feat(mei): add extension to provide Intel Management Engine drivers

Adds an extension to enable the Intel Management Engine drivers required for Intel Arc discrete GPU support. Signed-off-by: Nick Meyer <nick@e3b0c442.dev> Signed-off-by: Noel Georgi <git@frezbo.dev>
2025-08-05 22:07:14 +02:00 · 2024-07-31 07:59:36 -05:00 · 2024-07-31 07:59:36 -05:00 · c002fbaf48
commit c002fbaf48
parent ab77645a00
11 changed files with 106 additions and 9 deletions
--- a/.conform.yaml
+++ b/.conform.yaml
@ -1,6 +1,6 @@
 # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
 #
-# Generated on 2024-04-02T10:25:42Z by kres latest.
+# Generated on 2024-08-01T17:25:51Z by kres faf91e3.

 policies:
  - type: commit
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@ -1,6 +1,6 @@
 # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
 #
-# Generated on 2024-07-04T10:08:01Z by kres 8c8b007.
+# Generated on 2024-08-01T13:26:11Z by kres faf91e3.

 name: default
 concurrency:
@ -33,7 +33,7 @@ jobs:
      labels: ${{ steps.retrieve-pr-labels.outputs.result }}
    services:
      buildkitd:
-        image: moby/buildkit:v0.14.1
+        image: moby/buildkit:v0.15.0
        options: --privileged
        ports:
          - 1234:1234
@ -143,7 +143,7 @@ jobs:
      - default
    services:
      buildkitd:
-        image: moby/buildkit:v0.14.1
+        image: moby/buildkit:v0.15.0
        options: --privileged
        ports:
          - 1234:1234
--- a/.github/workflows/weekly.yaml
+++ b/.github/workflows/weekly.yaml
@ -1,6 +1,6 @@
 # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
 #
-# Generated on 2024-07-02T13:04:35Z by kres 582671e.
+# Generated on 2024-08-01T13:26:11Z by kres faf91e3.

 name: weekly
 concurrency:
@ -16,7 +16,7 @@ jobs:
      - pkgs
    services:
      buildkitd:
-        image: moby/buildkit:v0.14.1
+        image: moby/buildkit:v0.15.0
        options: --privileged
        ports:
          - 1234:1234
--- a/.kres.yaml
+++ b/.kres.yaml
@ -22,6 +22,7 @@ spec:
    - iscsi-tools
    - kata-containers
    - mdadm
+    - mei
    - nut-client
    - nvidia-container-toolkit
    - nvidia-fabricmanager
@ -53,7 +54,7 @@ spec:
      - name: EXTENSIONS_IMAGE_REF
        defaultValue: $(REGISTRY_AND_USERNAME)/extensions:$(TAG)
      - name: PKGS
-        defaultValue: v1.8.0-alpha.0-34-gce49757
+        defaultValue: v1.8.0-alpha.0-41-ga97d58f
      - name: PKGS_PREFIX
        defaultValue: ghcr.io/siderolabs
  useBldrPkgTagResolver: true
--- a/5
+++ b/5
@ -1,6 +1,6 @@
 # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
 #
-# Generated on 2024-07-04T10:11:27Z by kres 8c8b007.
+# Generated on 2024-08-01T17:25:51Z by kres faf91e3.

 # common variables

@ -48,7 +48,7 @@ COMMON_ARGS += --build-arg=PKGS_PREFIX="$(PKGS_PREFIX)"
 # extra variables

 EXTENSIONS_IMAGE_REF ?= $(REGISTRY_AND_USERNAME)/extensions:$(TAG)
-PKGS ?= v1.8.0-alpha.0-34-gce49757
+PKGS ?= v1.8.0-alpha.0-41-ga97d58f
 PKGS_PREFIX ?= ghcr.io/siderolabs

 # targets defines all the available targets
@ -73,6 +73,7 @@ TARGETS += intel-ucode
 TARGETS += iscsi-tools
 TARGETS += kata-containers
 TARGETS += mdadm
+TARGETS += mei
 TARGETS += nut-client
 TARGETS += nvidia-container-toolkit
 TARGETS += nvidia-fabricmanager
--- a/README.md
+++ b/README.md
@ -69,6 +69,7 @@ cosign verify --certificate-identity-regexp '@siderolabs\.com$' --certificate-oi
 | ------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------ | ----------------------------------------------------- |
 | [chelsio](drivers/chelsio/)          | [ghcr.io/siderolabs/chelsio-drivers](https://github.com/siderolabs/extensions/pkgs/container/chelsio-drivers)                               | Chelsio NIC drivers                  | `talos version`                                       |
 | [gasket](drivers/gasket/)            | [ghcr.io/siderolabs/gasket-driver](https://github.com/siderolabs/extensions/pkgs/container/gasket-driver)                                   | Driver for Google Coral PCIe devices | `gasket driver upstream short commit`-`talos version` |
+| [mei](drivers/mei/)                  | [ghcr.io/siderolabs/mei](https://github.com/siderolabs/extensions/pkgs/container/mei)                                            | Driver for Intel Management Engine  | `talos version`                                     |
 | [nvidia](nvidia-gpu/nvidia-modules/) | [ghcr.io/siderolabs/nvidia-open-gpu-kernel-modules](https://github.com/siderolabs/extensions/pkgs/container/nvidia-open-gpu-kernel-modules) | NVIDIA OSS Driver                    | `nvidia driver upstream version`-`talos version`      |
 | [thunderbolt](drivers/thunderbolt/)  | [ghcr.io/siderolabs/thunderbolt](https://github.com/siderolabs/extensions/pkgs/container/thunderbolt)                                       | Thunderbolt drivers                  | `talos version`                                       |
 | [usb-modem](drivers/usb-modem/)      | [ghcr.io/siderolabs/usb-modem-drivers](https://github.com/siderolabs/extensions/pkgs/container/usb-modem-drivers)                           | USB Modem drivers                    | `talos version`                                       |
--- a/drivers/mei/README.md
+++ b/drivers/mei/README.md
@ -0,0 +1,36 @@
+# mei extension
+
+## Installation
+
+See [Installing Extensions](https://github.com/siderolabs/extensions#installing-extensions).
+
+## Usage
+
+Provides:
+
+* `mei_wdt`
+* `mei_txe`
+* `mei_gsc`
+* `mei_pxp`
+* `mei_hdcp`
+* `mei_me`
+* `mei`
+
+Modules are automatically loaded.
+
+## Verifiying
+
+You can verify the modules are enabled by reading the `/proc/modules` where it _should_ show the modules are live.
+
+For example:
+
+```
+❯ talosctl -n 192.168.227.5 read /proc/modules
+mei_wdt 12288 - - Live 0xffffffffc030b000
+mei_txe 28672 - - Live 0xffffffffc02d0000
+mei_gsc 12288 - - Live 0xffffffffc0247000
+mei_pxp 12288 - - Live 0xffffffffc02d4000
+mei_hdcp 16384 - - Live 0xffffffffc02bd000
+mei_me 45056 - - Live 0xffffffffc0267000
+mei 131072 - - Live 0xffffffffc0286000
+```
--- a/drivers/mei/files/modules.txt
+++ b/drivers/mei/files/modules.txt
@ -0,0 +1,10 @@
+modules.order
+modules.builtin
+modules.builtin.modinfo
+kernel/drivers/misc/mei/hdcp/mei_hdcp.ko
+kernel/drivers/misc/mei/pxp/mei_pxp.ko
+kernel/drivers/misc/mei/mei-gsc.ko
+kernel/drivers/misc/mei/mei-me.ko
+kernel/drivers/misc/mei/mei-txe.ko
+kernel/drivers/misc/mei/mei.ko
+kernel/drivers/watchdog/mei_wdt.ko
--- a/drivers/mei/manifest.yaml
+++ b/drivers/mei/manifest.yaml
@ -0,0 +1,11 @@
+version: v1alpha1
+metadata:
+  name: mei
+  version: "$VERSION"
+  author: Nick Meyer
+  description: |
+    This system extension provides Intel Management Engine drivers kernel modules built against a specific Talos version.
+    This driver enables the Intel Management Engine, a prerequisite for Intel Arc discrete GPUs.
+  compatibility:
+    talos:
+      version: ">= v1.8.0"
--- a/drivers/mei/pkg.yaml
+++ b/drivers/mei/pkg.yaml
@ -0,0 +1,36 @@
+name: mei
+variant: scratch
+shell: /toolchain/bin/bash
+dependencies:
+  - stage: base
+  # The pkgs version for a particular release of Talos as defined in
+  # https://github.com/siderolabs/talos/blob/<talos version>/pkg/machinery/gendata/data/pkgs
+  - image: "{{ .BUILD_ARG_PKGS_PREFIX }}/kernel:{{ .BUILD_ARG_PKGS }}"
+steps:
+  - prepare:
+      - |
+        sed -i 's#$VERSION#{{ .VERSION }}#' /pkg/manifest.yaml
+
+        mkdir -p /rootfs
+  # {{ if eq .ARCH "x86_64" }} This in fact is YAML comment, but Go templating instruction is evaluated by bldr
+  - install:
+      - |
+        export KERNELRELEASE=$(find /lib/modules -type d -name "*-talos" -exec basename {} \+)
+
+        xargs -a /pkg/files/modules.txt -I {} install -D /lib/modules/${KERNELRELEASE}/{} /rootfs/lib/modules/${KERNELRELEASE}/{}
+        depmod -b /rootfs ${KERNELRELEASE}
+  - test:
+      - |
+        # https://www.kernel.org/doc/html/v4.15/admin-guide/module-signing.html#signed-modules-and-stripping
+        find /rootfs/lib/modules -name '*.ko' -exec grep -FL '~Module signature appended~' {} \+
+      - |
+        mkdir -p /extensions-validator-rootfs
+        cp -r /rootfs/ /extensions-validator-rootfs/rootfs
+        cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml
+        /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
+  # {{ end }} This in fact is YAML comment, but Go templating instruction is evaluated by bldr
+finalize:
+  - from: /rootfs
+    to: /rootfs
+  - from: /pkg/manifest.yaml
+    to: /
--- a/drivers/mei/vars.yaml
+++ b/drivers/mei/vars.yaml
@ -0,0 +1 @@
+VERSION: "{{ .BUILD_ARG_TAG }}"