optee-ftpm tagged the 4.10 release, but had no functional changes (that
is, they tagged the same commit of 4.9.0 with 4.10.0). Update the
recipe name to match the latest version, and not have people think that
one package was held back.
Also, modify the version checking to be less incorrect
Signed-off-by: Jon Mason <jon.mason@arm.com>
The source tree is question is not tagged or branched with any version.
Update to the latest commit, change the recipe name to denote it is
'git' and not versioned, and fix the upgrade-status. Also, update the
git URL.
Signed-off-by: Jon Mason <jon.mason@arm.com>
The source tree is question is not tagged or branched with any version.
Update to the latest commit, change the recipe name to denote it is
'git' and not versioned, and fix the upgrade-status. Also, update the
git URL.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update the recipes to the newest release. Also, Arm Binary Toolchains
have moved to https://gitlab.arm.com/tooling/gnu-toolchains-for-arm
The new location has a new layout, which means the upstream version
check needs to change. Unfortunately, they are not using tags, but do
seem to use branch names like a tag. So, using that for the version
check.
Signed-off-by: Jon Mason <jon.mason@arm.com>
CI is seeing intermittent boot test timeout errors, where the FVP is
almost to shell but times out before getting there. To get around this,
lengthen the timeout to allow for more opportunity to complete
successfully.
By default, the timeout is 600 seconds. Increase this by 50% to 900.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update the Corstone-1000 A320 FVP CI matrix to run testimage jobs.
This enables testimage coverage for both the firmware-only and no-firmware
entries.
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update the Corstone-1000 with Cortex-A320 FVP recipe to use the
11.31.cs1000_a320_2 release from Arm Developer.
Switch the source URL to the new package layout, add the architecture-specific
download tokens, and update the x86_64 and aarch64 SHA256 checksums.
The new package extracts directly into the FVP install directory, so update the
install step and license paths accordingly.
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update the Corstone-1000 with Cortex-A320 changelog, release notes,
user guide, tests documentation and metadata for the 2026.05 release.
Add the new 2026.05 changelog entry for the Corstone-1000 with
Cortex-A320 specific updates and align the component version tables and
Yocto distribution component versions with the current release content.
Refresh the user guide and tests documentation to align with the
2026.05 release state, including release tag references, recipe version
references, report links
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update the Corstone-1000 changelog, release notes and user guide for
the 2026.05 wrynose release.
Add the new 2026.05 changelog entry and capture the main release work,
including the component upgrades, TF-M GPT and PSA FWU changes, and the
updated SSH-enabled build flow.
Refresh the component version tables and Yocto distribution component
versions in changelog for the new release.
Update the user guide to align with the 2026.05 release branch and
documentation state, including the Yocto release name, recipe version
references, release tag references, and related asset and report links.
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
u-boot v2026.04 changed to kbuild 6.1, which broke how ubootefi.var is
used. Apply patch from u-boot mailing list to address the issue.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update the recipes to 4.10.0 and update the git recipes to 4.10.0
Since corstone1000 is still using 4.9.0, move that to meta-arm-bsp
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update edk2-firmware to the latest release.
Of note, GCC5 make variable has been removed. Use the GCC make variable
instead. Also, these changes caused the need to modify the sbsa-acs
patches.
Signed-off-by: Jon Mason <jon.mason@arm.com>
The policy in meta-arm is to only have the latest version and the
latest LTS version. Remove all of the older LTS versions to comply with
this policy.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add support for the newest release of TF-A.
mnedtls was made a git submodule, and moved location. Given that this
will be the location going forward, I thought it best to change inc file
to point by default to the new location, and have the LTS versions to
point to the old location in their recipes.
Also, seeing some weird behavior with CPUs not coming on line in
sbsa-ref and qemuarm-secureboot. So, pinning those back to the LTS
until they can be sorted out.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Place psa-arch-tests under ${S}/ts-external/psatest and update the
recipe paths to match.
This keeps the external source layout aligned with trusted-services,
updates the Corstone-1000 patch locations, and lets devtool modify work
against the same psa-arch-tests tree that CMake and
apply_local_src_patches use.
Signed-off-by: Arthur Cassegrain <arthur.cassegrain@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add recipes for newest version of tf-m. Of note, mbedtls has been
removed in favor of the TF-PSA-Crypto library. This is having a cascade
into the other recipes, with a removal from the core inc file and add of
the individual lines to the specific versions.
TF-PSA-Crypto is Apache 2.0 licensed. So, no need to change the recipe
license field.
Signed-off-by: Jon Mason <jon.mason@arm.com>
In TF-M 2.3.0, Musca S1 was removed, but B1 is still present. In an
effort to keep coverage, swapping S1 and B1.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Warnings being always fatal is quite anti-social because sometimes there
are temporary warnings that we don't want to break the CI.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Set the default cache directory to be the build tree so we don't assume
anything about the runner environment by default.
After this change, runners that don't set CACHE_DIR will need to set it
explicltly in their variables.
Signed-off-by: Ross Burton <ross.burton@arm.com>
With the new GCC, we're seeing the following error:
| In file included from /builder/meta-arm/build/tmp/work/armv8-5a-poky-linux/ts-sp-smm-gateway/git/sources/ts/components/common/dlmalloc/malloc_wrapper.c:62:
| /builder/meta-arm/build/tmp/work/armv8-5a-poky-linux/ts-sp-smm-gateway/git/sources/ts/components/common/dlmalloc/malloc.c: In function 'add_segment':
| /builder/meta-arm/build/tmp/work/armv8-5a-poky-linux/ts-sp-smm-gateway/git/sources/ts/components/common/dlmalloc/malloc.c:4002:7: error: variable 'nfences' set but not used [-Werror=unused-but-set-variable=]
| 4002 | int nfences = 0;
| | ^~~~~~~
To workaround this issue, add "-Wno-error=unused-but-set-variable" to TARGET_CFLAGS
Signed-off-by: Jon Mason <jon.mason@arm.com>
New GCC is logging errors for unused-but-set-variable in
tftf/tests/runtime_services/standard_service/psci/api_tests/psci_stat/test_psci_stat.c
Workaround this by adding -Wno-unused-but-set-variable to the Makefile
Refer to https://github.com/TrustedFirmware-A/tf-a-tests/issues/4
For the upstream resolution, if/when that arrives.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add a separate Corstone-1000 Armv9-A Edge-AI documentation
set for the Cortex-A320 platform.
Populate the new documentation tree with the initial index,
user guide, software architecture, release notes, change log,
and supporting images.
Keep common Corstone-1000 material in the existing documentation
set and move A320-specific content into the new standalone
document set.
Signed-off-by: Michael Safwat <michael.safwat@arm.com>
Signed-off-by: Lisa Durbin <lisa.durbin@arm.com>
Signed-off-by: Alex Chapman <alex.chapman@arm.com>
Signed-off-by: Hugues KAMBA MPIANA <hugues.kambampiana@arm.com>
Add a --dry-run option to scripts/runfvp to print the constructed
FVP command line and exit without launching the model.
This is useful for checking parameters and reusing them with different
FVP binaries.
Signed-off-by: Michael Safwat <michael.safwat@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Some platforms (like Allwinner A64/sun50i_a64) have LTO enabled
in the Makefiles, which causes a linking error when using ld:
| [...]/aarch64-oe-linux/aarch64-oe-linux-ld: -f may not be used without -shared
Add an option to be able to indicate in the recipe if the plaform has LTO enabled,
and only pass LD to make in case LTO is disabled, otherwise let it use $CC (as set by the Makefile).
The option is disabled by default to keep the existing behavior.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
GenFv requires libuuid in the native sysroot.
Add util-linux-libuuid-native and pass required flags through to the
BaseTools makefiles. This can be missed on machines with libuuid
headers installed, as the build may find the host copy instead.
Signed-off-by: Alex Chapman <alex.chapman@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
${IMAGE_NAME} expands to a timestamped filename which gets written into
the .fvpconf. A mismatch occurs when do_image reruns (regenerating the
.fvpconf with a new timestamp) but do_image_wic hits sstate (leaving the
old .wic on disk), causing the FVP to fail at startup with:
Can't stat <image>-<timestamp>.wic! (error 2)
Use IMAGE_LINK_NAME instead, which is the stable symlink that always
points to the most recently built .wic.
Signed-off-by: Marek Bykowski <marek.bykowski@gmail.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Remove Cortex-A320-specific content from the base Corstone-1000
documentation.
Drop the A320-only sections, commands, notes, and subsystem image from
the shared Corstone-1000 software architecture and user guide now that
the platform is documented in its own standalone document set.
Signed-off-by: Michael Safwat <michael.safwat@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add CI coverage for the Corstone-1000 with Cortex-A320 FVP machine.
Build the Corstone-1000 with Cortex-A320 FVP with the firmware-only
configuration and run both `none` and `tftf`.
Also run `none` for the no-firmware build.
Signed-off-by: Alex Chapman <alex.chapman@arm.com>
Signed-off-by: Hugues KAMBA MPIANA <hugues.kambampiana@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add `corstone1000-a320-fvp` as a dedicated machine instead of enabling
the Cortex-A320 variant through a kas overlay on `corstone1000-fvp`.
Move the A320-specific machine features, overrides, FVP executable
selection, and Ethos-U85 configuration into the new machine
configuration. Keep the generic `corstone1000-fvp` machine focused on
the base FVP platform.
Update the A320 kas to use `corstone1000-a320-fvp` directly, and
allow pregenerated SSH host keys for the new virtual machine.
Signed-off-by: Alex Chapman <alex.chapman@arm.com>
Signed-off-by: Hugues KAMBA MPIANA <hugues.kambampiana@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add a shared Corstone-1000 kas configuration for building SSH-enabled
mass storage images across the supported Corstone-1000 machines.
Enable Dropbear SSH in the mass storage OS image, add pregenerated SSH
host keys for FVP builds, and document the SSH image build flow in the
user guides.
SSH support is too large for the flash OS image, so provide a dedicated
`core-image-minimal` kas configuration for SSH-enabled mass storage
images instead.
Signed-off-by: Alex Chapman <alex.chapman@arm.com>
Signed-off-by: Hugues KAMBA MPIANA <hugues.kambampiana@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Fix the Corstone-1000 with Cortex-A320 override for the
Trusted Firmware-A errata list.
The override was misspelled as
`ENABLE_CORTEX_A35_ERRATA:cortexta320` instead of
`ENABLE_CORTEX_A35_ERRATA:cortexa320`.
Rename the list to `ENABLE_CORTEX_A_ERRATA`, since it is shared by
the Cortex-A35 and Cortex-A320 variants.
Signed-off-by: Alex Chapman <alex.chapman@arm.com>
Signed-off-by: Hugues KAMBA MPIANA <hugues.kambampiana@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This series wires up Arm FF-A support for EFI runtime services by
factoring runtime-safe helpers into the FF-A bus, layer the EFI
variable TEE transport on top, and then rehome the helper exports
so there’s a single implementation shared between boot and
runtime paths. Corstone1000 enables the self-test command and
expands the runtime variable selftest so it exercises non-volatile
storage across reboots.
Key Changes
===========
- Add the FF-A runtime transport patch stack to the corstone1000
U-Boot recipe.
- Enable EFI runtime variable handling over FF-A and include the
bootefi selftests and sandbox FF-A runtime transport test.
- Increase the FIP partition sizes from 2MiB to 2.5MiB
and update TFA_FIP_RE_SIGN_BIN_SIZE from 0x00200000 to 0x00280000
to reflect the new allocation. The size of u-boot-EFI-2025.10-r0.bin
has increased from ~707KB to ~944KB following the FF-A/EFI runtime
related changes. As this binary is packaged within the FIP, the
overall signed FIP size has grown accordingly.
- Add a Yocto patch to increase the FIP partition size from
2MB to 2.5MB in the TF-M flash layout for Corstone-1000.
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
TF-M build system has introduced a ground-breaking change since v2.0.0.
Enable TF-M regression test build, following build instructions in TF-M
document [1].
Add the BUILD_REGRESSION_TESTS variable to enable regression test
builds. Individual regression test suites can be selected by
passing the appropriate TF-M CMake options through EXTRA_OECMAKE.
If regression test is enabled, build TF-M and tests from tf-m-tests
directory.
The build files for Normal World build will be installed.
[1]: https://trustedfirmware-m.readthedocs.io/en/latest/building/tests_build_instruction.html
Signed-off-by: David Hu <david.hu2@arm.com>
Signed-off-by: Gergely Kovacs <Gergely.Kovacs2@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
With the latest version of acpica (20260408), the following error is
being encountered in edk2 platforms for Arm SGI
| "iasl" -p/builder/meta-arm/build/tmp/work/rdn2-poky-linux/edk2-firmware/202602/build/Build/RdN2/DEBUG_GCC5/AARCH64/Platform/ARM/SgiPkg/AcpiTables/RdN2AcpiTables/OUTPUT/./SsdtEvents.aml /builder/meta-arm/build/tmp/work/rdn2-poky-linux/edk2-firmware/202602/build/Build/RdN2/DEBUG_GCC5/AARCH64/Platform/ARM/SgiPkg/AcpiTables/RdN2AcpiTables/OUTPUT/./SsdtEvents.iiii
| /builder/meta-arm/build/tmp/work/rdn2-poky-linux/edk2-firmware/202602/build/Build/RdN2/DEBUG_GCC5/AARCH64/Platform/ARM/SgiPkg/AcpiTables/RdN2AcpiTables/OUTPUT/./SsdtEvents.iiii 61: Printf ("GPIO0 Pin0 Toggled")
| Error 6010 - Internal compiler error ^ (Invalid parse opcode in OpcGenerateAmlOpcode)
Since this appears to be a debug message, and the relevant platforms are
a work in progress. Work around this issue by removing the printf.
Signed-off-by: Jon Mason <jon.mason@arm.com>
- Add `wic`` image manipulation requirement, `mtools`, to prerequisites
- switch the `kas` install step to a user-local virtual environment
removing `sudo` requirement
- Add `wic` install step
- replaced the mount/unmount acs_results and capsule staging steps
with non-`sudo` wic-based image manipulation.
- Adds guidance for using serial-console without `sudo`
- Standardise capsule transfer to the root of the BOOT partition
- Update docs to align with new non-`sudo` requirement for
`create_keys_and_sign.sh` interactive script.
These updates remove several unnecessary `sudo`` dependencies when
running OOB CS1K testing.
Signed-off-by: Jon Mason <jon.mason@arm.com>
- Use the correct `${WORKSPACE}` script path without the stray `./` prefix.
This avoids an invalid command path.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add a U-Boot patch to disable CONFIG_EFI_DEBUG_SUPPORT in the
Corstone1000 defconfigs.
EFI debug support is now enabled by default and changes the EFI memory
layout. On Corstone1000 this can cause a boot failure after
ExitBootServices(), reproduced on the Cortex-A320 FVP path with MTE
enabled.
Signed-off-by: Michael Safwat <michael.safwat@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update the Corstone1000 U-Boot patches to detect FVP platforms
by matching "fvp" in the device tree name instead of relying on
the exact arm/corstone1000-fvp string.
This fixes FVP-specific handling for Corstone1000 variants,
including capsule image selection and virtio setup.
Also restore CONFIG_BOARD_LATE_INIT in the Corstone1000
defconfigs, since the virtio probing runs from
board_late_init() and would otherwise never execute.
Signed-off-by: Michael Safwat <michael.safwat@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Uses the new GPT duplicate operation during a firmware update. This also
adds flash erase protections so that the operation is not too slow and
erasing flash multiple times redundantly.
Signed-off-by: Frazer Carsley <frazer.carsley@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
These patches add functionality to duplicate GPT partition entries. This
combines a "create-write" into a single step, letting the GPT library
handle it, useful for the Corstone1000 firmware update process.
Signed-off-by: Frazer Carsley <frazer.carsley@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
These patches backport bug fixes for the GPT library in TF-M.
Signed-off-by: Frazer Carsley <frazer.carsley@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Returning from the finally block at the end of the start_fvp() function
is discarding exceptions. Since start_fvp() is near to the top off the
call tree, this hides uncaught exceptions thrown by most of the code,
which makes detecting and debugging issues hard.
This is resolved by removing the return statement from the finally
block, allowing exceptions to propagate normally.
Signed-off-by: Gyorgy Szing <gyorgy.szing@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add support for Screen the GNU terminal multiplexer. The -t/--terminal
option now accepts "screen" as a terminal type. When selected, the tool
must be run from within an existing Screen session, and each FVP
terminal is opened in a new Screen window.
Signed-off-by: Gyorgy Szing <gyorgy.szing@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Improve usability by detecting which terminal types are available on the
system.
Extend the terminal abstraction to support checking whether a terminal
can be executed, and add basic validation for all terminal types. Update
the documentation to reflect the new behavior.
Signed-off-by: Gyorgy Szing <gyorgy.szing@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The initramfs for Corstone1000 is based on core-image-minimal, which has
GRUB included as a package. Corstone1000 uses U-Boot's efiloader to load
the initramfs and kernel and therefore does not require GRUB for boot.
Signed-off-by: Frazer Carsley <frazer.carsley@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Print an error message if the FVP binary cannot be found, instead of
failing silently.
Signed-off-by: Roger Knecht <roger.knecht@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
When --selected_components is not specified, the script should include
all components as documented in the help text. However, the current
implementation skips all components when the parameter is empty,
resulting in an error.
Fix the filtering logic to only apply when --selected_components is
explicitly provided with values.
Signed-off-by: Kevin Hao <kexin.hao@windriver.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Now that Xen has been removed, clean up the remaining references to
the meta-virtualization layer.
This was done as a separate commit to make reverting easier in the
future in case we need to add back meta-virtualization for some other
builds.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
We originally added Xen builds to our CI to exercise Xen on Arm. Now
that the Yocto autobuilder has jobs that test Xen on qemuarm/qemuarm64
we no longer need the builds in meta-arm as they don't provide any more
coverage.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Remove the user-guide warning and rebuild steps for the
disable_module_autoloading workaround on Corstone-1000 with Cortex-A320.
With the NPU reset issue fixed, this workaround is no longer
needed.
Signed-off-by: Michael Safwat <michael.safwat@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
- Derive host base addresses from offsets and add ext sys reset bitfields
- Deassert CPUWAIT with a bitmask
- Enable ext sys boot handling for Corstone1000 with Cortex-A320
- Add the new downstream TF‑M patches to the recipe
Signed-off-by: Michael Safwat <michael.safwat@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
- Replace `systemready-patch` with `iot-platform-assets` in the guide.
- Update the Corstone-1000 asset paths and U85 kas command examples.
Align the user guide with the renamed asset repository, avoiding
stale commands and broken paths.
Signed-off-by: Alex Chapman <alex.chapman@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
To workaround the CPU topology issue with edk2-firmware, we can specify
the number of processors being used, which seems to setup the CPU
topology mask correctly (and thus no errors). With this addressed, we
can use the latest edk2 firmware, which allows us to use the latest TF-A
version.
Signed-off-by: Jon Mason <jon.mason@arm.com>
rdv1 has been EOLed, and requires keeping around some recipes because
of its removal. Also, the FVP is x86 only, thus limiting CI.
Signed-off-by: Jon Mason <jon.mason@arm.com>
sgi575 has been EOLed, and requires keeping around some recipes because
of its removal. Also, the FVP is x86 only, thus limiting CI.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Some of the soon-to-be-added FVPs have the execute issue still. So,
re-add this until it can be resolved. Also, address S issue that
changed upstream between the original removal and now.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update the Corstone-1000 user guide to reflect the current Ethos-U85
test and workaround flow.
As the Corstone-1000 software stack moves to the in-tree ethosu
driver, switch the Ethos-U85 test instructions from delegate_runner to
Mesa's test_teflon application. Also update the guide to use the
renamed ethos-u85-test kas fragment and to apply the Mesa patch needed
to package test_teflon into the image.
Also replace the disable_module_autoloading kas fragment in the A320
workaround instructions with the disable-ethosu patch, to align with
the workaround flow used in systemready-patch.
Signed-off-by: Michael Safwat <michael.safwat@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Corstone-1000 with Cortex-A320 FVP now supports SMP, so update the
documentation to reflect the current status.
Update the user guide to state that SMP is supported on Corstone-1000 with
Cortex-A35 FVP and on Corstone-1000 with Cortex-A320 FVP.
Add the Cortex-A320 multicore build and run commands.
Signed-off-by: Michael Safwat <michael.safwat@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Corstone1000 with Cortex A320 now uses the in-tree ethosu driver, so the
external meta-ethos layer (and its meta-sca dependency) is no longer needed.
Remove meta-ethos and meta-sca from the Corstone-1000 A320 kas
config, drop the layer dependency on meta-ethos, and stop
installing arm-npu-ethosu. Update the Corstone-1000
change log to reflect the removed layers.
Signed-off-by: Michael Safwat <michael.safwat@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Align the Corstone1000 Ethos-U85 device tree to match the upstream
bindings used by the in-tree Ethos-U DRM accel driver.
- Rework the Corstone1000 U-Boot patch to replace the legacy arm,ethosu-direct
node with an upstream-style Ethos-U85 node (arm,ethos-u85), add the
required clocks/clock-names, and switch the SRAM description to
mmio-sram.
- Drop meta-ethos specific properties (reserved-memory/dma-ranges,
/region-cfgs/mem-config) from the U-Boot DT.
- Enable required kernel options for the in-tree driver and SRAM provider:
- CONFIG_SRAM
- CONFIG_DRM
- CONFIG_DRM_ACCEL
- CONFIG_DRM_ACCEL_ARM_ETHOSU
Signed-off-by: Michael Safwat <michael.safwat@arm.com>
Signed-off-by: Frazer Carsley <frazer.carsley@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
linux-yocto does not currently ship a 6.19 recipe, so add a
meta-arm-bsp linux-yocto_6.19.bb that tracks linux-yocto-dev v6.19/base.
Pin SRCREV_machine to fixed revision to keep builds reproducible.
Update Corstone-1000 to prefer linux-yocto 6.19 and align
the user guide pointers accordingly.
Signed-off-by: Michael Safwat <michael.safwat@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The U-Boot maintainers rejected the previous patch [1] for two primary
reasons:
1. The Cortex-A320 changes should be considered a separate platform
2. The NPU node bindings do not match those in the Linux kernel
The former is handled by this commit. The latter point has not been
resolved, hence marking the newly added patch as Inappropriate. This is
simply the first step in resolving the comments.
[1] https://lore.kernel.org/all/20251127154752.589691-1-frazer.carsley@arm.com
Signed-off-by: Frazer Carsley <frazer.carsley@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Rework the patch that enables the OF_UPSTREAM config option to split
off the extra device tree nodes into their own dtsi files, making it
easier to combine them in different ways. The rest of the patches have
changed only so that they can be applied cleanly.
Signed-off-by: Frazer Carsley <frazer.carsley@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Corstone1000 used to use its own implementation of a GPT parser for use
in a capsule update. The patches in this commit replace what exists with
the generic GPT library, as well as other minor self-explanatory fixes.
The wic file has undergone two changes as a result of this:
1. The partition type GUID of each of the four partitions that can be
updated by a capsule update must match the GUID of each capsule. This
allows for the existing partition to be matched with its updated
image. Different machines (e.g. MPS3 vs FVP) have different GUIDs for
these images hence the need for separate files.
2. The second bank has been removed from provisioning. Because the
library supports dynamic creation of partitions, the second bank no
longer needs to be provisioned at build time. However, a small
reserved partition is still created above the 32KiB mark to force
wic to size the disk as 64KiB and write this into the GPT header
for the library to read on initialisation.
Finally, the size of bl1_1 is reduced by one of the patches in this
commit, so this is also reflected in the recipe.
Signed-off-by: Frazer Carsley <frazer.carsley@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The patches added in this commit add a generic GPT library for use in
flash devices. Corstone1000 could use these to manage partitions during
a firmware update.
The patches are all backports from trusted-firmware-m (TF-M) main
branch and can be removed if Corstone1000 upgrades when the next version
of TF-M is released.
Signed-off-by: Frazer Carsley <frazer.carsley@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Split off the main portion of the SCP firmware recipe into an include
file and create a git versioned recipe. This allows for building and
testing the latest sources.
Signed-off-by: Jon Mason <jon.mason@arm.com>
New versions of the FVPs have been released. Update the recipes to use
them. License SHA changes caused by 3rd party software versions used
being modified and white space changes.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Massive layout changes inside the FVP tarball. The files are not
located in *_FVP anymore, including the license files, which were in 2
locations in previous releases. The tarball changed from
Linux64/Linux64_armv8l to Linux_x86/Linux_armv8. It hchanged extention
from tgz to tar.gz
Also, adding skip of dev-so, due to libstdc++.so and libsystemc.so being
symlinks and fvps being a binary.
NOTE: the license file changes are due to version bumps for sdl, ffmpeg,
libvpx, and python. The license changes in the managements utilities
was version changes in clang and golang, and removal of wxWidgets,
libstdc++-6.dll, libgcc_s_seh-1.dll, and libwinpthread-1.dll
Signed-off-by: Jon Mason <jon.mason@arm.com>
To improve portability, testing coverage, and future platform enablement.
- Replace FVP-only multicore checks with platform-generic checks.
- Add the corresponding TF-M patch to the Corstone-1000 recipe.
Signed-off-by: Alex Chapman <alex.chapman@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
To improve portability, testing coverage, and future platform enablement.
- Replace FVP-only multicore guards with platform-generic guards.
- Add the corresponding TF-A patch to the Corstone-1000 recipe.
Signed-off-by: Alex Chapman <alex.chapman@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
To improve portability, testing coverage, and future platform enablement.
- Gate multicore on `MACHINE_FEATURES += "corstone1000_smp"`.
- Change recipe overrides from `:corstone1000-fvp` to `:corstone1000`.
- Update the Corstone-1000 multicore kas/doc references.
Signed-off-by: Alex Chapman <alex.chapman@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The recipe previously only copied the Python BaseTools into the native
sysroot, which was sufficient for capsule signing but not for Firmware
Volume (FV) creation. Downstream recipes that build UEFI capsule
update images for embedded platforms need GenFfs and GenFv to assemble
FV images - a key component of the UEFI Capsule Update format used for
system firmware updates.
Add the brotli submodule source (build-time dependency of both tools),
build the C BaseTools (Common, BrotliCompress, GenFfs, GenFv) and
install the binaries into ${bindir} together with GenerateCapsule.py
and the Common Python library so that capsule-generating recipes can
consume them from the native sysroot.
Signed-off-by: Igor Opaniuk <igor.opaniuk@foundries.io>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The oe-core master branch just switched from whinlatter to wrynose[1] so
follow this change in our layers.
[1] oe-core cd1179544d7 ("layer.conf: Update to wrynose")
Signed-off-by: Ross Burton <ross.burton@arm.com>
Add the corstone1000 patch that inserts a compiler barrier before the
first HOST_AO_LOCK_BITS write in CC_LibInit().
On corstone1000-mps3 with GCC 15.x, TF-M can HardFault on that first
AO lock register update. Adding the barrier avoids the fault.
Signed-off-by: Michael Safwat <michael.safwat@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Compiles of edk2-firmware with GCC 15 on the host will fail:
main.c: In function ‘ProcessArgs’:
| main.c:163:42: error: too many arguments to function ‘p->process’; expected 0, have 2
| 163 | (*p->process)( *argv, *(argv+1) );
| | ~^~~~~~~~~~~~ ~~~~~
We actually already had the fix for this, but were doing SRC_URI +=
_before_ the include file did SRC_URI =, so the patch was never applied.
Move the require to the top of the recipe so this ordering problem does
not happen, and fix the line-endings in the patch that never got applied.
[ YOCTO #16116 ]
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
If the sstate is being mounted into the container then the hashserver
also needs to be shared, and not stored inside the build tree. Mark
BB_HASHSERVE as being set via an environment variable so the GitLab
runner environment can set the correct location.
This fixes a long-standing problem causing substandard reuse, which now
is detected and causes a warning in oe-core[1].
[1] oe-core 491de0db64a ("sanity.bbclass: warn when sstate is outside of
build dir, but hash equiv database is inside it")
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
When the binary toolchain support was removed[1] we no longer used this
variable, but a few instances of it was left behind.
[1] meta-arm 03af0c72f1 ("arm-toolchain: remove external-arm-toolchain")
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Do the changes necessary to get qemuarm64-secureboot to work with edk2
firmware, and add it to CI. The CI changes needed to make it dynamic
based on edk2.yml or u-boot.yml required moving the relevant parts into
inc files.
Signed-off-by: Jon Mason <jon.mason@arm.com>
edk2 has been broken on qemuarm64 for an unknown amount of time. Add it
to CI to prevent this from happening (until edk2 works on
qemuarm64-secureboot).
Signed-off-by: Jon Mason <jon.mason@arm.com>
Make the relevant correction for the following warning in qemu:
warning: short-form boolean option 'readonly' deprecated
Please use readonly=on instead
Signed-off-by: Jon Mason <jon.mason@arm.com>
The INSANE_SKIPs were not sufficient because the chrpath code used in
nativesdk builds still warns, so instead of hiding the warnings fix them
instead: remove the pointless RPATHs in the embedded Python libaries,
and delete the static libraries.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Change the layout to enhance readability and add TS fTPM related
information.
Signed-off-by: Gyorgy Szing <gyorgy.szing@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Enable execution of the tpm2-tools self-test against the Trusted
Services fTPM SP. The test is integrated into OEQA but is disabled by
default due to its long execution time (over three hours on fvp-base)
and inconsistent results. While individual tests pass when run in
isolation, running the full suite results in failures. Despite this,
it remains the most comprehensive verification currently available.
Testing can be enabled by setting the RUN_TPM2_TESTS variable.
Signed-off-by: Gabor Toth <gabor.toth2@arm.com>
Signed-off-by: Gyorgy Szing <gyorgy.szint@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Trusted Services has introduced a Firmware TPM (fTPM) secure partition.
This change enables building and deploying the fTPM SP through meta-arm.
The secure partition is based on the TPM2 reference implementation,
msp-tpm20-ref, which has been patched to use MbedTLS as its
crypto backend and psa-its for non-volatile storage.
Signed-off-by: Gabor Toth <gabor.toth2@arm.com>
Signed-off-by: Gyorgy Szing <gyorgy.szing@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The wheel includes the tests which are in a non-namespaced module, and
will then conflict with other recipes (such as python3-cryptography) that
also install non-namespaced tests.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Set FILESEXTRAPATHS so that artifacts that meta-arm injects can still be
found when using the include from a different layer.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add a CI test for the LTS versions of recipes currently supported.
Use fvp-base, since that provides good coverage and is being used for
the latest version testing.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update the TF-A recipes to the latest stables/LTS versions. Not all of
the versions updated the version of mbedtls being used (and even the
updates didn't update to the latest stable version of mbedtls). We're
using the mbedtls version specified in
docs/getting_started/prerequisites.rst, not the latest available.
Also, update the related fiptools and tf-a-tests (which don't map to the
same releases, but were all verified to be at the latest versions).
No real change in cot-dt2c code, but updating the SHA to the latest.
Signed-off-by: Jon Mason <jon.mason@arm.com>
quilt-native is required by do_apply_local_src_patches task.
Signed-off-by: Clement Faure <clement.faure@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
GCC 15 (and GCC 14, and probably others) are finding new problems in
trusted-firmware m, and these cannot simply be ignored (as they are
fatal build errors). Clear the ld security flags to get around those
issues, backport a couple of patches for fixes that have been addressed
upstream, and create a patch to work around some casting issues in
functions that are removed in newer versions of the code. This
refactoring caused some minor clean up of existing corstone1000 tfm
patches.
Also, use size based optimization for corstone1000. With this, the bl1
is too big to fit into flash. The correct way to solve this would be to
remove TFA_DEBUG, but that causes a rabbit hole of problems related to
heap being enabled or not. This works around the issue until it can be
resolved properly.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update edk2, edk2-platforms, and sbsa-acs to the latest versions/SHAs.
A bleeding edge patch from upstream is needed to correct a build race in
antlr, and the latest SHA for edk2-platforms is needed to work around
some compilation issues with ENABLE_TPM in fvp-base.
Signed-off-by: Jon Mason <jon.mason@arm.com>
A recent change to image dependencies in oe-core master[1] means that
TESTIMAGE_AUTO tries to test more images than before.
Explicitly reset TESTIMAGE_AUTO for core-image-initramfs-boot so that it
doesn't try to testimage an initramfs.
[1] oe-core b75c21fb950 ("image_types_wic.bbclass: add depend on initramfs")
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Clone all trusted-services dependencies into the TS source tree under
ts-external/ instead of ${UNPACKDIR}
This alignes the layout with devtool git-submodule handling.
NOTICE: we can't clone in external as TS already contains files there
and it would conflict.
Signed-off-by: Arthur Cassegrain <arthur.cassegrain@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update the corstone1000 variant to apply its psa-adac patches
against the new external/ directory.
Signed-off-by: Clement Faure <clement.faure@arm.com>
Signed-off-by: Arthur Cassegrain <arthur.cassegrain@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Clone all trusted-firmware-m dependencies into the tfm source
tree under external/ instead of ${UNPACKDIR}.
This aligns the layout with devtool git-submodule handling,
ensuring the recipe sees a consistent source tree at build time
and allowing dependencies to be patched via devtool in the same
way as the main tf-m repository.
(reworked to avoid use internal variables for checkout)
to clone tf-m dependencies use hardcoded path for reproductibility
and avoid using BB_GIT_DEFAULT_DESTSUFFIX which may depend on
yocto version.
Signed-off-by: Clement Faure <clement.faure@arm.com>
Signed-off-by: Arthur Cassegrain <arthur.cassegrain@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
We currently don't have coverage for trusted-firmware-m 2.1.x, which is
the LTS. Since musca-b1 and musca-s1 are essentially the same, use b1
for the LTS coverage.
Signed-off-by: Jon Mason <jon.mason@arm.com>
For some reason, sgi575 won't boot to shell with
core-image-full-cmdline, but it will with other images. Since we're
going to drop this machine soon (as it has been EOL'ed), modify the
image type for CI to core-image-base (As that one appears to boot
faster).
Signed-off-by: Jon Mason <jon.mason@arm.com>
* Set Linux kernel preferred version for Corstone-1000 to 6.18
* Update Corstone-1000 user guide.
* Recent kernel versions removed the deprecated CONFIG_LIBCRC32C
Kconfig symbol as part of the CRC library cleanup.
Replace CONFIG_LIBCRC32C with CONFIG_CRC32, which provides the
generic CRC32/CRC32C library support used by in-kernel consumers.
* The ext3 driver was removed historically and ext4 carries
compatibility for ext3 on-disk format.
* Amend External System patch to adhere to Kernel v6.18 RemoteProc
API.
* Add #address-cells and #size-cells parameters to ethosu dts node
No functional change intended.
Signed-off-by: Hugues KAMBA MPIANA <hugues.kambampiana@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
meta-arm-systemready was intended to allow people writing BSPs to run
the SystemReady Architecture Compliance Suite[1] within the Yocto build
environment. However, whilst this seems like a good idea, there are
several problems:
- This layer only supports the IR band and v2 of the ACS. The ACS is now
at v3 and the bands altered, so there is no value in running obsolete
tests.
- Execution of the tests takes a long time, we have integration to run
the tests on a virtual fvp-base machine but execution takes many tens
of hours (our CI times out after 12, on a high-performance worker).
Running the tests in CI, and in particular inside BitBake, isn't
obviously the right thing to do.
- Execution on the tests on real hardware is not trivial, as testimage
has virtual targets as a primary usecase. It is unclear if anyone has
managed to use this layer on physical hardware.
Because of these issues, remove the layer. There are better integration
points for automated ACS testing, and this integration is obsolete.
[1] https://github.com/ARM-software/arm-systemready
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The downloads page for FVPs is broken down into sub-pages for each
"Ecosystem". Organize this file to match that. Also, rename fvp-v3-r1
to "rd" to make more obvious what this refers to.
Signed-off-by: Jon Mason <jon.mason@arm.com>
The corstone1000-a320 FVP is a unique download and should be treated as
such in our CI. Split the relevant parts off, add it to the fvps.yml
file, workaround the staticdev and useless-rpath errors that were
present in the FVP tarball, and the correct depends in the machine
config file.
Also, add this machine to the CI so that any issues can be found with
this unique configuration.
Signed-off-by: Jon Mason <jon.mason@arm.com>
This patch ignores the built-in FVP UART name when setting the terminal
names on tmux.
The rationale is that appending FVP UART name takes a lot of space
making it unusable on complex platforms with many terminals.
Signed-off-by: Filipe Rinaldi <filipe.rinaldi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The removed patch file breaks the U-Boot efi_selftest utility and has
been denied by upstream in any event. All subsequent patches renumbered.
Signed-off-by: Frazer Carsley <frazer.carsley@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
All patches have been rebased onto the v2025.10 release branch, with the
changes primarily being updating of offsets and surrounding code in each
hunk.
One minor change between v2024.04 and v2025.10 is that a
CONFIG_BOARD_INIT option was added and must be enabled in order to link
in the `board_init()` symbol. As such, the firmware update patch adding
`board_init()` has been modified to enable this option as well.
The patch that enabled OF_UPSTREAM has been modified slightly in order
to incorporate upstream changes between versions: the SMP changes to the
Corstone1000 FVP device tree were incorporated into the Linux kernel so
are no longer needed in the U-Boot specific device tree. As such, the
patch adding A320 support adds these CPU nodes in order to override them
where appropriate.
In the process, signatures are removed from each patch.
Beyond this, the directory in which U-Boot searches for the EFI capsule
CRT file changed from object tree to source tree, so the recipe is
updated to reflect that.
Signed-off-by: Frazer Carsley <frazer.carsley@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This fixes a build error due to:
patching file Makefile
Hunk #1 FAILED at 12.
1 out of 1 hunk FAILED -- rejects in file Makefile
Patch 0001-Makefile-Avoid-variable-override.patch can be reverse-applied
Signed-off-by: Jan Luebbe <jlu@pengutronix.de>
Signed-off-by: Jon Mason <jon.mason@arm.com>
We have a newer gcc-arm-none-eabi now, so this can be removed.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Make changes across U-Boot, and OP-TEE OS to swap
the GIC-600 for GIC-700 as the latest version of the FVP
swaps the GIC.
Signed-off-by: Hugues KAMBA MPIANA <hugues.kambampiana@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Bump Corstone-1000 machine OP-TEE version from 4.7.0
to version 4.9.0.
Signed-off-by: Hugues KAMBA MPIANA <hugues.kambampiana@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update Corstone-1000 documentation to reflect 2026 copyright and
current supported host environment.
Signed-off-by: Michael Safwat <michael.safwat@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
TF-A has a number for variables to control how host binaries are built:
- Our BUILD_CC is HOSTCC; this is set in the recipes
- Our BUILD_CFLAGS is HOSTCCFLAGS; this is not set
- Our BUILD_LDFLAGS has no corresponding variable
However when uninative is enabled we really need to pass BUILD_LDFLAGS
as otherwise there can be link problems:
ld: libcrypto.so: undefined reference to `__isoc23_strtol@GLIBC_2.38'
Patch into the TF-A makefiles support for HOSTLDFLAGS and ensure that we
set all three of the relevant BUILD_ variables.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2 of the fvp-base specific u-boot patches were merged in the 2026.01
release. Remove those, as they are no longer necessary.
Signed-off-by: Jon Mason <jon.mason@arm.com>
The kernel upgrades are now in oe-core, so we can drop this workaround.
This reverts commit 341a0fd976.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The linux-yocto kernel has strict configuration warnings enabled and this
often causes warning, for example with 6.18.3:
[INFO]: the following symbols were not found in the active configuration:
- CONFIG_SND_SOC_ROCKCHIP
- CONFIG_SLIM_QCOM_CTRL
For these machines we're using the upstream defconfig and not a config
file that we're maintaining, so fixing these problems upstream is slower
than one would like.
As we don't maintain the config, we can disable the checker for these
two machines. This is _not_ precedence for disabling the audit for any
machines where we're not simply using the upstream defconfig without any
changes.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The path changed when the trusted-firmware-m recipe began to inherit
firmware.bbclass.
Signed-off-by: Frazer Carsley <frazer.carsley@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The paths for these files has changed due to the change to the
trusted-firmware-m recipe now using the custom firmware.bbclass.
Signed-off-by: Frazer Carsley <frazer.carsley@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
For builds using multiconfig, all of the firmware binaries listed were
being placed in the ${DEPLOYDIR} directly without preserving their
directory hierarchy. This meant that paths to firmware binaries relative
to the ${DEPLOYDIR} differed between builds depending on whether
multiconfig was enabled or not.
Signed-off-by: Frazer Carsley <frazer.carsley@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update edk2-firmware and edk2-basetools to the 202511 stable release.
Patches from upstream were needed to get it compiling with clang.
edk2 dropped support for 32bit arm and x86, see
https://edk2.groups.io/g/devel/topic/rfc_remove_ovmf_ia32_and/114152215
Therefore, we're dropping qemuarm edk2 testing and relevant bits
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add support for v2.14.0, and update corstone1000 config and patches to
use it. TF-A seems to have changed their poetry settings from POETRY to
host-poetry (when specifying an alternative location/disabling). So, it
is necessary to modify that for all platforms using COT and v2.14.0
NOTE: sbsa-ref is having issues with fip.bin being too large. So, set
the version to the LTS until that is resolved.
Signed-off-by: Jon Mason <jon.mason@arm.com>
In master, xen images fail to build as the xt-masquerade module is not
built by the kernel. This has been fixed in the linux-yocto 6.18.3
upgrade but that is not yet merged.
Until it is merged, we can temporarily update the kmeta in our CI.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Allow TF-M v2.2.2 to boot with Secure Debug enabled on Corstone-1000 and
align the driver implementation with the current psa-adac library.
- Add missing DRBG macros to fix the
"Failed to generate challenge!" error during Secure Debug.
- Fix an unintended platform reset occurring immediately after setting
the debug enable bits in the dcu_en register while in SE LCS.
Signed-off-by: Devaraj Ranganna <devaraj.ranganna@arm.com>
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The PCI subsystem with 6.18 is now warning on boot:
PCI: OF: of_root node is NULL, cannot create PCI host bridge node
Until this can be root-caused, ignore it.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
With kernel 6.18 the kernel will now warn if it tries to run a command
from a ramdisk but it cannot be found[1]. This happens with the
qemuarm64-secureboot machine (but not qemuarm64) because u-boot appears
to be populating the devicetree with a ramdisk entry:
loading kernel to address 40400000 size 1702a00
1 qfw ready qfw 0 qfw
** Booting bootflow 'qfw' with qfw
## Flattened Device Tree blob at 7e659890
Booting using the fdt blob at 0x7e659890
Working FDT set to 7e659890
Loading Ramdisk to 7bcfd000, end 7d3ffa00 ... OK
Loading Device Tree to 000000007d621000, end 000000007d626534 ... OK
Working FDT set to 7d621000
Starting kernel ...
The kernel tries to mount and boot this ramdisk but fails because it
isn't a valid initrd or initramfs. The boot continues as usual, but this
warning in the logs triggers parselogs.
Until the boot flow is properly resolved, ignore the message.
[1] linux 98aa4d5d242d ("init/main.c: add warning when file specified in rdinit is inaccessible")
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The TF-A can install files with dtb extension. This is not handled in
the firmware.bbclass so append it here.
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Replace inherit deploy with firmware.
Initialize TFM_DEBUG using the FIRMWARE_DEBUG_BUILD variable. Initialize
TFM_PLATFORM with FIRMWARE_PLATFORM.
Refactor do_install to use ${FIRMWARE_DIR} and remove now redundant
configuration.
Refactor corstone1000 config files to use ${FIRMWARE_DIR} and the
base do_install.
Signed-off-by: Peter Hoyes <peter.hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Replace inherit deploy with firmware.
Initialize SCP_DEBUG using the FIRMWARE_DEBUG_BUILD variable. Initialize
SCP_PLATFORM using the FIRMWARE_PLATFORM variable.
Refactor do_install to use ${FIRMWARE_DIR} and remove now redundant
configuration.
Signed-off-by: Peter Hoyes <peter.hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Replace inherit deploy with firmware.
Initialize TFA_DEBUG using the FIRMWARE_DEBUG_BUILD variable. Initialize
TFA_PLATFORM with FIRMWARE_PLATFORM.
Refactor do_install to use ${FIRMWARE_DIR} and remove now redundant
configuration. Drop the redundant ${TFA_PLATFORM} suffixes.
Update BSP conf files to use the new deploy location, including
symlinking back to ${DEPLOYDIR} where necessary.
Signed-off-by: Peter Hoyes <peter.hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
There are now a handful of firmware component recipes in meta-arm, each
of which does its own (slightly different) deployment handling.
Introduce a bbclass to standardize this, with the aim of cleaning up the
DEPLOY_DIR_IMAGE. Crucially, each firmware component deploys into a
${PN} subdirectory of DEPLOY_DIR_IMAGE. This has a few advantages:
* Many Arm components have the same or similar binary names (BL1, BL2
etc). This ensures unique naming and avoids confusion.
* Recipes can afford to be less picky about which binaries are deployed.
This simplifies component recipes.
* It is easier to deploy debug symbols in a common way to an expected
location.
* It keeps the DEPLOY_DIR_IMAGE clean in the face of ever-increasing
firmware complexity.
The bbclass also provides a FIRMWARE_DEBUG_BUILD variable to control the
build type of the firmware in one place, defaulting to the global
DEBUG_BUILD. This should allow BSPs in meta-arm-bsp to more easily
provide a release build by default (by providing an easy switch for
development purposes when needed).
Signed-off-by: Peter Hoyes <peter.hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
There are times where we need to produce multiple versions of the
trusted-firmed binaries in a given build, but the names for the binaries
are hard-coded in the Makefile and do_install().
This patch adds a new variable, TFA_INSTALL_SUFFIX, that is added to
do_install() that can uniquely name the resulting binaries. By default,
the suffix is empty so that default behavior is not changed.
Signed-off-by: Ryan Eatmon <reatmon@ti.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
When the git version of this recipe was created, the application of local
patches was left out.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update TF-M to the latest hotfix release and rebase the Corstone1000
patches, and drop
0008-Platform-Corstone1000-Increase-BL1-size-and-align-bi.patch
0009-Platform-CS1K-Adapt-ADAC-enabled-build-to-the-new-BL.patch
as they are in the TF-Mv2.2.2 release
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add git recipe versions that track the latest git versions of u-boot and
the various OP-TEE recipes. This, in combination with the previously
existing trusted firmware a and m recipes, allows for using the latest
code in platform development and testing (as part of CI).
For CI usage, a KAS yml file has been created to allow for those recipes
to be used, and an entry for fvp-base has been added to the gitlab CI
yml file.
NOTE: the wildcard for corstone1000 u-boot PREFERRED_VERSION was causing
it to pick-up the newest version (and failing to apply the patches).
The wildcard is unnecessary, since it is using a layer supplied package.
So, remove it and everyone is happy.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update the TF-A git recipe to the latest tag. The license SHA needed to
be updated due to adding of some memmap sources from mbed, which are
under the Apache 2.0 license, which is already present in the inc file.
Signed-off-by: Jon Mason <jon.mason@arm.com>
u-boot has accepted some of the fvp-base patches. Take the upstream
versions and rebase the third patch to apply.
Signed-off-by: Jon Mason <jon.mason@arm.com>
- Document Corstone‑1000 platform architecture based on the Cortex‑A320 core
- Add test specification and guide for Corstone‑1000 with Cortex‑A320
Signed-off-by: Hugues KAMBA MPIANA <hugues.kambampiana@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update Corstone-1000 U-Boot device tree for the Cortex-A320 variant
and enable GICv3/GIC-600, while keeping compatibility with the
existing GIC-400 setup. A single DT image now supports either
configuration via Kconfig guards.
**Device-tree updates (Cortex-A320)**
* Map Ethos-U85 NPU registers at `0x1A050000` (16 KiB) and its SRAM at
`0x02400000` (2 MiB, no-map), plus a 32 MiB DDR carve-out for DMA.
* Add `/ethosu@1a050000` with interrupts, `dma-ranges`, `cs-region`,
and `ethosu-mem-config` for driver probe.
* Guard the NPU node behind `CONFIG_ETHOS_U85`.
* Add a Cortex-A320 compatible string to the Corstone-1000 DTS
downstream.
**GICv3/GIC-600 selection**
* Introduce `CONFIG_GIC_V3` to select the new interrupt controller.
* Add a full GICv3/GIC-600 node guarded by `#ifdef CONFIG_GIC_V3`.
* When GICv3 is enabled, set `cpu@1..3` `reg` to `0x100/0x200/0x300`
(retain `0x1/0x2/0x3` for GIC-400).
* Update the Ethos-U85 interrupt to **SPI 16** to match the interrupt
map.
Signed-off-by: Frazer Carsley <frazer.carsley@arm.com>
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Enable Trusted Firmware-A for Corstone-1000 platforms with Cortex-A320 and
switch the interrupt controller from GICv2/GIC-400 to GICv3/GIC-600.
**Platform/feature enablement**
* Map Ethos-U85 NPU registers (`0x1A050000`, 16 KiB) and its SRAM region
(`0x02400000`, 4 MiB) into Normal World
(`MT_DEVICE | MT_RW | MT_NS` / `MT_MEMORY | MT_RW | MT_NS`).
* Force Cortex-A320 feature selection: enable Armv9 features, disable
Cortex-A35 errata, and select the `cortexa320` override in
`trusted-firmware-a-corstone1000.inc`.
* Build TF-A-Tests with `CORSTONE1000_CORTEX_A320=1` to skip non-applicable
FF-A, PSCI, and CPU-extension tests on Cortex-A320.
**GICv3/GIC-600 transition (A320 builds)**
* Update `plat_my_core_pos()` and `plat_arm_calc_core_pos()` to compute the
linear core position using the Cortex-A320 MPIDR_EL1 affinity layout.
* Add an A320-specific core-position routine in assembly, guarded by
`CORSTONE1000_CORTEX_A320`.
* Switch to the GICv3 driver with GIC-600 extensions:
* Update platform GIC base addresses to the GIC-600 layout.
* Use GICv3 APIs; set `USE_GIC_DRIVER=3`, `GICV3_SUPPORT_GIC600=1`,
and `GIC_ENABLE_V4_EXTN=1`.
* Keep conditional GIC versioning so Cortex-A35 continues to use GICv2/GIC-400.
These changes ensure correct GIC configuration and reliable secondary-core
bring-up on Cortex-A320 while preserving existing Cortex-A35 behavior.
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
Signed-off-by: Frazer Carsley <frazer.carsley@arm.com>
Signed-off-by: Michael Safwat <michael.safwat@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Enable full Corstone‑1000 Cortex‑A320 DSU‑120T platform support in TF‑M:
- Reserve a 4 MiB Host SRAM region at 0x0240_0000 for the
Cortex‑A320 normal world and open it in the CVM firewall
(region 2), gated by `CORSTONE1000_CORTEX_A320``.
- Introduce a DSU‑120T Power-Policy Unit driver plus a
`CORSTONE1000_DSU_120T` CMake option to power on the Cortex‑A320
host cluster with proper secure-enclave firewall and memory-map
setup.
- Add a CMake platform define that auto‑activates when the
`cortexa320` machine feature is present, injecting
DSU‑120T‑specific compile definitions.
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update the OP-TEE OS build logic to detect `MACHINE_FEATURES` and
append the appropriate `arm64-platform-cpuarch` value to
`EXTRA_OEMAKE`, instead of hard-coding `cortex-a35`.
This change ensures that when `MACHINE_FEATURES` includes
`cortexa320`, the OP-TEE build receives the matching `core-arch` flag,
while maintaining `cortex-a35` as the default.
The new Corstone-1000 variant with Cortex-A320 replaces the original
GIC-400 (v2) interrupt controller with a GIC-600, which is
architecturally compliant with GICv3. Since OP-TEE already provides
a generic GICv3 driver, only minimal platform changes are needed
to expose the updated register map and initialize the GICv3 interface.
Signed-off-by: Hugues KAMBA MPIANA <hugues.kambampiana@arm.com>
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Enable the Corstone‑1000 Cortex‑A320 variant by:
- Introduce `machine/include/corstone1000-a320.inc` to configure the
default Ethos‑U MAC count when `cortexa320` is in MACHINE_FEATURES,
and allow override via `ETHOSU_NUM_MACS`.
- Add a KAS profile at `kas/corstone1000-a320.yml` for Cortex‑A320
FVP-based builds.
- Extend corstone1000.inc to detect MACHINE_FEATURES (cortexa320) and
pull in the matching tune-<core>.inc (default still Cortex-A35).
- Add the `meta-ethos` layer as a dependency of `meta-arm-bsp` for
Cortex‑A320 builds and define a new KMachine override to pull in
the Ethos‑U driver recipe.
- In `conf/machine/corstone1000-fvp.conf`, inspect `MACHINE_FEATURES`
and set `FVP_EXE` to `FVP_Corstone-1000_with_Cortex-A320` when
`cortexa320` is enabled, otherwise fall back to `FVP_Corstone-1000`.
- In `recipes-devtools/fvp/fvp-corstone1000.bb`, add a
`SRC_URI:cortexa320` entry (with checksums) for the Cortex‑A320 FVP
build archive.
- Disable the rootfs CPIO file compression so it is not compressed
twice when bundled with the kernel
Signed-off-by: Michael Safwat <michael.safwat@arm.com>
Signed-off-by: Frazer Carsley <frazer.carsley@arm.com>
Signed-off-by: Hugues KAMBA MPIANA <hugues.kambampiana@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
When a recipe uses the externalsrc class, the do_patch task is
skipped entirely as specified in SRCTREECOVEREDTASKS.
Since do_apply_local_src_patches function is registered as a postfuncs,
it would never run in that specific case.
This cause recipes relying on do_apply_local_src_patches to miss the
local source patching when built from external source tree.
To address the issue, schedule a new task after the do_patch and before
the do_configure, ensuring the local patching executes regardless of
whether do_patch was skipped by externalsrc.
Signed-off-by: Clement Faure <clement.faure@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Whilst TF-M 2.1.1 doesn't use this, setting the variable doesn't have
any negative effects and consolidates the external module assignments.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
We now use Ninja to build TF-M[1], so setting CMAKE_VERBOSE_MAKEFILES
doesn't do anything.
We have arm-none-eabi-gcc 13.3[2], so there's no need to remove options
that <13 don't support.
[1] meta-arm 018fd6aecf ("arm/trusted-firmware-m: use Ninja to build")
[2] meta-arm f646ee4507 ("arm-toolchain: update to 13.3")
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
As the Poky layer will no longer be updated following
the integration of `bitbake-setup`, developers are advised to
use a combination of the `bitbake` and `openembedded-core`
layers instead of the `poky` layer.
Note that the `poky` layer is a combination of these two
layers glued into a single repository for convenience.
Signed-off-by: Hugues KAMBA MPIANA <hugues.kambampiana@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
We don't run or package the tests, so there's no point to building them.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
We depend on native tools to provide these binaries, so we can delete
them to ensure that our tools are always used and never the prebuilt.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Split configure/compile and invoke ninja directly so that we can
control parallelisation.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
GICC registers are not defined for GICv3. Trusted-Firmware-A throws error when
GICC register address is not defined even for GICv3. Adding patch
to handle this in Trusted-Firmware-A.
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
ARMmbed/mbedtls is the old name and redirects to Mbed-TLS/mbedtls, use
the correct name to avoid the redirection.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
- Introduce new file `corstone1000-extsys.inc` to define variables related
to the external system.
- Ensure this file is included only when MACHINE_FEATURES do contain
corstone1000-extsys.
This change makes external system configuration modular and only applied
when explicitly enabled through machine features.
Signed-off-by: Michael Safwat <michael.safwat@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The image wasn’t autoloading kernel modules even though
`KERNEL_MODULE_AUTOLOAD` populated `/etc/modules-load.d/`. In this
configuration `/etc/init.d/rcS` only executes runlevel scripts from
`/etc/rcS.d` (and `/etc/rc5.d`), and `modutils.sh` was also missing.
This change:
* Includes the loader by adding `modutils-initscripts` to
`CORE_IMAGE_EXTRA_INSTALL`.
* Enables SysV init by appending `sysvinit` to `DISTRO_FEATURES`,
ensuring the `S*` start links in `/etc/rcS.d` (and `/etc/rc5.d`)
call `/etc/init.d/modutils.sh start` during boot.
**Result:** entries in `/etc/modules-load.d/*.conf` now load
automatically at boot.
**Verification**
* Before: `lsmod` empty after boot; manual `modprobe` needed.
* After: `lsmod` shows target modules; `dmesg` contains module init logs.
Signed-off-by: Hugues KAMBA MPIANA <hugues.kambampiana@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Switch the *reserved-memory* node from two-cell (64-bit) encoding to
one-cell (32-bit) encoding and adjust the `reg` property accordingly
to make reserved-memory node format compatible with rest of the dts.
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The Fedora 39 artifacts have been moved to an /archive/ directory, so
update the SRC_URI to match.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
git.trustedfirmware.org is an alias for review.trustedfirmware.org. We
moved the main recipe to use review.trustedfirmware.org last year[1]
but not all other recipes that fetch the source followed, which means
that we have to fetch TF-A multiple times.
This commit ensures that all the recipes are using the same SRC_URI, so
we just fetch TF-A once.
[1] a6a4952e ("arm/trusted-firmware-a: use correct git URL")
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
tfm_sign_image.bbclass hard codes the image security counter, which is
generated from the image version x.y.z.
The generated image security counter value is huge if x or y > 0.
Platform security counter store may not support such a huge counter
value.
Introduce a variable RE_WRAPPER_SECURITY_COUNTER to enable platforms to
specify the actual image security counter.
Signed-off-by: David Hu <david.hu2@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This job takes a few minutes and isn't useful unless it's being ran for
master, or is being actively worked on.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Reduce the number of tests being run in CI to reduce the amount of time
it takes to complete, while providing the same code coverage. Internal
CI runs went from 2.5h to 1.5h.
Signed-off-by: Jon Mason <jon.mason@arm.com>
It turns out that the base SRCREV for trusted-services is a tag name,
which meant it was hitting the network on every build. Use the SHA
instead.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The SMAIL_GPL license in oe-core was renamed SMAIL-GPL to match SPDX.
Update the recipe to match this.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This bbappend was _appending_ to FILESEXTRAPATHS but putting the colon
separator _after_, so it actually constructed an invalid path.
Change the assignment to be prepend, so the separator is in the right
place.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
trusted-firmware a has a compile error when building with clang. Since
this platform is EOL'ed and we're not currently building this platform
with clang in CI, the best option is to force GCC for it.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Hopefully this issue can be fixed in a newer release. Move the
toolchain forcing to the versioned so that it can be tracked easier.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Now that clang is in core, we don't need to use meta-clang anymore.
Also, use PREFERRED_TOOLCHAIN_TARGET to specify the toolchain to use.
Signed-off-by: Jon Mason <jon.mason@arm.com>
The u-boot recipe now uses unique build directories per config that is
being built, to ensure that there is no cross-contamination.
Handle this by moving the do_configure and do_install appends to
uboot_configure_config and uboot_install_config so that we can simply
use $builddir.
[1] oe-core 22e96b32b0b ("u-boot: Make sure the build dir is unique for each UBOOT_CONFIG")
Signed-off-by: Ross Burton <ross.burton@arm.com>
Since TF-M v2.2.1, the new crypto driver used does not support RSA
algorithms, so these tests are no longer valid.
Signed-off-by: Frazer Carsley <frazer.carsley@arm.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Re-adds a patch aligning the Trusted Services PSA Crypto
structure with its equivalent definition in TF-M v2.1.1.
The patch was previously removed during the upgrade to
Trusted Services v1.2, as it was believed to be included in that
version. However, the alignment is still required to maintain
consistency with TF-M v2.1.1.
Signed-off-by: Frazer Carsley <frazer.carsley@arm.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
We have 2.2.1, so there's no need for 2.2.0. This removal was accidentally
omitted from the 2.2.1 upgrade.
Signed-off-by: Ross Burton <ross.burton@arm.com>
The OESSHTarget object now has a ignore_ssh_fails keyword argument[1],
so update this subclass to match.
As the implementation of run() here simply forwards the arguments, we
can use *args, **kwargs so that future changes don't cause problems.
[1] oe-core afe118d4f2d ("oeqa: target: ssh: Fail on SSH error even when errors are ignored")
Signed-off-by: Ross Burton <ross.burton@arm.com>
Moving forwards, it's expected that the poky repository will no longer be
updated as the integration of bitbake-setup means that users are
encouraged to use bitbake+oe-core separately instead.
We also need to fetch meta-yocto as our CI is currently explicitly based
on the poky distribution.
This is effectively a no-op change, as poky is simply these component
repositories glued into a single repository for convenience.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Backport a patch from upstream to fix the build of antlr with GCC 15 on
the host.
The build still fails with clang, so update the message with the current
error message.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Backport Trusted Firmware-A patch to re-enable the BL31
console during early boot.
Signed-off-by: Michael Safwat <michael.safwat@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Now that clang is part of oe-core we can't use meta-clang being present
as an indicator of clang being available.
This does mean we can clean up the logic and just use TOOLCHAIN, as that
is always set now.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Upstream appear to have resolved the libgcc linkage issues as these
variables are not used in upstream nor our patches.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Kernel builds are logging the following issue:
WARNING: linux-yocto-6.16.8+git-r0 do_kernel_configcheck: [kernel config]: specified values did not make it into the kernel's final configuration:
[NOTE]: 'CONFIG_BT_LEDS' last val (y) and .config val (n) do not match
This could be enabled by setting:
CONFIG_LEDS_CLASS=y
CONFIG_NEW_LEDS=y
CONFIG_SND_SOC_HDA=y
But this isn't really useful on the juno platform. So, better to
disable the BT LEDs.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Rename the Corstone-1000 Trusted Services patches so that their
numbering matches the application order, and the remainder of
each patch name matches its corresponding commit message subject.
Signed-off-by: Hugues KAMBA MPIANA <hugues.kambampiana@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The Corstone-1000 Trusted Services patches removed in this change are no
longer required following the upgrade to Trusted Services v1.2.0.
Signed-off-by: Hugues KAMBA MPIANA <hugues.kambampiana@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Trusted Services requires knowledge of the Corstone-1000 platform type to
select the correct set of FWU image UUIDs at compile time.
This change introduces a CORSTONE_1000_TYPE variable in both BitBake
and CMake code to differentiate between Corstone-1000 platform types.
Its value is determined by the selected Corstone-1000 target machine
configuration file:
* `CORSTONE_1000_TYPE_CORTEX_A35_FVP`
* `CORSTONE_1000_TYPE_CORTEX_A35_MPS3`
Signed-off-by: Hugues KAMBA MPIANA <hugues.kambampiana@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update edk2-firmware to the latest release and update edk2-basetools to
match this update (as the previous update did not do this).
Also, fix clang compile issues. This change should fix any clang
compile issues since edk2-stable202108 (completely untested, but that is
when the relevant variables were renamed).
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add variables for setting the Major and Minor version of the ARM
Instruction Set Architecture, and add those variables in the various
places needed for the FVP Base virtual machine to run with those
instructions.
Signed-off-by: Jon Mason <jon.mason@arm.com>
oe-selftest is now logging having rm_work enabled as an error, which is
causing the test to fail. Remove this from the selftest.yml file, and
everything works as before.
Signed-off-by: Jon Mason <jon.mason@arm.com>
The move to Trusted-Firmware-M v2.2.1 makes the BL1 code larger,
while the provisioning bundle can be trimmed. At the same time BL2 and
TF-M binary addresses now need to begin on a 0x100-byte boundary for
Cortex-M0+ based platforms.
Key changes
--------------------------------
- Upgrade Trusted-Firmware-M v2.2.1 for Corstone-1000
- New crypto driver supports ECC instead of RSA.
- Rebase patches
- Add new patches to address the following changes for v2.2.1
- Increase `BL1_1_CODE_SIZE` to 58KB to accommodate the v2.2.1 binaries.
- Reduce `PROVISIONING_DATA_SIZE` to 6KB.
- `BL2_CODE_START` and `S_CODE_START` are aligned to 0x100 byte boundary
so both start addresses are an exact multiple of 0x100.
- Adapt ADAC enabled build to the new BL2 build restructure.
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Include patch to add relevant checks in GCC linker scripts to validate if the
BL2 and Trusted-Firmware-M binary addresses are aligned to 0x100 byte boundary
for Cortex-M0+ based platforms.
This is required because:
For Cortex-M0+ VTOR: 256-byte vector table is at the offset 0x00 of the image.
To keep that table in one block, the image base must be a multiple of 0x100.
For reference: https://developer.arm.com/documentation/ddi0419/latest/
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The Juno board supports Arm CoreSight, so add it to MACHINE_FEATURES.
This is useful because oe-core's perf recipe will now enable coresight
support automatically if this feature is present[1].
[1] oe-core c455bd03910 ("perf: enable coresight if enabled in MACHINE_FEATURES")
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The oe-core perf recipe will now enable coresight support automatically
if the coresight MACHINE_FEATURE is set[1], so we can remove the manual
configuration in our CI and let the machines enable it where appropriate.
[1] oe-core c455bd03910 ("perf: enable coresight if enabled in MACHINE_FEATURES")
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
wic in oe-core has renamed --extra-space to --extra-filesystem-space[1],
so update the workaround here.
[1] oe-core 39d10137b86 ("wic: rename wks flag --extra-space to --extra-filesystem-space")
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The OP-TEE default tests are taking over 30 minutes, which is causing CI
to overall take several hours. For QEMU machines, reduce the tests to
just be the regression tests, which reduces the CI time by over 30%.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Originally we customised the CI build for speed, by switching to ipkg
instead of rpm for the packages and disabling graphical output support
in qemu-system-native.
These are admirable goals, but more admirable is sharing sstate and
people may wish to use the output of this CI without having to make the
same alterations.
Drop these two changes so that our configuration matches poky. I've
verified that with this change, a build of core-image-sato for qemuarm64
can be built almost entirely from the autobuilder's sstate[1].
[1] gator-daemon, opencsd, and perf are built as these are not built on
the AB in this configuration.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
testimage.yml was skipping the opkg tests, but we also need to skip the
dnf tests for when PACKAGE_CLASSES="package_rpm".
These skips are FVP-specific as they are due to the wrong IP being used
by the test suite. This should be fixed in the FVP test harness, but
for now move the exclusions into fvp.yml so they're isolated.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Enable OF_UPSTREAM support for the corstone1000 platforms in U-Boot.
This patchset enables OF_UPSTREAM device tree support in U-Boot for the
corstone1000 platforms. This allows U-Boot to build using upstream
Linux kernel device tree sources instead of downstream copies.
The following changes are introduced:
- Enable OF_UPSTREAM to support upstream device tree.
- Update DEVICE_TREE naming with "arm/" prefix.
- Add device tree overlay to retain U-Boot specific device tree
nodes.
- Remove legacy device trees for corstone1000.
Signed-off-by: Clement Faure <clement.faure@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
OP-TEE version 4.7.0 has been released on 2025-07-11 [1], and includes fixes
that are currently collected as separate patches in the layer collection.
Upgrade OP-TEE recipes to point to version 4.7.0, and drop patches from layers
as they are already present in upstream.
Clang patch in `optee-os` package was completely removed. Upstream logic was
changed in PR #7382 [2], making this patch obsolete.
CVE-2025-46733 in `optee-ftpm` package is now properly tagged and included in
4.7.0 version as well.
One patch that is still kept in the layer is
optee-client/0001-tee-supplicant-update-udev-systemd-install-code.patch, as it
has been merged after 4.7.0 tag was applied, but already present in upstream as
commit 59b90488e93e ("tee-supplicant: update udev & systemd install code").
Further updates shall consider to drop this as well.
In addition, point corestone1000 machine to a new version, as 4.6.0 is dropped
from the layer. TZDRAM patch is also dropped as it is now present in upstream.
Link: [1]: https://github.com/OP-TEE/optee_os/blob/master/CHANGELOG.md#op-tee---version-470-2025-07-11
Link: [2]: https://github.com/OP-TEE/optee_os/pull/7382
Signed-off-by: Andrey Zhizhikin <andrey.z@gmail.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
commit a3a2c49b21 corrected a typo that
was preventing arm-branch-protection flags from being enabled. However,
since making this change, fvp-base with trusted services enabled no
longer boots. However, the flag that seems to be the problem on fvp
base is CFG_TA_BTI. Since this is the only use case for
arm-branch-protection machine feature, remove it from the common file
until this issue can be properly sorted.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update gn to the latest SHA (commit from 08 Aug 2025). There are 66
commits between the previous SHA and the new one.
Signed-off-by: Jon Mason <jon.mason@arm.com>
An uninitialized variable warning is occurring when compiling gn.
However, since Wall is being used in gn, this is being logged as an
error. Pass the no-error flag for this case to workaround this issue.
Signed-off-by: Jon Mason <jon.mason@arm.com>
These patches upstream status changed to Backport:
0006-platform-CS1000-Add-multicore-support-for-FVP.patch
0009-CC312-ADAC-Add-PSA_WANT_ALG_SHA_256-definition.patch
0010-Platform-CS1000-Add-crypto-configs-for-ADAC.patch
0012-Platform-CS1000-Remove-unused-BL1-files.patch
0013-Platform-CS1000-Fix-compiler-switch-in-BL1.patch
0017-Platform-CS1000-Enable-FWU-partition.patch
0018-Platform-Corstone1000-Implement-Bootloader-Abstracti.patch
0019-Platform-Corstone1000-Increase-buffer-sizes.patch
0023-Platform-CS1000-Remove-duplicate-configuration-parameters.patch
And from the PSA-ADAC,
This patch upstream status changed to Backport:
0002-ADAC-Link-psa_interface-instead-of-tfm_sprt.patch
This patch upstream status changed to Inappropriate:
0003-Fix-psa_key_handle_t-initialization.patch
Reason: mbedcrypto configs have to be fixed to build secure-debug mps3
without this patch
Signed-off-by: Michael Safwat <michael.safwat@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Since OE-core 6fd8af0d, the semicolon delimeter in bb.build_exec_func
variables is not needed. The commit silently removes any stray ';' but
failed to handle ';' when assigning to vardeps.
In meta-arm, this has the effect of changes to FVP_* variables not being
picked up when rebuilding the image recipe since mickledore.
This is ancient history now, so just remove the semicolon to fix the
variable dependency issue when using fvpboot in meta-arm.
Signed-off-by: Peter Hoyes <peter.hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This recipe was using EXTREA_OEMAKE to enable BTI, fix the typo.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The OP-TEE suite of packages use lld if the compiler is clang, so now
that the lld recipe has been split out of the clang recipe we need to
depend on both.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Clang is large but this recipe builds on all hosts now, so we don't need
to exclude it.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This doesn't use pkgconfig, or python3native, or need to inherit clang.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The build explicitly uses lld, so now that it has been split out of the
clang recipe we need to also depend on that.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
A test compares the value of the Generic Timer register CNTFRQ visible in
two frames CNTBaseN and CNTCTLBase that are linked in Armv8-A and reflect
the same value.
An issue in Corstone-1000 (errata 2142118) makes the CNTFRQ views
inconsistents and the then test fails. There is no workaround and
the test is skipped.
Errata: https://developer.arm.com/documentation/sden2142076/0002/?lang=en
Signed-off-by: Christophe Thiblot <christophe.thiblot@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Until Corstone1000 can be updated to use 2025.07, keep an older release
of u-boot in meta-arm-bsp for it to use.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The use of 2023.07.02 was removed in meta-arm e29c0ee70a
("arm-bsp/u-boot: corstone1000: Add PSA Firmware Update support (DEN0118
v1.0A)").
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update the FVP base u-boot patches to apply cleanly to u-boot v2025.07.
Also, use a config fragment to change the default boot command to boot
virtio image. This works around some changes in
include/configs/vexpress_aemv8.h that change the boot behavior, which is
not something we're using anyway.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update the architecture documentation for Corstone-1000 to include
details about the new PSA Firmware Update (FWU) implementation.
The new section describes the bootloader abstraction layer (BAL),
UEFI capsule update flow, FWU metadata handling, and the integration
between TF-M and U-Boot for managing trial and accepted images.
This documentation helps align the platform with PSA FWU requirements
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Upstream has removed the need to explicitly set S = "${WORKDIR}/git",
and now defaults to S = "${UNPACKDIR}". As a result, directly referencing
${WORKDIR}/git will fail when the source is unpacked elsewhere.
Update do_install() to use ${S}/BaseTools instead of the hardcoded path.
This issue was previously unnoticed as EDK2 tools (e.g. GenerateCapsule)
were not being used in the build path at the time of the earlier refactor
(commit eea74860).
Signed-off-by: Ali Can Ozaslan <ali.oezaslan@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add PSA FWU support on U-Boot v2025.04
Introduce Platform Security Architecture (PSA) Firmware Update (FWU) support to
U-Boot v2025.04 on the Corstone-1000 reference design. This implements the
Arm DEN0118 v1.0A specification and provides a generic, upstreamable FWU
framework for reuse across other Arm platforms.
Design overview:
Client/Runner: U-Boot parses the capsule and executes the FWU state machine.
Update agent: Secure world handles flash writes and metadata updates.
Key features:
- Capsule-based firmware updates with support for multiple payloads
- On-disk capsule handling (ESP-based update)
- Optional image acceptance at ExitBootServices()
- ESRT (EFI System Resource Table) support
- FFA_MEM_SHARE and FFA_MEM_RECLAIM ABI support
- FWU enabled for the Corstone-1000 platform
[1]: Platform Security Firmware Update for the A-profile Arm Architecture,
https://developer.arm.com/documentation/den0118/latest/
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This commit removes the outdated patches of capsule update implementation for the Corstone-1000
platform targeting Trusted-Firmware-M (TF-M). The changes include the removal of
obsolete out-of-tree patches and the rebase of retained patches to align with the
latest upstream TF-M integration.
Key changes:
- Dropped legacy TF-M patches related to old capsule update flow
- Rebasing of remaining TF-M patches for compatibility with current TF-M baseline
This cleanup streamlines the TF-M integration for Corstone-1000 in preparation for
the updated PSA Firmware Update (FWU) aligned capsule update support.
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This change removes the obsolete out-of-tree patches and legacy support related
to the old capsule update mechanism for the Corstone-1000 platform.
The Trusted-Services components are now aligned with the upstream implementation,
and outdated patches have been dropped or rebased as necessary.
- Removed deprecated patches targeting old capsule update logic
- Rebasing of remaining patches to ensure compatibility with updated TS interface
This prepares the platform for the new PSA FWU-based capsule update path and
reduces technical debt in Trusted-Services integration.
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
- Add 'CAPSULE_SELECTED_COMPONENTS' to enable filtering of firmware
components during capsule generation. Only components listed in
'CAPSULE_SELECTED_COMPONENTS' will be included in the final capsule
image.
- Introduce CAPSULE_EXTRA_ARGS to allow passing additional arguments.
'--capflag PersistAcrossReset' to retain capsule across reboots.
- Payload selection is now controlled via the KAS YAML configuration
(corstone1000-image-configuration.yml), allowing per-image control
over which firmware components are included.
- With the introduction of multiple payload support, 'CAPSULE_VERSION'
no longer represents the firmware version itself but is instead
used for naming the capsule and assigning a common version to all
payloads to simplify testing.
- Use EDK2 tool to switch from single FMP capsule generation to multiple
FMP capsules using a JSON-based configuration. This removes the need
for manually combining firmware images into a .nopt image.
- Remove legacy nopt image creation logic, as each firmware binary is
now handled individually. Components no longer need to be merged.
Deploy task was removed with nopt logic.
- Generate dummy.bin for EDK2 tool compatibility. EDK2 requires
at least one input file for each payload.
- Added dependency on to to ensure images are signed before capsule
generation.
- Add CAPSULE_LOWEST_SUPPORTED_VERSION to
corstone1000-image-configuration.yml.It in the same file where
the firmware version (FW_VERSION) is defined, ensuring a unified
location for version-related metadata. This value was chosen to
be equal to the firmware version to represent a downgrade
scenario (from version 6 to version 5) during testing.
- CAPSULE_HARDWARE_INSTANCE is set to "1" by default (instead of 0),
indicating the first hardware.
Signed-off-by: Ali Can Ozaslan <ali.oezaslan@arm.com>
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This commit updates the uefi_capsule.bbclass to use the EDK2
GenerateCapsule tool instead of the mkeficapsule utility from U-Boot.
The switch was necessary because the mkeficapsule utility from U-Boot
does not support generating capsules with multiple payloads, whereas
the EDK2 GenerateCapsule tool provides native support for multi-image
capsule creation.
These changes allow building UEFI capsules with multiple firmware
binaries in one step, making the firmware update process
more flexible.
- Switching dependency from u-boot-tools-native to
edk2-basetools-native
- Updating the actual capsule creation command to GenerateCapsule
with the appropriate flags (including hardware instance, lowest
supported version, and monotonic count)
* CAPSULE_HARDWARE_INSTANCE defines which hardware instance
the capsule update is intended for. This can be set
to "1" or "0" indicating the first hardware module or SoC.
For systems with multiple modules, subsequent instances
could be numbered 2, 3, etc.
* CAPSULE_LOWEST_SUPPORTED_VERSION enables roll-back protection
by specifying the minimum firmware version that the platform
accepts. Any firmware update below this version will be
rejected.It should be set 0, 1, 2, etc according to your
firmware security and versioning requirements.
- Combining certificates into the private key file as required
by GenerateCapsule
- Add support for multiple firmware payloads
This update refactors the capsule generation process to support
multiple firmware binaries instead of a single payload.
Key changes include:
- Integration of a JSON generator script to define multiple payloads
- Add default path for JSON config generator and prepare
test infrastructure.
- Introduction of new variables
* CAPSULE_ALL_COMPONENTS: of all available components
to be included in the capsule generation process.
* CAPSULE_SELECTED_COMPONENTS: Subset of components from
CAPSULE_ALL_COMPONENTS that should actually be included
in the final capsule image.
- Replacement of direct GenerateCapsule arguments with JSON input
- Allow passing custom arguments to GenerateCapsule via
`CAPSULE_EXTRA_ARGS` variable
- Cleanup of temporary files used in the capsule generation process
These changes align with EDK2's flexible capsule format and enable
component level filtering for more advanced firmware update scenarios.
Signed-off-by: Ali Can Ozaslan <ali.oezaslan@arm.com>
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This commit implement the required changes in Trusted-Services in order
to incorporate PSA FWU implementation. It involves the following changes:
1. Integrate IPC framework for PSA FWU calls between Cortex-A and Cortex-M subsystems.
IPC framework is required to bridge the PSA FWU calls for the platforms which have
both Cortex-A and Cortex-M subsystems. Corstone-1000 falls under this category of
platforms. In these platforms, the PSA FWU client and PSA FWU provider exist on
Cortex-A and all the PSA FWU services are implemented on Cortex-M side. This IPC
framework forwards the PSA FWU calls from Cortex-A to Cortex-M subsystem.
2. Load initial image state in PSA FWU M update agent
Set initial image state based on the image state returned by
psa_fwu_query. This way the update agent has the correct view of images
after reboot and it can accept or reject them.
3. Define PSA FWU image mapping structure.
Define PSA FWU image mapping structure for Corstone-1000.
This structure is responsible to map specific image guid with
component number.
To enable platform-specific handling, service_proxy_factory.c now
conditionally selects the appropriate image mapping
based on PLATFORM_IS_FVP. This ensures that both FVP and MPS3
platforms use the correct GUID and firmware update configuration.
4. Fix PSA FWU IPC psa_fwu_install() return value check
This change adds support to validate if the return type in psa_fwu_install()
is either PSA_SUCCESS or PSA_SUCCESS_REBOOT. Both the return values are expected.
Earlier, only PSA_SUCCESS is validated.
5. Add ESRT support
Add ESRT support for PSA FWU M agent.
ESRT functionality is implemented using unique image dedicated
for ESRT data having its own UUID. In PSA FWU M agent's context,
this image has read only attributes. The ESRT data can be read
using image_read_directory by using ESRT image UUID handle. The
ESRT data is queried from Secure Enclave using psa_fwu_query()
and ESRT data can be read from psa_fwu_impl_info_t structure
object defined in psa_fwu_component_info_t.
This commit includes the following changes:
1. Declare ESRT data structures.
2. Modify image_directory_read() to include ESRT data read support
3. Modify psa_fwu_m_update_agent_init to initialize ESRT image
attributes
6. Enable ESRT support
Enable ESRT support for Corstone-1000.
Introduce ESRT image UUID and its component number and
set TFM_FWU_MAX_DIGEST_SIZE to ESRT data size.
7. Add event provider proxy
Normal world needs to send boot confirmation event
to Secure Enclave and Trusted-Services is responsible
to transfer the event to Secure Enclave.
This commit implements the event handling framework in
SE-proxy-SP and develops event provider proxy which
forwards the event to Secure Enclave via psa calls.
This change is introduced for Corstone-1000
8. Define GUID for each payloads
Define GUID's for all the 4 payloads for FVP and
MPS3.
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
Signed-off-by: Ali Can Ozaslan <ali.oezaslan@arm.com>
Signed-off-by: Imre Kis <imre.kis@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Introduces PLATFORM_IS_FVP to differentiate between FVP and FPGA builds.
Adds platform-specific CMake files for corstone1000-fvp and corstone1000-mps3,
and updates platform.cmake to use this toggle.
This commit also adds the TS_PLATFORM variable to corstone1000-fvp.conf
and corstone1000-mps3.conf, explicitly defining platform identifiers
for Trusted Services. This ensures a consistent and clear distinction
between the FVP and MPS3 builds within the build system.
These changes improve maintainability and platform-specific handling
by making it easier to reference the correct target platform
in configurations and scripts.
Signed-off-by: Ali Can Ozaslan <ali.oezaslan@arm.com>
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Increase `PS_MAX_ASSET_SIZE` and `CRYPTO_IOVEC_BUFFER_SIZE` for the
Corstone-1000 platform to support large EFI variable storage required
by the UEFI firmware update flow and to pass Arm Architecture Compliance
Suite (ACS) tests.
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Introduce Bootloader Abstraction Layer (BAL) support for Corstone-1000 to
enable flexible integration of firmware update including partial capsule
update.
This change includes:
- Enable the firmware update partition for Corstone-1000 and create
placeholder bootloader abstraction layer for Corstone-1000.
- Change the insertion logic of TFM_FWU_BOOTLOADER_LIB to select a new
platform-specific bootloader abstraction layer.
- Use the necessary flags to use the service and resolve any linker
issues that may arise.
- Migration of capsule update logic to a new BAL module under
`platform/ext/target/corstone1000/bootloader/mcuboot/`.
- Implementation of BAL APIs in `tfm_mcuboot_fwu.c` as per the PSA FWU
state machine.
- Removal of `uefi_capsule_parser.c` and `uefi_capsule_parser.h` as capsule
parsing is done in U-Boot.
- Enhancement of `uefi_fmp.c` to handle FMP metadata for multiple images.
- Update of `provisioning.c` and `security_cnt_bl2.c` to handle new BAL
return values.
- Addition of `fwu_config.h.in` with default FWU configuration.
- Metadata layout changes to include size and image GUIDs for U-Boot
compatibility during FWU Accept flow.
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
Signed-off-by: Ali Can Ozaslan <ali.oezaslan@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add support to permit FWU calls in RSE-COMMS Trusted-Firmware-M for Corstone-1000
This change is required to allow the transmission of PSA FWU related
calls between Cortex A and Cortex M side on Corstone-1000.
For every PSA call from A side, the RSE-COMMS at M side validates, if the
call is allowed or not.
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This patch has been dropped in the following commit:
f1fc5c53 - arm/hafnium: update to v2.12.0
Unfortunately the original issue is still present and the
patch is required for the successful build. Patch is
restored in this commit.
Signed-off-by: Csaba Szilágyi <csaba.szilagyi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
third_party/linux submodule has been removed from hafnium in the
following commit:
ddeedafa - chore: drop the third_party/linux submodule
Relevant patch can not be applied anymore. Patch is removed
from the recipe.
Signed-off-by: Csaba Szilágyi <csaba.szilagyi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
'qemu_aarch64' is not a valid hafnium platform. Supported platforms are:
* 'secure_rd_v3'
* 'secure_rd_v3_cfg1'
* 'secure_aem_v8a_fvp_vhe'
* 'aem_v8a_fvp_vhe'
* 'aem_v8a_fvp_vhe_ffa_v1_1'
* 'qemu_aarch64_vhe'
* 'secure_qemu_aarch64'
* 'rpi4'
* 'secure_tc'
Previusly selected 'qemu_aarch64' did not cause error because
it was NOT passed to make. It had no effect.
Within this commit, platform 'secure_qemu_aarch64' is selected
and passed to make.
Signed-off-by: Csaba Szilágyi <csaba.szilagyi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
hafnium is built by clang. Dependency is required for successful
build.
Signed-off-by: Csaba Szilágyi <csaba.szilagyi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
According to original commit, clang for other targets
like aarch64 were not available. This condition is not
present anymore therefore check for x86_64 can be removed.
This reverts commit 01a13b11ad.
Signed-off-by: Csaba Szilágyi <csaba.szilagyi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Upgrade trusted-firmware-a to 2.13.0 for Corstone-1000
Upgrade tf-a-tests to 2.13.0 for Corstone-1000
Signed-off-by: Clement Faure <clement.faure@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Apply TF-M downstream patches in the main TF-M recipe, rather than doing
it in corstone1000 recipe.
Signed-off-by: Hamideh Izadyar <hamideh.izadyar@arm.com>
Cmake 4.0 dropped compatibility to cmake versions below 3.5. Update the
required version on the cmake file as a workaround.
Also update the component to use git am instead of apply.
Signed-off-by: Gyorgy Szing <gyorgy.szing@arm.com>
Signed-off-by: Michael Safwat <michael.safwat@arm.com>
Two variables are moved from the meta-arm-bsp layer to the Trusted-Services
Corstone-1000 platform CMake file so the MM communication buffer address and
page count can be configured from the CMake layer.
Signed-off-by: Michael Safwat <michael.safwat@arm.com>
Patch "0003-optee-enable-clang-support" is no longer appropriate as the
feature the patch provides is no longer required.
Signed-off-by: Frazer Carsley <frazer.carsley@arm.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
The external-system component was marked as a dependency for the
corstone1000-recovery image regardless of whether external-system was
requested or not. This ensures that is no longer the case.
Signed-off-by: Frazer Carsley <frazer.carsley@arm.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Add some basic tunes for the newly added Arm architectures in GCC.
These will need to be further fleshed out before submitting this to OE
Core, but should be sufficient to use for machines that need them in the
interim.
Signed-off-by: Jon Mason <jon.mason@arm.com>
This CVE is fixed in optee 4.7, so backport for 4.6
For optee-ftpm, the change is submitted right after
the 4.6 tag, so update the SHA instead of holding an
out-of-tree patch.
Signed-off-by: Mariam Elshakfy <mariam.elshakfy@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Use Linaro's optee-ftpm fork instead of historical sample in
Microsoft's TPM reference.
Signed-off-by: Mariam Elshakfy <mariam.elshakfy@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This recipe has a second copy of QCBOR in SRC_URI, correct the reference
to its location in EXTRA_OECMAKE to fix builds with network isolation.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Use UNPACKDIR directly instead of constructing it manually from WORKDIR.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The sources are not under WORKDIR/git, use UNPACKDIR.
Also use B instead of WORKDIR/build in case B changes.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The sources are not under WORKDIR/git anymore, use UNPACKDIR. This
most likely isn't entirely correct but does remove build paths from the
binaries.
Also use TARGET_DBGSRC_DIR instead of constructing the target path
manually.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The caller should (and does) use ci/testimage.yml explicitly instead.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add recipes for OP-TEE v4.6.0
Upgrade Corstone-1000 OP-TEE revision from 4.4.0 to 4.6.0
Add patch to fix compilation issue with musl and optee-test 4.6.0.
Signed-off-by: Clement Faure <clement.faure@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Upstream has removed the need for setting S to WORKDIR, and is throwing
an error if still doing so. Make the necessary changes.
From the upstream commit, much of the changes where made via:
sed -i "/^S = \"\${WORKDIR}\/git\"/d" `find . -name *.bb -o -name *.inc -o -name *.bbclass`
sed -i "s/^S = \"\${WORKDIR}\//S = \"\${UNPACKDIR}\//g" `find . -name *.bb -o -name *.inc -o -name *.bbclass`
Suggested-by: Marcin Juszkiewicz <marcin-oe@juszkiewicz.com.pl>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The network device and pflash can be modified to more correctly emulate
an actual system.
Suggested-by: Marcin Juszkiewicz <marcin-oe@juszkiewicz.com.pl>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The PS_NUM_ASSET is duplicated in the cmake.config and the config_tfm_target.h file
under Corstone-1000. The commit removes the one from the cmake.config and keeps the
one in the header file.
The whole rationale behind this is for the vendor to be able to override the
configuration using the cmake file.
Signed-off-by: Yogesh Wani <yogesh.wani@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
FILESEXTRAPATHS that have a prepend should have a trailing ':' to allow
for the follow-on modifications to the string. Add it here where
necessary.
Reported-by: Robert P. J. Day <rpjday@crashcourse.ca>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The original patch was inadvertently removed by a subsequent commit.
This change restores the patch to fix failures in the PSA Crypto
Suite test on Corstone-1000.
Signed-off-by: Hugues KAMBA MPIANA <hugues.kambampiana@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The github URL where the image was located has gone away on the master
branch. Update the URL to point to the legacy branch, which should stay
around (according to the documentation).
Fixes: aebe535aa8 ("arm-systemready: Introduce the Arm SystemReady layer")
Signed-off-by: Jon Mason <jon.mason@arm.com>
Modify the upstream status of the patch to align a PSA crypto struct with
TF-M from Pending to Backport as it is included in TS v1.2.0 release candidate.
Signed-off-by: Hugues KAMBA MPIANA <hugues.kambampiana@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
BUILD_CC and friends are only needed for the build of BaseTools, so move
the assignments to that specific make call.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
GCC15 changed the behavior with how unions are initalized, which is
causing an issue with mbedtls in TS. Change the behavior to the
previous way of doing things until the fix has been released.
Signed-off-by: Jon Mason <jon.mason@arm.com>
The test cases for fvp-base will not fully run because the trusted
servies ones are the only ones (instead of being appended to the list).
Correcting this issue so that all the tests can be run.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update to the latest version of edk2-firmware. The sgi issue has been
corrected upstream, so the patch can now be dropped. Also, no longer
seeing the RELEASE issue on qemuarm/qemuarm64, and removing that
workaround.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update to the latest version of SBSA ACS. Since 7.1.4, BSA things were
put in a separate git repo and it now has a dependency on that.
Also, address an issue with BSA, GCC15, and incompatible pointer type
errors.
Signed-off-by: Jon Mason <jon.mason@arm.com>
The Yocto project changed the server name for sstate, though the
previous one does still appear to work. Update here to the one matching
the YP documentation.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Remove TF-A 2.11.0 Yocto recipe.
Remove patches that are now upstreamed in TF-A 2.12
Signed-off-by: Clément Faure <clement.faure@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Upgrade trusted-firmware-a to 2.12.1 for Corstone-1000
When GENERATE_COT is enabled, use the Yocto dependency cot-dt2c instead
of installing it with Poetry.
Signed-off-by: Clément Faure <clement.faure@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Backport patch to fix the following compilation issue:
| In file included from tftf/tests/runtime_services/realm_payload/host_realm_payload_simd_tests.c:21:
| tftf/tests/runtime_services/realm_payload/host_realm_simd_common.h:6: error: header guard 'HOST_REALM_COMMON_H' followed by '#define' of a different macro [-Werror=header-guard]
| 6 | #ifndef HOST_REALM_COMMON_H
| tftf/tests/runtime_services/realm_payload/host_realm_simd_common.h:7: note: 'HOST_REALM_COMMON_h' is defined here; did you mean 'HOST_REALM_COMMON_H'?
| 7 | #define HOST_REALM_COMMON_h
| In file included from tftf/tests/runtime_services/realm_payload/host_realm_simd_common.c:13:
| tftf/tests/runtime_services/realm_payload/host_realm_simd_common.h:6: error: header guard 'HOST_REALM_COMMON_H' followed by '#define' of a different macro [-Werror=header-guard]
| 6 | #ifndef HOST_REALM_COMMON_H
| tftf/tests/runtime_services/realm_payload/host_realm_simd_common.h:7: note: 'HOST_REALM_COMMON_h' is defined here; did you mean 'HOST_REALM_COMMON_H'?
| 7 | #define HOST_REALM_COMMON_h
| CC tftf/tests/runtime_services/secure_service/spm_test_helpers.c
| In file included from tftf/tests/runtime_services/realm_payload/host_realm_spm.c:20:
| tftf/tests/runtime_services/realm_payload/host_realm_simd_common.h:6: error: header guard 'HOST_REALM_COMMON_H' followed by '#define' of a different macro [-Werror=header-guard]
| 6 | #ifndef HOST_REALM_COMMON_H
| tftf/tests/runtime_services/realm_payload/host_realm_simd_common.h:7: note: 'HOST_REALM_COMMON_h' is defined here; did you mean 'HOST_REALM_COMMON_H'?
| 7 | #define HOST_REALM_COMMON_h
| cc1: all warnings being treated as errors
| make: *** [Makefile:605: workspace/corstone1000/build/tmp/work/cortexa35-poky-linux-musl/tf-a-tests/2.12.0/build/corstone1000/release/tftf/host_realm_simd_common.o] Error 1
| make: *** Waiting for unfinished jobs....
| cc1: all warnings being treated as errors
| make: *** [Makefile:605: workspace/corstone1000/build/tmp/work/cortexa35-poky-linux-musl/tf-a-tests/2.12.0/build/corstone1000/release/tftf/host_realm_spm.o] Error 1
| cc1: all warnings being treated as errors
| make: *** [Makefile:605: workspace/corstone1000/build/tmp/work/cortexa35-poky-linux-musl/tf-a-tests/2.12.0/build/corstone1000/release/tftf/host_realm_payload_simd_tests.o] Error 1
| make: Leaving directory 'workspace/corstone1000/build/tmp/work/cortexa35-poky-linux-musl/tf-a-tests/2.12.0/git'
Signed-off-by: Clément Faure <clement.faure@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add recipe for the latest version of TF-A, which needs a newer version
of mbedtls as well. The license checksum updated due to hob code being
imported from edk2, which is BSD 2 Clause, which is already in the
license field for the recipe.
Updating the git recipe to use the latest version, and keeping LTS
versions.
sgi575 was removed from 2.13.0. So, pointing that to 2.12
Signed-off-by: Jon Mason <jon.mason@arm.com>
Seeing the following warnings:
WARNING: /builds/jonmason00/meta-arm/work/build/../../meta-arm-bsp/conf/machine/include/corstone1000.inc:72 has a lack of whitespace around the assignment: 'SMMGW_AUTH_VAR="1"'
WARNING: /builds/jonmason00/meta-arm/work/build/../../meta-arm-bsp/conf/machine/include/corstone1000.inc:74 has a lack of whitespace around the assignment: 'SMMGW_INTERNAL_CRYPTO="1"'
Add the necessary white space to address the issue.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Seeing warnings of:
WARNING: /builds/jonmason00/meta-arm/work/build/../../meta-arm/recipes-security/trusted-services/libpsats_git.bb: /builds/jonmason00/meta-arm/work/build/../../meta-arm/recipes-security/trusted-services/libpsats_git.bb:8 has a lack of whitespace around the assignment: 'OECMAKE_SOURCEPATH="${S}/deployments/libpsats/${TS_ENV}"'
WARNING: /builds/jonmason00/meta-arm/work/build/../../meta-arm/recipes-security/trusted-services/ts-sp-logging_git.bb: /builds/jonmason00/meta-arm/work/build/../../meta-arm/recipes-security/trusted-services/ts-sp-logging_git.bb:8 has a lack of whitespace around the assignment: 'OECMAKE_SOURCEPATH="${S}/deployments/logging/config/${TS_SP_LOGGING_CONFIG}-${TS_ENV}"'
Clean-up the white space to address the issue.
Signed-off-by: Jon Mason <jon.mason@arm.com>
This switches CI back to using the master branches.
Currently there are two known failures:
- sbsa-ref
- perf on musl
This reverts commit e0c1f0f94a.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
We currently archive all of the task logs on every job, but this ends up
being between 2-10MB per job and our pipelines have ~100 jobs.
To save space and time, change the log collection to only happen if the
job fails, and explicitly expire them after a week.
This reverts meta-arm 60abe46, but in two years we've not really needed
successful logs, and they can be easily toggled back on if needed in a
branch.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Three commits had to be removed in order to make the inappropriate
capsule update implementation work with the new Trusted Services
version.
The "Make variable index usage robust with redundancy" commit needs to
be reverted because the FMP support only works if the
SMM_VARIABLE_INDEX_STORAGE_UID is 0x787.
The "Load and store UEFI variable index in chunks" commit needs to
be reverted because the optional create() and set_extended() APIs are
not supported for Corstone-1000.
The "Make constraints of NV UEFI variables persistent" commit needs to
be reverted because the FMP support is not compatible with these
changes.
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The patches needed rebasing to the latest Trusted Services version so
they can be applied cleanly.
Signed-off-by: Gyorgy Szing <gyorgy.szing@arm.com>
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The logging service provides an SPMC agonistic to create log messages.
The current version will simply dump the incoming log messages to a
setial line. Future versions could provide access to log messages from
the NWd, could encrypt the essages and perform more efficient when
logging large messages.
This change enables the logging SP on the fvp_base platform. All log
messages made by SPs after the boot phase will be sent to UART3.
Signed-off-by: Gyorgy Szing <gyorgy.szing@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Introduce a new machine feature called "arm-branch-protection". When set
TF-A, optee and Trusted Services SPs will be configured to enable PAC
and BTI. In addition the fvp-is configured to emulate arm-v8.5 and
PAC+BTI.
Signed-off-by: Gyorgy Szing <gyorgy.szing@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Bound Authenticated Variable configuration related settings to yocto
variables. The aim is easier configuration by hiding SmmGW build system
internals at the yocto recipe level.
For details please see documentation/trusted-services.md
Signed-off-by: Gyorgy Szing <gyorgy.szing@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
TS upstream introduced a new library which carries PSA clients. This
library is to be used by linux user-space applications interfacing to
PSA providers running in the SWd.
Modify dependee to use the new library.
Signed-off-by: Gyorgy Szing <gyorgy.szing@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Trusted Services introduced its own libc implementation and has no
dependency on newlib anymore. Remove TS specific newlib recipes and
patch files.
Signed-off-by: Gyorgy Szing <gyorgy.szing@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Bump the TS SHA to latest integration.
Set the version of TS dependencies as required.
Signed-off-by: Gyorgy Szing <gyorgy.szing@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
New version moved from integrated version of t_cose to upstream git
tree. Doing so necessitates adding a path to the build command, which
is only being done in the 2.2.0 src inc file to prevent any potential
issues with older versions that might be using the
trusted-firmware-m.inc file. t_cose is using BSD, so no need to modify
the recipe licenses.
Also, the 3.6.3 tagged SHA for mbedtls (specified in the 2.2 tf-m
source) is broken. It references an non-existent SHA for
mbedtls-framework, which is corrected in the mbedtls-3.6 branch 2
commits later. Using that corrected commit to work around that issue.
Keeping 2.1.1 around as it is the LTS.
Signed-off-by: Jon Mason <jon.mason@arm.com>
The TF-M was upgraded to v2.1.1 for the Corstone-1000. The TS had to be
aligned with it, to keep the Secure Enclave Proxy Secure Partition
compatible with TF-M.
Signed-off-by: Ali Can Ozaslan <ali.oezaslan@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Unfortunately, new gcc-15 nonstring attribute has just recently been
merged to clang and hasn't made into a release yet - will be part of
clang-21.
For now backport the commit making -Werror conditional and disabled
by default.
Signed-off-by: Denys Dmytriyenko <denys@konsulko.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The tfm_sign_image.bbclass was updated so now the used signing key is
passed by the caller. This is needed because there can be cases where
different images have to be signed with different keys.
If no key is passed to the script, then use a default one to keep the
backward compatibility.
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Related commit information is given below for reference.
[1/1] arm/classes: add support to configure fvp-bindir
commit: 42390742b1
Signed-off-by: Mohammed Javith Akthar M <mohammedjavitham@ami.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Seeing the warning:
lack of whitespace around the assignment: 'TS_ENV="sp"'
Add the spaces to address the issue
Signed-off-by: Jon Mason <jon.mason@arm.com>
Seeing the warning:
lack of whitespace around the assignment: 'TCLIBC="musl"'
Add spaces to address the issue
Signed-off-by: Jon Mason <jon.mason@arm.com>
Seeing the following warning:
WARNING: /builds/jonmason00/meta-arm/work/build/../../meta-arm-bsp/recipes-bsp/external-system/external-system_0.1.0.bb: /builds/jonmason00/meta-arm/work/build/../../meta-arm-bsp/recipes-bsp/external-system/external-system_0.1.0.bb:6 has a lack of whitespace around the assignment: 'INHIBIT_DEFAULT_DEPS="1"'
Adding spaces addresses the issue.
Signed-off-by: Jon Mason <jon.mason@arm.com>
`devtool check-upgrade-status` reports the new version as "20151030.",
which is the last tagged release. Given that there are a number of
commits since that tag and the tree doesn't appear to be using tagged
released, treat this as a git tree and check the updates appropriately.
Signed-off-by: Jon Mason <jon.mason@arm.com>
With the change to webpages for the FVPs, it is not possible to detect
new versions anymore. Add UPSTREAM_VERSION_UNKNOWN to avoid the
"UNKNOWN_BORKEN" when running `devtool check-upgrade-status`
Signed-off-by: Jon Mason <jon.mason@arm.com>
Currently, fvp-bindir is configured to use the build path. This commit
allows customization of this path by defining a new variable FVP_BINDIR
in fvpconf. This change enables the runfvp script to execute without
BitBake initialization.
Testing:
- Tested using OpenBMC FVP build.
- Defined FVP_BINDIR variable with a custom path in fvp-config.inc and
observed the changes after the build.
Before changes:
$ jq . ~/openbmc/build/fvp/tmp/deploy/images/fvp/obmc-phosphor-image-fvp.fvpconf | grep
fvp-bindir
"fvp-bindir": "/home/javith/build/openbmc/build/fvp/tmp/sysroots
-components/x86_64/fvp-base-a-aem-native/usr/bin",
After changes:
$ jq . ~/openbmc/build/fvp/tmp/deploy/images/fvp/obmc-phosphor-image-fvp.fvpconf | grep
fvp-bindir
"fvp-bindir": "utilities/fvp/usr/bin",
Signed-off-by: Mohammed Javith Akthar M <mohammedjavitham@ami.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
edk2 isn't booting on qemuarm64-secureboot, and hasn't for some time.
Also, it's not being tested as part of CI. Remove until it is working
again.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update to the latest tagged version of edk2-firmware. This requires
rebasing the sbsa-acs patches. Also, sgi575 works with the latest
version but requires a patch to compile cleanly.
There is an issue with qemuarm/qemuarm64 where the boot device is not
found in edk2 if 'RELEASE' is set as the build mode. Temporarily
changing that to DEBUG while the issue is being worked on (in
https://github.com/tianocore/edk2/issues/10942).
Signed-off-by: Jon Mason <jon.mason@arm.com>
Currently, the version number is not being specified, which is causing
the version to be printed as an empty string. Such as:
UEFI firmware (version built at 00:50:36 on Feb 21 2025)
and
Tianocore/EDK2 firmware version
Add the package version as the version to be printed out, which results
in:
UEFI firmware (version 202502 built at 00:50:36 on Feb 21 2025)
and
Tianocore/EDK2 firmware version 202502
An intermediate variable was used instead of PV to allow for the
variable to be overridden if necessary.
Also, minor white space clean-up to match the style in the rest of the
file.
Signed-off-by: Jon Mason <jon.mason@arm.com>
The Corstone-1000 read the docs had some small typos in the
Design Overview section. Commit addresses these.
Copyright information now updated.
Signed-off-by: Yogesh Wani <yogesh.wani@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
There are some objects in the FVP binary that are assembler source and
fail to declare what permissions the stack needs to have, so GCC falls
back to assuming that the final binary needs an executable stack.
glibc 2.41 (as now used in uninative) introduces changes here[1]: whether
to have an executable stack or not when the binary doesn't specify a
need (defaults to executable, but this is a tunable), and any binaries
that are dlopen()ed that require an executable stack will fail.
Thus, some FVPs on some platforms (notable, fvp-base-a-aem on x86-64)
now fail on startup:
libarmctmodel.so: cannot enable executable stack as shared object requires: Invalid argument
Luckily the solution here is to simply clear the executable bit, as
an executable stack is not actually needed. Until a new release of the
FVP is made we can fix the binary in our package using execstack.
[1] https://lists.gnu.org/archive/html/info-gnu/2025-01/msg00014.html
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add a recipe for the execstack binary from prelink-cross. This tool is
used to manipulate the GNU_STACK segment in ELF binaries, specifically
to control whether the binary requests an executable stack or not.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
With:
https://lists.openembedded.org/g/bitbake-devel/message/17508
there are WARNINGs like:
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test1_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test1_git.bb:3 has a lack of whitespace around the assignment: 'SP_INDEX="1"'
WARNING: meta-arm/meta-arm-toolchain/recipes-devtools/external-arm-toolchain/gcc-aarch64-none-elf_13.3.rel1.bb: meta-arm/meta-arm-toolchain/recipes-devtools/external-arm-toolchain/arm-binary-toolchain.inc:31 has a lack of whitespace around the assignment: 'SKIP_FILEDEPS="1"'
WARNING: meta-arm/meta-arm-toolchain/recipes-devtools/external-arm-toolchain/gcc-arm-none-eabi_13.3.rel1.bb: meta-arm/meta-arm-toolchain/recipes-devtools/external-arm-toolchain/arm-binary-toolchain.inc:31 has a lack of whitespace around the assignment: 'SKIP_FILEDEPS="1"'
WARNING: meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/tf-a-tests_2.10.3.bb: meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/tf-a-tests_2.10.3.bb:37 has a lack of whitespace around the assignment: 'export CROSS_COMPILE="${TARGET_PREFIX}"'
WARNING: meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/tf-a-tests_2.12.0.bb: meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/tf-a-tests_2.12.0.bb:38 has a lack of whitespace around the assignment: 'export CROSS_COMPILE="${TARGET_PREFIX}"'
WARNING: meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.10.12.bb: meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc:80 has a lack of whitespace around the assignment: 'export CROSS_COMPILE="${TARGET_PREFIX}"'
WARNING: meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.12.1.bb: meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc:80 has a lack of whitespace around the assignment: 'export CROSS_COMPILE="${TARGET_PREFIX}"'
WARNING: meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_git.bb: meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc:80 has a lack of whitespace around the assignment: 'export CROSS_COMPILE="${TARGET_PREFIX}"'
WARNING: meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_2.1.1.bb: meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m.inc:89 has a lack of whitespace around the assignment: 'export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules"'
WARNING: meta-arm/meta-arm/recipes-bsp/trusted-firmware-rmm/trusted-firmware-rmm_0.6.0.bb: meta-arm/meta-arm/recipes-bsp/trusted-firmware-rmm/trusted-firmware-rmm_0.6.0.bb:34 has a lack of whitespace around the assignment: 'export CROSS_COMPILE="${TARGET_PREFIX}"'
WARNING: meta-arm/meta-arm/recipes-devtools/fvp/fvp-base-a-aem_11.28.23.bb: meta-arm/meta-arm/recipes-devtools/fvp/fvp-common.inc:42 has a lack of whitespace around the assignment: 'PV_URL_SHORT="${@get_fm_short_pv_url(d)}"'
WARNING: meta-arm/meta-arm/recipes-devtools/fvp/fvp-corstone1000.bb: meta-arm/meta-arm/recipes-devtools/fvp/fvp-common.inc:42 has a lack of whitespace around the assignment: 'PV_URL_SHORT="${@get_fm_short_pv_url(d)}"'
WARNING: meta-arm/meta-arm/recipes-devtools/fvp/fvp-library.bb: meta-arm/meta-arm/recipes-devtools/fvp/fvp-common.inc:42 has a lack of whitespace around the assignment: 'PV_URL_SHORT="${@get_fm_short_pv_url(d)}"'
WARNING: meta-arm/meta-arm/recipes-devtools/fvp/fvp-n1-edge.bb: meta-arm/meta-arm/recipes-devtools/fvp/fvp-common.inc:42 has a lack of whitespace around the assignment: 'PV_URL_SHORT="${@get_fm_short_pv_url(d)}"'
WARNING: meta-arm/meta-arm/recipes-devtools/fvp/fvp-sgi575.bb: meta-arm/meta-arm/recipes-devtools/fvp/fvp-common.inc:42 has a lack of whitespace around the assignment: 'PV_URL_SHORT="${@get_fm_short_pv_url(d)}"'
WARNING: meta-arm/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb: meta-arm/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb:21 has a lack of whitespace around the assignment: 'FTPM_UUID="bc50d971-d4c9-42c4-82cb-343fb7f37896"'
WARNING: meta-arm/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb: meta-arm/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb:53 has a lack of whitespace around the assignment: 'export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules"'
WARNING: meta-arm/meta-arm/recipes-security/optee/optee-examples_4.3.0.bb: meta-arm/meta-arm/recipes-security/optee/optee.inc:34 has a lack of whitespace around the assignment: 'export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules"'
WARNING: meta-arm/meta-arm/recipes-security/optee/optee-os-tadevkit_4.3.0.bb: meta-arm/meta-arm/recipes-security/optee/optee.inc:34 has a lack of whitespace around the assignment: 'export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules"'
WARNING: meta-arm/meta-arm/recipes-security/optee/optee-os_4.3.0.bb: meta-arm/meta-arm/recipes-security/optee-ftpm/optee-os_%.bbappend:1 has a lack of whitespace around the assignment: 'FTPM_UUID="bc50d971-d4c9-42c4-82cb-343fb7f37896"'
WARNING: meta-arm/meta-arm/recipes-security/optee/optee-os_4.3.0.bb: meta-arm/meta-arm/recipes-security/optee/optee-os-ts.inc:11 has a lack of whitespace around the assignment: 'TS_BIN_SPM_TEST= "${RECIPE_SYSROOT}/usr/opteesp/bin"'
WARNING: meta-arm/meta-arm/recipes-security/optee/optee-os_4.3.0.bb: meta-arm/meta-arm/recipes-security/optee/optee.inc:34 has a lack of whitespace around the assignment: 'export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules"'
WARNING: meta-arm/meta-arm/recipes-security/optee/optee-test_4.3.0.bb: meta-arm/meta-arm/recipes-security/optee/optee.inc:34 has a lack of whitespace around the assignment: 'export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/libts_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/libts_git.bb:12 has a lack of whitespace around the assignment: 'OECMAKE_SOURCEPATH="${S}/deployments/libts/${TS_ENV}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/libts_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/trusted-services.inc:37 has a lack of whitespace around the assignment: 'export CROSS_COMPILE="${TARGET_PREFIX}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-demo_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/trusted-services.inc:37 has a lack of whitespace around the assignment: 'export CROSS_COMPILE="${TARGET_PREFIX}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-demo_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-demo_git.bb:13 has a lack of whitespace around the assignment: 'OECMAKE_SOURCEPATH="${S}/deployments/ts-demo/${TS_ENV}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-psa-crypto-api-test_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/trusted-services.inc:37 has a lack of whitespace around the assignment: 'export CROSS_COMPILE="${TARGET_PREFIX}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-psa-iat-api-test_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/trusted-services.inc:37 has a lack of whitespace around the assignment: 'export CROSS_COMPILE="${TARGET_PREFIX}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-psa-its-api-test_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/trusted-services.inc:37 has a lack of whitespace around the assignment: 'export CROSS_COMPILE="${TARGET_PREFIX}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-psa-ps-api-test_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/trusted-services.inc:37 has a lack of whitespace around the assignment: 'export CROSS_COMPILE="${TARGET_PREFIX}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-remote-test_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/trusted-services.inc:37 has a lack of whitespace around the assignment: 'export CROSS_COMPILE="${TARGET_PREFIX}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-service-test_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/trusted-services.inc:37 has a lack of whitespace around the assignment: 'export CROSS_COMPILE="${TARGET_PREFIX}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-attestation_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/trusted-services.inc:37 has a lack of whitespace around the assignment: 'export CROSS_COMPILE="${TARGET_PREFIX}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-attestation_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-attestation_git.bb:8 has a lack of whitespace around the assignment: 'OECMAKE_SOURCEPATH="${S}/deployments/attestation/config/${TS_SP_IAT_CONFIG}-${TS_ENV}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-attestation_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-common.inc:42 has a lack of whitespace around the assignment: 'OECMAKE_ARGS:remove="-DCMAKE_TOOLCHAIN_FILE:FILEPATH=${WORKDIR}/toolchain.cmake"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-block-storage_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/trusted-services.inc:37 has a lack of whitespace around the assignment: 'export CROSS_COMPILE="${TARGET_PREFIX}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-block-storage_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-block-storage_git.bb:13 has a lack of whitespace around the assignment: 'OECMAKE_SOURCEPATH="${S}/deployments/block-storage/config/${TS_SP_BLOCK_STORAGE_CONFIG}-${TS_ENV}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-block-storage_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-common.inc:42 has a lack of whitespace around the assignment: 'OECMAKE_ARGS:remove="-DCMAKE_TOOLCHAIN_FILE:FILEPATH=${WORKDIR}/toolchain.cmake"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-crypto_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/trusted-services.inc:37 has a lack of whitespace around the assignment: 'export CROSS_COMPILE="${TARGET_PREFIX}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-crypto_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-common.inc:42 has a lack of whitespace around the assignment: 'OECMAKE_ARGS:remove="-DCMAKE_TOOLCHAIN_FILE:FILEPATH=${WORKDIR}/toolchain.cmake"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-crypto_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-crypto_git.bb:10 has a lack of whitespace around the assignment: 'OECMAKE_SOURCEPATH="${S}/deployments/crypto/config/${TS_SP_CRYPTO_CONFIG}-${TS_ENV}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-fwu_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/trusted-services.inc:37 has a lack of whitespace around the assignment: 'export CROSS_COMPILE="${TARGET_PREFIX}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-fwu_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-common.inc:42 has a lack of whitespace around the assignment: 'OECMAKE_ARGS:remove="-DCMAKE_TOOLCHAIN_FILE:FILEPATH=${WORKDIR}/toolchain.cmake"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-fwu_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-fwu_git.bb:14 has a lack of whitespace around the assignment: 'OECMAKE_SOURCEPATH="${S}/deployments/fwu/config/${TS_SP_FWU_CONFIG}-${TS_ENV}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-its_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/trusted-services.inc:37 has a lack of whitespace around the assignment: 'export CROSS_COMPILE="${TARGET_PREFIX}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-its_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-common.inc:42 has a lack of whitespace around the assignment: 'OECMAKE_ARGS:remove="-DCMAKE_TOOLCHAIN_FILE:FILEPATH=${WORKDIR}/toolchain.cmake"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-its_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-its_git.bb:8 has a lack of whitespace around the assignment: 'OECMAKE_SOURCEPATH="${S}/deployments/internal-trusted-storage/config/${TS_SP_ITS_CONFIG}-${TS_ENV}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-se-proxy_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/trusted-services.inc:37 has a lack of whitespace around the assignment: 'export CROSS_COMPILE="${TARGET_PREFIX}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-se-proxy_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-common.inc:42 has a lack of whitespace around the assignment: 'OECMAKE_ARGS:remove="-DCMAKE_TOOLCHAIN_FILE:FILEPATH=${WORKDIR}/toolchain.cmake"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-se-proxy_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-se-proxy_git.bb:10 has a lack of whitespace around the assignment: 'OECMAKE_SOURCEPATH="${S}/deployments/se-proxy/config/${TS_SP_SE_PROXY_CONFIG}-${TS_ENV}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-smm-gateway_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/trusted-services.inc:37 has a lack of whitespace around the assignment: 'export CROSS_COMPILE="${TARGET_PREFIX}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-smm-gateway_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-common.inc:42 has a lack of whitespace around the assignment: 'OECMAKE_ARGS:remove="-DCMAKE_TOOLCHAIN_FILE:FILEPATH=${WORKDIR}/toolchain.cmake"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-smm-gateway_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-smm-gateway_git.bb:8 has a lack of whitespace around the assignment: 'OECMAKE_SOURCEPATH="${S}/deployments/smm-gateway/config/${TS_SP_SMM_GATEWAY_CONFIG}-${TS_ENV}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test1_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/trusted-services.inc:37 has a lack of whitespace around the assignment: 'export CROSS_COMPILE="${TARGET_PREFIX}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test1_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-common.inc:42 has a lack of whitespace around the assignment: 'OECMAKE_ARGS:remove="-DCMAKE_TOOLCHAIN_FILE:FILEPATH=${WORKDIR}/toolchain.cmake"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test1_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test-common.inc:10 has a lack of whitespace around the assignment: 'OECMAKE_SOURCEPATH="${S}/deployments/spm-test${SP_INDEX}/${TS_ENV}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test1_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test1_git.bb:3 has a lack of whitespace around the assignment: 'SP_INDEX="1"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test2_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/trusted-services.inc:37 has a lack of whitespace around the assignment: 'export CROSS_COMPILE="${TARGET_PREFIX}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test2_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-common.inc:42 has a lack of whitespace around the assignment: 'OECMAKE_ARGS:remove="-DCMAKE_TOOLCHAIN_FILE:FILEPATH=${WORKDIR}/toolchain.cmake"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test2_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test-common.inc:10 has a lack of whitespace around the assignment: 'OECMAKE_SOURCEPATH="${S}/deployments/spm-test${SP_INDEX}/${TS_ENV}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test2_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test2_git.bb:3 has a lack of whitespace around the assignment: 'SP_INDEX="2"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test3_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/trusted-services.inc:37 has a lack of whitespace around the assignment: 'export CROSS_COMPILE="${TARGET_PREFIX}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test3_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-common.inc:42 has a lack of whitespace around the assignment: 'OECMAKE_ARGS:remove="-DCMAKE_TOOLCHAIN_FILE:FILEPATH=${WORKDIR}/toolchain.cmake"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test3_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test-common.inc:10 has a lack of whitespace around the assignment: 'OECMAKE_SOURCEPATH="${S}/deployments/spm-test${SP_INDEX}/${TS_ENV}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test3_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test3_git.bb:3 has a lack of whitespace around the assignment: 'SP_INDEX="3"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test4_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/trusted-services.inc:37 has a lack of whitespace around the assignment: 'export CROSS_COMPILE="${TARGET_PREFIX}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test4_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-common.inc:42 has a lack of whitespace around the assignment: 'OECMAKE_ARGS:remove="-DCMAKE_TOOLCHAIN_FILE:FILEPATH=${WORKDIR}/toolchain.cmake"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test4_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test-common.inc:10 has a lack of whitespace around the assignment: 'OECMAKE_SOURCEPATH="${S}/deployments/spm-test${SP_INDEX}/${TS_ENV}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test4_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test4_git.bb:3 has a lack of whitespace around the assignment: 'SP_INDEX="4"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-storage_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/trusted-services.inc:37 has a lack of whitespace around the assignment: 'export CROSS_COMPILE="${TARGET_PREFIX}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-storage_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-common.inc:42 has a lack of whitespace around the assignment: 'OECMAKE_ARGS:remove="-DCMAKE_TOOLCHAIN_FILE:FILEPATH=${WORKDIR}/toolchain.cmake"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-storage_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-storage_git.bb:8 has a lack of whitespace around the assignment: 'OECMAKE_SOURCEPATH="${S}/deployments/protected-storage/config/${TS_SP_PS_CONFIG}-${TS_ENV}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-uefi-test_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/trusted-services.inc:37 has a lack of whitespace around the assignment: 'export CROSS_COMPILE="${TARGET_PREFIX}"'
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Enables building latest bleeding edge tf-a and mbedtls with
local.conf setup:
INHERIT += "poky-bleeding"
POKY_AUTOREV_RECIPES += "trusted-firmware-a"
SRCREV_mbedtls:pn-trusted-firmware-a = "AUTOINC"
SRCREV_tfa:pn-trusted-firmware-a = "AUTOINC"
SRCBRANCH:pn-trusted-firmware-a = "master"
SRCBRANCH_MBEDTLS:pn-trusted-firmware-a = "master"
LIC_FILES_CHKSUM:pn-trusted-firmware-a = "file://docs/license.rst;md5=1118e32884721c0be33267bd7ae11130"
BBMASK += "meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.10.12.bb"
BBMASK += "meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.11.0.bb"
This includes workarounds for poky-bleeding.bbclass which doesn't
work with multiple SRCREV variables, masking away
tf-a 2.10 and 2.11 recipes which cause recipe parsing problems
and only one recipe needed to build latest upstream master
branch to avoid 503 error codes from remote git server.
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
- Change libts to stop making udev related configuration if optee-client
is deployed to the target to avoid conflicts.
- Remove the executable permission from installed tee-udev.rules file.
- Remove teepriv device from udev file as this device is op-tee specific.
Signed-off-by: Gyorgy Szing <gyorgy.szing@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Change optee-client to use the same bitbake variable to configure the
group name used for controlling access to /dev/tee* devices on the
target. The aim is to simplify system configuration by aligning the
two recipes.
Signed-off-by: Gyorgy Szing <gyorgy.szing@arm.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Stop the tee-supplicant being run with root privileges when the system
is not using systemd.
Signed-off-by: Gyorgy Szing <gyorgy.szing@arm.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Eliminate the systemd specific install content fix-up commands appended
to do_install.
- patch optee-client to allow controlling installation of systemd and
udev specific configuration files.
- pass driver group names to optee-client build
Signed-off-by: Gyorgy Szing <gyorgy.szing@arm.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add recipes to allow building OP-TEE v4.4. This is the first version
carrying an SPMC implementation which supports branch protection.
Update corstone1000:
- to use the new op-tee version
- `CFG_TZDRAM_SIZE` is increased further from `0x340000` to `0x360000`
as version 4.4.0 of OP-TEE OS requires more memory
Signed-off-by: Gyorgy Szing <gyorgy.szing@arm.com>
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
optee-os: corestone1000: udpate to op-tee v4.4
Update OP-TEE version and add a patch to increase TZDRAM size to add
more memory to OP-TEE.
Signed-off-by: Gyorgy Szing <gyorgy.szing@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Use backported upstream patch for udev rule and systemd service file.
sysvinit script is still used from meta-arm. Don't install systemd
service without systemd distro feature, other way round for
sysvinit script.
tee-supplicant started by systemd service runs as non-root teesuppl
user with teepriv group. sysvinit still runs as root since busybox
start-stop-daemon doesn't support -g group parameter and -u teesuppl
doesn't seem to change the effective user.
udev rules allow non-root /dev/tee* access from tee and
/dev/teepriv* access from teepriv groups.
Tested sysvinit changes with:
$ kas build ci/qemuarm64-secureboot.yml:ci/poky.yml:ci/testimage.yml
and systemd changes with:
$ kas build ci/qemuarm64-secureboot.yml:ci/poky.yml:ci/testimage.yml:ci/uefi-secureboot.yml
Cc: tom.hochstein@nxp.com
Cc: sahil.malhotra@nxp.com
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
edk2-firmware build scripts use printenv to print SOURCE_DATE_EPOCH
but that is not in HOSTTOOLS and thus fails with configurations
which use VirtualRealTimeClockLib. Change to using SOURCE_DATE_EPOCH
environment variable directly to fix builds. I think this is OE
specific build config change but filed a bug report upstream
https://github.com/tianocore/edk2/issues/10910
since the fallback mechanism is not working.
Applying patch in 202411 recipe and not .inc since 202408 recipe
from meta-arm-bsp does not find the patch file from meta-arm
side.
[Jon Mason: corrected issues with email patch mangling for edk2]
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Print all of the environment variables in the update-repos task for
introspection, instead of a subset.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Having local repo caches is a little fiddly to manage, and by definition
we're running CI inside GitLab which supports mirroring repositories
automatically.
As these mirrors are always available and update automatically, make
Kas reference directories opt-in and instead expect that the site is
either fine with full fetches, or is using KAS_PREMIRRORS.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The update-repos job can "fail with warnings" if the reference repository
fetch fails. This is intentionally a warning as the CI may have set
KAS_PREMIRRORS and a stale cache is fine.
However, by default artifacts are only saved on successful jobs, so if
this happens the lockfile.yml isn't saved. Ensure the artifacts are
always saved so the rest of the pipeline is successful.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add FVP support to sgi575 and run a boot test as part of CI. Networking
is not currently working and seems to require an older version of edk2
to boot the kernel. Also, the unique files for grub and wks do not seem
to be necessary.
Signed-off-by: Jon Mason <jon.mason@arm.com>
In the SRC_URI, the branch name variables are switched for edk2 and
edk2-platforms. Switch them as appropriate.
Fixes: bf204866e8 ("arm: Use SRC* variables consistently")
Signed-off-by: Jon Mason <jon.mason@arm.com>
Instead of assuming that the repository was created with the latest URL,
fetch the repository explicitly when fetching.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
If update-repos fails with status 128 then that means it failed to fetch
the remote repositories. This should result in a warning not a failure
but flock was just returning status 1.
Save the exit code and if it returns 128 continue but exit with it
later, so the lockfile generation still occurs but the job doesn't fail.
Also, only call the update-repos script if KAS_REPO_REF_DIR has been set.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
qemuarm64-secureboot directory in path to 0001-Add-spmc_manifest-for-qemu.patch
hides the patch from machines with different names and thus break builds
unless overrides are set to include "qemuarm64-secureboot".
Move patch to plain "files" directory to avoid build failures
and this cumbersome workaround.
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The download filename wasn't versioned so multiple versions would write
to the same file on disk and conflict, causing repeated downloads and
fetch failures.
Add the PV to the filename on disk to resolve this.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This stops the job being stuck if the runners will only take jobs that
have been tagged.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update to the lts-v2.12.1 tag. Changes include a number of CVE fixes
and mbedtls minor version bump:
8cf9edba5cc3 docs(changelog): changelog for lts-v2.12.1 release
f5d048108bf3 Merge changes from topic "for-lts-v2.12.1" into lts-v2.12
56472775f96d docs(maintainers): update LTS maintainers
baab55315c7f docs: updates to LTS
f00f71efc410 docs: add inital lts doc
1a8ee82c6d77 Merge changes from topic "for-lts-v2.12.1" into lts-v2.12
b19ce90a908c fix(rd1ae): fix rd1-ae device tree
34f10e7d9fc7 feat(rd1ae): add Generic Timer in device tree
551dc4c09f57 docs(rd1ae): update documentation to include BL32
8e4240779867 feat(rd1ae): add support for OP-TEE SPMC
8e4bb69c747e feat(mbedtls): mbedtls config update for v3.6.2
a46d6a1320d7 docs(prerequisites): update mbedtls to version 3.6.2
2ffe181a3982 refactor(mbedtls): rename default mbedtls confs
3809359e2124 fix(cpus): workaround for Neoverse-V3 erratum 3701767
4a9ff092c9b4 fix(cpus): workaround for Neoverse-N3 erratum 3699563
7e41b706e97c fix(cpus): workaround for Neoverse-N2 erratum 3701773
15300ac30c55 fix(cpus): workaround for Cortex-X925 erratum 3701747
6e0efc7fe739 fix(cpus): workaround for Cortex-X4 erratum 3701758
8299c1274617 fix(cpus): workaround for Cortex-X3 erratum 3701769
fa6c9874485b fix(cpus): workaround for Cortex-X2 erratum 3701772
4e78288fd2bc fix(cpus): workaround for Cortex-A725 erratum 3699564
ae6edfd5b543 fix(cpus): workaround for Cortex-A720-AE erratum 3699562
24526273fc50 fix(cpus): workaround for Cortex-A720 erratum 3699561
a7b322706435 fix(cpus): workaround for Cortex-A715 erratum 3699560
d4826882210b fix(cpus): workaround for Cortex-A710 erratum 3701772
9d6143ec8ffb fix(cpus): workaround for accessing ICH_VMCR_EL2
7e4bf042a0dd chore(cpus): fix incorrect header macro
9427c061eb8d fix(security): apply SMCCC_ARCH_WORKAROUND_4 to affected cpus
bea64fd5272d fix(security): add support in cpu_ops for CVE-2024-7881
16b87247ed03 fix(security): add CVE-2024-7881 mitigation to Cortex-X3
427c33bc0c0b fix(security): add CVE-2024-7881 mitigation to Neoverse-V3
192a152448ae fix(security): add CVE-2024-7881 mitigation to Neoverse-V2
3e4d94c43b64 fix(security): add CVE-2024-7881 mitigation to Cortex-X925
41a52efd6f38 fix(security): add CVE-2024-7881 mitigation to Cortex-X4
2f09b9f3c2af fix(security): enable WORKAROUND_CVE_2024_7881 build option
70a7d3f2d030 fix(cpus): workaround for CVE-2024-5660 for Cortex-X925
41b64fe36f42 fix(cpus): workaround for CVE-2024-5660 for Cortex-X2
0b2d22097c96 fix(cpus): workaround for CVE-2024-5660 for Cortex-A77
193370e1c6a2 fix(cpus): workaround for CVE-2024-5660 for Neoverse-V1
d52c52a5fa8c fix(cpus): workaround for CVE-2024-5660 for Cortex-A78_AE
3bd6531a55a4 fix(cpus): workaround for CVE-2024-5660 for Cortex-A78C
eda09acd1b22 fix(cpus): workaround for CVE-2024-5660 for Cortex-A78
b9766da96365 fix(cpus): workaround for CVE-2024-5660 for Cortex-X1
6324220805b1 fix(cpus): workaround for CVE-2024-5660 for Neoverse-N2
6041f0723994 fix(cpus): workaround for CVE-2024-5660 for Cortex-A710
b23f5da614e6 fix(cpus): workaround for CVE-2024-5660 for Neoverse-V2
ef378713fa4b fix(cpus): workaround for CVE-2024-5660 for Cortex-X3
2898088f8ba6 fix(cpus): workaround for CVE-2024-5660 for Neoverse-V3
b8e111c72619 fix(cpus): workaround for CVE-2024-5660 for Cortex-X4
a6f6396313ea fix(cpus): workaround for Cortex-X4 erratum 2923985
d1c3a5d8b9d8 fix(build): do not force PLAT in plat_helpers.mk
ea1b816b1763 chore(deps): update pytest for cot-dt2c
65762d7b4cfc chore(deps): bump jinja2
87f3125a0e45 chore(deps): bump jinja2 in the pip group across 1 directory
b4530565c030 chore(deps): bump the pip group across 2 directories with 1 update
11e5f92d3d43 build(deps): bump setuptools in the pip group across 1 directory
850389f4acfe chore(deps): bump micromatch
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update to the latest version of edk2. Unfortunately, sbsa-ref has a
kernel warning due to the CPU topology that was added. So, hold this
platform back to 202408 and move those recipes to meta-arm-bsp.
Signed-off-by: Jon Mason <jon.mason@arm.com>
It's not clear why this happens but this error is visible
in CI builds too often. Root cause needs analysis but
ignore the error for now.
https://autobuilder.yoctoproject.org/valkyrie/#/builders/75/builds/1190/steps/23/logs/stdio
Traceback (most recent call last):
File "/srv/pokybuild/yocto-worker/meta-arm/build/meta/lib/oeqa/core/decorator/__init__.py", line 35, in wrapped_f
return func(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^
File "/srv/pokybuild/yocto-worker/meta-arm/build/meta/lib/oeqa/runtime/cases/parselogs.py", line 185, in test_parselogs
self.assertEqual(errcount, 0, msg=self.msg)
AssertionError: 1 != 0 : Log: /srv/pokybuild/yocto-worker/meta-arm/build/build/tmp/work/sbsa_ref-poky-linux/core-image-sato/1.0/target_logs/Xorg.0.log
-----------------------
Central error: [ 103.173] failed to find screen to remove
***********************
[ 101.955] (**) QEMU QEMU USB Tablet: (accel) selected scheme none/0
[ 101.955] (**) QEMU QEMU USB Tablet: (accel) acceleration factor: 2.000
[ 101.958] (**) QEMU QEMU USB Tablet: (accel) acceleration threshold: 4
[ 102.144] (II) event0 - QEMU QEMU USB Tablet: is tagged by udev as: Mouse
[ 102.169] (II) event0 - QEMU QEMU USB Tablet: device is a pointer
[ 102.228] (II) config/udev: Adding input device QEMU QEMU USB Keyboard (/dev/input/event1)
[ 102.228] (**) QEMU QEMU USB Keyboard: Applying InputClass "libinput keyboard catchall"
[ 102.229] (II) Using input driver 'libinput' for 'QEMU QEMU USB Keyboard'
[ 102.229] (**) QEMU QEMU USB Keyboard: always reports core events
[ 102.229] (**) Option "Device" "/dev/input/event1"
[ 102.318] (II) event1 - QEMU QEMU USB Keyboard: is tagged by udev as: Keyboard
[ 102.326] (II) event1 - QEMU QEMU USB Keyboard: device is a keyboard
[ 102.345] (II) event1 - QEMU QEMU USB Keyboard: device removed
[ 102.385] (**) Option "config_info" "udev:/sys/devices/platform/PNP0D10:00/usb1/1-2/1-2:1.0/0003:0627:0001.0002/input/input1/event1"
[ 102.386] (II) XINPUT: Adding extended input device "QEMU QEMU USB Keyboard" (type: KEYBOARD, id 7)
[ 102.519] (II) event1 - QEMU QEMU USB Keyboard: is tagged by udev as: Keyboard
[ 102.527] (II) event1 - QEMU QEMU USB Keyboard: device is a keyboard
[ 103.105] (II) modeset(0): Disabling kernel dirty updates, not required.
[ 103.165] (II) config/udev: removing GPU device /sys/devices/pci0000:00/0000:00:01.0/drm/card0 /dev/dri/card0
[ 103.173] xf86: remove device 0 /sys/devices/pci0000:00/0000:00:01.0/drm/card0
[ 103.173] failed to find screen to remove
***********************
1 errors found in logs.
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
I accidentally created two variables sections, resulting in our build
jobs running on very limited containers.
Signed-off-by: Ross Burton <ross.burton@arm.com>
We were only setting the k8s CPU request in .build jobs not .setup. This
was intentional initially so that only the build jobs get more resources,
but some of the non-.build jobs are resource-heavy. For example, the
pending-updates job has to parse the entire metadata from scratch, and
that sometimes takes longer than usual when we only have two cores to
use.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
genericarm64 machines may have firmware with optee support
and thus also optee-ftpm may be compiled and used there.
tee-supplicant will load TAs at runtime if support is
detected.
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
optee-client/tee-supplicant, optee-os-tadevkit and optee-test can be
compiled for genericarm64 and these detect firmware optee support at
runtime. Using qemuarm64 compatible config for them.
optee-os itself may need HW specific config for different boards
and SoCs but these components work with same config on multiple boards.
Tested on qemu and AMD kv260 with Linaro Trusted Substrate firmware
(https://gitlab.com/Linaro/trustedsubstrate/meta-ts).
Note: optee-test version in userspace and optee-os version in firmware
must match for tests to pass.
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
mbedtls pushes to both master and main, but main is preferred.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The Pointer Authentication (PAC) instructions are part of v8.3, and BTI
(Branch Target Indentification) instructions are mandatory in v8.5.
As we want to use PAC/BTI everywhere in this BSP, bump the cores to
v8.5.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Do so for the usual reason of avoiding network access during recipe
parsing. Occasionally parsing will stall for me as it seems connectivity
to trustedfirmware.org can be flaky.
Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update to the latest commit.
Changes in gn between 5e3760073454c72f3458805a1b7a89ecf80353cb and ac6742520ded1da30d500f74e8affe86e27cabd5
ac6742520ded aarch64: Start Xen on Armv8-R at EL2
ba899d1d7227 aarch64: Implement PSCI for Armv8-R
476a0b6451d7 aarch64: Enable Armv8-R EL2 boot
0f00cf4cb8b2 Introduce --with-bw-arch for boot-wrapper compile arch
aafb5958eb9d Boot CPUs sequentially
d62de19c8661 Add printing functions
1ab497ed6c38 Simplify spin logic
1e576e54d0a4 Unify assembly setup paths
19ffbec99cf5 aarch32: Always enter kernel via exception return
e8e6f797bafa aarch32: Implement cpu_init_arch()
8745a2cd8e0a aarch32: Refactor inital entry
77c3316737fc aarch64: Always enter kernel via exception return
308d25f908a8 aarch64: Implement cpu_init_arch()
4dcb17f55300 aarch64: Remove redundant EL1 entry logic
400f0a86dcc8 Revert "configure: allow the use of bare-metal toolchains"
1fea854771f9 configure: allow the use of bare-metal toolchains
784feb9b0753 Makefile: suppress RWX segment warnings
e1d7651f3c2f Makefile: rework test-dtc-option
cd7fe8a88e82 aarch64: Enable access into RCW[S]MASK_EL1 registers from EL2 and below
1ac203146003 aarch64: Enable access into 128 bit system registers from EL2 and below
b13b3bdcb2a1 aarch64: Enable access into SCTLR2_ELx registers from EL2 and below
61b84b4a1c02 aarch64: Remove TSCXT bit set from SCTLR_EL2_RESET
3bac221638c4 configure: make --with-kernel-dir optional
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update trusted-firmware-m to the latest LTS (TF-Mv2.1.1)
Changes between 0c4c99ba33b3e66deea070e149279278dc7647f4 and 02bf279913439a07082dd581df033f370a8fbb92
02bf27991343 docs: Release notes for v2.1.1
7264a32e84a0 docs: rp2350: Minor docs & script improvements
4bad159af017 Docs: Release dates update
a5e02ec0c6a2 Align .gitignore contents to main branch
8fe944a652f5 Platform: RP2350: Fix NV counters in ITS
66bc1fa8eed9 Build: Fix patch formatting for 0001-iar-Add-missing-v8.1m-check.patch
895d44a4eb52 Platform: RP2350: Add NV counters to ITS
e81b741aa6cc tf-m-tests: Step version for rp2350 psa-arch-tests
2be65a027c86 Platform: rp2350: Add rwx linker flag conditionally for GNUARM
a85425417696 Platform: RP2350: Add RP2350 porting
9ed2e7c7f52b Platform/TFM/ITS/Config: Commits required for new platform porting
f12db7c872d5 cc3xx/low-level/pka: SRAM size depends on CC3XX version
c7e0192fab6f cc3xx/low-level/hash: wait for hash engine to be idle
42a4041bdff4 Crypto: Update to Mbed TLS 3.6.2
471c127e7755 Crypto: Add option to enforce ABI compatibility
7da71fd05445 tfm_spe_mailbox: Fix NULL pointer checks
974bc101e0b2 cc3xx/low-level/pka: wait for sw reset to be done before proceeding
89b9c4889c60 Crypto: Enforce MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS on Mbed TLS config
62b1300557c5 Crypto: Additional checks for writes to avoid out-of-bound access
a2cead6a9ef4 tfm_spe_mailbox: Use local vars for local_copy_vects
15afe61d1194 TFMV-8: Fix unchecked user-supplied pointer via mailbox message
22e8e89c8f56 tfm_spe_mailbox: Do not write-back on input vectors checks failure
12a4c5342965 tfm_spe_mailbox: Validate vectors from NSPE
75bbe3fc0240 CC3XX: Relax assert condition in aead_crypt for input
0db7ebf32ba3 Crypto: Protect writes to avoid out-of-bound access
2ecea430fbb4 Crypto: Prevent the scratch allocator from overflowing
fbcdc69b794d SPM: mailbox_agent_api: Free connection if params association fails
2a59580b5809 Crypto: Update to Mbed TLS 3.6.1
6a54ec89f22f Platform: STM32: script all_stm_platfrom
66596b4dae57 Platform: corstone1000: Fix isolation L2 memory protection
7045675209ca stm : fix error on b_u585i_iot02a with TF-Mv2.1.0
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update trusted-firmware-a to lts-v2.10.12
Changes between 7e63213601425c7a6d83e47dc936b264deb9df2b and 408ba4ddfe9a8d55e3e2488bea89c39adef07981
408ba4ddfe9a docs(changelog): changelog for lts-v2.10.12 release
7bdf51628eab Merge "docs(maintainers): update LTS maintainers" into lts-v2.10
8355ef7728ec docs(maintainers): update LTS maintainers
faceedf4e5c2 Merge changes from topic "for-lts-v2.10.12" into lts-v2.10
9007a3344e12 Merge changes from topic "gr/lts-doc-2.10" into lts-v2.10
924c7f42ce4a chore(deps): bump cross-spawn
7c8c034e5fed chore(deps): bump jinja2 in the pip group across 1 directory
3d85a19f2f54 docs: updates to LTS
13657a3f3f2a docs: add inital lts doc
a4c57c122407 Merge changes from topic "lts-v2.10.12" into lts-v2.10
564922601397 feat(mbedtls): mbedtls config update for v3.6.2
44161dcb10ab docs(prerequisites): update mbedtls to version 3.6.2
0ac65e7aa5ec refactor(mbedtls): rename default mbedtls confs
8b2c885739dd fix(arm): add extra hash config to validate ROTPK
832b92b7f615 docs(changelog): changelog for lts-v2.10.11 release
a3fc7c18c461 Merge changes from topic "for-lts-2.10.11" into lts-v2.10
196984e65da0 fix(cpus): workaround for Cortex-X4 erratum 2923985
0eed05ee70aa chore(cpus): optimise runtime errata applications
34e6d7cb8ce1 Merge changes from topic "sm/fix_erratum" into lts-v2.10
ad9dfdc5800c fix(cpus): workaround for CVE-2024-5660 for Cortex-X2
5673d345aaa3 fix(cpus): workaround for CVE-2024-5660 for Cortex-A77
4fd2a6702dd1 fix(cpus): workaround for CVE-2024-5660 for Neoverse-V1
a02a863d3156 fix(cpus): workaround for CVE-2024-5660 for Cortex-A78_AE
87250d2bb1ea fix(cpus): workaround for CVE-2024-5660 for Cortex-A78C
30c57c58abe3 fix(cpus): workaround for CVE-2024-5660 for Cortex-A78
c7d3c9eb2d81 fix(cpus): workaround for CVE-2024-5660 for Cortex-X1
282e63544d26 fix(cpus): workaround for CVE-2024-5660 for Neoverse-N2
f7ae819f03ae fix(cpus): workaround for CVE-2024-5660 for Cortex-A710
3efc9e13011d fix(cpus): workaround for CVE-2024-5660 for Neoverse-V2
17e17ed3f1e6 fix(cpus): workaround for CVE-2024-5660 for Cortex-X3
a6375e1feb42 fix(cpus): workaround for CVE-2024-5660 for Neoverse-V3
e42abf298321 fix(cpus): workaround for CVE-2024-5660 for Cortex-X4
698e68fe1fe9 fix(cpus): workaround for CVE-2024-5660 for Cortex-X925
b229b47bd86c chore: rename Blackhawk to Cortex-X925
96498991d1ce chore: rename Chaberton to Cortex-A725
b28aa38e28cf docs(changelog): changelog for lts-v2.10.10 release
8e74814ce52f Merge changes from topic "for-lts-v2.10.10" into lts-v2.10
c9f3fb5822dc build(deps): bump setuptools in the pip group across 1 directory
395ef3534cf1 chore(deps): bump micromatch
6c6e986bffb3 build(npm): update Node.js and all packages
c5d2a030a35f build(deps): bump braces
ebf6430a01c5 build(deps): bump idna from 3.4 to 3.7
93ad43e79ef7 build(deps): bump jinja2 from 3.1.2 to 3.1.4
f8a06a0f82ce build(deps): bump urllib3 from 2.0.2 to 2.2.2
3ea256c36a4b build(deps): bump pip from 23.1.2 to 23.3
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update to the latest gn commit.
Changes in gn between 95b0f8fe31a992a33c040bbe3867901335c12762 and ab638bd7cbb9ac8468bf2fbe60c74ed4706a14a7
ab638bd7cbb9 Revert "Speed-up GN with custom OutputStream interface."
2dd9331a7041 Speed-up GN with custom OutputStream interface.
ed1abc107815 Add `exec_script_allowlist` to replace `exec_script_whitelist`.
c97a86a72105 Retry ReplaceFile in case of failure
7296b601ea80 Fix crash when NinjaBuildWriter::RunAndWriteFile fails
468c6128db7f fix include for escape.h
5a47a93b9426 fix exit code for gn gen failure
24e92acb8472 misc: Use html.escape instead of cgi.escape
feafd1012a32 Do not copy parent build_dependency_files_ in Scope constructors.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update to the latest stable version (1.5.5), comprised of the following
commits:
742d60ed7dc7 opencsd: Update version info and README for 1.5.5
7ca491c516b8 build: Update docs for MacOS support
cac83e59666e build: Add MacOS development makefile
e56eff270ca2 build: Use .dylib shared library suffix for MacOS
35f957d2a97a build: Create initial MacOS makefile
44dff5b22a26 build: Restore Linux build support
a0e13010e1d6 build: Rename build folders as 'unix_common' for upcoming MacOS support
ecdde9f69307 tests: Add option to suppress elapsed processing time in test program.
821632be920c tests: update mem_buff_demo test to add options.
70e472c9387f opencsd: Memacc object cleanup fix
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update to the latest version of halfnium
Changes between 2bef7ab3895c48d39b84ab58179b2d0de5156b8b and 2cf2ca7c4b81ab18e9cd363d9a5c8288e2a94fda
2cf2ca7c4b81 docs: the change log for the v2.12 release
69e18eb52d63 docs: update the threat model for IPI threats
c9866ab33c7a docs: add description of single service IPI support
b17856caec30 test: interrupt targeting blocked vcpu is queued
0ee13d9cc510 test: add helpers to share page for coordination btw endpoints
eda971da9f4c fix: queue interrupt targeting blocked vcpu
0a69718c6298 fix(docs): fixes to the docs to fix build errors
4b3d26803b56 test(ipi): IPI to invalid vCPU fails
2f579f93c1d9 test: multiple SPs periodic deadlines on multiple cores
8157b6897a8f test: multiple SPs with periodic deadline
b390a0d12967 test(ipi): set target vCPU in VCPU_STATE_BLOCKED
2affbc7a7bbb test(ipi): target vCPU set in VCPU_STATE_PREEMPTED
180a65a7be5f feat(ipi): handle in VCPU_STATE_BLOCKED/PREEMPTED
84d49b67d2d9 fix(ipi): small fixes to the ipi implementation
0136b2bf3f35 test: migrate blocked vcpu with pending timer
da42b544504b test: timer expired while vcpu is in PREEMPTED state
7c9702280c62 chore: reduce verbosity of console messages for SPs
9243e772b209 docs: support for arch timer in secure world
c0110997e1f8 chore: add doc comment on Pauth fault tests
a067dc1d77f8 test: add unit tests for timer management
872742eec217 test: use watchdog timer as source of non secure interrupt
febcb625856e test: add driver for normal world watchdog timer
b9dd51451e46 test: introduce driver for sp805 peripheral
65827d703535 test: migrate vCPU of SP with pending timer deadline
593b8addcbdc test: multiple SPs programmed with timer deadlines
fe10878b1e1c test: SP reprograms the arch timer deadline
b2429b49c524 test: SP handles timer with short deadline
34c050a04357 test: commands for SP services to configure timer
64ae5a8d6a18 test: add SP helper utilities for arch timer
6b8cf4f361f6 feat(arch timer): handle spurious host timer interrupt
106bfc364d64 feat(arch timer): migrate vCPU with pending timer to another CPU
cf069a65988e feat(arch timer): resume SP if deadline expires in NWd
2efb3e103382 feat(arch timer): handle host timer interrupt tracking live deadline
32424db1d5d6 feat(arch timer): inject timer virtual interrupt before resuming vCPU
a3787c91a96c feat(arch timer): track pending timer configured by SP vCPU
28e988f3bb56 chore: exclude physical timer source file from static checks
f684d196422b feat(arch timer): trap and emulate physical timer access from SPs
d3ac7383c10f feat(arch timer): helpers to configure EL1 physical timer
f658f5e1a6e1 feat(arch timer): initialize timer list and host physical timer
def48d0365b3 feat(arch timer): introduce host timer driver
c31708afa85c feat(arch timer): helper utilities to add and remove from timer list
eed861e514ba feat(arch timer): data structure to track pending timers
08200fe0f2e2 test: physical interrupt preempts virtual interrupt handling
75331b3ee028 test: SPMC call chain not preemptible
179f567f17fe test: helpers commands to mimic secure interrupt scenarios
94946a1451e3 fix(interrupts): SPMC scheduled call chain shall not be preempted
025a451a9275 fix: simplify secure interrupt handling
c3fd9756a53e feat(memory share): handle GPF in FFA_MEM_FRAG_RX
e06384d55458 docs: document VM availability messages
50ef91174b38 refactor: api_ffa_msg_send_direct_resp
13f09815b474 refactor: don't pass sender/receiver ID
79504ff11a86 refactor: remove unused functions
a1a0235181b3 test: VM availability messaging tests
06e8b732abc2 feat: forward VM availability messages from SPMC to SP
d0356f85a2a2 refactor: `spmd_handler` refactorings
520bcc86451b test: VM created/destroyed partition properties
a603e0842531 feat: VM created/destroyed partition properties
18694027d10d feat: parse `vm-availability-messages`
1308a63f4851 test(ipi): FFA_NOTIFICATION_INFO_GET reports pending IPI
d270b869c989 test(ipi): target waiting vCPU whilst in SWd
537165559733 test(ipi): target waiting vCPU whilst in NWd
3a9510e81960 test(ipi): handling SRI in the NWd
377defd58730 test(ipi): send IPI to running vCPU
d2efb134495d test(ipi): state machine to help testing IPI
8be2651ff463 test(ipi): add unit tests for fetching pending IPIs
1f2babf02fd8 feat(ipi): report IPIs in FFA_NOTIFICATION_INFO_GET
960be20fecdc feat(ipi): handle IPI for waiting case
f3cf28cf7d4b feat(ipi): introduce IPI paravirtualised interface
18485946304c refactor: use bitfields for interrupt_descriptor struct
e44e18e5702b fix: increase stack size in primary VM
cc9d11383413 ci: increase timeout for long running tests
b8f9a899f0be test: if SPs wake up with eret FFA_RUN
4dbf4d95c63f fix: only normal world VMs need FFA_RUN
478faac95b69 refactor: always eret FFA_RUN to the caller
8ddb0e2d11e6 chore: drop the FFA_RUN tests
3190f5401e09 chore: specify updated submodule commit hash
baaf9e5bd0c5 docs: update FFA_PARTITION_INFO_GET(_REGS)
0ffce75f8244 refactor(notifications): verbose validity check
3e55c4d8e3de fix: check ff-a version for functionality support
d96c931b233d test(ff-a): report features in partition info get
7fb0fdb7ab97 fix: report indirect message and direct message 2
11f50e5ff10b chore: drop linux/driver project checks
d5d6c381e69c chore: drop the driver/linux submodule
8018929656f3 doc: refer the checkpatch.pl setup
d8e61447a1b5 ci: add script download checkpatch.pl
94b0fa111104 chore: drop rule to update linux binary
ddeedafa09d0 chore: drop the third_party/linux submodule
6b756a10770a ci: drop the setup with the hafnium driver
15e302616540 chore: drop hf_interrupt_inject
da6b099e5dfb chore: drop mailbox waiting list
9a9ed227a137 test(ff-a): FFA_MSG_WAIT called with pending message
ccbf26c078c7 docs: add FFA_MSG_WAIT description
ea8ccfe752cb refactor(notifications): drop the SRI state
ac0cb263714c chore: drop legacy timer support in hypervisor
9acc62973951 chore: remove legacy timer support tests
a74c97c4c184 test: interrupt targets blocked SP
23a7e58b6494 fix(interrupts): resume blocked vCPU and pend vIRQ line
3e749afb2d9b test(pauth): test PAuth usage from S-EL0
70c6ca0e0cb9 fix(pauth): use prng to generate S-EL0 pauth keys
9478e32bb811 refactor: UUID packing/unpacking
cca64d765bf0 refactor: `get_ffa_partition_info`
fb9c2a27a319 refactor: `api_ffa_fill_partition_info`
45abeebfd2b4 feat: report error if too many UUIDs in manifest
6053297ef775 refactor(manifest): UUID parsing
8c5de22b6b6a test: fork 'preempted_by_secure_interrupt'
bd32c97bdb07 refactor: simplify interception of FF-A calls
67f5ba3d10d3 refactor: boot order list to use list.h
8e02186908e0 refactor: rename list functions
3bfc36eab652 test(ff-a): cannot send indirect message when RX buffer full
3d5a9609bf43 test(ff-a): add RX retention tests to S-EL0 setup
a2103eb08381 feat(code-coverage): check elf files for folder include/exclude
c7270b752e5f fix(memory share): hypervisor retrieve request check
7640451f68fc fix(build): fix out of tree build specifying $OUT
36fcf881497b fix: detect pauth algorithm in cpu
483686441714 refactor: `memcpy` refactors
5d5f27972dbb fix: use correct load-address while adding offset
3bb825946fed fix(indirect message): set framework notifications
8ccd2d0f0552 fix: rename load address relative offset node name
67196c7ad3bc docs: document new `FFA_VERSION` behaviour
c4d9ae80b40b fix(ff-a): don't report ME interrupt to EL0
41c5da385103 fix(notifications): delay SRI flag use from NWd
d9e7c8fd3cf9 fix: in case the mailbox is FULL return FFA_RUN
77b4eef0071d fix(hftest): clear NPI when polling for notifications
486ffdce7223 test(ff-a): FFA_MSG_WAIT multicore RX buffer test
337dbdfa04ee test(ff-a): test FFA_MSG_WAIT with retain RX buffer flag
7253bd5c43fc feat(ff-a): add retain RX buffer flag to ffa_msg_wait
bc854180a4bb test(ff-a): verify FFA_MSG_WAIT releases RX buffer
be1a0b7a4d43 fix(ffa): add RX buffer release to FFA_MSG_WAIT
b8730e9f7263 refactor: moved api_interrupt_clear_decrement to vcpu
cfc8174a3a22 refactor: added ffa_msg_wait_complete
472f66a344c9 refactor: use vm_id_is_current_world
ac9407556eca refactor: rename implicit_completion_signal
3b31f09c4e80 refactor: create vcpu_secure_interrupt_complete
9a4b9c0b9592 fix(notifications): per-vCPU for MP only
318e90a733de feat: queue interrupt targeting blocked vcpu
c023e39839c0 test: new setup with S-EL1 UP SP as Service2
538b688a0865 test: register secondary entrypoint only for MP S-EL1
ec3bf2223df0 test: queue interrupt targeting a migrated vcpu in blocked state
97fa216c6ae9 test: queue interrupt targeting a migrated vcpu in running state
ce6baae61eee test: queue interrupt targeting a migrated vcpu in waiting state
4fff340ea012 test: queue multiple pending virtual interrupts
e1bec84e69f1 test: handle secure interrupt triggered by Generic Timer
95bb8fe60145 test: leverage build define to identify an S-EL0 SP
75a1ab7b9c3c test: update manifests to accommodate AP REFCLK timer device region
76fe642c630f test: add SP helper commands to manage generic timer
ad3fb6698931 test: add driver for AP REFCLK Generic timer
92b404ecffd6 test: driver for generic memory mapped system timer
ae519e184f12 test: map MMIO regions from device region nodes
7945bb578a0f refactor: reduce fields tracking interrupt handling for vcpus
93d3d7015108 feat(interrupts): target migratable S-EL1 UP vCPU
42e56c11d90e feat(interrupts): target migratable S-EL0 UP vCPU
48dc41c3890c feat(interrupts): queue if unable to signal virtual interrupt
c64d0645a4c4 feat(interrupts): prioritize servicing queued virtual interrupts
32913cb081cf feat(interrupts): data structures, helpers for queueing
b7c2558e1bbd fix(interrupts): drop the running priority before resuming vcpu
6acc53703857 fix(hftest): logs from different setups would override
ff651e335032 feat: hftest to disable_visualisation
6f6bf8a117f9 refactor: simplify functions to pend VI
33172403a44a fix: moved unsupported function log
3e9f605eba42 test: interrupt to be pended before boot
cc542042dbbd feat(interrupts): physical interrupt enabled
d533859d7826 chore: add venv to gitignore
1c56a252a966 fix(hftest): service set-up functions in core 0
65deaa433730 refactor: drop hypervisor-specific tests
6045881f4fe2 fix(notifications): vCPU ID check in get ABI
a2c79226b56b docs: redirect to a common ff-a binding document in TF-A
296ee70c7af7 refactor(memory share): split check of hyp retrieve request
058ddee34d02 fix: remove memory region's device attribute
71704804400a secure_tc: enable branch protection
9c5b1d3708f8 refactor: split `api_ffa_features`
650cb148d610 refactor: report FFA_YIELD
1a8c0cdb812c refactor: report secondary EP register supported
5a222641c137 refactor: permission get/set supported at S-EL0 partitions
4271ff9734fe refactor: remove arch/platform specific ffa_features
4e8e479805bb refactor: reduce log level of some log statements
be12343e0ceb fix(hftest): interrupt enable/disable
94f9a7303d06 fix(docs): refactor poetry dependency group
734981e83008 fix(memory share): dont change the PAS for device memory
9a444adfee0b refactor(hftest): update iris options
fd374b8c9227 fix(memory share): v1.1 emad reserved field check
5ebf4bf2c364 feat: parallelize `clang-tidy`
2ad6b66ef5f6 chore: fix `clang-tidy` warnings
a4d4a2b00cf2 fix: check `.h` files with `clang-tidy`
20acb0118db9 refactor: remove `make check`
ca9234c8510c refactor: reformat `.clang-tidy`
67a7926ce341 fix: first vCPU runs in the VCPU_STATE_RUNNING
77f39c21e52a fix(docs): point poetry readthedocs virtual env
bd43209c3d7f refactor: console log verbosity
052fa62be451 fix(docs): design doc typo fails the build
a33eca997600 fix(qemu): memory barriers to operate DMA
66a38bd5184d fix: fix build with clang-18
a5ea909bfc61 fix: fix build with clang-17
74ee3ab8bb56 fix: fix build with clang-16
6f1f1210152d feat: print vCPU ID
920362870c0d test: tests for printing sequentially and concurrently
31e5c95fd1c7 fix(hftest): define stacks for all secondary cores
7cdb36d7dfa8 test(mem share): RO mem cannot be zeroed during send
72d53a15d7b7 fix(boot): remove limit all partition memory is RW
c7a3848c7cc0 refactor: improve hftest error message
133ae6e2e48b feat(dlog): adopt FF-A in `stdout_putchar`
c5cebbc0e8d0 refactor: move log buffer from VM to vCPU
99fe2434f9d9 refactor: add documentation for interrupt controller in DT
1c26ae7ec65a fix(gic): add support for passing GIC data from DT in boot flow
99c5eff25b84 test: add unit tests to validate dma properties
718afa9ca629 refactor: create a helper function to obtain common fields
9c764b3e5437 refactor: use dma device properties struct within device node
7de26958d155 refactor: extract VM's log buffer into separate struct
6027b4f0bd7a fix: fix signature of `memcpy`
8f046e4873ea refactor: remove `CHECK_OR_ZERO` macro from `std.h`
2b56fc163c19 refactor: replace some uses of `uintptr_t` with `cpu_id_t`
b4ef4320e1d0 refactor: use typedef for CPU entry point functions
71d887b7cad0 refactor(memory share): improve naming of sender_orig_mode
c8e6e85d7f72 test(memory share): device as normal through descritor mem types
3b65a25f2642 test(memory share): lend device memory as normal
6e2613628196 fix(memory share): add precedence check for memory type
2268412d6968 test(memory share): normal memory lent as device
91052c3eb749 fix(memory share): log for invalid instruction access
3f295b18c75c feat(manifest): add overlap checks for SPMC memory
889cbf1e6e82 refactor: use enums for PSCI constants
5e99699970bc refactor: add helper function to check if VM is primary
8204182ee3d2 refactor: add helper functions for checking if VM is UP/MP
0a824e972474 chore: fix log strings
bd060340445e fix(memory share): relinquish from VM
9bbcb87d8873 fix(memory share): assert pointer before dereferencing
a39a84497eda feat(memory share): relinquish use `memcpy_trapped`
3f6527cd56f9 feat(memory share): revert memory retrieve
69cdfd9531f8 feat(memory share): avoid updating PTs
7b9cc432ce38 feat(memory share): memcpy_trapped to copy retrieve resp
8f2150d1d4c6 feat(memory share): `memcpy_trapped` to read from tx
f220d57a4102 fix(memory share): retrieve request validation
c9227c849e62 fix(memory share): multiple borrower with NWd VM
540cddfcb118 feat: introduce gicd_set_ctrl helper utility
cde596402559 test(ff-a): add tests for changing version through `FFA_VERSION`
64d930ee6c33 fix: check that calls to FFA_VERSION actually succeed
e9921275a326 fix: memory sharing tests
08befddc43c0 refactor: move `update_mm_security_state` to `common/ffa.c`
2909e54cf230 refactor: port tests due to new restrictions
d319fbbb5b9b fix: remove log statement that caused `FFA_VERSION` to fail
6eeec8e85a5f feat: restrict `FFA_VERSION` calls
0e617d9d2245 refactor(ff-a): `FFA_VERSION` related refactorings
4b846eb871c0 fix(mem share): zeroing RO memory during memory send
8fc1b5054cb2 fix: error codes need to be uint32_t
6fd6c1d6ecad fix: fix input validation in FFA_FEATURES
49ec1e42e218 refactor: refactor `api_ffa_features`
88851f90b88e feat: add macros to check bits
d1c34b5edee1 feat(mte): add error log for sync tag fault in EL2
95fbb31760eb feat(memory share): add memory share 64-bit ABIs
b9ae416a7d55 refactor: use `GET_ESR_EC` macro
5a13355b0802 refactor: add `GET_ESR_FNV`
9f7ce018c967 test(dlog): unit tests for `dlog` with binary format specifier
7efc8377234e feat(dlog): support binary unsigned integer format specifiers
e8937d9c2a05 chore(dlog): fix uses of `dlog` to use new format strings
544549064bb2 feat(dlog): check arguments to `dlog` at compile-time
50af30574657 test(dlog): unit tests for `dlog` with length modifiers
70894da99ab1 feat(dlog): handle length modifiers
e980e611ed8a refactor(dlog): miscellaneous changes related to logging
705b56e94b38 refactor(dlog): move `dlog_flush_buffer` to `api.c`
e8fdaed4c376 refactor(dlog): replace macros with enums
93157d09e78f test(dlog): unit tests for `dlog`
c9df08b45438 feat(hftest): assertion macros for strings
d2ef618a680c refactor(dlog): return number of characters written
222d9fbb3dee fix: enable `-Wsign-compare` in `ASSERT_EQ`
1064a9c8d3c3 refactor: use `enum ffa_error` for errors
824b63d9b256 feat: enable `-Wsign-compare`
b090762d1c4d fix: disable `-Wsign-compare` for dtc
4a88b9625897 feat: enable `-Wextra` flag
df099becb672 refactor(init): use memory pool for boot params
dc759f53ddbe refactor: use an enum for FF-A error codes
d38270c14fe8 refactor: use enum for SP commands
6a7c95926233 feat(hftest): rewrite error messages for failed assertions
76766e61e230 refactor: use `typeof` in `HFTEST_ASSERT_OP`
871b41e33565 refactor: always expand `assert` macro
3a3e08dbd653 fix: check for illegal values of gic related build flags
346a09cfce7f fix: check for illegal branch protection feature
0549849def41 fix: propagate enable_mte build flag to cflags
00d3b632aeda fix: incorrect calculation for number of boot info desc
b886d4930571 fix(memory share): drop check to instruction access
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update to the latest version.
License SHA changed due to the addition of "Artistic License 2.0" and
was missing entries for a few others that were there previously.
Signed-off-by: Jon Mason <jon.mason@arm.com>
The same tee-supplicant is available in the meta-arm layer
along with the recipe.
| meta-arm/recipes-security/optee/optee-client
| meta-arm/recipes-security/optee/optee-client/tee-supplicant.sh
| meta-arm/recipes-security/optee/optee-client/tee-supplicant@.service
| meta-arm/recipes-security/optee/optee-client.inc
| meta-arm/recipes-security/optee/optee-client_4.1.0.bb
Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update the TF-A git recipe to the latest commit (as it was older than
the 2.12 release previously). Also, update mbedtls to 3.6.2 (per the
tf-a docs in the master branch).
Signed-off-by: Jon Mason <jon.mason@arm.com>
TF-A Patches were erroneously moved to meta-arm-bsp, despite still being
needed by the recipes in meta-arm. Copy them back and make copious
apologies.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Move v2.11 to meta-arm-bsp so that corstone1000 can still use it (though
2.12 does appear to work). Move all the other platforms in meta-arm-bsp
to use 2.12.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Platforms with GENERATE_COT need to either have COT_DESC_IN_DTB set or
use cot-dt2c to generate it. Add cot-dt2c from trusted-firmware-a
sources and its python dependencies to enable this for those that need
it.
Also, move all the relevant platforms in meta-arm-bsp to use 2.12
Signed-off-by: Jon Mason <jon.mason@arm.com>
This memory was used by OpenAMP to establish communication between
the Secure Enclave and Trusted Services. After transitioning from
OpenAMP to RSE_COMMS, this shared memory is now configured for the
pointer access protocol in RSE_COMMS.
Since this memory may be still used by a user-space application
in linux as U-Boot is passing an EFI memory map starting from
0x80000000, this memory range should be reserved as the
pointer access protocol may be enabled on corstone1000 in the future.
Signed-off-by: Philip Puk <philip.puk@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
poky updated systemd from 256 to 257 which changed
the build time path.
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Integrating the binary Arm GCC toolchain into OE is quite complicated
because the binary release and oe-core's toolchain are arranged slightly
differently, which makes it quite fragile.
As it's obviously a binary release we cannot patch it to fix issues.
Also it has some fairly sizable limitations: for example the kernel
headers are old (from linux 4.19) and the locale packaging is different
so locale package dependencies don't work.
The main historic users of the external toolchain no longer use it, so
remove it. The recipes will remain in the LTS branches for users who
are using it currently, but will not be part of the next release.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Acked-by: Romain Naour <romain.naour@smile.fr>
Acked-by: Sumit Garg <sumit.garg@linaro.org>
Acked-by: Denys Dmytriyenko <denys@konsulko.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The oe-core commit "classes/recipes: Switch virtual/XXX-gcc to
virtual/cross-cc (and c++/binutils)"[1] changes the virtual names that
the toolchain components use, so external-arm-toolchain needs updating
to use these new names.
[1] 4ccc3bc8266c327bcc18c9a3faf7536210dfb9f0
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
- Implement unattended installation for Debian
- Upgrade Debian version to 12.8.0
Signed-off-by: Musa Antike <musa.antike@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
- Replace THISDIR with UNPACKDIR by adding unattended conf to SRC_URI
Signed-off-by: Musa Antike <musa.antike@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
- Replace THISDIR with UNPACKDIR by adding unattended conf to SRC_URI
Signed-off-by: Musa Antike <musa.antike@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
tf-a 2.10.9 uses mbedtls 3.6.1 from 3.6 branch which
has the same checksum as in tf-a 2.11 recipe. Found when
downgrading tf-a from 2.12 to 2.10 to debug hangs on zcu102
board:
ERROR: trusted-firmware-a-2.10.9-r0 do_populate_lic: QA Issue: trusted-firmware-a: The LIC_FILES_CHKSUM does not match for file://mbedtls/LICENSE;
md5=3b83ef96387f14655fc854ddc3c6bd57
trusted-firmware-a: The new md5 checksum is 379d5819937a6c2f1ef1630d341e026d
trusted-firmware-a: Here is the selected license text:
vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
Mbed TLS files are provided under a dual [Apache-2.0](https://spdx.org/licenses/Apache-2.0.html)
OR [GPL-2.0-or-later](https://spdx.org/licenses/GPL-2.0-or-later.html) license.
This means that users may choose which of these licenses they take the code
under.
The full text of each of these licenses is given below.
Apache License
Version 2.0, January 2004
...
`Gnomovision' (which makes passes at compilers) written by James Hacker.
<signature of Ty Coon>, 1 April 1989
Ty Coon, President of Vice
This General Public License does not permit incorporating your program into
proprietary programs. If your program is a subroutine library, you may
consider it more useful to permit linking proprietary applications with the
library. If this is what you want to do, use the GNU Lesser General
Public License instead of this License.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
trusted-firmware-a: Check if the license information has changed in /home/builder/src/base/repo/build/tmp_zynqmp-zcu102/work/zynqmp_zcu102-poky-linux/trusted-firmware-a/2.10.9/git/mbedtls/LICENSE to verify that the LICENSE value "BSD-2-Clause & BSD-3-Clause & MIT & Apache-2.0 & Apache-2.0" r
emains valid [license-checksum]
ERROR: trusted-firmware-a-2.10.9-r0 do_populate_lic: Fatal QA errors were found, failing task.
ERROR: Logfile of failure stored in: /home/builder/src/base/repo/build/tmp_zynqmp-zcu102/work/zynqmp_zcu102-poky-linux/trusted-firmware-a/2.10.9/temp/log.do_populate_lic.4070974
NOTE: recipe trusted-firmware-a-2.10.9-r0: task do_populate_lic: Failed
ERROR: Task (/home/builder/src/base/repo/build/../meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.10.9.bb:do_populate_lic) f
ailed with exit code '1'
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
With backported patch from upstream. Error was:
| build.py...
| /home/builder/src/base/repo/build/tmp_rockpi4b/work/rockpi4b-poky-linux/edk2-firmware/202408/edk2/edk2-platforms/Platform/StandaloneMm/PlatformS
tandaloneMmPkg/PlatformStandaloneMmRpmb.dsc(...): error 4000: Instance of library class [HobPrintLib] is not found
| in [/home/builder/src/base/repo/build/tmp_rockpi4b/work/rockpi4b-poky-linux/edk2-firmware/202408/edk2/StandaloneMmPkg/Core/StandaloneMmCor
e.inf] [AARCH64]
| consumed by module [/home/builder/src/base/repo/build/tmp_rockpi4b/work/rockpi4b-poky-linux/edk2-firmware/202408/edk2/StandaloneMmPkg/Core
/StandaloneMmCore.inf]
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Adds protobuf interface to se-proxy-sp as the main crypto-sp uses it and
parsec service 1.4 also switch using protobuf interface.
Signed-off-by: Philip Puk <philip.puk@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Bump fip and tf-a tests to use the 2.12 sources
Note: change to license is for CoT device tree python application (which
is Apache licensed).
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add support for TF-A version v2.12.0 and mbedtls 3.6.1.
GCC-compiled boot tested on RK3588 Tiger, RK3399 Puma and PX30 Ringneck.
0001-fix-zynqmp-handle-secure-SGI-at-EL1-for-OP-TEE.patch is merged in
2.12.0 so no need to have it in SRC_URI as for 2.11.0 and earlier
recipes.
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update TF-A LTS to 2.10.9 (which includes an mbedtls bump to 3.6.1, per
docs). Also, bump the TF-A tests to the latest version.
Signed-off-by: Jon Mason <jon.mason@arm.com>
* Set Linux kernel preferred version for Corstone-1000 to 6.12.
* Update version listed in Corstone-1000 user guide documentation.
* Remove Linux kernel version 6.10 recipe as was only used by Corstone-1000.
Signed-off-by: Ali Can Ozaslan <ali.oezaslan@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
A new section was added for the host level authentication which
explains how the FIP content is verified at TF-A level.
Signed-off-by: Abdellatif El Khlifi abdellatif.elkhlifi@arm.com
Signed-off-by: Bence Balogh bence.balogh@arm.com
Signed-off-by: Jon Mason <jon.mason@arm.com>
Use flyout menu enabled via the `flyout_display`
parameter to show the flyout in the bottom of the sidebar.
The default Read the Docs (RtD) flyout needs to be disabled in order
to not have 2 flyouts showing. It is done by disabling it in the
RtD project settings.
Additionally, the Sphinx theme needs to be upgraded from version
2.0.0 to version 3.0.0. The sphinx and docutils modules also need
to be update for compatibility reason.
Signed-off-by: Hugues KAMBA MPIANA <hugues.kambampiana@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Newer versions of the FVP now contain a full log entry for the
"Listening for serial connection on port" regex of the form:
INFO: FVP_NAME: terminal_uart: Listening for serial connection...
Relax the regex to support this new logging format and change from
re.match to re.search as the regex may not appear at the start of the
line.
This change is backwards-compatible with older versions of the FVP.
Signed-off-by: Peter Hoyes <peter.hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
oe-core has removed 6.10, so until corstone1000 has upgraded to 6.12 add
it temporarily to meta-arm-bsp.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The DesignWare platform driver is hidden behind a DesignWare Core option
now, so enable that too.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
When images are repacked IMAGE_ROOTFS_EXTRA_SPACE is ignored.
This is not necessarily a bug but an undocumented quirk of how wic
works.
Evaluate IMAGE_ROOTFS_EXTRA_SPACE and use the value with the
--extra-space option. Note that, since IMAGE_ROOTFS_EXTRA_SPACE is in
Kb, the value for `--extra-space` requires the explicit 'K' suffix (the
default is 'M')
Signed-off-by: Adam Johnston <adam.johnston@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Set the Upstream-Status to Denied because the community suggests a different design
The external system implementation in Corstone-1000 is user-defined.
In the implementation provided by he FPGA board and by the FVP, the
Cortex-A35 (Linux) can not access the memory of the external system (Cortex-M3).
So, Linux can not load the external system firmware and can not communicate
with the external system using Rpmsg over remoteproc subsystem. The reason is Rpmsg
needs vrings memory buffers to be shared between both cores.
The community prefers that the HW is updated with memory sharing before they
consider merging the remoteproc driver.
We reached the agreement that we will split the work in two parts:
Part 1: Writing an SSE-710 reset controller driver
Part 2: Corstone-1000 remoteproc driver
Part 1 is doable and we will be working on it.
Part 2 is waiting for the FPGA upgrade with the memory sharing feature.
For more details [1].
[1]: https://lore.kernel.org/all/20241009094635.GA14639@e130802.arm.com/
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Currently, terminal title is %title, which is populated with the
component name by the FVP. This commit prepends it with {name},
which is already a mandatory parameter for terminals to be launched.
E.g. FVP_TERMINALS[terminal_uart] ?= "My Name" will launch a terminal
with a title "My Name - terminal_uart".
Signed-off-by: Gabor Abonyi <gabor.abonyi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The SHA of the dependent community layers are commented out and set to
the tested SHA from the `styhead` branch of each layer.
The set SHAs are to be uncommented in the `styhead` branch which is
to be used to create the `CORSTONE1000-2024.11` tag.
Signed-off-by: Hugues KAMBA MPIANA <hugues.kambampiana@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
* Fix typographical error in documentation.
* Add missing instructions.
* Create paragraphs where necessary to improve readability.
* Change `note` box to `important` box
* Remove verification of arm_tstee driver presence:
arm-tstee driver has been integrated in Linux v6.10.14 which is
the one used in the software stack. It is built as part of Linux and
is no longer a loadable module.
The steps to verify the driver presence are no longer applicable.
* Standardise naming of the target platform:
Consistently use the name `Corstone-1000` to refer to the target platform.
* Update Debian OS version from 12.4 to 12.7
Debian version 12.4 has a bug in Shim 15.7.
This bug causes a fatal error when attempting to boot media installer
for Debian,and resets the platform before installation starts.
A patch to skip the Shim was applied to Corstone-1000 to avoid
the error.
Debian version 12.7 no longer has the bug in the Shim thus making
the usage of the patch redundant.
Bump Debian installer to version 12.7 and remove usage of the patch
for the Debian installation test.
* Replace xterm with tmux:
Update the user guide to specify tmux instead of xterm.
Using tmux as opposed to xterm provides a better user experience
when running the commands listed on the user guide.
* Use ACS image for FVP SystemReady test:
Due to fixed timeout values in the meta-arm-systemready the ACS time
test do not complete successfully.
Instead, specify commands to use the pre-built ACS image.
* List Trusted Services as a host component:
Add Trusted Services to the list of components used on the Host processor
of the Corstone-1000. The various BitBake recipes and append files used to
build Trusted Services are listed for the component.
* Update release version to CORSTONE1000-2024.11:
All references to the version of the Corstone-1000 software reference
stack have been updated from CORSTONE1000-2024.06 to CORSTONE1000-2024.11.
Add to the changelog the 2024.11 release information.
Add the 2024.11 release notes.
Signed-off-by: Hugues KAMBA MPIANA <hugues.kambampiana@arm.com>
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Remove secure boot signature from kernel image.
It's signed as part of uki image now which signs
kernel, initramfs etc.
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Unified Kernel Image includes kernel and initrd which
both are signed with UEFI secure boot. This brings secure
boot closer to userspace.
Use core-image-initramfs-boot to find the real
rootfs and boot systemd init there. No need to hard code
rootfs via qemuboot/runqemu variables.
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Setting INIT_MANAGER to "systemd" already sets needed
feature flags. Appending to them only causes sstate
cache invalidation and recompilations.
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
xen-image-minimal now requires systemd. Add poky-altcfg (which has
systemd amongst other things) as an includes in the xen.yml file to work
around this. Also, xen requires openssh instead of dropbear. So,
override that entry.
Signed-off-by: Jon Mason <jon.mason@arm.com>
On some architectures (namely Aarch64), glibc may provide a libmvec
library since glibc 2.22, which programs built with gcc OpenMP
support might get linked to.
In order for these programs to work on the target, we need to copy this
library to the target filesystem.
Make sure that libmvec.so symlink is correct with or without usermerge
enabled otherwise libmvec.so symlink is broken.
For more details on libmvec, see
https://sourceware.org/glibc/wiki/libmvec.
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Acked-by: Denys Dmytriyenko <denys@konsulko.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
usrmerge nowaday required by systemd [1] but it broke
external-arm-toolchain in several ways...
When usrmerge is enabled, /lib is no longer part of SYSROOT_DIRS list
while the prebuilt toolchain expect the dynamic loader to be placed in
/lib not /usr/lib.
There is no /lib directory in the per-package sysroot directory
generated to build each package:
[...]/build/tmp/sysroots-components/<target>/<package>/
sysroot-providers/ usr/
But the cross-compiler still generate binaries with dynamic loarder
path set to "/lib/ld-linux-<target>.so*"
strings sanitycheckc_cross.exe | grep ld
/lib/ld-linux-aarch64.so.1
A symlink /lib -> /usr/lib is crated in the final rootfs image.
But this broke the meson-qemuwrapper used when "qemu-usermode"
(MACHINE_FEATURES) is available:
See [2]:
do_write_config:append:class-target() {
# Write out a qemu wrapper that will be used as exe_wrapper so that meson
# can run target helper binaries through that.
qemu_binary="${@qemu_wrapper_cmdline(d, '$STAGING_DIR_HOST', ['$STAGING_DIR_HOST/${libdir}','$STAGING_DIR_HOST/${base_libdir}'])}"
It produce a runtime issue while running a meson sanity check:
meson-qemuwrapper [...]/build/meson-private/sanitycheckc_cross.exe
qemu-aarch64: Could not open '/lib/ld-linux-aarch64.so.1': No such file or directory
Note: The binaries build by the Yocto internal toolchain seems be "patched" [3]
to look at /usr/lib instead of /lib.
We use -Wl,--dynamic-linker to make sure that the cross-compiler
generate binaries using the dynamic loader path defined by usrmerge
for all packages build by Yocto.
[1] https://git.openembedded.org/openembedded-core/commit/?id=802e853eeddf16d73db1900546cc5f045d1fb7ed
[2] https://git.openembedded.org/openembedded-core/tree/meta/classes-recipe/meson.bbclass?h=2024-04.3-scarthgap#n130
[3] https://github.com/openembedded/openembedded-core/blob/scarthgap/meta/recipes-devtools/gcc/gcc/0007-Define-GLIBC_DYNAMIC_LINKER-and-UCLIBC_DYNAMIC_LINKE.patch
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Acked-by: Denys Dmytriyenko <denys@konsulko.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
When `usrmerge` distro feature is not enabled, then `${base_libdir}`
resolves to `/lib` and `/lib/libpthread*.so` does not match any files.
But, with `usrmerge` distro feature, `${base_libdir}` is `/usr/lib`, so
removed line leads to `/usr/lib/libpthread.so` symlink included in
`${PN}` which causes QA check failure.
Signed-off-by: Vasyl Vavrychuk <vvavrychuk@gmail.com>
Acked-by: Denys Dmytriyenko <denys@konsulko.com>
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Jon Mason <jon.mason@arm.com>
With `usrmerge` disto feature `base_libdir` and `libdir` are the same,
so it does not make sense to:
* removing "duplicates" between them
* move files from `base_libdir` to `libdir`
This fixes build error
| mv: '.../tmp/work/cortexa15t2hf-neon-poky-linux-gnueabi/external-arm-toolchain/12.2.Rel1/image/usr/lib/libasan.a' and '.../tmp/work/cortexa15t2hf-neon-poky-linux-gnueabi/external-arm-toolchain/12.2.Rel1/image/usr/lib/libasan.a' are the same file
in case of `usrmerge` feature enabled.
Signed-off-by: Vasyl Vavrychuk <vvavrychuk@gmail.com>
Acked-by: Denys Dmytriyenko <denys@konsulko.com>
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The tc files were removed some time ago, but there are still entries
in the bbappends trying to reference those files. Remove them.
Fixes: 0af53c6453 ("arm-bsp: Remove tc1")
Signed-off-by: Jon Mason <jon.mason@arm.com>
With the recent update of u-boot to 2024.10, these patches are no longer
needed (as they are in this release). Remove them and everything is
happy again.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update edk2 to the latest stable release tag, and update edk2-platforms
to the last SHA that seems to work.
Signed-off-by: Jon Mason <jon.mason@arm.com>
UEFI capsule update is a mechanism that allows firmware updates to be
delivered and applied in a standardized way. It is part of the UEFI
specification and provides a way to update system firmware components
like the BIOS, UEFI drivers, or other platform firmware.
Signed-off-by: Javier Tia <javier.tia@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
qemuarm64-secureboot is using systemd for uefi-secureboot, which has
warnings with musl (and fails to compile with clang and musl). So,
modify the matrix to keep the coverage of everything else but musl.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Enable network boot via HTTP protocol. Many embedded and server-class
systems use network boot for booting. Enabling network boot on devices
allows:
- Shipping devices without OS images. When we power up the device, the
firmware can connect to the Internet and download and install suitable
boot images for this specific device. Administrators can centrally
manage the boot images and configuration files on a network server.
This centralization streamlines the management of boot options and
ensures consistency across all devices.
- This is particularly useful in enterprise environments. On mass
deployments, there is a need to install the operating system on
multiple devices simultaneously.
- Ability to maintain a completely diskless system if needed
The plain HTTP protocol lacks encryption. It's intended to be used on
local networks. Secure http protocol support is under review.
Signed-off-by: Javier Tia <javier.tia@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Encapsulate all UEFI Secure Boot required settings in one Kas
configuration file.
Introduce SBSIGN_KEYS_DIR variable where UEFI keys will be generated
to sign UEFI binaries.
Introduce uefi-secureboot machine feature, which is being used to
conditionally set the proper UEFI settings in recipes.
Replace Grub bootloader with systemd-boot, which it makes easier to
enable Secure Boot.
Advantages using systemd as Init Manager:
- Extending secure boot to userspace is a lot easier with systemd than
with sysvinit where custom scripts will need to be written for all use
cases.
- systemd supports dm-verity and TPM devices for encryption usecases out
of the box. Enabling them is a lot easier than writing custom scripts
for sysvinit.
- systemd also supports EUFI signing the UKI binaries which merge kernel,
command line and initrd which helps in bringing secure boot towards
rootfs.
- systemd offers a modular structure with unit files that are more
predictable and easier to manage than the complex and varied scripts
used by SysVinit. This modularity allows for better control and
customization of the boot process, which is beneficial in Secure Boot
environments.
- Add CI settings to build and test UEFI Secure Boot.
Add one test to verify Secure Boot using OE Testing infraestructure:
$ kas build ci/qemuarm64-secureboot.yml:ci/meta-secure-core.yml:ci/uefi-secureboot.yml:ci/testimage.yml
...
RESULTS - uefi_secureboot.UEFI_SB_TestSuite.test_uefi_secureboot: PASSED (0.62s)
...
SUMMARY:
core-image-base () - Ran 73 tests in 28.281s
core-image-base - OK - All required tests passed (successes=19, skipped=54, failures=0, errors=0)
Signed-off-by: Javier Tia <javier.tia@linaro.org>
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org> [yml file include fix]
Signed-off-by: Jon Mason <jon.mason@arm.com>
In the target, Secure Boot starts from the firmware (u-boot), adds the
signing keys, and verifies the bootloader (systemd-boot) and kernel
(Linux).
sbsign bbclass is used to sign the binaries. sbsign is the name of the
tool used to sign these binaries. Hence the name of this class to sbsign
and variables with SBSIGN prefix.
Signed-off-by: Javier Tia <javier.tia@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
optee-client 4.3 supports systemd sd-notify to inform
systemd and other services that it has started.
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Tests are taking more time now and several devices are
timing out:
https://gitlab.com/jonmason00/meta-arm/-/pipelines/1467809227
qemuarm64-secureboot runs the test in 10 and
qemuarm-secureboot in 13 minutes.
Upstream optee CI shows xtest runs taking around 30 minutes on
slowest qemu machines:
https://github.com/OP-TEE/optee_os/actions/runs/10997530234?pr=7052
Guestimate limit to 45 minutes so that slowest and most loaded
machines could fit there too. optee xtest has internal test
specific timeouts so if something hangs it should be detected
earlier.
If these limits still cause issues, then we could disable some of
the longer running tests with "xtest -l" option. Default for
testing level is 1 but maybe 2 or 3 could be enough.
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Cc: Jérôme Forissier <jerome@forissier.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update to the latest gn commit.
Changes in gn between b2afae122eeb6ce09c52d63f67dc53fc517dbdc8 and 95b0f8fe31a992a33c040bbe3867901335c12762
95b0f8fe31a9 Improve error message for duplicated items
e30a1fe26e5e [rust-project] Always use forward slashes in sysroot paths
20806f79c6b4 Update all_dependent_configs docs.
f792b9756418 set 'no_stamp_files' by default
60a28b636057 fix a typo
b5ff50936a72 Stop using transitional LFS64 APIs
a737c2849f13 do not use tool prefix for phony rule
e080b4d340c2 [rust] Add sysroot_src to rust-project.json
50ecf4c84d08 Implement and enable 'no_stamp_files'
4e4b8d989499 Add Target::dependency_output_alias()
225e90c5025b Add "outputs" to generated_file documentation.
9e0c7b7cefb2 Update bug database link.
d010e218ca70 remove a trailing space after variable bindings
32f63e70484f fix tool name in error
f190770a69a3 remove unused includes
54f5b539df8c Markdown optimization (follow-up)
e3d088c4b6ac Support link_output, depend_output in Rust linked tools.
fc8172f4a107 Properly verify runtime_outputs in rust tool definitions.
fdb90141934a BugFix: Syntax error in gen.py file
93550dc1701d generated_file: add output to input deps of stamp
449f3e4dfb45 Markdown optimization:
05eed8f6252e Revert "Rust: link_output, depend_output and runtime_outputs for dylibs"
8f2193f70793 hint using nogncheck on disallowed includes
0ee833e823f2 Rust: link_output, depend_output and runtime_outputs for dylibs
1b41f0502f87 Add missing reference section to function_toolchain.cc
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update OP-TEE to version 4.3.0
NOTE: the license file in optee-test changed, but the license is the
same (commit a748f5fcd9ec8a574dc86a5aa56d05bc6ac174e7). They chose to
change the URL of the licenses in question to be "LICENSE-GPL" and
"LICENSE-BSD".
Signed-off-by: Jon Mason <jon.mason@arm.com>
oe-core master now has 6.10.11 which incorporates this patch, so we don't
need to carry it anymore.
This reverts commit 60fd47edd0.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Some of the existing patches were submitted and merged to the
upstream TF-M repository.
In this commit, the upstream statuses are updated, and the patches are
reordered so the submitted patches are applied first.
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The patch with pending status was submitted to the upstream OP-TEE
repo.
Signed-off-by: Ali Can Ozaslan <ali.oezaslan@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Using resulttool we can transform the oeqa JSON reports into JUnit XML,
which GitLab can display in pipelines and merge requests.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
We had two instances of the same job, so consolidate them into one.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Instead of always using KAS_WORK_DIR/build to refer to the build tree,
on the assumption that is where the build tree is, export KAS_BUILD_DIR
and use that variable instead.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The point of this recipe is to allow people to quickly test more recent
commits that aren't yet part of any release just yet.
One should really not use it in any product, but it's nice for CI and
development purposes.
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The added TF-M patches:
- Remove unused files from TF-M's BL1
- Remove unecessary duplications in metadata write functions
- Fix compiler switches in metadata handling functions: the runtime TF-M
uses the GPT to get the offsets for the metadata.
- Validate both metadata replica in the beginning by checking the crc32
checksum. If one of the replicas is corrupted then update it using the
other replica.
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
b4[1] is a very nice tool for mail-based contribution. A config[2] file
exists to set up a few defaults. We can use it to set the To recipients
to always add, in our case the mailing list.
This shouldn't be necessary if we had a script that b4 prep --auto-to-cc
could call to find the mail address(es) to send to. Let's start without
it for now.
[1] https://pypi.org/project/b4/
[2] https://b4.docs.kernel.org/en/latest/config.html
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Jon Mason <jon.mason@arm.com>
If a /dev/teepriv[0-9]* device is detected, start an instance of
tee-supplicant.service with the device name as parameter.
Signed-off-by: Javier Tia <javier.tia@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The current code is waiting 5 seconds to get an EOF on the
console pexpect spawn object, on a particularly slow machine
this timeout was not enough ending up into a TIMEOUT exception.
To solve this, increase the timeout and handle the TIMEOUT exception
by printing an error on the debug console instead of letting the
exception raise up to the stack, force the spawn object close() call
as well, since at this stage we would like the process to terminate
anyway.
Signed-off-by: Luca Fancellu <luca.fancellu@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Modify the upstream status and commit descriptions of Trusted-Services patches.
Few patches have been been upstreamed to external Trusted-Services gerrit repository
for review. So, update upstream status of those patches accordingly.
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Re-enable parselogs testing for fvp-base and corstone1000-fvp, and add
an ignore file for the relevant entries. Also, increase the testing
being done on corstone1000-fvp.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add the bits to enable poky-altcfg to boot to prompt on fvp-base.
Unfortunately, ssh takes a very long time to come up, which causes the
ssh test to timeout. So, don't enable this by default in CI.
Also, switch to building full-cmdline instead of sato, since we're never
actually testing the graphics on this platform.
Signed-off-by: Jon Mason <jon.mason@arm.com>
util-linux is failing when compiling with:
| configure: error: libmount_mountfd_support selected, but required mount FDs based API not available
Remove this feature when building with the binary toolchain to avoid
this issue.
Acked-by: Denys Dmytriyenko <denys@konsulko.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The Application Root of Trust and the PSA Root of Trust was not
isolated in TF-M Isolation Level 2 beacuse of the misconfiguration of
the MPU. The added patch fixes this issue.
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Includes:
* Sentence clarifications
* Usage of list numbering where steps are given
* Usage of code syntax where appropriate
* Usage of RST syntax for notes
* Appropriate capitalization of component names
* Consistently use the term MPS3 to refer to the physical hardware
* Present tests in a clear and consistent manner
* Wrap commands to reduce horizontal scrolling
* Creating paragraphs to improve readability
* Usage of shell variables for placeholders so user can
create their shell variables and use the provided commands
as in the user guide.
Signed-off-by: Hugues KAMBA MPIANA <hugues.kambampiana@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The arm-tstee driver was upstreamed to the v6.10 kernel so it doesn't
have to be loaded manually. Updated the related parts in the
Corstone-1000 user guide.
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This commit updates the linux-yocto version to the latest availabe one.
No additional work was needed to make it work in Corstone-1000.
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The ts-tee driver was upstreamed into the v6.10 kernel. Remove
arm-tstee driver package, since the upstream one should be used.
optee and arm ffa driver are logging non-fatal errors in dmesg, which is
causing the parselogs test to fail. This is due to arm ffa needing
givc3.
Signed-off-by: Jon Mason <jon.mason@arm.com>
CI test for Trusted Services is failing with the recent musl update.
The issue was bisected to an update in musl modifying the behavior of
PAGE_SIZE. Revert this change in musl while using trusted-services
until a proper solution can be found.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add a warning in the Corstone-1000 documentation to indicate to the
end user that a 32 MB QSPI flash PMOD module is required to run
the Corstone-1000 software stack on MPS3-FPGA with the AN550 Application
note programmed.
Signed-off-by: Hugues KAMBA MPIANA <hugues.kambampiana@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add new usage details for running the secure boot testing
script located in the `systemready-patch` repository.
This script is used to create UEFI authenticated variables and sign the
Linux kernel image for the MPS3-FPGA and FVP secure boot tests.
Reflect the latest modifications to the script usage in the Corstone-1000 user guide.
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Create new yml file "corstone1000-extsys.yml" which adds "corstone1000-extsys" as
new MACHINE_FEATURE.
Based on this, external system components can be enabled or disabled from the
Linux Kernel and U-Boot.
Reason for change:
DT-schema test is failing for the SystemReady-IR v2.0 certification because
device tree binding for remoteproc dts node corresponds to external system has
not been upstreamed in the Linux Kernel yet.
So, it has been decided to make enablement of external system configurable in
order to make Corstone1000 FVP SystemReady-IR v2.0 certifiable.
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
As pointed out by Denys Dmytriyenko, the LICENSE entry in
trusted-firmware-a is not accurate. docs/license.rst specifies the
licenses to be BSD 3 Clause for the project, with code from other
projects imported as:
libc BSD-3-Clause
libfdt BSD-2-Clause
LLVM BSD-3-Clause
zlib BSD-3-Clause
STMicroelectronics platform source code BSD-3-Clause
Linux source MIT
DICE Apache 2.0
Note: these are the license the code is imported with (according to
license.rst), not a listing of the license(s) of those sources.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Acked-by: Denys Dmytriyenko <denys@konsulko.com>
The new section writes down the steps that are needed for reproducing
the Secure Debug authentication.
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The Secure Debug functionality can be enabled on MPS3 by using the new
corstone1000-mps3-secure-debug.yml kas file. The kas file adds the new
secure-debug machine feature. The TF-M recipe adds the needed TF-M
build flags and patches in order to make the Secure Debug work.
This way, the Corstone-1000 will only boot fully if a debugger is
connected and a debug authentication is initiated.
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
arm-tstee doesn't compile on 6.8 or newer kernels. Temporarily pin the
kernels of machines using this package back to 6.6 while developing a
fix.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Adding "rootwait" to bootargs for uniformity with the other wic files,
and this _could_ resolve Yocto Bugzilla Bug 15562 (as the intermittent
inability to find the root disk could be because of a race between
needing the disk and it not being mounted yet).
Signed-off-by: Jon Mason <jon.mason@arm.com>
ts-newlib has a custom do_patch function which is not setting
up git like poky do_patch. Build without working git config
may fail:
| *** Please tell me who you are.
|
| Run
|
| git config --global user.email "you@example.com"
| git config --global user.name "Your Name"
|
| to set your account's default identity.
| Omit --global to set the identity only in this repository.
|
| fatal: unable to auto-detect email address (got 'tuxbake@81d82e1ac791.(none)')
Fix this by calling check_git_config from poky utils
to setup git correctly.
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Read the Docs recommends installing the Sphinx theme by listing
it as an enabled extensions prior to setting it as the active theme.
This commit adds it to the enabled extensions list as it was already
set as the active theme.
Signed-off-by: Hugues Kamba-Mpiana <hugues.kambampiana@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Read the Docs will stop defining `html_baseurl` Sphinx configuration,
which means that projects will need to define it by themselves to keep the
canonical custom domain properly configured.
The `READTHEDOCS_CANONICAL_URL` environment variable is used to define
`html_baseurl` to keep the previous behavior.
Also inject the `READTHEDOCS` variable into the `html_context`.
Code fragment taken from the blog post here:
https://about.readthedocs.com/blog/2024/07/addons-by-default/
Signed-off-by: Hugues Kamba-Mpiana <hugues.kambampiana@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
A patch was added to fix the address of the bank erasing and flashing
during the capsule update procedure. Previously the BL2 partition was
not erased properly.
The offset in the corstone1000-flash-firmware.wks.in was updated to
be aligned with the changes.
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
There no longer is a platform in meta-arm that uses this version of
TF-M. The last platform that did use it (Corstone-1000) now uses
a later version.
See meta-arm-bsp/conf/machine/include/corstone1000.inc for more info.
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The TF-M was upgraded to v2.1.0 for the Corstone-1000. The TS had to be
aligned with it, to keep the Secure Enclave Proxy Secure Partition
compatible with TF-M.
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update the preferred version of TrustedFirmware-M for Cortsone-1000
from 2.0.x to 2.1.x to benefit from the latest fixes and improvements
as well as to reduce the number of out-of-tree patches.
As a result of updating the version:
* Remove no longer required out-of-tree patches
* Rebase and update the numbering of the remaining out-of-tree patches
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
CONFIG_FB_ARMCLCD is long obsolete, has been replaced with a DRM driver
enabled by CONFIG_DRM_PL111, and was removed in 6.8.
CONFIG_THERMAL_WRITABLE_TRIPS was removed in 6.9.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This change moves ts-newlib compilation fix from
meta-arm-bsp to meta-arm, as this compilation failure
is not specific to meta-arm-bsp platforms.
Signed-off-by: Mariam Elshakfy <mariam.elshakfy@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The patches with Pending status were submitted to the upstream TF-A
repo.
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
bl31 interrupt type regression has been fixed in v2.11 of trusted
firmware a. Since qemuarm64-secureboot is using that version, this
patch can be removed.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Move the fvp-base unique u-boot patches to the proper nested directory
and rename them to match convention (devtool style).
Signed-off-by: Jon Mason <jon.mason@arm.com>
Change optee-os build scripts to not use absolute
build time paths in generated header files and scripts.
Two patches are backports from master/4.3.
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The .S files compiled by optee-os were including
absolute path of the recipe git tree. Fix this by
applying CFLAGS with correct debug prefix maps to AFLAGS
used by optee makefiles. Fixes optee-os and optee-os-tadevkit
buildpaths QA errors.
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Currently the run_cmd, which is a wrapper for self.target.run()
that uses SSH to spawn commands on the target, can fail spuriously
with error 255 and cause the test to fail on slow systems.
In order to address that, introduce a retry mechanism for the call,
that is able to wait some time for the system to settle and retry
the command when the error code from SSH is 255.
Signed-off-by: Luca Fancellu <luca.fancellu@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Define “DISTRO_UNATTENDED_INST_TESTS” variable in meta-arm-systemready
independently from meta-arm-auto-solutions. This will allow running
the unattended installation without meta-arm-auto-solutions.
Signed-off-by: Amr Mohamed <amr.mohamed@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The oeqa test responds to the boot loader prompt error message and
waits till the distro installation is finished.
Signed-off-by: Amr Mohamed <amr.mohamed@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add the Fedora kickstart configuration file and define a function to
modify the unpacked ISO image to add the kickstart file inside and
modify the grub.cfg file.
Signed-off-by: Amr Mohamed <amr.mohamed@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add a new inc file to unpack and repack the distro ISO image after
adding the kickstart configuration file inside.
Signed-off-by: Amr Mohamed <amr.mohamed@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
If SPDX 3.0 has been enabled then it :appends to IMAGE_CLASSES and then
breaks at build time because there are several classes and recipes that
look like but are not images.
Explicitly :remove the relevant class, but this really needs a better
solution in the long term.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Increase the size of PS storage in Secure Flash.
The SecureBoot and Security Interface Extension (SIE) tests for MPS3
are failing when the Secure Flash runs out of memory. The frequency
of the errors is at least 50-60%. The aim of this is to increase
the size of PS storage in Secure Flash, so as to minimize
the possibilities of it to run out of memory.
FLASH_PS_AREA_SIZE is increased.
Signed-off-by: Ali Can Ozaslan <ali.oezaslan@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add the changes necessary to get edk2 booting and testimage passing on
fvp-base. All that is really necessary is adding the dtb to the too
partition.
Signed-off-by: Jon Mason <jon.mason@arm.com>
The edk file removed xorg from being tested, which is currently working
on qemuarm and qemuarm64. Also, the section name collies with one in
fvp.yml, which has other things that are removed. Remove this removal
to get things working as expected.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update to the latest gn commit. The previous commit was from 23 April 2024.
The commits since that commit are:
Do not cleanup args.gn imports located in the output directory.
Fix expectations in NinjaRustBinaryTargetWriterTest.SwiftModule
Do not add native dependencies to the library search path
Support linking frameworks and swiftmodules in Rust targets
[desc] Silence print() statements when outputing json
infra: Move CI/try builds to Ubuntu-22.04
[MinGW] Fix mingw building issues
[gn] Fix "link" in the //examples/simple_build/build/toolchain/BUILD.gn
[template] Fix "rule alink_thin" in the //build/build_linux.ninja.template
Allow multiple --ide switches
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update to the latest commit. The previous top commit was from 27 July 2021.
The commits since that commit are:
aarch64: Enable access to MDSELR_EL1 from EL2 and below
aarch64: enable Permission Indirection Extension
aarch64: enable access to TCR2_ELx
model.lds.S: Quote file paths
Makefile: Change COUNTER_FREQ to 100 MHz
sme: Fix sign-extension bug in SMCR_EL3 write
fix array boundary check in find_logical_id
aarch64: enable access to HCRX_EL2
aarch64: Enable use of SME by EL2 and below
aarch64: Document what we're doing when setting ZCR_EL3.LEN
aarch64: Recognize PAuth QARMA3
Makefile: avoid dtc warnings on re-compiling DTB
Unify start_el3 & start_no_el3
Rework bootmethod initialization
Announce locations of memory objects
aarch32: move the bulk of Secure PL1 initialization to C
aarch64: move the bulk of EL3 initialization to C
Announce boot-wrapper mode / exception level
Rework common init C code
aarch64: initialize SCTLR_ELx for the boot-wrapper
aarch64: add mov_64 macro
aarch32: add coprocessor accessors
aarch64: add system register accessors
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update to the latest opencsd commit. The previous commit was from 28 March 2024.
The commits since that commit are:
opencsd: Update Version info and README for v1.5.3
build: Minor adjustments to improve clang compatibility
build: vs2022: Fix minor git tracking issues.
opencsd: test: update tests for memacc cache api
opencsd: Add external memacc cache interface.
opencsd: memory accessor - update caching.
opencsd: docs: Update man files
opencsd: etm4: Fix packet print typo.
opencsd: Fix error handling in snapshot loader
opencsd: Fix error string ordering.
opencsd: memacc: Add logging for cache pages and size.
opencsd: Add timing to trc_packet_lister
docs: Minor document corrections.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update README.md file to add "ARM_FVP_EULA_ACCEPT=1"
with kas build commands.
Signed-off-by: Amr Mohamed <amr.mohamed@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
With the resolution of meta-clang issue 766 and
OE-Core 15d09b02b2632ab1cabc3b1bd9f521e6d3d3b83f
many of the settings are no longer necessary to be set as part of our
CI. Remove them, as it is causing other issues with CI.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update the Arm Binary toolchain to version 13.3-rel1. The upper to
lowercase 'r' in rel was intentional, as the exact match is needed for
devtool to properly determine the correct version.
Signed-off-by: Jon Mason <jon.mason@arm.com>
The mdata structure was modified to use the v2 and did the minimal
necessarry changes to make it build without errors. This way the
U-Boot metadata is aligned with the TF-A and TF-M structs.
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Upgrades metadata structs in secure-enclave from v1 to v2 as described
in psa-fwu spec: https://developer.arm.com/documentation/den0118/latest/
The TrustedFirmware-A v2.11 release supports only the metadata v2. The
structs in TF-M side had to be aligned to keep the compatibility.
Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update the preferred version of TrustedFirmware-A for Cortsone-1000
from 2.10.x to 2.11.x to benefit from the latest fixes and improvements
as well as to reduce the number of out-of-tree patches.
As a result of updating the version:
* Remove no longer required out-of-tree patches
* Update the numbering of the remaining out-of-tree patches
Additionally remove unnecessary white spaces in modified BitBake files.
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
There no longer is a platform in meta-arm that uses this version of
OP-TEE OS. The last platform that did use it (Corstone-1000) now uses
a later version.
See `meta-arm-bsp/conf/machine/include/corstone1000.inc` for more info.
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update the preferred version of OP-TEE OS for Cortsone-1000 from
4.1.x to 4.2.x to benefit from the latest fixes and improvements.
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update the Corstone-1000 user guide with the new instructions on how to
rebuild the platform to enable multicore support and run a test to
verify this.
Signed-off-by: Delane Brandy <delane.brandy@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
uefi-test is failing on qemuarm64-secureboot with TS enabled with a "Bus
Error". This regression is caused by the update of QEMU from v8.2.1 to
v9.0.0. Temporarily disable this test (via disabling ts-smm-gateway) to
get CI green until it can be root caused.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Include platform header file in order to remove compiler warnings.
Due to GCC upgrades to 14.1, some warnings are being treated as errors.
This change resolves TF-A compilation issue when FVP multicore
is enabled.
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Recent upstream changes to what is acceptable use of WORKDIR have broken
where the meta-arm-systemready recipes are expecting things to be. Fix
them to point to the correct location.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Fast Models 11.26 now print the following warning if the env var
FASTSIM_DISABLE_TA is set:
Warning: /ARM/FastModels/deprecated: the use of FASTSIM_DISABLE_TA
environment variable is deprecated and will beremoved in a future
release.
Remove the env var from the default env passthrough vars in the fvpboot
bbclass.
This reverts commit 735f560aeb.
Signed-off-by: Peter Hoyes <peter.hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Fix compilation issues with newer GCC version 14.1 for ts-newlib package
by disabling GCC flags for now.
This is just to unblock meta-arm master compilation issues.
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Fix compilation issues with newer GCC version 14.1 for Trusted-Services
patches by disabling some GCC flags for now.
This is just to unblock the meta-arm master compilation issues.
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This patch enables logging with timestamps for individual pexpect
assertions to ease the debugging of failed tests and the tuning of
timeouts. It measures the execution time of all pexpect calls and logs
the actual duration for each.
Only "callable" pexpect calls are timed (e.g. expect, sendline, but not
before or after).
Signed-off-by: Divin Raj <divin.raj@arm.com>
Signed-off-by: Ziad Elhanafy <ziad.elhanafy@arm.com>
Signed-off-by: Peter Hoyes <peter.hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The Kas 4.4 image includes the websocket module, needed to use the
public hashserv/sstate.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Fallout from the upstream WORKDIR changes. do_copy_locale expects
SUPPORTED to be in WORKDIR, but recent changes have made it so that the
source/unpack location is no longer WORKDIR and cannot be pointed to
be such. So, do this copy manually here.
Signed-off-by: Jon Mason <jon.mason@arm.com>
QEMU has deprecated the no-acpi parameter, in favor of "acpi=off" machine
setting. Modify the machine conf to use the new method.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update to the latest version of fvp-base-a-aem. The licence files
changed with an addition of language to add 'Arm License Management
Utilities', but still is licensed under the Arm Proprietary license (and
still requires the EULA to be acknowledged).
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update the source/fetching for the new S/UNPACKDIR behaviour. This patch
is complicated by the recipe using UNPACK_DIR already, so I changed that
to avoid confusion.
Signed-off-by: Ross Burton <ross.burton@arm.com>
GCC 14.1 is stricter with code validation and the build now fails.
However as upstream appear to be about to remove this source entirely from
upstream[1] I didn't want to spend long investigating this if upstream
changes will obsolete it, so just silence the errors for now.
[1] https://github.com/microsoft/ms-tpm-20-ref/pull/108
Signed-off-by: Ross Burton <ross.burton@arm.com>
Introduce `corstone1000_fvp_smp` as a value of the `MACHINE_FEATURES`
variable to support Corstone-1000 FVP Symmetric Multiprocessing.
A new YAML file is created to add this new machine only for the FVP
variant of the target platform.
The multicore feature is enabled in TrustedFirmware-A,
TrustedFirmware-M, and OP-TEE based on this machine feature.
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
This changeset adds the multicore support in trusted-firmware-a for the Corstone-1000
FVP.
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
The fvpboot class specifically hooks into the image creation, so it
should use IMAGE_CLASSES instead of INHERIT (which is global in scope).
Signed-off-by: Ross Burton <ross.burton@arm.com>
Since switching to master, EDK2 is doing an unaligned access to memory
when drawing the boot logo which causes qemu 9.0.0 (since 728b923f54) to
raise an exception.
There is upstream discussion about where and what the underling bug here
actually is, but until that is resolved we can simply align the logo.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Improve the documentation in the user guide of the following tests:
- SystemReady-IR tests
- Manual capsule update and ESRT checks
- Linux distros tests
- UEFI Secureboot (SB) test
- PSA API tests
In addition, we moved the tests in one section for better readability.
Signed-off-by: Delane Brandy <delane.brandy@arm.com>
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Since OE-Core commit 32cba1cc916a ("insane: Error for S == WORKDIR")
usage of WORKDIR in tasks is fatal, and shall be replaced with UNPACKDIR.
Similar change is introduced in OE-Core commit d9328e3b0b06 ("recipes:
Switch away from S = WORKDIR"), follow the same pattern for OP-TEE client.
Signed-off-by: Andrey Zhizhikin <andrey.z@gmail.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
We boot genericarm64 inside a qemu, so add the pregenerated keys to speed
up testing. This isn't a risk because we don't publish the images.
Signed-off-by: Ross Burton <ross.burton@arm.com>
NOWERROR=1 has been made obsolete by commit beb065df6ee5 ("Do not set
-Werror by default"). Remove it.
Signed-off-by: Thomas Perrot <thomas.perrot@bootlin.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Adding UPSTREAM_CHECK_GITTAGREGEX to properly check the upstream
version, and modify the recipe name to follow the version in the git
tree.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update hafnium to the latest version
Changes in hafnium between 946fde92bedc95e1320684b0bc2dc752bc1e1bc7 and 2bef7ab3895c48d39b84ab58179b2d0de5156b8b
2bef7ab3895c docs: the change log for the v2.11 release
2aea748eb344 docs: add SIMD support section
dac0ae1bf74a docs: threat model GPF with memory share
9dbe17a3fc60 docs: threat model to NWd rxtx buffer
0b45a2e28f65 docs: fix FFA_CONSOLE_LOG description
c28ee3eda25d docs: device regions in SPMC manifest
d547d6df4228 docs(memory management): rme integration
963a5d73abb5 docs: document `FFA_FEATURES`
d40979fd9974 docs: document `FFA_CONSOLE_LOG` ABI
dfc312e2a965 docs: add description of device memory lending
ce8526ecac0f docs: update threat model for static dma isolation
17c9ad327bfa fix(ff-a): report NPI and MEI unsupported to normal world
27a4df506d83 refactor(simd): cosmetic rename sm local variable
4695ce892967 fix(simd): fix SME-only save/restore conditions
4fd8f364ff43 fix(simd): omit setting SVE VL in SIMD restore
034a31970f4e fix(simd): cosmetic comments
79dbd6f9ab99 fix(simd): mask out SMCCC SVE hint bit
96ffeee3175b fix(simd): use SMCCC SVE hint bit mask
ca92fb0d303a refactor(simd): FPU save/restore convert to C
42a5262ebd4a fix: SVE/SME unsupported in processor feature regs
731f40b91e39 fix(test): reorder log before sync call in echo_mp
9b579d365a2d chore: remove extra lines from echo_mp test log
8a5fd9d9163a feat(indirect message): use 'memcpy_trapped'
0a21db13d12d feat(ff-a): use memcpy that is trapped GPF
a2d1c3b9c94a feat: add implementation of `memcpy_trapped`
7388c18ef222 refactor: exception handling macros for reuse at EL2
568f2a7b8fb9 feat(aarch64): define macros to process GPF
462ad8d90796 chore(hftest): use common secondary stack definition
491ff30f1ac4 test(dir_msg): demo MP test with direct message
0c029c2719cd feat: prepare for MP tests
b186fecfdf78 feat: added macro SERVICE_SELECT_MP
592ede3c7b95 test(memory share): NWd to SWd device memory sharing
63af1fab1656 feat(memory share): enable NWd to SWd device memory lending
4339edcf0bb0 feat(memory share): validate sp device mem ranges
6dff8271fbdc test(memory share): check limits on device mem sharing
a4de8a56b211 test(memory share): device lend SP to SP
a56ec8eff0f5 refactor(memory share): attributes in test helpers
9764ff6bd861 feat(memory share): allow device memory lend SP to SP
941ef34e5741 test(manifest): device memory for overlaps
4d16572b89ac feat(manifest): check device memory region for overlap
163e1a95a253 fix: ensure device regions are mapped as nGnRnE
899c4f28ab00 docs: drop unnecessary build option
03ba75fe13c3 refactor: set vcpu of the NWd in preempted state
0247fe68743e refactor: use `vcpu_set_running` function
874737a43d64 docs: mte build option in TF-A integration
2d570d1ef339 ci: increasing timeout
6976541fcc9e fix: update docs to use correct MTE build flag
b1dbca99bae7 docs: update docs with new RXTX_MAP/UNMAP behavior
738bee137e1d feat(ff-a): validate FFA_RXTX_MAP/UNMAP against NWd page tables
41e8d5b1f805 refactor: set vcpu in preempted state
e143080baf9b feat: add `vm_lock_both_in_order`
587cd29b5d3a test: FFA_CONSOLE_LOG with extended registers
740f74fc95c6 feat: support extended register set for `FFA_CONSOLE_LOG`
b9705e2bd383 fix(ff-a): check that hypervisor's TX buffer is set-up
95f0e6033ad9 fix: fix typo in static_assert
f98b2aa1d407 feat: add helpers for names of various enums
84710f315ae7 refactor(ff-a): use bitfields for memory access bitmaps
2fc6dcfa97e0 feat: update BL31 binary to optimize NS context management
5386559b386a feat: save and restore non-secure peripheral registers
80a7b7fe9abe feat: save and restore non-secure MTE context
0ec38247a973 feat: save and restore non-secure system reg context
c70bacdd5054 refactor: create helpers to save and restore sys reg context
3956b2e6074a fix(direct message): tests to look for FFA_BUSY
7ea3f7ec8cb9 fix(direct message): reorder checks for FFA_BUSY
e5262378c5d7 fix(memory share): missing flag if permissions RO
c972cc6de311 fix(memory share): data access permissions
7de61af932d1 fix(memory share): sender and receiver are the same
f779fb7ed4eb fix: ffa_msg_wait shall not change the mailbox state
dc8cf3b899e6 test(ff-a): NPI not supported on EL0 partition
f1ed5f16cd59 fix(ff-a): report NPI unsupported on EL0 partition
76f1c8f03c27 test(ff-a): SRI is unsupported on secure world
cb6642c1cd6a fix(ff-a): report SRI unsupported to secure partitions
f7861301c512 test(ff-a): FFA_FEATURES returns max RXTX buffer size
0fd672906e61 feat(ff-a): report RXTX buffer size in FFA_FEATURES
f2b6fd1e8e7d test(ff-a): fix counts for ffa_info_get with multiple uuids
a1de3c5f69f6 feat(ff-a): add multiple uuids to partition info desc
3bbed8f554d2 fix: allow code coverage tests to run despite fails
6e3abcff0f1b docs: add FFA_MSG_SEND_DIRECT_REQ2/RESP2 support
364400e8d91b refactor: linux driver statically allocate vms
e0ca9a07de7b refactor(memory share): introduce ffa_memory_access_impdef_init
f1dd1e1375a8 fix: partition message total size check
37b75119ed18 fix: partition message offset check
0abd88768e9a test: FFA_MSG_SEND_DIRECT_RESP2 intercepted
4847e3bdd837 test(dir_msg): cyclic dependency with two ABIs
9375a292b992 test(smccc): test register integrity across FF-A versions
bed1dae8b4c1 test(dir_msg): extend multiple uuids test
f06b52366f40 fix(mem sharing): return error if receiver count is 0
5e425040abf4 test(memory share): multiple borrowers from v1.1 SP
a76fd9165b4b fix(memory share): broken assert in send from SP to multiple
d50411214cb8 docs: update memory sharing to reflect recent changes
607c724cbda3 chore: increase timeout for sp_route_interrupt_to_secondary_vcpu
106c8cec1662 fix: reduce verbosity on passing tf-a-tests
9ae48e998450 test: intercept direct response between two SPs
ca2f92d3adf1 test: enable specifying options for sp_fwd_sleep command
0a704e559d7e fix: unwind call chain after intercepting direct response
5a0991746afa fix: error return in FFA_MEM_PERM_GET/SET
f06ee9df186d fix(memory share): drop assertion sender ID
89c221317513 fix: per-vCPU/global bind/set mismatch
30ac91dc9c78 fix: global notifications shall use vCPU ID 0
6b754a188dca fix: flags that mbz are checked
f020814b4105 chore: improve log message in notification set
7333dcfaf21a fix: notification set error code
1512acc0a69c chore: print bitmap on FFA_NOTIFICATION_BIND
7ccaccf2ab18 fix: invalid ID in bitmap create/destroy
2a500071f224 fix: spmc test script didn't capture failures
37e559da0f07 refactor(tc): remap console logs
a3905006b590 test(dir_msg): add FF-A version based tests
382e0c622a79 test(ff-a): registers preserved after dir_resp
352388760d18 feat(ff-a): preserve extended registers in dir_resp
81237694db4d test: exercise interrupt handling while processing indirect message
8922671489d9 test: support for services to parse device regions
93978b038e4d test: add twdog helpers to primary_with_secondaries
9a1b9c0bff6b test: make sp805 driver common across test setups
ba2488560be8 fix(interrupts): intercept ffa_msg_wait to signal virtual interrupt
ba22a72b8866 refactor: add helpers to intercept and resume ffa calls
7182163a2245 docs: update ff-a bindings for static dma isolation
555f8882f437 docs: add support for static dma isolation
7c7b1a7764ef feat: demonstrate specifying dma device count per partition
0715f32ba515 feat(smmuv3): restrict access of streams to limited memory regions
0e57d3d35892 feat(iommu): map memory regions into dma page tables
070f49ebfb4a feat: initialize page tables for enforcing dma isolation
8a3644777dc1 feat: allow platforms to specify dma device count per partition
e032af5e6a37 feat: track dma devices and map to stream ids
3c2b7911e6ee feat: retrieve dma properties for each memory region node
1ced4cb719ff feat(sme): add NS SME save/restore operations
ffdeb23a067b feat(sme): introduce an SME module
52bbdee7487c feat(sme): add SME related definitions
5b5883351c94 feat(simd): SIMD NS save/restore convert to C
dc112d50c258 refactor: make is_arch_feat_sve_supported inlined
d71c83aa8f44 feat(sve): introduce an SVE module
b0faf45a6c4a fix: ensure SVE traps are enabled when running SPs
063ad835b5bd feat(memory share): revert protect action
fd2060536fee feat(memory share): unprotect memory on reclaim
460d36c1fc58 feat(memory share): protect on memory lend/donate
cf6253e3abec feat(memory share): protect/unprotect memory
a2ff04126675 feat(rme): add protect/unprotect memory functions
0a83dc2bf94c feat(memory share): define ffa_map_actions
dad6003e1fcd feat: add build options for memory protect
cb4dc90811b6 feat: arch helpers to check RME support
2e14ebe8b6e3 fix(memory share): fix behaviour of relinquish clear flag
3d0a462034c0 ci: separate static checks in a script
674e4de6bb3a refactor: mailbox doesn't need size and sender
44e9b3b7bebb fix(memory share): hypervisor retrieve request
7b6ab6195d84 fix(memory share): set size of access descriptor
4f0d9c1843cf refactor(memory share): split memory retrieve req
d61246b6c5e1 fix(ff-a): do not report FFA_EL3_INTR_HANDLE to VM
40d09d2ce60c docs: added section for building a single platform
f90f1f12de0a feat(build): check platforms exist before building
41ef8baba363 refactor(memory share): use receiver_offsets to find receiver array
39bc21b07309 test(dir_msg): test direct message abi pairs
e468c1168124 fix(dir_msg): enforce direct message ABI pairs
cf7cc68012d3 test(ff-a): add FF-A v1.2 ffa_features test
58fe07d70fea test(dir_msg): end-to-end direct msg test with multiple uuids
422b10bc6991 feat(uuids): add support for multiple UUIDs per partition
036cc592731b test(ff-a v1.2): ffa_run to zero extended registers
434bea9652a1 test(dir_msg): add tests for FFA_MSG_SEND_DIRECT_REQ2
de0b0da535a1 test(dir_msg): extend registers in dir_msg tests
087e50241881 feat(dir_msg): add FFA_MSG_SEND_DIRECT_RESP2
db6a08b7cc6c feat(dir_msg) extend FFA_MSG_SEND_DIRECT_REQ2 registers
734ddc4e7cfb test(dir_msg) test FFA_MSG_SEND_DIRECT_REQ2
41fea93fe85b feat(dir msg): add FFA_MSG_SEND_DIRECT_REQ2
86d9fa741b86 feat(prebuilts): add SPMD support for ff-a v1.2 dir msg
c0e7dc20f2a9 docs: update messaging method ff-a binding
f71dee4c7bab feat(manifest): support FF-A v1.2 direct messages
9681574575c0 test(memory share): add test for FF-A v1.1 endpoints
63130e572dbe refactor(memory share): correct names of versioned share tests
909d3bbeca84 test(memory share): check memory access invalid values
59ffee9ba6bd test(memory share): introduce impdef value check
de974ca9b936 feat(memory share): add impdef field to ffa_memory_access
c7dc932e9a15 feat(memory share): check memory region desc values
d5ae44bed0c1 refactor(memory share): add helper for accessing receivers
36e0bdbf58e6 refactor(memory share): make ffa_memory_region update common
64400234fe31 refactor: make is_arch_feat_bti_supported inlined
109c6d4c0e5b fix: restrict HF_INTERRUPT_INJECT to Hypervisor
0926addea321 feat(amu): enable traps
0a1a9f861e6d feat(ff-a): update el0 services to v1.2
78788f863ca5 fix: ignore spurious interrupt and resume preempted vcpu
c5b20e7e0d6b chore: remove clang toolchain from prebuilts
6b351bc82c92 feat: build multiple targets at once
fdd59f75403f refactor: remove plat_ffa_other_world_mem_retrive function
ed7dee80b329 test: exercise interrupt handling with interrupts masked
3aafcb620cf4 test: add helpers and extend command args to mask interrupts
151c2e7f0bf3 fix(interrupts): intercept direct response to signal virtual interrupt
09e086a7dbcf fix(interrupts): reset implicit completion signal
e1562a1488c3 feat(rd): secure hafnium build for rdfremontcfg1 platform
e4fe29698285 feat(ff-a): update FF-A version to v1.2
ad7451b1faee feat(prebuilts): update TF-A prebuilt binary to FF-A v1.2
ed508c80a039 chore: make function private to ffa_memory
b56aac880e08 fix: explicit boolean for `share_state` pointer
639ddfc0193e fix(memory share): read-only memory can't clear memory
41d4fef0f044 fix(memory share): error code in retrieve request
03f08d3dc4b8 feat(gicv3): ensure implementation supports two security states
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add support for tf-a version v2.11.0 and mbedtls 3.6.0. Modifications
to the license checksum were necessary due to the addition to that file
for DICE (which is Apache 2.0 licensed) for TF-A and the dual license of
mbedtls (Apache 2.0 and addition of GPLv2).
NOTE: FVP base is having (more of) an issue with CI on the newest TF-A,
with SSH tests timing out. Holding that back to the LTS version until
it cane be resolved.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Adding CMSIS support, as it is now required. Also, the SHA being
referenced by tf-m for cmsis is an intermediate SHA (between the v6.0.0
and v6.1.0 release tags). Finally, mbedtls is now using git submodules.
Signed-off-by: Jon Mason <jon.mason@arm.com>
This flag should not be set here and the ARM_FVP_EULA_ACCEPT
should be set to True manually before building for the FVP, as it is
mentioned in the Corstone-1000 User guide:
export ARM_FVP_EULA_ACCEPT="True"
Fixes: 6e2a54748 ("kas: Corstone-1000 kas files updated")
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The reset has to be removed from the TF-M side after capsule update
because it caused data abort exceptions on the host side.
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
The buffer size has to be increased to fit the EFI variables which got
increased metadata sizes.
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The increased EFI variable metadata need bigger buffer so it can
be transfered to the Secure Enclave without memory overflow
issues. The heap and buffer sizes had to be aligned with the.
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The private authenticated variable changes increased the variables
metadata. The PS max asset size and related buffer sizes have to be
increased because of this.
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The fvp-timer.cfg enables two modules for the SP804 and SP810 devices.
These are older pieces of hardware that predate the architectural timer
in modern systems, so even if the drivers are built they will not be used
by the kernel.
Whilst this is a good reason to remove them, another reason is that the
SP804 driver is incorrectly defined in the Kconfig so it can only be
built if a machine selects it explicitly (for arm64, only ARCH_BCM2835
and ARCH_HISI do this) or if COMPILE_TEST is enabled.
This led to COMPILE_TEST being enabled so that this driver can be built.
However, COMPILE_TEST does more, notably it turns on COMPILE_WERROR which
then makes any compile warnings fatal. This is inconvenient, especially
when compiler upgrades happen.
Remove the timer configuration entirely: the architectural timer is used
so this is entirely redundant.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The BB_HASHSERVE_UPSTREAM has issues which cause significantly less of a
match than expected. Update with the correct values to get the expected
behavior.
Fixes: 6e9525115b ("CI: add Yocto Project SSTATE Mirror")
Signed-off-by: Jon Mason <jon.mason@arm.com>
OPTEE and ftpm tests are failing in CI on slower systems due to timing
out, but actually finish when given enough time to complete. Increase
the timeout value to be roughly 100 seconds longer than the time it is
currently taking to finish on the slower systems.
Fixes: d450786667 ("oeqa runtime: add optee.py test")
Fixes: ba315f7242 ("oeqa runtime: add ftpm.py test")
Signed-off-by: Jon Mason <jon.mason@arm.com>
This changeset updates the user guide to test the secureboot for both the
FVP and FPGA.
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The psa-iat-api-test was failing because the PLATFORM_HAS_ATTEST_PK
flag was added to the build for Corstone1000.
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Crypto-AEAD-APIs tests fails on mps3. Configures CC312 mps3 model
same as predefined cc312 FVP configuration while keeping debug
ports closed.
Signed-off-by: Ali Can Ozaslan <ali.oezaslan@arm.com>
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Corstone1000 does not properly clean the cache and disable gic interrupts
before the reset. This causes a race condition especially in FVP after reset.
This adds proper sequence before resetting the platform.
Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
openSUSE upgraded to 15.5
openSUSE Licenses updated to reflect update from 15.4 to 15.5
License now includes: Apache-1.1, BSL-1.0, IPL-1.0, Sleepycat, Zlib
Signed-off-by: Ben Cownley <ben.cownley@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Move the pexpect import inside the test method so that on machines without
pexpect installed we can still parse the test cases, even if this one
won't be pass.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
As of oe-core b040597, the ssh-pregen-hostkeys recipe is limited to the
qemu* machines only, so that it can only be used in development or
emulation and not in production.
We have some virtual machines in meta-arm-bsp which don't match the
COMPATIBLE_MACHINE in the recipe but still benefit from this recipe, so
add a bbappend to enable it.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
On some CI systems, the bitbake server is timing out at 1 mins.
Increase to 5 mins, which hopefully should give enough time without
letting it run forever.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update to the latest gn commit and remove unnecessary patches and build
parameters
Changes in gn between 4bd1a77e67958fb7f6739bd4542641646f264e5d and f284b6b47039a2d7edfcbfc51f52664f82b5a789
f284b6b47039 [src] Add "#include <limits>" in the //src/base/files/file_enumerator_win.cc
155c53952ec2 Get updates to infra/recipes.py from upstream
d823fd85da3f Revert "Teach gn to handle systems with > 64 processors"
f07499aebcf5 [apple] Rename the code-signing properties of create_bundle
415b3b19e094 Fix a typo in "gn help refs" output
93ee9b91423c Revert "[bundle] Use "phony" builtin tool for create_bundle targets"
cfddfffb7913 [bundle] Use "phony" builtin tool for create_bundle targets
06cdcc8e1fa8 [ios] Simplify handling of assets catalog
22581fb46c0c [swift] List all outputs as deps of "source_set" stamp file
59c4bb920542 [swift] Update `gn check ...` to consider the generated header
dd0927eb34bb [swift] Set `restat = 1` to swift build rules
88e8054aff7b Fix build with gcc12
e05c0aa00938 [label_matches] Add new functions label_matches(), filter_labels_include() and filter_labels_exclude()
f19d5817e7ba [swift] Remove problematic use of "stamp" tool
6253a39dbc43 Implement new --ninja-outputs-file option.
5787e994aa4c Add NinjaOutputsWriter class
03d10f1657b4 Move InvokePython() function to its own source file.
0cdb7dd27f5c zos: build with -DZOSLIB_OVERRIDE_CLIB to override creat
d4f94f9a6c25 Enable C++ runtime assertions in debug mode.
0a2b8eac80f1 Fix regression in MakeRelativePath()
8b973aa51d02 fix: Fix Windows MakeRelativePath.
a3dcd7a7ad86 Add long path support for windows
a2e2717ea670 Ensure read_file() files are considered by "gn analyze"
fc722252439e apply 2to3 to for some Python scripts
5110a7f03e86 Add rustflags to desc and help output
f99e015ac35f strings: support case insensitive check only in StartsWith/EndsWith
b5adfe5f574d add .git-blame-ignore-revs
d6085ac6a95b use std::{string,string_view}::{starts_with,ends_with}
8bd36a27c076 apply clang-format to all C++ sources
5d76868385b8 add forward declaration in rust_values.h
b8562a4abd95 Add `root_patterns` list to build configuration.
5fd939de8a66 Use c++20 in GN build
d4be45bb28fb update windows sdk to 2024-01-11
71305b07d708 update windows sdk
85944ebc24a9 Add linux-riscv64.
7367b0df0a0a Update OWNERS list.
92e63272dc04 remove unused function
c7b223bfb225 Ignore build warning -Werror=redundant-move
bc5744174d9e Fix --as=buildfile `gn desc deps` output.
9a45b6123831 Update recipe engine to 9dea1246.
85bd0a62938b treewide: Fix spelling mistakes
e4702d740906 Optimize base::EscapeJSONString for ASCII inputs.
5d8727f3fbf4 [docs]: Mention implicit names in style guide
182a6eb05d15 Use magenta for warnings
991530ce394e Avoid unnecessary "Regenerating ninja files" step after running "gn gen"
c1fc04434c8e Fix variable use tracking for scope subscript accesses.
cc56a0f98bb3 [infra] Link to jemalloc instead of rpmalloc
811d332bd905 Move WriteSourceSetStamp to NinjaCBinaryTargetWriter
3fccef9033b9 [action][data deps] Make data-deps order-only deps of the action outputs
62ac86a938c3 [action] Add test for data_deps of an action target
1029a3b50873 Ninja: Always pass linker flags to rlib-generating command.
fae280eabe5d [serenity] Add SerenityOS port
11e12b0ef870 Remove obsolete comment
1de45d1a11cc Generate a StaticLibrary for rlibs and DynamicLibrary for proc macros
2a92efd396d3 Include library search paths when compiling rlibs
da5fe01bce4a Avoid unused and incorrect linker args in {{rustdeps}}
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add entry for how to get patches backported. Also, do some syntax
cleanups to make the README visualize better.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Some networks limit outgoing git: traffic, so use https:.
Fixes: 0cec3e5 ("arm/gem5/boot-wrapper-aarch64: Move main recipe to meta-arm")
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Initial checking providing support for RMM on QEMU's "virt" machine.
Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Includes TS and PSA dependency for firmware image build.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Recent changes to the FVP Base homepage have caused it to no longer be
searchable with the current Yocto tooling. Disable it to prevent issues
with `devtool check-upgrade-status`.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add corstone1000-recovery-image image based on core-image-minimal
while disabling the testimage task which is irrelevant in case of
an initramfs bundle.
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Corstone-1000 no longer uses OpenAMP, and it was the only platform
which needed this library.
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Corstone-1000 no longer uses OpenAMP, and it was the only platform
which needed this library.
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The OpenAMP is replaced by the RSE Communication Protocol and
the documentation had to by updated to reflect this change.
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Added the Corstone-1000 FVP platform to the ACS test build as well as
adding the arm-systemready-firmware variant to the Corstone-1000 FVP
build.
Signed-off-by: Drew Reed <Drew.Reed@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update the Corstone-1000 user guide with the new instructions on how to
build/use an ESP image and how to use the meta-arm-systemready layer to
run the ACS tests.
Signed-off-by: Drew Reed <Drew.Reed@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The SystemReady IR ACS test suite require that there is a valid ESP
partition available to the system. This change creates a new image that
only contains a ESP partition and ensures it's mounted on the second MMC
card so it's available when the SystemReady tests run.
The diagnostic level of the 2 MMC cards have also been lowered to
improve the ACS test duration.
Corrected a spelling mistake in the corstone1000-flash-firmware-image.bb
file.
Signed-off-by: Drew Reed <Drew.Reed@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Added the missing meta-arm-systemready required variable to enable its
use with the corstone1000-fvp machine. Also explicitly set all the
consoles.
Signed-off-by: Drew Reed <Drew.Reed@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The nodistro settings in poky set the TMPDIR variable to include the
TCLIBC value so we need to spot that and swap the TCLIBC for the musl
one used in the firmware multiconfig.
Signed-off-by: Drew Reed <Drew.Reed@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The regex used to validate compatible machines is incorrect as it's only
checking the machine name starts with "fvp" not "fvp-" as intended.
It's also been modified to allow FVPs called xxx-fvp to be compatible
with Corstone-1000.
Signed-off-by: Drew Reed <Drew.Reed@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
After enabling additional features in Trusted Services, the size of BL32
image (OP-TEE + Trusted Services SPs) is larger now. To create more space
in secure RAM for BL32 image, this patch removes NS_SHARED_RAM region which
is not currently used by corstone1000 platform.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This change enables the UEFI secure boot and its related configurations
for corstone1000
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The .nopt and capsule are generated during the yocto build. Sync the
documentation with the changes.
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Currently, only the Corstone-1000 platform uses the capsule generation
class. Corstone-1000 uses U-Boot instead of EDK2. With this change,
the dependency on EDK2 was removed.
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The .nopt image is used during the UEFI Update Capsule generation.
This .nopt image was generated manually when it was needed.
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
optee-os test xtest needs additional test trusted applications (TA) from
optee-os-ta package to pass. Execution time for ftpm test is around 21
seconds and 596 seconds for optee-test/xtest on an x86_64 build machine.
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
optee-os test xtest needs additional test trusted applications (TA) from
optee-os-ta package to pass. Execution time for ftpm test is around 18
seconds and 430 seconds for optee-test/xtest on an x86_64 build machine.
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Test checks that ftpm kernel driver interfaces are available.
If fTPM optee TA is missing or crashes, the kernel driver does not
show the interfaces. A more functional tests would be to use tpm2-tools
from meta-security/meta-tpm but those require additional layer
dependencies which are maybe too much for now. tpm2-tools also depend
on starting tpm2-abrmd before the tools work. The ftpm kernel driver
depends on fully running tee-supplicant in userspace and the optee
side ftpm TA which takes some time. When manually running the tests
some of them failed since ftpm was not yet initialized. The boot
was not complete in those cases so added a workaround for that.
Better would be for all of the tests to start only once boot is
complete, not when ssh is available. Also, the qemuarm64-secureboot
machine includes optee and ftpm TA but does u-boot is not configured
to use the TPM device so boot is not measured.
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
If firmware TPM TA is compiled into optee, it needs a bit more
heap to pass optee-test/xtest suite.
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
All other firmware boot components also continue booting
if TPM is not found. It is up to subsequent SW components
to e.g. fail if rootfs can't be decrypted. Enables policies
like fall back to unencrypted rootfs if TPM device is
not found with qemu and swtpm.
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
There are two recipes in meta-arm-systemready that download ISOs for
testing purposes. Build them in CI to verify that the fetch is
successful.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
These recipes look like images but are not constructed the same way,
specifically there is no WORKDIR/rootfs/ directory. If buildhistory is
enabled this will cause it to abort, so disable image data collection in
buildhistory.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
We recently switched the CI to not disable ptest, but this breaks builds
that use the GCC binaries built by Arm (external-arm-toolchain). This is
because the external-arm-toolchain recipe can't build packages for the
target, and the standard oe-core gcc recipes assume that they're being
built with themselves and make assumptions, specifically that libunwind
was enabled and headers can be copied directly from the sysroot.
This is a bigger problem that should be solved somehow, but for now we
can just remove ptest in the external-gccarm CI jobs which removes gcc
from the builds (it comes in via elfutils-ptest RDEPENDS).
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Functions that take 32-bit time_t types are unavoidable in the libc, so
ignore the warnings.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Reviewed-by: Denys Dmytriyenko <denis@denix.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This patch will be merged upstream soon, apply it locally to unblock CI.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add YAML language server comments so that IDEs know what schema to use
for the Kas files.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
trusted_services.py:test_15_crypto_service runs ts-service test with
an incorrect argument list. The -g argument does not accept two group
names. This resulted in a silent failure.
Fix this by relying the pattern matching capability of the argument.
Additionaly remove references to OP-TEE from test messages as TS tests
are SPMC agonistic.
Signed-off-by: Gyorgy Szing <gyorgy.szing@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update TS and dependencies to latest version of the integration branch.
Remove patches merged upstream.
Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add a recipe to enable building and deploying the FWU service
implemented in the Trusted Services Project. The FWU service can
help vendors to meet PSA certification requirements.
Signed-off-by: Gyorgy Szing <gyorgy.szing@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Due to how the timer in u-boot is implemented, it's quite possible for
a two second timeout in the u-boot login to actually take over 15s to
expire.
Take a patch from the mailing list to implement this differently so the
timer runs in an accurate amount of time.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
add support for the remoteproc control feature for the external system
With this feature we can switch on/off the external system on demand:
echo stop > /sys/class/remoteproc/remoteproc0/state
echo start > /sys/class/remoteproc/remoteproc0/state
During Linux boot the remoteproc subsystem automatically start
the external system. The user can use the commands above to
stop then start the remote core.
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
describe the external system as a remoteproc node in the device tree
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
install the external system binaries under /lib/firmware
The kernel's remoteproc subsystem expects the firmware file to be under /lib/firmware
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
When trying to replicate a build locally, having the exact list of Kas
files that was used is very useful.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add the Yocto Project public SSTATE mirror to its own unique yml file.
This allows for developers to use this to speed up builds, while not
adding in the default case. This "off by default" is because it can add
10s of minutes to each build, which might not be beneficial to those who
are using SSTATE dir locally.
Also, removing the removal ptest distro feature, as this change prevents
an optimal usage of the YP SSTATE mirror (~30% match to ~90% match for
qemuarm64).
Signed-off-by: Jon Mason <jon.mason@arm.com>
These BSPs are now obsolete.
Users of generic-arm64 should use genericarm64 from meta-yocto-bsp.
Users of qemu-generic-arm64 should use sbsa-ref from meta-arm-bsp.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This is mostly based on the existing qemu-generic-arm64 machine, but by
not being based on the genericarm64 and instead being specifically a
machine to run on the qemu sbsa-ref machine we get to tune differently.
Specifically, this configures sbsa-ref to be a Neoverse N2 (v9), and the
tune is set to match. Another notable difference to qemu-generic-arm64
is that the kernel configuration is at present defconfig. We may wish
to change this in the future to be the same fragmented configuration as
genericarm64.
We have to ignore two testimage parselogs failures: one from NUMA which
will be fixed in a future EDK2 release, and one from efifb where we
should be using the bochsdrm driver instead (further investigation is
needed)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add the new genericarm64 in meta-yocto-bsp to the CI.
This new BSP is heavily based on the meta-arm generic-arm64 machine, but
with an all-new fragmented kernel configuration.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Some BSPs use a proper initramfs and putting a SSH server into them
via this :append isn't ideal. Adding using += should be sufficient.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Every platform should have the chance to try the -rt patches.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This class is no longer used by any machines, so remove it.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
- The Secure Enclave Proxy Secure Partition fails at psa_call()
because wrong parameter was passed.
- The SMM Gateway initialization failed because a malloc()
returned a NULL pointer. The SMM_GATEWAY_MAX_UEFI_VARIABLES
had to be decreased to avoid this.
- Increase shared memory buffer size and add buildtime check
- Use __packed for the variable_metadata struct
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The Trusted Services v1.0 uses new RPC protocol and the message
fields in u-boot had to be synchronized.
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add configuration settings to TF-A, OP-TEE and TS SPs needed to get TS
built and run on the fvp-base machine.
Signed-off-by: Gyorgy Szing <gyorgy.szing@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Version v11.25 was released and it fixes measured boot. Update the
recipe and integrate the new version.
The pattern of the download URL has changed. Add functionality to
calculate a new URL fragment from the package version.
Signed-off-by: Gyorgy Szing <gyorgy.szing@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The current version of the TS recipes fails to build if the TS
environment is not set to opteesp. Change the recipes to allow building
the sp environment.
This environment targets "generic" secure partitions and produces SPMC
agnostic SP binaries which should be able to boot under any FF-A v1.0
compliant SPMC implementation.
Signed-off-by: Gyorgy Szing <gyorgy.szing@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
MbedTLS fails to build when FORTIFY_SOURCE is enabled and the NWd
configuration is used. Disable the compilation option temporary till
the root cause can be fund and a proper fix be made.
The build only fails when building from yocto. The OP-TEE integration
works fine with gcc v13.2_rel1.
Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
- Update Trusted Services to v1.0.0.
- Update TS "external components" references to fetch the version
dictated by the TS repo.
- Remove patches merged up-stream.
- Update the TS nanopb integration fix (see 210a6ace83)
- Update TS test integration.
Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
- Update driver version to v2.0.0
- Follow up the name change. The driver has been renamed from
arm_ffa_tee to arm_tstee.
Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The .nopt and capsule are generated during the yocto build. Sync the
documentation with the changes.
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Currently, only the Corstone-1000 platform uses the capsule generation
class. Corstone-1000 uses U-Boot instead of EDK2. With this change,
the dependency on EDK2 was removed.
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The .nopt image is used during the UEFI Update Capsule generation.
This .nopt image was generated manually when it was needed.
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
A SRCREV for arm-platforms-kmeta was added years ago to get
yocto-check-layer working at the time, but was never removed (and never
updated). Removing now, since it is not necessary.
Signed-off-by: Jon Mason <jon.mason@arm.com>
A patch was dropped when trusted-firmware-m was updated to 2.0 but it
had not yet been merged upstream (2.0 or master).
Restore the patch to fix regression on Corstone-1000
Signed-off-by: Jon Mason <jon.mason@arm.com>
Upgrade the Debian distribution from version 11.7 to version 12.4 in the distribution installation.
Signed-off-by: Amr Mohamed <amr.mohamed@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Upstream master and scarthgap have now diverged, so use scarthgap whilst
we prepare for release. At the time of writing there is no scarthgap
branch for meta-clang, so leave that on master.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Increase the number of TLB entries from 0x80 to 0x400 and disable the
checking of memory attributes. In our CI, this makes testimage run in
576s instead of 803s.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Multiconfig is only needed when recovery and the mass storage images
are built together. It is not needed when firmware-only build is used.
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Enables host firewall and mpu setup for FVP. It also fixes secure-ram
configuration and disable access rights to secure ram from both normal world
for both mps3 and fvp.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
MM Communicate buffer is accessed by normal world but at the moment so it
should be located in DDR instead of secure-ram. This moves mm communicate
buffer to the DDR for trusted-service components.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
MM Communicate buffer is accessed by normal world but at the moment
it's allocated in the secure ram. This moves mm communicate buffer
to the DDR and also fixes the capsule buffer size since it cannot be
more than the bank size.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Remove the preferred version so that we track the latest release.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Some of the corstone u-boot patches are not properly formatted, causing
scripting issues. Regenerate them via:
devtool modify u-boot
git format-patch -N --no-signature devtool-base..HEAD
mv *.patch ~/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update to the latest stable version (1.5.2), comprised of the following
commits:
5d86f27a8c0a opencsd: Update version info and README for 1.5.2
71c50dda716f build: win: Fix name for ocsd-perr utility in windows build
599551d3ea09 opencsd: docs: Update docs for test programs
769faaa6368a opencsd: docs: Update trc_pkt_lister man file
b957577e71bf tests: Fix typo in trc_pkt_lister help output
dca84a74a0d5 build: Fix clean of mem_acc_test
85fd025eed35 opencsd: stm: Fix build warning in 64 bit build of STM
2145b81b4b61 opencsd: etmv4: Fix build warning on decoder
169cc07d3625 docs: Fix formatting in README.md
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update to the latest stable version (2.10.3), comprised of the following
commits:
fc93d0edfc52 docs(changelog): changelog for lts-v2.10.3 release
4a10950a8538 docs(changelog): display all sections
bafc27c8d7cf chore: rename Poseidon to Neoverse V3
a6256d7a2638 feat(cpu): add support for Poseidon V CPU
ef393a3f9fa2 fix(cpu): correct variant name for default Poseidon CPU
81931a13a835 fix(cpus): workaround for Cortex-A715 erratum 2413290
baf14745f117 fix(cpus): workaround for Cortex-A720 erratum 2926083
635c83eb456a chore: update status of Cortex-X3 erratum 2615812
03636f2c3d60 fix(cpus): workaround for Cortex-A720 erratum 2940794
e86990d0911d fix(cpus): fix a defect in Cortex-A715 erratum 2561034
b59307ef8efd fix(cpus): workaround for Cortex-A715 erratum 2413290
44f36c48f280 docs(sdei): provide security guidelines when using SDEI
11cb0962f7ac docs(threat_model): mark power analysis threats out-of-scope
3e3ff298a614 fix(cpus): workaround for Cortex-A715 erratum 2344187
d466c5d4d27b fix(cpus): workaround for Cortex-X4 erratum 2701112
940ebbe2d1d0 fix(cpus): workaround for Cortex-A715 erratum 2331818
04c60d5ef31c fix(cpus): workaround for Cortex-A715 erratum 2420947
b7ed781eea74 fix(gic600): workaround for Part 1 of GIC600 erratum 2384374
58646309aedf chore: rearrange the fvp_cpu_errata.mk file
a234f540b727 fix(cpus): add erratum 2701951 to Cortex-X3's list
a24c8006ea39 refactor(errata-abi): workaround platforms non-arm interconnect
9fe65073d442 refactor(errata-abi): optimize errata ABI using errata framework
301698e15bc8 fix(cpus): workaround for Cortex-A715 erratum 2429384
5f8f745c7e99 fix(cpus): workaround for Cortex-X3 erratum 2372204
Signed-off-by: Jon Mason <jon.mason@arm.com>
The get_testimage_json_result_dir helper in OE core was deleted in
commit 01b1a6a5a4e7cede4d23a981b5144ae9c8306274 in preference for a
common utility. Change the reference within the Arm SystemReady ACS
log handler utlity.
Signed-off-by: Debbie Martin <Debbie.Martin@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This change upgrades the tftf version to v2.10 for the Corstone-1000.
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Since sbsa-acs requires edk2-firmware, it bases its SRC_URI on that.
The first entry of SRC_URI is what is used to determine the latest
version. So, specify an alternative URI to determine the correct
version.
Signed-off-by: Jon Mason <jon.mason@arm.com>
This change upgrades the trusted-firmware-m version to 2.10
for n1sdp.
Signed-off-by: Ali Can Ozaslan <ali.oezaslan@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
As of oe-core ba391d3, hashserv lookups will use authentication from the
.netrc file. However, Kas will write invalid netrc files with comments,
which causes bitbake to emit warnings.
This has been fixed in Kas in e700729 but until Kas 4.3.2 is released we
can ignore this warning specifically when checking the logs.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
When the URL and names of the toolchain tarballs changed, the
UPSTREAM_CHECKs were not modified with the proper values. This causes
the tooling to not show when new versions are available. Modify to get
it working again.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Initial checking providing support for RMM on QEMU's "virt" machine.
Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
To reduce build and test times in CI, move the dev kernel outside the
standard matrix. This results in it still being built and tested for
the platform, but only with gcc/glibc (and not against clang and musl).
This greatly reduces the number of permutations that need to be
verified.
Signed-off-by: Jon Mason <jon.mason@arm.com>
gcc-arm-none-eabi v11.2 is no longer needed by tf-m. Remove this
version, as there is a newer one available.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update to the latest version of SCP. In this release, some of the
platforms were grouped into common family directories, which
necessitated adding a variable to specify which one.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update to the latest version. Also, remove the gcc12 workaround, as
that was added in edk2 commit 206168e83f090, which has been included
since the 202305 release.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update the TF-A recipe to the latest stable version (2.10.2).
NOTE: tf-a-tests did not have a corresponding stable release. So,
keeping back at 2.10.0.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Adds a recipe (ts-sp-block-storage) to build the Block Storage
secure partition to enable feature development for downstream users.
Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Remove scp-firmware sha for intermediate version
to update to v2.13 according to the Arm Reference solutions
Feb-2024 manifest.
Signed-off-by: Anusmita Dutta Mazumder <anusmita.duttamazumder@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
With clang 18, optee-os no longer compiles cleanly. It is now seeing:
| In file included from core/arch/arm/kernel/vfp.c:6:
| In file included from core/arch/arm/include/arm.h:131:
| core/arch/arm/include/arm64.h:436:1: error: expected readable system
register
| 436 | DEFINE_U32_REG_READWRITE_FUNCS(fpcr)
| | ^
| core/arch/arm/include/arm64.h:417:3: note: expanded from macro
'DEFINE_U32_REG_READWRITE_FUNCS'
| 417 | DEFINE_U32_REG_READ_FUNC(reg) \
| | ^
| core/arch/arm/include/arm64.h:411:3: note: expanded from macro
'DEFINE_U32_REG_READ_FUNC'
| 411 | DEFINE_REG_READ_FUNC_(reg, uint32_t, reg)
| | ^
| core/arch/arm/include/arm64.h:398:15: note: expanded from macro
'DEFINE_REG_READ_FUNC_'
| 398 | asm volatile("mrs %0, " #asmreg : "=r" (val64));
\
| | ^
| <inline asm>:1:10: note: instantiated into assembly here
| 1 | mrs x8, fpcr
| | ^
Issues are also seen on optee-examples and optee-test.
Forcing GCC for all optee recipes until this issue can be resolved.
Signed-off-by: Jon Mason <jon.mason@arm.com>
The workaround is no longer needed because with the
0043-firmware-psci-Fix-bind_smccc_features-psci-check.patch file the
u-boot PSCI driver is compliant with the PSCI specifications.
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The u-boot PSCI driver was not compliant with the PSCI specifications so
this patch had to be added.
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
GNU Arm compiler version greater and equal than *11.3.Rel1*
has a linker issue in syscall for TF-M 1.8.0. Let's bump to
TF-M 2.0 which contains the fix for the issue.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Ali Can Ozaslan <ali.oezaslan@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Corstone-1000 uses trusted-firmware-m as secure enclave software
component. Due to the changes in TF-M 2.0, psa services requires
a seperate client_id now. This commit adds smm-gateway-sp client id to
the FMP services since FMP structure accessed by u-boot via
smm-gateway-sp.
Signed-off-by: Ali Can Ozaslan <ali.oezaslan@arm.com>
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Enable the patch-status warning for meta-arm and meta-arm-bsp.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The user guide document for Corstone-1000 has been updated to reflect
the changes required following the multiconfig changes as well as now
running the fvp within the kas shell to ensure all environment variables
are picked up correctly.
Signed-off-by: Drew Reed <Drew.Reed@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The 2 Corstone-1000 kas files files are updated following the
multiconfig changes. The pinned commits have been commented out and
the default branch changed to master to allow the file to build valid
images.
Signed-off-by: Drew Reed <Drew.Reed@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Fix the build with DISTRO_FEATURES containing "usrmerge":
make: *** No rule to make target '/.../optee-os/4.1.0/recipe-sysroot/lib/optee_armtz/bc50d971-d4c9-42c4-82cb-343fb7f37896.stripped.elf', needed by '/.../optee-os/4.1.0/build/core/early_ta_bc50d971-d4c9-42c4-82cb-343fb7f37896.c'. Stop.
Fixes: 6a105f47b9 ("optee-ftpm: Install artifacts into nonarch_base_libdir")
Signed-off-by: Alexander Sverdlin <alexander.sverdlin@siemens.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
To ensure the psa and optee tests are included in the initramsfs based
rootfs included within the flash image so the tests can be run.
Signed-off-by: Drew Reed <Drew.Reed@arm.com>
To allow us to continue to ship Corstone-1000 releases that only include
the firmware with the built in Linux image we need a way to build it
outside of the multiconfig builds.
Signed-off-by: Drew Reed <Drew.Reed@arm.com>
By building the Corstone-1000 firmware under the firmware multiconfig we
can also build a minimal standard core image to be mounted in the fvp as
a mass storage device.
To do this we had to enable the MMC card interface in the Corstone-1000
kernel configuration.
Signed-off-by: Drew Reed <Drew.Reed@arm.com>
To enable building rescue or bootstrap images that can be included into
firmware a "firmware" multiconfig option is required to allow the
building with different options to any mass storage image they may also
be built.
As this multiconfig build will occur under a different TMPDIR, we also
provide a deployment image to allow easy copying of the firmware into
another deploy dir.
Signed-off-by: Drew Reed <Drew.Reed@arm.com>
The TF-M configuration step can fail if the doxygen executable is found.
This commit disables the doc generation until this is fixed in the
upstream repos.
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Bumped kernel version to v6.6 and rebased N1SDP kernel PCIe quirk patches on top of this new version.
Signed-off-by: Anusmita Dutta Mazumder <anusmita.duttamazumder@arm.com>
Since there are no platforms using this version, the related files can
be removed.
Signed-off-by: Anusmita Dutta Mazumder <anusmita.duttamazumder@arm.com>
As we intend to build 2 Corstone-1000 disk images, one for the firmware
in flash and an external mass storage image the existing
corstone1000-image.bb file has been renamed to
corstone1000-flash-firmware-image.bb to make it clear what it's for.
The wks file for specifing the image layout has also been renamed to
make its purpose clearer.
Signed-off-by: Drew Reed <Drew.Reed@arm.com>
We can now use the standard poky distro configured to be small by
switching distrobution and using the standard minimal image
from poky.
To do this we also remove and image configuration options from the
machine config and apply them in the kas files.
Signed-off-by: Drew Reed <Drew.Reed@arm.com>
Moves a number of setting from the machine definition to the actual
recipes they apply too.
Added image configuration and dependancies to the flash image definition
file.
Reordered the settings in the machine definition to group them by
component that are related to.
Signed-off-by: Drew Reed <Drew.Reed@arm.com>
Moved the U-Boot configuration items from the machine definition to the
Corstone-1000 specific U-Boot append file as it makes it easier to the
U-Boot configuration for a machine in one place and to make it more
consistant with other platforms.
Signed-off-by: Drew Reed <Drew.Reed@arm.com>
The capsule_cert and capsule_key file generated by u-boot for
corstone1000 do not get deployed correctly since writingh the output directly
to ${DEPLOY_DIR_IMAGE} causes the sstate mechanism to malfunction
especially in the CI builds. This patch fixes the issue and deploy the
generated files correctly.
Signed-off-by: Ali Can Ozaslan <ali.oezaslan@arm.com>
Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
Setting an API key means we get higher rate limits. Because keys are
private, the key must be set in the environment of the runner.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This changeset fix the tftf tests issue on n1sdp. Before this change, the tftf tests were getting stuck on n1sdp.
The following changes have been done:
1. There were some tftf tests based on multicore which involve powering up the other cores. These tests were creating
issues and the same thing has already been mentioned in the tests-to-skip.txt file for n1sdp platform in tftf source.
Those tests are skipped while executing tftf and patch has been created.
2. The TFTF_MODE variable added for tftf v2.10 recipe file, as did earlier for tftf v2.9. With the help of this, we can
enable debug or relase mode. The configuration based on this has been added for n1sdp in the corresponding bbappend file.
3. Add PREFERRED_VERSION_tf-a-tests for v2.10.
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add a Kas fragment to enable the CVE checker. Disable warnings by
default but show them for the layers in meta-arm, because we only care
about meta-arm issues in this CI.
Explicitly hide kernel warnings as the kernel typically has tens of open
CVEs, and if we're carrying a kernel explicitly then it's typically an
interim kernel between releases.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Extend jobs-to-kas so the first argument is still the GitLab job name,
but allow further arguments to specify extra Kas files to use in
addition.
Then add a variable EXTRA_KAS_FILES to the CI configuration that
defaults to the empty string and pass this to jobs-to-kas.
This lets specific pipeline runs add extra Kas files, for example to use
experimental branches or enable extra features without touching the CI
directly.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Linux 6.1 will be removed from oe-core master shortly, so whilst we
still have BSPs that use it (specifically, n1sdp) carry a 6.1 recipe in
meta-arm-bsp.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Since there are no platforms using this version, this reciepe can
be removed.
Signed-off-by: Vikas Katariya <vikas.katariya@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Since linux yocto kernel 6.5 is EOL and other layers like
meta-virtualization dropping support for it, it would be
sensible to downgrade the kernel to 6.1 which is a LTS.
This is a temporary change and later we would move to 6.6 when its
officially supported on N1SDP.
This revert the following commits:
* 1fe76c893c
* 21df60b921
Signed-off-by: Jon Mason <jon.mason@arm.com>
Updated to the latest version. Corstone1000 doesn't seem to boot. So,
pull back the old version to meta-arm-bsp for it to use temporarily.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Changes were needed due to the 2.0.0 version not being available for
download at pypi (though listed as the latest version there).
Signed-off-by: Jon Mason <jon.mason@arm.com>
Scripts processing data for the patch ages need correct information in
the relevant fields to determine the age. Create/correct this
information where missing/incorrect.
Signed-off-by: Jon Mason <jon.mason@arm.com>
The SHAs for both libmetal and open-amp are intermediate SHAs, which are
only a few patches behind the v2021.04.0 tags. Update to those tags and make
the necessary changes to get them working.
Signed-off-by: Jon Mason <jon.mason@arm.com>
oe-core master has upgraded from 6.5 to 6.6, but as we have BSPs that
still use 6.5 (corstone1000, n1sdp) we need to carry the recipe. This
should be a short-term measure as 6.5 was EOL in December 2023.
Also, drop the unused 6.4 linux-yocto which was no longer needed since
N1SDP moved to 6.5 with 21df60b.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The tftf tests were getting crashed on the MPS3 and two issues were found
during investigation. This change set provide fix for those issues:
1. The tftf tests were getting crashed on the MPS3 when compiled with
LOG_LEVEL=50. So, reducing the log level and aligning it with the TF-A
allows us to get rid of the crash.
2. Once the above crash got resolved, it has been found that tftf tests
were getting asserted while reading the value of the register
GICD_ITARGETSR. The reason for the crash is that the value of this register
is zero. As per the GIC documentation, this register is RAZ/WI for uniprocessor
implementation and corstone1000 is uniprocessor implementation for FPGA.
So, this change compiles the tftf tests in release mode which allows us
to compile out the assert definitions.
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add CI builds for Arm SystemReady Firmware within the fvp-base CI job and a new
Arm SystemReady IR ACS build job. Add the CI kas config for each of these
builds.
The ACS build can be controlled by the ACS_TEST GitLab variable to specify
whether or not to run the testimage. If this variable is not set, the
testimage step will not run. The job tag can be controlled by the ACS_TAG GitLab
variable.
Signed-off-by: Debbie Martin <Debbie.Martin@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add the parted-native dependency explicitly which is needed to
use wic commands.
Also explicitly inherit testimage. This means that the kas config
is no longer required to include it in IMAGE_CLASSES.
Signed-off-by: Debbie Martin <Debbie.Martin@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update tf-a and mbedtls to the latest versions. Also, migrate the
previous version to meta-arm-bsp for corstone1000.
NOTE: in v2.10, the fiptool makefile was changed to reference LDOPTS
instead of LDLIBS.
NOTE: commit 408cde8a59080ac2caa11c4d99474b2ef09f90df in tf-a modifies
the qemu_sbsa starting offset, and per the commit comment, it requires
the edk2 same change. This is why the edk-platforms SHA has been
changed. There are only 19 patches between the previous SHA and this
one (most of which are adding a single platform). So, it shouldn't be
too impactful to bump the SHA (instead of making it a patch to apply
on top of the existing SHA).
NOTE: tf-a-tests added LDFLAGS to the makefile, causing the need for it
to be removed in the recipe.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Now that we've released 4.3 and branched, we can switch master CI back
to master.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
We enable PAC/BTI out of the box, but all of the pieces (such as gcc and
glibc) need to support it for the final binary to be protected.
Add a minimal test recipe to verify that the "Hello, World" binary is
using PAC/BTI, and add it to oe-selftest.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Readthedocs server requires an absolute path from project's root
directory to find correct requirements.txt and conf.py.
Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Upgrade the Corstone-1000 YMLs as follows:
- Set the layers SHAs
- Align with Kas v4
- Update the layers list
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Add a note for Capsule update negative test scenario and fixes instructions
regarding distro-boot in Corstone-1000 user guide.
Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
Signed-off-by: Delane Brandy <delane.brandy@arm.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Adds creating an EFI System Partition for Corstone-1000.
Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
align the release note with the upcoming CORSTONE1000-2023.11 release
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Use Ethernet over VirtIO on FVP due to lan91c111 Ethernet driver support dropped from U-Boot.
This patch enables virtio-net device in u-boot to pass ACS tests related to
NIC and PXE. The current ethernet device still works in linux kernel and
corstone1000-mps3 Ethernet device is supported by u-boot, so no change is
required regarding existing Ethernet device.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Adds virtio-net configuration to use virtio-net in corstone1000-fvp.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Update the user guide to include Linux distro installation on fvp
Signed-off-by: Delane Brandy <delane.brandy@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This fixes a race that is observed rarely in the FVP. It occurs in FVP
when tfm sends the notication ack in openamp, and then reset the access
request which resets the mhu registers before received by the host
processor. It implements the fix both in SE and the host processor openamp
wrapper. This solution enables polling on the status register of mhu until
the notificaiton is read by the host processor. (Inspired by
signal_and_wait_for_signal function in mhu_wrapper_v2_x.c in trusted-firmware-m
https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/platform/ext/target/arm/rss/common/native_drivers/mhu_wrapper_v2_x.c#n61)
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Upgrade the Arm binary toolchains to the latest version. Of note, the
untarred directory has camelcased the "R" in Rel (which was "rel" in the
previous versions).
Signed-off-by: Jon Mason <jon.mason@arm.com>
The fvp-base machine uses a v8.4 tune and the FVP itself is configured
to be v8.4, so also tell TF-A to use v8.4.
This is normally done in the TF-A board configuration, but the fvp board
is configurable.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
We already tell the FVP to be v8.4 cores, so tell the compiler to
tune for that instruction set too.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This CVE is specific to NXP i.MX boards which are documented as being
shipped unsecure, as they're meant for development.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Changes ns-interrupt-action for corstone1000. This will enable
preemption in the SPs which is the default way to handle interrupts in
trusted-firmware and optee documentation.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
When booting, the tee driver from kernel side
invokes a yielding call to OP-TEE, which gets
stuck because OP-TEE never sends Done response:
OPTEE_FFA_YIELDING_CALL_RETURN_DONE
This issue was previously resolved by introducing
an inappropriate patch to the kernel with 1 ms delay
in ffa_msg_send_direct_req.
Further investigation proved that OP-TEE doesn't
get enough processing time and is constantly interrupted
by the kernel requests. To remove this patch, TF-A logging
level is lowered to default (40 in debug builds and
20 in release builds), which eliminates the time consumed
previously by TF-A VERBOSE logs (giving OP-TEE more
processing time).
Signed-off-by: Mariam Elshakfy <mariam.elshakfy@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Corstone1000 capsule update implementation does not support use of
scatter_gather_list. This workaround passes 1 as scatter_gather_list value
to pass the NULL checks for scatter_gather_list while
CAPSULE_FLAGS_PERSIST_ACROSS_RESET flag is set (which is introduced lately to
align with UEFI specs). Since these flag checks are not implemented in u-boot
properly and corstone1000 does not support scatter_gather_list during capsule
update, this patch will skip the check only for on-disk capsule update.
This will be fixed with new capsule update design.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add an optional env argument to the run_fvp() function, and check that
DISPLAY is preserved.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The __main__ body used the return value of runfvp() as the exit code,
but this was never set.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Don't pass "" as the cwd as that fails, use None so the cwd doesn't get
changed.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
add debug.yml to the build command so the debug-tweaks image feature
is enabled
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This is no longer needed as Nanbield uses ttyrun to avoid re-spawning
gettys.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
corstone1000's uboot uses efitools-native from meta-efi-secure-boot, so
add the layer dependency to make this clear.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Use IMAGE_CLASSES rather than a direct INHERIT for fvpboot.
This is Yocto best practice as it is used to enable
functionality across all image recipes.
Signed-off-by: Debbie Martin <Debbie.Martin@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add systemready firmware, systemready ACS, systemready distros, and
fvp-base kas configurations. Update the README file with
instructions on how to build and run using them.
Signed-off-by: Debbie Martin <Debbie.Martin@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
1. Configure FVP base to allow Arm SystemReady IR ACS console access.
2. Configure FVP base Arm SystemReady IR ACS firmware build.
3. Add the machine-specific report.txt for FVP base.
4. Patch the check-sr-results.yaml and format-sr-results.yaml files
to handle the known differences between FVP base and the
expected ACS functionality.
5. Add a README with instructions of how to use the meta-arm-systemready
layer with fvp-base.
Signed-off-by: Debbie Martin <Debbie.Martin@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add the meta-arm-systemready layer. This provides the infrastructure to
load and run the Arm SystemReady IR ACS v2.0.0 prebuilt image and
analyze the results.
The recipes included are as follows:
1. arm-systemready-firmware: Enables the ARM_SYSTEMREADY_FIRMWARE machine
conf variable to be used to specify which firmware packages to deploy.
2. arm-systemready-ir-acs: Runs the Arm SystemReady IR ACS tests from
the pre-built images and checks the results adhere to the specification.
3. arm-systemready-linux-distros-[debian|opensuse]: Install the distro of
choice from CD/DVD image to target disk image.
Signed-off-by: Debbie Martin <Debbie.Martin@arm.com>
Signed-off-by: Diego Sueiro <diego.sueiro@arm.com>
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Signed-off-by: Qi Feng <qi.feng@arm.com>
Signed-off-by: Robbie Cao <robbie.cao@arm.com>
Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>
Signed-off-by: Vineeth Raveendran <vineeth.raveendran@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
For fvp-base, update the DEFAULT_TEST_SUITES to include
fvp_boot and fvp_devices. This is only the default behaviour;
individual recipes can override this using the TEST_SUITES
variable.
Signed-off-by: Debbie Martin <Debbie.Martin@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Comments were made after previous optee changes were committed.
Addressing those comments here.
Suggested-by: Denys Dmytriyenko <denis@denix.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update capsule document procedure and ACS image in user guide.
Signed-off-by: Ali Can Ozaslan <ali.oezaslan@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update the recipes and patches for OP-TEE 4.0.0. Migrate the 3.22.0
recipe to meta-arm-bsp for corstone1000 and n1sdp.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Updating to the latest version of hafnium. Also, dropping tc patches,
as they are either experimental or a similar feature has been added.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Updates the status of the patches on the trusted-firmware-m for
corstone1000.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
U-boot mkefitool creates capsule image without packed and byte-aligned structs.
This patch aligns the capsule-update structures and avoids crashes in case of
unaligned pointer access.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Platform-specific capsule-update feature in u-boot does not check the
capsule-update flags properly (as stated in UEFI specs). This patch fixes the
capsule flags checks in u-boot for corstone1000.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Enables on-disk capsule update feature for corstone1000.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Bump kernel version to v6.5 and rebased N1SDP kernel PCIe quirk patches top of this new version.
Signed-off-by: Xueliang Zhong <xueliang.zhong@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Some FVPs are available as x86-64 and aarch64 binaries, so build target
(qemuarm64) and nativesdk (x86-64) packages for these to verify the
checksums are correct.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Now that there's a FVP for aarch64, we don't need to pin the CI pipeline
to x86-64.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Now that the FVP supports both aarch64 and x86-64, this inherit doesn't
need to be conditional.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Upgrade to the 11.22.35 release of the FVP.
Also add the aarch64 binaries as these are now available.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Configure grub as the EFI provider and remove the U-boot boot
args.
Signed-off-by: Debbie Martin <Debbie.Martin@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Configure FVP base to use vexpress_fvp_defconfig as the U-boot machine.
Configure U-boot:
1. Drop the patch to pick the DRAM size from the devicetree since
the FVP now specifies a devicetree.
2. Enable sysreset to reset by PSCI and patch the vexpress U-boot
machine to leave the reset to PSCI in this case.
3. Enable Virtio RNG and patch the U-boot Virtio RNG driver to
workaround an issue with the FVP that results in RNG calls
hanging.
4. Enable the Arm64 CRC-32 instruction by default and remove the now
redundant config setting.
Signed-off-by: Debbie Martin <Debbie.Martin@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Set the Trusted Firmware devicetree to fvp-base-gicv3-psci-1t. Patch the
devicetree to include: the stdout path for console access, a virtio net
node and a virtio rng node. This is necessary in the case that the
Trusted Firmware devicetree is passed to Linux from U-boot (rather than
sideloading).
Also rename the include file to change the suffix from "fvp" to "fvp-base".
Signed-off-by: Debbie Martin <Debbie.Martin@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Merge the common FVP configuration in fvp-common.inc into
fvp-base.conf since that is the only place it is inherited.
Drop setting MACHINE_FEATURES to "optee" because there is no
optee machine feature.
Signed-off-by: Debbie Martin <Debbie.Martin@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Have separate machine include files rather than multiple
machine-specific settings in the same file.
Signed-off-by: Debbie Martin <Debbie.Martin@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
meta-clang and meta-virtualisation don't yet have nanbield branches, so
we need to use master for those at the moment.
Signed-off-by: Ross Burton <ross.burton@arm.com>
To allow running the TF-A TFTF tests we need to ensure the images for
N1SDP and Corstone-1000 MPS3 boards build
Signed-off-by: Drew Reed <Drew.Reed@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
To allow running of the TF-A tests we need to be able to build the TF-A
test recipe for the N1SDP machine.
Signed-off-by: Drew Reed <Drew.Reed@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This change enables N1SDP cache to improve performance
by removing this patch:
HACK-disable-instruction-cache-and-data-cache.patch
Signed-off-by: Mariam Elshakfy <mariam.elshakfy@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Since the original location of OP-TEE in DDR3 observes
a HW issue when cache is enabled, this change moves OP-TEE
to run from DDR4. Patches are added to TF-A to reflect that
change and the used region is also reserved in UEFI (EDK2)
to protect against allocations by UEFI applications.
OP-TEE size is modified for consistency across all patches
to be 32 MB (0x02000000) instead of (0x02008000).
Signed-off-by: Mariam Elshakfy <mariam.elshakfy@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
the configuration options corresponding to external system are removed
from the kernel and the defconfig is generated with with savedefconfig
bitbake task
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Remove the External system patches in uboot as they are not upstreamable.
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This support is for Cassini distro using Corstone-1000 platform.
When running parsec test, it reports an error
`PSA_ERROR_DATA_INVALID (-153)`.
This is related to `ITS_MAX_ASSET_SIZE` configuration which is been
set to 512 on the secure enclave (TF-M), which defines the max asset
size and it overflows when running the parsec tests.
The key is generated, but when it is asked to store via `psa_its_set`
it returns `PSA_ERROR_INVALID_ARGUMENT (-135)`, which then propagates
to `PSA_ERROR_DATA_INVALID (-153)`
Increasing the `ITS_MAX_ASSET_SIZE` to 2048 solves this issue.
Signed-off-by: Vikas Katariya <vikas.katariya@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The terribly named qemutiny test case tries to login to the target over
the serial console. It's designed for poky-tiny, so add it to the tests
we run in poky-tiny builds.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Just execute all tests with the meta-arm tag, instead of hardcoding the
list of tests.
Also run two tests in parallel as there's no reason to limit it to one.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Tag all of the tests in meta-arm so that they can be selectively ran
without needing to explicitly list them.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Patch was accepted upstream and has been pulled back the 6.5 and 6.1
kernels. So, it is no longer needed here.
Signed-off-by: Jon Mason <jon.mason@arm.com>
The v6.4 kernel is needed for some platforms in meta-arm-bsp.
Temporarily add it here to give those machines enough time to
update to the latest version. Also, add the patch to the
defconfig.
Signed-off-by: Jon Mason <jon.mason@arm.com>
When ccache is enabled trusted-firmware-a recipe fails with this
error message:
make: *** No rule to make target 'aarch64-poky-linux-gcc'. Stop.
ccache prefix CC variable with 'ccache' word before compiler. Because
there are no quotes assigned to CC, only 'ccache' is assigned. The
compiler becomes a make target, producing the build error.
Add single quotes to LD is a good measure to prevent this kind of error.
Signed-off-by: Javier Tia <javier.tia@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Multiple machines in meta-arm-bsp have need of the 2023.07.02 version of
u-boot. Temporarily add it here to give those machines enough time to
update to the latest version.
NOTE: MTD changes in u-boot require changes to the qemuarm config.
Specifically, not disabling it.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Enables authenticated capsule update and makes necessary changes to
align with new capsule generation tool (mkeficapsule in u-boot).
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Adds signature to device-tree overlay and enables authenticated capsule
update in u-boot for corstone1000.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Adds meta-secure-core to enable capsule update feature.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Adds meta-secure-core to corstone1000.yml to enable signed capsule
update feature.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Meta-secure-core is used to create signed capsule (firmware update
images). This adds meta-secure-core.yml file and since it depends on meta-perl
from oe-core, it adds that layer to meta-openembedded.yml
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The Kas binary is identical, but the container has been rebuilt using
Debian 12 (Bookworm).
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The Kas container in version 4 onwards is based on Debian 12, which
forbids pip from installing files into /usr or ~/.local/.
We want to install the arbitrary dependencies for the documentation
build, so these should be installed in a venv.
The kas container doesn't currently install python3-venv, so we have to
install that manually (patch sent upstream).
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Upgrade nanopb, clean up how it is build, and hopefully fix the build
races. This patch isn't quite ready to be upstreamed but discussion
with the TS maintainer is ongoing.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Now that the apply_local_src_patches class supports being used with
multiple directories, use that instead of reimplementing the logic.
Also remove redundant patchdir assignments as these patches are against
the trusted-services repository, which is ${S}. I suspect these are
exposing a subtle bug in the core patching logic which meant the local
patches were not applying correctly.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This test needs the TF-A sources available to build. When the test is
needed, this commit can be reverted to bring it back.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This recipe won't pass configure without the jsonschema and jinja2
Python modules.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
As with ts-service-test, manually move the binary to $bindir.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The configure log warns that it couldn't find pkgconfig, so add this so
it can.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Pass through the choice of CMake Generator when starting sub-cmakes for
the external components, so that they use Ninja instead of Make.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Pull out the patch application logic so the postfunc by default scans
for patches in LOCAL_SRC_PATCHES_INPUT_DIR and applies them to
LOCAL_SRC_PATCHES_DEST_DIR as before.
This allows recipes to inherit the class and directly call
apply_local_src_patches as needed to process patches in multiple
directories.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The fvp-baser-aemv8r64 machine will not be actively maintained.
Signed-off-by: Divin Raj <divin.raj@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Remove U-Boot specific DT nodes before passing the DT to Linux
This is needed to pass SystemReady IR 2.0 dt-schema tests
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The optee recipe installs the tee image using `${nonarch_base_libdir}`
If usrmerge is enabled this is `/usr/lib`, otherwise it is `/lib`
Several platforms (corstone1000, n1sdp, tc) look for tee-pager_v2.bin in
the hard-coded `/lib/firmware`, hence if usrmerge is enabled it won't be
found.
Fix these platforms by using `${nonarch_base_libdir}` instead of `/lib`
as per the qemu platform code in the generic recipe.
Signed-off-by: Adam Johnston <adam.johnston@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Bump kernel version to v6.4 and rebase the patches on
top of this new version.
Signed-off-by: Xueliang Zhong <xueliang.zhong@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
TFM updated to 1.8.1. Note, TF-Mv1.8.1 tags point to the same SHA as
the TF-Mv1.8.0 tag for tf-m-tests and tf-m-extras.
Signed-off-by: Jon Mason <jon.mason@arm.com>
tee and teeclnt are there to avoid running client applications (CAs) and
tee-supplicant as root.
- The teeclnt group stands for "TEE client" and is for CAs (CAs need
access to /dev/tee[0-9]* but not /dev/teepriv[0-9]*).
- tee is just for tee-supplicant to open its device /dev/teepriv[0-9]*.
No other process is supposed to open that one.
Signed-off-by: Javier Tia <javier.tia@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Rationalise the port forwarding to be the same as the runqemu defaults,
so change the SSH port forward to be 2222=22 instead of 8022=22.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
QEMU_USE_SLIRP is no longer needed[1] as adding slirp to
TEST_RUNQEMUPARAMS is sufficient, so remove that.
Setting TEST_SERVER_IP also isn't needed as there's a default value now,
and we disable the package management tests that would use the server
IP. When they work the correct IP can be set.
[1] As of oe-core f4e8650
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update to the latest versions of edk2 and edk2-platforms. This
necessitates updating the patches in sbsa-acs to apply cleanly to the
latest version of edk2.
Signed-off-by: Jon Mason <jon.mason@arm.com>
It's expected to exist multiple /dev/teepriv[0-9]* devices, and the
tee-supplicant service depends on them, which should be activated only
when the device is detected by the kernel using a udev rule.
Improve commit f02d065dce, where it's only considering a path creation
and not a device detection by the kernel.
Signed-off-by: Javier Tia <javier.tia@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The update-repos script currently exits immediately if one of the
underlying Git commands fails (e.g. because of a network issue). If the
repo already exists, then catch this error inside the loop and
carrying on attempting to update other repos, as the network error may
be upstream.
KAS_REPO_REF_DIR is ultimately an optimization and subsequent build
stages should be able to continue if one of the updates fail. Therefore,
ensure the script returns a special error code if at least of the Git
commands fail, and use this to set the allow_failure property of the
job.
If a repo does not exist, fail immediately as before.
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
To make the pipeline slightly more resilient to external networking
issues, allow a local container registry mirror to be specified in the
GitLab settings. If not specified, the upstream container registry is
used automatically.
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Since optee-os for N1SDP has been updated to 3.22,
this patch updates optee-os-tadevkit and optee-test
to match the same version.
Signed-off-by: Mariam Elshakfy <mariam.elshakfy@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Bump kernel version to v6.4 and rebased N1SDP kernel PCIe quirk patches
top of this new version.
Signed-off-by: Xueliang Zhong <xueliang.zhong@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The default XSERVER only pulls in the framebuffer driver, which is
pretty broken with modern kernels and the modesetting driver is a lot
more functional.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The sbsa-ref machine can't use KVM because it's an entire emulated
machine, not a virtual machine.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The consoles to use isn't specific to the qemu machine, and without a
value results in no serial consoles when running on real hardware under
sysvinit.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Patches (and recipe support) were added for qemuarm64-secureboot
support, but that is not present in meta-arm-bsp. Remove it.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Without /dev/teepriv[0-9]*, tee-supplicant.service will fail. Prevent
a failure with a condition to check if /dev/teepriv[0-9]* path exists.
Signed-off-by: Javier Tia <javier.tia@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
ARM Reference Solutions' N1SDP 2023.06.22 manifest
uses edk2-firmware version 202305. This patch
aligns with the manifest.
The RemoteDdrSize cast patch is now upstreamed,
hence removed from the patches list
Signed-off-by: Mariam Elshakfy <mariam.elshakfy@arm.com>
Enables the support of a second mmc card, which enables distro installation.
Signed-off-by: Delane Brandy <delane.brandy@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Build a custom N1SDP image with only optee-xtests as part of the image. A fresh custom image build is necessary to include the relevant test suite for running the xtests.
Signed-off-by: Anusmita Dutta Mazumder <anusmita.duttamazumder@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add the config needed to run the embedded tests with pseudo trusted application. Without this config, the optee-xtests with pseudo TA get skipped with “skip test, pseudo TA not found” message.
Signed-off-by: Anusmita Dutta Mazumder <anusmita.duttamazumder@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Clean up various patches by
* Create email headers for those not present using the s-o-b as author and date
applied to the tree as the patch date
* regenerating the patch name via git rebase and format-patch
* replacing patch with backported version
* moving patch location to be more accurate
Signed-off-by: Jon Mason <jon.mason@arm.com>
Rebase the corstone500 u-boot patches to 2023.07.02. Some defined
variables changed names, and had to be updated.
Signed-off-by: Jon Mason <jon.mason@arm.com>
As of oe-core a8e7b0f, PV doesn't need to contain SRCPV explicitly as
base.bbclass will append it to PKGV if there is a + in the version. So,
remove the redundant assignments.
Also change the boot-wrapper-aarch64 PV to 0+git as it's possible that
some point they'll tag a release and we want to be able to upgrade to it.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
u-boot patches rebase cleanly to u-boot v2023.01. Update to that and
get rid of the legacy version of u-boot that existed only for this
machine.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Updates optee-os and aligns with changes in v3.22 for Corstone-1000.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
With 6.1.46, the gimple patch has been backported as part of the
release, and is no longer needed as a patch applied here.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update hafnium to v2.8, which allows updating tc1 to that version and
remove the intermediate SHA. It also allows for the removal of some
backported patches.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Updates trusted-firmware-a and aligns with changes in v2.9 for Corstone-1000.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update TF-A version for N1SDP to align with
N1SDP 2023.06.22 manifest
Signed-off-by: Mariam Elshakfy <mariam.elshakfy@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Use the patch that Mikko Rapeli is trying to upstream to work around the
Nuvoton defconfig issue instead of reverting the patch that added the
platform to the kernel.
Signed-off-by: Jon Mason <jon.mason@arm.com>
The scp-firmware version in the Arm Reference Solutions N1SDP-2023.06.22 Release has now updated to a beta version beyond v2.12.
Add the SHA override for N1SDP to align to scp-firmware version used in the release.
Signed-off-by: Anusmita Dutta Mazumder <anusmita.duttamazumder@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add new Corstone-1000 firmware GUID and remove previous u-boot GUID to be updated into ESRT table.
SR-IR 2.0 requires the capsule GUID to be unique.
Signed-off-by: Anusmita Dutta Mazumder <anusmita.duttamazumder@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add new Corstone-1000 firmware GUID and remove previous u-boot GUID to be updated into ESRT table.
SR-IR 2.0 requires the capsule GUID to be unique.
Signed-off-by: Anusmita Dutta Mazumder <anusmita.duttamazumder@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update the trusted-firmware-a recipes to 2.9.0
Moving legacy recipes (2.8) for tc1 and corestone1000 to meta-arm-bsp
Signed-off-by: Jon Mason <jon.mason@arm.com>
use filesize environment variable to read the size of the unzipped initramfs bundle
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
If a user does eg "kas shell kas/corstone1000-base.yml" and then calls
runfvp, the spawned xterms don't have a valid DISPLAY set.
Add DISPLAY to the preserved environment variables and DISPLAY will be
passed into the shell, and the xterms will start correctly.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add kernel configuration necessary to build an image with preempt-rt
support for generic-arm64.
And tweak kernel configuration for preempt-rt kernel.
Signed-off-by: Robbie Cao <robbie.cao@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
202211 is only used in meta-arm-bsp, and all other users should be using
the latest version. Move it there until n1sdp can be updated to the
latest.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add back the 11.2 release of GCC, because TF-M has code generation
problems with 11.3 onwards.
This recipe has the major version embedded in the recipe name so that it
has to be specifically asked for in a per-recipe basis.
Signed-off-by: Ross Burton <ross.burton@arm.com>
So that it's obvious which version of GCC is being used, install the
files into a versioned directory under $libexecdir.
Signed-off-by: Ross Burton <ross.burton@arm.com>
This was added to build an Android Common Kernel with the Android
compiler, but we don't need to build that anymore.
Signed-off-by: Ross Burton <ross.burton@arm.com>
The unzipped kernel size increased due to recent changes in oe master.
Since corstone1000 sets a fixed kernel size, this should be increased to
boot the platform correctly.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
The physical memory which is used to run OP-TEE on the N1SDP is known
to the secure world via TOS_FW_CONFIG, but it may not be known to the
normal world.
As a precaution, explicitly reserve this memory via NT_FW_CONFIG to
prevent the normal world from using it. This is not required on most
platforms as the Trusted OS is run from secure RAM.
Signed-off-by: Adam Johnston <adam.johnston@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The upstream u-boot recipe did a minor version update, which is causing
a "preferred version not available" warning. Add a '%' to resolve this
issue.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Temporary workaround for a number binaries in the toolchains that are
using 32bit timer API. This must be done in the CI yml file instead of
the recipe because of all the libraries in the toolchain have the issue.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Pre-populate the standard values of get-binary-toolchains so that it
will work without variables in a standard kas container. This will aid
in ease-of-use for development and testing of binary toolchains.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Port Corstone-1000 patches to U-Boot v2023.07
Include the latest FF-A patchset sent to the mailing list (v15).
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
add SMCCC_ARCH_FEATURES discovery
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Upstream-Status: Inappropriate [A U-Boot patch will be released to fix an issue in the PSCI driver]
Signed-off-by: Jon Mason <jon.mason@arm.com>
Move the 3 patches only needed by the 6.1 kernel into a unique bbappend
The defconfig changes cannot be moved into a config fragment because
they only exist in the defconfig file (because the patches that
integrated their functionality into the kernel were not merged).
Signed-off-by: Jon Mason <jon.mason@arm.com>
The optee-os.inc was including patches which really should've been in
the versioned .bb file. Move those references there and update the
FILESEXTRAPATHS to be more intelligent. While there, rebase the files
via devtool and update the file names as necessary.
Also, remove unreferenced patches.
Signed-off-by: Jon Mason <jon.mason@arm.com>
1- Replace FVP_BASE_R_ARM_EULA_ACCEPT with ARM_FVP_EULA_ACCEPT
in fvp-baser-aemv8r64.md
2- Add instructions to corstone1000/user-guide.rst to set
ARM_FVP_EULA_ACCEPT to "1".
Signed-off-by: Ziad Elhanafy <ziad.elhanafy@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
1- Add fvp-eula.yml file which introduces ARM_FVP_EULA_ACCEPT
environment variable
2- Remove any license related settings from fvp-baser-aemv8r64-bsp.yml,
corstone500.yml and corstone1000-fvp.yml
Signed-off-by: Ziad Elhanafy <ziad.elhanafy@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Set the FVP EULA environment variable details message
to request the user to accept the EULA in case it has
not been accepted.
Signed-off-by: Ziad Elhanafy <Ziad.Elhanafy@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The following error is seen:
ERROR: Nothing PROVIDES 'llvm-native' (but virtual:native:/builds/jonmason00/meta-arm/work/build/../poky/meta/recipes-graphics/mesa/mesa_23.1.3.bb DEPENDS on or otherwise requires it). Close matches:
ovmf-native
rust-llvm-native
vim-native
Work around this by using the llvm-native from meta-clang
Signed-off-by: Jon Mason <jon.mason@arm.com>
Upstream change 26d97acc71379ab6702fa54a23b6542a3f51779c changed the
IMAGE_LINK_NAME to have IMAGE_NAME_SUFFIX and breaks the automatic
finding of the image by name. Work around here until upstream fix can
be added.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Remove IMAGE_NAME_SUFFIX from image path in
wic_nopt.bblass
Signed-off-by: Ziad Elhanafy <ziad.elhanafy@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The fvp_devices test suite can be used to verify the following
functionality at runtime, common to most FVPs:
* CPU hotplug
* virtio-net device presence and functionality
* virtio-rng device presence and functionality
* PL031 RTC device presence and functionality
* SP805 watchdog device presence
The list of devices to be tested can be configured by a BSP using the
variable TEST_FVP_DEVICES.
Add this test suite for fvp-base and fvp-baser-aemv8r64.
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The linuxboot test case is already FVP-specific due to the use of the
OEFVPTarget pexpect interface. Clarify this by renaming to fvp_boot.
So that fvp_boot can be used alongside other OEQA test cases (e.g. those
in OE-core):
* Call self.target.transition("off") at the start of the test to
ensure the model starts from reset
* Call self.target.transition("linux") to reuse the "wait for boot"
logic in OEFVPTarget.
Additionally, minimally validate the firmware boot by checking for
common error patterns in all console logs. Expose the runfvp config in
OEFVPTarget to support this.
Align the list of test cases executed on both fvp-base and
fvp-baser-aemv8r64 by using TEST_CASES:append = " fvp_boot" for both.
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
To better support firmware testing alongside Linux runtime testing,
introduce model state support to OEFVPTarget. The following states are
supported using self.target.transition(state):
* off
* on
* linux
Instead of assuming a specific state in OEFVPTarget.start,
responsibility is delegated to test cases to lazily put the model in
the required state. But to support OE-core test cases, OEFVPTarget.run
automatically puts the model in the "linux" state for running the
command. Firmware and Linux tests can subsequently run alongside each
other without introducing complex test dependencies.
The concept is inspired by Labgrid strategies [1], albeit simplified.
Tweak log file handling so that output is collected across (possibly)
multiple model processes.
[1] https://labgrid.readthedocs.io/en/latest/overview.html#strategies
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The differences between OEFVPTarget, OEFVPSSHTarget and
OEFVPSerialTarget are not obvious and there is a lot of duplication.
Merge all the logic into one OEFVPTarget (again). This has the following
features:
* Run SSH commands
* Run serial console assertions
* Lazily await a Linux login prompt while running test cases (only when
self.target.run is called).
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Using runfvp without explicitly specifying the fvpconf path currently
fails due to a missing fvp.conffile include.
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update to the latest version of OP-TEE, and move the legacy versions
that are still in use by meta-arm-bsp to that directory
Signed-off-by: Jon Mason <jon.mason@arm.com>
By default, optee-test is using an ancient version of openssl (1.2.0o)
in binary form, located in the optee-test build tree. musl is already
working around this. So, use those defaults for everyone.
Signed-off-by: Jon Mason <jon.mason@arm.com>
scp-firmware passes -I/core/include to the compiler which doesn't exist,
and sometimes gcc emits a fatal error. It's unclear why this doesn't
happen for everyone, but this workaround appears to be the correct
solution.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
SCP_COMPILER isn't used anymore, so remove it.
Explicitly set SCP_TOOLCHAIN=GNU for clarity.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Now that this defaults to MACHINE, explicit SCP_PLATFORM assignments can
be removed.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Many platform names are the same as the machine name, so this saves
some typing.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
It is more difficult to update optee recipes to bleeding edge
3.21 when patches are added to SRC_URI via :append and thus they
need to be explicitly removed with :remove and name of the patch file.
For our boards we know 3.21 will work without patches but we still want
to keep using meta-arm side base recipe and just update the SRC_URI
to remove patches and update SRCREV and PV.
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This tool makes it easy to lock a build to a known good configuration,
for example by locking the SHAs to the last good build of master.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
In the update-repos job, generate a Kas lock file to pin the SHAs of the
repositories being build during the build. This ensures that commits to
the repositories _during_ the build doesn't cause differing builds. All
of the kas calls use this lock file to ensure that their builds are
identical.
This lockfile is also added to the artifacts, so that it can be reused
afterwards to replicate the build: either as a known good base or to
replicate failures.
This lock file is only generated if it doesn't exist, so that
development branches can temporarily add a lockfile.yml if for example
master is too unstable to develop on.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Kas 3.3 uses branch and commit keys instead of a general-purpose
refspec. Change the base to use branch:mickledore and remove the
explicit use of master for meta-virtualization now that a mickledore
branch exists there too now.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Kas 3.3 has the following new features:
- kas: Introduce commit and branch as alternative to refspec key
- kas: Warn if a repo uses legacy refspec
- kas: add support for lock files via dump plugin
- kas: track root repo dir config files of menu plugin
- kas: add support for --log-level argument
- kas: add GIT_CREDENTIAL_USEHTTPPATH environment variable
- kas: improve error reporting
- kas: drop support for Python 3.5
- kas-container: fix invocations with --isar for some layers
- kas-container: Purge tmp* on clean
- kas-container: enable colored logging
4.0 is basically the same but the Kas container uses Debian 12, which is
not yet supported as a tested platform. Until Debian 12 is tested we
should continue to use 3.3.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This will still emit the diagnostic but it wont break the build,
additionally pass it to CXXFLAGS since thats the right subset to
disable it for.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Same as for OP-TEE client, this eases debugging and is required to use
the OP-TEE symbolize.py script.
Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The TA builds always create ELF files, add them to the deploy dir to
ease debugging via the OP-TEE symbolize.py script.
Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The optee-os compilation provides not only the core files, TAs are also
usually build. Create a separate package which contains them, so they
can be installed.
Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Signed-off-by: Jon Mason <jon.mason@arm.com>
TF-A version 2.8.6 hangs on boot for corstone1000 non-deterministically.
This sets TF-A version to v2.8.0 which is a tested working version for
corstone1000.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Adds missing update service definitions for using stateless platform
services and initializes the capsule udpate provider in se-proxy-sp
for corstone1000.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Adds missing compilation option to fix psa_raw_key_aggrement test for
corstone1000.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
From: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
These 2 patches causes the secure world to enter into an infinite loop
when the PSA arch tests are triggered. This is a temporary fix and the
issue needs to be investigated before the patches can be enabled.
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This patch is required to handle one of the corner cases of the
GetNextVariableName EFI service as specified in the UEFI spec.
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
From: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
This patch adds the required configs to the corstone1000 u-boot
defconfig to enable the EFI services. This is done to fix the SCT
failure reported by the SetTime_Conf and SetTime_Func.
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
From: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
The patch fixes the ACS InstallMultipleProtocolInterfaces_Conf failures
in corstone1000 platform by dropping a workaround u-boot patch. The NVMXIP
initialization had some issues during u-boot boot stage which led to the
workaround patch.
Upstream-Status: Pending [Not submitted to upstream yet]
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
It's useful to have known good logs when debugging problems, so always
preserve the logs.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The previous commit fixed the build of GN with GCC 13, but broke it for
any other version.
Remove the patch and simply disable the fatal warning that causes the
breakage. Interestingly, this warning is already disabled for Windows
builds.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
EXTERNAL_TOOLCHAIN variable should provide absolute path to external Arm
toolchain install directory. So make that absolute path check explicit.
Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
CFG_MAP_EXT_DT_SECURE=y should be set per platform, as it requires CFG_DT=y
to also be set, which is not the case for all the platforms out there using
optee-os. Moreover CFG_MAP_EXT_DT_SECURE is already being set conditionally
in optee-os-ts.
Signed-off-by: Denys Dmytriyenko <denys@konsulko.com>
Signed-off-by: Denys Dmytriyenko <denis@denix.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This recipe is a rebuild from source of the Arm GCC release, with
patches from oe-core added to make it work well in our environment.
Most people are happy with the GCC in oe-core, and this release is often
behind: at the time of writing oe-core has mainline GCC 13.1, but Arm
GCC is 12.2. Users who actually want the improvements in Arm GCC will
likely want to use the binary toolchain so that they can have support
from Arm, and they're welcome to do so via the "external-arm" binary
toolchain.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Acked-by: Sumit Garg <sumit.garg@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
There are not any alternatives for the virtual/arm-non-eabi-gcc provider,
so just use the real recipe name.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The binary Arm compiler is based on GCC 12. Remove this GCC 13-specific
option until the next release.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This recipe uses the binary Arm compiler, which is based on GCC 12.
Remove this GCC 13-specific option until the next release.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This recipe uses the binary Arm compiler, which is based on GCC 12.
Remove this GCC 13-specific option until the next release.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Change from using a patched, intermediate SHA to the latest.
Unfortunately, the latest stable mbedtls doesn't boot on tc1.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update TF-A and fiptool (which is part of tf-a) to the latest stable version.
Also, use the tf-a tests lts branch (which is still at version 2.8.0).
Signed-off-by: Jon Mason <jon.mason@arm.com>
gcc-arm-none-eabi and gcc-aarch64-none-elf both fails when packaged as
RPM for sdk with
nothing provides libcrypt.so.1()(64bit) needed by nativesdk-gcc-arm-none-eabi-12.2.rel1-r0.x86_64_nativesdk
As we don't control the dependencies for prebuilt libraries we create a
workaround by skipping the FILEDEPS
Signed-off-by: Claus Stovgaard <claus.stovgaard@gmail.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
TF-A has LTS releases, which are prefixed with lts- for some reason.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add a link to the FVP EULA in LICENSE_FLAGS_DETAILS, so the user has
some context as to what they're agreeing to upfront.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
armcompiler was removed from meta-arm-toolchain (24c4cfa) so this isn't
needed.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Even though corstone1000 platform does not support the entire PSCI APIs, it
relys on PSCI reset interface for system reset. The name of this config
changed in the new version of u-boot. This enables PSCI reset, so
the system can be resetted in u-boot again.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Split trusted-services.xml into qemuarm64-secureboot-ts.yml and
n1sdp-ts.yml as collection of Trusted Services which can be tested on
each platform has diverged.
Signed-off-by: Adam Johnston <adam.johnston@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Make sure we setup the new variable for the configuration
of the SE-Proxy service for our machine. This will trigger
the right configuration building trusted services and all
psa-arch test pass as before.
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update Trusted Services and backport an OP-TEE update which allows
interrupting the SPs by NWd interrupts. This solves the kernel stall
problems which are due to long cryptographic operations being executed
in the SWd.
Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The nanopb build step randomly fails in the yocto CI due to a race condition.
This change adds a patch file to disable parallel build for nanopb. This is a
temporary workaround and a proper fix will be up-streamed int he future.
Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Patch related with the changes to support the in/out_vec modifications
in TF-M v1.7 was merged in upstream trusted-services integration branch.
So, drop this 3 out of tree patches not needed to be applied any more.
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
TF-A v2.8 does not support measured boot and FF-A which is mandatory for
PSA Initial Attestation SP to work correctly.
Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add information related to SPMC tests and fix stale links.
Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Remove already merged patches in trusted services integration
branch to avoid clash during apply patch stage and rebase the
remaining patches.
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Run the ffa_spmc test group of xtest if the optee-spmc-test machine
feature is enabled.
Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add ta-devkit and optee-test. Change configuration to enable building
and deploying OP-TEE SPMC tests.
Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com>
Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The ABI used by the arm-ffa-user driver to call into the SWd changed.
The change was driven by the MM over FF-A ABI implementation which is
used by SmmGW SP and uefi-test. uefi-test uses the same arm-ffa-user
driver as xtest hence xtest needs to be updated to use the new driver.
This xtest change is already merged up-stream but after v3.20, which is
used here.
This change adds backported xtest changes as carried patches.
Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This change:
- cherry-picks TF-A changes from master which implement passing
TOS_FW_CONFIG DTB from the FIP package to the trusted OS.
- add an OP-TEE SPMC specific SPMC manifest file
- configures TF-A to build the manifest, add it to the FIP package
and pass it to OP-TEE as a boot argument.
This functionality needs matching changes in OPTEE (OP-TEE v3.21
or v3.20 + carried patches.)
Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
OP-TEE SPMC v3.20 and TF-A v2.8 is incompatible on qemu, and OP-TEE
panics during boot because having an SPMC manifest passed to the SPMC is
mandatory since v3.20. TF-A and OP-TEE upstream already fixed this issue
by modifying the ABI between the SPMD and SPMC. Moreover qemu support in
TF-A has been extended to allow building an SPMC manifest DTS file, and
loading it from the FIP package.
This change adds the needed OP-TEE fixes as carried patches. The TF-A
change will be added in the next commit.
Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Split tests to groups, and enable groups based on machine features set.
This allows limiting tests to testing deployed SPs only.
Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
To enable up-to date version of Trusted Services op-tee v3.20 or newer
is needed.
Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This change updates to latest available version of Trusted Services.
List of changes:
- adapt SP recipes to file structure changes and support for
"configurations". In TS each SP can be built in various different
setups to allow adapting to platform and integration specific
differences.
- MbedTLS dependency has been updated to v3.3.0.
- This needs new python dependencies are required in the build
environment.
- psa-acs was updated to a matching version.
- do_patch() has been updated to support the MbedTLS patch added
in TS.
- Update TS dependency patching method to use git instead of patch.
- Downgrade nanopb to match up-stream dependency version.
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Issue when building the kernel on FVP (and probably all aarch64
platforms) with GCC 13 on the 6.1 kernel (and possibly others).
Backport the upstream fix.
Signed-off-by: Jon Mason <jon.mason@arm.com>
There are cases where a developer might want to enable things, like
debug-tweaks, which are useful in their testing but not something we
would want in a production environment. Create a file where these can
be added without affecting other things.
Signed-off-by: Jon Mason <jon.mason@arm.com>
virtual/arm-none-eabi-gcc-native is still at version 12 which
doesn't support it. poky comes with gcc 13 already.
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add musl testing to have qemuarm-secureboot match qemuarm64-secureboot.
Since the Arm GCC binary toolchain cannot work with musl, move that out
into it's own testing.
Signed-off-by: Jon Mason <jon.mason@arm.com>
debug-tweaks is useful in testing and internal usage, but is a massive
security hole (as it allow password-less root login). Remove the
default enablement on machine files and in kas base yml.
Signed-off-by: Jon Mason <jon.mason@arm.com>
It is only necessary to accept the FVP usage license when using FVPs.
So, move that to the fvp.yml file from the base.yml file to make things
a little cleaner.
Signed-off-by: Jon Mason <jon.mason@arm.com>
The fvp-base machine only has minimal patches, so should be good to
always track the latest release of u-boot.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Using absolute path in fvpconf will leak the host machine path.
This is a bit annoying when the builder and the runner doesn't use
the same filepath hierachy.
Switch to relative path instead of absolute.
Signed-off-by: Clément Péron <peron.clem@gmail.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
In Order to be able to have filepath relative to fvpconf, execute the
fvp process in the same working directory.
Signed-off-by: Clément Péron <peron.clem@gmail.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
At the moment the config is load and pass to FVPRunner.
Change the ownership to FVPRunner.
Signed-off-by: Clément Péron <peron.clem@gmail.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
We access the dictionnary element that doesn't exist.
Use the get() method instead that will default the element to None if it
doesn't exist.
Signed-off-by: Clément Péron <peron.clem@gmail.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
When running an FVP machine the model executable need to be found
in the PATH environement.
At the moment the script doesn't provide any PATH to the subprocess.
Add PATH to the allowed environement variable to be forwaded.
Signed-off-by: Clément Péron <peron.clem@gmail.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
It fixes and limits the partition size to fix capsule update feature
after the GPT changes.
The partitions in the second bank needs to have correct size and
the partitions in first bank should have a fixed size since corstone1000 does
not support partial update and has a limited flash to support variable size.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This patch aligns capsule update feature in tfm with GPT/BL1 changes.
Adjusts BL2 flash and data size and adds missing CRC checks.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Remove log messages, that would never show up, but clean that
mess. And fix the env script and config so that trigger the
load of kernel from reading the gpt.
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The signed kernel image for the android kernel and legacy u-boot is no
longer booting. Remove this to allow for it to work until it can be
fixed.
Signed-off-by: Jon Mason <jon.mason@arm.com>
N1SDP master has now updated to TF-A v2.8.0 so we should do the same.
Remove the SHA override for the N1SDP
Signed-off-by: Adam Johnston <adam.johnston@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Enabling new features on tfm for corstone1000 increases the number of
ITS and PS assets needed. This patch increases the number of PS and ITS
assets and fixes regression on psa-ps-api-tests.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Installing SMM Gateway SP on the N1SDP may stop the platform from booting
for on-device testing in CI.
In n1sdp.yml, remove `ts-smm-gateway` if it has been added
Keep `ts-smm-gateway` in default SP set so it can still be tested with
`qemu-secureboot`
Signed-off-by: Adam Johnston <adam.johnston@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Some platforms install .elf files, so put those into the -dbg package.
This means expanding the buildpaths QA exclusion.
Whilst here, expand the comments for the other INSANE_SKIP statements.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
We don't need to unset CFLAGS and LDFLAGS as the CMake file doesn't
respect them anyway.
Add CC to the unexport list for completeness, at least one of these is
needed for now as the build fails without the unexports.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Some machines use components from tf-m-extras, so fetch that too.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add tc1 ecosystem FVP and bits to enable in the tc1 machine config file
Also, do some hacks to speed things up.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Recent changes in upstream u-boot recipes for signed fitimages, have
caused the existing code to no longer boot. Add a newly required
variable to get it working again. Tested using tc1 FVP.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Adds OTP config to run the FVP with the new BL1 changes
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Integrates TF-M BL1 into corstone1000 platform. This needs a large
changeset since it changes how TF-M builds and packs the bl1 image.
It also adds changes to make the new BL1 compatible with GPT parser
changes. And finally it bumps to SHA to include necessary changes and fixes
on TFM master and removes already upstreamed GPT patches.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
TF-M has out-of-tree patches on external projects such as mbedtls and
qcbor. This needs to be applied in an orderly fashion to build TF-M and
other TF-M related binaries correctly.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
SCP-firmware may build components other than the SCP and MCP. Make the
MCP branch of the do_install task more generic to suport this.
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The upstream official N1SDP software currently supports edk2-firmware
202211 version. This patch is to align N1SDP Yocto build with upstream
N1SDP software.
Signed-off-by: Xueliang Zhong <xueliang.zhong@arm.com>
optee-os-tadevkit is a variant of optee-os recipe to install TA devkit.
Even though it may not need local build patches, it re-uses SRC_URI and
FILESPATH from corresponding optee-os recipe. This was mistakenly added
in b061104c87.
Signed-off-by: Denys Dmytriyenko <denis@denix.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Our machines have moved to 2.11 so we can remove the 2.10 recipe.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Thanks to Xueliang Zhong for testing that this works on N1SDP.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The install task is subtly different as the ELF binaries are named .elf
now, instead of having no extension.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Now that we moved in corstone1000 to use a gpt and partitions for
the wic image and flash layout. Setup TF-m to set/get FWU and
Private metadata using the partition information (start and size)
stored in the gpt table instead of fixed flash offsets as before.
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
As optee-os for the N1SDP has been updated to 3.20 we need to do the
same for optee-os-tavdekit. Otherwise errors will be seen if/when
optee-os-tavdekit is built.
Signed-off-by: Adam Johnston <adam.johnston@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This config fragment was needed to get the dev kernel working. Since it
in now allowed to fail, it is no longer necessary (and doesn't appear to
be an issue).
Signed-off-by: Jon Mason <jon.mason@arm.com>
The dev kernel can frequently fail, and is not anything that is used in
production. Allow failure to prevent CI issues but still notify that
there are potential issues.
Signed-off-by: Jon Mason <jon.mason@arm.com>
This patch adds optee-os 3.20 support on N1SDP, the optee-os 3.20
bbappend file is also added.
Signed-off-by: Xueliang Zhong <xueliang.zhong@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
meta-clang's clang recipe has an irritating interaction with oe-core's
llvm recipe which can result in build warnings, which cause builds to
fail in our pedantic CI.
The current best known workaround is to simply mask out the llvm recipes
if clang is being used.
For more details, see https://github.com/kraj/meta-clang/pull/766.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Instead of a SCP_BUILD_RELEASE boolean, add CMAKE_BUILD_TYPE and default
to RelWithDebInfo which gives us release (optimised) builds with debug
symbols in the matching .elf files.
To ensure that buildpaths don't leak into the debug symbols, pass the
debug prefix maps via CFLAGS and ASMFLAGS.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The text relocations appear to have been fixed and this skip is no
longer needed.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
We want compile logs to be useful, so enable verbose logs to show what
commands are being invoked.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
For some reason the shell functions are indented an extra character,
reindent to standard four spaces.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Introduce the use of a gpt partition type layout, and use
the firmware metadata as source of the current boot bank
to boot from in the different boot stages.
This needs to be a large changeset, since it touches a lot
of software components to guarantee that everything works
in an atomic way, to not break the build and/or the boot flow
of the corstone1000 platform.
fdisk -o Start,End,Sectors,Size,Type-UUID,Attrs,Name,UUID -l tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.wic
Disk build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.wic: 32 MiB, 33554432 bytes, 65536 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: gpt
Disk identifier: 5BFC084A-9B95-4024-B60B-9748F5332524
Start End Sectors Size Type-UUID Attrs Name UUID
34 39 6 3K EBD0A0A2-B9E5-4433-87C0-68B6B72699C7 reserved_1 B1F2FC8C-A7A3-4485-87CB-16961B8847D7
40 47 8 4K 8A7A84A0-8387-40F6-AB41-A8B9A5A60D23 FWU-Metadata 3FDFFEE1-3223-4C6B-80F9-B0E7D780C21D
48 55 8 4K 8A7A84A0-8387-40F6-AB41-A8B9A5A60D23 Bkup-FWU-Metadata B3068316-5351-4998-823A-3A7B09133EC1
56 63 8 4K ECB55DC3-8AB7-4A84-AB56-EB0A9974DB42 private_metadata_replica_2 3CC3B456-DEC8-4CE3-BC5C-965483CE4828
64 71 8 4K ECB55DC3-8AB7-4A84-AB56-EB0A9974DB42 private_metadata_replica_2 DCE9C503-8DFD-4DCB-8889-647E49641552
72 271 200 100K 64BD8ADB-02C0-4819-8688-03AB4CAB0ED9 bl2_primary 9A3A8FBF-55EF-439C-80C9-A3F728033929
272 1023 752 376K D763C27F-07F6-4FF0-B2F3-060CB465CD4E tfm_primary 07F9616C-1233-439C-ACBA-72D75421BF70
1024 5119 4096 2M B5EB19BD-CF56-45E8-ABA7-7ADB228FFEA7 FIP_A B9C7AC9D-40FF-4675-956B-EEF4DE9DF1C5
5120 15199 10080 4.9M 8197561D-6124-46FC-921E-141CC5745B05 kernel_primary BF7A6142-0662-47FD-9434-6A8811980816
32784 32983 200 100K 64BD8ADB-02C0-4819-8688-03AB4CAB0ED9 bl2_secondary 3F0C49A4-48B7-4D1E-AF59-3E4A3CE1BA9F
32984 32991 8 4K D763C27F-07F6-4FF0-B2F3-060CB465CD4E tfm_secondary 009A6A12-64A6-4F0F-9882-57CD79A34A3D
32992 32999 8 4K B5EB19BD-CF56-45E8-ABA7-7ADB228FFEA7 FIP_B 9424E370-7BC9-43BB-8C23-71EE645E1273
33000 33007 8 4K 8197561D-6124-46FC-921E-141CC5745B05 kernel_secondary A2698A91-F9B1-4629-9188-94E4520808F8
65496 65501 6 3K EBD0A0A2-B9E5-4433-87C0-68B6B72699C7 reserved_2 CCB18569-C0BA-42E0-A429-FE1DC862D660
Add new nvmxip qspi block storage device to u-boot and
the plumbing to boot using the fwu_metadata and gpt
partition information.
Make sure that fwu and fwu-backup have the correct, as defined
in spec, partition type. That will make SW pieces in the stack
identify it correctly.
Update the fvp config to use the new wic image with the gpt scheme
Depends on metadata to decide boot bank in TFA, TFM and u-boot
Using Reading partitions (GPT scheme)
changes needed:
- Rename FIP partition in wic image as defined in TF-A to FIP_A,FIP_B
- Rename metadata partitions to FWU_Metadata and Bkup-FWU-Metadata
- Enable support for GPT and PSA_FWU in TF-A
arm-bsp/corstone-1000: TF-M patch to calculate fwu metadata crc32
It's necessary to calculate the metadata crc for TF-A and U-boot
verify the metadata.
and at last remove the wic.nopt (wic no partition) as target fstype
since we now use the partitions.
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Bump the preferred corstone1000 to v3.20, drop patch
that is already included in this version.
Create the 3.20 bbappend and remove the entry in 3.18 bbappend.
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Poky commit 9ef8cbcdfc85c3ce2ca52d8bee2ab6929f589383 updates
the kernel to 6.1.20 which breaks the PCI quirk patch for the N1SDP.
This change fixes it.
Signed-off-by: Adam Johnston <adam.johnston@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
If the repository reference directory gets corrupted it's not easy to
wipe it, so add a variable CI_CLEAN_REPOS that if set in the pipeline
will clean the clones and re-fetch them.
Also, stop the fetch from detaching during the garbage collection, just
in case it was a long-running GC that got killed that caused the
corruption in the first place.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Manually check every patch that was marked as Pending and update the
patches which are actually backports.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The infrastructure for edk2 and fvp-base is already present, but not
being used. Make the changes to get it compiling cleanly, and add it to
CI.
Note: testing is not passing because edk2 isn't booting an image
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update to the latest version of EDK2. There is an issue with memory not
being initialized and hanging boot. So revert the patch that is causing
the issue until the proper solution can be found.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update to the latest version and regenerate the patches via devtool.
This causes some patch renumeration to occur, which causes some other
modifications.
Signed-off-by: Jon Mason <jon.mason@arm.com>
optee-os-3_19.inc duplicates optee-os.inc. Remove that and cleanup
the fallout. Also, remove unused 3.19 bbappend
Signed-off-by: Jon Mason <jon.mason@arm.com>
With the removal of fvp-base-arm32, we no longer have test coverage for
the external Arm toolchain. Add this to qemuarm-secureboot CI so that
there is coverage again. Note: it must be a 32bit machine, since there
are currently no aarch64 host toolchains for aarch64
Signed-off-by: Jon Mason <jon.mason@arm.com>
fvp-base-arm32 isn't a real machine and supporting it has become hacky.
Drop support and remove from meta-arm-bsp
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update to the latest version of u-boot. This requires removing the new
way DRAM is handled, since we don't use dtb the way u-boot is expecting.
Also, change the default bootcmd to make things work (as that expects
env things as well).
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add the various kernels available in oe-core, as well as the poky-tiny
minimal distribution (which has a minimal kernel config). This
necessitated combining some kernel bbappends to have patching coverage
for all the variants.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Make things more obvious by adding yml files for the poky defaults
instead of disregarding them in the jobs-to-kas script
Signed-off-by: Jon Mason <jon.mason@arm.com>
This commit includes :
- Rebased and fixed N1SDP kernel PCIe quirk patches to apply on 6.1 kernel
Signed-off-by: Xueliang Zhong <xueliang.zhong@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The UEFI capsule generated is in the incorrect build directory.
This patch copies it to IMGDEPLOYDIR.
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Mirrors of meta-arm may focus their development on a small subset of
MACHINEs so provide the option to restrict the boards that are built on
CI using the variable BUILD_ENABLE_REGEX. If set, it conditionally
enables builds; if unset there is no change in behavior.
This variable could be overridden in a scheduled build, to e.g. build
all the MACHINEs weekly.
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update tfa version to v2.8. Also, fiptool uses tfa sources. So, keep
it with the rest of tfa to prevent the version from becoming stale.
NOTE: tf-a-tests is being held back for corstone1000 due to compilation
errors.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Defining a task called do_deploy in an image recipe causes the
license_image bbclass in OE-core to think the recipe is not an image
recipe, which causes errors with license information collection if you
have an image recipe which depends on an image recipe using this
bbclass.
To fix this, and to add support for caching the signed binaries, use a
single task, do_sign_images (and its setscene task). The implementation
is based on deploy.bbclass, so the sstate is responsible for installing
the signed binaries in ${DEPLOY_DIR_IMAGE}, but using a different name
so that license information collection still works as expected.
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
To simplify adding support for new versions of TF-M scripts in the
future, create a common .inc file with the non-version-specific
configuration.
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
To simplify adding support for new versions of TF-M in the future,
create a common .inc file with the non-version-specific configuration.
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
To try and prevent trusted-firmware-m and trusted-firmware-m-scripts
from becoming out of sync in the future, create a common
trusted-firmware-m-1.7.0-src.inc which defines all the repositories and
their SHAs for both. Include this file in both recipes.
Add a SUMMARY and DESCRIPTION to trusted-firmware-m-scripts.
Update mbedtls to 3.2.1 (the recommended version for TF-M 1.7.0)
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Factor out the image signing arguments in tfm_image_sign.bbclass into
its own variable, TFM_IMAGE_SIGN_ARGS, so that it can be customized on a
per-machine basis if necessary.
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update the TF-M image signing scripts to use the TF-M 1.7.0 sources, so
it is in sync with the TF-M recipe itself.
Synchronize the trusted-firmware-m and -scripts Python dependencies
with the in-repo requirements.txt files. This requires a recipe to be
carried for pyhsslms.
1.7.0 introduces the --measured-boot-record argument to the image
signing script, which is required to maintain existing behavior. Add it
to the arguments in the tfm_sign_image bbclass.
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
TF-M provides IPC as a SPM backend which gives SPM and each Secure Partition
it's own execution context. And provides higher isolation levels.
corstone1000 isolation level is 2. Hence, switching to IPC backend.
Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This change adds patches to align psa crypto client of TS with TF-Mv1.7
running on secure enclave of corstone1000
The patches updating
- PSA Crypto SID defines values
- psa_ipc_crypto_pack_iovec structure
- Fix inputs and outputs passed to in/out_vec to match crypto service
expectations
Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Mirrors of meta-arm may have the persistent cache directory mounted in a
different place. To make it easier to configure, define this location
using a single $CACHE_DIR variable.
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This repository doesn't tag releases, so just track the latest SHA.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
IMAGE_TYPES += "wic.nopt" is effective if the bbclass is included
using IMAGE_CLASSES, but not if included directly (using inherit) due to
file parse ordering.
To support applying wic_nopt locally (i.e. for certain image recipes but
not others), change to use :append.
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
To support using the wic_nopt bbclass from BSP layers other than
meta-arm-bsp, move it to meta-arm.
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This patch uses the json config file for UEFI capsule generation
as this is efficient and easily scalable to generate multiple
capsules.
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The BBCLASSEXTEND configuration can generate native sdk and target
recipes as well. The cp command used in do_install will
create host contamination issues for these recipes, so this patch
makes the recipe native only.
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Inherits the UEFI capsule generation class and configures the capsule
variables for the wic.nopt image
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This class currently supports only a single firmware binary. The
required capsule parameters needs to be set, if not the build fails.
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The native recipe installs the UEFI capsule generation tool
along with the other base tools to native sysroot.
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
TF-M does not use persistent release branches and the release-* branches
have been removed from the repository, so switch the branches to master.
Also update the tf-m-tests SRVREV to the 1.7.0 tag, not the RC2.
99% based on a patch by Peter Hoyes <Peter.Hoyes@arm.com>.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This bbappend is only used by qemuarm*, which now use 6.1, so this can
be removed.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Currently the N1SDP patches haven't been ported to 6.1 and the
port/testing isn't trivial. Until the relevant team has done the port to
6.1, carry a 5.19 kernel in meta-arm-bsp for N1SDP.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Apply the patch from scp-firmware to the third copy of the buggy
Makefiles which fail randomly under parallel builds.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2 symbols were added to the arm64 kernel defconfig without the
corresponding code. Remove these unnecessary pieces to avoid the
warning.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Bump kernel version to v6.1 and rebase the patches on
top of this new version.
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Bump corstone500 kernel version to 6.1 and drop the not
longer needed patch regarding the SND_SOC_AC97 config
option in multi_v7.
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Bump corstone1000 to u-boot version 2023.01, as at it
do some trailing spaces cleanup.
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Make sure the master branch track the other masters instead
of being lock to langdale.
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
To avoid having always tools that depend on git ls or other
git plumbing to include and spin around the enormous content of
the build directory.
Just add it to the ignore file and make that build content,
that will never get in the repo invisible to git and tools.
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
For some reason the kas 3.2.1 container fails:
No such file or directory: '/builds/engineering/yocto/meta-arm/ci/ci/base.yml'
Note the repeated /ci/, which is wrong.
Pin the kas container to 3.2 for now until this is resolved.
Signed-off-by: Ross Burton <ross.burton@arm.com>
The initramfs needs to be very small, but since oe-core d6a62e kmod has
enabled OpenSSL support which doubles the size of the initramfs,
resulting in boot failures.
Signed-off-by: Ross Burton <ross.burton@arm.com>
With the 6.1 kernel, fvp-base logs the warning:
[NOTE]: 'CONFIG_ARM_CPUIDLE' last val (y) and .config val (n) do not match
This is because the kernel idle configs have changed. Remove this
entry, as it is no longer necessary.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update kernel patches and configs for the v6.1 kernel. Previously, it
was using the linux defconfig as a starting point. It is now using the
local kernel metadata.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update qemuarm-secureboot to work with the latest u-boot version and
remove the old, unneeded version from meta-arm
Signed-off-by: Jon Mason <jon.mason@arm.com>
New arm-ffa-tee and arm-ffa-user drivers are compatible with 5.* and 6.1 kernels.
Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Upstream has updated u-boot to v2023.01, but the update is causing
problems with some machines. Temporarily add a v2022.10 recipe until
the issues can be resolved.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Upstream has updated u-boot to v2023.01, but the update is causing
problems with some machines. Temporarily add a v2022.10 recipe until
the issues can be resolved.
Signed-off-by: Jon Mason <jon.mason@arm.com>
A recent commit compressed the kernel image (to Image.gz) and
by default enabled an initramfs image. In the case for when
such that (initramfs) is not desirable, the deploy step of the
Juno firmware will still try to install the Image file, (not
Image.gz), so this fails:
ERROR: firmware-image-juno-1.0-r0 do_deploy: ExecutionError('/oe/build/tmp-glibc/work/juno-oe-linux/firmware-image-juno/1.0-r0/temp/run.do_deploy.360477', 1, None, None)
ERROR: Logfile of failure stored in: /oe/build/tmp-glibc/work/juno-oe-linux/firmware-image-juno/1.0-r0/temp/log.do_deploy.360477
Log data follows:
| DEBUG: Executing python function sstate_task_prefunc
| DEBUG: Python function sstate_task_prefunc finished
| DEBUG: Executing shell function do_deploy
| cp: cannot stat '/oe/build/tmp-glibc/deploy/images/juno/Image': No such file or directory
| WARNING: /oe/build/tmp-glibc/work/juno-oe-linux/firmware-image-juno/1.0-r0/temp/run.do_deploy.360477:152 exit 1 from 'cp -L -f /oe/build/tmp-glibc/deploy/images/juno/Image /oe/build/tmp-glibc/work/juno-oe-linux/firmware-image-juno/1.0-r0/image/juno-firmware-19.06/SOFTWARE/'
| WARNING: Backtrace (BB generated script):
| #1: do_deploy, /oe/build/tmp-glibc/work/juno-oe-linux/firmware-image-juno/1.0-r0/temp/run.do_deploy.360477, line 152
| #2: main, /oe/build/tmp-glibc/work/juno-oe-linux/firmware-image-juno/1.0-r0/temp/run.do_deploy.360477, line 163
NOTE: recipe firmware-image-juno-1.0-r0: task do_deploy: Failed
ERROR: Task (../meta-arm/meta-arm-bsp/recipes-bsp/images/firmware-image-juno.bb:do_deploy) failed with exit code '1'
This updates the else case for when an initramfs image is not
in use so that the right kernel image is deployed, by using
the KERNEL_IMAGETYPE variable, to use either version of the
kernel image.
Signed-off-by: Daniel Díaz <daniel.diaz@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The SRC_URI, SRCREV AND SRCBRANCH variables are currently used
inconsistently across recipes in meta-arm, leading to difficulties
customizing the configuration in external BSP layers where necessary.
Standardize usage across commonly used recipes so that:
* SRC_URI contains a SRC_URI_PACKAGE_NAME variable per component which
can be used to easily configure a mirror. This variable uses
default assignment so that it can be easily overridden using an
environment variable, e.g. to point to an internal mirror that cannot
be committed externally.
* SRCBRANCH is defined per component.
* SRCREV is defined per component.
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
For models that require a license, ARMLMD_LICENSE_FILE is used to define
the location of a license file or server. If the variable is not set in
Bitbake it will not be set in the model environment.
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
FVP_ENV_PASSTHROUGH may contain variables that have not been set.
d.getVar returns None in this case. Detect this and skip setting the
variable in the model environment.
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Define FVP_ENV_PASSTHROUGH's vardeps to equal itself, so that the
fvpconf is regenerated if any of the defined variables change.
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
aa89fe3f ensured environment variables necessary for GUI applications
are passed through to the model despite runfvp env var restrictions. Add
XAUTHORITY to this list. This is useful when doing X-forwarding with
Kas, which creates its own home directory.
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update the Arm GCC source to the latest version. Also, update the GCC
patches to apply cleanly, removing those that are no longer relevant.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Disable fatal warnings for tfm. This removes issues with RWX and others
when using the new binary toolchain versions.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Change u-boot and machine config to default to booting a compressed
initramfs. This allows for easier testing. A compressed image is
needed as the image is too big for the storage, and the error notifying
of such is vague.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Kas 3.2 ships python3-subunit, so we don't need to try to install that
anymore.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Kas 3.2 has a 'dump' plugin, so use that instead of cat in a shell.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This job doesn't use the standard helpers, so needs to pass these
explicitly otherwise it can pick up an old SHA.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Upgrade to v2022.10
This includes Corstone-1000 out of tree patches.
FF-A patches are the latest sent to U-Boot mailing list (v8).
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Rebase corstone500 u-boot patches to 2022.10 version.
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Since oe-core 868dfb4 rng-tools is no longer depended on by openssh, so
we don't need to remove it ourself.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
meta-clang now builds pixman with GCC until this is resolved.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Now we're using master these workarounds are not needed anymore.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
We're now compatible with oe-core master, so update the CI to build
against master branches instead of langdale.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The oe_import() function was removed in oe-core when addpylib was
added[1]. However, meta-arm-toolchain doesn't ship any library code so
this call doesn't do anything useful anyway.
[1] 1f56155e91da2030ee0a5e93037c62e1349ba89f
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
OE-core 4901c9d471cab99d52876842980222ce271b66e4 "base: Switch to use
addpylib directive and BB_GLOBAL_PYMODULES" means that ${LAYERDIR}/lib
is no longer searched by default when loading test controllers.
meta-arm defines some custom test controllers for testing FVPs, so add
an addpylib directive to meta-arm/conf/layer.conf to fix testimage on
FVPs.
testimage.bbclass still has its own test case loading logic based on
BBLAYERS, so other layers that only define test cases (not controllers
or other Python libraries) need no further changes.
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: I7fab638b4a1610d30efad2dae214378d096e0fc4
Signed-off-by: Jon Mason <jon.mason@arm.com>
oe-core's master branch is diverging from langdale and meta-arm will be
following this, so drop compatibility with langdale in master so we're
free to diverge too.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The SCP-firmware CMake compile step automatically attempts to execute
cppcheck if both:
* cppcheck can be located using find_program
* DISABLE_CPPCHECK is not defined
cppcheck is not readily available in OE-core and is not an essential
part of the compilation process for end-users, so explicitly disable the
cppcheck step by passing DISABLE_CPPCHECK to CMake.
Additionally, because the OE-core CMake toolchain file cannot be used,
find_program may locate cppcheck on the host machine, which will cause
the build to fail if it is not the recommended version (as it is in
recent Linux distros).
Issue-Id: SCM-5864
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: Ia87a0cbbb67ac1d6f3b26cfb5747a85b46131f81
Signed-off-by: Jon Mason <jon.mason@arm.com>
If CMAKE_BUILD_TYPE=debug (lowercase), SCP-firmware builds with debug
compiler flags but BUILD_MODE_DEBUG is not defined in C code so features
that are conditionally enabled/disabled in debug mode are not active.
Pass capitalized "Debug" and "Release" strings to CMAKE_BUILD_TYPE to
ensure Debug mode is fully enabled when SCP_BUILD_RELEASE = "0".
SCP_BUILD_RELEASE = "1" (the default) for all machines in meta-arm-bsp
so they are unaffected.
Issue-Id: SCM-5864
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: I93220420eedd2e3e6c169679efcaf4642dd5bc51
Signed-off-by: Jon Mason <jon.mason@arm.com>
The include file should be pointing to `optee-os-3.19.0` instead of
`optee-os-3_19` (which does not exist).
Fixes: 3259a2a840 ("arm/optee: support optee 3.19")
Signed-off-by: Theodore A. Roth <theodore_roth@trimble.com>
Signed-off-by: Theodore A. Roth <troth@openavr.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
apply_local_src_patches.bbclass was added in a previous patch to handle
the application of patch files located inside the fetched source code.
find is used to collect the patch files which does not guarantee the
order of its output. Pipe the output of find into sort to ensure patch
files are applied in the correct order.
Issue-Id: SCM-5864
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: I1082fb7a726a7745289a5aa8bb6447bef57a94b0
Signed-off-by: Jon Mason <jon.mason@arm.com>
Now that the FVP is available for both aarch64 and x86-64, don't set a
tag so this can run on both architectures.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
There is now a beta release of the Base-A AEM FVP for aarch64!
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
We can download both x86-64 and aarch64 binaries, so ensure the SRC_URI
entry is named to identify them.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
There is a new optee version 3.19. Currently, qemuarm-secureboot cannot boot
optee 3.19 out-of-the-box. This pins optee-os version to 3.18 for
qemuarm-secureboot.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
From: Emekcan <emekcan.aras@arm.com>
Adds build configuration to support optee-os 3.19 for N1SDP.
Also, it patches optee-os to support external DT for N1SDP.
Signed-off-by: Emekcan <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Moves optee-3.18 and optee-tadevkit patches into
related directories.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The libts recipe assumes generated cmake file will be suffixed with
'-noconfig'. This is only true when building with the default type
i.e. "".
Check which target cmake file has been generated before trying to
patch it. This fixes 'no such file' error when building with an
explicit type (Debug, Release, etc).
Signed-off-by: Adam Johnston <adam.johnston@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Apply patch to use the stateless platform service calls
Calls to psa_connect is not needed and psa_call can be called
directly with a pre defined handle.
Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
The meta-gem5 layer is unmaintained and gem5 is incompatible with Python
3.11, so won't work with master without work that is still ongoing.
Signed-off-by: Ross Burton <ross.burton@arm.com>
The meta-atp layer is unmaintained and gem5 is incompatible with Python
3.11, so won't work with master without work that is still ongoing.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Add set -e so errors are fatal.
Allow HOST_ARCH and VER to be overridden by the environment, for testing.
Pull the tarball basename into a variable to reduce duplication.
Turn the wget call into a function to reduce duplication.
Drop the big-endian binaries as we never use those.
Signed-off-by: Ross Burton <ross.burton@arm.com>
meta-clang has a langdale branch now, so unset the explicit refspec.
linux-yocto needs to use non-clang objcopy, apply the change locally
until the commit has been merged into meta-clang's langdale branch.
perf needs some patches backported, until that has been done use gcc to
build perf.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Timing Annotation is a feature of the model that enables high-level
performance estimations to be made [1]. It is not needed to demonstrate
a functioning software stack so set FASTSIM_DISABLE_TA to 1 in the model
environment to disable this feature. This also improves model
performance.
[1] https://developer.arm.com/documentation/100965/1119/Timing-Annotation
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
DEFAULT_TAG and CPU_REQUEST are being used to help with internal Gitlab
pipeline setups know which type of machines to run on, but has no value
outside of Arm Corp. Gitlab CI allows for variables to be overridden
by default. So, we can give it a default value of NULL/empty and have
everything work internally and externally by default.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Tag all jobs with the DEFAULT_TAG variable so each instance can control
what tags the jobs have, whilst still explicitly tagging the jobs which
need specific tags (such as x86_64 for jobs which need to run x86-only
binaries)
Signed-off-by: Ross Burton <ross.burton@arm.com>
The Kas container needs to use the entrypoint as that is where the user
changes from root to a normal user.
Also set the KUBERNETES_CPU_REQUEST to the variable CPU_REQUEST as this
needs to be tuned per-deployment.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Update version in documentation.
Issue-Id: SCM-4874
Signed-off-by: Robbie Cao <robbie.cao@arm.com>
Change-Id: Ic66bdcdc5c6309331f80faab6eaf2e3e936a5da4
Signed-off-by: Jon Mason <jon.mason@arm.com>
721bec25 "arm/fvp: Join cli arguments in verbose logging" changed the
verbose output of FVPRunner to print the generated arguments using
shlex.join instead of as a list. However, this function is only
available in Python >= 3.8, whereas OE-core currently supports Python
3.6.
To fix this, backport its one-line implementation to a local function
shlex_join and update the call site.
Issue-Id: SCM-5314
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: I56cab9dddcd0a91272464be15742a6ee726dad41
Signed-off-by: Jon Mason <jon.mason@arm.com>
Aligning the user guide with the latest Corstone1000 SW updates.
Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Upgrades the Corstone1000 FVP to the latest release
version.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Ensure meta-atp recipes are only performed if a compatible machine is
selected.
Signed-off-by: Adrián Herrera Arcila <adrian.herrera@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Previously, meta-atp extended the original gem5 recipe to add the ATP
Engine models; the .bbappend was complex, because it pulled from two
sources, and it was not possible to make machine-based overrides, as it
is a native recipe.
To solve this, we use the recent EXTRAS feature to add the gem5 models
from a different recipe.
Signed-off-by: Adrián Herrera Arcila <adrian.herrera@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The m5 readfile recipe provides general utility for gem5 users to
run any script on OS boot. We hence move it to the meta-gem5 layer.
Signed-off-by: Adrian Herrera <adrian.herrera@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
By making m5readfile into its own recipe, we avoid modifications to the
m5ops recipe when using the meta-atp layer, which break the Yocto
compatibility of the layer.
Signed-off-by: Adrian Herrera <adrian.herrera@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Test failed because there was no reference to maintainers in the
meta-atp README.
Following the common structure of other layers in the meta-arm
repository, the README in meta-atp now refers to the top-level README,
and a documentation directory contains the guidance that was present in
the original meta-atp README.
Signed-off-by: Adrián Herrera Arcila <adrian.herrera@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add support for n1sdp to trusted-services bbappends and rework some
things to make it easier to add more in the future.
Signed-off-by: Jon Mason <jon.mason@arm.com>
As TF-M ships patches that it needs applied to mbedcrypto, we apply them as
part of do_patch by using a postfunc. There is an issue when do_patch is
executed after do_deploy_source_date_epoch_setscene and apply_local_patches
tries to apply the patches already applied.
To fix this, make usage of the apply_local_src_patches bbclass.
Change-Id: Ia115b540b37ad3a2cce30e1e0461abd1f5a6ccc1
Signed-off-by: Diego Sueiro <diego.sueiro@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This class is to be inherited by recipes where there are patches located inside
the fetched source code which need to be applied.
The following variables need to be set:
LOCAL_SRC_PATCHES_INPUT_DIR is the directory from where the patches are located
LOCAL_SRC_PATCHES_DEST_DIR is the directory where the patches will be applied
Signed-off-by: Diego Sueiro <diego.sueiro@arm.com>
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: I8f9c16a5fbc9d5569cba60136560f1951408bd60
Signed-off-by: Jon Mason <jon.mason@arm.com>
In d8e9ee8fd53b7620e72b2dfebb2e8d464b737dbb the finalize method was removed.
Signed-off-by: David Bagonyi <david.bagonyi@gmail.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
World builds are trying to build trusted services, which has a
dependency on meta-python. To avoid having to add a layer dependency
for meta-arm on meta-python, limit the compatible machines to the ones
using it (which already have a meta-python dependency).
Signed-off-by: Jon Mason <jon.mason@arm.com>
"git" is the version and need not be part of the bbappend name. Since
this isn't being done in any other part of meta-arm-bsp (and not
uniformly in the same directory), rename the bbappends to have the %
wild card.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Start a new thread to simultaneously log the output of FVP and the
telnet output if the --verbose flag is passed to runfvp. So that
ConsolePortParser can read the same stream, use itertools.tee to
temporarily duplicate the stream.
Use a custom log format string with an escape character to ensure that
log output always starts at the beginning of a line when interleaved
with console output.
Issue-Id: SCM-5314
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: I3e815d9d899425e0d2af619524f09f2eda87562c
Signed-off-by: Jon Mason <jon.mason@arm.com>
It is often useful to inspect the FVP output after running the tests.
Refactor OEFVPSerialTarget._create_logfile into
OEFVPSSHTarget._create_log_filename, so that all FVP test controllers
are able to create secondary log files.
Pass a filehandle to the stdout argument of run_fvp so that the FVP
output is asynchronously logged to a file. Change the port parsing logic
to read back from the same log file instead of reading the stdout
directly.
Issue-Id: SCM-5314
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: I2ddb423fa0d896c13d3e96884858c680c4d34555
Signed-off-by: Jon Mason <jon.mason@arm.com>
To simplify the FVPRunner class, create a separate ConsolePortParser
class to handle reading an iterator of lines and parsing port numbers
for FVP consoles. Use this in runfvp and the test targets.
This refactor also allows the stream being monitored to be changed more
easily, e.g. to a log file.
Issue-Id: SCM-5314
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: Iade3a4c803fb355b04af7afa298d0a41fe707d94
Signed-off-by: Jon Mason <jon.mason@arm.com>
FVPRunner relies heavily on asyncio, despite there being very little
concurrent work happening. Additionally, while the runfvp entry point
starts an asyncio runner, it is not practical to have a single asyncio
runtime during testimage, which is fully synchronous.
Refactor to use subprocess.Popen and related functionality. The process
object has a similar interface to its async equivalent.
Cascade the API changes to runfvp and the test target classes.
Issue-Id: SCM-5314
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: I3e7517e8bcbb3b93c41405d43dbd8bd24a9e7eb8
Signed-off-by: Jon Mason <jon.mason@arm.com>
It is sometimes helpful to copy and paste the cli arguments from the
verbose runfvp output (e.g. to test with a development FVP build), but
currently the arguments are printed as a Python list. Use
shlex.join(cli) to safely join the arguments together in form that can
be reused directly in a shell.
Issue-Id: SCM-5314
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: Ibb5c5ed45d02e241cb3858f68740fb9d4e89357a
Signed-off-by: Jon Mason <jon.mason@arm.com>
Recent changes appear to have fixed clang issues. Unfortunately,
hafnium gn visibility is not done properly. So, a patch to that is
needed to get it working.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Aligning the release notes with the latest Corstone1000 SW updates.
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Use --prefix instead of --root when installing the Python modules to
ensure that build paths are not embedded in the compiled .pyc files.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Without virtio-rng enabled kernel 5.19 takes ages to finish
random number generator initialisation which causes
issues with ssh and other crypto related services.
Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
GetNextVariableName() should return EFI_BUFFER_TOO_SMALL
when NameSize is smaller than the actual NameSize. It
currently returns EFI_BUFFER_OUT_OF_RESOURCES due to setting
max_name_len incorrectly. This fixes max_name_len error by
replacing it with actual NameSize request by u-boot.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
As in EDK-2 and EDK-2 test code, setVariable() with 0
attributes means a delete variable requiest. Currently,
smm gateway doesn't handle this scenario. This commit
adds that support
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Enabling ESRT in trusted services increased the need for more
assets at protected storage level, since we now save FMP data
, capsule update, like Image Info as non volatile EFI
variables.
So, just change the default configuration for the corstone1000
to handle this.
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Reorder patch list headers, move psa api test patch that
should be applied to all psa api test from a crypto specific
directory to a more generic "psa-apitest" directory.
Create a inc file for the psa api test to make sure all out of
tree patches from trusted services are applied to all test
source directories, and move mm communicator buffer details to
each SP, and finally set it up differently as it
should/is expected to be at libts.
With this setup all psa-api test for crypto and attestation
passed.
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
At the apply ts patch stage, first check if they are patches
to be applied. Because if not, this would break the apply
patch stage with an error.
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
There are some cases where PN is not expanded into linux-yocto in the
arm-ffa-transport.inc file required from linux-yocto_%.bbappend,
because of the := usage, in those cases PN gets "defaultpkgname".
To fix the issue, rename "linux-yocto" folder into "files" and adjust
ARMFILESPATHS to point to that in linux-yocto_%.bbappend, prepend
ARMFILESPATHS to FILESEXTRAPATHS in arm-ffa-transport.inc.
Remove ARMFILESPATHS prepend from FILESEXTRAPATHS for corstone1000 in
meta-arm-bsp, because the platform has always the "arm-ffa" in
MACHINE_FEATURES, which causes ARMFILESPATHS to be prepended.
While there, remove the FILESEXTRAPATHS prepend of ARMFILESPATHS for
the n1sdp that will be added by arm-ffa-transport.inc only when
needed.
Signed-off-by: Luca Fancellu <luca.fancellu@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Bring fvp-base and fvp-base-arm32 to match what is currently being done
in other fvps, and clean up the fvps to use a single fvp yml file (which
should enable better adding and removing of issues common to fvps, like
xorg test bugs).
Signed-off-by: Jon Mason <jon.mason@arm.com>
opencsd and gator-daemon aren't currently being build. Add them to the
base build so that they can be verified to at least compile.
Signed-off-by: Jon Mason <jon.mason@arm.com>
These changes are to build and install optee test for
N1SDP
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
N1SDP has 2 DRAM's. This change is to register 2nd DRAM which starts at
0x8080000000. Linux uses 1KB of this memory to share data with optee-os.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Bitbake variables were being set in KAS for the unique Gitlab CI
configuration being used internally. While this should not have been
significantly detrimental for other setups, this shouldn't be necessary
with proper runner setup. Removing them here to all for a more generic
CI experience.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Apply shared patch to trusted services that is used to compile
psa crypto api tests to include change in packed-c request
message in the eaed update structure to be in sync with the
serialize/deserialize in TS side.
As at it, move the other corstone1000 specific patch file to
meta-arm-bsp where it should be.
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
These changes are to add support for readthedocs for
corstone1000 platform. readthedocs server traces
any changes to to corstone1000 documents and will trigger
a build which will generate html file which can will be
rendered by corstone1000.docs.arm.com server
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
These changes are to pass appropriate MMC card configuration to
corstone1000 FVP.
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Port crypto config to psa arch test api suite.This
needs to move to arm-bsp since is corstone1000 specific
configuration
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This FVP doesn't support TC1, so remove it now that we don't support TC0.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
These patches are specific to TC0, and are not needed for TC1.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The Total Compute 2020 BSP is obsolete and unsupported, so remove it
from meta-arm. The Total Compute team would like TC1 to be available in
langdale, but removed in mickledore.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This change is to add ARMFILESPATHS into serach path
for linux for N1SDP target.
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add support for libmetal and openamp as backend for se-proxy
and smm-gateway SP. For that also introduce a change to newlib
in memcpy optimization to avoid unaligned data-aborts in
__packed structures handling.
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add log handler for SP sending logs over ffa to spmc.
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Fixes the Tee driver bug in corstone1000. It adds a
delay to fix a possible race-condition occurs during
FF-A calls. This is a temporary fix for the upcoming
release.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Instead of checking out code through internal cmake,
the patch explicitly checkout the psa-adac code.
Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The patch corrects the source dir for libmetal and openamp.
Devtool modify on tf-m will work after this fix.
Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The patch bumps the tfm SHA to
b065a6b28cc6c692b99e4f7e9387d96f51bf4d07
Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
If a process is terminated using a signal, in Python its return code is
-N, where N is the signal number (e.g. -15 for SIGTERM). Currently, all
non-zero return codes are printed using logger.info, which gives the
impression of an abnormal termination even when the process was
explicitly terminated by FVPRunner.
Instead, only log return codes greater than zero.
Issue-Id: SCM-5314
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: I1a1e9d8aa3f26c14b48be718498bcb14707950b7
Signed-off-by: Jon Mason <jon.mason@arm.com>
On large systems, using all of the CPUs and 50% of the RAM when xz
compressing packages is actively harmful because it will happily use up
to that limit.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Since meta-zephyr is doing CI, there is no need to replicate that here.
Remove all of the zephyr references.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update ACK to 5.15 and remove the 5.10 recipe
Signed-off-by: Rupinderjit Singh <rupinderjit.singh@arm.com>
Change-Id: I7d86367533248312bb7a54ba39166ddee5a025ef
Signed-off-by: Jon Mason <jon.mason@arm.com>
Some of the removed tests are now working and some of the systems are
not testing against sato (as being done in base.yml). Update these and
add some comments.
Signed-off-by: Jon Mason <jon.mason@arm.com>
The rpmsg_chrdev driver has been replaced
by the rpmsg_ctrl driver. This commit
updates the defconfig to align with the
change.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This change is to upgrade kernel to 5.19 for corstone500 target
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This change is to upgrade the Linux kernel version to 5.19 for N1SDP
target to align with post N1SDP-2022.06.22 refresh
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Adam Johnston <adam.johnston@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The "secure parition development kit" is obsolete, newlib is used instead.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Bump the kernel version to 5.19.9, remove backported ffa
related patch to previous version and fix issues in the arm
rpmsg driver.
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Enable support for 11.3.rel1 binary toolchain release. Also, update CI
to use it.
Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Along with that add a new variable ARM_GCC_SUB_VERSION as newer clubbed
Arm GNU toolchain releases includes a sub-version like the current
release being 11.3.rel1 where ARM_GCC_SUB_VERSION=rel1.
Also, update CI to this release.
Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Move the features uniquely needed for system images to the testimage
file. This should reduce the image size and amount of things needing to
be built for machines that do not run testimage.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Move the FVP include file to the include directory, matching what is
done for corstone1000 and other machines in meta-arm-bsp.
Signed-off-by: Jon Mason <jon.mason@arm.com>
secure-partitions recipe is replaced with the new design of
trusted services recipes.
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Trusted Services PSA API tests commands allow testing the following
SE Proxy services: crypto, its, ps and iat
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
removing the following packages:
ffa-debugfs-mod
secure-partitions-psa-api-tests
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
increase the size of the initramfs bundle used in the boot command
The new trusted services support increases the rootfs size.
When decompressed the initramfs bundle size is around 15M.
u-boot boot command needs to be updated with this size to be able to load
all the initramfs bundle.
When compressed the initramfs bundle size is around 5.4M
(Image.gz-initramfs--5.15.59)
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
The prevoius commit refactored trusted-firmware-m-sign-host-images.inc
into tfm_sign_image.bbclass.
Move the image signing logic from the TF-M bbappend to
corstone1000-image.bb, using the new bbclass.
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: Ib76dce2ba9102e343d0611d929250d1d8aee518b
Signed-off-by: Jon Mason <jon.mason@arm.com>
Introduce a new recipe for the TF-M signing scripts.
To make the functionality easier to reuse, move the logic that is
currently in trusted-firmware-m-sign-host-images.inc to
tfm_sign_image.bbclass. This bbclass DEPENDS on
trusted-firmware-m-scrpits-native.
tfm_sign_image.bbclass can be inherited in image recipes to sign
artifacts.
Issue-Id: SCM-4964
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: I74aaab5db1a43fedf13ea2564c2f31af207ae924
Signed-off-by: Jon Mason <jon.mason@arm.com>
In order to support overriding the branch names in other layers, extract
the branch name for each repository and set using default assignment.
Issue-Id: SCM-4964
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: I09d0c1f1d012c1abb84648ad974883bbdaa1db7a
Signed-off-by: Jon Mason <jon.mason@arm.com>
Migrating RTX repo to a new namespace under
arm reference solution. The new repo also adds
corstone1000 as a product so this commits
also changes the PRODUCT variable.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Migrating the test repo to a new namespace under
arm reference solution.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Remove microbit-v1, qemu-cortex-a53, qemu-cortex-m3, and qemu-cortex-r5
from CI (and the tree in general). These machines are part of the
meta-zephyr CI now and keeping them here is redundant. However, keeping
zephyr builds for machines that also have TF-M.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update TF-A version to align with post-N1SDP-2022.06.22 refresh
Signed-off-by: Adam Johnston <adam.johnston@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This is to align edk2/edk2-platforms with N1SDP-2022.06.22 release
Signed-off-by: Adam Johnston <adam.johnston@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update edk2/edk2-platforms versions to align with N1SDP-2022.06.22 release.
Signed-off-by: Adam Johnston <adam.johnston@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Since 820a55d3 the environment that the FVPs run in is limited, however
this broke the use of GUI applications for the terminals.
Passthrough DISPLAY and WAYLAND_DISPLAY automatically so these continue
to work.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Since U-Boot 2022.04 the host tool mkeficapsule requires gnutls.
Thus adding it to the dependency.
Signed-off-by: Davidson K <davidson.kumaresan@arm.com>
Change-Id: I8eff2e9bb9752bea5b885fcf3a69bf79c4f0c215
Signed-off-by: Jon Mason <jon.mason@arm.com>
This does not build with clang from meta-clang and also does not build
with gcc either
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Adds the external system test application and the relevant
recipe into the corstone1000 initramfs image.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Adds a linux userspace test application and a recipe
to build it to test external system in corstone1000
platform.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The newly added clang patch does not apply cleanly to the tc version of
hafnium. Since there are no plans to use clang on tc, remove it for
this platform.
Also, use devtool to clean-up the clang patch in question.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Enable tee and arm-ffa driver on qemuarm/qemuarm64 by default
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Adds out-of-tree rpmsg_arm_mailbox driver patches into linux
kernel to communicate with external system using MHUs in
corstone1000 platform. The host can communicate with external
system using the driver under /dev/rpmsg0_ctrl0.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The host uses MHUs to send/receive data from the external system
in corstone1000. This commit adds MHU mailbox bindings into the
u-boot device tree to enable data communication between the host
and external system.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
A new update to clang is causing warnings (which are errors because edk2
was Werror by default). The error is:
clang-15: error: '-x c' after last input file has no effect [-Werror,-Wunused-command-line-argument]
Work around it by disabling this specific error. Also, use devtool to
update the patch.
Signed-off-by: Jon Mason <jon.mason@arm.com>
It installs arm_ffa_user.h and so does arm-ffa-user recipe, lets not
build ffa-debugfs-mod in world builds since it does not appear as much
in other package dependencies as arm-ffa-user
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
These recipes are not buildable with clang in its current state
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
3.18 builds are failing since the section stuff is also done in
core_mmu_v7.c therefore extend the patch to include this file as well
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Only corstone1000 is using the legacy version of optee-client. Move it
there to keep corstone1000 working, while removing it from meta-arm to
discourage use of the non-latest version.
Signed-off-by: Jon Mason <jon.mason@arm.com>
The CPU issue that pinned qemuarm-secureboot is no longer present.
Remove the logic in the conf file that held it back to the older
version.
Signed-off-by: Jon Mason <jon.mason@arm.com>
ARMv7 does not have fixes for the clang issues already fixed for ARMv8.
Make the necessary changes in that patch for it to work. Also, update
the patches (via devtool).
Signed-off-by: Jon Mason <jon.mason@arm.com>
The configure sed operation will not behave as expected because '*'
match misses a preceeding '.'.
Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Adds external system device driver into linux.
User applications can control the external system
using the driver under /dev/extsys_ctrl in
corstone1000 platform.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Corstone1000 needs a kernel driver to control the
external system (turn on/off, reset). This commit
adds the external system driver binding to the
u-boot device tree for corstone1000.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
It is sometimes useful to be able to configure the behavior of FVPs
using environment variables, e.g. for licensing or plugins.
Add a new FVP option: FVP_ENV_PASSTHROUGH, which allows the Bitbake
variables to be passed to the environment to be specified explicitly (in
a similar way to BB_ENV_PASSTHROUGH). This ensures that:
* FVPs launched via runfvp have a reproducable environment
* FVPs launched via testimage (which run from an isolated Bitbake task)
can receive environment variables
Change the self-tests to use cwd instead of PATH to find the mock FVPs,
as the PATH environment variable is no longer passed through.
Issue-Id: SCM-4964
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: Idf6ac6d41fda4cd5f950bc383c2fc1fa1acdf4e3
Signed-off-by: Jon Mason <jon.mason@arm.com>
Historically external-arm-toolchain recipe packaged all gcc headers from
${libdir}/gcc/${TARGET_SYS}/${BINV}/include - some would be picked up by
packages like gcc-sanitizers, libssp-dev. libquadmath-dev or libgomp-dev.
The rest would fall into catch-all libgcc-dev package.
Unfortunately, that could result in a conflict with a target gcc, which
also packages some of those files, like unwind.h or stddef.h, among others.
The conflict could be seen with this config:
EXTRA_IMAGE_FEATURES += "dev-pkgs tools-sdk"
TCMODE = "external-arm"
EXTERNAL_TOOLCHAIN = "/OE/toolchains/gcc-arm-11.2-2022.02-x86_64-aarch64-none-linux-gnu"
And the error message is:
Error: Transaction test error:
file /usr/lib/gcc/aarch64-poky-linux/11.2.1/include/stddef.h conflicts between attempted installs of libgcc-s-dev-11.2.1-r0.1.cortexa57 and gcc-arm+11.2-r2022.02.1.cortexa57
file /usr/lib/gcc/aarch64-poky-linux/11.2.1/include/unwind.h conflicts between attempted installs of libgcc-s-dev-11.2.1-r0.1.cortexa57 and gcc-arm+11.2-r2022.02.1.cortexa57
Modify external-arm-toolchain recipe according to how libgcc in OE-Core
handles those header files by removing and not packaging them:
https://git.openembedded.org/openembedded-core/tree/meta/recipes-devtools/gcc/libgcc-common.inc#n40
Also need to adjust gcc recipe to pick up unwind.h from EXTERNAL_TOOLCHAIN
location now, since libgcc-dev no longer carries it, and install it into
STAGING_LIBDIR_NATIVE, where OE-Core gcc-target.inc expects it from
gcc-cross:
https://git.openembedded.org/openembedded-core/tree/meta/recipes-devtools/gcc/gcc-target.inc#n164
Signed-off-by: Denys Dmytriyenko <denys@konsulko.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This change is to enable build and installing external-system firmware
for corstone1000 platform.
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The corstone1000 optee files have an underbar when it should have a
hyphen in the naming scheme. Change this to match other files.
Signed-off-by: Jon Mason <jon.mason@arm.com>
A optee-os v3.10 recipe is necessary for corstone100, as it is actually
using 3.10 SHA and then trying to apply patches for 3.14 (which is
causing fuzz errors). Create this and use it to avoid these issues.
Signed-off-by: Jon Mason <jon.mason@arm.com>
With the latest gcc, there were some unresolved symbols on
opemamp linkage, add the implementation of that symbol for the
outline of atomics.
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Upgrade to the latest 5.4 release (.205), and backport two patches to
fix buildpath errors:
File /usr/src/debug/linux-yocto/5.4.205+gitAUTOINC+e8c675c7e1_8a59dfded8-r0/lib/oid_registry_data.c in package linux-yocto-src contains reference to TMPDIR
File /usr/src/debug/linux-yocto/5.4.205+gitAUTOINC+e8c675c7e1_8a59dfded8-r0/drivers/tty/vt/consolemap_deftbl.c in package linux-yocto-src contains reference to TMPDIR [buildpaths]
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
In complex stacks, e.g. with many cores or many init scripts, the time
to Linux shell may be more than 10 minutes. Make the boot timeout
configurable using TEST_FVP_LINUX_BOOT_TIMEOUT, leaving the default
value at 10 minutes.
Issue-Id: SCM-4958
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: Ie074acd4b4509d0230d1f77a2a527d497bb295ce
Signed-off-by: Jon Mason <jon.mason@arm.com>
qemuarm64-secureboot-ts pipeline is based on qemuarm64-secureboot machine
and additionaly includes:
- TS Crypto, Storage, ITS, Attestation and SMM-Gateway SPs into optee-os image
- TS demo/test tools
- TS psa-arch-tests
This commit also includes Trusted Services OEQA tests
Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
We define dedicated recipes for all supported TS SPs.
The recipes produce stripped.elf and DTB files for SPs.
These files are automatically included into optee-os image.
See meta-arm/recipes-security/trusted-services/optee-os-ts.inc
This approach allows us to:
- include only required SPs into an optee-os image using MACHINE_FEATURES
- use Yocto cmake bbclass
- fetch and build only required dependencies
- use simple SP specific bbapend files if required
Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
These recipes produce only -dev and -staticdev packages
which are used for building other TS recipes.
Nothing from these recipes is included into the final image.
Using dedicated recipes for dependencies allows us:
- fetch sources and build dependencies only once and only the required ones.
- simplify the dependencies recipes and use Yocto cmake bbclass
- troubleshoot/fix/update dependencies builds separately
Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
To fit the kernel image into the allotted space, a compressed kernel
image is now needed. Use the Image.gz from the kernel build process
and change the relevant places to use the new image name. This also
necessitates adding an unzip command to u-boot to uncompress it to
memory (and the loadm is still needed to setup the efi mem boot device).
Also, the unzipped image is larger than before. So, increase the size
that loadm is copying.
This change shrinks the kernel image size from 7.8MB to 3.2MB
Signed-off-by: Jon Mason <jon.mason@arm.com>
When building for arm32 with GNU binutils 2.39, the linker outputs
warnings when generating some TEE core binaries.
arm-poky-linux-gnueabi-ld.bfd: warning: atomic_a32.o: missing .note.GNU-stack section implies executable stack
arm-poky-linux-gnueabi-ld.bfd: NOTE: This behaviour is deprecated and will be removed in a future version of the linker
NOTE: recipe optee-os-tadevkit-3.18.0-r0: task do_compile: Failed
These patches are backport from upstream [1]
There are two versions of patches: for optee-os 3.14 and 3.18 to avoid patch fuzz warnings.
[1] https://github.com/OP-TEE/optee_os/pull/5499
Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add yocto kernel cache bluetooth entries for platforms that have that
machine feature enabled. This is necessary, as kernel warnings about it
not being enabled are now occurring.
Signed-off-by: Jon Mason <jon.mason@arm.com>
These were integrated into the 2.7.0 release, but were not removed when
the recipe was upgraded.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
These changes are to add support to build optee-os for N1SDP target.
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This change is to bump the TF-A hash which has changes required
for optee-os to boot. Also, drop patch related to bl size as the
changes are already merged to upstream TF-A.
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update all of the 3.17 recipes to 3.18 and remove the already upstreamed
patch. optee-os was already at 3.18. So, we only need to remove the
3.17 recipe.
Signed-off-by: Jon Mason <jon.mason@arm.com>
package is always inheritted by the base classes so the recipe does not
need to do this. This became an error with recent bitbake changes, fix
things by removing it.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The newly added vmalloc entry in qemuarm is causing issues with graphics
on qemuarm-secureboot. Remove that by setting +QB_KERNEL_CMDLINE_APPEND
to empty.
Signed-off-by: Jon Mason <jon.mason@arm.com>
SCMI support was added to the latest kernel (kernel commit
96bb0954860a4c8b8c77d59fc53cd4cafac914f5). So, remove this patch, as it
is no longer necessary
Signed-off-by: Jon Mason <jon.mason@arm.com>
This kernel config variable has been removed from newer kernels (v5.19)
and is logging a warning of:
[INFO]: the following symbols were not found in the active configuration:
- CONFIG_OPTEE_SHM_NUM_PRIV_PAGES
Remove the entry, as it is no longer needed
Signed-off-by: Jon Mason <jon.mason@arm.com>
In newer kernels, vexpress has been rolled under the versatile umbrella.
Update the patch to refer to the new location
Signed-off-by: Jon Mason <jon.mason@arm.com>
Rebase the u-boot patches on top of current u-boot supported
version in poky, needed some adjustments at efi loader.
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add documentation for how to use the OEQA framework to test targets in
meta-arm. Include instructions on using OEFVPTarget as well as the
OEFVPSerialTarget introduced by the recent refactor of runfvp.
Issue-Id: SCM-4954
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: I146ec1c82214471fe9d18a999fd92efb38f652f9
Signed-off-by: Jon Mason <jon.mason@arm.com>
The runfvp refactor to enable OEFVPSerialTarget created FVP_CONSOLES
which maps the names used for serial ports in test cases to the names
used for serial ports in the FVP stdout.
Refactor the FVP_CONSOLE section -> FVP_CONSOLES, noting the the
'default' console is still used for the --console runfvp flag.
Issue-Id: SCM-4954
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: Ieb13d74cfd425900f44b4b2e6d125393e7b456ad
Signed-off-by: Jon Mason <jon.mason@arm.com>
The dropped u-boot patches are not required as the bug is
from the SMM Gateway SP. A patch for the secure partitions
has been added to fix the SMM Gateway behaviour. Patch
0048-Fix-UEFI-get_variable-with-small-buffer.patch has been
added in commit "arm-bsp/secure-partitions: fix SMM gateway
bug for EFI GetVariable()".
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The efiGetVariable() function when called from uboot with data size
set to 0 should return only the data size and not the actual data in
the end of the buffer based on the EFI 2.9 spec. This patch fixes
the bug.
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
At the moment, when using the --console flag, if telnet is shut down
cleanly (i.e. by typing "quit" at the prompt instead of Ctrl+C), runfvp
still waits on the FVP to exit of its own accord, so hangs.
Move the fvp.run() call so that when telnet quits, it immediately
proceeds to shut down the FVP.
Issue-Id: SCM-4954
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: I2169c99586a1eebc2c6ab4b2e15fb0c769fc81a8
Signed-off-by: Jon Mason <jon.mason@arm.com>
Run command: bitbake optee-os && bitbake lib32-optee-os
bitbake lib32-optee-os will fail with following error since
bitbake optee-os already deploy same file under the path.
RROR: lib32-optee-os-3.12.0+gitAUTOINC+3d47a131bc-r0 do_deploy: The recipe lib32-optee-os is trying to install files into a shared area when those files already exist. Those files and their manifest location are:
/build/tmp-glibc/deploy/images/qemuarm64/optee/tee.elf
(matched in manifest-qemuarm64-optee-os.deploy)
Fix by deploy them to differernt dir
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Current secure-partitions patches do not apply cleanly with devtool.
Update them with the necessary changes to address this issue, and
regenerate them via devtool.
Signed-off-by: Jon Mason <jon.mason@arm.com>
- 0001-vexpress64-Add-BASER_FVP-vexpress-board-variant.patch
Change to 0002-vexpress64-add-MPU-memory-map-for-the-BASER_FVP.patch.
Only MPU memory map is preserved, other parts have been upstreamed.
- 0007-vexpress64-Configure-memory-using-device-tree.patch
Deleted. Upstreamed in commit 1a1143a45457161e90ea4cd5f3b0561d924ed8fe
Signed-off-by: Qi Feng <qi.feng@arm.com>
Issue-Id: SCM-5030
Change-Id: I4aab3bab545e64e3a4a3a3fd67bcef79acdc41be
Signed-off-by: Jon Mason <jon.mason@arm.com>
bundled libcrypto.a in optee-test sources is built using glibc based
toolchain and expects foritied _chk version of the libc functions e.g. __sprintf_chk
which wont work for musl. Therefore rely on freshly built openssl by OE
instead
Fixes errors like
arm-yoe-linux-musleabi/gcc/arm-yoe-linux-musleabi/12.1.0/ld: ../openssl/lib/arm/libcrypto.a(dso_dlfcn.o): in function `dlfcn_name_converter':
dso_dlfcn.c:(.text+0x19e): undefined reference to `__sprintf_chk'
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This change is to add yocot recipe to support optee-os
3.18.0 version.
Also, move the SRC_URI:append and DEPENDS to optee-os.inc
as these are common accross different optee versions.
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Upgrade the FVPs to the latest releases, and do some cleanups for future
changes.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The linuxboot test case prints the following in log.do_testimage, only
when executing testimage without a pycache:
linuxboot.py:18: DeprecationWarning: invalid escape sequence \:
self.target.expect(self.console, "login\:", timeout=10*60)
Fix the warning by escaping the ':' character correctly in the pexpect
regex.
Issue-Id: SCM-4957
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: I8ad54c7df6b7d1d1ddeab31cf66daff1ab84e227
Signed-off-by: Jon Mason <jon.mason@arm.com>
When enabling trusted boot, the UEFI binary was replaced with a FIP image (which
contains the UEFI binary), therefore the SD card image should depend on
trusted-firmware-a rather than edk2-firmware.
Signed-off-by: Adam Johnston <adam.johnston@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Upstream has updated u-boot to v2022.07, but the update is causing
problems with some machines. Temporarily add a v2022.04 recipe until
the issues can be resolved.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Change to use sato by default. Unfortunately, there are some bugs found
by this change. For those systems, change it back to base until the
issues can be resolved.
Signed-off-by: Jon Mason <jon.mason@arm.com>
The common test has a timing issue, causing it to intermittently fail.
Since it is not unique to our environment, remove it to prevent false
positive regressions.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Latest oe-core has enabled the buildpaths QA check, which warns if the
build paths are present inside binaries. This is because build paths in
deployed binaries is both information leakage and non-reproducible.
Until this is fixed, skip this check.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Latest oe-core has enabled the buildpaths QA check, which warns if the
build paths are present inside binaries. This is because build paths in
deployed binaries is both information leakage and non-reproducible.
Until this is fixed, skip this check.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Latest oe-core has enabled the buildpaths QA check, which warns if the
build paths are present inside binaries. This is because build paths in
deployed binaries is both information leakage and non-reproducible.
Until this is fixed, skip this check.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Latest oe-core has enabled the buildpaths QA check, which warns if the
build paths are present inside binaries. This is because build paths in
deployed binaries is both information leakage and non-reproducible.
Until this is fixed, skip this check.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Backport two patches from upstream to ensure the build doesn't contain
build paths.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Latest oe-core has enabled the buildpaths QA check, which warns if the
build paths are present inside binaries. This is because build paths in
deployed binaries is both information leakage and non-reproducible.
Until this is fixed, skip this check.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Latest oe-core has enabled the buildpaths QA check, which warns if the
build paths are present inside binaries. This is because build paths in
deployed binaries is both information leakage and non-reproducible.
Until this is fixed in edk2-firmware, skip this check.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
If clang builds assembler code the debug symbols contain unmapped build
paths which trigger the buildpaths QA check. This bug has been filed
with upstream:
https://github.com/llvm/llvm-project/issues/56609
Until it is fixed, exclude buildpaths from clang builds so that CI can
pass.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
When used in a non-interactive context, apt prints a warning:
WARNING: apt does not have a stable CLI interface. Use with caution in scripts.
Use apt-get directly to avoid putting warnings in the logs.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
NT_FW_CONFIG DTB contains platform information passed by TF-A boot
stage. This information is used for Virtual memory map generation
during PEI phase and passed on to DXE phase as a HOB, where it is used
in ConfigurationManagerDxe.
Signed-off-by: Adam Johnston <adam.johnston@arm.com>
We have encountered intermittent hanging during FVP shutdown, so improve
the termination logic by first issuing a terminate(), waiting a bit
then, if necessary, issuing a kill().
Move returncode logic to after the telnet/pexpect cleanup so it
actually runs.
Move pexpect.EOF logic into FVPRunner.stop so that it executes before
closing the pexpect handle.
Issue-Id: SCM-4957
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: Iebb3c3c89367256b1e116e66ffdb6b742358bce4
Signed-off-by: Jon Mason <jon.mason@arm.com>
Create a new "linuxboot" test that uses the pexpect methods on
OEFVPSerialTarget to wait for a Linux login shell.
Switch to this test method for fvp-baser-aemv8r64, corstone500 and
corstone1000.
Issue-Id: SCM-4957
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: Idd749652ee72e244b7a3831dd2295e0bfaed3bfa
Signed-off-by: Jon Mason <jon.mason@arm.com>
Refactor OEFVPTarget into new base class, OEFVPSSHTarget. OEFVPTarget
extends OEFVPSSHTarget and additionally waits for a Linux login prompt
for compatibility with tests in OE-core.
OEFVPSerialTarget also extends OEFVPSSHTarget. It also exposes the
entire API of pexpect, with the first argument being the
FVP_TEST_CONSOLE varflag key. It logs each console output to separate
files inside the core-image-minimal work directory.
Issue-Id: SCM-4957
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: I1b93f94471c6311da9ee71a48239640ee37de0af
Signed-off-by: Jon Mason <jon.mason@arm.com>
So that the test target can connect to the desired console(s) as soon
as they appear in the FVP stdout, add the variable FVP_CONSOLES to the
fvpconf as a replcaement for FVP_CONSOLE. The varflags of this variable
define a mapping between FVP console names (e.g. terminal_0) and console
names in the tests (e.g. 'zephyr'). The console defined in
FVP_CONSOLE is automatically mapped as 'default' for backwards
compatibility.
This also enables greater reuse of test cases, as the "default" console
name can be remapped on a per-machine basis.
Issue-Id: SCM-4957
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: I9d88b172bfc5a5459b9f5132f287c70816d7fb55
Signed-off-by: Jon Mason <jon.mason@arm.com>
Refactor OEFVPTarget to use the FVPRunner in meta-arm/lib instead of
calling runfvp in a new process.
Use pexpect to wait for the login prompt instead of parsing the FVP
output manually.
This patch introduces a dependency on pexpect for the meta-arm test
targets. It is already in the Yocto host dependency list and the Kas
container image, but may need to be installed on development machines.
Issue-Id: SCM-4957
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: I7200e958c5701d82493287d021936afcf2f2bac9
Signed-off-by: Jon Mason <jon.mason@arm.com>
Create basic tests for conffile and runner in meta-arm/lib/fvp
Issue-Id: SCM-4957
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: I1684b0c99fb4fd5299df19f00abb30e8faab3495
Signed-off-by: Jon Mason <jon.mason@arm.com>
Refactor runfvp into a "fvp" library inside meta-arm. Split into
terminal, conffile and runner.
Issue-Id: SCM-4957
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: I797f9a4eab810f3cc331b7db140f59c9911231fd
Signed-off-by: Jon Mason <jon.mason@arm.com>
When runfvp is spawned from an other process (for example except), it is
throwing a permission error.
To solve the problem, surround the call to setpgid with a try/except and
ignore the permission errors.
Signed-off-by: Bertrand Marquis <bertrand.marquis@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This commit configures N1SDP firmware for TBBR bootflow as follows:
* uefi.bin replaced with with fip.bin
* load address adjusted for FIP image
Signed-off-by: Adam Johnston <adam.johnston@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This commit configures scp-firmware for TBBR bootflow as follows:
* Updates SCP FW to master
* BL31 replaced in the SCP firmware image with BL1
Signed-off-by: Adam Johnston <adam.johnston@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This commit configures trusted-firmware-a for TBBR bootflow on N1SDP as follows:
* Trusted boot is enabled.
* Generation of root-of-trust is enabled
* All TB images (BLx, DTBs) are built
* uefi.bin is specified as the BL33 image
* BL2, BL31, BL33 are signed and stored in the FIP
* N1SDP platform sources are patched to increase max size BL2 and reduce max size of BL1
Signed-off-by: Adam Johnston <adam.johnston@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add basic support for running edk2 on qemuarm and qemuarm64. This
necessitated the need to add ACPI and EFI to the default kernel configs
for these machines.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Arm generic timer provides different timers for different exception
levels and different secure states. Because Armv8-R AArch64 has secure
state only, the valid timer for hypervisor in EL2 is secure hypervisor
physical timer. But for platform fvp-baser-aemv8r64, before FVP 11.18,
the secure hypervisor physical timer could not work well in EL2, so we
had been using Non-secure physical timer in EL2 for hypervisor as a
workaround.
Since secure hypervisor physical timer issue has been fixed from FVP
11.18, we can use this correct timer in EL2 for hypervisor now. So we
update the device tree timer node to use secure hypervisor physical
timer interrupt for hypervisor.
About the interrupt assignments of FVP, please refer to
https://developer.arm.com/documentation/100964/latest/Base-Platform/Base---interrupt-assignments
Issue-Id: SCM-4596
Signed-off-by: Jiamei Xie <jiamei.xie@arm.com>
Change-Id: I9d4b9f4e0ed14c6c1567269c83696ceb9ff84ac8
Signed-off-by: Jon Mason <jon.mason@arm.com>
The new FVP includes the arch in the download filename, so refactor
FVP_ARCH in fvp-common.inc to make "Linux64" available in the recipe
file.
Update version and EULA URL in documentation.
Issue-Id: SCM-4388
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: I3ddc29cd444b78634086f2aefe4f52799eb937b1
Signed-off-by: Jon Mason <jon.mason@arm.com>
N1SDP board cannot boot after recent TF-A 2.7 update in meta-arm. This
is due to TF-A 2.7 not configured correctly for N1SDP board to support
trusted boot feature.
This patch temporarily brings back TF-A 2.6 recipes for fixing the N1SDP
boot.
A proper fix is in work progress to configure TF-A 2.7 correctly to
support trutsed boot on N1SDP.
Signed-off-by: Xueliang Zhong <xueliang.zhong@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
zephyr uses icount to improve test accuracy on virtual hardware. Do
the same here for the same reason for the platforms that actually test.
Also, the common test now appears to work for microbit-v1 and poll doe
snot work for qemu-cortex-m3
Signed-off-by: Jon Mason <jon.mason@arm.com>
The upstream version is 2.7.0, so use that name instead of just 2.7.
Also remove the unversioned bbappend which simply extended
FILESEXTRAPATHS, there's no need for this split now that we aim to have
~1 version of TF-A in the tree.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The SGI-575 build is successful with branch protection enabled, so remove
this workaround.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
To allow bitbake including the 'generic-arm64-standard.scc' into the kernel
configuration, it has to be included as a kmeta type source to the SRC_URI.
Issue-Id: SCM-4394
Signed-off-by: Kamil Dziezyk <kamil.dziezyk@arm.com>
Change-Id: Iaebd0c7758038843a1d0f37decbef057629bf0bb
Signed-off-by: Jon Mason <jon.mason@arm.com>
Binaries shouldn't be in datadir, and now the RPATHs are being cleared
we can put them in libexecdir.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
As per [1], target builds of androidclang produce useless-rpath errors.
/usr/share/clang-r416183b/python3/lib/python3.9/lib-dynload/_posixsubprocess.cpython-39-x86_64-linux-gnu.so
contains probably-redundant RPATH /../lib [useless-rpaths]
Those RPATHs are of no use, so we can remove them entirely.
[1] https://errors.yoctoproject.org/Errors/Details/640604/
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add a patch to fix uninitialized varibles, detected by Clang when
building for Juno. However, whilst it now compiles it can't generate
firmware images correctly, so it has to remain forcing GCC.
Remove the workaround to force debug builds when using Clang, as this is
now fixed.
Drop upstreamed patches from sbsa-acs.
Signed-off-by: Ross Burton <ross.burton@arm.com>
This is not a clean rebase. The patch had to be modified to apply and
work on v2022.04. It is not very elegant, but it is functional.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Recent modifications in u-boot moved the default location of the FDT.
Update the runfvp parameters to match this new location.
Signed-off-by: Jon Mason <jon.mason@arm.com>
As far as we know nobody is actually using the Arm Compiler recipe: 6.17
does a network operation on every call to check the license and this
fails with the network isolation that do_compile has in kirkstone, and
6.18 is behind a loginwall so we cannot download it in a recipe.
Unless we have actual users asking for a recipe, remove it from the layer
to avoid confusion.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The recipe supports the use of both Arm's binary GCC (aka GNU Arm
Embedded Compiler, or gnu-rm) and binary Clang (aka Arm Compiler).
However, armcompiler was never tested and doesn't work: 6.17 does a
network operation on every call to check the license which fails with
the network isolation in do_compile tasks, and 6.18 is behind a
loginwall so we can't automatically fetch it in a recipe.
Simplify the recipe to hardcode the use of gnu-rm, and remove the clang
support.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Our CI is now running on Broadwell+ cores, so the 11.2 release of GCC
should work.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add parameters required to boot with cache_state_modelled enabled:
* bp.virtio_net.secure_accesses=1
* bp.virtio_rng.secure_accesses=1
* bp.virtioblockdevice.secure_accesses=1
* cci400.force_on_from_start=1
Add bp.ve_sysregs.exit_on_shutdown=1 to match fvp-base.
Remove parameters that are not required to boot or are setting the
default value.
Alphabetize list.
Issue-Id: SCM-4304
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: I0a696eff5bb83206e5501f651c487f16f695aa4c
Signed-off-by: Jon Mason <jon.mason@arm.com>
Running the FVP_Base_AEMv8R model with the cache_state_modelled
parameter enabled exposed some defects in the U-Boot BSP patches for the
fvp-baser-aemv8r64:
* The MPU memory attributes are inconsistent with the existing MMU
attributes, causing a model hang when sending packets using
virtio-net in U-Boot.
* The instruction cache was left disabled after booting an EFI payload
at S-EL1, causing some EFI apps (e.g. Grub) to hang when attempting
to use dynamically loaded modules.
The cache_state_modelled FVP parameter is enabled by default in the
model (for simulation accuracy) but is disabled by default in the
machine conf (for simulation speed).
Add two additional machine-specific U-Boot patches to fix the above
issues.
Issue-Id: SCM-4641
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: I5ab13c9fdadd82456ac3f3e3703df36590d52fb7
Signed-off-by: Jon Mason <jon.mason@arm.com>
The backports are now merged, so remove patches 1 through 5 and
renumber.
Upstream now requires CONFIG_DEFAULT_DEVICE_TREE to be defined, even if
unused, so backport relevant portions of upstream BASER_FVP patch into
the board suppport patch.
Issue-Id: SCM-4304
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: I327e8aba3463f088bba40e83893c6f15beabb250
Signed-off-by: Jon Mason <jon.mason@arm.com>
Upstream has updated u-boot to v2022.04, but the update is causing
problems with some machines. Temporarily add a v2022.01 recipe until
the issues can be resolved.
u-boot and zephyr hacking
Signed-off-by: Jon Mason <jon.mason@arm.com>
GCC 12 is causing problems in newlib, which is causing problems for
zephyr. Add a workaround until those issues can be resolved.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Build all the things that qemuarm64-secureboot builds, removing those
that fail to compile. Unfortunately, musl doesn't play nicely with
optee-test.
Signed-off-by: Jon Mason <jon.mason@arm.com>
This appears to be historical from when the toolchain was in meta-linaro.
It isn't needed anymore, there's one bbappend in meta-arm-toolchain for
grub which is part of oe-core, so will never be dangling.
This variable has a global effect, so leaving it in here has a negative
impact on users.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The only user of the old 5.4 kernel is meta-gem5, so move it into that
layer to keep it separate.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The new mbedtls version (v2.28) increase the size of TF-A slightly.
This commit increases the size of BL2 for TC, so that TF-A with updated
mbedtls version can fit.
Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
FF-A version is defined 1.1 in corstone1000_spmc_manifest.dts. However, SPMC
does not support FF-A version 1.1 at the moment. This commit fixes FF-A version
issue by defining 1.0 again.
Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The latest TF-A version requires mbedtls v2.28. This
commit upgrades mbedtls to v2.28 for TF-A recipe.
An upstreamed patch included to the base recipe from TF-A master
that fixes the build issues beween TF-A 2.6 and Mbedtls 2.28.
Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
I misunderstood how the external-arm-toolchain recipes were working, the
latest revision of the recipe works with both 10.3 and 11.2.
Clean up my mess by dropping the PREFERRED_VERSION from the CI, and revert
the addition of versioned recipes. Simply using the right tarball is
sufficient.
Thanks to Sumit Garg for noticing my mistake.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The 11.2 release of the Arm GCC uses Broadwell-onwards instructions, but
our CI (and many other users) have pre-Broadwell hardware.
Until 11.3 is released which fixes this, go back to using 10.3 for our CI.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
We need to support multiple versions of external-arm-toolchain, partly as
different versions have different layouts on disk, and partly because
11.2 doesn't work on pre-Broadwell hardware.
Rename this recipe so the version is in the filename, and dynamically
set PKGV instead of PV so PREFERRED_VERSION is easier to use.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The boot crash that appears to be triggered by the ZONE_DMA patches has
been root-caused, so work around the problem whilst upstream figure out
the best way to fix.
Also, upgrade qemuarm64-secureboot to 5.15 instead of pinning back to
5.10.
Signed-off-by: Ross Burton <ross.burton@arm.com>
FFA secure partitions aren't supported on 32-bit Arm currently
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Corstone-1000 and TotalCompute uses 3.14, so remove the 3.16 bbappend.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The 3.14 bbappend sets DEPENDS which are redundant as they're already
set in the base recipe.
Remove the unused 3.16 bbappend.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The corstone1000 build of optee-os has a bbappend which uses a specific
non-upstream branch of optee-os which is actually based on 3.10, so set
PV appropriately in the recipe and update the PREFERRED_VERSION in
corstone1000.inc.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
TFTF is TF-A tests that runs at NS-EL2. This is primarily developed to
test the TF-A interfaces exposed to NS code.
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This option is used to find the right path and file name of the C
runtime e.g. libgcc or compiler-rt, when using clang it needs to know if
compiler is using hard-float or not, since the compiler-rt file names
are different for these two ABIs libclang_rt.builtins-arm.a or libclang_rt.builtins-armhf.a
The option is computed in HOST_CC_ARCH for OE, this fixes build with
clang+llvm-runtime
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add a new 32 bit target as "qemuarm-secureboot" on similar lines as
"qemuarm64-secureboot". The boot flow looks like:
BL1 (TF-A) -> BL2 (TF-A) -> OP-TEE -> u-boot -> Linux
Along with this enable support for OP-TEE based firmware TPM.
Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
We don't want world builds failing as they try to build these for machines
other than Corstone 1000.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Use PRIVATE_LIBS to ensure that the Arm binary toolchains don't provide
their own libraries to the entire system.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
* Removed 0001-tc0-fix-sensor-data-api-call.patch as it has now been upstreamed.
* updated 0003-tc0-rename-platform-variant-to-platform-feature-set.patch to fix merge error.
Signed-off-by: Rupinderjit Singh <rupinderjit.singh@arm.com>
Change-Id: I71eafbea9e1f0b9f01a504fe0c8b81e43c24d613
Signed-off-by: Jon Mason <jon.mason@arm.com>
Backport of trusty driver. This adds Trusty driver from
android-trusty-5.10
Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
Change-Id: I5477ecfc1b67fc3786dbd062711d8cc8d4963744
Signed-off-by: Jon Mason <jon.mason@arm.com>
This updates the existing FFA driver to the latest upstream version.
Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
Change-Id: Idabf2d97cd497edc6c41e7132e1e82be8e717c59
Signed-off-by: Jon Mason <jon.mason@arm.com>
This patch updates the SHA and include patches that enables Trusty
to run as SP on SEL2 SPMC.
Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
Change-Id: I5586bb3aa592658be9421a4de23f44a69bfb0b2e
Signed-off-by: Jon Mason <jon.mason@arm.com>
- Upgrade U-boot to 2022.01
- Remove 8GB DRAM increase patch that is merged
- Add patch that update secure DRAM size
Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
Change-Id: I32735cb5e8cba67ac1c6082aadf9a55f7bf51e8a
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add back v3.14 optee-examples, optee-test, and optee-os-tadevkit for
TC platform compatibility. These files were removed as part of v3.16
upgrade.
Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
Change-Id: Ia12774125909e7f8bfc20a9797c25b04dd850ae7
Signed-off-by: Jon Mason <jon.mason@arm.com>
Move the TFM_PLATFORM assignment to the bbappend.
Drop the SRCREV changes, these are all incorporated into the 1.6.0
release.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Upgrade all SRCREVs, and drop the merged patch to use cbor2.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
commit ab339b24d4 removed the reference to
these patches but did not remove them. Removing now to clean-up the
tree.
Signed-off-by: Jon Mason <jon.mason@arm.com>
commit 24db3b56ba removed references to
the patches, but did not remove the patches.
Suggested-by: Denys Dmytriyenko <denis@denix.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Arm GCC 11.2 binary release has completely changed the way how libc was
packaged in earlier binary releases. So adjust do_install() accordingly
to support Arm GCC 11.2 as well as earlier binary releases.
Along with this update CI as well to point at Arm GCC 11.2 binary
releases.
Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Reviewed-by: Denys Dmytriyenko <denis@denix.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Arm GCC 11.2 binary release has moved away from keeping libc library
versioning info as libc-{EAT_VER_LIBC}.so. So rather switch to
retrieving libc version by parsing output from "$ ldd --version".
Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Reviewed-by: Denys Dmytriyenko <denis@denix.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Until we have released and branched meta-arm we're tracking kirkstone, not
master. oe-core has branched and master is changing fast, so switch
the default branch now.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
ffa-debugfs-mod provides arm_ffa_user.h needed by psa-arch-tests source-code.
This commit sets the sysroot tasks dependencies.
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
We already install ssh-server-openssh with the default Kas config for
the fvp-baser-aemv8r64, so install ssh-pregen-hostkeys too to improve
boot time.
Issue-Id: SCM-4304
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: I08962585efb88ea56d8ff7b5a34c4a1beda2e3e3
Signed-off-by: Jon Mason <jon.mason@arm.com>
This ensures that builds do not break with usrmerge distro feature
Fixes
ERROR: QA Issue: optee-ftpm: Files/directories were installed but not shipped in any package:
/lib
/lib/optee_armtz
/lib/optee_armtz/bc50d971-d4c9-42c4-82cb-343fb7f37896.ta
/lib/optee_armtz/bc50d971-d4c9-42c4-82cb-343fb7f37896.stripped.elf
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Enable the OF_LIBFDT_OVERLAY configuration flag so that U-Boot can apply
fdt overlays using the "fdt apply" command.
This can be used to modify the device tree at runtime to boot a
different payload without changing the firmware.
Issue-Id: SCM-4386
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: I6e32c5ce833ca7c61f0f73fc256031564e55f1b8
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add additional fvp-baser-aemv8r64-specific patch for U-Boot, which fixes
an issue where U-Boot was ignoring the `memory` node in the device tree.
Issue-Id: SCM-4386
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: I1382992fffa159c4bd6325db4f1b26c6478cf391
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add additional fvp-baser-aemv8r64-specific patches for
boot-wrapper-aarch64. These patches add a "function call" entry point
for the PSCI services, so that payloads starting at S-EL2 (e.g. Xen) can
boot the secondary cores.
Issue-ID: SCM-4386
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: I961c78352987f711664e06ab39b00f6eb97a81de
Signed-off-by: Jon Mason <jon.mason@arm.com>
The final firmware design for the fvp-baser-aemv8r64 is pending further
discussion, so the current implementation contains several "temporary"
patches which are likely to be removed or replaced in the future. These
are already marked as "Inappropriate" to upstream, but amend the reason
to "Implementation pending further discussion" to avoid confusion.
Issue-Id: SCM-4304
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: I7dc6eae73fbb18f4b7b63540fb45b6a62d455093
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add test configuration to machine config. Add testimage to Kas file, so
that testimage works out of the box.
Issue-Id: SCM-4304
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: I27dc9760a2c58f43ea557efdc97d363b0d3c1447
Signed-off-by: Jon Mason <jon.mason@arm.com>
The FVP_Base_AEMv8R tarball is now available to download directly from
developer.arm.com without logging in. Therefore, remove the
FVP_BASE_R_AEM_TARBALL_URI env var (and references in the documentation)
and update the SRC_URI in the recipe.
Move fvpboot and userNetPorts to the machine conf, now that the
FVP configuration is no longer dependent on an external tarball.
Clarify the currently supported FVP version in the documentation.
Put the current PV in the recipe filename.
Issue-Id: SCM-4304
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: I776277c690bf4466445ca2df17eedb202f172f58
Signed-off-by: Jon Mason <jon.mason@arm.com>
To prevent a collision with u-boot, add the same PROVIDES from it. The
PROVIDES name need improvement, but this will work in the interim.
This causes a need for making TF-A more flexible. Add the ability to
reference the UEFI binary for the BL33 portion of the TF-A build
command. SGI575 is already doing this. So, it is really just making it
more generic for others to use.
Signed-off-by: Jon Mason <jon.mason@arm.com>
To setup juno to use either u-boot or edk2 in CI, abstract out the
relevant parts and setup the parts to allow for it to be done
dynamically.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Setting LIC_FILES_CHKSUM with some anonymous Python to dynamically fetch
the right checksum is pointless when the right values are assigned with
overrides in the first place.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The recipe right now is using https://github.com/microsoft/MSRSec.
However this is the initial reference implementation from Microsoft and
things have been moved into https://github.com/microsoft/ms-tpm-20-ref/
(in the directory Samples). Switch to new and currently maintained branch
Testing against real hardware (the SynQuacer DeveloperBox and a rockpi4)
didn't sound any alarms
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Bump version of u-boot from 2021.10 to 2022.01, as at it, take
the chance to squash some patches and reduce the number of
them.
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Not that we're not forcing TAP networking the SSH connections work, so
we can run the full test suite.
We have to skip parselogs currently as there is an error:
software IO TLB: Cannot allocate buffer
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
There's no need to set append in the extlinux.conf, as the kernel will
pull the settings passed from runqemu via the DeviceTree.
By explicitly setting append here the kernel doesn't look in the DT, and
the extlinux.conf hardcoded a TAP network configuration which meant that
networking fails for runqemu using slirp.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The default root device is /dev/vda, because typically a bare filesystem
is mounted there.
However, qemuarm64-secureboot uses a disk image with partitions, so this
should be /dev/vda2. Currently this works because qemuarm64-secureboot
has an extlinux.conf which explicitly sets the root device, but we're
working at removing that.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Rename the fragment that installs a SSH daemon to 'sshd' instead of the
generic 'packages'.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
When using -machine=virt,secure=on KVM cannot be used and will cause an
error, so forcibly disable the use of KVM.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
As we're in a CI environment there's no need to generate unique SSH keys
on boot. Installing the pregenerated SSH keys means they don't need to
be generated, which saves a reasonable amount of boot time due to the
lack of entropy if virtio-rng isn't available.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add a new recipe for SCP Firmware 2.10.
As we're late in the release cycle, keep 2.9 in the tree so that BSPs
that can't be tested in time can stay with 2.9 for now.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
In preparation for SCP Firmware 2.10 being integrated, make this append
version-specific so that BSPs can select which SCP release they have
been tested with.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
A virtio-rng is available from FVP_BaseR_AEMv8R version 11.17, so add
to the device tree and enable the correpsonding FVP configuration flag.
This improves the boot time and removes the following warning in the
boot log:
random: udevd: uninitialized urandom read (16 bytes read)
Issue-Id: SCM-4304
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: Ic935d0b935e21965a489a55db09c4a5f9ac51366
Signed-off-by: Jon Mason <jon.mason@arm.com>
$datadir is for architecture-independent files, and a compiler is not
that.
Install to $libexecdir, and clean up the installation commands whilst
there.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Reviewed-by: Sumit Garg <sumit.garg@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update corstone500 documentation to reflect the new build
infrastructure (kas) and the in tree run of the fvp using the
runfvp command.
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add kas and ci, including testimage support for corstone500
platform. And for all to work add also the FVP setup.
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add final wic image that is provider by corstone500-image
target. As at it, remove unnecessary specific filesystem
types.
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Now that we have the wic_nopt class in meta-arm we can add the
the wks file to create the final image for this platform.
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Machines which don't have working network stacks in a FVP can still run
a useful testimage, because it will validate that the machine will boot
to a login prompt on the console.
However, we can't set TEST_SUITES to "" because testimage assumes that
was a mistake, so add a no-op test case for use in these situations.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Currently this just executes the runfvp tests, but we can extend it over
time.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Split the base local.conf configuration into base (absolutely needed)
and setup (typical configuration). This is needed as oe-selftest needs a
minimal configuration to execute in, for example doesn't inherit
rm_work.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Until testimage tells the controller the basename of the image, make sure
to strip all suffixes from the image name to get the base name, not just
one. Machines such as corstone500 have images called .wic.nopt, so just
stripping one isn't sufficient.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Check for telnet on startup to avoid mysterious failures later when
telnet isn't available.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
runfvp could encounter an error but the exit code remained as 0.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
We were accidentally assigning instead of adding to INHERIT.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The 64-bit fvp-base machine uses the upstream fvp-base-recv devicetree,
but fvp-base-arm32 was accidentally using the old
fvp-base-gicv3-psci-custom that we patch into the kernel.
As the only difference between these platforms at a "hardware" level is
whether the cores boot in 32- or 64-bit mode, they should both use
fvp-base-revc.
This isn't trivial as devicetree files need to be under the correct
arch/ directory, so we need to symlink into arch/arm the right files
from arch/arm64.
This has several improvements, but primarily virtio networking works so
we can now use testimage with fvp-base-arm32.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
fvp-base pulls in features/net/net.scc, so fvp-base-arm32 should too.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add more helper variables for the FVP version to help construct URLs.
If PV is 1.2.3, then VERSION is 1.2 and BUILD is 3.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Use wildcards in the FVP_ARCH assignment, as older FVPs use _GCC-6.4
whilst newer FVPs use _GCC-9.3.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update the Arm GCC source to the latest version. Also, update the GCC
patches to apply cleanly, removing those that are no longer relevant.
Add the CVEs from Sumit Garg's series.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Create a job artifact containing all of the task logs if the job fails.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Explicitly enable use of CRC instructions: we configure fvp-base to have
armv8.4 cores, but the default uboot config disables crc (see uboot 51d8367d8).
Keep fvp-base-arm32 on 2021.10 as the arm32-specific patches need
rebasing, and a trivial rebase doesn't boot successfully.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The bulk of the FVP_* variables are common, so move them into
fvp-common.inc.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
If the FVP fails to boot, the last 20 lines may just be a stack trace.
Show the last 200 lines for further context.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Set PV to 2.9.0+git instead of 2.9+git so the version comparisons are
reliable.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This commit remove meta-arm-image from the yml file and adds
necessary image configuration to meta-arm-bsp/recipes-bsp/images.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
- Removes upstreamed patches for optee-examples
- Fixes optee-examples installation
- Includes new python3-cryptography dependency
- Removes older cryptography backend dependencies
- Fixes python3-cryptography to work with openssl
- Keeps optee-client and optee-os v3.1.4 for corstone1000 compatibility
Tested on qemuarm64-secureboot via optee-examples and xtest -l 15
Signed-off-by: Alejandro Enedino Hernandez Samaniego <alhe@linux.microsoft.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The use of pyasn1 was replaced with python3-cryptography in mcuboot
ebd050. This is part of mcuboot 1.3.1 onwards, and TF-M 1.5.0 uses
mcuboot 1.8.0.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Corstone500 and Corstone1000 use wic_nopt.bbclass. This commit creates
this class for Corstone500 and Corstone1000 in meta-arm classes to remove
the need for meta-arm-image repo.
Signed-off-by: Emekcan Aras emekcan.aras@arm.com
Signed-off-by: Jon Mason <jon.mason@arm.com>
To make it easier for users to test and evaluate the FVP, including
testing inbound network connections, enable the openssh SSH server by
default and map to port 8022 on the host.
Update fvp-baser-aemv8r64 documentation accordingly in new "Networking"
section.
Issue-Id: SCM-3881
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: I88329731418e198e2ef5d3449bfb38fde5ae77bb
Signed-off-by: Jon Mason <jon.mason@arm.com>
This commit includes :
- Rebased and fixed N1SDP kernel 5.4 PCIe quirk patches to apply on 5.15
- Removed 5.10 kernel recipe for N1SDP
- Dropped RT kernel support, as it is no longer supported on N1SDP
Signed-off-by: Xueliang Zhong <xueliang.zhong@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
* Include `--upgrade` in pip3 command to ensure latest kas version is
installed
* Ensure all underscores are either quoted or escaped
* Fix P9 example command
Issue-Id: SCM-3881
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: Ie460dbd6b1f87f5f9ca2966329341d22da3606d3
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update linux yocto version in configure file for the
corstone500 platform from 5.4 to 5.15
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update patches and recipes to bump u-boot version used in
corstone500 from 2020.07 to 2022.01.
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update the sha for meta-arm-image in the corstone1000 kas file to
add support for kirkstone. Without this support corstone1000 does
not build.
Signed-off-by: Harry Moulton <harry.moulton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update the URL and checksums for the new Corstone1000 FVP version 11.17.23.
Signed-off-by: Harry Moulton <harry.moulton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
poky master has changed a variable name to BB_ENV_PASSTHROUGH_ADDITIONS.
Support for this has been added in Kas 3.0
Issue-Id: SCM-3881
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: Ib42f79d144422272b2dd17fe0515da96909219eb
Signed-off-by: Jon Mason <jon.mason@arm.com>
This patch is now merged upstream in 7285daac, 5.15.25 onwards.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Also update version and download link in meta-arm-bsp fvp-baser-aemv8r64
documentation
Issue-Id: SCM-3871
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: I92ec616d25703ff74ed063918a1e4811bac9ff3f
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add more details about the cache_state_modelled limitation, which can
be worked around by setting cci400.force_on_from_start=1
Issue-Id: SCM-3871
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: Idde23278a87316dae842c6c3793b9836482e8c3a
Signed-off-by: Jon Mason <jon.mason@arm.com>
We were pinning generic-arm64 to 5.10 because 5.14 was hanging during
boot in qemu, but this appears to have been fixed in 5.15.
Unpin the kernel to use 5.15, and drop the defconfig patch which has
been upstreamed.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
If any of the path computation goes wrong (for example, the compiler
changed so FVP_ARCH needs updating) for the real FVP binaries then
bindir contains broken link called FVP_*.
Solve this by checking that the directory contains FVP binaries and
error out if not.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This commit updates Tfa SHA to remove the patches from the
recipe since all of them are upstreamed now.
Signed-off-by: Emekcan Aras emekcan.aras@arm.com
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update linux-yocto to the latest version for cs1k.
There is a bug in the kernel version 5.15. Following
patch is applied to fix this issue and will be
upstreamed soon (https://lkml.org/lkml/2022/2/18/475).
Signed-off-by: Emekcan Aras emekcan.aras@arm.com
Signed-off-by: Jon Mason <jon.mason@arm.com>
This is a prebuilt stuff, better to ignore its guts.
Fixes
androidclang: /usr/share/clang-r416183b/python3/lib/python3.9/lib-dynload/_posixsubprocess.cpython-39-x86_64-linux-gnu.so contains probably-redundant RPATH /../lib [useless-rpaths]
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
python3-wheel is now in oe-core, so we need to use the meta-oe without
python3-wheel.
This reverts commit 5e59ebf2d3.
Signed-off-by: Ross Burton <ross.burton@arm.com>
* Add clarification on how to mount p9 device
* Remove instruction to use ctrl + c to stop FVP
* Add cache_state_modelled to Known Issues
Issue-Id: SCM-3871
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: I122c5ae5b3ceee1d106205d93a006f75bdbfa2bf
Signed-off-by: Jon Mason <jon.mason@arm.com>
This commits updates the SHA of SCP-firmware and include required
patches to build SCP firmware with experimental features
MPMM/POWER/PERFORMANCE for TC0 platform.
Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
Change-Id: I263b484a467636154b70805f920bb53c6fe2026c
Signed-off-by: Jon Mason <jon.mason@arm.com>
Run check-layer and coverage jobs after the building tasks, as we want
to start compiling sooner and not wait for check-layer to finish before
compiling.
Signed-off-by: Ross Burton <ross.burton@arm.com>
As BitBake has renamed BB_ENV_EXTRAWHITE to BB_ENV_PASSTHROUGH_ADDITIONS
the SSTATE_DIR and DL_DIR variables don't get passed from the
environment to bitake anymore.
This is fixed in Kas's git repo, so use :latest until a release is made.
Signed-off-by: Ross Burton <ross.burton@arm.com>
We only build with our binary GCC right now, so disable clang from
trying to get involved. This solves the missing strip problem where
do_populate_sysroot wants to use llvm-strip but it hasn't been added
to the sysroot.
Signed-off-by: Ross Burton <ross.burton@arm.com>
The latest Clang produced unaligned access warnings, which EDK2 promotes
to errors with -Werror.
edk2/MdeModulePkg/Include/Guid/ExtendedFirmwarePerformance.h:78:47:
error: field Guid within 'FPDT_GUID_EVENT_RECORD' is less aligned than 'EFI_GUID'
and is usually due to 'FPDT_GUID_EVENT_RECORD' being packed, which can lead to
unaligned accesses [-Werror,-Wunaligned-access]
This has been reported upstream so for now ignore this warning.
Signed-off-by: Ross Burton <ross.burton@arm.com>
We currently disable release builds with Clang, but it appears the
underlying issue has been fixed upstream so make a note that we should
be able to turn release builds back on with EDK2 202202.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Commit 53a40b1 updates the license names to use the SPDX terms, but as
intermediate variables are used in this recipe a few instances were
missed.
Signed-off-by: Ross Burton <ross.burton@arm.com>
* openembedded-core/scripts/contrib/convert-spdx-licenses.py .
...
All files processed with version 0.01
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
This commit moves all the trusted-services patches to a new
corstone1000 directory.
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This commit updates the meta-arm-image SHA to drop psa-arch-test
from the build.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This change is to build and install psa-arch-tests using
trusted-services code and drop psa-arch-tests recipe.
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This change is to update TF-M git SHA to fix
psa-arch-tests test case failures.
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This commit replaces mbedcrpyto with mbedtls on the trusted-service
recipe.
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Document U-Boot addition, add new architecture section and update the
change log.
Issue-Id: SCM-3871
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: Ie0e1ff35ade634f2b523c14bb058c9d775802632
Signed-off-by: Jon Mason <jon.mason@arm.com>
Enable the bp.refcounter.use_real_time option, so that the CNTPCT_EL0
increments in real-time instead of simulator time.
Issue-Id: SCM-3871
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: I197d6de4a7316e5299aee34e64e149cbd3d515a9
Signed-off-by: Jon Mason <jon.mason@arm.com>
The FVP default configuration has bp.dram_size=4, which is sufficient
for development and testing purposes, so remove the FVP_CONFIG
override and set to 4 Gb in the device tree.
Issue-Id: SCM-3871
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: I4a96062c9e94d36f5459f33c86aab4d4885bab43
Signed-off-by: Jon Mason <jon.mason@arm.com>
This patch introduces U-Boot into the fvp-baser-aemv8r64 boot flow,
providing EFI services.
The fvp-baser-aemv8r64 does not have an EL3, so the system starts at
S-EL2. For now, U-Boot is running at S-EL2, alongside boot-wrapper.
Enable the --enable-keep-el option in boot-wrapper-aarch64 so that it
boots the next stage (U-Boot) at S-EL2. Additionally, tell
boot-wrapper-aarch64 to bundle U-Boot instead of the kernel.
Linux only supports booting from S-EL1 on the fvp-baser-aemv8r64, so
U-Boot is configured with CONFIG_SWITCH_TO_EL1, so that booti or bootefi
switch to S-EL1 before booting the EFI payload (unless an enviornment
variable - armv8_switch_to_el1 - is set to 'n').
Add patches to U-Boot, which:
* Add board support for the fvp-baser-aemv8r64 (with a memory map
which is inverted from the fvp-base).
* Enable the configuration of U-Boot using the device tree passed from
boot-wrapper-aarch64.
* Enable virtio-net.
* Disable setting the exception vectors at S-EL2 so that the PSCI
vectors pass through to Linux.
* Set up system registers at S-EL2 for Linux.
* Configure the S-EL2 MPU for the EFI services.
* Allows bootefi to switch to EL1 before booting Linux.
Issue-Id: SCM-3871
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: I229d14b0717df412c1fe33772230ca779f79b32d
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update the machine-specific patches, which makes the following changes:
* Add PSCI services to /memreserve/ in the device tree using libfdt.
* Add --enable-keep-el option, which allows boot-wrapper-aarch64 to
boot the next stage at the same exception level.
* Update the counter frequency to 100 MHz.
Issue-Id: SCM-3871
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: I41843e958cf629d69de644bb57b660fb542fc8b7
Signed-off-by: Jon Mason <jon.mason@arm.com>
Upgrade boot-wrapper-aarch64 to 1044c77062573985f7c994c3b6cef5695f57e955
Hold back gem5 at 8d5a765251d9113c3c0f9fa14de42a9e7486fe8a in bbappend.
Issue-Id: SCM-3871
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: Ia5ccca2234dd117d530970f9f90469dacbb778e3
Signed-off-by: Jon Mason <jon.mason@arm.com>
The contents of GEM5_RUN_CMDLINE is passed via --command-line, so there
is no need to include --command-line in it.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Set a default target in meta-zephyr.yml to avoid duplication now that
most configurations build zephyr-kernel-test-all.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
corstone500 was the only user of this and now uses 5.4, so this can be
removed.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Upgrade from 5.3.18 to to 5.4, a maintained stable release.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
trusted-services and psa-arch-tests both use FetchContent to download
more source during configure, and they can't easily be seeded with the
correct sources in advance (unlike TF-M).
Until this is fixed upstream, allow network use during do_configure.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
TF-M for corstone1000 uses libmetal and open-amp, downloaded during
configure by FetchContent. This is bad form, so add these sources and
license statements to the recipe so the fetch doesn't need to happen.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
TF-M uses FetchContent to download further sources at configure time, but
this is bad form as the sources and licenses are not tracked or archived.
This should now be blocked by the network isolation but as this doesn't
work in some environments (such as Docker containers) we can tell cmake
to never fetch to be sure that all of the sources used are declared in
SRC_URI.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Consolidate the CS1K kas files into a common file, and respect the
platform policy by setting the DISTRO to poky-tiny. Also add the
CS1K-specific recipes psa-arch-tests and ffa-debugfs-mod to the build.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Instead of adding perf to the target: list, add it to
CORE_IMAGE_EXTRA_INSTALL. This means that machine configurations which
need to change the target don't need to also build perf explicitly.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
It was used by SGI575, but it is now tracking the latest
release in oe-core.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This recipe simply repacks existing artefacts, so there's no need to
depend on the toolchain.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The default kernel is now 5.15, so remove the preferred version
assignment.
The mailbox patches went upstream in a different form, so we can drop
the patches and drop in a customised Devicetree file required to use the
new drivers.
In the future we can possibly drop the devicetree patch if it is provided
by firmware, but for now this is known to work.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Instead of pinning the kernel to 5.7, use the latest default version.
There are no patches, so this shouldn't be a problem.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
KMACHINE defaults to MACHINE, so remove the redundant assignments.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The CS1K kernel used overrides to empty the kernel-image package, so
the initramfs didn't contain a kernel image.
The initramfs contained a kernel via a bad dependency in ffa-debugfs-mod,
but now that has been worked around we can remove the CS1K workaround.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
CS1K wants to put the ffa-debugfs kernel module into the initramfs, but
this pulls in the kernel image too because kernel modules depend on the
kernel image (via kernel-module-split.bbclass). Arguably this should be
controllable somehow, as it's not mandatory to have an image on the same
file system as the modules: initramfs or separate /boot partitions being
notable cases.
Until this is resolved upstream[1] we can work around it by removing the
RDEPENDS on the kernel from the kernel module. As the package is
generated during do_package this can't be a simple RDEPENDS:remove, but
has to be another package split function which runs after the module
splitting function.
[1] https://lore.kernel.org/openembedded-core/20220209173036.3823144-1-ross.burton@arm.com/T/#t
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
There's no need for ffa-debugfs-mod to RPROVIDE
kernel-module-arm-ffa-user, as this is provided by a sub-package of this
recipe already.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Move TC to an intermediate SHA based on 2.6. This SHA includes
patches for:
* Support for 8GB DRAM
* Support for GPU
* Removal of kernel command-line (not needed, kept in U-Boot)
Also removed patch that fixes build problems as the problem has
been solved in the updated SHA.
Signed-off-by: Anders Dellien <anders.dellien@arm.com>
Change-Id: Ic8c4ef35e8e7ed25711ff0813abab6b6c8564ef3
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update the zephyr testcases to be the ones that build and pass tests
(where testing possible). Also, add comment to qemu-cortex-a53 about
not passing tests.
Signed-off-by: Jon Mason <jon.mason@arm.com>
When multiple threads are allowed xtest will fail and
leave the system in a bad state after repeated runs.
Signed-off-by: Ben Horgan <ben.horgan@arm.com>
Change-Id: I16f07df1a362540560975deaa5a291a68c332bfb
Signed-off-by: Jon Mason <jon.mason@arm.com>
Enable coresight components in the config and also port the patches
which were upstreamed in later version of the linux kernel.
Change-Id: I27983abd5f2945328f7465cc1b2af4f8e848b69b
Signed-off-by: Davidson K <davidson.kumaresan@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
If we don't specify a tag name GitLab uses the 'latest' tag, which for
Kas is moved whenever an image build is made.
Instead explicitly use the latest-release tag, which is only updated
when a release is made.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
imgtool from mcuboot uses python3-cryptography-native, and the latest
python3-cryptography explicitly loads the legacy provider, which is a
separate shared object in OpenSSL 3. The search path for providers is
hard-coded into the library so the wrong path is searched and the module
is not found.
Set OPENSSL_MODULES so the right path, so that the legacy module is
found. In the future we may be able to be removed this if the explict
use of legacy algorithms is removed
(https://github.com/pyca/cryptography/issues/6809).
This also means we can remove the downgrades of python3-crytography that
were being carried in meta-arm.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Enable memory-resident bitbake by setting the server timeout to 60s.
For most builds this doesn't have an impact as bitbake is ran once, but
this reduces the time for the pending-upgrades report from 10 minutes to
3 minutes, as it doesn't need to constantly restart bitbake.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add links from the patch names to the patches in cgit for ease of
inspection.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
As this can get called lots but the data doesn't change, cache
the responses. Also return a pathlib.Path, as this is 2022.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Instead of simply adding a tag saying "Patched", include the patch count
and make a judgement call on whether the patches are "safe" or not. For
example, patches which are entirely backports or inappropriate are
"safe", pending and denied patches are not.
Signed-off-by: Ross Burton <ross.burton@arm.com>
yocto-check-layers is very greedy when searching for layers, and will
find the test layers in Bitbake if given the chance, for example:
bitbake/lib/layerindexlib/tests/testdata/layer4
This layer has the collection name openembedded-layer and is only
compatible with Sumo. The selection of layer from collection name is
not deterministic, so it's possible that this layer is selected which
then fails the check as it isn't compatible.
Solve this by restricting the dependency layers in meta-arm to just
meta-arm/meta-*, so it doesn't recurse into meta-arm/work/poky/bitbake.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
As of meta-zephyr dde88ba the layer is structured different, split into
meta-zephyr-core and meta-zephyr-bsp.
As we define our own machines for use with Zephyr, we can just use
meta-zephyr-core.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Don't use SRCREV in the PV, but use SRCPV as this truncates the SHA.
Also bump to 1.2+git, as the psa-arch-tests project does tag releases.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
corstone1000 currently has a git snapshot of optee-os, so that the
version number is managable use SRCPV instead of SRCREV.
Also fix whitespace in SRC_URI.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
corstone1000 currently has a git snapshot of TF-M, so that the version
number is managable use SRCPV instead of SRCREV.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
It's not recommended to use ${S} in SRC_URI as S contains references
to the version which results in a circular list of variable lookups.
destsuffix is relative to WORKDIR and defaults to git/, so use relative
paths with the same result.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Corstone 700 is end-of-life, so remove it from meta-arm master.
It will remain in the stable branches for existing users, but new users
are encouraged to use Corstone 1000 instead.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Since 10e60cc the terminal_map doesn't exist, this piece of code wasn't
updated.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
If wait_for_login() times out then it raises an exception instead of
passing back return values, so the bootlog is never assigned.
We always want a boot log, so initialise it outside of wait_for_login and
pass it in.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Instead of patching a file we patched, integrate the changes directly
into the first patch.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The check-layers task takes longer than any of the individual tests
running. Split this up to take advantage of parallelism and speed up
the overall runs.
Signed-off-by: Jon Mason <jon.mason@arm.com>
As the latest python3-crytography breaks TF-M builds, downgrade those
machines using TF-M (musca and corstone) to python3-crytography-native
3.3.2 temporarily.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
meta-python has upgraded to python3-cryptography 36, which has a problem
when used in native recipes:
cryptography.exceptions.InternalError: Unknown OpenSSL error
This causes all builds of TF-M to fail.
Until this error is fixed, add the old version of python3-cryptography.
A BBMASK is set so that it has to be explicitly opted-in, as it DEPENDS
on recipes from meta-python which isn't a hard dependency for meta-arm.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Rename the updates.html format to just 'report'.
This report has the existing overview as the index.html, and then
per-machine files are written with the patch breakdown.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
As well as storing the truncated PV, also store the original PV and
whether the recipe needs updating, to avoid the templates needing to
do that logic.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
To prepare for future expansion, refactor the output code to be delegated
to Format subclasses.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Instead of just putting whether there are patches or not into the
context, store the list of patches, the layer they came from, and the
upstream status.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Refactor the script somewhat, and detect whether the starting directory
is a single layer, or a collection of layers.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Recently the way of handling Secure Partitions UUID changed in TF-A
and that needs corresponding changes in required components. Hence
changing them for optee and linux kernel.
Signed-off-by: Davidson K <davidson.kumaresan@arm.com>
master branch is renamed to main on psa-arch-tests github
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Change-Id: I6bd49c68aa1a2358c976a3eb0adc5b2a9c5edb94
Poky, etc master branches updated the u-boot recipes to use 2022.01,
causing bbappends for 2021.10 to no longer function. Create a temporary
recipe for 2021.10 until all the BSPs can update to support the latest
version.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Move to newer tag of ACK as well as update to the latest gki_defconfig
using fragments to support TC.
Signed-off-by: Anders Dellien <anders.dellien@arm.com>
Change-Id: I71fe31730ce063e9604b8adc879e0a626b3320e7
This commit introduces a configuration variable, LINUX_ACK_TOOLCHAIN_CLANG,
that (if set) switches the kernel build to use the Android Clang compiler
Change-Id: Iab362916159bf6e8096061f1b7281a7513001d61
This Clang version is present in Android master
(as of October 8, 2021)
Signed-off-by: Usama Arif <usama.arif@arm.com>
Signed-off-by: Anders Dellien <anders.dellien@arm.com>
Change-Id: I957742ee943ef68119fd7c7e2bd8ee62b717b31c
This change is to upgrade TF-M to latest git hash which contains
fix for capsule instability issue for corstone1000 platform.
Latest TF-M would also require v3.1 mbedtls. Also updated git hash
for mbedtls repo.
By having the generic-arm64 machine using the same kernel config as the
linux-yocto standard kernel type, application layers can rely on the same base
configuration, independently of the target machine.
Also, the kernel-yocto.bbclass searches for .scc files in the FILESEXTRAPATHS.
Hence, we don't need to list generic-arm64-standard.scc in the SRC_URI.
Issue-Id: SCM-3910
Signed-off-by: Diego Sueiro <diego.sueiro@arm.com>
Change-Id: I46889ce38b32521d8350534cc590b57b158ad573
Signed-off-by: Jon Mason <jon.mason@arm.com>
Change ftpm to install embeddable (stripped) version to sysroot. When
building optee-os pick up from sysroot instead of DEPLOY_DIR_IMAGE.
This fixes a build race condition where DEPENDS was only waiting for
optee-ftpm:do_populate_sysroot instead of do_deploy.
Signed-off-by: Ryan Fairfax <rfairfax@microsoft.com>
distutil warnings are causing CI to fail. This is caused by changes
outside of meta-arm, and are not relevant for anything present in
meta-arm. Temporarily ignore these until they can be handled upstream.
Signed-off-by: Jon Mason <jon.mason@arm.com>
The Linux kernel expects the peripheral ID register to be just below the
end of the address range, which for the PL011 and SP805 is at 0xFE0 not
0xFFE0, so set the size to 0x1000.
Issue-Id: SCM-3881
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: Iada28e8192d72b1647822c33d13deffe507043b5
So that all possible combinations are built, add edk2-firmware to the
default image dependencies too.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This doesn't build successfully with Clang, so for now the build forces
the use of GCC.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Explicitly set the level of parallelisation instead of letting build.sh
determine it.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The optee-os recipe was recently split into optee-os and
optee-os-tadevkit.
Signed-off-by: Ben Horgan <ben.horgan@arm.com>
Change-Id: Id9794b7c4a7e2f3fac4286498fa44c35fd8aaa0b
Signed-off-by: Jon Mason <jon.mason@arm.com>
The Armcompiler-* licenses are specific to a single release of the
Arm Compiler, so remove them from the layer and use NO_GENERIC_LICENSE
to extract them from the source directly.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
On corstone1000 platform, Secure Enclave will be expecting
an event from uboot when it performs capsule update. Previously,
an event is sent at exitbootservice level. This will create a problem
when user wants to interrupt at UEFI shell, hence, it is required
to send an uboot efi initialized event at efi sub-system initialization
stage.
Change-Id: I7d16e184675d537d790365e1b03a414ac802694a
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Upgrade TC's TF-A from a post-2.5 snapshot to the 2.6 release.
This means increasing the maximum size of BL31.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The TC appends include a long sgdisk invocation which can be made a lot
clearer by using the full option names (e.g. --change-name) instead of
short (e.g. -c).
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
UEFI spec says that if 0 is passed in the attributes filed in
setVariable() API, it means that it's a delete variable call.
Currently smm gateway doesn't handle this case. This change
is to add above mentioned check.
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Change-Id: Id3a54601d403102da5c5617d7b4da8ec51029200
Signed-off-by: Jon Mason <jon.mason@arm.com>
When a getVariable() call is made with data size set to 0,
mm_communicate should return EFI_BUFFER_TOO_SMALL. This is
an expected behavior. There should not be any failure logs
in this case. So the error log is commented here.
Change-Id: Id5b36928b1450ef9f83d34a3ab7feb4839ff9734
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This patch is cherry-picked from upstream to fix misalignment
of efi load image
Change-Id: If64e635a80cd0b6ecb8f09c62aa2b248d0e36f4e
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Embed an improved patchreview tool which can generate metrics.txt files,
and run that as part of the CI. This means that every merge request
will include a section if the metrics change, so it is easy to spot if
patches with bad headers are added.
The changes to patchreview will merge into oe-core soon, so when that
happens we can drop the copy.
Signed-off-by: Ross Burton <ross.burton@arm.com>
These changes are to add
* ethernet device SMC911x device and this is required to support
bootfromnetwork SCT
* also enabled other config options to fix SCT issues
Change-Id: Ic6112c019cb08f77e29508ad47980f851f79088c
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
This patch fixes the SCT errors seen for setVariable() and
getNextVariableName() functions. The existing implementation of these
functions does not cover certain error conditions which are listed in
the uefi specification. This patch adds these changes.
Change-Id: Idcddc799588339de6729b73c0ceada5c2018dd4b
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
This patch fixes the os_indications setVariable() failure. The variable
index UID in SMM gateway which was 1 is changed in this patch. TFM has a
special usage for variable with UID 1, which makes it write once only.
This is not required for SMM variable index.
Change-Id: I50d60b87d3ef44ffd50e71ec4f20d31fdacf7acd
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
Rewrite the terminal code to have a priority list of terminals when
selecting a default, allow the user to pick a default with a
configuration file, and add gnome-terminal to the list.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Only pass a console_cb if we're hooking up a console, so that the output
from the FVP is visible on the terminal.
Signed-off-by: Ross Burton <ross.burton@arm.com>
These changes are to support populating corstone1000 image_info
to ESRT table
Change-Id: I6e5cdd8a3477fbf3c480bf7a725198841ed79796
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
This patch removes the CONFIG_CMD_DHCP and CONFIG_CMD_PING
config parameters from the defconfig. It also reverts the workaround
patch which disabled NV get and set on u-boot.
Change-Id: I80f41235dbca2e76003c28164b42f4403dadc499
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
This patch will add a macro to configure the volatile and
non volatile storage in SMM gateway. Few useful logs are
also added to the secure world.
Change-Id: Ifdb405a09a9a72718df8b335b9f42509dd8c850c
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
Setting the model script SHA to use the right FVP
options.
Change-Id: I7f92fb97466bf4f5f48b8d184a396bf87bdeb401
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Zephyr supports musca-s1 boards. Add support in the machine config file
and the relevant CI entries to build it.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Ninja is a better Make. Add progress feedback and parallelisation
options, reducing the time to build TF-M on my machine from 100s to 6s.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update tfm-tests and mcuboot SHAs. mbedtls is still recommended to be
at 3.0.0, newer releases do not build.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This patch should have been removed as part of the 1.2.0 upgrade.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This change is to update TF-M SHA which has fixes for capsule update.
Change-Id: I016381c2a95fcdd9629772671143a1e7332196e5
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This patch will fix the ffa mm communicate function behavior as
expected by efi_get_var() and also fix the com buffer size used by
u-boot.
Change-Id: I8ce28a2e51b8f52856d81ea6e3c1e2e72cfaa362
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The efi_get_var() expects EFI_BUFFER_TOO_SMALL return value
from efi_get_variable_int() to just read the size of the data.
So when comm buffer is smaller than received buffer,
efi_get_variable_int is expected to return error code. This
functionality will be fixed in future patches.
Change-Id: I3e5119b1fdf18c965cc2ebc11056b6ca70d57e0f
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This change is to add capsule update interface to SE proxy SP.
This interface sends following events to secure enclave
* firmware update request - SE will read the capsule and will flash the
image to flash to previous active bank
* kernel boot event - SE will delete timer on reciption of this event and
marks all the images as accepted if in trial state
Change-Id: I7cf9b729128d1e07e891253661fcd891191e8024
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The maximum number of UEFI variables that can be supported by SMM
gateway is currently 40. When more than 40 variables are written,
or read SMM gateway returns error code. Currently this value is
increased to 100 to support more UEFI variables.
Change-Id: I3ebef8052fd01c5b1c19cdfe71ab3c02447a005b
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This commit configures crypto and attestation tests for Corstone1000
platform.
It also fixes CMake issues on the current trusted-service CMake source
files to enable this configuration.
Change-Id: I334d661c1bc349e03f92611d6010360c08e6cc89
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Setting the last master branch SHA for openamp changes.
Change-Id: I58bc0a1adb7754af901fc1734ffeb92aad191fe5
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add psa ipc crypto backend and attach it to se proxy
deployment.
Change-Id: I072cd3f0661be33773a2132c2222dc4c7b8c6cb4
Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Implement attestation client API as psa ipc and include it to
se proxy deployment.
Change-Id: I0a1130d2013717c6499da5bb2cd6cd11a752bcce
Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Since secure enclave is 32bit and we 64bit there is an issue
in the protocol communication design that force us to handle
on our side the manipulation of address and pointers to make
this work.
Change-Id: Icb29fdec6928dba6da7e845b3a13d8a3560c5fe1
Signed-off-by: Rui Miguel Silva <rui.silva@arm.com>
Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Fixes needed to run psa-arch-test
Change-Id: Iba090e151298a216f8f1bf81a72bba4587bec389
Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
add the do_write_fvpboot_conf function into IMAGE_POSTPROCESS_COMMAND
so that this function can be called after the build system created the
final image output files.
It's possible that bitbake doesn't run start from the do_rootfs task but
run start from do_image_<type> at the stage of image generation.
For example, there are multiple partitions in the wic file and the
grub.cfg file is placed to the first partition and the rootfs is placed
to the second partition. At this time, if we change the content of
the grub.cfg file resided in the related recipe's directory and build,
the do_rootfs task won't be run by bitbake but a new wic file will be
generated. In this situation, the fvpconf file also won't be updated and
the 'bp.virtioblockdevice.image_path' is still pointing to a old image
file.
Issue-Id: SCM-3724
Signed-off-by: Huifeng Zhang <Huifeng.Zhang@arm.com>
Change-Id: I7a41afa1d7471d09b60d118c4a6c99c57a6b548c
Signed-off-by: Jon Mason <jon.mason@arm.com>
Adding to SRCREV_FORMAT the names of the repos fetched.
Change-Id: Idf80065c39b2124bf384d0dbb4028138b27c1e10
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Aligning to the last meta-arm-image version to
add psa-arch-tests to the rootfs.
Change-Id: I40e945f814df4b6f7c30772d3dd6f91e6b6fcafc
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
This commit adds support for building/installing the test
application.
Also fixing CMake issues on the current trusted-service CMake source files.
Change-Id: Iae0fc9bf9362cf5b7d65cd7b9f0445f62f3b83eb
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
This commit adds a recipe for psa-arch-tests linux
userspace application.
Included tests are; crypto, protected_storage,
internal_trusted_storage and attestation.
Change-Id: I6285aa2a6ae8fdd25f4327f1d301c59a88bce775
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
EXTRA_OEMAKE is not needed since we are using CMake.
Change-Id: Ifc0dcc9313fe4e473cbba8eb3b716e11cf8e45ee
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Remove a backported patch which has been incorporated in this release.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
edk2-firmware is machine-specific, but this is a generic binary so we
can reset PACKAGE_ARCH to the tune.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The invalidate_dcache_all function has been implicitly declared.
This commit fixes that.
Change-Id: I83e985e219af8687c0679045f6a979c91923be69
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
When the GENMASK used is above 16-bits wide a u16 cast will cause
loss of data.
This commit fixes that.
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Change-Id: I72e5e42971a50ce167500a92cc529c5cb3ff781f
Signed-off-by: Jon Mason <jon.mason@arm.com>
This change is to delete a separate check for guid for corstone1000
target. Generic check of fmp guid check should suffice.
Change-Id: Idec92c9307f903e52985057404daac2e40d05295
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Changing where to pass the SE Proxy interface and event IDs.
Now they are passed to the SE Proxy in register w4.
The events involved are kernel started and buffer ready
events.
Change-Id: Ib60897e9f01cd87b9923892198f8868e02cc830d
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
No need to set again the same SHA as the one provided
by the recipe.
Change-Id: I034aca31c1cc30868552be67a04400db20ad59b2
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Moving common settings that can be used by other
components to a common file: secure-partitions.inc
Change-Id: I81691ee52bef3dfbd72c59afe20b01a5cf2222ea
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This patch fixes the GetVariable() issue which causes
mm_communicate failure when called with 0 data size. The comm buffer
is set to maximum size when 0 data size request is made to handle the
MM response from the secure world. This is a generic fix but used by
corstone1000.
Change-Id: Id50619816a924b4fa7597295f89d54827191fbb5
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
These changes are to fix missing error check during sp init
and add support for defining memory regions
Change-Id: I381ff9805288590809471494bdff5e7f62232f7c
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
These changes is to rebase patches to latest
SHA(a365a04f937b9b76ebb2e0eeade226f208cbc0d2) of integration branch.
Also cherry-picked other bug fixes with the exemption of adding
newlib changes. newlib changes brakes the build because of musl
libc, hence dropped those changes for now
Change-Id: If0131d00e63eb0f574fa41dd95cfee4351e696e8
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
When using devtool the S is no longer an unpack location.
Let's use the default unpack location WORKDIR that works
whether devtool is used or not.
Change-Id: I34dfb53feddddfba82ff68a43b6cfe89a60c7701
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Change the setting of PV from referancing SRCPV to using SRCREV.
Also drop the use of PREFERRED_VERSION. The existing TF-M recipe will
be selected automatically (1.4.1). Corstone1000 bbappend sets the SHA and
PV to 1.5
Change-Id: Id9332fd87e271608ba425e05e796f75fd1c0268d
Signed-off-by: Drew Reed <drew.reed@arm.com>
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Remove mock up backend for secure storage in se proxy
deployment and use instead the secure storage ipc backend with
openamp as rpc to secure enclave side.
Change-Id: I5225966ec621be9fa126b5af6ede0a1f6bbf469b
Signed-off-by: Rui Miguel Silva <rui.silva@arm.com>
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add secure storage ipc ff-m implementation which may use
openamp as rpc to communicate with other processor.
Change-Id: I6707f3b0654fb255cacef930d9314662b106273c
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add support for inter processor communication for PSA
including, the openamp client side structures lib.
Change-Id: Icb86045b7915c4b04d2ec73b88ed40a3d65be4af
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add PSA client definitions in common include to add future
ff-m support.
Change-Id: I0860fa347fd882d6e99da136a4273a0ef5d7d684
Signed-off-by: Rui Miguel Silva <rui.silva@arm.com>
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The device tree is embedded in the u-boot binary
and located at the end of the DDR. Its address
is specified in fdtcontroladdr environment variable.
No need to use fdt_addr_r anymore.
Change-Id: I58b17fbcab36c7236d57eb2498c41b5f4960b6eb
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Setting stdout-path in the chosen node.
Change-Id: Ie0a6b140492f0c5fc323690d2f6bc921cbe76cb3
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The N1SDP build uses a non-standard FIP UUID, so explain where it comes
from.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The base recipe can install the required files, so this is redundant.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Using a path relative to a kas yaml file to include another kas yaml
file won't be supported in the future. This patch also updates the
documentation for fvp-baser to set the minimal supported version of kas
to 2.6.
Signed-off-by: Hugo L'Hostis <hugo.lhostis@arm.com>
Change-Id: I757103c5433bca7af9ab024370cd1e994d59fe0e
Signed-off-by: Jon Mason <jon.mason@arm.com>
qemuarm64 fails to build since PLAT=invalid when MACHINE=qemuarm64
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This commit adds mhu driver (v2.1 and v2) to the secure
partition se_proxy and a conversion layer to communicate with
the secure enclave using OpenAmp.
Change-Id: I3d7893f2f52fdcfe6aae4c471c261b6ffd76b274
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This commit passes the platform name to CMake through the
configure task.
Change-Id: I7aaf10e3709507c65dd81c31e0301df57bbdf4fc
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This change is to fetch and build openamp and libmetal
as part of SE proxy secure partitions
Change-Id: I251525f830535ceb1e1fc9f994c22a8b149fe7b6
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Moving dependencies to the BSP.
Change-Id: I32abd6c0568030550dda0442a2a4f624967b561c
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Keeping the recipe platform independent.
Additional components can be added at the platform level.
Change-Id: Ib1b0dd8d50486a037257dd99fea0d0ba2c80c7fb
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This change is to add following header file to optee-spdevkit
and these are required by openAMP:
* features.h
* error.h
Change-Id: I51b801911b5a0131bf938ac1d520c4818e416637
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This change is to increase optee core heap size to 131072 bytes
from its default value to accomodate openAMP and smm-gateway
Change-Id: I40912334f59a50bb3baf853bb5ff4b01c3b23966
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Most BSPs don't need a specific release of TF-A, so add a bbappend for
TF-A 2.6 and remove the preferred version assignments.
Notable exceptions are TC0/TC1 and Corstone1000, which both are currently
using intermediate SHAs pre-2.6:
- TC0/TC1 fails to build with TF-A 2.6 as the binary doesn't fit in the
specific space.
- Corstone1000 patches need to be rebased on top of 2.6
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Keeping 2.5 around temporarily until all of the machines are ported.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The bbappend is fetching a specific SHA, so explicitly set the PV
to match.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Instead of every versioned recipe setting this, move it to the common
include.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
There's no need to use virtual/trusted-firmware-a, as there's only one
provider of trusted-firmware-a: trusted-firmware-a.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Use a generic wildcard in the arm-bsp bbappend to avoid needing to rename
in the future.
Remove the N1SDP patch as this has now been merged upstream (c5e45a7).
Remove TC? overrides which pinned it to an intermediate SHA.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Drop a patch which was backported and is now included in 2.9.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This seems to be needing arm specific kernel headers, so I infer this
still is arm specific module
Fixes below error on non-arm hosts
/git/arm_ffa_user.c:12:10: fatal error: linux/arm_ffa.h: No such file or directory
| 12 | #include <linux/arm_ffa.h>
| | ^~~~~~~~~~~~~~~~~
| compilation terminated.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
If we build aarch64 based machines living outside meta-arm then these
recipes report as unsupported e.g.
ERROR: Nothing PROVIDES 'optee-os-tadevkit' (but /mnt/b/yoe/master/sources/meta-arm/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb DEPENDS on or otherwise requires it)
optee-os-tadevkit was skipped: incompatible with machine rock-pi-4b (not in COMPATIBLE_MACHINE)
ERROR: Nothing RPROVIDES 'optee-ftpm' (but /mnt/b/yoe/master/sources/meta-arm/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb RDEPENDS on or otherwise requires it)
No eligible RPROVIDERs exist for 'optee-ftpm'
NOTE: Runtime target 'optee-ftpm' is unbuildable, removing...
Missing or unbuildable dependency chain was: ['optee-ftpm']
ERROR: Nothing RPROVIDES 'optee-ftpm-dev' (but /mnt/b/yoe/master/sources/meta-arm/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb RDEPENDS on or otherwise requires it)
No eligible RPROVIDERs exist for 'optee-ftpm-dev'
NOTE: Runtime target 'optee-ftpm-dev' is unbuildable, removing...
Missing or unbuildable dependency chain was: ['optee-ftpm-dev']
Therefore its better to limit this recipe to machines supporting
optee-os
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
edk2-firmware release builds with clang fail:
MdePkg/Library/UefiMemoryAllocationLib/MemoryAllocationLib.c:142:15:
error: variable 'Status' set but not used [-Werror,-Wunused-but-set-variable]
This is upstream as https://bugzilla.tianocore.org/show_bug.cgi?id=3758,
but until that is resolved we can just force debug builds with clang.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
We set GCC5_AARCH64_PREFIX so the tools are prefixed correctly in GCC
builds, but didn't set CLANG38_AARCH64_PREFIX. This meant the clang build
used the host objcopy, which may not know about the target architecture.
Also these can just be the prefix and not a full path, as the binaries
are on $PATH.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update the size of bl2_signed.bin and tfm_s_signed.bin
Change-Id: I8312dd6d50faff53e1ca489cbf73c5f25671b21c
Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Secure enclave, based on the firmware update state of the
system, decides the boot bank. In this commit, u-boot
identifies the selected boot bank and loads the kernel
from it.
Change-Id: Ifcef126dc79c7808b30ef0319d83482d2d29fd13
Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Secure enclave decide the boot bank based on the firmware update
state of the system and updated the boot bank information at a given
location in the flash. In this commit, bl2 reads the givev flash location
to indentify the bank from which it should load fip from.
Change-Id: I2f7518c82c1664355da2aa1596f4f65f7a49a53d
Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
More space in the flash is reserved up front for metadata
parser and UEFI variables. That requires change in the flash
base address of where images are present.
Change-Id: I2d23d06099ffbf15458afaeb21c5dd4bcc4ffecb
Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
More space in the flash is reserved up front for metadata
parser and UEFI variables. That requires change in the flash
base address of where images are present.
Change-Id: If6c048a6117023aae2e748c23ed52447857b0d04
Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The patchset perform the following changes:
a. Disable secure debug by default.
b. OTA Firmware Update Agent implementation.
c. Implementation of boot index propagation mechanism.
d. Openamp version/commit hash correction.
e. Implementation of host watchdog interrupt handler.
Change-Id: Ie5e1028bb29ce337d51ad8ef47d2bd8175187402
Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This commit implements distro_bootcmd in config_bootcommand in u-boot.
This command traverses all the USB devices connected to the board and
finds a usb device that has bootable image to boot from it. If it cannot
find a usb device with the bootable image, it will boot the system using
the existing flash.
Change-Id: Ia05ca02d6f490a1b51fcf377afcc86ea0ed4e19c
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This commit implements efi_reset_system for corstone1000 platform. In
order to reset the system, the host uses secure host watchdog to assert
an interrupt (WS1) on the secure-enclave side, then secure-enclave
resets the system.
Change-Id: I772181cd43e789f1d6508aaa433eb109d8f85b5d
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This commit enables PSCI Reset for corstone1000 platform. It configures
u-boot to use PSCI interfaces in efi_reset_system function.
Change-Id: I88ea55fde2b2c6e455a4b38e885e62a410b0b0e7
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This patch does three things:
- Add the CONFIG_EFI_PARTITION option to the corstone1000_defconfig
to allow u-boot to detect EFI filesystems.
- Add isp1760_get_max_xfer_size(), this fixes an issue where
GPT partition info could not be loaded.
- Fix the issue while detecting EFI filesystem, and loading GPT
partition info.
Change-Id: Ic04c8710f4ea7e156aca196d7e54f090b9376c49
Signed-off-by: Harry Moulton <harry.moulton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This patch updates shared buffer address, disables get/set of NV
variables, and invalidates the cache after write to shared buffer as the
SPs have cache disabled.
Change-Id: Iead01edf3011e192df205236df098415e5bde9a5
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Default to release builds and let machines enable debug builds if they
want that.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Building edk2-firmware needs explicit configuration for the target
machine, so set an invalid COMPATIBLE_MACHINE to stop edk2-firmware
building for, example, qemumips.
sbsa-acs is an application, so unset COMPATIBLE_MACHINE in that recipe
as it will work on all aarch64 targets.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Group the qemuarm64-secureboot and qemu-generic-arm64 overrides so that
they are easier to read.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
There is only a limited number of EDK2 architectures, so we can set
the architecture using overrides in the base recipe instead of every
machine customisation needing to set it explicitly.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
These patches have been merged into edk2-platforms bd53d309 onwards,
which is built with edk2-firmware 202111.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Set the default platform name/descriptor to 'unset' so that build.sh fails
with obvious errors, instead of generic argument parsing failures.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
QEMU_USE_KVM needs to be empty, not 0. Otherwise, it doesn't catch and
runs KVM anyway (which breaks inside our docker containers).
Signed-off-by: Jon Mason <jon.mason@arm.com>
This commit enables smm-gateway in optee-os by making the following changes:
- Updating the existing SP manifest file with a combined manifest file
that includes information about both se-proxy and SMM gateway SP.
- Including the SMM gateway SP makefile in optee include file
to embed smm gateway sp binary into optee image.
Change-Id: Iebcf2c534a9e9ced411c943ff583b522ad9d69fa
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
smm-gateway secure partition is a slim version of StMM for low memory
devices.
This commit adds support for smm-gateway for corstone1000 at the
secure partitions level by making the following changes:
- Configure TS_DEPLOYMENTS to include SMM Gateway SP, SMM gateway to use
device region for shared buffer, and set the NV store macro.
- Updating secure partitions recipe to point to HEAD of integration
branch to fetch stmm-gateway changes.
Change-Id: I56ff325cca250749448364e12ac06e3ea289fa29
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
This commit introduces a new kernel patch that aligns the FF-A
versions checks according to the FF-A specification v1.0.
Without this fix, the FF-A bus fails to initialize when the FF-A
framework is version 1.1 (comes with the latest TF-A).
The bus driver which is v1.0 rejects the framework v1.1 despite
the fact they are compatible according to the specification.
This kernel patch changes the logic of the version checking based on
the specification.
Change-Id: If9d7b6c0d5e24e73d4f42c6532cd56ff2d05fcec
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This commit implements capsule update for Corstone-1000.
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Change-Id: I3031018eebb9aaae56c0823d24ee5c148857f2fa
Signed-off-by: Jon Mason <jon.mason@arm.com>
This commit provides these new generic u-boot features:
- The FF-A low-level driver implementing Arm Firmware Framework for Armv8-A (FF-A)
- MM communication using FF-A (compatible with StandaloneMM and smm-gateway)
- A new armffa command and a test module to test the FF-A helper functions to
communicate with secure world.
It also enables FF-A and MM communication for the Corstone-1000 platform.
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Change-Id: Ic71dcae2411aefae00557284c08be662bfe80b98
Signed-off-by: Jon Mason <jon.mason@arm.com>
These changes are to add a rule in optee-os Makefile to include
secure partitions as part of optee-os image
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Change-Id: I2f6f93ffca9a2332cbe9ffe4e9903b8ec524df51
Signed-off-by: Jon Mason <jon.mason@arm.com>
oe-core c2a2d47 changed the default of QEMU_USE_KVM to 1, so qemu will
want to use KVM and will error if it can't. Our CI runners don't have
KVM, so we need to disable this.
In the long term this should be more intelligent as some workers have
KVM and some don't, but this will get successful builds again.
Signed-off-by: Ross Burton <ross.burton@arm.com>
To ensure that optee-spdevkit works in all configurations, but it in the
CI for qemuarm64 not just corstone1000.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This recipe was setting a default SRCREV which doesn't contain the
Secure Partition devkit, as this is only in the psa-development branch
on the trustedfirmware.org mirror which is set by the corstone1000
bbappend.
Use this branch/revision by default, and set the PV correctly: this
branch is currently based on optee-os 3.10 not 3.14.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
No need for this to be versioned as it complicates upgrades.
Remove the explicit post-2.5 SRCREV now that the recipe has upgraded to
2.6, and remove assignments which are already the default for
conciseness.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Hafnium can do a qemu/aarch64 build, so enable that for future testing
purposes.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
hashbang.patch isn't needed anymore, and rebase the other patches.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Interchangable firmware isn't really a workable concept, so there's no
real need to have a virtual name.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Firmware isn't arbitarily interchangable as by definition it is specific
to the platform, so use the real recipe name instead of a virtual name.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Now that the TA devkit has been split out of optee-os, the build
dependencies of optee-test need to be updated too.
Signed-off-by: Ross Burton <ross.burton@arm.com>
These changes are to add support to build TrustedServices.
corstone1000 platfrom uses optee-sp option which will include
secure partitions into optee Image
Following changes are made to trusted-services code
* TS_PLATFORM should be set at the external build system level.
* fix EARLY_TA_PATHS environment variable
* se-proxy string and make it as child node
Change-Id: I58d76b5e25e7f285794c93dc92c1b93fdd77cfb9
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Add support for corstone1000-mps3 machine which have a cortex-a35
aarch64, this will boot till u-boot prompt.
Change-Id: Ifdd81d35a5409cdd1563388a841885c14b748cad
Signed-off-by: Arpita S.K <Arpita.S.K@arm.com>
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Separate recipe for TA devkit is needed to solve
circular dependency to build TAs with the devkit
and integrate it inside optee-os.
Signed-off-by: Maxim Uvarov <maxim.uvarov@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
These tasks made some limited sense when there was only one runner, but
in a setup where there are N runners they arere pretty useless as you
can't control which runner is executing the jobs.
Disk usage should be managed out-of-band, so delete the jobs.
Signed-off-by: Ross Burton <ross.burton@arm.com>
The public sstate server isn't up to the load just yet and often-enough
will take a very long time to respond, causing build failures.
Signed-off-by: Ross Burton <ross.burton@arm.com>
lnr is deprecated and will be removed soon, so replace it with `ln -rs`
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Migrate the qemuarm64-sbsa machine to use the generic-arm64 machine as a
base. This new qemu-generic-arm64 should contain only the parts
necessary to boot the generic-arm64 in qemu (using the SBSA machine).
This allows for a single generic image with testing for SBSA compliance.
NOTE: a unique WIC file is needed due to the inability to pass kernel
bootargs (due to needing DHCP for testimage).
Signed-off-by: Jon Mason <jon.mason@arm.com>
The build is successful without this, so presumably it's obsolete.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
No point checking that a directory exists before installing from it, as
it will fail immediately anyway if the files are not present.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The corstone1000 customisations override the test-* PACKAGECONFIGs to
always disable the tests, even when they're enabled.
The proper way to do this is to not enable the tests in the first place,
and the tests are not enabled.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This BSP sets an intermediate SHA that is newer than the 1.4.1, but the
branch needs specifying now.
Also remove SRCREV_FORMAT, the PV doesn't include SRCPV so it isn't being used.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Extract the TF-M branch name as a variable, as BSPs may wish to use
intermediate SHAs.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Seeing error of
WARNING: ZEPHYRTESTS:remove += is not a recommended operator combination, please replace it.
Correcting the issue by changing it accordingly.
Signed-off-by: Jon Mason <jon.mason@arm.com>
We don't have any invasive kernel patches for the FVP machines anymore,
so remove the PREFERRED_VERSION and track the default version of
linux-yocto instead.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This recipe was used by trusted-firmware-m and python3-imgtool, both of
which now use python3-cbor2.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Backport a patch to switch from the unmaintained python3-cbor module to
the active python3-cbor2 module.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
We need to be sure that the host linker flags are passed to the kernel
build, as otherwise it is possible that binaries are incorrectly linked.
For example:
HOSTCC scripts/extract-cert
ld: .../recipe-sysroot-native/usr/lib/pkgconfig/../../../usr/lib/libcrypto.so: undefined reference to `pthread_once@GLIBC_2.34'
Signed-off-by: Ross Burton <ross.burton@arm.com>
Patch in BUILD_LDFLAGS into the cert_create Makefile so that the -rpath
arguments are passed to the native build, meaning it can find libssl
correctly. This somewhat worked previously as the host libssl and
sysroot libssl matched, but now that OE has OpenSSL 3 that often isn't
the case.
Signed-off-by: Ross Burton <ross.burton@arm.com>
gem5 imported collections.Mapping, but this was deprecated in 3.3 and
removed in 3.10.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add recipe to generate GPT with FIP and metadata.
Add Python script to generate the FWU metadata.
Signed-off-by: Tudor Cretu <tudor.cretu@arm.com>
Change-Id: Icfe3d1491442af17aa5300d8ff8654ac65ae30aa
Signed-off-by: Jon Mason <jon.mason@arm.com>
Since we are using TESTIMAGE_AUTO, providing the target field in the
testimage yml file is no longer necessary. This allows for multiple
payloads to be built, while still allowing for testing.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Changes necessary to get the u-boot version 2020.10. TC patches are no
longer necessary, as they are upstreamed.
Signed-off-by: Jon Mason <jon.mason@arm.com>
The meta-arm-autonomy layer is being deprecated from master, with bug fixes
only being applied to the following branches. Additionally, all support and
maintenance of meta-arm-autonomy will stop as per the schedule below.
honister: End-of-life scheduled to June 2022
hardknot: End-of-life scheduled to December 2021
gatesgarth: End-of-life scheduled to October 2021
dunfell: End-of-life scheduled to October 2021
master: End-of-life scheduled to October 2021 and code removed
Issue-Id: SCM-3552
Signed-off-by: Diego Sueiro <diego.sueiro@arm.com>
Change-Id: I3ca58f8c13b1ecb3dbaf0d60f0f52b016292633d
Signed-off-by: Jon Mason <jon.mason@arm.com>
Adding ci and yaml files to support
corstone1000-fvp.
Change-Id: I74ebc3570d4b0c8abae58be5ef69064fc33e5bea
Signed-off-by: Arpita S.K <Arpita.S.K@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
- This commit provides a recipe for the FF-A Debugfs Linux
driver v2.1.0.
The driver is an out-of-tree loadable modules. It exposes
FF-A operations to user space and only used for development
purposes.
- Create a dev package for ffa-debugfs-mod
ffa-debugfs-mod recipe provides arm_ffa_user.h header for
other recipes that need it at build time.
The header is put in ffa-debugfs-mod-dev package.
Change-Id: I92f33e20b5fdfc9a32cff03ae2a137150d0328db
Signed-off-by: Arpita S.K <Arpita.S.K@arm.com>
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This commit adds the Arm Firmware Framework for Armv8-A to the v5.10 kernel.
The integrated patches are cherry-picked from kernel v5.14-rc2 and
compatible with SMCCCv1.2
Change-Id: If8964b94ed83caa5e0fc5d2a8a9b6a21f8b378ec
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This commit allows to sign trusted-firmware-a BL2 and FIP using MCUBOOT
tools.
Change-Id: Ide3045982f5f8515c1ccd59b6b0d29816fbfdd68
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Until this is integrated into meta-python, hold a copy of
python3-imgtool in meta-arm-bsp used by trusted-firmware-m.
Change-Id: I2e86be503bee03de549f5714dc52921165afa2bf
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Arpita S.K <Arpita.S.K@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
In an effort to setup capsule update and efi runtime service
handlers, enable the correspondent efi config options.
Signed-off-by: Rui Miguel Silva <rui.silva@arm.com>
Change-Id: Ib068448564268dcacb9bcad3667a3b293f177a83
Signed-off-by: Jon Mason <jon.mason@arm.com>
enable efi boot including secure config options, add a
load command which integrate with efi subsystem.
And as at it, enable the efi capsule options for future
use.
Change-Id: Iced8ab2b9bca41805f6201150760692b4b716d7d
Signed-off-by: Arpita S.K <Arpita.S.K@arm.com>
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Rui Miguel Silva <rui.silva@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
These changes are to add corstone1000-fvp machine
to optee-os.
Change-Id: I9ddfaca476234c0307a89d5444ae2d0e688a9b59
Signed-off-by: Arpita S.K <Arpita.S.K@arm.com>
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This commit enables TF-A v2.5 with Trusted Board Boot support for the
Corstone1000 64-bit platform.
Disables Non-Volatile counters in the TBB.
Change-Id: Idb9e18df7066cb617df72b2e147147ce49db292c
Signed-off-by: Arpita S.K <Arpita.S.K@arm.com>
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add support for corstone1000-fvp machine which have a cortex-a35
aarch64, this will boot till u-boot prompt.
Remove kernel devicetree configuration and add the devicetree here and
enable it in the diphda defconfig.
Adds the build options required to support an RTC emulator which in
turn is required to support the UEFI functions GetTime()
and SetTime().
Change-Id: I0d66ece1193494bd2f59a9800d802dff1c4a0db6
Signed-off-by: Arpita S.K <Arpita.S.K@arm.com>
Signed-off-by: Rui Miguel Silva <rui.silva@arm.com>
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Whilst we have just one version of edk2-firmware, there is no reason to
select a preferred version.
Change-Id: I816de3b7dbcfc543307c792bcd16a5d69f5f4f2d
Signed-off-by: Ross Burton <ross.burton@arm.com>
Take a patch that is heading upstream to pass OPENSSL_DIR to the fiptool
build, removing the need to alter the Makefiles at build time.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Take a patch that is heading upstream to pass OPENSSL_DIR to the fiptool
build, removing the need to alter the Makefiles at build time.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The commit provides the v2.5 recipe for fiptool-native
and removes the older versions.
Change-Id: Ie87ca97bc63bfe7ba2337b1bf05d9658921bab83
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
TF-A 1.5 is very old, remove. People who still need 1.5 will likely be
using older releases.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
TARGET_FPU passed to TF-A Makefile but is not used in TF-A source code.
Change-Id: I7c275711ed1e9fb9ee4e4df2b9c1606cacc4138c
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
If the FVP has already quit when we're stopping an exception is raised,
so catch that and do nothing.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
When a new process group is created, it is launched in the background
and any attempt to access the session terminal triggers a SIGTTIN (for
stdin) or SIGTTOU (for stdout) signal. These are ignored in an
interactive shell, but the default signal behavior in a new job is to
send a SIGTSTP to the whole process group. This causes runfvp to hang
when executed via a subprocess when stdin is accessed.
After creating a new process group, use tcsetpgrp to make the new group
the foreground process for the terminal associated with stdin/stdout,
but only if stdin is a tty.
The documentation for tcsetgrp states that tcsetpgrp itself raises a
SIGTTOU signal, so set this signal to SIG_IGN.
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: I349a825df7fcb8a3cedb81762b901c6f50fa53b5
Signed-off-by: Jon Mason <jon.mason@arm.com>
With trusted-firmware-m 1.4 the platform names have changed.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update TF-M to version 1.4.0, mbed TLS to 3.0.0, TF-M tests to 1.4.0,
and MCUBoot to TF-Mv1.4-integ tag.
Change-Id: I9172ed9fbf6c6c2ed88303256ef2452dafc665be
Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Toolchain files toolchain_GNUARM.cmake and toolchain_ARMCLANG.cmake are
located at trusted-firmware-m source directory.
This commit sets that.
Change-Id: If9c26f65b0c8111a6ff1f1a7d56610563efd501b
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
In case of CMake, PACKAGECONFIG configs take effect when passing
PACKAGECONFIG_CONFARGS to the configure task.
Change-Id: I126ba089c9a5db8e895b8a9545e96ef9fa98ce0d
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
As multiple paths can and do provide modules under oeqa.controllers, all
of these paths need to call pkgutil.extend_path() so the lookup works
correctly.
Signed-off-by: Ross Burton <ross.burton@arm.com>
The sstate mirrors are not available over HTTPS currently due to a
certificate problem, so use plain HTTP instead.
Change-Id: I5b974d67bc13f7c7234927c6bc62a8c733e454c3
Signed-off-by: Ross Burton <ross.burton@arm.com>
Inherit fvpboot so that the FVP binary is fetched and configuration
generated.
Configure the FVP to forward host port 8022 to port 22 locally, and
tell testimage to SSH to localhost:8022. This has the limitation that
only one testimage can run per machine, but this will be removed shortly.
Disable the parselogs test case, as there are some harmless warnings in
the dmesg which cause it to fail. Currently meta-arm can't extend the
whitelist of ignorable warnings.
The FVP binaries are x86-64 only, so tag the job appropriately.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
runfvp currently needs telnet to communicate with the guest, so install
telnet into the image.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Set TEST_TARGET so that all FVP machines use the new FVP target out of
the box, instead of attempting to use qemu.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
All FVPs can use virtio networking devices, so enable virtio in all of
the FVP kernels.
Remove our fvp/fvp-virtio.cfg as there's cfg/virtio.scc we can use.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add a new oeqa.core.target.OETarget subclass for testimage which starts
a FVP using runfvp. This uses --console to connect to the console so
telnet is needed on the host.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
So that it is easy to kill runfvp and everything it starts (such as
telnet or the FVP itself), reset the process group on startup.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Latest oe-core has less implicit DEPENDS, so gem5 fails to configure:
Error: Can't find version of M4 macro processor. Please install M4 and try again.
Explicitly add m4-native to DEPENDS.
Change-Id: I2e107ea6448eec399619e0d1922fd29930a95fd8
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Using asyncio makes the code easier to understand. Also start to expose
a callback for when consoles are opened.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This patch adds config parameters to support virtio_net user networking by
default fvp-baser-aemv8r64 and updates the documentation to remove the old
instructions about setting up tap networking.
Issue-Id: SCM-3536
Signed-off-by: Hugo L'Hostis <hugo.lhostis@arm.com>
Change-Id: I4f3b74c5ba8b8e0b4205fca643a35affbe50a18c
Signed-off-by: Jon Mason <jon.mason@arm.com>
oe-core has branched Honister off and master is taking breaking changes.
As we're still stabilising for release, we should pin to the honister
branches where possible.
Change-Id: Icb05bee45dcc88ca9cbac72b7c18cbaeb89a7491
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add the ability to run testimage against zephyr machines.
Unfortunately, this exposes a bug in meta-zephyr with TESTIMAGE_AUTO not
working correctly. So, work around this until it can be fixed upstream.
Also, qemu-cortex-a53 does not successfully pass any of the tests it
successfully builds. So, don't run testimage until that can be
addressed.
Signed-off-by: Jon Mason <jon.mason@arm.com>
As we're building whole systems and not binaries that are expected to
be copied around, we can dynamically link to libstdc++.
Change-Id: I1e54ca519b069388226f40c489c9194b870a6d3c
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
GN uses its own platform identifiers, so map from our GNU-style names to
the names it expects.
Change-Id: I361536c43f2a9cc5c6dc0a9ad4138433399781d2
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Building GN in a SDK environment isn't as trivial, as it needs to know
the target configuration it should inherit cross-canadian. Also, building
for mingw32 hosts breaks the build.
For now there's no immediate need for GN in nativesdk, so remove it.
Change-Id: I3b969639fa8ad7780c53ae2bc8a3f166773ee4b9
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
It appears that GN doesn't like to be built with Clang, so disable that
for now.
Change-Id: I01d1d2bf0d646d0841c5f291f07de80837a9a998
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
GCC_VERSION is too similar to existing variable GCCVERSION. Replace it
with ARM_GCC_VERSION.
Suggested-by: Denys Dmytriyenko <denis@denix.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Updating the linux kernel version to 5.14 for fvp-baser-aemv8r64.
Signed-off-by: Hugo L'Hostis <hugo.lhostis@arm.com>
Change-Id: Iad76939460a32d8e34212e86a45905ffd51deb60
Signed-off-by: Jon Mason <jon.mason@arm.com>
This patch adds instructions to fetch and build previous versions of the
software stack for fvp-baser-aemv8r64 instead of the ongoing
development.
Signed-off-by: Hugo L'Hostis <hugo.lhostis@arm.com>
Change-Id: I430196c0ca80c7f1e4b9f8349cdc957c86f384ee
Signed-off-by: Jon Mason <jon.mason@arm.com>
Instead of relying on the prebuilt GN/Ninja/dtc binaries that come with
Hafnium via the hafnium-prebuilts repository, use the recipes that we
build.
We still need to use the prebuilt compilers, but that is being worked
on upstream.
Change-Id: Ife4172d74f7877eaee3c4c414d7afda61332f220
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This is a Google build tool used by Hafnium. It will end up in meta-oe
eventually, but until then it can live here.
Change-Id: I7a3df84624664117a6a72e2d93e86036cb483c39
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The .elf is only useful for debugging, so put it in the dbg package.
Change-Id: If2802e4cf8303e7e8258e81b580a43bdecfa3a0a
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Hafnium hard-codes a lot of this logic, so do_install can be simplified.
Change-Id: If4f941dff392a6e8d0b7ee9fff68a9836a7fd806
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Set OUT_DIR to do out-of-tree builds in a directory we control, so we
can wipe it on rebuilds.
Change-Id: I5b96427b6e9d510997de5f2b1947505ad31199dc
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Hafnium drops a python symlink into HOSTTOOLS_DIR, which is visible to
all recipes, so building hafnium changes the build environment.
Hafnium, since 6c63a26 (2.4 onwards), uses python3 in its own hashbangs.
The prebuilt clang currently uses python hangbangs but this is fixed in
git, and can be temporarily worked around with a patch instead.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
pkg-config-native is used, so we best depend on it.
Change-Id: Iad57fa306a813828136d2afeefb16c5101512f5b
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Use variables to make it easier to upgrade when the time comes.
Change-Id: I9f2575279fe79bc0d895d47fdaffd2d5edd4aa59
Signed-off-by: Jon Mason <jon.mason@arm.com>
If bb.tinfoil cannot be imported, display a nice error instead of a
backtrace.
Change-Id: I20dab9dfdbd57c8e90c8321072bab4f70b8ace47
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Pick a default terminal which will actually work, instead of defaulting
to xterm even if xterm isn't installed.
Also show the default in the --help output.
Change-Id: Ib3e7c32917725f404a171248549b6f9c0afe8158
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
No behavioural changes, just cleanup.
Change-Id: I04d82512493a2f90e810198e520f672284cd3eb2
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
If the script receives control-c, don't display the stack trace.
Change-Id: Id0ebf9476ecd685302723fde6a36c2e899d0f3eb
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Enable user-mode networking with virtio out of the box. This way port
forwarding can be configured easily without needing to setup host tap
ports.
Moving forward this may be controlled more by runfvp with the machine
configuration simply saying what configuration parameter to use (in this
case, bp.virtio_net), but this is a good starting point to iterate from.
Change-Id: I0b610df87c7dd2c8e3e213daaa967618babbdc7c
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Pass bp.ve_sysregs.exit_on_shutdown=1 so that the FVP exits if the
emulated machine shutsdown, which is typically the desired behaviour.
Change-Id: Id2f92df4af67ca5cadc645948eccf9c93af3f8f9
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
linux-yocto has moved to 5.14, which still needs defconfig tweaks to
build without warnings.
Change-Id: Ia14c02562cf0ccb5fb8fd8544901530a0cfb487b
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
By removing the verbose and debug kernel command line parameters from the grub
menu entries we prevent the console printing unnecessary messages and slowing
down the boot process.
Issue-Id: SCM-3027
Signed-off-by: Hugo L'Hostis <hugo.lhostis@arm.com>
Change-Id: Ieb68c606b7ed5b20191f6989aea84963b8cda778
Signed-off-by: Jon Mason <jon.mason@arm.com>
This doesn't execute anything but simply checks that the publically
available FVPs can be downloaded and packaged.
Change-Id: I13895faa6fe6b19363854c33275a3febf61b7132
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
So that we can build and use FVP packages in the CI, agree to the FVP
EULA.
Change-Id: Iaff2398000c30782f48f70714846d3f1028b34bb
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
FVP versions in the download URLs are expressed as 11.12_13, but ideally
we'll use a rationalised 11.12.13 form as it's more consistant.
Add a function to transform from a all-dots form to use underscore for
the final portion, and expose this version as PV_URL.
Change-Id: I632b33913baba0f0847440595ef0699d0a769166
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This FVP is now freely available without a login, so we can download it
directly.
Change-Id: I8ba041c44233cfbba5e3c223f07acc531a2e5f5c
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The fvp-base-a-aem and fvp-base-r-aem recipes have a lot in common, so
extract that into a fvp-envelope.inc file.
Change-Id: I9390f05e98bec0c1a236bc3c5d55b7144da1e1fd
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The FVPs are precompiled binaries so we can theoretically avoid the
default dependencies (gcc and friends), but this means that packaging
doesn't succeed for non-native builds as objcopy (from binutils-cross)
is needed during do_package.
Until oe-core is fixed to depend on binutils-cross, don't disable the
default dependencies.
Change-Id: I9ec292d21c4f9db4e02587b7f58f46852cbc2c3d
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This job just exercises the binary toolchain packages, so there's no
need to do it in the bootstrap stage.
Change-Id: I9d1697791a1e427d594bd8d99c5cad45961f4c5b
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add ci, kas, and scripts to the README to document their intended uses.
Also, alphabetize the layer entries.
Signed-off-by: Jon Mason <jon.mason@arm.com>
This pins the rt kernel to the same version as the standard kernel.
Poky has recently upgraded to 5.13, which has not yet been validated
on the n1sdp.
Issue-Id: SCM-2987
Signed-off-by: Kamil Dziezyk <kamil.dziezyk@arm.com>
Change-Id: Ie53c27e46f529f5e5dc5a6a6b32d2c021ca22651
Signed-off-by: Jon Mason <jon.mason@arm.com>
The FVP_BASE_R_ARM_EULA_ACCEPT variable is set by kas and doesn't need
to be initialised in the bb recipe.
Signed-off-by: Hugo L'Hostis <hugo.lhostis@arm.com>
Change-Id: Idbaa8b9fb7753e3c1f77e88710109324322aaf05
Signed-off-by: Jon Mason <jon.mason@arm.com>
In a distributed, non-homogeneous CI setup, the binary-toolchain setup
script might not run on the machine that needs the toolchains. Make
this per-build and it will always be there, at the expense of running on
builds that might not need it (though it still should be fast).
Also, there is an issue with the directory where the binary toolchain is
located being global, and racing against other systems using, setting up,
and tearing down. Link this to a local directory to avoid any races.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Remove anything that fixes the kernel version to being 5.10 and let it
float. Currently, qemuarm64-sbsa was not using the 5.10 kernel, which
means the defconfig patch wasn't even being applied. Remove patches
that don't apply to 5.13.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Android has deprecated ION and moved to dmabuf instead.
Update the kernel configuration accordingly.
Also, enable "CONFIG_DEVFREQ_THERMAL" as this is required by
the GPU libraries
Signed-off-by: Anders Dellien <anders.dellien@arm.com>
Change-Id: I7ee3659792984f71cf818ef175d7e5ecc25c6d93
This pins the rt kernel to the same version as the standard kernel.
Poky has recently upgraded to 5.13, which has not yet been validated
on the fvp-baser-aemv8r64.
Issue-Id: SCM-2987
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: Id7cd02bb9610d82adbe590777517649596d32172
Signed-off-by: Hugo L'Hostis <hugo.lhostis@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This makes them common with TC1 and also adds support for FFA v1.1.
Signed-off-by: Usama Arif <usama.arif@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
* change Changelog to Change Log.
* change armv8r64 to Armv8-R64.
* ensure all log entries have a period.
* change the order of the entires to highlight key release features.
Issue-Id: SCM-2987
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: Id77ec01c455ac8954a965af8659421cc485e4778
Signed-off-by: Jon Mason <jon.mason@arm.com>
The kas:latest image now has the updated build dependencies, so use that
again instead of the potentially unstable next image.
This reverts commit 6b1d8abb3b.
Change-Id: I28409bb176df91b7e8ebb558814b3d65dec78724
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update Arm GCC toolchain recipe and patches accordingly.
Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Changes in v2:
- Drop support for 10.2 release.
- Update CI to use 10.3 release instead.
Signed-off-by: Jon Mason <jon.mason@arm.com>
* Add missing net-tools to apt-get install list
* Use export to set FVP_BASE_R_AEM_TARBALL_URI and
FVP_BASE_R_AEM_EULA_ACCEPT and make kas build its own command.
* Change bp.hostbridge.interfaceName=tap0 to
bp.virtio_net.hostbridge.interfaceName=ta0 for runfvp, so that the
FVP can access the external network.
Issue-Id: SCM-2987
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: If9052400d2ae199861bc00ce119d28069f476f7e
Signed-off-by: Jon Mason <jon.mason@arm.com>
The wording implied they were limitations of the architecture, so
rewrite to make clear they are software restrictions.
Issue-Id: SCM-2987
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: I79ca1ac7cdce709015de1c539a6ec7fe1650d384
Signed-off-by: Jon Mason <jon.mason@arm.com>
The meta-virtualization support for the 5.4 kernel was removed in favor
of the 5.10 kernel. This file was only a versioned include of a generic
file, which can be readded in the kernel bbappend.
Change-Id: I922e847a89e9f29fc69c1f537f9da088685b3de4
Signed-off-by: Jon Mason <jon.mason@arm.com>
The base version is 2.8.0, so these should be 2.8.0+git.
Change-Id: Ief7c3176e46f6ec8b4549375f9be776a7ffbd4d7
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
OpenEmbedded Core master now depends on a few more build tools, so use the
kas:next image until these have been merged into kas:latest.
Change-Id: Ib4c36037d74ec6febca120346bd5bcb08acfccf6
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
qemuarm64-secureboot is failing to boot with the 5.13 kernel. Use the
5.10 kernel until this can be addressed.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Temporary hack to allow for things to continue to work, while waiting
for the platforms to migrate to a newer kernel.
Signed-off-by: Jon Mason <jon.mason@arm.com>
The Linux kernel entries for corstone700 are not much more than any
other BSP. Migrate them to the common file for easier development and
debugging.
Signed-off-by: Jon Mason <jon.mason@arm.com>
This patch was upstreamed in 5.10.54.
Change-Id: Iacf6345c4d4ffa8e512e2f812876fdd50a057f96
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add support for all of the Cortex-R CPUs currently supported in GCC.
Having to get creative here to properly use the GCC extensions.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add information about PSCI support as well as known issues and limitations.
Also, update the fvp-baser-aemv8r64 kas config file to fetch the layers under
the layers directory and pin poky to a stable build revision.
Issue-Id: SCM-2989
Signed-off-by: Diego Sueiro <diego.sueiro@arm.com>
Change-Id: I8e2b30ba708f6ff7fdf43f29eede0e65aa3685ca
Signed-off-by: Jon Mason <jon.mason@arm.com>
The same patches are used by tc0 and tc1. Hence rename the folders
that contain the Total Compute patches to be called "tc". The
artifacts image is used by both tc0 and tc1, hence renamed to
tc-artifacts-image.
Signed-off-by: Usama Arif <usama.arif@arm.com>
Change-Id: Ib0b4fbca9a009c432c1e6696c5437a7d24a25d1f
Signed-off-by: Jon Mason <jon.mason@arm.com>
grub and grub-efi break in do_configure() when using external-arm toolchain:
| checking for aarch64-poky-linux-objcopy... no
| checking for objcopy... objcopy
| checking for aarch64-poky-linux-strip... no
| checking for strip... strip
| checking for aarch64-poky-linux-nm... no
| checking for nm... nm
| checking for aarch64-poky-linux-ranlib... no
| checking for ranlib... ranlib
...
| checking whether objcopy works for absolute addresses... configure: error: objcopy cannot create binary files
That is due to external-arm toolchain's target triplet aarch64-none-linux-gnu
being different from OE triplet like aarch64-poky-linux and configure script
trying to use it to find binutils binaries like objcopy, falling back to host
ones.
Help configure script to find correct objcopy and other binaries by passing
the correct target triplet with --target parameter set to EAT_TARGET_SYS,
overriding the default OE one.
Signed-off-by: Denys Dmytriyenko <denys@konsulko.com>
Cc: Tom Rini <trini@konsulko.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
machine-summary.py is a tool to generate a report of what recipes and
versions are used for what machines, and what the latest upstream release
is.
Change-Id: Iecf21a14057df0fd1cb05be9b54c621dfbaddd94
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Instead of duplicating this logic, put it in a little helper module.
Change-Id: I2ca881c8de7e6ec6d4a940255d9ba97226e78d87
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This wil prevent default values assignment (?=) to be ignored depending on the
config files parsing order.
Issue-Id: SCM-3027
Signed-off-by: Diego Sueiro <diego.sueiro@arm.com>
Change-Id: I0629b52ad100c10eaac9f7004bcdfc778de678f0
Signed-off-by: Jon Mason <jon.mason@arm.com>
No testing is being done against older branches. Only have the
compatibility set to honister to prevent any issues.
Signed-off-by: Jon Mason <jon.mason@arm.com>
sgi575 already has the defconfig entry in the include file. Remove the
redundant entry from the machine config file.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Using recipes-kernel/linux/linux-yocto_5.4.bb as a guide, format the
kernel recipes to match. This enables easier diffing and updating.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Move the xen specific changes out of gem5-arm64-xen.yml. This allows
for other xen machines in the CI. Adding Xen machines for qemuarm and
qemuarm64 allows for more testing, which should be expanded when the Xen
Test Framework in meta-virtualization is expanded to work on arm
machines.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Rename the meta-python.yml file to be meta-openembedded. This allows
for more usage of the layers present there (as meta-python is housed
under meta-openembedded).
Signed-off-by: Jon Mason <jon.mason@arm.com>
Correct an override syntax issue with the kernel and move the relevant
kernel entries from the machine config to the kernel include file to
match the other machines in meta-arm-bsp
Signed-off-by: Jon Mason <jon.mason@arm.com>
Recent changes in the 5.4 kernel are preventing the juno patches from
applying. Temporarily pin the kernel to the version prior to this until
the patches can be rebased.
Signed-off-by: Jon Mason <jon.mason@arm.com>
This patch adds a device tree entry and kernel configs to enable file
sharing between the host and the FVP using the virtio P9 device
component.
Issue-Id: SCM-2299
Signed-off-by: Hugo L'Hostis <hugo.lhostis@arm.com>
Change-Id: Icd757e3c6281e5e84985a3caac72e860a4aeee7f
Signed-off-by: Jon Mason <jon.mason@arm.com>
This patch was getting confusings, so regenerate the minimal form and
explain what each change is for.
Change-Id: I313249d46d55399626151cb22a9bc11bec9fb253
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This SRCREV pin isn't needed anymore, so remove it.
Change-Id: I39a02617840cfccb006b2e1e77cd2ce4f4e942e4
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The generic-arm64 machine is meant to be generic, so pull in all the
kernel modules and firmware we have to increase the chances of hardware
working out of the box.
Change-Id: I51f500f6a6f821fa8df5bee062a52077dcf8e564
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This is needed for hardware with USB Type C ports to work properly, so
enable it in generic-arm64 kernels.
Change-Id: I61e8dafde8ccdbacf35f58da8aef07d35a70193c
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This patch adds support for runfvp to fvp-base-r:
- Add necessary parameter to the fvp-baser-aemv8r64.conf
- Add fvp-base-r-aem bb file
- Add kas support
Issue-Id: SCM-2953
Signed-off-by: Hugo L'Hostis <hugo.lhostis@arm.com>
Change-Id: I252b445297f2d61a90e3cd8f0ec1816890cf733b
Signed-off-by: Jon Mason <jon.mason@arm.com>
the default refspec for the repos used by kas is now master.
Issue-Id: SCM-2953
Signed-off-by: Hugo L'Hostis <hugo.lhostis@arm.com>
Change-Id: I9a68ca36f107e0b72c97b7a402829fec850d8acc
Signed-off-by: Jon Mason <jon.mason@arm.com>
Hafnium's build of the kernel needs libssl-dev to be installed on the host.
Instead, DEPEND on openssl-native and patch the lookup to use pkg-config-native.
Change-Id: Id184865183cde487cacd73740a916166c2900a66
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This SHA contains fix for SVE and AMU extension
Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
Change-Id: Iefa3e8f9bee41098ea49304d88dc04df74ddcb9c
Signed-off-by: Jon Mason <jon.mason@arm.com>
This SHA contains fix for IRQn type conversion issues
Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
Change-Id: I10cc4729df3e12c549413f40d390c24f318c4577
Signed-off-by: Jon Mason <jon.mason@arm.com>
This includes the initial version of ffa driver and optee driver
support for FF-A to ACK 5.10
Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
Change-Id: I8a2c6d0e26422bd2183f3c1f370b0c08eeba7c1e
Signed-off-by: Jon Mason <jon.mason@arm.com>
Brief description of changes:
- Version uplift 3.11.0 -> 3.14.0.
- Removed OP-TEE patches that has already been accepted upstream.
- Added support for tee-supplicant plugin framework testing.
Tested on qemuarm64_secureboot:
$ xtest -l 15
$ optee-examples_*
Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Set Shared Peripheral Interrupts (SPIs) for PMUIRQ so that profiling
tools (such as perf) can use PMU events.
Issue-Id: SCM-3164
Signed-off-by: Qi Feng <qi.feng@arm.com>
Change-Id: Idcfee3f33d9f9e15578405dd39be4f434f3faa06
Signed-off-by: Jon Mason <jon.mason@arm.com>
Expand the FVP_DATA variable used by the fvpboot.bbclass to load both Xen
and its device tree when building arm-autonomy-host image for fvp-base.
Issue-Id: SCM-2718
Signed-off-by: Hugo L'Hostis <hugo.lhostis@arm.com>
Change-Id: Ia6e2f6a13e84c8e762d297ac34ccbe5417a7793b
Signed-off-by: Jon Mason <jon.mason@arm.com>
The previous attempt at setting interruptible didn't work as it needs to
happen on all tasks, as once a single uninterruptible job has executed
the pipeline cannot be cancelled. Unfortunately the setup jobs were
not interruptible, so the pipeline could never be cancelled.
Change-Id: I5416bc3f9a883ace24c12607b2ebc24bc428b50b
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Set a slew of generic machine features that other parts of oe-core will
respect.
Change-Id: I47ea187128c7e3a9f8b711b74467b20b9cb4fcee
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Instead of using the pre-canned Wic kickstart file, provide our own.
This lets us specify that UUIDs should be used in the fstab, meaning
that the image is agnostic to the device type.
Change-Id: If9c0083c16f8bd2ad7d573a0d356383553aa8936
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This machine expects something approximating SystemReady, which means
the firmware should be capable of telling the kernel where the console
is.
Remove SERIAL_CONSOLES so the kernel does what the firmware is told, and
doesn't try to use serial consoles that don't exist.
Change-Id: Ib0b008fececf4c046112bdede9d0d3ebf9dc332b
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
fvp-baser-aemv8r64.wks is identical to fvp-base.wks, so just reuse it.
Change-Id: Ib7db425b35cfd68494beb167fe167c46cdd32b3d
Signed-off-by: Ross Burton <ross.burton@arm.com>
When the FVP Base machine was first added the mainline kernel didn't
have a usable Devicetree. This is no longer the case, so use the
fvp-base-revc devicetree in the kernel.
Change-Id: Ib1c4dc332776b393869c6fb3f11be1811a6544f5
Signed-off-by: Ross Burton <ross.burton@arm.com>
Downstream patch "Allow --enable-psci to choose between smc and hvc"
from boot-wrapper-aarch64. With this patch, kernel can bring up
secondary core successfully through hvc call.
Issue-Id: SCM-2949
Signed-off-by: Huifeng Zhang <Huifeng.Zhang@arm.com>
Change-Id: Iecc99d925317ab7981284671cb8cc4ef1894e6d6
Signed-off-by: Jon Mason <jon.mason@arm.com>
Also remove disabling CONFIG_ARM64_SVE in the kernel since it is now supported
in xen 4.15+
Issue-Id: SCM-3027
Signed-off-by: Diego Sueiro <diego.sueiro@arm.com>
Change-Id: I8fa09a10d16e892ea24e6abc77678d2fb1947e43
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add a trivial job that verifies the binary Arm compiler packages all
fetch and package correctly for both x86-64 and arm64.
Change-Id: I1e29cc175d66d418630505dcac1a87cdf5c0024a
Signed-off-by: Ross Burton <ross.burton@arm.com>
Reviewed-by: Denys Dmytriyenko <denis@denix.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The tarball has been regenerated with new license texts, so the
checksums are different.
Also, patch out the host architecture test in the installer: we might
want to package the armcompiler for a x86 target on a arm64 machine.
Change-Id: Iedf0113c53b6567e3e4e716e2a0db98776d1da6d
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
SourceForge in particular doesn't like multiple connections from the
same IP, but when a source mirror is being populated for the first time
this will happen. Our fetch falls back to the Yocto mirror so it doesn't
cause a failure, but there is a warning logged which our CI then fails
because of.
As we don't care about these warnings, filter them out of the log before
checking if there were any errors.
Change-Id: I36c97c5d9923f1c4d14c4588f3780211cccb57b2
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Introduce the proper compiler flags for armv8r64, and also
disable -march=armv8-r for boot-wrapper-aarch64
Issue-Id: SCM-2342
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: I3d2fac232139b057a5d1a3a8c6f5b825f95d709a
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add fixes for yocto-check-layer with no new functionality introduced.
Issue-Id: SCM-2625
Signed-off-by: Diego Sueiro <diego.sueiro@arm.com>
Change-Id: I4f7dc30e7ca27f88dfe140ac84ff2b73fe99b728
Signed-off-by: Jon Mason <jon.mason@arm.com>
This change fixes parsing error that occurs when INCOMPATIBLE_LICENSE =
"GPLv3" by defining EAT_BFD_LICENSE, EAT_GDB_LICENSE and EAT_RLE_LICENSE
in license.inc and requiring it in external-arm-sdk-toolchain.bb
Definitions in external-arm-toolchain-versions.inc are made redundant so
they are removed.
Signed-off-by: Timothy Mertz <timothy.mertz@garmin.com>
Signed-off-by: Joshua Watt <Joshua.Watt@garmin.com>
Reviewed-by: Denys Dmytriyenko <denis@denix.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add a testing task to the gitlab CI and run testimage in that job.
Currently, it only runs against some of the qemu based machines.
Using slirp, there is no need for a privileged container or tun/tap
devices.
Change-Id: Ia85a3d0089f7d4dc7595c3a45d328c79d8e675f1
Signed-off-by: Jon Mason <jon.mason@arm.com>
To communicate with the target device, Streamline requires the
gator daemon, gatord, to be running on the device.
Signed-off-by: Clément Péron <peron.clem@gmail.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This makes the images suitable for development and test,
debug-tweaks includes settings like empty root password.
All CI image builds inheriting from base.yml will
have this include this setting.
Signed-off-by: Anastasios Kavoukis <anastasios.kavoukis@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
sbsa-acs was fixed to solve the VLA compiler error with GCC 11, but the
problem is in EDK2 and not specific to sbsa-acs.
Apply the patch in edk2-firmware.inc so that all recipes get the fix.
Change-Id: I56b07fa0610d47bd89c1ce37cfac1205a90a4083
Signed-off-by: Ross Burton <ross.burton@arm.com>
As sbsa-acs is just a EDK2 application, it makes things easier in the
recipes if they're in the same directory.
Change-Id: I4b6d715213681bb2d942589ad85bbc399721df97
Signed-off-by: Ross Burton <ross.burton@arm.com>
Add a job to run yocto-check-layers to validate a selection of layers
are Yocto Project Compatible.
Right now we validate:
- meta-arm
- meta-arm-bsp
- meta-arm-toolchain
- meta-gem5
meta-atp and meta-arm-autonomy are currently skipped: meta-atp fails and
meta-arm-autonomy has a larger set of dependant layers and will be added
later.
Change-Id: Ia0c8c16e4228eeb461bd213b30703e950ede656f
Signed-off-by: Ross Burton <ross.burton@arm.com>
-Werror is typically a bad idea in distribution builds, as changes to
the compiler or other libraries can cause new warnings to appear.
For example, when building the N1SDP platform:
error: "GIC-600 Multichip driver is currently experimental and the API
may change in future." [-Werror,-W#warnings]
Set E=0 so that -Werror is not used in the build.
Change-Id: I8905fc9d4e95edb42970fe3839b9ab6b5384a123
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
TC0 has been using an intermediate SHA post-2.4 as it needed some commits
that were only in the integration branch.
We now have 2.5 which includes these commits, so move to that release.
Change-Id: Ic56c3daa9a408e837219c4f81d22081bbcc5c56d
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
These Clang patches don't appear to be needed anymore. TF-A doesn't
build for various platforms but the unusual errors these patches work
around are not the cause.
Change-Id: I41dffc4f19d298d5861bb0274e6ffef6c24f4ca3
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This patch adds a new "none" network type that can be set for xenguests
using XENGUEST_IMAGE_NETWORK_TYPE in their configuration.
Issue-Id: SCM-2338
Signed-off-by: Hugo L'Hostis <hugo.lhostis@arm.com>
Change-Id: If4f6de282b0048e5c68d293a3db5b56cd5adce66
Signed-off-by: Ross Burton <ross.burton@arm.com>
Current settings assume glibc tuples and hence when building with musl C
library clang can not find correct cross tools and system headers and
libraries, really we should be using exact tuple that is in play so
using HOST_SYS is right replacement for OE
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Jon Mason <jon.mason@arm.com>
Cc: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This patch adds kernel modules necessary for n1sdp to mount the FAT filesystem
codepage 437 and NLS ISO 8859-1.
Issue-Id: SCM-2682
Signed-off-by: Hugo L'Hostis <hugo.lhostis@arm.com>
Change-Id: I2d4fede311544917050326564b2b0a7d0123cb21
Signed-off-by: Jon Mason <jon.mason@arm.com>
Now that arbitrary parameters can be passed to the FVP binary, runfvp
doesn't need to handle --parameter itself.
Anyone using runfvp --parameter should simply use runfvp -- --parameter.
Change-Id: I8a79200fe927c253308731e7e0cb228e53cd989a
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
To allow passing arbitrary options to the FVP binary, split the passed
options on --. Anything before the separator is handled by runfvp,
anything afterwards is passed as-is to the FVP binary.
Change-Id: I686b2fb79d217e26988753be7bd067c638d69eac
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
oe-core master's gcc is built with branch protection on by default. However,
this results in slightly larger binaries which mean the SGI575 build is now
too large.
Until this is investigated properly, we can just disable branch protection
for the SGI575 build.
Change-Id: I9a8b0a8e569b944c274199ce306a3864c94c8c5c
Signed-off-by: Ross Burton <ross.burton@arm.com>
This is the latest point release in the 20.1 series, and also fixes the build with
scons 4.1 (which is now in master).
Change-Id: I31b8aabc8af47cc64af68f2fd0ee2b9b9b656e89
Signed-off-by: Ross Burton <ross.burton@arm.com>
The Gitlab CI executors do not clean-up after each run, which will
result in a ballooning size over time. Remove all files in the work
tree, removing the problem. SSTATE should prevent this from causing
any performance by not having the files there.
Change-Id: I57df3cf470c519286fe194739a0a7722794f3b25
Signed-off-by: Jon Mason <jon.mason@arm.com>
This patch fixes an issue where xenguest initscript stop sequence was not
properly identifying the running guests.
Issue-Id: SCM-2772
Signed-off-by: Hugo L'Hostis <hugo.lhostis@arm.com>
Change-Id: I3ad88e00f48fab07f99936a10c0d1deb7459e83b
Signed-off-by: Jon Mason <jon.mason@arm.com>
Backport a brotli patch which fixes a VLA warning seen with gcc 11
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This patch updates the documentation for fvp-baser-aemv8r64 :
- Update link to the yocto documentation.
- Add details about what Host OS version are supported. Add Ubuntu
20.04 specific instructions.
- Warn user about disk space.
Issue-Id: SCM-2665
Signed-off-by: Hugo L'Hostis <hugo.lhostis@arm.com>
Change-Id: Ie93a42c2a1ec595707fa7496edbf024650f7eb85
Signed-off-by: Jon Mason <jon.mason@arm.com>
Since u-boot recipe supports using config fragments let's use it instead of
patching the vexpress_aemv8a_semi_defconfig file.
Issue-Id: SCM-2329
Signed-off-by: Diego Sueiro <diego.sueiro@arm.com>
Change-Id: I7feba5d23a6eab501cade38c188cb8414d0b86bd
Signed-off-by: Jon Mason <jon.mason@arm.com>
The 0001-vif-nat-fix-hostname.patch is merged in xen-tools
4.15, so fix the layer to apply the patch only for 4.14.
Issue-Id: SCM-2608
Signed-off-by: Luca Fancellu <luca.fancellu@arm.com>
Change-Id: I1306955ab0b1ee435a8da42e953e142270c4b2d3
Signed-off-by: Jon Mason <jon.mason@arm.com>
So that a fvp-base image can be tested easily, set the relevant FVP_*
variables.
After setting IMAGE_CLASSES += "fvpboot" in local.conf, this will show
the firmware start and Linux boot:
$ MACHINE=fvp-base bitbake core-image-base
$ runfvp fvp-base --console
Change-Id: Id1bd6cea57958117103e53ab9f78a58ce92b6a2e
Signed-off-by: Ross Burton <ross.burton@arm.com>
runfvp is a script that reads existing .fvpconf files (as written by
fvpboot.bbclass) and executes the FVP binary appropriately.
By default the behaviour is the same as running a FVP by hand, but by
passing --console the first serial port is connected to stdin/stdout.
Change-Id: Ibd26867c09e8692be4c02a7ea13571dcfe36db9b
Signed-off-by: Ross Burton <ross.burton@arm.com>
The fvpboot class is used to write a machine-readable file that describes
how to boot a given machine image inside a FVP, similar to how qemuboot
writes files for runqemu.
BSPs should set the FVP_* variables as appropriate in their machine
configuration, but let the user opt-in to adding fvpboot to IMAGE_CLASSES.
Change-Id: I2d1cd86ec4affc1d688a293987890d6a89124d94
Signed-off-by: Ross Burton <ross.burton@arm.com>
Add a recipe for the general purpose Armv-A Base RevC AEM FVP.
This FVP is behind a login-wall so the user has to download it themselves,
but the FVP is free to use.
Change-Id: I14d7b965a05ff9f405a2a12d4da2afd3dd2ecb87
Signed-off-by: Ross Burton <ross.burton@arm.com>
TF-A 2.5 has a tweaked license.rst file but the checksum wasn't updated.
The CI didn't catch this because of an attempt at making warnings fatal,
which has the side effect of masking some warnings.
Update the checksum for that file, and add MIT explicitly to the license
list as all of the embedded projects are used under the MIT.
Change-Id: Id39b4c49c0efae30c6452e77b1cdf56e43b792d4
Signed-off-by: Ross Burton <ross.burton@arm.com>
The generated local.conf has ERROR_QA=${WARN_QA} in an attempt to make
warnings fatal, but this appears to be just disabling some warnings and
error instead.
As we already have warning detection in the GitLab CI script, this is
redundant and can be removed.
Change-Id: I393874edbae148ee338a7069bbf800603c028242
Signed-off-by: Ross Burton <ross.burton@arm.com>
Update to TF-A v2.5 and MBED TLS 2.26, and all machines using 2.4 to the
newer version. Also, n1sdp was using an intermediary SHA, but is now
updated to the latest (which includes that intermediary SHA).
Change-Id: Ia5ec3cecf9090fd5f5da28efff4c1d6cce1efc19
Signed-off-by: Jon Mason <jon.mason@arm.com>
Remove fvp-base patch that has been merged upstream and rebase
fvp-base-arm32 patch
Change-Id: Iac16598933b94c1db13d3e40f1d5b3a137c8bd4c
Signed-off-by: Anders Dellien <anders.dellien@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Reverting additional ZONE_DMA patch 2281df0b0226610e235f49ed75bf6ad57cb04762
which was added in v5.10.37
Change-Id: I3700b95247a4224f4b56a403bc3dc10dde7dd5b5
Signed-off-by: Jon Mason <jon.mason@arm.com>
Since the u-boot recipe will be updated in the near future, decouple the
bbappend from the current version to allow for it to work on both
versions (and keep backward compatible with hardknott).
Change-Id: Ia2447a80868f2e5011bf53fafb939b6a4566b662
Signed-off-by: Jon Mason <jon.mason@arm.com>
This update has mainly format related changes (no functional changes) to
improve readability when reading the non-rendered version of it.
- Use underlined style for headers level 1 and 2
- Use indentation to create blocks
- Use double space at the end of each section
- Add indentation to the FVP parameters
- Add pip command to install the kas tool
Signed-off-by: Filipe Rinaldi <filipe.rinaldi@arm.com>
Change-Id: I9d4b4dbcef6dc13638b62563ebdf90b6b9d5b686
Signed-off-by: Jon Mason <jon.mason@arm.com>
Alongside the .bin files, also install the .elf files for debugging and
package them into scp-firmware-dbg.
The architecture QA test needs to be skipped as the SCP can be 32-bit
Arm when the main processor is 64-bit.
Change-Id: I82a57d6cc80f7d7e20028cced83481322803fc13
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The .elf output files are for debugging purposes, so put them into the
-dbg package to make this clear.
Change-Id: I5d70b2421b06eed0483f8ef508cf535ec70abc63
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update TF-M to version 1.3.0, mbed TLS to 2.26, TF-M tests to 1.3.0
(previously untagged), and MCU Boot now has a new git repo location and
updated to 1.7.2.
Change-Id: I7ff2756cacff02abd31bb54048f8846b6a58cd01
Signed-off-by: Jon Mason <jon.mason@arm.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
As the SRCREV is pinned to a specific SHA we should also set LINUX_VERSION, as future kernel
upgrades in oe-core master will change both SRCREV and LINUX_VERSION.
Change-Id: Iafababe83ff54625112d2fae859d8a3938001cd5
Signed-off-by: Ross Burton <ross.burton@arm.com>
Mark the build jobs as interruptible, as they don't write to shared
resources (unlike update-repos or get-binary-toolchains). This means
that if the same branch is pushed again GitLab is likely to be able to
abort the obsolete pipeline to start the new build sooner.
Change-Id: I9284273e9b3118b616d3cb062cb957d98fc5e37e
Signed-off-by: Ross Burton <ross.burton@arm.com>
There is only one provider for the armcompiler, so remove the virtual
provider.
Change-Id: I3492c49f5cf6eb6f3d3156adb3d87e315ed8183d
Signed-off-by: Ross Burton <ross.burton@arm.com>
These recipes don't build anything, so there's no need to depend on a
toolchain.
Change-Id: I49b641fb54839c30255a11a7c9d5798c8e4afd2a
Signed-off-by: Ross Burton <ross.burton@arm.com>
Add kernel configuration necessary to build an image with preempt-rt support
for fvp-baser-aemv8r64, together with a build configuration file to build it via
kas.
Update BSP documentation for RT linux support on the machine.
Issue-Id: SCM-2343
Signed-off-by: Richard Neill <richard.neill@arm.com>
Change-Id: I11e3ba3ad7da00db1810c70fa4f98bfffd4b8254
Signed-off-by: Ross Burton <ross.burton@arm.com>
In meta-virtualization master branch the sysvinit-inittab_virtualization.inc
was introduced to handle the installation of the getty-wrapper for spawing the
console login for /dev/hvc0.
Since we don't make usage of the virtualization DISTRO_FEATURES we have to
manually include the mentioned file when building with arm-autonomy-host and
arm-autonomy-guest DISTRO_FEATURES.
Also, since arm-autonomy-guest doesn't include the xen DISTRO_FEATURES we have
to manually include sysvinit-inittab_xen.inc to append the getty-wrapper entry
to /etc/inittab.
Issue-Id: SCM-2329
Signed-off-by: Diego Sueiro <diego.sueiro@arm.com>
Change-Id: I0f92565de8a9053c0541928c30b8f979757bfbca
Signed-off-by: Jon Mason <jon.mason@arm.com>
In meta-arm-bsp fvp-base switched to wic images. Hence, make the appropriate
changes to also use wic images in meta-arm-autonomy.
Change-Id: I34d68fee11ea339fb52a97d7593e373aa69faa1c
Issue-Id: SCM-2329
Signed-off-by: Diego Sueiro <diego.sueiro@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add wks script, modify documentation and kernel command line.
Remove 'image_types_disk_img.bbclass' as it is no longer used.
Change-Id: I2a95349adc038e8484d7b9f578ad3ce698b1f528
Signed-off-by: Anders Dellien <anders.dellien@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add new recipe for SCP version 2.8.0 and remove the old 2.7.0 recipe.
Change TC0 and N1SDP to use the latest tag, and not their previous
intermediate SHA (which are in the 2.8.0 release).
Change-Id: Id3f0af549790969ce6fd3b315f94177726f24d73
Signed-off-by: Jon Mason <jon.mason@arm.com>
The previous patch broke for qemuarm64-sbsa, ebcause they share the same
defconfig patch but now the upstream kernel SHAs are different. Change
them to have the same SHAs.
Also, the previous patch lost the patch header. So re-add that.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Upstream kernel is now being patched, which prevents the patch being
fixed here from applying cleanly. Rebase it on top of the existing one
to resolve the issue.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Abstract away all of the things preventing the current setup from
working on only internal, arm64 build hardware.
Change-Id: Ib8d0e8e76602d4553e044520a91349015b1aa19b
Signed-off-by: Jon Mason <jon.mason@arm.com>
Use the KAS docker image provided by the KAs project for Gitlab CI.
This allows for the external (non-Arm Corp) users/developers to run
Gitlab CI.
Change-Id: I9fee9a0d571e3fd60862d4ccd36176f9e583fc91
Signed-off-by: Jon Mason <jon.mason@arm.com>
Because of how the kernel class searches for files any changes to
FILESEXTRAPATHS should be done in an override so it doesn't potentially
impact unrelated builds.
Issue spotted by running yocto-check-layer.
Change-Id: I3e915a0cafc850d4b2594b655a849977d389465a
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Because of how the kernel class searches for files any changes to
FILESEXTRAPATHS should be done in an override so it doesn't potentially
impact unrelated builds.
Issue spotted by running yocto-check-layer.
Change-Id: Id3b741d184a024d0cc6d2d5031e150a8f0ae4b0d
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This recipe is for TC0, so set COMPATIBLE_MACHINE appropriately.
This is both logically correct, and fixes a Yocto Compatible test failure
where tc0-artifacts-image isn't buildable for arbitrary machines.
Change-Id: I6381fc08076d4ddea254f7efc84f90c4a7f65d26
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The following patch has been backported to kernel 5.10.30:
0001-xen-evtchn-Change-irq_info-lock-to-raw_spinlock_t.patch
Issue-Id: SCM-2307
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: I9cef017b60891780176dff944e3eca5986746d8a
Signed-off-by: Jon Mason <jon.mason@arm.com>
This patch enables coresight to work with n1sdp c2c profile.
Change-Id: Id3a5f92cc1f99cd907111ea858aad4efe561179e
Signed-off-by: Khasim Syed Mohammed <khasim.mohammed@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-04-23 09:31:41 -04:00
1113 changed files with 51709 additions and 50623 deletions
E-mail meta-arm@lists.yoctoproject.org with patches created using this process. You can configure git-send-email to automatically use this address for the meta-arm repository with the following git command:
E-mail <meta-arm@lists.yoctoproject.org> with patches created using this process. You can configure git-send-email to automatically use this address for the meta-arm repository with the following git command:
All contributions are under the [MIT License](/COPYING.MIT).
For a quick start guide on how to build and use meta-arm, go to [quick-start.md](/documentation/quick-start.md).
For information on the continuous integration done on meta-arm and how to use it, go to [continuous-integration-and-kas.md](/documentation/continuous-integration-and-kas.md).
Backporting
--------------
Backporting patches to older releases may be done upon request, but only after a version of the patch has been accepted into the master branch. This is done by adding the branch name to email subject line. This should be between the square brackets (e.g., "[" and "]"), and before or after the "PATCH". For example,
Automatic backporting will be done to all branches if the "Fixes: <SHA>" wording is added to the patch commit message. This is similar to how the Linux kernel community does their LTS kernel backporting. For more information see the "Fixes" portion of
The Yocto Project has an autobuilder that performs nightly builds and image tests on all of the defined QEMU machines, including qemuarm and qemuarm64 Also, it currently runs builds on the hardware reference platforms including genericarm64 and meta-arm mahines fvp-base and sbsa-ref. More information on the autobuilder can be found at<https://autobuilder.yoctoproject.org/>.
More information on the image tests can be found at<https://wiki.yoctoproject.org/wiki/Image_tests>.
The Yocto Project also has the ability to have individual package tests, ptests. For more information on those, go to<https://wiki.yoctoproject.org/wiki/Ptest>.
# **CI for meta-arm**
meta-arm is using the Gitlab CI infrastructure. This is currently being done internal to Arm, but an external version can be seen at <https://gitlab.com/jonmason00/meta-arm/-/pipelines>.
This CI is constantly being expanded to provide increased coverage of the software and hardware supported in meta-arm. All platforms are required to add a kas file and `.gitlab-ci.yml` entry as part of the initial patch series. More information on kas can be found at <https://github.com/siemens/kas>.
To this end, it would be wise to run kas locally to verify everything works prior to pushing to the CI build system.
## **Running kas locally**
### **Install kas**
kas can be installed with pip, for example:
```
$ pip3 install --user kas
```
See <https://kas.readthedocs.io/en/latest/userguide/getting-started.html> for information on the dependencies and more.
This assumes that the kas path ($HOME/.local/bin) is in $PATH. If not, the user will need to manually add this or the kas command will not be found.
### **Run kas locally**
```
$ cd ~/meta-arm/
$ kas build kas/juno.yml
```
By default kas will create a build directory under meta-arm to contain the checked out layers, build directory, and downloads. You can change this by setting environment variables. DL\_DIR and SSTATE\_DIR are respected so these can point at existing directories, and setting KAS\_WORK\_DIR to the directory where repositories are already cloned will save having to re-fetch. This can look something like:
```
$ SSTATE_DIR=/builds/persist/sstate DL_DIR=/builds/persist/downloads kas build ci/qemuarm64.yml:ci/testimage.yml
```
See the [quick start guide](/documentation/quick-start.md) for more information on how to set this up.
## **Locked Revisions in CI with lockfiles**
The CI in meta-arm will generate a kas "lock file" when it starts to ensure that all of the builds checkout the same revision of the various different layers that are used. If this isn't done then there's a chance that a layer will be modified upstream during the CI, which results in some builds failing and some builds passing.
This lock file is saved as an artefact of the update-repos job by the CI, and only generated if it doesn't already exist in the repository. This can be used to force specific revisions of layers to be used instead of HEAD, which can be useful if upstream changes are causing problems in development.
The lockfile.yml can be downloaded manually, but there's a script in meta-arm to fetch the lock file for the latest successful build of the specified branch:
```
$ ./ci/download-lockfile.py --help
usage: download-lockfile.py [-h] server project refspec
OE-Core's [oeqa][OEQA] framework provides a method of performing runtime tests on machines using the `testimage` Yocto task. meta-arm has good support for writing test cases against [Arm FVPs][FVP], meaning the [runfvp][RUNFVP] boot configuration can be re-used.
Tests can be configured to run automatically post-build by setting the variable `TESTIMAGE_AUTO="1"`, e.g. in your Kas file or local.conf.
meta-arm provides the OEFVPTarget which must be set up in the machine configuration:
The test target also generates a log file with the prefix 'fvp_log' in the image recipe's `${WORKDIR}/testimage` containing the FVP's stdout.
OEFVPTarget supports two different test interfaces - SSH and pexpect.
## SSH
As in OEQA in OE-core, tests cases can run commands on the machine using SSH. It therefore requires that an SSH server is installed in the image.
This uses the `run` method on the target, e.g:
```
(status, output) = self.target.run('uname -a')
```
which executes a single command on the target (using `ssh -c`) and returns the status code and the output. It is therefore useful for running tests in a Linux environment.
For examples of test cases, see meta/lib/oeqa/runtime/cases in OE-Core. The majority of test cases depend on `ssh.SSHTest.test_ssh`, which first validates that the SSH connection is functioning.
## pexpect
To support firmware and baremetal testing, OEFVPTarget also allows test cases to make assertions against one or more consoles using the pexpect library.
Internally, this test target launches a [Pexpect][PEXPECT] instance for each entry in FVP_CONSOLES which can be used with the provided alias. The whole Pexpect API is exposed on the target, where the alias is always passed as the first argument, e.g.:
For an example of a full test case, see meta-arm/lib/oeqa/runtime/cases/linuxboot.py This test case can be used to minimally verify that a machine boots to a Linux shell. The default timeout is 10 minutes, but this can be configured with the variable TEST_FVP_LINUX_BOOT_TIMEOUT, which expects a value in seconds.
> the “--volume” is the directory where your persistent stuff (like downloads and build artifacts) will go to help speed up your builds and can be sharable amongst your builds/containers. If you want to go completely clean-room, feel free to remove it
# **Step 1: clone meta-arm and build meta-arm**
```
$ git clone https://git.yoctoproject.org/meta-arm
$ cd meta-arm/
$ SSTATE_DIR=/builds/persist/sstate DL_DIR=/builds/persist/downloads kas build ci/fvp-base.yml:ci/testimage.yml
```
> **_NOTE:_**
> “ci/testimage.yml” will cause the build to run some basic system tests. If you don’t care about verifying basic functionality, then remove it and it should be faster (a few less programs will be added to the system image and the 2-3mins that it takes to run the test will not happen).
> **_NOTE:_**
> You may wish to add the Yocto Project SSTATE Mirror (especially the first time) to speed up the build by downloading the build fragments (built by the Yocto Project autobuilder) from the internet. This can be done by adding "ci/sstate-mirror.yml" in kas or adding the relevant lines to your local.conf. Using the above example:
```
$ SSTATE_DIR=/builds/persist/sstate DL_DIR=/builds/persist/downloads kas build ci/fvp-base.yml:ci/sstate-mirror.yml
```
> **_NOTE:_**
> This only fetches the parts necessary for your build and may take several minutes depending on your internet connection speed. Also, it only fetches what is available. There may still be a need to build things depending on your configuration.
For more information on kas and various commands, please reference <https://kas.readthedocs.io/en/latest/>.
Depending on what software you are building, fvp-base might not be the machine you want to build for.
The following website provides an EXTREMELY rough way to tell what software is in what machines, and what versions are being run:
If, as an example, we’re wanting to develop trusted-firmware-a; then fvp-base will work for us.
### **Okay, you are done! VICTORY!**
### **Oh, you actually wanted to mess around with the system software source code?**
# **Step 2: use devtool to get your source**
Setup your environment via the (non-kas) Yocto Project tools
```
$ source poky/oe-init-build-env
```
Use devtool to checkout the version of software being used on the machine above (in the above example, this will be trusted-firmware-a for fvp-base).
```
$ devtool modify trusted-firmware-a
```
This will download the source, hopefully in git (depending on how the Yocto Project recipe was written), and should print a path at the end where the source code was checked out. In the trusted-firmware-a example, I got:
Inside of that directory, you should see the relevant source code. In this example, it is a standard git tree. So, you can add remotes, checkout different SHAs, etc
Ok, so you are set with your changes and want to build them.
```
$ devtool build trusted-firmware-a
```
This should build the software in question, but it is not yet integrated into a system image. To do that, run:
```
$ devtool build-image core-image-sato
```
The image should match the image being used on your machine above. Most of them in meta-arm are set to core-image-sato.
Also, if you used testimage above, it will run testimage now
### **Okay, you are done! VICTORY!**
# **Step 3. Testing your patches outside of devtool**
At this point I will assume you have a patch and want to add it to the base recipe. Using the above example, in the devtool directory:
The Yocto Project releases twice a year (April and October): "stable" releases are made every six months and have a lifetime of seven months to allow for migration, while "long term support" (LTS) releases are picked every two years starting from Dunfell in April 2020. The standard practice for all Yocto Compatible layers is to create a "named" branch consistent with the code name of that release. For example, the “dunfell” release of the Yocto Project will have a branch named “dunfell” in the official git repository, and layers compatible with dunfell will have a branch named “dunfell”. Thus, a customer can easily organize a collection of appropriate layers to make a product.
In the Yocto Project, these named branches are “stable”, and only take bug fixes or security-critical upgrades. Active development occurs on the master branch. However, this methodology can be problematic if mimicked with the compatible layers. Companies, like Arm, may not wish to release a snapshot of the relevant “master” branches under active development, due to the amount of testing, fixing, and hardening necessary to make a product from a non-stable release. Also, changes to keep the master branch of a layer working with the upstream master branch of the Yocto Project may result in that branch no longer being compatible with named branches (e.g., it might not be possible to mix and match master and dunfell). So, a decision must be made on the branching policy of meta-arm.
## **Adding new Hardware or Software features**
There are many different ways to resolve this issue. After some discussion, the best solution for us is to allow new hardware enablement (and relevant software features) to be included in LTS named branches (not just bug fixes). This will allow for a more stable software platform for software to be developed, tested, and released. Also, the single branch allows for focused testing (limiting the amount of resources needed for CI/CD), lessens/eliminates code diverging on various branches, and lessens confusion on which branch to use. The risk of making this choice is a potentially non-stable branch which will require more frequent testing to lessen the risk, and not following the “stable” methodology of the core Yocto Project layers (though it is not uncommon for BSP layers to behave this way).
## **Process**
The process for patches intended on being integrated into only the master branch is the normal internal process of pushing for code review and CI, approval and integration into upstream meta-arm master branch.
For patches intended on being included in an LTS named branch, the preferred process is to upstream via the master branch, rebase the patch (or series against the intended LTS branch) and send email with the release name in the subject line after the "PATCH" (e.g., "[PATCH dunfell] Add foo to bar").
If there is a time crunch and the preferred way above cannot be completed in time, upstreaming via the LTS branch can occur. This follows the normal process above but without the master integration step. However, any patches upstreamed in this manner must be pushed to master in a timely fashion (after the time crunch). Nagging emails will be sent and managers will be involved as the time grows.
## **Testing**
See [continuous-integration-and-kas.md](/documentation/continuous-integration-and-kas.md) for information how the layer is tested and what tests are run. It is presumed that all code will be compiled as part of the CI process of the gerrit code review. Also, testing on virtual platforms and code conformity checks will be run when enabled in the process.
## **Branching strategy and releases**
Named branches for meta-arm will be released as close as possible to the release of the YP LTS release. Meta-arm named branches will be created from the meta-arm master branch.
To minimize the additional work of maintaining multiple branches it is assumed that there will only be two active development branches at any given time: master and the most recent Long Term Stable (LTS) as the named branch. All previous named LTS branches will be EOLed when a new LTS has been released. Any branches that are EOLed will still exist in the meta-arm, but bug fix patches will be accepted. Limited to no testing will occur on EOL’ed branches. Exceptions to this can be made, but must be sized appropriately and agreed to by the relevant parties.
Named branch release will coincide with Yocto Project releases. These non-LTS branches will be bug fix only and will be EOLed on the next release (similar to the YP branching behavior).
### **Branch transitions**
When YP is approaching release, meta-arm will attempt to stabilize master so that the releases can coincide.
* T-6 weeks - Email is sent to meta-arm mailing list notifying of upcoming code freeze of features to meta-arm
* T-4 weeks - Code freeze to meta-arm. Only bug fixes are taken at this point.
* T-0 - Official upstream release occurs. With no outstanding critical bugs, a new named branch is created based on the current meta-arm master branch. Previous named branches are now frozen and will not accept new patches (but will continue to be present for reference and legacy usage).
## **Tagging**
### **Branch Tagging**
When each branch is released, a git tag with the Yocto Project version number will be added. For example, `4.3`. Also, this tag version number will be prepended with "yocto" in a duplicate tag (e.g., "yocto-4.3").
Conciding with the Yocto Project release schedule, every branch which has one or more changes added to it in the previous 6 months will get a minor versioned tag (e.g., "4.3.1" and "yocto-4.3.1").
### **BSP Release Tagging**
BSP releases for those boards supported in meta-arm-bsp maybe have an additional tag to denote their software releases. The tag will consist of the board name (in all capital letters), year, and month. For example, "CORSTONE1000-2023.11".
The release schedule for this is outside the standard Yocto Project release candence, but is generally encouraged to be as close to these releases as possible. Similarily, it is recommended the BSP releases be based on the latest LTS branch.
The `runfvp` tool in meta-arm makes it easy to run Yocto Project disk images inside a [Fixed Virtual Platform (FVP)][FVP]. Some FVPs, such as the [Arm Architecture Models][AEM], are available free to download, but others need registration or are only available commercially. The `fvp-base` machine in meta-arm-bsp uses one of these AEM models.
## Running images with `runfvp`
To build images with the FVP integration, the `fvpboot` image class needs to be inherited. If the machine does not do this explicitly it can be done in `local.conf`:
```
IMAGE_CLASSES += "fvpboot"
```
The class will download the correct FVP and write a `.fvpconf` configuration file when an image is built.
To run an image in a FVP, pass either a machine name or a `.fvpconf` path to `runfvp`.
When a machine name is passed, `runfvp` will start the latest image that has been built for that machine. This requires that the BitBake environment has been initialized (using `oe-init-build-env` or similar) as it will start BitBake to determine where the images are.
```
$ ./meta-arm/scripts/runfvp fvp-base
```
Note that currently meta-arm's `scripts` directory isn't in `PATH`, so a full path needs to be used.
`runfvp` will automatically start terminals connected to each of the serial ports that the machine specifies. This can be controlled by using the `--terminals` option, for example `--terminals=none` will mean no terminals are started, and `--terminals=tmux` will start the terminals in [`tmux`][tmux] sessions. Alternatively, passing `--console` will connect the serial port directly to the current session, without needing to open further windows.
The tool attempts to automatically select a suitable terminal type. To see which terminal type is selected by default in your environment, run `runfvp --help`.
`runfvp` determines availability by checking for required executables in your PATH as well as environment variables specific to each terminal type. If any of these checks fail, the corresponding terminal type is disabled.
The --help output also lists all currently available terminal types.
When using `-terminals=screen`, `runfvp` must be launched from within an existing [`screen`][screen] session. Normally, screen sets the `STY` environment variable to reference the current session. However, if the session is renamed or if `kas` is started from within the screen session, this value may become invalid or be lost. In such cases, `STY` must be set manually. Use `screen -ls` to view the list of currently attached sessions.
The default terminal can also be configured by writing a [INI-style][INI] configuration file to `~/.config/runfvp.conf`:
```
[RunFVP]
Terminal=tmux
```
Arbitrary options can be passed directly to the FVP by specifying them after a double dash, for example this will list all of the FVP parameters:
```
$ runfvp fvp-base -- --list-params
```
## Configuring machines with `fvpboot`
To configure a machine so that it can be ran inside `runfvp`, a number of variables need to be set in the machine configuration file (such as `meta-arm-bsp/conf/machine/fvp-base.conf`).
Note that at present these variables are not stable and their behaviour may be changed in the future.
### `FVP_EXE`
The name of the FVP binary itself, for example `fvp-base` uses `FVP_Base_RevC-2xAEMvA`.
### `FVP_PROVIDER`
The name of the recipe that provides the FVP executable set in `FVP_EXE`, for example `fvp-base` uses `fvp-base-a-aem-native`. This *must* be a `-native` recipe as the binary will be executed on the build host.
There are recipes for common FVPs in meta-arm already, and writing new recipes is trivial. For FVPs which are free to download `fvp-base-a-aem.bb` is a good example. Some FVPs must be downloaded separately as they need an account on Arm's website.
If `FVP_PROVIDER` is not set then it is assumed that `FVP_EXE` is installed on the host already.
### `FVP_BINDIR`
Optional parameter to configure the path of the FVP binary. For example, `fvp-base` uses path from the build host by default. This path can be customized by configuring like below.
```
FVP_BINDIR ?= "utilities/fvp/usr/bin"
```
Potential use case for this parameter configuration is to execute `runfvp` script without the need for bitbake environment initialization.
### `FVP_CONFIG`
Parameters passed to the FVP with the `--parameter`/`-C` option. These are expressed as variable flags so individual parameters can be altered easily. For example:
```
FVP_CONFIG[bp.flashloader0.fname] = "fip-fvp.bin"
```
### `FVP_DATA`
Specify raw data to load at the specified address, passed to the FVP with the `--data` option. This is a space-separated list of parameters in the format `[INST=]FILE@[MEMSPACE:]ADDRESS`. For example:
```
FVP_DATA = "cluster0.cpu0=Image@0x80080000 \
cluster0.cpu0=fvp-base-revc.dtb@0x83000000"
```
### `FVP_APPLICATIONS`
Applications to load on the cores, passed to the FVP with the `--application` option. These are expressed as variable flags with the flag name being the instance and flag value the filename, for example:
```
FVP_APPLICATIONS[cluster0] = "linux-system.axf"
```
Note that symbols are not allowed in flag names, so if you need to use a wildcard in the instance then you'll need to use `FVP_EXTRA_ARGS` and `--application` directly.
### `FVP_TERMINALS`
Map hardware serial ports to abstract names. For example the `FVP_Base_RevC-2xAEMvA` FVP exposes four serial ports, `terminal_0` to `terminal_3`. Typically only `terminal_0` is used in the `fvp-base` machine so this can be named `"Console"` and the others `""`. When runfvp starts terminals it will only start named serial ports, so instead of opening four windows where only one is useful, it will only open one.
For example:
```
FVP_TERMINALS[bp.terminal_0] = "Console"
FVP_TERMINALS[bp.terminal_1] = ""
FVP_TERMINALS[bp.terminal_2] = ""
FVP_TERMINALS[bp.terminal_3] = ""
```
### `FVP_CONSOLES`
This specifies what serial ports can be used in oeqa tests, along with an alias to be used in the test cases. Note that the values have to be the FVP identifier but without the board prefix, for example:
```
FVP_CONSOLES[default] = "terminal_0"
FVP_CONSOLES[tf-a] = "s_terminal_0"
```
The 'default' console is also used when `--console` is passed to runfvp.
### `FVP_EXTRA_ARGS`
Arbitrary extra arguments that are passed directly to the FVP. For example:
```
FVP_EXTRA_ARGS = "--simlimit 60"
```
### `FVP_ENV_PASSTHROUGH`
The FVP is launched with an isolated set of environment variables. Add the name of a Bitbake variable to this list to pass it through to the FVP environment. For example:
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.