diff options
Diffstat (limited to 'meta-arm/meta-arm-bsp')
57 files changed, 1670 insertions, 324 deletions
diff --git a/meta-arm/meta-arm-bsp/conf/machine/fvp-base.conf b/meta-arm/meta-arm-bsp/conf/machine/fvp-base.conf index 320e22ce89..1ba070824e 100644 --- a/meta-arm/meta-arm-bsp/conf/machine/fvp-base.conf +++ b/meta-arm/meta-arm-bsp/conf/machine/fvp-base.conf @@ -10,10 +10,10 @@ require conf/machine/include/arm/arch-armv8a.inc TUNE_FEATURES = "aarch64" PREFERRED_VERSION_u-boot ?= "2022.04" -PREFERRED_VERSION_linux-yocto ?= "5.15%" -PREFERRED_VERSION_linux-yocto-rt ?= "5.15%" # FVP u-boot configuration UBOOT_MACHINE = "vexpress_aemv8a_semi_defconfig" KERNEL_IMAGETYPE = "Image" + +FVP_CONFIG[bp.virtio_rng.enabled] ?= "1" diff --git a/meta-arm/meta-arm-bsp/conf/machine/fvp-baser-aemv8r64.conf b/meta-arm/meta-arm-bsp/conf/machine/fvp-baser-aemv8r64.conf index 8119cb6818..06bef291f3 100644 --- a/meta-arm/meta-arm-bsp/conf/machine/fvp-baser-aemv8r64.conf +++ b/meta-arm/meta-arm-bsp/conf/machine/fvp-baser-aemv8r64.conf @@ -9,8 +9,6 @@ require conf/machine/include/arm/armv8r/arch-armv8r64.inc EXTRA_IMAGEDEPENDS += "boot-wrapper-aarch64" PREFERRED_PROVIDER_virtual/kernel ?= "linux-yocto" -PREFERRED_VERSION_linux-yocto ?= "5.15%" -PREFERRED_VERSION_linux-yocto-rt ?= "5.15%" PREFERRED_VERSION_u-boot ?= "2022.07" KERNEL_IMAGETYPE = "Image" diff --git a/meta-arm/meta-arm-bsp/conf/machine/juno.conf b/meta-arm/meta-arm-bsp/conf/machine/juno.conf index c002ed638f..4a86d4e267 100644 --- a/meta-arm/meta-arm-bsp/conf/machine/juno.conf +++ b/meta-arm/meta-arm-bsp/conf/machine/juno.conf @@ -10,10 +10,10 @@ require conf/machine/include/arm/arch-armv8a.inc MACHINE_FEATURES = "usbhost usbgadget alsa screen wifi bluetooth optee pci" -KERNEL_IMAGETYPE = "Image" +KERNEL_IMAGETYPE = "Image.gz" KERNEL_DEVICETREE = "arm/juno.dtb arm/juno-r1.dtb arm/juno-r2.dtb" -IMAGE_FSTYPES += "tar.bz2 ext4" +IMAGE_FSTYPES += "tar.bz2 ext4 cpio.gz" SERIAL_CONSOLES = "115200;ttyAMA0" @@ -25,3 +25,6 @@ EXTRA_IMAGEDEPENDS += "trusted-firmware-a virtual/bootloader firmware-image-juno # Juno u-boot configuration UBOOT_MACHINE = "vexpress_aemv8a_juno_defconfig" + +INITRAMFS_IMAGE_BUNDLE ?= "1" +INITRAMFS_IMAGE = "core-image-minimal" diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/change-log.rst b/meta-arm/meta-arm-bsp/documentation/corstone1000/change-log.rst index 5d6493a490..64e82aac98 100644 --- a/meta-arm/meta-arm-bsp/documentation/corstone1000/change-log.rst +++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/change-log.rst @@ -8,7 +8,73 @@ Change Log ########## This document contains a summary of the new features, changes and -fixes in each release of corstone1000 software stack. +fixes in each release of Corstone-1000 software stack. + +****************** +Version 2022.11.23 +****************** + +Changes +======= + +- Booting the External System (Cortex-M3) with RTX RTOS +- Adding MHU communication between the HOST (Cortex-A35) and the External System +- Adding a Linux application to test the External System +- Adding ESRT (EFI System Resource Table) support +- Upgrading the SW stack recipes +- Upgrades for the U-Boot FF-A driver and MM communication + +Corstone-1000 components versions +======================================= + ++-------------------------------------------+------------+ +| arm-ffa-tee | 1.1.1 | ++-------------------------------------------+------------+ +| arm-ffa-user | 5.0.0 | ++-------------------------------------------+------------+ +| corstone1000-external-sys-tests | 1.0 | ++-------------------------------------------+------------+ +| external-system | 0.1.0 | ++-------------------------------------------+------------+ +| linux-yocto | 5.19 | ++-------------------------------------------+------------+ +| u-boot | 2022.07 | ++-------------------------------------------+------------+ +| optee-client | 3.18.0 | ++-------------------------------------------+------------+ +| optee-os | 3.18.0 | ++-------------------------------------------+------------+ +| trusted-firmware-a | 2.7.0 | ++-------------------------------------------+------------+ +| trusted-firmware-m | 1.6.0 | ++-------------------------------------------+------------+ +| ts-newlib | 4.1.0 | ++-------------------------------------------+------------+ +| ts-psa-{crypto, iat, its. ps}-api-test | 451aa087a4 | ++-------------------------------------------+------------+ +| ts-sp-{se-proxy, smm-gateway} | 3d4956770f | ++-------------------------------------------+------------+ + +Yocto distribution components versions +======================================= + ++-------------------------------------------+---------------------+ +| meta-arm | langdale | ++-------------------------------------------+---------------------+ +| poky | langdale | ++-------------------------------------------+---------------------+ +| meta-openembedded | langdale | ++-------------------------------------------+---------------------+ +| busybox | 1.35.0 | ++-------------------------------------------+---------------------+ +| musl | 1.2.3+git37e18b7bf3 | ++-------------------------------------------+---------------------+ +| gcc-arm-none-eabi-native | 11.2-2022.02 | ++-------------------------------------------+---------------------+ +| gcc-cross-aarch64 | 12.2 | ++-------------------------------------------+---------------------+ +| openssl | 3.0.5 | ++-------------------------------------------+---------------------+ ****************** Version 2022.04.04 @@ -26,10 +92,10 @@ Version 2022.02.25 Changes ======= -- Building and running psa-arch-tests on corstone1000 FVP -- Enabled smm-gateway partition in Trusted Service on corstone1000 FVP -- Enabled MHU driver in Trusted Service on corstone1000 FVP -- Enabled OpenAMP support in SE proxy SP on corstone1000 FVP +- Building and running psa-arch-tests on Corstone-1000 FVP +- Enabled smm-gateway partition in Trusted Service on Corstone-1000 FVP +- Enabled MHU driver in Trusted Service on Corstone-1000 FVP +- Enabled OpenAMP support in SE proxy SP on Corstone-1000 FVP ****************** Version 2022.02.21 @@ -48,7 +114,7 @@ Changes ======= - psa-arch-tests: change master to main for psa-arch-tests - U-Boot: fix null pointer exception for get_image_info -- TF-M: fix capsule instability issue for corstone1000 +- TF-M: fix capsule instability issue for Corstone-1000 ****************** Version 2022.01.07 @@ -56,9 +122,9 @@ Version 2022.01.07 Changes ======= -- corstone1000: fix SystemReady-IR ACS test (SCT, FWTS) failures. +- Corstone-1000: fix SystemReady-IR ACS test (SCT, FWTS) failures. - U-Boot: send bootcomplete event to secure enclave. -- U-Boot: support populating corstone1000 image_info to ESRT table. +- U-Boot: support populating Corstone-1000 image_info to ESRT table. - U-Boot: add ethernet device and enable configs to support bootfromnetwork SCT. ****************** @@ -67,7 +133,7 @@ Version 2021.12.15 Changes ======= -- Enabling corstone1000 FPGA support on: +- Enabling Corstone-1000 FPGA support on: - Linux 5.10 - OP-TEE 3.14 - Trusted Firmware-A 2.5 @@ -83,7 +149,7 @@ Version 2021.10.29 Changes ======= -- Enabling corstone1000 FVP support on: +- Enabling Corstone-1000 FVP support on: - Linux 5.10 - OP-TEE 3.14 - Trusted Firmware-A 2.5 @@ -95,4 +161,4 @@ Changes -------------- -*Copyright (c) 2021, Arm Limited. All rights reserved.* +*Copyright (c) 2022, Arm Limited. All rights reserved.* diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/release-notes.rst b/meta-arm/meta-arm-bsp/documentation/corstone1000/release-notes.rst index 385331bd23..89a4fa9ab2 100644 --- a/meta-arm/meta-arm-bsp/documentation/corstone1000/release-notes.rst +++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/release-notes.rst @@ -7,23 +7,61 @@ Release notes ############# + +************************* +Disclaimer +************************* + +You expressly assume all liabilities and risks relating to your use or operation +of Your Software and Your Hardware designed or modified using the Arm Tools, +including without limitation, Your software or Your Hardware designed or +intended for safety-critical applications. Should Your Software or Your Hardware +prove defective, you assume the entire cost of all necessary servicing, repair +or correction. + + +************************** +Release notes - 2022.11.23 +************************** + +Known Issues or Limitations +--------------------------- + - The external-system can not be reset individually on (or using) AN550_v1 FPGA release. However, the system-wide reset still applies to the external-system. + - FPGA supports Linux distro install and boot through installer. However, FVP only supports openSUSE raw image installation and boot. + - Due to the performance uplimit of MPS3 FPGA and FVP, some Linux distros like Fedora Rawhide can not boot on Corstone-1000 (i.e. user may experience timeouts or boot hang). + - Below SCT FAILURE is a known issues in the FVP: + UEFI Compliant - Boot from network protocols must be implemented -- FAILURE + - Below SCT FAILURE is a known issue when a terminal emulator (in the system where the user connects to serial ports) does not support 80x25 or 80x50 mode: + EFI_SIMPLE_TEXT_OUT_PROTOCOL.SetMode - SetMode() with valid mode -- FAILURE + - Known limitations regarding ACS tests: The behavior after running ACS tests on FVP is not consistent. Both behaviors are expected and are valid; + The system might boot till the Linux prompt. Or, the system might wait after finishing the ACS tests. + In both cases, the system executes the entire test suite and writes the results as stated in the user guide. + + +Platform Support +----------------- + - This software release is tested on Corstone-1000 FPGA version AN550_v1 + https://developer.arm.com/downloads/-/download-fpga-images + - This software release is tested on Corstone-1000 Fast Model platform (FVP) version 11.19_21 + https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps + ************************** Release notes - 2022.04.04 ************************** Known Issues or Limitations --------------------------- - - FGPA support Linux distro install and boot through installer. However, + - FPGA support Linux distro install and boot through installer. However, FVP only support openSUSE raw image installation and boot. - Due to the performance uplimit of MPS3 FPGA and FVP, some Linux distros like Fedora Rawhide - cannot boot on corstone1000 (i.e. user may experience timeouts or boot hang). + cannot boot on Corstone-1000 (i.e. user may experience timeouts or boot hang). - Below SCT FAILURE is a known issues in the FVP: UEFI Compliant - Boot from network protocols must be implemented -- FAILURE Platform Support ----------------- - - This software release is tested on corstone1000 FPGA version AN550_v1 - - This software release is tested on corstone1000 Fast Model platform (FVP) version 11.17_23 + - This software release is tested on Corstone-1000 FPGA version AN550_v1 + - This software release is tested on Corstone-1000 Fast Model platform (FVP) version 11.17_23 https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps ************************** @@ -32,13 +70,13 @@ Release notes - 2022.02.25 Known Issues or Limitations --------------------------- - - The following tests only work on corstone1000 FPGA: ACS tests (SCT, FWTS, + - The following tests only work on Corstone-1000 FPGA: ACS tests (SCT, FWTS, BSA), manual capsule update test, Linux distro install and boot. Platform Support ---------------- - - This software release is tested on corstone1000 FPGA version AN550_v1 - - This software release is tested on corstone1000 Fast Model platform (FVP) version 11.17_23 + - This software release is tested on Corstone-1000 FPGA version AN550_v1 + - This software release is tested on Corstone-1000 Fast Model platform (FVP) version 11.17_23 https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps Release notes - 2022.02.21 @@ -46,13 +84,13 @@ Release notes - 2022.02.21 Known Issues or Limitations --------------------------- - - The following tests only work on corstone1000 FPGA: ACS tests (SCT, FWTS, + - The following tests only work on Corstone-1000 FPGA: ACS tests (SCT, FWTS, BSA), manual capsule update test, Linux distro install and boot, psa-arch-test. Platform Support ---------------- - - This software release is tested on corstone1000 FPGA version AN550_v1 - - This software release is tested on corstone1000 Fast Model platform (FVP) version 11.16.21 + - This software release is tested on Corstone-1000 FPGA version AN550_v1 + - This software release is tested on Corstone-1000 Fast Model platform (FVP) version 11.16.21 https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps Release notes - 2022.01.18 @@ -85,13 +123,13 @@ The following components are present in the release: Platform Support ---------------- - - This software release is tested on corstone1000 FPGA version AN550_v1 - - This software release is tested on corstone1000 Fast Model platform (FVP) version 11.16.21 + - This software release is tested on Corstone-1000 FPGA version AN550_v1 + - This software release is tested on Corstone-1000 Fast Model platform (FVP) version 11.16.21 https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps Known Issues or Limitations --------------------------- - - The following tests only work on corstone1000 FPGA: ACS tests (SCT, FWTS, + - The following tests only work on Corstone-1000 FPGA: ACS tests (SCT, FWTS, BSA), manual capsule update test, Linux distro install and boot, and psa-arch-tests. - Only the manual capsule update from UEFI shell is supported on FPGA. @@ -107,7 +145,7 @@ Release notes - 2021.10.29 Software Features ----------------- -This initial release of corstone1000 supports booting Linux on the Cortex-A35 +This initial release of Corstone-1000 supports booting Linux on the Cortex-A35 and TF-M/MCUBOOT in the Secure Enclave. The following components are present in the release: @@ -119,7 +157,7 @@ the release: Platform Support ---------------- - - This Software release is tested on corstone1000 Fast Model platform (FVP) version 11.16.21 + - This Software release is tested on Corstone-1000 Fast Model platform (FVP) version 11.16.21 https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps Known Issues or Limitations @@ -130,8 +168,10 @@ Known Issues or Limitations Support ------- -For support email: support-subsystem-iot@arm.com +For technical support email: support-subsystem-iot@arm.com + +For all security issues, contact Arm by email at arm-security@arm.com. -------------- -*Copyright (c) 2021, Arm Limited. All rights reserved.* +*Copyright (c) 2022, Arm Limited. All rights reserved.* diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/user-guide.rst b/meta-arm/meta-arm-bsp/documentation/corstone1000/user-guide.rst index d5930fc8e5..e173f244b4 100644 --- a/meta-arm/meta-arm-bsp/documentation/corstone1000/user-guide.rst +++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/user-guide.rst @@ -9,18 +9,16 @@ User Guide Notice ------ -The corstone1000 software stack uses the `Yocto Project <https://www.yoctoproject.org/>`__ to build -a tiny Linux distribution suitable for the corstone1000 platform. The Yocto Project relies on the -`Bitbake <https://docs.yoctoproject.org/bitbake.html#bitbake-documentation>`__ +The Corstone-1000 software stack uses the `Yocto Project <https://www.yoctoproject.org/>`__ to build +a tiny Linux distribution suitable for the Corstone-1000 platform (kernel and initramfs filesystem less than 5 MB on the flash). +The Yocto Project relies on the `Bitbake <https://docs.yoctoproject.org/bitbake.html#bitbake-documentation>`__ tool as its build tool. Please see `Yocto Project documentation <https://docs.yoctoproject.org/>`__ for more information. Prerequisites ------------- -These instructions assume your host PC is running Ubuntu Linux 18.04 or 20.04 LTS, with -at least 32GB of free disk space and 16GB of RAM as minimum requirement. The -following instructions expect that you are using a bash shell. +These instructions assume your host PC is running Ubuntu Linux 18.04 or 20.04 LTS, with at least 32GB of free disk space and 16GB of RAM as minimum requirement. The following instructions expect that you are using a bash shell. All the paths stated in this document are absolute paths. The following prerequisites must be available on the host system. To resolve these dependencies, run: @@ -35,12 +33,12 @@ The following prerequisites must be available on the host system. To resolve the Provided components ------------------- -Within the Yocto Project, each component included in the corstone1000 software stack is specified as -a `bitbake recipe <https://www.yoctoproject.org/docs/1.6/bitbake-user-manual/bitbake-user-manual.html#recipes>`__. -The recipes specific to the corstone1000 BSP are located at: +Within the Yocto Project, each component included in the Corstone-1000 software stack is specified as +a `bitbake recipe <https://docs.yoctoproject.org/bitbake/2.2/bitbake-user-manual/bitbake-user-manual-intro.html#recipes>`__. +The recipes specific to the Corstone-1000 BSP are located at: ``<_workspace>/meta-arm/meta-arm-bsp/``. -The Yocto machine config files for the corstone1000 FVP and FPGA are: +The Yocto machine config files for the Corstone-1000 FVP and FPGA targets are: - ``<_workspace>/meta-arm/meta-arm-bsp/conf/machine/include/corstone1000.inc`` - ``<_workspace>/meta-arm/meta-arm-bsp/conf/machine/corstone1000-fvp.conf`` @@ -86,7 +84,7 @@ The distro is based on the `poky-tiny <https://wiki.yoctoproject.org/wiki/Poky-T distribution which is a Linux distribution stripped down to a minimal configuration. The provided distribution is based on busybox and built using muslibc. The -recipe responsible for building a tiny version of linux is listed below. +recipe responsible for building a tiny version of Linux is listed below. +-----------+----------------------------------------------------------------------------------------------+ | bbappend | <_workspace>/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto_%.bbappend | @@ -96,6 +94,16 @@ recipe responsible for building a tiny version of linux is listed below. | defconfig | <_workspace>/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/corstone1000/defconfig | +-----------+----------------------------------------------------------------------------------------------+ +External System Tests +======================= +Based on `Corstone-1000/applications <https://git.gitlab.arm.com/arm-reference-solutions/corstone1000/applications>`__ + ++------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| Recipe | <_workspace>/meta-arm/meta-arm-bsp/recipes-test/corstone1000-external-sys-tests/corstone1000-external-sys-tests_1.0.bb | ++------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +The recipe provides the systems-comms-tests command run in Linux and used for testing the External System. + ************************************************** Software for Boot Processor (a.k.a Secure Enclave) ************************************************** @@ -107,6 +115,18 @@ Based on `Trusted Firmware-M <https://git.trustedfirmware.org/TF-M/trusted-firmw | Recipe | <_workspace>/meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.6.0.bb | +----------+-------------------------------------------------------------------------------------------------+ +************************************************** +Software for the External System +************************************************** + +RTX +==== +Based on `RTX RTOS <https://git.gitlab.arm.com/arm-reference-solutions/corstone1000/external_system/rtx>`__ + ++----------+-------------------------------------------------------------------------------------------------------------------------------------------------------+ +| Recipe | <_workspace>/meta-arm/meta-arm-bsp/recipes-bsp/external-system/external-system_0.1.0.bb | ++----------+-------------------------------------------------------------------------------------------------------------------------------------------------------+ + Building the software stack --------------------------- Create a new folder that will be your workspace and will henceforth be referred @@ -117,26 +137,28 @@ to as ``<_workspace>`` in these instructions. To create the folder, run: mkdir <_workspace> cd <_workspace> -corstone1000 is a Bitbake based Yocto Project which uses kas and bitbake +Corstone-1000 software is based on the Yocto Project which uses kas and bitbake commands to build the stack. To install kas tool, run: :: pip3 install kas +If 'kas' command is not found in command-line, please make sure the user installation directories are visible on $PATH. If you have sudo rights, try 'sudo pip3 install kas'. + In the top directory of the workspace ``<_workspace>``, run: :: - git clone https://git.yoctoproject.org/git/meta-arm -b CORSTONE1000-2022.04.07 + git clone https://git.yoctoproject.org/git/meta-arm -b CORSTONE1000-2022.11.23 -To build corstone1000 image for MPS3 FPGA, run: +To build a Corstone-1000 image for MPS3 FPGA, run: :: kas build meta-arm/kas/corstone1000-mps3.yml -Alternatively, to build corstone1000 image for FVP, run: +Alternatively, to build a Corstone-1000 image for FVP, run: :: @@ -150,22 +172,19 @@ Once the build is successful, all output binaries will be placed in the followin - ``<_workspace>/build/tmp/deploy/images/corstone1000-fvp/`` folder for FVP build; - ``<_workspace>/build/tmp/deploy/images/corstone1000-mps3/`` folder for FPGA build. -Everything apart from the ROM firmware is bundled into a single binary, the -``corstone1000-image-corstone1000-{mps3,fvp}.wic.nopt`` file. The ROM firmware is the -``bl1.bin`` file. - -The output binaries used by FVP are the following: - - The ROM firmware: ``<_workspace>/build/tmp/deploy/images/corstone1000-fvp/bl1.bin`` - - The flash image: ``<_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.wic.nopt`` +Everything apart from the Secure Enclave ROM firmware and External System firmware, is bundled into a single binary, the +``corstone1000-image-corstone1000-{mps3,fvp}.wic.nopt`` file. -The output binaries used by FPGA are the following: - - The ROM firmware: ``<_workspace>/build/tmp/deploy/images/corstone1000-mps3/bl1.bin`` - - The flash image: ``<_workspace>/build/tmp/deploy/images/corstone1000-mps3/corstone1000-image-corstone1000-mps3.wic.nopt`` +The output binaries run in the Corstone-1000 platform are the following: + - The Secure Enclave ROM firmware: ``<_workspace>/build/tmp/deploy/images/corstone1000-{mps3,fvp}/bl1.bin`` + - The External System firmware: ``<_workspace>/build/tmp/deploy/images/corstone1000-{mps3,fvp}/es_flashfw.bin`` + - The flash image: ``<_workspace>/build/tmp/deploy/images/corstone1000-{mps3,fvp}/corstone1000-image-corstone1000-{mps3,fvp}.wic.nopt`` Flash the firmware image on FPGA -------------------------------- -The user should download the FPGA bit file image from `this link <https://developer.arm.com/tools-and-software/development-boards/fpga-prototyping-boards/download-fpga-images>`__ +The user should download the FPGA bit file image ``AN550: Arm® Corstone™-1000 for MPS3 Version 1`` +from `this link <https://developer.arm.com/tools-and-software/development-boards/fpga-prototyping-boards/download-fpga-images>`__ and under the section ``Arm® Corstone™-1000 for MPS3``. The directory structure of the FPGA bundle is shown below. @@ -196,9 +215,10 @@ The directory structure of the FPGA bundle is shown below. └── config.txt Depending upon the MPS3 board version (printed on the MPS3 board) you should update the images.txt file -(in corresponding HBI0309x folder) so that the file points to the images under SOFTWARE directory. +(in corresponding HBI0309x folder. Boardfiles/MB/HBI0309<board_revision>/AN550/images.txt) so that the file points to the images under SOFTWARE directory. -Here is an example +The images.txt file that is compatible with the latest version of the software +stack can be seen below; :: @@ -214,24 +234,32 @@ Here is an example ;************************************************ [IMAGES] - TOTALIMAGES: 2 ;Number of Images (Max: 32) - + TOTALIMAGES: 3 ;Number of Images (Max: 32) + IMAGE0PORT: 1 IMAGE0ADDRESS: 0x00_0000_0000 IMAGE0UPDATE: RAM IMAGE0FILE: \SOFTWARE\bl1.bin - + IMAGE1PORT: 0 - IMAGE1ADDRESS: 0x00_00010_0000 + IMAGE1ADDRESS: 0x00_0010_0000 IMAGE1UPDATE: AUTOQSPI IMAGE1FILE: \SOFTWARE\cs1000.bin + + IMAGE2PORT: 2 + IMAGE2ADDRESS: 0x00_0000_0000 + IMAGE2UPDATE: RAM + IMAGE2FILE: \SOFTWARE\es0.bin OUTPUT_DIR = ``<_workspace>/build/tmp/deploy/images/corstone1000-mps3`` 1. Copy ``bl1.bin`` from OUTPUT_DIR directory to SOFTWARE directory of the FPGA bundle. -2. Copy ``corstone1000-image-corstone1000-mps3.wic.nopt`` from OUTPUT_DIR directory to SOFTWARE - directory of the FPGA bundle and rename the wic image to ``cs1000.bin``. +2. Copy ``es_flashfw.bin`` from OUTPUT_DIR directory to SOFTWARE directory of the FPGA bundle + and rename the binary to ``es0.bin``. +3. Copy ``corstone1000-image-corstone1000-mps3.wic.nopt`` from OUTPUT_DIR directory to SOFTWARE + directory of the FPGA bundle and rename the wic.nopt image to ``cs1000.bin``. + **NOTE:** Renaming of the images are required because MCC firmware has limitation of 8 characters before .(dot) and 3 characters after .(dot). @@ -240,41 +268,60 @@ Now, copy the entire folder to board's SDCard and reboot the board. Running the software on FPGA ---------------------------- -On the host machine, open 3 minicom sessions. In case of Linux machine it will -be ttyUSB0, ttyUSB1, ttyUSB2 and it might be different on Window machine. +On the host machine, open 4 serial port terminals. In case of Linux machine it will +be ttyUSB0, ttyUSB1, ttyUSB2, ttyUSB3 and it might be different on Windows machines. - ttyUSB0 for MCC, OP-TEE and Secure Partition - ttyUSB1 for Boot Processor (Cortex-M0+) - ttyUSB2 for Host Processor (Cortex-A35) + - ttyUSB3 for External System Processor (Cortex-M3) -Run following commands to open minicom sessions on Linux: +Run following commands to open serial port terminals on Linux: :: sudo picocom -b 115200 /dev/ttyUSB0 # in one terminal sudo picocom -b 115200 /dev/ttyUSB1 # in another terminal sudo picocom -b 115200 /dev/ttyUSB2 # in another terminal. + sudo picocom -b 115200 /dev/ttyUSB3 # in another terminal. Once the system boot is completed, you should see console -logs on the minicom sessions. Once the HOST(Cortex-A35) is +logs on the serial port terminals. Once the HOST(Cortex-A35) is booted completely, user can login to the shell using **"root"** login. +If system does not boot and only the ttyUSB1 logs are visible, please follow the steps in `Clean Secure Flash Before Testing (applicable to FPGA only)`_ under `SystemReady-IR tests`_ section. The previous image used in FPGA (MPS3) might have filled the Secure Flash completely. The best practice is to clean the secure flash in this case. + + Running the software on FVP --------------------------- -An FVP (Fixed Virtual Platform) of the corstone1000 platform must be available to execute the -included run script. -The Fixed Virtual Platform (FVP) version 11.17_23 can be downloaded from the -`Arm Ecosystem FVPs`_ page. On this page, navigate to "Corstone IoT FVPs" -section to download the Corstone1000 platform FVP installer. Follow the +An FVP (Fixed Virtual Platform) model of the Corstone-1000 platform must be available to run the +Corstone-1000 FVP software image. + +A Yocto recipe is provided and allows to download the latest supported FVP version. + +The recipe is located at <_workspace>/meta-arm/meta-arm/recipes-devtools/fvp/fvp-corstone1000.bb + +The latest supported Fixed Virtual Platform (FVP) version is 11.19_21 and is automatically downloaded and installed when using the runfvp command as detailed below. The FVP version can be checked by running the following command: + +:: + +<_workspace>/meta-arm/scripts/runfvp <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.fvpconf -- --version + +The FVP can also be manually downloaded from the `Arm Ecosystem FVPs`_ page. On this page, navigate +to "Corstone IoT FVPs" section to download the Corstone-1000 platform FVP installer. Follow the instructions of the installer and setup the FVP. +To run the FVP using the runfvp command, please run the following command: + +:: + <_workspace>/meta-arm/scripts/runfvp --terminals=xterm <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.fvpconf When the script is executed, three terminal instances will be launched, one for the boot processor (aka Secure Enclave) processing element and two for the Host processing element. Once the FVP is -executing, the Boot Processor will start to boot, wherein the relevant memory contents of the .wic +executing, the Boot Processor will start to boot, wherein the relevant memory contents of the .wic.nopt file are copied to their respective memory locations within the model, enforce firewall policies on memories and peripherals and then, bring the host out of reset. @@ -282,13 +329,20 @@ The host will boot trusted-firmware-a, OP-TEE, U-Boot and then Linux, and presen (FVP host_terminal_0): :: + corstone1000-fvp login: Login using the username root. -Running test applications +The External System can be released out of reset on demand using the systems-comms-tests command. + +SystemReady-IR tests ------------------------- +********************* +Testing steps +********************* + **NOTE**: Running the SystemReady-IR tests described below requires the user to work with USB sticks. In our testing, not all USB stick models work well with MPS3 FPGA. Here are the USB sticks models that are stable in our test @@ -305,7 +359,8 @@ erase the SecureEnclave flash cleanly and prepare a clean board environment for the testing. Clean Secure Flash Before Testing (applicable to FPGA only) ------------------------------------------------------------ +================================================================== + To prepare a clean board environment with clean secure flash for the testing, the user should prepare an image that erases the secure flash cleanly during boot. Run following commands to build such image. @@ -313,8 +368,8 @@ boot. Run following commands to build such image. :: cd <_workspace> - git clone https://git.yoctoproject.org/git/meta-arm -b CORSTONE1000-2022.02.18 - git clone https://git.gitlab.arm.com/arm-reference-solutions/systemready-patch.git + git clone https://git.yoctoproject.org/git/meta-arm -b CORSTONE1000-2022.11.23 + git clone https://git.gitlab.arm.com/arm-reference-solutions/systemready-patch.git -b CORSTONE1000-2022.11.23 cp -f systemready-patch/embedded-a/corstone1000/erase_flash/0001-arm-bsp-trusted-firmware-m-corstone1000-Clean-Secure.patch meta-arm cd meta-arm git apply 0001-arm-bsp-trusted-firmware-m-corstone1000-Clean-Secure.patch @@ -325,8 +380,9 @@ Replace the bl1.bin and cs1000.bin files on the SD card with following files: - The ROM firmware: <_workspace>/build/tmp/deploy/images/corstone1000-mps3/bl1.bin - The flash image: <_workspace>/build/tmp/deploy/images/corstone1000-mps3/corstone1000-image-corstone1000-mps3.wic.nopt -Now reboot the board. This step erases the Corstone1000 SecureEnclave flash -completely, the user should expect following message from TF-M log: +Now reboot the board. This step erases the Corstone-1000 SecureEnclave flash +completely, the user should expect following message from TF-M log (can be seen +in ttyUSB1): :: @@ -338,9 +394,9 @@ Then the user should follow "Building the software stack" to build a clean software stack and flash the FPGA as normal. And continue the testing. Run SystemReady-IR ACS tests ------------------------------ +============================= -ACS image contains two partitions. BOOT partition and RESULTS partition. +ACS image contains two partitions. BOOT partition and RESULT partition. Following packages are under BOOT partition * SCT @@ -350,15 +406,15 @@ Following packages are under BOOT partition * grub * uefi manual capsule application -RESULTS partition is used to store the test results. -PLEASE MAKE SURE THAT THE RESULTS PARTITION IS EMPTY BEFORE YOU START THE TESTING. OTHERWISE THE TEST RESULTS +RESULT partition is used to store the test results. +PLEASE MAKE SURE THAT THE RESULT PARTITION IS EMPTY BEFORE YOU START THE TESTING. OTHERWISE THE TEST RESULTS WILL NOT BE CONSISTENT FPGA instructions for ACS image -------------------------------- +================================ This section describes how the user can build and run Architecture Compliance -Suite (ACS) tests on Corstone1000. +Suite (ACS) tests on Corstone-1000. First, the user should download the `Arm SystemReady ACS repository <https://github.com/ARM-software/arm-systemready/>`__. This repository contains the infrastructure to build the Architecture @@ -374,8 +430,8 @@ Once the repository is successfully downloaded, the prebuilt ACS live image can - ``<_workspace>/arm-systemready/IR/prebuilt_images/v21.07_0.9_BETA/ir_acs_live_image.img.xz`` **NOTE**: This prebuilt ACS image includes v5.13 kernel, which doesn't provide -USB driver support for Corstone1000. The ACS image with newer kernel version -and with full USB support for Corstone1000 will be available in the next +USB driver support for Corstone-1000. The ACS image with newer kernel version +and with full USB support for Corstone-1000 will be available in the next SystemReady release in this repository. Then, the user should prepare a USB stick with ACS image. In the given example here, @@ -385,7 +441,7 @@ USB drive. Run the following commands to prepare the ACS image in USB stick: :: - cd <_workspace>/arm-systemready/IR/scripts/output/ + cd <_workspace>/arm-systemready/IR/prebuilt_images/v21.07_0.9_BETA unxz ir_acs_live_image.img.xz sudo dd if=ir_acs_live_image.img of=/dev/sdb iflag=direct oflag=direct bs=1M status=progress; sync @@ -393,20 +449,24 @@ Once the USB stick with ACS image is prepared, the user should make sure that ensure that only the USB stick with the ACS image is connected to the board, and then boot the board. +The FPGA will reset multiple times during the test, and it might take approx. 24-36 hours to finish the test. At the end of test, the FPGA host terminal will halt showing a shell prompt. Once test is finished the result can be copied following above instructions. + FVP instructions for ACS image and run ---------------------------------------- +============================================ -Download acs image from: +Download ACS image from: - ``https://gitlab.arm.com/systemready/acs/arm-systemready/-/tree/linux-5.17-rc7/IR/prebuilt_images/v22.04_1.0-Linux-v5.17-rc7`` -Use the below command to run the FVP with acs image support in the +Use the below command to run the FVP with ACS image support in the SD card. :: unxz ${<path-to-img>/ir_acs_live_image.img.xz} -<_workspace>/meta-arm/scripts/runfvp --terminals=xterm <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.fvpconf -- -C board.msd_mmc.p_mmc_file="${<path-to-img>/ir_acs_live_image.img}" + tmux + + <_workspace>/meta-arm/scripts/runfvp <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.fvpconf -- -C board.msd_mmc.p_mmc_file="${<path-to-img>/ir_acs_live_image.img}" The test results can be fetched using following commands: @@ -416,8 +476,8 @@ The test results can be fetched using following commands: sudo mount -o rw,offset=<offset_2nd_partition> <path-to-img>/ir_acs_live_image.img /mnt/test/ fdisk -lu <path-to-img>/ir_acs_live_image.img -> Device Start End Sectors Size Type - /home/emeara01/Downloads/ir_acs_live_image_modified.img1 2048 1050622 1048575 512M Microsoft basic data - /home/emeara01/Downloads/ir_acs_live_image_modified.img2 1050624 1153022 102399 50M Microsoft basic data + <path-to-img>/ir_acs_live_image_modified.img1 2048 1050622 1048575 512M Microsoft basic data + <path-to-img>/ir_acs_live_image_modified.img2 1050624 1153022 102399 50M Microsoft basic data -> <offset_2nd_partition> = 1050624 * 512 (sector size) = 537919488 @@ -427,7 +487,7 @@ Once test is finished, the FVP can be stoped, and result can be copied following instructions. Common to FVP and FPGA ------------------------ +=========================== U-Boot should be able to boot the grub bootloader from the 1st partition and if grub is not interrupted, tests are executed @@ -438,83 +498,228 @@ automatically in the following sequence: - FWTS - BSA Linux -The results can be fetched from the ``acs_results`` partition of the USB stick (FPGA) / SD Card (FVP). +The results can be fetched from the ``acs_results`` folder in the RESULT partition of the USB stick (FPGA) / SD Card (FVP). + +##################################################### + +Manual capsule update and ESRT checks +--------------------------------------------------------------------- -Manual capsule update test --------------------------- +The following section describes running manual capsule update with the ``direct`` method. -The following steps describe running manual capsule update with the ``direct`` -method. +The steps described in this section perform manual capsule update and show how to use the ESRT feature +to retrieve the installed capsule details. -Check the "Run SystemReady-IR ACS tests" section above to download and unpack the acs image file +For the following tests two capsules are needed to perform 2 capsule updates. A positive update and a negative update. + +A positive test case capsule which boots the platform correctly until the Linux prompt, and a negative test case with an +incorrect capsule (corrupted or outdated) which fails to boot to the host software. + +Check the "Run SystemReady-IR ACS tests" section above to download and unpack the ACS image file - ``ir_acs_live_image.img.xz`` -Download edk2 and generate capsule file: +Download edk2 under <_workspace> : :: git clone https://github.com/tianocore/edk2.git - edk2/BaseTools/BinWrappers/PosixLike/GenerateCapsule -e -o \ - cs1k_cap --fw-version 1 --lsv 0 --guid \ - e2bb9c06-70e9-4b14-97a3-5a7913176e3f --verbose --update-image-index \ - 0 --verbose <binary_file> -The <binary_file> here should be a corstone1000-image-corstone1000-fvp.wic.nopt image for FVP and -corstone1000-image-corstone1000-mps3.wic.nopt for FPGA. And this input binary file -(capsule) should be less than 15 MB. +********************* +Generating Capsules +********************* + +The capsule binary size (wic.nopt file) should be less than 15 MB. Based on the user's requirement, the user can change the firmware version number given to ``--fw-version`` option (the version number needs to be >= 1). -Capsule Copy instructions for FPGA ------------------------------------ +Generating FPGA Capsules +======================== + +:: + + <_workspace>/edk2/BaseTools/BinWrappers/PosixLike/GenerateCapsule -e -o \ + cs1k_cap_mps3_v5 --fw-version 5 --lsv 0 --guid \ + e2bb9c06-70e9-4b14-97a3-5a7913176e3f --verbose --update-image-index \ + 0 --verbose <_workspace>/build/tmp/deploy/images/corstone1000-mps3/corstone1000-image-corstone1000-mps3.wic.nopt + +:: + + <_workspace>/edk2/BaseTools/BinWrappers/PosixLike/GenerateCapsule -e -o \ + cs1k_cap_mps3_v6 --fw-version 6 --lsv 0 --guid \ + e2bb9c06-70e9-4b14-97a3-5a7913176e3f --verbose --update-image-index \ + 0 --verbose <_workspace>/build/tmp/deploy/images/corstone1000-mps3/corstone1000-image-corstone1000-mps3.wic.nopt + +Generating FVP Capsules +======================== + +:: + + <_workspace>/edk2/BaseTools/BinWrappers/PosixLike/GenerateCapsule -e -o \ + cs1k_cap_fvp_v6 --fw-version 6 --lsv 0 --guid \ + e2bb9c06-70e9-4b14-97a3-5a7913176e3f --verbose --update-image-index \ + 0 --verbose <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.wic.nopt + +:: + + <_workspace>/edk2/BaseTools/BinWrappers/PosixLike/GenerateCapsule -e -o \ + cs1k_cap_fvp_v5 --fw-version 5 --lsv 0 --guid \ + e2bb9c06-70e9-4b14-97a3-5a7913176e3f --verbose --update-image-index \ + 0 --verbose <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.wic.nopt + +********************* +Copying Capsules +********************* + +Copying the FPGA capsules +========================= The user should prepare a USB stick as explained in ACS image section (see above). -Place the generated ``cs1k_cap`` file in the root directory of the boot partition +Place the generated ``cs1k_cap`` files in the root directory of the boot partition in the USB stick. Note: As we are running the direct method, the ``cs1k_cap`` file should not be under the EFI/UpdateCapsule directory as this may or may not trigger the on disk method. -Capsule Copy instructions for FVP ---------------------------------- +:: + + sudo cp cs1k_cap_mps3_v6 <mounting path>/BOOT/ + sudo cp cs1k_cap_mps3_v5 <mounting path>/BOOT/ + sync + +Copying the FVP capsules +======================== -Run below commands to copy capsule into the -image file and run FVP software. +First, mount the IR image: :: - sudo mkdir /mnt/test - sudo mount -o rw,offset=<offset_1st_partition> <path-to-img>/ir_acs_live_image.img /mnt/test/ - sudo cp cs1k_cap /mnt/test/ - sudo umount /mnt/test - exit + sudo mkdir /mnt/test + sudo mount -o rw,offset=1048576 <path-to-img>/ir_acs_live_image.img /mnt/test + +Then, copy the capsules: + +:: + + sudo cp cs1k_cap_fvp_v6 /mnt/test/ + sudo cp cs1k_cap_fvp_v5 /mnt/test/ + sync + +Then, unmount the IR image: + +:: + + sudo umount /mnt/test -<_workspace>/meta-arm/scripts/runfvp --terminals=xterm <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.fvpconf -- -C "board.msd_mmc.p_mmc_file ${<path-to-img>/ir_acs_live_image.img}" +**NOTE:** Size of first partition in the image file is calculated in the following way. The data is just an example and might vary with different ir_acs_live_image.img files. :: - fdisk -lu <path-to-img>/ir_acs_live_image.img - -> Device Start End Sectors Size Type - /home/emeara01/Downloads/ir_acs_live_image_modified.img1 2048 1050622 1048575 512M Microsoft basic data - /home/emeara01/Downloads/ir_acs_live_image_modified.img2 1050624 1153022 102399 50M Microsoft basic data + fdisk -lu <path-to-img>/ir_acs_live_image.img + -> Device Start End Sectors Size Type + <path-to-img>/ir_acs_live_image_modified.img1 2048 1050622 1048575 512M Microsoft basic data + <path-to-img>/ir_acs_live_image_modified.img2 1050624 1153022 102399 50M Microsoft basic data - -> <offset_1st_partition> = 2048 * 512 (sector size) = 1048576 + -> <offset_1st_partition> = 2048 * 512 (sector size) = 1048576 -Common to FVP and FPGA ------------------------ -Reach u-boot then interrupt shell to reach EFI shell. Use below command at EFI shell. +****************************** +Performing the capsule update +****************************** + +During this section we will be using the capsule with the higher version (cs1k_cap_<fvp/mps3>_v6) for the positive scenario +and the capsule with the lower version (cs1k_cap_<fvp/mps3>_v5) for the negative scenario. + +Running the FVP with the IR prebuilt image +============================================== + +Run the FVP with the IR prebuilt image: + +:: + + <_workspace>/meta-arm/scripts/runfvp --terminals=xterm <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.fvpconf -- -C "board.msd_mmc.p_mmc_file ${<path-to-img>/ir_acs_live_image.img}" + +Running the FPGA with the IR prebuilt image +============================================== + +Insert the prepared USB stick then Power cycle the MPS3 board. + +Executing capsule update for FVP and FPGA +============================================== + +Reach u-boot then interrupt the boot to reach the EFI shell. + +:: + + Press ESC in 4 seconds to skip startup.nsh or any other key to continue. + +Then, type FS0: as shown below: :: FS0: - EFI/BOOT/app/CapsuleApp.efi cs1k_cap -For this test, the user can provide two capsules for testing: a positive test -case capsule which boots the board correctly, and a negative test case with an -incorrect capsule which fails to boot the host software. +In case of the positive scenario run the update with the higher version capsule as shown below: + +:: + + EFI/BOOT/app/CapsuleApp.efi cs1k_cap_<fvp/mps3>_v6 + +After successfully updating the capsule the system will reset. + +In case of the negative scenario run the update with the lower version capsule as shown below: + +:: + + EFI/BOOT/app/CapsuleApp.efi cs1k_cap_<fvp/mps3>_v5 + +The command above should fail and in the TF-M logs the following message should appear: + +:: + + ERROR: flash_full_capsule: version error + +Then, reboot manually: + +:: + + Shell> reset + +FPGA: Select Corstone-1000 Linux kernel boot +============================================== + +Remove the USB stick before u-boot is reached so the Corstone-1000 kernel will be detected and used for booting. + +**NOTE:** Otherwise, the execution ends up in the ACS live image. + +FVP: Select Corstone-1000 Linux kernel boot +============================================== + +Interrupt the u-boot shell. + +:: + + Hit any key to stop autoboot: + +Run the following commands in order to run the Corstone-1000 Linux kernel and being able to check the ESRT table. + +**NOTE:** Otherwise, the execution ends up in the ACS live image. + +:: + + $ run retrieve_kernel_load_addr + $ unzip $kernel_addr 0x90000000 + $ loadm 0x90000000 $kernel_addr_r 0xf00000 + $ bootefi $kernel_addr_r $fdtcontroladdr + + +*********************** +Capsule update status +*********************** + +Positive scenario +================= In the positive case scenario, the user should see following log in TF-M log, indicating the new capsule image is successfully applied, and the board boots @@ -532,11 +737,59 @@ correctly. ... -In the negative case scenario, the user should see appropriate logs in -the secure enclave terminal. If capsule pass initial verification, but fails -verifications performed during boot time, secure enclave will try new images -predetermined number of times (defined in the code), before reverting back to -the previous good bank. +It's possible to check the content of the ESRT table after the system fully boots. + +In the Linux command-line run the following: + +:: + + # cd /sys/firmware/efi/esrt/entries/entry0 + # cat * + + 0x0 + e2bb9c06-70e9-4b14-97a3-5a7913176e3f + 0 + 6 + 0 + 6 + 0 + +.. line-block:: + capsule_flags: 0x0 + fw_class: e2bb9c06-70e9-4b14-97a3-5a7913176e3f + fw_type: 0 + fw_version: 6 + last_attempt_status: 0 + last_attempt_version: 6 + lowest_supported_fw_ver: 0 + + +Negative scenario +================= + +In the negative case scenario (rollback the capsule version), the user should +see appropriate logs in the secure enclave terminal. + +:: + + ... + uefi_capsule_retrieve_images: image 0 at 0xa0000070, size=15654928 + uefi_capsule_retrieve_images: exit + flash_full_capsule: enter: image = 0x0xa0000070, size = 15654928, version = 10 + ERROR: flash_full_capsule: version error + private_metadata_write: enter: boot_index = 1 + private_metadata_write: success + fmp_set_image_info:133 Enter + FMP image update: image id = 0 + FMP image update: status = 1version=11 last_attempt_version=10. + fmp_set_image_info:157 Exit. + corstone1000_fwu_flash_image: exit: ret = -1 + ... + + +If capsule pass initial verification, but fails verifications performed during +boot time, secure enclave will try new images predetermined number of times +(defined in the code), before reverting back to the previous good bank. :: @@ -545,16 +798,45 @@ the previous good bank. fwu_select_previous: in regular state by choosing previous active bank ... -******************************************************* -Linux distro install and boot (applicable to FPGA only) -******************************************************* +It's possible to check the content of the ESRT table after the system fully boots. + +In the Linux command-line run the following: + +:: -To test Linux distro install and boot, the user should prepare two empty USB sticks. + # cd /sys/firmware/efi/esrt/entries/entry0 + # cat * + + 0x0 + e2bb9c06-70e9-4b14-97a3-5a7913176e3f + 0 + 6 + 1 + 5 + 0 + +.. line-block:: + capsule_flags: 0x0 + fw_class: e2bb9c06-70e9-4b14-97a3-5a7913176e3f + fw_type: 0 + fw_version: 6 + last_attempt_status: 1 + last_attempt_version: 5 + lowest_supported_fw_ver: 0 + +Linux distros tests +---------------------------------- + +*************************************************************************************** +Debian/OpenSUSE install and boot (applicable to FPGA only) +*************************************************************************************** + +To test Linux distro install and boot, the user should prepare two empty USB sticks (minimum size should be 4GB and formatted with FAT32). Download one of following Linux distro images: - Debian installer image: https://cdimage.debian.org/cdimage/weekly-builds/arm64/iso-dvd/ - OpenSUSE Tumbleweed installer image: http://download.opensuse.org/ports/aarch64/tumbleweed/iso/ - - The user should look for a DVD Snapshot like openSUSE-Tumbleweed-DVD-aarch64-Snapshot20211125-Media.iso + - The user should look for a DVD Snapshot like openSUSE-Tumbleweed-DVD-aarch64-Snapshot<date>-Media.iso Once the .iso file is downloaded, the .iso file needs to be flashed to your USB drive. @@ -565,7 +847,7 @@ file into the first USB stick, run: :: - sudo dd if=</path/to/iso_file> of=/dev/sdb iflag=direct oflag=direct status=progress bs=1M; sync; + sudo dd if=<path-to-iso_file> of=/dev/sdb iflag=direct oflag=direct status=progress bs=1M; sync; Boot the MSP3 board with the first USB stick connected. Open following minicom sessions: @@ -574,11 +856,9 @@ Boot the MSP3 board with the first USB stick connected. Open following minicom s sudo picocom -b 115200 /dev/ttyUSB0 # in one terminal sudo picocom -b 115200 /dev/ttyUSB2 # in another terminal. -Press <Ctrl+x>. - -Now plug in the second USB stick, the distro installation process will start. +Now plug in the second USB stick (once installation screen is visible), the distro installation process will start. The installation prompt can be seen in ttyUSB2. If installer does not start, please try to reboot the board with both USB sticks connected and repeat the process. -**NOTE:** Due to the performance limitation of Corstone1000 MPS3 FPGA, the +**NOTE:** Due to the performance limitation of Corstone-1000 MPS3 FPGA, the distro installation process can take up to 24 hours to complete. Once installation is complete, unplug the first USB stick and reboot the board. @@ -591,46 +871,98 @@ a login prompt: Login with the username root. -Run psa-arch-test (applicable to both FPGA and FVP) ---------------------------------------------------- +**NOTE:** The Debian installer has a known issue "Install the GRUB bootloader - unable to install " and these are the steps to +follow on the subsequent popups to solve the issue during the installation: -When running psa-arch-test on MPS3 FPGA, the user should make sure there is no -USB stick connected to the board. Power on the board and boot the board to -Linux. Then, the user should follow the steps below to run the psa_arch_tests. +1. Select "Continue", then "Continue" again on the next popup +2. Scroll down and select "Execute a shell" +3. Select "Continue" +4. Enter the following command: -When running psa-arch-test on Corstone1000 FVP, the user should follow the -instructions in `Running the software on FVP`_ section to boot Linux in FVP -host_terminal_0, and login using the username ``root``. +:: -As a reference for the user's test results, the psa-arch-test report for `Corstone1000 software (CORSTONE1000-2022.02.18) <https://git.yoctoproject.org/meta-arm/tag/?h=CORSTONE1000-2022.02.18>`__ -can be found in `here <https://gitlab.arm.com/arm-reference-solutions/arm-reference-solutions-test-report/-/tree/master/embedded-a/corstone1000>`__. + in-target grub-install --no-nvram --force-extra-removable -First, create a file containing SE_PROXY_SP UUID. Run: +5. Enter the following command: :: - echo 46bb39d1-b4d9-45b5-88ff-040027dab249 > sp_uuid_list.txt + in-target update-grub -Then, load FFA driver module into Linux kernel. Run: +6. Enter the following command: :: - load_ffa_debugfs.sh . + exit -Then, check whether the FFA driver loaded correctly by using the following command: +7. Select "Continue without boot loader", then select "Continue" on the next popup +8. At this stage, the installation should proceed as normal. + +*************************************************************************************** +OpenSUSE Raw image install and boot (applicable to FVP only) +*************************************************************************************** + +Steps to download openSUSE Tumbleweed raw image: + - Go to: http://download.opensuse.org/ports/aarch64/tumbleweed/appliances/ + - The user should look for a Tumbleweed-ARM-JeOS-efi.aarch64-* Snapshot, for example, ``openSUSE-Tumbleweed-ARM-JeOS-efi.aarch64-<date>-Snapshot<date>.raw.xz`` + +Once the .raw.xz file is downloaded, the raw image file needs to be extracted: :: - cat /proc/modules | grep arm_ffa_user + unxz <file-name.raw.xz> + + +The above command will generate a file ending with extension .raw image. Now, use the following command +to run FVP with raw image installation process. + +:: + +<_workspace>/meta-arm/scripts/runfvp --terminals=xterm <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.fvpconf -- -C board.msd_mmc.p_mmc_file="${openSUSE raw image file path}" + +After successfully installing and booting the Linux distro, the user should see +a openSUSE login prompt. + +:: + + localhost login: + +Login with the username 'root' and password 'linux'. + +PSA API tests +---------------------- + +*************************************************************************************** +Run PSA API test commands (applicable to both FPGA and FVP) +*************************************************************************************** + +When running PSA API test commands (aka PSA Arch Tests) on MPS3 FPGA, the user should make sure there is no +USB stick connected to the board. Power on the board and boot the board to +Linux. Then, the user should follow the steps below to run the tests. + +When running the tests on the Corstone-1000 FVP, the user should follow the +instructions in `Running the software on FVP`_ section to boot Linux in FVP +host_terminal_0, and login using the username ``root``. + +First, load FF-A TEE kernel module: + +:: + + insmod /lib/modules/5.19.14-yocto-standard/extra/arm-ffa-tee.ko + +Then, check whether the FF-A TEE driver is loaded correctly by using the following command: + +:: + + cat /proc/modules | grep arm_ffa_tee The output should be: :: - arm_ffa_user 16384 - - Live 0xffffffc0084b0000 (O) + arm_ffa_tee 16384 - - Live 0xffffffc0004f0000 (O) -Now, run the PSA arch tests with following commands. The user should run the -tests in following order: +Now, run the PSA API tests in the following order: :: @@ -639,47 +971,108 @@ tests in following order: psa-its-api-test psa-ps-api-test -******************************************************** -Linux distro: OpenSUSE Raw image installation (FVP Only) -******************************************************** +External System tests +----------------------------------- + +*************************************************************************************** +Running the External System test command (systems-comms-tests) +*************************************************************************************** -Steps to download openSUSE Tumbleweed raw image: - - Go to: http://download.opensuse.org/ports/aarch64/tumbleweed/appliances/ - - The user should look for a Tumbleweed-ARM-JeOS-efi.aarch64-* Snapshot, for example, ``openSUSE-Tumbleweed-ARM-JeOS-efi.aarch64-2022.03.18-Snapshot20220331.raw.xz`` +Test 1: Releasing the External System out of reset +=================================================== -Once the .raw.xz file is downloaded, the raw image file needs to be extracted: +Run this command in the Linux command-line: :: - unxz <file-name.raw.xz> + systems-comms-tests 1 +The output on the External System terminal should be: -The above command will generate a file ending with extension .raw image. Now, use the following command -to run FVP with raw image installation process. +:: + + ___ ___ + | / __| + |=== \___ + |___ |___/ + External System Cortex-M3 Processor + Running RTX RTOS + v0.1.0_2022-10-19_16-41-32-8c9dca7 + MHUv2 module 'MHU0_H' started + MHUv2 module 'MHU1_H' started + MHUv2 module 'MHU0_SE' started + MHUv2 module 'MHU1_SE' started + +Test 2: Communication +============================================= + +Test 2 releases the External System out of reset if not already done. Then, it performs communication between host and External System. + +After running Test 1, run this command in the Linux command-line: :: -<_workspace>/meta-arm/scripts/runfvp --terminals=xterm <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.fvpconf -- -C board.msd_mmc.p_mmc_file="${openSUSE raw image file path}" + systems-comms-tests 2 -After successfully installing and booting the Linux distro, the user should see -a openSUSE login prompt. +Additional output on the External System terminal will be printed: :: - localhost login: + MHUv2: Message from 'MHU0_H': 0xabcdef1 + Received 'abcdef1' From Host MHU0 + CMD: Increment and return to sender... + MHUv2: Message from 'MHU1_H': 0xabcdef1 + Received 'abcdef1' From Host MHU1 + CMD: Increment and return to sender... -Login with the username 'root' and password 'linux'. +When running Test 2 the first, Test 1 will be run in the background. + +The output on the External System terminal should be: + +:: + + ___ ___ + | / __| + |=== \___ + |___ |___/ + External System Cortex-M3 Processor + Running RTX RTOS + v0.1.0_2022-10-19_16-41-32-8c9dca7 + MHUv2 module 'MHU0_H' started + MHUv2 module 'MHU1_H' started + MHUv2 module 'MHU0_SE' started + MHUv2 module 'MHU1_SE' started + MHUv2: Message from 'MHU0_H': 0xabcdef1 + Received 'abcdef1' From Host MHU0 + CMD: Increment and return to sender... + MHUv2: Message from 'MHU1_H': 0xabcdef1 + Received 'abcdef1' From Host MHU1 + CMD: Increment and return to sender... + +The output on the Host terminal should be: + +:: + + Received abcdf00 from es0mhu0 + Received abcdf00 from es0mhu1 + + +Tests results +----------------------------------- + +As a reference for the end user, reports for various tests for `Corstone-1000 software (CORSTONE1000-2022.11.23) <https://git.yoctoproject.org/meta-arm/tag/?h=CORSTONE1000-2022.11.23>`__ +can be found in `here <https://gitlab.arm.com/arm-reference-solutions/arm-reference-solutions-test-report/-/tree/master/embedded-a/corstone1000>`__. -************************************** Running the software on FVP on Windows -************************************** -If the user needs to run the Corstone1000 software on FVP on Windows. The user +--------------------------------------------------------------- + +If the user needs to run the Corstone-1000 software on FVP on Windows. The user should follow the build instructions in this document to build on Linux host PC, and copy the output binaries to the Windows PC where the FVP is located, and launch the FVP binary. -------------- -*Copyright (c) 2021, Arm Limited. All rights reserved.* +*Copyright (c) 2022, Arm Limited. All rights reserved.* .. _Arm Ecosystem FVPs: https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps diff --git a/meta-arm/meta-arm-bsp/documentation/fvp-baser-aemv8r64.md b/meta-arm/meta-arm-bsp/documentation/fvp-baser-aemv8r64.md index 9127a6ce72..e29aad34d6 100644 --- a/meta-arm/meta-arm-bsp/documentation/fvp-baser-aemv8r64.md +++ b/meta-arm/meta-arm-bsp/documentation/fvp-baser-aemv8r64.md @@ -27,9 +27,9 @@ The fvp-baser-aemv8r64 Yocto MACHINE supports the following BSP components, where either a standard or Real-Time Linux kernel (PREEMPT\_RT) can be built and run: - - FVP_Base_AEMv8R: v11.19.14 + - FVP_Base_AEMv8R: v11.20.15 - boot-wrapper-aarch64: provides PSCI support - - U-Boot: v2022.04 - provides UEFI services + - U-Boot: v2022.07 - provides UEFI services - Linux kernel: linux-yocto-5.15 - Linux kernel with PREEMPT\_RT support: linux-yocto-rt-5.15 diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/external-system/external-system_0.1.0.bb b/meta-arm/meta-arm-bsp/recipes-bsp/external-system/external-system_0.1.0.bb index 5bb8c37c56..dce29a93cd 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/external-system/external-system_0.1.0.bb +++ b/meta-arm/meta-arm-bsp/recipes-bsp/external-system/external-system_0.1.0.bb @@ -8,7 +8,8 @@ LICENSE = "BSD-3-Clause & Apache-2.0" LIC_FILES_CHKSUM = "file://license.md;md5=e44b2531cd6ffe9dece394dbe988d9a0 \ file://cmsis/LICENSE.txt;md5=e3fc50a88d0a364313df4b21ef20c29e" -SRC_URI = "gitsm://git.gitlab.arm.com/arm-reference-solutions/corstone1000/external_system/rtx.git;protocol=https;branch=master" +SRC_URI = "gitsm://git.gitlab.arm.com/arm-reference-solutions/corstone1000/external_system/rtx.git;protocol=https;branch=master \ + file://race.patch" SRCREV = "8c9dca74b104ff6c9722fb0738ba93dd3719c080" PV .= "+git${SRCPV}" diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/external-system/files/race.patch b/meta-arm/meta-arm-bsp/recipes-bsp/external-system/files/race.patch new file mode 100644 index 0000000000..c6bc4f2234 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-bsp/external-system/files/race.patch @@ -0,0 +1,66 @@ +Upstream-Status: Submitted [https://gitlab.arm.com/arm-reference-solutions/corstone1000/external_system/rtx/-/issues/1] +Signed-off-by: Ross Burton <ross.burton@arm.com> + +From 34e1c04534607f5605255f39fb46e26261fc9c4e Mon Sep 17 00:00:00 2001 +From: Ross Burton <ross.burton@arm.com> +Date: Tue, 8 Sep 2020 11:49:08 +0100 +Subject: [PATCH] tools/gen_module_code: atomically rewrite the generated files + +The gen_module rule in rules.mk is marked as .PHONY, so make will +execute it whenever it is mentioned. This results in gen_module_code +being executed 64 times for a Juno build. + +However in heavily parallel builds there's a good chance that +gen_module_code is writing a file whilst the compiler is reading it +because make also doesn't know what files are generated by +gen_module_code. + +The correct fix is to adjust the Makefiles so that the dependencies are +correct but this isn't trivial, so band-aid the problem by atomically +writing the generated files. + +Change-Id: I82d44f9ea6537a91002e1f80de8861d208571630 +Signed-off-by: Ross Burton <ross.burton@arm.com> +--- + tools/gen_module_code.py | 19 ++++++++++++++----- + 1 file changed, 14 insertions(+), 5 deletions(-) + +diff --git a/tools/gen_module_code.py b/tools/gen_module_code.py +index 7b3953845..ee099b713 100755 +--- a/tools/gen_module_code.py ++++ b/tools/gen_module_code.py +@@ -17,6 +17,7 @@ + import argparse + import os + import sys ++import tempfile + + DEFAULT_PATH = 'build/' + +@@ -53,13 +54,21 @@ + + def generate_file(path, filename, content): + full_filename = os.path.join(path, filename) +- with open(full_filename, 'a+') as f: +- f.seek(0) +- if f.read() != content: ++ ++ try: ++ with open(full_filename) as f: ++ rewrite = f.read() != content ++ except FileNotFoundError: ++ rewrite = True ++ ++ if rewrite: ++ with tempfile.NamedTemporaryFile(prefix="gen-module-code", ++ dir=path, ++ delete=False, ++ mode="wt") as f: + print("[GEN] {}...".format(full_filename)) +- f.seek(0) +- f.truncate() + f.write(content) ++ os.replace(f.name, full_filename) + + + def generate_header(path, modules): diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-image.bb b/meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-image.bb index 76a7126b29..932b161959 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-image.bb +++ b/meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-image.bb @@ -7,10 +7,15 @@ COMPATIBLE_MACHINE = "corstone1000" inherit image inherit wic_nopt tfm_sign_image +inherit uefi_capsule PACKAGE_INSTALL = "" -IMAGE_FSTYPES += "wic wic.nopt" +IMAGE_FSTYPES += "wic wic.nopt uefi_capsule" + +UEFI_FIRMWARE_BINARY = "${PN}-${MACHINE}.${CAPSULE_IMGTYPE}" +UEFI_CAPSULE_CONFIG = "${THISDIR}/files/${PN}-capsule-update-image.json" +CAPSULE_IMGTYPE = "wic.nopt" do_sign_images() { # Sign TF-A BL2 diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/images/files/corstone1000-image-capsule-update-image.json b/meta-arm/meta-arm-bsp/recipes-bsp/images/files/corstone1000-image-capsule-update-image.json new file mode 100644 index 0000000000..0f011ff740 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-bsp/images/files/corstone1000-image-capsule-update-image.json @@ -0,0 +1,11 @@ +{ + "Payloads": [ + { + "FwVersion": "5", + "Guid": "e2bb9c06-70e9-4b14-97a3-5a7913176e3f", + "LowestSupportedVersion": "1", + "Payload": "$UEFI_FIRMWARE_BINARY", + "UpdateImageIndex": "0" + } + ] +} diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/images/firmware-image-juno.bb b/meta-arm/meta-arm-bsp/recipes-bsp/images/firmware-image-juno.bb index 80565af633..45f2ec726a 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/images/firmware-image-juno.bb +++ b/meta-arm/meta-arm-bsp/recipes-bsp/images/firmware-image-juno.bb @@ -63,10 +63,10 @@ do_deploy() { done if [ "${INITRAMFS_IMAGE_BUNDLE}" -eq 1 ]; then - cp -L -f ${DEPLOY_DIR_IMAGE}/Image-initramfs-juno.bin \ + cp -L -f ${DEPLOY_DIR_IMAGE}/Image.gz-initramfs-juno.bin \ ${D}/${UNPACK_DIR}/SOFTWARE/Image else - cp -L -f ${DEPLOY_DIR_IMAGE}/Image ${D}/${UNPACK_DIR}/SOFTWARE/ + cp -L -f ${DEPLOY_DIR_IMAGE}/${KERNEL_IMAGETYPE} ${D}/${UNPACK_DIR}/SOFTWARE/ fi # Compress the files diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0007-corstone1000-adjust-PS-asset-configuration.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0007-corstone1000-adjust-PS-asset-configuration.patch new file mode 100644 index 0000000000..7fae7b69b0 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0007-corstone1000-adjust-PS-asset-configuration.patch @@ -0,0 +1,27 @@ +From 5be42e1c05205209fc3988f0df30a02da95c2448 Mon Sep 17 00:00:00 2001 +From: Rui Miguel Silva <rui.silva@linaro.org> +Date: Wed, 2 Nov 2022 00:12:35 +0000 +Subject: [PATCH] corstone1000: adjust PS asset configuration + +Adjust protected storage asset configuration to be more inline +with the one in trusted service side, that would make thinks +work when testing and using more than the default variables. + +Upstream-Status: Pending +Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> +--- + platform/ext/target/arm/corstone1000/config.cmake | 1 ++ + 1 file changed, 1 insertions(+) + +diff --git a/platform/ext/target/arm/corstone1000/config.cmake b/platform/ext/target/arm/corstone1000/config.cmake +index ab0fe17ba886..c2b4b646e6b0 100644 +--- a/platform/ext/target/arm/corstone1000/config.cmake ++++ b/platform/ext/target/arm/corstone1000/config.cmake +@@ -56,3 +56,4 @@ set(PS_ENCRYPTION OFF CACHE BOOL "Enable + set(PS_ROLLBACK_PROTECTION OFF CACHE BOOL "Enable rollback protection for Protected Storage partition") + + set(PLATFORM_SERVICE_OUTPUT_BUFFER_SIZE 256 CACHE STRING "Size of output buffer in platform service.") ++set(PS_NUM_ASSETS "40" CACHE STRING "The maximum number of assets to be stored in the Protected Storage area") +-- +2.38.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-corstone1000.inc b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-corstone1000.inc index 341a5942e0..58ad103262 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-corstone1000.inc +++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-corstone1000.inc @@ -34,6 +34,7 @@ SRC_URI:append:corstone1000 = " \ file://0004-Platform-Partition-Allow-configuration-of-input-and-.patch \ file://0005-corstone1000-support-for-UEFI-FMP-image-Information.patch \ file://0006-corstone1000-remove-two-partition-configuration.patch \ + file://0007-corstone1000-adjust-PS-asset-configuration.patch \ " do_install() { diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/juno/0002-configs-vexpress-modify-to-boot-compressed-initramfs.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/juno/0002-configs-vexpress-modify-to-boot-compressed-initramfs.patch new file mode 100644 index 0000000000..2bf68fe6dc --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/juno/0002-configs-vexpress-modify-to-boot-compressed-initramfs.patch @@ -0,0 +1,41 @@ +From 097a43223da4fa42335944295903ede2755e2dfd Mon Sep 17 00:00:00 2001 +From: Jon Mason <jdmason@kudzu.us> +Date: Mon, 19 Dec 2022 11:36:04 -0500 +Subject: [PATCH] configs: vexpress: modify to boot compressed initramfs + +Signed-off-by: Jon Mason <jdmason@kudzu.us> +Upstream-Status: Inappropriate + +--- + configs/vexpress_aemv8a_juno_defconfig | 1 + + include/configs/vexpress_aemv8.h | 2 ++ + 2 files changed, 3 insertions(+) + +diff --git a/configs/vexpress_aemv8a_juno_defconfig b/configs/vexpress_aemv8a_juno_defconfig +index e02124cc7f54..6ffe8f5fe67e 100644 +--- a/configs/vexpress_aemv8a_juno_defconfig ++++ b/configs/vexpress_aemv8a_juno_defconfig +@@ -16,6 +16,7 @@ CONFIG_SYS_LOAD_ADDR=0x90000000 + CONFIG_BOOTDELAY=1 + CONFIG_USE_BOOTARGS=y + CONFIG_BOOTARGS="console=ttyAMA0,115200n8 root=/dev/sda2 rw rootwait earlycon=pl011,0x7ff80000 debug user_debug=31 androidboot.hardware=juno loglevel=9" ++CONFIG_BOOTCOMMAND="echo running default boot command; afs load ${kernel_name} ${kernel_addr_r} ; if test $? -eq 1; then echo Loading ${kernel_alt_name} instead of ${kernel_name}; afs load ${kernel_alt_name} ${kernel_addr_r};fi ; afs load ${fdtfile} ${fdt_addr_r} ; if test $? -eq 1; then echo Loading ${fdt_alt_name} instead of ${fdtfile}; afs load ${fdt_alt_name} ${fdt_addr_r}; fi ; fdt addr ${fdt_addr_r}; fdt resize; if afs load ${initrd_name} ${initrd_addr_r} ; then setenv initrd_param ${initrd_addr_r}; else setenv initrd_param -; fi ; booti ${kernel_addr_r} ${initrd_param} ${fdt_addr_r}" + # CONFIG_DISPLAY_CPUINFO is not set + # CONFIG_DISPLAY_BOARDINFO is not set + CONFIG_SYS_PROMPT="VExpress64# " +diff --git a/include/configs/vexpress_aemv8.h b/include/configs/vexpress_aemv8.h +index cd7f6c1b9ba0..c2f5eb302076 100644 +--- a/include/configs/vexpress_aemv8.h ++++ b/include/configs/vexpress_aemv8.h +@@ -164,6 +164,8 @@ + "kernel_name=norkern\0" \ + "kernel_alt_name=Image\0" \ + "kernel_addr_r=0x80080000\0" \ ++ "kernel_comp_addr_r=0x90000000\0" \ ++ "kernel_comp_size=0x3000000\0" \ + "initrd_name=ramdisk.img\0" \ + "initrd_addr_r=0x88000000\0" \ + "fdtfile=board.dtb\0" \ +-- +2.30.2 + diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot_%.bbappend b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot_%.bbappend index 6144e97ac6..e01c850199 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot_%.bbappend +++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot_%.bbappend @@ -82,7 +82,9 @@ SRC_URI:append:fvp-baser-aemv8r64 = " \ # # Juno Machines # -SRC_URI:append:juno = " file://0001-arm-juno-add-custom-bootcmd-to-autoboot-from-uEnv.tx.patch" +SRC_URI:append:juno = " file://0001-arm-juno-add-custom-bootcmd-to-autoboot-from-uEnv.tx.patch \ + file://0002-configs-vexpress-modify-to-boot-compressed-initramfs.patch \ + " # diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/fvp-base/0001-arm64-dts-fvp-Enable-virtio-rng-support.patch b/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/fvp-base/0001-arm64-dts-fvp-Enable-virtio-rng-support.patch new file mode 100644 index 0000000000..1cbdc9afe1 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/fvp-base/0001-arm64-dts-fvp-Enable-virtio-rng-support.patch @@ -0,0 +1,29 @@ +From b443c8efd563dc372c60e7ad9f52aeddf7c13706 Mon Sep 17 00:00:00 2001 +From: Anton Antonov <Anton.Antonov@arm.com> +Date: Mon, 7 Nov 2022 11:37:51 +0000 +Subject: [PATCH] arm64: dts: fvp: Enable virtio-rng support + +The virtio-rng is available from FVP_Base_RevC-2xAEMvA version 11.17. +Enable it since Yocto includes a recipe for a newer FVP version. + +Upstream-Status: Inappropriate [Yocto specific] +Signed-off-by: Anton Antonov <Anton.Antonov@arm.com> +--- + arch/arm64/boot/dts/arm/rtsm_ve-motherboard-rs2.dtsi | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/arch/arm64/boot/dts/arm/rtsm_ve-motherboard-rs2.dtsi b/arch/arm64/boot/dts/arm/rtsm_ve-motherboard-rs2.dtsi +index ec2d5280a30b..acafdcbf1063 100644 +--- a/arch/arm64/boot/dts/arm/rtsm_ve-motherboard-rs2.dtsi ++++ b/arch/arm64/boot/dts/arm/rtsm_ve-motherboard-rs2.dtsi +@@ -26,7 +26,6 @@ virtio@200000 { + compatible = "virtio,mmio"; + reg = <0x200000 0x200>; + interrupts = <46>; +- status = "disabled"; + }; + }; + }; +-- +2.25.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/juno/0001-arm64-dts-juno-Add-thermal-critical-trip-points.patch b/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/juno/0001-arm64-dts-juno-Add-thermal-critical-trip-points.patch new file mode 100644 index 0000000000..1c0f25eba1 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/juno/0001-arm64-dts-juno-Add-thermal-critical-trip-points.patch @@ -0,0 +1,60 @@ +From c4a7b9b587ca1bb4678d48d8be7132492b23a81c Mon Sep 17 00:00:00 2001 +From: Cristian Marussi <cristian.marussi@arm.com> +Date: Fri, 28 Oct 2022 15:08:33 +0100 +Subject: [PATCH] arm64: dts: juno: Add thermal critical trip points + +When thermnal zones are defined, trip points definitions are mandatory. +Define a couple of critical trip points for monitoring of existing +PMIC and SOC thermal zones. + +This was lost between txt to yaml conversion and was re-enforced recently +via the commit 8c596324232d ("dt-bindings: thermal: Fix missing required property") + +Cc: Rob Herring <robh+dt@kernel.org> +Cc: Krzysztof Kozlowski <krzysztof.kozlowski+dt@linaro.org> +Cc: devicetree@vger.kernel.org +Signed-off-by: Cristian Marussi <cristian.marussi@arm.com> +Fixes: f7b636a8d83c ("arm64: dts: juno: add thermal zones for scpi sensors") +Link: https://lore.kernel.org/r/20221028140833.280091-8-cristian.marussi@arm.com +Signed-off-by: Sudeep Holla <sudeep.holla@arm.com> + +Signed-off-by: Jon Mason <jon.mason@arm.com> +Upstream-Status: Backport +--- + arch/arm64/boot/dts/arm/juno-base.dtsi | 14 ++++++++++++++ + 1 file changed, 14 insertions(+) + +diff --git a/arch/arm64/boot/dts/arm/juno-base.dtsi b/arch/arm64/boot/dts/arm/juno-base.dtsi +index 2f27619d8abd..8b4d280b1e7e 100644 +--- a/arch/arm64/boot/dts/arm/juno-base.dtsi ++++ b/arch/arm64/boot/dts/arm/juno-base.dtsi +@@ -751,12 +751,26 @@ pmic { + polling-delay = <1000>; + polling-delay-passive = <100>; + thermal-sensors = <&scpi_sensors0 0>; ++ trips { ++ pmic_crit0: trip0 { ++ temperature = <90000>; ++ hysteresis = <2000>; ++ type = "critical"; ++ }; ++ }; + }; + + soc { + polling-delay = <1000>; + polling-delay-passive = <100>; + thermal-sensors = <&scpi_sensors0 3>; ++ trips { ++ soc_crit0: trip0 { ++ temperature = <80000>; ++ hysteresis = <2000>; ++ type = "critical"; ++ }; ++ }; + }; + + big_cluster_thermal_zone: big-cluster { +-- +2.30.2 + diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/juno/0002-arm64-dts-Update-cache-properties-for-Arm-Ltd-platfo.patch b/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/juno/0002-arm64-dts-Update-cache-properties-for-Arm-Ltd-platfo.patch new file mode 100644 index 0000000000..f19fb8b9e2 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/juno/0002-arm64-dts-Update-cache-properties-for-Arm-Ltd-platfo.patch @@ -0,0 +1,141 @@ +From 59fb813f9742b349f48250bd7793279cafe2752c Mon Sep 17 00:00:00 2001 +From: Pierre Gondois <pierre.gondois@arm.com> +Date: Mon, 7 Nov 2022 16:56:58 +0100 +Subject: [PATCH] arm64: dts: Update cache properties for Arm Ltd platforms + +The DeviceTree Specification v0.3 specifies that the cache node +"compatible" and "cache-level" properties are required. + +Cf. s3.8 Multi-level and Shared Cache Nodes +The 'cache-unified' property should be present if one of the properties +for unified cache is present ('cache-size', ...). + +Update the relevant device trees nodes accordingly. + +Signed-off-by: Pierre Gondois <pierre.gondois@arm.com> +Link: https://lore.kernel.org/r/20221107155825.1644604-6-pierre.gondois@arm.com +Signed-off-by: Sudeep Holla <sudeep.holla@arm.com> + +Signed-off-by: Jon Mason <jon.mason@arm.com> +Upstream-Status: Backport +--- + arch/arm64/boot/dts/arm/corstone1000.dtsi | 1 + + arch/arm64/boot/dts/arm/foundation-v8.dtsi | 1 + + arch/arm64/boot/dts/arm/juno-r1.dts | 2 ++ + arch/arm64/boot/dts/arm/juno-r2.dts | 2 ++ + arch/arm64/boot/dts/arm/juno.dts | 2 ++ + arch/arm64/boot/dts/arm/rtsm_ve-aemv8a.dts | 1 + + arch/arm64/boot/dts/arm/vexpress-v2f-1xv7-ca53x2.dts | 1 + + 7 files changed, 10 insertions(+) + +diff --git a/arch/arm64/boot/dts/arm/corstone1000.dtsi b/arch/arm64/boot/dts/arm/corstone1000.dtsi +index 4e46826f883a..21f1f952e985 100644 +--- a/arch/arm64/boot/dts/arm/corstone1000.dtsi ++++ b/arch/arm64/boot/dts/arm/corstone1000.dtsi +@@ -53,6 +53,7 @@ gic: interrupt-controller@1c000000 { + + L2_0: l2-cache0 { + compatible = "cache"; ++ cache-unified; + cache-level = <2>; + cache-size = <0x80000>; + cache-line-size = <64>; +diff --git a/arch/arm64/boot/dts/arm/foundation-v8.dtsi b/arch/arm64/boot/dts/arm/foundation-v8.dtsi +index 83e3e7e3984f..c8bd23b1a7ba 100644 +--- a/arch/arm64/boot/dts/arm/foundation-v8.dtsi ++++ b/arch/arm64/boot/dts/arm/foundation-v8.dtsi +@@ -58,6 +58,7 @@ cpu3: cpu@3 { + + L2_0: l2-cache0 { + compatible = "cache"; ++ cache-level = <2>; + }; + }; + +diff --git a/arch/arm64/boot/dts/arm/juno-r1.dts b/arch/arm64/boot/dts/arm/juno-r1.dts +index 6451c62146fd..1d90eeebb37d 100644 +--- a/arch/arm64/boot/dts/arm/juno-r1.dts ++++ b/arch/arm64/boot/dts/arm/juno-r1.dts +@@ -189,6 +189,7 @@ A53_3: cpu@103 { + + A57_L2: l2-cache0 { + compatible = "cache"; ++ cache-unified; + cache-size = <0x200000>; + cache-line-size = <64>; + cache-sets = <2048>; +@@ -197,6 +198,7 @@ A57_L2: l2-cache0 { + + A53_L2: l2-cache1 { + compatible = "cache"; ++ cache-unified; + cache-size = <0x100000>; + cache-line-size = <64>; + cache-sets = <1024>; +diff --git a/arch/arm64/boot/dts/arm/juno-r2.dts b/arch/arm64/boot/dts/arm/juno-r2.dts +index 438cd1ff4bd0..d2ada69b0a43 100644 +--- a/arch/arm64/boot/dts/arm/juno-r2.dts ++++ b/arch/arm64/boot/dts/arm/juno-r2.dts +@@ -195,6 +195,7 @@ A53_3: cpu@103 { + + A72_L2: l2-cache0 { + compatible = "cache"; ++ cache-unified; + cache-size = <0x200000>; + cache-line-size = <64>; + cache-sets = <2048>; +@@ -203,6 +204,7 @@ A72_L2: l2-cache0 { + + A53_L2: l2-cache1 { + compatible = "cache"; ++ cache-unified; + cache-size = <0x100000>; + cache-line-size = <64>; + cache-sets = <1024>; +diff --git a/arch/arm64/boot/dts/arm/juno.dts b/arch/arm64/boot/dts/arm/juno.dts +index cf4a58211399..5e48a01a5b9f 100644 +--- a/arch/arm64/boot/dts/arm/juno.dts ++++ b/arch/arm64/boot/dts/arm/juno.dts +@@ -194,6 +194,7 @@ A53_3: cpu@103 { + + A57_L2: l2-cache0 { + compatible = "cache"; ++ cache-unified; + cache-size = <0x200000>; + cache-line-size = <64>; + cache-sets = <2048>; +@@ -202,6 +203,7 @@ A57_L2: l2-cache0 { + + A53_L2: l2-cache1 { + compatible = "cache"; ++ cache-unified; + cache-size = <0x100000>; + cache-line-size = <64>; + cache-sets = <1024>; +diff --git a/arch/arm64/boot/dts/arm/rtsm_ve-aemv8a.dts b/arch/arm64/boot/dts/arm/rtsm_ve-aemv8a.dts +index 258991ad7cc0..ef68f5aae7dd 100644 +--- a/arch/arm64/boot/dts/arm/rtsm_ve-aemv8a.dts ++++ b/arch/arm64/boot/dts/arm/rtsm_ve-aemv8a.dts +@@ -71,6 +71,7 @@ cpu@3 { + + L2_0: l2-cache0 { + compatible = "cache"; ++ cache-level = <2>; + }; + }; + +diff --git a/arch/arm64/boot/dts/arm/vexpress-v2f-1xv7-ca53x2.dts b/arch/arm64/boot/dts/arm/vexpress-v2f-1xv7-ca53x2.dts +index 5b6d9d8e934d..796cd7d02eb5 100644 +--- a/arch/arm64/boot/dts/arm/vexpress-v2f-1xv7-ca53x2.dts ++++ b/arch/arm64/boot/dts/arm/vexpress-v2f-1xv7-ca53x2.dts +@@ -57,6 +57,7 @@ cpu@1 { + + L2_0: l2-cache0 { + compatible = "cache"; ++ cache-level = <2>; + }; + }; + +-- +2.30.2 + diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/juno/0003-arm64-dts-fvp-Add-SPE-to-Foundation-FVP.patch b/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/juno/0003-arm64-dts-fvp-Add-SPE-to-Foundation-FVP.patch new file mode 100644 index 0000000000..34dd025189 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/juno/0003-arm64-dts-fvp-Add-SPE-to-Foundation-FVP.patch @@ -0,0 +1,38 @@ +From 3bd7a0219082c2c91570b81afc35f2aec57cade2 Mon Sep 17 00:00:00 2001 +From: James Clark <james.clark@arm.com> +Date: Thu, 17 Nov 2022 10:25:36 +0000 +Subject: [PATCH] arm64: dts: fvp: Add SPE to Foundation FVP + +Add SPE DT node to FVP model. If the model doesn't support SPE (e.g., +turned off via parameter), the driver will skip the initialisation +accordingly and thus is safe. + +Signed-off-by: James Clark <james.clark@arm.com> +Link: https://lore.kernel.org/r/20221117102536.237515-1-james.clark@arm.com +Signed-off-by: Sudeep Holla <sudeep.holla@arm.com> + +Signed-off-by: Jon Mason <jon.mason@arm.com> +Upstream-Status: Backport +--- + arch/arm64/boot/dts/arm/foundation-v8.dtsi | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/arch/arm64/boot/dts/arm/foundation-v8.dtsi b/arch/arm64/boot/dts/arm/foundation-v8.dtsi +index c8bd23b1a7ba..029578072d8f 100644 +--- a/arch/arm64/boot/dts/arm/foundation-v8.dtsi ++++ b/arch/arm64/boot/dts/arm/foundation-v8.dtsi +@@ -85,6 +85,11 @@ pmu { + <GIC_SPI 63 IRQ_TYPE_LEVEL_HIGH>; + }; + ++ spe-pmu { ++ compatible = "arm,statistical-profiling-extension-v1"; ++ interrupts = <GIC_PPI 5 IRQ_TYPE_LEVEL_HIGH>; ++ }; ++ + watchdog@2a440000 { + compatible = "arm,sbsa-gwdt"; + reg = <0x0 0x2a440000 0 0x1000>, +-- +2.30.2 + diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/juno/0004-arm64-dts-fvp-Add-information-about-L1-and-L2-caches.patch b/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/juno/0004-arm64-dts-fvp-Add-information-about-L1-and-L2-caches.patch new file mode 100644 index 0000000000..72f7161fee --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/juno/0004-arm64-dts-fvp-Add-information-about-L1-and-L2-caches.patch @@ -0,0 +1,149 @@ +From b2d5025e129289d9b914c696646e64495a7453c0 Mon Sep 17 00:00:00 2001 +From: Sudeep Holla <sudeep.holla@arm.com> +Date: Fri, 18 Nov 2022 15:10:17 +0000 +Subject: [PATCH] arm64: dts: fvp: Add information about L1 and L2 caches + +Add the information about L1 and L2 caches on FVP RevC platform. +Though the cache size is configurable through the model parameters, +having default values in the device tree helps to exercise and debug +any code utilising the cache information without the need of real +hardware. + +Link: https://lore.kernel.org/r/20221118151017.704716-1-sudeep.holla@arm.com +Signed-off-by: Sudeep Holla <sudeep.holla@arm.com> + +Signed-off-by: Jon Mason <jon.mason@arm.com> +Upstream-Status: Backport +--- + arch/arm64/boot/dts/arm/fvp-base-revc.dts | 73 +++++++++++++++++++++++ + 1 file changed, 73 insertions(+) + +diff --git a/arch/arm64/boot/dts/arm/fvp-base-revc.dts b/arch/arm64/boot/dts/arm/fvp-base-revc.dts +index 5f6f30c801a7..60472d65a355 100644 +--- a/arch/arm64/boot/dts/arm/fvp-base-revc.dts ++++ b/arch/arm64/boot/dts/arm/fvp-base-revc.dts +@@ -47,48 +47,121 @@ cpu0: cpu@0 { + compatible = "arm,armv8"; + reg = <0x0 0x000>; + enable-method = "psci"; ++ i-cache-size = <0x8000>; ++ i-cache-line-size = <64>; ++ i-cache-sets = <256>; ++ d-cache-size = <0x8000>; ++ d-cache-line-size = <64>; ++ d-cache-sets = <256>; ++ next-level-cache = <&C0_L2>; + }; + cpu1: cpu@100 { + device_type = "cpu"; + compatible = "arm,armv8"; + reg = <0x0 0x100>; + enable-method = "psci"; ++ i-cache-size = <0x8000>; ++ i-cache-line-size = <64>; ++ i-cache-sets = <256>; ++ d-cache-size = <0x8000>; ++ d-cache-line-size = <64>; ++ d-cache-sets = <256>; ++ next-level-cache = <&C0_L2>; + }; + cpu2: cpu@200 { + device_type = "cpu"; + compatible = "arm,armv8"; + reg = <0x0 0x200>; + enable-method = "psci"; ++ i-cache-size = <0x8000>; ++ i-cache-line-size = <64>; ++ i-cache-sets = <256>; ++ d-cache-size = <0x8000>; ++ d-cache-line-size = <64>; ++ d-cache-sets = <256>; ++ next-level-cache = <&C0_L2>; + }; + cpu3: cpu@300 { + device_type = "cpu"; + compatible = "arm,armv8"; + reg = <0x0 0x300>; + enable-method = "psci"; ++ i-cache-size = <0x8000>; ++ i-cache-line-size = <64>; ++ i-cache-sets = <256>; ++ d-cache-size = <0x8000>; ++ d-cache-line-size = <64>; ++ d-cache-sets = <256>; ++ next-level-cache = <&C0_L2>; + }; + cpu4: cpu@10000 { + device_type = "cpu"; + compatible = "arm,armv8"; + reg = <0x0 0x10000>; + enable-method = "psci"; ++ i-cache-size = <0x8000>; ++ i-cache-line-size = <64>; ++ i-cache-sets = <256>; ++ d-cache-size = <0x8000>; ++ d-cache-line-size = <64>; ++ d-cache-sets = <256>; ++ next-level-cache = <&C1_L2>; + }; + cpu5: cpu@10100 { + device_type = "cpu"; + compatible = "arm,armv8"; + reg = <0x0 0x10100>; + enable-method = "psci"; ++ i-cache-size = <0x8000>; ++ i-cache-line-size = <64>; ++ i-cache-sets = <256>; ++ d-cache-size = <0x8000>; ++ d-cache-line-size = <64>; ++ d-cache-sets = <256>; ++ next-level-cache = <&C1_L2>; + }; + cpu6: cpu@10200 { + device_type = "cpu"; + compatible = "arm,armv8"; + reg = <0x0 0x10200>; + enable-method = "psci"; ++ i-cache-size = <0x8000>; ++ i-cache-line-size = <64>; ++ i-cache-sets = <256>; ++ d-cache-size = <0x8000>; ++ d-cache-line-size = <64>; ++ d-cache-sets = <256>; ++ next-level-cache = <&C1_L2>; + }; + cpu7: cpu@10300 { + device_type = "cpu"; + compatible = "arm,armv8"; + reg = <0x0 0x10300>; + enable-method = "psci"; ++ i-cache-size = <0x8000>; ++ i-cache-line-size = <64>; ++ i-cache-sets = <256>; ++ d-cache-size = <0x8000>; ++ d-cache-line-size = <64>; ++ d-cache-sets = <256>; ++ next-level-cache = <&C1_L2>; ++ }; ++ C0_L2: l2-cache0 { ++ compatible = "cache"; ++ cache-size = <0x80000>; ++ cache-line-size = <64>; ++ cache-sets = <512>; ++ cache-level = <2>; ++ cache-unified; ++ }; ++ ++ C1_L2: l2-cache1 { ++ compatible = "cache"; ++ cache-size = <0x80000>; ++ cache-line-size = <64>; ++ cache-sets = <512>; ++ cache-level = <2>; ++ cache-unified; + }; + }; + +-- +2.30.2 + diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/juno/0005-ARM-dts-vexpress-align-LED-node-names-with-dtschema.patch b/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/juno/0005-ARM-dts-vexpress-align-LED-node-names-with-dtschema.patch new file mode 100644 index 0000000000..c551250869 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/juno/0005-ARM-dts-vexpress-align-LED-node-names-with-dtschema.patch @@ -0,0 +1,84 @@ +From e15031539490733279c41ba87f4ef2b440a685f5 Mon Sep 17 00:00:00 2001 +From: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org> +Date: Fri, 25 Nov 2022 15:41:12 +0100 +Subject: [PATCH] ARM: dts: vexpress: align LED node names with dtschema + +The node names should be generic and DT schema expects certain pattern. + + vexpress-v2p-ca9.dtb: leds: 'user1', 'user2', 'user3', 'user4', 'user5', 'user6', 'user7', 'user8' do not match any of the regexes: '(^led-[0-9a-f]$|led)', 'pinctrl-[0-9]+' + +Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org> +Link: https://lore.kernel.org/r/20221125144112.476817-1-krzysztof.kozlowski@linaro.org +Signed-off-by: Sudeep Holla <sudeep.holla@arm.com> + +Signed-off-by: Jon Mason <jon.mason@arm.com> +Upstream-Status: Backport +--- + arch/arm/boot/dts/vexpress-v2m.dtsi | 16 ++++++++-------- + 1 file changed, 8 insertions(+), 8 deletions(-) + +diff --git a/arch/arm/boot/dts/vexpress-v2m.dtsi b/arch/arm/boot/dts/vexpress-v2m.dtsi +index f434fe5cf4a1..def538ce8769 100644 +--- a/arch/arm/boot/dts/vexpress-v2m.dtsi ++++ b/arch/arm/boot/dts/vexpress-v2m.dtsi +@@ -383,49 +383,49 @@ v2m_refclk32khz: refclk32khz { + leds { + compatible = "gpio-leds"; + +- user1 { ++ led-user1 { + label = "v2m:green:user1"; + gpios = <&v2m_led_gpios 0 0>; + linux,default-trigger = "heartbeat"; + }; + +- user2 { ++ led-user2 { + label = "v2m:green:user2"; + gpios = <&v2m_led_gpios 1 0>; + linux,default-trigger = "mmc0"; + }; + +- user3 { ++ led-user3 { + label = "v2m:green:user3"; + gpios = <&v2m_led_gpios 2 0>; + linux,default-trigger = "cpu0"; + }; + +- user4 { ++ led-user4 { + label = "v2m:green:user4"; + gpios = <&v2m_led_gpios 3 0>; + linux,default-trigger = "cpu1"; + }; + +- user5 { ++ led-user5 { + label = "v2m:green:user5"; + gpios = <&v2m_led_gpios 4 0>; + linux,default-trigger = "cpu2"; + }; + +- user6 { ++ led-user6 { + label = "v2m:green:user6"; + gpios = <&v2m_led_gpios 5 0>; + linux,default-trigger = "cpu3"; + }; + +- user7 { ++ led-user7 { + label = "v2m:green:user7"; + gpios = <&v2m_led_gpios 6 0>; + linux,default-trigger = "cpu4"; + }; + +- user8 { ++ led-user8 { + label = "v2m:green:user8"; + gpios = <&v2m_led_gpios 7 0>; + linux,default-trigger = "cpu5"; +-- +2.30.2 + diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm-platforms.inc b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm-platforms.inc index 99a40e7777..4f9bcfdf57 100644 --- a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm-platforms.inc +++ b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm-platforms.inc @@ -36,7 +36,6 @@ SRC_URI:append:corstone500 = " \ # Corstone1000 KMACHINE # FILESEXTRAPATHS:prepend:corstone1000 := "${ARMBSPFILESPATHS}" -FILESEXTRAPATHS:prepend:corstone1000 := "${ARMFILESPATHS}" COMPATIBLE_MACHINE:corstone1000 = "${MACHINE}" KCONFIG_MODE:corstone1000 = "--alldefconfig" KMACHINE:corstone1000 = "corstone1000" @@ -70,6 +69,7 @@ KERNEL_FEATURES:corstone1000 = "" COMPATIBLE_MACHINE:fvp-base = "fvp-base" KMACHINE:fvp-base = "fvp" FILESEXTRAPATHS:prepend:fvp-base := "${ARMBSPFILESPATHS}" +SRC_URI:append:fvp-base = " file://0001-arm64-dts-fvp-Enable-virtio-rng-support.patch" # # FVP BASE ARM32 KMACHINE @@ -100,6 +100,13 @@ COMPATIBLE_MACHINE:juno = "juno" KBUILD_DEFCONFIG:juno = "defconfig" KCONFIG_MODE:juno = "--alldefconfig" FILESEXTRAPATHS:prepend:juno := "${ARMBSPFILESPATHS}" +SRC_URI:append:juno = " \ + file://0001-arm64-dts-juno-Add-thermal-critical-trip-points.patch \ + file://0002-arm64-dts-Update-cache-properties-for-Arm-Ltd-platfo.patch \ + file://0003-arm64-dts-fvp-Add-SPE-to-Foundation-FVP.patch \ + file://0004-arm64-dts-fvp-Add-information-about-L1-and-L2-caches.patch \ + file://0005-ARM-dts-vexpress-align-LED-node-names-with-dtschema.patch \ + " # # Musca B1/S2 can't run Linux @@ -115,7 +122,6 @@ COMPATIBLE_MACHINE:n1sdp = "n1sdp" KBUILD_DEFCONFIG:n1sdp = "defconfig" KCONFIG_MODE:n1sdp = "--alldefconfig" FILESEXTRAPATHS:prepend:n1sdp := "${ARMBSPFILESPATHS}" -FILESEXTRAPATHS:prepend:n1sdp := "${ARMFILESPATHS}" SRC_URI:append:n1sdp = " \ file://0001-iommu-arm-smmu-v3-workaround-for-ATC_INV_SIZE_ALL-in.patch \ file://0002-n1sdp-pci_quirk-add-acs-override-for-PCI-devices.patch \ diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/n1sdp/0005-plat-n1sdp-register-DRAM1-to-optee-os.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/n1sdp/0005-plat-n1sdp-register-DRAM1-to-optee-os.patch new file mode 100644 index 0000000000..d9e20f8c76 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/n1sdp/0005-plat-n1sdp-register-DRAM1-to-optee-os.patch @@ -0,0 +1,52 @@ +Upstream-Status: Pending [Not submitted to upstream yet] +Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com> + +From 2eb1da30564428551ca687d456d848129105abac Mon Sep 17 00:00:00 2001 +From: Vishnu Banavath <vishnu.banavath@arm.com> +Date: Tue, 25 Oct 2022 19:08:49 +0100 +Subject: [PATCH] plat-n1sdp: register DRAM1 to optee-os + +N1SDP supports two DRAM's. This change is to add 2nd DRAM +starting at 0x8080000000 address. + +Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com> + +diff --git a/core/arch/arm/plat-n1sdp/conf.mk b/core/arch/arm/plat-n1sdp/conf.mk +index 06b4975a..5374e406 100644 +--- a/core/arch/arm/plat-n1sdp/conf.mk ++++ b/core/arch/arm/plat-n1sdp/conf.mk +@@ -38,4 +38,4 @@ CFG_SHMEM_START ?= 0x83000000 + CFG_SHMEM_SIZE ?= 0x00210000 + # DRAM1 is defined above 4G + $(call force,CFG_CORE_LARGE_PHYS_ADDR,y) +-$(call force,CFG_CORE_ARM64_PA_BITS,36) ++$(call force,CFG_CORE_ARM64_PA_BITS,42) +diff --git a/core/arch/arm/plat-n1sdp/main.c b/core/arch/arm/plat-n1sdp/main.c +index cfb7f19b..bb951ce6 100644 +--- a/core/arch/arm/plat-n1sdp/main.c ++++ b/core/arch/arm/plat-n1sdp/main.c +@@ -33,6 +33,7 @@ static struct pl011_data console_data __nex_bss; + register_phys_mem_pgdir(MEM_AREA_IO_SEC, CONSOLE_UART_BASE, PL011_REG_SIZE); + + register_ddr(DRAM0_BASE, DRAM0_SIZE); ++register_ddr(DRAM1_BASE, DRAM1_SIZE); + + register_phys_mem_pgdir(MEM_AREA_IO_SEC, GICD_BASE, GIC_DIST_REG_SIZE); + register_phys_mem_pgdir(MEM_AREA_IO_SEC, GICC_BASE, GIC_DIST_REG_SIZE); +diff --git a/core/arch/arm/plat-n1sdp/platform_config.h b/core/arch/arm/plat-n1sdp/platform_config.h +index 81b99409..bf0a3c83 100644 +--- a/core/arch/arm/plat-n1sdp/platform_config.h ++++ b/core/arch/arm/plat-n1sdp/platform_config.h +@@ -35,6 +35,9 @@ + #define DRAM0_BASE 0x80000000 + #define DRAM0_SIZE 0x80000000 + ++#define DRAM1_BASE 0x8080000000ULL ++#define DRAM1_SIZE 0x80000000ULL ++ + #define GICD_BASE 0x30000000 + #define GICC_BASE 0x2C000000 + #define GICR_BASE 0x300C0000 +-- +2.17.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-n1sdp.inc b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-n1sdp.inc index 219f08bfd7..5e6e150710 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-n1sdp.inc +++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-n1sdp.inc @@ -11,6 +11,7 @@ SRC_URI:append = " \ file://0002-plat-n1sdp-add-N1SDP-platform-support.patch \ file://0003-HACK-disable-instruction-cache-and-data-cache.patch \ file://0004-Handle-logging-syscall.patch \ + file://0005-plat-n1sdp-register-DRAM1-to-optee-os.patch \ " EXTRA_OEMAKE += " CFG_TEE_CORE_LOG_LEVEL=4" diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0001-Add-openamp-to-SE-proxy-deployment.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0001-Add-openamp-to-SE-proxy-deployment.patch index 801905d97a..c44885cf04 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0001-Add-openamp-to-SE-proxy-deployment.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0001-Add-openamp-to-SE-proxy-deployment.patch @@ -1,7 +1,7 @@ -From 7c9589c4bb056db5e1696f2a777891ab235b1b63 Mon Sep 17 00:00:00 2001 +From 13de79cd4f0d25b812e5f4ad4a19bc075496be83 Mon Sep 17 00:00:00 2001 From: Vishnu Banavath <vishnu.banavath@arm.com> Date: Fri, 3 Dec 2021 16:36:51 +0000 -Subject: [PATCH 01/19] Add openamp to SE proxy deployment +Subject: [PATCH 01/20] Add openamp to SE proxy deployment Openamp is required to communicate between secure partitions(running on Cortex-A) and trusted-firmware-m(running on Cortex-M). @@ -283,5 +283,5 @@ index 000000000000..449f35f4fda4 +set_property(TARGET openamp PROPERTY IMPORTED_LOCATION "${OPENAMP_INSTALL_DIR}/lib/${CMAKE_STATIC_LIBRARY_PREFIX}open_amp${CMAKE_STATIC_LIBRARY_SUFFIX}") +set_property(TARGET openamp PROPERTY INTERFACE_INCLUDE_DIRECTORIES "${OPENAMP_INSTALL_DIR}/include") -- -2.38.0 +2.38.1 diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0002-Implement-mhu-driver-and-the-OpenAmp-conversion-laye.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0002-Implement-mhu-driver-and-the-OpenAmp-conversion-laye.patch index 39edc9d1e3..0371a7a418 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0002-Implement-mhu-driver-and-the-OpenAmp-conversion-laye.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0002-Implement-mhu-driver-and-the-OpenAmp-conversion-laye.patch @@ -1,7 +1,7 @@ -From e4ccb92f8de94a82edd3548d62c853790ae36bd1 Mon Sep 17 00:00:00 2001 +From 28aedac78016e5063ebd675a43e6c3655f87b442 Mon Sep 17 00:00:00 2001 From: Vishnu Banavath <vishnu.banavath@arm.com> Date: Fri, 3 Dec 2021 18:00:46 +0000 -Subject: [PATCH 02/19] Implement mhu driver and the OpenAmp conversion layer. +Subject: [PATCH 02/20] Implement mhu driver and the OpenAmp conversion layer. This commit adds an mhu driver (v2.1 and v2) to the secure partition se_proxy and a conversion layer to communicate with @@ -1087,5 +1087,5 @@ index 000000000000..bb778bb9719b +# include MHU driver +include(${TS_ROOT}/platform/drivers/arm/mhu_driver/component.cmake) -- -2.38.0 +2.38.1 diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0003-Add-openamp-rpc-caller.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0003-Add-openamp-rpc-caller.patch index bf52a2382b..5686face15 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0003-Add-openamp-rpc-caller.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0003-Add-openamp-rpc-caller.patch @@ -1,7 +1,7 @@ -From e187510a814b48b7b2e477a9913ee35b68522d06 Mon Sep 17 00:00:00 2001 +From 55394c4c9681af71b1ed7f7ebc7c44b2e1737113 Mon Sep 17 00:00:00 2001 From: Vishnu Banavath <vishnu.banavath@arm.com> Date: Fri, 3 Dec 2021 19:00:54 +0000 -Subject: [PATCH 03/19] Add openamp rpc caller +Subject: [PATCH 03/20] Add openamp rpc caller Upstream-Status: Pending Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com> @@ -1192,5 +1192,5 @@ index d39873a0fe81..34fe5ff1b925 100644 # Stub service provider backends "components/rpc/dummy" -- -2.38.0 +2.38.1 diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0004-add-psa-client-definitions-for-ff-m.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0004-add-psa-client-definitions-for-ff-m.patch index 3246224560..84d418c131 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0004-add-psa-client-definitions-for-ff-m.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0004-add-psa-client-definitions-for-ff-m.patch @@ -1,7 +1,7 @@ -From 8c1bc5a7ae525d64802e2a06746f698f54cf07ca Mon Sep 17 00:00:00 2001 +From fb6d2f33e26c7b6ef88d552feca1f835da3f0df6 Mon Sep 17 00:00:00 2001 From: Vishnu Banavath <vishnu.banavath@arm.com> Date: Fri, 3 Dec 2021 19:05:18 +0000 -Subject: [PATCH 04/19] add psa client definitions for ff-m +Subject: [PATCH 04/20] add psa client definitions for ff-m Add PSA client definitions in common include to add future ff-m support. @@ -294,5 +294,5 @@ index 000000000000..aaa973c6e987 + +#endif /* __PSA_MANIFEST_SID_H__ */ -- -2.38.0 +2.38.1 diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0005-Add-common-service-component-to-ipc-support.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0005-Add-common-service-component-to-ipc-support.patch index e179fb035a..df3cb2f4c2 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0005-Add-common-service-component-to-ipc-support.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0005-Add-common-service-component-to-ipc-support.patch @@ -1,7 +1,7 @@ -From e9778f726ed582360152f150301995b10d268aae Mon Sep 17 00:00:00 2001 +From 0311fc8f131fe7a2b0f4dd9988c610fda47394aa Mon Sep 17 00:00:00 2001 From: Vishnu Banavath <vishnu.banavath@arm.com> Date: Fri, 3 Dec 2021 19:13:03 +0000 -Subject: [PATCH 05/19] Add common service component to ipc support +Subject: [PATCH 05/20] Add common service component to ipc support Add support for inter processor communication for PSA including, the openamp client side structures lib. @@ -291,5 +291,5 @@ index 34fe5ff1b925..dd0c5d00c21e 100644 "components/service/discovery/provider" "components/service/discovery/provider/serializer/packed-c" -- -2.38.0 +2.38.1 diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0006-Add-secure-storage-ipc-backend.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0006-Add-secure-storage-ipc-backend.patch index cac43ec4bc..74a83777df 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0006-Add-secure-storage-ipc-backend.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0006-Add-secure-storage-ipc-backend.patch @@ -1,7 +1,7 @@ -From 0df82487a7a253c601ca20ca1bd64fbb9ed64230 Mon Sep 17 00:00:00 2001 +From ed4371d63cb52c121be9678bc225055944286c30 Mon Sep 17 00:00:00 2001 From: Vishnu Banavath <vishnu.banavath@arm.com> Date: Fri, 3 Dec 2021 19:19:24 +0000 -Subject: [PATCH 06/19] Add secure storage ipc backend +Subject: [PATCH 06/20] Add secure storage ipc backend Add secure storage ipc ff-m implementation which may use openamp as rpc to communicate with other processor. @@ -519,5 +519,5 @@ index dd0c5d00c21e..cd51460406ca 100644 "components/service/attestation/provider" "components/service/attestation/provider/serializer/packed-c" -- -2.38.0 +2.38.1 diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0007-Use-secure-storage-ipc-and-openamp-for-se_proxy.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0007-Use-secure-storage-ipc-and-openamp-for-se_proxy.patch index 192e9768bd..ad33295d41 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0007-Use-secure-storage-ipc-and-openamp-for-se_proxy.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0007-Use-secure-storage-ipc-and-openamp-for-se_proxy.patch @@ -1,7 +1,7 @@ -From 9c7f1e6a5eb9ab887e568cfa3c2003583d387bc9 Mon Sep 17 00:00:00 2001 +From d1377a5ed909e3a1d9caca56aeda262a80322a4b Mon Sep 17 00:00:00 2001 From: Vishnu Banavath <vishnu.banavath@arm.com> Date: Fri, 3 Dec 2021 19:25:34 +0000 -Subject: [PATCH 07/19] Use secure storage ipc and openamp for se_proxy +Subject: [PATCH 07/20] Use secure storage ipc and openamp for se_proxy Remove mock up backend for secure storage in se proxy deployment and use instead the secure storage ipc backend with @@ -59,5 +59,5 @@ index acfb6e8873fa..57290056d614 100644 return secure_storage_provider_init(&ps_provider, backend); } -- -2.38.0 +2.38.1 diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0008-Run-psa-arch-test.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0008-Run-psa-arch-test.patch index ce7aacf3cd..ab57688276 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0008-Run-psa-arch-test.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0008-Run-psa-arch-test.patch @@ -1,7 +1,7 @@ -From d9169d380366afc63af5d4bf02791aeb41f47897 Mon Sep 17 00:00:00 2001 +From 1b50ab6b6ff1c6f27ab320e18fb0d4aeb1122f0d Mon Sep 17 00:00:00 2001 From: Satish Kumar <satish.kumar01@arm.com> Date: Sun, 12 Dec 2021 10:43:48 +0000 -Subject: [PATCH 08/19] Run psa-arch-test +Subject: [PATCH 08/20] Run psa-arch-test Fixes needed to run psa-arch-test @@ -68,5 +68,5 @@ index 4f6ba2a7d822..1fd6b40dc803 100644 }; -- -2.38.0 +2.38.1 diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0009-Use-address-instead-of-pointers.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0009-Use-address-instead-of-pointers.patch index ca0c9d9575..3295fa9bd9 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0009-Use-address-instead-of-pointers.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0009-Use-address-instead-of-pointers.patch @@ -1,7 +1,7 @@ -From ee767c1ae857cfcc8b4bb520b2558091e253cf94 Mon Sep 17 00:00:00 2001 +From a6fba503ffddae004e23b32559212e749e8586f6 Mon Sep 17 00:00:00 2001 From: Satish Kumar <satish.kumar01@arm.com> Date: Sun, 12 Dec 2021 10:57:17 +0000 -Subject: [PATCH 09/19] Use address instead of pointers +Subject: [PATCH 09/20] Use address instead of pointers Since secure enclave is 32bit and we 64bit there is an issue in the protocol communication design that force us to handle @@ -164,5 +164,5 @@ index a1f369db253e..bda442a61d5c 100644 (void)client_id; -- -2.38.0 +2.38.1 diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0010-Add-psa-ipc-attestation-to-se-proxy.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0010-Add-psa-ipc-attestation-to-se-proxy.patch index d47b0decf5..2d0725cb24 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0010-Add-psa-ipc-attestation-to-se-proxy.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0010-Add-psa-ipc-attestation-to-se-proxy.patch @@ -1,7 +1,7 @@ -From afdeb8e098a1f2822adf2ea83ded8dd9e2d021ba Mon Sep 17 00:00:00 2001 +From b142f3c162fb1c28982d26b5ac2181ba79197a28 Mon Sep 17 00:00:00 2001 From: Rui Miguel Silva <rui.silva@linaro.org> Date: Tue, 7 Dec 2021 11:50:00 +0000 -Subject: [PATCH 10/19] Add psa ipc attestation to se proxy +Subject: [PATCH 10/20] Add psa ipc attestation to se proxy Implement attestation client API as psa ipc and include it to se proxy deployment. @@ -16,12 +16,15 @@ Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> .../reporter/psa_ipc/psa_ipc_attest_report.c | 45 ++++++++++ components/service/common/include/psa/sid.h | 4 + .../se-proxy/common/service_proxy_factory.c | 6 ++ - deployments/se-proxy/se-proxy.cmake | 3 +- - 7 files changed, 169 insertions(+), 1 deletion(-) + deployments/se-proxy/se-proxy.cmake | 7 +- + ...ble-using-hard-coded-attestation-key.patch | 29 ------- + external/psa_arch_tests/psa_arch_tests.cmake | 4 - + 9 files changed, 171 insertions(+), 36 deletions(-) create mode 100644 components/service/attestation/client/psa_ipc/component.cmake create mode 100644 components/service/attestation/client/psa_ipc/iat_ipc_client.c create mode 100644 components/service/attestation/reporter/psa_ipc/component.cmake create mode 100644 components/service/attestation/reporter/psa_ipc/psa_ipc_attest_report.c + delete mode 100644 external/psa_arch_tests/0001-Disable-using-hard-coded-attestation-key.patch diff --git a/components/service/attestation/client/psa_ipc/component.cmake b/components/service/attestation/client/psa_ipc/component.cmake new file mode 100644 @@ -243,10 +246,10 @@ index 57290056d614..4b8cceccbe4d 100644 attest_provider_register_serializer(&attest_provider, TS_RPC_ENCODING_PACKED_C, packedc_attest_provider_serializer_instance()); diff --git a/deployments/se-proxy/se-proxy.cmake b/deployments/se-proxy/se-proxy.cmake -index cd51460406ca..38d26821d44d 100644 +index cd51460406ca..3dbbc36c968d 100644 --- a/deployments/se-proxy/se-proxy.cmake +++ b/deployments/se-proxy/se-proxy.cmake -@@ -49,12 +49,13 @@ add_components(TARGET "se-proxy" +@@ -49,14 +49,15 @@ add_components(TARGET "se-proxy" "components/service/attestation/include" "components/service/attestation/provider" "components/service/attestation/provider/serializer/packed-c" @@ -258,9 +261,63 @@ index cd51460406ca..38d26821d44d 100644 "components/rpc/dummy" "components/rpc/common/caller" - "components/service/attestation/reporter/stub" - "components/service/attestation/key_mngr/stub" - "components/service/crypto/backend/stub" +- "components/service/attestation/key_mngr/stub" +- "components/service/crypto/backend/stub" ++ "components/service/attestation/key_mngr/local" ++ "components/service/crypto/backend/psa_ipc" "components/service/crypto/client/psa" + "components/service/secure_storage/backend/mock_store" + ) +diff --git a/external/psa_arch_tests/0001-Disable-using-hard-coded-attestation-key.patch b/external/psa_arch_tests/0001-Disable-using-hard-coded-attestation-key.patch +deleted file mode 100644 +index 6664961ab662..000000000000 +--- a/external/psa_arch_tests/0001-Disable-using-hard-coded-attestation-key.patch ++++ /dev/null +@@ -1,29 +0,0 @@ +-From dbd25f94eb62a9855bf342dd97503a49ea50f83e Mon Sep 17 00:00:00 2001 +-From: Gyorgy Szing <Gyorgy.Szing@arm.com> +-Date: Tue, 8 Feb 2022 17:06:37 +0000 +-Subject: [PATCH 1/1] Disable using hard-coded attestation key +- +-Modify platform config to disable using a hard-coded attestation +-key. +- +-Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com> +---- +- api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_config.h | 2 +- +- 1 file changed, 1 insertion(+), 1 deletion(-) +- +-diff --git a/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_config.h b/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_config.h +-index 6112ba7..1cdf581 100755 +---- a/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_config.h +-+++ b/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_config.h +-@@ -60,7 +60,7 @@ typedef uint32_t cfg_id_t; +- #define CRYPTO_VERSION_BETA3 +- +- /* Use hardcoded public key */ +--#define PLATFORM_OVERRIDE_ATTEST_PK +-+//#define PLATFORM_OVERRIDE_ATTEST_PK +- +- /* +- * Include of PSA defined Header files +--- +-2.17.1 +- +diff --git a/external/psa_arch_tests/psa_arch_tests.cmake b/external/psa_arch_tests/psa_arch_tests.cmake +index a8b77a1fc05e..1995df3e0b49 100644 +--- a/external/psa_arch_tests/psa_arch_tests.cmake ++++ b/external/psa_arch_tests/psa_arch_tests.cmake +@@ -15,10 +15,6 @@ set(GIT_OPTIONS + GIT_REPOSITORY ${PSA_ARCH_TESTS_URL} + GIT_TAG ${PSA_ARCH_TESTS_REFSPEC} + GIT_SHALLOW FALSE +- PATCH_COMMAND git stash +- COMMAND git tag -f ts-before-am +- COMMAND git am ${CMAKE_CURRENT_LIST_DIR}/0001-Disable-using-hard-coded-attestation-key.patch +- COMMAND git reset ts-before-am + ) + + # Ensure list of defines is separated correctly -- -2.38.0 +2.38.1 diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0011-Setup-its-backend-as-openamp-rpc-using-secure-storag.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0011-Setup-its-backend-as-openamp-rpc-using-secure-storag.patch index 988fbbecdd..5803cc17dc 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0011-Setup-its-backend-as-openamp-rpc-using-secure-storag.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0011-Setup-its-backend-as-openamp-rpc-using-secure-storag.patch @@ -1,7 +1,7 @@ -From 94770f9660154bb1157e19c11fb706889a81ae73 Mon Sep 17 00:00:00 2001 +From 4240977f7c38950f5edb316bb08ae05cb7b99875 Mon Sep 17 00:00:00 2001 From: Satish Kumar <satish.kumar01@arm.com> Date: Thu, 9 Dec 2021 14:11:06 +0000 -Subject: [PATCH 11/19] Setup its backend as openamp rpc using secure storage +Subject: [PATCH 11/20] Setup its backend as openamp rpc using secure storage ipc implementation. Upstream-Status: Pending @@ -159,5 +159,5 @@ index 4b8cceccbe4d..1110ac46bf8b 100644 + return secure_storage_provider_init(&its_provider, backend); } -- -2.38.0 +2.38.1 diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0012-add-psa-ipc-crypto-backend.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0012-add-psa-ipc-crypto-backend.patch index fdc39b0d3c..67ea7b8c56 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0012-add-psa-ipc-crypto-backend.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0012-add-psa-ipc-crypto-backend.patch @@ -1,7 +1,7 @@ -From 896b5009bb07c4b53541290e1712856063411107 Mon Sep 17 00:00:00 2001 +From 0b5d96b1a9f927dc141047600edf2249af7022c5 Mon Sep 17 00:00:00 2001 From: Rui Miguel Silva <rui.silva@linaro.org> Date: Thu, 9 Dec 2021 14:17:39 +0000 -Subject: [PATCH 12/19] add psa ipc crypto backend +Subject: [PATCH 12/20] add psa ipc crypto backend Add psa ipc crypto backend and attach it to se proxy deployment. @@ -36,9 +36,8 @@ Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> .../crypto/include/psa/crypto_client_struct.h | 8 +- .../service/crypto/include/psa/crypto_sizes.h | 2 +- .../se-proxy/common/service_proxy_factory.c | 15 +- - deployments/se-proxy/se-proxy.cmake | 2 +- .../providers/arm/corstone1000/platform.cmake | 2 + - 29 files changed, 2293 insertions(+), 11 deletions(-) + 28 files changed, 2292 insertions(+), 10 deletions(-) create mode 100644 components/service/crypto/backend/psa_ipc/component.cmake create mode 100644 components/service/crypto/backend/psa_ipc/crypto_ipc_backend.c create mode 100644 components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h @@ -2556,19 +2555,6 @@ index 1110ac46bf8b..7edeef8b434a 100644 return crypto_iface; } -diff --git a/deployments/se-proxy/se-proxy.cmake b/deployments/se-proxy/se-proxy.cmake -index 38d26821d44d..f647190d9559 100644 ---- a/deployments/se-proxy/se-proxy.cmake -+++ b/deployments/se-proxy/se-proxy.cmake -@@ -57,7 +57,7 @@ add_components(TARGET "se-proxy" - "components/rpc/dummy" - "components/rpc/common/caller" - "components/service/attestation/key_mngr/stub" -- "components/service/crypto/backend/stub" -+ "components/service/crypto/backend/psa_ipc" - "components/service/crypto/client/psa" - "components/service/secure_storage/backend/mock_store" - ) diff --git a/platform/providers/arm/corstone1000/platform.cmake b/platform/providers/arm/corstone1000/platform.cmake index bb778bb9719b..51e5faa3e4d8 100644 --- a/platform/providers/arm/corstone1000/platform.cmake @@ -2580,5 +2566,5 @@ index bb778bb9719b..51e5faa3e4d8 100644 + +add_compile_definitions(MBEDTLS_ECP_DP_SECP521R1_ENABLED) -- -2.38.0 +2.38.1 diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0013-Add-stub-capsule-update-service-components.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0013-Add-stub-capsule-update-service-components.patch index 1a6e8f50f1..0040e12727 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0013-Add-stub-capsule-update-service-components.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0013-Add-stub-capsule-update-service-components.patch @@ -1,7 +1,7 @@ -From 6b8ebdeb8caa6326ae2a4befaf4410a7a54d4e02 Mon Sep 17 00:00:00 2001 +From 050be6fdfee656b0556766cc1db30f4c0ea87c79 Mon Sep 17 00:00:00 2001 From: Julian Hall <julian.hall@arm.com> Date: Tue, 12 Oct 2021 15:45:41 +0100 -Subject: [PATCH 13/19] Add stub capsule update service components +Subject: [PATCH 13/20] Add stub capsule update service components To facilitate development of a capsule update service provider, stub components are added to provide a starting point for an @@ -338,7 +338,7 @@ index 298d407a2371..02aa7fe2550d 100644 #ifdef __cplusplus } diff --git a/deployments/se-proxy/se-proxy.cmake b/deployments/se-proxy/se-proxy.cmake -index f647190d9559..e35b0d0f610d 100644 +index 3dbbc36c968d..f0db2d43f443 100644 --- a/deployments/se-proxy/se-proxy.cmake +++ b/deployments/se-proxy/se-proxy.cmake @@ -51,6 +51,7 @@ add_components(TARGET "se-proxy" @@ -432,5 +432,5 @@ index 000000000000..285d924186be + +#endif /* CAPSULE_UPDATE_PARAMETERS_H */ -- -2.38.0 +2.38.1 diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0014-Configure-storage-size.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0014-Configure-storage-size.patch index 52c793cc12..22b1da6906 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0014-Configure-storage-size.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0014-Configure-storage-size.patch @@ -1,7 +1,7 @@ -From a71b26f867f1b4a08285d6da82528de6a54321f2 Mon Sep 17 00:00:00 2001 +From 229ec29154a4404426ad3083af68ca111a214e13 Mon Sep 17 00:00:00 2001 From: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com> Date: Thu, 16 Dec 2021 21:31:40 +0000 -Subject: [PATCH 14/19] Configure storage size +Subject: [PATCH 14/20] Configure storage size Upstream-Status: Pending Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> @@ -10,7 +10,7 @@ Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/components/service/smm_variable/backend/uefi_variable_store.c b/components/service/smm_variable/backend/uefi_variable_store.c -index 715ccc3cb546..aeb8a22062b7 100644 +index 611e2e225c6b..6c3b9ed81c25 100644 --- a/components/service/smm_variable/backend/uefi_variable_store.c +++ b/components/service/smm_variable/backend/uefi_variable_store.c @@ -88,6 +88,7 @@ static efi_status_t check_name_terminator( @@ -38,5 +38,5 @@ index 715ccc3cb546..aeb8a22062b7 100644 context->owner_id = owner_id; -- -2.38.0 +2.38.1 diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0015-Fix-Crypto-interface-structure-aligned-with-tf-m-cha.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0015-Fix-Crypto-interface-structure-aligned-with-tf-m-cha.patch index a8f5559d10..426f2ca5c4 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0015-Fix-Crypto-interface-structure-aligned-with-tf-m-cha.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0015-Fix-Crypto-interface-structure-aligned-with-tf-m-cha.patch @@ -1,7 +1,7 @@ -From 3cc9c417f12f005244530d8d706a6b7f3be35627 Mon Sep 17 00:00:00 2001 +From cf83184500703f9b4f2ac04be59cc7d624d8fd66 Mon Sep 17 00:00:00 2001 From: Satish Kumar <satish.kumar01@arm.com> Date: Sun, 13 Feb 2022 09:01:10 +0000 -Subject: [PATCH 15/19] Fix: Crypto interface structure aligned with tf-m +Subject: [PATCH 15/20] Fix: Crypto interface structure aligned with tf-m change. NO NEED TO RAISE PR: The PR for this FIX is raied by Emek. @@ -27,5 +27,5 @@ index c13c20e84131..ec25eaf868c7 100644 * AEAD until the API is * restructured -- -2.38.0 +2.38.1 diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0016-Integrate-remaining-psa-ipc-client-APIs.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0016-Integrate-remaining-psa-ipc-client-APIs.patch index a0911970e6..a59d140023 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0016-Integrate-remaining-psa-ipc-client-APIs.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0016-Integrate-remaining-psa-ipc-client-APIs.patch @@ -1,7 +1,7 @@ -From c54afe45c1be25c4819b0f762cf03a24e6343ce5 Mon Sep 17 00:00:00 2001 +From 551d8722769fa2f2d2ac74adcb289333a9b03598 Mon Sep 17 00:00:00 2001 From: Satish Kumar <satish.kumar01@arm.com> Date: Sun, 13 Feb 2022 09:49:51 +0000 -Subject: [PATCH 16/19] Integrate remaining psa-ipc client APIs. +Subject: [PATCH 16/20] Integrate remaining psa-ipc client APIs. Upstream-Status: Pending Signed-off-by: Satish Kumar <satish.kumar01@arm.com> @@ -490,5 +490,5 @@ index e16f6e5450af..cc9279ee79f2 100644 } #endif -- -2.38.0 +2.38.1 diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0017-Fix-update-psa_set_key_usage_flags-definition-to-the.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0017-Fix-update-psa_set_key_usage_flags-definition-to-the.patch index e7c1dc33f8..4adcd90a5f 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0017-Fix-update-psa_set_key_usage_flags-definition-to-the.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0017-Fix-update-psa_set_key_usage_flags-definition-to-the.patch @@ -1,7 +1,7 @@ -From b1ff44c650ae82f364a2f74059eeb280996dc4f8 Mon Sep 17 00:00:00 2001 +From 5a5e162e17c9decb04b3b2905a0fb604e8f06e91 Mon Sep 17 00:00:00 2001 From: Satish Kumar <satish.kumar01@arm.com> Date: Mon, 14 Feb 2022 17:52:00 +0000 -Subject: [PATCH 17/19] Fix : update psa_set_key_usage_flags definition to the +Subject: [PATCH 17/20] Fix : update psa_set_key_usage_flags definition to the latest from the tf-m Upstream-Status: Pending @@ -36,5 +36,5 @@ index 1bc55e375eea..b4a7ed4b39d3 100644 } -- -2.38.0 +2.38.1 diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0018-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0018-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch index 9ab1157ead..c1598a9e11 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0018-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0018-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch @@ -1,11 +1,10 @@ -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com> - -From a1da63a8c4d55d52321608a72129af49e0a498b2 Mon Sep 17 00:00:00 2001 +From 1a4d46fdc0b5745b9cfb0789e4b778111bd6dbbb Mon Sep 17 00:00:00 2001 From: Satish Kumar <satish.kumar01@arm.com> Date: Mon, 14 Feb 2022 08:22:25 +0000 -Subject: [PATCH 18/19] Fixes in AEAD for psa-arch test 54 and 58. +Subject: [PATCH 18/20] Fixes in AEAD for psa-arch test 54 and 58. +Upstream-Status: Pending [Not submitted to upstream yet] +Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com> Signed-off-by: Satish Kumar <satish.kumar01@arm.com> Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> --- @@ -118,5 +117,5 @@ index 0be266b52403..435fd3b523ce 100644 /* Variable length input parameter tags */ -- -2.38.0 +2.38.1 diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0019-plat-corstone1000-change-default-smm-values.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0019-plat-corstone1000-change-default-smm-values.patch index 984e2977d2..02c89d895e 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0019-plat-corstone1000-change-default-smm-values.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0019-plat-corstone1000-change-default-smm-values.patch @@ -1,7 +1,7 @@ -From 07ad7e1f7ba06045bf331d5b73a6adf38a098fb7 Mon Sep 17 00:00:00 2001 +From c519bae79629bfe551d79cfeb4e7d8a059545145 Mon Sep 17 00:00:00 2001 From: Rui Miguel Silva <rui.silva@linaro.org> Date: Tue, 11 Oct 2022 10:46:10 +0100 -Subject: [PATCH 19/19] plat: corstone1000: change default smm values +Subject: [PATCH 19/20] plat: corstone1000: change default smm values Smm gateway uses SE proxy to route the calls for any NV storage so set the NV_STORE_SN. @@ -33,5 +33,5 @@ index 51e5faa3e4d8..04b629a81906 100644 + SMM_GATEWAY_MAX_UEFI_VARIABLES=100 +) -- -2.38.0 +2.38.1 diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0020-FMP-Support-in-Corstone1000.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0020-FMP-Support-in-Corstone1000.patch index 79429c7747..ce40df0fd8 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0020-FMP-Support-in-Corstone1000.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0020-FMP-Support-in-Corstone1000.patch @@ -1,7 +1,7 @@ -From 6430bf31a25a1ef67e9141f85dbd070feb0d1a1e Mon Sep 17 00:00:00 2001 +From 70cf374fb55f2d62ecbe28049253df33b42b6749 Mon Sep 17 00:00:00 2001 From: Satish Kumar <satish.kumar01@arm.com> Date: Fri, 8 Jul 2022 09:48:06 +0100 -Subject: [PATCH] FMP Support in Corstone1000. +Subject: [PATCH 20/20] FMP Support in Corstone1000. The FMP support is used by u-boot to pupolate ESRT information for the kernel. @@ -11,6 +11,7 @@ The solution is platform specific and needs to be revisted. Signed-off-by: Satish Kumar <satish.kumar01@arm.com> Upstream-Status: Inappropriate [The solution is platform specific and needs to be revisted] +Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> --- .../provider/capsule_update_provider.c | 5 + .../capsule_update/provider/component.cmake | 1 + @@ -21,7 +22,7 @@ Upstream-Status: Inappropriate [The solution is platform specific and needs to b create mode 100644 components/service/capsule_update/provider/corstone1000_fmp_service.h diff --git a/components/service/capsule_update/provider/capsule_update_provider.c b/components/service/capsule_update/provider/capsule_update_provider.c -index 9bbd7abc..871d6bcf 100644 +index e133753f8560..991a2235cd73 100644 --- a/components/service/capsule_update/provider/capsule_update_provider.c +++ b/components/service/capsule_update/provider/capsule_update_provider.c @@ -11,6 +11,7 @@ @@ -58,7 +59,7 @@ index 9bbd7abc..871d6bcf 100644 default: EMSG("%s unsupported opcode", __func__); diff --git a/components/service/capsule_update/provider/component.cmake b/components/service/capsule_update/provider/component.cmake -index 1d412eb2..6b060149 100644 +index 1d412eb234d9..6b0601494938 100644 --- a/components/service/capsule_update/provider/component.cmake +++ b/components/service/capsule_update/provider/component.cmake @@ -10,4 +10,5 @@ endif() @@ -69,7 +70,7 @@ index 1d412eb2..6b060149 100644 ) diff --git a/components/service/capsule_update/provider/corstone1000_fmp_service.c b/components/service/capsule_update/provider/corstone1000_fmp_service.c new file mode 100644 -index 00000000..6a7a47a7 +index 000000000000..6a7a47a7ed99 --- /dev/null +++ b/components/service/capsule_update/provider/corstone1000_fmp_service.c @@ -0,0 +1,307 @@ @@ -382,7 +383,7 @@ index 00000000..6a7a47a7 +} diff --git a/components/service/capsule_update/provider/corstone1000_fmp_service.h b/components/service/capsule_update/provider/corstone1000_fmp_service.h new file mode 100644 -index 00000000..95fba2a0 +index 000000000000..95fba2a04d5c --- /dev/null +++ b/components/service/capsule_update/provider/corstone1000_fmp_service.h @@ -0,0 +1,26 @@ @@ -413,5 +414,5 @@ index 00000000..95fba2a0 + +#endif /* CORSTONE1000_FMP_SERVICE_H */ -- -2.17.1 +2.38.1 diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0021-smm_gateway-add-checks-for-null-attributes.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0021-smm_gateway-add-checks-for-null-attributes.patch new file mode 100644 index 0000000000..87c053fcc6 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0021-smm_gateway-add-checks-for-null-attributes.patch @@ -0,0 +1,35 @@ +From 6d3cac6f3a6e977e9330c9c06514a372ade170a2 Mon Sep 17 00:00:00 2001 +From: Emekcan <emekcan.aras@arm.com> +Date: Wed, 2 Nov 2022 09:58:27 +0000 +Subject: [PATCH] smm_gateway: add checks for null attributes + +As par EDK-2 and EDK-2 test code, setVariable() with 0 +attributes means a delete variable request. Currently, +smm gatway doesn't handle this scenario. This commit adds +that support. + +Upstream-Status: Pending +Signed-off-by: Emekcan Aras <emekcan.aras@arm.com> +--- + components/service/smm_variable/backend/uefi_variable_store.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/components/service/smm_variable/backend/uefi_variable_store.c b/components/service/smm_variable/backend/uefi_variable_store.c +index 6c3b9ed8..a691dc5d 100644 +--- a/components/service/smm_variable/backend/uefi_variable_store.c ++++ b/components/service/smm_variable/backend/uefi_variable_store.c +@@ -202,9 +202,9 @@ efi_status_t uefi_variable_store_set_variable( + if (info->is_variable_set) { + + /* It's a request to update to an existing variable */ +- if (!(var->Attributes & ++ if (!(var->Attributes) || (!(var->Attributes & + (EFI_VARIABLE_APPEND_WRITE | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS_MASK)) && +- !var->DataSize) { ++ !var->DataSize)) { + + /* It's a remove operation - for a remove, the variable + * data must be removed from the storage backend before +-- +2.17.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0022-GetNextVariableName-Fix.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0022-GetNextVariableName-Fix.patch new file mode 100644 index 0000000000..ed4e6e27a3 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0022-GetNextVariableName-Fix.patch @@ -0,0 +1,33 @@ +From 2aa665ad2cb13bc79b645db41686449a47593aab Mon Sep 17 00:00:00 2001 +From: Emekcan <emekcan.aras@arm.com> +Date: Thu, 3 Nov 2022 17:43:40 +0000 +Subject: [PATCH] smm_gateway: GetNextVariableName Fix + +GetNextVariableName() should return EFI_BUFFER_TOO_SMALL +when NameSize is smaller than the actual NameSize. It +currently returns EFI_BUFFER_OUT_OF_RESOURCES due to setting +max_name_len incorrectly. This fixes max_name_len error by +replacing it with actual NameSize request by u-boot. + +Upstream-Status: Pending +Signed-off-by: Emekcan Aras <emekcan.aras@arm.com> +--- + .../service/smm_variable/provider/smm_variable_provider.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/components/service/smm_variable/provider/smm_variable_provider.c b/components/service/smm_variable/provider/smm_variable_provider.c +index a9679b7e..6a4b6fa7 100644 +--- a/components/service/smm_variable/provider/smm_variable_provider.c ++++ b/components/service/smm_variable/provider/smm_variable_provider.c +@@ -197,7 +197,7 @@ static rpc_status_t get_next_variable_name_handler(void *context, struct call_re + efi_status = uefi_variable_store_get_next_variable_name( + &this_instance->variable_store, + (SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME*)resp_buf->data, +- max_name_len, ++ ((SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME*)resp_buf->data)->NameSize, + &resp_buf->data_len); + } + else { +-- +2.17.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/ts-psa-crypto-api-test/0001-corstone1000-port-crypto-config.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/psa-apitest/0001-corstone1000-port-crypto-config.patch index c7289562bd..c7289562bd 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/ts-psa-crypto-api-test/0001-corstone1000-port-crypto-config.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/psa-apitest/0001-corstone1000-port-crypto-config.patch diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/libts_git.bbappend b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/libts_git.bbappend new file mode 100644 index 0000000000..a885d38797 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/libts_git.bbappend @@ -0,0 +1,10 @@ +MACHINE_TS_REQUIRE ?= "" +MACHINE_TS_REQUIRE:corstone1000 = "ts-corstone1000.inc" + +require ${MACHINE_TS_REQUIRE} + + +EXTRA_OECMAKE:append:corstone1000 = "-DMM_COMM_BUFFER_ADDRESS=0x02000000 \ + -DMM_COMM_BUFFER_PAGE_COUNT=1 \ + " + diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-corstone1000.inc b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-corstone1000.inc index 03f7dff2ef..e97fb5937a 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-corstone1000.inc +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-corstone1000.inc @@ -1,29 +1,26 @@ FILESEXTRAPATHS:prepend := "${THISDIR}/corstone1000:" -SRC_URI:append = " \ - file://0001-Add-openamp-to-SE-proxy-deployment.patch \ - file://0002-Implement-mhu-driver-and-the-OpenAmp-conversion-laye.patch \ - file://0003-Add-openamp-rpc-caller.patch \ - file://0004-add-psa-client-definitions-for-ff-m.patch \ - file://0005-Add-common-service-component-to-ipc-support.patch \ - file://0006-Add-secure-storage-ipc-backend.patch \ - file://0007-Use-secure-storage-ipc-and-openamp-for-se_proxy.patch \ - file://0008-Run-psa-arch-test.patch \ - file://0009-Use-address-instead-of-pointers.patch \ - file://0010-Add-psa-ipc-attestation-to-se-proxy.patch \ - file://0011-Setup-its-backend-as-openamp-rpc-using-secure-storag.patch \ - file://0012-add-psa-ipc-crypto-backend.patch \ - file://0013-Add-stub-capsule-update-service-components.patch \ - file://0014-Configure-storage-size.patch \ - file://0015-Fix-Crypto-interface-structure-aligned-with-tf-m-cha.patch \ - file://0016-Integrate-remaining-psa-ipc-client-APIs.patch \ - file://0017-Fix-update-psa_set_key_usage_flags-definition-to-the.patch \ - file://0018-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch \ - file://0019-plat-corstone1000-change-default-smm-values.patch \ - file://0020-FMP-Support-in-Corstone1000.patch \ - " - - -EXTRA_OECMAKE:append = "-DMM_COMM_BUFFER_ADDRESS="0x00000000 0x02000000" \ - -DMM_COMM_BUFFER_PAGE_COUNT="1" \ +SRC_URI:append:corstone1000 = " \ + file://0001-Add-openamp-to-SE-proxy-deployment.patch;patchdir=../trusted-services \ + file://0002-Implement-mhu-driver-and-the-OpenAmp-conversion-laye.patch;patchdir=../trusted-services \ + file://0003-Add-openamp-rpc-caller.patch;patchdir=../trusted-services \ + file://0004-add-psa-client-definitions-for-ff-m.patch;patchdir=../trusted-services \ + file://0005-Add-common-service-component-to-ipc-support.patch;patchdir=../trusted-services \ + file://0006-Add-secure-storage-ipc-backend.patch;patchdir=../trusted-services \ + file://0007-Use-secure-storage-ipc-and-openamp-for-se_proxy.patch;patchdir=../trusted-services \ + file://0008-Run-psa-arch-test.patch;patchdir=../trusted-services \ + file://0009-Use-address-instead-of-pointers.patch;patchdir=../trusted-services \ + file://0010-Add-psa-ipc-attestation-to-se-proxy.patch;patchdir=../trusted-services \ + file://0011-Setup-its-backend-as-openamp-rpc-using-secure-storag.patch;patchdir=../trusted-services;patchdir=../trusted-services \ + file://0012-add-psa-ipc-crypto-backend.patch;patchdir=../trusted-services \ + file://0013-Add-stub-capsule-update-service-components.patch;patchdir=../trusted-services \ + file://0014-Configure-storage-size.patch;patchdir=../trusted-services \ + file://0015-Fix-Crypto-interface-structure-aligned-with-tf-m-cha.patch;patchdir=../trusted-services;patchdir=../trusted-services \ + file://0016-Integrate-remaining-psa-ipc-client-APIs.patch;patchdir=../trusted-services \ + file://0017-Fix-update-psa_set_key_usage_flags-definition-to-the.patch;patchdir=../trusted-services;patchdir=../trusted-services \ + file://0018-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch;patchdir=../trusted-services \ + file://0019-plat-corstone1000-change-default-smm-values.patch;patchdir=../trusted-services \ + file://0020-FMP-Support-in-Corstone1000.patch;patchdir=../trusted-services \ + file://0021-smm_gateway-add-checks-for-null-attributes.patch;patchdir=../trusted-services \ + file://0022-GetNextVariableName-Fix.patch;patchdir=../trusted-services \ " diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-api-test.inc b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-api-test.inc new file mode 100644 index 0000000000..50ff960df5 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-api-test.inc @@ -0,0 +1,7 @@ +FILESEXTRAPATHS:prepend := "${THISDIR}/corstone1000/psa-apitest:" + +include ts-corstone1000.inc + +SRC_URI:append:corstone1000 = " \ + file://0001-corstone1000-port-crypto-config.patch;patchdir=../psatest \ + " diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-crypto-api-test_git.bbappend b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-crypto-api-test_git.bbappend index 6595c92a28..ea49213e89 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-crypto-api-test_git.bbappend +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-crypto-api-test_git.bbappend @@ -1,7 +1 @@ -FILESEXTRAPATHS:prepend := "${THISDIR}/corstone1000:" -FILESEXTRAPATHS:prepend := "${THISDIR}/corstone1000/${PN}:" - -SRC_URI:append:corstone1000 = " \ - file://0001-corstone1000-port-crypto-config.patch;patchdir=../psatest \ - file://0018-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch;patchdir=../trusted-services \ - " +require ts-psa-api-test.inc diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-iat-api-test_git.bbappend b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-iat-api-test_git.bbappend new file mode 100644 index 0000000000..ea49213e89 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-iat-api-test_git.bbappend @@ -0,0 +1 @@ +require ts-psa-api-test.inc diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-its-api-test_git.bbappend b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-its-api-test_git.bbappend new file mode 100644 index 0000000000..ea49213e89 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-its-api-test_git.bbappend @@ -0,0 +1 @@ +require ts-psa-api-test.inc diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-ps-api-test_git.bbappend b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-ps-api-test_git.bbappend new file mode 100644 index 0000000000..ea49213e89 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-ps-api-test_git.bbappend @@ -0,0 +1 @@ +require ts-psa-api-test.inc diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-se-proxy_%.bbappend b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-se-proxy_%.bbappend index 8a37a28175..f39d2395f5 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-se-proxy_%.bbappend +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-se-proxy_%.bbappend @@ -2,3 +2,8 @@ MACHINE_TS_REQUIRE ?= "" MACHINE_TS_REQUIRE:corstone1000 = "ts-corstone1000.inc" require ${MACHINE_TS_REQUIRE} + +EXTRA_OECMAKE:append:corstone1000 = " -DMM_COMM_BUFFER_ADDRESS="0x00000000 0x02000000" \ + -DMM_COMM_BUFFER_PAGE_COUNT="1" \ + " + diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-smm-gateway_%.bbappend b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-smm-gateway_%.bbappend index 8a37a28175..f39d2395f5 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-smm-gateway_%.bbappend +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-smm-gateway_%.bbappend @@ -2,3 +2,8 @@ MACHINE_TS_REQUIRE ?= "" MACHINE_TS_REQUIRE:corstone1000 = "ts-corstone1000.inc" require ${MACHINE_TS_REQUIRE} + +EXTRA_OECMAKE:append:corstone1000 = " -DMM_COMM_BUFFER_ADDRESS="0x00000000 0x02000000" \ + -DMM_COMM_BUFFER_PAGE_COUNT="1" \ + " + |