mirrors/meta-arm
1
0
Fork 0
mirror of https://git.yoctoproject.org/meta-arm synced 2026-01-11 15:00:39 +00:00
Code Issues Projects Releases Wiki Activity

arm-bsp: corstone1000: Upgrade Trusted-Firmware-M v2.2.1

Browse Source 
The move to Trusted-Firmware-M v2.2.1 makes the BL1 code larger,
while the provisioning bundle can be trimmed.  At the same time BL2 and
TF-M binary addresses now need to begin on a 0x100-byte boundary for
Cortex-M0+ based platforms.

Key changes
--------------------------------
- Upgrade Trusted-Firmware-M v2.2.1 for Corstone-1000
- New crypto driver supports ECC instead of RSA.
- Rebase patches
- Add new patches to address the following changes for v2.2.1
   - Increase `BL1_1_CODE_SIZE` to 58KB to accommodate the v2.2.1 binaries.
   - Reduce `PROVISIONING_DATA_SIZE` to 6KB.
   - `BL2_CODE_START` and `S_CODE_START` are aligned to 0x100 byte boundary
      so both start addresses are an exact multiple of 0x100.
   - Adapt ADAC enabled build to the new BL2 build restructure.

Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This commit is contained in:
Harsimran Singh Tungal
2025-09-10 13:51:12 +01:00
committed by Jon Mason
parent c7581dfab2
commit a059fc317f
26 changed files with 504 additions and 1306 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
meta-arm-bsp/conf/machine/include/corstone1000.inc
View File

@@ -3,7 +3,7 @@ require conf/machine/include/arm/armv8a/tune-cortexa35.inc
MACHINEOVERRIDES =. "corstone1000:"
# TF-M
PREFERRED_VERSION_trusted-firmware-m ?= "2.1.%"
PREFERRED_VERSION_trusted-firmware-m ?= "2.2.1"
# TF-A
TFA_PLATFORM = "corstone1000"

2
meta-arm-bsp/recipes-bsp/images/corstone1000-flash-firmware-image.bb
View File

@@ -162,7 +162,7 @@ TFA_BL2_RE_SIGN_BIN_SIZE = "0x2d000"
TFA_FIP_RE_IMAGE_LOAD_ADDRESS = "0x68130000"
TFA_FIP_RE_SIGN_BIN_SIZE = "0x00200000"
RE_LAYOUT_WRAPPER_VERSION = "0.0.7"
TFM_SIGN_PRIVATE_KEY = "${libdir}/tfm-scripts/root-RSA-3072_1.pem"
TFM_SIGN_PRIVATE_KEY = "${libdir}/tfm-scripts/root-EC-P256_1.pem"
RE_IMAGE_OFFSET = "0x1000"
do_sign_images() {

21
meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0012-Platform-CS1000-Remove-unused-BL1-files.patch → meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0001-Platform-CS1000-Remove-unused-BL1-files.patch
View File

@@ -1,10 +1,11 @@
From 67e5aa83efce5f75df1c5d027e2d52f0da2eaba0 Mon Sep 17 00:00:00 2001
From: Bence Balogh <bence.balogh@arm.com>
Date: Thu, 5 Sep 2024 17:21:50 +0200
Subject: [PATCH 1/5] Platform: CS1000: Remove unused BL1 files
From 778d62d8ebe91212363cdab2fa1eef6a977ae6e2 Mon Sep 17 00:00:00 2001
From: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
Date: Wed, 13 Aug 2025 14:02:57 +0000
Subject: [PATCH 1/7] Platform: CS1000: Remove unused BL1 files
These files are not referenced anywhere so removed them to prevent
confusion.
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Upstream-Status: Backport [9a7bdf9ef595196e1e518a27d3c79079aedb5bda]
---
@@ -16,7 +17,7 @@ Upstream-Status: Backport [9a7bdf9ef595196e1e518a27d3c79079aedb5bda]
diff --git a/platform/ext/target/arm/corstone1000/bl1/CMakeLists.txt b/platform/ext/target/arm/corstone1000/bl1/CMakeLists.txt
deleted file mode 100644
index 5e140eecf6..0000000000
index d85b0611d..000000000
--- a/platform/ext/target/arm/corstone1000/bl1/CMakeLists.txt
+++ /dev/null
@@ -1,345 +0,0 @@
@@ -53,14 +54,14 @@ index 5e140eecf6..0000000000
-
-add_convert_to_bin_target(bl1)
-
-# bl2_mbedcrypto reused as it is, but it pulls the MCUBOOT_IMAGE_NUMBER=${MCUBOOT_IMAGE_NUMBER}
-# bl2_crypto reused as it is, but it pulls the MCUBOOT_IMAGE_NUMBER=${MCUBOOT_IMAGE_NUMBER}
-# configuration, where image number is 3. (Coming from BL2 build). To not to collide with BL1's
-# build where image number is 1 mbedcrypto library is separated from the build of other source
-# files.
-target_link_libraries(bl1
- PRIVATE
- bl1_main
- bl2_mbedcrypto
- bl2_crypto
- cmsis_stack_override
- cmsis
-)
@@ -159,7 +160,7 @@ index 5e140eecf6..0000000000
-target_link_libraries(bl1_main
- PRIVATE
- mcuboot_config
- bl2_mbedcrypto_config
- bl2_crypto_config
-)
-
-target_include_directories(bl1_main
@@ -367,7 +368,7 @@ index 5e140eecf6..0000000000
-)
diff --git a/platform/ext/target/arm/corstone1000/bl1/bl1_security_cnt.c b/platform/ext/target/arm/corstone1000/bl1/bl1_security_cnt.c
deleted file mode 100644
index 32c1481cca..0000000000
index 32c1481cc..000000000
--- a/platform/ext/target/arm/corstone1000/bl1/bl1_security_cnt.c
+++ /dev/null
@@ -1,75 +0,0 @@
@@ -447,5 +448,5 @@ index 32c1481cca..0000000000
- return 0;
-}
--
2.25.1
2.43.0

177
meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0001-Platform-Corstone1000-Enable-firewall-in-FVP.patch
View File

@@ -1,177 +0,0 @@
From 4b5a9546205e484ac7f53cee369b1db9a7bf2279 Mon Sep 17 00:00:00 2001
From: Emekcan Aras <Emekcan.Aras@arm.com>
Date: Wed, 3 Apr 2024 13:37:40 +0100
Subject: [PATCH 3/9] Platform: Corstone1000: Enable firewall in FVP
Enables host firewall and MPU setup for FVP. It also fixes secure RAM
configuration and disables access rights to secure RAM from normal world
for both MPS3 and FVP.
Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Upstream-Status: Backport [4b5a9546205e484ac7f53cee369b1db9a7bf2279]
---
.../Device/Include/platform_base_address.h | 2 +-
.../arm/corstone1000/bl1/boot_hal_bl1_1.c | 42 ++++---------------
.../arm/corstone1000/bl2/flash_map_bl2.c | 2 +-
3 files changed, 11 insertions(+), 35 deletions(-)
diff --git a/platform/ext/target/arm/corstone1000/Device/Include/platform_base_address.h b/platform/ext/target/arm/corstone1000/Device/Include/platform_base_address.h
index 416f0ebcdb..101cad9e7c 100644
--- a/platform/ext/target/arm/corstone1000/Device/Include/platform_base_address.h
+++ b/platform/ext/target/arm/corstone1000/Device/Include/platform_base_address.h
@@ -67,7 +67,7 @@
* required by the SE are defined here */
#define CORSTONE1000_HOST_ADDRESS_SPACE_BASE (0x60000000U) /* Host Address Space */
#define CORSTONE1000_HOST_BIR_BASE (0x60000000U) /* Boot Instruction Register */
-#define CORSTONE1000_HOST_SHARED_RAM_BASE (0x62000000U) /* Shared RAM */
+#define CORSTONE1000_HOST_TRUSTED_RAM_BASE (0x62000000U) /* Secure RAM */
#define CORSTONE1000_HOST_XNVM_BASE (0x68000000U) /* XNVM */
#define CORSTONE1000_HOST_BASE_SYSTEM_CONTROL_BASE (0x7A010000U) /* Host SCB */
#define CORSTONE1000_EXT_SYS_RESET_REG (0x7A010310U) /* external system (cortex-M3) */
diff --git a/platform/ext/target/arm/corstone1000/bl1/boot_hal_bl1_1.c b/platform/ext/target/arm/corstone1000/bl1/boot_hal_bl1_1.c
index 45d6768215..2f693d2b1b 100644
--- a/platform/ext/target/arm/corstone1000/bl1/boot_hal_bl1_1.c
+++ b/platform/ext/target/arm/corstone1000/bl1/boot_hal_bl1_1.c
@@ -35,7 +35,7 @@ REGION_DECLARE(Image$$, ER_DATA, $$Base)[];
REGION_DECLARE(Image$$, ARM_LIB_HEAP, $$ZI$$Limit)[];
#define HOST_ADDRESS_SPACE_BASE 0x00000000
-#define HOST_SHARED_RAM_BASE 0x02000000
+#define HOST_TRUSTED_RAM_BASE 0x02000000
#define HOST_XNVM_BASE 0x08000000
#define HOST_BASE_SYSTEM_CONTROL_BASE 0x1A010000
#define HOST_FIREWALL_BASE 0x1A800000
@@ -347,7 +347,7 @@ static void setup_host_firewall(void)
fc_pe_enable();
- /* CVM - Shared RAM */
+ /* CVM - Secure RAM */
fc_select((void *)CORSTONE1000_HOST_FIREWALL_BASE, COMP_CVM);
fc_disable_bypass();
fc_pe_disable();
@@ -355,15 +355,12 @@ static void setup_host_firewall(void)
fc_select_region(1);
fc_disable_regions();
fc_disable_mpe(RGN_MPE0);
- fc_prog_rgn(RGN_SIZE_4MB, HOST_SHARED_RAM_BASE);
+ fc_prog_rgn(RGN_SIZE_4MB, HOST_TRUSTED_RAM_BASE);
fc_init_mpl(RGN_MPE0);
mpl_rights = (RGN_MPL_ANY_MST_MASK | RGN_MPL_SECURE_READ_MASK |
RGN_MPL_SECURE_WRITE_MASK |
- RGN_MPL_SECURE_EXECUTE_MASK |
- RGN_MPL_NONSECURE_READ_MASK |
- RGN_MPL_NONSECURE_WRITE_MASK |
- RGN_MPL_NONSECURE_EXECUTE_MASK);
+ RGN_MPL_SECURE_EXECUTE_MASK);
fc_enable_mpl(RGN_MPE0, mpl_rights);
fc_disable_mpl(RGN_MPE0, ~mpl_rights);
@@ -398,7 +395,9 @@ static void setup_host_firewall(void)
fc_pe_enable();
- /* Host Expansion Master 0 */
+#if !(PLATFORM_IS_FVP)
+ /* Host Expansion Master 0 (Due to the difference in the models only
+ * programming this for MPS3) */
fc_select((void *)CORSTONE1000_HOST_FIREWALL_BASE, COMP_EXPMST0);
fc_disable_bypass();
fc_pe_disable();
@@ -433,7 +432,6 @@ static void setup_host_firewall(void)
fc_enable_regions();
fc_rgn_lock();
-#if !(PLATFORM_IS_FVP)
fc_select_region(3);
fc_disable_regions();
fc_disable_mpe(RGN_MPE0);
@@ -461,16 +459,14 @@ static void setup_host_firewall(void)
fc_enable_mpe(RGN_MPE0);
fc_enable_regions();
fc_rgn_lock();
-#endif
fc_pe_enable();
- /* Host Expansion Master 0 */
+ /* Host Expansion Master 1*/
fc_select((void *)CORSTONE1000_HOST_FIREWALL_BASE, COMP_EXPMST1);
fc_disable_bypass();
fc_pe_disable();
-#if !(PLATFORM_IS_FVP)
fc_select_region(1);
fc_disable_regions();
fc_disable_mpe(RGN_MPE0);
@@ -484,22 +480,6 @@ static void setup_host_firewall(void)
fc_enable_mpe(RGN_MPE0);
fc_enable_regions();
fc_rgn_lock();
-#else
- fc_select_region(1);
- fc_disable_regions();
- fc_disable_mpe(RGN_MPE0);
- fc_prog_rgn(RGN_SIZE_8MB, HOST_SE_SECURE_FLASH_BASE_FVP);
- fc_init_mpl(RGN_MPE0);
-
- mpl_rights = (RGN_MPL_ANY_MST_MASK | RGN_MPL_SECURE_READ_MASK |
- RGN_MPL_SECURE_WRITE_MASK);
-
- fc_enable_mpl(RGN_MPE0, mpl_rights);
- fc_enable_mpe(RGN_MPE0);
- fc_enable_regions();
- fc_rgn_lock();
-#endif
-
fc_pe_enable();
/* Always ON Host Peripherals */
@@ -527,7 +507,6 @@ static void setup_host_firewall(void)
}
fc_pe_enable();
-
/* Host System Peripherals */
fc_select((void *)CORSTONE1000_HOST_FIREWALL_BASE, COMP_SYSPERIPH);
fc_disable_bypass();
@@ -553,6 +532,7 @@ static void setup_host_firewall(void)
}
fc_pe_enable();
+#endif
/* Host System Peripherals */
fc_select((void *)CORSTONE1000_HOST_FIREWALL_BASE, COMP_DBGPERIPH);
@@ -592,13 +572,9 @@ int32_t boot_platform_init(void)
if (result != ARM_DRIVER_OK) {
return 1;
}
-#if !(PLATFORM_IS_FVP)
setup_mpu();
-#endif
setup_se_firewall();
-#if !(PLATFORM_IS_FVP)
setup_host_firewall();
-#endif
#if defined(TFM_BL1_LOGGING) || defined(TEST_BL1_1) || defined(TEST_BL1_2)
stdio_init();
diff --git a/platform/ext/target/arm/corstone1000/bl2/flash_map_bl2.c b/platform/ext/target/arm/corstone1000/bl2/flash_map_bl2.c
index 2b1cdfa199..06cc3f0f52 100644
--- a/platform/ext/target/arm/corstone1000/bl2/flash_map_bl2.c
+++ b/platform/ext/target/arm/corstone1000/bl2/flash_map_bl2.c
@@ -70,7 +70,7 @@ int boot_get_image_exec_ram_info(uint32_t image_id,
rc = 0;
}
else if (image_id == 1 || image_id == 2) {
- (*exec_ram_start) = CORSTONE1000_HOST_SHARED_RAM_BASE;
+ (*exec_ram_start) = CORSTONE1000_HOST_TRUSTED_RAM_BASE;
(*exec_ram_size) = 0x20000000U;
rc = 0;
}
--
2.25.1

41
meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0002-Platform-CS1000-Increase-ITS-max-asset-size.patch
View File

@@ -1,41 +0,0 @@
From 2a7e418afc96a9c897d3511fd47dbe596f880074 Mon Sep 17 00:00:00 2001
From: Emekcan Aras <emekcan.aras@arm.com>
Date: Wed, 17 Apr 2024 11:34:45 +0000
Subject: [PATCH 4/9] Platform: CS1000: Increase ITS max asset size
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Increases the max asset size for ITS to enable Parsec services and
tests.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Vikas Katariya <vikas.katariya@arm.com>
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Upstream-Status: Backport [2a7e418afc96a9c897d3511fd47dbe596f880074]
---
platform/ext/target/arm/corstone1000/config_tfm_target.h | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/platform/ext/target/arm/corstone1000/config_tfm_target.h b/platform/ext/target/arm/corstone1000/config_tfm_target.h
index 2c7341afd..9522379cd 100644
--- a/platform/ext/target/arm/corstone1000/config_tfm_target.h
+++ b/platform/ext/target/arm/corstone1000/config_tfm_target.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2022, Arm Limited. All rights reserved.
+ * Copyright (c) 2022-2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -20,4 +20,7 @@
/* The maximum number of assets to be stored in the Protected Storage area. */
#define PS_NUM_ASSETS 20
+/* The maximum size of asset to be stored in the Internal Trusted Storage area. */
+#define ITS_MAX_ASSET_SIZE 2048
+
#endif /* __CONFIG_TFM_TARGET_H__ */
--
2.25.1

46
meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0002-Platform-Corstone1000-Fix-BL1-compiler-switch-and-re.patch Normal file
View File

@@ -0,0 +1,46 @@
From 162d46ac77be0ad3e7cf1840fa05578cce084a68 Mon Sep 17 00:00:00 2001
From: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
Date: Wed, 13 Aug 2025 14:31:53 +0000
Subject: [PATCH 2/7] Platform: Corstone1000: Fix BL1 compiler switch and
regression test failure
Introduce a dedicated preprocessor definition (`BL1_BUILD`) added only to the
platform_bl1_1 target. This ensures that #if BL1 checks are evaluated correctly
based on the actual build configuration.
Signed-off-by: Michael Safwat <michael.safwat@arm.com>
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Upstream-Status: Backport [f25649cc0de56f360069c6128670f7533ba5e14d]
---
platform/ext/target/arm/corstone1000/CMakeLists.txt | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/platform/ext/target/arm/corstone1000/CMakeLists.txt b/platform/ext/target/arm/corstone1000/CMakeLists.txt
index 4d165ed9c..3573c8492 100644
--- a/platform/ext/target/arm/corstone1000/CMakeLists.txt
+++ b/platform/ext/target/arm/corstone1000/CMakeLists.txt
@@ -146,6 +146,7 @@ target_sources(platform_s
rse_comms_permissions_hal.c
mem_check_v6m_v7m_hal.c
${PLATFORM_DIR}/ext/common/mem_check_v6m_v7m.c
+ platform.c
)
if (PLATFORM_IS_FVP)
@@ -215,6 +216,13 @@ target_compile_definitions(platform_bl1_1
$<$<BOOL:${CRYPTO_HW_ACCELERATOR_OTP_PROVISIONING}>:CRYPTO_HW_ACCELERATOR_OTP_PROVISIONING>
MBEDTLS_CONFIG_FILE="${CMAKE_SOURCE_DIR}/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_default.h"
MBEDTLS_PSA_CRYPTO_CONFIG_FILE="${CMAKE_SOURCE_DIR}/lib/ext/mbedcrypto/mbedcrypto_config/crypto_config_default.h"
+
+ # This definition is only added to the bl1_main target. There are
+ # files that are shared between the BL1 and TFM_S targets. This flag
+ # can be used if the BL1 target needs different implementation than
+ # the TFM_S target.
+ BL1_BUILD
+
)
target_include_directories(platform_bl1_1_interface
--
2.43.0

8
meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0014-CC312-alignment-of-cc312-differences.patch → meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0003-CC312-alignment-of-cc312-differences-between-fvp-and.patch
View File

@@ -1,7 +1,7 @@
From 60ab8bbf85e9e84afd23948a71cf84c69f4aad7a Mon Sep 17 00:00:00 2001
From bfc977a43ea6b328136599a7558c3706739579b6 Mon Sep 17 00:00:00 2001
From: Ali Can Ozaslan <ali.oezaslan@arm.com>
Date: Wed, 15 May 2024 12:12:15 +0000
Subject: [PATCH 07/10] CC312: alignment of cc312 differences between fvp and
Subject: [PATCH 3/7] CC312: alignment of cc312 differences between fvp and
mps3 corstone1000 platforms
Configures CC312 mps3 model same as predefined cc312 FVP
@@ -15,7 +15,7 @@ Upstream-Status: Inappropriate [Requires an aligment cc3xx with mps3 hw and fvp
1 file changed, 3 insertions(+)
diff --git a/lib/ext/cryptocell-312-runtime/host/src/cc3x_lib/cc_lib.c b/lib/ext/cryptocell-312-runtime/host/src/cc3x_lib/cc_lib.c
index 31e4332bed..4b08c02526 100644
index 31e4332be..4b08c0252 100644
--- a/lib/ext/cryptocell-312-runtime/host/src/cc3x_lib/cc_lib.c
+++ b/lib/ext/cryptocell-312-runtime/host/src/cc3x_lib/cc_lib.c
@@ -207,6 +207,9 @@ CClibRetCode_t CC_LibInit(CCRndContext_t *rndContext_ptr, CCRndWorkBuff_t *rndW
@@ -29,5 +29,5 @@ index 31e4332bed..4b08c02526 100644
reg = CC_HAL_READ_REGISTER(CC_REG_OFFSET(HOST_RGF, HOST_AO_LOCK_BITS));
CC_REG_FLD_SET(0, HOST_AO_LOCK_BITS, HOST_FORCE_DFA_ENABLE, reg, 0x0);
--
2.25.1
2.43.0

38
meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0003-Platform-CS1000-Increase-RSE_COMMS-buffer-size.patch
View File

@@ -1,38 +0,0 @@
From 85e7e9f52177c9617b8554fbacac34c8c591f549 Mon Sep 17 00:00:00 2001
From: Bence Balogh <bence.balogh@arm.com>
Date: Fri, 5 Jul 2024 21:18:08 +0200
Subject: [PATCH 5/9] Platform: CS1000: Increase RSE_COMMS buffer size
This was needed because the UEFI variable index size was increased in
the Host side software stack. The RSE_COMMS buffer has to be increased
to accomodate the bigger messages.
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Upstream-Status: Backport [85e7e9f52177c9617b8554fbacac34c8c591f549]
---
.../ext/target/arm/corstone1000/rse_comms/rse_comms.h | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/platform/ext/target/arm/corstone1000/rse_comms/rse_comms.h b/platform/ext/target/arm/corstone1000/rse_comms/rse_comms.h
index 41e5c2bc3..720a60b62 100644
--- a/platform/ext/target/arm/corstone1000/rse_comms/rse_comms.h
+++ b/platform/ext/target/arm/corstone1000/rse_comms/rse_comms.h
@@ -15,8 +15,13 @@
extern "C" {
#endif
-/* size suits to fit the largest message too (EFI variables) */
-#define RSE_COMMS_PAYLOAD_MAX_SIZE (0x2100)
+/*
+ * The size suits to fit the largest message too (EFI variables)
+ * This size is defined by the Host's software stack.
+ * The size was chosen by monitoring the messages that are coming
+ * from the Trusted Services SE Proxy partition.
+ */
+#define RSE_COMMS_PAYLOAD_MAX_SIZE (0x43C0)
/*
* Allocated for each client request.
--
2.25.1

42
meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0004-Platform-CS1000-Increase-buffers-for-EFI-vars.patch
View File

@@ -1,42 +0,0 @@
From 8ca9620a000ba182ebb51c51f49e2b97622f3404 Mon Sep 17 00:00:00 2001
From: Bence Balogh <bence.balogh@arm.com>
Date: Wed, 15 May 2024 22:37:51 +0200
Subject: [PATCH 6/9] Platform: CS1000: Increase buffers for EFI vars
The UEFI variables are stored in the Protected Storage. The size of
the variables metadata have been increased in the Host software stack
so the related buffer sizes have to be increased:
- The PS_MAX_ASSET_SIZE needs to be big enough to store the variables.
- The CRYPTO_ENGINE_BUF_SIZE needs to be increased because the encryption
of the bigger PS assets requires bigger buffer.
- The CRYPTO_IOVEC_BUFFER_SIZE needs to be increased because the PS
assets are passed through the IOVEC buffer between the crypto and
PS partition during encryption.
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Upstream-Status: Backport [8ca9620a000ba182ebb51c51f49e2b97622f3404]
---
platform/ext/target/arm/corstone1000/config_tfm_target.h | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/platform/ext/target/arm/corstone1000/config_tfm_target.h b/platform/ext/target/arm/corstone1000/config_tfm_target.h
index 9522379cd..0b410dfd4 100644
--- a/platform/ext/target/arm/corstone1000/config_tfm_target.h
+++ b/platform/ext/target/arm/corstone1000/config_tfm_target.h
@@ -23,4 +23,12 @@
/* The maximum size of asset to be stored in the Internal Trusted Storage area. */
#define ITS_MAX_ASSET_SIZE 2048
+/* The maximum asset size to be stored in the Protected Storage */
+#define PS_MAX_ASSET_SIZE 2592
+
+/* This is needed to be able to process the EFI variables during PS writes. */
+#define CRYPTO_ENGINE_BUF_SIZE 0x5000
+
+/* This is also has to be increased to fit the EFI variables into the iovecs. */
+#define CRYPTO_IOVEC_BUFFER_SIZE 6000
#endif /* __CONFIG_TFM_TARGET_H__ */
--
2.25.1

16
meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0017-Platform-CS1000-Enable-FWU-partition.patch → meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0004-Platform-Corstone1000-Enable-FWU-partition.patch
View File

@@ -1,7 +1,7 @@
From 1f8eb5887f3de167ac68c92b5b77efc51308603c Mon Sep 17 00:00:00 2001
From ab1ecf0cfbbf199c4d868d2c565f7bff3f5245ee Mon Sep 17 00:00:00 2001
From: Ali Can Ozaslan <ali.oezaslan@arm.com>
Date: Tue, 15 Oct 2024 12:50:16 +0000
Subject: [PATCH] Platform: Corstone1000: Enable FWU partition
Subject: [PATCH 4/7] Platform: Corstone1000: Enable FWU partition
Enable firmware update partition for Corstone-1000 platform.
@@ -11,13 +11,16 @@ configuration. Fix linker issues caused by enablement.
Upstream-Status: Backport [0107057d1411ec68e374fbd0ddc0e12abd5754ec]
Signed-off-by: Ali Can Ozaslan <ali.oezaslan@arm.com>
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
---
platform/ext/target/arm/corstone1000/config.cmake | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/platform/ext/target/arm/corstone1000/config.cmake b/platform/ext/target/arm/corstone1000/config.cmake
index 6a805a122..1ba43a006 100644
index 0e6297dae..e45b56b2f 100644
--- a/platform/ext/target/arm/corstone1000/config.cmake
+++ b/platform/ext/target/arm/corstone1000/config.cmake
@@ -56,6 +56,10 @@ set(TFM_PARTITION_CRYPTO ON CACHE BOOL "Enable Cryp
@@ -55,6 +55,10 @@ set(TFM_PARTITION_CRYPTO ON CACHE BOOL "Enable Cryp
set(TFM_PARTITION_INITIAL_ATTESTATION ON CACHE BOOL "Enable Initial Attestation partition")
set(TFM_PARTITION_INTERNAL_TRUSTED_STORAGE ON CACHE BOOL "Enable Internal Trusted Storage partition")
@@ -28,3 +31,6 @@ index 6a805a122..1ba43a006 100644
if (${CMAKE_BUILD_TYPE} STREQUAL Debug OR ${CMAKE_BUILD_TYPE} STREQUAL RelWithDebInfo)
set(ENABLE_FWU_AGENT_DEBUG_LOGS TRUE CACHE BOOL "Enable Firmware update agent debug logs.")
--
2.43.0

37
meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0005-Platform-CS1000-Increase-flash-PS-area-size.patch
View File

@@ -1,37 +0,0 @@
From 3794ba29b66641ebecbd4dd3d9a2a2e8caeb690a Mon Sep 17 00:00:00 2001
From: Ali Can Ozaslan <ali.oezaslan@arm.com>
Date: Mon, 15 Jul 2024 13:03:24 +0000
Subject: [PATCH 8/9] Platform: CS1000: Increase flash PS area size
Previously, approximately only 2MB was used out of the 8MB SE Flash.
The aim of this commit is to increase the size of PS storage in SE
Flash.
Increasing the size minimize the possibilities of it to run out
of memory as it is not cleared on reset or reprogramming of the device.
The FLASH_PS_AREA_SIZE is increased to 6MB so now 7MB of the SE Flash
is used. The remaining 1MB is allocated for future uses.
Signed-off-by: Ali Can Ozaslan <ali.oezaslan@arm.com>
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Upstream-Status: Backport [3794ba29b66641ebecbd4dd3d9a2a2e8caeb690a]
---
platform/ext/target/arm/corstone1000/partition/flash_layout.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/platform/ext/target/arm/corstone1000/partition/flash_layout.h b/platform/ext/target/arm/corstone1000/partition/flash_layout.h
index a181a7168..07b4cdea7 100644
--- a/platform/ext/target/arm/corstone1000/partition/flash_layout.h
+++ b/platform/ext/target/arm/corstone1000/partition/flash_layout.h
@@ -192,7 +192,7 @@
#define FLASH_PS_AREA_OFFSET (FLASH_ITS_AREA_OFFSET + \
FLASH_ITS_AREA_SIZE)
-#define FLASH_PS_AREA_SIZE (16 * SECURE_FLASH_SECTOR_SIZE)
+#define FLASH_PS_AREA_SIZE (96 * SECURE_FLASH_SECTOR_SIZE)
/* OTP_definitions */
#define FLASH_OTP_NV_COUNTERS_AREA_OFFSET (FLASH_PS_AREA_OFFSET + \
--
2.25.1

455
meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0018-Platform-Corstone1000-Implement-Bootloader-Abstracti.patch → meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0005-Platform-Corstone1000-Implement-Bootloader-Abstracti.patch
View File

File diff suppressed because it is too large Load Diff

27
meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0019-Platform-Corstone1000-Increase-buffer-sizes.patch → meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0006-Platform-Corstone1000-Increase-buffer-sizes.patch
View File

@@ -1,7 +1,7 @@
From e3d94988f14b3004606c247b39bda5ade119545f Mon Sep 17 00:00:00 2001
From def9095e7bfd5a82ba6cd4756e990cd9ae7307ab Mon Sep 17 00:00:00 2001
From: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
Date: Wed, 12 Mar 2025 13:10:47 +0000
Subject: [PATCH 2/2] Platform: Corstone1000: Increase buffer sizes
Date: Mon, 16 Jun 2025 14:44:39 +0100
Subject: [PATCH 6/7] Platform: Corstone1000: Increase buffer sizes
Increase PSA_MAX_ASSET_SIZE and CRYPTO_IOVEC_BUFFER_SIZE
to accommodate large size EFI variables set by new U-Boot version.
@@ -14,14 +14,21 @@ implementing PSA FWU support.
Upstream-Status: Backport [bd80dee733e792eadfd2115f4bfa6bad748e5ce5]
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
---
platform/ext/target/arm/corstone1000/config_tfm_target.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
platform/ext/target/arm/corstone1000/config_tfm_target.h | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/platform/ext/target/arm/corstone1000/config_tfm_target.h b/platform/ext/target/arm/corstone1000/config_tfm_target.h
index 0b410dfd4..a65305bd4 100644
index 4920f6708..cf13712a1 100644
--- a/platform/ext/target/arm/corstone1000/config_tfm_target.h
+++ b/platform/ext/target/arm/corstone1000/config_tfm_target.h
@@ -24,11 +24,11 @@
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2022-2024, Arm Limited. All rights reserved.
+ * SPDX-FileCopyrightText: Copyright The TrustedFirmware-M Contributors
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -27,13 +27,13 @@
#define ITS_MAX_ASSET_SIZE 2048
/* The maximum asset size to be stored in the Protected Storage */
@@ -34,7 +41,9 @@ index 0b410dfd4..a65305bd4 100644
/* This is also has to be increased to fit the EFI variables into the iovecs. */
-#define CRYPTO_IOVEC_BUFFER_SIZE 6000
+#define CRYPTO_IOVEC_BUFFER_SIZE 7200
#endif /* __CONFIG_TFM_TARGET_H__ */
/* The Mailbox partition is used as an NS Agent so its stack size is used to
* determine the PSP and PSPLIM during the SFN backend initialization. It has to
--
2.25.1
2.43.0

119
meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0006-platform-CS1000-Add-multicore-support-for-FVP.patch
View File

@@ -1,119 +0,0 @@
From 1eb9bc330bf387ff26a6df93d3b8c843174dc40b Mon Sep 17 00:00:00 2001
From: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
Date: Thu, 9 May 2024 13:20:57 +0000
Subject: [PATCH 10/10] platform: CS1000: Add multicore support for FVP
This changeset adds the support to enable the secondary cores for
the Corstone-1000 FVP
Upstream-Status: Backport [86383bb0ee5a99343c23c0b6fb9a1d161857a75c]
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
---
.../target/arm/corstone1000/CMakeLists.txt | 6 +++
.../corstone1000/Device/Config/device_cfg.h | 6 +++
.../arm/corstone1000/tfm_hal_multi_core.c | 38 ++++++++++++++++++-
3 files changed, 48 insertions(+), 2 deletions(-)
diff --git a/platform/ext/target/arm/corstone1000/CMakeLists.txt b/platform/ext/target/arm/corstone1000/CMakeLists.txt
index 95e3f57b4f..e46123cc6f 100644
--- a/platform/ext/target/arm/corstone1000/CMakeLists.txt
+++ b/platform/ext/target/arm/corstone1000/CMakeLists.txt
@@ -381,6 +381,12 @@ target_sources(tfm_psa_rot_partition_ns_agent_mailbox
tfm_hal_multi_core.c
)
+if (PLATFORM_IS_FVP)
+target_compile_definitions(tfm_psa_rot_partition_ns_agent_mailbox
+ PUBLIC
+ $<$<BOOL:${ENABLE_MULTICORE}>:CORSTONE1000_FVP_MULTICORE>
+)
+endif()
#========================= tfm_spm ============================================#
target_sources(tfm_spm
diff --git a/platform/ext/target/arm/corstone1000/Device/Config/device_cfg.h b/platform/ext/target/arm/corstone1000/Device/Config/device_cfg.h
index 222905d3dd..9d48f119ed 100644
--- a/platform/ext/target/arm/corstone1000/Device/Config/device_cfg.h
+++ b/platform/ext/target/arm/corstone1000/Device/Config/device_cfg.h
@@ -45,5 +45,11 @@
/* CFI Controller */
#define CFI_S
+/* Total number of host cores */
+#if CORSTONE1000_FVP_MULTICORE
+#define PLATFORM_HOST_MAX_CORE_COUNT 4
+#else
+#define PLATFORM_HOST_MAX_CORE_COUNT 1
+#endif
#endif /* __DEVICE_CFG_H__ */
diff --git a/platform/ext/target/arm/corstone1000/tfm_hal_multi_core.c b/platform/ext/target/arm/corstone1000/tfm_hal_multi_core.c
index f0e2bc333a..ce72e50c9b 100644
--- a/platform/ext/target/arm/corstone1000/tfm_hal_multi_core.c
+++ b/platform/ext/target/arm/corstone1000/tfm_hal_multi_core.c
@@ -11,9 +11,14 @@
#include "tfm_hal_multi_core.h"
#include "fwu_agent.h"
-#define HOST_SYS_RST_CTRL_OFFSET 0x0
+#define HOST_SYS_RST_CTRL_OFFSET 0x000
+#define HOST_CPU_PE0_CONFIG_OFFSET 0x010
+#define HOST_CPU_PE1_CONFIG_OFFSET 0x020
+#define HOST_CPU_PE2_CONFIG_OFFSET 0x030
+#define HOST_CPU_PE3_CONFIG_OFFSET 0x040
+#define HOST_CPU_BOOT_MASK_OFFSET 0x300
#define HOST_CPU_CORE0_WAKEUP_OFFSET 0x308
-#define HOST_CPU_PE0_CONFIG_OFFSET 0x010
+
#define AA64nAA32_MASK (1 << 3)
#ifdef EXTERNAL_SYSTEM_SUPPORT
@@ -53,9 +58,29 @@ void tfm_hal_boot_ns_cpu(uintptr_t start_addr)
volatile uint32_t *PE0_CONFIG =
(uint32_t *)(CORSTONE1000_HOST_BASE_SYSTEM_CONTROL_BASE
+ HOST_CPU_PE0_CONFIG_OFFSET);
+#if CORSTONE1000_FVP_MULTICORE
+ volatile uint32_t *PE1_CONFIG =
+ (uint32_t *)(CORSTONE1000_HOST_BASE_SYSTEM_CONTROL_BASE
+ + HOST_CPU_PE1_CONFIG_OFFSET);
+ volatile uint32_t *PE2_CONFIG =
+ (uint32_t *)(CORSTONE1000_HOST_BASE_SYSTEM_CONTROL_BASE
+ + HOST_CPU_PE2_CONFIG_OFFSET);
+ volatile uint32_t *PE3_CONFIG =
+ (uint32_t *)(CORSTONE1000_HOST_BASE_SYSTEM_CONTROL_BASE
+ + HOST_CPU_PE3_CONFIG_OFFSET);
+ volatile uint32_t *CPU_BOOT_MASK =
+ (uint32_t *)(CORSTONE1000_HOST_BASE_SYSTEM_CONTROL_BASE
+ + HOST_CPU_BOOT_MASK_OFFSET);
+ *CPU_BOOT_MASK = 0xf;
+#endif
/* Select host CPU architecture as AArch64 */
*PE0_CONFIG |= AA64nAA32_MASK; /* 0b1 AArch64 */
+#if CORSTONE1000_FVP_MULTICORE
+ *PE1_CONFIG |= AA64nAA32_MASK; /* 0b1 AArch64 */
+ *PE2_CONFIG |= AA64nAA32_MASK; /* 0b1 AArch64 */
+ *PE3_CONFIG |= AA64nAA32_MASK; /* 0b1 AArch64 */
+#endif
/* wakeup CORE0 before bringing it out of reset */
*reset_ctl_wakeup_reg = 0x1;
@@ -63,6 +88,15 @@ void tfm_hal_boot_ns_cpu(uintptr_t start_addr)
/* Clear HOST_SYS_RST_CTRL register to bring host out of RESET */
*reset_ctl_reg = 0;
+#if CORSTONE1000_FVP_MULTICORE
+ /* Wake up secondary cores.
+ * This should be done after bringing the primary core out of reset. */
+ for(int core_index=1; core_index < PLATFORM_HOST_MAX_CORE_COUNT; core_index++)
+ {
+ *reset_ctl_wakeup_reg = (0x1 << core_index);
+ }
+#endif
+
(void) start_addr;
#ifdef EXTERNAL_SYSTEM_SUPPORT
--
2.25.1

36
meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0007-Platform-CS1000-Fix-Bank-offsets.patch
View File

@@ -1,36 +0,0 @@
From 939a39a0705ed2571fe5b842a9d5f80036f71a12 Mon Sep 17 00:00:00 2001
From: Bence Balogh <bence.balogh@arm.com>
Date: Fri, 2 Aug 2024 22:02:55 +0200
Subject: [PATCH 9/9] Platform: CS1000: Fix Bank offsets
The BANK_0_PARTITION_OFFSET and BANK_1_PARTITION_OFFSET are used for
erasing the banks during capsule update. The fwu_agent erases the flash
using them as starting addresses. The BL2 (MCUBoot) should also
be erased during capsule update.
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Upstream-Status: Backport [939a39a0705ed2571fe5b842a9d5f80036f71a12]
---
.../ext/target/arm/corstone1000/partition/flash_layout.h | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/platform/ext/target/arm/corstone1000/partition/flash_layout.h b/platform/ext/target/arm/corstone1000/partition/flash_layout.h
index 07b4cdea7..f42dda809 100644
--- a/platform/ext/target/arm/corstone1000/partition/flash_layout.h
+++ b/platform/ext/target/arm/corstone1000/partition/flash_layout.h
@@ -109,10 +109,8 @@
#define FWU_PRIVATE_METADATA_REPLICA_2_OFFSET (FWU_PRIVATE_METADATA_REPLICA_1_OFFSET + \
FWU_METADATA_FLASH_SECTOR_SIZE)
-#define BANK_0_PARTITION_OFFSET (SE_BL2_BANK_0_OFFSET + \
- SE_BL2_PARTITION_SIZE)
-#define BANK_1_PARTITION_OFFSET (SE_BL2_BANK_1_OFFSET + \
- SE_BL2_PARTITION_SIZE)
+#define BANK_0_PARTITION_OFFSET (SE_BL2_BANK_0_OFFSET)
+#define BANK_1_PARTITION_OFFSET (SE_BL2_BANK_1_OFFSET)
/* BL1: mcuboot flashmap configurations */
#define FLASH_AREA_8_ID (1)
--
2.25.1

22
meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0023-Platform-CS1000-Remove-duplicate-configuration-parameters.patch → meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0007-Platform-Corstone1000-Remove-duplicate-configuration.patch
View File

@@ -1,30 +1,34 @@
From 456a58e4cb06c9cbdaadfc3d2e54ef21ec8405fc Mon Sep 17 00:00:00 2001
From 038b35ac96dcdaa640bb5f641b8c028491abb9b7 Mon Sep 17 00:00:00 2001
From: Yogesh Wani <yogesh.wani@arm.com>
Date: Wed, 7 May 2025 16:51:27 +0000
Subject: [PATCH] Remove duplicate configuration parameters for corstone-1000
Date: Wed, 30 Apr 2025 14:39:37 +0100
Subject: [PATCH 7/7] Platform: Corstone1000: Remove duplicate configuration
parameters for Corstone-1000
The PS_NUM_ASSET is duplicated in the cmake.config and the
config_tfm_target.h file under corstone-1000. The commit removes
config_tfm_target.h file under Corstone-1000. The commit removes
the one from the cmake.config and keeps the one in the header file.
The whole rationale behind this is for the vendor to be able
to override the configuration using the cmake file.
Signed-off-by: Yogesh Wani <yogesh.wani@arm.com>
Upstream-Status: Backport [948cb8e7601dcf1fe822d855c77749287fe6d9bd]
Signed-off-by: Yogesh Wani <yogesh.wani@arm.com>
---
platform/ext/target/arm/corstone1000/config.cmake | 1 -
1 file changed, 1 deletion(-)
diff --git a/platform/ext/target/arm/corstone1000/config.cmake b/platform/ext/target/arm/corstone1000/config.cmake
index 6a805a1220..708bacaedf 100644
index f1de066e5..cf4d63f61 100644
--- a/platform/ext/target/arm/corstone1000/config.cmake
+++ b/platform/ext/target/arm/corstone1000/config.cmake
@@ -68,4 +68,3 @@ endif()
@@ -74,7 +74,6 @@ endif()
# Platform-specific configurations
set(CONFIG_TFM_USE_TRUSTZONE OFF)
set(TFM_MULTI_CORE_TOPOLOGY ON)
-set(PS_NUM_ASSETS "40" CACHE STRING "The maximum number of assets to be stored in the Protected Storage area")
--
2.34.1
set(MCUBOOT_USE_PSA_CRYPTO ON CACHE BOOL "Enable the cryptographic abstraction layer to use PSA Crypto APIs")
set(MCUBOOT_SIGNATURE_TYPE "EC-P256" CACHE STRING "Algorithm to use for signature validation [RSA-2048, RSA-3072, EC-P256, EC-P384]")
--
2.43.0

111
meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0008-Platform-CS1000-Increase-BL2-partition-size.patch
View File

@@ -1,111 +0,0 @@
From ddd4abdb3893e284a35303e4a5ac7b6ad2ed8320 Mon Sep 17 00:00:00 2001
From: Bence Balogh <bence.balogh@arm.com>
Date: Tue, 16 Jul 2024 21:04:49 +0200
Subject: [PATCH] Platform: CS1000: Increase BL2 partition size
Enabling secure debug increases the BL2 code size considerably. This
patch increases the BL2 partition size to enable secure debug feature
on Corstone-1000. The TF-M partition size has to be decreased for this.
The RAM_MPU_REGION_BLOCK_1_SIZE had to be aligned with the changes to
fully cover the S_DATA.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Upstream-Status: Backport [https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/30406]
---
.../ext/target/arm/corstone1000/CMakeLists.txt | 9 ++++++---
.../target/arm/corstone1000/create-flash-image.sh | 14 ++++++++------
.../arm/corstone1000/partition/flash_layout.h | 4 ++--
3 files changed, 16 insertions(+), 11 deletions(-)
diff --git a/platform/ext/target/arm/corstone1000/CMakeLists.txt b/platform/ext/target/arm/corstone1000/CMakeLists.txt
index b13dc26c0e..3ba26e0de7 100644
--- a/platform/ext/target/arm/corstone1000/CMakeLists.txt
+++ b/platform/ext/target/arm/corstone1000/CMakeLists.txt
@@ -44,10 +44,13 @@ target_compile_definitions(platform_region_defs
# The RAM MPU Region block sizes are calculated manually. The RAM has to be covered
# with the MPU regions. These regions also have to be the power of 2 and
# the start addresses have to be aligned to these sizes. The sizes can be calculated
- # from the S_DATA_START and S_DATA_SIZE defines.
- RAM_MPU_REGION_BLOCK_1_SIZE=0x4000
+ # from the S_DATA_START and S_DATA_SIZE defines the following way:
+ # S_DATA_SIZE = RAM_MPU_REGION_BLOCK_1_SIZE + RAM_MPU_REGION_BLOCK_2_SIZE
+ # And the following constraints have to be taken:
+ # S_DATA_START % RAM_MPU_REGION_BLOCK_1_SIZE = 0
+ # (S_DATA_START + RAM_MPU_REGION_BLOCK_1_SIZE) % RAM_MPU_REGION_BLOCK_2_SIZE = 0
+ RAM_MPU_REGION_BLOCK_1_SIZE=0x10000
RAM_MPU_REGION_BLOCK_2_SIZE=0x20000
-
)
#========================= Platform common defs ===============================#
diff --git a/platform/ext/target/arm/corstone1000/create-flash-image.sh b/platform/ext/target/arm/corstone1000/create-flash-image.sh
index a6be61384f..06f0d1ec9a 100755
--- a/platform/ext/target/arm/corstone1000/create-flash-image.sh
+++ b/platform/ext/target/arm/corstone1000/create-flash-image.sh
@@ -1,6 +1,6 @@
#!/bin/bash
#-------------------------------------------------------------------------------
-# Copyright (c) 2023, Arm Limited. All rights reserved.
+# Copyright (c) 2023-2024, Arm Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -65,6 +65,8 @@ FWU_METADATA_TYPE_UUID="8A7A84A0-8387-40F6-AB41-A8B9A5A60D23"
PRIVATE_METADATA_TYPE_UUID="ECB55DC3-8AB7-4A84-AB56-EB0A9974DB42"
SE_BL2_TYPE_UUID="64BD8ADB-02C0-4819-8688-03AB4CAB0ED9"
TFM_TYPE_UUID="D763C27F-07F6-4FF0-B2F3-060CB465CD4E"
+SE_BL2_PARTITION_SIZE="+144k"
+TFM_S_PARTITION_SIZE="+320K"
# Create the image
rm -f $IMAGE
@@ -81,10 +83,10 @@ sgdisk --mbrtogpt \
--new=3:48:+4K --typecode=3:$FWU_METADATA_TYPE_UUID --partition-guid=3:$(uuidgen) --change-name=3:'Bkup-FWU-Metadata' \
--new=4:56:+4K --typecode=4:$PRIVATE_METADATA_TYPE_UUID --partition-guid=4:$(uuidgen) --change-name=4:'private_metadata_replica_1' \
--new=5:64:+4k --typecode=5:$PRIVATE_METADATA_TYPE_UUID --partition-guid=5:$(uuidgen) --change-name=5:'private_metadata_replica_2' \
- --new=6:72:+100k --typecode=6:$SE_BL2_TYPE_UUID --partition-guid=6:$(uuidgen) --change-name=6:'bl2_primary' \
- --new=7:272:+368K --typecode=7:$TFM_TYPE_UUID --partition-guid=7:$(uuidgen) --change-name=7:'tfm_primary' \
- --new=8:32784:+100k --typecode=8:$SE_BL2_TYPE_UUID --partition-guid=8:$(uuidgen) --change-name=8:'bl2_secondary' \
- --new=9:32984:+368K --typecode=9:$TFM_TYPE_UUID --partition-guid=9:$(uuidgen) --change-name=9:'tfm_secondary' \
+ --new=6:72:$SE_BL2_PARTITION_SIZE --typecode=6:$SE_BL2_TYPE_UUID --partition-guid=6:$(uuidgen) --change-name=6:'bl2_primary' \
+ --new=7:360:$TFM_S_PARTITION_SIZE --typecode=7:$TFM_TYPE_UUID --partition-guid=7:$(uuidgen) --change-name=7:'tfm_primary' \
+ --new=8:32784:$SE_BL2_PARTITION_SIZE --typecode=8:$SE_BL2_TYPE_UUID --partition-guid=8:$(uuidgen) --change-name=8:'bl2_secondary' \
+ --new=9:33072:$TFM_S_PARTITION_SIZE --typecode=9:$TFM_TYPE_UUID --partition-guid=9:$(uuidgen) --change-name=9:'tfm_secondary' \
--new=10:65496:65501 --partition-guid=10:$(uuidgen) --change-name=10:'reserved_2' \
$IMAGE
@@ -93,7 +95,7 @@ sgdisk --mbrtogpt \
# Write partitions
# conv=notrunc avoids truncation to keep the geometry of the image.
dd if=$BIN_DIR/bl2_signed.bin of=${IMAGE} seek=72 conv=notrunc
-dd if=$BIN_DIR/tfm_s_signed.bin of=${IMAGE} seek=272 conv=notrunc
+dd if=$BIN_DIR/tfm_s_signed.bin of=${IMAGE} seek=360 conv=notrunc
# Print the gpt table
sgdisk -p $IMAGE
diff --git a/platform/ext/target/arm/corstone1000/partition/flash_layout.h b/platform/ext/target/arm/corstone1000/partition/flash_layout.h
index 9fc1d9fa63..73c430ce57 100644
--- a/platform/ext/target/arm/corstone1000/partition/flash_layout.h
+++ b/platform/ext/target/arm/corstone1000/partition/flash_layout.h
@@ -92,7 +92,7 @@
#define FLASH_DEV_NAME_BL1 FLASH_DEV_NAME
/* Static Configurations of the Flash */
-#define SE_BL2_PARTITION_SIZE (0x18000) /* 96 KB */
+#define SE_BL2_PARTITION_SIZE (0x24000) /* 144 KB */
#define SE_BL2_BANK_0_OFFSET (0x9000) /* 72nd LBA */
#define SE_BL2_BANK_1_OFFSET (0x1002000) /* 32784th LBA */
@@ -137,7 +137,7 @@
/* Bank configurations */
#define BANK_PARTITION_SIZE (0xFE0000) /* 15.875 MB */
-#define TFM_PARTITION_SIZE (0x5C000) /* 368 KB */
+#define TFM_PARTITION_SIZE (0x50000) /* 320 KB */
/************************************************************/
/* Bank : Images flash offsets are with respect to the bank */
--
2.25.1

93
meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0008-Platform-Corstone1000-Increase-BL1-size-and-align-bi.patch Normal file
View File

@@ -0,0 +1,93 @@
From d708753e317c89dead0759e3ffa6ecabef5a84a3 Mon Sep 17 00:00:00 2001
From: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
Date: Thu, 21 Aug 2025 09:12:25 +0000
Subject: [PATCH 1/2] Platform: Corstone1000: Increase BL1 size and align
binary addresses
The move to Trusted-Firmware-M v2.2.1 makes the BL1 code larger,
while the provisioning bundle can be trimmed. At the same time BL2 and
TF-M binary addresses now need to begin on a 0x100-byte boundary for
Cortex-M0+ based platforms.
Key changes
--------------------------------
- Increase `BL1_1_CODE_SIZE` to 58KB to accommodate the v2.2.1 binaries.
- Reduce `PROVISIONING_DATA_SIZE` to 6KB.
- `BL2_CODE_START` and `S_CODE_START` are aligned to 0x100 byte boundary
so both start addresses are an exact multiple of 0x100.
Upstream-Status: Backport [d56178638a49c8c964aab3bff69ed8396dd6d8fc]
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
---
.../arm/corstone1000/partition/region_defs.h | 29 ++++++++++---------
1 file changed, 15 insertions(+), 14 deletions(-)
diff --git a/platform/ext/target/arm/corstone1000/partition/region_defs.h b/platform/ext/target/arm/corstone1000/partition/region_defs.h
index 3e1294484..92e01c0e3 100644
--- a/platform/ext/target/arm/corstone1000/partition/region_defs.h
+++ b/platform/ext/target/arm/corstone1000/partition/region_defs.h
@@ -24,6 +24,10 @@
#include "flash_layout.h"
#include "bl1_2_config.h"
+/* Align address to 0x100 bytes boundary */
+#define ADDR_ALIGN 0x100
+#define ALIGN_UP_100(addr) (((addr + (ADDR_ALIGN - 1)) / ADDR_ALIGN) * ADDR_ALIGN)
+
/* BL1_1 */
#define BL1_1_HEAP_SIZE (0x0001000) /* 4KiB */
#define BL1_1_MSP_STACK_SIZE (0x0001800) /* 6KiB */
@@ -43,14 +47,10 @@
#define BOOT_TFM_SHARED_DATA_SIZE (0x400)
-#define IMAGE_TFM_CODE_SIZE \
- (TFM_PARTITION_SIZE - BL2_HEADER_SIZE - BL2_TRAILER_SIZE)
-
-#define IMAGE_BL2_CODE_SIZE \
- (SE_BL2_PARTITION_SIZE - TFM_BL1_2_HEADER_MAX_SIZE)
-
/* Secure regions */
-#define S_CODE_START (SRAM_BASE + BL2_HEADER_SIZE)
+#define S_CODE_START ALIGN_UP_100(SRAM_BASE + BL2_HEADER_SIZE)
+#define S_CODE_ALIGNMENT_DIFF (S_CODE_START - (SRAM_BASE + BL2_HEADER_SIZE))
+#define IMAGE_TFM_CODE_SIZE (TFM_PARTITION_SIZE - BL2_HEADER_SIZE - BL2_TRAILER_SIZE - S_CODE_ALIGNMENT_DIFF)
#define S_CODE_SIZE (IMAGE_TFM_CODE_SIZE)
#define S_CODE_LIMIT (S_CODE_START + S_CODE_SIZE - 1)
@@ -80,12 +80,13 @@
#define SECONDARY_PARTITION_START 0
#define SECONDARY_PARTITION_SIZE (TFM_PARTITION_SIZE)
-
/* SE BL2 regions */
-#define BL2_IMAGE_START (SRAM_BASE + SRAM_SIZE - SE_BL2_PARTITION_SIZE)
-#define BL2_CODE_START (BL2_IMAGE_START + TFM_BL1_2_HEADER_MAX_SIZE)
-#define BL2_CODE_SIZE (IMAGE_BL2_CODE_SIZE)
-#define BL2_CODE_LIMIT (BL2_CODE_START + BL2_CODE_SIZE - 1)
+#define BL2_IMAGE_START (SRAM_BASE + SRAM_SIZE - SE_BL2_PARTITION_SIZE)
+#define BL2_CODE_START ALIGN_UP_100(BL2_IMAGE_START + TFM_BL1_2_HEADER_MAX_SIZE)
+#define BL2_CODE_ALIGNMENT_DIFF (BL2_CODE_START - (BL2_IMAGE_START + TFM_BL1_2_HEADER_MAX_SIZE))
+#define IMAGE_BL2_CODE_SIZE (SE_BL2_PARTITION_SIZE - TFM_BL1_2_HEADER_MAX_SIZE - BL2_CODE_ALIGNMENT_DIFF)
+#define BL2_CODE_SIZE (IMAGE_BL2_CODE_SIZE)
+#define BL2_CODE_LIMIT (BL2_CODE_START + BL2_CODE_SIZE - 1)
#define BL2_DATA_START (S_DATA_START)
#define BL2_DATA_SIZE (BL2_IMAGE_START - BL2_DATA_START)
@@ -93,11 +94,11 @@
/* SE BL1 regions */
#define BL1_1_CODE_START (0)
-#define BL1_1_CODE_SIZE (0x0000C800) /* 50 KiB */
+#define BL1_1_CODE_SIZE (0x0000E800) /* 58 KiB */
#define BL1_1_CODE_LIMIT (BL1_1_CODE_START + BL1_1_CODE_SIZE - 1)
#define PROVISIONING_DATA_START (BL1_1_CODE_START + BL1_1_CODE_SIZE)
-#define PROVISIONING_DATA_SIZE (0x00002000) /* 8 KiB */
+#define PROVISIONING_DATA_SIZE (0x00001800) /* 6 KiB */
#define PROVISIONING_DATA_LIMIT (PROVISIONING_DATA_START + PROVISIONING_DATA_SIZE - 1)
#define BL1_1_DATA_START (SRAM_BASE)
--
2.43.0

42
meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0009-CC312-ADAC-Add-PSA_WANT_ALG_SHA_256-definition.patch
View File

@@ -1,42 +0,0 @@
From 756cfad0cc05e7f4c02faa74aea14962aa54420c Mon Sep 17 00:00:00 2001
From: Bence Balogh <bence.balogh@arm.com>
Date: Wed, 31 Jul 2024 13:38:09 +0200
Subject: [PATCH 2/3] CC312: ADAC: Add PSA_WANT_ALG_SHA_256 definition
The bl2_mbedcrypto_config is linked to the psa_adac_cc312 target so
the MCUBOOT_PSA_CRYPTO_CONFIG_FILEPATH and
MCUBOOT_MBEDCRYPTO_CONFIG_FILEPATH configs are used for the ADAC driver
too. The MCUBOOT_USE_PSA_CRYPTO is OFF by default, that means the
MCUBOOT_PSA_CRYPTO_CONFIG_FILEPATH is not included during the build so
the PSA_WANT_ALG_SHA_256 is not defined for the ADAC driver. Because
of this, the PSA_HASH_MAX_SIZE is not set correctly for the sources
of the psa_adac_cc312 target. This caused runtime issues.
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Upstream-Status: Backport [d7a6a86ee9adc65317c6d2a9962bfa4f093fa4ce]
---
platform/ext/accelerator/cc312/psa-adac/CMakeLists.txt | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/platform/ext/accelerator/cc312/psa-adac/CMakeLists.txt b/platform/ext/accelerator/cc312/psa-adac/CMakeLists.txt
index cb0553b40a..d7f5a54f3c 100644
--- a/platform/ext/accelerator/cc312/psa-adac/CMakeLists.txt
+++ b/platform/ext/accelerator/cc312/psa-adac/CMakeLists.txt
@@ -1,5 +1,5 @@
#-------------------------------------------------------------------------------
-# Copyright (c) 2020-2023, Arm Limited. All rights reserved.
+# Copyright (c) 2020-2024, Arm Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -32,6 +32,7 @@ target_compile_options(psa_adac_cc312
-DCC_IOT
-DUSE_MBEDTLS_CRYPTOCELL
-D_INTERNAL_CC_NO_RSA_SCHEME_15_SUPPORT
+ -DPSA_WANT_ALG_SHA_256
)
target_link_libraries(psa_adac_cc312
--
2.25.1

45
meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0009-Platform-CS1K-Adapt-ADAC-enabled-build-to-the-new-BL.patch Normal file
View File

@@ -0,0 +1,45 @@
From 31d3a21a2012d64c7acff55183477c7593ef4b31 Mon Sep 17 00:00:00 2001
From: Antonio de Angelis <Antonio.deAngelis@arm.com>
Date: Fri, 18 Apr 2025 21:00:55 +0100
Subject: [PATCH] Platform: CS1K: Adapt ADAC enabled build to the new BL2 build
restructure
The BL2 build was restructured in order to always migrate to use
MCUBOOT_USE_PSA_CRYPTO and then support hardware crypto drivers
through the PSA driver interface instead of the _ALT interface
which will be deprecated in newer versions of Mbed TLS. The ADAC
enabled library will then use PSA Crypto APIs through the thin
PSA Crypto core which is available in the BL2 build, without the
need to link the old driver through psa_adac_cc312.
Upstream-Status: Backport [36cc3a7cda2356d3a256e1271b75a93f35531b2f]
Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
Change-Id: I413116406ee18506ed3bcfe83ce7709542ea6f47
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
---
platform/ext/target/arm/corstone1000/CMakeLists.txt | 9 ---------
1 file changed, 9 deletions(-)
diff --git a/platform/ext/target/arm/corstone1000/CMakeLists.txt b/platform/ext/target/arm/corstone1000/CMakeLists.txt
index 6105c951b..ca5a034e3 100644
--- a/platform/ext/target/arm/corstone1000/CMakeLists.txt
+++ b/platform/ext/target/arm/corstone1000/CMakeLists.txt
@@ -436,15 +436,6 @@ if (${PLATFORM_PSA_ADAC_SECURE_DEBUG})
trusted-firmware-m-psa-adac
)
- target_link_libraries(trusted-firmware-m-psa-adac
- PRIVATE
- psa_adac_cc312
- )
-
- target_link_libraries(psa_adac_psa_crypto
- PRIVATE
- bl2_mbedcrypto_config
- )
endif()
--
2.43.0

41
meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0010-Platform-CS1000-Add-crypto-configs-for-ADAC.patch
View File

@@ -1,41 +0,0 @@
From 8d6ed0ac3b1eee4b1e279993ec351e9bd80b68dc Mon Sep 17 00:00:00 2001
From: Bence Balogh <bence.balogh@arm.com>
Date: Wed, 31 Jul 2024 13:38:27 +0200
Subject: [PATCH] Platform: CS1000: Add crypto configs for ADAC
The psa_adac_psa_crypto target needs the MBEDTLS_CONFIG_FILE and
MBEDTLS_PSA_CRYPTO_CONFIG_FILE defines in order to build correctly.
The default crypto config files are used here.
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Upstream-Status: Backport [06c0515a508ccbf60620e9337d5283bd00cd218c]
---
platform/ext/target/arm/corstone1000/CMakeLists.txt | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/platform/ext/target/arm/corstone1000/CMakeLists.txt b/platform/ext/target/arm/corstone1000/CMakeLists.txt
index 530c4059d..3709bf3ec 100644
--- a/platform/ext/target/arm/corstone1000/CMakeLists.txt
+++ b/platform/ext/target/arm/corstone1000/CMakeLists.txt
@@ -412,6 +412,18 @@ if (${PLATFORM_PSA_ADAC_SECURE_DEBUG})
PRIVATE
platform_bl2
)
+
+ target_compile_definitions(psa_adac_psa_crypto
+ PRIVATE
+ MBEDTLS_CONFIG_FILE="${CMAKE_SOURCE_DIR}/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_default.h"
+ MBEDTLS_PSA_CRYPTO_CONFIG_FILE="${CMAKE_SOURCE_DIR}/lib/ext/mbedcrypto/mbedcrypto_config/crypto_config_default.h"
+ )
+
+ target_link_libraries(psa_adac_psa_crypto
+ PRIVATE
+ psa_crypto_library_config
+ )
+
endif()
find_package(Python3)
--
2.25.1

27
meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0011-Platform-CS1000-Fix-platform-name-in-logs.patch
View File

@@ -1,27 +0,0 @@
From 8f0cd9710be508adab91d8b5ab5aa2d39e89c287 Mon Sep 17 00:00:00 2001
From: Bence Balogh <bence.balogh@arm.com>
Date: Wed, 31 Jul 2024 19:57:33 +0200
Subject: [PATCH] Platform: CS1000: Fix platform name in logs
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Upstream-Status: Backport [c3fa68995b247c802589890c6ea3e721127b0c78]
---
platform/ext/target/arm/corstone1000/bl2/boot_hal_bl2.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/platform/ext/target/arm/corstone1000/bl2/boot_hal_bl2.c b/platform/ext/target/arm/corstone1000/bl2/boot_hal_bl2.c
index 8aacd877e4..f5baf08cb4 100644
--- a/platform/ext/target/arm/corstone1000/bl2/boot_hal_bl2.c
+++ b/platform/ext/target/arm/corstone1000/bl2/boot_hal_bl2.c
@@ -192,7 +192,7 @@ int32_t boot_platform_post_init(void)
}
result = tfm_to_psa_adac_corstone1000_secure_debug(secure_debug_rotpk, 32);
- BOOT_LOG_INF("%s: dipda_secure_debug is a %s.\r\n", __func__,
+ BOOT_LOG_INF("%s: Corstone-1000 Secure Debug is a %s.\r\n", __func__,
(result == 0) ? "success" : "failure");
}
--
2.25.1

193
meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0013-Platform-CS1000-Fix-compiler-switch-in-BL1.patch
View File

@@ -1,193 +0,0 @@
From 09827a44518b05a2cc58602dda18474973abfb83 Mon Sep 17 00:00:00 2001
From: Bence Balogh <bence.balogh@arm.com>
Date: Thu, 5 Sep 2024 17:28:56 +0200
Subject: [PATCH 3/5] Platform: CS1000: Fix compiler switch in BL1
The fwu_agent.c used the "BL1" definition to check if the source file
is building for the BL1 or for the TFM_S target.
But the "BL1" definition is added to the build flags for every file
that links against platform_region_defs, see
tfm/cmake/spe-CMakeLists.cmake:
target_compile_definitions(platform_region_defs
INTERFACE
$<$<BOOL:${BL1}>:BL1>
....
)
This means the "#if BL1" condition was true for both cases.
This commit:
- Adds a new definition that is only added to the
platform_bl1_1 target.
- Fixes the #elif with no expression error that came up.
- Moves the partition table loading because previously it was not
loaded during the runtime TFM_S execution, only in BL2.
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Upstream-Status: Backport [f25649cc0de56f360069c6128670f7533ba5e14d]
---
.../target/arm/corstone1000/CMakeLists.txt | 7 ++++
.../corstone1000/fw_update_agent/fwu_agent.c | 33 +++++++++----------
2 files changed, 23 insertions(+), 17 deletions(-)
diff --git a/platform/ext/target/arm/corstone1000/CMakeLists.txt b/platform/ext/target/arm/corstone1000/CMakeLists.txt
index 89db1732a9..f6880cba3c 100644
--- a/platform/ext/target/arm/corstone1000/CMakeLists.txt
+++ b/platform/ext/target/arm/corstone1000/CMakeLists.txt
@@ -144,6 +144,7 @@ target_sources(platform_s
partition/gpt.c
$<$<NOT:$<BOOL:${PLATFORM_DEFAULT_OTP}>>:${PLATFORM_DIR}/ext/accelerator/cc312/otp_cc312.c>
rse_comms_permissions_hal.c
+ platform.c
)
if (PLATFORM_IS_FVP)
@@ -213,6 +214,12 @@ target_compile_definitions(platform_bl1_1
$<$<BOOL:${CRYPTO_HW_ACCELERATOR_OTP_PROVISIONING}>:CRYPTO_HW_ACCELERATOR_OTP_PROVISIONING>
MBEDTLS_CONFIG_FILE="${CMAKE_SOURCE_DIR}/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_default.h"
MBEDTLS_PSA_CRYPTO_CONFIG_FILE="${CMAKE_SOURCE_DIR}/lib/ext/mbedcrypto/mbedcrypto_config/crypto_config_default.h"
+
+ # This definition is only added to the bl1_main target. There are
+ # files that are shared between the BL1 and TFM_S targets. This flag
+ # can be used if the BL1 target needs different implementation than
+ # the TFM_S target.
+ BL1_BUILD
)
target_include_directories(platform_bl1_1_interface
diff --git a/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c b/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c
index 2b69447dc5..9890eeaf90 100644
--- a/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c
+++ b/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c
@@ -21,7 +21,7 @@
#include "uefi_fmp.h"
#include "uart_stdout.h"
#include "soft_crc.h"
-#if !BL1
+#ifndef BL1_BUILD
#include "partition.h"
#include "platform.h"
#endif
@@ -197,7 +197,7 @@ extern ARM_DRIVER_FLASH FWU_METADATA_FLASH_DEV;
#define HOST_ACK_TIMEOUT_SEC (6 * 60) /* ~seconds, not exact */
-#if BL1
+#ifdef BL1_BUILD
static enum fwu_agent_error_t private_metadata_read(
struct fwu_private_metadata* p_metadata)
{
@@ -220,7 +220,7 @@ static enum fwu_agent_error_t private_metadata_read(
return FWU_AGENT_SUCCESS;
}
-#elif
+#else
static enum fwu_agent_error_t private_metadata_read(
struct fwu_private_metadata* p_metadata)
{
@@ -253,7 +253,7 @@ static enum fwu_agent_error_t private_metadata_read(
}
#endif
-#if BL1
+#ifdef BL1_BUILD
static enum fwu_agent_error_t private_metadata_write(
struct fwu_private_metadata* p_metadata)
{
@@ -280,7 +280,7 @@ static enum fwu_agent_error_t private_metadata_write(
FWU_LOG_MSG("%s: success\n\r", __func__);
return FWU_AGENT_SUCCESS;
}
-#elif
+#else
static enum fwu_agent_error_t private_metadata_write(
struct fwu_private_metadata* p_metadata)
{
@@ -339,7 +339,7 @@ static enum fwu_agent_error_t metadata_validate(struct fwu_metadata *p_metadata)
return FWU_AGENT_SUCCESS;
}
-#if BL1
+#ifdef BL1_BUILD
static enum fwu_agent_error_t metadata_read_without_validation(struct fwu_metadata *p_metadata)
{
int ret;
@@ -362,7 +362,7 @@ static enum fwu_agent_error_t metadata_read_without_validation(struct fwu_metada
return FWU_AGENT_SUCCESS;
}
-#elif
+#else
static enum fwu_agent_error_t metadata_read_without_validation(struct fwu_metadata *p_metadata)
{
uuid_t metadata_uuid = FWU_METADATA_TYPE_UUID;
@@ -396,7 +396,7 @@ static enum fwu_agent_error_t metadata_read_without_validation(struct fwu_metada
}
#endif
-#if BL1
+#ifdef BL1_BUILD
static enum fwu_agent_error_t metadata_read(struct fwu_metadata *p_metadata)
{
int ret;
@@ -423,7 +423,7 @@ static enum fwu_agent_error_t metadata_read(struct fwu_metadata *p_metadata)
return FWU_AGENT_SUCCESS;
}
-#elif
+#else
static enum fwu_agent_error_t metadata_read(struct fwu_metadata *p_metadata)
{
uuid_t metadata_uuid = FWU_METADATA_TYPE_UUID;
@@ -461,7 +461,7 @@ static enum fwu_agent_error_t metadata_read(struct fwu_metadata *p_metadata)
#endif
-#if BL1
+#ifdef BL1_BUILD
static enum fwu_agent_error_t metadata_write(
struct fwu_metadata *p_metadata)
{
@@ -503,7 +503,7 @@ static enum fwu_agent_error_t metadata_write(
p_metadata->active_index, p_metadata->previous_active_index);
return FWU_AGENT_SUCCESS;
}
-#elif
+#else
static enum fwu_agent_error_t metadata_write(
struct fwu_metadata *p_metadata)
{
@@ -567,11 +567,15 @@ enum fwu_agent_error_t fwu_metadata_init(void)
enum fwu_agent_error_t ret;
ARM_FLASH_INFO* flash_info;
-
if (is_initialized) {
return FWU_AGENT_SUCCESS;
}
+ #ifndef BL1_BUILD
+ plat_io_storage_init();
+ partition_init(PLATFORM_GPT_IMAGE);
+ #endif
+
/* Code assumes everything fits into a sector */
if (sizeof(struct fwu_metadata) > FWU_METADATA_FLASH_SECTOR_SIZE) {
return FWU_AGENT_ERROR;
@@ -605,11 +609,6 @@ enum fwu_agent_error_t fwu_metadata_provision(void)
FWU_LOG_MSG("%s: enter\n\r", __func__);
-#if !BL1
- plat_io_storage_init();
- partition_init(PLATFORM_GPT_IMAGE);
-#endif
-
ret = fwu_metadata_init();
if (ret) {
return ret;
--
2.25.1

60
meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0015-Platform-corstone1000-Allow-FWU-calls-in-RSE-COMMS.patch
View File

@@ -1,60 +0,0 @@
From 47593ccd1b2a2210c0860d1670005780836f120b Mon Sep 17 00:00:00 2001
From: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
Date: Mon, 18 Nov 2024 11:40:25 +0000
Subject: [PATCH] Platform: corstone1000: Permit FWU calls in RSE-COMMS
Allow FWU calls to be dispatched by the RSE-COMMS for Corstone-1000.
This change is required to allow the transmission of PSA FWU related
calls between Cortex A and Cortex M side on Corstone-1000.
For every PSA call from A side, the RSE-COMMS at M side validates, if the
call is allowed or not.
Upstream-Status: Backport [b1123e3bf99000dd45992c0638c8f9ae7dba2ed8]
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
---
.../corstone1000/rse_comms_permissions_hal.c | 22 +++++++++++++++++++
1 file changed, 22 insertions(+)
diff --git a/platform/ext/target/arm/corstone1000/rse_comms_permissions_hal.c b/platform/ext/target/arm/corstone1000/rse_comms_permissions_hal.c
index 59724bc94..58ade2026 100644
--- a/platform/ext/target/arm/corstone1000/rse_comms_permissions_hal.c
+++ b/platform/ext/target/arm/corstone1000/rse_comms_permissions_hal.c
@@ -33,6 +33,9 @@
#ifdef TFM_PARTITION_INTERNAL_TRUSTED_STORAGE
#include "tfm_its_defs.h"
#endif /* TFM_PARTITION_INTERNAL_TRUSTED_STORAGE */
+#ifdef TFM_PARTITION_FIRMWARE_UPDATE
+#include "tfm_fwu_defs.h"
+#endif /* TFM_PARTITION_FIRMWARE_UPDATE */
#define INVALID_REGION_COUNTER_MAX 128
#define INVALID_SERVICE_COUNTER_MAX 64
@@ -165,6 +168,25 @@ enum tfm_plat_err_t comms_permissions_service_check(psa_handle_t handle,
case TFM_DPE_SERVICE_HANDLE:
return TFM_PLAT_ERR_SUCCESS;
#endif /* TFM_PARTITION_DPE */
+
+#ifdef TFM_PARTITION_FIRMWARE_UPDATE
+ case TFM_FIRMWARE_UPDATE_SERVICE_HANDLE:
+ switch(type) {
+ case TFM_FWU_START:
+ case TFM_FWU_WRITE:
+ case TFM_FWU_FINISH:
+ case TFM_FWU_CANCEL:
+ case TFM_FWU_INSTALL:
+ case TFM_FWU_CLEAN:
+ case TFM_FWU_REJECT:
+ case TFM_FWU_REQUEST_REBOOT:
+ case TFM_FWU_ACCEPT:
+ case TFM_FWU_QUERY:
+ return TFM_PLAT_ERR_SUCCESS;
+ default:
+ goto out_err;
+ }
+#endif /* TFM_PARTITION_FIRMWARE_UPDATE */
default:
goto out_err;
}
--
2.25.1

73
meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0016-FWU-Make-platform-specific-TFM_FWU_BOOTLOADER_LIB-se.patch
View File

@@ -1,73 +0,0 @@
From 5afc6fde140e4033c4b69450daed42c6a3dea2bc Mon Sep 17 00:00:00 2001
From: Ali Can Ozaslan <ali.oezaslan@arm.com>
Date: Wed, 30 Oct 2024 09:54:49 +0000
Subject: [PATCH] FWU: Make platform specific TFM_FWU_BOOTLOADER_LIB selectable
to add
Prepare the environment where partition firmware update can be
enabled and platform specific bootloader configuration can be used.
FWU implementation provides an abstraction for the bootloader.
This bootloader abstraction layer is implemented for MCUBoot.
It can be used after making changes that can handle platform
specific behaviors. But the implementation limits it.
When TFM_PARTITION_FIRMWARE_UPDATE is enabled, the configuration
becomes invalid. Therefore, the invalid configuration is limited
to the case where TFM_FWU_BOOTLOADER_LIB is used for MCUboot.
This makes the configuration valid when a platform specific
configuration is used.
TFM_FWU_BOOTLOADER_LIB can only be added from a subdirectory, which
prevents the use of platform-specific bootloader configurations.
The logic has been changed to allow the use of platform-specific
bootloader configurations.
Signed-off-by: Ali Can Ozaslan <ali.oezaslan@arm.com>
Upstream-Status: Backport [3357369d7b878b8e8ad9515f821ac2226ec7fb18]
---
config/check_config.cmake | 2 +-
secure_fw/partitions/firmware_update/CMakeLists.txt | 12 ++++++++----
2 files changed, 9 insertions(+), 5 deletions(-)
diff --git a/config/check_config.cmake b/config/check_config.cmake
index 1039b22f9..d1929f6da 100644
--- a/config/check_config.cmake
+++ b/config/check_config.cmake
@@ -63,7 +63,7 @@ tfm_invalid_config(TFM_NS_NV_COUNTER_AMOUNT GREATER 3)
tfm_invalid_config(NOT PLATFORM_HAS_FIRMWARE_UPDATE_SUPPORT AND TFM_PARTITION_FIRMWARE_UPDATE)
tfm_invalid_config(TFM_PARTITION_FIRMWARE_UPDATE AND NOT TFM_PARTITION_PLATFORM)
-tfm_invalid_config((MCUBOOT_UPGRADE_STRATEGY STREQUAL "DIRECT_XIP" OR MCUBOOT_UPGRADE_STRATEGY STREQUAL "RAM_LOAD") AND TFM_PARTITION_FIRMWARE_UPDATE)
+tfm_invalid_config((MCUBOOT_UPGRADE_STRATEGY STREQUAL "DIRECT_XIP" OR MCUBOOT_UPGRADE_STRATEGY STREQUAL "RAM_LOAD") AND TFM_PARTITION_FIRMWARE_UPDATE AND TFM_FWU_BOOTLOADER_LIB STREQUAL "mcuboot")
tfm_invalid_config(TFM_PARTITION_FIRMWARE_UPDATE AND NOT MCUBOOT_DATA_SHARING)
####################### Protected Storage Partition ###############################
diff --git a/secure_fw/partitions/firmware_update/CMakeLists.txt b/secure_fw/partitions/firmware_update/CMakeLists.txt
index b249597b9..ecb90e0f0 100644
--- a/secure_fw/partitions/firmware_update/CMakeLists.txt
+++ b/secure_fw/partitions/firmware_update/CMakeLists.txt
@@ -37,11 +37,15 @@ target_sources(tfm_partitions
${CMAKE_BINARY_DIR}/generated/secure_fw/partitions/firmware_update/auto_generated/load_info_tfm_firmware_update.c
)
-# The bootloader specific configuration.
-if ((NOT TFM_FWU_BOOTLOADER_LIB) OR (NOT EXISTS ${CMAKE_CURRENT_SOURCE_DIR}/bootloader/${TFM_FWU_BOOTLOADER_LIB}))
- message(FATAL_ERROR "TFM_FWU_BOOTLOADER_LIB invalid")
+# Use platform specific bootloader configuration if present.
+if ((TFM_FWU_BOOTLOADER_LIB) AND (EXISTS ${TFM_FWU_BOOTLOADER_LIB}))
+ add_subdirectory(${TFM_FWU_BOOTLOADER_LIB} ${CMAKE_CURRENT_BINARY_DIR}/${TFM_FWU_BOOTLOADER_LIB})
+else()
+ if ((NOT TFM_FWU_BOOTLOADER_LIB) OR (NOT EXISTS ${CMAKE_CURRENT_SOURCE_DIR}/bootloader/${TFM_FWU_BOOTLOADER_LIB}))
+ message(FATAL_ERROR "TFM_FWU_BOOTLOADER_LIB invalid")
+ endif()
+ add_subdirectory(bootloader/${TFM_FWU_BOOTLOADER_LIB})
endif()
-add_subdirectory(bootloader/${TFM_FWU_BOOTLOADER_LIB})
target_link_libraries(tfm_psa_rot_partition_fwu
PRIVATE
--
2.34.1

36
meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-corstone1000.inc
View File

@@ -6,6 +6,10 @@ TFM_PLATFORM = "arm/corstone1000"
TFM_DEBUG = "1"
# These dependencies are needed for TF-M v2.2.0 and above
# https://github.com/TrustedFirmware-M/trusted-firmware-m/blob/TF-Mv2.2.0/tools/requirements.txt
DEPENDS:append = " clang-native python3-rich-native python3-pyelftools-native"
## Default is the MPS3 board
TFM_PLATFORM_IS_FVP ?= "FALSE"
EXTRA_OECMAKE += "-DPLATFORM_IS_FVP=${TFM_PLATFORM_IS_FVP}"
@@ -20,26 +24,15 @@ SRC_URI += " \
FILESEXTRAPATHS:prepend := "${THISDIR}/files:"
SRC_URI:append:corstone1000 = " \
file://0001-Platform-Corstone1000-Enable-firewall-in-FVP.patch \
file://0002-Platform-CS1000-Increase-ITS-max-asset-size.patch \
file://0003-Platform-CS1000-Increase-RSE_COMMS-buffer-size.patch \
file://0004-Platform-CS1000-Increase-buffers-for-EFI-vars.patch \
file://0005-Platform-CS1000-Increase-flash-PS-area-size.patch \
file://0006-platform-CS1000-Add-multicore-support-for-FVP.patch \
file://0007-Platform-CS1000-Fix-Bank-offsets.patch \
file://0008-Platform-CS1000-Increase-BL2-partition-size.patch \
file://0009-CC312-ADAC-Add-PSA_WANT_ALG_SHA_256-definition.patch \
file://0010-Platform-CS1000-Add-crypto-configs-for-ADAC.patch \
file://0011-Platform-CS1000-Fix-platform-name-in-logs.patch \
file://0012-Platform-CS1000-Remove-unused-BL1-files.patch \
file://0013-Platform-CS1000-Fix-compiler-switch-in-BL1.patch \
file://0014-CC312-alignment-of-cc312-differences.patch \
file://0015-Platform-corstone1000-Allow-FWU-calls-in-RSE-COMMS.patch \
file://0016-FWU-Make-platform-specific-TFM_FWU_BOOTLOADER_LIB-se.patch \
file://0017-Platform-CS1000-Enable-FWU-partition.patch \
file://0018-Platform-Corstone1000-Implement-Bootloader-Abstracti.patch \
file://0019-Platform-Corstone1000-Increase-buffer-sizes.patch \
file://0023-Platform-CS1000-Remove-duplicate-configuration-parameters.patch \
file://0001-Platform-CS1000-Remove-unused-BL1-files.patch \
file://0002-Platform-Corstone1000-Fix-BL1-compiler-switch-and-re.patch \
file://0003-CC312-alignment-of-cc312-differences-between-fvp-and.patch \
file://0004-Platform-Corstone1000-Enable-FWU-partition.patch \
file://0005-Platform-Corstone1000-Implement-Bootloader-Abstracti.patch \
file://0006-Platform-Corstone1000-Increase-buffer-sizes.patch \
file://0007-Platform-Corstone1000-Remove-duplicate-configuration.patch \
file://0008-Platform-Corstone1000-Increase-BL1-size-and-align-bi.patch \
file://0009-Platform-CS1K-Adapt-ADAC-enabled-build-to-the-new-BL.patch \
"
FILESEXTRAPATHS:prepend:corstone1000-mps3 := "${THISDIR}/files/corstone1000/psa-adac:"
@@ -58,6 +51,7 @@ do_install() {
create_bl1_image(){
dd conv=notrunc bs=1 if=${D}/firmware/bl1_1.bin of=${D}/firmware/bl1.bin seek=0
dd conv=notrunc bs=1 if=${D}/firmware/bl1_provisioning_bundle.bin of=${D}/firmware/bl1.bin seek=40960
# Size of bl1_1.bin is 58KB (59392 bytes)
dd conv=notrunc bs=1 if=${D}/firmware/bl1_provisioning_bundle.bin of=${D}/firmware/bl1.bin seek=59392
}
do_install[postfuncs] += "create_bl1_image"