mirrors/meta-arm
1
0
Fork 0
mirror of https://git.yoctoproject.org/meta-arm synced 2026-05-31 00:39:57 +00:00
Code Issues Projects Releases Wiki Activity

docs:corstone1000: Update user guide

Browse Source 
- Replace openSUSE Tumbleweed with openSUSE Leap.
- Ensure correct component versions are listed.
- Update changelog and release notes for C25Q4 release.
- Add Positive partial capsule update test.
- Improve user guide for consistency and clarity.

Signed-off-by: Hugues KAMBA MPIANA <hugues.kambampiana@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This commit is contained in:
Hugues KAMBA MPIANA
2026-01-08 19:57:13 +00:00
committed by Jon Mason
parent e8ffad9ef3
commit 9d3e85c7d8
3 changed files with 390 additions and 176 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-arm-bsp/documentation/corstone1000/change-log.rst
+72 -1
View File
@@ -1,5 +1,5 @@
..
# Copyright (c) 2022-2025, Arm Limited.
# Copyright (c) 2022-2026, Arm Limited.
#
# SPDX-License-Identifier: MIT
@@ -10,6 +10,77 @@ Change Log
This document contains a summary of the new features, changes and
fixes in each release of Corstone-1000 software stack.
***************
Version 2025.12
***************
Changes
=======
- Delivered end-to-end Cortex-A320 enablement across U-Boot, TF-A, TF-M, OP-TEE, Yocto machine layers, and documentation, including device-tree updates, MPIDR handling, and FVP model renaming.
- Rolled out the PSA Firmware Update (DEN0118) pipeline: U-Boot capsule parsing, Bootloader Abstraction Layer in TF-M, ESRT exposure, and Trusted Services IPC bridges replacing legacy capsule code.
- Hardened the new firmware update flow with EFI self-tests, metadata restructuring for partial and multi-image acceptance, and RSE-COMMS gating refinements.
- Upgraded key firmware components (TF-A 2.13.0, TF-M 2.2.1, Trusted Services 1.2.0, OP-TEE OS 4.7.0) and introduced targeted test skips plus integer-only build modes to keep validation green.
- Cleaned and renumbered downstream patch series across Trusted Services and TF-M while removing obsolete integrations to align with upstream baselines.
- Refreshed release material and architecture guides to describe the A320 profile, PSA FWU behavior, and updated software stack.
- Added KAS profiles, machine includes, and automated FVP selection logic to streamline developer workflows for the refreshed platform configuration.
Corstone-1000 components versions
=================================
+-------------------------------------------+-------------------+
| linux-yocto | 6.12.60 |
+-------------------------------------------+-------------------+
| u-boot | 2025.04 |
+-------------------------------------------+-------------------+
| external-system | 0.1.0 |
+-------------------------------------------+-------------------+
| optee-client | 4.7.0 |
+-------------------------------------------+-------------------+
| optee-os | 4.7.0 |
+-------------------------------------------+-------------------+
| trusted-firmware-a | 2.13.0 |
+-------------------------------------------+-------------------+
| trusted-firmware-m | 2.2.1 |
+-------------------------------------------+-------------------+
| libts | v1.2.0 |
+-------------------------------------------+-------------------+
| ts-sp-{se-proxy, smm-gateway} | v1.2.0 |
+-------------------------------------------+-------------------+
| ts-psa-{crypto, iat, its. ps}-api-test | 74dc6646ff |
+-------------------------------------------+-------------------+
Yocto distribution components versions
======================================
+-------------------------------------------+----------------+
| meta-arm | whinlatter |
+-------------------------------------------+----------------+
| bitbake | 0dde1a3ff8 |
+-------------------------------------------+----------------+
| meta-openembedded | fc0152e434 |
+-------------------------------------------+----------------+
| openembedded-core | 4bd920ad7d |
+-------------------------------------------+----------------+
| meta-yocto | b3b6592635 |
+-------------------------------------------+----------------+
| meta-secure-core | 63209fb150 |
+-------------------------------------------+----------------+
| meta-ethos | aa2504a32f |
+-------------------------------------------+----------------+
| meta-sca | e68f1a9d17 |
+-------------------------------------------+----------------+
| busybox | 1.37.0 |
+-------------------------------------------+----------------+
| musl | 1.2.5 |
+-------------------------------------------+----------------+
| gcc-arm-none-eabi | 13.3.rel1 |
+-------------------------------------------+----------------+
| gcc-cross-aarch64 | 15.2.0 |
+-------------------------------------------+----------------+
| openssl | 3.5.4 |
+-------------------------------------------+----------------+
***************
Version 2025.05
***************
meta-arm-bsp/documentation/corstone1000/release-notes.rst
+13 -1
View File
@@ -1,5 +1,5 @@
..
# Copyright (c) 2022-2025, Arm Limited.
# Copyright (c) 2022-2026, Arm Limited.
#
# SPDX-License-Identifier: MIT
@@ -19,6 +19,18 @@ intended for safety-critical applications. Should Your Software or Your Hardware
prove defective, you assume the entire cost of all necessary servicing, repair
or correction.
***********************
Release notes - 2025.12
***********************
The same notes as the 2025.05 release still apply.
Known Issues or Limitations
---------------------------
- Corstone-1000 with Cortex-A320 FVP does not currently support Symmetric Multiprocessing
- Corstone-1000 with Cortex-A320 FVP becomes unresponsive when the Linux kernel driver for the Ethos-U85 NPU loads automatically after a software reboot.
***********************
Release notes - 2025.05
***********************
meta-arm-bsp/documentation/corstone1000/user-guide.rst
+305 -174
View File
@@ -1,5 +1,5 @@
..
# Copyright (c) 2022-2025, Arm Limited.
# Copyright (c) 2022-2026, Arm Limited.
#
# SPDX-License-Identifier: MIT
@@ -133,7 +133,7 @@ Host Processor Components
+----------+------------------------------------------------------------------------------------------+
| bbappend | ``${WORKSPACE}/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_4.%.bbappend`` |
+----------+------------------------------------------------------------------------------------------+
| Recipe | ``${WORKSPACE}/meta-arm/meta-arm/recipes-security/optee/optee-os_4.4.0.bb`` |
| Recipe | ``${WORKSPACE}/meta-arm/meta-arm/recipes-security/optee/optee-os_4.7.0.bb`` |
+----------+------------------------------------------------------------------------------------------+
`U-Boot <https://github.com/u-boot/u-boot.git>`__
@@ -144,7 +144,7 @@ Host Processor Components
+----------+----------------------------------------------------------------------------------+
| bbappend | ``${WORKSPACE}/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot_%.bbappend`` |
+----------+----------------------------------------------------------------------------------+
| Recipe | ``${WORKSPACE}/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot_2023.07.02.bb`` |
| Recipe | ``${WORKSPACE}/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot_2025.04.bb`` |
+----------+----------------------------------------------------------------------------------+
Linux
@@ -157,7 +157,7 @@ The provided distribution is based on `BusyBox <https://www.busybox.net/>`__ and
+-----------+------------------------------------------------------------------------------------------------+
| bbappend | ``${WORKSPACE}/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto_%.bbappend`` |
+-----------+------------------------------------------------------------------------------------------------+
| Recipe | ``${WORKSPACE}/poky/meta/recipes-kernel/linux/linux-yocto_6.12.bb`` |
| Recipe | ``${WORKSPACE}/core/meta/recipes-kernel/linux/linux-yocto_6.12.bb`` |
+-----------+------------------------------------------------------------------------------------------------+
| defconfig | ``${WORKSPACE}/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/corstone1000/defconfig`` |
+-----------+------------------------------------------------------------------------------------------------+
@@ -172,7 +172,7 @@ Secure Enclave Components
+----------+-------------------------------------------------------------------------------------------------------+
| bbappend | ``${WORKSPACE}/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m_%.bbappend`` |
+----------+-------------------------------------------------------------------------------------------------------+
| Recipe | ``${WORKSPACE}/meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_2.1.1.bb`` |
| Recipe | ``${WORKSPACE}/meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_2.2.1.bb`` |
+----------+-------------------------------------------------------------------------------------------------------+
************************************
@@ -245,7 +245,7 @@ Build
**The External System Processor is not available on the Corstone-1000 with Cortex-A320 FVP.**
Access to the External System Processor is disabled by default.
Access to the External System Processor is disabled by default on **Corstone-1000 with Cortex-A35**.
To build the Corstone-1000 image with External System Processor enabled, run:
@@ -276,7 +276,7 @@ Everything apart from the Secure Enclave ROM firmware and External System firmwa
``corstone1000-flash-firmware-image-corstone1000-${TARGET}.wic`` file.
The output binaries run in the Corstone-1000 platform are the following:
- The Secure Enclave ROM firmware: ``${WORKSPACE}/build/tmp/deploy/images/corstone1000-${TARGET}/bl1.bin``
- The Secure Enclave ROM firmware: ``${WORKSPACE}/build/tmp/deploy/images/corstone1000-${TARGET}/trusted-firmware-m/bl1.bin``
- The External System Processor firmware: ``${WORKSPACE}/build/tmp/deploy/images/corstone1000-${TARGET}/es_flashfw.bin``
- The internal firmware flash image: ``${WORKSPACE}/build/tmp/deploy/images/corstone1000-${TARGET}/corstone1000-flash-firmware-image-corstone1000-${TARGET}.wic``
@@ -370,7 +370,7 @@ Flash
IMAGE2FILE: \SOFTWARE\es0.bin
#. Copy ``bl1.bin`` from ``${WORKSPACE}/build/tmp/deploy/images/corstone1000-mps3`` to the ``SOFTWARE`` directory of the FPGA bundle.
#. Copy ``bl1.bin`` from ``${WORKSPACE}/build/tmp/deploy/images/corstone1000-mps3/trusted-firmware-m/`` to the ``SOFTWARE`` directory of the FPGA bundle.
#. Copy ``es_flashfw.bin`` from ``${WORKSPACE}/build/tmp/deploy/images/corstone1000-mps3`` to the ``SOFTWARE`` directory of the FPGA bundle
and rename the binary to ``es0.bin``.
#. Copy ``corstone1000-flash-firmware-image-corstone1000-mps3.wic`` from ``${WORKSPACE}/build/tmp/deploy/images/corstone1000-mps3`` to the ``SOFTWARE``
@@ -477,11 +477,16 @@ The FVP can also be manually downloaded from `Arm Developer <arm-developer-fvp_>
the Corstone-1000 platform FVP installer.
Follow the instructions of the installer to setup the FVP.
#. Run the FVP
#. Run ``tmux``:
.. code-block:: console
cd ${WORKSPACE} && tmux
#. Run the FVP within ``tmux``:
.. code-block:: console
tmux
kas shell meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml \
-c "../meta-arm/scripts/runfvp --terminals=tmux"
@@ -560,7 +565,7 @@ Clean Secure Flash
bitbake -c cleansstate trusted-firmware-m corstone1000-flash-firmware-image
bitbake -c build corstone1000-flash-firmware-image
#. Replace the ``bl1.bin`` file on the SD card with ``${WORKSPACE}/build/tmp/deploy/images/corstone1000-mps3/bl1.bin``.
#. Replace the ``bl1.bin`` file on the SD card with ``${WORKSPACE}/build/tmp/deploy/images/corstone1000-mps3/trusted-firmware-m/bl1.bin``.
#. Reboot the board to completely erase the secure flash.
@@ -741,9 +746,7 @@ This sections below describe how to build and run ACS tests on Corstone-1000.
.. note::
This prebuilt ACS image includes v5.13 kernel, which does not provide
USB driver support for Corstone-1000. The ACS image with a newer kernel version
and full USB support for Corstone-1000 will be available in the repository with the next
SystemReady release.
USB driver support for Corstone-1000.
#. Decompress the pre-built ACS live image.
@@ -809,16 +812,20 @@ FVP
===
Run the commands below to run the ACS test on FVP using the built firmware image and the pre-built ACS image identified above:
#. Run ``tmux``:
.. code-block:: console
.. code-block:: console
cd ${WORKSPACE}
tmux
./meta-arm/scripts/runfvp \
--terminals=tmux \
./build/tmp/deploy/images/corstone1000-fvp/corstone1000-flash-firmware-image-corstone1000-fvp.fvpconf \
-- -C board.msd_mmc.p_mmc_file=${WORKSPACE}/arm-systemready/IR/prebuilt_images/v23.09_2.1.0/ir-acs-live-image-generic-arm64.wic
cd ${WORKSPACE} && tmux
#. Run the commands below within ``tmux`` to run the ACS test on FVP using the built firmware image and the pre-built ACS image identified above:
.. code-block:: console
./meta-arm/scripts/runfvp \
--terminals=tmux \
./build/tmp/deploy/images/corstone1000-fvp/corstone1000-flash-firmware-image-corstone1000-fvp.fvpconf \
-- -C board.msd_mmc.p_mmc_file=${WORKSPACE}/arm-systemready/IR/prebuilt_images/v23.09_2.1.0/ir-acs-live-image-generic-arm64.wic
.. note::
@@ -884,20 +891,42 @@ Capsule Update
systemready-patch/embedded-a/corstone1000/disable_module_autoloading/disable_module_autoloading.yml
.. important::
Payload GUIDs (``${BL2_GUID}``, ``${TFM_S_GUID}``, ``${FIP_GUID}``, and ``${INITRAMFS_GUID}``)
are different depending on whether the capsule is built for the ``fvp`` or ``mps3`` ``${TARGET}``.
+------------+----------------------------------------+----------------------------------------+
| Payloads | FVP | MPS3 |
+============+========================================+========================================+
| BL2 | f1d883f9-dfeb-5363-98d8-686ee3b69f4f | fbfbefaa-0a56-50d5-b651-74091d3d62cf |
+------------+----------------------------------------+----------------------------------------+
| TFM_S | 7fad470e-5ec5-5c03-a2c1-4756b495de61 | af4cc7ad-ee2e-5a39-aad5-fac8a1e6173c |
+------------+----------------------------------------+----------------------------------------+
| FIP | f1933675-5a8c-5b6d-9ef4-846739e89bc8 | 55302f96-c4f0-5cf9-8624-e7cc388f2b68 |
+------------+----------------------------------------+----------------------------------------+
| INITRAMFS | f771aff9-c7e9-5f99-9eda-2369dd694f61 | 3e8ac972-c33c-5cc9-90a0-cdd3159683ea |
+------------+----------------------------------------+----------------------------------------+
The following section describes the steps to update the firmware using Capsule Update
as the Corstone-1000 supports UEFI.
The firmware update process is tested with an invalid capsule (rollback protection capsule update test)
and with a valid capsule (positive capsule update test) to validate the robustness and
The firmware update process is tested with an invalid capsule and with valid capsules to validate the robustness and
error-handling capabilities of the firmware update mechanism.
During the positive capsule update test, the Corstone-1000 is given a valid capsule, which it successfully applies, boots up and then reaches the Linux command prompt.
**Positive full capsule update test:**
The Corstone-1000 is provided with a valid full capsule, which it applies successfully.
The system then boots normally and reaches the Linux command prompt.
During the rollback protection capsule update test, the Corstone-1000 is given an outdated capsule with a lower version number for all payloads,
which is expected to be rejected due to its outdated status, thereby retaining the previous firmware.
**Positive partial capsule update test:**
The Corstone-1000 is provided with a valid partial capsule that specifies an update for a single component only.
The capsule is applied successfully, after which the system boots normally and reaches the Linux command prompt.
Two different capsules (one for each test) are therefore needed to perform the tests.
**Rollback protection capsule update test:**
The Corstone-1000 is provided with an outdated capsule containing lower version numbers for all payloads.
The capsule is correctly rejected due to rollback protection, and the previously installed firmware is retained.
Three different capsules are therefore needed to perform the tests.
The following payloads can be individually updated:
@@ -922,20 +951,21 @@ This JSON file is required by EDK II's ``GenerateCapsule`` tool to generate the
The capsule's default metadata passed can be found in the ``${WORKSPACE}/meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-flash-firmware-image.bb``
and ``${WORKSPACE}/meta-arm/kas/corstone1000-image-configuration.yml`` files.
Valid Capsule
=============
Valid Full Capsule
==================
An automatically generated capsule can be found at ``${WORKSPACE}/build/tmp/deploy/images/corstone1000-${TARGET}-v6.uefi.capsule`` after running a firmware build.
An automatically generated capsule can be found at ``${WORKSPACE}/build/tmp/deploy/images/corstone1000-${TARGET}/corstone1000-${TARGET}-v6.uefi.capsule`` after running a firmware build.
The default metadata values are assumed to be correct to generate a valid capsule.
This capsule will be used for the positive capsule update test.
Invalid Capsule
===============
Valid Partial Capsule
=====================
Generate a capsule with firmware version metadata for all payloads set lower than that of a valid capsule.
The valid capsule has a default firmware version of 6 for all payloads, while the simulated invalid capsule has the firmware version set to 5 for all payloads.
To generate a capsule that updates only a single component, explicitly set the firmware version for that component and mark it as the only payload to be updated.
The **partial capsule** is also valid, but sets the firmware version to **7** **only** for the **BL2** component, indicating that no other components should be updated.
Use the following commands to generate the `capsule_config.json` file, which is required by the EDK2 tool for capsule creation:
@@ -943,10 +973,10 @@ Use the following commands to generate the `capsule_config.json` file, which is
cd ${WORKSPACE}
python3 meta-arm/scripts/generate_capsule_json_multiple.py \
--selected_components DUMMY_START BL2 TFM_S FIP INITRAMFS DUMMY_END \
python3 meta-arm/meta-arm/scripts/generate_capsule_json_multiple.py \
--selected_components DUMMY_START BL2 DUMMY_END \
--components DUMMY_START BL2 TFM_S FIP INITRAMFS DUMMY_END \
--fw_versions 5 5 5 5 5 5 \
--fw_versions 0 7 0 0 0 0 \
--guids \
6f784cbf-7938-5c23-8d6e-24d2f1410fa9 \
${BL2_GUID} ${TFM_S_GUID} ${FIP_GUID} ${INITRAMFS_GUID} \
@@ -955,12 +985,12 @@ Use the following commands to generate the `capsule_config.json` file, which is
--lowest_supported_versions 5 5 5 5 5 5 \
--monotonic_counts 1 1 1 1 1 1 \
--payloads \
build/tmp/deploy/images/corstone1000-${TARGET}/dummy.bin \
build/tmp/deploy/images/corstone1000-${TARGET}/bl2_signed.bin \
build/tmp/deploy/images/corstone1000-${TARGET}/tfm_s_signed.bin \
build/tmp/work/corstone1000_${TARGET}-poky-linux-musl/corstone1000-flash-firmware-image/1.0/sources/corstone1000-flash-firmware-image-1.0/dummy.bin \
build/tmp/deploy/images/corstone1000-${TARGET}/trusted-firmware-m/bl2_signed.bin \
build/tmp/deploy/images/corstone1000-${TARGET}/trusted-firmware-m/tfm_s_signed.bin \
build/tmp/deploy/images/corstone1000-${TARGET}/signed_fip-corstone1000.bin \
build/tmp/deploy/images/corstone1000-${TARGET}/Image.gz-initramfs-corstone1000-${TARGET}.bin \
build/tmp/deploy/images/corstone1000-${TARGET}/dummy.bin \
build/tmp/work/corstone1000_${TARGET}-poky-linux-musl/corstone1000-flash-firmware-image/1.0/sources/corstone1000-flash-firmware-image-1.0/dummy.bin \
--update_image_indexes 5 1 2 3 4 6 \
--private_keys \
build/tmp/deploy/images/corstone1000-${TARGET}/corstone1000_capsule_key.key \
@@ -978,23 +1008,65 @@ Use the following commands to generate the `capsule_config.json` file, which is
build/tmp/deploy/images/corstone1000-${TARGET}/corstone1000_capsule_cert.crt \
--output capsule_config.json
Run the command below to generate the partial capsule:
.. important::
.. code-block:: console
Payload GUIDs (``${BL2_GUID}``, ``${TFM_S_GUID}``, ``${FIP_GUID}``, and ``${INITRAMFS_GUID}``)
are different depending on whether the capsule is built for the ``fvp`` or ``mps3`` ``${TARGET}``.
./build/tmp/sysroots-components/aarch64/edk2-basetools-native/usr/bin/edk2-BaseTools/BinWrappers/PosixLike/GenerateCapsule \
-e \
-j capsule_config.json \
--capflag PersistAcrossReset \
-o corstone1000-${TARGET}-partial-v7.uefi.capsule
The partial capsule will be located in the ``${WORKSPACE}`` directory.
Invalid Capsule
===============
Generate a capsule with firmware version metadata for all payloads set lower than that of a valid capsule.
The valid capsule has a default firmware version of 6 for all payloads, while the simulated invalid capsule has the firmware version set to 5 for all payloads.
Use the following commands to generate the `capsule_config.json` file, which is required by the EDK2 tool for capsule creation:
.. code-block:: console
cd ${WORKSPACE}
python3 meta-arm/meta-arm/scripts/generate_capsule_json_multiple.py \
--selected_components DUMMY_START BL2 TFM_S FIP INITRAMFS DUMMY_END \
--components DUMMY_START BL2 TFM_S FIP INITRAMFS DUMMY_END \
--fw_versions 5 5 5 5 5 5 \
--guids \
6f784cbf-7938-5c23-8d6e-24d2f1410fa9 \
${BL2_GUID} ${TFM_S_GUID} ${FIP_GUID} ${INITRAMFS_GUID} \
b57e432b-a250-5c73-93e3-90205e64baba \
--hardware_instances 1 1 1 1 1 1 \
--lowest_supported_versions 5 5 5 5 5 5 \
--monotonic_counts 1 1 1 1 1 1 \
--payloads \
build/tmp/work/corstone1000_${TARGET}-poky-linux-musl/corstone1000-flash-firmware-image/1.0/sources/corstone1000-flash-firmware-image-1.0/dummy.bin \
build/tmp/deploy/images/corstone1000-${TARGET}/trusted-firmware-m/bl2_signed.bin \
build/tmp/deploy/images/corstone1000-${TARGET}/trusted-firmware-m/tfm_s_signed.bin \
build/tmp/deploy/images/corstone1000-${TARGET}/signed_fip-corstone1000.bin \
build/tmp/deploy/images/corstone1000-${TARGET}/Image.gz-initramfs-corstone1000-${TARGET}.bin \
build/tmp/work/corstone1000_${TARGET}-poky-linux-musl/corstone1000-flash-firmware-image/1.0/sources/corstone1000-flash-firmware-image-1.0/dummy.bin \
--update_image_indexes 5 1 2 3 4 6 \
--private_keys \
build/tmp/deploy/images/corstone1000-${TARGET}/corstone1000_capsule_key.key \
build/tmp/deploy/images/corstone1000-${TARGET}/corstone1000_capsule_key.key \
build/tmp/deploy/images/corstone1000-${TARGET}/corstone1000_capsule_key.key \
build/tmp/deploy/images/corstone1000-${TARGET}/corstone1000_capsule_key.key \
build/tmp/deploy/images/corstone1000-${TARGET}/corstone1000_capsule_key.key \
build/tmp/deploy/images/corstone1000-${TARGET}/corstone1000_capsule_key.key \
--certificates \
build/tmp/deploy/images/corstone1000-${TARGET}/corstone1000_capsule_cert.crt \
build/tmp/deploy/images/corstone1000-${TARGET}/corstone1000_capsule_cert.crt \
build/tmp/deploy/images/corstone1000-${TARGET}/corstone1000_capsule_cert.crt \
build/tmp/deploy/images/corstone1000-${TARGET}/corstone1000_capsule_cert.crt \
build/tmp/deploy/images/corstone1000-${TARGET}/corstone1000_capsule_cert.crt \
build/tmp/deploy/images/corstone1000-${TARGET}/corstone1000_capsule_cert.crt \
--output capsule_config.json
+------------+----------------------------------------+----------------------------------------+
| Payloads | FVP | MPS3 |
+============+========================================+========================================+
| BL2 | f1d883f9-dfeb-5363-98d8-686ee3b69f4f | fbfbefaa-0a56-50d5-b651-74091d3d62cf |
+------------+----------------------------------------+----------------------------------------+
| TFM_S | 7fad470e-5ec5-5c03-a2c1-4756b495de61 | af4cc7ad-ee2e-5a39-aad5-fac8a1e6173c |
+------------+----------------------------------------+----------------------------------------+
| FIP | f1933675-5a8c-5b6d-9ef4-846739e89bc8 | 55302f96-c4f0-5cf9-8624-e7cc388f2b68 |
+------------+----------------------------------------+----------------------------------------+
| INITRAMFS | f771aff9-c7e9-5f99-9eda-2369dd694f61 | 3e8ac972-c33c-5cc9-90a0-cdd3159683ea |
+------------+----------------------------------------+----------------------------------------+
Run the command below to generate the invalid capsule:
@@ -1026,6 +1098,7 @@ MPS3
cp ${WORKSPACE}/build/tmp/deploy/images/corstone1000-mps3/corstone1000-mps3-v6.uefi.capsule /dev/sdc/BOOT/
cp ${WORKSPACE}/corstone1000-mps3-v5.uefi.capsule /dev/sdc/EFI/BOOT/
cp ${WORKSPACE}/corstone1000-mps3-partial-v7.uefi.capsule /dev/sdc/EFI/BOOT/
sync
.. note::
@@ -1076,6 +1149,7 @@ FVP
sudo cp ${WORKSPACE}/build/tmp/deploy/images/corstone1000-fvp/corstone1000-fvp-v6.uefi.capsule /mnt/ir-acs-live-image-generic-arm64/
sudo cp ${WORKSPACE}/corstone1000-fvp-v5.uefi.capsule /mnt/ir-acs-live-image-generic-arm64/
sudo cp ${WORKSPACE}/corstone1000-fvp-partial-v7.uefi.capsule /mnt/ir-acs-live-image-generic-arm64/
sync
#. Unmount the IR image:
@@ -1088,8 +1162,8 @@ FVP
Run Capsule Update Tests
************************
The valid capsule (``corstone1000-${TARGET}-v6.uefi.capsule``) will be used first to run the positive capsule update test.
This will be followed by using the invalid capsule (``corstone1000-${TARGET}-v5.uefi.capsule``) to run the rollback protection capsule update test.
The valid capsules will be used first to run the positive capsule update tests.
This will be followed by using the invalid capsule to run the rollback protection capsule update test.
.. important::
@@ -1097,10 +1171,10 @@ This will be followed by using the invalid capsule (``corstone1000-${TARGET}-v5.
The rollback protection capsule update test effectively tests that firmware rollback is not permitted.
.. _positive-capsule-update-test:
.. _positive-full-capsule-update-test:
Positive Capsule Update Test
============================
Positive Full Capsule Update Test
=================================
#. Run Corstone-1000 with the ACS image containing the two capsule files:
@@ -1111,11 +1185,16 @@ Positive Capsule Update Test
- FVP:
#. Run the FVP with the IR prebuilt image which now also contains the two capsules:
#. Run ``tmux``:
.. code-block:: console
cd ${WORKSPACE} && tmux
#. Run the FVP within ``tmux`` with the IR prebuilt image which now also contains the two capsules:
.. code-block:: console
tmux
kas shell meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml \
-c "../meta-arm/scripts/runfvp --terminals=tmux \
-- -C board.msd_mmc.p_mmc_file=${ACS_IMAGE_PATH}/ir-acs-live-image-generic-arm64.wic"
@@ -1237,14 +1316,31 @@ Positive Capsule Update Test
.. warning::
Do not terminate FVP between the positive and rollback protection capsule update tests.
Do not terminate FVP between the positive full capsule update and partial capsule update tests.
.. _positive-partial-capsule-update-test:
Positive Partial Capsule Update Test
====================================
Follow the steps for the `positive full capsule update test <positive-full-capsule-update-test_>`__ ensuring you use
``corstone1000-${TARGET}-partial-v7.uefi.capsule`` instead of ``corstone1000-${TARGET}-v6.uefi.capsule``.
Once the system has fully booted again, `read the ESRT <verifying-firmware-versions-via-esrt_>`__ to
confirm that the firmware version reflects the updated capsule.
.. warning::
Do not terminate FVP between the positive partial capsule update rollback protection capsule update tests.
Rollback Protection Capsule Update Test
=======================================
.. important::
The `positive capsule update test <positive-capsule-update-test_>`__ must be run before running the rollback protection capsule update test.
The `positive partial capsule update test <positive-partial-capsule-update-test_>`__ must be run before running the rollback protection capsule update test.
#. After running the positive capsule update test, reboot the system by typing the following command on the Host Processor terminal (``ttyUSB2`` for MPS3):
@@ -1361,7 +1457,7 @@ Rollback Protection Capsule Update Test
$ loadm 0x90000000 $kernel_addr_r $filesize
$ bootefi $kernel_addr_r $fdtcontroladdr
#. Once the system has fully booted again, `read the ESRT <verifying-firmware-versions-via-esrt_>`__ to
#. Once the system has fully booted again, `read the ESRT <verifying-firmware-versions-via-esrt_>`__ to
confirm that the firmware version reflects the updated capsule.
.. _verifying-firmware-versions-via-esrt:
@@ -1431,8 +1527,8 @@ To check the version and status of BL2 (``entry0``), run:
cat /sys/firmware/efi/esrt/entries/entry0/last_attempt_status
Positive Capsule Update Test ESRT
=================================
Positive Full Capsule Update Test ESRT
======================================
The following table shows the details of the first four ESRT entries for the positive capsule update test:
@@ -1448,6 +1544,23 @@ The following table shows the details of the first four ESRT entries for the pos
| 0 | ``${INITRAMFS_GUID}`` | 0 | 6 | 0 | 6 | 0 |
+-------------------+-----------------------+-------------+----------------+-------------------------+--------------------------+-----------------------------+
Positive Partial Capsule Update Test ESRT
=========================================
The following table shows the details of the first four ESRT entries for the positive capsule update test:
+-------------------+-----------------------+-------------+----------------+-------------------------+--------------------------+-----------------------------+
| ``capsule_flags`` | ``fw_class`` | ``fw_type`` | ``fw_version`` | ``last_attempt_status`` | ``last_attempt_version`` | ``lowest_supported_fw_ver`` |
+===================+=======================+=============+================+=========================+==========================+=============================+
| 0 | ``${BL2_GUID}`` | 0 | 7 | 0 | 7 | 0 |
+-------------------+-----------------------+-------------+----------------+-------------------------+--------------------------+-----------------------------+
| 0 | ``${TFM_S_GUID}`` | 0 | 6 | 0 | 6 | 0 |
+-------------------+-----------------------+-------------+----------------+-------------------------+--------------------------+-----------------------------+
| 0 | ``${FIP_GUID}`` | 0 | 6 | 0 | 6 | 0 |
+-------------------+-----------------------+-------------+----------------+-------------------------+--------------------------+-----------------------------+
| 0 | ``${INITRAMFS_GUID}`` | 0 | 6 | 0 | 6 | 0 |
+-------------------+-----------------------+-------------+----------------+-------------------------+--------------------------+-----------------------------+
Rollback Protection Capsule Update Test ESRT
============================================
@@ -1456,7 +1569,7 @@ The following table shows the details of the first four ESRT entries for the rol
+-------------------+------------------------+-------------+----------------+-------------------------+--------------------------+-----------------------------+
| ``capsule_flags`` | ``fw_class`` | ``fw_type`` | ``fw_version`` | ``last_attempt_status`` | ``last_attempt_version`` | ``lowest_supported_fw_ver`` |
+===================+========================+=============+================+=========================+==========================+=============================+
| 0 | ``${BL2_GUID}`` | 0 | 6 | 1 | 5 | 0 |
| 0 | ``${BL2_GUID}`` | 0 | 7 | 1 | 5 | 0 |
+-------------------+------------------------+-------------+----------------+-------------------------+--------------------------+-----------------------------+
| 0 | ``${TFM_S_GUID}`` | 0 | 6 | 0 | 6 | 0 |
+-------------------+------------------------+-------------+----------------+-------------------------+--------------------------+-----------------------------+
@@ -1491,44 +1604,40 @@ Follow the instructions below to create the installation media.
#. Using your development machine, download one of following Linux distribution images:
- `Debian installer image <https://cdimage.debian.org/mirror/cdimage/archive/12.7.0/arm64/iso-dvd/>`__
- `OpenSUSE Tumbleweed installer image <http://download.opensuse.org/ports/aarch64/tumbleweed/iso/>`__
- `openSUSE Leap installer image <https://download.opensuse.org/distribution/leap/15.6/iso/openSUSE-Leap-15.6-DVD-aarch64-Current.iso>`__
.. note::
For openSUSE Tumbleweed, search for an ISO file with the format: ``openSUSE-Tumbleweed-DVD-aarch64-Snapshot$DATE-Media.iso``.
``openSUSE-Tumbleweed-DVD-aarch64-Snapshot20250509-Media.iso`` was used during development.
The location of the ISO file on the development machine will be referred to as ``${DISTRO_INSTALLER_ISO_PATH}``.
The location of the ISO file on the development machine will be referred to as ``${DISTRO_INSTALLER_ISO_PATH}``.
#. Create the installation media which will contain the necessary files to install the operation system.
- MPS3:
- **MPS3**:
#. Plug a blank USB drive formatted with FAT32, ensuring it has a minimum capacity of 4GB, to the development machine.
#. Plug a blank USB drive formatted with FAT32, ensuring it has a minimum capacity of 4GB, to the development machine.
#. Run the following command to discover which device is your USB drive:
#. Run the following command to discover which device is your USB drive:
.. code-block:: console
.. code-block:: console
lsblk
lsblk
The remaining steps assume the USB drive is ``/dev/sdb``.
The remaining steps assume the USB drive is ``/dev/sdb``.
.. warning::
.. warning::
Do not mistake your development machine hard drive with the USB drive.
Do not mistake your development machine hard drive with the USB drive.
#. Write one of the distribution installer ISO file to the USB drive.
#. Write one of the distribution installer ISO file to the USB drive.
.. code-block:: console
.. code-block:: console
sudo dd if=${DISTRO_INSTALLER_ISO_PATH} of=/dev/sdb iflag=direct oflag=direct status=progress bs=1M; sync;
sudo dd if=${DISTRO_INSTALLER_ISO_PATH} of=/dev/sdb iflag=direct oflag=direct status=progress bs=1M; sync;
- FVP:
- **FVP**:
The distribution installer ISO file does not need to be burnt to a USB drive.
It will be used as is when starting the FVP install the distribution.
The distribution installer ISO file does not need to be burnt to a USB drive.
It will be used as is when starting the FVP install the distribution.
********************
Prepare System Drive
@@ -1586,11 +1695,17 @@ MPS3
FVP
===
#. Start the FVP with the system drive as the primary drive and the distro ISO file as the secondary drive.
#. Run the ``tmux``:
.. code-block:: console
cd ${WORKSPACE} && tmux
#. Start the FVP within ``tmux`` with the system drive as the primary drive and the distro ISO file as the secondary drive:
.. code-block:: console
tmux
kas shell meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml \
-c "../meta-arm/scripts/runfvp --terminals=tmux -- \
-C board.msd_mmc.p_mmc_file=${WORKSPACE}/fvp_distro_system_drive.img \
@@ -1653,11 +1768,16 @@ Boot Distribution
The target should automatically boot into the installed operating system image.
Stop the FVP and run the command below to simulate a cold boot:
Stop the FVP with ``CTRL+C`` and run ``tmux``:
.. code-block:: console
cd ${WORKSPACE} && tmux
Run the command below to simulate a cold boot:
.. code-block:: console
tmux
kas shell meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml \
-c "../meta-arm/scripts/runfvp --terminals=tmux -- \
-C board.msd_mmc.p_mmc_file=${WORKSPACE}/fvp_distro_system_drive.img"
@@ -1681,7 +1801,7 @@ Timeout Optimizations
.. important::
Operating system timeouts are inconsistent across systems.
Skip this section if the system boots to Debian or OpenSUSE without any issue.
Skip this section if the system boots to Debian or openSUSE without any issue.
Make the system modification below whilst in recovery mode to increase timeouts and boot to the installed distribution.
@@ -1796,63 +1916,6 @@ The modified ESP image can be found at ``${WORKSPACE}/build/tmp/deploy/images/co
Run Unsigned Image Boot Test
****************************
.. _unsigned-image-boot-test-fvp:
FVP
===
#. Follow the instructions `here <use-efi-system-partition-fvp_>`__ to use the ESP.
#. Run the software stack as described `here <running-software-stack-fvp_>`__.
#. On the Host Processor terminal host side, stop the execution of U-Boot when prompted to do so with the message ``Press any key to stop``.
.. warning::
There is a timeout of 3 seconds to stop the execution at the U-Boot prompt.
The U-Boot console prompt looks as follows:
.. code-block:: console
corstone1000#
.. important::
The rest of the instructions below will be executed on the U-Boot terminal.
#. On the U-Boot console, set the current MMC device.
.. code-block:: console
corstone1000# mmc dev 1
#. Enroll the four UEFI secure boot authenticated variables.
.. code-block:: console
corstone1000# \
load mmc 1:1 $loadaddr corstone1000_secureboot_keys/PK.auth && setenv -e -nv -bs -rt -at -i $loadaddr:$filesize PK; \
load mmc 1:1 $loadaddr corstone1000_secureboot_keys/KEK.auth && setenv -e -nv -bs -rt -at -i $loadaddr:$filesize KEK; \
load mmc 1:1 $loadaddr corstone1000_secureboot_keys/db.auth && setenv -e -nv -bs -rt -at -i $loadaddr:$filesize db; \
load mmc 1:1 $loadaddr corstone1000_secureboot_keys/dbx.auth && setenv -e -nv -bs -rt -at -i $loadaddr:$filesize dbx
#. Attempt to Load the unsigned kernel image.
.. code-block:: console
corstone1000# \
load mmc 1:1 $loadaddr corstone1000_secureboot_fvp_images/Image_fvp; \
loadm $loadaddr $kernel_addr_r $filesize; \
bootefi $kernel_addr_r $fdtcontroladdr
Booting /MemoryMapped(0x0,0x88200000,0x236aa00)
Image not authenticated
Loading image failed
The unsigned Linux kernel image should not be loaded.
.. _unsigned-image-boot-test-mps3:
MPS3
@@ -1925,27 +1988,68 @@ MPS3
The unsigned Linux kernel image should not be loaded.
**************************
Run Signed Image Boot Test
**************************
.. _unsigned-image-boot-test-fvp:
FVP
===
.. important::
#. Follow the instructions `here <use-efi-system-partition-fvp_>`__ to use the ESP.
You must first perform the `Unsigned Image Boot Test <unsigned-image-boot-test-fvp_>`__.
#. Run the software stack as described `here <running-software-stack-fvp_>`__.
Load the signed kernel image.
#. On the Host Processor terminal host side, stop the execution of U-Boot when prompted to do so with the message ``Press any key to stop``.
.. code-block:: console
.. warning::
corstone1000# \
load mmc 1:1 $loadaddr corstone1000_secureboot_fvp_images/Image_fvp.signed; \
loadm $loadaddr $kernel_addr_r $filesize; \
bootefi $kernel_addr_r $fdtcontroladdr
There is a timeout of 3 seconds to stop the execution at the U-Boot prompt.
The signed Linux kernel image should be booted successfully.
The U-Boot console prompt looks as follows:
.. code-block:: console
corstone1000#
.. important::
The rest of the instructions below will be executed on the U-Boot terminal.
#. On the U-Boot console, set the current MMC device.
.. code-block:: console
corstone1000# mmc dev 1
#. Enroll the four UEFI secure boot authenticated variables.
.. code-block:: console
corstone1000# \
load mmc 1:1 $loadaddr corstone1000_secureboot_keys/PK.auth && setenv -e -nv -bs -rt -at -i $loadaddr:$filesize PK; \
load mmc 1:1 $loadaddr corstone1000_secureboot_keys/KEK.auth && setenv -e -nv -bs -rt -at -i $loadaddr:$filesize KEK; \
load mmc 1:1 $loadaddr corstone1000_secureboot_keys/db.auth && setenv -e -nv -bs -rt -at -i $loadaddr:$filesize db; \
load mmc 1:1 $loadaddr corstone1000_secureboot_keys/dbx.auth && setenv -e -nv -bs -rt -at -i $loadaddr:$filesize dbx
#. Attempt to Load the unsigned kernel image.
.. code-block:: console
corstone1000# \
load mmc 1:1 $loadaddr corstone1000_secureboot_fvp_images/Image_fvp; \
loadm $loadaddr $kernel_addr_r $filesize; \
bootefi $kernel_addr_r $fdtcontroladdr
Booting /MemoryMapped(0x0,0x88200000,0x236aa00)
Image not authenticated
Loading image failed
The unsigned Linux kernel image should not be loaded.
**************************
Run Signed Image Boot Test
**************************
MPS3
====
@@ -1966,6 +2070,25 @@ Load the signed kernel image.
The signed Linux kernel image should be booted successfully.
FVP
===
.. important::
You must first perform the `Unsigned Image Boot Test <unsigned-image-boot-test-fvp_>`__.
Load the signed kernel image.
.. code-block:: console
corstone1000# \
load mmc 1:1 $loadaddr corstone1000_secureboot_fvp_images/Image_fvp.signed; \
loadm $loadaddr $kernel_addr_r $filesize; \
bootefi $kernel_addr_r $fdtcontroladdr
The signed Linux kernel image should be booted successfully.
*******************
Disable Secure Boot
*******************
@@ -1982,15 +2105,6 @@ To resolve this, the Platform Key (one of the UEFI authenticated variables for s
#. On the U-Boot console, delete the Platform Key (PK).
- FVP
.. code-block:: console
corstone1000# \
mmc dev 1; \
load mmc 1:1 $loadaddr corstone1000_secureboot_keys/PK_delete.auth && setenv -e -nv -bs -rt -at -i $loadaddr:$filesize PK; \
boot
- MPS3
.. code-block:: console
@@ -2001,6 +2115,16 @@ To resolve this, the Platform Key (one of the UEFI authenticated variables for s
load usb 0 $loadaddr corstone1000_secureboot_keys/PK_delete.auth && setenv -e -nv -bs -rt -at -i $loadaddr:$filesize PK; \
boot
- FVP
.. code-block:: console
corstone1000# \
mmc dev 1; \
load mmc 1:1 $loadaddr corstone1000_secureboot_keys/PK_delete.auth && setenv -e -nv -bs -rt -at -i $loadaddr:$filesize PK; \
boot
PSA API
-------
@@ -2098,12 +2222,19 @@ Ethos-U85 NPU
git clone https://git.gitlab.arm.com/arm-reference-solutions/systemready-patch.git \
-b CORSTONE1000-2025.12
#. Copy the additional kas configuration file to:
.. code-block:: console
cp ${WORKSPACE}/systemready-patch/embedded-a/corstone1000/ethos-u85_test/ethos-u85_test.yml \
${WORKSPACE}/meta-arm/kas/
#. Re-Build the Corstone-1000 with Cortex-A320 FVP software stack as follows:
.. code-block:: console
kas build meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml:meta-arm/kas/corstone1000-a320.yml:\
systemready-patch/embedded-a/corstone1000/ethos-u85_test/ethos-u85_test.yml
meta-arm/kas/ethos-u85_test.yml
#. Run the Corstone-1000 with Cortex-320 FVP: