Skip to content

Commit

Permalink
Merge branch 'tiiuae:main' into tii-jetpack-jp36
Browse files Browse the repository at this point in the history
  • Loading branch information
TanelDettenborn authored Dec 12, 2024
2 parents 2e9bfb3 + 6ac9d7e commit 669cbde
Show file tree
Hide file tree
Showing 44 changed files with 1,763 additions and 715 deletions.
2 changes: 2 additions & 0 deletions docs/src/SUMMARY.md
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,8 @@
- [Public Key Infrastructure](scs/pki.md)
- [Security Fix Automation](scs/ghaf-security-fix-automation.md)
- [Release Notes](release_notes/release_notes.md)
- [Release ghaf-24.09.4](release_notes/ghaf-24.09.4.md)
- [Release ghaf-24.09.3](release_notes/ghaf-24.09.3.md)
- [Release ghaf-24.09.2](release_notes/ghaf-24.09.2.md)
- [Release ghaf-24.09.1](release_notes/ghaf-24.09.1.md)
- [Release ghaf-24.09](release_notes/ghaf-24.09.md)
Expand Down
76 changes: 76 additions & 0 deletions docs/src/release_notes/ghaf-24.09.3.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,76 @@
<!--
Copyright 2022-2024 TII (SSRC) and the Ghaf contributors
SPDX-License-Identifier: CC-BY-SA-4.0
-->

# Release ghaf-24.09.3

This patch release is targeted at [Secure Laptop](../scenarios/showcases.md#secure-laptop) (Lenovo X1 Carbon) test participants and brings in new features and bug fixes.

Lenovo X1 Carbon has been fully tested for this release, other platforms have been sanity-tested only.


## Release Tag

<https://github.com/tiiuae/ghaf/releases/tag/ghaf-24.09.3>


## Supported Hardware

The following target hardware is supported by this release:

* NVIDIA Jetson AGX Orin
* NVIDIA Jetson Orin NX
* Generic x86 (PC)
* Polarfire Icicle Kit
* Lenovo ThinkPad X1 Carbon Gen 11
* Lenovo ThinkPad X1 Carbon Gen 10
* NXP i.MX 8M Plus


## What is New in ghaf-24.09.3

Lenovo X1 Carbon Gen 10/11:

* Chromium was replaced with Google Chrome.
* Dynamic updates of Microsoft endpoint URLs.
* Updated GALA version 0.1.30 with SACA[^note1].
* Bluetooth applet added to the system tray.
* Auto-reconnect hotplugged devices when the VM restarts.


## Bug Fixes

* NVIDIA Jetson AGX Orin/Orin NX: the taskbar is no longer available.
* Bluetooth notification windows stay on the screen.
* Audio recording is delayed by several seconds.


## Known Issues and Limitations

| Issue | Status | Comments |
|-----------------|-------------|--------------------------------------|
| Application menu icons are missing in the first boot after the software installation  | In Progress | Workaround: close and re-open the menu, icons will be available again. |
| Some cursor types are missing causing a cursor to disappear in some cases  | In Progress | Will be fixed in ghaf-24.09.4. |
| Cannot open images and PDF files from the file manager  | In Progress | Will be fixed in ghaf-24.09.4. |
| The Control Panel is non-functional apart from the Display Settings  | In Progress | The functionality will be gradually improved in coming releases. |
| Time synchronization between host and VMs does not work in all scenarios  | In Progress | Under investigation. |
| Suspend does not work from the taskbar power menu  | In Progress | Will be fixed in ghaf-24.09.4. |
| VPN credentials are not saved  | On Hold | It is not clear if this can be fixed. |
| The keyboard always boots up with the English layout  | In Progress | Workaround: use Alt+Shift to switch between English-Arabic-Finnish layout. |


## Environment Requirements

There are no specific requirements for the environment with this release.


## Installation Instructions

Released images are available at [ghafreleasesstorage.z16.web.core.windows.net/ghaf-24-09-3](https://ghafreleasesstorage.z16.web.core.windows.net/ghaf-24-09-3).

Download the required image and use the following instructions: [Build and Run](../ref_impl/build_and_run).


[^note1]: Secure Android Cloud Application

70 changes: 70 additions & 0 deletions docs/src/release_notes/ghaf-24.09.4.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,70 @@
<!--
Copyright 2022-2024 TII (SSRC) and the Ghaf contributors
SPDX-License-Identifier: CC-BY-SA-4.0
-->

# Release ghaf-24.09.4

This patch release is targeted at [Secure Laptop](../scenarios/showcases.md#secure-laptop) (Lenovo X1 Carbon) test participants and brings in new features and bug fixes.

Lenovo X1 Carbon has been fully tested for this release, other platforms have been sanity-tested only.


## Release Tag

<https://github.com/tiiuae/ghaf/releases/tag/ghaf-24.09.4>


## Supported Hardware

The following target hardware is supported by this release:

* NVIDIA Jetson AGX Orin
* NVIDIA Jetson Orin NX
* Generic x86 (PC)
* Polarfire Icicle Kit
* Lenovo ThinkPad X1 Carbon Gen 11
* Lenovo ThinkPad X1 Carbon Gen 10
* NXP i.MX 8M Plus


## What is New in ghaf-24.09.4

Lenovo X1 Carbon Gen 10/11:

* Local and timezone settings are added to the Control Panel.
* The username is displayed on a lock screen.
* The Powerbar module is added to a lock screen.
* System idle behavior reworked.
* Allowed URLs for business-vm are now fetched from the separate configurable repository.


## Bug Fixes

* Some cursor types are missing causing a cursor to disappear in some cases.
* Cannot open images and PDF files from the file manager.
* Suspend does not work from the taskbar power menu.


## Known Issues and Limitations

| Issue | Status | Comments |
|-----------------|-------------|--------------------------------------|
| Application menu icons are missing in the first boot after the software installation  | In Progress | Workaround: close and re-open the menu, icons will be available again. |
| The Control Panel is non-functional apart from the Display Settings, Local and Timezone settings  | In Progress | The functionality will be gradually improved in coming releases. |
| Time synchronization between host and VMs does not work in all scenarios | In Progress | Under investigation. |
| VPN credentials are not saved | On Hold | It is not clear if this can be fixed. |
| The keyboard boots up with the English layout  | In Progress | Workaround: use Alt+Shift to switch between English-Arabic-Finnish layout. |


## Environment Requirements

There are no specific requirements for the environment with this release.


## Installation Instructions

Released images are available at [ghafreleasesstorage.z16.web.core.windows.net/ghaf-24-09-4](https://ghafreleasesstorage.z16.web.core.windows.net/ghaf-24-09-4).

Download the required image and use the following instructions: [Build and Run](../ref_impl/build_and_run).

6 changes: 4 additions & 2 deletions docs/src/release_notes/release_notes.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,13 +5,15 @@

# Ghaf Release Notes

Ghaf is released 4 times per year at the end of each quarter. Additional releases may be made as per request.
Ghaf is released 4 times per year at the end of each quarter. Additional releases or point releases may be made as per request. Point releases are related to user trials as a way to get the fixes and feature requests out faster.

Release numbering scheme: *ghaf-yy.mm.patch*.
Release numbering scheme: *ghaf-yy.mm*.


## In This Chapter

- [Release ghaf-24.09.4](../release_notes/ghaf-24.09.4.md)
- [Release ghaf-24.09.3](../release_notes/ghaf-24.09.3.md)
- [Release ghaf-24.09.2](../release_notes/ghaf-24.09.2.md)
- [Release ghaf-24.09.1](../release_notes/ghaf-24.09.1.md)
- [Release ghaf-24.09](../release_notes/ghaf-24.09.md)
Expand Down
6 changes: 3 additions & 3 deletions flake.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

6 changes: 4 additions & 2 deletions modules/common/development/debug-tools.nix
Original file line number Diff line number Diff line change
Expand Up @@ -55,8 +55,8 @@ in
iperf
tree
file
# to build ghaf on target

# to build ghaf on target
git

# Grpc testing
Expand Down Expand Up @@ -89,9 +89,11 @@ in
++ lib.optional (config.nixpkgs.hostPlatform.system == "riscv64-linux") perf-test-script-icicle
# runtimeShell (unixbench dependency) not available on RISC-V nor on cross-compiled Orin AGX/NX
++ lib.optional (pkgs.stdenv.hostPlatform == pkgs.stdenv.buildPlatform) pkgs.unixbench
# Build VLC only on x86
# Build VLC only on x86. Ffmpeg7 and v4l for camera related testing only on x86
++ lib.optionals (config.nixpkgs.hostPlatform.system == "x86_64-linux") (rmDesktopEntries [
pkgs.vlc
pkgs.ffmpeg_7
pkgs.v4l-utils
]);
};
}
29 changes: 29 additions & 0 deletions modules/common/security/apparmor/default.nix
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
# Copyright 2024-2025 TII (SSRC) and the Ghaf contributors
# SPDX-License-Identifier: Apache-2.0
{ config, lib, ... }:
let
cfg = config.ghaf.security.apparmor;
in
{
## Option to enable Apparmor security
options.ghaf.security.apparmor = {
enable = lib.mkOption {
description = ''
Enable Apparmor security.
'';
type = lib.types.bool;
default = false;
};
};

imports = [
./profiles/google-chrome.nix
./profiles/ping.nix
];

config = lib.mkIf cfg.enable {
security.apparmor.enable = true;
security.apparmor.killUnconfinedConfinables = lib.mkDefault true;
services.dbus.apparmor = "enabled";
};
}
Loading

0 comments on commit 669cbde

Please sign in to comment.