diff options
| author | Patrick Williams <patrick@stwcx.xyz> | 2024-04-05 15:04:11 +0300 |
|---|---|---|
| committer | Patrick Williams <patrick@stwcx.xyz> | 2024-04-13 00:00:11 +0300 |
| commit | 03514f1996efa799e50da744818ba331c2e893b6 (patch) | |
| tree | 170526c40430aa0a3984afe0943972b499f9db97 /meta-arm | |
| parent | a55b31efd47bad0a2eece9fad6acfbfb4950b83b (diff) | |
| download | openbmc-03514f1996efa799e50da744818ba331c2e893b6.tar.xz | |
subtree updates
meta-security: 30e755c592..283a773f24:
Armin Kuster (2):
meta-security: Drop ${PYTHON_PN}
openscap: update to tip to fix new build issue.
Jeremy A. Puhlman (4):
arpwatch: fix misspelling of PACKAGECONFIG
aprwatch: Add path for sendmail
Check for usrmerge before removing /usr/lib
arpwatch: install man8 dir
Kevin Hao (4):
docs: dm-verity.txt: Fix a typo
dm-verity: Adjust the image names according to the oe-core change
dm-verity: Set the IMAGE_FSTYPES correctly when dm-verity is enabled
dm-verity-image-initramfs: Set IMAGE_NAME_SUFFIX to empty
Max Krummenacher (1):
layer.conf: Update for the scarthgap release series
Mingli Yu (1):
python3-pyinotify: Make asyncore support optional for Python 3
poky: 7165c23237..110ee701b3:
Alejandro Hernandez Samaniego (1):
python3-manifest: Sync RDEPENDS with latest version
Alexander Kanavin (11):
meson: correct upstream version check (exclude pre-releases)
cargo-c-native: convert from git fetcher to crate fetcher
cargo-c-native: update 0.9.18 -> 0.9.30
man-pages: use env from coreutils-native
sdk-manual: correctly describe separate build-sysroots tasks in direct sdk workflows
dev/ref-manual: document conf-summary.txt together with conf-notes.txt
dev-manual: improve descriptions of 'bitbake -S printdiff'
wayland: fix upstream version check by asking gitlab directly
python3: correct upstream version check
bitbake: bitbake: improve descriptions of '-S printdiff'
selftest/sstatetests: run CDN check twice, ignoring errors the first time
Alexandre Truong (1):
oeqa/selftest/devtool: fix test_devtool_add_git_style2
Anibal Limon (1):
wic: bootimg-partition allow to set var to get boot files
BELOUARGA Mohamed (1):
ref-manual: add documentation of the variable SPDX_NAMESPACE_PREFIX
Bartosz Golaszewski (1):
linux-firmware: update to 20240312
Baruch Siach (1):
oeqa/selftest/overlayfs: test read-only rootfs
Bruce Ashfield (16):
linux-yocto/6.6: cfg: generic arm64
linux-yocto/6.6: cfg: riscv XHCI
linux-yocto/6.6: update to v6.6.21
linux-yocto/6.6: update CVE exclusions (6.6.21)
linux-yocto/6.6: cfg: drop unsettable options
linux-yocto/6.6: drm/tilcdc: Set preferred depth
linux-yocto/6.6: update to v6.6.22
linux-yocto/6.6: update CVE exclusions (6.6.22)
yocto-bsps: update to v6.6.21
linux-yocto/6.6: cfg: genericarm64 platform/peripheral support
linux-yocto/6.6: cfg: genericarm64 configuration updates
linux-yocto/6.6: nftables: ptest and cleanup tweaks
linux-yocto/6.6: update to v6.6.23
linux-yocto/6.6: update CVE exclusions (6.6.23)
linux-yocto-dev: bump to v6.9
lttng-modules: update to v2.13.12
Changqing Li (1):
dnf: fix Exception handling for class ProcessLock
Chen Qi (1):
ovmf: set CVE_PRODUCT and CVE_VERSION
Christian Taedcke (1):
kernel-fitImage: only include valid compatible line
Derek Erdmann (1):
bitbake: fetch2/git: Install Git LFS in local repository config
Enrico Jörns (3):
cml1: remove needless check for write_taint attribute
cml1: prompt location of updated .config after do_menuconfig()
perf: fix TMPDIR contamination for recent mainline kernels
Enrico Scholz (1):
shadow: fix copydir operation with 'pseudo'
Felix Moessbauer (1):
bitbake: utils: better estimate number of available cpus
Harish Sadineni (3):
gcc: Oe-selftest failure analysis - fix for tcl errors
gcc: Oe-selftest failure analysis - fix for vect-simd test failures
binutils: gprofng - change use of bignum to use of bignint
Jermain Horsman (1):
bblayers/makesetup.py: Move git utility functions to oe.buildcfg module
Joe Slater (1):
systemd: enable mac based names in NamePolicy
Jose Quaresma (5):
go.bbclass: set GOPROXY
elfutils: fix unused variable BUFFER_SIZE
go: keep the patches in order
go: upgrade 1.22.1 -> 1.22.2
sstatesig: fix netrc.NetrcParseError exception
Joshua Watt (4):
sstatesig: Set hash server credentials from bitbake variables
bitbake: siggen: Add support for hashserve credentials
sstatesig: Warn on bad .netrc
bitbake: bitbake-hashclient: Warn on bad .netrc
Jörg Sommer (1):
autotools: update link in comment for cross compiling
Kevin Hao (1):
image-live.bbclass: Adjust the default value for INITRD_LIVE
Khem Raj (13):
systemd: Check for directory before chmod'ing it
llvm: Update to 18.1.1 release
elfutils: Fix build break with clang
glibc: Update to tip of 2.39 branch
pam: Fix build with musl
piglit: Switch to upstreamed patch for musl fix
qemuriscv: Fix kbd and mouse emulation for qemuriscv64
llvm: Upgrade to 18.1.2 bugfix release
glibc: Repace aarch configure patch fix with a backport
valgrind: Backport fixes from 3.22 branch
tcl: Forward port skip logic for musl ptests
readline: Apply patches from readline-8.2-patches
mesa: Drop LLVM-17 patch
Lee Chee Yang (1):
migration-guides: add release notes for 4.0.17
Marcel Ziswiler (1):
mesa: enable imagination powervr support
Markus Volk (11):
mesa: fix opencl-spirv build
vala: merge bb and inc files
vala: fix for gtk4 prior to 4.14
libsoup: enable vapi support
gsettings-desktop-schemas: update 45.0 -> 46.0
libadwaita: update 1.4.4 -> 1.5.0
gtk4: update 4.12.5 -> 4.14.1
systemd: disable mdns feature in resolved for zeroconf
webkitgtk: update 2.42.5 -> 2.44.0
gtk+3: disable wayland without opengl
epiphany: update 45.3 -> 46.0
Martin Jansa (2):
contributor-guide: be more specific about meta-* trees
pixman: explicitly disable openmp in native builds
Max Krummenacher (1):
git: git-replacement-native: depend on ca-certificate
Michael Opdenacker (8):
manuals: add initial stylechecks with Vale
profile-manual: usage.rst: formatting fixes
manuals: use "manual page(s)"
profile-manual: usage.rst: fix reference to bug report
documentation: Makefile: remove releases.rst in "make clean"
migration-guides: draft notes for upcoming release 5.0
manuals: add initial stylechecks with Vale
profile-manual: usage.rst: further style improvements
Oleh Matiusha (3):
bash: improve reproducibility
curl: improve reproducibility
gmp: improve reproducibility
Paul Barker (1):
kernel: Fix check_oldest_kernel
Peter A. Bigot (1):
bitbake: lib/bb: support NO_COLOR
Peter Kjellerstedt (1):
util-linux: Set the license for util-linux-fcntl-lock to MIT
Philippe Rivest (1):
bitbake: bitbake: fetch2/git: Escape parentheses in git src name
Quentin Schulz (1):
u-boot: fix externalsrc not triggering do_configure on defconfig changes
Randy MacLeod (1):
gstreamer: upgrade 1.22.10 -> 1.22.11
Richard Purdie (10):
poky: Update to prepare for scarthgap release
layer.conf: Prepare for release, drop nanbield LAYERSERIES
expat: Upgrade 2.6.1 -> 2.6.2
bash/flex: Ensure BUILD_FLAGS doesn't leak onto target
uninative: Add pthread linking workaround
poky-altcfg: Default to ipk packaging
util-linux: Add missing MIT license
util-linux: Add fcntl-lock
run-postinsts: Add workaround for locking deadlock issue
oeqa/sstatetests: Fix race issue
Ross Burton (22):
genericarm64.wks: reorder partitions
genericarm64: clean up kernel modules and firmware
linux-firmware: add support for deduplicating the firmware
linux-firmware: set LICENSE field for -liquidui and -mellanox
linux-firmware: remove pointless linux-firmware-gplv2-license package
curl: improve run-ptest
curl: increase test timeouts
gstreamer1.0: improve test reliability
linux-yocto: put COMPATIBLE_MACHINE first
linux-yocto: implicitly track oe-core's kernel version for genericarm64
bitbake: fetch2: handle URIs with single-valued query parameters
python3_pip517: just count wheels in the directory, not subdirectories
python-*: don't set PYPI_ARCHIVE_NAME and S when PYPI_PACKAGE is sufficient
tcl: improve run-ptest
tcl: skip I/O channel 46.1
genericarm64: add qemuboot configuration
classes/qemuboot: add depends on qemu-system-native and qemu-helper-native
README.hardware.md: fix Markdown formatting
README.hardware.md: add section on genericarm64 on qemu
glib-2.0: skip a timing sensitive ptest
openssl: fix crash on aarch64 if BTI is enabled but no Crypto instructions
curl: fix quoting when disabling flaky tests
Ryan Eatmon (1):
perf: Fix QA error due to most recent kernel
Sam Van Den Berge (1):
shadow: don't install libattr.so.* when xattr not in DISTRO_FEATURES
Sava Jakovljev (1):
bitbake: bitbake-worker: Fix bug where umask 0 was not being applied to a task
Simone Weiß (1):
gnutls: upgrade 3.8.3 -> 3.8.4
Soumya Sambu (1):
go: Upgrade 1.22.0 -> 1.22.1
Sourav Kumar Pramanik (1):
libseccomp: Add back in PTESTS_SLOW list
Sundeep KOKKONDA (1):
rust: reproducibility issue fix with v1.75
Tim Orling (2):
coreutils: drop obsolete liberror-perl RDEPENDS
liberror-perl: move to meta-perl
Timon Bergelt (1):
populate_sdk_ext.bbclass: only overwirte lsb string if uninative is used
Tom Hochstein (2):
bmaptool: Add bmap-tools runtime alias for compatibility
toolchain-shar-relocate.sh: Add check for missing command 'file'
Trevor Woerner (1):
bmaptool: update to latest
Ulrich Ölmann (1):
ref-manual: classes: update description of class 'image_types'
Viswanath Kraleti (1):
bitbake: fetch2: Fix misleading "no output" msg
Wang Mingyu (1):
libadwaita: upgrade 1.4.3 -> 1.4.4
William Lyu (1):
openssh: Add a workaround for ICE on powerpc64le
Xiangyu Chen (3):
lttng-tools: skip kernel tests if no kernel modules present
ltp: fix missing connectors tests in scenario_groups/default
lttng-tools: fix rotation-destroy-flush test fails if no kernel module present
Yang Xu (1):
bitbake: bitbake-worker: Fix silent hang issue caused by unexpected stdout content
Yannick Rodriguez (1):
linux-firmware: Move Intel 9260 modules firmware.
Yash Shinde (1):
glibc: Skip 2 qemu tests that can hang in oe-selftest
Yi Zhao (1):
libtirpc: drop redundant PACKAGECONFIG
Yoann Congal (6):
cve-update-nvd2-native: Fix typo in comment
cve-update-nvd2-native: Add an age threshold for incremental update
cve-update-nvd2-native: Remove duplicated CVE_CHECK_DB_FILE definition
cve-update-nvd2-native: nvd_request_next: Improve comment
cve-update-nvd2-native: Fix CVE configuration update
cve-update-nvd2-native: Remove rejected CVE from database
Yogesh Tyagi (1):
lttng-modules: fix v6.8+ build
david d zuhn (1):
bitbake: bitbake-worker: allow '=' in environment variable values
lixiaoyong (3):
kernel-module-split.bbclass: enhance objcopy command call for kernel compilation with llvm
utils: enhance readelf command call with llvm
oe/package: enhance objdump command call with llvm
meta-raspberrypi: 92a9b7a012..d072cc8a48:
Khem Raj (9):
linux-raspberrypi: Add recipe for 6.6 LTS kernel
bluez-firmware-rpidistro: Upgrade to 1.2-9+rpt3 release
linux-firmware-rpidistro: Upgrade to bookworm/20230625-2+rpt2
raspberrypi-firmware: Fetch using git URI
rpi-base: Add missing broadcom/ prefix to find DTB files
rpi-default-versions: Switch default kernel to 6.6
linux-raspberrypi_6.6: Bump to 6.6.22
rpi-bootfiles: Resort to github APIs for tarballs
raspberrypi-firmware: Revert to debian archive
Martin Jansa (1):
userland: fix installed-vs-shipped in multilib builds
jdavidsson (1):
rpi-base: Add hifiberry-dacplusadc overlay
meta-arm: aba9250494..d9e18ce792:
Abdellatif El Khlifi (1):
arm-bsp/corstone1000: add documentation disclaimer
Alexander Sverdlin (1):
optee-ftpm: fix EARLY_TA_PATHS passed to optee-os
Ali Can Ozaslan (4):
arm-bsp/trusted-firmware-m: corstone1000: update to 2.0
arm-bsp/trusted-services: corstone1000: Client Id adjustments after TF-M 2.0
arm/trusted-firmware-m: Change GNU Arm compiler version for TF-M 2.0
arm-bsp/trusted-firmware-a: n1sdp: update to 2.10
Anusmita Dutta Mazumder (2):
arm-bsp/n1sdp: Update scp-firmware version
arm-bsp/n1sdp: Update EDK2 version
Bence Balogh (2):
arm-bsp/u-boot: corstone1000: fix SMCCC_ARCH_FEATURES detection in the PSCI driver
arm-bsp/trusted-firmware-a: corstone1000: remove SMCCC_ARCH_FEATURES discovery workaround
Delane Brandy (1):
arm/trusted-firmware-a: fix mbedTLS version
Drew Reed (2):
kas: Corstone-1000 kas files updated
bsp: Corstone-1000 userguide updates
Emekcan Aras (2):
arm-bsp/trusted-firmware-a: Upgrade Corstone1000 to TF-A v2.10
arm/trusted-services: Add recipe for block storage service
Jon Mason (17):
README: Add information about release process and mailing list
arm/linux-yocto: remove unreferenced patch
arm/optee: disable clang due to breakage
arm-bsp/tf-a-tests: remove corstone1000 intermediate SHA
arm-bsp/tfa-tests: move n1sdp patch to platform directory
CI: update kas to 4.3.1
arm/edk2: update to 202402
arm/trusted-firmware-a: update to 2.10.2
arm/sbsa-acs: update to 7.1.4
arm/scp-firmware: update to v2.14.0
arm-toolchain/gcc-arm-none-eabi: remove 11.2
CI: reduce coverage of dev kernel
arm/sbsa-acs: remove unreferenced patch
arm-toolchain: correct UPSTREAM_CHECK
Revert "arm/rmm: Add bitbake, include and patch file for RMM firmware"
arm/sbsa-acs: use UPSTREAM_CHECK_URI for version checking
arm: use UPSTREAM_CHECK_COMMITS for git versioned recipes
Mathieu Poirier (1):
arm/rmm: Add bitbake, include and patch file for RMM firmware
Ross Burton (3):
arm arm-bsp: enable patch-status warnings
Add SECURITY.md
CI: ignore netrc warnings caused by Kas
meta-openembedded: a0237019f5..a6bcdca5b4:
Bartosz Golaszewski (1):
libgpiod: update to v2.1.1
Chad Rockey (1):
cppzmq-dev expects /usr/lib/libzmq.a
Changqing Li (1):
postgresql: fix a runtime error
Chen Qi (1):
tcprelay: fix a minor cross compilation do_configure issue
Christophe Chapuis (9):
lvgl: fix typo in lv-conf.inc
lvgl: install lv_conf.h
lvgl: remove useless FILES include
lvgl: cleanup sed instructions in lv-conf.inc
lvgl: add more variables to lv-conf.inc
lvgl: fix libdrm include
lvgl: lv-conf.inc: generalize sed instructions
lvgl: make libdrm include conditional
lvgl: cleanup sed expression
Dan McGregor (2):
python3-pylint: Update to 3.1.0
python3-pylint: Fix ptest failures
Derek Straka (1):
python3-dbus: re-add recipe with latest patches and add ptest
Etienne Cordonnier (1):
uutils-coreutils: upgrade 0.0.24 -> 0.0.25
Fathi Boudra (1):
python3-django: upgrade 4.2.10 -> 4.2.11
Guðni Már Gilbert (2):
python3-ecdsa: remove python3-pbr
python3-ecdsa: cleanup DEPENDS
Jaeyoon Jung (1):
lvgl: Set resolution prior to buffer
Joe Slater (1):
googletest: allow for shared libraries
Jose Quaresma (1):
ostree: Upgrade 2024.4 -> 2024.5
Jörg Sommer (3):
sngrep: new recipe for ncurses SIP Messages flow viewer
spandsp: new telephony DSP library
bluez-tools: New recipe for bluez5 tools
Kai Kang (2):
Packages depends on libadwaita should require distro feature opengl
thin-provisioning-tools: install binary to ${sbindir}
Khem Raj (55):
squid: Upgrade to 6.8
libosinfo: Fix build with libxml2 v2.12
xmlstarlet: Fix build with API breakage in libxml2 2.12
mariadb: Fix build with libxml2 2.12 ABI changes
libmusicbrainz: Update to tip of trunk
gnome-commander: Fix build with taglib 2.0
gnome-online-accounts: Fix build with libxml2 2.12
vlc: Upgrade to 3.0.20
netcf: Fix build with latest gnulib
php: Upgrade to 8.2.16
vlc: Fix build on 32bit x86
libtinyxml2: Extend for nativesdk
lvgl: Fix dev-elf build QA
layer.conf: Update for the scarthgap release series
dietsplash: Update and fix build with musl
frr: Upgrade to latest on 9.1 stable
frr: Fix build on newer musl
layer.conf: Prepare for release, drop nanbield LAYERSERIES
libcamera: Fix clang support patches
plocate: Fix sys/stat.h and linux/stat.h conflicts with musl
liburing: Upgrade to 2.5
openflow: Delete recipe for 1.0
openflow: Merge .inc into .bb
openflow: Fix build with musl
tracker-miners: Disable seccomp support on musl
libcamera: Fix build on musl systems
ipset: Update to 7.21
ot-daemon: Update to tip of trunk
ot-br-posix: Update to latest
wpantund: Update to latest
xfsdump: Fix build with musl >= 1.2.5
xfstests: Fix build with musl >= 1.2.5
net-snmp: Fix build with musl
rdma-core: Fix build with musl >= 1.2.5
ssmtp: Fix build with musl >= 1.2.5
autofs: Fix build with musl >= 1.2.5
lvm2: Fix build with musl 1.5.2+
sanlock: Fix build with musl >= 1.2.5
ndctl: Fix build issues seen with musl 1.2.5
sdbus-c++-libsystemd: Upgrade to 255.4 release of systemd
sdbus-c++,sdbus-c++-tools: Upgrade to 1.5.0 release
wtmpdb: Upgrade to 0.11.0 release
uftrace: Fix build with musl >= 1.2.5
fio: Upgrade to 3.36+git
i2cdev: Include libgen.h on musl
directfb: Fix build with musl >= 1.2.5
iwd: Upgrade to 2.16
minifi-cpp: Fix libsodium build on aarch64/clang
multipath-tools: Fix build with musl >= 1.2.5
aer-inject: Fix build with latest musl
aer-inject: Replace hardcoded /usr with ${prefix}
microsoft-gsl: Disable disabled-macro-expansion warning as error on clang/musl
meta-python-image-ptest: Use 2G RAM for some demanding tests
python3-pydbus: Add bash dependency for ptests
highway,libjxl: Remove -mfp16-format=ieee when using clang compiler
Leon Anavi (7):
python3-anyio: Upgrade 4.2.0 -> 4.3.0
python3-httpx: Upgrade 0.26.0 -> 0.27.0
python3-multidict: Upgrade 6.0.4 -> 6.0.5
python3-croniter: Upgrade 2.0.1 -> 2.0.3
python3-paho-mqtt: Upgrade 1.6.1 -> 2.0.0
python3-typeguard: Upgrade 4.1.5 -> 4.2.1
python3-cachetools: Upgrade 5.3.2 -> 5.3.3
Marek Vasut (14):
lvgl: Drop dialog-lvgl
lvgl: Upgrade to LVGL 9 series
lvgl: Rename lv-drivers.inc to lv-conf.inc
lvgl: Add SDL2 fullscreen mode configuration option
lvgl: Configure assertions based on DEBUG_BUILD
lvgl: Default to XRGB8888 DRM framebuffer
lvgl: Build shared library
lvgl: Replace sed patching with real patches
lvgl: Generate proper shared libraries with version suffix
lvgl: Reinstate demo configuration settings
lvgl: Update to 9.1.0
lvgl: Drop superfluous ALLOW_EMPTY
lvgl: Drop unnecessary PV append
lvgl: Deduplicate PACKAGECONFIG into lv-conf
Markus Volk (66):
mozjs-115: fix reproducibility issue
webp-pixbuf-loader: update 0.2.5 -> 0.2.7
gnome-control-center: fix reproducibility issue
gnome-disk-utility: fix reproducibility issue
gnome-settings-daemon: fix reproducibility issue
gnome-terminal: fix reproducibility issue
libvncserver: fix reproducibility issue
editorconfig-core-c: fix reproducibility issue
crossguid: fix reproducibility issue
waylandpp: fix reproducibility issue
polkit: remove unneeded workaround
gtk-vnc: fix reproducibility issue
pipewire: update 1.0.3 -> 1.0.4
mutter: remove zenity from rdepends
mutter: update 45.4 -> 46.0
gnome-shell: update 45.4 -> 46.0
gnome-settings-daemon: update 45.0 -> 46.0
gnome-software: update 45.3 -> 46.0
evince: update 45.0 -> 46.0
gnome-online-accounts: update 3.48.0 -> 3.50.0
evolution-data-server: build with webkitgtk4
folks: update 0.15.7 -> 0.15.8
gnome-control-center: update 45.3 -> 46.0
xdg-desktop-portal-gnome: update 45.1 -> 46.0
tracker: update 3.6.0 -> 3.7.0
tracker-miners: update 3.6.2 -> 3.7.0
freerdp3: add recipe
wireplumber: update 0.4.17 -> 0.5.0
tecle: update 45.0 -> 46.0
gnome-calculator: update 45.0.2 -> 46.0
gnome-session: update 45.0 -> 46.0
gnome-remote-desktop: update 45.1 -> 46.0
gnome-calendar: update 45.1 -> 46.0
libgweather4: update 4.4.0 -> 4.4.2
gtksourceview5: update 5.10.0 -> 5.12.0
gnome-control-center: use gcr4 variant
libcloudproviders: update 0.3.5 -> 0.3.6
gnome-themes-extra: build with gtk+3
gtk4mm: add recipe
gnome-system-monitor: update 45.0.1 -> 46.0
gnome-boxes: update 45.0 -> 46.0
eog: update 45.2 -> 45.3
gparted: update 1.5.0 -> 1.6.0
libgtop: update 2.41.1 -> 2.41.3
gnome-bluetooth: update 42.8 -> 46.0
gnome-text-editor: update 45.1 -> 46.0
gnome-chess: update 43.2 -> 46.0
gnome-disk-utility: update 45.0 -> 46.0
gnome-shell-extensions: update 45.2 -> 46.0
msgraph: add recipe
gvfs: update 1.52.2 -> 1.54.0
tracker-miners: drop buildpath from tracker-miner-fs-3
evolution-data-server: disable tests and examples
tracker-miners: fix reproducibility issue for landlock
file-roller: update 43.1 -> 44.0
apache2: preset mpm=prefork by default
gnome-user-share: add recipe
gnome-control-center: update 46.0 -> 46.0.1
gdm: update 45.0.1 -> 46.0
gnome-user-share: remove hardcoded paths
ghex: update 45.1 -> 46.0
libjxl: add recipe
gnome-backgrounds: add runtime depenency for libjxl
highway: add recipe
webkitgtk3: update 2.42.5 -> 2.44.0
gnome-control-center: restore Upstream-Status line
Martin Jansa (5):
unionfs-fuse, dropwatch, postgresql, yasm, multipath-tools, python3-pybind11: add missing Upstream-Status
recipes: Drop remaining PR values from recipes
freerdp3: disable shadow without x11
xfstests: upgrade to v2024.03.03
gtkmm4: add x11 to REQUIRED_DISTRO_FEATURES
Maxin John (7):
tracker: remove unused patch
openal-soft: remove unused patches
libio-pty-perl: remove unsed patch
opengl-es-cts: remove unused patch
emacs: remove unused patch
webkitgtk3: remove unused patch
python3-eth-utils: remove unused patches
Michael Heimpold (1):
ser2net: add a systemd service file
Mingli Yu (4):
gosu: Upgrade to 1.17
googletest: Pass -fPIC to CFLAGS
re2: Upgrade 2023.03.01 -> 2024.03.01
nss: Upgrade 3.74 -> 3.98
Ola x Nilsson (2):
abseil-cpp: Split so-files into separate packages
abseil-cpp: Split so-files into separate packages
Peter Kjellerstedt (3):
abseil-cpp: A little clean-up
libnice: Disable the examples and the tests
abseil-cpp: A little clean-up
Peter Marko (5):
jwt-cpp: fix cmake file install path
soci: fix buildpaths warning
libcpr: add new recipe
python3-grpcio: cleanup dependencies
microsoft-gsl: add new recipe including ptest
Petr Gotthard (2):
libmbim: Revert back to the latest stable 1.30.0
libqmi: Revert back to the latest stable 1.34.0
Randy MacLeod (2):
rsyslog: update from 8.2306.0 to 8.2402.0
nftables: Add DESCRIPTION and HOMEPAGE
Richard Purdie (2):
imagemagick/lcms/fftw: Allow nativesdk versions to exist
buildtools-imagemagick: Add new recipe
Robert P. J. Day (1):
fmt: remove unnecessary "inherit ptest" directive
Robert Yang (6):
yaffs2-utils: Upgrade to 20221209
xfsprogs: 6.5.0 -> 6.6.0
gnulib: 2018-12-18 -> 202401
thin-provisioning-tools: 1.0.9 -> 1.0.12
gperftools: 2.10 -> 2.15
freeradius: 3.0.26 -> 3.2.3
Ross Burton (1):
python3-pydantic-core: just set PYPI_PACKAGE
Sam Van Den Berge (1):
python3-aiohttp: add missing dependencies
Samuli Piippo (1):
geoclue: enable demo agent
Thomas Roos (1):
usrsctp: upgrade to latest version
Tim Orling (1):
liberror-perl: move recipe from oe-core
Tomasz Żyjewski (1):
python: python-libusb1: add recipe
Wang Mingyu (124):
bats: upgrade 1.10.0 -> 1.11.0
c-ares: upgrade 1.26.0 -> 1.27.0
ctags: upgrade 6.1.20240114.0 -> 6.1.20240225.0
dbus-cxx: upgrade 2.5.0 -> 2.5.1
ddrescue: upgrade 1.27 -> 1.28
fetchmail: upgrade 6.4.37 -> 6.4.38
libtalloc: upgrade 2.4.1 -> 2.4.2
libtdb: upgrade 1.4.9 -> 1.4.10
neatvnc: upgrade 0.7.2 -> 0.8.0
ostree: upgrade 2024.3 -> 2024.4
python3-astroid: upgrade 3.0.3 -> 3.1.0
python3-cbor2: upgrade 5.6.1 -> 5.6.2
python3-dnspython: upgrade 2.6.0 -> 2.6.1
python3-eventlet: upgrade 0.35.1 -> 0.35.2
python3-gcovr: upgrade 7.0 -> 7.2
python3-google-api-core: upgrade 2.16.2 -> 2.17.1
python3-google-api-python-client: upgrade 2.118.0 -> 2.120.0
python3-grpcio(-tools): upgrade 1.60.1 -> 1.62.0
python3-ipython: upgrade 8.21.0 -> 8.22.1
python3-pdm: upgrade 2.12.3 -> 2.12.4
python3-pymisp: upgrade 2.4.185 -> 2.4.186
python3-scrypt: upgrade 0.8.20 -> 0.8.24
python3-sentry-sdk: upgrade 1.40.4 -> 1.40.6
smarty: upgrade 4.3.4 -> 4.4.1
stunnel: upgrade 5.69 -> 5.72
abseil-cpp: upgrade 20230802.1 -> 20240116.1
dnf-plugin-tui: upgrade 1.3 -> 1.4
boost-sml: upgrade 1.1.9 -> 1.1.11
ctags: upgrade 6.1.20240225.0 -> 6.1.20240310.0
dialog: upgrade 1.3-20240101 -> 1.3-20240307
flatbuffers: upgrade 23.5.26 -> 24.3.7
gjs: upgrade 1.78.4 -> 1.80.0
hwdata: upgrade 0.379 -> 0.380
iceauth: upgrade 1.0.9 -> 1.0.10
libdnet: upgrade 1.17.0 -> 1.18.0
libopus: upgrade 1.4 -> 1.5.1
libreport: upgrade 2.17.11 -> 2.17.15
libxaw: upgrade 1.0.15 -> 1.0.16
mcelog: upgrade 196 -> 197
networkd-dispatcher: upgrade 2.1 -> 2.2.4
openlldp: upgrade 1.1.0 -> 1.1.1
opensc: upgrade 0.24.0 -> 0.25.0
pcsc-lite: upgrade 2.0.1 -> 2.0.3
python3-a2wsgi: upgrade 1.10.2 -> 1.10.4
python3-apiflask: upgrade 2.1.0 -> 2.1.1
python3-argcomplete: upgrade 3.2.2 -> 3.2.3
python3-bandit: upgrade 1.7.7 -> 1.7.8
python3-blivet: upgrade 3.8.2 -> 3.9.1
python3-blivetgui: upgrade 2.4.2 -> 2.5.0
python3-django: upgrade 5.0.2 -> 5.0.3
python3-elementpath: upgrade 4.3.0 -> 4.4.0
python3-eth-abi: upgrade 5.0.0 -> 5.0.1
python3-eth-rlp: upgrade 1.0.1 -> 2.0.0
python3-flask-migrate: upgrade 4.0.5 -> 4.0.7
python3-google-api-python-client: upgrade 2.120.0 -> 2.122.0
python3-google-auth: upgrade 2.28.1 -> 2.28.2
python3-googleapis-common-protos: upgrade 1.62.0 -> 1.63.0
python3-grpcio-tools: upgrade 1.62.0 -> 1.62.1
python3-grpcio: upgrade 1.62.0 -> 1.62.1
python3-ipython: upgrade 8.22.1 -> 8.22.2
python3-mypy: upgrade 1.8.0 -> 1.9.0
python3-pydantic: upgrade 2.6.3 -> 2.6.4
python3-pymisp: upgrade 2.4.186 -> 2.4.187
python3-pymodbus: upgrade 3.6.4 -> 3.6.6
python3-pyperf: upgrade 2.6.2 -> 2.6.3
python3-pytest-lazy-fixtures: upgrade 1.0.5 -> 1.0.6
python3-pytest-timeout: upgrade 2.2.0 -> 2.3.1
python3-requests-oauthlib: upgrade 1.3.1 -> 1.4.0
python3-sentry-sdk: upgrade 1.40.6 -> 1.42.0
python3-tox: upgrade 4.13.0 -> 4.14.1
python3-traitlets: upgrade 5.14.1 -> 5.14.2
python3-types-psutil: upgrade 5.9.5.20240205 -> 5.9.5.20240316
python3-types-python-dateutil: upgrade 2.8.19.20240106 -> 2.9.0.20240316
tcsh: upgrade 6.24.10 -> 6.24.11
thingsboard-gateway: upgrade 3.4.4 -> 3.4.5
xmessage: upgrade 1.0.6 -> 1.0.7
xrefresh: upgrade 1.0.7 -> 1.1.0
gjs: upgrade 1.80.0 -> 1.80.2
gnome-backgrounds: upgrade 45.0 -> 46.0
gnome-font-viewer: upgrade 45.0 -> 46.0
libblockdev: upgrade 3.1.0 -> 3.1.1
libdeflate: upgrade 1.19 -> 1.20
libmbim: upgrade 1.30.0 -> 1.31.2
libqmi: upgrade 1.34.0 -> 1.35.2
libtommath: upgrade 1.2.1 -> 1.3.0
mcelog: upgrade 197 -> 198
metacity: upgrade 3.50.0 -> 3.52.0
python3-asgiref: upgrade 3.7.2 -> 3.8.1
python3-blivet: upgrade 3.9.1 -> 3.9.2
python3-cassandra-driver: upgrade 3.29.0 -> 3.29.1
python3-djangorestframework: upgrade 3.14.0 -> 3.15.1
python3-eth-rlp: upgrade 2.0.0 -> 2.1.0
python3-eventlet: upgrade 0.35.2 -> 0.36.1
python3-filelock: upgrade 3.13.1 -> 3.13.3
python3-flask-marshmallow: upgrade 1.2.0 -> 1.2.1
python3-flatbuffers: upgrade 24.3.7 -> 24.3.25
python3-google-api-core: upgrade 2.17.1 -> 2.18.0
python3-google-api-python-client: upgrade 2.122.0 -> 2.124.0
python3-google-auth: upgrade 2.28.2 -> 2.29.0
python3-graphviz: upgrade 0.20.1 -> 0.20.3
python3-gspread: upgrade 6.0.2 -> 6.1.0
python3-jdatetime: upgrade 4.1.1 -> 5.0.0
python3-pdm: upgrade 2.12.4 -> 2.13.2
python3-pyasn1-modules: upgrade 0.3.0 -> 0.4.0
python3-pymisp: upgrade 2.4.187 -> 2.4.188
python3-pytest-asyncio: upgrade 0.23.5 -> 0.23.6
python3-pytest-cov: upgrade 4.1.0 -> 5.0.0
python3-pytest-lazy-fixtures: upgrade 1.0.6 -> 1.0.7
python3-pywbem: upgrade 1.6.2 -> 1.6.3
python3-pywbemtools: upgrade 1.2.0 -> 1.2.1
python3-pyzstd: upgrade 0.15.9 -> 0.15.10
python3-requests-oauthlib: upgrade 1.4.0 -> 2.0.0
python3-sentry-sdk: upgrade 1.42.0 -> 1.44.0
python3-socketio: upgrade 5.11.1 -> 5.11.2
python3-thrift: upgrade 0.16.0 -> 0.20.0
python3-tox: upgrade 4.14.1 -> 4.14.2
python3-web3: upgrade 6.15.1 -> 6.16.0
st: upgrade 0.9 -> 0.9.1
thingsboard-gateway: upgrade 3.4.5 -> 3.4.6
thrift: upgrade 0.19.0 -> 0.20.0
tracker-miners: upgrade 3.7.0 -> 3.7.1
tracker: upgrade 3.7.0 -> 3.7.1
wireshark: upgrade 4.2.3 -> 4.2.4
wolfssl: upgrade 5.6.6 -> 5.7.0
William Lyu (3):
nftables: Fix ptest output format issues
nftables: Fix ShellCheck violations in ptest wrapper script "run-ptest"
nftables: Fix failed ptest testcases
Yi Zhao (13):
netplan: upgrade 0.106 -> 1.0
networkmanager: 1.44.0 -> 1.46.0
postfix: upgrade 3.8.5 -> 3.8.6
net-snmp: upgrade 5.9.3 -> 5.9.4
cryptsetup: upgrade 2.7.0 -> 2.7.1
samba: upgrade 4.19.4 -> 4.19.5
civetweb: remove buildpaths from civetweb-targets.cmake
minifi-cpp: upgrade 0.7.0 -> 0.15.0
openvpn: upgrade 2.6.9 -> 2.6.10
rocksdb: upgrade 7.9.2 -> 9.0.0
audit: upgrade 4.0 -> 4.0.1
netplan: add missing config directory
strongswan: upgrade 5.9.13 -> 5.9.14
alperak (15):
python3-icecream: add recipe
python3-invoke: add recipe
python3-traitlets: add ptest and update runtime dependencies
python3-google-auth-oauthlib: add ptest
python3-tomli-w: added recipe which is also include ptest
python3-pytest-localserver: added recipe which is also include ptest
python3-responses: add recipe
python3-google-auth: add ptest and update runtime dependencies
remove obsolete PIP_INSTALL_PACKAGE and PIP_INSTALL_DIST_PATH
python3-a2wsgi: added recipe which is also include ptest
python3-httptools: added recipe which is also include ptest
python3-wsproto: Add recipe
python3-portalocker: enable ptest
python3-validators: upgrade 0.22.0 > 0.24.0 and enable ptest
python3-pydbus: Drop ${PYTHON_PN}
chenheyun (1):
aer-inject:add new recipe
Change-Id: I3cf0e5c87ecdfa18c35d318cb64c0e6559348618
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Diffstat (limited to 'meta-arm')
77 files changed, 992 insertions, 871 deletions
diff --git a/meta-arm/.gitlab-ci.yml b/meta-arm/.gitlab-ci.yml index 15cf4ecdbb..d6ac361470 100644 --- a/meta-arm/.gitlab-ci.yml +++ b/meta-arm/.gitlab-ci.yml @@ -1,4 +1,4 @@ -image: ${MIRROR_GHCR}/siemens/kas/kas:4.0 +image: ${MIRROR_GHCR}/siemens/kas/kas:4.3.1 variables: # These are needed as the k8s executor doesn't respect the container @@ -186,56 +186,66 @@ qemu-generic-arm64: extends: .build parallel: matrix: - - KERNEL: [linux-yocto, linux-yocto-dev, linux-yocto-rt] + - KERNEL: [linux-yocto, linux-yocto-rt] TOOLCHAINS: [gcc, clang] TESTING: testimage + - KERNEL: linux-yocto-dev + TESTING: testimage qemuarm64-secureboot: extends: .build parallel: matrix: - - KERNEL: [linux-yocto, linux-yocto-dev, linux-yocto-rt] + - KERNEL: [linux-yocto, linux-yocto-rt] TOOLCHAINS: [gcc, clang] TCLIBC: [glibc, musl] TS: [none, qemuarm64-secureboot-ts] TESTING: testimage + - KERNEL: linux-yocto-dev + TESTING: testimage qemuarm64: extends: .build parallel: matrix: - DISTRO: poky - KERNEL: [linux-yocto, linux-yocto-dev, linux-yocto-rt] + KERNEL: [linux-yocto, linux-yocto-rt] TOOLCHAINS: [gcc, clang] FIRMWARE: [u-boot, edk2] TESTING: testimage - DISTRO: poky-tiny TESTING: testimage - VIRT: xen + - KERNEL: linux-yocto-dev + TESTING: testimage qemuarm-secureboot: extends: .build parallel: matrix: - - KERNEL: [linux-yocto, linux-yocto-dev, linux-yocto-rt] + - KERNEL: [linux-yocto, linux-yocto-rt] TOOLCHAINS: [gcc, clang] TCLIBC: [glibc, musl] TESTING: testimage - TOOLCHAINS: external-gccarm TESTING: testimage + - KERNEL: linux-yocto-dev + TESTING: testimage qemuarm: extends: .build parallel: matrix: - DISTRO: poky - KERNEL: [linux-yocto, linux-yocto-dev, linux-yocto-rt] + KERNEL: [linux-yocto, linux-yocto-rt] TOOLCHAINS: [gcc, clang] FIRMWARE: [u-boot, edk2] TESTING: testimage - DISTRO: poky-tiny TESTING: testimage - VIRT: xen + - KERNEL: linux-yocto-dev + TESTING: testimage qemuarmv5: extends: .build diff --git a/meta-arm/README.md b/meta-arm/README.md index 82c326de7e..e77e5acd9d 100644 --- a/meta-arm/README.md +++ b/meta-arm/README.md @@ -29,6 +29,13 @@ Other Directories This directory contains scripts used in running the CI tests +Mailing List +------------ +To interact with the meta-arm developer community, please email the meta-arm mailing list at meta-arm@lists.yoctoproject.org +Currently, it is configured to only allow emails to members from those subscribed. +To subscribe to the meta-arm mailing list, please go to +https://lists.yoctoproject.org/g/meta-arm + Contributing ------------ Currently, we only accept patches from the meta-arm mailing list. For general @@ -49,6 +56,13 @@ The component being changed in the shortlog should be prefixed with the layer na arm-toolchain/gcc: enable foobar v2 +Releases and Release Schedule +-------------- +We follow the Yocto Project release methodology, schedule, and stable/LTS support timelines. For more information on these, please reference: +https://docs.yoctoproject.org/ref-manual/release-process.html +https://wiki.yoctoproject.org/wiki/Releases +https://wiki.yoctoproject.org/wiki/Stable_Release_and_LTS + Reporting bugs -------------- E-mail meta-arm@lists.yoctoproject.org with the error encountered and the steps diff --git a/meta-arm/SECURITY.md b/meta-arm/SECURITY.md new file mode 100644 index 0000000000..0fa6cbcd3d --- /dev/null +++ b/meta-arm/SECURITY.md @@ -0,0 +1,37 @@ +# Reporting vulnerabilities + +Arm takes security issues seriously and welcomes feedback from researchers and +the security community in order to improve the security of its products and +services. We operate a coordinated disclosure policy for disclosing +vulnerabilities and other security issues. + +Security issues can be complex and one single timescale doesn't fit all +circumstances. We will make best endeavours to inform you when we expect +security notifications and fixes to be available and facilitate coordinated +disclosure when notifications and patches/mitigations are available. + + +## How to Report a Potential Vulnerability? + +If you would like to report a public issue (for example, one with a released CVE +number), please contact the meta-arm mailing list at +meta-arm@lists.yoctoproject.org and arm-security@arm.com. + +If you are dealing with a not-yet released or urgent issue, please send a mail +to the maintainers (see README.md) and arm-security@arm.com, including as much +detail as possible. Encrypted emails using PGP are welcome. + +For more information, please visit https://developer.arm.com/support/arm-security-updates/report-security-vulnerabilities. + + +## Branches maintained with security fixes + +meta-arm follows the Yocto release model, so see +[https://wiki.yoctoproject.org/wiki/Stable_Release_and_LTS Stable release and +LTS] for detailed info regarding the policies and maintenance of stable +branches. + +The [https://wiki.yoctoproject.org/wiki/Releases Release page] contains a list of all +releases of the Yocto Project. Versions in grey are no longer actively maintained with +security patches, but well-tested patches may still be accepted for them for +significant issues. diff --git a/meta-arm/ci/check-warnings b/meta-arm/ci/check-warnings index 89ae955dfe..cdf84aafb9 100755 --- a/meta-arm/ci/check-warnings +++ b/meta-arm/ci/check-warnings @@ -7,7 +7,7 @@ set -e -u LOGFILE=$1 -LINES=$(grep --invert-match "attempting MIRRORS if available" $LOGFILE | wc -l) +LINES=$(sed -e "/attempting MIRRORS if available/d" -e "/Error parsing .*netrc:/d" $LOGFILE | wc -l) if test "$LINES" -ne 0; then echo ============================== echo The build had warnings/errors: diff --git a/meta-arm/ci/corstone1000-common.yml b/meta-arm/ci/corstone1000-common.yml index 4c71517651..7fe9e8793a 100644 --- a/meta-arm/ci/corstone1000-common.yml +++ b/meta-arm/ci/corstone1000-common.yml @@ -4,44 +4,7 @@ header: - ci/base.yml - ci/meta-openembedded.yml - ci/meta-secure-core.yml - -local_conf_header: - extrapackages: | - # Intentionally blank to prevent perf from being added to the image in base.yml - - firmwarebuild: | - # Only needed as kas doesn't add it automatically unless you have 2 targets in seperate configs - BBMULTICONFIG ?= "firmware" - - distrosetup: | - DISTRO_FEATURES = "usbhost ipv4" - - initramfsetup: | - # Telling the build system which image is responsible of the generation of the initramfs rootfs - INITRAMFS_IMAGE_BUNDLE:firmware = "1" - INITRAMFS_IMAGE:firmware ?= "core-image-minimal" - IMAGE_FSTYPES:firmware:pn-core-image-minimal = "${INITRAMFS_FSTYPES}" - IMAGE_NAME_SUFFIX:firmware = "" - - # enable mdev/busybox for init - INIT_MANAGER:firmware = "mdev-busybox" - VIRTUAL-RUNTIME_init_manager:firmware = "busybox" - - # prevent the kernel image from being included in the intramfs rootfs - PACKAGE_EXCLUDE:firmware += "kernel-image-*" - - # Disable openssl in kmod to shrink the initramfs size - PACKAGECONFIG:remove:firmware:pn-kmod = "openssl" - - imageextras: | - # Don't include kernel binary in rootfs /boot path - RRECOMMENDS:${KERNEL_PACKAGE_NAME}-base = "" - - # all optee packages - CORE_IMAGE_EXTRA_INSTALL += "optee-client" - - # TS PSA API tests commands for crypto, its, ps and iat - CORE_IMAGE_EXTRA_INSTALL += "packagegroup-ts-tests-psa" + - kas/corstone1000-image-configuration.yml target: - core-image-minimal diff --git a/meta-arm/ci/corstone1000-firmware-only.yml b/meta-arm/ci/corstone1000-firmware-only.yml index 9cc4299a8e..8af0146a3d 100644 --- a/meta-arm/ci/corstone1000-firmware-only.yml +++ b/meta-arm/ci/corstone1000-firmware-only.yml @@ -1,24 +1,8 @@ --- header: version: 14 - -local_conf_header: - rescuebuild: | - # Need to ensure the rescue linux options are selected - OVERRIDES .= ":firmware" - - # Need to ensure we build with a small libc - TCLIBC="musl" - - mass-storage: | - # Ensure the Mass Storage device is absent - FVP_CONFIG[board.msd_mmc.p_mmc_file] = "invalid.dat" - - test-configuration: | - TEST_SUITES = "_qemutiny ping" - # Remove Dropbear SSH as it will not fit into the corstone1000 image. - IMAGE_FEATURES:remove = "ssh-server-dropbear" - CORE_IMAGE_EXTRA_INSTALL:remove = "ssh-pregen-hostkeys" + includes: + - kas/corstone1000-firmware-only.yml target: - corstone1000-flash-firmware-image diff --git a/meta-arm/ci/toolchains.yml b/meta-arm/ci/toolchains.yml index 9b63bf2850..056269b2bd 100644 --- a/meta-arm/ci/toolchains.yml +++ b/meta-arm/ci/toolchains.yml @@ -16,5 +16,3 @@ target: - nativesdk-gcc-aarch64-none-elf - gcc-arm-none-eabi - nativesdk-gcc-arm-none-eabi - - gcc-arm-none-eabi-11.2 - - nativesdk-gcc-arm-none-eabi-11.2 diff --git a/meta-arm/kas/corstone1000-base.yml b/meta-arm/kas/corstone1000-base.yml index 1ab65455f4..a8b986030b 100644 --- a/meta-arm/kas/corstone1000-base.yml +++ b/meta-arm/kas/corstone1000-base.yml @@ -1,14 +1,11 @@ header: version: 14 -env: - DISPLAY: "" - -distro: poky-tiny +distro: poky defaults: repos: - branch: nanbield + branch: master repos: meta-arm: @@ -19,14 +16,14 @@ repos: poky: url: https://git.yoctoproject.org/git/poky - commit: 2e9c2a2381105f1306bcbcb54816cbc5d8110eff + # commit: 2e9c2a2381105f1306bcbcb54816cbc5d8110eff layers: meta: meta-poky: meta-openembedded: url: https://git.openembedded.org/meta-openembedded - commit: 1750c66ae8e4268c472c0b2b94748a59d6ef866d + # commit: 1750c66ae8e4268c472c0b2b94748a59d6ef866d layers: meta-oe: meta-python: @@ -34,15 +31,17 @@ repos: meta-secure-core: url: https://github.com/wind-river/meta-secure-core.git - commit: e29165a1031dcf601edbed1733cedd64826672a5 + # commit: e29165a1031dcf601edbed1733cedd64826672a5 layers: - meta: + meta-secure-core-common: meta-signing-key: meta-efi-secure-boot: local_conf_header: base: | CONF_VERSION = "2" + + setup: | PACKAGE_CLASSES = "package_ipk" BB_NUMBER_THREADS ?= "16" PARALLEL_MAKE ?= "-j16" @@ -51,4 +50,4 @@ local_conf_header: machine: unset target: - - corstone1000-image + - corstone1000-flash-firmware-image diff --git a/meta-arm/kas/corstone1000-firmware-only.yml b/meta-arm/kas/corstone1000-firmware-only.yml new file mode 100644 index 0000000000..f16403676c --- /dev/null +++ b/meta-arm/kas/corstone1000-firmware-only.yml @@ -0,0 +1,21 @@ +--- +header: + version: 14 + +local_conf_header: + firmwarebuild: | + # Need to ensure the rescue linux options are selected + OVERRIDES .= ":firmware" + + # Need to ensure we build with a small libc + TCLIBC="musl" + + mass-storage: | + # Ensure the Mass Storage device is absent + FVP_CONFIG[board.msd_mmc.p_mmc_file] = "invalid.dat" + + test-configuration: | + TEST_SUITES = "_qemutiny ping" + # Remove Dropbear SSH as it will not fit into the corstone1000 image. + IMAGE_FEATURES:remove = "ssh-server-dropbear" + CORE_IMAGE_EXTRA_INSTALL:remove = "ssh-pregen-hostkeys" diff --git a/meta-arm/kas/corstone1000-fvp.yml b/meta-arm/kas/corstone1000-fvp.yml index abf40703fc..0d6d5feeed 100644 --- a/meta-arm/kas/corstone1000-fvp.yml +++ b/meta-arm/kas/corstone1000-fvp.yml @@ -2,15 +2,22 @@ header: version: 14 includes: - kas/corstone1000-base.yml + - kas/corstone1000-image-configuration.yml + - kas/corstone1000-firmware-only.yml - kas/fvp-eula.yml -machine: corstone1000-fvp +env: + DISPLAY: + WAYLAND_DISPLAY: + XAUTHORITY: local_conf_header: - fvp-config: | - # Remove Dropbear SSH as it will not fit into the corstone1000 image. - IMAGE_FEATURES:remove = " ssh-server-dropbear" - INHERIT += "fvpboot" + testimagefvp: | + LICENSE_FLAGS_ACCEPTED += "Arm-FVP-EULA" + IMAGE_CLASSES += "fvpboot" + + mass-storage: | + # Ensure the Mass Storage device is absent + FVP_CONFIG[board.msd_mmc.p_mmc_file] = "invalid.dat" -target: - - corstone1000-image +machine: corstone1000-fvp diff --git a/meta-arm/kas/corstone1000-image-configuration.yml b/meta-arm/kas/corstone1000-image-configuration.yml new file mode 100644 index 0000000000..2b2852230b --- /dev/null +++ b/meta-arm/kas/corstone1000-image-configuration.yml @@ -0,0 +1,40 @@ +header: + version: 14 + +local_conf_header: + extrapackages: | + # Intentionally blank to prevent perf from being added to the image in base.yml + + firmwarebuild: | + # Only needed as kas doesn't add it automatically unless you have 2 targets in seperate configs + BBMULTICONFIG ?= "firmware" + + distrosetup: | + DISTRO_FEATURES = "usbhost ipv4" + + initramfsetup: | + # Telling the build system which image is responsible of the generation of the initramfs rootfs + INITRAMFS_IMAGE_BUNDLE:firmware = "1" + INITRAMFS_IMAGE:firmware ?= "core-image-minimal" + IMAGE_FSTYPES:firmware:pn-core-image-minimal = "${INITRAMFS_FSTYPES}" + IMAGE_NAME_SUFFIX:firmware = "" + + # enable mdev/busybox for init + INIT_MANAGER:firmware = "mdev-busybox" + VIRTUAL-RUNTIME_init_manager:firmware = "busybox" + + # prevent the kernel image from being included in the intramfs rootfs + PACKAGE_EXCLUDE:firmware += "kernel-image-*" + + # Disable openssl in kmod to shrink the initramfs size + PACKAGECONFIG:remove:firmware:pn-kmod = "openssl" + + imageextras: | + # Don't include kernel binary in rootfs /boot path + RRECOMMENDS:${KERNEL_PACKAGE_NAME}-base = "" + + # all optee packages + CORE_IMAGE_EXTRA_INSTALL += "optee-client" + + # TS PSA API tests commands for crypto, its, ps and iat + CORE_IMAGE_EXTRA_INSTALL += "packagegroup-ts-tests-psa" diff --git a/meta-arm/kas/corstone1000-mps3.yml b/meta-arm/kas/corstone1000-mps3.yml index 7d63a185af..30f465a233 100644 --- a/meta-arm/kas/corstone1000-mps3.yml +++ b/meta-arm/kas/corstone1000-mps3.yml @@ -2,5 +2,7 @@ header: version: 14 includes: - kas/corstone1000-base.yml + - kas/corstone1000-image-configuration.yml + - kas/corstone1000-firmware-only.yml machine: corstone1000-mps3 diff --git a/meta-arm/meta-arm-bsp/conf/layer.conf b/meta-arm/meta-arm-bsp/conf/layer.conf index 543b8c23a7..9013d11f8a 100644 --- a/meta-arm/meta-arm-bsp/conf/layer.conf +++ b/meta-arm/meta-arm-bsp/conf/layer.conf @@ -24,3 +24,5 @@ BBFILES_DYNAMIC += " \ meta-arm-systemready:${LAYERDIR}/dynamic-layers/meta-arm-systemready/*/*/*.bb \ meta-arm-systemready:${LAYERDIR}/dynamic-layers/meta-arm-systemready/*/*/*.bbappend \ " + +WARN_QA:append:layer-meta-arm-bsp = " patch-status" diff --git a/meta-arm/meta-arm-bsp/conf/machine/include/corstone1000.inc b/meta-arm/meta-arm-bsp/conf/machine/include/corstone1000.inc index 8d79342617..a82d007649 100644 --- a/meta-arm/meta-arm-bsp/conf/machine/include/corstone1000.inc +++ b/meta-arm/meta-arm-bsp/conf/machine/include/corstone1000.inc @@ -3,11 +3,11 @@ require conf/machine/include/arm/armv8a/tune-cortexa35.inc MACHINEOVERRIDES =. "corstone1000:" # TF-M -PREFERRED_VERSION_trusted-firmware-m ?= "1.8.%" +PREFERRED_VERSION_trusted-firmware-m ?= "2.0.%" # TF-A TFA_PLATFORM = "corstone1000" -PREFERRED_VERSION_trusted-firmware-a ?= "2.9.%" +PREFERRED_VERSION_trusted-firmware-a ?= "2.10.%" PREFERRED_VERSION_tf-a-tests ?= "2.8.%" TFA_BL2_BINARY = "bl2-corstone1000.bin" diff --git a/meta-arm/meta-arm-bsp/conf/machine/n1sdp.conf b/meta-arm/meta-arm-bsp/conf/machine/n1sdp.conf index 12b22cecde..662cf62c04 100644 --- a/meta-arm/meta-arm-bsp/conf/machine/n1sdp.conf +++ b/meta-arm/meta-arm-bsp/conf/machine/n1sdp.conf @@ -27,7 +27,7 @@ MACHINE_ESSENTIAL_EXTRA_RDEPENDS += "linux-firmware-rtl8168" # TF-A EXTRA_IMAGEDEPENDS += "trusted-firmware-a" TFA_PLATFORM = "n1sdp" -PREFERRED_VERSION_trusted-firmware-a ?= "2.9.%" +PREFERRED_VERSION_trusted-firmware-a ?= "2.10.%" PREFERRED_VERSION_tf-a-tests ?= "2.10.%" # SCP @@ -35,7 +35,7 @@ EXTRA_IMAGEDEPENDS += "virtual/control-processor-firmware" #UEFI EDK2 firmware EXTRA_IMAGEDEPENDS += "edk2-firmware" -PREFERRED_VERSION_edk2-firmware ?= "202305" +PREFERRED_VERSION_edk2-firmware ?= "202311" #optee PREFERRED_VERSION_optee-os ?= "4.1.%" diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/images/ExternalFlash.png b/meta-arm/meta-arm-bsp/documentation/corstone1000/images/ExternalFlash.png Binary files differindex 399f87568f..578f038996 100644 --- a/meta-arm/meta-arm-bsp/documentation/corstone1000/images/ExternalFlash.png +++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/images/ExternalFlash.png diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/index.rst b/meta-arm/meta-arm-bsp/documentation/corstone1000/index.rst index 8626c42c2b..cbe78c5d27 100644 --- a/meta-arm/meta-arm-bsp/documentation/corstone1000/index.rst +++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/index.rst @@ -1,11 +1,21 @@ .. - # Copyright (c) 2022, Arm Limited. + # Copyright (c) 2022, 2024, Arm Limited. # # SPDX-License-Identifier: MIT -################ -ARM Corstone1000 -################ +################# +Arm Corstone-1000 +################# + +************************* +Disclaimer +************************* + +Arm reference solutions are Arm public example software projects that track and +pull upstream components, incorporating their respective security fixes +published over time. Arm partners are responsible for ensuring that the +components they use contain all the required security fixes, if and when they +deploy a product derived from Arm reference solutions. .. toctree:: :maxdepth: 1 diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/user-guide.rst b/meta-arm/meta-arm-bsp/documentation/corstone1000/user-guide.rst index a308e42302..dc1d10233f 100644 --- a/meta-arm/meta-arm-bsp/documentation/corstone1000/user-guide.rst +++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/user-guide.rst @@ -1,5 +1,5 @@ .. - # Copyright (c) 2022-2023, Arm Limited. + # Copyright (c) 2022-2024, Arm Limited. # # SPDX-License-Identifier: MIT @@ -152,7 +152,7 @@ commands to build the stack. kas version 4 is required. To install kas, run: pip3 install kas -If 'kas' command is not found in command-line, please make sure the user installation directories are visible on $PATH. If you have sudo rights, try 'sudo pip3 install kas'. +If 'kas' command is not found in command-line, please make sure the user installation directories are visible on $PATH. If you have sudo rights, try 'sudo pip3 install kas'. In the top directory of the workspace ``<_workspace>``, run: @@ -171,7 +171,7 @@ the EULA at https://developer.arm.com/downloads/-/arm-ecosystem-fvps/eula by setting the ARM_FVP_EULA_ACCEPT environment variable as follows: :: - + export ARM_FVP_EULA_ACCEPT="True" then run: @@ -189,12 +189,12 @@ Once the build is successful, all output binaries will be placed in the followin - ``<_workspace>/build/tmp/deploy/images/corstone1000-mps3/`` folder for FPGA build. Everything apart from the Secure Enclave ROM firmware and External System firmware, is bundled into a single binary, the -``corstone1000-image-corstone1000-{mps3,fvp}.wic`` file. +``corstone1000-flash-firmware-image-corstone1000-{mps3,fvp}.wic`` file. The output binaries run in the Corstone-1000 platform are the following: - The Secure Enclave ROM firmware: ``<_workspace>/build/tmp/deploy/images/corstone1000-{mps3,fvp}/bl1.bin`` - The External System firmware: ``<_workspace>/build/tmp/deploy/images/corstone1000-{mps3,fvp}/es_flashfw.bin`` - - The flash image: ``<_workspace>/build/tmp/deploy/images/corstone1000-{mps3,fvp}/corstone1000-image-corstone1000-{mps3,fvp}.wic`` + - The flash image: ``<_workspace>/build/tmp/deploy/images/corstone1000-{mps3,fvp}/corstone1000-flash-firmware-image-corstone1000-{mps3,fvp}.wic`` Flash the firmware image on FPGA -------------------------------- @@ -252,17 +252,17 @@ stack can be seen below; [IMAGES] TOTALIMAGES: 3 ;Number of Images (Max: 32) - + IMAGE0PORT: 1 IMAGE0ADDRESS: 0x00_0000_0000 IMAGE0UPDATE: RAM IMAGE0FILE: \SOFTWARE\bl1.bin - + IMAGE1PORT: 0 IMAGE1ADDRESS: 0x00_0000_0000 IMAGE1UPDATE: AUTOQSPI IMAGE1FILE: \SOFTWARE\cs1000.bin - + IMAGE2PORT: 2 IMAGE2ADDRESS: 0x00_0000_0000 IMAGE2UPDATE: RAM @@ -273,7 +273,7 @@ OUTPUT_DIR = ``<_workspace>/build/tmp/deploy/images/corstone1000-mps3`` 1. Copy ``bl1.bin`` from OUTPUT_DIR directory to SOFTWARE directory of the FPGA bundle. 2. Copy ``es_flashfw.bin`` from OUTPUT_DIR directory to SOFTWARE directory of the FPGA bundle and rename the binary to ``es0.bin``. -3. Copy ``corstone1000-image-corstone1000-mps3.wic`` from OUTPUT_DIR directory to SOFTWARE +3. Copy ``corstone1000-flash-firmware-image-corstone1000-mps3.wic`` from OUTPUT_DIR directory to SOFTWARE directory of the FPGA bundle and rename the wic image to ``cs1000.bin``. **NOTE:** Renaming of the images are required because MCC firmware has @@ -337,7 +337,7 @@ The latest supported Fixed Virtual Platform (FVP) version is 11_23.25 and is aut :: -<_workspace>/meta-arm/scripts/runfvp <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.fvpconf -- --version + kas shell meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml -c "../meta-arm/scripts/runfvp -- --version" The FVP can also be manually downloaded from the `Arm Ecosystem FVPs`_ page. On this page, navigate to "Corstone IoT FVPs" section to download the Corstone-1000 platform FVP installer. Follow the @@ -347,7 +347,7 @@ To run the FVP using the runfvp command, please run the following command: :: -<_workspace>/meta-arm/scripts/runfvp --terminals=xterm <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.fvpconf + kas shell meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml -c "../meta-arm/scripts/runfvp --terminals=xterm" When the script is executed, three terminal instances will be launched, one for the boot processor (aka Secure Enclave) processing element and two for the Host processing element. Once the FVP is @@ -488,7 +488,7 @@ the 2nd MMC card image. :: - <_workspace>/meta-arm/scripts/runfvp <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.fvpconf -- -C board.msd_mmc.p_mmc_file="${<path-to-img>/ir_acs_live_image.img}" -C board.msd_mmc_2.p_mmc_file="${<path-to-img>/corstone1000-efi-partition.img}" + kas shell meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml -c "../meta-arm/scripts/runfvp -- -C board.msd_mmc.p_mmc_file="${<path-to-img>/ir_acs_live_image.img}" -C board.msd_mmc_2.p_mmc_file="${<path-to-img>/corstone1000-efi-partition.img}" Clean Secure Flash Before Testing (applicable to FPGA only) =========================================================== @@ -510,7 +510,7 @@ boot. Run following commands to build such image. Replace the bl1.bin and cs1000.bin files on the SD card with following files: - The ROM firmware: <_workspace>/build/tmp/deploy/images/corstone1000-mps3/bl1.bin - - The flash image: <_workspace>/build/tmp/deploy/images/corstone1000-mps3/corstone1000-image-corstone1000-mps3.wic + - The flash image: <_workspace>/build/tmp/deploy/images/corstone1000-mps3/corstone1000-flash-firmware-image-corstone1000-mps3.wic Now reboot the board. This step erases the Corstone-1000 SecureEnclave flash completely, the user should expect following message from TF-M log (can be seen @@ -626,7 +626,7 @@ SD cards. unxz ${<path-to-img>/ir-acs-live-image-generic-arm64.wic.xz} - <_workspace>/meta-arm/scripts/runfvp --terminals=xterm <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.fvpconf -- -C board.msd_mmc.p_mmc_file=<path-to-img>/ir-acs-live-image-generic-arm64.wic -C board.msd_mmc_2.p_mmc_file="${<path-to-img>/corstone1000-efi-partition.img}" + kas shell meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml -c "../meta-arm/scripts/runfvp --terminals=xterm -- -C board.msd_mmc.p_mmc_file=<path-to-img>/ir-acs-live-image-generic-arm64.wic -C board.msd_mmc_2.p_mmc_file="${<path-to-img>/corstone1000-efi-partition.img}" The test results can be fetched using following commands: @@ -658,7 +658,7 @@ If this happens, please apply the following patch, rebuild the software stack fo cd meta-arm git am 0001-embedded-a-corstone1000-sr-ir-workaround.patch cd .. - kas shell meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml -c="bitbake u-boot -c cleanall; bitbake trusted-firmware-a -c cleanall; bitbake corstone1000-image -c cleanall; bitbake corstone1000-image" + kas shell meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml -c "bitbake u-boot -c cleanall; bitbake trusted-firmware-a -c cleanall; bitbake corstone1000-flash-firmware-image -c cleanall; bitbake corstone1000-flash-firmware-image" Common to FVP and FPGA @@ -833,7 +833,7 @@ Run the FVP with the IR prebuilt image: :: - <_workspace>/meta-arm/scripts/runfvp --terminals=xterm <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.fvpconf -- -C board.msd_mmc.p_mmc_file=<path-to-img>/ir-acs-live-image-generic-arm64.wic + kas shell meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml -c "../meta-arm/scripts/runfvp --terminals=xterm -- -C board.msd_mmc.p_mmc_file=<path-to-img>/ir-acs-live-image-generic-arm64.wic" **NOTE:** <path-to-img> must start from the root directory. make sure there are no spaces before or after of "=". board.msd_mmc.p_mmc_file=<path-to-img>/ir-acs-live-image-generic-arm64.wic. @@ -857,25 +857,25 @@ Then, type FS0: as shown below: FS0: -In case of the positive scenario run the update with the higher version capsule as shown below: +In case of the positive scenario run the update with the higher version capsule as shown below: :: - + EFI/BOOT/app/CapsuleApp.efi cs1k_cap_<fvp/mps3>_v6 After successfully updating the capsule the system will reset. -In case of the negative scenario run the update with the lower version capsule as shown below: +In case of the negative scenario run the update with the lower version capsule as shown below: :: - + EFI/BOOT/app/CapsuleApp.efi cs1k_cap_<fvp/mps3>_v5 The command above should fail and in the TF-M logs the following message should appear: :: - ERROR: flash_full_capsule: version error + ERROR: flash_full_capsule: version error Then, reboot manually: @@ -942,7 +942,7 @@ In the Linux command-line run the following: # cd /sys/firmware/efi/esrt/entries/entry0 # cat * - + 0x0 989f3a4e-46e0-4cd0-9877-a25c70c01329 0 @@ -956,7 +956,7 @@ In the Linux command-line run the following: fw_class: 989f3a4e-46e0-4cd0-9877-a25c70c01329 fw_type: 0 fw_version: 6 - last_attempt_status: 0 + last_attempt_status: 0 last_attempt_version: 6 lowest_supported_fw_ver: 0 @@ -964,12 +964,12 @@ In the Linux command-line run the following: Negative scenario (Applicable to FPGA only) =========================================== -In the negative case scenario (rollback the capsule version), the user should -see appropriate logs in the secure enclave terminal. +In the negative case scenario (rollback the capsule version), the user should +see appropriate logs in the secure enclave terminal. :: - ... + ... uefi_capsule_retrieve_images: image 0 at 0xa0000070, size=15654928 uefi_capsule_retrieve_images: exit flash_full_capsule: enter: image = 0x0xa0000070, size = 7764541, version = 5 @@ -988,8 +988,8 @@ see appropriate logs in the secure enclave terminal. ... -If capsule pass initial verification, but fails verifications performed during -boot time, secure enclave will try new images predetermined number of times +If capsule pass initial verification, but fails verifications performed during +boot time, secure enclave will try new images predetermined number of times (defined in the code), before reverting back to the previous good bank. :: @@ -1007,7 +1007,7 @@ In the Linux command-line run the following: # cd /sys/firmware/efi/esrt/entries/entry0 # cat * - + 0x0 989f3a4e-46e0-4cd0-9877-a25c70c01329 0 @@ -1035,7 +1035,7 @@ Linux distros tests ------------------- ************************************************************* -Debian install and boot preparation +Debian install and boot preparation ************************************************************* There is a known issue in the `Shim 15.7 <https://salsa.debian.org/efi-team/shim/-/tree/upstream/15.7?ref_type=tags>`__ @@ -1064,12 +1064,12 @@ documentation. **On FPGA** :: - kas shell meta-arm/kas/corstone1000-mps3.yml:meta-arm/ci/debug.yml -c="bitbake u-boot trusted-firmware-a corstone1000-image -c cleansstate; bitbake corstone1000-image" + kas shell meta-arm/kas/corstone1000-mps3.yml:meta-arm/ci/debug.yml -c="bitbake u-boot trusted-firmware-a corstone1000-flash-firmware-image -c cleansstate; bitbake corstone1000-flash-firmware-image" **On FVP** :: - kas shell meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml -c="bitbake u-boot trusted-firmware-a corstone1000-image -c cleansstate; bitbake corstone1000-image" + kas shell meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml -c="bitbake u-boot trusted-firmware-a corstone1000-flash-firmware-image -c cleansstate; bitbake corstone1000-flash-firmware-image" On FPGA, please update the cs1000.bin on the SD card with the newly generated wic file. @@ -1080,7 +1080,7 @@ On FPGA, please update the cs1000.bin on the SD card with the newly generated wi cd <_workspace>/meta-arm git reset --hard HEAD~1 cd .. - kas shell meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml -c="bitbake u-boot -c cleanall; bitbake trusted-firmware-a -c cleanall; bitbake corstone1000-image -c cleanall; bitbake corstone1000-image" + kas shell meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml -c="bitbake u-boot -c cleanall; bitbake trusted-firmware-a -c cleanall; bitbake corstone1000-flash-firmware-image -c cleanall; bitbake corstone1000-flash-firmware-image" ************************************************* Preparing the Installation Media @@ -1089,7 +1089,7 @@ Preparing the Installation Media Download one of following Linux distro images: - `Debian installer image <https://cdimage.debian.org/debian-cd/current/arm64/iso-dvd/>`__ (Tested on: debian-12.2.0-arm64-DVD-1.iso) - `OpenSUSE Tumbleweed installer image <http://download.opensuse.org/ports/aarch64/tumbleweed/iso/>`__ (Tested on: openSUSE-Tumbleweed-DVD-aarch64-Snapshot20231120-Media.iso) - + **NOTE:** For OpenSUSE Tumbleweed, the user should look for a DVD Snapshot like openSUSE-Tumbleweed-DVD-aarch64-Snapshot<date>-Media.iso @@ -1100,7 +1100,7 @@ FPGA To test Linux distro install and boot on FPGA, the user should prepare two empty USB sticks (minimum size should be 4GB and formatted with FAT32). -The downloaded iso file needs to be flashed to your USB drive. +The downloaded iso file needs to be flashed to your USB drive. This can be done with your development machine. In the example given below, we assume the USB device is ``/dev/sdb`` (the user @@ -1157,10 +1157,10 @@ FVP :: - <_workspace>/meta-arm/scripts/runfvp --terminals=xterm <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.fvpconf -- -C board.msd_mmc.p_mmc_file="<path-to-iso_file>" -C board.msd_mmc_2.p_mmc_file="<_workspace>/mmc2_file.img" + kas shell meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml -c "../meta-arm/scripts/runfvp --terminals=xterm -- -C board.msd_mmc.p_mmc_file="<path-to-iso_file>" -C board.msd_mmc_2.p_mmc_file="<_workspace>/mmc2_file.img" The installer should now start. -The os will be installed on the second mmc 'mmc2_file.img'. +The os will be installed on the second mmc 'mmc2_file.img'. ******************************************************* Debian install clarifications @@ -1209,24 +1209,23 @@ FPGA Once the installation is complete, unplug the first USB stick and reboot the board. The board will then enter recovery mode, from which the user can access a shell -after entering the password for the root user. +after entering the password for the root user. FVP ============== -Once the installation is complete, you will need to exit the shell instance +Once the installation is complete, you will need to exit the shell instance and run this command to boot into the installed OS: -:: - - <_workspace>/meta-arm/scripts/runfvp --terminals=xterm <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.fvpconf -- -C board.msd_mmc.p_mmc_file="<_workspace>/mmc2_file.img" +:: + kas shell meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml -c "../meta-arm/scripts/runfvp --terminals=xterm -- -C board.msd_mmc.p_mmc_file="<path-to-iso_file>" -C board.msd_mmc.p_mmc_file="<_workspace>/mmc2_file.img" Once the FVP begins booting, you will need to quickly change the boot option in grub, -to boot into recovery mode. +to boot into recovery mode. **NOTE:** This option will disappear quickly, so it's best to preempt it. -Select 'Advanced Options for '<OS>' and then '<OS> (recovery mode)'. +Select 'Advanced Options for '<OS>' and then '<OS> (recovery mode)'. Common ============== @@ -1247,7 +1246,7 @@ Proceed to edit the following files accordingly: The system.conf has been moved from /etc/systemd/ to /usr/lib/systemd/ and directly modifying the /usr/lib/systemd/system.conf is not working and it is getting overridden. We have to create - drop ins system configurations in /etc/systemd/system.conf.d/ directory. So, copy the + drop ins system configurations in /etc/systemd/system.conf.d/ directory. So, copy the /usr/lib/systemd/system.conf to /etc/systemd/system.conf.d/ directory after the mentioned modifications. The file to be edited next is different depending on the installed distro: @@ -1338,7 +1337,7 @@ To report any security issues identified with Corstone-1000, please send an emai -------------- -*Copyright (c) 2022-2023, Arm Limited. All rights reserved.* +*Copyright (c) 2022-2024, Arm Limited. All rights reserved.* .. _Arm Ecosystem FVPs: https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps .. _U-Boot repo: https://github.com/u-boot/u-boot.git diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/scp-firmware-n1sdp.inc b/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/scp-firmware-n1sdp.inc index 41d8f4484e..c89b132ce4 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/scp-firmware-n1sdp.inc +++ b/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/scp-firmware-n1sdp.inc @@ -13,9 +13,6 @@ DEPENDS += "n1sdp-board-firmware" EXTRA_OECMAKE:append = " \ -DSCP_N1SDP_SENSOR_LIB_PATH=${RECIPE_SYSROOT}/n1sdp-board-firmware_source/LIB/sensor.a \ " -# scp-firmware version aligning to Arm Reference Solutions N1SDP-2023.06.22 Release -SRCREV = "543ae8ca3c9e38da3058311118fa3ceef1da47f7" -PV .= "+git" do_install:append() { fiptool \ diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/scp-firmware-sgi575.inc b/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/scp-firmware-sgi575.inc index 3413822a64..79a41a06f6 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/scp-firmware-sgi575.inc +++ b/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/scp-firmware-sgi575.inc @@ -1,5 +1,6 @@ # SGI575 specific SCP configurations and build instructions COMPATIBLE_MACHINE:sgi575 = "sgi575" +SCP_PRODUCT_GROUP = "neoverse-rd" SCP_LOG_LEVEL = "INFO" diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/scp-firmware-tc.inc b/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/scp-firmware-tc.inc index 2c6563573f..87160598d5 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/scp-firmware-tc.inc +++ b/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/scp-firmware-tc.inc @@ -1,5 +1,6 @@ # TC specific SCP configuration COMPATIBLE_MACHINE = "(tc1)" +SCP_PRODUCT_GROUP = "totalcompute" FW_TARGETS = "scp" diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0002-feat-corstone1000-bl2-loads-fip-based-on-metadata.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0002-feat-corstone1000-bl2-loads-fip-based-on-metadata.patch deleted file mode 100644 index e26fd34e86..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0002-feat-corstone1000-bl2-loads-fip-based-on-metadata.patch +++ /dev/null @@ -1,162 +0,0 @@ -From fa7ab9b40babee29d2aadb267dfce7a96f8989d4 Mon Sep 17 00:00:00 2001 -From: Mohamed Omar Asaker <mohamed.omarasaker@arm.com> -Date: Mon, 9 Jan 2023 13:59:06 +0000 -Subject: [PATCH] feat(corstone1000): bl2 loads fip based on metadata - -Previously bl2 was reading the boot_index directly with a hard coded -address and then set the fip image spec with fip offsets base based on -the boot_index value. -This commit removes this logic and rely on PSA_FWU_SUPPORT -which reads the fip partition based on the active firmware bank written in -metadata. - -Note: fip partition contains signature area at the begining. Hence, the fip -image starts at fip partition + fip signature area size. - -Upstream-Status: Pending -Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com> ---- - bl2/bl2_main.c | 4 +++ - .../corstone1000/common/corstone1000_plat.c | 32 ++++++------------- - .../common/include/platform_def.h | 12 +++---- - tools/cert_create/Makefile | 4 +-- - tools/fiptool/Makefile | 4 +-- - 5 files changed, 24 insertions(+), 32 deletions(-) - -diff --git a/bl2/bl2_main.c b/bl2/bl2_main.c -index ce83692e0ebc..1a9febc007b2 100644 ---- a/bl2/bl2_main.c -+++ b/bl2/bl2_main.c -@@ -87,6 +87,10 @@ void bl2_main(void) - /* Perform remaining generic architectural setup in S-EL1 */ - bl2_arch_setup(); - -+#if ARM_GPT_SUPPORT -+ partition_init(GPT_IMAGE_ID); -+#endif -+ - #if PSA_FWU_SUPPORT - fwu_init(); - #endif /* PSA_FWU_SUPPORT */ -diff --git a/plat/arm/board/corstone1000/common/corstone1000_plat.c b/plat/arm/board/corstone1000/common/corstone1000_plat.c -index 0235f8b8474c..7f9708a82489 100644 ---- a/plat/arm/board/corstone1000/common/corstone1000_plat.c -+++ b/plat/arm/board/corstone1000/common/corstone1000_plat.c -@@ -33,36 +33,17 @@ const mmap_region_t plat_arm_mmap[] = { - static void set_fip_image_source(void) - { - const struct plat_io_policy *policy; -- /* -- * metadata for firmware update is written at 0x0000 offset of the flash. -- * PLAT_ARM_BOOT_BANK_FLAG contains the boot bank that TF-M is booted. -- * As per firmware update spec, at a given point of time, only one bank -- * is active. This means, TF-A should boot from the same bank as TF-M. -- */ -- volatile uint32_t *boot_bank_flag = (uint32_t *)(PLAT_ARM_BOOT_BANK_FLAG); -- -- if (*boot_bank_flag > 1) { -- VERBOSE("Boot_bank is set higher than possible values"); -- } -- -- VERBOSE("Boot bank flag = %u.\n\r", *boot_bank_flag); - - policy = FCONF_GET_PROPERTY(arm, io_policies, FIP_IMAGE_ID); - - assert(policy != NULL); - assert(policy->image_spec != 0UL); - -+ /* FIP Partition contains Signature area at the begining which TF-A doesn't expect */ - io_block_spec_t *spec = (io_block_spec_t *)policy->image_spec; -+ spec->offset += FIP_SIGNATURE_AREA_SIZE; -+ spec->length -= FIP_SIGNATURE_AREA_SIZE; - -- if ((*boot_bank_flag) == 0) { -- VERBOSE("Booting from bank 0: fip offset = 0x%lx\n\r", -- PLAT_ARM_FIP_BASE_BANK0); -- spec->offset = PLAT_ARM_FIP_BASE_BANK0; -- } else { -- VERBOSE("Booting from bank 1: fip offset = 0x%lx\n\r", -- PLAT_ARM_FIP_BASE_BANK1); -- spec->offset = PLAT_ARM_FIP_BASE_BANK1; -- } - } - - void bl2_platform_setup(void) -@@ -75,6 +56,13 @@ void bl2_platform_setup(void) - set_fip_image_source(); - } - -+void bl2_early_platform_setup2(u_register_t arg0, u_register_t arg1, -+ u_register_t arg2, u_register_t arg3) -+{ -+ arm_bl2_early_platform_setup((uintptr_t)arg0, (meminfo_t *)arg1); -+ NOTICE("CS1k: early at bl2_platform_setup\n"); -+} -+ - /* corstone1000 only has one always-on power domain and there - * is no power control present - */ -diff --git a/plat/arm/board/corstone1000/common/include/platform_def.h b/plat/arm/board/corstone1000/common/include/platform_def.h -index 584d485f3ea7..0bfab05a482b 100644 ---- a/plat/arm/board/corstone1000/common/include/platform_def.h -+++ b/plat/arm/board/corstone1000/common/include/platform_def.h -@@ -173,16 +173,16 @@ - - /* NOR Flash */ - --#define PLAT_ARM_BOOT_BANK_FLAG UL(0x08002000) --#define PLAT_ARM_FIP_BASE_BANK0 UL(0x081EF000) --#define PLAT_ARM_FIP_BASE_BANK1 UL(0x0916F000) --#define PLAT_ARM_FIP_MAX_SIZE UL(0x1ff000) /* 1.996 MB */ -- - #define PLAT_ARM_NVM_BASE V2M_FLASH0_BASE - #define PLAT_ARM_NVM_SIZE (SZ_32M) /* 32 MB */ -+#define PLAT_ARM_FIP_MAX_SIZE UL(0x1ff000) /* 1.996 MB */ - --#define PLAT_ARM_FLASH_IMAGE_BASE PLAT_ARM_FIP_BASE_BANK0 -+#define PLAT_ARM_FLASH_IMAGE_BASE UL(0x08000000) - #define PLAT_ARM_FLASH_IMAGE_MAX_SIZE PLAT_ARM_FIP_MAX_SIZE -+#define PLAT_ARM_FIP_OFFSET_IN_GPT (0x86000) -+ -+/* FIP Information */ -+#define FIP_SIGNATURE_AREA_SIZE (0x1000) /* 4 KB */ - - /* - * Some data must be aligned on the biggest cache line size in the platform. -diff --git a/tools/cert_create/Makefile b/tools/cert_create/Makefile -index 042e844626bd..45b76a022f91 100644 ---- a/tools/cert_create/Makefile -+++ b/tools/cert_create/Makefile -@@ -78,8 +78,8 @@ INC_DIR += -I ./include -I ${PLAT_INCLUDE} -I ${OPENSSL_DIR}/include - # directory. However, for a local build of OpenSSL, the built binaries are - # located under the main project directory (i.e.: ${OPENSSL_DIR}, not - # ${OPENSSL_DIR}/lib/). --LIB_DIR := -L ${OPENSSL_DIR}/lib -L ${OPENSSL_DIR} --LIB := -lssl -lcrypto -+LIB_DIR := -L ${OPENSSL_DIR}/lib -L ${OPENSSL_DIR} ${BUILD_LDFLAGS} ${BUILD_LDFLAGS} ${BUILD_LDFLAGS} ${BUILD_LDFLAGS} ${BUILD_LDFLAGS} ${BUILD_LDFLAGS} -+LIB := -lssl -lcrypto ${BUILD_LDFLAGS} ${BUILD_LDFLAGS} ${BUILD_LDFLAGS} ${BUILD_LDFLAGS} ${BUILD_LDFLAGS} ${BUILD_LDFLAGS} - - HOSTCC ?= gcc - -diff --git a/tools/fiptool/Makefile b/tools/fiptool/Makefile -index 2ebee33931ba..dcfd314bee89 100644 ---- a/tools/fiptool/Makefile -+++ b/tools/fiptool/Makefile -@@ -39,7 +39,7 @@ HOSTCCFLAGS += -DUSING_OPENSSL3=$(USING_OPENSSL3) - # directory. However, for a local build of OpenSSL, the built binaries are - # located under the main project directory (i.e.: ${OPENSSL_DIR}, not - # ${OPENSSL_DIR}/lib/). --LDLIBS := -L${OPENSSL_DIR}/lib -L${OPENSSL_DIR} -lcrypto -+LDLIBS := -L${OPENSSL_DIR}/lib -L${OPENSSL_DIR} -lcrypto ${BUILD_LDFLAGS} ${BUILD_LDFLAGS} ${BUILD_LDFLAGS} ${BUILD_LDFLAGS} ${BUILD_LDFLAGS} ${BUILD_LDFLAGS} - - ifeq (${V},0) - Q := @ -@@ -47,7 +47,7 @@ else - Q := - endif - --INCLUDE_PATHS := -I../../include/tools_share -I${OPENSSL_DIR}/include -+INCLUDE_PATHS := -I../../include/tools_share -I${OPENSSL_DIR}/include ${BUILD_CFLAGS} ${BUILD_CFLAGS} ${BUILD_CFLAGS} ${BUILD_CFLAGS} ${BUILD_CFLAGS} ${BUILD_CFLAGS} - - HOSTCC ?= gcc - diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0002-fix-corstone1000-pass-spsr-value-explicitly.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0002-fix-corstone1000-pass-spsr-value-explicitly.patch new file mode 100644 index 0000000000..4a08abb60f --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0002-fix-corstone1000-pass-spsr-value-explicitly.patch @@ -0,0 +1,32 @@ +From d70a07562d3b0a7b4441922fd3ce136565927d04 Mon Sep 17 00:00:00 2001 +From: Emekcan Aras <Emekcan.Aras@arm.com> +Date: Wed, 21 Feb 2024 07:57:36 +0000 +Subject: [PATCH] fix(corstone1000): pass spsr value explicitly + +Passes spsr value for BL32 (OPTEE) explicitly between different boot +stages. + +Upstream-Status: Pending +Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com> +--- + .../corstone1000/common/corstone1000_bl2_mem_params_desc.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/plat/arm/board/corstone1000/common/corstone1000_bl2_mem_params_desc.c b/plat/arm/board/corstone1000/common/corstone1000_bl2_mem_params_desc.c +index fe521a9fa..2cc096f38 100644 +--- a/plat/arm/board/corstone1000/common/corstone1000_bl2_mem_params_desc.c ++++ b/plat/arm/board/corstone1000/common/corstone1000_bl2_mem_params_desc.c +@@ -72,7 +72,8 @@ static bl_mem_params_node_t bl2_mem_params_descs[] = { + SET_STATIC_PARAM_HEAD(ep_info, PARAM_EP, + VERSION_2, entry_point_info_t, NON_SECURE | EXECUTABLE), + .ep_info.pc = BL33_BASE, +- ++ .ep_info.spsr = SPSR_64(MODE_EL2, MODE_SP_ELX, ++ DISABLE_ALL_EXCEPTIONS), + SET_STATIC_PARAM_HEAD(image_info, PARAM_EP, + VERSION_2, image_info_t, 0), + .image_info.image_base = BL33_BASE, +-- +2.25.1 + + diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0003-fix-spmd-remove-EL3-interrupt-registration.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0003-fix-spmd-remove-EL3-interrupt-registration.patch new file mode 100644 index 0000000000..ea7a29139c --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0003-fix-spmd-remove-EL3-interrupt-registration.patch @@ -0,0 +1,54 @@ +From 684b8f88238f522b52eb102485762e02e6b1671a Mon Sep 17 00:00:00 2001 +From: Emekcan Aras <Emekcan.Aras@arm.com> +Date: Fri, 23 Feb 2024 13:17:59 +0000 +Subject: [PATCH] fix(spmd): remove EL3 interrupt registration + +This configuration should not be done for corstone1000 and similar +platforms. GICv2 systems only support EL3 interrupts and can have SEL1 component +as SPMC. + +Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com> +Upstream-Status: Inappropriate [Discussions of fixing this in a better way is ongoing in upstream] +--- + services/std_svc/spmd/spmd_main.c | 24 ------------------------ + 1 file changed, 24 deletions(-) + +diff --git a/services/std_svc/spmd/spmd_main.c b/services/std_svc/spmd/spmd_main.c +index 066571e9b..313f05bf3 100644 +--- a/services/std_svc/spmd/spmd_main.c ++++ b/services/std_svc/spmd/spmd_main.c +@@ -580,30 +580,6 @@ static int spmd_spmc_init(void *pm_addr) + panic(); + } + +- /* +- * Permit configurations where the SPM resides at S-EL1/2 and upon a +- * Group0 interrupt triggering while the normal world runs, the +- * interrupt is routed either through the EHF or directly to the SPMD: +- * +- * EL3_EXCEPTION_HANDLING=0: the Group0 interrupt is routed to the SPMD +- * for handling by spmd_group0_interrupt_handler_nwd. +- * +- * EL3_EXCEPTION_HANDLING=1: the Group0 interrupt is routed to the EHF. +- * +- */ +-#if (EL3_EXCEPTION_HANDLING == 0) +- /* +- * Register an interrupt handler routing Group0 interrupts to SPMD +- * while the NWd is running. +- */ +- rc = register_interrupt_type_handler(INTR_TYPE_EL3, +- spmd_group0_interrupt_handler_nwd, +- flags); +- if (rc != 0) { +- panic(); +- } +-#endif +- + return 0; + } + +-- +2.25.1 + + diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0003-psci-SMCCC_ARCH_FEATURES-discovery-through-PSCI_FEATURES.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0003-psci-SMCCC_ARCH_FEATURES-discovery-through-PSCI_FEATURES.patch deleted file mode 100644 index 2a7cd47e1b..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0003-psci-SMCCC_ARCH_FEATURES-discovery-through-PSCI_FEATURES.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 16937460429d6bcd502b21c20d16222541ed8d48 Mon Sep 17 00:00:00 2001 -From: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com> -Date: Mon, 6 Mar 2023 15:57:59 +0000 -Subject: [PATCH] psci: SMCCC_ARCH_FEATURES discovery through PSCI_FEATURES - -allow normal world use PSCI_FEATURES to discover SMCCC_ARCH_FEATURES - -Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com> -Upstream-Status: Inappropriate [A U-Boot patch will be released to fix an issue in the PSCI driver] ---- - lib/psci/psci_main.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/lib/psci/psci_main.c b/lib/psci/psci_main.c -index a631f3ffbf..cc8904b006 100644 ---- a/lib/psci/psci_main.c -+++ b/lib/psci/psci_main.c -@@ -337,7 +337,7 @@ int psci_features(unsigned int psci_fid) - { - unsigned int local_caps = psci_caps; - -- if (psci_fid == SMCCC_VERSION) -+ if (psci_fid == SMCCC_VERSION || psci_fid == SMCCC_ARCH_FEATURES) - return PSCI_E_SUCCESS; - - /* Check if it is a 64 bit function */ --- -2.25.1 - diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0004-fix-corstone1000-add-cpuhelper-to-makefile.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0004-fix-corstone1000-add-cpuhelper-to-makefile.patch deleted file mode 100644 index 6ddde10e4f..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0004-fix-corstone1000-add-cpuhelper-to-makefile.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 33078d8ef143e8c79f06399de46dd26e1d53a220 Mon Sep 17 00:00:00 2001 -From: Gauri Sahnan <Gauri.Sahnan@arm.com> -Date: Tue, 8 Aug 2023 17:16:51 +0100 -Subject: fix(corstone1000): add cpuhelpers to makefile - -Adds cpu_helpers.S to the Makefile to align with the changes in new -trusted-firmware-a version. - -Signed-off-by: Gauri Sahnan <Gauri.Sahnan@arm.com> -Upstream-Status: Pending [Not submitted to upstream yet] ---- - plat/arm/board/corstone1000/platform.mk | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/plat/arm/board/corstone1000/platform.mk b/plat/arm/board/corstone1000/platform.mk -index 3edffe087..079e9d6c1 100644 ---- a/plat/arm/board/corstone1000/platform.mk -+++ b/plat/arm/board/corstone1000/platform.mk -@@ -43,6 +43,7 @@ BL2_SOURCES += plat/arm/board/corstone1000/common/corstone1000_security.c \ - plat/arm/board/corstone1000/common/corstone1000_err.c \ - plat/arm/board/corstone1000/common/corstone1000_trusted_boot.c \ - lib/utils/mem_region.c \ -+ lib/cpus/aarch64/cpu_helpers.S \ - plat/arm/board/corstone1000/common/corstone1000_helpers.S \ - plat/arm/board/corstone1000/common/corstone1000_plat.c \ - plat/arm/board/corstone1000/common/corstone1000_bl2_mem_params_desc.c \ --- -2.25.1 diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/0001-n1sdp-tftf-tests-to-skip.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/n1sdp/0001-n1sdp-tftf-tests-to-skip.patch index b31567c4c7..b31567c4c7 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/0001-n1sdp-tftf-tests-to-skip.patch +++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/n1sdp/0001-n1sdp-tftf-tests-to-skip.patch diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/tf-a-tests_%.bbappend b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/tf-a-tests_%.bbappend index 6421033b88..ec1158c918 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/tf-a-tests_%.bbappend +++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/tf-a-tests_%.bbappend @@ -3,7 +3,6 @@ FILESEXTRAPATHS:prepend := "${THISDIR}/files:" COMPATIBLE_MACHINE:corstone1000 = "corstone1000" -SRCREV:corstone1000 = "5f591f67738a1bbe6b262c53d9dad46ed8bbcd67" EXTRA_OEMAKE:append:corstone1000 = " DEBUG=0" EXTRA_OEMAKE:append:corstone1000 = " LOG_LEVEL=30" TFTF_MODE:corstone1000 = "release" diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone1000.inc b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone1000.inc index 8673199d69..e061b94480 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone1000.inc +++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone1000.inc @@ -5,9 +5,8 @@ COMPATIBLE_MACHINE = "(corstone1000)" FILESEXTRAPATHS:prepend := "${THISDIR}/files/corstone1000:" SRC_URI:append = " \ file://0001-Fix-FF-A-version-in-SPMC-manifest.patch \ - file://0002-feat-corstone1000-bl2-loads-fip-based-on-metadata.patch \ - file://0003-psci-SMCCC_ARCH_FEATURES-discovery-through-PSCI_FEATURES.patch \ - file://0004-fix-corstone1000-add-cpuhelper-to-makefile.patch \ + file://0002-fix-corstone1000-pass-spsr-value-explicitly.patch \ + file://0003-fix-spmd-remove-EL3-interrupt-registration.patch \ " TFA_DEBUG = "1" @@ -51,4 +50,5 @@ EXTRA_OEMAKE:append = " \ ERRATA_A35_855472=1 \ ROT_KEY=plat/arm/board/common/rotpk/arm_rotprivk_rsa.pem \ BL32=${RECIPE_SYSROOT}/${nonarch_base_libdir}/firmware/tee-pager_v2.bin \ + FVP_USE_GIC_DRIVER=FVP_GICV2 \ " diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/0002-arm-trusted-firmware-m-disable-address-warnings-into.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/0002-arm-trusted-firmware-m-disable-address-warnings-into.patch new file mode 100644 index 0000000000..1f19f55c48 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/0002-arm-trusted-firmware-m-disable-address-warnings-into.patch @@ -0,0 +1,26 @@ +From 961d2e3718e9e6d652cadf5b4d3597cfe822dd04 Mon Sep 17 00:00:00 2001 +From: Ali Can Ozaslan <ali.oezaslan@arm.com> +Date: Wed, 24 Jan 2024 16:10:08 +0000 +Subject: [PATCH] arm/trusted-firmware-m: disable address warnings into an + error + +Signed-off-by: Emekcan Aras <emekcan.aras@arm.com> +Signed-off-by: Ali Can Ozaslan <ali.oezaslan@arm.com> +Upstream-Status: Inappropriate + +--- + toolchain_GNUARM.cmake | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/toolchain_GNUARM.cmake b/toolchain_GNUARM.cmake +index b6ae50ec3..4c2f5b3d7 100644 +--- a/toolchain_GNUARM.cmake ++++ b/toolchain_GNUARM.cmake +@@ -111,6 +111,7 @@ add_compile_options( + -Wno-format + -Wno-return-type + -Wno-unused-but-set-variable ++ -Wno-error=address + -c + -fdata-sections + -ffunction-sections diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0001-Platform-corstone1000-Increase-BL2-size-in-flash-lay.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0001-Platform-corstone1000-Increase-BL2-size-in-flash-lay.patch deleted file mode 100644 index 4f00ea2881..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0001-Platform-corstone1000-Increase-BL2-size-in-flash-lay.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 60598f3b44237bd5038e33400e749ec1e7e8fbda Mon Sep 17 00:00:00 2001 -From: Emekcan Aras <emekcan.aras@arm.com> -Date: Mon, 15 May 2023 10:42:23 +0100 -Subject: [PATCH] Platform: corstone1000: Increase BL2 size in flash layout - -Increases BL2 size to align with the flash page size in corstone1000. - -Signed-off-by: Emekcan Aras <emekcan.aras@arm.com> -Upstream-Status: Submitted [https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/24103] - ---- - platform/ext/target/arm/corstone1000/partition/flash_layout.h | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/platform/ext/target/arm/corstone1000/partition/flash_layout.h b/platform/ext/target/arm/corstone1000/partition/flash_layout.h -index 41b4c6323f..bfe8c4fb3c 100644 ---- a/platform/ext/target/arm/corstone1000/partition/flash_layout.h -+++ b/platform/ext/target/arm/corstone1000/partition/flash_layout.h -@@ -89,7 +89,7 @@ - #endif - - /* Static Configurations of the Flash */ --#define SE_BL2_PARTITION_SIZE (0x18800) /* 98 KB */ -+#define SE_BL2_PARTITION_SIZE (0x19000) /* 98 KB */ - #define SE_BL2_BANK_0_OFFSET (0x9000) /* 72nd LBA */ - #define SE_BL2_BANK_1_OFFSET (0x1002000) /* 32784th LBA */ - diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0001-platform-corstone1000-Update-MPU-configuration.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0001-platform-corstone1000-Update-MPU-configuration.patch new file mode 100644 index 0000000000..25e53b5656 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0001-platform-corstone1000-Update-MPU-configuration.patch @@ -0,0 +1,274 @@ +From eb096e4c03b80f9f31e5d15ca06e5a38e4112664 Mon Sep 17 00:00:00 2001 +From: Bence Balogh <bence.balogh@arm.com> +Date: Tue, 7 Nov 2023 20:25:49 +0100 +Subject: [PATCH 1/2] platform: corstone1000: Update MPU configuration + +In Armv6-M the MPU requires the regions to be aligned with +region sizes. +The commit aligns the different code/data sections using the +alignment macros. The code/data sections can be covered by +multiple MPU regions in order to save memory. + +Small adjustments had to be made in the memory layout in order to +not overflow the flash: +- Decreased TFM_PARTITION_SIZE +- Increased S_UNPRIV_DATA_SIZE + +Added checks to the MPU configuration function for checking the +MPU constraints: +- Base address has to be aligned to the size +- The minimum MPU region size is 0x100 +- The MPU can have 8 regions at most + +Change-Id: I059468e8aba0822bb354fd1cd4987ac2bb1f34d1 +Signed-off-by: Bence Balogh <bence.balogh@arm.com> +Upstream-Status: Submitted [https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/25393] + +--- + .../target/arm/corstone1000/CMakeLists.txt | 19 +++++ + .../arm/corstone1000/create-flash-image.sh | 8 +- + .../arm/corstone1000/partition/flash_layout.h | 2 +- + .../arm/corstone1000/partition/region_defs.h | 6 +- + .../arm/corstone1000/tfm_hal_isolation.c | 83 +++++++++++++++---- + 5 files changed, 93 insertions(+), 25 deletions(-) + +diff --git a/platform/ext/target/arm/corstone1000/CMakeLists.txt b/platform/ext/target/arm/corstone1000/CMakeLists.txt +index e6cf15b11..8817f514c 100644 +--- a/platform/ext/target/arm/corstone1000/CMakeLists.txt ++++ b/platform/ext/target/arm/corstone1000/CMakeLists.txt +@@ -22,6 +22,25 @@ target_compile_definitions(platform_region_defs + INTERFACE + $<$<BOOL:${TFM_S_REG_TEST}>:TFM_S_REG_TEST> + ) ++ ++# The Armv6-M MPU requires that the MPU regions be aligned to the region sizes. ++# The minimal region size is 0x100 bytes. ++# ++# The alignments have to be a power of two and ideally bigger than the section size (which ++# can be checked in the map file). ++# In some cases the alignment value is smaller than the actual section ++# size to save memory. In that case, multiple MPU region has to be configured to cover it. ++# ++# To save memory, the attributes are set to XN_EXEC_OK and AP_RO_PRIV_UNPRIV for ++# the SRAM so the PSA_ROT_LINKER_CODE, TFM_UNPRIV_CODE and APP_ROT_LINKER_CODE don't have to ++# be aligned. The higher-priority regions will overwrite these attributes if needed. ++# The RAM is also located in the SRAM so it has to be configured to overwrite these default ++# attributes. ++target_compile_definitions(platform_region_defs ++ INTERFACE ++ TFM_LINKER_APP_ROT_LINKER_DATA_ALIGNMENT=0x2000 ++ TFM_LINKER_SP_META_PTR_ALIGNMENT=0x100 ++) + #========================= Platform common defs ===============================# + + # Specify the location of platform specific build dependencies. +diff --git a/platform/ext/target/arm/corstone1000/create-flash-image.sh b/platform/ext/target/arm/corstone1000/create-flash-image.sh +index 2522d3674..a6be61384 100755 +--- a/platform/ext/target/arm/corstone1000/create-flash-image.sh ++++ b/platform/ext/target/arm/corstone1000/create-flash-image.sh +@@ -8,7 +8,7 @@ + + ###################################################################### + # This script is to create a flash gpt image for corstone platform +-# ++# + # Flash image layout: + # |------------------------------| + # | Protective MBR | +@@ -82,15 +82,15 @@ sgdisk --mbrtogpt \ + --new=4:56:+4K --typecode=4:$PRIVATE_METADATA_TYPE_UUID --partition-guid=4:$(uuidgen) --change-name=4:'private_metadata_replica_1' \ + --new=5:64:+4k --typecode=5:$PRIVATE_METADATA_TYPE_UUID --partition-guid=5:$(uuidgen) --change-name=5:'private_metadata_replica_2' \ + --new=6:72:+100k --typecode=6:$SE_BL2_TYPE_UUID --partition-guid=6:$(uuidgen) --change-name=6:'bl2_primary' \ +- --new=7:272:+376K --typecode=7:$TFM_TYPE_UUID --partition-guid=7:$(uuidgen) --change-name=7:'tfm_primary' \ ++ --new=7:272:+368K --typecode=7:$TFM_TYPE_UUID --partition-guid=7:$(uuidgen) --change-name=7:'tfm_primary' \ + --new=8:32784:+100k --typecode=8:$SE_BL2_TYPE_UUID --partition-guid=8:$(uuidgen) --change-name=8:'bl2_secondary' \ +- --new=9:32984:+376K --typecode=9:$TFM_TYPE_UUID --partition-guid=9:$(uuidgen) --change-name=9:'tfm_secondary' \ ++ --new=9:32984:+368K --typecode=9:$TFM_TYPE_UUID --partition-guid=9:$(uuidgen) --change-name=9:'tfm_secondary' \ + --new=10:65496:65501 --partition-guid=10:$(uuidgen) --change-name=10:'reserved_2' \ + $IMAGE + + [ $? -ne 0 ] && echo "Error occurs while writing the GPT layout" && exit 1 + +-# Write partitions ++# Write partitions + # conv=notrunc avoids truncation to keep the geometry of the image. + dd if=$BIN_DIR/bl2_signed.bin of=${IMAGE} seek=72 conv=notrunc + dd if=$BIN_DIR/tfm_s_signed.bin of=${IMAGE} seek=272 conv=notrunc +diff --git a/platform/ext/target/arm/corstone1000/partition/flash_layout.h b/platform/ext/target/arm/corstone1000/partition/flash_layout.h +index 568c8de28..7fffd94c6 100644 +--- a/platform/ext/target/arm/corstone1000/partition/flash_layout.h ++++ b/platform/ext/target/arm/corstone1000/partition/flash_layout.h +@@ -134,7 +134,7 @@ + + /* Bank configurations */ + #define BANK_PARTITION_SIZE (0xFE0000) /* 15.875 MB */ +-#define TFM_PARTITION_SIZE (0x5E000) /* 376 KB */ ++#define TFM_PARTITION_SIZE (0x5C000) /* 368 KB */ + + /************************************************************/ + /* Bank : Images flash offsets are with respect to the bank */ +diff --git a/platform/ext/target/arm/corstone1000/partition/region_defs.h b/platform/ext/target/arm/corstone1000/partition/region_defs.h +index 99e822f51..64ab786e5 100644 +--- a/platform/ext/target/arm/corstone1000/partition/region_defs.h ++++ b/platform/ext/target/arm/corstone1000/partition/region_defs.h +@@ -1,8 +1,10 @@ + /* +- * Copyright (c) 2017-2022 Arm Limited. All rights reserved. ++ * Copyright (c) 2017-2023 Arm Limited. All rights reserved. + * Copyright (c) 2021-2023 Cypress Semiconductor Corporation (an Infineon company) + * or an affiliate of Cypress Semiconductor Corporation. All rights reserved. + * ++ * SPDX-License-Identifier: Apache-2.0 ++ * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at +@@ -53,7 +55,7 @@ + + #define S_DATA_START (SRAM_BASE + TFM_PARTITION_SIZE) + #define S_DATA_SIZE (SRAM_SIZE - TFM_PARTITION_SIZE) +-#define S_UNPRIV_DATA_SIZE (0x2160) ++#define S_UNPRIV_DATA_SIZE (0x4000) + #define S_DATA_LIMIT (S_DATA_START + S_DATA_SIZE - 1) + #define S_DATA_PRIV_START (S_DATA_START + S_UNPRIV_DATA_SIZE) + +diff --git a/platform/ext/target/arm/corstone1000/tfm_hal_isolation.c b/platform/ext/target/arm/corstone1000/tfm_hal_isolation.c +index 01f7687bc..98e795dde 100644 +--- a/platform/ext/target/arm/corstone1000/tfm_hal_isolation.c ++++ b/platform/ext/target/arm/corstone1000/tfm_hal_isolation.c +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2020-2022, Arm Limited. All rights reserved. ++ * Copyright (c) 2020-2023, Arm Limited. All rights reserved. + * Copyright (c) 2022 Cypress Semiconductor Corporation (an Infineon + * company) or an affiliate of Cypress Semiconductor Corporation. All rights + * reserved. +@@ -14,9 +14,11 @@ + #include "tfm_hal_isolation.h" + #include "mpu_config.h" + #include "mmio_defs.h" ++#include "flash_layout.h" + + #define PROT_BOUNDARY_VAL \ + ((1U << HANDLE_ATTR_PRIV_POS) & HANDLE_ATTR_PRIV_MASK) ++#define MPU_REGION_MIN_SIZE (0x100) + + #ifdef CONFIG_TFM_ENABLE_MEMORY_PROTECT + +@@ -31,20 +33,38 @@ REGION_DECLARE(Image$$, TFM_SP_META_PTR, $$ZI$$Base); + REGION_DECLARE(Image$$, TFM_SP_META_PTR, $$ZI$$Limit); + #endif /* CONFIG_TFM_PARTITION_META */ + +-static void configure_mpu(uint32_t rnr, uint32_t base, uint32_t limit, +- uint32_t is_xn_exec, uint32_t ap_permissions) ++static enum tfm_hal_status_t configure_mpu(uint32_t rnr, uint32_t base, ++ uint32_t limit, uint32_t is_xn_exec, uint32_t ap_permissions) + { +- uint32_t size; /* region size */ ++ uint32_t rbar_size_field; /* region size as it is used in the RBAR */ + uint32_t rasr; /* region attribute and size register */ + uint32_t rbar; /* region base address register */ + +- size = get_rbar_size_field(limit - base); ++ rbar_size_field = get_rbar_size_field(limit - base); ++ ++ /* The MPU region's base address has to be aligned to the region ++ * size for a valid MPU configuration */ ++ if ((base % (1 << (rbar_size_field + 1))) != 0) { ++ return TFM_HAL_ERROR_INVALID_INPUT; ++ } ++ ++ /* The MPU supports only 8 memory regions */ ++ if (rnr > 7) { ++ return TFM_HAL_ERROR_INVALID_INPUT; ++ } ++ ++ /* The minimum size for a region is 0x100 bytes */ ++ if((limit - base) < MPU_REGION_MIN_SIZE) { ++ return TFM_HAL_ERROR_INVALID_INPUT; ++ } + + rasr = ARM_MPU_RASR(is_xn_exec, ap_permissions, TEX, NOT_SHAREABLE, +- NOT_CACHEABLE, NOT_BUFFERABLE, SUB_REGION_DISABLE, size); ++ NOT_CACHEABLE, NOT_BUFFERABLE, SUB_REGION_DISABLE, rbar_size_field); + rbar = base & MPU_RBAR_ADDR_Msk; + + ARM_MPU_SetRegionEx(rnr, rbar, rasr); ++ ++ return TFM_HAL_SUCCESS; + } + + #endif /* CONFIG_TFM_ENABLE_MEMORY_PROTECT */ +@@ -56,33 +76,60 @@ enum tfm_hal_status_t tfm_hal_set_up_static_boundaries( + uint32_t rnr = TFM_ISOLATION_REGION_START_NUMBER; /* current region number */ + uint32_t base; /* start address */ + uint32_t limit; /* end address */ ++ enum tfm_hal_status_t ret; + + ARM_MPU_Disable(); + +- /* TFM Core unprivileged code region */ +- base = (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_CODE_START, $$RO$$Base); +- limit = (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_CODE_END, $$RO$$Limit); +- +- configure_mpu(rnr++, base, limit, XN_EXEC_OK, AP_RO_PRIV_UNPRIV); +- +- /* RO region */ +- base = (uint32_t)®ION_NAME(Image$$, TFM_APP_CODE_START, $$Base); +- limit = (uint32_t)®ION_NAME(Image$$, TFM_APP_CODE_END, $$Base); ++ /* Armv6-M MPU allows region overlapping. The region with the higher RNR ++ * will decide the attributes. ++ * ++ * The default attributes are set to XN_EXEC_OK and AP_RO_PRIV_UNPRIV for the ++ * whole SRAM so the PSA_ROT_LINKER_CODE, TFM_UNPRIV_CODE and APP_ROT_LINKER_CODE ++ * don't have to be aligned and memory space can be saved. ++ * This region has the lowest RNR so the next regions can overwrite these ++ * attributes if it's needed. ++ */ ++ base = SRAM_BASE; ++ limit = SRAM_BASE + SRAM_SIZE; ++ ++ ret = configure_mpu(rnr++, base, limit, ++ XN_EXEC_OK, AP_RW_PRIV_UNPRIV); ++ if (ret != TFM_HAL_SUCCESS) { ++ return ret; ++ } + +- configure_mpu(rnr++, base, limit, XN_EXEC_OK, AP_RO_PRIV_UNPRIV); + + /* RW, ZI and stack as one region */ + base = (uint32_t)®ION_NAME(Image$$, TFM_APP_RW_STACK_START, $$Base); + limit = (uint32_t)®ION_NAME(Image$$, TFM_APP_RW_STACK_END, $$Base); + +- configure_mpu(rnr++, base, limit, XN_EXEC_NOT_OK, AP_RW_PRIV_UNPRIV); ++ /* The section size can be bigger than the alignment size, else the code would ++ * not fit into the memory. Because of this, the sections can use multiple MPU ++ * regions. */ ++ do { ++ ret = configure_mpu(rnr++, base, base + TFM_LINKER_APP_ROT_LINKER_DATA_ALIGNMENT, ++ XN_EXEC_NOT_OK, AP_RW_PRIV_UNPRIV); ++ if (ret != TFM_HAL_SUCCESS) { ++ return ret; ++ } ++ base += TFM_LINKER_APP_ROT_LINKER_DATA_ALIGNMENT; ++ } while (base < limit); ++ + + #ifdef CONFIG_TFM_PARTITION_META + /* TFM partition metadata pointer region */ + base = (uint32_t)®ION_NAME(Image$$, TFM_SP_META_PTR, $$ZI$$Base); + limit = (uint32_t)®ION_NAME(Image$$, TFM_SP_META_PTR, $$ZI$$Limit); + +- configure_mpu(rnr++, base, limit, XN_EXEC_NOT_OK, AP_RW_PRIV_UNPRIV); ++ do { ++ ret = configure_mpu(rnr++, base, base + TFM_LINKER_SP_META_PTR_ALIGNMENT, ++ XN_EXEC_NOT_OK, AP_RW_PRIV_UNPRIV); ++ if (ret != TFM_HAL_SUCCESS) { ++ return ret; ++ } ++ base += TFM_LINKER_SP_META_PTR_ALIGNMENT; ++ } while (base < limit); ++ + #endif + + arm_mpu_enable(); diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0002-Platform-Corstone1000-Increase-BL2_DATA_SIZE.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0002-Platform-Corstone1000-Increase-BL2_DATA_SIZE.patch deleted file mode 100644 index 6bbd66fdc4..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0002-Platform-Corstone1000-Increase-BL2_DATA_SIZE.patch +++ /dev/null @@ -1,31 +0,0 @@ -From b05fb661b3afc3ed8e3d4817df2798e9d4877b39 Mon Sep 17 00:00:00 2001 -From: Emekcan Aras <emekcan.aras@arm.com> -Date: Mon, 15 May 2023 10:46:18 +0100 -Subject: [PATCH] Platform: Corstone1000: Increase BL2_DATA_SIZE - -Increases BL2_DATA_SIZE to accommodate the changes in -metadata_write/read. - -Signed-off-by: Emekcan Aras <emekcan.aras@arm.com> -Upstream-Status: Submitted [https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/24103] - ---- - platform/ext/target/arm/corstone1000/partition/region_defs.h | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/platform/ext/target/arm/corstone1000/partition/region_defs.h b/platform/ext/target/arm/corstone1000/partition/region_defs.h -index abfac39b62..e7f0bad2ba 100644 ---- a/platform/ext/target/arm/corstone1000/partition/region_defs.h -+++ b/platform/ext/target/arm/corstone1000/partition/region_defs.h -@@ -90,9 +90,10 @@ - #define BL2_CODE_SIZE (IMAGE_BL2_CODE_SIZE) - #define BL2_CODE_LIMIT (BL2_CODE_START + BL2_CODE_SIZE - 1) - -+#define BL2_DATA_ADDITIONAL 448 /* To increase the BL2_DATA_SIZE more than the default value */ - #define BL2_DATA_START (BOOT_TFM_SHARED_DATA_BASE + \ - BOOT_TFM_SHARED_DATA_SIZE) --#define BL2_DATA_SIZE (BL2_CODE_START - BL2_HEADER_SIZE - BL2_DATA_START) -+#define BL2_DATA_SIZE (BL2_CODE_START - BL2_HEADER_SIZE - BL2_DATA_START + BL2_DATA_ADDITIONAL) - #define BL2_DATA_LIMIT (BL2_DATA_START + BL2_DATA_SIZE - 1) - - /* SE BL1 regions */ diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0002-platform-corstone1000-Cover-S_DATA-with-MPU.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0002-platform-corstone1000-Cover-S_DATA-with-MPU.patch new file mode 100644 index 0000000000..6676acf8b7 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0002-platform-corstone1000-Cover-S_DATA-with-MPU.patch @@ -0,0 +1,76 @@ +From ca7696bca357cfd71a34582c65a7c7c08828b6dc Mon Sep 17 00:00:00 2001 +From: Bence Balogh <bence.balogh@arm.com> +Date: Mon, 18 Dec 2023 14:00:14 +0100 +Subject: [PATCH 2/2] platform: corstone1000: Cover S_DATA with MPU + +The S_DATA has to be covered with MPU regions to override the +other MPU regions with smaller RNR values. + +Change-Id: I45fec65f51241939314941e25d287e6fdc82777c +Signed-off-by: Bence Balogh <bence.balogh@arm.com> +Upstream-Status: Submitted [https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/25583] + +--- + .../target/arm/corstone1000/CMakeLists.txt | 8 +++++++ + .../arm/corstone1000/tfm_hal_isolation.c | 22 +++++++++++++++++++ + 2 files changed, 30 insertions(+) + +diff --git a/platform/ext/target/arm/corstone1000/CMakeLists.txt b/platform/ext/target/arm/corstone1000/CMakeLists.txt +index 8817f514c..541504368 100644 +--- a/platform/ext/target/arm/corstone1000/CMakeLists.txt ++++ b/platform/ext/target/arm/corstone1000/CMakeLists.txt +@@ -40,6 +40,14 @@ target_compile_definitions(platform_region_defs + INTERFACE + TFM_LINKER_APP_ROT_LINKER_DATA_ALIGNMENT=0x2000 + TFM_LINKER_SP_META_PTR_ALIGNMENT=0x100 ++ ++ # The RAM MPU Region block sizes are calculated manually. The RAM has to be covered ++ # with the MPU regions. These regions also have to be the power of 2 and ++ # the start addresses have to be aligned to these sizes. The sizes can be calculated ++ # from the S_DATA_START and S_DATA_SIZE defines. ++ RAM_MPU_REGION_BLOCK_1_SIZE=0x4000 ++ RAM_MPU_REGION_BLOCK_2_SIZE=0x20000 ++ + ) + #========================= Platform common defs ===============================# + +diff --git a/platform/ext/target/arm/corstone1000/tfm_hal_isolation.c b/platform/ext/target/arm/corstone1000/tfm_hal_isolation.c +index 98e795dde..39b19c535 100644 +--- a/platform/ext/target/arm/corstone1000/tfm_hal_isolation.c ++++ b/platform/ext/target/arm/corstone1000/tfm_hal_isolation.c +@@ -15,6 +15,7 @@ + #include "mpu_config.h" + #include "mmio_defs.h" + #include "flash_layout.h" ++#include "region_defs.h" + + #define PROT_BOUNDARY_VAL \ + ((1U << HANDLE_ATTR_PRIV_POS) & HANDLE_ATTR_PRIV_MASK) +@@ -132,6 +133,27 @@ enum tfm_hal_status_t tfm_hal_set_up_static_boundaries( + + #endif + ++ /* Set the RAM attributes. It is needed because the first region overlaps the whole ++ * SRAM and it has to be overridden. ++ * The RAM_MPU_REGION_BLOCK_1_SIZE and RAM_MPU_REGION_BLOCK_2_SIZE are calculated manually ++ * and added to the platform_region_defs compile definitions. ++ */ ++ base = S_DATA_START; ++ limit = S_DATA_START + RAM_MPU_REGION_BLOCK_1_SIZE; ++ ret = configure_mpu(rnr++, base, limit, ++ XN_EXEC_NOT_OK, AP_RW_PRIV_UNPRIV); ++ if (ret != TFM_HAL_SUCCESS) { ++ return ret; ++ } ++ ++ base = S_DATA_START + RAM_MPU_REGION_BLOCK_1_SIZE; ++ limit = S_DATA_START + RAM_MPU_REGION_BLOCK_1_SIZE + RAM_MPU_REGION_BLOCK_2_SIZE; ++ ret = configure_mpu(rnr++, base, limit, ++ XN_EXEC_NOT_OK, AP_RW_PRIV_UNPRIV); ++ if (ret != TFM_HAL_SUCCESS) { ++ return ret; ++ } ++ + arm_mpu_enable(); + + #endif /* CONFIG_TFM_ENABLE_MEMORY_PROTECT */ diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0003-Platform-Corstone1000-Calculate-the-new-CRC32-value-.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0003-Platform-Corstone1000-Calculate-the-new-CRC32-value-.patch deleted file mode 100644 index 7a07c0c1ac..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0003-Platform-Corstone1000-Calculate-the-new-CRC32-value-.patch +++ /dev/null @@ -1,69 +0,0 @@ -From 88cfce2e04913d48ec8636b6a3550d71ebdd49c4 Mon Sep 17 00:00:00 2001 -From: Emekcan Aras <emekcan.aras@arm.com> -Date: Mon, 15 May 2023 10:47:27 +0100 -Subject: [PATCH] Platform: Corstone1000: Calculate the new CRC32 value after - changing the metadata - -Calculates the new CRC32 value for the metadata struct after chaing a value -during the capsule update. It also updates the CRC32 field in the metadata -so it doesn't fail the CRC check after a succesfull capsule update. -It also skips doing a sanity check the BL2 nv counter after the capsule -update since the tfm bl1 does not sync metadata and nv counters in OTP during -the boot anymore. - -Signed-off-by: Emekcan Aras <emekcan.aras@arm.com> -Upstream-Status: Submitted [https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/24104/7] - ---- - .../arm/corstone1000/fw_update_agent/fwu_agent.c | 10 +++++++--- - 1 file changed, 7 insertions(+), 3 deletions(-) - -diff --git a/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c b/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c -index afd8d66e42..f564f2902c 100644 ---- a/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c -+++ b/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c -@@ -802,6 +802,8 @@ static enum fwu_agent_error_t flash_full_capsule( - } - metadata->active_index = previous_active_index; - metadata->previous_active_index = active_index; -+ metadata->crc_32 = crc32((uint8_t *)&metadata->version, -+ sizeof(struct fwu_metadata) - sizeof(uint32_t)); - - ret = metadata_write(metadata); - if (ret) { -@@ -913,6 +915,8 @@ static enum fwu_agent_error_t accept_full_capsule( - if (ret) { - return ret; - } -+ metadata->crc_32 = crc32((uint8_t *)&metadata->version, -+ sizeof(struct fwu_metadata) - sizeof(uint32_t)); - - ret = metadata_write(metadata); - if (ret) { -@@ -1007,6 +1011,8 @@ static enum fwu_agent_error_t fwu_select_previous( - if (ret) { - return ret; - } -+ metadata->crc_32 = crc32((uint8_t *)&metadata->version, -+ sizeof(struct fwu_metadata) - sizeof(uint32_t)); - - ret = metadata_write(metadata); - if (ret) { -@@ -1119,8 +1125,7 @@ static enum fwu_agent_error_t update_nv_counters( - - FWU_LOG_MSG("%s: enter\n\r", __func__); - -- for (int i = 0; i <= FWU_MAX_NV_COUNTER_INDEX; i++) { -- -+ for (int i = 1; i <= FWU_MAX_NV_COUNTER_INDEX; i++) { - switch (i) { - case FWU_BL2_NV_COUNTER: - tfm_nv_counter_i = PLAT_NV_COUNTER_BL1_0; -@@ -1141,7 +1146,6 @@ static enum fwu_agent_error_t update_nv_counters( - if (err != TFM_PLAT_ERR_SUCCESS) { - return FWU_AGENT_ERROR; - } -- - if (priv_metadata->nv_counter[i] < security_cnt) { - return FWU_AGENT_ERROR; - } else if (priv_metadata->nv_counter[i] > security_cnt) { diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0003-Platform-corstone1000-Fix-issues-due-to-adjustment-M.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0003-Platform-corstone1000-Fix-issues-due-to-adjustment-M.patch new file mode 100644 index 0000000000..2360992101 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0003-Platform-corstone1000-Fix-issues-due-to-adjustment-M.patch @@ -0,0 +1,76 @@ +From f7b58b5ba5b48e071eb360c1bcfc4d31290a77c1 Mon Sep 17 00:00:00 2001 +From: Ali Can Ozaslan <ali.oezaslan@arm.com> +Date: Tue, 5 Mar 2024 21:01:59 +0000 +Subject: [PATCH] Platform:corstone1000:Fix issues due to adjustment Mailbox + Agent params + +Adjust Mailbox Agent API parameters patch changed memory check and +related parameters. As a result, platform-specific issues occurred. +Secure side client IDs are converted to negative values. Control +parameter is created. + +Signed-off-by: Bence Balogh <bence.balogh@arm.com> +Signed-off-by: Emekcan Aras <emekcan.aras@arm.com> +Signed-off-by: Ali Can Ozaslan <ali.oezaslan@arm.com> +Upstream-Status: Pending + +--- + .../tfm_spe_dual_core_psa_client_secure_lib.c | 23 +++++++++++++++---- + 1 file changed, 18 insertions(+), 5 deletions(-) + +diff --git a/platform/ext/target/arm/corstone1000/openamp/tfm_spe_dual_core_psa_client_secure_lib.c b/platform/ext/target/arm/corstone1000/openamp/tfm_spe_dual_core_psa_client_secure_lib.c +index d2eabe144..39e11b8cd 100644 +--- a/platform/ext/target/arm/corstone1000/openamp/tfm_spe_dual_core_psa_client_secure_lib.c ++++ b/platform/ext/target/arm/corstone1000/openamp/tfm_spe_dual_core_psa_client_secure_lib.c +@@ -18,6 +18,9 @@ + #include "utilities.h" + #include "thread.h" + ++#define SE_PROXY_SP_UID 0 ++#define SMM_GW_SP_UID 0x8003 ++ + /** + * In linux environment and for psa_call type client api, + * the layout of the reply from tf-m to linux is as following. +@@ -174,7 +177,14 @@ static psa_status_t prepare_params_for_psa_call(struct client_params_t *params, + { + psa_status_t ret = PSA_SUCCESS; + +- params->ns_client_id_stateless = s_map_entry->msg.client_id; ++ if (s_map_entry->msg.client_id == SE_PROXY_SP_UID) { ++ params->ns_client_id_stateless = -1; ++ } ++ else if (s_map_entry->msg.client_id == SMM_GW_SP_UID) { ++ params->ns_client_id_stateless = -1 * s_map_entry->msg.client_id; ++ } else { ++ params->ns_client_id_stateless = s_map_entry->msg.client_id; ++ } + + params->p_outvecs = NULL; + ret = alloc_and_prepare_out_vecs(¶ms->p_outvecs, s_map_entry); +@@ -250,6 +260,9 @@ void deliver_msg_to_tfm_spe(void *private) + struct client_params_t params = {0}; + psa_status_t psa_ret = PSA_ERROR_GENERIC_ERROR; + unordered_map_entry_t* s_map_entry = (unordered_map_entry_t*)private; ++ uint32_t control = PARAM_PACK(s_map_entry->msg.params.psa_call_params.type, ++ s_map_entry->msg.params.psa_call_params.in_len, ++ s_map_entry->msg.params.psa_call_params.out_len); + + switch(s_map_entry->msg.call_type) { + case OPENAMP_PSA_FRAMEWORK_VERSION: +@@ -266,11 +279,11 @@ void deliver_msg_to_tfm_spe(void *private) + send_service_reply_to_non_secure(psa_ret, s_map_entry); + break; + } ++ control = PARAM_SET_NS_INVEC(control); ++ control = PARAM_SET_NS_OUTVEC(control); ++ control = PARAM_SET_NS_VEC(control); + psa_ret = tfm_rpc_psa_call(s_map_entry->msg.params.psa_call_params.handle, +- PARAM_PACK(s_map_entry->msg.params.psa_call_params.type, +- s_map_entry->msg.params.psa_call_params.in_len, +- s_map_entry->msg.params.psa_call_params.out_len), +- ¶ms, NULL); ++ control, ¶ms, NULL); + if (psa_ret != PSA_SUCCESS) { + send_service_reply_to_non_secure(psa_ret, s_map_entry); + break; diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0004-arm-trusted-firmware-m-disable-fatal-warnings.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0004-arm-trusted-firmware-m-disable-fatal-warnings.patch deleted file mode 100644 index 07db4f6d59..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0004-arm-trusted-firmware-m-disable-fatal-warnings.patch +++ /dev/null @@ -1,24 +0,0 @@ -From 04ce07d289e8cec75223349e9ebf7e69126fc04d Mon Sep 17 00:00:00 2001 -From: Jon Mason <jon.mason@arm.com> -Date: Wed, 18 Jan 2023 15:13:37 -0500 -Subject: [PATCH] arm/trusted-firmware-m: disable fatal warnings - -Signed-off-by: Jon Mason <jon.mason@arm.com> -Upstream-Status: Inappropriate - ---- - toolchain_GNUARM.cmake | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/toolchain_GNUARM.cmake b/toolchain_GNUARM.cmake -index 7989718515..a5939323d6 100644 ---- a/toolchain_GNUARM.cmake -+++ b/toolchain_GNUARM.cmake -@@ -71,7 +71,6 @@ macro(tfm_toolchain_reset_linker_flags) - --entry=Reset_Handler - -specs=nano.specs - LINKER:-check-sections -- LINKER:-fatal-warnings - LINKER:--gc-sections - LINKER:--no-wchar-size-warning - ${MEMORY_USAGE_FLAG} diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0008-platform-corstone1000-align-capsule-update-structs.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0004-platform-corstone1000-align-capsule-update-structs.patch index 7aeecfa31b..7aeecfa31b 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0008-platform-corstone1000-align-capsule-update-structs.patch +++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0004-platform-corstone1000-align-capsule-update-structs.patch diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0005-Platform-corstone1000-add-unique-firmware-GUID.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0005-Platform-corstone1000-add-unique-firmware-GUID.patch deleted file mode 100644 index e4eba624ad..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0005-Platform-corstone1000-add-unique-firmware-GUID.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 3004fda909079ebebd62c495a4e49e64d6c8a85f Mon Sep 17 00:00:00 2001 -From: Anusmita Dutta Mazumder <anusmita.duttamazumder@arm.com> -Date: Tue, 8 Aug 2023 10:58:01 +0000 -Subject: [PATCH] Platform corstone1000 add unique firmware GUID - -Add unique Corstone-1000 firmware GUID - -Signed-off-by: Anusmita Dutta Mazumder <anusmita.duttamazumder@arm.com> -Upstream-Status: Submitted [https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/24132/3] ---- - .../target/arm/corstone1000/fw_update_agent/fwu_agent.c | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c b/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c -index f564f2902c..9c31aeee9d 100644 ---- a/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c -+++ b/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c -@@ -113,10 +113,10 @@ enum fwu_agent_state_t { - }; - - struct efi_guid full_capsule_image_guid = { -- .time_low = 0xe2bb9c06, -- .time_mid = 0x70e9, -- .time_hi_and_version = 0x4b14, -- .clock_seq_and_node = {0x97, 0xa3, 0x5a, 0x79, 0x13, 0x17, 0x6e, 0x3f} -+ .time_low = 0x989f3a4e, -+ .time_mid = 0x46e0, -+ .time_hi_and_version = 0x4cd0, -+ .clock_seq_and_node = {0x98, 0x77, 0xa2, 0x5c, 0x70, 0xc0, 0x13, 0x29} - }; - - --- -2.38.1 - diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0009-platform-corstone1000-fix-synchronization-issue-on-o.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0005-platform-corstone1000-fix-synchronization-issue-on-o.patch index be6bde6f8a..be6bde6f8a 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0009-platform-corstone1000-fix-synchronization-issue-on-o.patch +++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0005-platform-corstone1000-fix-synchronization-issue-on-o.patch diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0006-Platform-Corstone1000-Enable-Signed-Capsule.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0006-Platform-Corstone1000-Enable-Signed-Capsule.patch deleted file mode 100644 index f805a44d52..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0006-Platform-Corstone1000-Enable-Signed-Capsule.patch +++ /dev/null @@ -1,102 +0,0 @@ -From fa0988fd876400dc1bb451fffc4b167265b40d25 Mon Sep 17 00:00:00 2001 -From: Emekcan Aras <emekcan.aras@arm.com> -Date: Thu, 14 Sep 2023 12:14:28 +0100 -Subject: [PATCH] Platform: Corstone1000: Enable Signed Capsule - -Enables signed capsule update and adjusts the necessary structs (fmp_payload_header -, image_auth, etc.) to comply with the new capsule generation tool (mkeficapsule). - -Signed-off-by: Emekcan Aras <emekcan.aras@arm.com> -Upstream-Status: Submitted [https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/24131/3] ---- - .../fw_update_agent/uefi_capsule_parser.c | 25 +++++++++++-------- - .../fw_update_agent/uefi_capsule_parser.h | 2 ++ - 2 files changed, 17 insertions(+), 10 deletions(-) - -diff --git a/platform/ext/target/arm/corstone1000/fw_update_agent/uefi_capsule_parser.c b/platform/ext/target/arm/corstone1000/fw_update_agent/uefi_capsule_parser.c -index b72ff1eb91..c706c040ac 100644 ---- a/platform/ext/target/arm/corstone1000/fw_update_agent/uefi_capsule_parser.c -+++ b/platform/ext/target/arm/corstone1000/fw_update_agent/uefi_capsule_parser.c -@@ -102,11 +102,9 @@ enum uefi_capsule_error_t uefi_capsule_retrieve_images(void* capsule_ptr, - } - - capsule_header = (efi_capsule_header_t*)ptr; -- ptr += sizeof(efi_capsule_header_t) + sizeof(uint32_t); -+ ptr += sizeof(efi_capsule_header_t); - fmp_capsule_header = (efi_firmware_management_capsule_header_t*)ptr; - -- fmp_payload_header = fmp_capsule_header + sizeof(*fmp_capsule_header); -- - total_size = capsule_header->capsule_image_size; - image_count = fmp_capsule_header->payload_item_count; - images_info->nr_image = image_count; -@@ -119,22 +117,20 @@ enum uefi_capsule_error_t uefi_capsule_retrieve_images(void* capsule_ptr, - } - - for (int i = 0; i < image_count; i++) { -- - image_header = (efi_firmware_management_capsule_image_header_t*)(ptr + - fmp_capsule_header->item_offset_list[i]); - - images_info->size[i] = image_header->update_image_size; -- images_info->version[i] = fmp_payload_header->fw_version; -- FWU_LOG_MSG("%s: image %i version = %u\n\r", __func__, i, -- images_info->version[i]); -+ - #ifdef AUTHENTICATED_CAPSULE - image_auth = (efi_firmware_image_authentication_t*)( - (char*)image_header + - sizeof (efi_firmware_management_capsule_image_header_t) - ); - auth_size = sizeof(uint64_t) /* monotonic_count */ + -- image_auth->auth_info.hdr.dwLength /* WIN_CERTIFICATE + cert_data */ + -- sizeof(struct efi_guid) /* cert_type */; -+ image_auth->auth_info.hdr.dwLength/* WIN_CERTIFICATE + cert_data + cert_type */; -+ -+ fmp_payload_header = (fmp_payload_header_t*)((char*)image_auth + auth_size); - - FWU_LOG_MSG("%s: auth size = %u\n\r", __func__, auth_size); - -@@ -143,16 +139,25 @@ enum uefi_capsule_error_t uefi_capsule_retrieve_images(void* capsule_ptr, - images_info->image[i] = ( - (char*)image_header + - sizeof(efi_firmware_management_capsule_image_header_t) + -- auth_size); -+ auth_size + -+ sizeof(*fmp_payload_header)); - #else - images_info->image[i] = ( - (char*)image_header + - sizeof(efi_firmware_management_capsule_image_header_t) + - sizeof(*fmp_payload_header)); -+ -+ fmp_payload_header = (fmp_payload_header_t*)((char*)image_header + -+ sizeof(efi_firmware_management_capsule_image_header_t)); -+ - #endif - memcpy(&images_info->guid[i], &(image_header->update_image_type_id), - sizeof(struct efi_guid)); - -+ images_info->version[i] = fmp_payload_header->fw_version; -+ FWU_LOG_MSG("%s: image %i version = %d\n\r", __func__, i, -+ images_info->version[i]); -+ - FWU_LOG_MSG("%s: image %d at %p, size=%u\n\r", __func__, i, - images_info->image[i], images_info->size[i]); - -diff --git a/platform/ext/target/arm/corstone1000/fw_update_agent/uefi_capsule_parser.h b/platform/ext/target/arm/corstone1000/fw_update_agent/uefi_capsule_parser.h -index a890a709e9..a31cd8a3a0 100644 ---- a/platform/ext/target/arm/corstone1000/fw_update_agent/uefi_capsule_parser.h -+++ b/platform/ext/target/arm/corstone1000/fw_update_agent/uefi_capsule_parser.h -@@ -12,6 +12,8 @@ - #include "fip_parser/external/uuid.h" - #include "flash_layout.h" - -+#define AUTHENTICATED_CAPSULE 1 -+ - enum uefi_capsule_error_t { - UEFI_CAPSULE_PARSER_SUCCESS = 0, - UEFI_CAPSULE_PARSER_ERROR = (-1) --- -2.17.1 - diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0006-Platform-Corstone1000-skip-the-first-nv-counter.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0006-Platform-Corstone1000-skip-the-first-nv-counter.patch new file mode 100644 index 0000000000..4c486e69f2 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0006-Platform-Corstone1000-skip-the-first-nv-counter.patch @@ -0,0 +1,33 @@ +From 001e5bea183bc78352ac3ba6283d9d7912bb6ea5 Mon Sep 17 00:00:00 2001 +From: Emekcan Aras <Emekcan.Aras@arm.com> +Date: Wed, 21 Feb 2024 07:44:25 +0000 +Subject: [PATCH] Platform: Corstone1000: skip the first nv counter + +It skips doing a sanity check the BL2 nv counter after the capsule +update since the tfm bl1 does not sync metadata and nv counters in OTP during +the boot anymore. + +Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com> +Upstream-Status: Pending + +--- + .../ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c b/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c +index 2e6de255b..2e6cf8047 100644 +--- a/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c ++++ b/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c +@@ -1125,7 +1125,7 @@ static enum fwu_agent_error_t update_nv_counters( + + FWU_LOG_MSG("%s: enter\n\r", __func__); + +- for (int i = 0; i <= FWU_MAX_NV_COUNTER_INDEX; i++) { ++ for (int i = 1; i <= FWU_MAX_NV_COUNTER_INDEX; i++) { + + switch (i) { + case FWU_BL2_NV_COUNTER: +-- +2.25.1 + + diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0007-platform-corstone1000-increase-ITS-max-asset-size.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0007-platform-corstone1000-increase-ITS-max-asset-size.patch deleted file mode 100644 index 97cd14dabb..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0007-platform-corstone1000-increase-ITS-max-asset-size.patch +++ /dev/null @@ -1,29 +0,0 @@ -From ef97f7083279565dab45a550139935d741f159a9 Mon Sep 17 00:00:00 2001 -From: Emekcan Aras <emekcan.aras@arm.com> -Date: Fri, 29 Sep 2023 09:57:19 +0100 -Subject: [PATCH] platform: corstone1000: Increase ITS max asset size - -Increases the max asset size for ITS to enable parsec services & tests - -Upstream-Status: Pending -Signed-off-by: Emekcan Aras <emekcan.aras@arm.com> -Signed-off-by: Vikas Katariya <vikas.katariya@arm.com> ---- - platform/ext/target/arm/corstone1000/config_tfm_target.h | 5 +++++ - 1 files changed, 5 insertions(+) - -diff --git a/platform/ext/target/arm/corstone1000/config_tfm_target.h b/platform/ext/target/arm/corstone1000/config_tfm_target.h -index e968366639..3f6e8477e5 100644 ---- a/platform/ext/target/arm/corstone1000/config_tfm_target.h -+++ b/platform/ext/target/arm/corstone1000/config_tfm_target.h -@@ -24,4 +24,9 @@ - #undef PS_NUM_ASSETS - #define PS_NUM_ASSETS 20 - -+/* The maximum size of asset to be stored in the Internal Trusted Storage area. */ -+#undef ITS_MAX_ASSET_SIZE -+#define ITS_MAX_ASSET_SIZE 2048 -+ -+ - #endif /* __CONFIG_TFM_TARGET_H__ */ ---
\ No newline at end of file diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-1.8.1-src.inc b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-1.8.1-src.inc deleted file mode 100644 index f7e202ad70..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-1.8.1-src.inc +++ /dev/null @@ -1,46 +0,0 @@ -# Common src definitions for trusted-firmware-m and trusted-firmware-m-scripts - -LICENSE = "BSD-2-Clause & BSD-3-Clause & Apache-2.0" - -LIC_FILES_CHKSUM = "file://license.rst;md5=07f368487da347f3c7bd0fc3085f3afa \ - file://../tf-m-tests/license.rst;md5=4481bae2221b0cfca76a69fb3411f390 \ - file://../mbedtls/LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57 \ - file://../mcuboot/LICENSE;md5=b6ee33f1d12a5e6ee3de1e82fb51eeb8" - -SRC_URI_TRUSTED_FIRMWARE_M ?= "git://git.trustedfirmware.org/TF-M/trusted-firmware-m.git;protocol=https" -SRC_URI_TRUSTED_FIRMWARE_M_TESTS ?= "git://git.trustedfirmware.org/TF-M/tf-m-tests.git;protocol=https" -SRC_URI_TRUSTED_FIRMWARE_M_MBEDTLS ?= "git://github.com/ARMmbed/mbedtls.git;protocol=https" -SRC_URI_TRUSTED_FIRMWARE_M_MCUBOOT ?= "git://github.com/mcu-tools/mcuboot.git;protocol=https" -SRC_URI_TRUSTED_FIRMWARE_M_QCBOR ?= "git://github.com/laurencelundblade/QCBOR.git;protocol=https" -SRC_URI_TRUSTED_FIRMWARE_M_EXTRAS ?= "git://git.trustedfirmware.org/TF-M/tf-m-extras.git;protocol=https" -SRC_URI = "${SRC_URI_TRUSTED_FIRMWARE_M};branch=${SRCBRANCH_tfm};name=tfm;destsuffix=git/tfm \ - ${SRC_URI_TRUSTED_FIRMWARE_M_TESTS};branch=${SRCBRANCH_tfm-tests};name=tfm-tests;destsuffix=git/tf-m-tests \ - ${SRC_URI_TRUSTED_FIRMWARE_M_MBEDTLS};branch=${SRCBRANCH_mbedtls};name=mbedtls;destsuffix=git/mbedtls \ - ${SRC_URI_TRUSTED_FIRMWARE_M_MCUBOOT};branch=${SRCBRANCH_mcuboot};name=mcuboot;destsuffix=git/mcuboot \ - ${SRC_URI_TRUSTED_FIRMWARE_M_QCBOR};branch=${SRCBRANCH_qcbor};name=qcbor;destsuffix=git/qcbor \ - ${SRC_URI_TRUSTED_FIRMWARE_M_EXTRAS};branch=${SRCBRANCH_tfm-extras};name=tfm-extras;destsuffix=git/tfm-extras \ - " - -# The required dependencies are documented in tf-m/config/config_default.cmake -# TF-Mv1.8.1 -SRCBRANCH_tfm ?= "master" -SRCREV_tfm = "53aa78efef274b9e46e63b429078ae1863609728" -# TF-Mv1.8.1 -SRCBRANCH_tfm-tests ?= "master" -SRCREV_tfm-tests = "1273c5bcd3d8ade60d51524797e0b22b6fd7eea1" -# mbedtls-3.4.1 -SRCBRANCH_mbedtls ?= "master" -SRCREV_mbedtls = "72718dd87e087215ce9155a826ee5a66cfbe9631" -# mcuboot v1.10.0 -SRCBRANCH_mcuboot ?= "main" -SRCREV_mcuboot = "23d28832f02dcdc18687782c6cd8ba99e9b274d2" -# QCBOR v1.2 -SRCBRANCH_qcbor ?= "master" -SRCREV_qcbor = "b0e7033268e88c9f27146fa9a1415ef4c19ebaff" -# TF-Mv1.8.1 -SRCBRANCH_tfm-extras ?= "master" -SRCREV_tfm-extras = "504ae9a9a50981e9dd4d8accec8261a1dba9e965" - -SRCREV_FORMAT = "tfm" - -S = "${WORKDIR}/git/tfm" diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-corstone1000.inc b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-corstone1000.inc index 19ad289710..716d3f1c77 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-corstone1000.inc +++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-corstone1000.inc @@ -9,13 +9,14 @@ TFM_DEBUG = "1" ## Default is the MPS3 board TFM_PLATFORM_IS_FVP ?= "FALSE" EXTRA_OECMAKE += "-DPLATFORM_IS_FVP=${TFM_PLATFORM_IS_FVP}" -EXTRA_OECMAKE += "-DCC312_LEGACY_DRIVER_API_ENABLED=ON" +EXTRA_OECMAKE += "-DCC312_LEGACY_DRIVER_API_ENABLED=OFF" # libmetal v2023.04.0 LICENSE += "& BSD-3-Clause" LIC_FILES_CHKSUM += "file://../libmetal/LICENSE.md;md5=f4d5df0f12dcea1b1a0124219c0dbab4" SRC_URI += "git://github.com/OpenAMP/libmetal.git;protocol=https;branch=main;name=libmetal;destsuffix=git/libmetal \ file://0001-cmake-modify-path-to-libmetal-version-file.patch;patchdir=../libmetal \ + file://0002-arm-trusted-firmware-m-disable-address-warnings-into.patch \ " SRCREV_libmetal = "28fa2351d6a8121ce6c1c2ac5ee43ce08d38dbae" EXTRA_OECMAKE += "-DLIBMETAL_SRC_PATH=${S}/../libmetal -DLIBMETAL_BIN_PATH=${B}/libmetal-build" @@ -32,15 +33,12 @@ EXTRA_OECMAKE += "-DLIBOPENAMP_SRC_PATH=${S}/../openamp -DLIBOPENAMP_BIN_PATH=${ FILESEXTRAPATHS:prepend := "${THISDIR}/files:" SRC_URI:append:corstone1000 = " \ - file://0001-Platform-corstone1000-Increase-BL2-size-in-flash-lay.patch \ - file://0002-Platform-Corstone1000-Increase-BL2_DATA_SIZE.patch \ - file://0003-Platform-Corstone1000-Calculate-the-new-CRC32-value-.patch \ - file://0004-arm-trusted-firmware-m-disable-fatal-warnings.patch \ - file://0005-Platform-corstone1000-add-unique-firmware-GUID.patch \ - file://0006-Platform-Corstone1000-Enable-Signed-Capsule.patch \ - file://0007-platform-corstone1000-increase-ITS-max-asset-size.patch \ - file://0008-platform-corstone1000-align-capsule-update-structs.patch \ - file://0009-platform-corstone1000-fix-synchronization-issue-on-o.patch \ + file://0001-platform-corstone1000-Update-MPU-configuration.patch \ + file://0002-platform-corstone1000-Cover-S_DATA-with-MPU.patch \ + file://0003-Platform-corstone1000-Fix-issues-due-to-adjustment-M.patch \ + file://0004-platform-corstone1000-align-capsule-update-structs.patch \ + file://0005-platform-corstone1000-fix-synchronization-issue-on-o.patch \ + file://0006-Platform-Corstone1000-skip-the-first-nv-counter.patch \ " # TF-M ships patches for external dependencies that needs to be applied @@ -54,10 +52,10 @@ apply_tfm_patches() { do_patch[postfuncs] += "apply_tfm_patches" do_install() { - install -D -p -m 0644 ${B}/install/outputs/tfm_s_signed.bin ${D}/firmware/tfm_s_signed.bin - install -D -p -m 0644 ${B}/install/outputs/bl2_signed.bin ${D}/firmware/bl2_signed.bin - install -D -p -m 0644 ${B}/install/outputs/bl1_1.bin ${D}/firmware/bl1_1.bin - install -D -p -m 0644 ${B}/install/outputs/bl1_provisioning_bundle.bin ${D}/firmware/bl1_provisioning_bundle.bin + install -D -p -m 0644 ${B}/bin/tfm_s_signed.bin ${D}/firmware/tfm_s_signed.bin + install -D -p -m 0644 ${B}/bin/bl2_signed.bin ${D}/firmware/bl2_signed.bin + install -D -p -m 0644 ${B}/bin/bl1_1.bin ${D}/firmware/bl1_1.bin + install -D -p -m 0644 ${B}/bin/bl1_provisioning_bundle.bin ${D}/firmware/bl1_provisioning_bundle.bin } create_bl1_image(){ diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-scripts-native_1.8.1.bb b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-scripts-native_1.8.1.bb deleted file mode 100644 index d50d886f60..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-scripts-native_1.8.1.bb +++ /dev/null @@ -1,2 +0,0 @@ -require recipes-bsp/trusted-firmware-m/trusted-firmware-m-${PV}-src.inc -require recipes-bsp/trusted-firmware-m/trusted-firmware-m-scripts-native.inc diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.8.1.bb b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.8.1.bb deleted file mode 100644 index 3464f49dd9..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.8.1.bb +++ /dev/null @@ -1,2 +0,0 @@ -require recipes-bsp/trusted-firmware-m/trusted-firmware-m-${PV}-src.inc -require recipes-bsp/trusted-firmware-m/trusted-firmware-m.inc diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot-corstone1000.inc b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot-corstone1000.inc index 2585ff25bf..c7172d6f87 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot-corstone1000.inc +++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot-corstone1000.inc @@ -58,6 +58,7 @@ SRC_URI:append = " \ file://0040-fix-runtime-capsule-update-flags-checks.patch \ file://0041-scatter-gather-flag-workaround.patch \ file://0042-corstone1000-enable-virtio-net-support.patch \ + file://0043-firmware-psci-Fix-bind_smccc_features-psci-check.patch \ " do_configure:append() { diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0043-firmware-psci-Fix-bind_smccc_features-psci-check.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0043-firmware-psci-Fix-bind_smccc_features-psci-check.patch new file mode 100644 index 0000000000..70d684b563 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0043-firmware-psci-Fix-bind_smccc_features-psci-check.patch @@ -0,0 +1,60 @@ +Subject: [PATCH v4 1/3] firmware: psci: Fix bind_smccc_features psci check +Date: Mon, 4 Mar 2024 14:42:40 +0000 [thread overview] +Message-ID: <20240304144242.11666-2-o451686892@gmail.com> (raw) +In-Reply-To: <20240304144242.11666-1-o451686892@gmail.com> + +According to PSCI specification DEN0022F, PSCI_FEATURES is used to check +whether the SMCCC is implemented by discovering SMCCC_VERSION. + +Signed-off-by: Weizhao Ouyang <o451686892@gmail.com> +Signed-off-by: Bence Balogh <bence.balogh@arm.com> +Upstream-Status: Submitted [https://lore.kernel.org/all/20240304144242.11666-2-o451686892@gmail.com/] +--- +v3: remove fallback smc call +v2: check SMCCC_ARCH_FEATURES +--- + drivers/firmware/psci.c | 5 ++++- + include/linux/arm-smccc.h | 6 ++++++ + 2 files changed, 10 insertions(+), 1 deletion(-) + +diff --git a/drivers/firmware/psci.c b/drivers/firmware/psci.c +index c6b9efab41..03544d76ed 100644 +--- a/drivers/firmware/psci.c ++++ b/drivers/firmware/psci.c +@@ -135,10 +135,13 @@ static int bind_smccc_features(struct udevice *dev, int psci_method) + PSCI_VERSION_MAJOR(psci_0_2_get_version()) == 0) + return 0; + +- if (request_psci_features(ARM_SMCCC_ARCH_FEATURES) == ++ if (request_psci_features(ARM_SMCCC_VERSION) == + PSCI_RET_NOT_SUPPORTED) + return 0; + ++ if (invoke_psci_fn(ARM_SMCCC_VERSION, 0, 0, 0) < ARM_SMCCC_VERSION_1_1) ++ return 0; ++ + if (psci_method == PSCI_METHOD_HVC) + pdata->invoke_fn = smccc_invoke_hvc; + else +diff --git a/include/linux/arm-smccc.h b/include/linux/arm-smccc.h +index f44e9e8f93..da3d29aabe 100644 +--- a/include/linux/arm-smccc.h ++++ b/include/linux/arm-smccc.h +@@ -55,8 +55,14 @@ + #define ARM_SMCCC_QUIRK_NONE 0 + #define ARM_SMCCC_QUIRK_QCOM_A6 1 /* Save/restore register a6 */ + ++#define ARM_SMCCC_VERSION 0x80000000 + #define ARM_SMCCC_ARCH_FEATURES 0x80000001 + ++#define ARM_SMCCC_VERSION_1_0 0x10000 ++#define ARM_SMCCC_VERSION_1_1 0x10001 ++#define ARM_SMCCC_VERSION_1_2 0x10002 ++#define ARM_SMCCC_VERSION_1_3 0x10003 ++ + #define ARM_SMCCC_RET_NOT_SUPPORTED ((unsigned long)-1) + + #ifndef __ASSEMBLY__ +-- +2.40.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/uefi/edk2-firmware_202305.bb b/meta-arm/meta-arm-bsp/recipes-bsp/uefi/edk2-firmware_202305.bb deleted file mode 100644 index 23325503a1..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-bsp/uefi/edk2-firmware_202305.bb +++ /dev/null @@ -1,7 +0,0 @@ -SRCREV_edk2 ?= "ba91d0292e593df8528b66f99c1b0b14fadc8e16" -SRCREV_edk2-platforms ?= "be2af02a3fb202756ed9855173e0d0ed878ab6be" - -# FIXME - clang is having issues with antlr -TOOLCHAIN:aarch64 = "gcc" - -require recipes-bsp/uefi/edk2-firmware.inc diff --git a/meta-arm/meta-arm/recipes-bsp/uefi/edk2-firmware_202311.bb b/meta-arm/meta-arm-bsp/recipes-bsp/uefi/edk2-firmware_202311.bb index aa11cfd1c6..aa11cfd1c6 100644 --- a/meta-arm/meta-arm/recipes-bsp/uefi/edk2-firmware_202311.bb +++ b/meta-arm/meta-arm-bsp/recipes-bsp/uefi/edk2-firmware_202311.bb diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/uefi/files/n1sdp/0009-Platform-ARM-N1Sdp-Reserve-OP-TEE-Region-from-UEFI.patch b/meta-arm/meta-arm-bsp/recipes-bsp/uefi/files/n1sdp/0009-Platform-ARM-N1Sdp-Reserve-OP-TEE-Region-from-UEFI.patch index 0fdf9ee308..6105e9a63a 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/uefi/files/n1sdp/0009-Platform-ARM-N1Sdp-Reserve-OP-TEE-Region-from-UEFI.patch +++ b/meta-arm/meta-arm-bsp/recipes-bsp/uefi/files/n1sdp/0009-Platform-ARM-N1Sdp-Reserve-OP-TEE-Region-from-UEFI.patch @@ -1,15 +1,14 @@ -From f2a76d6595b31b0bc1be7029277676af1b1cc3d3 Mon Sep 17 00:00:00 2001 +From 60dfd5bb8f25fa5f0b6c07c3098836bec1668c19 Mon Sep 17 00:00:00 2001 From: Mariam Elshakfy <mariam.elshakfy@arm.com> -Date: Wed, 11 Oct 2023 16:18:22 +0000 +Date: Thu, 14 Mar 2024 14:47:27 +0000 Subject: [PATCH] Platform/ARM/N1Sdp: Reserve OP-TEE Region from UEFI To enable cache on N1SDP, OP-TEE has to be moved to run from DDR4 memory. Since this memory is known to application side, it must be reserved -Upstream-Status: Pending (not yet submitted to upstream) +Upstream-Status: Inappropriate [will not be submitted as it's a workaround to address hardware issue] Signed-off-by: Mariam Elshakfy <mariam.elshakfy@arm.com> - --- .../Library/PlatformLib/PlatformLib.inf | 3 +++ .../Library/PlatformLib/PlatformLibMem.c | 13 +++++++++++++ @@ -68,3 +67,6 @@ index 9e257ebde0..587319262a 100644 +
[Ppis]
gNtFwConfigDtInfoPpiGuid = { 0xb50dee0e, 0x577f, 0x47fb, { 0x83, 0xd0, 0x41, 0x78, 0x61, 0x8b, 0x33, 0x8a } }
+-- +2.38.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0009-plat-corstone1000-fmp-client-id.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0009-plat-corstone1000-fmp-client-id.patch new file mode 100644 index 0000000000..2fb91f6284 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0009-plat-corstone1000-fmp-client-id.patch @@ -0,0 +1,45 @@ +From 52d962239207bd06827c18d0ed21abdc2002337f Mon Sep 17 00:00:00 2001 +From: emeara01 <emekcan.aras@arm.com> +Date: Thu, 7 Mar 2024 10:24:42 +0000 +Subject: [PATCH] plat: corstone1000: add client_id for FMP service + +Corstone1000 uses trusted-firmware-m as secure enclave software component. Due +to the changes in TF-M 2.0, psa services requires a seperate client_id now. +This commit adds smm-gateway-sp client id to the FMP services since FMP structure +accessed by u-boot via smm-gateway-sp. + +Signed-off-by: emeara01 <emekcan.aras@arm.com> +Upstream-Status: Inappropriate [Design is to revisted] +--- + .../capsule_update/provider/corstone1000_fmp_service.c | 5 ++++--- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/components/service/capsule_update/provider/corstone1000_fmp_service.c b/components/service/capsule_update/provider/corstone1000_fmp_service.c +index d811af9f..354d025f 100644 +--- a/components/service/capsule_update/provider/corstone1000_fmp_service.c ++++ b/components/service/capsule_update/provider/corstone1000_fmp_service.c +@@ -33,6 +33,7 @@ + EFI_VARIABLE_APPEND_WRITE) + + #define FMP_VARIABLES_COUNT 6 ++#define SMM_GW_SP_ID 0x8003 + + static struct variable_metadata fmp_variables_metadata[FMP_VARIABLES_COUNT] = { + { +@@ -91,7 +92,7 @@ static psa_status_t protected_storage_set(struct rpc_caller *caller, + { .base = psa_ptr_to_u32(&create_flags), .len = sizeof(create_flags) }, + }; + +- psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE, TFM_PS_ITS_SET, ++ psa_status = psa_call_client_id(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE, SMM_GW_SP_ID,TFM_PS_ITS_SET, + in_vec, IOVEC_LEN(in_vec), NULL, 0); + if (psa_status < 0) + EMSG("ipc_set: psa_call failed: %d", psa_status); +@@ -114,7 +115,7 @@ static psa_status_t protected_storage_get(struct rpc_caller *caller, + { .base = psa_ptr_to_u32(p_data), .len = data_size }, + }; + +- psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE, ++ psa_status = psa_call_client_id(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE, SMM_GW_SP_ID, + TFM_PS_ITS_GET, in_vec, IOVEC_LEN(in_vec), + out_vec, IOVEC_LEN(out_vec)); diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc index 3c7e94e6ea..80a580569f 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc @@ -10,6 +10,7 @@ SRC_URI:append:corstone1000 = " \ file://0006-plat-corstone1000-Use-the-stateless-platform-service.patch \ file://0007-plat-corstone1000-Initialize-capsule-update-provider.patch \ file://0008-platform-corstone1000-fix-synchronization-issue.patch \ + file://0009-plat-corstone1000-fmp-client-id.patch \ " diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-block-storage_%.bbappend b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-block-storage_%.bbappend new file mode 100644 index 0000000000..5c9ef210ec --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-block-storage_%.bbappend @@ -0,0 +1 @@ +require ts-arm-platforms.inc diff --git a/meta-arm/meta-arm-bsp/wic/corstone1000-flash-firmware.wks.in b/meta-arm/meta-arm-bsp/wic/corstone1000-flash-firmware.wks.in index 88559dee9a..6919afd0c4 100644 --- a/meta-arm/meta-arm-bsp/wic/corstone1000-flash-firmware.wks.in +++ b/meta-arm/meta-arm-bsp/wic/corstone1000-flash-firmware.wks.in @@ -17,7 +17,7 @@ part --source empty --size 4k --align 4 --offset 32k --part-name="private_metada part --source rawcopy --size 100k --sourceparams="file=bl2_signed.bin" --offset 36k --align 4 --part-name="bl2_primary" --uuid 9A3A8FBF-55EF-439C-80C9-A3F728033929 --part-type 64BD8ADB-02C0-4819-8688-03AB4CAB0ED9 -part --source rawcopy --size 376k --sourceparams="file=tfm_s_signed.bin" --align 4 --part-name="tfm_primary" --uuid 07F9616C-1233-439C-ACBA-72D75421BF70 --part-type D763C27F-07F6-4FF0-B2F3-060CB465CD4E +part --source rawcopy --size 368k --sourceparams="file=tfm_s_signed.bin" --align 4 --part-name="tfm_primary" --uuid 07F9616C-1233-439C-ACBA-72D75421BF70 --part-type D763C27F-07F6-4FF0-B2F3-060CB465CD4E # Rawcopy of the FIP binary part --source rawcopy --size 2 --sourceparams="file=signed_fip-corstone1000.bin" --align 4 --part-name="FIP_A" --uuid B9C7AC9D-40FF-4675-956B-EEF4DE9DF1C5 --part-type B5EB19BD-CF56-45E8-ABA7-7ADB228FFEA7 @@ -26,8 +26,8 @@ part --source rawcopy --size 2 --sourceparams="file=signed_fip-corstone1000.bin" part --source rawcopy --size 12 --sourceparams="file=Image.gz-initramfs-${MACHINE}.bin" --align 4 --part-name="kernel_primary" --uuid BF7A6142-0662-47FD-9434-6A8811980816 --part-type 8197561D-6124-46FC-921E-141CC5745B05 -part --source empty --size 100k --offset 16492k --align 4 --part-name="bl2_secondary" --uuid 3F0C49A4-48B7-4D1E-AF59-3E4A3CE1BA9F --part-type 64BD8ADB-02C0-4819-8688-03AB4CAB0ED9 -part --source empty --size 376k --align 4 --part-name="tfm_secondary" --uuid 009A6A12-64A6-4F0F-9882-57CD79A34A3D --part-type D763C27F-07F6-4FF0-B2F3-060CB465CD4E +part --source empty --size 100k --offset 16488k --align 4 --part-name="bl2_secondary" --uuid 3F0C49A4-48B7-4D1E-AF59-3E4A3CE1BA9F --part-type 64BD8ADB-02C0-4819-8688-03AB4CAB0ED9 +part --source empty --size 368k --align 4 --part-name="tfm_secondary" --uuid 009A6A12-64A6-4F0F-9882-57CD79A34A3D --part-type D763C27F-07F6-4FF0-B2F3-060CB465CD4E part --source empty --size 2 --align 4 --part-name="FIP_B" --uuid 9424E370-7BC9-43BB-8C23-71EE645E1273 --part-type B5EB19BD-CF56-45E8-ABA7-7ADB228FFEA7 part --source empty --size 12 --align 4 --part-name="kernel_secondary" --uuid A2698A91-F9B1-4629-9188-94E4520808F8 --part-type 8197561D-6124-46FC-921E-141CC5745B05 diff --git a/meta-arm/meta-arm-toolchain/recipes-devtools/external-arm-toolchain/gcc-aarch64-none-elf_13.2.Rel1.bb b/meta-arm/meta-arm-toolchain/recipes-devtools/external-arm-toolchain/gcc-aarch64-none-elf_13.2.Rel1.bb index 890efa7d0f..6262e76cae 100644 --- a/meta-arm/meta-arm-toolchain/recipes-devtools/external-arm-toolchain/gcc-aarch64-none-elf_13.2.Rel1.bb +++ b/meta-arm/meta-arm-toolchain/recipes-devtools/external-arm-toolchain/gcc-aarch64-none-elf_13.2.Rel1.bb @@ -17,5 +17,5 @@ SRC_URI[gcc-x86_64.sha256sum] = "7fe7b8548258f079d6ce9be9144d2a10bd2bf93b551dafb S = "${WORKDIR}/arm-gnu-toolchain-${PV}-${HOST_ARCH}-${BINNAME}" -UPSTREAM_CHECK_URI = "https://developer.arm.com/tools-and-software/open-source-software/developer-tools/gnu-toolchain/gnu-a/downloads" -UPSTREAM_CHECK_REGEX = "gcc-arm-(?P<pver>.+)-${HOST_ARCH}-${BINNAME}\.tar\.\w+" +UPSTREAM_CHECK_URI = "https://developer.arm.com/downloads/-/arm-gnu-toolchain-downloads" +UPSTREAM_CHECK_REGEX = "arm-gnu-toolchain-(?P<pver>\d+\.\d*\.[A-z]*\d*).*-${HOST_ARCH}-${BINNAME}\.tar\.\w+" diff --git a/meta-arm/meta-arm-toolchain/recipes-devtools/external-arm-toolchain/gcc-arm-none-eabi-11.2_11.2-2022.02.bb b/meta-arm/meta-arm-toolchain/recipes-devtools/external-arm-toolchain/gcc-arm-none-eabi-11.2_11.2-2022.02.bb deleted file mode 100644 index 7fab1e130c..0000000000 --- a/meta-arm/meta-arm-toolchain/recipes-devtools/external-arm-toolchain/gcc-arm-none-eabi-11.2_11.2-2022.02.bb +++ /dev/null @@ -1,23 +0,0 @@ -# Copyright (C) 2019 Garmin Ltd. or its subsidiaries -# Released under the MIT license (see COPYING.MIT for the terms) - -require arm-binary-toolchain.inc - -COMPATIBLE_HOST = "(x86_64|aarch64).*-linux" - -SUMMARY = "Arm GNU Toolchain - AArch32 bare-metal target (arm-none-eabi)" -LICENSE = "GPL-3.0-with-GCC-exception & GPL-3.0-only" - -LIC_FILES_CHKSUM:aarch64 = "file://share/doc/gcc/Copying.html;md5=be4f8b5ff7319cd54f6c52db5d6f36b0" -LIC_FILES_CHKSUM:x86-64 = "file://share/doc/gcc/Copying.html;md5=1f07179249795891179bb3798bac7887" - -BINNAME = "arm-none-eabi" - -SRC_URI = "https://developer.arm.com/-/media/Files/downloads/gnu/${PV}/binrel/gcc-arm-${PV}-${HOST_ARCH}-${BINNAME}.tar.xz;name=gcc-${HOST_ARCH}" -SRC_URI[gcc-aarch64.sha256sum] = "ef1d82e5894e3908cb7ed49c5485b5b95deefa32872f79c2b5f6f5447cabf55f" -SRC_URI[gcc-x86_64.sha256sum] = "8c5acd5ae567c0100245b0556941c237369f210bceb196edfe5a2e7532c60326" - -S = "${WORKDIR}/gcc-arm-${PV}-${HOST_ARCH}-${BINNAME}" - -UPSTREAM_CHECK_URI = "https://developer.arm.com/tools-and-software/open-source-software/developer-tools/gnu-toolchain/downloads" -UPSTREAM_CHECK_REGEX = "${BPN}-(?P<pver>.+)-${HOST_ARCH}-linux\.tar\.\w+" diff --git a/meta-arm/meta-arm-toolchain/recipes-devtools/external-arm-toolchain/gcc-arm-none-eabi_13.2.Rel1.bb b/meta-arm/meta-arm-toolchain/recipes-devtools/external-arm-toolchain/gcc-arm-none-eabi_13.2.Rel1.bb index 00390b5875..6569911df3 100644 --- a/meta-arm/meta-arm-toolchain/recipes-devtools/external-arm-toolchain/gcc-arm-none-eabi_13.2.Rel1.bb +++ b/meta-arm/meta-arm-toolchain/recipes-devtools/external-arm-toolchain/gcc-arm-none-eabi_13.2.Rel1.bb @@ -17,5 +17,5 @@ SRC_URI[gcc-x86_64.sha256sum] = "6cd1bbc1d9ae57312bcd169ae283153a9572bd6a8e4eeae S = "${WORKDIR}/arm-gnu-toolchain-${PV}-${HOST_ARCH}-${BINNAME}" -UPSTREAM_CHECK_URI = "https://developer.arm.com/tools-and-software/open-source-software/developer-tools/gnu-toolchain/downloads" -UPSTREAM_CHECK_REGEX = "${BPN}-(?P<pver>.+)-${HOST_ARCH}-linux\.tar\.\w+" +UPSTREAM_CHECK_URI = "https://developer.arm.com/downloads/-/arm-gnu-toolchain-downloads" +UPSTREAM_CHECK_REGEX = "arm-gnu-toolchain-(?P<pver>\d+\.\d*\.[A-z]*\d*).*-${HOST_ARCH}-${BINNAME}\.tar\.\w+" diff --git a/meta-arm/meta-arm/conf/layer.conf b/meta-arm/meta-arm/conf/layer.conf index af8275af16..9e9c9dbda1 100644 --- a/meta-arm/meta-arm/conf/layer.conf +++ b/meta-arm/meta-arm/conf/layer.conf @@ -19,3 +19,5 @@ LAYERSERIES_COMPAT_meta-arm = "nanbield scarthgap" HOSTTOOLS_NONFATAL += "telnet" addpylib ${LAYERDIR}/lib oeqa + +WARN_QA:append:layer-meta-arm = " patch-status" diff --git a/meta-arm/meta-arm/recipes-bsp/scp-firmware/scp-firmware_2.13.0.bb b/meta-arm/meta-arm/recipes-bsp/scp-firmware/scp-firmware_2.14.0.bb index 18867b0391..c0e40d903e 100644 --- a/meta-arm/meta-arm/recipes-bsp/scp-firmware/scp-firmware_2.13.0.bb +++ b/meta-arm/meta-arm/recipes-bsp/scp-firmware/scp-firmware_2.14.0.bb @@ -12,12 +12,13 @@ SRC_URI = "${SRC_URI_SCP_FIRMWARE};branch=${SRCBRANCH} \ " SRCBRANCH = "main" -SRCREV = "cc4c9e017348d92054f74026ee1beb081403c168" +SRCREV = "3267f2964114a56faaf46a40704be6ca78240725" PROVIDES += "virtual/control-processor-firmware" CMAKE_BUILD_TYPE ?= "RelWithDebInfo" SCP_PLATFORM ?= "${MACHINE}" +SCP_PRODUCT_GROUP ?= "." SCP_LOG_LEVEL ?= "WARN" SCP_PLATFORM_FEATURE_SET ?= "0" @@ -30,9 +31,6 @@ DEPENDS = "gcc-arm-none-eabi-native \ # For now we only build with GCC, so stop meta-clang trying to get involved TOOLCHAIN = "gcc" -# remove once arm-none-eabi-gcc updates to 13 or newer like poky -DEBUG_PREFIX_MAP:remove = "-fcanon-prefix-map" - inherit deploy B = "${WORKDIR}/build" @@ -61,7 +59,7 @@ do_configure() { for FW in ${FW_TARGETS}; do for TYPE in ${FW_INSTALL}; do bbnote Configuring ${SCP_PLATFORM}/${FW}_${TYPE}... - cmake -GNinja ${EXTRA_OECMAKE} -S ${S} -B "${B}/${TYPE}/${FW}" -D SCP_FIRMWARE_SOURCE_DIR:PATH="${SCP_PLATFORM}/${FW}_${TYPE}" + cmake -GNinja ${EXTRA_OECMAKE} -S ${S} -B "${B}/${TYPE}/${FW}" -D SCP_FIRMWARE_SOURCE_DIR:PATH="${SCP_PRODUCT_GROUP}/${SCP_PLATFORM}/${FW}_${TYPE}" done done } diff --git a/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/fiptool-native_2.10.0.bb b/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/fiptool-native_2.10.2.bb index e45ea9c4a6..d0c057a1e8 100644 --- a/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/fiptool-native_2.10.0.bb +++ b/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/fiptool-native_2.10.2.bb @@ -9,9 +9,9 @@ SRC_URI_TRUSTED_FIRMWARE_A ?= "git://git.trustedfirmware.org/TF-A/trusted-firmwa SRC_URI = "${SRC_URI_TRUSTED_FIRMWARE_A};destsuffix=fiptool-${PV};branch=${SRCBRANCH}" LIC_FILES_CHKSUM = "file://docs/license.rst;md5=b2c740efedc159745b9b31f88ff03dde" -# Use fiptool from TF-A v2.10.0 -SRCREV = "b6c0948400594e3cc4dbb5a4ef04b815d2675808" -SRCBRANCH = "master" +# Use fiptool from TF-A v2.10.2 +SRCREV = "a1be69e6c5db450f841f0edd9d734bf3cffb6621" +SRCBRANCH = "lts-v2.10" DEPENDS += "openssl-native" diff --git a/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.10.0.bb b/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.10.2.bb index 4f01984405..bf2a8c168c 100644 --- a/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.10.0.bb +++ b/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.10.2.bb @@ -1,12 +1,13 @@ require recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc -# TF-A v2.10.0 -SRCREV_tfa = "b6c0948400594e3cc4dbb5a4ef04b815d2675808" +# TF-A v2.10.2 +SRCREV_tfa = "a1be69e6c5db450f841f0edd9d734bf3cffb6621" +SRCBRANCH = "lts-v2.10" LIC_FILES_CHKSUM += "file://docs/license.rst;md5=b2c740efedc159745b9b31f88ff03dde" -# mbedtls-3.5.1 +# mbedtls-3.4.1 SRC_URI_MBEDTLS = "git://github.com/ARMmbed/mbedtls.git;name=mbedtls;protocol=https;destsuffix=git/mbedtls;branch=master" -SRCREV_mbedtls = "edb8fec9882084344a314368ac7fd957a187519c" +SRCREV_mbedtls = "72718dd87e087215ce9155a826ee5a66cfbe9631" -LIC_FILES_CHKSUM_MBEDTLS = "file://mbedtls/LICENSE;md5=379d5819937a6c2f1ef1630d341e026d" +LIC_FILES_CHKSUM_MBEDTLS = "file://mbedtls/LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" diff --git a/meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m.inc b/meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m.inc index 1747c65487..772366d911 100644 --- a/meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m.inc +++ b/meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m.inc @@ -22,13 +22,13 @@ INHIBIT_DEFAULT_DEPS = "1" PACKAGE_ARCH = "${MACHINE_ARCH}" -# At present, TF-M needs GCC >10 but <11.3 so use 11.2: -# https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/docs/getting_started/tfm_getting_started.rst?h=TF-Mv1.8.0#n214 +# At present, TF-M Select other GNU Arm compiler versions instead of 11.2: +# https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/docs/getting_started/tfm_getting_started.rst#n214 # # See tools/requirements.txt for Python dependencies DEPENDS += "cmake-native \ ninja-native \ - gcc-arm-none-eabi-11.2-native \ + gcc-arm-none-eabi-native \ python3-cbor2-native \ python3-click-native \ python3-cryptography-native \ diff --git a/meta-arm/meta-arm/recipes-bsp/uefi/edk2-basetools-native_202311.bb b/meta-arm/meta-arm/recipes-bsp/uefi/edk2-basetools-native_202402.bb index 6bd880bdbc..bd84096731 100644 --- a/meta-arm/meta-arm/recipes-bsp/uefi/edk2-basetools-native_202311.bb +++ b/meta-arm/meta-arm/recipes-bsp/uefi/edk2-basetools-native_202402.bb @@ -10,7 +10,7 @@ LICENSE = "BSD-2-Clause-Patent" SRC_URI = "git://github.com/tianocore/edk2.git;branch=master;protocol=https" LIC_FILES_CHKSUM = "file://License.txt;md5=2b415520383f7964e96700ae12b4570a" -SRCREV = "8736b8fdca85e02933cdb0a13309de14c9799ece" +SRCREV = "edc6681206c1a8791981a2f911d2fb8b3d2f5768" S = "${WORKDIR}/git" diff --git a/meta-arm/meta-arm/recipes-bsp/uefi/edk2-firmware_202402.bb b/meta-arm/meta-arm/recipes-bsp/uefi/edk2-firmware_202402.bb new file mode 100644 index 0000000000..05885315aa --- /dev/null +++ b/meta-arm/meta-arm/recipes-bsp/uefi/edk2-firmware_202402.bb @@ -0,0 +1,7 @@ +SRCREV_edk2 ?= "edc6681206c1a8791981a2f911d2fb8b3d2f5768" +SRCREV_edk2-platforms ?= "07842635c80b64c4a979a652104ea1141ba5007a" + +# FIXME - clang is having issues with antlr +TOOLCHAIN:aarch64 = "gcc" + +require recipes-bsp/uefi/edk2-firmware.inc diff --git a/meta-arm/meta-arm/recipes-bsp/uefi/sbsa-acs/0001-Fix-for-mismatch-in-function-prototype.patch b/meta-arm/meta-arm/recipes-bsp/uefi/sbsa-acs/0001-Fix-for-mismatch-in-function-prototype.patch deleted file mode 100644 index 0babf2fc01..0000000000 --- a/meta-arm/meta-arm/recipes-bsp/uefi/sbsa-acs/0001-Fix-for-mismatch-in-function-prototype.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 42cc39fdea21177e82b6cec138c06726242673f7 Mon Sep 17 00:00:00 2001 -From: Srikar Josyula <srikar.josyula@arm.com> -Date: Tue, 25 Jul 2023 12:55:04 +0530 -Subject: [PATCH] Fix for mismatch in function prototype - - - Mismatch between function prototype and definition - causing build failure with GCC 13.1.1 - - Fixed the function prototype for val_get_exerciser_err_info - -Signed-off-by: Srikar Josyula <srikar.josyula@arm.com> - -Upstream-Status: Backport -Signed-off-by: Jon Mason <jon.mason@arm.com> - ---- - val/include/sbsa_avs_exerciser.h | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/val/include/sbsa_avs_exerciser.h b/val/include/sbsa_avs_exerciser.h -index 4b2c62b089f5..7c0e3d0fb58f 100644 ---- a/val/include/sbsa_avs_exerciser.h -+++ b/val/include/sbsa_avs_exerciser.h -@@ -118,7 +118,7 @@ uint32_t val_exerciser_ops(EXERCISER_OPS ops, uint64_t param, uint32_t instance) - uint32_t val_exerciser_get_data(EXERCISER_DATA_TYPE type, exerciser_data_t *data, uint32_t instance); - uint32_t val_exerciser_execute_tests(uint32_t level); - uint32_t val_exerciser_get_bdf(uint32_t instance); --uint32_t val_get_exerciser_err_info(uint32_t type); -+uint32_t val_get_exerciser_err_info(EXERCISER_ERROR_CODE type); - - uint32_t e001_entry(void); - uint32_t e002_entry(void); diff --git a/meta-arm/meta-arm/recipes-bsp/uefi/sbsa-acs_7.1.2.bb b/meta-arm/meta-arm/recipes-bsp/uefi/sbsa-acs_7.1.4.bb index a564e2ac29..a29c16ecb4 100644 --- a/meta-arm/meta-arm/recipes-bsp/uefi/sbsa-acs_7.1.2.bb +++ b/meta-arm/meta-arm/recipes-bsp/uefi/sbsa-acs_7.1.4.bb @@ -1,4 +1,4 @@ -require recipes-bsp/uefi/edk2-firmware_202311.bb +require recipes-bsp/uefi/edk2-firmware_202402.bb PROVIDES:remove = "virtual/bootloader" LICENSE += "& Apache-2.0" @@ -8,16 +8,12 @@ SRC_URI += "git://github.com/ARM-software/sbsa-acs;destsuffix=edk2/ShellPkg/Appl git://github.com/tianocore/edk2-libc;destsuffix=edk2/edk2-libc;protocol=https;branch=master;name=libc \ file://0001-Patch-in-the-paths-to-the-SBSA-test-suite.patch \ file://0002-Enforce-using-good-old-BFD-linker.patch \ - file://0001-Fix-for-mismatch-in-function-prototype.patch;patchdir=ShellPkg/Application/sbsa-acs \ " +SRCREV_acs = "be169f0008d86341e1e48cb70d524bd1518c3acc" +SRCREV_libc = "4667a82f0d873221f8b25ea701ce57a29270e4cb" -SRCREV_acs = "23253befbed2aee7304470fd83b78672488a7fc2" -SRCREV_libc = "d3dea661da9ae4a3421a80905e75a8dc77aa980e" - -# GCC12 trips on it -#see https://src.fedoraproject.org/rpms/edk2/blob/rawhide/f/0032-Basetools-turn-off-gcc12-warning.patch -BUILD_CFLAGS += "-Wno-error=stringop-overflow" +UPSTREAM_CHECK_URI = "https://github.com/ARM-software/sbsa-acs/releases" COMPATIBLE_HOST = "aarch64.*-linux" COMPATIBLE_MACHINE = "" diff --git a/meta-arm/meta-arm/recipes-devtools/gn/gn_git.bb b/meta-arm/meta-arm/recipes-devtools/gn/gn_git.bb index 5a6f19dbab..7ec340c9d1 100644 --- a/meta-arm/meta-arm/recipes-devtools/gn/gn_git.bb +++ b/meta-arm/meta-arm/recipes-devtools/gn/gn_git.bb @@ -4,6 +4,8 @@ DEPENDS += "ninja-native" LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=0fca02217a5d49a14dfe2d11837bb34d" +UPSTREAM_CHECK_COMMITS = "1" + SRC_URI = "git://gn.googlesource.com/gn;protocol=https;branch=main \ file://0001-Replace-lstat64-stat64-functions-on-linux.patch" SRCREV = "4bd1a77e67958fb7f6739bd4542641646f264e5d" diff --git a/meta-arm/meta-arm/recipes-kernel/linux/files/aarch64/0001-Revert-arm64-defconfig-Enable-Tegra-MGBE-driver.patch b/meta-arm/meta-arm/recipes-kernel/linux/files/aarch64/0001-Revert-arm64-defconfig-Enable-Tegra-MGBE-driver.patch deleted file mode 100644 index 995bc2c5d1..0000000000 --- a/meta-arm/meta-arm/recipes-kernel/linux/files/aarch64/0001-Revert-arm64-defconfig-Enable-Tegra-MGBE-driver.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 7bc0bae10b0f21cfc8df23848844b66bf1b4d751 Mon Sep 17 00:00:00 2001 -From: Jon Mason <jdmason@kudzu.us> -Date: Fri, 3 Feb 2023 05:16:43 -0500 -Subject: [PATCH 1/2] Revert "arm64: defconfig: Enable Tegra MGBE driver" - -This reverts commit 4cac4de4b05f0a1d5920d12278bf8787011661d3. - -Signed-off-by: Jon Mason <jon.mason@arm.com> -Upstream-Status: Inappropriate ---- - arch/arm64/configs/defconfig | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/arch/arm64/configs/defconfig b/arch/arm64/configs/defconfig -index 0b6af3348e79..70919b241469 100644 ---- a/arch/arm64/configs/defconfig -+++ b/arch/arm64/configs/defconfig -@@ -362,7 +362,6 @@ CONFIG_SMSC911X=y - CONFIG_SNI_AVE=y - CONFIG_SNI_NETSEC=y - CONFIG_STMMAC_ETH=m --CONFIG_DWMAC_TEGRA=m - CONFIG_TI_K3_AM65_CPSW_NUSS=y - CONFIG_QCOM_IPA=m - CONFIG_MESON_GXL_PHY=m --- -2.30.2 - diff --git a/meta-arm/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb b/meta-arm/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb index df1f3bddc8..7996e9b36c 100644 --- a/meta-arm/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb +++ b/meta-arm/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb @@ -22,9 +22,10 @@ FTPM_UUID="bc50d971-d4c9-42c4-82cb-343fb7f37896" SRC_URI = "gitsm://github.com/Microsoft/ms-tpm-20-ref;branch=main;protocol=https \ file://0001-add-enum-to-ta-flags.patch" - SRCREV = "d638536d0fe01acd5e39ffa1bd100b3da82d92c7" +UPSTREAM_CHECK_COMMITS = "1" + S = "${WORKDIR}/git" OPTEE_CLIENT_EXPORT = "${STAGING_DIR_HOST}${prefix}" diff --git a/meta-arm/meta-arm/recipes-security/optee-ftpm/optee-os_%.bbappend b/meta-arm/meta-arm/recipes-security/optee-ftpm/optee-os_%.bbappend index f1165da65a..4829bc107f 100644 --- a/meta-arm/meta-arm/recipes-security/optee-ftpm/optee-os_%.bbappend +++ b/meta-arm/meta-arm/recipes-security/optee-ftpm/optee-os_%.bbappend @@ -10,6 +10,6 @@ DEPENDS:append = "\ EXTRA_OEMAKE:append = "\ ${@bb.utils.contains('MACHINE_FEATURES', \ 'optee-ftpm', \ - 'CFG_EARLY_TA=y EARLY_TA_PATHS="${STAGING_DIR_TARGET}/${nonarch_base_libdir}/optee_armtz/${FTPM_UUID}.stripped.elf"', \ + 'CFG_EARLY_TA=y EARLY_TA_PATHS="${STAGING_DIR_TARGET}/${base_libdir}/optee_armtz/${FTPM_UUID}.stripped.elf"', \ '', \ d)} " diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os-ts.inc b/meta-arm/meta-arm/recipes-security/optee/optee-os-ts.inc index 057dde25cf..ce5b8b86ca 100644 --- a/meta-arm/meta-arm/recipes-security/optee/optee-os-ts.inc +++ b/meta-arm/meta-arm/recipes-security/optee/optee-os-ts.inc @@ -59,4 +59,11 @@ SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'optee-spmc-test', \ EXTRA_OEMAKE:append = "${@bb.utils.contains('MACHINE_FEATURES', 'optee-spmc-test', \ ' CFG_SPMC_TESTS=y', '' , d)}" +# Block Storage SP +DEPENDS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-block-storage', \ + ' ts-sp-block-storage', '' , d)}" + +SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-block-storage', \ + ' ${TS_BIN}/${BLOCK_STORAGE_UUID}.stripped.elf', '', d)}" + EXTRA_OEMAKE:append = "${@oe.utils.conditional('SP_PATHS', '', '', ' CFG_MAP_EXT_DT_SECURE=y CFG_SECURE_PARTITION=y SP_PATHS="${SP_PATHS}" ', d)}" diff --git a/meta-arm/meta-arm/recipes-security/optee/optee.inc b/meta-arm/meta-arm/recipes-security/optee/optee.inc index af391f3922..1569a9df3b 100644 --- a/meta-arm/meta-arm/recipes-security/optee/optee.inc +++ b/meta-arm/meta-arm/recipes-security/optee/optee.inc @@ -15,6 +15,9 @@ OPTEE_ARCH:arm = "arm32" OPTEE_ARCH:aarch64 = "arm64" OPTEE_CORE = "${@d.getVar('OPTEE_ARCH').upper()}" +# FIXME - breaks with Clang 18. See https://github.com/OP-TEE/optee_os/issues/6754 +TOOLCHAIN = "gcc" + OPTEE_TOOLCHAIN = "${@d.getVar('TOOLCHAIN') or 'gcc'}" OPTEE_COMPILER = "${@bb.utils.contains("BBFILE_COLLECTIONS", "clang-layer", "${OPTEE_TOOLCHAIN}", "gcc", d)}" diff --git a/meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-block-storage_git.bb b/meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-block-storage_git.bb new file mode 100644 index 0000000000..efbaad143c --- /dev/null +++ b/meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-block-storage_git.bb @@ -0,0 +1,13 @@ +# SPDX-FileCopyrightText: <text>Copyright 2023 Arm Limited and/or its +# affiliates <open-source-office@arm.com></text> +# +# SPDX-License-Identifier: MIT + +DESCRIPTION = "Trusted Services block storage service provider" + +require ts-sp-common.inc + +SP_UUID = "${BLOCK_STORAGE_UUID}" +TS_SP_BLOCK_STORAGE_CONFIG ?= "default" + +OECMAKE_SOURCEPATH="${S}/deployments/block-storage/config/${TS_SP_BLOCK_STORAGE_CONFIG}-${TS_ENV}" diff --git a/meta-arm/meta-arm/recipes-security/trusted-services/ts-uuid.inc b/meta-arm/meta-arm/recipes-security/trusted-services/ts-uuid.inc index c18ec5d7f8..1eb05d8b5c 100644 --- a/meta-arm/meta-arm/recipes-security/trusted-services/ts-uuid.inc +++ b/meta-arm/meta-arm/recipes-security/trusted-services/ts-uuid.inc @@ -9,4 +9,5 @@ SMM_GATEWAY_UUID = "ed32d533-99e6-4209-9cc0-2d72cdd998a7" STORAGE_UUID = "751bf801-3dde-4768-a514-0f10aeed1790" SPM_TEST1_UUID = "5c9edbc3-7b3a-4367-9f83-7c191ae86a37" SPM_TEST2_UUID = "7817164c-c40c-4d1a-867a-9bb2278cf41a" -SPM_TEST3_UUID = "23eb0100-e32a-4497-9052-2f11e584afa6"
\ No newline at end of file +SPM_TEST3_UUID = "23eb0100-e32a-4497-9052-2f11e584afa6" +BLOCK_STORAGE_UUID = "63646e80-eb52-462f-ac4f-8cdf3987519c" diff --git a/meta-arm/scripts/machine-summary.py b/meta-arm/scripts/machine-summary.py index 477bdfc709..455a5176fe 100755 --- a/meta-arm/scripts/machine-summary.py +++ b/meta-arm/scripts/machine-summary.py @@ -146,9 +146,11 @@ recipes = ("virtual/kernel", "edk2-firmware", "u-boot", "optee-os", + "optee-ftpm", "hafnium", "boot-wrapper-aarch64", "gator-daemon", + "gn", "opencsd", "gcc-aarch64-none-elf-native", "gcc-arm-none-eabi-native") |
