menna@home:~$

How To Run Specific Morello Kernel Image On Fvp

This blog was before this update

To be able to work on Morello Kernel development and run it on FVP:

  1. Set up the prerequisites.

  2. Follow these steps to run kernel using Morello-SDK container.

  3. After building the kernel, the SDK environment looks like this (with the kernel built under workspace/linux-out):

     |-> workspace/
   |-> linux/
   |-> linux-out/
 |-> docker-compose.yml

  4. Combine the SDK environment with the morello-Linux environment “Docker image for Morello Linux” by adding it to docker-compose.yml

    # Docker composer file for Morello Linux
version: '3.8'
services:
  linux-morello-sdk:
    image:"git.morello-project.org:5050/morello/morello-sdk/morello-sdk:latest"
    container_name: "linux-morello-sdk"
    volumes:
      - ./workspace:/home/morello/workspace
    tty: true
    restart: unless-stopped
  morello-linux:
    image:"git.morello-project.org:5050/morello/morello-linux/morello-linux:latest"
    container_name: "morello-linux"
    environment:
      - UID=1000
      - GID=1000
    volumes:
      - ./workspace:/morello
    tty: true
    restart: unless-stopped
  5. Setup FVP. 
    cd workspace
wget -O FVP_Morello_0.11_34.tgz https://developer.arm.com/-/media/Arm%20Developer%20Community/Downloads/OSS/FVP/Morello%20Platform/FVP_Morello_0.11_34.tgz?rev=5f34837ae6c14ede8493dfc24c9af397&hash=862883120C5638E0B3C5ACA6FDDC5558021E1886
tar -xzvf FVP_Morello_0.11_34.tgz
./FVP_Morello.sh --force --destination ./FVP_Morello

  6. Start the containers:

    docker-compose up -d

  7. Still, on the host, download this package for later use:

      cd workspace
  curl --output kexec-tools_2.0.20-2.1_arm64.deb http://deb.debian.org/debian/pool/main/k/kexec-tools/kexec-tools_2.0.20-2.1_arm64.deb

  8. Enter the morello-linux container:

    docker exec -it -u 1000 morello-linux /bin/bash

  9. Using an editor like Vim, open /usr/bin/morello and append on the last line -v /morello, it should now look like this:

    morello-run.sh -f distro -i /usr/share/morello/images/morello-fvp/morello-fvp.img -v /morello

    (This specifies that /morello should be made available to be mounted as a 9P filesystem in FVP.)

  10. Start FVP:

    # morello

  11. Once FVP has booted, mount the 9P filesystem to access the /morello directory in the container: 
    # mkdir /mnt/9p
# mount -t 9p -o trans=virtio,version=9p2000.L FM /mnt/9p

  12. Install the previously downloaded kexec-tools package:

    # dpkg -i /mnt/9p/kexec-tools_2.0.20-2.1_arm64.deb

  13. You should now be able to boot your own kernel image using Kexec: 
    # kexec -l /mnt/9p/linux-out/arch/arm64/boot/Image --reuse-cmdline
# systemctl kexec

The configurations that are not compiled with error:

CONFIG_SECURITY_LOCKDOWN_LSM=y

/home/morello/workspace/linux/scripts/sign-file.c:25:10: fatal error: 'openssl/opensslv.h' file not found
#include <openssl/opensslv.h>
         ^~~~~~~~~~~~~~~~~~~~
1 error generated.
make[2]: *** [/home/morello/workspace/linux/scripts/Makefile.host:111: scripts/sign-file] Error 1
make[1]: *** [/home/morello/workspace/linux/Makefile:1261: scripts] Error 2
make[1]: Leaving directory '/home/morello/workspace/linux-out'
make: *** [Makefile:231: __sub-make] Error 2

CONFIG_IMA_APPRAISE_MODSIG=y

/home/morello/workspace/linux/scripts/sign-file.c:25:10: fatal error: 'openssl/opensslv.h' file not found
#include <openssl/opensslv.h>
         ^~~~~~~~~~~~~~~~~~~~
1 error generated.
make[2]: *** [/home/morello/workspace/linux/scripts/Makefile.host:111: scripts/sign-file] Error 1
make[1]: *** [/home/morello/workspace/linux/Makefile:1261: scripts] Error 2
make[1]: Leaving directory '/home/morello/workspace/linux-out'
make: *** [Makefile:231: __sub-make] Error 2

CONFIG_INTEGRITY_TRUSTED_KEYRING=y

/home/morello/workspace/linux/certs/extract-cert.c:21:10: fatal error: 'openssl/bio.h' file not found
#include <openssl/bio.h>
         ^~~~~~~~~~~~~~~
1 error generated.
make[3]: *** [/home/morello/workspace/linux/scripts/Makefile.host:111: certs/extract-cert] Error 1
make[2]: *** [/home/morello/workspace/linux/scripts/Makefile.build:500: certs] Error 2
make[1]: *** [/home/morello/workspace/linux/Makefile:1999: .] Error 2
make[1]: Leaving directory '/home/morello/workspace/linux-out'
make: *** [Makefile:231: __sub-make] Error 2

Fixed By installing libssl-dev apt-get install libssl-dev in linux-morello-sdk container

Suggested-By: Kevin Brodsky kevin.brodsky@arm.com