From c002fbaf4853f433b4b86598311e74e2c87a4974 Mon Sep 17 00:00:00 2001 From: Nick Meyer Date: Wed, 31 Jul 2024 07:59:36 -0500 Subject: [PATCH] feat(mei): add extension to provide Intel Management Engine drivers Adds an extension to enable the Intel Management Engine drivers required for Intel Arc discrete GPU support. Signed-off-by: Nick Meyer Signed-off-by: Noel Georgi --- .conform.yaml | 2 +- .github/workflows/ci.yaml | 6 +++--- .github/workflows/weekly.yaml | 4 ++-- .kres.yaml | 3 ++- Makefile | 5 +++-- README.md | 1 + drivers/mei/README.md | 36 +++++++++++++++++++++++++++++++++++ drivers/mei/files/modules.txt | 10 ++++++++++ drivers/mei/manifest.yaml | 11 +++++++++++ drivers/mei/pkg.yaml | 36 +++++++++++++++++++++++++++++++++++ drivers/mei/vars.yaml | 1 + 11 files changed, 106 insertions(+), 9 deletions(-) create mode 100644 drivers/mei/README.md create mode 100644 drivers/mei/files/modules.txt create mode 100644 drivers/mei/manifest.yaml create mode 100644 drivers/mei/pkg.yaml create mode 100644 drivers/mei/vars.yaml diff --git a/.conform.yaml b/.conform.yaml index cedbe7dd..6e6a3fdd 100644 --- a/.conform.yaml +++ b/.conform.yaml @@ -1,6 +1,6 @@ # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. # -# Generated on 2024-04-02T10:25:42Z by kres latest. +# Generated on 2024-08-01T17:25:51Z by kres faf91e3. policies: - type: commit diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 7c9e7673..99a84027 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -1,6 +1,6 @@ # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. # -# Generated on 2024-07-04T10:08:01Z by kres 8c8b007. +# Generated on 2024-08-01T13:26:11Z by kres faf91e3. name: default concurrency: @@ -33,7 +33,7 @@ jobs: labels: ${{ steps.retrieve-pr-labels.outputs.result }} services: buildkitd: - image: moby/buildkit:v0.14.1 + image: moby/buildkit:v0.15.0 options: --privileged ports: - 1234:1234 @@ -143,7 +143,7 @@ jobs: - default services: buildkitd: - image: moby/buildkit:v0.14.1 + image: moby/buildkit:v0.15.0 options: --privileged ports: - 1234:1234 diff --git a/.github/workflows/weekly.yaml b/.github/workflows/weekly.yaml index a17ea3c2..bf2b9e4e 100644 --- a/.github/workflows/weekly.yaml +++ b/.github/workflows/weekly.yaml @@ -1,6 +1,6 @@ # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. # -# Generated on 2024-07-02T13:04:35Z by kres 582671e. +# Generated on 2024-08-01T13:26:11Z by kres faf91e3. name: weekly concurrency: @@ -16,7 +16,7 @@ jobs: - pkgs services: buildkitd: - image: moby/buildkit:v0.14.1 + image: moby/buildkit:v0.15.0 options: --privileged ports: - 1234:1234 diff --git a/.kres.yaml b/.kres.yaml index 1881d262..8e8b13ff 100644 --- a/.kres.yaml +++ b/.kres.yaml @@ -22,6 +22,7 @@ spec: - iscsi-tools - kata-containers - mdadm + - mei - nut-client - nvidia-container-toolkit - nvidia-fabricmanager @@ -53,7 +54,7 @@ spec: - name: EXTENSIONS_IMAGE_REF defaultValue: $(REGISTRY_AND_USERNAME)/extensions:$(TAG) - name: PKGS - defaultValue: v1.8.0-alpha.0-34-gce49757 + defaultValue: v1.8.0-alpha.0-41-ga97d58f - name: PKGS_PREFIX defaultValue: ghcr.io/siderolabs useBldrPkgTagResolver: true diff --git a/Makefile b/Makefile index b33b1886..67b94cf3 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,6 @@ # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. # -# Generated on 2024-07-04T10:11:27Z by kres 8c8b007. +# Generated on 2024-08-01T17:25:51Z by kres faf91e3. # common variables @@ -48,7 +48,7 @@ COMMON_ARGS += --build-arg=PKGS_PREFIX="$(PKGS_PREFIX)" # extra variables EXTENSIONS_IMAGE_REF ?= $(REGISTRY_AND_USERNAME)/extensions:$(TAG) -PKGS ?= v1.8.0-alpha.0-34-gce49757 +PKGS ?= v1.8.0-alpha.0-41-ga97d58f PKGS_PREFIX ?= ghcr.io/siderolabs # targets defines all the available targets @@ -73,6 +73,7 @@ TARGETS += intel-ucode TARGETS += iscsi-tools TARGETS += kata-containers TARGETS += mdadm +TARGETS += mei TARGETS += nut-client TARGETS += nvidia-container-toolkit TARGETS += nvidia-fabricmanager diff --git a/README.md b/README.md index 3fbc3925..9399bcfd 100644 --- a/README.md +++ b/README.md @@ -69,6 +69,7 @@ cosign verify --certificate-identity-regexp '@siderolabs\.com$' --certificate-oi | ------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------ | ----------------------------------------------------- | | [chelsio](drivers/chelsio/) | [ghcr.io/siderolabs/chelsio-drivers](https://github.com/siderolabs/extensions/pkgs/container/chelsio-drivers) | Chelsio NIC drivers | `talos version` | | [gasket](drivers/gasket/) | [ghcr.io/siderolabs/gasket-driver](https://github.com/siderolabs/extensions/pkgs/container/gasket-driver) | Driver for Google Coral PCIe devices | `gasket driver upstream short commit`-`talos version` | +| [mei](drivers/mei/) | [ghcr.io/siderolabs/mei](https://github.com/siderolabs/extensions/pkgs/container/mei) | Driver for Intel Management Engine | `talos version` | | [nvidia](nvidia-gpu/nvidia-modules/) | [ghcr.io/siderolabs/nvidia-open-gpu-kernel-modules](https://github.com/siderolabs/extensions/pkgs/container/nvidia-open-gpu-kernel-modules) | NVIDIA OSS Driver | `nvidia driver upstream version`-`talos version` | | [thunderbolt](drivers/thunderbolt/) | [ghcr.io/siderolabs/thunderbolt](https://github.com/siderolabs/extensions/pkgs/container/thunderbolt) | Thunderbolt drivers | `talos version` | | [usb-modem](drivers/usb-modem/) | [ghcr.io/siderolabs/usb-modem-drivers](https://github.com/siderolabs/extensions/pkgs/container/usb-modem-drivers) | USB Modem drivers | `talos version` | diff --git a/drivers/mei/README.md b/drivers/mei/README.md new file mode 100644 index 00000000..f28410d8 --- /dev/null +++ b/drivers/mei/README.md @@ -0,0 +1,36 @@ +# mei extension + +## Installation + +See [Installing Extensions](https://github.com/siderolabs/extensions#installing-extensions). + +## Usage + +Provides: + +* `mei_wdt` +* `mei_txe` +* `mei_gsc` +* `mei_pxp` +* `mei_hdcp` +* `mei_me` +* `mei` + +Modules are automatically loaded. + +## Verifiying + +You can verify the modules are enabled by reading the `/proc/modules` where it _should_ show the modules are live. + +For example: + +``` +❯ talosctl -n 192.168.227.5 read /proc/modules +mei_wdt 12288 - - Live 0xffffffffc030b000 +mei_txe 28672 - - Live 0xffffffffc02d0000 +mei_gsc 12288 - - Live 0xffffffffc0247000 +mei_pxp 12288 - - Live 0xffffffffc02d4000 +mei_hdcp 16384 - - Live 0xffffffffc02bd000 +mei_me 45056 - - Live 0xffffffffc0267000 +mei 131072 - - Live 0xffffffffc0286000 +``` diff --git a/drivers/mei/files/modules.txt b/drivers/mei/files/modules.txt new file mode 100644 index 00000000..5d34e618 --- /dev/null +++ b/drivers/mei/files/modules.txt @@ -0,0 +1,10 @@ +modules.order +modules.builtin +modules.builtin.modinfo +kernel/drivers/misc/mei/hdcp/mei_hdcp.ko +kernel/drivers/misc/mei/pxp/mei_pxp.ko +kernel/drivers/misc/mei/mei-gsc.ko +kernel/drivers/misc/mei/mei-me.ko +kernel/drivers/misc/mei/mei-txe.ko +kernel/drivers/misc/mei/mei.ko +kernel/drivers/watchdog/mei_wdt.ko diff --git a/drivers/mei/manifest.yaml b/drivers/mei/manifest.yaml new file mode 100644 index 00000000..8e256e99 --- /dev/null +++ b/drivers/mei/manifest.yaml @@ -0,0 +1,11 @@ +version: v1alpha1 +metadata: + name: mei + version: "$VERSION" + author: Nick Meyer + description: | + This system extension provides Intel Management Engine drivers kernel modules built against a specific Talos version. + This driver enables the Intel Management Engine, a prerequisite for Intel Arc discrete GPUs. + compatibility: + talos: + version: ">= v1.8.0" diff --git a/drivers/mei/pkg.yaml b/drivers/mei/pkg.yaml new file mode 100644 index 00000000..116bc5aa --- /dev/null +++ b/drivers/mei/pkg.yaml @@ -0,0 +1,36 @@ +name: mei +variant: scratch +shell: /toolchain/bin/bash +dependencies: + - stage: base + # The pkgs version for a particular release of Talos as defined in + # https://github.com/siderolabs/talos/blob//pkg/machinery/gendata/data/pkgs + - image: "{{ .BUILD_ARG_PKGS_PREFIX }}/kernel:{{ .BUILD_ARG_PKGS }}" +steps: + - prepare: + - | + sed -i 's#$VERSION#{{ .VERSION }}#' /pkg/manifest.yaml + + mkdir -p /rootfs + # {{ if eq .ARCH "x86_64" }} This in fact is YAML comment, but Go templating instruction is evaluated by bldr + - install: + - | + export KERNELRELEASE=$(find /lib/modules -type d -name "*-talos" -exec basename {} \+) + + xargs -a /pkg/files/modules.txt -I {} install -D /lib/modules/${KERNELRELEASE}/{} /rootfs/lib/modules/${KERNELRELEASE}/{} + depmod -b /rootfs ${KERNELRELEASE} + - test: + - | + # https://www.kernel.org/doc/html/v4.15/admin-guide/module-signing.html#signed-modules-and-stripping + find /rootfs/lib/modules -name '*.ko' -exec grep -FL '~Module signature appended~' {} \+ + - | + mkdir -p /extensions-validator-rootfs + cp -r /rootfs/ /extensions-validator-rootfs/rootfs + cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml + /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}" + # {{ end }} This in fact is YAML comment, but Go templating instruction is evaluated by bldr +finalize: + - from: /rootfs + to: /rootfs + - from: /pkg/manifest.yaml + to: / diff --git a/drivers/mei/vars.yaml b/drivers/mei/vars.yaml new file mode 100644 index 00000000..f380ba71 --- /dev/null +++ b/drivers/mei/vars.yaml @@ -0,0 +1 @@ +VERSION: "{{ .BUILD_ARG_TAG }}"