subtree updatesstyhead

poky: subtree update:5d88faa0f3..ecd195a3ef Aditya Tayade (1): e2fsprogs: removed 'sed -u' option Adrian Freihofer (12): oe-selftest: fitimage refactor u-boot-tools-native oe-selftest: fitimage drop test-mkimage-wrapper oe-selftest: fitimage cleanup asserts oe-selftest: fitimage fix test_initramfs_bundle kernel-fitimage: fix handling of empty default dtb pybootchartgui.py: python 3.12+ regexes kernel-fitimage: fix intentation kernel-fitimage: fix external dtb check uboot-config: fix devtool modify with kernel-fitimage devtool: modify kernel adds append twice devtool: remove obsolete SRCTREECOVEREDTASKS handling cml1: add do_savedefconfig Alban Bedel (2): bind: Fix build with the `httpstats` package config enabled util-linux: Add `findmnt` to the bash completion RDEPENDS Alejandro Hernandez Samaniego (1): tclibc-picolibc: Adds a new TCLIBC variant to build with picolibc as C library Aleksandar Nikolic (2): cve-check: Introduce CVE_CHECK_MANIFEST_JSON_SUFFIX scripts/install-buildtools: Update to 5.1 Alessandro Pecugi (1): runqemu: add sd card device Alexander Kanavin (100): perf: drop newt from tui build requirements libnewt: move to meta-oe python3: submit deterministic_imports.patch upstream as a ticket glib-networking: submit eagain.patch upstream psmisc: merge .inc into .bb psmisc: drop duplicate entries psmisc: remove 0001-Use-UINTPTR_MAX-instead-of-__WORDSIZE.patch openssh: drop add-test-support-for-busybox.patch libfm-extra: drop unneeded 0001-nls.m4-Take-it-from-gettext-0.15.patch glslang: mark 0001-generate-glslang-pkg-config.patch as Inappropriate tcp-wrappers: mark all patches as inactive-upstream automake: mark new_rt_path_for_test-driver.patch as Inappropriate settings-daemon: submit addsoundkeys.patch upstream and update to a revision that has it dpkg: mark patches adding custom non-debian architectures as inappropriate for upstream libacpi: mark patches as inactive-upstream python3: drop deterministic_imports.patch lib/oe/recipeutils: return a dict in get_recipe_upgrade_status() instead of a tuple lib/recipeutils: add a function to determine recipes with shared include files recipeutils/get_recipe_upgrade_status: group recipes when they need to be upgraded together devtool/upgrade: use PN instead of BPN for naming newly created upgraded recipes devtool/upgrade: rename RECIPE_UPDATE_EXTRA_TASKS -> RECIPE_UPGRADE_EXTRA_TASKS python3-jinja2: fix upstream version check ca-certificates: get sources from debian tarballs pulseaudio, desktop-file-utils: correct freedesktop.org -> www.freedesktop.org SRC_URI xf86-video-intel: correct SRC_URI as freedesktop anongit is down python3-cython: correct upstream version check python3-babel: drop custom PYPI settings python3-cython: fix upstream check again sysvinit: take release tarballs from github bash: upgrade 5.2.21 -> 5.2.32 boost: upgrade 1.85.0 -> 1.86.0 ccache: upgrade 4.10.1 -> 4.10.2 cmake: upgrade 3.30.1 -> 3.30.2 dpkg: upgrade 1.22.10 -> 1.22.11 e2fsprogs: upgrade 1.47.0 -> 1.47.1 epiphany: upgrade 46.0 -> 46.3 gstreamer1.0: upgrade 1.24.5 -> 1.24.6 kmod: upgrade 32 -> 33 kmscube: upgrade to latest revision libadwaita: upgrade 1.5.2 -> 1.5.3 libedit: upgrade 20240517-3.1 -> 20240808-3.1 libnl: upgrade 3.9.0 -> 3.10.0 librepo: upgrade 1.17.0 -> 1.18.1 libva: upgrade 2.20.0 -> 2.22.0 linux-firmware: upgrade 20240513 -> 20240811 lua: upgrade 5.4.6 -> 5.4.7 mpg123: upgrade 1.32.6 -> 1.32.7 mtools: upgrade 4.0.43 -> 4.0.44 nghttp2: upgrade 1.62.0 -> 1.62.1 puzzles: upgrade to latest revision python3-dtschema: upgrade 2024.4 -> 2024.5 python3-uritools: upgrade 4.0.2 -> 4.0.3 python3-webcolors: upgrade 1.13 -> 24.8.0 sqlite3: upgrade 3.45.3 -> 3.46.1 stress-ng: upgrade 0.17.08 -> 0.18.02 webkitgtk: upgrade 2.44.1 -> 2.44.3 weston: upgrade 13.0.1 -> 13.0.3 xkeyboard-config: upgrade 2.41 -> 2.42 xz: upgrade 5.4.6 -> 5.6.2 mesa: set PV from the .inc file and not via filenames meta/lib/oe/sstatesig.py: do not error out if sstate files fail on os.stat() piglit: add a patch to address host contamination for wayland-scanner selftest: always tweak ERROR_QA/WARN_QA per package selftest: use INIT_MANAGER to enable systemd instead of custom settings xmlto: check upstream version tags, not new commits glib-2.0: update 2.80.2 -> 2.80.4 lttng-modules: update 2.13.13 -> 2.13.14 automake: update 1.16.5 -> 1.17 fmt: update 10.2.1 -> 11.0.2 git: 2.45.2 -> 2.46.0 perlcross: update 1.5.2 -> 1.6 perl: update 5.38.2 -> 5.40.0 gnu-config: update to latest revision python3-license-expression: update 30.3.0 -> 30.3.1 python3-pip: 24.0 -> 24.2 python3-pyopenssl: update 24.1.0 -> 24.2.1 python3-pyyaml: update 6.0.1 -> 6.0.2 python3-scons: update 4.7.0 -> 4.8.0 cargo-c-native: update 0.9.30 -> 0.10.3 go-helloworld: update to latest revision vulkan-samples: update to latest revision ffmpeg: update 6.1.1 -> 7.0.2 libksba: update 1.6.6 -> 1.6.7 p11-kit: update 0.25.3 -> 0.25.5 iproute2: upgrade 6.9.0 -> 6.10.0 ifupdown: upgrade 0.8.41 -> 0.8.43 libdnf: upgrade 0.73.2 -> 0.73.3 mmc-utils: upgrade to latest revision adwaita-icon-theme: upgrade 46.0 -> 46.2 hicolor-icon-theme: upgrade 0.17 -> 0.18 waffle: upgrade 1.8.0 -> 1.8.1 libtraceevent: upgrade 1.8.2 -> 1.8.3 alsa-utils: upgrade 1.2.11 -> 1.2.12 lz4: upgrade 1.9.4 -> 1.10.0 vte: upgrade 0.74.2 -> 0.76.3 cracklib: update 2.9.11 -> 2.10.2 selftest/sstatetests: run CDN mirror check only once package_rpm: use zstd's default compression level package_rpm: restrict rpm to 4 threads ref-manual: merge two separate descriptions of RECIPE_UPGRADE_EXTRA_TASKS Alexander Sverdlin (1): linux-firmware: Move Silabs wfx firmware to a separate package Alexandre Belloni (1): oeqa/selftest/oescripts: pinentry update to 1.3.1 Alexis Lothoré (4): oeqa/ssh: allow to retrieve raw, unformatted ouput oeqa/utils/postactions: transfer whole archive over ssh instead of doing individual copies oeqa/postactions: fix exception handling oeqa/postactions: do not uncompress retrieved archive on host Andrew Oppelt (1): testexport: support for executing tests over serial Andrey Zhizhikin (1): devicetree.bbclass: switch away from S = WORKDIR Antonin Godard (38): ref-manual: add missing CVE_CHECK manifest variables ref-manual: add new vex class ref-manual: add new retain class and variables ref-manual: add missing nospdx class ref-manual: add new RECIPE_UPGRADE_EXTRA_TASKS variable ref-manual: drop siteconfig class ref-manual: add missing TESTIMAGE_FAILED_QA_ARTIFACTS ref-manual: add missing image manifest variables ref-manual: add missing EXTERNAL_KERNEL_DEVICETREE variable ref-manual: drop TCLIBCAPPEND variable ref-manual: add missing OPKGBUILDCMD variable ref-manual: add missing variable PRSERV_UPSTREAM ref-manual: merge patch-status-* to patch-status ref-manual: add mission pep517-backend sanity check release-notes-5.1: update release note for styhead release-notes-5.1: fix spdx bullet point ref-manual: fix ordering of insane checks list release-notes-5.1: add beaglebone-yocto parselogs test oeqa failure ref-manual: structure.rst: document missing tmp/ dirs overview-manual: concepts: add details on package splitting ref-manual: faq: add q&a on class appends ref-manual: release-process: update releases.svg ref-manual: release-process: refresh the current LTS releases ref-manual: release-process: update releases.svg with month after "Current" ref-manual: release-process: add a reference to the doc's release ref-manual: devtool-reference: refresh example outputs ref-manual: devtool-reference: document missing commands conf.py: rename :cve: role to :cve_nist: doc: Makefile: remove inkscape, replace by rsvg-convert doc: Makefile: add support for xelatex doc: add a download page for epub and pdf sphinx-static/switchers.js.in: do not refer to URL_ROOT anymore migration-guides: 5.1: fix titles conf.py: add a bitbake_git extlink dev-manual: document how to provide confs from layer.conf dev-manual: bblock: use warning block instead of attention standards.md: add a section on admonitions ref-manual: classes: fix bin_package description Benjamin Szőke (1): mc: fix source URL Bruce Ashfield (40): linux-yocto/6.6: update to v6.6.34 linux-yocto/6.6: update to v6.6.35 linux-yocto/6.6: fix AMD boot trace linux-yocto/6.6: update to v6.6.36 linux-yocto/6.6: update to v6.6.38 linux-yocto/6.6: update to v6.6.40 linux-yocto/6.6: update to v6.6.43 linux-libc-headers: update to v6.10 kernel-devsrc: remove 64 bit vdso cmd files linux-yocto: introduce 6.10 reference kernel linux-yocto/6.10: update to v6.10 linux-yocto/6.10: update to v6.10.2 linux-yocto/6.10: update to v6.10.3 oeqa/runtime/parselogs: update pci BAR ignore for kernel 6.10 oeqa/runtime/parselogs: mips: skip sysctl warning yocto-bsp: set temporary preferred version for genericarm64 lttng-modules: backport patches for kernel v6.11 linux-yocto-dev: bump to v6.11 linux-yocto-rt/6.10: update to -rt14 linux-yocto/6.10: cfg: disable nfsd legacy client tracking linux-yocto/6.6: update to v6.6.44 poky/poky-tiny: bump preferred version to 6.10 linux-yocto/6.6: update to v6.6.45 linux-yocto/6.6: fix genericarm64 config warning linux-yocto/6.6: update to v6.6.47 linux-yocto/6.10: fix CONFIG_PWM_SYSFS config warning linux-yocto/6.10: update to v6.10.7 linux-yocto/6.10: update to v6.10.8 linux-yocto/6.6: update to v6.6.49 linux-yocto/6.6: update to v6.6.50 linux-yocto/6.10: cfg: arm64 configuration updates linux-yocto/6.6: update to v6.6.52 linux-yocto/6.6: update to v6.6.54 linux-yocto/6.10: update to v6.10.11 linux-yocto/6.10: update to v6.10.12 linux-yocto/6.10: update to v6.10.13 linux-yocto/6.10: update to v6.10.14 linux-yocto/6.10: genericarm64.cfg: enable CONFIG_DMA_CMA linux-yocto/6.10: cfg: gpio: allow to re-enable the deprecated GPIO sysfs interface linux-yocto/6.10: bsp/genericarm64: disable ARM64_SME Carlos Alberto Lopez Perez (1): icu: Backport patch to fix build issues with long paths (>512 chars) Changhyeok Bae (1): ethtool: upgrade 6.7 -> 6.9 Changqing Li (11): pixman: fix do_compile error vulkan-samples: fix do_compile error when -Og enabled multilib.conf: remove appending to PKG_CONFIG_PATH pixman: update patch for fixing inline failure with -Og rt-tests: rt_bmark.py: fix TypeError libcap-ng: update SRC_URI apt-native: don't let dpkg overwrite files by default webkitgtk: fix do_configure error on beaglebone-yocto bitbake.conf: drop VOLATILE_LOG_DIR, use FILESYSTEM_PERMS_TABLES instead bitbake.conf: drop VOLATILE_TMP_DIR, use FILESYSTEM_PERMS_TABLES instead rxvt-unicode.inc: disable the terminfo installation by setting TIC to : Chen Qi (13): pciutils: remove textrel INSANE_SKIP systemd: upgrade from 255.6 to 256 systemd-boot: upgrade from 255.6 to 256 util-linux/util-linux-libuuid: upgrade from 2.39.3 to 2.40.1 libssh2: remove util-linux-col from ptest dependencies kexec-tools: avoid kernel warning json-c: use upstream texts for SUMMARY and DESCRIPTION util-linux/util-linux-libuuid: upgrade from 2.40.1 to 2.40.2 shadow: upgrade from 4.15.1 to 4.16.0 json-c: avoid ptest failure caused by valgrind toolchain-shar-extract.sh: exit when post-relocate-setup.sh fails libgfortran: fix buildpath QA issue shadow: use update-alternatives to handle groups.1 Chris Laplante (4): bitbake: ui/knotty: print log paths for failed tasks in summary bitbake: ui/knotty: respect NO_COLOR & check for tty; rename print_hyperlink => format_hyperlink bitbake: persist_data: close connection in SQLTable __exit__ bitbake: fetch2: use persist_data context managers Chris Spencer (1): cargo_common.bbclass: Support git repos with submodules Christian Lindeberg (3): bitbake: fetch2: Add gomod fetcher bitbake: fetch2: Add gomodgit fetcher bitbake: tests/fetch: Update GoModTest and GoModGitTest Christian Taedcke (1): iptables: fix memory corruption when parsing nft rules Clara Kowalsky (1): resulttool: Add support to create test report in JUnit XML format Claus Stovgaard (1): lib/oe/package-manager: skip processing installed-pkgs with empty globs Clayton Casciato (1): uboot-sign: fix concat_dtb arguments Clément Péron (1): openssl: Remove patch already upstreamed Colin McAllister (2): udev-extraconf: Add collect flag to mount busybox: Fix cut with "-s" flag Corentin Lévy (1): python3-libarchive-c: add ptest Dan McGregor (1): bitbake: prserv: increment 9 to 10 correctly Daniel McGregor (1): libpam: use libdir in conditional Daniel Semkowicz (1): os-release: Fix VERSION_CODENAME in case it is empty Daniil Batalov (1): spdx30_tasks.py: fix typo in call of is_file method Deepesh Varatharajan (1): rust: Rust Oe-Selftest Reduce the testcases in exclude list Deepthi Hemraj (5): llvm: Fix CVE-2024-0151 glibc: stable 2.39 branch updates. binutils: stable 2.42 branch updates glibc: stable 2.40 branch updates glibc: stable 2.40 branch updates. Denys Dmytriyenko (3): llvm: extend llvm-config reproducibility fix to nativesdk class nativesdk-libtool: sanitize the script, remove buildpaths gcc: unify cleanup of include-fixed, apply to cross-canadian Divya Chellam (1): python3: Upgrade 3.12.5 -> 3.12.6 Dmitry Baryshkov (12): mesa: fix QA warnings caused by freedreno tools xserver-xorg: fix CVE-2023-5574 status lib/spdx30_tasks: improve error message linux-firmware: make qcom-sc8280xp-lenovo-x13s-audio install Linaro licence linux-firmware: add packages with SM8550 and SM8650 audio topology files linux-firmware: move -qcom-qcm2290-wifi before -ath10k linux-firmware: use wildcards to grab all qcom-qcm2290/qrb4210 wifi files linux-firmware: package qcom-vpu firmware linux-firmware: restore qcom/vpu-1.0/venus.mdt compatibility symlink piglit: add missing dependency on wayland linux-firmware: add packages for Qualcomm XElite GPU firmware linux-firmware: split ath10k package Enguerrand de Ribaucourt (6): bitbake: fetch2/npmsw: fix fetching git revisions not on master bitbake: fetch2/npmsw: allow packages not declaring a registry version npm: accept unspecified versions in package.json recipetool: create_npm: resolve licenses defined in package.json recipetool: create: split guess_license function recipetool: create_npm: reuse license utils Enrico Jörns (2): bitbake: bitbake-diffsigs: fix handling when finding only a single sigfile archiver.bbclass: fix BB_GENERATE_MIRROR_TARBALLS checking Esben Haabendal (1): mesa: Fix build with etnaviv gallium driver Etienne Cordonnier (3): oeqa/runtime: fix race-condition in minidebuginfo test bitbake: gcp.py: remove slow calls to gsutil stat systemd: make home directory readable by systemd-coredump Fabio Estevam (1): u-boot: upgrade 2024.04 -> 2024.07 Florian Amstutz (1): u-boot: Fix potential index error issues in do_deploy with multiple u-boot configurations Gassner, Tobias.ext (1): rootfs: Ensure run-postinsts is not uninstalled for read-only-rootfs-delayed-postinsts Gauthier HADERER (1): populate_sdk_ext.bclass: make sure OECORE_NATIVE_SYSROOT is exported. Guðni Már Gilbert (7): python3-setuptools: drop python3-2to3 from RDEPENDS bluez5: drop modifications to Python shebangs bluez5: cleanup redundant backslashes python3-attrs: drop python3-ctypes from RDEPENDS gobject-introspection: split tools and giscanner into a separate package bluez5: upgrade 5.77 -> 5.78 bluez5: remove redundant patch for MAX_INPUT Harish Sadineni (4): gcc-runtime: enabling "network" task specific flag oeqa/selftest/gcc: Fix host key verfication failure oeqa/selftest/gcc: Fix kex exchange identification error binutils: Add missing perl modules to RDEPENDS for nativsdk variant Het Patel (1): zlib: Add CVE_PRODUCT to exclude false positives Hiago De Franco (1): weston: backport patch to allow neatvnc < v0.9.0 Hongxu Jia (1): gcc-source: Fix racing on building gcc-source-14.2.0 and lib32-gcc-source-14.2.0 Intaek Hwang (6): alsa-plugins: set CVE_PRODUCT mpfr: set CVE_PRODUCT libatomic-ops: set CVE_PRODUCT gstreamer1.0-plugins-bad: set CVE_PRODUCT python3-lxml: set CVE_PRODUCT python3-psutil: set CVE_PRODUCT Jaeyoon Jung (2): makedevs: Fix issue when rootdir of / is given makedevs: Fix matching uid/gid Jagadeesh Krishnanjanappa (1): tune-cortexa32: set tune feature as armv8a Jan Vermaete (2): python3-websockets: added python3-zipp as RDEPENDS ref-manual: added wic.zst to the IMAGE_TYPES Jinfeng Wang (2): glib-2.0: fix glib-2.0 ptest failure when upgrading tzdata2024b tzdata/tzcode-native: upgrade 2024a -> 2024b Johannes Schneider (3): systemd: add PACKAGECONFIG for bpf-framework systemd: bpf-framework: 'propagate' the '--sysroot=' for crosscompilation systemd: bpf-framework: pass 'recipe-sysroot' to BPF compiler John Ripple (1): packagegroup-core-tools-profile.bb: Enable aarch64 valgrind Jon Mason (6): oeqa/runtime/ssh: add retry logic and sleeps to allow for slower systems oeqa/runtime/ssh: check for all errors at the end docs: modify reference from python2.py to python.py kernel.bbclass: remove unused CMDLINE_CONSOLE oeqa/runtime/ssh: increase the number of attempts wpa-supplicant: add patch to check for kernel header version when compiling macsec Jonas Gorski (1): rootfs-postcommands.bbclass: make opkg status reproducible Jonas Munsin (1): bzip2: set CVE_PRODUCT Jonathan GUILLOT (1): cronie: add inotify PACKAGECONFIG option Jose Quaresma (14): go: upgrade 1.22.3 -> 1.22.4 go: drop the old 1.4 bootstrap C version openssh: fix CVE-2024-6387 go: upgrade 1.22.4 -> 1.22.5 openssh: drop rejected patch fixed in 8.6p1 release openssh: systemd sd-notify patch was rejected upstream oeqa/runtime/scp: requires openssh-sftp-server libssh2: fix ptest regression with openssh 9.8p1 openssh: systemd notification was implemented upstream openssh: upgrade 9.7p1 -> 9.8p1 libssh2: disable-DSA-by-default go: upgrade 1.22.5 -> 1.22.6 bitbake: bitbake: doc/user-manual: Update the BB_HASHSERVE_UPSTREAM oeqa/selftest: Update the BB_HASHSERVE_UPSTREAM Joshua Watt (22): binutils-cross-testsuite: Rename to binutils-testsuite classes/spdx-common: Move SPDX_SUPPLIER scripts/pull-spdx-licenses.py: Add script licenses: Update to SPDX license version 3.24.0 classes/create-spdx-2.2: Handle SemVer License List Versions classes-recipe/image: Add image file manifest classes-global/staging: Exclude do_create_spdx from automatic sysroot extension classes-recipe/image_types: Add SPDX_IMAGE_PURPOSE to images classes-recipe: nospdx: Add class classes-recipe/baremetal-image: Add image file manifest selftest: sstatetests: Exclude all SPDX tasks classes/create-spdx-2.2: Handle empty packages classes/create-spdx-3.0: Add classes selftest: spdx: Add SPDX 3.0 test cases classes/spdx-common: Move to library classes/create-spdx-3.0: Move tasks to library Switch default spdx version to 3.0 classes-recipe/multilib_script: Expand before splitting classes/create-spdx-image-3.0: Fix SSTATE_SKIP_CREATION lib/spdx30_tasks: Report all missing providers lib/oe/sbom30.py: Fix build parameters bitbake: Remove custom exception backtrace formatting Julien Stephan (5): README: add instruction to run Vale on a subset documentation: Makefile: add SPHINXLINTDOCS to specify subset to sphinx-lint styles: vocabularies: Yocto: add sstate ref-manual: variables: add SIGGEN_LOCKEDSIGS* variables dev-manual: add bblock documentation Jörg Sommer (7): classes/kernel: No symlink in postinst without KERNEL_IMAGETYPE_SYMLINK ref-manual: add DEFAULT_TIMEZONE variable ptest-runner: Update 2.4.4 -> 2.4.5 runqemu: Fix detection of -serial parameter buildcfg.py: add dirty status to get_metadata_git_describe doc/features: remove duplicate word in distribution feature ext2 doc/features: describe distribution feature pni-name Kai Kang (3): glibc: fix fortran header file conflict for arm systemd: fix VERSION_TAG related build error kexec-tools: update COMPATIBLE_HOST because of makedumpfile Katawann (1): cve-check: add field "modified" to JSON report Khem Raj (38): llvm: Update to 18.1.8 utils.bbclass: Use objdump instead of readelf to compute SONAME mesa: Including missing LLVM header mesa: Add packageconfig knob to control tegra gallium driver gdb: Upgrade to 15.1 release busybox: Fix tc applet build when using kernel 6.8+ busybox: CVE-2023-42364 and CVE-2023-42365 fixes busybox: Add fix for CVE-2023-42366 gcc-14: Mark CVE-2023-4039 as fixed in GCC14+ systemd: Replace deprecate udevadm command glibc: Upgrade to 2.40 glibc: Remove redundant configure option --disable-werror libyaml: Update status of CVE-2024-35328 libyaml: Change CVE status to wontfix binutils: Upgrade to 2.43 release binutils: Fix comment about major version gcc: Upgrade to GCC 14.2 gnupg: Document CVE-2022-3219 and mark wontfix systemd: Refresh patch to remove patch-fuzz quota: Apply a backport to fix basename API with musl bluez5: Fix build with musl musl: Update to 1.2.5 release musl: Upgrade to latest tip of trunk gdb: Fix build with latest clang fmt: Get rid of std::copy aspell: Backport a fix to build with gcc-15/clang-19 openssh: Mark CVE-2023-51767 as wont-fix python: Backport fixes for CVE-2024-7592 ffmpeg: Fix build on musl linux systems kea: Replace Name::NameString with vector of uint8_t webkitgtk: Fix build issues with clang-19 glibc: Fix the arm/arm64 worsize.h uniificationb patch gcc: Fix spurious '/' in GLIBC_DYNAMIC_LINKER on microblaze libpcre2: Update base uri PhilipHazel -> PCRE2Project linux-yocto: Enable l2tp drivers when ptest featuee is on bluez: Fix mesh builds on musl qemu: Fix build on musl/riscv64 ffmpeg: Disable asm optimizations on x86 Konrad Weihmann (6): testimage: fallback for empty IMAGE_LINK_NAME python3-docutils: fix interpreter lines testexport: fallback for empty IMAGE_LINK_NAME python_flit_core: remove python3 dependency runqemu: keep generating tap devices runqemu: remove unused uid variable Lee Chee Yang (10): migration-guides: add release notes for 4.0.19 migration-guides: add release notes for 5.0.2 migration-guide: add release notes for 4.0.20 migration-guides: add release notes for 5.0.3 migration-guide: add release notes for 4.0.21 release-notes-5.1: update for several section migration-guide: add release notes for 4.0.22 migration-guides: add release notes for 5.0.4 migration-guides: add release notes for 5.0.5 migration-guides: add release notes for 4.0.23 Leon Anavi (1): u-boot.inc: WORKDIR -> UNPACKDIR transition Leonard Göhrs (1): bitbake: fetch2/npm: allow the '@' character in package names Louis Rannou (1): image_qa: fix error handling Marc Ferland (2): appstream: refresh patch appstream: add qt6 PACKAGECONFIG option Marcus Folkesson (1): bootimg-partition: break out code to a common library. Mark Hatle (7): create-sdpx-2.2.bbclass: Switch from exists to isfile checking debugsrc package.py: Fix static debuginfo split package.py: Fix static library processing selftest-hardlink: Add additional test cases spdx30_tasks.py: switch from exists to isfile checking debugsrc create-spdx-*: Support multilibs via SPDX_MULTILIB_SSTATE_ARCHS oeqa sdk cases: Skip SDK test cases when TCLIBC is newlib Markus Volk (4): libinput: update 1.25.0 -> 1.26.1 systemd: dont set polkit permissions manually gtk4: update 4.14.4 -> 4.14.5 gcc: add a backport patch to fix an issue with tzdata 2024b Marta Rybczynska (9): classes/kernel.bbclass: update CVE_PRODUCT cve-check: encode affected product/vendor in CVE_STATUS cve-extra-inclusions: encode CPEs of affected packages cve-check: annotate CVEs during analysis vex.bbclass: add a new class cve-check-map: add new statuses selftest: add test_product_match cve-json-to-text: add script cve-check: remove the TEXT format support Martin Hundeb?ll (1): ofono: upgrade 2.7 -> 2.8 Martin Jansa (10): libgfortran.inc: fix nativesdk-libgfortran dependencies hdparm: drop NO_GENERIC_LICENSE[hdparm] gstreamer1.0-plugins-bad: add PACKAGECONFIG for gtk3 kernel.bbclass: add original package name to RPROVIDES for -image and -base meta-world-pkgdata: Inherit nopackages populate_sdk_base: inherit nopackages mc: set ac_cv_path_ZIP to avoid buildpaths QA issues bitbake.conf: DEBUG_PREFIX_MAP: add -fmacro-prefix-map for STAGING_DIR_NATIVE bitbake: Revert "fetch2/gitsm: use configparser to parse .gitmodules" ffmpeg: fix packaging examples Mathieu Dubois-Briand (1): oeqa/postactions: Fix archive retrieval from target Matthew Bullock (1): openssh: allow configuration of hostkey type Matthias Pritschet (1): ref-manual: fix typo and move SYSROOT_DIRS example Michael Halstead (1): yocto-uninative: Update to 4.6 for glibc 2.40 Michael Opdenacker (1): doc: Makefile: publish pdf and epub versions too Michal Sieron (1): insane: remove obsolete QA errors Mikko Rapeli (2): systemd: update from 256 to 256.4 ovmf-native: remove .pyc files from install Mingli Yu (1): llvm: Enable libllvm for native build Niko Mauno (17): dnf/mesa: Fix missing leading whitespace with ':append' systemd: Mitigate /var/log type mismatch issue systemd: Mitigate /var/tmp type mismatch issue libyaml: Amend CVE status as 'upstream-wontfix' image_types.bbclass: Use --force also with lz4,lzop util-linux: Add PACKAGECONFIG option to mitigate rootfs remount error iw: Fix LICENSE dejagnu: Fix LICENSE unzip: Fix LICENSE zip: Fix LICENSE tiff: Fix LICENSE gcr: Fix LICENSE python3-maturin: Fix cross compilation issue for armv7l, mips64, ppc bitbake.conf: Mark VOLATILE_LOG_DIR as obsolete bitbake.conf: Mark VOLATILE_TMP_DIR as obsolete docs: Replace VOLATILE_LOG_DIR with FILESYSTEM_PERMS_TABLES docs: Replace VOLATILE_TMP_DIR with FILESYSTEM_PERMS_TABLES Ola x Nilsson (4): scons.bbclass: Add scons class prefix to do_configure insane: Remove redundant returns ffmpeg: Package example files in ffmpeg-examples glibc: Fix missing randomness in __gen_tempname Oleksandr Hnatiuk (2): icu: remove host references in nativesdk to fix reproducibility gcc: remove paths to sysroot from configargs.h and checksum-options for gcc-cross-canadian Otavio Salvador (1): u-boot: Ensure we use BFD as linker even if using GCC for it Patrick Wicki (1): gpgme: move gpgme-tool to own sub-package Paul Barker (1): meta-ide-support: Mark recipe as MACHINE-specific Paul Eggleton (1): classes: add new retain class for retaining build results Paul Gerber (1): uboot-sign: fix counters in do_uboot_assemble_fitimage Pavel Zhukov (1): package_rpm: Check if file exists before open() Pedro Ferreira (2): buildhistory: Fix intermittent package file list creation buildhistory: Restoring files from preserve list Peter Kjellerstedt (9): systemd: Correct the indentation in do_install() systemd: Move the MIME file to a separate package license_image.bbclass: Rename license-incompatible to license-exception test-manual: Add a missing dot systemd.bbclass: Clean up empty parent directories oeqa/selftest/bbclasses: Add tests for systemd and update-rc.d interaction systemd: Remove a leftover reference to ${datadir}/mime bitbake: fetch2/gomod: Support URIs with only a hostname image.bbclass: Drop support for ImageQAFailed exceptions in image_qa Peter Marko (17): cargo: remove True option to getVar calls poky-sanity: remove True option to getVar calls flac: fix buildpaths warnings bitbake: fetch/clearcase: remove True option to getVar calls in clearcase module busybox: Patch CVE-2021-42380 busybox: Patch CVE-2023-42363 libstd-rs,rust-cross-canadian: set CVE_PRODUCT to rust glibc: cleanup old cve status libmnl: explicitly disable doxygen libyaml: ignore CVE-2024-35326 libyaml: Ignore CVE-2024-35325 wpa-supplicant: Ignore CVE-2024-5290 cve-check: add support for cvss v4.0 go: upgrade 1.22.6 -> 1.22.7 go: upgrade 1.22.7 -> 1.22.8 cve-check: do not skip cve status description after : cve-check: fix malformed cve status description with : characters Philip Lorenz (1): curl: Reenable auth support for native and nativesdk Primoz Fiser (2): pulseaudio: Add PACKAGECONFIG for optional OSS support pulseaudio: Remove from time64.inc exception list Purushottam Choudhary (2): kmscube: Upgrade to latest revision virglrenderer: Add patch to fix -int-conversion build issue Quentin Schulz (4): bitbake: doc: releases: mark mickledore as outdated bitbake: doc: releases: add nanbield to the outdated manuals bitbake: doc: releases: add scarthgap weston-init: fix weston not starting when xwayland is enabled Rasmus Villemoes (3): iptables: remove /etc/ethertypes openssh: factor out sshd hostkey setup to separate function systemd: include sysvinit in default PACKAGECONFIG only if in DISTRO_FEATURES Regis Dargent (1): udev-extraconf: fix network.sh script did not configure hotplugged interfaces Ricardo Simoes (2): volatile-binds: Do not create workdir if OverlayFS is disabled volatile-binds: Remove workdir if OverlayFS fails Richard Purdie (116): maintainers: Drop go-native as recipe removed oeqa/runtime/parselogs: Add some kernel log trigger keywords bitbake: codeparser/data: Ensure module function contents changing is accounted for bitbake: codeparser: Skip non-local functions for module dependencies native/nativesdk: Stop overriding unprefixed *FLAGS variables qemu: Upgrade 9.0.0 -> 9.0.1 oeqa/runtime/ssh: In case of failure, show exit code and handle -15 (SIGTERM) oeqa/selftest/reproducibile: Explicitly list virtual targets abi_version/package: Bump hashequiv version and package class version testimage/postactions: Allow artifact collection to be skipped python3: Drop generating a static libpython bitbake.conf: Drop obsolete debug compiler options bitbake.conf: Further cleanup compiler optimization flags oeqa/selftest/incompatible_lic: Ensure tests work with ERROR_QA changes oeqa/selftest/locale: Ensure tests work with ERROR_QA changes meson: Fix native meson config busybox: reconfigure wget https support by default for security poky-tiny: Update FULL_OPTIMIZATION to match core changes icu/perf: Drop SPDX_S variable insane: Promote long standing warnings to errors selftest/fortran-helloworld: Fix buildpaths error build-appliance-image: Update to master head revision distro/include: Add yocto-space-optimize, disabling debugging for large components testimage: Fix TESTIMAGE_FAILED_QA_ARTIFACTS setting oeqa/postactions: Separate artefact collection from test result collection qemu: Drop mips workaround poky: Enable yocto-space-optimize.inc time64.inc: Add warnings exclusion for known toolchain problems for now pseudo: Fix to work with glibc 2.40 pseudo: Update to include open symlink handling bugfix create-spdx-3.0/populate_sdk_base: Add SDK_CLASSES inherit mechanism to fix tarball SPDX manifests libtool: Upgrade 2.5.0 -> 2.5.1 qemu: Upgrade 9.0.1 -> 9.0.2 populate_sdk_base: Ensure nativesdk targets have do_package_qa run cve_check: Use a local copy of the database during builds pixman: Backport fix for recent binutils musl: Show error when used with multilibs sdpx: Avoid loading of SPDX_LICENSE_DATA into global config perf: Drop perl buildpaths skip m4: Drop ptest INSANE_SKIPs gettext: Drop ptest INSANE_SKIPs glibc-y2038-tests: Fix debug split and drop INSANE_SKIPs glibc-y2038-tests: Don't force distro policy glib-initial: Inherit nopackages vim: Drop vim-tools INSANE_SKIP as not needed coreutils: Fix intermittent ptest issue coreutils: Update merged patch to backport status bitbake.conf: Add truncate to HOSTTOOLS bitbake.conf: Include cve-check-map earlier, before distro bitbake: BBHandler: Handle comments in addtask/deltask bitbake: cache: Drop unused function bitbake: cookerdata: Separate out data_hash and hook to tinfoil bitbake: BBHandler/ast: Improve addtask handling bitbake: build: Ensure addtask before/after tasknames have prefix applied bitbake: codeparser: Allow code visitor expressions to be declared in metadata lib/oe: Use new visitorcode functionality for qa.handle_error() insane: Optimise ERROR_QA/WARN_QA references in do_populate_sysroot insane: Drop oe.qa.add_message usage insane: Add missing vardepsexclude insane: Further simplify code insane: Allow ERROR_QA to use 'contains' hash optimisations for do_package_qa selftest/sstatetests: Extend to cover ERROR_QA/WARN_QA common issues lz4: Fix static library reproducibility issue lz4: Disable static libraries again abi-version/ssate: Bump to avoid systemd hash corruption issue buildhistory: Simplify intercept call sites and drop SSTATEPOSTINSTFUNC usage sstate: Drop SSTATEPOSTINSTFUNC support lttng-tools: 2.13.13 -> 2.13.14 libtool: 2.5.1 -> 2.5.2 gettext: Drop obsolete ptest conditional in do_install elfutils: Drop obsolete ptest conditional in do_install expat: 2.6.2 -> 2.6.3 license: Fix directory layout issues sstate: Make do_recipe_qa and do_populate_lic non-arch specific bitbake: siggen: Fix rare file-checksum hash issue insane: Remove dependency on TCLIBC from QA test conf/defaultsetup.conf: Drop TCLIBCAPPEND poky.conf: Drop TCLIBCAPPEND layer.conf: Drop scarthgap namespace from LAYERSERIES layer.conf: Update to styhead Revert "python3-setuptools: upgrade 72.1.0 -> 72.2.0" ruby: Make docs generation deterministic libedit: Make docs generation deterministic poky-tiny: Drop TCLIBCAPPEND libsdl2: Fix non-deterministic configure option for libsamplerate bitbake: toaster: Update fixtures for styhead scripts/install-buildtools: Update to 5.0.3 build-appliance-image: Update to master head revision poky.conf: Bump version for 5.1 styhead release build-appliance-image: Update to master head revision bitbake: fetch2/git: Use quote from shlex, not pipes efi-bootdisk.wks: Increase overhead-factor to avoid test failures binutils: Fix binutils mingw packaging bitbake: tests/fetch: Use our own mirror of sysprof to decouple from gnome gitlab bitbake: tests/fetch: Use our own mirror of mobile-broadband-provider to decouple from gnome gitlab pseudo: Fix envp bug and add posix_spawn wrapper oeqa/runtime/ssh: Rework ssh timeout oeqa/runtime/ssh: Fix incorrect timeout fix qemurunner: Clean up serial_lock handling bitbake: fetch/wget: Increase timeout to 100s from 30s openssl: Fix SDK environment script to avoid unbound variable bitbake: runqueue: Fix performance of multiconfigs with large overlap bitbake: runqueue: Optimise setscene loop processing bitbake: runqueue: Fix scenetask processing performance issue do_package/sstate/sstatesig: Change timestamp clamping to hash output only selftest/reproducible: Drop rawlogs selftest/reproducible: Clean up pathnames resulttool: Allow store to filter to specific revisions resulttool: Use single space indentation in json output oeqa/utils/gitarchive: Return tag name and improve exclude handling resulttool: Fix passthrough of --all files in store mode resulttool: Add --logfile-archive option to store mode resulttool: Handle ltp rawlogs as well as ptest resulttool: Clean up repoducible build logs resulttool: Trim the precision of duration information resulttool: Improve repo layout for oeselftest results Robert Joslyn (1): curl: Update to 8.9.1 Robert Yang (8): bitbake: cache: Remove invalid symlink for bb_cache.dat bitbake: fetch2/git: Use git shallow fetch to implement clone_shallow_local() bitbake: bitbake: tests/fetch: Update GitShallowTest for clone_shallow_local() bitbake: data_smart: Improve performance for VariableHistory release-notes-5.0.rst: NO_OUTPUT -> NO_COLOR bitbake: gitsm: Add call_process_submodules() to remove duplicated code bitbake: gitsm: Remove downloads/tmpdir when failed cml1.bbclass: do_diffconfig: Don't override .config with .config.orig Rohini Sangam (1): vim: Upgrade 9.1.0698 -> 9.1.0764 Ross Burton (92): expect: fix configure with GCC 14 expect: update code for Tcl channel implementation libxcrypt: correct the check for a working libucontext.h bash: fix configure checks that fail with GCC 14.1 gstreamer1.0: disable flaky baseparser tests librsvg: don't try to run target code at build time librsvg: upgrade to 2.57.3 linux-libc-headers: remove redundant install_headers patch glibc: add task to list exported symbols oeqa/sdk: add out-of-tree kernel module building test openssl: disable tests unless ptest is enabled openssl: strip the test suite openssl: rewrite ptest installation ell: upgrade 0.66 -> 0.67 ofono: upgrade 2.8 -> 2.9 ruby: upgrade 3.3.0 -> 3.3.4 gtk+3: upgrade 3.24.42 -> 3.24.43 pango: upgrade 1.52.2 -> 1.54.0 Revert "python3: drop deterministic_imports.patch" python3: add dependency on -compression to -core python3-jsonschema: rename nongpl PACKAGECONFIG python3-setuptools: RDEPEND on python3-unixadmin python3-poetry-core: remove python3-pathlib2 dependency pytest-runner: remove python3-py dependency python3-chardet: remove pytest-runner DEPENDS python3-websockets: remove unused imports python3-beartype: add missing RDEPENDS python3-jsonschema: remove obsolete RDEPENDS python3-pluggy: clean up RDEPENDS python3-scons: remove obsolete RDEPENDS gi-docgen: remove obsolete python3-toml dependency python3-jinja2: remove obsolete python3-toml dependency python3-setuptools-rust: remove obsolete python3-toml dependency python3-setuptools-scm: remove obsolete python3-tomli dependency python3-zipp: remove obsolete dependencies python3-importlib-metadata: remove obsolete dependencies python3-pathspec: use python_flit_core python3-pyasn1: merge bb/inc python3-pyasn1: use python_setuptools_build_meta build class python3-beartype: use python_setuptools_build_meta build class python3-cffi: use python_setuptools_build_meta build class python3-psutil: use python_setuptools_build_meta build class python3-pycryptodome(x): use python_setuptools_build_meta build class python3-pyelftools: use python_setuptools_build_meta build class python3-ruemel-yaml: use python_setuptools_build_meta build class python3-scons: use python_setuptools_build_meta build class python3-websockets: use python_setuptools_build_meta build class python3-setuptools-scm: remove python3-tomli dependency python3-spdx-tools: use python_setuptools_build_meta build class python3-subunit: use python_setuptools_build_meta build class python3-uritools: use python_setuptools_build_meta build class python3-yamllint: use python_setuptools_build_meta build class python3-mako: add dependency on python3-misc for timeit python3-uritools: enable ptest gi-docgen: upgrade to 2024.1 python3-pytest: clean up RDEPENDS libcap-ng: clean up recipe glib-networking: upgrade 2.78.1 -> 2.80.0 python3-unittest-automake-output: add dependency on unittest python3-idna: generalise RDEPENDS python3-jsonpointer: upgrade 2.4 -> 3.0.0 ptest-packagelists: sort entries python3-cffi: generalise RDEPENDS python3-cffi: enable ptest python3-packaging: enable ptest python3-idna: enable ptest setuptools3: check for a PEP517 build system selection insane: add pep517-backend to WARN_QA python3-numpy: ignore pep517-backend warnings bmaptool: temporarily silence the pep517-backend warning meson: upgrade 1.4.0 -> 1.5.1 python3-pathlib2: remove recipe (moved to meta-python) python3-rfc3986-validator: remove recipe (moved to meta-python) python3-py: remove recipe (moved to meta-python) pytest-runner: remove recipe (moved to meta-python) python3-importlib-metadata: remove recipe (moved to meta-python) python3-toml: remove recipe (moved to meta-python) python3-tomli: remove recipe (moved to meta-python) bblayers/machines: add bitbake-layers command to list machines ffmpeg: fix build with binutils 2.43 on arm with commerical codecs vulkan-samples: limit to aarch64/x86-64 bitbake: fetch2/gitsm: use configparser to parse .gitmodules systemd: add missing dependency on libkmod to udev sanity: check for working user namespaces bitbake.conf: mark TCLIBCAPPEND as deprecated bitbake: fetch2: don't try to preserve all attributes when unpacking files icu: update patch Upstream-Status ffmpeg: nasm is x86 only, so only DEPEND if x86 ffmpeg: no need for textrel INSANE_SKIP strace: download release tarballs from GitHub tcl: skip io-13.6 test case groff: fix rare build race in hdtbl Ryan Eatmon (3): u-boot.inc: Refactor do_* steps into functions that can be overridden oe-setup-build: Fix typo oe-setup-build: Change how we get the SHELL value Sabeeh Khan (1): linux-firmware: add new package for cc33xx firmware Sakib Sajal (1): blktrace: ask for python3 specifically Samantha Jalabert (1): cve_check: Update selftest with new status detail Sergei Zhmylev (1): lsb-release: fix Distro Codename shell escaping Shunsuke Tokumoto (1): python3-setuptools: Add "python:setuptools" to CVE_PRODUCT Siddharth Doshi (5): libxml2: Upgrade 2.12.7 -> 2.12.8 Tiff: Security fix for CVE-2024-7006 vim: Upgrade 9.1.0114 -> 9.1.0682 wpa-supplicant: Upgrade 2.10 -> 2.11 vim: Upgrade 9.1.0682 -> 9.1.0698 Simone Weiß (2): gnutls: upgrade 3.8.5 -> 3.8.6 curl: Ignore CVE-2024-32928 Sreejith Ravi (1): package.py: Add Requires.private field in process_pkgconfig Stefan Mueller-Klieser (1): icu: fix make-icudata package config Steve Sakoman (3): release-notes-4.0: update BB_HASHSERVE_UPSTREAM for new infrastructure poky.conf: bump version for 5.1.1 build-appliance-image: Update to styhead head revision Sundeep KOKKONDA (3): binutils: stable 2.42 branch updates oeqa/selftest/reproducibile: rename of reproducible directories rust: rustdoc reproducibility issue fix Talel BELHAJSALEM (1): contributor-guide: Remove duplicated words Teresa Remmet (1): recipes-bsp: usbutils: Fix usb-devices command using busybox Theodore A. Roth (2): ca-certificates: update 20211016 -> 20240203 ca-certificates: Add comment for provenance of SRCREV Thomas Perrot (2): opensbi: bump to 1.5 opensbi: bump to 1.5.1 Tim Orling (8): python3-rpds-py: upgrade 0.18.1 -> 0.20.0 python3-alabaster: upgrade 0.7.16 -> 1.0.0 python3-cffi: upgrade 1.16.0 -> 1.17.0 python3-more-itertools: upgrade 10.3.0 -> 10.4.0 python3-wheel: upgrade 0.43.0 -> 0.44.0 python3-zipp: upgrade 3.19.2 -> 3.20.0 python3-attrs: upgrade 23.2.0 -> 24.2.0 python3-setuptools-rust: upgrade 1.9.0 -> 1.10.1 Tom Hochstein (2): time64.inc: Simplify GLIBC_64BIT_TIME_FLAGS usage weston: Add missing runtime dependency on freerdp Trevor Gamblin (37): dhcpcd: upgrade 10.0.6 -> 10.0.8 python3-hypothesis: upgrade 6.103.0 -> 6.103.2 python3-psutil: upgrade 5.9.8 -> 6.0.0 python3-testtools: upgrade 2.7.1 -> 2.7.2 python3-urllib3: upgrade 2.2.1 -> 2.2.2 maintainers.inc: add self for unassigned python recipes MAINTAINERS.md: fix patchtest entry python3-pytest-subtests: upgrade 0.12.1 -> 0.13.0 python3-hypothesis: upgrade 6.103.2 -> 6.105.1 python3-setuptools: upgrade 69.5.1 -> 70.3.0 bind: upgrade 9.18.27 -> 9.20.0 cmake: upgrade 3.29.3 -> 3.30.1 dpkg: upgrade 1.22.6 -> 1.22.10 nettle: upgrade 3.9.1 -> 3.10 patchtest/patch.py: remove cruft scripts/patchtest.README: cleanup, add selftest notes kea: upgrade 2.4.1 -> 2.6.1 python3-sphinx: upgrade 7.4.7 -> 8.0.2 python3-hypothesis: upgrade 6.108.4 -> 6.108.10 python3-pytest: upgrade 8.3.1 -> 8.3.2 python3-sphinxcontrib-applehelp: upgrade 1.0.8 -> 2.0.0 python3-sphinxcontrib-devhelp: upgrade 1.0.6 -> 2.0.0 python3-sphinxcontrib-htmlhelp: upgrade 2.0.6 -> 2.1.0 python3-sphinxcontrib-qthelp: upgrade 1.0.8 -> 2.0.0 python3-sphinxcontrib-serializinghtml: upgrade 1.1.10 -> 2.0.0 libassuan: upgrade 2.5.7 -> 3.0.1 python3-setuptools: upgrade 71.1.0 -> 72.1.0 python3-hypothesis: upgrade 6.108.10 -> 6.110.1 python3-cython: upgrade 3.0.10 -> 3.0.11 python3: upgrade 3.12.4 -> 3.12.5 python3: skip readline limited history tests piglit: upgrade 22eaf6a91c -> c11c9374c1 python3-hypothesis: upgrade 6.111.1 -> 6.111.2 python3-pyparsing: upgrade 3.1.2 -> 3.1.4 patchtest: test_mbox: remove duplicate regex definition patchtest: test_shortlog_length: omit shortlog prefixes patchtest: test_non_auh_upgrade: improve parse logic Troels Dalsgaard Hoffmeyer (1): bitbake: build/exec_task: Log str() instead of repr() for exceptions in build Tronje Krabbe (1): rust-target-config: Update data layouts for 32-bit arm targets Ulrich Ölmann (2): initramfs-framework: fix typos buildhistory: fix typos Vijay Anusuri (4): wget: Fix for CVE-2024-38428 apr: upgrade 1.7.4 -> 1.7.5 xserver-xorg: upgrade 21.1.13 -> 21.1.14 xwayland: upgrade 24.1.3 -> 24.1.4 Vivek Puar (1): linux-firmware: upgrade 20240811 -> 20240909 Wadim Egorov (1): watchdog: Set watchdog_module in default config Wang Mingyu (125): alsa-lib: upgrade 1.2.11 -> 1.2.12 alsa-plugins: upgrade 1.2.7.1 -> 1.2.12 alsa-ucm-conf: upgrade 1.2.11 -> 1.2.12 git: upgrade 2.45.1 -> 2.45.2 createrepo-c: upgrade 1.1.1 -> 1.1.2 diffoscope: upgrade 267 -> 271 enchant2: upgrade 2.7.3 -> 2.8.1 fribidi: upgrade 1.0.14 -> 1.0.15 gstreamer: upgrade 1.24.3 -> 1.24.4 libevdev: upgrade 1.13.1 -> 1.13.2 libjitterentropy: upgrade 3.4.1 -> 3.5.0 libpcre2: upgrade 10.43 -> 10.44 pciutils: upgrade 3.12.0 -> 3.13.0 rng-tools: upgrade 6.16 -> 6.17 ttyrun: upgrade 2.32.0 -> 2.33.1 btrfs-tools: handle rename of inode_includes() from e2fsprogs 1.47.1 rt-tests: upgrade 2.6 -> 2.7 base-passwd: upgrade 3.6.3 -> 3.6.4 btrfs-tools: upgrade 6.8.1 -> 6.9.2 ccache: upgrade 4.10 -> 4.10.1 createrepo-c: upgrade 1.1.2 -> 1.1.3 cups: upgrade 2.4.9 -> 2.4.10 debianutils: upgrade 5.19 -> 5.20 diffoscope: upgrade 271 -> 272 dnf: upgrade 4.20.0 -> 4.21.0 gdbm: upgrade 1.23 -> 1.24 gstreamer: upgrade 1.24.4 -> 1.24.5 harfbuzz: upgrade 8.5.0 -> 9.0.0 libadwaita: upgrade 1.5.1 -> 1.5.2 libdnf: upgrade 0.73.1 -> 0.73.2 libdrm: upgrade 2.4.120 -> 2.4.122 libproxy: upgrade 0.5.6 -> 0.5.7 librsvg: upgrade 2.57.3 -> 2.58.1 libsdl2: upgrade 2.30.4 -> 2.30.5 opkg: upgrade 0.6.3 -> 0.7.0 opkg-utils: upgrade 0.6.3 -> 0.7.0 pinentry: upgrade 1.3.0 -> 1.3.1 python3-certifi: upgrade 2024.6.2 -> 2024.7.4 python3-hatchling: upgrade 1.24.2 -> 1.25.0 python3-importlib-metadata: upgrade 7.1.0 -> 8.0.0 python3-maturin: upgrade 1.6.0 -> 1.7.0 python3-pycairo: upgrade 1.26.0 -> 1.26.1 python3-trove-classifiers: upgrade 2024.5.22 -> 2024.7.2 repo: upgrade 2.45 -> 2.46 sysstat: upgrade 12.7.5 -> 12.7.6 wireless-regdb: upgrade 2024.05.08 -> 2024.07.04 cryptodev: upgrade 1.13 -> 1.14 asciidoc: upgrade 10.2.0 -> 10.2.1 glslang: upgrade 1.3.283.0 -> 1.3.290.0 gsettings-desktop-schemas: upgrade 46.0 -> 46.1 kexec-tools: upgrade 2.0.28 -> 2.0.29 libproxy: upgrade 0.5.7 -> 0.5.8 librsvg: upgrade 2.58.1 -> 2.58.2 libsolv: upgrade 0.7.29 -> 0.7.30 libtirpc: upgrade 1.3.4 -> 1.3.5 orc: upgrade 0.4.38 -> 0.4.39 python3-bcrypt: upgrade 4.1.3 -> 4.2.0 python3-dbusmock: upgrade 0.31.1 -> 0.32.1 python3-hypothesis: upgrade 6.105.1 -> 6.108.4 python3-importlib-metadata: upgrade 8.0.0 -> 8.2.0 python3-jsonschema: upgrade 4.22.0 -> 4.23.0 python3-pytest-subtests: upgrade 0.13.0 -> 0.13.1 python3-pytest: upgrade 8.2.2 -> 8.3.1 python3-setuptools: upgrade 70.3.0 -> 71.1.0 python3-sphinx: upgrade 7.3.7 -> 7.4.7 python3-sphinxcontrib-htmlhelp: upgrade 2.0.5 -> 2.0.6 python3-sphinxcontrib-qthelp: upgrade 1.0.7 -> 1.0.8 spirv-headers: upgrade 1.3.283.0 -> 1.3.290.0 spirv-tools: upgrade 1.3.283.0 -> 1.3.290.0 strace: upgrade 6.9 -> 6.10 sysklogd: upgrade 2.5.2 -> 2.6.0 vulkan-headers: upgrade 1.3.283.0 -> 1.3.290.0 vulkan-loader: upgrade 1.3.283.0 -> 1.3.290.0 vulkan-tools: upgrade 1.3.283.0 -> 1.3.290.0 vulkan-utility-libraries: upgrade 1.3.283.0 -> 1.3.290.0 vulkan-validation-layers: upgrade 1.3.283.0 -> 1.3.290.0 vulkan-volk: upgrade 1.3.283.0 -> 1.3.290.0 xwayland: upgrade 24.1.0 -> 24.1.1 binutils: upgrade 2.43 -> 2.43.1 btrfs-tools: upgrade 6.9.2 -> 6.10.1 createrepo-c: upgrade 1.1.3 -> 1.1.4 diffoscope: upgrade 272 -> 276 dnf: upgrade 4.21.0 -> 4.21.1 enchant2: upgrade 2.8.1 -> 2.8.2 erofs-utils: upgrade 1.7.1 -> 1.8.1 ethtool: upgrade 6.9 -> 6.10 freetype: upgrade 2.13.2 -> 2.13.3 libx11: upgrade 1.8.9 -> 1.8.10 libxfont2: upgrade 2.0.6 -> 2.0.7 libxtst: upgrade 1.2.4 -> 1.2.5 pkgconf: upgrade 2.2.0 -> 2.3.0 python3-babel: upgrade 2.15.0 -> 2.16.0 python3-hypothesis: upgrade 6.110.1 -> 6.111.1 python3-lxml: upgrade 5.2.2 -> 5.3.0 python3-setuptools: upgrade 72.1.0 -> 72.2.0 rpcbind: upgrade 1.2.6 -> 1.2.7 sysklogd: upgrade 2.6.0 -> 2.6.1 ttyrun: upgrade 2.33.1 -> 2.34.0 xwayland: upgrade 24.1.1 -> 24.1.2 systemd: upgrade 256.4 -> 256.5 acpica: upgrade 20240322 -> 20240827 cairo: upgrade 1.18.0 -> 1.18.2 dhcpcd: upgrade 10.0.8 -> 10.0.10 diffoscope: upgrade 276 -> 277 ell: upgrade 0.67 -> 0.68 libdrm: upgrade 2.4.122 -> 2.4.123 libsoup: upgrade 3.4.4 -> 3.6.0 liburcu: upgrade 0.14.0 -> 0.14.1 mc: upgrade 4.8.31 -> 4.8.32 nghttp2: upgrade 1.62.1 -> 1.63.0 ofono: upgrade 2.9 -> 2.10 python3-certifi: upgrade 2024.7.4 -> 2024.8.30 python3-idna: upgrade 3.7 -> 3.8 python3-maturin: upgrade 1.7.0 -> 1.7.1 python3-pbr: upgrade 6.0.0 -> 6.1.0 python3-websockets: upgrade 12.0 -> 13.0.1 python3-zipp: upgrade 3.20.0 -> 3.20.1 taglib: upgrade 2.0.1 -> 2.0.2 wayland-protocols: upgrade 1.36 -> 1.37 wayland: upgrade 1.23.0 -> 1.23.1 git: upgrade 2.46.0 -> 2.46.1 libevdev: upgrade 1.13.2 -> 1.13.3 orc: upgrade 0.4.39 -> 0.4.40 wireless-regdb: upgrade 2024.07.04 -> 2024.10.07 xwayland: upgrade 24.1.2 -> 24.1.3 Weisser, Pascal.ext (1): qemuboot: Trigger write_qemuboot_conf task on changes of kernel image realpath Yash Shinde (12): rust: Oe-selftest fixes for rust v1.76 rust: Upgrade 1.75.0->1.76.0 rust: reproducibility issue fix with v1.76 rust: Oe-selftest changes for rust v1.77 rust: Upgrade 1.76.0->1.77.0 rust: Upgrade 1.77.0->1.77.1 rust: Upgrade 1.77.1->1.77.2 rust: Oe-selftest changes for rust v1.78 rust: Upgrade 1.77.2->1.78.0 zlib: Enable PIE for native builds rust: Oe-selftest changes for rust v1.79 rust: Upgrade 1.78.0->1.79.0 Yi Zhao (9): libsdl2: upgrade 2.30.3 -> 2.30.4 less: upgrade 643 -> 661 util-linux: install lastlog2 volatile file rpm: fix expansion of %_libdir in macros libsdl2: upgrade 2.30.5 -> 2.30.6 bind: upgrade 9.20.0 -> 9.20.1 libpcap: upgrade 1.10.4 -> 1.10.5 libsdl2: upgrade 2.30.6 -> 2.30.7 systemd: fix broken links for sysvinit-compatible commands Yoann Congal (10): Revert "insane: skip unimplemented-ptest on S=WORKDIR recipes" insane: skip unimplemented-ptest checks if disabled spirv-tools: Fix git-describe related reproducibility spirv-tools: Update merged patch to backport status oeqa/selftest: Only rewrite envvars paths that absolutely point to builddir migration/release-notes-5.1: document oeqa/selftest envvars change release-notes-5.1: document added python3-libarchive-c ptest release-notes-5.1: document fixed _test_devtool_add_git_url test release-notes-5.1: document spirv-tools reproducibility python3-maturin: sort external libs in wheel files Yuri D'Elia (1): bitbake: fetch2/git: Enforce default remote name to "origin" Zoltan Boszormenyi (1): rpcbind: Fix boot time start failure aszh07 (2): xz: Update LICENSE variable for xz packages ffmpeg: Add "libswresample libavcodec" to CVE_PRODUCT gudnimg (1): bluez5: upgrade 5.72 -> 5.77 hongxu (7): libgpg-error: 1.49 -> 1.50 man-pages: 6.8 -> 6.9.1 libxml2: 2.12.8 -> 2.13.3 readline: 8.2 -> 8.2.13 libxslt: 1.1.39 -> 1.1.42 xmlto: 0.0.28 -> 0.0.29 gnupg: 2.4.5 -> 2.5.0 simit.ghane (2): libgcrypt: Fix building error with '-O2' in sysroot path libgcrypt: upgrade 1.10.3 -> 1.11.0 y75zhang (1): bitbake: fetch/wget: checkstatus: drop shared connecton when catch Timeout error meta-openembedded: 487a2d5695..5d54a52fbe: Adrian Freihofer (1): networkmanager: remove modemmanager rdepends Akash Hadke (1): python3-flatbuffers: provide nativesdk support Alba Herrerías (1): yelp: fix unterminated string Alexander Kanavin (1): libnewt: add from oe-core Alexander Stein (1): luajit: Fix host development package Alexandre Truong (99): ace: include UPSTREAM_CHECK_* to fix UNKNOWN_BROKEN status acpitool: include UPSTREAM_CHECK_URI to fix UNKNOWN_BROKEN status anthy: include UPSTREAM_CHECK_* to fix UNKNOWN_BROKEN status atop: include UPSTREAM_CHECK_* to fix UNKNOWN_BROKEN status bitwise: Include UPSTREAM_CHECK_REGEX to fix UNKNOWN_BROKEN status cfengine-masterfiles: Include UPSTREAM_CHECK_* to fix UNKNOWN_BROKEN status ckermit: Include UPSTREAM_CHECK_* to fix UNKNOWN_BROKEN status cloc: include UPSTREAM_CHECK_REGEX to fix UNKNOWN_BROKEN status cups-filters: include UPSTREAM_CHECK_URI to fix UNKNOWN_BROKEN status cxxtest: include UPSTREAM_CHECK_URI to fix UNKNOWN_BROKEN status czmq: include UPSTREAM_CHECK_REGEX to fix UNKNOWN_BROKEN status daemontools: include UPSTREAM_CHECK_URI to fix UNKNOWN_BROKEN status doxygen: include UPSTREAM_CHECK_* to fix UNKNOWN_BROKEN status duktape: include UPSTREAM_CHECK_URI to fix UNKNOWN_BROKEN status fftw: include UPSTREAM_CHECK_URI to fix UNKNOWN_BROKEN status fltk: include UPSTREAM_CHECK_URI to fix UNKNOWN_BROKEN status fltk-native: include UPSTREAM_CHECK_URI to fix UNKNOWN_BROKEN status fwupd: include UPSTREAM_CHECK_REGEX to fix UNKNOWN_BROKEN status gmime: include UPSTREAM_CHECK_* to fix UNKNOWN_BROKEN status gnome-themes-extra: include UPSTREAM_CHECK_* to fix UNKNOWN_BROKEN status gradm: include UPSTREAM_CHECK_URI to fix UNKNOWN_BROKEN status graphviz: include UPSTREAM_CHECK_* to fix UNKNOWN_BROKEN status gtkperf: include UPSTREAM_CHECK_* to fix UNKNOWN_BROKEN status hplip: include UPSTREAM_CHECK_URI to fix UNKNOWN_BROKEN status icewm: include UPSTREAM_CHECK_REGEX to fix UNKNOWN_BROKEN status irssi: include UPSTREAM_CHECK_REGEX to fix UNKNOWN_BROKEN status jansson: modify existing UPSTREAM_CHECK_REGEX lcov: include UPSTREAM_CHECK_* to fix UNKNOWN_BROKEN status leptonica: include UPSTREAM_CHECK_REGEX to fix UNKNOWN_BROKEN status libcdio-paranoia: include UPSTREAM_CHECK_* to fix UNKNOWN_BROKEN status libdbus-c++: include UPSTREAM_CHECK_* to fix UNKNOWN_BROKEN status libftdi: include UPSTREAM_CHECK_URI to fix UNKNOWN_BROKEN status libgnt: include UPSTREAM_CHECK_* to fix UNKNOWN_BROKEN status libiodbc: include UPSTREAM_CHECK_* to fix UNKNOWN_BROKEN status libjs-jquery: include UPSTREAM_CHECK_* to fix UNKNOWN_BROKEN status liblinebreak: include UPSTREAM_CHECK_* to fix UNKNOWN_BROKEN status libmng: include UPSTREAM_CHECK_* to fix UNKNOWN_BROKEN status libmtp: include UPSTREAM_CHECK_* to fix UNKNOWN_BROKEN status libnice: include UPSTREAM_CHECK_* to fix UNKNOWN_BROKEN status libopusenc: include UPSTREAM_CHECK_* to fix UNKNOWN_BROKEN status libpaper: include UPSTREAM_CHECK_* to fix UNKNOWN_BROKEN status libpcsc-perl: include UPSTREAM_CHECK_* to fix UNKNOWN_BROKEN status libsdl-gfx: include UPSTREAM_CHECK_URI to fix UNKNOWN_BROKEN status libsigc++-2.0: include UPSTREAM_CHECK_* to fix UNKNOWN_BROKEN status libsigc++-3: include UPSTREAM_CHECK_* to fix UNKNOWN_BROKEN status libsmi: include UPSTREAM_CHECK_* to fix UNKNOWN_BROKEN status libspiro: include UPSTREAM_CHECK_* to fix UNKNOWN_BROKEN status libstatgrab: include UPSTREAM_CHECK_REGEX to fix UNKNOWN_BROKEN status libwmf: include UPSTREAM_CHECK_* to fix UNKNOWN_BROKEN status libx86-1: include UPSTREAM_CHECK_URI to fix UNKNOWN_BROKEN status libxml++-5.0: include UPSTREAM_CHECK_REGEX to fix UNKNOWN_BROKEN status logwarn: include UPSTREAM_CHECK_* to fix UNKNOWN_BROKEN status lprng: include UPSTREAM_CHECK_* to fix UNKNOWN_BROKEN status mcpp: include UPSTREAM_CHECK_* to fix UNKNOWN_BROKEN status mozjs-115: include UPSTREAM_CHECK_* to fix UNKNOWN_BROKEN status mscgen: include UPSTREAM_CHECK_URI to fix UNKNOWN_BROKEN status msgpack-cpp: include UPSTREAM_CHECK_* to fix UNKNOWN_BROKEN status msktutil: include UPSTREAM_CHECK_* to fix UNKNOWN_BROKEN status nmon: include UPSTREAM_CHECK_* to fix UNKNOWN_BROKEN status nss: modify UPSTREAM_CHECK_* to fix UNKNOWN_BROKEN status obexftp: include UPSTREAM_CHECK_* to fix UNKNOWN_BROKEN status onig: include UPSTREAM_CHECK_* to fix UNKNOWN_BROKEN status openbox: include UPSTREAM_CHECK_* to fix UNKNOWN_BROKEN status openct: include UPSTREAM_CHECK_URI to fix UNKNOWN_BROKEN status openobex: include UPSTREAM_CHECK_* to fix UNKNOWN_BROKEN status p7zip: include UPSTREAM_CHECK_* to fix UNKNOWN_BROKEN status pngcheck: include UPSTREAM_CHECK_* to fix UNKNOWN_BROKEN status rsyslog: modify existing UPSTREAM_CHECK_URI to fix UNKNOWN_BROKEN status sblim-cmpi-devel: include UPSTREAM_CHECK_* to fix UNKNOWN_BROKEN status sblim-sfc-common: include UPSTREAM_CHECK_URI to fix UNKNOWN_BROKEN status ttf-ubuntu-font-family: include UPSTREAM_CHECK_* to fix UNKNOWN_BROKEN status ttf-wqy-zenhei: include UPSTREAM_CHECK_* to fix UNKNOWN_BROKEN status uml-utilities: include UPSTREAM_CHECK_URI to fix UNKNOWN_BROKEN status xrdp: include UPSTREAM_CHECK_* to fix UNKNOWN_BROKEN status xscreensaver: include UPSTREAM_CHECK_URI to fix UNKNOWN_BROKEN status can-isotp: include UPSTREAM_CHECK_COMMITS to fix UNKNOWN_BROKEN status con2fbmap: include UPSTREAM_CHECK_COMMITS to fix UNKNOWN_BROKEN status cpufrequtils: include UPSTREAM_CHECK_COMMITS to fix UNKNOWN_BROKEN status dbus-daemon-proxy: include UPSTREAM_CHECK_COMMITS to fix UNKNOWN_BROKEN status devmem2: include UPSTREAM_CHECK_COMMITS to fix UNKNOWN_BROKEN status edid-decode: include UPSTREAM_CHECK_COMMITS to fix UNKNOWN_BROKEN status fb-test: include UPSTREAM_CHECK_COMMITS to fix UNKNOWN_BROKEN status firmwared: include UPSTREAM_CHECK_COMMITS to fix UNKNOWN_BROKEN status funyahoo-plusplus: include UPSTREAM_CHECK_COMMITS to fix UNKNOWN_BROKEN status hunspell-dictionaries: switch branch from master to main hunspell-dictionaries: include UPSTREAM_CHECK_COMMITS to fix UNKNOWN_BROKEN status icyque: include UPSTREAM_CHECK_COMMITS to fix UNKNOWN_BROKEN status iksemel: include UPSTREAM_CHECK_COMMITS to fix UNKNOWN_BROKEN status kconfig-frontends: include UPSTREAM_CHECK_COMMITS to fix UNKNOWN_BROKEN status libbacktrace: include UPSTREAM_CHECK_COMMITS to fix UNKNOWN_BROKEN status libc-bench: include UPSTREAM_CHECK_COMMITS to fix UNKNOWN_BROKEN status libubox: include UPSTREAM_CHECK_COMMITS to fix UNKNOWN_BROKEN status linux-serial-test: include UPSTREAM_CHECK_COMMITS to fix UNKNOWN_BROKEN status musl-rpmatch: include UPSTREAM_CHECK_COMMITS to fix UNKNOWN_BROKEN status pam-plugin-ccreds: include UPSTREAM_CHECK_COMMITS to fix UNKNOWN_BROKEN status pcimem: include UPSTREAM_CHECK_COMMITS to fix UNKNOWN_BROKEN status pim435: include UPSTREAM_CHECK_COMMITS to fix UNKNOWN_BROKEN status properties-cpp: include UPSTREAM_CHECK_COMMITS to fix UNKNOWN_BROKEN status pegtl: add ptest support Alexandre Videgrain (1): openbox: fix crash on alt+tab with fullscreen app Anuj Mittal (1): tbb: pass TBB_STRICT=OFF to disable -Werror Archana Polampalli (1): apache2: Upgrade 2.4.60 -> 2.4.61 Armin Kuster (2): meta-openemnedded: Add myself as styhead maintainer audit: fix build when systemd is enabled. BINDU (1): flatbuffers: adapt for cross-compilation environments Barry Grussling (1): postgresql: Break perl RDEPENDS Bartosz Golaszewski (4): python3-gpiod: update to v2.2.0 python3-virtualenv: add missing run-time dependencies libgpiod: update v2.1.2 -> v2.1.3 python3-gpiod: update v2.2.0 -> v2.2.1 Benjamin Szőke (1): tree: fix broken links Carlos Alberto Lopez Perez (1): sysprof: upgrade 3.44.0 -> 3.48.0 Changqing Li (4): python3-h5py: remove unneeded CFLAGS pavucontrol: update SRC_URI libatasmart: Update SRC_URI libdbi-perl: upgrade 1.643 -> 1.644 Chen Qi (2): python3-protobuf: remove useless and problematic .pth file jansson: add JSON_INTEGER_IS_LONG_LONG for cmake Christian Eggers (2): lvgl: fix version in shared library file name lvgl: update upstream-status of all patches Christophe Vu-Brugier (2): nvme-cli: upgrade 2.9.1 -> 2.10.2 exfatprogs: upgrade 1.2.4 -> 1.2.5 Dimitri Bouras (1): python3-geomet: Switch to setuptools_build_meta build backend Dmitry Baryshkov (6): android-tools: make PN-adbd as a systemd package deqp-runner: improved version of parallel-deqp-runner packagegroup-meta-oe: include deqp-runner into packagegroup-meta-oe-graphics README.md: discourage use of GitHub pull request system android-tools: create flag flag file for adbd at a proper location gpsd: apply patch to fix gpsd building on Musl Einar Gunnarsson (2): yavta: Update to kernel 6.8 v4l-utils: Install media ctrl pkgconfig files Enrico Jörns (6): libconfuse: move to meta-oe libconfuse: provide native and nativesdk support libconfuse: replace DESCRIPTION by SUMMARY libconfuse: switch to release tar archive libconfuse: add backported patch to fix search path logic genimage: add new recipe Esben Haabendal (1): netplan: add missing runtime dependencies Etienne Cordonnier (3): uutils-coreutils: upgrade 0.0.26 -> 0.0.27 uutils-coreutils: disable buildpaths error perfetto: upgrade 31.0 -> 47.0 Fabio Estevam (1): imx-cst: Add recipe Faiz HAMMOUCHE (6): uim: update UPSTREAM_CHECK_* variables to fix devtool upgrades unixodbc: update UPSTREAM_CHECK_* variables to fix devtool upgrades xdotool: update UPSTREAM_CHECK_* variables to fix devtool upgrades xf86-input-tslib: update UPSTREAM_CHECK_* variables to fix devtool upgrades wvstrams: Unmaintained upstream, add UPSTREAM_VERSION_UNKNOWN wvdial: Unmaintained upstream, add UPSTREAM_VERSION_UNKNOWN Fathi Boudra (2): python3-django: upgrade 4.2.11 -> 4.2.16 python3-django: upgrade 5.0.6 -> 5.0.9 Frank de Brabander (1): python3-pydantic-core: fix incompatible version Fredrik Hugosson (1): lvm2: Remove the lvm2-udevrules package Ghislain Mangé (1): wireshark: fix typo in PACKAGECONFIG[zstd] Gianfranco Costamagna (1): vbxguestdrivers: upgrade 7.0.18 -> 7.0.20 Guocai He (1): mariadb: File conflicts for multilib Guðni Már Gilbert (5): python3-incremental: improve packaging python3-twisted: upgrade 24.3.0 -> 24.7.0 python3-incremental: drop python3-twisted-core from RDEPENDS python3-twisted: add python3-attrs to RDEPENDS python3-automat: upgrade 22.10.0 -> 24.8.1 Harish Sadineni (1): bpftool: Add support for riscv64 Hauke Lampe (1): postgresql: Use packageconfig flag for readline dependency Hitendra Prajapati (1): tcpdump: fix CVE-2024-2397 Hongxu Jia (1): nodejs: support cross compile without qemu user conditionally Hubert Wiśniewski (1): libcamera: Use multiple of sizeof as malloc size J. S. (8): znc: Fix buildpaths QA errors webmin: upgrade 2.111 -> 2.202 nodejs: upgrade 20.16.0 -> 20.17.0 syslog-ng: upgrade 4.6.0 -> 4.7.0 xfce4-panel: upgrade 4.18.3 -> 4.18.4 nodejs: upgrade 20.17.0 -> 20.18.0 xfce4-panel: upgrade 4.18.4 -> 4.18.5 nodejs: cleanup Jamin Lin (1): drgn: add new recipe Jan Luebbe (2): python3-grpcio-reflection: new recipe python3-grpcio-channelz: new recipe Jan Vermaete (3): python3-protobuf: added python3-ctypes as RDEPENDS protobuf: version bump 4.25.3 -> 4.25.4 netdata: version bump 1.47.0 -> 1.47.1 Jason Schonberg (1): nodejs: upgrade 20.13.0 -> 20.16.0 Jeremy A. Puhlman (1): net-snmp: Set ps flag value since it checks the host Jeroen Knoops (1): nng: Rename default branch of github.com:nanomsg/nng.git Jiaying Song (3): nftables: change ptest output format wireguard-tools: fix do_fetch error vlock: fix do_fetch error Jose Quaresma (6): composefs: the srcrev hash was the release tag ostree: Upgrade 2024.6 -> 2024.7 composefs: upgrade 1.0.4 -> 1.0.5 gpsd: make the meta-python dependency conditionally Revert "gpsd: make the meta-python dependency conditionally" gpsd: condition the runtime dependence of pyserial on the pygps Justin Bronder (1): python3-xmodem: replace hardcoded /usr with ${prefix} Jörg Sommer (5): dnsmasq: Install conf example from upstream instead of our version dnsmasq: set config dhcp6, broken-rtc by FEATURES gpsd: upgrade 3.24 -> 3.25; new gpsd-snmp bluealsa: upgrade 4.0.0+git -> 4.3.0 zsh: update 5.8 -> 5.9 Kai Kang (1): libosinfo: add runtime dependency osinfo-db Katariina Lounento (1): libtar: patch CVEs Keith McRae (1): ntp: Fix status call reporting incorrect value Khem Raj (142): python3-tornado: Switch to python_setuptools_build_meta rdma-core: Fix recvfrom override errors with glibc 2.40 and clang tipcutils: Replace WORKDIR with UNPACKDIR rdma-core: Do not use overloadable attribute with musl python3-pint: Upgrade to 24.1 flite: Fix buld with clang fortify enabled distros python3-inflate64: Fix build with clang fortified glibc headers renderdoc: Upgrade to 1.33 renderdoc: Fix build with clang fortify and glibc 2.40 overlayfs-tools: Fix build with musl webmin: Upgrade to 2.111 release opencv: Check GTK3DISTROFEATURES for enabling gtk support opencv: Add missing trailing slash sysprof: Fix build with llvm libunwind log4cpp: Fix buildpaths QA error ldns: Upgrade to 1.8.4 libwmf: Fix buildpaths QA Errors in libwmf-config Revert "libftdi: Fix missing ftdi_eeprom" vsomeip: Fix build with GCC-14 turbostat: Add band-aid to build from 6.10+ kernel python3-daemon: Fix build with PEP-575 build backend zfs: Upgrade to 2.2.5 release e2tools: Fix buildpaths QA warning in config.status in ptest glibmm: Upgrade to 2.66.7 release transmission: Upgrade to 4.0.6 release wolfssl: Add packageconfig for reproducible build lprng: Specify target paths for needed utilities sharutils: Let POSIX_SHELL be overridable from environment freediameter: Fix buildpaths QA error libforms: Remove buildpaths from fd2ps and fdesign scripts blueman: Fix buildpathe issue with cython generated code fvwm: Fix buildpaths QA Errors proftpd: Upgrade to 1.3.8b botan: Make it reproducible ndisc: Remove buildpaths from binaries python3-kivy: Remove buildpaths from comments in generated C sources keepalived: Make build reproducible fwknop: Upgrade to 2.6.11 fwknop: Specify target locations of gpg and wget ippool: Fix buildpaths QA error ot-br-posix: Define config files explicitly libyui: Upgrade to 4.6.2 fluentbit: Make it deprecated python3-pyproj: Fix buildpaths QA Error python3-pyproj: Remove absolute paths from cython generated .c files libyui-ncurses: Fix buildpaths QA Error ftgl: Upgrade to 2.4.0 ftgl: Switch to maintained fork frr: Upgrade to 10.1 release python3-pandas: Downgrade version check for numpy to 1.x python3-pycocotools: Use build pep517-backend python3-pycocotools: Downgrade numpy version needed to 1.x python3-pycocotools: Remove absolute paths from comments raptor2: Do not use curl-config to detect curl libgsf: Fix build with libxml2 2.13+ libspatialite: Upgrade to 5.1 libblockdev: Fix build with latest e2fsprogs bluealsa: Fix build on musl bluealsa: Update cython patch to latest upstream patch mariadb: Upgrade to 10.11.9 release gerbera: Upgrade to 2.2.0 e2tools: Fix build with automake 1.17 minidlna: Upgrade to 1.3.3 release vlc: Upgrade to 3.0.21 libplacebo: Add recipe mpv: Upgrade to 0.38.0 release libmpdclient,mpc: Upgrade to 2.22 and 0.35 respectively vlc: Disable recipe mpd: Upgrade to 0.23.15+git xdg-desktop-portal-wlr: Update to latest on master branch ltrace: Switch to gitlab SRC_URI webkitgtk3: Fix build with latest clang python3-grpcio: Upgrade to 1.66.1 release grpc: Upgrade to 1.66.1 release mozjs-115: fix build with clang and libc++ 19 nmap: Upgrade to 7.95 etcd-cpp-apiv3: Fix build with gprc 2.66+ paho-mqtt-cpp: Upgrade to 1.4.1 release poppler: Upgrade to 24.09.0 release nodejs: Fix build with libc++ 19 poco: Drop RISCV patch paho-mqtt-cpp: Move to tip of 1.4.x branch netdata: Upgrade to 1.47.0 freeipmi: Add recipe opentelemetry-cpp: Fix build with clang-19 opengl-es-cts,vulkan-cts: Upgrade recipes to 3.2.11.0 and 1.3.9.2 libcereal: Fix build with clang-19 libjxl: Upgrade to 0.10.3 release python3-serpent: Add missing rdeps for ptests to run python3-parse-type: Add missing rdep on six for ptests paho-mqtt-cpp: Use system paho-mqtt-c python3-serpent: Fix typo attr -> attrs python3-tzdata: Add missing attrs modules rdep for ptests python3-trustme: Add missing ptest rdeps on attrs and six modules python3-service-identity: Fix ptest rdeps python3-fsspec: Add recipe ptest-packagelists-meta-python: Add python3-fsspec to fast test list python3-pyyaml-include: Add missing dependencies for ptests python3-py-cpuinfo: Fix ptest runtime deps python3-flask: Add missing ptest deps yavta: Upgrade SRCREV to include 64bit time_t print format errors libjxl: Do not use -mrelax-all on RISCV with clang python3-wrapt: Add missing rdep on misc modules for ptests python3-pillow: Add missing rdep on py3-compile for ptests python-ujson: Use python_setuptools_build_meta python3-pylint: Add missing ptest rdep on python3-misc python3-fastjsonschema: Add missing rdeps for ptests python3-pytest-mock: Upgrade to 3.14.0 protobuf-c: Link with libatomic on riscv32 highway: Disable RVV on RISCV-32 dav1d: Disable asm code on rv32 mosh: Use libatomic on rv32 for atomics dlm: Disable fcf-protection on riscv32 usbguard: Link with libatomic on rv32 transmission: Link with libatomic on riscv32 ot-br-posix: Link with libatomic on rv32 opentelemetry-cpp: Link with libatomic on rv32 mozjs-115: Fix build on riscv32 netdata: Add checks for 64-bit atomic builtins liburing: Upgrade to 2.7 and fix build on riscv32 highway: Fix cmake to detect riscv32 libjxl: Disable sizeless-vectors on riscv32 kernel-selftest: Fix build on 32bit arches with 64bit time_t reptyr: Do not build for riscv32 python3-typer: Disable test_rich_markup_mode tests python3-pydbus: Add missing rdep on xml module for ptests python3-pdm: Upgrade to 2.19.1 python3-pdm-backend: Upgrade to 2.4.1 release python3-ujson: Add python misc modules to ptest rdeps python3-gunicorn: Add missing rdeps for ptests python3-eth-hash: Add packageconfigs and switch to pep517-backend python3-validators: Add missing rdeps for ptests python3-pint: Upgrade to 0.24.3 python3-pytest-mock: Fix ptests python3-sqlparse: Add missing rdep on mypy module for ptests libhugetlbfs: Use linker wrapper during build webkitgtk3: Always use -g1 for debug flags webkitgtk3: Fix build break with latest gir ndisc6: Fix reproducible build rsyslog: Enable 64bit atomics check xmlsec1: Switch SRC_URI to use github release python3-pdm-build-locked: Add recipe Kieran Bingham (1): libcamera: Add support for pycamera Leon Anavi (39): python3-eth-utils: Upgrade 3.0.0 -> 4.1.1 python3-requests-file: Upgrade 1.5.1 -> 2.1.0 python3-filelock: Upgrade 3.14.0 -> 3.15.3 python3-hexbytes: Upgrade 1.2.0 -> 1.2.1 python3-moteus: Upgrade 0.3.70 -> 0.3.71 python3-tornado: Upgrade 6.4 -> 6.4.1 python3-paho-mqtt: Upgrade 2.0.0 -> 2.1.0 python3-pyperclip: Upgrade 1.8.2 -> 1.9.0 python3-whitenoise: Upgrade 6.6.0 -> 6.7.0 python3-pycocotools: Upgrade 2.0.7 -> 2.0.8 python3-cbor2: Upgrade 5.6.3 -> 5.6.4 python3-gunicorn: Upgrade 21.2.0 -> 22.0.0 python3-aiohttp: Upgrade 3.9.5 -> 3.10.0 python3-aiosignal: switch to PEP-517 build backend python3-pycares: switch to PEP-517 build backend python3-multidict: switch to PEP-517 build backend python3-cachetools: Upgrade 5.3.3 -> 5.4.0 python3-coverage: switch to PEP-517 build backend coverage: Upgrade 7.6.0 -> 7.6.1 python3-aiohttp: Upgrade 3.10.0 -> 3.10.1 python3-hatch-requirements-txt: Add recipe python3-pymongo: Upgrade 4.7.3 -> 4.8.0 python3-itsdangerous: Upgrade 2.1.2 -> 2.2.0 python3-sniffio: witch to PEP-517 build backend python3-sniffio: Upgrade 1.3.0 -> 1.3.1 python3-qface: Upgrade 2.0.10 -> 2.0.11 python3-argcomplete: switch to PEP-517 build backend python3-argcomplete: Upgrade 3.4.0 -> 3.5.0 python3-prettytable: Upgrade 3.10.2 -> 3.11.0 python3-transitions: Upgrade 0.9.1 -> 0.9.2 python3-apispec: Upgrade 6.4.0 -> 6.6.1 python3-imageio: Upgrade 2.34.2 -> 2.35.0 python3-aiohttp: Upgrade 3.10.1 -> 3.10.3 python3-watchdog: Upgrade 4.0.1 -> 4.0.2 python3-soupsieve: Upgrade 2.5 -> 2.6 python3-fastjsonschema: Upgrade 2.18.0 -> 2.20.0 python3-dirty-equals: Upgrade 0.7.1 -> 0.8.0 python3-path: Upgrade 16.14.0 -> 17.0.0 python3-astroid: Upgrade 3.2.4 -> 3.3.2 Libo Chen (1): thin-provisioning-tools: install missed thin_shrink and era_repair Liyin Zhang (1): sound-theme-freedesktop: Update SRC_URI Luca Boccassi (4): dbus-broker: upgrade 32 -> 36 polkit: stop overriding DAC on /usr/share/polkit-1/rules.d polkit: update 124 -> 125 polkit: install group rules in /usr/share/ instead of /etc/ Marc Ferland (3): polkit: update SRC_URI polikt: add elogind packageconfig option polkit: add libs-only PACKAGECONFIG option Markus Volk (28): exiv2: update 0.28.0 -> 0.28.2 wireplumber: update 0.5.3 -> 0.5.5 pipewire: update 1.0.7 -> 1.2.0 flatpak: add PACKAGECONFIG for dconf lvm2: install all systemd service files nss: update 3.101 > 3.102 geary: update 44.1 -> 46.0 dav1d: update 1.4.2 -> 1.4.3 pipewire: update 1.2.0 -> 1.2.1 flatpak: update 1.15.8 -> 1.15.9 blueman: update 2.3.5 -> 2.4.3 pipewire: update 1.2.1 -> 1.2.2 webkitgtk3: update 2.44.2 -> 2.44.3 iwd: update 2.18 -> 2.19 bubblewrap: update 0.9.0 -> 0.10.0 flatpak: update 1.15.9 -> 1.15.10 pipewire: update 1.2.2 -> 1.2.3 cleanup after polkit fix libspelling: add recipe wireplumber: update 0.5.5. -> 0.5.6 gnome-disk-utility: update 46.0 -> 46.1 rygel: update 0.42.5 -> 0.44.0 colord: add configuration to fix runtime iwd: update 2.19 -> 2.20 iwd: use internal ell gnome-shell: add gnome-control-center dependency gnome-desktop: update 44.0 -> 44.1 cryptsetup: fix udev PACKAGECONFIG Martin Jansa (15): lvgl: install lv_conf.h in ${includedir}/${BPN} giflib: fix build with gold and avoid imagemagick-native dependency recipes: ignore various issues fatal with gcc-14 (for 32bit MACHINEs) recipes: ignore various issues fatal with gcc-14 bolt: package systemd_system_unitdir correctly pkcs11-provider: backport a fix for build with gcc-14 blueman: fix installation paths polkit-group-rule: package polkit rules vdpauinfo: require x11 in DISTRO_FEATURES gpm: fix buildpaths QA issue xerces-c: fix buildpaths QA issue gcab: keep buildpaths QA issue as a warning gcab: fix buildpaths QA issue nmap: depend on libpcre2 not libpcre xmlrpc-c: update SRCREV Maxin John (1): nginx: add PACKAGECONFIG knobs for fastcgi, scgi and uwsgi Michael Trimarchi (1): cpuset: Add recipe for cpuset tool 1.6.2 Mikko Rapeli (3): fwupd: skip buildpaths errors gcab: ignore buildpaths error from sources libjcat: skip buildpaths check Neel Gandhi (1): v4l-utils: Install media ctrl header and library files Nikhil R (1): rocksdb: Add an option to set static library Niko Mauno (27): pkcs11-provider: Upgrade 0.3 -> 0.5 opensc: Amend FILES:${PN} declaration opensc: Add 'readline' PACKAGECONFIG option opensc: Drop virtual/libiconv from DEPENDS opensc: Fix LICENSE declaration opensc: Cosmetic fixes python3-xlsxwriter: Fix LICENSE python3-ansi2html: Fix HOMEPAGE and LICENSE python3-cbor2: Fix LICENSE and LIC_FILES_CHKSUM python3-cbor2: Sanitize recipe content python3-crc32c: Amend LICENSE declaration python3-email-validator: Fix LICENSE python3-lru-dict: Fix LICENSE and change SUMMARY to DESCRIPTION python3-mock: Fix LICENSE python3-parse-type: Fix LICENSE python3-parse-type: Cosmetic fixes python3-pillow: Fix LICENSE and change SUMMARY to DESCRIPTION python3-platformdirs: Fix LICENSE python3-colorama: Fix LICENSE python3-fann2: Fix LICENSE python3-nmap: Fix LICENSE and LIC_FILES_CHKSUM python3-pycurl: Fix LICENSE python3-googleapis-common-protos: Fix LIC_FILES_CHKSUM python3-haversine: Fix LIC_FILES_CHKSUM python3-libevdev: Fix LIC_FILES_CHKSUM python3-smbus2: Fix LIC_FILES_CHKSUM python3-xmodem: Fix LIC_FILES_CHKSUM Ninette Adhikari (15): imagemagick: Update status for CVE mercurial: Update CVE status for CVE-2022-43410 influxdb: Update CVE status for CVE-2019-10329 links: CVE status update for CVE-2008-3319 usrsctp: CVE status update for CVE-2019-20503 libraw: CVE status update for CVE-2020-22628 and CVE-2023-1729 xsp: CVE status update for CVE-2006-2658 apache2:apache2-native: CVE status update gimp: CVE status update php-native: CVE status update for CVE-2022-4900 xterm: CVE status update CVE-1999-0965 redis: Update status for CVE-2022-3734 monkey: Update status for CVE-2013-2183 apache2: Update CVE status imagemagick: Update status for CVE Peter Kjellerstedt (2): libdevmapper: Inherit nopackages poppler: Correct the configuration options Peter Marko (4): cjson: fix buildpath warnings squid: Upgrade to 6.10 nginx: Upgrade stable 1.26.0 -> 1.26.2 nginx: Upgrade mainline 1.25.3 -> 1.27.1 Poonam Jadhav (1): tcpreplay: Fix CVE-2023-4256 Przemyslaw Zegan (1): libftdi: Fix missing ftdi_eeprom Quentin Schulz (1): nftables: fix pep517-backend warning Randolph Sapp (2): vulkan-cts: add workaround for createMeshShaderMiscTestsEXT opencl-clhpp: add native and nativesdk Randy MacLeod (2): libee: remove recipe since libee is obsolete liblinebreak: remove obsolete library Ricardo Simoes (8): magic-enum: add recipe magic-enum: Disable unused-value warning in tests memtool: Add recipe directfb: Order PACKAGECONFIG alphabetically directfb: Add freetype PACKAGECONFIG directfb: Add zlib PACKAGECONFIG directfb: Fix C++17 build warning magic-enum: Upgrade v0.9.5 -> v0.9.6 Richard Tollerton (1): tmux: Upgrade to 3.4 Robert Middleton (1): Upgrade dbus-cxx to 2.5.2 Ross Burton (9): libabigail: add recipe for the ABI Generic Analysis and Instrumentation Library libabigail: refresh musl/fts patch python3-importlib-metadata: add from openembedded-core python3-pathlib2: add from openembedded-core python3-py: add from openembedded-core python3-pytest-runner: add from openembedded-core python3-rfc3986-validator: add from openembedded-core python3-toml: add from openembedded-core python3-tomli: add from openembedded-core Rouven Czerwinski (1): softhsm: add destroyed global access prevention patch Ryan Eatmon (2): mpv: Fix typo in x11 option kernel-selftest: Update to allow for turning on all tests Shinji Matsunaga (1): audit: Fix CVE_PRODUCT Siddharth Doshi (1): apache2: Upgrade 2.4.59 -> 2.4.60 Soumya Sambu (4): php: Upgrade to 8.2.20 python3-werkzeug: upgrade 3.0.1 -> 3.0.3 gtk+: Fix CVE-2024-6655 python3-flask-cors: Fix CVE-2024-6221 Thomas Perrot (1): vdpauinfo: add recipe Tim Orling (7): python3-configobj: switch to PEP-517 build backend python3-tzdata: add recipe for v2024.1 python3-tzdata: enable ptest python3-pydantic-core: upgrade 2.18.4 -> 2.21.0 python3-pydantic: upgrade 2.7.3 -> 2.8.2 python3-pydantic-core: backport patch python3-psycopg: add v3.2.1 Tom Geelen (4): python3-sqlparse 0.4.4 -> 0.5.0 python3-bleak 0.21.1 -> 0.22.2 python3-aiohue: 4.7.1 -> 4.7.2 python3-pyjwt 2.8.0 -> 2.9.0 Trevor Gamblin (1): python3-pandas: upgrade 2.0.3 -> 2.2.2 Trevor Woerner (2): apache2: use update-alternatives for httpd python3-matplotlib-inline: update 0.1.6 → 0.1.7 plus fixes Tymoteusz Burak (1): dediprog-flasher: Add recipe Valeria Petrov (1): apache2: do not depend on zlib header and libs from host Vijay Anusuri (3): tipcutils: Add systemd support krb5: upgrade 1.21.2 -> 1.21.3 wireshark: upgrade 4.2.6 -> 4.2.7 Vyacheslav Yurkov (1): overlayfs: Use explicit version Wang Mingyu (306): cryptsetup: upgrade 2.7.2 -> 2.7.3 ctags: upgrade 6.1.20240602.0 -> 6.1.20240623.0 dialog: upgrade 1.3-20240307 -> 1.3-20240619 editorconfig-core-c: upgrade 0.12.7 -> 0.12.9 exiftool: upgrade 12.85 -> 12.87 frr: upgrade 10.0 -> 10.0.1 gensio: upgrade 2.8.4 -> 2.8.5 gtkwave: upgrade 3.3.119 -> 3.3.120 iniparser: upgrade 4.2.2 -> 4.2.4 libbpf: upgrade 1.4.2 -> 1.4.3 libcgi-perl: upgrade 4.64 -> 4.66 libcrypt-openssl-random-perl: upgrade 0.16 -> 0.17 libdaq: upgrade 3.0.14 -> 3.0.15 libextutils-helpers-perl: upgrade 0.026 -> 0.027 libfido2: upgrade 1.14.0 -> 1.15.0 libimobiledevice-glue: upgrade 1.2.0 -> 1.3.0 mcelog: upgrade 199 -> 200 msgraph: upgrade 0.2.2 -> 0.2.3 networkmanager-openvpn: upgrade 1.11.0 -> 1.12.0 opentelemetry-cpp: upgrade 1.15.0 -> 1.16.0 openvpn: upgrade 2.6.10 -> 2.6.11 python3-ansi2html: upgrade 1.9.1 -> 1.9.2 python3-argcomplete: upgrade 3.3.0 -> 3.4.0 python3-bandit: upgrade 1.7.8 -> 1.7.9 python3-coverage: upgrade 7.5.3 -> 7.5.4 python3-djangorestframework: upgrade 3.15.1 -> 3.15.2 python3-email-validator: upgrade 2.1.1 -> 2.2.0 python3-filelock: upgrade 3.15.3 -> 3.15.4 python3-flexparser: upgrade 0.3 -> 0.3.1 python3-google-api-python-client: upgrade 2.131.0 -> 2.134.0 python3-google-auth: upgrade 2.29.0 -> 2.30.0 python3-googleapis-common-protos: upgrade 1.63.0 -> 1.63.1 python3-huey: upgrade 2.5.0 -> 2.5.1 python3-langtable: upgrade 0.0.66 -> 0.0.67 python3-marshmallow: upgrade 3.21.2 -> 3.21.3 python3-meh: upgrade 0.51 -> 0.52 python3-openpyxl: upgrade 3.1.3 -> 3.1.4 python3-parse: upgrade 1.20.1 -> 1.20.2 python3-pdm-backend: upgrade 2.3.0 -> 2.3.1 python3-pint: upgrade 0.23 -> 0.24 python3-portalocker: upgrade 2.8.2 -> 2.10.0 python3-prompt-toolkit: upgrade 3.0.45 -> 3.0.47 python3-pycodestyle: upgrade 2.11.1 -> 2.12.0 python3-pymisp: upgrade 2.4.190 -> 2.4.194 python3-pymongo: upgrade 4.7.2 -> 4.7.3 python3-pyproject-api: upgrade 1.6.1 -> 1.7.1 python3-redis: upgrade 5.0.4 -> 5.0.6 python3-responses: upgrade 0.25.0 -> 0.25.3 python3-robotframework: upgrade 7.0 -> 7.0.1 python3-scikit-build: upgrade 0.17.6 -> 0.18.0 python3-sqlalchemy: upgrade 2.0.30 -> 2.0.31 python3-tox: upgrade 4.15.0 -> 4.15.1 python3-types-psutil: upgrade 5.9.5.20240516 -> 6.0.0.20240621 python3-virtualenv: upgrade 20.26.2 -> 20.26.3 qpdf: upgrade 11.9.0 -> 11.9.1 tesseract: upgrade 5.3.4 -> 5.4.1 thingsboard-gateway: upgrade 3.5 -> 3.5.1 openldap: upgrade 2.6.7 -> 2.6.8 openldap: fix lib32-openldap build failure with gcc-14 sblim-sfcc: fix build failure with gcc-14 openct: fix build failure with gcc-14 libcurses-perl: upgrade 1.41 -> 1.45 ctags: upgrade 6.1.20240623.0 -> 6.1.20240630.0 feh: upgrade 3.10.2 -> 3.10.3 gexiv2: upgrade 0.14.2 -> 0.14.3 isomd5sum: upgrade 1.2.4 -> 1.2.5 libndp: upgrade 1.8 -> 1.9 networkmanager: upgrade 1.48.0 -> 1.48.2 python3-a2wsgi: upgrade 1.10.4 -> 1.10.6 python3-aiofiles: upgrade 23.2.1 -> 24.1.0 python3-alembic: upgrade 1.13.1 -> 1.13.2 python3-awesomeversion: upgrade 24.2.0 -> 24.6.0 python3-dbus-fast: upgrade 2.21.3 -> 2.22.1 python3-gast: upgrade 0.5.4 -> 0.6.0 python3-google-api-core: upgrade 2.19.0 -> 2.19.1 python3-google-api-python-client: upgrade 2.134.0 -> 2.135.0 python3-googleapis-common-protos: upgrade 1.63.1 -> 1.63.2 python3-imageio: upgrade 2.34.1 -> 2.34.2 python3-ipython: upgrade 8.25.0 -> 8.26.0 python3-openpyxl: upgrade 3.1.4 -> 3.1.5 python3-pdm: upgrade 2.15.4 -> 2.16.1 python3-pymodbus: upgrade 3.6.8 -> 3.6.9 python3-rapidjson: upgrade 1.17 -> 1.18 python3-redis: upgrade 5.0.6 -> 5.0.7 python3-twine: upgrade 5.1.0 -> 5.1.1 python3-types-setuptools: upgrade 70.0.0.20240524 -> 70.1.0.20240627 python3-web3: upgrade 6.19.0 -> 6.20.0 fetchmail: disable rpath to fix buildpaths warning. procmail: fix build failure with gcc-14 botan: upgrade 3.4.0 -> 3.5.0 ctags: upgrade 6.1.20240630.0 -> 6.1.20240714.0 exiftool: upgrade 12.87 -> 12.89 gnome-keyring: upgrade 46.1 -> 46.2 hwdata: upgrade 0.383 -> 0.384 imlib2: upgrade 1.12.2 -> 1.12.3 ipset: upgrade 7.21 -> 7.22 libass: upgrade 0.17.2 -> 0.17.3 libbpf: upgrade 1.4.3 -> 1.4.5 lvm2: upgrade 2.03.24 -> 2.03.25 libio-socket-ssl-perl: upgrade 2.085 -> 2.088 mpich: upgrade 4.2.1 -> 4.2.2 nano: upgrade 8.0 -> 8.1 networkmanager: upgrade 1.48.2 -> 1.48.4 poke: upgrade 4.1 -> 4.2 python3-argh: upgrade 0.31.2 -> 0.31.3 python3-astroid: upgrade 3.2.2 -> 3.2.3 python3-coverage: upgrade 7.5.4 -> 7.6.0 python3-humanize: upgrade 4.9.0 -> 4.10.0 python3-moteus: upgrade 0.3.71 -> 0.3.72 python3-oletools: upgrade 0.60.1 -> 0.60.2 python3-pdm-backend: upgrade 2.3.1 -> 2.3.2 python3-pillow: upgrade 10.3.0 -> 10.4.0 python3-portalocker: upgrade 2.10.0 -> 2.10.1 python3-prettytable: upgrade 3.10.0 -> 3.10.2 python3-py7zr: upgrade 0.21.0 -> 0.21.1 python3-sympy: upgrade 1.12.1 -> 1.13.0 python3-tomlkit: upgrade 0.12.5 -> 0.13.0 python3-types-setuptools: upgrade 70.1.0.20240627 -> 70.3.0.20240710 python3-validators: upgrade 0.28.3 -> 0.32.0 qcbor: upgrade 1.3 -> 1.4 sngrep: upgrade 1.8.1 -> 1.8.2 thin-provisioning-tools: upgrade 1.0.12 -> 1.0.13 tree: upgrade 2.1.1 -> 2.1.3 wireshark: upgrade 4.2.5 -> 4.2.6 wolfssl: upgrade 5.7.0 -> 5.7.2 xterm: upgrade 392 -> 393 zenity: upgrade 4.0.1 -> 4.0.2 apache2: upgrade 2.4.61 -> 2.4.62 cfengine-masterfiles: upgrade 3.21.0 -> 3.21.5 cmark: upgrade 0.31.0 -> 0.31.1 cryptsetup: upgrade 2.7.3 -> 2.7.4 ctags: upgrade 6.1.20240714.0 -> 6.1.20240804.0 eog: upgrade 45.3 -> 45.4 fwupd: upgrade 1.9.18 -> 1.9.22 gmime: upgrade 3.2.13 -> 3.2.15 gnome-bluetooth: upgrade 46.0 -> 46.1 googletest: upgrade 1.14.0 -> 1.15.2 icewm: upgrade 3.4.5 -> 3.6.0 leptonica: upgrade 1.82.0 -> 1.84.1 libiodbc: upgrade 3.52.15 -> 3.52.16 liblinebreak: upgrade 1.2 -> 2.1 libnvme: upgrade 1.9 -> 1.10 libpaper: upgrade 2.1.2 -> 2.2.5 libpcsc-perl: upgrade 1.4.14 -> 1.4.15 libsdl-gfx: upgrade 2.0.25 -> 2.0.27 libtdb: upgrade 1.4.10 -> 1.4.11 libtracefs: upgrade 1.8.0 -> 1.8.1 logwarn: upgrade 1.0.14 -> 1.0.17 logwatch: upgrade 7.10 -> 7.11 msgpack-cpp: upgrade 6.1.0 -> 6.1.1 neatvnc: upgrade 0.8.0 -> 0.8.1 networkmanager: upgrade 1.48.4 -> 1.48.6 nss: upgrade 3.102 -> 3.103 openipmi: upgrade 2.0.35 -> 2.0.36 opentelemetry-cpp: upgrade 1.16.0 -> 1.16.1 openvpn: upgrade 2.6.11 -> 2.6.12 python3-a2wsgi: upgrade 1.10.6 -> 1.10.7 python3-aiohappyeyeballs: upgrade 2.3.2 -> 2.3.4 python3-astroid: upgrade 3.2.3 -> 3.2.4 python3-autobahn: upgrade 23.6.2 -> 24.4.2 python3-croniter: upgrade 2.0.5 -> 3.0.3 python3-langtable: upgrade 0.0.67 -> 0.0.68 python3-pdm-backend: upgrade 2.3.2 -> 2.3.3 python3-pure-eval: upgrade 0.2.2 -> 0.2.3 python3-pyfanotify: upgrade 0.2.2 -> 0.3.0 python3-pymisp: upgrade 2.4.194 -> 2.4.195 python3-pymodbus: upgrade 3.6.9 -> 3.7.0 python3-pytest-lazy-fixtures: upgrade 1.0.7 -> 1.1.1 python3-qface: upgrade 2.0.8 -> 2.0.10 python3-rapidjson: upgrade 1.18 -> 1.19 python3-redis: upgrade 5.0.7 -> 5.0.8 python3-regex: upgrade 2024.5.15 -> 2024.7.24 python3-sqlparse: upgrade 0.5.0 -> 0.5.1 python3-sympy: upgrade 1.13.0 -> 1.13.1 python3-tqdm: upgrade 4.66.4 -> 4.66.5 python3-types-setuptools: upgrade 70.3.0.20240710 -> 71.1.0.20240726 python3-validators: upgrade 0.32.0 -> 0.33.0 python3-web3: upgrade 6.20.0 -> 6.20.1 python3-xmlschema: upgrade 3.3.1 -> 3.3.2 qcbor: upgrade 1.4 -> 1.4.1 rsyslog: upgrade 8.2404.0 -> 8.2406.0 ttf-abyssinica: upgrade 2.100 -> 2.201 wavemon: upgrade 0.9.5 -> 0.9.6 xmlsec1: upgrade 1.3.4 -> 1.3.5 picocom: upgrade 2023-04 -> 2024 hostapd: upgrade 2.10 -> 2.11 python3-incremental: upgrade 22.10.0 -> 24.7.2 colord-gtk: upgrade 0.3.0 -> 0.3.1 ctags: upgrade 6.1.20240804.0 -> 6.1.20240825.0 fwupd: upgrade 1.9.22 -> 1.9.24 hwdata: upgrade 0.384 -> 0.385 lastlog2: upgrade 1.2.0 -> 1.3.1 libbytesize: upgrade 2.10 -> 2.11 libei: upgrade 1.2.1 -> 1.3.0 libnet-dns-perl: upgrade 1.45 -> 1.46 libtdb: upgrade 1.4.11 -> 1.4.12 libtest-harness-perl: upgrade 3.48 -> 3.50 xdg-dbus-proxy: upgrade 0.1.5 -> 0.1.6 mdns: upgrade 2200.120.24 -> 2200.140.11 mutter: upgrade 46.2 -> 46.4 networkmanager: upgrade 1.48.6 -> 1.48.10 pamela: upgrade 1.1.0 -> 1.2.0 pcsc-tools: upgrade 1.7.1 -> 1.7.2 postgresql: upgrade 16.3 -> 16.4 python3-aiohappyeyeballs: upgrade 2.3.4 -> 2.4.0 python3-aiohttp: upgrade 3.10.3 -> 3.10.5 python3-aiohue: upgrade 4.7.2 -> 4.7.3 python3-cachetools: upgrade 5.4.0 -> 5.5.0 python3-dbus-fast: upgrade 2.22.1 -> 2.24.0 python3-eth-utils: upgrade 4.1.1 -> 5.0.0 python3-gunicorn: upgrade 22.0.0 -> 23.0.0 python3-imageio: upgrade 2.35.0 -> 2.35.1 python3-importlib-metadata: upgrade 8.2.0 -> 8.4.0 python3-marshmallow: upgrade 3.21.3 -> 3.22.0 python3-nocasedict: upgrade 2.0.3 -> 2.0.4 python3-nocaselist: upgrade 2.0.2 -> 2.0.3 python3-paramiko: upgrade 3.4.0 -> 3.4.1 python3-py7zr: upgrade 0.21.1 -> 0.22.0 python3-pycodestyle: upgrade 2.12.0 -> 2.12.1 python3-pymisp: upgrade 2.4.195 -> 2.4.196 python3-pyzstd: upgrade 0.16.0 -> 0.16.1 python3-simplejson: upgrade 3.19.2 -> 3.19.3 python3-sqlalchemy: upgrade 2.0.31 -> 2.0.32 python3-sympy: upgrade 1.13.1 -> 1.13.2 python3-tomlkit: upgrade 0.13.0 -> 0.13.2 python3-typer: upgrade 0.12.3 -> 0.12.5 python3-types-python-dateutil: upgrade 2.9.0.20240316 -> 2.9.0.20240821 python3-types-setuptools: upgrade 71.1.0.20240726 -> 73.0.0.20240822 python3-xxhash: upgrade 3.4.1 -> 3.5.0 rsyslog: upgrade 8.2406.0 -> 8.2408.0 samba: upgrade 4.19.7 -> 4.19.8 sanlock: upgrade 3.9.3 -> 3.9.4 unbound: upgrade 1.20.0 -> 1.21.0 lastlog2: remove recipe since it has been merged into util-linux ctags: upgrade 6.1.20240825.0 -> 6.1.20240908.0 eog: upgrade 45.4 -> 47.0 flatpak-xdg-utils: upgrade 1.0.5 -> 1.0.6 gensio: upgrade 2.8.5 -> 2.8.7 gnome-autoar: upgrade 0.4.4 -> 0.4.5 hwdata: upgrade 0.385 -> 0.387 libbpf: upgrade 1.4.5 -> 1.4.6 libcompress-raw-bzip2-perl: upgrade 2.212 -> 2.213 libcompress-raw-lzma-perl: upgrade 2.212 -> 2.213 libcompress-raw-zlib-perl: upgrade 2.212 -> 2.213 libextutils-helpers-perl: upgrade 0.027 -> 0.028 libio-compress-lzma-perl: upgrade 2.212 -> 2.213 libio-compress-perl: upgrade 2.212 -> 2.213 libio-socket-ssl-perl: upgrade 2.088 -> 2.089 libspiro: upgrade 20221101 -> 20240903 nano: upgrade 8.1 -> 8.2 python3-dbus-fast: upgrade 2.24.0 -> 2.24.2 python3-executing: upgrade 2.0.1 -> 2.1.0 python3-filelock: upgrade 3.15.4 -> 3.16.0 python3-httpx: upgrade 0.27.0 -> 0.27.2 python3-ipython: upgrade 8.26.0 -> 8.27.0 python3-kiwisolver: upgrade 1.4.5 -> 1.4.7 python3-parse-type: upgrade 0.6.2 -> 0.6.3 python3-pefile: upgrade 2023.2.7 -> 2024.8.26 python3-platformdirs: upgrade 4.2.2 -> 4.3.1 python3-pulsectl: upgrade 24.4.0 -> 24.8.0 python3-pymetno: upgrade 0.12.0 -> 0.13.0 python3-pymisp: upgrade 2.4.196 -> 2.4.197 python3-pymodbus: upgrade 3.7.0 -> 3.7.2 python3-rich: upgrade 13.7.1 -> 13.8.0 python3-scikit-build: upgrade 0.18.0 -> 0.18.1 python3-types-psutil: upgrade 6.0.0.20240621 -> 6.0.0.20240901 python3-types-python-dateutil: upgrade 2.9.0.20240821 -> 2.9.0.20240906 python3-validators: upgrade 0.33.0 -> 0.34.0 python3-virtualenv: upgrade 20.26.3 -> 20.26.4 python3-watchdog: upgrade 4.0.2 -> 5.0.2 python3-yarl: upgrade 1.9.4 -> 1.10.0 python3-zeroconf: upgrade 0.132.2 -> 0.134.0 uhubctl: upgrade 2.5.0 -> 2.6.0 valijson: upgrade 1.0.2 -> 1.0.3 xfsdump: upgrade 3.1.12 -> 3.2.0 xterm: upgrade 393 -> 394 bdwgc: upgrade 8.2.6 -> 8.2.8 ctags: upgrade 6.1.20240908.0 -> 6.1.20240915.0 gnome-backgrounds: upgrade 46.0 -> 47.0 gnome-chess: upgrade 46.0 -> 47.0 gnome-font-viewer: upgrade 46.0 -> 47.0 libmanette: upgrade 0.2.7 -> 0.2.9 pegtl: upgrade 3.2.7 -> 3.2.8 python3-elementpath: upgrade 4.4.0 -> 4.5.0 python3-eventlet: upgrade 0.36.1 -> 0.37.0 python3-filelock: upgrade 3.16.0 -> 3.16.1 python3-greenlet: upgrade 3.0.3 -> 3.1.0 python3-nmap: upgrade 1.6.0 -> 1.9.1 python3-paramiko: upgrade 3.4.1 -> 3.5.0 python3-platformdirs: upgrade 4.3.1 -> 4.3.6 python3-psycopg: upgrade 3.2.1 -> 3.2.2 python3-pyasn1-modules: upgrade 0.4.0 -> 0.4.1 python3-pymisp: upgrade 2.4.197 -> 2.4.198 python3-pyproject-api: upgrade 1.7.1 -> 1.7.2 python3-pyunormalize: upgrade 15.1.0 -> 16.0.0 python3-regex: upgrade 2024.7.24 -> 2024.9.11 python3-rich: upgrade 13.8.0 -> 13.8.1 python3-robotframework: upgrade 7.0.1 -> 7.1 python3-virtualenv: upgrade 20.26.4 -> 20.26.5 python3-xmlschema: upgrade 3.3.2 -> 3.4.1 python3-yarl: upgrade 1.10.0 -> 1.11.1 stunnel: upgrade 5.72 -> 5.73 tecla: upgrade 46.0 -> 47.0 traceroute: upgrade 2.1.5 -> 2.1.6 nmap: Fix off-by-one overflow in the IP protocol table. python3-alembic: upgrade 1.13.2 -> 1.13.3 Yi Zhao (48): libldb: upgrade 2.8.0 -> 2.8.1 samba: upgrade 4.19.6 -> 4.19.7 devecot: set dovecot.conf file mode with chmod packagegroup-xfce-extended: fix typo of gobject-introspection-data feature lastlog2: specify correct pamlibdir wtmpdb: specify correct pamlibdir libnftnl: upgrade 1.2.6 -> 1.2.7 nftables: upgrade 1.0.9 -> 1.1.0 netplan: upgrade 1.0 -> 1.0.1 snort3: upgrade 3.1.84.0 -> 3.3.1.0 snort3: upgrade 3.3.1.0 -> 3.3.2.0 tcpreplay: upgrade 4.4.4 -> 4.5.1 libdaq: upgrade 3.0.15 -> 3.0.16 audit: upgrade 4.0.1 -> 4.0.2 snort3: upgrade 3.3.2.0 -> 3.3.3.0 snort3: upgrade 3.3.3.0 -> 3.3.4.0 tcpdump: upgrade 4.99.4 -> 4.99.5 cryptsetup: upgrade 2.7.4 -> 2.7.5 dracut: upgrade 102 -> 103 freeradius: upgrade 3.2.3 -> 3.2.5 autofs: upgrade 5.1.8 -> 5.1.9 mbedtls: upgrade 3.6.0 -> 3.6.1 mbedtls: upgrade 2.28.8 -> 2.28.9 drbd-utils: upgrade 9.27.0 -> 9.28.0 mm-common: upgrade 1.0.4 -> 1.0.6 lvm2: upgrade 2.03.25 -> 2.03.26 geoclue: upgrade 2.7.1 -> 2.7.2 s-nail: upgrade 14.9.24 -> 14.9.25 crash: upgrade 8.0.4 -> 8.0.5 mce-inject: upgrade to latest git rev mce-test: update to latest git rev fltk: upgrade 1.3.8 -> 1.3.9 openjpeg: upgrade 2.5.0 -> 2.5.2 netplan: upgrade 1.0.1 -> 1.1 libssh: upgrade 0.10.6 -> 0.11.1 jsoncpp: upgrade 1.9.5 -> 1.9.6 debootstrap: upgrade 1.0.132 -> 1.0.137 frr: upgrade 10.1 -> 10.1.1 open-vm-tools: upgrade 12.3.5 -> 12.4.5 v4l-utils: upgrade 1.26.1 -> 1.28.1 catch2: upgrade 3.6.0 -> 3.7.0 tbb: upgrade 2021.11.0 -> 2021.13.0 abseil-cpp: upgrade 20240116.2 -> 20240722.0 protobuf: add abseil-cpp to RDEPENDS protobuf: upgrade 4.25.4 -> 4.25.5 lksctp-tools: upgrade 1.0.19 -> 1.0.20 tcpslice: upgrade 1.7 -> 1.8 libhugetlbfs: upgrade 2.23 -> 2.24 Yoann Congal (39): python3-redis: add an archive prefix to avoid clashing with redis pidgin: Upgrade to 2.14.13 daq: fix SRC_URI to point to the real 2.0.7 release pidgin: Update Upstream-Status for gcc-14 compatibility patch pidgin: Remove gcc-14 compatibility workaround dbus-broker: update UPSTREAM_CHECK_* variables to fix devtool upgrades mariadb: update UPSTREAM_CHECK_* variables to fix devtool upgrades mbuffer: update UPSTREAM_CHECK_* variables to fix devtool upgrades microcom: update UPSTREAM_CHECK_* variables to fix devtool upgrades openbox-xdgmenu: update UPSTREAM_CHECK_* variables to fix devtool upgrades proxy-libintl: update UPSTREAM_CHECK_* variables to fix devtool upgrades pugixml: update UPSTREAM_CHECK_* variables to fix devtool upgrades pv: update UPSTREAM_CHECK_* variables to fix devtool upgrades sblim-sfcc: update UPSTREAM_CHECK_* variables to fix devtool upgrades source-code-pro-fonts: update UPSTREAM_CHECK_* variables to fix devtool upgrades stalonetray: update UPSTREAM_CHECK_* variables to fix devtool upgrades testfloat: update UPSTREAM_CHECK_* variables to fix devtool upgrades tk: update UPSTREAM_CHECK_* variables to fix devtool upgrades tmux: update UPSTREAM_CHECK_* variables to fix devtool upgrades ttf-abyssinica: update UPSTREAM_CHECK_* variables to fix devtool upgrades zeromq: update UPSTREAM_CHECK_* variables to fix devtool upgrades qad: Add UPSTREAM_CHECK_COMMITS reboot-mode: Add UPSTREAM_CHECK_COMMITS s-suite: Add UPSTREAM_CHECK_COMMITS syzkaller: Add UPSTREAM_CHECK_COMMITS yavta: Add UPSTREAM_CHECK_COMMITS zsync-curl: Add UPSTREAM_CHECK_COMMITS klibc: fix debug pkgs reproducibility polkit: Switch PAM files to common-* polkit: fix build on sysvinit grilo: fix buildpaths QA error non-repro-meta-python: exclude packages that failed previously README.md: Hint at "git request-pull" non-repro-meta-networking: exclude packages that failed previously non-repro-meta-filesystems: update known reproducible packages non-repro-meta-networking: update known non-reproducible list polkit: Update Upstream-Status of a merged patch wtmpdb: fix installed-vs-shipped build error minidlna: fix reproducibility Yogesh Tyagi (1): python3-pybind11 : upgrade 2.11.1 -> 2.12.0 Yogita Urade (3): hdf5: upgrade to 1.14.4 poppler: CVE-2024-6239 krb5: fix CVE-2024-26458 and CVE-2024-26461 Zhang Peng (1): hiredis: remove ANSI color from ptest result alba@thehoodiefirm.com (1): apache2:apache2-native: sort CVE status alperak (61): recipes: set S to fix the QA warning pcp: Fix contains reference to TMPDIR [buildpaths] warnings boinc-client: Fix contains reference to TMPDIR [buildpaths] warning rdist: Fix contains reference to TMPDIR [buildpaths] warning gphoto2: Fix contains reference to TMPDIR [buildpaths] warning hplip: Fix contains reference to TMPDIR [buildpaths] warning jsonrpc: Fix contains reference to TMPDIR [buildpaths] warning exiv2: Upgrade 0.28.2 to 0.28.3 for CVE fix tayga: Fix contains reference to TMPDIR [buildpaths] warning etcd-cpp-apiv3: Fix contains reference to TMPDIR [buildpaths] warning python3-lazy: switch to PEP-517 build backend python3-classes: switch to PEP-517 build backend python3-eventlet: switch to PEP-517 build backend python3-bitstruct: switch to PEP-517 build backend python3-dbus-fast: switch to PEP-517 build backend python3-brotli: switch to PEP-517 build backend python3-pymongo: switch to PEP-517 build backend python3-can: switch to PEP-517 build backend python3-pyaudio: switch to PEP-517 build backend python3-term: switch to PEP-517 build backend python3-screeninfo: switch to PEP-517 build backend python3-pykickstart: switch to PEP-517 build backend python3-click-repl: switch to PEP-517 build backend python3-evdev: switch to PEP-517 build backend python3-qrcode: switch to PEP-517 build backend python3-pyproj: switch to PEP-517 build backend python3-file-magic: switch to PEP-517 build backend python3-joblib: switch to PEP-517 build backend python3-dill: switch to PEP-517 build backend python3-luma-oled: switch to PEP-517 build backend python3-pyudev: switch to PEP-517 build backend python3-xmlschema: switch to PEP-517 build backend python3-lru-dict: switch to PEP-517 build backend python3-ipython: switch to PEP-517 build backend python3-portion: switch to PEP-517 build backend python3-lazy-object-proxy: switch to PEP-517 build backend python3-aioserial: switch to PEP-517 build backend perfetto: Fix contains reference to TMPDIR [buildpaths] warning python3-reedsolo: upgrade 2.0.13 -> 2.1.0b1 blueman: Fix do_package QA issue python3-service-identity: switch to PEP-517 build backend python3-parse-type: switch to PEP-517 build backend python3-regex: switch to PEP-517 build backend python3-pytest-timeout: switch to PEP-517 build backend python3-pytest-metadata: switch to PEP-517 build backend python3-pyroute: switch to PEP-517 build backend python3-pyjwt: switch to PEP-517 build backend python3-pyasn1-modules: switch to PEP-517 build backend python3-py-cpuinfo: switch to PEP-517 build backend python3-django: switch to PEP-517 build backend python3-greenlet: switch to PEP-517 build backend python3-gevent: switch to PEP-517 build backend python3-msgpack: upgrade 1.0.8 -> 1.1.0 python3-sqlalchemy: Upgrade 2.0.32 -> 2.0.35 and switch to PEP-517 build backend python3-alembic: switch to PEP-517 build backend python3-inflate64: switch to PEP-517 build backend python3-spidev: switch to PEP-517 build backend python3-pastedeploy: switch to PEP-517 build backend python3-reedsolo: switch to PEP-517 build backend curlpp: Fix build issue libhugetlbfs: Fix contains reference to TMPDIR [buildpaths] error ptak (1): opencv: upgrade 4.9.0 -> 4.10.0 quic-raghuvar (2): android-tools-adbd.service: Change /var to /etc in ConditionPathExists android-toold-adbd: Fix inconsistency between selinux configurations rajmohan r (1): unbound: Add ptest for unbound s-tokumoto (2): capnproto: Add "capnp" to CVE_PRODUCT fuse: Add "fuse:fuse" to CVE_PRODUCT meta-security: b4a8bc606f..e2c44c8b5d: Anusmita Dutta Mazumder (1): Add styhead LAYERSERIES_COMPAT Armin Kuster (18): recipes-*: convert WORKDIR->UNPACKDIR apparmor: fix QA Warnings python3-fail2ban: convert WORKDIR->UNPACKDIR krill: Fix QA warnings suricata: fix QA warnings isic: Fix config error arpwatch: Fix compile error chipsec: Fix QA Warnings tpm-tools: fix QA and compile errors. ima-policy: Fix S=UNPACKDIR harden/initscripts: UNPACKDIR fix harden-image-minima: Fix usermod aide: update to latest stable. python3-privacyidea: switch to PEP-517 build backend switch to PEP-517 build backend python3-tpm2-pyts: switch to PEP-517 build backend gitlab-ci: minor tweaks to try layer.conf: Update to styhead release name series Chen Qi (1): libgssglue: switch to use git source Hitendra Prajapati (2): sssd: Fix CVE-2023-3758 libhtp: fix CVE-2024-45797 Martin Jansa (4): {tcp,udp}-smack-test: fix few more implicit-function-declaration issues fatal with gcc-14 README.md: fix sendemail.to value suricata: run whole autotools_do_configure not just oe_runconf layer.conf: Update to styhead release name series Mikko Rapeli (9): python3-tpm2-pytss: update from 2.1.0 to 2.3.0 parsec-service: UNPACKDIR fixes bastille: UNPACKDIR fixes initramfs-framework-ima: UNPACKDIR fix ima-policy-appraise-all: UNPACKDIR fix ima-policy-simple: UNPACKDIR fix ima-policy-hashed: set S ima-policy-appraise-all: set S ima-policy-simple: set S Rasmus Villemoes (1): fail2ban: update to 1.1.0+ Ricardo Salveti (1): tpm2-tss: drop libgcrypt Siddharth Doshi (1): Suricata: Security Fix for CVE-2024-37151, CVE-2024-38534, CVE-2024-38535, CVE-2024-38536 Stefan Berger (3): meta-integrity: Remove stale variables and documentation meta-integrity: Add IMA_EVM_PRIVKEY_KEY_OPT to pass options to evmctl meta-integrity: Enable passing private key password Vijay Anusuri (1): tpm2-tools: Upgrade 5.5 -> 5.7 Wang Mingyu (3): ima-policy-hashed: Start WORKDIR -> UNPACKDIR transition suricata: Start WORKDIR -> UNPACKDIR transition trousers: Start WORKDIR -> UNPACKDIR transition Yi Zhao (3): openscap: fix PACKAGECONFIG[remediate_service] openscap: upgrade 1.3.10 -> 1.4.0 scap-security-guide: upgrade 0.1.73 -> 0.1.74 meta-raspberrypi: eb8ffc4e63..97d7a6b5ec: Andrew Lalaev (1): rpi-base.inc: add the disable-wifi-pi5 overlay Bastian Wanner (1): udev-rules-rpi.bb: Fix psplash systemd connection Garrett Brown (1): linux: Enable CONFIG_I2C_BRCMSTB for proper HDMI I2C support Jaeyoon Jung (1): linux-raspberrypi: Drop deprecated configs from android-driver.cfg Jan Vermaete (5): kas: updated the refspec syntax of the kas file README.md: pi3-disable-bt is renamed to disable-bt in kas example rpi-base.inc: added the disable-bt-pi5 device tree overlay raspi-utils: added new recipe extra-build-config.md: added a white line Khem Raj (6): linux-raspberrypi: Upgrade kernel to 6.6.36 weston-init.bbappend: Delete layer.conf: Update to walnascar (5.2) layer/release series linux-raspberrypi-6.6: Upgrade to 6.6.63 rpi-base: Remove bcm2712-rpi-5-b.dtb from RPI_KERNEL_DEVICETREE target SECURITY.md: Add instructions for reporting security issues Leon Anavi (2): rpi-u-boot-scr: WORKDIR -> UNPACKDIR transition conf/layer.conf: Remove meta-lts-mixins Luca Carlon (1): picamera-libs: removed unused libraries from python3-picamera Martin Jansa (1): mesa: rename bbappend to match new recipe name from oe-core Matthias Klein (1): linux-firmware-rpidistro: Upgrade to bookworm/20230625-2+rpt3 Pierrick Curt (1): rpi-base: build uart dts overlays by default Robert Yang (1): conf/layer.conf: Remove duplicated BBFILES Victor Löfgren (1): README.md: Update link to compatible layers Vincent Davis Jr (2): rpi-default-providers: remove vlc,ffmpeg PREFFERED_PROVIDER docs: include PREFERRED_PROVIDER_ffmpeg,vlc change meta-arm: 981425c54e..18bc3f9389: Ali Can Ozaslan (2): arm-bsp/trusted-firmware-m: corstone1000: Increase PS size arm-bsp/optee: corstone1000: Update upstream status Amr Mohamed (5): arm-systemready/README.md: add ARM_FVP_EULA_ACCEPT arm-systemready/linux-distros: new inc file for unattended installation arm-systemready/linux-distros: Add kickstart file for Fedora unattended arm-systemready/oeqa: Add new test for Fedora unattended installation kas: Add new yml file for Distros unattended installation Ben (3): arm-systemready/linux-distros: Implement unattended openSUSE arm-systemready/oeqa: Add unattended installation testcase kas: Include unattended openSUSE test Bence Balogh (18): arm-bsp/optee:corstone1000: Update optee to v4.2 arm-bsp/optee: Remove OP-TEE OS v4.1 recipe arm-bsp/trusted-firmware-a: Upgrade Corstone1000 to TF-A v2.11 arm-bsp/u-boot: corstone1000: use mdata v2 arm-bsp/trusted-firmware-a: corstone1000: update upstream statuses arm-bsp/trusted-firmware-m: corstone1000: upgrade to TF-M v2.1.x arm-bsp/trusted-services: corstone1000: align PSA crypto structs with TF-M arm-bsp/trusted-firmware-m: Remove TF-M v2.0 recipe arm-bsp/trusted-firmware-m: corstone1000: fix bank offset arm-bsp/trusted-firmware-m: corstone1000: add Secure Debug arm-bsp/documentation: corstone1000: add Secure Debug test CI: Add secure debug build for Corstone-1000 arm-bsp/linux-yocto: corstone1000: bump to v6.10 arm-bsp/documentation: corstone1000: remove TEE driver load arm-bsp/trusted-firmware-m: corstone1000: Fix MPU configuration arm-bsp/trusted-firmware-m: corstone1000: Update metadata handling arm-bsp/trusted-firmware-m: corstone1000: Update patches arm-bsp/trusted-firmware-m: corstone1000: Fix Secure Debug connection due to token version mismatch Delane Brandy (1): arm-bsp/corstone1000: Update Corstone-1000 user guide Emekcan Aras (1): arm-bsp/trusted-firmware-m: corstone1000: Switch to metadata v2 Harsimran Singh Tungal (7): arm-bsp/u-boot: corstone1000: fix U-Boot patch arm-bsp/trusted-services: corstone1000: fix compilation issues arm-bsp/trusted-services: fix compilation issues for ts-newlib arm-bsp/trusted-firmware-a: corstone1000: fix compilation issue for FVP multicore arm-bsp,kas: corstone1000: enable External System based on new yml file arm-bsp,documentation: corstone1000: update user documentation arm-bsp/trusted-services: corstone1000: Update Trusted-Services patches Hugues KAMBA MPIANA (4): arm-bsp/documentation: corstone1000: Mention PMOD module as prerequisite arm-bsp/documentation: corstone1000: Amend documentation for CORSTONE1000-2024.11 release kas: corstone-1000: Update the SHA of the Yocto layer dependencies for the CORSTONE1000-2024.11 release. kas: corstone-1000: Pin Yocto layer dependencies for CORSTONE1000-2024.11 release Hugues Kamba-Mpiana (2): arm-bsp/documentation: corstone1000: Deprecation of Sphinx context injection arm-bsp/documentation: corstone1000: Install Sphinx theme as recommended Javier Tia (3): arm/optee: Add optee udev rules arm: Enable Secure Boot in all required recipes arm/qemuarm64-secureboot: Enable UEFI Secure Boot Jon Mason (31): arm-bsp/fvp-base: update version to 11.26.11 arm/qemuarm64-secureboot: fix qemu parameter arm-toolchain: fix for WORKDIR changes arm-systemready: WORKDIR to UNPACKDIR changes CI: remove ts-smm-gateway for qemuarm64-secureboot-ts arm-toolchain: update to 13.3 CI: remove unnecessary clang settings CI: add poky-altcfg arm/opencsd: update to 1.5.3 arm/boot-wrapper-aarch64: update with latest patch arm/gn: update to the latest commit CI: remove xorg test removal from edk2 arm-bsp/fvp-base: add edk2 testimage support arm-bsp/fvp-base: u-boot patch clean-up arm: use devtool to clean-up patches arm-bsp: remove unreferenced patches and configs arm/trusted-firmware-a: remove workaround patch for qemuarm64-secureboot arm/qemu-efi-disk: add rootwait to bootargs arm/arm-tstee: pin kernel to 6.6 to workaround issue arm/trusted-firmware-a: update LICENSE entry arm/musl: work around trusted services error arm/libts: Patch to fix 6.10 kernel builds breaks arm-bsp/documentation: corstone1000: Improve user guide arm-toolchain: remove libmount-mountfd-support when using binary toolchain arm-bsp/fvp-base: support poky-altcfg arm-bsp/fvp-base: Get 6.10 kernel working arm-bsp/fvp: Re-enable parselogs arm/optee-os: Backport the clang fixes arm-bsp/fvp-base: use trusted-firmware-a v2.11 CI: Rework qemuarm64-secureboot matrix CI: remove branch name Luca Fancellu (2): arm/oeqa: Introduce retry mechanism for fvp_devices run_cmd arm/lib: Handle timeout for spawn object on stop() Mariam Elshakfy (1): arm/trusted-services: Move ts-newlib compilation fix to meta-arm Martin Jansa (1): layer.conf: Update to styhead release name series Mikko Rapeli (8): optee-os: asm debug prefix fixes optee-os: remove absolute paths optee-os-tadevkit: remove buildpaths INSANE_SKIP optee-os: remove buildpaths INSANE_SKIP optee-os: fix buildpaths QA failure on corstone1000 ts-newlib: setup git with check_git_config arm/optee-client: fix systemd service dependencies trusted-firmware-a: fix panic on kv260/zynqmp Peter Hoyes (1): arm/fvpboot: Revert "Disable timing annotation by default" Quentin Schulz (2): add basic b4 config file arm/trusted-firmware-a: add recipe for more-recent-but-not-yet-released source code Ross Burton (9): CI: update to Kas 4.4 image arm-systemready: explicitly disable SPDX in the fake image classes arm/edk2-firmware: set CVE_PRODUCT to the correct CPE arm-bsp/linux-yocto: update for linux 6.10 CI: switch to building against styhead branches where possible CI: add KAS_BUILD_DIR variable CI: remove duplicate arm-systemready-ir-acs CI: transform testimage reports into JUnit XML reports arm-base/linux-yocto: revert interim 6.10 patch for fvp-base Ziad Elhanafy (2): arm/oeqa: Enable pexpect profiling for testcase debugging arm-systemready/linux-distros: Follow WORKDIR -> UNPACKDIR transition Change-Id: I8c03dc8ed1822e0356c1d3dcf86b5c408aff3f78 Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
author: Patrick Williams <patrick@stwcx.xyz> 2024-12-14 02:56:42 +0300
committer: Patrick Williams <patrick@stwcx.xyz> 2024-12-14 04:38:25 +0300
commit: e73366c8bab752f44899222f9df7ce7ed080f2e9 (patch)
tree: 57ae1423728ade061bb318ab6413a18e1afb9c20 /meta-arm/meta-arm-bsp/documentation
parent: 1d19bb6db66dd40f999dbfcd25be489aa4ecd0b3 (diff)
download: openbmc-styhead.tar.xz
6 files changed, 1504 insertions, 976 deletions
diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/change-log.rst b/meta-arm/meta-arm-bsp/documentation/corstone1000/change-log.rst
index f22a99c2c0..a98de3f960 100644
--- a/meta-arm/meta-arm-bsp/documentation/corstone1000/change-log.rst
+++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/change-log.rst
@@ -12,6 +12,69 @@ fixes in each release of Corstone-1000 software stack.
 
 
 ***************
+Version 2024.11
+***************
+
+Changes
+=======
+
+- Implementation of a replication strategy for FWU metadata in TF-M according to the FWU specification.
+- Upgrade to metadata version 2 in TF-M.
+- Increase the ITS and PS memory size in Secure Flash for TF-M.
+- SW components upgrades.
+- Bug fixes.
+
+Corstone-1000 components versions
+=================================
+
++-------------------------------------------+-----------------------------------------------------+
+| linux-yocto                               |                   6.10.14                           |
++-------------------------------------------+-----------------------------------------------------+
+| u-boot                                    |                   2023.07.02                        |
++-------------------------------------------+-----------------------------------------------------+
+| external-system                           |                   0.1.0                             |
++-------------------------------------------+-----------------------------------------------------+
+| optee-client                              |                   4.2.0                             |
++-------------------------------------------+-----------------------------------------------------+
+| optee-os                                  |                   4.2.0                             |
++-------------------------------------------+-----------------------------------------------------+
+| trusted-firmware-a                        |                   2.11.0                            |
++-------------------------------------------+-----------------------------------------------------+
+| trusted-firmware-m                        |                   2.1.0                             |
++-------------------------------------------+-----------------------------------------------------+
+| libts                                     |                   602be60719                        |
++-------------------------------------------+-----------------------------------------------------+
+| ts-newlib                                 |                   4.1.0                             |
++-------------------------------------------+-----------------------------------------------------+
+| ts-psa-{crypto, iat, its. ps}-api-test    |                   74dc6646ff                        |
++-------------------------------------------+-----------------------------------------------------+
+| ts-sp-{se-proxy, smm-gateway}             |                   602be60719                        |
++-------------------------------------------+-----------------------------------------------------+
+
+Yocto distribution components versions
+======================================
+
++-------------------------------------------+------------------------------+
+| meta-arm                                  | styhead                      |
++-------------------------------------------+------------------------------+
+| poky                                      | 5465094be9                   |
++-------------------------------------------+------------------------------+
+| meta-openembedded                         | 461d85a183                   |
++-------------------------------------------+------------------------------+
+| meta-secure-core                          | 59d7e90542                   |
++-------------------------------------------+------------------------------+
+| busybox                                   |                   1.36.1     |
++-------------------------------------------+------------------------------+
+| musl                                      |                   1.2.5      |
++-------------------------------------------+------------------------------+
+| gcc-arm-none-eabi                         |          13.3.rel1           |
++-------------------------------------------+------------------------------+
+| gcc-cross-aarch64                         |                   14.2.0     |
++-------------------------------------------+------------------------------+
+| openssl                                   |                   3.3.1      |
++-------------------------------------------+------------------------------+
+
+***************
 Version 2024.06
 ***************
 
diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/conf.py b/meta-arm/meta-arm-bsp/documentation/corstone1000/conf.py
index e9cab63359..d8b558fa24 100644
--- a/meta-arm/meta-arm-bsp/documentation/corstone1000/conf.py
+++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/conf.py
@@ -10,15 +10,19 @@
 # add these directories to sys.path here. If the directory is relative to the
 # documentation root, use os.path.abspath to make it absolute, like shown here.
 #
-# import os
-# import sys
 # sys.path.insert(0, os.path.abspath('.'))
 
+import os
+import sys
+
+# Append the documentation directory to the path, so we can import variables
+sys.path.append(os.path.dirname(__file__))
+
 
 # -- Project information -----------------------------------------------------
 
 project = 'corstone1000'
-copyright = '2020-2022, Arm Limited'
+copyright = '2020-2024, Arm Limited'
 author = 'Arm Limited'
 
 
@@ -28,6 +32,7 @@ author = 'Arm Limited'
 # extensions coming with Sphinx (named 'sphinx.ext.*') or your custom
 # ones.
 extensions = [
+    'sphinx_rtd_theme',
 ]
 
 # Add any paths that contain templates here, relative to this directory.
@@ -46,6 +51,16 @@ exclude_patterns = ['_build', 'Thumbs.db', '.DS_Store', 'docs/infra']
 #
 html_theme = 'sphinx_rtd_theme'
 
+# Define the canonical URL if you are using a custom domain on Read the Docs
+html_baseurl = os.environ.get("READTHEDOCS_CANONICAL_URL", "")
+
+# Tell Jinja2 templates the build is running on Read the Docs
+if os.environ.get("READTHEDOCS", "") == "True":
+    if "html_context" not in globals():
+        html_context = {}
+    html_context["READTHEDOCS"] = True
+
+
 # Add any paths that contain custom static files (such as style sheets) here,
 # relative to this directory. They are copied after the builtin static files,
 # so a file named "default.css" will overwrite the builtin "default.css".
diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/images/ExternalFlash.png b/meta-arm/meta-arm-bsp/documentation/corstone1000/images/ExternalFlash.png
index 578f038996..46519df9c0 100644
--- a/meta-arm/meta-arm-bsp/documentation/corstone1000/images/ExternalFlash.png
+++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/images/ExternalFlash.png
diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/release-notes.rst b/meta-arm/meta-arm-bsp/documentation/corstone1000/release-notes.rst
index 0cad02666e..bd85fae027 100644
--- a/meta-arm/meta-arm-bsp/documentation/corstone1000/release-notes.rst
+++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/release-notes.rst
@@ -20,6 +20,12 @@ prove defective, you assume the entire cost of all necessary servicing, repair
 or correction.
 
 ***********************
+Release notes - 2024.11
+***********************
+
+The same notes as the 2024.06 release still apply.
+
+***********************
 Release notes - 2024.06
 ***********************
 
diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/software-architecture.rst b/meta-arm/meta-arm-bsp/documentation/corstone1000/software-architecture.rst
index 42278e387b..a4e0a4249a 100644
--- a/meta-arm/meta-arm-bsp/documentation/corstone1000/software-architecture.rst
+++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/software-architecture.rst
@@ -4,7 +4,7 @@
  # SPDX-License-Identifier: MIT
 
 ######################
-Software architecture
+Software Architecture
 ######################
 
 
@@ -20,7 +20,7 @@ Corstone-1000 software plus hardware reference solution is PSA Level-2 ready
 certified (`PSA L2 Ready`_) as well as System Ready IR certified(`SRIR cert`_).
 More information on the Corstone-1000 subsystem product and design can be
 found at:
-`Arm corstone1000 Software`_ and `Arm corstone1000 Technical Overview`_.
+`Arm Corstone-1000 Software`_ and `Arm Corstone-1000 Technical Overview`_.
 
 This readme explicitly focuses on the software part of the solution and
 provides internal details on the software components. The reference
@@ -57,7 +57,7 @@ TrustedFirmware-M(`TF-M`_) as runtime software. The software design on
 Secure Enclave follows Firmware Framework for M class
 processor (`FF-M`_) specification.
 
-The Host System is based on ARM Cotex-A35 processor with standardized
+The Host System is based on ARM Cortex-A35 processor with standardized
 peripherals to allow for the booting of a Linux OS. The Cortex-A35 has
 the TrustZone technology that allows secure and non-secure security
 states in the processor. The software design in the Host System follows
@@ -213,15 +213,18 @@ Image (the initramfs bundle). The new images are accepted in the form of a UEFI
 
 When Firmware update is triggered, U-Boot verifies the capsule by checking the
 capsule signature, version number and size. Then it signals the Secure Enclave
-that can start writing UEFI capsule into the flash. Once this operation finishes
-,Secure Enclave resets the entire system.
+that can start writing UEFI capsule into the flash.
+
+Once this operation finishes, Secure Enclave resets the entire system.
 The Metadata Block in the flash has the below firmware update state machine.
 TF-M runs an OTA service that is responsible for accepting and updating the
 images in the flash. The communication between the UEFI Capsule update
 subsystem and the OTA service follows the same data path explained above.
 The OTA service writes the new images to the passive bank after successful
 capsule verification. It changes the state of the system to trial state and
-triggers the reset. Boot loaders in Secure Enclave and Host read the Metadata
+triggers the reset.
+
+Boot loaders in Secure Enclave and Host read the Metadata
 block to get the information on the boot bank. In the successful trial stage,
 the acknowledgment from the host moves the state of the system from trial to
 regular. Any failure in the trial stage or system hangs leads to a system
@@ -258,17 +261,17 @@ calls are forwarded to the Secure Enclave as explained above.
 ***************
 References
 ***************
-`ARM corstone1000 Search`_
+`ARM Corstone-1000 Search`_
 
 `Arm security features`_
 
 --------------
 
-*Copyright (c) 2022-2023, Arm Limited. All rights reserved.*
+*Copyright (c) 2022-2024, Arm Limited. All rights reserved.*
 
-.. _Arm corstone1000 Technical Overview: https://developer.arm.com/documentation/102360/0000
-.. _Arm corstone1000 Software: https://developer.arm.com/Tools%20and%20Software/Corstone-1000%20Software
-.. _Arm corstone1000 Search: https://developer.arm.com/search#q=corstone-1000
+.. _Arm Corstone-1000 Technical Overview: https://developer.arm.com/documentation/102360/0000
+.. _Arm Corstone-1000 Software: https://developer.arm.com/Tools%20and%20Software/Corstone-1000%20Software
+.. _Arm Corstone-1000 Search: https://developer.arm.com/search#q=corstone-1000
 .. _Arm security features: https://www.arm.com/architecture/security-features/platform-security
 .. _linux repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/
 .. _FF-A: https://developer.arm.com/documentation/den0077/latest
diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/user-guide.rst b/meta-arm/meta-arm-bsp/documentation/corstone1000/user-guide.rst
index 5dc956428b..0c7b2fd1f1 100644
--- a/meta-arm/meta-arm-bsp/documentation/corstone1000/user-guide.rst
+++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/user-guide.rst
@@ -3,31 +3,32 @@
  #
  # SPDX-License-Identifier: MIT
 
-#####################################
-User Guide: Build & run the software
-#####################################
+####################
+Build, Flash and Run
+####################
 
 Notice
 ------
 The Corstone-1000 software stack uses the `Yocto Project <https://www.yoctoproject.org/>`__ to build
 a tiny Linux distribution suitable for the Corstone-1000 platform (kernel and initramfs filesystem less than 5 MB on the flash).
-The Yocto Project relies on the `Bitbake <https://docs.yoctoproject.org/bitbake.html#bitbake-documentation>`__
+The Yocto Project relies on the `BitBake <https://docs.yoctoproject.org/bitbake.html#bitbake-documentation>`__
 tool as its build tool. Please see `Yocto Project documentation <https://docs.yoctoproject.org/>`__
 for more information.
 
 Prerequisites
 -------------
 
-This guide assumes that your host machine is running Ubuntu 20.04 LTS, with at least
+This guide assumes that your host machine is running Ubuntu 20.04 LTS ( with ``sudo`` rights), with at least
 32GB of free disk space and 16GB of RAM as minimum requirement.
 
 The following prerequisites must be available on the host system:
 
-- Git 1.8.3.1 or greater
-- tar 1.28 or greater
+- Git 1.8.3.1 or greater.
 - Python 3.8.0 or greater.
-- gcc 8.0 or greater.
-- GNU make 4.0 or greater
+- GNU Tar 1.28 or greater.
+- GNU Compiler Collection 8.0 or greater.
+- GNU Make 4.0 or greater.
+- tmux.
 
 Please follow the steps described in the Yocto mega manual:
 
@@ -36,465 +37,611 @@ Please follow the steps described in the Yocto mega manual:
 
 Targets
 -------
+The Corstone-1000 software stack can be run on:
 
 - `Arm Corstone-1000 Ecosystem FVP (Fixed Virtual Platform) <https://developer.arm.com/downloads/-/arm-ecosystem-fvps>`__
 - `Arm Corstone-1000 for MPS3 <https://developer.arm.com/documentation/dai0550/latest/>`__
 
-Yocto stable branch
+    .. important::
+
+        Arm Corstone-1000 for MPS3 requires an additional 32 MB QSPI flash PMOD module. For more information see the `Application Note AN550 document <https://developer.arm.com/documentation/dai0550/latest/>`__.
+
+
+Yocto Stable Branch
 -------------------
 
-Corstone-1000 software stack is built on top of Yocto scarthgap.
+Corstone-1000 software stack is built on top of Yocto styhead release.
 
-Provided components
+Software Components
 -------------------
 Within the Yocto Project, each component included in the Corstone-1000 software stack is specified as
-a `bitbake recipe <https://docs.yoctoproject.org/bitbake/2.2/bitbake-user-manual/bitbake-user-manual-intro.html#recipes>`__.
+a `BitBake recipe <https://docs.yoctoproject.org/bitbake/2.2/bitbake-user-manual/bitbake-user-manual-intro.html#recipes>`__.
 The recipes specific to the Corstone-1000 BSP are located at:
-``<_workspace>/meta-arm/meta-arm-bsp/``.
+``$WORKSPACE/meta-arm/meta-arm-bsp/``.
 
-The Yocto machine config files for the Corstone-1000 FVP and FPGA targets are:
+.. important::
 
- - ``<_workspace>/meta-arm/meta-arm-bsp/conf/machine/include/corstone1000.inc``
- - ``<_workspace>/meta-arm/meta-arm-bsp/conf/machine/corstone1000-fvp.conf``
- - ``<_workspace>/meta-arm/meta-arm-bsp/conf/machine/corstone1000-mps3.conf``
+    ``$WORKSPACE`` refers to the absolute path to your workspace where the `meta-arm` repository will be cloned.
 
-**NOTE:** All the paths stated in this document are absolute paths.
+    ``$TARGET`` is either ``mps3`` or ``fvp``.
 
-*****************
-Software for Host
-*****************
+The Yocto machine config files for the Corstone-1000 FVP and MPS3 targets are:
 
-Trusted Firmware-A
-==================
-Based on `Trusted Firmware-A <https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git>`__
+ - ``$WORKSPACE/meta-arm/meta-arm-bsp/conf/machine/include/corstone1000.inc``
+ - ``$WORKSPACE/meta-arm/meta-arm-bsp/conf/machine/corstone1000-$TARGET.conf``
 
-+----------+-------------------------------------------------------------------------------------------------+
-| bbappend | <_workspace>/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend |
-+----------+-------------------------------------------------------------------------------------------------+
-| Recipe   | <_workspace>/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.10.4.bb      |
-+----------+-------------------------------------------------------------------------------------------------+
+.. note::
 
-OP-TEE
-======
-Based on `OP-TEE <https://git.trustedfirmware.org/OP-TEE/optee_os.git>`__
+    All the paths stated in this document are absolute paths.
+
+*************************
+Host Processor Components
+*************************
+
+`Trusted Firmware-A <https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git>`__
+====================================================================================
+
++----------+-----------------------------------------------------------------------------------------------------+
+| bbappend | ``$WORKSPACE/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend``   |
++----------+-----------------------------------------------------------------------------------------------------+
+| Recipe   | ``$WORKSPACE/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.11.0.bb``        |
++----------+-----------------------------------------------------------------------------------------------------+
+
+`Trusted Services <https://trusted-services.readthedocs.io/en/latest/index.html>`__
+====================================================================================
+
++----------+-----------------------------------------------------------------------------------------------------------+
+| bbappend | ``$WORKSPACE/meta-arm/meta-arm-bsp/recipes-security/trusted-services/libts_%.bbappend``                   |
++----------+-----------------------------------------------------------------------------------------------------------+
+| bbappend | ``$WORKSPACE/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-crypto-api-test_%.bbappend``  |
++----------+-----------------------------------------------------------------------------------------------------------+
+| bbappend | ``$WORKSPACE/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-iat-api-test_%.bbappend``     |
++----------+-----------------------------------------------------------------------------------------------------------+
+| bbappend | ``$WORKSPACE/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-its-api-test_%.bbappend``     |
++----------+-----------------------------------------------------------------------------------------------------------+
+| bbappend | ``$WORKSPACE/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-ps-api-test_%.bbappend``      |
++----------+-----------------------------------------------------------------------------------------------------------+
+| bbappend | ``$WORKSPACE/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-se-proxy_%.bbappend``          |
++----------+-----------------------------------------------------------------------------------------------------------+
+| bbappend | ``$WORKSPACE/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-smm-gateway_%.bbappend``       |
++----------+-----------------------------------------------------------------------------------------------------------+
+| Recipe   | ``$WORKSPACE/meta-arm/meta-arm/recipes-security/trusted-services/libts_git.bb``                           |
++----------+-----------------------------------------------------------------------------------------------------------+
+| Recipe   | ``$WORKSPACE/meta-arm/meta-arm/recipes-security/trusted-services/ts-psa-crypto-api-test_git.bb``          |
++----------+-----------------------------------------------------------------------------------------------------------+
+| Recipe   | ``$WORKSPACE/meta-arm/meta-arm/recipes-security/trusted-services/ts-psa-iat-api-test_git.bb``             |
++----------+-----------------------------------------------------------------------------------------------------------+
+| Recipe   | ``$WORKSPACE/meta-arm/meta-arm/recipes-security/trusted-services/ts-psa-its-api-test_git.bb``             |
++----------+-----------------------------------------------------------------------------------------------------------+
+| Recipe   | ``$WORKSPACE/meta-arm/meta-arm/recipes-security/trusted-services/ts-psa-ps-api-test_git.bb``              |
++----------+-----------------------------------------------------------------------------------------------------------+
+| Recipe   | ``$WORKSPACE/meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-smm-gateway.bb``                   |
++----------+-----------------------------------------------------------------------------------------------------------+
+| Recipe   | ``$WORKSPACE/meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-se-proxy.bb``                      |
++----------+-----------------------------------------------------------------------------------------------------------+
+
+`OP-TEE <https://git.trustedfirmware.org/OP-TEE/optee_os.git>`__
+================================================================
 
 +----------+----------------------------------------------------------------------------------------+
-| bbappend | <_workspace>/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_4.%.bbappend        |
+| bbappend | ``$WORKSPACE/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_4.%.bbappend``      |
 +----------+----------------------------------------------------------------------------------------+
-| Recipe   |<_workspace>/meta-arm/meta-arm/recipes-security/optee/optee-os_4.1.0.bb                 |
+| Recipe   | ``$WORKSPACE/meta-arm/meta-arm/recipes-security/optee/optee-os_4.2.0.bb``              |
 +----------+----------------------------------------------------------------------------------------+
 
-U-Boot
-======
-Based on `U-Boot repo`_
+`U-Boot <https://github.com/u-boot/u-boot.git>`__
+=================================================
 
-+----------+----------------------------------------------------------------------------+
-| bbappend | <_workspace>/meta-arm/meta-arm/recipes-bsp/u-boot/u-boot_%.bbappend        |
-+----------+----------------------------------------------------------------------------+
-| bbappend | <_workspace>/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot_%.bbappend    |
-+----------+----------------------------------------------------------------------------+
-| Recipe   | <_workspace>/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot_2023.07.02.bb |
-+----------+----------------------------------------------------------------------------+
++----------+--------------------------------------------------------------------------------+
+| bbappend | ``$WORKSPACE/meta-arm/meta-arm/recipes-bsp/u-boot/u-boot_%.bbappend``          |
++----------+--------------------------------------------------------------------------------+
+| bbappend | ``$WORKSPACE/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot_%.bbappend``      |
++----------+--------------------------------------------------------------------------------+
+| Recipe   | ``$WORKSPACE/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot_2023.07.02.bb``   |
++----------+--------------------------------------------------------------------------------+
 
 Linux
 =====
-The distro is based on the `poky-tiny <https://wiki.yoctoproject.org/wiki/Poky-Tiny>`__
+The distribution is based on the `Poky <https://docs.yoctoproject.org/ref-manual/terms.html#term-Poky>`__
 distribution which is a Linux distribution stripped down to a minimal configuration.
 
-The provided distribution is based on busybox and built using musl libc. The
-recipe responsible for building a tiny version of Linux is listed below.
+The provided distribution is based on `BusyBox <https://www.busybox.net/>`__ and built using `musl libc <https://musl.libc.org/>`__.
 
 +-----------+----------------------------------------------------------------------------------------------+
-| bbappend  | <_workspace>/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto_%.bbappend               |
+| bbappend  | ``$WORKSPACE/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto_%.bbappend``             |
 +-----------+----------------------------------------------------------------------------------------------+
-| Recipe    | <_workspace>/poky/meta/recipes-kernel/linux/linux-yocto_6.6.bb                               |
+| Recipe    | ``$WORKSPACE/poky/meta/recipes-kernel/linux/linux-yocto_6.10.bb``                            |
 +-----------+----------------------------------------------------------------------------------------------+
-| defconfig | <_workspace>/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/corstone1000/defconfig         |
+| defconfig | ``$WORKSPACE/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/corstone1000/defconfig``       |
 +-----------+----------------------------------------------------------------------------------------------+
 
-**************************************************
-Software for Boot Processor (a.k.a Secure Enclave)
-**************************************************
-Based on `Trusted Firmware-M <https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git>`__
+*************************
+Secure Enclave Components
+*************************
+
+`Trusted Firmware-M <https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git>`__
+====================================================================================
 
 +----------+-----------------------------------------------------------------------------------------------------+
-| bbappend | <_workspace>/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m_%.bbappend     |
+| bbappend | ``$WORKSPACE/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m_%.bbappend``   |
 +----------+-----------------------------------------------------------------------------------------------------+
-| Recipe   | <_workspace>/meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_2.0.0.bb           |
+| Recipe   | ``$WORKSPACE/meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_2.1.0.bb``         |
 +----------+-----------------------------------------------------------------------------------------------------+
 
-********************************
-Software for the External System
-********************************
+************************************
+External System Processor Components
+************************************
 
-RTX
-====
-Based on `RTX RTOS <https://git.gitlab.arm.com/arm-reference-solutions/corstone1000/external_system/rtx>`__
+RTX Real-Time operating system
+==============================
+
+An example application that uses the `RTX Real-Time Operating System <https://developer.arm.com/Tools%20and%20Software/Keil%20MDK/RTX5%20RTOS>`__.
+
+The application project can be found `here <https://git.gitlab.arm.com/arm-reference-solutions/corstone1000/external_system/rtx>`__.
+
++----------+--------------------------------------------------------------------------------------------+
+| Recipe   | ``$WORKSPACE/meta-arm/meta-arm-bsp/recipes-bsp/external-system/external-system_0.1.0.bb``  |
++----------+--------------------------------------------------------------------------------------------+
+
+.. _building-the-software-stack:
+
+Build
+-----
 
-+----------+-------------------------------------------------------------------------------------------------------------------------------------------------------+
-| Recipe   | <_workspace>/meta-arm/meta-arm-bsp/recipes-bsp/external-system/external-system_0.1.0.bb                                                               |
-+----------+-------------------------------------------------------------------------------------------------------------------------------------------------------+
+.. warning::
 
-Building the software stack
----------------------------
-Create a new folder that will be your workspace and will henceforth be referred
-to as ``<_workspace>`` in these instructions. To create the folder, run:
+  Building binaries natively on Windows and AArch64 Linux is not supported.
+  
+  Use an AMD64 Linux based development machine to build the software stack and transfer the binaries to run the software stack on an FVP in Windows or AArch64 Linux
+  if required.
 
-::
 
-    mkdir <_workspace>
-    cd <_workspace>
+#. Create a new folder that will be your workspace.
 
-Corstone-1000 software is based on the Yocto Project which uses kas and bitbake
-commands to build the stack. kas version 4 is required. To install kas, run:
+    .. code-block:: console
 
-::
+        mkdir $WORKSPACE
+        cd $WORKSPACE
 
-    pip3 install kas
+#. Install kas version 4.4 with ``sudo`` rights.
 
-If 'kas' command is not found in command-line, please make sure the user installation directories are visible on $PATH. If you have sudo rights, try 'sudo pip3 install kas'.
+    .. code-block:: console
 
-In the top directory of the workspace ``<_workspace>``, run:
+        sudo pip3 install kas==4.4
 
-::
+    Ensure the kas installation directory is visible on the ``$PATH`` environment variable.
 
-    git clone https://git.yoctoproject.org/git/meta-arm -b CORSTONE1000-2024.06
+#. Clone the `meta-arm` Yocto layer in the workspace ``$WORKSPACE``.
 
-To build a Corstone-1000 image for MPS3 FPGA, run:
+    .. code-block:: console
 
-::
+        cd $WORKSPACE
+        git clone https://git.yoctoproject.org/git/meta-arm -b CORSTONE1000-2024.11
 
-    kas build meta-arm/kas/corstone1000-mps3.yml:meta-arm/ci/debug.yml
+#. Build a Corstone-1000 image:
 
-Alternatively, to build a Corstone-1000 image for FVP, you need to accept
-the EULA at https://developer.arm.com/downloads/-/arm-ecosystem-fvps/eula
-by setting the ARM_FVP_EULA_ACCEPT environment variable as follows:
+    .. code-block:: console
 
-::
+        kas build meta-arm/kas/corstone1000-$TARGET.yml:meta-arm/ci/debug.yml
 
-    export ARM_FVP_EULA_ACCEPT="True"
+    .. important::
 
-then run:
+        Accept the EULA at https://developer.arm.com/downloads/-/arm-ecosystem-fvps/eula
+        to build a Corstone-1000 image for FVP as follows:
 
-::
+        .. code-block:: console
 
-    kas build meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml
+            export ARM_FVP_EULA_ACCEPT="True"
 
-The initial clean build will be lengthy, given that all host utilities are to
-be built as well as the target images. This includes host executables (python,
-cmake, etc.) and the required toolchain(s).
 
-Once the build is successful, all output binaries will be placed in the following folders:
- - ``<_workspace>/build/tmp/deploy/images/corstone1000-fvp/`` folder for FVP build;
- - ``<_workspace>/build/tmp/deploy/images/corstone1000-mps3/`` folder for FPGA build.
+    .. warning::
+
+        Access to the External System Processor is disabled by default.
+        To build the Corstone-1000 image with External System Processor enabled, run:
+
+        .. code-block:: console
+
+            kas build meta-arm/kas/corstone1000-$TARGET.yml:meta-arm/ci/debug.yml:meta-arm/kas/corstone1000-extsys.yml
+
+A clean build takes a significant amount of time given that all of the development machine utilities are also
+built along with the target images. Those development machine utilities include executables (Python,
+CMake, etc.) and the required toolchains.
+
+
+Once the build succeeds, all output binaries will be placed in ``$WORKSPACE/build/tmp/deploy/images/corstone1000-$TARGET/``
 
 Everything apart from the Secure Enclave ROM firmware and External System firmware, is bundled into a single binary, the
-``corstone1000-flash-firmware-image-corstone1000-{mps3,fvp}.wic`` file.
+``corstone1000-flash-firmware-image-corstone1000-$TARGET.wic`` file.
 
 The output binaries run in the Corstone-1000 platform are the following:
- - The Secure Enclave ROM firmware: ``<_workspace>/build/tmp/deploy/images/corstone1000-{mps3,fvp}/bl1.bin``
- - The External System firmware: ``<_workspace>/build/tmp/deploy/images/corstone1000-{mps3,fvp}/es_flashfw.bin``
- - The flash image: ``<_workspace>/build/tmp/deploy/images/corstone1000-{mps3,fvp}/corstone1000-flash-firmware-image-corstone1000-{mps3,fvp}.wic``
-
-Flash the firmware image on FPGA
---------------------------------
-
-The user should download the FPGA bit file image ``AN550:  Arm® Corstone™-1000 for MPS3 Version 2.0``
-from `this link <https://developer.arm.com/tools-and-software/development-boards/fpga-prototyping-boards/download-fpga-images>`__
-and under the section ``Arm® Corstone™-1000 for MPS3``. The download is available after logging in.
-
-The directory structure of the FPGA bundle is shown below.
-
-::
-
-   Boardfiles
-   ├── config.txt
-   ├── MB
-   │   ├── BRD_LOG.TXT
-   │   ├── HBI0309B
-   │   │   ├── AN550
-   │   │   │   ├── AN550_v2.bit
-   │   │   │   ├── an550_v2.txt
-   │   │   │   └── images.txt
-   │   │   ├── board.txt
-   │   │   └── mbb_v210.ebf
-   │   └── HBI0309C
-   │       ├── AN550
-   │       │   ├── AN550_v2.bit
-   │       │   ├── an550_v2.txt
-   │       │   └── images.txt
-   │       ├── board.txt
-   │       └── mbb_v210.ebf
-   └── SOFTWARE
-        ├── an550_st.axf
-        ├── bl1.bin
-        ├── cs1000.bin
-        └── ES0.bin
-
-Depending upon the MPS3 board version (printed on the MPS3 board) you should update the images.txt file
-(in corresponding HBI0309x folder. Boardfiles/MB/HBI0309<board_revision>/AN550/images.txt) so that the file points to the images under SOFTWARE directory.
-
-The images.txt file that is compatible with the latest version of the software
-stack can be seen below;
-
-::
-
-  ;************************************************
-  ;       Preload port mapping                    *
-  ;************************************************
-  ;  PORT 0 & ADDRESS: 0x00_0000_0000 QSPI Flash (XNVM) (32MB)
-  ;  PORT 0 & ADDRESS: 0x00_8000_0000 OCVM (DDR4 2GB)
-  ;  PORT 1        Secure Enclave (M0+) ROM (64KB)
-  ;  PORT 2        External System 0 (M3) Code RAM (256KB)
-  ;  PORT 3        Secure Enclave OTP memory (8KB)
-  ;  PORT 4        CVM (4MB)
-  ;************************************************
-
-  [IMAGES]
-  TOTALIMAGES: 3      ;Number of Images (Max: 32)
-
-  IMAGE0PORT: 1
-  IMAGE0ADDRESS: 0x00_0000_0000
-  IMAGE0UPDATE: RAM
-  IMAGE0FILE: \SOFTWARE\bl1.bin
-
-  IMAGE1PORT: 0
-  IMAGE1ADDRESS: 0x00_0000_0000
-  IMAGE1UPDATE: AUTOQSPI
-  IMAGE1FILE: \SOFTWARE\cs1000.bin
-
-  IMAGE2PORT: 2
-  IMAGE2ADDRESS: 0x00_0000_0000
-  IMAGE2UPDATE: RAM
-  IMAGE2FILE: \SOFTWARE\es0.bin
-
-OUTPUT_DIR = ``<_workspace>/build/tmp/deploy/images/corstone1000-mps3``
-
-1. Copy ``bl1.bin`` from OUTPUT_DIR directory to SOFTWARE directory of the FPGA bundle.
-2. Copy ``es_flashfw.bin`` from OUTPUT_DIR directory to SOFTWARE directory of the FPGA bundle
+ - The Secure Enclave ROM firmware: ``$WORKSPACE/build/tmp/deploy/images/corstone1000-$TARGET/bl1.bin``
+ - The External System Processor firmware: ``$WORKSPACE/build/tmp/deploy/images/corstone1000-$TARGET/es_flashfw.bin``
+ - The internal firmware flash image: ``$WORKSPACE/build/tmp/deploy/images/corstone1000-$TARGET/corstone1000-flash-firmware-image-corstone1000-$TARGET.wic``
+
+.. _flashing-firmware-images:
+
+Flash
+-----
+
+.. note::
+
+    The steps below only apply to the MPS3. The FVP being a software application running on your development
+    machine does not require any firmware flashing. Refer to `this <running-software-stack-fvp_>`__
+    section for running the software stack on FVP. 
+
+#. Download the FPGA bit file image ``AN550: Arm® Corstone™-1000 for MPS3 Version 2.0``
+   on the `Arm Developer website <https://developer.arm.com/tools-and-software/development-boards/fpga-prototyping-boards/download-fpga-images>`__.
+   Click on the ``Download AN550 bundle`` button and login to download the file.
+
+    The directory structure of the FPGA bundle is as shown below:
+
+    .. code-block:: console
+
+        Boardfiles
+        ├── config.txt
+        ├── MB
+        │   ├── BRD_LOG.TXT
+        │   ├── HBI0309B
+        │   │   ├── AN550
+        │   │   │   ├── AN550_v2.bit
+        │   │   │   ├── an550_v2.txt
+        │   │   │   └── images.txt
+        │   │   ├── board.txt
+        │   │   └── mbb_v210.ebf
+        │   └── HBI0309C
+        │       ├── AN550
+        │       │   ├── AN550_v2.bit
+        │       │   ├── an550_v2.txt
+        │       │   └── images.txt
+        │       ├── board.txt
+        │       └── mbb_v210.ebf
+        └── SOFTWARE
+                ├── an550_st.axf
+                ├── bl1.bin
+                ├── cs1000.bin
+                └── ES0.bin
+
+#. Depending upon the MPS3 board version, you should update the ``images.txt`` file
+   (found in the corresponding ``HBI0309x`` folder e.g. ``Boardfiles/MB/HBI0309$BOARD_VERSION/AN550/images.txt``)
+   so it points to the images under the ``SOFTWARE`` directory.
+   Where ``$BOARD_VERSION`` is a variable containing the board printed on the MPS3 board.
+
+   The ``images.txt`` file compatible with the latest version of the software
+   stack can be seen below;
+
+    .. code-block:: console
+
+        ;************************************************
+        ;       Preload port mapping                    *
+        ;************************************************
+        ;  PORT 0 & ADDRESS: 0x00_0000_0000 QSPI Flash (XNVM) (32MB)
+        ;  PORT 0 & ADDRESS: 0x00_8000_0000 OCVM (DDR4 2GB)
+        ;  PORT 1        Secure Enclave (M0+) ROM (64KB)
+        ;  PORT 2        External System 0 (M3) Code RAM (256KB)
+        ;  PORT 3        Secure Enclave OTP memory (8KB)
+        ;  PORT 4        CVM (4MB)
+        ;************************************************
+
+        [IMAGES]
+        TOTALIMAGES: 3      ;Number of Images (Max: 32)
+
+        IMAGE0PORT: 1
+        IMAGE0ADDRESS: 0x00_0000_0000
+        IMAGE0UPDATE: RAM
+        IMAGE0FILE: \SOFTWARE\bl1.bin
+
+        IMAGE1PORT: 0
+        IMAGE1ADDRESS: 0x00_0000_0000
+        IMAGE1UPDATE: AUTOQSPI
+        IMAGE1FILE: \SOFTWARE\cs1000.bin
+
+        IMAGE2PORT: 2
+        IMAGE2ADDRESS: 0x00_0000_0000
+        IMAGE2UPDATE: RAM
+        IMAGE2FILE: \SOFTWARE\es0.bin
+
+
+#. Copy ``bl1.bin`` from ``$WORKSPACE/build/tmp/deploy/images/corstone1000-mps3`` to the ``SOFTWARE`` directory of the FPGA bundle.
+#. Copy ``es_flashfw.bin`` from ``$WORKSPACE/build/tmp/deploy/images/corstone1000-mps3`` to the ``SOFTWARE`` directory of the FPGA bundle
    and rename the binary to ``es0.bin``.
-3. Copy ``corstone1000-flash-firmware-image-corstone1000-mps3.wic`` from OUTPUT_DIR directory to SOFTWARE
+#. Copy ``corstone1000-flash-firmware-image-corstone1000-mps3.wic`` from ``$WORKSPACE/build/tmp/deploy/images/corstone1000-mps3`` to the ``SOFTWARE``
    directory of the FPGA bundle and rename the wic image to ``cs1000.bin``.
 
-**NOTE:** Renaming of the images are required because MCC firmware has
-limitation of 8 characters before .(dot) and 3 characters after .(dot).
+.. note::
+    Renaming of the images is required because the MCC firmware has
+    a limit of 8 characters for file name and 3 characters for file extension.
+
+After making all modifications above, copy the FPGA bit file bundle to the board's SDCard and reboot the MPS3.
+
+Run
+---
+
+.. _running-software-stack-mps3:
+
+Once the target is turned ON, the Secure Enclave will start to boot, wherein the relevant memory contents of the ``*.wic``
+file are copied to their respective memory locations. Firewall policies are enforced
+on memories and peripherals before bringing the Host Processor out of reset.
 
-Now, copy the entire folder to board's SDCard and reboot the board.
+The Host Processor will boot TrustedFirmware-A, OP-TEE, U-Boot and then Linux before presenting a login prompt.
 
-Running the software on FPGA
-----------------------------
+****
+MPS3
+****
 
-On the host machine, open 4 serial port terminals. In case of Linux machine it will
-be ttyUSB0, ttyUSB1, ttyUSB2, ttyUSB3 and it might be different on Windows machines.
+1. Open 4 serial port comms terminals on the host machine.
+   Those might be ``ttyUSB0``, ``ttyUSB1``, ``ttyUSB2``, and ``ttyUSB3`` on Linux machines.
 
-  - ttyUSB0 for MCC, OP-TEE and Secure Partition
-  - ttyUSB1 for Boot Processor (Cortex-M0+)
-  - ttyUSB2 for Host Processor (Cortex-A35)
-  - ttyUSB3 for External System Processor (Cortex-M3)
+  - ``ttyUSB0`` for MCC, OP-TEE and Secure Partition
+  - ``ttyUSB1`` for Secure Enclave (Cortex-M0+)
+  - ``ttyUSB2`` for Host Processor (Cortex-A35)
+  - ``ttyUSB3`` for External System Processor (Cortex-M3)
 
-Run following commands to open serial port terminals on Linux:
+    The serial ports might be different on Windows machines.
 
-::
+    Run the following commands in separate terminal instances on Linux:
 
-  sudo picocom -b 115200 /dev/ttyUSB0  # in one terminal
-  sudo picocom -b 115200 /dev/ttyUSB1  # in another terminal
-  sudo picocom -b 115200 /dev/ttyUSB2  # in another terminal.
-  sudo picocom -b 115200 /dev/ttyUSB3  # in another terminal.
+    .. code-block:: console
 
-**NOTE:** The MPS3 expects an ethernet cable to be plugged in, otherwise it will
-wait for the network for a considerable amount of time, printing the following
-logs:
+        sudo picocom -b 115200 /dev/ttyUSB0
 
-::
+    .. code-block:: console
 
-  Generic PHY 40100000.ethernet-ffffffff:01: attached PHY driver (mii_bus:phy_addr=40100000.ethernet-ffffffff:01, irq=POLL)
-  smsc911x 40100000.ethernet eth0: SMSC911x/921x identified at 0xffffffc008e50000, IRQ: 17
-  Waiting up to 100 more seconds for network.
+        sudo picocom -b 115200 /dev/ttyUSB1
 
-Once the system boot is completed, you should see console
-logs on the serial port terminals. Once the HOST(Cortex-A35) is
-booted completely, user can login to the shell using
-**"root"** login.
+    .. code-block:: console
 
-If system does not boot and only the ttyUSB1 logs are visible, please follow the
-steps in `Clean Secure Flash Before Testing (applicable to FPGA only)`_ under
-`SystemReady-IR tests`_ section. The previous image used in FPGA (MPS3) might
-have filled the Secure Flash completely. The best practice is to clean the
-secure flash in this case.
+        sudo picocom -b 115200 /dev/ttyUSB2
+  
+    .. code-block:: console
 
+        sudo picocom -b 115200 /dev/ttyUSB3
 
-Running the software on FVP
----------------------------
+    .. important::
+        Plug a connected Ethernet cable to the MPS3 or it will
+        wait for a network connection for a considerable amount of time, printing the following
+        on the Host Processor terminal (``ttyUSB2``):
+
+        .. code-block:: console
+
+            Generic PHY 40100000.ethernet-ffffffff:01: attached PHY driver (mii_bus:phy_addr=40100000.ethernet-ffffffff:01, irq=POLL)
+            smsc911x 40100000.ethernet eth0: SMSC911x/921x identified at 0xffffffc008e50000, IRQ: 17
+            Waiting up to 100 more seconds for network.
+
+2. Once the system boot is completed, you should see console logs on the serial port terminals.
+   Once the Host Processor is booted completely, user can login to the shell using ``root`` login.
+
+    .. important::
+
+        The secure flash might be completely filled if the system does not boot and only the Secure Enclave logs (``ttyUSB1``) are visible.
+
+        Clean the secure flash if that is the case following the steps `here <clean-secure-flash_>`__.
+
+.. _running-software-stack-fvp:
+
+***
+FVP
+***
 
-An FVP (Fixed Virtual Platform) model of the Corstone-1000 platform must be available to run the
+A Fixed Virtual Platform (FVP) model of the Corstone-1000 platform must be available to run the
 Corstone-1000 FVP software image.
 
-A Yocto recipe is provided and allows to download the latest supported FVP version.
+A Yocto recipe is provided to download the latest supported FVP version.
 
-The recipe is located at <_workspace>/meta-arm/meta-arm/recipes-devtools/fvp/fvp-corstone1000.bb
+The recipe is located at ``$WORKSPACE/meta-arm/meta-arm/recipes-devtools/fvp/fvp-corstone1000.bb``.
 
-The latest supported Fixed Virtual Platform (FVP) version is 11_23.25 and is automatically downloaded and installed when using the runfvp command as detailed below. The FVP version can be checked by running the following command:
+The latest FVP version is ``11.23.25`` and is automatically downloaded and installed when using the
+``runfvp`` command as detailed below.
 
-::
+.. note::
 
-  kas shell meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml -c "../meta-arm/scripts/runfvp -- --version"
+    .. code-block:: console
 
-The FVP can also be manually downloaded from the `Arm Ecosystem FVPs`_ page. On this page, navigate
-to "Corstone IoT FVPs" section to download the Corstone-1000 platform FVP installer.  Follow the
-instructions of the installer and setup the FVP.
+        kas shell meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml \
+        -c "../meta-arm/scripts/runfvp -- --version"
 
-To run the FVP using the runfvp command, please run the following command:
+The FVP can also be manually downloaded from the `Arm Ecosystem FVPs`_ page by navigating
+to "Corstone IoT FVPs" section to download the Corstone-1000 platform FVP installer. Follow the
+instructions of the installer to setup the FVP.
 
-::
+#. Run the FVP
 
-  kas shell meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml -c "../meta-arm/scripts/runfvp --terminals=xterm"
+    .. code-block:: console
 
-When the script is executed, three terminal instances will be launched, one for the boot processor
-(aka Secure Enclave) processing element and two for the Host processing element. Once the FVP is
-executing, the Boot Processor will start to boot, wherein the relevant memory contents of the .wic
-file are copied to their respective memory locations within the model, enforce firewall policies
-on memories and peripherals and then, bring the host out of reset.
+        kas shell meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml \
+        -c "../meta-arm/scripts/runfvp --terminals=tmux"
 
-The host will boot trusted-firmware-a, OP-TEE, U-Boot and then Linux, and present a login prompt
-(FVP host_terminal_0):
+    When the script is executed, three terminal instances will be launched:
 
-::
+    - one for the Secure Enclave processing element
+    - two for the Host processor processing element.
 
-    corstone1000-fvp login:
 
-Login using the username root.
+    .. code-block:: console
 
-Using FVP on Windows or AArch64 Linux
--------------------------------------
+        corstone1000-fvp login:
+
+#. Login using the ``root`` username.
 
-The user should follow the build instructions in this document to build on a Linux host machine.
-Then, copy the output binaries to the Windows or Aarch64 Linux machine where the FVP is located.
-Then, launch the FVP binary.
 
 Security Issue Reporting
 ------------------------
 
 To report any security issues identified with Corstone-1000, please send an email to psirt@arm.com.
 
-###########################
-User Guide: Provided tests
-###########################
+#####
+Tests
+#####
 
-SystemReady-IR tests
---------------------
+.. important::
 
-*************
-Testing steps
-*************
+    All the tests below assume you have already built the software stack at least once
+    following the instructions `here <building-the-software-stack_>`__.
 
-**NOTE**: Running the SystemReady-IR tests described below requires the user to
-work with USB sticks. In our testing, not all USB stick models work well with
-MPS3 FPGA. Here are the USB sticks models that are stable in our test
-environment.
 
- - HP V165W 8 GB USB Flash Drive
- - SanDisk Ultra 32GB Dual USB Flash Drive USB M3.0
- - SanDisk Ultra 16GB Dual USB Flash Drive USB M3.0
+.. _clean-secure-flash:
 
-**NOTE**:
-Before running each of the tests in this chapter, the user should follow the
-steps described in following section "Clean Secure Flash Before Testing" to
-erase the SecureEnclave flash cleanly and prepare a clean board environment for
-the testing.
+Clean Secure Flash
+------------------
 
-Prepare EFI System Partition
-===========================================================
-Corstone-1000 FVP and FPGA do not have enough on-chip nonvolatile memory to host
-an EFI System Partition (ESP). Thus, Corstone-1000 uses mass storage device for
-ESP. The instructions below should be followed for both FVP and FPGA before
-running the ACS tests.
+.. important::
 
-**Common to FVP and FPGA:**
+    The MPS3 secure flash needs to be cleared before running tests.
+    This is to erase the flash cleanly and prepare a clean board environment for testing.
 
-::
 
-  kas build meta-arm/kas/corstone1000-{mps3,fvp}.yml:meta-arm/ci/debug.yml --target corstone1000-esp-image
+#. Clone the `systemready-patch` repository to your $WORKSPACE.
 
-Once the build is successful ``corstone1000-esp-image-corstone1000-{mps3,fvp}.wic`` will be available in either:
- - ``<_workspace>/build/tmp/deploy/images/corstone1000-fvp/`` folder for FVP build;
- - ``<_workspace>/build/tmp/deploy/images/corstone1000-mps3/`` folder for FPGA build.
+    .. code-block:: console
 
-**Using ESP in FPGA:**
+        cd $WORKSPACE
+        git clone https://git.gitlab.arm.com/arm-reference-solutions/systemready-patch.git -b CORSTONE1000-2024.11
 
-Once the ESP is created, it needs to be flashed to a second USB drive different than ACS image.
-This can be done with the development machine. In the given example here
-we assume the USB device is ``/dev/sdb`` (the user should use ``lsblk`` command to
-confirm). Be cautious here and don't confuse your host machine own hard drive with the
-USB drive. Run the following commands to prepare the ACS image in USB stick:
+#. Copy the secure flash cleaning Git patch file to your copy of `meta-arm`.
 
-::
+    .. code-block:: console
 
-   sudo dd if=corstone1000-esp-image-corstone1000-mps3.wic of=/dev/sdb iflag=direct oflag=direct status=progress bs=512; sync;
+        cp -f systemready-patch/embedded-a/corstone1000/erase_flash/0001-embedded-a-corstone1000-clean-secure-flash.patch meta-arm
 
-Now you can plug this USB stick to the board together with ACS test USB stick.
+#. Apply the Git patch to `meta-arm`.
 
-**Using ESP in FVP:**
+    .. code-block:: console
 
-The ESP disk image once created will be used automatically in the Corstone-1000 FVP as the 2nd MMC card image. It will be used when the SystemReady-IR tests will be performed on the FVP in the later section.
+        cd meta-arm
+        git apply 0001-embedded-a-corstone1000-clean-secure-flash.patch
 
+#. Rebuild the software stack.
 
-Clean Secure Flash Before Testing (applicable to FPGA only)
-===========================================================
+    .. code-block:: console
 
-To prepare a clean board environment with clean secure flash for the testing,
-the user should prepare an image that erases the secure flash cleanly during
-boot. Run following commands to build such image.
+        cd $WORKSPACE
+        kas shell meta-arm/kas/corstone1000-mps3.yml:meta-arm/ci/debug.yml
+        bitbake -c cleansstate trusted-firmware-m corstone1000-flash-firmware-image
+        bitbake -c build corstone1000-flash-firmware-image
 
-::
+#. Replace the ``bl1.bin`` file on the SD card with ``$WORKSPACE/build/tmp/deploy/images/corstone1000-mps3/bl1.bin``.
 
-  cd <_workspace>
-  git clone https://git.yoctoproject.org/git/meta-arm -b CORSTONE1000-2024.06
-  git clone https://git.gitlab.arm.com/arm-reference-solutions/systemready-patch.git -b CORSTONE1000-2024.06
-  cp -f systemready-patch/embedded-a/corstone1000/erase_flash/0001-embedded-a-corstone1000-clean-secure-flash.patch meta-arm
-  cd meta-arm
-  git apply 0001-embedded-a-corstone1000-clean-secure-flash.patch
-  cd ..
-  kas build meta-arm/kas/corstone1000-mps3.yml:meta-arm/ci/debug.yml
+#. Reboot the board to completely erase the secure flash.
 
-Replace the bl1.bin and cs1000.bin files on the SD card with following files:
-  - The ROM firmware: <_workspace>/build/tmp/deploy/images/corstone1000-mps3/bl1.bin
-  - The flash image: <_workspace>/build/tmp/deploy/images/corstone1000-mps3/corstone1000-flash-firmware-image-corstone1000-mps3.wic
+    The following message log from TrustedFirmware-M should be displayed on the Secure Enclave terminal (``ttyUSB1``):
 
-Now reboot the board. This step erases the Corstone-1000 SecureEnclave flash
-completely, the user should expect following message from TF-M log (can be seen
-in ttyUSB1):
+    .. code-block:: console
 
-::
+        !!!SECURE FLASH HAS BEEN CLEANED!!!
+        NOW YOU CAN FLASH THE ACTUAL CORSTONE1000 IMAGE
+        PLEASE REMOVE THE LATEST ERASE SECURE FLASH PATCH AND BUILD THE IMAGE AGAIN
 
-  !!!SECURE FLASH HAS BEEN CLEANED!!!
-  NOW YOU CAN FLASH THE ACTUAL CORSTONE1000 IMAGE
-  PLEASE REMOVE THE LATEST ERASE SECURE FLASH PATCH AND BUILD THE IMAGE AGAIN
+#. Whilst still in the ``kas`` shell, revert the changes the patch introduced by running the following commands:
 
-Then the user should follow "Building the software stack" to build a clean
-software stack and flash the FPGA as normal. And continue the testing.
+    .. code-block:: console
 
-Run SystemReady-IR ACS tests
-============================
+        cd $WORKSPACE/meta-arm
+        git reset --hard
+        cd ..
+        bitbake -c cleansstate trusted-firmware-m corstone1000-flash-firmware-image
+        exit
+
+#. Follow the `instructions <building-the-software-stack_>`__ to build a clean software stack and flash the MPS3 with it.
+
+You can proceed with the test instructions in the following section after having done all the above.
+
+SystemReady-IR
+--------------
+
+.. important::
+    Running the SystemReady-IR tests described below requires USB drives.
+    In our testing, not all USB drive models worked well with the MPS3.
+
+    Here are the USB drive models that were stable in our test environment:
+
+        - HP v165w 8 GB USB Flash Drive
+        - SanDisk Ultra 32GB Dual USB Flash Drive USB M3.0
+        - SanDisk Ultra 16GB Dual USB Flash Drive USB M3.0
+
+Follow the instructions below before running the Architecture Compliance Suite (ACS) tests.
+
+
+.. _build-efi-system-partition:
+
+*****************************
+Build an EFI System Partition
+*****************************
+
+A storage with EFI System Partition (ESP) must exist in the system for the UEFI-SCT related tests to pass.
+
+#. Build an ESP partition for your target
+
+    .. code-block:: console
+
+        kas build meta-arm/kas/corstone1000-$TARGET.yml:meta-arm/ci/debug.yml --target corstone1000-esp-image
+
+#. Locate the ``corstone1000-esp-image-corstone1000-$TARGET.wic`` build artefact
+   in ``$WORKSPACE/build/tmp/deploy/images/corstone1000-$TARGET/`` 
+
+****************************
+Use the EFI System Partition
+****************************
+
+.. _use-efi-system-partition-mps3:
+
+MPS3
+====
+
+#. Connect a USB drive to your development machine.
+
+#. Run the following command on your development machine to discover which device is your USB drive:
+
+    .. code-block:: console
+
+        lsblk
+
+    The remaining steps assume the USB drive is ``/dev/sdb``.
+
+    .. warning::
+
+        Do not mistake your development machine hard drive with the USB drive.
+
+#. Copy the ESP to the USB drive by running the following command:
+
+    .. code-block:: console
+
+        sudo dd \
+        if=$WORKSPACE/build/tmp/deploy/images/corstone1000-mps3/corstone1000-esp-image-corstone1000-mps3.wic \
+        of=/dev/sdb \
+        iflag=direct oflag=direct status=progress bs=512; sync;
+
+#. Plug the USB drive to the MPS3.
+
+
+.. _use-efi-system-partition-fvp:
+
+FVP
+===
 
-Architecture Compliance Suite (ACS) is used to ensure architectural compliance
-across different implementations of the architecture. Arm Enterprise ACS
-includes a set of examples of the invariant behaviors that are provided by a
-set of specifications for enterprise systems (For example: SBSA, SBBR, etc.),
-so that implementers can verify if these behaviours have been interpreted correctly.
+The ESP disk image will automatically be used by the Corstone-1000 FVP as the 2nd MMC card image.
+It will be used when the SystemReady-IR tests is performed on the FVP in the later section.
 
-The ACS image contains a BOOT partition.
-Following test suites and bootable applications are under BOOT partition:
+
+****************************
+Run SystemReady-IR ACS Tests
+****************************
+
+ACS is used to ensure architectural compliance across different implementations of the architecture.
+Arm Enterprise ACS includes a set of examples of the invariant behaviors that are provided by a
+set of specifications for enterprise systems (i.e. SBSA, SBBR, etc.).
+Implementers can verify if these behaviors have been interpreted correctly.
+
+The following test suites and bootable applications are under the ``BOOT`` partition of the ACS image:
 
  * SCT
  * FWTS
- * BSA uefi
+ * BSA UEFI
  * BSA linux
- * grub
- * uefi manual capsule application
+ * GRUB
+ * UEFI manual capsule application
 
-BOOT partition contains the following:
+See the directory structure of the ACS image ``BOOT`` partition below:
 
-::
+.. code-block:: console
 
     ├── EFI
     │   └── BOOT
@@ -511,962 +658,1256 @@ BOOT partition contains the following:
     ├── ramdisk-busybox.img
     └── acs_results
 
-The BOOT partition is also used to store the test results. The
-results are stored in the `acs_results` folder.
+The ``BOOT`` partition is also used to store test results in the ``acs_results`` folder.
 
-**NOTE**: PLEASE ENSURE THAT the `acs_results` FOLDER UNDER THE BOOT PARTITION IS
-EMPTY BEFORE YOU START TESTING. OTHERWISE THE TEST RESULTS WILL NOT BE CONSISTENT.
+.. important::
+
+    Ensure that the ``acs_results`` folder is empty before starting the test.
 
-FPGA instructions for ACS image
-===============================
 
-This section describes how the user can build and run Architecture Compliance
-Suite (ACS) tests on Corstone-1000.
+This sections below describe how to build and run ACS tests on Corstone-1000.
 
-First, the user should download the `Arm SystemReady ACS repository <https://github.com/ARM-software/arm-systemready/>`__.
-This repository contains the infrastructure to build the Architecture
-Compliance Suite (ACS) and the bootable prebuilt images to be used for the
-certifications of SystemReady-IR. To download the repository, run command:
+.. _mps3-instructions-for-acs-image:
 
-::
 
-  cd <_workspace>
-  git clone https://github.com/ARM-software/arm-systemready.git
+#. On your host development machine, clone the `Arm SystemReady ACS repository <https://github.com/ARM-software/arm-systemready/>`_.
 
-Once the repository is successfully downloaded, the prebuilt ACS live image can be found in:
- - ``<_workspace>/arm-systemready/IR/prebuilt_images/v23.09_2.1.0/ir-acs-live-image-generic-arm64.wic.xz``
+    .. code-block:: console
 
-**NOTE**: This prebuilt ACS image includes v5.13 kernel, which doesn't provide
-USB driver support for Corstone-1000. The ACS image with newer kernel version
-and with full USB support for Corstone-1000 will be available in the next
-SystemReady release in this repository.
+        cd $WORKSPACE
+        git clone https://github.com/ARM-software/arm-systemready.git
 
-Then, the user should prepare a USB stick with ACS image. In the given example here,
-we assume the USB device is ``/dev/sdb`` (the user should use ``lsblk`` command to
-confirm). Be cautious here and don't confuse your host machine own hard drive with the
-USB drive. Run the following commands to prepare the ACS image in USB stick:
+    This repository contains the infrastructure to build the ACS and the bootable prebuilt images to be used for the
+    certifications of SystemReady-IR.
 
-::
+#. Find the pre-built ACS live image in ``$WORKSPACE/arm-systemready/IR/prebuilt_images/v23.09_2.1.0/ir-acs-live-image-generic-arm64.wic.xz``.
 
-  cd <_workspace>/arm-systemready/IR/prebuilt_images/v23.09_2.1.0
-  unxz ir-acs-live-image-generic-arm64.wic.xz
-  sudo dd if=ir-acs-live-image-generic-arm64.wic of=/dev/sdb iflag=direct oflag=direct bs=1M status=progress; sync
+    .. note::
 
-Once the USB stick with ACS image is prepared, the user should make sure that
-ensure that both USB sticks (ESP and ACS image) are connected to the board,
-and then boot the board.
+        This prebuilt ACS image includes v5.13 kernel, which does not provide
+        USB driver support for Corstone-1000. The ACS image with a newer kernel version
+        and full USB support for Corstone-1000 will be available in the repository with the next
+        SystemReady release.
+
+#. Decompress the pre-built ACS live image.
+
+    .. code-block:: console
+
+        cd $WORKSPACE/arm-systemready/IR/prebuilt_images/v23.09_2.1.0
+        unxz ir-acs-live-image-generic-arm64.wic.xz
+
+MPS3
+====
 
-The FPGA will reset multiple times during the test, and it might take approx. 24-36 hours to finish the test.
+#. Connect a USB drive (other than the one used for the ESP) to the host development machine.
 
-**NOTE**: The USB stick which contains the ESP partition might cause grub to
-unable to find the bootable partition (only in the FPGA). If that's the case, please
-remove the USB stick and run the ACS tests. ESP partition can be mounted after
-the platform is booted to linux at the end of the ACS tests.
+#. Run the following command to discover which device is your USB drive:
 
+    .. code-block:: console
 
-FVP instructions for ACS image and run
-======================================
+        lsblk
 
-The FVP has been integrated in the meta-arm-systemready layer so the running of the ACS tests can be handled automatically as follows
+    The remaining steps assume the USB drive is ``/dev/sdc``.
 
-::
+    .. warning::
 
-  kas build meta-arm/ci/corstone1000-fvp.yml:meta-arm/ci/debug.yml:kas/arm-systemready-ir-acs.yml
+        Do not mistake your development machine hard drive with the USB drive.
 
-The details of how this layer works can be found in : ``<_workspace>/meta-arm-systemready/README.md``
+#. Copy the ACS image to the USB drive by running the following commands:
 
-**NOTE:** You can't use the standard meta-arm/kas/corstone1000-fvp.yml kas file as it sets the build up for only building firmware
+    .. code-block:: console
 
-**NOTE:** These test might take up to 1 day to finish
+        cd $WORKSPACE/arm-systemready/IR/prebuilt_images/v23.09_2.1.0
+        sudo dd if=ir-acs-live-image-generic-arm64.wic of=/dev/sdc iflag=direct oflag=direct bs=1M status=progress; sync
 
+#. Plug the USB drive to the MPS3. At this point you should have both the USB drive with the ESP and the USB drive with the ACS image plugged to the MPS3.
 
-Common to FVP and FPGA
-======================
+#. Reboot the MPS3.
 
-U-Boot should be able to boot the grub bootloader from
-the 1st partition and if grub is not interrupted, tests are executed
-automatically in the following sequence:
+The MPS3 will reset multiple times during the test, and it might take approximately 24 to 36 hours to finish the test.
+
+.. important::
+
+    Unplug the ESP USB drive from the MPS3 if it is preventing GRUB
+    from finding the bootable partition. Leave only the ACS image USB drive
+    plugged in to run the ACS tests.
+
+    The ESP USB drive can be plugged in again after
+    selecting the `Linux Boot` option in the GRUB menu at the end of the ACS tests.
+
+.. warning::
+
+    A timeout issue has been observed while booting Linux during the ACS tests, causing the system to boot into emergency mode.
+    Booting Linux is necessary to run certain tests, such as `dt-validation`.
+    The following workaround is required to enable Linux to boot properly and perform all Linux-based tests:
+
+    #. Press Enter at the Linux prompt.
+    #. Open the file `/etc/systemd/system.conf` and set `DefaultDeviceTimeoutSec=infinity`.
+    #. Reboot the platform using the `reboot` command.
+    #. Select the `Linux Boot` option from the GRUB menu.
+    #. Allow Linux to boot and run the remaining ACS tests until completion.
+
+.. _fvp-instructions-for-acs-image:
+
+FVP
+===
+
+
+Run the commands below to run the ACS test on FVP using the built firmware image and the pre-built ACS image identified above:
+
+.. code-block:: console
+
+    cd $WORKSPACE
+    tmux
+    ./meta-arm/scripts/runfvp \
+    --terminals=tmux \
+    ./build/tmp/deploy/images/corstone1000-fvp/corstone1000-flash-firmware-image-corstone1000-fvp.fvpconf \
+    -- -C board.msd_mmc.p_mmc_file=$WORKSPACE/arm-systemready/IR/prebuilt_images/v23.09_2.1.0/ir-acs-live-image-generic-arm64.wic
+
+
+.. note::
+    The FVP will reset multiple times during the test.
+    The ACS tests might take up to 1 day to complete when run on FVP.
+
+The message `ACS run is completed` will be displayed on the FVP host terminal when the test runs to completion.
+You will be prompted to press the Enter key to access the Linux prompt.
+
+
+Test Sequence and Results
+=========================
+
+U-Boot should be able to boot the GRUB bootloader from the first partition.
+
+If GRUB is not interrupted, the tests are executed automatically in the following order:
 
  - SCT
  - UEFI BSA
  - FWTS
 
-The results can be fetched from the `acs_results` folder in the BOOT partition of the USB stick (FPGA) / SD Card (FVP).
+The results can be fetched from the `acs_results` folder in the ``BOOT`` partition of the USB drive (for MPS3) or SD Card (for FVP).
+
+.. note::
+
+    Access the `acs_results` folder in FVP by running the following commands:
 
-**NOTE:** The FVP uses the ``<_workspace>/build/tmp-glibc/work/corstone1000_fvp-oe-linux/arm-systemready-ir-acs/2.0.0/deploy-arm-systemready-ir-acs/arm-systemready-ir-acs-corstone1000-fvp.wic`` image if the meta-arm-systemready layer is used.
-The result can be checked in this image.
+    .. code-block:: console
+
+        sudo mkdir /mnt/test
+        sudo mount -o rw,offset=1048576 \
+        $WORKSPACE/arm-systemready/IR/prebuilt_images/v23.09_2.1.0/ir-acs-live-image-generic-arm64.wic \
+        /mnt/test
 
 #####################################################
 
-Manual capsule update and ESRT checks
--------------------------------------
+Capsule Update
+--------------
 
-The following section describes running manual capsule updates by going through
-a negative and positive test. Two capsules are needed to perform the positive
-and negative updates. The steps also show how to use the EFI System Resource Table
-(ESRT) to retrieve the installed capsule details.
+The following section describes the steps to update the firmware using Capsule Update
+as the Corstone-1000 supports UEFI.
 
-In the positive test, a valid capsule is used and the platform boots correctly
-until the Linux prompt after the update. In the negative test, an outdated
-capsule is used that has a smaller version number. This capsule gets rejected
-because of being outdated and the previous firmware will be used instead.
+The firmware update process is tested with an invalid capsule (negative capsule update test)
+and with a valid capsule (positive capsule update test) to validate the robustness and
+error-handling capabilities of the firmware update mechanism.
 
+During the positive capsule update test, the Corstone-1000 is given a valid capsule, which it successfully applies, boots up and then reaches the Linux command prompt.
 
-*******************
-Generating Capsules
-*******************
+During the negative capsule update test, the Corstone-1000 is given an outdated capsule with a lower version number,
+which is expected to be rejected due to its outdated status, thereby retaining the previous firmware.
+
+Two different capsules (one for each test) are therefore needed to perform the tests.
+
+
+*****************
+Generate Capsules
+*****************
+
+U-Boot's ``mkeficapsule`` tool is used to generate capsules. It is built automatically for the host machine during the firmware image building process.
+The tool can be found in the ``$WORKSPACE/build/tmp/sysroots-components/x86_64/u-boot-tools-native/usr/bin/mkeficapsule`` directory.
+
+``mkeficapsule`` uses a no-partition image which is created when performing a clean firmware build.
+The no-partition image can be found in the ``$WORKSPACE/build/tmp/deploy/images/corstone1000-$TARGET/corstone1000-$TARGET_image.nopt`` directory.
+
+The capsule's default metadata passed can be found in the ``$WORKSPACE/meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-flash-firmware-image.bb``
+and ``$WORKSPACE/meta-arm/kas/corstone1000-image-configuration.yml`` files.
+
+Valid Capsule
+=============
+
+An automatically generated capsule can be found in ``$WORKSPACE/build/tmp/deploy/images/corstone1000-$TARGET/corstone1000-$TARGET-v6.uefi.capsule`` after running a firmware build.
+
+The default metadata values are assumed to be correct to generate a valid capsule.
+
+This capsule will be used for the positive capsule update test.
+
+Invalid Capsule
+===============
+
+Generate another capsule with ``fw-version`` metadata set to a lower version than the valid capsule.
+The example below assumes the valid capsule has a default firmware version of 6, and therefore creates an invalid capsule with firmware version 5.
+
+
+Run the following commands to generate an invalid capsule with a ``fw-version`` of ``5``:
+
+.. code-block:: console
+
+   cd $WORKSPACE
+
+   ./build/tmp/sysroots-components/x86_64/u-boot-tools-native/usr/bin/mkeficapsule \
+   --monotonic-count 1 \
+   --private-key build/tmp/deploy/images/corstone1000-$TARGET/corstone1000_capsule_key.key \
+   --certificate build/tmp/deploy/images/corstone1000-$TARGET/corstone1000_capsule_cert.crt \
+   --index 1 \
+   --guid $TARGET_GUID \
+   --fw-version 5 build/tmp/deploy/images/corstone1000-$TARGET/corstone1000-$TARGET_image.nopt \
+   corstone1000-$TARGET-v5.uefi.capsule
+
+
+.. important::
+
+    ``$TARGET_GUID`` is different depending on whether the capsule is built for the ``fvp`` or ``mps3`` ``$TARGET``.
+
+    - ``fvp`` ``$TARGET_GUID`` is ``989f3a4e-46e0-4cd0-9877-a25c70c01329``
+    - ``mps3`` ``$TARGET_GUID`` is ``df1865d1-90fb-4d59-9c38-c9f2c1bba8cc``
+
+The invalid capsule will be located in the ``$WORKSPACE`` directory.
+
+***************************
+Transfer Capsules to Target
+***************************
+
+The capsule delivery process described below is the direct method (usage of capsules from the ACS image)
+as opposed to the on-disk method (delivery of capsules using a file on a mass storage device).
+
+MPS3
+====
+
+#. Prepare a USB drive as explained in `this <mps3-instructions-for-acs-image_>`_ section.
+
+#. Copy the capsule file to the root directory of the ``BOOT`` partition in the USB drive.
+
+  .. code-block:: console
+
+    sudo cp $CAPSULES_PATH/corstone1000-mps3-v6.uefi.capsule $ACS_IMAGE_USB_DRIVE_PATH/BOOT/
+    sudo cp $CAPSULES_PATH/corstone1000-mps3-v5.uefi.capsule $ACS_IMAGE_USB_DRIVE_PATH/BOOT/
+    sync
+
+.. important::
+
+    Since we are using the direct Capsule Update method, the capsule files should not be placed in
+    the ``EFI/UpdateCapsule`` directory, as this might inadvertently trigger the on-disk update method.
+
+FVP
+===
 
-A no-partition image is needed for the capsule generation. This image is
-created automatically during a clean Yocto build and it can be found in
-``build/tmp/deploy/images/corstone1000-<fvp/mps3>/corstone1000-<fvp/mps3>_image.nopt``.
-A capsule is also automatically generated with U-Boot's ``mkeficapsule`` tool
-during the Yocto build that uses this ``corstone1000-<fvp/mps3>_image.nopt``. The
-capsule's default metadata, that is passed to the ``mkeficapsule`` tool,
-can be found in the ``meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-flash-firmware-image.bb``
-and ``meta-arm/kas/corstone1000-image-configuration.yml`` files. These
-data can be modified before the Yocto build if it is needed. It is
-assumed that the default values are used in the following steps.
-
-The automatically generated capsule can be found in
-``build/tmp/deploy/images/corstone1000-<fvp/mps3>/corstone1000-<fvp/mps3>-v6.uefi.capsule``.
-This capsule will be used as the positive capsule during the test in the following
-steps.
-
-Generating Capsules Manually
+#. Download and extract the ACS image `as described for the MPS3 <mps3-instructions-for-acs-image_>`_.
+   The ACS image extraction location will be referred below as ``$ACS_IMAGE_PATH``.
+
+    .. note::
+
+      Creating a USB drive with the ACS image is not required as the image will be mounted with the steps below.
+
+#. Find the first partition's offset of the ``ir-acs-live-image-generic-arm64.wic`` image using the ``fdisk`` tool.
+   The partition table can be listed using:
+
+    .. code-block:: console
+
+        fdisk -lu $ACS_IMAGE_PATH/ir-acs-live-image-generic-arm64.wic
+        Device                                                 Start     End Sectors  Size Type
+        $ACS_IMAGE_PATH/ir-acs-live-image-generic-arm64.wic1    2048  309247  307200  150M Microsoft basic data
+        $ACS_IMAGE_PATH/ir-acs-live-image-generic-arm64.wic2  309248 1343339 1034092  505M Linux filesystem
+
+
+    Given that the first partition starts at sector 2048 and each sector is 512 bytes in size,
+    the first partition is at offset 1048576 (2048 x 512).
+
+#. Mount the ``ir-acs-live-image-generic-arm64.wic`` image using the previously calculated offset:
+
+    .. code-block:: console
+
+        sudo mkdir /mnt/ir-acs-live-image-generic-arm64
+        sudo mount -o rw,offset=<first_partition_offset> $ACS_IMAGE_PATH/ir-acs-live-image-generic-arm64.wic  /mnt/ir-acs-live-image-generic-arm64
+
+#. Copy the capsules:
+
+    .. code-block:: console
+
+        sudo cp $CAPSULES_PATH/corstone1000-fvp-v6.uefi.capsule /mnt/ir-acs-live-image-generic-arm64/
+        sudo cp $CAPSULES_PATH/corstone1000-fvp-v5.uefi.capsule /mnt/ir-acs-live-image-generic-arm64/
+        sync
+
+#. Unmount the IR image:
+
+    .. code-block:: console
+
+        sudo umount /mnt/ir-acs-live-image-generic-arm64
+
+************************
+Run Capsule Update Tests
+************************
+
+The valid capsule (``corstone1000-$TARGET-v6.uefi.capsule``) will be used first to run the positive capsule update test.
+This will be followed by using the invalid capsule (``corstone1000-$TARGET-v5.uefi.capsule``) to run the negative capsule update test.
+
+.. important::
+
+    This sequence order must be respected as the invalid capsule has a firmware version lower than the firmware version in the valid capsule.
+    The negative capsule update test effectively tests that firmware rollback is not permitted.
+
+
+.. _positive-capsule-update-test:
+
+Positive Capsule Update Test
 ============================
 
-If a new capsule has to be generated with different metadata after the build
-process, then it can be done manually by using the ``u-boot-tools``'s
-``mkeficapsule`` and the previously created ``.nopt`` image. The
-``mkeficapsule`` tool is built automatically for the host machine
-during the Yocto build.
+#. Run Corstone-1000 with the ACS image containing the two capsule files:
 
-The negative capsule needs a lower ``fw-version`` than the positive
-capsule. For example if the host's architecture is x86_64, this can
-be generated by using the following command:
+    - MPS3:
 
-::
+      #. Plug the prepared USB drive which has the IR prebuilt image and two capsules to the MPS3.
+      #. Power cycle the MPS3.
 
-   cd <_workspace>
+    - FVP:
 
-   ./build/tmp/sysroots-components/x86_64/u-boot-tools-native/usr/bin/mkeficapsule --monotonic-count 1 \
-   --private-key build/tmp/deploy/images/corstone1000-<fvp/mps3>/corstone1000_capsule_key.key \
-   --certificate build/tmp/deploy/images/corstone1000-<fvp/mps3>/corstone1000_capsule_cert.crt --index 1 --guid df1865d1-90fb-4d59-9c38-c9f2c1bba8cc \
-   --fw-version 5 build/tmp/deploy/images/corstone1000-<fvp/mps3>/corstone1000-<fvp/mps3>_image.nopt corstone1000-<fvp/mps3>-v5.uefi.capsule
+      #. Run the FVP with the IR prebuilt image which now also contains the two capsules:
 
-This command will put the negative capsule to the ``<_workspace>`` directory.
+      .. code-block:: console
 
+        kas shell meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml \
+        -c "../meta-arm/scripts/runfvp --terminals=tmux \
+        -- -C board.msd_mmc.p_mmc_file=$ACS_IMAGE_PATH/ir-acs-live-image-generic-arm64.wic"
 
-****************
-Copying Capsules
-****************
+      .. warning::
 
-Copying the FPGA capsules
-=========================
+          ``$ACS_IMAGE_PATH`` must be an absolute path. Ensure there are no spaces before or after of ``=`` of the ``-C board.msd_mmc.p_mmc_file`` option.
 
-The user should prepare a USB stick as explained in ACS image section `FPGA instructions for ACS image`_.
-Place the generated ``corstone1000-mps3-v<5/6>.uefi.capsule`` files in the root directory of the boot partition
-in the USB stick. Note: As we are running the direct method, the ``corstone1000-mps3-v<5/6>.uefi.capsule`` files
-should not be under the EFI/UpdateCapsule directory as this may or may not trigger
-the on disk method.
 
-::
+#. Wait until U-Boot loads EFI from the ACS image and interrupt the EFI shell by pressing the ``Escape`` key when the following prompt is displayed on the Host Processor terminal (``ttyUSB2``).
 
-   sudo cp <capsule path>/corstone1000-mps3-v6.uefi.capsule <mounting path>/BOOT/
-   sudo cp <capsule path>/corstone1000-mps3-v5.uefi.capsule <mounting path>/BOOT/
-   sync
+    .. code-block:: console
 
-Copying the FVP capsules
-========================
+        Press ESC in 4 seconds to skip startup.nsh or any other key to continue.
 
-The ACS image should be used for the FVP as well. Downloaded and extract the
-image the same way as for the FPGA `FPGA instructions for ACS image`_.
-Creating an USB stick with the image is not needed for the FVP.
+#. Access the content of the first file system (``File System 0``) where we copied the capsule files by running the following command:
 
-After getting the ACS image, find the 1st partition's offset of the
-``ir-acs-live-image-generic-arm64.wic`` image. The partition table can be
-listed using the ``fdisk`` tool.
+    .. code-block:: console
 
-::
+        FS0:
 
-  fdisk -lu <path-to-img>/ir-acs-live-image-generic-arm64.wic
-      Device                                Start     End Sectors  Size Type
-         <path-to-img>/ir-acs-live-image-generic-arm64.wic1   2048  309247  307200  150M Microsoft basic data
-         <path-to-img>/ir-acs-live-image-generic-arm64.wic2 309248 1343339 1034092  505M Linux filesystem
+#. Run the ``CapsuleApp`` application with the valid capsule file:
 
+    - MPS3:
 
-The first partition starts at the 2048th sector. This has to be multiplied
-by the sector size which is 512 so the offset is 2048 * 512 = 1048576.
+        .. code-block:: console
 
-Next, mount the IR image using the previously calculated offset:
+            EFI/BOOT/app/CapsuleApp.efi EFI/BOOT/corstone1000-mps3-v6.uefi.capsule
 
-::
+    - FVP:
 
-   sudo mkdir /mnt/test
-   sudo mount -o rw,offset=<first_partition_offset> <path-to-img>/ir-acs-live-image-generic-arm64.wic  /mnt/test
+        .. code-block:: console
 
-Then, copy the capsules:
+            EFI/BOOT/app/CapsuleApp.efi corstone1000-fvp-v6.uefi.capsule
 
-::
+    The capsule update will be started.
 
-   sudo cp <capsule path>/corstone1000-fvp-v6.uefi.capsule /mnt/test/
-   sudo cp <capsule path>/corstone1000-fvp-v5.uefi.capsule /mnt/test/
-   sync
+    .. note::
+        The capsule update takes about 8 minutes to complete on MPS3 and between 15-30 minutes on FVP.
 
-Then, unmount the IR image:
+        The Corstone-1000 will reset after successfully applying the capsule.
 
-::
+    
+    The software stack copies the capsule content to the external flash, which is shared between the Secure Enclave and the Host Processor
+    before rebooting the system.
 
-   sudo umount /mnt/test
+    After the first reboot, TrustedFirmware-M should apply the valid capsule and display the following log on the Secure Enclave terminal (``ttyUSB1``)
+    before rebooting the system a second time:
 
-******************************
-Performing the capsule update
-******************************
+    .. code-block:: console
 
-During this section we will be using the capsule with the higher version
-(``corstone1000-<fvp/mps3>-v6.uefi.capsule``) for the positive scenario
-and then the capsule with the lower version (``corstone1000-<fvp/mps3>-v5.uefi.capsule``)
-for the negative scenario. The two tests have to be done after each other
-in the correct order to make sure that the negative capsule will get rejected.
+      ...
+      SysTick_Handler: counted = 10, expiring on = 360
+      SysTick_Handler: counted = 20, expiring on = 360
+      SysTick_Handler: counted = 30, expiring on = 360
+      ...
+      metadata_write: success: active = 1, previous = 0
+      flash_full_capsule: exit
+      corstone1000_fwu_flash_image: exit: ret = 0
+      ...
 
-Running the FPGA with the IR prebuilt image
-===========================================
+    The above log snippet indicates that the new capsule image is successfully applied, and the board is booting with the external flash's Bank-1.
 
-Insert the prepared USB stick which has the IR prebuilt image and two capsules,
-then Power cycle the MPS3 board.
+    After a second reboot, the following log should be displayed on on the Secure Enclave terminal (``ttyUSB1``):
 
-Running the FVP with the IR prebuilt image
-==========================================
+    .. code-block:: console
 
-Run the FVP with the IR prebuilt image:
+      ...
+      fmp_set_image_info:133 Enter
+      FMP image update: image id = 0
+      FMP image update: status = 0version=6 last_attempt_version=6.
+      fmp_set_image_info:157 Exit.
+      corstone1000_fwu_host_ack: exit: ret = 0
+      ...
 
-::
+#. Interrupt the U-Boot shell.
 
-   kas shell meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml -c "../meta-arm/scripts/runfvp --terminals=xterm -- -C board.msd_mmc.p_mmc_file=<path-to-img>/ir-acs-live-image-generic-arm64.wic"
+    .. code-block:: console
 
-**NOTE:** <path-to-img> must start from the root directory. make sure there are no spaces before or after of "=". board.msd_mmc.p_mmc_file=<path-to-img>/ir-acs-live-image-generic-arm64.wic.
-**NOTE:** Do not restart the FVP between the positive and negative test because it will start from a clean state.
+        Hit any key to stop autoboot:
 
-Executing capsule update for FVP and FPGA
-=========================================
+#. Run the following commands in order to run the Corstone-1000 Linux kernel.
 
-Wait until U-boot loads EFI from the ACS image stick and interrupt the EFI
-shell by pressing ESC when the following prompt is displayed in the Host
-terminal (ttyUSB2).
+    .. note::
+        Otherwise, the execution ends up in the ACS live image.
 
-::
+    .. code-block:: console
 
-   Press ESC in 4 seconds to skip startup.nsh or any other key to continue.
+        $ unzip $kernel_addr 0x90000000
+        $ loadm 0x90000000 $kernel_addr_r $filesize
+        $ bootefi $kernel_addr_r $fdtcontroladdr
 
-Then, type FS0: as shown below:
 
-::
+#. After the system fully boots, read the EFI System Resource Table (ESRT) to verify that the firmware version matches the version of the capsule applied.
 
-  FS0:
+  .. code-block:: console
 
-Then start the CapsuleApp application. Use the positive capsule
-(corstone1000-<fvp/mps3>-v6.uefi.capsule) first.
+    # cd /sys/firmware/efi/esrt/entries/entry0
+    # cat *
 
-::
+    0x0                                      # capsule_flags
+    989f3a4e-46e0-4cd0-9877-a25c70c01329     # fw_class
+    0                                        # fw_type
+    6                                        # fw_version
+    0                                        # last_attempt_status
+    6                                        # last_attempt_version
+    0                                        # lowest_supported_fw_ver
+
+  See the `UEFI documentation <https://uefi.org/specs/UEFI/2.10/23_Firmware_Update_and_Reporting.html#id29>`__ for more information on the significance of the table fields.
+
+.. warning::
+
+    Do not terminate FVP between the positive and negative capsule update tests.
+
+Negative Capsule Update Test
+============================
 
-  EFI/BOOT/app/CapsuleApp.efi corstone1000-<fvp/mps3>-v6.uefi.capsule
+.. important::
 
-The capsule update will be started.
+  The `positive capsule update test <positive-capsule-update-test_>`__ must be run before running the negative capsule update test.
 
-**NOTE:**  On the FVP it takes around 15-30 minutes, on the FPGA it takes less time.
+#. After running the positive capsule update test, reboot the system by typing the following command on the Host Processor terminal (``ttyUSB2``):
 
-After successfully updating the capsule the system will reset. Make sure the
-Corstone-1000's Poky Distro is booted after the reset so the ESRT can be checked.
-It is described in the `Select Corstone-1000 Linux kernel boot`_ section how to
-boot the Poky distro after the capsule update.
-The `Positive scenario`_ sections describes how the result should be inspected.
-After the result is checked, the system can be rebooted with the ``reboot`` command in the Host
-terminal (ttyUSB2).
+    .. code-block:: console
 
-Interrupt the EFI shell again and now start the capsule update with the negative capsule:
+        reboot
 
-::
+#. Wait until U-Boot loads EFI from the ACS image and interrupt the EFI shell by pressing the ``Escape`` key when the following prompt is displayed on the Host Processor terminal (``ttyUSB2``).
 
-  EFI/BOOT/app/CapsuleApp.efi corstone1000-<fvp/mps3>-v5.uefi.capsule
+    .. code-block:: console
 
-The command above should fail and in the TF-M logs the following message should appear:
+        Press ESC in 4 seconds to skip startup.nsh or any other key to continue.
 
-::
+#. Access the content of the first file system (``File System 0``) where we copied the capsule files by running the following command:
 
-   ERROR: flash_full_capsule: version error
+    .. code-block:: console
 
-Then, reboot manually:
+        FS0:
 
-::
+#. Run the ``CapsuleApp`` application with the invalid capsule file:
 
-   Shell> reset
+    - MPS3:
 
-Make sure the Corstone-1000's Poky Distro is booted again
-(`Select Corstone-1000 Linux kernel boot`_) in order to check the results
-`Negative scenario`_.
+        .. code-block:: console
 
-Select Corstone-1000 Linux kernel boot
-======================================
+            EFI/BOOT/app/CapsuleApp.efi EFI/BOOT/corstone1000-mps3-v5.uefi.capsule
 
-Interrupt the U-Boot shell.
+    - FVP:
 
-::
+        .. code-block:: console
 
-   Hit any key to stop autoboot:
+            EFI/BOOT/app/CapsuleApp.efi corstone1000-fvp-v5.uefi.capsule
 
-Run the following commands in order to run the Corstone-1000 Linux kernel and being able to check the ESRT table.
 
-**NOTE:** Otherwise, the execution ends up in the ACS live image.
+#. TrustedFirmware-M should reject the capsule due to having a lower firmware version and display the following log on the Secure Enclave terminal (``ttyUSB1``):
 
-::
+    .. code-block:: console
 
-   $ unzip $kernel_addr 0x90000000
-   $ loadm 0x90000000 $kernel_addr_r $filesize
-   $ bootefi $kernel_addr_r $fdtcontroladdr
+      ...
+        uefi_capsule_retrieve_images: image 0 at 0xa0000070, size=15654928
+        uefi_capsule_retrieve_images: exit
+        flash_full_capsule: enter: image = 0x0xa0000070, size = 7764541, version = 5
+        ERROR: flash_full_capsule: version error
+        private_metadata_write: enter: boot_index = 1
+        private_metadata_write: success
+        fmp_set_image_info:133 Enter
+        FMP image update: image id = 0
+        FMP image update: status = 1version=6 last_attempt_version=5.
+        fmp_set_image_info:157 Exit.
+        corstone1000_fwu_flash_image: exit: ret = -1
+        fmp_get_image_info:232 Enter
+        pack_image_info:207 ImageInfo size = 105, ImageName size = 34, ImageVersionName
+        size = 36
+        fmp_get_image_info:236 Exit
+      ...
 
+    The Secure Enclave tries to load the new image a predetermined number of times
+    if the capsule passes initial verification but fails verifications performed during
+    boot time.
 
-*********************
-Capsule update status
-*********************
+      .. code-block:: console
 
-Positive scenario
-=================
+        ...
+        metadata_write: success: active = 0, previous = 1
+        fwu_select_previous: in regular state by choosing previous active bank
+        ...
 
-In the positive case scenario, the software stack copies the capsule to the
-External Flash, which is shared between the Secure Enclave and Host,
-then a reboot is triggered. The TF-M accepts the capsule.
-The user should see following TF-M log in the Secure Enclave terminal (ttyUSB1)
-before the system reboots automatically, indicating the new capsule
-image is successfully applied, and the board boots correctly.
+    The Secure Enclave eventually reverts back to the previously running image.
 
-::
+#. Reboot manually:
 
-  ...
-  SysTick_Handler: counted = 10, expiring on = 360
-  SysTick_Handler: counted = 20, expiring on = 360
-  SysTick_Handler: counted = 30, expiring on = 360
-  ...
-  metadata_write: success: active = 1, previous = 0
-  flash_full_capsule: exit
-  corstone1000_fwu_flash_image: exit: ret = 0
-  ...
+    .. code-block:: console
 
-And after the reboot:
+        Shell> reset
 
-::
+#. Interrupt the U-Boot shell.
 
-  ...
-  fmp_set_image_info:133 Enter
-  FMP image update: image id = 0
-  FMP image update: status = 0version=6 last_attempt_version=6.
-  fmp_set_image_info:157 Exit.
-  corstone1000_fwu_host_ack: exit: ret = 0
-  ...
+    .. code-block:: console
 
+        Hit any key to stop autoboot:
 
-It's possible to check the content of the ESRT table after the system fully boots.
+#. Run the following commands in order to run the Corstone-1000 Linux kernel.
 
-In the Linux command-line run the following:
+    .. note::
+        Otherwise, the execution ends up in the ACS live image.
 
-::
+    .. code-block:: console
 
-   # cd /sys/firmware/efi/esrt/entries/entry0
-   # cat *
+        $ unzip $kernel_addr 0x90000000
+        $ loadm 0x90000000 $kernel_addr_r $filesize
+        $ bootefi $kernel_addr_r $fdtcontroladdr
 
-   0x0
-   989f3a4e-46e0-4cd0-9877-a25c70c01329
-   0
-   6
-   0
-   6
-   0
+#. After the system fully boots, read the ESRT to verify the firmware version does not match what is on the invalid capsule.
 
-.. line-block::
-   capsule_flags:	0x0
-   fw_class:	989f3a4e-46e0-4cd0-9877-a25c70c01329
-   fw_type:	0
-   fw_version:	6
-   last_attempt_status:	0
-   last_attempt_version:	6
-   lowest_supported_fw_ver:	0
+    .. code-block:: console
 
+      # cd /sys/firmware/efi/esrt/entries/entry0
+      # cat *
 
-Negative scenario
-=================
+      0x0                                      # capsule_flags
+      989f3a4e-46e0-4cd0-9877-a25c70c01329     # fw_class
+      0                                        # fw_type
+      6                                        # fw_version
+      1                                        # last_attempt_status
+      5                                        # last_attempt_version
+      0                                        # lowest_supported_fw_ver
 
-In the negative case scenario (rollback the capsule version),
-the TF-M detects that the new capsule's version number is
-smaller then the current version. The capsule is rejected because
-of this.
-The user should see appropriate logs in the Secure Enclave terminal (ttyUSB1) before the system reboots itself.
 
-::
 
-  ...
-    uefi_capsule_retrieve_images: image 0 at 0xa0000070, size=15654928
-    uefi_capsule_retrieve_images: exit
-    flash_full_capsule: enter: image = 0x0xa0000070, size = 7764541, version = 5
-    ERROR: flash_full_capsule: version error
-    private_metadata_write: enter: boot_index = 1
-    private_metadata_write: success
-    fmp_set_image_info:133 Enter
-    FMP image update: image id = 0
-    FMP image update: status = 1version=6 last_attempt_version=5.
-    fmp_set_image_info:157 Exit.
-    corstone1000_fwu_flash_image: exit: ret = -1
-    fmp_get_image_info:232 Enter
-    pack_image_info:207 ImageInfo size = 105, ImageName size = 34, ImageVersionName
-    size = 36
-    fmp_get_image_info:236 Exit
-  ...
-
-
-If capsule pass initial verification, but fails verifications performed during
-boot time, Secure Enclave will try new images predetermined number of times
-(defined in the code), before reverting back to the previous good bank.
-
-::
-
-  ...
-  metadata_write: success: active = 0, previous = 1
-  fwu_select_previous: in regular state by choosing previous active bank
-  ...
-
-It's possible to check the content of the ESRT table after the system fully boots.
-
-In the Linux command-line run the following:
-
-::
-
-   # cd /sys/firmware/efi/esrt/entries/entry0
-   # cat *
-
-   0x0
-   989f3a4e-46e0-4cd0-9877-a25c70c01329
-   0
-   6
-   1
-   5
-   0
-
-.. line-block::
-   capsule_flags:	0x0
-   fw_class:	989f3a4e-46e0-4cd0-9877-a25c70c01329
-   fw_type:	0
-   fw_version:	6
-   last_attempt_status:	1
-   last_attempt_version:	5
-   lowest_supported_fw_ver:	0
-
-
-Linux distros tests
+Linux Distributions
 -------------------
 
-*************************************************************
-Debian install and boot preparation
-*************************************************************
+This sections describes the steps to install major Linux distributions to the Corstone-1000 Host Processor.
 
-There is a known issue in the `Shim 15.7 <https://salsa.debian.org/efi-team/shim/-/tree/upstream/15.7?ref_type=tags>`__
-provided with the Debian installer image (see below). This bug causes a fatal
-error when attempting to boot media installer for Debian, and it resets the platform before installation starts.
-A patch to be applied to the Corstone-1000 stack (only applicable when
-installing Debian) is provided to
-`Skip the Shim <https://gitlab.arm.com/arm-reference-solutions/systemready-patch/-/blob/CORSTONE1000-2024.06/embedded-a/corstone1000/shim/0001-arm-bsp-u-boot-corstone1000-Skip-the-shim-by-booting.patch>`__.
-This patch makes U-Boot automatically bypass the Shim and run grub and allows
-the user to proceed with a normal installation. If at the moment of reading this
-document the problem is solved in the Shim, the user is encouraged to try the
-corresponding new installer image. Otherwise, please apply the patch as
-indicated by the instructions listed below. These instructions assume that the
-user has already built the stack by following the build steps of this
-documentation.
+The Linux distributions to be installed are:
 
-::
+ - `Debian <https://www.debian.org/>`__
+ - `openSUSE <https://www.opensuse.org/>`__
 
-  cd <_workspace>
-  git clone https://git.gitlab.arm.com/arm-reference-solutions/systemready-patch.git -b CORSTONE1000-2024.06
-  cp -f systemready-patch/embedded-a/corstone1000/shim/0001-arm-bsp-u-boot-corstone1000-Skip-the-shim-by-booting.patch meta-arm
-  cd meta-arm
-  git am 0001-arm-bsp-u-boot-corstone1000-Skip-the-shim-by-booting.patch
-  cd ..
+Follow the instructions below to install the Linux distributions to the Corstone-1000 software stack.
 
-**On FPGA**
+**************************
+Prepare Installation Media
+**************************
 
-::
+The media containing the bootable files required to start the installation process needs to be prepared.
 
-  kas shell meta-arm/kas/corstone1000-mps3.yml:meta-arm/ci/debug.yml -c="bitbake u-boot trusted-firmware-a corstone1000-flash-firmware-image -c cleansstate; bitbake corstone1000-flash-firmware-image"
+Follow the instructions below to create the installation media.
 
-**On FVP**
+#. Using your development machine, download one of following Linux distribution images:
 
-::
+    - `Debian installer image <https://cdimage.debian.org/mirror/cdimage/archive/12.7.0/arm64/iso-dvd/>`__
+    - `OpenSUSE Tumbleweed installer image <http://download.opensuse.org/ports/aarch64/tumbleweed/iso/>`__ 
 
-  kas shell meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml -c="bitbake u-boot trusted-firmware-a corstone1000-flash-firmware-image -c cleansstate; bitbake corstone1000-flash-firmware-image"
+    .. note::
+        
+        For openSUSE Tumbleweed, search for an ISO file with the format: ``openSUSE-Tumbleweed-DVD-aarch64-Snapshot$DATE-Media.iso``.
+        
+        ``openSUSE-Tumbleweed-DVD-aarch64-Snapshot20240516-Media.iso`` was used during development.
 
-On FPGA, please update the cs1000.bin on the SD card with the newly generated wic file.
+    The location of the ISO file on the development machine will be referred to as ``$DISTRO_INSTALLER_ISO_PATH``.
 
-**NOTE:** Skip the shim patch only applies to Debian installation. The user should remove the patch from meta-arm before running the software to boot OpenSUSE or executing any other tests in this user guide. You can make sure of removing the skip the shim patch by executing the steps below.
+#. Create the installation media which will contain the necessary files to install the operation system.
 
-::
+    - MPS3:
 
-  cd <_workspace>/meta-arm
-  git reset --hard HEAD~1
-  cd ..
-  kas shell meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml -c="bitbake u-boot -c cleanall; bitbake trusted-firmware-a -c cleanall; bitbake corstone1000-flash-firmware-image -c cleanall; bitbake corstone1000-flash-firmware-image"
+        #. Plug a blank USB drive formatted with FAT32, ensuring it has a minimum capacity of 4GB, to the development machine.
 
-*************************************************
-Preparing the Installation Media
-*************************************************
+        #. Run the following command to discover which device is your USB drive:
 
-Download one of following Linux distro images:
- - `Debian installer image <https://cdimage.debian.org/mirror/cdimage/archive/12.4.0/arm64/iso-dvd/>`__
- - `OpenSUSE Tumbleweed installer image <http://download.opensuse.org/ports/aarch64/tumbleweed/iso/>`__ (Tested on: openSUSE-Tumbleweed-DVD-aarch64-Snapshot20240516-Media.iso)
+            .. code-block:: console
 
-**NOTE:** For OpenSUSE Tumbleweed, the user should look for a DVD Snapshot like
-openSUSE-Tumbleweed-DVD-aarch64-Snapshot<date>-Media.iso
+                lsblk
 
+            The remaining steps assume the USB drive is ``/dev/sdb``.
 
-FPGA
-==================================================
+            .. warning::
 
-To test Linux distro install and boot on FPGA, the user should prepare two empty USB
-sticks (minimum size should be 4GB and formatted with FAT32).
+                Do not mistake your development machine hard drive with the USB drive.
 
-The downloaded iso file needs to be flashed to your USB drive.
-This can be done with your development machine.
+        #. Write one of the distribution installer ISO file to the USB drive.
 
-In the example given below, we assume the USB device is ``/dev/sdb`` (the user
-should use the `lsblk` command to confirm).
+            .. code-block:: console
 
-**NOTE:** Please don't confuse your host machine own hard drive with the USB drive.
-Then, copy the contents of the iso file into the first USB stick by running the
-following command in the development machine:
+                sudo dd if=$DISTRO_INSTALLER_ISO_PATH of=/dev/sdb iflag=direct oflag=direct status=progress bs=1M; sync;
 
-::
+    - FVP:
 
-  sudo dd if=<path-to-iso_file> of=/dev/sdb iflag=direct oflag=direct status=progress bs=1M; sync;
+        The distribution installer ISO file does not need to be burnt to a USB drive.
+        It will be used as is when starting the FVP install the distribution.
 
+********************
+Prepare System Drive
+********************
 
-FVP
-==================================================
+A system (or boot) drive, to store all the operating system files and used to boot the distribution, is required as
+Corstone-1000 on-board non-volatile storage size is insufficient for installing the distributions.
+
+    - MPS3:
+        #. Find another blank USB drive formatted with FAT32 with a minimum capacity of 4GB.
+        #. Do not yet connect this blank USB drive to the MPS3. It will be used as the primary drive to boot the distribution.
+
+    - FVP:
+        #. Create an 10 GB GUID Partition Table (GPT) formatted MultiMediaCard (MMC) image.
+
+            .. code-block:: console
+
+                dd if=/dev/zero of=$WORKSPACE/fvp_distro_system_drive.img \
+                bs=1 count=0 seek=10G; sync; \
+                parted -s fvp_distro_system_drive.img mklabel gpt
+    
+        #. This MMC image will be used as the primary drive to boot the distribution.
+
+
+************
+Installation
+************
+
+MPS3
+====
 
-To test Linux distro install and boot on FVP, the user should prepare an mmc image.
-With a minimum size of 8GB formatted with gpt.
+#. Connect the installation media, which contains the installer for the desired distribution, to the MPS3.
+#. Open a serial port terminal interface to ``/dev/ttyUSB0`` in one terminal window on your development machine.
 
-::
+    .. code-block:: console
 
-  #Generating os_file
-  dd if=/dev/zero of=<_workspace>/os_file.img bs=1 count=0 seek=10G; sync;
-  parted -s os_file.img mklabel gpt
+        sudo picocom -b 115200 /dev/ttyUSB0
 
+#. Open a serial port terminal interface to ``/dev/ttyUSB2`` in another terminal window on your development machine.
 
-*************************************************
-Debian/openSUSE install
-*************************************************
+    .. code-block:: console
 
-FPGA
-==================================================
+        sudo picocom -b 115200 /dev/ttyUSB2
 
-Unplug the first USB stick from the development machine and connect it to the
-MSP3 board. At this moment, only the first USB stick should be connected. Open
-the following picocom sessions in your development machine:
+#. When the installation screen is displayed on ``ttyUSB2``, plug in the (still empty) system drive to the MPS3.
+#. Start the distribution installation process.
 
-::
+    .. note::
 
-  sudo picocom -b 115200 /dev/ttyUSB0  # in one terminal
-  sudo picocom -b 115200 /dev/ttyUSB2  # in another terminal.
+        Reboot the MPS3 with both USB drives (installation media and empty system drive) connected to it if the distribution installer does not start.
 
-When the installation screen is visible in ttyUSB2, plug in the second USB stick
-in the MPS3 and start the distro installation process. If the installer does not
-start, please try to reboot the board with both USB sticks connected and repeat
-the process.
+.. note::
 
-**NOTE:** Due to the performance limitation of Corstone-1000 MPS3 FPGA, the
-distro installation process can take up to 24 hours to complete.
+    Due to the performance limitation, the distribution installation process can take up to 24 hours to complete.
 
 FVP
-==================================================
+===
+#. Start the FVP with the system drive as the primary drive and the distro ISO file as the secondary drive.
 
-::
+    .. code-block:: console
 
-  kas shell meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml -c "../meta-arm/scripts/runfvp --terminals=xterm -- -C board.msd_mmc.p_mmc_file=<_workspace>/os_file.img -C board.msd_mmc_2.p_mmc_file=<path-to-iso_file>"
+        kas shell meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml \
+        -c "../meta-arm/scripts/runfvp --terminals=tmux -- \
+        -C board.msd_mmc.p_mmc_file=$WORKSPACE/fvp_distro_system_drive.img \
+        -C board.msd_mmc_2.p_mmc_file=$DISTRO_INSTALLER_ISO_PATH"
 
-The installer should now start.
-The OS will be installed on 'os_file.img'.
+    The Linux distribution will be installed on ``fvp_distro_system_drive.img``.
 
-*******************************************************
-Debian install clarifications
-*******************************************************
 
-As the installation process for Debian is different than the one for openSUSE,
-Debian may need some extra steps, that are indicated below:
+Debian Installation Extra Steps
+===============================
 
-During Debian installation, please answer the following question:
- - "Force grub installation to the EFI removable media path?" Yes
- - "Update NVRAM variables to automatically boot into Debian?" No
+Debian installation may need some extra steps, that are indicated below:
 
-If the grub installation fails, these are the steps to follow on the subsequent
-popups:
+#. Answer ``Yes`` to the question ``Force grub installation to the EFI removable media path?``.
 
-1. Select "Continue", then "Continue" again on the next popup
-2. Scroll down and select "Execute a shell"
-3. Select "Continue"
-4. Enter the following command:
+    If the GRUB installation fails, these are the steps to follow on the subsequent
+    popups:
 
-::
+    #. Select ``Continue``, then ``Continue`` again on the next popup.
 
-   in-target grub-install --no-nvram --force-extra-removable
+    #. Scroll down and select ``Execute a shell``.
 
-5. Enter the following command:
+    #. Select ``Continue``.
 
-::
+    #. Enter the following command:
 
-   in-target update-grub
+        .. code-block:: console
 
-6. Enter the following command:
+            in-target grub-install --no-nvram --force-extra-removable
 
-::
+    #. Enter the following command:
 
-   exit
+        .. code-block:: console
 
-7. Select "Continue without boot loader", then select "Continue" on the next popup
-8. At this stage, the installation should proceed as normal.
+            in-target update-grub
+    
+    #. Enter the following command:
 
-*****************************************************************
-Debian/openSUSE boot after installation
-*****************************************************************
+        .. code-block:: console
 
-FPGA
-===============
-Once the installation is complete, unplug the first USB stick and reboot the
-board.
-The board will then enter recovery mode, from which the user can access a shell
-after entering the password for the root user.
+            exit
+
+    #. Select ``Continue without boot loader``, then select ``Continue`` on the next popup.
+
+    #. At this stage, the installation should proceed as normal.
+
+#. Answer ``No`` to the question ``Update NVRAM variables to automatically boot into Debian?``.
+
+
+*****************
+Boot Distribution
+*****************
+
+- MPS3
+
+    #. Once the installation is complete, unplug the installation media.
+    #. Perform a cold boot of the MPS3.
+
+- FVP
+
+    The target should automatically boot into the installed operating system image.
+
+    Stop the FVP and run the command below to simulate a cold boot:
+
+    .. code-block:: console
+
+        kas shell meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml \
+        -c "../meta-arm/scripts/runfvp --terminals=tmux -- \
+        -C board.msd_mmc.p_mmc_file=$WORKSPACE/fvp_distro_system_drive.img"
+
+    .. warning::
+
+        To manually enter recovery mode, once the FVP begins booting, you can quickly
+        change the boot option in GRUB, to boot into recovery mode. This option will disappear
+        quickly, so it is best to preempt it.
+
+        Select ``Advanced Options for <OS>`` and then ``<OS> (recovery mode)``.
+
+
+The target will then enter recovery mode, from which the user can access a shell
+after entering the password for the ``root`` user.
+
+
+Timeout Optimizations
+=====================
+
+.. important::
+
+    Operating system timeouts are inconsistent across systems.
+    Skip this section if the system boots to Debian or OpenSUSE without any issue.
+
+Make the system modification below whilst in recovery mode to increase timeouts and boot to the installed distribution.
+
+#. Remove the timeout limit for device operations.
+
+    - Debian
+        .. code-block:: console
+
+            vi /etc/systemd/system.conf
+            DefaultDeviceTimeoutSec=infinity
+
+    - openSUSE
+        .. code-block:: console
+
+            vi /usr/lib/systemd/system.conf
+            DefaultDeviceTimeoutSec=infinity
+
+        .. warning::
+
+            As modifying ``system.conf`` in ``/usr/lib/systemd/`` is not working as it is getting overwritten,
+            copy ``system.conf`` from ``/usr/lib/systemd/`` to ``/etc/systemd/system.conf.d/`` after the above edit.
+
+#. Set the maximum time that the system will wait for a user to successfully log in before timing out to 180 seconds.
+
+    - Debian
+        .. code-block:: console
+
+            vi /etc/login.defs
+            LOGIN_TIMEOUT   180
+
+    - openSUSE
+        .. code-block:: console
+
+            vi /usr/etc/login.defs
+            LOGIN_TIMEOUT   180
+
+#. Ensure the changes are applied by run the command below.
+
+    .. code-block:: console
+
+        systemctl daemon-reload
+
+#. Perform a cold boot of the target.
+
+Log into the Distribution
+=========================
+
+Login with the ``root`` username and its corresponding password (set during installation)
+at the distribution login prompt after booting. See an illustration for Debian below:
+
+.. code-block:: console
+
+    debian login:
+
+
+UEFI Secure Boot
+----------------
+
+The UEFI Secure Boot test is designed to verify the integrity and authenticity of the system’s boot process.
+This test ensures that only trusted, signed images are executed, thereby preventing unauthorized or malicious code from running.
+A successful test confirms that the signed image executes correctly, while any unsigned image is blocked from running.
+
+
+**********************************************
+Generate Keys, Signed Image and Unsigned Image
+**********************************************
+
+#. Build an EFI System Partition as described `here <build-efi-system-partition_>`__.
+
+#. Clone the `systemready-patch` repository to your workspace.
+
+    .. code-block:: console
+
+        cd $WORKSPACE
+
+        git clone https://git.gitlab.arm.com/arm-reference-solutions/systemready-patch.git \
+        -b CORSTONE1000-2024.11
+
+#. Set the current working directory to build directory's subdirectory containing the software stack build images.
+
+    .. code-block:: console
+
+        cd $WORKSPACE/build/tmp/deploy/images/corstone1000-$TARGET/
+
+#. Run the image signing script (without changing the current working directory).
+
+    .. code-block:: console
+
+        ./$WORKSPACE/systemready-patch/embedded-a/corstone1000/secureboot/create_keys_and_sign.sh \
+        -d $TARGET \
+        -v $CERTIFICATE_VALIDITY_DURATION_IN_DAYS
+
+    .. important::
+
+        The `efitools <https://github.com/vathpela/efitools/>`__  package is required to execute the script.
+
+    .. note::
+
+        Consult the image signing script help message (``-h``) for more information about other optional arguments.
+
+        The script is interactive and contains commands that require ``sudo`` level permissions.
+
+
+The keys, signed kernel image, and unsigned kernel image will be copied to the exisiting ESP image.
+The modified ESP image can be found at ``$WORKSPACE/build/tmp/deploy/images/corstone1000-$TARGET/corstone1000-esp-image-corstone1000-$TARGET.wic``.
+
+
+****************************
+Run Unsigned Image Boot Test
+****************************
+
+.. _unsigned-image-boot-test-fvp:
 
 FVP
-==============
-The platform should automatically boot into the installed OS image.
+===
+
+#. Follow the instructions `here <use-efi-system-partition-fvp_>`__ to use the ESP.
 
-To cold boot:
+#. Run the software stack as described `here <running-software-stack-fvp_>`__.
 
- ::
+#. On the Host Processor terminal host side, stop the execution of U-Boot when prompted to do so with the message ``Press any key to stop``.
 
-  kas shell meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml -c "../meta-arm/scripts/runfvp --terminals=xterm -- -C board.msd_mmc.p_mmc_file=<_workspace>/os_file.img"
+    .. warning::
 
+        There is a timeout of 3 seconds to stop the execution at the U-Boot prompt.
 
-The board will then enter recovery mode, from which the user can access a shell
-after entering the password for the root user.
+    The U-Boot console prompt looks as follows:
+   
+    .. code-block:: console
+   
+        corstone1000#
 
 
-**NOTE:** To manually enter recovery mode, once the FVP begins booting, you can quickly
-change the boot option in grub, to boot into recovery mode. This option will disappear
-quickly, so it's best to preempt it.
+    .. important::
+    
+        The rest of the instructions below will be executed on the U-Boot terminal.
 
-Select 'Advanced Options for '<OS>' and then '<OS> (recovery mode)'.
+#. On the U-Boot console, set the current MMC device.
 
-Common
-==============
+    .. code-block:: console
 
-Proceed to edit the following files accordingly:
+        corstone1000# mmc dev 1
 
-::
+#. Enroll the four UEFI secure boot authenticated variables.
 
-  #Only applicable to Debian
-  vi /etc/systemd/system.conf
-  DefaultDeviceTimeoutSec=infinity
+    .. code-block:: console
 
-::
+        corstone1000# \
+        load mmc 1:1 $loadaddr corstone1000_secureboot_keys/PK.auth && setenv -e -nv -bs -rt -at -i $loadaddr:$filesize PK; \
+        load mmc 1:1 $loadaddr corstone1000_secureboot_keys/KEK.auth && setenv -e -nv -bs -rt -at -i $loadaddr:$filesize KEK; \
+        load mmc 1:1 $loadaddr corstone1000_secureboot_keys/db.auth && setenv -e -nv -bs -rt -at -i $loadaddr:$filesize db; \
+        load mmc 1:1 $loadaddr corstone1000_secureboot_keys/dbx.auth && setenv -e -nv -bs -rt -at -i $loadaddr:$filesize dbx
 
-  #Only applicable to openSUSE
-  vi /usr/lib/systemd/system.conf
-  DefaultDeviceTimeoutSec=infinity
+#. Attempt to Load the unsigned kernel image.
 
-  The system.conf has been moved from /etc/systemd/ to /usr/lib/systemd/ and directly modifying
-  the /usr/lib/systemd/system.conf is not working and it is getting overridden. We have to create
-  drop ins system configurations in /etc/systemd/system.conf.d/ directory. So, copy the
-  /usr/lib/systemd/system.conf to /etc/systemd/system.conf.d/ directory after the mentioned modifications.
+    .. code-block:: console
 
-The file to be edited next is different depending on the installed distro:
+        corstone1000# \
+        load mmc 1:1 $loadaddr corstone1000_secureboot_fvp_images/Image_fvp; \
+        loadm $loadaddr $kernel_addr_r $filesize; \
+        bootefi $kernel_addr_r $fdtcontroladdr
 
-::
+        Booting /MemoryMapped(0x0,0x88200000,0x236aa00)
+        Image not authenticated
+        Loading image failed
 
-  vi /etc/login.defs # Only applicable to Debian
-  vi /usr/etc/login.defs # Only applicable to openSUSE
-  LOGIN_TIMEOUT   180
+The unsigned Linux kernel image should not be loaded.
 
-To make sure the changes are applied, please run:
+.. _unsigned-image-boot-test-mps3:
 
-::
+MPS3
+====
 
-  systemctl daemon-reload
+#. Follow the instructions `here <use-efi-system-partition-mps3_>`__ to use the ESP.
 
-After applying the previous commands, please reboot the board or restart the runfvp command.
+#. Perform a cold boot of the MPS3.
 
-The user should see a login prompt after booting, for example, for debian:
+#. On the Host Processor terminal host side, stop the execution of U-Boot when prompted to do so with the message ``Press any key to stop``.
 
-::
+    .. warning::
 
-  debian login:
+        There is a timeout of 3 seconds to stop the execution at the U-Boot prompt.
 
-Login with the username root and its corresponding password (already set at
-installation time).
+    The U-Boot console prompt looks as follows:
+   
+    .. code-block:: console
+   
+        corstone1000#
 
-**NOTE:** Debian/OpenSUSE Timeouts are not applicable for all systems. Some systems are faster than the others (especially when running the FVP) and works well with default timeouts. If the system boots to Debian or OpenSUSE unmodified, the user can skip this section.
+    .. important::
+    
+        The rest of the instructions below will be executed on the U-Boot terminal.
 
-PSA API tests
--------------
+#. On the U-Boot console, reset USB.
 
-***********************************************************
-Run PSA API test commands (applicable to both FPGA and FVP)
-***********************************************************
+    .. code-block:: console
 
-When running PSA API test commands (aka PSA Arch Tests) on MPS3 FPGA, the user should make sure there is no
-USB stick connected to the board. Power on the board and boot the board to
-Linux. Then, the user should follow the steps below to run the tests.
+        corstone1000# usb reset
+        resetting USB...
+        Bus usb@40200000: isp1763 bus width: 16, oc: not available
+        USB ISP 1763 HW rev. 32 started
+        scanning bus usb@40200000 for devices... port 1 high speed
+        3 USB Device(s) found
+                scanning usb for storage devices... 1 Storage Device(s) found
 
-When running the tests on the Corstone-1000 FVP, the user should follow the
-instructions in `Running the software on FVP`_ section to boot Linux in FVP
-host_terminal_0, and login using the username ``root``.
+    .. note::
 
-First, load FF-A TEE kernel module:
+        Occasionally, the USB reset may fail to detect the USB device. It is advisable to rerun the USB reset command.
 
-::
+#. Select the first USB device, which should be the USB drive containing the ESP.
 
-  insmod /lib/modules/*-yocto-standard/updates/arm-tstee.ko
+    .. code-block:: console
 
-Then, check whether the FF-A TEE driver is loaded correctly by using the following command:
+        corstone1000# usb dev 0
 
-::
+#. Enroll the four UEFI secure boot authenticated variables.
 
-  cat /proc/modules | grep arm_tstee
+    .. code-block:: console
 
-The output should be similar to:
+        corstone1000# \
+        load usb 0 $loadaddr corstone1000_secureboot_keys/PK.auth && setenv -e -nv -bs -rt -at -i $loadaddr:$filesize PK; \
+        load usb 0 $loadaddr corstone1000_secureboot_keys/KEK.auth && setenv -e -nv -bs -rt -at -i $loadaddr:$filesize KEK; \
+        load usb 0 $loadaddr corstone1000_secureboot_keys/db.auth && setenv -e -nv -bs -rt -at -i $loadaddr:$filesize db; \
+        load usb 0 $loadaddr corstone1000_secureboot_keys/dbx.auth && setenv -e -nv -bs -rt -at -i $loadaddr:$filesize dbx
 
-::
+#. Attempt to Load the unsigned kernel image.
 
-   arm_tstee 16384 - - Live 0xffffffc000510000 (O)
+    .. code-block:: console
 
-Now, run the PSA API tests in the following order:
+        corstone1000# \
+        load usb 0 $loadaddr corstone1000_secureboot_mps3_images/Image_mps3
+        loadm $loadaddr $kernel_addr_r $filesize
+        bootefi $kernel_addr_r $fdtcontroladdr
 
-::
+        Booting /MemoryMapped(0x0,0x88200000,0x236aa00)
+        Image not authenticated
+        Loading image failed
 
-  psa-iat-api-test
-  psa-crypto-api-test
-  psa-its-api-test
-  psa-ps-api-test
+The unsigned Linux kernel image should not be loaded.
 
+**************************
+Run Signed Image Boot Test
+**************************
 
-UEFI Secureboot (SB) test
--------------------------
+FVP
+===
 
-Before running the SB test, the user should make sure that the `FVP and FPGA software has been compiled and the ESP image for both the FVP and FPGA has been created` as mentioned in the previous sections and user should use the same workspace directory under which sources have been compiled.
-The SB test is applicable on both the FVP and the FPGA and this involves testing both the signed and unsigned kernel images. Successful test results in executing the signed image correctly and not allowing the unsigned image to run at all.
+.. important::
 
-***********************************************************
-Below steps are applicable to FVP as well as FPGA
-***********************************************************
-Firstly, the flash firmware image has to be built for both the FVP and FPGA as follows:
+    You must first perform the `Unsigned Image Boot Test <unsigned-image-boot-test-fvp_>`__.
 
-For FVP,
+Load the signed kernel image.
 
-::
+.. code-block:: console
 
-  kas shell meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml -c bitbake -c build corstone1000-flash-firmware-image"
+    corstone1000# \
+    load mmc 1:1 $loadaddr corstone1000_secureboot_fvp_images/Image_fvp.signed; \
+    loadm $loadaddr $kernel_addr_r $filesize; \
+    bootefi $kernel_addr_r $fdtcontroladdr
 
+The signed Linux kernel image should be booted successfully.
 
-For FPGA,
+MPS3
+====
 
-::
+.. important::
 
-  kas shell meta-arm/kas/corstone1000-mps3.yml:meta-arm/ci/debug.yml -c bitbake -c build corstone1000-flash-firmware-image"
+    You must first perform the `Unsigned Image Boot Test <unsigned-image-boot-test-mps3_>`__.
 
-In order to test SB for FVP and FPGA, a bash script is available in the systemready-patch repo which is responsible in creating the relevant keys, sign the respective kernel images, and copy the same in their corresponding ESP images.
+Load the signed kernel image.
 
-Clone the systemready-patch repo under <_workspace. Then, change directory to where the script `create_keys_and_sign.sh` is and execute the script as follows:
+.. code-block:: console
 
-::
+    corstone1000# \
+    load usb 0 $loadaddr corstone1000_secureboot_mps3_images/Image_mps3.signed; \
+    loadm $loadaddr $kernel_addr_r $filesize; \
+    bootefi $kernel_addr_r $fdtcontroladdr
 
-  git clone https://git.gitlab.arm.com/arm-reference-solutions/systemready-patch.git -b CORSTONE1000-2024.06
-  cd systemready-patch/embedded-a/corstone1000/secureboot/
+The signed Linux kernel image should be booted successfully.
 
-**NOTE:** The efitools package is required to execute the script. Install the efitools package on your system, if it doesn't exist.
 
-The script is responsible to create the required UEFI secureboot keys, sign the kernel images and copy the public keys and the kernel images (both signed and unsigned) to the ESP image for both the FVP and FPGA.
+*******************
+Disable Secure Boot
+*******************
 
-::
+Running the UEFI Secure Boot Test steps stores UEFI authenticated variables in the secure flash.
+As a result, U-Boot reads these variables and verifies the Linux kernel image before executing it at each reboot.
 
-  ./create_keys_and_sign.sh -w <Absolute path to <workdir> directory under which sources have been compiled> -v <certification validity in days>
-  For ex: ./create_keys_and_sign.sh -w "/home/xyz/workspace/meta-arm" -v 365
-  For help: ./create_keys_and_sign.sh -h
+In a typical boot scenario, the Linux kernel image is not signed, which will prevent the system from booting due to failed image authentication.
+To resolve this, the Platform Key (one of the UEFI authenticated variables for secure boot) needs to be deleted.
 
-**NOTE:** The above script is interactive and contains some commands that would require sudo password/permissions.
+#. Perform a cold boot of the MPS3.
 
-After executing the above script, the relevant keys and the signed/unsigned kernel images will be copied to the ESP images for both the FVP and FGPA. The modified ESP images can be found at the same location i.e.
+#. On the Host Processor terminal host side, stop the execution of U-Boot when prompted to do so with the message ``Press any key to stop``.
 
-::
+#. On the U-Boot console, delete the Platform Key (PK).
 
-  For MPS3 FPGA : _workspace/meta-arm/build/tmp/deploy/images/corstone1000-mps3/corstone1000-esp-image-corstone1000-mps3.wic
-  For FVP       : _workspace/meta-arm/build/tmp/deploy/images/corstone1000-fvp/corstone1000-esp-image-corstone1000-fvp.wic
+    - FVP
 
-Now, it is time to test the SB for the Corstone-1000
+        .. code-block:: console
 
+            corstone1000# \
+            mmc dev 1; \
+            load mmc 1:1 $loadaddr corstone1000_secureboot_keys/PK_delete.auth && setenv -e -nv -bs -rt -at -i $loadaddr:$filesize PK; \
+            boot
 
-***********************************************************
-Steps to test SB on FVP
-***********************************************************
-Now, as mentioned in the previous section **Prepare EFI System Partition**, the ESP image will be used automatically in the Corstone-1000 FVP as the 2nd MMC card image. Change directory to your workspace and run the FVP as follows:
+    - MPS3
 
-::
+        .. code-block:: console
 
-  kas shell meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml -c "../meta-arm/scripts/runfvp --terminals=xterm"
+            corstone1000# \
+            usb reset; \
+            usb dev 0; \
+            load usb 0 $loadaddr corstone1000_secureboot_keys/PK_delete.auth && setenv -e -nv -bs -rt -at -i $loadaddr:$filesize PK; \
+            boot
 
-When the script is executed, three terminal instances will be launched, one for the boot processor (aka Secure Enclave) processing element and two for the Host processing element. On the host side, stop the execution at the U-Boot prompt which looks like `corstone1000#`. There is a timeout of 3 seconds to stop the execution at the U-Boot prompt. At the U-Boot prompt, run the following commands:
 
-Set the current mmc device
+PSA API
+-------
 
-::
+The following tests the implementation of the Application Programming Interface (API)
+of the Platform Security Architecture (PSA) certification scheme. It uses Arm Firmware Framework for Arm A-profile (FF-A)
+to communicate between the normal world and the secure world to run the `Arm Platform Security Architecture Test Suite <https://github.com/ARM-software/psa-arch-tests>`__.
 
-  corstone1000# mmc dev 1
+The tests use the `arm_tstee` driver to access Trusted Services Secure Partitions from user space. The driver is included in the Linux Kernel, starting from v6.10.
 
-Enroll the four UEFI Secureboot authenticated variables
+.. important::
+    Ensure there are no USB drives connected to the board when running the test on the MPS3.
 
-::
 
-  corstone1000# load mmc 1:1 ${loadaddr} corstone1000_secureboot_keys/PK.auth && setenv -e -nv -bs -rt -at -i ${loadaddr}:$filesize PK
-  corstone1000# load mmc 1:1 ${loadaddr} corstone1000_secureboot_keys/KEK.auth && setenv -e -nv -bs -rt -at -i ${loadaddr}:$filesize KEK
-  corstone1000# load mmc 1:1 ${loadaddr} corstone1000_secureboot_keys/db.auth && setenv -e -nv -bs -rt -at -i ${loadaddr}:$filesize db
-  corstone1000# load mmc 1:1 ${loadaddr} corstone1000_secureboot_keys/dbx.auth && setenv -e -nv -bs -rt -at -i ${loadaddr}:$filesize dbx
+The steps below are applicable to both MPS3 and FVP).
 
-Now, load the unsigned FVP kernel image and execute it. This unsigned kernel image should not boot and result as follows
+#. Start the Corstone-1000 and wait until it boots to Linux on the Host Processor terminal (``ttyUSB2``).
 
-::
+#. Run the PSA API tests by running the commands below in the order shown:
 
-  corstone1000# load mmc 1:1 ${loadaddr} corstone1000_secureboot_fvp_images/Image_fvp
-  corstone1000# loadm $loadaddr $kernel_addr_r $filesize
-  corstone1000# bootefi $kernel_addr_r $fdtcontroladdr
+    .. code-block:: console
 
-  Booting /MemoryMapped(0x0,0x88200000,0x236aa00)
-  Image not authenticated
-  Loading image failed
+        psa-iat-api-test
+        psa-crypto-api-test
+        psa-its-api-test
+        psa-ps-api-test
 
-The next step is to verify the signed linux kernel image. Load the signed kernel image and execute it as follows:
 
-::
+External System Processor
+-------------------------
 
-  corstone1000# load mmc 1:1 ${loadaddr} corstone1000_secureboot_fvp_images/Image_fvp.signed
-  corstone1000# loadm $loadaddr $kernel_addr_r $filesize
-  corstone1000# bootefi $kernel_addr_r $fdtcontroladdr
+.. important::
 
-The above set of commands should result in booting of signed linux kernel image successfully.
+    Access to the External System Processor is disabled by default.
+    Ensure you are running a software stack image with access to the External System Processor enabled following the steps `here <building-the-software-stack_>`__.
 
+The Linux operating system running on the Host Processor starts the ``remoteproc`` framework to manage the External System Processor.
 
-***********************************************************
-Steps to test SB on MPS3 FPGA
-***********************************************************
-Now, as mentioned in the previous section **Prepare EFI System Partition**, the ESP image for MPS3 FPGA needs to be copied to the USB drive.
-Follow the steps mentioned in the same section for MPS3 FPGA to prepare the USB drive with the ESP image. The modified ESP image corresponds to MPS3 FPGA can be found at the location as mentioned before i.e. `_workspace/meta-arm/build/tmp/deploy/images/corstone1000-mps3/corstone1000-esp-image-corstone1000-mps3.wic`.
-Insert this USB drive to the MPS3 FPGA and boot, and stop the execution at the U-Boot prompt similar to the FVP. At the U-Boot prompt, run the following commands:
 
-Reset the USB
+#. Stop the External System Processor with the following command:
 
-::
+    .. code-block:: console
 
-  corstone1000# usb reset
-  resetting USB...
-  Bus usb@40200000: isp1763 bus width: 16, oc: not available
-  USB ISP 1763 HW rev. 32 started
-  scanning bus usb@40200000 for devices... port 1 high speed
-  3 USB Device(s) found
-         scanning usb for storage devices... 1 Storage Device(s) found
+        echo stop > /sys/class/remoteproc/remoteproc0/state
 
-**NOTE:** Sometimes, the usb reset doesn't recognize the USB device. It is recomended to rerun the usb reset command.
+#. Start the External System Processor with the following command:
 
-Set the current USB device
+    .. code-block:: console
 
-::
+        echo start > /sys/class/remoteproc/remoteproc0/state
 
-  corstone1000# usb dev 0
 
-Enroll the four UEFI Secureboot authenticated variables
+Symmetric Multiprocessing
+-------------------------
 
-::
+.. warning::
 
-  corstone1000# load usb 0 $loadaddr corstone1000_secureboot_keys/PK.auth && setenv -e -nv -bs -rt -at -i $loadaddr:$filesize PK
-  corstone1000# load usb 0 $loadaddr corstone1000_secureboot_keys/KEK.auth && setenv -e -nv -bs -rt -at -i $loadaddr:$filesize KEK
-  corstone1000# load usb 0 $loadaddr corstone1000_secureboot_keys/db.auth && setenv -e -nv -bs -rt -at -i $loadaddr:$filesize db
-  corstone1000# load usb 0 $loadaddr corstone1000_secureboot_keys/dbx.auth && setenv -e -nv -bs -rt -at -i $loadaddr:$filesize dbx
+    Symmetric multiprocessing (SMP) mode is only supported on FVP but is disabled by default.
 
 
-Now, load the unsigned MPS3 FPGA linux kernel image and execute it. This unsigned kernel image should not boot and result as follows
+#. Build the software stack with SMP mode enabled:
 
-::
+    .. code-block:: console
 
-  corstone1000# load usb 0 $loadaddr corstone1000_secureboot_mps3_images/Image_mps3
-  corstone1000# loadm $loadaddr $kernel_addr_r $filesize
-  corstone1000# bootefi $kernel_addr_r $fdtcontroladdr
+        kas build meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml:meta-arm/kas/corstone1000-fvp-multicore.yml
 
-  Booting /MemoryMapped(0x0,0x88200000,0x236aa00)
-  Image not authenticated
-  Loading image failed
+#. Run the Corstone-1000 FVP:
 
-The next step is to verify the signed linux kernel image. Load the signed kernel image and execute it as follows:
+    .. code-block:: console
 
-::
+        kas shell meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml:meta-arm/kas/corstone1000-fvp-multicore.yml \
+        -c "../meta-arm/scripts/runfvp"
 
-  corstone1000# load usb 0 $loadaddr corstone1000_secureboot_mps3_images/Image_mps3.signed
-  corstone1000# loadm $loadaddr $kernel_addr_r $filesize
-  corstone1000# bootefi $kernel_addr_r $fdtcontroladdr
 
-The above set of commands should result in booting of signed linux kernel image successfully.
+#. Verify that the FVP is running the Host Processor with more than one CPU core:
 
-***********************************************************
-Steps to disable Secureboot on both FVP and MPS3 FPGA
-***********************************************************
-Now, after testing the SB, UEFI authenticated variables get stored in the secure flash. When you try to reboot, the U-Boot will automatically read the UEFI authenticated variables and authenticates the images before executing them. In normal booting scenario, the linux kernel images will not be signed and hence this will not allow the system to boot, as image authentication will fail. We need to delete the Platform Key (one of the UEFI authenticated variable for SB) in order to disable the SB. At the U-Boot prompt, run the following commands.
+    .. code-block:: console
 
-On the FVP
+        nproc
+        4                  # number of processing units
 
-::
+Secure Debug
+------------
 
-  corstone1000# mmc dev 1
-  corstone1000# load mmc 1:1 $loadaddr corstone1000_secureboot_keys/PK_delete.auth && setenv -e -nv -bs -rt -at -i $loadaddr:$filesize PK
-  corstone1000# boot
+.. warning::
 
-On the MPS3 FPGA
+    Secure Debug is only supported on MPS3.
 
-::
+The MPS3 supports Authenticated Debug Access Control (ADAC), using the CoreSight SDC-600 IP.
 
-  corstone1000# usb reset
-  corstone1000# usb dev 0
-  corstone1000# load usb 0 $loadaddr corstone1000_secureboot_keys/PK_delete.auth && setenv -e -nv -bs -rt -at -i $loadaddr:$filesize PK
-  corstone1000# boot
+For more information about this, see the following resources:
 
-The above commands will delete the Platform key (PK) and allow the normal system boot flow without SB.
+ - `CoreSight SDC-600 <https://developer.arm.com/Processors/CoreSight%20SDC-600>`__
+ - `Authenticated Debug Access Control Specification <https://developer.arm.com/documentation/den0101/latest/>`__
+ - `Arm Corstone-1000 for MPS3 Application Note AN550, Chapter 7 <https://developer.arm.com/documentation/dai0550/latest/>`__
 
+The Secure Debug Manager API is implemented in the `secure-debug-manager <https://github.com/ARM-software/secure-debug-manager>`__ repository.
+This repository also contains the necessary files for the Arm Development Studio support.
+The build and integration instructions can be found in its `README <secure-debug-manager-repo-readme_>`__.
 
-Testing the External System
----------------------------
+The `secure-debug-manager` repository also contains the private key and chain certificate to be used during the tests.
+The private key's public pair is provisioned into the One-Time Programmable memory in TrustedFirmware-M. These are dummy keys that should not be used in production.
 
-During Linux boot the remoteproc subsystem automatically starts
-the external system.
+To test the Secure Debug feature, you'll need a debug probe from the DSTREAM family and Arm Development Studio versions 2022.2, 2022.c, or 2023.a.
 
-The external system can be switched on/off on demand with the following commands:
 
-::
+#. Clone the `secure-debug-manager` repository to your workspace.
 
-  echo stop > /sys/class/remoteproc/remoteproc0/state
+    .. code-block:: console
 
-::
+        cd $WORKSPACE
+        git clone https://github.com/ARM-software/secure-debug-manager.git
 
-  echo start > /sys/class/remoteproc/remoteproc0/state
+#. Navigate into the repository directory and checkout the specific commit in the listing below.
 
-Tests results
--------------
+    .. code-block:: console
+
+        cd $WORKSPACE/secure-debug-manager
+        git checkout b30d6496ca749123e86b39b161b9f70ef76106d6
+
+#. Follow the steps in the `secure-debug-manager`'s `README <secure-debug-manager-repo-readme_>`__ for the development machine setup.
+
+#. Rebuild the software stack with Secure Debug.
+
+    .. code-block:: console
+
+        kas build meta-arm/kas/corstone1000-mps3.yml:meta-arm/ci/debug.yml:meta-arm/ci/secure-debug.yml
+
+#. Flash the firmware image as shown `here <flashing-firmware-images_>`__.
+
+#. Run the software as shown `here <running-software-stack-mps3_>`__.
+
+#. Wait until the Secure Enclave terminal (``ttyUSB1``) prints the following prompts:
+
+    .. code-block:: console
+
+        IComPortInit                  :  382 : warn  : init       : IComPortInit: Blocked reading of LPH2RA is active.
+        IComPortInit                  :  383 : warn  : init       : IComPortInit: Blocked reading LPH2RA
+
+
+#. Connect the debug probe to the MPS3 using the 20-pin 1.27mm connector with the ``CS_20W_1.27MM silkscreen`` label.
+
+#. Create a debug configuration in Arm Development Studio as described in the `secure-debug-manager`'s `README <https://github.com/ARM-software/secure-debug-manager?tab=readme-ov-file#arm-development-studio-integration>`__.
+
+#. Connect the debuger to the target using the debug configuration.
+
+#. Provide the paths to the private key and trust chain certificate when asked by Arm Development Studio Console.
+
+    .. code-block:: console
+
+        ...
+
+        Please provide private key file path:
+        Enter file path > $WORKSPACE\secure-debug-manager\example\data\keys\EcdsaP256Key-3.pem
+
+        Please provide trust chain file path:
+        Enter file path > $WORKSPACE\secure-debug-manager\example\data\chains\chain.EcdsaP256-3
+
+        ...
+
+#. When successful authenticated, Arm Development Studio will connect to the running MS3 and the debug features can be used.
+   The following prompt should appear in the Secure Enclave terminal (``ttyUSB1``):
+
+    .. code-block:: console
+
+        ...
+        boot_platform_init: Corstone-1000 Secure Debug is a success.
+        ...
+
+
+Reports
+-------
+Various test reports for the `Corstone-1000 software (CORSTONE1000-2024.11) <https://git.yoctoproject.org/meta-arm/tag/?h=CORSTONE1000-2024.11>`__
+release version are available for reference `here <https://gitlab.arm.com/arm-reference-solutions/arm-reference-solutions-test-report/-/tree/CORSTONE1000-2024.11/embedded-a/corstone1000/CORSTONE1000-2024.11?ref_type=tags>`__.
 
-As a reference for the end user, reports for various tests for `Corstone-1000 software (CORSTONE1000-2024.06) <https://git.yoctoproject.org/meta-arm/tag/?h=CORSTONE1000-2024.06>`__
-can be found `here <https://gitlab.arm.com/arm-reference-solutions/arm-reference-solutions-test-report/-/tree/CORSTONE1000-2024.06/embedded-a/corstone1000/CORSTONE1000-2024.06?ref_type=tags>`__.
 
 --------------
 
 *Copyright (c) 2022-2024, Arm Limited. All rights reserved.*
 
 .. _Arm Ecosystem FVPs: https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps
-.. _U-Boot repo: https://github.com/u-boot/u-boot.git
+.. _secure-debug-manager-repo-readme: https://github.com/ARM-software/secure-debug-manager/blob/master/README.md
author	Patrick Williams <patrick@stwcx.xyz>	2024-12-14 02:56:42 +0300
committer	Patrick Williams <patrick@stwcx.xyz>	2024-12-14 04:38:25 +0300
commit	e73366c8bab752f44899222f9df7ce7ed080f2e9 (patch)
tree	57ae1423728ade061bb318ab6413a18e1afb9c20 /meta-arm/meta-arm-bsp/documentation
parent	1d19bb6db66dd40f999dbfcd25be489aa4ecd0b3 (diff)
download	openbmc-styhead.tar.xz