Allow TF-M v2.2.2 to boot with Secure Debug enabled on Corstone-1000 and
align the driver implementation with the current psa-adac library.
- Add missing DRBG macros to fix the
"Failed to generate challenge!" error during Secure Debug.
- Fix an unintended platform reset occurring immediately after setting
the debug enable bits in the dcu_en register while in SE LCS.
Signed-off-by: Devaraj Ranganna <devaraj.ranganna@arm.com>
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The PCI subsystem with 6.18 is now warning on boot:
PCI: OF: of_root node is NULL, cannot create PCI host bridge node
Until this can be root-caused, ignore it.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
With kernel 6.18 the kernel will now warn if it tries to run a command
from a ramdisk but it cannot be found[1]. This happens with the
qemuarm64-secureboot machine (but not qemuarm64) because u-boot appears
to be populating the devicetree with a ramdisk entry:
loading kernel to address 40400000 size 1702a00
1 qfw ready qfw 0 qfw
** Booting bootflow 'qfw' with qfw
## Flattened Device Tree blob at 7e659890
Booting using the fdt blob at 0x7e659890
Working FDT set to 7e659890
Loading Ramdisk to 7bcfd000, end 7d3ffa00 ... OK
Loading Device Tree to 000000007d621000, end 000000007d626534 ... OK
Working FDT set to 7d621000
Starting kernel ...
The kernel tries to mount and boot this ramdisk but fails because it
isn't a valid initrd or initramfs. The boot continues as usual, but this
warning in the logs triggers parselogs.
Until the boot flow is properly resolved, ignore the message.
[1] linux 98aa4d5d242d ("init/main.c: add warning when file specified in rdinit is inaccessible")
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The TF-A can install files with dtb extension. This is not handled in
the firmware.bbclass so append it here.
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Replace inherit deploy with firmware.
Initialize TFM_DEBUG using the FIRMWARE_DEBUG_BUILD variable. Initialize
TFM_PLATFORM with FIRMWARE_PLATFORM.
Refactor do_install to use ${FIRMWARE_DIR} and remove now redundant
configuration.
Refactor corstone1000 config files to use ${FIRMWARE_DIR} and the
base do_install.
Signed-off-by: Peter Hoyes <peter.hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Replace inherit deploy with firmware.
Initialize SCP_DEBUG using the FIRMWARE_DEBUG_BUILD variable. Initialize
SCP_PLATFORM using the FIRMWARE_PLATFORM variable.
Refactor do_install to use ${FIRMWARE_DIR} and remove now redundant
configuration.
Signed-off-by: Peter Hoyes <peter.hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Replace inherit deploy with firmware.
Initialize TFA_DEBUG using the FIRMWARE_DEBUG_BUILD variable. Initialize
TFA_PLATFORM with FIRMWARE_PLATFORM.
Refactor do_install to use ${FIRMWARE_DIR} and remove now redundant
configuration. Drop the redundant ${TFA_PLATFORM} suffixes.
Update BSP conf files to use the new deploy location, including
symlinking back to ${DEPLOYDIR} where necessary.
Signed-off-by: Peter Hoyes <peter.hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
There are now a handful of firmware component recipes in meta-arm, each
of which does its own (slightly different) deployment handling.
Introduce a bbclass to standardize this, with the aim of cleaning up the
DEPLOY_DIR_IMAGE. Crucially, each firmware component deploys into a
${PN} subdirectory of DEPLOY_DIR_IMAGE. This has a few advantages:
* Many Arm components have the same or similar binary names (BL1, BL2
etc). This ensures unique naming and avoids confusion.
* Recipes can afford to be less picky about which binaries are deployed.
This simplifies component recipes.
* It is easier to deploy debug symbols in a common way to an expected
location.
* It keeps the DEPLOY_DIR_IMAGE clean in the face of ever-increasing
firmware complexity.
The bbclass also provides a FIRMWARE_DEBUG_BUILD variable to control the
build type of the firmware in one place, defaulting to the global
DEBUG_BUILD. This should allow BSPs in meta-arm-bsp to more easily
provide a release build by default (by providing an easy switch for
development purposes when needed).
Signed-off-by: Peter Hoyes <peter.hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
There are times where we need to produce multiple versions of the
trusted-firmed binaries in a given build, but the names for the binaries
are hard-coded in the Makefile and do_install().
This patch adds a new variable, TFA_INSTALL_SUFFIX, that is added to
do_install() that can uniquely name the resulting binaries. By default,
the suffix is empty so that default behavior is not changed.
Signed-off-by: Ryan Eatmon <reatmon@ti.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
When the git version of this recipe was created, the application of local
patches was left out.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update TF-M to the latest hotfix release and rebase the Corstone1000
patches, and drop
0008-Platform-Corstone1000-Increase-BL1-size-and-align-bi.patch
0009-Platform-CS1K-Adapt-ADAC-enabled-build-to-the-new-BL.patch
as they are in the TF-Mv2.2.2 release
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add git recipe versions that track the latest git versions of u-boot and
the various OP-TEE recipes. This, in combination with the previously
existing trusted firmware a and m recipes, allows for using the latest
code in platform development and testing (as part of CI).
For CI usage, a KAS yml file has been created to allow for those recipes
to be used, and an entry for fvp-base has been added to the gitlab CI
yml file.
NOTE: the wildcard for corstone1000 u-boot PREFERRED_VERSION was causing
it to pick-up the newest version (and failing to apply the patches).
The wildcard is unnecessary, since it is using a layer supplied package.
So, remove it and everyone is happy.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update the TF-A git recipe to the latest tag. The license SHA needed to
be updated due to adding of some memmap sources from mbed, which are
under the Apache 2.0 license, which is already present in the inc file.
Signed-off-by: Jon Mason <jon.mason@arm.com>
u-boot has accepted some of the fvp-base patches. Take the upstream
versions and rebase the third patch to apply.
Signed-off-by: Jon Mason <jon.mason@arm.com>
- Document Corstone‑1000 platform architecture based on the Cortex‑A320 core
- Add test specification and guide for Corstone‑1000 with Cortex‑A320
Signed-off-by: Hugues KAMBA MPIANA <hugues.kambampiana@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update Corstone-1000 U-Boot device tree for the Cortex-A320 variant
and enable GICv3/GIC-600, while keeping compatibility with the
existing GIC-400 setup. A single DT image now supports either
configuration via Kconfig guards.
**Device-tree updates (Cortex-A320)**
* Map Ethos-U85 NPU registers at `0x1A050000` (16 KiB) and its SRAM at
`0x02400000` (2 MiB, no-map), plus a 32 MiB DDR carve-out for DMA.
* Add `/ethosu@1a050000` with interrupts, `dma-ranges`, `cs-region`,
and `ethosu-mem-config` for driver probe.
* Guard the NPU node behind `CONFIG_ETHOS_U85`.
* Add a Cortex-A320 compatible string to the Corstone-1000 DTS
downstream.
**GICv3/GIC-600 selection**
* Introduce `CONFIG_GIC_V3` to select the new interrupt controller.
* Add a full GICv3/GIC-600 node guarded by `#ifdef CONFIG_GIC_V3`.
* When GICv3 is enabled, set `cpu@1..3` `reg` to `0x100/0x200/0x300`
(retain `0x1/0x2/0x3` for GIC-400).
* Update the Ethos-U85 interrupt to **SPI 16** to match the interrupt
map.
Signed-off-by: Frazer Carsley <frazer.carsley@arm.com>
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Enable Trusted Firmware-A for Corstone-1000 platforms with Cortex-A320 and
switch the interrupt controller from GICv2/GIC-400 to GICv3/GIC-600.
**Platform/feature enablement**
* Map Ethos-U85 NPU registers (`0x1A050000`, 16 KiB) and its SRAM region
(`0x02400000`, 4 MiB) into Normal World
(`MT_DEVICE | MT_RW | MT_NS` / `MT_MEMORY | MT_RW | MT_NS`).
* Force Cortex-A320 feature selection: enable Armv9 features, disable
Cortex-A35 errata, and select the `cortexa320` override in
`trusted-firmware-a-corstone1000.inc`.
* Build TF-A-Tests with `CORSTONE1000_CORTEX_A320=1` to skip non-applicable
FF-A, PSCI, and CPU-extension tests on Cortex-A320.
**GICv3/GIC-600 transition (A320 builds)**
* Update `plat_my_core_pos()` and `plat_arm_calc_core_pos()` to compute the
linear core position using the Cortex-A320 MPIDR_EL1 affinity layout.
* Add an A320-specific core-position routine in assembly, guarded by
`CORSTONE1000_CORTEX_A320`.
* Switch to the GICv3 driver with GIC-600 extensions:
* Update platform GIC base addresses to the GIC-600 layout.
* Use GICv3 APIs; set `USE_GIC_DRIVER=3`, `GICV3_SUPPORT_GIC600=1`,
and `GIC_ENABLE_V4_EXTN=1`.
* Keep conditional GIC versioning so Cortex-A35 continues to use GICv2/GIC-400.
These changes ensure correct GIC configuration and reliable secondary-core
bring-up on Cortex-A320 while preserving existing Cortex-A35 behavior.
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
Signed-off-by: Frazer Carsley <frazer.carsley@arm.com>
Signed-off-by: Michael Safwat <michael.safwat@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Enable full Corstone‑1000 Cortex‑A320 DSU‑120T platform support in TF‑M:
- Reserve a 4 MiB Host SRAM region at 0x0240_0000 for the
Cortex‑A320 normal world and open it in the CVM firewall
(region 2), gated by `CORSTONE1000_CORTEX_A320``.
- Introduce a DSU‑120T Power-Policy Unit driver plus a
`CORSTONE1000_DSU_120T` CMake option to power on the Cortex‑A320
host cluster with proper secure-enclave firewall and memory-map
setup.
- Add a CMake platform define that auto‑activates when the
`cortexa320` machine feature is present, injecting
DSU‑120T‑specific compile definitions.
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update the OP-TEE OS build logic to detect `MACHINE_FEATURES` and
append the appropriate `arm64-platform-cpuarch` value to
`EXTRA_OEMAKE`, instead of hard-coding `cortex-a35`.
This change ensures that when `MACHINE_FEATURES` includes
`cortexa320`, the OP-TEE build receives the matching `core-arch` flag,
while maintaining `cortex-a35` as the default.
The new Corstone-1000 variant with Cortex-A320 replaces the original
GIC-400 (v2) interrupt controller with a GIC-600, which is
architecturally compliant with GICv3. Since OP-TEE already provides
a generic GICv3 driver, only minimal platform changes are needed
to expose the updated register map and initialize the GICv3 interface.
Signed-off-by: Hugues KAMBA MPIANA <hugues.kambampiana@arm.com>
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Enable the Corstone‑1000 Cortex‑A320 variant by:
- Introduce `machine/include/corstone1000-a320.inc` to configure the
default Ethos‑U MAC count when `cortexa320` is in MACHINE_FEATURES,
and allow override via `ETHOSU_NUM_MACS`.
- Add a KAS profile at `kas/corstone1000-a320.yml` for Cortex‑A320
FVP-based builds.
- Extend corstone1000.inc to detect MACHINE_FEATURES (cortexa320) and
pull in the matching tune-<core>.inc (default still Cortex-A35).
- Add the `meta-ethos` layer as a dependency of `meta-arm-bsp` for
Cortex‑A320 builds and define a new KMachine override to pull in
the Ethos‑U driver recipe.
- In `conf/machine/corstone1000-fvp.conf`, inspect `MACHINE_FEATURES`
and set `FVP_EXE` to `FVP_Corstone-1000_with_Cortex-A320` when
`cortexa320` is enabled, otherwise fall back to `FVP_Corstone-1000`.
- In `recipes-devtools/fvp/fvp-corstone1000.bb`, add a
`SRC_URI:cortexa320` entry (with checksums) for the Cortex‑A320 FVP
build archive.
- Disable the rootfs CPIO file compression so it is not compressed
twice when bundled with the kernel
Signed-off-by: Michael Safwat <michael.safwat@arm.com>
Signed-off-by: Frazer Carsley <frazer.carsley@arm.com>
Signed-off-by: Hugues KAMBA MPIANA <hugues.kambampiana@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
When a recipe uses the externalsrc class, the do_patch task is
skipped entirely as specified in SRCTREECOVEREDTASKS.
Since do_apply_local_src_patches function is registered as a postfuncs,
it would never run in that specific case.
This cause recipes relying on do_apply_local_src_patches to miss the
local source patching when built from external source tree.
To address the issue, schedule a new task after the do_patch and before
the do_configure, ensuring the local patching executes regardless of
whether do_patch was skipped by externalsrc.
Signed-off-by: Clement Faure <clement.faure@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Whilst TF-M 2.1.1 doesn't use this, setting the variable doesn't have
any negative effects and consolidates the external module assignments.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
We now use Ninja to build TF-M[1], so setting CMAKE_VERBOSE_MAKEFILES
doesn't do anything.
We have arm-none-eabi-gcc 13.3[2], so there's no need to remove options
that <13 don't support.
[1] meta-arm 018fd6aecf ("arm/trusted-firmware-m: use Ninja to build")
[2] meta-arm f646ee4507 ("arm-toolchain: update to 13.3")
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
As the Poky layer will no longer be updated following
the integration of `bitbake-setup`, developers are advised to
use a combination of the `bitbake` and `openembedded-core`
layers instead of the `poky` layer.
Note that the `poky` layer is a combination of these two
layers glued into a single repository for convenience.
Signed-off-by: Hugues KAMBA MPIANA <hugues.kambampiana@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
We don't run or package the tests, so there's no point to building them.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
We depend on native tools to provide these binaries, so we can delete
them to ensure that our tools are always used and never the prebuilt.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Split configure/compile and invoke ninja directly so that we can
control parallelisation.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
GICC registers are not defined for GICv3. Trusted-Firmware-A throws error when
GICC register address is not defined even for GICv3. Adding patch
to handle this in Trusted-Firmware-A.
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
ARMmbed/mbedtls is the old name and redirects to Mbed-TLS/mbedtls, use
the correct name to avoid the redirection.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
- Introduce new file `corstone1000-extsys.inc` to define variables related
to the external system.
- Ensure this file is included only when MACHINE_FEATURES do contain
corstone1000-extsys.
This change makes external system configuration modular and only applied
when explicitly enabled through machine features.
Signed-off-by: Michael Safwat <michael.safwat@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The image wasn’t autoloading kernel modules even though
`KERNEL_MODULE_AUTOLOAD` populated `/etc/modules-load.d/`. In this
configuration `/etc/init.d/rcS` only executes runlevel scripts from
`/etc/rcS.d` (and `/etc/rc5.d`), and `modutils.sh` was also missing.
This change:
* Includes the loader by adding `modutils-initscripts` to
`CORE_IMAGE_EXTRA_INSTALL`.
* Enables SysV init by appending `sysvinit` to `DISTRO_FEATURES`,
ensuring the `S*` start links in `/etc/rcS.d` (and `/etc/rc5.d`)
call `/etc/init.d/modutils.sh start` during boot.
**Result:** entries in `/etc/modules-load.d/*.conf` now load
automatically at boot.
**Verification**
* Before: `lsmod` empty after boot; manual `modprobe` needed.
* After: `lsmod` shows target modules; `dmesg` contains module init logs.
Signed-off-by: Hugues KAMBA MPIANA <hugues.kambampiana@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Switch the *reserved-memory* node from two-cell (64-bit) encoding to
one-cell (32-bit) encoding and adjust the `reg` property accordingly
to make reserved-memory node format compatible with rest of the dts.
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The Fedora 39 artifacts have been moved to an /archive/ directory, so
update the SRC_URI to match.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
git.trustedfirmware.org is an alias for review.trustedfirmware.org. We
moved the main recipe to use review.trustedfirmware.org last year[1]
but not all other recipes that fetch the source followed, which means
that we have to fetch TF-A multiple times.
This commit ensures that all the recipes are using the same SRC_URI, so
we just fetch TF-A once.
[1] a6a4952e ("arm/trusted-firmware-a: use correct git URL")
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
tfm_sign_image.bbclass hard codes the image security counter, which is
generated from the image version x.y.z.
The generated image security counter value is huge if x or y > 0.
Platform security counter store may not support such a huge counter
value.
Introduce a variable RE_WRAPPER_SECURITY_COUNTER to enable platforms to
specify the actual image security counter.
Signed-off-by: David Hu <david.hu2@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This job takes a few minutes and isn't useful unless it's being ran for
master, or is being actively worked on.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Reduce the number of tests being run in CI to reduce the amount of time
it takes to complete, while providing the same code coverage. Internal
CI runs went from 2.5h to 1.5h.
Signed-off-by: Jon Mason <jon.mason@arm.com>
It turns out that the base SRCREV for trusted-services is a tag name,
which meant it was hitting the network on every build. Use the SHA
instead.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The SMAIL_GPL license in oe-core was renamed SMAIL-GPL to match SPDX.
Update the recipe to match this.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This bbappend was _appending_ to FILESEXTRAPATHS but putting the colon
separator _after_, so it actually constructed an invalid path.
Change the assignment to be prepend, so the separator is in the right
place.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
trusted-firmware a has a compile error when building with clang. Since
this platform is EOL'ed and we're not currently building this platform
with clang in CI, the best option is to force GCC for it.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Hopefully this issue can be fixed in a newer release. Move the
toolchain forcing to the versioned so that it can be tracked easier.
Signed-off-by: Jon Mason <jon.mason@arm.com>
