There are some objects in the FVP binary that are assembler source and
fail to declare what permissions the stack needs to have, so GCC falls
back to assuming that the final binary needs an executable stack.
glibc 2.41 (as now used in uninative) introduces changes here[1]: whether
to have an executable stack or not when the binary doesn't specify a
need (defaults to executable, but this is a tunable), and any binaries
that are dlopen()ed that require an executable stack will fail.
Thus, some FVPs on some platforms (notable, fvp-base-a-aem on x86-64)
now fail on startup:
libarmctmodel.so: cannot enable executable stack as shared object requires: Invalid argument
Luckily the solution here is to simply clear the executable bit, as
an executable stack is not actually needed. Until a new release of the
FVP is made we can fix the binary in our package using execstack.
[1] https://lists.gnu.org/archive/html/info-gnu/2025-01/msg00014.html
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add a recipe for the execstack binary from prelink-cross. This tool is
used to manipulate the GNU_STACK segment in ELF binaries, specifically
to control whether the binary requests an executable stack or not.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
With:
https://lists.openembedded.org/g/bitbake-devel/message/17508
there are WARNINGs like:
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test1_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test1_git.bb:3 has a lack of whitespace around the assignment: 'SP_INDEX="1"'
WARNING: meta-arm/meta-arm-toolchain/recipes-devtools/external-arm-toolchain/gcc-aarch64-none-elf_13.3.rel1.bb: meta-arm/meta-arm-toolchain/recipes-devtools/external-arm-toolchain/arm-binary-toolchain.inc:31 has a lack of whitespace around the assignment: 'SKIP_FILEDEPS="1"'
WARNING: meta-arm/meta-arm-toolchain/recipes-devtools/external-arm-toolchain/gcc-arm-none-eabi_13.3.rel1.bb: meta-arm/meta-arm-toolchain/recipes-devtools/external-arm-toolchain/arm-binary-toolchain.inc:31 has a lack of whitespace around the assignment: 'SKIP_FILEDEPS="1"'
WARNING: meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/tf-a-tests_2.10.3.bb: meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/tf-a-tests_2.10.3.bb:37 has a lack of whitespace around the assignment: 'export CROSS_COMPILE="${TARGET_PREFIX}"'
WARNING: meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/tf-a-tests_2.12.0.bb: meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/tf-a-tests_2.12.0.bb:38 has a lack of whitespace around the assignment: 'export CROSS_COMPILE="${TARGET_PREFIX}"'
WARNING: meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.10.12.bb: meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc:80 has a lack of whitespace around the assignment: 'export CROSS_COMPILE="${TARGET_PREFIX}"'
WARNING: meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.12.1.bb: meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc:80 has a lack of whitespace around the assignment: 'export CROSS_COMPILE="${TARGET_PREFIX}"'
WARNING: meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_git.bb: meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc:80 has a lack of whitespace around the assignment: 'export CROSS_COMPILE="${TARGET_PREFIX}"'
WARNING: meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_2.1.1.bb: meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m.inc:89 has a lack of whitespace around the assignment: 'export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules"'
WARNING: meta-arm/meta-arm/recipes-bsp/trusted-firmware-rmm/trusted-firmware-rmm_0.6.0.bb: meta-arm/meta-arm/recipes-bsp/trusted-firmware-rmm/trusted-firmware-rmm_0.6.0.bb:34 has a lack of whitespace around the assignment: 'export CROSS_COMPILE="${TARGET_PREFIX}"'
WARNING: meta-arm/meta-arm/recipes-devtools/fvp/fvp-base-a-aem_11.28.23.bb: meta-arm/meta-arm/recipes-devtools/fvp/fvp-common.inc:42 has a lack of whitespace around the assignment: 'PV_URL_SHORT="${@get_fm_short_pv_url(d)}"'
WARNING: meta-arm/meta-arm/recipes-devtools/fvp/fvp-corstone1000.bb: meta-arm/meta-arm/recipes-devtools/fvp/fvp-common.inc:42 has a lack of whitespace around the assignment: 'PV_URL_SHORT="${@get_fm_short_pv_url(d)}"'
WARNING: meta-arm/meta-arm/recipes-devtools/fvp/fvp-library.bb: meta-arm/meta-arm/recipes-devtools/fvp/fvp-common.inc:42 has a lack of whitespace around the assignment: 'PV_URL_SHORT="${@get_fm_short_pv_url(d)}"'
WARNING: meta-arm/meta-arm/recipes-devtools/fvp/fvp-n1-edge.bb: meta-arm/meta-arm/recipes-devtools/fvp/fvp-common.inc:42 has a lack of whitespace around the assignment: 'PV_URL_SHORT="${@get_fm_short_pv_url(d)}"'
WARNING: meta-arm/meta-arm/recipes-devtools/fvp/fvp-sgi575.bb: meta-arm/meta-arm/recipes-devtools/fvp/fvp-common.inc:42 has a lack of whitespace around the assignment: 'PV_URL_SHORT="${@get_fm_short_pv_url(d)}"'
WARNING: meta-arm/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb: meta-arm/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb:21 has a lack of whitespace around the assignment: 'FTPM_UUID="bc50d971-d4c9-42c4-82cb-343fb7f37896"'
WARNING: meta-arm/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb: meta-arm/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb:53 has a lack of whitespace around the assignment: 'export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules"'
WARNING: meta-arm/meta-arm/recipes-security/optee/optee-examples_4.3.0.bb: meta-arm/meta-arm/recipes-security/optee/optee.inc:34 has a lack of whitespace around the assignment: 'export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules"'
WARNING: meta-arm/meta-arm/recipes-security/optee/optee-os-tadevkit_4.3.0.bb: meta-arm/meta-arm/recipes-security/optee/optee.inc:34 has a lack of whitespace around the assignment: 'export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules"'
WARNING: meta-arm/meta-arm/recipes-security/optee/optee-os_4.3.0.bb: meta-arm/meta-arm/recipes-security/optee-ftpm/optee-os_%.bbappend:1 has a lack of whitespace around the assignment: 'FTPM_UUID="bc50d971-d4c9-42c4-82cb-343fb7f37896"'
WARNING: meta-arm/meta-arm/recipes-security/optee/optee-os_4.3.0.bb: meta-arm/meta-arm/recipes-security/optee/optee-os-ts.inc:11 has a lack of whitespace around the assignment: 'TS_BIN_SPM_TEST= "${RECIPE_SYSROOT}/usr/opteesp/bin"'
WARNING: meta-arm/meta-arm/recipes-security/optee/optee-os_4.3.0.bb: meta-arm/meta-arm/recipes-security/optee/optee.inc:34 has a lack of whitespace around the assignment: 'export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules"'
WARNING: meta-arm/meta-arm/recipes-security/optee/optee-test_4.3.0.bb: meta-arm/meta-arm/recipes-security/optee/optee.inc:34 has a lack of whitespace around the assignment: 'export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/libts_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/libts_git.bb:12 has a lack of whitespace around the assignment: 'OECMAKE_SOURCEPATH="${S}/deployments/libts/${TS_ENV}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/libts_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/trusted-services.inc:37 has a lack of whitespace around the assignment: 'export CROSS_COMPILE="${TARGET_PREFIX}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-demo_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/trusted-services.inc:37 has a lack of whitespace around the assignment: 'export CROSS_COMPILE="${TARGET_PREFIX}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-demo_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-demo_git.bb:13 has a lack of whitespace around the assignment: 'OECMAKE_SOURCEPATH="${S}/deployments/ts-demo/${TS_ENV}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-psa-crypto-api-test_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/trusted-services.inc:37 has a lack of whitespace around the assignment: 'export CROSS_COMPILE="${TARGET_PREFIX}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-psa-iat-api-test_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/trusted-services.inc:37 has a lack of whitespace around the assignment: 'export CROSS_COMPILE="${TARGET_PREFIX}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-psa-its-api-test_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/trusted-services.inc:37 has a lack of whitespace around the assignment: 'export CROSS_COMPILE="${TARGET_PREFIX}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-psa-ps-api-test_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/trusted-services.inc:37 has a lack of whitespace around the assignment: 'export CROSS_COMPILE="${TARGET_PREFIX}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-remote-test_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/trusted-services.inc:37 has a lack of whitespace around the assignment: 'export CROSS_COMPILE="${TARGET_PREFIX}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-service-test_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/trusted-services.inc:37 has a lack of whitespace around the assignment: 'export CROSS_COMPILE="${TARGET_PREFIX}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-attestation_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/trusted-services.inc:37 has a lack of whitespace around the assignment: 'export CROSS_COMPILE="${TARGET_PREFIX}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-attestation_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-attestation_git.bb:8 has a lack of whitespace around the assignment: 'OECMAKE_SOURCEPATH="${S}/deployments/attestation/config/${TS_SP_IAT_CONFIG}-${TS_ENV}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-attestation_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-common.inc:42 has a lack of whitespace around the assignment: 'OECMAKE_ARGS:remove="-DCMAKE_TOOLCHAIN_FILE:FILEPATH=${WORKDIR}/toolchain.cmake"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-block-storage_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/trusted-services.inc:37 has a lack of whitespace around the assignment: 'export CROSS_COMPILE="${TARGET_PREFIX}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-block-storage_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-block-storage_git.bb:13 has a lack of whitespace around the assignment: 'OECMAKE_SOURCEPATH="${S}/deployments/block-storage/config/${TS_SP_BLOCK_STORAGE_CONFIG}-${TS_ENV}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-block-storage_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-common.inc:42 has a lack of whitespace around the assignment: 'OECMAKE_ARGS:remove="-DCMAKE_TOOLCHAIN_FILE:FILEPATH=${WORKDIR}/toolchain.cmake"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-crypto_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/trusted-services.inc:37 has a lack of whitespace around the assignment: 'export CROSS_COMPILE="${TARGET_PREFIX}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-crypto_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-common.inc:42 has a lack of whitespace around the assignment: 'OECMAKE_ARGS:remove="-DCMAKE_TOOLCHAIN_FILE:FILEPATH=${WORKDIR}/toolchain.cmake"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-crypto_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-crypto_git.bb:10 has a lack of whitespace around the assignment: 'OECMAKE_SOURCEPATH="${S}/deployments/crypto/config/${TS_SP_CRYPTO_CONFIG}-${TS_ENV}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-fwu_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/trusted-services.inc:37 has a lack of whitespace around the assignment: 'export CROSS_COMPILE="${TARGET_PREFIX}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-fwu_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-common.inc:42 has a lack of whitespace around the assignment: 'OECMAKE_ARGS:remove="-DCMAKE_TOOLCHAIN_FILE:FILEPATH=${WORKDIR}/toolchain.cmake"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-fwu_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-fwu_git.bb:14 has a lack of whitespace around the assignment: 'OECMAKE_SOURCEPATH="${S}/deployments/fwu/config/${TS_SP_FWU_CONFIG}-${TS_ENV}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-its_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/trusted-services.inc:37 has a lack of whitespace around the assignment: 'export CROSS_COMPILE="${TARGET_PREFIX}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-its_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-common.inc:42 has a lack of whitespace around the assignment: 'OECMAKE_ARGS:remove="-DCMAKE_TOOLCHAIN_FILE:FILEPATH=${WORKDIR}/toolchain.cmake"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-its_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-its_git.bb:8 has a lack of whitespace around the assignment: 'OECMAKE_SOURCEPATH="${S}/deployments/internal-trusted-storage/config/${TS_SP_ITS_CONFIG}-${TS_ENV}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-se-proxy_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/trusted-services.inc:37 has a lack of whitespace around the assignment: 'export CROSS_COMPILE="${TARGET_PREFIX}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-se-proxy_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-common.inc:42 has a lack of whitespace around the assignment: 'OECMAKE_ARGS:remove="-DCMAKE_TOOLCHAIN_FILE:FILEPATH=${WORKDIR}/toolchain.cmake"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-se-proxy_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-se-proxy_git.bb:10 has a lack of whitespace around the assignment: 'OECMAKE_SOURCEPATH="${S}/deployments/se-proxy/config/${TS_SP_SE_PROXY_CONFIG}-${TS_ENV}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-smm-gateway_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/trusted-services.inc:37 has a lack of whitespace around the assignment: 'export CROSS_COMPILE="${TARGET_PREFIX}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-smm-gateway_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-common.inc:42 has a lack of whitespace around the assignment: 'OECMAKE_ARGS:remove="-DCMAKE_TOOLCHAIN_FILE:FILEPATH=${WORKDIR}/toolchain.cmake"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-smm-gateway_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-smm-gateway_git.bb:8 has a lack of whitespace around the assignment: 'OECMAKE_SOURCEPATH="${S}/deployments/smm-gateway/config/${TS_SP_SMM_GATEWAY_CONFIG}-${TS_ENV}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test1_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/trusted-services.inc:37 has a lack of whitespace around the assignment: 'export CROSS_COMPILE="${TARGET_PREFIX}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test1_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-common.inc:42 has a lack of whitespace around the assignment: 'OECMAKE_ARGS:remove="-DCMAKE_TOOLCHAIN_FILE:FILEPATH=${WORKDIR}/toolchain.cmake"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test1_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test-common.inc:10 has a lack of whitespace around the assignment: 'OECMAKE_SOURCEPATH="${S}/deployments/spm-test${SP_INDEX}/${TS_ENV}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test1_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test1_git.bb:3 has a lack of whitespace around the assignment: 'SP_INDEX="1"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test2_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/trusted-services.inc:37 has a lack of whitespace around the assignment: 'export CROSS_COMPILE="${TARGET_PREFIX}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test2_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-common.inc:42 has a lack of whitespace around the assignment: 'OECMAKE_ARGS:remove="-DCMAKE_TOOLCHAIN_FILE:FILEPATH=${WORKDIR}/toolchain.cmake"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test2_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test-common.inc:10 has a lack of whitespace around the assignment: 'OECMAKE_SOURCEPATH="${S}/deployments/spm-test${SP_INDEX}/${TS_ENV}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test2_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test2_git.bb:3 has a lack of whitespace around the assignment: 'SP_INDEX="2"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test3_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/trusted-services.inc:37 has a lack of whitespace around the assignment: 'export CROSS_COMPILE="${TARGET_PREFIX}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test3_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-common.inc:42 has a lack of whitespace around the assignment: 'OECMAKE_ARGS:remove="-DCMAKE_TOOLCHAIN_FILE:FILEPATH=${WORKDIR}/toolchain.cmake"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test3_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test-common.inc:10 has a lack of whitespace around the assignment: 'OECMAKE_SOURCEPATH="${S}/deployments/spm-test${SP_INDEX}/${TS_ENV}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test3_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test3_git.bb:3 has a lack of whitespace around the assignment: 'SP_INDEX="3"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test4_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/trusted-services.inc:37 has a lack of whitespace around the assignment: 'export CROSS_COMPILE="${TARGET_PREFIX}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test4_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-common.inc:42 has a lack of whitespace around the assignment: 'OECMAKE_ARGS:remove="-DCMAKE_TOOLCHAIN_FILE:FILEPATH=${WORKDIR}/toolchain.cmake"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test4_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test-common.inc:10 has a lack of whitespace around the assignment: 'OECMAKE_SOURCEPATH="${S}/deployments/spm-test${SP_INDEX}/${TS_ENV}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test4_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test4_git.bb:3 has a lack of whitespace around the assignment: 'SP_INDEX="4"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-storage_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/trusted-services.inc:37 has a lack of whitespace around the assignment: 'export CROSS_COMPILE="${TARGET_PREFIX}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-storage_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-common.inc:42 has a lack of whitespace around the assignment: 'OECMAKE_ARGS:remove="-DCMAKE_TOOLCHAIN_FILE:FILEPATH=${WORKDIR}/toolchain.cmake"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-storage_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-storage_git.bb:8 has a lack of whitespace around the assignment: 'OECMAKE_SOURCEPATH="${S}/deployments/protected-storage/config/${TS_SP_PS_CONFIG}-${TS_ENV}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-uefi-test_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/trusted-services.inc:37 has a lack of whitespace around the assignment: 'export CROSS_COMPILE="${TARGET_PREFIX}"'
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Enables building latest bleeding edge tf-a and mbedtls with
local.conf setup:
INHERIT += "poky-bleeding"
POKY_AUTOREV_RECIPES += "trusted-firmware-a"
SRCREV_mbedtls:pn-trusted-firmware-a = "AUTOINC"
SRCREV_tfa:pn-trusted-firmware-a = "AUTOINC"
SRCBRANCH:pn-trusted-firmware-a = "master"
SRCBRANCH_MBEDTLS:pn-trusted-firmware-a = "master"
LIC_FILES_CHKSUM:pn-trusted-firmware-a = "file://docs/license.rst;md5=1118e32884721c0be33267bd7ae11130"
BBMASK += "meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.10.12.bb"
BBMASK += "meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.11.0.bb"
This includes workarounds for poky-bleeding.bbclass which doesn't
work with multiple SRCREV variables, masking away
tf-a 2.10 and 2.11 recipes which cause recipe parsing problems
and only one recipe needed to build latest upstream master
branch to avoid 503 error codes from remote git server.
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
- Change libts to stop making udev related configuration if optee-client
is deployed to the target to avoid conflicts.
- Remove the executable permission from installed tee-udev.rules file.
- Remove teepriv device from udev file as this device is op-tee specific.
Signed-off-by: Gyorgy Szing <gyorgy.szing@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Change optee-client to use the same bitbake variable to configure the
group name used for controlling access to /dev/tee* devices on the
target. The aim is to simplify system configuration by aligning the
two recipes.
Signed-off-by: Gyorgy Szing <gyorgy.szing@arm.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Stop the tee-supplicant being run with root privileges when the system
is not using systemd.
Signed-off-by: Gyorgy Szing <gyorgy.szing@arm.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Eliminate the systemd specific install content fix-up commands appended
to do_install.
- patch optee-client to allow controlling installation of systemd and
udev specific configuration files.
- pass driver group names to optee-client build
Signed-off-by: Gyorgy Szing <gyorgy.szing@arm.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add recipes to allow building OP-TEE v4.4. This is the first version
carrying an SPMC implementation which supports branch protection.
Update corstone1000:
- to use the new op-tee version
- `CFG_TZDRAM_SIZE` is increased further from `0x340000` to `0x360000`
as version 4.4.0 of OP-TEE OS requires more memory
Signed-off-by: Gyorgy Szing <gyorgy.szing@arm.com>
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
optee-os: corestone1000: udpate to op-tee v4.4
Update OP-TEE version and add a patch to increase TZDRAM size to add
more memory to OP-TEE.
Signed-off-by: Gyorgy Szing <gyorgy.szing@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Use backported upstream patch for udev rule and systemd service file.
sysvinit script is still used from meta-arm. Don't install systemd
service without systemd distro feature, other way round for
sysvinit script.
tee-supplicant started by systemd service runs as non-root teesuppl
user with teepriv group. sysvinit still runs as root since busybox
start-stop-daemon doesn't support -g group parameter and -u teesuppl
doesn't seem to change the effective user.
udev rules allow non-root /dev/tee* access from tee and
/dev/teepriv* access from teepriv groups.
Tested sysvinit changes with:
$ kas build ci/qemuarm64-secureboot.yml:ci/poky.yml:ci/testimage.yml
and systemd changes with:
$ kas build ci/qemuarm64-secureboot.yml:ci/poky.yml:ci/testimage.yml:ci/uefi-secureboot.yml
Cc: tom.hochstein@nxp.com
Cc: sahil.malhotra@nxp.com
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
edk2-firmware build scripts use printenv to print SOURCE_DATE_EPOCH
but that is not in HOSTTOOLS and thus fails with configurations
which use VirtualRealTimeClockLib. Change to using SOURCE_DATE_EPOCH
environment variable directly to fix builds. I think this is OE
specific build config change but filed a bug report upstream
https://github.com/tianocore/edk2/issues/10910
since the fallback mechanism is not working.
Applying patch in 202411 recipe and not .inc since 202408 recipe
from meta-arm-bsp does not find the patch file from meta-arm
side.
[Jon Mason: corrected issues with email patch mangling for edk2]
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Print all of the environment variables in the update-repos task for
introspection, instead of a subset.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Having local repo caches is a little fiddly to manage, and by definition
we're running CI inside GitLab which supports mirroring repositories
automatically.
As these mirrors are always available and update automatically, make
Kas reference directories opt-in and instead expect that the site is
either fine with full fetches, or is using KAS_PREMIRRORS.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The update-repos job can "fail with warnings" if the reference repository
fetch fails. This is intentionally a warning as the CI may have set
KAS_PREMIRRORS and a stale cache is fine.
However, by default artifacts are only saved on successful jobs, so if
this happens the lockfile.yml isn't saved. Ensure the artifacts are
always saved so the rest of the pipeline is successful.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add FVP support to sgi575 and run a boot test as part of CI. Networking
is not currently working and seems to require an older version of edk2
to boot the kernel. Also, the unique files for grub and wks do not seem
to be necessary.
Signed-off-by: Jon Mason <jon.mason@arm.com>
In the SRC_URI, the branch name variables are switched for edk2 and
edk2-platforms. Switch them as appropriate.
Fixes: bf204866e8 ("arm: Use SRC* variables consistently")
Signed-off-by: Jon Mason <jon.mason@arm.com>
Instead of assuming that the repository was created with the latest URL,
fetch the repository explicitly when fetching.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
If update-repos fails with status 128 then that means it failed to fetch
the remote repositories. This should result in a warning not a failure
but flock was just returning status 1.
Save the exit code and if it returns 128 continue but exit with it
later, so the lockfile generation still occurs but the job doesn't fail.
Also, only call the update-repos script if KAS_REPO_REF_DIR has been set.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
qemuarm64-secureboot directory in path to 0001-Add-spmc_manifest-for-qemu.patch
hides the patch from machines with different names and thus break builds
unless overrides are set to include "qemuarm64-secureboot".
Move patch to plain "files" directory to avoid build failures
and this cumbersome workaround.
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The download filename wasn't versioned so multiple versions would write
to the same file on disk and conflict, causing repeated downloads and
fetch failures.
Add the PV to the filename on disk to resolve this.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This stops the job being stuck if the runners will only take jobs that
have been tagged.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update to the lts-v2.12.1 tag. Changes include a number of CVE fixes
and mbedtls minor version bump:
8cf9edba5cc3 docs(changelog): changelog for lts-v2.12.1 release
f5d048108bf3 Merge changes from topic "for-lts-v2.12.1" into lts-v2.12
56472775f96d docs(maintainers): update LTS maintainers
baab55315c7f docs: updates to LTS
f00f71efc410 docs: add inital lts doc
1a8ee82c6d77 Merge changes from topic "for-lts-v2.12.1" into lts-v2.12
b19ce90a908c fix(rd1ae): fix rd1-ae device tree
34f10e7d9fc7 feat(rd1ae): add Generic Timer in device tree
551dc4c09f57 docs(rd1ae): update documentation to include BL32
8e4240779867 feat(rd1ae): add support for OP-TEE SPMC
8e4bb69c747e feat(mbedtls): mbedtls config update for v3.6.2
a46d6a1320d7 docs(prerequisites): update mbedtls to version 3.6.2
2ffe181a3982 refactor(mbedtls): rename default mbedtls confs
3809359e2124 fix(cpus): workaround for Neoverse-V3 erratum 3701767
4a9ff092c9b4 fix(cpus): workaround for Neoverse-N3 erratum 3699563
7e41b706e97c fix(cpus): workaround for Neoverse-N2 erratum 3701773
15300ac30c55 fix(cpus): workaround for Cortex-X925 erratum 3701747
6e0efc7fe739 fix(cpus): workaround for Cortex-X4 erratum 3701758
8299c1274617 fix(cpus): workaround for Cortex-X3 erratum 3701769
fa6c9874485b fix(cpus): workaround for Cortex-X2 erratum 3701772
4e78288fd2bc fix(cpus): workaround for Cortex-A725 erratum 3699564
ae6edfd5b543 fix(cpus): workaround for Cortex-A720-AE erratum 3699562
24526273fc50 fix(cpus): workaround for Cortex-A720 erratum 3699561
a7b322706435 fix(cpus): workaround for Cortex-A715 erratum 3699560
d4826882210b fix(cpus): workaround for Cortex-A710 erratum 3701772
9d6143ec8ffb fix(cpus): workaround for accessing ICH_VMCR_EL2
7e4bf042a0dd chore(cpus): fix incorrect header macro
9427c061eb8d fix(security): apply SMCCC_ARCH_WORKAROUND_4 to affected cpus
bea64fd5272d fix(security): add support in cpu_ops for CVE-2024-7881
16b87247ed03 fix(security): add CVE-2024-7881 mitigation to Cortex-X3
427c33bc0c0b fix(security): add CVE-2024-7881 mitigation to Neoverse-V3
192a152448ae fix(security): add CVE-2024-7881 mitigation to Neoverse-V2
3e4d94c43b64 fix(security): add CVE-2024-7881 mitigation to Cortex-X925
41a52efd6f38 fix(security): add CVE-2024-7881 mitigation to Cortex-X4
2f09b9f3c2af fix(security): enable WORKAROUND_CVE_2024_7881 build option
70a7d3f2d030 fix(cpus): workaround for CVE-2024-5660 for Cortex-X925
41b64fe36f42 fix(cpus): workaround for CVE-2024-5660 for Cortex-X2
0b2d22097c96 fix(cpus): workaround for CVE-2024-5660 for Cortex-A77
193370e1c6a2 fix(cpus): workaround for CVE-2024-5660 for Neoverse-V1
d52c52a5fa8c fix(cpus): workaround for CVE-2024-5660 for Cortex-A78_AE
3bd6531a55a4 fix(cpus): workaround for CVE-2024-5660 for Cortex-A78C
eda09acd1b22 fix(cpus): workaround for CVE-2024-5660 for Cortex-A78
b9766da96365 fix(cpus): workaround for CVE-2024-5660 for Cortex-X1
6324220805b1 fix(cpus): workaround for CVE-2024-5660 for Neoverse-N2
6041f0723994 fix(cpus): workaround for CVE-2024-5660 for Cortex-A710
b23f5da614e6 fix(cpus): workaround for CVE-2024-5660 for Neoverse-V2
ef378713fa4b fix(cpus): workaround for CVE-2024-5660 for Cortex-X3
2898088f8ba6 fix(cpus): workaround for CVE-2024-5660 for Neoverse-V3
b8e111c72619 fix(cpus): workaround for CVE-2024-5660 for Cortex-X4
a6f6396313ea fix(cpus): workaround for Cortex-X4 erratum 2923985
d1c3a5d8b9d8 fix(build): do not force PLAT in plat_helpers.mk
ea1b816b1763 chore(deps): update pytest for cot-dt2c
65762d7b4cfc chore(deps): bump jinja2
87f3125a0e45 chore(deps): bump jinja2 in the pip group across 1 directory
b4530565c030 chore(deps): bump the pip group across 2 directories with 1 update
11e5f92d3d43 build(deps): bump setuptools in the pip group across 1 directory
850389f4acfe chore(deps): bump micromatch
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update to the latest version of edk2. Unfortunately, sbsa-ref has a
kernel warning due to the CPU topology that was added. So, hold this
platform back to 202408 and move those recipes to meta-arm-bsp.
Signed-off-by: Jon Mason <jon.mason@arm.com>
It's not clear why this happens but this error is visible
in CI builds too often. Root cause needs analysis but
ignore the error for now.
https://autobuilder.yoctoproject.org/valkyrie/#/builders/75/builds/1190/steps/23/logs/stdio
Traceback (most recent call last):
File "/srv/pokybuild/yocto-worker/meta-arm/build/meta/lib/oeqa/core/decorator/__init__.py", line 35, in wrapped_f
return func(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^
File "/srv/pokybuild/yocto-worker/meta-arm/build/meta/lib/oeqa/runtime/cases/parselogs.py", line 185, in test_parselogs
self.assertEqual(errcount, 0, msg=self.msg)
AssertionError: 1 != 0 : Log: /srv/pokybuild/yocto-worker/meta-arm/build/build/tmp/work/sbsa_ref-poky-linux/core-image-sato/1.0/target_logs/Xorg.0.log
-----------------------
Central error: [ 103.173] failed to find screen to remove
***********************
[ 101.955] (**) QEMU QEMU USB Tablet: (accel) selected scheme none/0
[ 101.955] (**) QEMU QEMU USB Tablet: (accel) acceleration factor: 2.000
[ 101.958] (**) QEMU QEMU USB Tablet: (accel) acceleration threshold: 4
[ 102.144] (II) event0 - QEMU QEMU USB Tablet: is tagged by udev as: Mouse
[ 102.169] (II) event0 - QEMU QEMU USB Tablet: device is a pointer
[ 102.228] (II) config/udev: Adding input device QEMU QEMU USB Keyboard (/dev/input/event1)
[ 102.228] (**) QEMU QEMU USB Keyboard: Applying InputClass "libinput keyboard catchall"
[ 102.229] (II) Using input driver 'libinput' for 'QEMU QEMU USB Keyboard'
[ 102.229] (**) QEMU QEMU USB Keyboard: always reports core events
[ 102.229] (**) Option "Device" "/dev/input/event1"
[ 102.318] (II) event1 - QEMU QEMU USB Keyboard: is tagged by udev as: Keyboard
[ 102.326] (II) event1 - QEMU QEMU USB Keyboard: device is a keyboard
[ 102.345] (II) event1 - QEMU QEMU USB Keyboard: device removed
[ 102.385] (**) Option "config_info" "udev:/sys/devices/platform/PNP0D10:00/usb1/1-2/1-2:1.0/0003:0627:0001.0002/input/input1/event1"
[ 102.386] (II) XINPUT: Adding extended input device "QEMU QEMU USB Keyboard" (type: KEYBOARD, id 7)
[ 102.519] (II) event1 - QEMU QEMU USB Keyboard: is tagged by udev as: Keyboard
[ 102.527] (II) event1 - QEMU QEMU USB Keyboard: device is a keyboard
[ 103.105] (II) modeset(0): Disabling kernel dirty updates, not required.
[ 103.165] (II) config/udev: removing GPU device /sys/devices/pci0000:00/0000:00:01.0/drm/card0 /dev/dri/card0
[ 103.173] xf86: remove device 0 /sys/devices/pci0000:00/0000:00:01.0/drm/card0
[ 103.173] failed to find screen to remove
***********************
1 errors found in logs.
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
I accidentally created two variables sections, resulting in our build
jobs running on very limited containers.
Signed-off-by: Ross Burton <ross.burton@arm.com>
We were only setting the k8s CPU request in .build jobs not .setup. This
was intentional initially so that only the build jobs get more resources,
but some of the non-.build jobs are resource-heavy. For example, the
pending-updates job has to parse the entire metadata from scratch, and
that sometimes takes longer than usual when we only have two cores to
use.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
genericarm64 machines may have firmware with optee support
and thus also optee-ftpm may be compiled and used there.
tee-supplicant will load TAs at runtime if support is
detected.
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
optee-client/tee-supplicant, optee-os-tadevkit and optee-test can be
compiled for genericarm64 and these detect firmware optee support at
runtime. Using qemuarm64 compatible config for them.
optee-os itself may need HW specific config for different boards
and SoCs but these components work with same config on multiple boards.
Tested on qemu and AMD kv260 with Linaro Trusted Substrate firmware
(https://gitlab.com/Linaro/trustedsubstrate/meta-ts).
Note: optee-test version in userspace and optee-os version in firmware
must match for tests to pass.
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
mbedtls pushes to both master and main, but main is preferred.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The Pointer Authentication (PAC) instructions are part of v8.3, and BTI
(Branch Target Indentification) instructions are mandatory in v8.5.
As we want to use PAC/BTI everywhere in this BSP, bump the cores to
v8.5.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Do so for the usual reason of avoiding network access during recipe
parsing. Occasionally parsing will stall for me as it seems connectivity
to trustedfirmware.org can be flaky.
Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update to the latest commit.
Changes in gn between 5e3760073454c72f3458805a1b7a89ecf80353cb and ac6742520ded1da30d500f74e8affe86e27cabd5
ac6742520ded aarch64: Start Xen on Armv8-R at EL2
ba899d1d7227 aarch64: Implement PSCI for Armv8-R
476a0b6451d7 aarch64: Enable Armv8-R EL2 boot
0f00cf4cb8b2 Introduce --with-bw-arch for boot-wrapper compile arch
aafb5958eb9d Boot CPUs sequentially
d62de19c8661 Add printing functions
1ab497ed6c38 Simplify spin logic
1e576e54d0a4 Unify assembly setup paths
19ffbec99cf5 aarch32: Always enter kernel via exception return
e8e6f797bafa aarch32: Implement cpu_init_arch()
8745a2cd8e0a aarch32: Refactor inital entry
77c3316737fc aarch64: Always enter kernel via exception return
308d25f908a8 aarch64: Implement cpu_init_arch()
4dcb17f55300 aarch64: Remove redundant EL1 entry logic
400f0a86dcc8 Revert "configure: allow the use of bare-metal toolchains"
1fea854771f9 configure: allow the use of bare-metal toolchains
784feb9b0753 Makefile: suppress RWX segment warnings
e1d7651f3c2f Makefile: rework test-dtc-option
cd7fe8a88e82 aarch64: Enable access into RCW[S]MASK_EL1 registers from EL2 and below
1ac203146003 aarch64: Enable access into 128 bit system registers from EL2 and below
b13b3bdcb2a1 aarch64: Enable access into SCTLR2_ELx registers from EL2 and below
61b84b4a1c02 aarch64: Remove TSCXT bit set from SCTLR_EL2_RESET
3bac221638c4 configure: make --with-kernel-dir optional
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update trusted-firmware-m to the latest LTS (TF-Mv2.1.1)
Changes between 0c4c99ba33b3e66deea070e149279278dc7647f4 and 02bf279913439a07082dd581df033f370a8fbb92
02bf27991343 docs: Release notes for v2.1.1
7264a32e84a0 docs: rp2350: Minor docs & script improvements
4bad159af017 Docs: Release dates update
a5e02ec0c6a2 Align .gitignore contents to main branch
8fe944a652f5 Platform: RP2350: Fix NV counters in ITS
66bc1fa8eed9 Build: Fix patch formatting for 0001-iar-Add-missing-v8.1m-check.patch
895d44a4eb52 Platform: RP2350: Add NV counters to ITS
e81b741aa6cc tf-m-tests: Step version for rp2350 psa-arch-tests
2be65a027c86 Platform: rp2350: Add rwx linker flag conditionally for GNUARM
a85425417696 Platform: RP2350: Add RP2350 porting
9ed2e7c7f52b Platform/TFM/ITS/Config: Commits required for new platform porting
f12db7c872d5 cc3xx/low-level/pka: SRAM size depends on CC3XX version
c7e0192fab6f cc3xx/low-level/hash: wait for hash engine to be idle
42a4041bdff4 Crypto: Update to Mbed TLS 3.6.2
471c127e7755 Crypto: Add option to enforce ABI compatibility
7da71fd05445 tfm_spe_mailbox: Fix NULL pointer checks
974bc101e0b2 cc3xx/low-level/pka: wait for sw reset to be done before proceeding
89b9c4889c60 Crypto: Enforce MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS on Mbed TLS config
62b1300557c5 Crypto: Additional checks for writes to avoid out-of-bound access
a2cead6a9ef4 tfm_spe_mailbox: Use local vars for local_copy_vects
15afe61d1194 TFMV-8: Fix unchecked user-supplied pointer via mailbox message
22e8e89c8f56 tfm_spe_mailbox: Do not write-back on input vectors checks failure
12a4c5342965 tfm_spe_mailbox: Validate vectors from NSPE
75bbe3fc0240 CC3XX: Relax assert condition in aead_crypt for input
0db7ebf32ba3 Crypto: Protect writes to avoid out-of-bound access
2ecea430fbb4 Crypto: Prevent the scratch allocator from overflowing
fbcdc69b794d SPM: mailbox_agent_api: Free connection if params association fails
2a59580b5809 Crypto: Update to Mbed TLS 3.6.1
6a54ec89f22f Platform: STM32: script all_stm_platfrom
66596b4dae57 Platform: corstone1000: Fix isolation L2 memory protection
7045675209ca stm : fix error on b_u585i_iot02a with TF-Mv2.1.0
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update trusted-firmware-a to lts-v2.10.12
Changes between 7e63213601425c7a6d83e47dc936b264deb9df2b and 408ba4ddfe9a8d55e3e2488bea89c39adef07981
408ba4ddfe9a docs(changelog): changelog for lts-v2.10.12 release
7bdf51628eab Merge "docs(maintainers): update LTS maintainers" into lts-v2.10
8355ef7728ec docs(maintainers): update LTS maintainers
faceedf4e5c2 Merge changes from topic "for-lts-v2.10.12" into lts-v2.10
9007a3344e12 Merge changes from topic "gr/lts-doc-2.10" into lts-v2.10
924c7f42ce4a chore(deps): bump cross-spawn
7c8c034e5fed chore(deps): bump jinja2 in the pip group across 1 directory
3d85a19f2f54 docs: updates to LTS
13657a3f3f2a docs: add inital lts doc
a4c57c122407 Merge changes from topic "lts-v2.10.12" into lts-v2.10
564922601397 feat(mbedtls): mbedtls config update for v3.6.2
44161dcb10ab docs(prerequisites): update mbedtls to version 3.6.2
0ac65e7aa5ec refactor(mbedtls): rename default mbedtls confs
8b2c885739dd fix(arm): add extra hash config to validate ROTPK
832b92b7f615 docs(changelog): changelog for lts-v2.10.11 release
a3fc7c18c461 Merge changes from topic "for-lts-2.10.11" into lts-v2.10
196984e65da0 fix(cpus): workaround for Cortex-X4 erratum 2923985
0eed05ee70aa chore(cpus): optimise runtime errata applications
34e6d7cb8ce1 Merge changes from topic "sm/fix_erratum" into lts-v2.10
ad9dfdc5800c fix(cpus): workaround for CVE-2024-5660 for Cortex-X2
5673d345aaa3 fix(cpus): workaround for CVE-2024-5660 for Cortex-A77
4fd2a6702dd1 fix(cpus): workaround for CVE-2024-5660 for Neoverse-V1
a02a863d3156 fix(cpus): workaround for CVE-2024-5660 for Cortex-A78_AE
87250d2bb1ea fix(cpus): workaround for CVE-2024-5660 for Cortex-A78C
30c57c58abe3 fix(cpus): workaround for CVE-2024-5660 for Cortex-A78
c7d3c9eb2d81 fix(cpus): workaround for CVE-2024-5660 for Cortex-X1
282e63544d26 fix(cpus): workaround for CVE-2024-5660 for Neoverse-N2
f7ae819f03ae fix(cpus): workaround for CVE-2024-5660 for Cortex-A710
3efc9e13011d fix(cpus): workaround for CVE-2024-5660 for Neoverse-V2
17e17ed3f1e6 fix(cpus): workaround for CVE-2024-5660 for Cortex-X3
a6375e1feb42 fix(cpus): workaround for CVE-2024-5660 for Neoverse-V3
e42abf298321 fix(cpus): workaround for CVE-2024-5660 for Cortex-X4
698e68fe1fe9 fix(cpus): workaround for CVE-2024-5660 for Cortex-X925
b229b47bd86c chore: rename Blackhawk to Cortex-X925
96498991d1ce chore: rename Chaberton to Cortex-A725
b28aa38e28cf docs(changelog): changelog for lts-v2.10.10 release
8e74814ce52f Merge changes from topic "for-lts-v2.10.10" into lts-v2.10
c9f3fb5822dc build(deps): bump setuptools in the pip group across 1 directory
395ef3534cf1 chore(deps): bump micromatch
6c6e986bffb3 build(npm): update Node.js and all packages
c5d2a030a35f build(deps): bump braces
ebf6430a01c5 build(deps): bump idna from 3.4 to 3.7
93ad43e79ef7 build(deps): bump jinja2 from 3.1.2 to 3.1.4
f8a06a0f82ce build(deps): bump urllib3 from 2.0.2 to 2.2.2
3ea256c36a4b build(deps): bump pip from 23.1.2 to 23.3
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update to the latest gn commit.
Changes in gn between 95b0f8fe31a992a33c040bbe3867901335c12762 and ab638bd7cbb9ac8468bf2fbe60c74ed4706a14a7
ab638bd7cbb9 Revert "Speed-up GN with custom OutputStream interface."
2dd9331a7041 Speed-up GN with custom OutputStream interface.
ed1abc107815 Add `exec_script_allowlist` to replace `exec_script_whitelist`.
c97a86a72105 Retry ReplaceFile in case of failure
7296b601ea80 Fix crash when NinjaBuildWriter::RunAndWriteFile fails
468c6128db7f fix include for escape.h
5a47a93b9426 fix exit code for gn gen failure
24e92acb8472 misc: Use html.escape instead of cgi.escape
feafd1012a32 Do not copy parent build_dependency_files_ in Scope constructors.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update to the latest stable version (1.5.5), comprised of the following
commits:
742d60ed7dc7 opencsd: Update version info and README for 1.5.5
7ca491c516b8 build: Update docs for MacOS support
cac83e59666e build: Add MacOS development makefile
e56eff270ca2 build: Use .dylib shared library suffix for MacOS
35f957d2a97a build: Create initial MacOS makefile
44dff5b22a26 build: Restore Linux build support
a0e13010e1d6 build: Rename build folders as 'unix_common' for upcoming MacOS support
ecdde9f69307 tests: Add option to suppress elapsed processing time in test program.
821632be920c tests: update mem_buff_demo test to add options.
70e472c9387f opencsd: Memacc object cleanup fix
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update to the latest version of halfnium
Changes between 2bef7ab3895c48d39b84ab58179b2d0de5156b8b and 2cf2ca7c4b81ab18e9cd363d9a5c8288e2a94fda
2cf2ca7c4b81 docs: the change log for the v2.12 release
69e18eb52d63 docs: update the threat model for IPI threats
c9866ab33c7a docs: add description of single service IPI support
b17856caec30 test: interrupt targeting blocked vcpu is queued
0ee13d9cc510 test: add helpers to share page for coordination btw endpoints
eda971da9f4c fix: queue interrupt targeting blocked vcpu
0a69718c6298 fix(docs): fixes to the docs to fix build errors
4b3d26803b56 test(ipi): IPI to invalid vCPU fails
2f579f93c1d9 test: multiple SPs periodic deadlines on multiple cores
8157b6897a8f test: multiple SPs with periodic deadline
b390a0d12967 test(ipi): set target vCPU in VCPU_STATE_BLOCKED
2affbc7a7bbb test(ipi): target vCPU set in VCPU_STATE_PREEMPTED
180a65a7be5f feat(ipi): handle in VCPU_STATE_BLOCKED/PREEMPTED
84d49b67d2d9 fix(ipi): small fixes to the ipi implementation
0136b2bf3f35 test: migrate blocked vcpu with pending timer
da42b544504b test: timer expired while vcpu is in PREEMPTED state
7c9702280c62 chore: reduce verbosity of console messages for SPs
9243e772b209 docs: support for arch timer in secure world
c0110997e1f8 chore: add doc comment on Pauth fault tests
a067dc1d77f8 test: add unit tests for timer management
872742eec217 test: use watchdog timer as source of non secure interrupt
febcb625856e test: add driver for normal world watchdog timer
b9dd51451e46 test: introduce driver for sp805 peripheral
65827d703535 test: migrate vCPU of SP with pending timer deadline
593b8addcbdc test: multiple SPs programmed with timer deadlines
fe10878b1e1c test: SP reprograms the arch timer deadline
b2429b49c524 test: SP handles timer with short deadline
34c050a04357 test: commands for SP services to configure timer
64ae5a8d6a18 test: add SP helper utilities for arch timer
6b8cf4f361f6 feat(arch timer): handle spurious host timer interrupt
106bfc364d64 feat(arch timer): migrate vCPU with pending timer to another CPU
cf069a65988e feat(arch timer): resume SP if deadline expires in NWd
2efb3e103382 feat(arch timer): handle host timer interrupt tracking live deadline
32424db1d5d6 feat(arch timer): inject timer virtual interrupt before resuming vCPU
a3787c91a96c feat(arch timer): track pending timer configured by SP vCPU
28e988f3bb56 chore: exclude physical timer source file from static checks
f684d196422b feat(arch timer): trap and emulate physical timer access from SPs
d3ac7383c10f feat(arch timer): helpers to configure EL1 physical timer
f658f5e1a6e1 feat(arch timer): initialize timer list and host physical timer
def48d0365b3 feat(arch timer): introduce host timer driver
c31708afa85c feat(arch timer): helper utilities to add and remove from timer list
eed861e514ba feat(arch timer): data structure to track pending timers
08200fe0f2e2 test: physical interrupt preempts virtual interrupt handling
75331b3ee028 test: SPMC call chain not preemptible
179f567f17fe test: helpers commands to mimic secure interrupt scenarios
94946a1451e3 fix(interrupts): SPMC scheduled call chain shall not be preempted
025a451a9275 fix: simplify secure interrupt handling
c3fd9756a53e feat(memory share): handle GPF in FFA_MEM_FRAG_RX
e06384d55458 docs: document VM availability messages
50ef91174b38 refactor: api_ffa_msg_send_direct_resp
13f09815b474 refactor: don't pass sender/receiver ID
79504ff11a86 refactor: remove unused functions
a1a0235181b3 test: VM availability messaging tests
06e8b732abc2 feat: forward VM availability messages from SPMC to SP
d0356f85a2a2 refactor: `spmd_handler` refactorings
520bcc86451b test: VM created/destroyed partition properties
a603e0842531 feat: VM created/destroyed partition properties
18694027d10d feat: parse `vm-availability-messages`
1308a63f4851 test(ipi): FFA_NOTIFICATION_INFO_GET reports pending IPI
d270b869c989 test(ipi): target waiting vCPU whilst in SWd
537165559733 test(ipi): target waiting vCPU whilst in NWd
3a9510e81960 test(ipi): handling SRI in the NWd
377defd58730 test(ipi): send IPI to running vCPU
d2efb134495d test(ipi): state machine to help testing IPI
8be2651ff463 test(ipi): add unit tests for fetching pending IPIs
1f2babf02fd8 feat(ipi): report IPIs in FFA_NOTIFICATION_INFO_GET
960be20fecdc feat(ipi): handle IPI for waiting case
f3cf28cf7d4b feat(ipi): introduce IPI paravirtualised interface
18485946304c refactor: use bitfields for interrupt_descriptor struct
e44e18e5702b fix: increase stack size in primary VM
cc9d11383413 ci: increase timeout for long running tests
b8f9a899f0be test: if SPs wake up with eret FFA_RUN
4dbf4d95c63f fix: only normal world VMs need FFA_RUN
478faac95b69 refactor: always eret FFA_RUN to the caller
8ddb0e2d11e6 chore: drop the FFA_RUN tests
3190f5401e09 chore: specify updated submodule commit hash
baaf9e5bd0c5 docs: update FFA_PARTITION_INFO_GET(_REGS)
0ffce75f8244 refactor(notifications): verbose validity check
3e55c4d8e3de fix: check ff-a version for functionality support
d96c931b233d test(ff-a): report features in partition info get
7fb0fdb7ab97 fix: report indirect message and direct message 2
11f50e5ff10b chore: drop linux/driver project checks
d5d6c381e69c chore: drop the driver/linux submodule
8018929656f3 doc: refer the checkpatch.pl setup
d8e61447a1b5 ci: add script download checkpatch.pl
94b0fa111104 chore: drop rule to update linux binary
ddeedafa09d0 chore: drop the third_party/linux submodule
6b756a10770a ci: drop the setup with the hafnium driver
15e302616540 chore: drop hf_interrupt_inject
da6b099e5dfb chore: drop mailbox waiting list
9a9ed227a137 test(ff-a): FFA_MSG_WAIT called with pending message
ccbf26c078c7 docs: add FFA_MSG_WAIT description
ea8ccfe752cb refactor(notifications): drop the SRI state
ac0cb263714c chore: drop legacy timer support in hypervisor
9acc62973951 chore: remove legacy timer support tests
a74c97c4c184 test: interrupt targets blocked SP
23a7e58b6494 fix(interrupts): resume blocked vCPU and pend vIRQ line
3e749afb2d9b test(pauth): test PAuth usage from S-EL0
70c6ca0e0cb9 fix(pauth): use prng to generate S-EL0 pauth keys
9478e32bb811 refactor: UUID packing/unpacking
cca64d765bf0 refactor: `get_ffa_partition_info`
fb9c2a27a319 refactor: `api_ffa_fill_partition_info`
45abeebfd2b4 feat: report error if too many UUIDs in manifest
6053297ef775 refactor(manifest): UUID parsing
8c5de22b6b6a test: fork 'preempted_by_secure_interrupt'
bd32c97bdb07 refactor: simplify interception of FF-A calls
67f5ba3d10d3 refactor: boot order list to use list.h
8e02186908e0 refactor: rename list functions
3bfc36eab652 test(ff-a): cannot send indirect message when RX buffer full
3d5a9609bf43 test(ff-a): add RX retention tests to S-EL0 setup
a2103eb08381 feat(code-coverage): check elf files for folder include/exclude
c7270b752e5f fix(memory share): hypervisor retrieve request check
7640451f68fc fix(build): fix out of tree build specifying $OUT
36fcf881497b fix: detect pauth algorithm in cpu
483686441714 refactor: `memcpy` refactors
5d5f27972dbb fix: use correct load-address while adding offset
3bb825946fed fix(indirect message): set framework notifications
8ccd2d0f0552 fix: rename load address relative offset node name
67196c7ad3bc docs: document new `FFA_VERSION` behaviour
c4d9ae80b40b fix(ff-a): don't report ME interrupt to EL0
41c5da385103 fix(notifications): delay SRI flag use from NWd
d9e7c8fd3cf9 fix: in case the mailbox is FULL return FFA_RUN
77b4eef0071d fix(hftest): clear NPI when polling for notifications
486ffdce7223 test(ff-a): FFA_MSG_WAIT multicore RX buffer test
337dbdfa04ee test(ff-a): test FFA_MSG_WAIT with retain RX buffer flag
7253bd5c43fc feat(ff-a): add retain RX buffer flag to ffa_msg_wait
bc854180a4bb test(ff-a): verify FFA_MSG_WAIT releases RX buffer
be1a0b7a4d43 fix(ffa): add RX buffer release to FFA_MSG_WAIT
b8730e9f7263 refactor: moved api_interrupt_clear_decrement to vcpu
cfc8174a3a22 refactor: added ffa_msg_wait_complete
472f66a344c9 refactor: use vm_id_is_current_world
ac9407556eca refactor: rename implicit_completion_signal
3b31f09c4e80 refactor: create vcpu_secure_interrupt_complete
9a4b9c0b9592 fix(notifications): per-vCPU for MP only
318e90a733de feat: queue interrupt targeting blocked vcpu
c023e39839c0 test: new setup with S-EL1 UP SP as Service2
538b688a0865 test: register secondary entrypoint only for MP S-EL1
ec3bf2223df0 test: queue interrupt targeting a migrated vcpu in blocked state
97fa216c6ae9 test: queue interrupt targeting a migrated vcpu in running state
ce6baae61eee test: queue interrupt targeting a migrated vcpu in waiting state
4fff340ea012 test: queue multiple pending virtual interrupts
e1bec84e69f1 test: handle secure interrupt triggered by Generic Timer
95bb8fe60145 test: leverage build define to identify an S-EL0 SP
75a1ab7b9c3c test: update manifests to accommodate AP REFCLK timer device region
76fe642c630f test: add SP helper commands to manage generic timer
ad3fb6698931 test: add driver for AP REFCLK Generic timer
92b404ecffd6 test: driver for generic memory mapped system timer
ae519e184f12 test: map MMIO regions from device region nodes
7945bb578a0f refactor: reduce fields tracking interrupt handling for vcpus
93d3d7015108 feat(interrupts): target migratable S-EL1 UP vCPU
42e56c11d90e feat(interrupts): target migratable S-EL0 UP vCPU
48dc41c3890c feat(interrupts): queue if unable to signal virtual interrupt
c64d0645a4c4 feat(interrupts): prioritize servicing queued virtual interrupts
32913cb081cf feat(interrupts): data structures, helpers for queueing
b7c2558e1bbd fix(interrupts): drop the running priority before resuming vcpu
6acc53703857 fix(hftest): logs from different setups would override
ff651e335032 feat: hftest to disable_visualisation
6f6bf8a117f9 refactor: simplify functions to pend VI
33172403a44a fix: moved unsupported function log
3e9f605eba42 test: interrupt to be pended before boot
cc542042dbbd feat(interrupts): physical interrupt enabled
d533859d7826 chore: add venv to gitignore
1c56a252a966 fix(hftest): service set-up functions in core 0
65deaa433730 refactor: drop hypervisor-specific tests
6045881f4fe2 fix(notifications): vCPU ID check in get ABI
a2c79226b56b docs: redirect to a common ff-a binding document in TF-A
296ee70c7af7 refactor(memory share): split check of hyp retrieve request
058ddee34d02 fix: remove memory region's device attribute
71704804400a secure_tc: enable branch protection
9c5b1d3708f8 refactor: split `api_ffa_features`
650cb148d610 refactor: report FFA_YIELD
1a8c0cdb812c refactor: report secondary EP register supported
5a222641c137 refactor: permission get/set supported at S-EL0 partitions
4271ff9734fe refactor: remove arch/platform specific ffa_features
4e8e479805bb refactor: reduce log level of some log statements
be12343e0ceb fix(hftest): interrupt enable/disable
94f9a7303d06 fix(docs): refactor poetry dependency group
734981e83008 fix(memory share): dont change the PAS for device memory
9a444adfee0b refactor(hftest): update iris options
fd374b8c9227 fix(memory share): v1.1 emad reserved field check
5ebf4bf2c364 feat: parallelize `clang-tidy`
2ad6b66ef5f6 chore: fix `clang-tidy` warnings
a4d4a2b00cf2 fix: check `.h` files with `clang-tidy`
20acb0118db9 refactor: remove `make check`
ca9234c8510c refactor: reformat `.clang-tidy`
67a7926ce341 fix: first vCPU runs in the VCPU_STATE_RUNNING
77f39c21e52a fix(docs): point poetry readthedocs virtual env
bd43209c3d7f refactor: console log verbosity
052fa62be451 fix(docs): design doc typo fails the build
a33eca997600 fix(qemu): memory barriers to operate DMA
66a38bd5184d fix: fix build with clang-18
a5ea909bfc61 fix: fix build with clang-17
74ee3ab8bb56 fix: fix build with clang-16
6f1f1210152d feat: print vCPU ID
920362870c0d test: tests for printing sequentially and concurrently
31e5c95fd1c7 fix(hftest): define stacks for all secondary cores
7cdb36d7dfa8 test(mem share): RO mem cannot be zeroed during send
72d53a15d7b7 fix(boot): remove limit all partition memory is RW
c7a3848c7cc0 refactor: improve hftest error message
133ae6e2e48b feat(dlog): adopt FF-A in `stdout_putchar`
c5cebbc0e8d0 refactor: move log buffer from VM to vCPU
99fe2434f9d9 refactor: add documentation for interrupt controller in DT
1c26ae7ec65a fix(gic): add support for passing GIC data from DT in boot flow
99c5eff25b84 test: add unit tests to validate dma properties
718afa9ca629 refactor: create a helper function to obtain common fields
9c764b3e5437 refactor: use dma device properties struct within device node
7de26958d155 refactor: extract VM's log buffer into separate struct
6027b4f0bd7a fix: fix signature of `memcpy`
8f046e4873ea refactor: remove `CHECK_OR_ZERO` macro from `std.h`
2b56fc163c19 refactor: replace some uses of `uintptr_t` with `cpu_id_t`
b4ef4320e1d0 refactor: use typedef for CPU entry point functions
71d887b7cad0 refactor(memory share): improve naming of sender_orig_mode
c8e6e85d7f72 test(memory share): device as normal through descritor mem types
3b65a25f2642 test(memory share): lend device memory as normal
6e2613628196 fix(memory share): add precedence check for memory type
2268412d6968 test(memory share): normal memory lent as device
91052c3eb749 fix(memory share): log for invalid instruction access
3f295b18c75c feat(manifest): add overlap checks for SPMC memory
889cbf1e6e82 refactor: use enums for PSCI constants
5e99699970bc refactor: add helper function to check if VM is primary
8204182ee3d2 refactor: add helper functions for checking if VM is UP/MP
0a824e972474 chore: fix log strings
bd060340445e fix(memory share): relinquish from VM
9bbcb87d8873 fix(memory share): assert pointer before dereferencing
a39a84497eda feat(memory share): relinquish use `memcpy_trapped`
3f6527cd56f9 feat(memory share): revert memory retrieve
69cdfd9531f8 feat(memory share): avoid updating PTs
7b9cc432ce38 feat(memory share): memcpy_trapped to copy retrieve resp
8f2150d1d4c6 feat(memory share): `memcpy_trapped` to read from tx
f220d57a4102 fix(memory share): retrieve request validation
c9227c849e62 fix(memory share): multiple borrower with NWd VM
540cddfcb118 feat: introduce gicd_set_ctrl helper utility
cde596402559 test(ff-a): add tests for changing version through `FFA_VERSION`
64d930ee6c33 fix: check that calls to FFA_VERSION actually succeed
e9921275a326 fix: memory sharing tests
08befddc43c0 refactor: move `update_mm_security_state` to `common/ffa.c`
2909e54cf230 refactor: port tests due to new restrictions
d319fbbb5b9b fix: remove log statement that caused `FFA_VERSION` to fail
6eeec8e85a5f feat: restrict `FFA_VERSION` calls
0e617d9d2245 refactor(ff-a): `FFA_VERSION` related refactorings
4b846eb871c0 fix(mem share): zeroing RO memory during memory send
8fc1b5054cb2 fix: error codes need to be uint32_t
6fd6c1d6ecad fix: fix input validation in FFA_FEATURES
49ec1e42e218 refactor: refactor `api_ffa_features`
88851f90b88e feat: add macros to check bits
d1c34b5edee1 feat(mte): add error log for sync tag fault in EL2
95fbb31760eb feat(memory share): add memory share 64-bit ABIs
b9ae416a7d55 refactor: use `GET_ESR_EC` macro
5a13355b0802 refactor: add `GET_ESR_FNV`
9f7ce018c967 test(dlog): unit tests for `dlog` with binary format specifier
7efc8377234e feat(dlog): support binary unsigned integer format specifiers
e8937d9c2a05 chore(dlog): fix uses of `dlog` to use new format strings
544549064bb2 feat(dlog): check arguments to `dlog` at compile-time
50af30574657 test(dlog): unit tests for `dlog` with length modifiers
70894da99ab1 feat(dlog): handle length modifiers
e980e611ed8a refactor(dlog): miscellaneous changes related to logging
705b56e94b38 refactor(dlog): move `dlog_flush_buffer` to `api.c`
e8fdaed4c376 refactor(dlog): replace macros with enums
93157d09e78f test(dlog): unit tests for `dlog`
c9df08b45438 feat(hftest): assertion macros for strings
d2ef618a680c refactor(dlog): return number of characters written
222d9fbb3dee fix: enable `-Wsign-compare` in `ASSERT_EQ`
1064a9c8d3c3 refactor: use `enum ffa_error` for errors
824b63d9b256 feat: enable `-Wsign-compare`
b090762d1c4d fix: disable `-Wsign-compare` for dtc
4a88b9625897 feat: enable `-Wextra` flag
df099becb672 refactor(init): use memory pool for boot params
dc759f53ddbe refactor: use an enum for FF-A error codes
d38270c14fe8 refactor: use enum for SP commands
6a7c95926233 feat(hftest): rewrite error messages for failed assertions
76766e61e230 refactor: use `typeof` in `HFTEST_ASSERT_OP`
871b41e33565 refactor: always expand `assert` macro
3a3e08dbd653 fix: check for illegal values of gic related build flags
346a09cfce7f fix: check for illegal branch protection feature
0549849def41 fix: propagate enable_mte build flag to cflags
00d3b632aeda fix: incorrect calculation for number of boot info desc
b886d4930571 fix(memory share): drop check to instruction access
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update to the latest version.
License SHA changed due to the addition of "Artistic License 2.0" and
was missing entries for a few others that were there previously.
Signed-off-by: Jon Mason <jon.mason@arm.com>
The same tee-supplicant is available in the meta-arm layer
along with the recipe.
| meta-arm/recipes-security/optee/optee-client
| meta-arm/recipes-security/optee/optee-client/tee-supplicant.sh
| meta-arm/recipes-security/optee/optee-client/tee-supplicant@.service
| meta-arm/recipes-security/optee/optee-client.inc
| meta-arm/recipes-security/optee/optee-client_4.1.0.bb
Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update the TF-A git recipe to the latest commit (as it was older than
the 2.12 release previously). Also, update mbedtls to 3.6.2 (per the
tf-a docs in the master branch).
Signed-off-by: Jon Mason <jon.mason@arm.com>
TF-A Patches were erroneously moved to meta-arm-bsp, despite still being
needed by the recipes in meta-arm. Copy them back and make copious
apologies.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Gergely Kovacs
Ross Burton
Martin Jansa
Mikko Rapeli
Gyorgy Szing
Jon Mason
Andrew Jeffery
Jose Quaresma