Patch related with the changes to support the in/out_vec modifications
in TF-M v1.7 was merged in upstream trusted-services integration branch.
So, drop this 3 out of tree patches not needed to be applied any more.
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
TF-A v2.8 does not support measured boot and FF-A which is mandatory for
PSA Initial Attestation SP to work correctly.
Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add information related to SPMC tests and fix stale links.
Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Remove already merged patches in trusted services integration
branch to avoid clash during apply patch stage and rebase the
remaining patches.
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Run the ffa_spmc test group of xtest if the optee-spmc-test machine
feature is enabled.
Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add ta-devkit and optee-test. Change configuration to enable building
and deploying OP-TEE SPMC tests.
Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com>
Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The ABI used by the arm-ffa-user driver to call into the SWd changed.
The change was driven by the MM over FF-A ABI implementation which is
used by SmmGW SP and uefi-test. uefi-test uses the same arm-ffa-user
driver as xtest hence xtest needs to be updated to use the new driver.
This xtest change is already merged up-stream but after v3.20, which is
used here.
This change adds backported xtest changes as carried patches.
Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This change:
- cherry-picks TF-A changes from master which implement passing
TOS_FW_CONFIG DTB from the FIP package to the trusted OS.
- add an OP-TEE SPMC specific SPMC manifest file
- configures TF-A to build the manifest, add it to the FIP package
and pass it to OP-TEE as a boot argument.
This functionality needs matching changes in OPTEE (OP-TEE v3.21
or v3.20 + carried patches.)
Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
OP-TEE SPMC v3.20 and TF-A v2.8 is incompatible on qemu, and OP-TEE
panics during boot because having an SPMC manifest passed to the SPMC is
mandatory since v3.20. TF-A and OP-TEE upstream already fixed this issue
by modifying the ABI between the SPMD and SPMC. Moreover qemu support in
TF-A has been extended to allow building an SPMC manifest DTS file, and
loading it from the FIP package.
This change adds the needed OP-TEE fixes as carried patches. The TF-A
change will be added in the next commit.
Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Split tests to groups, and enable groups based on machine features set.
This allows limiting tests to testing deployed SPs only.
Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
To enable up-to date version of Trusted Services op-tee v3.20 or newer
is needed.
Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This change updates to latest available version of Trusted Services.
List of changes:
- adapt SP recipes to file structure changes and support for
"configurations". In TS each SP can be built in various different
setups to allow adapting to platform and integration specific
differences.
- MbedTLS dependency has been updated to v3.3.0.
- This needs new python dependencies are required in the build
environment.
- psa-acs was updated to a matching version.
- do_patch() has been updated to support the MbedTLS patch added
in TS.
- Update TS dependency patching method to use git instead of patch.
- Downgrade nanopb to match up-stream dependency version.
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Issue when building the kernel on FVP (and probably all aarch64
platforms) with GCC 13 on the 6.1 kernel (and possibly others).
Backport the upstream fix.
Signed-off-by: Jon Mason <jon.mason@arm.com>
There are cases where a developer might want to enable things, like
debug-tweaks, which are useful in their testing but not something we
would want in a production environment. Create a file where these can
be added without affecting other things.
Signed-off-by: Jon Mason <jon.mason@arm.com>
virtual/arm-none-eabi-gcc-native is still at version 12 which
doesn't support it. poky comes with gcc 13 already.
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add musl testing to have qemuarm-secureboot match qemuarm64-secureboot.
Since the Arm GCC binary toolchain cannot work with musl, move that out
into it's own testing.
Signed-off-by: Jon Mason <jon.mason@arm.com>
debug-tweaks is useful in testing and internal usage, but is a massive
security hole (as it allow password-less root login). Remove the
default enablement on machine files and in kas base yml.
Signed-off-by: Jon Mason <jon.mason@arm.com>
It is only necessary to accept the FVP usage license when using FVPs.
So, move that to the fvp.yml file from the base.yml file to make things
a little cleaner.
Signed-off-by: Jon Mason <jon.mason@arm.com>
The fvp-base machine only has minimal patches, so should be good to
always track the latest release of u-boot.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Using absolute path in fvpconf will leak the host machine path.
This is a bit annoying when the builder and the runner doesn't use
the same filepath hierachy.
Switch to relative path instead of absolute.
Signed-off-by: Clément Péron <peron.clem@gmail.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
In Order to be able to have filepath relative to fvpconf, execute the
fvp process in the same working directory.
Signed-off-by: Clément Péron <peron.clem@gmail.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
At the moment the config is load and pass to FVPRunner.
Change the ownership to FVPRunner.
Signed-off-by: Clément Péron <peron.clem@gmail.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
We access the dictionnary element that doesn't exist.
Use the get() method instead that will default the element to None if it
doesn't exist.
Signed-off-by: Clément Péron <peron.clem@gmail.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
When running an FVP machine the model executable need to be found
in the PATH environement.
At the moment the script doesn't provide any PATH to the subprocess.
Add PATH to the allowed environement variable to be forwaded.
Signed-off-by: Clément Péron <peron.clem@gmail.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
It fixes and limits the partition size to fix capsule update feature
after the GPT changes.
The partitions in the second bank needs to have correct size and
the partitions in first bank should have a fixed size since corstone1000 does
not support partial update and has a limited flash to support variable size.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This patch aligns capsule update feature in tfm with GPT/BL1 changes.
Adjusts BL2 flash and data size and adds missing CRC checks.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Remove log messages, that would never show up, but clean that
mess. And fix the env script and config so that trigger the
load of kernel from reading the gpt.
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The signed kernel image for the android kernel and legacy u-boot is no
longer booting. Remove this to allow for it to work until it can be
fixed.
Signed-off-by: Jon Mason <jon.mason@arm.com>
N1SDP master has now updated to TF-A v2.8.0 so we should do the same.
Remove the SHA override for the N1SDP
Signed-off-by: Adam Johnston <adam.johnston@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Enabling new features on tfm for corstone1000 increases the number of
ITS and PS assets needed. This patch increases the number of PS and ITS
assets and fixes regression on psa-ps-api-tests.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Installing SMM Gateway SP on the N1SDP may stop the platform from booting
for on-device testing in CI.
In n1sdp.yml, remove `ts-smm-gateway` if it has been added
Keep `ts-smm-gateway` in default SP set so it can still be tested with
`qemu-secureboot`
Signed-off-by: Adam Johnston <adam.johnston@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Some platforms install .elf files, so put those into the -dbg package.
This means expanding the buildpaths QA exclusion.
Whilst here, expand the comments for the other INSANE_SKIP statements.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
We don't need to unset CFLAGS and LDFLAGS as the CMake file doesn't
respect them anyway.
Add CC to the unexport list for completeness, at least one of these is
needed for now as the build fails without the unexports.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Some machines use components from tf-m-extras, so fetch that too.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add tc1 ecosystem FVP and bits to enable in the tc1 machine config file
Also, do some hacks to speed things up.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Recent changes in upstream u-boot recipes for signed fitimages, have
caused the existing code to no longer boot. Add a newly required
variable to get it working again. Tested using tc1 FVP.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Adds OTP config to run the FVP with the new BL1 changes
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Integrates TF-M BL1 into corstone1000 platform. This needs a large
changeset since it changes how TF-M builds and packs the bl1 image.
It also adds changes to make the new BL1 compatible with GPT parser
changes. And finally it bumps to SHA to include necessary changes and fixes
on TFM master and removes already upstreamed GPT patches.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
TF-M has out-of-tree patches on external projects such as mbedtls and
qcbor. This needs to be applied in an orderly fashion to build TF-M and
other TF-M related binaries correctly.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
SCP-firmware may build components other than the SCP and MCP. Make the
MCP branch of the do_install task more generic to suport this.
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Rui Miguel Silva
Gyorgy Szing
Anton Antonov
Jon Mason
Mikko Rapeli
Ross Burton
Clément Péron
Emekcan Aras
Adam Johnston
Peter Hoyes