diff options
author | Andrew Geissler <geissonator@yahoo.com> | 2023-05-19 17:38:37 +0300 |
---|---|---|
committer | Andrew Geissler <geissonator@yahoo.com> | 2023-05-19 21:39:02 +0300 |
commit | dc9d614711d1f205166fa42a0af05054fe06b26d (patch) | |
tree | b96ac45842c6be65a4967ef904dfd95ab307e10c /meta-arm/meta-arm-bsp/recipes-bsp | |
parent | b8485a60bce61ef2c5e6337a2f7b677871565a01 (diff) | |
download | openbmc-dc9d614711d1f205166fa42a0af05054fe06b26d.tar.xz |
subtree updates
meta-security: 53c5cc794f..ddf301c45c:
Adrian Zaharia (1):
libmhash: fix multilib header conflict - mutils/mhash_config.h
Alexander Kanavin (1):
maintainers.inc: rename to avoid clashes with oe-core
Armin Kuster (15):
meta-tpm: rename recipes-tpm to recipes-tpm1
recipes-tpm: use this for common tpm recipes
swtpm: update to 0.8.0
libtpm: update to 0.9.6
ossec-hids: update to tip of 3.7.0
libhtp: update to 0.5.43
suricata: update to 6.0.11
fscryptctl: update to 1.0.1
oeqa: fix hash test to match new changes
integrity-image-minimal: adapt QEMU cmdline to new changes
lynis: Add decoding OE and Poky
os-release.bbappend: drop now CPE_NAME is in core
openembedded-release: drop as os-release does this now
tpm2-tss: drop vendor from PACKAGECONFIG
packagegroup-security-tpm2: restore pkgs removed earlier
Paul Gortmaker (4):
dm-verity: ensure people don't ignore the DISTRO_FEATURES warning
dm-verity: don't make read-only-rootfs sound like a requirement
dm-verity: document the meta-intel dependency in the systemd example
dm-verity: add x86-64 systemd based example instructions
Peter Hoyes (1):
meta-parsec/layer.conf: Insert addpylib declaration
Peter Kjellerstedt (1):
tpm2-tools: Remove unnecessary and optional dependencies
Stefan Berger (12):
ima: Document and replace keys and adapt scripts for EC keys
ima: Fix the ima_policy_appraise_all to appraise executables & libraries
ima: Fix the IMA kernel feature
ima: Rename IMA_EVM_POLICY_SYSTEMD to IMA_EVM_POLICY
ima: Sign all executables and the ima-policy in the root filesystem
integrity: Update the README for IMA support
linux: overlayfs: Add kernel patch resolving a file change notification issue
ima-evm-utils: Update ima-evm-utils to v1.5 and add a patch
linux: overlayfs: Drop kernel patch resolving a file change notification issue
ima: Drop kernel config option CONFIG_SQUASHFS_XATTR=y from ima.cfg
integrity: Fix the do_configure function
integrity: Rename linux-%.bbappend to linux-yocto%.bbappend
meta-raspberrypi: bf948e0aa8..928bb234bb:
Martin Jansa (3):
rpi-libcamera-apps: fix flags used in aarch64 builds
rpi-libcamera-apps: fix version generation on hosts with older python
rpi-libcamera-apps: bump to latest SRCREV and set PV
meta-arm: 0b5724266a..f9d80e1a14:
Emekcan Aras (2):
arm-bsp/trusted-firmware-m: Align Capsule Update with GPT changes
arm-bsp/wic: corstone1000: Fix and limit the partition size for corstone1000
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: I56f7d26070d879e3138618332841c30cf57eb7d9
Diffstat (limited to 'meta-arm/meta-arm-bsp/recipes-bsp')
4 files changed, 136 insertions, 0 deletions
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0013-Platform-corstone1000-Increase-BL2-size-in-flash-lay.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0013-Platform-corstone1000-Increase-BL2-size-in-flash-lay.patch new file mode 100644 index 0000000000..92d17cc0db --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0013-Platform-corstone1000-Increase-BL2-size-in-flash-lay.patch @@ -0,0 +1,29 @@ +From 77c5a3bd090955e48ffca92bf9535185d26e9017 Mon Sep 17 00:00:00 2001 +From: Emekcan Aras <emekcan.aras@arm.com> +Date: Mon, 15 May 2023 10:42:23 +0100 +Subject: [PATCH 2/4] Platform: corstone1000: Increase BL2 size in flash layout + +Increases BL2 size to align with the flash page size in corstone1000. + +Signed-off-by: Emekcan Aras <emekcan.aras@arm.com> +Upstream-Status: Pending [Not submitted to upstream yet] +--- + platform/ext/target/arm/corstone1000/partition/flash_layout.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/platform/ext/target/arm/corstone1000/partition/flash_layout.h b/platform/ext/target/arm/corstone1000/partition/flash_layout.h +index 41b4c6323f..bfe8c4fb3c 100644 +--- a/platform/ext/target/arm/corstone1000/partition/flash_layout.h ++++ b/platform/ext/target/arm/corstone1000/partition/flash_layout.h +@@ -89,7 +89,7 @@ + #endif + + /* Static Configurations of the Flash */ +-#define SE_BL2_PARTITION_SIZE (0x18800) /* 98 KB */ ++#define SE_BL2_PARTITION_SIZE (0x19000) /* 98 KB */ + #define SE_BL2_BANK_0_OFFSET (0x9000) /* 72nd LBA */ + #define SE_BL2_BANK_1_OFFSET (0x1002000) /* 32784th LBA */ + +-- +2.17.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0014-Platform-Corstone1000-Increase-BL2_DATA_SIZE.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0014-Platform-Corstone1000-Increase-BL2_DATA_SIZE.patch new file mode 100644 index 0000000000..e2844bacc0 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0014-Platform-Corstone1000-Increase-BL2_DATA_SIZE.patch @@ -0,0 +1,33 @@ +From 17244ac692495c23008ff784611d0ee1d42c83dc Mon Sep 17 00:00:00 2001 +From: Emekcan Aras <emekcan.aras@arm.com> +Date: Mon, 15 May 2023 10:46:18 +0100 +Subject: [PATCH 3/4] Platform: Corstone1000: Increase BL2_DATA_SIZE + +Increases BL2_DATA_SIZE to accommodate the changes in +metadata_write/read. + +Signed-off-by: Emekcan Aras <emekcan.aras@arm.com> +Upstream-Status: Pending [Not submitted to upstream yet] +--- + platform/ext/target/arm/corstone1000/partition/region_defs.h | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/platform/ext/target/arm/corstone1000/partition/region_defs.h b/platform/ext/target/arm/corstone1000/partition/region_defs.h +index abfac39b62..e7f0bad2ba 100644 +--- a/platform/ext/target/arm/corstone1000/partition/region_defs.h ++++ b/platform/ext/target/arm/corstone1000/partition/region_defs.h +@@ -90,9 +90,10 @@ + #define BL2_CODE_SIZE (IMAGE_BL2_CODE_SIZE) + #define BL2_CODE_LIMIT (BL2_CODE_START + BL2_CODE_SIZE - 1) + ++#define BL2_DATA_ADDITIONAL 448 /* To increase the BL2_DATA_SIZE more than the default value */ + #define BL2_DATA_START (BOOT_TFM_SHARED_DATA_BASE + \ + BOOT_TFM_SHARED_DATA_SIZE) +-#define BL2_DATA_SIZE (BL2_CODE_START - BL2_HEADER_SIZE - BL2_DATA_START) ++#define BL2_DATA_SIZE (BL2_CODE_START - BL2_HEADER_SIZE - BL2_DATA_START + BL2_DATA_ADDITIONAL) + #define BL2_DATA_LIMIT (BL2_DATA_START + BL2_DATA_SIZE - 1) + + /* SE BL1 regions */ +-- +2.17.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0015-Platform-Corstone1000-Calculate-the-new-CRC32-value-.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0015-Platform-Corstone1000-Calculate-the-new-CRC32-value-.patch new file mode 100644 index 0000000000..fd977ac2fd --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0015-Platform-Corstone1000-Calculate-the-new-CRC32-value-.patch @@ -0,0 +1,71 @@ +From 83e423497afecc202a3a50c3e472161390056ebd Mon Sep 17 00:00:00 2001 +From: Emekcan Aras <emekcan.aras@arm.com> +Date: Mon, 15 May 2023 10:47:27 +0100 +Subject: [PATCH 4/4] Platform: Corstone1000: Calculate the new CRC32 value + after changing the metadata + +Calculates the new CRC32 value for the metadata struct after chaing a value +during the capsule update. It also updates the CRC32 field in the metadata +so it doesn't fail the CRC check after a succesfull capsule update. +It also skips doing a sanity check the BL2 nv counter after the capsule +update since the tfm bl1 does not sync metadata and nv counters in OTP during +the boot anymore. + +Signed-off-by: Emekcan Aras <emekcan.aras@arm.com> +Upstream-Status: Pending [Not submitted to upstream yet] +--- + .../arm/corstone1000/fw_update_agent/fwu_agent.c | 10 +++++++--- + 1 file changed, 7 insertions(+), 3 deletions(-) + +diff --git a/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c b/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c +index afd8d66e42..f564f2902c 100644 +--- a/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c ++++ b/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c +@@ -802,6 +802,8 @@ static enum fwu_agent_error_t flash_full_capsule( + } + metadata->active_index = previous_active_index; + metadata->previous_active_index = active_index; ++ metadata->crc_32 = crc32((uint8_t *)&metadata->version, ++ sizeof(struct fwu_metadata) - sizeof(uint32_t)); + + ret = metadata_write(metadata); + if (ret) { +@@ -913,6 +915,8 @@ static enum fwu_agent_error_t accept_full_capsule( + if (ret) { + return ret; + } ++ metadata->crc_32 = crc32((uint8_t *)&metadata->version, ++ sizeof(struct fwu_metadata) - sizeof(uint32_t)); + + ret = metadata_write(metadata); + if (ret) { +@@ -1007,6 +1011,8 @@ static enum fwu_agent_error_t fwu_select_previous( + if (ret) { + return ret; + } ++ metadata->crc_32 = crc32((uint8_t *)&metadata->version, ++ sizeof(struct fwu_metadata) - sizeof(uint32_t)); + + ret = metadata_write(metadata); + if (ret) { +@@ -1119,8 +1125,7 @@ static enum fwu_agent_error_t update_nv_counters( + + FWU_LOG_MSG("%s: enter\n\r", __func__); + +- for (int i = 0; i <= FWU_MAX_NV_COUNTER_INDEX; i++) { +- ++ for (int i = 1; i <= FWU_MAX_NV_COUNTER_INDEX; i++) { + switch (i) { + case FWU_BL2_NV_COUNTER: + tfm_nv_counter_i = PLAT_NV_COUNTER_BL1_0; +@@ -1141,7 +1146,6 @@ static enum fwu_agent_error_t update_nv_counters( + if (err != TFM_PLAT_ERR_SUCCESS) { + return FWU_AGENT_ERROR; + } +- + if (priv_metadata->nv_counter[i] < security_cnt) { + return FWU_AGENT_ERROR; + } else if (priv_metadata->nv_counter[i] > security_cnt) { +-- +2.17.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-1.7.0-corstone1000.inc b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-1.7.0-corstone1000.inc index 68845cf93a..23c8c127bc 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-1.7.0-corstone1000.inc +++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-1.7.0-corstone1000.inc @@ -48,6 +48,9 @@ SRC_URI:append:corstone1000 = " \ file://0010-Platform-corstone1000-Adds-compiler-flags-to-FWU-age.patch \ file://0011-Platform-corstone1000-adjust-PS-asset-configuration.patch \ file://0012-Platform-corstone1000-Increase-number-of-assets.patch \ + file://0013-Platform-corstone1000-Increase-BL2-size-in-flash-lay.patch \ + file://0014-Platform-Corstone1000-Increase-BL2_DATA_SIZE.patch \ + file://0015-Platform-Corstone1000-Calculate-the-new-CRC32-value-.patch \ file://corstone1000/rwx.patch \ " |