1
0
mirror of https://git.yoctoproject.org/meta-arm synced 2026-07-18 16:37:08 +00:00

Compare commits

...

125 Commits

Author SHA1 Message Date
Ali Can Ozaslan 4f8d2f4b2f arm-bsp/trusted-services: corstone1000: Align PSA crypto structs with TF-M
The TF-M was upgraded to v2.1.1 for the Corstone-1000. The TS had to be
aligned with it, to keep the Secure Enclave Proxy Secure Partition
compatible with TF-M.

Signed-off-by: Ali Can Ozaslan <ali.oezaslan@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2025-05-07 14:00:17 -04:00
Ross Burton 42928dcc17 CI: use walnascar branches
Signed-off-by: Ross Burton <ross.burton@arm.com>
2025-04-15 16:46:23 +01:00
Jon Mason ca5c51e25c arm/edk2-firmware: remove qemuarm64-secureboot
edk2 isn't booting on qemuarm64-secureboot, and hasn't for some time.
Also, it's not being tested as part of CI.  Remove until it is working
again.

Signed-off-by: Jon Mason <jon.mason@arm.com>
2025-04-11 09:37:38 -04:00
Jon Mason 69121ff4e5 arm/edk2-firmware: update to 202502
Update to the latest tagged version of edk2-firmware.  This requires
rebasing the sbsa-acs patches.  Also, sgi575 works with the latest
version but requires a patch to compile cleanly.

There is an issue with qemuarm/qemuarm64 where the boot device is not
found in edk2 if 'RELEASE' is set as the build mode.  Temporarily
changing that to DEBUG while the issue is being worked on (in
https://github.com/tianocore/edk2/issues/10942).

Signed-off-by: Jon Mason <jon.mason@arm.com>
2025-04-11 09:37:38 -04:00
Jon Mason ce4c7f6661 arm/edk2-firmware: add version to be printed out
Currently, the version number is not being specified, which is causing
the version to be printed as an empty string.  Such as:
    UEFI firmware (version  built at 00:50:36 on Feb 21 2025)
and
    Tianocore/EDK2 firmware version

Add the package version as the version to be printed out, which results
in:
    UEFI firmware (version 202502 built at 00:50:36 on Feb 21 2025)
and
    Tianocore/EDK2 firmware version 202502

An intermediate variable was used instead of PV to allow for the
variable to be overridden if necessary.

Also, minor white space clean-up to match the style in the rest of the
file.

Signed-off-by: Jon Mason <jon.mason@arm.com>
2025-04-11 09:37:38 -04:00
Richard Purdie ca97d0fcec classes/tfm_sign_image: Fix assignment whitespace
Fix whitespace to avoid a warning with newer bitbake.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2025-04-11 06:00:04 -04:00
Yogesh Wani 385450558e arm-bsp/documentation: corstone1000: Fix typos in the documentation
The Corstone-1000 read the docs had some small typos in the
Design Overview section. Commit addresses these.

Copyright information now updated.

Signed-off-by: Yogesh Wani <yogesh.wani@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2025-04-09 05:00:04 -04:00
Gergely Kovacs 79eb13dd05 arm/trusted-firmware-a: remove optee-os dependency from tests
The TF-A tests should not depend on OPTEE-OS

Signed-off-by: Gergely Kovacs <Gergely.Kovacs2@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2025-04-08 06:00:05 -04:00
Ross Burton 1d119f24f9 arm/fvp-base-a-aem: remove spurious executable stack from one library
There are some objects in the FVP binary that are assembler source and
fail to declare what permissions the stack needs to have, so GCC falls
back to assuming that the final binary needs an executable stack.

glibc 2.41 (as now used in uninative) introduces changes here[1]: whether
to have an executable stack or not when the binary doesn't specify a
need (defaults to executable, but this is a tunable), and any binaries
that are dlopen()ed that require an executable stack will fail.

Thus, some FVPs on some platforms (notable, fvp-base-a-aem on x86-64)
now fail on startup:

  libarmctmodel.so: cannot enable executable stack as shared object requires: Invalid argument

Luckily the solution here is to simply clear the executable bit, as
an executable stack is not actually needed.  Until a new release of the
FVP is made we can fix the binary in our package using execstack.

[1] https://lists.gnu.org/archive/html/info-gnu/2025-01/msg00014.html

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2025-04-04 13:55:24 -04:00
Ross Burton b19f24bd0a arm/execstack-native: add new recipe
Add a recipe for the execstack binary from prelink-cross. This tool is
used to manipulate the GNU_STACK segment in ELF binaries, specifically
to control whether the binary requests an executable stack or not.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2025-04-04 13:55:24 -04:00
Martin Jansa 5a55c4aaf9 metadata: add whitespace around assignments
With:
https://lists.openembedded.org/g/bitbake-devel/message/17508
there are WARNINGs like:

WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test1_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test1_git.bb:3 has a lack of whitespace around the assignment: 'SP_INDEX="1"'
WARNING: meta-arm/meta-arm-toolchain/recipes-devtools/external-arm-toolchain/gcc-aarch64-none-elf_13.3.rel1.bb: meta-arm/meta-arm-toolchain/recipes-devtools/external-arm-toolchain/arm-binary-toolchain.inc:31 has a lack of whitespace around the assignment: 'SKIP_FILEDEPS="1"'
WARNING: meta-arm/meta-arm-toolchain/recipes-devtools/external-arm-toolchain/gcc-arm-none-eabi_13.3.rel1.bb: meta-arm/meta-arm-toolchain/recipes-devtools/external-arm-toolchain/arm-binary-toolchain.inc:31 has a lack of whitespace around the assignment: 'SKIP_FILEDEPS="1"'
WARNING: meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/tf-a-tests_2.10.3.bb: meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/tf-a-tests_2.10.3.bb:37 has a lack of whitespace around the assignment: 'export CROSS_COMPILE="${TARGET_PREFIX}"'
WARNING: meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/tf-a-tests_2.12.0.bb: meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/tf-a-tests_2.12.0.bb:38 has a lack of whitespace around the assignment: 'export CROSS_COMPILE="${TARGET_PREFIX}"'
WARNING: meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.10.12.bb: meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc:80 has a lack of whitespace around the assignment: 'export CROSS_COMPILE="${TARGET_PREFIX}"'
WARNING: meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.12.1.bb: meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc:80 has a lack of whitespace around the assignment: 'export CROSS_COMPILE="${TARGET_PREFIX}"'
WARNING: meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_git.bb: meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc:80 has a lack of whitespace around the assignment: 'export CROSS_COMPILE="${TARGET_PREFIX}"'
WARNING: meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_2.1.1.bb: meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m.inc:89 has a lack of whitespace around the assignment: 'export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules"'
WARNING: meta-arm/meta-arm/recipes-bsp/trusted-firmware-rmm/trusted-firmware-rmm_0.6.0.bb: meta-arm/meta-arm/recipes-bsp/trusted-firmware-rmm/trusted-firmware-rmm_0.6.0.bb:34 has a lack of whitespace around the assignment: 'export CROSS_COMPILE="${TARGET_PREFIX}"'
WARNING: meta-arm/meta-arm/recipes-devtools/fvp/fvp-base-a-aem_11.28.23.bb: meta-arm/meta-arm/recipes-devtools/fvp/fvp-common.inc:42 has a lack of whitespace around the assignment: 'PV_URL_SHORT="${@get_fm_short_pv_url(d)}"'
WARNING: meta-arm/meta-arm/recipes-devtools/fvp/fvp-corstone1000.bb: meta-arm/meta-arm/recipes-devtools/fvp/fvp-common.inc:42 has a lack of whitespace around the assignment: 'PV_URL_SHORT="${@get_fm_short_pv_url(d)}"'
WARNING: meta-arm/meta-arm/recipes-devtools/fvp/fvp-library.bb: meta-arm/meta-arm/recipes-devtools/fvp/fvp-common.inc:42 has a lack of whitespace around the assignment: 'PV_URL_SHORT="${@get_fm_short_pv_url(d)}"'
WARNING: meta-arm/meta-arm/recipes-devtools/fvp/fvp-n1-edge.bb: meta-arm/meta-arm/recipes-devtools/fvp/fvp-common.inc:42 has a lack of whitespace around the assignment: 'PV_URL_SHORT="${@get_fm_short_pv_url(d)}"'
WARNING: meta-arm/meta-arm/recipes-devtools/fvp/fvp-sgi575.bb: meta-arm/meta-arm/recipes-devtools/fvp/fvp-common.inc:42 has a lack of whitespace around the assignment: 'PV_URL_SHORT="${@get_fm_short_pv_url(d)}"'
WARNING: meta-arm/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb: meta-arm/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb:21 has a lack of whitespace around the assignment: 'FTPM_UUID="bc50d971-d4c9-42c4-82cb-343fb7f37896"'
WARNING: meta-arm/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb: meta-arm/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb:53 has a lack of whitespace around the assignment: 'export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules"'
WARNING: meta-arm/meta-arm/recipes-security/optee/optee-examples_4.3.0.bb: meta-arm/meta-arm/recipes-security/optee/optee.inc:34 has a lack of whitespace around the assignment: 'export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules"'
WARNING: meta-arm/meta-arm/recipes-security/optee/optee-os-tadevkit_4.3.0.bb: meta-arm/meta-arm/recipes-security/optee/optee.inc:34 has a lack of whitespace around the assignment: 'export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules"'
WARNING: meta-arm/meta-arm/recipes-security/optee/optee-os_4.3.0.bb: meta-arm/meta-arm/recipes-security/optee-ftpm/optee-os_%.bbappend:1 has a lack of whitespace around the assignment: 'FTPM_UUID="bc50d971-d4c9-42c4-82cb-343fb7f37896"'
WARNING: meta-arm/meta-arm/recipes-security/optee/optee-os_4.3.0.bb: meta-arm/meta-arm/recipes-security/optee/optee-os-ts.inc:11 has a lack of whitespace around the assignment: 'TS_BIN_SPM_TEST= "${RECIPE_SYSROOT}/usr/opteesp/bin"'
WARNING: meta-arm/meta-arm/recipes-security/optee/optee-os_4.3.0.bb: meta-arm/meta-arm/recipes-security/optee/optee.inc:34 has a lack of whitespace around the assignment: 'export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules"'
WARNING: meta-arm/meta-arm/recipes-security/optee/optee-test_4.3.0.bb: meta-arm/meta-arm/recipes-security/optee/optee.inc:34 has a lack of whitespace around the assignment: 'export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/libts_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/libts_git.bb:12 has a lack of whitespace around the assignment: 'OECMAKE_SOURCEPATH="${S}/deployments/libts/${TS_ENV}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/libts_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/trusted-services.inc:37 has a lack of whitespace around the assignment: 'export CROSS_COMPILE="${TARGET_PREFIX}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-demo_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/trusted-services.inc:37 has a lack of whitespace around the assignment: 'export CROSS_COMPILE="${TARGET_PREFIX}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-demo_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-demo_git.bb:13 has a lack of whitespace around the assignment: 'OECMAKE_SOURCEPATH="${S}/deployments/ts-demo/${TS_ENV}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-psa-crypto-api-test_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/trusted-services.inc:37 has a lack of whitespace around the assignment: 'export CROSS_COMPILE="${TARGET_PREFIX}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-psa-iat-api-test_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/trusted-services.inc:37 has a lack of whitespace around the assignment: 'export CROSS_COMPILE="${TARGET_PREFIX}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-psa-its-api-test_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/trusted-services.inc:37 has a lack of whitespace around the assignment: 'export CROSS_COMPILE="${TARGET_PREFIX}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-psa-ps-api-test_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/trusted-services.inc:37 has a lack of whitespace around the assignment: 'export CROSS_COMPILE="${TARGET_PREFIX}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-remote-test_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/trusted-services.inc:37 has a lack of whitespace around the assignment: 'export CROSS_COMPILE="${TARGET_PREFIX}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-service-test_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/trusted-services.inc:37 has a lack of whitespace around the assignment: 'export CROSS_COMPILE="${TARGET_PREFIX}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-attestation_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/trusted-services.inc:37 has a lack of whitespace around the assignment: 'export CROSS_COMPILE="${TARGET_PREFIX}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-attestation_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-attestation_git.bb:8 has a lack of whitespace around the assignment: 'OECMAKE_SOURCEPATH="${S}/deployments/attestation/config/${TS_SP_IAT_CONFIG}-${TS_ENV}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-attestation_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-common.inc:42 has a lack of whitespace around the assignment: 'OECMAKE_ARGS:remove="-DCMAKE_TOOLCHAIN_FILE:FILEPATH=${WORKDIR}/toolchain.cmake"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-block-storage_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/trusted-services.inc:37 has a lack of whitespace around the assignment: 'export CROSS_COMPILE="${TARGET_PREFIX}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-block-storage_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-block-storage_git.bb:13 has a lack of whitespace around the assignment: 'OECMAKE_SOURCEPATH="${S}/deployments/block-storage/config/${TS_SP_BLOCK_STORAGE_CONFIG}-${TS_ENV}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-block-storage_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-common.inc:42 has a lack of whitespace around the assignment: 'OECMAKE_ARGS:remove="-DCMAKE_TOOLCHAIN_FILE:FILEPATH=${WORKDIR}/toolchain.cmake"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-crypto_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/trusted-services.inc:37 has a lack of whitespace around the assignment: 'export CROSS_COMPILE="${TARGET_PREFIX}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-crypto_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-common.inc:42 has a lack of whitespace around the assignment: 'OECMAKE_ARGS:remove="-DCMAKE_TOOLCHAIN_FILE:FILEPATH=${WORKDIR}/toolchain.cmake"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-crypto_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-crypto_git.bb:10 has a lack of whitespace around the assignment: 'OECMAKE_SOURCEPATH="${S}/deployments/crypto/config/${TS_SP_CRYPTO_CONFIG}-${TS_ENV}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-fwu_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/trusted-services.inc:37 has a lack of whitespace around the assignment: 'export CROSS_COMPILE="${TARGET_PREFIX}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-fwu_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-common.inc:42 has a lack of whitespace around the assignment: 'OECMAKE_ARGS:remove="-DCMAKE_TOOLCHAIN_FILE:FILEPATH=${WORKDIR}/toolchain.cmake"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-fwu_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-fwu_git.bb:14 has a lack of whitespace around the assignment: 'OECMAKE_SOURCEPATH="${S}/deployments/fwu/config/${TS_SP_FWU_CONFIG}-${TS_ENV}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-its_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/trusted-services.inc:37 has a lack of whitespace around the assignment: 'export CROSS_COMPILE="${TARGET_PREFIX}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-its_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-common.inc:42 has a lack of whitespace around the assignment: 'OECMAKE_ARGS:remove="-DCMAKE_TOOLCHAIN_FILE:FILEPATH=${WORKDIR}/toolchain.cmake"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-its_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-its_git.bb:8 has a lack of whitespace around the assignment: 'OECMAKE_SOURCEPATH="${S}/deployments/internal-trusted-storage/config/${TS_SP_ITS_CONFIG}-${TS_ENV}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-se-proxy_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/trusted-services.inc:37 has a lack of whitespace around the assignment: 'export CROSS_COMPILE="${TARGET_PREFIX}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-se-proxy_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-common.inc:42 has a lack of whitespace around the assignment: 'OECMAKE_ARGS:remove="-DCMAKE_TOOLCHAIN_FILE:FILEPATH=${WORKDIR}/toolchain.cmake"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-se-proxy_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-se-proxy_git.bb:10 has a lack of whitespace around the assignment: 'OECMAKE_SOURCEPATH="${S}/deployments/se-proxy/config/${TS_SP_SE_PROXY_CONFIG}-${TS_ENV}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-smm-gateway_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/trusted-services.inc:37 has a lack of whitespace around the assignment: 'export CROSS_COMPILE="${TARGET_PREFIX}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-smm-gateway_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-common.inc:42 has a lack of whitespace around the assignment: 'OECMAKE_ARGS:remove="-DCMAKE_TOOLCHAIN_FILE:FILEPATH=${WORKDIR}/toolchain.cmake"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-smm-gateway_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-smm-gateway_git.bb:8 has a lack of whitespace around the assignment: 'OECMAKE_SOURCEPATH="${S}/deployments/smm-gateway/config/${TS_SP_SMM_GATEWAY_CONFIG}-${TS_ENV}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test1_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/trusted-services.inc:37 has a lack of whitespace around the assignment: 'export CROSS_COMPILE="${TARGET_PREFIX}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test1_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-common.inc:42 has a lack of whitespace around the assignment: 'OECMAKE_ARGS:remove="-DCMAKE_TOOLCHAIN_FILE:FILEPATH=${WORKDIR}/toolchain.cmake"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test1_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test-common.inc:10 has a lack of whitespace around the assignment: 'OECMAKE_SOURCEPATH="${S}/deployments/spm-test${SP_INDEX}/${TS_ENV}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test1_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test1_git.bb:3 has a lack of whitespace around the assignment: 'SP_INDEX="1"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test2_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/trusted-services.inc:37 has a lack of whitespace around the assignment: 'export CROSS_COMPILE="${TARGET_PREFIX}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test2_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-common.inc:42 has a lack of whitespace around the assignment: 'OECMAKE_ARGS:remove="-DCMAKE_TOOLCHAIN_FILE:FILEPATH=${WORKDIR}/toolchain.cmake"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test2_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test-common.inc:10 has a lack of whitespace around the assignment: 'OECMAKE_SOURCEPATH="${S}/deployments/spm-test${SP_INDEX}/${TS_ENV}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test2_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test2_git.bb:3 has a lack of whitespace around the assignment: 'SP_INDEX="2"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test3_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/trusted-services.inc:37 has a lack of whitespace around the assignment: 'export CROSS_COMPILE="${TARGET_PREFIX}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test3_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-common.inc:42 has a lack of whitespace around the assignment: 'OECMAKE_ARGS:remove="-DCMAKE_TOOLCHAIN_FILE:FILEPATH=${WORKDIR}/toolchain.cmake"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test3_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test-common.inc:10 has a lack of whitespace around the assignment: 'OECMAKE_SOURCEPATH="${S}/deployments/spm-test${SP_INDEX}/${TS_ENV}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test3_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test3_git.bb:3 has a lack of whitespace around the assignment: 'SP_INDEX="3"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test4_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/trusted-services.inc:37 has a lack of whitespace around the assignment: 'export CROSS_COMPILE="${TARGET_PREFIX}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test4_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-common.inc:42 has a lack of whitespace around the assignment: 'OECMAKE_ARGS:remove="-DCMAKE_TOOLCHAIN_FILE:FILEPATH=${WORKDIR}/toolchain.cmake"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test4_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test-common.inc:10 has a lack of whitespace around the assignment: 'OECMAKE_SOURCEPATH="${S}/deployments/spm-test${SP_INDEX}/${TS_ENV}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test4_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test4_git.bb:3 has a lack of whitespace around the assignment: 'SP_INDEX="4"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-storage_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/trusted-services.inc:37 has a lack of whitespace around the assignment: 'export CROSS_COMPILE="${TARGET_PREFIX}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-storage_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-common.inc:42 has a lack of whitespace around the assignment: 'OECMAKE_ARGS:remove="-DCMAKE_TOOLCHAIN_FILE:FILEPATH=${WORKDIR}/toolchain.cmake"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-storage_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-storage_git.bb:8 has a lack of whitespace around the assignment: 'OECMAKE_SOURCEPATH="${S}/deployments/protected-storage/config/${TS_SP_PS_CONFIG}-${TS_ENV}"'
WARNING: meta-arm/meta-arm/recipes-security/trusted-services/ts-uefi-test_git.bb: meta-arm/meta-arm/recipes-security/trusted-services/trusted-services.inc:37 has a lack of whitespace around the assignment: 'export CROSS_COMPILE="${TARGET_PREFIX}"'

Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2025-04-04 06:00:04 -04:00
Mikko Rapeli 7fca237eab trusted-firmware-a: set mbedtls git branch with SRCBRANCH_MBEDTLS
Enables building latest bleeding edge tf-a and mbedtls with
local.conf setup:

INHERIT += "poky-bleeding"
POKY_AUTOREV_RECIPES += "trusted-firmware-a"

SRCREV_mbedtls:pn-trusted-firmware-a = "AUTOINC"
SRCREV_tfa:pn-trusted-firmware-a = "AUTOINC"
SRCBRANCH:pn-trusted-firmware-a = "master"
SRCBRANCH_MBEDTLS:pn-trusted-firmware-a = "master"
LIC_FILES_CHKSUM:pn-trusted-firmware-a = "file://docs/license.rst;md5=1118e32884721c0be33267bd7ae11130"
BBMASK += "meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.10.12.bb"
BBMASK += "meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.11.0.bb"

This includes workarounds for poky-bleeding.bbclass which doesn't
work with multiple SRCREV variables, masking away
tf-a 2.10 and 2.11 recipes which cause recipe parsing problems
and only one recipe needed to build latest upstream master
branch to avoid 503 error codes from remote git server.

Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2025-04-04 05:00:04 -04:00
Gyorgy Szing 595cb0f1a0 arm/trusted-services: fix udev management in libts
- Change libts to stop making udev related configuration if optee-client
  is deployed to the target to avoid conflicts.
- Remove the executable permission from installed tee-udev.rules file.
- Remove teepriv device from udev file as this device is op-tee specific.

Signed-off-by: Gyorgy Szing <gyorgy.szing@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2025-04-02 11:00:04 -04:00
Gyorgy Szing 158ce8e566 optee-client: use the same tee group as libts
Change optee-client to use the same bitbake variable to configure the
group name used for controlling access to /dev/tee* devices on the
target. The aim is to simplify system configuration by aligning the
two recipes.

Signed-off-by: Gyorgy Szing <gyorgy.szing@arm.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2025-04-02 11:00:04 -04:00
Gyorgy Szing 516eb0672f optee-client: drop privileges of tee-supplicant
Stop the tee-supplicant being run with root privileges when the system
is not using systemd.

Signed-off-by: Gyorgy Szing <gyorgy.szing@arm.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2025-04-02 11:00:04 -04:00
Gyorgy Szing 91cacb6332 optee-client: fix udev and systemd handling
Eliminate the systemd specific install content fix-up commands appended
to do_install.
  - patch optee-client to allow controlling installation of systemd and
    udev specific configuration files.
  - pass driver group names to optee-client build

Signed-off-by: Gyorgy Szing <gyorgy.szing@arm.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2025-04-02 11:00:04 -04:00
Gyorgy Szing 2ec60ece8d optee-os: add v4.4
Add recipes to allow building OP-TEE v4.4. This is the first version
carrying an SPMC implementation which supports branch protection.

Update corstone1000:
  - to use the new op-tee version
  - `CFG_TZDRAM_SIZE` is increased further from `0x340000` to `0x360000`
     as version 4.4.0 of OP-TEE OS requires more memory

Signed-off-by: Gyorgy Szing <gyorgy.szing@arm.com>
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>

optee-os: corestone1000: udpate to op-tee v4.4

Update OP-TEE version and add a patch to increase TZDRAM size to add
more memory to OP-TEE.

Signed-off-by: Gyorgy Szing <gyorgy.szing@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2025-04-02 11:00:04 -04:00
Mikko Rapeli 94596e0fae optee-client: use udev rule and systemd service from upstream
Use backported upstream patch for udev rule and systemd service file.
sysvinit script is still used from meta-arm. Don't install systemd
service without systemd distro feature, other way round for
sysvinit script.

tee-supplicant started by systemd service runs as non-root teesuppl
user with teepriv group. sysvinit still runs as root since busybox
start-stop-daemon doesn't support -g group parameter and -u teesuppl
doesn't seem to change the effective user.

udev rules allow non-root /dev/tee* access from tee and
/dev/teepriv* access from teepriv groups.

Tested sysvinit changes with:

$ kas build ci/qemuarm64-secureboot.yml:ci/poky.yml:ci/testimage.yml

and systemd changes with:

$ kas build ci/qemuarm64-secureboot.yml:ci/poky.yml:ci/testimage.yml:ci/uefi-secureboot.yml

Cc: tom.hochstein@nxp.com
Cc: sahil.malhotra@nxp.com
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2025-04-02 11:00:04 -04:00
Mikko Rapeli 9f19b9b9a3 trusted-firmare-a: update qemu patch status
Submitted to upstream and worked through review
comments and CI issues:

https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/36514

Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2025-04-01 10:42:55 -04:00
Mikko Rapeli 629fc54290 edk2-firmware: fix SOURCE_DATE_EPOCH
edk2-firmware build scripts use printenv to print SOURCE_DATE_EPOCH
but that is not in HOSTTOOLS and thus fails with configurations
which use VirtualRealTimeClockLib. Change to using SOURCE_DATE_EPOCH
environment variable directly to fix builds. I think this is OE
specific build config change but filed a bug report upstream
https://github.com/tianocore/edk2/issues/10910
since the fallback mechanism is not working.

Applying patch in 202411 recipe and not .inc since 202408 recipe
from meta-arm-bsp does not find the patch file from meta-arm
side.

[Jon Mason: corrected issues with email patch mangling for edk2]

Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2025-04-01 10:41:22 -04:00
Ross Burton 2cc1cd16ab CI: dump all environment variables in update-repos
Print all of the environment variables in the update-repos task for
introspection, instead of a subset.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2025-04-01 09:25:23 -04:00
Ross Burton 9b92d080b1 CI: disable KAS_REPO_REF_DIR by default
Having local repo caches is a little fiddly to manage, and by definition
we're running CI inside GitLab which supports mirroring repositories
automatically.

As these mirrors are always available and update automatically, make
Kas reference directories opt-in and instead expect that the site is
either fine with full fetches, or is using KAS_PREMIRRORS.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2025-04-01 09:25:23 -04:00
Ross Burton c8da42d7bd CI: always save the lockfile.yml in update-repos
The update-repos job can "fail with warnings" if the reference repository
fetch fails. This is intentionally a warning as the CI may have set
KAS_PREMIRRORS and a stale cache is fine.

However, by default artifacts are only saved on successful jobs, so if
this happens the lockfile.yml isn't saved. Ensure the artifacts are
always saved so the rest of the pipeline is successful.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2025-04-01 09:25:23 -04:00
Jon Mason f94c002d1d arm-bsp/sgi575: add FVP support
Add FVP support to sgi575 and run a boot test as part of CI.  Networking
is not currently working and seems to require an older version of edk2
to boot the kernel.  Also, the unique files for grub and wks do not seem
to be necessary.

Signed-off-by: Jon Mason <jon.mason@arm.com>
2025-03-28 10:00:08 -04:00
Jon Mason 3bf8bf5d4d arm/fvp: add TC3 and Neoverse v3, remove n1 edge
Add Total Compute 2023, Neoverse V3 R1, and Reference Design-1 AE FVPs.
Also, remove Neoverse N1 Edge.

Signed-off-by: Jon Mason <jon.mason@arm.com>
2025-03-28 10:00:08 -04:00
Jon Mason 957fcca083 arm/edk2-firmware: Fix branch name variables
In the SRC_URI, the branch name variables are switched for edk2 and
edk2-platforms.  Switch them as appropriate.

Fixes: bf204866e8 ("arm: Use SRC* variables consistently")
Signed-off-by: Jon Mason <jon.mason@arm.com>
2025-03-28 10:00:08 -04:00
Ross Burton 49cad31d10 ci/update-repos: always pass the latest URL
Instead of assuming that the repository was created with the latest URL,
fetch the repository explicitly when fetching.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2025-03-26 15:00:07 -04:00
Ross Burton 95e4041c19 ci: show KAS_PREMIRRORS in preamble
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2025-03-26 15:00:07 -04:00
Ross Burton 69f9b2da14 ci: forward the exit code from update-repos
If update-repos fails with status 128 then that means it failed to fetch
the remote repositories.  This should result in a warning not a failure
but flock was just returning status 1.

Save the exit code and if it returns 128 continue but exit with it
later, so the lockfile generation still occurs but the job doesn't fail.

Also, only call the update-repos script if KAS_REPO_REF_DIR has been set.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2025-03-26 15:00:07 -04:00
Ross Burton 5d0fcd503b CI: use canonical git.yoctoproject.org URLs
The canonical repository URLs don't use /git/.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2025-03-26 15:00:07 -04:00
Mikko Rapeli 56c13c3648 trusted-firmware-a: move qemu patch
qemuarm64-secureboot directory in path to 0001-Add-spmc_manifest-for-qemu.patch
hides the patch from machines with different names and thus break builds
unless overrides are set to include "qemuarm64-secureboot".
Move patch to plain "files" directory to avoid build failures
and this cumbersome workaround.

Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2025-03-25 14:05:52 -04:00
Ross Burton 34c8608d87 arm-system-ready/arm-systemready-ir-acs: add version to download filename
The download filename wasn't versioned so multiple versions would write
to the same file on disk and conflict, causing repeated downloads and
fetch failures.

Add the PV to the filename on disk to resolve this.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2025-03-25 14:05:32 -04:00
Ross Burton c9fa84d0f7 CI: use DEFAULT_TAG as the default ACS_TAG
This stops the job being stuck if the runners will only take jobs that
have been tagged.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2025-03-25 14:05:32 -04:00
Jon Mason f78c6c0e4f arm/trusted-firmware-a: update 2.12.0 recipe to 2.12.1
Update to the lts-v2.12.1 tag.  Changes include a number of CVE fixes
and mbedtls minor version bump:
	8cf9edba5cc3 docs(changelog): changelog for lts-v2.12.1 release
	f5d048108bf3 Merge changes from topic "for-lts-v2.12.1" into lts-v2.12
	56472775f96d docs(maintainers): update LTS maintainers
	baab55315c7f docs: updates to LTS
	f00f71efc410 docs: add inital lts doc
	1a8ee82c6d77 Merge changes from topic "for-lts-v2.12.1" into lts-v2.12
	b19ce90a908c fix(rd1ae): fix rd1-ae device tree
	34f10e7d9fc7 feat(rd1ae): add Generic Timer in device tree
	551dc4c09f57 docs(rd1ae): update documentation to include BL32
	8e4240779867 feat(rd1ae): add support for OP-TEE SPMC
	8e4bb69c747e feat(mbedtls): mbedtls config update for v3.6.2
	a46d6a1320d7 docs(prerequisites): update mbedtls to version 3.6.2
	2ffe181a3982 refactor(mbedtls): rename default mbedtls confs
	3809359e2124 fix(cpus): workaround for Neoverse-V3 erratum 3701767
	4a9ff092c9b4 fix(cpus): workaround for Neoverse-N3 erratum 3699563
	7e41b706e97c fix(cpus): workaround for Neoverse-N2 erratum 3701773
	15300ac30c55 fix(cpus): workaround for Cortex-X925 erratum 3701747
	6e0efc7fe739 fix(cpus): workaround for Cortex-X4 erratum 3701758
	8299c1274617 fix(cpus): workaround for Cortex-X3 erratum 3701769
	fa6c9874485b fix(cpus): workaround for Cortex-X2 erratum 3701772
	4e78288fd2bc fix(cpus): workaround for Cortex-A725 erratum 3699564
	ae6edfd5b543 fix(cpus): workaround for Cortex-A720-AE erratum 3699562
	24526273fc50 fix(cpus): workaround for Cortex-A720 erratum 3699561
	a7b322706435 fix(cpus): workaround for Cortex-A715 erratum 3699560
	d4826882210b fix(cpus): workaround for Cortex-A710 erratum 3701772
	9d6143ec8ffb fix(cpus): workaround for accessing ICH_VMCR_EL2
	7e4bf042a0dd chore(cpus): fix incorrect header macro
	9427c061eb8d fix(security): apply SMCCC_ARCH_WORKAROUND_4 to affected cpus
	bea64fd5272d fix(security): add support in cpu_ops for CVE-2024-7881
	16b87247ed03 fix(security): add CVE-2024-7881 mitigation to Cortex-X3
	427c33bc0c0b fix(security): add CVE-2024-7881 mitigation to Neoverse-V3
	192a152448ae fix(security): add CVE-2024-7881 mitigation to Neoverse-V2
	3e4d94c43b64 fix(security): add CVE-2024-7881 mitigation to Cortex-X925
	41a52efd6f38 fix(security): add CVE-2024-7881 mitigation to Cortex-X4
	2f09b9f3c2af fix(security): enable WORKAROUND_CVE_2024_7881 build option
	70a7d3f2d030 fix(cpus): workaround for CVE-2024-5660 for Cortex-X925
	41b64fe36f42 fix(cpus): workaround for CVE-2024-5660 for Cortex-X2
	0b2d22097c96 fix(cpus): workaround for CVE-2024-5660 for Cortex-A77
	193370e1c6a2 fix(cpus): workaround for CVE-2024-5660 for Neoverse-V1
	d52c52a5fa8c fix(cpus): workaround for CVE-2024-5660 for Cortex-A78_AE
	3bd6531a55a4 fix(cpus): workaround for CVE-2024-5660 for Cortex-A78C
	eda09acd1b22 fix(cpus): workaround for CVE-2024-5660 for Cortex-A78
	b9766da96365 fix(cpus): workaround for CVE-2024-5660 for Cortex-X1
	6324220805b1 fix(cpus): workaround for CVE-2024-5660 for Neoverse-N2
	6041f0723994 fix(cpus): workaround for CVE-2024-5660 for Cortex-A710
	b23f5da614e6 fix(cpus): workaround for CVE-2024-5660 for Neoverse-V2
	ef378713fa4b fix(cpus): workaround for CVE-2024-5660 for Cortex-X3
	2898088f8ba6 fix(cpus): workaround for CVE-2024-5660 for Neoverse-V3
	b8e111c72619 fix(cpus): workaround for CVE-2024-5660 for Cortex-X4
	a6f6396313ea fix(cpus): workaround for Cortex-X4 erratum 2923985
	d1c3a5d8b9d8 fix(build): do not force PLAT in plat_helpers.mk
	ea1b816b1763 chore(deps): update pytest for cot-dt2c
	65762d7b4cfc chore(deps): bump jinja2
	87f3125a0e45 chore(deps): bump jinja2 in the pip group across 1 directory
	b4530565c030 chore(deps): bump the pip group across 2 directories with 1 update
	11e5f92d3d43 build(deps): bump setuptools in the pip group across 1 directory
	850389f4acfe chore(deps): bump micromatch

Signed-off-by: Jon Mason <jon.mason@arm.com>
2025-03-20 12:49:21 -04:00
Jon Mason 27a88dd7bd arm/opencsd: update to v1.5.6
Signed-off-by: Jon Mason <jon.mason@arm.com>
2025-03-20 12:49:21 -04:00
Jon Mason b4e61d8c10 arm/edk2-firmware: update to edk2-stable202411
Update to the latest version of edk2.  Unfortunately, sbsa-ref has a
kernel warning due to the CPU topology that was added.  So, hold this
platform back to 202408 and move those recipes to meta-arm-bsp.

Signed-off-by: Jon Mason <jon.mason@arm.com>
2025-03-20 12:49:21 -04:00
Mikko Rapeli 45daeba052 oeqa parselogs-ignores-sbsa-ref.txt: ignore screen error
It's not clear why this happens but this error is visible
in CI builds too often. Root cause needs analysis but
ignore the error for now.

https://autobuilder.yoctoproject.org/valkyrie/#/builders/75/builds/1190/steps/23/logs/stdio

Traceback (most recent call last):
  File "/srv/pokybuild/yocto-worker/meta-arm/build/meta/lib/oeqa/core/decorator/__init__.py", line 35, in wrapped_f
    return func(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^
  File "/srv/pokybuild/yocto-worker/meta-arm/build/meta/lib/oeqa/runtime/cases/parselogs.py", line 185, in test_parselogs
    self.assertEqual(errcount, 0, msg=self.msg)
AssertionError: 1 != 0 : Log: /srv/pokybuild/yocto-worker/meta-arm/build/build/tmp/work/sbsa_ref-poky-linux/core-image-sato/1.0/target_logs/Xorg.0.log
-----------------------
Central error: [   103.173] failed to find screen to remove
***********************
[   101.955] (**) QEMU QEMU USB Tablet: (accel) selected scheme none/0
[   101.955] (**) QEMU QEMU USB Tablet: (accel) acceleration factor: 2.000
[   101.958] (**) QEMU QEMU USB Tablet: (accel) acceleration threshold: 4
[   102.144] (II) event0  - QEMU QEMU USB Tablet: is tagged by udev as: Mouse
[   102.169] (II) event0  - QEMU QEMU USB Tablet: device is a pointer
[   102.228] (II) config/udev: Adding input device QEMU QEMU USB Keyboard (/dev/input/event1)
[   102.228] (**) QEMU QEMU USB Keyboard: Applying InputClass "libinput keyboard catchall"
[   102.229] (II) Using input driver 'libinput' for 'QEMU QEMU USB Keyboard'
[   102.229] (**) QEMU QEMU USB Keyboard: always reports core events
[   102.229] (**) Option "Device" "/dev/input/event1"
[   102.318] (II) event1  - QEMU QEMU USB Keyboard: is tagged by udev as: Keyboard
[   102.326] (II) event1  - QEMU QEMU USB Keyboard: device is a keyboard
[   102.345] (II) event1  - QEMU QEMU USB Keyboard: device removed
[   102.385] (**) Option "config_info" "udev:/sys/devices/platform/PNP0D10:00/usb1/1-2/1-2:1.0/0003:0627:0001.0002/input/input1/event1"
[   102.386] (II) XINPUT: Adding extended input device "QEMU QEMU USB Keyboard" (type: KEYBOARD, id 7)
[   102.519] (II) event1  - QEMU QEMU USB Keyboard: is tagged by udev as: Keyboard
[   102.527] (II) event1  - QEMU QEMU USB Keyboard: device is a keyboard
[   103.105] (II) modeset(0): Disabling kernel dirty updates, not required.
[   103.165] (II) config/udev: removing GPU device /sys/devices/pci0000:00/0000:00:01.0/drm/card0 /dev/dri/card0
[   103.173] xf86: remove device 0 /sys/devices/pci0000:00/0000:00:01.0/drm/card0
[   103.173] failed to find screen to remove
***********************
1 errors found in logs.

Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2025-03-20 11:00:04 -04:00
Ross Burton 00fa95aec1 CI: fix duplicate variables
I accidentally created two variables sections, resulting in our build
jobs running on very limited containers.

Signed-off-by: Ross Burton <ross.burton@arm.com>
2025-03-20 11:50:21 +00:00
Ross Burton f20bd9ff62 CI: move CPU_REQUEST from .build to .setup
We were only setting the k8s CPU request in .build jobs not .setup. This
was intentional initially so that only the build jobs get more resources,
but some of the non-.build jobs are resource-heavy. For example, the
pending-updates job has to parse the entire metadata from scratch, and
that sometimes takes longer than usual when we only have two cores to
use.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2025-03-11 11:00:07 -04:00
Mikko Rapeli 53bfba8c5b optee-ftpm: support genericarm64
genericarm64 machines may have firmware with optee support
and thus also optee-ftpm may be compiled and used there.
tee-supplicant will load TAs at runtime if support is
detected.

Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2025-03-11 07:00:04 -04:00
Mikko Rapeli 11d3f0ad34 optee: support genericarm64
optee-client/tee-supplicant, optee-os-tadevkit and optee-test can be
compiled for genericarm64 and these detect firmware optee support at
runtime. Using qemuarm64 compatible config for them.
optee-os itself may need HW specific config for different boards
and SoCs but these components work with same config on multiple boards.
Tested on qemu and AMD kv260 with Linaro Trusted Substrate firmware
(https://gitlab.com/Linaro/trustedsubstrate/meta-ts).

Note: optee-test version in userspace and optee-os version in firmware
must match for tests to pass.

Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2025-03-11 07:00:04 -04:00
Ross Burton e02a77c055 CI: there's no need to run pending-updates on x86 machines
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2025-03-10 09:00:05 -04:00
Ross Burton af9375798f arm/arm-bsp/trusted-firmware-a: use main branch when fetching mbedtls
mbedtls pushes to both master and main, but main is preferred.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2025-03-10 09:00:05 -04:00
Ross Burton b6227e2962 arm-bsp/fvp-base: bump cores to to v8.5
The Pointer Authentication (PAC) instructions are part of v8.3, and BTI
(Branch Target Indentification) instructions are mandatory in v8.5.

As we want to use PAC/BTI everywhere in this BSP, bump the cores to
v8.5.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2025-03-06 10:40:44 -05:00
Andrew Jeffery f9f47ec15a arm/trusted-services: ts-sp-fw: Replace v2.7.0 tag with commit ID
Do so for the usual reason of avoiding network access during recipe
parsing. Occasionally parsing will stall for me as it seems connectivity
to trustedfirmware.org can be flaky.

Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2025-02-28 01:00:06 -05:00
Jon Mason 07fcd92a68 arm/boot-wrapper-aarch64: update to the latest
Update to the latest commit.
Changes in gn between 5e3760073454c72f3458805a1b7a89ecf80353cb and ac6742520ded1da30d500f74e8affe86e27cabd5
	ac6742520ded aarch64: Start Xen on Armv8-R at EL2
	ba899d1d7227 aarch64: Implement PSCI for Armv8-R
	476a0b6451d7 aarch64: Enable Armv8-R EL2 boot
	0f00cf4cb8b2 Introduce --with-bw-arch for boot-wrapper compile arch
	aafb5958eb9d Boot CPUs sequentially
	d62de19c8661 Add printing functions
	1ab497ed6c38 Simplify spin logic
	1e576e54d0a4 Unify assembly setup paths
	19ffbec99cf5 aarch32: Always enter kernel via exception return
	e8e6f797bafa aarch32: Implement cpu_init_arch()
	8745a2cd8e0a aarch32: Refactor inital entry
	77c3316737fc aarch64: Always enter kernel via exception return
	308d25f908a8 aarch64: Implement cpu_init_arch()
	4dcb17f55300 aarch64: Remove redundant EL1 entry logic
	400f0a86dcc8 Revert "configure: allow the use of bare-metal toolchains"
	1fea854771f9 configure: allow the use of bare-metal toolchains
	784feb9b0753 Makefile: suppress RWX segment warnings
	e1d7651f3c2f Makefile: rework test-dtc-option
	cd7fe8a88e82 aarch64: Enable access into RCW[S]MASK_EL1 registers from EL2 and below
	1ac203146003 aarch64: Enable access into 128 bit system registers from EL2 and below
	b13b3bdcb2a1 aarch64: Enable access into SCTLR2_ELx registers from EL2 and below
	61b84b4a1c02 aarch64: Remove TSCXT bit set from SCTLR_EL2_RESET
	3bac221638c4 configure: make --with-kernel-dir optional

Signed-off-by: Jon Mason <jon.mason@arm.com>
2025-02-25 11:00:05 -05:00
Jon Mason 9da0a47d07 arm/trusted-firmware-rmm: update to 0.6.0
Signed-off-by: Jon Mason <jon.mason@arm.com>
2025-02-25 11:00:05 -05:00
Jon Mason b31af92555 arm/trusted-firmware-m: update to v2.1.1
Update trusted-firmware-m to the latest LTS (TF-Mv2.1.1)
Changes between 0c4c99ba33b3e66deea070e149279278dc7647f4 and 02bf279913439a07082dd581df033f370a8fbb92
	02bf27991343 docs: Release notes for v2.1.1
	7264a32e84a0 docs: rp2350: Minor docs & script improvements
	4bad159af017 Docs: Release dates update
	a5e02ec0c6a2 Align .gitignore contents to main branch
	8fe944a652f5 Platform: RP2350: Fix NV counters in ITS
	66bc1fa8eed9 Build: Fix patch formatting for 0001-iar-Add-missing-v8.1m-check.patch
	895d44a4eb52 Platform: RP2350: Add NV counters to ITS
	e81b741aa6cc tf-m-tests: Step version for rp2350 psa-arch-tests
	2be65a027c86 Platform: rp2350: Add rwx linker flag conditionally for GNUARM
	a85425417696 Platform: RP2350: Add RP2350 porting
	9ed2e7c7f52b Platform/TFM/ITS/Config: Commits required for new platform porting
	f12db7c872d5 cc3xx/low-level/pka: SRAM size depends on CC3XX version
	c7e0192fab6f cc3xx/low-level/hash: wait for hash engine to be idle
	42a4041bdff4 Crypto: Update to Mbed TLS 3.6.2
	471c127e7755 Crypto: Add option to enforce ABI compatibility
	7da71fd05445 tfm_spe_mailbox: Fix NULL pointer checks
	974bc101e0b2 cc3xx/low-level/pka: wait for sw reset to be done before proceeding
	89b9c4889c60 Crypto: Enforce MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS on Mbed TLS config
	62b1300557c5 Crypto: Additional checks for writes to avoid out-of-bound access
	a2cead6a9ef4 tfm_spe_mailbox: Use local vars for local_copy_vects
	15afe61d1194 TFMV-8: Fix unchecked user-supplied pointer via mailbox message
	22e8e89c8f56 tfm_spe_mailbox: Do not write-back on input vectors checks failure
	12a4c5342965 tfm_spe_mailbox: Validate vectors from NSPE
	75bbe3fc0240 CC3XX: Relax assert condition in aead_crypt for input
	0db7ebf32ba3 Crypto: Protect writes to avoid out-of-bound access
	2ecea430fbb4 Crypto: Prevent the scratch allocator from overflowing
	fbcdc69b794d SPM: mailbox_agent_api: Free connection if params association fails
	2a59580b5809 Crypto: Update to Mbed TLS 3.6.1
	6a54ec89f22f Platform: STM32: script all_stm_platfrom
	66596b4dae57 Platform: corstone1000: Fix isolation L2 memory protection
	7045675209ca stm : fix error on b_u585i_iot02a with TF-Mv2.1.0

Signed-off-by: Jon Mason <jon.mason@arm.com>
2025-02-25 11:00:05 -05:00
Jon Mason 55b41af673 arm/trusted-firmware-a: update the LTS to v2.10.12
Update trusted-firmware-a to lts-v2.10.12
Changes between 7e63213601425c7a6d83e47dc936b264deb9df2b and 408ba4ddfe9a8d55e3e2488bea89c39adef07981
	408ba4ddfe9a docs(changelog): changelog for lts-v2.10.12 release
	7bdf51628eab Merge "docs(maintainers): update LTS maintainers" into lts-v2.10
	8355ef7728ec docs(maintainers): update LTS maintainers
	faceedf4e5c2 Merge changes from topic "for-lts-v2.10.12" into lts-v2.10
	9007a3344e12 Merge changes from topic "gr/lts-doc-2.10" into lts-v2.10
	924c7f42ce4a chore(deps): bump cross-spawn
	7c8c034e5fed chore(deps): bump jinja2 in the pip group across 1 directory
	3d85a19f2f54 docs: updates to LTS
	13657a3f3f2a docs: add inital lts doc
	a4c57c122407 Merge changes from topic "lts-v2.10.12" into lts-v2.10
	564922601397 feat(mbedtls): mbedtls config update for v3.6.2
	44161dcb10ab docs(prerequisites): update mbedtls to version 3.6.2
	0ac65e7aa5ec refactor(mbedtls): rename default mbedtls confs
	8b2c885739dd fix(arm): add extra hash config to validate ROTPK
	832b92b7f615 docs(changelog): changelog for lts-v2.10.11 release
	a3fc7c18c461 Merge changes from topic "for-lts-2.10.11" into lts-v2.10
	196984e65da0 fix(cpus): workaround for Cortex-X4 erratum 2923985
	0eed05ee70aa chore(cpus): optimise runtime errata applications
	34e6d7cb8ce1 Merge changes from topic "sm/fix_erratum" into lts-v2.10
	ad9dfdc5800c fix(cpus): workaround for CVE-2024-5660 for Cortex-X2
	5673d345aaa3 fix(cpus): workaround for CVE-2024-5660 for Cortex-A77
	4fd2a6702dd1 fix(cpus): workaround for CVE-2024-5660 for Neoverse-V1
	a02a863d3156 fix(cpus): workaround for CVE-2024-5660 for Cortex-A78_AE
	87250d2bb1ea fix(cpus): workaround for CVE-2024-5660 for Cortex-A78C
	30c57c58abe3 fix(cpus): workaround for CVE-2024-5660 for Cortex-A78
	c7d3c9eb2d81 fix(cpus): workaround for CVE-2024-5660 for Cortex-X1
	282e63544d26 fix(cpus): workaround for CVE-2024-5660 for Neoverse-N2
	f7ae819f03ae fix(cpus): workaround for CVE-2024-5660 for Cortex-A710
	3efc9e13011d fix(cpus): workaround for CVE-2024-5660 for Neoverse-V2
	17e17ed3f1e6 fix(cpus): workaround for CVE-2024-5660 for Cortex-X3
	a6375e1feb42 fix(cpus): workaround for CVE-2024-5660 for Neoverse-V3
	e42abf298321 fix(cpus): workaround for CVE-2024-5660 for Cortex-X4
	698e68fe1fe9 fix(cpus): workaround for CVE-2024-5660 for Cortex-X925
	b229b47bd86c chore: rename Blackhawk to Cortex-X925
	96498991d1ce chore: rename Chaberton to Cortex-A725
	b28aa38e28cf docs(changelog): changelog for lts-v2.10.10 release
	8e74814ce52f Merge changes from topic "for-lts-v2.10.10" into lts-v2.10
	c9f3fb5822dc build(deps): bump setuptools in the pip group across 1 directory
	395ef3534cf1 chore(deps): bump micromatch
	6c6e986bffb3 build(npm): update Node.js and all packages
	c5d2a030a35f build(deps): bump braces
	ebf6430a01c5 build(deps): bump idna from 3.4 to 3.7
	93ad43e79ef7 build(deps): bump jinja2 from 3.1.2 to 3.1.4
	f8a06a0f82ce build(deps): bump urllib3 from 2.0.2 to 2.2.2
	3ea256c36a4b build(deps): bump pip from 23.1.2 to 23.3

Signed-off-by: Jon Mason <jon.mason@arm.com>
2025-02-25 11:00:05 -05:00
Jon Mason 74bd36ec63 arm/gn: update to latest commit
Update to the latest gn commit.
Changes in gn between 95b0f8fe31a992a33c040bbe3867901335c12762 and ab638bd7cbb9ac8468bf2fbe60c74ed4706a14a7
	ab638bd7cbb9 Revert "Speed-up GN with custom OutputStream interface."
	2dd9331a7041 Speed-up GN with custom OutputStream interface.
	ed1abc107815 Add `exec_script_allowlist` to replace `exec_script_whitelist`.
	c97a86a72105 Retry ReplaceFile in case of failure
	7296b601ea80 Fix crash when NinjaBuildWriter::RunAndWriteFile fails
	468c6128db7f fix include for escape.h
	5a47a93b9426 fix exit code for gn gen failure
	24e92acb8472 misc: Use html.escape instead of cgi.escape
	feafd1012a32 Do not copy parent build_dependency_files_ in Scope constructors.

Signed-off-by: Jon Mason <jon.mason@arm.com>
2025-02-25 11:00:05 -05:00
Jon Mason 543adf67d2 arm/opencsd: update to 1.5.5
Update to the latest stable version (1.5.5), comprised of the following
commits:
	742d60ed7dc7 opencsd: Update version info and README for 1.5.5
	7ca491c516b8 build: Update docs for MacOS support
	cac83e59666e build: Add MacOS development makefile
	e56eff270ca2 build: Use .dylib shared library suffix for MacOS
	35f957d2a97a build: Create initial MacOS makefile
	44dff5b22a26 build: Restore Linux build support
	a0e13010e1d6 build: Rename build folders as 'unix_common' for upcoming MacOS support
	ecdde9f69307 tests: Add option to suppress elapsed processing time in test program.
	821632be920c tests: update mem_buff_demo test to add options.
	70e472c9387f opencsd: Memacc object cleanup fix

Signed-off-by: Jon Mason <jon.mason@arm.com>
2025-02-25 11:00:05 -05:00
Jon Mason f1fc5c53a1 arm/hafnium: update to v2.12.0
Update to the latest version of halfnium

Changes between 2bef7ab3895c48d39b84ab58179b2d0de5156b8b and 2cf2ca7c4b81ab18e9cd363d9a5c8288e2a94fda
	2cf2ca7c4b81 docs: the change log for the v2.12 release
	69e18eb52d63 docs: update the threat model for IPI threats
	c9866ab33c7a docs: add description of single service IPI support
	b17856caec30 test: interrupt targeting blocked vcpu is queued
	0ee13d9cc510 test: add helpers to share page for coordination btw endpoints
	eda971da9f4c fix: queue interrupt targeting blocked vcpu
	0a69718c6298 fix(docs): fixes to the docs to fix build errors
	4b3d26803b56 test(ipi): IPI to invalid vCPU fails
	2f579f93c1d9 test: multiple SPs periodic deadlines on multiple cores
	8157b6897a8f test: multiple SPs with periodic deadline
	b390a0d12967 test(ipi): set target vCPU in VCPU_STATE_BLOCKED
	2affbc7a7bbb test(ipi): target vCPU set in VCPU_STATE_PREEMPTED
	180a65a7be5f feat(ipi): handle in VCPU_STATE_BLOCKED/PREEMPTED
	84d49b67d2d9 fix(ipi): small fixes to the ipi implementation
	0136b2bf3f35 test: migrate blocked vcpu with pending timer
	da42b544504b test: timer expired while vcpu is in PREEMPTED state
	7c9702280c62 chore: reduce verbosity of console messages for SPs
	9243e772b209 docs: support for arch timer in secure world
	c0110997e1f8 chore: add doc comment on Pauth fault tests
	a067dc1d77f8 test: add unit tests for timer management
	872742eec217 test: use watchdog timer as source of non secure interrupt
	febcb625856e test: add driver for normal world watchdog timer
	b9dd51451e46 test: introduce driver for sp805 peripheral
	65827d703535 test: migrate vCPU of SP with pending timer deadline
	593b8addcbdc test: multiple SPs programmed with timer deadlines
	fe10878b1e1c test: SP reprograms the arch timer deadline
	b2429b49c524 test: SP handles timer with short deadline
	34c050a04357 test: commands for SP services to configure timer
	64ae5a8d6a18 test: add SP helper utilities for arch timer
	6b8cf4f361f6 feat(arch timer): handle spurious host timer interrupt
	106bfc364d64 feat(arch timer): migrate vCPU with pending timer to another CPU
	cf069a65988e feat(arch timer): resume SP if deadline expires in NWd
	2efb3e103382 feat(arch timer): handle host timer interrupt tracking live deadline
	32424db1d5d6 feat(arch timer): inject timer virtual interrupt before resuming vCPU
	a3787c91a96c feat(arch timer): track pending timer configured by SP vCPU
	28e988f3bb56 chore: exclude physical timer source file from static checks
	f684d196422b feat(arch timer): trap and emulate physical timer access from SPs
	d3ac7383c10f feat(arch timer): helpers to configure EL1 physical timer
	f658f5e1a6e1 feat(arch timer): initialize timer list and host physical timer
	def48d0365b3 feat(arch timer): introduce host timer driver
	c31708afa85c feat(arch timer): helper utilities to add and remove from timer list
	eed861e514ba feat(arch timer): data structure to track pending timers
	08200fe0f2e2 test: physical interrupt preempts virtual interrupt handling
	75331b3ee028 test: SPMC call chain not preemptible
	179f567f17fe test: helpers commands to mimic secure interrupt scenarios
	94946a1451e3 fix(interrupts): SPMC scheduled call chain shall not be preempted
	025a451a9275 fix: simplify secure interrupt handling
	c3fd9756a53e feat(memory share): handle GPF in FFA_MEM_FRAG_RX
	e06384d55458 docs: document VM availability messages
	50ef91174b38 refactor: api_ffa_msg_send_direct_resp
	13f09815b474 refactor: don't pass sender/receiver ID
	79504ff11a86 refactor: remove unused functions
	a1a0235181b3 test: VM availability messaging tests
	06e8b732abc2 feat: forward VM availability messages from SPMC to SP
	d0356f85a2a2 refactor: `spmd_handler` refactorings
	520bcc86451b test: VM created/destroyed partition properties
	a603e0842531 feat: VM created/destroyed partition properties
	18694027d10d feat: parse `vm-availability-messages`
	1308a63f4851 test(ipi): FFA_NOTIFICATION_INFO_GET reports pending IPI
	d270b869c989 test(ipi): target waiting vCPU whilst in SWd
	537165559733 test(ipi): target waiting vCPU whilst in NWd
	3a9510e81960 test(ipi): handling SRI in the NWd
	377defd58730 test(ipi): send IPI to running vCPU
	d2efb134495d test(ipi): state machine to help testing IPI
	8be2651ff463 test(ipi): add unit tests for fetching pending IPIs
	1f2babf02fd8 feat(ipi): report IPIs in FFA_NOTIFICATION_INFO_GET
	960be20fecdc feat(ipi): handle IPI for waiting case
	f3cf28cf7d4b feat(ipi): introduce IPI paravirtualised interface
	18485946304c refactor: use bitfields for interrupt_descriptor struct
	e44e18e5702b fix: increase stack size in primary VM
	cc9d11383413 ci: increase timeout for long running tests
	b8f9a899f0be test: if SPs wake up with eret FFA_RUN
	4dbf4d95c63f fix: only normal world VMs need FFA_RUN
	478faac95b69 refactor: always eret FFA_RUN to the caller
	8ddb0e2d11e6 chore: drop the FFA_RUN tests
	3190f5401e09 chore: specify updated submodule commit hash
	baaf9e5bd0c5 docs: update FFA_PARTITION_INFO_GET(_REGS)
	0ffce75f8244 refactor(notifications): verbose validity check
	3e55c4d8e3de fix: check ff-a version for functionality support
	d96c931b233d test(ff-a): report features in partition info get
	7fb0fdb7ab97 fix: report indirect message and direct message 2
	11f50e5ff10b chore: drop linux/driver project checks
	d5d6c381e69c chore: drop the driver/linux submodule
	8018929656f3 doc: refer the checkpatch.pl setup
	d8e61447a1b5 ci: add script download checkpatch.pl
	94b0fa111104 chore: drop rule to update linux binary
	ddeedafa09d0 chore: drop the third_party/linux submodule
	6b756a10770a ci: drop the setup with the hafnium driver
	15e302616540 chore: drop hf_interrupt_inject
	da6b099e5dfb chore: drop mailbox waiting list
	9a9ed227a137 test(ff-a): FFA_MSG_WAIT called with pending message
	ccbf26c078c7 docs: add FFA_MSG_WAIT description
	ea8ccfe752cb refactor(notifications): drop the SRI state
	ac0cb263714c chore: drop legacy timer support in hypervisor
	9acc62973951 chore: remove legacy timer support tests
	a74c97c4c184 test: interrupt targets blocked SP
	23a7e58b6494 fix(interrupts): resume blocked vCPU and pend vIRQ line
	3e749afb2d9b test(pauth): test PAuth usage from S-EL0
	70c6ca0e0cb9 fix(pauth): use prng to generate S-EL0 pauth keys
	9478e32bb811 refactor: UUID packing/unpacking
	cca64d765bf0 refactor: `get_ffa_partition_info`
	fb9c2a27a319 refactor: `api_ffa_fill_partition_info`
	45abeebfd2b4 feat: report error if too many UUIDs in manifest
	6053297ef775 refactor(manifest): UUID parsing
	8c5de22b6b6a test: fork 'preempted_by_secure_interrupt'
	bd32c97bdb07 refactor: simplify interception of FF-A calls
	67f5ba3d10d3 refactor: boot order list to use list.h
	8e02186908e0 refactor: rename list functions
	3bfc36eab652 test(ff-a): cannot send indirect message when RX buffer full
	3d5a9609bf43 test(ff-a): add RX retention tests to S-EL0 setup
	a2103eb08381 feat(code-coverage): check elf files for folder include/exclude
	c7270b752e5f fix(memory share): hypervisor retrieve request check
	7640451f68fc fix(build): fix out of tree build specifying $OUT
	36fcf881497b fix: detect pauth algorithm in cpu
	483686441714 refactor: `memcpy` refactors
	5d5f27972dbb fix: use correct load-address while adding offset
	3bb825946fed fix(indirect message): set framework notifications
	8ccd2d0f0552 fix: rename load address relative offset node name
	67196c7ad3bc docs: document new `FFA_VERSION` behaviour
	c4d9ae80b40b fix(ff-a): don't report ME interrupt to EL0
	41c5da385103 fix(notifications): delay SRI flag use from NWd
	d9e7c8fd3cf9 fix: in case the mailbox is FULL return FFA_RUN
	77b4eef0071d fix(hftest): clear NPI when polling for notifications
	486ffdce7223 test(ff-a): FFA_MSG_WAIT multicore RX buffer test
	337dbdfa04ee test(ff-a): test FFA_MSG_WAIT with retain RX buffer flag
	7253bd5c43fc feat(ff-a): add retain RX buffer flag to ffa_msg_wait
	bc854180a4bb test(ff-a): verify FFA_MSG_WAIT releases RX buffer
	be1a0b7a4d43 fix(ffa): add RX buffer release to FFA_MSG_WAIT
	b8730e9f7263 refactor: moved api_interrupt_clear_decrement to vcpu
	cfc8174a3a22 refactor: added ffa_msg_wait_complete
	472f66a344c9 refactor: use vm_id_is_current_world
	ac9407556eca refactor: rename implicit_completion_signal
	3b31f09c4e80 refactor: create vcpu_secure_interrupt_complete
	9a4b9c0b9592 fix(notifications): per-vCPU for MP only
	318e90a733de feat: queue interrupt targeting blocked vcpu
	c023e39839c0 test: new setup with S-EL1 UP SP as Service2
	538b688a0865 test: register secondary entrypoint only for MP S-EL1
	ec3bf2223df0 test: queue interrupt targeting a migrated vcpu in blocked state
	97fa216c6ae9 test: queue interrupt targeting a migrated vcpu in running state
	ce6baae61eee test: queue interrupt targeting a migrated vcpu in waiting state
	4fff340ea012 test: queue multiple pending virtual interrupts
	e1bec84e69f1 test: handle secure interrupt triggered by Generic Timer
	95bb8fe60145 test: leverage build define to identify an S-EL0 SP
	75a1ab7b9c3c test: update manifests to accommodate AP REFCLK timer device region
	76fe642c630f test: add SP helper commands to manage generic timer
	ad3fb6698931 test: add driver for AP REFCLK Generic timer
	92b404ecffd6 test: driver for generic memory mapped system timer
	ae519e184f12 test: map MMIO regions from device region nodes
	7945bb578a0f refactor: reduce fields tracking interrupt handling for vcpus
	93d3d7015108 feat(interrupts): target migratable S-EL1 UP vCPU
	42e56c11d90e feat(interrupts): target migratable S-EL0 UP vCPU
	48dc41c3890c feat(interrupts): queue if unable to signal virtual interrupt
	c64d0645a4c4 feat(interrupts): prioritize servicing queued virtual interrupts
	32913cb081cf feat(interrupts): data structures, helpers for queueing
	b7c2558e1bbd fix(interrupts): drop the running priority before resuming vcpu
	6acc53703857 fix(hftest): logs from different setups would override
	ff651e335032 feat: hftest to disable_visualisation
	6f6bf8a117f9 refactor: simplify functions to pend VI
	33172403a44a fix: moved unsupported function log
	3e9f605eba42 test: interrupt to be pended before boot
	cc542042dbbd feat(interrupts): physical interrupt enabled
	d533859d7826 chore: add venv to gitignore
	1c56a252a966 fix(hftest): service set-up functions in core 0
	65deaa433730 refactor: drop hypervisor-specific tests
	6045881f4fe2 fix(notifications): vCPU ID check in get ABI
	a2c79226b56b docs: redirect to a common ff-a binding document in TF-A
	296ee70c7af7 refactor(memory share): split check of hyp retrieve request
	058ddee34d02 fix: remove memory region's device attribute
	71704804400a secure_tc: enable branch protection
	9c5b1d3708f8 refactor: split `api_ffa_features`
	650cb148d610 refactor: report FFA_YIELD
	1a8c0cdb812c refactor: report secondary EP register supported
	5a222641c137 refactor: permission get/set supported at S-EL0 partitions
	4271ff9734fe refactor: remove arch/platform specific ffa_features
	4e8e479805bb refactor: reduce log level of some log statements
	be12343e0ceb fix(hftest): interrupt enable/disable
	94f9a7303d06 fix(docs): refactor poetry dependency group
	734981e83008 fix(memory share): dont change the PAS for device memory
	9a444adfee0b refactor(hftest): update iris options
	fd374b8c9227 fix(memory share): v1.1 emad reserved field check
	5ebf4bf2c364 feat: parallelize `clang-tidy`
	2ad6b66ef5f6 chore: fix `clang-tidy` warnings
	a4d4a2b00cf2 fix: check `.h` files with `clang-tidy`
	20acb0118db9 refactor: remove `make check`
	ca9234c8510c refactor: reformat `.clang-tidy`
	67a7926ce341 fix: first vCPU runs in the VCPU_STATE_RUNNING
	77f39c21e52a fix(docs): point poetry readthedocs virtual env
	bd43209c3d7f refactor: console log verbosity
	052fa62be451 fix(docs): design doc typo fails the build
	a33eca997600 fix(qemu): memory barriers to operate DMA
	66a38bd5184d fix: fix build with clang-18
	a5ea909bfc61 fix: fix build with clang-17
	74ee3ab8bb56 fix: fix build with clang-16
	6f1f1210152d feat: print vCPU ID
	920362870c0d test: tests for printing sequentially and concurrently
	31e5c95fd1c7 fix(hftest): define stacks for all secondary cores
	7cdb36d7dfa8 test(mem share): RO mem cannot be zeroed during send
	72d53a15d7b7 fix(boot): remove limit all partition memory is RW
	c7a3848c7cc0 refactor: improve hftest error message
	133ae6e2e48b feat(dlog): adopt FF-A in `stdout_putchar`
	c5cebbc0e8d0 refactor: move log buffer from VM to vCPU
	99fe2434f9d9 refactor: add documentation for interrupt controller in DT
	1c26ae7ec65a fix(gic): add support for passing GIC data from DT in boot flow
	99c5eff25b84 test: add unit tests to validate dma properties
	718afa9ca629 refactor: create a helper function to obtain common fields
	9c764b3e5437 refactor: use dma device properties struct within device node
	7de26958d155 refactor: extract VM's log buffer into separate struct
	6027b4f0bd7a fix: fix signature of `memcpy`
	8f046e4873ea refactor: remove `CHECK_OR_ZERO` macro from `std.h`
	2b56fc163c19 refactor: replace some uses of `uintptr_t` with `cpu_id_t`
	b4ef4320e1d0 refactor: use typedef for CPU entry point functions
	71d887b7cad0 refactor(memory share): improve naming of sender_orig_mode
	c8e6e85d7f72 test(memory share): device as normal through descritor mem types
	3b65a25f2642 test(memory share): lend device memory as normal
	6e2613628196 fix(memory share): add precedence check for memory type
	2268412d6968 test(memory share): normal memory lent as device
	91052c3eb749 fix(memory share): log for invalid instruction access
	3f295b18c75c feat(manifest): add overlap checks for SPMC memory
	889cbf1e6e82 refactor: use enums for PSCI constants
	5e99699970bc refactor: add helper function to check if VM is primary
	8204182ee3d2 refactor: add helper functions for checking if VM is UP/MP
	0a824e972474 chore: fix log strings
	bd060340445e fix(memory share): relinquish from VM
	9bbcb87d8873 fix(memory share): assert pointer before dereferencing
	a39a84497eda feat(memory share): relinquish use `memcpy_trapped`
	3f6527cd56f9 feat(memory share): revert memory retrieve
	69cdfd9531f8 feat(memory share): avoid updating PTs
	7b9cc432ce38 feat(memory share): memcpy_trapped to copy retrieve resp
	8f2150d1d4c6 feat(memory share): `memcpy_trapped` to read from tx
	f220d57a4102 fix(memory share): retrieve request validation
	c9227c849e62 fix(memory share): multiple borrower with NWd VM
	540cddfcb118 feat: introduce gicd_set_ctrl helper utility
	cde596402559 test(ff-a): add tests for changing version through `FFA_VERSION`
	64d930ee6c33 fix: check that calls to FFA_VERSION actually succeed
	e9921275a326 fix: memory sharing tests
	08befddc43c0 refactor: move `update_mm_security_state` to `common/ffa.c`
	2909e54cf230 refactor: port tests due to new restrictions
	d319fbbb5b9b fix: remove log statement that caused `FFA_VERSION` to fail
	6eeec8e85a5f feat: restrict `FFA_VERSION` calls
	0e617d9d2245 refactor(ff-a): `FFA_VERSION` related refactorings
	4b846eb871c0 fix(mem share): zeroing RO memory during memory send
	8fc1b5054cb2 fix: error codes need to be uint32_t
	6fd6c1d6ecad fix: fix input validation in FFA_FEATURES
	49ec1e42e218 refactor: refactor `api_ffa_features`
	88851f90b88e feat: add macros to check bits
	d1c34b5edee1 feat(mte): add error log for sync tag fault in EL2
	95fbb31760eb feat(memory share): add memory share 64-bit ABIs
	b9ae416a7d55 refactor: use `GET_ESR_EC` macro
	5a13355b0802 refactor: add `GET_ESR_FNV`
	9f7ce018c967 test(dlog): unit tests for `dlog` with binary format specifier
	7efc8377234e feat(dlog): support binary unsigned integer format specifiers
	e8937d9c2a05 chore(dlog): fix uses of `dlog` to use new format strings
	544549064bb2 feat(dlog): check arguments to `dlog` at compile-time
	50af30574657 test(dlog): unit tests for `dlog` with length modifiers
	70894da99ab1 feat(dlog): handle length modifiers
	e980e611ed8a refactor(dlog): miscellaneous changes related to logging
	705b56e94b38 refactor(dlog): move `dlog_flush_buffer` to `api.c`
	e8fdaed4c376 refactor(dlog): replace macros with enums
	93157d09e78f test(dlog): unit tests for `dlog`
	c9df08b45438 feat(hftest): assertion macros for strings
	d2ef618a680c refactor(dlog): return number of characters written
	222d9fbb3dee fix: enable `-Wsign-compare` in `ASSERT_EQ`
	1064a9c8d3c3 refactor: use `enum ffa_error` for errors
	824b63d9b256 feat: enable `-Wsign-compare`
	b090762d1c4d fix: disable `-Wsign-compare` for dtc
	4a88b9625897 feat: enable `-Wextra` flag
	df099becb672 refactor(init): use memory pool for boot params
	dc759f53ddbe refactor: use an enum for FF-A error codes
	d38270c14fe8 refactor: use enum for SP commands
	6a7c95926233 feat(hftest): rewrite error messages for failed assertions
	76766e61e230 refactor: use `typeof` in `HFTEST_ASSERT_OP`
	871b41e33565 refactor: always expand `assert` macro
	3a3e08dbd653 fix: check for illegal values of gic related build flags
	346a09cfce7f fix: check for illegal branch protection feature
	0549849def41 fix: propagate enable_mte build flag to cflags
	00d3b632aeda fix: incorrect calculation for number of boot info desc
	b886d4930571 fix(memory share): drop check to instruction access

Signed-off-by: Jon Mason <jon.mason@arm.com>
2025-02-25 11:00:05 -05:00
Jon Mason 1adc206509 arm/fvp-base-a-aem: update to 11.28.23
Update to the latest version.

License SHA changed due to the addition of "Artistic License 2.0" and
was missing entries for a few others that were there previously.

Signed-off-by: Jon Mason <jon.mason@arm.com>
2025-02-24 11:06:06 -05:00
Jose Quaresma a55e4445f2 bsp: optee-client: cleanup old tee-supplicant
The same tee-supplicant is available in the meta-arm layer
along with the recipe.

| meta-arm/recipes-security/optee/optee-client
| meta-arm/recipes-security/optee/optee-client/tee-supplicant.sh
| meta-arm/recipes-security/optee/optee-client/tee-supplicant@.service
| meta-arm/recipes-security/optee/optee-client.inc
| meta-arm/recipes-security/optee/optee-client_4.1.0.bb

Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2025-02-21 09:07:49 -05:00
Jon Mason 25ca4ecb32 arm/trusted-firmware-a: update git recipe
Update the TF-A git recipe to the latest commit (as it was older than
the 2.12 release previously).  Also, update mbedtls to 3.6.2 (per the
tf-a docs in the master branch).

Signed-off-by: Jon Mason <jon.mason@arm.com>
2025-02-20 09:00:07 -05:00
Jon Mason 48708ed3cc arm/trusted-firmware-a: re-add patches
TF-A Patches were erroneously moved to meta-arm-bsp, despite still being
needed by the recipes in meta-arm.  Copy them back and make copious
apologies.

Signed-off-by: Jon Mason <jon.mason@arm.com>
2025-02-20 09:00:07 -05:00
Jon Mason 7c2df809e0 arm/trusted-firmware-a: move qemuarm64-secureboot file to the correct location
Signed-off-by: Jon Mason <jon.mason@arm.com>
2025-02-13 11:00:04 -05:00
Jon Mason 5773030601 CI/machine-summary: remove binary toolchains and sort entries alphabetically
Signed-off-by: Jon Mason <jon.mason@arm.com>
2025-02-13 11:00:04 -05:00
Jon Mason 8a457932df arm/trusted-firmware-a: Move 2.11 to meta-arm-bsp
Move v2.11 to meta-arm-bsp so that corstone1000 can still use it (though
2.12 does appear to work).  Move all the other platforms in meta-arm-bsp
to use 2.12.

Signed-off-by: Jon Mason <jon.mason@arm.com>
2025-02-11 10:24:07 -05:00
Jon Mason f0f0be29a3 arm/trusted-firmware-a: Add cot-dt2c
Platforms with GENERATE_COT need to either have COT_DESC_IN_DTB set or
use cot-dt2c to generate it.  Add cot-dt2c from trusted-firmware-a
sources and its python dependencies to enable this for those that need
it.

Also, move all the relevant platforms in meta-arm-bsp to use 2.12

Signed-off-by: Jon Mason <jon.mason@arm.com>
2025-02-10 14:49:31 -05:00
Philip Puk d656275855 arm-bsp/u-boot: corstone1000: Reserve memory for RSS comm pointer access protocol
This memory was used by OpenAMP to establish communication between
the Secure Enclave and Trusted Services. After transitioning from
OpenAMP to RSE_COMMS, this shared memory is now configured for the
pointer access protocol in RSE_COMMS.

Since this memory may be still used by a user-space application
in linux as U-Boot is passing an EFI memory map starting from
0x80000000, this memory range should be reserved as the
pointer access protocol may be enabled on corstone1000 in the future.

Signed-off-by: Philip Puk <philip.puk@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2025-02-10 09:22:21 -05:00
Mikko Rapeli 34d326f107 systemd-boot: update systemd-bootaarch64.efi path
poky updated systemd from 256 to 257 which changed
the build time path.

Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Ross Burton <ross.burton@arm.com>
2025-02-10 14:04:58 +00:00
Ross Burton 03af0c72f1 arm-toolchain: remove external-arm-toolchain
Integrating the binary Arm GCC toolchain into OE is quite complicated
because the binary release and oe-core's toolchain are arranged slightly
differently, which makes it quite fragile.

As it's obviously a binary release we cannot patch it to fix issues.

Also it has some fairly sizable limitations: for example the kernel
headers are old (from linux 4.19) and the locale packaging is different
so locale package dependencies don't work.

The main historic users of the external toolchain no longer use it, so
remove it.  The recipes will remain in the LTS branches for users who
are using it currently, but will not be part of the next release.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Acked-by: Romain Naour <romain.naour@smile.fr>
Acked-by: Sumit Garg <sumit.garg@linaro.org>
Acked-by: Denys Dmytriyenko <denys@konsulko.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2025-01-30 07:26:31 -05:00
Ross Burton 78f7c988e2 arm-toolchain/external-arm-toolchain: update for toolchain provider changes
The oe-core commit "classes/recipes: Switch virtual/XXX-gcc to
virtual/cross-cc (and c++/binutils)"[1] changes the virtual names that
the toolchain components use, so external-arm-toolchain needs updating
to use these new names.

[1] 4ccc3bc8266c327bcc18c9a3faf7536210dfb9f0

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2025-01-30 07:26:31 -05:00
Musa Antike b56ab3175d kas: Include unattended Debian test
Add unattended installation yml to Debian  target

Signed-off-by: Musa Antike <musa.antike@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2025-01-29 11:41:59 -05:00
Musa Antike f1769d5640 arm-systemready/oeqa: Add unattended installation testcase
Add test for Debian unattended installation verification

Signed-off-by: Musa Antike <musa.antike@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2025-01-29 11:41:52 -05:00
Musa Antike f0978b3067 arm-systemready/linux-distros: Implement unattended Debian
- Implement unattended installation for Debian
- Upgrade Debian version to 12.8.0

Signed-off-by: Musa Antike <musa.antike@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2025-01-29 08:46:03 -05:00
Musa Antike 6e913cf30d arm-systemready/linux-distros: Move openSUSE unattended conf to SRC_URI
- Replace THISDIR with UNPACKDIR by adding unattended conf to SRC_URI

Signed-off-by: Musa Antike <musa.antike@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2025-01-29 08:46:03 -05:00
Musa Antike 0702fbbcfa arm-systemready/linux-distros: Move Fedora unattended conf to SRC_URI
- Replace THISDIR with UNPACKDIR by adding unattended conf to SRC_URI

Signed-off-by: Musa Antike <musa.antike@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2025-01-29 08:46:03 -05:00
Mikko Rapeli db933d55b4 trusted-firmware-a: fix mbedtls license checksum
tf-a 2.10.9 uses mbedtls 3.6.1 from 3.6 branch which
has the same checksum as in tf-a 2.11 recipe. Found when
downgrading tf-a from 2.12 to 2.10 to debug hangs on zcu102
board:

ERROR: trusted-firmware-a-2.10.9-r0 do_populate_lic: QA Issue: trusted-firmware-a: The LIC_FILES_CHKSUM does not match for file://mbedtls/LICENSE;
md5=3b83ef96387f14655fc854ddc3c6bd57
trusted-firmware-a: The new md5 checksum is 379d5819937a6c2f1ef1630d341e026d
trusted-firmware-a: Here is the selected license text:
vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
Mbed TLS files are provided under a dual [Apache-2.0](https://spdx.org/licenses/Apache-2.0.html)
OR [GPL-2.0-or-later](https://spdx.org/licenses/GPL-2.0-or-later.html) license.
This means that users may choose which of these licenses they take the code
under.

The full text of each of these licenses is given below.

                                 Apache License
                           Version 2.0, January 2004
...
  `Gnomovision' (which makes passes at compilers) written by James Hacker.

  <signature of Ty Coon>, 1 April 1989
  Ty Coon, President of Vice

This General Public License does not permit incorporating your program into
proprietary programs.  If your program is a subroutine library, you may
consider it more useful to permit linking proprietary applications with the
library.  If this is what you want to do, use the GNU Lesser General
Public License instead of this License.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
trusted-firmware-a: Check if the license information has changed in /home/builder/src/base/repo/build/tmp_zynqmp-zcu102/work/zynqmp_zcu102-poky-linux/trusted-firmware-a/2.10.9/git/mbedtls/LICENSE to verify that the LICENSE value "BSD-2-Clause & BSD-3-Clause & MIT & Apache-2.0 & Apache-2.0" r
emains valid [license-checksum]
ERROR: trusted-firmware-a-2.10.9-r0 do_populate_lic: Fatal QA errors were found, failing task.
ERROR: Logfile of failure stored in: /home/builder/src/base/repo/build/tmp_zynqmp-zcu102/work/zynqmp_zcu102-poky-linux/trusted-firmware-a/2.10.9/temp/log.do_populate_lic.4070974
NOTE: recipe trusted-firmware-a-2.10.9-r0: task do_populate_lic: Failed
ERROR: Task (/home/builder/src/base/repo/build/../meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.10.9.bb:do_populate_lic) f
ailed with exit code '1'

Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2025-01-17 09:30:29 -05:00
Mikko Rapeli eb9a1ec43b edk2-firmware: fix PlatformStandaloneMmRpmb.dsc build
With backported patch from upstream. Error was:

| build.py...
| /home/builder/src/base/repo/build/tmp_rockpi4b/work/rockpi4b-poky-linux/edk2-firmware/202408/edk2/edk2-platforms/Platform/StandaloneMm/PlatformS
tandaloneMmPkg/PlatformStandaloneMmRpmb.dsc(...): error 4000: Instance of library class [HobPrintLib] is not found
|       in [/home/builder/src/base/repo/build/tmp_rockpi4b/work/rockpi4b-poky-linux/edk2-firmware/202408/edk2/StandaloneMmPkg/Core/StandaloneMmCor
e.inf] [AARCH64]
|       consumed by module [/home/builder/src/base/repo/build/tmp_rockpi4b/work/rockpi4b-poky-linux/edk2-firmware/202408/edk2/StandaloneMmPkg/Core
/StandaloneMmCore.inf]

Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
2025-01-17 09:30:29 -05:00
Philip Puk 90123a287f arm-bsp/recipes-security: Add protobuf interface to crypto-sp in corstone1000
Adds protobuf interface to se-proxy-sp as the main crypto-sp uses it and
parsec service 1.4 also switch using protobuf interface.

Signed-off-by: Philip Puk <philip.puk@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2025-01-13 12:00:03 -05:00
Jon Mason 0905953af4 arm/trusted-firmware-a: bump fip and tests to 2.12
Bump fip and tf-a tests to use the 2.12 sources

Note: change to license is for CoT device tree python application (which
is Apache licensed).

Signed-off-by: Jon Mason <jon.mason@arm.com>
2025-01-10 11:00:05 -05:00
Quentin Schulz 280018a5db arm/trusted-firmware-a: add support for 2.12.0
Add support for TF-A version v2.12.0 and mbedtls 3.6.1.

GCC-compiled boot tested on RK3588 Tiger, RK3399 Puma and PX30 Ringneck.

0001-fix-zynqmp-handle-secure-SGI-at-EL1-for-OP-TEE.patch is merged in
2.12.0 so no need to have it in SRC_URI as for 2.11.0 and earlier
recipes.

Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2025-01-10 11:00:05 -05:00
Jon Mason f52fb00f10 arm/trusted-firmware-a: update 2.10 LTS to the latest versions
Update TF-A LTS to 2.10.9 (which includes an mbedtls bump to 3.6.1, per
docs).  Also, bump the TF-A tests to the latest version.

Signed-off-by: Jon Mason <jon.mason@arm.com>
2025-01-10 11:00:05 -05:00
Ali Can Ozaslan bc5967ad87 arm-bsp/linux-yocto: corstone1000: Update to version 6.12
* Set Linux kernel preferred version for Corstone-1000 to 6.12.
* Update version listed in Corstone-1000 user guide documentation.
* Remove Linux kernel version 6.10 recipe as was only used by Corstone-1000.

Signed-off-by: Ali Can Ozaslan <ali.oezaslan@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2025-01-07 09:00:04 -05:00
Bence Balogh 6c34f1e425 arm-bsp/documentation: corstone1000: describe host level authentication
A new section was added for the host level authentication which
explains how the FIP content is verified at TF-A level.

Signed-off-by: Abdellatif El Khlifi abdellatif.elkhlifi@arm.com
Signed-off-by: Bence Balogh bence.balogh@arm.com
Signed-off-by: Jon Mason <jon.mason@arm.com>
2024-12-30 11:00:04 -05:00
Hugues KAMBA MPIANA cc4399ad9a arm-bsp/documentation: corstone1000: Show flyout menu in sidebar
Use flyout menu enabled via the `flyout_display`
parameter to show the flyout in the bottom of the sidebar.

The default Read the Docs (RtD) flyout needs to be disabled in order
to not have 2 flyouts showing. It is done by disabling it in the
RtD project settings.

Additionally, the Sphinx theme needs to be upgraded from version
2.0.0 to version 3.0.0. The sphinx and docutils modules also need
to be update for compatibility reason.

Signed-off-by: Hugues KAMBA MPIANA <hugues.kambampiana@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2024-12-21 08:22:38 -05:00
Peter Hoyes 5adb315517 arm/lib: Relax "Listening for serial connection" regex
Newer versions of the FVP now contain a full log entry for the
"Listening for serial connection on port" regex of the form:

INFO: FVP_NAME: terminal_uart: Listening for serial connection...

Relax the regex to support this new logging format and change from
re.match to re.search as the regex may not appear at the start of the
line.

This change is backwards-compatible with older versions of the FVP.

Signed-off-by: Peter Hoyes <peter.hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2024-12-16 10:00:05 -05:00
Ross Burton 83d9575a38 arm-bsp/linux-yocto: add temporary 6.10 recipe
oe-core has removed 6.10, so until corstone1000 has upgraded to 6.12 add
it temporarily to meta-arm-bsp.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2024-12-13 11:00:03 -05:00
Ross Burton fd2ba2d290 arm-bsp/linux-yocto: fix Juno build with linux 6.12
The DesignWare platform driver is hidden behind a DesignWare Core option
now, so enable that too.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2024-12-13 11:00:03 -05:00
Adam Johnston 3df279b56a arm-bsp/corstone-1000: IMAGE_ROOTFS_EXTRA_SPACE workaround
When images are repacked IMAGE_ROOTFS_EXTRA_SPACE is ignored.
This is not necessarily a bug but an undocumented quirk of how wic
works.

Evaluate IMAGE_ROOTFS_EXTRA_SPACE and use the value with the
 --extra-space option. Note that, since IMAGE_ROOTFS_EXTRA_SPACE is in
Kb, the value for `--extra-space` requires the explicit 'K' suffix (the
default is 'M')

Signed-off-by: Adam Johnston <adam.johnston@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2024-12-13 10:00:05 -05:00
Abdellatif El Khlifi 258277bab5 arm-bsp/linux-yocto: corstone1000: Update the Upstream-Status of the remoteproc patches
Set the Upstream-Status to Denied because the community suggests a different design

The external system implementation in Corstone-1000 is user-defined.
In the implementation provided by he FPGA board and by the FVP, the
Cortex-A35 (Linux) can not access the memory of the external system (Cortex-M3).
So, Linux can not load the external system firmware and can not communicate
with the external system using Rpmsg over remoteproc subsystem. The reason is Rpmsg
needs vrings memory buffers to be shared between both cores.
The community prefers that the HW is updated with memory sharing before they
consider merging the remoteproc driver.

We reached the agreement that we will split the work in two parts:

Part 1: Writing an SSE-710 reset controller driver
Part 2: Corstone-1000 remoteproc driver

Part 1 is doable and we will be working on it.
Part 2 is waiting for the FPGA upgrade with the memory sharing feature.

For more details [1].

[1]: https://lore.kernel.org/all/20241009094635.GA14639@e130802.arm.com/

Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2024-12-12 06:00:04 -05:00
Jamin Lin 22de236233 arm: remove python3-pyhsslms recipe
I upstreamed this recipe in meta-openembedded/meta-python,
so removes this recipe from meta-arm meta layer.

https://github.com/openembedded/meta-openembedded/blob/master/meta-python/recipes-devtools/python/python3-pyhsslms_2.0.0.bb

Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2024-12-11 22:00:04 -05:00
Gabor Abonyi b2c43dbf9b lib/fvp: add name to terminal title in FVP runner
Currently, terminal title is %title, which is populated with the
component name by the FVP. This commit prepends it with {name},
which is already a mandatory parameter for terminals to be launched.
E.g. FVP_TERMINALS[terminal_uart] ?= "My Name" will launch a terminal
with a title "My Name - terminal_uart".

Signed-off-by: Gabor Abonyi <gabor.abonyi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2024-12-09 09:00:03 -05:00
Hugues KAMBA MPIANA 8af2f218d4 kas: corstone-1000: Update the SHA of the Yocto layer dependencies for the CORSTONE1000-2024.11 release.
The SHA of the dependent community layers are commented out and set to
the tested SHA from the `styhead` branch of each layer.

The set SHAs are to be uncommented in the `styhead` branch which is
to be used to create the `CORSTONE1000-2024.11` tag.

Signed-off-by: Hugues KAMBA MPIANA <hugues.kambampiana@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2024-12-05 10:30:39 -05:00
Hugues KAMBA MPIANA 5c40c5f7f7 arm-bsp/documentation: corstone1000: Amend documentation for CORSTONE1000-2024.11 release
* Fix typographical error in documentation.
* Add missing instructions.
* Create paragraphs where necessary to improve readability.
* Change `note` box to `important` box

* Remove verification of arm_tstee driver presence:
arm-tstee driver has been integrated in Linux v6.10.14 which is
the one used in the software stack. It is built as part of Linux and
is no longer a loadable module.
The steps to verify the driver presence are no longer applicable.

* Standardise naming of the target platform:
Consistently use the name `Corstone-1000` to refer to the target platform.

* Update Debian OS version from 12.4 to 12.7
Debian version 12.4 has a bug in Shim 15.7.
This bug causes a fatal error when attempting to boot media installer
for Debian,and resets the platform before installation starts.
A patch to skip the Shim was applied to Corstone-1000 to avoid
the error.
Debian version 12.7 no longer has the bug in the Shim thus making
the usage of the patch redundant.
Bump Debian installer to version 12.7 and remove usage of the patch
for the Debian installation test.

* Replace xterm with tmux:
Update the user guide to specify tmux instead of xterm.
Using tmux as opposed to xterm provides a better user experience
when running the commands listed on the user guide.

* Use ACS image for FVP SystemReady test:
Due to fixed timeout values in the meta-arm-systemready the ACS time
test do not complete successfully.
Instead, specify commands to use the pre-built ACS image.

* List Trusted Services as a host component:
Add Trusted Services to the list of components used on the Host processor
of the Corstone-1000. The various BitBake recipes and append files used to
build Trusted Services are listed for the component.

* Update release version to CORSTONE1000-2024.11:
All references to the version of the Corstone-1000 software reference
stack have been updated from CORSTONE1000-2024.06 to CORSTONE1000-2024.11.
Add to the changelog the 2024.11 release information.
Add the 2024.11 release notes.

Signed-off-by: Hugues KAMBA MPIANA <hugues.kambampiana@arm.com>
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2024-12-05 10:30:39 -05:00
Ross Burton 82bb1d2190 arm/fvp-base-a-aem: upgrade to 11.27.19
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2024-12-03 10:00:04 -05:00
Bence Balogh 30519676ab arm-bsp/trusted-firmware-m: corstone1000: Fix Secure Debug connection due to token version mismatch
Due to a mismatch between the ADAC dummy token major version and the version
in the secure-debug-manager repository [1]'s submodule [2], the secure debug connection was denied.
Update the ADAC token major and minor versions in TF-M to align with the expected
dummy token.

[1] https://github.com/ARM-software/secure-debug-manager/
[2] https://git.trustedfirmware.org/plugins/gitiles/shared/psa-adac.git/+/refs/heads/master/psa-adac/core/include/psa_adac.h

Fixes: 7e9466 ("arm-bsp/trusted-firmware-m: corstone1000: add Secure Debug")
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2024-12-02 05:00:04 -05:00
Mikko Rapeli 737bfd0e63 linux-yocto: remove signing
Remove secure boot signature from kernel image.
It's signed as part of uki image now which signs
kernel, initramfs etc.

Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2024-11-25 12:10:17 -05:00
Mikko Rapeli 682fb426ee uefi-secureboot.yml: switch to Unified Kernel Image (UKI)
Unified Kernel Image includes kernel and initrd which
both are signed with UEFI secure boot. This brings secure
boot closer to userspace.

Use core-image-initramfs-boot to find the real
rootfs and boot systemd init there. No need to hard code
rootfs via qemuboot/runqemu variables.

Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2024-11-25 12:10:17 -05:00
Mikko Rapeli a3523586e5 uefi-secureboot.yml: remove duplicate distro features
Setting INIT_MANAGER to "systemd" already sets needed
feature flags. Appending to them only causes sstate
cache invalidation and recompilations.

Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2024-11-25 12:10:17 -05:00
Mikko Rapeli d0fd3e961a qemuarm64-secureboot.conf: append to WKS_FILE_DEPENDS
Various classes add dependencies so don't overwrite them.

Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2024-11-25 12:10:17 -05:00
Jon Mason 853fde2b24 CI: add poky-altcfg in xen.yml for systemd image requirement
xen-image-minimal now requires systemd.  Add poky-altcfg (which has
systemd amongst other things) as an includes in the xen.yml file to work
around this.  Also, xen requires openssh instead of dropbear.  So,
override that entry.

Signed-off-by: Jon Mason <jon.mason@arm.com>
2024-11-21 11:00:04 -05:00
Romain Naour 9d9c2fb93e CI: test external-arm-toolchain with usrmerge enabled
We want to test meta-arm-toolchain layer with usrmerge enabled [1]
since it produce some breakage with current external ARM toolchains [2].

Instead of using a custom setting (poky + usrmerge enabled), use the
existing poky-altcfg provided by Yocto. poky-altcfg uses systemd as
init system and imply usermerge being enabled (new systemd v255
requirement) [3].

Note: It must be a 32bit machine, since there are currently no aarch64
host toolchains for aarch64 (some gitlab runner used by meta-arm are
aarch64 host) [4].

[1] https://docs.yoctoproject.org/scarthgap/ref-manual/features.html?highlight=usrmerge#distro-features
[2] https://lists.yoctoproject.org/g/meta-arm/message/5557
[3] https://git.openembedded.org/openembedded-core/commit/?id=802e853eeddf16d73db1900546cc5f045d1fb7ed
[4] 4bfa191ada

Signed-off-by: Romain Naour <romain.naour@smile.fr>
Acked-by: Denys Dmytriyenko <denys@konsulko.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2024-11-14 16:15:39 -05:00
Romain Naour de47f836e2 external-arm-toolchain: rebuild libmvec.so symlink if any
On some architectures (namely Aarch64), glibc may provide a libmvec
library since glibc 2.22, which programs built with gcc OpenMP
support might get linked to.

In order for these programs to work on the target, we need to copy this
library to the target filesystem.

Make sure that libmvec.so symlink is correct with or without usermerge
enabled otherwise libmvec.so symlink is broken.

For more details on libmvec, see
https://sourceware.org/glibc/wiki/libmvec.

Signed-off-by: Romain Naour <romain.naour@smile.fr>
Acked-by: Denys Dmytriyenko <denys@konsulko.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2024-11-14 16:15:33 -05:00
Romain Naour cb4c0c9a93 external-arm-toolchain: override dynamic loader path with usrmerge enabled
usrmerge nowaday required by systemd [1] but it broke
external-arm-toolchain in several ways...

When usrmerge is enabled, /lib is no longer part of SYSROOT_DIRS list
while the prebuilt toolchain expect the dynamic loader to be placed in
/lib not /usr/lib.

There is no /lib directory in the per-package sysroot directory
generated to build each package:

  [...]/build/tmp/sysroots-components/<target>/<package>/
  sysroot-providers/ usr/

But the cross-compiler still generate binaries with dynamic loarder
path set to "/lib/ld-linux-<target>.so*"

  strings sanitycheckc_cross.exe | grep ld
  /lib/ld-linux-aarch64.so.1

A symlink /lib -> /usr/lib is crated in the final rootfs image.

But this broke the meson-qemuwrapper used when "qemu-usermode"
(MACHINE_FEATURES) is available:

See [2]:
  do_write_config:append:class-target() {
       # Write out a qemu wrapper that will be used as exe_wrapper so that meson
       # can run target helper binaries through that.
       qemu_binary="${@qemu_wrapper_cmdline(d, '$STAGING_DIR_HOST', ['$STAGING_DIR_HOST/${libdir}','$STAGING_DIR_HOST/${base_libdir}'])}"

It produce a runtime issue while running a meson sanity check:

  meson-qemuwrapper [...]/build/meson-private/sanitycheckc_cross.exe

  qemu-aarch64: Could not open '/lib/ld-linux-aarch64.so.1': No such file or directory

Note: The binaries build by the Yocto internal toolchain seems be "patched" [3]
to look at /usr/lib instead of /lib.

We use -Wl,--dynamic-linker to make sure that the cross-compiler
generate binaries using the dynamic loader path defined by usrmerge
for all packages build by Yocto.

[1] https://git.openembedded.org/openembedded-core/commit/?id=802e853eeddf16d73db1900546cc5f045d1fb7ed
[2] https://git.openembedded.org/openembedded-core/tree/meta/classes-recipe/meson.bbclass?h=2024-04.3-scarthgap#n130
[3] https://github.com/openembedded/openembedded-core/blob/scarthgap/meta/recipes-devtools/gcc/gcc/0007-Define-GLIBC_DYNAMIC_LINKER-and-UCLIBC_DYNAMIC_LINKE.patch

Signed-off-by: Romain Naour <romain.naour@smile.fr>
Acked-by: Denys Dmytriyenko <denys@konsulko.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2024-11-14 16:15:23 -05:00
Vasyl Vavrychuk 8634bdc2f2 external-arm-toolchain: remove ${base_libdir}/libpthread*.so from FILES:${PN}
When `usrmerge` distro feature is not enabled, then `${base_libdir}`
resolves to `/lib` and `/lib/libpthread*.so` does not match any files.
But, with `usrmerge` distro feature, `${base_libdir}` is `/usr/lib`, so
removed line leads to `/usr/lib/libpthread.so` symlink included in
`${PN}` which causes QA check failure.

Signed-off-by: Vasyl Vavrychuk <vvavrychuk@gmail.com>
Acked-by: Denys Dmytriyenko <denys@konsulko.com>
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2024-11-14 16:15:19 -05:00
Vasyl Vavrychuk 4b2cef379f external-arm-toolchain: in libc.so GNU ld script use base_libdir
`base_libdir` gets replaced with `/lib` or `/usr/lib` depending on
`usrmerge` distro feature.

Signed-off-by: Vasyl Vavrychuk <vvavrychuk@gmail.com>
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Acked-by: Denys Dmytriyenko <denys@konsulko.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2024-11-14 16:15:13 -05:00
Romain Naour a6f44bbb80 external-arm-toolchain: wrap symlink handling under usrmerge check
Rework the symlink handling when usermerge is enabled.
Indeed, "ln -sf ../../lib/librt.so.1 ${D}${libdir}/librt.so" create a
dead link with usermerge...

Based on: https://lists.yoctoproject.org/g/meta-arm/message/5765

Signed-off-by: Romain Naour <romain.naour@smile.fr>
Cc: "Parthiban" <parthiban@linumiz.com>
Acked-by: Denys Dmytriyenko <denys@konsulko.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2024-11-14 16:15:00 -05:00
Vasyl Vavrychuk 98eea62962 external-arm-toolchain: wrap base_libdir vs libdir manipulations under usrmerge check
With `usrmerge` disto feature `base_libdir` and `libdir` are the same,
so it does not make sense to:

* removing "duplicates" between them
* move files from `base_libdir` to `libdir`

This fixes build error

| mv: '.../tmp/work/cortexa15t2hf-neon-poky-linux-gnueabi/external-arm-toolchain/12.2.Rel1/image/usr/lib/libasan.a' and '.../tmp/work/cortexa15t2hf-neon-poky-linux-gnueabi/external-arm-toolchain/12.2.Rel1/image/usr/lib/libasan.a' are the same file

in case of `usrmerge` feature enabled.

Signed-off-by: Vasyl Vavrychuk <vvavrychuk@gmail.com>
Acked-by: Denys Dmytriyenko <denys@konsulko.com>
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2024-11-14 16:14:53 -05:00
Romain Naour 9a0451a959 external-arm-toolchain: remove old sed fixup for libc.so
As reported by Vasyl Vavrychuk [1], /${EAT_LIBDIR}/${EAT_TARGET_SYS}
is not present in libc.so in the latest prebuilt toolchains:

ARM32:
  $ cat ./gcc-arm-8.3-2019.03-x86_64-arm-linux-gnueabihf/arm-linux-gnueabihf/libc/usr/lib/libc.so
  OUTPUT_FORMAT(elf32-littlearm)
  GROUP ( /lib/libc.so.6 /usr/lib/libc_nonshared.a  AS_NEEDED ( /lib/ld-linux-armhf.so.3 ) )

  $ cat ./gcc-arm-9.2-2019.12-x86_64-arm-none-linux-gnueabihf/arm-none-linux-gnueabihf/libc/usr/lib/libc.so
  OUTPUT_FORMAT(elf32-littlearm)
  GROUP ( /lib/libc.so.6 /usr/lib/libc_nonshared.a  AS_NEEDED ( /lib/ld-linux-armhf.so.3 ) )

  $ cat ./arm-gnu-toolchain-12.3.rel1-x86_64-arm-none-linux-gnueabihf/arm-none-linux-gnueabihf/libc/usr/lib/libc.so
  OUTPUT_FORMAT(elf32-littlearm)
  GROUP ( /lib/libc.so.6 /usr/lib/libc_nonshared.a  AS_NEEDED ( /lib/ld-linux-armhf.so.3 ) )

  $ cat ./arm-gnu-toolchain-13.3.rel1-x86_64-arm-none-linux-gnueabihf/arm-none-linux-gnueabihf/libc/usr/lib/libc.so
  OUTPUT_FORMAT(elf32-littlearm)
  GROUP ( /lib/libc.so.6 /usr/lib/libc_nonshared.a  AS_NEEDED ( /lib/ld-linux-armhf.so.3 ) )

Aarch64:
  $ cat ./gcc-linaro-7.3.1-2018.05-x86_64_aarch64-linux-gnu/aarch64-linux-gnu/libc/usr/lib/libc.so
  OUTPUT_FORMAT(elf64-littleaarch64)
  GROUP ( /lib/libc.so.6 /usr/lib/libc_nonshared.a  AS_NEEDED ( /lib/ld-linux-aarch64.so.1 ) )

  $ cat ./gcc-arm-9.2-2019.12-x86_64-aarch64-none-linux-gnu/aarch64-none-linux-gnu/libc/usr/lib64/libc.so
  OUTPUT_FORMAT(elf64-littleaarch64)
  GROUP ( /lib64/libc.so.6 /usr/lib64/libc_nonshared.a  AS_NEEDED ( /lib/ld-linux-aarch64.so.1 ) )

  $ cat ./arm-gnu-toolchain-12.3.rel1-x86_64-aarch64-none-linux-gnu/aarch64-none-linux-gnu/libc/usr/lib64/libc.so
  OUTPUT_FORMAT(elf64-littleaarch64)
  GROUP ( /lib64/libc.so.6 /usr/lib64/libc_nonshared.a  AS_NEEDED ( /lib/ld-linux-aarch64.so.1 ) )

  $ cat ./arm-gnu-toolchain-13.3.rel1-x86_64-aarch64-none-linux-gnu/aarch64-none-linux-gnu/libc/usr/lib64/libc.so
  OUTPUT_FORMAT(elf64-littleaarch64)
  GROUP ( /lib64/libc.so.6 /usr/lib64/libc_nonshared.a  AS_NEEDED ( /lib/ld-linux-aarch64.so.1 ) )

We can safely remove old sed fixup for libc.so.

[1] https://lists.yoctoproject.org/g/meta-arm/message/5565

Signed-off-by: Romain Naour <romain.naour@smile.fr>
Acked-by: Denys Dmytriyenko <denys@konsulko.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2024-11-14 16:12:08 -05:00
Ross Burton e7898787bb CI: don't use debug-tweaks
As of the following commit in oe-core[1]:

  classes-recipe/core-image: drop debug-tweaks IMAGE_FEATURE

The debug-tweaks feature is no longer valid. Replace it with the options
that we need to perform login over testimage.

[1] https://git.openembedded.org/openembedded-core/commit/?id=2c229f9542c6ba608912e14c9c3f783c3fa89349

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2024-11-08 09:00:03 -05:00
Hugues KAMBA MPIANA bf9010c684 arm-bsp/documentation: corstone1000: Add SystemReady IR v2.0 certification
- Add details on SystemReady IR v2.0 certification achievement
- Document additional patch added
- Update release notes with new milestone tag `CORSTONE1000-2024.06-systemready-ir-v2.0`

Signed-off-by: Hugues KAMBA MPIANA <hugues.kambampiana@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2024-11-05 18:18:25 -05:00
Ziad Elhanafy ac05154c51 arm-systemready/linux-distros: Follow WORKDIR -> UNPACKDIR transition
This adapts to the oe-core rework to enforce a separate directory
for unpacking local sources (UNPACKDIR) instead of polluting WORKDIR
directly.

Follows the guidelines from:
https://lists.openembedded.org/g/openembedded-architecture/message/2007

Signed-off-by: Ziad Elhanafy <ziad.elhanafy@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2024-11-05 18:18:25 -05:00
Jon Mason 2fdc139084 arm-bsp/tc: remove all references to total compute
The tc files were removed some time ago, but there are still entries
in the bbappends trying to reference those files.  Remove them.

Fixes: 0af53c6453 ("arm-bsp: Remove tc1")
Signed-off-by: Jon Mason <jon.mason@arm.com>
2024-10-23 17:00:03 -04:00
Jon Mason 6165b9e7a1 arm-bsp/fvp-base: remove backported u-boot patches
With the recent update of u-boot to 2024.10, these patches are no longer
needed (as they are in this release).  Remove them and everything is
happy again.

Signed-off-by: Jon Mason <jon.mason@arm.com>
2024-10-23 17:00:03 -04:00
Jon Mason e161d8aefb arm/scp-firmware: update to v2.15.0
Update SCP to the latest tagged version, and update the related patch to
the new location of the relevant files.

For a comparison of the changes, please go to
https://git.gitlab.arm.com/firmware/SCP-firmware/-/compare/v2.14.0...v2.15.0

Signed-off-by: Jon Mason <jon.mason@arm.com>
2024-10-14 13:00:03 -04:00
Jon Mason 8a03ee5fdf arm/edk2: update to 202408
Update edk2 to the latest stable release tag, and update edk2-platforms
to the last SHA that seems to work.

Signed-off-by: Jon Mason <jon.mason@arm.com>
2024-10-14 13:00:03 -04:00
Ben 33fa7e75ed kas: Include unattended openSUSE test
Add unattended installation class to openSUSE target

Signed-off-by: Ben Cownley <ben.cownley@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2024-10-08 10:00:09 -04:00
Ben 0e0b9e608c arm-systemready/oeqa: Add unattended installation testcase
Add test for openSUSE unattended installation

Signed-off-by: Ben Cownley <ben.cownley@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2024-10-08 10:00:09 -04:00
Ben 02ba927dfc arm-systemready/linux-distros: Implement unattended openSUSE
Implement unattended installation for openSUSE

Signed-off-by: Ben Cownley <ben.cownley@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2024-10-08 10:00:09 -04:00
Javier Tia d315a5dec9 arm/uefi-secureboot: Add uefi capsule update support
UEFI capsule update is a mechanism that allows firmware updates to be
delivered and applied in a standardized way. It is part of the UEFI
specification and provides a way to update system firmware components
like the BIOS, UEFI drivers, or other platform firmware.

Signed-off-by: Javier Tia <javier.tia@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2024-10-07 21:00:04 -04:00
Jon Mason 40cc644285 CI: Rework qemuarm64-secureboot matrix
qemuarm64-secureboot is using systemd for uefi-secureboot, which has
warnings with musl (and fails to compile with clang and musl).  So,
modify the matrix to keep the coverage of everything else but musl.

Signed-off-by: Jon Mason <jon.mason@arm.com>
2024-10-07 10:16:20 -04:00
Javier Tia a93bdc8e4e arm/uefi-secureboot: Add uefi http boot support
Enable network boot via HTTP protocol. Many embedded and server-class
systems use network boot for booting. Enabling network boot on devices
allows:

- Shipping devices without OS images. When we power up the device, the
  firmware can connect to the Internet and download and install suitable
  boot images for this specific device. Administrators can centrally
  manage the boot images and configuration files on a network server.
  This centralization streamlines the management of boot options and
  ensures consistency across all devices.

- This is particularly useful in enterprise environments. On mass
  deployments, there is a need to install the operating system on
  multiple devices simultaneously.

- Ability to maintain a completely diskless system if needed 

The plain HTTP protocol lacks encryption. It's intended to be used on
local networks. Secure http protocol support is under review. 

Signed-off-by: Javier Tia <javier.tia@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2024-10-07 00:00:04 -04:00
Khem Raj 72546aff89 layer.conf: Update to walnascar (5.2) layer/release series
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2024-10-04 23:00:03 -04:00
Javier Tia 847fd39b25 arm/qemuarm64-secureboot: Enable UEFI Secure Boot
Encapsulate all UEFI Secure Boot required settings in one Kas
configuration file.

Introduce SBSIGN_KEYS_DIR variable where UEFI keys will be generated
to sign UEFI binaries. 

Introduce uefi-secureboot machine feature, which is being used to
conditionally set the proper UEFI settings in recipes.

Replace Grub bootloader with systemd-boot, which it makes easier to
enable Secure Boot.

Advantages using systemd as Init Manager:

- Extending secure boot to userspace is a lot easier with systemd than
with sysvinit where custom scripts will need to be written for all use
cases.

- systemd supports dm-verity and TPM devices for encryption usecases out
of the box. Enabling them is a lot easier than writing custom scripts
for sysvinit.

- systemd also supports EUFI signing the UKI binaries which merge kernel,
command line and initrd which helps in bringing secure boot towards
rootfs.

- systemd offers a modular structure with unit files that are more
predictable and easier to manage than the complex and varied scripts
used by SysVinit. This modularity allows for better control and
customization of the boot process, which is beneficial in Secure Boot
environments.

- Add CI settings to build and test UEFI Secure Boot.

Add one test to verify Secure Boot using OE Testing infraestructure:

$ kas build ci/qemuarm64-secureboot.yml:ci/meta-secure-core.yml:ci/uefi-secureboot.yml:ci/testimage.yml
...
RESULTS - uefi_secureboot.UEFI_SB_TestSuite.test_uefi_secureboot: PASSED (0.62s)
...
SUMMARY:
core-image-base () - Ran 73 tests in 28.281s
core-image-base - OK - All required tests passed (successes=19, skipped=54, failures=0, errors=0)

Signed-off-by: Javier Tia <javier.tia@linaro.org>
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org> [yml file include fix]
Signed-off-by: Jon Mason <jon.mason@arm.com>
2024-10-04 10:27:35 -04:00
Javier Tia fc08510f22 arm: Enable Secure Boot in all required recipes
In the target, Secure Boot starts from the firmware (u-boot), adds the
signing keys, and verifies the bootloader (systemd-boot) and kernel
(Linux).

sbsign bbclass is used to sign the binaries. sbsign is the name of the
tool used to sign these binaries. Hence the name of this class to sbsign
and variables with SBSIGN prefix.

Signed-off-by: Javier Tia <javier.tia@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2024-10-03 18:00:04 -04:00
Mikko Rapeli 5720b1044f optee-client: switch systemd service to notify type
optee-client 4.3 supports systemd sd-notify to inform
systemd and other services that it has started.

Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2024-10-02 08:55:14 -04:00
Mikko Rapeli 210f5f7dcc arm/oeqa/optee.py: increase timeout value from 22 to 45 minutes
Tests are taking more time now and several devices are
timing out:

https://gitlab.com/jonmason00/meta-arm/-/pipelines/1467809227

qemuarm64-secureboot runs the test in 10 and
qemuarm-secureboot in 13 minutes.

Upstream optee CI shows xtest runs taking around 30 minutes on
slowest qemu machines:

https://github.com/OP-TEE/optee_os/actions/runs/10997530234?pr=7052

Guestimate limit to 45 minutes so that slowest and most loaded
machines could fit there too. optee xtest has internal test
specific timeouts so if something hangs it should be detected
earlier.

If these limits still cause issues, then we could disable some of
the longer running tests with "xtest -l" option. Default for
testing level is 1 but maybe 2 or 3 could be enough.

Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Cc: Jérôme Forissier <jerome@forissier.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2024-10-01 15:00:15 -04:00
Jon Mason 5c1407e904 arm/gn: update to latest commit
Update to the latest gn commit.
Changes in gn between b2afae122eeb6ce09c52d63f67dc53fc517dbdc8 and 95b0f8fe31a992a33c040bbe3867901335c12762
95b0f8fe31a9 Improve error message for duplicated items
e30a1fe26e5e [rust-project] Always use forward slashes in sysroot paths
20806f79c6b4 Update all_dependent_configs docs.
f792b9756418 set 'no_stamp_files' by default
60a28b636057 fix a typo
b5ff50936a72 Stop using transitional LFS64 APIs
a737c2849f13 do not use tool prefix for phony rule
e080b4d340c2 [rust] Add sysroot_src to rust-project.json
50ecf4c84d08 Implement and enable 'no_stamp_files'
4e4b8d989499 Add Target::dependency_output_alias()
225e90c5025b Add "outputs" to generated_file documentation.
9e0c7b7cefb2 Update bug database link.
d010e218ca70 remove a trailing space after variable bindings
32f63e70484f fix tool name in error
f190770a69a3 remove unused includes
54f5b539df8c Markdown optimization (follow-up)
e3d088c4b6ac Support link_output, depend_output in Rust linked tools.
fc8172f4a107 Properly verify runtime_outputs in rust tool definitions.
fdb90141934a BugFix: Syntax error in gen.py file
93550dc1701d generated_file: add output to input deps of stamp
449f3e4dfb45 Markdown optimization:
05eed8f6252e Revert "Rust: link_output, depend_output and runtime_outputs for dylibs"
8f2193f70793 hint using nogncheck on disallowed includes
0ee833e823f2 Rust: link_output, depend_output and runtime_outputs for dylibs
1b41f0502f87 Add missing reference section to function_toolchain.cc

Signed-off-by: Jon Mason <jon.mason@arm.com>
2024-10-01 15:00:15 -04:00
Jon Mason 453a531158 arm/arm-ffa-user: update to 5.0.2
Signed-off-by: Jon Mason <jon.mason@arm.com>
2024-10-01 15:00:15 -04:00
Jon Mason 5ead59d370 arm/opencsd: update to 1.5.4
Signed-off-by: Jon Mason <jon.mason@arm.com>
2024-10-01 15:00:15 -04:00
Jon Mason 6abc3b7daa arm/optee: update to 4.3.0
Update OP-TEE to version 4.3.0
NOTE: the license file in optee-test changed, but the license is the
same (commit a748f5fcd9ec8a574dc86a5aa56d05bc6ac174e7).  They chose to
change the URL of the licenses in question to be "LICENSE-GPL" and
"LICENSE-BSD".

Signed-off-by: Jon Mason <jon.mason@arm.com>
2024-10-01 15:00:15 -04:00
Jon Mason 7cce43e632 Revert "CI: switch to building against styhead branches where possible"
This reverts commit 2b1348d74f.

Revert to allow the meta-arm master branch to use the master branch of
other layers.
2024-10-01 11:08:47 -04:00
199 changed files with 2908 additions and 2448 deletions
+32 -17
View File
@@ -10,7 +10,7 @@ variables:
# The default machine tag for the build jobs
DEFAULT_TAG: ""
# The machine tag for the ACS test jobs
ACS_TAG: ""
ACS_TAG: "$DEFAULT_TAG"
# The directory to use as the persistent cache (the root for DL_DIR, SSTATE_DIR, etc)
CACHE_DIR: $CI_BUILDS_DIR/persist
# The container mirror to use
@@ -33,9 +33,11 @@ stages:
stage: build
interruptible: true
variables:
KUBERNETES_CPU_REQUEST: $CPU_REQUEST
KAS_WORK_DIR: $CI_PROJECT_DIR/work
KAS_BUILD_DIR: $KAS_WORK_DIR/build
KAS_REPO_REF_DIR: $CACHE_DIR/repos
# Set this in the environment to enable local repository caches
KAS_REPO_REF_DIR: ""
SSTATE_DIR: $CACHE_DIR/sstate
DL_DIR: $CACHE_DIR/downloads
BB_LOGCONFIG: $CI_PROJECT_DIR/ci/logging.yml
@@ -43,19 +45,12 @@ stages:
IMAGE_DIR: $KAS_BUILD_DIR/tmp/deploy/images
TOOLCHAIN_LINK_DIR: $KAS_BUILD_DIR/toolchains
before_script:
- echo KAS_WORK_DIR = $KAS_WORK_DIR
- echo SSTATE_DIR = $SSTATE_DIR
- echo DL_DIR = $DL_DIR
- rm -rf $KAS_WORK_DIR
- mkdir --verbose --parents $KAS_WORK_DIR $KAS_REPO_REF_DIR $SSTATE_DIR $DL_DIR $TOOLCHAIN_DIR $TOOLCHAIN_LINK_DIR
# Must do this here, as it's the only way to make sure the toolchain is installed on the same builder
- ./ci/get-binary-toolchains $DL_DIR $TOOLCHAIN_DIR $TOOLCHAIN_LINK_DIR
# Generalised fragment to do a Kas build
.build:
extends: .setup
variables:
KUBERNETES_CPU_REQUEST: $CPU_REQUEST
rules:
# Don't run MR pipelines
- if: $CI_PIPELINE_SOURCE == "merge_request_event"
@@ -99,7 +94,18 @@ update-repos:
exit_codes: 128
script:
- |
flock --verbose --timeout 60 $KAS_REPO_REF_DIR ./ci/update-repos
exit_code=0
# Dump the environment for reference
printenv
# Update the reference repositories if needed
if [ -n "$KAS_REPO_REF_DIR" ]; then
flock --verbose --timeout 60 $KAS_REPO_REF_DIR --command ./ci/update-repos || exit_code=$?
# Exit now if that failed, unless the status was 128 (fetch failed)
test $exit_code != 0 -a $exit_code != 128 && exit 1
fi
# Only generate if doesn't already exist, to allow feature branches to drop one in.
if test -f lockfile.yml; then
echo Using existing lockfile.yml
@@ -107,24 +113,26 @@ update-repos:
# Be sure that this is the complete list of layers being fetched
kas dump --lock --update ci/qemuarm64.yml:ci/meta-openembedded.yml:ci/clang.yml:ci/meta-virtualization.yml | tee lockfile.yml
fi
exit $exit_code
artifacts:
name: "lockfile"
when: always
paths:
- lockfile.yml
#
# Build stage, the actual build jobs
#
# Available options for building are
# Available options for building are (VIRT _must_ be last for ssh override)
# DISTRO: [poky, poky-altcfg, poky-tiny]
# KERNEL: [linux-yocto, linux-yocto-dev, linux-yocto-rt]
# TOOLCHAINS: [gcc, clang, external-gccarm]
# TOOLCHAINS: [gcc, clang]
# TCLIBC: [glibc, musl]
# FIRMWARE: [u-boot, edk2]
# TS: [none, trusted-services]
# VIRT: [none, xen]
# TESTING: testimage
# SECUREDEBUG: [none, secure-debug]
# VIRT: [none, xen]
arm-systemready-ir-acs:
extends: .build
@@ -252,9 +260,6 @@ pending-updates:
# This configuration has all of the layers we need enabled
- kas shell --update --force-checkout ci/qemuarm64.yml:ci/meta-openembedded.yml:ci/meta-secure-core.yml:lockfile.yml --command \
"$CI_PROJECT_DIR/scripts/machine-summary.py -t report -o $CI_PROJECT_DIR/update-report $($CI_PROJECT_DIR/ci/listmachines.py meta-arm meta-arm-bsp)"
# Do this on x86 whilst the compilers are x86-only
tags:
- x86_64
qemuarm64-secureboot:
extends: .build
@@ -265,6 +270,10 @@ qemuarm64-secureboot:
TCLIBC: [glibc, musl]
TS: [none, qemuarm64-secureboot-ts]
TESTING: testimage
- TOOLCHAINS: [gcc, clang]
TS: [none, qemuarm64-secureboot-ts]
UEFISB: [none, uefi-secureboot]
TESTING: testimage
- KERNEL: linux-yocto-dev
TESTING: testimage
@@ -291,7 +300,7 @@ qemuarm-secureboot:
TOOLCHAINS: [gcc, clang]
TCLIBC: [glibc, musl]
TESTING: testimage
- TOOLCHAINS: external-gccarm
- DISTRO: [poky, poky-altcfg]
TESTING: testimage
- KERNEL: linux-yocto-dev
TESTING: testimage
@@ -341,6 +350,12 @@ selftest:
sgi575:
extends: .build
parallel:
matrix:
- TESTING: testimage
# FVP binary is x86-only
tags:
- x86_64
toolchains:
extends: .build
+2 -2
View File
@@ -7,7 +7,7 @@ distro: poky
defaults:
repos:
branch: styhead
branch: walnascar
repos:
meta-arm:
@@ -17,7 +17,7 @@ repos:
meta-arm-toolchain:
poky:
url: https://git.yoctoproject.org/git/poky
url: https://git.yoctoproject.org/poky
layers:
meta:
meta-poky:
-1
View File
@@ -6,7 +6,6 @@ header:
repos:
meta-clang:
url: https://github.com/kraj/meta-clang
branch: master
local_conf_header:
toolchain: |
+2 -2
View File
@@ -5,5 +5,5 @@ header:
# Add universally helpful features when testing boards
local_conf_header:
debug: |
EXTRA_IMAGE_FEATURES:append = " debug-tweaks"
rootlogin: |
EXTRA_IMAGE_FEATURES:append = " allow-empty-password empty-root-password allow-root-login"
-13
View File
@@ -1,13 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
local_conf_header:
cc: |
SKIP_RECIPE[gcc-cross-arm] = "Using external toolchain"
TCMODE = "external-arm"
EXTERNAL_TOOLCHAIN = "${TOPDIR}/toolchains/${TARGET_ARCH}"
# Disable ptest as this pulls target compilers, which don't
# work with external toolchain currently
DISTRO_FEATURES:remove = "ptest"
+6 -1
View File
@@ -19,8 +19,13 @@ target:
# Target packages to test aarch64
- fvp-base-a-aem
- fvp-corstone1000
- fvp-rd1-ae
- fvp-v3-r1
# Nativesdk to test x86-64
- nativesdk-fvp-base-a-aem
- nativesdk-fvp-corstone1000
- nativesdk-fvp-n1-edge
- nativesdk-fvp-rd1-ae
- nativesdk-fvp-v3-r1
# These are x86 only... :(
- nativesdk-fvp-sgi575
- nativesdk-fvp-tc3
-51
View File
@@ -1,51 +0,0 @@
#!/bin/bash
set -u -e
BASENAME=arm-gnu-toolchain
VER=${VER:-13.3.rel1}
HOST_ARCH=${HOST_ARCH:-$(uname -m)}
# Use the standard kas container locations if nothing is passed into the script
DOWNLOAD_DIR="${1:-/builds/persist/downloads/}"
TOOLCHAIN_DIR="${2:-/builds/persist//toolchains/}"
TOOLCHAIN_LINK_DIR="${3:-build/toolchains/}"
# These should be already created by .gitlab-ci.yml, but do here if run outside of that env
mkdir -p $DOWNLOAD_DIR $TOOLCHAIN_DIR $TOOLCHAIN_LINK_DIR
download() {
TRIPLE=$1
URL=https://developer.arm.com/-/media/Files/downloads/gnu/$VER/binrel/$BASENAME-$VER-$HOST_ARCH-$TRIPLE.tar.xz
wget -P $DOWNLOAD_DIR -nc $URL
}
if [ $HOST_ARCH = "aarch64" ]; then
# AArch64 Linux hosted cross compilers
# AArch32 target with hard float
download arm-none-linux-gnueabihf
elif [ $HOST_ARCH = "x86_64" ]; then
# x86_64 Linux hosted cross compilers
# AArch32 target with hard float
download arm-none-linux-gnueabihf
# AArch64 GNU/Linux target
download aarch64-none-linux-gnu
else
echo "ERROR - Unknown build arch of $HOST_ARCH"
exit 1
fi
for i in arm aarch64; do
if [ ! -d $TOOLCHAIN_DIR/$BASENAME-$VER-$HOST_ARCH-$i-none-linux-gnu*/ ]; then
if [ ! -f $DOWNLOAD_DIR/$BASENAME-$VER-$HOST_ARCH-$i-none-linux-gnu*.tar.xz ]; then
continue
fi
tar -C $TOOLCHAIN_DIR -axvf $DOWNLOAD_DIR/$BASENAME-$VER-$HOST_ARCH-$i-none-linux-gnu*.tar.xz
fi
# Setup a link for the toolchain to use local to the building machine (e.g., not in a shared location)
ln -s $TOOLCHAIN_DIR/$BASENAME-$VER-$HOST_ARCH-$i-none-linux-gnu* $TOOLCHAIN_LINK_DIR/$i
done
-1
View File
@@ -6,7 +6,6 @@ header:
repos:
meta-secure-core:
url: https://github.com/Wind-River/meta-secure-core.git
branch: master
layers:
meta-secure-core-common:
meta-signing-key:
+6
View File
@@ -4,5 +4,11 @@ header:
version: 14
includes:
- ci/base.yml
- ci/fvp.yml
local_conf_header:
sshpregen: |
# Allow the use of the pregen keys as this is CI so safe
COMPATIBLE_MACHINE:pn-ssh-pregen-hostkeys:sgi575 = "sgi575"
machine: sgi575
+51
View File
@@ -0,0 +1,51 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
# UEFI Secure Boot: A mechanism to ensure that only trusted software is executed
# during the boot process.
header:
version: 14
includes:
- ci/meta-openembedded.yml
- ci/meta-secure-core.yml
local_conf_header:
uefi_secureboot: |
SBSIGN_KEYS_DIR = "${TOPDIR}/sbkeys"
BB_ENV_PASSTHROUGH_ADDITIONS = "SBSIGN_KEYS_DIR"
# Detected by passing kernel parameter
QB_KERNEL_ROOT = ""
# kernel is in the image, should not be loaded separately
QB_DEFAULT_KERNEL = "none"
WKS_FILE = "efi-disk.wks.in"
KERNEL_IMAGETYPE = "Image"
MACHINE_FEATURES:append = " efi uefi-secureboot uefi-http-boot uefi-capsule-updates"
EFI_PROVIDER = "systemd-boot"
# Use systemd as the init system
INIT_MANAGER = "systemd"
IMAGE_INSTALL:append = " systemd systemd-boot util-linux coreutils"
TEST_SUITES:append = " uefi_secureboot uki"
IMAGE_CLASSES += "uki"
IMAGE_CLASSES += "sbsign"
UKI_SB_KEY = "${SBSIGN_KEY}"
UKI_SB_CERT = "${SBSIGN_CERT}"
QB_KERNEL_ROOT = ""
IMAGE_BOOT_FILES:remove = "Image"
INITRAMFS_IMAGE = "core-image-initramfs-boot"
# not for initramfs image recipe
IMAGE_CLASSES:remove:pn-core-image-initramfs-boot = "uki"
IMAGE_CLASSES:remove:pn-core-image-initramfs-boot = "sbsign"
IMAGE_CLASSES:remove:pn-core-image-initramfs-boot = "testimage"
IMAGE_FEATURES:remove:pn-core-image-initramfs-boot = "ssh-server-dropbear"
CORE_IMAGE_EXTRA_INSTALL:remove:pn-core-image-initramfs-boot = "ssh-pregen-hostkeys"
+3 -3
View File
@@ -20,9 +20,9 @@ def repo_shortname(url):
.replace('*', '.'))
repositories = (
"https://git.yoctoproject.org/git/poky",
"https://git.yoctoproject.org/poky",
"https://git.openembedded.org/meta-openembedded",
"https://git.yoctoproject.org/git/meta-virtualization",
"https://git.yoctoproject.org/meta-virtualization",
"https://github.com/kraj/meta-clang",
)
@@ -44,7 +44,7 @@ if __name__ == "__main__":
if repodir.exists():
try:
print("Updating %s..." % repo)
subprocess.run(["git", "-C", repodir, "-c", "gc.autoDetach=false", "fetch"], check=True)
subprocess.run(["git", "-C", repodir, "-c", "gc.autoDetach=false", "fetch", repo], check=True)
except subprocess.CalledProcessError as e:
print(e)
failed = True
+3
View File
@@ -4,10 +4,13 @@ header:
version: 14
includes:
- ci/meta-virtualization.yml
- ci/poky-altcfg.yml
local_conf_header:
meta-virt: |
DISTRO_FEATURES:append = " virtualization xen"
sshd: |
IMAGE_FEATURES:append = " ssh-server-openssh"
target:
- xen-image-minimal
@@ -2,6 +2,7 @@ header:
version: 13
includes:
- kas/arm-systemready-firmware.yml
- kas/arm-systemready-linux-distros-unattended-installation.yml
target:
- arm-systemready-linux-distros-debian
@@ -2,6 +2,7 @@ header:
version: 13
includes:
- kas/arm-systemready-firmware.yml
- kas/arm-systemready-linux-distros-unattended-installation.yml
target:
- arm-systemready-linux-distros-opensuse
+3 -3
View File
@@ -16,14 +16,14 @@ repos:
poky:
url: https://git.yoctoproject.org/git/poky
# commit: 2e9c2a2381105f1306bcbcb54816cbc5d8110eff
# commit: 5465094be9a61a1639e1dab6d2b4ebea2bee7440
layers:
meta:
meta-poky:
meta-openembedded:
url: https://git.openembedded.org/meta-openembedded
# commit: 1750c66ae8e4268c472c0b2b94748a59d6ef866d
# commit: 461d85a1831318747af5abe86da193bcde3fd9b4
layers:
meta-oe:
meta-python:
@@ -31,7 +31,7 @@ repos:
meta-secure-core:
url: https://github.com/wind-river/meta-secure-core.git
# commit: e29165a1031dcf601edbed1733cedd64826672a5
# commit: 59d7e90542947c342098863b9998693ac79352b0
layers:
meta-secure-core-common:
meta-signing-key:
+3 -1
View File
@@ -9,7 +9,7 @@ BBFILE_COLLECTIONS += "meta-arm-bsp"
BBFILE_PATTERN_meta-arm-bsp = "^${LAYERDIR}/"
BBFILE_PRIORITY_meta-arm-bsp = "5"
LAYERSERIES_COMPAT_meta-arm-bsp = "styhead"
LAYERSERIES_COMPAT_meta-arm-bsp = "styhead walnascar"
LAYERDEPENDS_meta-arm-bsp = "core meta-arm"
# This won't be used by layerindex-fetch, but works everywhere else
@@ -28,3 +28,5 @@ BBFILES_DYNAMIC += " \
WARN_QA:append:layer-meta-arm-bsp = " patch-status"
addpylib ${LAYERDIR}/lib oeqa
IMAGE_ROOTFS_EXTRA_ARGS ?= ""
+4 -4
View File
@@ -4,7 +4,7 @@
#@NAME: Armv8-A Base Platform FVP machine
#@DESCRIPTION: Machine configuration for Armv8-A Base Platform FVP model
require conf/machine/include/arm/arch-armv8-4a.inc
require conf/machine/include/arm/arch-armv8-5a.inc
ARM_SYSTEMREADY_FIRMWARE = "trusted-firmware-a:do_deploy"
ARM_SYSTEMREADY_ACS_CONSOLE = "default"
@@ -57,9 +57,9 @@ FVP_CONFIG[cluster1.stage12_tlb_size] ?= "1024"
FVP_CONFIG[bp.secureflashloader.fname] ?= "bl1-fvp.bin"
FVP_CONFIG[bp.flashloader0.fname] ?= "fip-fvp.bin"
FVP_CONFIG[bp.virtioblockdevice.image_path] ?= "${IMAGE_NAME}.wic"
# Set the baseline to ARMv8.4, as the default is 8.0.
FVP_CONFIG[cluster0.has_arm_v8-4] = "1"
FVP_CONFIG[cluster1.has_arm_v8-4] = "1"
# Set the baseline to ARMv8.5, as the default is 8.0.
FVP_CONFIG[cluster0.has_arm_v8-5] = "1"
FVP_CONFIG[cluster1.has_arm_v8-5] = "1"
FVP_CONSOLES[default] = "terminal_0"
FVP_TERMINALS[bp.terminal_0] ?= "Console"
FVP_TERMINALS[bp.terminal_1] ?= ""
@@ -14,7 +14,8 @@ TFA_BL2_BINARY = "bl2-corstone1000.bin"
TFA_FIP_BINARY = "fip-corstone1000.bin"
# optee
PREFERRED_VERSION_optee-os ?= "4.2.%"
PREFERRED_VERSION_optee-os ?= "4.4.%"
PREFERRED_VERSION_optee-client ?= "4.4.%"
# Trusted Services
TS_PLATFORM = "arm/corstone1000"
@@ -34,7 +35,7 @@ IMAGE_CMD:wic[vardeps] += "GRUB_LINUX_APPEND"
# Linux kernel
PREFERRED_PROVIDER_virtual/kernel ?= "linux-yocto"
PREFERRED_VERSION_linux-yocto ?= "6.10.%"
PREFERRED_VERSION_linux-yocto ?= "6.12.%"
KERNEL_IMAGETYPE = "Image"
KERNEL_IMAGETYPE:firmware = "Image.gz"
# add FF-A support in the kernel
@@ -63,3 +64,6 @@ ARM_SYSTEMREADY_FIRMWARE = "${FIRMWARE_DEPLOYMENT}:do_deploy \
corstone1000-esp-image:do_image_complete \
"
ARM_SYSTEMREADY_ACS_CONSOLE ?= "default"
# Workaround IMAGE_ROOTFS_EXTRA_SPACE being ignored when images are repacked
IMAGE_ROOTFS_EXTRA_ARGS += "--extra-space ${@${IMAGE_ROOTFS_EXTRA_SPACE}}K"
+4
View File
@@ -26,6 +26,10 @@ EFI_PROVIDER ?= "${@bb.utils.contains("DISTRO_FEATURES", "systemd", "systemd-boo
SERIAL_CONSOLES ?= "115200;ttyAMA0 115200;hvc0"
EXTRA_IMAGEDEPENDS += "edk2-firmware"
# FIXME - Currently seeing a kernel warning for the CPU topology when bumping
# the version past this. The issue is being tracked in
# https://github.com/tianocore/edk2-platforms/issues/752
PREFERRED_VERSION_edk2-firmware ?= "202408%"
QB_SYSTEM_NAME = "qemu-system-aarch64"
QB_MACHINE = "-machine sbsa-ref"
+42 -4
View File
@@ -7,18 +7,56 @@
require conf/machine/include/arm/armv8-2a/tune-cortexa75.inc
EXTRA_IMAGEDEPENDS += "virtual/control-processor-firmware"
EXTRA_IMAGEDEPENDS += "trusted-firmware-a"
KERNEL_IMAGETYPE ?= "Image"
PREFERRED_PROVIDER_virtual/kernel ?= "linux-yocto"
SERIAL_CONSOLES = "115200;ttyAMA0"
#grub-efi
EFI_PROVIDER ?= "grub-efi"
EFI_PROVIDER ?= "${@bb.utils.contains("DISTRO_FEATURES", "systemd", "systemd-boot", "grub-efi", d)}"
MACHINE_FEATURES += "efi"
IMAGE_FSTYPES += "cpio.gz wic"
IMAGE_NAME_SUFFIX = ""
IMAGE_CLASSES += "fvpboot"
WKS_FILE ?= "sgi575-efidisk.wks"
WKS_FILE ?= "efi-disk.wks.in"
WKS_FILE_DEPENDS:append = " ${EXTRA_IMAGEDEPENDS}"
# testimage config
TEST_TARGET = "OEFVPTarget"
#TEST_TARGET_IP = "127.0.0.1:222"
TEST_SUITES = "fvp_boot"
# FVP Config
FVP_PROVIDER ?= "fvp-sgi575-native"
FVP_EXE ?= "FVP_CSS_SGI-575"
# Virtio-Net configuration
FVP_CONFIG[board.virtio_net.enabled] ?= "1"
FVP_CONFIG[board.virtio_net.hostbridge.userNetworking] ?= "1"
FVP_CONFIG[board.virtio_net.hostbridge.userNetPorts] = "2222=22"
FVP_CONFIG[board.virtioblockdevice.image_path] ?= "${IMAGE_NAME}.wic"
#FVP_CONFIG[cache_state_modelled] ?= "0"
FVP_CONFIG[css.cmn600.mesh_config_file] = "SGI-575_cmn600.yml"
FVP_CONFIG[css.cmn600.force_rnsam_internal] ?= "false"
FVP_CONFIG[css.gic_distributor.ITS-device-bits] ?= "20"
FVP_DATA ?= "css.scp.armcortexm7ct=scp_ramfw.bin@0x0BD80000"
FVP_CONFIG[css.mcp.ROMloader.fname] ?= "mcp_romfw.bin"
FVP_CONFIG[css.scp.ROMloader.fname] ?= "scp_romfw.bin"
FVP_CONFIG[css.trustedBootROMloader.fname] ?= "bl1-sgi575.bin"
FVP_CONFIG[board.flashloader0.fname] ?= "fip-sgi575.bin"
FVP_CONSOLES[default] = "terminal_uart_ap"
FVP_TERMINALS[css.scp.terminal_uart_aon] ?= "SCP Console"
FVP_TERMINALS[css.mcp.terminal_uart0] ?= ""
FVP_TERMINALS[css.mcp.terminal_uart1] ?= ""
FVP_TERMINALS[css.terminal_uart_ap] ?= "Console"
FVP_TERMINALS[css.terminal_uart1_ap] ?= ""
FVP_TERMINALS[soc.terminal_s0] ?= ""
FVP_TERMINALS[soc.terminal_s1] ?= ""
FVP_TERMINALS[soc.terminal_mcp] ?= ""
FVP_TERMINALS[board.terminal_0] ?= ""
FVP_TERMINALS[board.terminal_1] ?= ""
@@ -11,6 +11,69 @@ This document contains a summary of the new features, changes and
fixes in each release of Corstone-1000 software stack.
***************
Version 2024.11
***************
Changes
=======
- Implementation of a replication strategy for FWU metadata in TF-M according to the FWU specification.
- Upgrade to metadata version 2 in TF-M.
- Increase the ITS and PS memory size in Secure Flash for TF-M.
- SW components upgrades.
- Bug fixes.
Corstone-1000 components versions
=================================
+-------------------------------------------+-----------------------------------------------------+
| linux-yocto | 6.10.14 |
+-------------------------------------------+-----------------------------------------------------+
| u-boot | 2023.07.02 |
+-------------------------------------------+-----------------------------------------------------+
| external-system | 0.1.0 |
+-------------------------------------------+-----------------------------------------------------+
| optee-client | 4.2.0 |
+-------------------------------------------+-----------------------------------------------------+
| optee-os | 4.2.0 |
+-------------------------------------------+-----------------------------------------------------+
| trusted-firmware-a | 2.11.0 |
+-------------------------------------------+-----------------------------------------------------+
| trusted-firmware-m | 2.1.0 |
+-------------------------------------------+-----------------------------------------------------+
| libts | 602be60719 |
+-------------------------------------------+-----------------------------------------------------+
| ts-newlib | 4.1.0 |
+-------------------------------------------+-----------------------------------------------------+
| ts-psa-{crypto, iat, its. ps}-api-test | 74dc6646ff |
+-------------------------------------------+-----------------------------------------------------+
| ts-sp-{se-proxy, smm-gateway} | 602be60719 |
+-------------------------------------------+-----------------------------------------------------+
Yocto distribution components versions
======================================
+-------------------------------------------+------------------------------+
| meta-arm | styhead |
+-------------------------------------------+------------------------------+
| poky | 5465094be9 |
+-------------------------------------------+------------------------------+
| meta-openembedded | 461d85a183 |
+-------------------------------------------+------------------------------+
| meta-secure-core | 59d7e90542 |
+-------------------------------------------+------------------------------+
| busybox | 1.36.1 |
+-------------------------------------------+------------------------------+
| musl | 1.2.5 |
+-------------------------------------------+------------------------------+
| gcc-arm-none-eabi | 13.3.rel1 |
+-------------------------------------------+------------------------------+
| gcc-cross-aarch64 | 14.2.0 |
+-------------------------------------------+------------------------------+
| openssl | 3.3.1 |
+-------------------------------------------+------------------------------+
***************
Version 2024.06
***************
@@ -1,3 +1,8 @@
# SPDX-FileCopyrightText: <text>Copyright 2020-2024 Arm Limited and/or its
# affiliates <open-source-office@arm.com></text>
#
# SPDX-License-Identifier: MIT
# Configuration file for the Sphinx documentation builder.
#
# This file only contains a selection of the most common options. For a full
@@ -50,6 +55,9 @@ exclude_patterns = ['_build', 'Thumbs.db', '.DS_Store', 'docs/infra']
# a list of builtin themes.
#
html_theme = 'sphinx_rtd_theme'
html_theme_options = {
'flyout_display': 'attached',
}
# Define the canonical URL if you are using a custom domain on Read the Docs
html_baseurl = os.environ.get("READTHEDOCS_CANONICAL_URL", "")
@@ -19,6 +19,12 @@ intended for safety-critical applications. Should Your Software or Your Hardware
prove defective, you assume the entire cost of all necessary servicing, repair
or correction.
***********************
Release notes - 2024.11
***********************
The same notes as the 2024.06 release still apply.
***********************
Release notes - 2024.06
***********************
@@ -38,6 +44,16 @@ Platform Support
- This software release is tested on Corstone-1000 Fast Model platform (FVP) version 11.23_25
https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps
SystemReady IR v2.0 Certification Milestone
-------------------------------------------
As of this release, Corstone-1000 has achieved `SystemReady IR v2.0 certification <https://www.arm.com/architecture/system-architectures/systemready-certification-program/ve>`__.
This milestone confirms compliance with the SystemReady IR requirements, ensuring broader compatibility and reliability for deployment.
Applied patch `313ad2a0e600 <https://git.yoctoproject.org/meta-arm/commit/?h=scarthgap&id=313ad2a0e600655d9bfbe53646e356372ff02644>`__ to address compatibility requirements for SystemReady IR v2.0.
This update is included in tag `CORSTONE1000-2024.06-systemready-ir-v2.0 <https://git.yoctoproject.org/meta-arm/tag/?h=CORSTONE1000-2024.06-systemready-ir-v2.0>`__ and builds on the `CORSTONE1000-2024.06` release.
***********************
Release notes - 2023.11
***********************
@@ -1,10 +1,10 @@
..
# Copyright (c) 2022-2024, Arm Limited.
# Copyright (c) 2022-2025, Arm Limited.
#
# SPDX-License-Identifier: MIT
######################
Software architecture
Software Architecture
######################
@@ -20,7 +20,7 @@ Corstone-1000 software plus hardware reference solution is PSA Level-2 ready
certified (`PSA L2 Ready`_) as well as System Ready IR certified(`SRIR cert`_).
More information on the Corstone-1000 subsystem product and design can be
found at:
`Arm corstone1000 Software`_ and `Arm corstone1000 Technical Overview`_.
`Arm Corstone-1000 Software`_ and `Arm Corstone-1000 Technical Overview`_.
This readme explicitly focuses on the software part of the solution and
provides internal details on the software components. The reference
@@ -46,7 +46,7 @@ Each subsystem provides different functionality to overall SoC.
The Secure Enclave System, provides PSA Root of Trust (RoT) and
cryptographic functions. It is based on an Cortex-M0+ processor,
cryptographic functions. It is based on a Cortex-M0+ processor,
CC312 Cryptographic Accelerator and peripherals, such as watchdog and
secure flash. Software running on the Secure Enclave is isolated via
hardware for enhanced security. Communication with the Secure Encalve
@@ -57,7 +57,7 @@ TrustedFirmware-M(`TF-M`_) as runtime software. The software design on
Secure Enclave follows Firmware Framework for M class
processor (`FF-M`_) specification.
The Host System is based on ARM Cotex-A35 processor with standardized
The Host System is based on ARM Cortex-A35 processor with standardized
peripherals to allow for the booting of a Linux OS. The Cortex-A35 has
the TrustZone technology that allows secure and non-secure security
states in the processor. The software design in the Host System follows
@@ -80,7 +80,7 @@ development.
Overall, the Corstone-1000 architecture is designed to cover a range
of Power, Performance, and Area (PPA) applications, and enable extension
for use-case specific applications, for example, sensors, cloud
connectivitiy, and edge computing.
connectivity, and edge computing.
*****************
Secure Boot Chain
@@ -116,7 +116,7 @@ BL1_1 also compares the BL1_2 hash with the hash saved to the OTP. The BL1_2
verifies and transfers control to the next bootstage which is the BL2. During the
verification, the BL1_2 compares the BL2 image's computed hash with the BL2 hash in
the OTP. The BL2 is MCUBoot in the system. BL2 can provision additional keys on the
first boot and it authenticates the initial bootloader of the host (Host TF-A BL2)
first boot and it authenticates the initial bootloader of the host (Host Trusted Firmware-A BL2)
and TF-M by checking the signatures of the images.
The MCUBoot handles the image verification the following way:
@@ -145,9 +145,52 @@ limitations:
comparing the computed hash to the hash which is stored in the OTP. This means the
BL2 is not updatable.
Host Level Authentication
=========================
The host follows the boot standard defined in the `TBBR`_ to authenticate the
secure and non-secure software.
The Firmware Image Package (FIP) packs bootloader images and other payloads into a
single archive. The FIP for Corstone-1000 contains:
- Trusted Boot Firmware BL2
- EL3 Runtime Firmware BL31
- Secure Payload BL32 (Trusted OS)
- Non-Trusted Firmware BL33,
- TOS_FW_CONFIG
- key & content certificates
TF-M does not check the FIP signature, it only checks the Trsuted Firmware-A (TF-A) BL2's signature
in the FIP. The TF-M BL2 (MCUBoot) gets the offset for the TF-A BL2 by parsing the
GUID Partition Table (GPT) to find the FIP offset, then parsing the FIP to get the offset for the
TF-A BL2. Finally, MCUBoot loads and validates the TF-A BL2 image.
The implicitly trusted components are:
- A SHA-256 hash of the Root of Trust Public Key (ROTPK). A development ROTPK
is used and its hash embedded into the TF-A BL2 image (only for development purposes).
This public key is provided by TF-A source-code.
- In case of Corstone-1000, the TF-A BL2 image, can be trusted because it has been verified
by the secure enclave's BL2 (MCUBoot) before starting TF-A.
The remaining components in the Chain of Trust (CoT) are either certificates or bootloader images.
BL images authentication using the FIP certificates:
- The certificates are categorized as "Key" and "Content" certificates.
The key certificates are used to verify public keys which have been used to sign
content certificates. The content certificates are used to store the hash of a
boot loader image. An image can be authenticated by calculating its hash and
matching it with the hash extracted from the content certificate.
Verification of the certificates:
- The public keys defined in the Trusted Key certificate are used to verify the
later certificates in the CoT process. The Trusted Key certificate is
verified with the Root of Trust Public Key.
For UEFI Secure Boot, authenticated variables can be accessed from the secure flash.
The feature has been integrated in U-Boot, which authenticates the images as per the UEFI
specification before executing them.
@@ -213,15 +256,18 @@ Image (the initramfs bundle). The new images are accepted in the form of a UEFI
When Firmware update is triggered, U-Boot verifies the capsule by checking the
capsule signature, version number and size. Then it signals the Secure Enclave
that can start writing UEFI capsule into the flash. Once this operation finishes
,Secure Enclave resets the entire system.
that can start writing UEFI capsule into the flash.
Once this operation finishes, Secure Enclave resets the entire system.
The Metadata Block in the flash has the below firmware update state machine.
TF-M runs an OTA service that is responsible for accepting and updating the
images in the flash. The communication between the UEFI Capsule update
subsystem and the OTA service follows the same data path explained above.
The OTA service writes the new images to the passive bank after successful
capsule verification. It changes the state of the system to trial state and
triggers the reset. Boot loaders in Secure Enclave and Host read the Metadata
triggers the reset.
Boot loaders in Secure Enclave and Host read the Metadata
block to get the information on the boot bank. In the successful trial stage,
the acknowledgment from the host moves the state of the system from trial to
regular. Any failure in the trial stage or system hangs leads to a system
@@ -258,17 +304,17 @@ calls are forwarded to the Secure Enclave as explained above.
***************
References
***************
`ARM corstone1000 Search`_
`ARM Corstone-1000 Search`_
`Arm security features`_
--------------
*Copyright (c) 2022-2023, Arm Limited. All rights reserved.*
*Copyright (c) 2022-2024, Arm Limited. All rights reserved.*
.. _Arm corstone1000 Technical Overview: https://developer.arm.com/documentation/102360/0000
.. _Arm corstone1000 Software: https://developer.arm.com/Tools%20and%20Software/Corstone-1000%20Software
.. _Arm corstone1000 Search: https://developer.arm.com/search#q=corstone-1000
.. _Arm Corstone-1000 Technical Overview: https://developer.arm.com/documentation/102360/0000
.. _Arm Corstone-1000 Software: https://developer.arm.com/Tools%20and%20Software/Corstone-1000%20Software
.. _Arm Corstone-1000 Search: https://developer.arm.com/search#q=corstone-1000
.. _Arm security features: https://www.arm.com/architecture/security-features/platform-security
.. _linux repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/
.. _FF-A: https://developer.arm.com/documentation/den0077/latest
@@ -18,16 +18,17 @@ for more information.
Prerequisites
-------------
This guide assumes that your host machine is running Ubuntu 20.04 LTS, with at least
This guide assumes that your host machine is running Ubuntu 20.04 LTS ( with ``sudo`` rights), with at least
32GB of free disk space and 16GB of RAM as minimum requirement.
The following prerequisites must be available on the host system:
- Git 1.8.3.1 or greater
- Git 1.8.3.1 or greater.
- Python 3.8.0 or greater.
- GNU Tar 1.28 or greater
- GNU Tar 1.28 or greater.
- GNU Compiler Collection 8.0 or greater.
- GNU Make 4.0 or greater
- GNU Make 4.0 or greater.
- tmux.
Please follow the steps described in the Yocto mega manual:
@@ -49,7 +50,7 @@ The Corstone-1000 software stack can be run on:
Yocto Stable Branch
-------------------
Corstone-1000 software stack is built on top of Yocto scarthgap release.
Corstone-1000 software stack is built on top of Yocto styhead release.
Software Components
-------------------
@@ -58,7 +59,7 @@ a `BitBake recipe <https://docs.yoctoproject.org/bitbake/2.2/bitbake-user-manual
The recipes specific to the Corstone-1000 BSP are located at:
``$WORKSPACE/meta-arm/meta-arm-bsp/``.
.. note::
.. important::
``$WORKSPACE`` refers to the absolute path to your workspace where the `meta-arm` repository will be cloned.
@@ -83,16 +84,49 @@ Host Processor Components
+----------+-----------------------------------------------------------------------------------------------------+
| bbappend | ``$WORKSPACE/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend`` |
+----------+-----------------------------------------------------------------------------------------------------+
| Recipe | ``$WORKSPACE/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.10.4.bb`` |
| Recipe | ``$WORKSPACE/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.11.0.bb`` |
+----------+-----------------------------------------------------------------------------------------------------+
`Trusted Services <https://trusted-services.readthedocs.io/en/latest/index.html>`__
====================================================================================
+----------+-----------------------------------------------------------------------------------------------------------+
| bbappend | ``$WORKSPACE/meta-arm/meta-arm-bsp/recipes-security/trusted-services/libts_%.bbappend`` |
+----------+-----------------------------------------------------------------------------------------------------------+
| bbappend | ``$WORKSPACE/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-crypto-api-test_%.bbappend`` |
+----------+-----------------------------------------------------------------------------------------------------------+
| bbappend | ``$WORKSPACE/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-iat-api-test_%.bbappend`` |
+----------+-----------------------------------------------------------------------------------------------------------+
| bbappend | ``$WORKSPACE/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-its-api-test_%.bbappend`` |
+----------+-----------------------------------------------------------------------------------------------------------+
| bbappend | ``$WORKSPACE/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-ps-api-test_%.bbappend`` |
+----------+-----------------------------------------------------------------------------------------------------------+
| bbappend | ``$WORKSPACE/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-se-proxy_%.bbappend`` |
+----------+-----------------------------------------------------------------------------------------------------------+
| bbappend | ``$WORKSPACE/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-smm-gateway_%.bbappend`` |
+----------+-----------------------------------------------------------------------------------------------------------+
| Recipe | ``$WORKSPACE/meta-arm/meta-arm/recipes-security/trusted-services/libts_git.bb`` |
+----------+-----------------------------------------------------------------------------------------------------------+
| Recipe | ``$WORKSPACE/meta-arm/meta-arm/recipes-security/trusted-services/ts-psa-crypto-api-test_git.bb`` |
+----------+-----------------------------------------------------------------------------------------------------------+
| Recipe | ``$WORKSPACE/meta-arm/meta-arm/recipes-security/trusted-services/ts-psa-iat-api-test_git.bb`` |
+----------+-----------------------------------------------------------------------------------------------------------+
| Recipe | ``$WORKSPACE/meta-arm/meta-arm/recipes-security/trusted-services/ts-psa-its-api-test_git.bb`` |
+----------+-----------------------------------------------------------------------------------------------------------+
| Recipe | ``$WORKSPACE/meta-arm/meta-arm/recipes-security/trusted-services/ts-psa-ps-api-test_git.bb`` |
+----------+-----------------------------------------------------------------------------------------------------------+
| Recipe | ``$WORKSPACE/meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-smm-gateway.bb`` |
+----------+-----------------------------------------------------------------------------------------------------------+
| Recipe | ``$WORKSPACE/meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-se-proxy.bb`` |
+----------+-----------------------------------------------------------------------------------------------------------+
`OP-TEE <https://git.trustedfirmware.org/OP-TEE/optee_os.git>`__
================================================================
+----------+----------------------------------------------------------------------------------------+
| bbappend | ``$WORKSPACE/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_4.%.bbappend`` |
+----------+----------------------------------------------------------------------------------------+
| Recipe | ``$WORKSPACE/meta-arm/meta-arm/recipes-security/optee/optee-os_4.1.0.bb`` |
| Recipe | ``$WORKSPACE/meta-arm/meta-arm/recipes-security/optee/optee-os_4.2.0.bb`` |
+----------+----------------------------------------------------------------------------------------+
`U-Boot <https://github.com/u-boot/u-boot.git>`__
@@ -116,7 +150,7 @@ The provided distribution is based on `BusyBox <https://www.busybox.net/>`__ and
+-----------+----------------------------------------------------------------------------------------------+
| bbappend | ``$WORKSPACE/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto_%.bbappend`` |
+-----------+----------------------------------------------------------------------------------------------+
| Recipe | ``$WORKSPACE/poky/meta/recipes-kernel/linux/linux-yocto_6.6.bb`` |
| Recipe | ``$WORKSPACE/poky/meta/recipes-kernel/linux/linux-yocto_6.12.bb`` |
+-----------+----------------------------------------------------------------------------------------------+
| defconfig | ``$WORKSPACE/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/corstone1000/defconfig`` |
+-----------+----------------------------------------------------------------------------------------------+
@@ -131,7 +165,7 @@ Secure Enclave Components
+----------+-----------------------------------------------------------------------------------------------------+
| bbappend | ``$WORKSPACE/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m_%.bbappend`` |
+----------+-----------------------------------------------------------------------------------------------------+
| Recipe | ``$WORKSPACE/meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_2.0.0.bb`` |
| Recipe | ``$WORKSPACE/meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_2.1.0.bb`` |
+----------+-----------------------------------------------------------------------------------------------------+
************************************
@@ -182,7 +216,7 @@ Build
.. code-block:: console
cd $WORKSPACE
git clone https://git.yoctoproject.org/git/meta-arm -b CORSTONE1000-2024.06
git clone https://git.yoctoproject.org/git/meta-arm -b CORSTONE1000-2024.11
#. Build a Corstone-1000 image:
@@ -414,7 +448,7 @@ instructions of the installer to setup the FVP.
.. code-block:: console
kas shell meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml \
-c "../meta-arm/scripts/runfvp --terminals=xterm"
-c "../meta-arm/scripts/runfvp --terminals=tmux"
When the script is executed, three terminal instances will be launched:
@@ -460,14 +494,13 @@ Clean Secure Flash
.. code-block:: console
cd $WORKSPACE
git clone https://git.gitlab.arm.com/arm-reference-solutions/systemready-patch.git -b CORSTONE1000-2024.06
git clone https://git.gitlab.arm.com/arm-reference-solutions/systemready-patch.git -b CORSTONE1000-2024.11
#. Copy the secure flash cleaning Git patch file to your copy of `meta-arm`.
.. code-block:: console
cp -f systemready-patch/embedded-a/corstone1000/erase_flash/0001-embedded-a-corstone1000-clean-secure-flash.patch meta-arm
cd meta-arm
#. Apply the Git patch to `meta-arm`.
@@ -481,7 +514,9 @@ Clean Secure Flash
.. code-block:: console
cd $WORKSPACE
kas build meta-arm/kas/corstone1000-mps3.yml:meta-arm/ci/debug.yml
kas shell meta-arm/kas/corstone1000-mps3.yml:meta-arm/ci/debug.yml
bitbake -c cleansstate trusted-firmware-m corstone1000-flash-firmware-image
bitbake -c build corstone1000-flash-firmware-image
#. Replace the ``bl1.bin`` file on the SD card with ``$WORKSPACE/build/tmp/deploy/images/corstone1000-mps3/bl1.bin``.
@@ -495,6 +530,15 @@ Clean Secure Flash
NOW YOU CAN FLASH THE ACTUAL CORSTONE1000 IMAGE
PLEASE REMOVE THE LATEST ERASE SECURE FLASH PATCH AND BUILD THE IMAGE AGAIN
#. Whilst still in the ``kas`` shell, revert the changes the patch introduced by running the following commands:
.. code-block:: console
cd $WORKSPACE/meta-arm
git reset --hard
cd ..
bitbake -c cleansstate trusted-firmware-m corstone1000-flash-firmware-image
exit
#. Follow the `instructions <building-the-software-stack_>`__ to build a clean software stack and flash the MPS3 with it.
@@ -561,7 +605,7 @@ MPS3
.. code-block:: console
sudo dd \
if=$WORKSPACE/build/tmp/deploy/images/corstone1000-mps3/corstone1000-esp-image-costickrstone1000-mps3.wic \
if=$WORKSPACE/build/tmp/deploy/images/corstone1000-mps3/corstone1000-esp-image-corstone1000-mps3.wic \
of=/dev/sdb \
iflag=direct oflag=direct status=progress bs=512; sync;
@@ -625,8 +669,6 @@ This sections below describe how to build and run ACS tests on Corstone-1000.
.. _mps3-instructions-for-acs-image:
MPS3
====
#. On your host development machine, clone the `Arm SystemReady ACS repository <https://github.com/ARM-software/arm-systemready/>`_.
@@ -647,6 +689,16 @@ MPS3
and full USB support for Corstone-1000 will be available in the repository with the next
SystemReady release.
#. Decompress the pre-built ACS live image.
.. code-block:: console
cd $WORKSPACE/arm-systemready/IR/prebuilt_images/v23.09_2.1.0
unxz ir-acs-live-image-generic-arm64.wic.xz
MPS3
====
#. Connect a USB drive (other than the one used for the ESP) to the host development machine.
#. Run the following command to discover which device is your USB drive:
@@ -666,7 +718,6 @@ MPS3
.. code-block:: console
cd $WORKSPACE/arm-systemready/IR/prebuilt_images/v23.09_2.1.0
unxz ir-acs-live-image-generic-arm64.wic.xz
sudo dd if=ir-acs-live-image-generic-arm64.wic of=/dev/sdc iflag=direct oflag=direct bs=1M status=progress; sync
#. Plug the USB drive to the MPS3. At this point you should have both the USB drive with the ESP and the USB drive with the ACS image plugged to the MPS3.
@@ -679,29 +730,48 @@ The MPS3 will reset multiple times during the test, and it might take approximat
Unplug the ESP USB drive from the MPS3 if it is preventing GRUB
from finding the bootable partition. Leave only the ACS image USB drive
plugged in to run the ACS tests. The ESP USB drive can be plugged in again after
the platform is booted to Linux at the end of the ACS tests.
plugged in to run the ACS tests.
The ESP USB drive can be plugged in again after
selecting the `Linux Boot` option in the GRUB menu at the end of the ACS tests.
.. warning::
A timeout issue has been observed while booting Linux during the ACS tests, causing the system to boot into emergency mode.
Booting Linux is necessary to run certain tests, such as `dt-validation`.
The following workaround is required to enable Linux to boot properly and perform all Linux-based tests:
#. Press Enter at the Linux prompt.
#. Open the file `/etc/systemd/system.conf` and set `DefaultDeviceTimeoutSec=infinity`.
#. Reboot the platform using the `reboot` command.
#. Select the `Linux Boot` option from the GRUB menu.
#. Allow Linux to boot and run the remaining ACS tests until completion.
.. _fvp-instructions-for-acs-image:
FVP
===
FVP has been integrated in the `meta-arm-systemready Yocto layer <https://git.yoctoproject.org/meta-arm/plain/meta-arm-systemready>`__.
Find more details about the `meta-arm-systemready` Yocto layer from its `README <https://git.yoctoproject.org/meta-arm/plain/meta-arm-systemready/README.md>`__ file.
Run the following command to build the firmware image with the specific kas configuration file for building an image with the ACS tests baked in:
Run the commands below to run the ACS test on FVP using the built firmware image and the pre-built ACS image identified above:
.. code-block:: console
kas build meta-arm/ci/corstone1000-fvp.yml:meta-arm/ci/debug.yml:meta-arm/kas/arm-systemready-ir-acs.yml
cd $WORKSPACE
tmux
./meta-arm/scripts/runfvp \
--terminals=tmux \
./build/tmp/deploy/images/corstone1000-fvp/corstone1000-flash-firmware-image-corstone1000-fvp.fvpconf \
-- -C board.msd_mmc.p_mmc_file=$WORKSPACE/arm-systemready/IR/prebuilt_images/v23.09_2.1.0/ir-acs-live-image-generic-arm64.wic
.. note::
The FVP will reset multiple times during the test.
The ACS tests might take up to 1 day to complete when run on FVP.
The message `ACS run is completed` will be displayed on the FVP host terminal when the test runs to completion.
You will be prompted to press the Enter key to access the Linux prompt.
Test Sequence and Results
=========================
@@ -718,8 +788,14 @@ The results can be fetched from the `acs_results` folder in the ``BOOT`` partiti
.. note::
The FVP uses the ``$WORKSPACE/build/tmp-glibc/work/corstone1000_fvp-oe-linux/arm-systemready-ir-acs/2.0.0/deploy-arm-systemready-ir-acs/arm-systemready-ir-acs-corstone1000-fvp.wic``
image if the `meta-arm-systemready` Yocto layer is used. The results can be checked in this image.
Access the `acs_results` folder in FVP by running the following commands:
.. code-block:: console
sudo mkdir /mnt/test
sudo mount -o rw,offset=1048576 \
$WORKSPACE/arm-systemready/IR/prebuilt_images/v23.09_2.1.0/ir-acs-live-image-generic-arm64.wic \
/mnt/test
#####################################################
@@ -781,10 +857,18 @@ Run the following commands to generate an invalid capsule with a ``fw-version``
--private-key build/tmp/deploy/images/corstone1000-$TARGET/corstone1000_capsule_key.key \
--certificate build/tmp/deploy/images/corstone1000-$TARGET/corstone1000_capsule_cert.crt \
--index 1 \
--guid df1865d1-90fb-4d59-9c38-c9f2c1bba8cc \
--guid $TARGET_GUID \
--fw-version 5 build/tmp/deploy/images/corstone1000-$TARGET/corstone1000-$TARGET_image.nopt \
corstone1000-$TARGET-v5.uefi.capsule
.. important::
``$TARGET_GUID`` is different depending on whether the capsule is built for the ``fvp`` or ``mps3`` ``$TARGET``.
- ``fvp`` ``$TARGET_GUID`` is ``989f3a4e-46e0-4cd0-9877-a25c70c01329``
- ``mps3`` ``$TARGET_GUID`` is ``df1865d1-90fb-4d59-9c38-c9f2c1bba8cc``
The invalid capsule will be located in the ``$WORKSPACE`` directory.
***************************
@@ -889,7 +973,7 @@ Positive Capsule Update Test
.. code-block:: console
kas shell meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml \
-c "../meta-arm/scripts/runfvp --terminals=xterm \
-c "../meta-arm/scripts/runfvp --terminals=tmux \
-- -C board.msd_mmc.p_mmc_file=$ACS_IMAGE_PATH/ir-acs-live-image-generic-arm64.wic"
.. warning::
@@ -911,9 +995,17 @@ Positive Capsule Update Test
#. Run the ``CapsuleApp`` application with the valid capsule file:
.. code-block:: console
- MPS3:
EFI/BOOT/app/CapsuleApp.efi corstone1000-$TARGET-v6.uefi.capsule
.. code-block:: console
EFI/BOOT/app/CapsuleApp.efi EFI/BOOT/corstone1000-mps3-v6.uefi.capsule
- FVP:
.. code-block:: console
EFI/BOOT/app/CapsuleApp.efi corstone1000-fvp-v6.uefi.capsule
The capsule update will be started.
@@ -1013,11 +1105,25 @@ Negative Capsule Update Test
Press ESC in 4 seconds to skip startup.nsh or any other key to continue.
#. Run the ``CapsuleApp`` application with the invalid capsule file:
#. Access the content of the first file system (``File System 0``) where we copied the capsule files by running the following command:
.. code-block:: console
EFI/BOOT/app/CapsuleApp.efi corstone1000-$TARGET-v5.uefi.capsule
FS0:
#. Run the ``CapsuleApp`` application with the invalid capsule file:
- MPS3:
.. code-block:: console
EFI/BOOT/app/CapsuleApp.efi EFI/BOOT/corstone1000-mps3-v5.uefi.capsule
- FVP:
.. code-block:: console
EFI/BOOT/app/CapsuleApp.efi corstone1000-fvp-v5.uefi.capsule
#. TrustedFirmware-M should reject the capsule due to having a lower firmware version and display the following log on the Secure Enclave terminal (``ttyUSB1``):
@@ -1107,83 +1213,6 @@ The Linux distributions to be installed are:
Follow the instructions below to install the Linux distributions to the Corstone-1000 software stack.
***********************************
Apply Patch for Debian Installation
***********************************
.. warning::
**!!Debian ONLY!!**
There is a known issue in `Shim 15.7 <https://salsa.debian.org/efi-team/shim/-/tree/upstream/15.7?ref_type=tags>`__
provided with the Debian installer image.
This bug causes a fatal error when attempting to boot media installer for Debian, and resets the platform before installation starts.
A `patch <debian-skip-shim-patch>`__ to be applied to the Corstone-1000 software stack is provided to skip the Shim.
This patch makes U-Boot automatically bypass the Shim and run GRUB to allow
the user to proceed with a normal installation.
You are encourage to try a new installer if at the moment of reading this document the Shim problem has been solved.
Otherwise, please apply the patch as indicated by the instructions below.
#. Clone the repository containing the patch in your ``$WORKSPACE``:
.. code-block:: console
cd $WORKSPACE
git clone https://git.gitlab.arm.com/arm-reference-solutions/systemready-patch.git -b CORSTONE1000-2024.06
#. Copy the Git patch file to your local copy of `meta-arm` in your workspace:
.. code-block:: console
cp -f systemready-patch/embedded-a/corstone1000/shim/0001-arm-bsp-u-boot-corstone1000-Skip-the-shim-by-booting.patch meta-arm
#. Change the current working directory to your local copy of the `meta-arm` repository to apply the Git patch:
.. code-block:: console
cd meta-arm
git am 0001-arm-bsp-u-boot-corstone1000-Skip-the-shim-by-booting.patch
#. Change the current working directory back to your ``$WORKSPACE``:
.. code-block:: console
cd $WORKSPACE
#. Initialize a kas shell environment using the debug configuration file for your target to:
- remove build artefacts (for ``u-boot``, ``trusted-firmware-a``, and ``corstone1000-flash-firmware-image``)
- reset the state of those recipes
- re-build the ``corstone1000-flash-firmware-image`` recipe from scratch
.. code-block:: console
kas shell meta-arm/kas/corstone1000-$TARGET.yml:meta-arm/ci/debug.yml \
-c="bitbake u-boot trusted-firmware-a corstone1000-flash-firmware-image -c cleansstate; \
bitbake corstone1000-flash-firmware-image"
.. important::
On MPS3, replace the ``cs1000.bin`` on the SD card with the newly generated ``*.wic`` file.
.. warning::
The Corstone-1000 patch for Debian installation must be removed from `meta-arm` before running the software to boot openSUSE or
executing any other tests in this user guide.
Remove the patch and rebuild the ``corstone1000-flash-firmware-image`` recipe by running the following commands:
.. code-block:: console
cd $WORKSPACE/meta-arm
git reset --hard HEAD~1
cd $WORKSPACE
kas shell meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml \
-c="bitbake u-boot -c cleanall; bitbake trusted-firmware-a -c cleanall; \
bitbake corstone1000-flash-firmware-image -c cleanall; \
bitbake corstone1000-flash-firmware-image"
**************************
Prepare Installation Media
**************************
@@ -1194,7 +1223,7 @@ Follow the instructions below to create the installation media.
#. Using your development machine, download one of following Linux distribution images:
- `Debian installer image <https://cdimage.debian.org/mirror/cdimage/archive/12.4.0/arm64/iso-dvd/>`__
- `Debian installer image <https://cdimage.debian.org/mirror/cdimage/archive/12.7.0/arm64/iso-dvd/>`__
- `OpenSUSE Tumbleweed installer image <http://download.opensuse.org/ports/aarch64/tumbleweed/iso/>`__
.. note::
@@ -1246,7 +1275,7 @@ Corstone-1000 on-board non-volatile storage size is insufficient for installing
#. Do not yet connect this blank USB drive to the MPS3. It will be used as the primary drive to boot the distribution.
- FVP:
#. Create an 8GB GUID Partition Table (GPT) formatted MultiMediaCard (MMC) image.
#. Create an 10 GB GUID Partition Table (GPT) formatted MultiMediaCard (MMC) image.
.. code-block:: console
@@ -1295,7 +1324,7 @@ FVP
.. code-block:: console
kas shell meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml \
-c "../meta-arm/scripts/runfvp --terminals=xterm -- \
-c "../meta-arm/scripts/runfvp --terminals=tmux -- \
-C board.msd_mmc.p_mmc_file=$WORKSPACE/fvp_distro_system_drive.img \
-C board.msd_mmc_2.p_mmc_file=$DISTRO_INSTALLER_ISO_PATH"
@@ -1361,8 +1390,8 @@ Boot Distribution
.. code-block:: console
kas shell meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml \
-c "../meta-arm/scripts/runfvp --terminals=xterm -- \
-C board.msd_mmc.p_mmc_file=$WORKSPACE/fvp_distro_system_drive.img.img"
-c "../meta-arm/scripts/runfvp --terminals=tmux -- \
-C board.msd_mmc.p_mmc_file=$WORKSPACE/fvp_distro_system_drive.img"
.. warning::
@@ -1460,7 +1489,7 @@ Generate Keys, Signed Image and Unsigned Image
cd $WORKSPACE
git clone https://git.gitlab.arm.com/arm-reference-solutions/systemready-patch.git \
-b CORSTONE1000-2024.06
-b CORSTONE1000-2024.11
#. Set the current working directory to build directory's subdirectory containing the software stack build images.
@@ -1718,14 +1747,6 @@ The steps below are applicable to both MPS3 and FVP).
#. Start the Corstone-1000 and wait until it boots to Linux on the Host Processor terminal (``ttyUSB2``).
#. Verify that the `arm_tstee` driver is present.
.. code-block:: console
ls /sys/bus/arm_ffa/drivers | grep arm_tstee
``arm_tstee`` should be printed on the terminal to confirm that the driver is present.
#. Run the PSA API tests by running the commands below in the order shown:
.. code-block:: console
@@ -1747,13 +1768,13 @@ External System Processor
The Linux operating system running on the Host Processor starts the ``remoteproc`` framework to manage the External System Processor.
#. Start the External System Processor with the following command:
#. Stop the External System Processor with the following command:
.. code-block:: console
echo stop > /sys/class/remoteproc/remoteproc0/state
#. Stop the External System Processor with the following command:
#. Start the External System Processor with the following command:
.. code-block:: console
@@ -1811,7 +1832,7 @@ The build and integration instructions can be found in its `README <secure-debug
The `secure-debug-manager` repository also contains the private key and chain certificate to be used during the tests.
The private key's public pair is provisioned into the One-Time Programmable memory in TrustedFirmware-M. These are dummy keys that should not be used in production.
A debug probe (DSTREAM family) and an Arm Development Studio 2022.2 and 2022.c (or later) are needed to test the Secure Debug feature.
To test the Secure Debug feature, you'll need a debug probe from the DSTREAM family and Arm Development Studio versions 2022.2, 2022.c, or 2023.a.
#. Clone the `secure-debug-manager` repository to your workspace.
@@ -1821,6 +1842,13 @@ A debug probe (DSTREAM family) and an Arm Development Studio 2022.2 and 2022.c (
cd $WORKSPACE
git clone https://github.com/ARM-software/secure-debug-manager.git
#. Navigate into the repository directory and checkout the specific commit in the listing below.
.. code-block:: console
cd $WORKSPACE/secure-debug-manager
git checkout b30d6496ca749123e86b39b161b9f70ef76106d6
#. Follow the steps in the `secure-debug-manager`'s `README <secure-debug-manager-repo-readme_>`__ for the development machine setup.
#. Rebuild the software stack with Secure Debug.
@@ -1873,8 +1901,8 @@ A debug probe (DSTREAM family) and an Arm Development Studio 2022.2 and 2022.c (
Reports
-------
Various test reports for the `Corstone-1000 software (CORSTONE1000-2024.06) <https://git.yoctoproject.org/meta-arm/tag/?h=CORSTONE1000-2024.06>`__
release version are available for reference `here <https://gitlab.arm.com/arm-reference-solutions/arm-reference-solutions-test-report/-/tree/CORSTONE1000-2024.06/embedded-a/corstone1000/CORSTONE1000-2024.06?ref_type=tags>`__.
Various test reports for the `Corstone-1000 software (CORSTONE1000-2024.11) <https://git.yoctoproject.org/meta-arm/tag/?h=CORSTONE1000-2024.11>`__
release version are available for reference `here <https://gitlab.arm.com/arm-reference-solutions/arm-reference-solutions-test-report/-/tree/CORSTONE1000-2024.11/embedded-a/corstone1000/CORSTONE1000-2024.11?ref_type=tags>`__.
--------------
@@ -1882,5 +1910,4 @@ release version are available for reference `here <https://gitlab.arm.com/arm-re
*Copyright (c) 2022-2024, Arm Limited. All rights reserved.*
.. _Arm Ecosystem FVPs: https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps
.. _debian-skip-shim-patch: https://gitlab.arm.com/arm-reference-solutions/systemready-patch/-/blob/CORSTONE1000-2024.06/embedded-a/corstone1000/shim/0001-arm-bsp-u-boot-corstone1000-Skip-the-shim-by-booting.patch
.. _secure-debug-manager-repo-readme: https://github.com/ARM-software/secure-debug-manager/blob/master/README.md
+4 -4
View File
@@ -1,4 +1,4 @@
# Copyright (c) 2022, Arm Limited.
# Copyright (c) 2022-2024, Arm Limited.
#
# SPDX-License-Identifier: MIT
@@ -6,6 +6,6 @@
jinja2==3.1.1
# Required to build the documentation
sphinx~=5.0
sphinx_rtd_theme~=2.0.0
docutils==0.17.1
sphinx==7.1.2
sphinx_rtd_theme~=3.0.0
docutils~=0.18.1
@@ -3,3 +3,6 @@ NUMA: Failed to initialise from firmware
# TODO: we should be using bochsdrm over efifb?
efifb: cannot reserve video memory at 0x80000000
# TODO: debug why this sometimes happens
failed to find screen to remove
@@ -1,6 +1,5 @@
# Machine specific configurations
MACHINE_HAFNIUM_REQUIRE ?= ""
MACHINE_HAFNIUM_REQUIRE:tc = "hafnium-tc.inc"
require ${MACHINE_HAFNIUM_REQUIRE}
@@ -4,6 +4,5 @@ MACHINE_SCP_REQUIRE ?= ""
MACHINE_SCP_REQUIRE:juno = "scp-firmware-juno.inc"
MACHINE_SCP_REQUIRE:sgi575 = "scp-firmware-sgi575.inc"
MACHINE_SCP_REQUIRE:tc = "scp-firmware-tc.inc"
require ${MACHINE_SCP_REQUIRE}
@@ -0,0 +1,33 @@
From f5b2fa90e0c0324f31e72429e7a7382f49a25912 Mon Sep 17 00:00:00 2001
From: Shen Jiamin <shen_jiamin@comp.nus.edu.sg>
Date: Wed, 24 Jul 2024 18:58:55 +0800
Subject: [PATCH] fix(zynqmp): handle secure SGI at EL1 for OP-TEE
OP-TEE requires SGIs to be handled at S-EL1. The
Makefile was not properly setting the flag
GICV2_G0_FOR_EL3 to 0 when the SPD is OP-TEE.
Change-Id: I256afa37ddf4ad4a154c43d51807de670c3689bb
Signed-off-by: Shen Jiamin <shen_jiamin@comp.nus.edu.sg>
---
plat/xilinx/zynqmp/platform.mk | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Upstream-Status: Backport
diff --git a/plat/xilinx/zynqmp/platform.mk b/plat/xilinx/zynqmp/platform.mk
index c340009d0..22eceb621 100644
--- a/plat/xilinx/zynqmp/platform.mk
+++ b/plat/xilinx/zynqmp/platform.mk
@@ -21,7 +21,7 @@ ENABLE_LTO := 1
EL3_EXCEPTION_HANDLING := $(SDEI_SUPPORT)
# pncd SPD requires secure SGI to be handled at EL1
-ifeq (${SPD}, $(filter ${SPD},pncd tspd))
+ifeq (${SPD}, $(filter ${SPD},pncd tspd opteed))
ifeq (${ZYNQMP_WDT_RESTART},1)
$(error "Error: ZYNQMP_WDT_RESTART and SPD=pncd are incompatible")
endif
--
2.34.1
@@ -0,0 +1,33 @@
From b91c651e6d596cfe27448b19c8fb2f1168493827 Mon Sep 17 00:00:00 2001
From: Mikko Rapeli <mikko.rapeli@linaro.org>
Date: Mon, 15 Jan 2024 09:26:56 +0000
Subject: [PATCH] qemu_measured_boot.c: ignore TPM error and continue with boot
If firmware is configured with TPM support but it's missing
on HW, e.g. swtpm not started and/or configured with qemu,
then continue booting. Missing TPM is not a fatal error.
Enables testing boot without TPM device to see that
missing TPM is detected further up the SW stack and correct
fallback actions are taken.
Upstream-Status: Pending
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
---
plat/qemu/qemu/qemu_measured_boot.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/plat/qemu/qemu/qemu_measured_boot.c b/plat/qemu/qemu/qemu_measured_boot.c
index 76a4da17e6a9..ec7f44d3720d 100644
--- a/plat/qemu/qemu/qemu_measured_boot.c
+++ b/plat/qemu/qemu/qemu_measured_boot.c
@@ -80,7 +80,8 @@ void bl2_plat_mboot_finish(void)
* Note: In QEMU platform, OP-TEE uses nt_fw_config to get the
* secure Event Log buffer address.
*/
- panic();
+ ERROR("Ignoring TPM errors, continuing without\n");
+ return;
}
/* Copy Event Log to Non-secure memory */
@@ -62,3 +62,9 @@ EXTRA_OEMAKE += "FVP_DT_PREFIX=fvp-base-gicv3-psci-1t FVP_USE_GIC_DRIVER=FVP_GIC
# Our fvp-base machine explicitly has v8.4 cores
EXTRA_OEMAKE += "ARM_ARCH_MAJOR=8 ARM_ARCH_MINOR=4"
# If GENERATE_COT is set, then tf-a will try to use local poetry install
# to run the python cot-dt2c command. Disable the local poetry and use
# the provided cot-dt2c.
EXTRA_OEMAKE += "POETRY=''"
DEPENDS += "cot-dt2c-native"
@@ -11,3 +11,9 @@ TFA_UEFI = "1"
EXTRA_OEMAKE += "TRUSTED_BOARD_BOOT=1 GENERATE_COT=1 ARM_ROTPK_LOCATION=devel_rsa \
ROT_KEY=plat/arm/board/common/rotpk/arm_rotprivk_rsa.pem"
# If GENERATE_COT is set, then tf-a will try to use local poetry install
# to run the python cot-dt2c command. Disable the local poetry and use
# the provided cot-dt2c.
EXTRA_OEMAKE += "POETRY=''"
DEPENDS += "cot-dt2c-native"
@@ -8,6 +8,5 @@ MACHINE_TFA_REQUIRE:fvp-base = "trusted-firmware-a-fvp-base.inc"
MACHINE_TFA_REQUIRE:juno = "trusted-firmware-a-juno.inc"
MACHINE_TFA_REQUIRE:sbsa-ref = "trusted-firmware-a-sbsa-ref.inc"
MACHINE_TFA_REQUIRE:sgi575 = "trusted-firmware-a-sgi575.inc"
MACHINE_TFA_REQUIRE:tc = "trusted-firmware-a-tc.inc"
require ${MACHINE_TFA_REQUIRE}
@@ -8,7 +8,7 @@ LIC_FILES_CHKSUM += "file://docs/license.rst;md5=b5fbfdeb6855162dded31fadcd5d4dc
# in TF-A src, docs/getting_started/prerequisites.rst lists the expected version mbedtls
# mbedtls-3.6.0
SRC_URI_MBEDTLS = "git://github.com/ARMmbed/mbedtls.git;name=mbedtls;protocol=https;destsuffix=git/mbedtls;branch=master"
SRC_URI_MBEDTLS = "git://github.com/ARMmbed/mbedtls.git;name=mbedtls;protocol=https;destsuffix=git/mbedtls;branch=main"
SRCREV_mbedtls = "2ca6c285a0dd3f33982dd57299012dacab1ff206"
LIC_FILES_CHKSUM_MBEDTLS = "file://mbedtls/LICENSE;md5=379d5819937a6c2f1ef1630d341e026d"
@@ -1,88 +0,0 @@
From 4d3ebb03b89b122af490824ca73287954a35bd07 Mon Sep 17 00:00:00 2001
From: Jamie Fox <jamie.fox@arm.com>
Date: Thu, 22 Aug 2024 16:54:45 +0100
Subject: [PATCH] Platform: corstone1000: Fix isolation L2 memory protection
The whole of the SRAM was configured unprivileged on this platform, so
the memory protection required for isolation level 2 was not present.
This patch changes the S_DATA_START to S_DATA_LIMIT MPU region to be
configured for privileged access only. It also reorders the MPU regions
so that the App RoT sub-region overlapping S_DATA has a higher region
number and so takes priority in the operation of the Armv6-M MPU.
Signed-off-by: Jamie Fox <jamie.fox@arm.com>
Upstream-Status: Submitted [https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/30951]
---
.../arm/corstone1000/tfm_hal_isolation.c | 43 +++++++++----------
1 file changed, 21 insertions(+), 22 deletions(-)
diff --git a/platform/ext/target/arm/corstone1000/tfm_hal_isolation.c b/platform/ext/target/arm/corstone1000/tfm_hal_isolation.c
index 39b19c535..498f14ed2 100644
--- a/platform/ext/target/arm/corstone1000/tfm_hal_isolation.c
+++ b/platform/ext/target/arm/corstone1000/tfm_hal_isolation.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2020-2023, Arm Limited. All rights reserved.
+ * Copyright (c) 2020-2024, Arm Limited. All rights reserved.
* Copyright (c) 2022 Cypress Semiconductor Corporation (an Infineon
* company) or an affiliate of Cypress Semiconductor Corporation. All rights
* reserved.
@@ -99,6 +99,26 @@ enum tfm_hal_status_t tfm_hal_set_up_static_boundaries(
return ret;
}
+ /* Set the RAM attributes. It is needed because the first region overlaps the whole
+ * SRAM and it has to be overridden.
+ * The RAM_MPU_REGION_BLOCK_1_SIZE and RAM_MPU_REGION_BLOCK_2_SIZE are calculated manually
+ * and added to the platform_region_defs compile definitions.
+ */
+ base = S_DATA_START;
+ limit = S_DATA_START + RAM_MPU_REGION_BLOCK_1_SIZE;
+ ret = configure_mpu(rnr++, base, limit,
+ XN_EXEC_NOT_OK, AP_RW_PRIV_ONLY);
+ if (ret != TFM_HAL_SUCCESS) {
+ return ret;
+ }
+
+ base = S_DATA_START + RAM_MPU_REGION_BLOCK_1_SIZE;
+ limit = S_DATA_START + RAM_MPU_REGION_BLOCK_1_SIZE + RAM_MPU_REGION_BLOCK_2_SIZE;
+ ret = configure_mpu(rnr++, base, limit,
+ XN_EXEC_NOT_OK, AP_RW_PRIV_ONLY);
+ if (ret != TFM_HAL_SUCCESS) {
+ return ret;
+ }
/* RW, ZI and stack as one region */
base = (uint32_t)&REGION_NAME(Image$$, TFM_APP_RW_STACK_START, $$Base);
@@ -133,27 +153,6 @@ enum tfm_hal_status_t tfm_hal_set_up_static_boundaries(
#endif
- /* Set the RAM attributes. It is needed because the first region overlaps the whole
- * SRAM and it has to be overridden.
- * The RAM_MPU_REGION_BLOCK_1_SIZE and RAM_MPU_REGION_BLOCK_2_SIZE are calculated manually
- * and added to the platform_region_defs compile definitions.
- */
- base = S_DATA_START;
- limit = S_DATA_START + RAM_MPU_REGION_BLOCK_1_SIZE;
- ret = configure_mpu(rnr++, base, limit,
- XN_EXEC_NOT_OK, AP_RW_PRIV_UNPRIV);
- if (ret != TFM_HAL_SUCCESS) {
- return ret;
- }
-
- base = S_DATA_START + RAM_MPU_REGION_BLOCK_1_SIZE;
- limit = S_DATA_START + RAM_MPU_REGION_BLOCK_1_SIZE + RAM_MPU_REGION_BLOCK_2_SIZE;
- ret = configure_mpu(rnr++, base, limit,
- XN_EXEC_NOT_OK, AP_RW_PRIV_UNPRIV);
- if (ret != TFM_HAL_SUCCESS) {
- return ret;
- }
-
arm_mpu_enable();
#endif /* CONFIG_TFM_ENABLE_MEMORY_PROTECT */
--
2.25.1
@@ -14,28 +14,25 @@ certificate/token versions.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Upstream-Status: Inappropriate [Add newer dummy token and cert]
---
psa-adac/core/include/psa_adac.h | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
psa-adac/core/include/psa_adac.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/psa-adac/core/include/psa_adac.h b/psa-adac/core/include/psa_adac.h
index b190992..b026607 100644
index b190992..6c3feb2 100644
--- a/psa-adac/core/include/psa_adac.h
+++ b/psa-adac/core/include/psa_adac.h
@@ -30,10 +30,10 @@ extern "C" {
@@ -30,8 +30,8 @@ extern "C" {
*
* Current version numbers for certificate and token format.
*/
-#define ADAC_CERT_MAJOR 1u
-#define ADAC_CERT_MINOR 0u
-#define ADAC_TOKEN_MAJOR 1u
-#define ADAC_TOKEN_MINOR 0u
+#define ADAC_CERT_MAJOR 0u
+#define ADAC_CERT_MINOR 1u
+#define ADAC_TOKEN_MAJOR 0u
+#define ADAC_TOKEN_MINOR 1u
#define ADAC_TOKEN_MAJOR 1u
#define ADAC_TOKEN_MINOR 0u
/** \brief Key options
*
--
2.17.1
2.25.1
@@ -35,7 +35,6 @@ SRC_URI:append:corstone1000 = " \
file://0013-CC312-ADAC-Add-PSA_WANT_ALG_SHA_256-definition.patch \
file://0014-Platform-CS1000-Add-crypto-configs-for-ADAC.patch \
file://0015-Platform-CS1000-Fix-platform-name-in-logs.patch \
file://0016-Platform-corstone1000-Fix-isolation-L2-memory-protection.patch \
file://0017-Platform-CS1000-Remove-unused-BL1-files.patch \
file://0018-Platform-CS1000-Remove-duplicated-metadata-write.patch \
file://0019-Platform-CS1000-Fix-compiler-switch-in-BL1.patch \
@@ -68,6 +68,7 @@ SRC_URI:append = " \
file://0050-fwu-Use-metadata-v2.patch \
${@bb.utils.contains('MACHINE_FEATURES', 'corstone1000-extsys', \
'', 'file://0051-corstone1000-purge-remoteproc-dts-node.patch' , d)} \
file://0052-reserve-memory-for-se-comm.patch \
"
do_configure:append() {
@@ -4,6 +4,4 @@ SRC_URI:append = " \
file://0001-vexpress64-Set-the-DM_RNG-property.patch \
file://0002-vexpress64-Select-PSCI-RESET-by-default.patch \
file://0003-vexpress64-Imply-CONFIG_ARM64_CRC32-by-default.patch \
file://0004-arm-Move-sev-and-wfe-definitions-to-common-Arm-heade.patch \
file://0005-armv8-generic_timer-Use-event-stream-for-udelay.patch \
"
@@ -0,0 +1,46 @@
From 8fdd91630f335b71e55e570a011f07b083c47dd6 Mon Sep 17 00:00:00 2001
From: Emekcan Aras <emekcan.aras@arm.com>
Date: Mon, 10 Jul 2023 19:00:43 +0100
Subject: [PATCH] arm-bsp/u-boot: Reserve memory for RSS comm pointer access protocol
This memory was used by OpenAMP to establish communication between
the Secure Enclave and Trusted Services. After transitioning from
OpenAMP to RSE_COMMS, this shared memory is now configured for the
pointer access protocol in RSE_COMMS.
Since this memory may be still used by a user-space application
in linux as U-Boot is passing an EFI memory map starting from
0x80000000, this memory range should be reserved as the
pointer access protocol may be enabled on corstone1000 in the future.
Upstream-Status: Pending [Not submitted to upstream yet]
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
---
arch/arm/dts/corstone1000.dtsi | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/arch/arm/dts/corstone1000.dtsi b/arch/arm/dts/corstone1000.dtsi
index 0f8ad255ce..a71b89c025 100644
--- a/arch/arm/dts/corstone1000.dtsi
+++ b/arch/arm/dts/corstone1000.dtsi
@@ -45,6 +45,17 @@
lba = <65536>;
};
+ reserved-memory {
+ #address-cells = <2>;
+ #size-cells = <2>;
+ ranges;
+
+ smem_mem: smem_region@88000000 {
+ reg = <0x0 0x88000000 0x0 0x100000>;
+ no-map;
+ };
+ };
+
gic: interrupt-controller@1c000000 {
compatible = "arm,gic-400";
#interrupt-cells = <3>;
--
2.17.1
@@ -1,84 +0,0 @@
From b18a3c183d20812933d192d4b0d622b11ef2bf29 Mon Sep 17 00:00:00 2001
From: Peter Hoyes <Peter.Hoyes@arm.com>
Date: Wed, 1 May 2024 09:16:32 +0100
Subject: [PATCH] arm: Move sev() and wfe() definitions to common Arm header
file
The sev() and wfe() asm macros are currently defined only for
mach-exynos. As these are common Arm instructions, move them to the
common asm/system.h header file, for both Armv7 and Armv8, so they
can be used by other machines.
wfe may theoretically trigger a context switch if an interrupt occurs
so add a memory barrier to this call.
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Reviewed-by: Andre Przywara<andre.przywara@arm.com>
Upstream-Status: Backport
Signed-off-by: Ross Burton <ross.burton@arm.com>
---
arch/arm/include/asm/system.h | 9 +++++++++
arch/arm/mach-exynos/include/mach/system.h | 19 -------------------
2 files changed, 9 insertions(+), 19 deletions(-)
diff --git a/arch/arm/include/asm/system.h b/arch/arm/include/asm/system.h
index 43f7503571d7..51123c296843 100644
--- a/arch/arm/include/asm/system.h
+++ b/arch/arm/include/asm/system.h
@@ -154,6 +154,13 @@ enum dcache_option {
"wfi" : : : "memory"); \
})
+#define wfe() \
+ ({asm volatile( \
+ "wfe" : : : "memory"); \
+ })
+
+#define sev() asm volatile("sev")
+
static inline unsigned int current_el(void)
{
unsigned long el;
@@ -369,6 +376,8 @@ void switch_to_hypervisor_ret(void);
#ifdef __ARM_ARCH_7A__
#define wfi() __asm__ __volatile__ ("wfi" : : : "memory")
+#define wfe() __asm__ __volatile__ ("wfe" : : : "memory")
+#define sev() __asm__ __volatile__ ("sev")
#else
#define wfi()
#endif
diff --git a/arch/arm/mach-exynos/include/mach/system.h b/arch/arm/mach-exynos/include/mach/system.h
index 5d0bebac5733..0aed4c3e2bf6 100644
--- a/arch/arm/mach-exynos/include/mach/system.h
+++ b/arch/arm/mach-exynos/include/mach/system.h
@@ -36,25 +36,6 @@ struct exynos5_sysreg {
#define USB20_PHY_CFG_HOST_LINK_EN (1 << 0)
-/*
- * This instruction causes an event to be signaled to all cores
- * within a multiprocessor system. If SEV is implemented,
- * WFE must also be implemented.
- */
-#define sev() __asm__ __volatile__ ("sev\n\t" : : );
-/*
- * If the Event Register is not set, WFE suspends execution until
- * one of the following events occurs:
- * - an IRQ interrupt, unless masked by the CPSR I-bit
- * - an FIQ interrupt, unless masked by the CPSR F-bit
- * - an Imprecise Data abort, unless masked by the CPSR A-bit
- * - a Debug Entry request, if Debug is enabled
- * - an Event signaled by another processor using the SEV instruction.
- * If the Event Register is set, WFE clears it and returns immediately.
- * If WFE is implemented, SEV must also be implemented.
- */
-#define wfe() __asm__ __volatile__ ("wfe\n\t" : : );
-
/* Move 0xd3 value to CPSR register to enable SVC mode */
#define svc32_mode_en() __asm__ __volatile__ \
("@ I&F disable, Mode: 0x13 - SVC\n\t" \
--
2.30.2
@@ -1,105 +0,0 @@
From ebc84d7b60c1ed3398e9f600fe3dc8406500bd35 Mon Sep 17 00:00:00 2001
From: Peter Hoyes <Peter.Hoyes@arm.com>
Date: Wed, 1 May 2024 09:16:33 +0100
Subject: [PATCH] armv8: generic_timer: Use event stream for udelay
Polling cntpct_el0 in a tight loop for delays is inefficient.
This is particularly apparent on Arm FVPs, which do not simulate
real time, meaning that a 1s sleep can take a couple of orders
of magnitude longer to execute in wall time.
If running at EL2 or above (where CNTHCTL_EL2 is available), enable
the cntpct_el0 event stream temporarily and use wfe to implement
the delay more efficiently. The event period is chosen as a
trade-off between efficiency and the fact that Arm FVPs do not
typically simulate real time.
This is only implemented for Armv8 boards, where an architectural
timer exists, and only enabled by default for the ARCH_VEXPRESS64
board family.
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Reviewed-by: Andre Przywara <andre.przywara@arm.com>
Upstream-Status: Backport
Signed-off-by: Ross Burton <ross.burton@arm.com>
---
arch/arm/cpu/armv8/Kconfig | 8 ++++++++
arch/arm/cpu/armv8/generic_timer.c | 27 +++++++++++++++++++++++++++
arch/arm/include/asm/system.h | 6 ++++--
3 files changed, 39 insertions(+), 2 deletions(-)
diff --git a/arch/arm/cpu/armv8/Kconfig b/arch/arm/cpu/armv8/Kconfig
index 9f0fb369f773..199335cd6040 100644
--- a/arch/arm/cpu/armv8/Kconfig
+++ b/arch/arm/cpu/armv8/Kconfig
@@ -191,6 +191,14 @@ config ARMV8_EA_EL3_FIRST
Exception handling at all exception levels for External Abort and
SError interrupt exception are taken in EL3.
+config ARMV8_UDELAY_EVENT_STREAM
+ bool "Use the event stream for udelay"
+ default y if ARCH_VEXPRESS64
+ help
+ Use the event stream provided by the AArch64 architectural timer for
+ delays. This is more efficient than the default polling
+ implementation.
+
menuconfig ARMV8_CRYPTO
bool "ARM64 Accelerated Cryptographic Algorithms"
diff --git a/arch/arm/cpu/armv8/generic_timer.c b/arch/arm/cpu/armv8/generic_timer.c
index e4aa5a474553..1de7ec596fc7 100644
--- a/arch/arm/cpu/armv8/generic_timer.c
+++ b/arch/arm/cpu/armv8/generic_timer.c
@@ -114,3 +114,30 @@ ulong timer_get_boot_us(void)
return val / get_tbclk();
}
+
+#if CONFIG_IS_ENABLED(ARMV8_UDELAY_EVENT_STREAM)
+void __udelay(unsigned long usec)
+{
+ u64 target = get_ticks() + usec_to_tick(usec);
+
+ /* At EL2 or above, use the event stream to avoid polling CNTPCT_EL0 so often */
+ if (current_el() >= 2) {
+ u32 cnthctl_val;
+ const u8 event_period = 0x7;
+
+ asm volatile("mrs %0, cnthctl_el2" : "=r" (cnthctl_val));
+ asm volatile("msr cnthctl_el2, %0" : : "r"
+ (cnthctl_val | CNTHCTL_EL2_EVNT_EN | CNTHCTL_EL2_EVNT_I(event_period)));
+
+ while (get_ticks() + (1ULL << event_period) <= target)
+ wfe();
+
+ /* Reset the event stream */
+ asm volatile("msr cnthctl_el2, %0" : : "r" (cnthctl_val));
+ }
+
+ /* Fall back to polling CNTPCT_EL0 */
+ while (get_ticks() <= target)
+ ;
+}
+#endif
diff --git a/arch/arm/include/asm/system.h b/arch/arm/include/asm/system.h
index 51123c296843..7e30cac32a09 100644
--- a/arch/arm/include/asm/system.h
+++ b/arch/arm/include/asm/system.h
@@ -69,8 +69,10 @@
/*
* CNTHCTL_EL2 bits definitions
*/
-#define CNTHCTL_EL2_EL1PCEN_EN (1 << 1) /* Physical timer regs accessible */
-#define CNTHCTL_EL2_EL1PCTEN_EN (1 << 0) /* Physical counter accessible */
+#define CNTHCTL_EL2_EVNT_EN BIT(2) /* Enable the event stream */
+#define CNTHCTL_EL2_EVNT_I(val) ((val) << 4) /* Event stream trigger bits */
+#define CNTHCTL_EL2_EL1PCEN_EN (1 << 1) /* Physical timer regs accessible */
+#define CNTHCTL_EL2_EL1PCTEN_EN (1 << 0) /* Physical counter accessible */
/*
* HCR_EL2 bits definitions
--
2.30.2
@@ -4,7 +4,6 @@ MACHINE_U-BOOT_REQUIRE ?= ""
MACHINE_U-BOOT_REQUIRE:corstone1000 = "u-boot-corstone1000.inc"
MACHINE_U-BOOT_REQUIRE:fvp-base = "u-boot-fvp-base.inc"
MACHINE_U-BOOT_REQUIRE:juno = "u-boot-juno.inc"
MACHINE_U-BOOT_REQUIRE:tc = "u-boot-tc.inc"
require ${MACHINE_U-BOOT_REQUIRE}
@@ -10,7 +10,7 @@ LICENSE = "BSD-2-Clause-Patent"
SRC_URI = "git://github.com/tianocore/edk2.git;branch=master;protocol=https"
LIC_FILES_CHKSUM = "file://License.txt;md5=2b415520383f7964e96700ae12b4570a"
SRCREV = "3e722403cd16388a0e4044e705a2b34c841d76ca"
SRCREV = "b158dad150bf02879668f72ce306445250838201"
UPSTREAM_CHECK_GITTAGREGEX = "^edk2-stable(?P<pver>\d+)$"
@@ -5,3 +5,6 @@ EDK2_PLATFORM_DSC = "Platform/ARM/SgiPkg/Sgi575/Sgi575.dsc"
EDK2_BIN_NAME = "BL33_AP_UEFI.fd"
COMPATIBLE_MACHINE = "sgi575"
FILESEXTRAPATHS:prepend := "${THISDIR}/files:"
SRC_URI += " file://0001-Platform-Sgi-workaround-ArmFfaLib-error.patch;patchdir=edk2-platforms"
@@ -0,0 +1,9 @@
SRCREV_edk2 ?= "b158dad150bf02879668f72ce306445250838201"
SRCREV_edk2-platforms ?= "a3c898956a4d48dc5980336fa6ce6eeb23c4f72b"
SRC_URI += "file://0001-Platform-StMmRpmb-Fix-build.patch;patchdir=edk2-platforms"
# FIXME - clang is having issues with antlr
TOOLCHAIN:aarch64 = "gcc"
require recipes-bsp/uefi/edk2-firmware.inc
@@ -0,0 +1,41 @@
From b368ff0e774508b60c18bc19fbfaaa3910616e66 Mon Sep 17 00:00:00 2001
From: Jon Mason <jon.mason@arm.com>
Date: Wed, 2 Apr 2025 15:57:21 -0400
Subject: [PATCH] Platform/Sgi: workaround ArmFfaLib error
When attempting to build sgi575, the following error is encountered
| Active Platform = /builder/meta-arm/build/tmp/work/sgi575-poky-linux/edk2-firmware/202502/edk2/edk2-platforms/Platform/ARM/SgiPkg/Sgi575/Sgi575.dsc
|
|
| build.py...
| /builder/meta-arm/build/tmp/work/sgi575-poky-linux/edk2-firmware/202502/edk2/edk2-platforms/Platform/ARM/SgiPkg/Sgi575/Sgi575.dsc(...): error 4000: Instance of library class [ArmFfaLib] is not found
| in [/builder/meta-arm/build/tmp/work/sgi575-poky-linux/edk2-firmware/202502/edk2/ArmPkg/Drivers/MmCommunicationDxe/MmCommunication.inf] [AARCH64]
| consumed by module [/builder/meta-arm/build/tmp/work/sgi575-poky-linux/edk2-firmware/202502/edk2/ArmPkg/Drivers/MmCommunicationDxe/MmCommunication.inf]
|
|
This is because commit 9f9a3de9e4c5595cd42d14c705570887630209d8 in
edk2-firmware adds a reference to the ArmFfaLib in
ArmPkg/Drivers/MmCommunicationDxe/MmCommunication.inf
That file is referenced in Platform/ARM/SgiPkg/SgiPlatform.dsc.inc
To workaround this issue, add the ArmFfaLib to Sgi575.dsc.
Upstream-Status: Pending [https://github.com/tianocore/edk2-platforms/issues/761]
Signed-off-by: Jon Mason <jon.mason@arm.com>
---
Platform/ARM/SgiPkg/Sgi575/Sgi575.dsc | 3 +++
1 file changed, 3 insertions(+)
diff --git a/Platform/ARM/SgiPkg/Sgi575/Sgi575.dsc b/Platform/ARM/SgiPkg/Sgi575/Sgi575.dsc
index f29272778d73..30f2d1fd49a7 100644
--- a/Platform/ARM/SgiPkg/Sgi575/Sgi575.dsc
+++ b/Platform/ARM/SgiPkg/Sgi575/Sgi575.dsc
@@ -55,3 +55,6 @@
[Components.common]
Platform/ARM/SgiPkg/AcpiTables/Sgi575AcpiTables.inf
+
+[LibraryClasses.common.DXE_RUNTIME_DRIVER]
+ ArmFfaLib|ArmPkg/Library/ArmFfaLib/ArmFfaDxeLib.inf
@@ -0,0 +1,38 @@
From ee185eda7b7ec9a0c82827fea197fbb73d971f93 Mon Sep 17 00:00:00 2001
From: Ard Biesheuvel <ardb@kernel.org>
Date: Thu, 29 Aug 2024 21:21:50 +0200
Subject: [PATCH] Platform/StMmRpmb: Fix build
Add some missing library class resolutions relating to changes in the
core upstream EDK2 repo.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
---
.../PlatformStandaloneMmPkg/PlatformStandaloneMmRpmb.dsc | 3 +++
1 file changed, 3 insertions(+)
Upstream-Status: Backport
diff --git a/Platform/StandaloneMm/PlatformStandaloneMmPkg/PlatformStandaloneMmRpmb.dsc b/Platform/StandaloneMm/PlatformStandaloneMmPkg/PlatformStandaloneMmRpmb.dsc
index 653029c52f..54c7a63b41 100644
--- a/Platform/StandaloneMm/PlatformStandaloneMmPkg/PlatformStandaloneMmRpmb.dsc
+++ b/Platform/StandaloneMm/PlatformStandaloneMmPkg/PlatformStandaloneMmRpmb.dsc
@@ -41,11 +41,14 @@
ExtractGuidedSectionLib|EmbeddedPkg/Library/PrePiExtractGuidedSectionLib/PrePiExtractGuidedSectionLib.inf
FvLib|StandaloneMmPkg/Library/FvLib/FvLib.inf
HobLib|StandaloneMmPkg/Library/StandaloneMmCoreHobLib/StandaloneMmCoreHobLib.inf
+ HobPrintLib|MdeModulePkg/Library/HobPrintLib/HobPrintLib.inf
+ ImagePropertiesRecordLib|MdeModulePkg/Library/ImagePropertiesRecordLib/ImagePropertiesRecordLib.inf
IoLib|MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsic.inf
NULL|MdePkg/Library/BaseStackCheckLib/BaseStackCheckLib.inf
MemLib|StandaloneMmPkg/Library/StandaloneMmMemLib/StandaloneMmMemLib.inf
MemoryAllocationLib|StandaloneMmPkg/Library/StandaloneMmCoreMemoryAllocationLib/StandaloneMmCoreMemoryAllocationLib.inf
PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf
+ PeCoffGetEntryPointLib|MdePkg/Library/BasePeCoffGetEntryPointLib/BasePeCoffGetEntryPointLib.inf
PeCoffLib|MdePkg/Library/BasePeCoffLib/BasePeCoffLib.inf
PrintLib|MdePkg/Library/BasePrintLib/BasePrintLib.inf
VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf
--
2.43.0
@@ -1,2 +1,3 @@
CONFIG_I2C=y
CONFIG_I2C_DESIGNWARE_CORE=y
CONFIG_I2C_DESIGNWARE_PLATFORM=y
@@ -18,7 +18,7 @@ The driver also supports control of multiple remote processors at the
same time.
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Upstream-Status: Submitted [cover letter: https://lore.kernel.org/all/20240301164227.339208-1-abdellatif.elkhlifi@arm.com/]
Upstream-Status: Denied [Agreement reached: https://lore.kernel.org/all/20241009094635.GA14639@e130802.arm.com/]
---
MAINTAINERS | 6 +
drivers/remoteproc/Kconfig | 18 ++
@@ -6,7 +6,7 @@ Subject: [PATCH 2/6] arm64: dts: Add corstone1000 external system device node
add device tree node for the external system core in Corstone-1000
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Upstream-Status: Submitted [cover letter: https://lore.kernel.org/all/20240301164227.339208-1-abdellatif.elkhlifi@arm.com/]
Upstream-Status: Denied [Agreement reached: https://lore.kernel.org/all/20241009094635.GA14639@e130802.arm.com/]
---
arch/arm64/boot/dts/arm/corstone1000.dtsi | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
@@ -6,7 +6,7 @@ Subject: [PATCH 3/6] dt-bindings: remoteproc: Add Arm remoteproc
introduce the bindings for Arm remoteproc support.
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Upstream-Status: Submitted [cover letter: https://lore.kernel.org/all/20240301164227.339208-1-abdellatif.elkhlifi@arm.com/]
Upstream-Status: Denied [Agreement reached: https://lore.kernel.org/all/20241009094635.GA14639@e130802.arm.com/]
---
.../bindings/remoteproc/arm,rproc.yaml | 69 +++++++++++++++++++
MAINTAINERS | 1 +
@@ -90,13 +90,6 @@ COMPATIBLE_MACHINE:sgi575 = "sgi575"
KBUILD_DEFCONFIG:sgi575 = "defconfig"
KCONFIG_MODE:sgi575 = "--alldefconfig"
#
# Total Compute (TC0/TC1) KMACHINE
#
COMPATIBLE_MACHINE:tc = "(tc0|tc1)"
KBUILD_DEFCONFIG:tc = "defconfig"
KCONFIG_MODE:tc = "--alldefconfig"
#
# sbsa-ref KMACHINE
#
@@ -1,28 +0,0 @@
From 1410d9e9c3e73b1319b98be67ad00c7630c4cb2e Mon Sep 17 00:00:00 2001
From: Emekcan Aras <Emekcan.Aras@arm.com>
Date: Wed, 3 Apr 2024 16:05:07 +0100
Subject: [PATCH] increase tzdram size
Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/commit/258b72d242cd1a8ae56c87f9572a0624084785c7]
Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
---
core/arch/arm/plat-corstone1000/conf.mk | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/core/arch/arm/plat-corstone1000/conf.mk b/core/arch/arm/plat-corstone1000/conf.mk
index 98347b143..c2dd71f05 100644
--- a/core/arch/arm/plat-corstone1000/conf.mk
+++ b/core/arch/arm/plat-corstone1000/conf.mk
@@ -34,7 +34,7 @@ CFG_TEE_CORE_NB_CORE ?= 1
CFG_TZDRAM_START ?= 0x02002000
# TEE_RAM (OPTEE kernel + DATA) + TA_RAM = 3MB
-CFG_TZDRAM_SIZE ?= 0x300000
+CFG_TZDRAM_SIZE ?= 0x340000
CFG_SHMEM_START ?= 0x86000000
CFG_SHMEM_SIZE ?= 0x00200000
--
2.25.1
@@ -0,0 +1,30 @@
From ce58e4d78dc7a4f3c3b08ee425461eb190d70543 Mon Sep 17 00:00:00 2001
From: Bence Balogh <bence.balogh@arm.com>
Date: Fri, 1 Nov 2024 00:45:53 +0100
Subject: [PATCH] plat-corstone1000: increase CFG_TZDRAM_SIZE
TZDRAM is a 4MB SRAM in Corstone-1000. Its start address is `0x0200_0000`
but the first 0x2000 bytes are reserved for future use. `CFG_TZDRAM_SIZE`
can be increased to `0x360000` so OP-TEE has more RAM.
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Upstream-Status: Pending
---
core/arch/arm/plat-corstone1000/conf.mk | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/core/arch/arm/plat-corstone1000/conf.mk b/core/arch/arm/plat-corstone1000/conf.mk
index 9fa0729d5..745dc958a 100644
--- a/core/arch/arm/plat-corstone1000/conf.mk
+++ b/core/arch/arm/plat-corstone1000/conf.mk
@@ -34,7 +34,7 @@ CFG_TEE_CORE_NB_CORE ?= 1
CFG_TZDRAM_START ?= 0x02002000
# TEE_RAM (OP-TEE kernel + DATA) + TA_RAM
-CFG_TZDRAM_SIZE ?= 0x340000
+CFG_TZDRAM_SIZE ?= 0x360000
CFG_SHMEM_START ?= 0x86000000
CFG_SHMEM_SIZE ?= 0x00200000
--
2.25.1
@@ -1,43 +0,0 @@
From 2fadadf1075c95b2955f047fa0387b39612f7b30 Mon Sep 17 00:00:00 2001
From: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
Date: Thu, 30 May 2024 13:37:38 +0000
Subject: [PATCH] plat-corstone1000: Remove MMCOMM buffer address
Remove MMCOMM buffer address and mapping, as it is not being used anymore
Upstream-Status: Backport [In v3, https://github.com/OP-TEE/optee_os/commit/eaee88fbcac6dcc15fe1d1a758b53eb2b66cfc60]
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
---
core/arch/arm/plat-corstone1000/main.c | 1 -
core/arch/arm/plat-corstone1000/platform_config.h | 3 ---
2 files changed, 4 deletions(-)
diff --git a/core/arch/arm/plat-corstone1000/main.c b/core/arch/arm/plat-corstone1000/main.c
index b3861c4c8..61171b9a9 100644
--- a/core/arch/arm/plat-corstone1000/main.c
+++ b/core/arch/arm/plat-corstone1000/main.c
@@ -15,7 +15,6 @@
static struct pl011_data console_data __nex_bss;
register_ddr(DRAM0_BASE, DRAM0_SIZE);
-register_ddr(MM_COMM_BUF_BASE, MM_COMM_BUF_SIZE);
register_phys_mem_pgdir(MEM_AREA_IO_SEC, CONSOLE_UART_BASE, PL011_REG_SIZE);
register_phys_mem_pgdir(MEM_AREA_IO_SEC, GICD_BASE, GIC_DIST_REG_SIZE);
diff --git a/core/arch/arm/plat-corstone1000/platform_config.h b/core/arch/arm/plat-corstone1000/platform_config.h
index 6653d38bc..f59c93a14 100644
--- a/core/arch/arm/plat-corstone1000/platform_config.h
+++ b/core/arch/arm/plat-corstone1000/platform_config.h
@@ -26,9 +26,6 @@
#define GICD_BASE (GIC_BASE + GICD_OFFSET)
#define GICC_BASE (GIC_BASE + GICC_OFFSET)
-#define MM_COMM_BUF_BASE 0x02000000
-#define MM_COMM_BUF_SIZE 0x1000
-
#define UART_BAUDRATE 115200
#define CONSOLE_BAUDRATE UART_BAUDRATE
--
2.34.1
@@ -1,46 +0,0 @@
#!/bin/sh
# Source function library
. /etc/init.d/functions
NAME=tee-supplicant
PATH=/sbin:/bin:/usr/sbin:/usr/bin
DESC="OP-TEE Supplicant"
DAEMON=@sbindir@/$NAME
test -f $DAEMON || exit 0
test -f @sysconfdir@/default/$NAME && . @sysconfdir@/default/$NAME
test -f @sysconfdir@/default/rcS && . @sysconfdir@/default/rcS
SSD_OPTIONS="--oknodo --quiet --exec $DAEMON -- -d $OPTARGS"
set -e
case $1 in
start)
echo -n "Starting $DESC: "
start-stop-daemon --start $SSD_OPTIONS
echo "${DAEMON##*/}."
;;
stop)
echo -n "Stopping $DESC: "
start-stop-daemon --stop $SSD_OPTIONS
echo "${DAEMON##*/}."
;;
restart|force-reload)
$0 stop
sleep 1
$0 start
;;
status)
status ${DAEMON} || exit $?
;;
*)
echo "Usage: $0 {start|stop|restart|force-reload|status}" >&2
exit 1
;;
esac
exit 0
@@ -1,10 +0,0 @@
[Unit]
Description=TEE Supplicant on %i
[Service]
User=root
EnvironmentFile=-@sysconfdir@/default/tee-supplicant
ExecStart=@sbindir@/tee-supplicant $OPTARGS
[Install]
WantedBy=basic.target
@@ -1,8 +1,7 @@
FILESEXTRAPATHS:prepend := "${THISDIR}/files/optee-os/corstone1000:"
SRC_URI:append = " \
file://0001-Handle-logging-syscall.patch \
file://0002-increase-tzdram-size.patch \
file://0003-plat-corstone1000-Remove-MMCOMM-buffer-address.patch \
file://0002-plat-corstone1000-increase-CFG_TZDRAM_SIZE.patch \
"
COMPATIBLE_MACHINE = "corstone1000"
@@ -0,0 +1,65 @@
From e5a4487e2b757d0063148691c7d06ae1c7e15b9a Mon Sep 17 00:00:00 2001
From: Emekcan Aras <emekcan.aras@arm.com>
Date: Tue, 18 Jun 2024 11:52:43 +0100
Subject: [PATCH] protobuf fix
Upstream-Status: Pending (not yet submitted to upstream)
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
---
.../se-proxy/env/commonsp/se_proxy_sp.c | 25 ++++++++++++++++++-
1 file changed, 24 insertions(+), 1 deletion(-)
diff --git a/deployments/se-proxy/env/commonsp/se_proxy_sp.c b/deployments/se-proxy/env/commonsp/se_proxy_sp.c
index a0eb03b6f..e2774c135 100644
--- a/deployments/se-proxy/env/commonsp/se_proxy_sp.c
+++ b/deployments/se-proxy/env/commonsp/se_proxy_sp.c
@@ -13,6 +13,7 @@
#include "trace.h"
#include "deployments/se-proxy/infra/service_proxy_factory.h"
#include "deployments/se-proxy/se_proxy_interfaces.h"
+#include <service/crypto/factory/crypto_provider_factory.h>
static bool sp_init(uint16_t *own_sp_id);
@@ -39,7 +40,7 @@ void __noreturn sp_main(union ffa_boot_info *boot_info)
goto fatal_error;
}
- rpc_status = ts_rpc_endpoint_sp_init(&rpc_endpoint, 5, 16);
+ rpc_status = ts_rpc_endpoint_sp_init(&rpc_endpoint, 6, 16);
if (rpc_status != RPC_SUCCESS) {
EMSG("Failed to initialize RPC endpoint: %d", rpc_status);
goto fatal_error;
@@ -129,6 +130,28 @@ void __noreturn sp_main(union ffa_boot_info *boot_info)
goto fatal_error;
}
+ struct rpc_service_interface *crypto_iface_protobuf = NULL;
+ struct crypto_provider *crypto_protobuf_provider = NULL;
+
+ crypto_protobuf_provider = crypto_protobuf_provider_factory_create();
+ if (!crypto_protobuf_provider) {
+ EMSG("Failed to create crypto protobuf provider factory");
+ goto fatal_error;
+ }
+
+ crypto_iface_protobuf = service_provider_get_rpc_interface(
+ &crypto_protobuf_provider->base_provider);
+ if (!crypto_iface_protobuf) {
+ EMSG("Failed to create service provider RPC interface");
+ goto fatal_error;
+ }
+
+ rpc_status = ts_rpc_endpoint_sp_add_service(&rpc_endpoint, crypto_iface_protobuf);
+ if (rpc_status != RPC_SUCCESS) {
+ EMSG("Failed to add service to RPC endpoint: %d", rpc_status);
+ goto fatal_error;
+ }
+
while (1) {
ts_rpc_endpoint_sp_receive(&rpc_endpoint, &req_msg, &resp_msg);
--
2.25.1
@@ -0,0 +1,29 @@
From 71da6c0384fb241cadf052968e8dce9c357e4a33 Mon Sep 17 00:00:00 2001
From: Ali Can Ozaslan <ali.oezaslan@arm.com>
Date: Tue, 29 Apr 2025 07:52:14 +0000
Subject: [PATCH] Align PSA Crypto structs with TF-Mv2.1.1
The psa_client_key_attributes_s struct had to be aligned with the
psa_key_attributes_s struct in TF-M.
Signed-off-by: Ali Can Ozaslan <ali.oezaslan@arm.com>
Upstream-Status: Pending
---
components/service/crypto/include/psa/crypto_client_struct.h | 1 -
1 file changed, 1 deletion(-)
diff --git a/components/service/crypto/include/psa/crypto_client_struct.h b/components/service/crypto/include/psa/crypto_client_struct.h
index ebc4008..f0c8cad 100644
--- a/components/service/crypto/include/psa/crypto_client_struct.h
+++ b/components/service/crypto/include/psa/crypto_client_struct.h
@@ -38,7 +38,6 @@ struct psa_client_key_attributes_s
uint32_t alg;
uint32_t alg2;
uint32_t id;
- int32_t owner_id;
};
#define PSA_CLIENT_KEY_ATTRIBUTES_INIT {0, 0, 0, 0, 0, 0}
--
2.34.1
@@ -21,6 +21,8 @@ SRC_URI:append:corstone1000 = " \
file://0017-Implement-Private-Authenticated-Variable-verificatio.patch \
file://0018-Make-RSS-and-MHU-sizes-compile-time-definitions-user.patch \
file://0019-Align-PSA-Crypto-with-TF-Mv2.1.patch \
file://0020-se-proxy-protobuf-change.patch \
file://0021-Align-PSA-Crypto-structs-with-TF-Mv2.1.1.patch \
"
# The patches above introduce errors with GCC 14.1, silence them for now
+1 -1
View File
@@ -5,6 +5,6 @@
part /boot --source bootimg-efi --sourceparams="loader=${EFI_PROVIDER}" --label boot --active --align 1024 --use-uuid --part-name="ESP" --part-type=C12A7328-F81F-11D2-BA4B-00A0C93EC93B --fixed-size 256M
part / --source rootfs --fstype=ext4 --label root --align 1024 --use-uuid --exclude-path boot/
part / --source rootfs --fstype=ext4 --label root --align 1024 --use-uuid --exclude-path boot/ ${IMAGE_ROOTFS_EXTRA_ARGS}
bootloader --ptable gpt --timeout=1 --append="${GRUB_LINUX_APPEND}"
-11
View File
@@ -1,11 +0,0 @@
# short-description: Create an EFI disk image
# long-description: Creates a partitioned EFI disk image that the user
# can directly dd to boot media. Uses a custom grub.cfg file to configure the boot.
part /boot --source bootimg-efi --sourceparams="loader=grub-efi" --ondisk sda --label msdos --active --align 1024
part / --source rootfs --ondisk sda --fstype=ext4 --label root --align 1024 --uuid=9c53a91b-e182-4ff1-aeac-6ee2c432ae94
part swap --ondisk sda --size 44 --label swap1 --fstype=swap
bootloader --ptable gpt --configfile="sgi575-grub.cfg" --timeout=5
-9
View File
@@ -1,9 +0,0 @@
set debug="loader,mm"
set term="vt100"
set default="0"
set timeout="1"
menuentry 'Arm reference image boot on sgi575' {
linux /Image acpi=force console=ttyAMA0,115200 ip=dhcp root=PARTUUID=9c53a91b-e182-4ff1-aeac-6ee2c432ae94 rootwait verbose debug
}
+1 -1
View File
@@ -8,7 +8,7 @@ BBFILES += "${LAYERDIR}/recipes-*/*/*.bb \
BBFILE_COLLECTIONS += "meta-arm-systemready"
BBFILE_PATTERN_meta-arm-systemready = "^${LAYERDIR}/"
LAYERSERIES_COMPAT_meta-arm-systemready = "styhead"
LAYERSERIES_COMPAT_meta-arm-systemready = "styhead walnascar"
LAYERDEPENDS_meta-arm-systemready = "core"
@@ -0,0 +1,66 @@
from oeqa.runtime.case import OERuntimeTestCase
class SystemReadyDebianUnattendedTest(OERuntimeTestCase):
def setUp(self):
super().setUp()
self.console = self.target.DEFAULT_CONSOLE
def test_debian_unattended(self):
# Turn on the FVP.
self.target.transition('on')
# Timeout value = elapsed time * 2; where elapsed time was collected
# from the elapsed time in the log.do_testimage for each function after
# the build is finished on the development machine.
self.target.expect(self.console,
r'.*Scanning installation',
timeout=(20 * 60))
bb.plain('Installation status: Scanning installation media...')
self.target.expect(self.console,
r'.*Detecting network hardware',
timeout=(35 * 60))
bb.plain('Installation status: Detecting network hardware...')
self.target.expect(self.console,
r'.*Installing the base system',
timeout=(35 * 60))
bb.plain('Installation status: Installing the base system...')
self.target.expect(self.console,
r'.*Installing GRUB',
timeout=(7 * 60 * 60))
bb.plain('Installation status: Installing GRUB...')
# Waiting to respond to the boot loader prompt error message.
self.target.expect(self.console,
r'.*Press enter to continue',
timeout=(15 * 60))
self.target.sendline(self.console, '')
self.target.expect(self.console,
r'.*Press enter to continue',
timeout=(60))
self.target.sendline(self.console, '')
# Waiting to respond continue without bootloader to install
# bootloader with the late script in preseed.cfg at the end.
self.target.expect(self.console,
r'.*Continue without boot loader',
timeout=(2 * 60))
self.target.sendline(self.console, '14')
self.target.expect(self.console,
r'.*Press enter to continue',
timeout=(60))
self.target.sendline(self.console, '')
self.target.expect(self.console,
r'.*Finishing the installation',
timeout=(2 * 60))
bb.plain('Installation status: Finishing the installation...')
# Waiting till the installation is finished.
self.target.expect(self.console, r'.*login:', timeout=(40 * 60))
bb.plain('Installation status: Debian installation finished successfully.')
@@ -0,0 +1,42 @@
from oeqa.runtime.case import OERuntimeTestCase
class SystemReadyOpenSUSEUnattendedTest(OERuntimeTestCase):
def setUp(self):
super().setUp()
self.console = self.target.DEFAULT_CONSOLE
def test_opensuse_unattended(self):
# Turn on the FVP.
self.target.transition('on')
# Timeout value = elapsed time * 2; where elapsed time was collected
# from the elapsed time in the log.do_testimage for each function after
# the build is finished on the development machine.
self.target.expect(self.console,
'Booting `Installation\'',
timeout=(2 * 60))
bb.plain('Installation status: Loading the kernel, initrd and basic drivers...')
self.target.expect(self.console,
'Starting hardware detection...',
timeout=(40 * 60))
bb.plain('Installation status: Starting hardware detection...')
self.target.expect(self.console,
'Loading Installation System',
timeout=(60 * 60))
bb.plain('Installation status: Loading Installation System...')
self.target.expect(self.console,
'Starting Installer',
timeout=(40 * 60))
bb.plain('Installation status: Performing Installation...')
self.target.expect(self.console,
'Finishing Configuration',
timeout=(15 * 60 * 60))
bb.plain('Installation status: Finishing Configuration...')
# Waiting till the installation is finished.
self.target.expect(self.console, r'.*login: ', timeout=(6 * 60 * 60))
bb.plain('Installation status: openSUSE installation finished successfully.')
@@ -49,9 +49,9 @@ PV = "2.0.0"
PV_DATE = "23.03"
FULL_PV = "v${PV_DATE}_${PV}"
ARM_SYSTEMREADY_IR_ACS_BRANCH ?= "main"
IMAGE_FILENAME = "ir-acs-live-image-generic-arm64.wic"
IMAGE_FILENAME = "ir-acs-live-image-generic-arm64-${PV}.wic"
SRC_URI = " \
https://github.com/ARM-software/arm-systemready/raw/${ARM_SYSTEMREADY_IR_ACS_BRANCH}/IR/prebuilt_images/${FULL_PV}/${IMAGE_FILENAME}.xz;name=acs-img \
https://github.com/ARM-software/arm-systemready/raw/${ARM_SYSTEMREADY_IR_ACS_BRANCH}/IR/prebuilt_images/${FULL_PV}/ir-acs-live-image-generic-arm64.wic.xz;name=acs-img;downloadfilename=${IMAGE_FILENAME}.xz \
git://git.gitlab.arm.com/systemready/systemready-ir-template.git;protocol=https;nobranch=1;destsuffix=systemready-ir-template;name=sr-ir-template \
"
SRC_URI[acs-img.sha256sum] = "ea52f84dab44bde97de3e2d2224d883acaae35724dd8e2bdfb125de49040f9b3"
@@ -98,8 +98,35 @@ file://${COMMON_LICENSE_DIR}/OPL-1.0;md5=acdf1e4398bd93dc137e271c50316324 \
file://${COMMON_LICENSE_DIR}/PD;md5=b3597d12946881e13cb3b548d1173851 \
"
PV = "12.4.0"
# netinst, DVD-1
ISO_TYPE = "netinst"
SRC_URI = "https://cdimage.debian.org/mirror/cdimage/archive/${PV}/arm64/iso-cd/debian-${PV}-arm64-${ISO_TYPE}.iso;unpack=0;downloadfilename=${ISO_IMAGE_NAME}.iso"
SRC_URI[sha256sum] = "d32d2c63350a932dc0d9d45665985b41413f9e01efc0eacbea981d435f553d3d"
PV = "12.8.0"
SRC_URI = "\
https://cdimage.debian.org/mirror/cdimage/archive/12.8.0/arm64/iso-dvd/debian-12.8.0-arm64-DVD-1.iso;unpack=0;downloadfilename=${ISO_IMAGE_NAME}.iso;name=debian_iso_image \
file://unattended-boot-conf/Debian/preseed.cfg \
"
SRC_URI[debian_iso_image.sha256sum] = "8891fe48bb5a58ae54176eaa6440059bf852044d6b9ae77219e78f9ef8d65149"
TEST_SUITES = "${@oe.utils.vartrue("DISTRO_UNATTENDED_INST_TESTS", "arm_systemready_debian_unattended", "", d)}"
ISO_LABEL = "${@oe.utils.vartrue("DISTRO_UNATTENDED_INST_TESTS", "debian-12.8.0-arm64-1", "", d)}"
BOOT_CATALOG = "${@oe.utils.vartrue("DISTRO_UNATTENDED_INST_TESTS", "boot.catalog", "", d)}"
BOOT_IMAGE = "${@oe.utils.vartrue("DISTRO_UNATTENDED_INST_TESTS", "EFI/boot/bootaa64.efi", "", d)}"
EFI_IMAGE = "${@oe.utils.vartrue("DISTRO_UNATTENDED_INST_TESTS", "boot/grub/efi.img", "", d)}"
modifyiso() {
UNATTENDED_CONF_DIR="${UNPACKDIR}/unattended-boot-conf/Debian"
# Append the preseed.cfg file to the initrd
gunzip ${EXTRACTED_ISO_TEMP_DIR}/install.a64/initrd.gz
(cd ${UNATTENDED_CONF_DIR} && echo preseed.cfg | cpio -H newc -o -A -F ${EXTRACTED_ISO_TEMP_DIR}/install.a64/initrd)
gzip ${EXTRACTED_ISO_TEMP_DIR}/install.a64/initrd
#GRUB
# Disable timeout
sed -i '/^insmod gzio/ a set timeout=0' ${EXTRACTED_ISO_TEMP_DIR}/boot/grub/grub.cfg
# Update default menu entry to select automated install
sed -i '/^set timeout/ a set default="2>5"' ${EXTRACTED_ISO_TEMP_DIR}/boot/grub/grub.cfg
# Update kernel boot parameters to enable more text based console output
sed -i 's|linux /install.a64/vmlinuz auto=true priority=critical --- quiet|linux /install.a64/vmlinuz auto=true priority=critical DEBIAN_FRONTEND=text --- nomodeset|g' ${EXTRACTED_ISO_TEMP_DIR}/boot/grub/grub.cfg
}
@@ -106,11 +106,14 @@ BOOT_IMAGE = "${@oe.utils.vartrue("DISTRO_UNATTENDED_INST_TESTS", "EFI/BOOT/BOOT
EFI_IMAGE = "${@oe.utils.vartrue("DISTRO_UNATTENDED_INST_TESTS", "images/efiboot.img", "", d)}"
PV = "39.1.5"
SRC_URI = "https://download.fedoraproject.org/pub/fedora/linux/releases/39/Server/aarch64/iso/Fedora-Server-dvd-aarch64-39-1.5.iso;unpack=0;downloadfilename=${ISO_IMAGE_NAME}.iso"
SRC_URI[sha256sum] = "d19dc2a39758155fa53e6fd555d0d173ccc8175b55dea48002d499f39cb30ce0"
SRC_URI = "\
https://download.fedoraproject.org/pub/fedora/linux/releases/39/Server/aarch64/iso/Fedora-Server-dvd-aarch64-39-1.5.iso;unpack=0;downloadfilename=${ISO_IMAGE_NAME}.iso;name=fedora_iso_image \
file://unattended-boot-conf/Fedora/ks.cfg\
"
SRC_URI[fedora_iso_image.sha256sum] = "d19dc2a39758155fa53e6fd555d0d173ccc8175b55dea48002d499f39cb30ce0"
modifyiso() {
UNATTENDED_CONF_DIR="${THISDIR}/unattended-boot-conf/Fedora"
UNATTENDED_CONF_DIR="${UNPACKDIR}/unattended-boot-conf/Fedora"
cp "${UNATTENDED_CONF_DIR}/ks.cfg" ${EXTRACTED_ISO_TEMP_DIR}
sed -i 's/set default="1"/set default="0"/g' "${EXTRACTED_ISO_TEMP_DIR}/EFI/BOOT/grub.cfg"
@@ -70,5 +70,23 @@ PV = "15.5"
# possible value of ISO_TYPE: NET, DVD
ISO_TYPE = "DVD"
BUILD_NO = "491.1"
SRC_URI = "https://download.opensuse.org/distribution/leap/${PV}/iso/openSUSE-Leap-${PV}-${ISO_TYPE}-aarch64-Build${BUILD_NO}-Media.iso;unpack=0;downloadfilename=${ISO_IMAGE_NAME}.iso"
SRC_URI[sha256sum] = "456cc4f99b044429d8a89bd302c06e9e382d6ac4dc590139a7096ebb54f5357b"
SRC_URI = "\
https://download.opensuse.org/distribution/leap/${PV}/iso/openSUSE-Leap-${PV}-${ISO_TYPE}-aarch64-Build${BUILD_NO}-Media.iso;unpack=0;downloadfilename=${ISO_IMAGE_NAME}.iso;name=opensuse_iso_image \
file://unattended-boot-conf/openSUSE/autoinst.xml \
"
SRC_URI[opensuse_iso_image.sha256sum] = "456cc4f99b044429d8a89bd302c06e9e382d6ac4dc590139a7096ebb54f5357b"
TEST_SUITES = "${@oe.utils.vartrue("DISTRO_UNATTENDED_INST_TESTS", "arm_systemready_opensuse_unattended", "", d)}"
ISO_LABEL = "${@oe.utils.vartrue("DISTRO_UNATTENDED_INST_TESTS", "OEMDRV", "", d)}"
BOOT_CATALOG = "${@oe.utils.vartrue("DISTRO_UNATTENDED_INST_TESTS", "boot.catalog", "", d)}"
BOOT_IMAGE = "${@oe.utils.vartrue("DISTRO_UNATTENDED_INST_TESTS", "EFI/BOOT/bootaa64.efi", "", d)}"
EFI_IMAGE = "${@oe.utils.vartrue("DISTRO_UNATTENDED_INST_TESTS", "boot/aarch64/efi", "", d)}"
modifyiso() {
UNATTENDED_CONF_DIR="${UNPACKDIR}/unattended-boot-conf/openSUSE"
#create installation configuration files, remove grub timeout, setup network
cp "${UNATTENDED_CONF_DIR}/autoinst.xml" ${EXTRACTED_ISO_TEMP_DIR}
sed -i 's/timeout=60/timeout=0/g' "${EXTRACTED_ISO_TEMP_DIR}/EFI/BOOT/grub.cfg"
}
@@ -19,7 +19,7 @@ python () {
unpackiso() {
# Unpack the ISO image
bsdtar -xf ${WORKDIR}/${ISO_IMAGE_NAME}.iso -C ${EXTRACTED_ISO_TEMP_DIR}
bsdtar -xf ${UNPACKDIR}/${ISO_IMAGE_NAME}.iso -C ${EXTRACTED_ISO_TEMP_DIR}
chmod -R u+rw ${EXTRACTED_ISO_TEMP_DIR}
}
@@ -34,7 +34,7 @@ repackiso() {
-boot-load-size 4 -boot-info-table -J -R -V ${ISO_LABEL} -eltorito-alt-boot \
-eltorito-boot ${EFI_IMAGE} -no-emul-boot ${EXTRACTED_ISO_TEMP_DIR}
mv -f ${NEW_ISO_TEMP_DIR}/${ISO_IMAGE_NAME}.iso ${WORKDIR}
mv -f ${NEW_ISO_TEMP_DIR}/${ISO_IMAGE_NAME}.iso ${UNPACKDIR}
}
# Write the test data in IMAGE_POSTPROCESS_COMMAND
@@ -0,0 +1,75 @@
# Preconfiguration file for Debian unattended installation
# Enable auto mode
d-i auto-install/enable boolean true
d-i debconf/priority select critical
# Set language, country and locale
d-i debian-installer/language string en
d-i debian-installer/country string GB
d-i debian-installer/locale string en_GB.UTF-8
d-i keyboard-configuration/xkb-keymap select us
# Set clock and timezone
d-i clock-setup/utc boolean true
d-i time/zone select Europe/London
# Skip installing recommended packages
d-i base-installer/install-recommends boolean false
# Set user and password
d-i passwd/root-login boolean false
d-i passwd/user-fullname string user
d-i passwd/username string user
d-i passwd/user-password password unsafe
d-i passwd/user-password-again password unsafe
# Disable CD-ROM and set mirror
d-i apt-setup/cdrom/set-first boolean false
d-i mirror/country string manual NO
d-i mirror/http/proxy string
# Disable mirror selection
d-i apt-setup/no_mirror boolean true
d-i popularity-contest/participate boolean false
# Skip package selection and upgrades
d-i pkgsel/run_tasksel boolean false
d-i pkgsel/upgrade select none
# Ensure the 'dbus' package is installed
d-i pkgsel/include string dbus
# Set host and domain names
d-i netcfg/get_hostname string debtest
d-i netcfg/get_domain string unassigned-domain
# Partitioning
d-i partman-auto/disk string /dev/vda
d-i partman-auto/init_automatically_partition select Guided - use entire disk
d-i partman-auto/choose_recipe select All files in one partition (recommended for new users)
d-i partman-auto/method string regular
d-i partman/confirm_write_new_label boolean true
d-i partman/choose_partition select finish
d-i partman/confirm boolean true
d-i partman/confirm_nooverwrite boolean true
# Install GRUB bootloader
d-i grub-installer/only_debian boolean true
d-i grub-installer/bootdev string /dev/vda
d-i grub-installer/bootloader-id string debian
d-i grub-installer/efi-directory string /boot/efi
# Handle errors automatically
d-i debian-installer/exit-on-error boolean true
# Late command to install GRUB and finalize boot setup
d-i preseed/late_command string \
mount /dev/vda1 /target/boot/efi || true; \
in-target mkdir -p /boot/efi/EFI/boot || true; \
in-target grub-install --target=arm64-efi --efi-directory=/boot/efi --bootloader-id=debian --removable || true; \
in-target update-grub || true; \
umount /target/boot/efi || true
# Reboot after installation
d-i finish-install/reboot_in_progress note
@@ -0,0 +1,935 @@
<?xml version="1.0"?>
<!DOCTYPE profile>
<profile xmlns="http://www.suse.com/1.0/yast2ns" xmlns:config="http://www.suse.com/1.0/configns">
<bootloader t="map">
<global t="map">
<append>splash=silent preempt=full mitigations=auto quiet security=apparmor</append>
<cpu_mitigations>auto</cpu_mitigations>
<gfxmode>auto</gfxmode>
<hiddenmenu>false</hiddenmenu>
<os_prober>true</os_prober>
<secure_boot>true</secure_boot>
<terminal>gfxterm</terminal>
<timeout t="integer">8</timeout>
<update_nvram>true</update_nvram>
</global>
<loader_type>grub2-efi</loader_type>
</bootloader>
<firewall t="map">
<default_zone>public</default_zone>
<enable_firewall t="boolean">true</enable_firewall>
<log_denied_packets>off</log_denied_packets>
<start_firewall t="boolean">true</start_firewall>
<zones t="list">
<zone t="map">
<description>Unsolicited incoming network packets are rejected. Incoming packets that are related to outgoing network connections are accepted. Outgoing network connections are allowed.</description>
<interfaces t="list"/>
<masquerade t="boolean">false</masquerade>
<name>block</name>
<ports t="list"/>
<protocols t="list"/>
<services t="list"/>
<short>Block</short>
<target>%%REJECT%%</target>
</zone>
<zone t="map">
<description>For computers in your demilitarized zone that are publicly-accessible with limited access to your internal network. Only selected incoming connections are accepted.</description>
<interfaces t="list"/>
<masquerade t="boolean">false</masquerade>
<name>dmz</name>
<ports t="list"/>
<protocols t="list"/>
<services t="list">
<service>ssh</service>
</services>
<short>DMZ</short>
<target>default</target>
</zone>
<zone t="map">
<description>All network connections are accepted.</description>
<interfaces t="list">
<interface>docker0</interface>
</interfaces>
<masquerade t="boolean">false</masquerade>
<name>docker</name>
<ports t="list"/>
<protocols t="list"/>
<services t="list"/>
<short>docker</short>
<target>ACCEPT</target>
</zone>
<zone t="map">
<description>Unsolicited incoming network packets are dropped. Incoming packets that are related to outgoing network connections are accepted. Outgoing network connections are allowed.</description>
<interfaces t="list"/>
<masquerade t="boolean">false</masquerade>
<name>drop</name>
<ports t="list"/>
<protocols t="list"/>
<services t="list"/>
<short>Drop</short>
<target>DROP</target>
</zone>
<zone t="map">
<description>For use on external networks. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
<interfaces t="list"/>
<masquerade t="boolean">true</masquerade>
<name>external</name>
<ports t="list"/>
<protocols t="list"/>
<services t="list">
<service>ssh</service>
</services>
<short>External</short>
<target>default</target>
</zone>
<zone t="map">
<description>For use in home areas. You mostly trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
<interfaces t="list"/>
<masquerade t="boolean">false</masquerade>
<name>home</name>
<ports t="list"/>
<protocols t="list"/>
<services t="list">
<service>dhcpv6-client</service>
<service>mdns</service>
<service>samba-client</service>
<service>ssh</service>
</services>
<short>Home</short>
<target>default</target>
</zone>
<zone t="map">
<description>For use on internal networks. You mostly trust the other computers on the networks to not harm your computer. Only selected incoming connections are accepted.</description>
<interfaces t="list"/>
<masquerade t="boolean">false</masquerade>
<name>internal</name>
<ports t="list"/>
<protocols t="list"/>
<services t="list">
<service>dhcpv6-client</service>
<service>mdns</service>
<service>samba-client</service>
<service>ssh</service>
</services>
<short>Internal</short>
<target>default</target>
</zone>
<zone t="map">
<description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
<interfaces t="list">
<interface>eth0</interface>
</interfaces>
<masquerade t="boolean">false</masquerade>
<name>public</name>
<ports t="list"/>
<protocols t="list"/>
<services t="list">
<service>dhcpv6-client</service>
<service>ssh</service>
</services>
<short>Public</short>
<target>default</target>
</zone>
<zone t="map">
<description>All network connections are accepted.</description>
<interfaces t="list"/>
<masquerade t="boolean">false</masquerade>
<name>trusted</name>
<ports t="list"/>
<protocols t="list"/>
<services t="list"/>
<short>Trusted</short>
<target>ACCEPT</target>
</zone>
<zone t="map">
<description>For use in work areas. You mostly trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
<interfaces t="list"/>
<masquerade t="boolean">false</masquerade>
<name>work</name>
<ports t="list"/>
<protocols t="list"/>
<services t="list">
<service>dhcpv6-client</service>
<service>ssh</service>
</services>
<short>Work</short>
<target>default</target>
</zone>
</zones>
</firewall>
<general t="map">
<mode t="map">
<confirm t="boolean">false</confirm>
</mode>
</general>
<groups t="list">
<group t="map">
<gid>100</gid>
<groupname>users</groupname>
<userlist/>
</group>
<group t="map">
<gid>499</gid>
<groupname>messagebus</groupname>
<userlist/>
</group>
<group t="map">
<gid>1</gid>
<groupname>bin</groupname>
<userlist>daemon</userlist>
</group>
<group t="map">
<gid>488</gid>
<groupname>input</groupname>
<userlist/>
</group>
<group t="map">
<gid>495</gid>
<groupname>kmem</groupname>
<userlist/>
</group>
<group t="map">
<gid>493</gid>
<groupname>utmp</groupname>
<userlist/>
</group>
<group t="map">
<gid>62</gid>
<groupname>man</groupname>
<userlist/>
</group>
<group t="map">
<gid>477</gid>
<groupname>polkitd</groupname>
<userlist/>
</group>
<group t="map">
<gid>479</gid>
<groupname>systemd-timesync</groupname>
<userlist/>
</group>
<group t="map">
<gid>2</gid>
<groupname>daemon</groupname>
<userlist/>
</group>
<group t="map">
<gid>480</gid>
<groupname>systemd-network</groupname>
<userlist/>
</group>
<group t="map">
<gid>71</gid>
<groupname>ntadmin</groupname>
<userlist/>
</group>
<group t="map">
<gid>490</gid>
<groupname>dialout</groupname>
<userlist/>
</group>
<group t="map">
<gid>59</gid>
<groupname>maildrop</groupname>
<userlist>postfix</userlist>
</group>
<group t="map">
<gid>478</gid>
<groupname>nscd</groupname>
<userlist/>
</group>
<group t="map">
<gid>51</gid>
<groupname>postfix</groupname>
<userlist/>
</group>
<group t="map">
<gid>485</gid>
<groupname>tape</groupname>
<userlist/>
</group>
<group t="map">
<gid>487</gid>
<groupname>render</groupname>
<userlist/>
</group>
<group t="map">
<gid>476</gid>
<groupname>sshd</groupname>
<userlist/>
</group>
<group t="map">
<gid>491</gid>
<groupname>cdrom</groupname>
<userlist/>
</group>
<group t="map">
<gid>486</gid>
<groupname>sgx</groupname>
<userlist/>
</group>
<group t="map">
<gid>0</gid>
<groupname>root</groupname>
<userlist/>
</group>
<group t="map">
<gid>489</gid>
<groupname>disk</groupname>
<userlist/>
</group>
<group t="map">
<gid>15</gid>
<groupname>shadow</groupname>
<userlist/>
</group>
<group t="map">
<gid>484</gid>
<groupname>video</groupname>
<userlist/>
</group>
<group t="map">
<gid>496</gid>
<groupname>wheel</groupname>
<userlist/>
</group>
<group t="map">
<gid>483</gid>
<groupname>audit</groupname>
<userlist/>
</group>
<group t="map">
<gid>498</gid>
<groupname>mail</groupname>
<userlist>postfix</userlist>
</group>
<group t="map">
<gid>5</gid>
<groupname>tty</groupname>
<userlist/>
</group>
<group t="map">
<gid>65533</gid>
<groupname>nogroup</groupname>
<userlist/>
</group>
<group t="map">
<gid>65534</gid>
<groupname>nobody</groupname>
<userlist/>
</group>
<group t="map">
<gid>497</gid>
<groupname>lp</groupname>
<userlist/>
</group>
<group t="map">
<gid>482</gid>
<groupname>chrony</groupname>
<userlist/>
</group>
<group t="map">
<gid>492</gid>
<groupname>audio</groupname>
<userlist/>
</group>
<group t="map">
<gid>494</gid>
<groupname>lock</groupname>
<userlist/>
</group>
<group t="map">
<gid>36</gid>
<groupname>kvm</groupname>
<userlist/>
</group>
<group t="map">
<gid>42</gid>
<groupname>trusted</groupname>
<userlist/>
</group>
<group t="map">
<gid>481</gid>
<groupname>systemd-journal</groupname>
<userlist/>
</group>
</groups>
<host t="map">
<hosts t="list">
<hosts_entry t="map">
<host_address>127.0.0.1</host_address>
<names t="list">
<name>localhost</name>
</names>
</hosts_entry>
<hosts_entry t="map">
<host_address>::1</host_address>
<names t="list">
<name>localhost ipv6-localhost ipv6-loopback</name>
</names>
</hosts_entry>
<hosts_entry t="map">
<host_address>fe00::0</host_address>
<names t="list">
<name>ipv6-localnet</name>
</names>
</hosts_entry>
<hosts_entry t="map">
<host_address>ff00::0</host_address>
<names t="list">
<name>ipv6-mcastprefix</name>
</names>
</hosts_entry>
<hosts_entry t="map">
<host_address>ff02::1</host_address>
<names t="list">
<name>ipv6-allnodes</name>
</names>
</hosts_entry>
<hosts_entry t="map">
<host_address>ff02::2</host_address>
<names t="list">
<name>ipv6-allrouters</name>
</names>
</hosts_entry>
<hosts_entry t="map">
<host_address>ff02::3</host_address>
<names t="list">
<name>ipv6-allhosts</name>
</names>
</hosts_entry>
</hosts>
</host>
<language t="map">
<language>en_GB</language>
<languages>en_GB</languages>
</language>
<networking t="map">
<dhcp_options t="map">
<dhclient_client_id/>
<dhclient_hostname_option>AUTO</dhclient_hostname_option>
</dhcp_options>
<dns t="map">
<dhcp_hostname t="boolean">true</dhcp_hostname>
<hostname>localhost</hostname>
<resolv_conf_policy>auto</resolv_conf_policy>
</dns>
<interfaces t="list">
<interface t="map">
<bootproto>dhcp</bootproto>
<name>eth0</name>
<startmode>auto</startmode>
<zone>public</zone>
</interface>
</interfaces>
<ipv6 t="boolean">true</ipv6>
<keep_install_network t="boolean">true</keep_install_network>
<managed t="boolean">false</managed>
<routing t="map">
<ipv4_forward t="boolean">false</ipv4_forward>
<ipv6_forward t="boolean">false</ipv6_forward>
</routing>
</networking>
<ntp-client t="map">
<ntp_policy>auto</ntp_policy>
<ntp_servers t="list"/>
<ntp_sync>systemd</ntp_sync>
</ntp-client>
<partitioning t="list">
<drive t="map">
<device>/dev/vda</device>
<disklabel>gpt</disklabel>
<enable_snapshots t="boolean">false</enable_snapshots>
<partitions t="list">
<partition t="map">
<create t="boolean">true</create>
<filesystem t="symbol">vfat</filesystem>
<format t="boolean">true</format>
<fstopt>utf8</fstopt>
<mount>/boot/efi</mount>
<mountby t="symbol">uuid</mountby>
<partition_id t="integer">259</partition_id>
<partition_nr t="integer">1</partition_nr>
<resize t="boolean">false</resize>
<size>134217728</size>
</partition>
<partition t="map">
<create t="boolean">true</create>
<create_subvolumes t="boolean">true</create_subvolumes>
<filesystem t="symbol">btrfs</filesystem>
<format t="boolean">true</format>
<mount>/</mount>
<mountby t="symbol">uuid</mountby>
<partition_id t="integer">131</partition_id>
<partition_nr t="integer">2</partition_nr>
<quotas t="boolean">false</quotas>
<resize t="boolean">false</resize>
<size>6307167744</size>
<subvolumes t="list">
<subvolume t="map">
<copy_on_write t="boolean">false</copy_on_write>
<path>var</path>
</subvolume>
<subvolume t="map">
<copy_on_write t="boolean">true</copy_on_write>
<path>usr/local</path>
</subvolume>
<subvolume t="map">
<copy_on_write t="boolean">true</copy_on_write>
<path>tmp</path>
</subvolume>
<subvolume t="map">
<copy_on_write t="boolean">true</copy_on_write>
<path>srv</path>
</subvolume>
<subvolume t="map">
<copy_on_write t="boolean">true</copy_on_write>
<path>root</path>
</subvolume>
<subvolume t="map">
<copy_on_write t="boolean">true</copy_on_write>
<path>opt</path>
</subvolume>
<subvolume t="map">
<copy_on_write t="boolean">true</copy_on_write>
<path>home</path>
</subvolume>
<subvolume t="map">
<copy_on_write t="boolean">true</copy_on_write>
<path>boot/grub2/arm64-efi</path>
</subvolume>
</subvolumes>
<subvolumes_prefix>@</subvolumes_prefix>
</partition>
</partitions>
<type t="symbol">CT_DISK</type>
<use>all</use>
</drive>
</partitioning>
<proxy t="map">
<enabled t="boolean">false</enabled>
</proxy>
<services-manager t="map">
<default_target>multi-user</default_target>
<services t="map">
<enable t="list">
<service>YaST2-Firstboot</service>
<service>YaST2-Second-Stage</service>
<service>apparmor</service>
<service>auditd</service>
<service>klog</service>
<service>chronyd</service>
<service>cron</service>
<service>cups</service>
<service>firewalld</service>
<service>wickedd-auto4</service>
<service>wickedd-dhcp4</service>
<service>wickedd-dhcp6</service>
<service>wickedd-nanny</service>
<service>irqbalance</service>
<service>issue-generator</service>
<service>kbdsettings</service>
<service>wicked</service>
<service>nscd</service>
<service>postfix</service>
<service>purge-kernels</service>
<service>rsyslog</service>
<service>smartd</service>
<service>sshd</service>
<service>systemd-pstore</service>
<service>systemd-remount-fs</service>
</enable>
</services>
</services-manager>
<software t="map">
<install_recommended t="boolean">true</install_recommended>
<instsource/>
<packages t="list">
<package>wicked</package>
<package>shim</package>
<package>os-prober</package>
<package>openssh</package>
<package>openSUSE-release</package>
<package>mokutil</package>
<package>kexec-tools</package>
<package>grub2-arm64-efi</package>
<package>glibc</package>
<package>firewalld</package>
<package>e2fsprogs</package>
<package>dosfstools</package>
<package>chrony</package>
<package>btrfsprogs</package>
<package>autoyast2</package>
</packages>
<patterns t="list">
<pattern>apparmor</pattern>
<pattern>base</pattern>
<pattern>documentation</pattern>
<pattern>enhanced_base</pattern>
<pattern>minimal_base</pattern>
<pattern>sw_management</pattern>
<pattern>yast2_basis</pattern>
</patterns>
<products t="list">
<product>Leap</product>
</products>
</software>
<ssh_import t="map">
<copy_config t="boolean">false</copy_config>
<import t="boolean">false</import>
</ssh_import>
<user_defaults t="map">
<expire/>
<group>100</group>
<home>/home</home>
<inactive>-1</inactive>
<shell>/bin/bash</shell>
<umask>022</umask>
</user_defaults>
<users t="list">
<user t="map">
<authorized_keys t="list"/>
<encrypted t="boolean">true</encrypted>
<fullname>user</fullname>
<gid>100</gid>
<home>/home/user</home>
<home_btrfs_subvolume t="boolean">false</home_btrfs_subvolume>
<password_settings t="map">
<expire/>
<flag/>
<inact/>
<max>99999</max>
<min>0</min>
<warn>7</warn>
</password_settings>
<shell>/bin/bash</shell>
<uid>1000</uid>
<user_password>$6$WV8CB/c6j0zhAi5S$4euhbt4alH7WNfaatS9IJgPiiKDJ48d5Ru1zCZCA0N9GiyOPuefN2PAUWlyYeTgqAInpyvPh1frdp4fFVjvEn0</user_password>
<username>user</username>
</user>
<user t="map">
<encrypted t="boolean">true</encrypted>
<fullname>User for nscd</fullname>
<gid>478</gid>
<home>/run/nscd</home>
<home_btrfs_subvolume t="boolean">false</home_btrfs_subvolume>
<password_settings t="map">
<expire/>
<flag/>
<inact/>
<max/>
<min/>
<warn/>
</password_settings>
<shell>/sbin/nologin</shell>
<uid>478</uid>
<user_password>!</user_password>
<username>nscd</username>
</user>
<user t="map">
<encrypted t="boolean">true</encrypted>
<fullname>systemd Network Management</fullname>
<gid>480</gid>
<home>/</home>
<home_btrfs_subvolume t="boolean">false</home_btrfs_subvolume>
<password_settings t="map">
<expire/>
<flag/>
<inact/>
<max/>
<min/>
<warn/>
</password_settings>
<shell>/usr/sbin/nologin</shell>
<uid>480</uid>
<user_password>!*</user_password>
<username>systemd-network</username>
</user>
<user t="map">
<encrypted t="boolean">true</encrypted>
<fullname>Daemon</fullname>
<gid>2</gid>
<home>/sbin</home>
<home_btrfs_subvolume t="boolean">false</home_btrfs_subvolume>
<password_settings t="map">
<expire/>
<flag/>
<inact/>
<max/>
<min/>
<warn/>
</password_settings>
<shell>/usr/sbin/nologin</shell>
<uid>2</uid>
<user_password>!</user_password>
<username>daemon</username>
</user>
<user t="map">
<encrypted t="boolean">true</encrypted>
<fullname>systemd Time Synchronization</fullname>
<gid>479</gid>
<home>/</home>
<home_btrfs_subvolume t="boolean">false</home_btrfs_subvolume>
<password_settings t="map">
<expire/>
<flag/>
<inact/>
<max/>
<min/>
<warn/>
</password_settings>
<shell>/usr/sbin/nologin</shell>
<uid>479</uid>
<user_password>!*</user_password>
<username>systemd-timesync</username>
</user>
<user t="map">
<encrypted t="boolean">true</encrypted>
<fullname>user for rpcbind</fullname>
<gid>65534</gid>
<home>/var/lib/empty</home>
<home_btrfs_subvolume t="boolean">false</home_btrfs_subvolume>
<password_settings t="map">
<expire/>
<flag/>
<inact/>
<max/>
<min/>
<warn/>
</password_settings>
<shell>/sbin/nologin</shell>
<uid>475</uid>
<user_password>!</user_password>
<username>rpc</username>
</user>
<user t="map">
<encrypted t="boolean">true</encrypted>
<fullname>SSH daemon</fullname>
<gid>476</gid>
<home>/var/lib/sshd</home>
<home_btrfs_subvolume t="boolean">false</home_btrfs_subvolume>
<password_settings t="map">
<expire/>
<flag/>
<inact/>
<max/>
<min/>
<warn/>
</password_settings>
<shell>/usr/sbin/nologin</shell>
<uid>476</uid>
<user_password>!</user_password>
<username>sshd</username>
</user>
<user t="map">
<encrypted t="boolean">true</encrypted>
<fullname>Postfix Daemon</fullname>
<gid>51</gid>
<home>/var/spool/postfix</home>
<home_btrfs_subvolume t="boolean">false</home_btrfs_subvolume>
<password_settings t="map">
<expire/>
<flag/>
<inact/>
<max/>
<min/>
<warn/>
</password_settings>
<shell>/usr/sbin/nologin</shell>
<uid>51</uid>
<user_password>!</user_password>
<username>postfix</username>
</user>
<user t="map">
<encrypted t="boolean">true</encrypted>
<fullname>NFS statd daemon</fullname>
<gid>65533</gid>
<home>/var/lib/nfs</home>
<home_btrfs_subvolume t="boolean">false</home_btrfs_subvolume>
<password_settings t="map">
<expire/>
<flag/>
<inact/>
<max/>
<min/>
<warn/>
</password_settings>
<shell>/sbin/nologin</shell>
<uid>474</uid>
<user_password>!</user_password>
<username>statd</username>
</user>
<user t="map">
<encrypted t="boolean">true</encrypted>
<fullname>bin</fullname>
<gid>1</gid>
<home>/bin</home>
<home_btrfs_subvolume t="boolean">false</home_btrfs_subvolume>
<password_settings t="map">
<expire/>
<flag/>
<inact/>
<max/>
<min/>
<warn/>
</password_settings>
<shell>/usr/sbin/nologin</shell>
<uid>1</uid>
<user_password>!</user_password>
<username>bin</username>
</user>
<user t="map">
<authorized_keys t="list"/>
<encrypted t="boolean">true</encrypted>
<fullname>root</fullname>
<gid>0</gid>
<home>/root</home>
<home_btrfs_subvolume t="boolean">false</home_btrfs_subvolume>
<password_settings t="map">
<expire/>
<flag/>
<inact/>
<max/>
<min/>
<warn/>
</password_settings>
<shell>/bin/bash</shell>
<uid>0</uid>
<user_password>$6$zAe5W7gw/kja9aKy$mM.BWtNyjalXrDNig4CUfN3bgfmehUIs8.zvBwWn1XroK104G.rY3lyup3OH8TujieUmgO4J74Df.LktV4A1K1</user_password>
<username>root</username>
</user>
<user t="map">
<encrypted t="boolean">true</encrypted>
<fullname>User for D-Bus</fullname>
<gid>499</gid>
<home>/run/dbus</home>
<home_btrfs_subvolume t="boolean">false</home_btrfs_subvolume>
<password_settings t="map">
<expire/>
<flag/>
<inact/>
<max/>
<min/>
<warn/>
</password_settings>
<shell>/usr/bin/false</shell>
<uid>499</uid>
<user_password>!</user_password>
<username>messagebus</username>
</user>
<user t="map">
<encrypted t="boolean">true</encrypted>
<fullname>Manual pages viewer</fullname>
<gid>62</gid>
<home>/var/lib/empty</home>
<home_btrfs_subvolume t="boolean">false</home_btrfs_subvolume>
<password_settings t="map">
<expire/>
<flag/>
<inact/>
<max/>
<min/>
<warn/>
</password_settings>
<shell>/usr/sbin/nologin</shell>
<uid>13</uid>
<user_password>!</user_password>
<username>man</username>
</user>
<user t="map">
<encrypted t="boolean">true</encrypted>
<fullname>Printing daemon</fullname>
<gid>497</gid>
<home>/var/spool/lpd</home>
<home_btrfs_subvolume t="boolean">false</home_btrfs_subvolume>
<password_settings t="map">
<expire/>
<flag/>
<inact/>
<max/>
<min/>
<warn/>
</password_settings>
<shell>/usr/sbin/nologin</shell>
<uid>497</uid>
<user_password>!</user_password>
<username>lp</username>
</user>
<user t="map">
<encrypted t="boolean">true</encrypted>
<fullname>User for polkitd</fullname>
<gid>477</gid>
<home>/var/lib/polkit</home>
<home_btrfs_subvolume t="boolean">false</home_btrfs_subvolume>
<password_settings t="map">
<expire/>
<flag/>
<inact/>
<max/>
<min/>
<warn/>
</password_settings>
<shell>/usr/sbin/nologin</shell>
<uid>477</uid>
<user_password>!</user_password>
<username>polkitd</username>
</user>
<user t="map">
<encrypted t="boolean">true</encrypted>
<fullname>Chrony Daemon</fullname>
<gid>482</gid>
<home>/var/lib/chrony</home>
<home_btrfs_subvolume t="boolean">false</home_btrfs_subvolume>
<password_settings t="map">
<expire/>
<flag/>
<inact/>
<max/>
<min/>
<warn/>
</password_settings>
<shell>/usr/sbin/nologin</shell>
<uid>496</uid>
<user_password>!</user_password>
<username>chrony</username>
</user>
<user t="map">
<encrypted t="boolean">true</encrypted>
<fullname>nobody</fullname>
<gid>65534</gid>
<home>/var/lib/nobody</home>
<home_btrfs_subvolume t="boolean">false</home_btrfs_subvolume>
<password_settings t="map">
<expire/>
<flag/>
<inact/>
<max/>
<min/>
<warn/>
</password_settings>
<shell>/bin/bash</shell>
<uid>65534</uid>
<user_password>!</user_password>
<username>nobody</username>
</user>
<user t="map">
<encrypted t="boolean">true</encrypted>
<fullname>Mailer daemon</fullname>
<gid>498</gid>
<home>/var/spool/clientmqueue</home>
<home_btrfs_subvolume t="boolean">false</home_btrfs_subvolume>
<password_settings t="map">
<expire/>
<flag/>
<inact/>
<max/>
<min/>
<warn/>
</password_settings>
<shell>/usr/sbin/nologin</shell>
<uid>498</uid>
<user_password>!</user_password>
<username>mail</username>
</user>
</users>
</profile>
-64
View File
@@ -6,70 +6,6 @@ This layer contains recipes for the prebuilt GNU Arm toolchains.
Information regarding contributing, reporting bugs, etc can be found in the
top-level meta-arm readme file.
Recipes for pre-built GNU Arm toolchain for Linux development are provided under
``recipes-devtools/external-arm-toolchain/``.
external-arm-toolchain.bb
~~~~~~~~~~~~~~~~~~~~~~~~~
This recipe provides support for pre-built GNU toolchains targeting processors
from the Arm Cortex-A family and implementing the Arm A-profile architecture.
Usage
^^^^^
In order to use any of pre-built Arm toolchain versions (8.2, 8.3, 9.2 and so
on), a user needs to download and untar tool-set on host machine at a particular
installation path eg: ``/opt/toolchain/``. Then user needs to specify following
in ``conf/local.conf`` in order to replace OE toolchain with pre-built GNU-A
toolchain:
TCMODE = "external-arm"
EXTERNAL_TOOLCHAIN = "<path-to-the-toolchain>"
- Eg. for AArch64 (eg. qemuarm64 machine in poky distro)
EXTERNAL_TOOLCHAIN = "\
<installation-path>/gcc-arm-9.2-2019.12-x86_64-aarch64-none-linux-gnu \
"
- Eg. for AArch32 (eg. qemuarm machine in poky distro)
EXTERNAL_TOOLCHAIN = "\
<installation-path>/gcc-arm-9.2-2019.12-x86_64-arm-none-linux-gnueabihf \
"
Supported distros and machines
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Since this pre-built GNU-A tool-set simply replaces OE toolchain, so it is
meant to be distro and machine agnostic as long as one is cross-compiling for
Arm A-profile architecture.
Tested distro and machines (for zeus stable release):
1. Distro: poky; machines: qemuarm and qemuarm64 (build and boot tested)
2. Distro: RPB; machines: dragonboard-410c (build and boot tested)
3. Distro: world; machines: qemuarm and qemuarm64. Build tested for following
layers:
- poky/meta
- poky/meta-poky
- poky/meta-yocto-bsp
- meta-openembedded/meta-oe
- meta-openembedded/meta-python
- meta-openembedded/meta-networking
SDK support
^^^^^^^^^^^
Pre-built toochain provides support to build OE SDK which has been tested using
following commands:
$ bitbake core-image-base -c populate_sdk
$ bitbake core-image-base -c testsdk
Note: Currently generated SDK only uses glibc provided by pre-built toolchain.
The cross compiler, binutils, gdb/gdbserver etc. are built from source.
This is something we would like to improve in future in order to package
most of the components from pre-built toolchain instead.
Pre-built Arm toolchain for bare-metal development
--------------------------------------------------
@@ -1,134 +0,0 @@
def eat_run(d, cmd, *args):
import bb.process
import subprocess
topdir = d.getVar('TOPDIR', True)
toolchain_path = d.getVar('EXTERNAL_TOOLCHAIN', True)
if not toolchain_path:
return 'UNKNOWN', 'UNKNOWN'
target_prefix = d.getVar('TARGET_PREFIX', True)
path = os.path.join(toolchain_path, 'bin', target_prefix + cmd)
args = [path] + list(args)
return bb.process.run(args, cwd=topdir, stderr=subprocess.PIPE)
def eat_get_version(d):
try:
stdout, stderr = eat_run(d, 'gcc', '-v')
except bb.process.CmdError as exc:
bb.error('Failed to obtain external Arm toolchain version: %s' % exc)
return 'UNKNOWN'
else:
last_line = stderr.splitlines()[-1]
return last_line
# Extract the YYYY.MM or release version
def eat_get_main_version(d):
version = eat_get_version(d)
bb.debug(2, 'Trying for parse version info from: %s' % version)
if version != 'UNKNOWN':
if version.split()[4] == '(Arm':
# gcc version 11.3.1 20220712 (Arm GNU Toolchain 11.3.Rel1)
return version.split()[7].split(')')[0]
elif version.split()[4] == '(GNU':
# gcc version 9.2.1 20191025 (GNU Toolchain for the A-profile Architecture 9.2-2019.12 (arm-9.10))
# gcc version 8.2.1 20180802 (GNU Toolchain for the A-profile Architecture 8.2-2018.11 (arm-rel-8.26))
return version.split()[10].split('-')[1]
elif version.split()[3] == '(GNU':
# gcc version 8.3.0 (GNU Toolchain for the A-profile Architecture 8.3-2019.03 (arm-rel-8.36))
return version.split()[9].split('-')[1]
else:
bb.error('Failed to parse external Arm toolchain version from: %s' % version)
else:
return version
# Extract the x.y.z version from 'gcc version 4.9.1'
def eat_get_gcc_version(d):
version = eat_get_version(d)
if version != 'UNKNOWN':
return version.split()[2]
else:
return version
def eat_get_libc_version(d):
import os,bb
import subprocess
syspath = bb.data.expand('${EXTERNAL_TOOLCHAIN}/${EAT_TARGET_SYS}', d)
if not syspath:
return 'UNKNOWN'
topdir = d.getVar('TOPDIR', True)
lddpath = syspath + '/libc/usr/bin/ldd'
if os.path.exists(lddpath):
cmd = '/bin/sh ' + lddpath + ' --version'
try:
stdout, stderr = bb.process.run(cmd, cwd=topdir, stderr=subprocess.PIPE)
except bb.process.CmdError as exc:
bb.error('Failed to obtain external Arm libc version: %s' % exc)
return 'UNKNOWN'
else:
first_line = stdout.splitlines()[0]
return first_line.split()[2]
return 'UNKNOWN'
def eat_get_kernel_version(d):
import os,bb
syspath = bb.data.expand('${EXTERNAL_TOOLCHAIN}/${EAT_TARGET_SYS}', d)
if not syspath:
return 'UNKNOWN'
vf = syspath + '/libc/usr/include/linux/version.h'
try:
f = open(vf, 'r')
except (OSError, IOError):
return 'UNKNOWN'
l = f.readlines();
f.close();
for s in l:
if s.find('LINUX_VERSION_CODE') > 0:
ver = int(s.split()[2])
maj = ver / 65536
ver = ver % 65536
min = ver / 256
ver = ver % 256
return str(maj)+'.'+str(min)+'.'+str(ver)
return 'UNKNOWN'
def eat_get_gdb_version(d):
try:
stdout, stderr = eat_run(d, 'gdb', '-v')
except bb.process.CmdError:
return 'UNKNOWN'
else:
first_line = stdout.splitlines()[0]
return first_line.split()[-1]
def eat_get_bfd_version(d):
try:
stdout, stderr = eat_run(d, 'as', '--version')
except bb.process.CmdError:
return 'UNKNOWN'
else:
first_line = stdout.splitlines()[0]
return first_line.split()[-1]
python external_arm_toolchain_version_handler () {
if not isinstance(e, bb.event.ConfigParsed):
return
d = e.data
ld = d.createCopy()
d.setVar('EAT_VER_MAIN', eat_get_main_version(ld))
d.setVar('EAT_VER_GCC', eat_get_gcc_version(ld))
d.setVar('EAT_VER_LIBC', eat_get_libc_version(ld))
d.setVar('EAT_VER_KERNEL', eat_get_kernel_version(ld))
d.setVar('EAT_VER_GDB', eat_get_gdb_version(ld))
d.setVar('EAT_VER_BFD', eat_get_bfd_version(ld))
}
addhandler external_arm_toolchain_version_handler
@@ -1,124 +0,0 @@
#
# Configuration to use an external Arm binary toolchain
#
EXTERNAL_TOOLCHAIN ?= "/usr/local/arm-binary-toolchain/${TARGET_ARCH}"
# oe-core passes this by default because it assumes GCC 13. This can be removed when Arm GCC is 13.1+.
DEBUG_PREFIX_MAP:remove = "-fcanon-prefix-map"
TOOLCHAIN_PATH_ADD = "${EXTERNAL_TOOLCHAIN}/bin:"
PATH =. "${TOOLCHAIN_PATH_ADD}"
EAT_TARGET_SYS:arm ?= "${@ 'arm-none-linux-gnueabihf' if os.path.exists('${EXTERNAL_TOOLCHAIN}/bin/arm-none-linux-gnueabihf-gcc') else 'arm-linux-gnueabihf'}"
EAT_TARGET_SYS:aarch64 ?= "${@ 'aarch64-none-linux-gnu' if os.path.exists('${EXTERNAL_TOOLCHAIN}/bin/aarch64-none-linux-gnu-gcc') else 'aarch64-linux-gnu'}"
EAT_TARGET_SYS = "${TARGET_SYS}"
TARGET_PREFIX = "${EAT_TARGET_SYS}-"
EAT_LIBDIR:arm = "lib"
EAT_LIBDIR:aarch64 = "lib64"
GCCMULTILIB:forcevariable = "--disable-multilib"
IMAGE_LINGUAS:forcevariable = ""
# Blacklist toolchain recipes as a belt-and-suspenders way to use the external toolchain
SKIP_RECIPE[glibc] = "Using external toolchain"
SKIP_RECIPE[libgcc] = "Using external toolchain"
SKIP_RECIPE[gcc-cross] = "Using external toolchain"
SKIP_RECIPE[gcc-cross-aarch64] = "Using external toolchain"
SKIP_RECIPE[gcc-cross-arm] = "Using external toolchain"
SKIP_RECIPE[gcc-runtime] = "Using external toolchain"
SKIP_RECIPE[gcc-sanitizers] = "Using external toolchain"
PREFERRED_PROVIDER_linux-libc-headers = "external-arm-toolchain"
PREFERRED_PROVIDER_linux-libc-headers-dev = "external-arm-toolchain"
PREFERRED_PROVIDER_virtual/${TARGET_PREFIX}gcc = "external-arm-toolchain"
PREFERRED_PROVIDER_virtual/${TARGET_PREFIX}gcc-initial = "external-arm-toolchain"
PREFERRED_PROVIDER_virtual/${TARGET_PREFIX}g++ = "external-arm-toolchain"
PREFERRED_PROVIDER_virtual/${TARGET_PREFIX}binutils = "external-arm-toolchain"
PREFERRED_PROVIDER_virtual/${TARGET_PREFIX}libc-for-gcc = "external-arm-toolchain"
PREFERRED_PROVIDER_virtual/${TARGET_PREFIX}compilerlibs = "external-arm-toolchain"
PREFERRED_PROVIDER_glibc = "external-arm-toolchain"
PREFERRED_PROVIDER_libgcc = "external-arm-toolchain"
PREFERRED_PROVIDER_virtual/libc = "external-arm-toolchain"
PREFERRED_PROVIDER_virtual/libc-locale = "external-arm-toolchain"
PREFERRED_PROVIDER_virtual/libintl = "external-arm-toolchain"
PREFERRED_PROVIDER_virtual/libiconv = "external-arm-toolchain"
PREFERRED_PROVIDER_virtual/crypt = "external-arm-toolchain"
PREFERRED_PROVIDER_glibc-thread-db = "external-arm-toolchain"
PREFERRED_PROVIDER_glibc-mtrace = "external-arm-toolchain"
PREFERRED_PROVIDER_libc-mtrace = "external-arm-toolchain"
PREFERRED_PROVIDER_virtual/linux-libc-headers = "external-arm-toolchain"
PREFERRED_PROVIDER_gcc-cross-canadian-${TRANSLATED_TARGET_ARCH} ?= "external-arm-sdk-toolchain-${TRANSLATED_TARGET_ARCH}"
PREFERRED_PROVIDER_binutils-cross-canadian-${TRANSLATED_TARGET_ARCH} ?= "external-arm-sdk-toolchain-${TRANSLATED_TARGET_ARCH}"
PREFERRED_PROVIDER_gdb-cross-canadian-${TRANSLATED_TARGET_ARCH} ?= "external-arm-sdk-toolchain-${TRANSLATED_TARGET_ARCH}"
TOOLCHAIN_OPTIONS = " --sysroot=${STAGING_DIR_HOST}"
DISTRO_FEATURES_LIBC = "ipv4 ipv6 libc-backtrace libc-big-macros libc-bsd libc-cxx-tests libc-catgets libc-crypt \
libc-crypt-ufc libc-db-aliases libc-envz libc-fcvt libc-fmtmsg libc-fstab libc-ftraverse \
libc-getlogin libc-idn libc-inet-anl libc-libm libc-libm-big \
libc-locales libc-locale-code libc-charsets \
libc-memusage libc-nis libc-nsswitch libc-rcmd libc-rtld-debug libc-spawn libc-streams libc-sunrpc \
libc-utmp libc-utmpx libc-wordexp libc-posix-clang-wchar libc-posix-regexp libc-posix-regexp-glibc \
libc-posix-wchar-io"
ENABLE_BINARY_LOCALE_GENERATION = "0"
GLIBC_INTERNAL_USE_BINARY_LOCALE = "precompiled"
LIBCOVERRIDE = ":libc-glibc"
LIBC_DEPENDENCIES:remove = "glibc-gconv-cp1252 glibc-gconv-ibm850 glibc-gconv-iso8859-1 glibc-gconv-iso8859-15 glibc-localedata-i18n"
ERROR_QA[type] ?= "list"
python toolchain_metadata_setup () {
import subprocess
if not isinstance(e, bb.event.ConfigParsed):
return
d = e.data
l = d.createCopy()
external_toolchain = l.getVar('EXTERNAL_TOOLCHAIN', True)
if not external_toolchain or external_toolchain == 'UNDEFINED':
bb.fatal("Error: EXTERNAL_TOOLCHAIN must be set to the path to your arm toolchain")
if not os.path.isabs(external_toolchain):
bb.fatal("Error: EXTERNAL_TOOLCHAIN path '%s' must be absolute path" % external_toolchain)
if not os.path.exists(external_toolchain):
bb.fatal("Error: EXTERNAL_TOOLCHAIN path '%s' does not exist" % external_toolchain)
# The external toolchain may not have been built with the oe-core preferred
# gnu hash setting, so ensure that the corresponding sanity check is not an error.
error_qa = oe.data.typed_value('ERROR_QA', l)
if 'ldflags' in error_qa:
error_qa.remove('ldflags')
d.setVar('ERROR_QA', ' '.join(error_qa))
}
addhandler toolchain_metadata_setup
def populate_toolchain_links(d):
import errno
import os
from glob import glob
d = d.createCopy()
pattern = bb.data.expand('${EXTERNAL_TOOLCHAIN}/bin/${TARGET_PREFIX}*', d)
files = glob(pattern)
if not files:
bb.fatal("Unable to populate toolchain binary symlinks")
bindir = d.getVar('STAGING_BINDIR_TOOLCHAIN', True)
bb.mkdirhier(bindir)
for f in files:
base = os.path.basename(f)
newpath = os.path.join(bindir, base)
try:
os.symlink(f, newpath)
except OSError as exc:
if exc.errno == errno.EEXIST:
break
bb.fatal("Unable to populate toolchain binary symlink for %s: %s" % (newpath, exc))
require conf/distro/include/external-arm-toolchain-versions.inc
+1 -1
View File
@@ -9,4 +9,4 @@ BBFILE_PATTERN_arm-toolchain := "^${LAYERDIR}/"
BBFILE_PRIORITY_arm-toolchain = "5"
LAYERDEPENDS_arm-toolchain = "core"
LAYERSERIES_COMPAT_arm-toolchain = "styhead"
LAYERSERIES_COMPAT_arm-toolchain = "styhead walnascar"
@@ -1 +0,0 @@
require ${@oe.utils.conditional('TCMODE', 'external-arm', 'grub-external-arm.inc', '', d)}
@@ -1,5 +0,0 @@
# grub uses --target triplet to find binutils binaries such as objcopy
# Since external-arm toolchain uses aarch64-none-linux-gnu triplet,
# OE-defined TARGET_SYS differs from EAT_TARGET_SYS used by external-arm
# toolchain, grub needs passing the correct --target to configure script
CONFIGUREOPTS:append:class-target = " --target=${EAT_TARGET_SYS}"
@@ -1 +0,0 @@
PACKAGECONFIG:remove = "${@bb.utils.contains('TCMODE', 'external-arm', 'libmount-mountfd-support', '' , d)}"
@@ -28,4 +28,4 @@ BBCLASSEXTEND = "native nativesdk"
# Skipping file deps - we don't control the dependencies for prebuilt libraries, resulting in
# nothing provides libcrypt.so.1()(64bit) needed by nativesdk-gcc-arm-none-eabi
# when packaged as RPM for SDK.
SKIP_FILEDEPS="1"
SKIP_FILEDEPS = "1"
@@ -1,143 +0,0 @@
inherit cross-canadian
require license.inc
PN = "external-arm-sdk-toolchain-${TARGET_ARCH}"
BPN = "external-arm-sdk-toolchain"
PV = "${EAT_VER_MAIN}"
INHIBIT_PACKAGE_DEBUG_SPLIT = "1"
INHIBIT_PACKAGE_STRIP = "1"
INHIBIT_SYSROOT_STRIP = "1"
INHIBIT_DEFAULT_DEPS = "1"
EXCLUDE_FROM_SHLIBS = "1"
LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"
# Skip packaging QA checks for prebuilt binaries
INSANE_SKIP:gcc-cross-canadian-${TRANSLATED_TARGET_ARCH} = "dev-so staticdev file-rdeps libdir"
INSANE_SKIP:gdb-cross-canadian-${TRANSLATED_TARGET_ARCH} = "dev-so file-rdeps"
INSANE_SKIP:binutils-cross-canadian-${TRANSLATED_TARGET_ARCH} = "dev-so file-rdeps"
# Skip file dependencies in RPM for prebuilt binaries
SKIP_FILEDEPS = "1"
PROVIDES = "\
gcc-cross-canadian-${TRANSLATED_TARGET_ARCH} \
gdb-cross-canadian-${TRANSLATED_TARGET_ARCH} \
binutils-cross-canadian-${TRANSLATED_TARGET_ARCH} \
"
PACKAGES = "\
gcc-cross-canadian-${TRANSLATED_TARGET_ARCH} \
gdb-cross-canadian-${TRANSLATED_TARGET_ARCH} \
binutils-cross-canadian-${TRANSLATED_TARGET_ARCH} \
"
# Adjust defaults in line with external toolchain
bindir = "${exec_prefix}/bin"
libdir = "${exec_prefix}/lib"
libexecdir = "${exec_prefix}/libexec"
datadir = "${exec_prefix}/share"
gcclibdir = "${libdir}/gcc"
FILES:gcc-cross-canadian-${TRANSLATED_TARGET_ARCH} = "\
${prefix}/${EAT_TARGET_SYS}/lib/libstdc++.* \
${prefix}/${EAT_TARGET_SYS}/lib/libgcc_s.* \
${prefix}/${EAT_TARGET_SYS}/lib/libsupc++.* \
${prefix}/${EAT_TARGET_SYS}/include \
${gcclibdir}/${EAT_TARGET_SYS}/${EAT_VER_GCC}/* \
${bindir}/${TARGET_PREFIX}gcov \
${bindir}/${TARGET_PREFIX}gcc* \
${bindir}/${TARGET_PREFIX}g++ \
${bindir}/${TARGET_PREFIX}cpp \
${libexecdir}/* \
"
FILES:gdb-cross-canadian-${TRANSLATED_TARGET_ARCH} = "\
${bindir}/${TARGET_PREFIX}gdb* \
${datadir}/gdb/* \
"
FILES:binutils-cross-canadian-${TRANSLATED_TARGET_ARCH} = "\
${prefix}/${EAT_TARGET_SYS}/bin/ld* \
${prefix}/${EAT_TARGET_SYS}/bin/objcopy \
${prefix}/${EAT_TARGET_SYS}/bin/strip \
${prefix}/${EAT_TARGET_SYS}/bin/nm \
${prefix}/${EAT_TARGET_SYS}/bin/ranlib \
${prefix}/${EAT_TARGET_SYS}/bin/as \
${prefix}/${EAT_TARGET_SYS}/bin/ar \
${prefix}/${EAT_TARGET_SYS}/bin/objdump \
${prefix}/${EAT_TARGET_SYS}/lib/ldscripts/* \
${bindir}/${TARGET_PREFIX}ld* \
${bindir}/${TARGET_PREFIX}addr2line \
${bindir}/${TARGET_PREFIX}objcopy \
${bindir}/${TARGET_PREFIX}readelf \
${bindir}/${TARGET_PREFIX}strip \
${bindir}/${TARGET_PREFIX}nm \
${bindir}/${TARGET_PREFIX}ranlib \
${bindir}/${TARGET_PREFIX}gprof \
${bindir}/${TARGET_PREFIX}as \
${bindir}/${TARGET_PREFIX}c++filt \
${bindir}/${TARGET_PREFIX}ar \
${bindir}/${TARGET_PREFIX}strings \
${bindir}/${TARGET_PREFIX}objdump \
${bindir}/${TARGET_PREFIX}size \
"
DESCRIPTION:gcc-cross-canadian-${TRANSLATED_TARGET_ARCH} = "The GNU cc and gcc C compilers"
DESCRIPTION:gdb-cross-canadian-${TRANSLATED_TARGET_ARCH} = "gdb - GNU debugger"
DESCRIPTION:binutils-cross-canadian-${TRANSLATED_TARGET_ARCH} = "A GNU collection of binary utilities"
LICENSE:gcc-cross-canadian-${TRANSLATED_TARGET_ARCH} = "${EAT_GCC_LICENSE}"
LICENSE:gdb-cross-canadian-${TRANSLATED_TARGET_ARCH} = "${EAT_GDB_LICENSE}"
LICENSE:binutils-cross-canadian-${TRANSLATED_TARGET_ARCH} = "${EAT_BFD_LICENSE}"
PKGV:gcc-cross-canadian-${TRANSLATED_TARGET_ARCH} = "${EAT_VER_GCC}"
PKGV:gdb-cross-canadian-${TRANSLATED_TARGET_ARCH} = "${EAT_VER_GDB}"
PKGV:binutils-cross-canadian-${TRANSLATED_TARGET_ARCH} = "${EAT_VER_BFD}"
do_install() {
install -d ${D}${prefix}/${EAT_TARGET_SYS}/bin
install -d ${D}${prefix}/${EAT_TARGET_SYS}/lib
install -d ${D}${prefix}/${EAT_TARGET_SYS}/include
install -d ${D}${bindir}
install -d ${D}${libdir}
install -d ${D}${prefix}/${EAT_TARGET_SYS}/lib/ldscripts
install -d ${D}${libexecdir}
install -d ${D}${datadir}/gdb
install -d ${D}${gcclibdir}/${EAT_TARGET_SYS}/${EAT_VER_GCC}/include
CP_ARGS="-Prf --preserve=mode,timestamps --no-preserve=ownership"
# gcc
for i in libstdc++.* libgcc_s.* libsupc++.*; do
cp ${CP_ARGS} ${EXTERNAL_TOOLCHAIN}/${EAT_TARGET_SYS}/${EAT_LIBDIR}/$i ${D}${prefix}/${EAT_TARGET_SYS}/lib
done
cp ${CP_ARGS} ${EXTERNAL_TOOLCHAIN}/${EAT_TARGET_SYS}/include/* ${D}${prefix}/${EAT_TARGET_SYS}/include
cp ${CP_ARGS} ${EXTERNAL_TOOLCHAIN}/lib/gcc/${EAT_TARGET_SYS}/${EAT_VER_GCC}/* ${D}${gcclibdir}/${EAT_TARGET_SYS}/${EAT_VER_GCC}
for i in gcov gcc* g++ cpp; do
cp ${CP_ARGS} ${EXTERNAL_TOOLCHAIN}/bin/${TARGET_PREFIX}$i ${D}${bindir}
done
cp ${CP_ARGS} ${EXTERNAL_TOOLCHAIN}/libexec/* ${D}${libexecdir}
# gdb
cp ${CP_ARGS} ${EXTERNAL_TOOLCHAIN}/bin/${TARGET_PREFIX}gdb* ${D}${bindir}
cp ${CP_ARGS} ${EXTERNAL_TOOLCHAIN}/share/gdb/* ${D}${datadir}/gdb/
# binutils
for i in ld* objcopy strip nm ranlib as ar objdump; do
cp ${CP_ARGS} ${EXTERNAL_TOOLCHAIN}/${EAT_TARGET_SYS}/bin/$i ${D}${prefix}/${EAT_TARGET_SYS}/bin
done
cp ${CP_ARGS} ${EXTERNAL_TOOLCHAIN}/${EAT_TARGET_SYS}/lib/ldscripts/* ${D}${prefix}/${EAT_TARGET_SYS}/lib/ldscripts
for i in ld* addr2line objcopy readelf strip nm ranlib gprof as c++filt ar strings objdump size; do
cp ${CP_ARGS} ${EXTERNAL_TOOLCHAIN}/bin/${TARGET_PREFIX}$i ${D}${bindir}
done
}
python () {
if not d.getVar("EAT_VER_MAIN", False):
raise bb.parse.SkipPackage("External ARM toolchain not configured (EAT_VER_MAIN not set).")
if d.getVar('TCLIBC', True) != "glibc":
raise bb.parse.SkipPackage("incompatible with %s" % d.getVar('TCLIBC', True))
}
@@ -1,685 +0,0 @@
require recipes-core/glibc/glibc-package.inc
require license.inc
INHIBIT_DEFAULT_DEPS = "1"
LIC_FILES_CHKSUM = "\
file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302 \
file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420 \
"
PROVIDES += "\
linux-libc-headers \
virtual/${TARGET_PREFIX}gcc \
virtual/${TARGET_PREFIX}g++ \
virtual/${TARGET_PREFIX}gcc-initial \
virtual/${TARGET_PREFIX}binutils \
virtual/${TARGET_PREFIX}libc-for-gcc \
virtual/${TARGET_PREFIX}compilerlibs \
virtual/libc \
virtual/libintl \
virtual/libiconv \
virtual/crypt \
glibc-mtrace \
glibc-thread-db \
glibc \
libc-mtrace \
gcc-runtime \
libgcc \
libg2c \
libg2c-dev \
libssp \
libssp-dev \
libssp-staticdev \
libgfortran \
libgfortran-dev \
libgfortran-staticdev \
libmudflap \
libmudflap-dev \
libgomp \
libgomp-dev \
libgomp-staticdev \
libitm \
libitm-dev \
libitm-staticdev \
libquadmath \
libquadmath-dev \
libquadmath-staticdev \
virtual/linux-libc-headers \
libgcov-staticdev \
virtual/libc-locale \
"
PV = "${EAT_VER_MAIN}"
BINV = "${EAT_VER_GCC}"
SRC_URI = "file://SUPPORTED"
S = "${WORKDIR}/sources"
UNPACKDIR = "${S}"
do_install() {
# do_copy_locale expects SUPPORTED to be in WORKDIR, but recent
# changes have made it so that the source/unpack location is no
# longer WORKDIR and cannot be pointed to be such. So, do this
# copy manually here
install -m 0644 ${UNPACKDIR}/SUPPORTED ${WORKDIR}/SUPPORTED
# Add stubs for files OE-core expects
install -d ${S}/nscd/
touch ${S}/nscd/nscd.init
touch ${S}/nscd/nscd.conf
touch ${S}/nscd/nscd.service
touch ${S}/../makedbs.sh
install -d ${D}${base_libdir}
install -d ${D}${base_sbindir}
install -d ${D}${bindir}
install -d ${D}${sbindir}
install -d ${D}${libdir}
install -d ${D}${libexecdir}
install -d ${D}${datadir}
install -d ${D}${includedir}
install -d ${D}/include
install -d ${D}${libdir}/${TARGET_SYS}/${EAT_VER_GCC}
install -d ${D}${libdir}/gcc/${TARGET_SYS}/${EAT_VER_GCC}/include
CP_ARGS="-Prf --preserve=mode,timestamps --no-preserve=ownership"
cp ${CP_ARGS} ${EXTERNAL_TOOLCHAIN}/${EAT_TARGET_SYS}/${EAT_LIBDIR}/* ${D}${base_libdir}
cp ${CP_ARGS} ${EXTERNAL_TOOLCHAIN}/${EAT_TARGET_SYS}/libc/${EAT_LIBDIR}/* ${D}${base_libdir}
cp ${CP_ARGS} ${EXTERNAL_TOOLCHAIN}/${EAT_TARGET_SYS}/libc/usr/${EAT_LIBDIR}/* ${D}${libdir}
cp ${CP_ARGS} ${EXTERNAL_TOOLCHAIN}/${EAT_TARGET_SYS}/libc/usr/share/* ${D}${datadir}
cp ${CP_ARGS} ${EXTERNAL_TOOLCHAIN}/${EAT_TARGET_SYS}/libc/usr/include/* ${D}${includedir}
cp ${CP_ARGS} ${EXTERNAL_TOOLCHAIN}/${EAT_TARGET_SYS}/include/* ${D}${includedir}
if [ -d ${D}${includedir}/c++/${EAT_VER_GCC}/${EAT_TARGET_SYS} ]; then
mv ${D}${includedir}/c++/${EAT_VER_GCC}/${EAT_TARGET_SYS} ${D}${includedir}/c++/${EAT_VER_GCC}/${TARGET_SYS}
fi
ln -sf ../usr/include/c++ ${D}/include/c++
cp ${CP_ARGS} ${EXTERNAL_TOOLCHAIN}/${EAT_TARGET_SYS}/libc/usr/bin/* ${D}${bindir}
cp ${CP_ARGS} ${EXTERNAL_TOOLCHAIN}/${EAT_TARGET_SYS}/libc/usr/sbin/* ${D}${sbindir}
cp ${CP_ARGS} ${EXTERNAL_TOOLCHAIN}/${EAT_TARGET_SYS}/libc/sbin/* ${D}${base_sbindir}
rm -rf ${D}${bindir}/gdbserver
sed -i -e 's#/arm/tools/gnu/bash/4.2/rhe6-x86_64##' ${D}${bindir}/tzselect
sed -i -e 's#/arm/tools/gnu/bash/4.2/rhe6-x86_64##' ${D}${bindir}/ldd
sed -i -e 's#/usr/bin/bash#/bin/sh#' ${D}${bindir}/tzselect
sed -i -e 's#/usr/bin/bash#/bin/sh#' ${D}${bindir}/ldd
sed -i -e 's#/bin/bash#/bin/sh#' ${D}${bindir}/tzselect
sed -i -e 's#/bin/bash#/bin/sh#' ${D}${bindir}/ldd
cp ${CP_ARGS} ${EXTERNAL_TOOLCHAIN}/lib/gcc/${EAT_TARGET_SYS}/${EAT_VER_GCC}/crt*.o ${D}${libdir}/${TARGET_SYS}/${EAT_VER_GCC}/
cp ${CP_ARGS} ${EXTERNAL_TOOLCHAIN}/lib/gcc/${EAT_TARGET_SYS}/${EAT_VER_GCC}/libgcc* ${D}${libdir}/${TARGET_SYS}/${EAT_VER_GCC}/
cp ${CP_ARGS} ${EXTERNAL_TOOLCHAIN}/lib/gcc/${EAT_TARGET_SYS}/${EAT_VER_GCC}/libgcov* ${D}${libdir}/gcc/${TARGET_SYS}/${EAT_VER_GCC}/
cp ${CP_ARGS} ${EXTERNAL_TOOLCHAIN}/lib/gcc/${EAT_TARGET_SYS}/${EAT_VER_GCC}/include/ssp ${D}${libdir}/gcc/${TARGET_SYS}/${EAT_VER_GCC}/include || true
cp ${CP_ARGS} ${EXTERNAL_TOOLCHAIN}/lib/gcc/${EAT_TARGET_SYS}/${EAT_VER_GCC}/include/sanitizers ${D}${libdir}/gcc/${TARGET_SYS}/${EAT_VER_GCC}/include || true
cp ${CP_ARGS} ${EXTERNAL_TOOLCHAIN}/lib/gcc/${EAT_TARGET_SYS}/${EAT_VER_GCC}/include/quadmath* ${D}${libdir}/gcc/${TARGET_SYS}/${EAT_VER_GCC}/include || true
cp ${CP_ARGS} ${EXTERNAL_TOOLCHAIN}/lib/gcc/${EAT_TARGET_SYS}/${EAT_VER_GCC}/include/omp.h ${D}${libdir}/gcc/${TARGET_SYS}/${EAT_VER_GCC}/include || true
cp ${CP_ARGS} ${EXTERNAL_TOOLCHAIN}/lib/gcc/${EAT_TARGET_SYS}/${EAT_VER_GCC}/include/openacc.h ${D}${libdir}/gcc/${TARGET_SYS}/${EAT_VER_GCC}/include || true
cp ${CP_ARGS} ${EXTERNAL_TOOLCHAIN}/lib/gcc/${EAT_TARGET_SYS}/${EAT_VER_GCC}/finclude ${D}${libdir}/gcc/${TARGET_SYS}/${EAT_VER_GCC}/
# fix up the copied symlinks (they are still pointing to the multiarch directory)
linker_name="${@bb.utils.contains("TUNE_FEATURES", "aarch64", "ld-linux-aarch64.so.1", bb.utils.contains("TUNE_FEATURES", "callconvention-hard", "ld-linux-armhf.so.3", "ld-linux.so.3",d), d)}"
if [ -f ${EXTERNAL_TOOLCHAIN}/${EAT_TARGET_SYS}/libc/${EAT_LIBDIR}/ld-${EAT_VER_LIBC}.so ]; then
ln -sf ld-${EAT_VER_LIBC}.so ${D}${base_libdir}/${linker_name}
else
cp ${CP_ARGS} ${EXTERNAL_TOOLCHAIN}/${EAT_TARGET_SYS}/libc/lib/${linker_name} ${D}${base_libdir}/
fi
ln -sf ../../lib/librt.so.1 ${D}${libdir}/librt.so
ln -sf ../../lib/libcrypt.so.1 ${D}${libdir}/libcrypt.so
ln -sf ../../lib/libresolv.so.2 ${D}${libdir}/libresolv.so
ln -sf ../../lib/libnss_hesiod.so.2 ${D}${libdir}/libnss_hesiod.so
ln -sf ../../lib/libutil.so.1 ${D}${libdir}/libutil.so
ln -sf ../../lib/libBrokenLocale.so.1 ${D}${libdir}/libBrokenLocale.so
ln -sf ../../lib/libpthread.so.0 ${D}${libdir}/libpthread.so
ln -sf ../../lib/libthread_db.so.1 ${D}${libdir}/libthread_db.so
ln -sf ../../lib/libanl.so.1 ${D}${libdir}/libanl.so
ln -sf ../../lib/libdl.so.2 ${D}${libdir}/libdl.so
ln -sf ../../lib/libnss_db.so.2 ${D}${libdir}/libnss_db.so
ln -sf ../../lib/libnss_dns.so.2 ${D}${libdir}/libnss_dns.so
ln -sf ../../lib/libnss_files.so.2 ${D}${libdir}/libnss_files.so
ln -sf ../../lib/libnss_compat.so.2 ${D}${libdir}/libnss_compat.so
ln -sf ../../lib/libm.so.6 ${D}${libdir}/libm.so
ln -sf ../../lib/libc_malloc_debug.so.0 ${D}${libdir}/libc_malloc_debug.so
# remove potential .so duplicates from base_libdir
# for all symlinks created above in libdir
rm -f ${D}${base_libdir}/librt.so
rm -f ${D}${base_libdir}/libcrypt.so
rm -f ${D}${base_libdir}/libresolv.so
rm -f ${D}${base_libdir}/libnss_hesiod.so
rm -f ${D}${base_libdir}/libutil.so
rm -f ${D}${base_libdir}/libBrokenLocale.so
rm -f ${D}${base_libdir}/libpthread.so
rm -f ${D}${base_libdir}/libthread_db.so
rm -f ${D}${base_libdir}/libanl.so
rm -f ${D}${base_libdir}/libdl.so
rm -f ${D}${base_libdir}/libnss_db.so
rm -f ${D}${base_libdir}/libnss_dns.so
rm -f ${D}${base_libdir}/libnss_files.so
rm -f ${D}${base_libdir}/libnss_compat.so
rm -f ${D}${base_libdir}/libm.so
# Move these completely to ${libdir} and delete duplicates in ${base_libdir}
for lib in asan hwasan atomic gfortran gomp itm lsan sanitizer stdc++ tsan ubsan; do
if [ -e ${D}${base_libdir}/lib${lib}.spec ] ; then
mv ${D}${base_libdir}/lib${lib}.spec ${D}${libdir}
fi
if [ -e ${D}${base_libdir}/lib${lib}.a ] ; then
mv ${D}${base_libdir}/lib${lib}.a ${D}${libdir}
fi
rm -f ${D}${base_libdir}/lib${lib}*
done
# Clean up duplicate libs that are both in base_libdir and libdir
rm -f ${D}${libdir}/libgcc*
# Besides ld-${EAT_VER_LIBC}.so, other libs can have duplicates like lib*-${EAT_VER_LIBC}.so
# Only remove them if both are regular files and are identical
for i in ${D}${base_libdir}/lib*-${EAT_VER_LIBC}.so; do
if [ ! -e $i ] ; then
continue
fi
f=$(echo $i | sed 's/-${EAT_VER_LIBC}//')
l=$(ls $f.*)
if [ $(readlink -f $i ) = $l ]; then
echo "$i is a symlink of $l, keep it"
elif [ $(readlink -f $l ) = $i ]; then
echo "$l is a symlink of $i, keep it"
else
cmp -s $i $l
if [ $? -eq 0 ]; then
echo "$i is a duplicate of $l, remove it"
rm $i
else
echo "$i and $l are different files, keep them both"
fi
fi
done
if [ -d ${D}${base_libdir}/arm-linux-gnueabi ]; then
rm -rf ${D}${base_libdir}/arm-linux-gnueabi
fi
if [ -d ${D}${base_libdir}/ldscripts ]; then
rm -rf ${D}${base_libdir}/ldscripts
fi
# Provided by libnsl2
rm -rf ${D}${includedir}/rpcsvc/yppasswd.*
# Provided by quota
rm -rf ${D}${includedir}/rpcsvc/rquota.*
if [ -f ${D}${libdir}/libc.so ];then
sed -i -e "s# /${EAT_LIBDIR}/${EAT_TARGET_SYS}# ../../${EAT_LIBDIR}#g" -e "s# /usr/${EAT_LIBDIR}/# /usr/lib/#g" -e "s# /usr/${EAT_LIBDIR}/${EAT_TARGET_SYS}# .#g" -e "s# /${EAT_LIBDIR}/ld-linux# ../../${EAT_LIBDIR}/ld-linux#g" ${D}${libdir}/libc.so
sed -i -e "s# /${EAT_LIBDIR}/libc.so.6# /lib/libc.so.6#g" ${D}${libdir}/libc.so
sed -i -e "s# /lib# ../../lib#g" -e "s# /usr/lib# .#g" ${D}${libdir}/libc.so
fi
if [ -f ${D}${base_libdir}/libc.so ];then
sed -i -e "s# /${EAT_LIBDIR}/${EAT_TARGET_SYS}# ../../lib#g" -e "s# /usr/${EAT_LIBDIR}/${EAT_TARGET_SYS}# .#g" -e "s# /${EAT_LIBDIR}/# /lib/#g" ${D}${base_libdir}/libc.so
if [ -f ${D}${base_libdir}/libc.so.6 ]; then
sed -i -e "s# /usr/${EAT_LIBDIR}/libc.so.6# /lib/libc.so.6#g" -e "s# /${EAT_LIBDIR}/libc.so.6# /lib/libc.so.6#g" ${D}${base_libdir}/libc.so.6
fi
fi
# Remove if empty
rmdir ${D}${bindir} || true
rmdir ${D}${sbindir} || true
rmdir ${D}${base_sbindir} || true
rmdir ${D}${libexecdir} || true
# Remove unused /usr/share/info/dir
rm -f ${D}${infodir}/dir
}
# External toolchain doesn't provide multilib support so make corresponding
# install API as an empty API to avoid an unnecessary errors.
oe_multilib_header () {
return
}
PACKAGES_DYNAMIC = "^locale-base-.* \
^glibc-gconv-.* ^glibc-charmap-.* ^glibc-localedata-.* ^glibc-binary-localedata-.* \
^${MLPREFIX}glibc-gconv$"
# PACKAGES is split up according to the 'source' recipes/includes in OE-core
# Stylistic differences are kept to make copy/pasting easier.
# From gcc-runtime.inc
PACKAGES += "\
gcc-runtime-dbg \
libstdc++ \
libstdc++-precompile-dev \
libstdc++-dev \
libstdc++-staticdev \
libg2c \
libg2c-dev \
libssp \
libssp-dev \
libssp-staticdev \
libmudflap \
libmudflap-dev \
libmudflap-staticdev \
libquadmath \
libquadmath-dev \
libquadmath-staticdev \
libgomp \
libgomp-dev \
libgomp-staticdev \
libatomic \
libatomic-dev \
libatomic-staticdev \
libitm \
libitm-dev \
libitm-staticdev \
"
# From gcc-sanitizers.inc
PACKAGES += "gcc-sanitizers gcc-sanitizers-dbg"
PACKAGES += "libasan libubsan liblsan libtsan"
PACKAGES += "libasan-dev libubsan-dev liblsan-dev libtsan-dev"
PACKAGES += "libasan-staticdev libubsan-staticdev liblsan-staticdev libtsan-staticdev"
# From libgfortran.inc:
PACKAGES += "\
libgfortran-dbg \
libgfortran \
libgfortran-dev \
libgfortran-staticdev \
"
# libgcc.inc uses ${PN}, so replace that
PACKAGES += "\
libgcc \
libgcc-dev \
libgcc-dbg \
"
# ... and the leftovers
PACKAGES =+ "\
${PN}-mtrace \
libgcov-staticdev \
linux-libc-headers \
linux-libc-headers-dev \
"
# Re-order PACKAGES list in order to shift ${PN}-dev towards the end as
# it is meant to pick up remaining dev libraries and headers that aren't
# picked up by other packages. And since some static libraries needs to
# be packaged in ${PN}-dev, so we need to keep ${PN}-staticdev later in
# order.
PACKAGES := "${@oe.utils.str_filter_out('${PN}-dev', '${PACKAGES}', d)}"
PACKAGES := "${@oe.utils.str_filter_out('${PN}-staticdev', '${PACKAGES}', d)}"
PACKAGES += "\
${PN}-dev \
${PN}-staticdev \
"
INSANE_SKIP += " 32bit-time"
INSANE_SKIP:${PN}-dbg = "staticdev"
INSANE_SKIP:${PN}-utils += "ldflags"
INSANE_SKIP:libstdc++ += "ldflags"
INSANE_SKIP:libgfortran += "ldflags"
INSANE_SKIP:libgcc += "ldflags dev-deps"
INSANE_SKIP:libgcc-dev += "staticdev"
INSANE_SKIP:libgfortran += "ldflags dev-deps"
INSANE_SKIP:libstdc++ += "ldflags dev-deps"
INSANE_SKIP:libatomic += "ldflags"
INSANE_SKIP:libasan += "ldflags"
INSANE_SKIP:libubsan += "ldflags"
INSANE_SKIP:libssp += "ldflags"
INSANE_SKIP:libgomp += "ldflags"
INSANE_SKIP:libitm += "ldflags"
INSANE_SKIP:gdbserver += "ldflags"
# OE-core has literally listed 'glibc' in LIBC_DEPENDENCIES :/
RPROVIDES:${PN} = "glibc rtld(GNU_HASH)"
# Add runtime provides for the other libc* packages as well
RPROVIDES:${PN}-dev = "glibc-dev"
RPROVIDES:${PN}-doc = "glibc-doc"
RPROVIDES:${PN}-dbg = "glibc-dbg"
RPROVIDES:${PN}-pic = "glibc-pic"
RPROVIDES:${PN}-utils = "glibc-utils"
RPROVIDES:${PN}-mtrace = "glibc-mtrace libc-mtrace"
PKG:${PN} = "glibc"
PKG:${PN}-dev = "glibc-dev"
PKG:${PN}-doc = "glibc-doc"
PKG:${PN}-dbg = "glibc-dbg"
PKG:${PN}-pic = "glibc-pic"
PKG:${PN}-utils = "glibc-utils"
PKG:${PN}-mtrace = "glibc-mtrace"
PKG:${PN}-gconv = "glibc-gconv"
PKG:${PN}-extra-nss = "glibc-extra-nss"
PKG:${PN}-thread-db = "glibc-thread-db"
PKG:${PN}-pcprofile = "glibc-pcprofile"
PKG:${PN}-staticdev = "glibc-staticdev"
PKGV = "${EAT_VER_LIBC}"
PKGV:${PN} = "${EAT_VER_LIBC}"
PKGV:${PN}-dev = "${EAT_VER_LIBC}"
PKGV:${PN}-doc = "${EAT_VER_LIBC}"
PKGV:${PN}-dbg = "${EAT_VER_LIBC}"
PKGV:${PN}-pic = "${EAT_VER_LIBC}"
PKGV:${PN}-utils = "${EAT_VER_LIBC}"
PKGV:${PN}-mtrace = "${EAT_VER_LIBC}"
PKGV:${PN}-gconv = "${EAT_VER_LIBC}"
PKGV:${PN}-extra-nss = "${EAT_VER_LIBC}"
PKGV:${PN}-thread-db = "${EAT_VER_LIBC}"
PKGV:${PN}-pcprofile = "${EAT_VER_LIBC}"
PKGV:${PN}-staticdev = "${EAT_VER_LIBC}"
PKGV:catchsegv = "${EAT_VER_LIBC}"
PKGV:glibc-extra-nss = "${EAT_VER_LIBC}"
PKGV:glibc-thread-db = "${EAT_VER_LIBC}"
PKGV:libmemusage = "${EAT_VER_LIBC}"
PKGV:libsegfault = "${EAT_VER_LIBC}"
PKGV:libsotruss = "${EAT_VER_LIBC}"
PKGV:sln = "${EAT_VER_LIBC}"
PKGV:nscd = "${EAT_VER_LIBC}"
PKGV:ldd = "${EAT_VER_LIBC}"
PKGV:libasan-dev = "${EAT_VER_GCC}"
PKGV:libasan = "${EAT_VER_GCC}"
PKGV:libasan-staticdev = "${EAT_VER_GCC}"
PKGV:libatomic-dev = "${EAT_VER_GCC}"
PKGV:libatomic = "${EAT_VER_GCC}"
PKGV:libatomic-staticdev = "${EAT_VER_GCC}"
PKGV:libg2c-dev = "${EAT_VER_GCC}"
PKGV:libg2c = "${EAT_VER_GCC}"
PKGV:libgcc-dev = "${EAT_VER_GCC}"
PKGV:libgcc = "${EAT_VER_GCC}"
PKGV:libgfortran-dbg = "${EAT_VER_GCC}"
PKGV:libgfortran-dev = "${EAT_VER_GCC}"
PKGV:libgfortran = "${EAT_VER_GCC}"
PKGV:libgfortran-staticdev = "${EAT_VER_GCC}"
PKGV:libgomp-dev = "${EAT_VER_GCC}"
PKGV:libgomp = "${EAT_VER_GCC}"
PKGV:libgomp-staticdev = "${EAT_VER_GCC}"
PKGV:libitm-dev = "${EAT_VER_GCC}"
PKGV:libitm = "${EAT_VER_GCC}"
PKGV:libitm-staticdev = "${EAT_VER_GCC}"
PKGV:liblsan-dev = "${EAT_VER_GCC}"
PKGV:liblsan = "${EAT_VER_GCC}"
PKGV:liblsan-staticdev = "${EAT_VER_GCC}"
PKGV:libmudflap-dev = "${EAT_VER_GCC}"
PKGV:libmudflap = "${EAT_VER_GCC}"
PKGV:libmudflap-staticdev = "${EAT_VER_GCC}"
PKGV:libquadmath-dev = "${EAT_VER_GCC}"
PKGV:libquadmath = "${EAT_VER_GCC}"
PKGV:libquadmath-staticdev = "${EAT_VER_GCC}"
PKGV:libssp-dev = "${EAT_VER_GCC}"
PKGV:libssp = "${EAT_VER_GCC}"
PKGV:libssp-staticdev = "${EAT_VER_GCC}"
PKGV:libstdc++-dbg = "${EAT_VER_GCC}"
PKGV:libstdc++-dev = "${EAT_VER_GCC}"
PKGV:libstdc++ = "${EAT_VER_GCC}"
PKGV:libstdc++-precompile-dev = "${EAT_VER_GCC}"
PKGV:libstdc++-staticdev = "${EAT_VER_GCC}"
PKGV:libtsan-dev = "${EAT_VER_GCC}"
PKGV:libtsan = "${EAT_VER_GCC}"
PKGV:libtsan-staticdev = "${EAT_VER_GCC}"
PKGV:libubsan-dev = "${EAT_VER_GCC}"
PKGV:libubsan = "${EAT_VER_GCC}"
PKGV:libubsan-staticdev = "${EAT_VER_GCC}"
PKGV:linux-libc-headers-dev = "${EAT_VER_KERNEL}"
PKGV:linux-libc-headers = "${EAT_VER_KERNEL}"
PKGV:gdbserver = "${EAT_VER_GDBSERVER}"
ALLOW_EMPTY:${PN}-mtrace = "1"
FILES:${PN}-mtrace = "${bindir}/mtrace"
FILES:libgcov-staticdev = "${libdir}/gcc/${TARGET_SYS}/${BINV}/libgcov.a"
FILES:libsegfault = "${base_libdir}/libSegFault*"
FILES:catchsegv = "${bindir}/catchsegv"
RDEPENDS:catchsegv = "libsegfault"
# From libgfortran.inc:
FILES:libgfortran = "${libdir}/libgfortran.so.*"
FILES:libgfortran-dev = "\
${libdir}/libgfortran*.so \
${libdir}/libgfortran.spec \
${libdir}/libgfortran.la \
${libdir}/gcc/${TARGET_SYS}/${BINV}/libgfortranbegin.* \
${libdir}/gcc/${TARGET_SYS}/${BINV}/libcaf_single* \
${libdir}/gcc/${TARGET_SYS}/${BINV}/finclude/ \
"
FILES:libgfortran-staticdev = "${libdir}/libgfortran.a"
# From gcc-sanitizers.inc:
FILES:libasan += "${libdir}/libasan.so.* ${libdir}/libhwasan.so.*"
FILES:libasan-dev += "\
${libdir}/libasan_preinit.o \
${libdir}/libasan.so \
${libdir}/libhwasan.so \
${libdir}/libasan.la \
"
FILES:libasan-staticdev += "${libdir}/libasan.a \
${libdir}/libhwasan.a \
"
FILES:libubsan += "${libdir}/libubsan.so.*"
FILES:libubsan-dev += "\
${libdir}/libubsan.so \
${libdir}/libubsan.la \
"
FILES:libubsan-staticdev += "${libdir}/libubsan.a"
FILES:liblsan += "${libdir}/liblsan.so.*"
FILES:liblsan-dev += "\
${libdir}/liblsan.so \
${libdir}/liblsan.la \
${libdir}/liblsan_preinit.o \
"
FILES:liblsan-staticdev += "${libdir}/liblsan.a"
FILES:libtsan += "${libdir}/libtsan.so.*"
FILES:libtsan-dev += "\
${libdir}/libtsan.so \
${libdir}/libtsan.la \
${libdir}/libtsan_*.o \
"
FILES:libtsan-staticdev += "${libdir}/libtsan.a"
FILES:gcc-sanitizers = "${libdir}/*.spec ${libdir}/gcc/${TARGET_SYS}/${BINV}/include/sanitizer/*.h"
# From libgcc.inc:
FILES:libgcc = "${base_libdir}/libgcc_s.so.1"
FILES:libgcc-dev = "\
${base_libdir}/libgcc*.so \
${@oe.utils.conditional('BASETARGET_SYS', '${TARGET_SYS}', '', '${libdir}/${BASETARGET_SYS}', d)} \
${libdir}/${TARGET_SYS}/${BINV}* \
${libdir}/${TARGET_ARCH}${TARGET_VENDOR}* \
"
FILES:linux-libc-headers = ""
FILES:linux-libc-headers-dev = "\
${includedir}/asm* \
${includedir}/linux \
${includedir}/mtd \
${includedir}/rdma \
${includedir}/scsi \
${includedir}/sound \
${includedir}/video \
"
FILES:${PN} += "\
${libdir}/bin \
${libdir}/locale \
${libdir}/gconv/gconv-modules \
${datadir}/zoneinfo \
${base_libdir}/libcrypt*.so.* \
${base_libdir}/libcrypt-*.so \
${base_libdir}/libc.so.* \
${base_libdir}/libc-*.so \
${base_libdir}/libm.so.* \
${base_libdir}/libmemusage.so \
${base_libdir}/libm-*.so \
${base_libdir}/ld*.so.* \
${base_libdir}/ld-*.so \
${base_libdir}/libpthread*.so.* \
${base_libdir}/libpthread*.so \
${base_libdir}/libpthread-*.so \
${base_libdir}/libresolv*.so.* \
${base_libdir}/libresolv-*.so \
${base_libdir}/librt*.so.* \
${base_libdir}/librt-*.so \
${base_libdir}/libutil*.so.* \
${base_libdir}/libutil-*.so \
${base_libdir}/libnss_files*.so.* \
${base_libdir}/libnss_files-*.so \
${base_libdir}/libnss_compat*.so.* \
${base_libdir}/libnss_compat-*.so \
${base_libdir}/libnss_dns*.so.* \
${base_libdir}/libnss_dns-*.so \
${base_libdir}/libnss_nis*.so.* \
${base_libdir}/libnss_nisplus-*.so \
${base_libdir}/libnss_nisplus*.so.* \
${base_libdir}/libnss_nis-*.so \
${base_libdir}/libnss_hesiod*.so.* \
${base_libdir}/libnss_hesiod-*.so \
${base_libdir}/libdl*.so.* \
${base_libdir}/libdl-*.so \
${base_libdir}/libanl*.so.* \
${base_libdir}/libanl-*.so \
${base_libdir}/libBrokenLocale*.so.* \
${base_libdir}/libBrokenLocale-*.so \
${base_libdir}/libthread_db*.so.* \
${base_libdir}/libthread_db-*.so \
${base_libdir}/libmemusage.so \
${base_libdir}/libSegFault.so \
${base_libdir}/libpcprofile.so \
"
FILES:${PN}-dbg += "${base_libdir}/debug"
# From gcc-runtime.inc
# include python debugging scripts
FILES:gcc-runtime-dbg += "\
${libdir}/libstdc++.so.*-gdb.py \
${datadir}/gcc-${BINV}/python/libstdcxx \
"
FILES:libg2c = "${target_libdir}/libg2c.so.*"
SUMMARY:libg2c = "Companion runtime library for g77"
FILES:libg2c-dev = "\
${libdir}/libg2c.so \
${libdir}/libg2c.a \
${libdir}/libfrtbegin.a \
"
SUMMARY:libg2c-dev = "Companion runtime library for g77 - development files"
FILES:libstdc++ = "${libdir}/libstdc++.so.*"
SUMMARY:libstdc++ = "GNU standard C++ library"
FILES:libstdc++-dev = "\
/include/c++ \
${includedir}/c++/ \
${libdir}/libstdc++.so \
${libdir}/libstdc++*.la \
${libdir}/libsupc++.la \
"
SUMMARY:libstdc++-dev = "GNU standard C++ library - development files"
FILES:libstdc++-staticdev = "\
${libdir}/libstdc++*.a \
${libdir}/libsupc++.a \
"
SUMMARY:libstdc++-staticdev = "GNU standard C++ library - static development files"
FILES:libstdc++-precompile-dev = "${includedir}/c++/${TARGET_SYS}/bits/*.gch"
SUMMARY:libstdc++-precompile-dev = "GNU standard C++ library - precompiled header files"
FILES:libssp = "${libdir}/libssp.so.*"
SUMMARY:libssp = "GNU stack smashing protection library"
FILES:libssp-dev = "\
${libdir}/libssp*.so \
${libdir}/libssp*_nonshared.a \
${libdir}/libssp*.la \
${libdir}/gcc/${TARGET_SYS}/${BINV}/include/ssp \
"
SUMMARY:libssp-dev = "GNU stack smashing protection library - development files"
FILES:libssp-staticdev = "${libdir}/libssp*.a"
SUMMARY:libssp-staticdev = "GNU stack smashing protection library - static development files"
FILES:libquadmath = "${libdir}/libquadmath*.so.*"
SUMMARY:libquadmath = "GNU quad-precision math library"
FILES:libquadmath-dev = "\
${libdir}/gcc/${TARGET_SYS}/${BINV}/include/quadmath* \
${libdir}/libquadmath*.so \
${libdir}/libquadmath.la \
"
SUMMARY:libquadmath-dev = "GNU quad-precision math library - development files"
FILES:libquadmath-staticdev = "${libdir}/libquadmath.a"
SUMMARY:libquadmath-staticdev = "GNU quad-precision math library - static development files"
# NOTE: mudflap has been removed as of gcc 4.9 and has been superseded by the address sanitiser
FILES:libmudflap = "${libdir}/libmudflap*.so.*"
SUMMARY:libmudflap = "Pointer debugging library for gcc"
FILES:libmudflap-dev = "\
${libdir}/libmudflap*.so \
${libdir}/libmudflap.la \
"
SUMMARY:libmudflap-dev = "Pointer debugging library for gcc - development files"
FILES:libmudflap-staticdev = "${libdir}/libmudflap.a"
SUMMARY:libmudflap-staticdev = "Pointer debugging library for gcc - static development files"
FILES:libgomp = "${libdir}/libgomp*${SOLIBS}"
SUMMARY:libgomp = "GNU OpenMP parallel programming library"
FILES:libgomp-dev = "\
${libdir}/libgomp*${SOLIBSDEV} \
${libdir}/libgomp*.la \
${libdir}/libgomp.spec \
${libdir}/gcc/${TARGET_SYS}/${BINV}/include/omp.h \
${libdir}/gcc/${TARGET_SYS}/${BINV}/include/openacc.h \
"
SUMMARY:libgomp-dev = "GNU OpenMP parallel programming library - development files"
FILES:libgomp-staticdev = "${libdir}/libgomp*.a"
SUMMARY:libgomp-staticdev = "GNU OpenMP parallel programming library - static development files"
FILES:libatomic = "${libdir}/libatomic.so.*"
SUMMARY:libatomic = "GNU C++11 atomics support library"
FILES:libatomic-dev = "\
${libdir}/libatomic.so \
${libdir}/libatomic.la \
"
SUMMARY:libatomic-dev = "GNU C++11 atomics support library - development files"
FILES:libatomic-staticdev = "${libdir}/libatomic.a"
SUMMARY:libatomic-staticdev = "GNU C++11 atomics support library - static development files"
FILES:libitm = "${libdir}/libitm.so.*"
SUMMARY:libitm = "GNU transactional memory support library"
FILES:libitm-dev = "\
${libdir}/libitm.so \
${libdir}/libitm.la \
${libdir}/libitm.spec \
"
SUMMARY:libitm-dev = "GNU transactional memory support library - development files"
FILES:libitm-staticdev = "${libdir}/libitm.a"
SUMMARY:libitm-staticdev = "GNU transactional memory support library - static development files"
EAT_VER_MAIN ??= ""
python () {
if not d.getVar("EAT_VER_MAIN", False):
raise bb.parse.SkipPackage("External ARM toolchain not configured (EAT_VER_MAIN not set).")
if d.getVar('TCLIBC', True) != "glibc":
raise bb.parse.SkipPackage("incompatible with %s" % d.getVar('TCLIBC', True))
}
@@ -1,79 +0,0 @@
LICENSE = "GPL-3.0-with-GCC-exception & GPL-3.0-only & GPL-2.0-only & LGPL-3.0-only & LGPL-2.1-only & LGPL-2.0-only"
EAT_BFD_LICENSE = "GPL-3.0-only"
EAT_GCC_LICENSE = "GPL-3.0-with-GCC-exception & GPL-3.0-only"
EAT_GDB_LICENSE = "GPL-3.0-only"
EAT_LIBC_LICENSE = "GPL-2.0-only & LGPL-2.1-only"
EAT_RLE_LICENSE = "GPL-3.0-with-GCC-exception"
LICENSE:${PN} = "${EAT_LIBC_LICENSE}"
LICENSE:${PN}-dev = "${EAT_LIBC_LICENSE}"
LICENSE:${PN}-doc = "${EAT_LIBC_LICENSE}"
LICENSE:${PN}-dbg = "${EAT_LIBC_LICENSE}"
LICENSE:${PN}-pic = "${EAT_LIBC_LICENSE}"
LICENSE:${PN}-utils = "${EAT_LIBC_LICENSE}"
LICENSE:${PN}-mtrace = "${EAT_LIBC_LICENSE}"
LICENSE:${PN}-gconv = "${EAT_LIBC_LICENSE}"
LICENSE:${PN}-extra-nss = "${EAT_LIBC_LICENSE}"
LICENSE:${PN}-thread-db = "${EAT_LIBC_LICENSE}"
LICENSE:${PN}-pcprofile = "${EAT_LIBC_LICENSE}"
LICENSE:${PN}-staticdev = "${EAT_LIBC_LICENSE}"
LICENSE:catchsegv = "${EAT_LIBC_LICENSE}"
LICENSE:glibc-extra-nss = "${EAT_LIBC_LICENSE}"
LICENSE:glibc-thread-db = "${EAT_LIBC_LICENSE}"
LICENSE:libmemusage = "${EAT_LIBC_LICENSE}"
LICENSE:libsegfault = "${EAT_LIBC_LICENSE}"
LICENSE:libsotruss = "${EAT_LIBC_LICENSE}"
LICENSE:sln = "${EAT_LIBC_LICENSE}"
LICENSE:nscd = "${EAT_LIBC_LICENSE}"
LICENSE:ldd = "${EAT_LIBC_LICENSE}"
LICENSE:libasan-dev = "${EAT_GCC_LICENSE}"
LICENSE:libasan = "${EAT_GCC_LICENSE}"
LICENSE:libasan-staticdev = "${EAT_GCC_LICENSE}"
LICENSE:libatomic-dev = "${EAT_GCC_LICENSE}"
LICENSE:libatomic = "${EAT_GCC_LICENSE}"
LICENSE:libatomic-staticdev = "${EAT_GCC_LICENSE}"
LICENSE:libg2c-dev = "${EAT_GCC_LICENSE}"
LICENSE:libg2c = "${EAT_GCC_LICENSE}"
LICENSE:libgcc-dev = "${EAT_GCC_LICENSE}"
LICENSE:libgcc = "${EAT_GCC_LICENSE}"
LICENSE:libgfortran-dbg = "${EAT_GCC_LICENSE}"
LICENSE:libgfortran-dev = "${EAT_GCC_LICENSE}"
LICENSE:libgfortran = "${EAT_GCC_LICENSE}"
LICENSE:libgfortran-staticdev = "${EAT_GCC_LICENSE}"
LICENSE:libgomp-dev = "${EAT_GCC_LICENSE}"
LICENSE:libgomp = "${EAT_GCC_LICENSE}"
LICENSE:libgomp-staticdev = "${EAT_GCC_LICENSE}"
LICENSE:libitm-dev = "${EAT_GCC_LICENSE}"
LICENSE:libitm = "${EAT_GCC_LICENSE}"
LICENSE:libitm-staticdev = "${EAT_GCC_LICENSE}"
LICENSE:liblsan-dev = "${EAT_GCC_LICENSE}"
LICENSE:liblsan = "${EAT_GCC_LICENSE}"
LICENSE:liblsan-staticdev = "${EAT_GCC_LICENSE}"
LICENSE:libmudflap-dev = "${EAT_GCC_LICENSE}"
LICENSE:libmudflap = "${EAT_GCC_LICENSE}"
LICENSE:libmudflap-staticdev = "${EAT_GCC_LICENSE}"
LICENSE:libquadmath-dev = "${EAT_GCC_LICENSE}"
LICENSE:libquadmath = "${EAT_GCC_LICENSE}"
LICENSE:libquadmath-staticdev = "${EAT_GCC_LICENSE}"
LICENSE:libssp-dev = "${EAT_GCC_LICENSE}"
LICENSE:libssp = "${EAT_GCC_LICENSE}"
LICENSE:libssp-staticdev = "${EAT_GCC_LICENSE}"
LICENSE:libstdc++-dbg = "${EAT_GCC_LICENSE}"
LICENSE:libstdc++-dev = "${EAT_GCC_LICENSE}"
LICENSE:libstdc++ = "${EAT_GCC_LICENSE}"
LICENSE:libstdc++-precompile-dev = "${EAT_GCC_LICENSE}"
LICENSE:libstdc++-staticdev = "${EAT_GCC_LICENSE}"
LICENSE:libtsan-dev = "${EAT_GCC_LICENSE}"
LICENSE:libtsan = "${EAT_GCC_LICENSE}"
LICENSE:libtsan-staticdev = "${EAT_GCC_LICENSE}"
LICENSE:libubsan-dev = "${EAT_GCC_LICENSE}"
LICENSE:libubsan = "${EAT_GCC_LICENSE}"
LICENSE:libubsan-staticdev = "${EAT_GCC_LICENSE}"
LICENSE:linux-libc-headers-dev = "GPL-2.0-only"
LICENSE:linux-libc-headers = "GPL-2.0-only"
LICENSE:gdbserver = "GPL-2.0-only & GPL-3.0-only & LGPL-2.0-only & LGPL-3.0-only"
+31
View File
@@ -0,0 +1,31 @@
# Sign binaries for UEFI Secure Boot
#
# Usage in recipes:
#
# Set binary to sign per recipe:
# SBSIGN_TARGET_BINARY = "${B}/binary_to_sign"
#
# Then call do_sbsign() in correct stage of the build
# do_compile:append() {
# do_sbsign
# }
DEPENDS += 'gen-sbkeys'
DEPENDS += "sbsigntool-native"
SBSIGN_KEY = "${SBSIGN_KEYS_DIR}/db.key"
SBSIGN_CERT = "${SBSIGN_KEYS_DIR}/db.crt"
SBSIGN_TARGET_BINARY ?= "binary_to_sign"
# Not adding as task since recipes may need to sign binaries at different
# stages. Instead they can call this function when needed by calling this function
do_sbsign() {
bbnote "Signing ${PN} binary ${SBSIGN_TARGET_BINARY} with ${SBSIGN_KEY} and ${SBSIGN_CERT}"
${STAGING_BINDIR_NATIVE}/sbsign \
--key "${SBSIGN_KEY}" \
--cert "${SBSIGN_CERT}" \
--output "${SBSIGN_TARGET_BINARY}.signed" \
"${SBSIGN_TARGET_BINARY}"
cp "${SBSIGN_TARGET_BINARY}" "${SBSIGN_TARGET_BINARY}.unsigned"
cp "${SBSIGN_TARGET_BINARY}.signed" "${SBSIGN_TARGET_BINARY}"
}
+1 -1
View File
@@ -33,7 +33,7 @@ DEPENDS += "trusted-firmware-m-scripts-native"
# python3-cryptography needs the legacy provider, so set OPENSSL_MODULES to the
# right path until this is relocated automatically.
export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules"
export OPENSSL_MODULES = "${STAGING_LIBDIR_NATIVE}/ossl-modules"
# The arguments passed to the TF-M image signing script. Override this variable
# in an image recipe to customize the arguments.
+1 -1
View File
@@ -13,7 +13,7 @@ LAYERDEPENDS_meta-arm = " \
core \
arm-toolchain \
"
LAYERSERIES_COMPAT_meta-arm = "styhead"
LAYERSERIES_COMPAT_meta-arm = "styhead walnascar"
# runfvp --console needs telnet, so pull this in for testimage.
HOSTTOOLS_NONFATAL += "telnet"
@@ -18,7 +18,7 @@ QB_KERNEL_ROOT = "/dev/vda2"
IMAGE_FSTYPES += "wic wic.qcow2"
WKS_FILE ?= "qemuarm64.wks"
WKS_FILE_DEPENDS = "trusted-firmware-a"
WKS_FILE_DEPENDS:append = " trusted-firmware-a"
IMAGE_BOOT_FILES = "${KERNEL_IMAGETYPE}"
MACHINE_FEATURES += "optee-ftpm"
+2 -3
View File
@@ -29,8 +29,7 @@ def cli_from_config(config, terminal_choice):
if terminal_choice != "none" and name:
# TODO if raw mode
# cli.extend(["--parameter", f"{terminal}.mode=raw"])
# TODO put name into terminal title
cli.extend(["--parameter", f"{terminal}.terminal_command={terminals[terminal_choice].command}"])
cli.extend(["--parameter", f"{terminal}.terminal_command={terminals[terminal_choice].command.format(name=name)}"])
else:
# Disable terminal
cli.extend(["--parameter", f"{terminal}.start_telnet=0"])
@@ -57,7 +56,7 @@ class ConsolePortParser:
while True:
try:
line = next(self._lines).strip().decode(errors='ignore')
m = re.match(r"^(\S+): Listening for serial connection on port (\d+)$", line)
m = re.search(r"(\S+): Listening for serial connection on port (\d+)$", line)
if m:
matched_console = m.group(1)
matched_port = int(m.group(2))
+3 -3
View File
@@ -53,7 +53,7 @@ class Terminals:
terminals = Terminals()
# TODO: option to switch between telnet and netcat
connect_command = "telnet localhost %port"
terminals.add_terminal(2, "tmux", f"tmux new-window -n \"%title\" \"{connect_command}\"")
terminals.add_terminal(2, "gnome-terminal", f"gnome-terminal --window --title \"%title\" --command \"{connect_command}\"")
terminals.add_terminal(1, "xterm", f"xterm -title \"%title\" -e {connect_command}")
terminals.add_terminal(2, "tmux", f"tmux new-window -n \"{{name}} - %title\" \"{connect_command}\"")
terminals.add_terminal(2, "gnome-terminal", f"gnome-terminal --window --title \"{{name}} - %title\" --command \"{connect_command}\"")
terminals.add_terminal(1, "xterm", f"xterm -title \"{{name}} - %title\" -e {connect_command}")
terminals.add_terminal(0, "none", None)
+1 -1
View File
@@ -12,7 +12,7 @@ class OpteeTestSuite(OERuntimeTestCase):
"""
Run OP-TEE tests (xtest).
"""
@OETimeout(1300)
@OETimeout(2700)
@OEHasPackage(['optee-test'])
def test_opteetest_xtest(self):
# clear storage before executing tests
@@ -0,0 +1,29 @@
#
# SPDX-License-Identifier: MIT
#
from oeqa.runtime.case import OERuntimeTestCase
from oeqa.core.decorator.oetimeout import OETimeout
class UEFI_SB_TestSuite(OERuntimeTestCase):
"""
Validate Secure Boot is Enabled
"""
@OETimeout(1300)
def test_uefi_secureboot(self):
# Validate Secure Boot is enabled by checking
# 8be4df61-93ca-11d2-aa0d-00e098032b8c-SecureBoot.
# The GUID '8be4df61-93ca-11d2-aa0d-00e098032b8c' is a well-known
# identifier for the Secure Boot UEFI variable. By checking the value of
# this variable, specifically
# '8be4df61-93ca-11d2-aa0d-00e098032b8c-SecureBoot', we can determine
# whether Secure Boot is enabled or not. This variable is set by the
# UEFI firmware to indicate the current Secure Boot state. If the
# variable is set to a value of '0x1' (or '1'), it indicates that Secure
# Boot is enabled. If the variable is set to a value of '0x0' (or '0'),
# it indicates that Secure Boot is disabled.
cmd = "echo $( od -t u2 -A n -j 4 -N 4 /sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c )"
status, output = self.target.run(cmd, timeout=120)
self.assertEqual(output, "1", msg="\n".join([cmd, output]))
@@ -4,7 +4,7 @@ LICENSE = "BSD-3-Clause"
LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=bb63326febfb5fb909226c8e7ebcef5c"
SRC_URI = "git://git.kernel.org/pub/scm/linux/kernel/git/mark/boot-wrapper-aarch64.git;branch=master;protocol=https"
SRCREV = "5e3760073454c72f3458805a1b7a89ecf80353cb"
SRCREV = "ac6742520ded1da30d500f74e8affe86e27cabd5"
# boot-wrapper doesn't make releases
UPSTREAM_CHECK_COMMITS = "1"
@@ -1,29 +0,0 @@
From 745294ffa9bb9296eb4250f24dd0ae8115fadd7a Mon Sep 17 00:00:00 2001
From: Jon Mason <jon.mason@arm.com>
Date: Thu, 27 Oct 2022 20:10:09 +0000
Subject: [PATCH] work around visibility issue
gn commit 46b572ce4ceedfe57f4f84051bd7da624c98bf01 "fixed" the
visibility field not applying to public configs. This caused dtc to
have issues due to libfdt and others not being specified. Due to the
number, it was cleaner to remove the visibility field (which defaults to
everything being visible).
Upstream-Status: Pending [Not submitted to upstream yet]
Signed-off-by: Jon Mason <jon.mason@arm.com>
---
BUILD.gn | 1 -
1 file changed, 1 deletion(-)
diff --git a/BUILD.gn b/BUILD.gn
index f55560c540de..d60c3e37135b 100644
--- a/BUILD.gn
+++ b/BUILD.gn
@@ -5,7 +5,6 @@
# https://opensource.org/licenses/BSD-3-Clause.
config("libfdt_config") {
- visibility = [ ":gtest" ]
include_dirs = [
"libfdt",
"hafnium_inc",
@@ -16,9 +16,8 @@ inherit deploy python3native pkgconfig ${CLANGNATIVE}
SRC_URI = "gitsm://git.trustedfirmware.org/hafnium/hafnium.git;protocol=https;branch=master \
file://0001-arm-hafnium-fix-kernel-tool-linking.patch \
file://0001-Use-pkg-config-native-to-find-the-libssl-headers.patch;patchdir=third_party/linux \
file://0001-work-around-visibility-issue.patch;patchdir=third_party/dtc \
"
SRCREV = "2bef7ab3895c48d39b84ab58179b2d0de5156b8b"
SRCREV = "2cf2ca7c4b81ab18e9cd363d9a5c8288e2a94fda"
S = "${WORKDIR}/git"
B = "${WORKDIR}/build"

Some files were not shown because too many files have changed in this diff Show More