This commit includes :
- Rebased and fixed N1SDP kernel PCIe quirk patches to apply on 6.1 kernel
Signed-off-by: Xueliang Zhong <xueliang.zhong@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The UEFI capsule generated is in the incorrect build directory.
This patch copies it to IMGDEPLOYDIR.
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Mirrors of meta-arm may focus their development on a small subset of
MACHINEs so provide the option to restrict the boards that are built on
CI using the variable BUILD_ENABLE_REGEX. If set, it conditionally
enables builds; if unset there is no change in behavior.
This variable could be overridden in a scheduled build, to e.g. build
all the MACHINEs weekly.
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update tfa version to v2.8. Also, fiptool uses tfa sources. So, keep
it with the rest of tfa to prevent the version from becoming stale.
NOTE: tf-a-tests is being held back for corstone1000 due to compilation
errors.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Defining a task called do_deploy in an image recipe causes the
license_image bbclass in OE-core to think the recipe is not an image
recipe, which causes errors with license information collection if you
have an image recipe which depends on an image recipe using this
bbclass.
To fix this, and to add support for caching the signed binaries, use a
single task, do_sign_images (and its setscene task). The implementation
is based on deploy.bbclass, so the sstate is responsible for installing
the signed binaries in ${DEPLOY_DIR_IMAGE}, but using a different name
so that license information collection still works as expected.
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
To simplify adding support for new versions of TF-M scripts in the
future, create a common .inc file with the non-version-specific
configuration.
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
To simplify adding support for new versions of TF-M in the future,
create a common .inc file with the non-version-specific configuration.
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
To try and prevent trusted-firmware-m and trusted-firmware-m-scripts
from becoming out of sync in the future, create a common
trusted-firmware-m-1.7.0-src.inc which defines all the repositories and
their SHAs for both. Include this file in both recipes.
Add a SUMMARY and DESCRIPTION to trusted-firmware-m-scripts.
Update mbedtls to 3.2.1 (the recommended version for TF-M 1.7.0)
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Factor out the image signing arguments in tfm_image_sign.bbclass into
its own variable, TFM_IMAGE_SIGN_ARGS, so that it can be customized on a
per-machine basis if necessary.
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update the TF-M image signing scripts to use the TF-M 1.7.0 sources, so
it is in sync with the TF-M recipe itself.
Synchronize the trusted-firmware-m and -scripts Python dependencies
with the in-repo requirements.txt files. This requires a recipe to be
carried for pyhsslms.
1.7.0 introduces the --measured-boot-record argument to the image
signing script, which is required to maintain existing behavior. Add it
to the arguments in the tfm_sign_image bbclass.
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
TF-M provides IPC as a SPM backend which gives SPM and each Secure Partition
it's own execution context. And provides higher isolation levels.
corstone1000 isolation level is 2. Hence, switching to IPC backend.
Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This change adds patches to align psa crypto client of TS with TF-Mv1.7
running on secure enclave of corstone1000
The patches updating
- PSA Crypto SID defines values
- psa_ipc_crypto_pack_iovec structure
- Fix inputs and outputs passed to in/out_vec to match crypto service
expectations
Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Mirrors of meta-arm may have the persistent cache directory mounted in a
different place. To make it easier to configure, define this location
using a single $CACHE_DIR variable.
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This repository doesn't tag releases, so just track the latest SHA.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
IMAGE_TYPES += "wic.nopt" is effective if the bbclass is included
using IMAGE_CLASSES, but not if included directly (using inherit) due to
file parse ordering.
To support applying wic_nopt locally (i.e. for certain image recipes but
not others), change to use :append.
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
To support using the wic_nopt bbclass from BSP layers other than
meta-arm-bsp, move it to meta-arm.
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This patch uses the json config file for UEFI capsule generation
as this is efficient and easily scalable to generate multiple
capsules.
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The BBCLASSEXTEND configuration can generate native sdk and target
recipes as well. The cp command used in do_install will
create host contamination issues for these recipes, so this patch
makes the recipe native only.
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Inherits the UEFI capsule generation class and configures the capsule
variables for the wic.nopt image
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This class currently supports only a single firmware binary. The
required capsule parameters needs to be set, if not the build fails.
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The native recipe installs the UEFI capsule generation tool
along with the other base tools to native sysroot.
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
TF-M does not use persistent release branches and the release-* branches
have been removed from the repository, so switch the branches to master.
Also update the tf-m-tests SRVREV to the 1.7.0 tag, not the RC2.
99% based on a patch by Peter Hoyes <Peter.Hoyes@arm.com>.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This bbappend is only used by qemuarm*, which now use 6.1, so this can
be removed.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Currently the N1SDP patches haven't been ported to 6.1 and the
port/testing isn't trivial. Until the relevant team has done the port to
6.1, carry a 5.19 kernel in meta-arm-bsp for N1SDP.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Apply the patch from scp-firmware to the third copy of the buggy
Makefiles which fail randomly under parallel builds.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2 symbols were added to the arm64 kernel defconfig without the
corresponding code. Remove these unnecessary pieces to avoid the
warning.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Bump kernel version to v6.1 and rebase the patches on
top of this new version.
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Bump corstone500 kernel version to 6.1 and drop the not
longer needed patch regarding the SND_SOC_AC97 config
option in multi_v7.
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Bump corstone1000 to u-boot version 2023.01, as at it
do some trailing spaces cleanup.
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Make sure the master branch track the other masters instead
of being lock to langdale.
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
To avoid having always tools that depend on git ls or other
git plumbing to include and spin around the enormous content of
the build directory.
Just add it to the ignore file and make that build content,
that will never get in the repo invisible to git and tools.
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
For some reason the kas 3.2.1 container fails:
No such file or directory: '/builds/engineering/yocto/meta-arm/ci/ci/base.yml'
Note the repeated /ci/, which is wrong.
Pin the kas container to 3.2 for now until this is resolved.
Signed-off-by: Ross Burton <ross.burton@arm.com>
The initramfs needs to be very small, but since oe-core d6a62e kmod has
enabled OpenSSL support which doubles the size of the initramfs,
resulting in boot failures.
Signed-off-by: Ross Burton <ross.burton@arm.com>
With the 6.1 kernel, fvp-base logs the warning:
[NOTE]: 'CONFIG_ARM_CPUIDLE' last val (y) and .config val (n) do not match
This is because the kernel idle configs have changed. Remove this
entry, as it is no longer necessary.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update kernel patches and configs for the v6.1 kernel. Previously, it
was using the linux defconfig as a starting point. It is now using the
local kernel metadata.
Signed-off-by: Jon Mason <jon.mason@arm.com>
