diff options
| author | Andrew Geissler <geissonator@yahoo.com> | 2023-07-21 17:06:10 +0300 |
|---|---|---|
| committer | Patrick Williams <patrick@stwcx.xyz> | 2023-08-04 00:02:23 +0300 |
| commit | 23e02799f2c379a4725b7dad4a071253cf9794a8 (patch) | |
| tree | 27af205828952a2d5acf58eff14939179ea640c5 /meta-arm | |
| parent | 2c9842e3c4584e2d785a80c2d79732ed36273cf5 (diff) | |
| download | openbmc-23e02799f2c379a4725b7dad4a071253cf9794a8.tar.xz | |
subtree updates july 21 2023 pi,security,arm
meta-arm: d6fac49541..b4d50a273d:
Abdellatif El Khlifi (5):
arm-bsp/documentation: corstone1000: Update change log
arm-bsp/doc: corstone1000: Update the software architecture document
arm-bsp/documentation: corstone1000: update the release note
arm-bsp/documentation: corstone1000: update user guide
kas: set the SHAs for 2023.06 release
Jon Mason (7):
arm/optee-test: modify to use build openssl
arm/optee: update to 3.22.0
arm-bsp/machine: work around rootfs name issue
ci/clang: add llvm-native from clang README
arm/optee-os: update/clean-up patches and recipes
arm-bsp/juno: remove commented out KCONFIG
arm/linux-yocto: move 6.1 patches to a unique bbappend
Khem Raj (1):
gn: Disable warning as error but not disable completely
Mikko Rapeli (1):
optee-os optee-test: switch from SRC_URI:append to SRC_URI +=
Peter Hoyes (5):
runfvp: Add missing conffile include
arm/oeqa: Merge all OEFVP*Target classes
arm/OEFVPTarget: Add support for model state transitions
arm/oeqa: Convert linuxboot test case into fvp_boot
arm/oeqa: Introduce the fvp_devices test suite
Ross Burton (14):
CI: use Kas 3.3
CI: update to Kas format 14
CI: use branch, not refspec
CI: generate and use a Kas lock file
CI: add a tool to fetch a lockfile.yml for a specified build
arm/scp-firmware: set default SCP_PLATFORM to MACHINE
arm-bsp/scp-firmware: remove redundant SCP_PLATFORM
arm/scp-firware: update compiler variables
arm/scp-firmware: log what platform/firmware/type is being built
arm/scp-firmware: fix intermittent compile failures
CI: track master
arm-bsp/u-boot: add temporary 2023.01 recipe
toolchain: remove pointless provides
arm-bsp/linux-yocto: fix Upstream-Status
Rouven Czerwinski (3):
optee-os: add optional optee-os-ta package
optee-os: deploy ta elf files
optee-test: add TA elfs to deploydir
Tomás González (2):
arm-bsp/documentation: corstone1000: Update the user guide
arm-bsp/documentation: corstone1000: Update the release notes
Ziad Elhanafy (5):
arm-bsp/conf: Remove hardcoded .rootfs from image path
arm/classes: Remove IMAGE_NAME_SUFFIX from image path
arm: Set FVP EULA environment variable details message
kas: Add fvp-eula.yml and remove license related settings
arm-bsp/documentation: Replace FVP_BASE_R_ARM_EULA_ACCEPT with ARM_FVP_EULA_ACCEPT
meta-raspberrypi: dff85b9a9f..e3f733cadd:
Khem Raj (1):
linux-raspberrypi_6.1.bb: Update to 6.1.38
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: Iebdd94d49998e9297e49ee2463761f2f3acb45c1
Diffstat (limited to 'meta-arm')
137 files changed, 1603 insertions, 553 deletions
diff --git a/meta-arm/.gitlab-ci.yml b/meta-arm/.gitlab-ci.yml index b2246743f7..4a786f633b 100644 --- a/meta-arm/.gitlab-ci.yml +++ b/meta-arm/.gitlab-ci.yml @@ -1,4 +1,4 @@ -image: ghcr.io/siemens/kas/kas:3.2.3 +image: ghcr.io/siemens/kas/kas:3.3 variables: CPU_REQUEST: "" @@ -58,8 +58,8 @@ stages: # Catch all for everything else - if: '$KERNEL != "linux-yocto-dev"' script: - - KASFILES=$(./ci/jobs-to-kas "$CI_JOB_NAME") - - kas dump --update --force-checkout --resolve-refs --resolve-env $KASFILES + - KASFILES=$(./ci/jobs-to-kas "$CI_JOB_NAME"):lockfile.yml + - kas dump --update --force-checkout --resolve-refs --resolve-env $KASFILES - kas build $KASFILES - ./ci/check-warnings $KAS_WORK_DIR/build/warnings.log artifacts: @@ -77,7 +77,19 @@ update-repos: extends: .setup stage: prep script: - - flock --verbose --timeout 60 $KAS_REPO_REF_DIR ./ci/update-repos + - | + flock --verbose --timeout 60 $KAS_REPO_REF_DIR ./ci/update-repos + # Only generate if doesn't already exist, to allow feature branches to drop one in. + if test -f lockfile.yml; then + echo Using existing lockfile.yml + else + # Be sure that this is the complete list of layers being fetched + kas dump --lock --update ci/qemuarm64.yml:ci/meta-openembedded.yml:ci/clang.yml:ci/meta-virtualization.yml | tee lockfile.yml + fi + artifacts: + name: "lockfile" + paths: + - lockfile.yml # # Build stage, the actual build jobs @@ -233,14 +245,14 @@ toolchains: selftest: extends: .setup script: - - KASFILES=./ci/qemuarm64.yml:./ci/selftest.yml + - KASFILES=./ci/qemuarm64.yml:./ci/selftest.yml:lockfile.yml - kas shell --update --force-checkout $KASFILES -c 'oe-selftest --num-processes 1 --run-tests runfvp' # Validate layers are Yocto Project Compatible check-layers: extends: .setup script: - - kas shell --update --force-checkout ci/base.yml:ci/meta-openembedded.yml --command \ + - kas shell --update --force-checkout ci/base.yml:ci/meta-openembedded.yml:lockfile.yml --command \ "yocto-check-layer-wrapper $CI_PROJECT_DIR/$LAYER --dependency $CI_PROJECT_DIR/meta-* $KAS_WORK_DIR/meta-openembedded/meta-oe --no-auto-dependency" parallel: matrix: @@ -254,7 +266,7 @@ pending-updates: script: - rm -fr update-report # This configuration has all of the layers we need enabled - - kas shell --update --force-checkout ci/qemuarm64.yml:ci/meta-openembedded.yml --command \ + - kas shell --update --force-checkout ci/qemuarm64.yml:ci/meta-openembedded.yml:lockfile.yml --command \ "$CI_PROJECT_DIR/scripts/machine-summary.py -t report -o $CI_PROJECT_DIR/update-report $($CI_PROJECT_DIR/ci/listmachines.py meta-arm meta-arm-bsp)" # Do this on x86 whilst the compilers are x86-only tags: diff --git a/meta-arm/ci/base.yml b/meta-arm/ci/base.yml index 92fa7074c6..4296d27057 100644 --- a/meta-arm/ci/base.yml +++ b/meta-arm/ci/base.yml @@ -1,11 +1,11 @@ header: - version: 11 + version: 14 distro: poky defaults: repos: - refspec: mickledore + branch: master repos: meta-arm: diff --git a/meta-arm/ci/clang.yml b/meta-arm/ci/clang.yml index eeee785269..b9425fa72a 100644 --- a/meta-arm/ci/clang.yml +++ b/meta-arm/ci/clang.yml @@ -1,5 +1,5 @@ header: - version: 11 + version: 14 repos: meta-clang: @@ -8,6 +8,12 @@ repos: local_conf_header: toolchain: | TOOLCHAIN = "clang" + PREFERRED_PROVIDER_llvm = "clang" + PREFERRED_PROVIDER_llvm-native = "clang-native" + PREFERRED_PROVIDER_nativesdk-llvm = "nativesdk-clang" + PROVIDES:pn-clang = "llvm" + PROVIDES:pn-clang-native = "llvm-native" + PROVIDES:pn-nativesdk-clang = "nativesdk-llvm" # This is needed to stop bitbake getting confused about what clang/llvm is # being used, see https://github.com/kraj/meta-clang/pull/766 BBMASK += "/meta/recipes-devtools/llvm/llvm.*\.bb" diff --git a/meta-arm/ci/corstone1000-common.yml b/meta-arm/ci/corstone1000-common.yml index d856cfe795..a4c9ca3ff8 100644 --- a/meta-arm/ci/corstone1000-common.yml +++ b/meta-arm/ci/corstone1000-common.yml @@ -1,5 +1,5 @@ header: - version: 11 + version: 14 includes: - ci/base.yml - ci/meta-openembedded.yml diff --git a/meta-arm/ci/corstone1000-fvp.yml b/meta-arm/ci/corstone1000-fvp.yml index 7d21b98428..25f8edf880 100644 --- a/meta-arm/ci/corstone1000-fvp.yml +++ b/meta-arm/ci/corstone1000-fvp.yml @@ -1,5 +1,5 @@ header: - version: 11 + version: 14 includes: - ci/corstone1000-common.yml - ci/fvp.yml diff --git a/meta-arm/ci/corstone1000-mps3.yml b/meta-arm/ci/corstone1000-mps3.yml index 2df7d97671..7a1fc9efef 100644 --- a/meta-arm/ci/corstone1000-mps3.yml +++ b/meta-arm/ci/corstone1000-mps3.yml @@ -1,5 +1,5 @@ header: - version: 11 + version: 14 includes: - ci/corstone1000-common.yml diff --git a/meta-arm/ci/corstone500.yml b/meta-arm/ci/corstone500.yml index 0f9592e3da..2172bc1f55 100644 --- a/meta-arm/ci/corstone500.yml +++ b/meta-arm/ci/corstone500.yml @@ -1,5 +1,5 @@ header: - version: 11 + version: 14 includes: - ci/base.yml - ci/fvp.yml diff --git a/meta-arm/ci/debug.yml b/meta-arm/ci/debug.yml index 757f6d1d6a..6ca1a072bc 100644 --- a/meta-arm/ci/debug.yml +++ b/meta-arm/ci/debug.yml @@ -1,5 +1,5 @@ header: - version: 11 + version: 14 # Add universally helpful features when testing boards local_conf_header: diff --git a/meta-arm/ci/download-lockfile.py b/meta-arm/ci/download-lockfile.py new file mode 100755 index 0000000000..3d4d50c65a --- /dev/null +++ b/meta-arm/ci/download-lockfile.py @@ -0,0 +1,31 @@ +#! /usr/bin/env python3 + +""" +Download the lockfile.yml produced by a CI pipeline, specified by the GitLab +server, full name of the meta-arm project, and the refspec that was executed. + +For example, +$ ./download-lockfile.py https://gitlab.com/ rossburton/meta-arm master + +SPDX-FileCopyrightText: Copyright 2023 Arm Limited and Contributors +SPDX-License-Identifier: GPL-2.0-only +""" + +import argparse +import gitlab +import io +import zipfile + +parser = argparse.ArgumentParser() +parser.add_argument("server", help="GitLab server name") +parser.add_argument("project", help="meta-arm project name") +parser.add_argument("refspec", help="Branch/commit") +args = parser.parse_args() + +gl = gitlab.Gitlab(args.server) +project = gl.projects.get(args.project) +artefact = project.artifacts.download(ref_name=args.refspec, job="update-repos") + +z = zipfile.ZipFile(io.BytesIO(artefact)) +z.extract("lockfile.yml") +print("Fetched lockfile.yml") diff --git a/meta-arm/ci/edk2.yml b/meta-arm/ci/edk2.yml index 1261bf10fc..3a5c4ce93b 100644 --- a/meta-arm/ci/edk2.yml +++ b/meta-arm/ci/edk2.yml @@ -1,5 +1,5 @@ header: - version: 11 + version: 14 local_conf_header: bootfirmware: | diff --git a/meta-arm/ci/external-gccarm.yml b/meta-arm/ci/external-gccarm.yml index 2af8b5e8e9..fe8fa6ca8b 100644 --- a/meta-arm/ci/external-gccarm.yml +++ b/meta-arm/ci/external-gccarm.yml @@ -1,5 +1,5 @@ header: - version: 11 + version: 14 local_conf_header: cc: | diff --git a/meta-arm/ci/fvp-base.yml b/meta-arm/ci/fvp-base.yml index fbba698444..7441ea42c0 100644 --- a/meta-arm/ci/fvp-base.yml +++ b/meta-arm/ci/fvp-base.yml @@ -1,5 +1,5 @@ header: - version: 11 + version: 14 includes: - ci/base.yml - ci/fvp.yml diff --git a/meta-arm/ci/fvp-baser-aemv8r64.yml b/meta-arm/ci/fvp-baser-aemv8r64.yml index cfaf9ef262..fd906250b1 100644 --- a/meta-arm/ci/fvp-baser-aemv8r64.yml +++ b/meta-arm/ci/fvp-baser-aemv8r64.yml @@ -1,5 +1,5 @@ header: - version: 11 + version: 14 includes: - ci/base.yml - ci/fvp.yml diff --git a/meta-arm/ci/fvp.yml b/meta-arm/ci/fvp.yml index 3803d8cae3..81a5caa608 100644 --- a/meta-arm/ci/fvp.yml +++ b/meta-arm/ci/fvp.yml @@ -1,5 +1,5 @@ header: - version: 11 + version: 14 local_conf_header: testimagefvp: | diff --git a/meta-arm/ci/fvps.yml b/meta-arm/ci/fvps.yml index 44c153ab87..cf4103edb1 100644 --- a/meta-arm/ci/fvps.yml +++ b/meta-arm/ci/fvps.yml @@ -1,7 +1,7 @@ # Simple target to build the FVPs that are publically available header: - version: 11 + version: 14 includes: - ci/base.yml diff --git a/meta-arm/ci/gcc.yml b/meta-arm/ci/gcc.yml index a39436804f..260199ae13 100644 --- a/meta-arm/ci/gcc.yml +++ b/meta-arm/ci/gcc.yml @@ -1,5 +1,5 @@ header: - version: 11 + version: 14 #NOTE: This is the default for poky. This is only being added for completeness/clarity local_conf_header: diff --git a/meta-arm/ci/generic-arm64.yml b/meta-arm/ci/generic-arm64.yml index 873c9fd193..5d944ef1ce 100644 --- a/meta-arm/ci/generic-arm64.yml +++ b/meta-arm/ci/generic-arm64.yml @@ -1,5 +1,5 @@ header: - version: 11 + version: 14 includes: - ci/base.yml diff --git a/meta-arm/ci/glibc.yml b/meta-arm/ci/glibc.yml index adc85a76e1..3c9f9eb754 100644 --- a/meta-arm/ci/glibc.yml +++ b/meta-arm/ci/glibc.yml @@ -1,5 +1,5 @@ header: - version: 11 + version: 14 #NOTE: This is the default for poky. This is only being added for completeness/clarity local_conf_header: diff --git a/meta-arm/ci/juno.yml b/meta-arm/ci/juno.yml index b2ee60a7e9..552e325fd1 100644 --- a/meta-arm/ci/juno.yml +++ b/meta-arm/ci/juno.yml @@ -1,5 +1,5 @@ header: - version: 11 + version: 14 includes: - ci/base.yml diff --git a/meta-arm/ci/linux-yocto-dev.yml b/meta-arm/ci/linux-yocto-dev.yml index a6fadce1ec..5ee7afbbef 100644 --- a/meta-arm/ci/linux-yocto-dev.yml +++ b/meta-arm/ci/linux-yocto-dev.yml @@ -1,5 +1,5 @@ header: - version: 9 + version: 14 local_conf_header: kernel: | diff --git a/meta-arm/ci/linux-yocto-rt.yml b/meta-arm/ci/linux-yocto-rt.yml index 69d768c5a3..65a276c184 100644 --- a/meta-arm/ci/linux-yocto-rt.yml +++ b/meta-arm/ci/linux-yocto-rt.yml @@ -1,5 +1,5 @@ header: - version: 9 + version: 14 local_conf_header: kernel: | diff --git a/meta-arm/ci/linux-yocto.yml b/meta-arm/ci/linux-yocto.yml index 359fea5a05..e9ccdcb28d 100644 --- a/meta-arm/ci/linux-yocto.yml +++ b/meta-arm/ci/linux-yocto.yml @@ -1,5 +1,5 @@ header: - version: 9 + version: 14 #NOTE: This is the default for poky. This is only being added for completeness/clarity local_conf_header: diff --git a/meta-arm/ci/meta-openembedded.yml b/meta-arm/ci/meta-openembedded.yml index bed338dae0..e1e16c8fc4 100644 --- a/meta-arm/ci/meta-openembedded.yml +++ b/meta-arm/ci/meta-openembedded.yml @@ -1,5 +1,5 @@ header: - version: 11 + version: 14 repos: meta-openembedded: diff --git a/meta-arm/ci/meta-virtualization.yml b/meta-arm/ci/meta-virtualization.yml index 8791fc3be5..88f8cdc9e0 100644 --- a/meta-arm/ci/meta-virtualization.yml +++ b/meta-arm/ci/meta-virtualization.yml @@ -1,9 +1,8 @@ header: - version: 11 + version: 14 includes: - ci/meta-openembedded.yml repos: meta-virtualization: url: git://git.yoctoproject.org/meta-virtualization - refspec: master diff --git a/meta-arm/ci/musca-b1.yml b/meta-arm/ci/musca-b1.yml index b38dd1e401..db2adc9bc6 100644 --- a/meta-arm/ci/musca-b1.yml +++ b/meta-arm/ci/musca-b1.yml @@ -1,5 +1,5 @@ header: - version: 11 + version: 14 includes: - ci/base.yml - ci/meta-openembedded.yml diff --git a/meta-arm/ci/musca-s1.yml b/meta-arm/ci/musca-s1.yml index 29f289a31a..974badf437 100644 --- a/meta-arm/ci/musca-s1.yml +++ b/meta-arm/ci/musca-s1.yml @@ -1,5 +1,5 @@ header: - version: 11 + version: 14 includes: - ci/base.yml - ci/meta-openembedded.yml diff --git a/meta-arm/ci/musl.yml b/meta-arm/ci/musl.yml index ee7905ec8d..641c47092d 100644 --- a/meta-arm/ci/musl.yml +++ b/meta-arm/ci/musl.yml @@ -1,5 +1,5 @@ header: - version: 11 + version: 14 local_conf_header: libc: | diff --git a/meta-arm/ci/n1sdp-ts.yml b/meta-arm/ci/n1sdp-ts.yml index e8e9298d24..641d3766cb 100644 --- a/meta-arm/ci/n1sdp-ts.yml +++ b/meta-arm/ci/n1sdp-ts.yml @@ -1,5 +1,5 @@ header: - version: 11 + version: 14 includes: - ci/meta-openembedded.yml diff --git a/meta-arm/ci/n1sdp.yml b/meta-arm/ci/n1sdp.yml index f6883079c9..c1b654d444 100644 --- a/meta-arm/ci/n1sdp.yml +++ b/meta-arm/ci/n1sdp.yml @@ -1,5 +1,5 @@ header: - version: 11 + version: 14 includes: - ci/base.yml diff --git a/meta-arm/ci/poky-tiny.yml b/meta-arm/ci/poky-tiny.yml index cf252a0e18..d869c55726 100644 --- a/meta-arm/ci/poky-tiny.yml +++ b/meta-arm/ci/poky-tiny.yml @@ -1,5 +1,5 @@ header: - version: 9 + version: 14 distro: poky-tiny diff --git a/meta-arm/ci/poky.yml b/meta-arm/ci/poky.yml index d4bcfebfd2..d6887a9cb5 100644 --- a/meta-arm/ci/poky.yml +++ b/meta-arm/ci/poky.yml @@ -1,4 +1,4 @@ header: - version: 9 + version: 14 distro: poky diff --git a/meta-arm/ci/qemu-generic-arm64.yml b/meta-arm/ci/qemu-generic-arm64.yml index 32c4b9812e..43ae25639f 100644 --- a/meta-arm/ci/qemu-generic-arm64.yml +++ b/meta-arm/ci/qemu-generic-arm64.yml @@ -1,5 +1,5 @@ header: - version: 11 + version: 14 includes: - ci/generic-arm64.yml diff --git a/meta-arm/ci/qemuarm-secureboot.yml b/meta-arm/ci/qemuarm-secureboot.yml index 044661cdc7..97e99039dd 100644 --- a/meta-arm/ci/qemuarm-secureboot.yml +++ b/meta-arm/ci/qemuarm-secureboot.yml @@ -1,5 +1,5 @@ header: - version: 11 + version: 14 includes: - ci/base.yml diff --git a/meta-arm/ci/qemuarm.yml b/meta-arm/ci/qemuarm.yml index 4155847c19..18fef52e96 100644 --- a/meta-arm/ci/qemuarm.yml +++ b/meta-arm/ci/qemuarm.yml @@ -1,5 +1,5 @@ header: - version: 11 + version: 14 includes: - ci/base.yml diff --git a/meta-arm/ci/qemuarm64-secureboot-ts.yml b/meta-arm/ci/qemuarm64-secureboot-ts.yml index 5f28dd3c17..e18ce1a9dc 100644 --- a/meta-arm/ci/qemuarm64-secureboot-ts.yml +++ b/meta-arm/ci/qemuarm64-secureboot-ts.yml @@ -1,5 +1,5 @@ header: - version: 11 + version: 14 includes: - ci/meta-openembedded.yml diff --git a/meta-arm/ci/qemuarm64-secureboot.yml b/meta-arm/ci/qemuarm64-secureboot.yml index f617dfc5ca..c4943cb6e4 100644 --- a/meta-arm/ci/qemuarm64-secureboot.yml +++ b/meta-arm/ci/qemuarm64-secureboot.yml @@ -1,5 +1,5 @@ header: - version: 11 + version: 14 includes: - ci/base.yml diff --git a/meta-arm/ci/qemuarm64.yml b/meta-arm/ci/qemuarm64.yml index 6639034432..cd03e94281 100644 --- a/meta-arm/ci/qemuarm64.yml +++ b/meta-arm/ci/qemuarm64.yml @@ -1,5 +1,5 @@ header: - version: 11 + version: 14 includes: - ci/base.yml diff --git a/meta-arm/ci/qemuarmv5.yml b/meta-arm/ci/qemuarmv5.yml index 18c7a15a2d..c2ff6c8405 100644 --- a/meta-arm/ci/qemuarmv5.yml +++ b/meta-arm/ci/qemuarmv5.yml @@ -1,5 +1,5 @@ header: - version: 11 + version: 14 includes: - ci/base.yml diff --git a/meta-arm/ci/selftest.yml b/meta-arm/ci/selftest.yml index 9a587354bd..e519851c0f 100644 --- a/meta-arm/ci/selftest.yml +++ b/meta-arm/ci/selftest.yml @@ -1,5 +1,5 @@ header: - version: 11 + version: 14 local_conf_header: setup: | diff --git a/meta-arm/ci/sgi575.yml b/meta-arm/ci/sgi575.yml index 1895fc523e..faab716db2 100644 --- a/meta-arm/ci/sgi575.yml +++ b/meta-arm/ci/sgi575.yml @@ -1,5 +1,5 @@ header: - version: 11 + version: 14 includes: - ci/base.yml diff --git a/meta-arm/ci/tc1.yml b/meta-arm/ci/tc1.yml index f2de9a4eed..66c5ab998e 100644 --- a/meta-arm/ci/tc1.yml +++ b/meta-arm/ci/tc1.yml @@ -1,5 +1,5 @@ header: - version: 11 + version: 14 includes: - ci/base.yml - ci/fvp.yml diff --git a/meta-arm/ci/testimage.yml b/meta-arm/ci/testimage.yml index 5d402f0fb9..f496ec1c9a 100644 --- a/meta-arm/ci/testimage.yml +++ b/meta-arm/ci/testimage.yml @@ -1,5 +1,5 @@ header: - version: 11 + version: 14 includes: - ci/debug.yml diff --git a/meta-arm/ci/tftf.yml b/meta-arm/ci/tftf.yml index 6e42d9c688..260ceab011 100644 --- a/meta-arm/ci/tftf.yml +++ b/meta-arm/ci/tftf.yml @@ -1,5 +1,5 @@ header: - version: 9 + version: 14 local_conf_header: tftf: | diff --git a/meta-arm/ci/toolchains.yml b/meta-arm/ci/toolchains.yml index 080d8d978e..72ce55823f 100644 --- a/meta-arm/ci/toolchains.yml +++ b/meta-arm/ci/toolchains.yml @@ -1,5 +1,5 @@ header: - version: 11 + version: 14 includes: - ci/base.yml diff --git a/meta-arm/ci/u-boot.yml b/meta-arm/ci/u-boot.yml index 76bdd23e74..c693b8b0ad 100644 --- a/meta-arm/ci/u-boot.yml +++ b/meta-arm/ci/u-boot.yml @@ -1,5 +1,5 @@ header: - version: 11 + version: 14 local_conf_header: bootfirmware: | diff --git a/meta-arm/ci/xen.yml b/meta-arm/ci/xen.yml index d8b75d44dc..f4a8f9a453 100644 --- a/meta-arm/ci/xen.yml +++ b/meta-arm/ci/xen.yml @@ -1,5 +1,5 @@ header: - version: 11 + version: 14 includes: - ci/meta-virtualization.yml diff --git a/meta-arm/documentation/oeqa-fvp.md b/meta-arm/documentation/oeqa-fvp.md index e146885197..b39e09638e 100644 --- a/meta-arm/documentation/oeqa-fvp.md +++ b/meta-arm/documentation/oeqa-fvp.md @@ -4,32 +4,36 @@ OE-Core's [oeqa][OEQA] framework provides a method of performing runtime tests o Tests can be configured to run automatically post-build by setting the variable `TESTIMAGE_AUTO="1"`, e.g. in your Kas file or local.conf. -There are two main methods of testing, using different test "targets". Both test targets generate an additional log file with the prefix 'fvp_log' in the image recipe's `${WORKDIR}/testimage` containing the FVP's stdout. +meta-arm provides the OEFVPTarget which must be set up in the machine configuration: +``` +TEST_TARGET = "OEFVPTarget" +TEST_SERVER_IP = "127.0.0.1" +TEST_TARGET_IP = "127.0.0.1:8022" +IMAGE_FEATURES:append = " ssh-server-dropbear" +FVP_CONFIG[bp.virtio_net.hostbridge.userNetPorts] ?= "8022=22" +FVP_CONSOLES[default] = "terminal_0" +FVP_CONSOLES[tf-a] = "s_terminal_0" +``` + +The test target also generates a log file with the prefix 'fvp_log' in the image recipe's `${WORKDIR}/testimage` containing the FVP's stdout. -## OEFVPTarget +OEFVPTarget supports two different test interfaces - SSH and pexpect. -This runs test cases on a machine using SSH. It therefore requires that an SSH server is installed in the image. +## SSH -In test cases, the primary interface with the target is, e.g: +As in OEQA in OE-core, tests cases can run commands on the machine using SSH. It therefore requires that an SSH server is installed in the image. + +This uses the `run` method on the target, e.g: ``` (status, output) = self.target.run('uname -a') ``` -which runs a single command on the target (using `ssh -c`) and returns the status code and the output. It is therefore useful for running tests in a Linux environment. +which executes a single command on the target (using `ssh -c`) and returns the status code and the output. It is therefore useful for running tests in a Linux environment. For examples of test cases, see meta/lib/oeqa/runtime/cases in OE-Core. The majority of test cases depend on `ssh.SSHTest.test_ssh`, which first validates that the SSH connection is functioning. -Example machine configuration: -``` -TEST_TARGET = "OEFVPTarget" -TEST_SERVER_IP = "127.0.0.1" -TEST_TARGET_IP = "127.0.0.1:8022" -IMAGE_FEATURES:append = " ssh-server-dropbear" -FVP_CONFIG[bp.virtio_net.hostbridge.userNetPorts] ?= "8022=22" -``` - -## OEFVPSerialTarget +## pexpect -This runs tests against one or more serial consoles on the FVP. It is more flexible than OEFVPTarget, but test cases written for this test target do not support the test cases in OE-core. As it does not require an SSH server, it is suitable for machines with performance or memory limitations. +To support firmware and baremetal testing, OEFVPTarget also allows test cases to make assertions against one or more consoles using the pexpect library. Internally, this test target launches a [Pexpect][PEXPECT] instance for each entry in FVP_CONSOLES which can be used with the provided alias. The whole Pexpect API is exposed on the target, where the alias is always passed as the first argument, e.g.: ``` @@ -39,16 +43,6 @@ self.assertNotIn(b'ERROR:', self.target.before('tf-a')) For an example of a full test case, see meta-arm/lib/oeqa/runtime/cases/linuxboot.py This test case can be used to minimally verify that a machine boots to a Linux shell. The default timeout is 10 minutes, but this can be configured with the variable TEST_FVP_LINUX_BOOT_TIMEOUT, which expects a value in seconds. -The SSH interface described above is also available on OEFVPSerialTarget to support writing a set of hybrid test suites that use a combination of serial and SSH access. Note however that this test target does not guarantee that Linux has booted to shell prior to running any tests, so the test cases in OE-core are not supported. - -Example machine configuration: -``` -TEST_TARGET="OEFVPSerialTarget" -TEST_SUITES="linuxboot" -FVP_CONSOLES[default] = "terminal_0" -FVP_CONSOLES[tf-a] = "s_terminal_0" -``` - [OEQA]: https://docs.yoctoproject.org/test-manual/intro.html [FVP]: https://developer.arm.com/tools-and-software/simulation-models/fixed-virtual-platforms [RUNFVP]: runfvp.md diff --git a/meta-arm/kas/corstone1000-base.yml b/meta-arm/kas/corstone1000-base.yml index 9cfe1a20a6..85706dc0f4 100644 --- a/meta-arm/kas/corstone1000-base.yml +++ b/meta-arm/kas/corstone1000-base.yml @@ -16,6 +16,7 @@ repos: poky: url: https://git.yoctoproject.org/git/poky + refspec: 31dd418207f6c95ef0aad589cd03cd2a4c9a8bf2 layers: meta: meta-poky: @@ -23,6 +24,7 @@ repos: meta-openembedded: url: https://git.openembedded.org/meta-openembedded + refspec: 5a01ab461c9bcabcbb2298236602373948f8f073 layers: meta-oe: meta-python: diff --git a/meta-arm/kas/corstone1000-fvp.yml b/meta-arm/kas/corstone1000-fvp.yml index d0d10a738f..7d23a53abc 100644 --- a/meta-arm/kas/corstone1000-fvp.yml +++ b/meta-arm/kas/corstone1000-fvp.yml @@ -2,6 +2,7 @@ header: version: 11 includes: - kas/corstone1000-base.yml + - kas/fvp-eula.yml machine: corstone1000-fvp @@ -10,7 +11,6 @@ local_conf_header: # Remove Dropbear SSH as it will not fit into the corstone1000 image. IMAGE_FEATURES:remove = " ssh-server-dropbear" INHERIT = " ${@bb.utils.contains('BUILD_ARCH', 'x86_64', 'fvpboot', '', d)}" - LICENSE_FLAGS_ACCEPTED:append = " Arm-FVP-EULA" target: - corstone1000-image diff --git a/meta-arm/kas/corstone500.yml b/meta-arm/kas/corstone500.yml index f1587b4461..d40b59df3a 100644 --- a/meta-arm/kas/corstone500.yml +++ b/meta-arm/kas/corstone500.yml @@ -1,5 +1,7 @@ header: version: 11 + includes: + - kas/fvp-eula.yml distro: poky-tiny @@ -38,7 +40,6 @@ local_conf_header: PACKAGECONFIG:append:pn-perf = " coresight" fvp-config: | IMAGE_CLASSES:append = " ${@bb.utils.contains('BUILD_ARCH', 'x86_64', 'fvpboot', '', d)}" - LICENSE_FLAGS_ACCEPTED:append = " Arm-FVP-EULA" machine: corstone500 diff --git a/meta-arm/kas/fvp-baser-aemv8r64-bsp.yml b/meta-arm/kas/fvp-baser-aemv8r64-bsp.yml index dd175d03da..9f16a3f959 100644 --- a/meta-arm/kas/fvp-baser-aemv8r64-bsp.yml +++ b/meta-arm/kas/fvp-baser-aemv8r64-bsp.yml @@ -1,5 +1,7 @@ header: version: 9 + includes: + - kas/fvp-eula.yml distro: poky machine: fvp-baser-aemv8r64 @@ -24,9 +26,6 @@ repos: meta: meta-poky: -env: - FVP_BASE_R_ARM_EULA_ACCEPT: "False" - local_conf_header: base: | CONF_VERSION = "2" @@ -34,7 +33,6 @@ local_conf_header: PACKAGECONFIG:remove:pn-qemu-system-native = "gtk+ sdl" EXTRA_IMAGE_FEATURES:append = " debug-tweaks ssh-server-openssh" CORE_IMAGE_EXTRA_INSTALL:append = " ssh-pregen-hostkeys" - LICENSE_FLAGS_ACCEPTED:append = " ${@oe.utils.vartrue('FVP_BASE_R_ARM_EULA_ACCEPT', 'Arm-FVP-EULA', '', d)}" IMAGE_CLASSES:append = " testimage" target: diff --git a/meta-arm/kas/fvp-eula.yml b/meta-arm/kas/fvp-eula.yml new file mode 100644 index 0000000000..ab1fae0e54 --- /dev/null +++ b/meta-arm/kas/fvp-eula.yml @@ -0,0 +1,5 @@ +header: + version: 13 + +env: + ARM_FVP_EULA_ACCEPT: diff --git a/meta-arm/meta-arm-bsp/conf/machine/corstone1000-fvp.conf b/meta-arm/meta-arm-bsp/conf/machine/corstone1000-fvp.conf index 66236515af..9636ffe4a0 100644 --- a/meta-arm/meta-arm-bsp/conf/machine/corstone1000-fvp.conf +++ b/meta-arm/meta-arm-bsp/conf/machine/corstone1000-fvp.conf @@ -8,8 +8,8 @@ TFA_TARGET_PLATFORM = "fvp" TFM_PLATFORM_IS_FVP = "TRUE" # testimage config -TEST_TARGET = "OEFVPSerialTarget" -TEST_SUITES = "linuxboot" +TEST_TARGET = "OEFVPTarget" +TEST_SUITES = "fvp_boot" # FVP Config FVP_PROVIDER ?= "fvp-corstone1000-native" @@ -32,7 +32,7 @@ FVP_CONFIG[se.nvm.update_raw_image] ?= "0" FVP_CONFIG[se.cryptocell.USER_OTP_FILTERING_DISABLE] ?= "1" # Boot image -FVP_DATA ?= "board.flash0=${IMAGE_NAME}.rootfs.wic@0x68000000" +FVP_DATA ?= "board.flash0=${IMAGE_NAME}.wic@0x68000000" # External system (cortex-M3) FVP_CONFIG[extsys_harness0.extsys_flashloader.fname] ?= "es_flashfw.bin" diff --git a/meta-arm/meta-arm-bsp/conf/machine/corstone500.conf b/meta-arm/meta-arm-bsp/conf/machine/corstone500.conf index 4794028aba..6d2294c273 100644 --- a/meta-arm/meta-arm-bsp/conf/machine/corstone500.conf +++ b/meta-arm/meta-arm-bsp/conf/machine/corstone500.conf @@ -32,16 +32,18 @@ WKS_FILE_DEPENDS:append = " ${EXTRA_IMAGEDEPENDS}" WKS_FILE ?= "core-image-minimal.corstone500.wks" -TEST_TARGET = "OEFVPSerialTarget" -TEST_SUITES = "linuxboot" +TEST_TARGET = "OEFVPTarget" +TEST_SUITES = "fvp_boot" FVP_PROVIDER ?= "fvp-corstone500-native" FVP_EXE ?= "FVP_Corstone-500" FVP_CONFIG[board.flashloader0.fname] ?= "bl1.bin" -FVP_DATA ?= "css.cluster.cpu0=${IMAGE_NAME}.rootfs.wic.nopt@0x80000000" +FVP_DATA ?= "css.cluster.cpu0=${IMAGE_NAME}.wic.nopt@0x80000000" FVP_CONSOLE ?= "terminal_0" FVP_TERMINALS[css.terminal_0] ?= "console" FVP_TERMINALS[css.terminal_1] ?= "" # Disable openssl in kmod to shink the initramfs size PACKAGECONFIG:remove:pn-kmod = "openssl" + +IMAGE_NAME_SUFFIX = "" diff --git a/meta-arm/meta-arm-bsp/conf/machine/fvp-base.conf b/meta-arm/meta-arm-bsp/conf/machine/fvp-base.conf index 39d6e68b12..3a923badb0 100644 --- a/meta-arm/meta-arm-bsp/conf/machine/fvp-base.conf +++ b/meta-arm/meta-arm-bsp/conf/machine/fvp-base.conf @@ -15,3 +15,4 @@ UBOOT_MACHINE = "vexpress_aemv8a_semi_defconfig" KERNEL_IMAGETYPE = "Image" FVP_CONFIG[bp.virtio_rng.enabled] ?= "1" +IMAGE_NAME_SUFFIX = "" diff --git a/meta-arm/meta-arm-bsp/conf/machine/fvp-baser-aemv8r64.conf b/meta-arm/meta-arm-bsp/conf/machine/fvp-baser-aemv8r64.conf index 62c9cbd008..25ba3c840f 100644 --- a/meta-arm/meta-arm-bsp/conf/machine/fvp-baser-aemv8r64.conf +++ b/meta-arm/meta-arm-bsp/conf/machine/fvp-baser-aemv8r64.conf @@ -24,15 +24,18 @@ WKS_FILE ?= "efi-disk.wks.in" EFI_PROVIDER ?= "grub-efi" MACHINE_FEATURES:append = " efi" +IMAGE_NAME_SUFFIX = "" + # As this is a virtual target that will not be used in the real world there is # no need for real SSH keys. MACHINE_EXTRA_RRECOMMENDS += "ssh-pregen-hostkeys" # testimage configuration -TEST_TARGET = "OEFVPSerialTarget" -TEST_SUITES = "linuxboot" +TEST_TARGET = "OEFVPTarget" +TEST_SUITES:append = " fvp_boot fvp_devices" TEST_TARGET_IP ?= "127.0.0.1:8022" TEST_SERVER_IP ?= "127.0.1.1" +TEST_FVP_DEVICES ?= "rtc watchdog networking virtiorng cpu_hotplug" FVP_EXTRA_ARGS = "-a cluster0*=linux-system.axf" FVP_PROVIDER ?= "fvp-base-r-aem-native" @@ -50,7 +53,7 @@ FVP_CONFIG[bp.virtio_net.hostbridge.userNetworking] ?= "1" FVP_CONFIG[bp.virtio_net.secure_accesses] = "1" FVP_CONFIG[bp.virtio_rng.enabled] ?= "1" FVP_CONFIG[bp.virtio_rng.secure_accesses] = "1" -FVP_CONFIG[bp.virtioblockdevice.image_path] ?= "${IMAGE_NAME}.rootfs.wic" +FVP_CONFIG[bp.virtioblockdevice.image_path] ?= "${IMAGE_NAME}.wic" FVP_CONFIG[bp.virtioblockdevice.secure_accesses] = "1" FVP_CONFIG[cache_state_modelled] ?= "0" FVP_CONFIG[cci400.force_on_from_start] = "1" diff --git a/meta-arm/meta-arm-bsp/conf/machine/include/corstone1000.inc b/meta-arm/meta-arm-bsp/conf/machine/include/corstone1000.inc index 198c7ec877..8a2e2a0204 100644 --- a/meta-arm/meta-arm-bsp/conf/machine/include/corstone1000.inc +++ b/meta-arm/meta-arm-bsp/conf/machine/include/corstone1000.inc @@ -57,6 +57,7 @@ INITRAMFS_IMAGE_BUNDLE ?= "1" #telling the build system which image is responsible of the generation of the initramfs rootfs INITRAMFS_IMAGE = "corstone1000-initramfs-image" +IMAGE_NAME_SUFFIX = "" # add FF-A support in the kernel MACHINE_FEATURES += "arm-ffa" diff --git a/meta-arm/meta-arm-bsp/conf/machine/include/fvp-common.inc b/meta-arm/meta-arm-bsp/conf/machine/include/fvp-common.inc index 47b7ffce7b..36bf9555e8 100644 --- a/meta-arm/meta-arm-bsp/conf/machine/include/fvp-common.inc +++ b/meta-arm/meta-arm-bsp/conf/machine/include/fvp-common.inc @@ -24,6 +24,8 @@ MACHINE_EXTRA_RRECOMMENDS += "ssh-pregen-hostkeys" TEST_TARGET = "OEFVPTarget" TEST_TARGET_IP = "127.0.0.1:8022" +TEST_SUITES:append = " fvp_boot fvp_devices" +TEST_FVP_DEVICES ?= "rtc watchdog networking virtiorng cpu_hotplug" FVP_PROVIDER ?= "fvp-base-a-aem-native" FVP_EXE ?= "FVP_Base_RevC-2xAEMvA" @@ -35,7 +37,7 @@ FVP_CONFIG[bp.virtio_net.hostbridge.userNetPorts] = "8022=22" FVP_CONFIG[cache_state_modelled] ?= "0" FVP_CONFIG[bp.secureflashloader.fname] ?= "bl1-fvp.bin" FVP_CONFIG[bp.flashloader0.fname] ?= "fip-fvp.bin" -FVP_CONFIG[bp.virtioblockdevice.image_path] ?= "${IMAGE_NAME}.rootfs.wic" +FVP_CONFIG[bp.virtioblockdevice.image_path] ?= "${IMAGE_NAME}.wic" # Set the baseline to ARMv8.4, as the default is 8.0. FVP_CONFIG[cluster0.has_arm_v8-4] = "1" FVP_CONFIG[cluster1.has_arm_v8-4] = "1" diff --git a/meta-arm/meta-arm-bsp/conf/machine/include/tc.inc b/meta-arm/meta-arm-bsp/conf/machine/include/tc.inc index 14ec7205b5..f6674ba481 100644 --- a/meta-arm/meta-arm-bsp/conf/machine/include/tc.inc +++ b/meta-arm/meta-arm-bsp/conf/machine/include/tc.inc @@ -25,6 +25,7 @@ KERNEL_CLASSES = " kernel-fitimage " IMAGE_FSTYPES += "cpio.gz" INITRAMFS_IMAGE ?= "core-image-minimal" +IMAGE_NAME_SUFFIX = "" SERIAL_CONSOLES = "115200;ttyAMA0" diff --git a/meta-arm/meta-arm-bsp/conf/machine/juno.conf b/meta-arm/meta-arm-bsp/conf/machine/juno.conf index 43d6b3e331..6c666efcc5 100644 --- a/meta-arm/meta-arm-bsp/conf/machine/juno.conf +++ b/meta-arm/meta-arm-bsp/conf/machine/juno.conf @@ -27,3 +27,4 @@ UBOOT_MACHINE = "vexpress_aemv8a_juno_defconfig" INITRAMFS_IMAGE_BUNDLE ?= "1" INITRAMFS_IMAGE = "core-image-minimal" +IMAGE_NAME_SUFFIX = "" diff --git a/meta-arm/meta-arm-bsp/conf/machine/tc1.conf b/meta-arm/meta-arm-bsp/conf/machine/tc1.conf index 5f68cc7a41..31bcc2fb06 100644 --- a/meta-arm/meta-arm-bsp/conf/machine/tc1.conf +++ b/meta-arm/meta-arm-bsp/conf/machine/tc1.conf @@ -6,8 +6,8 @@ require conf/machine/include/tc.inc -TEST_TARGET = "OEFVPSerialTarget" -TEST_SUITES = "linuxboot" +TEST_TARGET = "OEFVPTarget" +TEST_SUITES = "fvp_boot" # FVP Config FVP_PROVIDER ?= "fvp-tc1-native" diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/change-log.rst b/meta-arm/meta-arm-bsp/documentation/corstone1000/change-log.rst index 64e82aac98..32d6529279 100644 --- a/meta-arm/meta-arm-bsp/documentation/corstone1000/change-log.rst +++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/change-log.rst @@ -1,5 +1,5 @@ .. - # Copyright (c) 2022, Arm Limited. + # Copyright (c) 2022-2023, Arm Limited. # # SPDX-License-Identifier: MIT @@ -10,6 +10,72 @@ Change Log This document contains a summary of the new features, changes and fixes in each release of Corstone-1000 software stack. +*************** +Version 2023.06 +*************** + +Changes +======= + +- GPT support (in TF-M, TF-A, U-boot) +- Use TF-M BL1 code as the ROM code instead of MCUboot (the next stage bootloader BL2 remains to be MCUboot) +- Secure Enclave uses CC312 OTP as the provisioning backend in FVP and FPGA +- NVMXIP block storage support in U-Boot +- Upgrading the SW stack recipes +- Upgrades for the U-Boot FF-A driver and MM communication + +Corstone-1000 components versions +================================= + ++-------------------------------------------+--------------------------------------------+ +| arm-ffa-tee | 1.1.2-r0 | ++-------------------------------------------+--------------------------------------------+ +| arm-ffa-user | 5.0.1-r0 | ++-------------------------------------------+--------------------------------------------+ +| corstone1000-external-sys-tests | 1.0+gitAUTOINC+2945cd92f7-r0 | ++-------------------------------------------+--------------------------------------------+ +| external-system | 0.1.0+gitAUTOINC+8c9dca74b1-r0 | ++-------------------------------------------+--------------------------------------------+ +| linux-yocto | 6.1.25+gitAUTOINC+36901b5b29_581dc1aa2f-r0 | ++-------------------------------------------+--------------------------------------------+ +| u-boot | 2023.01-r0 | ++-------------------------------------------+--------------------------------------------+ +| optee-client | 3.18.0-r0 | ++-------------------------------------------+--------------------------------------------+ +| optee-os | 3.20.0-r0 | ++-------------------------------------------+--------------------------------------------+ +| trusted-firmware-a | 2.8.0-r0 | ++-------------------------------------------+--------------------------------------------+ +| trusted-firmware-m | 1.7.0-r0 | ++-------------------------------------------+--------------------------------------------+ +| ts-newlib | 4.1.0-r0 | ++-------------------------------------------+--------------------------------------------+ +| ts-psa-{crypto, iat, its. ps}-api-test | 38cb53a4d9 | ++-------------------------------------------+--------------------------------------------+ +| ts-sp-{se-proxy, smm-gateway} | 08b3d39471 | ++-------------------------------------------+--------------------------------------------+ + +Yocto distribution components versions +====================================== + ++-------------------------------------------+--------------------------------+ +| meta-arm | mickledore | ++-------------------------------------------+--------------------------------+ +| poky | mickledore | ++-------------------------------------------+--------------------------------+ +| meta-openembedded | mickledore | ++-------------------------------------------+--------------------------------+ +| busybox | 1.36.0-r0 | ++-------------------------------------------+--------------------------------+ +| musl | 1.2.3+gitAUTOINC+7d756e1c04-r0 | ++-------------------------------------------+--------------------------------+ +| gcc-arm-none-eabi-native | 11.2-2022.02 | ++-------------------------------------------+--------------------------------+ +| gcc-cross-aarch64 | 12.2.rel1-r0 | ++-------------------------------------------+--------------------------------+ +| openssl | 3.1.0-r0 | ++-------------------------------------------+--------------------------------+ + ****************** Version 2022.11.23 ****************** @@ -25,7 +91,7 @@ Changes - Upgrades for the U-Boot FF-A driver and MM communication Corstone-1000 components versions -======================================= +================================= +-------------------------------------------+------------+ | arm-ffa-tee | 1.1.1 | @@ -56,7 +122,7 @@ Corstone-1000 components versions +-------------------------------------------+------------+ Yocto distribution components versions -======================================= +====================================== +-------------------------------------------+---------------------+ | meta-arm | langdale | @@ -161,4 +227,4 @@ Changes -------------- -*Copyright (c) 2022, Arm Limited. All rights reserved.* +*Copyright (c) 2022-2023, Arm Limited. All rights reserved.* diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/images/CorstoneSubsystems.png b/meta-arm/meta-arm-bsp/documentation/corstone1000/images/CorstoneSubsystems.png Binary files differindex a41e721027..4c6a2a8c8c 100644 --- a/meta-arm/meta-arm-bsp/documentation/corstone1000/images/CorstoneSubsystems.png +++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/images/CorstoneSubsystems.png diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/images/ExternalFlash.png b/meta-arm/meta-arm-bsp/documentation/corstone1000/images/ExternalFlash.png Binary files differindex 38407c08d9..399f87568f 100644 --- a/meta-arm/meta-arm-bsp/documentation/corstone1000/images/ExternalFlash.png +++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/images/ExternalFlash.png diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/images/SecureBootChain.png b/meta-arm/meta-arm-bsp/documentation/corstone1000/images/SecureBootChain.png Binary files differindex bc5b4ba35e..88bb1259f6 100644 --- a/meta-arm/meta-arm-bsp/documentation/corstone1000/images/SecureBootChain.png +++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/images/SecureBootChain.png diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/images/SecureServices.png b/meta-arm/meta-arm-bsp/documentation/corstone1000/images/SecureServices.png Binary files differindex b7631b0230..1e37d803b7 100644 --- a/meta-arm/meta-arm-bsp/documentation/corstone1000/images/SecureServices.png +++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/images/SecureServices.png diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/images/UEFISupport.png b/meta-arm/meta-arm-bsp/documentation/corstone1000/images/UEFISupport.png Binary files differindex f58531719d..a501de556e 100644 --- a/meta-arm/meta-arm-bsp/documentation/corstone1000/images/UEFISupport.png +++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/images/UEFISupport.png diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/release-notes.rst b/meta-arm/meta-arm-bsp/documentation/corstone1000/release-notes.rst index 89a4fa9ab2..62e3f8ff66 100644 --- a/meta-arm/meta-arm-bsp/documentation/corstone1000/release-notes.rst +++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/release-notes.rst @@ -1,5 +1,5 @@ .. - # Copyright (c) 2022, Arm Limited. + # Copyright (c) 2022-2023, Arm Limited. # # SPDX-License-Identifier: MIT @@ -19,6 +19,28 @@ intended for safety-critical applications. Should Your Software or Your Hardware prove defective, you assume the entire cost of all necessary servicing, repair or correction. +*********************** +Release notes - 2023.06 +*********************** + +Known Issues or Limitations +--------------------------- + - FPGA supports Linux distro install and boot through installer. However, FVP only supports openSUSE raw image installation and boot. + - Due to the performance uplimit of MPS3 FPGA and FVP, some Linux distros like Fedora Rawhide can not boot on Corstone-1000 (i.e. user may experience timeouts or boot hang). + - PSA Crypto tests (psa-crypto-api-test command) take 30 minutes to complete for FVP and 1 hour for MPS3. + - Corstone-1000 SoC on FVP doesn't have a secure debug peripheral. It does on the MPS3 . + - The following limitations listed in the previous release are still applicable: + + - UEFI Compliant - Boot from network protocols must be implemented -- FAILURE + + - Known limitations regarding ACS tests - see previous release's notes. + +Platform Support +----------------- + - This software release is tested on Corstone-1000 FPGA version AN550_v2 + https://developer.arm.com/downloads/-/download-fpga-images + - This software release is tested on Corstone-1000 Fast Model platform (FVP) version 11.19_21 + https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps ************************** Release notes - 2022.11.23 @@ -174,4 +196,4 @@ For all security issues, contact Arm by email at arm-security@arm.com. -------------- -*Copyright (c) 2022, Arm Limited. All rights reserved.* +*Copyright (c) 2022-2023, Arm Limited. All rights reserved.* diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/software-architecture.rst b/meta-arm/meta-arm-bsp/documentation/corstone1000/software-architecture.rst index a17f1b8a68..bf3535b2ec 100644 --- a/meta-arm/meta-arm-bsp/documentation/corstone1000/software-architecture.rst +++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/software-architecture.rst @@ -1,5 +1,5 @@ .. - # Copyright (c) 2022, Arm Limited. + # Copyright (c) 2022-2023, Arm Limited. # # SPDX-License-Identifier: MIT @@ -9,16 +9,16 @@ Software architecture ***************** -ARM corstone1000 +Arm Corstone-1000 ***************** -ARM corstone1000 is a reference solution for IoT devices. It is part of +Arm Corstone-1000 is a reference solution for IoT devices. It is part of Total Solution for IoT which consists of hardware and software reference implementation. -Corstone1000 software plus hardware reference solution is PSA Level-2 ready +Corstone-1000 software plus hardware reference solution is PSA Level-2 ready certified (`PSA L2 Ready`_) as well as System Ready IR certified(`SRIR cert`_). -More information on the corstone1000 subsystem product and design can be +More information on the Corstone-1000 subsystem product and design can be found at: `Arm corstone1000 Software`_ and `Arm corstone1000 Technical Overview`_. @@ -31,12 +31,12 @@ present in the user-guide document. Design Overview *************** -The software architecture of corstone1000 platform is a reference +The software architecture of Corstone-1000 platform is a reference implementation of Platform Security Architecture (`PSA`_) which provides framework to build secure IoT devices. The base system architecture of the platform is created from three -different tyes of systems: Secure Enclave, Host and External System. +different types of systems: Secure Enclave, Host and External System. Each subsystem provides different functionality to overall SoC. @@ -50,9 +50,9 @@ cryptographic functions. It is based on an Cortex-M0+ processor, CC312 Cryptographic Accelerator and peripherals, such as watchdog and secure flash. Software running on the Secure Enclave is isolated via hardware for enhanced security. Communication with the Secure Encalve -is achieved using Message Hnadling Units (MHUs) and shared memory. -On system power on, the Secure Enclaves boots first. Its software -comprises of two boot loading stages, both based on mcuboot, and +is achieved using Message Handling Units (MHUs) and shared memory. +On system power on, the Secure Enclave boots first. Its software +comprises of a ROM code (TF-M BL1), Mcuboot BL2, and TrustedFirmware-M(`TF-M`_) as runtime software. The software design on Secure Enclave follows Firmware Framework for M class processor (`FF-M`_) specification. @@ -66,7 +66,7 @@ The boot process follows Trusted Boot Base Requirement (`TBBR`_). The Host Subsystem is taken out of reset by the Secure Enclave system during its final stages of the initialization. The Host subsystem runs FF-A Secure Partitions(based on `Trusted Services`_) and OPTEE-OS -(`OPTEE-OS`_) in the secure world, and u-boot(`u-boot repo`_) and +(`OPTEE-OS`_) in the secure world, and U-Boot(`U-Boot repo`_) and linux (`linux repo`_) in the non-secure world. The communication between non-secure and the secure world is performed via FF-A messages. @@ -75,7 +75,7 @@ functionality. The system is based on Cortex-M3 and run RTX RTOS. Communictaion between external system and Host(cortex-A35) is performed using MHU as transport mechanism and rpmsg messaging system. -Overall, the corstone1000 architecture is designed to cover a range +Overall, the Corstone-1000 architecture is designed to cover a range of Power, Performance, and Area (PPA) applications, and enable extension for use-case specific applications, for example, sensors, cloud connectivitiy, and edge computing. @@ -85,13 +85,13 @@ Secure Boot Chain ***************** For the security of a device, it is essential that only authorized -software should run on the device. The corstone1000 boot uses a +software should run on the device. The Corstone-1000 boot uses a Secure Boot Chain process where an already authenticated image verifies and loads the following software in the chain. For the boot chain process to work, the start of the chain should be trusted, forming the Root of Trust (RoT) of the device. The RoT of the device is immutable in nature and encoded into the device by the device owner before it -is deployed into the field. In Corstone1000, the BL1 image of the secure +is deployed into the field. In Corstone-1000, the BL1 image of the secure enclave and content of the CC312 OTP (One Time Programmable) memory forms the RoT. The BL1 image exists in ROM (Read Only Memory). @@ -99,18 +99,20 @@ forms the RoT. The BL1 image exists in ROM (Read Only Memory). :width: 870 :alt: SecureBootChain -It is a lengthy chain to boot the software on corstone1000. On power on, +It is a lengthy chain to boot the software on Corstone-1000. On power on, the secure enclave starts executing BL1 code from the ROM which is the RoT of the device. Authentication of an image involves the steps listed below: - Load image from flash to dynamic RAM. -- The public key present in the image header is validated by comparing with the hash. Depending on the image, the hash of the public key is either stored in the OTP or part of the software which is being already verfied in the previous stages. +- The public key present in the image header is validated by comparing with the hash. + Depending on the image, the hash of the public key is either stored in the OTP or part + of the software which is being already verified in the previous stages. - The image is validated using the public key. In the secure enclave, BL1 authenticates the BL2 and passes the execution -control. BL2 authenticates the initial boot loader of the host (Host BL2) +control. BL2 authenticates the initial boot loader of the host (Host TF-A BL2) and TF-M. The execution control is now passed to TF-M. TF-M being the run -time executable of secure enclaves initializes itself and, in the end, +time executable of secure enclave which initializes itself and, at the end, brings the host CPU out of rest. The host follows the boot standard defined in the `TBBR`_ to authenticate the secure and non-secure software. @@ -118,10 +120,10 @@ in the `TBBR`_ to authenticate the secure and non-secure software. Secure Services *************** -corstone1000 is unique in providing a secure environment to run a secure -workload. The platform has Trustzone technology in the Host subsystem but +Corstone-1000 is unique in providing a secure environment to run a secure +workload. The platform has TrustZone technology in the Host subsystem but it also has hardware isolated secure enclave environment to run such secure -workloads. In corstone1000, known Secure Services such as Crypto, Protected +workloads. In Corstone-1000, known Secure Services such as Crypto, Protected Storage, Internal Trusted Storage and Attestation are available via PSA Functional APIs in TF-M. There is no difference for a user communicating to these services which are running on a secure enclave instead of the @@ -137,7 +139,7 @@ flow path for such calls. The SE Proxy SP (Secure Enclave Proxy Secure Partition) is a proxy partition managed by OPTEE which forwards such calls to the secure enclave. The solution relies on OpenAMP which uses shared memory and MHU interrupts as -a doorbell for communication between two cores. corstone1000 implements +a doorbell for communication between two cores. Corstone-1000 implements isolation level 2. Cortex-M0+ MPU (Memory Protection Unit) is used to implement isolation level 2. @@ -147,7 +149,7 @@ lower latency vs higher security. Services running on a secure enclave are secure by real hardware isolation but have a higher latency path. In the second scenario, the services running on the secure world of the host subsystem have lower latency but virtual hardware isolation created by -Trustzone technology. +TrustZone technology. ********************** @@ -156,14 +158,14 @@ Secure Firmware Update Apart from always booting the authorized images, it is also essential that the device only accepts the authorized images in the firmware update -process. corstone1000 supports OTA (Over the Air) firmware updates and +process. Corstone-1000 supports OTA (Over the Air) firmware updates and follows Platform Security Firmware Update sepcification (`FWU`_). As standardized into `FWU`_, the external flash is divided into two banks of which one bank has currently running images and the other bank is used for staging new images. There are four updatable units, i.e. Secure Enclave's BL2 and TF-M, and Host's FIP (Firmware Image Package) and Kernel -Image. The new images are accepted in the form of a UEFI capsule. +Image (the initramfs bundle). The new images are accepted in the form of a UEFI capsule. .. image:: images/ExternalFlash.png @@ -194,13 +196,13 @@ guarantee the availability of the device. ****************************** -UEFI Runtime Support in u-boot +UEFI Runtime Support in U-Boot ****************************** Implementation of UEFI boottime and runtime APIs require variable storage. -In corstone1000, these UEFI variables are stored in the Protected Storage +In Corstone-1000, these UEFI variables are stored in the Protected Storage service. The below diagram presents the data flow to store UEFI variables. -The u-boot implementation of the UEFI subsystem uses the FF-A driver to +The U-Boot implementation of the UEFI subsystem uses the U-Boot FF-A driver to communicate with the SMM Service in the secure world. The backend of the SMM service uses the proxy PS from the SE Proxy SP. From there on, the PS calls are forwarded to the secure enclave as explained above. @@ -215,11 +217,12 @@ calls are forwarded to the secure enclave as explained above. References *************** `ARM corstone1000 Search`_ + `Arm security features`_ -------------- -*Copyright (c) 2022, Arm Limited. All rights reserved.* +*Copyright (c) 2022-2023, Arm Limited. All rights reserved.* .. _Arm corstone1000 Technical Overview: https://developer.arm.com/documentation/102360/0000 .. _Arm corstone1000 Software: https://developer.arm.com/Tools%20and%20Software/Corstone-1000%20Software @@ -236,4 +239,4 @@ References .. _TBBR: https://developer.arm.com/documentation/den0006/latest .. _TF-M: https://www.trustedfirmware.org/projects/tf-m/ .. _Trusted Services: https://www.trustedfirmware.org/projects/trusted-services/ -.. _u-boot repo: https://github.com/u-boot/u-boot.git +.. _U-Boot repo: https://github.com/u-boot/u-boot.git diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/user-guide.rst b/meta-arm/meta-arm-bsp/documentation/corstone1000/user-guide.rst index e173f244b4..96dee072e2 100644 --- a/meta-arm/meta-arm-bsp/documentation/corstone1000/user-guide.rst +++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/user-guide.rst @@ -1,5 +1,5 @@ .. - # Copyright (c) 2022, Arm Limited. + # Copyright (c) 2022-2023, Arm Limited. # # SPDX-License-Identifier: MIT @@ -15,21 +15,35 @@ The Yocto Project relies on the `Bitbake <https://docs.yoctoproject.org/bitbake. tool as its build tool. Please see `Yocto Project documentation <https://docs.yoctoproject.org/>`__ for more information. - Prerequisites ------------- -These instructions assume your host PC is running Ubuntu Linux 18.04 or 20.04 LTS, with at least 32GB of free disk space and 16GB of RAM as minimum requirement. The following instructions expect that you are using a bash shell. All the paths stated in this document are absolute paths. -The following prerequisites must be available on the host system. To resolve these dependencies, run: +This guide assumes that your host PC is running Ubuntu 20.04 LTS, with at least +32GB of free disk space and 16GB of RAM as minimum requirement. -:: +The following prerequisites must be available on the host system: + +- Git 1.8.3.1 or greater +- tar 1.28 or greater +- Python 3.8.0 or greater. +- gcc 8.0 or greater. +- GNU make 4.0 or greater + +Please follow the steps described in the Yocto mega manual: - sudo apt-get update - sudo apt-get install gawk wget git-core diffstat unzip texinfo gcc-multilib \ - build-essential chrpath socat cpio python3 python3-pip python3-pexpect \ - xz-utils debianutils iputils-ping python3-git libegl1-mesa libsdl1.2-dev \ - xterm zstd liblz4-tool picocom - sudo apt-get upgrade libstdc++6 +- `Compatible Linux Distribution <https://docs.yoctoproject.org/singleindex.html#compatible-linux-distribution>`__ +- `Build Host Packages <https://docs.yoctoproject.org/singleindex.html#build-host-packages>`__ + +Targets +------- + +- `Arm Corstone-1000 Ecosystem FVP (Fixed Virtual Platform) <https://developer.arm.com/downloads/-/arm-ecosystem-fvps>`__ +- `Arm Corstone-1000 for MPS3 <https://developer.arm.com/documentation/dai0550/latest/>`__ + +Yocto stable branch +------------------- + +Corstone-1000 software stack is built on top of Yocto mickledore. Provided components ------------------- @@ -44,6 +58,8 @@ The Yocto machine config files for the Corstone-1000 FVP and FPGA targets are: - ``<_workspace>/meta-arm/meta-arm-bsp/conf/machine/corstone1000-fvp.conf`` - ``<_workspace>/meta-arm/meta-arm-bsp/conf/machine/corstone1000-mps3.conf`` +**NOTE:** All the paths stated in this document are absolute paths. + ***************** Software for Host ***************** @@ -52,50 +68,52 @@ Trusted Firmware-A ================== Based on `Trusted Firmware-A <https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git>`__ -+----------+---------------------------------------------------------------------------------------------------+ -| bbappend | <_workspace>/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.7.bbappend | -+----------+---------------------------------------------------------------------------------------------------+ -| Recipe | <_workspace>/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.7.bb | -+----------+---------------------------------------------------------------------------------------------------+ ++----------+-----------------------------------------------------------------------------------------------------+ +| bbappend | <_workspace>/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.8.%.bbappend | ++----------+-----------------------------------------------------------------------------------------------------+ +| Recipe | <_workspace>/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.8.0.bb | ++----------+-----------------------------------------------------------------------------------------------------+ OP-TEE ====== Based on `OP-TEE <https://git.trustedfirmware.org/OP-TEE/optee_os.git>`__ +----------+------------------------------------------------------------------------------------+ -| bbappend | <_workspace>/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.18.0.bbappend | +| bbappend | <_workspace>/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.20.0.bbappend | +----------+------------------------------------------------------------------------------------+ -| Recipe | <_workspace>/meta-arm/meta-arm/recipes-security/optee/optee-os_3.18.0.bb | +| Recipe | <_workspace>/meta-arm/meta-arm/recipes-security/optee/optee-os_3.20.0.bb | +----------+------------------------------------------------------------------------------------+ U-Boot -======= -Based on `U-Boot <https://gitlab.com/u-boot>`__ +====== +Based on `U-Boot repo`_ -+----------+---------------------------------------------------------------------+ -| bbappend | <_workspace>/meta-arm/meta-arm/recipes-bsp/u-boot/u-boot_%.bbappend | -+----------+---------------------------------------------------------------------+ -| Recipe | <_workspace>/poky/meta/recipes-bsp/u-boot/u-boot_2022.07.bb | -+----------+---------------------------------------------------------------------+ ++----------+-------------------------------------------------------------------------+ +| bbappend | <_workspace>/meta-arm/meta-arm/recipes-bsp/u-boot/u-boot_%.bbappend | ++----------+-------------------------------------------------------------------------+ +| bbappend | <_workspace>/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot_%.bbappend | ++----------+-------------------------------------------------------------------------+ +| Recipe | <_workspace>/poky/meta/recipes-bsp/u-boot/u-boot_2023.01.bb | ++----------+-------------------------------------------------------------------------+ Linux ===== The distro is based on the `poky-tiny <https://wiki.yoctoproject.org/wiki/Poky-Tiny>`__ distribution which is a Linux distribution stripped down to a minimal configuration. -The provided distribution is based on busybox and built using muslibc. The +The provided distribution is based on busybox and built using musl libc. The recipe responsible for building a tiny version of Linux is listed below. +-----------+----------------------------------------------------------------------------------------------+ | bbappend | <_workspace>/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto_%.bbappend | +-----------+----------------------------------------------------------------------------------------------+ -| Recipe | <_workspace>/poky/meta/recipes-kernel/linux/linux-yocto_5.19.bb | +| Recipe | <_workspace>/poky/meta/recipes-kernel/linux/linux-yocto_6.1.bb | +-----------+----------------------------------------------------------------------------------------------+ | defconfig | <_workspace>/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/corstone1000/defconfig | +-----------+----------------------------------------------------------------------------------------------+ External System Tests -======================= +===================== Based on `Corstone-1000/applications <https://git.gitlab.arm.com/arm-reference-solutions/corstone1000/applications>`__ +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ @@ -109,15 +127,15 @@ Software for Boot Processor (a.k.a Secure Enclave) ************************************************** Based on `Trusted Firmware-M <https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git>`__ -+----------+-------------------------------------------------------------------------------------------------+ -| bbappend | <_workspace>/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m_%.bbappend | -+----------+-------------------------------------------------------------------------------------------------+ -| Recipe | <_workspace>/meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.6.0.bb | -+----------+-------------------------------------------------------------------------------------------------+ ++----------+-----------------------------------------------------------------------------------------------------+ +| bbappend | <_workspace>/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.7.%.bbappend | ++----------+-----------------------------------------------------------------------------------------------------+ +| Recipe | <_workspace>/meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.7.0.bb | ++----------+-----------------------------------------------------------------------------------------------------+ -************************************************** +******************************** Software for the External System -************************************************** +******************************** RTX ==== @@ -150,7 +168,7 @@ In the top directory of the workspace ``<_workspace>``, run: :: - git clone https://git.yoctoproject.org/git/meta-arm -b CORSTONE1000-2022.11.23 + git clone https://git.yoctoproject.org/git/meta-arm -b CORSTONE1000-2023.06 To build a Corstone-1000 image for MPS3 FPGA, run: @@ -158,7 +176,15 @@ To build a Corstone-1000 image for MPS3 FPGA, run: kas build meta-arm/kas/corstone1000-mps3.yml -Alternatively, to build a Corstone-1000 image for FVP, run: +Alternatively, to build a Corstone-1000 image for FVP, you need to accept +the EULA at https://developer.arm.com/downloads/-/arm-ecosystem-fvps/eula +by setting the ARM_FVP_EULA_ACCEPT environment variable as follows: + +:: + + export ARM_FVP_EULA_ACCEPT="True" + +then run: :: @@ -173,46 +199,47 @@ Once the build is successful, all output binaries will be placed in the followin - ``<_workspace>/build/tmp/deploy/images/corstone1000-mps3/`` folder for FPGA build. Everything apart from the Secure Enclave ROM firmware and External System firmware, is bundled into a single binary, the -``corstone1000-image-corstone1000-{mps3,fvp}.wic.nopt`` file. +``corstone1000-image-corstone1000-{mps3,fvp}.wic`` file. The output binaries run in the Corstone-1000 platform are the following: - The Secure Enclave ROM firmware: ``<_workspace>/build/tmp/deploy/images/corstone1000-{mps3,fvp}/bl1.bin`` - The External System firmware: ``<_workspace>/build/tmp/deploy/images/corstone1000-{mps3,fvp}/es_flashfw.bin`` - - The flash image: ``<_workspace>/build/tmp/deploy/images/corstone1000-{mps3,fvp}/corstone1000-image-corstone1000-{mps3,fvp}.wic.nopt`` + - The flash image: ``<_workspace>/build/tmp/deploy/images/corstone1000-{mps3,fvp}/corstone1000-image-corstone1000-{mps3,fvp}.wic`` Flash the firmware image on FPGA -------------------------------- -The user should download the FPGA bit file image ``AN550: Arm® Corstone™-1000 for MPS3 Version 1`` +The user should download the FPGA bit file image ``AN550: Arm® Corstone™-1000 for MPS3 Version 2.0`` from `this link <https://developer.arm.com/tools-and-software/development-boards/fpga-prototyping-boards/download-fpga-images>`__ -and under the section ``Arm® Corstone™-1000 for MPS3``. +and under the section ``Arm® Corstone™-1000 for MPS3``. The download is available after logging in. The directory structure of the FPGA bundle is shown below. :: - Boardfiles - ├── MB - │ ├── BRD_LOG.TXT - │ ├── HBI0309B - │ │ ├── AN550 - │ │ │ ├── AN550_v1.bit - │ │ │ ├── an550_v1.txt - │ │ │ └── images.txt - │ │ ├── board.txt - │ │ └── mbb_v210.ebf - │ └── HBI0309C - │ ├── AN550 - │ │ ├── AN550_v1.bit - │ │ ├── an550_v1.txt - │ │ └── images.txt - │ ├── board.txt - │ └── mbb_v210.ebf - ├── SOFTWARE - │ ├── ES0.bin - │ ├── SE.bin - │ └── an550_st.axf - └── config.txt + Boardfiles + ├── config.txt + ├── MB + │ ├── BRD_LOG.TXT + │ ├── HBI0309B + │ │ ├── AN550 + │ │ │ ├── AN550_v2.bit + │ │ │ ├── an550_v2.txt + │ │ │ └── images.txt + │ │ ├── board.txt + │ │ └── mbb_v210.ebf + │ └── HBI0309C + │ ├── AN550 + │ │ ├── AN550_v2.bit + │ │ ├── an550_v2.txt + │ │ └── images.txt + │ ├── board.txt + │ └── mbb_v210.ebf + └── SOFTWARE + ├── an550_st.axf + ├── bl1.bin + ├── cs1000.bin + └── ES0.bin Depending upon the MPS3 board version (printed on the MPS3 board) you should update the images.txt file (in corresponding HBI0309x folder. Boardfiles/MB/HBI0309<board_revision>/AN550/images.txt) so that the file points to the images under SOFTWARE directory. @@ -242,7 +269,7 @@ stack can be seen below; IMAGE0FILE: \SOFTWARE\bl1.bin IMAGE1PORT: 0 - IMAGE1ADDRESS: 0x00_0010_0000 + IMAGE1ADDRESS: 0x00_0000_0000 IMAGE1UPDATE: AUTOQSPI IMAGE1FILE: \SOFTWARE\cs1000.bin @@ -256,10 +283,9 @@ OUTPUT_DIR = ``<_workspace>/build/tmp/deploy/images/corstone1000-mps3`` 1. Copy ``bl1.bin`` from OUTPUT_DIR directory to SOFTWARE directory of the FPGA bundle. 2. Copy ``es_flashfw.bin`` from OUTPUT_DIR directory to SOFTWARE directory of the FPGA bundle and rename the binary to ``es0.bin``. -3. Copy ``corstone1000-image-corstone1000-mps3.wic.nopt`` from OUTPUT_DIR directory to SOFTWARE - directory of the FPGA bundle and rename the wic.nopt image to ``cs1000.bin``. +3. Copy ``corstone1000-image-corstone1000-mps3.wic`` from OUTPUT_DIR directory to SOFTWARE + directory of the FPGA bundle and rename the wic image to ``cs1000.bin``. - **NOTE:** Renaming of the images are required because MCC firmware has limitation of 8 characters before .(dot) and 3 characters after .(dot). @@ -274,7 +300,7 @@ be ttyUSB0, ttyUSB1, ttyUSB2, ttyUSB3 and it might be different on Windows machi - ttyUSB0 for MCC, OP-TEE and Secure Partition - ttyUSB1 for Boot Processor (Cortex-M0+) - ttyUSB2 for Host Processor (Cortex-A35) - - ttyUSB3 for External System Processor (Cortex-M3) + - ttyUSB3 for External System Processor (Cortex-M3) Run following commands to open serial port terminals on Linux: @@ -285,12 +311,26 @@ Run following commands to open serial port terminals on Linux: sudo picocom -b 115200 /dev/ttyUSB2 # in another terminal. sudo picocom -b 115200 /dev/ttyUSB3 # in another terminal. +**NOTE:** The MPS3 expects an ethernet cable to be plugged in, otherwise it will +wait for the network for a considerable amount of time, printing the following +logs: + +:: + + Generic PHY 40100000.ethernet-ffffffff:01: attached PHY driver (mii_bus:phy_addr=40100000.ethernet-ffffffff:01, irq=POLL) + smsc911x 40100000.ethernet eth0: SMSC911x/921x identified at 0xffffffc008e50000, IRQ: 17 + Waiting up to 100 more seconds for network. + Once the system boot is completed, you should see console logs on the serial port terminals. Once the HOST(Cortex-A35) is booted completely, user can login to the shell using **"root"** login. -If system does not boot and only the ttyUSB1 logs are visible, please follow the steps in `Clean Secure Flash Before Testing (applicable to FPGA only)`_ under `SystemReady-IR tests`_ section. The previous image used in FPGA (MPS3) might have filled the Secure Flash completely. The best practice is to clean the secure flash in this case. +If system does not boot and only the ttyUSB1 logs are visible, please follow the +steps in `Clean Secure Flash Before Testing (applicable to FPGA only)`_ under +`SystemReady-IR tests`_ section. The previous image used in FPGA (MPS3) might +have filled the Secure Flash completely. The best practice is to clean the +secure flash in this case. Running the software on FVP @@ -321,7 +361,7 @@ To run the FVP using the runfvp command, please run the following command: When the script is executed, three terminal instances will be launched, one for the boot processor (aka Secure Enclave) processing element and two for the Host processing element. Once the FVP is -executing, the Boot Processor will start to boot, wherein the relevant memory contents of the .wic.nopt +executing, the Boot Processor will start to boot, wherein the relevant memory contents of the .wic file are copied to their respective memory locations within the model, enforce firewall policies on memories and peripherals and then, bring the host out of reset. @@ -337,11 +377,11 @@ Login using the username root. The External System can be released out of reset on demand using the systems-comms-tests command. SystemReady-IR tests -------------------------- +-------------------- -********************* +************* Testing steps -********************* +************* **NOTE**: Running the SystemReady-IR tests described below requires the user to work with USB sticks. In our testing, not all USB stick models work well with @@ -359,7 +399,7 @@ erase the SecureEnclave flash cleanly and prepare a clean board environment for the testing. Clean Secure Flash Before Testing (applicable to FPGA only) -================================================================== +=========================================================== To prepare a clean board environment with clean secure flash for the testing, the user should prepare an image that erases the secure flash cleanly during @@ -368,17 +408,17 @@ boot. Run following commands to build such image. :: cd <_workspace> - git clone https://git.yoctoproject.org/git/meta-arm -b CORSTONE1000-2022.11.23 - git clone https://git.gitlab.arm.com/arm-reference-solutions/systemready-patch.git -b CORSTONE1000-2022.11.23 - cp -f systemready-patch/embedded-a/corstone1000/erase_flash/0001-arm-bsp-trusted-firmware-m-corstone1000-Clean-Secure.patch meta-arm + git clone https://git.yoctoproject.org/git/meta-arm -b CORSTONE1000-2023.06 + git clone https://git.gitlab.arm.com/arm-reference-solutions/systemready-patch.git -b CORSTONE1000-2023.06 + cp -f systemready-patch/embedded-a/corstone1000/erase_flash/0001-embedded-a-corstone1000-clean-secure-flash.patch meta-arm cd meta-arm - git apply 0001-arm-bsp-trusted-firmware-m-corstone1000-Clean-Secure.patch + git apply 0001-embedded-a-corstone1000-clean-secure-flash.patch cd .. kas build meta-arm/kas/corstone1000-mps3.yml Replace the bl1.bin and cs1000.bin files on the SD card with following files: - The ROM firmware: <_workspace>/build/tmp/deploy/images/corstone1000-mps3/bl1.bin - - The flash image: <_workspace>/build/tmp/deploy/images/corstone1000-mps3/corstone1000-image-corstone1000-mps3.wic.nopt + - The flash image: <_workspace>/build/tmp/deploy/images/corstone1000-mps3/corstone1000-image-corstone1000-mps3.wic Now reboot the board. This step erases the Corstone-1000 SecureEnclave flash completely, the user should expect following message from TF-M log (can be seen @@ -394,10 +434,16 @@ Then the user should follow "Building the software stack" to build a clean software stack and flash the FPGA as normal. And continue the testing. Run SystemReady-IR ACS tests -============================= +============================ + +Architecture Compliance Suite (ACS) is used to ensure architectural compliance +across different implementations of the architecture. Arm Enterprise ACS +includes a set of examples of the invariant behaviors that are provided by a +set of specifications for enterprise systems (For example: SBSA, SBBR, etc.), +so that implementers can verify if these behaviours have been interpreted correctly. ACS image contains two partitions. BOOT partition and RESULT partition. -Following packages are under BOOT partition +Following test suites and bootable applications are under BOOT partition: * SCT * FWTS @@ -406,12 +452,30 @@ Following packages are under BOOT partition * grub * uefi manual capsule application +BOOT partition contains the following: + +:: + + ├── EFI + │ └── BOOT + │ ├── app + │ ├── bbr + │ ├── bootaa64.efi + │ ├── bsa + │ ├── debug + │ ├── Shell.efi + │ └── startup.nsh + ├── grub + ├── grub.cfg + ├── Image + └── ramdisk-busybox.img + RESULT partition is used to store the test results. -PLEASE MAKE SURE THAT THE RESULT PARTITION IS EMPTY BEFORE YOU START THE TESTING. OTHERWISE THE TEST RESULTS +**NOTE**: PLEASE MAKE SURE THAT THE RESULT PARTITION IS EMPTY BEFORE YOU START THE TESTING. OTHERWISE THE TEST RESULTS WILL NOT BE CONSISTENT FPGA instructions for ACS image -================================ +=============================== This section describes how the user can build and run Architecture Compliance Suite (ACS) tests on Corstone-1000. @@ -449,10 +513,11 @@ Once the USB stick with ACS image is prepared, the user should make sure that ensure that only the USB stick with the ACS image is connected to the board, and then boot the board. -The FPGA will reset multiple times during the test, and it might take approx. 24-36 hours to finish the test. At the end of test, the FPGA host terminal will halt showing a shell prompt. Once test is finished the result can be copied following above instructions. +The FPGA will reset multiple times during the test, and it might take approx. 24-36 hours to finish the test. + FVP instructions for ACS image and run -============================================ +====================================== Download ACS image from: - ``https://gitlab.arm.com/systemready/acs/arm-systemready/-/tree/linux-5.17-rc7/IR/prebuilt_images/v22.04_1.0-Linux-v5.17-rc7`` @@ -487,7 +552,7 @@ Once test is finished, the FVP can be stoped, and result can be copied following instructions. Common to FVP and FPGA -=========================== +====================== U-Boot should be able to boot the grub bootloader from the 1st partition and if grub is not interrupted, tests are executed @@ -496,14 +561,13 @@ automatically in the following sequence: - SCT - UEFI BSA - FWTS - - BSA Linux The results can be fetched from the ``acs_results`` folder in the RESULT partition of the USB stick (FPGA) / SD Card (FVP). ##################################################### Manual capsule update and ESRT checks ---------------------------------------------------------------------- +------------------------------------- The following section describes running manual capsule update with the ``direct`` method. @@ -518,63 +582,86 @@ incorrect capsule (corrupted or outdated) which fails to boot to the host softwa Check the "Run SystemReady-IR ACS tests" section above to download and unpack the ACS image file - ``ir_acs_live_image.img.xz`` -Download edk2 under <_workspace> : +Download edk2 under <_workspace>: :: git clone https://github.com/tianocore/edk2.git + cd edk2 + git checkout f2188fe5d1553ad1896e27b2514d2f8d0308da8a -********************* -Generating Capsules -********************* +Download systemready-patch repo under <_workspace>: +:: -The capsule binary size (wic.nopt file) should be less than 15 MB. + git clone https://git.gitlab.arm.com/arm-reference-solutions/systemready-patch.git -b CORSTONE1000-2023.06 -Based on the user's requirement, the user can change the firmware version -number given to ``--fw-version`` option (the version number needs to be >= 1). +******************* +Generating Capsules +******************* Generating FPGA Capsules ======================== :: - <_workspace>/edk2/BaseTools/BinWrappers/PosixLike/GenerateCapsule -e -o \ - cs1k_cap_mps3_v5 --fw-version 5 --lsv 0 --guid \ - e2bb9c06-70e9-4b14-97a3-5a7913176e3f --verbose --update-image-index \ - 0 --verbose <_workspace>/build/tmp/deploy/images/corstone1000-mps3/corstone1000-image-corstone1000-mps3.wic.nopt + cd <_workspace>/build/tmp/deploy/images/corstone1000-mps3/ + sh <_workspace>/systemready-patch/embedded-a/corstone1000/capsule_gen/capsule_gen.sh -d mps3 + +This will generate a file called "corstone1000_image.nopt" which will be used to +generate a UEFI capsule. :: - <_workspace>/edk2/BaseTools/BinWrappers/PosixLike/GenerateCapsule -e -o \ - cs1k_cap_mps3_v6 --fw-version 6 --lsv 0 --guid \ - e2bb9c06-70e9-4b14-97a3-5a7913176e3f --verbose --update-image-index \ - 0 --verbose <_workspace>/build/tmp/deploy/images/corstone1000-mps3/corstone1000-image-corstone1000-mps3.wic.nopt + cd <_workspace> + edk2/BaseTools/BinWrappers/PosixLike/GenerateCapsule -e -o cs1k_cap_mps3_v6 --fw-version 6 \ + --lsv 0 --guid e2bb9c06-70e9-4b14-97a3-5a7913176e3f --verbose --update-image-index 0 \ + --verbose build/tmp/deploy/images/corstone1000-mps3/corstone1000_image.nopt + + edk2/BaseTools/BinWrappers/PosixLike/GenerateCapsule -e -o cs1k_cap_mps3_v5 --fw-version 5 \ + --lsv 0 --guid e2bb9c06-70e9-4b14-97a3-5a7913176e3f --verbose --update-image-index 0 \ + --verbose build/tmp/deploy/images/corstone1000-mps3/corstone1000_image.nopt Generating FVP Capsules -======================== +======================= :: - <_workspace>/edk2/BaseTools/BinWrappers/PosixLike/GenerateCapsule -e -o \ - cs1k_cap_fvp_v6 --fw-version 6 --lsv 0 --guid \ - e2bb9c06-70e9-4b14-97a3-5a7913176e3f --verbose --update-image-index \ - 0 --verbose <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.wic.nopt + cd <_workspace>/build/tmp/deploy/images/corstone1000-fvp/ + sh <_workspace>/systemready-patch/embedded-a/corstone1000/capsule_gen/capsule_gen.sh -d fvp + +This will generate a file called "corstone1000_image.nopt" which will be used to +generate a UEFI capsule. + :: - <_workspace>/edk2/BaseTools/BinWrappers/PosixLike/GenerateCapsule -e -o \ - cs1k_cap_fvp_v5 --fw-version 5 --lsv 0 --guid \ - e2bb9c06-70e9-4b14-97a3-5a7913176e3f --verbose --update-image-index \ - 0 --verbose <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.wic.nopt + cd <_workspace> + edk2/BaseTools/BinWrappers/PosixLike/GenerateCapsule -e -o cs1k_cap_fvp_v6 \ + --fw-version 6 --lsv 0 --guid e2bb9c06-70e9-4b14-97a3-5a7913176e3f --verbose --update-image-index \ + 0 --verbose build/tmp/deploy/images/corstone1000-fvp/corstone1000_image.nopt -********************* + edk2/BaseTools/BinWrappers/PosixLike/GenerateCapsule -e -o cs1k_cap_fvp_v5 --fw-version 5 \ + --lsv 0 --guid e2bb9c06-70e9-4b14-97a3-5a7913176e3f --verbose --update-image-index \ + 0 --verbose build/tmp/deploy/images/corstone1000-fvp/corstone1000_image.nopt + + +Common Notes for FVP and FPGA +============================= + +The capsule binary size (wic file) should be less than 15 MB. + +Based on the user's requirement, the user can change the firmware version +number given to ``--fw-version`` option (the version number needs to be >= 1). + + +**************** Copying Capsules -********************* +**************** Copying the FPGA capsules ========================= -The user should prepare a USB stick as explained in ACS image section (see above). +The user should prepare a USB stick as explained in ACS image section `FPGA instructions for ACS image`_. Place the generated ``cs1k_cap`` files in the root directory of the boot partition in the USB stick. Note: As we are running the direct method, the ``cs1k_cap`` file should not be under the EFI/UpdateCapsule directory as this may or may not trigger @@ -612,7 +699,7 @@ Then, unmount the IR image: **NOTE:** -Size of first partition in the image file is calculated in the following way. The data is +The size of first partition in the image file is calculated in the following way. The data is just an example and might vary with different ir_acs_live_image.img files. :: @@ -632,21 +719,21 @@ During this section we will be using the capsule with the higher version (cs1k_c and the capsule with the lower version (cs1k_cap_<fvp/mps3>_v5) for the negative scenario. Running the FVP with the IR prebuilt image -============================================== +========================================== Run the FVP with the IR prebuilt image: :: - <_workspace>/meta-arm/scripts/runfvp --terminals=xterm <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.fvpconf -- -C "board.msd_mmc.p_mmc_file ${<path-to-img>/ir_acs_live_image.img}" + <_workspace>/meta-arm/scripts/runfvp --terminals=xterm <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.fvpconf -- -C "board.msd_mmc.p_mmc_file=${<path-to-img>/ir_acs_live_image.img}" Running the FPGA with the IR prebuilt image -============================================== +=========================================== Insert the prepared USB stick then Power cycle the MPS3 board. Executing capsule update for FVP and FPGA -============================================== +========================================= Reach u-boot then interrupt the boot to reach the EFI shell. @@ -687,14 +774,14 @@ Then, reboot manually: Shell> reset FPGA: Select Corstone-1000 Linux kernel boot -============================================== +============================================ Remove the USB stick before u-boot is reached so the Corstone-1000 kernel will be detected and used for booting. **NOTE:** Otherwise, the execution ends up in the ACS live image. FVP: Select Corstone-1000 Linux kernel boot -============================================== +=========================================== Interrupt the u-boot shell. @@ -708,15 +795,14 @@ Run the following commands in order to run the Corstone-1000 Linux kernel and be :: - $ run retrieve_kernel_load_addr $ unzip $kernel_addr 0x90000000 $ loadm 0x90000000 $kernel_addr_r 0xf00000 $ bootefi $kernel_addr_r $fdtcontroladdr -*********************** +********************* Capsule update status -*********************** +********************* Positive scenario ================= @@ -733,7 +819,8 @@ correctly. SysTick_Handler: counted = 30, expiring on = 360 ... metadata_write: success: active = 1, previous = 0 - accept_full_capsule: exit: fwu state is changed to regular + flash_full_capsule: exit + corstone1000_fwu_flash_image: exit: ret = 0 ... @@ -775,15 +862,19 @@ see appropriate logs in the secure enclave terminal. ... uefi_capsule_retrieve_images: image 0 at 0xa0000070, size=15654928 uefi_capsule_retrieve_images: exit - flash_full_capsule: enter: image = 0x0xa0000070, size = 15654928, version = 10 + flash_full_capsule: enter: image = 0x0xa0000070, size = 7764541, version = 5 ERROR: flash_full_capsule: version error private_metadata_write: enter: boot_index = 1 private_metadata_write: success fmp_set_image_info:133 Enter FMP image update: image id = 0 - FMP image update: status = 1version=11 last_attempt_version=10. + FMP image update: status = 1version=6 last_attempt_version=5. fmp_set_image_info:157 Exit. corstone1000_fwu_flash_image: exit: ret = -1 + fmp_get_image_info:232 Enter + pack_image_info:207 ImageInfo size = 105, ImageName size = 34, ImageVersionName + size = 36 + fmp_get_image_info:236 Exit ... @@ -825,54 +916,96 @@ In the Linux command-line run the following: lowest_supported_fw_ver: 0 Linux distros tests ----------------------------------- +------------------- -*************************************************************************************** -Debian/OpenSUSE install and boot (applicable to FPGA only) -*************************************************************************************** +************************************************************* +Debian install and boot preparation (applicable to FPGA only) +************************************************************* + +There is a known issue in the `Shim 15.7 <https://salsa.debian.org/efi-team/shim/-/tree/upstream/15.7?ref_type=tags>`__ +provided with the Debian installer image (see below). This bug causes a fatal +error when attempting to boot media installer for Debian, and it resets the MPS3 before installation starts. +A patch to be applied to the Corstone-1000 stack (only applicable when +installing Debian) is provided to +`Skip the Shim <https://gitlab.arm.com/arm-reference-solutions/systemready-patch/-/blob/CORSTONE1000-2023.06/embedded-a/corstone1000/shim/0001-arm-bsp-u-boot-corstone1000-Skip-the-shim-by-booting.patch>`__. +This patch makes U-Boot automatically bypass the Shim and run grub and allows +the user to proceed with a normal installation. If at the moment of reading this +document the problem is solved in the Shim, the user is encouraged to try the +corresponding new installer image. Otherwise, please apply the patch as +indicated by the instructions listed below. These instructions assume that the +user has already built the stack by following the build steps of this +documentation. -To test Linux distro install and boot, the user should prepare two empty USB sticks (minimum size should be 4GB and formatted with FAT32). +:: + + cd <_workspace> + git clone https://git.gitlab.arm.com/arm-reference-solutions/systemready-patch.git -b CORSTONE1000-2023.06 + cp -f systemready-patch/embedded-a/corstone1000/shim/0001-arm-bsp-u-boot-corstone1000-Skip-the-shim-by-booting.patch meta-arm + cd meta-arm + git am 0001-arm-bsp-u-boot-corstone1000-Skip-the-shim-by-booting.patch + cd .. + kas shell meta-arm/kas/corstone1000-mps3.yml -c="bitbake u-boot trusted-firmware-a corstone1000-image -c cleansstate; bitbake corstone1000-image" + +Please update the cs1000.bin on the SD card with the newly generated wic file. + +************************************************* +Debian/openSUSE install (applicable to FPGA only) +************************************************* + +To test Linux distro install and boot, the user should prepare two empty USB +sticks (minimum size should be 4GB and formatted with FAT32). Download one of following Linux distro images: - - Debian installer image: https://cdimage.debian.org/cdimage/weekly-builds/arm64/iso-dvd/ - - OpenSUSE Tumbleweed installer image: http://download.opensuse.org/ports/aarch64/tumbleweed/iso/ - - The user should look for a DVD Snapshot like openSUSE-Tumbleweed-DVD-aarch64-Snapshot<date>-Media.iso + - `Debian 12.0.0 installer image <https://cdimage.debian.org/debian-cd/current/arm64/iso-dvd/debian-12.0.0-arm64-DVD-1.iso>`__ + - `OpenSUSE Tumbleweed installer image <http://download.opensuse.org/ports/aarch64/tumbleweed/iso/>`__ + +**NOTE:** For OpenSUSE Tumbleweed, the user should look for a DVD Snapshot like +openSUSE-Tumbleweed-DVD-aarch64-Snapshot<date>-Media.iso -Once the .iso file is downloaded, the .iso file needs to be flashed to your USB drive. +Once the iso file is downloaded, the iso file needs to be flashed to your USB +drive. This can be done with your development machine. -In the given example here, we assume the USB device is ``/dev/sdb`` (the user -should use `lsblk` command to confirm). Be cautious here and don't confuse your -host PC's own hard drive with the USB drive. Then copy the contents of an iso -file into the first USB stick, run: +In the example given below, we assume the USB device is ``/dev/sdb`` (the user +should use the `lsblk` command to confirm). + +**NOTE:** Please don't confuse your host PC's own hard drive with the USB drive. +Then, copy the contents of the iso file into the first USB stick by running the +following command in the development machine: :: sudo dd if=<path-to-iso_file> of=/dev/sdb iflag=direct oflag=direct status=progress bs=1M; sync; -Boot the MSP3 board with the first USB stick connected. Open following minicom sessions: +Unplug the first USB stick from the development machine and connect it to the +MSP3 board. At this moment, only the first USB stick should be connected. Open +the following picocom sessions in your development machine: :: sudo picocom -b 115200 /dev/ttyUSB0 # in one terminal sudo picocom -b 115200 /dev/ttyUSB2 # in another terminal. -Now plug in the second USB stick (once installation screen is visible), the distro installation process will start. The installation prompt can be seen in ttyUSB2. If installer does not start, please try to reboot the board with both USB sticks connected and repeat the process. +When the installation screen is visible in ttyUSB2, plug in the second USB stick +in the MPS3 and start the distro installation process. If the installer does not +start, please try to reboot the board with both USB sticks connected and repeat +the process. **NOTE:** Due to the performance limitation of Corstone-1000 MPS3 FPGA, the distro installation process can take up to 24 hours to complete. -Once installation is complete, unplug the first USB stick and reboot the board. -After successfully installing and booting the Linux distro, the user should see -a login prompt: - -:: +******************************************************* +Debian install clarifications (applicable to FPGA only) +******************************************************* - debian login: +As the installation process for Debian is different than the one for openSUSE, +Debian may need some extra steps, that are indicated below: -Login with the username root. +During Debian installation, please answer the following question: + - "Force GRUB installation to the EFI removable media path?" Yes + - "Update NVRAM variables to automatically boot into Debian?" No -**NOTE:** The Debian installer has a known issue "Install the GRUB bootloader - unable to install " and these are the steps to -follow on the subsequent popups to solve the issue during the installation: +If the grub installation fails, these are the steps to follow on the subsequent +popups: 1. Select "Continue", then "Continue" again on the next popup 2. Scroll down and select "Execute a shell" @@ -898,19 +1031,59 @@ follow on the subsequent popups to solve the issue during the installation: 7. Select "Continue without boot loader", then select "Continue" on the next popup 8. At this stage, the installation should proceed as normal. -*************************************************************************************** +***************************************************************** +Debian/openSUSE boot after installation (applicable to FPGA only) +***************************************************************** + +Once the installation is complete, unplug the first USB stick and reboot the +board. +The board will then enter recovery mode, from which the user can access a shell +after entering the password for the root user. Proceed to edit the following +files accordingly: + +:: + + vi /etc/systemd/system.conf + DefaultDeviceTimeoutSec=infinity + +The file to be editted next is different depending on the installed distro: + +:: + + vi /etc/login.defs # Only applicable to Debian + vi /usr/etc/login.defs # Only applicable to openSUSE + LOGIN_TIMEOUT 180 + +To make sure the changes are applied, please run: + +:: + + systemctl daemon-reload + +After applying the previous commands, please reboot the board. The user should +see a login prompt after booting, for example, for debian: + +:: + + debian login: + +Login with the username root and its corresponding password (already set at +installation time). + +************************************************************ OpenSUSE Raw image install and boot (applicable to FVP only) -*************************************************************************************** +************************************************************ -Steps to download openSUSE Tumbleweed raw image: - - Go to: http://download.opensuse.org/ports/aarch64/tumbleweed/appliances/ - - The user should look for a Tumbleweed-ARM-JeOS-efi.aarch64-* Snapshot, for example, ``openSUSE-Tumbleweed-ARM-JeOS-efi.aarch64-<date>-Snapshot<date>.raw.xz`` +Steps to download OpenSUSE Tumbleweed raw image: + - Under `OpenSUSE Tumbleweed appliances <http://download.opensuse.org/ports/aarch64/tumbleweed/appliances/>`__ + - The user should look for a Tumbleweed-ARM-JeOS-efi.aarch64-* Snapshot, for example, + ``openSUSE-Tumbleweed-ARM-JeOS-efi.aarch64-<date>-Snapshot<date>.raw.xz`` Once the .raw.xz file is downloaded, the raw image file needs to be extracted: :: - unxz <file-name.raw.xz> + unxz <file-name.raw.xz> The above command will generate a file ending with extension .raw image. Now, use the following command @@ -918,23 +1091,23 @@ to run FVP with raw image installation process. :: -<_workspace>/meta-arm/scripts/runfvp --terminals=xterm <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.fvpconf -- -C board.msd_mmc.p_mmc_file="${openSUSE raw image file path}" + <_workspace>/meta-arm/scripts/runfvp --terminals=xterm <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.fvpconf -- -C board.msd_mmc.p_mmc_file="${openSUSE raw image file path}" After successfully installing and booting the Linux distro, the user should see a openSUSE login prompt. :: - localhost login: + localhost login: Login with the username 'root' and password 'linux'. PSA API tests ----------------------- +------------- -*************************************************************************************** +*********************************************************** Run PSA API test commands (applicable to both FPGA and FVP) -*************************************************************************************** +*********************************************************** When running PSA API test commands (aka PSA Arch Tests) on MPS3 FPGA, the user should make sure there is no USB stick connected to the board. Power on the board and boot the board to @@ -948,7 +1121,7 @@ First, load FF-A TEE kernel module: :: - insmod /lib/modules/5.19.14-yocto-standard/extra/arm-ffa-tee.ko + insmod /lib/modules/6.1.32-yocto-standard/extra/arm-ffa-tee.ko Then, check whether the FF-A TEE driver is loaded correctly by using the following command: @@ -960,7 +1133,7 @@ The output should be: :: - arm_ffa_tee 16384 - - Live 0xffffffc0004f0000 (O) + arm_ffa_tee 16384 - - Live 0xffffffc000510000 (O) Now, run the PSA API tests in the following order: @@ -971,15 +1144,17 @@ Now, run the PSA API tests in the following order: psa-its-api-test psa-ps-api-test +**NOTE:** The psa-crypto-api-test takes between 30 minutes to 1 hour to run. + External System tests ------------------------------------ +--------------------- -*************************************************************************************** +************************************************************** Running the External System test command (systems-comms-tests) -*************************************************************************************** +************************************************************** Test 1: Releasing the External System out of reset -=================================================== +================================================== Run this command in the Linux command-line: @@ -1004,7 +1179,7 @@ The output on the External System terminal should be: MHUv2 module 'MHU1_SE' started Test 2: Communication -============================================= +===================== Test 2 releases the External System out of reset if not already done. Then, it performs communication between host and External System. @@ -1014,7 +1189,7 @@ After running Test 1, run this command in the Linux command-line: systems-comms-tests 2 -Additional output on the External System terminal will be printed: +Additional output on the External System terminal will be printed: :: @@ -1058,13 +1233,13 @@ The output on the Host terminal should be: Tests results ------------------------------------ +------------- -As a reference for the end user, reports for various tests for `Corstone-1000 software (CORSTONE1000-2022.11.23) <https://git.yoctoproject.org/meta-arm/tag/?h=CORSTONE1000-2022.11.23>`__ -can be found in `here <https://gitlab.arm.com/arm-reference-solutions/arm-reference-solutions-test-report/-/tree/master/embedded-a/corstone1000>`__. +As a reference for the end user, reports for various tests for `Corstone-1000 software (CORSTONE1000-2023.06) <https://git.yoctoproject.org/meta-arm/tag/?h=CORSTONE1000-2023.06>`__ +can be found `here <https://gitlab.arm.com/arm-reference-solutions/arm-reference-solutions-test-report/-/tree/master/embedded-a/corstone1000>`__. Running the software on FVP on Windows ---------------------------------------------------------------- +-------------------------------------- If the user needs to run the Corstone-1000 software on FVP on Windows. The user should follow the build instructions in this document to build on Linux host @@ -1073,6 +1248,7 @@ and launch the FVP binary. -------------- -*Copyright (c) 2022, Arm Limited. All rights reserved.* +*Copyright (c) 2022-2023, Arm Limited. All rights reserved.* .. _Arm Ecosystem FVPs: https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps +.. _U-Boot repo: https://github.com/u-boot/u-boot.git diff --git a/meta-arm/meta-arm-bsp/documentation/fvp-baser-aemv8r64.md b/meta-arm/meta-arm-bsp/documentation/fvp-baser-aemv8r64.md index e29aad34d6..00efed47d8 100644 --- a/meta-arm/meta-arm-bsp/documentation/fvp-baser-aemv8r64.md +++ b/meta-arm/meta-arm-bsp/documentation/fvp-baser-aemv8r64.md @@ -110,7 +110,7 @@ the EULA at https://developer.arm.com/downloads/-/arm-ecosystem-fvps/eula by setting the following environment variable: - FVP_BASE_R_ARM_EULA_ACCEPT="True" + ARM_FVP_EULA_ACCEPT="True" **Note:** The host machine should have at least 50 GBytes of free disk space for the next steps to work correctly. @@ -134,13 +134,13 @@ Fetch the meta-arm repository into a build directory: Building with the standard Linux kernel: cd ~/fvp-baser-aemv8r64-build - export FVP_BASE_R_ARM_EULA_ACCEPT="True" + export ARM_FVP_EULA_ACCEPT="True" kas build meta-arm/kas/fvp-baser-aemv8r64-bsp.yml Building with the Real-Time Linux kernel (PREEMPT\_RT): cd ~/fvp-baser-aemv8r64-build - export FVP_BASE_R_ARM_EULA_ACCEPT="True" + export ARM_FVP_EULA_ACCEPT="True" kas build meta-arm/kas/fvp-baser-aemv8r64-rt-bsp.yml ### Run diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/scp-firmware-juno.inc b/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/scp-firmware-juno.inc index f78c94b4d4..1f02d8e55a 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/scp-firmware-juno.inc +++ b/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/scp-firmware-juno.inc @@ -2,7 +2,6 @@ COMPATIBLE_MACHINE = "juno" -SCP_PLATFORM = "juno" FW_TARGETS = "scp" FW_INSTALL:append = " romfw_bypass" diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/scp-firmware-n1sdp.inc b/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/scp-firmware-n1sdp.inc index 811537aa58..c89b132ce4 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/scp-firmware-n1sdp.inc +++ b/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/scp-firmware-n1sdp.inc @@ -1,10 +1,9 @@ # N1SDP specific SCP configurations and build instructions -SCP_PLATFORM = "n1sdp" -SCP_LOG_LEVEL = "INFO" - COMPATIBLE_MACHINE:n1sdp = "n1sdp" +SCP_LOG_LEVEL = "INFO" + DEPENDS += "fiptool-native" DEPENDS += "trusted-firmware-a" DEPENDS += "n1sdp-board-firmware" diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/scp-firmware-sgi575.inc b/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/scp-firmware-sgi575.inc index e1b0a854af..3413822a64 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/scp-firmware-sgi575.inc +++ b/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/scp-firmware-sgi575.inc @@ -1,6 +1,5 @@ # SGI575 specific SCP configurations and build instructions -SCP_PLATFORM = "sgi575" -SCP_LOG_LEVEL = "INFO" - COMPATIBLE_MACHINE:sgi575 = "sgi575" + +SCP_LOG_LEVEL = "INFO" diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/scp-firmware-tc.inc b/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/scp-firmware-tc.inc index 3cbadad88d..2c6563573f 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/scp-firmware-tc.inc +++ b/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/scp-firmware-tc.inc @@ -2,5 +2,4 @@ COMPATIBLE_MACHINE = "(tc1)" -SCP_PLATFORM:tc1 = "tc1" FW_TARGETS = "scp" diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot_2023.01.bb b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot_2023.01.bb new file mode 100644 index 0000000000..2dd5e04ae1 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot_2023.01.bb @@ -0,0 +1,4 @@ +require recipes-bsp/u-boot/u-boot-common.inc +require recipes-bsp/u-boot/u-boot.inc + +SRCREV = "62e2ad1ceafbfdf2c44d3dc1b6efc81e768a96b9" diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/corstone1000/0002-Add-external-system-driver.patch b/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/corstone1000/0002-Add-external-system-driver.patch index b68edbc121..5af041ef5e 100644 --- a/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/corstone1000/0002-Add-external-system-driver.patch +++ b/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/corstone1000/0002-Add-external-system-driver.patch @@ -7,7 +7,7 @@ Adds external system driver to control it from user-space. It provides run and reset functionality at the moment. -Upstream-Status: Pending[Not submitted to upstream yet] +Upstream-Status: Pending [Not submitted to upstream yet] Signed-off-by: Emekcan Aras <emekcan.aras@arm.com> Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> --- diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm-platforms.inc b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm-platforms.inc index 38bea022cc..64b1e41e60 100644 --- a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm-platforms.inc +++ b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm-platforms.inc @@ -76,8 +76,6 @@ SRC_URI:append:fvp-baser-aemv8r64 = " file://fvp-baser-aemv8r64.dts;subdir=git/a # Juno KMACHINE # COMPATIBLE_MACHINE:juno = "juno" -#KBUILD_DEFCONFIG:juno = "defconfig" -#KCONFIG_MODE:juno = "--alldefconfig" FILESEXTRAPATHS:prepend:juno := "${ARMBSPFILESPATHS}" SRC_URI:append:juno = " \ file://0001-arm64-dts-Update-cache-properties-for-Arm-Ltd-platfo.patch \ diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-client/tee-supplicant.service b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-client/tee-supplicant.service new file mode 100644 index 0000000000..c273832d72 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-client/tee-supplicant.service @@ -0,0 +1,10 @@ +[Unit] +Description=TEE Supplicant + +[Service] +User=root +EnvironmentFile=-@sysconfdir@/default/tee-supplicant +ExecStart=@sbindir@/tee-supplicant $OPTARGS + +[Install] +WantedBy=basic.target diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-client/tee-supplicant.sh b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-client/tee-supplicant.sh new file mode 100644 index 0000000000..b4d2195022 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-client/tee-supplicant.sh @@ -0,0 +1,46 @@ +#!/bin/sh + +# Source function library +. /etc/init.d/functions + +NAME=tee-supplicant +PATH=/sbin:/bin:/usr/sbin:/usr/bin +DESC="OP-TEE Supplicant" + +DAEMON=@sbindir@/$NAME + +test -f $DAEMON || exit 0 + +test -f @sysconfdir@/default/$NAME && . @sysconfdir@/default/$NAME +test -f @sysconfdir@/default/rcS && . @sysconfdir@/default/rcS + +SSD_OPTIONS="--oknodo --quiet --exec $DAEMON -- -d $OPTARGS" + +set -e + +case $1 in + start) + echo -n "Starting $DESC: " + start-stop-daemon --start $SSD_OPTIONS + echo "${DAEMON##*/}." + ;; + stop) + echo -n "Stopping $DESC: " + start-stop-daemon --stop $SSD_OPTIONS + echo "${DAEMON##*/}." + ;; + restart|force-reload) + $0 stop + sleep 1 + $0 start + ;; + status) + status ${DAEMON} || exit $? + ;; + *) + echo "Usage: $0 {start|stop|restart|force-reload|status}" >&2 + exit 1 + ;; +esac + +exit 0 diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-client_3.18.0.bb b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-client_3.18.0.bb index 0c831db284..ea7b65cebb 100644 --- a/meta-arm/meta-arm/recipes-security/optee/optee-client_3.18.0.bb +++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-client_3.18.0.bb @@ -1,3 +1,3 @@ -require optee-client.inc +require recipes-security/optee/optee-client.inc SRCREV = "e7cba71cc6e2ecd02f412c7e9ee104f0a5dffc6f" diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-client_3.20.0.bb b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-client_3.20.0.bb index 1e69136ecc..3daab7f838 100644 --- a/meta-arm/meta-arm/recipes-security/optee/optee-client_3.20.0.bb +++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-client_3.20.0.bb @@ -1,4 +1,4 @@ -require optee-client.inc +require recipes-security/optee/optee-client.inc SRCREV = "dd2d39b49975d2ada7870fe2b7f5a84d0d3860dc" diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-examples_3.18.0.bb b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-examples_3.18.0.bb index 8118feea5d..7796430c9a 100644 --- a/meta-arm/meta-arm/recipes-security/optee/optee-examples_3.18.0.bb +++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-examples_3.18.0.bb @@ -1,3 +1,3 @@ -require optee-examples.inc +require recipes-security/optee/optee-examples.inc SRCREV = "f301ee9df2129c0db683e726c91dc2cefe4cdb65" diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-examples_3.20.0.bb b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-examples_3.20.0.bb index e424d70e09..4a63f951f1 100644 --- a/meta-arm/meta-arm/recipes-security/optee/optee-examples_3.20.0.bb +++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-examples_3.20.0.bb @@ -1,3 +1,3 @@ -require optee-examples.inc +require recipes-security/optee/optee-examples.inc SRCREV = "a98d01e1b9168eaed96bcd0bac0df67c44a81081" diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.18.0/0001-allow-setting-sysroot-for-libgcc-lookup.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.18.0/0001-allow-setting-sysroot-for-libgcc-lookup.patch index ab4a6dbc0a..2aec7fc36f 100644 --- a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.18.0/0001-allow-setting-sysroot-for-libgcc-lookup.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.18.0/0001-allow-setting-sysroot-for-libgcc-lookup.patch @@ -1,4 +1,4 @@ -From 528aeb42652a3159c1bfd51d6c1442c3ff27b84c Mon Sep 17 00:00:00 2001 +From fed478758e495f35d18a9e2a89193e6577b06799 Mon Sep 17 00:00:00 2001 From: Ross Burton <ross.burton@arm.com> Date: Tue, 26 May 2020 14:38:02 -0500 Subject: [PATCH] allow setting sysroot for libgcc lookup @@ -9,13 +9,12 @@ otherwise. Upstream-Status: Pending [https://github.com/OP-TEE/optee_os/issues/4188] Signed-off-by: Ross Burton <ross.burton@arm.com> - --- mk/gcc.mk | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/mk/gcc.mk b/mk/gcc.mk -index adc77a24..81bfa78a 100644 +index adc77a24f25e..81bfa78ad8d7 100644 --- a/mk/gcc.mk +++ b/mk/gcc.mk @@ -13,11 +13,11 @@ nostdinc$(sm) := -nostdinc -isystem $(shell $(CC$(sm)) \ diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.18.0/0002-optee-enable-clang-support.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.18.0/0002-optee-enable-clang-support.patch index 067ba6ebfb..7441e74466 100644 --- a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.18.0/0002-optee-enable-clang-support.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.18.0/0002-optee-enable-clang-support.patch @@ -1,4 +1,4 @@ -From db9e44af75c7cfd3316cab15aaa387383df3e57e Mon Sep 17 00:00:00 2001 +From f158e3af6633bd689a76d53be2c9c590c0385350 Mon Sep 17 00:00:00 2001 From: Brett Warren <brett.warren@arm.com> Date: Wed, 23 Sep 2020 09:27:34 +0100 Subject: [PATCH] optee: enable clang support @@ -10,13 +10,12 @@ compiler-rt. This is mitigated by including the variable as ammended. Upstream-Status: Pending ChangeId: 8ba69a4b2eb8ebaa047cb266c9aa6c2c3da45701 Signed-off-by: Brett Warren <brett.warren@arm.com> - --- mk/clang.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mk/clang.mk b/mk/clang.mk -index c141a3f2..7d067cc0 100644 +index c141a3f2ed0b..7d067cc007fa 100644 --- a/mk/clang.mk +++ b/mk/clang.mk @@ -27,7 +27,7 @@ comp-cflags-warns-clang := -Wno-language-extension-token \ diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.18.0/0003-core-link-add-no-warn-rwx-segments.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.18.0/0003-core-link-add-no-warn-rwx-segments.patch index 6d48a7601b..62aee35632 100644 --- a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.18.0/0003-core-link-add-no-warn-rwx-segments.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.18.0/0003-core-link-add-no-warn-rwx-segments.patch @@ -1,4 +1,4 @@ -From cf2a2451f4e9300532d677bb3a8315494a3b3a82 Mon Sep 17 00:00:00 2001 +From fb69397234b1efe3528714b6c0c1921ce37ad6a6 Mon Sep 17 00:00:00 2001 From: Jerome Forissier <jerome.forissier@linaro.org> Date: Fri, 5 Aug 2022 09:48:03 +0200 Subject: [PATCH] core: link: add --no-warn-rwx-segments @@ -18,13 +18,12 @@ Link: https://sourceware.org/bugzilla/show_bug.cgi?id=29448 Reported-by: Dominique Martinet <dominique.martinet@atmark-techno.com> Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org> Acked-by: Jens Wiklander <jens.wiklander@linaro.org> - --- core/arch/arm/kernel/link.mk | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/core/arch/arm/kernel/link.mk b/core/arch/arm/kernel/link.mk -index 7eed333a..c39d43cb 100644 +index 7eed333a32de..c39d43cbfc5b 100644 --- a/core/arch/arm/kernel/link.mk +++ b/core/arch/arm/kernel/link.mk @@ -31,6 +31,7 @@ link-ldflags += -T $(link-script-pp) -Map=$(link-out-dir)/tee.map diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.18.0/0004-core-Define-section-attributes-for-clang.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.18.0/0004-core-Define-section-attributes-for-clang.patch index 0ab670f561..e3c509f692 100644 --- a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.18.0/0004-core-Define-section-attributes-for-clang.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.18.0/0004-core-Define-section-attributes-for-clang.patch @@ -1,4 +1,4 @@ -From 7218af04ce3af466e95d69e4995138cd2d26dd3f Mon Sep 17 00:00:00 2001 +From 0690909f07779a8f35b1f3d0baf8d4c5c9305d14 Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@gmail.com> Date: Sat, 13 Aug 2022 19:24:55 -0700 Subject: [PATCH] core: Define section attributes for clang @@ -39,7 +39,7 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com> 5 files changed, 104 insertions(+), 11 deletions(-) diff --git a/core/arch/arm/kernel/thread.c b/core/arch/arm/kernel/thread.c -index f083b159..432983c8 100644 +index f083b159e969..432983c86c9f 100644 --- a/core/arch/arm/kernel/thread.c +++ b/core/arch/arm/kernel/thread.c @@ -44,15 +44,30 @@ static size_t thread_user_kcode_size __nex_bss; @@ -76,7 +76,7 @@ index f083b159..432983c8 100644 #ifdef ARM32 diff --git a/core/arch/arm/mm/core_mmu_lpae.c b/core/arch/arm/mm/core_mmu_lpae.c -index 3f08eec6..e6dc9261 100644 +index 3f08eec623f3..e6dc9261c41e 100644 --- a/core/arch/arm/mm/core_mmu_lpae.c +++ b/core/arch/arm/mm/core_mmu_lpae.c @@ -233,19 +233,46 @@ typedef uint16_t l1_idx_t; @@ -131,7 +131,7 @@ index 3f08eec6..e6dc9261 100644 * TAs page table entry inside a level 1 page table. * diff --git a/core/arch/arm/mm/core_mmu_v7.c b/core/arch/arm/mm/core_mmu_v7.c -index cd85bd22..3e18f54f 100644 +index cd85bd22d385..3e18f54f6cf8 100644 --- a/core/arch/arm/mm/core_mmu_v7.c +++ b/core/arch/arm/mm/core_mmu_v7.c @@ -204,16 +204,46 @@ typedef uint32_t l1_xlat_tbl_t[NUM_L1_ENTRIES]; @@ -185,7 +185,7 @@ index cd85bd22..3e18f54f 100644 struct mmu_partition { l1_xlat_tbl_t *l1_table; diff --git a/core/arch/arm/mm/pgt_cache.c b/core/arch/arm/mm/pgt_cache.c -index dee1d207..382cae1c 100644 +index dee1d207943f..382cae1c3f30 100644 --- a/core/arch/arm/mm/pgt_cache.c +++ b/core/arch/arm/mm/pgt_cache.c @@ -104,8 +104,18 @@ void pgt_init(void) @@ -209,7 +209,7 @@ index dee1d207..382cae1c 100644 for (n = 0; n < ARRAY_SIZE(pgt_tables); n++) { diff --git a/core/kernel/thread.c b/core/kernel/thread.c -index 18d34e6a..086129e2 100644 +index 18d34e6adfe2..086129e282bc 100644 --- a/core/kernel/thread.c +++ b/core/kernel/thread.c @@ -37,13 +37,24 @@ struct thread_core_local thread_core_local[CFG_TEE_CORE_NB_CORE] __nex_bss; diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.18.0/0005-core-ldelf-link-add-z-execstack.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.18.0/0005-core-ldelf-link-add-z-execstack.patch index 3ba6c4ef38..862a76b427 100644 --- a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.18.0/0005-core-ldelf-link-add-z-execstack.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.18.0/0005-core-ldelf-link-add-z-execstack.patch @@ -1,4 +1,4 @@ -From ea932656461865ab9ac4036245c756c082aeb3e1 Mon Sep 17 00:00:00 2001 +From 63445958678b58c5adc7eca476b216e5dc0f4195 Mon Sep 17 00:00:00 2001 From: Jerome Forissier <jerome.forissier@linaro.org> Date: Tue, 23 Aug 2022 11:41:00 +0000 Subject: [PATCH] core, ldelf: link: add -z execstack @@ -20,14 +20,13 @@ Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org> Signed-off-by: Anton Antonov <Anton.Antonov@arm.com> Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/pull/5499] - --- core/arch/arm/kernel/link.mk | 13 +++++++++---- ldelf/link.mk | 3 +++ 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/core/arch/arm/kernel/link.mk b/core/arch/arm/kernel/link.mk -index c39d43cb..0e96e606 100644 +index c39d43cbfc5b..0e96e606cd9d 100644 --- a/core/arch/arm/kernel/link.mk +++ b/core/arch/arm/kernel/link.mk @@ -9,6 +9,11 @@ link-script-dep = $(link-out-dir)/.kern.ld.d @@ -79,7 +78,7 @@ index c39d43cb..0e96e606 100644 $(libgcccore) cleanfiles += $(link-out-dir)/init.o diff --git a/ldelf/link.mk b/ldelf/link.mk -index 64c8212a..bd49551e 100644 +index 64c8212a06fa..bd49551e7065 100644 --- a/ldelf/link.mk +++ b/ldelf/link.mk @@ -20,6 +20,9 @@ link-ldflags += -z max-page-size=4096 # OP-TEE always uses 4K alignment diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.18.0/0006-arm32-libutils-libutee-ta-add-.note.GNU-stack-sectio.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.18.0/0006-arm32-libutils-libutee-ta-add-.note.GNU-stack-sectio.patch index 4ea65d88cc..e82fdc7147 100644 --- a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.18.0/0006-arm32-libutils-libutee-ta-add-.note.GNU-stack-sectio.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.18.0/0006-arm32-libutils-libutee-ta-add-.note.GNU-stack-sectio.patch @@ -1,4 +1,4 @@ -From ec30e84671aac9a2e9549754eb7bc6201728db4c Mon Sep 17 00:00:00 2001 +From 1a991cbedf8647d5a1e7c312614f7867c3940968 Mon Sep 17 00:00:00 2001 From: Jerome Forissier <jerome.forissier@linaro.org> Date: Tue, 23 Aug 2022 12:31:46 +0000 Subject: [PATCH] arm32: libutils, libutee, ta: add .note.GNU-stack section to @@ -24,7 +24,6 @@ Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org> Signed-off-by: Anton Antonov <Anton.Antonov@arm.com> Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/pull/5499] - --- lib/libutee/arch/arm/utee_syscalls_a32.S | 2 ++ lib/libutils/ext/arch/arm/atomic_a32.S | 2 ++ @@ -36,7 +35,7 @@ Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/pull/5499] 7 files changed, 14 insertions(+) diff --git a/lib/libutee/arch/arm/utee_syscalls_a32.S b/lib/libutee/arch/arm/utee_syscalls_a32.S -index 6e621ca6..af405f62 100644 +index 6e621ca6e06d..af405f62723c 100644 --- a/lib/libutee/arch/arm/utee_syscalls_a32.S +++ b/lib/libutee/arch/arm/utee_syscalls_a32.S @@ -7,6 +7,8 @@ @@ -49,7 +48,7 @@ index 6e621ca6..af405f62 100644 .balign 4 .code 32 diff --git a/lib/libutils/ext/arch/arm/atomic_a32.S b/lib/libutils/ext/arch/arm/atomic_a32.S -index eaef6914..2be73ffa 100644 +index eaef6914734e..2be73ffadcc9 100644 --- a/lib/libutils/ext/arch/arm/atomic_a32.S +++ b/lib/libutils/ext/arch/arm/atomic_a32.S @@ -5,6 +5,8 @@ @@ -62,7 +61,7 @@ index eaef6914..2be73ffa 100644 FUNC atomic_inc32 , : ldrex r1, [r0] diff --git a/lib/libutils/ext/arch/arm/mcount_a32.S b/lib/libutils/ext/arch/arm/mcount_a32.S -index 51439a23..54dc3c02 100644 +index 51439a23014e..54dc3c02da66 100644 --- a/lib/libutils/ext/arch/arm/mcount_a32.S +++ b/lib/libutils/ext/arch/arm/mcount_a32.S @@ -7,6 +7,8 @@ @@ -75,7 +74,7 @@ index 51439a23..54dc3c02 100644 * Convert return address to call site address by subtracting the size of the * mcount call instruction (blx __gnu_mcount_nc). diff --git a/lib/libutils/isoc/arch/arm/arm32_aeabi_divmod_a32.S b/lib/libutils/isoc/arch/arm/arm32_aeabi_divmod_a32.S -index a600c879..37ae9ec6 100644 +index a600c879668c..37ae9ec6f9f1 100644 --- a/lib/libutils/isoc/arch/arm/arm32_aeabi_divmod_a32.S +++ b/lib/libutils/isoc/arch/arm/arm32_aeabi_divmod_a32.S @@ -5,6 +5,8 @@ @@ -88,7 +87,7 @@ index a600c879..37ae9ec6 100644 * signed ret_idivmod_values(signed quot, signed rem); * return quotient and remaining the EABI way (regs r0,r1) diff --git a/lib/libutils/isoc/arch/arm/arm32_aeabi_ldivmod_a32.S b/lib/libutils/isoc/arch/arm/arm32_aeabi_ldivmod_a32.S -index 2dc50bc9..5c3353e2 100644 +index 2dc50bc98bbf..5c3353e2c1ba 100644 --- a/lib/libutils/isoc/arch/arm/arm32_aeabi_ldivmod_a32.S +++ b/lib/libutils/isoc/arch/arm/arm32_aeabi_ldivmod_a32.S @@ -5,6 +5,8 @@ @@ -101,7 +100,7 @@ index 2dc50bc9..5c3353e2 100644 * __value_in_regs lldiv_t __aeabi_ldivmod( long long n, long long d) */ diff --git a/lib/libutils/isoc/arch/arm/setjmp_a32.S b/lib/libutils/isoc/arch/arm/setjmp_a32.S -index 43ea5937..f8a0b70d 100644 +index 43ea593758c9..f8a0b70df705 100644 --- a/lib/libutils/isoc/arch/arm/setjmp_a32.S +++ b/lib/libutils/isoc/arch/arm/setjmp_a32.S @@ -51,6 +51,8 @@ @@ -114,7 +113,7 @@ index 43ea5937..f8a0b70d 100644 The interworking scheme expects functions to use a BX instruction diff --git a/ta/arch/arm/ta_entry_a32.S b/ta/arch/arm/ta_entry_a32.S -index d2f8a69d..cd9a12f9 100644 +index d2f8a69daa7f..cd9a12f9dbf9 100644 --- a/ta/arch/arm/ta_entry_a32.S +++ b/ta/arch/arm/ta_entry_a32.S @@ -5,6 +5,8 @@ diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.20.0/0001-allow-setting-sysroot-for-libgcc-lookup.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.20.0/0001-allow-setting-sysroot-for-libgcc-lookup.patch index ab4a6dbc0a..54b667a6e5 100644 --- a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.20.0/0001-allow-setting-sysroot-for-libgcc-lookup.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.20.0/0001-allow-setting-sysroot-for-libgcc-lookup.patch @@ -1,4 +1,4 @@ -From 528aeb42652a3159c1bfd51d6c1442c3ff27b84c Mon Sep 17 00:00:00 2001 +From 843eb2ef918d5ae3d09de088110cb026ca25306b Mon Sep 17 00:00:00 2001 From: Ross Burton <ross.burton@arm.com> Date: Tue, 26 May 2020 14:38:02 -0500 Subject: [PATCH] allow setting sysroot for libgcc lookup @@ -9,13 +9,12 @@ otherwise. Upstream-Status: Pending [https://github.com/OP-TEE/optee_os/issues/4188] Signed-off-by: Ross Burton <ross.burton@arm.com> - --- mk/gcc.mk | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/mk/gcc.mk b/mk/gcc.mk -index adc77a24..81bfa78a 100644 +index adc77a24f25e..81bfa78ad8d7 100644 --- a/mk/gcc.mk +++ b/mk/gcc.mk @@ -13,11 +13,11 @@ nostdinc$(sm) := -nostdinc -isystem $(shell $(CC$(sm)) \ diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.20.0/0002-optee-enable-clang-support.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.20.0/0002-optee-enable-clang-support.patch index af0ec94f3e..b3e3098019 100644 --- a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.20.0/0002-optee-enable-clang-support.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.20.0/0002-optee-enable-clang-support.patch @@ -1,4 +1,4 @@ -From 8846ab2b37781364088cc5c02b6bc6f518a66a0a Mon Sep 17 00:00:00 2001 +From 0ca5ef7c8256dbd9690a01a82397bc16a123e179 Mon Sep 17 00:00:00 2001 From: Brett Warren <brett.warren@arm.com> Date: Wed, 23 Sep 2020 09:27:34 +0100 Subject: [PATCH] optee: enable clang support @@ -10,13 +10,12 @@ compiler-rt. This is mitigated by including the variable as ammended. Upstream-Status: Pending ChangeId: 8ba69a4b2eb8ebaa047cb266c9aa6c2c3da45701 Signed-off-by: Brett Warren <brett.warren@arm.com> - --- mk/clang.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mk/clang.mk b/mk/clang.mk -index a045beee..1ebe2f70 100644 +index a045beee8482..1ebe2f702dcd 100644 --- a/mk/clang.mk +++ b/mk/clang.mk @@ -30,7 +30,7 @@ comp-cflags-warns-clang := -Wno-language-extension-token \ diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.20.0/0003-core-link-add-no-warn-rwx-segments.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.20.0/0003-core-link-add-no-warn-rwx-segments.patch index 5740461fcc..5d4191ff99 100644 --- a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.20.0/0003-core-link-add-no-warn-rwx-segments.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.20.0/0003-core-link-add-no-warn-rwx-segments.patch @@ -1,4 +1,4 @@ -From 188a39b139e0e2ccceb22bcf63559b451f0483e0 Mon Sep 17 00:00:00 2001 +From 741df4df0ec7b69b0573cff265dc1ae7cb70b55c Mon Sep 17 00:00:00 2001 From: Jerome Forissier <jerome.forissier@linaro.org> Date: Fri, 5 Aug 2022 09:48:03 +0200 Subject: [PATCH] core: link: add --no-warn-rwx-segments @@ -18,13 +18,12 @@ Link: https://sourceware.org/bugzilla/show_bug.cgi?id=29448 Reported-by: Dominique Martinet <dominique.martinet@atmark-techno.com> Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org> Acked-by: Jens Wiklander <jens.wiklander@linaro.org> - --- core/arch/arm/kernel/link.mk | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/core/arch/arm/kernel/link.mk b/core/arch/arm/kernel/link.mk -index 0e96e606..3fbcb680 100644 +index 0e96e606cd9d..3fbcb6804c6f 100644 --- a/core/arch/arm/kernel/link.mk +++ b/core/arch/arm/kernel/link.mk @@ -37,6 +37,7 @@ link-ldflags += --sort-section=alignment diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.20.0/0004-core-Define-section-attributes-for-clang.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.20.0/0004-core-Define-section-attributes-for-clang.patch index f94d19ffeb..6229be9949 100644 --- a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.20.0/0004-core-Define-section-attributes-for-clang.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.20.0/0004-core-Define-section-attributes-for-clang.patch @@ -1,4 +1,4 @@ -From e74d8a02edd8c431c87786e22dbceee8e1e85bb8 Mon Sep 17 00:00:00 2001 +From 162493e5b212b9d7391669a55be09b69b97a9cf8 Mon Sep 17 00:00:00 2001 From: Emekcan Aras <emekcan.aras@arm.com> Date: Wed, 21 Dec 2022 10:55:58 +0000 Subject: [PATCH] core: Define section attributes for clang @@ -30,7 +30,6 @@ going and match the functionality with gcc. Upstream-Status: Pending Signed-off-by: Khem Raj <raj.khem@gmail.com> - --- core/arch/arm/kernel/thread.c | 19 +++++++++++++++-- core/arch/arm/mm/core_mmu_lpae.c | 35 +++++++++++++++++++++++++++---- @@ -40,7 +39,7 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com> 5 files changed, 104 insertions(+), 11 deletions(-) diff --git a/core/arch/arm/kernel/thread.c b/core/arch/arm/kernel/thread.c -index 1cf76a0c..1e7f9f96 100644 +index 1cf76a0ca690..1e7f9f96b558 100644 --- a/core/arch/arm/kernel/thread.c +++ b/core/arch/arm/kernel/thread.c @@ -44,15 +44,30 @@ static size_t thread_user_kcode_size __nex_bss; @@ -77,7 +76,7 @@ index 1cf76a0c..1e7f9f96 100644 #ifdef ARM32 diff --git a/core/arch/arm/mm/core_mmu_lpae.c b/core/arch/arm/mm/core_mmu_lpae.c -index 3f08eec6..e6dc9261 100644 +index 3f08eec623f3..e6dc9261c41e 100644 --- a/core/arch/arm/mm/core_mmu_lpae.c +++ b/core/arch/arm/mm/core_mmu_lpae.c @@ -233,19 +233,46 @@ typedef uint16_t l1_idx_t; @@ -132,7 +131,7 @@ index 3f08eec6..e6dc9261 100644 * TAs page table entry inside a level 1 page table. * diff --git a/core/arch/arm/mm/core_mmu_v7.c b/core/arch/arm/mm/core_mmu_v7.c -index cd85bd22..3e18f54f 100644 +index cd85bd22d385..3e18f54f6cf8 100644 --- a/core/arch/arm/mm/core_mmu_v7.c +++ b/core/arch/arm/mm/core_mmu_v7.c @@ -204,16 +204,46 @@ typedef uint32_t l1_xlat_tbl_t[NUM_L1_ENTRIES]; @@ -186,7 +185,7 @@ index cd85bd22..3e18f54f 100644 struct mmu_partition { l1_xlat_tbl_t *l1_table; diff --git a/core/arch/arm/mm/pgt_cache.c b/core/arch/arm/mm/pgt_cache.c -index 79553c6d..b9efdf42 100644 +index 79553c6d2183..b9efdf42780b 100644 --- a/core/arch/arm/mm/pgt_cache.c +++ b/core/arch/arm/mm/pgt_cache.c @@ -410,8 +410,18 @@ void pgt_init(void) @@ -210,7 +209,7 @@ index 79553c6d..b9efdf42 100644 for (n = 0; n < ARRAY_SIZE(pgt_tables); n++) { diff --git a/core/kernel/thread.c b/core/kernel/thread.c -index d1f2f382..8de124ae 100644 +index d1f2f3823be7..8de124ae5357 100644 --- a/core/kernel/thread.c +++ b/core/kernel/thread.c @@ -38,13 +38,24 @@ struct thread_core_local thread_core_local[CFG_TEE_CORE_NB_CORE] __nex_bss; diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.20.0/0005-core-arm-S-EL1-SPMC-boot-ABI-update.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.20.0/0005-core-arm-S-EL1-SPMC-boot-ABI-update.patch index 4313a829ac..381cad9a43 100644 --- a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.20.0/0005-core-arm-S-EL1-SPMC-boot-ABI-update.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.20.0/0005-core-arm-S-EL1-SPMC-boot-ABI-update.patch @@ -1,7 +1,7 @@ -From 11f4ea86579bc1a58e4adde2849326f4213694f2 Mon Sep 17 00:00:00 2001 +From d0e32b6e202cde672c2b38dc568122a52be716b4 Mon Sep 17 00:00:00 2001 From: Jens Wiklander <jens.wiklander@linaro.org> Date: Mon, 21 Nov 2022 18:17:33 +0100 -Subject: core: arm: S-EL1 SPMC: boot ABI update +Subject: [PATCH] core: arm: S-EL1 SPMC: boot ABI update Updates the boot ABI for S-EL1 SPMC to align better with other SPMCs, like Hafnium, but also with the non-FF-A configuration. @@ -30,7 +30,7 @@ Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> 2 files changed, 15 insertions(+), 10 deletions(-) diff --git a/core/arch/arm/kernel/boot.c b/core/arch/arm/kernel/boot.c -index dd34173e8..e02c02b60 100644 +index dd34173e838d..e02c02b6097d 100644 --- a/core/arch/arm/kernel/boot.c +++ b/core/arch/arm/kernel/boot.c @@ -1502,11 +1502,17 @@ struct ns_entry_context *boot_core_hpen(void) @@ -53,7 +53,7 @@ index dd34173e8..e02c02b60 100644 DMSG("Bad fdt: %d", rc); goto err; diff --git a/core/arch/arm/kernel/entry_a64.S b/core/arch/arm/kernel/entry_a64.S -index 4c6e9d75c..047ae1f25 100644 +index 4c6e9d75ca45..047ae1f25cc9 100644 --- a/core/arch/arm/kernel/entry_a64.S +++ b/core/arch/arm/kernel/entry_a64.S @@ -143,21 +143,20 @@ @@ -86,6 +86,3 @@ index 4c6e9d75c..047ae1f25 100644 #endif adr x0, reset_vect_table --- -2.39.1.windows.1 - diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.20.0/0006-core-ffa-add-TOS_FW_CONFIG-handling.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.20.0/0006-core-ffa-add-TOS_FW_CONFIG-handling.patch index add39076fd..5421b10e76 100644 --- a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.20.0/0006-core-ffa-add-TOS_FW_CONFIG-handling.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.20.0/0006-core-ffa-add-TOS_FW_CONFIG-handling.patch @@ -1,7 +1,7 @@ -From 84f4ef4c4f2f45e2f54597f1afe80d8f8396cc57 Mon Sep 17 00:00:00 2001 +From 9da324001fd93e1b3d9bca076e4afddbb5cac289 Mon Sep 17 00:00:00 2001 From: Balint Dobszay <balint.dobszay@arm.com> Date: Fri, 10 Feb 2023 11:07:27 +0100 -Subject: core: ffa: add TOS_FW_CONFIG handling +Subject: [PATCH] core: ffa: add TOS_FW_CONFIG handling At boot TF-A passes two DT addresses (HW_CONFIG and TOS_FW_CONFIG), but currently only the HW_CONFIG address is saved, the other one is dropped. @@ -23,7 +23,7 @@ Signed-off-by: Balint Dobszay <balint.dobszay@arm.com> 6 files changed, 81 insertions(+), 8 deletions(-) diff --git a/core/arch/arm/kernel/boot.c b/core/arch/arm/kernel/boot.c -index e02c02b60..98e13c072 100644 +index e02c02b6097d..98e13c072d8e 100644 --- a/core/arch/arm/kernel/boot.c +++ b/core/arch/arm/kernel/boot.c @@ -1,6 +1,7 @@ @@ -118,7 +118,7 @@ index e02c02b60..98e13c072 100644 update_external_dt(); configure_console_from_dt(); diff --git a/core/arch/arm/kernel/entry_a32.S b/core/arch/arm/kernel/entry_a32.S -index 0f14ca2f6..3758fd8b7 100644 +index 0f14ca2f6ad9..3758fd8b7674 100644 --- a/core/arch/arm/kernel/entry_a32.S +++ b/core/arch/arm/kernel/entry_a32.S @@ -1,7 +1,7 @@ @@ -139,7 +139,7 @@ index 0f14ca2f6..3758fd8b7 100644 #ifndef CFG_VIRTUALIZATION mov r0, #THREAD_CLF_TMP diff --git a/core/arch/arm/kernel/entry_a64.S b/core/arch/arm/kernel/entry_a64.S -index 047ae1f25..fa76437fb 100644 +index 047ae1f25cc9..fa76437fb73c 100644 --- a/core/arch/arm/kernel/entry_a64.S +++ b/core/arch/arm/kernel/entry_a64.S @@ -1,7 +1,7 @@ @@ -178,7 +178,7 @@ index 047ae1f25..fa76437fb 100644 #ifdef CFG_CORE_PAUTH init_pauth_per_cpu diff --git a/core/arch/arm/kernel/link_dummies_paged.c b/core/arch/arm/kernel/link_dummies_paged.c -index 3b8287e06..023a5f3f5 100644 +index 3b8287e06a11..023a5f3f558b 100644 --- a/core/arch/arm/kernel/link_dummies_paged.c +++ b/core/arch/arm/kernel/link_dummies_paged.c @@ -1,6 +1,7 @@ @@ -200,7 +200,7 @@ index 3b8287e06..023a5f3f5 100644 } diff --git a/core/arch/arm/kernel/secure_partition.c b/core/arch/arm/kernel/secure_partition.c -index 1d36e90b1..d386f1e4d 100644 +index 1d36e90b1cf7..d386f1e4d211 100644 --- a/core/arch/arm/kernel/secure_partition.c +++ b/core/arch/arm/kernel/secure_partition.c @@ -1212,7 +1212,7 @@ static TEE_Result fip_sp_map_all(void) @@ -213,7 +213,7 @@ index 1d36e90b1..d386f1e4d 100644 EMSG("No SPMC manifest found"); return TEE_ERROR_GENERIC; diff --git a/core/include/kernel/boot.h b/core/include/kernel/boot.h -index 260854473..941e093b2 100644 +index 260854473b8b..941e093b29a1 100644 --- a/core/include/kernel/boot.h +++ b/core/include/kernel/boot.h @@ -1,7 +1,7 @@ @@ -244,6 +244,3 @@ index 260854473..941e093b2 100644 /* * get_aslr_seed() - return a random seed for core ASLR * @fdt: Pointer to a device tree if CFG_DT_ADDR=y --- -2.39.1.windows.1 - diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.20.0/0007-core-spmc-handle-non-secure-interrupts.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.20.0/0007-core-spmc-handle-non-secure-interrupts.patch index 28d1f03c18..94c1e04985 100644 --- a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.20.0/0007-core-spmc-handle-non-secure-interrupts.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.20.0/0007-core-spmc-handle-non-secure-interrupts.patch @@ -1,4 +1,4 @@ -From f4b4f5bccc1be9a709008cc8e6107302745796c8 Mon Sep 17 00:00:00 2001 +From 18ad0cce24addd45271edf3172ab9ce873186d7a Mon Sep 17 00:00:00 2001 From: Imre Kis <imre.kis@arm.com> Date: Tue, 18 Apr 2023 16:41:51 +0200 Subject: [PATCH] core: spmc: handle non-secure interrupts @@ -18,7 +18,6 @@ Upstream-Status: Submitted [https://github.com/OP-TEE/optee_os/pull/6002] Signed-off-by: Imre Kis <imre.kis@arm.com> Change-Id: I577ebe86d416ee494963216a66a3bfc8206921b4 - --- core/arch/arm/include/ffa.h | 2 +- .../arch/arm/include/kernel/spmc_sp_handler.h | 11 +++++++ @@ -30,7 +29,7 @@ Change-Id: I577ebe86d416ee494963216a66a3bfc8206921b4 7 files changed, 122 insertions(+), 2 deletions(-) diff --git a/core/arch/arm/include/ffa.h b/core/arch/arm/include/ffa.h -index 5a19fb0c..b3d1d354 100644 +index 5a19fb0c7ff3..b3d1d354735d 100644 --- a/core/arch/arm/include/ffa.h +++ b/core/arch/arm/include/ffa.h @@ -50,7 +50,7 @@ @@ -43,7 +42,7 @@ index 5a19fb0c..b3d1d354 100644 #define FFA_MSG_SEND_DIRECT_REQ_32 U(0x8400006F) #define FFA_MSG_SEND_DIRECT_REQ_64 U(0xC400006F) diff --git a/core/arch/arm/include/kernel/spmc_sp_handler.h b/core/arch/arm/include/kernel/spmc_sp_handler.h -index f5bda7bf..30c1e469 100644 +index f5bda7bfe7d0..30c1e4691273 100644 --- a/core/arch/arm/include/kernel/spmc_sp_handler.h +++ b/core/arch/arm/include/kernel/spmc_sp_handler.h @@ -25,6 +25,8 @@ void spmc_sp_start_thread(struct thread_smc_args *args); @@ -72,7 +71,7 @@ index f5bda7bf..30c1e469 100644 #endif /* __KERNEL_SPMC_SP_HANDLER_H */ diff --git a/core/arch/arm/kernel/secure_partition.c b/core/arch/arm/kernel/secure_partition.c -index 1d36e90b..6e351e43 100644 +index d386f1e4d211..740be6d22e47 100644 --- a/core/arch/arm/kernel/secure_partition.c +++ b/core/arch/arm/kernel/secure_partition.c @@ -999,6 +999,8 @@ static TEE_Result sp_enter_invoke_cmd(struct ts_session *s, @@ -109,7 +108,7 @@ index 1d36e90b..6e351e43 100644 thread_user_clear_vfp(&ctx->uctx); diff --git a/core/arch/arm/kernel/spmc_sp_handler.c b/core/arch/arm/kernel/spmc_sp_handler.c -index 5d3326fc..f4c7ff81 100644 +index 46a15646ecf0..12681151a796 100644 --- a/core/arch/arm/kernel/spmc_sp_handler.c +++ b/core/arch/arm/kernel/spmc_sp_handler.c @@ -366,6 +366,32 @@ cleanup: @@ -146,7 +145,7 @@ index 5d3326fc..f4c7ff81 100644 { return rxtx && rxtx->rx && rxtx->tx && rxtx->size > 0; diff --git a/core/arch/arm/kernel/thread.c b/core/arch/arm/kernel/thread.c -index 1e7f9f96..8cd4dc96 100644 +index 1e7f9f96b558..8cd4dc961b02 100644 --- a/core/arch/arm/kernel/thread.c +++ b/core/arch/arm/kernel/thread.c @@ -531,6 +531,13 @@ int thread_state_suspend(uint32_t flags, uint32_t cpsr, vaddr_t pc) @@ -164,7 +163,7 @@ index 1e7f9f96..8cd4dc96 100644 if (IS_ENABLED(CFG_VIRTUALIZATION)) diff --git a/core/arch/arm/kernel/thread_spmc.c b/core/arch/arm/kernel/thread_spmc.c -index 3b4ac0b4..bc4e7687 100644 +index 3b4ac0b4e35c..bc4e7687d618 100644 --- a/core/arch/arm/kernel/thread_spmc.c +++ b/core/arch/arm/kernel/thread_spmc.c @@ -45,7 +45,7 @@ struct mem_frag_state { @@ -220,7 +219,7 @@ index 3b4ac0b4..bc4e7687 100644 case FFA_INTERRUPT: itr_core_handler(); diff --git a/core/arch/arm/kernel/thread_spmc_a64.S b/core/arch/arm/kernel/thread_spmc_a64.S -index 21cb6251..7297005a 100644 +index 21cb62513a42..7297005a6038 100644 --- a/core/arch/arm/kernel/thread_spmc_a64.S +++ b/core/arch/arm/kernel/thread_spmc_a64.S @@ -14,6 +14,20 @@ @@ -274,6 +273,3 @@ index 21cb6251..7297005a 100644 mov x2, #FFA_PARAM_MBZ mov w3, #FFA_PARAM_MBZ mov w4, #OPTEE_FFA_YIELDING_CALL_RETURN_INTERRUPT - --- -2.17.1 diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.20.0/0008-core-spmc-configure-SP-s-NS-interrupt-action-based-o.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.20.0/0008-core-spmc-configure-SP-s-NS-interrupt-action-based-o.patch index 6b502d7885..9f7d781e2a 100644 --- a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.20.0/0008-core-spmc-configure-SP-s-NS-interrupt-action-based-o.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.20.0/0008-core-spmc-configure-SP-s-NS-interrupt-action-based-o.patch @@ -1,8 +1,8 @@ -From cad33cffb5be17fc0654aaf03c4d5227ae682e7a Mon Sep 17 00:00:00 2001 +From e7835c526aabd8e5b6db335619a0d86165c587ed Mon Sep 17 00:00:00 2001 From: Imre Kis <imre.kis@arm.com> Date: Tue, 25 Apr 2023 14:19:14 +0200 -Subject: [PATCH] core: spmc: configure SP's NS interrupt action based on - the manifest +Subject: [PATCH] core: spmc: configure SP's NS interrupt action based on the + manifest Used mandatory ns-interrupts-action SP manifest property to configure signaled or queued non-secure interrupt handling. @@ -17,7 +17,7 @@ Change-Id: I843e69e5dbb9613ecd8b95654e8ca1730a594ca6 2 files changed, 63 insertions(+), 5 deletions(-) diff --git a/core/arch/arm/include/kernel/secure_partition.h b/core/arch/arm/include/kernel/secure_partition.h -index 290750936..3bf339d3c 100644 +index 24b0a8cc07d2..51f6b697e5eb 100644 --- a/core/arch/arm/include/kernel/secure_partition.h +++ b/core/arch/arm/include/kernel/secure_partition.h @@ -43,6 +43,8 @@ struct sp_session { @@ -30,7 +30,7 @@ index 290750936..3bf339d3c 100644 }; diff --git a/core/arch/arm/kernel/secure_partition.c b/core/arch/arm/kernel/secure_partition.c -index 52365553b..e54069c17 100644 +index 740be6d22e47..b644e1c72e6a 100644 --- a/core/arch/arm/kernel/secure_partition.c +++ b/core/arch/arm/kernel/secure_partition.c @@ -46,6 +46,10 @@ @@ -146,5 +146,3 @@ index 52365553b..e54069c17 100644 /* Restore rpc_target_info */ thread_get_tsd()->rpc_target_info = rpc_target_info; --- -2.17.1 diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os-tadevkit_3.18.0.bb b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.18.0.bb index ff0baf8cba..ff0baf8cba 100644 --- a/meta-arm/meta-arm/recipes-security/optee/optee-os-tadevkit_3.18.0.bb +++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.18.0.bb diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os-tadevkit_3.20.0.bb b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.20.0.bb index 202caa546e..202caa546e 100644 --- a/meta-arm/meta-arm/recipes-security/optee/optee-os-tadevkit_3.20.0.bb +++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.20.0.bb diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os-ts-3.18.inc b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-ts-3.18.inc index 4dffc46da3..4dffc46da3 100644 --- a/meta-arm/meta-arm/recipes-security/optee/optee-os-ts-3.18.inc +++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-ts-3.18.inc diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os_3.18.0.bb b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.18.0.bb index 41b65c2b64..6e1e6ad4b4 100644 --- a/meta-arm/meta-arm/recipes-security/optee/optee-os_3.18.0.bb +++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.18.0.bb @@ -1,11 +1,14 @@ -require optee-os.inc +require recipes-security/optee/optee-os.inc DEPENDS += "dtc-native" -FILESEXTRAPATHS:prepend := "${THISDIR}/optee-os-3.18.0:" +FILESEXTRAPATHS:prepend := "${THISDIR}/${P}:" SRCREV = "1ee647035939e073a2e8dddb727c0f019cc035f1" -SRC_URI:append = " \ +SRC_URI += " \ + file://0001-allow-setting-sysroot-for-libgcc-lookup.patch \ + file://0002-optee-enable-clang-support.patch \ + file://0003-core-link-add-no-warn-rwx-segments.patch \ file://0004-core-Define-section-attributes-for-clang.patch \ file://0005-core-ldelf-link-add-z-execstack.patch \ file://0006-arm32-libutils-libutee-ta-add-.note.GNU-stack-sectio.patch \ diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os_3.20.0.bb b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.20.0.bb index 2fdfbb5a88..0f3e58ded9 100644 --- a/meta-arm/meta-arm/recipes-security/optee/optee-os_3.20.0.bb +++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.20.0.bb @@ -1,11 +1,14 @@ -require optee-os.inc +require recipes-security/optee/optee-os.inc DEPENDS += "dtc-native" -FILESEXTRAPATHS:prepend := "${THISDIR}/optee-os-3.20.0:" +FILESEXTRAPATHS:prepend := "${THISDIR}/${P}:" SRCREV = "8e74d47616a20eaa23ca692f4bbbf917a236ed94" -SRC_URI:append = " \ +SRC_URI += " \ + file://0001-allow-setting-sysroot-for-libgcc-lookup.patch \ + file://0002-optee-enable-clang-support.patch \ + file://0003-core-link-add-no-warn-rwx-segments.patch \ file://0004-core-Define-section-attributes-for-clang.patch \ file://0005-core-arm-S-EL1-SPMC-boot-ABI-update.patch \ file://0006-core-ffa-add-TOS_FW_CONFIG-handling.patch \ diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-test/Update-arm_ffa_user-driver-dependency.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-test/Update-arm_ffa_user-driver-dependency.patch index e889f74051..e889f74051 100644 --- a/meta-arm/meta-arm/recipes-security/optee/optee-test/Update-arm_ffa_user-driver-dependency.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-test/Update-arm_ffa_user-driver-dependency.patch diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-test/ffa_spmc-Add-arm_ffa_user-driver-compatibility-check.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-test/ffa_spmc-Add-arm_ffa_user-driver-compatibility-check.patch index d333e860a7..d333e860a7 100644 --- a/meta-arm/meta-arm/recipes-security/optee/optee-test/ffa_spmc-Add-arm_ffa_user-driver-compatibility-check.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-test/ffa_spmc-Add-arm_ffa_user-driver-compatibility-check.patch diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-test/musl-workaround.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-test/musl-workaround.patch new file mode 100644 index 0000000000..eed1bd4be1 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-test/musl-workaround.patch @@ -0,0 +1,24 @@ +Hack to work around musl compile error: + In file included from optee-test/3.17.0-r0/recipe-sysroot/usr/include/sys/stat.h:23, + from optee-test/3.17.0-r0/git/host/xtest/regression_1000.c:25: + optee-test/3.17.0-r0/recipe-sysroot/usr/include/bits/stat.h:17:26: error: expected identifier or '(' before '[' token + 17 | unsigned __unused[2]; + | ^ + +stat.h is not needed, since it is not being used in this file. So removing it. + +Upstream-Status: Pending [Not submitted to upstream yet] +Signed-off-by: Jon Mason <jon.mason@arm.com> + +diff --git a/host/xtest/regression_1000.c b/host/xtest/regression_1000.c +index 4264884..7f1baca 100644 +--- a/host/xtest/regression_1000.c ++++ b/host/xtest/regression_1000.c +@@ -22,7 +22,6 @@ + #include <stdio.h> + #include <stdlib.h> + #include <string.h> +-#include <sys/stat.h> + #include <sys/types.h> + #include <ta_arm_bti.h> + #include <ta_concurrent.h> diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-test/run-ptest b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-test/run-ptest new file mode 100755 index 0000000000..ba88c14d3f --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-test/run-ptest @@ -0,0 +1,52 @@ +#!/bin/sh +xtest | awk ' + + # Escapes the special characters in a string so that, when + # included in a regex, it represents a literal match + function regx_escape_literal(str, ret) { + ret = str + gsub(/[\[\]\^\$\.\*\?\+\{\}\\\(\)\|]/ , "\\\\&", str) + return str + } + + # Returns the simple test formatted name + function name(n, ret) { + ret = n + gsub(/\./, " ", ret) + return ret + } + + # Returns the simple test formatted result + function result(res) { + if(res ~ /OK/) { + return "PASS" + } else if(res ~ /FAILED/) { + return "FAIL" + } + } + + function parse(name, description, has_subtests, result_line) { + has_subtests = 0 + + # Consume every line up to the result line + result_line = " " regx_escape_literal(name) " (OK|FAILED)" + do { + getline + + # If this is a subtest (denoted by an "o" bullet) then subparse + if($0 ~ /^o /) { + parse($2, description " : " substr($0, index($0, $3))) + has_subtests = 1 + } + } while ($0 !~ result_line) + + # Only print the results for the deepest nested subtests + if(!has_subtests) { + print result($2) ": " name(name) " - " description + } + } + + # Start parsing at the beginning of every test (denoted by a "*" bullet) + /^\* / { parse($2, substr($0, index($0, $3))) } + +' diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-test_3.18.0.bb b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-test_3.18.0.bb index 0570687642..436733ea09 100644 --- a/meta-arm/meta-arm/recipes-security/optee/optee-test_3.18.0.bb +++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-test_3.18.0.bb @@ -1,6 +1,6 @@ -require optee-test.inc +require recipes-security/optee/optee-test.inc -SRC_URI:append = " \ +SRC_URI += " \ file://musl-workaround.patch \ " SRCREV = "da5282a011b40621a2cf7a296c11a35c833ed91b" diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-test_3.20.0.bb b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-test_3.20.0.bb index 50f5afe718..03ea9116c5 100644 --- a/meta-arm/meta-arm/recipes-security/optee/optee-test_3.20.0.bb +++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-test_3.20.0.bb @@ -1,12 +1,12 @@ -require optee-test.inc +require recipes-security/optee/optee-test.inc -SRC_URI:append = " \ +SRC_URI += " \ file://Update-arm_ffa_user-driver-dependency.patch \ file://ffa_spmc-Add-arm_ffa_user-driver-compatibility-check.patch \ file://musl-workaround.patch \ " SRCREV = "5db8ab4c733d5b2f4afac3e9aef0a26634c4b444" -EXTRA_OEMAKE:append:libc-musl = " OPTEE_OPENSSL_EXPORT=${STAGING_INCDIR}" -DEPENDS:append:libc-musl = " openssl" -CFLAGS:append:libc-musl = " -Wno-error=deprecated-declarations" +EXTRA_OEMAKE:append = " OPTEE_OPENSSL_EXPORT=${STAGING_INCDIR}" +DEPENDS:append = " openssl" +CFLAGS:append = " -Wno-error=deprecated-declarations" diff --git a/meta-arm/meta-arm-toolchain/recipes-devtools/external-arm-toolchain/gcc-aarch64-none-elf_12.2.rel1.bb b/meta-arm/meta-arm-toolchain/recipes-devtools/external-arm-toolchain/gcc-aarch64-none-elf_12.2.rel1.bb index b3b09baebf..db8851eb06 100644 --- a/meta-arm/meta-arm-toolchain/recipes-devtools/external-arm-toolchain/gcc-aarch64-none-elf_12.2.rel1.bb +++ b/meta-arm/meta-arm-toolchain/recipes-devtools/external-arm-toolchain/gcc-aarch64-none-elf_12.2.rel1.bb @@ -11,8 +11,6 @@ LICENSE = "GPL-3.0-with-GCC-exception & GPL-3.0-only" LIC_FILES_CHKSUM:aarch64 = "file://share/doc/gcc/Copying.html;md5=0aef214b835259b64f026f4ad00c703e" LIC_FILES_CHKSUM:x86-64 = "file://share/doc/gcc/Copying.html;md5=7ba3bc8ef145b48e2756a844db2029a3" -PROVIDES = "virtual/aarch64-none-elf-gcc" - SRC_URI = "https://developer.arm.com/-/media/Files/downloads/gnu/${PV}/binrel/arm-gnu-toolchain-${PV}-${HOST_ARCH}-${BINNAME}.tar.xz;name=gcc-${HOST_ARCH}" SRC_URI[gcc-aarch64.sha256sum] = "570a9bd42e2067d79d59b0747891681ebec66f30d989d17a05856563fe38f78b" SRC_URI[gcc-x86_64.sha256sum] = "62d66e0ad7bd7f2a183d236ee301a5c73c737c886c7944aa4f39415aab528daf" diff --git a/meta-arm/meta-arm-toolchain/recipes-devtools/external-arm-toolchain/gcc-arm-none-eabi_12.2.rel1.bb b/meta-arm/meta-arm-toolchain/recipes-devtools/external-arm-toolchain/gcc-arm-none-eabi_12.2.rel1.bb index 948933b98b..48ddd16317 100644 --- a/meta-arm/meta-arm-toolchain/recipes-devtools/external-arm-toolchain/gcc-arm-none-eabi_12.2.rel1.bb +++ b/meta-arm/meta-arm-toolchain/recipes-devtools/external-arm-toolchain/gcc-arm-none-eabi_12.2.rel1.bb @@ -11,8 +11,6 @@ LICENSE = "GPL-3.0-with-GCC-exception & GPL-3.0-only" LIC_FILES_CHKSUM:aarch64 = "file://share/doc/gcc/Copying.html;md5=0aef214b835259b64f026f4ad00c703e" LIC_FILES_CHKSUM:x86-64 = "file://share/doc/gcc/Copying.html;md5=7ba3bc8ef145b48e2756a844db2029a3" -PROVIDES = "virtual/arm-none-eabi-gcc" - SRC_URI = "https://developer.arm.com/-/media/Files/downloads/gnu/${PV}/binrel/arm-gnu-toolchain-${PV}-${HOST_ARCH}-${BINNAME}.tar.xz;name=gcc-${HOST_ARCH}" SRC_URI[gcc-aarch64.sha256sum] = "7ee332f7558a984e239e768a13aed86c6c3ac85c90b91d27f4ed38d7ec6b3e8c" SRC_URI[gcc-x86_64.sha256sum] = "84be93d0f9e96a15addd490b6e237f588c641c8afdf90e7610a628007fc96867" diff --git a/meta-arm/meta-arm/classes/wic_nopt.bbclass b/meta-arm/meta-arm/classes/wic_nopt.bbclass index 9c78fd77af..529bf138a4 100644 --- a/meta-arm/meta-arm/classes/wic_nopt.bbclass +++ b/meta-arm/meta-arm/classes/wic_nopt.bbclass @@ -6,4 +6,4 @@ IMAGE_TYPES:append = " wic.nopt" CONVERSIONTYPES += "nopt" # 1024 bytes are skipped which corresponds to the size of the partition table header to remove -CONVERSION_CMD:nopt = "tail -c +1025 ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type} > ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}.nopt" +CONVERSION_CMD:nopt = "tail -c +1025 ${IMAGE_NAME}.${type} > ${IMAGE_NAME}.${type}.nopt" diff --git a/meta-arm/meta-arm/conf/machine/qemuarm-secureboot.conf b/meta-arm/meta-arm/conf/machine/qemuarm-secureboot.conf index db02dc6891..f08b84fe5e 100644 --- a/meta-arm/meta-arm/conf/machine/qemuarm-secureboot.conf +++ b/meta-arm/meta-arm/conf/machine/qemuarm-secureboot.conf @@ -21,6 +21,3 @@ WKS_FILE_DEPENDS = "trusted-firmware-a" IMAGE_BOOT_FILES = "${KERNEL_IMAGETYPE}" MACHINE_FEATURES += "optee-ftpm" - -PREFERRED_VERSION_optee-os ?= "3.18.%" - diff --git a/meta-arm/meta-arm/lib/oeqa/controllers/fvp.py b/meta-arm/meta-arm/lib/oeqa/controllers/fvp.py index 38484072e0..80f72aab6b 100644 --- a/meta-arm/meta-arm/lib/oeqa/controllers/fvp.py +++ b/meta-arm/meta-arm/lib/oeqa/controllers/fvp.py @@ -1,3 +1,5 @@ +import contextlib +import enum import pathlib import pexpect import os @@ -5,12 +7,20 @@ import os from oeqa.core.target.ssh import OESSHTarget from fvp import runner +class OEFVPTargetState(str, enum.Enum): + OFF = "off" + ON = "on" + LINUX = "linux" -class OEFVPSSHTarget(OESSHTarget): + +class OEFVPTarget(OESSHTarget): """ - Base class for meta-arm FVP targets. - Contains common logic to start and stop an FVP. + For compatibility with OE-core test cases, this target's start() method + waits for a Linux shell before returning to ensure that SSH commands work + with the default test dependencies. """ + DEFAULT_CONSOLE = "default" + def __init__(self, logger, target_ip, server_ip, timeout=300, user='root', port=None, dir_image=None, rootfs=None, bootlog=None, **kwargs): super().__init__(logger, target_ip, server_ip, timeout, user, port) @@ -19,90 +29,58 @@ class OEFVPSSHTarget(OESSHTarget): basename = pathlib.Path(rootfs) basename = basename.name.replace("".join(basename.suffixes), "") self.fvpconf = image_dir / (basename + ".fvpconf") - self.bootlog = bootlog - if not self.fvpconf.exists(): raise FileNotFoundError(f"Cannot find {self.fvpconf}") - def _after_start(self): - pass - - def start(self, **kwargs): - self.fvp_log = self._create_logfile("fvp") - self.fvp = runner.FVPRunner(self.logger) - self.fvp.start(self.fvpconf, stdout=self.fvp_log) - self.logger.debug(f"Started FVP PID {self.fvp.pid()}") - self._after_start() - - def stop(self, **kwargs): - returncode = self.fvp.stop() - self.logger.debug(f"Stopped FVP with return code {returncode}") - - def _create_logfile(self, name): - if not self.bootlog: - return None - - test_log_path = pathlib.Path(self.bootlog).parent - test_log_suffix = pathlib.Path(self.bootlog).suffix - fvp_log_file = f"{name}_log{test_log_suffix}" - fvp_log_path = pathlib.Path(test_log_path, fvp_log_file) - fvp_log_symlink = pathlib.Path(test_log_path, f"{name}_log") - try: - os.remove(fvp_log_symlink) - except: - pass - os.symlink(fvp_log_file, fvp_log_symlink) - return open(fvp_log_path, 'wb') - - -class OEFVPTarget(OEFVPSSHTarget): - """ - For compatibility with OE-core test cases, this target's start() method - waits for a Linux shell before returning to ensure that SSH commands work - with the default test dependencies. - """ - def __init__(self, logger, target_ip, server_ip, **kwargs): - super().__init__(logger, target_ip, server_ip, **kwargs) - self.logfile = self.bootlog and open(self.bootlog, "wb") or None - - # FVPs boot slowly, so allow ten minutes - self.boot_timeout = 10 * 60 - - def _after_start(self): - with open(self.fvp_log.name, 'rb') as logfile: - parser = runner.ConsolePortParser(logfile) - config = self.fvp.getConfig() - self.logger.debug(f"Awaiting console on terminal {config['consoles']['default']}") - port = parser.parse_port(config['consoles']['default']) - console = self.fvp.create_pexpect(port) + self.bootlog = bootlog + self.terminals = {} + self.stack = None + self.state = OEFVPTargetState.OFF + + def transition(self, state, timeout=10*60): + if state == self.state: + return + + if state == OEFVPTargetState.OFF: + returncode = self.fvp.stop() + self.logger.debug(f"Stopped FVP with return code {returncode}") + self.stack.close() + elif state == OEFVPTargetState.ON: + self.transition(OEFVPTargetState.OFF, timeout) + self.stack = contextlib.ExitStack() + self.fvp = runner.FVPRunner(self.logger) + self.fvp_log = self._create_logfile("fvp", "wb") + self.fvp.start(self.fvpconf, stdout=self.fvp_log) + self.logger.debug(f"Started FVP PID {self.fvp.pid()}") + self._setup_consoles() + elif state == OEFVPTargetState.LINUX: + self.transition(OEFVPTargetState.ON, timeout) try: - console.expect("login\\:", timeout=self.boot_timeout) + self.expect(OEFVPTarget.DEFAULT_CONSOLE, "login\\:", timeout=timeout) self.logger.debug("Found login prompt") + self.state = OEFVPTargetState.LINUX except pexpect.TIMEOUT: self.logger.info("Timed out waiting for login prompt.") self.logger.info("Boot log follows:") - self.logger.info(b"\n".join(console.before.splitlines()[-200:]).decode("utf-8", errors="replace")) + self.logger.info(b"\n".join(self.before(OEFVPTarget.DEFAULT_CONSOLE).splitlines()[-200:]).decode("utf-8", errors="replace")) raise RuntimeError("Failed to start FVP.") + self.logger.info(f"Transitioned to {state}") + self.state = state -class OEFVPSerialTarget(OEFVPSSHTarget): - """ - This target is intended for interaction with the target over one or more - telnet consoles using pexpect. - - This still depends on OEFVPSSHTarget so SSH commands can still be run on - the target, but note that this class does not inherently guarantee that - the SSH server is running prior to running test cases. Test cases that use - SSH should first validate that SSH is available, e.g. by depending on the - "linuxboot" test case in meta-arm. - """ - DEFAULT_CONSOLE = "default" + def start(self, **kwargs): + # No-op - put the FVP in the required state lazily + pass - def __init__(self, logger, target_ip, server_ip, **kwargs): - super().__init__(logger, target_ip, server_ip, **kwargs) - self.terminals = {} + def stop(self, **kwargs): + self.transition(OEFVPTargetState.OFF) - def _after_start(self): + def run(self, cmd, timeout=None): + # Running a command implies the LINUX state + self.transition(OEFVPTargetState.LINUX) + return super().run(cmd, timeout) + + def _setup_consoles(self): with open(self.fvp_log.name, 'rb') as logfile: parser = runner.ConsolePortParser(logfile) config = self.fvp.getConfig() @@ -115,10 +93,27 @@ class OEFVPSerialTarget(OEFVPSSHTarget): # testimage.bbclass expects to see a log file at `bootlog`, # so make a symlink to the 'default' log file - if name == 'default': - default_test_file = f"{name}_log{self.test_log_suffix}" + test_log_suffix = pathlib.Path(self.bootlog).suffix + default_test_file = f"{name}_log{test_log_suffix}" + if name == 'default' and not os.path.exists(self.bootlog): os.symlink(default_test_file, self.bootlog) + def _create_logfile(self, name, mode='ab'): + if not self.bootlog: + return None + + test_log_path = pathlib.Path(self.bootlog).parent + test_log_suffix = pathlib.Path(self.bootlog).suffix + fvp_log_file = f"{name}_log{test_log_suffix}" + fvp_log_path = pathlib.Path(test_log_path, fvp_log_file) + fvp_log_symlink = pathlib.Path(test_log_path, f"{name}_log") + try: + os.remove(fvp_log_symlink) + except: + pass + os.symlink(fvp_log_file, fvp_log_symlink) + return self.stack.enter_context(open(fvp_log_path, mode)) + def _get_terminal(self, name): return self.terminals[name] @@ -137,3 +132,7 @@ class OEFVPSerialTarget(OEFVPSSHTarget): return attr return call_pexpect + + @property + def config(self): + return self.fvp.getConfig() diff --git a/meta-arm/meta-arm/lib/oeqa/runtime/cases/fvp_boot.py b/meta-arm/meta-arm/lib/oeqa/runtime/cases/fvp_boot.py new file mode 100644 index 0000000000..dce52776e5 --- /dev/null +++ b/meta-arm/meta-arm/lib/oeqa/runtime/cases/fvp_boot.py @@ -0,0 +1,25 @@ +# SPDX-License-Identifier: MIT + +from oeqa.runtime.case import OERuntimeTestCase +import pexpect + + +class FVPBootTest(OERuntimeTestCase): + """ + This test waits for a Linux login prompt on the default console. It is + dependent on the OEFVPTarget test controller + """ + + def test_fvp_boot(self): + self.target.transition("off") + timeout = int(self.td.get('TEST_FVP_LINUX_BOOT_TIMEOUT') or 10*60) + self.target.transition("linux", timeout) + + # Check for common error patterns on all consoles + for console in self.target.config['consoles']: + # "expect" a timeout when searching for the error patterns + match = self.target.expect(console, + [br'(\[ERR\]|\[ERROR\]|ERROR\:)', + pexpect.TIMEOUT], + timeout=0) + self.assertEqual(match, 1) diff --git a/meta-arm/meta-arm/lib/oeqa/runtime/cases/fvp_devices.py b/meta-arm/meta-arm/lib/oeqa/runtime/cases/fvp_devices.py new file mode 100644 index 0000000000..0246e76a94 --- /dev/null +++ b/meta-arm/meta-arm/lib/oeqa/runtime/cases/fvp_devices.py @@ -0,0 +1,130 @@ +from oeqa.runtime.case import OERuntimeTestCase +from oeqa.core.decorator.data import skipIfNotInDataVar +from oeqa.core.decorator.depends import OETestDepends + + +class FvpDevicesTest(OERuntimeTestCase): + def run_cmd(self, cmd, check=True): + """ + A wrapper around self.target.run, which: + * Fails the test on command failure by default + * Allows the "run" behavior to be overridden in sub-classes + """ + (status, output) = self.target.run(cmd) + if status and check: + self.fail("Command '%s' returned non-zero exit " + "status %d:\n%s" % (cmd, status, output)) + + return (status, output) + + def check_devices(self, cls, min_count, search_drivers): + # Find all the devices of the specified class + cmd = f'find "/sys/class/{cls}" -type l -maxdepth 1' + _, output = self.run_cmd(cmd) + + devices = output.split() + self.assertGreaterEqual(len(devices), + min_count, + msg='Device count is lower than expected') + + # Assert that at least one of the devices uses at least one of the + # drivers + drivers = set() + for device in devices: + cmd = f'basename "$(readlink "{device}/device/driver")"' + _, output = self.run_cmd(cmd) + drivers.update(output.split()) + + self.assertTrue(drivers & set(search_drivers), + msg='No device uses either of the drivers: ' + + str(search_drivers)) + + def check_rng(self, hw_random, dev): + cmd = f'cat {hw_random} | grep {dev}' + self.run_cmd(cmd) + + def set_cpu(self, cpu_num, flag): + # Issue echo command + self.run_cmd( + f'echo "{flag}" > "/sys/devices/system/cpu/cpu{cpu_num}/online"', + check = False, + ) + _, output = self.run_cmd( + f'cat "/sys/devices/system/cpu/cpu{cpu_num}/online"' + ) + + return output == flag + + def enable_cpu(self, cpu_num): + return self.set_cpu(cpu_num, "1") + + def disable_cpu(self, cpu_num): + return self.set_cpu(cpu_num, "0") + + @OETestDepends(['ssh.SSHTest.test_ssh']) + @skipIfNotInDataVar('TEST_FVP_DEVICES', 'cpu_hotplug', + 'cpu_hotplug not included in BSP tests') + def test_cpu_hotplug(self): + _, cpus = self.run_cmd('find /sys/firmware/devicetree/base/cpus/' + ' -name "cpu@*" -maxdepth 1 | wc -l') + + try: + count_cpus = int(cpus) + except ValueError: + self.fail(f"Expected number of CPUs, but found this:\n{cpus}") + + self.num_cpus = int(self.td.get('TEST_CPU_HOTPLUG_NUM_CPUS', + count_cpus)) + try: + # Test that all cores are online + _, cpus = self.run_cmd('grep -c "processor" /proc/cpuinfo') + self.assertEqual(int(cpus), self.num_cpus) + # Don't try to disable here the only cpu present in the system. + if self.num_cpus > 1: + # Test that we can stop each core individually + for i in range(self.num_cpus): + self.assertTrue(self.disable_cpu(i)) + self.assertTrue(self.enable_cpu(i)) + + # Test that we cannot disable all cores + for i in range(self.num_cpus - 1): + self.assertTrue(self.disable_cpu(i)) + # Disabling last core should trigger an error + self.assertFalse(self.disable_cpu(self.num_cpus - 1)) + finally: + # Ensure all CPUs are re-enabled + for i in range(self.num_cpus): + self.enable_cpu(i) + + @OETestDepends(['ssh.SSHTest.test_ssh']) + @skipIfNotInDataVar('TEST_FVP_DEVICES', 'rtc', + 'rtc device not included in BSP tests') + def test_rtc(self): + self.check_devices("rtc", 1, ["rtc-pl031"]) + self.run_cmd('hwclock') + + @OETestDepends(['ssh.SSHTest.test_ssh']) + @skipIfNotInDataVar('TEST_FVP_DEVICES', 'watchdog', + 'watchdog device not included in BSP tests') + def test_watchdog(self): + self.check_devices("watchdog", 1, ["sp805-wdt", "sbsa-gwdt"]) + + @OETestDepends(['ssh.SSHTest.test_ssh']) + @skipIfNotInDataVar('TEST_FVP_DEVICES', 'networking', + 'networking device not included in BSP tests') + def test_networking(self): + self.check_devices("net", 2, ["virtio_net", "vif"]) + + # Check that outbound network connections work + self.run_cmd('wget -O /dev/null "https://www.arm.com"') + + @OETestDepends(['ssh.SSHTest.test_ssh']) + @skipIfNotInDataVar('TEST_FVP_DEVICES', 'virtiorng', + 'virtiorng device not included in BSP tests') + def test_virtiorng(self): + self.check_rng('/sys/devices/virtual/misc/hw_random/rng_available', + 'virtio_rng.0') + self.check_rng('/sys/devices/virtual/misc/hw_random/rng_current', + 'virtio_rng.0') + + self.run_cmd('hexdump -n 32 /dev/hwrng') diff --git a/meta-arm/meta-arm/lib/oeqa/runtime/cases/linuxboot.py b/meta-arm/meta-arm/lib/oeqa/runtime/cases/linuxboot.py deleted file mode 100644 index 99a8e78bd1..0000000000 --- a/meta-arm/meta-arm/lib/oeqa/runtime/cases/linuxboot.py +++ /dev/null @@ -1,19 +0,0 @@ -# SPDX-License-Identifier: MIT - -from oeqa.runtime.case import OERuntimeTestCase - - -class LinuxBootTest(OERuntimeTestCase): - """ - This test case is only compatible with the OEFVPSerialTarget as it uses - the pexpect interface. It waits for a Linux login prompt on the default - console. - """ - - def setUp(self): - self.console = self.target.DEFAULT_CONSOLE - self.timeout = int(self.td.get('TEST_FVP_LINUX_BOOT_TIMEOUT') or 10*60) - - def test_linux_boot(self): - self.logger.info(f"{self.console}: Waiting for login prompt") - self.target.expect(self.console, r"login\:", self.timeout) diff --git a/meta-arm/meta-arm/recipes-bsp/scp-firmware/files/optee-private-includes.patch b/meta-arm/meta-arm/recipes-bsp/scp-firmware/files/optee-private-includes.patch new file mode 100644 index 0000000000..c2d860228e --- /dev/null +++ b/meta-arm/meta-arm/recipes-bsp/scp-firmware/files/optee-private-includes.patch @@ -0,0 +1,34 @@ +Change the optee module includes to be private instead of public, so they don't get used +in every build, which can result in compile failures as /core/include/ doesn't exit. + +For some reason this behaviour isn't deterministic, a ticket has been filed with upstream. + +Upstream-Status: Pending +Signed-off-by: Ross Burton <ross.burton@arm.com> + +diff --git a/module/optee/console/CMakeLists.txt b/module/optee/console/CMakeLists.txt +index aebb7cc79..942aa98c8 100644 +--- a/module/optee/console/CMakeLists.txt ++++ b/module/optee/console/CMakeLists.txt +@@ -14,7 +14,7 @@ target_include_directories(${SCP_MODULE_TARGET} + # Those includes are needed for mutex definitnion that is used in optee_smt + # notification + target_include_directories(${SCP_MODULE_TARGET} +- PUBLIC "${SCP_OPTEE_DIR}/core/arch/arm/include/" ++ PRIVATE "${SCP_OPTEE_DIR}/core/arch/arm/include/" + "${SCP_OPTEE_DIR}/core/include/" + "${SCP_OPTEE_DIR}/lib/libutils/ext/include/" + "${SCP_OPTEE_DIR}/lib/libutee/include/") +diff --git a/module/optee/mbx/CMakeLists.txt b/module/optee/mbx/CMakeLists.txt +index 305fa42b7..783a7970c 100644 +--- a/module/optee/mbx/CMakeLists.txt ++++ b/module/optee/mbx/CMakeLists.txt +@@ -15,7 +15,7 @@ target_include_directories(${SCP_MODULE_TARGET} + # Those includes are needed for mutex defifitnion that is used in optee_smt + # notification + target_include_directories(${SCP_MODULE_TARGET} +- PUBLIC "${SCP_OPTEE_DIR}/core/include/" ++ PRIVATE "${SCP_OPTEE_DIR}/core/include/" + "${SCP_OPTEE_DIR}/lib/libutils/ext/include/" + "${SCP_OPTEE_DIR}/lib/libutee/include/") + diff --git a/meta-arm/meta-arm/recipes-bsp/scp-firmware/scp-firmware_2.12.0.bb b/meta-arm/meta-arm/recipes-bsp/scp-firmware/scp-firmware_2.12.0.bb index 2be5b3076b..58482cd37b 100644 --- a/meta-arm/meta-arm/recipes-bsp/scp-firmware/scp-firmware_2.12.0.bb +++ b/meta-arm/meta-arm/recipes-bsp/scp-firmware/scp-firmware_2.12.0.bb @@ -7,16 +7,16 @@ LIC_FILES_CHKSUM = "file://license.md;beginline=5;md5=9db9e3d2fb8d9300a6c3d15101 file://contrib/cmsis/git/LICENSE.txt;md5=e3fc50a88d0a364313df4b21ef20c29e" SRC_URI_SCP_FIRMWARE ?= "gitsm://github.com/ARM-software/SCP-firmware.git;protocol=https" -SRC_URI = "${SRC_URI_SCP_FIRMWARE};branch=${SRCBRANCH}" -SRCBRANCH = "master" +SRC_URI = "${SRC_URI_SCP_FIRMWARE};branch=${SRCBRANCH} \ + file://optee-private-includes.patch" +SRCBRANCH = "master" SRCREV = "0c7236b1851d90124210a0414fd982dc55322c7c" PROVIDES += "virtual/control-processor-firmware" CMAKE_BUILD_TYPE ?= "RelWithDebInfo" -SCP_PLATFORM ?= "invalid" -SCP_COMPILER ?= "arm-none-eabi" +SCP_PLATFORM ?= "${MACHINE}" SCP_LOG_LEVEL ?= "WARN" SCP_PLATFORM_FEATURE_SET ?= "0" @@ -53,12 +53,14 @@ EXTRA_OECMAKE = "-D CMAKE_BUILD_TYPE=${CMAKE_BUILD_TYPE} \ -D SCP_LOG_LEVEL=${SCP_LOG_LEVEL} \ -D SCP_PLATFORM_FEATURE_SET=${SCP_PLATFORM_FEATURE_SET} \ -D DISABLE_CPPCHECK=1 \ + -D SCP_TOOLCHAIN=GNU \ " do_configure() { for FW in ${FW_TARGETS}; do for TYPE in ${FW_INSTALL}; do - cmake -GNinja ${EXTRA_OECMAKE} -S ${S} -B "${B}/${TYPE}/${FW}" -D SCP_FIRMWARE_SOURCE_DIR="${SCP_PLATFORM}/${FW}_${TYPE}" + bbnote Configuring ${SCP_PLATFORM}/${FW}_${TYPE}... + cmake -GNinja ${EXTRA_OECMAKE} -S ${S} -B "${B}/${TYPE}/${FW}" -D SCP_FIRMWARE_SOURCE_DIR:PATH="${SCP_PLATFORM}/${FW}_${TYPE}" done done } @@ -68,6 +70,7 @@ do_configure[cleandirs] += "${B}" do_compile() { for FW in ${FW_TARGETS}; do for TYPE in ${FW_INSTALL}; do + bbnote Building ${SCP_PLATFORM}/${FW}_${TYPE}... VERBOSE=1 cmake --build ${B}/${TYPE}/${FW} --target all done done diff --git a/meta-arm/meta-arm/recipes-devtools/fvp/fvp-common.inc b/meta-arm/meta-arm/recipes-devtools/fvp/fvp-common.inc index ea3ef678c5..a20959b780 100644 --- a/meta-arm/meta-arm/recipes-devtools/fvp/fvp-common.inc +++ b/meta-arm/meta-arm/recipes-devtools/fvp/fvp-common.inc @@ -1,12 +1,20 @@ HOMEPAGE = "https://developer.arm.com/tools-and-software/simulation-models/fixed-virtual-platforms" -# FVP has an End User License Agreement. Add Arm-FVP-EULA to your -# LICENSE_FLAGS_ACCEPTED if you agree to these terms. LICENSE_FLAGS = "Arm-FVP-EULA" -LICENSE_FLAGS_DETAILS[Arm-FVP-EULA] = "https://developer.arm.com/downloads/-/arm-ecosystem-fvps/eula" - LICENSE = "Proprietary & Apache-2.0 & Python-2.0 & GPL-3.0-with-GCC-exception & Zlib & NCSA & LGPL-2.0-or-later & MIT & BSD-3-Clause" +# FVP has an End User License Agreement. Add Arm-FVP-EULA to +# LICENSE_FLAGS_ACCEPTED if the EULA has been accepted, so it can +# be later checked if the user accepted the EULA or not and if +# not display a message to the user requesting them to do so. +LICENSE_FLAGS_ACCEPTED:append = " ${@oe.utils.vartrue('ARM_FVP_EULA_ACCEPT', 'Arm-FVP-EULA', '', d)}" + +LICENSE_FLAGS_DETAILS[Arm-FVP-EULA] = " \ +Accept the END USER LICENSE AGREEMENT FOR ARM SOFTWARE DEVELOPMENT TOOLS. \ +Please refer to 'https://developer.arm.com/downloads/-/arm-ecosystem-fvps/eula'\ +${@bb.utils.contains('BB_ENV_PASSTHROUGH_ADDITIONS', 'ARM_FVP_EULA_ACCEPT', ' and export ARM_FVP_EULA_ACCEPT to 1', '', d)}.\ +" + COMPATIBLE_HOST = "x86_64.*-linux" # The architecture-specific download filename suffix diff --git a/meta-arm/meta-arm/recipes-devtools/gn/gn_git.bb b/meta-arm/meta-arm/recipes-devtools/gn/gn_git.bb index 3713787a06..4b021bbe4e 100644 --- a/meta-arm/meta-arm/recipes-devtools/gn/gn_git.bb +++ b/meta-arm/meta-arm/recipes-devtools/gn/gn_git.bb @@ -16,7 +16,7 @@ B = "${WORKDIR}/build" # ../git/src/gn/desc_builder.cc: In member function 'base::Value {anonymous}::BaseDescBuilder::ToBaseValue(const Scope*)': # ../git/src/gn/desc_builder.cc:179:21: error: redundant move in return statement [-Werror=redundant-move] # 179 | return std::move(res); -CFLAGS:append = " -Wno-redundant-move" +CXXFLAGS += "-Wno-error=redundant-move" # Map from our _OS strings to the GN's platform values. def gn_platform(variable, d): diff --git a/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto%.bbappend b/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto%.bbappend index 3f2c83fd62..0a42ce4a5d 100644 --- a/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto%.bbappend +++ b/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto%.bbappend @@ -1,12 +1,5 @@ ARMFILESPATHS := "${THISDIR}/files:" -FILESEXTRAPATHS:prepend:aarch64 = "${ARMFILESPATHS}" -SRC_URI:append:aarch64 = " \ - file://0001-Revert-arm64-defconfig-Enable-Tegra-MGBE-driver.patch \ - file://0002-Revert-arm64-defconfig-Add-Nuvoton-NPCM-family-suppo.patch \ - file://0001-gcc-plugins-Reorganize-gimple-includes-for-GCC-13.patch \ - " - COMPATIBLE_MACHINE:generic-arm64 = "generic-arm64" FILESEXTRAPATHS:prepend:generic-arm64 = "${ARMFILESPATHS}" SRC_URI:append:generic-arm64 = " \ diff --git a/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto-rt_6.1%.bbappend b/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto-rt_6.1%.bbappend new file mode 100644 index 0000000000..d0a0ff0e68 --- /dev/null +++ b/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto-rt_6.1%.bbappend @@ -0,0 +1,7 @@ + +FILESEXTRAPATHS:prepend:aarch64 = "${ARMFILESPATHS}" +SRC_URI:append:aarch64 = " \ + file://0001-Revert-arm64-defconfig-Enable-Tegra-MGBE-driver.patch \ + file://0002-Revert-arm64-defconfig-Add-Nuvoton-NPCM-family-suppo.patch \ + file://0001-gcc-plugins-Reorganize-gimple-includes-for-GCC-13.patch \ + " diff --git a/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto_6.1%.bbappend b/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto_6.1%.bbappend new file mode 100644 index 0000000000..d0a0ff0e68 --- /dev/null +++ b/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto_6.1%.bbappend @@ -0,0 +1,7 @@ + +FILESEXTRAPATHS:prepend:aarch64 = "${ARMFILESPATHS}" +SRC_URI:append:aarch64 = " \ + file://0001-Revert-arm64-defconfig-Enable-Tegra-MGBE-driver.patch \ + file://0002-Revert-arm64-defconfig-Add-Nuvoton-NPCM-family-suppo.patch \ + file://0001-gcc-plugins-Reorganize-gimple-includes-for-GCC-13.patch \ + " diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-client_3.22.0.bb b/meta-arm/meta-arm/recipes-security/optee/optee-client_3.22.0.bb new file mode 100644 index 0000000000..d0c75d0c62 --- /dev/null +++ b/meta-arm/meta-arm/recipes-security/optee/optee-client_3.22.0.bb @@ -0,0 +1,7 @@ +require optee-client.inc + +SRCREV = "8533e0e6329840ee96cf81b6453f257204227e6c" + +inherit pkgconfig +DEPENDS += "util-linux" +EXTRA_OEMAKE += "PKG_CONFIG=pkg-config" diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-examples_3.22.0.bb b/meta-arm/meta-arm/recipes-security/optee/optee-examples_3.22.0.bb new file mode 100644 index 0000000000..8322c513f0 --- /dev/null +++ b/meta-arm/meta-arm/recipes-security/optee/optee-examples_3.22.0.bb @@ -0,0 +1,3 @@ +require optee-examples.inc + +SRCREV = "378dc0db2d5dd279f58a3b6cb3f78ffd6b165035" diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.22.0/0001-allow-setting-sysroot-for-libgcc-lookup.patch b/meta-arm/meta-arm/recipes-security/optee/optee-os-3.22.0/0001-allow-setting-sysroot-for-libgcc-lookup.patch new file mode 100644 index 0000000000..392e8d82bd --- /dev/null +++ b/meta-arm/meta-arm/recipes-security/optee/optee-os-3.22.0/0001-allow-setting-sysroot-for-libgcc-lookup.patch @@ -0,0 +1,34 @@ +From 02ea8e616ac615efe3507d627dfba9820d3357f6 Mon Sep 17 00:00:00 2001 +From: Ross Burton <ross.burton@arm.com> +Date: Tue, 26 May 2020 14:38:02 -0500 +Subject: [PATCH] allow setting sysroot for libgcc lookup + +Explicitly pass the new variable LIBGCC_LOCATE_CFLAGS variable when searching +for the compiler libraries as there's no easy way to reliably pass --sysroot +otherwise. + +Upstream-Status: Pending [https://github.com/OP-TEE/optee_os/issues/4188] +Signed-off-by: Ross Burton <ross.burton@arm.com> +--- + mk/gcc.mk | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/mk/gcc.mk b/mk/gcc.mk +index adc77a24f25e..81bfa78ad8d7 100644 +--- a/mk/gcc.mk ++++ b/mk/gcc.mk +@@ -13,11 +13,11 @@ nostdinc$(sm) := -nostdinc -isystem $(shell $(CC$(sm)) \ + -print-file-name=include 2> /dev/null) + + # Get location of libgcc from gcc +-libgcc$(sm) := $(shell $(CC$(sm)) $(CFLAGS$(arch-bits-$(sm))) \ ++libgcc$(sm) := $(shell $(CC$(sm)) $(LIBGCC_LOCATE_CFLAGS) $(CFLAGS$(arch-bits-$(sm))) \ + -print-libgcc-file-name 2> /dev/null) +-libstdc++$(sm) := $(shell $(CXX$(sm)) $(CXXFLAGS$(arch-bits-$(sm))) $(comp-cxxflags$(sm)) \ ++libstdc++$(sm) := $(shell $(CXX$(sm)) $(LIBGCC_LOCATE_CFLAGS) $(CXXFLAGS$(arch-bits-$(sm))) $(comp-cxxflags$(sm)) \ + -print-file-name=libstdc++.a 2> /dev/null) +-libgcc_eh$(sm) := $(shell $(CXX$(sm)) $(CXXFLAGS$(arch-bits-$(sm))) $(comp-cxxflags$(sm)) \ ++libgcc_eh$(sm) := $(shell $(CXX$(sm)) $(LIBGCC_LOCATE_CFLAGS) $(CXXFLAGS$(arch-bits-$(sm))) $(comp-cxxflags$(sm)) \ + -print-file-name=libgcc_eh.a 2> /dev/null) + + # Define these to something to discover accidental use diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.22.0/0002-core-Define-section-attributes-for-clang.patch b/meta-arm/meta-arm/recipes-security/optee/optee-os-3.22.0/0002-core-Define-section-attributes-for-clang.patch new file mode 100644 index 0000000000..15bdf07df2 --- /dev/null +++ b/meta-arm/meta-arm/recipes-security/optee/optee-os-3.22.0/0002-core-Define-section-attributes-for-clang.patch @@ -0,0 +1,240 @@ +From 6f588813a170a671ebf1d6b51cebc7bc761295dc Mon Sep 17 00:00:00 2001 +From: Emekcan Aras <emekcan.aras@arm.com> +Date: Wed, 21 Dec 2022 10:55:58 +0000 +Subject: [PATCH] core: Define section attributes for clang + +Clang's attribute section is not same as gcc, here we need to add flags +to sections so they can be eventually collected by linker into final +output segments. Only way to do so with clang is to use + +pragma clang section ... + +The behavious is described here [1], this allows us to define names bss +sections. This was not an issue until clang-15 where LLD linker starts +to detect the section flags before merging them and throws the following +errors + +| ld.lld: error: section type mismatch for .nozi.kdata_page +| >>> /mnt/b/yoe/master/build/tmp/work/qemuarm64-yoe-linux/optee-os-tadevkit/3.17.0-r0/build/core/arch/arm/kernel/thread.o:(.nozi.kdata_page): SHT_PROGBITS +| >>> output section .nozi: SHT_NOBITS +| +| ld.lld: error: section type mismatch for .nozi.mmu.l2 +| >>> /mnt/b/yoe/master/build/tmp/work/qemuarm64-yoe-linux/optee-os-tadevkit/3.17.0-r0/build/core/arch/arm/mm/core_mmu_lpae.o:(.nozi.mmu.l2): SHT_PROGBITS +| >>> output section .nozi: SHT_NOBITS + +These sections should be carrying SHT_NOBITS but so far it was not +possible to do so, this patch tries to use clangs pragma to get this +going and match the functionality with gcc. + +[1] https://intel.github.io/llvm-docs/clang/LanguageExtensions.html#specifying-section-names-for-global-objects-pragma-clang-section + +Upstream-Status: Pending +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + core/arch/arm/kernel/thread.c | 19 +++++++++++++++-- + core/arch/arm/mm/core_mmu_lpae.c | 35 +++++++++++++++++++++++++++---- + core/arch/arm/mm/core_mmu_v7.c | 36 +++++++++++++++++++++++++++++--- + core/arch/arm/mm/pgt_cache.c | 12 ++++++++++- + core/kernel/thread.c | 13 +++++++++++- + 5 files changed, 104 insertions(+), 11 deletions(-) + +diff --git a/core/arch/arm/kernel/thread.c b/core/arch/arm/kernel/thread.c +index 4487ef026df9..f3624389611b 100644 +--- a/core/arch/arm/kernel/thread.c ++++ b/core/arch/arm/kernel/thread.c +@@ -44,15 +44,30 @@ static size_t thread_user_kcode_size __nex_bss; + #if defined(CFG_CORE_UNMAP_CORE_AT_EL0) && \ + defined(CFG_CORE_WORKAROUND_SPECTRE_BP_SEC) && defined(ARM64) + long thread_user_kdata_sp_offset __nex_bss; ++#ifdef __clang__ ++#ifndef CFG_VIRTUALIZATION ++#pragma clang section bss=".nozi.kdata_page" ++#else ++#pragma clang section bss=".nex_nozi.kdata_page" ++#endif ++#endif + static uint8_t thread_user_kdata_page[ + ROUNDUP(sizeof(struct thread_core_local) * CFG_TEE_CORE_NB_CORE, + SMALL_PAGE_SIZE)] + __aligned(SMALL_PAGE_SIZE) ++#ifndef __clang__ + #ifndef CFG_NS_VIRTUALIZATION +- __section(".nozi.kdata_page"); ++ __section(".nozi.kdata_page") + #else +- __section(".nex_nozi.kdata_page"); ++ __section(".nex_nozi.kdata_page") + #endif ++#endif ++ ; ++#endif ++ ++/* reset BSS section to default ( .bss ) */ ++#ifdef __clang__ ++#pragma clang section bss="" + #endif + + #ifdef ARM32 +diff --git a/core/arch/arm/mm/core_mmu_lpae.c b/core/arch/arm/mm/core_mmu_lpae.c +index 7e79f780ad28..ec4db9dc98c5 100644 +--- a/core/arch/arm/mm/core_mmu_lpae.c ++++ b/core/arch/arm/mm/core_mmu_lpae.c +@@ -233,19 +233,46 @@ typedef uint16_t l1_idx_t; + typedef uint64_t base_xlat_tbls_t[CFG_TEE_CORE_NB_CORE][NUM_BASE_LEVEL_ENTRIES]; + typedef uint64_t xlat_tbl_t[XLAT_TABLE_ENTRIES]; + ++#ifdef __clang__ ++#pragma clang section bss=".nozi.mmu.base_table" ++#endif + static base_xlat_tbls_t base_xlation_table[NUM_BASE_TABLES] + __aligned(NUM_BASE_LEVEL_ENTRIES * XLAT_ENTRY_SIZE) +- __section(".nozi.mmu.base_table"); ++#ifndef __clang__ ++ __section(".nozi.mmu.base_table") ++#endif ++; ++#ifdef __clang__ ++#pragma clang section bss="" ++#endif + ++#ifdef __clang__ ++#pragma clang section bss=".nozi.mmu.l2" ++#endif + static xlat_tbl_t xlat_tables[MAX_XLAT_TABLES] +- __aligned(XLAT_TABLE_SIZE) __section(".nozi.mmu.l2"); ++ __aligned(XLAT_TABLE_SIZE) ++#ifndef __clang__ ++ __section(".nozi.mmu.l2") ++#endif ++; ++#ifdef __clang__ ++#pragma clang section bss="" ++#endif + + #define XLAT_TABLES_SIZE (sizeof(xlat_tbl_t) * MAX_XLAT_TABLES) + ++#ifdef __clang__ ++#pragma clang section bss=".nozi.mmu.l2" ++#endif + /* MMU L2 table for TAs, one for each thread */ + static xlat_tbl_t xlat_tables_ul1[CFG_NUM_THREADS] +- __aligned(XLAT_TABLE_SIZE) __section(".nozi.mmu.l2"); +- ++#ifndef __clang__ ++ __aligned(XLAT_TABLE_SIZE) __section(".nozi.mmu.l2") ++#endif ++; ++#ifdef __clang__ ++#pragma clang section bss="" ++#endif + /* + * TAs page table entry inside a level 1 page table. + * +diff --git a/core/arch/arm/mm/core_mmu_v7.c b/core/arch/arm/mm/core_mmu_v7.c +index 61e703da89c8..1960c08ca688 100644 +--- a/core/arch/arm/mm/core_mmu_v7.c ++++ b/core/arch/arm/mm/core_mmu_v7.c +@@ -204,16 +204,46 @@ typedef uint32_t l1_xlat_tbl_t[NUM_L1_ENTRIES]; + typedef uint32_t l2_xlat_tbl_t[NUM_L2_ENTRIES]; + typedef uint32_t ul1_xlat_tbl_t[NUM_UL1_ENTRIES]; + ++#ifdef __clang__ ++#pragma clang section bss=".nozi.mmu.l1" ++#endif + static l1_xlat_tbl_t main_mmu_l1_ttb +- __aligned(L1_ALIGNMENT) __section(".nozi.mmu.l1"); ++ __aligned(L1_ALIGNMENT) ++#ifndef __clang__ ++ __section(".nozi.mmu.l1") ++#endif ++; ++#ifdef __clang__ ++#pragma clang section bss="" ++#endif + + /* L2 MMU tables */ ++#ifdef __clang__ ++#pragma clang section bss=".nozi.mmu.l2" ++#endif + static l2_xlat_tbl_t main_mmu_l2_ttb[MAX_XLAT_TABLES] +- __aligned(L2_ALIGNMENT) __section(".nozi.mmu.l2"); ++ __aligned(L2_ALIGNMENT) ++#ifndef __clang__ ++ __section(".nozi.mmu.l2") ++#endif ++; ++#ifdef __clang__ ++#pragma clang section bss="" ++#endif + + /* MMU L1 table for TAs, one for each thread */ ++#ifdef __clang__ ++#pragma clang section bss=".nozi.mmu.ul1" ++#endif + static ul1_xlat_tbl_t main_mmu_ul1_ttb[CFG_NUM_THREADS] +- __aligned(UL1_ALIGNMENT) __section(".nozi.mmu.ul1"); ++ __aligned(UL1_ALIGNMENT) ++#ifndef __clang__ ++ __section(".nozi.mmu.ul1") ++#endif ++; ++#ifdef __clang__ ++#pragma clang section bss="" ++#endif + + struct mmu_partition { + l1_xlat_tbl_t *l1_table; +diff --git a/core/arch/arm/mm/pgt_cache.c b/core/arch/arm/mm/pgt_cache.c +index 79553c6d2183..b9efdf42780b 100644 +--- a/core/arch/arm/mm/pgt_cache.c ++++ b/core/arch/arm/mm/pgt_cache.c +@@ -410,8 +410,18 @@ void pgt_init(void) + * has a large alignment, while .bss has a small alignment. The current + * link script is optimized for small alignment in .bss + */ ++#ifdef __clang__ ++#pragma clang section bss=".nozi.mmu.l2" ++#endif + static uint8_t pgt_tables[PGT_CACHE_SIZE][PGT_SIZE] +- __aligned(PGT_SIZE) __section(".nozi.pgt_cache"); ++ __aligned(PGT_SIZE) ++#ifndef __clang__ ++ __section(".nozi.pgt_cache") ++#endif ++ ; ++#ifdef __clang__ ++#pragma clang section bss="" ++#endif + size_t n; + + for (n = 0; n < ARRAY_SIZE(pgt_tables); n++) { +diff --git a/core/kernel/thread.c b/core/kernel/thread.c +index 2a1f22dce635..5516b677141a 100644 +--- a/core/kernel/thread.c ++++ b/core/kernel/thread.c +@@ -39,13 +39,24 @@ static uint32_t end_canary_value = 0xababab00; + name[stack_num][sizeof(name[stack_num]) / sizeof(uint32_t) - 1] + #endif + ++#define DO_PRAGMA(x) _Pragma (#x) ++ ++#ifdef __clang__ ++#define DECLARE_STACK(name, num_stacks, stack_size, linkage) \ ++DO_PRAGMA (clang section bss=".nozi_stack." #name) \ ++linkage uint32_t name[num_stacks] \ ++ [ROUNDUP(stack_size + STACK_CANARY_SIZE + STACK_CHECK_EXTRA, \ ++ STACK_ALIGNMENT) / sizeof(uint32_t)] \ ++ __attribute__((aligned(STACK_ALIGNMENT))); \ ++DO_PRAGMA(clang section bss="") ++#else + #define DECLARE_STACK(name, num_stacks, stack_size, linkage) \ + linkage uint32_t name[num_stacks] \ + [ROUNDUP(stack_size + STACK_CANARY_SIZE + STACK_CHECK_EXTRA, \ + STACK_ALIGNMENT) / sizeof(uint32_t)] \ + __attribute__((section(".nozi_stack." # name), \ + aligned(STACK_ALIGNMENT))) +- ++#endif + #define GET_STACK(stack) ((vaddr_t)(stack) + STACK_SIZE(stack)) + + DECLARE_STACK(stack_tmp, CFG_TEE_CORE_NB_CORE, STACK_TMP_SIZE, diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.22.0/0003-optee-enable-clang-support.patch b/meta-arm/meta-arm/recipes-security/optee/optee-os-3.22.0/0003-optee-enable-clang-support.patch new file mode 100644 index 0000000000..b4ea8ed356 --- /dev/null +++ b/meta-arm/meta-arm/recipes-security/optee/optee-os-3.22.0/0003-optee-enable-clang-support.patch @@ -0,0 +1,29 @@ +From 9c55b7a4e39617c2abbf4e0e39fd8041c7b2b9b6 Mon Sep 17 00:00:00 2001 +From: Brett Warren <brett.warren@arm.com> +Date: Wed, 23 Sep 2020 09:27:34 +0100 +Subject: [PATCH] optee: enable clang support + +When compiling with clang, the LIBGCC_LOCATE_CFLAG variable used +to provide a sysroot wasn't included, which results in not locating +compiler-rt. This is mitigated by including the variable as ammended. + +Upstream-Status: Pending +ChangeId: 8ba69a4b2eb8ebaa047cb266c9aa6c2c3da45701 +Signed-off-by: Brett Warren <brett.warren@arm.com> +--- + mk/clang.mk | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/mk/clang.mk b/mk/clang.mk +index a045beee8482..1ebe2f702dcd 100644 +--- a/mk/clang.mk ++++ b/mk/clang.mk +@@ -30,7 +30,7 @@ comp-cflags-warns-clang := -Wno-language-extension-token \ + + # Note, use the compiler runtime library (libclang_rt.builtins.*.a) instead of + # libgcc for clang +-libgcc$(sm) := $(shell $(CC$(sm)) $(CFLAGS$(arch-bits-$(sm))) \ ++libgcc$(sm) := $(shell $(CC$(sm)) $(LIBGCC_LOCATE_CFLAGS) $(CFLAGS$(arch-bits-$(sm))) \ + -rtlib=compiler-rt -print-libgcc-file-name 2> /dev/null) + + # Core ASLR relies on the executable being ready to run from its preferred load diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.22.0/0004-core-link-add-no-warn-rwx-segments.patch b/meta-arm/meta-arm/recipes-security/optee/optee-os-3.22.0/0004-core-link-add-no-warn-rwx-segments.patch new file mode 100644 index 0000000000..d418d4612f --- /dev/null +++ b/meta-arm/meta-arm/recipes-security/optee/optee-os-3.22.0/0004-core-link-add-no-warn-rwx-segments.patch @@ -0,0 +1,62 @@ +From 3e191f732b3eba699b91ffd7ffa2ae0787f08947 Mon Sep 17 00:00:00 2001 +From: Jerome Forissier <jerome.forissier@linaro.org> +Date: Fri, 5 Aug 2022 09:48:03 +0200 +Subject: [PATCH] core: link: add --no-warn-rwx-segments + +Signed-off-by: Anton Antonov <Anton.Antonov@arm.com> +Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/pull/5474] + +binutils ld.bfd generates one RWX LOAD segment by merging several sections +with mixed R/W/X attributes (.text, .rodata, .data). After version 2.38 it +also warns by default when that happens [1], which breaks the build due to +--fatal-warnings. The RWX segment is not a problem for the TEE core, since +that information is not used to set memory permissions. Therefore, silence +the warning. + +Link: [1] https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=ba951afb99912da01a6e8434126b8fac7aa75107 +Link: https://sourceware.org/bugzilla/show_bug.cgi?id=29448 +Reported-by: Dominique Martinet <dominique.martinet@atmark-techno.com> +Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org> +Acked-by: Jens Wiklander <jens.wiklander@linaro.org> +--- + core/arch/arm/kernel/link.mk | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/core/arch/arm/kernel/link.mk b/core/arch/arm/kernel/link.mk +index 49e9f4fa18a5..9e1cc172fb8a 100644 +--- a/core/arch/arm/kernel/link.mk ++++ b/core/arch/arm/kernel/link.mk +@@ -37,6 +37,7 @@ link-ldflags += --sort-section=alignment + link-ldflags += --fatal-warnings + link-ldflags += --gc-sections + link-ldflags += $(link-ldflags-common) ++link-ldflags += $(call ld-option,--no-warn-rwx-segments) + + link-ldadd = $(LDADD) + link-ldadd += $(ldflags-external) +@@ -61,6 +62,7 @@ link-script-cppflags := \ + $(cppflagscore)) + + ldargs-all_objs := -T $(link-script-dummy) --no-check-sections \ ++ $(call ld-option,--no-warn-rwx-segments) \ + $(link-ldflags-common) \ + $(link-objs) $(link-ldadd) $(libgcccore) + cleanfiles += $(link-out-dir)/all_objs.o +@@ -75,7 +77,7 @@ $(link-out-dir)/unpaged_entries.txt: $(link-out-dir)/all_objs.o + $(AWK) '/ ____keep_pager/ { printf "-u%s ", $$3 }' > $@ + + unpaged-ldargs := -T $(link-script-dummy) --no-check-sections --gc-sections \ +- $(link-ldflags-common) ++ $(link-ldflags-common) $(call ld-option,--no-warn-rwx-segments) + unpaged-ldadd := $(objs) $(link-ldadd) $(libgcccore) + cleanfiles += $(link-out-dir)/unpaged.o + $(link-out-dir)/unpaged.o: $(link-out-dir)/unpaged_entries.txt +@@ -104,7 +106,7 @@ $(link-out-dir)/init_entries.txt: $(link-out-dir)/all_objs.o + $(AWK) '/ ____keep_init/ { printf "-u%s ", $$3 }' > $@ + + init-ldargs := -T $(link-script-dummy) --no-check-sections --gc-sections \ +- $(link-ldflags-common) ++ $(link-ldflags-common) $(call ld-option,--no-warn-rwx-segments) + init-ldadd := $(link-objs-init) $(link-out-dir)/version.o $(link-ldadd) \ + $(libgcccore) + cleanfiles += $(link-out-dir)/init.o diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os-tadevkit_3.22.0.bb b/meta-arm/meta-arm/recipes-security/optee/optee-os-tadevkit_3.22.0.bb new file mode 100644 index 0000000000..3d9581680b --- /dev/null +++ b/meta-arm/meta-arm/recipes-security/optee/optee-os-tadevkit_3.22.0.bb @@ -0,0 +1,24 @@ +require optee-os_3.22.0.bb + +SUMMARY = "OP-TEE Trusted OS TA devkit" +DESCRIPTION = "OP-TEE TA devkit for build TAs" +HOMEPAGE = "https://www.op-tee.org/" + +DEPENDS += "python3-pycryptodome-native" + +do_install() { + #install TA devkit + install -d ${D}${includedir}/optee/export-user_ta/ + for f in ${B}/export-ta_${OPTEE_ARCH}/* ; do + cp -aR $f ${D}${includedir}/optee/export-user_ta/ + done +} + +do_deploy() { + echo "Do not inherit do_deploy from optee-os." +} + +FILES:${PN} = "${includedir}/optee/" + +# Build paths are currently embedded +INSANE_SKIP:${PN}-dev += "buildpaths" diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os.inc b/meta-arm/meta-arm/recipes-security/optee/optee-os.inc index bb6974b2a8..8e25d36175 100644 --- a/meta-arm/meta-arm/recipes-security/optee/optee-os.inc +++ b/meta-arm/meta-arm/recipes-security/optee/optee-os.inc @@ -16,12 +16,6 @@ DEPENDS:append:toolchain-clang = " compiler-rt" SRC_URI = "git://github.com/OP-TEE/optee_os.git;branch=master;protocol=https" -SRC_URI:append = " \ - file://0001-allow-setting-sysroot-for-libgcc-lookup.patch \ - file://0002-optee-enable-clang-support.patch \ - file://0003-core-link-add-no-warn-rwx-segments.patch \ - " - S = "${WORKDIR}/git" B = "${WORKDIR}/build" @@ -56,6 +50,10 @@ do_install() { #install core in firmware install -d ${D}${nonarch_base_libdir}/firmware/ install -m 644 ${B}/core/*.bin ${B}/core/tee.elf ${D}${nonarch_base_libdir}/firmware/ + + #install tas in optee_armtz + install -d ${D}${nonarch_base_libdir}/optee_armtz/ + install -m 444 ${B}/ta/*/*.ta ${D}${nonarch_base_libdir}/optee_armtz } PACKAGE_ARCH = "${MACHINE_ARCH}" @@ -63,13 +61,19 @@ PACKAGE_ARCH = "${MACHINE_ARCH}" do_deploy() { install -d ${DEPLOYDIR}/${MLPREFIX}optee install -m 644 ${D}${nonarch_base_libdir}/firmware/* ${DEPLOYDIR}/${MLPREFIX}optee + + install -d ${DEPLOYDIR}/${MLPREFIX}optee/ta + install -m 644 ${B}/ta/*/*.elf ${DEPLOYDIR}/${MLPREFIX}optee/ta } addtask deploy before do_build after do_install SYSROOT_DIRS += "${nonarch_base_libdir}/firmware" +PACKAGES += "${PN}-ta" FILES:${PN} = "${nonarch_base_libdir}/firmware/" +FILES:${PN}-ta = "${nonarch_base_libdir}/optee_armtz/*" + # note: "textrel" is not triggered on all archs INSANE_SKIP:${PN} = "textrel" diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os_3.1%.bbappend b/meta-arm/meta-arm/recipes-security/optee/optee-os_3.1%.bbappend deleted file mode 100644 index 2ff1b83497..0000000000 --- a/meta-arm/meta-arm/recipes-security/optee/optee-os_3.1%.bbappend +++ /dev/null @@ -1,5 +0,0 @@ -# Include Trusted Services Secure Partitions -require optee-os-ts-3.18.inc - -# Conditionally include platform specific Trusted Services related OPTEE build parameters -EXTRA_OEMAKE:append:qemuarm64-secureboot = "${@oe.utils.conditional('SP_PATHS', '', '', ' CFG_CORE_HEAP_SIZE=131072 CFG_TEE_BENCHMARK=n CFG_TEE_CORE_LOG_LEVEL=4 CFG_CORE_SEL1_SPMC=y ', d)}" diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os_3.22.0.bb b/meta-arm/meta-arm/recipes-security/optee/optee-os_3.22.0.bb new file mode 100644 index 0000000000..eba2c037bb --- /dev/null +++ b/meta-arm/meta-arm/recipes-security/optee/optee-os_3.22.0.bb @@ -0,0 +1,13 @@ +require optee-os.inc + +DEPENDS += "dtc-native" + +FILESEXTRAPATHS:prepend := "${THISDIR}/${P}:" + +SRCREV = "001ace6655dd6bb9cbe31aa31b4ba69746e1a1d9" +SRC_URI += " \ + file://0001-allow-setting-sysroot-for-libgcc-lookup.patch \ + file://0002-core-Define-section-attributes-for-clang.patch \ + file://0003-optee-enable-clang-support.patch \ + file://0004-core-link-add-no-warn-rwx-segments.patch \ + " diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-test.inc b/meta-arm/meta-arm/recipes-security/optee/optee-test.inc index 64b41a8ede..90b72b9ff3 100644 --- a/meta-arm/meta-arm/recipes-security/optee/optee-test.inc +++ b/meta-arm/meta-arm/recipes-security/optee/optee-test.inc @@ -6,6 +6,7 @@ LICENSE = "BSD-2-Clause & GPL-2.0-only" LIC_FILES_CHKSUM = "file://LICENSE.md;md5=daa2bcccc666345ab8940aab1315a4fa" inherit python3native ptest +inherit deploy require optee.inc DEPENDS = "optee-client optee-os-tadevkit python3-cryptography-native" @@ -43,6 +44,13 @@ do_install () { install -D -p -m0444 ${B}/supp_plugin/*.plugin ${D}${libdir}/tee-supplicant/plugins/ } +do_deploy () { + install -d ${DEPLOYDIR}/${MLPREFIX}optee/ta + install -m 644 ${B}/ta/*/*.elf ${DEPLOYDIR}/${MLPREFIX}optee/ta +} + +addtask deploy before do_build after do_install + FILES:${PN} += "${nonarch_base_libdir}/optee_armtz/ \ ${libdir}/tee-supplicant/plugins/ \ " diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-test_3.22.0.bb b/meta-arm/meta-arm/recipes-security/optee/optee-test_3.22.0.bb new file mode 100644 index 0000000000..3b9632fa54 --- /dev/null +++ b/meta-arm/meta-arm/recipes-security/optee/optee-test_3.22.0.bb @@ -0,0 +1,10 @@ +require optee-test.inc + +SRC_URI += " \ + file://musl-workaround.patch \ + " +SRCREV = "a286b57f1721af215ace318d5807e63f40186df6" + +EXTRA_OEMAKE:append = " OPTEE_OPENSSL_EXPORT=${STAGING_INCDIR}" +DEPENDS:append = " openssl" +CFLAGS:append = " -Wno-error=deprecated-declarations" diff --git a/meta-arm/scripts/runfvp b/meta-arm/scripts/runfvp index c2e536c88f..0ca3a1b52c 100755 --- a/meta-arm/scripts/runfvp +++ b/meta-arm/scripts/runfvp @@ -14,7 +14,7 @@ logger = logging.getLogger("RunFVP") libdir = pathlib.Path(__file__).parents[1] / "meta-arm" / "lib" sys.path.insert(0, str(libdir)) -from fvp import terminal, runner +from fvp import conffile, terminal, runner def parse_args(arguments): import argparse |
