From 8a11dd3a1651a6b3ad36520aa94ab1045fc8aed3 Mon Sep 17 00:00:00 2001 From: Jon Mason Date: Wed, 4 Jun 2025 10:25:09 -0400 Subject: [PATCH] arm/trusted-firmware-a: add 2.13.0 support Add recipe for the latest version of TF-A, which needs a newer version of mbedtls as well. The license checksum updated due to hob code being imported from edk2, which is BSD 2 Clause, which is already in the license field for the recipe. Updating the git recipe to use the latest version, and keeping LTS versions. sgi575 was removed from 2.13.0. So, pointing that to 2.12 Signed-off-by: Jon Mason --- meta-arm-bsp/conf/machine/sgi575.conf | 3 + .../fiptool-native_2.13.0.bb | 33 +++++++++++ .../trusted-firmware-a/tf-a-tests_2.13.0.bb | 55 +++++++++++++++++++ .../trusted-firmware-a_2.13.0.bb | 15 +++++ .../trusted-firmware-a_git.bb | 16 ++---- 5 files changed, 112 insertions(+), 10 deletions(-) create mode 100644 meta-arm/recipes-bsp/trusted-firmware-a/fiptool-native_2.13.0.bb create mode 100644 meta-arm/recipes-bsp/trusted-firmware-a/tf-a-tests_2.13.0.bb create mode 100644 meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.13.0.bb diff --git a/meta-arm-bsp/conf/machine/sgi575.conf b/meta-arm-bsp/conf/machine/sgi575.conf index 048e0726..75403930 100644 --- a/meta-arm-bsp/conf/machine/sgi575.conf +++ b/meta-arm-bsp/conf/machine/sgi575.conf @@ -9,6 +9,9 @@ require conf/machine/include/arm/armv8-2a/tune-cortexa75.inc EXTRA_IMAGEDEPENDS += "virtual/control-processor-firmware" EXTRA_IMAGEDEPENDS += "trusted-firmware-a" +# 2.13.0 removes support for sgi575 +PREFERRED_VERSION_trusted-firmware-a ?= "2.12.%" + KERNEL_IMAGETYPE ?= "Image" PREFERRED_PROVIDER_virtual/kernel ?= "linux-yocto" SERIAL_CONSOLES = "115200;ttyAMA0" diff --git a/meta-arm/recipes-bsp/trusted-firmware-a/fiptool-native_2.13.0.bb b/meta-arm/recipes-bsp/trusted-firmware-a/fiptool-native_2.13.0.bb new file mode 100644 index 00000000..1eae9eeb --- /dev/null +++ b/meta-arm/recipes-bsp/trusted-firmware-a/fiptool-native_2.13.0.bb @@ -0,0 +1,33 @@ +# Firmware Image Package (FIP) +# It is a packaging format used by TF-A to package the +# firmware images in a single binary. + +DESCRIPTION = "fiptool - Trusted Firmware tool for packaging" +LICENSE = "BSD-3-Clause" + +SRC_URI_TRUSTED_FIRMWARE_A ?= "git://git.trustedfirmware.org/TF-A/trusted-firmware-a.git;protocol=https" +SRC_URI = "${SRC_URI_TRUSTED_FIRMWARE_A};destsuffix=fiptool-${PV};branch=${SRCBRANCH}" +LIC_FILES_CHKSUM = "file://docs/license.rst;md5=1118e32884721c0be33267bd7ae11130" + +# Use fiptool from TF-A v2.13.0 +SRCREV = "c17351450c8a513ca3f30f936e26a71db693a145" +SRCBRANCH = "master" + +DEPENDS += "openssl-native" + +inherit native + +EXTRA_OEMAKE = "V=1 HOSTCC='${BUILD_CC}' OPENSSL_DIR=${STAGING_DIR_NATIVE}/${prefix_native}" + +do_compile () { + # This is still needed to have the native fiptool executing properly by + # setting the RPATH + sed -i '/^LDOPTS/ s,$, \$\{BUILD_LDFLAGS},' ${S}/tools/fiptool/Makefile + sed -i '/^INCLUDE_PATHS/ s,$, \$\{BUILD_CFLAGS},' ${S}/tools/fiptool/Makefile + + oe_runmake fiptool +} + +do_install () { + install -D -p -m 0755 tools/fiptool/fiptool ${D}${bindir}/fiptool +} diff --git a/meta-arm/recipes-bsp/trusted-firmware-a/tf-a-tests_2.13.0.bb b/meta-arm/recipes-bsp/trusted-firmware-a/tf-a-tests_2.13.0.bb new file mode 100644 index 00000000..14a9043a --- /dev/null +++ b/meta-arm/recipes-bsp/trusted-firmware-a/tf-a-tests_2.13.0.bb @@ -0,0 +1,55 @@ +DESCRIPTION = "Trusted Firmware-A tests(aka TFTF)" +LICENSE = "BSD-3-Clause & NCSA" + +LIC_FILES_CHKSUM += "file://docs/license.rst;md5=6175cc0aa2e63b6d21a32aa0ee7d1b4a" + +inherit deploy + +COMPATIBLE_MACHINE ?= "invalid" + +SRC_URI_TRUSTED_FIRMWARE_A_TESTS ?= "git://git.trustedfirmware.org/TF-A/tf-a-tests.git;protocol=https" +SRC_URI = "${SRC_URI_TRUSTED_FIRMWARE_A_TESTS};branch=${SRCBRANCH}" +SRCBRANCH = "master" +SRCREV = "fa267c12f9aa790b43b38d171273cf63892e8d51" + +EXTRA_OEMAKE += "USE_NVM=0" +EXTRA_OEMAKE += "SHELL_COLOR=1" +EXTRA_OEMAKE += "DEBUG=1" + +# Modify mode based on debug or release mode +TFTF_MODE ?= "debug" + +# Platform must be set for each machine +TFA_PLATFORM ?= "invalid" + +EXTRA_OEMAKE += "ARCH=aarch64" +EXTRA_OEMAKE += "LOG_LEVEL=50" + +S = "${WORKDIR}/git" +B = "${WORKDIR}/build" + +# Add platform parameter +EXTRA_OEMAKE += "BUILD_BASE=${B} PLAT=${TFA_PLATFORM}" + +# Requires CROSS_COMPILE set by hand as there is no configure script +export CROSS_COMPILE = "${TARGET_PREFIX}" + +LDFLAGS[unexport] = "1" +do_compile() { + oe_runmake -C ${S} tftf +} + +do_compile[cleandirs] = "${B}" + +FILES:${PN} = "/firmware/tftf.bin" +SYSROOT_DIRS += "/firmware" + +do_install() { + install -d -m 755 ${D}/firmware + install -m 0644 ${B}/${TFA_PLATFORM}/${TFTF_MODE}/tftf.bin ${D}/firmware/tftf.bin +} + +do_deploy() { + cp -rf ${D}/firmware/* ${DEPLOYDIR}/ +} +addtask deploy after do_install diff --git a/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.13.0.bb b/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.13.0.bb new file mode 100644 index 00000000..40d7e319 --- /dev/null +++ b/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.13.0.bb @@ -0,0 +1,15 @@ +require recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc + +# TF-A v2.13.0 +SRCREV_tfa = "c17351450c8a513ca3f30f936e26a71db693a145" +SRCBRANCH = "master" + +LIC_FILES_CHKSUM += "file://docs/license.rst;md5=1118e32884721c0be33267bd7ae11130" + +# in TF-A src, docs/getting_started/prerequisites.rst lists the expected version mbedtls +# mbedtls-3.6.3 +SRCBRANCH_MBEDTLS = "mbedtls-3.6" +SRC_URI_MBEDTLS = "git://github.com/ARMmbed/mbedtls.git;name=mbedtls;protocol=https;destsuffix=git/mbedtls;branch=${SRCBRANCH_MBEDTLS}" +SRCREV_mbedtls = "22098d41c6620ce07cf8a0134d37302355e1e5ef" + +LIC_FILES_CHKSUM_MBEDTLS = "file://mbedtls/LICENSE;md5=379d5819937a6c2f1ef1630d341e026d" diff --git a/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_git.bb b/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_git.bb index 953f8bf3..d1684579 100644 --- a/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_git.bb +++ b/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_git.bb @@ -1,23 +1,19 @@ require recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc # TF-A master -SRCREV_tfa = "0035ab76e580b59f88ad5a6be76b7f2bebbac654" +SRCREV_tfa = "c17351450c8a513ca3f30f936e26a71db693a145" SRCBRANCH = "master" -LIC_FILES_CHKSUM += "file://docs/license.rst;md5=83b7626b8c7a37263c6a58af8d19bee1" +LIC_FILES_CHKSUM += "file://docs/license.rst;md5=1118e32884721c0be33267bd7ae11130" # in TF-A src, docs/getting_started/prerequisites.rst lists the expected version mbedtls -# mbedtls-3.6.2 -SRC_URI_MBEDTLS = "git://github.com/ARMmbed/mbedtls.git;name=mbedtls;protocol=https;destsuffix=git/mbedtls;branch=mbedtls-3.6" -SRCREV_mbedtls = "107ea89daaefb9867ea9121002fbbdf926780e98" +# mbedtls-3.6.3 +SRCBRANCH_MBEDTLS = "mbedtls-3.6" +SRC_URI_MBEDTLS = "git://github.com/ARMmbed/mbedtls.git;name=mbedtls;protocol=https;destsuffix=git/mbedtls;branch=${SRCBRANCH_MBEDTLS}" +SRCREV_mbedtls = "22098d41c6620ce07cf8a0134d37302355e1e5ef" LIC_FILES_CHKSUM_MBEDTLS = "file://mbedtls/LICENSE;md5=379d5819937a6c2f1ef1630d341e026d" -# continue to boot also without TPM -SRC_URI += "\ - file://0001-qemu_measured_boot.c-ignore-TPM-error-and-continue-w.patch \ -" - # Not a release recipe, try our hardest to not pull this in implicitly DEFAULT_PREFERENCE = "-1" UPSTREAM_CHECK_COMMITS = "1"