debug-tweaks is useful in testing and internal usage, but is a massive
security hole (as it allow password-less root login). Remove the
default enablement on machine files and in kas base yml.
Signed-off-by: Jon Mason <jon.mason@arm.com>
It is only necessary to accept the FVP usage license when using FVPs.
So, move that to the fvp.yml file from the base.yml file to make things
a little cleaner.
Signed-off-by: Jon Mason <jon.mason@arm.com>
The fvp-base machine only has minimal patches, so should be good to
always track the latest release of u-boot.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Using absolute path in fvpconf will leak the host machine path.
This is a bit annoying when the builder and the runner doesn't use
the same filepath hierachy.
Switch to relative path instead of absolute.
Signed-off-by: Clément Péron <peron.clem@gmail.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
In Order to be able to have filepath relative to fvpconf, execute the
fvp process in the same working directory.
Signed-off-by: Clément Péron <peron.clem@gmail.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
At the moment the config is load and pass to FVPRunner.
Change the ownership to FVPRunner.
Signed-off-by: Clément Péron <peron.clem@gmail.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
We access the dictionnary element that doesn't exist.
Use the get() method instead that will default the element to None if it
doesn't exist.
Signed-off-by: Clément Péron <peron.clem@gmail.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
When running an FVP machine the model executable need to be found
in the PATH environement.
At the moment the script doesn't provide any PATH to the subprocess.
Add PATH to the allowed environement variable to be forwaded.
Signed-off-by: Clément Péron <peron.clem@gmail.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
It fixes and limits the partition size to fix capsule update feature
after the GPT changes.
The partitions in the second bank needs to have correct size and
the partitions in first bank should have a fixed size since corstone1000 does
not support partial update and has a limited flash to support variable size.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This patch aligns capsule update feature in tfm with GPT/BL1 changes.
Adjusts BL2 flash and data size and adds missing CRC checks.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Remove log messages, that would never show up, but clean that
mess. And fix the env script and config so that trigger the
load of kernel from reading the gpt.
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The signed kernel image for the android kernel and legacy u-boot is no
longer booting. Remove this to allow for it to work until it can be
fixed.
Signed-off-by: Jon Mason <jon.mason@arm.com>
N1SDP master has now updated to TF-A v2.8.0 so we should do the same.
Remove the SHA override for the N1SDP
Signed-off-by: Adam Johnston <adam.johnston@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Enabling new features on tfm for corstone1000 increases the number of
ITS and PS assets needed. This patch increases the number of PS and ITS
assets and fixes regression on psa-ps-api-tests.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Installing SMM Gateway SP on the N1SDP may stop the platform from booting
for on-device testing in CI.
In n1sdp.yml, remove `ts-smm-gateway` if it has been added
Keep `ts-smm-gateway` in default SP set so it can still be tested with
`qemu-secureboot`
Signed-off-by: Adam Johnston <adam.johnston@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Some platforms install .elf files, so put those into the -dbg package.
This means expanding the buildpaths QA exclusion.
Whilst here, expand the comments for the other INSANE_SKIP statements.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
We don't need to unset CFLAGS and LDFLAGS as the CMake file doesn't
respect them anyway.
Add CC to the unexport list for completeness, at least one of these is
needed for now as the build fails without the unexports.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Some machines use components from tf-m-extras, so fetch that too.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add tc1 ecosystem FVP and bits to enable in the tc1 machine config file
Also, do some hacks to speed things up.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Recent changes in upstream u-boot recipes for signed fitimages, have
caused the existing code to no longer boot. Add a newly required
variable to get it working again. Tested using tc1 FVP.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Adds OTP config to run the FVP with the new BL1 changes
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Integrates TF-M BL1 into corstone1000 platform. This needs a large
changeset since it changes how TF-M builds and packs the bl1 image.
It also adds changes to make the new BL1 compatible with GPT parser
changes. And finally it bumps to SHA to include necessary changes and fixes
on TFM master and removes already upstreamed GPT patches.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
TF-M has out-of-tree patches on external projects such as mbedtls and
qcbor. This needs to be applied in an orderly fashion to build TF-M and
other TF-M related binaries correctly.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
SCP-firmware may build components other than the SCP and MCP. Make the
MCP branch of the do_install task more generic to suport this.
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The upstream official N1SDP software currently supports edk2-firmware
202211 version. This patch is to align N1SDP Yocto build with upstream
N1SDP software.
Signed-off-by: Xueliang Zhong <xueliang.zhong@arm.com>
optee-os-tadevkit is a variant of optee-os recipe to install TA devkit.
Even though it may not need local build patches, it re-uses SRC_URI and
FILESPATH from corresponding optee-os recipe. This was mistakenly added
in b061104c87.
Signed-off-by: Denys Dmytriyenko <denis@denix.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Our machines have moved to 2.11 so we can remove the 2.10 recipe.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Thanks to Xueliang Zhong for testing that this works on N1SDP.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The install task is subtly different as the ELF binaries are named .elf
now, instead of having no extension.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Now that we moved in corstone1000 to use a gpt and partitions for
the wic image and flash layout. Setup TF-m to set/get FWU and
Private metadata using the partition information (start and size)
stored in the gpt table instead of fixed flash offsets as before.
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
As optee-os for the N1SDP has been updated to 3.20 we need to do the
same for optee-os-tavdekit. Otherwise errors will be seen if/when
optee-os-tavdekit is built.
Signed-off-by: Adam Johnston <adam.johnston@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This config fragment was needed to get the dev kernel working. Since it
in now allowed to fail, it is no longer necessary (and doesn't appear to
be an issue).
Signed-off-by: Jon Mason <jon.mason@arm.com>
The dev kernel can frequently fail, and is not anything that is used in
production. Allow failure to prevent CI issues but still notify that
there are potential issues.
Signed-off-by: Jon Mason <jon.mason@arm.com>
This patch adds optee-os 3.20 support on N1SDP, the optee-os 3.20
bbappend file is also added.
Signed-off-by: Xueliang Zhong <xueliang.zhong@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
meta-clang's clang recipe has an irritating interaction with oe-core's
llvm recipe which can result in build warnings, which cause builds to
fail in our pedantic CI.
The current best known workaround is to simply mask out the llvm recipes
if clang is being used.
For more details, see https://github.com/kraj/meta-clang/pull/766.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Instead of a SCP_BUILD_RELEASE boolean, add CMAKE_BUILD_TYPE and default
to RelWithDebInfo which gives us release (optimised) builds with debug
symbols in the matching .elf files.
To ensure that buildpaths don't leak into the debug symbols, pass the
debug prefix maps via CFLAGS and ASMFLAGS.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The text relocations appear to have been fixed and this skip is no
longer needed.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
We want compile logs to be useful, so enable verbose logs to show what
commands are being invoked.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Jon Mason
Ross Burton
Clément Péron
Emekcan Aras
Rui Miguel Silva
Adam Johnston
Peter Hoyes
Xueliang Zhong
Denys Dmytriyenko