From 977c7e6613afbde5b7f359ad2cc04b31a98f3881 Mon Sep 17 00:00:00 2001
From: Ross Burton <ross@burtonini.com>
Date: Thu, 18 Feb 2021 12:44:49 +0000
Subject: [PATCH] arm/trusted-firmware-m: upgrade to 1.2.0

Upgrade trusted-firmware-m to 1.2.0.  This has been tested by executing
the integrated regression tests inside qemu for the MPS2-AN521 platform.

How the build is configured has changed:
- The build type uses the standard CMAKE_BUILD_TYPE variable
- The compiler selection is done using PACKAGECONFIG to neaten the
  argument and dependency handling.

Add PACKAGECONFIGs to enable the regression tests which can be executed
inside a qemu for quick validation.

The configure stage will fetch external dependencies by default, so tell
it where we have placed the dependencies. TF-M also requires a patched
mbedcrypto (some patches are integrated into 2.25, but not all) so apply
the patches in a do_patch[postfunc].

No longer deploy files into a redundant directory.

The QA test whitelist for text relocations appears to have been fixed
upstream, so remove.

Change-Id: I11994fd0379da0e1f115ff5af0885926d2b3a055
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
---
 ...e-m_1.1.bb => trusted-firmware-m_1.2.0.bb} | 84 ++++++++-----------
 1 file changed, 36 insertions(+), 48 deletions(-)
 rename meta-arm/recipes-bsp/trusted-firmware-m/{trusted-firmware-m_1.1.bb => trusted-firmware-m_1.2.0.bb} (57%)

diff --git a/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.1.bb b/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.2.0.bb
similarity index 57%
rename from meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.1.bb
rename to meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.2.0.bb
index 17c3f4bf..3509a580 100644
--- a/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.1.bb
+++ b/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.2.0.bb
@@ -12,23 +12,24 @@ LICENSE = "BSD-3-Clause & Apachev2"
 
 LIC_FILES_CHKSUM = "file://license.rst;md5=07f368487da347f3c7bd0fc3085f3afa \
                     file://../tf-m-tests/license.rst;md5=02d06ffb8d9f099ff4961c0cb0183a18 \
-                    file://../mbed-crypto/LICENSE;md5=302d50a6369f5f22efdb674db908167a \
+                    file://../mbedtls/LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57 \
                     file://../mcuboot/LICENSE;md5=b6ee33f1d12a5e6ee3de1e82fb51eeb8"
 
 SRC_URI  = "git://git.trustedfirmware.org/TF-M/trusted-firmware-m.git;protocol=https;branch=master;name=tfm;destsuffix=${S} \
             git://git.trustedfirmware.org/TF-M/tf-m-tests.git;protocol=https;branch=master;name=tfm-tests;destsuffix=${S}/../tf-m-tests \
-            git://github.com/ARMmbed/mbed-crypto.git;protocol=https;branch=development;name=mbed-crypto;destsuffix=${S}/../mbed-crypto \
+            git://github.com/ARMmbed/mbedtls.git;protocol=https;branch=development;name=mbedtls;destsuffix=${S}/../mbedtls \
             git://github.com/JuulLabs-OSS/mcuboot.git;protocol=https;name=mcuboot;destsuffix=${S}/../mcuboot \
-            file://objcopy.patch"
+            "
 
-# TF-Mv1.1
-SRCREV_tfm = "a6b336c1509fd5f5522450e3cec0fcd6c060f9c8"
-# mbedcrypto-3.0.1
-SRCREV_mbed-crypto = "1146b4e06011b69a6437e6b728f2af043a06ec19"
-# TF-Mv1.1
-SRCREV_tfm-tests = "5a571808e7841f15cc966661a64dd6adb3b40f6c"
-# v1.6.0
-SRCREV_mcuboot = "50d24a57516f558dac72bef634723b60c5cfb46b"
+# The required dependencies are documented in tf-m/config/config_default.cmake
+# TF-Mv1.2.0
+SRCREV_tfm = "c78be620c0fee08888956646b8f02fd03ab88567"
+# mbedtls 2.24
+SRCREV_mbedtls = "523f0554b6cdc7ace5d360885c3f5bbcc73ec0e8"
+# master as of 20210212
+SRCREV_tfm-tests = "ccda809801e529250b47c9ac470cf94daef1bb1b"
+# 1.7.0
+SRCREV_mcuboot = "a8e12dae381080e898cea0c6f7408009b0163f9f"
 
 UPSTREAM_CHECK_GITTAGREGEX = "^TF-Mv(?P<pver>\d+(\.\d+)+)$"
 
@@ -45,6 +46,10 @@ INHIBIT_DEFAULT_DEPS = "1"
 PACKAGE_ARCH = "${MACHINE_ARCH}"
 
 DEPENDS += "cmake-native \
+            python3-intelhex-native \
+            python3-jinja2-native \
+            python3-pyyaml-native \
+            python3-click-native \
             python3-cryptography-native \
             python3-pyasn1-native \
             python3-cbor-native"
@@ -52,10 +57,8 @@ DEPENDS += "cmake-native \
 S = "${WORKDIR}/git/tfm"
 B = "${WORKDIR}/build"
 
-# Build for debug (set TFA_DEBUG to 1 to activate)
+# Build for debug (set TFM_DEBUG to 1 to activate)
 TFM_DEBUG ?= "0"
-# Set target config
-TFM_CONFIG ?= "ConfigDefault.cmake"
 
 # Platform must be set, ideally in the machine configuration.
 TFM_PLATFORM ?= ""
@@ -64,47 +67,41 @@ python() {
         raise bb.parse.SkipRecipe("TFM_PLATFORM needs to be set")
 }
 
-# Uncomment, or copy these lines to your local.conf to use the Arm Clang compiler
-# from meta-arm-toolchain.
-# Please make sure to check the applicable license beforehand!
-#LICENSE_FLAGS_WHITELIST = "armcompiler_armcompiler-native"
-#TFM_COMPILER = "ARMCLANG"
-# For most targets, it is required to set and export the following LICENSE variables for the armcompiler:
-# ARM_TOOL_VARIANT, ARMLMD_LICENSE_FILE, LM_LICENSE_FILE
-
-# Setting GCC as the default TF-M compiler
-TFM_COMPILER ?= "GNUARM"
-DEPENDS += "${@'armcompiler-native' if d.getVar('TFM_COMPILER', True) == 'ARMCLANG' else 'gcc-arm-none-eabi-native'}"
+PACKAGECONFIG ??= "cc-gnuarm"
+# What compiler to use
+PACKAGECONFIG[cc-gnuarm] = "-DTFM_TOOLCHAIN_FILE=toolchain_GNUARM.cmake,,gcc-arm-none-eabi-native"
+PACKAGECONFIG[cc-armclang] = "-DTFM_TOOLCHAIN_FILE=toolchain_ARMCLANG.cmake,,armcompiler-native"
+# Whether to integrate the test suite
+PACKAGECONFIG[test-secure] = "-DTEST_S=ON,-DTEST_S=OFF"
+PACKAGECONFIG[test-nonsecure] = "-DTEST_NS=ON,-DTEST_NS=OFF"
 
 # Add platform parameters
-EXTRA_OECMAKE += "-DTARGET_PLATFORM=${TFM_PLATFORM}"
-
-# Add compiler parameters
-EXTRA_OECMAKE += "-DCOMPILER=${TFM_COMPILER}"
+EXTRA_OECMAKE += "-DTFM_PLATFORM=${TFM_PLATFORM}"
 
 # Handle TFM_DEBUG parameter
 EXTRA_OECMAKE += "${@bb.utils.contains('TFM_DEBUG', '1', '-DCMAKE_BUILD_TYPE=Debug', '', d)}"
-EXTRA_OECMAKE += "-DPROJ_CONFIG=${S}/configs/${TFM_CONFIG}"
 
 # Verbose builds
 EXTRA_OECMAKE += "-DCMAKE_VERBOSE_MAKEFILE:BOOL=ON"
 
+EXTRA_OECMAKE += "-DMBEDCRYPTO_PATH=${S}/../mbedtls -DTFM_TEST_REPO_PATH=${S}/../tf-m-tests -DMCUBOOT_PATH=${S}/../mcuboot"
+
 # Let the Makefile handle setting up the CFLAGS and LDFLAGS as it is a standalone application
 CFLAGS[unexport] = "1"
 LDFLAGS[unexport] = "1"
 AS[unexport] = "1"
 LD[unexport] = "1"
 
-do_configure[prefuncs] += "do_check_config"
-do_check_config() {
-    if [ ! -f "${S}/configs/${TFM_CONFIG}" ]; then
-        bbfatal "Couldn't find config file '${TFM_CONFIG}' in '${S}/configs/'"
-    fi
+# TF-M ships patches that it needs applied to mbedcrypto, so apply them
+# as part of do_patch.
+apply_local_patches() {
+    cat ${S}/lib/ext/mbedcrypto/*.patch | patch -p1 -d ${S}/../mbedtls
 }
+do_patch[postfuncs] += "apply_local_patches"
 
 do_configure[cleandirs] = "${B}"
 do_configure() {
-    cmake -G"Unix Makefiles" ${S} ${EXTRA_OECMAKE}
+    cmake -G"Unix Makefiles" -S ${S} -B ${B} ${EXTRA_OECMAKE}
 }
 
 # Invoke install here as there's no point in splitting compile from install: the
@@ -112,26 +109,17 @@ do_configure() {
 # rebuild. It also overrides the install prefix to be in the build tree, so you
 # can't use the usual install prefix variables.
 do_compile() {
-    cmake --build ./ -- install
+    cmake --build ${B} -- install
 }
 
 do_install() {
-    if [ ! -d "${B}/install/outputs" ]
-    then
-        bbfatal "Output not found in '${B}/install/outputs'!"
-    fi
-
+    # TODO install headers and static libraries when we know how they're used
     install -d -m 755 ${D}/firmware
-    cd ${B}/install/outputs
-    for dir in *;do
-        install -D -p -m 0644 $dir/* -t ${D}/firmware/$dir/
-    done
+    install -m 0644 ${B}/bin/* ${D}/firmware/
 }
 
 FILES_${PN} = "/firmware"
 SYSROOT_DIRS += "/firmware"
-# Skip QA check for relocations in .text of elf binaries
-INSANE_SKIP_${PN} = "textrel"
 
 addtask deploy after do_install
 do_deploy() {