1
0
mirror of https://git.yoctoproject.org/meta-arm synced 2026-07-18 16:37:08 +00:00

Compare commits

..

47 Commits

Author SHA1 Message Date
Mariam Elshakfy 9bcc166bd5 arm-bsp/n1sdp: Enable OP-TEE cache in N1SDP
This change enables N1SDP cache to improve performance
by removing this patch:
HACK-disable-instruction-cache-and-data-cache.patch

Signed-off-by: Mariam Elshakfy <mariam.elshakfy@arm.com>
2023-10-19 21:14:39 -05:00
Mariam Elshakfy 0e35e4b951 arm-bsp/n1sdp: Move OP-TEE to DDR4
Since the original location of OP-TEE in DDR3 observes
a HW issue when cache is enabled, this change moves OP-TEE
to run from DDR4. Patches are added to TF-A to reflect that
change and the used region is also reserved in UEFI (EDK2)
to protect against allocations by UEFI applications.
OP-TEE size is modified for consistency across all patches
to be 32 MB (0x02000000) instead of (0x02008000).

Signed-off-by: Mariam Elshakfy <mariam.elshakfy@arm.com>
2023-10-19 21:14:39 -05:00
Jon Mason bbe2d63100 arm/linux-yocto: remove defconfig patch
Mikko Rapeli upstreamed the patch for the Nuvoton defconfig issue and it
has been pulled back the 6.1 kernel.  So, it is no longer needed here.

Signed-off-by: Jon Mason <jon.mason@arm.com>
2023-10-19 21:14:39 -05:00
Vikas Katariya 2b57548b36 arm-bsp/corstone1000: Fix RSA key generation issue
This support is for Cassini distro using Corstone-1000 platform.

When running parsec test, it reports an error
`PSA_ERROR_DATA_INVALID (-153)`.

This is related to `ITS_MAX_ASSET_SIZE` configuration which is been
set to 512 on the secure enclave (TF-M), which defines the max asset
size and it overflows when running the parsec tests.

The key is generated, but when it is asked to store via `psa_its_set`
it returns `PSA_ERROR_INVALID_ARGUMENT (-135)`, which then propagates
to `PSA_ERROR_DATA_INVALID (-153)`

Increasing the `ITS_MAX_ASSET_SIZE` to 2048 solves this issue.

Signed-off-by: Vikas Katariya <vikas.katariya@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2023-10-16 09:28:49 -04:00
Jon Mason c6380674f5 arm/trusted-services: add SRCREV_FORMAT
SRCREV_FORMAT is now required.  Add that to address the build breakage.

Signed-off-by: Jon Mason <jon.mason@arm.com>
2023-10-06 09:23:53 -04:00
Jon Mason 6e199b354e README: remove reference to meta-arm-autonomy
Signed-off-by: Jon Mason <jon.mason@arm.com>
2023-10-01 16:01:33 -04:00
Abdellatif El Khlifi 7c67197694 arm-bsp/trusted-firmware-a: corstone1000: enable ERRATA_A35_855472
enable errata 855472 for Cortex-A35 in Corstone-1000

Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2023-09-29 11:35:27 -04:00
Robbie Cao 85b0e80e7d arm/recipes-kernel: Add preempt-rt support for generic-arm64
Add kernel configuration necessary to build an image with preempt-rt
support for generic-arm64.

And tweak kernel configuration for preempt-rt kernel.

Signed-off-by: Robbie Cao <robbie.cao@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2023-08-14 10:26:48 -04:00
Jon Mason 821fa15a73 arm/linux-yocto: move 6.1 patches to a unique bbappend
Move the 3 patches only needed by the 6.1 kernel into a unique bbappend
The defconfig changes cannot be moved into a config fragment because
they only exist in the defconfig file (because the patches that
integrated their functionality into the kernel were not merged).

Signed-off-by: Jon Mason <jon.mason@arm.com>
2023-08-14 10:25:36 -04:00
Jon Mason 18edb7bcff CI: remove master refspec for meta-virtualization yml file
Signed-off-by: Jon Mason <jon.mason@arm.com>
2023-08-14 09:54:23 -04:00
Adam Johnston 10c355b9c7 arm-bsp/trusted-firmware-a: Reserve OP-TEE memory from NWd on N1SDP
The physical memory which is used to run OP-TEE on the N1SDP is known
to the secure world via TOS_FW_CONFIG, but it may not be known to the
normal world.

As a precaution, explicitly reserve this memory via NT_FW_CONFIG to
prevent the normal world from using it. This is not required on most
platforms as the Trusted OS is run from secure RAM.

Signed-off-by: Adam Johnston <adam.johnston@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2023-07-27 09:44:10 -04:00
Abdellatif El Khlifi 1a15a5b052 kas: set the SHAs for 2023.06 release
set poky and meta-openembedded SHAs

Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2023-07-06 13:35:20 -04:00
Abdellatif El Khlifi 0bf2afab93 arm-bsp/documentation: corstone1000: update user guide
Adding extra details to corstone1000 user guide.

Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2023-07-06 13:34:54 -04:00
Abdellatif El Khlifi c1201c0c3a arm-bsp/documentation: corstone1000: update the release note
Updates the release note copyright.

Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2023-07-06 13:34:54 -04:00
Abdellatif El Khlifi fd7cb4d462 arm-bsp/doc: corstone1000: Update the software architecture document
Align the document with the current design.

Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
2023-06-27 09:28:42 +01:00
Abdellatif El Khlifi 7d4cc90156 arm-bsp/documentation: corstone1000: Update change log
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
2023-06-27 09:28:42 +01:00
Tomás González 1bfb03f9a6 arm-bsp/documentation: corstone1000: Update the release notes
Update the release notes with Known Issues and Limitations.

Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>
2023-06-27 09:28:42 +01:00
Tomás González bef3c42e38 arm-bsp/documentation: corstone1000: Update the user guide
Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
2023-06-27 09:28:42 +01:00
Emekcan Aras 779594c5d8 arm-bsp/trusted-services: corstone1000: Fix Capsule Update
Adds missing update service definitions for using stateless platform
services and initializes the capsule udpate provider in se-proxy-sp
for corstone1000.

Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2023-06-22 09:33:11 -04:00
Emekcan Aras bd0c162e37 arm-bsp/trusted-services: corstone1000: Fix PSA_RAW_KEY agreement test
Adds missing compilation option to fix psa_raw_key_aggrement test for
corstone1000.

Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2023-06-22 09:33:11 -04:00
Emekcan Aras 4a946ac8de arm-bsp/u-boot: corstone1000: Fix u-boot compilation warnings
From: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>

Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2023-06-22 09:33:11 -04:00
Emekcan Aras d0b423c63c arm-bsp/optee-os:corstone1000: Drop SPMC non secure interrupt patches
From: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>

These 2 patches causes the secure world to enter into an infinite loop
when the PSA arch tests are triggered. This is a temporary fix and the
issue needs to be investigated before the patches can be enabled.

Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2023-06-22 09:33:11 -04:00
Emekcan Aras 5024b767e3 arm-bsp/trusted-services: corstone1000: GetNextVariableName Fix
This patch is required to handle one of the corner cases of the
GetNextVariableName EFI service as specified in the UEFI spec.

Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2023-06-22 09:33:11 -04:00
Emekcan Aras 00bff355e5 arm-bsp/u-boot: corstone1000: Enable EFI set/get time services
From: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>

This patch adds the required configs to the corstone1000 u-boot
defconfig to enable the EFI services. This is done to fix the SCT
failure reported by the SetTime_Conf and SetTime_Func.

Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2023-06-22 09:33:11 -04:00
Emekcan Aras 4a7198a135 arm-bsp/u-boot: corstone1000: Fix EFI multiple protocol install failure
From: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>

The patch fixes the ACS InstallMultipleProtocolInterfaces_Conf failures
in corstone1000 platform by dropping a workaround u-boot patch. The NVMXIP
initialization had some issues during u-boot boot stage which led to the
workaround patch.

Upstream-Status: Pending [Not submitted to upstream yet]
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2023-06-22 09:33:11 -04:00
Denys Dmytriyenko 7bd239d4f3 optee-os: do not explicitly set CFG_MAP_EXT_DT_SECURE=y
CFG_MAP_EXT_DT_SECURE=y should be set per platform, as it requires CFG_DT=y
to also be set, which is not the case for all the platforms out there using
optee-os. Moreover CFG_MAP_EXT_DT_SECURE is already being set conditionally
in optee-os-ts.

Signed-off-by: Denys Dmytriyenko <denys@konsulko.com>
Signed-off-by: Denys Dmytriyenko <denis@denix.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2023-06-14 09:17:47 -04:00
Adam Johnston b1a9fd76be CI: Platform specific Trusted Services config
Split trusted-services.xml into qemuarm64-secureboot-ts.yml and
n1sdp-ts.yml as collection of Trusted Services which can be tested on
each platform has diverged.

Signed-off-by: Adam Johnston <adam.johnston@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2023-06-14 09:17:32 -04:00
Rui Miguel Silva 58a97781d5 arm-bps/corstone1000: setup trusted service proxy configuration
Make sure we setup the new variable for the configuration
of the SE-Proxy service for our machine. This will trigger
the right configuration building trusted services and all
psa-arch test pass as before.

Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2023-06-14 09:17:32 -04:00
Gyorgy Szing e995c42311 optee-os: unblock NWd interrupts
Update Trusted Services and backport an OP-TEE update which allows
interrupting the SPs by NWd interrupts. This solves the kernel stall
problems which are due to long cryptographic operations being executed
in the SWd.

Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2023-06-14 09:17:32 -04:00
Gyorgy Szing 5e05b281f4 arm/trusted-services: fix nanopb build error
The nanopb build step randomly fails in the yocto CI due to a race condition.
This change adds a patch file to disable parallel build for nanopb. This is a
temporary workaround and a proper fix will be up-streamed int he future.

Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2023-06-14 09:17:32 -04:00
Rui Miguel Silva cb811a559b arm-bsp/trusted-services: remove merged patches for corstone1000
Patch related with the changes to support the in/out_vec modifications
in TF-M v1.7 was merged in upstream trusted-services integration branch.
So, drop this 3 out of tree patches not needed to be applied any more.

Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2023-06-14 09:17:32 -04:00
Gyorgy Szing 0d7ee992c1 arm/trusted-services: disable psa-iat on qemuarm64-secureboot
TF-A v2.8 does not support measured boot and FF-A which is mandatory for
PSA Initial Attestation SP to work correctly.

Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2023-06-14 09:17:32 -04:00
Gyorgy Szing 45206b21b9 trusted-services: update documentation
Add information related to SPMC tests and fix stale links.

Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2023-06-14 09:17:32 -04:00
Rui Miguel Silva 5c19e4a87a arm-bsp/trusted-services:corstone1000: remove already merged patches
Remove already merged patches in trusted services integration
branch to avoid clash during apply patch stage and rebase the
remaining patches.

Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2023-06-14 09:17:32 -04:00
Gyorgy Szing 065e86ab5f arm/oeqa: enable OP-TEE SPMC tests
Run the ffa_spmc test group of xtest if the optee-spmc-test machine
feature is enabled.

Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2023-06-14 09:17:32 -04:00
Gyorgy Szing b3c96e3fc3 optee-os: enable SPMC test
Add ta-devkit and optee-test. Change configuration to enable building
and deploying OP-TEE SPMC tests.

Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com>
Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2023-06-14 09:17:32 -04:00
Gyorgy Szing 48abf0167d optee-test: backport SWd ABI compatibility changes
The ABI used by the arm-ffa-user driver to call into the SWd changed.
The change was driven by the MM over FF-A ABI implementation which is
used by SmmGW SP and uefi-test. uefi-test uses the same arm-ffa-user
driver as xtest hence xtest needs to be updated to use the new driver.
This xtest change is already merged up-stream but after v3.20, which is
used here.
This change adds backported xtest changes as carried patches.

Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2023-06-14 09:17:32 -04:00
Gyorgy Szing adea344855 arm/trusted-firmware-a: Add TOS_FW_CONFIG handling for quemu
This change:
  - cherry-picks TF-A changes from master which implement passing
    TOS_FW_CONFIG DTB from the FIP package to the trusted OS.
  - add an OP-TEE SPMC specific SPMC manifest file
  - configures TF-A to build the manifest, add it to the FIP package
    and pass it to OP-TEE as a boot argument.

This functionality needs matching changes in OPTEE (OP-TEE v3.21
or v3.20 + carried patches.)

Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2023-06-14 09:17:32 -04:00
Gyorgy Szing 809d2b43f9 optee-os: Add support for TOS_FW_CONFIG on qemu
OP-TEE SPMC v3.20 and TF-A v2.8 is incompatible on qemu, and OP-TEE
panics during boot because having an SPMC manifest passed to the SPMC is
mandatory since v3.20. TF-A and OP-TEE upstream already fixed this issue
by modifying the ABI between the SPMD and SPMC. Moreover qemu support in
TF-A has been extended to allow building an SPMC manifest DTS file, and
loading it from the FIP package.
This change adds the needed OP-TEE fixes as carried patches. The TF-A
change will be added in the next commit.

Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2023-06-14 09:17:32 -04:00
Anton Antonov 15d6b7c4e9 arm/oeqa: Make ts-service-test config match selected SPs
Split tests to groups, and enable groups based on machine features set.
This allows limiting tests to testing deployed SPs only.

Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2023-06-14 09:17:32 -04:00
Gyorgy Szing 2ffe50d4b5 optee-os: remove v3.18 pin of OP-TEE on qemuarm64-secureboot
To enable up-to date version of Trusted Services op-tee v3.20 or newer
is needed.

Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2023-06-14 09:17:32 -04:00
Gyorgy Szing b25e1ef90d arm/trusted-services: update TS version
This change updates to latest available version of Trusted Services.
List of changes:
  - adapt SP recipes to file structure changes and support for
    "configurations". In TS each SP can be built in various different
    setups to allow adapting to platform and integration specific
    differences.
  - MbedTLS dependency has been updated to v3.3.0.
      - This needs new python dependencies are required in the build
        environment.
      - psa-acs was updated to a matching version.
      - do_patch() has been updated to support the MbedTLS patch added
        in TS.
  - Update TS dependency patching method to use git instead of patch.
  - Downgrade nanopb to match up-stream dependency version.

Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2023-06-14 09:17:32 -04:00
Abdellatif El Khlifi 8db460fa5d arm-bsp/u-boot: corstone1000: upgrade NVMXIP support
The patchset has been merged in U-Boot master
(https://github.com/u-boot/u-boot/commit/c9c2c95d4cd27fe0cd41fe13a863899d268f973c)

This commit upgrades the NVMXIP patches with the merged ones.

Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2023-06-13 10:08:53 -04:00
Emekcan Aras 36f77ab664 arm-bsp/u-boot: corstone1000: enable PSCI reset
Even though corstone1000 platform does not support the entire PSCI APIs, it
relys on PSCI reset interface for system reset. The name of this config
changed in the new version of u-boot. This enables PSCI reset, so
the system can be resetted in u-boot again.

Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2023-06-06 11:00:23 -04:00
Abdellatif El Khlifi 6850977577 kas: corstone1000: set branches to mickledore
point poky/meta-openembedded to mickledore

Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2023-05-16 13:00:10 -04:00
Emekcan Aras 91b504e686 arm-bsp/wic: corstone1000: Fix and limit the partition size for corstone1000
It fixes and limits the partition size to fix capsule update feature
after the GPT changes.
The partitions in the second bank needs to have correct size and
the partitions in first bank should have a fixed size since corstone1000 does
not support partial update and has a limited flash to support variable size.

Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2023-05-15 13:00:16 -04:00
Emekcan Aras 50624c6f2f arm-bsp/trusted-firmware-m: Align Capsule Update with GPT changes
This patch aligns capsule update feature in tfm with GPT/BL1 changes.
Adjusts BL2 flash and data size and adds missing CRC checks.

Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2023-05-15 13:00:16 -04:00
708 changed files with 55386 additions and 16809 deletions
+154 -219
View File
@@ -1,26 +1,13 @@
image: ${MIRROR_GHCR}/siemens/kas/kas:4.3.2
image: ghcr.io/siemens/kas/kas:3.2.3
variables:
# These are needed as the k8s executor doesn't respect the container
# entrypoint by default
CPU_REQUEST: ""
DEFAULT_TAG: ""
CACHE_DIR: $CI_BUILDS_DIR/persist
# These are needed as the k8s executor doesn't respect the container entrypoint
# by default
FF_KUBERNETES_HONOR_ENTRYPOINT: 1
FF_USE_LEGACY_KUBERNETES_EXECUTION_STRATEGY: 0
# The default value for KUBERNETES_CPU_REQUEST
CPU_REQUEST: ""
# The default machine tag for the build jobs
DEFAULT_TAG: ""
# The machine tag for the ACS test jobs
ACS_TAG: ""
# The directory to use as the persistent cache (the root for DL_DIR, SSTATE_DIR, etc)
CACHE_DIR: $CI_BUILDS_DIR/persist
# The container mirror to use
MIRROR_GHCR: ghcr.io
# Whether to run the SystemReady ACS tests
ACS_TEST: 0
# The list of extra Kas fragments to be used when building
EXTRA_KAS_FILES: ""
# The NVD API key to use when fetching CVEs
NVDCVE_API_KEY: ""
stages:
- prep
@@ -71,17 +58,16 @@ stages:
# Catch all for everything else
- if: '$KERNEL != "linux-yocto-dev"'
script:
- KASFILES=$(./ci/jobs-to-kas "$CI_JOB_NAME" $EXTRA_KAS_FILES):lockfile.yml
- echo KASFILES=$KASFILES
- kas dump --update --force-checkout --resolve-refs --resolve-env $KASFILES
- KASFILES=$(./ci/jobs-to-kas "$CI_JOB_NAME")
- kas dump --update --force-checkout --resolve-refs --resolve-env $KASFILES
- kas build $KASFILES
- ./ci/check-warnings $KAS_WORK_DIR/build/warnings.log
artifacts:
name: "logs"
when: always
when: on_failure
paths:
- $CI_PROJECT_DIR/work/build/tmp*/work*/**/temp/log.do_*.*
- $CI_PROJECT_DIR/work/build/tmp*/work*/**/testimage/*
- $CI_PROJECT_DIR/work/build/tmp/work*/**/temp/log.do_*.*
- $CI_PROJECT_DIR/work/build/tmp/work*/**/testimage/*
#
# Prep stage, update repositories once.
@@ -90,22 +76,8 @@ stages:
update-repos:
extends: .setup
stage: prep
allow_failure:
exit_codes: 128
script:
- |
flock --verbose --timeout 60 $KAS_REPO_REF_DIR ./ci/update-repos
# Only generate if doesn't already exist, to allow feature branches to drop one in.
if test -f lockfile.yml; then
echo Using existing lockfile.yml
else
# Be sure that this is the complete list of layers being fetched
kas dump --lock --update ci/qemuarm64.yml:ci/meta-openembedded.yml:ci/clang.yml:ci/meta-virtualization.yml | tee lockfile.yml
fi
artifacts:
name: "lockfile"
paths:
- lockfile.yml
- flock --verbose --timeout 60 $KAS_REPO_REF_DIR ./ci/update-repos
#
# Build stage, the actual build jobs
@@ -113,110 +85,52 @@ update-repos:
# Available options for building are
# DISTRO: [poky, poky-tiny]
# KERNEL: [linux-yocto, linux-yocto-dev, linux-yocto-rt]
# TOOLCHAINS: [gcc, clang, external-gccarm]
# TOOLCHAINS: [gcc, clang, armgcc, external-gccarm]
# TCLIBC: [glibc, musl]
# FIRMWARE: [u-boot, edk2]
# TS: [none, trusted-services]
# VIRT: [none, xen]
# TESTING: testimage
arm-systemready-ir-acs:
corstone500:
extends: .build
timeout: 12h
parallel:
matrix:
# arm-systemready-ir-acs must be specified after fvp-base for ordering
# purposes for the jobs-to-kas output. It is not enough to just have it
# in the job name because fvp-base.yml overwrites the target.
- PLATFORM: fvp-base
ARM_SYSTEMREADY_IR_ACS: arm-systemready-ir-acs
- TESTING: testimage
tags:
- ${ACS_TAG}
# Validate layers are Yocto Project Compatible
check-layers:
extends: .setup
script:
- kas shell --update --force-checkout ci/base.yml:ci/meta-openembedded.yml:lockfile.yml --command \
"yocto-check-layer-wrapper $CI_PROJECT_DIR/$LAYER --dependency $CI_PROJECT_DIR/meta-* $KAS_WORK_DIR/meta-openembedded/meta-oe --no-auto-dependency"
parallel:
matrix:
- LAYER: [meta-arm, meta-arm-bsp, meta-arm-toolchain]
- x86_64
corstone1000-fvp:
extends: .build
parallel:
matrix:
- FIRMWARE: corstone1000-firmware-only
TESTING: [testimage, tftf]
- FIRMWARE: none
TESTING: testimage
- SYSTEMREADY_FIRMWARE: arm-systemready-firmware
- TESTING: [testimage, tftf]
tags:
- x86_64
corstone1000-mps3:
extends: .build
parallel:
matrix:
- FIRMWARE: corstone1000-firmware-only
TESTING: [none, tftf]
- FIRMWARE: none
documentation:
extends: .setup
script:
- |
# This can be removed when the kas container has python3-venv installed
sudo apt-get update && sudo apt-get install --yes python3-venv
python3 -m venv venv
. ./venv/bin/activate
pip3 install -r meta-arm-bsp/documentation/requirements.txt
for CONF in meta-*/documentation/*/conf.py ; do
echo Building $CONF...
SOURCE_DIR=$(dirname $CONF)
MACHINE=$(basename $SOURCE_DIR)
sphinx-build -vW $SOURCE_DIR build-docs/$MACHINE
done
test -d build-docs/
artifacts:
paths:
- build-docs/
fvp-base:
extends: .build
parallel:
matrix:
- TS: [none, fvp-base-ts]
TESTING: testimage
- TESTING: testimage
- FIRMWARE: edk2
- SYSTEMREADY_FIRMWARE: arm-systemready-firmware
arm-systemready-ir-acs:
fvp-baser-aemv8r64:
extends: .build
timeout: 12h
parallel:
matrix:
# arm-systemready-ir-acs must be specified after fvp-base for ordering
# purposes for the jobs-to-kas output. It is not enough to just have it
# in the job name because fvp-base.yml overwrites the target.
- PLATFORM: [fvp-base, corstone1000-fvp]
ARM_SYSTEMREADY_IR_ACS: arm-systemready-ir-acs
- TESTING: testimage
tags:
- ${ACS_TAG}
- x86_64
fvps:
extends: .build
genericarm64:
generic-arm64:
extends: .build
parallel:
matrix:
- TOOLCHAINS: [gcc, clang]
TESTING: testimage
- KERNEL: linux-yocto-dev
TESTING: testimage
juno:
extends: .build
@@ -225,6 +139,125 @@ juno:
- TOOLCHAINS: [gcc, clang]
FIRMWARE: [u-boot, edk2]
musca-b1:
extends: .build
musca-s1:
extends: .build
n1sdp:
extends: .build
parallel:
matrix:
- TOOLCHAINS: [gcc, armgcc]
TS: [none, n1sdp-ts]
qemu-generic-arm64:
extends: .build
parallel:
matrix:
- KERNEL: [linux-yocto, linux-yocto-dev, linux-yocto-rt]
TOOLCHAINS: [gcc, clang]
TESTING: testimage
qemuarm64-secureboot:
extends: .build
parallel:
matrix:
- KERNEL: [linux-yocto, linux-yocto-dev, linux-yocto-rt]
TOOLCHAINS: [gcc, clang]
TCLIBC: [glibc, musl]
TS: [none, qemuarm64-secureboot-ts]
TESTING: testimage
qemuarm64:
extends: .build
parallel:
matrix:
- DISTRO: poky
KERNEL: [linux-yocto, linux-yocto-dev, linux-yocto-rt]
TOOLCHAINS: [gcc, clang]
FIRMWARE: [u-boot, edk2]
TESTING: testimage
- DISTRO: poky-tiny
TESTING: testimage
- VIRT: xen
qemuarm-secureboot:
extends: .build
parallel:
matrix:
- KERNEL: [linux-yocto, linux-yocto-dev, linux-yocto-rt]
TOOLCHAINS: [gcc, clang, external-gccarm]
TESTING: testimage
qemuarm:
extends: .build
parallel:
matrix:
- DISTRO: poky
KERNEL: [linux-yocto, linux-yocto-dev, linux-yocto-rt]
TOOLCHAINS: [gcc, clang]
FIRMWARE: [u-boot, edk2]
TESTING: testimage
- DISTRO: poky-tiny
TESTING: testimage
- VIRT: xen
qemuarmv5:
extends: .build
parallel:
matrix:
- DISTRO: poky
KERNEL: [linux-yocto, linux-yocto-dev, linux-yocto-rt]
TESTING: testimage
- DISTRO: poky-tiny
TESTING: testimage
sgi575:
extends: .build
tc1:
extends: .build
parallel:
matrix:
- TESTING: testimage
tags:
- x86_64
toolchains:
extends: .build
selftest:
extends: .setup
script:
- KASFILES=./ci/qemuarm64.yml:./ci/selftest.yml
- kas shell --update --force-checkout $KASFILES -c 'oe-selftest --num-processes 1 --run-tests runfvp'
# Validate layers are Yocto Project Compatible
check-layers:
extends: .setup
script:
- kas shell --update --force-checkout ci/base.yml:ci/meta-openembedded.yml --command \
"yocto-check-layer-wrapper $CI_PROJECT_DIR/$LAYER --dependency $CI_PROJECT_DIR/meta-* $KAS_WORK_DIR/meta-openembedded/meta-oe --no-auto-dependency"
parallel:
matrix:
- LAYER: [meta-arm, meta-arm-bsp, meta-arm-toolchain]
pending-updates:
extends: .setup
artifacts:
paths:
- update-report
script:
- rm -fr update-report
# This configuration has all of the layers we need enabled
- kas shell --update --force-checkout ci/qemuarm64.yml:ci/meta-openembedded.yml --command \
"$CI_PROJECT_DIR/scripts/machine-summary.py -t report -o $CI_PROJECT_DIR/update-report $($CI_PROJECT_DIR/ci/listmachines.py meta-arm meta-arm-bsp)"
# Do this on x86 whilst the compilers are x86-only
tags:
- x86_64
# What percentage of machines in the layer do we build
machine-coverage:
extends: .setup
@@ -241,115 +274,17 @@ metrics:
- kas shell --update --force-checkout ci/base.yml --command \
"$CI_PROJECT_DIR/ci/patchreview $CI_PROJECT_DIR/meta-* --verbose --metrics $CI_PROJECT_DIR/metrics.txt"
musca-b1:
extends: .build
musca-s1:
extends: .build
n1sdp:
extends: .build
parallel:
matrix:
- TESTING: [none, n1sdp-ts, n1sdp-optee, tftf]
pending-updates:
documentation:
extends: .setup
script:
- |
sudo pip3 install -r meta-arm-bsp/documentation/requirements.txt
for CONF in meta-*/documentation/*/conf.py ; do
SOURCE_DIR=$(dirname $CONF)
MACHINE=$(basename $SOURCE_DIR)
sphinx-build -vW $SOURCE_DIR build-docs/$MACHINE
done
test -d build-docs/
artifacts:
paths:
- update-report
script:
- rm -fr update-report
# This configuration has all of the layers we need enabled
- kas shell --update --force-checkout ci/qemuarm64.yml:ci/meta-openembedded.yml:ci/meta-secure-core.yml:lockfile.yml --command \
"$CI_PROJECT_DIR/scripts/machine-summary.py -t report -o $CI_PROJECT_DIR/update-report $($CI_PROJECT_DIR/ci/listmachines.py meta-arm meta-arm-bsp)"
# Do this on x86 whilst the compilers are x86-only
tags:
- x86_64
qemuarm64-secureboot:
extends: .build
parallel:
matrix:
- KERNEL: [linux-yocto, linux-yocto-rt]
TOOLCHAINS: [gcc, clang]
TCLIBC: [glibc, musl]
TS: [none, qemuarm64-secureboot-ts]
TESTING: testimage
- KERNEL: linux-yocto-dev
TESTING: testimage
qemuarm64:
extends: .build
parallel:
matrix:
- DISTRO: poky
KERNEL: [linux-yocto, linux-yocto-rt]
TOOLCHAINS: [gcc, clang]
FIRMWARE: [u-boot, edk2]
TESTING: testimage
- DISTRO: poky-tiny
TESTING: testimage
- VIRT: xen
- KERNEL: linux-yocto-dev
TESTING: testimage
qemuarm-secureboot:
extends: .build
parallel:
matrix:
- KERNEL: [linux-yocto, linux-yocto-rt]
TOOLCHAINS: [gcc, clang]
TCLIBC: [glibc, musl]
TESTING: testimage
- TOOLCHAINS: external-gccarm
TESTING: testimage
- KERNEL: linux-yocto-dev
TESTING: testimage
qemuarm:
extends: .build
parallel:
matrix:
- DISTRO: poky
KERNEL: [linux-yocto, linux-yocto-rt]
TOOLCHAINS: [gcc, clang]
FIRMWARE: [u-boot, edk2]
TESTING: testimage
- DISTRO: poky-tiny
TESTING: testimage
- VIRT: xen
- KERNEL: linux-yocto-dev
TESTING: testimage
qemuarmv5:
extends: .build
parallel:
matrix:
- DISTRO: poky
KERNEL: [linux-yocto, linux-yocto-dev, linux-yocto-rt]
TESTING: testimage
- DISTRO: poky-tiny
TESTING: testimage
sbsa-ref:
extends: .build
parallel:
matrix:
- KERNEL: [linux-yocto, linux-yocto-rt]
TOOLCHAINS: [gcc, clang]
TESTING: testimage
- KERNEL: linux-yocto-dev
TESTING: testimage
selftest:
extends: .setup
script:
- KASFILES=./ci/qemuarm64.yml:./ci/selftest.yml:lockfile.yml
- kas shell --update --force-checkout $KASFILES -c 'oe-selftest --num-processes 2 --select-tag meta-arm --run-all-tests'
sgi575:
extends: .build
toolchains:
extends: .build
- build-docs/
@@ -1,79 +0,0 @@
From 42358d889ed652a8c386862f8c65e5fbe7484de2 Mon Sep 17 00:00:00 2001
From: Ross Burton <ross.burton@arm.com>
Date: Fri, 26 Apr 2024 10:38:28 +0000
Subject: [PATCH] procps: fix build with new glibc but old kernel headers
If you're building procps with a newer glibc (with pidfd_open()) but
older kernel headers (say 4.x, before __NR_pidfd_open) then procps will
fail to build because of a typo in configure.ac.
Signed-off-by: Ross Burton <ross.burton@arm.com>
---
.../procps/procps/pidfd.patch | 42 +++++++++++++++++++
meta/recipes-extended/procps/procps_4.0.4.bb | 1 +
2 files changed, 43 insertions(+)
create mode 100644 meta/recipes-extended/procps/procps/pidfd.patch
diff --git a/meta/recipes-extended/procps/procps/pidfd.patch b/meta/recipes-extended/procps/procps/pidfd.patch
new file mode 100644
index 00000000000..f5e8183e547
--- /dev/null
+++ b/meta/recipes-extended/procps/procps/pidfd.patch
@@ -0,0 +1,42 @@
+From c8f625e085b8249cc009e8b19c3a19100217eb35 Mon Sep 17 00:00:00 2001
+From: Ross Burton <ross.burton@arm.com>
+Date: Thu, 25 Apr 2024 13:33:15 +0000
+Subject: [PATCH] Fix pidfd_open detection
+
+This check for pidfd_open uses AC_CHECK_FUNC which just runs the specified code, but
+src/pgrep.c checks HAVE_PIDFD_OPEN which will only be defined by AC_CHECK_FUNCS.
+
+Also pidfd_open is defined in sys/pidfd.h so that needs including.
+
+Upstream-Status: Pending
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+---
+
+diff --git a/configure.ac b/configure.ac
+index fec27e3f..024731c7 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -170,7 +170,7 @@ AC_TRY_COMPILE([#include <errno.h>],
+ AC_MSG_RESULT(yes),
+ AC_MSG_RESULT(no))
+
+-AC_CHECK_FUNC([pidfd_open], [enable_pidwait=yes], [
++AC_CHECK_FUNCS([pidfd_open], [enable_pidwait=yes], [
+ AC_MSG_CHECKING([for __NR_pidfd_open])
+ AC_COMPILE_IFELSE([AC_LANG_SOURCE([
+ #include <sys/syscall.h>
+diff --git a/src/pgrep.c b/src/pgrep.c
+index d8e57dff..c5211aec 100644
+--- a/src/pgrep.c
++++ b/src/pgrep.c
+@@ -44,7 +44,9 @@
+
+ #ifdef ENABLE_PIDWAIT
+ #include <sys/epoll.h>
+-#ifndef HAVE_PIDFD_OPEN
++#ifdef HAVE_PIDFD_OPEN
++#include <sys/pidfd.h>
++#else
+ #include <sys/syscall.h>
+ #endif /* !HAVE_PIDFD_OPEN */
+ #endif
diff --git a/meta/recipes-extended/procps/procps_4.0.4.bb b/meta/recipes-extended/procps/procps_4.0.4.bb
index 800384f22f7..ec8c4b0261b 100644
--- a/meta/recipes-extended/procps/procps_4.0.4.bb
+++ b/meta/recipes-extended/procps/procps_4.0.4.bb
@@ -14,6 +14,7 @@ inherit autotools gettext pkgconfig update-alternatives
SRC_URI = "git://gitlab.com/procps-ng/procps.git;protocol=https;branch=master \
file://sysctl.conf \
+ file://pidfd.patch \
"
SRCREV = "4ddcef2fd843170c8e2d59a83042978f41037a2b"
--
2.34.1
-14
View File
@@ -29,13 +29,6 @@ Other Directories
This directory contains scripts used in running the CI tests
Mailing List
------------
To interact with the meta-arm developer community, please email the meta-arm mailing list at meta-arm@lists.yoctoproject.org
Currently, it is configured to only allow emails to members from those subscribed.
To subscribe to the meta-arm mailing list, please go to
https://lists.yoctoproject.org/g/meta-arm
Contributing
------------
Currently, we only accept patches from the meta-arm mailing list. For general
@@ -56,13 +49,6 @@ The component being changed in the shortlog should be prefixed with the layer na
arm-toolchain/gcc: enable foobar v2
Releases and Release Schedule
--------------
We follow the Yocto Project release methodology, schedule, and stable/LTS support timelines. For more information on these, please reference:
https://docs.yoctoproject.org/ref-manual/release-process.html
https://wiki.yoctoproject.org/wiki/Releases
https://wiki.yoctoproject.org/wiki/Stable_Release_and_LTS
Reporting bugs
--------------
E-mail meta-arm@lists.yoctoproject.org with the error encountered and the steps
-37
View File
@@ -1,37 +0,0 @@
# Reporting vulnerabilities
Arm takes security issues seriously and welcomes feedback from researchers and
the security community in order to improve the security of its products and
services. We operate a coordinated disclosure policy for disclosing
vulnerabilities and other security issues.
Security issues can be complex and one single timescale doesn't fit all
circumstances. We will make best endeavours to inform you when we expect
security notifications and fixes to be available and facilitate coordinated
disclosure when notifications and patches/mitigations are available.
## How to Report a Potential Vulnerability?
If you would like to report a public issue (for example, one with a released CVE
number), please contact the meta-arm mailing list at
meta-arm@lists.yoctoproject.org and arm-security@arm.com.
If you are dealing with a not-yet released or urgent issue, please send a mail
to the maintainers (see README.md) and arm-security@arm.com, including as much
detail as possible. Encrypted emails using PGP are welcome.
For more information, please visit https://developer.arm.com/support/arm-security-updates/report-security-vulnerabilities.
## Branches maintained with security fixes
meta-arm follows the Yocto release model, so see
[https://wiki.yoctoproject.org/wiki/Stable_Release_and_LTS Stable release and
LTS] for detailed info regarding the policies and maintenance of stable
branches.
The [https://wiki.yoctoproject.org/wiki/Releases Release page] contains a list of all
releases of the Yocto Project. Versions in grey are no longer actively maintained with
security patches, but well-tested patches may still be accepted for them for
significant issues.
-6
View File
@@ -1,6 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 11
includes:
- kas/arm-systemready-firmware.yml
-18
View File
@@ -1,18 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 11
includes:
- kas/arm-systemready-ir-acs.yml
env:
ACS_TEST: "0"
local_conf_header:
testimage: |
TESTIMAGE_AUTO = "${ACS_TEST}"
target:
- arm-systemready-ir-acs
- arm-systemready-linux-distros-debian
- arm-systemready-linux-distros-opensuse
+6
View File
@@ -0,0 +1,6 @@
header:
version: 11
local_conf_header:
cc: |
GCCVERSION = "arm-12.2"
+5 -8
View File
@@ -1,13 +1,11 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
version: 11
distro: poky
defaults:
repos:
branch: scarthgap
refspec: mickledore
repos:
meta-arm:
@@ -21,10 +19,6 @@ repos:
layers:
meta:
meta-poky:
patches:
procps:
path: 0001-procps-fix-build-with-new-glibc-but-old-kernel-heade.patch
repo: meta-arm
env:
BB_LOGCONFIG: ""
@@ -33,11 +27,14 @@ env:
local_conf_header:
base: |
CONF_VERSION = "2"
LICENSE_FLAGS_ACCEPTED += "Arm-FVP-EULA"
setup: |
PACKAGE_CLASSES = "package_ipk"
PACKAGECONFIG:remove:pn-qemu-system-native = "gtk+ sdl"
EXTRA_IMAGE_FEATURES:append = " debug-tweaks"
PACKAGECONFIG:append:pn-perf = " coresight"
INHERIT += "rm_work"
DISTRO_FEATURES:remove = "ptest"
extrapackages: |
CORE_IMAGE_EXTRA_INSTALL += "perf opencsd"
CORE_IMAGE_EXTRA_INSTALL:append:aarch64 = " gator-daemon"
+1 -9
View File
@@ -1,7 +1,5 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
version: 11
repos:
meta-clang:
@@ -10,12 +8,6 @@ repos:
local_conf_header:
toolchain: |
TOOLCHAIN = "clang"
PREFERRED_PROVIDER_llvm = "clang"
PREFERRED_PROVIDER_llvm-native = "clang-native"
PREFERRED_PROVIDER_nativesdk-llvm = "nativesdk-clang"
PROVIDES:pn-clang = "llvm"
PROVIDES:pn-clang-native = "llvm-native"
PROVIDES:pn-nativesdk-clang = "nativesdk-llvm"
# This is needed to stop bitbake getting confused about what clang/llvm is
# being used, see https://github.com/kraj/meta-clang/pull/766
BBMASK += "/meta/recipes-devtools/llvm/llvm.*\.bb"
+7 -6
View File
@@ -1,13 +1,14 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
version: 11
includes:
- ci/base.yml
- ci/meta-openembedded.yml
- ci/meta-secure-core.yml
- kas/corstone1000-image-configuration.yml
- ci/poky-tiny.yml
local_conf_header:
extrapackages: |
# Intentionally blank to prevent perf from being added to the image in base.yml
target:
- core-image-minimal
- corstone1000-image
- perf
-10
View File
@@ -1,10 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
includes:
- kas/corstone1000-firmware-only.yml
target:
- corstone1000-flash-firmware-image
- perf
+6 -3
View File
@@ -1,9 +1,12 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
version: 11
includes:
- ci/corstone1000-common.yml
- ci/fvp.yml
local_conf_header:
fvp-config: |
# Remove Dropbear SSH as it will not fit into the corstone1000 image.
IMAGE_FEATURES:remove = " ssh-server-dropbear"
machine: corstone1000-fvp
+1 -3
View File
@@ -1,7 +1,5 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
version: 11
includes:
- ci/corstone1000-common.yml
+12
View File
@@ -0,0 +1,12 @@
header:
version: 11
includes:
- ci/base.yml
- ci/fvp.yml
- ci/poky-tiny.yml
local_conf_header:
fvp-config: |
IMAGE_FEATURES:remove = " ssh-server-dropbear"
machine: corstone500
-21
View File
@@ -1,21 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
local_conf_header:
cve: |
INHERIT += "cve-check"
# Allow the runner environment to provide an API key
NVDCVE_API_KEY = "${@d.getVar('BB_ORIGENV').getVar('NVDCVE_API_KEY') or ''}"
# Just show the warnings for our layers
CVE_CHECK_SHOW_WARNINGS = "0"
CVE_CHECK_SHOW_WARNINGS:layer-arm-toolchain = "1"
CVE_CHECK_SHOW_WARNINGS:layer-meta-arm = "1"
CVE_CHECK_SHOW_WARNINGS:layer-meta-arm-bsp = "1"
CVE_CHECK_SHOW_WARNINGS:layer-meta-arm-systemready = "1"
# Ignore the kernel, we sometime carry kernels in meta-arm
CVE_CHECK_SHOW_WARNINGS:pn-linux-yocto = "0"
-9
View File
@@ -1,9 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
# Add universally helpful features when testing boards
local_conf_header:
debug: |
EXTRA_IMAGE_FEATURES:append = " debug-tweaks"
-31
View File
@@ -1,31 +0,0 @@
#! /usr/bin/env python3
"""
Download the lockfile.yml produced by a CI pipeline, specified by the GitLab
server, full name of the meta-arm project, and the refspec that was executed.
For example,
$ ./download-lockfile.py https://gitlab.com/ rossburton/meta-arm master
SPDX-FileCopyrightText: Copyright 2023 Arm Limited and Contributors
SPDX-License-Identifier: GPL-2.0-only
"""
import argparse
import gitlab
import io
import zipfile
parser = argparse.ArgumentParser()
parser.add_argument("server", help="GitLab server name")
parser.add_argument("project", help="meta-arm project name")
parser.add_argument("refspec", help="Branch/commit")
args = parser.parse_args()
gl = gitlab.Gitlab(args.server)
project = gl.projects.get(args.project)
artefact = project.artifacts.download(ref_name=args.refspec, job="update-repos")
z = zipfile.ZipFile(io.BytesIO(artefact))
z.extract("lockfile.yml")
print("Fetched lockfile.yml")
+1 -3
View File
@@ -1,7 +1,5 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
version: 11
local_conf_header:
bootfirmware: |
+1 -6
View File
@@ -1,13 +1,8 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
version: 11
local_conf_header:
cc: |
SKIP_RECIPE[gcc-cross-arm] = "Using external toolchain"
TCMODE = "external-arm"
EXTERNAL_TOOLCHAIN = "${TOPDIR}/toolchains/${TARGET_ARCH}"
# Disable ptest as this pulls target compilers, which don't
# work with external toolchain currently
DISTRO_FEATURES:remove = "ptest"
-34
View File
@@ -1,34 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
includes:
- ci/fvp-base.yml
- ci/meta-openembedded.yml
- ci/testimage.yml
local_conf_header:
trusted_services: |
# Enable the needed test suites
TEST_SUITES = " ping ssh trusted_services"
# Include all Secure Partitions into the image
MACHINE_FEATURES:append = " arm-ffa ts-crypto ts-storage ts-its"
MACHINE_FEATURES:append = " ts-attestation ts-smm-gateway optee-spmc-test"
MACHINE_FEATURES:append = " ts-block-storage ts-fwu"
# Include TS demo/test tools into image
IMAGE_INSTALL:append = " packagegroup-ts-tests"
# Include TS PSA Arch tests into image
IMAGE_INSTALL:append = " packagegroup-ts-tests-psa"
CORE_IMAGE_EXTRA_INSTALL += "optee-test"
# Set the TS environment
TS_ENV="sp"
# Enable and configure semihosting
FVP_CONFIG[cluster0.cpu0.semihosting-cwd] = "${DEPLOY_DIR_IMAGE}"
FVP_CONFIG[cluster0.cpu1.semihosting-cwd] = "${DEPLOY_DIR_IMAGE}"
FVP_CONFIG[cluster0.cpu2.semihosting-cwd] = "${DEPLOY_DIR_IMAGE}"
FVP_CONFIG[cluster0.cpu3.semihosting-cwd] = "${DEPLOY_DIR_IMAGE}"
FVP_CONFIG[cluster1.cpu0.semihosting-cwd] = "${DEPLOY_DIR_IMAGE}"
FVP_CONFIG[cluster1.cpu1.semihosting-cwd] = "${DEPLOY_DIR_IMAGE}"
FVP_CONFIG[cluster1.cpu2.semihosting-cwd] = "${DEPLOY_DIR_IMAGE}"
FVP_CONFIG[cluster1.cpu3.semihosting-cwd] = "${DEPLOY_DIR_IMAGE}"
FVP_CONFIG[semihosting-enable] = "True"
+1 -7
View File
@@ -1,13 +1,7 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
version: 11
includes:
- ci/base.yml
- ci/fvp.yml
machine: fvp-base
target:
- core-image-sato
- boot-wrapper-aarch64
+7
View File
@@ -0,0 +1,7 @@
header:
version: 11
includes:
- ci/base.yml
machine: fvp-baser-aemv8r64
+3 -6
View File
@@ -1,14 +1,11 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
version: 11
local_conf_header:
testimagefvp: |
LICENSE_FLAGS_ACCEPTED += "Arm-FVP-EULA"
IMAGE_CLASSES += "fvpboot"
failing_tests: |
INHERIT += "fvpboot"
# This fails but we can't add to the ignorelist from meta-arm yet
# https://bugzilla.yoctoproject.org/show_bug.cgi?id=14604
TEST_SUITES:remove = "parselogs"
failing_tests: |
TEST_SUITES:remove = "xorg"
+3 -9
View File
@@ -1,26 +1,20 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
# Simple target to build the FVPs that are publically available
header:
version: 14
version: 11
includes:
- ci/base.yml
machine: qemuarm64
local_conf_header:
license: |
LICENSE_FLAGS_ACCEPTED += "Arm-FVP-EULA"
sdk: |
SDKMACHINE = "x86_64"
target:
# Target packages to test aarch64
- fvp-base-a-aem
- fvp-corstone1000
# Nativesdk to test x86-64
- nativesdk-fvp-base-a-aem
- nativesdk-fvp-corstone500
- nativesdk-fvp-corstone1000
- nativesdk-fvp-n1-edge
- nativesdk-fvp-sgi575
- nativesdk-fvp-tc1
+1 -3
View File
@@ -1,7 +1,5 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
version: 11
#NOTE: This is the default for poky. This is only being added for completeness/clarity
local_conf_header:
+6
View File
@@ -0,0 +1,6 @@
header:
version: 11
includes:
- ci/base.yml
machine: generic-arm64
-18
View File
@@ -1,18 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
includes:
- ci/base.yml
repos:
poky:
layers:
meta-yocto-bsp:
local_conf_header:
bootloader: |
# If running genericarm64 in a qemu we need to manually build the bootloader
EXTRA_IMAGEDEPENDS += "virtual/bootloader"
machine: genericarm64
+4 -5
View File
@@ -2,13 +2,12 @@
set -u -e
BASENAME=arm-gnu-toolchain
VER=${VER:-13.2.Rel1}
VER=${VER:-12.2.rel1}
HOST_ARCH=${HOST_ARCH:-$(uname -m)}
# Use the standard kas container locations if nothing is passed into the script
DOWNLOAD_DIR="${1:-/builds/persist/downloads/}"
TOOLCHAIN_DIR="${2:-/builds/persist//toolchains/}"
TOOLCHAIN_LINK_DIR="${3:-build/toolchains/}"
DOWNLOAD_DIR=$1
TOOLCHAIN_DIR=$2
TOOLCHAIN_LINK_DIR=$3
# These should be already created by .gitlab-ci.yml, but do here if run outside of that env
mkdir -p $DOWNLOAD_DIR $TOOLCHAIN_DIR $TOOLCHAIN_LINK_DIR
+1 -3
View File
@@ -1,7 +1,5 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
version: 11
#NOTE: This is the default for poky. This is only being added for completeness/clarity
local_conf_header:
+5 -21
View File
@@ -3,28 +3,17 @@
# This script is expecting an input of machine name, optionally followed by a
# colon and a list of one or more parameters separated by commas between
# brackets. For example, the following are acceptable:
# corstone1000-mps3
# fvp-base: [testimage]
# qemuarm64-secureboot: [clang, glibc, testimage]
# This argument should be quoted to avoid expansion and to be handled
# as a single value.
#
# Any further arguments will be handled as further yml file basenames.
# corstone500
# fvp-base: [testimage]
# qemuarm64-secureboot: [clang, glibc, testimage]
#
# Turn this list into a series of yml files separated by colons to pass to kas
set -e -u
# First, parse the GitLab CI job name (CI_JOB_NAME via $1) and accumulate a list
# of Kas files.
JOBNAME="$1"
shift
FILES="ci/$(echo $1 | cut -d ':' -f 1).yml"
# The base name of the job
FILES="ci/$(echo $JOBNAME | cut -d ':' -f 1).yml"
# The list of matrix variations
for i in $(echo $JOBNAME | cut -s -d ':' -f 2 | sed 's/[][,]//g'); do
for i in $(echo $1 | cut -s -d ':' -f 2 | sed 's/[][,]//g'); do
# Given that there are no yml files for gcc or glibc, as those are the
# defaults, we can simply ignore those parameters. They are necessary
# to pass in so that matrix can correctly setup all of the permutations
@@ -35,9 +24,4 @@ for i in $(echo $JOBNAME | cut -s -d ':' -f 2 | sed 's/[][,]//g'); do
FILES+=":ci/$i.yml"
done
# Now pick up any further names
for i in $*; do
FILES+=":ci/$i.yml"
done
echo $FILES
+1 -3
View File
@@ -1,7 +1,5 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
version: 11
includes:
- ci/base.yml
+1 -3
View File
@@ -1,7 +1,5 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
version: 9
local_conf_header:
kernel: |
+1 -3
View File
@@ -1,7 +1,5 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
version: 9
local_conf_header:
kernel: |
+1 -3
View File
@@ -1,7 +1,5 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
version: 9
#NOTE: This is the default for poky. This is only being added for completeness/clarity
local_conf_header:
+1 -4
View File
@@ -1,7 +1,5 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
version: 11
repos:
meta-openembedded:
@@ -11,4 +9,3 @@ repos:
meta-networking:
meta-oe:
meta-python:
meta-perl:
-13
View File
@@ -1,13 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
repos:
meta-secure-core:
url: https://github.com/Wind-River/meta-secure-core.git
layers:
meta-secure-core-common:
meta-signing-key:
meta-efi-secure-boot:
+2 -4
View File
@@ -1,10 +1,8 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
version: 11
includes:
- ci/meta-openembedded.yml
repos:
meta-virtualization:
url: https://git.yoctoproject.org/meta-virtualization
url: git://git.yoctoproject.org/meta-virtualization
+1 -3
View File
@@ -1,7 +1,5 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
version: 11
includes:
- ci/base.yml
- ci/meta-openembedded.yml
+1 -3
View File
@@ -1,7 +1,5 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
version: 11
includes:
- ci/base.yml
- ci/meta-openembedded.yml
+1 -3
View File
@@ -1,7 +1,5 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
version: 11
local_conf_header:
libc: |
-14
View File
@@ -1,14 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
# Config specific for the optee-xtests
local_conf_header:
optee-test: |
# Include ARM FFA
MACHINE_FEATURES:append = " arm-ffa"
# Include trusted services
TEST_SUITES:append = " trusted_services"
# Include Optee xtests
IMAGE_INSTALL:append = " optee-test"
+1 -3
View File
@@ -1,7 +1,5 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
version: 11
includes:
- ci/meta-openembedded.yml
+1 -3
View File
@@ -1,7 +1,5 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
version: 11
includes:
- ci/base.yml
+2 -4
View File
@@ -1,13 +1,11 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
version: 9
distro: poky-tiny
local_conf_header:
hacking: |
TEST_SUITES = "_qemutiny ping"
TEST_SUITES = "ping"
extrapackages: |
# Intentionally blank to prevent perf from being added to the image in base.yml
+1 -3
View File
@@ -1,6 +1,4 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
version: 9
distro: poky
+14
View File
@@ -0,0 +1,14 @@
header:
version: 11
includes:
- ci/generic-arm64.yml
local_conf_header:
failing_tests: |
DEFAULT_TEST_SUITES:remove = "parselogs"
machine: qemu-generic-arm64
target:
- core-image-sato
- sbsa-acs
+4 -8
View File
@@ -1,7 +1,5 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
version: 11
includes:
- ci/base.yml
@@ -9,8 +7,6 @@ machine: qemuarm-secureboot
target:
- core-image-base
local_conf_header:
optee: |
IMAGE_INSTALL:append = " optee-test optee-client optee-os-ta"
TEST_SUITES:append = " optee ftpm"
- optee-examples
- optee-test
- optee-os-tadevkit
+1 -3
View File
@@ -1,7 +1,5 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
version: 11
includes:
- ci/base.yml
+1 -3
View File
@@ -1,7 +1,5 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
version: 11
includes:
- ci/meta-openembedded.yml
+4 -8
View File
@@ -1,7 +1,5 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
version: 11
includes:
- ci/base.yml
@@ -9,8 +7,6 @@ machine: qemuarm64-secureboot
target:
- core-image-base
local_conf_header:
optee: |
IMAGE_INSTALL:append = " optee-test optee-client optee-os-ta"
TEST_SUITES:append = " optee ftpm"
- optee-examples
- optee-test
- optee-os-tadevkit
+1 -3
View File
@@ -1,7 +1,5 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
version: 11
includes:
- ci/base.yml
+1 -3
View File
@@ -1,7 +1,5 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
version: 11
includes:
- ci/base.yml
-12
View File
@@ -1,12 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
includes:
- ci/base.yml
machine: sbsa-ref
target:
- core-image-sato
- sbsa-acs
+1 -3
View File
@@ -1,7 +1,5 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
version: 11
local_conf_header:
setup: |
+1 -3
View File
@@ -1,7 +1,5 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
version: 11
includes:
- ci/base.yml
-11
View File
@@ -1,11 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
local_conf_header:
sstate_mirror: |
BB_HASHSERVE_UPSTREAM = "hashserv.yocto.io:8687"
SSTATE_MIRRORS = "file://.* http://cdn.jsdelivr.net/yocto/sstate/all/PATH;downloadfilename=PATH"
BB_HASHSERVE = "auto"
BB_SIGNATURE_HANDLER = "OEEquivHash"
+12
View File
@@ -0,0 +1,12 @@
header:
version: 11
includes:
- ci/base.yml
- ci/fvp.yml
- ci/meta-openembedded.yml
machine: tc1
target:
- core-image-minimal
- trusted-firmware-m
+4 -6
View File
@@ -1,9 +1,5 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
includes:
- ci/debug.yml
version: 11
local_conf_header:
testimage: |
@@ -13,8 +9,10 @@ local_conf_header:
QEMU_USE_KVM = ""
slirp: |
TEST_RUNQEMUPARAMS = "slirp"
TEST_SERVER_IP = "127.0.0.1"
QEMU_USE_SLIRP = "1"
sshd: |
IMAGE_FEATURES += "ssh-server-dropbear"
IMAGE_FEATURES:append = " ssh-server-dropbear"
sshkeys: |
CORE_IMAGE_EXTRA_INSTALL += "ssh-pregen-hostkeys"
universally_failing_tests: |
+1 -4
View File
@@ -1,10 +1,7 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
version: 9
local_conf_header:
tftf: |
TFA_UBOOT = "0"
TFA_UEFI = "0"
TFTF_TESTS = "1"
+2 -3
View File
@@ -1,7 +1,5 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
version: 11
includes:
- ci/base.yml
@@ -18,3 +16,4 @@ target:
- nativesdk-gcc-aarch64-none-elf
- gcc-arm-none-eabi
- nativesdk-gcc-arm-none-eabi
- nativesdk-androidclang
+1 -3
View File
@@ -1,7 +1,5 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
version: 11
local_conf_header:
bootfirmware: |
+2 -10
View File
@@ -32,7 +32,6 @@ if __name__ == "__main__":
sys.exit(1)
base_repodir = pathlib.Path(os.environ["KAS_REPO_REF_DIR"])
failed = False
for repo in repositories:
repodir = base_repodir / repo_shortname(repo)
@@ -42,15 +41,8 @@ if __name__ == "__main__":
shutil.rmtree(repodir, ignore_errors=True)
if repodir.exists():
try:
print("Updating %s..." % repo)
subprocess.run(["git", "-C", repodir, "-c", "gc.autoDetach=false", "fetch"], check=True)
except subprocess.CalledProcessError as e:
print(e)
failed = True
print("Updating %s..." % repo)
subprocess.run(["git", "-C", repodir, "-c", "gc.autoDetach=false", "fetch"], check=True)
else:
print("Cloning %s..." % repo)
subprocess.run(["git", "clone", "--bare", repo, repodir], check=True)
if failed:
sys.exit(128)
+1 -3
View File
@@ -1,7 +1,5 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
version: 11
includes:
- ci/meta-virtualization.yml
+26 -20
View File
@@ -4,36 +4,32 @@ OE-Core's [oeqa][OEQA] framework provides a method of performing runtime tests o
Tests can be configured to run automatically post-build by setting the variable `TESTIMAGE_AUTO="1"`, e.g. in your Kas file or local.conf.
meta-arm provides the OEFVPTarget which must be set up in the machine configuration:
```
TEST_TARGET = "OEFVPTarget"
TEST_SERVER_IP = "127.0.0.1"
TEST_TARGET_IP = "127.0.0.1:2222"
IMAGE_FEATURES:append = " ssh-server-dropbear"
FVP_CONFIG[bp.virtio_net.hostbridge.userNetPorts] ?= "2222=22"
FVP_CONSOLES[default] = "terminal_0"
FVP_CONSOLES[tf-a] = "s_terminal_0"
```
There are two main methods of testing, using different test "targets". Both test targets generate an additional log file with the prefix 'fvp_log' in the image recipe's `${WORKDIR}/testimage` containing the FVP's stdout.
The test target also generates a log file with the prefix 'fvp_log' in the image recipe's `${WORKDIR}/testimage` containing the FVP's stdout.
## OEFVPTarget
OEFVPTarget supports two different test interfaces - SSH and pexpect.
This runs test cases on a machine using SSH. It therefore requires that an SSH server is installed in the image.
## SSH
As in OEQA in OE-core, tests cases can run commands on the machine using SSH. It therefore requires that an SSH server is installed in the image.
This uses the `run` method on the target, e.g:
In test cases, the primary interface with the target is, e.g:
```
(status, output) = self.target.run('uname -a')
```
which executes a single command on the target (using `ssh -c`) and returns the status code and the output. It is therefore useful for running tests in a Linux environment.
which runs a single command on the target (using `ssh -c`) and returns the status code and the output. It is therefore useful for running tests in a Linux environment.
For examples of test cases, see meta/lib/oeqa/runtime/cases in OE-Core. The majority of test cases depend on `ssh.SSHTest.test_ssh`, which first validates that the SSH connection is functioning.
## pexpect
Example machine configuration:
```
TEST_TARGET = "OEFVPTarget"
TEST_SERVER_IP = "127.0.0.1"
TEST_TARGET_IP = "127.0.0.1:8022"
IMAGE_FEATURES:append = " ssh-server-dropbear"
FVP_CONFIG[bp.virtio_net.hostbridge.userNetPorts] ?= "8022=22"
```
To support firmware and baremetal testing, OEFVPTarget also allows test cases to make assertions against one or more consoles using the pexpect library.
## OEFVPSerialTarget
This runs tests against one or more serial consoles on the FVP. It is more flexible than OEFVPTarget, but test cases written for this test target do not support the test cases in OE-core. As it does not require an SSH server, it is suitable for machines with performance or memory limitations.
Internally, this test target launches a [Pexpect][PEXPECT] instance for each entry in FVP_CONSOLES which can be used with the provided alias. The whole Pexpect API is exposed on the target, where the alias is always passed as the first argument, e.g.:
```
@@ -43,6 +39,16 @@ self.assertNotIn(b'ERROR:', self.target.before('tf-a'))
For an example of a full test case, see meta-arm/lib/oeqa/runtime/cases/linuxboot.py This test case can be used to minimally verify that a machine boots to a Linux shell. The default timeout is 10 minutes, but this can be configured with the variable TEST_FVP_LINUX_BOOT_TIMEOUT, which expects a value in seconds.
The SSH interface described above is also available on OEFVPSerialTarget to support writing a set of hybrid test suites that use a combination of serial and SSH access. Note however that this test target does not guarantee that Linux has booted to shell prior to running any tests, so the test cases in OE-core are not supported.
Example machine configuration:
```
TEST_TARGET="OEFVPSerialTarget"
TEST_SUITES="linuxboot"
FVP_CONSOLES[default] = "terminal_0"
FVP_CONSOLES[tf-a] = "s_terminal_0"
```
[OEQA]: https://docs.yoctoproject.org/test-manual/intro.html
[FVP]: https://developer.arm.com/tools-and-software/simulation-models/fixed-virtual-platforms
[RUNFVP]: runfvp.md
+5 -5
View File
@@ -55,7 +55,7 @@ The name of the FVP binary itself, for example `fvp-base` uses `FVP_Base_RevC-2x
The name of the recipe that provides the FVP executable set in `FVP_EXE`, for example `fvp-base` uses `fvp-base-a-aem-native`. This *must* be a `-native` recipe as the binary will be executed on the build host.
There are recipes for common FVPs in meta-arm already, and writing new recipes is trivial. For FVPs which are free to download `fvp-base-a-aem.bb` is a good example. Some FVPs must be downloaded separately as they need an account on Arm's website.
There are recipes for common FVPs in meta-arm already, and writing new recipes is trivial. For FVPs which are free to download `fvp-base-a-aem.bb` is a good example. Some FVPs must be downloaded separately as they need an account on Arm's website, `fvp-base-r-aem.bb` is a good example of those.
If `FVP_PROVIDER` is not set then it is assumed that `FVP_EXE` is installed on the host already.
@@ -64,7 +64,7 @@ If `FVP_PROVIDER` is not set then it is assumed that `FVP_EXE` is installed on t
Parameters passed to the FVP with the `--parameter`/`-C` option. These are expressed as variable flags so individual parameters can be altered easily. For example:
```
FVP_CONFIG[bp.flashloader0.fname] = "fip-fvp.bin"
FVP_CONFIG[bp.flashloader0.fname] = "${DEPLOY_DIR_IMAGE}/fip-fvp.bin"
```
### `FVP_DATA`
@@ -72,8 +72,8 @@ FVP_CONFIG[bp.flashloader0.fname] = "fip-fvp.bin"
Specify raw data to load at the specified address, passed to the FVP with the `--data` option. This is a space-separated list of parameters in the format `[INST=]FILE@[MEMSPACE:]ADDRESS`. For example:
```
FVP_DATA = "cluster0.cpu0=Image@0x80080000 \
cluster0.cpu0=fvp-base-revc.dtb@0x83000000"
FVP_DATA = "cluster0.cpu0=${DEPLOY_DIR_IMAGE}/Image@0x80080000 \
cluster0.cpu0=${DEPLOY_DIR_IMAGE}/fvp-base-revc.dtb@0x83000000"
```
### `FVP_APPLICATIONS`
@@ -81,7 +81,7 @@ FVP_DATA = "cluster0.cpu0=Image@0x80080000 \
Applications to load on the cores, passed to the FVP with the `--application` option. These are expressed as variable flags with the flag name being the instance and flag value the filename, for example:
```
FVP_APPLICATIONS[cluster0] = "linux-system.axf"
FVP_APPLICATIONS[cluster0] = "${DEPLOY_DIR_IMAGE}/linux-system.axf"
```
Note that symbols are not allowed in flag names, so if you need to use a wildcard in the instance then you'll need to use `FVP_EXTRA_ARGS` and `--application` directly.
+4 -9
View File
@@ -18,18 +18,17 @@ features for each [Secure Partition][^2] you would like to include:
| ----------------- | --------------- |
| Attestation | ts-attesation |
| Crypto | ts-crypto |
| Firmware Update | ts-fwu
| Internal Storage | ts-its |
| Protected Storage | ts-storage |
| se-proxy | ts-se-proxy |
| smm-gateway | ts-smm-gateway |
| spm-test[1-4] | optee-spmc-test |
| spm-test[1-3] | optee-spmc-test |
Other steps depend on your machine/platform definition:
1. For communications between Secure and Normal Words Linux kernel option `CONFIG_ARM_FFA_TRANSPORT=y`
is required. If your platform doesn't include it already you can add `arm-ffa` into MACHINE_FEATURES.
(Please see ` meta-arm/recipes-kernel/arm-tstee`.)
(Please see ` meta-arm/recipes-kernel/arm-ffa-tee`.)
For running the `uefi-test` or the `xtest -t ffa_spmc` tests under Linux the `arm-ffa-user` drivel is required. This is
enabled if the `ts-smm-gateway` and/or the `optee-spmc-test` machine features are enabled.
@@ -45,13 +44,9 @@ Other steps depend on your machine/platform definition:
and in `meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-n1sdp.inc` and
`meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone1000.inc` for N1SDP and Corstone1000 platforms.
4. Trusted Services supports an SPMC agonistic binary format. To build SPs to this format the `TS_ENV` variable is to be
set to `sp`. The resulting SP binaries should be able to boot under any FF-A v1.1 compliant SPMC implementation.
## Normal World applications
Optionally for testing purposes you can add `packagegroup-ts-tests` into your image. It includes
Optionally for testing purposes you can add `packagegroup-ts-tests` into your image. It includes
[Trusted Services test and demo tools][^3] and [xtest][^4] configured to include the `ffa_spmc` tests.
## OEQA Trusted Services tests
@@ -67,4 +62,4 @@ See `ci/trusted-services.yml` for an example how to include them into an image.
[^3]: https://trusted-services.readthedocs.io/en/integration/deployments/test-executables.html
[^4]: https://optee.readthedocs.io/en/latest/building/gits/optee_test.html
[^4]: https://optee.readthedocs.io/en/latest/building/gits/optee_test.html
-12
View File
@@ -1,12 +0,0 @@
header:
version: 13
repos:
meta-arm:
layers:
meta-arm-systemready:
distro: nodistro
target:
- arm-systemready-firmware
-12
View File
@@ -1,12 +0,0 @@
header:
version: 13
includes:
- kas/arm-systemready-firmware.yml
env:
TESTIMAGE_AUTO: "1"
# The full testimage run typically takes around 12-24h on fvp-base.
TEST_OVERALL_TIMEOUT: "${@ 24*60*60}"
target:
- arm-systemready-ir-acs
@@ -1,7 +0,0 @@
header:
version: 13
includes:
- kas/arm-systemready-firmware.yml
target:
- arm-systemready-linux-distros-debian
@@ -1,7 +0,0 @@
header:
version: 13
includes:
- kas/arm-systemready-firmware.yml
target:
- arm-systemready-linux-distros-opensuse
+8 -17
View File
@@ -1,11 +1,11 @@
header:
version: 14
version: 11
distro: poky
distro: poky-tiny
defaults:
repos:
branch: master
refspec: mickledore
repos:
meta-arm:
@@ -16,33 +16,24 @@ repos:
poky:
url: https://git.yoctoproject.org/git/poky
# commit: 2e9c2a2381105f1306bcbcb54816cbc5d8110eff
refspec: 31dd418207f6c95ef0aad589cd03cd2a4c9a8bf2
layers:
meta:
meta-poky:
meta-yocto-bsp:
meta-openembedded:
url: https://git.openembedded.org/meta-openembedded
# commit: 1750c66ae8e4268c472c0b2b94748a59d6ef866d
refspec: 5a01ab461c9bcabcbb2298236602373948f8f073
layers:
meta-oe:
meta-python:
meta-perl:
meta-secure-core:
url: https://github.com/wind-river/meta-secure-core.git
# commit: e29165a1031dcf601edbed1733cedd64826672a5
layers:
meta-secure-core-common:
meta-signing-key:
meta-efi-secure-boot:
local_conf_header:
base: |
CONF_VERSION = "2"
setup: |
PACKAGE_CLASSES = "package_ipk"
LICENSE_FLAGS_ACCEPTED += "armcompiler"
BB_NUMBER_THREADS ?= "16"
PARALLEL_MAKE ?= "-j16"
PACKAGECONFIG:append:pn-perf = " coresight"
@@ -50,4 +41,4 @@ local_conf_header:
machine: unset
target:
- corstone1000-flash-firmware-image
- corstone1000-image
-23
View File
@@ -1,23 +0,0 @@
---
header:
version: 14
local_conf_header:
firmwarebuild: |
BBMULTICONFIG:remove = "firmware"
# Need to ensure the rescue linux options are selected
OVERRIDES .= ":firmware"
# Need to ensure we build with a small libc
TCLIBC="musl"
mass-storage: |
# Ensure the Mass Storage device is absent
FVP_CONFIG[board.msd_mmc.p_mmc_file] = "invalid.dat"
test-configuration: |
TEST_SUITES = "_qemutiny ping"
# Remove Dropbear SSH as it will not fit into the corstone1000 image.
IMAGE_FEATURES:remove = "ssh-server-dropbear"
CORE_IMAGE_EXTRA_INSTALL:remove = "ssh-pregen-hostkeys"
+11 -18
View File
@@ -1,23 +1,16 @@
header:
version: 14
version: 11
includes:
- kas/corstone1000-base.yml
- kas/corstone1000-image-configuration.yml
- kas/corstone1000-firmware-only.yml
- kas/fvp-eula.yml
env:
DISPLAY:
WAYLAND_DISPLAY:
XAUTHORITY:
local_conf_header:
testimagefvp: |
LICENSE_FLAGS_ACCEPTED += "Arm-FVP-EULA"
IMAGE_CLASSES += "fvpboot"
mass-storage: |
# Ensure the Mass Storage device is absent
FVP_CONFIG[board.msd_mmc.p_mmc_file] = "invalid.dat"
machine: corstone1000-fvp
local_conf_header:
fvp-config: |
# Remove Dropbear SSH as it will not fit into the corstone1000 image.
IMAGE_FEATURES:remove = " ssh-server-dropbear"
INHERIT = " ${@bb.utils.contains('BUILD_ARCH', 'x86_64', 'fvpboot', '', d)}"
LICENSE_FLAGS_ACCEPTED:append = " Arm-FVP-EULA"
target:
- corstone1000-image
-49
View File
@@ -1,49 +0,0 @@
header:
version: 14
local_conf_header:
extrapackages: |
# Intentionally blank to prevent perf from being added to the image in base.yml
firmwarebuild: |
# Only needed as kas doesn't add it automatically unless you have 2 targets in seperate configs
BBMULTICONFIG ?= "firmware"
distrosetup: |
DISTRO_FEATURES = "usbhost ipv4"
initramfsetup: |
# Telling the build system which image is responsible of the generation of the initramfs rootfs
INITRAMFS_IMAGE_BUNDLE:firmware = "1"
INITRAMFS_IMAGE:firmware ?= "corstone1000-recovery-image"
IMAGE_FSTYPES:firmware:pn-corstone1000-recovery-image = "${INITRAMFS_FSTYPES}"
IMAGE_NAME_SUFFIX:firmware = ""
# enable mdev/busybox for init
INIT_MANAGER:firmware = "mdev-busybox"
VIRTUAL-RUNTIME_init_manager:firmware = "busybox"
# prevent the kernel image from being included in the intramfs rootfs
PACKAGE_EXCLUDE:firmware += "kernel-image-*"
# Disable openssl in kmod to shrink the initramfs size
PACKAGECONFIG:remove:firmware:pn-kmod = "openssl"
imageextras: |
# Don't include kernel binary in rootfs /boot path
RRECOMMENDS:${KERNEL_PACKAGE_NAME}-base = ""
# all optee packages
CORE_IMAGE_EXTRA_INSTALL += "optee-client"
# TS PSA API tests commands for crypto, its, ps and iat
CORE_IMAGE_EXTRA_INSTALL += "packagegroup-ts-tests-psa"
CORE_IMAGE_EXTRA_INSTALL:firmware += "packagegroup-ts-tests-psa"
# external system firmware
CORE_IMAGE_EXTRA_INSTALL:firmware += "external-system-elf"
capsule: |
CAPSULE_EXTENSION = "uefi.capsule"
CAPSULE_FW_VERSION = "6"
CAPSULE_NAME = "${MACHINE}-v${CAPSULE_FW_VERSION}"
+1 -3
View File
@@ -1,8 +1,6 @@
header:
version: 14
version: 11
includes:
- kas/corstone1000-base.yml
- kas/corstone1000-image-configuration.yml
- kas/corstone1000-firmware-only.yml
machine: corstone1000-mps3
+47
View File
@@ -0,0 +1,47 @@
header:
version: 11
distro: poky-tiny
defaults:
repos:
refspec: master
repos:
meta-arm:
layers:
meta-arm:
meta-arm-bsp:
meta-arm-toolchain:
poky:
url: https://git.yoctoproject.org/git/poky
refspec: master
layers:
meta:
meta-poky:
meta-yocto-bsp:
meta-openembedded:
url: https://git.openembedded.org/meta-openembedded
refspec: master
layers:
meta-oe:
meta-python:
local_conf_header:
base: |
CONF_VERSION = "2"
PACKAGE_CLASSES = "package_ipk"
LICENSE_FLAGS_ACCEPTED += "armcompiler"
BB_NUMBER_THREADS ?= "16"
PARALLEL_MAKE ?= "-j16"
PACKAGECONFIG:append:pn-perf = " coresight"
fvp-config: |
IMAGE_CLASSES:append = " ${@bb.utils.contains('BUILD_ARCH', 'x86_64', 'fvpboot', '', d)}"
LICENSE_FLAGS_ACCEPTED:append = " Arm-FVP-EULA"
machine: corstone500
target:
- core-image-minimal
@@ -1,16 +1,8 @@
header:
version: 13
includes:
- kas/fvp-eula.yml
env:
DISPLAY:
WAYLAND_DISPLAY:
XAUTHORITY:
version: 9
distro: poky
machine: fvp-base
machine: fvp-baser-aemv8r64
defaults:
repos:
@@ -18,6 +10,8 @@ defaults:
repos:
meta-arm:
url: https://git.yoctoproject.org/git/meta-arm
path: layers/meta-arm
layers:
meta-arm:
meta-arm-bsp:
@@ -30,6 +24,9 @@ repos:
meta:
meta-poky:
env:
FVP_BASE_R_ARM_EULA_ACCEPT: "False"
local_conf_header:
base: |
CONF_VERSION = "2"
@@ -37,7 +34,8 @@ local_conf_header:
PACKAGECONFIG:remove:pn-qemu-system-native = "gtk+ sdl"
EXTRA_IMAGE_FEATURES:append = " debug-tweaks ssh-server-openssh"
CORE_IMAGE_EXTRA_INSTALL:append = " ssh-pregen-hostkeys"
IMAGE_CLASSES:append = " testimage fvpboot"
LICENSE_FLAGS_ACCEPTED:append = " ${@oe.utils.vartrue('FVP_BASE_R_ARM_EULA_ACCEPT', 'Arm-FVP-EULA', '', d)}"
IMAGE_CLASSES:append = " testimage"
target:
- core-image-minimal
+8
View File
@@ -0,0 +1,8 @@
header:
version: 9
includes:
- kas/fvp-baser-aemv8r64-bsp.yml
local_conf_header:
base-rt: |
PREFERRED_PROVIDER_virtual/kernel = "linux-yocto-rt"
-5
View File
@@ -1,5 +0,0 @@
header:
version: 13
env:
ARM_FVP_EULA_ACCEPT:
+2 -11
View File
@@ -9,22 +9,13 @@ BBFILE_COLLECTIONS += "meta-arm-bsp"
BBFILE_PATTERN_meta-arm-bsp = "^${LAYERDIR}/"
BBFILE_PRIORITY_meta-arm-bsp = "5"
LAYERSERIES_COMPAT_meta-arm-bsp = "nanbield scarthgap"
LAYERSERIES_COMPAT_meta-arm-bsp = "mickledore"
LAYERDEPENDS_meta-arm-bsp = "core meta-arm"
# This won't be used by layerindex-fetch, but works everywhere else
LAYERDEPENDS_meta-arm-bsp:append:corstone1000 = " meta-python openembedded-layer efi-secure-boot"
LAYERDEPENDS_meta-arm-bsp:append:corstone1000 = " meta-python openembedded-layer"
LAYERDEPENDS_meta-arm-bsp:append:musca-b1 = " meta-python"
LAYERDEPENDS_meta-arm-bsp:append:musca-s1 = " meta-python"
# Additional license directories.
LICENSE_PATH += "${LAYERDIR}/custom-licenses"
BBFILES_DYNAMIC += " \
meta-arm-systemready:${LAYERDIR}/dynamic-layers/meta-arm-systemready/*/*/*.bb \
meta-arm-systemready:${LAYERDIR}/dynamic-layers/meta-arm-systemready/*/*/*.bbappend \
"
WARN_QA:append:layer-meta-arm-bsp = " patch-status"
addpylib ${LAYERDIR}/lib oeqa
@@ -8,29 +8,23 @@ TFA_TARGET_PLATFORM = "fvp"
TFM_PLATFORM_IS_FVP = "TRUE"
# testimage config
TEST_TARGET = "OEFVPTarget"
TEST_SUITES = "fvp_boot"
TEST_TARGET = "OEFVPSerialTarget"
TEST_SUITES = "linuxboot"
# FVP Config
FVP_PROVIDER ?= "fvp-corstone1000-native"
FVP_EXE ?= "FVP_Corstone-1000"
FVP_CONSOLES[default] = "host_terminal_0"
FVP_CONSOLES[tf-a] = "host_terminal_1"
FVP_CONSOLES[se] = "secenc_terminal"
FVP_CONSOLES[extsys] = "extsys_terminal"
#Disable Time Annotation
FASTSIM_DISABLE_TA = "0"
FVP_CONSOLE ?= "host_terminal_0"
# FVP Parameters
FVP_CONFIG[se.trustedBootROMloader.fname] ?= "bl1.bin"
FVP_CONFIG[se.trustedBootROMloader.fname] ?= "${DEPLOY_DIR_IMAGE}/bl1.bin"
FVP_CONFIG[board.xnvm_size] ?= "64"
FVP_CONFIG[se.trustedSRAM_config] ?= "6"
FVP_CONFIG[se.BootROM_config] ?= "3"
FVP_CONFIG[board.hostbridge.interfaceName] ?= "tap0"
FVP_CONFIG[board.smsc_91c111.enabled] ?= "1"
FVP_CONFIG[board.hostbridge.userNetworking] ?= "true"
FVP_CONFIG[board.hostbridge.userNetPorts] ?= "5555=5555,8080=80,2222=22"
FVP_CONFIG[board.hostbridge.userNetPorts] ?= "5555=5555,8080=80,8022=22"
FVP_CONFIG[board.se_flash_size] ?= "8192"
FVP_CONFIG[diagnostics] ?= "4"
FVP_CONFIG[disable_visualisation] ?= "true"
@@ -38,10 +32,10 @@ FVP_CONFIG[se.nvm.update_raw_image] ?= "0"
FVP_CONFIG[se.cryptocell.USER_OTP_FILTERING_DISABLE] ?= "1"
# Boot image
FVP_DATA ?= "board.flash0=corstone1000-flash-firmware-image-${MACHINE}.wic@0x68000000"
FVP_DATA ?= "board.flash0=${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}.rootfs.wic@0x68000000"
# External system (cortex-M3)
FVP_CONFIG[extsys_harness0.extsys_flashloader.fname] ?= "es_flashfw.bin"
FVP_CONFIG[extsys_harness0.extsys_flashloader.fname] ?= "${DEPLOY_DIR_IMAGE}/es_flashfw.bin"
# FVP Terminals
FVP_TERMINALS[host.host_terminal_0] ?= "Normal World Console"
@@ -52,24 +46,6 @@ FVP_TERMINALS[extsys0.extsys_terminal] ?= "Cortex M3"
# MMC card configuration
FVP_CONFIG[board.msd_mmc.card_type] ?= "SDHC"
FVP_CONFIG[board.msd_mmc.p_fast_access] ?= "0"
FVP_CONFIG[board.msd_mmc.diagnostics] ?= "0"
FVP_CONFIG[board.msd_mmc.diagnostics] ?= "2"
FVP_CONFIG[board.msd_mmc.p_max_block_count] ?= "0xFFFF"
FVP_CONFIG[board.msd_config.pl180_fifo_depth] ?= "16"
FVP_CONFIG[board.msd_mmc.support_unpadded_images] ?= "true"
FVP_CONFIG[board.msd_mmc.p_mmc_file] ?= "${IMAGE_NAME}.wic"
# MMC2 card configuration
FVP_CONFIG[board.msd_mmc_2.card_type] ?= "SDHC"
FVP_CONFIG[board.msd_mmc_2.p_fast_access] ?= "0"
FVP_CONFIG[board.msd_mmc_2.diagnostics] ?= "0"
FVP_CONFIG[board.msd_mmc_2.p_max_block_count] ?= "0xFFFF"
FVP_CONFIG[board.msd_config_2.pl180_fifo_depth] ?= "16"
FVP_CONFIG[board.msd_mmc_2.support_unpadded_images] ?= "true"
FVP_CONFIG[board.msd_mmc_2.p_mmc_file] ?= "corstone1000-esp-image-${MACHINE}.wic"
# Virtio-Net configuration
FVP_CONFIG[board.virtio_net.enabled] ?= "1"
FVP_CONFIG[board.virtio_net.hostbridge.interfaceName] ?= "eth1"
FVP_CONFIG[board.virtio_net.hostbridge.userNetworking] ?= "true"
FVP_CONFIG[board.virtio_net.hostbridge.userNetPorts] ?= "5555=5555,8080=80,2222=22"
FVP_CONFIG[board.virtio_net.transport] ?= "legacy"
@@ -0,0 +1,48 @@
#@TYPE: Machine
#@NAME: Corstone-500 machine
#@DESCRIPTION: Machine configuration for the Corstone-500 platform
require conf/machine/include/arm/armv7a/tune-cortexa5.inc
# Corstone-500 is built against poky-tiny distro.
# poky-tiny sets PREFERRED_PROVIDER_virtual/kernel to linux-yocto-tiny.
# Since distro config is evaluated after the machine config, we need to
# use the strongest override possible (forcevariable) so the
# PREFERRED_PROVIDER_virtual/kernel specified in the machine config will
# apply.
#
PREFERRED_PROVIDER_virtual/kernel:forcevariable = "linux-yocto"
PREFERRED_VERSION_linux-yocto ?= "6.1%"
EXTRA_IMAGEDEPENDS += "trusted-firmware-a u-boot"
IMAGE_CLASSES += "wic_nopt"
IMAGE_FEATURES += "debug-tweaks"
IMAGE_FSTYPES:forcevariable = "cpio.gz squashfs wic wic.nopt"
SERIAL_CONSOLES = "115200;ttyAMA0"
# Corstone-500 u-boot configuration
UBOOT_MACHINE = "corstone500_defconfig"
UBOOT_IMAGE_ENTRYPOINT = "0x84000000"
UBOOT_IMAGE_LOADADDRESS = "0x84000000"
PREFERRED_VERSION_u-boot ?= "2023.01"
# making sure EXTRA_IMAGEDEPENDS will be used while creating the image
WKS_FILE_DEPENDS:append = " ${EXTRA_IMAGEDEPENDS}"
WKS_FILE ?= "core-image-minimal.corstone500.wks"
TEST_TARGET = "OEFVPSerialTarget"
TEST_SUITES = "linuxboot"
FVP_PROVIDER ?= "fvp-corstone500-native"
FVP_EXE ?= "FVP_Corstone-500"
FVP_CONFIG[board.flashloader0.fname] ?= "${DEPLOY_DIR_IMAGE}/bl1.bin"
FVP_DATA ?= "css.cluster.cpu0=${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}.rootfs.wic.nopt@0x80000000"
FVP_CONSOLE ?= "terminal_0"
FVP_TERMINALS[css.terminal_0] ?= "console"
FVP_TERMINALS[css.terminal_1] ?= ""
# Disable openssl in kmod to shink the initramfs size
PACKAGECONFIG:remove:pn-kmod = "openssl"
+6 -52
View File
@@ -4,62 +4,16 @@
#@NAME: Armv8-A Base Platform FVP machine
#@DESCRIPTION: Machine configuration for Armv8-A Base Platform FVP model
require conf/machine/include/arm/arch-armv8-4a.inc
require conf/machine/include/fvp-common.inc
require conf/machine/include/arm/arch-armv8a.inc
ARM_SYSTEMREADY_FIRMWARE = "trusted-firmware-a:do_deploy"
ARM_SYSTEMREADY_ACS_CONSOLE = "default"
EXTRA_IMAGEDEPENDS = "${ARM_SYSTEMREADY_FIRMWARE}"
TUNE_FEATURES = "aarch64"
MACHINE_FEATURES = "efi"
IMAGE_NAME_SUFFIX = ""
IMAGE_FSTYPES += "wic"
WKS_FILE ?= "efi-disk.wks.in"
SERIAL_CONSOLES = "115200;ttyAMA0"
PREFERRED_PROVIDER_virtual/kernel ?= "linux-yocto"
KERNEL_DEVICETREE = "arm/fvp-base-revc.dtb"
KERNEL_IMAGETYPE = "Image"
EXTRA_IMAGEDEPENDS += "trusted-firmware-a"
PREFERRED_VERSION_u-boot ?= "2023.01"
# FVP u-boot configuration
UBOOT_MACHINE = "vexpress_fvp_defconfig"
UBOOT_MACHINE = "vexpress_aemv8a_semi_defconfig"
EFI_PROVIDER ?= "grub-efi"
KERNEL_IMAGETYPE = "Image"
# As this is a virtual target that will not be used in the real world there is
# no need for real SSH keys.
MACHINE_EXTRA_RRECOMMENDS += "ssh-pregen-hostkeys"
TEST_TARGET = "OEFVPTarget"
TEST_TARGET_IP = "127.0.0.1:2222"
DEFAULT_TEST_SUITES:append = " fvp_boot fvp_devices"
TEST_FVP_DEVICES ?= "rtc watchdog networking virtiorng cpu_hotplug"
FVP_PROVIDER ?= "fvp-base-a-aem-native"
FVP_EXE ?= "FVP_Base_RevC-2xAEMvA"
FVP_CONFIG[bp.ve_sysregs.exit_on_shutdown] ?= "1"
FVP_CONFIG[bp.virtio_net.enabled] ?= "1"
FVP_CONFIG[bp.virtio_net.hostbridge.userNetworking] ?= "1"
# Tell testimage to connect to localhost:2222, and forward that to SSH in the FVP.
FVP_CONFIG[bp.virtio_net.hostbridge.userNetPorts] = "2222=22"
FVP_CONFIG[bp.virtio_rng.enabled] ?= "1"
FVP_CONFIG[cache_state_modelled] ?= "0"
FVP_CONFIG[cluster0.check_memory_attributes] ?= "0"
FVP_CONFIG[cluster1.check_memory_attributes] ?= "0"
FVP_CONFIG[cluster0.stage12_tlb_size] ?= "1024"
FVP_CONFIG[cluster1.stage12_tlb_size] ?= "1024"
FVP_CONFIG[bp.secureflashloader.fname] ?= "bl1-fvp.bin"
FVP_CONFIG[bp.flashloader0.fname] ?= "fip-fvp.bin"
FVP_CONFIG[bp.virtioblockdevice.image_path] ?= "${IMAGE_NAME}.wic"
# Set the baseline to ARMv8.4, as the default is 8.0.
FVP_CONFIG[cluster0.has_arm_v8-4] = "1"
FVP_CONFIG[cluster1.has_arm_v8-4] = "1"
FVP_CONSOLES[default] = "terminal_0"
FVP_TERMINALS[bp.terminal_0] ?= "Console"
FVP_TERMINALS[bp.terminal_1] ?= ""
FVP_TERMINALS[bp.terminal_2] ?= ""
FVP_TERMINALS[bp.terminal_3] ?= ""
FVP_CONFIG[bp.secure_memory] ?= "1"
@@ -0,0 +1,63 @@
# Configuration for Fixed Virtual Platform BaseR AEMv8r64 Machine
#@TYPE: Machine
#@NAME: FVP BaseR AEMv8r64 Machine
#@DESCRIPTION: Machine configuration for FVP BaseR AEMv8r64
require conf/machine/include/arm/armv8r/arch-armv8r64.inc
EXTRA_IMAGEDEPENDS += "boot-wrapper-aarch64"
PREFERRED_PROVIDER_virtual/kernel ?= "linux-yocto"
PREFERRED_VERSION_u-boot ?= "2022.10"
KERNEL_IMAGETYPE = "Image"
KERNEL_DEVICETREE = "arm/fvp-baser-aemv8r64.dtb"
UBOOT_MACHINE ?= "vexpress_aemv8r_defconfig"
SERIAL_CONSOLES = "115200;ttyAMA0"
IMAGE_CLASSES:append = " fvpboot"
IMAGE_FSTYPES += "wic"
WKS_FILE ?= "efi-disk.wks.in"
EFI_PROVIDER ?= "grub-efi"
MACHINE_FEATURES:append = " efi"
# As this is a virtual target that will not be used in the real world there is
# no need for real SSH keys.
MACHINE_EXTRA_RRECOMMENDS += "ssh-pregen-hostkeys"
# testimage configuration
TEST_TARGET = "OEFVPSerialTarget"
TEST_SUITES = "linuxboot"
TEST_TARGET_IP ?= "127.0.0.1:8022"
TEST_SERVER_IP ?= "127.0.1.1"
FVP_EXTRA_ARGS = "-a cluster0*=${DEPLOY_DIR_IMAGE}/linux-system.axf"
FVP_PROVIDER ?= "fvp-base-r-aem-native"
FVP_EXE ?= "FVP_BaseR_AEMv8R"
FVP_CONSOLE ?= "terminal_0"
# FVP parameters
FVP_CONFIG[bp.exclusive_monitor.monitor_access_level] ?= "2"
FVP_CONFIG[bp.refcounter.non_arch_start_at_default] ?= "1"
FVP_CONFIG[bp.refcounter.use_real_time] ?= "1"
FVP_CONFIG[bp.ve_sysregs.exit_on_shutdown] ?= "1"
FVP_CONFIG[bp.virtio_net.enabled] ?= "1"
FVP_CONFIG[bp.virtio_net.hostbridge.userNetPorts] ?= "8022=22"
FVP_CONFIG[bp.virtio_net.hostbridge.userNetworking] ?= "1"
FVP_CONFIG[bp.virtio_net.secure_accesses] = "1"
FVP_CONFIG[bp.virtio_rng.enabled] ?= "1"
FVP_CONFIG[bp.virtio_rng.secure_accesses] = "1"
FVP_CONFIG[bp.virtioblockdevice.image_path] ?= "${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}.rootfs.wic"
FVP_CONFIG[bp.virtioblockdevice.secure_accesses] = "1"
FVP_CONFIG[cache_state_modelled] ?= "0"
FVP_CONFIG[cci400.force_on_from_start] = "1"
FVP_CONFIG[cluster0.gicv3.cpuintf-mmap-access-level] ?= "2"
FVP_CONFIG[cluster0.gicv3.extended-interrupt-range-support] ?= "1"
FVP_CONFIG[cluster0.gicv3.SRE-EL2-enable-RAO] ?= "1"
FVP_CONFIG[cluster0.gicv3.SRE-enable-action-on-mmap] ?= "2"
FVP_CONFIG[cluster0.has_aarch64] ?= "1"
FVP_CONFIG[gic_distributor.GICD_CTLR-DS-1-means-secure-only] ?= "1"
FVP_CONFIG[gic_distributor.has-two-security-states] ?= "0"
@@ -0,0 +1,10 @@
require conf/machine/include/arm/arch-armv8r.inc
TUNE_FEATURES:tune-armv8r =+ "aarch64"
PACKAGE_EXTRA_ARCHS:tune-armv8r =+ "aarch64"
BASE_LIB:tune-armv8r = "lib64"
BASE_LIB:tune-armv8r-crc = "lib64"
BASE_LIB:tune-armv8r-crypto = "lib64"
BASE_LIB:tune-armv8r-simd = "lib64"
BASE_LIB:tune-armv8r-crc-simd = "lib64"
BASE_LIB:tune-armv8r-crc-crypto-simd = "lib64"
@@ -2,64 +2,78 @@ require conf/machine/include/arm/armv8a/tune-cortexa35.inc
MACHINEOVERRIDES =. "corstone1000:"
# TF-M
PREFERRED_VERSION_trusted-firmware-m ?= "2.0.%"
# TF-A
TFA_PLATFORM = "corstone1000"
PREFERRED_VERSION_trusted-firmware-a ?= "2.10.%"
PREFERRED_VERSION_tf-a-tests ?= "2.10.%"
EXTRA_IMAGEDEPENDS += "trusted-firmware-a"
TFA_BL2_BINARY = "bl2-corstone1000.bin"
TFA_FIP_BINARY = "fip-corstone1000.bin"
# optee
PREFERRED_VERSION_optee-os ?= "4.1.%"
# TF-M
EXTRA_IMAGEDEPENDS += "virtual/trusted-firmware-m"
# Trusted Services
TS_PLATFORM = "arm/corstone1000"
TS_SP_SE_PROXY_CONFIG = "corstone1000"
# Include smm-gateway and se-proxy SPs into optee-os binary
MACHINE_FEATURES += "ts-smm-gateway ts-se-proxy"
# TF-M settings for signing host images
TFA_BL2_RE_IMAGE_LOAD_ADDRESS = "0x62353000"
TFA_BL2_RE_SIGN_BIN_SIZE = "0x2d000"
TFA_FIP_RE_IMAGE_LOAD_ADDRESS = "0x68130000"
TFA_FIP_RE_SIGN_BIN_SIZE = "0x00200000"
RE_LAYOUT_WRAPPER_VERSION = "0.0.7"
TFM_SIGN_PRIVATE_KEY = "${libdir}/tfm-scripts/root-RSA-3072_1.pem"
RE_IMAGE_OFFSET = "0x1000"
# u-boot
PREFERRED_VERSION_u-boot ?= "2023.07%"
MACHINE_FEATURES += "efi"
EFI_PROVIDER ?= "grub-efi"
PREFERRED_VERSION_u-boot ?= "2023.01"
EXTRA_IMAGEDEPENDS += "u-boot"
# Grub
LINUX_KERNEL_ARGS ?= "earlycon=pl011,0x1a510000 console=ttyAMA0,115200"
GRUB_LINUX_APPEND ?= "${LINUX_KERNEL_ARGS}"
IMAGE_CMD:wic[vardeps] += "GRUB_LINUX_APPEND"
UBOOT_CONFIG ??= "EFI"
UBOOT_CONFIG[EFI] = "corstone1000_defconfig"
UBOOT_ENTRYPOINT = "0x80000000"
UBOOT_LOADADDRESS = "0x80000000"
UBOOT_BOOTARGS = "earlycon=pl011,0x1a510000 console=ttyAMA0 loglevel=9"
UBOOT_ARCH = "arm"
UBOOT_EXTLINUX = "0"
#optee
PREFERRED_VERSION_optee-os ?= "3.20.%"
PREFERRED_VERSION_optee-client ?= "3.18.%"
EXTRA_IMAGEDEPENDS += "optee-os"
OPTEE_ARCH = "arm64"
OPTEE_BINARY = "tee-pager_v2.bin"
# Include smm-gateway and se-proxy SPs into optee-os binary
MACHINE_FEATURES += "ts-smm-gateway ts-se-proxy"
TS_PLATFORM = "arm/corstone1000"
TS_SP_SE_PROXY_CONFIG = "corstone1000"
# External System(Cortex-M3)
EXTRA_IMAGEDEPENDS += "external-system"
# Linux kernel
PREFERRED_PROVIDER_virtual/kernel ?= "linux-yocto"
PREFERRED_VERSION_linux-yocto ?= "6.6.%"
KERNEL_IMAGETYPE = "Image"
KERNEL_IMAGETYPE:firmware = "Image.gz"
PREFERRED_PROVIDER_virtual/kernel:forcevariable = "linux-yocto"
PREFERRED_VERSION_linux-yocto = "6.1%"
KERNEL_IMAGETYPE = "Image.gz"
INITRAMFS_IMAGE_BUNDLE ?= "1"
#telling the build system which image is responsible of the generation of the initramfs rootfs
INITRAMFS_IMAGE = "corstone1000-initramfs-image"
# add FF-A support in the kernel
MACHINE_FEATURES += "arm-ffa"
# prevent the kernel image from being included in the intramfs rootfs
PACKAGE_EXCLUDE = "kernel-image-*"
# enable this feature for kernel debugging
# MACHINE_FEATURES += "corstone1000_kernel_debug"
# login terminal serial port settings
SERIAL_CONSOLES ?= "115200;ttyAMA0"
IMAGE_FSTYPES += "wic"
# Need to clear the suffix so TESTIMAGE_AUTO works
IMAGE_NAME_SUFFIX = ""
WKS_FILE ?= "efi-disk-no-swap.wks.in"
WKS_FILE:firmware ?= "corstone1000-flash-firmware.wks.in"
# making sure EXTRA_IMAGEDEPENDS will be used while creating the image
WKS_FILE_DEPENDS:append = " ${EXTRA_IMAGEDEPENDS}"
# If not building under the firmware multiconf we need to build the actual firmware
FIRMWARE_DEPLOYMENT ?= "firmware-deploy-image"
FIRMWARE_DEPLOYMENT:firmware ?= ""
EXTRA_IMAGEDEPENDS += "${FIRMWARE_DEPLOYMENT}"
WKS_FILE ?= "corstone1000-image.corstone1000.wks"
ARM_SYSTEMREADY_FIRMWARE = "${FIRMWARE_DEPLOYMENT}:do_deploy \
corstone1000-esp-image:do_image_complete \
"
ARM_SYSTEMREADY_ACS_CONSOLE ?= "default"
# Disable openssl in kmod to shink the initramfs size
PACKAGECONFIG:remove:pn-kmod = "openssl"
@@ -0,0 +1,48 @@
# FVP common parameters
#
# Capturing FVP common configurations (Armv8-A Base Platform FVP,
# Armv8-A Foundation Platform and Armv7-A Base Platform FVP).
#
MACHINE_FEATURES = "optee"
IMAGE_FSTYPES += "wic"
WKS_FILE ?= "fvp-base.wks"
SERIAL_CONSOLES = "115200;ttyAMA0"
PREFERRED_PROVIDER_virtual/kernel ?= "linux-yocto"
KERNEL_DEVICETREE = "arm/fvp-base-revc.dtb"
EXTRA_IMAGEDEPENDS += "trusted-firmware-a"
# As this is a virtual target that will not be used in the real world there is
# no need for real SSH keys.
MACHINE_EXTRA_RRECOMMENDS += "ssh-pregen-hostkeys"
TEST_TARGET = "OEFVPTarget"
TEST_TARGET_IP = "127.0.0.1:8022"
FVP_PROVIDER ?= "fvp-base-a-aem-native"
FVP_EXE ?= "FVP_Base_RevC-2xAEMvA"
FVP_CONFIG[bp.ve_sysregs.exit_on_shutdown] ?= "1"
FVP_CONFIG[bp.virtio_net.enabled] ?= "1"
FVP_CONFIG[bp.virtio_net.hostbridge.userNetworking] ?= "1"
# Tell testimage to connect to localhost:8022, and forward that to SSH in the FVP.
FVP_CONFIG[bp.virtio_net.hostbridge.userNetPorts] = "8022=22"
FVP_CONFIG[cache_state_modelled] ?= "0"
FVP_CONFIG[bp.secureflashloader.fname] ?= "${DEPLOY_DIR_IMAGE}/bl1-fvp.bin"
FVP_CONFIG[bp.flashloader0.fname] ?= "${DEPLOY_DIR_IMAGE}/fip-fvp.bin"
FVP_CONFIG[bp.virtioblockdevice.image_path] ?= "${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}.rootfs.wic"
# Set the baseline to ARMv8.4, as the default is 8.0.
FVP_CONFIG[cluster0.has_arm_v8-4] = "1"
FVP_CONFIG[cluster1.has_arm_v8-4] = "1"
FVP_CONSOLE ?= "terminal_0"
FVP_DATA ?= "cluster0.cpu0=${DEPLOY_DIR_IMAGE}/${KERNEL_IMAGETYPE}@0x80080000 \
cluster0.cpu0=${DEPLOY_DIR_IMAGE}/fvp-base-revc.dtb@0x8fc00000"
FVP_TERMINALS[bp.terminal_0] ?= "Console"
FVP_TERMINALS[bp.terminal_1] ?= ""
FVP_TERMINALS[bp.terminal_2] ?= ""
FVP_TERMINALS[bp.terminal_3] ?= ""
+35
View File
@@ -0,0 +1,35 @@
TUNE_FEATURES = "aarch64"
require conf/machine/include/arm/arch-armv8a.inc
MACHINEOVERRIDES =. "tc:"
# Das U-boot
UBOOT_MACHINE ?= "total_compute_defconfig"
PREFERRED_VERSION_u-boot ?= "2022.04"
UBOOT_RD_LOADADDRESS = "0x88000000"
UBOOT_RD_ENTRYPOINT = "0x88000000"
UBOOT_LOADADDRESS = "0x80080000"
UBOOT_ENTRYPOINT = "0x80080000"
PREFERRED_PROVIDER_virtual/kernel ?= "linux-arm64-ack"
# OP-TEE
PREFERRED_VERSION_optee-os ?= "3.18%"
PREFERRED_VERSION_optee-client ?= "3.18%"
PREFERRED_VERSION_optee-test ?= "3.18%"
# Cannot use the default zImage on arm64
KERNEL_IMAGETYPE = "Image"
KERNEL_IMAGETYPES += "fitImage"
KERNEL_CLASSES = " kernel-fitimage "
IMAGE_FSTYPES += "cpio.gz"
INITRAMFS_IMAGE ?= "core-image-minimal"
SERIAL_CONSOLES = "115200;ttyAMA0"
EXTRA_IMAGEDEPENDS += "trusted-firmware-a optee-os"
# FIXME - there is signed image dependency/race with testimage.
# This should be fixed in oe-core
TESTIMAGEDEPENDS:append = " virtual/kernel:do_deploy"
-1
View File
@@ -27,4 +27,3 @@ UBOOT_MACHINE = "vexpress_aemv8a_juno_defconfig"
INITRAMFS_IMAGE_BUNDLE ?= "1"
INITRAMFS_IMAGE = "core-image-minimal"
IMAGE_NAME_SUFFIX = ""
+3 -12
View File
@@ -19,29 +19,20 @@ WKS_FILE_DEPENDS:append = " ${EXTRA_IMAGEDEPENDS}"
# Use kernel provided by yocto
PREFERRED_PROVIDER_virtual/kernel ?= "linux-yocto"
PREFERRED_VERSION_linux-yocto ?= "6.6%"
PREFERRED_VERSION_linux-yocto ?= "6.1%"
# RTL8168E Gigabit Ethernet Controller is attached to the PCIe interface
MACHINE_ESSENTIAL_EXTRA_RDEPENDS += "linux-firmware-rtl8168"
# TF-A
EXTRA_IMAGEDEPENDS += "trusted-firmware-a"
TFA_PLATFORM = "n1sdp"
PREFERRED_VERSION_trusted-firmware-a ?= "2.10.%"
PREFERRED_VERSION_tf-a-tests ?= "2.10.%"
# SCP
EXTRA_IMAGEDEPENDS += "virtual/control-processor-firmware"
#UEFI EDK2 firmware
EXTRA_IMAGEDEPENDS += "edk2-firmware"
PREFERRED_VERSION_edk2-firmware ?= "202311"
PREFERRED_VERSION_edk2-firmware ?= "202211"
#optee
PREFERRED_VERSION_optee-os ?= "4.1.%"
PREFERRED_VERSION_optee-os-tadevkit ?= "4.1.%"
PREFERRED_VERSION_optee-test ?= "4.1.%"
PREFERRED_VERSION_optee-client ?= "4.1.%"
PREFERRED_VERSION_optee-os ?= "3.20.%"
#grub-efi
EFI_PROVIDER ?= "grub-efi"
+31
View File
@@ -0,0 +1,31 @@
# Configuration for TC1
#@TYPE: Machine
#@NAME: TC1
#@DESCRIPTION: Machine configuration for TC1
require conf/machine/include/tc.inc
TEST_TARGET = "OEFVPSerialTarget"
TEST_SUITES = "linuxboot"
# FVP Config
FVP_PROVIDER ?= "fvp-tc1-native"
FVP_EXE ?= "FVP_TC1"
# FVP Parameters
FVP_CONFIG[css.scp.ROMloader.fname] ?= "${DEPLOY_DIR_IMAGE}/scp_romfw.bin"
FVP_CONFIG[css.trustedBootROMloader.fname] ?= "${DEPLOY_DIR_IMAGE}/bl1-tc.bin"
FVP_CONFIG[board.flashloader0.fname] ?= "${DEPLOY_DIR_IMAGE}/fip_gpt-tc.bin"
#FVP_CONFIG[board.hostbridge.userNetworking] ?= "true"
#FVP_CONFIG[board.hostbridge.userNetPorts] ?= "8022=22"
#smsc ethernet takes a very long time to come up. disable now to prevent testimage timeout
#FVP_CONFIG[board.smsc_91c111.enabled] ?= "1"
FVP_CONSOLE = "terminal_s1"
FVP_TERMINALS[soc.terminal_s0] ?= "Secure Console"
FVP_TERMINALS[soc.terminal_s1] ?= "Console"
# Boot image
FVP_DATA ?= "board.dram=${DEPLOY_DIR_IMAGE}/fitImage-core-image-minimal-tc1-tc1@0x20000000"
@@ -1,12 +0,0 @@
version: 2
build:
os: "ubuntu-22.04"
tools:
python: "3.9"
sphinx:
configuration: meta-arm-bsp/documentation/corstone1000/conf.py
formats:
- pdf
python:
install:
- requirements: meta-arm-bsp/documentation/requirements.txt
@@ -10,77 +10,6 @@ Change Log
This document contains a summary of the new features, changes and
fixes in each release of Corstone-1000 software stack.
***************
Version 2023.11
***************
Changes
=======
- Making Corstone-1000 SystemReady IR 2.0 certifiable
- Allow booting Debian & OpenSUSE on FVP
- Add support for two MMC cards for the FVP
- Add signed capsule update support
- Enable on-disk capsule update
- Add the feature of purging specific DT nodes in U-Boot before Linux
- Add Ethernet over VirtIO support in U-Boot
- Add support for unaligned MMC card images
- Reducing the out-of-tree patches by upstreaming them to the corresponding open-source projects
- SW components upgrades
- Bug fixes
Corstone-1000 components versions
=================================
+-------------------------------------------+-----------------------------------------------------+
| arm-ffa-tee | 1.1.2-r0 |
+-------------------------------------------+-----------------------------------------------------+
| linux-yocto | 6.5.7 |
+-------------------------------------------+-----------------------------------------------------+
| u-boot | 2023.07 |
+-------------------------------------------+-----------------------------------------------------+
| external-system | 0.1.0+gitAUTOINC+8c9dca74b1-r0 |
+-------------------------------------------+-----------------------------------------------------+
| optee-client | 3.22.0 |
+-------------------------------------------+-----------------------------------------------------+
| optee-os | 3.22.0 |
+-------------------------------------------+-----------------------------------------------------+
| trusted-firmware-a | 2.9.0 |
+-------------------------------------------+-----------------------------------------------------+
| trusted-firmware-m | 1.8.1 |
+-------------------------------------------+-----------------------------------------------------+
| libts | 08b3d39471 |
+-------------------------------------------+-----------------------------------------------------+
| ts-newlib | 4.1.0 |
+-------------------------------------------+-----------------------------------------------------+
| ts-psa-{crypto, iat, its. ps}-api-test | 38cb53a4d9 |
+-------------------------------------------+-----------------------------------------------------+
| ts-sp-{se-proxy, smm-gateway} | 08b3d39471 |
+-------------------------------------------+-----------------------------------------------------+
Yocto distribution components versions
======================================
+-------------------------------------------+------------------------------+
| meta-arm | nanbield |
+-------------------------------------------+------------------------------+
| poky | nanbield |
+-------------------------------------------+------------------------------+
| meta-openembedded | nanbield |
+-------------------------------------------+------------------------------+
| meta-secure-core | nanbield |
+-------------------------------------------+------------------------------+
| busybox | 1.36.1 |
+-------------------------------------------+------------------------------+
| musl | 1.2.4 |
+-------------------------------------------+------------------------------+
| gcc-arm-none-eabi | 11.2-2022.02 |
+-------------------------------------------+------------------------------+
| gcc-cross-aarch64 | 13.2.0 |
+-------------------------------------------+------------------------------+
| openssl | 3.1.3 |
+-------------------------------------------+------------------------------+
***************
Version 2023.06
***************
Binary file not shown.

Before

Width:  |  Height:  |  Size: 54 KiB

After

Width:  |  Height:  |  Size: 40 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 108 KiB

After

Width:  |  Height:  |  Size: 57 KiB

@@ -1,21 +1,11 @@
..
# Copyright (c) 2022, 2024, Arm Limited.
# Copyright (c) 2022, Arm Limited.
#
# SPDX-License-Identifier: MIT
#################
Arm Corstone-1000
#################
*************************
Disclaimer
*************************
Arm reference solutions are Arm public example software projects that track and
pull upstream components, incorporating their respective security fixes
published over time. Arm partners are responsible for ensuring that the
components they use contain all the required security fixes, if and when they
deploy a product derived from Arm reference solutions.
################
ARM Corstone1000
################
.. toctree::
:maxdepth: 1
@@ -19,27 +19,6 @@ intended for safety-critical applications. Should Your Software or Your Hardware
prove defective, you assume the entire cost of all necessary servicing, repair
or correction.
***********************
Release notes - 2023.11
***********************
Known Issues or Limitations
---------------------------
- Use Ethernet over VirtIO due to lan91c111 Ethernet driver support dropped from U-Boot.
- Temporally removing the External system support in Linux due to it using multiple custom devicetree bindings that caused problems with SystemReady IR 2.0 certification. For External system support please refer to the version 2023.06. We are aiming to restore it in a more standardised manner in our next release.
- Due to the performance uplimit of MPS3 FPGA and FVP, some Linux distros like Fedora Rawhide can not boot on Corstone-1000 (i.e. user may experience timeouts or boot hang).
- PSA Crypto tests (psa-crypto-api-test command) approximately take 30 minutes to complete for FVP and MPS3.
- Corstone-1000 SoC on FVP doesn't have a secure debug peripheral. It does on the MPS3.
- See previous release notes for the known limitations regarding ACS tests.
Platform Support
-----------------
- This software release is tested on Corstone-1000 FPGA version AN550_v2
https://developer.arm.com/downloads/-/download-fpga-images
- This software release is tested on Corstone-1000 Fast Model platform (FVP) version 11.23_25
https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps
***********************
Release notes - 2023.06
***********************
@@ -53,7 +53,7 @@ hardware for enhanced security. Communication with the Secure Encalve
is achieved using Message Handling Units (MHUs) and shared memory.
On system power on, the Secure Enclave boots first. Its software
comprises of a ROM code (TF-M BL1), Mcuboot BL2, and
TrustedFirmware-M(`TF-M`_) as runtime software. The software design on
TrustedFirmware-M(`TF-M`_) as runtime software. The software design on
Secure Enclave follows Firmware Framework for M class
processor (`FF-M`_) specification.
@@ -72,10 +72,8 @@ non-secure and the secure world is performed via FF-A messages.
An external system is intended to implement use-case specific
functionality. The system is based on Cortex-M3 and run RTX RTOS.
Communication between the external system and Host (Cortex-A35) is performed
using MHU as transport mechanism and rpmsg messaging system (the external system
support in Linux is disabled in this release. More info about this change can be found in the
release-notes).
Communictaion between external system and Host(cortex-A35) is performed
using MHU as transport mechanism and rpmsg messaging system.
Overall, the Corstone-1000 architecture is designed to cover a range
of Power, Performance, and Area (PPA) applications, and enable extension
@@ -140,13 +138,10 @@ flow path for such calls.
The SE Proxy SP (Secure Enclave Proxy Secure Partition) is a proxy partition
managed by OPTEE which forwards such calls to the secure enclave. The
solution relies on the `RSE communication protocol
<https://tf-m-user-guide.trustedfirmware.org/platform/arm/rse/rse_comms.html>`_
which is a lightweight serialization of the psa_call() API. It can use shared
memory and MHU interrupts as a doorbell for communication between two cores
but currently the whole message is forwarded through the MHU channels in Corstone-1000.
Corstone-1000 implements isolation level 2. Cortex-M0+ MPU (Memory Protection
Unit) is used to implement isolation level 2.
solution relies on OpenAMP which uses shared memory and MHU interrupts as
a doorbell for communication between two cores. Corstone-1000 implements
isolation level 2. Cortex-M0+ MPU (Memory Protection Unit) is used to implement
isolation level 2.
For a user to define its own secure service, both the options of the host
secure world or secure encalve are available. It's a trade-off between
@@ -162,9 +157,9 @@ Secure Firmware Update
**********************
Apart from always booting the authorized images, it is also essential that
the device only accepts the authorized (signed) images in the firmware update
the device only accepts the authorized images in the firmware update
process. Corstone-1000 supports OTA (Over the Air) firmware updates and
follows Platform Security Firmware Update specification (`FWU`_).
follows Platform Security Firmware Update sepcification (`FWU`_).
As standardized into `FWU`_, the external flash is divided into two
banks of which one bank has currently running images and the other bank is
@@ -177,10 +172,7 @@ Image (the initramfs bundle). The new images are accepted in the form of a UEFI
:width: 690
:alt: ExternalFlash
When Firmware update is triggered, u-boot verifies the capsule by checking the
capsule signature, version number and size. Then it signals the Secure Enclave
that can start writing UEFI capsule into the flash. Once this operation finishes
,Secure Enclave resets the entire system.
The Metadata Block in the flash has the below firmware update state machine.
TF-M runs an OTA service that is responsible for accepting and updating the
images in the flash. The communication between the UEFI Capsule update
@@ -238,7 +230,7 @@ References
.. _Arm security features: https://www.arm.com/architecture/security-features/platform-security
.. _linux repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/
.. _FF-A: https://developer.arm.com/documentation/den0077/latest
.. _FF-M: https://developer.arm.com/architectures/Firmware%20Framework%20for%20M-Profile
.. _FF-M: https://developer.arm.com/-/media/Files/pdf/PlatformSecurityArchitecture/Architect/DEN0063-PSA_Firmware_Framework-1.0.0-2.pdf?revision=2d1429fa-4b5b-461a-a60e-4ef3d8f7f4b4&hash=3BFD6F3E687F324672F18E5BE9F08EDC48087C93
.. _FWU: https://developer.arm.com/documentation/den0118/a/
.. _OPTEE-OS: https://github.com/OP-TEE/optee_os
.. _PSA: https://www.psacertified.org/
File diff suppressed because it is too large Load Diff
+28
View File
@@ -0,0 +1,28 @@
# Corstone-500 Platform Support in meta-arm-bsp
## Howto Build and Run
### Configuration:
Use the kas
### Build:
``bash$ kas build kas/corstone500.yml
### Run:
Building using kas should have fetch the Fixed Virtual Platform for this
platform and installed at:
build/tmp/sysroots-components/x86_64/fvp-corstone500-native/usr/bin/./FVP_Corstone-500
with this in place is possible to launch the FVP using the runfvp inside the
scripts directory:
cd scripts
./runfvp ../build/tmp/deploy/images/corstone500/core-image-minimal-corstone500.fvpconf --console
this will output the console in the launching terminal

Some files were not shown because too many files have changed in this diff Show More