diff options
author | Patrick Williams <patrick@stwcx.xyz> | 2022-10-04 15:57:18 +0300 |
---|---|---|
committer | Patrick Williams <patrick@stwcx.xyz> | 2022-10-04 23:48:44 +0300 |
commit | 8dd68484e26c2924fcc0eeda4d024b0116115009 (patch) | |
tree | fcd73baeab39ac71831143bb00cebb716c25a181 /meta-arm/meta-arm | |
parent | e71c689b0034a68d173d308dc66c31b6325ae2aa (diff) | |
download | openbmc-8dd68484e26c2924fcc0eeda4d024b0116115009.tar.xz |
subtree updates
meta-openembedded: 0782ea454a..ce0b93fc12:
Alex Kiernan (5):
faad2: Upgrade 2.8.8 -> 2.10.0
onig: Upgrade 6.9.4 -> 6.9.8
jansson: Honour multilib paths
jansson: Backport linker flag fixes
jansson: Default to shared builds
Beniamin Sandu (1):
libnet: update to v1.2 release
Daniel Gomez (4):
gst-instruments: Update 0.2.3 -> 0.3.1+cb8977a
libftdi: Add ftdi-eeprom support
xf86-video-ati: Update 19.1.0 -> 19.1.0+7a6a34af
v4l-utils: Update 1.22.1 -> 1.23.0+fd544473
Gianluigi Spagnuolo (1):
bpftool: add aarch64 to COMPATIBLE_HOST
Hitomi Hasegawa (1):
libsdl: add CVE-2019-14906 to allowlist
Khem Raj (2):
python3-gevent: Avoid building internal version of libev
xterm: Add _GNU_SOURCE via CFLAGS
Lukas Rusak (2):
libwebsockets: add optional support for sd-event loop
libwebsockets: add error check if PACKAGECONFIG contains systemd but DISTRO_FEATURES doesn't
Ming Liu (1):
plymouth: uprev to 22.02.122
William A. Kennington III (2):
gerbera: upgrade 1.9.2 -> 1.11.0
fmt: upgrade 8.1.1 -> 9.1.0
Yi Zhao (4):
freeradius: fix daemon startup warnings
frr: upgrade 8.2.2 -> 8.3.1
libnftnl: upgrade 1.2.2 -> 1.2.3
nftables: upgrade 1.0.4 -> 1.0.5
onkelpit (1):
tio: added tio version 2.0 and 1.47
wangmy (1):
xterm: upgrade 372 -> 373
meta-arm: 52f07a4b0b..0164b4ca7a:
Abdellatif El Khlifi (12):
arm-bsp/u-boot: corstone1000: update initramfs bundle size
arm-bsp/u-boot: corstone1000: upgrade FF-A support
arm-bsp/optee-os: corstone1000: upgrade to v3.18
arm-bsp/optee-spdevkit: corstone1000: drop the support
arm-bsp/corstone1000-initramfs-image: remove obsolete packages
arm-bsp/trusted-services: corstone1000: add secure partitions support
arm-bsp/machine: corstone1000: disable pulling the kernel into the initramfs
arm-bsp/trusted-services: corstone1000: add MHU-driver
arm-bsp/corstone1000-initramfs-image: add TS PSA API tests packages
arm-bsp/linux: corstone1000: use arm-ffa machine feature
arm/secure-partitions: drop use of the recipe
arm/ffa-debugfs: drop use of the kernel module
Adam Johnston (3):
arm-bsp/edk2-firmware: Update edk2/edk2-platforms versions for N1SDP
arm-bsp/edk2-firmware: Add edk2-platforms patches for N1SDP
arm-bsp/trusted-firmware-a: Update TF-A version for N1SDP
Andrei Gherzan (1):
edk2-firmware: Fix configure sed typo
Anton Antonov (1):
Temporary use qemu 7.0.0 for TS CI pipelines
Davidson K (6):
arm-bsp/tc: upgrade version of trusted-firmware-a
arm-bsp/tc: upgrade version of hafnium
arm-bsp/tc: upgrade version of optee
arm-bsp/u-boot: add gnutls-native as dependency
arm-bsp/trusted-firmware-a: add firmware update support for TC
arm-bsp/hafnium: enable Virtual Host Extension for TC
Denys Dmytriyenko (1):
arm-toolchain/gcc,external-arm-toolchain: resolve conflict with gcc headers
Emekcan (8):
arm-bsp/u-boot: Add external system driver to u-boot device tree
arm-bsp/kernel: Add external device driver
arm-bsp/u-boot: Add external system MHUs to u-boot device tree
arm-bsp/kernel: Add rpmsg_arm_mailbox to corstone1000
arm-bsp/test: Adding a test app for external system
arm-bsp/images: Adding external system test to initramfs image
arm-bsp/test: Changing the test app repository
arm-bsp/external-system: Changing the RTX repo
Jiacheng Tang (1):
arm/fvp-base-r-aem: upgrade to version 11.19.14
Joe Slater (1):
arm/packagegroup-ts-tests: fix parse error
Jon Mason (17):
arm-bsp/optee-os: add 3.10 recipe for corstone1000
arm-bsp/optee: rename corstone1000 files
arm/optee-spdevkit: add version to file name
arm/optee-os: add ARMv7 changes to clang patch and update patches
arm/qemuarm-secureboot: remove optee-os version pin
arm/optee: remove old versions
arm/optee-client: move the 3.14 recipe to meta-arm-bsp
arm/hafnium: update to 2.7
arm-bsp/n1sdp: update linux-yocto patches
arm/edk2-firmware: Work around clang issue
arm-bsp/tc: remove hafnium clang patch
layers: convert to langdale compatibility
CI: Remove uniquely zephyr machines
arm-bsp/fvp: move the fvp include file to the include directory
ci: move features only needed by testimage from base
CI: apply a patch so that meta-zephyr is compatible with langdale
Revert "CI: apply a patch so that meta-zephyr is compatible with langdale"
Khem Raj (6):
optee-os: Extend clang pragma fixes to core_mmu_v7.c for 3.18
trusted-services: Pin to use gcc
ffa-debugfs-mod: Exclude from world builds
linux-yocto: Add bbappend for 5.19
hafnium: Add a fix for clang-15 errors
hafnium: Exclude from world builds
Mohamed Omar Asaker (1):
arm-bsp/n1sdp-board-firmware: upgrade to N1SDP-2022.06.22
Peter Hoyes (4):
arm/lib: Specify the FVP environment variables explicitly
arm-bsp/trusted-firmware-m: Make branch names configurable
arm/classes: Migrate TF-M image signing to bbclass
arm-bsp/corstone1000: Refactor image signing to use new bbclass
Ross Burton (3):
gem5/linux-yocto: upgrade to 5.4.205 and fix buildpaths in binaries
Revert "Temporary use qemu 7.0.0 for TS CI pipelines"
runfvp: pass-through environment variables need for GUI applications
Rui Miguel Silva (1):
arm-bsp: trusted-services: fix openamp build
Vishnu Banavath (2):
arm-bsp/ffa-debugfs: update git SHA for v2.1.0
arm-bsp/external-system:corstone1000: build and install external-system
Xueliang Zhong (1):
arm-bsp/n1sdp: upgrade scp-firmware version
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I7a07eab9e4aa0bdbdb50602050c3c4caf062acbf
Diffstat (limited to 'meta-arm/meta-arm')
46 files changed, 430 insertions, 659 deletions
diff --git a/meta-arm/meta-arm/classes/fvpboot.bbclass b/meta-arm/meta-arm/classes/fvpboot.bbclass index fbdfa965d4..78dabd7369 100644 --- a/meta-arm/meta-arm/classes/fvpboot.bbclass +++ b/meta-arm/meta-arm/classes/fvpboot.bbclass @@ -23,6 +23,8 @@ FVP_CONSOLE ?= "" FVP_CONSOLES[default] ?= "${FVP_CONSOLE}" # Arbitrary extra arguments FVP_EXTRA_ARGS ?= "" +# Bitbake variables to pass to the FVP environment +FVP_ENV_PASSTHROUGH ?= "" EXTRA_IMAGEDEPENDS += "${FVP_PROVIDER}" @@ -66,6 +68,10 @@ python do_write_fvpboot_conf() { data["terminals"] = getFlags("FVP_TERMINALS") data["args"] = shlex.split(d.getVar("FVP_EXTRA_ARGS") or "") + data["env"] = {} + for var in d.getVar("FVP_ENV_PASSTHROUGH").split(): + data["env"][var] = d.getVar(var) + os.makedirs(os.path.dirname(conffile), exist_ok=True) with open(conffile, "wt") as f: json.dump(data, f) diff --git a/meta-arm/meta-arm/classes/tfm_sign_image.bbclass b/meta-arm/meta-arm/classes/tfm_sign_image.bbclass new file mode 100644 index 0000000000..542b708b62 --- /dev/null +++ b/meta-arm/meta-arm/classes/tfm_sign_image.bbclass @@ -0,0 +1,79 @@ +# Functionality to sign binary images using the wrapper script bundled with +# TF-M. Signed images are written to the deploy directory by default. +# To use: +# * Inherit this class +# * Override the do_sign_images task +# * Write the signing logic, which may call the function sign_host_image, +# described below + +inherit python3native deploy + +# The output and working directory +TFM_IMAGE_SIGN_DIR = "${WORKDIR}/tfm-signed-images" + +tfm_sign_image_do_sign_images() { + : +} +addtask sign_images after do_configure before do_compile +do_sign_images[dirs] = "${TFM_IMAGE_SIGN_DIR}" + +tfm_sign_image_do_deploy() { + : +} +addtask deploy after do_sign_images + +deploy_signed_images() { + cp ${TFM_IMAGE_SIGN_DIR}/signed_* ${DEPLOYDIR}/ +} +do_deploy[postfuncs] += "deploy_signed_images" + +EXPORT_FUNCTIONS do_sign_images do_deploy + +DEPENDS += "trusted-firmware-m-scripts-native" + +# python3-cryptography needs the legacy provider, so set OPENSSL_MODULES to the +# right path until this is relocated automatically. +export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules" + +# +# sign_host_image +# +# Description: +# +# A generic function that signs a host image +# using MCUBOOT format +# +# Arguments: +# +# $1 ... path of binary to sign +# $2 ... load address of the given binary +# $3 ... signed binary size +# +# Note: The signed binary is copied to ${TFM_IMAGE_SIGN_DIR} +# +sign_host_image() { + host_binary_filename="$(basename -s .bin "${1}")" + host_binary_layout="${host_binary_filename}_ns" + + cat << EOF > ${TFM_IMAGE_SIGN_DIR}/${host_binary_layout} +enum image_attributes { + RE_IMAGE_LOAD_ADDRESS = ${2}, + RE_SIGN_BIN_SIZE = ${3}, +}; +EOF + + host_binary_signed="${TFM_IMAGE_SIGN_DIR}/signed_$(basename "${1}")" + + ${PYTHON} "${STAGING_LIBDIR_NATIVE}/tfm-scripts/wrapper/wrapper.py" \ + -v ${RE_LAYOUT_WRAPPER_VERSION} \ + --layout "${TFM_IMAGE_SIGN_DIR}/${host_binary_layout}" \ + -k "${RECIPE_SYSROOT_NATIVE}/${TFM_SIGN_PRIVATE_KEY}" \ + --public-key-format full \ + --align 1 \ + --pad \ + --pad-header \ + -H ${RE_IMAGE_OFFSET} \ + -s auto \ + "${1}" \ + "${host_binary_signed}" +} diff --git a/meta-arm/meta-arm/conf/layer.conf b/meta-arm/meta-arm/conf/layer.conf index c23ea56f88..af8c4cc387 100644 --- a/meta-arm/meta-arm/conf/layer.conf +++ b/meta-arm/meta-arm/conf/layer.conf @@ -13,7 +13,7 @@ LAYERDEPENDS_meta-arm = " \ core \ arm-toolchain \ " -LAYERSERIES_COMPAT_meta-arm = "kirkstone" +LAYERSERIES_COMPAT_meta-arm = "langdale" # runfvp --console needs telnet, so pull this in for testimage. HOSTTOOLS_NONFATAL += "telnet" diff --git a/meta-arm/meta-arm/conf/machine/microbit-v1.conf b/meta-arm/meta-arm/conf/machine/microbit-v1.conf deleted file mode 100644 index ef3872fef2..0000000000 --- a/meta-arm/meta-arm/conf/machine/microbit-v1.conf +++ /dev/null @@ -1,24 +0,0 @@ -#@TYPE: Machine -#@NAME: microbit_v1 -#@DESCRIPTION: Machine for BBC Microbit v1, Zephyr BOARD qemu_cortex_m0 - -require conf/machine/include/qemu.inc -require conf/machine/include/arm/armv6m/tune-cortexm0.inc - -MACHINEOVERRIDES =. "nordic:" - -# GLIBC will not work with Cortex-M. -TCLIBC = "newlib" - -# For runqemu -QB_SYSTEM_NAME = "qemu-system-arm" -QB_MACHINE = "-machine microbit" -QB_CPU = "-cpu cortex-m0" -QB_GRAPHICS = "-nographic -vga none" -QB_RNG = "" -QB_OPT_APPEND = "-icount shift=6,align=off,sleep=on -rtc clock=vm" - -# Zephyr RTOS settings -ZEPHYR_BOARD = "qemu_cortex_m0" -ZEPHYR_INHERIT_CLASSES += "zephyr-qemuboot" -ARCH:qemu-cortex-m0 = "arm" diff --git a/meta-arm/meta-arm/conf/machine/qemu-cortex-a53.conf b/meta-arm/meta-arm/conf/machine/qemu-cortex-a53.conf deleted file mode 100644 index 7147face89..0000000000 --- a/meta-arm/meta-arm/conf/machine/qemu-cortex-a53.conf +++ /dev/null @@ -1,19 +0,0 @@ -#@TYPE: Machine -#@NAME: qemu-cortex-a53 -#@DESCRIPTION: Machine for Zephyr BOARD qemu_cortex_a53 - -require conf/machine/include/qemu.inc -require conf/machine/include/arm/armv8a/tune-cortexa53.inc - -TCLIBC = "newlib" - -# For runqemu -QB_SYSTEM_NAME = "qemu-system-aarch64" -QB_MACHINE = "-machine virt" -QB_CPU = "-cpu cortex-a53" -QB_GRAPHICS = "-nographic -vga none" - -# Zephyr RTOS settings -ZEPHYR_BOARD = "qemu_cortex_a53" -ZEPHYR_INHERIT_CLASSES += "zephyr-qemuboot" -ARCH:qemu-cortex-a53 = "aarch64" diff --git a/meta-arm/meta-arm/conf/machine/qemuarm-secureboot.conf b/meta-arm/meta-arm/conf/machine/qemuarm-secureboot.conf index e48d9642df..f08b84fe5e 100644 --- a/meta-arm/meta-arm/conf/machine/qemuarm-secureboot.conf +++ b/meta-arm/meta-arm/conf/machine/qemuarm-secureboot.conf @@ -21,6 +21,3 @@ WKS_FILE_DEPENDS = "trusted-firmware-a" IMAGE_BOOT_FILES = "${KERNEL_IMAGETYPE}" MACHINE_FEATURES += "optee-ftpm" - -# FIXME - CPUs 2-4 don't start in the newer OPTEE -PREFERRED_VERSION_optee-os ?= "3.14%" diff --git a/meta-arm/meta-arm/lib/fvp/conffile.py b/meta-arm/meta-arm/lib/fvp/conffile.py index acede40ee5..603851d1dc 100644 --- a/meta-arm/meta-arm/lib/fvp/conffile.py +++ b/meta-arm/meta-arm/lib/fvp/conffile.py @@ -51,6 +51,7 @@ def load(config_file): sanitise("terminals", {}) sanitise("args", []) sanitise("consoles", {}) + sanitise("env", {}) if not config["exe"]: raise ValueError("Required value FVP_EXE not set in machine configuration") diff --git a/meta-arm/meta-arm/lib/fvp/runner.py b/meta-arm/meta-arm/lib/fvp/runner.py index 7641cd67c5..c5c795dd32 100644 --- a/meta-arm/meta-arm/lib/fvp/runner.py +++ b/meta-arm/meta-arm/lib/fvp/runner.py @@ -59,8 +59,19 @@ class FVPRunner: async def start(self, config, extra_args=[], terminal_choice="none"): cli = cli_from_config(config, terminal_choice) cli += extra_args + + # Pass through environment variables needed for GUI applications, such + # as xterm, to work. + env = config['env'] + for name in ('DISPLAY', 'WAYLAND_DISPLAY'): + if name in os.environ: + env[name] = os.environ[name] + self._logger.debug(f"Constructed FVP call: {cli}") - self._fvp_process = await asyncio.create_subprocess_exec(*cli, stdin=subprocess.DEVNULL, stdout=subprocess.PIPE, stderr=subprocess.STDOUT) + self._fvp_process = await asyncio.create_subprocess_exec( + *cli, + stdin=subprocess.DEVNULL, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, + env=env) def detect_terminals(line): m = re.match(r"^(\S+): Listening for serial connection on port (\d+)$", line) diff --git a/meta-arm/meta-arm/lib/oeqa/selftest/cases/runfvp.py b/meta-arm/meta-arm/lib/oeqa/selftest/cases/runfvp.py index d1e452f633..cf8a3c53f4 100644 --- a/meta-arm/meta-arm/lib/oeqa/selftest/cases/runfvp.py +++ b/meta-arm/meta-arm/lib/oeqa/selftest/cases/runfvp.py @@ -20,11 +20,10 @@ class RunFVPTests(OESelftestTestCase): on exit code 0 or fail the test, otherwise return the CompletedProcess instance. """ - # Put the test directory in PATH so that any mock FVPs are found first - newenv = {"PATH": str(testdir) + ":" + os.environ["PATH"]} cli = [runfvp,] + list(args) print(f"Calling {cli}") - ret = subprocess.run(cli, env=newenv, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, universal_newlines=True) + # Set cwd to testdir so that any mock FVPs are found + ret = subprocess.run(cli, cwd=testdir, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, universal_newlines=True) if should_succeed: self.assertEqual(ret.returncode, 0, f"runfvp exit {ret.returncode}, output: {ret.stdout}") return ret.stdout @@ -40,8 +39,6 @@ class RunFVPTests(OESelftestTestCase): self.run_fvp("--this-is-an-invalid-option", should_succeed=False) def test_run_auto_tests(self): - newenv = {"PATH": str(testdir) + ":" + os.environ["PATH"]} - cases = list(testdir.glob("auto-*.json")) if not cases: self.fail("No tests found") @@ -79,6 +76,7 @@ class ConfFileTests(OESelftestTestCase): self.assertTrue("terminals" in conf) self.assertTrue("args" in conf) self.assertTrue("consoles" in conf) + self.assertTrue("env" in conf) class RunnerTests(OESelftestTestCase): @@ -97,6 +95,7 @@ class RunnerTests(OESelftestTestCase): "applications": {'a1': 'file'}, "terminals": {}, "args": ['--extra-arg'], + "env": {"FOO": "BAR"} })) m.assert_called_once_with('/usr/bin/FVP_Binary', @@ -106,4 +105,27 @@ class RunnerTests(OESelftestTestCase): '--extra-arg', stdin=unittest.mock.ANY, stdout=unittest.mock.ANY, - stderr=unittest.mock.ANY) + stderr=unittest.mock.ANY, + env={"FOO":"BAR"}) + + @unittest.mock.patch.dict(os.environ, {"DISPLAY": ":42", "WAYLAND_DISPLAY": "wayland-42"}) + def test_env_passthrough(self): + from fvp import runner + with self.create_mock() as m: + fvp = runner.FVPRunner(self.logger) + asyncio.run(fvp.start({ + "fvp-bindir": "/usr/bin", + "exe": "FVP_Binary", + "parameters": {}, + "data": [], + "applications": {}, + "terminals": {}, + "args": [], + "env": {"FOO": "BAR"} + })) + + m.assert_called_once_with('/usr/bin/FVP_Binary', + stdin=unittest.mock.ANY, + stdout=unittest.mock.ANY, + stderr=unittest.mock.ANY, + env={"DISPLAY":":42", "FOO": "BAR", "WAYLAND_DISPLAY": "wayland-42"}) diff --git a/meta-arm/meta-arm/lib/oeqa/selftest/cases/tests/auto-basic.json b/meta-arm/meta-arm/lib/oeqa/selftest/cases/tests/auto-basic.json index 476eb57217..a476ac108a 100644 --- a/meta-arm/meta-arm/lib/oeqa/selftest/cases/tests/auto-basic.json +++ b/meta-arm/meta-arm/lib/oeqa/selftest/cases/tests/auto-basic.json @@ -1,3 +1,4 @@ { + "fvp-bindir": ".", "exe": "auto-basic.sh" } diff --git a/meta-arm/meta-arm/lib/oeqa/selftest/cases/tests/auto-parameters.json b/meta-arm/meta-arm/lib/oeqa/selftest/cases/tests/auto-parameters.json index 0c7d4ef922..a60abac3f4 100644 --- a/meta-arm/meta-arm/lib/oeqa/selftest/cases/tests/auto-parameters.json +++ b/meta-arm/meta-arm/lib/oeqa/selftest/cases/tests/auto-parameters.json @@ -1,4 +1,5 @@ { + "fvp-bindir": ".", "exe": "test-parameters.py", "parameters": { "board.cow": "moo", diff --git a/meta-arm/meta-arm/lib/oeqa/selftest/cases/tests/test-parameter.json b/meta-arm/meta-arm/lib/oeqa/selftest/cases/tests/test-parameter.json index 9b565f27f6..031ef6600e 100644 --- a/meta-arm/meta-arm/lib/oeqa/selftest/cases/tests/test-parameter.json +++ b/meta-arm/meta-arm/lib/oeqa/selftest/cases/tests/test-parameter.json @@ -1,4 +1,5 @@ { + "fvp-bindir": ".", "exe": "test-parameters.py", "parameters": { "board.cow": "moo" diff --git a/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium/0001-Fix-build-with-clang-15.patch b/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium/0001-Fix-build-with-clang-15.patch new file mode 100644 index 0000000000..f037d2b58f --- /dev/null +++ b/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium/0001-Fix-build-with-clang-15.patch @@ -0,0 +1,116 @@ +From d96f696244e0869654004f49586b53811037db30 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Thu, 22 Sep 2022 19:13:49 -0700 +Subject: [PATCH] Fix build with clang-15 + +Clang-15 warns about prototypes a bit harder +Remove unused variable suites_in_image + +Upstream-Status: Pending +Signed-off-by: Khem Raj <raj.khem@gmail.com> + +--- + test/hftest/common.c | 2 -- + test/vmapi/arch/aarch64/gicv3/gicv3.c | 2 +- + test/vmapi/arch/aarch64/gicv3/inc/gicv3.h | 2 +- + test/vmapi/arch/aarch64/gicv3/timer_secondary.c | 2 +- + test/vmapi/el0_partitions/services/interruptible.c | 2 +- + test/vmapi/el0_partitions/services/interruptible_echo.c | 2 +- + test/vmapi/primary_with_secondaries/services/interruptible.c | 2 +- + 7 files changed, 6 insertions(+), 8 deletions(-) + +diff --git a/test/hftest/common.c b/test/hftest/common.c +index 344ff24..175230a 100644 +--- a/test/hftest/common.c ++++ b/test/hftest/common.c +@@ -67,7 +67,6 @@ void hftest_json(void) + { + const char *suite = NULL; + size_t i; +- size_t suites_in_image = 0; + size_t tests_in_suite = 0; + + HFTEST_LOG("{"); +@@ -81,7 +80,6 @@ void hftest_json(void) + HFTEST_LOG(" },"); + } + /* Move onto new suite. */ +- ++suites_in_image; + suite = test->suite; + tests_in_suite = 0; + HFTEST_LOG(" {"); +diff --git a/test/vmapi/arch/aarch64/gicv3/gicv3.c b/test/vmapi/arch/aarch64/gicv3/gicv3.c +index 682bc4e..82582f0 100644 +--- a/test/vmapi/arch/aarch64/gicv3/gicv3.c ++++ b/test/vmapi/arch/aarch64/gicv3/gicv3.c +@@ -42,7 +42,7 @@ static void irq(void) + dlog("primary IRQ %d ended\n", interrupt_id); + } + +-void system_setup() ++void system_setup(void) + { + const uint32_t mode = MM_MODE_R | MM_MODE_W | MM_MODE_D; + hftest_mm_identity_map((void *)GICD_BASE, PAGE_SIZE, mode); +diff --git a/test/vmapi/arch/aarch64/gicv3/inc/gicv3.h b/test/vmapi/arch/aarch64/gicv3/inc/gicv3.h +index 5faf3a8..f681e58 100644 +--- a/test/vmapi/arch/aarch64/gicv3/inc/gicv3.h ++++ b/test/vmapi/arch/aarch64/gicv3/inc/gicv3.h +@@ -30,4 +30,4 @@ extern void *recv_buffer; + + extern volatile uint32_t last_interrupt_id; + +-void system_setup(); ++void system_setup(void); +diff --git a/test/vmapi/arch/aarch64/gicv3/timer_secondary.c b/test/vmapi/arch/aarch64/gicv3/timer_secondary.c +index ebc4db3..8260e10 100644 +--- a/test/vmapi/arch/aarch64/gicv3/timer_secondary.c ++++ b/test/vmapi/arch/aarch64/gicv3/timer_secondary.c +@@ -55,7 +55,7 @@ TEAR_DOWN(timer_secondary_ffa) + EXPECT_FFA_ERROR(ffa_rx_release(), FFA_DENIED); + } + +-static void timer_busywait_secondary() ++static void timer_busywait_secondary(void) + { + const char message[] = "loop 0099999"; + const char expected_response[] = "Got IRQ 03."; +diff --git a/test/vmapi/el0_partitions/services/interruptible.c b/test/vmapi/el0_partitions/services/interruptible.c +index 0d00b16..3c3250d 100644 +--- a/test/vmapi/el0_partitions/services/interruptible.c ++++ b/test/vmapi/el0_partitions/services/interruptible.c +@@ -43,7 +43,7 @@ static void irq(void) + * Try to receive a message from the mailbox, blocking if necessary, and + * retrying if interrupted. + */ +-static struct ffa_value mailbox_receive_retry() ++static struct ffa_value mailbox_receive_retry(void) + { + struct ffa_value received; + +diff --git a/test/vmapi/el0_partitions/services/interruptible_echo.c b/test/vmapi/el0_partitions/services/interruptible_echo.c +index b618cf2..636ebc9 100644 +--- a/test/vmapi/el0_partitions/services/interruptible_echo.c ++++ b/test/vmapi/el0_partitions/services/interruptible_echo.c +@@ -32,7 +32,7 @@ static void irq(void) + * Try to receive a message from the mailbox, blocking if necessary, and + * retrying if interrupted. + */ +-static struct ffa_value mailbox_receive_retry() ++static struct ffa_value mailbox_receive_retry(void) + { + struct ffa_value received; + +diff --git a/test/vmapi/primary_with_secondaries/services/interruptible.c b/test/vmapi/primary_with_secondaries/services/interruptible.c +index cc1c1f9..c94093b 100644 +--- a/test/vmapi/primary_with_secondaries/services/interruptible.c ++++ b/test/vmapi/primary_with_secondaries/services/interruptible.c +@@ -40,7 +40,7 @@ static void irq(void) + * Try to receive a message from the mailbox, blocking if necessary, and + * retrying if interrupted. + */ +-struct ffa_value mailbox_receive_retry() ++struct ffa_value mailbox_receive_retry(void) + { + struct ffa_value received; + diff --git a/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium/0001-define-_Noreturn-if-needed.patch b/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium/0001-define-_Noreturn-if-needed.patch index b73c53393f..6f61177ac3 100644 --- a/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium/0001-define-_Noreturn-if-needed.patch +++ b/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium/0001-define-_Noreturn-if-needed.patch @@ -1,4 +1,4 @@ -From 0d941ba32a082023575fd0d14d52a12b7547b367 Mon Sep 17 00:00:00 2001 +From a433727e0fe8424db984f3afa2bda898dd517e9d Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@gmail.com> Date: Tue, 19 Apr 2022 22:32:56 -0700 Subject: [PATCH] define _Noreturn if needed @@ -11,12 +11,13 @@ noreturn void panic(const char *fmt, ...); ^ Signed-off-by: Khem Raj <raj.khem@gmail.com> + --- inc/hf/panic.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/inc/hf/panic.h b/inc/hf/panic.h -index ec864e4f..588f1193 100644 +index ec864e4..588f119 100644 --- a/inc/hf/panic.h +++ b/inc/hf/panic.h @@ -10,4 +10,8 @@ @@ -28,6 +29,3 @@ index ec864e4f..588f1193 100644 +#endif + noreturn void panic(const char *fmt, ...); --- -2.36.0 - diff --git a/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium/host-ld.patch b/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium/host-ld.patch index 040d61b253..2a34239050 100644 --- a/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium/host-ld.patch +++ b/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium/host-ld.patch @@ -1,3 +1,8 @@ +From 9b1b93184c365a07b340c9404a6a0581e971bd54 Mon Sep 17 00:00:00 2001 +From: Ross Burton <ross.burton@arm.com> +Date: Tue, 9 Nov 2021 23:31:22 +0000 +Subject: [PATCH] arm/hafnium: fix kernel tool linking + We need to be sure that the host linker flags are passed to the kernel build, as otherwise it is possible that binaries are incorrectly linked. For example: @@ -7,8 +12,12 @@ ld: .../recipe-sysroot-native/usr/lib/pkgconfig/../../../usr/lib/libcrypto.so: u Upstream-Status: Inappropriate Signed-off-by: Ross Burton <ross.burton@arm.com> +--- + build/linux/linux.gni | 1 + + 1 file changed, 1 insertion(+) + diff --git a/build/linux/linux.gni b/build/linux/linux.gni -index 65cc9df..19adbfb 100644 +index 45860fa..b010254 100644 --- a/build/linux/linux.gni +++ b/build/linux/linux.gni @@ -60,6 +60,7 @@ template("linux_kernel") { @@ -16,6 +25,6 @@ index 65cc9df..19adbfb 100644 "LLVM_IAS=1", "CROSS_COMPILE=aarch64-linux-gnu-", + "HOSTLDFLAGS=" + getenv("BUILD_LDFLAGS"), - + # Build out-of-tree in `target_out_dir`. "O=" + rebase_path(target_out_dir), diff --git a/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium/native-dtc.patch b/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium/native-dtc.patch deleted file mode 100644 index 840c0bc98b..0000000000 --- a/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium/native-dtc.patch +++ /dev/null @@ -1,16 +0,0 @@ -Use our dtc tools instead of the prebuilt (x86-64-only) binaries. - -Upstream-Status: Pending [part of a larger effort to remove prebuilt] -Signed-off-by: Ross Burton <ross.burton@arm.com> - -diff --git a/build/image/dtc.py b/build/image/dtc.py -index d077818..1513120 100755 ---- a/build/image/dtc.py -+++ b/build/image/dtc.py -@@ -16,4 +16,2 @@ import sys --HF_ROOT = os.path.dirname(os.path.dirname(os.path.dirname(__file__))) --DTC_ROOT = os.path.join(HF_ROOT, "prebuilts", "linux-x64", "dtc") --DTC = os.path.join(DTC_ROOT, "dtc") --FDTOVERLAY = os.path.join(DTC_ROOT, "fdtoverlay") -+DTC = "dtc" -+FDTOVERLAY = "fdtoverlay" diff --git a/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium/pkg-config-native.patch b/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium/pkg-config-native.patch index bc03195602..40129acf08 100644 --- a/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium/pkg-config-native.patch +++ b/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium/pkg-config-native.patch @@ -1,20 +1,29 @@ -Use pkg-config-native to find the libssl headers. +From b0405e0e25740ca0ea8b75d9b3b4f35b39d82e0e Mon Sep 17 00:00:00 2001 +From: Ross Burton <ross.burton@arm.com> +Date: Sat, 17 Jul 2021 14:38:02 -0500 +Subject: [PATCH] Use pkg-config-native to find the libssl headers. Upstream-Status: Inappropriate Signed-off-by: Ross Burton <ross.burton@arm.com> +--- + scripts/Makefile | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/Makefile b/scripts/Makefile -index b4b7d8b58..26a5160ee 100644 ---- a/third_party/linux/scripts/Makefile -+++ b/third_party/linux/scripts/Makefile -@@ -10,8 +10,8 @@ - - HOST_EXTRACFLAGS += -I$(srctree)/tools/include - +index 9adb6d247..5fe371c7d 100644 +--- a/scripts/Makefile ++++ b/scripts/Makefile +@@ -3,8 +3,8 @@ + # scripts contains sources for various helper programs used throughout + # the kernel for the build process. + -CRYPTO_LIBS = $(shell pkg-config --libs libcrypto 2> /dev/null || echo -lcrypto) -CRYPTO_CFLAGS = $(shell pkg-config --cflags libcrypto 2> /dev/null) +CRYPTO_LIBS = $(shell pkg-config-native --libs libcrypto 2> /dev/null || echo -lcrypto) +CRYPTO_CFLAGS = $(shell pkg-config-native --cflags libcrypto 2> /dev/null) + + hostprogs-always-$(CONFIG_BUILD_BIN2C) += bin2c + hostprogs-always-$(CONFIG_KALLSYMS) += kallsyms +-- +2.30.2 - hostprogs-$(CONFIG_BUILD_BIN2C) += bin2c - hostprogs-$(CONFIG_KALLSYMS) += kallsyms diff --git a/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium_2.6.bb b/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium_2.7.bb index ae89e8d9e8..0c4e294192 100644 --- a/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium_2.6.bb +++ b/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium_2.7.bb @@ -7,14 +7,19 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=782b40c14bad5294672c500501edc103" PACKAGE_ARCH = "${MACHINE_ARCH}" -inherit deploy python3native pkgconfig + +CLANGNATIVE = "" +CLANGNATIVE:runtime-llvm = "clang-native" + +inherit deploy python3native pkgconfig ${CLANGNATIVE} SRC_URI = "gitsm://git.trustedfirmware.org/hafnium/hafnium.git;protocol=https;branch=master \ file://0001-define-_Noreturn-if-needed.patch \ file://host-ld.patch \ - file://pkg-config-native.patch \ - file://native-dtc.patch" -SRCREV = "55b74f893948dd08d2782dd8fa9e903c143a6704" + file://pkg-config-native.patch;patchdir=third_party/linux \ + file://0001-Fix-build-with-clang-15.patch \ + " +SRCREV = "79e9522d26fc2a88a44af149034acc27312b73a1" S = "${WORKDIR}/git" B = "${WORKDIR}/build" @@ -72,3 +77,5 @@ python() { if d.getVar("BUILD_ARCH") != "x86_64": raise bb.parse.SkipRecipe("Cannot be built on non-x86-64 hosts") } + +EXCLUDE_FROM_WORLD = "1" diff --git a/meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.6.0.bb b/meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.6.0.bb index bda27713db..c10efd5a62 100644 --- a/meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.6.0.bb +++ b/meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.6.0.bb @@ -16,20 +16,23 @@ LIC_FILES_CHKSUM = "file://license.rst;md5=07f368487da347f3c7bd0fc3085f3afa \ file://../mcuboot/LICENSE;md5=b6ee33f1d12a5e6ee3de1e82fb51eeb8" SRC_URI = "git://git.trustedfirmware.org/TF-M/trusted-firmware-m.git;protocol=https;branch=${SRCBRANCH_tfm};name=tfm;destsuffix=git/tfm \ - git://git.trustedfirmware.org/TF-M/tf-m-tests.git;protocol=https;branch=release/1.6.x;name=tfm-tests;destsuffix=git/tf-m-tests \ - git://github.com/ARMmbed/mbedtls.git;protocol=https;branch=master;name=mbedtls;destsuffix=git/mbedtls \ - git://github.com/mcu-tools/mcuboot.git;protocol=https;branch=main;name=mcuboot;destsuffix=git/mcuboot \ + git://git.trustedfirmware.org/TF-M/tf-m-tests.git;protocol=https;branch=${SRCBRANCH_tfm-tests};name=tfm-tests;destsuffix=git/tf-m-tests \ + git://github.com/ARMmbed/mbedtls.git;protocol=https;branch=${SRCBRANCH_mbedtls};name=mbedtls;destsuffix=git/mbedtls \ + git://github.com/mcu-tools/mcuboot.git;protocol=https;branch=${SRCBRANCH_mcuboot};name=mcuboot;destsuffix=git/mcuboot \ " # The required dependencies are documented in tf-m/config/config_default.cmake # TF-Mv1.6.0 -SRCBRANCH_tfm = "release/1.6.x" +SRCBRANCH_tfm ?= "release/1.6.x" SRCREV_tfm = "7387d88158701a3c51ad51c90a05326ee12847a8" # mbedtls-3.1.0 +SRCBRANCH_mbedtls ?= "master" SRCREV_mbedtls = "d65aeb37349ad1a50e0f6c9b694d4b5290d60e49" # TF-Mv1.6.0 +SRCBRANCH_tfm-tests ?= "release/1.6.x" SRCREV_tfm-tests = "723905d46019596f3f2df66d79b5d6bff6f3f213" # v1.9.0 +SRCBRANCH_mcuboot ?= "main" SRCREV_mcuboot = "c657cbea75f2bb1faf1fceacf972a0537a8d26dd" UPSTREAM_CHECK_GITTAGREGEX = "^TF-Mv(?P<pver>\d+(\.\d+)+)$" diff --git a/meta-arm/meta-arm/recipes-bsp/uefi/edk2-firmware.inc b/meta-arm/meta-arm/recipes-bsp/uefi/edk2-firmware.inc index e0dfa28b22..c9f1f1da07 100644 --- a/meta-arm/meta-arm/recipes-bsp/uefi/edk2-firmware.inc +++ b/meta-arm/meta-arm/recipes-bsp/uefi/edk2-firmware.inc @@ -81,7 +81,7 @@ export CLANG38_ARM_PREFIX = "${TARGET_PREFIX}" TOOLCHAIN:arm = "gcc" do_configure:prepend() { - sed -i -e "s#-target ${HOST_ARCH}-linux-gnu*#-target ${HOST_SYS}#" ${S}/BaseTools/Conf/tools_def.template + sed -i -e "s#-target ${HOST_ARCH}-linux-gnu.*#-target ${HOST_SYS}#" ${S}/BaseTools/Conf/tools_def.template } do_compile() { diff --git a/meta-arm/meta-arm/recipes-bsp/uefi/files/unaligned.patch b/meta-arm/meta-arm/recipes-bsp/uefi/files/unaligned.patch index fa13956feb..783b764439 100644 --- a/meta-arm/meta-arm/recipes-bsp/uefi/files/unaligned.patch +++ b/meta-arm/meta-arm/recipes-bsp/uefi/files/unaligned.patch @@ -1,4 +1,8 @@ -Latest clang is causing build failures because -Werror is used: +From 17f490101f51b03c1ffc7151cc35e9fbd42b6060 Mon Sep 17 00:00:00 2001 +From: Ross Burton <ross.burton@arm.com> +Date: Tue, 22 Feb 2022 10:38:13 +0000 +Subject: [PATCH] Latest clang is causing build failures because -Werror is + used edk2/MdeModulePkg/Include/Guid/ExtendedFirmwarePerformance.h:78:47: error: field Guid within 'FPDT_GUID_EVENT_RECORD' is less aligned than 'EFI_GUID' @@ -11,11 +15,20 @@ This has been reported upstream[1] so until this is resolved, ignore the warning Upstream-Status: Pending Signed-off-by: Ross Burton <ross.burton@arm.com> +--- + BaseTools/Conf/tools_def.template | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/BaseTools/Conf/tools_def.template b/BaseTools/Conf/tools_def.template -index f2bb6247e8..ca2b449f0a 100755 +index 5ed19810b7..9b4f173519 100755 --- a/BaseTools/Conf/tools_def.template +++ b/BaseTools/Conf/tools_def.template -@@ -2570 +2570 @@ DEFINE CLANG38_X64_TARGET = -target x86_64-pc-linux-gnu +@@ -2548,7 +2548,7 @@ DEFINE CLANG38_X64_PREFIX = ENV(CLANG38_BIN) + DEFINE CLANG38_IA32_TARGET = -target i686-pc-linux-gnu
+ DEFINE CLANG38_X64_TARGET = -target x86_64-pc-linux-gnu
+
-DEFINE CLANG38_WARNING_OVERRIDES = -Wno-parentheses-equality -Wno-tautological-compare -Wno-tautological-constant-out-of-range-compare -Wno-empty-body -Wno-unused-const-variable -Wno-varargs -Wno-unknown-warning-option -Wno-unused-but-set-variable -Wno-unused-const-variable
-+DEFINE CLANG38_WARNING_OVERRIDES = -Wno-parentheses-equality -Wno-tautological-compare -Wno-tautological-constant-out-of-range-compare -Wno-empty-body -Wno-unused-const-variable -Wno-varargs -Wno-unknown-warning-option -Wno-unused-but-set-variable -Wno-unused-const-variable -Wno-error=unaligned-access
++DEFINE CLANG38_WARNING_OVERRIDES = -Wno-parentheses-equality -Wno-tautological-compare -Wno-tautological-constant-out-of-range-compare -Wno-empty-body -Wno-unused-const-variable -Wno-varargs -Wno-unknown-warning-option -Wno-unused-but-set-variable -Wno-unused-const-variable -Wno-error=unaligned-access -Wno-unused-command-line-argument
+ DEFINE CLANG38_ALL_CC_FLAGS = DEF(GCC48_ALL_CC_FLAGS) DEF(CLANG38_WARNING_OVERRIDES) -fno-stack-protector -mms-bitfields -Wno-address -Wno-shift-negative-value -Wno-unknown-pragmas -Wno-incompatible-library-redeclaration -fno-asynchronous-unwind-tables -mno-sse -mno-mmx -msoft-float -mno-implicit-float -ftrap-function=undefined_behavior_has_been_optimized_away_by_clang -funsigned-char -fno-ms-extensions -Wno-null-dereference
+
+ ###########################
diff --git a/meta-arm/meta-arm/recipes-devtools/fvp/fvp-base-r-aem_11.18.16.bb b/meta-arm/meta-arm/recipes-devtools/fvp/fvp-base-r-aem_11.19.14.bb index e8704c2f73..3ef089121e 100644 --- a/meta-arm/meta-arm/recipes-devtools/fvp/fvp-base-r-aem_11.18.16.bb +++ b/meta-arm/meta-arm/recipes-devtools/fvp/fvp-base-r-aem_11.19.14.bb @@ -5,6 +5,6 @@ LIC_FILES_CHKSUM = "file://license_terms/license_agreement.txt;md5=1a33828e132ba file://license_terms/third_party_licenses/third_party_licenses.txt;md5=34a1ba318d745f05e6197def68ea5411 \ file://license_terms/third_party_licenses/arm_license_management_utilities/third_party_licenses.txt;md5=2e53bda6ff2db4c35d69944b93926c9f" -SRC_URI[sha256sum] = "a7a5ee0b7f3b84a2e98e136a6f3ab648e4b6b5ad365186a397595f3f7c69f558" +SRC_URI[sha256sum] = "788ede659414af36a2d09489e400c4d822c859b726565f1f171bc3102a9413d0" MODEL_CODE = "FVP_Base_AEMv8R" diff --git a/meta-arm/meta-arm/recipes-devtools/trusted-firmware-m-scripts/trusted-firmware-m-scripts-native_1.6.0.bb b/meta-arm/meta-arm/recipes-devtools/trusted-firmware-m-scripts/trusted-firmware-m-scripts-native_1.6.0.bb new file mode 100644 index 0000000000..453d456abf --- /dev/null +++ b/meta-arm/meta-arm/recipes-devtools/trusted-firmware-m-scripts/trusted-firmware-m-scripts-native_1.6.0.bb @@ -0,0 +1,24 @@ + +SRC_URI = "git://git.trustedfirmware.org/TF-M/trusted-firmware-m.git;protocol=https;branch=${SRCBRANCH}" +# Use the wrapper script from TF-Mv1.6.0 +SRCBRANCH ?= "release/1.6.x" +SRCREV = "7387d88158701a3c51ad51c90a05326ee12847a8" + +LICENSE = "BSD-3-Clause" +LIC_FILES_CHKSUM = "file://license.rst;md5=07f368487da347f3c7bd0fc3085f3afa" + +S = "${WORKDIR}/git" + +inherit native + +RDEPENDS:${PN} = "python3-imgtool-native python3-click-native" + +do_configure[noexec] = "1" +do_compile[noexec] = "1" + +do_install() { + install -d ${D}/${libdir} + cp -rf ${S}/bl2/ext/mcuboot/scripts/ ${D}/${libdir}/tfm-scripts + cp -rf ${S}/bl2/ext/mcuboot/*.pem ${D}/${libdir}/tfm-scripts +} +FILES:${PN} = "${libdir}/tfm-scripts" diff --git a/meta-arm/meta-arm/recipes-kernel/ffa-debugfs/ffa-debugfs-mod_2.1.0.bb b/meta-arm/meta-arm/recipes-kernel/ffa-debugfs/ffa-debugfs-mod_2.1.0.bb deleted file mode 100644 index 4051c3455f..0000000000 --- a/meta-arm/meta-arm/recipes-kernel/ffa-debugfs/ffa-debugfs-mod_2.1.0.bb +++ /dev/null @@ -1,39 +0,0 @@ -SUMMARY = "FF-A Debugfs Linux kernel module" -DESCRIPTION = "This out-of-tree kernel module exposes FF-A operations to user space \ -used for development purposes" -LICENSE = "GPL-2.0-only" -LIC_FILES_CHKSUM = "file://arm_ffa_user.c;beginline=1;endline=1;md5=fcab174c20ea2e2bc0be64b493708266" - -SRC_URI = "git://git.gitlab.arm.com/linux-arm/linux-trusted-services.git;branch=main;protocol=https" - -# ffa-debugfs v2.1.0 -SRCREV = "77967912d033144aff2695cecbd52d3be450deaa" - -S = "${WORKDIR}/git" - -inherit module - -SRC_URI:append = " \ - file://0001-build-add-Yocto-support.patch \ - file://0002-script-loading-the-driver-in-a-generic-way.patch \ - " - -FILES:${PN} += "${bindir}/load_ffa_debugfs.sh" -FILES:${PN}-dev += "${includedir}/arm_ffa_user.h" - -do_install:append() { - install -D -p -m 0755 ${B}/load_ffa_debugfs.sh ${D}/${bindir}/load_ffa_debugfs.sh - install -m 0644 ${S}/arm_ffa_user.h ${D}/${includedir}/arm_ffa_user.h -} - -COMPATIBLE_HOST = "(arm|aarch64).*-linux" - -# Kernel modules currently RDEPEND on the kernel, which is troublesome when you want to put a -# kernel module into a initramfs without pulling the kernel into the initramfs, which would be -# silly. Until this is a recommends the easiest way to handle this is to remove the dependency -# in this recipe. -PACKAGESPLITFUNCS:append = " remove_kernel_dependency" -python remove_kernel_dependency() { - key = "RDEPENDS:kernel-module-arm-ffa-user-" + d.getVar("KERNEL_VERSION") - d.delVar(key) -} diff --git a/meta-arm/meta-arm/recipes-kernel/ffa-debugfs/files/0001-build-add-Yocto-support.patch b/meta-arm/meta-arm/recipes-kernel/ffa-debugfs/files/0001-build-add-Yocto-support.patch deleted file mode 100644 index 5d7e977004..0000000000 --- a/meta-arm/meta-arm/recipes-kernel/ffa-debugfs/files/0001-build-add-Yocto-support.patch +++ /dev/null @@ -1,79 +0,0 @@ -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Arpita S.K <arpita.s.k@arm.com> - -From 8a7bea4e7d08395036ffc2fde57c4fb44315e181 Mon Sep 17 00:00:00 2001 -From: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com> -Date: Mon, 25 Oct 2021 13:12:11 +0100 -Subject: [PATCH 1/2] build: add Yocto support - -This commit allows to build the driver under Yocto - -Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com> ---- - Kbuild | 4 ---- - Makefile | 40 +++++++++++----------------------------- - 2 files changed, 11 insertions(+), 33 deletions(-) - delete mode 100644 Kbuild - -diff --git a/Kbuild b/Kbuild -deleted file mode 100644 -index 330b019..0000000 ---- a/Kbuild -+++ /dev/null -@@ -1,4 +0,0 @@ --# SPDX-License-Identifier: GPL-2.0-only -- --arm-ffa-user-objs := arm_ffa_user.o --obj-m := arm-ffa-user.o -diff --git a/Makefile b/Makefile -index 62dbfb1..90dfaef 100644 ---- a/Makefile -+++ b/Makefile -@@ -1,33 +1,15 @@ --# SPDX-License-Identifier: GPL-2.0-only -+arm-ffa-user-objs := arm_ffa_user.o -+obj-m := arm-ffa-user.o - --ARCH := arm64 --CROSS_COMPILE ?= aarch64-linux-gnu- -+SRC := $(shell pwd) - --ROOT ?= $(CURDIR)/.. --KDIR ?= $(ROOT)/linux --TARGET_DIR ?= $(ROOT)/shared --BUILD_DIR ?= $(CURDIR)/build --BUILD_DIR_MAKEFILE ?= $(BUILD_DIR)/Makefile -+all: -+ $(MAKE) -C $(KERNEL_SRC) M=$(SRC) - --all: module -+modules_install: -+ $(MAKE) -C $(KERNEL_SRC) M=$(SRC) modules_install - --clean: module-clean -- --install: all -- cp $(BUILD_DIR)/arm-ffa-user.ko $(TARGET_DIR)/ -- cp load_module.sh $(TARGET_DIR)/ -- --module: $(BUILD_DIR_MAKEFILE) -- $(MAKE) -C $(KDIR) M=$(BUILD_DIR) src=$(CURDIR) modules \ -- ARCH=$(ARCH) CROSS_COMPILE="$(CROSS_COMPILE)" -- --module-clean: -- $(MAKE) -C $(KDIR) M=$(BUILD_DIR) src=$(CURDIR) clean \ -- ARCH=$(ARCH) CROSS_COMPILE="$(CROSS_COMPILE)" -- rm $(BUILD_DIR_MAKEFILE) -- --$(BUILD_DIR): -- mkdir -p "$@" -- --$(BUILD_DIR_MAKEFILE): $(BUILD_DIR) -- touch "$@" -+clean: -+ rm -f *.o *~ core .depend .*.cmd *.ko *.mod.c -+ rm -f Module.markers Module.symvers modules.order -+ rm -rf .tmp_versions Modules.symvers --- -2.17.1 - diff --git a/meta-arm/meta-arm/recipes-kernel/ffa-debugfs/files/0002-script-loading-the-driver-in-a-generic-way.patch b/meta-arm/meta-arm/recipes-kernel/ffa-debugfs/files/0002-script-loading-the-driver-in-a-generic-way.patch deleted file mode 100644 index e2469d90d9..0000000000 --- a/meta-arm/meta-arm/recipes-kernel/ffa-debugfs/files/0002-script-loading-the-driver-in-a-generic-way.patch +++ /dev/null @@ -1,46 +0,0 @@ -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Arpita S.K <arpita.s.k@arm.com> - -From e5d9dfa703a5a57e535b5dab4eda47a9707972d3 Mon Sep 17 00:00:00 2001 -From: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com> -Date: Mon, 25 Oct 2021 12:51:37 +0100 -Subject: [PATCH 2/2] script: loading the driver in a generic way - -Use the kernel module from the modules path. - -Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com> ---- - load_module.sh => load_ffa_debugfs.sh | 8 ++++++-- - 1 file changed, 6 insertions(+), 2 deletions(-) - rename load_module.sh => load_ffa_debugfs.sh (50%) - mode change 100755 => 100644 - -diff --git a/load_module.sh b/load_ffa_debugfs.sh -old mode 100755 -new mode 100644 -similarity index 50% -rename from load_module.sh -rename to load_ffa_debugfs.sh -index 2137245..4f31ff3 ---- a/load_module.sh -+++ b/load_ffa_debugfs.sh -@@ -1,10 +1,14 @@ - #!/bin/sh -+# -+# Use: -+# load_ffa_debugfs.sh <folder containing sp_uuid_list.txt> -+# - --[ ! -f $(dirname "$0")/sp_uuid_list.txt ] && \ -+[ ! -f "$1"/sp_uuid_list.txt ] && \ - { echo "Error: missing SP UUID list"; exit 1; } - - if ! grep -qs 'arm-ffa-user' /proc/modules; then -- insmod $(dirname "$0")/arm-ffa-user.ko uuid_str_list=$(cat $(dirname "$0")/sp_uuid_list.txt) -+ insmod /lib/modules/$(uname -r)/extra/arm-ffa-user.ko uuid_str_list=$(cat "$1"/sp_uuid_list.txt) - fi - - if ! grep -qs 'debugfs' /proc/mounts; then --- -2.17.1 - diff --git a/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto_5.19%.bbappend b/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto_5.19%.bbappend new file mode 100644 index 0000000000..7dec2f5c9f --- /dev/null +++ b/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto_5.19%.bbappend @@ -0,0 +1,9 @@ +# enable arm_ffa regardless on 5.19 +SRC_URI:append:qemuarm = " \ + file://tee.cfg \ + file://arm-ffa-transport.cfg \ +" +SRC_URI:append:qemuarm64 = " \ + file://tee.cfg \ + file://arm-ffa-transport.cfg \ +" diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-client_3.14.0.bb b/meta-arm/meta-arm/recipes-security/optee/optee-client_3.14.0.bb deleted file mode 100644 index be78b88081..0000000000 --- a/meta-arm/meta-arm/recipes-security/optee/optee-client_3.14.0.bb +++ /dev/null @@ -1,3 +0,0 @@ -require optee-client.inc - -SRCREV = "06e1b32f6a7028e039c625b07cfc25fda0c17d53" diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-examples_3.14.0.bb b/meta-arm/meta-arm/recipes-security/optee/optee-examples_3.14.0.bb deleted file mode 100644 index f2b5f7ddc6..0000000000 --- a/meta-arm/meta-arm/recipes-security/optee/optee-examples_3.14.0.bb +++ /dev/null @@ -1,4 +0,0 @@ -require optee-examples.inc - -SRCREV = "e9c870525af8f7e7fccf575a0ca5394ce55adcec" - diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os-tadevkit_3.14.0.bb b/meta-arm/meta-arm/recipes-security/optee/optee-os-tadevkit_3.14.0.bb deleted file mode 100644 index 0d37a528f2..0000000000 --- a/meta-arm/meta-arm/recipes-security/optee/optee-os-tadevkit_3.14.0.bb +++ /dev/null @@ -1,20 +0,0 @@ -FILESEXTRAPATHS:prepend := "${THISDIR}/optee-os:" -require optee-os_3.14.0.bb - -SUMMARY = "OP-TEE Trusted OS TA devkit" -DESCRIPTION = "OP-TEE TA devkit for build TAs" -HOMEPAGE = "https://www.op-tee.org/" - -do_install() { - #install TA devkit - install -d ${D}${includedir}/optee/export-user_ta/ - for f in ${B}/export-ta_${OPTEE_ARCH}/* ; do - cp -aR $f ${D}${includedir}/optee/export-user_ta/ - done -} - -do_deploy() { - echo "Do not inherit do_deploy from optee-os." -} - -FILES:${PN} = "${includedir}/optee/" diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os/0001-core-Define-section-attributes-for-clang.patch b/meta-arm/meta-arm/recipes-security/optee/optee-os/0001-core-Define-section-attributes-for-clang.patch index db88e7f0fc..a69d77761d 100644 --- a/meta-arm/meta-arm/recipes-security/optee/optee-os/0001-core-Define-section-attributes-for-clang.patch +++ b/meta-arm/meta-arm/recipes-security/optee/optee-os/0001-core-Define-section-attributes-for-clang.patch @@ -37,11 +37,9 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com> core/kernel/thread.c | 13 +++++++++++- 4 files changed, 71 insertions(+), 8 deletions(-) -diff --git a/core/arch/arm/kernel/thread.c b/core/arch/arm/kernel/thread.c -index f083b159e..432983c86 100644 --- a/core/arch/arm/kernel/thread.c +++ b/core/arch/arm/kernel/thread.c -@@ -44,15 +44,30 @@ static size_t thread_user_kcode_size __nex_bss; +@@ -44,16 +44,31 @@ static size_t thread_user_kcode_size __n #if defined(CFG_CORE_UNMAP_CORE_AT_EL0) && \ defined(CFG_CORE_WORKAROUND_SPECTRE_BP_SEC) && defined(ARM64) long thread_user_kdata_sp_offset __nex_bss; @@ -64,21 +62,20 @@ index f083b159e..432983c86 100644 - __section(".nex_nozi.kdata_page"); + __section(".nex_nozi.kdata_page") #endif -+#endif + #endif + ; +#endif + +/* reset BSS section to default ( .bss ) */ +#ifdef __clang__ +#pragma clang section bss="" - #endif ++#endif #ifdef ARM32 -diff --git a/core/arch/arm/mm/core_mmu_lpae.c b/core/arch/arm/mm/core_mmu_lpae.c -index 19cd7b61b..78f5910c5 100644 + uint32_t __nostackcheck thread_get_exceptions(void) --- a/core/arch/arm/mm/core_mmu_lpae.c +++ b/core/arch/arm/mm/core_mmu_lpae.c -@@ -230,19 +230,46 @@ typedef uint16_t l1_idx_t; +@@ -233,19 +233,46 @@ typedef uint16_t l1_idx_t; typedef uint64_t base_xlat_tbls_t[CFG_TEE_CORE_NB_CORE][NUM_BASE_LEVEL_ENTRIES]; typedef uint64_t xlat_tbl_t[XLAT_TABLE_ENTRIES]; @@ -129,8 +126,6 @@ index 19cd7b61b..78f5910c5 100644 /* * TAs page table entry inside a level 1 page table. * -diff --git a/core/arch/arm/mm/pgt_cache.c b/core/arch/arm/mm/pgt_cache.c -index d658b3e68..6c36706c0 100644 --- a/core/arch/arm/mm/pgt_cache.c +++ b/core/arch/arm/mm/pgt_cache.c @@ -104,8 +104,18 @@ void pgt_init(void) @@ -153,11 +148,9 @@ index d658b3e68..6c36706c0 100644 size_t n; for (n = 0; n < ARRAY_SIZE(pgt_tables); n++) { -diff --git a/core/kernel/thread.c b/core/kernel/thread.c -index 18d34e6ad..086129e28 100644 --- a/core/kernel/thread.c +++ b/core/kernel/thread.c -@@ -37,13 +37,24 @@ struct thread_core_local thread_core_local[CFG_TEE_CORE_NB_CORE] __nex_bss; +@@ -37,13 +37,24 @@ struct thread_core_local thread_core_loc name[stack_num][sizeof(name[stack_num]) / sizeof(uint32_t) - 1] #endif @@ -183,6 +176,55 @@ index 18d34e6ad..086129e28 100644 #define GET_STACK(stack) ((vaddr_t)(stack) + STACK_SIZE(stack)) DECLARE_STACK(stack_tmp, CFG_TEE_CORE_NB_CORE, --- -2.37.2 - +--- a/core/arch/arm/mm/core_mmu_v7.c ++++ b/core/arch/arm/mm/core_mmu_v7.c +@@ -204,16 +204,46 @@ typedef uint32_t l1_xlat_tbl_t[NUM_L1_EN + typedef uint32_t l2_xlat_tbl_t[NUM_L2_ENTRIES]; + typedef uint32_t ul1_xlat_tbl_t[NUM_UL1_ENTRIES]; + ++#ifdef __clang__ ++#pragma clang section bss=".nozi.mmu.l1" ++#endif + static l1_xlat_tbl_t main_mmu_l1_ttb +- __aligned(L1_ALIGNMENT) __section(".nozi.mmu.l1"); ++ __aligned(L1_ALIGNMENT) ++#ifndef __clang__ ++ __section(".nozi.mmu.l1") ++#endif ++; ++#ifdef __clang__ ++#pragma clang section bss="" ++#endif + + /* L2 MMU tables */ ++#ifdef __clang__ ++#pragma clang section bss=".nozi.mmu.l2" ++#endif + static l2_xlat_tbl_t main_mmu_l2_ttb[MAX_XLAT_TABLES] +- __aligned(L2_ALIGNMENT) __section(".nozi.mmu.l2"); ++ __aligned(L2_ALIGNMENT) ++#ifndef __clang__ ++ __section(".nozi.mmu.l2") ++#endif ++; ++#ifdef __clang__ ++#pragma clang section bss="" ++#endif + + /* MMU L1 table for TAs, one for each thread */ ++#ifdef __clang__ ++#pragma clang section bss=".nozi.mmu.ul1" ++#endif + static ul1_xlat_tbl_t main_mmu_ul1_ttb[CFG_NUM_THREADS] +- __aligned(UL1_ALIGNMENT) __section(".nozi.mmu.ul1"); ++ __aligned(UL1_ALIGNMENT) ++#ifndef __clang__ ++ __section(".nozi.mmu.ul1") ++#endif ++; ++#ifdef __clang__ ++#pragma clang section bss="" ++#endif + + struct mmu_partition { + l1_xlat_tbl_t *l1_table; diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os/0006-allow-setting-sysroot-for-libgcc-lookup.patch b/meta-arm/meta-arm/recipes-security/optee/optee-os/0006-allow-setting-sysroot-for-libgcc-lookup.patch index 17005396d4..ab4a6dbc0a 100644 --- a/meta-arm/meta-arm/recipes-security/optee/optee-os/0006-allow-setting-sysroot-for-libgcc-lookup.patch +++ b/meta-arm/meta-arm/recipes-security/optee/optee-os/0006-allow-setting-sysroot-for-libgcc-lookup.patch @@ -1,4 +1,4 @@ -From 0bab935695ebcf0c533b49896ab18ff33d4a47d1 Mon Sep 17 00:00:00 2001 +From 528aeb42652a3159c1bfd51d6c1442c3ff27b84c Mon Sep 17 00:00:00 2001 From: Ross Burton <ross.burton@arm.com> Date: Tue, 26 May 2020 14:38:02 -0500 Subject: [PATCH] allow setting sysroot for libgcc lookup @@ -9,6 +9,7 @@ otherwise. Upstream-Status: Pending [https://github.com/OP-TEE/optee_os/issues/4188] Signed-off-by: Ross Burton <ross.burton@arm.com> + --- mk/gcc.mk | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os/0007-allow-setting-sysroot-for-clang.patch b/meta-arm/meta-arm/recipes-security/optee/optee-os/0007-allow-setting-sysroot-for-clang.patch index 5c0d0a5659..067ba6ebfb 100644 --- a/meta-arm/meta-arm/recipes-security/optee/optee-os/0007-allow-setting-sysroot-for-clang.patch +++ b/meta-arm/meta-arm/recipes-security/optee/optee-os/0007-allow-setting-sysroot-for-clang.patch @@ -1,4 +1,4 @@ -From 3167f2c0dba4db59d61b60a8fe66f969d20aafa9 Mon Sep 17 00:00:00 2001 +From db9e44af75c7cfd3316cab15aaa387383df3e57e Mon Sep 17 00:00:00 2001 From: Brett Warren <brett.warren@arm.com> Date: Wed, 23 Sep 2020 09:27:34 +0100 Subject: [PATCH] optee: enable clang support @@ -10,12 +10,13 @@ compiler-rt. This is mitigated by including the variable as ammended. Upstream-Status: Pending ChangeId: 8ba69a4b2eb8ebaa047cb266c9aa6c2c3da45701 Signed-off-by: Brett Warren <brett.warren@arm.com> + --- mk/clang.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mk/clang.mk b/mk/clang.mk -index 0f48c836..47465523 100644 +index c141a3f2..7d067cc0 100644 --- a/mk/clang.mk +++ b/mk/clang.mk @@ -27,7 +27,7 @@ comp-cflags-warns-clang := -Wno-language-extension-token \ diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os/0008-no-warn-rwx-segments.patch b/meta-arm/meta-arm/recipes-security/optee/optee-os/0008-no-warn-rwx-segments.patch index 1dd70b3129..6d48a7601b 100644 --- a/meta-arm/meta-arm/recipes-security/optee/optee-os/0008-no-warn-rwx-segments.patch +++ b/meta-arm/meta-arm/recipes-security/optee/optee-os/0008-no-warn-rwx-segments.patch @@ -1,11 +1,11 @@ -Signed-off-by: Anton Antonov <Anton.Antonov@arm.com> -Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/pull/5474] - -From 0b8a917fa51a366806edc0f04b88cd23b24098c4 Mon Sep 17 00:00:00 2001 +From cf2a2451f4e9300532d677bb3a8315494a3b3a82 Mon Sep 17 00:00:00 2001 From: Jerome Forissier <jerome.forissier@linaro.org> Date: Fri, 5 Aug 2022 09:48:03 +0200 Subject: [PATCH] core: link: add --no-warn-rwx-segments +Signed-off-by: Anton Antonov <Anton.Antonov@arm.com> +Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/pull/5474] + binutils ld.bfd generates one RWX LOAD segment by merging several sections with mixed R/W/X attributes (.text, .rodata, .data). After version 2.38 it also warns by default when that happens [1], which breaks the build due to @@ -18,12 +18,13 @@ Link: https://sourceware.org/bugzilla/show_bug.cgi?id=29448 Reported-by: Dominique Martinet <dominique.martinet@atmark-techno.com> Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org> Acked-by: Jens Wiklander <jens.wiklander@linaro.org> + --- core/arch/arm/kernel/link.mk | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/core/arch/arm/kernel/link.mk b/core/arch/arm/kernel/link.mk -index 7eed333a32..c39d43cbfc 100644 +index 7eed333a..c39d43cb 100644 --- a/core/arch/arm/kernel/link.mk +++ b/core/arch/arm/kernel/link.mk @@ -31,6 +31,7 @@ link-ldflags += -T $(link-script-pp) -Map=$(link-out-dir)/tee.map diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os/3.18/0009-add-z-execstack.patch b/meta-arm/meta-arm/recipes-security/optee/optee-os/0009-add-z-execstack.patch index 5463a345c9..3ba6c4ef38 100644 --- a/meta-arm/meta-arm/recipes-security/optee/optee-os/3.18/0009-add-z-execstack.patch +++ b/meta-arm/meta-arm/recipes-security/optee/optee-os/0009-add-z-execstack.patch @@ -1,4 +1,4 @@ -From a9d099d17ef0af6deac4c3b4d15ad0555d258ec8 Mon Sep 17 00:00:00 2001 +From ea932656461865ab9ac4036245c756c082aeb3e1 Mon Sep 17 00:00:00 2001 From: Jerome Forissier <jerome.forissier@linaro.org> Date: Tue, 23 Aug 2022 11:41:00 +0000 Subject: [PATCH] core, ldelf: link: add -z execstack @@ -22,6 +22,10 @@ Signed-off-by: Anton Antonov <Anton.Antonov@arm.com> Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/pull/5499] --- + core/arch/arm/kernel/link.mk | 13 +++++++++---- + ldelf/link.mk | 3 +++ + 2 files changed, 12 insertions(+), 4 deletions(-) + diff --git a/core/arch/arm/kernel/link.mk b/core/arch/arm/kernel/link.mk index c39d43cb..0e96e606 100644 --- a/core/arch/arm/kernel/link.mk diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os/3.14/0010-add-note-GNU-stack-section.patch b/meta-arm/meta-arm/recipes-security/optee/optee-os/0010-add-note-GNU-stack-section.patch index c0330b9fc8..4ea65d88cc 100644 --- a/meta-arm/meta-arm/recipes-security/optee/optee-os/3.14/0010-add-note-GNU-stack-section.patch +++ b/meta-arm/meta-arm/recipes-security/optee/optee-os/0010-add-note-GNU-stack-section.patch @@ -1,4 +1,4 @@ -From f99a0278ad5e26772b3dcf8c74b5bf986ecfbe1e Mon Sep 17 00:00:00 2001 +From ec30e84671aac9a2e9549754eb7bc6201728db4c Mon Sep 17 00:00:00 2001 From: Jerome Forissier <jerome.forissier@linaro.org> Date: Tue, 23 Aug 2022 12:31:46 +0000 Subject: [PATCH] arm32: libutils, libutee, ta: add .note.GNU-stack section to diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os/3.14/0009-add-z-execstack.patch b/meta-arm/meta-arm/recipes-security/optee/optee-os/3.14/0009-add-z-execstack.patch deleted file mode 100644 index 616a0fff5a..0000000000 --- a/meta-arm/meta-arm/recipes-security/optee/optee-os/3.14/0009-add-z-execstack.patch +++ /dev/null @@ -1,95 +0,0 @@ -From cb4349edce6ce360436f10da8b6aa32e68fb778d Mon Sep 17 00:00:00 2001 -From: Jerome Forissier <jerome.forissier@linaro.org> -Date: Tue, 23 Aug 2022 11:41:00 +0000 -Subject: [PATCH] core, ldelf: link: add -z execstack - -When building for arm32 with GNU binutils 2.39, the linker outputs -warnings when generating some TEE core binaries (all_obj.o, init.o, -unpaged.o and tee.elf) as well as ldelf.elf: - - arm-poky-linux-gnueabi-ld.bfd: warning: atomic_a32.o: missing .note.GNU-stack section implies executable stack - arm-poky-linux-gnueabi-ld.bfd: NOTE: This behaviour is deprecated and will be removed in a future version of the linker - -The permissions used when mapping the TEE core stacks do not depend on -any metadata found in the ELF file. Similarly when the TEE core loads -ldelf it already creates a non-executable stack regardless of ELF -information. Therefore we can safely ignore the warnings. This is done -by adding the '-z execstack' option. - -Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org> - -Signed-off-by: Anton Antonov <Anton.Antonov@arm.com> -Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/pull/5499] - ---- - core/arch/arm/kernel/link.mk | 13 +++++++++---- - ldelf/link.mk | 4 ++++ - 2 files changed, 13 insertions(+), 4 deletions(-) - -diff --git a/core/arch/arm/kernel/link.mk b/core/arch/arm/kernel/link.mk -index 3dc459d6..85cde58e 100644 ---- a/core/arch/arm/kernel/link.mk -+++ b/core/arch/arm/kernel/link.mk -@@ -9,6 +9,11 @@ link-script-dep = $(link-out-dir)/.kern.ld.d - - AWK = awk - -+link-ldflags-common += $(call ld-option,--no-warn-rwx-segments) -+ifeq ($(CFG_ARM32_core),y) -+link-ldflags-common += $(call ld-option,--no-warn-execstack) -+endif -+ - link-ldflags = $(LDFLAGS) - ifeq ($(CFG_CORE_ASLR),y) - link-ldflags += -pie -Bsymbolic -z notext -z norelro $(ldflag-apply-dynamic-relocs) -@@ -17,7 +22,7 @@ link-ldflags += -T $(link-script-pp) -Map=$(link-out-dir)/tee.map - link-ldflags += --sort-section=alignment - link-ldflags += --fatal-warnings - link-ldflags += --gc-sections --link-ldflags += $(call ld-option,--no-warn-rwx-segments) -+link-ldflags += $(link-ldflags-common) - - link-ldadd = $(LDADD) - link-ldadd += $(ldflags-external) -@@ -39,7 +44,7 @@ link-script-cppflags := \ - $(cppflagscore)) - - ldargs-all_objs := -T $(link-script-dummy) --no-check-sections \ -- $(call ld-option,--no-warn-rwx-segments) \ -+ $(link-ldflags-common) \ - $(link-objs) $(link-ldadd) $(libgcccore) - cleanfiles += $(link-out-dir)/all_objs.o - $(link-out-dir)/all_objs.o: $(objs) $(libdeps) $(MAKEFILE_LIST) -@@ -53,7 +58,7 @@ $(link-out-dir)/unpaged_entries.txt: $(link-out-dir)/all_objs.o - $(AWK) '/ ____keep_pager/ { printf "-u%s ", $$3 }' > $@ - - unpaged-ldargs := -T $(link-script-dummy) --no-check-sections --gc-sections \ -- $(call ld-option,--no-warn-rwx-segments) -+ $(link-ldflags-common) - unpaged-ldadd := $(objs) $(link-ldadd) $(libgcccore) - cleanfiles += $(link-out-dir)/unpaged.o - $(link-out-dir)/unpaged.o: $(link-out-dir)/unpaged_entries.txt -@@ -82,7 +87,7 @@ $(link-out-dir)/init_entries.txt: $(link-out-dir)/all_objs.o - $(AWK) '/ ____keep_init/ { printf "-u%s ", $$3 }' > $@ - - init-ldargs := -T $(link-script-dummy) --no-check-sections --gc-sections \ -- $(call ld-option,--no-warn-rwx-segments) -+ $(link-ldflags-common) - init-ldadd := $(link-objs-init) $(link-out-dir)/version.o $(link-ldadd) \ - $(libgcccore) - cleanfiles += $(link-out-dir)/init.o -diff --git a/ldelf/link.mk b/ldelf/link.mk -index 8fafc879..d8a05ea6 100644 ---- a/ldelf/link.mk -+++ b/ldelf/link.mk -@@ -19,6 +19,10 @@ link-ldflags += --sort-section=alignment - link-ldflags += -z max-page-size=4096 # OP-TEE always uses 4K alignment - link-ldflags += $(link-ldflags$(sm)) - -+ifeq ($(CFG_ARM32_$(sm)), y) -+link-ldflags += $(call ld-option,--no-warn-execstack) -+endif -+ - link-ldadd = $(addprefix -L,$(libdirs)) - link-ldadd += --start-group $(addprefix -l,$(libnames)) --end-group - ldargs-ldelf.elf := $(link-ldflags) $(objs) $(link-ldadd) $(libgcc$(sm)) diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os/3.18/0010-add-note-GNU-stack-section.patch b/meta-arm/meta-arm/recipes-security/optee/optee-os/3.18/0010-add-note-GNU-stack-section.patch deleted file mode 100644 index 95d5e676a6..0000000000 --- a/meta-arm/meta-arm/recipes-security/optee/optee-os/3.18/0010-add-note-GNU-stack-section.patch +++ /dev/null @@ -1,128 +0,0 @@ -From 38bf606653ee08b10db6bb298e369cb3a9cdcda9 Mon Sep 17 00:00:00 2001 -From: Jerome Forissier <jerome.forissier@linaro.org> -Date: Tue, 23 Aug 2022 12:31:46 +0000 -Subject: [PATCH] arm32: libutils, libutee, ta: add .note.GNU-stack section to - - .S files - -When building for arm32 with GNU binutils 2.39, the linker outputs -warnings when linking Trusted Applications: - - arm-unknown-linux-uclibcgnueabihf-ld.bfd: warning: utee_syscalls_a32.o: missing .note.GNU-stack section implies executable stack - arm-unknown-linux-uclibcgnueabihf-ld.bfd: NOTE: This behaviour is deprecated and will be removed in a future version of the linker - -We could silence the warning by adding the '-z execstack' option to the -TA link flags, like we did in the parent commit for the TEE core and -ldelf. Indeed, ldelf always allocates a non-executable piece of memory -for the TA to use as a stack. - -However it seems preferable to comply with the common ELF practices in -this case. A better fix is therefore to add the missing .note.GNU-stack -sections in the assembler files. - -Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org> - -Signed-off-by: Anton Antonov <Anton.Antonov@arm.com> -Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/pull/5499] - ---- - lib/libutee/arch/arm/utee_syscalls_a32.S | 2 ++ - lib/libutils/ext/arch/arm/atomic_a32.S | 2 ++ - lib/libutils/ext/arch/arm/mcount_a32.S | 2 ++ - lib/libutils/isoc/arch/arm/arm32_aeabi_divmod_a32.S | 2 ++ - lib/libutils/isoc/arch/arm/arm32_aeabi_ldivmod_a32.S | 2 ++ - lib/libutils/isoc/arch/arm/setjmp_a32.S | 2 ++ - ta/arch/arm/ta_entry_a32.S | 2 ++ - 7 files changed, 14 insertions(+) - -diff --git a/lib/libutee/arch/arm/utee_syscalls_a32.S b/lib/libutee/arch/arm/utee_syscalls_a32.S -index 6e621ca6..af405f62 100644 ---- a/lib/libutee/arch/arm/utee_syscalls_a32.S -+++ b/lib/libutee/arch/arm/utee_syscalls_a32.S -@@ -7,6 +7,8 @@ - #include <tee_syscall_numbers.h> - #include <asm.S> - -+ .section .note.GNU-stack,"",%progbits -+ - .section .text - .balign 4 - .code 32 -diff --git a/lib/libutils/ext/arch/arm/atomic_a32.S b/lib/libutils/ext/arch/arm/atomic_a32.S -index eaef6914..2be73ffa 100644 ---- a/lib/libutils/ext/arch/arm/atomic_a32.S -+++ b/lib/libutils/ext/arch/arm/atomic_a32.S -@@ -5,6 +5,8 @@ - - #include <asm.S> - -+ .section .note.GNU-stack,"",%progbits -+ - /* uint32_t atomic_inc32(uint32_t *v); */ - FUNC atomic_inc32 , : - ldrex r1, [r0] -diff --git a/lib/libutils/ext/arch/arm/mcount_a32.S b/lib/libutils/ext/arch/arm/mcount_a32.S -index 51439a23..54dc3c02 100644 ---- a/lib/libutils/ext/arch/arm/mcount_a32.S -+++ b/lib/libutils/ext/arch/arm/mcount_a32.S -@@ -7,6 +7,8 @@ - - #if defined(CFG_TA_GPROF_SUPPORT) || defined(CFG_FTRACE_SUPPORT) - -+ .section .note.GNU-stack,"",%progbits -+ - /* - * Convert return address to call site address by subtracting the size of the - * mcount call instruction (blx __gnu_mcount_nc). -diff --git a/lib/libutils/isoc/arch/arm/arm32_aeabi_divmod_a32.S b/lib/libutils/isoc/arch/arm/arm32_aeabi_divmod_a32.S -index a600c879..37ae9ec6 100644 ---- a/lib/libutils/isoc/arch/arm/arm32_aeabi_divmod_a32.S -+++ b/lib/libutils/isoc/arch/arm/arm32_aeabi_divmod_a32.S -@@ -5,6 +5,8 @@ - - #include <asm.S> - -+ .section .note.GNU-stack,"",%progbits -+ - /* - * signed ret_idivmod_values(signed quot, signed rem); - * return quotient and remaining the EABI way (regs r0,r1) -diff --git a/lib/libutils/isoc/arch/arm/arm32_aeabi_ldivmod_a32.S b/lib/libutils/isoc/arch/arm/arm32_aeabi_ldivmod_a32.S -index 2dc50bc9..5c3353e2 100644 ---- a/lib/libutils/isoc/arch/arm/arm32_aeabi_ldivmod_a32.S -+++ b/lib/libutils/isoc/arch/arm/arm32_aeabi_ldivmod_a32.S -@@ -5,6 +5,8 @@ - - #include <asm.S> - -+ .section .note.GNU-stack,"",%progbits -+ - /* - * __value_in_regs lldiv_t __aeabi_ldivmod( long long n, long long d) - */ -diff --git a/lib/libutils/isoc/arch/arm/setjmp_a32.S b/lib/libutils/isoc/arch/arm/setjmp_a32.S -index 43ea5937..f8a0b70d 100644 ---- a/lib/libutils/isoc/arch/arm/setjmp_a32.S -+++ b/lib/libutils/isoc/arch/arm/setjmp_a32.S -@@ -51,6 +51,8 @@ - #define SIZE(x) - #endif - -+ .section .note.GNU-stack,"",%progbits -+ - /* Arm/Thumb interworking support: - - The interworking scheme expects functions to use a BX instruction -diff --git a/ta/arch/arm/ta_entry_a32.S b/ta/arch/arm/ta_entry_a32.S -index d2f8a69d..cd9a12f9 100644 ---- a/ta/arch/arm/ta_entry_a32.S -+++ b/ta/arch/arm/ta_entry_a32.S -@@ -5,6 +5,8 @@ - - #include <asm.S> - -+ .section .note.GNU-stack,"",%progbits -+ - /* - * This function is the bottom of the user call stack. Mark it as such so that - * the unwinding code won't try to go further down. diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os_3.14.0.bb b/meta-arm/meta-arm/recipes-security/optee/optee-os_3.14.0.bb deleted file mode 100644 index 6400ac2a6c..0000000000 --- a/meta-arm/meta-arm/recipes-security/optee/optee-os_3.14.0.bb +++ /dev/null @@ -1,10 +0,0 @@ -require optee-os.inc - -SRCREV = "d21befa5e53eae9db469eba1685f5aa5c6f92c2f" - -DEPENDS = "python3-pycryptodome-native python3-pyelftools-native" - -SRC_URI:append = " \ - file://3.14/0009-add-z-execstack.patch \ - file://3.14/0010-add-note-GNU-stack-section.patch \ - " diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os_3.18.0.bb b/meta-arm/meta-arm/recipes-security/optee/optee-os_3.18.0.bb index f459efce66..59e58ed30f 100644 --- a/meta-arm/meta-arm/recipes-security/optee/optee-os_3.18.0.bb +++ b/meta-arm/meta-arm/recipes-security/optee/optee-os_3.18.0.bb @@ -5,6 +5,6 @@ DEPENDS += "dtc-native" SRCREV = "1ee647035939e073a2e8dddb727c0f019cc035f1" SRC_URI:append = " \ file://0001-core-Define-section-attributes-for-clang.patch \ - file://3.18/0009-add-z-execstack.patch \ - file://3.18/0010-add-note-GNU-stack-section.patch \ + file://0009-add-z-execstack.patch \ + file://0010-add-note-GNU-stack-section.patch \ " diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-spdevkit_git.bb b/meta-arm/meta-arm/recipes-security/optee/optee-spdevkit_3.10.0.bb index 7608cec044..7608cec044 100644 --- a/meta-arm/meta-arm/recipes-security/optee/optee-spdevkit_git.bb +++ b/meta-arm/meta-arm/recipes-security/optee/optee-spdevkit_3.10.0.bb diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-test_3.14.0.bb b/meta-arm/meta-arm/recipes-security/optee/optee-test_3.14.0.bb deleted file mode 100644 index 6367c27612..0000000000 --- a/meta-arm/meta-arm/recipes-security/optee/optee-test_3.14.0.bb +++ /dev/null @@ -1,3 +0,0 @@ -require optee-test.inc - -SRCREV = "f2eb88affbb7f028561b4fd5cbd049d5d704f741" diff --git a/meta-arm/meta-arm/recipes-security/packagegroups/packagegroup-ts-tests.bb b/meta-arm/meta-arm/recipes-security/packagegroups/packagegroup-ts-tests.bb index 72ba33f419..b9c6507ce7 100644 --- a/meta-arm/meta-arm/recipes-security/packagegroups/packagegroup-ts-tests.bb +++ b/meta-arm/meta-arm/recipes-security/packagegroups/packagegroup-ts-tests.bb @@ -1,11 +1,11 @@ SUMMARY = "Trusted Services test/demo linux tools" +PACKAGE_ARCH = "${MACHINE_ARCH}" + inherit packagegroup COMPATIBLE_HOST = "aarch64.*-linux" -PACKAGE_ARCH = "${MACHINE_ARCH}" - PACKAGES = "${PN} ${PN}-psa" RDEPENDS:${PN} = "\ diff --git a/meta-arm/meta-arm/recipes-security/trusted-services/secure-partitions.inc b/meta-arm/meta-arm/recipes-security/trusted-services/secure-partitions.inc deleted file mode 100644 index 1df7409c6c..0000000000 --- a/meta-arm/meta-arm/recipes-security/trusted-services/secure-partitions.inc +++ /dev/null @@ -1,27 +0,0 @@ -LICENSE = "Apache-2.0 & BSD-3-Clause & Zlib" -LIC_FILES_CHKSUM = "file://license.rst;md5=ea160bac7f690a069c608516b17997f4" - -SRC_URI = "git://git.trustedfirmware.org/TS/trusted-services.git;protocol=https;branch=integration;name=ts;destsuffix=git/ts" - -SRCREV_ts ?= "a365a04f937b9b76ebb2e0eeade226f208cbc0d2" - -S = "${WORKDIR}/git/ts" -B = "${WORKDIR}/build" - -export CROSS_COMPILE="${TARGET_PREFIX}" - -CFLAGS[unexport] = "1" -CPPFLAGS[unexport] = "1" -AS[unexport] = "1" -LD[unexport] = "1" - -# setting the linker options used to build the secure partitions -SECURITY_LDFLAGS = "" -TARGET_LDFLAGS = "-Wl,--build-id=none -Wl,--hash-style=both" - -do_configure[cleandirs] = "${B}" - -# Currently trusted-services and psa-arch-tests use FetchContent to download -# more sources during do_configure. Until this is resolved we need to allow -# network operations. -do_configure[network] = "1" diff --git a/meta-arm/meta-arm/recipes-security/trusted-services/secure-partitions_git.bb b/meta-arm/meta-arm/recipes-security/trusted-services/secure-partitions_git.bb deleted file mode 100644 index fca6d9d3c9..0000000000 --- a/meta-arm/meta-arm/recipes-security/trusted-services/secure-partitions_git.bb +++ /dev/null @@ -1,74 +0,0 @@ -SUMMARY = "Trusted Services secure partitions" -HOMEPAGE = "https://trusted-services.readthedocs.io/en/latest/index.html" - -COMPATIBLE_MACHINE ?= "invalid" - -PACKAGE_ARCH = "${MACHINE_ARCH}" - -require secure-partitions.inc - -SRCREV_FORMAT = "ts" -PV = "0.0+git${SRCPV}" - -# Which environment to create the secure partions for (opteesp or shim) -TS_ENVIRONMENT ?= "opteesp" - -inherit deploy python3native - -DEPENDS = "python3-pycryptodome-native python3-pycryptodomex-native \ - python3-pyelftools-native python3-grpcio-tools-native \ - python3-protobuf-native protobuf-native cmake-native \ - " - -DEPENDS:append = " ${@bb.utils.contains('TS_ENVIRONMENT', 'opteesp', 'optee-spdevkit', '', d)}" - -export CROSS_COMPILE="${TARGET_PREFIX}" - -CFLAGS[unexport] = "1" -CPPFLAGS[unexport] = "1" -AS[unexport] = "1" -LD[unexport] = "1" - -# only used if TS_ENVIRONMENT is opteesp -SP_DEV_KIT_DIR = "${@bb.utils.contains('TS_ENVIRONMENT', 'opteesp', '${STAGING_INCDIR}/optee/export-user_sp', '', d)}" - -# SP images are embedded into optee os image -SP_PACKAGING_METHOD ?= "embedded" - -do_configure() { - for TS_DEPLOYMENT in ${TS_DEPLOYMENTS}; do - cmake \ - -DCMAKE_INSTALL_PREFIX=${D}/firmware/sp \ - -DSP_DEV_KIT_DIR=${SP_DEV_KIT_DIR} \ - -DSP_PACKAGING_METHOD=${SP_PACKAGING_METHOD} \ - -DTS_PLATFORM="${TS_PLATFORM}" \ - -S ${S}/$TS_DEPLOYMENT -B "${B}/$TS_DEPLOYMENT" - done -} - -do_compile() { - for TS_DEPLOYMENT in ${TS_DEPLOYMENTS}; do - cmake --build "${B}/$TS_DEPLOYMENT" - done -} - -do_install () { - if [ "${TS_ENVIRONMENT}" = "opteesp" ]; then - for TS_DEPLOYMENT in ${TS_DEPLOYMENTS}; do - cmake --install "${B}/$TS_DEPLOYMENT" - done - fi -} - -SYSROOT_DIRS = "/firmware" - -do_deploy() { - cp -rf ${D}/firmware/* ${DEPLOYDIR}/ -} -addtask deploy after do_install - -FILES:${PN} = "/firmware/sp/opteesp*" - -# Build paths are currently embedded -INSANE_SKIP:${PN} += "buildpaths" -INSANE_SKIP:${PN}-dbg += "buildpaths" diff --git a/meta-arm/meta-arm/recipes-security/trusted-services/trusted-services.inc b/meta-arm/meta-arm/recipes-security/trusted-services/trusted-services.inc index 80c0849903..a8f49a5e1e 100644 --- a/meta-arm/meta-arm/recipes-security/trusted-services/trusted-services.inc +++ b/meta-arm/meta-arm/recipes-security/trusted-services/trusted-services.inc @@ -50,3 +50,5 @@ EXTRA_OECMAKE += "${@oe.utils.conditional('TS_ENV', 'opteesp', \ EXTRA_OECMAKE += "-Dlibts_DIR=${STAGING_DIR_HOST}${TS_INSTALL}/lib/cmake/ \ -DNEWLIB_INSTALL_DIR=${STAGING_DIR_HOST}${TS_INSTALL}/newlib_install \ " +# Newlib does not compile with clang +TOOLCHAIN = "gcc" |