minkipc: Add libraries and applications for security feature support

[jiaxli-QC]

• Minkipc is designed to facilitate secure communication between different domains.
  Add the minkipc component to dynamic-layer because it depends on the qcbor library from the meta-openembedded dynamic layer.
• The Mink-idl-compiler (minkidlc) is used by security components to convert .idl files into header files. Since minkipc depends on this tool and is part of dynamic-layer, add minkidlc to dynamic-layer.

[ricardosalveti]

Also please drop 'meta-qcom: security: from the commit subjects, use 'Add recipe <>' with short meaning to the recipe.

[ricardosalveti]

And split the commits that are including the packages in the packagegroup.

[lumag]

And split the commits that are including the packages in the packagegroup.

I don't think we need packagegroup at all. In the end, we only need the qtee_supplicant to be installed into the rootfs. The rest seems to be test programs (which don't belong to the production environment) and libraries (which should be pulled via dependencies).

[lumag]

Please go through all review comments and implement all of them or at least provide some response to the comments that think are not correct or not applicable.

[jiaxli-QC]

#1094 (comment)

Hi @lumag . Currently, minkidlc has only released an x86 version binary for users, and all use cases are based on x86 hosts. More validation is needed on different hosts before expanding minkidlc support.
Since minkidlc is compiled with Rust, further testing is required to ensure Rust compilation works on other platforms.
For now, we provide minkidlc via file downloads to meet the integration needs of security components. I will coordinate with the minkidlc owner and continue to work on optimizations.

[lumag]

More validation is needed on different hosts before expanding minkidlc support. Since minkidlc is compiled with Rust, further testing is required to ensure Rust compilation works on other platforms. For now, we provide minkidlc via file downloads to meet the integration needs of security components. I will coordinate with the minkidlc owner and continue to work on optimizations.

OE provides support for building Rust binaries. minkidlc is provided in the source form. It has 0 tests to check for regressions, but that's a different topic. So, no. I don't think we should accept downloading a binary to be executed on the build host.

[jiaxli-QC]

More validation is needed on different hosts before expanding minkidlc support. Since minkidlc is compiled with Rust, further testing is required to ensure Rust compilation works on other platforms. For now, we provide minkidlc via file downloads to meet the integration needs of security components. I will coordinate with the minkidlc owner and continue to work on optimizations.

OE provides support for building Rust binaries. minkidlc is provided in the source form. It has 0 tests to check for regressions, but that's a different topic. So, no. I don't think we should accept downloading a binary to be executed on the build host.

Hi @lumag , Do you mean we should raised the minkidlc compilation change in OE-core repo? I tried to compile the minkidlc in meta-qcom, but encountered some issues.

ERROR: minkidlc-native-git-r0 do_compile: Execution of '/local/mnt2/workspace/K2L/upstream/build/tmp/work/x86_64-linux/minkidlc-native/git/temp/run.do_compile.2240678' failed with exit code 101
ERROR: Logfile of failure stored in: /local/mnt2/workspace/K2L/upstream/build/tmp/work/x86_64-linux/minkidlc-native/git/temp/log.do_compile.2240678
Log data follows:
| DEBUG: Executing shell function do_compile
| NOTE: Using rust targets from /local/mnt2/workspace/K2L/upstream/build/tmp/work/x86_64-linux/minkidlc-native/git/rust-targets/
| NOTE: cargo = /local/mnt2/workspace/K2L/upstream/build/tmp/work/x86_64-linux/minkidlc-native/git/recipe-sysroot-native/usr/bin/cargo
| NOTE: cargo build -v --frozen --target x86_64-unknown-linux-gnu --release --manifest-path=/local/mnt2/workspace/K2L/upstream/build/tmp/work/x86_64-linux/minkidlc-native/git/sources/minkidlc-git//Cargo.toml
| error: no matching package named `clap` found
| location searched: directory source `/local/mnt2/workspace/K2L/upstream/build/tmp/work/x86_64-linux/minkidlc-native/git/sources/cargo_home/bitbake` (which is replacing registry `crates-io`)
| required by package `idlc v0.2.1 (/local/mnt2/workspace/K2L/upstream/build/tmp/work/x86_64-linux/minkidlc-native/git/sources/minkidlc-git/idlc)`
| As a reminder, you're using offline mode (--frozen) which can sometimes cause surprising resolution failures, if this error is too confusing you may wish to retry without `--frozen`.
| WARNING: /local/mnt2/workspace/K2L/upstream/build/tmp/work/x86_64-linux/minkidlc-native/git/temp/run.do_compile.2240678:186 exit 101 from '"cargo" build -v --frozen --target x86_64-unknown-linux-gnu --release --manifest-path=/local/mnt2/workspace/K2L/upstream/build/tmp/work/x86_64-linux/minkidlc-native/git/sources/minkidlc-git//Cargo.toml "$@"'
| WARNING: Backtrace (BB generated script):
|       #1: oe_cargo_build, /local/mnt2/workspace/K2L/upstream/build/tmp/work/x86_64-linux/minkidlc-native/git/temp/run.do_compile.2240678, line 186
|       #2: cargo_do_compile, /local/mnt2/workspace/K2L/upstream/build/tmp/work/x86_64-linux/minkidlc-native/git/temp/run.do_compile.2240678, line 158
|       #3: do_compile, /local/mnt2/workspace/K2L/upstream/build/tmp/work/x86_64-linux/minkidlc-native/git/temp/run.do_compile.2240678, line 153
|       #4: main, /local/mnt2/workspace/K2L/upstream/build/tmp/work/x86_64-linux/minkidlc-native/git/temp/run.do_compile.2240678, line 199
ERROR: Task (/local/mnt2/workspace/K2L/upstream/build/../meta-qcom/recipes-devtools/minkidlc/minkidlc-native_git.bb:do_compile) failed with exit code '1'

[lumag]

Hi @lumag , Do you mean we should raised the minkidlc compilation change in OE-core repo? I tried to compile the minkidlc in meta-qcom, but encountered some issues.

Please add the source code for the recipe that you are trying to build. I can't comment the failure without looking at your recipe.

[jiaxli-QC]

Hi @lumag , Do you mean we should raised the minkidlc compilation change in OE-core repo? I tried to compile the minkidlc in meta-qcom, but encountered some issues.

Please add the source code for the recipe that you are trying to build. I can't comment the failure without looking at your recipe.

Here is the bb file that has been created for minkidlc compilation.

SUMMARY = "Mink IDL compiler (prebuilt binary)"
DESCRIPTION = " \
Mink IDL is used to describe programming interfaces that can be used to communicate across security domain boundaries. \
Once an interface is described in an IDL source file, the Mink IDL compiler can generate target language header files. \
"

LICENSE = "BSD-3-Clause"
LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=acff25b0ff46523fa016b260dbf64945"

SRC_URI = "git://github.com/quic/mink-idl-compiler.git;branch=main;protocol=https"
SRCREV = "1a52cd017ae21750c23e01851fdffd143f9c85d0"

inherit cargo native

DEPENDS += "rust-native cargo-native"

do_install() {
    install -d ${D}${bindir}
    install -m 0755 ${S}/target/debug/idlc ${D}${bindir}/minkidlc
}

FILES:${PN} += "${bindir}/minkidlc"

[lumag]

Use cargo-update-recipe-crates class, BBCLASSEXTEND += "native", drop the defaults.

[jiaxli-QC]

Use cargo-update-recipe-crates class, BBCLASSEXTEND += "native", drop the defaults.

I updated the bb file based on the comments, but the same issue occurred during compilation. error: no matching package named clap found

DEBUG: Executing shell function do_compile
NOTE: Using rust targets from /local/mnt2/workspace/K2L/upstream/build/tmp/work/armv8-2a-poky-linux/minkidlc/git/rust-targets/
NOTE: cargo = /local/mnt2/workspace/K2L/upstream/build/tmp/work/armv8-2a-poky-linux/minkidlc/git/recipe-sysroot-native/usr/bin/cargo
NOTE: cargo build -v --frozen --target aarch64-poky-linux-gnu --release --manifest-path=/local/mnt2/workspace/K2L/upstream/build/tmp/work/armv8-2a-poky-linux/minkidlc/git/sources/minkidlc-git//Cargo.toml
error: no matching package named `clap` found
location searched: directory source `/local/mnt2/workspace/K2L/upstream/build/tmp/work/armv8-2a-poky-linux/minkidlc/git/sources/cargo_home/ bitbake` (which is replacing registry `crates-io`)
required by package `idlc v0.2.1 (/local/mnt2/workspace/K2L/upstream/build/tmp/work/armv8-2a-poky-linux/minkidlc/git/sources/minkidlc-git/idlc)`
As a reminder, you're using offline mode (--frozen) which can sometimes cause surprising resolution failures, if this error is too confusing you may wish to retry without `--frozen`.
WARNING: /local/mnt2/workspace/K2L/upstream/build/tmp/work/armv8-2a-poky-linux/minkidlc/git/temp/run.do_compile.3351729:185 exit 101 from '"cargo" build -v --frozen --target aarch64-poky-linux-gnu --release --manifest-path=/local/mnt2/workspace/K2L/upstream/build/tmp/work/armv8-2a-poky-linux/minkidlc/git/sources/minkidlc-git//Cargo.toml "$@"'
WARNING: Backtrace (BB generated script):
    #1: oe_cargo_build, /local/mnt2/workspace/K2L/upstream/build/tmp/work/armv8-2a-poky-linux/minkidlc/git/temp/run.do_compile.3351729, line 185
    #2: cargo_do_compile, /local/mnt2/workspace/K2L/upstream/build/tmp/work/armv8-2a-poky-linux/minkidlc/git/temp/run.do_compile.3351729, line 157
    #3: do_compile, /local/mnt2/workspace/K2L/upstream/build/tmp/work/armv8-2a-poky-linux/minkidlc/git/temp/run.do_compile.3351729, line 152
    #4: main, /local/mnt2/workspace/K2L/upstream/build/tmp/work/armv8-2a-poky-linux/minkidlc/git/temp/run.do_compile.3351729, line 198

Here is the patch

@@ -10,7 +10,7 @@ LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=acff25b0ff46523fa016b260dbf64945"
 SRC_URI = "git://github.com/quic/mink-idl-compiler.git;branch=main;protocol=https"
 SRCREV = "1a52cd017ae21750c23e01851fdffd143f9c85d0"

-inherit cargo native
+cargo rust cargo-update-recipe-crates
+BBCLASSEXTEND += "native"
-DEPENDS += "rust-native cargo-native"

[jiaxli-QC]

Rename qcomtee-udev.rules to 99-qcomtee-udev.rules for change 4bdc7a3. Postpone the udev rules execution time.

[jiaxli-QC]

Updated SRCREV for 32f1f70.
The qualcomm/minkipc#21 has been merged into MinkIPC.

[lumag]

you can mask arm32 builds by using COMPATIBLE_MACHINE until arm32 support is merged into minkipc.

This was ignored, which made armv7a builds to fail

[jiaxli-QC]

The update masks arm32 builds by using COMPATIBLE_MACHINE.

+# The module is only promised to support ARMv8 machines
+COMPATIBLE_MACHINE = "^$"
+COMPATIBLE_MACHINE:aarch64 = "(.*)"

57a216e

[github-actions]

Test run workflow

Test jobs for commit 57a216e

• Job 123925 on qcs9100 - boot test (qcs9100-ride-sx) 20126434452
• Job 123928 on qcs6490 - boot test (rb3gen2-core-kit) 20126434452
• Job 123924 on qcs9100 - boot test (qcs9100-ride-sx) 20126434452
• Job 123936 on dragonboard-820c - boot test (dragonboard-820c) 20126434452
• Job 123934 on dragonboard-410c - boot test (dragonboard-410c) 20126434452
• Job 123923 on qcs9100-rb8 - boot test (iq-9075-evk) 20126434452
• Job 123927 on qcs8300 - boot test (qcs8300-ride-sx) 20126434452
• Job 123931 on qcs8300 - boot test (qcs8300-ride-sx) 20126434452
• Job 123933 on dragonboard-820c - boot test (dragonboard-820c) 20126434452
• Job 123932 on qrb2210-rb1 - boot test (rb1-core-kit) 20126434452
• Job 123929 on qcs6490 - boot test (rb3gen2-core-kit) 20126434452
• Job 123935 on qcs9100-rb8 - boot test (iq-9075-evk) 20126434452
• Job 123926 on dragonboard-410c - boot test (dragonboard-410c) 20126434452
• Job 123930 on qrb2210-rb1 - boot test (rb1-core-kit) 20126434452

[test-reporting-app]

Test Results

 12 files   -  2   24 suites   - 4   36m 1s ⏱️ - 1m 41s
 45 tests  -  5   45 ✅  -  5  0 💤 ±0  0 ❌ ±0 
264 runs   - 40  264 ✅  - 40  0 💤 ±0  0 ❌ ±0 

Results for commit 57a216e. ± Comparison against base commit 7577fc8.

This pull request removes 5 tests.

0_qcs8300-ride-sx-smoke-test ‑ dmesg
0_qcs8300-ride-sx-smoke-test ‑ ip
0_qcs8300-ride-sx-smoke-test ‑ pwd
0_qcs8300-ride-sx-smoke-test ‑ uname
lava ‑ 0_qcs8300-ride-sx-smoke-test

♻️ This comment has been updated with latest results.

[github-actions]

Test run workflow

Test jobs for commit 57a216e

• Job 123925 on qcs9100 - boot test (qcs9100-ride-sx) 20126434452
• Job 123943 on qcs8300 - boot test (qcs8300-ride-sx) 20126434452
• Job 123928 on qcs6490 - boot test (rb3gen2-core-kit) 20126434452
• Job 123924 on qcs9100 - boot test (qcs9100-ride-sx) 20126434452
• Job 123936 on dragonboard-820c - boot test (dragonboard-820c) 20126434452
• Job 123934 on dragonboard-410c - boot test (dragonboard-410c) 20126434452
• Job 123941 on qcs6490 - boot test (rb3gen2-core-kit) 20126434452
• Job 123923 on qcs9100-rb8 - boot test (iq-9075-evk) 20126434452
• Job 123927 on qcs8300 - boot test (qcs8300-ride-sx) 20126434452
• Job 123931 on qcs8300 - boot test (qcs8300-ride-sx) 20126434452
• Job 123933 on dragonboard-820c - boot test (dragonboard-820c) 20126434452
• Job 123942 on qcs8300 - boot test (qcs8300-ride-sx) 20126434452
• Job 123932 on qrb2210-rb1 - boot test (rb1-core-kit) 20126434452
• Job 123929 on qcs6490 - boot test (rb3gen2-core-kit) 20126434452
• Job 123935 on qcs9100-rb8 - boot test (iq-9075-evk) 20126434452
• Job 123926 on dragonboard-410c - boot test (dragonboard-410c) 20126434452
• Job 123930 on qrb2210-rb1 - boot test (rb1-core-kit) 20126434452

[jiaxli-QC]

Updated the comment at minkipc_git.bb, line 36 for 869fcee