diff options
author | Andrew Geissler <geissonator@yahoo.com> | 2023-09-11 15:24:07 +0300 |
---|---|---|
committer | Andrew Geissler <geissonator@yahoo.com> | 2023-09-11 15:24:17 +0300 |
commit | fc7e7973f3119e2bad511209aa336537dc5ffbed (patch) | |
tree | 17f710baf630d26af09b667744e0381ac0967c50 /meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a | |
parent | 566b706ac11162bf6311c2885e9772473e25c7bc (diff) | |
download | openbmc-fc7e7973f3119e2bad511209aa336537dc5ffbed.tar.xz |
subtree updates
meta-security: b9bc938785..1856a7cf43:
Armin Kuster (1):
scap-security-guide: update to 0.1.69+
Lei Maohui (2):
paxctl: Fix do_package QA Issue.
ccs-tools: Fix do_package QA Issue.
Martin Jansa (1):
layer.conf: update LAYERSERIES_COMPAT for nanbield
Yi Zhao (1):
scap-security-guide: pass the correct cpe/schemas/xsl paths to oscap
meta-arm: 992c07f7c0..bd0953cc60:
Abdellatif El Khlifi (1):
arm-bsp/u-boot: corstone1000: detect the kernel size automatically
Anusmita Dutta Mazumder (5):
arm-bsp/u-boot: corstone1000: add unique firmware GUID
arm-bsp/trusted-firmware-m: corstone1000: add unique firmware GUID
arm-bsp/scp-firmware: Update N1SDP scp-firmware version
arm-bsp/n1sdp: Enable tests with pseudo trusted application
CI: Build custom image for N1SDP optee-xtest
Delane Brandy (1):
arm-bsp/corstone1000: mmc2-enablement
Emekcan Aras (2):
arm-bsp/trusted-firmware-a: corstone1000: Update TF-A v2.9
arm-bsp/optee-os: corstone1000: Update optee-os v3.22
Javier Tia (1):
optee-client: Add path condition to tee-supplicant.service
Jon Mason (14):
arm/trusted-firmware-a: update to 2.9.0
arm-bsp/juno: update kernel to 6.4
arm/linux-yocto: change defconfig patch for 6.4
arm/hafnium: update to v2.8
arm/linux-yocto: update kernel patches
arm/trusted-services: add SRCREV_FORMAT
arm-bsp/tc1: update optee
arm-bsp/fvp-baser-aemv8r64: update u-boot to 2023.01
arm-bsp/corstone500: upgrade u-boot to the latest
arm-bsp/corstone500: removal of support
arm: patch clean-ups
arm/edk2: update to 202305 version
arm/sbsa-acs: update to v7.1.2
arm-bsp/trusted-firmware-a: remove unneeded patches
Mariam Elshakfy (2):
arm-bsp/trusted-firmware-a: Update TF-A version for N1SDP
arm-bsp/n1sdp: Update edk2-firmware version for N1SDP to 202305
Ross Burton (3):
kas/: pass through DISPLAY from environment
Remove explicit SRCPV
arm-bsp/external-system: set PACKAGE_ARCH as this is machine-specific
meta-raspberrypi: 5e2f79a6fa..6501ec892c:
Andrei Gherzan (2):
ci: Add usrmerge to distro features
docs: Fix documentation theme
Sangmo Kang (1):
omxplayer: fix an error caused by new srcrev fetcher API
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Diffstat (limited to 'meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a')
13 files changed, 217 insertions, 50 deletions
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0001-Fix-FF-A-version-in-SPMC-manifest.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0001-Fix-FF-A-version-in-SPMC-manifest.patch index 016de8d3de..6d5114e1c1 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0001-Fix-FF-A-version-in-SPMC-manifest.patch +++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0001-Fix-FF-A-version-in-SPMC-manifest.patch @@ -1,7 +1,4 @@ -Upstream-Status: Inappropriate -Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com> - -From a31aee0988ef64724ec5866f10709f51f8cb3237 Mon Sep 17 00:00:00 2001 +From adaa22bc2f529bb34e9d4fe89ff5c65f0c83ca0c Mon Sep 17 00:00:00 2001 From: emeara01 <emekcan.aras@arm.com> Date: Wed, 11 May 2022 14:37:06 +0100 Subject: [PATCH] Fix FF-A version in SPMC manifest @@ -11,13 +8,14 @@ This commit corrects the FF-A version in corstone1000_spmc_manifest.dts. This patch will not be upstreamed and will be dropped once OPTEE version is updated for Corstone1000. +Upstream-Status: Inappropriate Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com> --- .../corstone1000/common/fdts/corstone1000_spmc_manifest.dts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plat/arm/board/corstone1000/common/fdts/corstone1000_spmc_manifest.dts b/plat/arm/board/corstone1000/common/fdts/corstone1000_spmc_manifest.dts -index 8e49ab83f..5baa1b115 100644 +index 8e49ab83f76a..5baa1b115b2e 100644 --- a/plat/arm/board/corstone1000/common/fdts/corstone1000_spmc_manifest.dts +++ b/plat/arm/board/corstone1000/common/fdts/corstone1000_spmc_manifest.dts @@ -20,7 +20,7 @@ @@ -29,6 +27,3 @@ index 8e49ab83f..5baa1b115 100644 exec_state = <0x0>; load_address = <0x0 0x2002000>; entrypoint = <0x0 0x2002000>; --- -2.17.1 - diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0002-feat-corstone1000-bl2-loads-fip-based-on-metadata.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0002-feat-corstone1000-bl2-loads-fip-based-on-metadata.patch index d834e95bd7..e26fd34e86 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0002-feat-corstone1000-bl2-loads-fip-based-on-metadata.patch +++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0002-feat-corstone1000-bl2-loads-fip-based-on-metadata.patch @@ -1,4 +1,4 @@ -From 360aa32846a97e775750e06865d462c6258179fa Mon Sep 17 00:00:00 2001 +From fa7ab9b40babee29d2aadb267dfce7a96f8989d4 Mon Sep 17 00:00:00 2001 From: Mohamed Omar Asaker <mohamed.omarasaker@arm.com> Date: Mon, 9 Jan 2023 13:59:06 +0000 Subject: [PATCH] feat(corstone1000): bl2 loads fip based on metadata @@ -15,7 +15,6 @@ image starts at fip partition + fip signature area size. Upstream-Status: Pending Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com> - --- bl2/bl2_main.c | 4 +++ .../corstone1000/common/corstone1000_plat.c | 32 ++++++------------- @@ -25,10 +24,10 @@ Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com> 5 files changed, 24 insertions(+), 32 deletions(-) diff --git a/bl2/bl2_main.c b/bl2/bl2_main.c -index 5da803795..f25dc3029 100644 +index ce83692e0ebc..1a9febc007b2 100644 --- a/bl2/bl2_main.c +++ b/bl2/bl2_main.c -@@ -86,6 +86,10 @@ void bl2_main(void) +@@ -87,6 +87,10 @@ void bl2_main(void) /* Perform remaining generic architectural setup in S-EL1 */ bl2_arch_setup(); @@ -40,7 +39,7 @@ index 5da803795..f25dc3029 100644 fwu_init(); #endif /* PSA_FWU_SUPPORT */ diff --git a/plat/arm/board/corstone1000/common/corstone1000_plat.c b/plat/arm/board/corstone1000/common/corstone1000_plat.c -index 0235f8b84..7f9708a82 100644 +index 0235f8b8474c..7f9708a82489 100644 --- a/plat/arm/board/corstone1000/common/corstone1000_plat.c +++ b/plat/arm/board/corstone1000/common/corstone1000_plat.c @@ -33,36 +33,17 @@ const mmap_region_t plat_arm_mmap[] = { @@ -98,7 +97,7 @@ index 0235f8b84..7f9708a82 100644 * is no power control present */ diff --git a/plat/arm/board/corstone1000/common/include/platform_def.h b/plat/arm/board/corstone1000/common/include/platform_def.h -index 584d485f3..0bfab05a4 100644 +index 584d485f3ea7..0bfab05a482b 100644 --- a/plat/arm/board/corstone1000/common/include/platform_def.h +++ b/plat/arm/board/corstone1000/common/include/platform_def.h @@ -173,16 +173,16 @@ @@ -125,10 +124,10 @@ index 584d485f3..0bfab05a4 100644 /* * Some data must be aligned on the biggest cache line size in the platform. diff --git a/tools/cert_create/Makefile b/tools/cert_create/Makefile -index ca548b836..32b5486a0 100644 +index 042e844626bd..45b76a022f91 100644 --- a/tools/cert_create/Makefile +++ b/tools/cert_create/Makefile -@@ -69,8 +69,8 @@ INC_DIR += -I ./include -I ${PLAT_INCLUDE} -I ${OPENSSL_DIR}/include +@@ -78,8 +78,8 @@ INC_DIR += -I ./include -I ${PLAT_INCLUDE} -I ${OPENSSL_DIR}/include # directory. However, for a local build of OpenSSL, the built binaries are # located under the main project directory (i.e.: ${OPENSSL_DIR}, not # ${OPENSSL_DIR}/lib/). @@ -140,10 +139,10 @@ index ca548b836..32b5486a0 100644 HOSTCC ?= gcc diff --git a/tools/fiptool/Makefile b/tools/fiptool/Makefile -index e6aeba95b..7c047479e 100644 +index 2ebee33931ba..dcfd314bee89 100644 --- a/tools/fiptool/Makefile +++ b/tools/fiptool/Makefile -@@ -29,7 +29,7 @@ endif +@@ -39,7 +39,7 @@ HOSTCCFLAGS += -DUSING_OPENSSL3=$(USING_OPENSSL3) # directory. However, for a local build of OpenSSL, the built binaries are # located under the main project directory (i.e.: ${OPENSSL_DIR}, not # ${OPENSSL_DIR}/lib/). @@ -152,7 +151,7 @@ index e6aeba95b..7c047479e 100644 ifeq (${V},0) Q := @ -@@ -37,7 +37,7 @@ else +@@ -47,7 +47,7 @@ else Q := endif @@ -161,6 +160,3 @@ index e6aeba95b..7c047479e 100644 HOSTCC ?= gcc --- -2.25.1 - diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0004-fix-corstone1000-add-cpuhelper-to-makefile.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0004-fix-corstone1000-add-cpuhelper-to-makefile.patch new file mode 100644 index 0000000000..6ddde10e4f --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0004-fix-corstone1000-add-cpuhelper-to-makefile.patch @@ -0,0 +1,28 @@ +From 33078d8ef143e8c79f06399de46dd26e1d53a220 Mon Sep 17 00:00:00 2001 +From: Gauri Sahnan <Gauri.Sahnan@arm.com> +Date: Tue, 8 Aug 2023 17:16:51 +0100 +Subject: fix(corstone1000): add cpuhelpers to makefile + +Adds cpu_helpers.S to the Makefile to align with the changes in new +trusted-firmware-a version. + +Signed-off-by: Gauri Sahnan <Gauri.Sahnan@arm.com> +Upstream-Status: Pending [Not submitted to upstream yet] +--- + plat/arm/board/corstone1000/platform.mk | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/plat/arm/board/corstone1000/platform.mk b/plat/arm/board/corstone1000/platform.mk +index 3edffe087..079e9d6c1 100644 +--- a/plat/arm/board/corstone1000/platform.mk ++++ b/plat/arm/board/corstone1000/platform.mk +@@ -43,6 +43,7 @@ BL2_SOURCES += plat/arm/board/corstone1000/common/corstone1000_security.c \ + plat/arm/board/corstone1000/common/corstone1000_err.c \ + plat/arm/board/corstone1000/common/corstone1000_trusted_boot.c \ + lib/utils/mem_region.c \ ++ lib/cpus/aarch64/cpu_helpers.S \ + plat/arm/board/corstone1000/common/corstone1000_helpers.S \ + plat/arm/board/corstone1000/common/corstone1000_plat.c \ + plat/arm/board/corstone1000/common/corstone1000_bl2_mem_params_desc.c \ +-- +2.25.1 diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/rwx-segments.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/rwx-segments.patch new file mode 100644 index 0000000000..a4518ec6b0 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/rwx-segments.patch @@ -0,0 +1,38 @@ +Binutils 2.39 now warns when a segment has RXW permissions[1]: + +aarch64-none-elf-ld.bfd: warning: bl31.elf has a LOAD segment with RWX +permissions + +However, TF-A passes --fatal-warnings to LD, so this is a build failure. + +There is a ticket filed upstream[2], so until that is resolved just +remove --fatal-warnings. + +[1] https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=ba951afb99912da01a6e8434126b8fac7aa75107 +[2] https://developer.trustedfirmware.org/T996 + +Upstream-Status: Inappropriate +Signed-off-by: Ross Burton <ross.burton@arm.com> + +diff --git a/Makefile b/Makefile +index 3941f8698..13bbac348 100644 +--- a/Makefile ++++ b/Makefile +@@ -418,7 +418,7 @@ TF_LDFLAGS += $(TF_LDFLAGS_$(ARCH)) + # LD = gcc (used when GCC LTO is enabled) + else ifneq ($(findstring gcc,$(notdir $(LD))),) + # Pass ld options with Wl or Xlinker switches +-TF_LDFLAGS += -Wl,--fatal-warnings -O1 ++TF_LDFLAGS += -O1 + TF_LDFLAGS += -Wl,--gc-sections + ifeq ($(ENABLE_LTO),1) + ifeq (${ARCH},aarch64) +@@ -435,7 +435,7 @@ TF_LDFLAGS += $(subst --,-Xlinker --,$(TF_LDFLAGS_$(ARCH))) + + # LD = gcc-ld (ld) or llvm-ld (ld.lld) or other + else +-TF_LDFLAGS += --fatal-warnings -O1 ++TF_LDFLAGS += -O1 + TF_LDFLAGS += --gc-sections + # ld.lld doesn't recognize the errata flags, + # therefore don't add those in that case diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/tf-a-tests-no-warn-rwx-segments.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/tf-a-tests-no-warn-rwx-segments.patch new file mode 100644 index 0000000000..5d02e35317 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/tf-a-tests-no-warn-rwx-segments.patch @@ -0,0 +1,26 @@ +Binutils 2.39 now warns when a segment has RXW permissions[1]: + +aarch64-poky-linux-musl-ld: tftf.elf has a LOAD segment with RWX permissions + +There is a ticket filed upstream[2], so until that is resolved just +disable the warning + +[1] https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=ba951afb99912da01a6e8434126b8fac7aa75107 +[2] https://developer.trustedfirmware.org/T996 + +Upstream-Status: Inappropriate +Signed-off-by: Anton Antonov <anrton.antonov@arm.com> + +diff --git a/Makefile b/Makefile +index 6d0774e1..be3f84ce 100644 +--- a/Makefile ++++ b/Makefile +@@ -238,7 +238,7 @@ TFTF_SOURCES := ${FRAMEWORK_SOURCES} ${TESTS_SOURCES} ${PLAT_SOURCES} ${LIBC_SR + TFTF_INCLUDES += ${PLAT_INCLUDES} + TFTF_CFLAGS += ${COMMON_CFLAGS} + TFTF_ASFLAGS += ${COMMON_ASFLAGS} +-TFTF_LDFLAGS += ${COMMON_LDFLAGS} ++TFTF_LDFLAGS += ${COMMON_LDFLAGS} --no-warn-rwx-segments + TFTF_EXTRA_OBJS := + + ifneq (${BP_OPTION},none) diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/fiptool-native_2.8.6.bb b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/fiptool-native_2.8.6.bb new file mode 100644 index 0000000000..02f3387396 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/fiptool-native_2.8.6.bb @@ -0,0 +1,33 @@ +# Firmware Image Package (FIP) +# It is a packaging format used by TF-A to package the +# firmware images in a single binary. + +DESCRIPTION = "fiptool - Trusted Firmware tool for packaging" +LICENSE = "BSD-3-Clause" + +SRC_URI_TRUSTED_FIRMWARE_A ?= "git://git.trustedfirmware.org/TF-A/trusted-firmware-a.git;protocol=https" +SRC_URI = "${SRC_URI_TRUSTED_FIRMWARE_A};destsuffix=fiptool-${PV};branch=${SRCBRANCH}" +LIC_FILES_CHKSUM = "file://docs/license.rst;md5=b2c740efedc159745b9b31f88ff03dde" + +# Use fiptool from TF-A v2.8.6 +SRCREV = "ff0bd5f9bb2ba2f31fb9cec96df917747af9e92d" +SRCBRANCH = "lts-v2.8" + +DEPENDS += "openssl-native" + +inherit native + +EXTRA_OEMAKE = "V=1 HOSTCC='${BUILD_CC}' OPENSSL_DIR=${STAGING_DIR_NATIVE}/${prefix_native}" + +do_compile () { + # This is still needed to have the native fiptool executing properly by + # setting the RPATH + sed -i '/^LDLIBS/ s,$, \$\{BUILD_LDFLAGS},' ${S}/tools/fiptool/Makefile + sed -i '/^INCLUDE_PATHS/ s,$, \$\{BUILD_CFLAGS},' ${S}/tools/fiptool/Makefile + + oe_runmake fiptool +} + +do_install () { + install -D -p -m 0755 tools/fiptool/fiptool ${D}${bindir}/fiptool +} diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/tf-a-tests_2.8.0.bbappend b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/tf-a-tests_%.bbappend index 392c6090e1..392c6090e1 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/tf-a-tests_2.8.0.bbappend +++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/tf-a-tests_%.bbappend diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/tf-a-tests_2.8.0.bb b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/tf-a-tests_2.8.0.bb new file mode 100644 index 0000000000..ed3b349950 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/tf-a-tests_2.8.0.bb @@ -0,0 +1,54 @@ +DESCRIPTION = "Trusted Firmware-A tests(aka TFTF)" +LICENSE = "BSD-3-Clause & NCSA" + +LIC_FILES_CHKSUM += "file://docs/license.rst;md5=6175cc0aa2e63b6d21a32aa0ee7d1b4a" + +inherit deploy + +COMPATIBLE_MACHINE ?= "invalid" + +SRC_URI_TRUSTED_FIRMWARE_A_TESTS ?= "git://git.trustedfirmware.org/TF-A/tf-a-tests.git;protocol=https" +SRC_URI = "${SRC_URI_TRUSTED_FIRMWARE_A_TESTS};branch=${SRCBRANCH} \ + file://tf-a-tests-no-warn-rwx-segments.patch" +SRCBRANCH = "lts-v2.8" +SRCREV = "85442d2943440718c2c2c9c5c690202b4b4f5725" + +DEPENDS += "optee-os" + +EXTRA_OEMAKE += "USE_NVM=0" +EXTRA_OEMAKE += "SHELL_COLOR=1" +EXTRA_OEMAKE += "DEBUG=1" + +# Platform must be set for each machine +TFA_PLATFORM ?= "invalid" + +EXTRA_OEMAKE += "ARCH=aarch64" +EXTRA_OEMAKE += "LOG_LEVEL=50" + +S = "${WORKDIR}/git" +B = "${WORKDIR}/build" + +# Add platform parameter +EXTRA_OEMAKE += "BUILD_BASE=${B} PLAT=${TFA_PLATFORM}" + +# Requires CROSS_COMPILE set by hand as there is no configure script +export CROSS_COMPILE="${TARGET_PREFIX}" + +do_compile() { + oe_runmake -C ${S} tftf +} + +do_compile[cleandirs] = "${B}" + +FILES:${PN} = "/firmware/tftf.bin" +SYSROOT_DIRS += "/firmware" + +do_install() { + install -d -m 755 ${D}/firmware + install -m 0644 ${B}/${TFA_PLATFORM}/debug/tftf.bin ${D}/firmware/tftf.bin +} + +do_deploy() { + cp -rf ${D}/firmware/* ${DEPLOYDIR}/ +} +addtask deploy after do_install diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone1000.inc b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone1000.inc index 06be28ee62..3f66bed55a 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone1000.inc +++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone1000.inc @@ -3,16 +3,12 @@ COMPATIBLE_MACHINE = "(corstone1000)" FILESEXTRAPATHS:prepend := "${THISDIR}/files/corstone1000:" - -SRC_URI:append = " \ +SRC_URI:append = " \ file://0001-Fix-FF-A-version-in-SPMC-manifest.patch \ - file://0002-feat-corstone1000-bl2-loads-fip-based-on-metadata.patch \ - file://0003-psci-SMCCC_ARCH_FEATURES-discovery-through-PSCI_FEATURES.patch \ - " - -#Sets TF-A version to 2.8.0 -SRCREV_tfa = "9881bb93a3bc0a3ea37e9f093e09ab4b360a9e48" -PV = "2.8.0" + file://0002-feat-corstone1000-bl2-loads-fip-based-on-metadata.patch \ + file://0003-psci-SMCCC_ARCH_FEATURES-discovery-through-PSCI_FEATURES.patch \ + file://0004-fix-corstone1000-add-cpuhelper-to-makefile.patch \ + " TFA_DEBUG = "1" TFA_UBOOT ?= "1" @@ -33,7 +29,7 @@ EXTRA_OEMAKE:append = " \ TARGET_PLATFORM=${TFA_TARGET_PLATFORM} \ ENABLE_STACK_PROTECTOR=strong \ ENABLE_PIE=1 \ - BL2_AT_EL3=1 \ + RESET_TO_BL2=1 \ CREATE_KEYS=1 \ GENERATE_COT=1 \ TRUSTED_BOARD_BOOT=1 \ diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone500.inc b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone500.inc deleted file mode 100644 index acd9e3dbfb..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone500.inc +++ /dev/null @@ -1,17 +0,0 @@ -# Corstone-500 specific TFA support - -COMPATIBLE_MACHINE = "corstone500" -TFA_PLATFORM = "a5ds" -TFA_DEBUG = "1" -TFA_UBOOT = "1" -TFA_BUILD_TARGET = "all fip" -TFA_INSTALL_TARGET = "bl1.bin fip.bin" - -EXTRA_OEMAKE:append = " \ - ARCH=aarch32 \ - FVP_HW_CONFIG_DTS=fdts/a5ds.dts \ - ARM_ARCH_MAJOR=7 \ - AARCH32_SP=sp_min \ - ARM_CORTEX_A5=yes \ - ARM_XLAT_TABLES_LIB_V1=1 \ - " diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-n1sdp.inc b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-n1sdp.inc index 654e43270f..c2fa223cf5 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-n1sdp.inc +++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-n1sdp.inc @@ -1,5 +1,9 @@ # N1SDP specific TFA support +# Align with N1SDP-2023.06.22 Manifest +SRCREV_tfa = "31f60a968347497562b0129134928d7ac4767710" +PV .= "+git" + COMPATIBLE_MACHINE = "n1sdp" TFA_PLATFORM = "n1sdp" TFA_BUILD_TARGET = "all fip" diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.8.%.bbappend b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend index 220dd6e33e..7fbcd3aba0 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.8.%.bbappend +++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend @@ -3,7 +3,6 @@ FILESEXTRAPATHS:prepend := "${THISDIR}/files/:" # Machine specific TFAs MACHINE_TFA_REQUIRE ?= "" -MACHINE_TFA_REQUIRE:corstone500 = "trusted-firmware-a-corstone500.inc" MACHINE_TFA_REQUIRE:corstone1000 = "trusted-firmware-a-corstone1000.inc" MACHINE_TFA_REQUIRE:fvp-base = "trusted-firmware-a-fvp.inc" MACHINE_TFA_REQUIRE:juno = "trusted-firmware-a-juno.inc" diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.8.6.bb b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.8.6.bb new file mode 100644 index 0000000000..cffc6db17c --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.8.6.bb @@ -0,0 +1,15 @@ +require recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc + +# TF-A v2.8.6 +SRCREV_tfa = "ff0bd5f9bb2ba2f31fb9cec96df917747af9e92d" +SRCBRANCH = "lts-v2.8" + +SRC_URI += "file://rwx-segments.patch" + +LIC_FILES_CHKSUM += "file://docs/license.rst;md5=b2c740efedc159745b9b31f88ff03dde" + +# mbed TLS v2.28.2 +SRC_URI_MBEDTLS = "git://github.com/ARMmbed/mbedtls.git;name=mbedtls;protocol=https;destsuffix=git/mbedtls;branch=mbedtls-2.28" +SRCREV_mbedtls = "89f040a5c938985c5f30728baed21e49d0846a53" + +LIC_FILES_CHKSUM_MBEDTLS = "file://mbedtls/LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" |