From 1baab2304144c97596498866e250377c0b792693 Mon Sep 17 00:00:00 2001 From: Jon Mason Date: Wed, 10 Dec 2025 11:33:32 -0500 Subject: [PATCH] arm-bsp: add git recipe versions Add git recipe versions that track the latest git versions of u-boot and the various OP-TEE recipes. This, in combination with the previously existing trusted firmware a and m recipes, allows for using the latest code in platform development and testing (as part of CI). For CI usage, a KAS yml file has been created to allow for those recipes to be used, and an entry for fvp-base has been added to the gitlab CI yml file. NOTE: the wildcard for corstone1000 u-boot PREFERRED_VERSION was causing it to pick-up the newest version (and failing to apply the patches). The wildcard is unnecessary, since it is using a layer supplied package. So, remove it and everyone is happy. Signed-off-by: Jon Mason --- .gitlab-ci.yml | 3 ++ ci/latest-revisions.yml | 15 +++++++++ .../conf/machine/include/corstone1000.inc | 2 +- .../recipes-bsp/u-boot/u-boot-fvp-base.inc | 6 ++++ ....bbappend => optee-os-tadevkit_%.bbappend} | 0 ...ee-os_4.%.bbappend => optee-os_%.bbappend} | 0 ...est_4.%.bbappend => optee-test_%.bbappend} | 0 meta-arm/recipes-bsp/u-boot/u-boot_%.bbappend | 6 ++++ .../recipes-security/optee/optee-client.inc | 5 ++- .../optee/optee-client_4.7.0.bb | 4 --- .../optee/optee-client_git.bb | 11 +++++++ .../optee/optee-examples_git.bb | 8 +++++ .../optee/optee-os-tadevkit_git.bb | 32 +++++++++++++++++++ ...ee-os_4.%.bbappend => optee-os_%.bbappend} | 0 .../recipes-security/optee/optee-os_git.bb | 10 ++++++ .../recipes-security/optee/optee-test_git.bb | 20 ++++++++++++ 16 files changed, 116 insertions(+), 6 deletions(-) create mode 100644 ci/latest-revisions.yml rename meta-arm-bsp/recipes-security/optee/{optee-os-tadevkit_4.%.bbappend => optee-os-tadevkit_%.bbappend} (100%) rename meta-arm-bsp/recipes-security/optee/{optee-os_4.%.bbappend => optee-os_%.bbappend} (100%) rename meta-arm-bsp/recipes-security/optee/{optee-test_4.%.bbappend => optee-test_%.bbappend} (100%) create mode 100644 meta-arm/recipes-security/optee/optee-client_git.bb create mode 100644 meta-arm/recipes-security/optee/optee-examples_git.bb create mode 100644 meta-arm/recipes-security/optee/optee-os-tadevkit_git.bb rename meta-arm/recipes-security/optee/{optee-os_4.%.bbappend => optee-os_%.bbappend} (100%) create mode 100644 meta-arm/recipes-security/optee/optee-os_git.bb create mode 100644 meta-arm/recipes-security/optee/optee-test_git.bb diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 4e1dc0e3..095a1add 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -209,6 +209,9 @@ fvp-base: - FIRMWARE: [u-boot, edk2] TESTING: testimage - SYSTEMREADY_FIRMWARE: arm-systemready-firmware + - KERNEL: linux-yocto-dev + LATEST: latest-revisions + TESTING: testimage fvps: extends: .build diff --git a/ci/latest-revisions.yml b/ci/latest-revisions.yml new file mode 100644 index 00000000..94d6bc2e --- /dev/null +++ b/ci/latest-revisions.yml @@ -0,0 +1,15 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json + +header: + version: 14 + +local_conf_header: + latest_revisions: | + PREFERRED_VERSION_trusted-firmware-a ?= "git" + PREFERRED_VERSION_trusted-firmware-m ?= "git" + PREFERRED_VERSION_optee-client ?= "git" + PREFERRED_VERSION_optee-examples ?= "git" + PREFERRED_VERSION_optee-os-tadevkit ?= "git" + PREFERRED_VERSION_optee-os ?= "git" + PREFERRED_VERSION_optee-test ?= "git" + PREFERRED_PROVIDER_u-boot = "u-boot:class-devupstream" diff --git a/meta-arm-bsp/conf/machine/include/corstone1000.inc b/meta-arm-bsp/conf/machine/include/corstone1000.inc index 09468c7c..6f5127b6 100644 --- a/meta-arm-bsp/conf/machine/include/corstone1000.inc +++ b/meta-arm-bsp/conf/machine/include/corstone1000.inc @@ -26,7 +26,7 @@ TS_SP_SE_PROXY_CONFIG = "corstone1000" MACHINE_FEATURES += "ts-smm-gateway ts-se-proxy" # U-Boot -PREFERRED_VERSION_u-boot ?= "2025.04%" +PREFERRED_VERSION_u-boot ?= "2025.04" MACHINE_FEATURES += "efi" EFI_PROVIDER ?= "grub-efi" diff --git a/meta-arm-bsp/recipes-bsp/u-boot/u-boot-fvp-base.inc b/meta-arm-bsp/recipes-bsp/u-boot/u-boot-fvp-base.inc index e7f22877..44b98f8f 100644 --- a/meta-arm-bsp/recipes-bsp/u-boot/u-boot-fvp-base.inc +++ b/meta-arm-bsp/recipes-bsp/u-boot/u-boot-fvp-base.inc @@ -6,3 +6,9 @@ SRC_URI:append = " \ file://0002-arm-vexpress64-Enable-SYSRESET-and-SYSRESET_PSCI.patch \ file://0003-vexpress64-Imply-CONFIG_ARM64_CRC32-by-default.patch \ " + +# Remove backported patches from latest version +SRC_URI:remove:class-devupstream = " \ + file://0001-vexpress64-Set-the-DM_RNG-property.patch \ + file://0002-arm-vexpress64-Enable-SYSRESET-and-SYSRESET_PSCI.patch \ + " diff --git a/meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_4.%.bbappend b/meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_%.bbappend similarity index 100% rename from meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_4.%.bbappend rename to meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_%.bbappend diff --git a/meta-arm-bsp/recipes-security/optee/optee-os_4.%.bbappend b/meta-arm-bsp/recipes-security/optee/optee-os_%.bbappend similarity index 100% rename from meta-arm-bsp/recipes-security/optee/optee-os_4.%.bbappend rename to meta-arm-bsp/recipes-security/optee/optee-os_%.bbappend diff --git a/meta-arm-bsp/recipes-security/optee/optee-test_4.%.bbappend b/meta-arm-bsp/recipes-security/optee/optee-test_%.bbappend similarity index 100% rename from meta-arm-bsp/recipes-security/optee/optee-test_4.%.bbappend rename to meta-arm-bsp/recipes-security/optee/optee-test_%.bbappend diff --git a/meta-arm/recipes-bsp/u-boot/u-boot_%.bbappend b/meta-arm/recipes-bsp/u-boot/u-boot_%.bbappend index 8542ccfc..8ddc5361 100644 --- a/meta-arm/recipes-bsp/u-boot/u-boot_%.bbappend +++ b/meta-arm/recipes-bsp/u-boot/u-boot_%.bbappend @@ -4,3 +4,9 @@ SRC_URI:append:qemuarm64-secureboot = " file://qemuarm64.cfg" SRC_URI:append:qemuarm-secureboot = " file://qemuarm.cfg" require ${@bb.utils.contains('MACHINE_FEATURES', 'uefi-secureboot', 'u-boot-uefi-secureboot.inc', '', d)} + +# Work some magic here for devupstream +BBCLASSEXTEND = "devupstream:target" +SRC_URI:class-devupstream = "git://source.denx.de/u-boot/u-boot.git;protocol=https;branch=master" +# tag: v2026.01-rc2 +SRCREV:class-devupstream = "365a7079fb918643da0f0709660a7d8ea76dd6f3" diff --git a/meta-arm/recipes-security/optee/optee-client.inc b/meta-arm/recipes-security/optee/optee-client.inc index 0c3aefbb..4d3d83da 100644 --- a/meta-arm/recipes-security/optee/optee-client.inc +++ b/meta-arm/recipes-security/optee/optee-client.inc @@ -5,7 +5,10 @@ HOMEPAGE = "https://www.op-tee.org/" LICENSE = "BSD-2-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=69663ab153298557a59c67a60a743e5b" -inherit systemd update-rc.d cmake useradd +inherit systemd update-rc.d cmake useradd pkgconfig + +DEPENDS += "util-linux" +EXTRA_OEMAKE += "PKG_CONFIG=pkg-config" SRC_URI = " \ git://github.com/OP-TEE/optee_client.git;branch=master;protocol=https \ diff --git a/meta-arm/recipes-security/optee/optee-client_4.7.0.bb b/meta-arm/recipes-security/optee/optee-client_4.7.0.bb index 00f829e1..2fb157df 100644 --- a/meta-arm/recipes-security/optee/optee-client_4.7.0.bb +++ b/meta-arm/recipes-security/optee/optee-client_4.7.0.bb @@ -3,7 +3,3 @@ require recipes-security/optee/optee-client.inc # v4.7.0 SRCREV = "23c112a6f05cc5e39bd4aaf52ad515cad532237d" SRC_URI += "file://0001-tee-supplicant-update-udev-systemd-install-code.patch" - -inherit pkgconfig -DEPENDS += "util-linux" -EXTRA_OEMAKE += "PKG_CONFIG=pkg-config" diff --git a/meta-arm/recipes-security/optee/optee-client_git.bb b/meta-arm/recipes-security/optee/optee-client_git.bb new file mode 100644 index 00000000..9c1c622f --- /dev/null +++ b/meta-arm/recipes-security/optee/optee-client_git.bb @@ -0,0 +1,11 @@ +require recipes-security/optee/optee-client.inc + +# v4.8.0 +SRCREV = "9d6f69844ff60ec0966cf3659abcc38eda8b31ea" +PV .= "+git" + +FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:" +SRC_URI += "file://0001-tee-supplicant-update-udev-systemd-install-code.patch" + +# Not a release recipe, try our hardest to not pull this in implicitly +DEFAULT_PREFERENCE = "-1" diff --git a/meta-arm/recipes-security/optee/optee-examples_git.bb b/meta-arm/recipes-security/optee/optee-examples_git.bb new file mode 100644 index 00000000..e0c85660 --- /dev/null +++ b/meta-arm/recipes-security/optee/optee-examples_git.bb @@ -0,0 +1,8 @@ +require recipes-security/optee/optee-examples.inc + +# v4.8.0 +SRCREV = "3ef17eb1f309def91113637f95f67613b1d89119" +PV .= "+git" + +# Not a release recipe, try our hardest to not pull this in implicitly +DEFAULT_PREFERENCE = "-1" diff --git a/meta-arm/recipes-security/optee/optee-os-tadevkit_git.bb b/meta-arm/recipes-security/optee/optee-os-tadevkit_git.bb new file mode 100644 index 00000000..78588b81 --- /dev/null +++ b/meta-arm/recipes-security/optee/optee-os-tadevkit_git.bb @@ -0,0 +1,32 @@ +require recipes-security/optee/optee-os_${PV}.bb + +SUMMARY = "OP-TEE Trusted OS TA devkit" +DESCRIPTION = "OP-TEE TA devkit for build TAs" +HOMEPAGE = "https://www.op-tee.org/" + +DEPENDS += "python3-pycryptodome-native" + +do_install() { + #install TA devkit + install -d ${D}${includedir}/optee/export-user_ta/ + for f in ${B}/export-ta_${OPTEE_ARCH}/* ; do + cp -aR $f ${D}${includedir}/optee/export-user_ta/ + done +} + +do_deploy() { + echo "Do not inherit do_deploy from optee-os." +} + +FILES:${PN} = "${includedir}/optee/" + +# Build paths are currently embedded +INSANE_SKIP:${PN}-dev += "buildpaths" + +# Include extra headers needed by SPMC tests to TA DEVKIT. +# Supported after op-tee v3.20 +EXTRA_OEMAKE:append = "${@bb.utils.contains('MACHINE_FEATURES', 'optee-spmc-test', \ + ' CFG_SPMC_TESTS=y', '' , d)}" + +# Not a release recipe, try our hardest to not pull this in implicitly +DEFAULT_PREFERENCE = "-1" diff --git a/meta-arm/recipes-security/optee/optee-os_4.%.bbappend b/meta-arm/recipes-security/optee/optee-os_%.bbappend similarity index 100% rename from meta-arm/recipes-security/optee/optee-os_4.%.bbappend rename to meta-arm/recipes-security/optee/optee-os_%.bbappend diff --git a/meta-arm/recipes-security/optee/optee-os_git.bb b/meta-arm/recipes-security/optee/optee-os_git.bb new file mode 100644 index 00000000..244ff9b7 --- /dev/null +++ b/meta-arm/recipes-security/optee/optee-os_git.bb @@ -0,0 +1,10 @@ +require recipes-security/optee/optee-os.inc + +DEPENDS += "dtc-native" + +# v4.8.0 +SRCREV = "86660925433a8d4d1b19cfa5fe940081d77b34b4" +PV .= "+git" + +# Not a release recipe, try our hardest to not pull this in implicitly +DEFAULT_PREFERENCE = "-1" diff --git a/meta-arm/recipes-security/optee/optee-test_git.bb b/meta-arm/recipes-security/optee/optee-test_git.bb new file mode 100644 index 00000000..d2933390 --- /dev/null +++ b/meta-arm/recipes-security/optee/optee-test_git.bb @@ -0,0 +1,20 @@ +require recipes-security/optee/optee-test.inc + +# v4.8.0 +SRCREV = "6569cd7b13e1b37b37069e090d592adca7d3926d" +PV .= "+git" + +LIC_FILES_CHKSUM = "file://LICENSE.md;md5=a8fa504109e4cd7ea575bc49ea4be560" + +# Include ffa_spmc test group if the SPMC test is enabled. +# Supported after op-tee v3.20 +EXTRA_OEMAKE:append = "${@bb.utils.contains('MACHINE_FEATURES', 'optee-spmc-test', \ + ' CFG_SPMC_TESTS=y CFG_SECURE_PARTITION=y', '' , d)}" + +RDEPENDS:${PN} += "${@bb.utils.contains('MACHINE_FEATURES', 'optee-spmc-test', \ + ' arm-ffa-user', '' , d)}" + +# Not a release recipe, try our hardest to not pull this in implicitly +DEFAULT_PREFERENCE = "-1" + +CFLAGS += "-Wno-error=unterminated-string-initialization"