diff --git a/ci/secure-debug.yml b/ci/secure-debug.yml new file mode 100644 index 00000000..33cf00a3 --- /dev/null +++ b/ci/secure-debug.yml @@ -0,0 +1,8 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json + +header: + version: 14 + +local_conf_header: + secure-debug: | + MACHINE_FEATURES += "secure-debug" diff --git a/meta-arm-bsp/documentation/corstone1000/images/ExternalFlash.png b/meta-arm-bsp/documentation/corstone1000/images/ExternalFlash.png index 578f0389..46519df9 100644 Binary files a/meta-arm-bsp/documentation/corstone1000/images/ExternalFlash.png and b/meta-arm-bsp/documentation/corstone1000/images/ExternalFlash.png differ diff --git a/meta-arm-bsp/recipes-bsp/images/corstone1000-flash-firmware-image.bb b/meta-arm-bsp/recipes-bsp/images/corstone1000-flash-firmware-image.bb index 4a32192d..73cc32aa 100644 --- a/meta-arm-bsp/recipes-bsp/images/corstone1000-flash-firmware-image.bb +++ b/meta-arm-bsp/recipes-bsp/images/corstone1000-flash-firmware-image.bb @@ -53,9 +53,11 @@ TFM_SIGN_PRIVATE_KEY = "${libdir}/tfm-scripts/root-RSA-3072_1.pem" RE_IMAGE_OFFSET = "0x1000" # Offsets for the .nopt image generation -TFM_OFFSET = "102400" -FIP_OFFSET = "479232" -KERNEL_OFFSET = "2576384" +# These offset values have to be aligned with those in +# meta-arm/meta-arm-bsp/wic/corstone1000-flash-firmware.wks.in +TFM_OFFSET = "147456" +FIP_OFFSET = "475136" +KERNEL_OFFSET = "2572288" do_sign_images() { # Sign TF-A BL2 diff --git a/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0014-Platform-CS1000-Increase-BL2-partition-size.patch b/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0014-Platform-CS1000-Increase-BL2-partition-size.patch new file mode 100644 index 00000000..7c2a6325 --- /dev/null +++ b/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0014-Platform-CS1000-Increase-BL2-partition-size.patch @@ -0,0 +1,111 @@ +From ddd4abdb3893e284a35303e4a5ac7b6ad2ed8320 Mon Sep 17 00:00:00 2001 +From: Bence Balogh +Date: Tue, 16 Jul 2024 21:04:49 +0200 +Subject: [PATCH] Platform: CS1000: Increase BL2 partition size + +Enabling secure debug increases the BL2 code size considerably. This +patch increases the BL2 partition size to enable secure debug feature +on Corstone-1000. The TF-M partition size has to be decreased for this. +The RAM_MPU_REGION_BLOCK_1_SIZE had to be aligned with the changes to +fully cover the S_DATA. + +Signed-off-by: Emekcan Aras +Signed-off-by: Bence Balogh +Upstream-Status: Backport [https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/30406] +--- + .../ext/target/arm/corstone1000/CMakeLists.txt | 9 ++++++--- + .../target/arm/corstone1000/create-flash-image.sh | 14 ++++++++------ + .../arm/corstone1000/partition/flash_layout.h | 4 ++-- + 3 files changed, 16 insertions(+), 11 deletions(-) + +diff --git a/platform/ext/target/arm/corstone1000/CMakeLists.txt b/platform/ext/target/arm/corstone1000/CMakeLists.txt +index b13dc26c0e..3ba26e0de7 100644 +--- a/platform/ext/target/arm/corstone1000/CMakeLists.txt ++++ b/platform/ext/target/arm/corstone1000/CMakeLists.txt +@@ -44,10 +44,13 @@ target_compile_definitions(platform_region_defs + # The RAM MPU Region block sizes are calculated manually. The RAM has to be covered + # with the MPU regions. These regions also have to be the power of 2 and + # the start addresses have to be aligned to these sizes. The sizes can be calculated +- # from the S_DATA_START and S_DATA_SIZE defines. +- RAM_MPU_REGION_BLOCK_1_SIZE=0x4000 ++ # from the S_DATA_START and S_DATA_SIZE defines the following way: ++ # S_DATA_SIZE = RAM_MPU_REGION_BLOCK_1_SIZE + RAM_MPU_REGION_BLOCK_2_SIZE ++ # And the following constraints have to be taken: ++ # S_DATA_START % RAM_MPU_REGION_BLOCK_1_SIZE = 0 ++ # (S_DATA_START + RAM_MPU_REGION_BLOCK_1_SIZE) % RAM_MPU_REGION_BLOCK_2_SIZE = 0 ++ RAM_MPU_REGION_BLOCK_1_SIZE=0x10000 + RAM_MPU_REGION_BLOCK_2_SIZE=0x20000 +- + ) + #========================= Platform common defs ===============================# + +diff --git a/platform/ext/target/arm/corstone1000/create-flash-image.sh b/platform/ext/target/arm/corstone1000/create-flash-image.sh +index a6be61384f..06f0d1ec9a 100755 +--- a/platform/ext/target/arm/corstone1000/create-flash-image.sh ++++ b/platform/ext/target/arm/corstone1000/create-flash-image.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + #------------------------------------------------------------------------------- +-# Copyright (c) 2023, Arm Limited. All rights reserved. ++# Copyright (c) 2023-2024, Arm Limited. All rights reserved. + # + # SPDX-License-Identifier: BSD-3-Clause + # +@@ -65,6 +65,8 @@ FWU_METADATA_TYPE_UUID="8A7A84A0-8387-40F6-AB41-A8B9A5A60D23" + PRIVATE_METADATA_TYPE_UUID="ECB55DC3-8AB7-4A84-AB56-EB0A9974DB42" + SE_BL2_TYPE_UUID="64BD8ADB-02C0-4819-8688-03AB4CAB0ED9" + TFM_TYPE_UUID="D763C27F-07F6-4FF0-B2F3-060CB465CD4E" ++SE_BL2_PARTITION_SIZE="+144k" ++TFM_S_PARTITION_SIZE="+320K" + + # Create the image + rm -f $IMAGE +@@ -81,10 +83,10 @@ sgdisk --mbrtogpt \ + --new=3:48:+4K --typecode=3:$FWU_METADATA_TYPE_UUID --partition-guid=3:$(uuidgen) --change-name=3:'Bkup-FWU-Metadata' \ + --new=4:56:+4K --typecode=4:$PRIVATE_METADATA_TYPE_UUID --partition-guid=4:$(uuidgen) --change-name=4:'private_metadata_replica_1' \ + --new=5:64:+4k --typecode=5:$PRIVATE_METADATA_TYPE_UUID --partition-guid=5:$(uuidgen) --change-name=5:'private_metadata_replica_2' \ +- --new=6:72:+100k --typecode=6:$SE_BL2_TYPE_UUID --partition-guid=6:$(uuidgen) --change-name=6:'bl2_primary' \ +- --new=7:272:+368K --typecode=7:$TFM_TYPE_UUID --partition-guid=7:$(uuidgen) --change-name=7:'tfm_primary' \ +- --new=8:32784:+100k --typecode=8:$SE_BL2_TYPE_UUID --partition-guid=8:$(uuidgen) --change-name=8:'bl2_secondary' \ +- --new=9:32984:+368K --typecode=9:$TFM_TYPE_UUID --partition-guid=9:$(uuidgen) --change-name=9:'tfm_secondary' \ ++ --new=6:72:$SE_BL2_PARTITION_SIZE --typecode=6:$SE_BL2_TYPE_UUID --partition-guid=6:$(uuidgen) --change-name=6:'bl2_primary' \ ++ --new=7:360:$TFM_S_PARTITION_SIZE --typecode=7:$TFM_TYPE_UUID --partition-guid=7:$(uuidgen) --change-name=7:'tfm_primary' \ ++ --new=8:32784:$SE_BL2_PARTITION_SIZE --typecode=8:$SE_BL2_TYPE_UUID --partition-guid=8:$(uuidgen) --change-name=8:'bl2_secondary' \ ++ --new=9:33072:$TFM_S_PARTITION_SIZE --typecode=9:$TFM_TYPE_UUID --partition-guid=9:$(uuidgen) --change-name=9:'tfm_secondary' \ + --new=10:65496:65501 --partition-guid=10:$(uuidgen) --change-name=10:'reserved_2' \ + $IMAGE + +@@ -93,7 +95,7 @@ sgdisk --mbrtogpt \ + # Write partitions + # conv=notrunc avoids truncation to keep the geometry of the image. + dd if=$BIN_DIR/bl2_signed.bin of=${IMAGE} seek=72 conv=notrunc +-dd if=$BIN_DIR/tfm_s_signed.bin of=${IMAGE} seek=272 conv=notrunc ++dd if=$BIN_DIR/tfm_s_signed.bin of=${IMAGE} seek=360 conv=notrunc + + # Print the gpt table + sgdisk -p $IMAGE +diff --git a/platform/ext/target/arm/corstone1000/partition/flash_layout.h b/platform/ext/target/arm/corstone1000/partition/flash_layout.h +index 9fc1d9fa63..73c430ce57 100644 +--- a/platform/ext/target/arm/corstone1000/partition/flash_layout.h ++++ b/platform/ext/target/arm/corstone1000/partition/flash_layout.h +@@ -92,7 +92,7 @@ + #define FLASH_DEV_NAME_BL1 FLASH_DEV_NAME + + /* Static Configurations of the Flash */ +-#define SE_BL2_PARTITION_SIZE (0x18000) /* 96 KB */ ++#define SE_BL2_PARTITION_SIZE (0x24000) /* 144 KB */ + #define SE_BL2_BANK_0_OFFSET (0x9000) /* 72nd LBA */ + #define SE_BL2_BANK_1_OFFSET (0x1002000) /* 32784th LBA */ + +@@ -137,7 +137,7 @@ + + /* Bank configurations */ + #define BANK_PARTITION_SIZE (0xFE0000) /* 15.875 MB */ +-#define TFM_PARTITION_SIZE (0x5C000) /* 368 KB */ ++#define TFM_PARTITION_SIZE (0x50000) /* 320 KB */ + + /************************************************************/ + /* Bank : Images flash offsets are with respect to the bank */ +-- +2.25.1 + diff --git a/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0015-CC312-ADAC-Add-PSA_WANT_ALG_SHA_256-definition.patch b/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0015-CC312-ADAC-Add-PSA_WANT_ALG_SHA_256-definition.patch new file mode 100644 index 00000000..63737a0f --- /dev/null +++ b/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0015-CC312-ADAC-Add-PSA_WANT_ALG_SHA_256-definition.patch @@ -0,0 +1,42 @@ +From 756cfad0cc05e7f4c02faa74aea14962aa54420c Mon Sep 17 00:00:00 2001 +From: Bence Balogh +Date: Wed, 31 Jul 2024 13:38:09 +0200 +Subject: [PATCH 2/3] CC312: ADAC: Add PSA_WANT_ALG_SHA_256 definition + +The bl2_mbedcrypto_config is linked to the psa_adac_cc312 target so +the MCUBOOT_PSA_CRYPTO_CONFIG_FILEPATH and +MCUBOOT_MBEDCRYPTO_CONFIG_FILEPATH configs are used for the ADAC driver +too. The MCUBOOT_USE_PSA_CRYPTO is OFF by default, that means the +MCUBOOT_PSA_CRYPTO_CONFIG_FILEPATH is not included during the build so +the PSA_WANT_ALG_SHA_256 is not defined for the ADAC driver. Because +of this, the PSA_HASH_MAX_SIZE is not set correctly for the sources +of the psa_adac_cc312 target. This caused runtime issues. + +Signed-off-by: Bence Balogh +Upstream-Status: Pending [Not submitted to upstream yet] +--- + platform/ext/accelerator/cc312/psa-adac/CMakeLists.txt | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/platform/ext/accelerator/cc312/psa-adac/CMakeLists.txt b/platform/ext/accelerator/cc312/psa-adac/CMakeLists.txt +index cb0553b40a..d7f5a54f3c 100644 +--- a/platform/ext/accelerator/cc312/psa-adac/CMakeLists.txt ++++ b/platform/ext/accelerator/cc312/psa-adac/CMakeLists.txt +@@ -1,5 +1,5 @@ + #------------------------------------------------------------------------------- +-# Copyright (c) 2020-2023, Arm Limited. All rights reserved. ++# Copyright (c) 2020-2024, Arm Limited. All rights reserved. + # + # SPDX-License-Identifier: BSD-3-Clause + # +@@ -32,6 +32,7 @@ target_compile_options(psa_adac_cc312 + -DCC_IOT + -DUSE_MBEDTLS_CRYPTOCELL + -D_INTERNAL_CC_NO_RSA_SCHEME_15_SUPPORT ++ -DPSA_WANT_ALG_SHA_256 + ) + + target_link_libraries(psa_adac_cc312 +-- +2.25.1 + diff --git a/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0016-Platform-CS1000-Add-crypto-configs-for-ADAC.patch b/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0016-Platform-CS1000-Add-crypto-configs-for-ADAC.patch new file mode 100644 index 00000000..a56a6f8a --- /dev/null +++ b/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0016-Platform-CS1000-Add-crypto-configs-for-ADAC.patch @@ -0,0 +1,39 @@ +From ea0f0236f1dbe9ff7640c90311a3116e6db33aa2 Mon Sep 17 00:00:00 2001 +From: Bence Balogh +Date: Wed, 31 Jul 2024 13:38:27 +0200 +Subject: [PATCH 3/3] Platform: CS1000: Add crypto configs for ADAC + +The psa_adac_psa_crypto target needs the MBEDTLS_CONFIG_FILE and +MBEDTLS_PSA_CRYPTO_CONFIG_FILE defines in order to build correctly. +The default crypto config files are used here. + +Signed-off-by: Bence Balogh +Upstream-Status: Pending [Not submitted to upstream yet] +--- + platform/ext/target/arm/corstone1000/CMakeLists.txt | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/platform/ext/target/arm/corstone1000/CMakeLists.txt b/platform/ext/target/arm/corstone1000/CMakeLists.txt +index 896961306d..d3652ff40c 100644 +--- a/platform/ext/target/arm/corstone1000/CMakeLists.txt ++++ b/platform/ext/target/arm/corstone1000/CMakeLists.txt +@@ -409,6 +409,16 @@ if (${PLATFORM_PSA_ADAC_SECURE_DEBUG}) + PRIVATE + platform_bl2 + ) ++ ++ target_compile_definitions(psa_adac_psa_crypto ++ PRIVATE ++ MBEDTLS_CONFIG_FILE="${CMAKE_SOURCE_DIR}/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_default.h" ++ MBEDTLS_PSA_CRYPTO_CONFIG_FILE="${CMAKE_SOURCE_DIR}/lib/ext/mbedcrypto/mbedcrypto_config/crypto_config_default.h" ++ ) ++ target_link_libraries(psa_adac_psa_crypto ++ PRIVATE ++ psa_crypto_library_config ++ ) + endif() + + find_package(Python3) +-- +2.25.1 + diff --git a/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0017-Platform-CS1000-Fix-platform-name-in-logs.patch b/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0017-Platform-CS1000-Fix-platform-name-in-logs.patch new file mode 100644 index 00000000..cc20eae2 --- /dev/null +++ b/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0017-Platform-CS1000-Fix-platform-name-in-logs.patch @@ -0,0 +1,27 @@ +From 8f0cd9710be508adab91d8b5ab5aa2d39e89c287 Mon Sep 17 00:00:00 2001 +From: Bence Balogh +Date: Wed, 31 Jul 2024 19:57:33 +0200 +Subject: [PATCH] Platform: CS1000: Fix platform name in logs + +Signed-off-by: Bence Balogh +Upstream-Status: Pending [Not submitted to upstream yet] +--- + platform/ext/target/arm/corstone1000/bl2/boot_hal_bl2.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/platform/ext/target/arm/corstone1000/bl2/boot_hal_bl2.c b/platform/ext/target/arm/corstone1000/bl2/boot_hal_bl2.c +index 8aacd877e4..f5baf08cb4 100644 +--- a/platform/ext/target/arm/corstone1000/bl2/boot_hal_bl2.c ++++ b/platform/ext/target/arm/corstone1000/bl2/boot_hal_bl2.c +@@ -192,7 +192,7 @@ int32_t boot_platform_post_init(void) + } + + result = tfm_to_psa_adac_corstone1000_secure_debug(secure_debug_rotpk, 32); +- BOOT_LOG_INF("%s: dipda_secure_debug is a %s.\r\n", __func__, ++ BOOT_LOG_INF("%s: Corstone-1000 Secure Debug is a %s.\r\n", __func__, + (result == 0) ? "success" : "failure"); + + } +-- +2.25.1 + diff --git a/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/psa-adac/0001-PSA-revert-header-versions.patch b/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/psa-adac/0001-PSA-revert-header-versions.patch new file mode 100644 index 00000000..5bc65c40 --- /dev/null +++ b/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/psa-adac/0001-PSA-revert-header-versions.patch @@ -0,0 +1,41 @@ +From 3a53a6ad7b91770a8514082e411e277c03764eb0 Mon Sep 17 00:00:00 2001 +From: Emekcan Aras +Date: Wed, 9 Aug 2023 17:16:03 +0100 +Subject: [PATCH] Revert ADAC cert and token version + +Align ADAC certificate versions with versions in secure-debug-manager +[1] repository. The versions of the certificate and token are checked +during the authentication process. The debugger connection is refused +if there is a mismatch between the sent certificate/token and expected +certificate/token versions. + +[1] https://github.com/ARM-software/secure-debug-manager/tree/master + +Signed-off-by: Emekcan Aras +Upstream-Status: Inappropriate [Add newer dummy token and cert] +--- + psa-adac/core/include/psa_adac.h | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/psa-adac/core/include/psa_adac.h b/psa-adac/core/include/psa_adac.h +index b190992..b026607 100644 +--- a/psa-adac/core/include/psa_adac.h ++++ b/psa-adac/core/include/psa_adac.h +@@ -30,10 +30,10 @@ extern "C" { + * + * Current version numbers for certificate and token format. + */ +-#define ADAC_CERT_MAJOR 1u +-#define ADAC_CERT_MINOR 0u +-#define ADAC_TOKEN_MAJOR 1u +-#define ADAC_TOKEN_MINOR 0u ++#define ADAC_CERT_MAJOR 0u ++#define ADAC_CERT_MINOR 1u ++#define ADAC_TOKEN_MAJOR 0u ++#define ADAC_TOKEN_MINOR 1u + + /** \brief Key options + * +-- +2.17.1 + diff --git a/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/psa-adac/0002-ADAC-Link-psa_interface-instead-of-tfm_sprt.patch b/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/psa-adac/0002-ADAC-Link-psa_interface-instead-of-tfm_sprt.patch new file mode 100644 index 00000000..fcfe892e --- /dev/null +++ b/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/psa-adac/0002-ADAC-Link-psa_interface-instead-of-tfm_sprt.patch @@ -0,0 +1,35 @@ +From af71103845498eef4f859deba4b904a195f2817f Mon Sep 17 00:00:00 2001 +From: Bence Balogh +Date: Mon, 22 Jul 2024 17:33:23 +0200 +Subject: [PATCH] ADAC: Link psa_interface instead of tfm_sprt + +The tfm_sprt brings in other functionalities that are not needed for +the Secure Debug. + +The printf() override in tfm_sp_log_raw.c can cause problems because +it calls tfm_hal_output_sp_log() which triggers an SVC. The SVC calls +tfm_hal_output_spm_log which relies on an SPM, which might not be +initialized at that point. + +Signed-off-by: Bence Balogh +Upstream-Status: Pending [Not submitted to upstream yet] +--- + psa_crypto/CMakeLists.txt | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/psa_crypto/CMakeLists.txt b/psa_crypto/CMakeLists.txt +index 3e70624..58d95f7 100644 +--- a/psa_crypto/CMakeLists.txt ++++ b/psa_crypto/CMakeLists.txt +@@ -18,7 +18,7 @@ target_sources(psa_adac_psa_crypto + target_link_libraries(psa_adac_psa_crypto + PRIVATE + psa_adac_config +- tfm_sprt ++ psa_interface + ) + + target_link_libraries(trusted-firmware-m-psa-adac +-- +2.25.1 + diff --git a/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/psa-adac/0003-Fix-psa_key_handle_t-initialization.patch b/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/psa-adac/0003-Fix-psa_key_handle_t-initialization.patch new file mode 100644 index 00000000..d620cc19 --- /dev/null +++ b/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/psa-adac/0003-Fix-psa_key_handle_t-initialization.patch @@ -0,0 +1,32 @@ +From 972bf711ad884607409c225f9338bf25206e29e8 Mon Sep 17 00:00:00 2001 +From: Bence Balogh +Date: Wed, 31 Jul 2024 15:56:51 +0200 +Subject: [PATCH] Fix psa_key_handle_t initialization + +If the MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER macro is defined in the +mbedcrypto configuration header file then the psa_key_handle_t is a +struct. In this case, it is defined in the used configuration header +so the struct cannot be initialized with -1. + +Signed-off-by: Bence Balogh +Upstream-Status: Pending [Not submitted to upstream yet] +--- + psa_crypto/adac_crypto_psa_mac.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/psa_crypto/adac_crypto_psa_mac.c b/psa_crypto/adac_crypto_psa_mac.c +index 046fef7..93ab8f9 100644 +--- a/psa_crypto/adac_crypto_psa_mac.c ++++ b/psa_crypto/adac_crypto_psa_mac.c +@@ -198,7 +198,7 @@ psa_status_t psa_adac_verify_mac(uint8_t key_type, + size_t mac_size) + { + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; +- psa_key_handle_t handle = -1; ++ psa_key_handle_t handle = {0}; + psa_status_t ret = PSA_ERROR_NOT_SUPPORTED; + psa_key_type_t type = 0; + size_t bits = 0; +-- +2.25.1 + diff --git a/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-corstone1000.inc b/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-corstone1000.inc index 970399cb..4ba6659d 100644 --- a/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-corstone1000.inc +++ b/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-corstone1000.inc @@ -11,6 +11,8 @@ TFM_PLATFORM_IS_FVP ?= "FALSE" EXTRA_OECMAKE += "-DPLATFORM_IS_FVP=${TFM_PLATFORM_IS_FVP}" EXTRA_OECMAKE += "-DCC312_LEGACY_DRIVER_API_ENABLED=OFF" EXTRA_OECMAKE:append:corstone1000-fvp = " -DENABLE_MULTICORE=${@bb.utils.contains('MACHINE_FEATURES', 'corstone1000_fvp_smp', 'TRUE', 'FALSE', d)}" +EXTRA_OECMAKE:append:corstone1000-mps3 = " -DPLATFORM_PSA_ADAC_SECURE_DEBUG=${@bb.utils.contains('MACHINE_FEATURES', 'secure-debug', 'ON', 'OFF', d)}" +EXTRA_OECMAKE:append:corstone1000-mps3 = " -DPLATFORM_PSA_ADAC_SOURCE_PATH=${S}/../tfm-psa-adac -DPLATFORM_PSA_ADAC_BUILD_PATH=${B}/tfm-psa-adac-build" SRC_URI += " \ file://0001-arm-trusted-firmware-m-disable-address-warnings-into.patch \ @@ -31,6 +33,17 @@ SRC_URI:append:corstone1000 = " \ file://0011-Platform-Corstone1000-switch-to-metadata-v2.patch \ file://0012-platform-corstone1000-Increase-flash-PS-area-size.patch \ file://0013-Platform-CS1000-Fix-Bank-offsets.patch \ + file://0014-Platform-CS1000-Increase-BL2-partition-size.patch \ + file://0015-CC312-ADAC-Add-PSA_WANT_ALG_SHA_256-definition.patch \ + file://0016-Platform-CS1000-Add-crypto-configs-for-ADAC.patch \ + file://0017-Platform-CS1000-Fix-platform-name-in-logs.patch \ + " + +FILESEXTRAPATHS:prepend:corstone1000-mps3 := "${THISDIR}/files/corstone1000/psa-adac:" +SRC_URI:append:corstone1000-mps3 = " \ + file://0001-PSA-revert-header-versions.patch;patchdir=../tfm-psa-adac \ + file://0002-ADAC-Link-psa_interface-instead-of-tfm_sprt.patch;patchdir=../tfm-psa-adac \ + file://0003-Fix-psa_key_handle_t-initialization.patch;patchdir=../tfm-psa-adac \ " # TF-M ships patches for external dependencies that needs to be applied diff --git a/meta-arm-bsp/wic/corstone1000-flash-firmware.wks.in b/meta-arm-bsp/wic/corstone1000-flash-firmware.wks.in index e0ceca14..6ab4f048 100644 --- a/meta-arm-bsp/wic/corstone1000-flash-firmware.wks.in +++ b/meta-arm-bsp/wic/corstone1000-flash-firmware.wks.in @@ -15,9 +15,11 @@ part --source empty --size 4k --align 4 --offset 24k --part-name="Bkup-FWU-Metad part --source empty --size 4k --align 4 --offset 28k --part-name="private_metadata_replica_2" --uuid 3CC3B456-DEC8-4CE3-BC5C-965483CE4828 --part-type ECB55DC3-8AB7-4A84-AB56-EB0A9974DB42 part --source empty --size 4k --align 4 --offset 32k --part-name="private_metadata_replica_2" --uuid DCE9C503-8DFD-4DCB-8889-647E49641552 --part-type ECB55DC3-8AB7-4A84-AB56-EB0A9974DB42 -part --source rawcopy --size 100k --sourceparams="file=bl2_signed.bin" --offset 36k --align 4 --part-name="bl2_primary" --uuid 9A3A8FBF-55EF-439C-80C9-A3F728033929 --part-type 64BD8ADB-02C0-4819-8688-03AB4CAB0ED9 +# The size has to be aligned to TF-M's SE_BL2_PARTITION_SIZE (tfm/platform/ext/target/arm/corstone1000/partition/flash_layout.h) +part --source rawcopy --size 144k --sourceparams="file=bl2_signed.bin" --offset 36k --align 4 --part-name="bl2_primary" --uuid 9A3A8FBF-55EF-439C-80C9-A3F728033929 --part-type 64BD8ADB-02C0-4819-8688-03AB4CAB0ED9 -part --source rawcopy --size 368k --sourceparams="file=tfm_s_signed.bin" --align 4 --part-name="tfm_primary" --uuid 07F9616C-1233-439C-ACBA-72D75421BF70 --part-type D763C27F-07F6-4FF0-B2F3-060CB465CD4E +# The size has to be aligned to TF-M's TFM_PARTITION_SIZE (tfm/platform/ext/target/arm/corstone1000/partition/flash_layout.h) +part --source rawcopy --size 320k --sourceparams="file=tfm_s_signed.bin" --align 4 --part-name="tfm_primary" --uuid 07F9616C-1233-439C-ACBA-72D75421BF70 --part-type D763C27F-07F6-4FF0-B2F3-060CB465CD4E # Rawcopy of the FIP binary part --source rawcopy --size 2 --sourceparams="file=signed_fip-corstone1000.bin" --align 4 --part-name="FIP_A" --uuid B9C7AC9D-40FF-4675-956B-EEF4DE9DF1C5 --part-type B5EB19BD-CF56-45E8-ABA7-7ADB228FFEA7 @@ -27,8 +29,8 @@ part --source rawcopy --size 12 --sourceparams="file=Image.gz-initramfs-${MACHIN # The offset has to be aligned to TF-M's SE_BL2_BANK_1_OFFSET define (tfm/platform/ext/target/arm/corstone1000/partition/flash_layout.h) -part --source empty --size 100k --offset 16392k --align 4 --part-name="bl2_secondary" --uuid 3F0C49A4-48B7-4D1E-AF59-3E4A3CE1BA9F --part-type 64BD8ADB-02C0-4819-8688-03AB4CAB0ED9 -part --source empty --size 368k --align 4 --part-name="tfm_secondary" --uuid 009A6A12-64A6-4F0F-9882-57CD79A34A3D --part-type D763C27F-07F6-4FF0-B2F3-060CB465CD4E +part --source empty --size 144k --offset 16392k --align 4 --part-name="bl2_secondary" --uuid 3F0C49A4-48B7-4D1E-AF59-3E4A3CE1BA9F --part-type 64BD8ADB-02C0-4819-8688-03AB4CAB0ED9 +part --source empty --size 320k --align 4 --part-name="tfm_secondary" --uuid 009A6A12-64A6-4F0F-9882-57CD79A34A3D --part-type D763C27F-07F6-4FF0-B2F3-060CB465CD4E part --source empty --size 2 --align 4 --part-name="FIP_B" --uuid 9424E370-7BC9-43BB-8C23-71EE645E1273 --part-type B5EB19BD-CF56-45E8-ABA7-7ADB228FFEA7 part --source empty --size 12 --align 4 --part-name="kernel_secondary" --uuid A2698A91-F9B1-4629-9188-94E4520808F8 --part-type 8197561D-6124-46FC-921E-141CC5745B05 diff --git a/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m-2.1.0-src.inc b/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m-2.1.0-src.inc index f804bf04..fb4ddcb6 100644 --- a/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m-2.1.0-src.inc +++ b/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m-2.1.0-src.inc @@ -5,7 +5,8 @@ LICENSE = "BSD-2-Clause & BSD-3-Clause & Apache-2.0" LIC_FILES_CHKSUM = "file://license.rst;md5=07f368487da347f3c7bd0fc3085f3afa \ file://../tf-m-tests/license.rst;md5=4481bae2221b0cfca76a69fb3411f390 \ file://../mbedtls/LICENSE;md5=379d5819937a6c2f1ef1630d341e026d \ - file://../mcuboot/LICENSE;md5=b6ee33f1d12a5e6ee3de1e82fb51eeb8" + file://../mcuboot/LICENSE;md5=b6ee33f1d12a5e6ee3de1e82fb51eeb8 \ + file://../tfm-psa-adac/license.rst;md5=07f368487da347f3c7bd0fc3085f3afa" SRC_URI_TRUSTED_FIRMWARE_M ?= "git://git.trustedfirmware.org/TF-M/trusted-firmware-m.git;protocol=https" SRC_URI_TRUSTED_FIRMWARE_M_EXTRAS ?= "git://git.trustedfirmware.org/TF-M/tf-m-extras.git;protocol=https" @@ -14,6 +15,7 @@ SRC_URI_TRUSTED_FIRMWARE_M_CMSIS ?= "git://github.com/ARM-software/CMSIS_6.git;p SRC_URI_TRUSTED_FIRMWARE_M_MBEDTLS ?= "gitsm://github.com/ARMmbed/mbedtls.git;protocol=https" SRC_URI_TRUSTED_FIRMWARE_M_MCUBOOT ?= "git://github.com/mcu-tools/mcuboot.git;protocol=https" SRC_URI_TRUSTED_FIRMWARE_M_QCBOR ?= "git://github.com/laurencelundblade/QCBOR.git;protocol=https" +SRC_URI_TRUSTED_FIRMWARE_M_PSA_ADAC ?= "git://git.trustedfirmware.org/shared/psa-adac.git;protocol=https" SRC_URI = "${SRC_URI_TRUSTED_FIRMWARE_M};branch=${SRCBRANCH_tfm};name=tfm;destsuffix=git/tfm \ ${SRC_URI_TRUSTED_FIRMWARE_M_EXTRAS};branch=${SRCBRANCH_tfm-extras};name=tfm-extras;destsuffix=git/tfm-extras \ ${SRC_URI_TRUSTED_FIRMWARE_M_TESTS};branch=${SRCBRANCH_tfm-tests};name=tfm-tests;destsuffix=git/tf-m-tests \ @@ -21,6 +23,7 @@ SRC_URI = "${SRC_URI_TRUSTED_FIRMWARE_M};branch=${SRCBRANCH_tfm};name=tfm;dests ${SRC_URI_TRUSTED_FIRMWARE_M_MBEDTLS};branch=${SRCBRANCH_mbedtls};name=mbedtls;destsuffix=git/mbedtls \ ${SRC_URI_TRUSTED_FIRMWARE_M_MCUBOOT};branch=${SRCBRANCH_mcuboot};name=mcuboot;destsuffix=git/mcuboot \ ${SRC_URI_TRUSTED_FIRMWARE_M_QCBOR};branch=${SRCBRANCH_qcbor};name=qcbor;destsuffix=git/qcbor \ + ${SRC_URI_TRUSTED_FIRMWARE_M_PSA_ADAC};branch=${SRCBRANCH_tfm-psa-adac};name=tfm-psa-adac;destsuffix=git/tfm-psa-adac \ " # The required dependencies are documented in tf-m/config/config_base.cmake @@ -45,6 +48,9 @@ SRCREV_mcuboot = "9c99326b9756dbcc35b524636d99ed5f3e6cb29b" # QCBOR v1.2 SRCBRANCH_qcbor ?= "master" SRCREV_qcbor = "b0e7033268e88c9f27146fa9a1415ef4c19ebaff" +# PSA-ADAC (intermediate SHA, default value for PLATFORM_PSA_ADAC_VERSION in TF-M) +SRCBRANCH_tfm-psa-adac = "master" +SRCREV_tfm-psa-adac = "5f5490cebe66ae997f316f83c3fbf1f97deef625" SRCREV_FORMAT = "tfm"