From fc7e7973f3119e2bad511209aa336537dc5ffbed Mon Sep 17 00:00:00 2001 From: Andrew Geissler Date: Mon, 11 Sep 2023 08:24:07 -0400 Subject: subtree updates meta-security: b9bc938785..1856a7cf43: Armin Kuster (1): scap-security-guide: update to 0.1.69+ Lei Maohui (2): paxctl: Fix do_package QA Issue. ccs-tools: Fix do_package QA Issue. Martin Jansa (1): layer.conf: update LAYERSERIES_COMPAT for nanbield Yi Zhao (1): scap-security-guide: pass the correct cpe/schemas/xsl paths to oscap meta-arm: 992c07f7c0..bd0953cc60: Abdellatif El Khlifi (1): arm-bsp/u-boot: corstone1000: detect the kernel size automatically Anusmita Dutta Mazumder (5): arm-bsp/u-boot: corstone1000: add unique firmware GUID arm-bsp/trusted-firmware-m: corstone1000: add unique firmware GUID arm-bsp/scp-firmware: Update N1SDP scp-firmware version arm-bsp/n1sdp: Enable tests with pseudo trusted application CI: Build custom image for N1SDP optee-xtest Delane Brandy (1): arm-bsp/corstone1000: mmc2-enablement Emekcan Aras (2): arm-bsp/trusted-firmware-a: corstone1000: Update TF-A v2.9 arm-bsp/optee-os: corstone1000: Update optee-os v3.22 Javier Tia (1): optee-client: Add path condition to tee-supplicant.service Jon Mason (14): arm/trusted-firmware-a: update to 2.9.0 arm-bsp/juno: update kernel to 6.4 arm/linux-yocto: change defconfig patch for 6.4 arm/hafnium: update to v2.8 arm/linux-yocto: update kernel patches arm/trusted-services: add SRCREV_FORMAT arm-bsp/tc1: update optee arm-bsp/fvp-baser-aemv8r64: update u-boot to 2023.01 arm-bsp/corstone500: upgrade u-boot to the latest arm-bsp/corstone500: removal of support arm: patch clean-ups arm/edk2: update to 202305 version arm/sbsa-acs: update to v7.1.2 arm-bsp/trusted-firmware-a: remove unneeded patches Mariam Elshakfy (2): arm-bsp/trusted-firmware-a: Update TF-A version for N1SDP arm-bsp/n1sdp: Update edk2-firmware version for N1SDP to 202305 Ross Burton (3): kas/: pass through DISPLAY from environment Remove explicit SRCPV arm-bsp/external-system: set PACKAGE_ARCH as this is machine-specific meta-raspberrypi: 5e2f79a6fa..6501ec892c: Andrei Gherzan (2): ci: Add usrmerge to distro features docs: Fix documentation theme Sangmo Kang (1): omxplayer: fix an error caused by new srcrev fetcher API Signed-off-by: Andrew Geissler --- .../0001-Fix-FF-A-version-in-SPMC-manifest.patch | 11 ++----- ...stone1000-bl2-loads-fip-based-on-metadata.patch | 24 ++++++-------- ...ix-corstone1000-add-cpuhelper-to-makefile.patch | 28 ++++++++++++++++ .../trusted-firmware-a/files/rwx-segments.patch | 38 ++++++++++++++++++++++ .../files/tf-a-tests-no-warn-rwx-segments.patch | 26 +++++++++++++++ 5 files changed, 105 insertions(+), 22 deletions(-) create mode 100644 meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0004-fix-corstone1000-add-cpuhelper-to-makefile.patch create mode 100644 meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/rwx-segments.patch create mode 100644 meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/tf-a-tests-no-warn-rwx-segments.patch (limited to 'meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files') diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0001-Fix-FF-A-version-in-SPMC-manifest.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0001-Fix-FF-A-version-in-SPMC-manifest.patch index 016de8d3de..6d5114e1c1 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0001-Fix-FF-A-version-in-SPMC-manifest.patch +++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0001-Fix-FF-A-version-in-SPMC-manifest.patch @@ -1,7 +1,4 @@ -Upstream-Status: Inappropriate -Signed-off-by: Emekcan Aras - -From a31aee0988ef64724ec5866f10709f51f8cb3237 Mon Sep 17 00:00:00 2001 +From adaa22bc2f529bb34e9d4fe89ff5c65f0c83ca0c Mon Sep 17 00:00:00 2001 From: emeara01 Date: Wed, 11 May 2022 14:37:06 +0100 Subject: [PATCH] Fix FF-A version in SPMC manifest @@ -11,13 +8,14 @@ This commit corrects the FF-A version in corstone1000_spmc_manifest.dts. This patch will not be upstreamed and will be dropped once OPTEE version is updated for Corstone1000. +Upstream-Status: Inappropriate Signed-off-by: Emekcan Aras --- .../corstone1000/common/fdts/corstone1000_spmc_manifest.dts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plat/arm/board/corstone1000/common/fdts/corstone1000_spmc_manifest.dts b/plat/arm/board/corstone1000/common/fdts/corstone1000_spmc_manifest.dts -index 8e49ab83f..5baa1b115 100644 +index 8e49ab83f76a..5baa1b115b2e 100644 --- a/plat/arm/board/corstone1000/common/fdts/corstone1000_spmc_manifest.dts +++ b/plat/arm/board/corstone1000/common/fdts/corstone1000_spmc_manifest.dts @@ -20,7 +20,7 @@ @@ -29,6 +27,3 @@ index 8e49ab83f..5baa1b115 100644 exec_state = <0x0>; load_address = <0x0 0x2002000>; entrypoint = <0x0 0x2002000>; --- -2.17.1 - diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0002-feat-corstone1000-bl2-loads-fip-based-on-metadata.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0002-feat-corstone1000-bl2-loads-fip-based-on-metadata.patch index d834e95bd7..e26fd34e86 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0002-feat-corstone1000-bl2-loads-fip-based-on-metadata.patch +++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0002-feat-corstone1000-bl2-loads-fip-based-on-metadata.patch @@ -1,4 +1,4 @@ -From 360aa32846a97e775750e06865d462c6258179fa Mon Sep 17 00:00:00 2001 +From fa7ab9b40babee29d2aadb267dfce7a96f8989d4 Mon Sep 17 00:00:00 2001 From: Mohamed Omar Asaker Date: Mon, 9 Jan 2023 13:59:06 +0000 Subject: [PATCH] feat(corstone1000): bl2 loads fip based on metadata @@ -15,7 +15,6 @@ image starts at fip partition + fip signature area size. Upstream-Status: Pending Signed-off-by: Mohamed Omar Asaker - --- bl2/bl2_main.c | 4 +++ .../corstone1000/common/corstone1000_plat.c | 32 ++++++------------- @@ -25,10 +24,10 @@ Signed-off-by: Mohamed Omar Asaker 5 files changed, 24 insertions(+), 32 deletions(-) diff --git a/bl2/bl2_main.c b/bl2/bl2_main.c -index 5da803795..f25dc3029 100644 +index ce83692e0ebc..1a9febc007b2 100644 --- a/bl2/bl2_main.c +++ b/bl2/bl2_main.c -@@ -86,6 +86,10 @@ void bl2_main(void) +@@ -87,6 +87,10 @@ void bl2_main(void) /* Perform remaining generic architectural setup in S-EL1 */ bl2_arch_setup(); @@ -40,7 +39,7 @@ index 5da803795..f25dc3029 100644 fwu_init(); #endif /* PSA_FWU_SUPPORT */ diff --git a/plat/arm/board/corstone1000/common/corstone1000_plat.c b/plat/arm/board/corstone1000/common/corstone1000_plat.c -index 0235f8b84..7f9708a82 100644 +index 0235f8b8474c..7f9708a82489 100644 --- a/plat/arm/board/corstone1000/common/corstone1000_plat.c +++ b/plat/arm/board/corstone1000/common/corstone1000_plat.c @@ -33,36 +33,17 @@ const mmap_region_t plat_arm_mmap[] = { @@ -98,7 +97,7 @@ index 0235f8b84..7f9708a82 100644 * is no power control present */ diff --git a/plat/arm/board/corstone1000/common/include/platform_def.h b/plat/arm/board/corstone1000/common/include/platform_def.h -index 584d485f3..0bfab05a4 100644 +index 584d485f3ea7..0bfab05a482b 100644 --- a/plat/arm/board/corstone1000/common/include/platform_def.h +++ b/plat/arm/board/corstone1000/common/include/platform_def.h @@ -173,16 +173,16 @@ @@ -125,10 +124,10 @@ index 584d485f3..0bfab05a4 100644 /* * Some data must be aligned on the biggest cache line size in the platform. diff --git a/tools/cert_create/Makefile b/tools/cert_create/Makefile -index ca548b836..32b5486a0 100644 +index 042e844626bd..45b76a022f91 100644 --- a/tools/cert_create/Makefile +++ b/tools/cert_create/Makefile -@@ -69,8 +69,8 @@ INC_DIR += -I ./include -I ${PLAT_INCLUDE} -I ${OPENSSL_DIR}/include +@@ -78,8 +78,8 @@ INC_DIR += -I ./include -I ${PLAT_INCLUDE} -I ${OPENSSL_DIR}/include # directory. However, for a local build of OpenSSL, the built binaries are # located under the main project directory (i.e.: ${OPENSSL_DIR}, not # ${OPENSSL_DIR}/lib/). @@ -140,10 +139,10 @@ index ca548b836..32b5486a0 100644 HOSTCC ?= gcc diff --git a/tools/fiptool/Makefile b/tools/fiptool/Makefile -index e6aeba95b..7c047479e 100644 +index 2ebee33931ba..dcfd314bee89 100644 --- a/tools/fiptool/Makefile +++ b/tools/fiptool/Makefile -@@ -29,7 +29,7 @@ endif +@@ -39,7 +39,7 @@ HOSTCCFLAGS += -DUSING_OPENSSL3=$(USING_OPENSSL3) # directory. However, for a local build of OpenSSL, the built binaries are # located under the main project directory (i.e.: ${OPENSSL_DIR}, not # ${OPENSSL_DIR}/lib/). @@ -152,7 +151,7 @@ index e6aeba95b..7c047479e 100644 ifeq (${V},0) Q := @ -@@ -37,7 +37,7 @@ else +@@ -47,7 +47,7 @@ else Q := endif @@ -161,6 +160,3 @@ index e6aeba95b..7c047479e 100644 HOSTCC ?= gcc --- -2.25.1 - diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0004-fix-corstone1000-add-cpuhelper-to-makefile.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0004-fix-corstone1000-add-cpuhelper-to-makefile.patch new file mode 100644 index 0000000000..6ddde10e4f --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0004-fix-corstone1000-add-cpuhelper-to-makefile.patch @@ -0,0 +1,28 @@ +From 33078d8ef143e8c79f06399de46dd26e1d53a220 Mon Sep 17 00:00:00 2001 +From: Gauri Sahnan +Date: Tue, 8 Aug 2023 17:16:51 +0100 +Subject: fix(corstone1000): add cpuhelpers to makefile + +Adds cpu_helpers.S to the Makefile to align with the changes in new +trusted-firmware-a version. + +Signed-off-by: Gauri Sahnan +Upstream-Status: Pending [Not submitted to upstream yet] +--- + plat/arm/board/corstone1000/platform.mk | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/plat/arm/board/corstone1000/platform.mk b/plat/arm/board/corstone1000/platform.mk +index 3edffe087..079e9d6c1 100644 +--- a/plat/arm/board/corstone1000/platform.mk ++++ b/plat/arm/board/corstone1000/platform.mk +@@ -43,6 +43,7 @@ BL2_SOURCES += plat/arm/board/corstone1000/common/corstone1000_security.c \ + plat/arm/board/corstone1000/common/corstone1000_err.c \ + plat/arm/board/corstone1000/common/corstone1000_trusted_boot.c \ + lib/utils/mem_region.c \ ++ lib/cpus/aarch64/cpu_helpers.S \ + plat/arm/board/corstone1000/common/corstone1000_helpers.S \ + plat/arm/board/corstone1000/common/corstone1000_plat.c \ + plat/arm/board/corstone1000/common/corstone1000_bl2_mem_params_desc.c \ +-- +2.25.1 diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/rwx-segments.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/rwx-segments.patch new file mode 100644 index 0000000000..a4518ec6b0 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/rwx-segments.patch @@ -0,0 +1,38 @@ +Binutils 2.39 now warns when a segment has RXW permissions[1]: + +aarch64-none-elf-ld.bfd: warning: bl31.elf has a LOAD segment with RWX +permissions + +However, TF-A passes --fatal-warnings to LD, so this is a build failure. + +There is a ticket filed upstream[2], so until that is resolved just +remove --fatal-warnings. + +[1] https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=ba951afb99912da01a6e8434126b8fac7aa75107 +[2] https://developer.trustedfirmware.org/T996 + +Upstream-Status: Inappropriate +Signed-off-by: Ross Burton + +diff --git a/Makefile b/Makefile +index 3941f8698..13bbac348 100644 +--- a/Makefile ++++ b/Makefile +@@ -418,7 +418,7 @@ TF_LDFLAGS += $(TF_LDFLAGS_$(ARCH)) + # LD = gcc (used when GCC LTO is enabled) + else ifneq ($(findstring gcc,$(notdir $(LD))),) + # Pass ld options with Wl or Xlinker switches +-TF_LDFLAGS += -Wl,--fatal-warnings -O1 ++TF_LDFLAGS += -O1 + TF_LDFLAGS += -Wl,--gc-sections + ifeq ($(ENABLE_LTO),1) + ifeq (${ARCH},aarch64) +@@ -435,7 +435,7 @@ TF_LDFLAGS += $(subst --,-Xlinker --,$(TF_LDFLAGS_$(ARCH))) + + # LD = gcc-ld (ld) or llvm-ld (ld.lld) or other + else +-TF_LDFLAGS += --fatal-warnings -O1 ++TF_LDFLAGS += -O1 + TF_LDFLAGS += --gc-sections + # ld.lld doesn't recognize the errata flags, + # therefore don't add those in that case diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/tf-a-tests-no-warn-rwx-segments.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/tf-a-tests-no-warn-rwx-segments.patch new file mode 100644 index 0000000000..5d02e35317 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/tf-a-tests-no-warn-rwx-segments.patch @@ -0,0 +1,26 @@ +Binutils 2.39 now warns when a segment has RXW permissions[1]: + +aarch64-poky-linux-musl-ld: tftf.elf has a LOAD segment with RWX permissions + +There is a ticket filed upstream[2], so until that is resolved just +disable the warning + +[1] https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=ba951afb99912da01a6e8434126b8fac7aa75107 +[2] https://developer.trustedfirmware.org/T996 + +Upstream-Status: Inappropriate +Signed-off-by: Anton Antonov + +diff --git a/Makefile b/Makefile +index 6d0774e1..be3f84ce 100644 +--- a/Makefile ++++ b/Makefile +@@ -238,7 +238,7 @@ TFTF_SOURCES := ${FRAMEWORK_SOURCES} ${TESTS_SOURCES} ${PLAT_SOURCES} ${LIBC_SR + TFTF_INCLUDES += ${PLAT_INCLUDES} + TFTF_CFLAGS += ${COMMON_CFLAGS} + TFTF_ASFLAGS += ${COMMON_ASFLAGS} +-TFTF_LDFLAGS += ${COMMON_LDFLAGS} ++TFTF_LDFLAGS += ${COMMON_LDFLAGS} --no-warn-rwx-segments + TFTF_EXTRA_OBJS := + + ifneq (${BP_OPTION},none) -- cgit v1.2.3