diff options
author | Andrew Geissler <geissonator@yahoo.com> | 2023-10-03 17:44:52 +0300 |
---|---|---|
committer | Andrew Geissler <geissonator@yahoo.com> | 2023-10-03 18:04:36 +0300 |
commit | 1e488cdf844bf4aa82d3c90875a56fb35c7f210d (patch) | |
tree | be163d890651760d24effea503cd567df3e119b5 /meta-arm/meta-arm-bsp/documentation/corstone1000/user-guide.rst | |
parent | 4f6b1c0dcf9f9cb734f71b277af913e0d58c503f (diff) | |
download | openbmc-1e488cdf844bf4aa82d3c90875a56fb35c7f210d.tar.xz |
subtree updates oct 3 2023mickledore
poky: fc25449687..a61e021c65:
Alberto Planas (1):
bitbake.conf: add unzstd in HOSTTOOLS
Alejandro Hernandez Samaniego (2):
baremetal-helloworld: Update SRCREV to fix entry addresses for ARM architectures
baremetal-helloworld: Fix race condition
Alex Kiernan (2):
rootfs: Add debugfs package db file copy and cleanup
rpm: Pick debugfs package db files/dirs explicitly
Alexander Kanavin (35):
maintaines.inc: unassign Richard Weinberger from erofs-utils entry
maintainers.inc: unassign Andreas Müller from itstool entry
maintainers.inc: unassign Pascal Bach from cmake entry
maintainers.inc: correct unassigned entries
maintainers.inc: correct Carlos Rafael Giani's email address
apr: upgrade 1.7.3 -> 1.7.4
scripts/runqemu: split lock dir creation into a reusable function
scripts/runqemu: allocate unfsd ports in a way that doesn't race or clash with unrelated processes
qemu: a pending patch was submitted and accepted upstream
maintainers.inc: unassign Adrian Bunk from wireless-regdb
maintainers.inc: unassign Alistair Francis from opensbi
maintainers.inc: unassign Chase Qi from libc-test
maintainers.inc: unassign Oleksandr Kravchuk from python3 and all other items
maintainers.inc: unassign Ricardo Neri from ovmf
grub: submit determinism.patch upstream
gawk: upgrade 5.2.1 -> 5.2.2
gnupg: upgrade 2.4.0 -> 2.4.2
libx11: upgrade 1.8.4 -> 1.8.5
linux-firmware: upgrade 20230404 -> 20230515
serf: upgrade 1.3.9 -> 1.3.10
wget: upgrade 1.21.3 -> 1.21.4
wireless-regdb: upgrade 2023.02.13 -> 2023.05.03
gdb: upgrade 13.1 -> 13.2
sysfsutils: fetch a supported fork from github
diffutils: update 3.9 -> 3.10
libproxy: fetch from git
cargo.bbclass: set up cargo environment in common do_compile
rust-common.bbclass: move musl-specific linking fix from rust-source.inc
Revert "rootfs-postcommands.bbclass: add post func remove_unused_dnf_log_lock"
ref-manual: document image-specific variant of INCOMPATIBLE_LICENSE
glibc-locale: use stricter matching for metapackages' runtime dependencies
devtool/upgrade: raise an error if extracting source produces more than one directory
curl: ensure all ptest failures are caught
python3: upgrade 3.11.2 -> 3.11.3
python3: update 3.11.3 -> 3.11.4
Alexis Lothoré (2):
scripts/resulttool: add mention about new detected tests
oeqa/utils/gitarchive: fix tag computation when creating archive
Andrej Valek (2):
busybox: 1.36.0 -> 1.36.1
maintainers.inc: Modify email address
Anuj Mittal (7):
gstreamer1.0: upgrade 1.22.2 -> 1.22.3
selftest/cases/glibc.py: fix the override syntax
glibc/check-test-wrapper: don't emit warnings from ssh
selftest/cases/glibc.py: increase the memory for testing
oeqa/utils/nfs: allow requesting non-udp ports
selftest/cases/glibc.py: switch to using NFS over TCP
gstreamer1.0: upgrade 1.22.4 -> 1.22.5
Archana Polampalli (3):
qemu: fix CVE-2023-0330
bind: upgrade 9.18.15 -> 9.18.16
vim: upgrade 9.0.1592 -> 9.0.1664
BELOUARGA Mohamed (2):
meta: lib: oe: npm_registry: Add more safe caracters
linux-firmware : Add firmware of RTL8822 serie
Benjamin Bouvier (1):
util-linux: add alternative links for ipcs,ipcrm
Bruce Ashfield (33):
linux-yocto/6.1: update to v6.1.26
linux-yocto/6.1: update to v6.1.27
linux-yocto/6.1: update to v6.1.28
linux-yocto/6.1: update to v6.1.29
linux-yocto/6.1: update to v6.1.30
linux-yocto/6.1: update to v6.1.31
linux-yocto/6.1: update to v6.1.32
linux-yocto/5.15: update to v5.15.114
linux-yocto/5.15: update to v5.15.115
linux-yocto/5.15: update to v5.15.116
linux-yocto/5.15: update to v5.15.117
linux-yocto/5.15: update to v5.15.118
linux-yocto/5.15: cfg: fix DECNET configuration warning
linux-yocto/6.1: update to v6.1.33
linux-yocto/6.1: fix intermittent x86 boot hangs
linux-yocto/6.1: update to v6.1.34
linux-yocto/6.1: update to v6.1.35
linux-yocto/5.15: update to v5.15.119
linux-yocto/5.15: update to v5.15.120
linux-yocto/6.1: update to v6.1.36
linux-yocto/6.1: update to v6.1.37
linux-yocto/6.1: update to v6.1.38
linux-yocto/5.15: update to v5.15.122
linux-yocto/5.15: update to v5.15.123
linux-yocto/5.15: update to v5.15.124
linux-yocto/6.1: cfg: update ima.cfg to match current meta-integrity
linux-yocto/6.1: update to v6.1.41
linux-yocto/6.1: update to v6.1.43
linux-yocto/6.1: update to v6.1.44
linux-yocto/6.1: update to v6.1.45
linux-yocto/6.1: fix uninitialized read in nohz_full/isolcpus setup
linux-yocto/6.1: update to v6.1.46
linux-yocto/6.1: fix IRQ-80 warnings
Changqing Li (4):
systemd: fix a dead link under /var/log
dnf: only write the log lock to root for native dnf
rootfs-postcommands.bbclass: add post func remove_unused_dnf_log_lock
erofs-utils: fix CVE-2023-33551/CVE-2023-33552
Charlie Wu (1):
devtool: Fix the wrong variable in srcuri_entry
Chee Yang Lee (6):
python3-requests: fix CVE-2023-32681
curl: fix CVE-2023-32001
ghostscript: fix CVE-2023-38559
librsvg: upgrade to 2.54.6
libssh2: fix CVE-2020-22218
python3: update to 3.11.5
Chen Qi (13):
cmake.bbclass: do not search host paths for find_program()
qemurunner.py: fix error message about qmp
sdk.py: error out when moving file fails
sdk.py: fix moving dnf contents
rpm: write macros under libdir
zip: fix configure check by using _Static_assert
zip: remove unnecessary LARGE_FILE_SUPPORT CLFAGS
unzip: fix configure check for cross compilation
unzip: remove hardcoded LARGE_FILE_SUPPORT
ncurses: fix CVE-2023-29491
cmake.bbclass: fix allarch override syntax
multilib.conf: explicitly make MULTILIB_VARIANTS vardeps on MULTILIBS
gcc-crosssdk: ignore MULTILIB_VARIANTS in signature computation
Daniel Semkowicz (1):
dev-manual: wic.rst: Update native tools build command
Deepthi Hemraj (2):
glibc: stable 2.37 branch updates.
binutils: stable 2.40 branch updates
Denys Dmytriyenko (1):
binutils: move packaging of gprofng static lib into common .inc
Dmitry Baryshkov (3):
openssl: fix building on riscv32
linux-firmware: package firmare for Dragonboard 410c
linux-firmware: split platform-specific Adreno shaders to separate packages
Ed Beroset (1):
ref-manual: add clarification for SRCREV
Enrico Scholz (1):
shadow-sysroot: add license information
Etienne Cordonnier (2):
libxcrypt: fix hard-coded ".so" extension
vim: update obsolete comment
Fabien Mahot (2):
useradd-example: package typo correction
oeqa/selftest/bbtests: add non-existent prefile/postfile tests
Frieder Paape (1):
image_types: Fix reproducible builds for initramfs and UKI img
Frieder Schrempf (1):
psmisc: Set ALTERNATIVE for pstree to resolve conflict with busybox
Hannu Lounento (1):
profile-manual: fix blktrace remote usage instructions
Ian Ray (1):
systemd-systemctl: support instance expansion in WantedBy
Jaeyoon Jung (1):
cml1: Fix KCONFIG_CONFIG_COMMAND not conveyed fully in do_menuconfig
Jermain Horsman (1):
logrotate: Do not create logrotate.status file
Joe Slater (1):
ghostscript: fix CVE-2023-36664
Joel Stanley (1):
kernel: don't fail if Modules.symvers doesn't exist
Jose Quaresma (8):
kernel: config modules directories are handled by kernel-module-split
kernel-module-split: install config modules directories only when they are needed
kernel-module-split: use context manager to open files
kernel-module-split: make autoload and probeconf distribution specific
kernel-module-split add systemd modulesloaddir and modprobedir config
openssl: add PERLEXTERNAL path to test its existence
openssl: use a glob on the PERLEXTERNAL to track updates on the path
go: update 1.20.5 -> 1.20.6
Julien Stephan (1):
automake: fix buildtest patch
Jörg Sommer (2):
runqemu-gen-tapdevs: Refactoring
runqemu-ifupdown/get-tapdevs: Add support for ip tuntap
Kai Kang (4):
pm-utils: fix multilib conflictions
webkitgtk: 2.38.5 -> 2.38.6
webkitgtk: fix CVE-2023-32439
webkitgtk: fix CVE-2023-32435
Khem Raj (10):
systemd: Drop a backport
perf: Make built-in libtraceevent plugins cohabit with external libtraceevent
glibc: Pass linker choice via compiler flags
babeltrace2: Always use BFD linker when building tests with ld-is-lld distro feature
parted: Add missing libuuid to linker cmdline for libparted-fs-resize.so
rpcsvc-proto: Upgrade to 1.4.4
libxml2: Do not use lld linker when building with tests on rv64
python3-bcrypt: Use BFD linker when building tests
meson.bbclass: Point to llvm-config from native sysroot
build-sysroots: Add SUMMARY field
Lee Chee Yang (7):
migration-guides: add release notes for 4.0.10
migration-guides: add release notes for 4.0.11
migration-guides: add release notes for 4.2.2
migration-guides: add release notes for 4.2.3
migration-guides: add release notes for 4.0.12
bind: update to 9.18.19
ffmpeg: 5.1.2 -> 5.1.3
Marc Ferland (1):
connman: fix warning by specifying runstatedir at configure time
Marek Vasut (1):
linux-firmware: Fix mediatek mt7601u firmware path
Mark Hatle (1):
tcf-agent: Update to 1.8.0 release
Markus Niebel (1):
wic: fix wrong attempt to create file system in upartitioned regions
Markus Volk (3):
ell: upgrade 0.56 -> 0.57
gtk4: upgrade 4.10.3 -> 4.10.4
gtk4: upgrade 4.10.4 -> 4.10.5
Martin Jansa (8):
libx11: remove unused patch and FILESEXTRAPATHS
qemu: remove unused qemu-7.0.0-glibc-2.36.patch
minicom: remove unused patch files
inetutils: remove unused patch files
libgloss: remove unused patch file
kmod: remove unused ptest.patch
tcl: prevent installing another copy of tzdata
gcc: backport a fix for ICE caused by CVE-2023-4039.patch
Michael Halstead (4):
resulttool/resultutils: allow index generation despite corrupt json
yocto-uninative: Update hashes for uninative 4.1
yocto-uninative: Update to 4.2 for glibc 2.38
yocto-uninative: Update to 4.3
Michael Opdenacker (13):
ref-manual: releases.svg: updates
conf.py: add macro for Mitre CVE links
ref-manual: LTS releases now supported for 4 years
poky.conf: update SANITY_TESTED_DISTROS to match autobuilder
scripts/create-pull-request: update URLs to git repositories
ref-manual: system-requirements: update supported distros
manuals: add new contributor guide
dev-manual: disk-space: mention faster "find" command to trim sstate cache
sdk-manual: extensible.rst: fix multiple formatting issues
dev-manual: disk-space: improve wording for obsolete sstate cache files
dev-manual: new-recipe.rst fix inconsistency with contributor guide
contributor-guide: recipe-style-guide: add Upstream-Status
dev-manual: licenses: mention SPDX for license compliance
Mikko Rapeli (1):
useradd-staticids.bbclass: improve error message
Mingli Yu (5):
curl: fix CVE-2023-28319 through CVE-2023-28322
python3-numpy: remove NPY_INLINE, use inline instead
acpica: Update SRC_URI
cups: Fix CVE-2023-34241
ruby: Fix CVE-2023-36617
Narpat Mali (5):
python3-certifi: upgrade 2022.12.7 -> 2023.7.22
ffmpeg: add CVE_CHECK_IGNORE for CVE-2023-39018
python3-git: upgrade 3.1.31 -> 3.1.32
python3-pygments: fix for CVE-2022-40896
python3-git: upgrade 3.1.32 -> 3.1.37
Natasha Bailey (1):
tiff: backport a fix for CVE-2023-2731
Oleksandr Hnatiuk (2):
file: return wrapper to fix builds when file is in buildtools-tarball
file: fix the way path is written to environment-setup.d
Ovidiu Panait (7):
mdadm: fix util-linux ptest dependency
mdadm: fix 07revert-inplace ptest
mdadm: fix segfaults when running ptests
mdadm: skip running known broken ptests
mdadm: re-add mdadm-ptest to PTESTS_SLOW
mdadm: add util-linux-blockdev ptest dependency
mdadm: skip running 04update-uuid and 07revert-inplace testcases
Peter Marko (7):
cve-update-nvd2-native: fix cvssV3 metrics
cve-update-nvd2-native: retry all errors and sleep between retries
cve-update-nvd2-native: increase retry count
libjpeg-turbo: patch CVE-2023-2804
python3: ignore CVE-2023-36632
libarchive: ignore CVE-2023-30571
openssl: Upgrade 3.1.1 -> 3.1.2
Peter Suti (1):
externalsrc: fix dependency chain issues
Poonam Jadhav (1):
pixman: Remove duplication of license MIT
Quentin Schulz (3):
docs: bsp-guide: bsp: fix typo
docs: ref-manual: terms: fix typos in SPDX term
uboot-extlinux-config.bbclass: fix old override syntax in comment
Randolph Sapp (6):
weston-init: make sure the render group exists
weston-init: add weston user to the render group
weston-init: add the weston user to the wayland group
weston-init: fix the mixed indentation
weston-init: guard against systemd configs
weston-init: add profile to point users to global socket
Richard Purdie (24):
selftest/license: Exclude from world
layer.conf: Add missing dependency exclusion
v86d: Improve kernel dependency
strace: Disable failing test
bitbake: runqueue: Fix deferred task/multiconfig race issue
strace: Merge two similar patches
strace: Update patches/tests with upstream fixes
ptest-runner: Pull in sync fix to improve log warnings
ptest-runner: Ensure data writes don't race
ptest-runner: Pull in "runner: Remove threads and mutexes" fix
gcc-testsuite: Fix ppc cpu specification
ptest-runner: Pull in parallel test fixes and output handling
glibc-testsuite: Fix network restrictions causing test failures
oeqa/target/ssh: Ensure EAGAIN doesn't truncate output
oeqa/runtime/ltp: Increase ltp test output timeout
ltp: Add kernel loopback module dependency
target/ssh: Ensure exit code set for commands
oeqa/ssh: Further improve process exit handling
pseudo: Fix to work with glibc 2.38
lib/package_manager: Improve repo artefact filtering
gnupg: Fix reproducibility failure
resulttool/report: Avoid divide by zero
build-sysroots: Ensure dependency chains are minimal
vim: Upgrade 9.0.1664 -> 9.0.1894
Riyaz Khan (1):
openssh: Remove BSD-4-clause contents completely from codebase
Roland Hieber (2):
template: fix typo in section header
ref-manual: point outdated link to the new location
Ross Burton (24):
ninja: ignore CVE-2021-4336, wrong ninja
binutils: fix CVE-2023-1972
pkgconf: upgrade 1.9.4 -> 1.9.5
git: upgrade to 2.39.3
gobject-introspection: remove obsolete DEPENDS
cve-update-nvd2-native: handle all configuration nodes, not just first
cve-update-nvd2-native: use exact times, don't truncate
cve-update-nvd2-native: log a little more
cve-update-nvd2-native: actually use API keys
tiff: upgrade to 4.5.1
gcc: don't pass --enable-standard-branch-protection
machine/arch-arm64: add -mbranch-protection=standard
pkgconf: update SRC_URI
python3: fix missing comma in get_module_deps3.py
oeqa/runtime/cases/rpm: fix wait_for_no_process_for_user failure case
rootfs_rpm: don't depend on opkg-native for update-alternatives
ltp: add RDEPENDS on findutils
openssh: upgrade to 9.3p2
linux-yocto: add script to generate kernel CVE_CHECK_IGNORE entries
linux/cve-exclusion: add generated CVE_CHECK_IGNOREs
procps: backport fix for CVE-2023-4016
graphene: fix runtime detection of IEEE754 behaviour
gcc: Fix -fstack-protector issue on aarch64
linux-yocto: update CVE exclusions
Sakib Sajal (4):
go: Upgrade 1.20.4 -> 1.20.5
bno_plot.py, btt_plot.py: Ask for python3 specifically
go: fix CVE-2023-24531
go: upgrade 1.20.6 -> 1.20.7
Sanjana (1):
binutils: Fix CVE-2023-39128
Sanjay Chitroda (2):
cups: Fix CVE-2023-32324
curl: Add CVE-2023-28320 follow-up fix
Siddharth (1):
tiff: Security fix for CVE-2023-25434 and CVE-2023-26965
Siddharth Doshi (1):
gdb: Fix CVE-2023-39128
Soumya (1):
perl: Fix CVE-2023-31484 & CVE-2023-31486
Staffan Rydén (1):
kernel: Fix path comparison in kernel staging dir symlinking
Steve Sakoman (6):
maintainers.inc: update version for gcc-source
Revert "systemd: fix a dead link under /var/log"
poky.conf: bump version for 4.2.2 release
build-appliance-image: Update to mickledore head revision
poky.conf: bump version for 4.2.3 release
build-appliance-image: Update to mickledore head revision
Stéphane Veyret (1):
scripts/oe-setup-builddir: copy conf-notes.txt to build dir
Sudip Mukherjee (2):
dpkg: upgrade to v1.21.22
bind: upgrade to v9.18.17
Sundeep KOKKONDA (1):
gcc : upgrade to v12.3
Thomas Roos (1):
testimage/oeqa: Drop testimage_dump_host functionality
Tim Orling (1):
openssl: upgrade 3.1.0 -> 3.1.1
Tom Hochstein (1):
weston: Cleanup and fix x11 and xwayland dependencies
Trevor Gamblin (4):
bind: upgrade 9.18.13 -> 9.18.14
glib-networking: use correct error code in ptest
vim: upgrade 9.0.1527 -> 9.0.1592
linux-firmware: upgrade 20230515 -> 20230625
Wang Mingyu (24):
babeltrace2: upgrade 2.0.4 -> 2.0.5
fribidi: upgrade 1.0.12 -> 1.0.13
libdnf: upgrade 0.70.0 -> 0.70.1
libmicrohttpd: upgrade 0.9.76 -> 0.9.77
libxft: upgrade 2.3.7 -> 2.3.8
libxpm: upgrade 3.5.15 -> 3.5.16
mobile-broadband-provider-info: upgrade 20221107 -> 20230416
bind: upgrade 9.18.14 -> 9.18.15
xdpyinfo: upgrade 1.3.3 -> 1.3.4
libxml2: upgrade 2.10.3 -> 2.10.4
freetype: upgrade 2.13.0 -> 2.13.1
gstreamer1.0: upgrade 1.22.3 -> 1.22.4
libassuan: upgrade 2.5.5 -> 2.5.6
libksba: upgrade 1.6.3 -> 1.6.4
libx11: upgrade 1.8.5 -> 1.8.6
lttng-ust: upgrade 2.13.5 -> 2.13.6
taglib: upgrade 1.13 -> 1.13.1
libwebp: upgrade 1.3.0 -> 1.3.1
libnss-nis: upgrade 3.1 -> 3.2
opkg: upgrade 0.6.1 -> 0.6.2
opkg-utils: upgrade 0.5.0 -> 0.6.2
file: upgrade 5.44 -> 5.45
tar: upgrade 1.34 -> 1.35
bind: upgrade 9.18.17 -> 9.18.18
Xiangyu Chen (1):
dbus: upgrade 1.14.6 -> 1.14.8
Yash Shinde (1):
glibc: fix CVE-2023-4527
Yi Zhao (1):
ifupdown: install missing directories
Yoann Congal (3):
recipetool: Fix inherit in created -native* recipes
oeqa/selftest/devtool: add unit test for "devtool add -b"
dev-manual: remove unsupported :term: markup inside markup
Yogita Urade (8):
dmidecode: fix CVE-2023-30630
qemu: fix CVE-2023-3301
qemu: fix CVE-2023-3255
qemu: fix CVE-2023-2861
inetutils: fix CVE-2023-40303
nghttp2: fix CVE-2023-35945
dropbear: fix CVE-2023-36328
qemu: fix CVE-2023-3354
Yuta Hayama (1):
systemd-systemctl: fix errors in instance name expansion
nikhil (1):
libwebp: Fix CVE-2023-1999
sanjana (2):
binutils: stable 2.40 branch updates
glibc: stable 2.37 branch updates
meta-openembedded: 9286582126..922f41b39f:
Armin Kuster (1):
openldap: update to 2.5.16.
Beniamin Sandu (1):
lmsensors: do not pull in unneeded perl modules for run-time dependencies
Changqing Li (2):
redis: upgrade 6.2.12 -> 6.2.13
redis: upgrade 7.0.11 -> 7.0.12
Chee Yang Lee (2):
rabbitmq-c: Fix CVE-2023-35789
c-ares: upgrade 1.19.0 -> 1.19.1
Chen Qi (3):
redis: use the files path correctly
grpc: fix CVE-2023-32732
grpc: fix CVE-2023-33953
Chris Dimich (1):
image_types_sparse: Fix syntax error
Hitendra Prajapati (4):
wireshark: Fix CVE-2023-2855 & CVE-2023-2856
wireshark: Fix CVE-2023-2858 & CVE-2023-2879
wireshark: CVE-2023-2952 XRA dissector infinite loop
wireshark: Fix Multiple CVEs
Jasper Orschulko (1):
yaml-cpp: Fix cmake export
Joe Slater (3):
libgpiod: modify test 'gpioset: toggle (continuous)'
python3-sqlparse: fix CVE-2023-30608
libgpiod: modify RDEPENDS for ptest
Khem Raj (2):
fftw: Check for TOOLCHAIN_OPTIONS to be non-empty before sed ops
system-config-printer: Delete __pycache__ files
Lee Chee Yang (2):
opensc: fix CVE-2023-2977
x11vnc: Fix CVE-2020-29074
Linus Jacobson (1):
khronos-cts: Replace wayland feature dependancy with vulkan
Martin Jansa (5):
libiio: use main branch instead of master
mongodb: enable hardware crc32 only with crc in TUNE_FEATURES
khronos-cts.inc: respect MLPREFIX when appending DEPENDS with anonymous python
libcyusbserial: fix installed-vs-shipped QA issue with multilib
tcpreplay: fix pcap detection with /usr/lib32 multilib
Mingli Yu (6):
dialog: Update the SRC_URI
gnulib: Update SRC_URI
yajl: Fix CVE-2023-33460
iniparser: Fix CVE-2023-33461
php: Upgrade to 8.2.8
mcelog: Drop unneeded autotools-brokensep
Polampalli, Archana (6):
tcpreplay: upgrade 4.4.3 -> 4.4.4
nodejs: upgrade 18.14.2 -> 18.16.1
yasm: fix CVE-2023-31975
nodejs: upgrade 18.16.1 -> 18.17.1
hwloc: fix CVE-2022-47022
python3-appdirs: print ptest results in unified format
Ross Burton (5):
glade: add autoconf-archive-native DEPENDS
libgxim: add autoconf-archive-native DEPENDS
libblockdev: clean up DEPENDS
imsettings: add missing DEPENDS on autoconf-archive-native
system-config-printer: clean up DEPENDS
Sandeep Gundlupet Raju 837 (1):
opencv: Revert fix runtime dependencies
Sanjay Chitroda (1):
netkit-telnet: Fix CVE-2022-39028
Soumya (1):
yasm: fix CVE-2023-37732
Soumya Sambu (1):
krb5: Fix CVE-2023-36054
Soumya via (1):
opencv: Fix for CVE-2023-2617
Urade, Yogita t.mo (1):
c-ares: fix CVE-2023-32067
Wang Mingyu (3):
python3-django: upgrade 4.1.7 -> 4.2.1
iperf3: upgrade 3.13 -> 3.14
tcpdump: upgrade 4.99.3 -> 4.99.4
Xiangyu Chen (2):
libbpf: installing uapi headers for native package
meta-oe: add pahole to NON_MULTILIB_RECIPES
Yi Zhao (4):
frr: upgrade 8.4.2 -> 8.4.4
mbedtls: upgrade 2.28.2 -> 2.28.3
open-vm-tools: Security fix CVE-2023-20867
frr: Security fix CVE-2023-3748
Yogita Urade (1):
poppler: fix CVE-2023-34872
meta-arm: 8db460fa5d..6e199b354e:
Abdellatif El Khlifi (6):
arm-bsp/documentation: corstone1000: Update change log
arm-bsp/doc: corstone1000: Update the software architecture document
arm-bsp/documentation: corstone1000: update the release note
arm-bsp/documentation: corstone1000: update user guide
kas: set the SHAs for 2023.06 release
arm-bsp/trusted-firmware-a: corstone1000: enable ERRATA_A35_855472
Adam Johnston (2):
CI: Platform specific Trusted Services config
arm-bsp/trusted-firmware-a: Reserve OP-TEE memory from NWd on N1SDP
Anton Antonov (1):
arm/oeqa: Make ts-service-test config match selected SPs
Denys Dmytriyenko (1):
optee-os: do not explicitly set CFG_MAP_EXT_DT_SECURE=y
Emekcan Aras (7):
arm-bsp/u-boot: corstone1000: Fix EFI multiple protocol install failure
arm-bsp/u-boot: corstone1000: Enable EFI set/get time services
arm-bsp/trusted-services: corstone1000: GetNextVariableName Fix
arm-bsp/optee-os:corstone1000: Drop SPMC non secure interrupt patches
arm-bsp/u-boot: corstone1000: Fix u-boot compilation warnings
arm-bsp/trusted-services: corstone1000: Fix PSA_RAW_KEY agreement test
arm-bsp/trusted-services: corstone1000: Fix Capsule Update
Gyorgy Szing (11):
arm/trusted-services: update TS version
optee-os: remove v3.18 pin of OP-TEE on qemuarm64-secureboot
optee-os: Add support for TOS_FW_CONFIG on qemu
arm/trusted-firmware-a: Add TOS_FW_CONFIG handling for quemu
optee-test: backport SWd ABI compatibility changes
optee-os: enable SPMC test
arm/oeqa: enable OP-TEE SPMC tests
trusted-services: update documentation
arm/trusted-services: disable psa-iat on qemuarm64-secureboot
arm/trusted-services: fix nanopb build error
optee-os: unblock NWd interrupts
Jon Mason (3):
CI: remove master refspec for meta-virtualization yml file
arm/linux-yocto: move 6.1 patches to a unique bbappend
README: remove reference to meta-arm-autonomy
Robbie Cao (1):
arm/recipes-kernel: Add preempt-rt support for generic-arm64
Rui Miguel Silva (3):
arm-bsp/trusted-services:corstone1000: remove already merged patches
arm-bsp/trusted-services: remove merged patches for corstone1000
arm-bps/corstone1000: setup trusted service proxy configuration
Tomás González (2):
arm-bsp/documentation: corstone1000: Update the user guide
arm-bsp/documentation: corstone1000: Update the release notes
Change-Id: I19ad289a1580a28192b5c063d06553d4e171687b
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Diffstat (limited to 'meta-arm/meta-arm-bsp/documentation/corstone1000/user-guide.rst')
-rw-r--r-- | meta-arm/meta-arm-bsp/documentation/corstone1000/user-guide.rst | 518 |
1 files changed, 343 insertions, 175 deletions
diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/user-guide.rst b/meta-arm/meta-arm-bsp/documentation/corstone1000/user-guide.rst index e173f244b4..a5ccb31382 100644 --- a/meta-arm/meta-arm-bsp/documentation/corstone1000/user-guide.rst +++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/user-guide.rst @@ -1,5 +1,5 @@ .. - # Copyright (c) 2022, Arm Limited. + # Copyright (c) 2022-2023, Arm Limited. # # SPDX-License-Identifier: MIT @@ -15,21 +15,35 @@ The Yocto Project relies on the `Bitbake <https://docs.yoctoproject.org/bitbake. tool as its build tool. Please see `Yocto Project documentation <https://docs.yoctoproject.org/>`__ for more information. - Prerequisites ------------- -These instructions assume your host PC is running Ubuntu Linux 18.04 or 20.04 LTS, with at least 32GB of free disk space and 16GB of RAM as minimum requirement. The following instructions expect that you are using a bash shell. All the paths stated in this document are absolute paths. -The following prerequisites must be available on the host system. To resolve these dependencies, run: +This guide assumes that your host PC is running Ubuntu 20.04 LTS, with at least +32GB of free disk space and 16GB of RAM as minimum requirement. -:: +The following prerequisites must be available on the host system: + +- Git 1.8.3.1 or greater +- tar 1.28 or greater +- Python 3.8.0 or greater. +- gcc 8.0 or greater. +- GNU make 4.0 or greater + +Please follow the steps described in the Yocto mega manual: + +- `Compatible Linux Distribution <https://docs.yoctoproject.org/singleindex.html#compatible-linux-distribution>`__ +- `Build Host Packages <https://docs.yoctoproject.org/singleindex.html#build-host-packages>`__ + +Targets +------- - sudo apt-get update - sudo apt-get install gawk wget git-core diffstat unzip texinfo gcc-multilib \ - build-essential chrpath socat cpio python3 python3-pip python3-pexpect \ - xz-utils debianutils iputils-ping python3-git libegl1-mesa libsdl1.2-dev \ - xterm zstd liblz4-tool picocom - sudo apt-get upgrade libstdc++6 +- `Arm Corstone-1000 Ecosystem FVP (Fixed Virtual Platform) <https://developer.arm.com/downloads/-/arm-ecosystem-fvps>`__ +- `Arm Corstone-1000 for MPS3 <https://developer.arm.com/documentation/dai0550/latest/>`__ + +Yocto stable branch +------------------- + +Corstone-1000 software stack is built on top of Yocto mickledore. Provided components ------------------- @@ -44,6 +58,8 @@ The Yocto machine config files for the Corstone-1000 FVP and FPGA targets are: - ``<_workspace>/meta-arm/meta-arm-bsp/conf/machine/corstone1000-fvp.conf`` - ``<_workspace>/meta-arm/meta-arm-bsp/conf/machine/corstone1000-mps3.conf`` +**NOTE:** All the paths stated in this document are absolute paths. + ***************** Software for Host ***************** @@ -52,50 +68,52 @@ Trusted Firmware-A ================== Based on `Trusted Firmware-A <https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git>`__ -+----------+---------------------------------------------------------------------------------------------------+ -| bbappend | <_workspace>/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.7.bbappend | -+----------+---------------------------------------------------------------------------------------------------+ -| Recipe | <_workspace>/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.7.bb | -+----------+---------------------------------------------------------------------------------------------------+ ++----------+-----------------------------------------------------------------------------------------------------+ +| bbappend | <_workspace>/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.8.%.bbappend | ++----------+-----------------------------------------------------------------------------------------------------+ +| Recipe | <_workspace>/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.8.0.bb | ++----------+-----------------------------------------------------------------------------------------------------+ OP-TEE ====== Based on `OP-TEE <https://git.trustedfirmware.org/OP-TEE/optee_os.git>`__ +----------+------------------------------------------------------------------------------------+ -| bbappend | <_workspace>/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.18.0.bbappend | +| bbappend | <_workspace>/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.20.0.bbappend | +----------+------------------------------------------------------------------------------------+ -| Recipe | <_workspace>/meta-arm/meta-arm/recipes-security/optee/optee-os_3.18.0.bb | +| Recipe | <_workspace>/meta-arm/meta-arm/recipes-security/optee/optee-os_3.20.0.bb | +----------+------------------------------------------------------------------------------------+ U-Boot -======= -Based on `U-Boot <https://gitlab.com/u-boot>`__ +====== +Based on `U-Boot repo`_ -+----------+---------------------------------------------------------------------+ -| bbappend | <_workspace>/meta-arm/meta-arm/recipes-bsp/u-boot/u-boot_%.bbappend | -+----------+---------------------------------------------------------------------+ -| Recipe | <_workspace>/poky/meta/recipes-bsp/u-boot/u-boot_2022.07.bb | -+----------+---------------------------------------------------------------------+ ++----------+-------------------------------------------------------------------------+ +| bbappend | <_workspace>/meta-arm/meta-arm/recipes-bsp/u-boot/u-boot_%.bbappend | ++----------+-------------------------------------------------------------------------+ +| bbappend | <_workspace>/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot_%.bbappend | ++----------+-------------------------------------------------------------------------+ +| Recipe | <_workspace>/poky/meta/recipes-bsp/u-boot/u-boot_2023.01.bb | ++----------+-------------------------------------------------------------------------+ Linux ===== The distro is based on the `poky-tiny <https://wiki.yoctoproject.org/wiki/Poky-Tiny>`__ distribution which is a Linux distribution stripped down to a minimal configuration. -The provided distribution is based on busybox and built using muslibc. The +The provided distribution is based on busybox and built using musl libc. The recipe responsible for building a tiny version of Linux is listed below. +-----------+----------------------------------------------------------------------------------------------+ | bbappend | <_workspace>/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto_%.bbappend | +-----------+----------------------------------------------------------------------------------------------+ -| Recipe | <_workspace>/poky/meta/recipes-kernel/linux/linux-yocto_5.19.bb | +| Recipe | <_workspace>/poky/meta/recipes-kernel/linux/linux-yocto_6.1.bb | +-----------+----------------------------------------------------------------------------------------------+ | defconfig | <_workspace>/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/corstone1000/defconfig | +-----------+----------------------------------------------------------------------------------------------+ External System Tests -======================= +===================== Based on `Corstone-1000/applications <https://git.gitlab.arm.com/arm-reference-solutions/corstone1000/applications>`__ +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ @@ -109,15 +127,15 @@ Software for Boot Processor (a.k.a Secure Enclave) ************************************************** Based on `Trusted Firmware-M <https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git>`__ -+----------+-------------------------------------------------------------------------------------------------+ -| bbappend | <_workspace>/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m_%.bbappend | -+----------+-------------------------------------------------------------------------------------------------+ -| Recipe | <_workspace>/meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.6.0.bb | -+----------+-------------------------------------------------------------------------------------------------+ ++----------+-----------------------------------------------------------------------------------------------------+ +| bbappend | <_workspace>/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.7.%.bbappend | ++----------+-----------------------------------------------------------------------------------------------------+ +| Recipe | <_workspace>/meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.7.0.bb | ++----------+-----------------------------------------------------------------------------------------------------+ -************************************************** +******************************** Software for the External System -************************************************** +******************************** RTX ==== @@ -150,7 +168,7 @@ In the top directory of the workspace ``<_workspace>``, run: :: - git clone https://git.yoctoproject.org/git/meta-arm -b CORSTONE1000-2022.11.23 + git clone https://git.yoctoproject.org/git/meta-arm -b CORSTONE1000-2023.06 To build a Corstone-1000 image for MPS3 FPGA, run: @@ -173,46 +191,47 @@ Once the build is successful, all output binaries will be placed in the followin - ``<_workspace>/build/tmp/deploy/images/corstone1000-mps3/`` folder for FPGA build. Everything apart from the Secure Enclave ROM firmware and External System firmware, is bundled into a single binary, the -``corstone1000-image-corstone1000-{mps3,fvp}.wic.nopt`` file. +``corstone1000-image-corstone1000-{mps3,fvp}.wic`` file. The output binaries run in the Corstone-1000 platform are the following: - The Secure Enclave ROM firmware: ``<_workspace>/build/tmp/deploy/images/corstone1000-{mps3,fvp}/bl1.bin`` - The External System firmware: ``<_workspace>/build/tmp/deploy/images/corstone1000-{mps3,fvp}/es_flashfw.bin`` - - The flash image: ``<_workspace>/build/tmp/deploy/images/corstone1000-{mps3,fvp}/corstone1000-image-corstone1000-{mps3,fvp}.wic.nopt`` + - The flash image: ``<_workspace>/build/tmp/deploy/images/corstone1000-{mps3,fvp}/corstone1000-image-corstone1000-{mps3,fvp}.wic`` Flash the firmware image on FPGA -------------------------------- -The user should download the FPGA bit file image ``AN550: Arm® Corstone™-1000 for MPS3 Version 1`` +The user should download the FPGA bit file image ``AN550: Arm® Corstone™-1000 for MPS3 Version 2.0`` from `this link <https://developer.arm.com/tools-and-software/development-boards/fpga-prototyping-boards/download-fpga-images>`__ -and under the section ``Arm® Corstone™-1000 for MPS3``. +and under the section ``Arm® Corstone™-1000 for MPS3``. The download is available after logging in. The directory structure of the FPGA bundle is shown below. :: - Boardfiles - ├── MB - │ ├── BRD_LOG.TXT - │ ├── HBI0309B - │ │ ├── AN550 - │ │ │ ├── AN550_v1.bit - │ │ │ ├── an550_v1.txt - │ │ │ └── images.txt - │ │ ├── board.txt - │ │ └── mbb_v210.ebf - │ └── HBI0309C - │ ├── AN550 - │ │ ├── AN550_v1.bit - │ │ ├── an550_v1.txt - │ │ └── images.txt - │ ├── board.txt - │ └── mbb_v210.ebf - ├── SOFTWARE - │ ├── ES0.bin - │ ├── SE.bin - │ └── an550_st.axf - └── config.txt + Boardfiles + ├── config.txt + ├── MB + │ ├── BRD_LOG.TXT + │ ├── HBI0309B + │ │ ├── AN550 + │ │ │ ├── AN550_v2.bit + │ │ │ ├── an550_v2.txt + │ │ │ └── images.txt + │ │ ├── board.txt + │ │ └── mbb_v210.ebf + │ └── HBI0309C + │ ├── AN550 + │ │ ├── AN550_v2.bit + │ │ ├── an550_v2.txt + │ │ └── images.txt + │ ├── board.txt + │ └── mbb_v210.ebf + └── SOFTWARE + ├── an550_st.axf + ├── bl1.bin + ├── cs1000.bin + └── ES0.bin Depending upon the MPS3 board version (printed on the MPS3 board) you should update the images.txt file (in corresponding HBI0309x folder. Boardfiles/MB/HBI0309<board_revision>/AN550/images.txt) so that the file points to the images under SOFTWARE directory. @@ -242,7 +261,7 @@ stack can be seen below; IMAGE0FILE: \SOFTWARE\bl1.bin IMAGE1PORT: 0 - IMAGE1ADDRESS: 0x00_0010_0000 + IMAGE1ADDRESS: 0x00_0000_0000 IMAGE1UPDATE: AUTOQSPI IMAGE1FILE: \SOFTWARE\cs1000.bin @@ -256,10 +275,9 @@ OUTPUT_DIR = ``<_workspace>/build/tmp/deploy/images/corstone1000-mps3`` 1. Copy ``bl1.bin`` from OUTPUT_DIR directory to SOFTWARE directory of the FPGA bundle. 2. Copy ``es_flashfw.bin`` from OUTPUT_DIR directory to SOFTWARE directory of the FPGA bundle and rename the binary to ``es0.bin``. -3. Copy ``corstone1000-image-corstone1000-mps3.wic.nopt`` from OUTPUT_DIR directory to SOFTWARE - directory of the FPGA bundle and rename the wic.nopt image to ``cs1000.bin``. +3. Copy ``corstone1000-image-corstone1000-mps3.wic`` from OUTPUT_DIR directory to SOFTWARE + directory of the FPGA bundle and rename the wic image to ``cs1000.bin``. - **NOTE:** Renaming of the images are required because MCC firmware has limitation of 8 characters before .(dot) and 3 characters after .(dot). @@ -274,7 +292,7 @@ be ttyUSB0, ttyUSB1, ttyUSB2, ttyUSB3 and it might be different on Windows machi - ttyUSB0 for MCC, OP-TEE and Secure Partition - ttyUSB1 for Boot Processor (Cortex-M0+) - ttyUSB2 for Host Processor (Cortex-A35) - - ttyUSB3 for External System Processor (Cortex-M3) + - ttyUSB3 for External System Processor (Cortex-M3) Run following commands to open serial port terminals on Linux: @@ -285,12 +303,26 @@ Run following commands to open serial port terminals on Linux: sudo picocom -b 115200 /dev/ttyUSB2 # in another terminal. sudo picocom -b 115200 /dev/ttyUSB3 # in another terminal. +**NOTE:** The MPS3 expects an ethernet cable to be plugged in, otherwise it will +wait for the network for a considerable amount of time, printing the following +logs: + +:: + + Generic PHY 40100000.ethernet-ffffffff:01: attached PHY driver (mii_bus:phy_addr=40100000.ethernet-ffffffff:01, irq=POLL) + smsc911x 40100000.ethernet eth0: SMSC911x/921x identified at 0xffffffc008e50000, IRQ: 17 + Waiting up to 100 more seconds for network. + Once the system boot is completed, you should see console logs on the serial port terminals. Once the HOST(Cortex-A35) is booted completely, user can login to the shell using **"root"** login. -If system does not boot and only the ttyUSB1 logs are visible, please follow the steps in `Clean Secure Flash Before Testing (applicable to FPGA only)`_ under `SystemReady-IR tests`_ section. The previous image used in FPGA (MPS3) might have filled the Secure Flash completely. The best practice is to clean the secure flash in this case. +If system does not boot and only the ttyUSB1 logs are visible, please follow the +steps in `Clean Secure Flash Before Testing (applicable to FPGA only)`_ under +`SystemReady-IR tests`_ section. The previous image used in FPGA (MPS3) might +have filled the Secure Flash completely. The best practice is to clean the +secure flash in this case. Running the software on FVP @@ -321,7 +353,7 @@ To run the FVP using the runfvp command, please run the following command: When the script is executed, three terminal instances will be launched, one for the boot processor (aka Secure Enclave) processing element and two for the Host processing element. Once the FVP is -executing, the Boot Processor will start to boot, wherein the relevant memory contents of the .wic.nopt +executing, the Boot Processor will start to boot, wherein the relevant memory contents of the .wic file are copied to their respective memory locations within the model, enforce firewall policies on memories and peripherals and then, bring the host out of reset. @@ -337,11 +369,11 @@ Login using the username root. The External System can be released out of reset on demand using the systems-comms-tests command. SystemReady-IR tests -------------------------- +-------------------- -********************* +************* Testing steps -********************* +************* **NOTE**: Running the SystemReady-IR tests described below requires the user to work with USB sticks. In our testing, not all USB stick models work well with @@ -359,7 +391,7 @@ erase the SecureEnclave flash cleanly and prepare a clean board environment for the testing. Clean Secure Flash Before Testing (applicable to FPGA only) -================================================================== +=========================================================== To prepare a clean board environment with clean secure flash for the testing, the user should prepare an image that erases the secure flash cleanly during @@ -368,17 +400,17 @@ boot. Run following commands to build such image. :: cd <_workspace> - git clone https://git.yoctoproject.org/git/meta-arm -b CORSTONE1000-2022.11.23 - git clone https://git.gitlab.arm.com/arm-reference-solutions/systemready-patch.git -b CORSTONE1000-2022.11.23 - cp -f systemready-patch/embedded-a/corstone1000/erase_flash/0001-arm-bsp-trusted-firmware-m-corstone1000-Clean-Secure.patch meta-arm + git clone https://git.yoctoproject.org/git/meta-arm -b CORSTONE1000-2023.06 + git clone https://git.gitlab.arm.com/arm-reference-solutions/systemready-patch.git -b CORSTONE1000-2023.06 + cp -f systemready-patch/embedded-a/corstone1000/erase_flash/0001-embedded-a-corstone1000-clean-secure-flash.patch meta-arm cd meta-arm - git apply 0001-arm-bsp-trusted-firmware-m-corstone1000-Clean-Secure.patch + git apply 0001-embedded-a-corstone1000-clean-secure-flash.patch cd .. kas build meta-arm/kas/corstone1000-mps3.yml Replace the bl1.bin and cs1000.bin files on the SD card with following files: - The ROM firmware: <_workspace>/build/tmp/deploy/images/corstone1000-mps3/bl1.bin - - The flash image: <_workspace>/build/tmp/deploy/images/corstone1000-mps3/corstone1000-image-corstone1000-mps3.wic.nopt + - The flash image: <_workspace>/build/tmp/deploy/images/corstone1000-mps3/corstone1000-image-corstone1000-mps3.wic Now reboot the board. This step erases the Corstone-1000 SecureEnclave flash completely, the user should expect following message from TF-M log (can be seen @@ -394,10 +426,16 @@ Then the user should follow "Building the software stack" to build a clean software stack and flash the FPGA as normal. And continue the testing. Run SystemReady-IR ACS tests -============================= +============================ + +Architecture Compliance Suite (ACS) is used to ensure architectural compliance +across different implementations of the architecture. Arm Enterprise ACS +includes a set of examples of the invariant behaviors that are provided by a +set of specifications for enterprise systems (For example: SBSA, SBBR, etc.), +so that implementers can verify if these behaviours have been interpreted correctly. ACS image contains two partitions. BOOT partition and RESULT partition. -Following packages are under BOOT partition +Following test suites and bootable applications are under BOOT partition: * SCT * FWTS @@ -406,12 +444,30 @@ Following packages are under BOOT partition * grub * uefi manual capsule application +BOOT partition contains the following: + +:: + + ├── EFI + │ └── BOOT + │ ├── app + │ ├── bbr + │ ├── bootaa64.efi + │ ├── bsa + │ ├── debug + │ ├── Shell.efi + │ └── startup.nsh + ├── grub + ├── grub.cfg + ├── Image + └── ramdisk-busybox.img + RESULT partition is used to store the test results. -PLEASE MAKE SURE THAT THE RESULT PARTITION IS EMPTY BEFORE YOU START THE TESTING. OTHERWISE THE TEST RESULTS +**NOTE**: PLEASE MAKE SURE THAT THE RESULT PARTITION IS EMPTY BEFORE YOU START THE TESTING. OTHERWISE THE TEST RESULTS WILL NOT BE CONSISTENT FPGA instructions for ACS image -================================ +=============================== This section describes how the user can build and run Architecture Compliance Suite (ACS) tests on Corstone-1000. @@ -449,10 +505,11 @@ Once the USB stick with ACS image is prepared, the user should make sure that ensure that only the USB stick with the ACS image is connected to the board, and then boot the board. -The FPGA will reset multiple times during the test, and it might take approx. 24-36 hours to finish the test. At the end of test, the FPGA host terminal will halt showing a shell prompt. Once test is finished the result can be copied following above instructions. +The FPGA will reset multiple times during the test, and it might take approx. 24-36 hours to finish the test. + FVP instructions for ACS image and run -============================================ +====================================== Download ACS image from: - ``https://gitlab.arm.com/systemready/acs/arm-systemready/-/tree/linux-5.17-rc7/IR/prebuilt_images/v22.04_1.0-Linux-v5.17-rc7`` @@ -487,7 +544,7 @@ Once test is finished, the FVP can be stoped, and result can be copied following instructions. Common to FVP and FPGA -=========================== +====================== U-Boot should be able to boot the grub bootloader from the 1st partition and if grub is not interrupted, tests are executed @@ -496,14 +553,13 @@ automatically in the following sequence: - SCT - UEFI BSA - FWTS - - BSA Linux The results can be fetched from the ``acs_results`` folder in the RESULT partition of the USB stick (FPGA) / SD Card (FVP). ##################################################### Manual capsule update and ESRT checks ---------------------------------------------------------------------- +------------------------------------- The following section describes running manual capsule update with the ``direct`` method. @@ -518,63 +574,86 @@ incorrect capsule (corrupted or outdated) which fails to boot to the host softwa Check the "Run SystemReady-IR ACS tests" section above to download and unpack the ACS image file - ``ir_acs_live_image.img.xz`` -Download edk2 under <_workspace> : +Download edk2 under <_workspace>: :: git clone https://github.com/tianocore/edk2.git + cd edk2 + git checkout f2188fe5d1553ad1896e27b2514d2f8d0308da8a -********************* -Generating Capsules -********************* +Download systemready-patch repo under <_workspace>: +:: -The capsule binary size (wic.nopt file) should be less than 15 MB. + git clone https://git.gitlab.arm.com/arm-reference-solutions/systemready-patch.git -b CORSTONE1000-2023.06 -Based on the user's requirement, the user can change the firmware version -number given to ``--fw-version`` option (the version number needs to be >= 1). +******************* +Generating Capsules +******************* Generating FPGA Capsules ======================== :: - <_workspace>/edk2/BaseTools/BinWrappers/PosixLike/GenerateCapsule -e -o \ - cs1k_cap_mps3_v5 --fw-version 5 --lsv 0 --guid \ - e2bb9c06-70e9-4b14-97a3-5a7913176e3f --verbose --update-image-index \ - 0 --verbose <_workspace>/build/tmp/deploy/images/corstone1000-mps3/corstone1000-image-corstone1000-mps3.wic.nopt + cd <_workspace>/build/tmp/deploy/images/corstone1000-mps3/ + sh <_workspace>/systemready-patch/embedded-a/corstone1000/capsule_gen/capsule_gen.sh -d mps3 + +This will generate a file called "corstone1000_image.nopt" which will be used to +generate a UEFI capsule. :: - <_workspace>/edk2/BaseTools/BinWrappers/PosixLike/GenerateCapsule -e -o \ - cs1k_cap_mps3_v6 --fw-version 6 --lsv 0 --guid \ - e2bb9c06-70e9-4b14-97a3-5a7913176e3f --verbose --update-image-index \ - 0 --verbose <_workspace>/build/tmp/deploy/images/corstone1000-mps3/corstone1000-image-corstone1000-mps3.wic.nopt + cd <_workspace> + edk2/BaseTools/BinWrappers/PosixLike/GenerateCapsule -e -o cs1k_cap_mps3_v6 --fw-version 6 \ + --lsv 0 --guid e2bb9c06-70e9-4b14-97a3-5a7913176e3f --verbose --update-image-index 0 \ + --verbose build/tmp/deploy/images/corstone1000-mps3/corstone1000_image.nopt + + edk2/BaseTools/BinWrappers/PosixLike/GenerateCapsule -e -o cs1k_cap_mps3_v5 --fw-version 5 \ + --lsv 0 --guid e2bb9c06-70e9-4b14-97a3-5a7913176e3f --verbose --update-image-index 0 \ + --verbose build/tmp/deploy/images/corstone1000-mps3/corstone1000_image.nopt Generating FVP Capsules -======================== +======================= :: - <_workspace>/edk2/BaseTools/BinWrappers/PosixLike/GenerateCapsule -e -o \ - cs1k_cap_fvp_v6 --fw-version 6 --lsv 0 --guid \ - e2bb9c06-70e9-4b14-97a3-5a7913176e3f --verbose --update-image-index \ - 0 --verbose <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.wic.nopt + cd <_workspace>/build/tmp/deploy/images/corstone1000-fvp/ + sh <_workspace>/systemready-patch/embedded-a/corstone1000/capsule_gen/capsule_gen.sh -d fvp + +This will generate a file called "corstone1000_image.nopt" which will be used to +generate a UEFI capsule. + :: - <_workspace>/edk2/BaseTools/BinWrappers/PosixLike/GenerateCapsule -e -o \ - cs1k_cap_fvp_v5 --fw-version 5 --lsv 0 --guid \ - e2bb9c06-70e9-4b14-97a3-5a7913176e3f --verbose --update-image-index \ - 0 --verbose <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.wic.nopt + cd <_workspace> + edk2/BaseTools/BinWrappers/PosixLike/GenerateCapsule -e -o cs1k_cap_fvp_v6 \ + --fw-version 6 --lsv 0 --guid e2bb9c06-70e9-4b14-97a3-5a7913176e3f --verbose --update-image-index \ + 0 --verbose build/tmp/deploy/images/corstone1000-fvp/corstone1000_image.nopt -********************* + edk2/BaseTools/BinWrappers/PosixLike/GenerateCapsule -e -o cs1k_cap_fvp_v5 --fw-version 5 \ + --lsv 0 --guid e2bb9c06-70e9-4b14-97a3-5a7913176e3f --verbose --update-image-index \ + 0 --verbose build/tmp/deploy/images/corstone1000-fvp/corstone1000_image.nopt + + +Common Notes for FVP and FPGA +============================= + +The capsule binary size (wic file) should be less than 15 MB. + +Based on the user's requirement, the user can change the firmware version +number given to ``--fw-version`` option (the version number needs to be >= 1). + + +**************** Copying Capsules -********************* +**************** Copying the FPGA capsules ========================= -The user should prepare a USB stick as explained in ACS image section (see above). +The user should prepare a USB stick as explained in ACS image section `FPGA instructions for ACS image`_. Place the generated ``cs1k_cap`` files in the root directory of the boot partition in the USB stick. Note: As we are running the direct method, the ``cs1k_cap`` file should not be under the EFI/UpdateCapsule directory as this may or may not trigger @@ -612,7 +691,7 @@ Then, unmount the IR image: **NOTE:** -Size of first partition in the image file is calculated in the following way. The data is +The size of first partition in the image file is calculated in the following way. The data is just an example and might vary with different ir_acs_live_image.img files. :: @@ -632,21 +711,21 @@ During this section we will be using the capsule with the higher version (cs1k_c and the capsule with the lower version (cs1k_cap_<fvp/mps3>_v5) for the negative scenario. Running the FVP with the IR prebuilt image -============================================== +========================================== Run the FVP with the IR prebuilt image: :: - <_workspace>/meta-arm/scripts/runfvp --terminals=xterm <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.fvpconf -- -C "board.msd_mmc.p_mmc_file ${<path-to-img>/ir_acs_live_image.img}" + <_workspace>/meta-arm/scripts/runfvp --terminals=xterm <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.fvpconf -- -C "board.msd_mmc.p_mmc_file=${<path-to-img>/ir_acs_live_image.img}" Running the FPGA with the IR prebuilt image -============================================== +=========================================== Insert the prepared USB stick then Power cycle the MPS3 board. Executing capsule update for FVP and FPGA -============================================== +========================================= Reach u-boot then interrupt the boot to reach the EFI shell. @@ -687,14 +766,14 @@ Then, reboot manually: Shell> reset FPGA: Select Corstone-1000 Linux kernel boot -============================================== +============================================ Remove the USB stick before u-boot is reached so the Corstone-1000 kernel will be detected and used for booting. **NOTE:** Otherwise, the execution ends up in the ACS live image. FVP: Select Corstone-1000 Linux kernel boot -============================================== +=========================================== Interrupt the u-boot shell. @@ -708,15 +787,14 @@ Run the following commands in order to run the Corstone-1000 Linux kernel and be :: - $ run retrieve_kernel_load_addr $ unzip $kernel_addr 0x90000000 $ loadm 0x90000000 $kernel_addr_r 0xf00000 $ bootefi $kernel_addr_r $fdtcontroladdr -*********************** +********************* Capsule update status -*********************** +********************* Positive scenario ================= @@ -733,7 +811,8 @@ correctly. SysTick_Handler: counted = 30, expiring on = 360 ... metadata_write: success: active = 1, previous = 0 - accept_full_capsule: exit: fwu state is changed to regular + flash_full_capsule: exit + corstone1000_fwu_flash_image: exit: ret = 0 ... @@ -775,15 +854,19 @@ see appropriate logs in the secure enclave terminal. ... uefi_capsule_retrieve_images: image 0 at 0xa0000070, size=15654928 uefi_capsule_retrieve_images: exit - flash_full_capsule: enter: image = 0x0xa0000070, size = 15654928, version = 10 + flash_full_capsule: enter: image = 0x0xa0000070, size = 7764541, version = 5 ERROR: flash_full_capsule: version error private_metadata_write: enter: boot_index = 1 private_metadata_write: success fmp_set_image_info:133 Enter FMP image update: image id = 0 - FMP image update: status = 1version=11 last_attempt_version=10. + FMP image update: status = 1version=6 last_attempt_version=5. fmp_set_image_info:157 Exit. corstone1000_fwu_flash_image: exit: ret = -1 + fmp_get_image_info:232 Enter + pack_image_info:207 ImageInfo size = 105, ImageName size = 34, ImageVersionName + size = 36 + fmp_get_image_info:236 Exit ... @@ -825,54 +908,96 @@ In the Linux command-line run the following: lowest_supported_fw_ver: 0 Linux distros tests ----------------------------------- +------------------- -*************************************************************************************** -Debian/OpenSUSE install and boot (applicable to FPGA only) -*************************************************************************************** +************************************************************* +Debian install and boot preparation (applicable to FPGA only) +************************************************************* + +There is a known issue in the `Shim 15.7 <https://salsa.debian.org/efi-team/shim/-/tree/upstream/15.7?ref_type=tags>`__ +provided with the Debian installer image (see below). This bug causes a fatal +error when attempting to boot media installer for Debian, and it resets the MPS3 before installation starts. +A patch to be applied to the Corstone-1000 stack (only applicable when +installing Debian) is provided to +`Skip the Shim <https://gitlab.arm.com/arm-reference-solutions/systemready-patch/-/blob/CORSTONE1000-2023.06/embedded-a/corstone1000/shim/0001-arm-bsp-u-boot-corstone1000-Skip-the-shim-by-booting.patch>`__. +This patch makes U-Boot automatically bypass the Shim and run grub and allows +the user to proceed with a normal installation. If at the moment of reading this +document the problem is solved in the Shim, the user is encouraged to try the +corresponding new installer image. Otherwise, please apply the patch as +indicated by the instructions listed below. These instructions assume that the +user has already built the stack by following the build steps of this +documentation. -To test Linux distro install and boot, the user should prepare two empty USB sticks (minimum size should be 4GB and formatted with FAT32). +:: + + cd <_workspace> + git clone https://git.gitlab.arm.com/arm-reference-solutions/systemready-patch.git -b CORSTONE1000-2023.06 + cp -f systemready-patch/embedded-a/corstone1000/shim/0001-arm-bsp-u-boot-corstone1000-Skip-the-shim-by-booting.patch meta-arm + cd meta-arm + git am 0001-arm-bsp-u-boot-corstone1000-Skip-the-shim-by-booting.patch + cd .. + kas shell meta-arm/kas/corstone1000-mps3.yml -c="bitbake u-boot trusted-firmware-a corstone1000-image -c cleansstate; bitbake corstone1000-image" + +Please update the cs1000.bin on the SD card with the newly generated wic file. + +************************************************* +Debian/openSUSE install (applicable to FPGA only) +************************************************* + +To test Linux distro install and boot, the user should prepare two empty USB +sticks (minimum size should be 4GB and formatted with FAT32). Download one of following Linux distro images: - - Debian installer image: https://cdimage.debian.org/cdimage/weekly-builds/arm64/iso-dvd/ - - OpenSUSE Tumbleweed installer image: http://download.opensuse.org/ports/aarch64/tumbleweed/iso/ - - The user should look for a DVD Snapshot like openSUSE-Tumbleweed-DVD-aarch64-Snapshot<date>-Media.iso + - `Debian 12.0.0 installer image <https://cdimage.debian.org/debian-cd/current/arm64/iso-dvd/debian-12.0.0-arm64-DVD-1.iso>`__ + - `OpenSUSE Tumbleweed installer image <http://download.opensuse.org/ports/aarch64/tumbleweed/iso/>`__ -Once the .iso file is downloaded, the .iso file needs to be flashed to your USB drive. +**NOTE:** For OpenSUSE Tumbleweed, the user should look for a DVD Snapshot like +openSUSE-Tumbleweed-DVD-aarch64-Snapshot<date>-Media.iso -In the given example here, we assume the USB device is ``/dev/sdb`` (the user -should use `lsblk` command to confirm). Be cautious here and don't confuse your -host PC's own hard drive with the USB drive. Then copy the contents of an iso -file into the first USB stick, run: +Once the iso file is downloaded, the iso file needs to be flashed to your USB +drive. This can be done with your development machine. + +In the example given below, we assume the USB device is ``/dev/sdb`` (the user +should use the `lsblk` command to confirm). + +**NOTE:** Please don't confuse your host PC's own hard drive with the USB drive. +Then, copy the contents of the iso file into the first USB stick by running the +following command in the development machine: :: sudo dd if=<path-to-iso_file> of=/dev/sdb iflag=direct oflag=direct status=progress bs=1M; sync; -Boot the MSP3 board with the first USB stick connected. Open following minicom sessions: +Unplug the first USB stick from the development machine and connect it to the +MSP3 board. At this moment, only the first USB stick should be connected. Open +the following picocom sessions in your development machine: :: sudo picocom -b 115200 /dev/ttyUSB0 # in one terminal sudo picocom -b 115200 /dev/ttyUSB2 # in another terminal. -Now plug in the second USB stick (once installation screen is visible), the distro installation process will start. The installation prompt can be seen in ttyUSB2. If installer does not start, please try to reboot the board with both USB sticks connected and repeat the process. +When the installation screen is visible in ttyUSB2, plug in the second USB stick +in the MPS3 and start the distro installation process. If the installer does not +start, please try to reboot the board with both USB sticks connected and repeat +the process. **NOTE:** Due to the performance limitation of Corstone-1000 MPS3 FPGA, the distro installation process can take up to 24 hours to complete. -Once installation is complete, unplug the first USB stick and reboot the board. -After successfully installing and booting the Linux distro, the user should see -a login prompt: - -:: +******************************************************* +Debian install clarifications (applicable to FPGA only) +******************************************************* - debian login: +As the installation process for Debian is different than the one for openSUSE, +Debian may need some extra steps, that are indicated below: -Login with the username root. +During Debian installation, please answer the following question: + - "Force GRUB installation to the EFI removable media path?" Yes + - "Update NVRAM variables to automatically boot into Debian?" No -**NOTE:** The Debian installer has a known issue "Install the GRUB bootloader - unable to install " and these are the steps to -follow on the subsequent popups to solve the issue during the installation: +If the grub installation fails, these are the steps to follow on the subsequent +popups: 1. Select "Continue", then "Continue" again on the next popup 2. Scroll down and select "Execute a shell" @@ -898,19 +1023,59 @@ follow on the subsequent popups to solve the issue during the installation: 7. Select "Continue without boot loader", then select "Continue" on the next popup 8. At this stage, the installation should proceed as normal. -*************************************************************************************** +***************************************************************** +Debian/openSUSE boot after installation (applicable to FPGA only) +***************************************************************** + +Once the installation is complete, unplug the first USB stick and reboot the +board. +The board will then enter recovery mode, from which the user can access a shell +after entering the password for the root user. Proceed to edit the following +files accordingly: + +:: + + vi /etc/systemd/system.conf + DefaultDeviceTimeoutSec=infinity + +The file to be editted next is different depending on the installed distro: + +:: + + vi /etc/login.defs # Only applicable to Debian + vi /usr/etc/login.defs # Only applicable to openSUSE + LOGIN_TIMEOUT 180 + +To make sure the changes are applied, please run: + +:: + + systemctl daemon-reload + +After applying the previous commands, please reboot the board. The user should +see a login prompt after booting, for example, for debian: + +:: + + debian login: + +Login with the username root and its corresponding password (already set at +installation time). + +************************************************************ OpenSUSE Raw image install and boot (applicable to FVP only) -*************************************************************************************** +************************************************************ -Steps to download openSUSE Tumbleweed raw image: - - Go to: http://download.opensuse.org/ports/aarch64/tumbleweed/appliances/ - - The user should look for a Tumbleweed-ARM-JeOS-efi.aarch64-* Snapshot, for example, ``openSUSE-Tumbleweed-ARM-JeOS-efi.aarch64-<date>-Snapshot<date>.raw.xz`` +Steps to download OpenSUSE Tumbleweed raw image: + - Under `OpenSUSE Tumbleweed appliances <http://download.opensuse.org/ports/aarch64/tumbleweed/appliances/>`__ + - The user should look for a Tumbleweed-ARM-JeOS-efi.aarch64-* Snapshot, for example, + ``openSUSE-Tumbleweed-ARM-JeOS-efi.aarch64-<date>-Snapshot<date>.raw.xz`` Once the .raw.xz file is downloaded, the raw image file needs to be extracted: :: - unxz <file-name.raw.xz> + unxz <file-name.raw.xz> The above command will generate a file ending with extension .raw image. Now, use the following command @@ -918,23 +1083,23 @@ to run FVP with raw image installation process. :: -<_workspace>/meta-arm/scripts/runfvp --terminals=xterm <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.fvpconf -- -C board.msd_mmc.p_mmc_file="${openSUSE raw image file path}" + <_workspace>/meta-arm/scripts/runfvp --terminals=xterm <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.fvpconf -- -C board.msd_mmc.p_mmc_file="${openSUSE raw image file path}" After successfully installing and booting the Linux distro, the user should see a openSUSE login prompt. :: - localhost login: + localhost login: Login with the username 'root' and password 'linux'. PSA API tests ----------------------- +------------- -*************************************************************************************** +*********************************************************** Run PSA API test commands (applicable to both FPGA and FVP) -*************************************************************************************** +*********************************************************** When running PSA API test commands (aka PSA Arch Tests) on MPS3 FPGA, the user should make sure there is no USB stick connected to the board. Power on the board and boot the board to @@ -948,7 +1113,7 @@ First, load FF-A TEE kernel module: :: - insmod /lib/modules/5.19.14-yocto-standard/extra/arm-ffa-tee.ko + insmod /lib/modules/6.1.32-yocto-standard/extra/arm-ffa-tee.ko Then, check whether the FF-A TEE driver is loaded correctly by using the following command: @@ -960,7 +1125,7 @@ The output should be: :: - arm_ffa_tee 16384 - - Live 0xffffffc0004f0000 (O) + arm_ffa_tee 16384 - - Live 0xffffffc000510000 (O) Now, run the PSA API tests in the following order: @@ -971,15 +1136,17 @@ Now, run the PSA API tests in the following order: psa-its-api-test psa-ps-api-test +**NOTE:** The psa-crypto-api-test takes between 30 minutes to 1 hour to run. + External System tests ------------------------------------ +--------------------- -*************************************************************************************** +************************************************************** Running the External System test command (systems-comms-tests) -*************************************************************************************** +************************************************************** Test 1: Releasing the External System out of reset -=================================================== +================================================== Run this command in the Linux command-line: @@ -1004,7 +1171,7 @@ The output on the External System terminal should be: MHUv2 module 'MHU1_SE' started Test 2: Communication -============================================= +===================== Test 2 releases the External System out of reset if not already done. Then, it performs communication between host and External System. @@ -1014,7 +1181,7 @@ After running Test 1, run this command in the Linux command-line: systems-comms-tests 2 -Additional output on the External System terminal will be printed: +Additional output on the External System terminal will be printed: :: @@ -1058,13 +1225,13 @@ The output on the Host terminal should be: Tests results ------------------------------------ +------------- -As a reference for the end user, reports for various tests for `Corstone-1000 software (CORSTONE1000-2022.11.23) <https://git.yoctoproject.org/meta-arm/tag/?h=CORSTONE1000-2022.11.23>`__ -can be found in `here <https://gitlab.arm.com/arm-reference-solutions/arm-reference-solutions-test-report/-/tree/master/embedded-a/corstone1000>`__. +As a reference for the end user, reports for various tests for `Corstone-1000 software (CORSTONE1000-2023.06) <https://git.yoctoproject.org/meta-arm/tag/?h=CORSTONE1000-2023.06>`__ +can be found `here <https://gitlab.arm.com/arm-reference-solutions/arm-reference-solutions-test-report/-/tree/master/embedded-a/corstone1000>`__. Running the software on FVP on Windows ---------------------------------------------------------------- +-------------------------------------- If the user needs to run the Corstone-1000 software on FVP on Windows. The user should follow the build instructions in this document to build on Linux host @@ -1073,6 +1240,7 @@ and launch the FVP binary. -------------- -*Copyright (c) 2022, Arm Limited. All rights reserved.* +*Copyright (c) 2022-2023, Arm Limited. All rights reserved.* .. _Arm Ecosystem FVPs: https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps +.. _U-Boot repo: https://github.com/u-boot/u-boot.git |