1
0
mirror of https://git.yoctoproject.org/meta-arm synced 2026-07-17 16:17:09 +00:00

Compare commits

..

80 Commits

Author SHA1 Message Date
Ross Burton c3e9fb12aa CI: only run pending-updates on master
This job takes a few minutes and isn't useful unless it's being ran for
master, or is being actively worked on.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2025-11-05 09:39:48 -05:00
Ross Burton 10c27f061b CI: fix meta-virtualization URL
Use https: so that Kas premirroring can work.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2025-06-27 10:00:11 -04:00
Ross Burton 5c33ed794a CI: show all variables in update-repos
This makes it easier to debug path usage.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2025-06-27 10:00:11 -04:00
Ross Burton 2384dc1a9a CI: don't run update-repos if KAS_REPO_REF_DIR isn't set
Mostly taken from master.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2025-06-27 10:00:11 -04:00
Ross Burton 5d759ca68d CI: remove obsolete installation of python3-subunit
This is in the Kas image from 3.2, so this is now obsolete.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2025-06-27 10:00:11 -04:00
Ross Burton 58a33d0860 CI: clean up variable definitions
Mostly taken from master, rationalise the variable definitions and stop
hardcoding /persist/.

Users of this CI will have to ensure that they've set CACHE_DIR if they
want anything actually cached.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2025-06-27 10:00:11 -04:00
Ross Burton 5c4f98bbc5 CI: add CI_CLEAN_REPOS variable to allow cleaning the repo reference cache
If the repository reference directory gets corrupted it's not easy to
wipe it, so add a variable CI_CLEAN_REPOS that if set in the pipeline
will clean the clones and re-fetch them.

Also, stop the fetch from detaching during the garbage collection, just
in case it was a long-running GC that got killed that caused the
corruption in the first place.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2025-06-27 10:00:11 -04:00
Ross Burton 6b2d97cecd CI: use canonical git.yoctoproject.org URLs
The canonical repository URLs don't use /git/.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2025-04-04 13:55:32 -04:00
Jon Mason 936c02ec13 arm/linux-yocto: disable CONFIG_MTD_NAND_FSL_IFC
Linux stable kernel v5.15.166 added commit e59386c300198385d8bf33336de3b8c165d20d00,
which modifies the depends for the Freescale IFC NAND controller.  See
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.15.y&id=e59386c300198385d8bf33336de3b8c165d20d00

Because of this change, do_kernel_configcheck is logging an warning
about values not matching.  To address this issue, disable it manually
in a config fragment, but only for the affected machines in meta-arm.

Signed-off-by: Jon Mason <jon.mason@arm.com>
2024-10-21 12:00:10 -04:00
Javier Tia bf98ef902e trusted-firmware-a: fix build error when using ccache
When ccache is enabled trusted-firmware-a recipe fails with this
error message:

    make: *** No rule to make target 'aarch64-poky-linux-gcc'. Stop.

ccache prefix CC variable with 'ccache' word before compiler. Because
there are no quotes assigned to CC, only 'ccache' is assigned. The
compiler becomes a make target, producing the build error.

Add single quotes to LD is a good measure to prevent this kind of error.

Signed-off-by: Javier Tia <javier.tia@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2024-10-02 08:58:50 -04:00
Ross Burton 260e3adc2b arm/boot-wrapper-aarch64: use https to fetch git source
Some networks limit outgoing git: traffic, so use https:.

Fixes: 0cec3e5 ("arm/gem5/boot-wrapper-aarch64: Move main recipe to meta-arm")
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2024-05-08 10:47:03 -04:00
Alexander Sverdlin 1c9ba5d495 optee-ftpm: fix EARLY_TA_PATHS passed to optee-os
Fix the build with DISTRO_FEATURES containing "usrmerge":
make: *** No rule to make target '/.../optee-os/4.1.0/recipe-sysroot/lib/optee_armtz/bc50d971-d4c9-42c4-82cb-343fb7f37896.stripped.elf', needed by '/.../optee-os/4.1.0/build/core/early_ta_bc50d971-d4c9-42c4-82cb-343fb7f37896.c'.  Stop.

Fixes: 6a105f47b9 ("optee-ftpm: Install artifacts into nonarch_base_libdir")
Signed-off-by: Alexander Sverdlin <alexander.sverdlin@siemens.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2024-05-08 10:45:37 -04:00
Adam Johnston 668df530a5 arm-bsp/n1sdp: Use git clone to fetch FW for the N1SDP
git.linaro.org/landing-teams/working no longer seems to serve snapshots
in tar.gz format, breaking the N1SDP build for kirkstone.

Using same tag as the existing snapshot, fetch the binaries with a
conventional git clone, as per master.

Signed-off-by: Adam Johnston <adam.johnston@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2024-04-30 08:13:14 -04:00
Ross Burton d7b7b6fb6c arm/opencsd: upgrade to 1.2.1 to fix kernel build
Linux 5.15.149 contains the following change[1]:

    perf cs-etm: Bump minimum OpenCSD version to ensure a bugfix is present

    Since commit d927ef5004ef ("perf cs-etm: Add exception level consistency
    check"), the exception that was added to Perf will be triggered unless
    the following bugfix from OpenCSD is present:
    [...]

The opencsd requirement is now 1.2.1 onwards, but the kirkstone branch
has 1.2.0.  The 1.2.1 release was just three bugfixes on top of 1.2.0 so
this should be a safe upgrade:

3fecfb0 opencsd: etm4x: Update etm4x / ete decoder to flush context to client immediately.
db97bbc opencsd: decode: Update decoder base to implement memory accessor invalidation.
a7b77aa opencsd: memaccess: Allow memory accessors to have cache invalidated by decoder.

[1] a7af1be5cf5507dd6c157b7a25453942f805db76

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2024-03-20 14:49:14 -04:00
Ross Burton b187fb9232 arm-bsp/secure-partitions: fix build with GCC 11.4
GCC 11.4 has improved code generation and needs the __aarch64_cas4_sync
intrinsic from libgcc, but one of the modules here doesn't link to
libgcc.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2023-08-24 11:13:41 -04:00
Jon Mason c39bb4ce3b arm/edk2: add support for qemuarm and qemuarm64
Add basic support for running edk2 on qemuarm and qemuarm64.  This
necessitated the need to add ACPI and EFI to the default kernel configs
for these machines.

Signed-off-by: Jon Mason <jon.mason@arm.com>
2023-07-10 08:39:12 -04:00
Vikas Katariya 96aad3b29a arm-bsp/linux-yocto: Fix N1SDP PCI quirk patch
The poky commit 74f086529911bdaf07a8414d50de411e20739541 updates
the kernel to v5.15.103 which breaks the PCI quirk patch for the N1SDP.

Signed-off-by: Vikas Katariya <vikas.katariya@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2023-04-13 13:00:10 -04:00
Ross Burton a0216a41bd CI: pin to kas 3.2 as 3.2.1 fails
For some reason the kas 3.2.1 container fails:

No such file or directory: '/builds/engineering/yocto/meta-arm/ci/ci/base.yml'

Note the repeated /ci/, which is wrong.

Pin the kas container to 3.2 for now until this is resolved.

Signed-off-by: Ross Burton <ross.burton@arm.com>
2023-02-09 12:40:00 +00:00
Daniel Díaz b004c61ec2 arm-bsp/firmware-image-juno: Fix deployment of compressed Image
A recent commit compressed the kernel image (to Image.gz) and
by default enabled an initramfs image. In the case for when
such that (initramfs) is not desirable, the deploy step of the
Juno firmware will still try to install the Image file, (not
Image.gz), so this fails:

  ERROR: firmware-image-juno-1.0-r0 do_deploy: ExecutionError('/oe/build/tmp-glibc/work/juno-oe-linux/firmware-image-juno/1.0-r0/temp/run.do_deploy.360477', 1, None, None)
  ERROR: Logfile of failure stored in: /oe/build/tmp-glibc/work/juno-oe-linux/firmware-image-juno/1.0-r0/temp/log.do_deploy.360477
  Log data follows:
  | DEBUG: Executing python function sstate_task_prefunc
  | DEBUG: Python function sstate_task_prefunc finished
  | DEBUG: Executing shell function do_deploy
  | cp: cannot stat '/oe/build/tmp-glibc/deploy/images/juno/Image': No such file or directory
  | WARNING: /oe/build/tmp-glibc/work/juno-oe-linux/firmware-image-juno/1.0-r0/temp/run.do_deploy.360477:152 exit 1 from 'cp -L -f /oe/build/tmp-glibc/deploy/images/juno/Image /oe/build/tmp-glibc/work/juno-oe-linux/firmware-image-juno/1.0-r0/image/juno-firmware-19.06/SOFTWARE/'
  | WARNING: Backtrace (BB generated script):
  | 	#1: do_deploy, /oe/build/tmp-glibc/work/juno-oe-linux/firmware-image-juno/1.0-r0/temp/run.do_deploy.360477, line 152
  | 	#2: main, /oe/build/tmp-glibc/work/juno-oe-linux/firmware-image-juno/1.0-r0/temp/run.do_deploy.360477, line 163
  NOTE: recipe firmware-image-juno-1.0-r0: task do_deploy: Failed
  ERROR: Task (../meta-arm/meta-arm-bsp/recipes-bsp/images/firmware-image-juno.bb:do_deploy) failed with exit code '1'

This updates the else case for when an initramfs image is not
in use so that the right kernel image is deployed, by using
the KERNEL_IMAGETYPE variable, to use either version of the
kernel image.

Signed-off-by: Daniel Díaz <daniel.diaz@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2023-02-04 04:53:38 -05:00
Ross Burton 858c7553a8 Revert "CI: add patches to fix perf with clang"
These fixes have been merged into oe-core so are no longer needed.

This reverts commit e3cb27c06a.

Signed-off-by: Ross Burton <ross.burton@arm.com>
2023-01-30 13:35:51 +00:00
Jon Mason ce41be0a7f arm-bsp/linux-yocto: Update juno patch
Update the juno kernel patch to work with the latest kirkstone kernel,
and remove the workaround.

Signed-off-by: Jon Mason <jon.mason@arm.com>
2023-01-18 11:00:19 -05:00
Jon Mason 9f70b3d538 arm-bsp/juno: move to compressed initramfs image
Change u-boot and machine config to default to booting a compressed
initramfs.  This allows for easier testing.  A compressed image is
needed as the image is too big for the storage, and the error notifying
of such is vague.

Signed-off-by: Jon Mason <jon.mason@arm.com>
2023-01-18 11:00:19 -05:00
Ross Burton 904f8e82c2 arm-bsp/linux-yocto: temporarily downgrade juno to 5.15.72
The mailbox patches don't apply to 5.15.78 so until they can be rebased
and retested, pin the kernel to 5.15.72.

Signed-off-by: Ross Burton <ross.burton@arm.com>
2022-12-19 17:16:10 +00:00
Ross Burton e3cb27c06a CI: add patches to fix perf with clang
Apply two in-flight patches to fix the build of perf with clang.

Signed-off-by: Ross Burton <ross.burton@arm.com>
2022-12-19 17:15:32 +00:00
Ross Burton 196ae5166d ci/get-binary-toolchains: rewrite, slightly
Add set -e so errors are fatal.

Allow HOST_ARCH and VER to be overridden by the environment, for testing.

Pull the tarball basename into a variable to reduce duplication.

Turn the wget call into a function to reduce duplication.

Drop the big-endian binaries as we never use those.

Signed-off-by: Ross Burton <ross.burton@arm.com>
2022-12-16 17:32:06 +00:00
Ross Burton 3366ba9427 CI: remove armcompiler references
Arm Compiler has been removed, so remove it from the CI.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2022-12-15 17:17:07 +00:00
Ross Burton 796d9913fa arm-toolchain/armcompiler: remove recipe
As far as we know nobody is actually using the Arm Compiler recipe: 6.17
does a network operation on every call to check the license and this
fails with the network isolation that do_compile has in kirkstone, and
6.18 is behind a loginwall so we cannot download it in a recipe.

Unless we have actual users asking for a recipe, remove it from the layer
to avoid confusion.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2022-12-15 17:17:07 +00:00
Ross Burton 9d03ba7f5c arm/trusted-firmware-m: remove compiler options
The recipe supports the use of both Arm's binary GCC (aka GNU Arm
Embedded Compiler, or gnu-rm) and binary Clang (aka Arm Compiler).
However, armcompiler was never tested and doesn't work: 6.17 does a
network operation on every call to check the license which fails with
the network isolation in do_compile tasks, and 6.18 is behind a
loginwall so we can't automatically fetch it in a recipe.

Simplify the recipe to hardcode the use of gnu-rm, and remove the clang
support.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2022-12-15 17:17:07 +00:00
Jon Mason 0eaf5b5a7d CI: define DEFAULT_TAG and CPU_REQUEST
DEFAULT_TAG and CPU_REQUEST are being used to help with internal Gitlab
pipeline setups know which type of machines to run on, but has no value
outside of Arm Corp.  Gitlab CI allows for variables to be overridden
by default.  So, we can give it a default value of NULL/empty and have
everything work internally and externally by default.

Signed-off-by: Jon Mason <jon.mason@arm.com>
2022-12-15 17:16:41 +00:00
Ross Burton d5ba8fea32 CI: no need to install telnet
The kas 3.1 container has telnet in. We can also remove python3-subunit
once kas 3.2 is released.

Signed-off-by: Ross Burton <ross.burton@arm.com>
2022-12-14 15:33:46 +00:00
Ross Burton 0e1f4bc081 CI: use the .setup fragment in machine-coverage
Signed-off-by: Ross Burton <ross.burton@arm.com>
2022-12-14 15:33:46 +00:00
Ross Burton e5dd1c4f53 CI: add tags to all jobs
Tag all jobs with the DEFAULT_TAG variable so each instance can control
what tags the jobs have, whilst still explicitly tagging the jobs which
need specific tags (such as x86_64 for jobs which need to run x86-only
binaries)

Signed-off-by: Ross Burton <ross.burton@arm.com>
2022-12-14 15:20:26 +00:00
Ross Burton ee8ef5b765 CI: add variables needed for k8s runners
The Kas container needs to use the entrypoint as that is where the user
changes from root to a normal user.

Also set the KUBERNETES_CPU_REQUEST to the variable CPU_REQUEST as this
needs to be tuned per-deployment.

Signed-off-by: Ross Burton <ross.burton@arm.com>
2022-12-14 15:20:26 +00:00
Ross Burton 67578fcfcd arm-bsp/linux-yocto: refresh juno-dts-mhu-doorbell.patch for 5.15.72
The linux-yocto recipe in oe-core upgraded to 5.15.72, so rebase the
doorbell patches to apply correctly.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2022-11-14 10:00:07 -05:00
Abdellatif El Khlifi bafd1d013c arm-bsp/machine: corstone1000: disable pulling the kernel into the initramfs
exclude kernel-image-* packages from the rootfs

Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2022-10-19 06:00:07 -04:00
Abdellatif El Khlifi d54e50daa6 arm-bsp/corstone1000: use compressed kernel image
To fit the kernel image into the allotted space, a compressed kernel
image is now needed.  Use the Image.gz from the kernel build process
and change the relevant places to use the new image name.  This also
necessitates adding an unzip command to u-boot to uncompress it to
memory (and the loadm is still needed to setup the efi mem boot device).
Also, the unzipped image is larger than before.  So, increase the size
that loadm is copying.

This change shrinks the initramfs bundle size from 12MB to 4.8MB

Signed-off-by: Jon Mason <jon.mason@arm.com>
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2022-10-19 06:00:07 -04:00
Jon Mason 11920e64f4 arm-bsp/n1sdp: update linux-yocto patches
Signed-off-by: Jon Mason <jon.mason@arm.com>
2022-09-29 10:35:48 +00:00
Jiacheng Tang f8adac6890 arm/fvp-base-r-aem: upgrade to version 11.19.14
Update version in documentation.

Issue-Id: SCM-5168
Signed-off-by: Jiacheng Tang <jiacheng.tang@arm.com>
Change-Id: Ic6302540e5ec3eb4d2ef436018cba7328f6dfc68
Signed-off-by: Jon Mason <jon.mason@arm.com>
2022-09-27 10:00:16 -04:00
Peter Hoyes 0a5eba13d8 arm/lib: Specify the FVP environment variables explicitly
It is sometimes useful to be able to configure the behavior of FVPs
using environment variables, e.g. for licensing or plugins.

Add a new FVP option: FVP_ENV_PASSTHROUGH, which allows the Bitbake
variables to be passed to the environment to be specified explicitly (in
a similar way to BB_ENV_PASSTHROUGH). This ensures that:

 * FVPs launched via runfvp have a reproducable environment
 * FVPs launched via testimage (which run from an isolated Bitbake task)
   can receive environment variables

Change the self-tests to use cwd instead of PATH to find the mock FVPs,
as the PATH environment variable is no longer passed through.

Issue-Id: SCM-4964
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: Idf6ac6d41fda4cd5f950bc383c2fc1fa1acdf4e3
Signed-off-by: Jon Mason <jon.mason@arm.com>
2022-09-14 13:32:00 -04:00
Jon Mason 68f7d5d513 arm/trusted-firmware-m: fix branch issue
The 1.5.x branch no longer exists on the tf-m git repo, but the SHA is
still present.  Update the branch name to allow for this.

Signed-off-by: Jon Mason <jon.mason@arm.com>
2022-09-14 10:06:51 -04:00
Vishnu Banavath 7daa407c3c arm-bsp:ffa-debugfs: update git SHA for v2.1.0
git sha on
https://git.gitlab.arm.com/linux-arm/linux-trusted-services/-/tree/v2.1.0
has been changed recently for v2.1.0 tag. This change is to update
ffa-debugfs-mod_2.1.0.bb to fetch correct git SHA.

Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2022-09-12 10:12:36 -04:00
Denys Dmytriyenko af69667215 arm-toolchain/gcc,external-arm-toolchain: resolve conflict with gcc headers
Historically external-arm-toolchain recipe packaged all gcc headers from
${libdir}/gcc/${TARGET_SYS}/${BINV}/include - some would be picked up by
packages like gcc-sanitizers, libssp-dev. libquadmath-dev or libgomp-dev.
The rest would fall into catch-all libgcc-dev package.

Unfortunately, that could result in a conflict with a target gcc, which
also packages some of those files, like unwind.h or stddef.h, among others.

The conflict could be seen with this config:

EXTRA_IMAGE_FEATURES += "dev-pkgs tools-sdk"
TCMODE = "external-arm"
EXTERNAL_TOOLCHAIN = "/OE/toolchains/gcc-arm-11.2-2022.02-x86_64-aarch64-none-linux-gnu"

And the error message is:

Error: Transaction test error:
  file /usr/lib/gcc/aarch64-poky-linux/11.2.1/include/stddef.h conflicts between attempted installs of libgcc-s-dev-11.2.1-r0.1.cortexa57 and gcc-arm+11.2-r2022.02.1.cortexa57
  file /usr/lib/gcc/aarch64-poky-linux/11.2.1/include/unwind.h conflicts between attempted installs of libgcc-s-dev-11.2.1-r0.1.cortexa57 and gcc-arm+11.2-r2022.02.1.cortexa57

Modify external-arm-toolchain recipe according to how libgcc in OE-Core
handles those header files by removing and not packaging them:

https://git.openembedded.org/openembedded-core/tree/meta/recipes-devtools/gcc/libgcc-common.inc#n40

Also need to adjust gcc recipe to pick up unwind.h from EXTERNAL_TOOLCHAIN
location now, since libgcc-dev no longer carries it, and install it into
STAGING_LIBDIR_NATIVE, where OE-Core gcc-target.inc expects it from
gcc-cross:

https://git.openembedded.org/openembedded-core/tree/meta/recipes-devtools/gcc/gcc-target.inc#n164

Signed-off-by: Denys Dmytriyenko <denys@konsulko.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2022-09-10 20:59:29 -04:00
Peter Hoyes 8c97ddc423 arm/oeqa: Make linuxboot test case timeout configurable
In complex stacks, e.g. with many cores or many init scripts, the time
to Linux shell may be more than 10 minutes. Make the boot timeout
configurable using TEST_FVP_LINUX_BOOT_TIMEOUT, leaving the default
value at 10 minutes.

Issue-Id: SCM-4958
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: Ie074acd4b4509d0230d1f77a2a527d497bb295ce
Signed-off-by: Jon Mason <jon.mason@arm.com>
2022-09-01 09:48:17 -04:00
Leo Yan faa70b76c6 optee-ftpm: Update to "main" branch
Since the github repository doesn't contain a "master" branch but has the
"main" branch now, this patch updates to the "main" branch so can
download the repository successfully.

CC: Ilias Apalodimas <ilias.apalodimas@linaro.org>
CC: Jerome Forissier <jerome.forissier@linaro.org>
CC: Peter Griffin <peter.griffin@linaro.org>
Signed-off-by: Leo Yan <leo.yan@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2022-08-23 09:56:43 -04:00
Jerome Forissier f2781a9c8d optee: use CFLAGS{32,64} to pass --sysroot
Since upstream OP-TEE 3.16.0, CFLAGS32 and CFLAGS64 can be used to set
the sysroot option that previously required the LIBGCC_LOCATE_CFLAGS
patches.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2022-08-09 13:53:17 -04:00
Peter Hoyes cf9365fcec docs: Introduce meta-arm OEQA documentation
Add documentation for how to use the OEQA framework to test targets in
meta-arm. Include instructions on using OEFVPTarget as well as the
OEFVPSerialTarget introduced by the recent refactor of runfvp.

Issue-Id: SCM-4954
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: I146ec1c82214471fe9d18a999fd92efb38f652f9
Signed-off-by: Jon Mason <jon.mason@arm.com>
2022-08-09 08:30:32 -04:00
Peter Hoyes b26fdd7deb docs: Update FVP_CONSOLES in runfvp documentation
The runfvp refactor to enable OEFVPSerialTarget created FVP_CONSOLES
which maps the names used for serial ports in test cases to the names
used for serial ports in the FVP stdout.

Refactor the FVP_CONSOLE section -> FVP_CONSOLES, noting the the
'default' console is still used for the --console runfvp flag.

Issue-Id: SCM-4954
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: Ieb13d74cfd425900f44b4b2e6d125393e7b456ad
Signed-off-by: Jon Mason <jon.mason@arm.com>
2022-08-09 08:30:32 -04:00
Jon Mason d32f29c55d gem5: add meta-arm-bsp dependency
meta-gem5 needs the 5.4 kernel, which is only present in the
meta-arm-bsp layer.  Add this as a dependency to resolve issues.

Signed-off-by: Jon Mason <jon.mason@arm.com>
2022-08-08 11:00:08 -04:00
Ross Burton b2620a4292 arm-toolchain/layer.conf: remove BB_DANGLINGAPPENDS_WARNONLY
This appears to be historical from when the toolchain was in meta-linaro.

It isn't needed anymore, there's one bbappend in meta-arm-toolchain for
grub which is part of oe-core, so will never be dangling.

This variable has a global effect, so leaving it in here has a negative
impact on users.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2022-08-04 09:08:50 -04:00
Changqing Li 653754d791 optee.inc: update setting for OPTEE_ARCH
lib32-optee-os do_compile failed since OPTEE_ARCH is not set correctly.
In file included from lib/libutee/include/link.h:9,
                 from lib/libutee/arch/arm/tcb.c:37:
lib/libutee/include/elf.h:67:2: error: #error Unknown architecture
   67 | #error Unknown architecture
      |  ^~~~~
In file included from lib/libutee/arch/arm/tcb.c:37:
lib/libutee/include/link.h:13:9: error: unknown type name 'Elf_Addr'
   13 |         Elf_Addr dlpi_addr;                     /* module relocation base */

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2022-08-03 14:43:31 -04:00
Peter Hoyes 025fb194f5 runfvp: Stop the FVP when telnet shuts down cleanly
At the moment, when using the --console flag, if telnet is shut down
cleanly (i.e. by typing "quit" at the prompt instead of Ctrl+C), runfvp
still waits on the FVP to exit of its own accord, so hangs.

Move the fvp.run() call so that when telnet quits, it immediately
proceeds to shut down the FVP.

Issue-Id: SCM-4954
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: I2169c99586a1eebc2c6ab4b2e15fb0c769fc81a8
Signed-off-by: Jon Mason <jon.mason@arm.com>
2022-08-03 09:34:25 -04:00
Changqing Li 844696e401 optee-os.inc: support multilib
Run command: bitbake optee-os && bitbake lib32-optee-os
bitbake lib32-optee-os will fail with following error since
bitbake optee-os already deploy same file under the path.
RROR: lib32-optee-os-3.12.0+gitAUTOINC+3d47a131bc-r0 do_deploy: The recipe lib32-optee-os is trying to install files into a shared area when those files already exist. Those files and their manifest location are:
  /build/tmp-glibc/deploy/images/qemuarm64/optee/tee.elf
    (matched in manifest-qemuarm64-optee-os.deploy)

Fix by deploy them to differernt dir

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2022-08-02 14:56:51 -04:00
Maciej Borzecki 29dc2147d7 arm/edk2-firmware: cherry pick gcc 12.x compatibility patches
Cherry pick gcc 12.x compatibility patches from the upstream.

Signed-off-by: Maciej Borzecki <maciek@thing.com>
2022-07-30 19:50:36 -04:00
Adam Johnston 6301b32aec arm-bsp/sdcard-image-n1sdp: Fix N1SDP dependencies
When enabling trusted boot, the UEFI binary was replaced with a FIP image (which
contains the UEFI binary), therefore the SD card image should depend on
trusted-firmware-a rather than edk2-firmware.

Signed-off-by: Adam Johnston <adam.johnston@arm.com>
2022-07-27 13:16:57 -04:00
Adam Johnston 2b392ebd3c arm-bsp/edk2-firmware: Add NT_FW_CONFIG to N1SDP to fix aborts when accessing virtual memory
NT_FW_CONFIG DTB contains platform information passed by TF-A boot
stage. This information is used for Virtual memory map generation
during PEI phase and passed on to DXE phase as a HOB, where it is used
in ConfigurationManagerDxe.

Signed-off-by: Adam Johnston <adam.johnston@arm.com>
2022-07-27 13:16:57 -04:00
Adam Johnston 01aa5431d6 arm-bsp/sdcard-image-n1sdp: N1SDP trusted boot
This commit configures N1SDP firmware for TBBR bootflow as follows:
* uefi.bin replaced with with fip.bin
* load address adjusted for FIP image

Signed-off-by: Adam Johnston <adam.johnston@arm.com>
2022-07-27 13:16:57 -04:00
Adam Johnston 1e13b8b419 arm-bsp/scp-firmware: N1SDP trusted boot
This commit configures scp-firmware for TBBR bootflow as follows:
* SCP FW upgraded to 2.10 for the N1SDP only
* Updates SCP FW src to master
* BL31 replaced in the SCP firmware image with BL1

Signed-off-by: Adam Johnston <adam.johnston@arm.com>
2022-07-27 13:16:57 -04:00
Adam Johnston d9c6ff98c3 arm-bsp/trusted-firmware-a: N1SDP trusted boot
This commit configures trusted-firmware-a for TBBR bootflow on N1SDP as follows:
* Trusted Firmware is upgraded to 2.7.0 for the N1SDP only
* Trusted boot is enabled.
* Generation of root-of-trust is enabled
* All TB images (BLx, DTBs) are built
* uefi.bin is specified as the BL33 image
* BL2, BL31, BL33 are signed and stored in the FIP
* N1SDP platform sources are patched to increase max size BL2 and reduce max size of BL1

Signed-off-by: Adam Johnston <adam.johnston@arm.com>
2022-07-27 13:16:57 -04:00
Peter Hoyes 8c69397335 arm/oeqa: Fix regex warning in linuxboot test case
The linuxboot test case prints the following in log.do_testimage, only
when executing testimage without a pycache:

  linuxboot.py:18: DeprecationWarning: invalid escape sequence \:
    self.target.expect(self.console, "login\:", timeout=10*60)

Fix the warning by escaping the ':' character correctly in the pexpect
regex.

Issue-Id: SCM-4957
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: I8ad54c7df6b7d1d1ddeab31cf66daff1ab84e227
Signed-off-by: Jon Mason <jon.mason@arm.com>
2022-07-27 08:41:53 -04:00
Peter Hoyes 78fce73c38 arm/lib: Improve FVPRunner shutdown logic
We have encountered intermittent hanging during FVP shutdown, so improve
the termination logic by first issuing a terminate(), waiting a bit
then, if necessary, issuing a kill().

Move returncode logic to after the telnet/pexpect cleanup so it
actually runs.

Move pexpect.EOF logic into FVPRunner.stop so that it executes before
closing the pexpect handle.

Issue-Id: SCM-4957
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: Iebb3c3c89367256b1e116e66ffdb6b742358bce4
Signed-off-by: Jon Mason <jon.mason@arm.com>
2022-07-18 11:42:48 -04:00
Peter Hoyes db6e0ed624 arm/oeqa: Use linuxboot and OEFVPSerialTarget instead of noop
Create a new "linuxboot" test that uses the pexpect methods on
OEFVPSerialTarget to wait for a Linux login shell.

Switch to this test method for fvp-baser-aemv8r64, corstone500 and
corstone1000.

Issue-Id: SCM-4957
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: Idd749652ee72e244b7a3831dd2295e0bfaed3bfa
Signed-off-by: Jon Mason <jon.mason@arm.com>
2022-07-13 10:07:50 -04:00
Peter Hoyes 72a3dfac49 arm/oeqa: Create new OEFVPSerialTarget with pexpect interface
Refactor OEFVPTarget into new base class, OEFVPSSHTarget. OEFVPTarget
extends OEFVPSSHTarget and additionally waits for a Linux login prompt
for compatibility with tests in OE-core.

OEFVPSerialTarget also extends OEFVPSSHTarget. It also exposes the
entire API of pexpect, with the first argument being the
FVP_TEST_CONSOLE varflag key. It logs each console output to separate
files inside the core-image-minimal work directory.

Issue-Id: SCM-4957
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: I1b93f94471c6311da9ee71a48239640ee37de0af
Signed-off-by: Jon Mason <jon.mason@arm.com>
2022-07-13 10:07:50 -04:00
Peter Hoyes 3ead3aa75c arm/classes: Change FVP_CONSOLE to FVP_CONSOLES in fvpconf
So that the test target can connect to the desired console(s) as soon
as they appear in the FVP stdout, add the variable FVP_CONSOLES to the
fvpconf as a replcaement for FVP_CONSOLE. The varflags of this variable
define a mapping between FVP console names (e.g. terminal_0) and console
names in the tests (e.g. 'zephyr'). The console defined in
FVP_CONSOLE is automatically mapped as 'default' for backwards
compatibility.

This also enables greater reuse of test cases, as the "default" console
name can be remapped on a per-machine basis.

Issue-Id: SCM-4957
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: I9d88b172bfc5a5459b9f5132f287c70816d7fb55
Signed-off-by: Jon Mason <jon.mason@arm.com>
2022-07-13 10:07:50 -04:00
Peter Hoyes ae48e655d3 arm/oeqa: Refactor OEFVPTarget to use FVPRunner and pexpect
Refactor OEFVPTarget to use the FVPRunner in meta-arm/lib instead of
calling runfvp in a new process.

Use pexpect to wait for the login prompt instead of parsing the FVP
output manually.

This patch introduces a dependency on pexpect for the meta-arm test
targets. It is already in the Yocto host dependency list and the Kas
container image, but may need to be installed on development machines.

Issue-Id: SCM-4957
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: I7200e958c5701d82493287d021936afcf2f2bac9
Signed-off-by: Jon Mason <jon.mason@arm.com>
2022-07-13 10:07:50 -04:00
Peter Hoyes fb794c84ea arm/oeqa: Add selftests for FVP library
Create basic tests for conffile and runner in meta-arm/lib/fvp

Issue-Id: SCM-4957
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: I1684b0c99fb4fd5299df19f00abb30e8faab3495
Signed-off-by: Jon Mason <jon.mason@arm.com>
2022-07-13 10:07:50 -04:00
Peter Hoyes d2685ae965 scripts,arm/lib: Refactor runfvp into FVPRunner
Refactor runfvp into a "fvp" library inside meta-arm. Split into
terminal, conffile and runner.

Issue-Id: SCM-4957
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: I797f9a4eab810f3cc331b7db140f59c9911231fd
Signed-off-by: Jon Mason <jon.mason@arm.com>
2022-07-13 10:07:50 -04:00
Bertrand Marquis 528d28f7f1 runfvp: ignore setpgid errors when spawned
When runfvp is spawned from an other process (for example except), it is
throwing a permission error.
To solve the problem, surround the call to setpgid with a try/except and
ignore the permission errors.

Signed-off-by: Bertrand Marquis <bertrand.marquis@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2022-07-11 11:07:24 -04:00
Jon Mason af928569b4 ci: work around zephyr test issues
zephyr uses icount to improve test accuracy on virtual hardware.  Do
the same here for the same reason for the platforms that actually test.
Also, the common test now appears to work for microbit-v1 and poll doe
snot work for qemu-cortex-m3

Signed-off-by: Jon Mason <jon.mason@arm.com>
2022-06-22 12:10:34 -04:00
Jiamei Xie 32ca791aaa arm-bsp/fvp-baser-aemv8r64: Use secure hypervisor physical timer in EL2
Arm generic timer provides different timers for different exception
levels and different secure states. Because Armv8-R AArch64 has secure
state only, the valid timer for hypervisor in EL2 is secure hypervisor
physical timer. But for platform fvp-baser-aemv8r64, before FVP 11.18,
the secure hypervisor physical timer could not work well in EL2, so we
had been using Non-secure physical timer in EL2 for hypervisor as a
workaround.

Since secure hypervisor physical timer issue has been fixed from FVP
11.18, we can use this correct timer in EL2 for hypervisor now. So we
update the device tree timer node to use secure hypervisor physical
timer interrupt for hypervisor.

About the interrupt assignments of FVP, please refer to
https://developer.arm.com/documentation/100964/latest/Base-Platform/Base---interrupt-assignments

Issue-Id: SCM-4596
Signed-off-by: Jiamei Xie <jiamei.xie@arm.com>
Change-Id: I9d4b9f4e0ed14c6c1567269c83696ceb9ff84ac8
Signed-off-by: Jon Mason <jon.mason@arm.com>
2022-06-22 10:00:29 -04:00
Peter Hoyes 7415090238 arm/fvp-base-r-aem: Upgrade to version 11.18.16
The new FVP includes the arch in the download filename, so refactor
FVP_ARCH in fvp-common.inc to make "Linux64" available in the recipe
file.

Update version and EULA URL in documentation.

Issue-Id: SCM-4388
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: I3ddc29cd444b78634086f2aefe4f52799eb937b1
Signed-off-by: Jon Mason <jon.mason@arm.com>
2022-06-22 10:00:29 -04:00
Peter Hoyes a8cb33d513 arm-bsp/conf: fvp-baser-aemv8r64 model parameter update
Add parameters required to boot with cache_state_modelled enabled:
 * bp.virtio_net.secure_accesses=1
 * bp.virtio_rng.secure_accesses=1
 * bp.virtioblockdevice.secure_accesses=1
 * cci400.force_on_from_start=1

Add bp.ve_sysregs.exit_on_shutdown=1 to match fvp-base.

Remove parameters that are not required to boot or are setting the
default value.

Alphabetize the list.

Issue-Id: SCM-4304
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: I0a696eff5bb83206e5501f651c487f16f695aa4c
Signed-off-by: Jon Mason <jon.mason@arm.com>
2022-06-07 05:00:10 -04:00
Peter Hoyes dd8b6c1dbe arm-bsp/u-boot: fvp-baser-aemv8r64 cache_state_modelled fixes
Running the FVP_Base_AEMv8R model with the cache_state_modelled
parameter enabled exposed some defects in the U-Boot BSP patches for the
fvp-baser-aemv8r64:
 * The MPU memory attributes are inconsistent with the existing MMU
   attributes, causing a model hang when sending packets using
   virtio-net in U-Boot.
 * The instruction cache was left disabled after booting an EFI payload
   at S-EL1, violating the UEFI specification and causing Grub to hang
   when attempting to use dynamically loaded modules.

The cache_state_modelled FVP parameter is enabled by default in the
model (for simulation accuracy) but is disabled by default in the
machine conf (for simulation speed).

This patch adds two additional machine-specific U-Boot patches to fix
the above issues.

Issue-Id: SCM-4641
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: I5ab13c9fdadd82456ac3f3e3703df36590d52fb7
Signed-off-by: Jon Mason <jon.mason@arm.com>
2022-06-07 05:00:10 -04:00
Abdellatif El Khlifi 93cf02a821 kas: corstone1000: drop the use of the FVP script
FVP script is replaced with the runfvp command.

Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2022-05-23 08:00:10 -04:00
Abdellatif El Khlifi 207f298a67 kas: corstone1000: set HEADs to kirkstone and drop use of meta-arm-image
Align all repos to kirkstone stable branch HEAD

meta-arm-image is no longer supported on master and should be dropped
in kirkstone as well.

Signed-off-by: Harry Moulton <harry.moulton@arm.com>
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2022-05-23 08:00:10 -04:00
Ross Burton fc09cc0e8d CI: use external-arm-toolchain 10.3
The 11.2 release of the Arm GCC uses Broadwell-onwards instructions, but
our CI (and many other users) have pre-Broadwell hardware.

Until 11.3 is released which fixes this, go back to using 10.3 for our CI.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2022-05-18 08:00:16 -04:00
Ross Burton b3c3f77fec arm/linux-yocto: fix boot failure in qemuarm64-secureboot
The boot crash that appears to be triggered by the ZONE_DMA patches has
been root-caused, so work around the problem whilst upstream figure out
the best way to fix.

Also, upgrade qemuarm64-secureboot to 5.15 instead of pinning back to
5.10.

Signed-off-by: Ross Burton <ross.burton@arm.com>
2022-05-16 11:18:07 -04:00
Vishnu Banavath 43224b60b7 arm-bsp/tf-a-tests: Add recipe to build and install TFTF
TFTF is TF-A tests that runs at NS-EL2. This is primarily developed to
test the TF-A interfaces exposed to NS code.

Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2022-05-12 13:00:07 -04:00
Ross Burton b838d40efe CI: use kirkstone branches for meta-clang and meta-virtualization
These branches have kirkstone branches now, so use them.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2022-05-10 09:43:33 -04:00
Jon Mason 2627002c85 arm-bsp/trusted-firmware-m: corstone1000: remove unused patches
commit ab339b24d4 removed the reference to
these patches but did not remove them.  Removing now to clean-up the
tree.

Signed-off-by: Jon Mason <jon.mason@arm.com>
2022-05-03 13:51:04 -04:00
Jon Mason 25e08f2671 arm-bsp/trusted-firmware-a: corstone1000: remove unused patch files
commit 24db3b56ba removed references to
the patches, but did not remove the patches.

Suggested-by: Denys Dmytriyenko <denis@denix.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2022-05-03 13:51:04 -04:00
988 changed files with 65276 additions and 28343 deletions
-2
View File
@@ -1,2 +0,0 @@
[b4]
send-series-to = meta-arm@lists.yoctoproject.org
-1
View File
@@ -1,2 +1 @@
__pycache__
build
+184 -257
View File
@@ -1,26 +1,16 @@
image: ${MIRROR_GHCR}/siemens/kas/kas:4.4
image: ghcr.io/siemens/kas/kas:3.2
variables:
# These are needed as the k8s executor doesn't respect the container
# entrypoint by default
FF_KUBERNETES_HONOR_ENTRYPOINT: 1
FF_USE_LEGACY_KUBERNETES_EXECUTION_STRATEGY: 0
# The default value for KUBERNETES_CPU_REQUEST
CPU_REQUEST: ""
# The default machine tag for the build jobs
DEFAULT_TAG: ""
# The machine tag for the ACS test jobs
ACS_TAG: "$DEFAULT_TAG"
# The directory to use as the persistent cache (the root for DL_DIR, SSTATE_DIR, etc)
CACHE_DIR: $CI_BUILDS_DIR/persist
# The container mirror to use
MIRROR_GHCR: ghcr.io
# Whether to run the SystemReady ACS tests
ACS_TEST: 0
# The list of extra Kas fragments to be used when building
EXTRA_KAS_FILES: ""
# The NVD API key to use when fetching CVEs
NVDCVE_API_KEY: ""
# These are needed as the k8s executor doesn't respect the container entrypoint
# by default
FF_USE_LEGACY_KUBERNETES_EXECUTION_STRATEGY: 0
FF_KUBERNETES_HONOR_ENTRYPOINT: 1
# The directory to use as the persistent cache (the root for DL_DIR,
# SSTATE_DIR, etc). The default is the build tree which will not be
# persistent, so this should be set in the runner.
CACHE_DIR: $CI_PROJECT_DIR
stages:
- prep
@@ -33,55 +23,47 @@ stages:
stage: build
interruptible: true
variables:
KUBERNETES_CPU_REQUEST: $CPU_REQUEST
KAS_WORK_DIR: $CI_PROJECT_DIR/work
KAS_BUILD_DIR: $KAS_WORK_DIR/build
# Set this in the environment to enable local repository caches
KAS_REPO_REF_DIR: ""
SSTATE_DIR: $CACHE_DIR/sstate
DL_DIR: $CACHE_DIR/downloads
BB_LOGCONFIG: $CI_PROJECT_DIR/ci/logging.yml
TOOLCHAIN_DIR: $CACHE_DIR/toolchains
IMAGE_DIR: $KAS_BUILD_DIR/tmp/deploy/images
TOOLCHAIN_LINK_DIR: $KAS_BUILD_DIR/toolchains
IMAGE_DIR: $CI_PROJECT_DIR/work/build/tmp/deploy/images
TOOLCHAIN_LINK_DIR: $CI_PROJECT_DIR/work/build/toolchains
before_script:
- rm -rf $KAS_WORK_DIR
- mkdir --verbose --parents $KAS_WORK_DIR $KAS_REPO_REF_DIR $SSTATE_DIR $DL_DIR $TOOLCHAIN_DIR $TOOLCHAIN_LINK_DIR
# Must do this here, as it's the only way to make sure the toolchain is installed on the same builder
- ./ci/get-binary-toolchains $DL_DIR $TOOLCHAIN_DIR $TOOLCHAIN_LINK_DIR
# Generalised fragment to do a Kas build
.build:
extends: .setup
rules:
# Don't run MR pipelines
- if: $CI_PIPELINE_SOURCE == "merge_request_event"
when: never
# Don't run pipelines for tags
- if: $CI_COMMIT_TAG
when: never
# Don't run if BUILD_ENABLE_REGEX is set, but the job doesn't match the regex
- if: '$BUILD_ENABLE_REGEX != null && $CI_JOB_NAME !~ $BUILD_ENABLE_REGEX'
when: never
# Allow the dev kernels to fail and not fail the overall build
- if: '$KERNEL == "linux-yocto-dev"'
allow_failure: true
# Catch all for everything else
- if: '$KERNEL != "linux-yocto-dev"'
variables:
KUBERNETES_CPU_REQUEST: $CPU_REQUEST
script:
- KASFILES=$(./ci/jobs-to-kas "$CI_JOB_NAME" $EXTRA_KAS_FILES):lockfile.yml
- echo KASFILES=$KASFILES
- kas dump --update --force-checkout --resolve-refs --resolve-env $KASFILES
- KASFILES=$(./ci/jobs-to-kas "$CI_JOB_NAME")
- kas shell --update --force-checkout $KASFILES -c 'cat conf/*.conf'
- kas build $KASFILES
- ./ci/check-warnings $KAS_BUILD_DIR/warnings.log
- kas shell ci/base.yml:lockfile.yml --command "$CI_PROJECT_DIR/ci/junit.sh $KAS_WORK_DIR/build"
- ./ci/check-warnings $KAS_WORK_DIR/build/warnings.log
artifacts:
name: "logs"
when: always
when: on_failure
paths:
- $KAS_BUILD_DIR/tmp*/work*/**/temp/log.do_*.*
- $KAS_BUILD_DIR/tmp*/work*/**/testimage/*
reports:
junit: $KAS_BUILD_DIR/tmp/log/oeqa/junit.xml
- $CI_PROJECT_DIR/work/build/tmp/work*/**/temp/log.do_*.*
# Workaround for Zephyr not currectly handling TESTIMAGE_AUTO
.build_and_test:
extends: .setup
script:
- KASFILES=$(./ci/jobs-to-kas "$CI_JOB_NAME")
- kas shell --update --force-checkout $KASFILES -c 'cat conf/*.conf'
- kas build $KASFILES
- kas build $KASFILES -c testimage
- ./ci/check-warnings $KAS_WORK_DIR/build/warnings.log
#
# Prep stage, update repositories once.
@@ -90,143 +72,209 @@ stages:
update-repos:
extends: .setup
stage: prep
allow_failure:
exit_codes: 128
script:
- |
exit_code=0
# Dump the environment for reference
printenv
# Update the reference repositories if needed
if [ -n "$KAS_REPO_REF_DIR" ]; then
flock --verbose --timeout 60 $KAS_REPO_REF_DIR --command ./ci/update-repos || exit_code=$?
# Exit now if that failed, unless the status was 128 (fetch failed)
test $exit_code != 0 -a $exit_code != 128 && exit 1
fi
# Only generate if doesn't already exist, to allow feature branches to drop one in.
if test -f lockfile.yml; then
echo Using existing lockfile.yml
else
# Be sure that this is the complete list of layers being fetched
kas dump --lock --update ci/qemuarm64.yml:ci/meta-openembedded.yml:ci/clang.yml:ci/meta-virtualization.yml | tee lockfile.yml
fi
exit $exit_code
artifacts:
name: "lockfile"
when: always
paths:
- lockfile.yml
#
# Build stage, the actual build jobs
#
# Available options for building are (VIRT _must_ be last for ssh override)
# DISTRO: [poky, poky-altcfg, poky-tiny]
# KERNEL: [linux-yocto, linux-yocto-dev, linux-yocto-rt]
# TOOLCHAINS: [gcc, clang]
# Available options for building are
# TOOLCHAINS: [gcc, clang, armgcc, external-gccarm]
# TCLIBC: [glibc, musl]
# FIRMWARE: [u-boot, edk2]
# TS: [none, trusted-services]
# TESTING: testimage
# SECUREDEBUG: [none, secure-debug]
# VIRT: [none, xen]
# TESTING: testimage
arm-systemready-ir-acs:
corstone500:
extends: .build
timeout: 12h
parallel:
matrix:
# arm-systemready-ir-acs must be specified after fvp-base for ordering
# purposes for the jobs-to-kas output. It is not enough to just have it
# in the job name because fvp-base.yml overwrites the target.
- PLATFORM: [fvp-base, corstone1000-fvp]
ARM_SYSTEMREADY_IR_ACS: arm-systemready-ir-acs
- TESTING: testimage
tags:
- ${ACS_TAG}
# Validate layers are Yocto Project Compatible
check-layers:
extends: .setup
script:
- kas shell --update --force-checkout ci/base.yml:ci/meta-openembedded.yml:lockfile.yml --command \
"yocto-check-layer-wrapper $CI_PROJECT_DIR/$LAYER --dependency $CI_PROJECT_DIR/meta-* $KAS_WORK_DIR/meta-openembedded/meta-oe --no-auto-dependency"
parallel:
matrix:
- LAYER: [meta-arm, meta-arm-bsp, meta-arm-toolchain]
- x86_64
corstone1000-fvp:
extends: .build
parallel:
matrix:
- FIRMWARE: corstone1000-firmware-only
TESTING: [testimage, tftf]
- FIRMWARE: none
TESTING: testimage
- SYSTEMREADY_FIRMWARE: arm-systemready-firmware
- TESTING: [testimage,tftf]
tags:
- x86_64
corstone1000-mps3:
extends: .build
parallel:
matrix:
- FIRMWARE: corstone1000-firmware-only
TESTING: [none, tftf]
- FIRMWARE: none
SECUREDEBUG: [none, secure-debug]
documentation:
extends: .setup
script:
- |
# This can be removed when the kas container has python3-venv installed
sudo apt-get update && sudo apt-get install --yes python3-venv
python3 -m venv venv
. ./venv/bin/activate
pip3 install -r meta-arm-bsp/documentation/requirements.txt
for CONF in meta-*/documentation/*/conf.py ; do
echo Building $CONF...
SOURCE_DIR=$(dirname $CONF)
MACHINE=$(basename $SOURCE_DIR)
sphinx-build -vW $SOURCE_DIR build-docs/$MACHINE
done
test -d build-docs/
artifacts:
paths:
- build-docs/
fvp-base:
extends: .build
parallel:
matrix:
- TS: [none, fvp-base-ts]
- TESTING: testimage
tags:
- x86_64
fvp-base-arm32:
extends: .build
parallel:
matrix:
- TOOLCHAINS: [gcc, external-gccarm]
TESTING: testimage
- FIRMWARE: [u-boot, edk2]
TESTING: testimage
- SYSTEMREADY_FIRMWARE: arm-systemready-firmware
tags:
- x86_64
fvp-baser-aemv8r64:
extends: .build
parallel:
matrix:
- TESTING: testimage
tags:
- x86_64
fvps:
extends: .build
genericarm64:
gem5-arm64:
extends: .build
parallel:
matrix:
- TOOLCHAINS: [gcc, clang]
TESTING: testimage
- KERNEL: linux-yocto-dev
TESTING: testimage
- VIRT: [none, xen]
gem5-atp-arm64:
extends: .build
generic-arm64:
extends: .build
juno:
extends: .build
parallel:
matrix:
- TOOLCHAINS: [gcc, clang]
FIRMWARE: [u-boot, edk2]
FIRMWARE: [none, edk2]
microbit-v1:
extends: .build_and_test
parallel:
matrix:
- TESTING: testimage-zephyr
musca-b1:
extends: .build
musca-s1:
extends: .build
n1sdp:
extends: .build
parallel:
matrix:
- TOOLCHAINS: [gcc, armgcc]
qemu-cortex-a53:
extends: .build
qemu-cortex-m3:
extends: .build_and_test
parallel:
matrix:
- TESTING: testimage-zephyr
qemu-cortex-r5:
extends: .build
qemu-generic-arm64:
extends: .build
parallel:
matrix:
- TOOLCHAINS: [gcc, clang]
TESTING: testimage
qemuarm64-secureboot:
extends: .build
parallel:
matrix:
- TOOLCHAINS: [gcc, clang]
TCLIBC: [glibc, musl]
TESTING: testimage
qemuarm64:
extends: .build
parallel:
matrix:
- VIRT: xen
qemuarm:
extends: .build
parallel:
matrix:
- TOOLCHAINS: [gcc, clang]
TESTING: testimage
- VIRT: xen
qemuarmv5:
extends: .build
parallel:
matrix:
- TESTING: testimage
sgi575:
extends: .build
tc0:
extends: .build
tags:
- x86_64
tc1:
extends: .build
tags:
- x86_64
toolchains:
extends: .build
selftest:
extends: .setup
script:
- KASFILES=./ci/qemuarm64.yml:./ci/selftest.yml
- kas shell --update --force-checkout $KASFILES -c 'oe-selftest --num-processes 1 --run-tests runfvp'
# Validate layers are Yocto Project Compatible
check-layers:
extends: .setup
script:
- kas shell --update --force-checkout ci/base.yml:ci/meta-openembedded.yml --command \
"yocto-check-layer-wrapper $CI_PROJECT_DIR/$LAYER --dependency $CI_PROJECT_DIR/meta-* $KAS_WORK_DIR/meta-openembedded/meta-oe --no-auto-dependency"
parallel:
matrix:
- LAYER: [meta-arm, meta-arm-bsp, meta-arm-toolchain, meta-gem5]
pending-updates:
extends: .setup
# Only run this job for the default branch (master), or if forced with
# BUILD_FORCE_PENDING_UPDATES.
rules:
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
- if: $BUILD_FORCE_PENDING_UPDATES != null
artifacts:
paths:
- update-report
script:
- rm -fr update-report
# This configuration has all of the layers we need enabled
- kas shell ci/gem5-arm64.yml --command \
"$CI_PROJECT_DIR/scripts/machine-summary.py -t report -o $CI_PROJECT_DIR/update-report $($CI_PROJECT_DIR/ci/listmachines.py meta-arm meta-arm-bsp meta-gem5)"
# Do this on x86 whilst the compilers are x86-only
tags:
- x86_64
# What percentage of machines in the layer do we build
machine-coverage:
@@ -243,124 +291,3 @@ metrics:
script:
- kas shell --update --force-checkout ci/base.yml --command \
"$CI_PROJECT_DIR/ci/patchreview $CI_PROJECT_DIR/meta-* --verbose --metrics $CI_PROJECT_DIR/metrics.txt"
musca-b1:
extends: .build
musca-s1:
extends: .build
pending-updates:
extends: .setup
# Only run this job for the default branch (master), or if forced with
# BUILD_FORCE_PENDING_UPDATES.
rules:
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
- if: $BUILD_FORCE_PENDING_UPDATES != null
artifacts:
paths:
- update-report
script:
- rm -fr update-report
# This configuration has all of the layers we need enabled
- kas shell --update --force-checkout ci/qemuarm64.yml:ci/meta-openembedded.yml:ci/meta-secure-core.yml:lockfile.yml --command \
"$CI_PROJECT_DIR/scripts/machine-summary.py -t report -o $CI_PROJECT_DIR/update-report $($CI_PROJECT_DIR/ci/listmachines.py meta-arm meta-arm-bsp)"
qemuarm64-secureboot:
extends: .build
parallel:
matrix:
- KERNEL: [linux-yocto, linux-yocto-rt]
TOOLCHAINS: [gcc, clang]
TCLIBC: [glibc, musl]
TS: [none, qemuarm64-secureboot-ts]
TESTING: testimage
- TOOLCHAINS: [gcc, clang]
TS: [none, qemuarm64-secureboot-ts]
UEFISB: [none, uefi-secureboot]
TESTING: testimage
- KERNEL: linux-yocto-dev
TESTING: testimage
qemuarm64:
extends: .build
parallel:
matrix:
- DISTRO: poky
KERNEL: [linux-yocto, linux-yocto-rt]
TOOLCHAINS: [gcc, clang]
FIRMWARE: [u-boot, edk2]
TESTING: testimage
- DISTRO: poky-tiny
TESTING: testimage
- VIRT: xen
- KERNEL: linux-yocto-dev
TESTING: testimage
qemuarm-secureboot:
extends: .build
parallel:
matrix:
- KERNEL: [linux-yocto, linux-yocto-rt]
TOOLCHAINS: [gcc, clang]
TCLIBC: [glibc, musl]
TESTING: testimage
- DISTRO: [poky, poky-altcfg]
TESTING: testimage
- KERNEL: linux-yocto-dev
TESTING: testimage
qemuarm:
extends: .build
parallel:
matrix:
- DISTRO: poky
KERNEL: [linux-yocto, linux-yocto-rt]
TOOLCHAINS: [gcc, clang]
FIRMWARE: [u-boot, edk2]
TESTING: testimage
- DISTRO: poky-tiny
TESTING: testimage
- VIRT: xen
- KERNEL: linux-yocto-dev
TESTING: testimage
qemuarmv5:
extends: .build
parallel:
matrix:
- DISTRO: poky
KERNEL: [linux-yocto, linux-yocto-dev, linux-yocto-rt]
TESTING: testimage
- DISTRO: poky-tiny
TESTING: testimage
sbsa-ref:
extends: .build
parallel:
matrix:
- KERNEL: [linux-yocto, linux-yocto-rt]
TOOLCHAINS: [gcc, clang]
TESTING: testimage
- DISTRO: poky-altcfg
TESTING: testimage
- KERNEL: linux-yocto-dev
TESTING: testimage
selftest:
extends: .setup
script:
- KASFILES=./ci/qemuarm64.yml:./ci/selftest.yml:lockfile.yml
- kas shell --update --force-checkout $KASFILES -c 'oe-selftest --num-processes 2 --select-tag meta-arm --run-all-tests'
sgi575:
extends: .build
parallel:
matrix:
- TESTING: testimage
# FVP binary is x86-only
tags:
- x86_64
toolchains:
extends: .build
+22 -46
View File
@@ -6,39 +6,41 @@ This repository contains the Arm layers for OpenEmbedded.
This layer contains general recipes for the Arm architecture, such as firmware, FVPs, and Arm-specific integration.
* meta-arm-autonomy
This layer is the distribution for a reference stack for autonomous systems.
* meta-arm-bsp
This layer contains machines for Arm reference platforms, for example FVP Base, Corstone1000, and Juno.
This layer contains machines for Arm reference platforms, for example FVP Base, N1SDP, and Juno.
* meta-arm-toolchain
This layer contains recipes for Arm's binary toolchains (GCC and Clang for -A and -M), and a recipe to build Arm's GCC.
* meta-atp
This layer contains recipes for the Adaptive Traffic Generation integration into meta-gem5.
* meta-gem5
This layer contains recipes and machines for gem5, a system-level and processor simulator.
Other Directories
-----------------
* ci
This directory contains gitlab continuous integration configuration files (KAS yaml files) as well as scripts needed for this.
* documentation
This directory contains information on the files in this repository, building, and other relevant documents.
This directory contains gitlab continuous integration configuration files (KAS yaml files) as well as scripts needed for this
* kas
This directory contains KAS yaml files to describe builds for systems not used in CI.
This directory contains KAS yaml files to describe builds for systems not used in CI
* scripts
This directory contains scripts used in running the CI tests.
Mailing List
------------
To interact with the meta-arm developer community, please email the meta-arm mailing list at <meta-arm@lists.yoctoproject.org>.
Currently, it is configured to only allow emails to members from those subscribed.
To subscribe to the meta-arm mailing list, please go to
https://lists.yoctoproject.org/g/meta-arm
This directory contains scripts used in running the CI tests
Contributing
------------
@@ -46,51 +48,25 @@ Currently, we only accept patches from the meta-arm mailing list. For general
information on how to submit a patch, please read
https://www.openembedded.org/wiki/How_to_submit_a_patch_to_OpenEmbedded
E-mail <meta-arm@lists.yoctoproject.org> with patches created using this process. You can configure git-send-email to automatically use this address for the meta-arm repository with the following git command:
E-mail meta-arm@lists.yoctoproject.org with patches created using this process. You can configure git-send-email to automatically use this address for the meta-arm repository with the following git command:
`$ git config --local --add sendemail.to meta-arm@lists.yoctoproject.org`
$ git config --local --add sendemail.to meta-arm@lists.yoctoproject.org
Commits and patches added should follow the OpenEmbedded patch guidelines:
https://www.openembedded.org/wiki/Commit_Patch_Message_Guidelines
The component being changed in the shortlog should be prefixed with the layer name (without the meta- prefix), for example:
> arm-bsp/trusted-firmware-a: decrease frobbing level
> arm-toolchain/gcc: enable foobar v2
arm-bsp/trusted-firmware-a: decrease frobbing level
All contributions are under the [MIT License](/COPYING.MIT).
For a quick start guide on how to build and use meta-arm, go to [quick-start.md](/documentation/quick-start.md).
For information on the continuous integration done on meta-arm and how to use it, go to [continuous-integration-and-kas.md](/documentation/continuous-integration-and-kas.md).
Backporting
--------------
Backporting patches to older releases may be done upon request, but only after a version of the patch has been accepted into the master branch. This is done by adding the branch name to email subject line. This should be between the square brackets (e.g., "[" and "]"), and before or after the "PATCH". For example,
> [nanbield PATCH] arm/linux-yocto: backport patch to fix 6.5.13 networking issues
Automatic backporting will be done to all branches if the "Fixes: <SHA>" wording is added to the patch commit message. This is similar to how the Linux kernel community does their LTS kernel backporting. For more information see the "Fixes" portion of
https://www.kernel.org/doc/html/latest/process/submitting-patches.html#submittingpatches
Releases and Release Schedule
--------------
We follow the Yocto Project release methodology, schedule, and stable/LTS support timelines. For more information on these, please reference:
* https://docs.yoctoproject.org/ref-manual/release-process.html
* https://wiki.yoctoproject.org/wiki/Releases
* https://wiki.yoctoproject.org/wiki/Stable_Release_and_LTS
For more in-depth information on the meta-arm release and branch methodology, go to </documentation/releases.md>.
arm-toolchain/gcc: enable foobar v2
Reporting bugs
--------------
E-mail <meta-arm@lists.yoctoproject.org> with the error encountered and the steps
E-mail meta-arm@lists.yoctoproject.org with the error encountered and the steps
to reproduce the issue.
Security and Reporting Security Issues
--------------
For information on the security of meta-arm and how to report issues, please consult [SECURITY.md](/SECURITY.md).
Maintainer(s)
-------------
* Jon Mason <jon.mason@arm.com>
-46
View File
@@ -1,46 +0,0 @@
# Reporting vulnerabilities
Arm takes security issues seriously and welcomes feedback from researchers and
the security community in order to improve the security of its products and
services. We operate a coordinated disclosure policy for disclosing
vulnerabilities and other security issues.
Security issues can be complex and one single timescale doesn't fit all
circumstances. We will make best endeavours to inform you when we expect
security notifications and fixes to be available and facilitate coordinated
disclosure when notifications and patches/mitigations are available.
## How to Report a Potential Vulnerability?
If you would like to report a public issue (for example, one with a released CVE
number), please contact the meta-arm mailing list at
meta-arm@lists.yoctoproject.org and arm-security@arm.com.
If you are dealing with a not-yet released or urgent issue, please send a mail
to the maintainers \(see [README.md](/README.md)\) and arm-security@arm.com, including as much
detail as possible. Encrypted emails using PGP are welcome.
For more information, please visit https://developer.arm.com/support/arm-security-updates/report-security-vulnerabilities.
## Branches maintained with security fixes
meta-arm follows the Yocto release model, so see
[Stable release and LTS](https://wiki.yoctoproject.org/wiki/Stable_Release_and_LTS)
for detailed info regarding the policies and maintenance of stable
branches.
The [Release page](https://wiki.yoctoproject.org/wiki/Releases) contains a list of all
releases of the Yocto Project. Versions in grey are no longer actively maintained with
security patches, but well-tested patches may still be accepted for them for
significant issues.
# Disclaimer
Arm reference solutions are Arm public example software projects that track and
pull upstream components, incorporating their respective security fixes
published over time. Arm partners are responsible for ensuring that the
components they use contain all the required security fixes, if and when they
deploy a product derived from Arm reference solutions.
-6
View File
@@ -1,6 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 11
includes:
- kas/arm-systemready-firmware.yml
-19
View File
@@ -1,19 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 11
includes:
- kas/arm-systemready-ir-acs.yml
env:
ACS_TEST: "0"
local_conf_header:
testimage: |
TESTIMAGE_AUTO = "${ACS_TEST}"
target:
- arm-systemready-ir-acs
- arm-systemready-linux-distros-debian
- arm-systemready-linux-distros-opensuse
- arm-systemready-linux-distros-fedora
+6
View File
@@ -0,0 +1,6 @@
header:
version: 11
local_conf_header:
cc: |
GCCVERSION = "arm-11.2"
+15 -10
View File
@@ -1,13 +1,11 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
version: 11
distro: poky
defaults:
repos:
branch: walnascar
refspec: kirkstone
repos:
meta-arm:
@@ -28,18 +26,25 @@ env:
local_conf_header:
base: |
BB_SERVER_TIMEOUT = "60"
CONF_VERSION = "2"
BB_SERVER_TIMEOUT = "300"
BB_NUMBER_THREADS = "16"
PARALLEL_MAKE = "-j16"
LICENSE_FLAGS_ACCEPTED += "Arm-FVP-EULA"
setup: |
PACKAGE_CLASSES = "package_ipk"
PACKAGECONFIG:remove:pn-qemu-system-native = "gtk+ sdl"
EXTRA_IMAGE_FEATURES:append = " debug-tweaks"
PACKAGECONFIG:append:pn-perf = " coresight"
INHERIT += "rm_work"
extrapackages: |
CORE_IMAGE_EXTRA_INSTALL += "perf opencsd"
CORE_IMAGE_EXTRA_INSTALL:append:aarch64 = " gator-daemon"
DISTRO_FEATURES:remove = "ptest"
kvm: |
QEMU_USE_KVM = ""
perf: |
CORE_IMAGE_EXTRA_INSTALL += "perf"
sshkeys: |
CORE_IMAGE_EXTRA_INSTALL += "ssh-pregen-hostkeys"
machine: unset
target:
- core-image-sato
- core-image-base
+2 -4
View File
@@ -1,12 +1,10 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
version: 11
repos:
meta-clang:
url: https://github.com/kraj/meta-clang
local_conf_header:
toolchain: |
clang: |
TOOLCHAIN = "clang"
+6 -6
View File
@@ -1,13 +1,13 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
version: 11
includes:
- ci/base.yml
- ci/meta-openembedded.yml
- ci/meta-secure-core.yml
- kas/corstone1000-image-configuration.yml
local_conf_header:
perf: |
distro: poky-tiny
target:
- core-image-minimal
- perf
- corstone1000-image
-10
View File
@@ -1,10 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
includes:
- kas/corstone1000-firmware-only.yml
target:
- corstone1000-flash-firmware-image
- perf
+7 -4
View File
@@ -1,9 +1,12 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
version: 11
includes:
- ci/corstone1000-common.yml
- ci/fvp.yml
local_conf_header:
fvp-config: |
# Remove Dropbear SSH as it will not fit into the corstone1000 image.
IMAGE_FEATURES:remove = " ssh-server-dropbear"
INHERIT += "fvpboot"
machine: corstone1000-fvp
+1 -3
View File
@@ -1,7 +1,5 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
version: 11
includes:
- ci/corstone1000-common.yml
+18
View File
@@ -0,0 +1,18 @@
header:
version: 11
includes:
- ci/base.yml
local_conf_header:
testimagefvp: |
INHERIT += "fvpboot"
IMAGE_FEATURES:remove = " ssh-server-dropbear"
perf: |
machine: corstone500
distro: poky-tiny
target:
- core-image-minimal
- perf
-21
View File
@@ -1,21 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
local_conf_header:
cve: |
INHERIT += "cve-check"
# Allow the runner environment to provide an API key
NVDCVE_API_KEY = "${@d.getVar('BB_ORIGENV').getVar('NVDCVE_API_KEY') or ''}"
# Just show the warnings for our layers
CVE_CHECK_SHOW_WARNINGS = "0"
CVE_CHECK_SHOW_WARNINGS:layer-arm-toolchain = "1"
CVE_CHECK_SHOW_WARNINGS:layer-meta-arm = "1"
CVE_CHECK_SHOW_WARNINGS:layer-meta-arm-bsp = "1"
CVE_CHECK_SHOW_WARNINGS:layer-meta-arm-systemready = "1"
# Ignore the kernel, we sometime carry kernels in meta-arm
CVE_CHECK_SHOW_WARNINGS:pn-linux-yocto = "0"
-9
View File
@@ -1,9 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
# Add universally helpful features when testing boards
local_conf_header:
rootlogin: |
EXTRA_IMAGE_FEATURES:append = " allow-empty-password empty-root-password allow-root-login"
-31
View File
@@ -1,31 +0,0 @@
#! /usr/bin/env python3
"""
Download the lockfile.yml produced by a CI pipeline, specified by the GitLab
server, full name of the meta-arm project, and the refspec that was executed.
For example,
$ ./download-lockfile.py https://gitlab.com/ rossburton/meta-arm master
SPDX-FileCopyrightText: Copyright 2023 Arm Limited and Contributors
SPDX-License-Identifier: GPL-2.0-only
"""
import argparse
import gitlab
import io
import zipfile
parser = argparse.ArgumentParser()
parser.add_argument("server", help="GitLab server name")
parser.add_argument("project", help="meta-arm project name")
parser.add_argument("refspec", help="Branch/commit")
args = parser.parse_args()
gl = gitlab.Gitlab(args.server)
project = gl.projects.get(args.project)
artefact = project.artifacts.download(ref_name=args.refspec, job="update-repos")
z = zipfile.ZipFile(io.BytesIO(artefact))
z.extract("lockfile.yml")
print("Fetched lockfile.yml")
+1 -9
View File
@@ -1,7 +1,5 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
version: 11
local_conf_header:
bootfirmware: |
@@ -9,9 +7,3 @@ local_conf_header:
MACHINE_FEATURES += "efi"
TFA_UBOOT = "0"
TFA_UEFI = "1"
EXTRA_IMAGEDEPENDS += "edk2-firmware"
EFI_PROVIDER ?= "grub-efi"
QB_DEFAULT_BIOS = "QEMU_EFI.fd"
WKS_FILE ?= "efi-disk.wks.in"
+8
View File
@@ -0,0 +1,8 @@
header:
version: 11
local_conf_header:
cc: |
SKIP_RECIPE[gcc-cross-arm] = "Using external toolchain"
TCMODE = "external-arm"
EXTERNAL_TOOLCHAIN = "${TOPDIR}/toolchains/${TARGET_ARCH}"
+16
View File
@@ -0,0 +1,16 @@
header:
version: 11
includes:
- ci/base.yml
machine: fvp-base-arm32
local_conf_header:
testimagefvp: |
INHERIT = "fvpboot"
# This fails but we can't add to the ignorelist from meta-arm yet
# https://bugzilla.yoctoproject.org/show_bug.cgi?id=14604
TEST_SUITES:remove = "parselogs"
# Tell testimage to connect to localhost:8122, and forward that to SSH in the FVP.
TEST_TARGET_IP = "127.0.0.1:8122"
FVP_CONFIG[bp.virtio_net.hostbridge.userNetPorts] = "8122=22"
-34
View File
@@ -1,34 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
includes:
- ci/fvp-base.yml
- ci/meta-openembedded.yml
- ci/testimage.yml
local_conf_header:
trusted_services: |
# Enable the needed test suites
TEST_SUITES = " ping ssh trusted_services"
# Include all Secure Partitions into the image
MACHINE_FEATURES:append = " arm-ffa ts-crypto ts-storage ts-its"
MACHINE_FEATURES:append = " ts-attestation ts-smm-gateway optee-spmc-test"
MACHINE_FEATURES:append = " ts-block-storage ts-fwu"
# Include TS demo/test tools into image
IMAGE_INSTALL:append = " packagegroup-ts-tests"
# Include TS PSA Arch tests into image
IMAGE_INSTALL:append = " packagegroup-ts-tests-psa"
CORE_IMAGE_EXTRA_INSTALL += "optee-test"
# Set the TS environment
TS_ENV="sp"
# Enable and configure semihosting
FVP_CONFIG[cluster0.cpu0.semihosting-cwd] = "${DEPLOY_DIR_IMAGE}"
FVP_CONFIG[cluster0.cpu1.semihosting-cwd] = "${DEPLOY_DIR_IMAGE}"
FVP_CONFIG[cluster0.cpu2.semihosting-cwd] = "${DEPLOY_DIR_IMAGE}"
FVP_CONFIG[cluster0.cpu3.semihosting-cwd] = "${DEPLOY_DIR_IMAGE}"
FVP_CONFIG[cluster1.cpu0.semihosting-cwd] = "${DEPLOY_DIR_IMAGE}"
FVP_CONFIG[cluster1.cpu1.semihosting-cwd] = "${DEPLOY_DIR_IMAGE}"
FVP_CONFIG[cluster1.cpu2.semihosting-cwd] = "${DEPLOY_DIR_IMAGE}"
FVP_CONFIG[cluster1.cpu3.semihosting-cwd] = "${DEPLOY_DIR_IMAGE}"
FVP_CONFIG[semihosting-enable] = "True"
+10 -7
View File
@@ -1,13 +1,16 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
version: 11
includes:
- ci/base.yml
- ci/fvp.yml
machine: fvp-base
target:
- core-image-full-cmdline
- boot-wrapper-aarch64
local_conf_header:
testimagefvp: |
INHERIT += "fvpboot"
# This fails but we can't add to the ignorelist from meta-arm yet
# https://bugzilla.yoctoproject.org/show_bug.cgi?id=14604
TEST_SUITES:remove = "parselogs"
# Tell testimage to connect to localhost:8022, and forward that to SSH in the FVP.
TEST_TARGET_IP = "localhost:8022"
FVP_CONFIG[bp.virtio_net.hostbridge.userNetPorts] ?= "8022=22"
+7
View File
@@ -0,0 +1,7 @@
header:
version: 11
includes:
- ci/base.yml
machine: fvp-baser-aemv8r64
-9
View File
@@ -1,9 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
local_conf_header:
testimagefvp: |
LICENSE_FLAGS_ACCEPTED += "Arm-FVP-EULA"
IMAGE_CLASSES += "fvpboot"
+5 -16
View File
@@ -1,31 +1,20 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
# Simple target to build the FVPs that are publically available
header:
version: 14
version: 11
includes:
- ci/base.yml
machine: qemuarm64
local_conf_header:
license: |
LICENSE_FLAGS_ACCEPTED += "Arm-FVP-EULA"
sdk: |
SDKMACHINE = "x86_64"
target:
# Target packages to test aarch64
- fvp-base-a-aem
- fvp-corstone1000
- fvp-rd1-ae
- fvp-v3-r1
# Nativesdk to test x86-64
- nativesdk-fvp-base-a-aem
- nativesdk-fvp-corstone1000
- nativesdk-fvp-rd1-ae
- nativesdk-fvp-v3-r1
# These are x86 only... :(
- nativesdk-fvp-n1-edge
- nativesdk-fvp-sgi575
- nativesdk-fvp-tc3
- nativesdk-fvp-corstone500
- nativesdk-fvp-corstone1000
- nativesdk-fvp-tc0
-9
View File
@@ -1,9 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
#NOTE: This is the default for poky. This is only being added for completeness/clarity
local_conf_header:
toolchain: |
TOOLCHAIN = "gcc"
+16
View File
@@ -0,0 +1,16 @@
header:
version: 11
includes:
- ci/base.yml
- ci/meta-openembedded.yml
repos:
meta-arm:
layers:
meta-gem5:
machine: gem5-arm64
target:
- core-image-minimal
- gem5-aarch64-native
+15
View File
@@ -0,0 +1,15 @@
header:
version: 11
includes:
- ci/gem5-arm64.yml
repos:
meta-arm:
layers:
meta-atp:
machine: gem5-atp-arm64
target:
- atp-native
- core-image-minimal
+6
View File
@@ -0,0 +1,6 @@
header:
version: 11
includes:
- ci/base.yml
machine: generic-arm64
-21
View File
@@ -1,21 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
includes:
- ci/base.yml
repos:
poky:
layers:
meta-yocto-bsp:
local_conf_header:
bootloader: |
# If running genericarm64 in a qemu we need to manually build the bootloader
EXTRA_IMAGEDEPENDS += "virtual/bootloader"
sshpregen: |
# Allow the use of the pregen keys as this is CI so safe
COMPATIBLE_MACHINE:pn-ssh-pregen-hostkeys:genericarm64 = "genericarm64"
machine: genericarm64
+50
View File
@@ -0,0 +1,50 @@
#!/bin/bash
set -u -e
BASENAME=gcc-arm
VER=${VER:-10.3-2021.07}
HOST_ARCH=${HOST_ARCH:-$(uname -m)}
DOWNLOAD_DIR=$1
TOOLCHAIN_DIR=$2
TOOLCHAIN_LINK_DIR=$3
# These should be already created by .gitlab-ci.yml, but do here if run outside of that env
mkdir -p $DOWNLOAD_DIR $TOOLCHAIN_DIR $TOOLCHAIN_LINK_DIR
download() {
TRIPLE=$1
URL=https://developer.arm.com/-/media/Files/downloads/gnu-a/$VER/binrel/$BASENAME-$VER-$HOST_ARCH-$TRIPLE.tar.xz
wget -P $DOWNLOAD_DIR -nc $URL
}
if [ $HOST_ARCH = "aarch64" ]; then
# AArch64 Linux hosted cross compilers
# AArch32 target with hard float
download arm-none-linux-gnueabihf
elif [ $HOST_ARCH = "x86_64" ]; then
# x86_64 Linux hosted cross compilers
# AArch32 target with hard float
download arm-none-linux-gnueabihf
# AArch64 GNU/Linux target
download aarch64-none-linux-gnu
else
echo "ERROR - Unknown build arch of $HOST_ARCH"
exit 1
fi
for i in arm aarch64; do
if [ ! -d $TOOLCHAIN_DIR/$BASENAME-$VER-$HOST_ARCH-$i-none-linux-gnu*/ ]; then
if [ ! -f $DOWNLOAD_DIR/$BASENAME-$VER-$HOST_ARCH-$i-none-linux-gnu*.tar.xz ]; then
continue
fi
tar -C $TOOLCHAIN_DIR -axvf $DOWNLOAD_DIR/$BASENAME-$VER-$HOST_ARCH-$i-none-linux-gnu*.tar.xz
fi
# Setup a link for the toolchain to use local to the building machine (e.g., not in a shared location)
ln -s $TOOLCHAIN_DIR/$BASENAME-$VER-$HOST_ARCH-$i-none-linux-gnu* $TOOLCHAIN_LINK_DIR/$i
done
-9
View File
@@ -1,9 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
#NOTE: This is the default for poky. This is only being added for completeness/clarity
local_conf_header:
libc: |
TCLIBC = "glibc"
+6 -22
View File
@@ -3,41 +3,25 @@
# This script is expecting an input of machine name, optionally followed by a
# colon and a list of one or more parameters separated by commas between
# brackets. For example, the following are acceptable:
# corstone1000-mps3
# fvp-base: [testimage]
# qemuarm64-secureboot: [clang, glibc, testimage]
# This argument should be quoted to avoid expansion and to be handled
# as a single value.
#
# Any further arguments will be handled as further yml file basenames.
# corstone500
# fvp-base: [testimage]
# qemuarm64-secureboot: [clang, glibc, testimage]
#
# Turn this list into a series of yml files separated by colons to pass to kas
set -e -u
# First, parse the GitLab CI job name (CI_JOB_NAME via $1) and accumulate a list
# of Kas files.
JOBNAME="$1"
shift
FILES="ci/$(echo $1 | cut -d ':' -f 1).yml"
# The base name of the job
FILES="ci/$(echo $JOBNAME | cut -d ':' -f 1).yml"
# The list of matrix variations
for i in $(echo $JOBNAME | cut -s -d ':' -f 2 | sed 's/[][,]//g'); do
for i in $(echo $1 | cut -s -d ':' -f 2 | sed 's/[][,]//g'); do
# Given that there are no yml files for gcc or glibc, as those are the
# defaults, we can simply ignore those parameters. They are necessary
# to pass in so that matrix can correctly setup all of the permutations
# of each individual run.
if [[ $i == 'none' ]]; then
if [[ $i == 'none' || $i == 'gcc' || $i == 'glibc' ]]; then
continue
fi
FILES+=":ci/$i.yml"
done
# Now pick up any further names
for i in $*; do
FILES+=":ci/$i.yml"
done
echo $FILES
-15
View File
@@ -1,15 +0,0 @@
#! /bin/bash
# $ ci/junit.sh <build directory>
#
# If there is a OEQA test report in JSON format present in the build directory,
# transform it to JUnit XML using resulttool.
set -e -u
BUILDDIR=$1
JSON=$BUILDDIR/tmp/log/oeqa/testresults.json
if test -f $JSON; then
resulttool junit $JSON
fi
+1 -3
View File
@@ -1,7 +1,5 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
version: 11
includes:
- ci/base.yml
-8
View File
@@ -1,8 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
local_conf_header:
kernel: |
PREFERRED_PROVIDER_virtual/kernel = "linux-yocto-dev"
-8
View File
@@ -1,8 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
local_conf_header:
kernel: |
PREFERRED_PROVIDER_virtual/kernel = "linux-yocto-rt"
-9
View File
@@ -1,9 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
#NOTE: This is the default for poky. This is only being added for completeness/clarity
local_conf_header:
kernel: |
PREFERRED_PROVIDER_virtual/kernel = "linux-yocto"
+1 -4
View File
@@ -1,7 +1,5 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
version: 11
repos:
meta-openembedded:
@@ -11,4 +9,3 @@ repos:
meta-networking:
meta-oe:
meta-python:
meta-perl:
-13
View File
@@ -1,13 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
repos:
meta-secure-core:
url: https://github.com/Wind-River/meta-secure-core.git
layers:
meta-secure-core-common:
meta-signing-key:
meta-efi-secure-boot:
+1 -3
View File
@@ -1,7 +1,5 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
version: 11
includes:
- ci/meta-openembedded.yml
+13
View File
@@ -0,0 +1,13 @@
header:
version: 11
includes:
- ci/meta-openembedded.yml
repos:
meta-zephyr:
url: https://git.yoctoproject.org/meta-zephyr
layers:
meta-zephyr-core:
target:
- zephyr-kernel-test-all
+7
View File
@@ -0,0 +1,7 @@
header:
version: 11
includes:
- ci/base.yml
- ci/meta-zephyr.yml
machine: microbit-v1
+7 -4
View File
@@ -1,12 +1,15 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
version: 11
includes:
- ci/base.yml
- ci/meta-openembedded.yml
- ci/meta-zephyr.yml
local_conf_header:
nonbuilding_tests: |
ZEPHYRTESTS:remove = "common sleep poll device queue"
machine: musca-b1
target:
- trusted-firmware-m
- zephyr-kernel-test-all
+7 -4
View File
@@ -1,12 +1,15 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
version: 11
includes:
- ci/base.yml
- ci/meta-openembedded.yml
- ci/meta-zephyr.yml
local_conf_header:
nonbuilding_tests: |
ZEPHYRTESTS:remove = "common sleep poll device queue"
machine: musca-s1
target:
- trusted-firmware-m
- zephyr-kernel-test-all
+1 -3
View File
@@ -1,7 +1,5 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
version: 11
local_conf_header:
libc: |
+6
View File
@@ -0,0 +1,6 @@
header:
version: 11
includes:
- ci/base.yml
machine: n1sdp
-4
View File
@@ -1,4 +0,0 @@
header:
version: 14
distro: poky-altcfg
-16
View File
@@ -1,16 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
distro: poky-tiny
local_conf_header:
hacking: |
TEST_SUITES = "_qemutiny ping"
extrapackages: |
# Intentionally blank to prevent perf from being added to the image in base.yml
target:
- core-image-minimal
- perf
-6
View File
@@ -1,6 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
distro: poky
+9
View File
@@ -0,0 +1,9 @@
header:
version: 11
includes:
- ci/base.yml
- ci/meta-zephyr.yml
# FIXME - testimage fails all tests currently, but all the tests build
machine: qemu-cortex-a53
+20
View File
@@ -0,0 +1,20 @@
header:
version: 11
includes:
- ci/base.yml
- ci/meta-zephyr.yml
repos:
meta-zephyr:
layers:
meta-zephyr-bsp:
local_conf_header:
tclibc: |
TCLIBC = "newlib"
nonbuilding_tests: |
ZEPHYRTESTS:remove = "context pending poll sleep"
qemu_opts: |
QB_OPT_APPEND = "-icount shift=3,align=off,sleep=on -rtc clock=vm"
machine: qemu-cortex-m3
+11
View File
@@ -0,0 +1,11 @@
header:
version: 11
includes:
- ci/base.yml
- ci/meta-zephyr.yml
local_conf_header:
nonbuilding_tests: |
ZEPHYRTESTS:remove = "common poll sleep queue device"
machine: qemu-cortex-r5
+14
View File
@@ -0,0 +1,14 @@
header:
version: 11
includes:
- ci/generic-arm64.yml
local_conf_header:
failing_tests: |
DEFAULT_TEST_SUITES:remove = "parselogs"
machine: qemu-generic-arm64
target:
- core-image-base
- sbsa-acs
-16
View File
@@ -1,16 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
includes:
- ci/base.yml
machine: qemuarm-secureboot
target:
- core-image-base
local_conf_header:
optee: |
IMAGE_INSTALL:append = " optee-test optee-client optee-os-ta"
TEST_SUITES:append = " optee ftpm"
+1 -3
View File
@@ -1,7 +1,5 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
version: 11
includes:
- ci/base.yml
-17
View File
@@ -1,17 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
includes:
- ci/meta-openembedded.yml
local_conf_header:
trusted_services: |
TEST_SUITES:append = " trusted_services"
# Include TS Crypto, TS Protected Storage, and TS Internal Trusted Storage and SPs into optee-os image
# FIXME - remove TS SMM Gateway due to QEMU v9.0.0 test failures
MACHINE_FEATURES:append = " arm-ffa ts-crypto ts-storage ts-its"
# Include TS demo/test tools into image
IMAGE_INSTALL:append = " packagegroup-ts-tests"
# Include TS PSA Arch tests into image
IMAGE_INSTALL:append = " packagegroup-ts-tests-psa"
+10 -8
View File
@@ -1,16 +1,18 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
version: 11
includes:
- ci/base.yml
machine: qemuarm64-secureboot
local_conf_header:
failing_tests: |
# software IO TLB: Cannot allocate buffer
DEFAULT_TEST_SUITES:remove = "parselogs"
target:
- core-image-base
local_conf_header:
optee: |
IMAGE_INSTALL:append = " optee-test optee-client optee-os-ta"
TEST_SUITES:append = " optee ftpm"
- optee-examples
- optee-test
- optee-spdevkit
- optee-os-tadevkit
+1 -3
View File
@@ -1,7 +1,5 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
version: 11
includes:
- ci/base.yml
+1 -3
View File
@@ -1,7 +1,5 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
version: 11
includes:
- ci/base.yml
-12
View File
@@ -1,12 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
includes:
- ci/base.yml
machine: sbsa-ref
target:
- core-image-sato
- sbsa-acs
-8
View File
@@ -1,8 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
local_conf_header:
secure-debug: |
MACHINE_FEATURES += "secure-debug"
+1 -3
View File
@@ -1,7 +1,5 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
version: 11
local_conf_header:
setup: |
+1 -9
View File
@@ -1,14 +1,6 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
version: 11
includes:
- ci/base.yml
- ci/fvp.yml
local_conf_header:
sshpregen: |
# Allow the use of the pregen keys as this is CI so safe
COMPATIBLE_MACHINE:pn-ssh-pregen-hostkeys:sgi575 = "sgi575"
machine: sgi575
-11
View File
@@ -1,11 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
local_conf_header:
sstate_mirror: |
BB_HASHSERVE_UPSTREAM = "wss://hashserv.yoctoproject.org/ws"
SSTATE_MIRRORS = "file://.* http://cdn.jsdelivr.net/yocto/sstate/all/PATH;downloadfilename=PATH"
BB_HASHSERVE = "auto"
BB_SIGNATURE_HANDLER = "OEEquivHash"
+9
View File
@@ -0,0 +1,9 @@
header:
version: 11
includes:
- ci/base.yml
machine: tc0
target:
- tc-artifacts-image
+9
View File
@@ -0,0 +1,9 @@
header:
version: 11
includes:
- ci/base.yml
machine: tc1
target:
- tc-artifacts-image
+8
View File
@@ -0,0 +1,8 @@
header:
version: 11
local_conf_header:
testimage: |
IMAGE_CLASSES += "testimage"
TEST_TARGET = "QemuTargetZephyr"
TEST_SUITES = "zephyr"
+4 -12
View File
@@ -1,21 +1,13 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
includes:
- ci/debug.yml
version: 11
local_conf_header:
testimage: |
IMAGE_CLASSES += "testimage"
TESTIMAGE_AUTO = "1"
kvm: |
QEMU_USE_KVM = ""
slirp: |
TEST_RUNQEMUPARAMS = "slirp"
TEST_SERVER_IP = "127.0.0.1"
QEMU_USE_SLIRP = "1"
sshd: |
IMAGE_FEATURES += "ssh-server-dropbear"
sshkeys: |
CORE_IMAGE_EXTRA_INSTALL += "ssh-pregen-hostkeys"
universally_failing_tests: |
TEST_SUITES:remove = "opkg"
IMAGE_FEATURES:append = " ssh-server-dropbear"
+1 -4
View File
@@ -1,10 +1,7 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
version: 9
local_conf_header:
tftf: |
TFA_UBOOT = "0"
TFA_UEFI = "0"
TFTF_TESTS = "1"
+2 -3
View File
@@ -1,7 +1,5 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
version: 11
includes:
- ci/base.yml
@@ -18,3 +16,4 @@ target:
- nativesdk-gcc-aarch64-none-elf
- gcc-arm-none-eabi
- nativesdk-gcc-arm-none-eabi
- nativesdk-androidclang
-10
View File
@@ -1,10 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
local_conf_header:
bootfirmware: |
PREFERRED_PROVIDER_virtual/bootloader = "u-boot"
TFA_UBOOT = "1"
TFA_UEFI = "0"
-51
View File
@@ -1,51 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
# UEFI Secure Boot: A mechanism to ensure that only trusted software is executed
# during the boot process.
header:
version: 14
includes:
- ci/meta-openembedded.yml
- ci/meta-secure-core.yml
local_conf_header:
uefi_secureboot: |
SBSIGN_KEYS_DIR = "${TOPDIR}/sbkeys"
BB_ENV_PASSTHROUGH_ADDITIONS = "SBSIGN_KEYS_DIR"
# Detected by passing kernel parameter
QB_KERNEL_ROOT = ""
# kernel is in the image, should not be loaded separately
QB_DEFAULT_KERNEL = "none"
WKS_FILE = "efi-disk.wks.in"
KERNEL_IMAGETYPE = "Image"
MACHINE_FEATURES:append = " efi uefi-secureboot uefi-http-boot uefi-capsule-updates"
EFI_PROVIDER = "systemd-boot"
# Use systemd as the init system
INIT_MANAGER = "systemd"
IMAGE_INSTALL:append = " systemd systemd-boot util-linux coreutils"
TEST_SUITES:append = " uefi_secureboot uki"
IMAGE_CLASSES += "uki"
IMAGE_CLASSES += "sbsign"
UKI_SB_KEY = "${SBSIGN_KEY}"
UKI_SB_CERT = "${SBSIGN_CERT}"
QB_KERNEL_ROOT = ""
IMAGE_BOOT_FILES:remove = "Image"
INITRAMFS_IMAGE = "core-image-initramfs-boot"
# not for initramfs image recipe
IMAGE_CLASSES:remove:pn-core-image-initramfs-boot = "uki"
IMAGE_CLASSES:remove:pn-core-image-initramfs-boot = "sbsign"
IMAGE_CLASSES:remove:pn-core-image-initramfs-boot = "testimage"
IMAGE_FEATURES:remove:pn-core-image-initramfs-boot = "ssh-server-dropbear"
CORE_IMAGE_EXTRA_INSTALL:remove:pn-core-image-initramfs-boot = "ssh-pregen-hostkeys"
+3 -10
View File
@@ -23,6 +23,7 @@ repositories = (
"https://git.yoctoproject.org/poky",
"https://git.openembedded.org/meta-openembedded",
"https://git.yoctoproject.org/meta-virtualization",
"https://git.yoctoproject.org/meta-zephyr",
"https://github.com/kraj/meta-clang",
)
@@ -32,7 +33,6 @@ if __name__ == "__main__":
sys.exit(1)
base_repodir = pathlib.Path(os.environ["KAS_REPO_REF_DIR"])
failed = False
for repo in repositories:
repodir = base_repodir / repo_shortname(repo)
@@ -42,15 +42,8 @@ if __name__ == "__main__":
shutil.rmtree(repodir, ignore_errors=True)
if repodir.exists():
try:
print("Updating %s..." % repo)
subprocess.run(["git", "-C", repodir, "-c", "gc.autoDetach=false", "fetch", repo], check=True)
except subprocess.CalledProcessError as e:
print(e)
failed = True
print("Updating %s..." % repo)
subprocess.run(["git", "-C", repodir, "-c", "gc.autoDetach=false", "fetch"], check=True)
else:
print("Cloning %s..." % repo)
subprocess.run(["git", "clone", "--bare", repo, repodir], check=True)
if failed:
sys.exit(128)
+1 -6
View File
@@ -1,16 +1,11 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
version: 11
includes:
- ci/meta-virtualization.yml
- ci/poky-altcfg.yml
local_conf_header:
meta-virt: |
DISTRO_FEATURES:append = " virtualization xen"
sshd: |
IMAGE_FEATURES:append = " ssh-server-openssh"
target:
- xen-image-minimal
@@ -1,67 +0,0 @@
# **CI for Yocto Project and meta-arm**
# **CI for Yocto Project**
The Yocto Project has an autobuilder that performs nightly builds and image tests on all of the defined QEMU machines, including qemuarm and qemuarm64 Also, it currently runs builds on the hardware reference platforms including genericarm64 and meta-arm mahines fvp-base and sbsa-ref. More information on the autobuilder can be found at <https://autobuilder.yoctoproject.org/>.
More information on the image tests can be found at <https://wiki.yoctoproject.org/wiki/Image_tests>.
The Yocto Project also has the ability to have individual package tests, ptests.  For more information on those, go to <https://wiki.yoctoproject.org/wiki/Ptest>.
# **CI for meta-arm**
meta-arm is using the Gitlab CI infrastructure.  This is currently being done internal to Arm, but an external version can be seen at <https://gitlab.com/jonmason00/meta-arm/-/pipelines>.
This CI is constantly being expanded to provide increased coverage of the software and hardware supported in meta-arm. All platforms are required to add a kas file and `.gitlab-ci.yml` entry as part of the initial patch series. More information on kas can be found at <https://github.com/siemens/kas>.
To this end, it would be wise to run kas locally to verify everything works prior to pushing to the CI build system.
## **Running kas locally**
### **Install kas**
kas can be installed with pip, for example:
```
$ pip3 install --user kas
```
See <https://kas.readthedocs.io/en/latest/userguide/getting-started.html> for information on the dependencies and more.
This assumes that the kas path ($HOME/.local/bin) is in $PATH. If not, the user will need to manually add this or the kas command will not be found.
### **Run kas locally**
```
$ cd ~/meta-arm/
$ kas build kas/juno.yml
```
By default kas will create a build directory under meta-arm to contain the checked out layers, build directory, and downloads.  You can change this by setting environment variables. DL\_DIR and SSTATE\_DIR are respected so these can point at existing directories, and setting KAS\_WORK\_DIR to the directory where repositories are already cloned will save having to re-fetch. This can look something like:
```
$ SSTATE_DIR=/builds/persist/sstate DL_DIR=/builds/persist/downloads kas build ci/qemuarm64.yml:ci/testimage.yml
```
See the [quick start guide](/documentation/quick-start.md) for more information on how to set this up.
## **Locked Revisions in CI with lockfiles**
The CI in meta-arm will generate a kas "lock file" when it starts to ensure that all of the builds checkout the same revision of the various different layers that are used. If this isn't done then there's a chance that a layer will be modified upstream during the CI, which results in some builds failing and some builds passing.
This lock file is saved as an artefact of the update-repos job by the CI, and only generated if it doesn't already exist in the repository. This can be used to force specific revisions of layers to be used instead of HEAD, which can be useful if upstream changes are causing problems in development.
The lockfile.yml can be downloaded manually, but there's a script in meta-arm to fetch the lock file for the latest successful build of the specified branch:
```
$ ./ci/download-lockfile.py --help
usage: download-lockfile.py [-h] server project refspec
positional arguments:
server GitLab server name
project meta-arm project name
refspec Branch/commit
$ ./ci/download-lockfile.py https://gitlab.com/jonmason00/meta-arm master
Fetched lockfile.yml
Commit this lockfile.yml to the top-level of the meta-arm repository and the CI will use it automatically.
```
# **Relevant Links for kas, CI, and testing**
<https://github.com/siemens/kas.git>
<https://wiki.yoctoproject.org/wiki/Oe-selftest>
<https://wiki.yoctoproject.org/wiki/Image_tests>
<https://wiki.yoctoproject.org/wiki/Ptest>
<https://wiki.yoctoproject.org/wiki/BSP_Test_Plan>
+26 -20
View File
@@ -4,36 +4,32 @@ OE-Core's [oeqa][OEQA] framework provides a method of performing runtime tests o
Tests can be configured to run automatically post-build by setting the variable `TESTIMAGE_AUTO="1"`, e.g. in your Kas file or local.conf.
meta-arm provides the OEFVPTarget which must be set up in the machine configuration:
```
TEST_TARGET = "OEFVPTarget"
TEST_SERVER_IP = "127.0.0.1"
TEST_TARGET_IP = "127.0.0.1:2222"
IMAGE_FEATURES:append = " ssh-server-dropbear"
FVP_CONFIG[bp.virtio_net.hostbridge.userNetPorts] ?= "2222=22"
FVP_CONSOLES[default] = "terminal_0"
FVP_CONSOLES[tf-a] = "s_terminal_0"
```
There are two main methods of testing, using different test "targets".
The test target also generates a log file with the prefix 'fvp_log' in the image recipe's `${WORKDIR}/testimage` containing the FVP's stdout.
## OEFVPTarget
OEFVPTarget supports two different test interfaces - SSH and pexpect.
This runs test cases on a machine using SSH. It therefore requires that an SSH server is installed in the image.
## SSH
As in OEQA in OE-core, tests cases can run commands on the machine using SSH. It therefore requires that an SSH server is installed in the image.
This uses the `run` method on the target, e.g:
In test cases, the primary interface with the target is, e.g:
```
(status, output) = self.target.run('uname -a')
```
which executes a single command on the target (using `ssh -c`) and returns the status code and the output. It is therefore useful for running tests in a Linux environment.
which runs a single command on the target (using `ssh -c`) and returns the status code and the output. It is therefore useful for running tests in a Linux environment.
For examples of test cases, see meta/lib/oeqa/runtime/cases in OE-Core. The majority of test cases depend on `ssh.SSHTest.test_ssh`, which first validates that the SSH connection is functioning.
## pexpect
Example machine configuration:
```
TEST_TARGET = "OEFVPTarget"
TEST_SERVER_IP = "127.0.0.1"
TEST_TARGET_IP = "127.0.0.1:8022"
IMAGE_FEATURES:append = " ssh-server-dropbear"
FVP_CONFIG[bp.virtio_net.hostbridge.userNetPorts] ?= "8022=22"
```
To support firmware and baremetal testing, OEFVPTarget also allows test cases to make assertions against one or more consoles using the pexpect library.
## OEFVPSerialTarget
This runs tests against one or more serial consoles on the FVP. It is more flexible than OEFVPTarget, but test cases written for this test target do not support the test cases in OE-core. As it does not require an SSH server, it is suitable for machines with performance or memory limitations.
Internally, this test target launches a [Pexpect][PEXPECT] instance for each entry in FVP_CONSOLES which can be used with the provided alias. The whole Pexpect API is exposed on the target, where the alias is always passed as the first argument, e.g.:
```
@@ -43,6 +39,16 @@ self.assertNotIn(b'ERROR:', self.target.before('tf-a'))
For an example of a full test case, see meta-arm/lib/oeqa/runtime/cases/linuxboot.py This test case can be used to minimally verify that a machine boots to a Linux shell. The default timeout is 10 minutes, but this can be configured with the variable TEST_FVP_LINUX_BOOT_TIMEOUT, which expects a value in seconds.
The SSH interface described above is also available on OEFVPSerialTarget to support writing a set of hybrid test suites that use a combination of serial and SSH access. Note however that this test target does not guarantee that Linux has booted to shell prior to running any tests, so the test cases in OE-core are not supported.
Example machine configuration:
```
TEST_TARGET="OEFVPSerialTarget"
TEST_SUITES="linuxboot"
FVP_CONSOLES[default] = "terminal_0"
FVP_CONSOLES[tf-a] = "s_terminal_0"
```
[OEQA]: https://docs.yoctoproject.org/test-manual/intro.html
[FVP]: https://developer.arm.com/tools-and-software/simulation-models/fixed-virtual-platforms
[RUNFVP]: runfvp.md
-105
View File
@@ -1,105 +0,0 @@
# **Yocto Project quick start for Arm system software developers**
If you want to read the The Yocto Project official quick start documentation, go to <https://docs.yoctoproject.org/brief-yoctoprojectqs/index.html>
If that looks like too much reading, then here is how to do it even faster!
# **Step 0: Install build deps and kas**
```
$ sudo apt install gawk wget git diffstat unzip texinfo gcc build-essential chrpath socat cpio python3 python3-pip python3-pexpect xz-utils debianutils iputils-ping python3-git python3-jinja2 libegl1-mesa libsdl1.2-dev python3-subunit mesa-common-dev zstd liblz4-tool file locales libacl1
$ pip install kas
```
OR, if you prefer to use a docker will all that stuff already installed:
```
$ sudo docker run -it --name kas-test --volume /mnt/yocto/:/builds/persist ghcr.io/siemens/kas/kas /bin/bash
```
> **_NOTE:_**
> the “--volume” is the directory where your persistent stuff (like downloads and build artifacts) will go to help speed up your builds and can be sharable amongst your builds/containers.  If you want to go completely clean-room, feel free to remove it
# **Step 1: clone meta-arm and build meta-arm**
```
$ git clone https://git.yoctoproject.org/meta-arm
$ cd meta-arm/
$ SSTATE_DIR=/builds/persist/sstate DL_DIR=/builds/persist/downloads kas build ci/fvp-base.yml:ci/testimage.yml
```
> **_NOTE:_**
> “ci/testimage.yml” will cause the build to run some basic system tests.  If you dont care about verifying basic functionality, then remove it and it should be faster (a few less programs will be added to the system image and the 2-3mins that it takes to run the test will not happen).
> **_NOTE:_**
> You may wish to add the Yocto Project SSTATE Mirror (especially the first time) to speed up the build by downloading the build fragments (built by the Yocto Project autobuilder) from the internet. This can be done by adding "ci/sstate-mirror.yml" in kas or adding the relevant lines to your local.conf. Using the above example:
```
$ SSTATE_DIR=/builds/persist/sstate DL_DIR=/builds/persist/downloads kas build ci/fvp-base.yml:ci/sstate-mirror.yml
```
> **_NOTE:_**
> This only fetches the parts necessary for your build and may take several minutes depending on your internet connection speed. Also, it only fetches what is available. There may still be a need to build things depending on your configuration.
For more information on kas and various commands, please reference <https://kas.readthedocs.io/en/latest/>.
Depending on what software you are building, fvp-base might not be the machine you want to build for.
The following website provides an EXTREMELY rough way to tell what software is in what machines, and what versions are being run:
<https://gitlab.com/jonmason00/meta-arm/-/jobs/artifacts/master/file/update-report/index.html?job=pending-updates>
If, as an example, were wanting to develop trusted-firmware-a; then fvp-base will work for us. 
### **Okay, you are done!  VICTORY!**
### **Oh, you actually wanted to mess around with the system software source code?**
# **Step 2: use devtool to get your source**
Setup your environment via the (non-kas) Yocto Project tools
```
$ source poky/oe-init-build-env
```
Use devtool to checkout the version of software being used on the machine above (in the above example, this will be trusted-firmware-a for fvp-base).
```
$ devtool modify trusted-firmware-a
```
This will download the source, hopefully in git (depending on how the Yocto Project recipe was written), and should print a path at the end where the source code was checked out.  In the trusted-firmware-a example, I got:
> /builder/meta-arm/build/workspace/sources/trusted-firmware-a
Inside of that directory, you should see the relevant source code.  In this example, it is a standard git tree.  So, you can add remotes, checkout different SHAs, etc
Ok, so you are set with your changes and want to build them.
```
$ devtool build trusted-firmware-a
```
This should build the software in question, but it is not yet integrated into a system image.  To do that, run:
```
$ devtool build-image core-image-sato
```
The image should match the image being used on your machine above.  Most of them in meta-arm are set to core-image-sato.  
Also, if you used testimage above, it will run testimage now
### **Okay, you are done!  VICTORY!**
# **Step 3.  Testing your patches outside of devtool**
At this point I will assume you have a patch and want to add it to the base recipe.  Using the above example, in the devtool directory:
```
$ git format-patch -1
0001-example.patch
$ mv 0001-example.patch ~/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/files/
$ cd ~/meta-arm
$ devtool reset trusted-firmware-a
$ echo SRC_URI:append = " file://0001-example.patch" >> meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.10.3.bb
```
> **_NOTE:_**
> there is a space before the “file” and yes it matters very much
At this point, you can go back using kas and verify that the patch works in a clean-ish tree.
```
$ SSTATE_DIR=/builds/persist/sstate DL_DIR=/builds/persist/downloads kas build ci/fvp-base.yml:ci/testimage.yml
```
There is obviously much more that can be done and other ways to do similar things.
## **If there are issues or questions then please ask them on the #meta-arm irc channel on libera.chat**
-43
View File
@@ -1,43 +0,0 @@
# **meta-arm Releases and Branching**
## **Release and Branching background**
The Yocto Project releases twice a year (April and October): "stable" releases are made every six months and have a lifetime of seven months to allow for migration, while "long term support" (LTS) releases are picked every two years starting from Dunfell in April 2020. The standard practice for all Yocto Compatible layers is to create a "named" branch consistent with the code name of that release. For example, the “dunfell” release of the Yocto Project will have a branch named “dunfell” in the official git repository, and layers compatible with dunfell will have a branch named “dunfell”. Thus, a customer can easily organize a collection of appropriate layers to make a product.
In the Yocto Project, these named branches are “stable”, and only take bug fixes or security-critical upgrades. Active development occurs on the master branch. However, this methodology can be problematic if mimicked with the compatible layers. Companies, like Arm, may not wish to release a snapshot of the relevant “master” branches under active development, due to the amount of testing, fixing, and hardening necessary to make a product from a non-stable release. Also, changes to keep the master branch of a layer working with the upstream master branch of the Yocto Project may result in that branch no longer being compatible with named branches (e.g., it might not be possible to mix and match master and dunfell). So, a decision must be made on the branching policy of meta-arm.
## **Adding new Hardware or Software features**
There are many different ways to resolve this issue. After some discussion, the best solution for us is to allow new hardware enablement (and relevant software features) to be included in LTS named branches (not just bug fixes). This will allow for a more stable software platform for software to be developed, tested, and released. Also, the single branch allows for focused testing (limiting the amount of resources needed for CI/CD), lessens/eliminates code diverging on various branches, and lessens confusion on which branch to use. The risk of making this choice is a potentially non-stable branch which will require more frequent testing to lessen the risk, and not following the “stable” methodology of the core Yocto Project layers (though it is not uncommon for BSP layers to behave this way).
## **Process**
The process for patches intended on being integrated into only the master branch is the normal internal process of pushing for code review and CI, approval and integration into upstream meta-arm master branch.
For patches intended on being included in an LTS named branch, the preferred process is to upstream via the master branch, rebase the patch (or series against the intended LTS branch) and send email with the release name in the subject line after the "PATCH" (e.g., "[PATCH dunfell] Add foo to bar").
If there is a time crunch and the preferred way above cannot be completed in time, upstreaming via the LTS branch can occur. This follows the normal process above but without the master integration step. However, any patches upstreamed in this manner must be pushed to master in a timely fashion (after the time crunch). Nagging emails will be sent and managers will be involved as the time grows.
## **Testing**
See [continuous-integration-and-kas.md](/documentation/continuous-integration-and-kas.md) for information how the layer is tested and what tests are run. It is presumed that all code will be compiled as part of the CI process of the gerrit code review. Also, testing on virtual platforms and code conformity checks will be run when enabled in the process.
## **Branching strategy and releases**
Named branches for meta-arm will be released as close as possible to the release of the YP LTS release. Meta-arm named branches will be created from the meta-arm master branch.
To minimize the additional work of maintaining multiple branches it is assumed that there will only be two active development branches at any given time: master and the most recent Long Term Stable (LTS) as the named branch. All previous named LTS branches will be EOLed when a new LTS has been released. Any branches that are EOLed will still exist in the meta-arm, but bug fix patches will be accepted. Limited to no testing will occur on EOLed branches. Exceptions to this can be made, but must be sized appropriately and agreed to by the relevant parties.
Named branch release will coincide with Yocto Project releases. These non-LTS branches will be bug fix only and will be EOLed on the next release (similar to the YP branching behavior).
### **Branch transitions**
When YP is approaching release, meta-arm will attempt to stabilize master so that the releases can coincide.
* T-6 weeks - Email is sent to meta-arm mailing list notifying of upcoming code freeze of features to meta-arm
* T-4 weeks - Code freeze to meta-arm. Only bug fixes are taken at this point.
* T-0 - Official upstream release occurs. With no outstanding critical bugs, a new named branch is created based on the current meta-arm master branch. Previous named branches are now frozen and will not accept new patches (but will continue to be present for reference and legacy usage).
## **Tagging**
### **Branch Tagging**
When each branch is released, a git tag with the Yocto Project version number will be added. For example, `4.3`. Also, this tag version number will be prepended with "yocto" in a duplicate tag (e.g., "yocto-4.3").
Conciding with the Yocto Project release schedule, every branch which has one or more changes added to it in the previous 6 months will get a minor versioned tag (e.g., "4.3.1" and "yocto-4.3.1").
### **BSP Release Tagging**
BSP releases for those boards supported in meta-arm-bsp maybe have an additional tag to denote their software releases. The tag will consist of the board name (in all capital letters), year, and month. For example, "CORSTONE1000-2023.11".
The release schedule for this is outside the standard Yocto Project release candence, but is generally encouraged to be as close to these releases as possible. Similarily, it is recommended the BSP releases be based on the latest LTS branch.
# **Relevant Links**
<https://wiki.yoctoproject.org/wiki/Releases>
+7 -7
View File
@@ -4,10 +4,10 @@ The `runfvp` tool in meta-arm makes it easy to run Yocto Project disk images ins
## Running images with `runfvp`
To build images with the FVP integration, the `fvpboot` image class needs to be inherited. If the machine does not do this explicitly it can be done in `local.conf`:
To build images with the FVP integration, the `fvpboot` class needs to be inherited. If the machine does not do this explicitly it can be done in `local.conf`:
```
IMAGE_CLASSES += "fvpboot"
INHERIT += "fvpboot"
```
The class will download the correct FVP and write a `.fvpconf` configuration file when an image is built.
@@ -55,7 +55,7 @@ The name of the FVP binary itself, for example `fvp-base` uses `FVP_Base_RevC-2x
The name of the recipe that provides the FVP executable set in `FVP_EXE`, for example `fvp-base` uses `fvp-base-a-aem-native`. This *must* be a `-native` recipe as the binary will be executed on the build host.
There are recipes for common FVPs in meta-arm already, and writing new recipes is trivial. For FVPs which are free to download `fvp-base-a-aem.bb` is a good example. Some FVPs must be downloaded separately as they need an account on Arm's website.
There are recipes for common FVPs in meta-arm already, and writing new recipes is trivial. For FVPs which are free to download `fvp-base-a-aem.bb` is a good example. Some FVPs must be downloaded separately as they need an account on Arm's website, `fvp-base-r-aem.bb` is a good example of those.
If `FVP_PROVIDER` is not set then it is assumed that `FVP_EXE` is installed on the host already.
@@ -64,7 +64,7 @@ If `FVP_PROVIDER` is not set then it is assumed that `FVP_EXE` is installed on t
Parameters passed to the FVP with the `--parameter`/`-C` option. These are expressed as variable flags so individual parameters can be altered easily. For example:
```
FVP_CONFIG[bp.flashloader0.fname] = "fip-fvp.bin"
FVP_CONFIG[bp.flashloader0.fname] = "${DEPLOY_DIR_IMAGE}/fip-fvp.bin"
```
### `FVP_DATA`
@@ -72,8 +72,8 @@ FVP_CONFIG[bp.flashloader0.fname] = "fip-fvp.bin"
Specify raw data to load at the specified address, passed to the FVP with the `--data` option. This is a space-separated list of parameters in the format `[INST=]FILE@[MEMSPACE:]ADDRESS`. For example:
```
FVP_DATA = "cluster0.cpu0=Image@0x80080000 \
cluster0.cpu0=fvp-base-revc.dtb@0x83000000"
FVP_DATA = "cluster0.cpu0=${DEPLOY_DIR_IMAGE}/Image@0x80080000 \
cluster0.cpu0=${DEPLOY_DIR_IMAGE}/fvp-base-revc.dtb@0x83000000"
```
### `FVP_APPLICATIONS`
@@ -81,7 +81,7 @@ FVP_DATA = "cluster0.cpu0=Image@0x80080000 \
Applications to load on the cores, passed to the FVP with the `--application` option. These are expressed as variable flags with the flag name being the instance and flag value the filename, for example:
```
FVP_APPLICATIONS[cluster0] = "linux-system.axf"
FVP_APPLICATIONS[cluster0] = "${DEPLOY_DIR_IMAGE}/linux-system.axf"
```
Note that symbols are not allowed in flag names, so if you need to use a wildcard in the instance then you'll need to use `FVP_EXTRA_ARGS` and `--application` directly.
-68
View File
@@ -1,68 +0,0 @@
# The Trusted Services: framework for developing root-of-trust services
meta-arm layer includes recipes for [Trusted Services][^1] Secure Partitions and Normal World applications
in `meta-arm/recipes-security/trusted-services`
## Secure Partitions recipes
We define dedicated recipes for all supported Trusted Services (TS) Secure Partitions.
These recipes produce ELF and DTB files for SPs.
These files are automatically included into optee-os image accordingly to defined MACHINE_FEATURES.
### How to include TS SPs
To include TS SPs into optee-os image you need to add into MACHINE_FEATURES
features for each [Secure Partition][^2] you would like to include:
| Secure Partition | MACHINE_FEATURE |
| ----------------- | --------------- |
| Attestation | ts-attesation |
| Crypto | ts-crypto |
| Firmware Update | ts-fwu
| Internal Storage | ts-its |
| Protected Storage | ts-storage |
| se-proxy | ts-se-proxy |
| smm-gateway | ts-smm-gateway |
| spm-test[1-4] | optee-spmc-test |
Other steps depend on your machine/platform definition:
1. For communications between Secure and Normal Words Linux kernel option `CONFIG_ARM_FFA_TRANSPORT=y`
is required. If your platform doesn't include it already you can add `arm-ffa` into MACHINE_FEATURES.
(Please see ` meta-arm/recipes-kernel/arm-tstee`.)
For running the `uefi-test` or the `xtest -t ffa_spmc` tests under Linux the `arm-ffa-user` drivel is required. This is
enabled if the `ts-smm-gateway` and/or the `optee-spmc-test` machine features are enabled.
(Please see ` meta-arm/recipes-kernel/arm-ffa-user`.)
2. optee-os might require platform specific OP-TEE build parameters (for example what SEL the SPM Core is implemented at).
You can find examples in `meta-arm/recipes-security/optee/optee-os_%.bbappend` for qemuarm64-secureboot machine
and in `meta-arm-bsp/recipes-security/optee/optee-os-corstone1000-common.inc` for the Corstone1000 platform.
3. trusted-firmware-a might require platform specific TF-A build parameters (SPD and SPMC details on the platform).
See `meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend` for qemuarm64-secureboot machine
and in `meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone1000.inc` for theCorstone1000 platform.
4. Trusted Services supports an SPMC agonistic binary format. To build SPs to this format the `TS_ENV` variable is to be
set to `sp`. The resulting SP binaries should be able to boot under any FF-A v1.1 compliant SPMC implementation.
## Normal World applications
Optionally for testing purposes you can add `packagegroup-ts-tests` into your image. It includes
[Trusted Services test and demo tools][^3] and [xtest][^4] configured to include the `ffa_spmc` tests.
## OEQA Trusted Services tests
meta-arm also includes Trusted Service OEQA tests which can be used for automated testing.
See `ci/trusted-services.yml` for an example how to include them into an image.
------
[^1]: https://trusted-services.readthedocs.io/en/integration/overview/index.html
[^2]: https://trusted-services.readthedocs.io/en/integration/deployments/secure-partitions.html
[^3]: https://trusted-services.readthedocs.io/en/integration/deployments/test-executables.html
[^4]: https://optee.readthedocs.io/en/latest/building/gits/optee_test.html
-12
View File
@@ -1,12 +0,0 @@
header:
version: 13
repos:
meta-arm:
layers:
meta-arm-systemready:
distro: nodistro
target:
- arm-systemready-firmware
-12
View File
@@ -1,12 +0,0 @@
header:
version: 13
includes:
- kas/arm-systemready-firmware.yml
env:
TESTIMAGE_AUTO: "1"
# The full testimage run typically takes around 12-24h on fvp-base.
TEST_OVERALL_TIMEOUT: "${@ 24*60*60}"
target:
- arm-systemready-ir-acs
@@ -1,8 +0,0 @@
header:
version: 13
includes:
- kas/arm-systemready-firmware.yml
- kas/arm-systemready-linux-distros-unattended-installation.yml
target:
- arm-systemready-linux-distros-debian
@@ -1,8 +0,0 @@
header:
version: 16
includes:
- kas/arm-systemready-firmware.yml
- kas/arm-systemready-linux-distros-unattended-installation.yml
target:
- arm-systemready-linux-distros-fedora
@@ -1,8 +0,0 @@
header:
version: 13
includes:
- kas/arm-systemready-firmware.yml
- kas/arm-systemready-linux-distros-unattended-installation.yml
target:
- arm-systemready-linux-distros-opensuse
@@ -1,11 +0,0 @@
header:
version: 16
env:
DISTRO_UNATTENDED_INST_TESTS:
# The full testimage run typically takes around 12-24h on fvp-base.
TEST_OVERALL_TIMEOUT: "${@ 24*60*60}"
local_conf_header:
systemready-unattended-inst: |
TESTIMAGE_AUTO = "${@oe.utils.vartrue("DISTRO_UNATTENDED_INST_TESTS", "1", "", d)}"
+6 -17
View File
@@ -1,11 +1,11 @@
header:
version: 14
version: 11
distro: poky
distro: poky-tiny
defaults:
repos:
branch: walnascar
refspec: kirkstone
repos:
meta-arm:
@@ -16,33 +16,22 @@ repos:
poky:
url: https://git.yoctoproject.org/git/poky
commit: ee0d8d8a61d8e22a3dd00c32cde58ee6e8ec458f
layers:
meta:
meta-poky:
meta-yocto-bsp:
meta-openembedded:
url: https://git.openembedded.org/meta-openembedded
commit: 2169c9afcc0945045bea49f58011080942d4ddb4
layers:
meta-oe:
meta-python:
meta-perl:
meta-secure-core:
url: https://github.com/wind-river/meta-secure-core.git
commit: 423bc85b050594cc42fe3f2e0d0229960e70b94e
layers:
meta-secure-core-common:
meta-signing-key:
meta-efi-secure-boot:
local_conf_header:
base: |
CONF_VERSION = "2"
setup: |
PACKAGE_CLASSES = "package_ipk"
LICENSE_FLAGS_ACCEPTED += "armcompiler"
BB_NUMBER_THREADS ?= "16"
PARALLEL_MAKE ?= "-j16"
PACKAGECONFIG:append:pn-perf = " coresight"
@@ -50,4 +39,4 @@ local_conf_header:
machine: unset
target:
- corstone1000-flash-firmware-image
- corstone1000-image
-6
View File
@@ -1,6 +0,0 @@
header:
version: 14
local_conf_header:
extsys: |
MACHINE_FEATURES += "corstone1000-extsys"
-23
View File
@@ -1,23 +0,0 @@
---
header:
version: 14
local_conf_header:
firmwarebuild: |
BBMULTICONFIG:remove = "firmware"
# Need to ensure the rescue linux options are selected
OVERRIDES .= ":firmware"
# Need to ensure we build with a small libc
TCLIBC="musl"
mass-storage: |
# Ensure the Mass Storage device is absent
FVP_CONFIG[board.msd_mmc.p_mmc_file] = "invalid.dat"
test-configuration: |
TEST_SUITES = "_qemutiny ping"
# Remove Dropbear SSH as it will not fit into the corstone1000 image.
IMAGE_FEATURES:remove = "ssh-server-dropbear"
CORE_IMAGE_EXTRA_INSTALL:remove = "ssh-pregen-hostkeys"
-8
View File
@@ -1,8 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
local_conf_header:
fvp-multicore: |
MACHINE_FEATURES += "corstone1000_fvp_smp"
+11 -17
View File
@@ -1,22 +1,16 @@
header:
version: 14
version: 11
includes:
- kas/corstone1000-base.yml
- kas/corstone1000-image-configuration.yml
- kas/corstone1000-firmware-only.yml
- kas/fvp-eula.yml
env:
DISPLAY:
WAYLAND_DISPLAY:
XAUTHORITY:
local_conf_header:
testimagefvp: |
IMAGE_CLASSES += "fvpboot"
mass-storage: |
# Ensure the Mass Storage device is absent
FVP_CONFIG[board.msd_mmc.p_mmc_file] = "invalid.dat"
machine: corstone1000-fvp
local_conf_header:
fvp-config: |
# Remove Dropbear SSH as it will not fit into the corstone1000 image.
IMAGE_FEATURES:remove = " ssh-server-dropbear"
INHERIT = " ${@bb.utils.contains('BUILD_ARCH', 'x86_64', 'fvpboot', '', d)}"
LICENSE_FLAGS_ACCEPTED:append = " Arm-FVP-EULA"
target:
- corstone1000-image
-49
View File
@@ -1,49 +0,0 @@
header:
version: 14
local_conf_header:
extrapackages: |
# Intentionally blank to prevent perf from being added to the image in base.yml
firmwarebuild: |
# Only needed as kas doesn't add it automatically unless you have 2 targets in seperate configs
BBMULTICONFIG ?= "firmware"
distrosetup: |
DISTRO_FEATURES = "usbhost ipv4"
initramfsetup: |
# Telling the build system which image is responsible of the generation of the initramfs rootfs
INITRAMFS_IMAGE_BUNDLE:firmware = "1"
INITRAMFS_IMAGE:firmware ?= "corstone1000-recovery-image"
IMAGE_FSTYPES:firmware:pn-corstone1000-recovery-image = "${INITRAMFS_FSTYPES}"
IMAGE_NAME_SUFFIX:firmware = ""
# enable mdev/busybox for init
INIT_MANAGER:firmware = "mdev-busybox"
VIRTUAL-RUNTIME_init_manager:firmware = "busybox"
# prevent the kernel image from being included in the intramfs rootfs
PACKAGE_EXCLUDE:firmware += "kernel-image-*"
# Disable openssl in kmod to shrink the initramfs size
PACKAGECONFIG:remove:firmware:pn-kmod = "openssl"
imageextras: |
# Don't include kernel binary in rootfs /boot path
RRECOMMENDS:${KERNEL_PACKAGE_NAME}-base = ""
# all optee packages
CORE_IMAGE_EXTRA_INSTALL += "optee-client"
# TS PSA API tests commands for crypto, its, ps and iat
CORE_IMAGE_EXTRA_INSTALL += "packagegroup-ts-tests-psa"
CORE_IMAGE_EXTRA_INSTALL:firmware += "packagegroup-ts-tests-psa"
# external system firmware
CORE_IMAGE_EXTRA_INSTALL:firmware += "external-system-elf"
capsule: |
CAPSULE_EXTENSION = "uefi.capsule"
CAPSULE_FW_VERSION = "6"
CAPSULE_NAME = "${MACHINE}-v${CAPSULE_FW_VERSION}"
+1 -3
View File
@@ -1,8 +1,6 @@
header:
version: 14
version: 11
includes:
- kas/corstone1000-base.yml
- kas/corstone1000-image-configuration.yml
- kas/corstone1000-firmware-only.yml
machine: corstone1000-mps3
+47
View File
@@ -0,0 +1,47 @@
header:
version: 11
distro: poky-tiny
defaults:
repos:
refspec: master
repos:
meta-arm:
layers:
meta-arm:
meta-arm-bsp:
meta-arm-toolchain:
poky:
url: https://git.yoctoproject.org/git/poky
refspec: master
layers:
meta:
meta-poky:
meta-yocto-bsp:
meta-openembedded:
url: https://git.openembedded.org/meta-openembedded
refspec: master
layers:
meta-oe:
meta-python:
local_conf_header:
base: |
CONF_VERSION = "2"
PACKAGE_CLASSES = "package_ipk"
LICENSE_FLAGS_ACCEPTED += "armcompiler"
BB_NUMBER_THREADS ?= "16"
PARALLEL_MAKE ?= "-j16"
PACKAGECONFIG:append:pn-perf = " coresight"
fvp-config: |
IMAGE_CLASSES:append = " ${@bb.utils.contains('BUILD_ARCH', 'x86_64', 'fvpboot', '', d)}"
LICENSE_FLAGS_ACCEPTED:append = " Arm-FVP-EULA"
machine: corstone500
target:
- core-image-minimal
@@ -1,16 +1,8 @@
header:
version: 13
includes:
- kas/fvp-eula.yml
env:
DISPLAY:
WAYLAND_DISPLAY:
XAUTHORITY:
version: 9
distro: poky
machine: fvp-base
machine: fvp-baser-aemv8r64
defaults:
repos:
@@ -18,6 +10,8 @@ defaults:
repos:
meta-arm:
url: https://git.yoctoproject.org/git/meta-arm
path: layers/meta-arm
layers:
meta-arm:
meta-arm-bsp:
@@ -30,6 +24,9 @@ repos:
meta:
meta-poky:
env:
FVP_BASE_R_ARM_EULA_ACCEPT: "False"
local_conf_header:
base: |
CONF_VERSION = "2"
@@ -37,7 +34,8 @@ local_conf_header:
PACKAGECONFIG:remove:pn-qemu-system-native = "gtk+ sdl"
EXTRA_IMAGE_FEATURES:append = " debug-tweaks ssh-server-openssh"
CORE_IMAGE_EXTRA_INSTALL:append = " ssh-pregen-hostkeys"
IMAGE_CLASSES:append = " testimage fvpboot"
LICENSE_FLAGS_ACCEPTED:append = " ${@oe.utils.vartrue('FVP_BASE_R_ARM_EULA_ACCEPT', 'Arm-FVP-EULA', '', d)}"
IMAGE_CLASSES:append = " testimage"
target:
- core-image-minimal
+8
View File
@@ -0,0 +1,8 @@
header:
version: 9
includes:
- kas/fvp-baser-aemv8r64-bsp.yml
local_conf_header:
base-rt: |
PREFERRED_PROVIDER_virtual/kernel = "linux-yocto-rt"
-5
View File
@@ -1,5 +0,0 @@
header:
version: 13
env:
ARM_FVP_EULA_ACCEPT:
+23
View File
@@ -0,0 +1,23 @@
meta-arm-autonomy Yocto Layer
=============================
The meta-arm-autonomy layer is being deprecated from master, with bug fixes
only being applied to the following branches. Additionally, all support and
maintenance of meta-arm-autonomy will stop as per the schedule below.
honister: End-of-life scheduled to June 2022
hardknot: End-of-life scheduled to December 2021
gatesgarth: End-of-life scheduled to October 2021
dunfell: End-of-life scheduled to October 2021
master: End-of-life scheduled to October 2021 and code removed
Contributing
------------
This project has not put in place a process for contributions currently. If you
would like to contribute, please contact the maintainers
Maintainer(s)
-------------
* Diego Sueiro <diego.sueiro@arm.com>

Some files were not shown because too many files have changed in this diff Show More