Develop Reference

How to Run Systemd with Asan(Address Sanitizer)

When I use asan to compile the rpm package of systemd:
Add the following information to the systemd.spec file:
export CFLAGS="$RPM_OPT_FLAGS"
export LDFLAGS=$RPM_LD_FLAGS
CFLAGS="$CFLAGS -fsanitize=address
-fno-omit-frame-pointer-fsanitize-recover=address"
LDFLAGS="$LDFLAGS -fsanitize=address
-fno-omit-frame-pointer-fsanitize-recover=address"
Run the rpmbuild -ba command to generate RPM packages.
Then use the rpm to upgrade the system:rpm -Uvh systemd*.rpm
However, the system fails to be started：
Failed to start Load/Save Random Seed.
Some failed services will prompt such as：
systemd[1]: Starting Load/Save Random Seed...
systemd-random-seed[2939]: ==2939==Can't open /proc/2457614/task for
reading. systemd-random-seed[2939]: ==2939==LeakSanitizer has
encountered a fatal error. systemd-random-seed[2939]: ==2939==HINT:
For debugging, try setting environment variable
LSAN_OPTIONS=verbosity=1:log_threads=1 systemd-random-seed[2939]:
==2939==HINT: LeakSanitizer does not work under ptrace (strace, gdb, etc) systemd[1]: Failed to start Load/Save Random Seed.
By the way, when I enter emergency mode and execute __lsan_do_recoverable_leak_check in systemd, systemd exits.
How to Run Systemd with Asan (Address Sanitizer)?

Enable systemd service in Yocto

I am trying to enable a systemd service automatically after successful boot of my STM32MP1 based Avnger96 board. I am using Yocto Project as build system with Ubuntu 20.04. My image recipe to enable systemd service is example-systemd.bb:
.
.
inherit systemd
SRC_URI = "file://example.sh \
file://example.service \
"
S = "${WORKDIR}"
SYSTEMD_AUTO_ENABLE_${PN} = "enable"
SYSTEMD_PACKAGES = "${PN}"
SYSTEMD_SERVICE_${PN} = "example.service"
do_install_append() {
install -d 644 ${D}${sysconfdir}/init.d
install -m 0755 ${WORKDIR}/example.sh ${D}${sysconfdir}/init.d
install -d ${D}${systemd_system_unitdir}
install -m 0644 ${WORKDIR}/example.service ${D}${systemd_system_unitdir}
}
FILES_${PN} += "${sysconfdir}/init.d"
FILES_${PN} += "${systemd_system_unitdir}/example.service"
REQUIRED_DISTRO_FEATURES= " systemd"
And included in my main image in local.conf with IMAGE_INSTALL_append = " example-systemd"
After building the image, bitbake -e (YOUR_IMAGE) | grep ^DISTRO_FEATURES= shows systemd.
But in my rootfs I can't find systemd/system directory with above service file. And also when I run systemctl status example I get the error -sh: systemctl: command not found.
Update
After including DISTRO_FEATURES_append= " systemd" in the example-service.bb, in the rootfs etc/systemd/system/multi-user.target.wants/ is created and it contains example.service file. But doing cat example.service results in cat: example.service: No such file or directory. Is this expected?
Can anyone please let me know how to run this service with systemd and how to check if service is installed and executed from linux user space?
And also I have one more doubt: Can both Systemd and Sysvinit exist together and some services are run by systemd and others by sysvinit?
Your help will be much appreciated.
Thanks in advance.
P.S: Please let me know if any info is missing here

Your project might still use systemv or something else as init manager instead of systemd.
You can enable systemd by adding these lines to your local.conf:
DISTRO_FEATURES_append = " systemd"
DISTRO_FEATURES_BACKFILL_CONSIDERED += "sysvinit"
VIRTUAL-RUNTIME_init_manager = "systemd"
VIRTUAL-RUNTIME_initscripts = "systemd-compat-units"

DISTRO_FEATURES_append = " systemd"

How to build a working TPM2 image for Raspberry Pi with Yocto?

I want to build a Linux System with Yocto for the Raspberry Pi with enabled IMA & TPM2.0 support. Therefore I want to compile the kernel with IMA/EVM and TPM Configs and Recipes.
The IMA support should be enabled through the layer meta-secure-core/meta-integrity and adding DISTRO_FEATURE "ima", aswell as IMAGE_INSTALL_append "packagegroup-ima" for the tools. The TPM2 support should be enabled through the meta-security/meta-tpm layer and by adding MACHINE_FEATURES "tpm2" and installing "packagegroup-security-tpm2" via IMAGE_INSTALL_append.
Furthermore, if I understand it correctly, I need systemd as the init_manager.
Yocto Version (Thud/2.6.3). I tried Warrior but ran into build errors. This creates a 4.14.X Linux Kernel.
bblayers.conf:
BBLAYERS ?= " \
/<working-dir>/poky/meta \
/<working-dir>/poky/meta-poky \
/<working-dir>/poky/meta-yocto-bsp \
/<working-dir>/meta-openembedded/meta-oe \
/<working-dir>/meta-openembedded/meta-python \
/<working-dir>/meta-openembedded/meta-networking \
/<working-dir>/meta-openembedded/meta-perl \
/<working-dir>/meta-security \
/<working-dir>/meta-security/meta-tpm \
/<working-dir>/meta-secure-core/meta-integrity \
/<working-dir>/meta-raspberrypi \
"
local.conf:
MACHINE = "raspberrypi3"
...
DISTRO_FEATURES_append += "systemd ima"
VIRTUAL-RUNTIME_init_manager = "systemd"
MACHINE_FEATURES += "tpm2"
IMAGE_INSTALL_append += "packagegroup-security-tpm2 packagegroup-ima"
ENABLE_SPI_BUS = "1"
RPI_EXTRA_CONFIG = "\n \
dtoverlay=tpm-slb9670 \n"
Builds:
/<working-dir>/build/$ bitbake core-image-minimal
I expected the following entries in /proc/config.gz
For TPM:
CONFIG_HW_RANDOM_TPM=y
CONFIG_TCG_TPM=y
CONFIG_TCG_TIS_CORE=y
CONFIG_TCG_TIS=y
CONFIG_TCG_CRB=y
CONFIG_SECURITYFS=y
For IMA:
CONFIG_IMA=y
# CONFIG_IMA_KEXEC is not set
# CONFIG_IMA_LSM_RULES is not set
CONFIG_IMA_WRITE_POLICY=y
CONFIG_IMA_READ_POLICY=y
CONFIG_IMA_MEASURE_PCR_IDX=10
# CONFIG_IMA_TEMPLATE is not set
# CONFIG_IMA_NG_TEMPLATE=y is not set
CONFIG_IMA_SIG_TEMPLATE=y
CONFIG_IMA_DEFAULT_TEMPLATE="ima-sig"
# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set
CONFIG_IMA_DEFAULT_HASH_SHA256=y
# CONFIG_IMA_DEFAULT_HASH_SHA512 is not set
# CONFIG_IMA_DEFAULT_HASH_WP512 is not set
CONFIG_IMA_DEFAULT_HASH="sha256"
CONFIG_IMA_APPRAISE=y
CONFIG_IMA_LOAD_X509=y
CONFIG_IMA_APPRAISE_BOOTPARAM=y
CONFIG_IMA_TRUSTED_KEYRING=y
CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
CONFIG_IMA_BLACKLIST_KEYRING=y
CONFIG_IMA_X509_PATH="/etc/keys/x509_ima.der"
# CONFIG_IMA_APPRAISE_SIGNED_INIT is not set
However, searching on the built Linux on the Raspberry Pi for those settings none were enabled.
# modprobe configs
# cat /proc/config.gz | gunzip > running.conf
# cat running.conf | grep IMA
When I previously built for qemu, I didnt have those issues and I was able to confirm that my settings were enabled in the kernel. Only the tools like evmctl were installed.
Also, my settings for /boot/config.txt of the Raspi didnt seem to have an effect. In fact, there was no /boot/config.txt for me to open at all.
Ultimately, the TPM2 abrmd didnt start during boot (error msg) and I obviously couldnt access the TPM at /dev/tpm* via SPI.
What did I do wrong? I'm new to Yocto and System Building/Linux Kernel in general.
Incase it's related to the Kernel Version, I tried to build for 4.19 but got build errors. I also messed around with the meta-rpi layer from jumpnowtek but it didnt fix my problem. There is also a meta-intel-iot-security/meta-integrity layer but its not maintained.

you missed to modify the DTS.
I create a guide and a github project to insert TPM on Raspberry. Please see the following:
https://github.com/simonetolotti/meta-raspberrypi-web/tree/tpm

Pulseaudio build issue in yocto

I am using Raspberry Pi 3 model B. I am facing build issue while building bitbake pulseaudio. Please find my configuration details:
Yocto : Jethro branch
pulseaudio.inc RDEPENDS_pulseaudio-server +=
"alsa-plugins-pulseaudio-conf"
we are using alsa-plugins_1.0.29.bb
bitbake pulseaudio
ERROR: Nothing RPROVIDES 'alsa-plugins-pulseaudio-conf' (but /home/guest/openembedded-core/meta/recipes-multimedia/pulseaudio/pulseaudio_6.0.bb RDEPENDS on or otherwise requires it)
NOTE: Runtime target 'alsa-plugins-pulseaudio-conf' is unbuildable, removing...
Missing or unbuildable dependency chain was: ['alsa-plugins-pulseaudio-conf']
ERROR: Required build target 'pulseaudio' has no buildable providers.
Missing or unbuildable dependency chain was: ['pulseaudio', 'alsa-plugins-pulseaudio-conf']

Based on the recipe the package alsa-plugins-pulseaudio-conf is generated if "pulseaudio" is in the alsa-plugins PACKAGECONFIG. By default that happens if your DISTRO_FEATURES includes "pulseaudio".
So check your DISTRO_FEATURES, ensure "pulseaudio" is in there (and make sure you don't modify the alsa-plugins PACKAGECONFIG in a bad way).
To see what your DISTRO_FEATURES contains:
bitbake -e pulseaudio |grep "^DISTRO_FEATURES="
To add pulseaudio if it's not there right now (you can do this in local or distro config):
DISTRO_FEATURES_append = " pulseaudio "
The whitespace preceding the feature name is required.
To check what PACKAGECONFIG is getting used for alsa-plugins (this should contain "pulseaudio"):
bitbake -e alsa-plugins|grep "^PACKAGECONFIG="

Is there any Compatibility Test Suite for Linux kernel

Is there any Compatibility Test Suite for linux kernel like we have for Android Operating system.
e.g. like when we make changes to the kernel , adding static modules, adding our own programs,configuring kernel and then building.
is there any tool to check that can check compatibility of our kernel.
like is the kernel services like IPC,Memory Memory management,Device Manager will work correct ?
So that could pass/fail/rate the generated kernel.To predict the behavior in the target system.

You can at least check compatibility of API/ABI of your changed kernel via abi-dumper and abi-compliance-checker tools: http://upstream.rosalinux.ru/kernel/
To do this you should add these config options when building your kernel:
CONFIG_DEBUG_INFO=y
CONFIG_DEBUG_INFO_REDUCED=n
And then prepare compatibility report:
abi-dumper vmlinux.old -o vmlinux-ABI-0.dump
abi-dumper vmlinux.new -o vmlinux-ABI-1.dump
abi-compliance-checker -l vmlinux -old vmlinux-ABI-0.dump -new vmlinux-ABI-1.dump
EDIT: the project has been moved to http://abi-laboratory.pro/tracker/timeline/linux/