quilt-native is required by do_apply_local_src_patches task.
Signed-off-by: Clement Faure <clement.faure@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
GCC 15 (and GCC 14, and probably others) are finding new problems in
trusted-firmware m, and these cannot simply be ignored (as they are
fatal build errors). Clear the ld security flags to get around those
issues, backport a couple of patches for fixes that have been addressed
upstream, and create a patch to work around some casting issues in
functions that are removed in newer versions of the code. This
refactoring caused some minor clean up of existing corstone1000 tfm
patches.
Also, use size based optimization for corstone1000. With this, the bl1
is too big to fit into flash. The correct way to solve this would be to
remove TFA_DEBUG, but that causes a rabbit hole of problems related to
heap being enabled or not. This works around the issue until it can be
resolved properly.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update edk2, edk2-platforms, and sbsa-acs to the latest versions/SHAs.
A bleeding edge patch from upstream is needed to correct a build race in
antlr, and the latest SHA for edk2-platforms is needed to work around
some compilation issues with ENABLE_TPM in fvp-base.
Signed-off-by: Jon Mason <jon.mason@arm.com>
A recent change to image dependencies in oe-core master[1] means that
TESTIMAGE_AUTO tries to test more images than before.
Explicitly reset TESTIMAGE_AUTO for core-image-initramfs-boot so that it
doesn't try to testimage an initramfs.
[1] oe-core b75c21fb950 ("image_types_wic.bbclass: add depend on initramfs")
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Clone all trusted-services dependencies into the TS source tree under
ts-external/ instead of ${UNPACKDIR}
This alignes the layout with devtool git-submodule handling.
NOTICE: we can't clone in external as TS already contains files there
and it would conflict.
Signed-off-by: Arthur Cassegrain <arthur.cassegrain@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update the corstone1000 variant to apply its psa-adac patches
against the new external/ directory.
Signed-off-by: Clement Faure <clement.faure@arm.com>
Signed-off-by: Arthur Cassegrain <arthur.cassegrain@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Clone all trusted-firmware-m dependencies into the tfm source
tree under external/ instead of ${UNPACKDIR}.
This aligns the layout with devtool git-submodule handling,
ensuring the recipe sees a consistent source tree at build time
and allowing dependencies to be patched via devtool in the same
way as the main tf-m repository.
(reworked to avoid use internal variables for checkout)
to clone tf-m dependencies use hardcoded path for reproductibility
and avoid using BB_GIT_DEFAULT_DESTSUFFIX which may depend on
yocto version.
Signed-off-by: Clement Faure <clement.faure@arm.com>
Signed-off-by: Arthur Cassegrain <arthur.cassegrain@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
We currently don't have coverage for trusted-firmware-m 2.1.x, which is
the LTS. Since musca-b1 and musca-s1 are essentially the same, use b1
for the LTS coverage.
Signed-off-by: Jon Mason <jon.mason@arm.com>
For some reason, sgi575 won't boot to shell with
core-image-full-cmdline, but it will with other images. Since we're
going to drop this machine soon (as it has been EOL'ed), modify the
image type for CI to core-image-base (As that one appears to boot
faster).
Signed-off-by: Jon Mason <jon.mason@arm.com>
* Set Linux kernel preferred version for Corstone-1000 to 6.18
* Update Corstone-1000 user guide.
* Recent kernel versions removed the deprecated CONFIG_LIBCRC32C
Kconfig symbol as part of the CRC library cleanup.
Replace CONFIG_LIBCRC32C with CONFIG_CRC32, which provides the
generic CRC32/CRC32C library support used by in-kernel consumers.
* The ext3 driver was removed historically and ext4 carries
compatibility for ext3 on-disk format.
* Amend External System patch to adhere to Kernel v6.18 RemoteProc
API.
* Add #address-cells and #size-cells parameters to ethosu dts node
No functional change intended.
Signed-off-by: Hugues KAMBA MPIANA <hugues.kambampiana@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
meta-arm-systemready was intended to allow people writing BSPs to run
the SystemReady Architecture Compliance Suite[1] within the Yocto build
environment. However, whilst this seems like a good idea, there are
several problems:
- This layer only supports the IR band and v2 of the ACS. The ACS is now
at v3 and the bands altered, so there is no value in running obsolete
tests.
- Execution of the tests takes a long time, we have integration to run
the tests on a virtual fvp-base machine but execution takes many tens
of hours (our CI times out after 12, on a high-performance worker).
Running the tests in CI, and in particular inside BitBake, isn't
obviously the right thing to do.
- Execution on the tests on real hardware is not trivial, as testimage
has virtual targets as a primary usecase. It is unclear if anyone has
managed to use this layer on physical hardware.
Because of these issues, remove the layer. There are better integration
points for automated ACS testing, and this integration is obsolete.
[1] https://github.com/ARM-software/arm-systemready
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The downloads page for FVPs is broken down into sub-pages for each
"Ecosystem". Organize this file to match that. Also, rename fvp-v3-r1
to "rd" to make more obvious what this refers to.
Signed-off-by: Jon Mason <jon.mason@arm.com>
The corstone1000-a320 FVP is a unique download and should be treated as
such in our CI. Split the relevant parts off, add it to the fvps.yml
file, workaround the staticdev and useless-rpath errors that were
present in the FVP tarball, and the correct depends in the machine
config file.
Also, add this machine to the CI so that any issues can be found with
this unique configuration.
Signed-off-by: Jon Mason <jon.mason@arm.com>
This patch ignores the built-in FVP UART name when setting the terminal
names on tmux.
The rationale is that appending FVP UART name takes a lot of space
making it unusable on complex platforms with many terminals.
Signed-off-by: Filipe Rinaldi <filipe.rinaldi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The removed patch file breaks the U-Boot efi_selftest utility and has
been denied by upstream in any event. All subsequent patches renumbered.
Signed-off-by: Frazer Carsley <frazer.carsley@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
All patches have been rebased onto the v2025.10 release branch, with the
changes primarily being updating of offsets and surrounding code in each
hunk.
One minor change between v2024.04 and v2025.10 is that a
CONFIG_BOARD_INIT option was added and must be enabled in order to link
in the `board_init()` symbol. As such, the firmware update patch adding
`board_init()` has been modified to enable this option as well.
The patch that enabled OF_UPSTREAM has been modified slightly in order
to incorporate upstream changes between versions: the SMP changes to the
Corstone1000 FVP device tree were incorporated into the Linux kernel so
are no longer needed in the U-Boot specific device tree. As such, the
patch adding A320 support adds these CPU nodes in order to override them
where appropriate.
In the process, signatures are removed from each patch.
Beyond this, the directory in which U-Boot searches for the EFI capsule
CRT file changed from object tree to source tree, so the recipe is
updated to reflect that.
Signed-off-by: Frazer Carsley <frazer.carsley@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This fixes a build error due to:
patching file Makefile
Hunk #1 FAILED at 12.
1 out of 1 hunk FAILED -- rejects in file Makefile
Patch 0001-Makefile-Avoid-variable-override.patch can be reverse-applied
Signed-off-by: Jan Luebbe <jlu@pengutronix.de>
Signed-off-by: Jon Mason <jon.mason@arm.com>
We have a newer gcc-arm-none-eabi now, so this can be removed.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Make changes across U-Boot, and OP-TEE OS to swap
the GIC-600 for GIC-700 as the latest version of the FVP
swaps the GIC.
Signed-off-by: Hugues KAMBA MPIANA <hugues.kambampiana@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Bump Corstone-1000 machine OP-TEE version from 4.7.0
to version 4.9.0.
Signed-off-by: Hugues KAMBA MPIANA <hugues.kambampiana@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update Corstone-1000 documentation to reflect 2026 copyright and
current supported host environment.
Signed-off-by: Michael Safwat <michael.safwat@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
TF-A has a number for variables to control how host binaries are built:
- Our BUILD_CC is HOSTCC; this is set in the recipes
- Our BUILD_CFLAGS is HOSTCCFLAGS; this is not set
- Our BUILD_LDFLAGS has no corresponding variable
However when uninative is enabled we really need to pass BUILD_LDFLAGS
as otherwise there can be link problems:
ld: libcrypto.so: undefined reference to `__isoc23_strtol@GLIBC_2.38'
Patch into the TF-A makefiles support for HOSTLDFLAGS and ensure that we
set all three of the relevant BUILD_ variables.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2 of the fvp-base specific u-boot patches were merged in the 2026.01
release. Remove those, as they are no longer necessary.
Signed-off-by: Jon Mason <jon.mason@arm.com>
The kernel upgrades are now in oe-core, so we can drop this workaround.
This reverts commit 341a0fd976.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The linux-yocto kernel has strict configuration warnings enabled and this
often causes warning, for example with 6.18.3:
[INFO]: the following symbols were not found in the active configuration:
- CONFIG_SND_SOC_ROCKCHIP
- CONFIG_SLIM_QCOM_CTRL
For these machines we're using the upstream defconfig and not a config
file that we're maintaining, so fixing these problems upstream is slower
than one would like.
As we don't maintain the config, we can disable the checker for these
two machines. This is _not_ precedence for disabling the audit for any
machines where we're not simply using the upstream defconfig without any
changes.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The path changed when the trusted-firmware-m recipe began to inherit
firmware.bbclass.
Signed-off-by: Frazer Carsley <frazer.carsley@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The paths for these files has changed due to the change to the
trusted-firmware-m recipe now using the custom firmware.bbclass.
Signed-off-by: Frazer Carsley <frazer.carsley@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
For builds using multiconfig, all of the firmware binaries listed were
being placed in the ${DEPLOYDIR} directly without preserving their
directory hierarchy. This meant that paths to firmware binaries relative
to the ${DEPLOYDIR} differed between builds depending on whether
multiconfig was enabled or not.
Signed-off-by: Frazer Carsley <frazer.carsley@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update edk2-firmware and edk2-basetools to the 202511 stable release.
Patches from upstream were needed to get it compiling with clang.
edk2 dropped support for 32bit arm and x86, see
https://edk2.groups.io/g/devel/topic/rfc_remove_ovmf_ia32_and/114152215
Therefore, we're dropping qemuarm edk2 testing and relevant bits
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add support for v2.14.0, and update corstone1000 config and patches to
use it. TF-A seems to have changed their poetry settings from POETRY to
host-poetry (when specifying an alternative location/disabling). So, it
is necessary to modify that for all platforms using COT and v2.14.0
NOTE: sbsa-ref is having issues with fip.bin being too large. So, set
the version to the LTS until that is resolved.
Signed-off-by: Jon Mason <jon.mason@arm.com>
In master, xen images fail to build as the xt-masquerade module is not
built by the kernel. This has been fixed in the linux-yocto 6.18.3
upgrade but that is not yet merged.
Until it is merged, we can temporarily update the kmeta in our CI.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Allow TF-M v2.2.2 to boot with Secure Debug enabled on Corstone-1000 and
align the driver implementation with the current psa-adac library.
- Add missing DRBG macros to fix the
"Failed to generate challenge!" error during Secure Debug.
- Fix an unintended platform reset occurring immediately after setting
the debug enable bits in the dcu_en register while in SE LCS.
Signed-off-by: Devaraj Ranganna <devaraj.ranganna@arm.com>
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The PCI subsystem with 6.18 is now warning on boot:
PCI: OF: of_root node is NULL, cannot create PCI host bridge node
Until this can be root-caused, ignore it.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
With kernel 6.18 the kernel will now warn if it tries to run a command
from a ramdisk but it cannot be found[1]. This happens with the
qemuarm64-secureboot machine (but not qemuarm64) because u-boot appears
to be populating the devicetree with a ramdisk entry:
loading kernel to address 40400000 size 1702a00
1 qfw ready qfw 0 qfw
** Booting bootflow 'qfw' with qfw
## Flattened Device Tree blob at 7e659890
Booting using the fdt blob at 0x7e659890
Working FDT set to 7e659890
Loading Ramdisk to 7bcfd000, end 7d3ffa00 ... OK
Loading Device Tree to 000000007d621000, end 000000007d626534 ... OK
Working FDT set to 7d621000
Starting kernel ...
The kernel tries to mount and boot this ramdisk but fails because it
isn't a valid initrd or initramfs. The boot continues as usual, but this
warning in the logs triggers parselogs.
Until the boot flow is properly resolved, ignore the message.
[1] linux 98aa4d5d242d ("init/main.c: add warning when file specified in rdinit is inaccessible")
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The TF-A can install files with dtb extension. This is not handled in
the firmware.bbclass so append it here.
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Replace inherit deploy with firmware.
Initialize TFM_DEBUG using the FIRMWARE_DEBUG_BUILD variable. Initialize
TFM_PLATFORM with FIRMWARE_PLATFORM.
Refactor do_install to use ${FIRMWARE_DIR} and remove now redundant
configuration.
Refactor corstone1000 config files to use ${FIRMWARE_DIR} and the
base do_install.
Signed-off-by: Peter Hoyes <peter.hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Clement Faure
Jon Mason
Ross Burton
Arthur Cassegrain
Hugues KAMBA MPIANA
Filipe Rinaldi
Frazer Carsley
Jan Luebbe
Michael Safwat
Devaraj Ranganna
Bence Balogh
Peter Hoyes