unexpected_null_key_out_e; } + if (context_in == NULL) { + return n20_error_crypto_unexpected_null_data_e; + } + + if (context_in->count != 0 && context_in->list == NULL) { + return n20_error_crypto_unexpected_null_list_e; + } + /* Compute the total length of the context and copy it * into a consecutive buffer. */ size_t context_size = 0; for (size_t i = 0; i < context_in->count; ++i) { + if (context_in->list[i].size != 0 && context_in->list[i].buffer == NULL) { + return n20_error_crypto_unexpected_null_slice_e; + } context_size += context_in->list[i].size; } uint8_t* context_buffer = (uint8_t*)kmalloc(context_size, GFP_KERNEL); @@ -378,6 +397,14 @@ static n20_error_t nat20crypto_sign(struct n20_crypto_context_s* ctx, return n20_error_crypto_invalid_key_e; } + if (msg_in == NULL) { + return n20_error_crypto_unexpected_null_data_e; + } + + if (msg_in->count != 0 && msg_in->list == NULL) { + return n20_error_crypto_unexpected_null_list_e; + } + n20_error_t result = n20_error_crypto_implementation_specific_e; uint64_t z[6] = {0}; uint64_t k[6] = {0}; From 54014fdb5066fa5e74543dd9a670da7a2baac4e4 Mon Sep 17 00:00:00 2001 From: Janis Danisevskis Date: Wed, 6 May 2026 16:01:12 -0700 Subject: [PATCH 20/49] address comments --- examples/linux/nat20crypto/nat20crypto.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/examples/linux/nat20crypto/nat20crypto.c b/examples/linux/nat20crypto/nat20crypto.c index c75db759..2da1689b 100644 --- a/examples/linux/nat20crypto/nat20crypto.c +++ b/examples/linux/nat20crypto/nat20crypto.c @@ -118,6 +118,7 @@ static n20_error_t nat20crypto_digest(n20_crypto_digest_context_t* ctx, return n20_error_crypto_no_resources_e; } md_ctx->tfm = md_tfm; + md_ctx->flags = 0; if (0 > crypto_shash_init(md_ctx)) { kfree(md_ctx); @@ -506,7 +507,14 @@ static n20_error_t nat20crypto_sign(struct n20_crypto_context_s* ctx, /* Modular add z (H(m)) and s: s = (s + z) mod n. * Compute n - z into k (scratch). */ - vli_sub(k, curve->n, z, ndigits); + if (vli_cmp(z, curve->n, ndigits) >= 0) { + /* If z >= n we need to modular reduce z before negating, + * otherwise the subtraction below will underflow. */ + vli_sub(k, z, curve->n, ndigits); + vli_sub(k, curve->n, k, ndigits); + } else { + vli_sub(k, curve->n, z, ndigits); + }; if (vli_cmp(k, s, ndigits) <= 0) { /* If s >= n - z, we can compute s + z mod n as s - (n - z) <=> s - k. */ From f64578884e5cc651673b126147adb20a14ce80fa Mon Sep 17 00:00:00 2001 From: Janis Danisevskis Date: Wed, 6 May 2026 16:05:45 -0700 Subject: [PATCH 21/49] fixup KBuild --- examples/linux/nat20crypto/Kbuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/linux/nat20crypto/Kbuild b/examples/linux/nat20crypto/Kbuild index 6dd050bf..fc631572 100644 --- a/examples/linux/nat20crypto/Kbuild +++ b/examples/linux/nat20crypto/Kbuild @@ -40,5 +40,5 @@ obj-m := nat20crypto.o # The following path is added to allow the module to include # crypto/ecc.h (or crypto/internal/ecc.h for 6.0+). ccflags-y += -I $(srctree) +ccflags-y += -I $(NAT20CRYPTO_NAT20LIB_DIR)/include ccflags-y := -I $(src)/include -ccflags-y += -std=gnu11 From b6213717930d2ea902d518f570a146fa5c94181a Mon Sep 17 00:00:00 2001 From: Janis Danisevskis Date: Wed, 6 May 2026 16:24:04 -0700 Subject: [PATCH 22/49] fixups --- examples/linux/nat20crypto/Kbuild | 2 +- examples/linux/nat20crypto/nat20crypto.c | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/examples/linux/nat20crypto/Kbuild b/examples/linux/nat20crypto/Kbuild index fc631572..efeacfd0 100644 --- a/examples/linux/nat20crypto/Kbuild +++ b/examples/linux/nat20crypto/Kbuild @@ -39,6 +39,6 @@ obj-m := nat20crypto.o # The following path is added to allow the module to include # crypto/ecc.h (or crypto/internal/ecc.h for 6.0+). +ccflags-y := -I $(src)/include ccflags-y += -I $(srctree) ccflags-y += -I $(NAT20CRYPTO_NAT20LIB_DIR)/include -ccflags-y := -I $(src)/include diff --git a/examples/linux/nat20crypto/nat20crypto.c b/examples/linux/nat20crypto/nat20crypto.c index 2da1689b..0f814a5c 100644 --- a/examples/linux/nat20crypto/nat20crypto.c +++ b/examples/linux/nat20crypto/nat20crypto.c @@ -118,7 +118,6 @@ static n20_error_t nat20crypto_digest(n20_crypto_digest_context_t* ctx, return n20_error_crypto_no_resources_e; } md_ctx->tfm = md_tfm; - md_ctx->flags = 0; if (0 > crypto_shash_init(md_ctx)) { kfree(md_ctx); From b7b57a6ce960da46eb6a53ca4fa8af8be1dfd4e0 Mon Sep 17 00:00:00 2001 From: Janis Danisevskis Date: Wed, 6 May 2026 16:41:45 -0700 Subject: [PATCH 23/49] fix error path --- examples/linux/nat20crypto/nat20crypto.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/examples/linux/nat20crypto/nat20crypto.c b/examples/linux/nat20crypto/nat20crypto.c index 0f814a5c..75cceaac 100644 --- a/examples/linux/nat20crypto/nat20crypto.c +++ b/examples/linux/nat20crypto/nat20crypto.c @@ -268,7 +268,8 @@ static n20_error_t nat20crypto_kdf(struct n20_crypto_context_s* ctx, case n20_crypto_key_type_cdi_e: { nat20crypto_key_t* new_cdi_key = nat20crypto_key_alloc(n20_crypto_key_type_cdi_e); if (new_cdi_key == NULL) { - return n20_error_crypto_no_resources_e; + rc = n20_error_crypto_no_resources_e; + goto out; } memcpy(new_cdi_key->bits, derived, 32); *key_out = new_cdi_key; From 502f49c972f87d195df351ff533aa5c780b6f871 Mon Sep 17 00:00:00 2001 From: Janis Danisevskis Date: Wed, 6 May 2026 17:14:49 -0700 Subject: [PATCH 24/49] fix non standard deterministic DSA construction --- examples/linux/nat20crypto/nat20crypto.c | 24 +++--------------------- 1 file changed, 3 insertions(+), 21 deletions(-) diff --git a/examples/linux/nat20crypto/nat20crypto.c b/examples/linux/nat20crypto/nat20crypto.c index 75cceaac..2472e3d0 100644 --- a/examples/linux/nat20crypto/nat20crypto.c +++ b/examples/linux/nat20crypto/nat20crypto.c @@ -427,16 +427,6 @@ static n20_error_t nat20crypto_sign(struct n20_crypto_context_s* ctx, goto cleanup; } - n20_slice_t z_slice = { - .size = digest_size, - .buffer = (uint8_t*)s, - }; - - n20_crypto_gather_list_t gather_list = { - .count = 1, - .list = &z_slice, - }; - /* Convert digest to little-endian big number for modular arithmetic. * z is stable across loop iterations. */ ecc_swap_digits(s, z, ndigits); @@ -452,10 +442,7 @@ static n20_error_t nat20crypto_sign(struct n20_crypto_context_s* ctx, .words = (uint32_t*)k, }; - /* On the first iteration, s still holds the big-endian digest as needed by gather_list. - * It is clobbered during the loop body and must be restored between iterations. - * Since z is stable, s can be restored by swapping digits back from z. */ - for (unsigned int skip = 0; skip < 8; ++skip, ecc_swap_digits(z, s, ndigits)) { + for (unsigned int skip = 0; skip < 8; ++skip) { /* key_bytes aliases k_inv which is clobbered below. * Recompute on each iteration. */ ecc_swap_digits(priv_key->digits, key_bytes, ndigits); @@ -466,13 +453,8 @@ static n20_error_t nat20crypto_sign(struct n20_crypto_context_s* ctx, }; /* Generate k (deterministic per RFC 6979; skip selects the candidate). */ - n20_err = n20_rfc6979_k_generation(&ctx->digest_ctx, - digest_algorithm, - priv_key->type, - &key_slice, - &gather_list, - &k_bn, - skip); + n20_err = n20_rfc6979_k_generation( + &ctx->digest_ctx, digest_algorithm, priv_key->type, &key_slice, msg_in, &k_bn, skip); if (n20_err != n20_error_ok_e) { result = n20_err; goto cleanup; From f5e6efd634ee3c90b57975ffa16b1e4183d51be0 Mon Sep 17 00:00:00 2001 From: Janis Danisevskis Date: Wed, 6 May 2026 17:42:43 -0700 Subject: [PATCH 25/49] Change shash initialization order --- examples/linux/nat20crypto/nat20crypto.c | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/examples/linux/nat20crypto/nat20crypto.c b/examples/linux/nat20crypto/nat20crypto.c index 2472e3d0..1691be82 100644 --- a/examples/linux/nat20crypto/nat20crypto.c +++ b/examples/linux/nat20crypto/nat20crypto.c @@ -73,43 +73,44 @@ static n20_error_t nat20crypto_digest(n20_crypto_digest_context_t* ctx, } char const* digest_name = NULL; + size_t digest_size = 0; switch (alg_in) { case n20_crypto_digest_algorithm_sha2_224_e: digest_name = "sha224"; + digest_size = 28; break; case n20_crypto_digest_algorithm_sha2_256_e: digest_name = "sha256"; + digest_size = 32; break; case n20_crypto_digest_algorithm_sha2_384_e: digest_name = "sha384"; + digest_size = 48; break; case n20_crypto_digest_algorithm_sha2_512_e: digest_name = "sha512"; + digest_size = 64; break; default: return n20_error_crypto_unknown_algorithm_e; } - struct crypto_shash* md_tfm = crypto_alloc_shash(digest_name, 0, 0); - if (IS_ERR(md_tfm)) { - printk(KERN_ERR "Failed to allocate hash context: %ld\n", PTR_ERR(md_tfm)); - return n20_error_crypto_no_resources_e; - } - - size_t digest_size = crypto_shash_digestsize(md_tfm); - if (*digest_size_in_out < digest_size || digest_out == NULL) { *digest_size_in_out = digest_size; - crypto_free_shash(md_tfm); return n20_error_crypto_insufficient_buffer_size_e; } if (msg_in == NULL) { - crypto_free_shash(md_tfm); return n20_error_crypto_unexpected_null_data_e; } + struct crypto_shash* md_tfm = crypto_alloc_shash(digest_name, 0, 0); + if (IS_ERR(md_tfm)) { + printk(KERN_ERR "Failed to allocate hash context: %ld\n", PTR_ERR(md_tfm)); + return n20_error_crypto_no_resources_e; + } + struct shash_desc* md_ctx = kmalloc(sizeof(struct shash_desc) + crypto_shash_descsize(md_tfm), GFP_KERNEL); if (md_ctx == NULL) { From 3ded4087c4bc887bb0bb278eb517afa8fe417758 Mon Sep 17 00:00:00 2001 From: Janis Danisevskis Date: Thu, 7 May 2026 09:16:17 -0700 Subject: [PATCH 26/49] typo --- examples/linux/br_external/external.desc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/linux/br_external/external.desc b/examples/linux/br_external/external.desc index b23a9e37..ae41d055 100644 --- a/examples/linux/br_external/external.desc +++ b/examples/linux/br_external/external.desc @@ -34,4 +34,4 @@ # . name: NAT20 -desc: Provides NAT20 related packages package. +desc: Provides NAT20 related packages. From 94a513ceff50fe6e2f6e2cc0f8883e35a059a565 Mon Sep 17 00:00:00 2001 From: Janis Danisevskis Date: Thu, 7 May 2026 13:24:47 -0700 Subject: [PATCH 27/49] address comments --- examples/linux/nat20crypto/Makefile | 2 +- examples/linux/nat20crypto/nat20crypto.c | 16 ++++++++++++---- 2 files changed, 13 insertions(+), 5 deletions(-) diff --git a/examples/linux/nat20crypto/Makefile b/examples/linux/nat20crypto/Makefile index 2d54c0dd..9e8ba2a1 100644 --- a/examples/linux/nat20crypto/Makefile +++ b/examples/linux/nat20crypto/Makefile @@ -49,4 +49,4 @@ modules_install: clean: $(MAKE) -C $(KDIR) M=$$PWD clean -.PHONY: all modules clean +.PHONY: all modules modules_install clean diff --git a/examples/linux/nat20crypto/nat20crypto.c b/examples/linux/nat20crypto/nat20crypto.c index 1691be82..fcff5712 100644 --- a/examples/linux/nat20crypto/nat20crypto.c +++ b/examples/linux/nat20crypto/nat20crypto.c @@ -515,8 +515,14 @@ static n20_error_t nat20crypto_sign(struct n20_crypto_context_s* ctx, if (vli_is_zero(s, ndigits)) continue; - ecc_swap_digits(r, (uint64_t*)signature_out, ndigits); - ecc_swap_digits(s, ((uint64_t*)signature_out) + ndigits, ndigits); + /* Use k as scratch space for swapping the signature bytes. + * This avoids allocating additional memory. + * Swapping with signature_out as target directly may + * not work on all architectures due to alignment requirements. */ + ecc_swap_digits(r, k, ndigits); + memcpy(signature_out, k, ndigits * 8); + ecc_swap_digits(s, k, ndigits); + memcpy(signature_out + ndigits * 8, k, ndigits * 8); *signature_size_in_out = expected_signature_size; result = n20_error_ok_e; @@ -575,14 +581,16 @@ static n20_error_t nat20crypto_key_get_public_key(struct n20_crypto_context_s* c *public_key_size_in_out = public_key_size; - int err = nat20crypto_mult_g( - curve_id, priv_key->ndigits, priv_key->digits, (uint64_t*)public_key_out); + uint64_t xy[12] = {0}; // 64 bit aligned buffer for public key (x and y coordinates) + int err = nat20crypto_mult_g(curve_id, priv_key->ndigits, priv_key->digits, xy); if (err) { printk(KERN_ERR "Failed to generate public key: %d\n", err); return n20_error_crypto_implementation_specific_e; } + memcpy(public_key_out, xy, public_key_size); + return n20_error_ok_e; } From f7b2bd36d745cedc7d392a9a52529c6d6978185e Mon Sep 17 00:00:00 2001 From: Janis Danisevskis Date: Fri, 8 May 2026 15:42:51 -0700 Subject: [PATCH 28/49] Fix result size estimation. The result buffer size of the gnostic node implementation was not correct for various reasons. - n20_issue_certificate returned prematurely on the x509 rendering path if a NULL buffer was given or a buffer that was too small. - In addition, the signature encodings for P256/P384 have varying size. This means that the correct size cannot be determined without performing the signature, which cannot be computed with a buffer to render the TBS part of the certificate, and even if that was available, with non-deterministic ECDSA, the size estimate is not idempotent. This patch: * fixes n20_issue_certificate such that it computes the worst-case size of the X509 certificate. * Relaxes the size estimation contract such that it allows for overestimates. * Adds unit tests to check the size estimation contract. --- include/nat20/functionality.h | 40 ++- include/nat20/service/service.h | 40 +-- .../nat20/service/service_message_dispatch.h | 6 +- src/core/functionality.c | 102 +++++-- src/core/test/functionality.cpp | 268 +++++++++++++++++- src/service/test/gnostic.cpp | 168 +++++++++++ 6 files changed, 570 insertions(+), 54 deletions(-) diff --git a/include/nat20/functionality.h b/include/nat20/functionality.h index bccc5820..187e2106 100644 --- a/include/nat20/functionality.h +++ b/include/nat20/functionality.h @@ -521,15 +521,49 @@ extern n20_error_t n20_compute_certificate_context(n20_crypto_context_t *crypto_ * may be set in @p cert_info_in.eca_ee.nonce. * - @ref n20_cert_type_self_signed_e does not require any additional fields. * + * ## Size query + * + * If @p certificate_out is NULL, the function determines the required buffer + * size without performing cryptographic operations (no key derivation, no + * signing) and returns @ref n20_error_insufficient_buffer_size_e with + * @p *certificate_size_in_out set to the required size. + * + * If @p certificate_out is non-NULL but the buffer is too small, the function + * also returns @ref n20_error_insufficient_buffer_size_e with + * @p *certificate_size_in_out set to the required size. In the X.509 case, + * key derivation is performed (to obtain the real serial numbers) but signing + * is skipped. + * + * The precision of the reported size depends on the certificate format: + * - **COSE**: The reported size is exact. COSE encodes signatures as + * fixed-length byte strings, so the encoded size is fully determined by + * the key types and payload content. + * - **X.509**: The reported size is a worst-case upper bound. There are + * two sources of variability: + * 1. ECDSA signatures are DER-encoded as a SEQUENCE of two INTEGERs, + * and DER INTEGER encoding length varies depending on whether the + * leading bit of each coordinate is set (requiring a 0x00 padding + * byte). The estimate assumes maximum-length encoding for both + * coordinates. For Ed25519, the signature is a fixed-length bit + * string and does not contribute to variability. + * 2. The issuer and subject serial numbers (CDI IDs) are DER-encoded + * as INTEGERs, and leading zeros are stripped. The estimate assumes + * maximum-length encoding (no leading zeros). The actual serial + * numbers may be shorter if the hash-derived values happen to have + * leading zero bytes. + * + * In practice the overestimate is small (a few bytes). + * * @param crypto_ctx * @param issuer_secret_in * @param issuer_key_type_in * @param subject_key_type_in * @param cert_info_in * @param certificate_format_in - * @param certificate_out - * @param certificate_size_in_out - * @return n20_error_t + * @param certificate_out May be NULL to query the required buffer size. + * @param certificate_size_in_out In: buffer capacity. Out: required or used size. + * @return @ref n20_error_ok_e on success, + * @ref n20_error_insufficient_buffer_size_e if the buffer is NULL or too small. */ extern n20_error_t n20_issue_certificate(n20_crypto_context_t *crypto_ctx, n20_crypto_key_t issuer_secret_in, diff --git a/include/nat20/service/service.h b/include/nat20/service/service.h index b2e69e6a..d84c0baf 100644 --- a/include/nat20/service/service.h +++ b/include/nat20/service/service.h @@ -84,15 +84,17 @@ struct n20_service_ops_s { * * The serialized certificate is placed at the end of the buffer. * On entry @p *attestation_certificate_size is the total size of the buffer. - * On success, or when @ref n20_error_insufficient_buffer_size_e is returned, - * it must be set to the number of certificate bytes written or the required buffer - * size respectively. - * + * On success it must be set to the number of certificate bytes written. + * When @ref n20_error_insufficient_buffer_size_e is returned, it must be set + * to the required buffer size. The reported size may slightly overestimate + * the actual size needed, but is guaranteed to be sufficient for the final + * result when the function is called again with the same arguments. * * @param ctx Opaque implementation context. * @param request CDI certificate request payload. * @param attestation_certificate Output buffer for the certificate. - * @param attestation_certificate_size In: buffer capacity. Out: bytes written. + * @param attestation_certificate_size In: buffer capacity. Out: bytes written + * or required size. * @return @ref n20_error_ok_e on success, an error code otherwise. */ n20_error_t (*n20_srv_issue_cdi_certificate)(void* ctx, @@ -109,14 +111,16 @@ struct n20_service_ops_s { * * The serialized certificate is placed at the end of the buffer. * On entry @p *certificate_size is the total size of the buffer. - * On success, or when @ref n20_error_insufficient_buffer_size_e is returned, - * it must be set to the number of certificate bytes written or the required buffer - * size respectively. + * On success it must be set to the number of certificate bytes written. + * When @ref n20_error_insufficient_buffer_size_e is returned, it must be set + * to the required buffer size. The reported size may slightly overestimate + * the actual size needed, but is guaranteed to be sufficient for the final + * result when the function is called again with the same arguments. * * @param ctx Opaque implementation context. * @param request ECA certificate request payload. * @param certificate Output buffer for the certificate. - * @param certificate_size In: buffer capacity. Out: bytes written. + * @param certificate_size In: buffer capacity. Out: bytes written or required size. * @return @ref n20_error_ok_e on success, an error code otherwise. */ n20_error_t (*n20_srv_issue_eca_certificate)(void* ctx, @@ -133,14 +137,16 @@ struct n20_service_ops_s { * * The serialized certificate is placed at the end of the buffer. * On entry @p *certificate_size is the total size of the buffer. - * On success, or when @ref n20_error_insufficient_buffer_size_e is returned, - * it must be set to the number of certificate bytes written or the required buffer - * size respectively. + * On success it must be set to the number of certificate bytes written. + * When @ref n20_error_insufficient_buffer_size_e is returned, it must be set + * to the required buffer size. The reported size may slightly overestimate + * the actual size needed, but is guaranteed to be sufficient for the final + * result when the function is called again with the same arguments. * * @param ctx Opaque implementation context. * @param request ECA end-entity certificate request payload. * @param certificate Output buffer for the certificate. - * @param certificate_size In: buffer capacity. Out: bytes written. + * @param certificate_size In: buffer capacity. Out: bytes written or required size. * @return @ref n20_error_ok_e on success, an error code otherwise. */ n20_error_t (*n20_srv_issue_eca_ee_certificate)(void* ctx, @@ -158,14 +164,14 @@ struct n20_service_ops_s { * * The serialized signature is placed at the end of the buffer. * On entry @p *signature_size is the total size of the buffer. - * On success, or when @ref n20_error_insufficient_buffer_size_e is returned, - * it must be set to the number of signature bytes written or the required buffer - * size respectively. + * On success it must be set to the number of signature bytes written. + * When @ref n20_error_insufficient_buffer_size_e is returned, it must be set + * to the required buffer size. For raw signatures the reported size is exact. * * @param ctx Opaque implementation context. * @param request ECA end-entity sign request payload. * @param signature Output buffer for the signature. - * @param signature_size In: buffer capacity. Out: bytes written. + * @param signature_size In: buffer capacity. Out: bytes written or required size. * @return @ref n20_error_ok_e on success, an error code otherwise. */ n20_error_t (*n20_srv_eca_ee_sign)(void* ctx, diff --git a/include/nat20/service/service_message_dispatch.h b/include/nat20/service/service_message_dispatch.h index 2ee51dc5..4342af0c 100644 --- a/include/nat20/service/service_message_dispatch.h +++ b/include/nat20/service/service_message_dispatch.h @@ -100,9 +100,13 @@ typedef struct n20_service_message_dispatch_ctx_s n20_service_message_dispatch_c * * @ref n20_error_unexpected_null_service_ops_e if @p ctx->ops is NULL. * * @ref n20_error_unexpected_null_buffer_size_e if @p response_size_in_out is NULL. * * @ref n20_error_insufficient_buffer_size_e if the provided response buffer is too - * * small to hold the response or error message. This error may also be returned by + * small to hold the response or error message. This error may also be returned by * the underlying service operations. As an exception, this error is intercepted * and returned directly by the dispatcher to allow the caller to resize the buffer. + * When this error is returned, @p *response_size_in_out is set to the required + * buffer size. This value may slightly overestimate the actual size needed, but + * is guaranteed to be sufficient for the final result when the function is called + * again with the same arguments and a buffer of the reported size. * * ## Service errors: * If the dispatcher successfully calls the appropriate service operation but that diff --git a/src/core/functionality.c b/src/core/functionality.c index 45eeaa7b..f9c934e6 100644 --- a/src/core/functionality.c +++ b/src/core/functionality.c @@ -498,29 +498,50 @@ n20_error_t n20_issue_x509_cert(n20_open_dice_cert_info_t const* cert_info, tbs.subject_name.elements[0] = (n20_x509_rdn_t){&OID_SERIAL_NUMBER, .bytes = cert_info->subject}; - // Create a new stream for the attestation certificate + bool compute_size_mode = (certificate == NULL || *certificate_size == 0); + n20_stream_t stream; - n20_stream_init(&stream, certificate, *certificate_size); - n20_x509_cert_tbs(&stream, &tbs); - if (n20_stream_has_buffer_overflow(&stream)) { - if (n20_stream_has_write_position_overflow(&stream)) { - return n20_error_write_position_overflow_e; + if (!compute_size_mode) { + // Create a new stream for the attestation certificate + n20_stream_init(&stream, certificate, *certificate_size); + n20_x509_cert_tbs(&stream, &tbs); + if (n20_stream_has_buffer_overflow(&stream)) { + if (n20_stream_has_write_position_overflow(&stream)) { + return n20_error_write_position_overflow_e; + } + compute_size_mode = true; } - *certificate_size = n20_stream_byte_count(&stream); - return n20_error_insufficient_buffer_size_e; } - // Sign the to-be-signed part of the certificate. - uint8_t signature[96]; + uint8_t signature[96] = {0}; size_t signature_size = sizeof(signature); - err = signer->cb( - signer, - (n20_slice_t){.size = n20_stream_byte_count(&stream), .buffer = n20_stream_data(&stream)}, - signature, - &signature_size); - if (err != n20_error_ok_e) { - return err; + if (!compute_size_mode) { + // Sign the to-be-signed part of the certificate. + err = signer->cb(signer, + (n20_slice_t){.size = n20_stream_byte_count(&stream), + .buffer = n20_stream_data(&stream)}, + signature, + &signature_size); + if (err != n20_error_ok_e) { + return err; + } + } else { + /* If we are in compute size mode, we can skip signing and just + * use the maximum signature size for the given key type. */ + switch (issuer_key_type) { + case n20_crypto_key_type_ed25519_e: + case n20_crypto_key_type_secp256r1_e: + signature_size = 64; + break; + case n20_crypto_key_type_secp384r1_e: + signature_size = 96; + break; + default: + return n20_error_crypto_unknown_algorithm_e; // Unsupported algorithm + } + // Fill the signature with dummy data to ensure that the stream calculates the m + memset(signature, 0xff, signature_size); } /* Reinitialize the stream. */ @@ -1005,6 +1026,7 @@ n20_error_t n20_issue_certificate(n20_crypto_context_t* crypto_ctx, if (cert_info_in == NULL) { return n20_error_unexpected_null_certificate_info_e; } + n20_error_t err = n20_error_ok_e; n20_crypto_key_t signing_key = NULL; n20_cdi_id_t issuer_serial_number = {0}; @@ -1056,18 +1078,40 @@ n20_error_t n20_issue_certificate(n20_crypto_context_t* crypto_ctx, subject_key_type_in = issuer_key_type_in; } - n20_error_t err = n20_compute_certificate_context(crypto_ctx, - issuer_secret_in, - cert_info_in, - issuer_key_type_in, - subject_key_type_in, - &signing_key, - issuer_serial_number, - subject_serial_number, - public_key, - &public_key_size); - if (err != n20_error_ok_e) { - return err; + if (certificate_out != NULL) { + err = n20_compute_certificate_context(crypto_ctx, + issuer_secret_in, + cert_info_in, + issuer_key_type_in, + subject_key_type_in, + &signing_key, + issuer_serial_number, + subject_serial_number, + public_key, + &public_key_size); + if (err != n20_error_ok_e) { + return err; + } + } else { + /* Size-query mode: fill serial numbers with worst-case values + * to ensure DER INTEGER encoding uses maximum length. + * CDI IDs always have the high bit cleared, so 0x7f is the + * maximum first byte that avoids a leading-zero pad. */ + memset(issuer_serial_number, 0x7f, sizeof(n20_cdi_id_t)); + memset(subject_serial_number, 0x7f, sizeof(n20_cdi_id_t)); + switch (subject_key_type_in) { + case n20_crypto_key_type_secp256r1_e: + public_key_size = 64; + break; + case n20_crypto_key_type_secp384r1_e: + public_key_size = 96; + break; + case n20_crypto_key_type_ed25519_e: + public_key_size = 32; + break; + default: + return n20_error_crypto_invalid_key_type_e; + } } /* If the key type is one of the supported NIST curves, diff --git a/src/core/test/functionality.cpp b/src/core/test/functionality.cpp index bacaeb7f..1cdd7e6b 100644 --- a/src/core/test/functionality.cpp +++ b/src/core/test/functionality.cpp @@ -174,7 +174,7 @@ struct BsslTestFixtureCryptoContext : public n20_crypto_context_t { BsslTestFixtureCryptoContext* bctx = reinterpret_cast(ctx); n20_error_t err = bctx->backup.key_free(ctx, key); - if (err == n20_error_ok_e) { + if (err == n20_error_ok_e && key != nullptr) { bctx->active_key_handles--; } return err; @@ -535,6 +535,169 @@ TEST_F(FunctionalityX509Test, IssueX509CertificateWriteBufferOverflowAfterSignin ASSERT_EQ(certificate_size, 264); } +class CertificateSizeEstimationTest + : public BsslTestFixtureBase, + public ::testing::WithParamInterface< + std::tuple> {}; + +INSTANTIATE_TEST_SUITE_P(CertificateSizeEstimationTestInstance, + CertificateSizeEstimationTest, + ::testing::Combine(::testing::Values(n20_crypto_key_type_ed25519_e, + n20_crypto_key_type_secp256r1_e, + n20_crypto_key_type_secp384r1_e), + ::testing::Values(n20_crypto_key_type_ed25519_e, + n20_crypto_key_type_secp256r1_e, + n20_crypto_key_type_secp384r1_e), + ::testing::Values(n20_cert_type_self_signed_e, + n20_cert_type_cdi_e, + n20_cert_type_eca_e, + n20_cert_type_eca_ee_e))); + +TEST_P(CertificateSizeEstimationTest, NullBufferReportsWorstCaseSize) { + auto [issuer_key_type, subject_key_type, cert_type] = GetParam(); + + n20_crypto_key_t issuer_secret = this->GetCdi(); + KEY_HANDLE_GUARD(issuer_secret); + + n20_open_dice_cert_info_t cert_info = {}; + cert_info.cert_type = cert_type; + switch (cert_type) { + case n20_cert_type_self_signed_e: + break; + case n20_cert_type_cdi_e: + cert_info.open_dice_input = TEST_OPEN_DICE_INPUT; + break; + case n20_cert_type_eca_e: + cert_info.eca.nonce = vec2slice(TEST_NONCE); + break; + case n20_cert_type_eca_ee_e: + cert_info.eca_ee.nonce = vec2slice(TEST_NONCE); + cert_info.eca_ee.name = N20_STR_C("Test EE"); + break; + default: + GTEST_FAIL() << "Unsupported certificate type"; + return; + } + + size_t estimated_size = 0; + ASSERT_EQ(n20_error_insufficient_buffer_size_e, + n20_issue_certificate(crypto_ctx, + issuer_secret, + issuer_key_type, + subject_key_type, + &cert_info, + n20_certificate_format_x509_e, + nullptr, + &estimated_size)); + ASSERT_GT(estimated_size, 0); + + cert_info = {}; + cert_info.cert_type = cert_type; + switch (cert_type) { + case n20_cert_type_self_signed_e: + break; + case n20_cert_type_cdi_e: + cert_info.open_dice_input = TEST_OPEN_DICE_INPUT; + break; + case n20_cert_type_eca_e: + cert_info.eca.nonce = vec2slice(TEST_NONCE); + break; + case n20_cert_type_eca_ee_e: + cert_info.eca_ee.nonce = vec2slice(TEST_NONCE); + cert_info.eca_ee.name = N20_STR_C("Test EE"); + break; + default: + break; + } + + std::vector certificate(estimated_size); + size_t actual_size = estimated_size; + ASSERT_EQ(n20_error_ok_e, + n20_issue_certificate(crypto_ctx, + issuer_secret, + issuer_key_type, + subject_key_type, + &cert_info, + n20_certificate_format_x509_e, + certificate.data(), + &actual_size)); + EXPECT_LE(actual_size, estimated_size) + << "Actual certificate size exceeds the estimated worst-case size"; +} + +TEST_P(CertificateSizeEstimationTest, InsufficientBufferReportsWorstCaseSize) { + auto [issuer_key_type, subject_key_type, cert_type] = GetParam(); + + n20_crypto_key_t issuer_secret = this->GetCdi(); + KEY_HANDLE_GUARD(issuer_secret); + + n20_open_dice_cert_info_t cert_info = {}; + cert_info.cert_type = cert_type; + switch (cert_type) { + case n20_cert_type_self_signed_e: + break; + case n20_cert_type_cdi_e: + cert_info.open_dice_input = TEST_OPEN_DICE_INPUT; + break; + case n20_cert_type_eca_e: + cert_info.eca.nonce = vec2slice(TEST_NONCE); + break; + case n20_cert_type_eca_ee_e: + cert_info.eca_ee.nonce = vec2slice(TEST_NONCE); + cert_info.eca_ee.name = N20_STR_C("Test EE"); + break; + default: + GTEST_FAIL() << "Unsupported certificate type"; + return; + } + + uint8_t small_buffer[16] = {}; + size_t estimated_size = sizeof(small_buffer); + ASSERT_EQ(n20_error_insufficient_buffer_size_e, + n20_issue_certificate(crypto_ctx, + issuer_secret, + issuer_key_type, + subject_key_type, + &cert_info, + n20_certificate_format_x509_e, + small_buffer, + &estimated_size)); + ASSERT_GT(estimated_size, sizeof(small_buffer)); + + cert_info = {}; + cert_info.cert_type = cert_type; + switch (cert_type) { + case n20_cert_type_self_signed_e: + break; + case n20_cert_type_cdi_e: + cert_info.open_dice_input = TEST_OPEN_DICE_INPUT; + break; + case n20_cert_type_eca_e: + cert_info.eca.nonce = vec2slice(TEST_NONCE); + break; + case n20_cert_type_eca_ee_e: + cert_info.eca_ee.nonce = vec2slice(TEST_NONCE); + cert_info.eca_ee.name = N20_STR_C("Test EE"); + break; + default: + break; + } + + std::vector certificate(estimated_size); + size_t actual_size = estimated_size; + ASSERT_EQ(n20_error_ok_e, + n20_issue_certificate(crypto_ctx, + issuer_secret, + issuer_key_type, + subject_key_type, + &cert_info, + n20_certificate_format_x509_e, + certificate.data(), + &actual_size)); + EXPECT_LE(actual_size, estimated_size) + << "Actual certificate size exceeds the estimated worst-case size"; +} + std::vector TEST_ECA_CERT = { 0x30, 0x81, 0xed, 0x30, 0x81, 0x80, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x30, 0x0b, 0x31, 0x09, 0x30, 0x07, 0x06, 0x03, 0x55, 0x04, 0x05, @@ -1640,6 +1803,8 @@ TEST_F(IssueCertificateTestFixture, UnsupportedCertificateType) { TEST_F(IssueCertificateTestFixture, ForwardComputeCertificateContextError) { n20_open_dice_cert_info_t cert_info = {}; cert_info.cert_type = n20_cert_type_eca_ee_e; + uint8_t certificate[512] = {}; + size_t certificate_size = sizeof(certificate); auto err = n20_issue_certificate(crypto_ctx, nullptr, @@ -1647,8 +1812,8 @@ TEST_F(IssueCertificateTestFixture, ForwardComputeCertificateContextError) { n20_crypto_key_type_ed25519_e, &cert_info, n20_certificate_format_x509_e, - nullptr, - nullptr); + certificate, + &certificate_size); ASSERT_EQ(err, n20_error_crypto_unexpected_null_key_in_e); } @@ -2001,4 +2166,99 @@ TEST_F(FunctionalityCwtCoseTest, CoseSign1PayloadForwardCryptoError) { output.data(), &cose_sign1_size)); } -#endif // N20_WITH_COSE == 1 \ No newline at end of file + +class CoseCertSizeTest : public BsslTestFixtureBase, + public ::testing::WithParamInterface< + std::tuple> {}; + +INSTANTIATE_TEST_SUITE_P(CoseCertSizeTestInstance, + CoseCertSizeTest, + ::testing::Combine(::testing::Values(n20_crypto_key_type_ed25519_e, + n20_crypto_key_type_secp256r1_e, + n20_crypto_key_type_secp384r1_e), + ::testing::Values(n20_crypto_key_type_ed25519_e, + n20_crypto_key_type_secp256r1_e, + n20_crypto_key_type_secp384r1_e))); + +TEST_P(CoseCertSizeTest, NullBufferReportsExactSize) { + auto [issuer_key_type, subject_key_type] = GetParam(); + + n20_crypto_key_t issuer_secret = this->GetCdi(); + KEY_HANDLE_GUARD(issuer_secret); + + n20_open_dice_cert_info_t cert_info = {}; + cert_info.cert_type = n20_cert_type_cdi_e; + cert_info.open_dice_input = TEST_OPEN_DICE_INPUT; + + size_t estimated_size = 0; + ASSERT_EQ(n20_error_insufficient_buffer_size_e, + n20_issue_certificate(crypto_ctx, + issuer_secret, + issuer_key_type, + subject_key_type, + &cert_info, + n20_certificate_format_cose_e, + nullptr, + &estimated_size)); + ASSERT_GT(estimated_size, 0u); + + cert_info = {}; + cert_info.cert_type = n20_cert_type_cdi_e; + cert_info.open_dice_input = TEST_OPEN_DICE_INPUT; + + std::vector certificate(estimated_size); + size_t actual_size = estimated_size; + ASSERT_EQ(n20_error_ok_e, + n20_issue_certificate(crypto_ctx, + issuer_secret, + issuer_key_type, + subject_key_type, + &cert_info, + n20_certificate_format_cose_e, + certificate.data(), + &actual_size)); + EXPECT_EQ(actual_size, estimated_size) << "COSE certificate size should be exactly predicted"; +} + +TEST_P(CoseCertSizeTest, InsufficientBufferReportsExactSize) { + auto [issuer_key_type, subject_key_type] = GetParam(); + + n20_crypto_key_t issuer_secret = this->GetCdi(); + KEY_HANDLE_GUARD(issuer_secret); + + n20_open_dice_cert_info_t cert_info = {}; + cert_info.cert_type = n20_cert_type_cdi_e; + cert_info.open_dice_input = TEST_OPEN_DICE_INPUT; + + uint8_t small_buffer[16] = {}; + size_t estimated_size = sizeof(small_buffer); + ASSERT_EQ(n20_error_insufficient_buffer_size_e, + n20_issue_certificate(crypto_ctx, + issuer_secret, + issuer_key_type, + subject_key_type, + &cert_info, + n20_certificate_format_cose_e, + small_buffer, + &estimated_size)); + ASSERT_GT(estimated_size, sizeof(small_buffer)); + + cert_info = {}; + cert_info.cert_type = n20_cert_type_cdi_e; + cert_info.open_dice_input = TEST_OPEN_DICE_INPUT; + + std::vector certificate(estimated_size); + size_t actual_size = estimated_size; + ASSERT_EQ(n20_error_ok_e, + n20_issue_certificate(crypto_ctx, + issuer_secret, + issuer_key_type, + subject_key_type, + &cert_info, + n20_certificate_format_cose_e, + certificate.data(), + &actual_size)); + EXPECT_EQ(actual_size, estimated_size) << "COSE certificate size should be exactly predicted"; +} + +#endif // N20_WITH_COSE == 1 diff --git a/src/service/test/gnostic.cpp b/src/service/test/gnostic.cpp index 674b50ee..a8c1547f 100644 --- a/src/service/test/gnostic.cpp +++ b/src/service/test/gnostic.cpp @@ -50,6 +50,7 @@ #include #include #include +#include namespace { @@ -751,4 +752,171 @@ TEST_F(GnosticNodeTest, ResolvePathFreesIntermediateDerivedKeyIfPathParsingError EXPECT_EQ(1u, mock_crypto_context_.free_key_calls); } +// --------------------------------------------------------------------------- +// Size estimation tests +// --------------------------------------------------------------------------- + +class GnosticSizeEstimationTest : public GnosticNodeTest, + public ::testing::WithParamInterface {}; + +INSTANTIATE_TEST_SUITE_P(AllKeyTypes, + GnosticSizeEstimationTest, + ::testing::Values(n20_crypto_key_type_ed25519_e, + n20_crypto_key_type_secp256r1_e, + n20_crypto_key_type_secp384r1_e)); + +#if N20_WITH_X509 == 1 + +TEST_P(GnosticSizeEstimationTest, CdiCertX509NullBufferSizeEstimate) { + auto key_type = GetParam(); + n20_msg_issue_cdi_cert_request_t req{}; + req.parent_path = valid_path(); + req.parent_path.length = 0; + req.issuer_key_type = key_type; + req.subject_key_type = key_type; + req.certificate_format = n20_certificate_format_x509_e; + + size_t estimated_size = 0; + ASSERT_EQ(n20_error_insufficient_buffer_size_e, + n20_gnostic_service_ops.n20_srv_issue_cdi_certificate( + &state_, &req, nullptr, &estimated_size)); + ASSERT_GT(estimated_size, 0u); + + std::vector buffer(estimated_size); + size_t actual_size = estimated_size; + ASSERT_EQ(n20_error_ok_e, + n20_gnostic_service_ops.n20_srv_issue_cdi_certificate( + &state_, &req, buffer.data(), &actual_size)); + EXPECT_LE(actual_size, estimated_size); +} + +TEST_P(GnosticSizeEstimationTest, CdiCertX509SmallBufferSizeEstimate) { + auto key_type = GetParam(); + n20_msg_issue_cdi_cert_request_t req{}; + req.parent_path = valid_path(); + req.parent_path.length = 0; + req.issuer_key_type = key_type; + req.subject_key_type = key_type; + req.certificate_format = n20_certificate_format_x509_e; + + uint8_t small_buffer[16] = {}; + size_t estimated_size = sizeof(small_buffer); + ASSERT_EQ(n20_error_insufficient_buffer_size_e, + n20_gnostic_service_ops.n20_srv_issue_cdi_certificate( + &state_, &req, small_buffer, &estimated_size)); + ASSERT_GT(estimated_size, sizeof(small_buffer)); + + std::vector buffer(estimated_size); + size_t actual_size = estimated_size; + ASSERT_EQ(n20_error_ok_e, + n20_gnostic_service_ops.n20_srv_issue_cdi_certificate( + &state_, &req, buffer.data(), &actual_size)); + EXPECT_LE(actual_size, estimated_size); +} + +TEST_P(GnosticSizeEstimationTest, EcaCertX509NullBufferSizeEstimate) { + auto key_type = GetParam(); + n20_msg_issue_eca_cert_request_t req{}; + req.parent_path = valid_path(); + req.parent_path.length = 0; + req.issuer_key_type = key_type; + req.subject_key_type = key_type; + req.certificate_format = n20_certificate_format_x509_e; + req.challenge = {0, nullptr}; + + size_t estimated_size = 0; + ASSERT_EQ(n20_error_insufficient_buffer_size_e, + n20_gnostic_service_ops.n20_srv_issue_eca_certificate( + &state_, &req, nullptr, &estimated_size)); + ASSERT_GT(estimated_size, 0u); + + std::vector buffer(estimated_size); + size_t actual_size = estimated_size; + ASSERT_EQ(n20_error_ok_e, + n20_gnostic_service_ops.n20_srv_issue_eca_certificate( + &state_, &req, buffer.data(), &actual_size)); + EXPECT_LE(actual_size, estimated_size); +} + +TEST_P(GnosticSizeEstimationTest, EcaEeCertX509NullBufferSizeEstimate) { + auto key_type = GetParam(); + std::array const key_usage_data = {0x01}; + n20_msg_issue_eca_ee_cert_request_t req{}; + req.parent_path = valid_path(); + req.parent_path.length = 0; + req.issuer_key_type = key_type; + req.subject_key_type = key_type; + req.certificate_format = n20_certificate_format_x509_e; + req.name = {3, "key"}; + req.key_usage = {key_usage_data.size(), const_cast(key_usage_data.data())}; + req.challenge = {0, nullptr}; + + size_t estimated_size = 0; + ASSERT_EQ(n20_error_insufficient_buffer_size_e, + n20_gnostic_service_ops.n20_srv_issue_eca_ee_certificate( + &state_, &req, nullptr, &estimated_size)); + ASSERT_GT(estimated_size, 0u); + + std::vector buffer(estimated_size); + size_t actual_size = estimated_size; + ASSERT_EQ(n20_error_ok_e, + n20_gnostic_service_ops.n20_srv_issue_eca_ee_certificate( + &state_, &req, buffer.data(), &actual_size)); + EXPECT_LE(actual_size, estimated_size); +} + +#endif // N20_WITH_X509 == 1 + +#if N20_WITH_COSE == 1 + +TEST_P(GnosticSizeEstimationTest, CdiCertCoseNullBufferSizeEstimate) { + auto key_type = GetParam(); + n20_msg_issue_cdi_cert_request_t req{}; + req.parent_path = valid_path(); + req.parent_path.length = 0; + req.issuer_key_type = key_type; + req.subject_key_type = key_type; + req.certificate_format = n20_certificate_format_cose_e; + + size_t estimated_size = 0; + ASSERT_EQ(n20_error_insufficient_buffer_size_e, + n20_gnostic_service_ops.n20_srv_issue_cdi_certificate( + &state_, &req, nullptr, &estimated_size)); + ASSERT_GT(estimated_size, 0u); + + std::vector buffer(estimated_size); + size_t actual_size = estimated_size; + ASSERT_EQ(n20_error_ok_e, + n20_gnostic_service_ops.n20_srv_issue_cdi_certificate( + &state_, &req, buffer.data(), &actual_size)); + EXPECT_EQ(actual_size, estimated_size); +} + +#endif // N20_WITH_COSE == 1 + +TEST_P(GnosticSizeEstimationTest, EcaSignNullBufferSizeEstimate) { + auto key_type = GetParam(); + std::array const key_usage_data = {0x01}; + std::array const message_data = {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08}; + n20_msg_eca_ee_sign_request_t req{}; + req.parent_path = valid_path(); + req.parent_path.length = 0; + req.subject_key_type = key_type; + req.name = {3, "key"}; + req.key_usage = {key_usage_data.size(), const_cast(key_usage_data.data())}; + req.message = {message_data.size(), const_cast(message_data.data())}; + + size_t estimated_size = 0; + ASSERT_EQ(n20_error_insufficient_buffer_size_e, + n20_gnostic_service_ops.n20_srv_eca_ee_sign(&state_, &req, nullptr, &estimated_size)); + ASSERT_GT(estimated_size, 0u); + + std::vector buffer(estimated_size); + size_t actual_size = estimated_size; + ASSERT_EQ( + n20_error_ok_e, + n20_gnostic_service_ops.n20_srv_eca_ee_sign(&state_, &req, buffer.data(), &actual_size)); + EXPECT_EQ(actual_size, estimated_size); +} + } // namespace From c10d6166c7bf736ebb5c6ad0ce30d0df5010907e Mon Sep 17 00:00:00 2001 From: Janis Danisevskis Date: Fri, 8 May 2026 19:03:00 -0700 Subject: [PATCH 29/49] Fix underestimating size when overflowing after signing. --- src/core/functionality.c | 101 +++++++++++++++++++------------- src/core/test/functionality.cpp | 4 +- 2 files changed, 63 insertions(+), 42 deletions(-) diff --git a/src/core/functionality.c b/src/core/functionality.c index f9c934e6..f5c50b6c 100644 --- a/src/core/functionality.c +++ b/src/core/functionality.c @@ -398,6 +398,49 @@ void n20_func_key_usage_open_dice_to_x509(n20_open_dice_cert_info_t const* cert_ } } +static n20_error_t n20_x509_raw_signature_size(n20_crypto_key_type_t key_type, + size_t* signature_size) { + switch (key_type) { + case n20_crypto_key_type_ed25519_e: + case n20_crypto_key_type_secp256r1_e: + *signature_size = 64; + return n20_error_ok_e; + case n20_crypto_key_type_secp384r1_e: + *signature_size = 96; + return n20_error_ok_e; + default: + return n20_error_crypto_unknown_algorithm_e; + } +} + +static n20_error_t n20_x509_worst_case_size(n20_x509_tbs_t* tbs, + n20_crypto_key_type_t issuer_key_type, + size_t* certificate_size) { + uint8_t signature[96]; + size_t signature_size; + n20_error_t err = n20_x509_raw_signature_size(issuer_key_type, &signature_size); + if (err != n20_error_ok_e) { + return err; + } + memset(signature, 0xff, signature_size); + + n20_x509_t cert = { + .tbs = tbs, + .signature_algorithm = tbs->signature_algorithm, + .signature_bits = signature_size * 8, + .signature = signature, + }; + + n20_stream_t stream; + n20_stream_init(&stream, NULL, 0); + n20_x509_cert(&stream, &cert); + if (n20_stream_has_write_position_overflow(&stream)) { + return n20_error_write_position_overflow_e; + } + *certificate_size = n20_stream_byte_count(&stream); + return n20_error_insufficient_buffer_size_e; +} + n20_error_t n20_issue_x509_cert(n20_open_dice_cert_info_t const* cert_info, n20_signer_t* signer, n20_crypto_key_type_t issuer_key_type, @@ -498,53 +541,32 @@ n20_error_t n20_issue_x509_cert(n20_open_dice_cert_info_t const* cert_info, tbs.subject_name.elements[0] = (n20_x509_rdn_t){&OID_SERIAL_NUMBER, .bytes = cert_info->subject}; - bool compute_size_mode = (certificate == NULL || *certificate_size == 0); + if (certificate == NULL || *certificate_size == 0) { + return n20_x509_worst_case_size(&tbs, issuer_key_type, certificate_size); + } n20_stream_t stream; - if (!compute_size_mode) { - // Create a new stream for the attestation certificate - n20_stream_init(&stream, certificate, *certificate_size); - n20_x509_cert_tbs(&stream, &tbs); - if (n20_stream_has_buffer_overflow(&stream)) { - if (n20_stream_has_write_position_overflow(&stream)) { - return n20_error_write_position_overflow_e; - } - compute_size_mode = true; + n20_stream_init(&stream, certificate, *certificate_size); + n20_x509_cert_tbs(&stream, &tbs); + if (n20_stream_has_buffer_overflow(&stream)) { + if (n20_stream_has_write_position_overflow(&stream)) { + return n20_error_write_position_overflow_e; } + return n20_x509_worst_case_size(&tbs, issuer_key_type, certificate_size); } uint8_t signature[96] = {0}; size_t signature_size = sizeof(signature); - if (!compute_size_mode) { - // Sign the to-be-signed part of the certificate. - err = signer->cb(signer, - (n20_slice_t){.size = n20_stream_byte_count(&stream), - .buffer = n20_stream_data(&stream)}, - signature, - &signature_size); - if (err != n20_error_ok_e) { - return err; - } - } else { - /* If we are in compute size mode, we can skip signing and just - * use the maximum signature size for the given key type. */ - switch (issuer_key_type) { - case n20_crypto_key_type_ed25519_e: - case n20_crypto_key_type_secp256r1_e: - signature_size = 64; - break; - case n20_crypto_key_type_secp384r1_e: - signature_size = 96; - break; - default: - return n20_error_crypto_unknown_algorithm_e; // Unsupported algorithm - } - // Fill the signature with dummy data to ensure that the stream calculates the m - memset(signature, 0xff, signature_size); + err = signer->cb( + signer, + (n20_slice_t){.size = n20_stream_byte_count(&stream), .buffer = n20_stream_data(&stream)}, + signature, + &signature_size); + if (err != n20_error_ok_e) { + return err; } - /* Reinitialize the stream. */ n20_stream_init(&stream, certificate, *certificate_size); n20_x509_t cert = { .tbs = &tbs, @@ -557,12 +579,9 @@ n20_error_t n20_issue_x509_cert(n20_open_dice_cert_info_t const* cert_info, *certificate_size = n20_stream_byte_count(&stream); if (n20_stream_has_buffer_overflow(&stream)) { if (n20_stream_has_write_position_overflow(&stream)) { - /* This is not reachable because any malformed input - * would have been caught when generating the tbs part - * of the certificate. */ return n20_error_write_position_overflow_e; } - return n20_error_insufficient_buffer_size_e; + return n20_x509_worst_case_size(&tbs, issuer_key_type, certificate_size); } return n20_error_ok_e; diff --git a/src/core/test/functionality.cpp b/src/core/test/functionality.cpp index 1cdd7e6b..e99b2c87 100644 --- a/src/core/test/functionality.cpp +++ b/src/core/test/functionality.cpp @@ -532,7 +532,9 @@ TEST_F(FunctionalityX509Test, IssueX509CertificateWriteBufferOverflowAfterSignin n20_error_insufficient_buffer_size_e, n20_issue_x509_cert( &cert_info, &signer, n20_crypto_key_type_ed25519_e, certificate, &certificate_size)); - ASSERT_EQ(certificate_size, 264); + /* The reported size is the worst-case for Ed25519 (64-byte fixed signature), + * not the size based on the mock signer's (incorrect) 96-byte signature. */ + ASSERT_EQ(certificate_size, 231); } class CertificateSizeEstimationTest From bf7e6635d5bbdb1cd6cc41171fd869f8bf242c67 Mon Sep 17 00:00:00 2001 From: Janis Danisevskis Date: Fri, 8 May 2026 19:16:07 -0700 Subject: [PATCH 30/49] add test for underestimate after signing --- src/core/test/functionality.cpp | 59 +++++++++++++++++++++++++++++++++ 1 file changed, 59 insertions(+) diff --git a/src/core/test/functionality.cpp b/src/core/test/functionality.cpp index e99b2c87..5d0284e0 100644 --- a/src/core/test/functionality.cpp +++ b/src/core/test/functionality.cpp @@ -537,6 +537,65 @@ TEST_F(FunctionalityX509Test, IssueX509CertificateWriteBufferOverflowAfterSignin ASSERT_EQ(certificate_size, 231); } +TEST_F(FunctionalityX509Test, PostSignOverflowWithShortEcdsaSignatureReportsWorstCase) { + n20_open_dice_cert_info_t cert_info = {}; + cert_info.cert_type = n20_cert_type_cdi_e; + cert_info.subject_public_key.algorithm = n20_crypto_key_type_secp256r1_e; + + static uint8_t large_certificate[2048] = {}; + static size_t captured_tbs_size = 0; + + static n20_signer_t signer = { + .crypto_ctx = nullptr, + .signing_key = nullptr, + .cb = nullptr, + }; + + /* The signer captures the TBS size and returns a signature with leading + * zeros in both coordinates, producing the shortest DER encoding. */ + signer.cb = [](void* /*ctx*/, + n20_slice_t tbs, + uint8_t* signature, + size_t* signature_size) -> n20_error_t { + captured_tbs_size = tbs.size; + memset(signature, 0x00, 64); + *signature_size = 64; + return n20_error_ok_e; + }; + + /* First call with a large buffer to learn the TBS size. */ + size_t full_size = sizeof(large_certificate); + ASSERT_EQ( + n20_error_ok_e, + n20_issue_x509_cert( + &cert_info, &signer, n20_crypto_key_type_secp256r1_e, large_certificate, &full_size)); + ASSERT_GT(captured_tbs_size, 0u); + + /* Get the worst-case size for comparison. */ + size_t worst_case_size = 0; + ASSERT_EQ(n20_error_insufficient_buffer_size_e, + n20_issue_x509_cert( + &cert_info, &signer, n20_crypto_key_type_secp256r1_e, nullptr, &worst_case_size)); + + /* Use a buffer of exactly TBS size. This is large enough for the + * TBS encoding to succeed (triggering signing) but too small for + * the full certificate. */ + size_t certificate_size = captured_tbs_size; + + size_t reported_size = certificate_size; + ASSERT_EQ(n20_error_insufficient_buffer_size_e, + n20_issue_x509_cert(&cert_info, + &signer, + n20_crypto_key_type_secp256r1_e, + large_certificate, + &reported_size)); + + /* The reported size must be the worst-case — not the size based on + * the actual short signature. This guarantees a retry will succeed + * even if the signature coordinates change on non-deterministic ECDSA. */ + EXPECT_EQ(reported_size, worst_case_size); +} + class CertificateSizeEstimationTest : public BsslTestFixtureBase, public ::testing::WithParamInterface< From f89cb705cbb419554025987f1cc446e2319a164f Mon Sep 17 00:00:00 2001 From: Janis Danisevskis Date: Tue, 28 Apr 2026 13:40:25 -0700 Subject: [PATCH 31/49] Add nat20sw kernel module to linux examples. The nat20sw module is an implementation of a nat20device character device class. It uses the functionality implemented in nat20lib and nat20crypto to implement a fully fledged DICE service with embedded CA (ECA). The root secret is hard coded and thus not useful for production applications. But it serves as inspirational reference implementation and as a suitable environment to develop user space tools against. --- .github/workflows/linux-kmod-build.yml | 17 + examples/linux/br_external/Config.in | 1 + .../br_external/configs/qemu_br_defconfig | 1 + .../br_external/package/nat20sw/Config.in | 44 ++ .../br_external/package/nat20sw/nat20sw.mk | 52 +++ examples/linux/br_external/utils/envsetup.sh | 4 +- examples/linux/nat20lib/mod.c | 3 + examples/linux/nat20sw/Kbuild | 44 ++ examples/linux/nat20sw/Makefile | 54 +++ examples/linux/nat20sw/nat20sw.c | 395 ++++++++++++++++++ 10 files changed, 614 insertions(+), 1 deletion(-) create mode 100644 examples/linux/br_external/package/nat20sw/Config.in create mode 100644 examples/linux/br_external/package/nat20sw/nat20sw.mk create mode 100644 examples/linux/nat20sw/Kbuild create mode 100644 examples/linux/nat20sw/Makefile create mode 100644 examples/linux/nat20sw/nat20sw.c diff --git a/.github/workflows/linux-kmod-build.yml b/.github/workflows/linux-kmod-build.yml index efa5b852..dda417fe 100644 --- a/.github/workflows/linux-kmod-build.yml +++ b/.github/workflows/linux-kmod-build.yml @@ -121,3 +121,20 @@ jobs: find ${{ runner.temp }}/buildroot.build -name 'nat20crypto.ko' | grep -q nat20crypto.ko echo "nat20crypto.ko built successfully:" find ${{ runner.temp }}/buildroot.build -name 'nat20crypto.ko' -exec ls -la {} \; + + - name: Build nat20sw kernel module + env: + NAT20DEVICE_OVERRIDE_SRCDIR: ${{ github.workspace }} + NAT20LIB_OVERRIDE_SRCDIR: ${{ github.workspace }} + NAT20CRYPTO_OVERRIDE_SRCDIR: ${{ github.workspace }} + NAT20SW_OVERRIDE_SRCDIR: ${{ github.workspace }} + run: | + cd ${{ runner.temp }}/buildroot.build/buildroot + make nat20sw-dirclean + make nat20sw -j $(( $(nproc) + 1 )) + + - name: Verify nat20sw.ko was produced + run: | + find ${{ runner.temp }}/buildroot.build -name 'nat20sw.ko' | grep -q nat20sw.ko + echo "nat20sw.ko built successfully:" + find ${{ runner.temp }}/buildroot.build -name 'nat20sw.ko' -exec ls -la {} \; diff --git a/examples/linux/br_external/Config.in b/examples/linux/br_external/Config.in index 63f749bc..81e3ea5e 100644 --- a/examples/linux/br_external/Config.in +++ b/examples/linux/br_external/Config.in @@ -35,4 +35,5 @@ source "$BR2_EXTERNAL_NAT20_PATH/package/nat20crypto/Config.in" source "$BR2_EXTERNAL_NAT20_PATH/package/nat20device/Config.in" +source "$BR2_EXTERNAL_NAT20_PATH/package/nat20sw/Config.in" source "$BR2_EXTERNAL_NAT20_PATH/package/nat20lib/Config.in" diff --git a/examples/linux/br_external/configs/qemu_br_defconfig b/examples/linux/br_external/configs/qemu_br_defconfig index 3f62d470..567ba962 100644 --- a/examples/linux/br_external/configs/qemu_br_defconfig +++ b/examples/linux/br_external/configs/qemu_br_defconfig @@ -3978,4 +3978,5 @@ BR2_TARGET_UBOOT_CUSTOM_PATCH_DIR="" # BR2_PACKAGE_NAT20CRYPTO=y BR2_PACKAGE_NAT20DEVICE=y +BR2_PACKAGE_NAT20SW=y BR2_PACKAGE_NAT20LIB=y diff --git a/examples/linux/br_external/package/nat20sw/Config.in b/examples/linux/br_external/package/nat20sw/Config.in new file mode 100644 index 00000000..5b4b9c32 --- /dev/null +++ b/examples/linux/br_external/package/nat20sw/Config.in @@ -0,0 +1,44 @@ +# Copyright 2026 Aurora Operations, Inc. +# +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0 +# +# This work is dual licensed. +# You may use it under Apache-2.0 or GPL-2.0 at your option. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# OR +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see +# . + +config BR2_PACKAGE_NAT20SW + bool "nat20sw" + depends on BR2_PACKAGE_NAT20LIB + depends on BR2_PACKAGE_NAT20CRYPTO + depends on BR2_PACKAGE_NAT20DEVICE + help + Add the software implementation of a nat20 service + as a module. This is a driver for the nat20-device + class. diff --git a/examples/linux/br_external/package/nat20sw/nat20sw.mk b/examples/linux/br_external/package/nat20sw/nat20sw.mk new file mode 100644 index 00000000..40d68eb7 --- /dev/null +++ b/examples/linux/br_external/package/nat20sw/nat20sw.mk @@ -0,0 +1,52 @@ +# Copyright 2026 Aurora Operations, Inc. +# +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0 +# +# This work is dual licensed. +# You may use it under Apache-2.0 or GPL-2.0 at your option. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# OR +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see +# . + +NAT20SW_VERSION = origin/main +NAT20SW_SITE = https://github.com/aurora-opensource/libnat20.git +NAT20SW_SITE_METHOD = git +NAT20SW_LICENSE = Apache-2.0 OR GPL-2.0 +NAT20SW_LICENSE_FILES = LICENSE-Apache-2.0.txt LICENSE-GPL-2.0.txt + +NAT20SW_DEPENDENCIES += nat20lib +NAT20SW_DEPENDENCIES += nat20device +NAT20SW_DEPENDENCIES += nat20crypto +NAT20SW_MODULE_MAKE_OPTS += NAT20SW_NAT20LIB_DIR=$(NAT20LIB_DIR)/examples/linux/nat20lib +NAT20SW_MODULE_MAKE_OPTS += NAT20SW_NAT20DEVICE_DIR=$(NAT20DEVICE_DIR)/examples/linux/nat20device +NAT20SW_MODULE_MAKE_OPTS += NAT20SW_NAT20CRYPTO_DIR=$(NAT20CRYPTO_DIR)/examples/linux/nat20crypto + +NAT20SW_MODULE_SUBDIRS = examples/linux/nat20sw + +$(eval $(kernel-module)) +$(eval $(generic-package)) diff --git a/examples/linux/br_external/utils/envsetup.sh b/examples/linux/br_external/utils/envsetup.sh index 377e8c2e..d6b1b646 100644 --- a/examples/linux/br_external/utils/envsetup.sh +++ b/examples/linux/br_external/utils/envsetup.sh @@ -47,6 +47,7 @@ fi source .env export NAT20CRYPTO_OVERRIDE_SRCDIR="$LIBNAT20_ROOT" +export NAT20SW_OVERRIDE_SRCDIR="$LIBNAT20_ROOT" export NAT20DEVICE_OVERRIDE_SRCDIR="$LIBNAT20_ROOT" export NAT20LIB_OVERRIDE_SRCDIR="$LIBNAT20_ROOT" @@ -72,6 +73,7 @@ function brrebuild() { echo " linux - Rebuild the linux kernel" echo " nat20crypto - Rebuild the nat20crypto module" echo " nat20device - Rebuild the nat20device module" + echo " nat20sw - Rebuild the nat20sw module" echo " nat20lib - Rebuild the nat20lib library" popd return 1 @@ -79,7 +81,7 @@ function brrebuild() { case "$1" in all) - ensure_popd make linux-rebuild nat20crypto-rebuild nat20device-rebuild nat20lib-rebuild all + ensure_popd make linux-rebuild nat20crypto-rebuild nat20device-rebuild nat20sw-rebuild nat20lib-rebuild all ;; *) ensure_popd make $1-rebuild all diff --git a/examples/linux/nat20lib/mod.c b/examples/linux/nat20lib/mod.c index 417553e0..7f821436 100644 --- a/examples/linux/nat20lib/mod.c +++ b/examples/linux/nat20lib/mod.c @@ -60,6 +60,7 @@ EXPORT_SYMBOL(n20_cbor_write_byte_string); EXPORT_SYMBOL(n20_cbor_write_int); EXPORT_SYMBOL(n20_cbor_write_map_header); EXPORT_SYMBOL(n20_cbor_write_null); +EXPORT_SYMBOL(n20_cbor_write_tag); EXPORT_SYMBOL(n20_cbor_write_text_string); EXPORT_SYMBOL(n20_cbor_write_header); EXPORT_SYMBOL(n20_compress_input); @@ -83,9 +84,11 @@ EXPORT_SYMBOL(n20_open_dice_cwt_write); EXPORT_SYMBOL(n20_rfc6979_k_generation); EXPORT_SYMBOL(n20_service_message_dispatch); EXPORT_SYMBOL(n20_stream_byte_count); +EXPORT_SYMBOL(n20_stream_has_buffer_overflow); EXPORT_SYMBOL(n20_stream_has_write_position_overflow); EXPORT_SYMBOL(n20_stream_init); EXPORT_SYMBOL(n20_stream_prepend); +EXPORT_SYMBOL(n20_stream_put); EXPORT_SYMBOL(n20_stream_skip); module_init(nat20lib_init); diff --git a/examples/linux/nat20sw/Kbuild b/examples/linux/nat20sw/Kbuild new file mode 100644 index 00000000..e4fa6bee --- /dev/null +++ b/examples/linux/nat20sw/Kbuild @@ -0,0 +1,44 @@ +# Copyright 2026 Aurora Operations, Inc. +# +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0 +# +# This work is dual licensed. +# You may use it under Apache-2.0 or GPL-2.0 at your option. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# OR +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see +# . + +KBUILD_EXTRA_SYMBOLS := $(NAT20SW_NAT20LIB_DIR)/Module.symvers +KBUILD_EXTRA_SYMBOLS += $(NAT20SW_NAT20DEVICE_DIR)/Module.symvers +KBUILD_EXTRA_SYMBOLS += $(NAT20SW_NAT20CRYPTO_DIR)/Module.symvers + +obj-m := nat20sw.o + +ccflags-y := -I $(NAT20SW_NAT20LIB_DIR)/include +ccflags-y += -I $(NAT20SW_NAT20DEVICE_DIR)/include +ccflags-y += -I $(NAT20SW_NAT20CRYPTO_DIR)/include diff --git a/examples/linux/nat20sw/Makefile b/examples/linux/nat20sw/Makefile new file mode 100644 index 00000000..201f61bf --- /dev/null +++ b/examples/linux/nat20sw/Makefile @@ -0,0 +1,54 @@ +# Copyright 2026 Aurora Operations, Inc. +# +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0 +# +# This work is dual licensed. +# You may use it under Apache-2.0 or GPL-2.0 at your option. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# OR +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see +# . + +KDIR ?= /lib/modules/`uname -r`/build +INSTALL_MOD_PATH ?= /lib/modules/`uname -r`/extra + +NAT20SW_NAT20LIB_DIR ?= $(PWD)/../nat20lib +NAT20SW_NAT20DEVICE_DIR ?= $(PWD)/../nat20device +NAT20SW_NAT20CRYPTO_DIR ?= $(PWD)/../nat20crypto + +all: modules + +modules: + $(MAKE) -C $(KDIR) NAT20SW_NAT20LIB_DIR=$(NAT20SW_NAT20LIB_DIR) NAT20SW_NAT20DEVICE_DIR=$(NAT20SW_NAT20DEVICE_DIR) NAT20SW_NAT20CRYPTO_DIR=$(NAT20SW_NAT20CRYPTO_DIR) M=$$PWD + +modules_install: + $(MAKE) -C $(KDIR) INSTALL_MOD_PATH=$(INSTALL_MOD_PATH) M=$$PWD modules_install + +clean: + $(MAKE) -C $(KDIR) M=$$PWD clean + +.PHONY: all modules modules_install clean diff --git a/examples/linux/nat20sw/nat20sw.c b/examples/linux/nat20sw/nat20sw.c new file mode 100644 index 00000000..452c186f --- /dev/null +++ b/examples/linux/nat20sw/nat20sw.c @@ -0,0 +1,395 @@ +/* + * Copyright 2026 Aurora Operations, Inc. + * + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0 + * + * This work is dual licensed. + * You may use it under Apache-2.0 or GPL-2.0 at your option. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * OR + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see + * . + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +struct nat20sw_node_state { + n20_gnostic_node_state_t gnostic_node_state; + struct mutex dispatch_lock; + u8* cached_dice_chain; + size_t cached_dice_chain_size; +}; + +static void nat20sw_cleanup_gnostic_node(struct nat20sw_node_state* node_state) { + if (node_state == NULL) { + return; + } + + mutex_destroy(&node_state->dispatch_lock); + + if (node_state->gnostic_node_state.min_cdi != NULL) { + if (node_state->gnostic_node_state.crypto_context != NULL) { + node_state->gnostic_node_state.crypto_context->key_free( + node_state->gnostic_node_state.crypto_context, + node_state->gnostic_node_state.min_cdi); + } else { + printk( + KERN_WARNING + "Gnostic node state has min_cdi but no crypto context potential resource leak.\n"); + } + node_state->gnostic_node_state.min_cdi = NULL; + } + + if (node_state->gnostic_node_state.crypto_context != NULL) { + nat20crypto_close(node_state->gnostic_node_state.crypto_context); + node_state->gnostic_node_state.crypto_context = NULL; + } + + if (node_state->cached_dice_chain != NULL) { + kfree(node_state->cached_dice_chain); + node_state->cached_dice_chain = NULL; + node_state->cached_dice_chain_size = 0; + } + + kfree(node_state); +} + +static void nat20sw_render_dice_chain(n20_stream_t* stream, n20_slice_t certificate) { + n20_stream_put(stream, 0xff); // Terminator for CBOR indefinite length array + n20_cbor_write_byte_string(stream, certificate); + n20_cbor_write_tag( + stream, + 80150); // CBOR tag #6.80150 for byte string containing DER encoded X.509 certificate + n20_stream_put(stream, 0x9f); // Start of CBOR indefinite length array +} + +static struct nat20sw_node_state* nat20sw_make_gnostic_node_with_linux_crypto(void) { + int err; + struct nat20sw_node_state* node_state = kzalloc(sizeof(struct nat20sw_node_state), GFP_KERNEL); + if (node_state == NULL) { + return ERR_PTR(-ENOMEM); + } + + mutex_init(&node_state->dispatch_lock); + + /* Linux crypto context initialization. */ + n20_error_t rc = nat20crypto_open(&node_state->gnostic_node_state.crypto_context); + if (rc != n20_error_ok_e || node_state->gnostic_node_state.crypto_context == NULL) { + err = -ENOMEM; + goto err_out; + } + + n20_slice_t info = {.size = 18, .buffer = (uint8_t*)"example_info_value"}; + + n20_slice_t salt = {.size = 18, .buffer = (uint8_t*)"example_salt_value"}; + + n20_slice_t ikm = {.size = 22, .buffer = (uint8_t*)"example_uds_passphrase"}; + + uint8_t uds[32] = {0}; // Example UDS passphrase buffer. + + rc = node_state->gnostic_node_state.crypto_context->digest_ctx.hkdf( + &node_state->gnostic_node_state.crypto_context->digest_ctx, + n20_crypto_digest_algorithm_sha2_256_e, + ikm, + salt, + info, + 32, + uds); + if (rc != n20_error_ok_e) { + err = -EINVAL; + goto err_out; + } + + n20_slice_t uds_slice = {.size = sizeof(uds), .buffer = uds}; + + node_state->gnostic_node_state.min_cdi = NULL; + + rc = nat20crypto_make_secret(node_state->gnostic_node_state.crypto_context, + &uds_slice, + &node_state->gnostic_node_state.min_cdi); + if (rc != n20_error_ok_e) { + err = -EINVAL; + goto err_out; + } + + n20_open_dice_cert_info_t cert_info = {0}; + cert_info.cert_type = n20_cert_type_self_signed_e; + size_t certificate_size = 0; + /* Issue certificate to determine required buffer size. */ + rc = n20_issue_certificate(node_state->gnostic_node_state.crypto_context, + node_state->gnostic_node_state.min_cdi, + n20_crypto_key_type_secp256r1_e, + n20_crypto_key_type_secp256r1_e, + &cert_info, + n20_certificate_format_x509_e, + NULL, + &certificate_size); + + if (rc != n20_error_insufficient_buffer_size_e) { + err = -EFAULT; + goto err_out; + } + + /* Allocate buffer for certificate. */ + uint8_t* certificate_buffer = kzalloc(certificate_size, GFP_KERNEL); + if (certificate_buffer == NULL) { + err = -ENOMEM; + goto err_out; + } + + size_t actual_certificate_size = certificate_size; + /* Issue certificate with allocated buffer. */ + rc = n20_issue_certificate(node_state->gnostic_node_state.crypto_context, + node_state->gnostic_node_state.min_cdi, + n20_crypto_key_type_secp256r1_e, + n20_crypto_key_type_secp256r1_e, + &cert_info, + n20_certificate_format_x509_e, + certificate_buffer, + &certificate_size); + if (rc != n20_error_ok_e) { + kfree(certificate_buffer); + err = -EFAULT; + goto err_out; + } + if (certificate_size != actual_certificate_size) { + printk(KERN_ERR + "Certificate issuance returned success but actual certificate size %zu does not " + "match previously computed expected size %zu.\n", + certificate_size, + actual_certificate_size); + kfree(certificate_buffer); + err = -EFAULT; + goto err_out; + } + + n20_stream_t stream; + n20_stream_init(&stream, NULL, 0); + /* Render dice chain with NULL buffer to measure size. */ + nat20sw_render_dice_chain( + &stream, (n20_slice_t){.size = certificate_size, .buffer = certificate_buffer}); + if (n20_stream_has_write_position_overflow(&stream)) { + kfree(certificate_buffer); + err = -EFAULT; + goto err_out; + } + + /* Allocate buffer for cached dice chain. */ + node_state->cached_dice_chain = kzalloc(n20_stream_byte_count(&stream), GFP_KERNEL); + if (node_state->cached_dice_chain == NULL) { + kfree(certificate_buffer); + err = -ENOMEM; + goto err_out; + } + node_state->cached_dice_chain_size = n20_stream_byte_count(&stream); + + /* Render dice chain with actual buffer. */ + n20_stream_init(&stream, node_state->cached_dice_chain, node_state->cached_dice_chain_size); + nat20sw_render_dice_chain( + &stream, (n20_slice_t){.size = certificate_size, .buffer = certificate_buffer}); + + /* Free temporary buffer unconditionally. */ + kfree(certificate_buffer); + + if (n20_stream_has_buffer_overflow(&stream)) { + err = -EFAULT; + goto err_out; + } + + return node_state; + +err_out: + nat20sw_cleanup_gnostic_node(node_state); + return ERR_PTR(err); +} + +static ssize_t nat20sw_dice_chain_read(void* ctx, char __user* buf, size_t len, loff_t* f_pos) { + struct nat20sw_node_state* node_state = (struct nat20sw_node_state*)ctx; + if (node_state == NULL) { + return -EINVAL; + } + + if (*f_pos < 0) { + return -EINVAL; + } + + if (*f_pos >= node_state->cached_dice_chain_size) { + return 0; + } + + size_t bytes_to_read = min(len, node_state->cached_dice_chain_size - (size_t)(*f_pos)); + if (copy_to_user(buf, node_state->cached_dice_chain + (size_t)(*f_pos), bytes_to_read)) { + return -EFAULT; + } + + *f_pos += bytes_to_read; + return bytes_to_read; +} + +static struct nat20device_driver* nat20sw_registered_driver = NULL; +static struct nat20sw_node_state* nat20sw_node_state = NULL; + +static int nat20sw_service_message_dispatch(void* ctx, + void const* request_buffer, + size_t request_size, + struct nat20device_buffer* response) { + struct nat20sw_node_state* node_state = (struct nat20sw_node_state*)ctx; + if (node_state == NULL || response == NULL) { + return -EINVAL; + } + + if (response->data != NULL || response->size != 0) { + return -EINVAL; + } + + n20_service_message_dispatch_ctx_t dispatch_ctx = { + .ops = &n20_gnostic_service_ops, + .ctx = (void*)&node_state->gnostic_node_state, + }; + + /* Use a heuristic to estimate the initial response buffer size. */ + /* Heuristic: request size + overhead for CBOR encoding and response metadata */ + response->size = request_size + 384; + response->data = kzalloc(response->size, GFP_KERNEL); + if (response->data == NULL) { + return -ENOMEM; + } + + size_t actual_response_size = response->size; + + mutex_lock(&node_state->dispatch_lock); + n20_error_t rc = + n20_service_message_dispatch(&dispatch_ctx, + response->data, + &actual_response_size, + (n20_slice_t){.size = request_size, .buffer = request_buffer}); + mutex_unlock(&node_state->dispatch_lock); + + if (rc == n20_error_insufficient_buffer_size_e) { + /* Slow path: The heuristic yielded an insufficient buffer size. */ + printk(KERN_INFO + "Service message dispatch returned insufficient buffer size. Heuristic buffer size " + "%zu, actual response size %zu. Retrying with actual response size.\n", + response->size, + actual_response_size); + kfree(response->data); + response->size = 0; + response->data = kzalloc(actual_response_size, GFP_KERNEL); + if (response->data == NULL) { + return -ENOMEM; + } + response->size = actual_response_size; + mutex_lock(&node_state->dispatch_lock); + rc = n20_service_message_dispatch( + &dispatch_ctx, + response->data, + &actual_response_size, + (n20_slice_t){.size = request_size, .buffer = request_buffer}); + mutex_unlock(&node_state->dispatch_lock); + if (rc == n20_error_ok_e && actual_response_size > response->size) { + /* The actual response exceeds the estimated buffer size. + * This indicates a bug in the size estimation. */ + printk(KERN_ERR + "Service message dispatch returned success but actual response size %zu " + "exceeds estimated buffer size %zu.\n", + actual_response_size, + response->size); + kfree(response->data); + response->data = NULL; + response->size = 0; + return -EFAULT; + } + } + + if (rc != n20_error_ok_e) { + kfree(response->data); + response->data = NULL; + response->size = 0; + return -EFAULT; + } + + memmove(response->data, + response->data + (response->size - actual_response_size), + actual_response_size); + response->size = actual_response_size; + + return 0; +} + +static struct nat20device_driver_ops const nat20sw_driver_ops = { + .dispatch = nat20sw_service_message_dispatch, + .dice_chain_read = nat20sw_dice_chain_read, +}; + +static int __init nat20sw_init(void) { + printk(KERN_INFO "nat20sw - init\n"); + + nat20sw_node_state = nat20sw_make_gnostic_node_with_linux_crypto(); + if (IS_ERR(nat20sw_node_state)) { + return PTR_ERR(nat20sw_node_state); + } + + nat20sw_registered_driver = + nat20device_register_driver(&nat20sw_driver_ops, nat20sw_node_state, THIS_MODULE); + if (IS_ERR(nat20sw_registered_driver)) { + nat20sw_cleanup_gnostic_node(nat20sw_node_state); + nat20sw_node_state = NULL; + return PTR_ERR(nat20sw_registered_driver); + } + return 0; +} + +static void __exit nat20sw_exit(void) { + printk(KERN_INFO "nat20sw - cleanup\n"); + + if (nat20sw_node_state != NULL) { + nat20device_unregister_driver(nat20sw_registered_driver); + nat20sw_registered_driver = NULL; + + nat20sw_cleanup_gnostic_node(nat20sw_node_state); + nat20sw_node_state = NULL; + } +} + +module_init(nat20sw_init); +module_exit(nat20sw_exit); + +MODULE_LICENSE("GPL v2"); +MODULE_AUTHOR("Aurora Operations, Inc."); +MODULE_DESCRIPTION("NAT20 DICE Software Module"); From f5285c682b5487d750e99c9c3004f46987335fa5 Mon Sep 17 00:00:00 2001 From: Janis Danisevskis Date: Mon, 11 May 2026 11:27:12 -0700 Subject: [PATCH 32/49] address comments --- .../linux/nat20crypto/include/nat20crypto.h | 48 +++++++++++++++++ examples/linux/nat20crypto/nat20crypto.c | 52 ++++++++++--------- 2 files changed, 75 insertions(+), 25 deletions(-) diff --git a/examples/linux/nat20crypto/include/nat20crypto.h b/examples/linux/nat20crypto/include/nat20crypto.h index 26c70e3d..50a2ed11 100644 --- a/examples/linux/nat20crypto/include/nat20crypto.h +++ b/examples/linux/nat20crypto/include/nat20crypto.h @@ -41,8 +41,56 @@ #include #include +/** + * nat20crypto_open - Obtain a Linux kernel crypto context + * @ctx: Output pointer to receive the crypto context + * + * Returns an n20_crypto_context_t that implements the libnat20 crypto + * interface using Linux kernel crypto primitives. The context supports + * ECDSA signing (P-256, P-384), SHA-2 hashing, HMAC, HKDF, and key + * derivation via RFC 6979. Ed25519 is not currently supported. + * + * Each call to nat20crypto_open() must be paired with a corresponding + * call to nat20crypto_close(). Key handles created through a context + * instance must only be used with that same instance and must be freed + * before closing it. + * + * The returned context is safe for concurrent use from multiple threads. + * + * Return: n20_error_ok_e on success, n20_error_crypto_unexpected_null_e + * if @ctx is NULL. + */ n20_error_t nat20crypto_open(n20_crypto_context_t** ctx); + +/** + * nat20crypto_close - Release a Linux kernel crypto context + * @ctx: The crypto context obtained from nat20crypto_open() + * + * Releases any resources associated with the context. All key handles + * created through this context must be freed before calling this + * function. + * + * Return: n20_error_ok_e on success, n20_error_crypto_unexpected_null_e + * if @ctx is NULL. + */ n20_error_t nat20crypto_close(n20_crypto_context_t* ctx); + +/** + * nat20crypto_make_secret - Wrap raw key material as a CDI key handle + * @ctx: The crypto context obtained from nat20crypto_open() + * @secret_in: Slice containing the raw secret (up to 32 bytes are used) + * @key_out: Output pointer to receive the new key handle + * + * Creates an opaque key handle of type n20_crypto_key_type_cdi_e from + * the provided raw secret material. The key handle can be used with + * the context's kdf function to derive signing keys. + * + * The caller is responsible for freeing the returned key handle via + * ctx->key_free() when it is no longer needed. + * + * Return: n20_error_ok_e on success, or an appropriate error code if + * any argument is NULL or allocation fails. + */ n20_error_t nat20crypto_make_secret(struct n20_crypto_context_s* ctx, n20_slice_t const* secret_in, n20_crypto_key_t* key_out); diff --git a/examples/linux/nat20crypto/nat20crypto.c b/examples/linux/nat20crypto/nat20crypto.c index fcff5712..b919d17f 100644 --- a/examples/linux/nat20crypto/nat20crypto.c +++ b/examples/linux/nat20crypto/nat20crypto.c @@ -58,6 +58,9 @@ #include #endif +#define NAT20CRYPTO_MAX_DIGITS 6 /* Supports up to 384-bit keys (6 * 64 = 384) */ +#define NAT20CRYPTO_CDI_SIZE 32 /* Supports up to 256-bit CDI keys */ + static n20_error_t nat20crypto_digest(n20_crypto_digest_context_t* ctx, n20_crypto_digest_algorithm_t alg_in, n20_crypto_gather_list_t const* msg_in, @@ -105,61 +108,60 @@ static n20_error_t nat20crypto_digest(n20_crypto_digest_context_t* ctx, return n20_error_crypto_unexpected_null_data_e; } + n20_error_t result = n20_error_ok_e; + struct shash_desc* md_ctx = NULL; + struct crypto_shash* md_tfm = crypto_alloc_shash(digest_name, 0, 0); if (IS_ERR(md_tfm)) { printk(KERN_ERR "Failed to allocate hash context: %ld\n", PTR_ERR(md_tfm)); return n20_error_crypto_no_resources_e; } - struct shash_desc* md_ctx = - kmalloc(sizeof(struct shash_desc) + crypto_shash_descsize(md_tfm), GFP_KERNEL); + md_ctx = kmalloc(sizeof(struct shash_desc) + crypto_shash_descsize(md_tfm), GFP_KERNEL); if (md_ctx == NULL) { - crypto_free_shash(md_tfm); printk(KERN_ERR "Failed to allocate hash descriptor.\n"); - return n20_error_crypto_no_resources_e; + result = n20_error_crypto_no_resources_e; + goto out; } md_ctx->tfm = md_tfm; if (0 > crypto_shash_init(md_ctx)) { - kfree(md_ctx); - crypto_free_shash(md_tfm); - return n20_error_crypto_implementation_specific_e; + result = n20_error_crypto_implementation_specific_e; + goto out; } for (size_t list_index = 0; list_index < msg_count; ++list_index) { if (msg_in[list_index].count == 0) continue; if (msg_in[list_index].list == NULL) { - kfree(md_ctx); - crypto_free_shash(md_tfm); - return n20_error_crypto_unexpected_null_list_e; + result = n20_error_crypto_unexpected_null_list_e; + goto out; } for (size_t slice_index = 0; slice_index < msg_in[list_index].count; ++slice_index) { if (msg_in[list_index].list[slice_index].size == 0) continue; if (msg_in[list_index].list[slice_index].buffer == NULL) { - kfree(md_ctx); - crypto_free_shash(md_tfm); - return n20_error_crypto_unexpected_null_slice_e; + result = n20_error_crypto_unexpected_null_slice_e; + goto out; } if (0 > crypto_shash_update(md_ctx, msg_in[list_index].list[slice_index].buffer, msg_in[list_index].list[slice_index].size)) { - kfree(md_ctx); - crypto_free_shash(md_tfm); - return n20_error_crypto_implementation_specific_e; + result = n20_error_crypto_implementation_specific_e; + goto out; } } } if (0 > crypto_shash_final(md_ctx, digest_out)) { - kfree(md_ctx); - crypto_free_shash(md_tfm); - return n20_error_crypto_implementation_specific_e; + result = n20_error_crypto_implementation_specific_e; + goto out; } *digest_size_in_out = digest_size; + +out: kfree(md_ctx); crypto_free_shash(md_tfm); - return n20_error_ok_e; + return result; } struct nat20crypto_key { @@ -168,11 +170,11 @@ struct nat20crypto_key { /* This variant is used for ECC keys. */ struct { size_t ndigits; - uint64_t digits[6]; + uint64_t digits[NAT20CRYPTO_MAX_DIGITS]; }; /* This variant is used for CDIs. */ struct { - uint8_t bits[32]; + uint8_t bits[NAT20CRYPTO_CDI_SIZE]; }; }; }; @@ -257,7 +259,7 @@ static n20_error_t nat20crypto_kdf(struct n20_crypto_context_s* ctx, .size = context_size, .buffer = context_buffer, }, - 32, + sizeof(derived), derived); kfree(context_buffer); @@ -272,7 +274,7 @@ static n20_error_t nat20crypto_kdf(struct n20_crypto_context_s* ctx, rc = n20_error_crypto_no_resources_e; goto out; } - memcpy(new_cdi_key->bits, derived, 32); + memcpy(new_cdi_key->bits, derived, sizeof(derived)); *key_out = new_cdi_key; rc = n20_error_ok_e; goto out; @@ -280,7 +282,7 @@ static n20_error_t nat20crypto_kdf(struct n20_crypto_context_s* ctx, case n20_crypto_key_type_secp256r1_e: case n20_crypto_key_type_secp384r1_e: { n20_slice_t x_octets = { - .size = 32, + .size = sizeof(derived), .buffer = derived, }; nat20crypto_key_t* new_ecc_key = nat20crypto_key_alloc(key_type_in); From 8f306bbb8487fa662eb73ce4ea679f92e64b3985 Mon Sep 17 00:00:00 2001 From: Janis Danisevskis Date: Mon, 11 May 2026 12:59:47 -0700 Subject: [PATCH 33/49] Address comments. --- .../br_external/package/nat20sw/nat20sw.mk | 2 +- examples/linux/nat20sw/nat20sw.c | 42 ++++++++++--------- 2 files changed, 24 insertions(+), 20 deletions(-) diff --git a/examples/linux/br_external/package/nat20sw/nat20sw.mk b/examples/linux/br_external/package/nat20sw/nat20sw.mk index 40d68eb7..8d455655 100644 --- a/examples/linux/br_external/package/nat20sw/nat20sw.mk +++ b/examples/linux/br_external/package/nat20sw/nat20sw.mk @@ -45,7 +45,7 @@ NAT20SW_DEPENDENCIES += nat20crypto NAT20SW_MODULE_MAKE_OPTS += NAT20SW_NAT20LIB_DIR=$(NAT20LIB_DIR)/examples/linux/nat20lib NAT20SW_MODULE_MAKE_OPTS += NAT20SW_NAT20DEVICE_DIR=$(NAT20DEVICE_DIR)/examples/linux/nat20device NAT20SW_MODULE_MAKE_OPTS += NAT20SW_NAT20CRYPTO_DIR=$(NAT20CRYPTO_DIR)/examples/linux/nat20crypto - + NAT20SW_MODULE_SUBDIRS = examples/linux/nat20sw $(eval $(kernel-module)) diff --git a/examples/linux/nat20sw/nat20sw.c b/examples/linux/nat20sw/nat20sw.c index 452c186f..dcfa8946 100644 --- a/examples/linux/nat20sw/nat20sw.c +++ b/examples/linux/nat20sw/nat20sw.c @@ -49,6 +49,8 @@ #include #include +#define NAT20SW_UDS_SIZE 32 + struct nat20sw_node_state { n20_gnostic_node_state_t gnostic_node_state; struct mutex dispatch_lock; @@ -115,13 +117,13 @@ static struct nat20sw_node_state* nat20sw_make_gnostic_node_with_linux_crypto(vo goto err_out; } - n20_slice_t info = {.size = 18, .buffer = (uint8_t*)"example_info_value"}; + n20_slice_t info = {.size = 18, .buffer = (uint8_t const*)"example_info_value"}; - n20_slice_t salt = {.size = 18, .buffer = (uint8_t*)"example_salt_value"}; + n20_slice_t salt = {.size = 18, .buffer = (uint8_t const*)"example_salt_value"}; - n20_slice_t ikm = {.size = 22, .buffer = (uint8_t*)"example_uds_passphrase"}; + n20_slice_t ikm = {.size = 22, .buffer = (uint8_t const*)"example_uds_passphrase"}; - uint8_t uds[32] = {0}; // Example UDS passphrase buffer. + uint8_t uds[NAT20SW_UDS_SIZE] = {0}; // Example UDS passphrase buffer. rc = node_state->gnostic_node_state.crypto_context->digest_ctx.hkdf( &node_state->gnostic_node_state.crypto_context->digest_ctx, @@ -129,7 +131,7 @@ static struct nat20sw_node_state* nat20sw_make_gnostic_node_with_linux_crypto(vo ikm, salt, info, - 32, + sizeof(uds), uds); if (rc != n20_error_ok_e) { err = -EINVAL; @@ -143,6 +145,7 @@ static struct nat20sw_node_state* nat20sw_make_gnostic_node_with_linux_crypto(vo rc = nat20crypto_make_secret(node_state->gnostic_node_state.crypto_context, &uds_slice, &node_state->gnostic_node_state.min_cdi); + memzero_explicit(uds, sizeof(uds)); // Clear UDS passphrase from memory as soon as possible. if (rc != n20_error_ok_e) { err = -EINVAL; goto err_out; @@ -150,7 +153,7 @@ static struct nat20sw_node_state* nat20sw_make_gnostic_node_with_linux_crypto(vo n20_open_dice_cert_info_t cert_info = {0}; cert_info.cert_type = n20_cert_type_self_signed_e; - size_t certificate_size = 0; + size_t estimated_certificate_size = 0; /* Issue certificate to determine required buffer size. */ rc = n20_issue_certificate(node_state->gnostic_node_state.crypto_context, node_state->gnostic_node_state.min_cdi, @@ -159,7 +162,7 @@ static struct nat20sw_node_state* nat20sw_make_gnostic_node_with_linux_crypto(vo &cert_info, n20_certificate_format_x509_e, NULL, - &certificate_size); + &estimated_certificate_size); if (rc != n20_error_insufficient_buffer_size_e) { err = -EFAULT; @@ -167,13 +170,13 @@ static struct nat20sw_node_state* nat20sw_make_gnostic_node_with_linux_crypto(vo } /* Allocate buffer for certificate. */ - uint8_t* certificate_buffer = kzalloc(certificate_size, GFP_KERNEL); + uint8_t* certificate_buffer = kzalloc(estimated_certificate_size, GFP_KERNEL); if (certificate_buffer == NULL) { err = -ENOMEM; goto err_out; } - size_t actual_certificate_size = certificate_size; + size_t actual_certificate_size = estimated_certificate_size; /* Issue certificate with allocated buffer. */ rc = n20_issue_certificate(node_state->gnostic_node_state.crypto_context, node_state->gnostic_node_state.min_cdi, @@ -182,18 +185,19 @@ static struct nat20sw_node_state* nat20sw_make_gnostic_node_with_linux_crypto(vo &cert_info, n20_certificate_format_x509_e, certificate_buffer, - &certificate_size); - if (rc != n20_error_ok_e) { + &actual_certificate_size); + if (rc == n20_error_insufficient_buffer_size_e) { + printk(KERN_ERR + "Estimated certificate size was too small. This indicates that the worst-case " + "certificate size was underestimated. " + "Actual certificate size %zu, estimated certificate size %zu.\n", + actual_certificate_size, + estimated_certificate_size); kfree(certificate_buffer); err = -EFAULT; goto err_out; } - if (certificate_size != actual_certificate_size) { - printk(KERN_ERR - "Certificate issuance returned success but actual certificate size %zu does not " - "match previously computed expected size %zu.\n", - certificate_size, - actual_certificate_size); + if (rc != n20_error_ok_e) { kfree(certificate_buffer); err = -EFAULT; goto err_out; @@ -203,7 +207,7 @@ static struct nat20sw_node_state* nat20sw_make_gnostic_node_with_linux_crypto(vo n20_stream_init(&stream, NULL, 0); /* Render dice chain with NULL buffer to measure size. */ nat20sw_render_dice_chain( - &stream, (n20_slice_t){.size = certificate_size, .buffer = certificate_buffer}); + &stream, (n20_slice_t){.size = actual_certificate_size, .buffer = certificate_buffer}); if (n20_stream_has_write_position_overflow(&stream)) { kfree(certificate_buffer); err = -EFAULT; @@ -222,7 +226,7 @@ static struct nat20sw_node_state* nat20sw_make_gnostic_node_with_linux_crypto(vo /* Render dice chain with actual buffer. */ n20_stream_init(&stream, node_state->cached_dice_chain, node_state->cached_dice_chain_size); nat20sw_render_dice_chain( - &stream, (n20_slice_t){.size = certificate_size, .buffer = certificate_buffer}); + &stream, (n20_slice_t){.size = actual_certificate_size, .buffer = certificate_buffer}); /* Free temporary buffer unconditionally. */ kfree(certificate_buffer); From 080638fe290a3a2de7528c77231432421d7de563 Mon Sep 17 00:00:00 2001 From: Janis Danisevskis Date: Tue, 28 Apr 2026 13:53:14 -0700 Subject: [PATCH 34/49] Add libnat20 as buildroot package to the linux example. This adds libnat20 to the example buildroot environment. It is a dependency for developing nat20 userspace tools. --- .github/workflows/linux-kmod-build.yml | 14 ++++++ examples/linux/br_external/Config.in | 1 + .../br_external/configs/qemu_br_defconfig | 1 + .../br_external/package/libnat20/Config.in | 39 ++++++++++++++++ .../br_external/package/libnat20/libnat20.mk | 44 +++++++++++++++++++ examples/linux/br_external/utils/envsetup.sh | 3 +- 6 files changed, 101 insertions(+), 1 deletion(-) create mode 100644 examples/linux/br_external/package/libnat20/Config.in create mode 100644 examples/linux/br_external/package/libnat20/libnat20.mk diff --git a/.github/workflows/linux-kmod-build.yml b/.github/workflows/linux-kmod-build.yml index dda417fe..ca1008b4 100644 --- a/.github/workflows/linux-kmod-build.yml +++ b/.github/workflows/linux-kmod-build.yml @@ -138,3 +138,17 @@ jobs: find ${{ runner.temp }}/buildroot.build -name 'nat20sw.ko' | grep -q nat20sw.ko echo "nat20sw.ko built successfully:" find ${{ runner.temp }}/buildroot.build -name 'nat20sw.ko' -exec ls -la {} \; + + - name: Build libnat20 userspace library + env: + LIBNAT20_OVERRIDE_SRCDIR: ${{ github.workspace }} + run: | + cd ${{ runner.temp }}/buildroot.build/buildroot + make libnat20-dirclean + make libnat20 -j $(( $(nproc) + 1 )) + + - name: Verify libnat20 was produced + run: | + find ${{ runner.temp }}/buildroot.build -name 'libnat20.a' | grep -q libnat20.a + echo "libnat20.a built successfully:" + find ${{ runner.temp }}/buildroot.build -name 'libnat20.a' -exec ls -la {} \; diff --git a/examples/linux/br_external/Config.in b/examples/linux/br_external/Config.in index 81e3ea5e..5cba4eae 100644 --- a/examples/linux/br_external/Config.in +++ b/examples/linux/br_external/Config.in @@ -37,3 +37,4 @@ source "$BR2_EXTERNAL_NAT20_PATH/package/nat20crypto/Config.in" source "$BR2_EXTERNAL_NAT20_PATH/package/nat20device/Config.in" source "$BR2_EXTERNAL_NAT20_PATH/package/nat20sw/Config.in" source "$BR2_EXTERNAL_NAT20_PATH/package/nat20lib/Config.in" +source "$BR2_EXTERNAL_NAT20_PATH/package/libnat20/Config.in" diff --git a/examples/linux/br_external/configs/qemu_br_defconfig b/examples/linux/br_external/configs/qemu_br_defconfig index 567ba962..a48abbda 100644 --- a/examples/linux/br_external/configs/qemu_br_defconfig +++ b/examples/linux/br_external/configs/qemu_br_defconfig @@ -3980,3 +3980,4 @@ BR2_PACKAGE_NAT20CRYPTO=y BR2_PACKAGE_NAT20DEVICE=y BR2_PACKAGE_NAT20SW=y BR2_PACKAGE_NAT20LIB=y +BR2_PACKAGE_LIBNAT20=y diff --git a/examples/linux/br_external/package/libnat20/Config.in b/examples/linux/br_external/package/libnat20/Config.in new file mode 100644 index 00000000..6c996988 --- /dev/null +++ b/examples/linux/br_external/package/libnat20/Config.in @@ -0,0 +1,39 @@ +# Copyright 2026 Aurora Operations, Inc. +# +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0 +# +# This work is dual licensed. +# You may use it under Apache-2.0 or GPL-2.0 at your option. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# OR +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see +# . + +config BR2_PACKAGE_LIBNAT20 + bool "libnat20" + help + Add the libnat20 DICE library diff --git a/examples/linux/br_external/package/libnat20/libnat20.mk b/examples/linux/br_external/package/libnat20/libnat20.mk new file mode 100644 index 00000000..855b3486 --- /dev/null +++ b/examples/linux/br_external/package/libnat20/libnat20.mk @@ -0,0 +1,44 @@ +# Copyright 2026 Aurora Operations, Inc. +# +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0 +# +# This work is dual licensed. +# You may use it under Apache-2.0 or GPL-2.0 at your option. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# OR +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see +# . + +LIBNAT20_VERSION = origin/main +LIBNAT20_SITE = https://github.com/aurora-opensource/libnat20.git +LIBNAT20_SITE_METHOD = git +LIBNAT20_LICENSE = Apache-2.0 OR GPL-2.0 +LIBNAT20_LICENSE_FILES = LICENSE-Apache-2.0.txt LICENSE-GPL-2.0.txt + +LIBNAT20_INSTALL_STAGING = YES + +$(eval $(cmake-package)) diff --git a/examples/linux/br_external/utils/envsetup.sh b/examples/linux/br_external/utils/envsetup.sh index d6b1b646..8acea84f 100644 --- a/examples/linux/br_external/utils/envsetup.sh +++ b/examples/linux/br_external/utils/envsetup.sh @@ -72,6 +72,7 @@ function brrebuild() { echo " all - Rebuild all components" echo " linux - Rebuild the linux kernel" echo " nat20crypto - Rebuild the nat20crypto module" + echo " libnat20 - Rebuild the libnat20 library" echo " nat20device - Rebuild the nat20device module" echo " nat20sw - Rebuild the nat20sw module" echo " nat20lib - Rebuild the nat20lib library" @@ -81,7 +82,7 @@ function brrebuild() { case "$1" in all) - ensure_popd make linux-rebuild nat20crypto-rebuild nat20device-rebuild nat20sw-rebuild nat20lib-rebuild all + ensure_popd make linux-rebuild nat20crypto-rebuild libnat20-rebuild nat20device-rebuild nat20sw-rebuild nat20lib-rebuild all ;; *) ensure_popd make $1-rebuild all From 600e6309c6439e061078a4d27ff92ecf8416e2df Mon Sep 17 00:00:00 2001 From: Janis Danisevskis Date: Tue, 12 May 2026 09:20:36 -0700 Subject: [PATCH 35/49] address comments --- examples/linux/nat20sw/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/examples/linux/nat20sw/Makefile b/examples/linux/nat20sw/Makefile index 201f61bf..b2e333cc 100644 --- a/examples/linux/nat20sw/Makefile +++ b/examples/linux/nat20sw/Makefile @@ -34,7 +34,7 @@ # . KDIR ?= /lib/modules/`uname -r`/build -INSTALL_MOD_PATH ?= /lib/modules/`uname -r`/extra +INSTALL_MOD_DIR ?= extra NAT20SW_NAT20LIB_DIR ?= $(PWD)/../nat20lib NAT20SW_NAT20DEVICE_DIR ?= $(PWD)/../nat20device @@ -46,7 +46,7 @@ modules: $(MAKE) -C $(KDIR) NAT20SW_NAT20LIB_DIR=$(NAT20SW_NAT20LIB_DIR) NAT20SW_NAT20DEVICE_DIR=$(NAT20SW_NAT20DEVICE_DIR) NAT20SW_NAT20CRYPTO_DIR=$(NAT20SW_NAT20CRYPTO_DIR) M=$$PWD modules_install: - $(MAKE) -C $(KDIR) INSTALL_MOD_PATH=$(INSTALL_MOD_PATH) M=$$PWD modules_install + $(MAKE) -C $(KDIR) INSTALL_MOD_DIR=$(INSTALL_MOD_DIR) M=$$PWD modules_install clean: $(MAKE) -C $(KDIR) M=$$PWD clean From 1492110e2aaf9ef3bb2303beb8752fc4942f7e99 Mon Sep 17 00:00:00 2001 From: Janis Danisevskis Date: Tue, 12 May 2026 09:20:36 -0700 Subject: [PATCH 36/49] address comments --- examples/linux/nat20sw/Makefile | 4 ++-- examples/linux/nat20sw/nat20sw.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/examples/linux/nat20sw/Makefile b/examples/linux/nat20sw/Makefile index 201f61bf..b2e333cc 100644 --- a/examples/linux/nat20sw/Makefile +++ b/examples/linux/nat20sw/Makefile @@ -34,7 +34,7 @@ # . KDIR ?= /lib/modules/`uname -r`/build -INSTALL_MOD_PATH ?= /lib/modules/`uname -r`/extra +INSTALL_MOD_DIR ?= extra NAT20SW_NAT20LIB_DIR ?= $(PWD)/../nat20lib NAT20SW_NAT20DEVICE_DIR ?= $(PWD)/../nat20device @@ -46,7 +46,7 @@ modules: $(MAKE) -C $(KDIR) NAT20SW_NAT20LIB_DIR=$(NAT20SW_NAT20LIB_DIR) NAT20SW_NAT20DEVICE_DIR=$(NAT20SW_NAT20DEVICE_DIR) NAT20SW_NAT20CRYPTO_DIR=$(NAT20SW_NAT20CRYPTO_DIR) M=$$PWD modules_install: - $(MAKE) -C $(KDIR) INSTALL_MOD_PATH=$(INSTALL_MOD_PATH) M=$$PWD modules_install + $(MAKE) -C $(KDIR) INSTALL_MOD_DIR=$(INSTALL_MOD_DIR) M=$$PWD modules_install clean: $(MAKE) -C $(KDIR) M=$$PWD clean diff --git a/examples/linux/nat20sw/nat20sw.c b/examples/linux/nat20sw/nat20sw.c index dcfa8946..e6784a93 100644 --- a/examples/linux/nat20sw/nat20sw.c +++ b/examples/linux/nat20sw/nat20sw.c @@ -289,7 +289,7 @@ static int nat20sw_service_message_dispatch(void* ctx, /* Use a heuristic to estimate the initial response buffer size. */ /* Heuristic: request size + overhead for CBOR encoding and response metadata */ - response->size = request_size + 384; + response->size = request_size + 450; response->data = kzalloc(response->size, GFP_KERNEL); if (response->data == NULL) { return -ENOMEM; From 4be321056a150f301bf9f2bbfbbba4e9a8038407 Mon Sep 17 00:00:00 2001 From: Janis Danisevskis Date: Tue, 12 May 2026 09:52:04 -0700 Subject: [PATCH 37/49] Address comments --- examples/linux/br_external/package/libnat20/libnat20.mk | 5 +++++ examples/linux/br_external/utils/envsetup.sh | 1 + 2 files changed, 6 insertions(+) diff --git a/examples/linux/br_external/package/libnat20/libnat20.mk b/examples/linux/br_external/package/libnat20/libnat20.mk index 855b3486..04a15704 100644 --- a/examples/linux/br_external/package/libnat20/libnat20.mk +++ b/examples/linux/br_external/package/libnat20/libnat20.mk @@ -33,6 +33,10 @@ # along with this program; if not, see # . +# In CI LIBNAT20_OVERRIDE_SRCDIR is set to the root of the repository, +# so that the source under test is always the current branch. +# Integrators who use this configuration should pin the version +# to a specific commit or branch to avoid breakages when the main branch changes. LIBNAT20_VERSION = origin/main LIBNAT20_SITE = https://github.com/aurora-opensource/libnat20.git LIBNAT20_SITE_METHOD = git @@ -40,5 +44,6 @@ LIBNAT20_LICENSE = Apache-2.0 OR GPL-2.0 LIBNAT20_LICENSE_FILES = LICENSE-Apache-2.0.txt LICENSE-GPL-2.0.txt LIBNAT20_INSTALL_STAGING = YES +LIBNAT20_INSTALL_TARGET = NO $(eval $(cmake-package)) diff --git a/examples/linux/br_external/utils/envsetup.sh b/examples/linux/br_external/utils/envsetup.sh index 8acea84f..61218bad 100644 --- a/examples/linux/br_external/utils/envsetup.sh +++ b/examples/linux/br_external/utils/envsetup.sh @@ -50,6 +50,7 @@ export NAT20CRYPTO_OVERRIDE_SRCDIR="$LIBNAT20_ROOT" export NAT20SW_OVERRIDE_SRCDIR="$LIBNAT20_ROOT" export NAT20DEVICE_OVERRIDE_SRCDIR="$LIBNAT20_ROOT" export NAT20LIB_OVERRIDE_SRCDIR="$LIBNAT20_ROOT" +export LIBNAT20_OVERRIDE_SRCDIR="$LIBNAT20_ROOT" function ensure_popd() { "$@" From f3f0549577416fc83d88c365453824d97b053130 Mon Sep 17 00:00:00 2001 From: Janis Danisevskis Date: Tue, 12 May 2026 09:53:31 -0700 Subject: [PATCH 38/49] Make nat20sw.mk consistent --- examples/linux/br_external/package/nat20sw/nat20sw.mk | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/examples/linux/br_external/package/nat20sw/nat20sw.mk b/examples/linux/br_external/package/nat20sw/nat20sw.mk index 8d455655..fbabb5fb 100644 --- a/examples/linux/br_external/package/nat20sw/nat20sw.mk +++ b/examples/linux/br_external/package/nat20sw/nat20sw.mk @@ -33,6 +33,10 @@ # along with this program; if not, see # . +# In CI NAT20SW_OVERRIDE_SRCDIR is set to the root of the repository, +# so that the source under test is always the current branch. +# Integrators who use this configuration should pin the version +# to a specific commit or branch to avoid breakages when the main branch changes. NAT20SW_VERSION = origin/main NAT20SW_SITE = https://github.com/aurora-opensource/libnat20.git NAT20SW_SITE_METHOD = git From 7ffea18bb4f7d94c866c8bacfce96b8a18ac97e8 Mon Sep 17 00:00:00 2001 From: Janis Danisevskis Date: Wed, 13 May 2026 09:31:40 -0700 Subject: [PATCH 39/49] address comments --- examples/linux/br_external/utils/envsetup.sh | 2 +- examples/linux/nat20sw/Makefile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/examples/linux/br_external/utils/envsetup.sh b/examples/linux/br_external/utils/envsetup.sh index d6b1b646..a7001b64 100644 --- a/examples/linux/br_external/utils/envsetup.sh +++ b/examples/linux/br_external/utils/envsetup.sh @@ -81,7 +81,7 @@ function brrebuild() { case "$1" in all) - ensure_popd make linux-rebuild nat20crypto-rebuild nat20device-rebuild nat20sw-rebuild nat20lib-rebuild all + ensure_popd make linux-rebuild nat20lib-rebuild nat20crypto-rebuild nat20device-rebuild nat20sw-rebuild all ;; *) ensure_popd make $1-rebuild all diff --git a/examples/linux/nat20sw/Makefile b/examples/linux/nat20sw/Makefile index b2e333cc..0d999036 100644 --- a/examples/linux/nat20sw/Makefile +++ b/examples/linux/nat20sw/Makefile @@ -43,7 +43,7 @@ NAT20SW_NAT20CRYPTO_DIR ?= $(PWD)/../nat20crypto all: modules modules: - $(MAKE) -C $(KDIR) NAT20SW_NAT20LIB_DIR=$(NAT20SW_NAT20LIB_DIR) NAT20SW_NAT20DEVICE_DIR=$(NAT20SW_NAT20DEVICE_DIR) NAT20SW_NAT20CRYPTO_DIR=$(NAT20SW_NAT20CRYPTO_DIR) M=$$PWD + $(MAKE) -C $(KDIR) NAT20SW_NAT20LIB_DIR=$(NAT20SW_NAT20LIB_DIR) NAT20SW_NAT20DEVICE_DIR=$(NAT20SW_NAT20DEVICE_DIR) NAT20SW_NAT20CRYPTO_DIR=$(NAT20SW_NAT20CRYPTO_DIR) M=$$PWD modules modules_install: $(MAKE) -C $(KDIR) INSTALL_MOD_DIR=$(INSTALL_MOD_DIR) M=$$PWD modules_install From 0612f25187bcb34eb608f2e3e90e1057e5c05fa4 Mon Sep 17 00:00:00 2001 From: Janis Danisevskis Date: Wed, 29 Apr 2026 08:37:08 -0700 Subject: [PATCH 40/49] Add nat20cli command line tool for nat20device. This commandline tool provides a primitive interface to communicate with a nat20 device. --- .github/license-check/license-config.json | 1 + .github/workflows/linux-kmod-build.yml | 18 +- examples/linux/br_external/Config.in | 1 + .../br_external/configs/qemu_br_defconfig | 1 + .../br_external/package/nat20cli/Config.in | 40 + .../br_external/package/nat20cli/nat20cli.mk | 47 + examples/linux/br_external/utils/envsetup.sh | 4 +- examples/linux/nat20cli/CMakeLists.txt | 82 ++ examples/linux/nat20cli/nat20clitest.sh | 82 ++ examples/linux/nat20cli/openssl_dice.cnf | 61 + examples/linux/nat20cli/src/main.c | 1055 +++++++++++++++++ 11 files changed, 1390 insertions(+), 2 deletions(-) create mode 100644 examples/linux/br_external/package/nat20cli/Config.in create mode 100644 examples/linux/br_external/package/nat20cli/nat20cli.mk create mode 100644 examples/linux/nat20cli/CMakeLists.txt create mode 100755 examples/linux/nat20cli/nat20clitest.sh create mode 100644 examples/linux/nat20cli/openssl_dice.cnf create mode 100644 examples/linux/nat20cli/src/main.c diff --git a/.github/license-check/license-config.json b/.github/license-check/license-config.json index f05119d9..fbb042e5 100644 --- a/.github/license-check/license-config.json +++ b/.github/license-check/license-config.json @@ -10,6 +10,7 @@ "**/Kbuild", "examples/linux/br_external/external.desc", "examples/linux/**/Makefile", + "examples/linux/nat20cli/openssl_dice.cnf", ".clang-format", ".gitignore" ], diff --git a/.github/workflows/linux-kmod-build.yml b/.github/workflows/linux-kmod-build.yml index ca1008b4..7211f69b 100644 --- a/.github/workflows/linux-kmod-build.yml +++ b/.github/workflows/linux-kmod-build.yml @@ -49,7 +49,7 @@ jobs: steps: - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b #v4.1.5 - - name: Install Buildroot dependencies + - name: Install build and test dependencies run: | sudo apt-get update sudo apt-get install -y \ @@ -60,6 +60,7 @@ jobs: git \ libncurses-dev \ python3 \ + qemu-system-x86 \ rsync \ unzip \ wget @@ -152,3 +153,18 @@ jobs: find ${{ runner.temp }}/buildroot.build -name 'libnat20.a' | grep -q libnat20.a echo "libnat20.a built successfully:" find ${{ runner.temp }}/buildroot.build -name 'libnat20.a' -exec ls -la {} \; + + - name: Build nat20cli userspace cli tool + env: + LIBNAT20_OVERRIDE_SRCDIR: ${{ github.workspace }} + NAT20CLI_OVERRIDE_SRCDIR: ${{ github.workspace }} + run: | + cd ${{ runner.temp }}/buildroot.build/buildroot + make nat20cli-dirclean + make nat20cli -j $(( $(nproc) + 1 )) + + - name: Verify nat20cli was produced + run: | + find ${{ runner.temp }}/buildroot.build -name 'nat20cli' | grep -q nat20cli + echo "nat20cli built successfully:" + find ${{ runner.temp }}/buildroot.build -name 'nat20cli' -exec ls -la {} \; diff --git a/examples/linux/br_external/Config.in b/examples/linux/br_external/Config.in index 5cba4eae..5239828e 100644 --- a/examples/linux/br_external/Config.in +++ b/examples/linux/br_external/Config.in @@ -33,6 +33,7 @@ # along with this program; if not, see # . +source "$BR2_EXTERNAL_NAT20_PATH/package/nat20cli/Config.in" source "$BR2_EXTERNAL_NAT20_PATH/package/nat20crypto/Config.in" source "$BR2_EXTERNAL_NAT20_PATH/package/nat20device/Config.in" source "$BR2_EXTERNAL_NAT20_PATH/package/nat20sw/Config.in" diff --git a/examples/linux/br_external/configs/qemu_br_defconfig b/examples/linux/br_external/configs/qemu_br_defconfig index a48abbda..517392fa 100644 --- a/examples/linux/br_external/configs/qemu_br_defconfig +++ b/examples/linux/br_external/configs/qemu_br_defconfig @@ -3976,6 +3976,7 @@ BR2_TARGET_UBOOT_CUSTOM_PATCH_DIR="" # # Provides NAT20 related packages. # +BR2_PACKAGE_NAT20CLI=y BR2_PACKAGE_NAT20CRYPTO=y BR2_PACKAGE_NAT20DEVICE=y BR2_PACKAGE_NAT20SW=y diff --git a/examples/linux/br_external/package/nat20cli/Config.in b/examples/linux/br_external/package/nat20cli/Config.in new file mode 100644 index 00000000..0eb7b0cc --- /dev/null +++ b/examples/linux/br_external/package/nat20cli/Config.in @@ -0,0 +1,40 @@ +# Copyright 2026 Aurora Operations, Inc. +# +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0 +# +# This work is dual licensed. +# You may use it under Apache-2.0 or GPL-2.0 at your option. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# OR +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see +# . + +config BR2_PACKAGE_NAT20CLI + bool "nat20cli" + depends on BR2_PACKAGE_LIBNAT20 + help + Enable building the nat20cli tool. diff --git a/examples/linux/br_external/package/nat20cli/nat20cli.mk b/examples/linux/br_external/package/nat20cli/nat20cli.mk new file mode 100644 index 00000000..02774e6f --- /dev/null +++ b/examples/linux/br_external/package/nat20cli/nat20cli.mk @@ -0,0 +1,47 @@ +# Copyright 2026 Aurora Operations, Inc. +# +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0 +# +# This work is dual licensed. +# You may use it under Apache-2.0 or GPL-2.0 at your option. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# OR +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see +# . + +NAT20CLI_VERSION = origin/main +NAT20CLI_SITE = https://github.com/aurora-opensource/libnat20.git +NAT20CLI_SITE_METHOD = git +NAT20CLI_LICENSE = Apache-2.0 OR GPL-2.0 +NAT20CLI_LICENSE_FILES = LICENSE-Apache-2.0.txt LICENSE-GPL-2.0.txt + +NAT20CLI_SUBDIR = examples/linux/nat20cli + +NAT20CLI_INSTALL_TARGET = YES +NAT20CLI_DEPENDENCIES += libnat20 + +$(eval $(cmake-package)) diff --git a/examples/linux/br_external/utils/envsetup.sh b/examples/linux/br_external/utils/envsetup.sh index d0b3b80a..8c27e3ed 100644 --- a/examples/linux/br_external/utils/envsetup.sh +++ b/examples/linux/br_external/utils/envsetup.sh @@ -46,6 +46,7 @@ fi source .env +export NAT20CLI_OVERRIDE_SRCDIR="$LIBNAT20_ROOT" export NAT20CRYPTO_OVERRIDE_SRCDIR="$LIBNAT20_ROOT" export NAT20SW_OVERRIDE_SRCDIR="$LIBNAT20_ROOT" export NAT20DEVICE_OVERRIDE_SRCDIR="$LIBNAT20_ROOT" @@ -72,6 +73,7 @@ function brrebuild() { echo "Available targets:" echo " all - Rebuild all components" echo " linux - Rebuild the linux kernel" + echo " nat20cli - Rebuild the Dice CLI" echo " nat20crypto - Rebuild the nat20crypto module" echo " libnat20 - Rebuild the libnat20 library" echo " nat20device - Rebuild the nat20device module" @@ -83,7 +85,7 @@ function brrebuild() { case "$1" in all) - ensure_popd make linux-rebuild nat20lib-rebuild nat20crypto-rebuild nat20device-rebuild nat20sw-rebuild libnat20-rebuild all + ensure_popd make linux-rebuild nat20lib-rebuild nat20crypto-rebuild nat20device-rebuild nat20sw-rebuild libnat20-rebuild nat20cli-rebuild all ;; *) ensure_popd make $1-rebuild all diff --git a/examples/linux/nat20cli/CMakeLists.txt b/examples/linux/nat20cli/CMakeLists.txt new file mode 100644 index 00000000..e87bd3dd --- /dev/null +++ b/examples/linux/nat20cli/CMakeLists.txt @@ -0,0 +1,82 @@ +# Copyright 2026 Aurora Operations, Inc. +# +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0 +# +# This work is dual licensed. +# You may use it under Apache-2.0 or GPL-2.0 at your option. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# OR +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see +# . + +cmake_minimum_required(VERSION 3.22) + +project(NAT20CLI VERSION 0.0.1 LANGUAGES C) + +# The C standard shall be C11. +set(CMAKE_C_STANDARD 11) + +# CMake shall generate a compile_commands.json file for +# the benfit of clangd based IDE support. +set(CMAKE_EXPORT_COMPILE_COMMANDS ON) + +################################################################################################### +# The following section defines all the groups of source files. +# All files must be specified explicitly; no globbing or other generation is allowed. + +set(NAT20CLI_SOURCES + # Add the core library source files here. + src/main.c +) + +################################################################################################### + +################################################################################################### +# The nat20_service library is also part of the product of this project. +# It will always be compiled. +add_executable(nat20cli) + +find_package(LibNat20 REQUIRED) + +target_sources(nat20cli + PRIVATE ${NAT20CLI_SOURCES} +) + +target_link_libraries(nat20cli PRIVATE LibNat20::nat20 LibNat20::nat20_service LibNat20::nat20_crypto_nat20) + +target_compile_options(nat20cli + PRIVATE -pedantic + PRIVATE -Wall + PRIVATE -Wextra + PRIVATE -Werror +) + +install(TARGETS nat20cli RUNTIME DESTINATION bin) +install(PROGRAMS nat20clitest.sh DESTINATION bin) +install(FILES openssl_dice.cnf DESTINATION bin) + +################################################################################################### diff --git a/examples/linux/nat20cli/nat20clitest.sh b/examples/linux/nat20cli/nat20clitest.sh new file mode 100755 index 00000000..a0c4cc55 --- /dev/null +++ b/examples/linux/nat20cli/nat20clitest.sh @@ -0,0 +1,82 @@ +#!/bin/sh + +# Copyright 2026 Aurora Operations, Inc. +# +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0 +# +# This work is dual licensed. +# You may use it under Apache-2.0 or GPL-2.0 at your option. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# OR +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see +# . + +set -e + +SCRIPT_DIR="$(dirname "$0")" +export OPENSSL_CONF="${SCRIPT_DIR}/openssl_dice.cnf" + +modprobe nat20sw +mount -t securityfs none /sys/kernel/security + +nat20cli cdi-cert --key-type p256 --parent-key-type p256 --output cdi_0.der --certificate-format x509 --code-desc 795375622d322e332e343a33386334353963666164666132623839353333363939353465313266373534386433613161633937336338383830303563336236646232333436636263386631 --code 228d8f76c811276e991012cf5f46090377fc72c95a6ef9e1ccd4eebec8997be5b57f0fb2c7f4804af212711e7b49533f8bc00ddee9480f76155b3da1101604b9 --conf-desc 45787472616f7264696e617279206e6f726d616c20636f6e66696775726174696f6e --conf 671e957aff5565a55961dcaef7634f1a665d8f286e7bd99593532741417f22981b57bdc39241c9685f7377e3622067c261c3ce974e6db5f18d121adad2d76185 --auth-desc 41206365727469666963617465 --auth 50808e4ab921ecf31ca5f662b6d8b85b98ec4d3f64175c8b5d70c1f0e2fef048f87b3178907e1f2d652bd8588fa84f4c374347cc34b97dae13a5b981790b38cb --mode normal --hidden 2f299d2cc916e5219a6bcbc14c7135fa25e9a71018c2bafe8c0658d4041de6c87aa444aedcc68e7d7674b81b5838be1b74bf19d4d6fb05fb0db9ee7e297afc09 +nat20cli cdi-cert --key-type p256 --parent-key-type p256 --output cdi_0.cose --certificate-format cose --code-desc 795375622d322e332e343a33386334353963666164666132623839353333363939353465313266373534386433613161633937336338383830303563336236646232333436636263386631 --code 228d8f76c811276e991012cf5f46090377fc72c95a6ef9e1ccd4eebec8997be5b57f0fb2c7f4804af212711e7b49533f8bc00ddee9480f76155b3da1101604b9 --conf-desc 45787472616f7264696e617279206e6f726d616c20636f6e66696775726174696f6e --conf 671e957aff5565a55961dcaef7634f1a665d8f286e7bd99593532741417f22981b57bdc39241c9685f7377e3622067c261c3ce974e6db5f18d121adad2d76185 --auth-desc 41206365727469666963617465 --auth 50808e4ab921ecf31ca5f662b6d8b85b98ec4d3f64175c8b5d70c1f0e2fef048f87b3178907e1f2d652bd8588fa84f4c374347cc34b97dae13a5b981790b38cb --mode normal --hidden 2f299d2cc916e5219a6bcbc14c7135fa25e9a71018c2bafe8c0658d4041de6c87aa444aedcc68e7d7674b81b5838be1b74bf19d4d6fb05fb0db9ee7e297afc09 +nat20cli promote -i 790fd72ee1352017d822773bc8f5c1ac6e4bf310dfac72fbff622368c01372bc78324f0c06cbc37964e32b18588560a386357e4517ffe93052c67fe6213c38bc +nat20cli cdi-cert --key-type p256 --parent-key-type p256 --output cdi_1.der --certificate-format x509 --code-desc 795375622d322e332e343a33386334353963666164666132623839353333363939353465313266373534386433613161633937336338383830303563336236646232333436636263386631 --code 228d8f76c811276e991012cf5f46090377fc72c95a6ef9e1ccd4eebec8997be5b57f0fb2c7f4804af212711e7b49533f8bc00ddee9480f76155b3da1101604b9 --conf-desc 45787472616f7264696e617279206e6f726d616c20636f6e66696775726174696f6e --conf 671e957aff5565a55961dcaef7634f1a665d8f286e7bd99593532741417f22981b57bdc39241c9685f7377e3622067c261c3ce974e6db5f18d121adad2d76185 --auth-desc 41206365727469666963617465 --auth 50808e4ab921ecf31ca5f662b6d8b85b98ec4d3f64175c8b5d70c1f0e2fef048f87b3178907e1f2d652bd8588fa84f4c374347cc34b97dae13a5b981790b38cb --mode normal --hidden 2f299d2cc916e5219a6bcbc14c7135fa25e9a71018c2bafe8c0658d4041de6c87aa444aedcc68e7d7674b81b5838be1b74bf19d4d6fb05fb0db9ee7e297afc09 +nat20cli cdi-cert --key-type p256 --parent-key-type p256 --output cdi_1.cose --certificate-format cose --code-desc 795375622d322e332e343a33386334353963666164666132623839353333363939353465313266373534386433613161633937336338383830303563336236646232333436636263386631 --code 228d8f76c811276e991012cf5f46090377fc72c95a6ef9e1ccd4eebec8997be5b57f0fb2c7f4804af212711e7b49533f8bc00ddee9480f76155b3da1101604b9 --conf-desc 45787472616f7264696e617279206e6f726d616c20636f6e66696775726174696f6e --conf 671e957aff5565a55961dcaef7634f1a665d8f286e7bd99593532741417f22981b57bdc39241c9685f7377e3622067c261c3ce974e6db5f18d121adad2d76185 --auth-desc 41206365727469666963617465 --auth 50808e4ab921ecf31ca5f662b6d8b85b98ec4d3f64175c8b5d70c1f0e2fef048f87b3178907e1f2d652bd8588fa84f4c374347cc34b97dae13a5b981790b38cb --mode normal --hidden 2f299d2cc916e5219a6bcbc14c7135fa25e9a71018c2bafe8c0658d4041de6c87aa444aedcc68e7d7674b81b5838be1b74bf19d4d6fb05fb0db9ee7e297afc09 + +openssl x509 -inform der -outform pem -in cdi_0.der -out cdi_0.pem +openssl x509 -inform der -outform pem -in cdi_1.der -out cdi_1.pem + +# The dice chain is formatted as variable length CBOR array +# with each element being a tagged certificate. +# Here, it is assumed the the chain contains only the semi hardcoded UDS certificate +# from the nat20sw example, which is the only certificate in the chain. +# arr (#6.80150 (bytes(DER encoded cert))) +# tail -c+10 strips off the first 9 bytes: +# The variable lenght array header (1 byte 0x9f) +# The certificate tag (5 bytes) +# The bytes header (3 bytes) +# The head -c-1 strips off the last byte, which is the CBOR "break" byte (0xff) for the variable length array. +# The resulting uds_cert.der file is the DER encoded UDS certificate, which can be parsed with standard tools. +tail -c+10 /sys/kernel/security/nat200/dice_chain | head -c-1 > uds_cert.der + +openssl x509 -inform der -in uds_cert.der -outform pem -out uds_cert_p256.pem + +cat uds_cert_p256.pem cdi_0.pem > chain.pem + +openssl x509 -inform pem -in uds_cert_p256.pem -noout -text +openssl x509 -inform pem -in cdi_0.pem -noout -text +openssl x509 -inform pem -in cdi_1.pem -noout -text + +# Verify the certificate chain. The UDS certificate is self-signed, so it is the trust anchor for the chain. +# The -ignore_critical flag is needed to ignore the critical extension in the UDS certificate, +# which is not understood by OpenSSL but is required by the DICE specification. This check +# only verifies the signatures and the certificate format, not the critical extension semantics. +openssl verify -ignore_critical -CAfile chain.pem cdi_1.pem + +echo "OpenSSL chain verification passed." diff --git a/examples/linux/nat20cli/openssl_dice.cnf b/examples/linux/nat20cli/openssl_dice.cnf new file mode 100644 index 00000000..5e27382e --- /dev/null +++ b/examples/linux/nat20cli/openssl_dice.cnf @@ -0,0 +1,61 @@ +# Copyright 2026 Aurora Operations, Inc. +# +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0 +# +# This work is dual licensed. +# You may use it under Apache-2.0 or GPL-2.0 at your option. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# OR +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see +# . + +# OpenSSL configuration for DICE certificate extensions. +# +# DICE certificates contain critical X.509v3 extensions with OIDs that +# vanilla OpenSSL does not recognize. This config registers their names +# for human-readable display in `openssl x509 -text` output. +# +# Because OpenSSL has no config-level mechanism to register handlers for +# custom critical extensions, `openssl verify` must also be invoked with +# -ignore_critical when verifying DICE certificate chains. +# +# Usage: +# export OPENSSL_CONF=/path/to/openssl_dice.cnf +# openssl x509 -in cert.pem -noout -text +# openssl verify -ignore_critical -CAfile chain.pem leaf.pem + +openssl_conf = openssl_init + +[openssl_init] +oid_section = dice_oids + +[dice_oids] +openDiceInput = Open DICE Input, 1.3.6.1.4.1.11129.2.1.24 +tcgDiceTcbInfo = TCG DICE TCB Info, 2.23.133.5.4.1 +tcgDiceMultiTcbInfo = TCG DICE Multi-TCB Info, 2.23.133.5.4.5 +tcgDiceUeid = TCG DICE UEID, 2.23.133.5.4.4 +tcgDiceTcbFreshness = TCG DICE TCB Freshness, 2.23.133.5.4.11 diff --git a/examples/linux/nat20cli/src/main.c b/examples/linux/nat20cli/src/main.c new file mode 100644 index 00000000..9349440e --- /dev/null +++ b/examples/linux/nat20cli/src/main.c @@ -0,0 +1,1055 @@ +/* + * Copyright 2026 Aurora Operations, Inc. + * + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0 + * + * This work is dual licensed. + * You may use it under Apache-2.0 or GPL-2.0 at your option. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * OR + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see + * . + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +// CLI tool specific error codes +typedef enum { + cli_error_ok = 0, + cli_error_invalid_argument, + cli_error_io, + cli_error_memory, + cli_error_libnat20, + cli_error_server, +} cli_error_t; + +char const *usage_format_str = + "Usage: %s \n" + "Commands:\n" + " promote Instruct the service to promote the caller to the next " + "level.\n" + " cdi-cert Instruct the service to issue a CDI certificate.\n" + " eca-cert Instruct the service to issue an ECA certificate.\n" + " eca-ee-cert Instruct the service to issue an ECA End-Entity " + "certificate.\n" + " eca-ee-sign Instruct the service to sign a message with an ECA EE " + "key.\n" + "Options promote:\n" + " --compressed-input -i :\n" + " A hex string. " + "H(||||)\n" + "\n" + "Options common (all commands except promote):\n" + " --key-type -k \n" + " --parent-path-element -n \n" + " A parent path element. May be given multiple times. Each " + "element\n" + " is a compressed input. The inputs are used to derive the " + "effective\n" + " parent CDI and thus the key material for the operation.\n" + " --output -o \n" + " The output file to write the resulting certificate or " + "signature to.\n" + "\n" + "Options (*-cert commands):\n" + " --parent-key-type -p \n" + " The key type of the parent key. This is used to identify " + "the\n" + " issuer key algorithm.\n" + " --certificate-format -f \n" + " The format of the certificate to be issued.\n" + "\n" + "Options (cdi-cert):" + " --code -c \n" + " The code hash as hex string.\n" + " --code-desc -C \n" + " The code description as hex string.\n" + " --conf -g \n" + " The configuration hash as hex string.\n" + " --conf-desc -G \n" + " The configuration description as hex string.\n" + " --auth -a \n" + " The authorization hash as hex string.\n" + " --auth-desc -A \n" + " The authorization description as hex string.\n" + " --mode -m \n" + " The mode.\n" + " --hidden -H \n" + " The hidden context as hex string. Hidden is part of the " + "CDI derivation " + "context.\n" + " But does not appear in the CDI certificate.\n" + " --profile-name -P \n" + " The profile name. The DICE profile name is used to " + "identify the\n" + " specific DICE profile being used.\n" + "\n" + "Options (eca-ee-cert and eca-ee-sign)\n" + " --name -N \n" + " The application specific name of the end-entity key. It " + "is not\n" + " included in the issued end-entity certificate, but it is " + "part of\n" + " the key derivation context. Thus keys with different " + "names are\n" + " never identical.\n" + " --key-usage -u \n" + " The key usage.\n" + "\n" + "Options (eca-cert and eca-ee-cert)\n" + " --challenge -l \n" + " The challenge. Will be included in the certificate. " + "Using the\n" + " TCG DICE Freshness extension.\n" + "\n" + "Options (eca-ee-sign)\n" + " --message -M \n" + " The message.\n"; + +void print_usage(char const *prog) { fprintf(stderr, usage_format_str, prog); } + +int parse_key_type(char const *str) { + if (strcmp(str, "ed25519") == 0) return n20_crypto_key_type_ed25519_e; + if (strcmp(str, "p256") == 0) return n20_crypto_key_type_secp256r1_e; + if (strcmp(str, "p384") == 0) return n20_crypto_key_type_secp384r1_e; + return n20_crypto_key_type_none_e; +} + +int parse_request_type(char const *str) { + if (strcmp(str, "promote") == 0) return n20_msg_request_type_promote_e; + if (strcmp(str, "cdi-cert") == 0) return n20_msg_request_type_issue_cdi_cert_e; + if (strcmp(str, "eca-cert") == 0) return n20_msg_request_type_issue_eca_cert_e; + if (strcmp(str, "eca-ee-cert") == 0) return n20_msg_request_type_issue_eca_ee_cert_e; + if (strcmp(str, "eca-ee-sign") == 0) return n20_msg_request_type_eca_ee_sign_e; + return n20_msg_request_type_none_e; +} + +int parse_mode(char const *str) { + if (strcmp(str, "not-configured") == 0) return n20_open_dice_mode_not_configured_e; + if (strcmp(str, "normal") == 0) return n20_open_dice_mode_normal_e; + if (strcmp(str, "debug") == 0) return n20_open_dice_mode_debug_e; + if (strcmp(str, "recovery") == 0) return n20_open_dice_mode_recovery_e; + return n20_open_dice_mode_not_configured_e; +} + +int parse_output_format(char const *str) { + if (strcmp(str, "x509") == 0) return n20_certificate_format_x509_e; +#ifdef N20_WITH_COSE + if (strcmp(str, "cose") == 0) return n20_certificate_format_cose_e; +#endif + return n20_certificate_format_none_e; +} + +void parse_key_usage(char const *str, uint8_t key_usage[2]) { + if (strcmp(str, "sign") == 0) { + N20_OPEN_DICE_KEY_USAGE_SET_DIGITAL_SIGNATURE(key_usage); + } else if (strcmp(str, "cert-sign") == 0) { + N20_OPEN_DICE_KEY_USAGE_SET_KEY_CERT_SIGN(key_usage); + } +} + +// Intermediate structure to hold parsed command-line options +typedef struct { + // Common fields + int request_type; + char const *output_file; + + // Key-related fields + int subject_key_type; // -k + int issuer_key_type; // -p + + // Parent path (used by most commands except promote) + struct { + char const **elements; // Array of hex strings + size_t count; + size_t capacity; + } parent_path; + + // Certificate-related + int certificate_format; // -f + char const *challenge; // -l + + // CDI-specific fields + struct { + char const *code_hash; // -c + char const *code_desc; // -C + char const *conf_hash; // -g + char const *conf_desc; // -G + char const *auth_hash; // -a + char const *auth_desc; // -A + char const *hidden; // -H + int mode; // -m + char const *profile_name; // -P + } cdi_fields; + + // ECA EE-specific fields + struct { + char const *name; // -N + char const *key_usage_str; // -u + } ee_fields; + + // Command-specific fields + char const *compressed_input; // -i (promote) + char const *message; // -M (eca-ee-sign) +} parsed_options_t; + +// Convert a hex nibble character to its 4-bit value +static int8_t nibble2bits(uint8_t nibble) { + nibble -= 0x30; // Convert ASCII to numeric value + if (nibble <= 9) return nibble; + nibble &= 0xDF; // Convert to uppercase + nibble -= 7; // Adjust for A-F + if (nibble < 0x10) return nibble; + return -1; +} + +static int hex_string_to_bytes_in_place(char *hex) { + size_t len = strlen(hex); + uint8_t *out_pos = (uint8_t *)hex; + size_t pos = 0; + if ((len & 1) != 0) { + // Odd length, assume leading zero + *out_pos++ = nibble2bits(hex[0]); + pos++; + } + + while (pos < len) { + int8_t high = nibble2bits(hex[pos++]); + int8_t low = nibble2bits(hex[pos++]); + if (high < 0 || low < 0) { + return -1; // Invalid hex character + } + *out_pos++ = (high << 4) | low; + } + + return out_pos - (uint8_t *)hex; // Return number of bytes written +} + +// Helper function to parse hex string into a slice +static cli_error_t parse_hex_to_slice(n20_slice_t *slice, + char const *hex_str, + char const *field_name) { + if (hex_str == NULL) { + slice->buffer = NULL; + slice->size = 0; + return cli_error_ok; + } + + slice->buffer = (uint8_t *)hex_str; + int bytes_written = hex_string_to_bytes_in_place((char *)slice->buffer); + if (bytes_written < 0) { + fprintf(stderr, "Invalid hex string for %s\n", field_name); + return cli_error_invalid_argument; + } + slice->size = bytes_written; + return cli_error_ok; +} + +// Helper function to add parent path element to options +static bool add_parent_path_element(parsed_options_t *opts, char const *element) { + if (opts->parent_path.count >= opts->parent_path.capacity) { + size_t new_capacity = opts->parent_path.capacity == 0 ? 4 : opts->parent_path.capacity * 2; + char const **new_elements = + reallocarray((void *)opts->parent_path.elements, new_capacity, sizeof(char const *)); + if (new_elements == NULL) { + return false; + } + opts->parent_path.elements = new_elements; + opts->parent_path.capacity = new_capacity; + } + opts->parent_path.elements[opts->parent_path.count++] = element; + return true; +} + +// Helper function to clean up parsed options +static void cleanup_parsed_options(parsed_options_t *opts) { + if (opts->parent_path.elements != NULL) { + free((void *)opts->parent_path.elements); + opts->parent_path.elements = NULL; + } +} + +static bool add_parent_path_decoded(n20_parent_path_t *path, char const *hex_str) { + if (path->is_encoded) { + fprintf(stderr, "Cannot add parent path element to already encoded path\n"); + return false; + } + n20_slice_t *new_slices = + reallocarray((void *)path->decoded, path->length + 1, sizeof(n20_slice_t)); + if (new_slices == NULL) { + free((void *)path->decoded); + path->decoded = NULL; + return false; + } + path->decoded = new_slices; + new_slices[path->length].buffer = (uint8_t *)hex_str; + new_slices[path->length].size = strlen(hex_str) / 2; // Assuming hex string represents bytes + path->length++; + return true; +} + +static void clean_up_request(n20_msg_request_t *request) { + n20_parent_path_t *path = NULL; + switch (request->request_type) { + case n20_msg_request_type_issue_cdi_cert_e: + path = &request->payload.issue_cdi_cert.parent_path; + break; + case n20_msg_request_type_issue_eca_cert_e: + path = &request->payload.issue_eca_cert.parent_path; + break; + case n20_msg_request_type_issue_eca_ee_cert_e: + path = &request->payload.issue_eca_ee_cert.parent_path; + break; + case n20_msg_request_type_eca_ee_sign_e: + path = &request->payload.eca_ee_sign.parent_path; + break; + default: + return; // No parent path to clean up + } + if (!path->is_encoded && path->decoded != NULL) { + free((void *)path->decoded); + path->decoded = NULL; + } +} +// Unified option parsing function +static int parse_command_options(int argc, char *argv[], parsed_options_t *opts) { + // Define all possible long options + static struct option long_options[] = {// Common options + {"key-type", required_argument, 0, 'k'}, + {"parent-path-element", required_argument, 0, 'n'}, + {"output", required_argument, 0, 'o'}, + {"parent-key-type", required_argument, 0, 'p'}, + {"certificate-format", required_argument, 0, 'f'}, + {"challenge", required_argument, 0, 'l'}, + {"help", no_argument, 0, '?'}, + + // Promote options + {"compressed-input", required_argument, 0, 'i'}, + + // CDI cert options + {"code", required_argument, 0, 'c'}, + {"code-desc", required_argument, 0, 'C'}, + {"conf", required_argument, 0, 'g'}, + {"conf-desc", required_argument, 0, 'G'}, + {"auth", required_argument, 0, 'a'}, + {"auth-desc", required_argument, 0, 'A'}, + {"mode", required_argument, 0, 'm'}, + {"hidden", required_argument, 0, 'H'}, + {"profile-name", required_argument, 0, 'P'}, + + // ECA EE options + {"name", required_argument, 0, 'N'}, + {"key-usage", required_argument, 0, 'u'}, + + // ECA EE sign options + {"message", required_argument, 0, 'M'}, + + {0, 0, 0, 0}}; + + int opt; + while ((opt = getopt_long( + argc, argv, "i:k:n:o:p:f:c:C:g:G:a:A:m:H:P:l:N:u:M:?", long_options, NULL)) != -1) { + switch (opt) { + // Common options + case 'k': + opts->subject_key_type = parse_key_type(optarg); + break; + case 'p': + opts->issuer_key_type = parse_key_type(optarg); + break; + case 'n': + if (!add_parent_path_element(opts, optarg)) { + fprintf(stderr, "Failed to add parent path element\n"); + return -1; + } + break; + case 'o': + opts->output_file = optarg; + break; + case 'f': + opts->certificate_format = parse_output_format(optarg); + break; + case 'l': + opts->challenge = optarg; + break; + + // Promote options + case 'i': + opts->compressed_input = optarg; + break; + + // CDI cert options + case 'c': + opts->cdi_fields.code_hash = optarg; + break; + case 'C': + opts->cdi_fields.code_desc = optarg; + break; + case 'g': + opts->cdi_fields.conf_hash = optarg; + break; + case 'G': + opts->cdi_fields.conf_desc = optarg; + break; + case 'a': + opts->cdi_fields.auth_hash = optarg; + break; + case 'A': + opts->cdi_fields.auth_desc = optarg; + break; + case 'm': + opts->cdi_fields.mode = parse_mode(optarg); + break; + case 'H': + opts->cdi_fields.hidden = optarg; + break; + case 'P': + opts->cdi_fields.profile_name = optarg; + break; + + // ECA EE options + case 'N': + opts->ee_fields.name = optarg; + break; + case 'u': + opts->ee_fields.key_usage_str = optarg; + break; + + // ECA EE sign options + case 'M': + opts->message = optarg; + break; + + case '?': + // Help requested + return -1; + default: + // Unknown option + return -1; + } + } + + return 0; +} + +// Initialize promote request from parsed options +static cli_error_t init_promote_request(n20_msg_request_t *request, parsed_options_t const *opts) { + if (opts->compressed_input == NULL) { + fprintf(stderr, "Promote requires --compressed-input\n"); + return cli_error_invalid_argument; + } + + request->request_type = n20_msg_request_type_promote_e; + return parse_hex_to_slice( + &request->payload.promote.compressed_context, opts->compressed_input, "compressed input"); +} + +// Initialize CDI cert request from parsed options +static cli_error_t init_cdi_cert_request(n20_msg_request_t *request, parsed_options_t const *opts) { + cli_error_t err; + + request->request_type = n20_msg_request_type_issue_cdi_cert_e; + request->payload.issue_cdi_cert.subject_key_type = opts->subject_key_type; + request->payload.issue_cdi_cert.issuer_key_type = opts->issuer_key_type; + request->payload.issue_cdi_cert.certificate_format = opts->certificate_format; + + // Validate required fields + if (opts->subject_key_type == n20_crypto_key_type_none_e) { + fprintf(stderr, "Invalid or missing --key-type\n"); + return cli_error_invalid_argument; + } + if (opts->issuer_key_type == n20_crypto_key_type_none_e) { + fprintf(stderr, "Invalid or missing --parent-key-type\n"); + return cli_error_invalid_argument; + } + if (opts->certificate_format == n20_certificate_format_none_e) { + fprintf(stderr, "Invalid or missing --certificate-format\n"); + return cli_error_invalid_argument; + } + + // Parse CDI fields + err = parse_hex_to_slice(&request->payload.issue_cdi_cert.next_context.code_hash, + opts->cdi_fields.code_hash, + "code hash"); + if (err != cli_error_ok) return err; + + err = parse_hex_to_slice(&request->payload.issue_cdi_cert.next_context.code_descriptor, + opts->cdi_fields.code_desc, + "code descriptor"); + if (err != cli_error_ok) return err; + + err = parse_hex_to_slice(&request->payload.issue_cdi_cert.next_context.configuration_hash, + opts->cdi_fields.conf_hash, + "configuration hash"); + if (err != cli_error_ok) return err; + + err = parse_hex_to_slice(&request->payload.issue_cdi_cert.next_context.configuration_descriptor, + opts->cdi_fields.conf_desc, + "configuration descriptor"); + if (err != cli_error_ok) return err; + + err = parse_hex_to_slice(&request->payload.issue_cdi_cert.next_context.authority_hash, + opts->cdi_fields.auth_hash, + "authority hash"); + if (err != cli_error_ok) return err; + + err = parse_hex_to_slice(&request->payload.issue_cdi_cert.next_context.authority_descriptor, + opts->cdi_fields.auth_desc, + "authority descriptor"); + if (err != cli_error_ok) return err; + + err = parse_hex_to_slice( + &request->payload.issue_cdi_cert.next_context.hidden, opts->cdi_fields.hidden, "hidden"); + if (err != cli_error_ok) return err; + + request->payload.issue_cdi_cert.next_context.mode = opts->cdi_fields.mode; + + if (opts->cdi_fields.profile_name) { + request->payload.issue_cdi_cert.next_context.profile_name.buffer = + opts->cdi_fields.profile_name; + request->payload.issue_cdi_cert.next_context.profile_name.size = + strlen(opts->cdi_fields.profile_name); + } + + // Build parent path + for (size_t i = 0; i < opts->parent_path.count; ++i) { + if (!add_parent_path_decoded(&request->payload.issue_cdi_cert.parent_path, + opts->parent_path.elements[i])) { + fprintf(stderr, "Failed to add parent path element\n"); + return cli_error_invalid_argument; + } + } + + // Parse parent path hex strings + for (size_t i = 0; i < request->payload.issue_cdi_cert.parent_path.length; ++i) { + err = parse_hex_to_slice( + (n20_slice_t *)&request->payload.issue_cdi_cert.parent_path.decoded[i], + (char const *)request->payload.issue_cdi_cert.parent_path.decoded[i].buffer, + "parent path element"); + if (err != cli_error_ok) return err; + } + + return cli_error_ok; +} + +// Initialize ECA cert request from parsed options +static cli_error_t init_eca_cert_request(n20_msg_request_t *request, parsed_options_t const *opts) { + cli_error_t err; + + request->request_type = n20_msg_request_type_issue_eca_cert_e; + request->payload.issue_eca_cert.subject_key_type = opts->subject_key_type; + request->payload.issue_eca_cert.issuer_key_type = opts->issuer_key_type; + request->payload.issue_eca_cert.certificate_format = opts->certificate_format; + + // Validate required fields + if (opts->subject_key_type == n20_crypto_key_type_none_e) { + fprintf(stderr, "Invalid or missing --key-type\n"); + return cli_error_invalid_argument; + } + if (opts->issuer_key_type == n20_crypto_key_type_none_e) { + fprintf(stderr, "Invalid or missing --parent-key-type\n"); + return cli_error_invalid_argument; + } + if (opts->certificate_format == n20_certificate_format_none_e) { + fprintf(stderr, "Invalid or missing --certificate-format\n"); + return cli_error_invalid_argument; + } + + // Parse challenge if provided + err = parse_hex_to_slice( + &request->payload.issue_eca_cert.challenge, opts->challenge, "challenge"); + if (err != cli_error_ok) return err; + + // Build parent path + for (size_t i = 0; i < opts->parent_path.count; ++i) { + if (!add_parent_path_decoded(&request->payload.issue_eca_cert.parent_path, + opts->parent_path.elements[i])) { + fprintf(stderr, "Failed to add parent path element\n"); + return cli_error_invalid_argument; + } + } + + // Parse parent path hex strings + for (size_t i = 0; i < request->payload.issue_eca_cert.parent_path.length; ++i) { + err = parse_hex_to_slice( + (n20_slice_t *)&request->payload.issue_eca_cert.parent_path.decoded[i], + (char const *)request->payload.issue_eca_cert.parent_path.decoded[i].buffer, + "parent path element"); + if (err != cli_error_ok) return err; + } + + return cli_error_ok; +} + +// Initialize ECA EE cert request from parsed options +static cli_error_t init_eca_ee_cert_request(n20_msg_request_t *request, + parsed_options_t const *opts, + uint8_t key_usage[2]) { + cli_error_t err; + + request->request_type = n20_msg_request_type_issue_eca_ee_cert_e; + request->payload.issue_eca_ee_cert.subject_key_type = opts->subject_key_type; + request->payload.issue_eca_ee_cert.issuer_key_type = opts->issuer_key_type; + request->payload.issue_eca_ee_cert.certificate_format = opts->certificate_format; + + // Validate required fields + if (opts->subject_key_type == n20_crypto_key_type_none_e) { + fprintf(stderr, "Invalid or missing --key-type\n"); + return cli_error_invalid_argument; + } + if (opts->issuer_key_type == n20_crypto_key_type_none_e) { + fprintf(stderr, "Invalid or missing --parent-key-type\n"); + return cli_error_invalid_argument; + } + if (opts->certificate_format == n20_certificate_format_none_e) { + fprintf(stderr, "Invalid or missing --certificate-format\n"); + return cli_error_invalid_argument; + } + + // Set name + if (opts->ee_fields.name) { + request->payload.issue_eca_ee_cert.name.buffer = opts->ee_fields.name; + request->payload.issue_eca_ee_cert.name.size = strlen(opts->ee_fields.name); + } + + // Parse key usage + if (opts->ee_fields.key_usage_str) { + parse_key_usage(opts->ee_fields.key_usage_str, key_usage); + request->payload.issue_eca_ee_cert.key_usage.buffer = key_usage; + request->payload.issue_eca_ee_cert.key_usage.size = 2; + } + + // Parse challenge if provided + err = parse_hex_to_slice( + &request->payload.issue_eca_ee_cert.challenge, opts->challenge, "challenge"); + if (err != cli_error_ok) return err; + + // Build parent path + for (size_t i = 0; i < opts->parent_path.count; ++i) { + if (!add_parent_path_decoded(&request->payload.issue_eca_ee_cert.parent_path, + opts->parent_path.elements[i])) { + fprintf(stderr, "Failed to add parent path element\n"); + return cli_error_invalid_argument; + } + } + + // Parse parent path hex strings + for (size_t i = 0; i < request->payload.issue_eca_ee_cert.parent_path.length; ++i) { + err = parse_hex_to_slice( + (n20_slice_t *)&request->payload.issue_eca_ee_cert.parent_path.decoded[i], + (char const *)request->payload.issue_eca_ee_cert.parent_path.decoded[i].buffer, + "parent path element"); + if (err != cli_error_ok) return err; + } + + return cli_error_ok; +} + +// Initialize ECA EE sign request from parsed options +static cli_error_t init_eca_ee_sign_request(n20_msg_request_t *request, + parsed_options_t const *opts, + uint8_t key_usage[2]) { + cli_error_t err; + + request->request_type = n20_msg_request_type_eca_ee_sign_e; + request->payload.eca_ee_sign.subject_key_type = opts->subject_key_type; + + // Validate required fields + if (opts->subject_key_type == n20_crypto_key_type_none_e) { + fprintf(stderr, "Invalid or missing --key-type\n"); + return cli_error_invalid_argument; + } + + // Set name + if (opts->ee_fields.name) { + request->payload.eca_ee_sign.name.buffer = opts->ee_fields.name; + request->payload.eca_ee_sign.name.size = strlen(opts->ee_fields.name); + } + + // Parse key usage + if (opts->ee_fields.key_usage_str) { + parse_key_usage(opts->ee_fields.key_usage_str, key_usage); + request->payload.eca_ee_sign.key_usage.buffer = key_usage; + request->payload.eca_ee_sign.key_usage.size = 2; + } + + // Parse message + err = parse_hex_to_slice(&request->payload.eca_ee_sign.message, opts->message, "message"); + if (err != cli_error_ok) return err; + + // Build parent path + for (size_t i = 0; i < opts->parent_path.count; ++i) { + if (!add_parent_path_decoded(&request->payload.eca_ee_sign.parent_path, + opts->parent_path.elements[i])) { + fprintf(stderr, "Failed to add parent path element\n"); + return cli_error_invalid_argument; + } + } + + // Parse parent path hex strings + for (size_t i = 0; i < request->payload.eca_ee_sign.parent_path.length; ++i) { + err = parse_hex_to_slice( + (n20_slice_t *)&request->payload.eca_ee_sign.parent_path.decoded[i], + (char const *)request->payload.eca_ee_sign.parent_path.decoded[i].buffer, + "parent path element"); + if (err != cli_error_ok) return err; + } + + return cli_error_ok; +} + +// Helper to write binary data to file or print as hex +static cli_error_t output_binary_data(uint8_t const *data, + size_t size, + char const *output_file, + char const *data_type) { + if (output_file) { + FILE *file = fopen(output_file, "wb"); + if (!file) { + perror("fopen"); + return cli_error_io; + } + size_t written = fwrite(data, 1, size, file); + if (written != size) { + fprintf(stderr, "Failed to write full %s to file\n", data_type); + fclose(file); + return cli_error_io; + } + fclose(file); + printf("%s written to %s\n", data_type, output_file); + } else { + printf("%s data: ", data_type); + for (size_t i = 0; i < size; ++i) { + printf("%02x", data[i]); + } + printf("\n"); + } + return cli_error_ok; +} + +// Handle promote response +static cli_error_t handle_promote_response(n20_slice_t response_slice) { + n20_msg_error_response_t response; + n20_error_t n20_err = n20_msg_error_response_read(&response, response_slice); + if (n20_err != n20_error_ok_e) { + fprintf(stderr, + "Failed to read promote response. libnat20 error: %d (0x%x)\n", + n20_err, + n20_err); + return cli_error_libnat20; + } + if (response.error_code != n20_error_ok_e) { + fprintf(stderr, + "Promote request failed. Server returned libnat20 error: %d (0x%x)\n", + response.error_code, + response.error_code); + return cli_error_server; + } + printf("Promote request successful\n"); + return cli_error_ok; +} + +// Handle certificate response (common for cdi-cert, eca-cert, eca-ee-cert) +static cli_error_t handle_cert_response(n20_slice_t response_slice, + char const *output_file, + char const *cert_type_name, + bool print_debug) { + if (print_debug) { + printf("Raw response (%zu bytes): ", response_slice.size); + size_t preview_len = response_slice.size < 32 ? response_slice.size : 32; + for (size_t i = 0; i < preview_len; ++i) { + printf("%02x", response_slice.buffer[i]); + } + if (response_slice.size > 32) printf("..."); + printf("\n"); + } + + n20_msg_issue_cert_response_t response; + n20_error_t n20_err = n20_msg_issue_cert_response_read(&response, response_slice); + if (n20_err != n20_error_ok_e) { + fprintf(stderr, + "Failed to read %s response. libnat20 error: %d (0x%x)\n", + cert_type_name, + n20_err, + n20_err); + return cli_error_libnat20; + } + if (response.error_code != n20_error_ok_e) { + fprintf(stderr, + "%s request failed. Server returned libnat20 error: %d (0x%x)\n", + cert_type_name, + response.error_code, + response.error_code); + return cli_error_server; + } + printf("%s request successful, certificate size: %zu\n", + cert_type_name, + response.certificate.size); + + return output_binary_data( + response.certificate.buffer, response.certificate.size, output_file, "Certificate"); +} + +// Handle CDI cert response (includes compressed input output) +static cli_error_t handle_cdi_cert_response(n20_slice_t response_slice, + char const *output_file, + n20_open_dice_input_t const *next_context) { + cli_error_t err = handle_cert_response(response_slice, output_file, "CDI cert", true); + if (err != cli_error_ok) return err; + + // Compute and output compressed input + n20_compressed_input_t next_compressed_input; + n20_open_dice_cert_info_t cert_info; + cert_info.cert_type = n20_cert_type_cdi_e; + cert_info.open_dice_input = *next_context; + + n20_crypto_digest_context_t *digest_ctx = NULL; + + n20_error_t n20_err = n20_crypto_nat20_open(&digest_ctx); + if (n20_err != n20_error_ok_e) { + fprintf( + stderr, "Failed to open digest context. libnat20 error: %d (0x%x)\n", n20_err, n20_err); + return cli_error_libnat20; + } + + n20_err = n20_compress_input(digest_ctx, &cert_info, next_compressed_input); + n20_crypto_nat20_close(digest_ctx); + if (n20_err != n20_error_ok_e) { + fprintf(stderr, "Failed to compress input. libnat20 error: %d (0x%x)\n", n20_err, n20_err); + return cli_error_libnat20; + } + + printf("Compressed input: "); + for (size_t i = 0; i < sizeof(next_compressed_input); ++i) { + printf("%02x", next_compressed_input[i]); + } + printf("\n"); + + return cli_error_ok; +} + +// Handle ECA EE sign response +static cli_error_t handle_eca_ee_sign_response(n20_slice_t response_slice, + char const *output_file) { + // First try to read as an error response + n20_msg_error_response_t error_response; + n20_error_t n20_err = n20_msg_error_response_read(&error_response, response_slice); + if (n20_err == n20_error_ok_e && error_response.error_code != n20_error_ok_e) { + fprintf(stderr, + "ECA sign request failed. Server returned libnat20 error: %d (0x%x)\n", + error_response.error_code, + error_response.error_code); + return cli_error_server; + } + + // If not an error response, try to read as sign response + n20_msg_eca_ee_sign_response_t response; + n20_err = n20_msg_eca_ee_sign_response_read(&response, response_slice); + if (n20_err != n20_error_ok_e) { + fprintf(stderr, + "Failed to read ECA sign response. libnat20 error: %d (0x%x)\n", + n20_err, + n20_err); + return cli_error_libnat20; + } + if (response.error_code != n20_error_ok_e) { + fprintf(stderr, + "ECA sign request failed. Server returned libnat20 error: %d (0x%x)\n", + response.error_code, + response.error_code); + return cli_error_server; + } + printf("ECA sign request successful, signature size: %zu\n", response.signature.size); + + return output_binary_data( + response.signature.buffer, response.signature.size, output_file, "Signature"); +} + +int main(int argc, char *argv[]) { + // Stage 1: Parse command options + parsed_options_t opts = { + .request_type = n20_msg_request_type_none_e, + .subject_key_type = n20_crypto_key_type_none_e, + .issuer_key_type = n20_crypto_key_type_none_e, + .certificate_format = n20_certificate_format_none_e, + .cdi_fields = {.mode = n20_open_dice_mode_not_configured_e}, + }; + + if (parse_command_options(argc, argv, &opts) != 0) { + print_usage(argv[0]); + cleanup_parsed_options(&opts); + exit(EXIT_FAILURE); + } + + // Stage 2: Determine command + if (optind >= argc) { + fprintf(stderr, "No command specified\n"); + print_usage(argv[0]); + cleanup_parsed_options(&opts); + exit(EXIT_FAILURE); + } + + int request_type = parse_request_type(argv[optind]); + if (request_type == n20_msg_request_type_none_e) { + fprintf(stderr, "Unknown command: %s\n", argv[optind]); + print_usage(argv[0]); + cleanup_parsed_options(&opts); + exit(EXIT_FAILURE); + } + + opts.request_type = request_type; + + // Stage 3: Initialize request from parsed options + n20_msg_request_t request = {0}; + uint8_t key_usage[2] = {0}; + cli_error_t cli_err = cli_error_ok; + + switch (request_type) { + case n20_msg_request_type_promote_e: + cli_err = init_promote_request(&request, &opts); + break; + case n20_msg_request_type_issue_cdi_cert_e: + cli_err = init_cdi_cert_request(&request, &opts); + break; + case n20_msg_request_type_issue_eca_cert_e: + cli_err = init_eca_cert_request(&request, &opts); + break; + case n20_msg_request_type_issue_eca_ee_cert_e: + cli_err = init_eca_ee_cert_request(&request, &opts, key_usage); + break; + case n20_msg_request_type_eca_ee_sign_e: + cli_err = init_eca_ee_sign_request(&request, &opts, key_usage); + break; + default: + fprintf(stderr, "Unsupported request type: %d\n", request_type); + print_usage(argv[0]); + cleanup_parsed_options(&opts); + exit(EXIT_FAILURE); + } + + if (cli_err != cli_error_ok) { + fprintf(stderr, "Failed to initialize request. CLI error: %d\n", cli_err); + print_usage(argv[0]); + cleanup_parsed_options(&opts); + exit(EXIT_FAILURE); + } + + uint8_t msg_buffer[1024]; + + size_t msg_size = sizeof(msg_buffer); + + n20_error_t n20_err = n20_msg_request_write(&request, msg_buffer, &msg_size); + if (n20_err != n20_error_ok_e) { + fprintf(stderr, "Failed to write request. libnat20 error: %d (0x%x)\n", n20_err, n20_err); + print_usage(argv[0]); + exit(EXIT_FAILURE); + } + + clean_up_request(&request); + + int dice_dev_fd = open("/dev/nat200", O_RDWR); + if (dice_dev_fd < 0) { + perror("open"); + exit(EXIT_FAILURE); + } + + ssize_t bytes_written = + write(dice_dev_fd, msg_buffer + (sizeof(msg_buffer) - msg_size), msg_size); + if (bytes_written < 0) { + perror("write"); + close(dice_dev_fd); + exit(EXIT_FAILURE); + } + + uint8_t response_buffer[1024]; + + ssize_t bytes_received = read(dice_dev_fd, response_buffer, sizeof(response_buffer)); + if (bytes_received < 0) { + perror("read"); + close(dice_dev_fd); + exit(EXIT_FAILURE); + } + close(dice_dev_fd); + + printf("Bytes written: %zd, Bytes received: %zd\n", bytes_written, bytes_received); + + n20_slice_t response_slice = { + .buffer = response_buffer, + .size = (size_t)bytes_received, + }; + + // Handle response based on request type + switch (request.request_type) { + case n20_msg_request_type_promote_e: + cli_err = handle_promote_response(response_slice); + break; + case n20_msg_request_type_issue_cdi_cert_e: + cli_err = handle_cdi_cert_response( + response_slice, opts.output_file, &request.payload.issue_cdi_cert.next_context); + break; + case n20_msg_request_type_issue_eca_cert_e: + cli_err = handle_cert_response(response_slice, opts.output_file, "ECA cert", true); + break; + case n20_msg_request_type_issue_eca_ee_cert_e: + cli_err = + handle_cert_response(response_slice, opts.output_file, "ECA end-entity cert", true); + break; + case n20_msg_request_type_eca_ee_sign_e: + cli_err = handle_eca_ee_sign_response(response_slice, opts.output_file); + break; + default: + fprintf(stderr, "Unknown request type in response\n"); + cleanup_parsed_options(&opts); + exit(EXIT_FAILURE); + } + + cleanup_parsed_options(&opts); + + if (cli_err != cli_error_ok) { + exit(EXIT_FAILURE); + } + + return 0; +} From b7a2f03231e0d220437051c9d6f166522920b503 Mon Sep 17 00:00:00 2001 From: Janis Danisevskis Date: Thu, 14 May 2026 09:15:06 -0700 Subject: [PATCH 41/49] Address comments --- examples/linux/nat20sw/nat20sw.c | 59 +++++++++++++++++--------------- 1 file changed, 32 insertions(+), 27 deletions(-) diff --git a/examples/linux/nat20sw/nat20sw.c b/examples/linux/nat20sw/nat20sw.c index e6784a93..ad474d52 100644 --- a/examples/linux/nat20sw/nat20sw.c +++ b/examples/linux/nat20sw/nat20sw.c @@ -50,6 +50,9 @@ #include #define NAT20SW_UDS_SIZE 32 +/* CBOR tag #6.80150 for byte string containing DER encoded X.509 certificate */ +#define NAT20SW_X509_TAG 80150 +#define NAT20SW_ESTIMATED_RESPONSE_OVERHEAD 450 struct nat20sw_node_state { n20_gnostic_node_state_t gnostic_node_state; @@ -93,16 +96,16 @@ static void nat20sw_cleanup_gnostic_node(struct nat20sw_node_state* node_state) } static void nat20sw_render_dice_chain(n20_stream_t* stream, n20_slice_t certificate) { - n20_stream_put(stream, 0xff); // Terminator for CBOR indefinite length array + n20_stream_put(stream, 0xff); /* Terminator for CBOR indefinite length array */ n20_cbor_write_byte_string(stream, certificate); - n20_cbor_write_tag( - stream, - 80150); // CBOR tag #6.80150 for byte string containing DER encoded X.509 certificate - n20_stream_put(stream, 0x9f); // Start of CBOR indefinite length array + n20_cbor_write_tag(stream, NAT20SW_X509_TAG); + n20_stream_put(stream, 0x9f); /* Start of CBOR indefinite length array */ } static struct nat20sw_node_state* nat20sw_make_gnostic_node_with_linux_crypto(void) { int err; + uint8_t* certificate_buffer = NULL; + struct nat20sw_node_state* node_state = kzalloc(sizeof(struct nat20sw_node_state), GFP_KERNEL); if (node_state == NULL) { return ERR_PTR(-ENOMEM); @@ -170,7 +173,7 @@ static struct nat20sw_node_state* nat20sw_make_gnostic_node_with_linux_crypto(vo } /* Allocate buffer for certificate. */ - uint8_t* certificate_buffer = kzalloc(estimated_certificate_size, GFP_KERNEL); + certificate_buffer = kzalloc(estimated_certificate_size, GFP_KERNEL); if (certificate_buffer == NULL) { err = -ENOMEM; goto err_out; @@ -198,7 +201,6 @@ static struct nat20sw_node_state* nat20sw_make_gnostic_node_with_linux_crypto(vo goto err_out; } if (rc != n20_error_ok_e) { - kfree(certificate_buffer); err = -EFAULT; goto err_out; } @@ -209,7 +211,6 @@ static struct nat20sw_node_state* nat20sw_make_gnostic_node_with_linux_crypto(vo nat20sw_render_dice_chain( &stream, (n20_slice_t){.size = actual_certificate_size, .buffer = certificate_buffer}); if (n20_stream_has_write_position_overflow(&stream)) { - kfree(certificate_buffer); err = -EFAULT; goto err_out; } @@ -217,7 +218,6 @@ static struct nat20sw_node_state* nat20sw_make_gnostic_node_with_linux_crypto(vo /* Allocate buffer for cached dice chain. */ node_state->cached_dice_chain = kzalloc(n20_stream_byte_count(&stream), GFP_KERNEL); if (node_state->cached_dice_chain == NULL) { - kfree(certificate_buffer); err = -ENOMEM; goto err_out; } @@ -228,17 +228,17 @@ static struct nat20sw_node_state* nat20sw_make_gnostic_node_with_linux_crypto(vo nat20sw_render_dice_chain( &stream, (n20_slice_t){.size = actual_certificate_size, .buffer = certificate_buffer}); - /* Free temporary buffer unconditionally. */ - kfree(certificate_buffer); - if (n20_stream_has_buffer_overflow(&stream)) { err = -EFAULT; goto err_out; } + /* Free temporary buffer unconditionally. */ + kfree(certificate_buffer); return node_state; err_out: + kfree(certificate_buffer); nat20sw_cleanup_gnostic_node(node_state); return ERR_PTR(err); } @@ -273,6 +273,7 @@ static int nat20sw_service_message_dispatch(void* ctx, void const* request_buffer, size_t request_size, struct nat20device_buffer* response) { + int err = 0; struct nat20sw_node_state* node_state = (struct nat20sw_node_state*)ctx; if (node_state == NULL || response == NULL) { return -EINVAL; @@ -289,7 +290,7 @@ static int nat20sw_service_message_dispatch(void* ctx, /* Use a heuristic to estimate the initial response buffer size. */ /* Heuristic: request size + overhead for CBOR encoding and response metadata */ - response->size = request_size + 450; + response->size = request_size + NAT20SW_ESTIMATED_RESPONSE_OVERHEAD; response->data = kzalloc(response->size, GFP_KERNEL); if (response->data == NULL) { return -ENOMEM; @@ -316,7 +317,8 @@ static int nat20sw_service_message_dispatch(void* ctx, response->size = 0; response->data = kzalloc(actual_response_size, GFP_KERNEL); if (response->data == NULL) { - return -ENOMEM; + err = -ENOMEM; + goto err_out; } response->size = actual_response_size; mutex_lock(&node_state->dispatch_lock); @@ -326,26 +328,23 @@ static int nat20sw_service_message_dispatch(void* ctx, &actual_response_size, (n20_slice_t){.size = request_size, .buffer = request_buffer}); mutex_unlock(&node_state->dispatch_lock); - if (rc == n20_error_ok_e && actual_response_size > response->size) { - /* The actual response exceeds the estimated buffer size. - * This indicates a bug in the size estimation. */ + if (rc == n20_error_insufficient_buffer_size_e) { printk(KERN_ERR - "Service message dispatch returned success but actual response size %zu " - "exceeds estimated buffer size %zu.\n", + "Service message dispatch returned insufficient buffer size: Actual response " + "size %zu " + "exceeds estimated buffer size %zu.\n" + "This means that the response size estimation of the underlying implementaiton " + "is incorrect.\n", actual_response_size, response->size); - kfree(response->data); - response->data = NULL; - response->size = 0; - return -EFAULT; + err = -EFAULT; + goto err_out; } } if (rc != n20_error_ok_e) { - kfree(response->data); - response->data = NULL; - response->size = 0; - return -EFAULT; + err = -EFAULT; + goto err_out; } memmove(response->data, @@ -354,6 +353,12 @@ static int nat20sw_service_message_dispatch(void* ctx, response->size = actual_response_size; return 0; + +err_out: + kfree(response->data); + response->data = NULL; + response->size = 0; + return err; } static struct nat20device_driver_ops const nat20sw_driver_ops = { From 47500a2f9eac27f8b0dfeb31e2328871339a8804 Mon Sep 17 00:00:00 2001 From: Janis Danisevskis Date: Thu, 14 May 2026 06:29:37 -0700 Subject: [PATCH 42/49] Add nat20 integration test suite for linux examples Adds a C integration test binary (nat20_integration_test) that exercises the full DICE service stack via /dev/nat200. The test generates certificate chains across all supported key type (P-256, P-384) and format (X.509, COSE) permutations, verifies cryptographic signatures at each link, and confirms that parent_path-based issuance produces identical results to direct issuance after promote. Test structure: - Phase 1 (level 1): Generate CDI1, CDI2, ECA, ECA_EE certs and signatures using parent paths of varying depth from the UDS level. Verify all X.509 and COSE chains cryptographically. - Phase 2 (level 2): After one promote, regenerate CDI2/ECA/ECA_EE/sign with reduced parent path depth and assert byte-for-byte equality. - Phase 3 (level 3): After second promote, regenerate ECA/ECA_EE/sign with no parent path and assert equality. Also includes: - test_helpers.c: OpenSSL-based X.509 signature verification, public key extraction, COSE_Sign1 parsing and verification, CWT subject public key extraction, and compressed input computation. - nat20_qemu_init.sh: init wrapper for running tests in QEMU CI. - GitHub Action steps to build the rootfs and run the test suite in QEMU. - Buildroot package (nat20test) with OpenSSL dependency. --- .github/workflows/linux-kmod-build.yml | 36 + examples/linux/br_external/Config.in | 1 + .../br_external/configs/qemu_br_defconfig | 1 + .../br_external/package/nat20cli/nat20cli.mk | 4 + .../br_external/package/nat20test/Config.in | 41 + .../package/nat20test/nat20test.mk | 51 + examples/linux/br_external/utils/envsetup.sh | 4 +- examples/linux/nat20test/CMakeLists.txt | 82 ++ examples/linux/nat20test/nat20_qemu_init.sh | 60 + examples/linux/nat20test/nat20test.sh | 46 + .../nat20test/test/nat20_integration_test.c | 1145 +++++++++++++++++ examples/linux/nat20test/test/test_helpers.c | 525 ++++++++ examples/linux/nat20test/test/test_helpers.h | 165 +++ 13 files changed, 2160 insertions(+), 1 deletion(-) create mode 100644 examples/linux/br_external/package/nat20test/Config.in create mode 100644 examples/linux/br_external/package/nat20test/nat20test.mk create mode 100644 examples/linux/nat20test/CMakeLists.txt create mode 100644 examples/linux/nat20test/nat20_qemu_init.sh create mode 100755 examples/linux/nat20test/nat20test.sh create mode 100644 examples/linux/nat20test/test/nat20_integration_test.c create mode 100644 examples/linux/nat20test/test/test_helpers.c create mode 100644 examples/linux/nat20test/test/test_helpers.h diff --git a/.github/workflows/linux-kmod-build.yml b/.github/workflows/linux-kmod-build.yml index 7211f69b..82f52e95 100644 --- a/.github/workflows/linux-kmod-build.yml +++ b/.github/workflows/linux-kmod-build.yml @@ -168,3 +168,39 @@ jobs: find ${{ runner.temp }}/buildroot.build -name 'nat20cli' | grep -q nat20cli echo "nat20cli built successfully:" find ${{ runner.temp }}/buildroot.build -name 'nat20cli' -exec ls -la {} \; + + - name: Build rootfs image + env: + NAT20LIB_OVERRIDE_SRCDIR: ${{ github.workspace }} + NAT20DEVICE_OVERRIDE_SRCDIR: ${{ github.workspace }} + NAT20CRYPTO_OVERRIDE_SRCDIR: ${{ github.workspace }} + NAT20SW_OVERRIDE_SRCDIR: ${{ github.workspace }} + LIBNAT20_OVERRIDE_SRCDIR: ${{ github.workspace }} + NAT20CLI_OVERRIDE_SRCDIR: ${{ github.workspace }} + NAT20TEST_OVERRIDE_SRCDIR: ${{ github.workspace }} + run: make -C ${{ runner.temp }}/buildroot.build/buildroot -j $(( $(nproc) + 1 )) + + - name: Run integration tests in QEMU + timeout-minutes: 5 + run: | + BUILDROOT_DIR="${{ runner.temp }}/buildroot.build/buildroot" + KERNEL="${BUILDROOT_DIR}/output/images/bzImage" + ROOTFS="${BUILDROOT_DIR}/output/images/rootfs.ext2" + + qemu-system-x86_64 \ + -M pc \ + -kernel "${KERNEL}" \ + -drive file="${ROOTFS}",if=virtio,format=raw \ + -append "rootwait root=/dev/vda console=ttyS0 init=/usr/bin/nat20_qemu_init.sh" \ + -nographic \ + -no-reboot \ + -net none \ + 2>&1 | tee qemu_output.log + + if grep -q "INTEGRATION_TESTS_PASSED" qemu_output.log; then + echo "Integration tests passed." + else + echo "Integration tests failed. QEMU output:" + cat qemu_output.log + exit 1 + fi diff --git a/examples/linux/br_external/Config.in b/examples/linux/br_external/Config.in index 5239828e..2e41cc0e 100644 --- a/examples/linux/br_external/Config.in +++ b/examples/linux/br_external/Config.in @@ -39,3 +39,4 @@ source "$BR2_EXTERNAL_NAT20_PATH/package/nat20device/Config.in" source "$BR2_EXTERNAL_NAT20_PATH/package/nat20sw/Config.in" source "$BR2_EXTERNAL_NAT20_PATH/package/nat20lib/Config.in" source "$BR2_EXTERNAL_NAT20_PATH/package/libnat20/Config.in" +source "$BR2_EXTERNAL_NAT20_PATH/package/nat20test/Config.in" diff --git a/examples/linux/br_external/configs/qemu_br_defconfig b/examples/linux/br_external/configs/qemu_br_defconfig index 517392fa..1e70e7d5 100644 --- a/examples/linux/br_external/configs/qemu_br_defconfig +++ b/examples/linux/br_external/configs/qemu_br_defconfig @@ -3982,3 +3982,4 @@ BR2_PACKAGE_NAT20DEVICE=y BR2_PACKAGE_NAT20SW=y BR2_PACKAGE_NAT20LIB=y BR2_PACKAGE_LIBNAT20=y +BR2_PACKAGE_NAT20TEST=y diff --git a/examples/linux/br_external/package/nat20cli/nat20cli.mk b/examples/linux/br_external/package/nat20cli/nat20cli.mk index 02774e6f..3527db4a 100644 --- a/examples/linux/br_external/package/nat20cli/nat20cli.mk +++ b/examples/linux/br_external/package/nat20cli/nat20cli.mk @@ -33,6 +33,10 @@ # along with this program; if not, see # . +# In CI NAT20CLI_OVERRIDE_SRCDIR is set to the root of the repository, +# so that the source under test is always the current branch. +# Integrators who use this configuration should pin the version +# to a specific commit or branch to avoid breakages when the main branch changes. NAT20CLI_VERSION = origin/main NAT20CLI_SITE = https://github.com/aurora-opensource/libnat20.git NAT20CLI_SITE_METHOD = git diff --git a/examples/linux/br_external/package/nat20test/Config.in b/examples/linux/br_external/package/nat20test/Config.in new file mode 100644 index 00000000..25e73e83 --- /dev/null +++ b/examples/linux/br_external/package/nat20test/Config.in @@ -0,0 +1,41 @@ +# Copyright 2026 Aurora Operations, Inc. +# +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0 +# +# This work is dual licensed. +# You may use it under Apache-2.0 or GPL-2.0 at your option. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# OR +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see +# . + +config BR2_PACKAGE_NAT20TEST + bool "nat20cli" + depends on BR2_PACKAGE_LIBNAT20 + depends on BR2_PACKAGE_OPENSSL + help + Enable building the nat20test, an integration test for ant20device with nat20sw. diff --git a/examples/linux/br_external/package/nat20test/nat20test.mk b/examples/linux/br_external/package/nat20test/nat20test.mk new file mode 100644 index 00000000..38e1783c --- /dev/null +++ b/examples/linux/br_external/package/nat20test/nat20test.mk @@ -0,0 +1,51 @@ +# Copyright 2026 Aurora Operations, Inc. +# +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0 +# +# This work is dual licensed. +# You may use it under Apache-2.0 or GPL-2.0 at your option. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# OR +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see +# . + +# In CI NAT20TEST_OVERRIDE_SRCDIR is set to the root of the repository, +# so that the source under test is always the current branch. +# Integrators who use this configuration should pin the version +# to a specific commit or branch to avoid breakages when the main branch changes. +NAT20TEST_VERSION = origin/main +NAT20TEST_SITE = https://github.com/aurora-opensource/libnat20.git +NAT20TEST_SITE_METHOD = git +NAT20TEST_LICENSE = Apache-2.0 OR GPL-2.0 +NAT20TEST_LICENSE_FILES = LICENSE-Apache-2.0.txt LICENSE-GPL-2.0.txt + +NAT20TEST_SUBDIR = examples/linux/nat20test + +NAT20TEST_INSTALL_TARGET = YES +NAT20TEST_DEPENDENCIES += libnat20 openssl + +$(eval $(cmake-package)) diff --git a/examples/linux/br_external/utils/envsetup.sh b/examples/linux/br_external/utils/envsetup.sh index 8c27e3ed..e72fabec 100644 --- a/examples/linux/br_external/utils/envsetup.sh +++ b/examples/linux/br_external/utils/envsetup.sh @@ -51,6 +51,7 @@ export NAT20CRYPTO_OVERRIDE_SRCDIR="$LIBNAT20_ROOT" export NAT20SW_OVERRIDE_SRCDIR="$LIBNAT20_ROOT" export NAT20DEVICE_OVERRIDE_SRCDIR="$LIBNAT20_ROOT" export NAT20LIB_OVERRIDE_SRCDIR="$LIBNAT20_ROOT" +export NAT20TEST_OVERRIDE_SRCDIR="$LIBNAT20_ROOT" export LIBNAT20_OVERRIDE_SRCDIR="$LIBNAT20_ROOT" function ensure_popd() { @@ -79,13 +80,14 @@ function brrebuild() { echo " nat20device - Rebuild the nat20device module" echo " nat20sw - Rebuild the nat20sw module" echo " nat20lib - Rebuild the nat20lib library" + echo " nat20test - Rebuild the nat20device integration test" popd return 1 fi case "$1" in all) - ensure_popd make linux-rebuild nat20lib-rebuild nat20crypto-rebuild nat20device-rebuild nat20sw-rebuild libnat20-rebuild nat20cli-rebuild all + ensure_popd make linux-rebuild nat20lib-rebuild nat20crypto-rebuild nat20device-rebuild nat20sw-rebuild libnat20-rebuild nat20cli-rebuild nat20test-rebuild all ;; *) ensure_popd make $1-rebuild all diff --git a/examples/linux/nat20test/CMakeLists.txt b/examples/linux/nat20test/CMakeLists.txt new file mode 100644 index 00000000..e1d22957 --- /dev/null +++ b/examples/linux/nat20test/CMakeLists.txt @@ -0,0 +1,82 @@ +# Copyright 2026 Aurora Operations, Inc. +# +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0 +# +# This work is dual licensed. +# You may use it under Apache-2.0 or GPL-2.0 at your option. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# OR +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see +# . + +cmake_minimum_required(VERSION 3.22) + +project(NAT20TEST VERSION 0.0.1 LANGUAGES C) + +# The C standard shall be C11. +set(CMAKE_C_STANDARD 11) + +# CMake shall generate a compile_commands.json file for +# the benfit of clangd based IDE support. +set(CMAKE_EXPORT_COMPILE_COMMANDS ON) + + +################################################################################################### +# Integration test binary — exercises the nat20 DICE service via /dev/nat200. +add_executable(nat20_integration_test) + +find_package(LibNat20 REQUIRED) +find_package(OpenSSL REQUIRED) + +target_sources(nat20_integration_test +PRIVATE test/nat20_integration_test.c +PRIVATE test/test_helpers.c +) + +target_include_directories(nat20_integration_test + PRIVATE test +) + +target_link_libraries(nat20_integration_test +PRIVATE LibNat20::nat20 +PRIVATE LibNat20::nat20_service +PRIVATE LibNat20::nat20_crypto_nat20 +PRIVATE OpenSSL::Crypto +) + +target_compile_options(nat20_integration_test +PRIVATE -pedantic +PRIVATE -Wall +PRIVATE -Wextra +PRIVATE -Werror +) + +install(TARGETS nat20_integration_test RUNTIME DESTINATION bin) +install(PROGRAMS nat20test.sh DESTINATION bin) +install(PROGRAMS nat20_qemu_init.sh DESTINATION bin) + +################################################################################################### diff --git a/examples/linux/nat20test/nat20_qemu_init.sh b/examples/linux/nat20test/nat20_qemu_init.sh new file mode 100644 index 00000000..4bdd601a --- /dev/null +++ b/examples/linux/nat20test/nat20_qemu_init.sh @@ -0,0 +1,60 @@ +#!/bin/sh + +# Copyright 2026 Aurora Operations, Inc. +# +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0 +# +# This work is dual licensed. +# You may use it under Apache-2.0 or GPL-2.0 at your option. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# OR +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see +# . + +# Init wrapper for running nat20clitest.sh in a QEMU VM. +# This script is intended to be used as the init process (PID 1). +# It mounts the necessary filesystems, runs the test suite, prints +# a machine-parseable result marker, and powers off the VM. + +export PATH="/usr/bin:/bin:/sbin:/usr/sbin" + +mount -t proc none /proc +mount -t sysfs none /sys +mount -t tmpfs none /tmp + +cd /tmp + +nat20test.sh +rc=$? + +if [ $rc -eq 0 ]; then + echo "INTEGRATION_TESTS_PASSED" +else + echo "INTEGRATION_TESTS_FAILED (exit code: $rc)" +fi + +poweroff -f diff --git a/examples/linux/nat20test/nat20test.sh b/examples/linux/nat20test/nat20test.sh new file mode 100755 index 00000000..75caf86f --- /dev/null +++ b/examples/linux/nat20test/nat20test.sh @@ -0,0 +1,46 @@ +#!/bin/sh + +# Copyright 2026 Aurora Operations, Inc. +# +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0 +# +# This work is dual licensed. +# You may use it under Apache-2.0 or GPL-2.0 at your option. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# OR +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see +# . + +set -e + +SCRIPT_DIR="$(dirname "$0")" + +modprobe nat20sw +mount -t securityfs none /sys/kernel/security + +echo "Running integration test suite..." +"${SCRIPT_DIR}/nat20_integration_test" diff --git a/examples/linux/nat20test/test/nat20_integration_test.c b/examples/linux/nat20test/test/nat20_integration_test.c new file mode 100644 index 00000000..e1457268 --- /dev/null +++ b/examples/linux/nat20test/test/nat20_integration_test.c @@ -0,0 +1,1145 @@ +/* + * Copyright 2026 Aurora Operations, Inc. + * + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0 + * + * This work is dual licensed. + * You may use it under Apache-2.0 or GPL-2.0 at your option. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * OR + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see + * . + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "test_helpers.h" + +#define DEVICE_PATH "/dev/nat200" +#define DICE_CHAIN_PATH "/sys/kernel/security/nat200/dice_chain" + +static int tests_run = 0; +static int tests_passed = 0; +static int tests_failed = 0; + +#define TEST_BEGIN(name) \ + do { \ + tests_run++; \ + printf(" TEST: %s ... ", (name)); \ + fflush(stdout); \ + } while (0) + +#define TEST_PASS() \ + do { \ + tests_passed++; \ + printf("PASS\n"); \ + fflush(stdout); \ + } while (0) + +#define TEST_FAIL(fmt, ...) \ + do { \ + tests_failed++; \ + printf("FAIL\n"); \ + fprintf(stderr, " " fmt "\n", ##__VA_ARGS__); \ + fflush(stderr); \ + } while (0) + +#define ASSERT(cond, fmt, ...) \ + do { \ + if (!(cond)) { \ + TEST_FAIL(fmt, ##__VA_ARGS__); \ + return; \ + } \ + } while (0) + +#define ASSERT_EQ(a, b, fmt, ...) ASSERT((a) == (b), fmt, ##__VA_ARGS__) + +static ssize_t dispatch_request(uint8_t const* request, + size_t request_size, + uint8_t* response, + size_t response_size) { + int fd = open(DEVICE_PATH, O_RDWR); + if (fd < 0) { + perror("open " DEVICE_PATH); + return -1; + } + + ssize_t written = write(fd, request, request_size); + if (written < 0) { + perror("write"); + close(fd); + return -1; + } + + ssize_t received = read(fd, response, response_size); + if (received < 0) { + perror("read"); + close(fd); + return -1; + } + + close(fd); + return received; +} + +static n20_error_t send_request(n20_msg_request_t const* request, + uint8_t* response_buffer, + size_t response_buffer_size, + n20_slice_t* response_out) { + uint8_t msg_buffer[1024]; + size_t msg_size = sizeof(msg_buffer); + + n20_error_t err = n20_msg_request_write(request, msg_buffer, &msg_size); + if (err != n20_error_ok_e) { + return err; + } + + ssize_t received = dispatch_request(msg_buffer + (sizeof(msg_buffer) - msg_size), + msg_size, + response_buffer, + response_buffer_size); + if (received < 0) { + return n20_error_crypto_implementation_specific_e; + } + + response_out->buffer = response_buffer; + response_out->size = (size_t)received; + return n20_error_ok_e; +} + +static void test_dice_chain_readable(void) { + TEST_BEGIN("dice_chain is readable from securityfs"); + + int fd = open(DICE_CHAIN_PATH, O_RDONLY); + ASSERT(fd >= 0, "Cannot open %s", DICE_CHAIN_PATH); + + uint8_t buffer[4096]; + ssize_t bytes_read = read(fd, buffer, sizeof(buffer)); + close(fd); + + ASSERT(bytes_read > 0, "dice_chain is empty"); + ASSERT_EQ( + buffer[0], 0x9f, "Expected CBOR indefinite array start (0x9f), got 0x%02x", buffer[0]); + ASSERT_EQ(buffer[bytes_read - 1], + 0xff, + "Expected CBOR break (0xff) at end, got 0x%02x", + buffer[bytes_read - 1]); + + TEST_PASS(); +} + +static void test_cdi_cert_x509_p256(void) { + TEST_BEGIN("cdi-cert X.509 P-256"); + + n20_msg_request_t request = {0}; + request.request_type = n20_msg_request_type_issue_cdi_cert_e; + request.payload.issue_cdi_cert.issuer_key_type = n20_crypto_key_type_secp256r1_e; + request.payload.issue_cdi_cert.subject_key_type = n20_crypto_key_type_secp256r1_e; + request.payload.issue_cdi_cert.certificate_format = n20_certificate_format_x509_e; + + uint8_t response_buffer[2048]; + n20_slice_t response; + n20_error_t err = send_request(&request, response_buffer, sizeof(response_buffer), &response); + ASSERT_EQ(err, n20_error_ok_e, "send_request failed: 0x%x", err); + + n20_msg_issue_cert_response_t cert_response; + err = n20_msg_issue_cert_response_read(&cert_response, response); + ASSERT_EQ(err, n20_error_ok_e, "Failed to parse cert response: 0x%x", err); + ASSERT_EQ(cert_response.error_code, + n20_error_ok_e, + "Service returned error: 0x%x", + cert_response.error_code); + ASSERT(cert_response.certificate.size > 0, "Certificate is empty"); + ASSERT_EQ(cert_response.certificate.buffer[0], + 0x30, + "Expected DER SEQUENCE tag (0x30), got 0x%02x", + cert_response.certificate.buffer[0]); + + TEST_PASS(); +} + +#if N20_WITH_COSE == 1 +static void test_cdi_cert_cose_p256(void) { + TEST_BEGIN("cdi-cert COSE P-256"); + + n20_msg_request_t request = {0}; + request.request_type = n20_msg_request_type_issue_cdi_cert_e; + request.payload.issue_cdi_cert.issuer_key_type = n20_crypto_key_type_secp256r1_e; + request.payload.issue_cdi_cert.subject_key_type = n20_crypto_key_type_secp256r1_e; + request.payload.issue_cdi_cert.certificate_format = n20_certificate_format_cose_e; + + uint8_t response_buffer[2048]; + n20_slice_t response; + n20_error_t err = send_request(&request, response_buffer, sizeof(response_buffer), &response); + ASSERT_EQ(err, n20_error_ok_e, "send_request failed: 0x%x", err); + + n20_msg_issue_cert_response_t cert_response; + err = n20_msg_issue_cert_response_read(&cert_response, response); + ASSERT_EQ(err, n20_error_ok_e, "Failed to parse cert response: 0x%x", err); + ASSERT_EQ(cert_response.error_code, + n20_error_ok_e, + "Service returned error: 0x%x", + cert_response.error_code); + ASSERT(cert_response.certificate.size > 0, "Certificate is empty"); + + n20_istream_t istream; + n20_istream_init(&istream, cert_response.certificate.buffer, cert_response.certificate.size); + n20_cbor_type_t type; + uint64_t value; + bool ok = n20_cbor_read_header(&istream, &type, &value); + ASSERT(ok, "Failed to parse COSE_Sign1 CBOR header"); + ASSERT_EQ(type, n20_cbor_type_array_e, "Expected CBOR array, got type %d", (int)type); + ASSERT_EQ(value, 4u, "COSE_Sign1 must have 4 elements, got %llu", (unsigned long long)value); + + TEST_PASS(); +} +#endif + +static void test_eca_cert_x509_p256(void) { + TEST_BEGIN("eca-cert X.509 P-256"); + + n20_msg_request_t request = {0}; + request.request_type = n20_msg_request_type_issue_eca_cert_e; + request.payload.issue_eca_cert.issuer_key_type = n20_crypto_key_type_secp256r1_e; + request.payload.issue_eca_cert.subject_key_type = n20_crypto_key_type_secp256r1_e; + request.payload.issue_eca_cert.certificate_format = n20_certificate_format_x509_e; + + uint8_t response_buffer[2048]; + n20_slice_t response; + n20_error_t err = send_request(&request, response_buffer, sizeof(response_buffer), &response); + ASSERT_EQ(err, n20_error_ok_e, "send_request failed: 0x%x", err); + + n20_msg_issue_cert_response_t cert_response; + err = n20_msg_issue_cert_response_read(&cert_response, response); + ASSERT_EQ(err, n20_error_ok_e, "Failed to parse cert response: 0x%x", err); + ASSERT_EQ(cert_response.error_code, + n20_error_ok_e, + "Service returned error: 0x%x", + cert_response.error_code); + ASSERT(cert_response.certificate.size > 0, "ECA certificate is empty"); + ASSERT_EQ(cert_response.certificate.buffer[0], + 0x30, + "Expected DER SEQUENCE tag (0x30), got 0x%02x", + cert_response.certificate.buffer[0]); + + TEST_PASS(); +} + +static void test_eca_ee_cert_x509_p256(void) { + TEST_BEGIN("eca-ee-cert X.509 P-256"); + + uint8_t key_usage[] = {0x01}; + n20_msg_request_t request = {0}; + request.request_type = n20_msg_request_type_issue_eca_ee_cert_e; + request.payload.issue_eca_ee_cert.issuer_key_type = n20_crypto_key_type_secp256r1_e; + request.payload.issue_eca_ee_cert.subject_key_type = n20_crypto_key_type_secp256r1_e; + request.payload.issue_eca_ee_cert.certificate_format = n20_certificate_format_x509_e; + request.payload.issue_eca_ee_cert.name = (n20_string_slice_t){.size = 4, .buffer = "test"}; + request.payload.issue_eca_ee_cert.key_usage = + (n20_slice_t){.size = sizeof(key_usage), .buffer = key_usage}; + + uint8_t response_buffer[2048]; + n20_slice_t response; + n20_error_t err = send_request(&request, response_buffer, sizeof(response_buffer), &response); + ASSERT_EQ(err, n20_error_ok_e, "send_request failed: 0x%x", err); + + n20_msg_issue_cert_response_t cert_response; + err = n20_msg_issue_cert_response_read(&cert_response, response); + ASSERT_EQ(err, n20_error_ok_e, "Failed to parse cert response: 0x%x", err); + ASSERT_EQ(cert_response.error_code, + n20_error_ok_e, + "Service returned error: 0x%x", + cert_response.error_code); + ASSERT(cert_response.certificate.size > 0, "ECA EE certificate is empty"); + ASSERT_EQ(cert_response.certificate.buffer[0], + 0x30, + "Expected DER SEQUENCE tag (0x30), got 0x%02x", + cert_response.certificate.buffer[0]); + + TEST_PASS(); +} + +static void test_eca_ee_sign_p256(void) { + TEST_BEGIN("eca-ee-sign P-256"); + + uint8_t key_usage[] = {0x01}; + uint8_t message[] = "test message to sign"; + n20_msg_request_t request = {0}; + request.request_type = n20_msg_request_type_eca_ee_sign_e; + request.payload.eca_ee_sign.subject_key_type = n20_crypto_key_type_secp256r1_e; + request.payload.eca_ee_sign.name = (n20_string_slice_t){.size = 4, .buffer = "test"}; + request.payload.eca_ee_sign.key_usage = + (n20_slice_t){.size = sizeof(key_usage), .buffer = key_usage}; + request.payload.eca_ee_sign.message = + (n20_slice_t){.size = sizeof(message) - 1, .buffer = message}; + + uint8_t response_buffer[1024]; + n20_slice_t response; + n20_error_t err = send_request(&request, response_buffer, sizeof(response_buffer), &response); + ASSERT_EQ(err, n20_error_ok_e, "send_request failed: 0x%x", err); + + n20_msg_eca_ee_sign_response_t sign_response; + err = n20_msg_eca_ee_sign_response_read(&sign_response, response); + ASSERT_EQ(err, n20_error_ok_e, "Failed to parse sign response: 0x%x", err); + ASSERT_EQ(sign_response.error_code, + n20_error_ok_e, + "Service returned error: 0x%x", + sign_response.error_code); + ASSERT_EQ(sign_response.signature.size, + 64u, + "P-256 signature should be 64 bytes, got %zu", + sign_response.signature.size); + + TEST_PASS(); +} + +static uint8_t const TEST_CODE_HASH[32] = { + 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, + 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, +}; +static uint8_t const TEST_CONFIG_HASH[32] = { + 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, + 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, +}; +static uint8_t const TEST_AUTHORITY_HASH[32] = { + 0x1a, 0x1a, 0x1a, 0x1a, 0x1a, 0x1a, 0x1a, 0x1a, 0x1a, 0x1a, 0x1a, 0x1a, 0x1a, 0x1a, 0x1a, 0x1a, + 0x1a, 0x1a, 0x1a, 0x1a, 0x1a, 0x1a, 0x1a, 0x1a, 0x1a, 0x1a, 0x1a, 0x1a, 0x1a, 0x1a, 0x1a, 0x1a, +}; +static uint8_t const TEST_HIDDEN[32] = { + 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, + 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, +}; + +/* + * Full chain generation and verification test. + * + * The test exercises the full DICE certificate chain across all supported + * key type and format permutations. Since promote is irreversible, all + * certificates at a given level must be generated before promoting. + * + * Structure: + * - At each level, generate CDI/ECA/ECA_EE/sign for all key_type × format combos + * - Also generate ECA/ECA_EE/sign via parent_path from earlier levels + * - After all promotes, verify chains and check parent_path equivalence + */ + +typedef struct { + uint8_t data[2048]; + size_t size; +} cert_buffer_t; + +typedef struct { + uint8_t data[128]; + size_t size; +} sig_buffer_t; + +static bool issue_cdi_cert(n20_crypto_key_type_t issuer_key_type, + n20_crypto_key_type_t subject_key_type, + n20_certificate_format_t format, + n20_parent_path_t parent_path, + cert_buffer_t* out) { + n20_msg_request_t request = {0}; + request.request_type = n20_msg_request_type_issue_cdi_cert_e; + request.payload.issue_cdi_cert.issuer_key_type = issuer_key_type; + request.payload.issue_cdi_cert.subject_key_type = subject_key_type; + request.payload.issue_cdi_cert.certificate_format = format; + request.payload.issue_cdi_cert.parent_path = parent_path; + request.payload.issue_cdi_cert.next_context.code_hash = + (n20_slice_t){.size = sizeof(TEST_CODE_HASH), .buffer = TEST_CODE_HASH}; + request.payload.issue_cdi_cert.next_context.configuration_hash = + (n20_slice_t){.size = sizeof(TEST_CONFIG_HASH), .buffer = TEST_CONFIG_HASH}; + request.payload.issue_cdi_cert.next_context.authority_hash = + (n20_slice_t){.size = sizeof(TEST_AUTHORITY_HASH), .buffer = TEST_AUTHORITY_HASH}; + request.payload.issue_cdi_cert.next_context.mode = n20_open_dice_mode_normal_e; + request.payload.issue_cdi_cert.next_context.hidden = + (n20_slice_t){.size = sizeof(TEST_HIDDEN), .buffer = TEST_HIDDEN}; + + uint8_t response_buffer[2048]; + n20_slice_t response; + if (send_request(&request, response_buffer, sizeof(response_buffer), &response) != + n20_error_ok_e) { + return false; + } + + n20_msg_issue_cert_response_t cert_response; + if (n20_msg_issue_cert_response_read(&cert_response, response) != n20_error_ok_e) { + return false; + } + if (cert_response.error_code != n20_error_ok_e) { + fprintf(stderr, " cdi-cert error: 0x%x\n", cert_response.error_code); + return false; + } + if (cert_response.certificate.size > sizeof(out->data)) return false; + memcpy(out->data, cert_response.certificate.buffer, cert_response.certificate.size); + out->size = cert_response.certificate.size; + return true; +} + +static bool issue_eca_cert(n20_crypto_key_type_t issuer_key_type, + n20_crypto_key_type_t subject_key_type, + n20_certificate_format_t format, + n20_parent_path_t parent_path, + cert_buffer_t* out) { + n20_msg_request_t request = {0}; + request.request_type = n20_msg_request_type_issue_eca_cert_e; + request.payload.issue_eca_cert.issuer_key_type = issuer_key_type; + request.payload.issue_eca_cert.subject_key_type = subject_key_type; + request.payload.issue_eca_cert.certificate_format = format; + request.payload.issue_eca_cert.parent_path = parent_path; + + uint8_t response_buffer[2048]; + n20_slice_t response; + if (send_request(&request, response_buffer, sizeof(response_buffer), &response) != + n20_error_ok_e) { + return false; + } + + n20_msg_issue_cert_response_t cert_response; + if (n20_msg_issue_cert_response_read(&cert_response, response) != n20_error_ok_e) { + return false; + } + if (cert_response.error_code != n20_error_ok_e) { + fprintf(stderr, " eca-cert error: 0x%x\n", cert_response.error_code); + return false; + } + if (cert_response.certificate.size > sizeof(out->data)) return false; + memcpy(out->data, cert_response.certificate.buffer, cert_response.certificate.size); + out->size = cert_response.certificate.size; + return true; +} + +static bool issue_eca_ee_cert(n20_crypto_key_type_t issuer_key_type, + n20_crypto_key_type_t subject_key_type, + n20_certificate_format_t format, + n20_parent_path_t parent_path, + cert_buffer_t* out) { + uint8_t key_usage[] = {0x01}; + n20_msg_request_t request = {0}; + request.request_type = n20_msg_request_type_issue_eca_ee_cert_e; + request.payload.issue_eca_ee_cert.issuer_key_type = issuer_key_type; + request.payload.issue_eca_ee_cert.subject_key_type = subject_key_type; + request.payload.issue_eca_ee_cert.certificate_format = format; + request.payload.issue_eca_ee_cert.parent_path = parent_path; + request.payload.issue_eca_ee_cert.name = (n20_string_slice_t){.size = 7, .buffer = "testkey"}; + request.payload.issue_eca_ee_cert.key_usage = + (n20_slice_t){.size = sizeof(key_usage), .buffer = key_usage}; + + uint8_t response_buffer[2048]; + n20_slice_t response; + if (send_request(&request, response_buffer, sizeof(response_buffer), &response) != + n20_error_ok_e) { + return false; + } + + n20_msg_issue_cert_response_t cert_response; + if (n20_msg_issue_cert_response_read(&cert_response, response) != n20_error_ok_e) { + return false; + } + if (cert_response.error_code != n20_error_ok_e) { + fprintf(stderr, " eca-ee-cert error: 0x%x\n", cert_response.error_code); + return false; + } + if (cert_response.certificate.size > sizeof(out->data)) return false; + memcpy(out->data, cert_response.certificate.buffer, cert_response.certificate.size); + out->size = cert_response.certificate.size; + return true; +} + +static bool eca_ee_sign(n20_crypto_key_type_t key_type, + n20_parent_path_t parent_path, + uint8_t const* message, + size_t message_size, + sig_buffer_t* out) { + uint8_t key_usage[] = {0x01}; + n20_msg_request_t request = {0}; + request.request_type = n20_msg_request_type_eca_ee_sign_e; + request.payload.eca_ee_sign.subject_key_type = key_type; + request.payload.eca_ee_sign.parent_path = parent_path; + request.payload.eca_ee_sign.name = (n20_string_slice_t){.size = 7, .buffer = "testkey"}; + request.payload.eca_ee_sign.key_usage = + (n20_slice_t){.size = sizeof(key_usage), .buffer = key_usage}; + request.payload.eca_ee_sign.message = (n20_slice_t){.size = message_size, .buffer = message}; + + uint8_t response_buffer[1024]; + n20_slice_t response; + if (send_request(&request, response_buffer, sizeof(response_buffer), &response) != + n20_error_ok_e) { + return false; + } + + n20_msg_eca_ee_sign_response_t sign_response; + if (n20_msg_eca_ee_sign_response_read(&sign_response, response) != n20_error_ok_e) { + return false; + } + if (sign_response.error_code != n20_error_ok_e) { + fprintf(stderr, " eca-ee-sign error: 0x%x\n", sign_response.error_code); + return false; + } + if (sign_response.signature.size > sizeof(out->data)) return false; + memcpy(out->data, sign_response.signature.buffer, sign_response.signature.size); + out->size = sign_response.signature.size; + return true; +} + +static bool do_promote(uint8_t const* compressed_input, size_t compressed_input_size) { + n20_msg_request_t request = {0}; + request.request_type = n20_msg_request_type_promote_e; + request.payload.promote.compressed_context = + (n20_slice_t){.size = compressed_input_size, .buffer = compressed_input}; + + uint8_t response_buffer[1024]; + n20_slice_t response; + if (send_request(&request, response_buffer, sizeof(response_buffer), &response) != + n20_error_ok_e) { + return false; + } + + n20_msg_error_response_t promote_resp; + if (n20_msg_error_response_read(&promote_resp, response) != n20_error_ok_e) { + return false; + } + if (promote_resp.error_code != n20_error_ok_e) { + fprintf(stderr, " promote error: 0x%x\n", promote_resp.error_code); + return false; + } + return true; +} + +static bool read_uds_cert(cert_buffer_t* out) { + int fd = open(DICE_CHAIN_PATH, O_RDONLY); + if (fd < 0) return false; + uint8_t dice_chain_buf[4096]; + ssize_t dc_size = read(fd, dice_chain_buf, sizeof(dice_chain_buf)); + close(fd); + if (dc_size <= 10) return false; + + n20_istream_t dc_stream; + n20_istream_init(&dc_stream, dice_chain_buf, (size_t)dc_size); + n20_cbor_type_t cbor_type; + uint64_t cbor_value; + n20_cbor_read_header(&dc_stream, &cbor_type, &cbor_value); + n20_cbor_read_header(&dc_stream, &cbor_type, &cbor_value); + n20_cbor_read_header(&dc_stream, &cbor_type, &cbor_value); + n20_slice_t uds_cert_slice; + if (!n20_istream_get_slice(&dc_stream, &uds_cert_slice, cbor_value)) return false; + if (uds_cert_slice.size > sizeof(out->data)) return false; + memcpy(out->data, uds_cert_slice.buffer, uds_cert_slice.size); + out->size = uds_cert_slice.size; + return true; +} + +/* Key types to test. */ +static n20_crypto_key_type_t const KEY_TYPES[] = { + n20_crypto_key_type_secp256r1_e, + n20_crypto_key_type_secp384r1_e, +}; +#define NUM_KEY_TYPES (sizeof(KEY_TYPES) / sizeof(KEY_TYPES[0])) + +/* Certificate format variants for CDI certs. ECA/ECA_EE are X.509 only. */ +static n20_certificate_format_t const CDI_FORMATS[] = { + n20_certificate_format_x509_e, +#if N20_WITH_COSE == 1 + n20_certificate_format_cose_e, +#endif +}; +#define NUM_CDI_FORMATS (sizeof(CDI_FORMATS) / sizeof(CDI_FORMATS[0])) + +/* + * Data structure to hold all artifacts generated at level 1 (before any promote). + * + * CDI1: issued at level 0 with no parent path. + * Dimensions: subject_key_type[NUM_KEY_TYPES] × format[NUM_CDI_FORMATS] + * Issuer key type is always P-256 (the UDS key type). + * + * CDI2: issued at level 0 with parent_path depth 1. + * Dimensions: issuer_key_type[NUM_KEY_TYPES] × subject_key_type[NUM_KEY_TYPES] + * × format[NUM_CDI_FORMATS] + * The issuer_key_type selects the signing key derivation path from the + * parent CDI. + * + * ECA: issued at level 0 with parent_path depth 2. + * Dimensions: issuer_key_type[NUM_KEY_TYPES] × subject_key_type[NUM_KEY_TYPES] + * Format is always X.509. + * + * ECA_EE: issued at level 0 with parent_path depth 2. + * The issuer key for ECA_EE is the ECA's subject key. + * Dimensions: eca_key_type[NUM_KEY_TYPES] × ee_subject_key_type[NUM_KEY_TYPES] + * Format is always X.509. + * + * Signature: issued at level 0 with parent_path depth 2. + * The signing key type is the ECA_EE's subject key type. + * Dimensions: ee_subject_key_type[NUM_KEY_TYPES] + */ + +typedef struct { + /* CDI1 certs: indexed by [subject_key_type_idx][format_idx] */ + cert_buffer_t cdi1[NUM_KEY_TYPES][NUM_CDI_FORMATS]; + bool cdi1_valid[NUM_KEY_TYPES][NUM_CDI_FORMATS]; + + /* CDI2 certs (via parent path depth 1): indexed by + * [issuer_key_type_idx][subject_key_type_idx][format_idx] */ + cert_buffer_t cdi2[NUM_KEY_TYPES][NUM_KEY_TYPES][NUM_CDI_FORMATS]; + bool cdi2_valid[NUM_KEY_TYPES][NUM_KEY_TYPES][NUM_CDI_FORMATS]; + + /* ECA certs (via parent path depth 2): indexed by [issuer_key_type_idx][subject_key_type_idx] + */ + cert_buffer_t eca[NUM_KEY_TYPES][NUM_KEY_TYPES]; + bool eca_valid[NUM_KEY_TYPES][NUM_KEY_TYPES]; + + /* ECA_EE certs (via parent path depth 2): + * indexed by [eca_subject_key_type_idx][ee_subject_key_type_idx] + * The ECA_EE issuer_key_type = ECA's subject_key_type. */ + cert_buffer_t eca_ee[NUM_KEY_TYPES][NUM_KEY_TYPES]; + bool eca_ee_valid[NUM_KEY_TYPES][NUM_KEY_TYPES]; + + /* Signatures (via parent path depth 2): + * indexed by [ee_subject_key_type_idx] */ + sig_buffer_t signature[NUM_KEY_TYPES]; + bool signature_valid[NUM_KEY_TYPES]; +} level_artifacts_t; + +static level_artifacts_t level1_artifacts; +static cert_buffer_t uds_cert; +static uint8_t compressed_input[N20_FUNC_COMPRESSED_INPUT_SIZE]; +static uint8_t const test_message[] = "DICE chain integration test message"; + +static void test_level1(void) { + TEST_BEGIN("Level 1: generate all certs at UDS level"); + + n20_parent_path_t no_path = N20_MSG_PARENT_PATH_EMPTY; + n20_slice_t path_elements[2] = { + {.size = sizeof(compressed_input), .buffer = compressed_input}, + {.size = sizeof(compressed_input), .buffer = compressed_input}, + }; + n20_parent_path_t path_depth1 = { + .length = 1, .is_encoded = false, .decoded = &path_elements[0]}; + n20_parent_path_t path_depth2 = { + .length = 2, .is_encoded = false, .decoded = &path_elements[0]}; + + n20_error_t err = test_compress_cdi_input(TEST_CODE_HASH, + sizeof(TEST_CODE_HASH), + TEST_CONFIG_HASH, + sizeof(TEST_CONFIG_HASH), + TEST_AUTHORITY_HASH, + sizeof(TEST_AUTHORITY_HASH), + (uint8_t)n20_open_dice_mode_normal_e, + TEST_HIDDEN, + sizeof(TEST_HIDDEN), + compressed_input, + sizeof(compressed_input)); + ASSERT_EQ(err, n20_error_ok_e, "compress_cdi_input failed: 0x%x", err); + + ASSERT(read_uds_cert(&uds_cert), "Failed to read UDS cert"); + + /* CDI1: subject_key_type × format, issuer = P-256, no parent path */ + for (size_t si = 0; si < NUM_KEY_TYPES; si++) { + for (size_t fi = 0; fi < NUM_CDI_FORMATS; fi++) { + level1_artifacts.cdi1_valid[si][fi] = issue_cdi_cert(n20_crypto_key_type_secp256r1_e, + KEY_TYPES[si], + CDI_FORMATS[fi], + no_path, + &level1_artifacts.cdi1[si][fi]); + } + } + + /* CDI2: issuer_key_type × subject_key_type × format, parent_path depth 1 */ + for (size_t ii = 0; ii < NUM_KEY_TYPES; ii++) { + for (size_t si = 0; si < NUM_KEY_TYPES; si++) { + for (size_t fi = 0; fi < NUM_CDI_FORMATS; fi++) { + level1_artifacts.cdi2_valid[ii][si][fi] = + issue_cdi_cert(KEY_TYPES[ii], + KEY_TYPES[si], + CDI_FORMATS[fi], + path_depth1, + &level1_artifacts.cdi2[ii][si][fi]); + } + } + } + + /* ECA: issuer_key_type × subject_key_type, parent_path depth 2 */ + for (size_t ii = 0; ii < NUM_KEY_TYPES; ii++) { + for (size_t si = 0; si < NUM_KEY_TYPES; si++) { + level1_artifacts.eca_valid[ii][si] = issue_eca_cert(KEY_TYPES[ii], + KEY_TYPES[si], + n20_certificate_format_x509_e, + path_depth2, + &level1_artifacts.eca[ii][si]); + } + } + + /* ECA_EE: eca_subject_key_type × ee_subject_key_type, parent_path depth 2. + * The ECA_EE issuer key type = ECA subject key type. */ + for (size_t ei = 0; ei < NUM_KEY_TYPES; ei++) { + for (size_t si = 0; si < NUM_KEY_TYPES; si++) { + level1_artifacts.eca_ee_valid[ei][si] = + issue_eca_ee_cert(KEY_TYPES[ei], + KEY_TYPES[si], + n20_certificate_format_x509_e, + path_depth2, + &level1_artifacts.eca_ee[ei][si]); + } + } + + /* Signature: ee_subject_key_type, parent_path depth 2 */ + for (size_t si = 0; si < NUM_KEY_TYPES; si++) { + level1_artifacts.signature_valid[si] = eca_ee_sign(KEY_TYPES[si], + path_depth2, + test_message, + sizeof(test_message) - 1, + &level1_artifacts.signature[si]); + } + + /* Verification: check X.509 chains where applicable */ + uint8_t uds_pubkey[97]; + size_t uds_pubkey_size = sizeof(uds_pubkey); + ASSERT(test_extract_x509_pubkey(uds_cert.data, uds_cert.size, uds_pubkey, &uds_pubkey_size), + "Failed to extract UDS public key"); + ASSERT(test_verify_x509_signature(uds_cert.data, + uds_cert.size, + uds_pubkey, + uds_pubkey_size, + n20_crypto_key_type_secp256r1_e), + "UDS self-signed verification failed"); + + /* Verify CDI1 X.509 certs against UDS key */ + for (size_t si = 0; si < NUM_KEY_TYPES; si++) { + if (!level1_artifacts.cdi1_valid[si][0]) continue; /* X.509 is index 0 */ + ASSERT(test_verify_x509_signature(level1_artifacts.cdi1[si][0].data, + level1_artifacts.cdi1[si][0].size, + uds_pubkey, + uds_pubkey_size, + n20_crypto_key_type_secp256r1_e), + "CDI1 X.509 (sub=%d) verification against UDS failed", + KEY_TYPES[si]); + if (NUM_CDI_FORMATS > 1 && level1_artifacts.cdi1_valid[si][1]) { + /* If COSE format also generated, verify signature using same UDS key */ + test_cose_sign1_t cose_sign1 = {0}; + ASSERT(test_parse_cose_sign1(level1_artifacts.cdi1[si][1].data, + level1_artifacts.cdi1[si][1].size, + &cose_sign1), + "Failed to parse CDI1 COSE_Sign1 cert (sub=%d)", + KEY_TYPES[si]); + ASSERT(test_verify_cose_sign1(&cose_sign1, + uds_pubkey + 1, + uds_pubkey_size - 1, + n20_crypto_key_type_secp256r1_e), + "CDI1 COSE (sub=%d) verification against UDS failed", + KEY_TYPES[si]); + } + } + + /* Verify CDI2 X.509 against CDI1 subject key (P-256 CDI1 -> CDI2) */ + for (size_t issfi = 0; issfi < NUM_CDI_FORMATS; issfi++) { + for (size_t ii = 0; ii < NUM_KEY_TYPES; ii++) { + /* CDI 1 subject key is the issuer for the CDI2 certs. + * So use issuer index ii as subject index of the CDI1 matrix. */ + if (level1_artifacts.cdi1_valid[ii][issfi]) { + uint8_t cdi1_pubkey[97]; + size_t cdi1_pubkey_size = sizeof(cdi1_pubkey); + if (issfi == 0) { + /* X.509 format: extract pubkey from cert */ + ASSERT(test_extract_x509_pubkey(level1_artifacts.cdi1[ii][issfi].data, + level1_artifacts.cdi1[ii][issfi].size, + cdi1_pubkey, + &cdi1_pubkey_size), + "Failed to extract CDI1 public key"); + } else { + /* COSE format: pubkey is the COSE_Sign1 payload */ + n20_crypto_key_type_t got_key_type; + ASSERT(test_extract_cose_pubkey(level1_artifacts.cdi1[ii][issfi].data, + level1_artifacts.cdi1[ii][issfi].size, + cdi1_pubkey, + &cdi1_pubkey_size, + &got_key_type), + "Failed to extract CDI1 COSE_Sign1 cert (sub=%d)", + KEY_TYPES[ii]); + ASSERT_EQ(got_key_type, + KEY_TYPES[ii], + "Unexpected key type extracted from CDI1 COSE_Sign1 cert (sub=%d)", + KEY_TYPES[ii]); + } + for (size_t si = 0; si < NUM_KEY_TYPES; si++) { + if (!level1_artifacts.cdi2_valid[ii][si][0]) continue; + ASSERT(test_verify_x509_signature(level1_artifacts.cdi2[ii][si][0].data, + level1_artifacts.cdi2[ii][si][0].size, + cdi1_pubkey, + cdi1_pubkey_size, + KEY_TYPES[ii]), + "CDI2 X.509 (issf=%zu, iss=%d, sub=%d) verification against CDI1 failed", + issfi, + KEY_TYPES[ii], + KEY_TYPES[si]); + if (NUM_CDI_FORMATS > 1 && level1_artifacts.cdi2_valid[ii][si][1]) { + /* If COSE format also generated, verify signature using CDI1 key */ + test_cose_sign1_t cose_sign1 = {0}; + ASSERT(test_parse_cose_sign1(level1_artifacts.cdi2[ii][si][1].data, + level1_artifacts.cdi2[ii][si][1].size, + &cose_sign1), + "Failed to parse CDI2 COSE_Sign1 cert (sub=%d)", + KEY_TYPES[si]); + ASSERT( + test_verify_cose_sign1( + &cose_sign1, cdi1_pubkey + 1, cdi1_pubkey_size - 1, KEY_TYPES[ii]), + "CDI2 COSE (issf=%zu, iss=%d, sub=%d) verification against CDI1 failed", + issfi, + KEY_TYPES[ii], + KEY_TYPES[si]); + } + } + } + } + } + + /* Verify ECA certificates against CDI2 keys */ + for (size_t issfi = 0; issfi < NUM_CDI_FORMATS; issfi++) { + for (size_t ii2 = 0; ii2 < NUM_KEY_TYPES; ii2++) { + for (size_t ii = 0; ii < NUM_KEY_TYPES; ii++) { + /* Get CDI2 public key for this issuer key type. + * Use the issuer index ii as the subject index of the CDI2 matrix. + * The issuer index ii2 corresponds to the CDI2 issuer key type. */ + if (!level1_artifacts.cdi2_valid[ii2][ii][issfi]) continue; + uint8_t cdi2_pubkey[97]; + size_t cdi2_pubkey_size = sizeof(cdi2_pubkey); + if (issfi == 0) { + /* X.509 format: extract pubkey from cert */ + ASSERT(test_extract_x509_pubkey(level1_artifacts.cdi2[ii2][ii][issfi].data, + level1_artifacts.cdi2[ii2][ii][issfi].size, + cdi2_pubkey, + &cdi2_pubkey_size), + "Failed to extract public key from CDI2 X.509 cert (iss=%d, sub=%d)", + KEY_TYPES[ii2], + KEY_TYPES[ii]); + } else { + /* COSE format: pubkey is the COSE_Sign1 payload */ + n20_crypto_key_type_t got_key_type; + ASSERT( + test_extract_cose_pubkey(level1_artifacts.cdi2[ii2][ii][issfi].data, + level1_artifacts.cdi2[ii2][ii][issfi].size, + cdi2_pubkey, + &cdi2_pubkey_size, + &got_key_type), + "Failed to extract public key from CDI2 COSE_Sign1 cert (iss=%d, sub=%d)", + KEY_TYPES[ii2], + KEY_TYPES[ii]); + ASSERT_EQ( + got_key_type, + KEY_TYPES[ii], + "Unexpected key type extracted from CDI2 COSE_Sign1 cert (iss=%d, sub=%d)", + KEY_TYPES[ii2], + KEY_TYPES[ii]); + } + + for (size_t si = 0; si < NUM_KEY_TYPES; si++) { + if (!level1_artifacts.eca_valid[ii][si]) continue; + + /* ECA signed by CDI2's subject key (type = KEY_TYPES[ii]) */ + ASSERT(test_verify_x509_signature(level1_artifacts.eca[ii][si].data, + level1_artifacts.eca[ii][si].size, + cdi2_pubkey, + cdi2_pubkey_size, + KEY_TYPES[ii]), + "ECA (cdi2.iss = %d, eca.iss=%d, eca.sub=%d) verification failed", + KEY_TYPES[ii2], + KEY_TYPES[ii], + KEY_TYPES[si]); + } + } + } + } + /* Verify ECA_EE certificates against ECA keys */ + for (size_t ii2 = 0; ii2 < NUM_KEY_TYPES; ii2++) { + for (size_t ii = 0; ii < NUM_KEY_TYPES; ii++) { + /* Get ECA public key for this issuer key type. + * Use the issuer index ii as the subject index of the CDI2 matrix. */ + if (!level1_artifacts.eca_valid[ii2][ii]) continue; + uint8_t eca_pubkey[97]; + size_t eca_pubkey_size = sizeof(eca_pubkey); + if (!test_extract_x509_pubkey(level1_artifacts.eca[ii2][ii].data, + level1_artifacts.eca[ii2][ii].size, + eca_pubkey, + &eca_pubkey_size)) + continue; + + for (size_t si = 0; si < NUM_KEY_TYPES; si++) { + if (!level1_artifacts.eca_ee_valid[ii][si]) continue; + + /* ECA_EE signed by ECA's subject key (type = KEY_TYPES[ii]) */ + ASSERT(test_verify_x509_signature(level1_artifacts.eca_ee[ii][si].data, + level1_artifacts.eca_ee[ii][si].size, + eca_pubkey, + eca_pubkey_size, + KEY_TYPES[ii]), + "ECA_EE (eca.iss = %d, eca.sub=%d, ee.sub=%d) verification failed", + KEY_TYPES[ii2], + KEY_TYPES[ii], + KEY_TYPES[si]); + } + } + } + + /* Verify ECA_EE Signatures against ECA_EE keys */ + for (size_t ii = 0; ii < NUM_KEY_TYPES; ii++) { + for (size_t si = 0; si < NUM_KEY_TYPES; si++) { + if (!level1_artifacts.eca_ee_valid[ii][si]) continue; + uint8_t eca_ee_pubkey[97]; + size_t eca_ee_pubkey_size = sizeof(eca_ee_pubkey); + if (!test_extract_x509_pubkey(level1_artifacts.eca_ee[ii][si].data, + level1_artifacts.eca_ee[ii][si].size, + eca_ee_pubkey, + &eca_ee_pubkey_size)) + continue; + + if (!level1_artifacts.signature_valid[si]) continue; + /* Verify signature against ECA_EE key */ + ASSERT(test_verify_raw_signature(eca_ee_pubkey + 1, + eca_ee_pubkey_size - 1, + test_message, + sizeof(test_message) - 1, + level1_artifacts.signature[si].data, + level1_artifacts.signature[si].size, + KEY_TYPES[si]), + "Signature verification failed (ee.iss=%d, ee.sub=%d)", + KEY_TYPES[ii], + KEY_TYPES[si]); + } + } + + TEST_PASS(); +} + +/* + * This test is run after test_level1 and one promote step. + * At this point we are at CDI1 level. Generate: + * - CDI2: issuer_key_type × subject_key_type × format, parent_path = empty (depth 0) + * - ECA: issuer_key_type × subject_key_type, parent_path = depth 1 + * - ECA_EE: eca_subject_key_type × ee_subject_key_type, parent_path = depth 1 + * - Signature: ee_subject_key_type, parent_path = depth 1 + * + * Compare all results to level1_artifacts. They must be identical. + */ +static void test_level2(void) { + TEST_BEGIN("Level 2: after promote, compare with level 1 artifacts"); + + n20_parent_path_t no_path = N20_MSG_PARENT_PATH_EMPTY; + n20_slice_t path_elements[1] = { + {.size = sizeof(compressed_input), .buffer = compressed_input}, + }; + n20_parent_path_t path_depth1 = { + .length = 1, .is_encoded = false, .decoded = &path_elements[0]}; + + /* CDI2: no parent path (we are now at CDI1 level) */ + for (size_t ii = 0; ii < NUM_KEY_TYPES; ii++) { + for (size_t si = 0; si < NUM_KEY_TYPES; si++) { + for (size_t fi = 0; fi < NUM_CDI_FORMATS; fi++) { + cert_buffer_t cert; + bool ok = + issue_cdi_cert(KEY_TYPES[ii], KEY_TYPES[si], CDI_FORMATS[fi], no_path, &cert); + ASSERT(ok, + "Level 2 CDI2 (iss=%d, sub=%d, fmt=%d) failed", + KEY_TYPES[ii], + KEY_TYPES[si], + CDI_FORMATS[fi]); + ASSERT(level1_artifacts.cdi2_valid[ii][si][fi], + "Level 1 CDI2 (iss=%d, sub=%d, fmt=%d) was not valid", + KEY_TYPES[ii], + KEY_TYPES[si], + CDI_FORMATS[fi]); + ASSERT( + cert.size == level1_artifacts.cdi2[ii][si][fi].size && + memcmp(cert.data, level1_artifacts.cdi2[ii][si][fi].data, cert.size) == 0, + "CDI2 mismatch (iss=%d, sub=%d, fmt=%d): level2 != level1", + KEY_TYPES[ii], + KEY_TYPES[si], + CDI_FORMATS[fi]); + } + } + } + + /* ECA: parent_path depth 1 */ + for (size_t ii = 0; ii < NUM_KEY_TYPES; ii++) { + for (size_t si = 0; si < NUM_KEY_TYPES; si++) { + cert_buffer_t cert; + bool ok = issue_eca_cert( + KEY_TYPES[ii], KEY_TYPES[si], n20_certificate_format_x509_e, path_depth1, &cert); + ASSERT(ok, "Level 2 ECA (iss=%d, sub=%d) failed", KEY_TYPES[ii], KEY_TYPES[si]); + ASSERT(level1_artifacts.eca_valid[ii][si], + "Level 1 ECA (iss=%d, sub=%d) was not valid", + KEY_TYPES[ii], + KEY_TYPES[si]); + ASSERT(cert.size == level1_artifacts.eca[ii][si].size && + memcmp(cert.data, level1_artifacts.eca[ii][si].data, cert.size) == 0, + "ECA mismatch (iss=%d, sub=%d): level2 != level1", + KEY_TYPES[ii], + KEY_TYPES[si]); + } + } + + /* ECA_EE: parent_path depth 1 */ + for (size_t ei = 0; ei < NUM_KEY_TYPES; ei++) { + for (size_t si = 0; si < NUM_KEY_TYPES; si++) { + cert_buffer_t cert; + bool ok = issue_eca_ee_cert( + KEY_TYPES[ei], KEY_TYPES[si], n20_certificate_format_x509_e, path_depth1, &cert); + ASSERT(ok, "Level 2 ECA_EE (eca=%d, ee=%d) failed", KEY_TYPES[ei], KEY_TYPES[si]); + ASSERT(level1_artifacts.eca_ee_valid[ei][si], + "Level 1 ECA_EE (eca=%d, ee=%d) was not valid", + KEY_TYPES[ei], + KEY_TYPES[si]); + ASSERT(cert.size == level1_artifacts.eca_ee[ei][si].size && + memcmp(cert.data, level1_artifacts.eca_ee[ei][si].data, cert.size) == 0, + "ECA_EE mismatch (eca=%d, ee=%d): level2 != level1", + KEY_TYPES[ei], + KEY_TYPES[si]); + } + } + + /* Signature: parent_path depth 1 */ + for (size_t si = 0; si < NUM_KEY_TYPES; si++) { + sig_buffer_t sig; + bool ok = + eca_ee_sign(KEY_TYPES[si], path_depth1, test_message, sizeof(test_message) - 1, &sig); + ASSERT(ok, "Level 2 signature (ee=%d) failed", KEY_TYPES[si]); + ASSERT(level1_artifacts.signature_valid[si], + "Level 1 signature (ee=%d) was not valid", + KEY_TYPES[si]); + ASSERT(sig.size == level1_artifacts.signature[si].size && + memcmp(sig.data, level1_artifacts.signature[si].data, sig.size) == 0, + "Signature mismatch (ee=%d): level2 != level1", + KEY_TYPES[si]); + } + + TEST_PASS(); +} + +/* + * This test is run after test_level2 and one promote step. + * At this point we are at CDI2 level. Generate: + * - ECA: issuer_key_type × subject_key_type, parent_path = empty (depth 0) + * - ECA_EE: eca_subject_key_type × ee_subject_key_type, parent_path = empty + * - Signature: ee_subject_key_type, parent_path = empty + * + * Compare all results to level1_artifacts. They must be identical. + */ +static void test_level3(void) { + TEST_BEGIN("Level 3: after second promote, compare with level 1 artifacts"); + + n20_parent_path_t no_path = N20_MSG_PARENT_PATH_EMPTY; + + /* ECA: no parent path */ + for (size_t ii = 0; ii < NUM_KEY_TYPES; ii++) { + for (size_t si = 0; si < NUM_KEY_TYPES; si++) { + cert_buffer_t cert; + bool ok = issue_eca_cert( + KEY_TYPES[ii], KEY_TYPES[si], n20_certificate_format_x509_e, no_path, &cert); + ASSERT(ok, "Level 3 ECA (iss=%d, sub=%d) failed", KEY_TYPES[ii], KEY_TYPES[si]); + ASSERT(level1_artifacts.eca_valid[ii][si], + "Level 1 ECA (iss=%d, sub=%d) was not valid", + KEY_TYPES[ii], + KEY_TYPES[si]); + ASSERT(cert.size == level1_artifacts.eca[ii][si].size && + memcmp(cert.data, level1_artifacts.eca[ii][si].data, cert.size) == 0, + "ECA mismatch (iss=%d, sub=%d): level3 != level1", + KEY_TYPES[ii], + KEY_TYPES[si]); + } + } + + /* ECA_EE: no parent path */ + for (size_t ei = 0; ei < NUM_KEY_TYPES; ei++) { + for (size_t si = 0; si < NUM_KEY_TYPES; si++) { + cert_buffer_t cert; + bool ok = issue_eca_ee_cert( + KEY_TYPES[ei], KEY_TYPES[si], n20_certificate_format_x509_e, no_path, &cert); + ASSERT(ok, "Level 3 ECA_EE (eca=%d, ee=%d) failed", KEY_TYPES[ei], KEY_TYPES[si]); + ASSERT(level1_artifacts.eca_ee_valid[ei][si], + "Level 1 ECA_EE (eca=%d, ee=%d) was not valid", + KEY_TYPES[ei], + KEY_TYPES[si]); + ASSERT(cert.size == level1_artifacts.eca_ee[ei][si].size && + memcmp(cert.data, level1_artifacts.eca_ee[ei][si].data, cert.size) == 0, + "ECA_EE mismatch (eca=%d, ee=%d): level3 != level1", + KEY_TYPES[ei], + KEY_TYPES[si]); + } + } + + /* Signature: no parent path */ + for (size_t si = 0; si < NUM_KEY_TYPES; si++) { + sig_buffer_t sig; + bool ok = eca_ee_sign(KEY_TYPES[si], no_path, test_message, sizeof(test_message) - 1, &sig); + ASSERT(ok, "Level 3 signature (ee=%d) failed", KEY_TYPES[si]); + ASSERT(level1_artifacts.signature_valid[si], + "Level 1 signature (ee=%d) was not valid", + KEY_TYPES[si]); + ASSERT(sig.size == level1_artifacts.signature[si].size && + memcmp(sig.data, level1_artifacts.signature[si].data, sig.size) == 0, + "Signature mismatch (ee=%d): level3 != level1", + KEY_TYPES[si]); + } + + TEST_PASS(); +} + +int main(void) { + printf("nat20 integration test suite\n"); + printf("============================\n\n"); + + test_dice_chain_readable(); + test_cdi_cert_x509_p256(); +#if N20_WITH_COSE == 1 + test_cdi_cert_cose_p256(); +#endif + test_eca_cert_x509_p256(); + test_eca_ee_cert_x509_p256(); + test_eca_ee_sign_p256(); + + /* Full parameterized chain test (promote is irreversible — runs once) */ + test_level1(); + do_promote(compressed_input, sizeof(compressed_input)); + test_level2(); + do_promote(compressed_input, sizeof(compressed_input)); + test_level3(); + + printf("\n============================\n"); + printf("Results: %d passed, %d failed, %d total\n", tests_passed, tests_failed, tests_run); + + return tests_failed > 0 ? EXIT_FAILURE : EXIT_SUCCESS; +} diff --git a/examples/linux/nat20test/test/test_helpers.c b/examples/linux/nat20test/test/test_helpers.c new file mode 100644 index 00000000..1d52bec4 --- /dev/null +++ b/examples/linux/nat20test/test/test_helpers.c @@ -0,0 +1,525 @@ +/* + * Copyright 2026 Aurora Operations, Inc. + * + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0 + * + * This work is dual licensed. + * You may use it under Apache-2.0 or GPL-2.0 at your option. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * OR + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see + * . + */ + +#include "test_helpers.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +n20_error_t test_compress_cdi_input(uint8_t const* code_hash, + size_t code_hash_size, + uint8_t const* config_hash, + size_t config_hash_size, + uint8_t const* authority_hash, + size_t authority_hash_size, + uint8_t mode, + uint8_t const* hidden, + size_t hidden_size, + uint8_t* compressed_out, + size_t compressed_out_size) { + n20_crypto_digest_context_t* digest_ctx = NULL; + n20_error_t err = n20_crypto_nat20_open(&digest_ctx); + if (err != n20_error_ok_e) { + return err; + } + + n20_open_dice_cert_info_t cert_info = {0}; + cert_info.cert_type = n20_cert_type_cdi_e; + cert_info.open_dice_input.code_hash = + (n20_slice_t){.size = code_hash_size, .buffer = code_hash}; + cert_info.open_dice_input.configuration_hash = + (n20_slice_t){.size = config_hash_size, .buffer = config_hash}; + cert_info.open_dice_input.authority_hash = + (n20_slice_t){.size = authority_hash_size, .buffer = authority_hash}; + cert_info.open_dice_input.mode = (n20_open_dice_modes_t)mode; + cert_info.open_dice_input.hidden = (n20_slice_t){.size = hidden_size, .buffer = hidden}; + + if (compressed_out_size < N20_FUNC_COMPRESSED_INPUT_SIZE) { + return n20_error_insufficient_buffer_size_e; + } + + err = n20_compress_input(digest_ctx, &cert_info, compressed_out); + return err; +} + +static EVP_PKEY* evp_pkey_from_ec_pubkey(uint8_t const* pubkey, + size_t pubkey_size, + n20_crypto_key_type_t key_type) { + char const* group_name = + (key_type == n20_crypto_key_type_secp256r1_e) ? SN_X9_62_prime256v1 : SN_secp384r1; + + OSSL_PARAM_BLD* bld = OSSL_PARAM_BLD_new(); + if (bld == NULL) return NULL; + + OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_PKEY_PARAM_GROUP_NAME, group_name, 0); + OSSL_PARAM_BLD_push_octet_string(bld, OSSL_PKEY_PARAM_PUB_KEY, pubkey, pubkey_size); + + OSSL_PARAM* params = OSSL_PARAM_BLD_to_param(bld); + OSSL_PARAM_BLD_free(bld); + if (params == NULL) return NULL; + + EVP_PKEY_CTX* pctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL); + if (pctx == NULL) { + OSSL_PARAM_free(params); + return NULL; + } + + EVP_PKEY* pkey = NULL; + if (EVP_PKEY_fromdata_init(pctx) != 1 || + EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_PUBLIC_KEY, params) != 1) { + pkey = NULL; + } + + EVP_PKEY_CTX_free(pctx); + OSSL_PARAM_free(params); + return pkey; +} + +static EVP_PKEY* evp_pkey_from_pubkey(uint8_t const* pubkey, + size_t pubkey_size, + n20_crypto_key_type_t key_type) { + switch (key_type) { + case n20_crypto_key_type_ed25519_e: + return EVP_PKEY_new_raw_public_key(EVP_PKEY_ED25519, NULL, pubkey, pubkey_size); + case n20_crypto_key_type_secp256r1_e: + case n20_crypto_key_type_secp384r1_e: + return evp_pkey_from_ec_pubkey(pubkey, pubkey_size, key_type); + default: + return NULL; + } +} + +bool test_verify_x509_signature(uint8_t const* cert_der, + size_t cert_der_size, + uint8_t const* issuer_pubkey, + size_t issuer_pubkey_size, + n20_crypto_key_type_t key_type) { + uint8_t const* p = cert_der; + X509* cert = d2i_X509(NULL, &p, (long)cert_der_size); + if (cert == NULL) { + fprintf(stderr, " d2i_X509 failed\n"); + return false; + } + + EVP_PKEY* pkey = evp_pkey_from_pubkey(issuer_pubkey, issuer_pubkey_size, key_type); + if (pkey == NULL) { + fprintf(stderr, " Failed to construct EVP_PKEY\n"); + X509_free(cert); + return false; + } + + bool result = X509_verify(cert, pkey) == 1; + if (!result) { + fprintf(stderr, " X509_verify failed\n"); + } + + EVP_PKEY_free(pkey); + X509_free(cert); + return result; +} + +bool test_extract_x509_pubkey(uint8_t const* cert_der, + size_t cert_der_size, + uint8_t* pubkey_out, + size_t* pubkey_size_in_out) { + uint8_t const* p = cert_der; + X509* cert = d2i_X509(NULL, &p, (long)cert_der_size); + if (cert == NULL) { + fprintf(stderr, " d2i_X509 failed\n"); + return false; + } + + EVP_PKEY* pkey = X509_get_pubkey(cert); + if (pkey == NULL) { + fprintf(stderr, " X509_get_pubkey failed\n"); + X509_free(cert); + return false; + } + + bool result = false; + int key_id = EVP_PKEY_id(pkey); + + if (key_id == EVP_PKEY_ED25519) { + size_t len = *pubkey_size_in_out; + if (EVP_PKEY_get_raw_public_key(pkey, pubkey_out, &len) == 1) { + *pubkey_size_in_out = len; + result = true; + } + } else if (key_id == EVP_PKEY_EC) { + size_t len = 0; + if (EVP_PKEY_get_octet_string_param(pkey, OSSL_PKEY_PARAM_PUB_KEY, NULL, 0, &len) == 1 && + len <= *pubkey_size_in_out) { + if (EVP_PKEY_get_octet_string_param( + pkey, OSSL_PKEY_PARAM_PUB_KEY, pubkey_out, *pubkey_size_in_out, &len) == 1) { + *pubkey_size_in_out = len; + result = true; + } + } + } + + EVP_PKEY_free(pkey); + X509_free(cert); + return result; +} + +bool test_parse_cose_sign1(uint8_t const* data, size_t size, test_cose_sign1_t* out) { + n20_istream_t stream; + n20_istream_init(&stream, data, size); + + n20_cbor_type_t type; + uint64_t value; + + if (!n20_cbor_read_header(&stream, &type, &value)) return false; + if (type != n20_cbor_type_array_e || value != 4) return false; + + /* Element 1: protected header (bstr) */ + if (!n20_cbor_read_header(&stream, &type, &value)) return false; + if (type != n20_cbor_type_bytes_e) return false; + if (!n20_istream_get_slice(&stream, &out->protected_header, value)) return false; + + /* Element 2: unprotected header (map) — skip */ + if (!n20_cbor_read_skip_item(&stream)) return false; + + /* Element 3: payload (bstr or nil) */ + if (!n20_cbor_read_header(&stream, &type, &value)) return false; + if (type == n20_cbor_type_bytes_e) { + if (!n20_istream_get_slice(&stream, &out->payload, value)) return false; + } else if (type == n20_cbor_type_simple_float_e && value == 22) { + /* nil payload */ + out->payload = (n20_slice_t){.size = 0, .buffer = NULL}; + } else { + return false; + } + + /* Element 4: signature (bstr) */ + if (!n20_cbor_read_header(&stream, &type, &value)) return false; + if (type != n20_cbor_type_bytes_e) return false; + if (!n20_istream_get_slice(&stream, &out->signature, value)) return false; + + return true; +} + +bool test_verify_raw_signature(uint8_t const* pubkey, + size_t pubkey_size, + uint8_t const* message, + size_t message_size, + uint8_t const* sig, + size_t sig_size, + n20_crypto_key_type_t key_type) { + EVP_PKEY* pkey = NULL; + + switch (key_type) { + case n20_crypto_key_type_ed25519_e: + pkey = EVP_PKEY_new_raw_public_key(EVP_PKEY_ED25519, NULL, pubkey, pubkey_size); + break; + case n20_crypto_key_type_secp256r1_e: + case n20_crypto_key_type_secp384r1_e: { + /* The pubkey is raw x||y — wrap with 0x04 uncompressed prefix */ + uint8_t uncompressed[1 + 96]; + uncompressed[0] = 0x04; + memcpy(uncompressed + 1, pubkey, pubkey_size); + pkey = evp_pkey_from_ec_pubkey(uncompressed, 1 + pubkey_size, key_type); + break; + } + default: + return false; + } + + if (pkey == NULL) return false; + + bool result = false; + + if (key_type == n20_crypto_key_type_ed25519_e) { + EVP_MD_CTX* md_ctx = EVP_MD_CTX_new(); + if (md_ctx != NULL) { + if (EVP_DigestVerifyInit(md_ctx, NULL, NULL, NULL, pkey) == 1 && + EVP_DigestVerify(md_ctx, sig, sig_size, message, message_size) == 1) { + result = true; + } + EVP_MD_CTX_free(md_ctx); + } + } else { + /* ECDSA: convert raw r||s to DER ECDSA_SIG for OpenSSL */ + size_t coord_size = sig_size / 2; + BIGNUM* r_bn = BN_bin2bn(sig, (int)coord_size, NULL); + BIGNUM* s_bn = BN_bin2bn(sig + coord_size, (int)coord_size, NULL); + ECDSA_SIG* ecdsa_sig = ECDSA_SIG_new(); + if (r_bn && s_bn && ecdsa_sig && ECDSA_SIG_set0(ecdsa_sig, r_bn, s_bn)) { + /* DER-encode the signature */ + uint8_t* der_sig = NULL; + int der_sig_len = i2d_ECDSA_SIG(ecdsa_sig, &der_sig); + if (der_sig_len > 0 && der_sig != NULL) { + EVP_MD const* md = + (key_type == n20_crypto_key_type_secp256r1_e) ? EVP_sha256() : EVP_sha384(); + EVP_MD_CTX* md_ctx = EVP_MD_CTX_new(); + if (md_ctx != NULL) { + if (EVP_DigestVerifyInit(md_ctx, NULL, md, NULL, pkey) == 1 && + EVP_DigestVerifyUpdate(md_ctx, message, message_size) == 1 && + EVP_DigestVerifyFinal(md_ctx, der_sig, (size_t)der_sig_len) == 1) { + result = true; + } + EVP_MD_CTX_free(md_ctx); + } + OPENSSL_free(der_sig); + } + /* r_bn and s_bn are owned by ecdsa_sig after ECDSA_SIG_set0 */ + } else { + BN_free(r_bn); + BN_free(s_bn); + } + ECDSA_SIG_free(ecdsa_sig); + } + + EVP_PKEY_free(pkey); + return result; +} + +bool test_verify_cose_sign1(test_cose_sign1_t const* sign1, + uint8_t const* issuer_pubkey, + size_t issuer_pubkey_size, + n20_crypto_key_type_t key_type) { + /* Reconstruct the Sig_structure1: + * ["Signature1", protected, external_aad, payload] + * Encoded as: 84 6a "Signature1" 40 + * + * The to-be-signed data is the concatenation of: + * [0] = array(4) header + "Signature1" text string + * [1] = protected header as bstr (with its CBOR bstr wrapper) + * [2] = empty bstr (0x40) + * [3] = payload as bstr (with its CBOR bstr wrapper) + */ + uint8_t sig_struct_buf[2048]; + n20_stream_t s; + n20_stream_init(&s, sig_struct_buf, sizeof(sig_struct_buf)); + + /* Write in reverse (right-to-left stream) */ + /* [3] payload as bstr */ + n20_cbor_write_byte_string(&s, sign1->payload); + /* [2] empty external_aad */ + n20_cbor_write_byte_string(&s, (n20_slice_t){.size = 0, .buffer = NULL}); + /* [1] protected header as bstr */ + n20_cbor_write_byte_string(&s, sign1->protected_header); + /* [0] context string "Signature1" */ + n20_stream_prepend(&s, (uint8_t const*)"\x6aSignature1", 11); + /* Array header for 4 elements */ + n20_cbor_write_array_header(&s, 4); + + if (n20_stream_has_buffer_overflow(&s)) { + fprintf(stderr, " Sig_structure1 buffer overflow\n"); + return false; + } + + size_t tbs_size = n20_stream_byte_count(&s); + uint8_t const* tbs_data = sig_struct_buf + (sizeof(sig_struct_buf) - tbs_size); + + return test_verify_raw_signature(issuer_pubkey, + issuer_pubkey_size, + tbs_data, + tbs_size, + sign1->signature.buffer, + sign1->signature.size, + key_type); +} + +/* COSE_Key label constants (matching cose.c) */ +#define COSE_KEY_LABEL_KEY_TYPE (1) +#define COSE_KEY_LABEL_ALGORITHM_ID (3) +#define COSE_KEY_LABEL_CURVE (-1) +#define COSE_KEY_LABEL_X_COORDINATE (-2) +#define COSE_KEY_LABEL_Y_COORDINATE (-3) + +#define COSE_KEY_TYPE_OKP (1) +#define COSE_KEY_TYPE_EC2 (2) + +#define COSE_CURVE_P256 (1) +#define COSE_CURVE_P384 (2) +#define COSE_CURVE_ED25519 (6) + +/* CWT claim label for the subject public key */ +#define CWT_LABEL_SUBJECT_PUBLIC_KEY (-4670552) + +static int64_t cbor_read_int(n20_istream_t* s) { + n20_cbor_type_t type; + uint64_t value; + if (!n20_cbor_read_header(s, &type, &value)) return 0; + if (type == n20_cbor_type_uint_e) return (int64_t)value; + if (type == n20_cbor_type_nint_e) return -1 - (int64_t)value; + return 0; +} + +bool test_extract_cose_pubkey(uint8_t const* cose_sign1, + size_t cose_sign1_size, + uint8_t* pubkey_out, + size_t* pubkey_size_in_out, + n20_crypto_key_type_t* key_type_out) { + /* Parse the COSE_Sign1 to get the payload */ + test_cose_sign1_t sign1; + if (!test_parse_cose_sign1(cose_sign1, cose_sign1_size, &sign1)) { + fprintf(stderr, " Failed to parse COSE_Sign1\n"); + return false; + } + + if (sign1.payload.buffer == NULL || sign1.payload.size == 0) { + fprintf(stderr, " COSE_Sign1 has no payload\n"); + return false; + } + + /* The payload is a CWT (CBOR map). Find the subject public key claim. */ + n20_istream_t cwt; + n20_istream_init(&cwt, sign1.payload.buffer, sign1.payload.size); + + n20_cbor_type_t type; + uint64_t value; + if (!n20_cbor_read_header(&cwt, &type, &value) || type != n20_cbor_type_map_e) { + fprintf(stderr, " CWT payload is not a map\n"); + return false; + } + uint64_t map_count = value; + + /* Iterate through the CWT map to find the subject public key */ + bool found_pubkey = false; + for (uint64_t i = 0; i < map_count; i++) { + int64_t label = cbor_read_int(&cwt); + if (label == CWT_LABEL_SUBJECT_PUBLIC_KEY) { + found_pubkey = true; + break; + } else { + if (!n20_cbor_read_skip_item(&cwt)) { + fprintf(stderr, " Failed to skip CWT claim value\n"); + return false; + } + } + } + + if (!found_pubkey) { + fprintf(stderr, " Subject public key claim not found in CWT\n"); + return false; + } + + if (!n20_cbor_read_header(&cwt, &type, &value) || type != n20_cbor_type_bytes_e) { + fprintf(stderr, " COSE_Key is not a byte string\n"); + return false; + } + + if (!n20_cbor_read_header(&cwt, &type, &value) || type != n20_cbor_type_map_e) { + fprintf(stderr, " COSE_Key is not a map\n"); + return false; + } + uint64_t key_pairs = value; + + n20_slice_t x = {0}; + n20_slice_t y = {0}; + int64_t key_type_val = 0; + int64_t crv = 0; + + for (uint64_t i = 0; i < key_pairs; i++) { + int64_t key_label = cbor_read_int(&cwt); + switch (key_label) { + case COSE_KEY_LABEL_KEY_TYPE: + key_type_val = cbor_read_int(&cwt); + break; + case COSE_KEY_LABEL_CURVE: + crv = cbor_read_int(&cwt); + break; + case COSE_KEY_LABEL_X_COORDINATE: + if (!n20_cbor_read_header(&cwt, &type, &value) || type != n20_cbor_type_bytes_e) { + return false; + } + if (!n20_istream_get_slice(&cwt, &x, value)) return false; + break; + case COSE_KEY_LABEL_Y_COORDINATE: + if (!n20_cbor_read_header(&cwt, &type, &value) || type != n20_cbor_type_bytes_e) { + return false; + } + if (!n20_istream_get_slice(&cwt, &y, value)) return false; + break; + default: + if (!n20_cbor_read_skip_item(&cwt)) return false; + break; + } + } + + /* Reconstruct the raw public key based on key type */ + if (key_type_val == COSE_KEY_TYPE_EC2) { + /* EC2: output is x || y */ + if (x.size == 0 || y.size == 0) { + fprintf(stderr, " EC2 key missing x or y coordinate\n"); + return false; + } + size_t total = x.size + y.size + 1; + if (total > *pubkey_size_in_out) return false; + pubkey_out[0] = 0x04; /* Uncompressed point prefix */ + memcpy(pubkey_out + 1, x.buffer, x.size); + memcpy(pubkey_out + 1 + x.size, y.buffer, y.size); + *pubkey_size_in_out = total; + + if (crv == COSE_CURVE_P256) { + *key_type_out = n20_crypto_key_type_secp256r1_e; + } else if (crv == COSE_CURVE_P384) { + *key_type_out = n20_crypto_key_type_secp384r1_e; + } else { + fprintf(stderr, " Unknown EC2 curve: %lld\n", (long long)crv); + return false; + } + } else if (key_type_val == COSE_KEY_TYPE_OKP) { + /* OKP (Ed25519): output is x only */ + if (x.size == 0) { + fprintf(stderr, " OKP key missing x coordinate\n"); + return false; + } + if (x.size > *pubkey_size_in_out) return false; + memcpy(pubkey_out, x.buffer, x.size); + *pubkey_size_in_out = x.size; + *key_type_out = n20_crypto_key_type_ed25519_e; + } else { + fprintf(stderr, " Unknown COSE key type: %lld\n", (long long)key_type_val); + return false; + } + + return true; +} diff --git a/examples/linux/nat20test/test/test_helpers.h b/examples/linux/nat20test/test/test_helpers.h new file mode 100644 index 00000000..8ebd79b6 --- /dev/null +++ b/examples/linux/nat20test/test/test_helpers.h @@ -0,0 +1,165 @@ +/* + * Copyright 2026 Aurora Operations, Inc. + * + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0 + * + * This work is dual licensed. + * You may use it under Apache-2.0 or GPL-2.0 at your option. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * OR + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see + * . + */ + +#pragma once + +#include +#include +#include +#include +#include +#include + +/** + * Compute the compressed input for a CDI level given the OpenDICE parameters. + * Uses the libnat20 software digest implementation. + */ +n20_error_t test_compress_cdi_input(uint8_t const* code_hash, + size_t code_hash_size, + uint8_t const* config_hash, + size_t config_hash_size, + uint8_t const* authority_hash, + size_t authority_hash_size, + uint8_t mode, + uint8_t const* hidden, + size_t hidden_size, + uint8_t* compressed_out, + size_t compressed_out_size); + +/** + * Verify an X.509 DER certificate's signature against an issuer public key. + * For self-signed certs, pass the cert's own public key. + * + * @param cert_der DER-encoded certificate + * @param cert_der_size Size of the certificate + * @param issuer_pubkey Raw public key (x||y for EC, compressed for Ed25519) + * @param issuer_pubkey_size Size of the public key + * @param key_type Key type of the issuer + * @return true if signature is valid + */ +bool test_verify_x509_signature(uint8_t const* cert_der, + size_t cert_der_size, + uint8_t const* issuer_pubkey, + size_t issuer_pubkey_size, + n20_crypto_key_type_t key_type); + +/** + * Extract the subject public key from a DER-encoded X.509 certificate. + * For EC keys, the output is the uncompressed point (0x04 || x || y). + * For Ed25519, it's the 32-byte compressed point. + * + * @param cert_der DER-encoded certificate + * @param cert_der_size Size of the certificate + * @param pubkey_out Output buffer for the public key + * @param pubkey_size_in_out In: buffer size, Out: bytes written + * @return true on success + */ +bool test_extract_x509_pubkey(uint8_t const* cert_der, + size_t cert_der_size, + uint8_t* pubkey_out, + size_t* pubkey_size_in_out); + +/** + * Parsed COSE_Sign1 structure. + */ +typedef struct { + n20_slice_t protected_header; + n20_slice_t payload; + n20_slice_t signature; +} test_cose_sign1_t; + +/** + * Parse a COSE_Sign1 structure from CBOR-encoded bytes. + * The returned slices point into the input buffer. + */ +bool test_parse_cose_sign1(uint8_t const* data, size_t size, test_cose_sign1_t* out); + +/** + * Verify a COSE_Sign1 signature. + * Reconstructs the Sig_structure1 and verifies against the given public key. + * + * @param sign1 Parsed COSE_Sign1 (from test_parse_cose_sign1) + * @param issuer_pubkey Raw public key bytes (without 0x04 prefix for EC) + * @param issuer_pubkey_size Size of the public key + * @param key_type Key type of the issuer + * @return true if signature is valid + */ +bool test_verify_cose_sign1(test_cose_sign1_t const* sign1, + uint8_t const* issuer_pubkey, + size_t issuer_pubkey_size, + n20_crypto_key_type_t key_type); + +/** + * Verify a raw ECDSA/EdDSA signature over a message. + * + * @param pubkey Raw public key (x||y for EC, 32 bytes for Ed25519) + * @param pubkey_size Size of the public key + * @param message Message that was signed + * @param message_size Size of the message + * @param sig Signature (r||s for ECDSA, 64 bytes for Ed25519) + * @param sig_size Size of the signature + * @param key_type Key type + * @return true if signature is valid + */ +bool test_verify_raw_signature(uint8_t const* pubkey, + size_t pubkey_size, + uint8_t const* message, + size_t message_size, + uint8_t const* sig, + size_t sig_size, + n20_crypto_key_type_t key_type); + +/** + * Extract the subject public key from a COSE_Sign1 certificate. + * + * Assumes the COSE_Sign1 payload is a CWT containing a claim with label + * -4670552 (N20_OPEN_DICE_CWT_LABEL_SUBJECT_PUBLIC_KEY) whose value is + * a COSE_Key map. Extracts the x (and y for EC2) coordinates and writes + * them as raw 0x04||x||y (for EC) or raw 32-byte key (for OKP/Ed25519). + * + * @param cose_sign1 COSE_Sign1 encoded certificate bytes + * @param cose_sign1_size Size of the COSE_Sign1 data + * @param pubkey_out Output buffer for the raw public key + * @param pubkey_size_in_out In: buffer size, Out: bytes written + * @param key_type_out Output: detected key type + * @return true on success + */ +bool test_extract_cose_pubkey(uint8_t const* cose_sign1, + size_t cose_sign1_size, + uint8_t* pubkey_out, + size_t* pubkey_size_in_out, + n20_crypto_key_type_t* key_type_out); From 8e3063febede2ccdd8d02409d78019d45e72f191 Mon Sep 17 00:00:00 2001 From: Janis Danisevskis Date: Thu, 14 May 2026 16:50:58 -0700 Subject: [PATCH 43/49] Apply suggestions from code review Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> --- examples/linux/br_external/package/nat20test/Config.in | 5 +++-- examples/linux/nat20test/CMakeLists.txt | 2 +- examples/linux/nat20test/nat20_qemu_init.sh | 2 +- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/examples/linux/br_external/package/nat20test/Config.in b/examples/linux/br_external/package/nat20test/Config.in index 25e73e83..ee738014 100644 --- a/examples/linux/br_external/package/nat20test/Config.in +++ b/examples/linux/br_external/package/nat20test/Config.in @@ -34,8 +34,9 @@ # . config BR2_PACKAGE_NAT20TEST - bool "nat20cli" + bool "nat20test" depends on BR2_PACKAGE_LIBNAT20 depends on BR2_PACKAGE_OPENSSL + select BR2_PACKAGE_NAT20SW help - Enable building the nat20test, an integration test for ant20device with nat20sw. + Enable building the nat20test, an integration test for nat20device with nat20sw. diff --git a/examples/linux/nat20test/CMakeLists.txt b/examples/linux/nat20test/CMakeLists.txt index e1d22957..9db588d3 100644 --- a/examples/linux/nat20test/CMakeLists.txt +++ b/examples/linux/nat20test/CMakeLists.txt @@ -41,7 +41,7 @@ project(NAT20TEST VERSION 0.0.1 LANGUAGES C) set(CMAKE_C_STANDARD 11) # CMake shall generate a compile_commands.json file for -# the benfit of clangd based IDE support. +# the benefit of clangd based IDE support. set(CMAKE_EXPORT_COMPILE_COMMANDS ON) diff --git a/examples/linux/nat20test/nat20_qemu_init.sh b/examples/linux/nat20test/nat20_qemu_init.sh index 4bdd601a..d60b9d57 100644 --- a/examples/linux/nat20test/nat20_qemu_init.sh +++ b/examples/linux/nat20test/nat20_qemu_init.sh @@ -35,7 +35,7 @@ # along with this program; if not, see # . -# Init wrapper for running nat20clitest.sh in a QEMU VM. +# Init wrapper for running nat20test.sh in a QEMU VM. # This script is intended to be used as the init process (PID 1). # It mounts the necessary filesystems, runs the test suite, prints # a machine-parseable result marker, and powers off the VM. From bb95742626bc1414e7af8751bb926e1a677121ed Mon Sep 17 00:00:00 2001 From: Janis Danisevskis Date: Thu, 14 May 2026 16:59:35 -0700 Subject: [PATCH 44/49] address comments --- .../nat20test/test/nat20_integration_test.c | 16 ++++++++++++++-- examples/linux/nat20test/test/test_helpers.h | 2 +- 2 files changed, 15 insertions(+), 3 deletions(-) diff --git a/examples/linux/nat20test/test/nat20_integration_test.c b/examples/linux/nat20test/test/nat20_integration_test.c index e1457268..55228b8a 100644 --- a/examples/linux/nat20test/test/nat20_integration_test.c +++ b/examples/linux/nat20test/test/nat20_integration_test.c @@ -1118,6 +1118,18 @@ static void test_level3(void) { TEST_PASS(); } +static void test_promote_1_to_2(void) { + TEST_BEGIN("Promote from level 1 to level 2"); + ASSERT(do_promote(compressed_input, sizeof(compressed_input)), "Promote failed"); + TEST_PASS(); +} + +static void test_promote_2_to_3(void) { + TEST_BEGIN("Promote from level 2 to level 3"); + ASSERT(do_promote(compressed_input, sizeof(compressed_input)), "Promote failed"); + TEST_PASS(); +} + int main(void) { printf("nat20 integration test suite\n"); printf("============================\n\n"); @@ -1133,9 +1145,9 @@ int main(void) { /* Full parameterized chain test (promote is irreversible — runs once) */ test_level1(); - do_promote(compressed_input, sizeof(compressed_input)); + test_promote_1_to_2(); test_level2(); - do_promote(compressed_input, sizeof(compressed_input)); + test_promote_2_to_3(); test_level3(); printf("\n============================\n"); diff --git a/examples/linux/nat20test/test/test_helpers.h b/examples/linux/nat20test/test/test_helpers.h index 8ebd79b6..f36f60c0 100644 --- a/examples/linux/nat20test/test/test_helpers.h +++ b/examples/linux/nat20test/test/test_helpers.h @@ -66,7 +66,7 @@ n20_error_t test_compress_cdi_input(uint8_t const* code_hash, * * @param cert_der DER-encoded certificate * @param cert_der_size Size of the certificate - * @param issuer_pubkey Raw public key (x||y for EC, compressed for Ed25519) + * @param issuer_pubkey Raw public key (0x04||x||y for EC, compressed for Ed25519) * @param issuer_pubkey_size Size of the public key * @param key_type Key type of the issuer * @return true if signature is valid From 2eac3fb6d6cafbe87785a34b84baa5bf65ed2147 Mon Sep 17 00:00:00 2001 From: Janis Danisevskis Date: Fri, 15 May 2026 08:43:38 -0700 Subject: [PATCH 45/49] fix comma swallowing portability issue --- .../nat20test/test/nat20_integration_test.c | 42 +++++++++++++------ 1 file changed, 29 insertions(+), 13 deletions(-) diff --git a/examples/linux/nat20test/test/nat20_integration_test.c b/examples/linux/nat20test/test/nat20_integration_test.c index 55228b8a..561d09da 100644 --- a/examples/linux/nat20test/test/nat20_integration_test.c +++ b/examples/linux/nat20test/test/nat20_integration_test.c @@ -60,6 +60,8 @@ static int tests_run = 0; static int tests_passed = 0; static int tests_failed = 0; +/* Start a test case. Call once at the beginning of each test function. + * Usage: TEST_BEGIN("descriptive test name"); */ #define TEST_BEGIN(name) \ do { \ tests_run++; \ @@ -67,6 +69,8 @@ static int tests_failed = 0; fflush(stdout); \ } while (0) +/* Mark the current test as passed. Call once at the end of a successful test. + * Usage: TEST_PASS(); */ #define TEST_PASS() \ do { \ tests_passed++; \ @@ -74,23 +78,35 @@ static int tests_failed = 0; fflush(stdout); \ } while (0) -#define TEST_FAIL(fmt, ...) \ - do { \ - tests_failed++; \ - printf("FAIL\n"); \ - fprintf(stderr, " " fmt "\n", ##__VA_ARGS__); \ - fflush(stderr); \ +/* Mark the current test as failed and print a diagnostic message. + * The first variadic argument is a printf format string; subsequent + * arguments are format parameters. + * Usage: TEST_FAIL("expected %d, got %d", expected, actual); */ +#define TEST_FAIL(...) \ + do { \ + tests_failed++; \ + printf("FAIL\n"); \ + fprintf(stderr, " " __VA_ARGS__); \ + fprintf(stderr, "\n"); \ + fflush(stderr); \ } while (0) -#define ASSERT(cond, fmt, ...) \ - do { \ - if (!(cond)) { \ - TEST_FAIL(fmt, ##__VA_ARGS__); \ - return; \ - } \ +/* Assert a condition. On failure, prints a diagnostic and returns from + * the enclosing function (marking the test as failed). + * The first argument is the condition; the remaining variadic arguments + * form a printf-style diagnostic message. + * Usage: ASSERT(ptr != NULL, "allocation failed for size %zu", size); */ +#define ASSERT(cond, ...) \ + do { \ + if (!(cond)) { \ + TEST_FAIL(__VA_ARGS__); \ + return; \ + } \ } while (0) -#define ASSERT_EQ(a, b, fmt, ...) ASSERT((a) == (b), fmt, ##__VA_ARGS__) +/* Assert equality. Convenience wrapper around ASSERT for comparing two values. + * Usage: ASSERT_EQ(err, n20_error_ok_e, "unexpected error: 0x%x", err); */ +#define ASSERT_EQ(a, b, ...) ASSERT((a) == (b), __VA_ARGS__) static ssize_t dispatch_request(uint8_t const* request, size_t request_size, From b159fbb8b28aab50d8bfec4de9e1dd16296428d3 Mon Sep 17 00:00:00 2001 From: Janis Danisevskis Date: Fri, 15 May 2026 08:50:38 -0700 Subject: [PATCH 46/49] Revert "Add nat20cli command line tool for nat20device." This reverts commit 0612f25187bcb34eb608f2e3e90e1057e5c05fa4. --- .github/license-check/license-config.json | 1 - .github/workflows/linux-kmod-build.yml | 16 - examples/linux/br_external/Config.in | 1 - .../br_external/configs/qemu_br_defconfig | 1 - .../br_external/package/nat20cli/Config.in | 40 - .../br_external/package/nat20cli/nat20cli.mk | 51 - examples/linux/br_external/utils/envsetup.sh | 4 +- examples/linux/nat20cli/CMakeLists.txt | 82 -- examples/linux/nat20cli/nat20clitest.sh | 82 -- examples/linux/nat20cli/openssl_dice.cnf | 61 - examples/linux/nat20cli/src/main.c | 1055 ----------------- 11 files changed, 1 insertion(+), 1393 deletions(-) delete mode 100644 examples/linux/br_external/package/nat20cli/Config.in delete mode 100644 examples/linux/br_external/package/nat20cli/nat20cli.mk delete mode 100644 examples/linux/nat20cli/CMakeLists.txt delete mode 100755 examples/linux/nat20cli/nat20clitest.sh delete mode 100644 examples/linux/nat20cli/openssl_dice.cnf delete mode 100644 examples/linux/nat20cli/src/main.c diff --git a/.github/license-check/license-config.json b/.github/license-check/license-config.json index fbb042e5..f05119d9 100644 --- a/.github/license-check/license-config.json +++ b/.github/license-check/license-config.json @@ -10,7 +10,6 @@ "**/Kbuild", "examples/linux/br_external/external.desc", "examples/linux/**/Makefile", - "examples/linux/nat20cli/openssl_dice.cnf", ".clang-format", ".gitignore" ], diff --git a/.github/workflows/linux-kmod-build.yml b/.github/workflows/linux-kmod-build.yml index 82f52e95..fd2dc104 100644 --- a/.github/workflows/linux-kmod-build.yml +++ b/.github/workflows/linux-kmod-build.yml @@ -154,21 +154,6 @@ jobs: echo "libnat20.a built successfully:" find ${{ runner.temp }}/buildroot.build -name 'libnat20.a' -exec ls -la {} \; - - name: Build nat20cli userspace cli tool - env: - LIBNAT20_OVERRIDE_SRCDIR: ${{ github.workspace }} - NAT20CLI_OVERRIDE_SRCDIR: ${{ github.workspace }} - run: | - cd ${{ runner.temp }}/buildroot.build/buildroot - make nat20cli-dirclean - make nat20cli -j $(( $(nproc) + 1 )) - - - name: Verify nat20cli was produced - run: | - find ${{ runner.temp }}/buildroot.build -name 'nat20cli' | grep -q nat20cli - echo "nat20cli built successfully:" - find ${{ runner.temp }}/buildroot.build -name 'nat20cli' -exec ls -la {} \; - - name: Build rootfs image env: NAT20LIB_OVERRIDE_SRCDIR: ${{ github.workspace }} @@ -176,7 +161,6 @@ jobs: NAT20CRYPTO_OVERRIDE_SRCDIR: ${{ github.workspace }} NAT20SW_OVERRIDE_SRCDIR: ${{ github.workspace }} LIBNAT20_OVERRIDE_SRCDIR: ${{ github.workspace }} - NAT20CLI_OVERRIDE_SRCDIR: ${{ github.workspace }} NAT20TEST_OVERRIDE_SRCDIR: ${{ github.workspace }} run: make -C ${{ runner.temp }}/buildroot.build/buildroot -j $(( $(nproc) + 1 )) diff --git a/examples/linux/br_external/Config.in b/examples/linux/br_external/Config.in index 2e41cc0e..2ba3073c 100644 --- a/examples/linux/br_external/Config.in +++ b/examples/linux/br_external/Config.in @@ -33,7 +33,6 @@ # along with this program; if not, see # . -source "$BR2_EXTERNAL_NAT20_PATH/package/nat20cli/Config.in" source "$BR2_EXTERNAL_NAT20_PATH/package/nat20crypto/Config.in" source "$BR2_EXTERNAL_NAT20_PATH/package/nat20device/Config.in" source "$BR2_EXTERNAL_NAT20_PATH/package/nat20sw/Config.in" diff --git a/examples/linux/br_external/configs/qemu_br_defconfig b/examples/linux/br_external/configs/qemu_br_defconfig index 1e70e7d5..b62ae8dd 100644 --- a/examples/linux/br_external/configs/qemu_br_defconfig +++ b/examples/linux/br_external/configs/qemu_br_defconfig @@ -3976,7 +3976,6 @@ BR2_TARGET_UBOOT_CUSTOM_PATCH_DIR="" # # Provides NAT20 related packages. # -BR2_PACKAGE_NAT20CLI=y BR2_PACKAGE_NAT20CRYPTO=y BR2_PACKAGE_NAT20DEVICE=y BR2_PACKAGE_NAT20SW=y diff --git a/examples/linux/br_external/package/nat20cli/Config.in b/examples/linux/br_external/package/nat20cli/Config.in deleted file mode 100644 index 0eb7b0cc..00000000 --- a/examples/linux/br_external/package/nat20cli/Config.in +++ /dev/null @@ -1,40 +0,0 @@ -# Copyright 2026 Aurora Operations, Inc. -# -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0 -# -# This work is dual licensed. -# You may use it under Apache-2.0 or GPL-2.0 at your option. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# OR -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License -# as published by the Free Software Foundation; either version 2 -# of the License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, see -# . - -config BR2_PACKAGE_NAT20CLI - bool "nat20cli" - depends on BR2_PACKAGE_LIBNAT20 - help - Enable building the nat20cli tool. diff --git a/examples/linux/br_external/package/nat20cli/nat20cli.mk b/examples/linux/br_external/package/nat20cli/nat20cli.mk deleted file mode 100644 index 3527db4a..00000000 --- a/examples/linux/br_external/package/nat20cli/nat20cli.mk +++ /dev/null @@ -1,51 +0,0 @@ -# Copyright 2026 Aurora Operations, Inc. -# -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0 -# -# This work is dual licensed. -# You may use it under Apache-2.0 or GPL-2.0 at your option. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# OR -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License -# as published by the Free Software Foundation; either version 2 -# of the License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, see -# . - -# In CI NAT20CLI_OVERRIDE_SRCDIR is set to the root of the repository, -# so that the source under test is always the current branch. -# Integrators who use this configuration should pin the version -# to a specific commit or branch to avoid breakages when the main branch changes. -NAT20CLI_VERSION = origin/main -NAT20CLI_SITE = https://github.com/aurora-opensource/libnat20.git -NAT20CLI_SITE_METHOD = git -NAT20CLI_LICENSE = Apache-2.0 OR GPL-2.0 -NAT20CLI_LICENSE_FILES = LICENSE-Apache-2.0.txt LICENSE-GPL-2.0.txt - -NAT20CLI_SUBDIR = examples/linux/nat20cli - -NAT20CLI_INSTALL_TARGET = YES -NAT20CLI_DEPENDENCIES += libnat20 - -$(eval $(cmake-package)) diff --git a/examples/linux/br_external/utils/envsetup.sh b/examples/linux/br_external/utils/envsetup.sh index e72fabec..62d1a15a 100644 --- a/examples/linux/br_external/utils/envsetup.sh +++ b/examples/linux/br_external/utils/envsetup.sh @@ -46,7 +46,6 @@ fi source .env -export NAT20CLI_OVERRIDE_SRCDIR="$LIBNAT20_ROOT" export NAT20CRYPTO_OVERRIDE_SRCDIR="$LIBNAT20_ROOT" export NAT20SW_OVERRIDE_SRCDIR="$LIBNAT20_ROOT" export NAT20DEVICE_OVERRIDE_SRCDIR="$LIBNAT20_ROOT" @@ -74,7 +73,6 @@ function brrebuild() { echo "Available targets:" echo " all - Rebuild all components" echo " linux - Rebuild the linux kernel" - echo " nat20cli - Rebuild the Dice CLI" echo " nat20crypto - Rebuild the nat20crypto module" echo " libnat20 - Rebuild the libnat20 library" echo " nat20device - Rebuild the nat20device module" @@ -87,7 +85,7 @@ function brrebuild() { case "$1" in all) - ensure_popd make linux-rebuild nat20lib-rebuild nat20crypto-rebuild nat20device-rebuild nat20sw-rebuild libnat20-rebuild nat20cli-rebuild nat20test-rebuild all + ensure_popd make linux-rebuild nat20lib-rebuild nat20crypto-rebuild nat20device-rebuild nat20sw-rebuild libnat20-rebuild nat20test-rebuild all ;; *) ensure_popd make $1-rebuild all diff --git a/examples/linux/nat20cli/CMakeLists.txt b/examples/linux/nat20cli/CMakeLists.txt deleted file mode 100644 index e87bd3dd..00000000 --- a/examples/linux/nat20cli/CMakeLists.txt +++ /dev/null @@ -1,82 +0,0 @@ -# Copyright 2026 Aurora Operations, Inc. -# -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0 -# -# This work is dual licensed. -# You may use it under Apache-2.0 or GPL-2.0 at your option. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# OR -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License -# as published by the Free Software Foundation; either version 2 -# of the License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, see -# . - -cmake_minimum_required(VERSION 3.22) - -project(NAT20CLI VERSION 0.0.1 LANGUAGES C) - -# The C standard shall be C11. -set(CMAKE_C_STANDARD 11) - -# CMake shall generate a compile_commands.json file for -# the benfit of clangd based IDE support. -set(CMAKE_EXPORT_COMPILE_COMMANDS ON) - -################################################################################################### -# The following section defines all the groups of source files. -# All files must be specified explicitly; no globbing or other generation is allowed. - -set(NAT20CLI_SOURCES - # Add the core library source files here. - src/main.c -) - -################################################################################################### - -################################################################################################### -# The nat20_service library is also part of the product of this project. -# It will always be compiled. -add_executable(nat20cli) - -find_package(LibNat20 REQUIRED) - -target_sources(nat20cli - PRIVATE ${NAT20CLI_SOURCES} -) - -target_link_libraries(nat20cli PRIVATE LibNat20::nat20 LibNat20::nat20_service LibNat20::nat20_crypto_nat20) - -target_compile_options(nat20cli - PRIVATE -pedantic - PRIVATE -Wall - PRIVATE -Wextra - PRIVATE -Werror -) - -install(TARGETS nat20cli RUNTIME DESTINATION bin) -install(PROGRAMS nat20clitest.sh DESTINATION bin) -install(FILES openssl_dice.cnf DESTINATION bin) - -################################################################################################### diff --git a/examples/linux/nat20cli/nat20clitest.sh b/examples/linux/nat20cli/nat20clitest.sh deleted file mode 100755 index a0c4cc55..00000000 --- a/examples/linux/nat20cli/nat20clitest.sh +++ /dev/null @@ -1,82 +0,0 @@ -#!/bin/sh - -# Copyright 2026 Aurora Operations, Inc. -# -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0 -# -# This work is dual licensed. -# You may use it under Apache-2.0 or GPL-2.0 at your option. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# OR -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License -# as published by the Free Software Foundation; either version 2 -# of the License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, see -# . - -set -e - -SCRIPT_DIR="$(dirname "$0")" -export OPENSSL_CONF="${SCRIPT_DIR}/openssl_dice.cnf" - -modprobe nat20sw -mount -t securityfs none /sys/kernel/security - -nat20cli cdi-cert --key-type p256 --parent-key-type p256 --output cdi_0.der --certificate-format x509 --code-desc 795375622d322e332e343a33386334353963666164666132623839353333363939353465313266373534386433613161633937336338383830303563336236646232333436636263386631 --code 228d8f76c811276e991012cf5f46090377fc72c95a6ef9e1ccd4eebec8997be5b57f0fb2c7f4804af212711e7b49533f8bc00ddee9480f76155b3da1101604b9 --conf-desc 45787472616f7264696e617279206e6f726d616c20636f6e66696775726174696f6e --conf 671e957aff5565a55961dcaef7634f1a665d8f286e7bd99593532741417f22981b57bdc39241c9685f7377e3622067c261c3ce974e6db5f18d121adad2d76185 --auth-desc 41206365727469666963617465 --auth 50808e4ab921ecf31ca5f662b6d8b85b98ec4d3f64175c8b5d70c1f0e2fef048f87b3178907e1f2d652bd8588fa84f4c374347cc34b97dae13a5b981790b38cb --mode normal --hidden 2f299d2cc916e5219a6bcbc14c7135fa25e9a71018c2bafe8c0658d4041de6c87aa444aedcc68e7d7674b81b5838be1b74bf19d4d6fb05fb0db9ee7e297afc09 -nat20cli cdi-cert --key-type p256 --parent-key-type p256 --output cdi_0.cose --certificate-format cose --code-desc 795375622d322e332e343a33386334353963666164666132623839353333363939353465313266373534386433613161633937336338383830303563336236646232333436636263386631 --code 228d8f76c811276e991012cf5f46090377fc72c95a6ef9e1ccd4eebec8997be5b57f0fb2c7f4804af212711e7b49533f8bc00ddee9480f76155b3da1101604b9 --conf-desc 45787472616f7264696e617279206e6f726d616c20636f6e66696775726174696f6e --conf 671e957aff5565a55961dcaef7634f1a665d8f286e7bd99593532741417f22981b57bdc39241c9685f7377e3622067c261c3ce974e6db5f18d121adad2d76185 --auth-desc 41206365727469666963617465 --auth 50808e4ab921ecf31ca5f662b6d8b85b98ec4d3f64175c8b5d70c1f0e2fef048f87b3178907e1f2d652bd8588fa84f4c374347cc34b97dae13a5b981790b38cb --mode normal --hidden 2f299d2cc916e5219a6bcbc14c7135fa25e9a71018c2bafe8c0658d4041de6c87aa444aedcc68e7d7674b81b5838be1b74bf19d4d6fb05fb0db9ee7e297afc09 -nat20cli promote -i 790fd72ee1352017d822773bc8f5c1ac6e4bf310dfac72fbff622368c01372bc78324f0c06cbc37964e32b18588560a386357e4517ffe93052c67fe6213c38bc -nat20cli cdi-cert --key-type p256 --parent-key-type p256 --output cdi_1.der --certificate-format x509 --code-desc 795375622d322e332e343a33386334353963666164666132623839353333363939353465313266373534386433613161633937336338383830303563336236646232333436636263386631 --code 228d8f76c811276e991012cf5f46090377fc72c95a6ef9e1ccd4eebec8997be5b57f0fb2c7f4804af212711e7b49533f8bc00ddee9480f76155b3da1101604b9 --conf-desc 45787472616f7264696e617279206e6f726d616c20636f6e66696775726174696f6e --conf 671e957aff5565a55961dcaef7634f1a665d8f286e7bd99593532741417f22981b57bdc39241c9685f7377e3622067c261c3ce974e6db5f18d121adad2d76185 --auth-desc 41206365727469666963617465 --auth 50808e4ab921ecf31ca5f662b6d8b85b98ec4d3f64175c8b5d70c1f0e2fef048f87b3178907e1f2d652bd8588fa84f4c374347cc34b97dae13a5b981790b38cb --mode normal --hidden 2f299d2cc916e5219a6bcbc14c7135fa25e9a71018c2bafe8c0658d4041de6c87aa444aedcc68e7d7674b81b5838be1b74bf19d4d6fb05fb0db9ee7e297afc09 -nat20cli cdi-cert --key-type p256 --parent-key-type p256 --output cdi_1.cose --certificate-format cose --code-desc 795375622d322e332e343a33386334353963666164666132623839353333363939353465313266373534386433613161633937336338383830303563336236646232333436636263386631 --code 228d8f76c811276e991012cf5f46090377fc72c95a6ef9e1ccd4eebec8997be5b57f0fb2c7f4804af212711e7b49533f8bc00ddee9480f76155b3da1101604b9 --conf-desc 45787472616f7264696e617279206e6f726d616c20636f6e66696775726174696f6e --conf 671e957aff5565a55961dcaef7634f1a665d8f286e7bd99593532741417f22981b57bdc39241c9685f7377e3622067c261c3ce974e6db5f18d121adad2d76185 --auth-desc 41206365727469666963617465 --auth 50808e4ab921ecf31ca5f662b6d8b85b98ec4d3f64175c8b5d70c1f0e2fef048f87b3178907e1f2d652bd8588fa84f4c374347cc34b97dae13a5b981790b38cb --mode normal --hidden 2f299d2cc916e5219a6bcbc14c7135fa25e9a71018c2bafe8c0658d4041de6c87aa444aedcc68e7d7674b81b5838be1b74bf19d4d6fb05fb0db9ee7e297afc09 - -openssl x509 -inform der -outform pem -in cdi_0.der -out cdi_0.pem -openssl x509 -inform der -outform pem -in cdi_1.der -out cdi_1.pem - -# The dice chain is formatted as variable length CBOR array -# with each element being a tagged certificate. -# Here, it is assumed the the chain contains only the semi hardcoded UDS certificate -# from the nat20sw example, which is the only certificate in the chain. -# arr (#6.80150 (bytes(DER encoded cert))) -# tail -c+10 strips off the first 9 bytes: -# The variable lenght array header (1 byte 0x9f) -# The certificate tag (5 bytes) -# The bytes header (3 bytes) -# The head -c-1 strips off the last byte, which is the CBOR "break" byte (0xff) for the variable length array. -# The resulting uds_cert.der file is the DER encoded UDS certificate, which can be parsed with standard tools. -tail -c+10 /sys/kernel/security/nat200/dice_chain | head -c-1 > uds_cert.der - -openssl x509 -inform der -in uds_cert.der -outform pem -out uds_cert_p256.pem - -cat uds_cert_p256.pem cdi_0.pem > chain.pem - -openssl x509 -inform pem -in uds_cert_p256.pem -noout -text -openssl x509 -inform pem -in cdi_0.pem -noout -text -openssl x509 -inform pem -in cdi_1.pem -noout -text - -# Verify the certificate chain. The UDS certificate is self-signed, so it is the trust anchor for the chain. -# The -ignore_critical flag is needed to ignore the critical extension in the UDS certificate, -# which is not understood by OpenSSL but is required by the DICE specification. This check -# only verifies the signatures and the certificate format, not the critical extension semantics. -openssl verify -ignore_critical -CAfile chain.pem cdi_1.pem - -echo "OpenSSL chain verification passed." diff --git a/examples/linux/nat20cli/openssl_dice.cnf b/examples/linux/nat20cli/openssl_dice.cnf deleted file mode 100644 index 5e27382e..00000000 --- a/examples/linux/nat20cli/openssl_dice.cnf +++ /dev/null @@ -1,61 +0,0 @@ -# Copyright 2026 Aurora Operations, Inc. -# -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0 -# -# This work is dual licensed. -# You may use it under Apache-2.0 or GPL-2.0 at your option. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# OR -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License -# as published by the Free Software Foundation; either version 2 -# of the License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, see -# . - -# OpenSSL configuration for DICE certificate extensions. -# -# DICE certificates contain critical X.509v3 extensions with OIDs that -# vanilla OpenSSL does not recognize. This config registers their names -# for human-readable display in `openssl x509 -text` output. -# -# Because OpenSSL has no config-level mechanism to register handlers for -# custom critical extensions, `openssl verify` must also be invoked with -# -ignore_critical when verifying DICE certificate chains. -# -# Usage: -# export OPENSSL_CONF=/path/to/openssl_dice.cnf -# openssl x509 -in cert.pem -noout -text -# openssl verify -ignore_critical -CAfile chain.pem leaf.pem - -openssl_conf = openssl_init - -[openssl_init] -oid_section = dice_oids - -[dice_oids] -openDiceInput = Open DICE Input, 1.3.6.1.4.1.11129.2.1.24 -tcgDiceTcbInfo = TCG DICE TCB Info, 2.23.133.5.4.1 -tcgDiceMultiTcbInfo = TCG DICE Multi-TCB Info, 2.23.133.5.4.5 -tcgDiceUeid = TCG DICE UEID, 2.23.133.5.4.4 -tcgDiceTcbFreshness = TCG DICE TCB Freshness, 2.23.133.5.4.11 diff --git a/examples/linux/nat20cli/src/main.c b/examples/linux/nat20cli/src/main.c deleted file mode 100644 index 9349440e..00000000 --- a/examples/linux/nat20cli/src/main.c +++ /dev/null @@ -1,1055 +0,0 @@ -/* - * Copyright 2026 Aurora Operations, Inc. - * - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0 - * - * This work is dual licensed. - * You may use it under Apache-2.0 or GPL-2.0 at your option. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * OR - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License - * as published by the Free Software Foundation; either version 2 - * of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, see - * . - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -// CLI tool specific error codes -typedef enum { - cli_error_ok = 0, - cli_error_invalid_argument, - cli_error_io, - cli_error_memory, - cli_error_libnat20, - cli_error_server, -} cli_error_t; - -char const *usage_format_str = - "Usage: %s \n" - "Commands:\n" - " promote Instruct the service to promote the caller to the next " - "level.\n" - " cdi-cert Instruct the service to issue a CDI certificate.\n" - " eca-cert Instruct the service to issue an ECA certificate.\n" - " eca-ee-cert Instruct the service to issue an ECA End-Entity " - "certificate.\n" - " eca-ee-sign Instruct the service to sign a message with an ECA EE " - "key.\n" - "Options promote:\n" - " --compressed-input -i :\n" - " A hex string. " - "H(||||)\n" - "\n" - "Options common (all commands except promote):\n" - " --key-type -k \n" - " --parent-path-element -n \n" - " A parent path element. May be given multiple times. Each " - "element\n" - " is a compressed input. The inputs are used to derive the " - "effective\n" - " parent CDI and thus the key material for the operation.\n" - " --output -o \n" - " The output file to write the resulting certificate or " - "signature to.\n" - "\n" - "Options (*-cert commands):\n" - " --parent-key-type -p \n" - " The key type of the parent key. This is used to identify " - "the\n" - " issuer key algorithm.\n" - " --certificate-format -f \n" - " The format of the certificate to be issued.\n" - "\n" - "Options (cdi-cert):" - " --code -c \n" - " The code hash as hex string.\n" - " --code-desc -C \n" - " The code description as hex string.\n" - " --conf -g \n" - " The configuration hash as hex string.\n" - " --conf-desc -G \n" - " The configuration description as hex string.\n" - " --auth -a \n" - " The authorization hash as hex string.\n" - " --auth-desc -A \n" - " The authorization description as hex string.\n" - " --mode -m \n" - " The mode.\n" - " --hidden -H \n" - " The hidden context as hex string. Hidden is part of the " - "CDI derivation " - "context.\n" - " But does not appear in the CDI certificate.\n" - " --profile-name -P \n" - " The profile name. The DICE profile name is used to " - "identify the\n" - " specific DICE profile being used.\n" - "\n" - "Options (eca-ee-cert and eca-ee-sign)\n" - " --name -N \n" - " The application specific name of the end-entity key. It " - "is not\n" - " included in the issued end-entity certificate, but it is " - "part of\n" - " the key derivation context. Thus keys with different " - "names are\n" - " never identical.\n" - " --key-usage -u \n" - " The key usage.\n" - "\n" - "Options (eca-cert and eca-ee-cert)\n" - " --challenge -l \n" - " The challenge. Will be included in the certificate. " - "Using the\n" - " TCG DICE Freshness extension.\n" - "\n" - "Options (eca-ee-sign)\n" - " --message -M \n" - " The message.\n"; - -void print_usage(char const *prog) { fprintf(stderr, usage_format_str, prog); } - -int parse_key_type(char const *str) { - if (strcmp(str, "ed25519") == 0) return n20_crypto_key_type_ed25519_e; - if (strcmp(str, "p256") == 0) return n20_crypto_key_type_secp256r1_e; - if (strcmp(str, "p384") == 0) return n20_crypto_key_type_secp384r1_e; - return n20_crypto_key_type_none_e; -} - -int parse_request_type(char const *str) { - if (strcmp(str, "promote") == 0) return n20_msg_request_type_promote_e; - if (strcmp(str, "cdi-cert") == 0) return n20_msg_request_type_issue_cdi_cert_e; - if (strcmp(str, "eca-cert") == 0) return n20_msg_request_type_issue_eca_cert_e; - if (strcmp(str, "eca-ee-cert") == 0) return n20_msg_request_type_issue_eca_ee_cert_e; - if (strcmp(str, "eca-ee-sign") == 0) return n20_msg_request_type_eca_ee_sign_e; - return n20_msg_request_type_none_e; -} - -int parse_mode(char const *str) { - if (strcmp(str, "not-configured") == 0) return n20_open_dice_mode_not_configured_e; - if (strcmp(str, "normal") == 0) return n20_open_dice_mode_normal_e; - if (strcmp(str, "debug") == 0) return n20_open_dice_mode_debug_e; - if (strcmp(str, "recovery") == 0) return n20_open_dice_mode_recovery_e; - return n20_open_dice_mode_not_configured_e; -} - -int parse_output_format(char const *str) { - if (strcmp(str, "x509") == 0) return n20_certificate_format_x509_e; -#ifdef N20_WITH_COSE - if (strcmp(str, "cose") == 0) return n20_certificate_format_cose_e; -#endif - return n20_certificate_format_none_e; -} - -void parse_key_usage(char const *str, uint8_t key_usage[2]) { - if (strcmp(str, "sign") == 0) { - N20_OPEN_DICE_KEY_USAGE_SET_DIGITAL_SIGNATURE(key_usage); - } else if (strcmp(str, "cert-sign") == 0) { - N20_OPEN_DICE_KEY_USAGE_SET_KEY_CERT_SIGN(key_usage); - } -} - -// Intermediate structure to hold parsed command-line options -typedef struct { - // Common fields - int request_type; - char const *output_file; - - // Key-related fields - int subject_key_type; // -k - int issuer_key_type; // -p - - // Parent path (used by most commands except promote) - struct { - char const **elements; // Array of hex strings - size_t count; - size_t capacity; - } parent_path; - - // Certificate-related - int certificate_format; // -f - char const *challenge; // -l - - // CDI-specific fields - struct { - char const *code_hash; // -c - char const *code_desc; // -C - char const *conf_hash; // -g - char const *conf_desc; // -G - char const *auth_hash; // -a - char const *auth_desc; // -A - char const *hidden; // -H - int mode; // -m - char const *profile_name; // -P - } cdi_fields; - - // ECA EE-specific fields - struct { - char const *name; // -N - char const *key_usage_str; // -u - } ee_fields; - - // Command-specific fields - char const *compressed_input; // -i (promote) - char const *message; // -M (eca-ee-sign) -} parsed_options_t; - -// Convert a hex nibble character to its 4-bit value -static int8_t nibble2bits(uint8_t nibble) { - nibble -= 0x30; // Convert ASCII to numeric value - if (nibble <= 9) return nibble; - nibble &= 0xDF; // Convert to uppercase - nibble -= 7; // Adjust for A-F - if (nibble < 0x10) return nibble; - return -1; -} - -static int hex_string_to_bytes_in_place(char *hex) { - size_t len = strlen(hex); - uint8_t *out_pos = (uint8_t *)hex; - size_t pos = 0; - if ((len & 1) != 0) { - // Odd length, assume leading zero - *out_pos++ = nibble2bits(hex[0]); - pos++; - } - - while (pos < len) { - int8_t high = nibble2bits(hex[pos++]); - int8_t low = nibble2bits(hex[pos++]); - if (high < 0 || low < 0) { - return -1; // Invalid hex character - } - *out_pos++ = (high << 4) | low; - } - - return out_pos - (uint8_t *)hex; // Return number of bytes written -} - -// Helper function to parse hex string into a slice -static cli_error_t parse_hex_to_slice(n20_slice_t *slice, - char const *hex_str, - char const *field_name) { - if (hex_str == NULL) { - slice->buffer = NULL; - slice->size = 0; - return cli_error_ok; - } - - slice->buffer = (uint8_t *)hex_str; - int bytes_written = hex_string_to_bytes_in_place((char *)slice->buffer); - if (bytes_written < 0) { - fprintf(stderr, "Invalid hex string for %s\n", field_name); - return cli_error_invalid_argument; - } - slice->size = bytes_written; - return cli_error_ok; -} - -// Helper function to add parent path element to options -static bool add_parent_path_element(parsed_options_t *opts, char const *element) { - if (opts->parent_path.count >= opts->parent_path.capacity) { - size_t new_capacity = opts->parent_path.capacity == 0 ? 4 : opts->parent_path.capacity * 2; - char const **new_elements = - reallocarray((void *)opts->parent_path.elements, new_capacity, sizeof(char const *)); - if (new_elements == NULL) { - return false; - } - opts->parent_path.elements = new_elements; - opts->parent_path.capacity = new_capacity; - } - opts->parent_path.elements[opts->parent_path.count++] = element; - return true; -} - -// Helper function to clean up parsed options -static void cleanup_parsed_options(parsed_options_t *opts) { - if (opts->parent_path.elements != NULL) { - free((void *)opts->parent_path.elements); - opts->parent_path.elements = NULL; - } -} - -static bool add_parent_path_decoded(n20_parent_path_t *path, char const *hex_str) { - if (path->is_encoded) { - fprintf(stderr, "Cannot add parent path element to already encoded path\n"); - return false; - } - n20_slice_t *new_slices = - reallocarray((void *)path->decoded, path->length + 1, sizeof(n20_slice_t)); - if (new_slices == NULL) { - free((void *)path->decoded); - path->decoded = NULL; - return false; - } - path->decoded = new_slices; - new_slices[path->length].buffer = (uint8_t *)hex_str; - new_slices[path->length].size = strlen(hex_str) / 2; // Assuming hex string represents bytes - path->length++; - return true; -} - -static void clean_up_request(n20_msg_request_t *request) { - n20_parent_path_t *path = NULL; - switch (request->request_type) { - case n20_msg_request_type_issue_cdi_cert_e: - path = &request->payload.issue_cdi_cert.parent_path; - break; - case n20_msg_request_type_issue_eca_cert_e: - path = &request->payload.issue_eca_cert.parent_path; - break; - case n20_msg_request_type_issue_eca_ee_cert_e: - path = &request->payload.issue_eca_ee_cert.parent_path; - break; - case n20_msg_request_type_eca_ee_sign_e: - path = &request->payload.eca_ee_sign.parent_path; - break; - default: - return; // No parent path to clean up - } - if (!path->is_encoded && path->decoded != NULL) { - free((void *)path->decoded); - path->decoded = NULL; - } -} -// Unified option parsing function -static int parse_command_options(int argc, char *argv[], parsed_options_t *opts) { - // Define all possible long options - static struct option long_options[] = {// Common options - {"key-type", required_argument, 0, 'k'}, - {"parent-path-element", required_argument, 0, 'n'}, - {"output", required_argument, 0, 'o'}, - {"parent-key-type", required_argument, 0, 'p'}, - {"certificate-format", required_argument, 0, 'f'}, - {"challenge", required_argument, 0, 'l'}, - {"help", no_argument, 0, '?'}, - - // Promote options - {"compressed-input", required_argument, 0, 'i'}, - - // CDI cert options - {"code", required_argument, 0, 'c'}, - {"code-desc", required_argument, 0, 'C'}, - {"conf", required_argument, 0, 'g'}, - {"conf-desc", required_argument, 0, 'G'}, - {"auth", required_argument, 0, 'a'}, - {"auth-desc", required_argument, 0, 'A'}, - {"mode", required_argument, 0, 'm'}, - {"hidden", required_argument, 0, 'H'}, - {"profile-name", required_argument, 0, 'P'}, - - // ECA EE options - {"name", required_argument, 0, 'N'}, - {"key-usage", required_argument, 0, 'u'}, - - // ECA EE sign options - {"message", required_argument, 0, 'M'}, - - {0, 0, 0, 0}}; - - int opt; - while ((opt = getopt_long( - argc, argv, "i:k:n:o:p:f:c:C:g:G:a:A:m:H:P:l:N:u:M:?", long_options, NULL)) != -1) { - switch (opt) { - // Common options - case 'k': - opts->subject_key_type = parse_key_type(optarg); - break; - case 'p': - opts->issuer_key_type = parse_key_type(optarg); - break; - case 'n': - if (!add_parent_path_element(opts, optarg)) { - fprintf(stderr, "Failed to add parent path element\n"); - return -1; - } - break; - case 'o': - opts->output_file = optarg; - break; - case 'f': - opts->certificate_format = parse_output_format(optarg); - break; - case 'l': - opts->challenge = optarg; - break; - - // Promote options - case 'i': - opts->compressed_input = optarg; - break; - - // CDI cert options - case 'c': - opts->cdi_fields.code_hash = optarg; - break; - case 'C': - opts->cdi_fields.code_desc = optarg; - break; - case 'g': - opts->cdi_fields.conf_hash = optarg; - break; - case 'G': - opts->cdi_fields.conf_desc = optarg; - break; - case 'a': - opts->cdi_fields.auth_hash = optarg; - break; - case 'A': - opts->cdi_fields.auth_desc = optarg; - break; - case 'm': - opts->cdi_fields.mode = parse_mode(optarg); - break; - case 'H': - opts->cdi_fields.hidden = optarg; - break; - case 'P': - opts->cdi_fields.profile_name = optarg; - break; - - // ECA EE options - case 'N': - opts->ee_fields.name = optarg; - break; - case 'u': - opts->ee_fields.key_usage_str = optarg; - break; - - // ECA EE sign options - case 'M': - opts->message = optarg; - break; - - case '?': - // Help requested - return -1; - default: - // Unknown option - return -1; - } - } - - return 0; -} - -// Initialize promote request from parsed options -static cli_error_t init_promote_request(n20_msg_request_t *request, parsed_options_t const *opts) { - if (opts->compressed_input == NULL) { - fprintf(stderr, "Promote requires --compressed-input\n"); - return cli_error_invalid_argument; - } - - request->request_type = n20_msg_request_type_promote_e; - return parse_hex_to_slice( - &request->payload.promote.compressed_context, opts->compressed_input, "compressed input"); -} - -// Initialize CDI cert request from parsed options -static cli_error_t init_cdi_cert_request(n20_msg_request_t *request, parsed_options_t const *opts) { - cli_error_t err; - - request->request_type = n20_msg_request_type_issue_cdi_cert_e; - request->payload.issue_cdi_cert.subject_key_type = opts->subject_key_type; - request->payload.issue_cdi_cert.issuer_key_type = opts->issuer_key_type; - request->payload.issue_cdi_cert.certificate_format = opts->certificate_format; - - // Validate required fields - if (opts->subject_key_type == n20_crypto_key_type_none_e) { - fprintf(stderr, "Invalid or missing --key-type\n"); - return cli_error_invalid_argument; - } - if (opts->issuer_key_type == n20_crypto_key_type_none_e) { - fprintf(stderr, "Invalid or missing --parent-key-type\n"); - return cli_error_invalid_argument; - } - if (opts->certificate_format == n20_certificate_format_none_e) { - fprintf(stderr, "Invalid or missing --certificate-format\n"); - return cli_error_invalid_argument; - } - - // Parse CDI fields - err = parse_hex_to_slice(&request->payload.issue_cdi_cert.next_context.code_hash, - opts->cdi_fields.code_hash, - "code hash"); - if (err != cli_error_ok) return err; - - err = parse_hex_to_slice(&request->payload.issue_cdi_cert.next_context.code_descriptor, - opts->cdi_fields.code_desc, - "code descriptor"); - if (err != cli_error_ok) return err; - - err = parse_hex_to_slice(&request->payload.issue_cdi_cert.next_context.configuration_hash, - opts->cdi_fields.conf_hash, - "configuration hash"); - if (err != cli_error_ok) return err; - - err = parse_hex_to_slice(&request->payload.issue_cdi_cert.next_context.configuration_descriptor, - opts->cdi_fields.conf_desc, - "configuration descriptor"); - if (err != cli_error_ok) return err; - - err = parse_hex_to_slice(&request->payload.issue_cdi_cert.next_context.authority_hash, - opts->cdi_fields.auth_hash, - "authority hash"); - if (err != cli_error_ok) return err; - - err = parse_hex_to_slice(&request->payload.issue_cdi_cert.next_context.authority_descriptor, - opts->cdi_fields.auth_desc, - "authority descriptor"); - if (err != cli_error_ok) return err; - - err = parse_hex_to_slice( - &request->payload.issue_cdi_cert.next_context.hidden, opts->cdi_fields.hidden, "hidden"); - if (err != cli_error_ok) return err; - - request->payload.issue_cdi_cert.next_context.mode = opts->cdi_fields.mode; - - if (opts->cdi_fields.profile_name) { - request->payload.issue_cdi_cert.next_context.profile_name.buffer = - opts->cdi_fields.profile_name; - request->payload.issue_cdi_cert.next_context.profile_name.size = - strlen(opts->cdi_fields.profile_name); - } - - // Build parent path - for (size_t i = 0; i < opts->parent_path.count; ++i) { - if (!add_parent_path_decoded(&request->payload.issue_cdi_cert.parent_path, - opts->parent_path.elements[i])) { - fprintf(stderr, "Failed to add parent path element\n"); - return cli_error_invalid_argument; - } - } - - // Parse parent path hex strings - for (size_t i = 0; i < request->payload.issue_cdi_cert.parent_path.length; ++i) { - err = parse_hex_to_slice( - (n20_slice_t *)&request->payload.issue_cdi_cert.parent_path.decoded[i], - (char const *)request->payload.issue_cdi_cert.parent_path.decoded[i].buffer, - "parent path element"); - if (err != cli_error_ok) return err; - } - - return cli_error_ok; -} - -// Initialize ECA cert request from parsed options -static cli_error_t init_eca_cert_request(n20_msg_request_t *request, parsed_options_t const *opts) { - cli_error_t err; - - request->request_type = n20_msg_request_type_issue_eca_cert_e; - request->payload.issue_eca_cert.subject_key_type = opts->subject_key_type; - request->payload.issue_eca_cert.issuer_key_type = opts->issuer_key_type; - request->payload.issue_eca_cert.certificate_format = opts->certificate_format; - - // Validate required fields - if (opts->subject_key_type == n20_crypto_key_type_none_e) { - fprintf(stderr, "Invalid or missing --key-type\n"); - return cli_error_invalid_argument; - } - if (opts->issuer_key_type == n20_crypto_key_type_none_e) { - fprintf(stderr, "Invalid or missing --parent-key-type\n"); - return cli_error_invalid_argument; - } - if (opts->certificate_format == n20_certificate_format_none_e) { - fprintf(stderr, "Invalid or missing --certificate-format\n"); - return cli_error_invalid_argument; - } - - // Parse challenge if provided - err = parse_hex_to_slice( - &request->payload.issue_eca_cert.challenge, opts->challenge, "challenge"); - if (err != cli_error_ok) return err; - - // Build parent path - for (size_t i = 0; i < opts->parent_path.count; ++i) { - if (!add_parent_path_decoded(&request->payload.issue_eca_cert.parent_path, - opts->parent_path.elements[i])) { - fprintf(stderr, "Failed to add parent path element\n"); - return cli_error_invalid_argument; - } - } - - // Parse parent path hex strings - for (size_t i = 0; i < request->payload.issue_eca_cert.parent_path.length; ++i) { - err = parse_hex_to_slice( - (n20_slice_t *)&request->payload.issue_eca_cert.parent_path.decoded[i], - (char const *)request->payload.issue_eca_cert.parent_path.decoded[i].buffer, - "parent path element"); - if (err != cli_error_ok) return err; - } - - return cli_error_ok; -} - -// Initialize ECA EE cert request from parsed options -static cli_error_t init_eca_ee_cert_request(n20_msg_request_t *request, - parsed_options_t const *opts, - uint8_t key_usage[2]) { - cli_error_t err; - - request->request_type = n20_msg_request_type_issue_eca_ee_cert_e; - request->payload.issue_eca_ee_cert.subject_key_type = opts->subject_key_type; - request->payload.issue_eca_ee_cert.issuer_key_type = opts->issuer_key_type; - request->payload.issue_eca_ee_cert.certificate_format = opts->certificate_format; - - // Validate required fields - if (opts->subject_key_type == n20_crypto_key_type_none_e) { - fprintf(stderr, "Invalid or missing --key-type\n"); - return cli_error_invalid_argument; - } - if (opts->issuer_key_type == n20_crypto_key_type_none_e) { - fprintf(stderr, "Invalid or missing --parent-key-type\n"); - return cli_error_invalid_argument; - } - if (opts->certificate_format == n20_certificate_format_none_e) { - fprintf(stderr, "Invalid or missing --certificate-format\n"); - return cli_error_invalid_argument; - } - - // Set name - if (opts->ee_fields.name) { - request->payload.issue_eca_ee_cert.name.buffer = opts->ee_fields.name; - request->payload.issue_eca_ee_cert.name.size = strlen(opts->ee_fields.name); - } - - // Parse key usage - if (opts->ee_fields.key_usage_str) { - parse_key_usage(opts->ee_fields.key_usage_str, key_usage); - request->payload.issue_eca_ee_cert.key_usage.buffer = key_usage; - request->payload.issue_eca_ee_cert.key_usage.size = 2; - } - - // Parse challenge if provided - err = parse_hex_to_slice( - &request->payload.issue_eca_ee_cert.challenge, opts->challenge, "challenge"); - if (err != cli_error_ok) return err; - - // Build parent path - for (size_t i = 0; i < opts->parent_path.count; ++i) { - if (!add_parent_path_decoded(&request->payload.issue_eca_ee_cert.parent_path, - opts->parent_path.elements[i])) { - fprintf(stderr, "Failed to add parent path element\n"); - return cli_error_invalid_argument; - } - } - - // Parse parent path hex strings - for (size_t i = 0; i < request->payload.issue_eca_ee_cert.parent_path.length; ++i) { - err = parse_hex_to_slice( - (n20_slice_t *)&request->payload.issue_eca_ee_cert.parent_path.decoded[i], - (char const *)request->payload.issue_eca_ee_cert.parent_path.decoded[i].buffer, - "parent path element"); - if (err != cli_error_ok) return err; - } - - return cli_error_ok; -} - -// Initialize ECA EE sign request from parsed options -static cli_error_t init_eca_ee_sign_request(n20_msg_request_t *request, - parsed_options_t const *opts, - uint8_t key_usage[2]) { - cli_error_t err; - - request->request_type = n20_msg_request_type_eca_ee_sign_e; - request->payload.eca_ee_sign.subject_key_type = opts->subject_key_type; - - // Validate required fields - if (opts->subject_key_type == n20_crypto_key_type_none_e) { - fprintf(stderr, "Invalid or missing --key-type\n"); - return cli_error_invalid_argument; - } - - // Set name - if (opts->ee_fields.name) { - request->payload.eca_ee_sign.name.buffer = opts->ee_fields.name; - request->payload.eca_ee_sign.name.size = strlen(opts->ee_fields.name); - } - - // Parse key usage - if (opts->ee_fields.key_usage_str) { - parse_key_usage(opts->ee_fields.key_usage_str, key_usage); - request->payload.eca_ee_sign.key_usage.buffer = key_usage; - request->payload.eca_ee_sign.key_usage.size = 2; - } - - // Parse message - err = parse_hex_to_slice(&request->payload.eca_ee_sign.message, opts->message, "message"); - if (err != cli_error_ok) return err; - - // Build parent path - for (size_t i = 0; i < opts->parent_path.count; ++i) { - if (!add_parent_path_decoded(&request->payload.eca_ee_sign.parent_path, - opts->parent_path.elements[i])) { - fprintf(stderr, "Failed to add parent path element\n"); - return cli_error_invalid_argument; - } - } - - // Parse parent path hex strings - for (size_t i = 0; i < request->payload.eca_ee_sign.parent_path.length; ++i) { - err = parse_hex_to_slice( - (n20_slice_t *)&request->payload.eca_ee_sign.parent_path.decoded[i], - (char const *)request->payload.eca_ee_sign.parent_path.decoded[i].buffer, - "parent path element"); - if (err != cli_error_ok) return err; - } - - return cli_error_ok; -} - -// Helper to write binary data to file or print as hex -static cli_error_t output_binary_data(uint8_t const *data, - size_t size, - char const *output_file, - char const *data_type) { - if (output_file) { - FILE *file = fopen(output_file, "wb"); - if (!file) { - perror("fopen"); - return cli_error_io; - } - size_t written = fwrite(data, 1, size, file); - if (written != size) { - fprintf(stderr, "Failed to write full %s to file\n", data_type); - fclose(file); - return cli_error_io; - } - fclose(file); - printf("%s written to %s\n", data_type, output_file); - } else { - printf("%s data: ", data_type); - for (size_t i = 0; i < size; ++i) { - printf("%02x", data[i]); - } - printf("\n"); - } - return cli_error_ok; -} - -// Handle promote response -static cli_error_t handle_promote_response(n20_slice_t response_slice) { - n20_msg_error_response_t response; - n20_error_t n20_err = n20_msg_error_response_read(&response, response_slice); - if (n20_err != n20_error_ok_e) { - fprintf(stderr, - "Failed to read promote response. libnat20 error: %d (0x%x)\n", - n20_err, - n20_err); - return cli_error_libnat20; - } - if (response.error_code != n20_error_ok_e) { - fprintf(stderr, - "Promote request failed. Server returned libnat20 error: %d (0x%x)\n", - response.error_code, - response.error_code); - return cli_error_server; - } - printf("Promote request successful\n"); - return cli_error_ok; -} - -// Handle certificate response (common for cdi-cert, eca-cert, eca-ee-cert) -static cli_error_t handle_cert_response(n20_slice_t response_slice, - char const *output_file, - char const *cert_type_name, - bool print_debug) { - if (print_debug) { - printf("Raw response (%zu bytes): ", response_slice.size); - size_t preview_len = response_slice.size < 32 ? response_slice.size : 32; - for (size_t i = 0; i < preview_len; ++i) { - printf("%02x", response_slice.buffer[i]); - } - if (response_slice.size > 32) printf("..."); - printf("\n"); - } - - n20_msg_issue_cert_response_t response; - n20_error_t n20_err = n20_msg_issue_cert_response_read(&response, response_slice); - if (n20_err != n20_error_ok_e) { - fprintf(stderr, - "Failed to read %s response. libnat20 error: %d (0x%x)\n", - cert_type_name, - n20_err, - n20_err); - return cli_error_libnat20; - } - if (response.error_code != n20_error_ok_e) { - fprintf(stderr, - "%s request failed. Server returned libnat20 error: %d (0x%x)\n", - cert_type_name, - response.error_code, - response.error_code); - return cli_error_server; - } - printf("%s request successful, certificate size: %zu\n", - cert_type_name, - response.certificate.size); - - return output_binary_data( - response.certificate.buffer, response.certificate.size, output_file, "Certificate"); -} - -// Handle CDI cert response (includes compressed input output) -static cli_error_t handle_cdi_cert_response(n20_slice_t response_slice, - char const *output_file, - n20_open_dice_input_t const *next_context) { - cli_error_t err = handle_cert_response(response_slice, output_file, "CDI cert", true); - if (err != cli_error_ok) return err; - - // Compute and output compressed input - n20_compressed_input_t next_compressed_input; - n20_open_dice_cert_info_t cert_info; - cert_info.cert_type = n20_cert_type_cdi_e; - cert_info.open_dice_input = *next_context; - - n20_crypto_digest_context_t *digest_ctx = NULL; - - n20_error_t n20_err = n20_crypto_nat20_open(&digest_ctx); - if (n20_err != n20_error_ok_e) { - fprintf( - stderr, "Failed to open digest context. libnat20 error: %d (0x%x)\n", n20_err, n20_err); - return cli_error_libnat20; - } - - n20_err = n20_compress_input(digest_ctx, &cert_info, next_compressed_input); - n20_crypto_nat20_close(digest_ctx); - if (n20_err != n20_error_ok_e) { - fprintf(stderr, "Failed to compress input. libnat20 error: %d (0x%x)\n", n20_err, n20_err); - return cli_error_libnat20; - } - - printf("Compressed input: "); - for (size_t i = 0; i < sizeof(next_compressed_input); ++i) { - printf("%02x", next_compressed_input[i]); - } - printf("\n"); - - return cli_error_ok; -} - -// Handle ECA EE sign response -static cli_error_t handle_eca_ee_sign_response(n20_slice_t response_slice, - char const *output_file) { - // First try to read as an error response - n20_msg_error_response_t error_response; - n20_error_t n20_err = n20_msg_error_response_read(&error_response, response_slice); - if (n20_err == n20_error_ok_e && error_response.error_code != n20_error_ok_e) { - fprintf(stderr, - "ECA sign request failed. Server returned libnat20 error: %d (0x%x)\n", - error_response.error_code, - error_response.error_code); - return cli_error_server; - } - - // If not an error response, try to read as sign response - n20_msg_eca_ee_sign_response_t response; - n20_err = n20_msg_eca_ee_sign_response_read(&response, response_slice); - if (n20_err != n20_error_ok_e) { - fprintf(stderr, - "Failed to read ECA sign response. libnat20 error: %d (0x%x)\n", - n20_err, - n20_err); - return cli_error_libnat20; - } - if (response.error_code != n20_error_ok_e) { - fprintf(stderr, - "ECA sign request failed. Server returned libnat20 error: %d (0x%x)\n", - response.error_code, - response.error_code); - return cli_error_server; - } - printf("ECA sign request successful, signature size: %zu\n", response.signature.size); - - return output_binary_data( - response.signature.buffer, response.signature.size, output_file, "Signature"); -} - -int main(int argc, char *argv[]) { - // Stage 1: Parse command options - parsed_options_t opts = { - .request_type = n20_msg_request_type_none_e, - .subject_key_type = n20_crypto_key_type_none_e, - .issuer_key_type = n20_crypto_key_type_none_e, - .certificate_format = n20_certificate_format_none_e, - .cdi_fields = {.mode = n20_open_dice_mode_not_configured_e}, - }; - - if (parse_command_options(argc, argv, &opts) != 0) { - print_usage(argv[0]); - cleanup_parsed_options(&opts); - exit(EXIT_FAILURE); - } - - // Stage 2: Determine command - if (optind >= argc) { - fprintf(stderr, "No command specified\n"); - print_usage(argv[0]); - cleanup_parsed_options(&opts); - exit(EXIT_FAILURE); - } - - int request_type = parse_request_type(argv[optind]); - if (request_type == n20_msg_request_type_none_e) { - fprintf(stderr, "Unknown command: %s\n", argv[optind]); - print_usage(argv[0]); - cleanup_parsed_options(&opts); - exit(EXIT_FAILURE); - } - - opts.request_type = request_type; - - // Stage 3: Initialize request from parsed options - n20_msg_request_t request = {0}; - uint8_t key_usage[2] = {0}; - cli_error_t cli_err = cli_error_ok; - - switch (request_type) { - case n20_msg_request_type_promote_e: - cli_err = init_promote_request(&request, &opts); - break; - case n20_msg_request_type_issue_cdi_cert_e: - cli_err = init_cdi_cert_request(&request, &opts); - break; - case n20_msg_request_type_issue_eca_cert_e: - cli_err = init_eca_cert_request(&request, &opts); - break; - case n20_msg_request_type_issue_eca_ee_cert_e: - cli_err = init_eca_ee_cert_request(&request, &opts, key_usage); - break; - case n20_msg_request_type_eca_ee_sign_e: - cli_err = init_eca_ee_sign_request(&request, &opts, key_usage); - break; - default: - fprintf(stderr, "Unsupported request type: %d\n", request_type); - print_usage(argv[0]); - cleanup_parsed_options(&opts); - exit(EXIT_FAILURE); - } - - if (cli_err != cli_error_ok) { - fprintf(stderr, "Failed to initialize request. CLI error: %d\n", cli_err); - print_usage(argv[0]); - cleanup_parsed_options(&opts); - exit(EXIT_FAILURE); - } - - uint8_t msg_buffer[1024]; - - size_t msg_size = sizeof(msg_buffer); - - n20_error_t n20_err = n20_msg_request_write(&request, msg_buffer, &msg_size); - if (n20_err != n20_error_ok_e) { - fprintf(stderr, "Failed to write request. libnat20 error: %d (0x%x)\n", n20_err, n20_err); - print_usage(argv[0]); - exit(EXIT_FAILURE); - } - - clean_up_request(&request); - - int dice_dev_fd = open("/dev/nat200", O_RDWR); - if (dice_dev_fd < 0) { - perror("open"); - exit(EXIT_FAILURE); - } - - ssize_t bytes_written = - write(dice_dev_fd, msg_buffer + (sizeof(msg_buffer) - msg_size), msg_size); - if (bytes_written < 0) { - perror("write"); - close(dice_dev_fd); - exit(EXIT_FAILURE); - } - - uint8_t response_buffer[1024]; - - ssize_t bytes_received = read(dice_dev_fd, response_buffer, sizeof(response_buffer)); - if (bytes_received < 0) { - perror("read"); - close(dice_dev_fd); - exit(EXIT_FAILURE); - } - close(dice_dev_fd); - - printf("Bytes written: %zd, Bytes received: %zd\n", bytes_written, bytes_received); - - n20_slice_t response_slice = { - .buffer = response_buffer, - .size = (size_t)bytes_received, - }; - - // Handle response based on request type - switch (request.request_type) { - case n20_msg_request_type_promote_e: - cli_err = handle_promote_response(response_slice); - break; - case n20_msg_request_type_issue_cdi_cert_e: - cli_err = handle_cdi_cert_response( - response_slice, opts.output_file, &request.payload.issue_cdi_cert.next_context); - break; - case n20_msg_request_type_issue_eca_cert_e: - cli_err = handle_cert_response(response_slice, opts.output_file, "ECA cert", true); - break; - case n20_msg_request_type_issue_eca_ee_cert_e: - cli_err = - handle_cert_response(response_slice, opts.output_file, "ECA end-entity cert", true); - break; - case n20_msg_request_type_eca_ee_sign_e: - cli_err = handle_eca_ee_sign_response(response_slice, opts.output_file); - break; - default: - fprintf(stderr, "Unknown request type in response\n"); - cleanup_parsed_options(&opts); - exit(EXIT_FAILURE); - } - - cleanup_parsed_options(&opts); - - if (cli_err != cli_error_ok) { - exit(EXIT_FAILURE); - } - - return 0; -} From 89d1814443bd762af9a10ef4b9008262d9a3552b Mon Sep 17 00:00:00 2001 From: Janis Danisevskis Date: Sat, 16 May 2026 08:04:48 -0700 Subject: [PATCH 47/49] Tidy test runner --- .github/workflows/linux-kmod-build.yml | 2 +- .gitignore | 1 - examples/linux/br_external/bootstrap.sh | 2 +- examples/linux/br_external/run-qemu.sh | 52 ------------------- examples/linux/br_external/utils/envsetup.sh | 23 ++++++++ examples/linux/nat20test/CMakeLists.txt | 2 +- ...20_qemu_init.sh => nat20test_qemu_init.sh} | 0 7 files changed, 26 insertions(+), 56 deletions(-) delete mode 100755 examples/linux/br_external/run-qemu.sh rename examples/linux/nat20test/{nat20_qemu_init.sh => nat20test_qemu_init.sh} (100%) diff --git a/.github/workflows/linux-kmod-build.yml b/.github/workflows/linux-kmod-build.yml index fd2dc104..d684b057 100644 --- a/.github/workflows/linux-kmod-build.yml +++ b/.github/workflows/linux-kmod-build.yml @@ -175,7 +175,7 @@ jobs: -M pc \ -kernel "${KERNEL}" \ -drive file="${ROOTFS}",if=virtio,format=raw \ - -append "rootwait root=/dev/vda console=ttyS0 init=/usr/bin/nat20_qemu_init.sh" \ + -append "rootwait root=/dev/vda console=ttyS0 init=/usr/bin/nat20test_qemu_init.sh" \ -nographic \ -no-reboot \ -net none \ diff --git a/.gitignore b/.gitignore index e6fc5f4e..1f3b638b 100644 --- a/.gitignore +++ b/.gitignore @@ -49,4 +49,3 @@ build/ cmake_install.cmake compile_commands.json html/ -nat20test diff --git a/examples/linux/br_external/bootstrap.sh b/examples/linux/br_external/bootstrap.sh index 0eaf1d7e..ef5a49e2 100755 --- a/examples/linux/br_external/bootstrap.sh +++ b/examples/linux/br_external/bootstrap.sh @@ -99,6 +99,7 @@ pushd ${LIBNAT20_BR_BUILD_DIR} echo "LIBNAT20_BR_BUILD_DIR=${LIBNAT20_BR_BUILD_DIR}" | tee .env echo "LIBNAT20_ROOT=${LIBNAT20_ROOT}" | tee -a .env +echo "LIBNAT20_PROJECT=${PROJECT}" | tee -a .env cp ${LIBNAT20_ROOT}/examples/linux/br_external/utils/envsetup.sh ./ @@ -109,7 +110,6 @@ git clone --depth 1 --branch "2025.08.1" https://gitlab.com/buildroot.org/buildr case "$PROJECT" in qemu) cp ${LIBNAT20_ROOT}/examples/linux/br_external/configs/qemu_br_defconfig buildroot/.config - cp ${LIBNAT20_ROOT}/examples/linux/br_external/run-qemu.sh ./ ;; esac diff --git a/examples/linux/br_external/run-qemu.sh b/examples/linux/br_external/run-qemu.sh deleted file mode 100755 index a37bc9a8..00000000 --- a/examples/linux/br_external/run-qemu.sh +++ /dev/null @@ -1,52 +0,0 @@ -#!/bin/bash - -# Copyright 2026 Aurora Operations, Inc. -# -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0 -# -# This work is dual licensed. -# You may use it under Apache-2.0 or GPL-2.0 at your option. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# OR -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License -# as published by the Free Software Foundation; either version 2 -# of the License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, see -# . - -QEMU_BIN=qemu-system-x86_64 - -if [ ! -f ".env" ]; then - echo ".env file not found. Please run bootstrap.sh first." - exit 1 -fi - -source .env - -BUILDROOT_DIR="${LIBNAT20_BR_BUILD_DIR}/buildroot" -KERNEL_IMAGE="${BUILDROOT_DIR}/output/images/bzImage" -FS_IMAGE="${BUILDROOT_DIR}/output/images/rootfs.ext2" - - -"${QEMU_BIN}" -M pc -kernel "${KERNEL_IMAGE}" -nographic -drive file="${FS_IMAGE}",if=virtio,format=raw -append "rootwait root=/dev/vda console=ttyS0" -serial mon:stdio -net nic,model=virtio -net user diff --git a/examples/linux/br_external/utils/envsetup.sh b/examples/linux/br_external/utils/envsetup.sh index 62d1a15a..0156e62d 100644 --- a/examples/linux/br_external/utils/envsetup.sh +++ b/examples/linux/br_external/utils/envsetup.sh @@ -92,3 +92,26 @@ function brrebuild() { ;; esac } + +function run-qemu() { + if [ $LIBNAT20_PROJECT != "qemu" ]; then + echo "Error: run-qemu is only supported for the qemu project." + return 1 + fi + + QEMU_BIN=qemu-system-x86_64 + + BUILDROOT_DIR="${LIBNAT20_BR_BUILD_DIR}/buildroot" + KERNEL_IMAGE="${BUILDROOT_DIR}/output/images/bzImage" + FS_IMAGE="${BUILDROOT_DIR}/output/images/rootfs.ext2" + + if [ -n "$1" ]; then + "${QEMU_BIN}" -M pc -kernel "${KERNEL_IMAGE}" -nographic -drive file="${FS_IMAGE}",if=virtio,format=raw -append "rootwait root=/dev/vda console=ttyS0 init=$1" -serial mon:stdio -net nic,model=virtio -net user + else + "${QEMU_BIN}" -M pc -kernel "${KERNEL_IMAGE}" -nographic -drive file="${FS_IMAGE}",if=virtio,format=raw -append "rootwait root=/dev/vda console=ttyS0" -serial mon:stdio -net nic,model=virtio -net user + fi +} + +function run-nat20test-test() { + run-qemu "/usr/bin/nat20test_qemu_init.sh" +} diff --git a/examples/linux/nat20test/CMakeLists.txt b/examples/linux/nat20test/CMakeLists.txt index 9db588d3..d6da07e4 100644 --- a/examples/linux/nat20test/CMakeLists.txt +++ b/examples/linux/nat20test/CMakeLists.txt @@ -77,6 +77,6 @@ PRIVATE -Werror install(TARGETS nat20_integration_test RUNTIME DESTINATION bin) install(PROGRAMS nat20test.sh DESTINATION bin) -install(PROGRAMS nat20_qemu_init.sh DESTINATION bin) +install(PROGRAMS nat20test_qemu_init.sh DESTINATION bin) ################################################################################################### diff --git a/examples/linux/nat20test/nat20_qemu_init.sh b/examples/linux/nat20test/nat20test_qemu_init.sh similarity index 100% rename from examples/linux/nat20test/nat20_qemu_init.sh rename to examples/linux/nat20test/nat20test_qemu_init.sh From d903bde4105387db96f6aa1233c0f4221d958b50 Mon Sep 17 00:00:00 2001 From: Janis Danisevskis Date: Wed, 27 May 2026 10:08:22 -0700 Subject: [PATCH 48/49] address comments --- .../nat20test/test/nat20_integration_test.c | 168 ++++++++++++------ examples/linux/nat20test/test/test_helpers.c | 10 +- 2 files changed, 121 insertions(+), 57 deletions(-) diff --git a/examples/linux/nat20test/test/nat20_integration_test.c b/examples/linux/nat20test/test/nat20_integration_test.c index 561d09da..25afebcf 100644 --- a/examples/linux/nat20test/test/nat20_integration_test.c +++ b/examples/linux/nat20test/test/nat20_integration_test.c @@ -212,7 +212,6 @@ static void test_cdi_cert_x509_p256(void) { TEST_PASS(); } -#if N20_WITH_COSE == 1 static void test_cdi_cert_cose_p256(void) { TEST_BEGIN("cdi-cert COSE P-256"); @@ -247,7 +246,6 @@ static void test_cdi_cert_cose_p256(void) { TEST_PASS(); } -#endif static void test_eca_cert_x509_p256(void) { TEST_BEGIN("eca-cert X.509 P-256"); @@ -423,7 +421,10 @@ static bool issue_cdi_cert(n20_crypto_key_type_t issuer_key_type, fprintf(stderr, " cdi-cert error: 0x%x\n", cert_response.error_code); return false; } - if (cert_response.certificate.size > sizeof(out->data)) return false; + if (cert_response.certificate.size > sizeof(out->data)) { + return false; + } + memcpy(out->data, cert_response.certificate.buffer, cert_response.certificate.size); out->size = cert_response.certificate.size; return true; @@ -456,7 +457,10 @@ static bool issue_eca_cert(n20_crypto_key_type_t issuer_key_type, fprintf(stderr, " eca-cert error: 0x%x\n", cert_response.error_code); return false; } - if (cert_response.certificate.size > sizeof(out->data)) return false; + if (cert_response.certificate.size > sizeof(out->data)) { + return false; + } + memcpy(out->data, cert_response.certificate.buffer, cert_response.certificate.size); out->size = cert_response.certificate.size; return true; @@ -493,7 +497,10 @@ static bool issue_eca_ee_cert(n20_crypto_key_type_t issuer_key_type, fprintf(stderr, " eca-ee-cert error: 0x%x\n", cert_response.error_code); return false; } - if (cert_response.certificate.size > sizeof(out->data)) return false; + if (cert_response.certificate.size > sizeof(out->data)) { + return false; + } + memcpy(out->data, cert_response.certificate.buffer, cert_response.certificate.size); out->size = cert_response.certificate.size; return true; @@ -529,7 +536,10 @@ static bool eca_ee_sign(n20_crypto_key_type_t key_type, fprintf(stderr, " eca-ee-sign error: 0x%x\n", sign_response.error_code); return false; } - if (sign_response.signature.size > sizeof(out->data)) return false; + if (sign_response.signature.size > sizeof(out->data)) { + return false; + } + memcpy(out->data, sign_response.signature.buffer, sign_response.signature.size); out->size = sign_response.signature.size; return true; @@ -561,11 +571,16 @@ static bool do_promote(uint8_t const* compressed_input, size_t compressed_input_ static bool read_uds_cert(cert_buffer_t* out) { int fd = open(DICE_CHAIN_PATH, O_RDONLY); - if (fd < 0) return false; + if (fd < 0) { + return false; + } + uint8_t dice_chain_buf[4096]; ssize_t dc_size = read(fd, dice_chain_buf, sizeof(dice_chain_buf)); close(fd); - if (dc_size <= 10) return false; + if (dc_size <= 10) { + return false; + } n20_istream_t dc_stream; n20_istream_init(&dc_stream, dice_chain_buf, (size_t)dc_size); @@ -575,8 +590,12 @@ static bool read_uds_cert(cert_buffer_t* out) { n20_cbor_read_header(&dc_stream, &cbor_type, &cbor_value); n20_cbor_read_header(&dc_stream, &cbor_type, &cbor_value); n20_slice_t uds_cert_slice; - if (!n20_istream_get_slice(&dc_stream, &uds_cert_slice, cbor_value)) return false; - if (uds_cert_slice.size > sizeof(out->data)) return false; + if (!n20_istream_get_slice(&dc_stream, &uds_cert_slice, cbor_value)) { + return false; + } + if (uds_cert_slice.size > sizeof(out->data)) { + return false; + } memcpy(out->data, uds_cert_slice.buffer, uds_cert_slice.size); out->size = uds_cert_slice.size; return true; @@ -688,11 +707,15 @@ static void test_level1(void) { /* CDI1: subject_key_type × format, issuer = P-256, no parent path */ for (size_t si = 0; si < NUM_KEY_TYPES; si++) { for (size_t fi = 0; fi < NUM_CDI_FORMATS; fi++) { - level1_artifacts.cdi1_valid[si][fi] = issue_cdi_cert(n20_crypto_key_type_secp256r1_e, - KEY_TYPES[si], - CDI_FORMATS[fi], - no_path, - &level1_artifacts.cdi1[si][fi]); + ASSERT((level1_artifacts.cdi1_valid[si][fi] = + issue_cdi_cert(n20_crypto_key_type_secp256r1_e, + KEY_TYPES[si], + CDI_FORMATS[fi], + no_path, + &level1_artifacts.cdi1[si][fi])), + "Failed to issue CDI1 cert (subject key type %d, format %d)", + KEY_TYPES[si], + CDI_FORMATS[fi]); } } @@ -700,12 +723,17 @@ static void test_level1(void) { for (size_t ii = 0; ii < NUM_KEY_TYPES; ii++) { for (size_t si = 0; si < NUM_KEY_TYPES; si++) { for (size_t fi = 0; fi < NUM_CDI_FORMATS; fi++) { - level1_artifacts.cdi2_valid[ii][si][fi] = - issue_cdi_cert(KEY_TYPES[ii], - KEY_TYPES[si], - CDI_FORMATS[fi], - path_depth1, - &level1_artifacts.cdi2[ii][si][fi]); + ASSERT((level1_artifacts.cdi2_valid[ii][si][fi] = + issue_cdi_cert(KEY_TYPES[ii], + KEY_TYPES[si], + CDI_FORMATS[fi], + path_depth1, + &level1_artifacts.cdi2[ii][si][fi])), + "Failed to issue CDI2 cert (issuer key type %d, subject key type %d, format " + "%d)", + KEY_TYPES[ii], + KEY_TYPES[si], + CDI_FORMATS[fi]); } } } @@ -713,11 +741,15 @@ static void test_level1(void) { /* ECA: issuer_key_type × subject_key_type, parent_path depth 2 */ for (size_t ii = 0; ii < NUM_KEY_TYPES; ii++) { for (size_t si = 0; si < NUM_KEY_TYPES; si++) { - level1_artifacts.eca_valid[ii][si] = issue_eca_cert(KEY_TYPES[ii], - KEY_TYPES[si], - n20_certificate_format_x509_e, - path_depth2, - &level1_artifacts.eca[ii][si]); + ASSERT((level1_artifacts.eca_valid[ii][si] = + issue_eca_cert(KEY_TYPES[ii], + KEY_TYPES[si], + n20_certificate_format_x509_e, + path_depth2, + &level1_artifacts.eca[ii][si])), + "Failed to issue ECA cert (issuer key type %d, subject key type %d)", + KEY_TYPES[ii], + KEY_TYPES[si]); } } @@ -725,22 +757,28 @@ static void test_level1(void) { * The ECA_EE issuer key type = ECA subject key type. */ for (size_t ei = 0; ei < NUM_KEY_TYPES; ei++) { for (size_t si = 0; si < NUM_KEY_TYPES; si++) { - level1_artifacts.eca_ee_valid[ei][si] = - issue_eca_ee_cert(KEY_TYPES[ei], - KEY_TYPES[si], - n20_certificate_format_x509_e, - path_depth2, - &level1_artifacts.eca_ee[ei][si]); + ASSERT((level1_artifacts.eca_ee_valid[ei][si] = + issue_eca_ee_cert(KEY_TYPES[ei], + KEY_TYPES[si], + n20_certificate_format_x509_e, + path_depth2, + &level1_artifacts.eca_ee[ei][si])), + "Failed to issue ECA_EE cert (eca subject key type %d, ee subject key type %d)", + KEY_TYPES[ei], + KEY_TYPES[si]); } } /* Signature: ee_subject_key_type, parent_path depth 2 */ for (size_t si = 0; si < NUM_KEY_TYPES; si++) { - level1_artifacts.signature_valid[si] = eca_ee_sign(KEY_TYPES[si], - path_depth2, - test_message, - sizeof(test_message) - 1, - &level1_artifacts.signature[si]); + ASSERT( + (level1_artifacts.signature_valid[si] = eca_ee_sign(KEY_TYPES[si], + path_depth2, + test_message, + sizeof(test_message) - 1, + &level1_artifacts.signature[si])), + "Failed to issue signature (ee subject key type %d)", + KEY_TYPES[si]); } /* Verification: check X.509 chains where applicable */ @@ -757,7 +795,9 @@ static void test_level1(void) { /* Verify CDI1 X.509 certs against UDS key */ for (size_t si = 0; si < NUM_KEY_TYPES; si++) { - if (!level1_artifacts.cdi1_valid[si][0]) continue; /* X.509 is index 0 */ + if (!level1_artifacts.cdi1_valid[si][0]) { + continue; /* X.509 is index 0 */ + } ASSERT(test_verify_x509_signature(level1_artifacts.cdi1[si][0].data, level1_artifacts.cdi1[si][0].size, uds_pubkey, @@ -813,7 +853,9 @@ static void test_level1(void) { KEY_TYPES[ii]); } for (size_t si = 0; si < NUM_KEY_TYPES; si++) { - if (!level1_artifacts.cdi2_valid[ii][si][0]) continue; + if (!level1_artifacts.cdi2_valid[ii][si][0]) { + continue; + } ASSERT(test_verify_x509_signature(level1_artifacts.cdi2[ii][si][0].data, level1_artifacts.cdi2[ii][si][0].size, cdi1_pubkey, @@ -851,7 +893,9 @@ static void test_level1(void) { /* Get CDI2 public key for this issuer key type. * Use the issuer index ii as the subject index of the CDI2 matrix. * The issuer index ii2 corresponds to the CDI2 issuer key type. */ - if (!level1_artifacts.cdi2_valid[ii2][ii][issfi]) continue; + if (!level1_artifacts.cdi2_valid[ii2][ii][issfi]) { + continue; + } uint8_t cdi2_pubkey[97]; size_t cdi2_pubkey_size = sizeof(cdi2_pubkey); if (issfi == 0) { @@ -884,7 +928,9 @@ static void test_level1(void) { } for (size_t si = 0; si < NUM_KEY_TYPES; si++) { - if (!level1_artifacts.eca_valid[ii][si]) continue; + if (!level1_artifacts.eca_valid[ii][si]) { + continue; + } /* ECA signed by CDI2's subject key (type = KEY_TYPES[ii]) */ ASSERT(test_verify_x509_signature(level1_artifacts.eca[ii][si].data, @@ -905,17 +951,23 @@ static void test_level1(void) { for (size_t ii = 0; ii < NUM_KEY_TYPES; ii++) { /* Get ECA public key for this issuer key type. * Use the issuer index ii as the subject index of the CDI2 matrix. */ - if (!level1_artifacts.eca_valid[ii2][ii]) continue; + if (!level1_artifacts.eca_valid[ii2][ii]) { + continue; + } uint8_t eca_pubkey[97]; size_t eca_pubkey_size = sizeof(eca_pubkey); - if (!test_extract_x509_pubkey(level1_artifacts.eca[ii2][ii].data, - level1_artifacts.eca[ii2][ii].size, - eca_pubkey, - &eca_pubkey_size)) - continue; + ASSERT(test_extract_x509_pubkey(level1_artifacts.eca[ii2][ii].data, + level1_artifacts.eca[ii2][ii].size, + eca_pubkey, + &eca_pubkey_size), + "Failed to extract public key from ECA cert (iss=%d, sub=%d)", + KEY_TYPES[ii2], + KEY_TYPES[ii]); for (size_t si = 0; si < NUM_KEY_TYPES; si++) { - if (!level1_artifacts.eca_ee_valid[ii][si]) continue; + if (!level1_artifacts.eca_ee_valid[ii][si]) { + continue; + } /* ECA_EE signed by ECA's subject key (type = KEY_TYPES[ii]) */ ASSERT(test_verify_x509_signature(level1_artifacts.eca_ee[ii][si].data, @@ -934,16 +986,22 @@ static void test_level1(void) { /* Verify ECA_EE Signatures against ECA_EE keys */ for (size_t ii = 0; ii < NUM_KEY_TYPES; ii++) { for (size_t si = 0; si < NUM_KEY_TYPES; si++) { - if (!level1_artifacts.eca_ee_valid[ii][si]) continue; + if (!level1_artifacts.eca_ee_valid[ii][si]) { + continue; + } uint8_t eca_ee_pubkey[97]; size_t eca_ee_pubkey_size = sizeof(eca_ee_pubkey); - if (!test_extract_x509_pubkey(level1_artifacts.eca_ee[ii][si].data, - level1_artifacts.eca_ee[ii][si].size, - eca_ee_pubkey, - &eca_ee_pubkey_size)) - continue; + ASSERT(test_extract_x509_pubkey(level1_artifacts.eca_ee[ii][si].data, + level1_artifacts.eca_ee[ii][si].size, + eca_ee_pubkey, + &eca_ee_pubkey_size), + "Failed to extract public key from ECA_EE cert (iss=%d, sub=%d)", + KEY_TYPES[ii], + KEY_TYPES[si]); - if (!level1_artifacts.signature_valid[si]) continue; + if (!level1_artifacts.signature_valid[si]) { + continue; + } /* Verify signature against ECA_EE key */ ASSERT(test_verify_raw_signature(eca_ee_pubkey + 1, eca_ee_pubkey_size - 1, diff --git a/examples/linux/nat20test/test/test_helpers.c b/examples/linux/nat20test/test/test_helpers.c index 1d52bec4..6c8fe0d8 100644 --- a/examples/linux/nat20test/test/test_helpers.c +++ b/examples/linux/nat20test/test/test_helpers.c @@ -80,10 +80,12 @@ n20_error_t test_compress_cdi_input(uint8_t const* code_hash, cert_info.open_dice_input.hidden = (n20_slice_t){.size = hidden_size, .buffer = hidden}; if (compressed_out_size < N20_FUNC_COMPRESSED_INPUT_SIZE) { + n20_crypto_nat20_close(digest_ctx); return n20_error_insufficient_buffer_size_e; } err = n20_compress_input(digest_ctx, &cert_info, compressed_out); + n20_crypto_nat20_close(digest_ctx); return err; } @@ -94,14 +96,18 @@ static EVP_PKEY* evp_pkey_from_ec_pubkey(uint8_t const* pubkey, (key_type == n20_crypto_key_type_secp256r1_e) ? SN_X9_62_prime256v1 : SN_secp384r1; OSSL_PARAM_BLD* bld = OSSL_PARAM_BLD_new(); - if (bld == NULL) return NULL; + if (bld == NULL) { + return NULL; + } OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_PKEY_PARAM_GROUP_NAME, group_name, 0); OSSL_PARAM_BLD_push_octet_string(bld, OSSL_PKEY_PARAM_PUB_KEY, pubkey, pubkey_size); OSSL_PARAM* params = OSSL_PARAM_BLD_to_param(bld); OSSL_PARAM_BLD_free(bld); - if (params == NULL) return NULL; + if (params == NULL) { + return NULL; + } EVP_PKEY_CTX* pctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL); if (pctx == NULL) { From f57810973d6cf4a8c5f33dcd14214c4d497a711a Mon Sep 17 00:00:00 2001 From: Janis Danisevskis Date: Wed, 27 May 2026 15:31:16 -0700 Subject: [PATCH 49/49] Address comments --- examples/linux/nat20test/test/test_helpers.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/examples/linux/nat20test/test/test_helpers.c b/examples/linux/nat20test/test/test_helpers.c index 6c8fe0d8..dfb5d3e2 100644 --- a/examples/linux/nat20test/test/test_helpers.c +++ b/examples/linux/nat20test/test/test_helpers.c @@ -268,6 +268,10 @@ bool test_verify_raw_signature(uint8_t const* pubkey, /* The pubkey is raw x||y — wrap with 0x04 uncompressed prefix */ uint8_t uncompressed[1 + 96]; uncompressed[0] = 0x04; + if (pubkey_size > sizeof(uncompressed) - 1) { + fprintf(stderr, " Public key size too large for uncompressed format\n"); + return false; + } memcpy(uncompressed + 1, pubkey, pubkey_size); pkey = evp_pkey_from_ec_pubkey(uncompressed, 1 + pubkey_size, key_type); break;