tomoyotitle.png

TOMOYO Linux on Yocto

This page describes how to include TOMOYO Linux into images built using Yocto. This page assumes Ubuntu 14.04 for x86 architecture as the host environment. This page assumes Qemu for ARM, Raspberry Pi 2 or Raspberry Pi 3 as the target environment.

Step 1: Configuring proxy (if necessary)

If your environment needs proxy, configure proxy settings. An example is shown below.

kumaneko@ubuntu:~$ git config --global http.proxy http://xxx.xxx.xxx.xxx:yyyyy
kumaneko@ubuntu:~$ git config --global https.proxy http://xxx.xxx.xxx.xxx:yyyyy
kumaneko@ubuntu:~$ git config --global url."https://".insteadOf git://
kumaneko@ubuntu:~$ git config --global url."https://git.yoctoproject.org/git/".insteadOf git://git.yoctoproject.org/
kumaneko@ubuntu:~$ cat ~/.gitconfig
[http]
        proxy = http://xxx.xxx.xxx.xxx:yyyyy
[https]
        proxy = http://xxx.xxx.xxx.xxx:yyyyy
[url "https://"]
        insteadOf = git://
[url "https://git.yoctoproject.org/git/"]
        insteadOf = git://git.yoctoproject.org/
kumaneko@ubuntu:~$ echo 'export http_proxy=http://xxx.xxx.xxx.xxx:yyyyy/' >> ~/.bashrc
kumaneko@ubuntu:~$ echo 'export https_proxy=http://xxx.xxx.xxx.xxx:yyyyy/' >> ~/.bashrc
kumaneko@ubuntu:~$ echo 'export ftp_proxy=http://xxx.xxx.xxx.xxx:yyyyy/' >> ~/.bashrc
kumaneko@ubuntu:~$ grep _proxy ~/.bashrc
export http_proxy=http://xxx.xxx.xxx.xxx:yyyyy/
export https_proxy=http://xxx.xxx.xxx.xxx:yyyyy/
export ftp_proxy=http://xxx.xxx.xxx.xxx:yyyyy/
kumaneko@ubuntu:~$ source ~/.bashrc

Step 2: Configuring Yocto environment

Create a directory for using Yocto and download poky's repository. Below is an example which uses "yocto" for the directory for using Yocto.

kumaneko@ubuntu:~$ mkdir yocto
kumaneko@ubuntu:~$ cd yocto/
kumaneko@ubuntu:~/yocto$ git clone git://git.yoctoproject.org/poky.git
Cloning into 'poky'...
remote: Counting objects: 383840, done.
remote: Compressing objects: 100% (92015/92015), done.
remote: Total 383840 (delta 285644), reused 383342 (delta 285146)
Receiving objects: 100% (383840/383840), 137.64 MiB | 233.00 KiB/s, done.
Resolving deltas: 100% (285644/285644), done.
Checking connectivity... done.
kumaneko@ubuntu:~/yocto$ cd poky/

Run the following command if you want to use Jethro branch (Yocto Project 2.0).

kumaneko@ubuntu:~/yocto/poky$ git checkout -b jethro origin/jethro
Branch jethro set up to track remote branch jethro from origin.
Switched to a new branch 'jethro'

Run the following command if you want to use Krogoth branch (Yocto Project 2.1).

kumaneko@ubuntu:~/yocto/poky$ git checkout -b krogoth origin/krogoth
Branch krogoth set up to track remote branch krogoth from origin.
Switched to a new branch 'krogoth'

Step 3: Obtaining recipes for Raspberry Pi

Append recipes for Raspberry Pi to the directory where you downloaded poky's repository. Be sure to checkout the branch you chose above.

kumaneko@ubuntu:~/yocto/poky$ git clone git://git.yoctoproject.org/meta-raspberrypi
Cloning into 'meta-raspberrypi'...
remote: Counting objects: 4435, done.
remote: Compressing objects: 100% (1949/1949), done.
remote: Total 4435 (delta 2251), reused 4338 (delta 2190)
Receiving objects: 100% (4435/4435), 1.12 MiB | 235.00 KiB/s, done.
Resolving deltas: 100% (2251/2251), done.
Checking connectivity... done.
kumaneko@ubuntu:~/yocto/poky$ cd meta-raspberrypi/
kumaneko@ubuntu:~/yocto/poky/meta-raspberrypi$ git checkout -b krogoth origin/krogoth
Branch krogoth set up to track remote branch krogoth from origin.
Switched to a new branch 'krogoth'
kumaneko@ubuntu:~/yocto/poky/meta-raspberrypi$ cd ../

Step 4: Creating recipes for TOMOYO Linux

Append recipes for TOMOYO Linux to the directory where you downloaded poky's repository.

You need to configure two things to use TOMOYO Linux; "Enable TOMOYO Linux in the kernel configuration" and "Include tools for administrating TOMOYO Linux into image file". The former is done by creating a recipe named linux%.bbappend and the latter is done by downloading a recipe for OpenEmbedded.

kumaneko@ubuntu:~/yocto/poky$ mkdir -p meta-tomoyo/conf meta-tomoyo/recipes-tomoyo
kumaneko@ubuntu:~/yocto/poky$ vi meta-tomoyo/conf/layer.conf
kumaneko@ubuntu:~/yocto/poky$ cat meta-tomoyo/conf/layer.conf
BBPATH .= ":${LAYERDIR}"
BBFILES += "${LAYERDIR}/recipes-tomoyo/*.bb ${LAYERDIR}/recipes-tomoyo/*.bbappend"

kumaneko@ubuntu:~/yocto/poky$ vi meta-tomoyo/recipes-tomoyo/linux%.bbappend
kumaneko@ubuntu:~/yocto/poky$ cat meta-tomoyo/recipes-tomoyo/linux%.bbappend
# This .bbappend file is intended for providing a hook for automatically
# enabling TOMOYO 2.5 when compiling a Linux kernel using bitbake.
# In order to automatically apply this hook as much as possible by appending
# meta-tomoyo repository regardless of the .bb file used for compiling
# a Linux kernel, this .bbappend file's filename is intentionally blurred.
# If either this hook is unintentionally applied or you know the .bb file's
# filename, please rename this .bbappend file's filename.

do_configure_append() {
  if [ -f .config ] && grep -qF CONFIG_SECURITY .config
  then
    (
      echo 'CONFIG_SECURITY=y'
      echo 'CONFIG_SECURITY_TOMOYO=y'
      echo 'CONFIG_DEFAULT_SECURITY_TOMOYO=y'
      echo '# CONFIG_DEFAULT_SECURITY_DAC is not set'
    ) >> .config
    yes '' | oe_runmake oldconfig
  fi
}
kumaneko@ubuntu:~/yocto/poky$ vi meta-tomoyo/recipes-tomoyo/tomoyo-tools_2.5.0.bb
kumaneko@ubuntu:~/yocto/poky$ cat meta-tomoyo/recipes-tomoyo/tomoyo-tools_2.5.0.bb
SUMMARY = "TOMOYO Linux tools"
DESCRIPTION = "TOMOYO Linux is a Mandatory Access Control (MAC) implementation \
for Linux that can be used to increase the security of a system, while also \
being useful purely as a system analysis tool."
HOMEPAGE = "http://tomoyo.osdn.jp/"
SECTION = "System Environment/Kernel"

SRC_URI = "http://jaist.dl.osdn.jp/tomoyo/53357/${BP}-20170102.tar.gz"
SRC_URI[md5sum] = "888804d58742452fe213a68f7eadd0ad"
SRC_URI[sha256sum] = "00fedfac5e514321250bbe69eaccc732c8a8158596f77a785c2e3ae9f9968283"

S = "${WORKDIR}/${BPN}"

LICENSE = "GPLv2"
LIC_FILES_CHKSUM = "file://COPYING.tomoyo;md5=751419260aa954499f7abaabaa882bbe"

FILES_${PN}     += "${libdir}/tomoyo"
FILES_${PN}-dbg += "${libdir}/tomoyo/.debug"

DEPENDS = "linux-libc-headers ncurses"

EXTRA_OEMAKE = "-e USRLIBDIR=${libdir}"

do_compile () {
    oe_runmake 'CC=${CC}'
}

do_install() {
    oe_runmake install INSTALLDIR=${D}
}
kumaneko@ubuntu:~/yocto/poky$ ls -lrtR meta-tomoyo/
meta-tomoyo/:
total 8
drwxrwxr-x 2 kumaneko kumaneko 4096 Nov 12 11:26 conf
drwxrwxr-x 2 kumaneko kumaneko 4096 Nov 12 11:29 recipes-tomoyo

meta-tomoyo/conf:
total 4
-rw-rw-r-- 1 kumaneko kumaneko 109 Nov 12 11:26 layer.conf

meta-tomoyo/recipes-tomoyo:
total 8
-rw-rw-r-- 1 kumaneko kumaneko 818 Nov 12 11:26 linux%.bbappend
-rw-rw-r-- 1 kumaneko kumaneko 916 Nov 12 11:28 tomoyo-tools_2.5.0.bb

Step 5: Selecting a target

Run oe-init-build-env in order to enter into a build directory.

kumaneko@ubuntu:~/yocto/poky$ source oe-init-build-env
You had no conf/local.conf file. This configuration file has therefore been
created for you with some default values. You may wish to edit it to, for
example, select a different MACHINE (target hardware). See conf/local.conf
for more information as common configuration options are commented.

You had no conf/bblayers.conf file. This configuration file has therefore been
created for you with some default values. To add additional metadata layers
into your configuration please add entries to conf/bblayers.conf.

The Yocto Project has extensive documentation about OE including a reference
manual which can be found at:
    http://yoctoproject.org/documentation

For more information about OpenEmbedded see their website:
    http://www.openembedded.org/


### Shell environment set up for builds. ###

You can now run 'bitbake <target>'

Common targets are:
    core-image-minimal
    core-image-sato
    meta-toolchain
    meta-ide-support

You can also run generated qemu images with a command like 'runqemu qemux86'

Add reference to recipes for Raspberry Pi and recipes for TOMOYO Linux to conf/bblayers.conf created by oe-init-build-env .

kumaneko@ubuntu:~/yocto/poky/build$ bitbake-layers add-layer ../meta-raspberrypi/
kumaneko@ubuntu:~/yocto/poky/build$ bitbake-layers add-layer ../meta-tomoyo/

Add the following entries to conf/local.conf created by oe-init-build-env .

  1. Specify MACHINE = "qemuarm" if you want to use Qemu for ARM as a target device, MACHINE = "raspberrypi2" if you want to use Raspberry Pi 2, MACHINE = "raspberrypi3" if you want to use Raspberry Pi 3.
  2. Specify a reasonable integer value to the BB_NUMBER_THREADS variable in order to allow e.g. parallel downloading of source code.
  3. Specify IMAGE_INSTALL_append = "tomoyo-tools" in order to include tools for administrating TOMOYO Linux ( tomoyo-tools ) into the image files.
kumaneko@ubuntu:~/yocto/poky/build$ cp -p conf/local.conf conf/local.conf.orig
kumaneko@ubuntu:~/yocto/poky/build$ vi conf/local.conf
kumaneko@ubuntu:~/yocto/poky/build$ diff -u conf/local.conf.orig conf/local.conf
--- conf/local.conf.orig        2016-09-18 13:18:55.371511496 +0900
+++ conf/local.conf     2016-09-18 13:20:59.489417182 +0900
@@ -237,3 +237,7 @@
 # track the version of this file when it was generated. This can safely be ignored if
 # this doesn't mean anything to you.
 CONF_VERSION = "1"
+
+MACHINE = "raspberrypi2"
+BB_NUMBER_THREADS = "16"
+IMAGE_INSTALL_append = "tomoyo-tools"

Step 6: Building rpi-basic-image

Build the rpi-basic-image target which is defined as a recipe for Raspberry Pi using bitbake command. It will take many hours due to downloading source code as well as compiling.

If bitbake command completed normally, there will be image files which the filename starts with rpi-basic-image- under tmp/deploy/images/ directory.

If you built with MACHINE = "raspberrypi2", the output will look like below.

kumaneko@ubuntu:~/yocto/poky/build$ bitbake rpi-basic-image
Parsing recipes: 100% |######################################################################################################################################################################################################| Time: 00:00:31
Parsing of 892 .bb files complete (0 cached, 892 parsed). 1322 targets, 67 skipped, 0 masked, 0 errors.
NOTE: Resolving any missing task queue dependencies

Build Configuration:
BB_VERSION        = "1.30.0"
BUILD_SYS         = "x86_64-linux"
NATIVELSBSTRING   = "universal"
TARGET_SYS        = "arm-poky-linux-gnueabi"
MACHINE           = "raspberrypi2"
DISTRO            = "poky"
DISTRO_VERSION    = "2.1.3"
TUNE_FEATURES     = "arm armv7ve vfp thumb neon vfpv4 callconvention-hard cortexa7"
TARGET_FPU        = "hard"
meta
meta-poky
meta-yocto-bsp    = "krogoth:1083d90888589b9f0d50a1d480f7c774d8b4bda3"
meta-raspberrypi  = "krogoth:a5f9b07a820d50ae5fb62e07306cd4e72d8638a9"
meta-tomoyo       = "krogoth:1083d90888589b9f0d50a1d480f7c774d8b4bda3"

NOTE: Preparing RunQueue
NOTE: Executing SetScene Tasks
NOTE: Executing RunQueue Tasks
NOTE: Tasks Summary: Attempted 2189 tasks of which 966 didn't need to be rerun and all succeeded.
kumaneko@ubuntu:~/yocto/poky/build$ ls -lrtR tmp/deploy/images/
tmp/deploy/images/:
total 4
drwxrwxr-x 3 kumaneko kumaneko 4096 Nov 12 20:17 raspberrypi2

tmp/deploy/images/raspberrypi2:
total 244944
-rw-r--r-- 2 kumaneko kumaneko   9105408 Nov 12 14:46 Image-1-4.1.21+git0+ff45bc0e89-r0-raspberrypi2-20171112041658.bin
-rw-rw-r-- 2 kumaneko kumaneko  16377331 Nov 12 14:46 modules-1-4.1.21+git0+ff45bc0e89-r0-raspberrypi2-20171112041658.tgz
-rw-r--r-- 2 kumaneko kumaneko     10849 Nov 12 14:46 Image-1-4.1.21+git0+ff45bc0e89-r0-bcm2708-rpi-b-20171112041658.dtb
-rw-r--r-- 2 kumaneko kumaneko     11128 Nov 12 14:46 Image-1-4.1.21+git0+ff45bc0e89-r0-bcm2708-rpi-b-plus-20171112041658.dtb
-rw-r--r-- 2 kumaneko kumaneko     12116 Nov 12 14:46 Image-1-4.1.21+git0+ff45bc0e89-r0-bcm2709-rpi-2-b-20171112041658.dtb
-rw-r--r-- 2 kumaneko kumaneko     12870 Nov 12 14:46 Image-1-4.1.21+git0+ff45bc0e89-r0-bcm2710-rpi-3-b-20171112041658.dtb
-rw-r--r-- 2 kumaneko kumaneko       779 Nov 12 14:46 Image-1-4.1.21+git0+ff45bc0e89-r0-hifiberry-amp-overlay-20171112041658.dtb
-rw-r--r-- 2 kumaneko kumaneko       655 Nov 12 14:46 Image-1-4.1.21+git0+ff45bc0e89-r0-hifiberry-dac-overlay-20171112041658.dtb
-rw-r--r-- 2 kumaneko kumaneko      1378 Nov 12 14:46 Image-1-4.1.21+git0+ff45bc0e89-r0-hifiberry-dacplus-overlay-20171112041658.dtb
-rw-r--r-- 2 kumaneko kumaneko       783 Nov 12 14:46 Image-1-4.1.21+git0+ff45bc0e89-r0-hifiberry-digi-overlay-20171112041658.dtb
-rw-r--r-- 2 kumaneko kumaneko      2313 Nov 12 14:46 Image-1-4.1.21+git0+ff45bc0e89-r0-i2c-rtc-overlay-20171112041658.dtb
-rw-r--r-- 2 kumaneko kumaneko       775 Nov 12 14:46 Image-1-4.1.21+git0+ff45bc0e89-r0-iqaudio-dac-overlay-20171112041658.dtb
-rw-r--r-- 2 kumaneko kumaneko      1051 Nov 12 14:46 Image-1-4.1.21+git0+ff45bc0e89-r0-iqaudio-dacplus-overlay-20171112041658.dtb
-rw-r--r-- 2 kumaneko kumaneko      1428 Nov 12 14:46 Image-1-4.1.21+git0+ff45bc0e89-r0-lirc-rpi-overlay-20171112041658.dtb
-rw-r--r-- 2 kumaneko kumaneko      1576 Nov 12 14:46 Image-1-4.1.21+git0+ff45bc0e89-r0-pitft22-overlay-20171112041658.dtb
-rw-r--r-- 2 kumaneko kumaneko      2658 Nov 12 14:46 Image-1-4.1.21+git0+ff45bc0e89-r0-pitft28-resistive-overlay-20171112041658.dtb
-rw-r--r-- 2 kumaneko kumaneko      1003 Nov 12 14:46 Image-1-4.1.21+git0+ff45bc0e89-r0-pps-gpio-overlay-20171112041658.dtb
-rw-r--r-- 2 kumaneko kumaneko       484 Nov 12 14:46 Image-1-4.1.21+git0+ff45bc0e89-r0-rpi-ft5406-overlay-20171112041658.dtb
-rw-r--r-- 2 kumaneko kumaneko      1124 Nov 12 14:46 Image-1-4.1.21+git0+ff45bc0e89-r0-w1-gpio-overlay-20171112041658.dtb
-rw-r--r-- 2 kumaneko kumaneko      1291 Nov 12 14:46 Image-1-4.1.21+git0+ff45bc0e89-r0-w1-gpio-pullup-overlay-20171112041658.dtb
-rw-r--r-- 2 kumaneko kumaneko      1097 Nov 12 14:46 Image-1-4.1.21+git0+ff45bc0e89-r0-pi3-miniuart-bt-overlay-20171112041658.dtb
lrwxrwxrwx 1 kumaneko kumaneko        75 Nov 12 14:46 Image-hifiberry-digi-overlay.dtb -> Image-1-4.1.21+git0+ff45bc0e89-r0-hifiberry-digi-overlay-20171112041658.dtb
lrwxrwxrwx 1 kumaneko kumaneko        67 Nov 12 14:46 modules-raspberrypi2.tgz -> modules-1-4.1.21+git0+ff45bc0e89-r0-raspberrypi2-20171112041658.tgz
lrwxrwxrwx 1 kumaneko kumaneko        75 Nov 12 14:46 Image-w1-gpio-pullup-overlay.dtb -> Image-1-4.1.21+git0+ff45bc0e89-r0-w1-gpio-pullup-overlay-20171112041658.dtb
lrwxrwxrwx 1 kumaneko kumaneko        68 Nov 12 14:46 Image-w1-gpio-overlay.dtb -> Image-1-4.1.21+git0+ff45bc0e89-r0-w1-gpio-overlay-20171112041658.dtb
lrwxrwxrwx 1 kumaneko kumaneko        71 Nov 12 14:46 Image-rpi-ft5406-overlay.dtb -> Image-1-4.1.21+git0+ff45bc0e89-r0-rpi-ft5406-overlay-20171112041658.dtb
lrwxrwxrwx 1 kumaneko kumaneko        65 Nov 12 14:46 Image-raspberrypi2.bin -> Image-1-4.1.21+git0+ff45bc0e89-r0-raspberrypi2-20171112041658.bin
lrwxrwxrwx 1 kumaneko kumaneko        69 Nov 12 14:46 Image-pps-gpio-overlay.dtb -> Image-1-4.1.21+git0+ff45bc0e89-r0-pps-gpio-overlay-20171112041658.dtb
lrwxrwxrwx 1 kumaneko kumaneko        78 Nov 12 14:46 Image-pitft28-resistive-overlay.dtb -> Image-1-4.1.21+git0+ff45bc0e89-r0-pitft28-resistive-overlay-20171112041658.dtb
lrwxrwxrwx 1 kumaneko kumaneko        68 Nov 12 14:46 Image-pitft22-overlay.dtb -> Image-1-4.1.21+git0+ff45bc0e89-r0-pitft22-overlay-20171112041658.dtb
lrwxrwxrwx 1 kumaneko kumaneko        76 Nov 12 14:46 Image-pi3-miniuart-bt-overlay.dtb -> Image-1-4.1.21+git0+ff45bc0e89-r0-pi3-miniuart-bt-overlay-20171112041658.dtb
lrwxrwxrwx 1 kumaneko kumaneko        69 Nov 12 14:46 Image-lirc-rpi-overlay.dtb -> Image-1-4.1.21+git0+ff45bc0e89-r0-lirc-rpi-overlay-20171112041658.dtb
lrwxrwxrwx 1 kumaneko kumaneko        76 Nov 12 14:46 Image-iqaudio-dacplus-overlay.dtb -> Image-1-4.1.21+git0+ff45bc0e89-r0-iqaudio-dacplus-overlay-20171112041658.dtb
lrwxrwxrwx 1 kumaneko kumaneko        72 Nov 12 14:46 Image-iqaudio-dac-overlay.dtb -> Image-1-4.1.21+git0+ff45bc0e89-r0-iqaudio-dac-overlay-20171112041658.dtb
lrwxrwxrwx 1 kumaneko kumaneko        68 Nov 12 14:46 Image-i2c-rtc-overlay.dtb -> Image-1-4.1.21+git0+ff45bc0e89-r0-i2c-rtc-overlay-20171112041658.dtb
lrwxrwxrwx 1 kumaneko kumaneko        78 Nov 12 14:46 Image-hifiberry-dacplus-overlay.dtb -> Image-1-4.1.21+git0+ff45bc0e89-r0-hifiberry-dacplus-overlay-20171112041658.dtb
lrwxrwxrwx 1 kumaneko kumaneko        74 Nov 12 14:46 Image-hifiberry-dac-overlay.dtb -> Image-1-4.1.21+git0+ff45bc0e89-r0-hifiberry-dac-overlay-20171112041658.dtb
lrwxrwxrwx 1 kumaneko kumaneko        74 Nov 12 14:46 Image-hifiberry-amp-overlay.dtb -> Image-1-4.1.21+git0+ff45bc0e89-r0-hifiberry-amp-overlay-20171112041658.dtb
lrwxrwxrwx 1 kumaneko kumaneko        68 Nov 12 14:46 Image-bcm2710-rpi-3-b.dtb -> Image-1-4.1.21+git0+ff45bc0e89-r0-bcm2710-rpi-3-b-20171112041658.dtb
lrwxrwxrwx 1 kumaneko kumaneko        68 Nov 12 14:46 Image-bcm2709-rpi-2-b.dtb -> Image-1-4.1.21+git0+ff45bc0e89-r0-bcm2709-rpi-2-b-20171112041658.dtb
lrwxrwxrwx 1 kumaneko kumaneko        66 Nov 12 14:46 Image-bcm2708-rpi-b.dtb -> Image-1-4.1.21+git0+ff45bc0e89-r0-bcm2708-rpi-b-20171112041658.dtb
lrwxrwxrwx 1 kumaneko kumaneko        71 Nov 12 14:46 Image-bcm2708-rpi-b-plus.dtb -> Image-1-4.1.21+git0+ff45bc0e89-r0-bcm2708-rpi-b-plus-20171112041658.dtb
lrwxrwxrwx 1 kumaneko kumaneko        65 Nov 12 14:46 Image -> Image-1-4.1.21+git0+ff45bc0e89-r0-raspberrypi2-20171112041658.bin
drwxr-xr-x 2 kumaneko kumaneko      4096 Nov 12 20:14 bcm2835-bootfiles
-rw-r--r-- 2 kumaneko kumaneko       294 Nov 12 20:14 README_-_DO_NOT_DELETE_FILES_IN_THIS_DIRECTORY.txt
lrwxrwxrwx 1 kumaneko kumaneko        59 Nov 12 20:17 rpi-basic-image-raspberrypi2.manifest -> rpi-basic-image-raspberrypi2-20171112041658.rootfs.manifest
-rw-r--r-- 1 kumaneko kumaneko     90322 Nov 12 20:17 rpi-basic-image-raspberrypi2-20171112041658.rootfs.manifest
-rw-r--r-- 1 kumaneko kumaneko  21336060 Nov 12 20:17 rpi-basic-image-raspberrypi2-20171112041658.rootfs.tar.bz2
-rw-r--r-- 1 kumaneko kumaneko  92274688 Nov 12 20:17 rpi-basic-image-raspberrypi2-20171112041658.rootfs.ext3
lrwxrwxrwx 1 kumaneko kumaneko        55 Nov 12 20:17 rpi-basic-image-raspberrypi2.ext3 -> rpi-basic-image-raspberrypi2-20171112041658.rootfs.ext3
lrwxrwxrwx 1 kumaneko kumaneko        58 Nov 12 20:17 rpi-basic-image-raspberrypi2.tar.bz2 -> rpi-basic-image-raspberrypi2-20171112041658.rootfs.tar.bz2
-rw-r--r-- 1 kumaneko kumaneko 138412032 Nov 12 20:17 rpi-basic-image-raspberrypi2-20171112041658.rootfs.rpi-sdimg
lrwxrwxrwx 1 kumaneko kumaneko        60 Nov 12 20:17 rpi-basic-image-raspberrypi2.rpi-sdimg -> rpi-basic-image-raspberrypi2-20171112041658.rootfs.rpi-sdimg

tmp/deploy/images/raspberrypi2/bcm2835-bootfiles:
total 11984
-rw-r--r-- 2 kumaneko kumaneko   36159 Nov 12 13:39 config.txt
-rw-rw-r-- 2 kumaneko kumaneko      96 Nov 12 14:46 cmdline.txt
-rw-r--r-- 2 kumaneko kumaneko 2746552 Nov 12 20:14 start.elf
-rw-r--r-- 2 kumaneko kumaneko  617432 Nov 12 20:14 start_cd.elf
-rw-r--r-- 2 kumaneko kumaneko 4926264 Nov 12 20:14 start_db.elf
-rw-r--r-- 2 kumaneko kumaneko 3877720 Nov 12 20:14 start_x.elf
-rw-r--r-- 2 kumaneko kumaneko    6482 Nov 12 20:14 fixup.dat
-rw-r--r-- 2 kumaneko kumaneko    9717 Nov 12 20:14 fixup_x.dat
-rw-r--r-- 2 kumaneko kumaneko    9717 Nov 12 20:14 fixup_db.dat
-rw-r--r-- 2 kumaneko kumaneko    2504 Nov 12 20:14 fixup_cd.dat
-rw-r--r-- 2 kumaneko kumaneko   17932 Nov 12 20:14 bootcode.bin
-rw-rw-r-- 2 kumaneko kumaneko       0 Nov 12 20:14 bcm2835-bootfiles-20160622.stamp
kumaneko@ubuntu:~/yocto/poky/build$ tar -vvtf tmp/deploy/images/raspberrypi2/rpi-basic-image-raspberrypi2.tar.bz2 | grep tomoyo
-rwx------ root/root     10692 2017-11-12 13:45 ./sbin/tomoyo-init
-rwxr-xr-x root/root      8112 2017-11-12 13:45 ./usr/sbin/tomoyo-loadpolicy
-rwxr-xr-x root/root      5536 2017-11-12 13:45 ./usr/sbin/tomoyo-setlevel
-rwxr-xr-x root/root      5472 2017-11-12 13:45 ./usr/sbin/tomoyo-pstree
-rwxr-xr-x root/root      4704 2017-11-12 13:45 ./usr/sbin/tomoyo-domainmatch
-rwxr-xr-x root/root      4460 2017-11-12 13:45 ./usr/sbin/tomoyo-selectpolicy
-rwxr-xr-x root/root     10080 2017-11-12 13:45 ./usr/sbin/tomoyo-patternize
-rwxr-xr-x root/root     10496 2017-11-12 13:45 ./usr/sbin/tomoyo-auditd
-rwxr-xr-x root/root      5196 2017-11-12 13:45 ./usr/sbin/tomoyo-findtemp
-rwxr-xr-x root/root      8800 2017-11-12 13:45 ./usr/sbin/tomoyo-notifyd
-rwxr-xr-x root/root      3664 2017-11-12 13:45 ./usr/sbin/tomoyo-sortpolicy
-rwxr-xr-x root/root      5928 2017-11-12 13:45 ./usr/sbin/tomoyo-setprofile
-rwxr-xr-x root/root      4784 2017-11-12 13:45 ./usr/sbin/tomoyo-diffpolicy
-rwxr-xr-x root/root      8108 2017-11-12 13:45 ./usr/sbin/tomoyo-savepolicy
-rwxr-xr-x root/root     12408 2017-11-12 13:45 ./usr/sbin/tomoyo-checkpolicy
-rwxr-xr-x root/root     83620 2017-11-12 13:45 ./usr/sbin/tomoyo-editpolicy
-rwxr-xr-x root/root     12624 2017-11-12 13:45 ./usr/sbin/tomoyo-queryd
-rwxr-xr-x root/root     22972 2017-11-12 13:45 ./usr/lib/libtomoyotools.so.3.0.3
drwxr-xr-x root/root         0 2017-11-12 20:16 ./usr/lib/tomoyo/
-rwxr-xr-x root/root      4164 2017-11-12 13:45 ./usr/lib/tomoyo/audit-exec-param
-rwxr-xr-x root/root      5904 2017-11-12 13:45 ./usr/lib/tomoyo/convert-audit-log
-rwxr-xr-x root/root     45632 2017-11-12 13:45 ./usr/lib/tomoyo/init_policy
-rwxr-xr-x root/root      5320 2017-11-12 13:45 ./usr/lib/tomoyo/convert-exec-param
-rw-r--r-- root/root      1766 2017-11-12 13:44 ./usr/lib/tomoyo/README.tomoyo
-rwxr-xr-x root/root      9472 2017-11-12 13:45 ./usr/lib/tomoyo/tomoyo-editpolicy-agent
-rw-r--r-- root/root     17987 2017-11-12 13:44 ./usr/lib/tomoyo/COPYING.tomoyo
lrwxrwxrwx root/root         0 2017-11-12 20:16 ./usr/lib/libtomoyotools.so.3 -> libtomoyotools.so.3.0.3

If you built with MACHINE = "raspberrypi3", the output will look like below.

kumaneko@ubuntu:~/yocto/poky/build$ bitbake rpi-basic-image
Parsing recipes: 100% |######################################################################################################################################################################################################| Time: 00:00:41
Parsing of 892 .bb files complete (0 cached, 892 parsed). 1322 targets, 67 skipped, 0 masked, 0 errors.
NOTE: Resolving any missing task queue dependencies

Build Configuration:
BB_VERSION        = "1.30.0"
BUILD_SYS         = "x86_64-linux"
NATIVELSBSTRING   = "universal"
TARGET_SYS        = "arm-poky-linux-gnueabi"
MACHINE           = "raspberrypi3"
DISTRO            = "poky"
DISTRO_VERSION    = "2.1.3"
TUNE_FEATURES     = "arm armv7ve vfp thumb neon vfpv4 callconvention-hard cortexa7"
TARGET_FPU        = "hard"
meta
meta-poky
meta-yocto-bsp    = "krogoth:1083d90888589b9f0d50a1d480f7c774d8b4bda3"
meta-raspberrypi  = "krogoth:a5f9b07a820d50ae5fb62e07306cd4e72d8638a9"
meta-tomoyo       = "krogoth:1083d90888589b9f0d50a1d480f7c774d8b4bda3"

NOTE: Preparing RunQueue
NOTE: Executing SetScene Tasks
NOTE: Executing RunQueue Tasks
NOTE: Tasks Summary: Attempted 2189 tasks of which 2043 didn't need to be rerun and all succeeded.
kumaneko@ubuntu:~/yocto/poky/build$ ls -lrtR tmp/deploy/images/
tmp/deploy/images/:
total 4
drwxr-xr-x 3 kumaneko kumaneko 4096 Nov 12 20:44 raspberrypi3

tmp/deploy/images/raspberrypi3:
total 244948
-rw-r--r-- 2 kumaneko kumaneko   9105408 Nov 12 20:40 Image-1-4.1.21+git0+ff45bc0e89-r0-raspberrypi3-20171112112744.bin
-rw-rw-r-- 2 kumaneko kumaneko  16376356 Nov 12 20:40 modules-1-4.1.21+git0+ff45bc0e89-r0-raspberrypi3-20171112112744.tgz
-rw-r--r-- 2 kumaneko kumaneko     10849 Nov 12 20:40 Image-1-4.1.21+git0+ff45bc0e89-r0-bcm2708-rpi-b-20171112112744.dtb
-rw-r--r-- 2 kumaneko kumaneko     11128 Nov 12 20:40 Image-1-4.1.21+git0+ff45bc0e89-r0-bcm2708-rpi-b-plus-20171112112744.dtb
-rw-r--r-- 2 kumaneko kumaneko     12116 Nov 12 20:40 Image-1-4.1.21+git0+ff45bc0e89-r0-bcm2709-rpi-2-b-20171112112744.dtb
-rw-r--r-- 2 kumaneko kumaneko     12870 Nov 12 20:40 Image-1-4.1.21+git0+ff45bc0e89-r0-bcm2710-rpi-3-b-20171112112744.dtb
-rw-r--r-- 2 kumaneko kumaneko       779 Nov 12 20:40 Image-1-4.1.21+git0+ff45bc0e89-r0-hifiberry-amp-overlay-20171112112744.dtb
-rw-r--r-- 2 kumaneko kumaneko       655 Nov 12 20:40 Image-1-4.1.21+git0+ff45bc0e89-r0-hifiberry-dac-overlay-20171112112744.dtb
-rw-r--r-- 2 kumaneko kumaneko      1378 Nov 12 20:40 Image-1-4.1.21+git0+ff45bc0e89-r0-hifiberry-dacplus-overlay-20171112112744.dtb
-rw-r--r-- 2 kumaneko kumaneko       783 Nov 12 20:40 Image-1-4.1.21+git0+ff45bc0e89-r0-hifiberry-digi-overlay-20171112112744.dtb
-rw-r--r-- 2 kumaneko kumaneko      2313 Nov 12 20:40 Image-1-4.1.21+git0+ff45bc0e89-r0-i2c-rtc-overlay-20171112112744.dtb
-rw-r--r-- 2 kumaneko kumaneko       775 Nov 12 20:40 Image-1-4.1.21+git0+ff45bc0e89-r0-iqaudio-dac-overlay-20171112112744.dtb
-rw-r--r-- 2 kumaneko kumaneko      1051 Nov 12 20:40 Image-1-4.1.21+git0+ff45bc0e89-r0-iqaudio-dacplus-overlay-20171112112744.dtb
-rw-r--r-- 2 kumaneko kumaneko      1428 Nov 12 20:40 Image-1-4.1.21+git0+ff45bc0e89-r0-lirc-rpi-overlay-20171112112744.dtb
-rw-r--r-- 2 kumaneko kumaneko      1576 Nov 12 20:40 Image-1-4.1.21+git0+ff45bc0e89-r0-pitft22-overlay-20171112112744.dtb
-rw-r--r-- 2 kumaneko kumaneko      2658 Nov 12 20:40 Image-1-4.1.21+git0+ff45bc0e89-r0-pitft28-resistive-overlay-20171112112744.dtb
-rw-r--r-- 2 kumaneko kumaneko      1003 Nov 12 20:40 Image-1-4.1.21+git0+ff45bc0e89-r0-pps-gpio-overlay-20171112112744.dtb
-rw-r--r-- 2 kumaneko kumaneko       484 Nov 12 20:40 Image-1-4.1.21+git0+ff45bc0e89-r0-rpi-ft5406-overlay-20171112112744.dtb
-rw-r--r-- 2 kumaneko kumaneko      1124 Nov 12 20:40 Image-1-4.1.21+git0+ff45bc0e89-r0-w1-gpio-overlay-20171112112744.dtb
-rw-r--r-- 2 kumaneko kumaneko      1291 Nov 12 20:40 Image-1-4.1.21+git0+ff45bc0e89-r0-w1-gpio-pullup-overlay-20171112112744.dtb
-rw-r--r-- 2 kumaneko kumaneko      1097 Nov 12 20:40 Image-1-4.1.21+git0+ff45bc0e89-r0-pi3-miniuart-bt-overlay-20171112112744.dtb
lrwxrwxrwx 1 kumaneko kumaneko        67 Nov 12 20:40 modules-raspberrypi3.tgz -> modules-1-4.1.21+git0+ff45bc0e89-r0-raspberrypi3-20171112112744.tgz
drwxr-xr-x 2 kumaneko kumaneko      4096 Nov 12 20:40 bcm2835-bootfiles
lrwxrwxrwx 1 kumaneko kumaneko        75 Nov 12 20:40 Image-w1-gpio-pullup-overlay.dtb -> Image-1-4.1.21+git0+ff45bc0e89-r0-w1-gpio-pullup-overlay-20171112112744.dtb
lrwxrwxrwx 1 kumaneko kumaneko        68 Nov 12 20:40 Image-w1-gpio-overlay.dtb -> Image-1-4.1.21+git0+ff45bc0e89-r0-w1-gpio-overlay-20171112112744.dtb
lrwxrwxrwx 1 kumaneko kumaneko        71 Nov 12 20:40 Image-rpi-ft5406-overlay.dtb -> Image-1-4.1.21+git0+ff45bc0e89-r0-rpi-ft5406-overlay-20171112112744.dtb
lrwxrwxrwx 1 kumaneko kumaneko        65 Nov 12 20:40 Image-raspberrypi3.bin -> Image-1-4.1.21+git0+ff45bc0e89-r0-raspberrypi3-20171112112744.bin
lrwxrwxrwx 1 kumaneko kumaneko        69 Nov 12 20:40 Image-pps-gpio-overlay.dtb -> Image-1-4.1.21+git0+ff45bc0e89-r0-pps-gpio-overlay-20171112112744.dtb
lrwxrwxrwx 1 kumaneko kumaneko        78 Nov 12 20:40 Image-pitft28-resistive-overlay.dtb -> Image-1-4.1.21+git0+ff45bc0e89-r0-pitft28-resistive-overlay-20171112112744.dtb
lrwxrwxrwx 1 kumaneko kumaneko        68 Nov 12 20:40 Image-pitft22-overlay.dtb -> Image-1-4.1.21+git0+ff45bc0e89-r0-pitft22-overlay-20171112112744.dtb
lrwxrwxrwx 1 kumaneko kumaneko        76 Nov 12 20:40 Image-pi3-miniuart-bt-overlay.dtb -> Image-1-4.1.21+git0+ff45bc0e89-r0-pi3-miniuart-bt-overlay-20171112112744.dtb
lrwxrwxrwx 1 kumaneko kumaneko        69 Nov 12 20:40 Image-lirc-rpi-overlay.dtb -> Image-1-4.1.21+git0+ff45bc0e89-r0-lirc-rpi-overlay-20171112112744.dtb
lrwxrwxrwx 1 kumaneko kumaneko        76 Nov 12 20:40 Image-iqaudio-dacplus-overlay.dtb -> Image-1-4.1.21+git0+ff45bc0e89-r0-iqaudio-dacplus-overlay-20171112112744.dtb
lrwxrwxrwx 1 kumaneko kumaneko        72 Nov 12 20:40 Image-iqaudio-dac-overlay.dtb -> Image-1-4.1.21+git0+ff45bc0e89-r0-iqaudio-dac-overlay-20171112112744.dtb
lrwxrwxrwx 1 kumaneko kumaneko        68 Nov 12 20:40 Image-i2c-rtc-overlay.dtb -> Image-1-4.1.21+git0+ff45bc0e89-r0-i2c-rtc-overlay-20171112112744.dtb
lrwxrwxrwx 1 kumaneko kumaneko        75 Nov 12 20:40 Image-hifiberry-digi-overlay.dtb -> Image-1-4.1.21+git0+ff45bc0e89-r0-hifiberry-digi-overlay-20171112112744.dtb
lrwxrwxrwx 1 kumaneko kumaneko        78 Nov 12 20:40 Image-hifiberry-dacplus-overlay.dtb -> Image-1-4.1.21+git0+ff45bc0e89-r0-hifiberry-dacplus-overlay-20171112112744.dtb
lrwxrwxrwx 1 kumaneko kumaneko        74 Nov 12 20:40 Image-hifiberry-dac-overlay.dtb -> Image-1-4.1.21+git0+ff45bc0e89-r0-hifiberry-dac-overlay-20171112112744.dtb
lrwxrwxrwx 1 kumaneko kumaneko        74 Nov 12 20:40 Image-hifiberry-amp-overlay.dtb -> Image-1-4.1.21+git0+ff45bc0e89-r0-hifiberry-amp-overlay-20171112112744.dtb
lrwxrwxrwx 1 kumaneko kumaneko        68 Nov 12 20:40 Image-bcm2710-rpi-3-b.dtb -> Image-1-4.1.21+git0+ff45bc0e89-r0-bcm2710-rpi-3-b-20171112112744.dtb
lrwxrwxrwx 1 kumaneko kumaneko        68 Nov 12 20:40 Image-bcm2709-rpi-2-b.dtb -> Image-1-4.1.21+git0+ff45bc0e89-r0-bcm2709-rpi-2-b-20171112112744.dtb
lrwxrwxrwx 1 kumaneko kumaneko        66 Nov 12 20:40 Image-bcm2708-rpi-b.dtb -> Image-1-4.1.21+git0+ff45bc0e89-r0-bcm2708-rpi-b-20171112112744.dtb
lrwxrwxrwx 1 kumaneko kumaneko        71 Nov 12 20:40 Image-bcm2708-rpi-b-plus.dtb -> Image-1-4.1.21+git0+ff45bc0e89-r0-bcm2708-rpi-b-plus-20171112112744.dtb
lrwxrwxrwx 1 kumaneko kumaneko        65 Nov 12 20:40 Image -> Image-1-4.1.21+git0+ff45bc0e89-r0-raspberrypi3-20171112112744.bin
-rw-r--r-- 2 kumaneko kumaneko       294 Nov 12 20:42 README_-_DO_NOT_DELETE_FILES_IN_THIS_DIRECTORY.txt
lrwxrwxrwx 1 kumaneko kumaneko        59 Nov 12 20:43 rpi-basic-image-raspberrypi3.manifest -> rpi-basic-image-raspberrypi3-20171112112744.rootfs.manifest
-rw-r--r-- 1 kumaneko kumaneko     90322 Nov 12 20:43 rpi-basic-image-raspberrypi3-20171112112744.rootfs.manifest
-rw-r--r-- 1 kumaneko kumaneko  21336875 Nov 12 20:43 rpi-basic-image-raspberrypi3-20171112112744.rootfs.tar.bz2
-rw-r--r-- 1 kumaneko kumaneko  92274688 Nov 12 20:43 rpi-basic-image-raspberrypi3-20171112112744.rootfs.ext3
lrwxrwxrwx 1 kumaneko kumaneko        55 Nov 12 20:43 rpi-basic-image-raspberrypi3.ext3 -> rpi-basic-image-raspberrypi3-20171112112744.rootfs.ext3
lrwxrwxrwx 1 kumaneko kumaneko        58 Nov 12 20:44 rpi-basic-image-raspberrypi3.tar.bz2 -> rpi-basic-image-raspberrypi3-20171112112744.rootfs.tar.bz2
-rw-r--r-- 1 kumaneko kumaneko 138412032 Nov 12 20:44 rpi-basic-image-raspberrypi3-20171112112744.rootfs.rpi-sdimg
lrwxrwxrwx 1 kumaneko kumaneko        60 Nov 12 20:44 rpi-basic-image-raspberrypi3.rpi-sdimg -> rpi-basic-image-raspberrypi3-20171112112744.rootfs.rpi-sdimg

tmp/deploy/images/raspberrypi3/bcm2835-bootfiles:
total 11984
-rw-r--r-- 2 kumaneko kumaneko   36159 Nov 12 20:29 config.txt
-rw-r--r-- 2 kumaneko kumaneko  617432 Nov 12 20:31 start_cd.elf
-rw-r--r-- 2 kumaneko kumaneko 2746552 Nov 12 20:31 start.elf
-rw-r--r-- 2 kumaneko kumaneko 4926264 Nov 12 20:31 start_db.elf
-rw-r--r-- 2 kumaneko kumaneko 3877720 Nov 12 20:31 start_x.elf
-rw-r--r-- 2 kumaneko kumaneko    9717 Nov 12 20:31 fixup_x.dat
-rw-r--r-- 2 kumaneko kumaneko    9717 Nov 12 20:31 fixup_db.dat
-rw-r--r-- 2 kumaneko kumaneko    2504 Nov 12 20:31 fixup_cd.dat
-rw-r--r-- 2 kumaneko kumaneko    6482 Nov 12 20:31 fixup.dat
-rw-r--r-- 2 kumaneko kumaneko   17932 Nov 12 20:31 bootcode.bin
-rw-rw-r-- 2 kumaneko kumaneko       0 Nov 12 20:31 bcm2835-bootfiles-20160622.stamp
-rw-rw-r-- 2 kumaneko kumaneko      96 Nov 12 20:40 cmdline.txt
kumaneko@ubuntu:~/yocto/poky/build$ tar -vvtf tmp/deploy/images/raspberrypi3/rpi-basic-image-raspberrypi3.tar.bz2 | grep tomoyo
-rwx------ root/root     10692 2017-11-12 13:45 ./sbin/tomoyo-init
-rwxr-xr-x root/root      8112 2017-11-12 13:45 ./usr/sbin/tomoyo-loadpolicy
-rwxr-xr-x root/root      5536 2017-11-12 13:45 ./usr/sbin/tomoyo-setlevel
-rwxr-xr-x root/root      5472 2017-11-12 13:45 ./usr/sbin/tomoyo-pstree
-rwxr-xr-x root/root      4704 2017-11-12 13:45 ./usr/sbin/tomoyo-domainmatch
-rwxr-xr-x root/root      4460 2017-11-12 13:45 ./usr/sbin/tomoyo-selectpolicy
-rwxr-xr-x root/root     10080 2017-11-12 13:45 ./usr/sbin/tomoyo-patternize
-rwxr-xr-x root/root     10496 2017-11-12 13:45 ./usr/sbin/tomoyo-auditd
-rwxr-xr-x root/root      5196 2017-11-12 13:45 ./usr/sbin/tomoyo-findtemp
-rwxr-xr-x root/root      8800 2017-11-12 13:45 ./usr/sbin/tomoyo-notifyd
-rwxr-xr-x root/root      3664 2017-11-12 13:45 ./usr/sbin/tomoyo-sortpolicy
-rwxr-xr-x root/root      5928 2017-11-12 13:45 ./usr/sbin/tomoyo-setprofile
-rwxr-xr-x root/root      4784 2017-11-12 13:45 ./usr/sbin/tomoyo-diffpolicy
-rwxr-xr-x root/root      8108 2017-11-12 13:45 ./usr/sbin/tomoyo-savepolicy
-rwxr-xr-x root/root     12408 2017-11-12 13:45 ./usr/sbin/tomoyo-checkpolicy
-rwxr-xr-x root/root     83620 2017-11-12 13:45 ./usr/sbin/tomoyo-editpolicy
-rwxr-xr-x root/root     12624 2017-11-12 13:45 ./usr/sbin/tomoyo-queryd
-rwxr-xr-x root/root     22972 2017-11-12 13:45 ./usr/lib/libtomoyotools.so.3.0.3
drwxr-xr-x root/root         0 2017-11-12 20:43 ./usr/lib/tomoyo/
-rwxr-xr-x root/root      4164 2017-11-12 13:45 ./usr/lib/tomoyo/audit-exec-param
-rwxr-xr-x root/root      5904 2017-11-12 13:45 ./usr/lib/tomoyo/convert-audit-log
-rwxr-xr-x root/root     45632 2017-11-12 13:45 ./usr/lib/tomoyo/init_policy
-rwxr-xr-x root/root      5320 2017-11-12 13:45 ./usr/lib/tomoyo/convert-exec-param
-rw-r--r-- root/root      1766 2017-11-12 13:44 ./usr/lib/tomoyo/README.tomoyo
-rwxr-xr-x root/root      9472 2017-11-12 13:45 ./usr/lib/tomoyo/tomoyo-editpolicy-agent
-rw-r--r-- root/root     17987 2017-11-12 13:44 ./usr/lib/tomoyo/COPYING.tomoyo
lrwxrwxrwx root/root         0 2017-11-12 20:43 ./usr/lib/libtomoyotools.so.3 -> libtomoyotools.so.3.0.3

If you built with MACHINE = "qemuarm", the output will look like below.

kumaneko@ubuntu:~/yocto/poky/build$ bitbake rpi-basic-image
Parsing recipes: 100% |######################################################################################################################################################################################################| Time: 00:00:35
Parsing of 892 .bb files complete (0 cached, 892 parsed). 1322 targets, 80 skipped, 0 masked, 0 errors.
NOTE: Resolving any missing task queue dependencies

Build Configuration:
BB_VERSION        = "1.30.0"
BUILD_SYS         = "x86_64-linux"
NATIVELSBSTRING   = "Ubuntu-14.04"
TARGET_SYS        = "arm-poky-linux-gnueabi"
MACHINE           = "qemuarm"
DISTRO            = "poky"
DISTRO_VERSION    = "2.1.3"
TUNE_FEATURES     = "arm armv5 thumb dsp"
TARGET_FPU        = "soft"
meta
meta-poky
meta-yocto-bsp    = "krogoth:1083d90888589b9f0d50a1d480f7c774d8b4bda3"
meta-raspberrypi  = "krogoth:a5f9b07a820d50ae5fb62e07306cd4e72d8638a9"
meta-tomoyo       = "krogoth:1083d90888589b9f0d50a1d480f7c774d8b4bda3"

NOTE: Fetching uninative binary shim from http://downloads.yoctoproject.org/releases/uninative/1.0.1/x86_64-nativesdk-libc.tar.bz2;sha256sum=acf1e44a0ac2e855e81da6426197d36358bf7b4e88e552ef933128498c8910f8
NOTE: Preparing RunQueue
NOTE: Executing SetScene Tasks
NOTE: Executing RunQueue Tasks
NOTE: Tasks Summary: Attempted 2100 tasks of which 10 didn't need to be rerun and all succeeded.
kumaneko@ubuntu:~/yocto/poky/build$ ls -lrtR tmp/deploy/images/
tmp/deploy/images/:
total 4
drwxrwxr-x 2 kumaneko kumaneko 4096 Nov 12 13:12 qemuarm

tmp/deploy/images/qemuarm:
total 52448
-rw-r--r-- 2 kumaneko kumaneko  4583472 Nov 12 12:53 zImage--4.4.26+git0+3030330b06_187bcc13f3-r0-qemuarm-20171112023711.bin
-rw-rw-r-- 2 kumaneko kumaneko 33145846 Nov 12 12:53 modules--4.4.26+git0+3030330b06_187bcc13f3-r0-qemuarm-20171112023711.tgz
lrwxrwxrwx 1 kumaneko kumaneko       71 Nov 12 12:53 zImage-qemuarm.bin -> zImage--4.4.26+git0+3030330b06_187bcc13f3-r0-qemuarm-20171112023711.bin
lrwxrwxrwx 1 kumaneko kumaneko       71 Nov 12 12:53 zImage -> zImage--4.4.26+git0+3030330b06_187bcc13f3-r0-qemuarm-20171112023711.bin
lrwxrwxrwx 1 kumaneko kumaneko       72 Nov 12 12:53 modules-qemuarm.tgz -> modules--4.4.26+git0+3030330b06_187bcc13f3-r0-qemuarm-20171112023711.tgz
-rw-r--r-- 2 kumaneko kumaneko      294 Nov 12 13:11 README_-_DO_NOT_DELETE_FILES_IN_THIS_DIRECTORY.txt
lrwxrwxrwx 1 kumaneko kumaneko       54 Nov 12 13:12 rpi-basic-image-qemuarm.manifest -> rpi-basic-image-qemuarm-20171112023711.rootfs.manifest
-rw-r--r-- 1 kumaneko kumaneko    17536 Nov 12 13:12 rpi-basic-image-qemuarm-20171112023711.rootfs.manifest
-rw-r--r-- 1 kumaneko kumaneko  4298536 Nov 12 13:12 rpi-basic-image-qemuarm-20171112023711.rootfs.tar.bz2
-rw-r--r-- 1 kumaneko kumaneko 17167360 Nov 12 13:12 rpi-basic-image-qemuarm-20171112023711.rootfs.ext4
lrwxrwxrwx 1 kumaneko kumaneko       50 Nov 12 13:12 rpi-basic-image-qemuarm.ext4 -> rpi-basic-image-qemuarm-20171112023711.rootfs.ext4
lrwxrwxrwx 1 kumaneko kumaneko       53 Nov 12 13:12 rpi-basic-image-qemuarm.tar.bz2 -> rpi-basic-image-qemuarm-20171112023711.rootfs.tar.bz2
kumaneko@ubuntu:~/yocto/poky/build$ tar -vvtf tmp/deploy/images/qemuarm/rpi-basic-image-qemuarm.tar.bz2 | grep tomoyo
-rwx------ root/root     10460 2017-11-12 12:52 ./sbin/tomoyo-init
-rwxr-xr-x root/root      8020 2017-11-12 12:52 ./usr/sbin/tomoyo-loadpolicy
-rwxr-xr-x root/root      5484 2017-11-12 12:52 ./usr/sbin/tomoyo-setlevel
-rwxr-xr-x root/root      5400 2017-11-12 12:52 ./usr/sbin/tomoyo-pstree
-rwxr-xr-x root/root      4668 2017-11-12 12:52 ./usr/sbin/tomoyo-domainmatch
-rwxr-xr-x root/root      4416 2017-11-12 12:52 ./usr/sbin/tomoyo-selectpolicy
-rwxr-xr-x root/root     10060 2017-11-12 12:52 ./usr/sbin/tomoyo-patternize
-rwxr-xr-x root/root     10360 2017-11-12 12:52 ./usr/sbin/tomoyo-auditd
-rwxr-xr-x root/root      5180 2017-11-12 12:52 ./usr/sbin/tomoyo-findtemp
-rwxr-xr-x root/root      8684 2017-11-12 12:52 ./usr/sbin/tomoyo-notifyd
-rwxr-xr-x root/root      3632 2017-11-12 12:52 ./usr/sbin/tomoyo-sortpolicy
-rwxr-xr-x root/root      5904 2017-11-12 12:52 ./usr/sbin/tomoyo-setprofile
-rwxr-xr-x root/root      4736 2017-11-12 12:52 ./usr/sbin/tomoyo-diffpolicy
-rwxr-xr-x root/root      8728 2017-11-12 12:52 ./usr/sbin/tomoyo-savepolicy
-rwxr-xr-x root/root     12368 2017-11-12 12:52 ./usr/sbin/tomoyo-checkpolicy
-rwxr-xr-x root/root     83492 2017-11-12 12:52 ./usr/sbin/tomoyo-editpolicy
-rwxr-xr-x root/root     12636 2017-11-12 12:52 ./usr/sbin/tomoyo-queryd
-rwxr-xr-x root/root     23112 2017-11-12 12:52 ./usr/lib/libtomoyotools.so.3.0.3
drwxr-xr-x root/root         0 2017-11-12 13:12 ./usr/lib/tomoyo/
-rwxr-xr-x root/root      4140 2017-11-12 12:52 ./usr/lib/tomoyo/audit-exec-param
-rwxr-xr-x root/root      5880 2017-11-12 12:52 ./usr/lib/tomoyo/convert-audit-log
-rwxr-xr-x root/root     45944 2017-11-12 12:52 ./usr/lib/tomoyo/init_policy
-rwxr-xr-x root/root      5252 2017-11-12 12:52 ./usr/lib/tomoyo/convert-exec-param
-rw-r--r-- root/root      1766 2017-11-12 12:52 ./usr/lib/tomoyo/README.tomoyo
-rwxr-xr-x root/root      9444 2017-11-12 12:52 ./usr/lib/tomoyo/tomoyo-editpolicy-agent
-rw-r--r-- root/root     17987 2017-11-12 12:52 ./usr/lib/tomoyo/COPYING.tomoyo
lrwxrwxrwx root/root         0 2017-11-12 13:12 ./usr/lib/libtomoyotools.so.3 -> libtomoyotools.so.3.0.3

Step 7: Running from emulator (if using Qemu for ARM)

If you built with MACHINE = "qemuarm" in conf/local.conf , you can boot using the command line shown below from the build directory.

kumaneko@ubuntu:~/yocto/poky/build$ runqemu qemuarm

Continuing with the following parameters:
KERNEL: [/home/kumaneko/yocto/poky/build/tmp/deploy/images/qemuarm/zImage-qemuarm.bin]
ROOTFS: [/home/kumaneko/yocto/poky/build/tmp/deploy/images/qemuarm/rpi-basic-image-qemuarm-20160918073412.rootfs.ext4]
FSTYPE: [ext4]
Setting up tap interface under sudo
[sudo] password for kumaneko:
Acquiring lockfile for tap0...
Running qemu-system-arm...
/home/kumaneko/yocto/poky/build/tmp/sysroots/x86_64-linux/usr/bin/qemu-system-arm -kernel /home/kumaneko/yocto/poky/build/tmp/deploy/images/qemuarm/zImage-qemuarm.bin -net nic,model=virtio -net tap,vlan=0,ifname=tap0,script=no,downscript=no -M versatilepb -drive file=/home/kumaneko/yocto/poky/build/tmp/deploy/images/qemuarm/rpi-basic-image-qemuarm-20160918073412.rootfs.ext4,if=virtio,format=raw -no-reboot -show-cursor -usb -usbdevice wacom-tablet -no-reboot -m 128 -serial mon:vc -serial null --append "root=/dev/vda rw console=ttyAMA0,115200 console=tty ip=192.168.7.2::192.168.7.1:255.255.255.0 mem=128M highres=off rootfstype=ext4 "
qemu-system-arm: unable to init msix vectors to 3
qemu-system-arm: -drive file=/home/kumaneko/yocto/poky/build/tmp/deploy/images/qemuarm/rpi-basic-image-qemuarm-20160918073412.rootfs.ext4,if=virtio,format=raw: unable to init msix vectors to 2

Step 8: Copying to micro SD card (if using Raspberry Pi 2 or Raspberry Pi 3)

If you are logged into GNOME desktop environment, partitions in a micro SD card will be automatically mounted as soon as you insert the micro SD card to host's drives, which results in data corruption when copying the image files. You can run gsettings command like below in order to prevent partitions in the micro SD card from being automatically mounted.

kumaneko@ubuntu:~/yocto/poky/build$ /usr/bin/gsettings set org.gnome.desktop.media-handling automount false

Check the device file's name for the micro SD card for Raspberry Pi using fdisk command.

Check device file's names using fdisk command before inserting the micro SD card to host's drives.

kumaneko@ubuntu:~/yocto/poky/build$ sudo fdisk -l
[sudo] password for kumaneko:

Disk /dev/sda: 107.4 GB, 107374182400 bytes
255 heads, 63 sectors/track, 13054 cylinders, total 209715200 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x00036a53

   Device Boot      Start         End      Blocks   Id  System
/dev/sda1   *        2048      499711      248832   83  Linux
/dev/sda2          501758   209713151   104605697    5  Extended
/dev/sda5          501760   209713151   104605696   8e  Linux LVM

Disk /dev/mapper/ubuntu--vg-root: 102.8 GB, 102802391040 bytes
255 heads, 63 sectors/track, 12498 cylinders, total 200785920 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x00000000

Disk /dev/mapper/ubuntu--vg-root doesn't contain a valid partition table

Disk /dev/mapper/ubuntu--vg-swap_1: 4290 MB, 4290772992 bytes
255 heads, 63 sectors/track, 521 cylinders, total 8380416 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x00000000

Disk /dev/mapper/ubuntu--vg-swap_1 doesn't contain a valid partition table

Check device file's names again using fdisk command after inserting the micro SD card to host's drives.

kumaneko@ubuntu:~/yocto/poky/build$ sudo fdisk -l

Disk /dev/sda: 107.4 GB, 107374182400 bytes
255 heads, 63 sectors/track, 13054 cylinders, total 209715200 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x00036a53

   Device Boot      Start         End      Blocks   Id  System
/dev/sda1   *        2048      499711      248832   83  Linux
/dev/sda2          501758   209713151   104605697    5  Extended
/dev/sda5          501760   209713151   104605696   8e  Linux LVM

Disk /dev/mapper/ubuntu--vg-root: 102.8 GB, 102802391040 bytes
255 heads, 63 sectors/track, 12498 cylinders, total 200785920 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x00000000

Disk /dev/mapper/ubuntu--vg-root doesn't contain a valid partition table

Disk /dev/mapper/ubuntu--vg-swap_1: 4290 MB, 4290772992 bytes
255 heads, 63 sectors/track, 521 cylinders, total 8380416 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x00000000

Disk /dev/mapper/ubuntu--vg-swap_1 doesn't contain a valid partition table

Disk /dev/sdb: 15.9 GB, 15854469120 bytes
4 heads, 32 sectors/track, 241920 cylinders, total 30965760 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0xe113be4e

   Device Boot      Start         End      Blocks   Id  System
/dev/sdb1   *        8192       90111       40960    c  W95 FAT32 (LBA)
/dev/sdb2           90112     1081343      495616   83  Linux

The device file's name recognized by inserting the micro SD card to host's drives is the name of the micro SD card. This page, hereafter, assumes device file's name for the micro SD card in the host environment is /dev/sdb .

If the micro SD card is already mounted after inserting the micro SD card to host's drives, unmount it manually. Please use umount command, for the device file will automatically disappear after unmount if you use "Eject" button on the desktop.

kumaneko@ubuntu:~/yocto/poky/build$ sudo umount /dev/sdb*

Copy an image file to the micro SD card. Files which the filename starts with rpi-basic-image- and ends with .rpi-sdimg are the image files made for writing to SD card. For example, copy like below if you built with MACHINE = "raspberrypi2" in conf/local.conf .

kumaneko@ubuntu:~/yocto/poky/build$ sudo sh -c 'cat tmp/deploy/images/raspberrypi2/rpi-basic-image-raspberrypi2.rpi-sdimg > /dev/sdb'
kumaneko@ubuntu:~/yocto/poky/build$ sync
kumaneko@ubuntu:~/yocto/poky/build$ sudo eject /dev/sdb

Remove the micro SD card after the eject command completed.

In order to verify that the image file is copied correctly, insert the micro SD card again and run fsck command. Please make sure that there is no filesystem errors.

kumaneko@ubuntu:~/yocto/poky/build$ sudo fdisk -l /dev/sdb

Disk /dev/sdb: 15.9 GB, 15854469120 bytes
4 heads, 32 sectors/track, 241920 cylinders, total 30965760 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x63c93b11

   Device Boot      Start         End      Blocks   Id  System
/dev/sdb1   *        8192       90111       40960    c  W95 FAT32 (LBA)
/dev/sdb2           90112      270335       90112   83  Linux
kumaneko@ubuntu:~/yocto/poky/build$ sudo fsck -fn /dev/sdb1
fsck from util-linux 2.20.1
fsck.fat 3.0.26 (2014-03-07)
/dev/sdb1: 35 files, 10482/20431 clusters
kumaneko@ubuntu:~/yocto/poky/build$ sudo fsck -fn /dev/sdb2
fsck from util-linux 2.20.1
e2fsck 1.42.9 (4-Feb-2014)
Pass 1: Checking inodes, blocks, and sizes
Pass 2: Checking directory structure
Pass 3: Checking directory connectivity
Pass 4: Checking reference counts
Pass 5: Checking group summary information
/dev/sdb2: 2619/22528 files (0.6% non-contiguous), 71490/90112 blocks
kumaneko@ubuntu:~/yocto/poky/build$ sudo eject /dev/sdb

Remove the micro SD card after the eject command completed.

Insert the micro SD card to Raspberry Pi 2 or Raspberry Pi 3 and power it on.

Step 9: Initializing TOMOYO Linux

Login as user root , and then initialize policy configuration by running init_policy command like below.

root@raspberrypi2:~# /usr/lib/tomoyo/init_policy
Creating policy directory... OK
Creating configuration directory... OK
Creating exception policy... OK.
Creating domain policy... OK.
Creating manager policy... OK.
Creating default profile... OK.
Creating stat policy... OK.
Creating configuration file for tomoyo-editpolicy ... OK.
Creating configuration file for tomoyo-auditd ... OK.
Creating configuration file for tomoyo-patternize ... OK.
Creating configuration file for tomoyo-notifyd ... OK.

Then, review and modify initialized policy depending on which TOMOYO Linux's functionality to use and/or which processes TOMOYO Linux should be applied.

root@raspberrypi2:~# cat /etc/tomoyo/profile.conf
PROFILE_VERSION=20110903
0-COMMENT=-----Disabled Mode-----
0-PREFERENCE={ max_audit_log=1024 max_learning_entry=2048 }
0-CONFIG={ mode=disabled grant_log=no reject_log=yes }
1-COMMENT=-----Learning Mode-----
1-PREFERENCE={ max_audit_log=1024 max_learning_entry=2048 }
1-CONFIG={ mode=learning grant_log=no reject_log=yes }
2-COMMENT=-----Permissive Mode-----
2-PREFERENCE={ max_audit_log=1024 max_learning_entry=2048 }
2-CONFIG={ mode=permissive grant_log=no reject_log=yes }
3-COMMENT=-----Enforcing Mode-----
3-PREFERENCE={ max_audit_log=1024 max_learning_entry=2048 }
3-CONFIG={ mode=enforcing grant_log=no reject_log=yes }
root@raspberrypi2:~# cat /etc/tomoyo/domain_policy.conf
<kernel>
use_profile 0
use_group 0

The "use_profile 0" line in domain_policy.conf refers the "0-CONFIG={ mode=disabled grant_log=no reject_log=yes }" line (do nothing except domain transition) in profile.conf .

If you change the "use_profile 0" line to "use_profile 1", the "1-CONFIG={ mode=learning grant_log=no reject_log=yes }" line (append access requests to policy in addition to domain transition) in profile.conf is used.

For more information, please refer to steps for regular environments.

Tips: Saving policy immediately before shutdown

tomoyo-savepolicy command can save only policy snapshot as of tomoyo-savepolicy command is executed. Therefore, if you want to save the policy snapshot immediately before shutting down, you need to run tomoyo-savepolicy command from /etc/init.d/halt and /etc/init.d/reboot like below.

root@raspberrypi2:~# cp -p /etc/init.d/halt /tmp/halt
root@raspberrypi2:~# cp -p /etc/init.d/reboot /tmp/reboot
root@raspberrypi2:~# vi /etc/init.d/halt
root@raspberrypi2:~# vi /etc/init.d/reboot
root@raspberrypi2:~# diff -u /tmp/halt /etc/init.d/halt
--- /tmp/halt
+++ /etc/init.d/halt
@@ -24,6 +24,13 @@
        hddown=""
 fi

+halt --help > /dev/null 2>&1
+mount -o remount,ro none /
+mount -o remount,rw none /
+mount -t sysfs none /sys/
+/usr/sbin/tomoyo-savepolicy
+/usr/sbin/tomoyo-savepolicy
+mount -o remount,ro none /
 halt -d -f -p $hddown

 : exit 0
root@raspberrypi2:~# diff -u /tmp/reboot /etc/init.d/reboot
--- /tmp/reboot
+++ /etc/init.d/reboot
@@ -12,4 +12,11 @@
 PATH=/sbin:/bin:/usr/sbin:/usr/bin

 echo -n "Rebooting... "
+reboot --help > /dev/null 2>&1
+mount -o remount,ro none /
+mount -o remount,rw none /
+mount -t sysfs none /sys/
+/usr/sbin/tomoyo-savepolicy
+/usr/sbin/tomoyo-savepolicy
+mount -o remount,ro none /
 reboot -d -f

Please note that since /sys/ which provides /sys/kernel/security/ for mounting securityfs is already unmounted when tomoyo-savepolicy is executed, we need to explicitly mount sysfs on /sys/ or create /sys/kernel/security/ directory. Also, since the / filesystem which is used for writing to /etc/tomoyo/ directory is already remounted as read-only, we need to explicitly remount the / filesystem as read-write.

In order to make sure that permissions needed by mount command (for remounting the / filesystem as read-only), halt command (for halting the system) and reboot command (for restarting the system) are included into the policy snapshot, respective command is executed before tomoyo-savepolicy command is executed. Likewise, in order to make sure that permissions needed by tomoyo-savepolicy command itself are included into the policy snapshot, tomoyo-savepolicy command is executed twice.

Tips: Managing policy configuration remotely

If you want to edit policy remotely, you can use tomoyo-editpolicy-agent command. You can create /etc/init.d/tomoyo-editpolicy-agent in order to automatically start tomoyo-editpolicy-agent command.

root@raspberrypi2:~# echo '#! /bin/sh' > /etc/init.d/tomoyo-editpolicy-agent
root@raspberrypi2:~# echo 'exec /usr/lib/tomoyo/tomoyo-editpolicy-agent 0.0.0.0:10000 &' >> /etc/init.d/tomoyo-editpolicy-agent
root@raspberrypi2:~# chmod 700 /etc/init.d/tomoyo-editpolicy-agent

Make /etc/init.d/tomoyo-editpolicy-agent automatically executed upon boot.

root@raspberrypi2:~# ln -s ../init.d/tomoyo-editpolicy-agent /etc/rcS.d/S60tomoyo-editpolicy-agent

Add /usr/lib/tomoyo/tomoyo-editpolicy-agent to /etc/tomoyo/manager.conf (this file contains list of programs which are permitted to modify policy).

root@raspberrypi2:~# echo /usr/lib/tomoyo/tomoyo-editpolicy-agent >> /etc/tomoyo/manager.conf

Start tomoyo-editpolicy-agent by rebooting the system. You can run commands like below if you want to manually start without rebooting the system.

root@raspberrypi2:~# echo /usr/lib/tomoyo/tomoyo-editpolicy-agent | tomoyo-loadpolicy -m
root@raspberrypi2:~# /etc/init.d/tomoyo-editpolicy-agent

If Raspberry Pi 2's IPv4 address is for example 192.168.1.3, you can run

$ /usr/sbin/tomoyo-editpolicy 192.168.1.3:10000

from the host environment in order to edit policy from the host environment. Similarly, you can run

$ /usr/sbin/tomoyo-auditd 192.168.1.3:10000

from the host environment in order to save access logs generated on Raspberry Pi 2 in the host environment. Also, you can run

$ /usr/sbin/tomoyo-savepolicy 192.168.1.3:10000 -d > /tmp/domain_policy.conf

from the host environment in order to save the content of /sys/kernel/security/tomoyo/domain_policy on Raspberry Pi 2 into /tmp/domain_policy.conf on the host environment, you can run

$ /usr/sbin/tomoyo-loadpolicy 192.168.1.3:10000 -d < /tmp/domain_policy.conf

from the host environment in order to append the content of /tmp/domain_policy.conf on the host environment to /sys/kernel/security/tomoyo/domain_policy on the Raspberry Pi 2.