subtree updates

meta-security: 53c5cc794f..ddf301c45c: Adrian Zaharia (1): libmhash: fix multilib header conflict - mutils/mhash_config.h Alexander Kanavin (1): maintainers.inc: rename to avoid clashes with oe-core Armin Kuster (15): meta-tpm: rename recipes-tpm to recipes-tpm1 recipes-tpm: use this for common tpm recipes swtpm: update to 0.8.0 libtpm: update to 0.9.6 ossec-hids: update to tip of 3.7.0 libhtp: update to 0.5.43 suricata: update to 6.0.11 fscryptctl: update to 1.0.1 oeqa: fix hash test to match new changes integrity-image-minimal: adapt QEMU cmdline to new changes lynis: Add decoding OE and Poky os-release.bbappend: drop now CPE_NAME is in core openembedded-release: drop as os-release does this now tpm2-tss: drop vendor from PACKAGECONFIG packagegroup-security-tpm2: restore pkgs removed earlier Paul Gortmaker (4): dm-verity: ensure people don't ignore the DISTRO_FEATURES warning dm-verity: don't make read-only-rootfs sound like a requirement dm-verity: document the meta-intel dependency in the systemd example dm-verity: add x86-64 systemd based example instructions Peter Hoyes (1): meta-parsec/layer.conf: Insert addpylib declaration Peter Kjellerstedt (1): tpm2-tools: Remove unnecessary and optional dependencies Stefan Berger (12): ima: Document and replace keys and adapt scripts for EC keys ima: Fix the ima_policy_appraise_all to appraise executables & libraries ima: Fix the IMA kernel feature ima: Rename IMA_EVM_POLICY_SYSTEMD to IMA_EVM_POLICY ima: Sign all executables and the ima-policy in the root filesystem integrity: Update the README for IMA support linux: overlayfs: Add kernel patch resolving a file change notification issue ima-evm-utils: Update ima-evm-utils to v1.5 and add a patch linux: overlayfs: Drop kernel patch resolving a file change notification issue ima: Drop kernel config option CONFIG_SQUASHFS_XATTR=y from ima.cfg integrity: Fix the do_configure function integrity: Rename linux-%.bbappend to linux-yocto%.bbappend meta-raspberrypi: bf948e0aa8..928bb234bb: Martin Jansa (3): rpi-libcamera-apps: fix flags used in aarch64 builds rpi-libcamera-apps: fix version generation on hosts with older python rpi-libcamera-apps: bump to latest SRCREV and set PV meta-arm: 0b5724266a..f9d80e1a14: Emekcan Aras (2): arm-bsp/trusted-firmware-m: Align Capsule Update with GPT changes arm-bsp/wic: corstone1000: Fix and limit the partition size for corstone1000 Signed-off-by: Andrew Geissler <geissonator@yahoo.com> Change-Id: I56f7d26070d879e3138618332841c30cf57eb7d9
author: Andrew Geissler <geissonator@yahoo.com> 2023-05-19 17:38:37 +0300
committer: Andrew Geissler <geissonator@yahoo.com> 2023-05-19 21:39:02 +0300
commit: dc9d614711d1f205166fa42a0af05054fe06b26d (patch)
tree: b96ac45842c6be65a4967ef904dfd95ab307e10c /meta-arm/meta-arm-bsp
parent: b8485a60bce61ef2c5e6337a2f7b677871565a01 (diff)
download: openbmc-dc9d614711d1f205166fa42a0af05054fe06b26d.tar.xz
5 files changed, 146 insertions, 8 deletions
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0013-Platform-corstone1000-Increase-BL2-size-in-flash-lay.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0013-Platform-corstone1000-Increase-BL2-size-in-flash-lay.patch
new file mode 100644
index 0000000000..92d17cc0db
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0013-Platform-corstone1000-Increase-BL2-size-in-flash-lay.patch
@@ -0,0 +1,29 @@
+From 77c5a3bd090955e48ffca92bf9535185d26e9017 Mon Sep 17 00:00:00 2001
+From: Emekcan Aras <emekcan.aras@arm.com>
+Date: Mon, 15 May 2023 10:42:23 +0100
+Subject: [PATCH 2/4] Platform: corstone1000: Increase BL2 size in flash layout
+
+Increases BL2 size to align with the flash page size in corstone1000.
+
+Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
+Upstream-Status: Pending [Not submitted to upstream yet]
+---
+ platform/ext/target/arm/corstone1000/partition/flash_layout.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/platform/ext/target/arm/corstone1000/partition/flash_layout.h b/platform/ext/target/arm/corstone1000/partition/flash_layout.h
+index 41b4c6323f..bfe8c4fb3c 100644
+--- a/platform/ext/target/arm/corstone1000/partition/flash_layout.h
++++ b/platform/ext/target/arm/corstone1000/partition/flash_layout.h
+@@ -89,7 +89,7 @@
+ #endif
+ 
+ /* Static Configurations of the Flash */
+-#define SE_BL2_PARTITION_SIZE           (0x18800)    /* 98 KB */
++#define SE_BL2_PARTITION_SIZE           (0x19000)    /* 98 KB */
+ #define SE_BL2_BANK_0_OFFSET            (0x9000)  /* 72nd LBA */
+ #define SE_BL2_BANK_1_OFFSET            (0x1002000)  /* 32784th LBA */
+ 
+-- 
+2.17.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0014-Platform-Corstone1000-Increase-BL2_DATA_SIZE.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0014-Platform-Corstone1000-Increase-BL2_DATA_SIZE.patch
new file mode 100644
index 0000000000..e2844bacc0
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0014-Platform-Corstone1000-Increase-BL2_DATA_SIZE.patch
@@ -0,0 +1,33 @@
+From 17244ac692495c23008ff784611d0ee1d42c83dc Mon Sep 17 00:00:00 2001
+From: Emekcan Aras <emekcan.aras@arm.com>
+Date: Mon, 15 May 2023 10:46:18 +0100
+Subject: [PATCH 3/4] Platform: Corstone1000: Increase BL2_DATA_SIZE
+
+Increases BL2_DATA_SIZE to accommodate the changes in
+metadata_write/read.
+
+Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
+Upstream-Status: Pending [Not submitted to upstream yet]
+---
+ platform/ext/target/arm/corstone1000/partition/region_defs.h | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/platform/ext/target/arm/corstone1000/partition/region_defs.h b/platform/ext/target/arm/corstone1000/partition/region_defs.h
+index abfac39b62..e7f0bad2ba 100644
+--- a/platform/ext/target/arm/corstone1000/partition/region_defs.h
++++ b/platform/ext/target/arm/corstone1000/partition/region_defs.h
+@@ -90,9 +90,10 @@
+ #define BL2_CODE_SIZE     (IMAGE_BL2_CODE_SIZE)
+ #define BL2_CODE_LIMIT    (BL2_CODE_START + BL2_CODE_SIZE - 1)
+ 
++#define BL2_DATA_ADDITIONAL 448 /* To increase the BL2_DATA_SIZE more than the default value */
+ #define BL2_DATA_START    (BOOT_TFM_SHARED_DATA_BASE + \
+                            BOOT_TFM_SHARED_DATA_SIZE)
+-#define BL2_DATA_SIZE     (BL2_CODE_START - BL2_HEADER_SIZE - BL2_DATA_START)
++#define BL2_DATA_SIZE     (BL2_CODE_START - BL2_HEADER_SIZE - BL2_DATA_START + BL2_DATA_ADDITIONAL)
+ #define BL2_DATA_LIMIT    (BL2_DATA_START + BL2_DATA_SIZE - 1)
+ 
+ /* SE BL1 regions */
+-- 
+2.17.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0015-Platform-Corstone1000-Calculate-the-new-CRC32-value-.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0015-Platform-Corstone1000-Calculate-the-new-CRC32-value-.patch
new file mode 100644
index 0000000000..fd977ac2fd
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0015-Platform-Corstone1000-Calculate-the-new-CRC32-value-.patch
@@ -0,0 +1,71 @@
+From 83e423497afecc202a3a50c3e472161390056ebd Mon Sep 17 00:00:00 2001
+From: Emekcan Aras <emekcan.aras@arm.com>
+Date: Mon, 15 May 2023 10:47:27 +0100
+Subject: [PATCH 4/4] Platform: Corstone1000: Calculate the new CRC32 value
+ after changing the metadata
+
+Calculates the new CRC32 value for the metadata struct after chaing a value
+during the capsule update. It also updates the CRC32 field in the metadata
+so it doesn't fail the CRC check after a succesfull capsule update.
+It also skips doing a sanity check the BL2 nv counter after the capsule
+update since the tfm bl1 does not sync metadata and nv counters in OTP during
+the boot anymore.
+
+Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
+Upstream-Status: Pending [Not submitted to upstream yet]
+---
+ .../arm/corstone1000/fw_update_agent/fwu_agent.c       | 10 +++++++---
+ 1 file changed, 7 insertions(+), 3 deletions(-)
+
+diff --git a/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c b/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c
+index afd8d66e42..f564f2902c 100644
+--- a/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c
++++ b/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c
+@@ -802,6 +802,8 @@ static enum fwu_agent_error_t flash_full_capsule(
+     }
+     metadata->active_index = previous_active_index;
+     metadata->previous_active_index = active_index;
++    metadata->crc_32 = crc32((uint8_t *)&metadata->version,
++                              sizeof(struct fwu_metadata) - sizeof(uint32_t));
+ 
+     ret = metadata_write(metadata);
+     if (ret) {
+@@ -913,6 +915,8 @@ static enum fwu_agent_error_t accept_full_capsule(
+     if (ret) {
+         return ret;
+     }
++    metadata->crc_32 = crc32((uint8_t *)&metadata->version,
++                              sizeof(struct fwu_metadata) - sizeof(uint32_t));
+ 
+     ret = metadata_write(metadata);
+     if (ret) {
+@@ -1007,6 +1011,8 @@ static enum fwu_agent_error_t fwu_select_previous(
+     if (ret) {
+         return ret;
+     }
++    metadata->crc_32 = crc32((uint8_t *)&metadata->version,
++                              sizeof(struct fwu_metadata) - sizeof(uint32_t));
+ 
+     ret = metadata_write(metadata);
+     if (ret) {
+@@ -1119,8 +1125,7 @@ static enum fwu_agent_error_t update_nv_counters(
+ 
+     FWU_LOG_MSG("%s: enter\n\r", __func__);
+ 
+-    for (int i = 0; i <= FWU_MAX_NV_COUNTER_INDEX; i++) {
+-
++    for (int i = 1; i <= FWU_MAX_NV_COUNTER_INDEX; i++) {
+         switch (i) {
+             case FWU_BL2_NV_COUNTER:
+                 tfm_nv_counter_i = PLAT_NV_COUNTER_BL1_0;
+@@ -1141,7 +1146,6 @@ static enum fwu_agent_error_t update_nv_counters(
+         if (err != TFM_PLAT_ERR_SUCCESS) {
+             return FWU_AGENT_ERROR;
+         }
+-
+         if (priv_metadata->nv_counter[i] < security_cnt) {
+             return FWU_AGENT_ERROR;
+         } else if (priv_metadata->nv_counter[i] > security_cnt) {
+-- 
+2.17.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-1.7.0-corstone1000.inc b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-1.7.0-corstone1000.inc
index 68845cf93a..23c8c127bc 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-1.7.0-corstone1000.inc
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-1.7.0-corstone1000.inc
@@ -48,6 +48,9 @@ SRC_URI:append:corstone1000 = " \
     file://0010-Platform-corstone1000-Adds-compiler-flags-to-FWU-age.patch      \
     file://0011-Platform-corstone1000-adjust-PS-asset-configuration.patch       \
     file://0012-Platform-corstone1000-Increase-number-of-assets.patch           \
+    file://0013-Platform-corstone1000-Increase-BL2-size-in-flash-lay.patch      \
+    file://0014-Platform-Corstone1000-Increase-BL2_DATA_SIZE.patch              \
+    file://0015-Platform-Corstone1000-Calculate-the-new-CRC32-value-.patch      \
     file://corstone1000/rwx.patch                                               \
     "
 
diff --git a/meta-arm/meta-arm-bsp/wic/corstone1000-image.corstone1000.wks b/meta-arm/meta-arm-bsp/wic/corstone1000-image.corstone1000.wks
index 5668071aa3..71ab20f27c 100644
--- a/meta-arm/meta-arm-bsp/wic/corstone1000-image.corstone1000.wks
+++ b/meta-arm/meta-arm-bsp/wic/corstone1000-image.corstone1000.wks
@@ -4,6 +4,8 @@
 
 # The entries with --offset parameter should not be relocated
 # because BL1 code is statically configured for the given positions
+# Partition sizes are fixed since corstone1000 does not support partial update
+# and has a limit for each partition to grow.
 
 part --source empty --size 3k --offset 17k --part-name="reserved_1" --uuid B1F2FC8C-A7A3-4485-87CB-16961B8847D7
 
@@ -13,21 +15,21 @@ part --source empty --size 4k --align 4 --offset 24k --part-name="Bkup-FWU-Metad
 part --source empty --size 4k --align 4 --offset 28k --part-name="private_metadata_replica_2" --uuid 3CC3B456-DEC8-4CE3-BC5C-965483CE4828 --part-type ECB55DC3-8AB7-4A84-AB56-EB0A9974DB42
 part --source empty --size 4k --align 4 --offset 32k --part-name="private_metadata_replica_2" --uuid DCE9C503-8DFD-4DCB-8889-647E49641552 --part-type ECB55DC3-8AB7-4A84-AB56-EB0A9974DB42
 
-part --source rawcopy --sourceparams="file=bl2_signed.bin" --offset 36k --align 4 --part-name="bl2_primary" --uuid 9A3A8FBF-55EF-439C-80C9-A3F728033929 --part-type 64BD8ADB-02C0-4819-8688-03AB4CAB0ED9
+part --source rawcopy --size 100k --sourceparams="file=bl2_signed.bin" --offset 36k --align 4 --part-name="bl2_primary" --uuid 9A3A8FBF-55EF-439C-80C9-A3F728033929 --part-type 64BD8ADB-02C0-4819-8688-03AB4CAB0ED9
 
-part --source rawcopy --sourceparams="file=tfm_s_signed.bin" --align 4 --part-name="tfm_primary" --uuid 07F9616C-1233-439C-ACBA-72D75421BF70 --part-type D763C27F-07F6-4FF0-B2F3-060CB465CD4E
+part --source rawcopy --size 376k --sourceparams="file=tfm_s_signed.bin" --align 4 --part-name="tfm_primary" --uuid 07F9616C-1233-439C-ACBA-72D75421BF70 --part-type D763C27F-07F6-4FF0-B2F3-060CB465CD4E
 
 # Rawcopy of the FIP binary
-part --source rawcopy --sourceparams="file=signed_fip-corstone1000.bin" --align 4 --part-name="FIP_A" --uuid B9C7AC9D-40FF-4675-956B-EEF4DE9DF1C5 --part-type B5EB19BD-CF56-45E8-ABA7-7ADB228FFEA7
+part --source rawcopy --size 2 --sourceparams="file=signed_fip-corstone1000.bin" --align 4 --part-name="FIP_A" --uuid B9C7AC9D-40FF-4675-956B-EEF4DE9DF1C5 --part-type B5EB19BD-CF56-45E8-ABA7-7ADB228FFEA7
 
 # Rawcopy of kernel with initramfs
-part --source rawcopy --sourceparams="file=Image.gz-initramfs-${MACHINE}.bin" --align 4 --part-name="kernel_primary" --uuid BF7A6142-0662-47FD-9434-6A8811980816 --part-type 8197561D-6124-46FC-921E-141CC5745B05
+part --source rawcopy --size 12 --sourceparams="file=Image.gz-initramfs-${MACHINE}.bin" --align 4 --part-name="kernel_primary" --uuid BF7A6142-0662-47FD-9434-6A8811980816 --part-type 8197561D-6124-46FC-921E-141CC5745B05
 
 
-part --source empty --size 100k --offset 16392k --align 4 --part-name="bl2_secondary" --uuid 3F0C49A4-48B7-4D1E-AF59-3E4A3CE1BA9F --part-type 64BD8ADB-02C0-4819-8688-03AB4CAB0ED9
-part --source empty --size 4k --align 4 --part-name="tfm_secondary" --uuid 009A6A12-64A6-4F0F-9882-57CD79A34A3D --part-type D763C27F-07F6-4FF0-B2F3-060CB465CD4E
-part --source empty --size 4k --align 4 --part-name="FIP_B" --uuid 9424E370-7BC9-43BB-8C23-71EE645E1273 --part-type B5EB19BD-CF56-45E8-ABA7-7ADB228FFEA7
-part --source empty --size 4k --align 4 --part-name="kernel_secondary" --uuid A2698A91-F9B1-4629-9188-94E4520808F8 --part-type 8197561D-6124-46FC-921E-141CC5745B05
+part --source empty --size 100k --offset 16492k --align 4 --part-name="bl2_secondary" --uuid 3F0C49A4-48B7-4D1E-AF59-3E4A3CE1BA9F --part-type 64BD8ADB-02C0-4819-8688-03AB4CAB0ED9
+part --source empty --size 376k --align 4 --part-name="tfm_secondary" --uuid 009A6A12-64A6-4F0F-9882-57CD79A34A3D --part-type D763C27F-07F6-4FF0-B2F3-060CB465CD4E
+part --source empty --size 2 --align 4 --part-name="FIP_B" --uuid 9424E370-7BC9-43BB-8C23-71EE645E1273 --part-type B5EB19BD-CF56-45E8-ABA7-7ADB228FFEA7
+part --source empty --size 12 --align 4 --part-name="kernel_secondary" --uuid A2698A91-F9B1-4629-9188-94E4520808F8 --part-type 8197561D-6124-46FC-921E-141CC5745B05
 
 
 part --source empty --size 3k --offset 32748k --part-name="reserved_2" --uuid CCB18569-C0BA-42E0-A429-FE1DC862D660
author	Andrew Geissler <geissonator@yahoo.com>	2023-05-19 17:38:37 +0300
committer	Andrew Geissler <geissonator@yahoo.com>	2023-05-19 21:39:02 +0300
commit	dc9d614711d1f205166fa42a0af05054fe06b26d (patch)
tree	b96ac45842c6be65a4967ef904dfd95ab307e10c /meta-arm/meta-arm-bsp
parent	b8485a60bce61ef2c5e6337a2f7b677871565a01 (diff)
download	openbmc-dc9d614711d1f205166fa42a0af05054fe06b26d.tar.xz