[ciq-6.12.y-next] Multiple patches tested (63 commits)

.container_build_image

@@ -0,0 +1 @@
+rocky-9-kernel-builder

.github/workflows/build-check_aarch64-64k-debug.yml

@@ -0,0 +1,37 @@
+name: aarch64-64k-debug CI
+on:
+  pull_request:
+    branches:
+      - '**'
+      - '!mainline'
+
+jobs:
+  kernel-build-job:
+    runs-on:
+      labels: kernel-build-arm64
+    container:
+      image: rockylinux/rockylinux:9
+      env:
+        ROCKY_ENV: rocky9
+      ports:
+        - 80
+      options: --cpus 8
+    steps:
+      - name: Install tools and Libraries
+        run: |
+          dnf update -y
+          dnf install 'dnf-command(config-manager)' -y
+          dnf config-manager --set-enabled devel
+          dnf groupinstall 'Development Tools' -y
+          dnf install --enablerepo=crb bc dwarves kernel-devel openssl-devel elfutils-libelf-devel -y
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          ref: "${{ github.event.pull_request.head.sha }}"
+          fetch-depth: 0
+      - name: Build the Kernel
+        run: |
+          git config --global --add safe.directory /__w/kernel-src-tree/kernel-src-tree
+          cp ciq/configs/kernel-aarch64-64k-debug.config .config
+          make olddefconfig
+          make -j$(nproc)

.github/workflows/build-check_aarch64-64k.yml

@@ -0,0 +1,37 @@
+name: aarch64-64k CI
+on:
+  pull_request:
+    branches:
+      - '**'
+      - '!mainline'
+
+jobs:
+  kernel-build-job:
+    runs-on:
+      labels: kernel-build-arm64
+    container:
+      image: rockylinux/rockylinux:9
+      env:
+        ROCKY_ENV: rocky9
+      ports:
+        - 80
+      options: --cpus 8
+    steps:
+      - name: Install tools and Libraries
+        run: |
+          dnf update -y
+          dnf install 'dnf-command(config-manager)' -y
+          dnf config-manager --set-enabled devel
+          dnf groupinstall 'Development Tools' -y
+          dnf install --enablerepo=crb bc dwarves kernel-devel openssl-devel elfutils-libelf-devel -y
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          ref: "${{ github.event.pull_request.head.sha }}"
+          fetch-depth: 0
+      - name: Build the Kernel
+        run: |
+          git config --global --add safe.directory /__w/kernel-src-tree/kernel-src-tree
+          cp ciq/configs/kernel-aarch64-64k.config .config
+          make olddefconfig
+          make -j$(nproc)

.github/workflows/build-check_aarch64-debug.yml

@@ -0,0 +1,37 @@
+name: aarch64-debug CI
+on:
+  pull_request:
+    branches:
+      - '**'
+      - '!mainline'
+
+jobs:
+  kernel-build-job:
+    runs-on:
+      labels: kernel-build-arm64
+    container:
+      image: rockylinux/rockylinux:9
+      env:
+        ROCKY_ENV: rocky9
+      ports:
+        - 80
+      options: --cpus 8
+    steps:
+      - name: Install tools and Libraries
+        run: |
+          dnf update -y
+          dnf install 'dnf-command(config-manager)' -y
+          dnf config-manager --set-enabled devel
+          dnf groupinstall 'Development Tools' -y
+          dnf install --enablerepo=crb bc dwarves kernel-devel openssl-devel elfutils-libelf-devel -y
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          ref: "${{ github.event.pull_request.head.sha }}"
+          fetch-depth: 0
+      - name: Build the Kernel
+        run: |
+          git config --global --add safe.directory /__w/kernel-src-tree/kernel-src-tree
+          cp ciq/configs/kernel-aarch64-debug.config .config
+          make olddefconfig
+          make -j$(nproc)

.github/workflows/build-check_aarch64.yml

@@ -0,0 +1,37 @@
+name: aarch64 CI
+on:
+  pull_request:
+    branches:
+      - '**'
+      - '!mainline'
+
+jobs:
+  kernel-build-job:
+    runs-on:
+      labels: kernel-build-arm64
+    container:
+      image: rockylinux/rockylinux:9
+      env:
+        ROCKY_ENV: rocky9
+      ports:
+        - 80
+      options: --cpus 8
+    steps:
+      - name: Install tools and Libraries
+        run: |
+          dnf update -y
+          dnf install 'dnf-command(config-manager)' -y
+          dnf config-manager --set-enabled devel
+          dnf groupinstall 'Development Tools' -y
+          dnf install --enablerepo=crb bc dwarves kernel-devel openssl-devel elfutils-libelf-devel -y
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          ref: "${{ github.event.pull_request.head.sha }}"
+          fetch-depth: 0
+      - name: Build the Kernel
+        run: |
+          git config --global --add safe.directory /__w/kernel-src-tree/kernel-src-tree
+          cp ciq/configs/kernel-aarch64.config .config
+          make olddefconfig
+          make -j$(nproc)

.github/workflows/build-check_x86_64-debug.yml

@@ -0,0 +1,37 @@
+name: x86_64-debug CI
+on:
+  pull_request:
+    branches:
+      - '**'
+      - '!mainline'
+
+jobs:
+  kernel-build-job:
+    runs-on:
+      labels: kernel-build
+    container:
+      image: rockylinux/rockylinux:9
+      env:
+        ROCKY_ENV: rocky9
+      ports:
+        - 80
+      options: --cpus 8
+    steps:
+      - name: Install tools and Libraries
+        run: |
+          dnf update -y
+          dnf install 'dnf-command(config-manager)' -y
+          dnf config-manager --set-enabled devel
+          dnf groupinstall 'Development Tools' -y
+          dnf install --enablerepo=crb bc dwarves kernel-devel openssl-devel elfutils-libelf-devel -y
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          ref: "${{ github.event.pull_request.head.sha }}"
+          fetch-depth: 0
+      - name: Build the Kernel
+        run: |
+          git config --global --add safe.directory /__w/kernel-src-tree/kernel-src-tree
+          cp ciq/configs/kernel-x86_64-debug.config .config
+          make olddefconfig
+          make -j$(nproc)

.github/workflows/build-check_x86_64.yml

@@ -0,0 +1,37 @@
+name: x86_64 CI
+on:
+  pull_request:
+    branches:
+      - '**'
+      - '!mainline'
+
+jobs:
+  kernel-build-job:
+    runs-on:
+      labels: kernel-build
+    container:
+      image: rockylinux/rockylinux:9
+      env:
+        ROCKY_ENV: rocky9
+      ports:
+        - 80
+      options: --cpus 8
+    steps:
+      - name: Install tools and Libraries
+        run: |
+          dnf update -y
+          dnf install 'dnf-command(config-manager)' -y
+          dnf config-manager --set-enabled devel
+          dnf groupinstall 'Development Tools' -y
+          dnf install --enablerepo=crb bc dwarves kernel-devel openssl-devel elfutils-libelf-devel -y
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          ref: "${{ github.event.pull_request.head.sha }}"
+          fetch-depth: 0
+      - name: Build the Kernel
+        run: |
+          git config --global --add safe.directory /__w/kernel-src-tree/kernel-src-tree
+          cp ciq/configs/kernel-x86_64.config .config
+          make olddefconfig
+          make -j$(nproc)

.github/workflows/kernel-build-and-test-multiarch-trigger.yml

@@ -0,0 +1,14 @@
+name: Trigger Automated kernel build and test (multi-arch)
+
+on:
+  push:
+    branches:
+      - '*_ciq-6.12.y'
+      - '*_ciq-6.12.y-next'
+
+jobs:
+  kernelCI:
+    uses: ctrliq/kernel-src-tree/.github/workflows/kernel-build-and-test-multiarch-trigger.yml@main
+    with:
+      skip_kabi: true
+    secrets: inherit

.github/workflows/rpm-build.yml

@@ -0,0 +1,58 @@
+name: RPM Build
+on:
+  pull_request:
+    branches:
+      - '**'
+      - '!mainline'
+
+jobs:
+  rpm-build-job:
+    strategy:
+      matrix:
+        include:
+          - arch: x86_64
+            runner: kernel-build
+            mock_config: rocky-9-x86_64
+          - arch: aarch64
+            runner: kernel-build-arm64
+            mock_config: rocky-9-aarch64
+    runs-on:
+      labels: ${{ matrix.runner }}
+    container:
+      image: rockylinux/rockylinux:9
+      options: --privileged --cpus 8
+    steps:
+      - name: Install tools and libraries
+        run: |
+          dnf install -y epel-release
+          dnf install -y mock git rust cargo zstd which
+          useradd -m -G mock mockbuild
+
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          ref: "${{ github.event.pull_request.head.sha }}"
+          fetch-depth: 0
+          fetch-tags: true
+
+      - name: Generate tarball
+        run: |
+          git config --global --add safe.directory /__w/kernel-src-tree/kernel-src-tree
+          ./ciq/SOURCES/generate_tarball.sh
+
+      - name: Bundle bindgen
+        run: ./ciq/SOURCES/bundle_bindgen.sh ./ciq/SOURCES
+
+      - name: Build SRPM
+        run: |
+          mkdir -p ../build_files
+          chown mockbuild:mock ../build_files
+          su mockbuild -c "mock -v -r ${{ matrix.mock_config }} --resultdir=$(pwd)/../build_files \
+            --buildsrpm \
+            --sources=$(pwd)/ciq/SOURCES \
+            --spec=$(pwd)/ciq/SPECS/kernel-clk6.12.spec"
+
+      - name: Build RPM
+        run: |
+          SRPM=$(ls ../build_files/*.src.rpm | head -1)
+          su mockbuild -c "mock -v -r ${{ matrix.mock_config }} --resultdir=$(pwd)/../build_files $SRPM"

arch/x86/kernel/setup.c

@@ -904,6 +904,8 @@ void __init setup_arch(char **cmdline_p)
 	if (efi_enabled(EFI_BOOT))
 		efi_init();
 
+	efi_set_secure_boot(boot_params.secure_boot);
+
 	reserve_ibft_region();
 	x86_init.resources.dmi_setup();
 
@@ -1070,20 +1072,6 @@ void __init setup_arch(char **cmdline_p)
 	/* Allocate bigger log buffer */
 	setup_log_buf(1);
 
-	if (efi_enabled(EFI_BOOT)) {
-		switch (boot_params.secure_boot) {
-		case efi_secureboot_mode_disabled:
-			pr_info("Secure boot disabled\n");
-			break;
-		case efi_secureboot_mode_enabled:
-			pr_info("Secure boot enabled\n");
-			break;
-		default:
-			pr_info("Secure boot could not be determined\n");
-			break;
-		}
-	}
-
 	reserve_initrd();
 
 	acpi_table_upgrade();

ciq/SOURCES/README.rst

@@ -0,0 +1,9 @@
+=====================
+CIQ Kernel Source Tree
+=====================
+
+The kernel spec and supporting sources are maintained under ``ciq/`` in the
+source tree rather than in a separate dist-git repository.
+
+Build artifacts (tarballs, SRPMs) are generated using the scripts in
+``ciq/SOURCES/``. See ``generate_tarball.sh`` to create the source tarball.

ciq/SOURCES/bundle_bindgen.sh

@@ -0,0 +1,50 @@
+#!/bin/sh
+set -e
+
+# Bundle the bindgen-cli source code to be included in the kernel build.
+# https://crates.io/crates/bindgen-cli
+#
+# The bindgen tool, required to build Rust code in the Linux kernel, is
+# currently only packaged in Fedora/ELN. In order to build CLK kernels
+# on Rocky Linux we need to build bindgen as part of the kernel build.
+
+SOURCES=$1
+
+BINDGEN_CLI=bindgen-cli
+BINDGEN_CLI_VERSION="0.71.1"
+BINDGEN_CLI_CRATE=bindgen-cli.crate
+BINDGEN_CLI_SHA256="fded10ca0956afd0cbe5cf89cc71ae1a679e65b8216c651fca17ba7de8ac54dc"
+CRATESIO_API_ENDPOINT=https://crates.io/api/v1/crates/bindgen-cli/${BINDGEN_CLI_VERSION}/download
+
+curl -sfL $CRATESIO_API_ENDPOINT -o $SOURCES/$BINDGEN_CLI_CRATE
+
+echo "$BINDGEN_CLI_SHA256  $SOURCES/$BINDGEN_CLI_CRATE" | sha256sum -c - || {
+    echo "Error: SHA256 checksum mismatch for $BINDGEN_CLI_CRATE"
+    echo "Expected: $BINDGEN_CLI_SHA256"
+    echo "Got:      $(sha256sum $SOURCES/$BINDGEN_CLI_CRATE | awk '{print $1}')"
+    rm -f $SOURCES/$BINDGEN_CLI_CRATE
+    exit 1
+}
+
+tar -xf $SOURCES/$BINDGEN_CLI_CRATE -C $SOURCES
+mv $SOURCES/$BINDGEN_CLI-$BINDGEN_CLI_VERSION $SOURCES/$BINDGEN_CLI
+
+# vendor bindgen-cli
+cd $SOURCES/$BINDGEN_CLI
+mkdir .cargo
+cat > .cargo/config.toml <<EOF
+[source.crates-io]
+replace-with = "vendored-sources"
+
+[source.vendored-sources]
+directory = "vendor"
+EOF
+
+cargo vendor --locked --quiet
+
+cd ..
+tar czf $BINDGEN_CLI.tar.gz $BINDGEN_CLI
+
+# clean up
+rm -f $SOURCES/$BINDGEN_CLI_CRATE
+rm -rf $SOURCES/$BINDGEN_CLI