1, changed Clear Linux installation from "automatically" to "manually"
2, removed bundle "soft-defined-cockpit" installation
3, removed bundle "openssh-server" installation
4, add a bundle"desktop-autostart" as the default installation. so that a desktop is showing for the first time reboot after setup done
5, add a non room user with “sudoers” privilege to avoid using root directly
6, removed section "Device Manager memory allocation mechanism"
Tracked-On: #1794
Signed-off-by: ailun258 <ailin.yang@intel.com>
Change background colors of API elements to improve readability and
match configuration documentation look.
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
This patch adds more comment to describe functions that are
interfaces to the other modules in the hypervisor. The comments
are in doxygen-style for document generation.
Tracked-On: #1595
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
To kick off the efforts on modularization, this patch introduces a document
describing the goals and general principles of modular design as well as a brief
introduction on the current status of component/module decomposition.
A detailed assignment of source files to components will be added in the future.
v2 -> v3:
* Expand mailing list address in the doc
v1 -> v2:
* Add more description on complexity measures, cyclic dependency avoidance, and
the reverse dependency of boot on hypervisor initialzation.
* Fix typos.
Tracked-On: #1842
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
1. No more mount needed, use the directory "/boot/efi"
2. The kernel of UOS stored in "~/uos-kernel-build"
3. (Pending) the image of UOS stored in "~/" or "/root"
Now it's using the memory reserve by hypervisor. So there's not
necessaty to map or ummap this region from SOS.
Tracked-On: #1942
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
The Sphinx .. only:: directive is limited to handling only conditional
text and can't handling conditional use of directives. For example,
.. only:: test
.. automodule:: west.runners.core
:members:
is not handled. This PR monkey patches the handling of the existing
.. only:: directive done by Sphinx.
See https://github.com/pfalcon/sphinx_selective_exclude for details.
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
Update the 'launch_uos.sh' script for UEFI platforms to point at the latest
iot-lts2018 kernel installed by means of the
/usr/lib/kernel/default-default-iot-lts2018 symlink which is set-up by the
kernel-iot-lts2018 bundle.
Update the Getting Started Guide to reflect this minor change.
Tracked-On: #1927
Signed-off-by: Geoffroy Van Cutsem <geoffroy.vancutsem@intel.com>
Update the 'kernel-doc' script to the latest version available from
https://github.com/projectacrn/acrn-kernel.
This solves the following error when generating the ACRN documentation:
"Unescaped left brace in regex is deprecated here (and will be fatal in Perl
5.32), passed through in regex; marked by <-- HERE in m/({ <-- HERE .*})/ at
scripts/kernel-doc line 2176."
Tracked-On: #1926
Signed-off-by: Geoffroy Van Cutsem <geoffroy.vancutsem@intel.com>
This patch adds vtd.h to the input of doxygen and replaces hard-coded API docs
with doxygen-generated ones.
Tracked-On: #1595
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Reviewed-by: Geoffroy Van Cutsem <geoffroy.vancutsem@intel.com>
CSE FW uses an AEK (Attestation keybox Encryption Key) to encrypt the keybox
with AES-256-GCM algorithm before sending it to Android/Trusty. This key is
derived from the latest platform Seed by CSE FW with KDF (key derivation function)
HMAC-SHA256. After Trusty retrieves this encrypted keybox over HECI/MEI driver,
Trusty needs the same AEKkey to decrypt it. Hence, before Trusty launches,
Hypervisor derives the same AEK key from Platform Seed with the same algorithm
and the same derivation parameters, then sends this AEK along with Trusty vSeed
to Trusty world memory.
Since Platform Seed is only visible to Hypervisor and it must not be
sent to any guest VM, only Hypervisor can derive this AEK from this
Platform Seed, just like previous per-Trusty virtual Seed derivation.
Please note that Android Attestation Keybox is shared in a single hardware
platform, so all the Trusty instance/world can get the same AEK for
decryption even if there are multiple Android User OS/VMs running
on top of Hypervisor.
v1 --> v2:
Add detailed description why we need the patch to derive an extra key
v2 --> v3:
Convert API descriptions to Doxygen
Tracked-On: #1812
Reviewed-by: Bing Zhu <bing.zhu@intel.com>
Reviewed-by: Kai Wang <kai.z.wang@intel.com>
Signed-off-by: Chen Gang G <gang.g.chen@intel.com>
Acked-by: Bing Zhu <bing.zhu@intel.com>
