1
0
mirror of https://git.yoctoproject.org/meta-arm synced 2026-07-18 16:37:08 +00:00

Compare commits

...

6 Commits

Author SHA1 Message Date
Hugues KAMBA MPIANA 4f9c410953 arm-bsp/docs:corstone1000: Update copyright notice
Update the copyright notice year.

Signed-off-by: Jon Mason <jon.mason@arm.com>
2026-01-19 07:00:16 -05:00
Hugues KAMBA MPIANA 7b66a1d63a corstone1000: Fix Ethos-U test build for Cortex-A320 variant
Update the meta-ethos layer SHA to a commit that fixes
Ethos-U test build failures caused by the migration of
ML repositories to GitLab.

Signed-off-by: Hugues KAMBA MPIANA <hugues.kambampiana@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2026-01-16 15:00:16 -05:00
Hugues KAMBA MPIANA d3a9da81bc docs:corstone1000: Update user guide
- Replace openSUSE Tumbleweed with openSUSE Leap.
- Ensure correct component versions are listed.
- Update changelog and release notes for C25Q4 release.
- Add Positive partial capsule update test.
- Improve user guide for consistency and clarity.

Signed-off-by: Hugues KAMBA MPIANA <hugues.kambampiana@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2026-01-08 16:00:20 -05:00
Hugues KAMBA MPIANA de9026e481 corstone1000: Pin layers SHA for whinlatter release
Pinned layers in corstone1000-base.yml and corstone1000-a320.yml.

Signed-off-by: Hugues KAMBA MPIANA <hugues.kambampiana@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2026-01-08 16:00:20 -05:00
Devaraj Ranganna d9f9fa431b arm-bsp: corstone1000: Enable secure debug on TF-M v2.2.x
Allow TF-M v2.2.1 to boot with Secure Debug enabled on Corstone-1000 and
align the driver implementation with the current psa-adac library.

- Add missing DRBG macros to fix the
  "Failed to generate challenge!" error during Secure Debug.
- Fix an unintended platform reset occurring immediately after setting
  the debug enable bits in the dcu_en register while in SE LCS.

Signed-off-by: Devaraj Ranganna <devaraj.ranganna@arm.com>
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2026-01-07 09:00:21 -05:00
Ross Burton b295bd407c CI: use whinlatter branches
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2026-01-06 11:00:16 -05:00
20 changed files with 1033 additions and 219 deletions
+2 -1
View File
@@ -7,11 +7,12 @@ distro: poky
defaults:
repos:
branch: master
branch: whinlatter
repos:
bitbake:
url: https://git.openembedded.org/bitbake
branch: "2.16"
layers:
bitbake: disabled
+2
View File
@@ -12,6 +12,8 @@ repos:
meta-ethos:
url: https://gitlab.arm.com/iot/meta-ethos.git
branch: whinlatter
commit: b919565c36b89af2ba61cc28024da633a9fae0da
meta-sca:
url: https://github.com/priv-kweihmann/meta-sca.git
branch: master
commit: e68f1a9d17553a2a1b5b20962749f90482112a3f
+5 -2
View File
@@ -10,16 +10,19 @@ defaults:
repos:
bitbake:
url: https://git.openembedded.org/bitbake
commit: 0dde1a3ff852be057be40d17f233ecca19e7b389
layers:
bitbake: disabled
core:
url: https://git.openembedded.org/openembedded-core
commit: 4bd920ad7d7279020ea6e561d0584ae70f33f751
layers:
meta:
meta-yocto:
url: https://git.yoctoproject.org/meta-yocto
commit: b3b659263566c4d2f2813190e72d93f8598a4c47
layers:
meta-poky:
@@ -31,7 +34,7 @@ repos:
meta-openembedded:
url: https://git.openembedded.org/meta-openembedded
# commit: 461d85a1831318747af5abe86da193bcde3fd9b4
commit: fc0152e434307b98e1d16251f92ed81ac617c1db
layers:
meta-oe:
meta-python:
@@ -39,7 +42,7 @@ repos:
meta-secure-core:
url: https://github.com/wind-river/meta-secure-core.git
# commit: 59d7e90542947c342098863b9998693ac79352b0
commit: 63209fb1500cee88d5d4d74669bce4b613c03ff7
layers:
meta-secure-core-common:
meta-signing-key:
@@ -1,5 +1,5 @@
..
# Copyright (c) 2022-2025, Arm Limited.
# Copyright (c) 2022-2026, Arm Limited.
#
# SPDX-License-Identifier: MIT
@@ -10,6 +10,77 @@ Change Log
This document contains a summary of the new features, changes and
fixes in each release of Corstone-1000 software stack.
***************
Version 2025.12
***************
Changes
=======
- Delivered end-to-end Cortex-A320 enablement across U-Boot, TF-A, TF-M, OP-TEE, Yocto machine layers, and documentation, including device-tree updates, MPIDR handling, and FVP model renaming.
- Rolled out the PSA Firmware Update (DEN0118) pipeline: U-Boot capsule parsing, Bootloader Abstraction Layer in TF-M, ESRT exposure, and Trusted Services IPC bridges replacing legacy capsule code.
- Hardened the new firmware update flow with EFI self-tests, metadata restructuring for partial and multi-image acceptance, and RSE-COMMS gating refinements.
- Upgraded key firmware components (TF-A 2.13.0, TF-M 2.2.1, Trusted Services 1.2.0, OP-TEE OS 4.7.0) and introduced targeted test skips plus integer-only build modes to keep validation green.
- Cleaned and renumbered downstream patch series across Trusted Services and TF-M while removing obsolete integrations to align with upstream baselines.
- Refreshed release material and architecture guides to describe the A320 profile, PSA FWU behavior, and updated software stack.
- Added KAS profiles, machine includes, and automated FVP selection logic to streamline developer workflows for the refreshed platform configuration.
Corstone-1000 components versions
=================================
+-------------------------------------------+-------------------+
| linux-yocto | 6.12.60 |
+-------------------------------------------+-------------------+
| u-boot | 2025.04 |
+-------------------------------------------+-------------------+
| external-system | 0.1.0 |
+-------------------------------------------+-------------------+
| optee-client | 4.7.0 |
+-------------------------------------------+-------------------+
| optee-os | 4.7.0 |
+-------------------------------------------+-------------------+
| trusted-firmware-a | 2.13.0 |
+-------------------------------------------+-------------------+
| trusted-firmware-m | 2.2.1 |
+-------------------------------------------+-------------------+
| libts | v1.2.0 |
+-------------------------------------------+-------------------+
| ts-sp-{se-proxy, smm-gateway} | v1.2.0 |
+-------------------------------------------+-------------------+
| ts-psa-{crypto, iat, its. ps}-api-test | 74dc6646ff |
+-------------------------------------------+-------------------+
Yocto distribution components versions
======================================
+-------------------------------------------+----------------+
| meta-arm | whinlatter |
+-------------------------------------------+----------------+
| bitbake | 0dde1a3ff8 |
+-------------------------------------------+----------------+
| meta-openembedded | fc0152e434 |
+-------------------------------------------+----------------+
| openembedded-core | 4bd920ad7d |
+-------------------------------------------+----------------+
| meta-yocto | b3b6592635 |
+-------------------------------------------+----------------+
| meta-secure-core | 63209fb150 |
+-------------------------------------------+----------------+
| meta-ethos | aa2504a32f |
+-------------------------------------------+----------------+
| meta-sca | e68f1a9d17 |
+-------------------------------------------+----------------+
| busybox | 1.37.0 |
+-------------------------------------------+----------------+
| musl | 1.2.5 |
+-------------------------------------------+----------------+
| gcc-arm-none-eabi | 13.3.rel1 |
+-------------------------------------------+----------------+
| gcc-cross-aarch64 | 15.2.0 |
+-------------------------------------------+----------------+
| openssl | 3.5.4 |
+-------------------------------------------+----------------+
***************
Version 2025.05
***************
@@ -497,4 +568,4 @@ Changes
--------------
*Copyright (c) 2022-2024, Arm Limited. All rights reserved.*
*Copyright (c) 2022-2026, Arm Limited. All rights reserved.*
@@ -1,5 +1,5 @@
..
# Copyright (c) 2022, 2024, Arm Limited.
# Copyright (c) 2022, 2024, 2026 Arm Limited.
#
# SPDX-License-Identifier: MIT
@@ -1,5 +1,5 @@
..
# Copyright (c) 2022-2025, Arm Limited.
# Copyright (c) 2022-2026, Arm Limited.
#
# SPDX-License-Identifier: MIT
@@ -19,6 +19,18 @@ intended for safety-critical applications. Should Your Software or Your Hardware
prove defective, you assume the entire cost of all necessary servicing, repair
or correction.
***********************
Release notes - 2025.12
***********************
The same notes as the 2025.05 release still apply.
Known Issues or Limitations
---------------------------
- Corstone-1000 with Cortex-A320 FVP does not currently support Symmetric Multiprocessing
- Corstone-1000 with Cortex-A320 FVP becomes unresponsive when the Linux kernel driver for the Ethos-U85 NPU loads automatically after a software reboot.
***********************
Release notes - 2025.05
***********************
@@ -268,4 +280,4 @@ For all security issues, contact Arm by email at psirt@arm.com.
--------------
*Copyright (c) 2022-2023, Arm Limited. All rights reserved.*
*Copyright (c) 2022-2026, Arm Limited. All rights reserved.*
@@ -1,5 +1,5 @@
..
# Copyright (c) 2022-2025, Arm Limited.
# Copyright (c) 2022-2026, Arm Limited.
#
# SPDX-License-Identifier: MIT
@@ -468,7 +468,7 @@ References
--------------
*Copyright (c) 2022-2025, Arm Limited. All rights reserved.*
*Copyright (c) 2022-2026, Arm Limited. All rights reserved.*
.. _arm-developer-cs1000-website: https://developer.arm.com/Tools%20and%20Software/Corstone-1000%20Software
.. _arm-developer-cs1000-search: https://developer.arm.com/search#q=corstone-1000
@@ -1,5 +1,5 @@
..
# Copyright (c) 2022-2025, Arm Limited.
# Copyright (c) 2022-2026, Arm Limited.
#
# SPDX-License-Identifier: MIT
@@ -50,7 +50,7 @@ The Corstone-1000 software stack can be run on:
Yocto Stable Branch
-------------------
Corstone-1000 software stack is built on top of Yocto Project's `Walnascar release <meta-arm-repository-release-branch_>`__.
Corstone-1000 software stack is built on top of Yocto Project's `Whinlatter release <meta-arm-repository-release-branch_>`__.
Software Components
-------------------
@@ -133,7 +133,7 @@ Host Processor Components
+----------+------------------------------------------------------------------------------------------+
| bbappend | ``${WORKSPACE}/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_4.%.bbappend`` |
+----------+------------------------------------------------------------------------------------------+
| Recipe | ``${WORKSPACE}/meta-arm/meta-arm/recipes-security/optee/optee-os_4.4.0.bb`` |
| Recipe | ``${WORKSPACE}/meta-arm/meta-arm/recipes-security/optee/optee-os_4.7.0.bb`` |
+----------+------------------------------------------------------------------------------------------+
`U-Boot <https://github.com/u-boot/u-boot.git>`__
@@ -144,7 +144,7 @@ Host Processor Components
+----------+----------------------------------------------------------------------------------+
| bbappend | ``${WORKSPACE}/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot_%.bbappend`` |
+----------+----------------------------------------------------------------------------------+
| Recipe | ``${WORKSPACE}/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot_2023.07.02.bb`` |
| Recipe | ``${WORKSPACE}/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot_2025.04.bb`` |
+----------+----------------------------------------------------------------------------------+
Linux
@@ -157,7 +157,7 @@ The provided distribution is based on `BusyBox <https://www.busybox.net/>`__ and
+-----------+------------------------------------------------------------------------------------------------+
| bbappend | ``${WORKSPACE}/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto_%.bbappend`` |
+-----------+------------------------------------------------------------------------------------------------+
| Recipe | ``${WORKSPACE}/poky/meta/recipes-kernel/linux/linux-yocto_6.12.bb`` |
| Recipe | ``${WORKSPACE}/core/meta/recipes-kernel/linux/linux-yocto_6.12.bb`` |
+-----------+------------------------------------------------------------------------------------------------+
| defconfig | ``${WORKSPACE}/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/corstone1000/defconfig`` |
+-----------+------------------------------------------------------------------------------------------------+
@@ -172,7 +172,7 @@ Secure Enclave Components
+----------+-------------------------------------------------------------------------------------------------------+
| bbappend | ``${WORKSPACE}/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m_%.bbappend`` |
+----------+-------------------------------------------------------------------------------------------------------+
| Recipe | ``${WORKSPACE}/meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_2.1.1.bb`` |
| Recipe | ``${WORKSPACE}/meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_2.2.1.bb`` |
+----------+-------------------------------------------------------------------------------------------------------+
************************************
@@ -245,7 +245,7 @@ Build
**The External System Processor is not available on the Corstone-1000 with Cortex-A320 FVP.**
Access to the External System Processor is disabled by default.
Access to the External System Processor is disabled by default on **Corstone-1000 with Cortex-A35**.
To build the Corstone-1000 image with External System Processor enabled, run:
@@ -477,11 +477,16 @@ The FVP can also be manually downloaded from `Arm Developer <arm-developer-fvp_>
the Corstone-1000 platform FVP installer.
Follow the instructions of the installer to setup the FVP.
#. Run the FVP
#. Run ``tmux``:
.. code-block:: console
cd ${WORKSPACE} && tmux
#. Run the FVP within ``tmux``:
.. code-block:: console
tmux
kas shell meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml \
-c "../meta-arm/scripts/runfvp --terminals=tmux"
@@ -741,9 +746,7 @@ This sections below describe how to build and run ACS tests on Corstone-1000.
.. note::
This prebuilt ACS image includes v5.13 kernel, which does not provide
USB driver support for Corstone-1000. The ACS image with a newer kernel version
and full USB support for Corstone-1000 will be available in the repository with the next
SystemReady release.
USB driver support for Corstone-1000.
#. Decompress the pre-built ACS live image.
@@ -809,16 +812,20 @@ FVP
===
Run the commands below to run the ACS test on FVP using the built firmware image and the pre-built ACS image identified above:
#. Run ``tmux``:
.. code-block:: console
.. code-block:: console
cd ${WORKSPACE}
tmux
./meta-arm/scripts/runfvp \
--terminals=tmux \
./build/tmp/deploy/images/corstone1000-fvp/corstone1000-flash-firmware-image-corstone1000-fvp.fvpconf \
-- -C board.msd_mmc.p_mmc_file=${WORKSPACE}/arm-systemready/IR/prebuilt_images/v23.09_2.1.0/ir-acs-live-image-generic-arm64.wic
cd ${WORKSPACE} && tmux
#. Run the commands below within ``tmux`` to run the ACS test on FVP using the built firmware image and the pre-built ACS image identified above:
.. code-block:: console
./meta-arm/scripts/runfvp \
--terminals=tmux \
./build/tmp/deploy/images/corstone1000-fvp/corstone1000-flash-firmware-image-corstone1000-fvp.fvpconf \
-- -C board.msd_mmc.p_mmc_file=${WORKSPACE}/arm-systemready/IR/prebuilt_images/v23.09_2.1.0/ir-acs-live-image-generic-arm64.wic
.. note::
@@ -884,20 +891,42 @@ Capsule Update
systemready-patch/embedded-a/corstone1000/disable_module_autoloading/disable_module_autoloading.yml
.. important::
Payload GUIDs (``${BL2_GUID}``, ``${TFM_S_GUID}``, ``${FIP_GUID}``, and ``${INITRAMFS_GUID}``)
are different depending on whether the capsule is built for the ``fvp`` or ``mps3`` ``${TARGET}``.
+------------+----------------------------------------+----------------------------------------+
| Payloads | FVP | MPS3 |
+============+========================================+========================================+
| BL2 | f1d883f9-dfeb-5363-98d8-686ee3b69f4f | fbfbefaa-0a56-50d5-b651-74091d3d62cf |
+------------+----------------------------------------+----------------------------------------+
| TFM_S | 7fad470e-5ec5-5c03-a2c1-4756b495de61 | af4cc7ad-ee2e-5a39-aad5-fac8a1e6173c |
+------------+----------------------------------------+----------------------------------------+
| FIP | f1933675-5a8c-5b6d-9ef4-846739e89bc8 | 55302f96-c4f0-5cf9-8624-e7cc388f2b68 |
+------------+----------------------------------------+----------------------------------------+
| INITRAMFS | f771aff9-c7e9-5f99-9eda-2369dd694f61 | 3e8ac972-c33c-5cc9-90a0-cdd3159683ea |
+------------+----------------------------------------+----------------------------------------+
The following section describes the steps to update the firmware using Capsule Update
as the Corstone-1000 supports UEFI.
The firmware update process is tested with an invalid capsule (rollback protection capsule update test)
and with a valid capsule (positive capsule update test) to validate the robustness and
The firmware update process is tested with an invalid capsule and with valid capsules to validate the robustness and
error-handling capabilities of the firmware update mechanism.
During the positive capsule update test, the Corstone-1000 is given a valid capsule, which it successfully applies, boots up and then reaches the Linux command prompt.
**Positive full capsule update test:**
The Corstone-1000 is provided with a valid full capsule, which it applies successfully.
The system then boots normally and reaches the Linux command prompt.
During the rollback protection capsule update test, the Corstone-1000 is given an outdated capsule with a lower version number for all payloads,
which is expected to be rejected due to its outdated status, thereby retaining the previous firmware.
**Positive partial capsule update test:**
The Corstone-1000 is provided with a valid partial capsule that specifies an update for a single component only.
The capsule is applied successfully, after which the system boots normally and reaches the Linux command prompt.
Two different capsules (one for each test) are therefore needed to perform the tests.
**Rollback protection capsule update test:**
The Corstone-1000 is provided with an outdated capsule containing lower version numbers for all payloads.
The capsule is correctly rejected due to rollback protection, and the previously installed firmware is retained.
Three different capsules are therefore needed to perform the tests.
The following payloads can be individually updated:
@@ -922,20 +951,21 @@ This JSON file is required by EDK II's ``GenerateCapsule`` tool to generate the
The capsule's default metadata passed can be found in the ``${WORKSPACE}/meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-flash-firmware-image.bb``
and ``${WORKSPACE}/meta-arm/kas/corstone1000-image-configuration.yml`` files.
Valid Capsule
=============
Valid Full Capsule
==================
An automatically generated capsule can be found at ``${WORKSPACE}/build/tmp/deploy/images/corstone1000-${TARGET}-v6.uefi.capsule`` after running a firmware build.
An automatically generated capsule can be found at ``${WORKSPACE}/build/tmp/deploy/images/corstone1000-${TARGET}/corstone1000-${TARGET}-v6.uefi.capsule`` after running a firmware build.
The default metadata values are assumed to be correct to generate a valid capsule.
This capsule will be used for the positive capsule update test.
Invalid Capsule
===============
Valid Partial Capsule
=====================
Generate a capsule with firmware version metadata for all payloads set lower than that of a valid capsule.
The valid capsule has a default firmware version of 6 for all payloads, while the simulated invalid capsule has the firmware version set to 5 for all payloads.
To generate a capsule that updates only a single component, explicitly set the firmware version for that component and mark it as the only payload to be updated.
The **partial capsule** is also valid, but sets the firmware version to **7** **only** for the **BL2** component, indicating that no other components should be updated.
Use the following commands to generate the `capsule_config.json` file, which is required by the EDK2 tool for capsule creation:
@@ -943,10 +973,10 @@ Use the following commands to generate the `capsule_config.json` file, which is
cd ${WORKSPACE}
python3 meta-arm/scripts/generate_capsule_json_multiple.py \
--selected_components DUMMY_START BL2 TFM_S FIP INITRAMFS DUMMY_END \
python3 meta-arm/meta-arm/scripts/generate_capsule_json_multiple.py \
--selected_components DUMMY_START BL2 DUMMY_END \
--components DUMMY_START BL2 TFM_S FIP INITRAMFS DUMMY_END \
--fw_versions 5 5 5 5 5 5 \
--fw_versions 0 7 0 0 0 0 \
--guids \
6f784cbf-7938-5c23-8d6e-24d2f1410fa9 \
${BL2_GUID} ${TFM_S_GUID} ${FIP_GUID} ${INITRAMFS_GUID} \
@@ -955,12 +985,12 @@ Use the following commands to generate the `capsule_config.json` file, which is
--lowest_supported_versions 5 5 5 5 5 5 \
--monotonic_counts 1 1 1 1 1 1 \
--payloads \
build/tmp/deploy/images/corstone1000-${TARGET}/dummy.bin \
build/tmp/work/corstone1000_${TARGET}-poky-linux-musl/corstone1000-flash-firmware-image/1.0/sources/corstone1000-flash-firmware-image-1.0/dummy.bin \
build/tmp/deploy/images/corstone1000-${TARGET}/bl2_signed.bin \
build/tmp/deploy/images/corstone1000-${TARGET}/tfm_s_signed.bin \
build/tmp/deploy/images/corstone1000-${TARGET}/signed_fip-corstone1000.bin \
build/tmp/deploy/images/corstone1000-${TARGET}/Image.gz-initramfs-corstone1000-${TARGET}.bin \
build/tmp/deploy/images/corstone1000-${TARGET}/dummy.bin \
build/tmp/work/corstone1000_${TARGET}-poky-linux-musl/corstone1000-flash-firmware-image/1.0/sources/corstone1000-flash-firmware-image-1.0/dummy.bin \
--update_image_indexes 5 1 2 3 4 6 \
--private_keys \
build/tmp/deploy/images/corstone1000-${TARGET}/corstone1000_capsule_key.key \
@@ -978,23 +1008,65 @@ Use the following commands to generate the `capsule_config.json` file, which is
build/tmp/deploy/images/corstone1000-${TARGET}/corstone1000_capsule_cert.crt \
--output capsule_config.json
Run the command below to generate the partial capsule:
.. important::
.. code-block:: console
Payload GUIDs (``${BL2_GUID}``, ``${TFM_S_GUID}``, ``${FIP_GUID}``, and ``${INITRAMFS_GUID}``)
are different depending on whether the capsule is built for the ``fvp`` or ``mps3`` ``${TARGET}``.
./build/tmp/sysroots-components/aarch64/edk2-basetools-native/usr/bin/edk2-BaseTools/BinWrappers/PosixLike/GenerateCapsule \
-e \
-j capsule_config.json \
--capflag PersistAcrossReset \
-o corstone1000-${TARGET}-partial-v7.uefi.capsule
The partial capsule will be located in the ``${WORKSPACE}`` directory.
Invalid Capsule
===============
Generate a capsule with firmware version metadata for all payloads set lower than that of a valid capsule.
The valid capsule has a default firmware version of 6 for all payloads, while the simulated invalid capsule has the firmware version set to 5 for all payloads.
Use the following commands to generate the `capsule_config.json` file, which is required by the EDK2 tool for capsule creation:
.. code-block:: console
cd ${WORKSPACE}
python3 meta-arm/meta-arm/scripts/generate_capsule_json_multiple.py \
--selected_components DUMMY_START BL2 TFM_S FIP INITRAMFS DUMMY_END \
--components DUMMY_START BL2 TFM_S FIP INITRAMFS DUMMY_END \
--fw_versions 5 5 5 5 5 5 \
--guids \
6f784cbf-7938-5c23-8d6e-24d2f1410fa9 \
${BL2_GUID} ${TFM_S_GUID} ${FIP_GUID} ${INITRAMFS_GUID} \
b57e432b-a250-5c73-93e3-90205e64baba \
--hardware_instances 1 1 1 1 1 1 \
--lowest_supported_versions 5 5 5 5 5 5 \
--monotonic_counts 1 1 1 1 1 1 \
--payloads \
build/tmp/work/corstone1000_${TARGET}-poky-linux-musl/corstone1000-flash-firmware-image/1.0/sources/corstone1000-flash-firmware-image-1.0/dummy.bin \
build/tmp/deploy/images/corstone1000-${TARGET}/bl2_signed.bin \
build/tmp/deploy/images/corstone1000-${TARGET}/tfm_s_signed.bin \
build/tmp/deploy/images/corstone1000-${TARGET}/signed_fip-corstone1000.bin \
build/tmp/deploy/images/corstone1000-${TARGET}/Image.gz-initramfs-corstone1000-${TARGET}.bin \
build/tmp/work/corstone1000_${TARGET}-poky-linux-musl/corstone1000-flash-firmware-image/1.0/sources/corstone1000-flash-firmware-image-1.0/dummy.bin \
--update_image_indexes 5 1 2 3 4 6 \
--private_keys \
build/tmp/deploy/images/corstone1000-${TARGET}/corstone1000_capsule_key.key \
build/tmp/deploy/images/corstone1000-${TARGET}/corstone1000_capsule_key.key \
build/tmp/deploy/images/corstone1000-${TARGET}/corstone1000_capsule_key.key \
build/tmp/deploy/images/corstone1000-${TARGET}/corstone1000_capsule_key.key \
build/tmp/deploy/images/corstone1000-${TARGET}/corstone1000_capsule_key.key \
build/tmp/deploy/images/corstone1000-${TARGET}/corstone1000_capsule_key.key \
--certificates \
build/tmp/deploy/images/corstone1000-${TARGET}/corstone1000_capsule_cert.crt \
build/tmp/deploy/images/corstone1000-${TARGET}/corstone1000_capsule_cert.crt \
build/tmp/deploy/images/corstone1000-${TARGET}/corstone1000_capsule_cert.crt \
build/tmp/deploy/images/corstone1000-${TARGET}/corstone1000_capsule_cert.crt \
build/tmp/deploy/images/corstone1000-${TARGET}/corstone1000_capsule_cert.crt \
build/tmp/deploy/images/corstone1000-${TARGET}/corstone1000_capsule_cert.crt \
--output capsule_config.json
+------------+----------------------------------------+----------------------------------------+
| Payloads | FVP | MPS3 |
+============+========================================+========================================+
| BL2 | f1d883f9-dfeb-5363-98d8-686ee3b69f4f | fbfbefaa-0a56-50d5-b651-74091d3d62cf |
+------------+----------------------------------------+----------------------------------------+
| TFM_S | 7fad470e-5ec5-5c03-a2c1-4756b495de61 | af4cc7ad-ee2e-5a39-aad5-fac8a1e6173c |
+------------+----------------------------------------+----------------------------------------+
| FIP | f1933675-5a8c-5b6d-9ef4-846739e89bc8 | 55302f96-c4f0-5cf9-8624-e7cc388f2b68 |
+------------+----------------------------------------+----------------------------------------+
| INITRAMFS | f771aff9-c7e9-5f99-9eda-2369dd694f61 | 3e8ac972-c33c-5cc9-90a0-cdd3159683ea |
+------------+----------------------------------------+----------------------------------------+
Run the command below to generate the invalid capsule:
@@ -1026,6 +1098,7 @@ MPS3
cp ${WORKSPACE}/build/tmp/deploy/images/corstone1000-mps3/corstone1000-mps3-v6.uefi.capsule /dev/sdc/BOOT/
cp ${WORKSPACE}/corstone1000-mps3-v5.uefi.capsule /dev/sdc/EFI/BOOT/
cp ${WORKSPACE}/corstone1000-mps3-partial-v7.uefi.capsule /dev/sdc/EFI/BOOT/
sync
.. note::
@@ -1076,6 +1149,7 @@ FVP
sudo cp ${WORKSPACE}/build/tmp/deploy/images/corstone1000-fvp/corstone1000-fvp-v6.uefi.capsule /mnt/ir-acs-live-image-generic-arm64/
sudo cp ${WORKSPACE}/corstone1000-fvp-v5.uefi.capsule /mnt/ir-acs-live-image-generic-arm64/
sudo cp ${WORKSPACE}/corstone1000-fvp-partial-v7.uefi.capsule /mnt/ir-acs-live-image-generic-arm64/
sync
#. Unmount the IR image:
@@ -1088,8 +1162,8 @@ FVP
Run Capsule Update Tests
************************
The valid capsule (``corstone1000-${TARGET}-v6.uefi.capsule``) will be used first to run the positive capsule update test.
This will be followed by using the invalid capsule (``corstone1000-${TARGET}-v5.uefi.capsule``) to run the rollback protection capsule update test.
The valid capsules will be used first to run the positive capsule update tests.
This will be followed by using the invalid capsule to run the rollback protection capsule update test.
.. important::
@@ -1097,10 +1171,10 @@ This will be followed by using the invalid capsule (``corstone1000-${TARGET}-v5.
The rollback protection capsule update test effectively tests that firmware rollback is not permitted.
.. _positive-capsule-update-test:
.. _positive-full-capsule-update-test:
Positive Capsule Update Test
============================
Positive Full Capsule Update Test
=================================
#. Run Corstone-1000 with the ACS image containing the two capsule files:
@@ -1111,11 +1185,16 @@ Positive Capsule Update Test
- FVP:
#. Run the FVP with the IR prebuilt image which now also contains the two capsules:
#. Run ``tmux``:
.. code-block:: console
cd ${WORKSPACE} && tmux
#. Run the FVP within ``tmux`` with the IR prebuilt image which now also contains the two capsules:
.. code-block:: console
tmux
kas shell meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml \
-c "../meta-arm/scripts/runfvp --terminals=tmux \
-- -C board.msd_mmc.p_mmc_file=${ACS_IMAGE_PATH}/ir-acs-live-image-generic-arm64.wic"
@@ -1237,14 +1316,31 @@ Positive Capsule Update Test
.. warning::
Do not terminate FVP between the positive and rollback protection capsule update tests.
Do not terminate FVP between the positive full capsule update and partial capsule update tests.
.. _positive-partial-capsule-update-test:
Positive Partial Capsule Update Test
====================================
Follow the steps for the `positive full capsule update test <positive-full-capsule-update-test_>`__ ensuring you use
``corstone1000-${TARGET}-partial-v7.uefi.capsule`` instead of ``corstone1000-${TARGET}-v6.uefi.capsule``.
Once the system has fully booted again, `read the ESRT <verifying-firmware-versions-via-esrt_>`__ to
confirm that the firmware version reflects the updated capsule.
.. warning::
Do not terminate FVP between the positive partial capsule update rollback protection capsule update tests.
Rollback Protection Capsule Update Test
=======================================
.. important::
The `positive capsule update test <positive-capsule-update-test_>`__ must be run before running the rollback protection capsule update test.
The `positive partial capsule update test <positive-partial-capsule-update-test_>`__ must be run before running the rollback protection capsule update test.
#. After running the positive capsule update test, reboot the system by typing the following command on the Host Processor terminal (``ttyUSB2`` for MPS3):
@@ -1361,7 +1457,7 @@ Rollback Protection Capsule Update Test
$ loadm 0x90000000 $kernel_addr_r $filesize
$ bootefi $kernel_addr_r $fdtcontroladdr
#. Once the system has fully booted again, `read the ESRT <verifying-firmware-versions-via-esrt_>`__ to
#. Once the system has fully booted again, `read the ESRT <verifying-firmware-versions-via-esrt_>`__ to
confirm that the firmware version reflects the updated capsule.
.. _verifying-firmware-versions-via-esrt:
@@ -1431,8 +1527,8 @@ To check the version and status of BL2 (``entry0``), run:
cat /sys/firmware/efi/esrt/entries/entry0/last_attempt_status
Positive Capsule Update Test ESRT
=================================
Positive Full Capsule Update Test ESRT
======================================
The following table shows the details of the first four ESRT entries for the positive capsule update test:
@@ -1448,6 +1544,23 @@ The following table shows the details of the first four ESRT entries for the pos
| 0 | ``${INITRAMFS_GUID}`` | 0 | 6 | 0 | 6 | 0 |
+-------------------+-----------------------+-------------+----------------+-------------------------+--------------------------+-----------------------------+
Positive Partial Capsule Update Test ESRT
=========================================
The following table shows the details of the first four ESRT entries for the positive capsule update test:
+-------------------+-----------------------+-------------+----------------+-------------------------+--------------------------+-----------------------------+
| ``capsule_flags`` | ``fw_class`` | ``fw_type`` | ``fw_version`` | ``last_attempt_status`` | ``last_attempt_version`` | ``lowest_supported_fw_ver`` |
+===================+=======================+=============+================+=========================+==========================+=============================+
| 0 | ``${BL2_GUID}`` | 0 | 7 | 0 | 7 | 0 |
+-------------------+-----------------------+-------------+----------------+-------------------------+--------------------------+-----------------------------+
| 0 | ``${TFM_S_GUID}`` | 0 | 6 | 0 | 6 | 0 |
+-------------------+-----------------------+-------------+----------------+-------------------------+--------------------------+-----------------------------+
| 0 | ``${FIP_GUID}`` | 0 | 6 | 0 | 6 | 0 |
+-------------------+-----------------------+-------------+----------------+-------------------------+--------------------------+-----------------------------+
| 0 | ``${INITRAMFS_GUID}`` | 0 | 6 | 0 | 6 | 0 |
+-------------------+-----------------------+-------------+----------------+-------------------------+--------------------------+-----------------------------+
Rollback Protection Capsule Update Test ESRT
============================================
@@ -1456,7 +1569,7 @@ The following table shows the details of the first four ESRT entries for the rol
+-------------------+------------------------+-------------+----------------+-------------------------+--------------------------+-----------------------------+
| ``capsule_flags`` | ``fw_class`` | ``fw_type`` | ``fw_version`` | ``last_attempt_status`` | ``last_attempt_version`` | ``lowest_supported_fw_ver`` |
+===================+========================+=============+================+=========================+==========================+=============================+
| 0 | ``${BL2_GUID}`` | 0 | 6 | 1 | 5 | 0 |
| 0 | ``${BL2_GUID}`` | 0 | 7 | 1 | 5 | 0 |
+-------------------+------------------------+-------------+----------------+-------------------------+--------------------------+-----------------------------+
| 0 | ``${TFM_S_GUID}`` | 0 | 6 | 0 | 6 | 0 |
+-------------------+------------------------+-------------+----------------+-------------------------+--------------------------+-----------------------------+
@@ -1491,44 +1604,40 @@ Follow the instructions below to create the installation media.
#. Using your development machine, download one of following Linux distribution images:
- `Debian installer image <https://cdimage.debian.org/mirror/cdimage/archive/12.7.0/arm64/iso-dvd/>`__
- `OpenSUSE Tumbleweed installer image <http://download.opensuse.org/ports/aarch64/tumbleweed/iso/>`__
- `openSUSE Leap installer image <https://download.opensuse.org/distribution/leap/15.6/iso/openSUSE-Leap-15.6-DVD-aarch64-Current.iso>`__
.. note::
For openSUSE Tumbleweed, search for an ISO file with the format: ``openSUSE-Tumbleweed-DVD-aarch64-Snapshot$DATE-Media.iso``.
``openSUSE-Tumbleweed-DVD-aarch64-Snapshot20250509-Media.iso`` was used during development.
The location of the ISO file on the development machine will be referred to as ``${DISTRO_INSTALLER_ISO_PATH}``.
The location of the ISO file on the development machine will be referred to as ``${DISTRO_INSTALLER_ISO_PATH}``.
#. Create the installation media which will contain the necessary files to install the operation system.
- MPS3:
- **MPS3**:
#. Plug a blank USB drive formatted with FAT32, ensuring it has a minimum capacity of 4GB, to the development machine.
#. Plug a blank USB drive formatted with FAT32, ensuring it has a minimum capacity of 4GB, to the development machine.
#. Run the following command to discover which device is your USB drive:
#. Run the following command to discover which device is your USB drive:
.. code-block:: console
.. code-block:: console
lsblk
lsblk
The remaining steps assume the USB drive is ``/dev/sdb``.
The remaining steps assume the USB drive is ``/dev/sdb``.
.. warning::
.. warning::
Do not mistake your development machine hard drive with the USB drive.
Do not mistake your development machine hard drive with the USB drive.
#. Write one of the distribution installer ISO file to the USB drive.
#. Write one of the distribution installer ISO file to the USB drive.
.. code-block:: console
.. code-block:: console
sudo dd if=${DISTRO_INSTALLER_ISO_PATH} of=/dev/sdb iflag=direct oflag=direct status=progress bs=1M; sync;
sudo dd if=${DISTRO_INSTALLER_ISO_PATH} of=/dev/sdb iflag=direct oflag=direct status=progress bs=1M; sync;
- FVP:
- **FVP**:
The distribution installer ISO file does not need to be burnt to a USB drive.
It will be used as is when starting the FVP install the distribution.
The distribution installer ISO file does not need to be burnt to a USB drive.
It will be used as is when starting the FVP install the distribution.
********************
Prepare System Drive
@@ -1586,11 +1695,17 @@ MPS3
FVP
===
#. Start the FVP with the system drive as the primary drive and the distro ISO file as the secondary drive.
#. Run the ``tmux``:
.. code-block:: console
cd ${WORKSPACE} && tmux
#. Start the FVP within ``tmux`` with the system drive as the primary drive and the distro ISO file as the secondary drive:
.. code-block:: console
tmux
kas shell meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml \
-c "../meta-arm/scripts/runfvp --terminals=tmux -- \
-C board.msd_mmc.p_mmc_file=${WORKSPACE}/fvp_distro_system_drive.img \
@@ -1653,11 +1768,16 @@ Boot Distribution
The target should automatically boot into the installed operating system image.
Stop the FVP and run the command below to simulate a cold boot:
Stop the FVP with ``CTRL+C`` and run ``tmux``:
.. code-block:: console
cd ${WORKSPACE} && tmux
Run the command below to simulate a cold boot:
.. code-block:: console
tmux
kas shell meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml \
-c "../meta-arm/scripts/runfvp --terminals=tmux -- \
-C board.msd_mmc.p_mmc_file=${WORKSPACE}/fvp_distro_system_drive.img"
@@ -1681,7 +1801,7 @@ Timeout Optimizations
.. important::
Operating system timeouts are inconsistent across systems.
Skip this section if the system boots to Debian or OpenSUSE without any issue.
Skip this section if the system boots to Debian or openSUSE without any issue.
Make the system modification below whilst in recovery mode to increase timeouts and boot to the installed distribution.
@@ -1796,63 +1916,6 @@ The modified ESP image can be found at ``${WORKSPACE}/build/tmp/deploy/images/co
Run Unsigned Image Boot Test
****************************
.. _unsigned-image-boot-test-fvp:
FVP
===
#. Follow the instructions `here <use-efi-system-partition-fvp_>`__ to use the ESP.
#. Run the software stack as described `here <running-software-stack-fvp_>`__.
#. On the Host Processor terminal host side, stop the execution of U-Boot when prompted to do so with the message ``Press any key to stop``.
.. warning::
There is a timeout of 3 seconds to stop the execution at the U-Boot prompt.
The U-Boot console prompt looks as follows:
.. code-block:: console
corstone1000#
.. important::
The rest of the instructions below will be executed on the U-Boot terminal.
#. On the U-Boot console, set the current MMC device.
.. code-block:: console
corstone1000# mmc dev 1
#. Enroll the four UEFI secure boot authenticated variables.
.. code-block:: console
corstone1000# \
load mmc 1:1 $loadaddr corstone1000_secureboot_keys/PK.auth && setenv -e -nv -bs -rt -at -i $loadaddr:$filesize PK; \
load mmc 1:1 $loadaddr corstone1000_secureboot_keys/KEK.auth && setenv -e -nv -bs -rt -at -i $loadaddr:$filesize KEK; \
load mmc 1:1 $loadaddr corstone1000_secureboot_keys/db.auth && setenv -e -nv -bs -rt -at -i $loadaddr:$filesize db; \
load mmc 1:1 $loadaddr corstone1000_secureboot_keys/dbx.auth && setenv -e -nv -bs -rt -at -i $loadaddr:$filesize dbx
#. Attempt to Load the unsigned kernel image.
.. code-block:: console
corstone1000# \
load mmc 1:1 $loadaddr corstone1000_secureboot_fvp_images/Image_fvp; \
loadm $loadaddr $kernel_addr_r $filesize; \
bootefi $kernel_addr_r $fdtcontroladdr
Booting /MemoryMapped(0x0,0x88200000,0x236aa00)
Image not authenticated
Loading image failed
The unsigned Linux kernel image should not be loaded.
.. _unsigned-image-boot-test-mps3:
MPS3
@@ -1925,27 +1988,68 @@ MPS3
The unsigned Linux kernel image should not be loaded.
**************************
Run Signed Image Boot Test
**************************
.. _unsigned-image-boot-test-fvp:
FVP
===
.. important::
#. Follow the instructions `here <use-efi-system-partition-fvp_>`__ to use the ESP.
You must first perform the `Unsigned Image Boot Test <unsigned-image-boot-test-fvp_>`__.
#. Run the software stack as described `here <running-software-stack-fvp_>`__.
Load the signed kernel image.
#. On the Host Processor terminal host side, stop the execution of U-Boot when prompted to do so with the message ``Press any key to stop``.
.. code-block:: console
.. warning::
corstone1000# \
load mmc 1:1 $loadaddr corstone1000_secureboot_fvp_images/Image_fvp.signed; \
loadm $loadaddr $kernel_addr_r $filesize; \
bootefi $kernel_addr_r $fdtcontroladdr
There is a timeout of 3 seconds to stop the execution at the U-Boot prompt.
The signed Linux kernel image should be booted successfully.
The U-Boot console prompt looks as follows:
.. code-block:: console
corstone1000#
.. important::
The rest of the instructions below will be executed on the U-Boot terminal.
#. On the U-Boot console, set the current MMC device.
.. code-block:: console
corstone1000# mmc dev 1
#. Enroll the four UEFI secure boot authenticated variables.
.. code-block:: console
corstone1000# \
load mmc 1:1 $loadaddr corstone1000_secureboot_keys/PK.auth && setenv -e -nv -bs -rt -at -i $loadaddr:$filesize PK; \
load mmc 1:1 $loadaddr corstone1000_secureboot_keys/KEK.auth && setenv -e -nv -bs -rt -at -i $loadaddr:$filesize KEK; \
load mmc 1:1 $loadaddr corstone1000_secureboot_keys/db.auth && setenv -e -nv -bs -rt -at -i $loadaddr:$filesize db; \
load mmc 1:1 $loadaddr corstone1000_secureboot_keys/dbx.auth && setenv -e -nv -bs -rt -at -i $loadaddr:$filesize dbx
#. Attempt to Load the unsigned kernel image.
.. code-block:: console
corstone1000# \
load mmc 1:1 $loadaddr corstone1000_secureboot_fvp_images/Image_fvp; \
loadm $loadaddr $kernel_addr_r $filesize; \
bootefi $kernel_addr_r $fdtcontroladdr
Booting /MemoryMapped(0x0,0x88200000,0x236aa00)
Image not authenticated
Loading image failed
The unsigned Linux kernel image should not be loaded.
**************************
Run Signed Image Boot Test
**************************
MPS3
====
@@ -1966,6 +2070,25 @@ Load the signed kernel image.
The signed Linux kernel image should be booted successfully.
FVP
===
.. important::
You must first perform the `Unsigned Image Boot Test <unsigned-image-boot-test-fvp_>`__.
Load the signed kernel image.
.. code-block:: console
corstone1000# \
load mmc 1:1 $loadaddr corstone1000_secureboot_fvp_images/Image_fvp.signed; \
loadm $loadaddr $kernel_addr_r $filesize; \
bootefi $kernel_addr_r $fdtcontroladdr
The signed Linux kernel image should be booted successfully.
*******************
Disable Secure Boot
*******************
@@ -1982,15 +2105,6 @@ To resolve this, the Platform Key (one of the UEFI authenticated variables for s
#. On the U-Boot console, delete the Platform Key (PK).
- FVP
.. code-block:: console
corstone1000# \
mmc dev 1; \
load mmc 1:1 $loadaddr corstone1000_secureboot_keys/PK_delete.auth && setenv -e -nv -bs -rt -at -i $loadaddr:$filesize PK; \
boot
- MPS3
.. code-block:: console
@@ -2001,6 +2115,16 @@ To resolve this, the Platform Key (one of the UEFI authenticated variables for s
load usb 0 $loadaddr corstone1000_secureboot_keys/PK_delete.auth && setenv -e -nv -bs -rt -at -i $loadaddr:$filesize PK; \
boot
- FVP
.. code-block:: console
corstone1000# \
mmc dev 1; \
load mmc 1:1 $loadaddr corstone1000_secureboot_keys/PK_delete.auth && setenv -e -nv -bs -rt -at -i $loadaddr:$filesize PK; \
boot
PSA API
-------
@@ -2098,12 +2222,19 @@ Ethos-U85 NPU
git clone https://git.gitlab.arm.com/arm-reference-solutions/systemready-patch.git \
-b CORSTONE1000-2025.12
#. Copy the additional kas configuration file to:
.. code-block:: console
cp ${WORKSPACE}/systemready-patch/embedded-a/corstone1000/ethos-u85_test/ethos-u85_test.yml \
${WORKSPACE}/meta-arm/kas/
#. Re-Build the Corstone-1000 with Cortex-A320 FVP software stack as follows:
.. code-block:: console
kas build meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml:meta-arm/kas/corstone1000-a320.yml:\
systemready-patch/embedded-a/corstone1000/ethos-u85_test/ethos-u85_test.yml
meta-arm/kas/ethos-u85_test.yml
#. Run the Corstone-1000 with Cortex-320 FVP:
@@ -2234,12 +2365,12 @@ and `Arm Development Studio <arm-ds-website_>`__ versions 2022.2, 2022.c, or 202
--------------
*Copyright (c) 2022-2025, Arm Limited. All rights reserved.*
*Copyright (c) 2022-2026, Arm Limited. All rights reserved.*
.. _arm-developer-fvp: https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps
.. _secure-debug-manager-repo-readme: https://github.com/ARM-software/secure-debug-manager/tree/master?tab=readme-ov-file#secure-debug-manager-psa-adac--sdc-600
.. _secure-debug-manager-armds-integration: https://github.com/ARM-software/secure-debug-manager?tab=readme-ov-file#arm-development-studio-integration
.. _meta-arm-repository-release-branch: https://web.git.yoctoproject.org/meta-arm?h=walnascar
.. _meta-arm-repository-release-branch: https://docs.yoctoproject.org/next/migration-guides/migration-5.3.html
.. _arm-ulink-pro-website: https://www.arm.com/products/development-tools/debug-probes/ulink-pro
.. _arm-ds-website: https://www.arm.com/products/development-tools/embedded-and-software/arm-development-studio
.. _edk2-repository: https://github.com/tianocore/edk2
@@ -0,0 +1,116 @@
From bea93292fdd5eecd4d106a4288004493cabd13b2 Mon Sep 17 00:00:00 2001
From: Maulik Patel <maulik.patel@arm.com>
Date: Mon, 14 Jul 2025 14:55:09 +0100
Subject: [PATCH] BL2: Remove the weak function definition
When psa_adac_generate_challenge is called from the psa adac crypto
library (psa_adac_psa_crypto), linker uses the weak function defined in
the thin_psa_crypto_core.c since it part of same static library
(bl2_cc3xx_psa_driver_api).
This weak function is intended to be overridden by the strong function
defined in the linked library (cc3xx_psa_random).
This commit creates separate static library for the weak function
mbedtls_psa_external_get_random and links it only when the
crypto hardware accelerator is not enabled.
Upstream-Status: Backport [aef30c4e6507db792648b01f81bc82d3c54f7d43]
Signed-off-by: Maulik Patel <maulik.patel@arm.com>
Change-Id: Ic51944a2f4c9bf0bcc0560a38e40c85444bd8aac
---
bl2/CMakeLists.txt | 14 ++++++++++++++
bl2/src/psa_stub_rng.c | 24 ++++++++++++++++++++++++
bl2/src/thin_psa_crypto_core.c | 16 ----------------
3 files changed, 38 insertions(+), 16 deletions(-)
create mode 100644 bl2/src/psa_stub_rng.c
diff --git a/bl2/CMakeLists.txt b/bl2/CMakeLists.txt
index f6c2f894d0..d852102427 100644
--- a/bl2/CMakeLists.txt
+++ b/bl2/CMakeLists.txt
@@ -57,6 +57,19 @@ endif()
############################### BL2_CRYPTO #####################################
+# Adds a static library target named 'bl2_fallback_rng' which includes the source file
+# 'src/psa_stub_rng.c'. This source file contains only the __weak stub implementation,
+# serving as a fallback for random number generation in case no other RNG is provided.
+if(NOT CRYPTO_HW_ACCELERATOR)
+ add_library(bl2_fallback_rng STATIC
+ src/psa_stub_rng.c
+ )
+ target_link_libraries(bl2_fallback_rng
+ PUBLIC
+ bl2_crypto_config
+ )
+endif()
+
set(is_384_bit_curve "$<STREQUAL:${SIG_LEN},384>")
set(is_256_bit_curve "$<STREQUAL:${SIG_LEN},256>")
set(build_sha_384 "$<AND:${is_ec_signature},${is_384_bit_curve}>")
@@ -150,6 +163,7 @@ target_link_libraries(bl2
$<$<BOOL:${TEST_BL2}>:mcuboot_tests>
PUBLIC
bl2_crypto
+ $<$<NOT:$<BOOL:${CRYPTO_HW_ACCELERATOR}>>:bl2_fallback_rng>
)
target_compile_options(bl2
diff --git a/bl2/src/psa_stub_rng.c b/bl2/src/psa_stub_rng.c
new file mode 100644
index 0000000000..6ede1ddc59
--- /dev/null
+++ b/bl2/src/psa_stub_rng.c
@@ -0,0 +1,24 @@
+/*
+ * SPDX-FileCopyrightText: Copyright The TrustedFirmware-M Contributors
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+/**
+ * \note This source file is derivative work of psa_crypto.c from the Mbed TLS project
+ */
+#include <stdint.h>
+#include "psa/crypto.h"
+
+/* This function is stubbed as no source of randomness is required
+ * by APIs used in the BLx stages. Nevertheless, an hardwware driver
+ * for a TRNG might override this implementation with a valid one
+ * hence mark it as a weak
+ */
+__attribute__((weak))
+psa_status_t mbedtls_psa_external_get_random(
+ mbedtls_psa_external_random_context_t *context,
+ uint8_t *output, size_t output_size, size_t *output_length)
+{
+ return PSA_ERROR_NOT_SUPPORTED;
+}
diff --git a/bl2/src/thin_psa_crypto_core.c b/bl2/src/thin_psa_crypto_core.c
index 4c0c1897a2..07e3e1e07b 100644
--- a/bl2/src/thin_psa_crypto_core.c
+++ b/bl2/src/thin_psa_crypto_core.c
@@ -677,19 +677,3 @@ psa_status_t psa_driver_wrapper_export_public_key(
return PSA_SUCCESS;
}
-
-#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
-/* This function is stubbed as no source of randomness is required
- * by APIs used in the BLx stages. Nevertheless, an hardwware driver
- * for a TRNG might override this implementation with a valid one
- * hence mark it as a weak
- */
-__attribute__((weak))
-psa_status_t mbedtls_psa_external_get_random(
- mbedtls_psa_external_random_context_t *context,
- uint8_t *output, size_t output_size, size_t *output_length)
-{
- return PSA_ERROR_NOT_SUPPORTED;
-}
-#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
-/*!@}*/
--
2.43.0
@@ -0,0 +1,40 @@
From d60a6b4edda3465d86ec264b2cbfd7d14109ed5f Mon Sep 17 00:00:00 2001
From: Devaraj Ranganna <devaraj.ranganna@arm.com>
Date: Thu, 18 Sep 2025 22:07:38 +0100
Subject: [PATCH 2/2] Corstone-1000: Enable different DRBG configurations
The following DRBG configurations are enabled:
* `CC3XX_CONFIG_DRBG_CTR_ENABLE`
* `CC3XX_CONFIG_DRBG_HMAC_ENABLE`
* `CC3XX_CONFIG_DRBG_HASH_ENABLE`
The choice of DRBG is defined by `CC3XX_CONFIG_ENABLE_RANDOM_CTR_DRBG`.
Upstream-Status: Pending [Not submitted to upstream yet]
Signed-off-by: Devaraj Ranganna <devaraj.ranganna@arm.com>
---
platform/ext/target/arm/corstone1000/cc3xx_config.h | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/platform/ext/target/arm/corstone1000/cc3xx_config.h b/platform/ext/target/arm/corstone1000/cc3xx_config.h
index c5654a6bdb..199a99e1ca 100644
--- a/platform/ext/target/arm/corstone1000/cc3xx_config.h
+++ b/platform/ext/target/arm/corstone1000/cc3xx_config.h
@@ -87,6 +87,13 @@
#error "cc3xx_config: RNG config must select a single DRBG"
#endif /* CC3XX_CONFIG_RNG_DRBG_HMAC + CC3XX_CONFIG_RNG_DRBG_CTR + CC3XX_CONFIG_RNG_DRBG_HASH */
+/* Whether the CTR_DRBG is enabled through the generic interface */
+#define CC3XX_CONFIG_DRBG_CTR_ENABLE
+/* Whether the HMAC_DRBG is enabled through the generic interface */
+#define CC3XX_CONFIG_DRBG_HMAC_ENABLE
+/* Whether the HASH_DRBG is enabled through the generic interface */
+#define CC3XX_CONFIG_DRBG_HASH_ENABLE
+
/* Whether an external TRNG should be used in place of the standard CC3XX TRNG */
/* #define CC3XX_CONFIG_RNG_EXTERNAL_TRNG */
--
2.43.0
@@ -0,0 +1,51 @@
From 2165f9db2257905d20722a2b87ceb53f320fc198 Mon Sep 17 00:00:00 2001
From: Devaraj Ranganna <devaraj.ranganna@arm.com>
Date: Mon, 22 Sep 2025 12:48:57 +0100
Subject: [PATCH 1/2] bl2: corstone-1000: Remove
`psa_adac_to_tfm_apply_permissions`
The API `psa_adac_to_tfm_apply_permissions` is added to `psa-adac`
library. Therefore, remove it from
`platform/ext/target/arm/corstone1000/bl2/boot_hal_bl2.c`.
Upstream-Status: Pending [Not submitted to upstream yet]
Signed-off-by: Devaraj Ranganna <devaraj.ranganna@arm.com>
---
.../arm/corstone1000/bl2/boot_hal_bl2.c | 21 -------------------
1 file changed, 21 deletions(-)
diff --git a/platform/ext/target/arm/corstone1000/bl2/boot_hal_bl2.c b/platform/ext/target/arm/corstone1000/bl2/boot_hal_bl2.c
index 2abcfb5fd3..8c4eb80d03 100644
--- a/platform/ext/target/arm/corstone1000/bl2/boot_hal_bl2.c
+++ b/platform/ext/target/arm/corstone1000/bl2/boot_hal_bl2.c
@@ -111,27 +111,6 @@ static bool fill_flash_map_with_fip_data(uint8_t boot_index) {
#endif /* !TFM_S_REG_TEST */
#ifdef PLATFORM_PSA_ADAC_SECURE_DEBUG
-int psa_adac_to_tfm_apply_permissions(uint8_t permissions_mask[16])
-{
- (void)permissions_mask;
-
- int ret;
- uint32_t dcu_reg_values[4];
-
- /* Below values provide same access as when platform is in development
- life cycle state */
- dcu_reg_values[0] = 0xffffe7fc;
- dcu_reg_values[1] = 0x800703ff;
- dcu_reg_values[2] = 0xffffffff;
- dcu_reg_values[3] = 0xffffffff;
-
- ret = crypto_hw_apply_debug_permissions((uint8_t*)dcu_reg_values, 16);
- BOOT_LOG_INF("%s: debug permission apply %s\n\r", __func__,
- (ret == 0) ? "success" : "fail");
-
- return ret;
-}
-
uint8_t secure_debug_rotpk[32];
#endif /* PLATFORM_PSA_ADAC_SECURE_DEBUG */
--
2.43.0
@@ -0,0 +1,56 @@
From fddaf5d297f56305b50b672477cabb840d6f426b Mon Sep 17 00:00:00 2001
From: Devaraj Ranganna <devaraj.ranganna@arm.com>
Date: Mon, 22 Sep 2025 12:59:43 +0100
Subject: [PATCH 2/2] bl2: corstone-1000: secure debug waiting in CM LCS
Currently, when the device is in Secure Enable (SE) LCS state, setting
`dcu_en` register causes CC-312 reset, which effectively resets the
device as they are both on same power domain. Therefore, temporarily
disable moving SE enable before waiting for secure debug notification.
The device will be in CM provisioned state.
Long-term solution is to implement a solution similar to RSE, secure
debug handshake is completed and then a reset is triggered and `dcu_en`
is applied during bl2.
Upstream-Status: Inappropriate [Need to be redesigned]
Signed-off-by: Devaraj Ranganna <devaraj.ranganna@arm.com>
---
.../ext/target/arm/corstone1000/bl2/boot_hal_bl2.c | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/platform/ext/target/arm/corstone1000/bl2/boot_hal_bl2.c b/platform/ext/target/arm/corstone1000/bl2/boot_hal_bl2.c
index 8c4eb80d03..bf7b62881a 100644
--- a/platform/ext/target/arm/corstone1000/bl2/boot_hal_bl2.c
+++ b/platform/ext/target/arm/corstone1000/bl2/boot_hal_bl2.c
@@ -165,7 +165,18 @@ int32_t boot_platform_post_init(void)
}
#ifdef PLATFORM_PSA_ADAC_SECURE_DEBUG
+ /* TODO: Currently, when the device is in Secure Enable (SE) LCS state,
+ setting `dcu_en` register causes CC-312 reset, which effectively resets
+ the device as they are both on same power domain. Therefore, temporarily
+ disable moving SE enable before waiting for secure debug notification.
+ The device will be in CM provisioned state.
+
+ Long-term solution is to implement a solution similar to RSE, secure
+ debug handshake is completed and then a reset is triggered and `dcu_en`
+ is applied during bl2.
+
if (!tfm_plat_provisioning_is_required()) {
+ */
plat_err = tfm_plat_otp_read(PLAT_OTP_ID_SECURE_DEBUG_PK, 32, secure_debug_rotpk);
if (plat_err != TFM_PLAT_ERR_SUCCESS) {
@@ -176,7 +187,7 @@ int32_t boot_platform_post_init(void)
BOOT_LOG_INF("%s: Corstone-1000 Secure Debug is a %s.\r\n", __func__,
(result == 0) ? "success" : "failure");
- }
+ /*}*/
#endif
return 0;
--
2.43.0
@@ -0,0 +1,88 @@
From 6c2aae4f5dae05d12b834ea8ca5c7da505ffd965 Mon Sep 17 00:00:00 2001
From: Antonio de Angelis <Antonio.deAngelis@arm.com>
Date: Thu, 18 Sep 2025 11:17:46 +0100
Subject: [PATCH 1/4] CC3XX: Add logging on cc3xx_dcu.c
Helps understanding which values are being applied and the
current status of the system (current DCU opens, DCU locks and
the restriction mask).
Upstream-Status: Backport [7d3931b4f02ea253f065d593743a7c2e0cbca0d7]
Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
Change-Id: I426ee064a0008d8031aabdea91fa771b8c892fe4
---
.../cc3xx/low_level_driver/src/cc3xx_dcu.c | 29 +++++++++++++++++++
1 file changed, 29 insertions(+)
diff --git a/platform/ext/target/arm/drivers/cc3xx/low_level_driver/src/cc3xx_dcu.c b/platform/ext/target/arm/drivers/cc3xx/low_level_driver/src/cc3xx_dcu.c
index bc23ed6aba..ce9b1afc4a 100644
--- a/platform/ext/target/arm/drivers/cc3xx/low_level_driver/src/cc3xx_dcu.c
+++ b/platform/ext/target/arm/drivers/cc3xx/low_level_driver/src/cc3xx_dcu.c
@@ -10,6 +10,9 @@
#include <assert.h>
#include <string.h>
+/* FixMe: Remove this when CC3XX_INFO logging gets sorted */
+#define CC3XX_INFO(...)
+
/**
* @brief Check that the requested permissions are in accordance with the
* hardware restriction mask
@@ -21,6 +24,12 @@ static cc3xx_err_t check_dcu_restriction_mask(const uint32_t *val)
{
size_t idx;
+ CC3XX_INFO("icv_dcu_restriction_mask: 0x%08x_%08x_%08x_%08x\r\n",
+ P_CC3XX->ao.ao_icv_dcu_restriction_mask[0],
+ P_CC3XX->ao.ao_icv_dcu_restriction_mask[1],
+ P_CC3XX->ao.ao_icv_dcu_restriction_mask[2],
+ P_CC3XX->ao.ao_icv_dcu_restriction_mask[3]);
+
for (idx = 0; idx < sizeof(P_CC3XX->ao.ao_icv_dcu_restriction_mask) / sizeof(uint32_t); idx++) {
if (val[idx] & ~P_CC3XX->ao.ao_icv_dcu_restriction_mask[idx]) {
return CC3XX_ERR_DCU_MASK_MISMATCH;
@@ -42,6 +51,18 @@ static cc3xx_err_t check_dcu_locks(const uint32_t *val)
size_t idx;
uint32_t dcu_has_to_change;
+ CC3XX_INFO("Current host_dcu_en: 0x%08x_%08x_%08x_%08x\r\n",
+ P_CC3XX->ao.host_dcu_en[0],
+ P_CC3XX->ao.host_dcu_en[1],
+ P_CC3XX->ao.host_dcu_en[2],
+ P_CC3XX->ao.host_dcu_en[3]);
+
+ CC3XX_INFO("host_dcu_lock: 0x%08x_%08x_%08x_%08x\r\n",
+ P_CC3XX->ao.host_dcu_lock[0],
+ P_CC3XX->ao.host_dcu_lock[1],
+ P_CC3XX->ao.host_dcu_lock[2],
+ P_CC3XX->ao.host_dcu_lock[3]);
+
for (idx = 0; idx < sizeof(P_CC3XX->ao.host_dcu_en) / sizeof(uint32_t); idx++) {
/* Check if the host_dcu_en has to change */
dcu_has_to_change = P_CC3XX->ao.host_dcu_en[idx] ^ val[idx];
@@ -123,6 +144,12 @@ cc3xx_err_t cc3xx_dcu_set_enabled(const uint8_t *permissions_mask, size_t len)
dcu_en_requested[idx] = *((uint32_t *)(permissions_mask + (idx*sizeof(uint32_t))));
}
+ CC3XX_INFO("Requested host_dcu_en: 0x%08x_%08x_%08x_%08x\r\n",
+ dcu_en_requested[0],
+ dcu_en_requested[1],
+ dcu_en_requested[2],
+ dcu_en_requested[3]);
+
/* Check the restriction mask for the dcu_en*/
err = check_dcu_restriction_mask(dcu_en_requested);
if (err != CC3XX_ERR_SUCCESS) {
@@ -139,6 +166,8 @@ cc3xx_err_t cc3xx_dcu_set_enabled(const uint8_t *permissions_mask, size_t len)
P_CC3XX->ao.host_dcu_en[idx] = dcu_en_requested[idx];
}
+ CC3XX_INFO("Requested host_dcu_en applied successfully\r\n");
+
return CC3XX_ERR_SUCCESS;
}
/** @} */ // end of cc3xx_dcu
--
2.43.0
@@ -0,0 +1,72 @@
From b51461b88a0fb4ab60e21fcf7f85503e0a7aade0 Mon Sep 17 00:00:00 2001
From: Antonio de Angelis <Antonio.deAngelis@arm.com>
Date: Thu, 18 Sep 2025 13:02:36 +0100
Subject: [PATCH 2/4] CC3XX: DCU: Check dcu_en against the
permanent_disable_mask
Regardless of the lifecycle state, there is a permanent disable
mask register against which the required DCU_EN need to be checked.
Upstream-Status: Backport [ab8edf16290fc13aa2eb5f5149235613c4f7c9a0]
Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
Change-Id: I2b4435d6ae7ebb8238987be06ac0c3b40b6dc991
---
.../cc3xx/low_level_driver/src/cc3xx_dcu.c | 34 ++++++++++++++++++-
1 file changed, 33 insertions(+), 1 deletion(-)
diff --git a/platform/ext/target/arm/drivers/cc3xx/low_level_driver/src/cc3xx_dcu.c b/platform/ext/target/arm/drivers/cc3xx/low_level_driver/src/cc3xx_dcu.c
index ce9b1afc4a..089589f278 100644
--- a/platform/ext/target/arm/drivers/cc3xx/low_level_driver/src/cc3xx_dcu.c
+++ b/platform/ext/target/arm/drivers/cc3xx/low_level_driver/src/cc3xx_dcu.c
@@ -39,6 +39,32 @@ static cc3xx_err_t check_dcu_restriction_mask(const uint32_t *val)
return CC3XX_ERR_SUCCESS;
}
+/**
+ * @brief Check that the requested permissions are in accordance with the
+ * permanent disable mask. A 1 in the mask means disabled
+ *
+ * @param[in] val Sets of permissions, i.e. host_dcu_en to check as an array of 4 words
+ * @return cc3xx_err_t CC3XX_ERR_SUCCESS or CC3XX_ERR_DCU_MASK_MISMATCH
+ */
+static cc3xx_err_t check_dcu_permanent_disable_mask(const uint32_t *val)
+{
+ size_t idx;
+
+ CC3XX_INFO("permanent_disable_mask: 0x%08x_%08x_%08x_%08x\r\n",
+ P_CC3XX->ao.ao_permanent_disable_mask[0],
+ P_CC3XX->ao.ao_permanent_disable_mask[1],
+ P_CC3XX->ao.ao_permanent_disable_mask[2],
+ P_CC3XX->ao.ao_permanent_disable_mask[3]);
+
+ for (idx = 0; idx < sizeof(P_CC3XX->ao.ao_permanent_disable_mask) / sizeof(uint32_t); idx++) {
+ if (val[idx] & P_CC3XX->ao.ao_permanent_disable_mask[idx]) {
+ return CC3XX_ERR_DCU_MASK_MISMATCH;
+ }
+ }
+
+ return CC3XX_ERR_SUCCESS;
+}
+
/**
* @brief Check that the requested permissions are in accordance with the
* current status of the DCU locks
@@ -150,7 +176,13 @@ cc3xx_err_t cc3xx_dcu_set_enabled(const uint8_t *permissions_mask, size_t len)
dcu_en_requested[2],
dcu_en_requested[3]);
- /* Check the restriction mask for the dcu_en*/
+ /* Check the permanent disable mask for the dcu_en */
+ err = check_dcu_permanent_disable_mask(dcu_en_requested);
+ if (err != CC3XX_ERR_SUCCESS) {
+ return err;
+ }
+
+ /* Check the ICV restriction mask for the dcu_en */
err = check_dcu_restriction_mask(dcu_en_requested);
if (err != CC3XX_ERR_SUCCESS) {
return err;
--
2.43.0
@@ -0,0 +1,118 @@
From 7607a80c43e6cdc9aab6aea61dcc6b4a567136b2 Mon Sep 17 00:00:00 2001
From: Antonio de Angelis <Antonio.deAngelis@arm.com>
Date: Fri, 19 Sep 2025 10:21:59 +0100
Subject: [PATCH 3/4] CC3XX: DCU: Enable checking ICV restriction mask
configurable
To allow for platforms which might not convey the CM/DM cert
enable information to the driver to work correctly. The ICV
restriction mask is a software only feature hence restrictions
won't be taken into account when the feature is not enabled in FW.
Upstream-Status: Backport [ffb14450be486b5cb9cc8d0cce8903fc3bb5de34]
Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
Change-Id: Ie5b7efadf9ef1f722546585669383e660acf97a9
---
.../target/arm/corstone1000/cc3xx_config.h | 3 +++
.../cc3xx/low_level_driver/src/cc3xx_dcu.c | 21 ++++++++++++++-----
.../target/arm/musca_b1/cc312/cc3xx_config.h | 3 +++
3 files changed, 22 insertions(+), 5 deletions(-)
diff --git a/platform/ext/target/arm/corstone1000/cc3xx_config.h b/platform/ext/target/arm/corstone1000/cc3xx_config.h
index 199a99e1ca..a63a2df07a 100644
--- a/platform/ext/target/arm/corstone1000/cc3xx_config.h
+++ b/platform/ext/target/arm/corstone1000/cc3xx_config.h
@@ -13,6 +13,9 @@
#define CC3XX_CONFIG_BASE_ADDRESS (CC3XX_BASE_S)
#endif /* CC3XX_CONFIG_BASE_ADDRESS */
+/* Whether the DCU apply permission function enforces ICV restriction mask */
+#define CC3XX_CONFIG_DCU_ICV_RESTRICTION_MASK_CHECK
+
/* Whether uint32_t accesses must be strictly 4-byte aligned */
/* CC3XX_CONFIG_STRICT_UINT32_T_ALIGNMENT */
diff --git a/platform/ext/target/arm/drivers/cc3xx/low_level_driver/src/cc3xx_dcu.c b/platform/ext/target/arm/drivers/cc3xx/low_level_driver/src/cc3xx_dcu.c
index 089589f278..f2b70819c0 100644
--- a/platform/ext/target/arm/drivers/cc3xx/low_level_driver/src/cc3xx_dcu.c
+++ b/platform/ext/target/arm/drivers/cc3xx/low_level_driver/src/cc3xx_dcu.c
@@ -1,18 +1,26 @@
/*
- * Copyright (c) 2024, The TrustedFirmware-M Contributors. All rights reserved.
+ * SPDX-FileCopyrightText: Copyright The TrustedFirmware-M Contributors
*
* SPDX-License-Identifier: BSD-3-Clause
*
*/
-#include "cc3xx_dcu.h"
-#include "cc3xx_dev.h"
+#ifndef CC3XX_CONFIG_FILE
+#include "cc3xx_config.h"
+#else
+#include CC3XX_CONFIG_FILE
+#endif
+
#include <assert.h>
#include <string.h>
+#include "cc3xx_dcu.h"
+#include "cc3xx_dev.h"
+
/* FixMe: Remove this when CC3XX_INFO logging gets sorted */
#define CC3XX_INFO(...)
+#ifdef CC3XX_CONFIG_DCU_ICV_RESTRICTION_MASK_CHECK
/**
* @brief Check that the requested permissions are in accordance with the
* hardware restriction mask
@@ -20,7 +28,7 @@
* @param[in] val Sets of permissions, i.e. host_dcu_en to check as an array of 4 words
* @return cc3xx_err_t CC3XX_ERR_SUCCESS or CC3XX_ERR_DCU_MASK_MISMATCH
*/
-static cc3xx_err_t check_dcu_restriction_mask(const uint32_t *val)
+static cc3xx_err_t check_dcu_icv_restriction_mask(const uint32_t *val)
{
size_t idx;
@@ -38,6 +46,7 @@ static cc3xx_err_t check_dcu_restriction_mask(const uint32_t *val)
return CC3XX_ERR_SUCCESS;
}
+#endif /* CC3XX_CONFIG_DCU_ICV_RESTRICTION_MASK_CHECK */
/**
* @brief Check that the requested permissions are in accordance with the
@@ -182,11 +191,13 @@ cc3xx_err_t cc3xx_dcu_set_enabled(const uint8_t *permissions_mask, size_t len)
return err;
}
+#ifdef CC3XX_CONFIG_DCU_ICV_RESTRICTION_MASK_CHECK
/* Check the ICV restriction mask for the dcu_en */
- err = check_dcu_restriction_mask(dcu_en_requested);
+ err = check_dcu_icv_restriction_mask(dcu_en_requested);
if (err != CC3XX_ERR_SUCCESS) {
return err;
}
+#endif /* CC3XX_CONFIG_DCU_ICV_RESTRICTION_MASK_CHECK */
/* Check if any dcu_lock has been locked for the corresponding dcu_en */
err = check_dcu_locks(dcu_en_requested);
diff --git a/platform/ext/target/arm/musca_b1/cc312/cc3xx_config.h b/platform/ext/target/arm/musca_b1/cc312/cc3xx_config.h
index cd38d3e837..6fc7ae0fa0 100644
--- a/platform/ext/target/arm/musca_b1/cc312/cc3xx_config.h
+++ b/platform/ext/target/arm/musca_b1/cc312/cc3xx_config.h
@@ -13,6 +13,9 @@
#define CC3XX_CONFIG_BASE_ADDRESS (CC3XX_BASE_S)
#endif /* CC3XX_CONFIG_BASE_ADDRESS */
+/* Whether the DCU apply permission function enforces ICV restriction mask */
+#define CC3XX_CONFIG_DCU_ICV_RESTRICTION_MASK_CHECK
+
/* Whether uint32_t accesses must be strictly 4-byte aligned */
/* CC3XX_CONFIG_STRICT_UINT32_T_ALIGNMENT */
--
2.43.0
@@ -0,0 +1,49 @@
From d50f841de57c0848595834ab8cde4c89e4ffc1ca Mon Sep 17 00:00:00 2001
From: Antonio de Angelis <Antonio.deAngelis@arm.com>
Date: Fri, 19 Sep 2025 10:31:21 +0100
Subject: [PATCH 4/4] Platform: ADAC: Musca-B1 and Corstone-1000 do not check
ICV restrictions mask
As the permissions being requested in our reference certificates are not
taking into consideration this aspect yet. As restriction checking is purely
a FW feature, this means that ICV restrictions are not taken into any
considerations (i.e. which DCU_EN are exclusively reserved for CM or DM)
Upstream-Status: Backport [392f6752bd70052371278c93693b8c3d95cce0c9]
Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
Change-Id: I8ef4e432a395e1938d749082fbd25fa58916211c
---
platform/ext/target/arm/corstone1000/cc3xx_config.h | 2 +-
platform/ext/target/arm/musca_b1/cc312/cc3xx_config.h | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/platform/ext/target/arm/corstone1000/cc3xx_config.h b/platform/ext/target/arm/corstone1000/cc3xx_config.h
index a63a2df07a..e3f7843986 100644
--- a/platform/ext/target/arm/corstone1000/cc3xx_config.h
+++ b/platform/ext/target/arm/corstone1000/cc3xx_config.h
@@ -14,7 +14,7 @@
#endif /* CC3XX_CONFIG_BASE_ADDRESS */
/* Whether the DCU apply permission function enforces ICV restriction mask */
-#define CC3XX_CONFIG_DCU_ICV_RESTRICTION_MASK_CHECK
+/* #define CC3XX_CONFIG_DCU_ICV_RESTRICTION_MASK_CHECK */
/* Whether uint32_t accesses must be strictly 4-byte aligned */
/* CC3XX_CONFIG_STRICT_UINT32_T_ALIGNMENT */
diff --git a/platform/ext/target/arm/musca_b1/cc312/cc3xx_config.h b/platform/ext/target/arm/musca_b1/cc312/cc3xx_config.h
index 6fc7ae0fa0..1faf4a06e5 100644
--- a/platform/ext/target/arm/musca_b1/cc312/cc3xx_config.h
+++ b/platform/ext/target/arm/musca_b1/cc312/cc3xx_config.h
@@ -14,7 +14,7 @@
#endif /* CC3XX_CONFIG_BASE_ADDRESS */
/* Whether the DCU apply permission function enforces ICV restriction mask */
-#define CC3XX_CONFIG_DCU_ICV_RESTRICTION_MASK_CHECK
+/* #define CC3XX_CONFIG_DCU_ICV_RESTRICTION_MASK_CHECK */
/* Whether uint32_t accesses must be strictly 4-byte aligned */
/* CC3XX_CONFIG_STRICT_UINT32_T_ALIGNMENT */
--
2.43.0
@@ -1,35 +0,0 @@
From af71103845498eef4f859deba4b904a195f2817f Mon Sep 17 00:00:00 2001
From: Bence Balogh <bence.balogh@arm.com>
Date: Mon, 22 Jul 2024 17:33:23 +0200
Subject: [PATCH] ADAC: Link psa_interface instead of tfm_sprt
The tfm_sprt brings in other functionalities that are not needed for
the Secure Debug.
The printf() override in tfm_sp_log_raw.c can cause problems because
it calls tfm_hal_output_sp_log() which triggers an SVC. The SVC calls
tfm_hal_output_spm_log which relies on an SPM, which might not be
initialized at that point.
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Upstream-Status: Backport [af0acd1af3e2cc81b12931b31367fb95e49e8272]
---
psa_crypto/CMakeLists.txt | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/psa_crypto/CMakeLists.txt b/psa_crypto/CMakeLists.txt
index 3e70624..58d95f7 100644
--- a/psa_crypto/CMakeLists.txt
+++ b/psa_crypto/CMakeLists.txt
@@ -18,7 +18,7 @@ target_sources(psa_adac_psa_crypto
target_link_libraries(psa_adac_psa_crypto
PRIVATE
psa_adac_config
- tfm_sprt
+ psa_interface
)
target_link_libraries(trusted-firmware-m-psa-adac
--
2.25.1
@@ -0,0 +1,30 @@
From 3c552d0b46559160581e89bf310db0b176e33074 Mon Sep 17 00:00:00 2001
From: Devaraj Ranganna <devaraj.ranganna@arm.com>
Date: Thu, 18 Sep 2025 17:45:20 +0100
Subject: [PATCH] cmake: Update `psa_adac_psa_crypto` dependencies
The auto-generated header files are part of `psa_adac_core` library.
Therefore, link `psa_adac_psa_crypto` library with `psa_adac_core`
library.
Upstream-Status: Pending [Not submitted to upstream yet]
Signed-off-by: Devaraj Ranganna <devaraj.ranganna@arm.com>
---
psa_crypto/CMakeLists.txt | 1 +
1 file changed, 1 insertion(+)
diff --git a/psa_crypto/CMakeLists.txt b/psa_crypto/CMakeLists.txt
index b1c3f5d..efc284d 100644
--- a/psa_crypto/CMakeLists.txt
+++ b/psa_crypto/CMakeLists.txt
@@ -20,6 +20,7 @@ target_link_libraries(psa_adac_psa_crypto
psa_adac_config
$<$<BOOL:${PSA_ADAC_AS_TFM_RUNTIME_SERVICE}>:tfm_sprt>
psa_interface
+ psa_adac_core
)
target_link_libraries(trusted-firmware-m-psa-adac
--
2.43.0
@@ -31,6 +31,7 @@ SRC_URI += " \
"
FILESEXTRAPATHS:prepend := "${THISDIR}/files:"
SRCREV_tfm-psa-adac:corstone1000 = "f2809ae231be33a1afcd7714f40756c67d846c88"
SRC_URI:append:corstone1000 = " \
file://0001-Platform-CS1000-Remove-unused-BL1-files.patch \
file://0002-Platform-Corstone1000-Fix-BL1-compiler-switch-and-re.patch \
@@ -42,13 +43,21 @@ SRC_URI:append:corstone1000 = " \
file://0008-Platform-Corstone1000-Increase-BL1-size-and-align-bi.patch \
file://0009-Platform-CS1K-Adapt-ADAC-enabled-build-to-the-new-BL.patch \
file://0010-plat-corstone1000-Add-support-for-Cortex-A320-varian.patch \
file://0011-BL2-Remove-the-weak-function-definition.patch \
file://0012-Corstone-1000-Enable-different-DRBG-configurations.patch \
file://0013-bl2-corstone-1000-Remove-psa_adac_to_tfm_apply_permi.patch \
file://0014-bl2-corstone-1000-secure-debug-waiting-in-CM-LCS.patch \
file://0015-CC3XX-Add-logging-on-cc3xx_dcu.c.patch \
file://0016-CC3XX-DCU-Check-dcu_en-against-the-permanent_disable.patch \
file://0017-CC3XX-DCU-Enable-checking-ICV-restriction-mask-confi.patch \
file://0018-Platform-ADAC-Musca-B1-and-Corstone-1000-do-not-chec.patch \
"
FILESEXTRAPATHS:prepend:corstone1000-mps3 := "${THISDIR}/files/corstone1000/psa-adac:"
SRC_URI:append:corstone1000-mps3 = " \
file://0001-PSA-revert-header-versions.patch;patchdir=../tfm-psa-adac \
file://0002-ADAC-Link-psa_interface-instead-of-tfm_sprt.patch;patchdir=../tfm-psa-adac \
file://0003-Fix-psa_key_handle_t-initialization.patch;patchdir=../tfm-psa-adac \
file://0002-Fix-psa_key_handle_t-initialization.patch;patchdir=../tfm-psa-adac \
file://0003-cmake-Update-psa_adac_psa_crypto-dependencies.patch;patchdir=../tfm-psa-adac \
"
do_install() {