diff options
author | Patrick Williams <patrick@stwcx.xyz> | 2022-11-03 21:47:49 +0300 |
---|---|---|
committer | Patrick Williams <patrick@stwcx.xyz> | 2022-11-03 22:43:10 +0300 |
commit | 2390b1b6299fb1e57e6d9a94c287ce1c0b322376 (patch) | |
tree | 09462bb0a9634a75c5044f4a4db872fa857780da /meta-arm/meta-arm-bsp/recipes-security/trusted-services | |
parent | 5641269ed7838c5ea402b23c5e0ac0af5d6a866b (diff) | |
download | openbmc-2390b1b6299fb1e57e6d9a94c287ce1c0b322376.tar.xz |
subtree updates2.14.0-dev
meta-arm: 14c7e5b336..3b7347cd67:
Jon Mason (6):
CI: Remove host bitbake variables
arm: add Mickledore to layer compat string
CI: Add packages for opencsd and gator-daemon to base build
CI: add common fvp yml file
arm/opencsd: update to version 1.3.1
arm/gator-daemon: update to v7.8.0
Jose Quaresma (2):
optee-ftpm/optee-os: add missing space in EXTRA_OEMAKE
optee-os-ts: avoid using escape chars in EXTRA_OEMAKE
Mohamed Omar Asaker (4):
Revert "arm-bsp/trusted-firmware-m: corstone1000: secure debug code checkout from yocto"
Revert "arm-bsp/trusted-firmware-m: corstone1000: bump tfm SHA"
arm-bsp/trusted-firmware-m: corstone1000 support FMP image info
arm-bsp/corstone1000: add msd configs for fvp
Ross Burton (5):
arm/hafnium: add missing Upstream-Status
arm-bsp/hafnium: add missing Upstream-Status
arm-bsp/linux-arm64-ack: fix malformed Upstream-Status tag
CI: add documentation job
CI: track meta-openembedded's langdale branch
Rui Miguel Silva (2):
arm/trusted-services: port crypto config
arm-bsp/corstone1000: apply ts patch to psa crypto api test
Satish Kumar (1):
arm-bsp/trusted-service: corstone1000: esrt support
Vishnu Banavath (4):
runfvp: corstone1000: add mmc card configuration
meta-arm-bsp/doc: add readthedocs for corstone1000
arm-bsp/optee: register DRAM1 for N1SDP target
arm-bsp:optee: enable optee test for N1SDP target
meta-raspberrypi: 722c51647c..a305f4804b:
Sung Gon Kim (1):
libcamera: rename bbappend to match any version
meta-openembedded: 8073ec2275..6ebff843cc:
Akash Hadke (1):
audit: Fix compile error for audit_2.8.5
Alex Kiernan (1):
lldpd: Upgrade 1.0.14 -> 1.0.15
Alexander Kanavin (3):
sip3: remove the recipe
python3-wxgtk4: skip the recipe
python3-yappi: mark as incompatible with python 3.11
Bhupesh Sharma (1):
android-tools-conf-configfs: Allow handling two or more UDC controllers
Eero Aaltonen (1):
valijson: use install task from CMakeLists.txt
Etienne Cordonnier (1):
uutils-coreutils: upgrade 0.0.15 -> 0.0.16
Gianfranco Costamagna (2):
vboxguestdrivers: upgrade 6.1.38 -> 7.0.0
vbxguestdrivers: upgrade 7.0.0 -> 7.0.2
Joshua Watt (3):
nginx: Add ipv6 support
iniparser: Add native support
libzip: Add native support
Khem Raj (3):
postfix: Upgrade to 3.7.3
msktutil: Add recipe
protobuf: Enable protoc binary in nativesdk
Leon Anavi (7):
python3-cheetah: Upgrade 3.2.6 -> 3.2.6.post1
python3-dill: Upgrade 0.3.5.1 -> 0.3.6
python3-pythonping: Upgrade 1.1.3 -> 1.1.4
python3-colorama: Upgrade 0.4.5 -> 0.4.6
python3-pint: Upgrade 0.19.2 -> 0.20
python3-traitlets: Upgrade 5.4.0 -> 5.5.0
python3-py-cpuinfo: Upgrade 8.0.0 -> 9.0.0
Markus Volk (4):
perfetto: build libperfetto
libcamera: upgrade -> 0.0.1
gtk-vnc: add recipe
spice-gtk: add recipe
Meier Boas (1):
jwt-cpp: add recipe
Ovidiu Panait (1):
syzkaller: add recipe and selftest for syzkaller fuzzing
Peter Marko (2):
cpputest: remove dev package dependency
cpputest: add possibility to build extensions
Robert Joslyn (1):
fwupd: Fix plugin_gpio PACKAGECONFIG
Sebastian Trahm (1):
Add recipe for python3-pytest-json-report
Tim Orling (5):
libmime-types-perl: upgrade 2.17 -> 2.22
libcompress-raw*-perl: move from libio/compress-*
libio-compress*-perl: cleanup; fixes
libcompress-raw-*-perl: cleanup; fixes
packagegroup-meta-perl: mv libcompress-raw-*-perl
Vincent Davis Jr (2):
libglvnd: add new recipe libglvnd v1.5.0
xf86-video-amdgpu: add new recipe xf86-video-amdgpu
Wang Mingyu (36):
bats: upgrade 1.8.0 -> 1.8.2
ctags: upgrade 5.9.20221009.0 -> 5.9.20221016.0
fvwm: upgrade 2.6.9 -> 2.7.0
makedumpfile: upgrade 1.7.1 -> 1.7.2
sanlock: upgrade 3.8.4 -> 3.8.5
python3-astroid: upgrade 2.12.11 -> 2.12.12
python3-charset-normalizer: upgrade 2.1.1 -> 3.0.0
python3-google-api-python-client: upgrade 2.64.0 -> 2.65.0
python3-google-auth: upgrade 2.12.0 -> 2.13.0
python3-grpcio-tools: upgrade 1.49.1 -> 1.50.0
python3-grpcio: upgrade 1.49.1 -> 1.50.0
python3-huey: upgrade 2.4.3 -> 2.4.4
python3-incremental: upgrade 21.3.0 -> 22.10.0
python3-luma-core: upgrade 2.3.1 -> 2.4.0
python3-oauthlib: upgrade 3.2.1 -> 3.2.2
python3-pandas: upgrade 1.5.0 -> 1.5.1
python3-pastedeploy: upgrade 2.1.1 -> 3.0.1
python3-pika: upgrade 1.3.0 -> 1.3.1
python3-portalocker: upgrade 2.5.1 -> 2.6.0
python3-protobuf: upgrade 4.21.7 -> 4.21.8
python3-pyjwt: upgrade 2.5.0 -> 2.6.0
python3-pymongo: upgrade 4.2.0 -> 4.3.2
python3-pywbemtools: upgrade 1.0.0 -> 1.0.1
python3-robotframework: upgrade 5.0.1 -> 6.0
python3-socketio: upgrade 5.7.1 -> 5.7.2
python3-sqlalchemy: upgrade 1.4.41 -> 1.4.42
tracker-miners: upgrade 3.2.1 -> 3.4.1
tracker: upgrade 3.4.0 -> 3.4.1
wolfssl: upgrade 5.5.1 -> 5.5.2
cglm: upgrade 0.8.5 -> 0.8.7
ctags: upgrade 5.9.20221016.0 -> 5.9.20221023.0
flatbuffers: upgrade 22.9.29 -> 22.10.26
function2: upgrade 4.2.1 -> 4.2.2
poco: upgrade 1.12.2 -> 1.12.3
thingsboard-gateway: upgrade 3.1 -> 3.2
grpc: upgrade 1.50.0 -> 1.50.1
Xiangyu Chen (1):
ipmitool: fix typo in .bb file's comments, using = instead of =?
Zheng Qiu (1):
jq: improve ptest and disable valgrind by default
zhengruoqin (5):
tcpslice: upgrade 1.5 -> 1.6
tio: upgrade 2.1 -> 2.2
python3-stevedore: upgrade 4.0.1 -> 4.1.0
python3-xxhash: upgrade 3.0.0 -> 3.1.0
python3-zeroconf: upgrade 0.39.1 -> 0.39.2
meta-security: e8e7318189..2aa48e6f4e:
Armin Kuster (1):
kas-security-base.yml: make work again
Gowtham Suresh Kumar (1):
Update PARSEC recipe to latest v1.1.0 release
Michael Haener (1):
tpm2-openssl: update to 1.1.1
poky: 95c802b0be..482c493cf6:
Adrian Freihofer (3):
own-mirrors: add crate
buildconf: compare abspath
ref-manual: add wic command bootloader ptable option
Ahmad Fatoum (2):
kernel-fitimage: mangle slashes to underscores as late as possible
kernel-fitimage: skip FDT section creation for applicable symlinks
Alex Kiernan (4):
u-boot: Remove duplicate inherit of cml1
u-boot: Add savedefconfig task
rust: update 1.63.0 -> 1.64.0
cargo_common.bbclass: Fix typos
Alexander Kanavin (40):
rust-target-config: match riscv target names with what rust expects
rust: install rustfmt for riscv32 as well
unfs3: correct upstream version check
gnu-config: update to latest revision
llvm: update 14.0.6 -> 15.0.1
grep: update 3.7 -> 3.8
hdparm: update 9.64 -> 9.65
stress-ng: update 0.14.03 -> 0.14.06
vulkan: update 1.3.216.0 -> 1.3.224.1
wayland-utils: update 1.0.0 -> 1.1.0
libxft: update 2.3.4 -> 2.3.6
pinentry: update 1.2.0 -> 1.2.1
ovmf: upgrade edk2-stable202205 -> edk2-stable202208
cmake: update 3.24.0 -> 3.24.2
jquery: upgrade 3.6.0 -> 3.6.1
python3-dbus: upgrade 1.2.18 -> 1.3.2
python3-hatch-fancy-pypi-readme: add a recipe
python3-jsonschema: upgrade 4.9.1 -> 4.16.0
shadow: update 4.12.1 -> 4.12.3
lttng-modules: upgrade 2.13.4 -> 2.13.5
libsoup: upgrade 3.0.7 -> 3.2.0
libxslt: upgrade 1.1.35 -> 1.1.37
quilt: backport a patch to address grep 3.8 failures
python3: update 3.10.6 -> 3.11.0
cargo-update-recipe-crates.bbclass: add a class to generate SRC_URI crate lists from Cargo.lock
python3-bcrypt: convert to use cargo-update-recipe-crates class.
python3-cryptography: convert to cargo-update-recipe-crates class
groff: submit patches upstream
tcl: correct patch status
tcl: correct upstream version check
lttng-tools: submit determinism.patch upstream
cmake: drop qt4 patches
kea: submit patch upstream
argp-standalone: replace with a maintained fork
ovmf: correct patches status
go: submit patch upstream
libffi: submit patch upstream
go: update 1.19 -> 1.19.2
rust-common.bbclass: use built-in rust targets for -native builds
rust: submit a rewritten version of crossbeam_atomic.patch upstream
Andrew Geissler (1):
go: add support to build on ppc64le
Bartosz Golaszewski (1):
bluez5: add dbus to RDEPENDS
Bernhard Rosenkränzer (1):
cmake-native: Fix host tool contamination
Bruce Ashfield (3):
kern-tools: fix relative path processing
linux-yocto/5.19: update to v5.19.14
linux-yocto/5.15: update to v5.15.72
Changhyeok Bae (2):
ethtool: upgrade 5.19 -> 6.0
iproute2: upgrade 5.19.0 -> 6.0.0
Chen Qi (1):
openssl: export necessary env vars in SDK
Christian Eggers (1):
linux-firmware: split rtl8761 firmware
Claus Stovgaard (1):
gstreamer1.0-libav: fix errors with ffmpeg 5.x
Ed Tanous (1):
openssl: Upgrade 3.0.5 -> 3.0.7
Etienne Cordonnier (1):
mirrors.bbclass: use shallow tarball for binutils-native
Fabio Estevam (1):
go-mod.bbclass: Remove repeated word
Frank de Brabander (1):
cve-update-db-native: add timeout to urlopen() calls
Hitendra Prajapati (1):
openssl: CVE-2022-3358 Using a Custom Cipher with NID_undef may lead to NULL encryption
Jan-Simon Moeller (1):
buildtools-tarball: export certificates to python and curl
Jeremy Puhlman (1):
qemu-native: Add PACKAGECONFIG option for jack
Johan Korsnes (1):
bitbake: bitbake: user-manual: inform about spaces in :remove
Jon Mason (2):
linux-yocto: add efi entry for machine features
linux-yocto-dev: add qemuarmv5
Jose Quaresma (3):
kernel-yocto: improve fatal error messages of symbol_why.py
oeqa/selftest/archiver: Add multiconfig test for shared recipes
archiver: avoid using machine variable as it breaks multiconfig
Joshua Watt (3):
runqemu: Fix gl-es argument from causing other arguments to be ignored
qemu-helper-native: Re-write bridge helper as C program
runqemu: Do not perturb script environment
Justin Bronder (1):
bitbake: asyncrpc: serv: correct closed client socket detection
Kai Kang (1):
mesa: only apply patch to fix ALWAYS_INLINE for native
Keiya Nobuta (2):
gnutls: Unified package names to lower-case
create-spdx: Remove ";name=..." for downloadLocation
Khem Raj (3):
perf: Depend on native setuptools3
musl: Upgrade to latest master
mesa: Add native patch via a variable
Lee Chee Yang (2):
migration-guides/release-notes-4.1.rst: update Repositories / Downloads
migration-guides/release-notes-4.1.rst: update Repositories / Downloads
Leon Anavi (1):
python3-manifest.json: Move urllib to netclient
Liam Beguin (1):
meson: make wrapper options sub-command specific
Luca Boccassi (1):
systemd: add systemd-creds and systemd-cryptenroll to systemd-extra-utils
Marek Vasut (1):
bluez5: Point hciattach bcm43xx firmware search path to /lib/firmware
Mark Asselstine (2):
bitbake: tests: bb.tests.fetch.URLHandle: add 2 new tests
bitbake: bitbake: bitbake-layers: checkout layer(s) branch when clone exists
Mark Hatle (2):
insane.bbclass: Allow hashlib version that only accepts on parameter
bitbake: utils/ply: Update md5 to better report errors with hashlib
Markus Volk (2):
wayland-protocols: upgrade 1.26 -> 1.27
mesa: update 22.2.0 -> 22.2.2
Martin Jansa (3):
vulkan-samples: add lfs=0 to SRC_URI to avoid git smudge errors in do_unpack
externalsrc.bbclass: fix git repo detection
cargo-update-recipe-crates: small improvements
Maxim Uvarov (2):
wic: add UEFI kernel as UEFI stub
wic: bootimg-efi: implement --include-path
Michael Opdenacker (11):
manuals: updates for building on Windows (WSL 2)
ref-manual: classes.rst: add links to all references to a class
poky.conf: remove Ubuntu 21.10
bitbake: doc: bitbake-user-manual: expand description of BB_PRESSURE_MAX variables
bitbake: bitbake-user-manual: details about variable flags starting with underscore
Documentation/README: formalize guidelines for external link syntax
manuals: replace "_" by "__" in external links
manuals: stop referring to the meta-openembedded repo from GitHub
manuals: add missing references to SDKMACHINE and SDK_ARCH
manuals: use references to the "Build Directory" term
create-spdx.bbclass: remove unused SPDX_INCLUDE_PACKAGED
Mikko Rapeli (6):
os-release: replace DISTRO_CODENAME with VERSION_CODENAME
os-release: add HOMEPAGE and link to documentation
ref-manual: variables.rst: add documentation for CVE_VERSION
ref-manual: classes.rst: improve documentation for cve-check.bbclass
dev-manual: common-tasks.rst: add regular updates and CVE scans to security best practices
dev-manual: common-tasks.rst: refactor and improve "Checking for Vulnerabilities" section
Ming Liu (1):
dropbear: add pam to PACKAGECONFIG
Mingli Yu (1):
grub: disable build on armv7ve/a with hardfp
Oliver Lang (2):
bitbake: cooker: fix a typo
bitbake: runqueue: fix a typo
Pablo Saavedra Rodi?o (1):
weston: update 10.0.2 -> 11.0.0
Paul Eggleton (2):
install-buildtools: support buildtools-make-tarball and update to 4.1
ref-manual: add info on buildtools-make-tarball
Peter Bergin (1):
gptfdisk: remove warning message from target system
Peter Kjellerstedt (3):
gcc: Allow -Wno-error=poison-system-directories to take effect
base-passwd: Update to 3.6.1
externalsrc.bbclass: Remove a trailing slash from ${B}
Qiu, Zheng (2):
tiff: fix a typo for CVE-2022-2953.patch
valgrind: update to 3.20.0
Quentin Schulz (1):
docs: add support for langdale (4.1) release
Richard Purdie (4):
openssl: Fix SSL_CERT_FILE to match ca-certs location
bitbake: tests/fetch: Allow handling of a file:// url within a submodule
patchelf: upgrade 0.15.0 -> 0.16.1
lttng-modules: upgrade 2.13.5 -> 2.13.7
Robert Joslyn (1):
curl: Update 7.85.0 to 7.86.0
Ross Burton (26):
populate_sdk_base: ensure ptest-pkgs pulls in ptest-runner
scripts/oe-check-sstate: cleanup
scripts/oe-check-sstate: force build to run for all targets, specifically populate_sysroot
externalsrc: move back to classes
opkg-utils: use a git clone, not a dynamic snapshot
oe/packagemanager/rpm: don't leak file objects
zlib: use .gz archive and set a PREMIRROR
glib-2.0: fix rare GFileInfo test case failure
lighttpd: fix CVE-2022-41556
acpid: upgrade 2.0.33 -> 2.0.34
python3-hatchling: upgrade 1.9.0 -> 1.10.0
pango: upgrade 1.50.9 -> 1.50.10
piglit: upgrade to latest revision
lsof: upgrade 4.95.0 -> 4.96.3
zlib: do out-of-tree builds
zlib: upgrade 1.2.12 -> 1.2.13
libx11: apply the fix for CVE-2022-3554
xserver-xorg: ignore CVE-2022-3553 as it is XQuartz-specific
xserver-xorg: backport fixes for CVE-2022-3550 and CVE-2022-3551
tiff: fix a number of CVEs
qemu: backport the fix for CVE-2022-3165
bitbake: fetch2/git: don't set core.fsyncobjectfiles=0
sanity: check for GNU tar specifically
expat: upgrade to 2.5.0
oeqa/target/ssh: add ignore_status argument to run()
oeqa/runtime/dnf: rewrite test_dnf_installroot_usrmerge
Sakib Sajal (1):
go: update 1.19.2 -> 1.19.3
Sean Anderson (6):
uboot-sign: Fix using wrong KEY_REQ_ARGS
kernel: Clear SYSROOT_DIRS instead of replacing sysroot_stage_all
kernel-fitimage: Use KERNEL_OUTPUT_DIR where appropriate
uboot-sign: Use bitbake variables directly
uboot-sign: Split off kernel-fitimage variables
u-boot: Rework signing to remove interdependencies
Sergei Zhmylev (2):
wic: implement binary repeatable disk identifiers
wic: honor the SOURCE_DATE_EPOCH in case of updated fstab
Teoh Jay Shen (1):
vim: Upgrade 9.0.0598 -> 9.0.0614
Thomas Perrot (2):
psplash: add psplash-default in rdepends
xserver-xorg: move some recommended dependencies in required
Tim Orling (23):
python3-cryptography: upgrade 37.0.4 -> 38.0.1
python3-cryptography-vectors: upgrade 37.0.4 -> 38.0.1
python3-certifi: upgrade 2022.9.14 -> 2022.9.24
python3-hypothesis: upgrade 6.54.5 -> 6.56.1
python3-pyopenssl: upgrade 22.0.0 -> 22.1.0
python3-bcrypt: upgrade 3.2.2 -> 4.0.0
python3-sphinx: upgrade 5.1.1 -> 5.2.3
python3-setuptools-rust: upgrade 1.5.1 -> 1.5.2
python3-iso8601: upgrade 1.0.2 -> 1.1.0
python3-poetry-core: upgrade 1.0.8 -> 1.3.2
git: upgrade 2.37.3 -> 2.38.1
vim: upgrade 9.0.0614 -> 9.0.0820
python3-mako: upgrade 1.2.2 -> 1.2.3
python3-bcrypt: upgrade 4.0.0 -> 4.0.1
python3-cryptography{-vectors}: 38.0.1 -> 38.0.3
python3-psutil: upgrade 5.9.2 -> 5.9.3
python3-pytest: upgrade 7.1.3 -> 7.2.0
python3-pytest-subtests: upgrade 0.8.0 -> 0.9.0
python3-hypothesis: upgrade 6.56.1 -> 6.56.4
python3-more-itertools: upgrade 8.14.0 -> 9.0.0
python3-pytz: upgrade 2022.4 -> 2022.6
python3-zipp: upgrade 3.9.0 -> 3.10.0
python3-sphinx: upgrade 5.2.3 -> 5.3.0
Vincent Davis Jr (1):
linux-firmware: package amdgpu firmware
Vyacheslav Yurkov (1):
overlayfs: Allow not used mount points
Xiangyu Chen (1):
linux-yocto-dev: add qemuarm64
Yan Xinkuan (1):
bc: Add ptest.
ciarancourtney (1):
wic: swap partitions are not added to fstab
wangmy (32):
init-system-helpers: upgrade 1.64 -> 1.65.2
meson: upgrade 0.63.2 -> 0.63.3
mtools: upgrade 4.0.40 -> 4.0.41
dbus: upgrade 1.14.0 -> 1.14.4
ifupdown: upgrade 0.8.37 -> 0.8.39
openssh: upgrade 9.0p1 -> 9.1p1
python3-hatchling: upgrade 1.10.0 -> 1.11.0
u-boot: upgrade 2022.07 -> 2022.10
python3-git: upgrade 3.1.27 -> 3.1.28
python3-importlib-metadata: upgrade 4.12.0 -> 5.0.0
gnutls: upgrade 3.7.7 -> 3.7.8
gsettings-desktop-schemas: upgrade 42.0 -> 43.0
harfbuzz: upgrade 5.1.0 -> 5.3.0
libcap: upgrade 2.65 -> 2.66
libical: upgrade 3.0.14 -> 3.0.15
libva: upgrade 2.15.0 -> 2.16.0
libva-utils: upgrade 2.15.0 -> 2.16.0
powertop: upgrade 2.14 -> 2.15
numactl: upgrade 2.0.15 -> 2.0.16
python3-pytz: upgrade 2022.2.1 -> 2022.4
python3-zipp: upgrade 3.8.1 -> 3.9.0
repo: upgrade 2.29.2 -> 2.29.3
sqlite3: upgrade 3.39.3 -> 3.39.4
wpebackend-fdo: upgrade 1.12.1 -> 1.14.0
xkeyboard-config: upgrade 2.36 -> 2.37
xz: upgrade 5.2.6 -> 5.2.7
libksba: upgrade 1.6.0 -> 1.6.2
libsdl2: upgrade 2.24.0 -> 2.24.1
libwpe: upgrade 1.12.3 -> 1.14.0
lttng-ust: upgrade 2.13.4 -> 2.13.5
btrfs-tools: upgrade 5.19.1 -> 6.0
lighttpd: upgrade 1.4.66 -> 1.4.67
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I3322dd0057da9f05bb2ba216fdcda3f569c0493b
Diffstat (limited to 'meta-arm/meta-arm-bsp/recipes-security/trusted-services')
5 files changed, 658 insertions, 1 deletions
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0018-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0018-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch index 0fdb254f99..9ab1157ead 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0018-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0018-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch @@ -1,9 +1,11 @@ +Upstream-Status: Pending [Not submitted to upstream yet] +Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com> + From a1da63a8c4d55d52321608a72129af49e0a498b2 Mon Sep 17 00:00:00 2001 From: Satish Kumar <satish.kumar01@arm.com> Date: Mon, 14 Feb 2022 08:22:25 +0000 Subject: [PATCH 18/19] Fixes in AEAD for psa-arch test 54 and 58. -Upstream-Status: Pending Signed-off-by: Satish Kumar <satish.kumar01@arm.com> Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> --- diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0020-FMP-Support-in-Corstone1000.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0020-FMP-Support-in-Corstone1000.patch new file mode 100644 index 0000000000..79429c7747 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0020-FMP-Support-in-Corstone1000.patch @@ -0,0 +1,417 @@ +From 6430bf31a25a1ef67e9141f85dbd070feb0d1a1e Mon Sep 17 00:00:00 2001 +From: Satish Kumar <satish.kumar01@arm.com> +Date: Fri, 8 Jul 2022 09:48:06 +0100 +Subject: [PATCH] FMP Support in Corstone1000. + +The FMP support is used by u-boot to pupolate ESRT information +for the kernel. + +The solution is platform specific and needs to be revisted. + +Signed-off-by: Satish Kumar <satish.kumar01@arm.com> + +Upstream-Status: Inappropriate [The solution is platform specific and needs to be revisted] +--- + .../provider/capsule_update_provider.c | 5 + + .../capsule_update/provider/component.cmake | 1 + + .../provider/corstone1000_fmp_service.c | 307 ++++++++++++++++++ + .../provider/corstone1000_fmp_service.h | 26 ++ + 4 files changed, 339 insertions(+) + create mode 100644 components/service/capsule_update/provider/corstone1000_fmp_service.c + create mode 100644 components/service/capsule_update/provider/corstone1000_fmp_service.h + +diff --git a/components/service/capsule_update/provider/capsule_update_provider.c b/components/service/capsule_update/provider/capsule_update_provider.c +index 9bbd7abc..871d6bcf 100644 +--- a/components/service/capsule_update/provider/capsule_update_provider.c ++++ b/components/service/capsule_update/provider/capsule_update_provider.c +@@ -11,6 +11,7 @@ + #include <protocols/service/capsule_update/capsule_update_proto.h> + #include <protocols/rpc/common/packed-c/status.h> + #include "capsule_update_provider.h" ++#include "corstone1000_fmp_service.h" + + + #define CAPSULE_UPDATE_REQUEST (0x1) +@@ -47,6 +48,8 @@ struct rpc_interface *capsule_update_provider_init( + rpc_interface = service_provider_get_rpc_interface(&context->base_provider); + } + ++ provision_fmp_variables_metadata(context->client.caller); ++ + return rpc_interface; + } + +@@ -85,6 +88,7 @@ static rpc_status_t event_handler(uint32_t opcode, struct rpc_caller *caller) + } + psa_call(caller,handle, PSA_IPC_CALL, + in_vec,IOVEC_LEN(in_vec), NULL, 0); ++ set_fmp_image_info(caller, handle); + break; + + case KERNEL_STARTED_EVENT: +@@ -99,6 +103,7 @@ static rpc_status_t event_handler(uint32_t opcode, struct rpc_caller *caller) + } + psa_call(caller,handle, PSA_IPC_CALL, + in_vec,IOVEC_LEN(in_vec), NULL, 0); ++ set_fmp_image_info(caller, handle); + break; + default: + EMSG("%s unsupported opcode", __func__); +diff --git a/components/service/capsule_update/provider/component.cmake b/components/service/capsule_update/provider/component.cmake +index 1d412eb2..6b060149 100644 +--- a/components/service/capsule_update/provider/component.cmake ++++ b/components/service/capsule_update/provider/component.cmake +@@ -10,4 +10,5 @@ endif() + + target_sources(${TGT} PRIVATE + "${CMAKE_CURRENT_LIST_DIR}/capsule_update_provider.c" ++ "${CMAKE_CURRENT_LIST_DIR}/corstone1000_fmp_service.c" + ) +diff --git a/components/service/capsule_update/provider/corstone1000_fmp_service.c b/components/service/capsule_update/provider/corstone1000_fmp_service.c +new file mode 100644 +index 00000000..6a7a47a7 +--- /dev/null ++++ b/components/service/capsule_update/provider/corstone1000_fmp_service.c +@@ -0,0 +1,307 @@ ++/* ++ * Copyright (c) 2022, Arm Limited and Contributors. All rights reserved. ++ * ++ * SPDX-License-Identifier: BSD-3-Clause ++ */ ++ ++#include "corstone1000_fmp_service.h" ++#include <psa/client.h> ++#include <psa/sid.h> ++#include <psa/storage_common.h> ++#include <trace.h> ++ ++#include <service/smm_variable/backend/variable_index.h> ++ ++#define VARIABLE_INDEX_STORAGE_UID (0x787) ++ ++/** ++ * Variable attributes ++ */ ++#define EFI_VARIABLE_NON_VOLATILE (0x00000001) ++#define EFI_VARIABLE_BOOTSERVICE_ACCESS (0x00000002) ++#define EFI_VARIABLE_RUNTIME_ACCESS (0x00000004) ++#define EFI_VARIABLE_HARDWARE_ERROR_RECORD (0x00000008) ++#define EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS (0x00000010) ++#define EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS (0x00000020) ++#define EFI_VARIABLE_APPEND_WRITE (0x00000040) ++#define EFI_VARIABLE_MASK \ ++ (EFI_VARIABLE_NON_VOLATILE | \ ++ EFI_VARIABLE_BOOTSERVICE_ACCESS | \ ++ EFI_VARIABLE_RUNTIME_ACCESS | \ ++ EFI_VARIABLE_HARDWARE_ERROR_RECORD | \ ++ EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS | \ ++ EFI_VARIABLE_APPEND_WRITE) ++ ++#define FMP_VARIABLES_COUNT 6 ++ ++static struct variable_metadata fmp_variables_metadata[FMP_VARIABLES_COUNT] = { ++ { ++ { 0x86c77a67, 0x0b97, 0x4633, \ ++ { 0xa1, 0x87, 0x49, 0x10, 0x4d, 0x06, 0x85, 0xc7} }, ++ /* name size = (variable_name + \0) * sizeof(u16) */ ++ .name_size = 42, { 'F', 'm', 'p', 'D', 'e', 's', 'c', 'r', 'i', 'p', 't', 'o', 'r', 'V', 'e', 'r', 's', 'i', 'o', 'n' }, ++ .attributes = EFI_VARIABLE_NON_VOLATILE, .uid = 0 ++ }, ++ { ++ { 0x86c77a67, 0x0b97, 0x4633, \ ++ { 0xa1, 0x87, 0x49, 0x10, 0x4d, 0x06, 0x85, 0xc7} }, ++ /* name size = (variable_name + \0) * sizeof(u16) */ ++ .name_size = 34, { 'F', 'm', 'p', 'I', 'm', 'a', 'g', 'e', 'I', 'n', 'f', 'o', 'S', 'i', 'z', 'e' }, ++ .attributes = EFI_VARIABLE_NON_VOLATILE, .uid = 0 ++ }, ++ { ++ { 0x86c77a67, 0x0b97, 0x4633, \ ++ { 0xa1, 0x87, 0x49, 0x10, 0x4d, 0x06, 0x85, 0xc7} }, ++ /* name size = (variable_name + \0) * sizeof(u16) */ ++ .name_size = 38, { 'F', 'm', 'p', 'D', 'e', 's', 'c', 'r', 'i', 'p', 't', 'o', 'r', 'C', 'o', 'u', 'n', 't' }, ++ .attributes = EFI_VARIABLE_NON_VOLATILE, .uid = 0 ++ }, ++ { ++ { 0x86c77a67, 0x0b97, 0x4633, \ ++ { 0xa1, 0x87, 0x49, 0x10, 0x4d, 0x06, 0x85, 0xc7} }, ++ /* name size = (variable_name + \0) * sizeof(u16) */ ++ .name_size = 26, { 'F', 'm', 'p', 'I', 'm', 'a', 'g', 'e', 'I', 'n', 'f', 'o' }, ++ .attributes = EFI_VARIABLE_NON_VOLATILE, .uid = 0 ++ }, ++ { ++ { 0x86c77a67, 0x0b97, 0x4633, \ ++ { 0xa1, 0x87, 0x49, 0x10, 0x4d, 0x06, 0x85, 0xc7} }, ++ /* name size = (variable_name + \0) * sizeof(u16) */ ++ .name_size = 28, { 'F', 'm', 'p', 'I', 'm', 'a', 'g', 'e', 'N', 'a', 'm', 'e', '1' }, ++ .attributes = EFI_VARIABLE_NON_VOLATILE, .uid = 0 ++ }, ++ { ++ { 0x86c77a67, 0x0b97, 0x4633, \ ++ { 0xa1, 0x87, 0x49, 0x10, 0x4d, 0x06, 0x85, 0xc7} }, ++ /* name size = (variable_name + \0) * sizeof(u16) */ ++ .name_size = 32, { 'F', 'm', 'p', 'V', 'e', 'r', 's', 'i', 'o', 'n', 'N', 'a', 'm', 'e', '1' }, ++ .attributes = EFI_VARIABLE_NON_VOLATILE, .uid = 0 ++ }, ++}; ++ ++static psa_status_t protected_storage_set(struct rpc_caller *caller, ++ psa_storage_uid_t uid, size_t data_length, const void *p_data) ++{ ++ psa_status_t psa_status; ++ psa_storage_create_flags_t create_flags = PSA_STORAGE_FLAG_NONE; ++ ++ struct psa_invec in_vec[] = { ++ { .base = psa_ptr_to_u32(&uid), .len = sizeof(uid) }, ++ { .base = psa_ptr_const_to_u32(p_data), .len = data_length }, ++ { .base = psa_ptr_to_u32(&create_flags), .len = sizeof(create_flags) }, ++ }; ++ ++ psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE, TFM_PS_ITS_SET, ++ in_vec, IOVEC_LEN(in_vec), NULL, 0); ++ if (psa_status < 0) ++ EMSG("ipc_set: psa_call failed: %d", psa_status); ++ ++ return psa_status; ++} ++ ++static psa_status_t protected_storage_get(struct rpc_caller *caller, ++ psa_storage_uid_t uid, size_t data_size, void *p_data) ++{ ++ psa_status_t psa_status; ++ uint32_t offset = 0; ++ ++ struct psa_invec in_vec[] = { ++ { .base = psa_ptr_to_u32(&uid), .len = sizeof(uid) }, ++ { .base = psa_ptr_to_u32(&offset), .len = sizeof(offset) }, ++ }; ++ ++ struct psa_outvec out_vec[] = { ++ { .base = psa_ptr_to_u32(p_data), .len = data_size }, ++ }; ++ ++ psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE, ++ TFM_PS_ITS_GET, in_vec, IOVEC_LEN(in_vec), ++ out_vec, IOVEC_LEN(out_vec)); ++ ++ if (psa_status == PSA_SUCCESS && out_vec[0].len != data_size) { ++ EMSG("Return size does not match with expected size."); ++ return PSA_ERROR_BUFFER_TOO_SMALL; ++ } ++ ++ return psa_status; ++} ++ ++static uint64_t name_hash(EFI_GUID *guid, size_t name_size, ++ const int16_t *name) ++{ ++ /* Using djb2 hash by Dan Bernstein */ ++ uint64_t hash = 5381; ++ ++ /* Calculate hash over GUID */ ++ hash = ((hash << 5) + hash) + guid->Data1; ++ hash = ((hash << 5) + hash) + guid->Data2; ++ hash = ((hash << 5) + hash) + guid->Data3; ++ ++ for (int i = 0; i < 8; ++i) { ++ ++ hash = ((hash << 5) + hash) + guid->Data4[i]; ++ } ++ ++ /* Extend to cover name up to but not including null terminator */ ++ for (int i = 0; i < name_size / sizeof(int16_t); ++i) { ++ ++ if (!name[i]) break; ++ hash = ((hash << 5) + hash) + name[i]; ++ } ++ ++ return hash; ++} ++ ++ ++static void initialize_metadata(void) ++{ ++ for (int i = 0; i < FMP_VARIABLES_COUNT; i++) { ++ ++ fmp_variables_metadata[i].uid = name_hash( ++ &fmp_variables_metadata[i].guid, ++ fmp_variables_metadata[i].name_size, ++ fmp_variables_metadata[i].name); ++ } ++} ++ ++ ++void provision_fmp_variables_metadata(struct rpc_caller *caller) ++{ ++ struct variable_metadata metadata; ++ psa_status_t status; ++ uint32_t dummy_values = 0xDEAD; ++ ++ EMSG("Provisioning FMP metadata."); ++ ++ initialize_metadata(); ++ ++ status = protected_storage_get(caller, VARIABLE_INDEX_STORAGE_UID, ++ sizeof(struct variable_metadata), &metadata); ++ ++ if (status == PSA_SUCCESS) { ++ EMSG("UEFI variables store is already provisioned."); ++ return; ++ } ++ ++ /* Provision FMP variables with dummy values. */ ++ for (int i = 0; i < FMP_VARIABLES_COUNT; i++) { ++ protected_storage_set(caller, fmp_variables_metadata[i].uid, ++ sizeof(dummy_values), &dummy_values); ++ } ++ ++ status = protected_storage_set(caller, VARIABLE_INDEX_STORAGE_UID, ++ sizeof(struct variable_metadata) * FMP_VARIABLES_COUNT, ++ fmp_variables_metadata); ++ ++ if (status != EFI_SUCCESS) { ++ return; ++ } ++ ++ EMSG("FMP metadata is provisioned"); ++} ++ ++typedef struct { ++ void *base; ++ int len; ++} variable_data_t; ++ ++static variable_data_t fmp_variables_data[FMP_VARIABLES_COUNT]; ++ ++#define IMAGE_INFO_BUFFER_SIZE 256 ++static char image_info_buffer[IMAGE_INFO_BUFFER_SIZE]; ++#define IOCTL_CORSTONE1000_FMP_IMAGE_INFO 2 ++ ++static psa_status_t unpack_image_info(void *buffer, uint32_t size) ++{ ++ typedef struct __attribute__ ((__packed__)) { ++ uint32_t variable_count; ++ uint32_t variable_size[FMP_VARIABLES_COUNT]; ++ uint8_t variable[]; ++ } packed_buffer_t; ++ ++ packed_buffer_t *packed_buffer = buffer; ++ int runner = 0; ++ ++ if (packed_buffer->variable_count != FMP_VARIABLES_COUNT) { ++ EMSG("Expected fmp varaibles = %u, but received = %u", ++ FMP_VARIABLES_COUNT, packed_buffer->variable_count); ++ return PSA_ERROR_PROGRAMMER_ERROR; ++ } ++ ++ for (int i = 0; i < packed_buffer->variable_count; i++) { ++ EMSG("FMP variable %d : size %u", i, packed_buffer->variable_size[i]); ++ fmp_variables_data[i].base = &packed_buffer->variable[runner]; ++ fmp_variables_data[i].len= packed_buffer->variable_size[i]; ++ runner += packed_buffer->variable_size[i]; ++ } ++ ++ return PSA_SUCCESS; ++} ++ ++static psa_status_t get_image_info(struct rpc_caller *caller, ++ psa_handle_t platform_service_handle) ++{ ++ psa_status_t status; ++ psa_handle_t handle; ++ uint32_t ioctl_id = IOCTL_CORSTONE1000_FMP_IMAGE_INFO; ++ ++ struct psa_invec in_vec[] = { ++ { .base = &ioctl_id, .len = sizeof(ioctl_id) }, ++ }; ++ ++ struct psa_outvec out_vec[] = { ++ { .base = image_info_buffer, .len = IMAGE_INFO_BUFFER_SIZE }, ++ }; ++ ++ memset(image_info_buffer, 0, IMAGE_INFO_BUFFER_SIZE); ++ ++ psa_call(caller, platform_service_handle, PSA_IPC_CALL, ++ in_vec, IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); ++ ++ status = unpack_image_info(image_info_buffer, IMAGE_INFO_BUFFER_SIZE); ++ if (status != PSA_SUCCESS) { ++ return status; ++ } ++ ++ return PSA_SUCCESS; ++} ++ ++static psa_status_t set_image_info(struct rpc_caller *caller) ++{ ++ psa_status_t status; ++ ++ for (int i = 0; i < FMP_VARIABLES_COUNT; i++) { ++ ++ status = protected_storage_set(caller, ++ fmp_variables_metadata[i].uid, ++ fmp_variables_data[i].len, fmp_variables_data[i].base); ++ ++ if (status != PSA_SUCCESS) { ++ ++ EMSG("FMP variable %d set unsuccessful", i); ++ return status; ++ } ++ ++ EMSG("FMP variable %d set success", i); ++ } ++ ++ return PSA_SUCCESS; ++} ++ ++void set_fmp_image_info(struct rpc_caller *caller, ++ psa_handle_t platform_service_handle) ++{ ++ psa_status_t status; ++ ++ status = get_image_info(caller, platform_service_handle); ++ if (status != PSA_SUCCESS) { ++ return; ++ } ++ ++ status = set_image_info(caller); ++ if (status != PSA_SUCCESS) { ++ return; ++ } ++ ++ return; ++} +diff --git a/components/service/capsule_update/provider/corstone1000_fmp_service.h b/components/service/capsule_update/provider/corstone1000_fmp_service.h +new file mode 100644 +index 00000000..95fba2a0 +--- /dev/null ++++ b/components/service/capsule_update/provider/corstone1000_fmp_service.h +@@ -0,0 +1,26 @@ ++/* ++ * Copyright (c) 2022, Arm Limited and Contributors. All rights reserved. ++ * ++ * SPDX-License-Identifier: BSD-3-Clause ++ */ ++ ++#ifndef CORSTONE1000_FMP_SERVICE_H ++#define CORSTONE1000_FMP_SERVICE_H ++ ++#ifdef __cplusplus ++extern "C" { ++#endif ++ ++#include <rpc_caller.h> ++#include <psa/client.h> ++ ++void provision_fmp_variables_metadata(struct rpc_caller *caller); ++ ++void set_fmp_image_info(struct rpc_caller *caller, ++ psa_handle_t platform_service_handle); ++ ++#ifdef __cplusplus ++} /* extern "C" */ ++#endif ++ ++#endif /* CORSTONE1000_FMP_SERVICE_H */ +-- +2.17.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/ts-psa-crypto-api-test/0001-corstone1000-port-crypto-config.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/ts-psa-crypto-api-test/0001-corstone1000-port-crypto-config.patch new file mode 100644 index 0000000000..c7289562bd --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/ts-psa-crypto-api-test/0001-corstone1000-port-crypto-config.patch @@ -0,0 +1,230 @@ +Upstream-Status: Pending [Not submitted to upstream yet] +Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com> + +From c1bcab09bb5b73e0f7131d9433f5e23c3943f007 Mon Sep 17 00:00:00 2001 +From: Satish Kumar <satish.kumar01@arm.com> +Date: Sat, 11 Dec 2021 11:06:57 +0000 +Subject: [PATCH] corstone1000: port crypto config + + +Signed-off-by: Satish Kumar <satish.kumar01@arm.com> + +%% original patch: 0002-corstone1000-port-crypto-config.patch + +Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> +--- + .../nspe/pal_crypto_config.h | 81 +++++++++++++++---- + 1 file changed, 65 insertions(+), 16 deletions(-) + +diff --git a/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_crypto_config.h b/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_crypto_config.h +index 218a94c69502..c6d4aadd8476 100755 +--- a/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_crypto_config.h ++++ b/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_crypto_config.h +@@ -34,10 +34,14 @@ + * + * Comment macros to disable the types + */ ++#ifndef TF_M_PROFILE_SMALL ++#ifndef TF_M_PROFILE_MEDIUM + #define ARCH_TEST_RSA + #define ARCH_TEST_RSA_1024 + #define ARCH_TEST_RSA_2048 + #define ARCH_TEST_RSA_3072 ++#endif ++#endif + + /** + * \def ARCH_TEST_ECC +@@ -50,11 +54,17 @@ + * Requires: ARCH_TEST_ECC + * Comment macros to disable the curve + */ ++#ifndef TF_M_PROFILE_SMALL + #define ARCH_TEST_ECC + #define ARCH_TEST_ECC_CURVE_SECP192R1 ++#ifndef TF_M_PROFILE_MEDIUM + #define ARCH_TEST_ECC_CURVE_SECP224R1 ++#endif + #define ARCH_TEST_ECC_CURVE_SECP256R1 ++#ifndef TF_M_PROFILE_MEDIUM + #define ARCH_TEST_ECC_CURVE_SECP384R1 ++#endif ++#endif + + /** + * \def ARCH_TEST_AES +@@ -78,10 +88,10 @@ + * + * Comment macros to disable the types + */ +-#define ARCH_TEST_DES +-#define ARCH_TEST_DES_1KEY +-#define ARCH_TEST_DES_2KEY +-#define ARCH_TEST_DES_3KEY ++//#define ARCH_TEST_DES ++//#define ARCH_TEST_DES_1KEY ++//#define ARCH_TEST_DES_2KEY ++//#define ARCH_TEST_DES_3KEY + + /** + * \def ARCH_TEST_RAW +@@ -104,7 +114,7 @@ + * + * Enable the ARC4 key type. + */ +-#define ARCH_TEST_ARC4 ++//#define ARCH_TEST_ARC4 + + /** + * \def ARCH_TEST_CIPHER_MODE_CTR +@@ -113,7 +123,11 @@ + * + * Requires: ARCH_TEST_CIPHER + */ ++#ifndef TF_M_PROFILE_SMALL ++#ifndef TF_M_PROFILE_MEDIUM + #define ARCH_TEST_CIPHER_MODE_CTR ++#endif ++#endif + + /** + * \def ARCH_TEST_CIPHER_MODE_CFB +@@ -138,7 +152,11 @@ + * + * Requires: ARCH_TEST_CIPHER, ARCH_TEST_AES, ARCH_TEST_CIPHER_MODE_CTR + */ ++#ifndef TF_M_PROFILE_SMALL ++#ifndef TF_M_PROFILE_MEDIUM + #define ARCH_TEST_CTR_AES ++#endif ++#endif + + /** + * \def ARCH_TEST_CBC_AES +@@ -157,7 +175,11 @@ + * + * Comment macros to disable the types + */ ++#ifndef TF_M_PROFILE_SMALL ++#ifndef TF_M_PROFILE_MEDIUM + #define ARCH_TEST_CBC_NO_PADDING ++#endif ++#endif + + /** + * \def ARCH_TEST_CFB_AES +@@ -177,11 +199,15 @@ + * + * Comment macros to disable the types + */ ++#ifndef TF_M_PROFILE_SMALL ++#ifndef TF_M_PROFILE_MEDIUM + #define ARCH_TEST_PKCS1V15 + #define ARCH_TEST_RSA_PKCS1V15_SIGN + #define ARCH_TEST_RSA_PKCS1V15_SIGN_RAW + #define ARCH_TEST_RSA_PKCS1V15_CRYPT + #define ARCH_TEST_RSA_OAEP ++#endif ++#endif + + /** + * \def ARCH_TEST_CBC_PKCS7 +@@ -190,7 +216,11 @@ + * + * Comment macros to disable the types + */ ++#ifndef TF_M_PROFILE_SMALL ++#ifndef TF_M_PROFILE_MEDIUM + #define ARCH_TEST_CBC_PKCS7 ++#endif ++#endif + + /** + * \def ARCH_TEST_ASYMMETRIC_ENCRYPTION +@@ -227,21 +257,27 @@ + * + * Comment macros to disable the types + */ +-// #define ARCH_TEST_MD2 +-// #define ARCH_TEST_MD4 +-#define ARCH_TEST_MD5 +-#define ARCH_TEST_RIPEMD160 +-#define ARCH_TEST_SHA1 ++//#define ARCH_TEST_MD2 ++//#define ARCH_TEST_MD4 ++//#define ARCH_TEST_MD5 ++//#define ARCH_TEST_RIPEMD160 ++//#define ARCH_TEST_SHA1 ++#ifndef TF_M_PROFILE_SMALL + #define ARCH_TEST_SHA224 ++#endif + #define ARCH_TEST_SHA256 ++#ifndef TF_M_PROFILE_SMALL ++#ifndef TF_M_PROFILE_MEDIUM + #define ARCH_TEST_SHA384 + #define ARCH_TEST_SHA512 +-// #define ARCH_TEST_SHA512_224 +-// #define ARCH_TEST_SHA512_256 +-// #define ARCH_TEST_SHA3_224 +-// #define ARCH_TEST_SHA3_256 +-// #define ARCH_TEST_SHA3_384 +-// #define ARCH_TEST_SHA3_512 ++#endif ++#endif ++//#define ARCH_TEST_SHA512_224 ++//#define ARCH_TEST_SHA512_256 ++//#define ARCH_TEST_SHA3_224 ++//#define ARCH_TEST_SHA3_256 ++//#define ARCH_TEST_SHA3_384 ++//#define ARCH_TEST_SHA3_512 + + /** + * \def ARCH_TEST_HKDF +@@ -270,7 +306,12 @@ + * + * Comment macros to disable the types + */ ++#ifndef TF_M_PROFILE_SMALL ++#ifndef TF_M_PROFILE_MEDIUM + #define ARCH_TEST_CMAC ++#endif ++#endif ++//#define ARCH_TEST_GMAC + #define ARCH_TEST_HMAC + + /** +@@ -290,7 +331,11 @@ + * Requires: ARCH_TEST_AES + * + */ ++#ifndef TF_M_PROFILE_SMALL ++#ifndef TF_M_PROFILE_MEDIUM + #define ARCH_TEST_GCM ++#endif ++#endif + + /** + * \def ARCH_TEST_TRUNCATED_MAC +@@ -309,7 +354,9 @@ + * + * Requires: ARCH_TEST_ECC + */ ++#ifndef TF_M_PROFILE_SMALL + #define ARCH_TEST_ECDH ++#endif + + /** + * \def ARCH_TEST_ECDSA +@@ -317,7 +364,9 @@ + * Enable the elliptic curve DSA library. + * Requires: ARCH_TEST_ECC + */ ++#ifndef TF_M_PROFILE_SMALL + #define ARCH_TEST_ECDSA ++#endif + + /** + * \def ARCH_TEST_DETERMINISTIC_ECDSA +-- +2.38.0 + diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-corstone1000.inc b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-corstone1000.inc index aa8f271df2..03f7dff2ef 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-corstone1000.inc +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-corstone1000.inc @@ -20,6 +20,7 @@ SRC_URI:append = " \ file://0017-Fix-update-psa_set_key_usage_flags-definition-to-the.patch \ file://0018-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch \ file://0019-plat-corstone1000-change-default-smm-values.patch \ + file://0020-FMP-Support-in-Corstone1000.patch \ " diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-crypto-api-test_git.bbappend b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-crypto-api-test_git.bbappend new file mode 100644 index 0000000000..6595c92a28 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-crypto-api-test_git.bbappend @@ -0,0 +1,7 @@ +FILESEXTRAPATHS:prepend := "${THISDIR}/corstone1000:" +FILESEXTRAPATHS:prepend := "${THISDIR}/corstone1000/${PN}:" + +SRC_URI:append:corstone1000 = " \ + file://0001-corstone1000-port-crypto-config.patch;patchdir=../psatest \ + file://0018-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch;patchdir=../trusted-services \ + " |