Instead of every versioned recipe setting this, move it to the common
include.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
There's no need to use virtual/trusted-firmware-a, as there's only one
provider of trusted-firmware-a: trusted-firmware-a.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Use a generic wildcard in the arm-bsp bbappend to avoid needing to rename
in the future.
Remove the N1SDP patch as this has now been merged upstream (c5e45a7).
Remove TC? overrides which pinned it to an intermediate SHA.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Drop a patch which was backported and is now included in 2.9.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This seems to be needing arm specific kernel headers, so I infer this
still is arm specific module
Fixes below error on non-arm hosts
/git/arm_ffa_user.c:12:10: fatal error: linux/arm_ffa.h: No such file or directory
| 12 | #include <linux/arm_ffa.h>
| | ^~~~~~~~~~~~~~~~~
| compilation terminated.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
If we build aarch64 based machines living outside meta-arm then these
recipes report as unsupported e.g.
ERROR: Nothing PROVIDES 'optee-os-tadevkit' (but /mnt/b/yoe/master/sources/meta-arm/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb DEPENDS on or otherwise requires it)
optee-os-tadevkit was skipped: incompatible with machine rock-pi-4b (not in COMPATIBLE_MACHINE)
ERROR: Nothing RPROVIDES 'optee-ftpm' (but /mnt/b/yoe/master/sources/meta-arm/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb RDEPENDS on or otherwise requires it)
No eligible RPROVIDERs exist for 'optee-ftpm'
NOTE: Runtime target 'optee-ftpm' is unbuildable, removing...
Missing or unbuildable dependency chain was: ['optee-ftpm']
ERROR: Nothing RPROVIDES 'optee-ftpm-dev' (but /mnt/b/yoe/master/sources/meta-arm/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb RDEPENDS on or otherwise requires it)
No eligible RPROVIDERs exist for 'optee-ftpm-dev'
NOTE: Runtime target 'optee-ftpm-dev' is unbuildable, removing...
Missing or unbuildable dependency chain was: ['optee-ftpm-dev']
Therefore its better to limit this recipe to machines supporting
optee-os
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
edk2-firmware release builds with clang fail:
MdePkg/Library/UefiMemoryAllocationLib/MemoryAllocationLib.c:142:15:
error: variable 'Status' set but not used [-Werror,-Wunused-but-set-variable]
This is upstream as https://bugzilla.tianocore.org/show_bug.cgi?id=3758,
but until that is resolved we can just force debug builds with clang.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
We set GCC5_AARCH64_PREFIX so the tools are prefixed correctly in GCC
builds, but didn't set CLANG38_AARCH64_PREFIX. This meant the clang build
used the host objcopy, which may not know about the target architecture.
Also these can just be the prefix and not a full path, as the binaries
are on $PATH.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update the size of bl2_signed.bin and tfm_s_signed.bin
Change-Id: I8312dd6d50faff53e1ca489cbf73c5f25671b21c
Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Secure enclave, based on the firmware update state of the
system, decides the boot bank. In this commit, u-boot
identifies the selected boot bank and loads the kernel
from it.
Change-Id: Ifcef126dc79c7808b30ef0319d83482d2d29fd13
Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Secure enclave decide the boot bank based on the firmware update
state of the system and updated the boot bank information at a given
location in the flash. In this commit, bl2 reads the givev flash location
to indentify the bank from which it should load fip from.
Change-Id: I2f7518c82c1664355da2aa1596f4f65f7a49a53d
Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
More space in the flash is reserved up front for metadata
parser and UEFI variables. That requires change in the flash
base address of where images are present.
Change-Id: I2d23d06099ffbf15458afaeb21c5dd4bcc4ffecb
Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
More space in the flash is reserved up front for metadata
parser and UEFI variables. That requires change in the flash
base address of where images are present.
Change-Id: If6c048a6117023aae2e748c23ed52447857b0d04
Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The patchset perform the following changes:
a. Disable secure debug by default.
b. OTA Firmware Update Agent implementation.
c. Implementation of boot index propagation mechanism.
d. Openamp version/commit hash correction.
e. Implementation of host watchdog interrupt handler.
Change-Id: Ie5e1028bb29ce337d51ad8ef47d2bd8175187402
Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This commit implements distro_bootcmd in config_bootcommand in u-boot.
This command traverses all the USB devices connected to the board and
finds a usb device that has bootable image to boot from it. If it cannot
find a usb device with the bootable image, it will boot the system using
the existing flash.
Change-Id: Ia05ca02d6f490a1b51fcf377afcc86ea0ed4e19c
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This commit implements efi_reset_system for corstone1000 platform. In
order to reset the system, the host uses secure host watchdog to assert
an interrupt (WS1) on the secure-enclave side, then secure-enclave
resets the system.
Change-Id: I772181cd43e789f1d6508aaa433eb109d8f85b5d
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This commit enables PSCI Reset for corstone1000 platform. It configures
u-boot to use PSCI interfaces in efi_reset_system function.
Change-Id: I88ea55fde2b2c6e455a4b38e885e62a410b0b0e7
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This patch does three things:
- Add the CONFIG_EFI_PARTITION option to the corstone1000_defconfig
to allow u-boot to detect EFI filesystems.
- Add isp1760_get_max_xfer_size(), this fixes an issue where
GPT partition info could not be loaded.
- Fix the issue while detecting EFI filesystem, and loading GPT
partition info.
Change-Id: Ic04c8710f4ea7e156aca196d7e54f090b9376c49
Signed-off-by: Harry Moulton <harry.moulton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This patch updates shared buffer address, disables get/set of NV
variables, and invalidates the cache after write to shared buffer as the
SPs have cache disabled.
Change-Id: Iead01edf3011e192df205236df098415e5bde9a5
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Default to release builds and let machines enable debug builds if they
want that.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Building edk2-firmware needs explicit configuration for the target
machine, so set an invalid COMPATIBLE_MACHINE to stop edk2-firmware
building for, example, qemumips.
sbsa-acs is an application, so unset COMPATIBLE_MACHINE in that recipe
as it will work on all aarch64 targets.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Group the qemuarm64-secureboot and qemu-generic-arm64 overrides so that
they are easier to read.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
There is only a limited number of EDK2 architectures, so we can set
the architecture using overrides in the base recipe instead of every
machine customisation needing to set it explicitly.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
These patches have been merged into edk2-platforms bd53d309 onwards,
which is built with edk2-firmware 202111.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Set the default platform name/descriptor to 'unset' so that build.sh fails
with obvious errors, instead of generic argument parsing failures.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
QEMU_USE_KVM needs to be empty, not 0. Otherwise, it doesn't catch and
runs KVM anyway (which breaks inside our docker containers).
Signed-off-by: Jon Mason <jon.mason@arm.com>
This commit enables smm-gateway in optee-os by making the following changes:
- Updating the existing SP manifest file with a combined manifest file
that includes information about both se-proxy and SMM gateway SP.
- Including the SMM gateway SP makefile in optee include file
to embed smm gateway sp binary into optee image.
Change-Id: Iebcf2c534a9e9ced411c943ff583b522ad9d69fa
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
smm-gateway secure partition is a slim version of StMM for low memory
devices.
This commit adds support for smm-gateway for corstone1000 at the
secure partitions level by making the following changes:
- Configure TS_DEPLOYMENTS to include SMM Gateway SP, SMM gateway to use
device region for shared buffer, and set the NV store macro.
- Updating secure partitions recipe to point to HEAD of integration
branch to fetch stmm-gateway changes.
Change-Id: I56ff325cca250749448364e12ac06e3ea289fa29
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
This commit introduces a new kernel patch that aligns the FF-A
versions checks according to the FF-A specification v1.0.
Without this fix, the FF-A bus fails to initialize when the FF-A
framework is version 1.1 (comes with the latest TF-A).
The bus driver which is v1.0 rejects the framework v1.1 despite
the fact they are compatible according to the specification.
This kernel patch changes the logic of the version checking based on
the specification.
Change-Id: If9d7b6c0d5e24e73d4f42c6532cd56ff2d05fcec
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This commit implements capsule update for Corstone-1000.
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Change-Id: I3031018eebb9aaae56c0823d24ee5c148857f2fa
Signed-off-by: Jon Mason <jon.mason@arm.com>
This commit provides these new generic u-boot features:
- The FF-A low-level driver implementing Arm Firmware Framework for Armv8-A (FF-A)
- MM communication using FF-A (compatible with StandaloneMM and smm-gateway)
- A new armffa command and a test module to test the FF-A helper functions to
communicate with secure world.
It also enables FF-A and MM communication for the Corstone-1000 platform.
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Change-Id: Ic71dcae2411aefae00557284c08be662bfe80b98
Signed-off-by: Jon Mason <jon.mason@arm.com>
These changes are to add a rule in optee-os Makefile to include
secure partitions as part of optee-os image
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Change-Id: I2f6f93ffca9a2332cbe9ffe4e9903b8ec524df51
Signed-off-by: Jon Mason <jon.mason@arm.com>
oe-core c2a2d47 changed the default of QEMU_USE_KVM to 1, so qemu will
want to use KVM and will error if it can't. Our CI runners don't have
KVM, so we need to disable this.
In the long term this should be more intelligent as some workers have
KVM and some don't, but this will get successful builds again.
Signed-off-by: Ross Burton <ross.burton@arm.com>
To ensure that optee-spdevkit works in all configurations, but it in the
CI for qemuarm64 not just corstone1000.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This recipe was setting a default SRCREV which doesn't contain the
Secure Partition devkit, as this is only in the psa-development branch
on the trustedfirmware.org mirror which is set by the corstone1000
bbappend.
Use this branch/revision by default, and set the PV correctly: this
branch is currently based on optee-os 3.10 not 3.14.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
No need for this to be versioned as it complicates upgrades.
Remove the explicit post-2.5 SRCREV now that the recipe has upgraded to
2.6, and remove assignments which are already the default for
conciseness.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Hafnium can do a qemu/aarch64 build, so enable that for future testing
purposes.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
hashbang.patch isn't needed anymore, and rebase the other patches.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Interchangable firmware isn't really a workable concept, so there's no
real need to have a virtual name.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Firmware isn't arbitarily interchangable as by definition it is specific
to the platform, so use the real recipe name instead of a virtual name.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Now that the TA devkit has been split out of optee-os, the build
dependencies of optee-test need to be updated too.
Signed-off-by: Ross Burton <ross.burton@arm.com>
These changes are to add support to build TrustedServices.
corstone1000 platfrom uses optee-sp option which will include
secure partitions into optee Image
Following changes are made to trusted-services code
* TS_PLATFORM should be set at the external build system level.
* fix EARLY_TA_PATHS environment variable
* se-proxy string and make it as child node
Change-Id: I58d76b5e25e7f285794c93dc92c1b93fdd77cfb9
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Ross Burton
Khem Raj
Satish Kumar
Emekcan Aras
Harry Moulton
Gowtham Suresh Kumar
Jon Mason
Abdellatif El Khlifi
Vishnu Banavath