subtree updates

meta-security: b9bc938785..1856a7cf43: Armin Kuster (1): scap-security-guide: update to 0.1.69+ Lei Maohui (2): paxctl: Fix do_package QA Issue. ccs-tools: Fix do_package QA Issue. Martin Jansa (1): layer.conf: update LAYERSERIES_COMPAT for nanbield Yi Zhao (1): scap-security-guide: pass the correct cpe/schemas/xsl paths to oscap meta-arm: 992c07f7c0..bd0953cc60: Abdellatif El Khlifi (1): arm-bsp/u-boot: corstone1000: detect the kernel size automatically Anusmita Dutta Mazumder (5): arm-bsp/u-boot: corstone1000: add unique firmware GUID arm-bsp/trusted-firmware-m: corstone1000: add unique firmware GUID arm-bsp/scp-firmware: Update N1SDP scp-firmware version arm-bsp/n1sdp: Enable tests with pseudo trusted application CI: Build custom image for N1SDP optee-xtest Delane Brandy (1): arm-bsp/corstone1000: mmc2-enablement Emekcan Aras (2): arm-bsp/trusted-firmware-a: corstone1000: Update TF-A v2.9 arm-bsp/optee-os: corstone1000: Update optee-os v3.22 Javier Tia (1): optee-client: Add path condition to tee-supplicant.service Jon Mason (14): arm/trusted-firmware-a: update to 2.9.0 arm-bsp/juno: update kernel to 6.4 arm/linux-yocto: change defconfig patch for 6.4 arm/hafnium: update to v2.8 arm/linux-yocto: update kernel patches arm/trusted-services: add SRCREV_FORMAT arm-bsp/tc1: update optee arm-bsp/fvp-baser-aemv8r64: update u-boot to 2023.01 arm-bsp/corstone500: upgrade u-boot to the latest arm-bsp/corstone500: removal of support arm: patch clean-ups arm/edk2: update to 202305 version arm/sbsa-acs: update to v7.1.2 arm-bsp/trusted-firmware-a: remove unneeded patches Mariam Elshakfy (2): arm-bsp/trusted-firmware-a: Update TF-A version for N1SDP arm-bsp/n1sdp: Update edk2-firmware version for N1SDP to 202305 Ross Burton (3): kas/: pass through DISPLAY from environment Remove explicit SRCPV arm-bsp/external-system: set PACKAGE_ARCH as this is machine-specific meta-raspberrypi: 5e2f79a6fa..6501ec892c: Andrei Gherzan (2): ci: Add usrmerge to distro features docs: Fix documentation theme Sangmo Kang (1): omxplayer: fix an error caused by new srcrev fetcher API Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
author: Andrew Geissler <geissonator@yahoo.com> 2023-09-11 15:24:07 +0300
committer: Andrew Geissler <geissonator@yahoo.com> 2023-09-11 15:24:17 +0300
commit: fc7e7973f3119e2bad511209aa336537dc5ffbed (patch)
tree: 17f710baf630d26af09b667744e0381ac0967c50 /meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files
parent: 566b706ac11162bf6311c2885e9772473e25c7bc (diff)
download: openbmc-fc7e7973f3119e2bad511209aa336537dc5ffbed.tar.xz
5 files changed, 105 insertions, 22 deletions
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0001-Fix-FF-A-version-in-SPMC-manifest.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0001-Fix-FF-A-version-in-SPMC-manifest.patch
index 016de8d3de..6d5114e1c1 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0001-Fix-FF-A-version-in-SPMC-manifest.patch
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0001-Fix-FF-A-version-in-SPMC-manifest.patch
@@ -1,7 +1,4 @@
-Upstream-Status: Inappropriate
-Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
-
-From a31aee0988ef64724ec5866f10709f51f8cb3237 Mon Sep 17 00:00:00 2001
+From adaa22bc2f529bb34e9d4fe89ff5c65f0c83ca0c Mon Sep 17 00:00:00 2001
 From: emeara01 <emekcan.aras@arm.com>
 Date: Wed, 11 May 2022 14:37:06 +0100
 Subject: [PATCH] Fix FF-A version in SPMC manifest
@@ -11,13 +8,14 @@ This commit corrects the FF-A version in corstone1000_spmc_manifest.dts.
 This patch will not be upstreamed and will be dropped once
 OPTEE version is updated for Corstone1000.
 
+Upstream-Status: Inappropriate
 Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
 ---
  .../corstone1000/common/fdts/corstone1000_spmc_manifest.dts     | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/plat/arm/board/corstone1000/common/fdts/corstone1000_spmc_manifest.dts b/plat/arm/board/corstone1000/common/fdts/corstone1000_spmc_manifest.dts
-index 8e49ab83f..5baa1b115 100644
+index 8e49ab83f76a..5baa1b115b2e 100644
 --- a/plat/arm/board/corstone1000/common/fdts/corstone1000_spmc_manifest.dts
 +++ b/plat/arm/board/corstone1000/common/fdts/corstone1000_spmc_manifest.dts
 @@ -20,7 +20,7 @@
@@ -29,6 +27,3 @@ index 8e49ab83f..5baa1b115 100644
  		exec_state = <0x0>;
  		load_address = <0x0 0x2002000>;
  		entrypoint = <0x0 0x2002000>;
--- 
-2.17.1
-
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0002-feat-corstone1000-bl2-loads-fip-based-on-metadata.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0002-feat-corstone1000-bl2-loads-fip-based-on-metadata.patch
index d834e95bd7..e26fd34e86 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0002-feat-corstone1000-bl2-loads-fip-based-on-metadata.patch
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0002-feat-corstone1000-bl2-loads-fip-based-on-metadata.patch
@@ -1,4 +1,4 @@
-From 360aa32846a97e775750e06865d462c6258179fa Mon Sep 17 00:00:00 2001
+From fa7ab9b40babee29d2aadb267dfce7a96f8989d4 Mon Sep 17 00:00:00 2001
 From: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
 Date: Mon, 9 Jan 2023 13:59:06 +0000
 Subject: [PATCH] feat(corstone1000): bl2 loads fip based on metadata
@@ -15,7 +15,6 @@ image starts at fip partition + fip signature area size.
 
 Upstream-Status: Pending
 Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
-
 ---
  bl2/bl2_main.c                                |  4 +++
  .../corstone1000/common/corstone1000_plat.c   | 32 ++++++-------------
@@ -25,10 +24,10 @@ Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
  5 files changed, 24 insertions(+), 32 deletions(-)
 
 diff --git a/bl2/bl2_main.c b/bl2/bl2_main.c
-index 5da803795..f25dc3029 100644
+index ce83692e0ebc..1a9febc007b2 100644
 --- a/bl2/bl2_main.c
 +++ b/bl2/bl2_main.c
-@@ -86,6 +86,10 @@ void bl2_main(void)
+@@ -87,6 +87,10 @@ void bl2_main(void)
  	/* Perform remaining generic architectural setup in S-EL1 */
  	bl2_arch_setup();
  
@@ -40,7 +39,7 @@ index 5da803795..f25dc3029 100644
  	fwu_init();
  #endif /* PSA_FWU_SUPPORT */
 diff --git a/plat/arm/board/corstone1000/common/corstone1000_plat.c b/plat/arm/board/corstone1000/common/corstone1000_plat.c
-index 0235f8b84..7f9708a82 100644
+index 0235f8b8474c..7f9708a82489 100644
 --- a/plat/arm/board/corstone1000/common/corstone1000_plat.c
 +++ b/plat/arm/board/corstone1000/common/corstone1000_plat.c
 @@ -33,36 +33,17 @@ const mmap_region_t plat_arm_mmap[] = {
@@ -98,7 +97,7 @@ index 0235f8b84..7f9708a82 100644
   * is no power control present
   */
 diff --git a/plat/arm/board/corstone1000/common/include/platform_def.h b/plat/arm/board/corstone1000/common/include/platform_def.h
-index 584d485f3..0bfab05a4 100644
+index 584d485f3ea7..0bfab05a482b 100644
 --- a/plat/arm/board/corstone1000/common/include/platform_def.h
 +++ b/plat/arm/board/corstone1000/common/include/platform_def.h
 @@ -173,16 +173,16 @@
@@ -125,10 +124,10 @@ index 584d485f3..0bfab05a4 100644
  /*
   * Some data must be aligned on the biggest cache line size in the platform.
 diff --git a/tools/cert_create/Makefile b/tools/cert_create/Makefile
-index ca548b836..32b5486a0 100644
+index 042e844626bd..45b76a022f91 100644
 --- a/tools/cert_create/Makefile
 +++ b/tools/cert_create/Makefile
-@@ -69,8 +69,8 @@ INC_DIR += -I ./include -I ${PLAT_INCLUDE} -I ${OPENSSL_DIR}/include
+@@ -78,8 +78,8 @@ INC_DIR += -I ./include -I ${PLAT_INCLUDE} -I ${OPENSSL_DIR}/include
  # directory. However, for a local build of OpenSSL, the built binaries are
  # located under the main project directory (i.e.: ${OPENSSL_DIR}, not
  # ${OPENSSL_DIR}/lib/).
@@ -140,10 +139,10 @@ index ca548b836..32b5486a0 100644
  HOSTCC ?= gcc
  
 diff --git a/tools/fiptool/Makefile b/tools/fiptool/Makefile
-index e6aeba95b..7c047479e 100644
+index 2ebee33931ba..dcfd314bee89 100644
 --- a/tools/fiptool/Makefile
 +++ b/tools/fiptool/Makefile
-@@ -29,7 +29,7 @@ endif
+@@ -39,7 +39,7 @@ HOSTCCFLAGS += -DUSING_OPENSSL3=$(USING_OPENSSL3)
  # directory. However, for a local build of OpenSSL, the built binaries are
  # located under the main project directory (i.e.: ${OPENSSL_DIR}, not
  # ${OPENSSL_DIR}/lib/).
@@ -152,7 +151,7 @@ index e6aeba95b..7c047479e 100644
  
  ifeq (${V},0)
    Q := @
-@@ -37,7 +37,7 @@ else
+@@ -47,7 +47,7 @@ else
    Q :=
  endif
  
@@ -161,6 +160,3 @@ index e6aeba95b..7c047479e 100644
  
  HOSTCC ?= gcc
  
--- 
-2.25.1
-
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0004-fix-corstone1000-add-cpuhelper-to-makefile.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0004-fix-corstone1000-add-cpuhelper-to-makefile.patch
new file mode 100644
index 0000000000..6ddde10e4f
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0004-fix-corstone1000-add-cpuhelper-to-makefile.patch
@@ -0,0 +1,28 @@
+From 33078d8ef143e8c79f06399de46dd26e1d53a220 Mon Sep 17 00:00:00 2001
+From: Gauri Sahnan <Gauri.Sahnan@arm.com>
+Date: Tue, 8 Aug 2023 17:16:51 +0100
+Subject: fix(corstone1000): add cpuhelpers to makefile
+
+Adds cpu_helpers.S to the Makefile to align with the changes in new
+trusted-firmware-a version.
+
+Signed-off-by: Gauri Sahnan <Gauri.Sahnan@arm.com>
+Upstream-Status: Pending [Not submitted to upstream yet]
+---
+ plat/arm/board/corstone1000/platform.mk | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/plat/arm/board/corstone1000/platform.mk b/plat/arm/board/corstone1000/platform.mk
+index 3edffe087..079e9d6c1 100644
+--- a/plat/arm/board/corstone1000/platform.mk
++++ b/plat/arm/board/corstone1000/platform.mk
+@@ -43,6 +43,7 @@ BL2_SOURCES		+=	plat/arm/board/corstone1000/common/corstone1000_security.c		\
+ 				plat/arm/board/corstone1000/common/corstone1000_err.c		\
+ 				plat/arm/board/corstone1000/common/corstone1000_trusted_boot.c	\
+ 				lib/utils/mem_region.c					\
++				lib/cpus/aarch64/cpu_helpers.S \
+ 				plat/arm/board/corstone1000/common/corstone1000_helpers.S		\
+ 				plat/arm/board/corstone1000/common/corstone1000_plat.c		\
+ 				plat/arm/board/corstone1000/common/corstone1000_bl2_mem_params_desc.c \
+-- 
+2.25.1
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/rwx-segments.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/rwx-segments.patch
new file mode 100644
index 0000000000..a4518ec6b0
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/rwx-segments.patch
@@ -0,0 +1,38 @@
+Binutils 2.39 now warns when a segment has RXW permissions[1]:
+
+aarch64-none-elf-ld.bfd: warning: bl31.elf has a LOAD segment with RWX
+permissions
+
+However, TF-A passes --fatal-warnings to LD, so this is a build failure.
+
+There is a ticket filed upstream[2], so until that is resolved just
+remove --fatal-warnings.
+
+[1] https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=ba951afb99912da01a6e8434126b8fac7aa75107
+[2] https://developer.trustedfirmware.org/T996
+
+Upstream-Status: Inappropriate
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+diff --git a/Makefile b/Makefile
+index 3941f8698..13bbac348 100644
+--- a/Makefile
++++ b/Makefile
+@@ -418,7 +418,7 @@ TF_LDFLAGS		+=	$(TF_LDFLAGS_$(ARCH))
+ # LD = gcc (used when GCC LTO is enabled)
+ else ifneq ($(findstring gcc,$(notdir $(LD))),)
+ # Pass ld options with Wl or Xlinker switches
+-TF_LDFLAGS		+=	-Wl,--fatal-warnings -O1
++TF_LDFLAGS		+=	-O1
+ TF_LDFLAGS		+=	-Wl,--gc-sections
+ ifeq ($(ENABLE_LTO),1)
+ 	ifeq (${ARCH},aarch64)
+@@ -435,7 +435,7 @@ TF_LDFLAGS		+=	$(subst --,-Xlinker --,$(TF_LDFLAGS_$(ARCH)))
+ 
+ # LD = gcc-ld (ld) or llvm-ld (ld.lld) or other
+ else
+-TF_LDFLAGS		+=	--fatal-warnings -O1
++TF_LDFLAGS		+=	-O1
+ TF_LDFLAGS		+=	--gc-sections
+ # ld.lld doesn't recognize the errata flags,
+ # therefore don't add those in that case
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/tf-a-tests-no-warn-rwx-segments.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/tf-a-tests-no-warn-rwx-segments.patch
new file mode 100644
index 0000000000..5d02e35317
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/tf-a-tests-no-warn-rwx-segments.patch
@@ -0,0 +1,26 @@
+Binutils 2.39 now warns when a segment has RXW permissions[1]:
+
+aarch64-poky-linux-musl-ld: tftf.elf has a LOAD segment with RWX permissions
+
+There is a ticket filed upstream[2], so until that is resolved just
+disable the warning
+
+[1] https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=ba951afb99912da01a6e8434126b8fac7aa75107
+[2] https://developer.trustedfirmware.org/T996
+
+Upstream-Status: Inappropriate
+Signed-off-by: Anton Antonov <anrton.antonov@arm.com>
+
+diff --git a/Makefile b/Makefile
+index 6d0774e1..be3f84ce 100644
+--- a/Makefile
++++ b/Makefile
+@@ -238,7 +238,7 @@ TFTF_SOURCES		:= ${FRAMEWORK_SOURCES}	${TESTS_SOURCES} ${PLAT_SOURCES} ${LIBC_SR
+ TFTF_INCLUDES		+= ${PLAT_INCLUDES}
+ TFTF_CFLAGS		+= ${COMMON_CFLAGS}
+ TFTF_ASFLAGS		+= ${COMMON_ASFLAGS}
+-TFTF_LDFLAGS		+= ${COMMON_LDFLAGS}
++TFTF_LDFLAGS		+= ${COMMON_LDFLAGS} --no-warn-rwx-segments
+ TFTF_EXTRA_OBJS 	:=
+ 
+ ifneq (${BP_OPTION},none)
author	Andrew Geissler <geissonator@yahoo.com>	2023-09-11 15:24:07 +0300
committer	Andrew Geissler <geissonator@yahoo.com>	2023-09-11 15:24:17 +0300
commit	fc7e7973f3119e2bad511209aa336537dc5ffbed (patch)
tree	17f710baf630d26af09b667744e0381ac0967c50 /meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files
parent	566b706ac11162bf6311c2885e9772473e25c7bc (diff)
download	openbmc-fc7e7973f3119e2bad511209aa336537dc5ffbed.tar.xz