Factor out the image signing arguments in tfm_image_sign.bbclass into
its own variable, TFM_IMAGE_SIGN_ARGS, so that it can be customized on a
per-machine basis if necessary.
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update the TF-M image signing scripts to use the TF-M 1.7.0 sources, so
it is in sync with the TF-M recipe itself.
Synchronize the trusted-firmware-m and -scripts Python dependencies
with the in-repo requirements.txt files. This requires a recipe to be
carried for pyhsslms.
1.7.0 introduces the --measured-boot-record argument to the image
signing script, which is required to maintain existing behavior. Add it
to the arguments in the tfm_sign_image bbclass.
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
TF-M provides IPC as a SPM backend which gives SPM and each Secure Partition
it's own execution context. And provides higher isolation levels.
corstone1000 isolation level is 2. Hence, switching to IPC backend.
Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This change adds patches to align psa crypto client of TS with TF-Mv1.7
running on secure enclave of corstone1000
The patches updating
- PSA Crypto SID defines values
- psa_ipc_crypto_pack_iovec structure
- Fix inputs and outputs passed to in/out_vec to match crypto service
expectations
Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Mirrors of meta-arm may have the persistent cache directory mounted in a
different place. To make it easier to configure, define this location
using a single $CACHE_DIR variable.
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This repository doesn't tag releases, so just track the latest SHA.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
IMAGE_TYPES += "wic.nopt" is effective if the bbclass is included
using IMAGE_CLASSES, but not if included directly (using inherit) due to
file parse ordering.
To support applying wic_nopt locally (i.e. for certain image recipes but
not others), change to use :append.
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
To support using the wic_nopt bbclass from BSP layers other than
meta-arm-bsp, move it to meta-arm.
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This patch uses the json config file for UEFI capsule generation
as this is efficient and easily scalable to generate multiple
capsules.
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The BBCLASSEXTEND configuration can generate native sdk and target
recipes as well. The cp command used in do_install will
create host contamination issues for these recipes, so this patch
makes the recipe native only.
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Inherits the UEFI capsule generation class and configures the capsule
variables for the wic.nopt image
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This class currently supports only a single firmware binary. The
required capsule parameters needs to be set, if not the build fails.
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The native recipe installs the UEFI capsule generation tool
along with the other base tools to native sysroot.
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
TF-M does not use persistent release branches and the release-* branches
have been removed from the repository, so switch the branches to master.
Also update the tf-m-tests SRVREV to the 1.7.0 tag, not the RC2.
99% based on a patch by Peter Hoyes <Peter.Hoyes@arm.com>.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This bbappend is only used by qemuarm*, which now use 6.1, so this can
be removed.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Currently the N1SDP patches haven't been ported to 6.1 and the
port/testing isn't trivial. Until the relevant team has done the port to
6.1, carry a 5.19 kernel in meta-arm-bsp for N1SDP.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Apply the patch from scp-firmware to the third copy of the buggy
Makefiles which fail randomly under parallel builds.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2 symbols were added to the arm64 kernel defconfig without the
corresponding code. Remove these unnecessary pieces to avoid the
warning.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Bump kernel version to v6.1 and rebase the patches on
top of this new version.
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Bump corstone500 kernel version to 6.1 and drop the not
longer needed patch regarding the SND_SOC_AC97 config
option in multi_v7.
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Bump corstone1000 to u-boot version 2023.01, as at it
do some trailing spaces cleanup.
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Make sure the master branch track the other masters instead
of being lock to langdale.
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
To avoid having always tools that depend on git ls or other
git plumbing to include and spin around the enormous content of
the build directory.
Just add it to the ignore file and make that build content,
that will never get in the repo invisible to git and tools.
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
For some reason the kas 3.2.1 container fails:
No such file or directory: '/builds/engineering/yocto/meta-arm/ci/ci/base.yml'
Note the repeated /ci/, which is wrong.
Pin the kas container to 3.2 for now until this is resolved.
Signed-off-by: Ross Burton <ross.burton@arm.com>
The initramfs needs to be very small, but since oe-core d6a62e kmod has
enabled OpenSSL support which doubles the size of the initramfs,
resulting in boot failures.
Signed-off-by: Ross Burton <ross.burton@arm.com>
With the 6.1 kernel, fvp-base logs the warning:
[NOTE]: 'CONFIG_ARM_CPUIDLE' last val (y) and .config val (n) do not match
This is because the kernel idle configs have changed. Remove this
entry, as it is no longer necessary.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update kernel patches and configs for the v6.1 kernel. Previously, it
was using the linux defconfig as a starting point. It is now using the
local kernel metadata.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update qemuarm-secureboot to work with the latest u-boot version and
remove the old, unneeded version from meta-arm
Signed-off-by: Jon Mason <jon.mason@arm.com>
New arm-ffa-tee and arm-ffa-user drivers are compatible with 5.* and 6.1 kernels.
Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Upstream has updated u-boot to v2023.01, but the update is causing
problems with some machines. Temporarily add a v2022.10 recipe until
the issues can be resolved.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Upstream has updated u-boot to v2023.01, but the update is causing
problems with some machines. Temporarily add a v2022.10 recipe until
the issues can be resolved.
Signed-off-by: Jon Mason <jon.mason@arm.com>
A recent commit compressed the kernel image (to Image.gz) and
by default enabled an initramfs image. In the case for when
such that (initramfs) is not desirable, the deploy step of the
Juno firmware will still try to install the Image file, (not
Image.gz), so this fails:
ERROR: firmware-image-juno-1.0-r0 do_deploy: ExecutionError('/oe/build/tmp-glibc/work/juno-oe-linux/firmware-image-juno/1.0-r0/temp/run.do_deploy.360477', 1, None, None)
ERROR: Logfile of failure stored in: /oe/build/tmp-glibc/work/juno-oe-linux/firmware-image-juno/1.0-r0/temp/log.do_deploy.360477
Log data follows:
| DEBUG: Executing python function sstate_task_prefunc
| DEBUG: Python function sstate_task_prefunc finished
| DEBUG: Executing shell function do_deploy
| cp: cannot stat '/oe/build/tmp-glibc/deploy/images/juno/Image': No such file or directory
| WARNING: /oe/build/tmp-glibc/work/juno-oe-linux/firmware-image-juno/1.0-r0/temp/run.do_deploy.360477:152 exit 1 from 'cp -L -f /oe/build/tmp-glibc/deploy/images/juno/Image /oe/build/tmp-glibc/work/juno-oe-linux/firmware-image-juno/1.0-r0/image/juno-firmware-19.06/SOFTWARE/'
| WARNING: Backtrace (BB generated script):
| #1: do_deploy, /oe/build/tmp-glibc/work/juno-oe-linux/firmware-image-juno/1.0-r0/temp/run.do_deploy.360477, line 152
| #2: main, /oe/build/tmp-glibc/work/juno-oe-linux/firmware-image-juno/1.0-r0/temp/run.do_deploy.360477, line 163
NOTE: recipe firmware-image-juno-1.0-r0: task do_deploy: Failed
ERROR: Task (../meta-arm/meta-arm-bsp/recipes-bsp/images/firmware-image-juno.bb:do_deploy) failed with exit code '1'
This updates the else case for when an initramfs image is not
in use so that the right kernel image is deployed, by using
the KERNEL_IMAGETYPE variable, to use either version of the
kernel image.
Signed-off-by: Daniel Díaz <daniel.diaz@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The SRC_URI, SRCREV AND SRCBRANCH variables are currently used
inconsistently across recipes in meta-arm, leading to difficulties
customizing the configuration in external BSP layers where necessary.
Standardize usage across commonly used recipes so that:
* SRC_URI contains a SRC_URI_PACKAGE_NAME variable per component which
can be used to easily configure a mirror. This variable uses
default assignment so that it can be easily overridden using an
environment variable, e.g. to point to an internal mirror that cannot
be committed externally.
* SRCBRANCH is defined per component.
* SRCREV is defined per component.
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
For models that require a license, ARMLMD_LICENSE_FILE is used to define
the location of a license file or server. If the variable is not set in
Bitbake it will not be set in the model environment.
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
FVP_ENV_PASSTHROUGH may contain variables that have not been set.
d.getVar returns None in this case. Detect this and skip setting the
variable in the model environment.
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Define FVP_ENV_PASSTHROUGH's vardeps to equal itself, so that the
fvpconf is regenerated if any of the defined variables change.
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
aa89fe3f ensured environment variables necessary for GUI applications
are passed through to the model despite runfvp env var restrictions. Add
XAUTHORITY to this list. This is useful when doing X-forwarding with
Kas, which creates its own home directory.
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update the Arm GCC source to the latest version. Also, update the GCC
patches to apply cleanly, removing those that are no longer relevant.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Peter Hoyes
Mohamed Omar Asaker
Ross Burton
Gowtham Suresh Kumar
Jon Mason
Khem Raj
Rui Miguel Silva
Anton Antonov
Daniel Díaz