mirror of
https://git.yoctoproject.org/meta-arm
synced 2026-06-06 14:50:03 +00:00
arm/trusted-firmware-m: upgrade to 1.2.0
Upgrade trusted-firmware-m to 1.2.0. This has been tested by executing the integrated regression tests inside qemu for the MPS2-AN521 platform. How the build is configured has changed: - The build type uses the standard CMAKE_BUILD_TYPE variable - The compiler selection is done using PACKAGECONFIG to neaten the argument and dependency handling. Add PACKAGECONFIGs to enable the regression tests which can be executed inside a qemu for quick validation. The configure stage will fetch external dependencies by default, so tell it where we have placed the dependencies. TF-M also requires a patched mbedcrypto (some patches are integrated into 2.25, but not all) so apply the patches in a do_patch[postfunc]. No longer deploy files into a redundant directory. The QA test whitelist for text relocations appears to have been fixed upstream, so remove. Change-Id: I11994fd0379da0e1f115ff5af0885926d2b3a055 Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Jon Mason <jon.mason@arm.com>
This commit is contained in:
Ross Burton
Jon Mason
+36
-48
@@ -12,23 +12,24 @@ LICENSE = "BSD-3-Clause & Apachev2"
|
||||
|
||||
LIC_FILES_CHKSUM = "file://license.rst;md5=07f368487da347f3c7bd0fc3085f3afa \
|
||||
file://../tf-m-tests/license.rst;md5=02d06ffb8d9f099ff4961c0cb0183a18 \
|
||||
file://../mbed-crypto/LICENSE;md5=302d50a6369f5f22efdb674db908167a \
|
||||
file://../mbedtls/LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57 \
|
||||
file://../mcuboot/LICENSE;md5=b6ee33f1d12a5e6ee3de1e82fb51eeb8"
|
||||
|
||||
SRC_URI = "git://git.trustedfirmware.org/TF-M/trusted-firmware-m.git;protocol=https;branch=master;name=tfm;destsuffix=${S} \
|
||||
git://git.trustedfirmware.org/TF-M/tf-m-tests.git;protocol=https;branch=master;name=tfm-tests;destsuffix=${S}/../tf-m-tests \
|
||||
git://github.com/ARMmbed/mbed-crypto.git;protocol=https;branch=development;name=mbed-crypto;destsuffix=${S}/../mbed-crypto \
|
||||
git://github.com/ARMmbed/mbedtls.git;protocol=https;branch=development;name=mbedtls;destsuffix=${S}/../mbedtls \
|
||||
git://github.com/JuulLabs-OSS/mcuboot.git;protocol=https;name=mcuboot;destsuffix=${S}/../mcuboot \
|
||||
file://objcopy.patch"
|
||||
"
|
||||
|
||||
# TF-Mv1.1
|
||||
SRCREV_tfm = "a6b336c1509fd5f5522450e3cec0fcd6c060f9c8"
|
||||
# mbedcrypto-3.0.1
|
||||
SRCREV_mbed-crypto = "1146b4e06011b69a6437e6b728f2af043a06ec19"
|
||||
# TF-Mv1.1
|
||||
SRCREV_tfm-tests = "5a571808e7841f15cc966661a64dd6adb3b40f6c"
|
||||
# v1.6.0
|
||||
SRCREV_mcuboot = "50d24a57516f558dac72bef634723b60c5cfb46b"
|
||||
# The required dependencies are documented in tf-m/config/config_default.cmake
|
||||
# TF-Mv1.2.0
|
||||
SRCREV_tfm = "c78be620c0fee08888956646b8f02fd03ab88567"
|
||||
# mbedtls 2.24
|
||||
SRCREV_mbedtls = "523f0554b6cdc7ace5d360885c3f5bbcc73ec0e8"
|
||||
# master as of 20210212
|
||||
SRCREV_tfm-tests = "ccda809801e529250b47c9ac470cf94daef1bb1b"
|
||||
# 1.7.0
|
||||
SRCREV_mcuboot = "a8e12dae381080e898cea0c6f7408009b0163f9f"
|
||||
|
||||
UPSTREAM_CHECK_GITTAGREGEX = "^TF-Mv(?P<pver>\d+(\.\d+)+)$"
|
||||
|
||||
@@ -45,6 +46,10 @@ INHIBIT_DEFAULT_DEPS = "1"
|
||||
PACKAGE_ARCH = "${MACHINE_ARCH}"
|
||||
|
||||
DEPENDS += "cmake-native \
|
||||
python3-intelhex-native \
|
||||
python3-jinja2-native \
|
||||
python3-pyyaml-native \
|
||||
python3-click-native \
|
||||
python3-cryptography-native \
|
||||
python3-pyasn1-native \
|
||||
python3-cbor-native"
|
||||
@@ -52,10 +57,8 @@ DEPENDS += "cmake-native \
|
||||
S = "${WORKDIR}/git/tfm"
|
||||
B = "${WORKDIR}/build"
|
||||
|
||||
# Build for debug (set TFA_DEBUG to 1 to activate)
|
||||
# Build for debug (set TFM_DEBUG to 1 to activate)
|
||||
TFM_DEBUG ?= "0"
|
||||
# Set target config
|
||||
TFM_CONFIG ?= "ConfigDefault.cmake"
|
||||
|
||||
# Platform must be set, ideally in the machine configuration.
|
||||
TFM_PLATFORM ?= ""
|
||||
@@ -64,47 +67,41 @@ python() {
|
||||
raise bb.parse.SkipRecipe("TFM_PLATFORM needs to be set")
|
||||
}
|
||||
|
||||
# Uncomment, or copy these lines to your local.conf to use the Arm Clang compiler
|
||||
# from meta-arm-toolchain.
|
||||
# Please make sure to check the applicable license beforehand!
|
||||
#LICENSE_FLAGS_WHITELIST = "armcompiler_armcompiler-native"
|
||||
#TFM_COMPILER = "ARMCLANG"
|
||||
# For most targets, it is required to set and export the following LICENSE variables for the armcompiler:
|
||||
# ARM_TOOL_VARIANT, ARMLMD_LICENSE_FILE, LM_LICENSE_FILE
|
||||
|
||||
# Setting GCC as the default TF-M compiler
|
||||
TFM_COMPILER ?= "GNUARM"
|
||||
DEPENDS += "${@'armcompiler-native' if d.getVar('TFM_COMPILER', True) == 'ARMCLANG' else 'gcc-arm-none-eabi-native'}"
|
||||
PACKAGECONFIG ??= "cc-gnuarm"
|
||||
# What compiler to use
|
||||
PACKAGECONFIG[cc-gnuarm] = "-DTFM_TOOLCHAIN_FILE=toolchain_GNUARM.cmake,,gcc-arm-none-eabi-native"
|
||||
PACKAGECONFIG[cc-armclang] = "-DTFM_TOOLCHAIN_FILE=toolchain_ARMCLANG.cmake,,armcompiler-native"
|
||||
# Whether to integrate the test suite
|
||||
PACKAGECONFIG[test-secure] = "-DTEST_S=ON,-DTEST_S=OFF"
|
||||
PACKAGECONFIG[test-nonsecure] = "-DTEST_NS=ON,-DTEST_NS=OFF"
|
||||
|
||||
# Add platform parameters
|
||||
EXTRA_OECMAKE += "-DTARGET_PLATFORM=${TFM_PLATFORM}"
|
||||
|
||||
# Add compiler parameters
|
||||
EXTRA_OECMAKE += "-DCOMPILER=${TFM_COMPILER}"
|
||||
EXTRA_OECMAKE += "-DTFM_PLATFORM=${TFM_PLATFORM}"
|
||||
|
||||
# Handle TFM_DEBUG parameter
|
||||
EXTRA_OECMAKE += "${@bb.utils.contains('TFM_DEBUG', '1', '-DCMAKE_BUILD_TYPE=Debug', '', d)}"
|
||||
EXTRA_OECMAKE += "-DPROJ_CONFIG=${S}/configs/${TFM_CONFIG}"
|
||||
|
||||
# Verbose builds
|
||||
EXTRA_OECMAKE += "-DCMAKE_VERBOSE_MAKEFILE:BOOL=ON"
|
||||
|
||||
EXTRA_OECMAKE += "-DMBEDCRYPTO_PATH=${S}/../mbedtls -DTFM_TEST_REPO_PATH=${S}/../tf-m-tests -DMCUBOOT_PATH=${S}/../mcuboot"
|
||||
|
||||
# Let the Makefile handle setting up the CFLAGS and LDFLAGS as it is a standalone application
|
||||
CFLAGS[unexport] = "1"
|
||||
LDFLAGS[unexport] = "1"
|
||||
AS[unexport] = "1"
|
||||
LD[unexport] = "1"
|
||||
|
||||
do_configure[prefuncs] += "do_check_config"
|
||||
do_check_config() {
|
||||
if [ ! -f "${S}/configs/${TFM_CONFIG}" ]; then
|
||||
bbfatal "Couldn't find config file '${TFM_CONFIG}' in '${S}/configs/'"
|
||||
fi
|
||||
# TF-M ships patches that it needs applied to mbedcrypto, so apply them
|
||||
# as part of do_patch.
|
||||
apply_local_patches() {
|
||||
cat ${S}/lib/ext/mbedcrypto/*.patch | patch -p1 -d ${S}/../mbedtls
|
||||
}
|
||||
do_patch[postfuncs] += "apply_local_patches"
|
||||
|
||||
do_configure[cleandirs] = "${B}"
|
||||
do_configure() {
|
||||
cmake -G"Unix Makefiles" ${S} ${EXTRA_OECMAKE}
|
||||
cmake -G"Unix Makefiles" -S ${S} -B ${B} ${EXTRA_OECMAKE}
|
||||
}
|
||||
|
||||
# Invoke install here as there's no point in splitting compile from install: the
|
||||
@@ -112,26 +109,17 @@ do_configure() {
|
||||
# rebuild. It also overrides the install prefix to be in the build tree, so you
|
||||
# can't use the usual install prefix variables.
|
||||
do_compile() {
|
||||
cmake --build ./ -- install
|
||||
cmake --build ${B} -- install
|
||||
}
|
||||
|
||||
do_install() {
|
||||
if [ ! -d "${B}/install/outputs" ]
|
||||
then
|
||||
bbfatal "Output not found in '${B}/install/outputs'!"
|
||||
fi
|
||||
|
||||
# TODO install headers and static libraries when we know how they're used
|
||||
install -d -m 755 ${D}/firmware
|
||||
cd ${B}/install/outputs
|
||||
for dir in *;do
|
||||
install -D -p -m 0644 $dir/* -t ${D}/firmware/$dir/
|
||||
done
|
||||
install -m 0644 ${B}/bin/* ${D}/firmware/
|
||||
}
|
||||
|
||||
FILES_${PN} = "/firmware"
|
||||
SYSROOT_DIRS += "/firmware"
|
||||
# Skip QA check for relocations in .text of elf binaries
|
||||
INSANE_SKIP_${PN} = "textrel"
|
||||
|
||||
addtask deploy after do_install
|
||||
do_deploy() {
|
||||
Reference in New Issue
Block a user