The original patch was inadvertently removed by a subsequent commit.
This change restores the patch to fix failures in the PSA Crypto
Suite test on Corstone-1000.
Signed-off-by: Hugues KAMBA MPIANA <hugues.kambampiana@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The github URL where the image was located has gone away on the master
branch. Update the URL to point to the legacy branch, which should stay
around (according to the documentation).
Fixes: aebe535aa8 ("arm-systemready: Introduce the Arm SystemReady layer")
Signed-off-by: Jon Mason <jon.mason@arm.com>
Modify the upstream status of the patch to align a PSA crypto struct with
TF-M from Pending to Backport as it is included in TS v1.2.0 release candidate.
Signed-off-by: Hugues KAMBA MPIANA <hugues.kambampiana@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
BUILD_CC and friends are only needed for the build of BaseTools, so move
the assignments to that specific make call.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
GCC15 changed the behavior with how unions are initalized, which is
causing an issue with mbedtls in TS. Change the behavior to the
previous way of doing things until the fix has been released.
Signed-off-by: Jon Mason <jon.mason@arm.com>
The test cases for fvp-base will not fully run because the trusted
servies ones are the only ones (instead of being appended to the list).
Correcting this issue so that all the tests can be run.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update to the latest version of edk2-firmware. The sgi issue has been
corrected upstream, so the patch can now be dropped. Also, no longer
seeing the RELEASE issue on qemuarm/qemuarm64, and removing that
workaround.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update to the latest version of SBSA ACS. Since 7.1.4, BSA things were
put in a separate git repo and it now has a dependency on that.
Also, address an issue with BSA, GCC15, and incompatible pointer type
errors.
Signed-off-by: Jon Mason <jon.mason@arm.com>
The Yocto project changed the server name for sstate, though the
previous one does still appear to work. Update here to the one matching
the YP documentation.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Remove TF-A 2.11.0 Yocto recipe.
Remove patches that are now upstreamed in TF-A 2.12
Signed-off-by: Clément Faure <clement.faure@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Upgrade trusted-firmware-a to 2.12.1 for Corstone-1000
When GENERATE_COT is enabled, use the Yocto dependency cot-dt2c instead
of installing it with Poetry.
Signed-off-by: Clément Faure <clement.faure@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Backport patch to fix the following compilation issue:
| In file included from tftf/tests/runtime_services/realm_payload/host_realm_payload_simd_tests.c:21:
| tftf/tests/runtime_services/realm_payload/host_realm_simd_common.h:6: error: header guard 'HOST_REALM_COMMON_H' followed by '#define' of a different macro [-Werror=header-guard]
| 6 | #ifndef HOST_REALM_COMMON_H
| tftf/tests/runtime_services/realm_payload/host_realm_simd_common.h:7: note: 'HOST_REALM_COMMON_h' is defined here; did you mean 'HOST_REALM_COMMON_H'?
| 7 | #define HOST_REALM_COMMON_h
| In file included from tftf/tests/runtime_services/realm_payload/host_realm_simd_common.c:13:
| tftf/tests/runtime_services/realm_payload/host_realm_simd_common.h:6: error: header guard 'HOST_REALM_COMMON_H' followed by '#define' of a different macro [-Werror=header-guard]
| 6 | #ifndef HOST_REALM_COMMON_H
| tftf/tests/runtime_services/realm_payload/host_realm_simd_common.h:7: note: 'HOST_REALM_COMMON_h' is defined here; did you mean 'HOST_REALM_COMMON_H'?
| 7 | #define HOST_REALM_COMMON_h
| CC tftf/tests/runtime_services/secure_service/spm_test_helpers.c
| In file included from tftf/tests/runtime_services/realm_payload/host_realm_spm.c:20:
| tftf/tests/runtime_services/realm_payload/host_realm_simd_common.h:6: error: header guard 'HOST_REALM_COMMON_H' followed by '#define' of a different macro [-Werror=header-guard]
| 6 | #ifndef HOST_REALM_COMMON_H
| tftf/tests/runtime_services/realm_payload/host_realm_simd_common.h:7: note: 'HOST_REALM_COMMON_h' is defined here; did you mean 'HOST_REALM_COMMON_H'?
| 7 | #define HOST_REALM_COMMON_h
| cc1: all warnings being treated as errors
| make: *** [Makefile:605: workspace/corstone1000/build/tmp/work/cortexa35-poky-linux-musl/tf-a-tests/2.12.0/build/corstone1000/release/tftf/host_realm_simd_common.o] Error 1
| make: *** Waiting for unfinished jobs....
| cc1: all warnings being treated as errors
| make: *** [Makefile:605: workspace/corstone1000/build/tmp/work/cortexa35-poky-linux-musl/tf-a-tests/2.12.0/build/corstone1000/release/tftf/host_realm_spm.o] Error 1
| cc1: all warnings being treated as errors
| make: *** [Makefile:605: workspace/corstone1000/build/tmp/work/cortexa35-poky-linux-musl/tf-a-tests/2.12.0/build/corstone1000/release/tftf/host_realm_payload_simd_tests.o] Error 1
| make: Leaving directory 'workspace/corstone1000/build/tmp/work/cortexa35-poky-linux-musl/tf-a-tests/2.12.0/git'
Signed-off-by: Clément Faure <clement.faure@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add recipe for the latest version of TF-A, which needs a newer version
of mbedtls as well. The license checksum updated due to hob code being
imported from edk2, which is BSD 2 Clause, which is already in the
license field for the recipe.
Updating the git recipe to use the latest version, and keeping LTS
versions.
sgi575 was removed from 2.13.0. So, pointing that to 2.12
Signed-off-by: Jon Mason <jon.mason@arm.com>
Seeing the following warnings:
WARNING: /builds/jonmason00/meta-arm/work/build/../../meta-arm-bsp/conf/machine/include/corstone1000.inc:72 has a lack of whitespace around the assignment: 'SMMGW_AUTH_VAR="1"'
WARNING: /builds/jonmason00/meta-arm/work/build/../../meta-arm-bsp/conf/machine/include/corstone1000.inc:74 has a lack of whitespace around the assignment: 'SMMGW_INTERNAL_CRYPTO="1"'
Add the necessary white space to address the issue.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Seeing warnings of:
WARNING: /builds/jonmason00/meta-arm/work/build/../../meta-arm/recipes-security/trusted-services/libpsats_git.bb: /builds/jonmason00/meta-arm/work/build/../../meta-arm/recipes-security/trusted-services/libpsats_git.bb:8 has a lack of whitespace around the assignment: 'OECMAKE_SOURCEPATH="${S}/deployments/libpsats/${TS_ENV}"'
WARNING: /builds/jonmason00/meta-arm/work/build/../../meta-arm/recipes-security/trusted-services/ts-sp-logging_git.bb: /builds/jonmason00/meta-arm/work/build/../../meta-arm/recipes-security/trusted-services/ts-sp-logging_git.bb:8 has a lack of whitespace around the assignment: 'OECMAKE_SOURCEPATH="${S}/deployments/logging/config/${TS_SP_LOGGING_CONFIG}-${TS_ENV}"'
Clean-up the white space to address the issue.
Signed-off-by: Jon Mason <jon.mason@arm.com>
This switches CI back to using the master branches.
Currently there are two known failures:
- sbsa-ref
- perf on musl
This reverts commit e0c1f0f94a.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
We currently archive all of the task logs on every job, but this ends up
being between 2-10MB per job and our pipelines have ~100 jobs.
To save space and time, change the log collection to only happen if the
job fails, and explicitly expire them after a week.
This reverts meta-arm 60abe46, but in two years we've not really needed
successful logs, and they can be easily toggled back on if needed in a
branch.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Three commits had to be removed in order to make the inappropriate
capsule update implementation work with the new Trusted Services
version.
The "Make variable index usage robust with redundancy" commit needs to
be reverted because the FMP support only works if the
SMM_VARIABLE_INDEX_STORAGE_UID is 0x787.
The "Load and store UEFI variable index in chunks" commit needs to
be reverted because the optional create() and set_extended() APIs are
not supported for Corstone-1000.
The "Make constraints of NV UEFI variables persistent" commit needs to
be reverted because the FMP support is not compatible with these
changes.
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The patches needed rebasing to the latest Trusted Services version so
they can be applied cleanly.
Signed-off-by: Gyorgy Szing <gyorgy.szing@arm.com>
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The logging service provides an SPMC agonistic to create log messages.
The current version will simply dump the incoming log messages to a
setial line. Future versions could provide access to log messages from
the NWd, could encrypt the essages and perform more efficient when
logging large messages.
This change enables the logging SP on the fvp_base platform. All log
messages made by SPs after the boot phase will be sent to UART3.
Signed-off-by: Gyorgy Szing <gyorgy.szing@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Introduce a new machine feature called "arm-branch-protection". When set
TF-A, optee and Trusted Services SPs will be configured to enable PAC
and BTI. In addition the fvp-is configured to emulate arm-v8.5 and
PAC+BTI.
Signed-off-by: Gyorgy Szing <gyorgy.szing@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Bound Authenticated Variable configuration related settings to yocto
variables. The aim is easier configuration by hiding SmmGW build system
internals at the yocto recipe level.
For details please see documentation/trusted-services.md
Signed-off-by: Gyorgy Szing <gyorgy.szing@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
TS upstream introduced a new library which carries PSA clients. This
library is to be used by linux user-space applications interfacing to
PSA providers running in the SWd.
Modify dependee to use the new library.
Signed-off-by: Gyorgy Szing <gyorgy.szing@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Trusted Services introduced its own libc implementation and has no
dependency on newlib anymore. Remove TS specific newlib recipes and
patch files.
Signed-off-by: Gyorgy Szing <gyorgy.szing@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Bump the TS SHA to latest integration.
Set the version of TS dependencies as required.
Signed-off-by: Gyorgy Szing <gyorgy.szing@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
New version moved from integrated version of t_cose to upstream git
tree. Doing so necessitates adding a path to the build command, which
is only being done in the 2.2.0 src inc file to prevent any potential
issues with older versions that might be using the
trusted-firmware-m.inc file. t_cose is using BSD, so no need to modify
the recipe licenses.
Also, the 3.6.3 tagged SHA for mbedtls (specified in the 2.2 tf-m
source) is broken. It references an non-existent SHA for
mbedtls-framework, which is corrected in the mbedtls-3.6 branch 2
commits later. Using that corrected commit to work around that issue.
Keeping 2.1.1 around as it is the LTS.
Signed-off-by: Jon Mason <jon.mason@arm.com>
The TF-M was upgraded to v2.1.1 for the Corstone-1000. The TS had to be
aligned with it, to keep the Secure Enclave Proxy Secure Partition
compatible with TF-M.
Signed-off-by: Ali Can Ozaslan <ali.oezaslan@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Unfortunately, new gcc-15 nonstring attribute has just recently been
merged to clang and hasn't made into a release yet - will be part of
clang-21.
For now backport the commit making -Werror conditional and disabled
by default.
Signed-off-by: Denys Dmytriyenko <denys@konsulko.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The tfm_sign_image.bbclass was updated so now the used signing key is
passed by the caller. This is needed because there can be cases where
different images have to be signed with different keys.
If no key is passed to the script, then use a default one to keep the
backward compatibility.
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Related commit information is given below for reference.
[1/1] arm/classes: add support to configure fvp-bindir
commit: 42390742b1
Signed-off-by: Mohammed Javith Akthar M <mohammedjavitham@ami.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Seeing the warning:
lack of whitespace around the assignment: 'TS_ENV="sp"'
Add the spaces to address the issue
Signed-off-by: Jon Mason <jon.mason@arm.com>
Seeing the warning:
lack of whitespace around the assignment: 'TCLIBC="musl"'
Add spaces to address the issue
Signed-off-by: Jon Mason <jon.mason@arm.com>
Seeing the following warning:
WARNING: /builds/jonmason00/meta-arm/work/build/../../meta-arm-bsp/recipes-bsp/external-system/external-system_0.1.0.bb: /builds/jonmason00/meta-arm/work/build/../../meta-arm-bsp/recipes-bsp/external-system/external-system_0.1.0.bb:6 has a lack of whitespace around the assignment: 'INHIBIT_DEFAULT_DEPS="1"'
Adding spaces addresses the issue.
Signed-off-by: Jon Mason <jon.mason@arm.com>
`devtool check-upgrade-status` reports the new version as "20151030.",
which is the last tagged release. Given that there are a number of
commits since that tag and the tree doesn't appear to be using tagged
released, treat this as a git tree and check the updates appropriately.
Signed-off-by: Jon Mason <jon.mason@arm.com>
With the change to webpages for the FVPs, it is not possible to detect
new versions anymore. Add UPSTREAM_VERSION_UNKNOWN to avoid the
"UNKNOWN_BORKEN" when running `devtool check-upgrade-status`
Signed-off-by: Jon Mason <jon.mason@arm.com>
Currently, fvp-bindir is configured to use the build path. This commit
allows customization of this path by defining a new variable FVP_BINDIR
in fvpconf. This change enables the runfvp script to execute without
BitBake initialization.
Testing:
- Tested using OpenBMC FVP build.
- Defined FVP_BINDIR variable with a custom path in fvp-config.inc and
observed the changes after the build.
Before changes:
$ jq . ~/openbmc/build/fvp/tmp/deploy/images/fvp/obmc-phosphor-image-fvp.fvpconf | grep
fvp-bindir
"fvp-bindir": "/home/javith/build/openbmc/build/fvp/tmp/sysroots
-components/x86_64/fvp-base-a-aem-native/usr/bin",
After changes:
$ jq . ~/openbmc/build/fvp/tmp/deploy/images/fvp/obmc-phosphor-image-fvp.fvpconf | grep
fvp-bindir
"fvp-bindir": "utilities/fvp/usr/bin",
Signed-off-by: Mohammed Javith Akthar M <mohammedjavitham@ami.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
edk2 isn't booting on qemuarm64-secureboot, and hasn't for some time.
Also, it's not being tested as part of CI. Remove until it is working
again.
Signed-off-by: Jon Mason <jon.mason@arm.com>
