Now that clang is part of oe-core we can't use meta-clang being present
as an indicator of clang being available.
This does mean we can clean up the logic and just use TOOLCHAIN, as that
is always set now.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Upstream appear to have resolved the libgcc linkage issues as these
variables are not used in upstream nor our patches.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Kernel builds are logging the following issue:
WARNING: linux-yocto-6.16.8+git-r0 do_kernel_configcheck: [kernel config]: specified values did not make it into the kernel's final configuration:
[NOTE]: 'CONFIG_BT_LEDS' last val (y) and .config val (n) do not match
This could be enabled by setting:
CONFIG_LEDS_CLASS=y
CONFIG_NEW_LEDS=y
CONFIG_SND_SOC_HDA=y
But this isn't really useful on the juno platform. So, better to
disable the BT LEDs.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Rename the Corstone-1000 Trusted Services patches so that their
numbering matches the application order, and the remainder of
each patch name matches its corresponding commit message subject.
Signed-off-by: Hugues KAMBA MPIANA <hugues.kambampiana@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The Corstone-1000 Trusted Services patches removed in this change are no
longer required following the upgrade to Trusted Services v1.2.0.
Signed-off-by: Hugues KAMBA MPIANA <hugues.kambampiana@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Trusted Services requires knowledge of the Corstone-1000 platform type to
select the correct set of FWU image UUIDs at compile time.
This change introduces a CORSTONE_1000_TYPE variable in both BitBake
and CMake code to differentiate between Corstone-1000 platform types.
Its value is determined by the selected Corstone-1000 target machine
configuration file:
* `CORSTONE_1000_TYPE_CORTEX_A35_FVP`
* `CORSTONE_1000_TYPE_CORTEX_A35_MPS3`
Signed-off-by: Hugues KAMBA MPIANA <hugues.kambampiana@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update edk2-firmware to the latest release and update edk2-basetools to
match this update (as the previous update did not do this).
Also, fix clang compile issues. This change should fix any clang
compile issues since edk2-stable202108 (completely untested, but that is
when the relevant variables were renamed).
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add variables for setting the Major and Minor version of the ARM
Instruction Set Architecture, and add those variables in the various
places needed for the FVP Base virtual machine to run with those
instructions.
Signed-off-by: Jon Mason <jon.mason@arm.com>
oe-selftest is now logging having rm_work enabled as an error, which is
causing the test to fail. Remove this from the selftest.yml file, and
everything works as before.
Signed-off-by: Jon Mason <jon.mason@arm.com>
The move to Trusted-Firmware-M v2.2.1 makes the BL1 code larger,
while the provisioning bundle can be trimmed. At the same time BL2 and
TF-M binary addresses now need to begin on a 0x100-byte boundary for
Cortex-M0+ based platforms.
Key changes
--------------------------------
- Upgrade Trusted-Firmware-M v2.2.1 for Corstone-1000
- New crypto driver supports ECC instead of RSA.
- Rebase patches
- Add new patches to address the following changes for v2.2.1
- Increase `BL1_1_CODE_SIZE` to 58KB to accommodate the v2.2.1 binaries.
- Reduce `PROVISIONING_DATA_SIZE` to 6KB.
- `BL2_CODE_START` and `S_CODE_START` are aligned to 0x100 byte boundary
so both start addresses are an exact multiple of 0x100.
- Adapt ADAC enabled build to the new BL2 build restructure.
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Include patch to add relevant checks in GCC linker scripts to validate if the
BL2 and Trusted-Firmware-M binary addresses are aligned to 0x100 byte boundary
for Cortex-M0+ based platforms.
This is required because:
For Cortex-M0+ VTOR: 256-byte vector table is at the offset 0x00 of the image.
To keep that table in one block, the image base must be a multiple of 0x100.
For reference: https://developer.arm.com/documentation/ddi0419/latest/
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The Juno board supports Arm CoreSight, so add it to MACHINE_FEATURES.
This is useful because oe-core's perf recipe will now enable coresight
support automatically if this feature is present[1].
[1] oe-core c455bd03910 ("perf: enable coresight if enabled in MACHINE_FEATURES")
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The oe-core perf recipe will now enable coresight support automatically
if the coresight MACHINE_FEATURE is set[1], so we can remove the manual
configuration in our CI and let the machines enable it where appropriate.
[1] oe-core c455bd03910 ("perf: enable coresight if enabled in MACHINE_FEATURES")
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
wic in oe-core has renamed --extra-space to --extra-filesystem-space[1],
so update the workaround here.
[1] oe-core 39d10137b86 ("wic: rename wks flag --extra-space to --extra-filesystem-space")
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The OP-TEE default tests are taking over 30 minutes, which is causing CI
to overall take several hours. For QEMU machines, reduce the tests to
just be the regression tests, which reduces the CI time by over 30%.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Originally we customised the CI build for speed, by switching to ipkg
instead of rpm for the packages and disabling graphical output support
in qemu-system-native.
These are admirable goals, but more admirable is sharing sstate and
people may wish to use the output of this CI without having to make the
same alterations.
Drop these two changes so that our configuration matches poky. I've
verified that with this change, a build of core-image-sato for qemuarm64
can be built almost entirely from the autobuilder's sstate[1].
[1] gator-daemon, opencsd, and perf are built as these are not built on
the AB in this configuration.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
testimage.yml was skipping the opkg tests, but we also need to skip the
dnf tests for when PACKAGE_CLASSES="package_rpm".
These skips are FVP-specific as they are due to the wrong IP being used
by the test suite. This should be fixed in the FVP test harness, but
for now move the exclusions into fvp.yml so they're isolated.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Enable OF_UPSTREAM support for the corstone1000 platforms in U-Boot.
This patchset enables OF_UPSTREAM device tree support in U-Boot for the
corstone1000 platforms. This allows U-Boot to build using upstream
Linux kernel device tree sources instead of downstream copies.
The following changes are introduced:
- Enable OF_UPSTREAM to support upstream device tree.
- Update DEVICE_TREE naming with "arm/" prefix.
- Add device tree overlay to retain U-Boot specific device tree
nodes.
- Remove legacy device trees for corstone1000.
Signed-off-by: Clement Faure <clement.faure@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
OP-TEE version 4.7.0 has been released on 2025-07-11 [1], and includes fixes
that are currently collected as separate patches in the layer collection.
Upgrade OP-TEE recipes to point to version 4.7.0, and drop patches from layers
as they are already present in upstream.
Clang patch in `optee-os` package was completely removed. Upstream logic was
changed in PR #7382 [2], making this patch obsolete.
CVE-2025-46733 in `optee-ftpm` package is now properly tagged and included in
4.7.0 version as well.
One patch that is still kept in the layer is
optee-client/0001-tee-supplicant-update-udev-systemd-install-code.patch, as it
has been merged after 4.7.0 tag was applied, but already present in upstream as
commit 59b90488e93e ("tee-supplicant: update udev & systemd install code").
Further updates shall consider to drop this as well.
In addition, point corestone1000 machine to a new version, as 4.6.0 is dropped
from the layer. TZDRAM patch is also dropped as it is now present in upstream.
Link: [1]: https://github.com/OP-TEE/optee_os/blob/master/CHANGELOG.md#op-tee---version-470-2025-07-11
Link: [2]: https://github.com/OP-TEE/optee_os/pull/7382
Signed-off-by: Andrey Zhizhikin <andrey.z@gmail.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
commit a3a2c49b21 corrected a typo that
was preventing arm-branch-protection flags from being enabled. However,
since making this change, fvp-base with trusted services enabled no
longer boots. However, the flag that seems to be the problem on fvp
base is CFG_TA_BTI. Since this is the only use case for
arm-branch-protection machine feature, remove it from the common file
until this issue can be properly sorted.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update gn to the latest SHA (commit from 08 Aug 2025). There are 66
commits between the previous SHA and the new one.
Signed-off-by: Jon Mason <jon.mason@arm.com>
An uninitialized variable warning is occurring when compiling gn.
However, since Wall is being used in gn, this is being logged as an
error. Pass the no-error flag for this case to workaround this issue.
Signed-off-by: Jon Mason <jon.mason@arm.com>
These patches upstream status changed to Backport:
0006-platform-CS1000-Add-multicore-support-for-FVP.patch
0009-CC312-ADAC-Add-PSA_WANT_ALG_SHA_256-definition.patch
0010-Platform-CS1000-Add-crypto-configs-for-ADAC.patch
0012-Platform-CS1000-Remove-unused-BL1-files.patch
0013-Platform-CS1000-Fix-compiler-switch-in-BL1.patch
0017-Platform-CS1000-Enable-FWU-partition.patch
0018-Platform-Corstone1000-Implement-Bootloader-Abstracti.patch
0019-Platform-Corstone1000-Increase-buffer-sizes.patch
0023-Platform-CS1000-Remove-duplicate-configuration-parameters.patch
And from the PSA-ADAC,
This patch upstream status changed to Backport:
0002-ADAC-Link-psa_interface-instead-of-tfm_sprt.patch
This patch upstream status changed to Inappropriate:
0003-Fix-psa_key_handle_t-initialization.patch
Reason: mbedcrypto configs have to be fixed to build secure-debug mps3
without this patch
Signed-off-by: Michael Safwat <michael.safwat@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Since OE-core 6fd8af0d, the semicolon delimeter in bb.build_exec_func
variables is not needed. The commit silently removes any stray ';' but
failed to handle ';' when assigning to vardeps.
In meta-arm, this has the effect of changes to FVP_* variables not being
picked up when rebuilding the image recipe since mickledore.
This is ancient history now, so just remove the semicolon to fix the
variable dependency issue when using fvpboot in meta-arm.
Signed-off-by: Peter Hoyes <peter.hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This recipe was using EXTREA_OEMAKE to enable BTI, fix the typo.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The OP-TEE suite of packages use lld if the compiler is clang, so now
that the lld recipe has been split out of the clang recipe we need to
depend on both.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Clang is large but this recipe builds on all hosts now, so we don't need
to exclude it.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This doesn't use pkgconfig, or python3native, or need to inherit clang.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The build explicitly uses lld, so now that it has been split out of the
clang recipe we need to also depend on that.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
A test compares the value of the Generic Timer register CNTFRQ visible in
two frames CNTBaseN and CNTCTLBase that are linked in Armv8-A and reflect
the same value.
An issue in Corstone-1000 (errata 2142118) makes the CNTFRQ views
inconsistents and the then test fails. There is no workaround and
the test is skipped.
Errata: https://developer.arm.com/documentation/sden2142076/0002/?lang=en
Signed-off-by: Christophe Thiblot <christophe.thiblot@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Until Corstone1000 can be updated to use 2025.07, keep an older release
of u-boot in meta-arm-bsp for it to use.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The use of 2023.07.02 was removed in meta-arm e29c0ee70a
("arm-bsp/u-boot: corstone1000: Add PSA Firmware Update support (DEN0118
v1.0A)").
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update the FVP base u-boot patches to apply cleanly to u-boot v2025.07.
Also, use a config fragment to change the default boot command to boot
virtio image. This works around some changes in
include/configs/vexpress_aemv8.h that change the boot behavior, which is
not something we're using anyway.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update the architecture documentation for Corstone-1000 to include
details about the new PSA Firmware Update (FWU) implementation.
The new section describes the bootloader abstraction layer (BAL),
UEFI capsule update flow, FWU metadata handling, and the integration
between TF-M and U-Boot for managing trial and accepted images.
This documentation helps align the platform with PSA FWU requirements
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Upstream has removed the need to explicitly set S = "${WORKDIR}/git",
and now defaults to S = "${UNPACKDIR}". As a result, directly referencing
${WORKDIR}/git will fail when the source is unpacked elsewhere.
Update do_install() to use ${S}/BaseTools instead of the hardcoded path.
This issue was previously unnoticed as EDK2 tools (e.g. GenerateCapsule)
were not being used in the build path at the time of the earlier refactor
(commit eea74860).
Signed-off-by: Ali Can Ozaslan <ali.oezaslan@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add PSA FWU support on U-Boot v2025.04
Introduce Platform Security Architecture (PSA) Firmware Update (FWU) support to
U-Boot v2025.04 on the Corstone-1000 reference design. This implements the
Arm DEN0118 v1.0A specification and provides a generic, upstreamable FWU
framework for reuse across other Arm platforms.
Design overview:
Client/Runner: U-Boot parses the capsule and executes the FWU state machine.
Update agent: Secure world handles flash writes and metadata updates.
Key features:
- Capsule-based firmware updates with support for multiple payloads
- On-disk capsule handling (ESP-based update)
- Optional image acceptance at ExitBootServices()
- ESRT (EFI System Resource Table) support
- FFA_MEM_SHARE and FFA_MEM_RECLAIM ABI support
- FWU enabled for the Corstone-1000 platform
[1]: Platform Security Firmware Update for the A-profile Arm Architecture,
https://developer.arm.com/documentation/den0118/latest/
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This commit removes the outdated patches of capsule update implementation for the Corstone-1000
platform targeting Trusted-Firmware-M (TF-M). The changes include the removal of
obsolete out-of-tree patches and the rebase of retained patches to align with the
latest upstream TF-M integration.
Key changes:
- Dropped legacy TF-M patches related to old capsule update flow
- Rebasing of remaining TF-M patches for compatibility with current TF-M baseline
This cleanup streamlines the TF-M integration for Corstone-1000 in preparation for
the updated PSA Firmware Update (FWU) aligned capsule update support.
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This change removes the obsolete out-of-tree patches and legacy support related
to the old capsule update mechanism for the Corstone-1000 platform.
The Trusted-Services components are now aligned with the upstream implementation,
and outdated patches have been dropped or rebased as necessary.
- Removed deprecated patches targeting old capsule update logic
- Rebasing of remaining patches to ensure compatibility with updated TS interface
This prepares the platform for the new PSA FWU-based capsule update path and
reduces technical debt in Trusted-Services integration.
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
- Add 'CAPSULE_SELECTED_COMPONENTS' to enable filtering of firmware
components during capsule generation. Only components listed in
'CAPSULE_SELECTED_COMPONENTS' will be included in the final capsule
image.
- Introduce CAPSULE_EXTRA_ARGS to allow passing additional arguments.
'--capflag PersistAcrossReset' to retain capsule across reboots.
- Payload selection is now controlled via the KAS YAML configuration
(corstone1000-image-configuration.yml), allowing per-image control
over which firmware components are included.
- With the introduction of multiple payload support, 'CAPSULE_VERSION'
no longer represents the firmware version itself but is instead
used for naming the capsule and assigning a common version to all
payloads to simplify testing.
- Use EDK2 tool to switch from single FMP capsule generation to multiple
FMP capsules using a JSON-based configuration. This removes the need
for manually combining firmware images into a .nopt image.
- Remove legacy nopt image creation logic, as each firmware binary is
now handled individually. Components no longer need to be merged.
Deploy task was removed with nopt logic.
- Generate dummy.bin for EDK2 tool compatibility. EDK2 requires
at least one input file for each payload.
- Added dependency on to to ensure images are signed before capsule
generation.
- Add CAPSULE_LOWEST_SUPPORTED_VERSION to
corstone1000-image-configuration.yml.It in the same file where
the firmware version (FW_VERSION) is defined, ensuring a unified
location for version-related metadata. This value was chosen to
be equal to the firmware version to represent a downgrade
scenario (from version 6 to version 5) during testing.
- CAPSULE_HARDWARE_INSTANCE is set to "1" by default (instead of 0),
indicating the first hardware.
Signed-off-by: Ali Can Ozaslan <ali.oezaslan@arm.com>
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Ross Burton
Jon Mason
Hugues KAMBA MPIANA
Harsimran Singh Tungal
Clement Faure
Andrey Zhizhikin
Norbert Kocsis
Michael Safwat
Peter Hoyes
Christophe Thiblot
Ali Can Ozaslan
Abdellatif El Khlifi