mirror of
https://git.yoctoproject.org/meta-arm
synced 2026-01-12 03:10:15 +00:00
arm-bsp/corstone1000: Support multi-payload capsule generation
- Add 'CAPSULE_SELECTED_COMPONENTS' to enable filtering of firmware components during capsule generation. Only components listed in 'CAPSULE_SELECTED_COMPONENTS' will be included in the final capsule image. - Introduce CAPSULE_EXTRA_ARGS to allow passing additional arguments. '--capflag PersistAcrossReset' to retain capsule across reboots. - Payload selection is now controlled via the KAS YAML configuration (corstone1000-image-configuration.yml), allowing per-image control over which firmware components are included. - With the introduction of multiple payload support, 'CAPSULE_VERSION' no longer represents the firmware version itself but is instead used for naming the capsule and assigning a common version to all payloads to simplify testing. - Use EDK2 tool to switch from single FMP capsule generation to multiple FMP capsules using a JSON-based configuration. This removes the need for manually combining firmware images into a .nopt image. - Remove legacy nopt image creation logic, as each firmware binary is now handled individually. Components no longer need to be merged. Deploy task was removed with nopt logic. - Generate dummy.bin for EDK2 tool compatibility. EDK2 requires at least one input file for each payload. - Added dependency on to to ensure images are signed before capsule generation. - Add CAPSULE_LOWEST_SUPPORTED_VERSION to corstone1000-image-configuration.yml.It in the same file where the firmware version (FW_VERSION) is defined, ensuring a unified location for version-related metadata. This value was chosen to be equal to the firmware version to represent a downgrade scenario (from version 6 to version 5) during testing. - CAPSULE_HARDWARE_INSTANCE is set to "1" by default (instead of 0), indicating the first hardware. Signed-off-by: Ali Can Ozaslan <ali.oezaslan@arm.com> Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com> Signed-off-by: Jon Mason <jon.mason@arm.com>
This commit is contained in:
Ali Can Ozaslan
committed by
Jon Mason
Jon Mason
parent
c68fedfbea
commit
0112cd479b
@@ -41,6 +41,7 @@ local_conf_header:
|
||||
CORE_IMAGE_EXTRA_INSTALL:firmware += "packagegroup-ts-tests-psa"
|
||||
|
||||
capsule: |
|
||||
# These variables are set here since they are not defined in the arm-systemready-firmware recipe or under multiconfig mode.
|
||||
CAPSULE_EXTENSION = "uefi.capsule"
|
||||
CAPSULE_FW_VERSION = "6"
|
||||
CAPSULE_NAME = "${MACHINE}-v${CAPSULE_FW_VERSION}"
|
||||
CAPSULE_VERSION = "6"
|
||||
CAPSULE_NAME = "${MACHINE}-v${CAPSULE_VERSION}"
|
||||
|
||||
@@ -26,21 +26,133 @@ IMAGE_LINGUAS = ""
|
||||
|
||||
PACKAGE_INSTALL = ""
|
||||
|
||||
# The generated ${MACHINE}_image.nopt is used instead of the default wic image
|
||||
# for the capsule generation. The uefi.capsule image type doesn't have to
|
||||
# depend on the wic because of this.
|
||||
#
|
||||
# The corstone1000_capsule_cert.crt and corstone1000_capsule_key.key are installed
|
||||
# by the U-Boot recipe so this recipe has to depend on that.
|
||||
|
||||
CAPSULE_IMGTYPE = ""
|
||||
CAPSULE_CERTIFICATE_PATH = "${DEPLOY_DIR_IMAGE}/corstone1000_capsule_cert.crt"
|
||||
CAPSULE_GUID:corstone1000-fvp ?= "989f3a4e-46e0-4cd0-9877-a25c70c01329"
|
||||
CAPSULE_GUID:corstone1000-mps3 ?= "df1865d1-90fb-4d59-9c38-c9f2c1bba8cc"
|
||||
CAPSULE_IMGLOCATION = "${DEPLOY_DIR_IMAGE}"
|
||||
CAPSULE_INDEX = "1"
|
||||
CAPSULE_MONOTONIC_COUNT = "1"
|
||||
CAPSULE_PRIVATE_KEY_PATH = "${DEPLOY_DIR_IMAGE}/corstone1000_capsule_key.key"
|
||||
UEFI_FIRMWARE_BINARY = "${B}/${MACHINE}_image.nopt"
|
||||
CAPSULE_IMG_LOCATION = "${DEPLOY_DIR_IMAGE}"
|
||||
|
||||
# User-configurable common capsule settings
|
||||
CAPSULE_EXTENSION ?= "uefi.capsule"
|
||||
CAPSULE_VERSION ?= "6"
|
||||
CAPSULE_LOWEST_SUPPORTED_VERSION ?= "6"
|
||||
CAPSULE_NAME ?= "${MACHINE}-v${CAPSULE_VERSION}"
|
||||
CAPSULE_SELECTED_COMPONENTS ?= "BL2 TFM_S FIP INITRAMFS"
|
||||
CAPSULE_EXTRA_ARGS ?= "--capflag PersistAcrossReset"
|
||||
|
||||
# Non-configurable common payloads settings
|
||||
PAYLOAD_CERTIFICATE_PATH = "${DEPLOY_DIR_IMAGE}/corstone1000_capsule_cert.crt"
|
||||
PAYLOAD_HARDWARE_INSTANCE = "1"
|
||||
PAYLOAD_MONOTONIC_COUNT = "1"
|
||||
PAYLOAD_PRIVATE_KEY_PATH = "${DEPLOY_DIR_IMAGE}/corstone1000_capsule_key.key"
|
||||
CAPSULE_SELECTED_COMPONENTS += " DUMMY_START DUMMY_END"
|
||||
|
||||
# All capsule fields are reset and initialized with DUMMY_START since it is the first payload
|
||||
# DUMMY_START
|
||||
PAYLOAD_DUMMY_START_INDEX ?= "5"
|
||||
PAYLOAD_DUMMY_START_VERSION ?= "${CAPSULE_VERSION}"
|
||||
PAYLOAD_DUMMY_START_LOWEST_SUPPORTED_VERSION ?= "${CAPSULE_LOWEST_SUPPORTED_VERSION}"
|
||||
PAYLOAD_DUMMY_START_GUID ?= "6f784cbf-7938-5c23-8d6e-24d2f1410fa9"
|
||||
|
||||
CAPSULE_ALL_COMPONENTS = "DUMMY_START "
|
||||
CAPSULE_CERTIFICATE_PATHS = "${PAYLOAD_CERTIFICATE_PATH} "
|
||||
CAPSULE_GUIDS = "${PAYLOAD_DUMMY_START_GUID} "
|
||||
CAPSULE_INDEXES = "${PAYLOAD_DUMMY_START_INDEX} "
|
||||
CAPSULE_HARDWARE_INSTANCES = "${PAYLOAD_HARDWARE_INSTANCE} "
|
||||
CAPSULE_MONOTONIC_COUNTS = "${PAYLOAD_MONOTONIC_COUNT} "
|
||||
CAPSULE_PRIVATE_KEY_PATHS = "${PAYLOAD_PRIVATE_KEY_PATH} "
|
||||
UEFI_FIRMWARE_BINARIES = "${B}/dummy.bin "
|
||||
CAPSULE_FW_VERSIONS = "${PAYLOAD_DUMMY_START_VERSION} "
|
||||
CAPSULE_LOWEST_SUPPORTED_VERSIONS = "${PAYLOAD_DUMMY_START_LOWEST_SUPPORTED_VERSION} "
|
||||
|
||||
# BL2
|
||||
PAYLOAD_BL2_INDEX ?= "1"
|
||||
PAYLOAD_BL2_VERSION ?= "${CAPSULE_VERSION}"
|
||||
PAYLOAD_BL2_LOWEST_SUPPORTED_VERSION ?= "${CAPSULE_LOWEST_SUPPORTED_VERSION}"
|
||||
PAYLOAD_BL2_GUID:corstone1000-fvp ?= "f1d883f9-dfeb-5363-98d8-686ee3b69f4f"
|
||||
PAYLOAD_BL2_GUID:corstone1000-mps3 ?= "fbfbefaa-0a56-50d5-b651-74091d3d62cf"
|
||||
|
||||
CAPSULE_ALL_COMPONENTS += "BL2 "
|
||||
CAPSULE_CERTIFICATE_PATHS += "${PAYLOAD_CERTIFICATE_PATH} "
|
||||
CAPSULE_GUIDS += "${PAYLOAD_BL2_GUID} "
|
||||
CAPSULE_INDEXES += "${PAYLOAD_BL2_INDEX} "
|
||||
CAPSULE_HARDWARE_INSTANCES += "${PAYLOAD_HARDWARE_INSTANCE} "
|
||||
CAPSULE_MONOTONIC_COUNTS += "${PAYLOAD_MONOTONIC_COUNT} "
|
||||
CAPSULE_PRIVATE_KEY_PATHS += "${PAYLOAD_PRIVATE_KEY_PATH} "
|
||||
UEFI_FIRMWARE_BINARIES += "${DEPLOY_DIR_IMAGE}/bl2_signed.bin "
|
||||
CAPSULE_FW_VERSIONS += "${PAYLOAD_BL2_VERSION} "
|
||||
CAPSULE_LOWEST_SUPPORTED_VERSIONS += "${PAYLOAD_BL2_LOWEST_SUPPORTED_VERSION} "
|
||||
|
||||
# TFM_S
|
||||
PAYLOAD_TFM_S_INDEX ?= "2"
|
||||
PAYLOAD_TFM_S_VERSION ?= "${CAPSULE_VERSION}"
|
||||
PAYLOAD_TFM_S_LOWEST_SUPPORTED_VERSION ?= "${CAPSULE_LOWEST_SUPPORTED_VERSION}"
|
||||
PAYLOAD_TFM_S_GUID:corstone1000-fvp ?= "7fad470e-5ec5-5c03-a2c1-4756b495de61"
|
||||
PAYLOAD_TFM_S_GUID:corstone1000-mps3 ?= "af4cc7ad-ee2e-5a39-aad5-fac8a1e6173c"
|
||||
|
||||
CAPSULE_ALL_COMPONENTS += "TFM_S "
|
||||
CAPSULE_CERTIFICATE_PATHS += "${PAYLOAD_CERTIFICATE_PATH} "
|
||||
CAPSULE_GUIDS += "${PAYLOAD_TFM_S_GUID} "
|
||||
CAPSULE_INDEXES += "${PAYLOAD_TFM_S_INDEX} "
|
||||
CAPSULE_HARDWARE_INSTANCES += "${PAYLOAD_HARDWARE_INSTANCE} "
|
||||
CAPSULE_MONOTONIC_COUNTS += "${PAYLOAD_MONOTONIC_COUNT} "
|
||||
CAPSULE_PRIVATE_KEY_PATHS += "${PAYLOAD_PRIVATE_KEY_PATH} "
|
||||
UEFI_FIRMWARE_BINARIES += "${DEPLOY_DIR_IMAGE}/tfm_s_signed.bin "
|
||||
CAPSULE_FW_VERSIONS += "${PAYLOAD_TFM_S_VERSION} "
|
||||
CAPSULE_LOWEST_SUPPORTED_VERSIONS += "${PAYLOAD_TFM_S_LOWEST_SUPPORTED_VERSION} "
|
||||
|
||||
# FIP
|
||||
PAYLOAD_FIP_INDEX ?= "3"
|
||||
PAYLOAD_FIP_VERSION ?= "${CAPSULE_VERSION}"
|
||||
PAYLOAD_FIP_LOWEST_SUPPORTED_VERSION ?= "${CAPSULE_LOWEST_SUPPORTED_VERSION}"
|
||||
PAYLOAD_FIP_GUID:corstone1000-fvp ?= "f1933675-5a8c-5b6d-9ef4-846739e89bc8"
|
||||
PAYLOAD_FIP_GUID:corstone1000-mps3 ?= "55302f96-c4f0-5cf9-8624-e7cc388f2b68"
|
||||
|
||||
CAPSULE_ALL_COMPONENTS += "FIP "
|
||||
CAPSULE_CERTIFICATE_PATHS += "${PAYLOAD_CERTIFICATE_PATH} "
|
||||
CAPSULE_GUIDS += "${PAYLOAD_FIP_GUID} "
|
||||
CAPSULE_INDEXES += "${PAYLOAD_FIP_INDEX} "
|
||||
CAPSULE_HARDWARE_INSTANCES += "${PAYLOAD_HARDWARE_INSTANCE} "
|
||||
CAPSULE_MONOTONIC_COUNTS += "${PAYLOAD_MONOTONIC_COUNT} "
|
||||
CAPSULE_PRIVATE_KEY_PATHS += "${PAYLOAD_PRIVATE_KEY_PATH} "
|
||||
UEFI_FIRMWARE_BINARIES += "${DEPLOY_DIR_IMAGE}/signed_fip-corstone1000.bin "
|
||||
CAPSULE_FW_VERSIONS += "${PAYLOAD_FIP_VERSION} "
|
||||
CAPSULE_LOWEST_SUPPORTED_VERSIONS += "${PAYLOAD_FIP_LOWEST_SUPPORTED_VERSION} "
|
||||
|
||||
# INITRAMFS
|
||||
PAYLOAD_INITRAMFS_INDEX ?= "4"
|
||||
PAYLOAD_INITRAMFS_VERSION ?= "${CAPSULE_VERSION}"
|
||||
PAYLOAD_INITRAMFS_LOWEST_SUPPORTED_VERSION ?= "${CAPSULE_LOWEST_SUPPORTED_VERSION}"
|
||||
PAYLOAD_INITRAMFS_GUID:corstone1000-fvp ?= "f771aff9-c7e9-5f99-9eda-2369dd694f61"
|
||||
PAYLOAD_INITRAMFS_GUID:corstone1000-mps3 ?= "3e8ac972-c33c-5cc9-90a0-cdd3159683ea"
|
||||
|
||||
CAPSULE_ALL_COMPONENTS += "INITRAMFS "
|
||||
CAPSULE_CERTIFICATE_PATHS += "${PAYLOAD_CERTIFICATE_PATH} "
|
||||
CAPSULE_GUIDS += "${PAYLOAD_INITRAMFS_GUID} "
|
||||
CAPSULE_INDEXES += "${PAYLOAD_INITRAMFS_INDEX} "
|
||||
CAPSULE_HARDWARE_INSTANCES += "${PAYLOAD_HARDWARE_INSTANCE} "
|
||||
CAPSULE_MONOTONIC_COUNTS += "${PAYLOAD_MONOTONIC_COUNT} "
|
||||
CAPSULE_PRIVATE_KEY_PATHS += "${PAYLOAD_PRIVATE_KEY_PATH} "
|
||||
UEFI_FIRMWARE_BINARIES += "${DEPLOY_DIR_IMAGE}/Image.gz-initramfs-${MACHINE}.bin "
|
||||
CAPSULE_FW_VERSIONS += "${PAYLOAD_INITRAMFS_VERSION} "
|
||||
CAPSULE_LOWEST_SUPPORTED_VERSIONS += "${PAYLOAD_INITRAMFS_LOWEST_SUPPORTED_VERSION} "
|
||||
|
||||
# DUMMY_END
|
||||
PAYLOAD_DUMMY_END_INDEX ?= "6"
|
||||
PAYLOAD_DUMMY_END_VERSION ?= "${CAPSULE_VERSION}"
|
||||
PAYLOAD_DUMMY_END_LOWEST_SUPPORTED_VERSION ?= "${CAPSULE_LOWEST_SUPPORTED_VERSION}"
|
||||
PAYLOAD_DUMMY_END_GUID ?= "b57e432b-a250-5c73-93e3-90205e64baba"
|
||||
|
||||
CAPSULE_ALL_COMPONENTS += "DUMMY_END"
|
||||
CAPSULE_CERTIFICATE_PATHS += "${PAYLOAD_CERTIFICATE_PATH}"
|
||||
CAPSULE_GUIDS += "${PAYLOAD_DUMMY_END_GUID}"
|
||||
CAPSULE_INDEXES += "${PAYLOAD_DUMMY_END_INDEX}"
|
||||
CAPSULE_HARDWARE_INSTANCES += "${PAYLOAD_HARDWARE_INSTANCE}"
|
||||
CAPSULE_MONOTONIC_COUNTS += "${PAYLOAD_MONOTONIC_COUNT}"
|
||||
CAPSULE_PRIVATE_KEY_PATHS += "${PAYLOAD_PRIVATE_KEY_PATH}"
|
||||
UEFI_FIRMWARE_BINARIES += "${B}/dummy.bin"
|
||||
CAPSULE_FW_VERSIONS += "${PAYLOAD_DUMMY_END_VERSION}"
|
||||
CAPSULE_LOWEST_SUPPORTED_VERSIONS += "${PAYLOAD_DUMMY_END_LOWEST_SUPPORTED_VERSION}"
|
||||
|
||||
# TF-A settings for signing host images
|
||||
TFA_BL2_BINARY = "bl2-corstone1000.bin"
|
||||
@@ -53,13 +165,6 @@ RE_LAYOUT_WRAPPER_VERSION = "0.0.7"
|
||||
TFM_SIGN_PRIVATE_KEY = "${libdir}/tfm-scripts/root-RSA-3072_1.pem"
|
||||
RE_IMAGE_OFFSET = "0x1000"
|
||||
|
||||
# Offsets for the .nopt image generation
|
||||
# These offset values have to be aligned with those in
|
||||
# meta-arm/meta-arm-bsp/wic/corstone1000-flash-firmware.wks.in
|
||||
TFM_OFFSET = "147456"
|
||||
FIP_OFFSET = "475136"
|
||||
KERNEL_OFFSET = "2572288"
|
||||
|
||||
do_sign_images() {
|
||||
# Sign TF-A BL2
|
||||
sign_host_image ${RECIPE_SYSROOT}/firmware/${TFA_BL2_BINARY} \
|
||||
@@ -79,21 +184,11 @@ do_sign_images[depends] = "\
|
||||
fiptool-native:do_populate_sysroot \
|
||||
"
|
||||
|
||||
# This .nopt image is not the same as the one which is generated by meta-arm/meta-arm/classes/wic_nopt.bbclass.
|
||||
# The meta-arm/meta-arm/classes/wic_nopt.bbclass removes the partition table from the wic image, but keeps the
|
||||
# second bank. This function creates a no-partition image with only the first bank.
|
||||
create_nopt_image() {
|
||||
dd conv=notrunc bs=1 if=${DEPLOY_DIR_IMAGE}/bl2_signed.bin of=${B}/${MACHINE}_image.nopt
|
||||
dd conv=notrunc bs=1 if=${DEPLOY_DIR_IMAGE}/tfm_s_signed.bin of=${B}/${MACHINE}_image.nopt seek=${TFM_OFFSET}
|
||||
dd conv=notrunc bs=1 if=${DEPLOY_DIR_IMAGE}/signed_fip-corstone1000.bin of=${B}/${MACHINE}_image.nopt seek=${FIP_OFFSET}
|
||||
dd conv=notrunc bs=1 if=${DEPLOY_DIR_IMAGE}/Image.gz-initramfs-${MACHINE}.bin of=${B}/${MACHINE}_image.nopt seek=${KERNEL_OFFSET}
|
||||
}
|
||||
do_image_uefi_capsule[depends] += " linux-yocto:do_deploy"
|
||||
do_image_uefi_capsule[mcdepends] += " ${@bb.utils.contains('BBMULTICONFIG', 'firmware', 'mc::firmware:linux-yocto:do_deploy', '', d)}"
|
||||
do_image_uefi_capsule[prefuncs] += "create_nopt_image"
|
||||
|
||||
do_deploy() {
|
||||
install -m 0755 ${B}/${MACHINE}_image.nopt ${DEPLOYDIR}
|
||||
# Create an empty dummy payload file required for capsule generation
|
||||
create_dummy_image() {
|
||||
touch ${B}/dummy.bin
|
||||
}
|
||||
|
||||
addtask deploy after do_image_uefi_capsule
|
||||
do_image_uefi_capsule[depends] += " linux-yocto:do_deploy corstone1000-flash-firmware-image:do_sign_images"
|
||||
do_image_uefi_capsule[mcdepends] += " ${@bb.utils.contains('BBMULTICONFIG', 'firmware', 'mc::firmware:linux-yocto:do_deploy mc::firmware:corstone1000-flash-firmware-image:do_sign_images', '', d)}"
|
||||
do_image_uefi_capsule[prefuncs] += "create_dummy_image"
|
||||
|
||||
Reference in New Issue
Block a user