1
0
mirror of https://git.yoctoproject.org/meta-arm synced 2026-07-18 16:37:08 +00:00

Compare commits

..

22 Commits

Author SHA1 Message Date
Avinash Mehta 2d0b681d3d update tags for Corstone-700 2020.02.10 release
Signed-off-by: Avinash Mehta <avinash.mehta@arm.com>
2020-03-04 10:11:33 +00:00
Tushar Khandelwal 75cf9e84fe add changes to fetch latest code upstream
Signed-off-by: Tushar Khandelwal <tushar.khandelwal@arm.com>
2020-02-05 11:09:38 +00:00
Vishnu Banavath 3da5ef2795 a5ds: update trusted-firmware-a to new git hash
Changes that we were holding as a patch are upstreamed to
trusted-firmware-a master branch. Following are the links
to the changes.

https://review.trustedfirmware.org/#/c/TF-A/trusted-firmware-a/+/2916/
https://review.trustedfirmware.org/#/c/TF-A/trusted-firmware-a/+/2915/
https://review.trustedfirmware.org/#/c/TF-A/trusted-firmware-a/+/2823/
https://review.trustedfirmware.org/#/c/TF-A/trusted-firmware-a/+/2822/
https://review.trustedfirmware.org/#/c/TF-A/trusted-firmware-a/+/2821/

This change is to update the git hash and to remove patching
of trusted-firmware-a by yocto

Change-Id: Id708a5d02950773524aa3b4e13bb5b31ca34c7c2
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
2020-01-24 13:52:58 +00:00
Rui Miguel Silva d26a2b7171 corstone700: change rootfs to cramfs-xip
Use cramfs xip image in wic

Change-Id: I2470ae1c4afa4fe275ad081881604fcb66fafee6
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
2020-01-24 13:52:58 +00:00
Rui Miguel Silva a531de2323 corstone700: add cramfs-xip as image type
Add cramfs xip class and filesystem to tiny image.

Change-Id: I5bba11ef04b7bc54323901c90156484126af87dd
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
2020-01-24 13:52:58 +00:00
Vishnu Banavath ab33651a8a a5ds: update TF-A and uboot patches
To align FPGA with FVP, it is required to make changes in A5DS.
Previous changes are melded into new changes and created a new
patches so as to reduce the number of patches we carry.

Change-Id: Idc7212edeada80bd1780aee932ddcd565d4ed2f9
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
2020-01-24 13:52:58 +00:00
Vishnu Banavath e841380aa4 corstone700.conf: set DTB address to use DDR
This change is to use DDR address for DTB instead of shared RAM.

Change-Id: I191eeb96bbcf062ea9ec21a42b22b2b38ac5003b
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
2020-01-07 17:29:33 +00:00
Avinash Mehta 85ef030d8b Update the trusted-firmware-a md5 LIC_FILES_CHKSUM
Change-Id: Ie4914551a79da7d4b0735d66824603b70e2f1b28
Signed-off-by: Avinash Mehta <avinash.mehta@arm.com>
2020-01-07 17:29:33 +00:00
Vishnu Banavath 8b402b3d6e corstone700: reduce rootfs size to 2MB
Because of memory constraint, reducing rootfs to 2MB

Change-Id: I853fc4322372456ea3df2b7a0e1e5f8b08677e40
2020-01-07 17:29:33 +00:00
Rui Miguel Silva 3f7eec27c3 corstone700: add initial recipes
Add need configuration and recipes to support the corstone700 in
meta-arm.

Change-Id: I5df7e224f4079e6d46fdd1051975772952f52ba9
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
2019-09-23 13:46:26 +01:00
Tushar Khandelwal 44d3f88ed9 arm: trusted-firmware-a: fix the upstream revision
Signed-off-by: Tushar Khandelwal <tushar.khandelwal@arm.com>
2019-09-19 11:02:15 +01:00
Rui Miguel Silva 1fee2e71d8 arm: trusted-firmware-a: fix compilation order
Swap the compile order and make the fip to build at the end when there
is all the needed targets compiled.

Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
2019-09-16 10:58:18 +01:00
Tushar Khandelwal 912967dcd7 iota: use custom kernel instead of the one from poky tiny
Change-Id: I6cf83071d8dfde2d41d4ea3d8ad006ba4bbabda5
Signed-off-by: Tushar Khandelwal <tushar.khandelwal@arm.com>
2019-09-02 15:50:40 +01:00
Rui Miguel Silva f43c35f07c arm: add cramfs class and recipes
Add cramfs-xip to image types and cramfs tools.

Change-Id: I801788c8c73fe354aa526032ae20927a48672cac
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
2019-09-02 15:50:40 +01:00
Rui Miguel Silva ebb261e64b iota: add distro related cofiguration
Add distro configuration and images recipes for tiny and core image for
iota distribution.

Change-Id: I31df5009dbd67b03016150833cc1a6905caa9ca2
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
2019-09-02 15:50:40 +01:00
Rui Miguel Silva f815620455 designstart: add support to a5ds
Add first configuration, layers and recipes to support build of a5ds
images.

Change-Id: Ie6273d0e3feb55471cfc784e62168ce3e2e1f1b6
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
2019-09-02 15:50:40 +01:00
Rui Miguel Silva 9f34cbb321 arm: add arm gcc 7.3.1 native support
Add native gcc version 7.3.1 to support build
of boot-firmware.

Change-Id: I0c64c6217f88e667f24155e1a587badfcc097917
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
2019-09-02 15:50:40 +01:00
Rui Miguel Silva 7e362ece84 arm: add kernel common recipes
add kernel and dtc tool append recipes.

Change-Id: Ie29a4e086de83140f09e7a17b5a6278090c610b0
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
2019-09-02 15:50:40 +01:00
Rui Miguel Silva 96137096b8 arm: add bsp recipes to common layer
Add recipes for common layer for the bsp area, includes
trustedfirmware-a, boot-firmware and u-boot recipe append.

Change-Id: I447a52750afb02cc170f38d5148fa4b5f5777abc
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
2019-09-02 15:50:40 +01:00
Rui Miguel Silva 0d2da45a4f arm: add configuration for common layer
Add initial configuration for arm common layerj

Change-Id: I59cd6b5d4a1fa31eec4472900dbb0fc52f18c4c4
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
2019-09-02 15:50:40 +01:00
Tushar Khandelwal eafd591407 add license file
Signed-off-by: Tushar Khandelwal <tushar.khandelwal@arm.com>
2019-09-02 15:50:40 +01:00
Rui Miguel Silva cc3c00065b Initial commit 2019-05-14 14:52:01 +01:00
620 changed files with 1209 additions and 40036 deletions
-2
View File
@@ -1,2 +0,0 @@
__pycache__
build
-360
View File
@@ -1,360 +0,0 @@
image: ${MIRROR_GHCR}/siemens/kas/kas:4.3.2
variables:
# These are needed as the k8s executor doesn't respect the container
# entrypoint by default
FF_KUBERNETES_HONOR_ENTRYPOINT: 1
FF_USE_LEGACY_KUBERNETES_EXECUTION_STRATEGY: 0
# The default value for KUBERNETES_CPU_REQUEST
CPU_REQUEST: ""
# The default machine tag for the build jobs
DEFAULT_TAG: ""
# The machine tag for the ACS test jobs
ACS_TAG: ""
# The directory to use as the persistent cache (the root for DL_DIR, SSTATE_DIR, etc)
CACHE_DIR: $CI_BUILDS_DIR/persist
# The container mirror to use
MIRROR_GHCR: ghcr.io
# Whether to run the SystemReady ACS tests
ACS_TEST: 0
# The list of extra Kas fragments to be used when building
EXTRA_KAS_FILES: ""
# The NVD API key to use when fetching CVEs
NVDCVE_API_KEY: ""
stages:
- prep
- build
# Common job fragment to get a worker ready
.setup:
tags:
- $DEFAULT_TAG
stage: build
interruptible: true
variables:
KAS_WORK_DIR: $CI_PROJECT_DIR/work
KAS_REPO_REF_DIR: $CACHE_DIR/repos
SSTATE_DIR: $CACHE_DIR/sstate
DL_DIR: $CACHE_DIR/downloads
BB_LOGCONFIG: $CI_PROJECT_DIR/ci/logging.yml
TOOLCHAIN_DIR: $CACHE_DIR/toolchains
IMAGE_DIR: $CI_PROJECT_DIR/work/build/tmp/deploy/images
TOOLCHAIN_LINK_DIR: $CI_PROJECT_DIR/work/build/toolchains
before_script:
- echo KAS_WORK_DIR = $KAS_WORK_DIR
- echo SSTATE_DIR = $SSTATE_DIR
- echo DL_DIR = $DL_DIR
- rm -rf $KAS_WORK_DIR
- mkdir --verbose --parents $KAS_WORK_DIR $KAS_REPO_REF_DIR $SSTATE_DIR $DL_DIR $TOOLCHAIN_DIR $TOOLCHAIN_LINK_DIR
# Must do this here, as it's the only way to make sure the toolchain is installed on the same builder
- ./ci/get-binary-toolchains $DL_DIR $TOOLCHAIN_DIR $TOOLCHAIN_LINK_DIR
# Generalised fragment to do a Kas build
.build:
extends: .setup
variables:
KUBERNETES_CPU_REQUEST: $CPU_REQUEST
rules:
# Don't run MR pipelines
- if: $CI_PIPELINE_SOURCE == "merge_request_event"
when: never
# Don't run pipelines for tags
- if: $CI_COMMIT_TAG
when: never
# Don't run if BUILD_ENABLE_REGEX is set, but the job doesn't match the regex
- if: '$BUILD_ENABLE_REGEX != null && $CI_JOB_NAME !~ $BUILD_ENABLE_REGEX'
when: never
# Allow the dev kernels to fail and not fail the overall build
- if: '$KERNEL == "linux-yocto-dev"'
allow_failure: true
# Catch all for everything else
- if: '$KERNEL != "linux-yocto-dev"'
script:
- KASFILES=$(./ci/jobs-to-kas "$CI_JOB_NAME" $EXTRA_KAS_FILES):lockfile.yml
- echo KASFILES=$KASFILES
- kas dump --update --force-checkout --resolve-refs --resolve-env $KASFILES
- kas build $KASFILES
- ./ci/check-warnings $KAS_WORK_DIR/build/warnings.log
artifacts:
name: "logs"
when: always
paths:
- $CI_PROJECT_DIR/work/build/tmp*/work*/**/temp/log.do_*.*
- $CI_PROJECT_DIR/work/build/tmp*/work*/**/testimage/*
#
# Prep stage, update repositories once.
# Set the CI variable CI_CLEAN_REPOS=1 to refetch the respositories from scratch
#
update-repos:
extends: .setup
stage: prep
allow_failure:
exit_codes: 128
script:
- |
flock --verbose --timeout 60 $KAS_REPO_REF_DIR ./ci/update-repos
# Only generate if doesn't already exist, to allow feature branches to drop one in.
if test -f lockfile.yml; then
echo Using existing lockfile.yml
else
# Be sure that this is the complete list of layers being fetched
kas dump --lock --update ci/qemuarm64.yml:ci/meta-openembedded.yml:ci/clang.yml:ci/meta-virtualization.yml | tee lockfile.yml
fi
artifacts:
name: "lockfile"
paths:
- lockfile.yml
#
# Build stage, the actual build jobs
#
# Available options for building are
# DISTRO: [poky, poky-tiny]
# KERNEL: [linux-yocto, linux-yocto-dev, linux-yocto-rt]
# TOOLCHAINS: [gcc, clang, external-gccarm]
# TCLIBC: [glibc, musl]
# FIRMWARE: [u-boot, edk2]
# TS: [none, trusted-services]
# VIRT: [none, xen]
# TESTING: testimage
arm-systemready-ir-acs:
extends: .build
timeout: 12h
parallel:
matrix:
# arm-systemready-ir-acs must be specified after fvp-base for ordering
# purposes for the jobs-to-kas output. It is not enough to just have it
# in the job name because fvp-base.yml overwrites the target.
- PLATFORM: fvp-base
ARM_SYSTEMREADY_IR_ACS: arm-systemready-ir-acs
tags:
- ${ACS_TAG}
# Validate layers are Yocto Project Compatible
check-layers:
extends: .setup
script:
- kas shell --update --force-checkout ci/base.yml:ci/meta-openembedded.yml:lockfile.yml --command \
"yocto-check-layer-wrapper $CI_PROJECT_DIR/$LAYER --dependency $CI_PROJECT_DIR/meta-* $KAS_WORK_DIR/meta-openembedded/meta-oe --no-auto-dependency"
parallel:
matrix:
- LAYER: [meta-arm, meta-arm-bsp, meta-arm-toolchain]
corstone1000-fvp:
extends: .build
parallel:
matrix:
- FIRMWARE: corstone1000-firmware-only
TESTING: [testimage, tftf]
- FIRMWARE: none
TESTING: testimage
- SYSTEMREADY_FIRMWARE: arm-systemready-firmware
corstone1000-mps3:
extends: .build
parallel:
matrix:
- FIRMWARE: corstone1000-firmware-only
TESTING: [none, tftf]
- FIRMWARE: none
documentation:
extends: .setup
script:
- |
# This can be removed when the kas container has python3-venv installed
sudo apt-get update && sudo apt-get install --yes python3-venv
python3 -m venv venv
. ./venv/bin/activate
pip3 install -r meta-arm-bsp/documentation/requirements.txt
for CONF in meta-*/documentation/*/conf.py ; do
echo Building $CONF...
SOURCE_DIR=$(dirname $CONF)
MACHINE=$(basename $SOURCE_DIR)
sphinx-build -vW $SOURCE_DIR build-docs/$MACHINE
done
test -d build-docs/
artifacts:
paths:
- build-docs/
fvp-base:
extends: .build
parallel:
matrix:
- TS: [none, fvp-base-ts]
TESTING: testimage
- FIRMWARE: edk2
- SYSTEMREADY_FIRMWARE: arm-systemready-firmware
arm-systemready-ir-acs:
extends: .build
timeout: 12h
parallel:
matrix:
# arm-systemready-ir-acs must be specified after fvp-base for ordering
# purposes for the jobs-to-kas output. It is not enough to just have it
# in the job name because fvp-base.yml overwrites the target.
- PLATFORM: [fvp-base, corstone1000-fvp]
ARM_SYSTEMREADY_IR_ACS: arm-systemready-ir-acs
tags:
- ${ACS_TAG}
fvps:
extends: .build
genericarm64:
extends: .build
parallel:
matrix:
- TOOLCHAINS: [gcc, clang]
TESTING: testimage
- KERNEL: linux-yocto-dev
TESTING: testimage
juno:
extends: .build
parallel:
matrix:
- TOOLCHAINS: [gcc, clang]
FIRMWARE: [u-boot, edk2]
# What percentage of machines in the layer do we build
machine-coverage:
extends: .setup
script:
- ./ci/check-machine-coverage
coverage: '/Coverage: \d+/'
metrics:
extends: .setup
artifacts:
reports:
metrics: metrics.txt
script:
- kas shell --update --force-checkout ci/base.yml --command \
"$CI_PROJECT_DIR/ci/patchreview $CI_PROJECT_DIR/meta-* --verbose --metrics $CI_PROJECT_DIR/metrics.txt"
musca-b1:
extends: .build
musca-s1:
extends: .build
n1sdp:
extends: .build
parallel:
matrix:
- TESTING: [none, n1sdp-ts, n1sdp-optee, tftf]
pending-updates:
extends: .setup
# Only run this job for the default branch (master), or if forced with
# BUILD_FORCE_PENDING_UPDATES.
rules:
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
- if: $BUILD_FORCE_PENDING_UPDATES != null
artifacts:
paths:
- update-report
script:
- rm -fr update-report
# This configuration has all of the layers we need enabled
- kas shell --update --force-checkout ci/qemuarm64.yml:ci/meta-openembedded.yml:ci/meta-secure-core.yml:lockfile.yml --command \
"$CI_PROJECT_DIR/scripts/machine-summary.py -t report -o $CI_PROJECT_DIR/update-report $($CI_PROJECT_DIR/ci/listmachines.py meta-arm meta-arm-bsp)"
# Do this on x86 whilst the compilers are x86-only
tags:
- x86_64
qemuarm64-secureboot:
extends: .build
parallel:
matrix:
- KERNEL: [linux-yocto, linux-yocto-rt]
TOOLCHAINS: [gcc, clang]
TCLIBC: [glibc, musl]
TS: [none, qemuarm64-secureboot-ts]
TESTING: testimage
- KERNEL: linux-yocto-dev
TESTING: testimage
qemuarm64:
extends: .build
parallel:
matrix:
- DISTRO: poky
KERNEL: [linux-yocto, linux-yocto-rt]
TOOLCHAINS: [gcc, clang]
FIRMWARE: [u-boot, edk2]
TESTING: testimage
- DISTRO: poky-tiny
TESTING: testimage
- VIRT: xen
- KERNEL: linux-yocto-dev
TESTING: testimage
qemuarm-secureboot:
extends: .build
parallel:
matrix:
- KERNEL: [linux-yocto, linux-yocto-rt]
TOOLCHAINS: [gcc, clang]
TCLIBC: [glibc, musl]
TESTING: testimage
- TOOLCHAINS: external-gccarm
TESTING: testimage
- KERNEL: linux-yocto-dev
TESTING: testimage
qemuarm:
extends: .build
parallel:
matrix:
- DISTRO: poky
KERNEL: [linux-yocto, linux-yocto-rt]
TOOLCHAINS: [gcc, clang]
FIRMWARE: [u-boot, edk2]
TESTING: testimage
- DISTRO: poky-tiny
TESTING: testimage
- VIRT: xen
- KERNEL: linux-yocto-dev
TESTING: testimage
qemuarmv5:
extends: .build
parallel:
matrix:
- DISTRO: poky
KERNEL: [linux-yocto, linux-yocto-dev, linux-yocto-rt]
TESTING: testimage
- DISTRO: poky-tiny
TESTING: testimage
sbsa-ref:
extends: .build
parallel:
matrix:
- KERNEL: [linux-yocto, linux-yocto-rt]
TOOLCHAINS: [gcc, clang]
TESTING: testimage
- KERNEL: linux-yocto-dev
TESTING: testimage
selftest:
extends: .setup
script:
- KASFILES=./ci/qemuarm64.yml:./ci/selftest.yml:lockfile.yml
- kas shell --update --force-checkout $KASFILES -c 'oe-selftest --num-processes 2 --select-tag meta-arm --run-all-tests'
sgi575:
extends: .build
toolchains:
extends: .build
+12 -12
View File
@@ -1,17 +1,17 @@
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
-74
View File
@@ -1,74 +0,0 @@
Introduction
------------
This repository contains the Arm layers for OpenEmbedded.
* meta-arm
This layer contains general recipes for the Arm architecture, such as firmware, FVPs, and Arm-specific integration.
* meta-arm-bsp
This layer contains machines for Arm reference platforms, for example FVP Base, N1SDP, and Juno.
* meta-arm-toolchain
This layer contains recipes for Arm's binary toolchains (GCC and Clang for -A and -M), and a recipe to build Arm's GCC.
Other Directories
-----------------
* ci
This directory contains gitlab continuous integration configuration files (KAS yaml files) as well as scripts needed for this
* kas
This directory contains KAS yaml files to describe builds for systems not used in CI
* scripts
This directory contains scripts used in running the CI tests
Mailing List
------------
To interact with the meta-arm developer community, please email the meta-arm mailing list at meta-arm@lists.yoctoproject.org
Currently, it is configured to only allow emails to members from those subscribed.
To subscribe to the meta-arm mailing list, please go to
https://lists.yoctoproject.org/g/meta-arm
Contributing
------------
Currently, we only accept patches from the meta-arm mailing list. For general
information on how to submit a patch, please read
https://www.openembedded.org/wiki/How_to_submit_a_patch_to_OpenEmbedded
E-mail meta-arm@lists.yoctoproject.org with patches created using this process. You can configure git-send-email to automatically use this address for the meta-arm repository with the following git command:
$ git config --local --add sendemail.to meta-arm@lists.yoctoproject.org
Commits and patches added should follow the OpenEmbedded patch guidelines:
https://www.openembedded.org/wiki/Commit_Patch_Message_Guidelines
The component being changed in the shortlog should be prefixed with the layer name (without the meta- prefix), for example:
arm-bsp/trusted-firmware-a: decrease frobbing level
arm-toolchain/gcc: enable foobar v2
Releases and Release Schedule
--------------
We follow the Yocto Project release methodology, schedule, and stable/LTS support timelines. For more information on these, please reference:
https://docs.yoctoproject.org/ref-manual/release-process.html
https://wiki.yoctoproject.org/wiki/Releases
https://wiki.yoctoproject.org/wiki/Stable_Release_and_LTS
Reporting bugs
--------------
E-mail meta-arm@lists.yoctoproject.org with the error encountered and the steps
to reproduce the issue.
Maintainer(s)
-------------
* Jon Mason <jon.mason@arm.com>
* Ross Burton <ross.burton@arm.com>
-37
View File
@@ -1,37 +0,0 @@
# Reporting vulnerabilities
Arm takes security issues seriously and welcomes feedback from researchers and
the security community in order to improve the security of its products and
services. We operate a coordinated disclosure policy for disclosing
vulnerabilities and other security issues.
Security issues can be complex and one single timescale doesn't fit all
circumstances. We will make best endeavours to inform you when we expect
security notifications and fixes to be available and facilitate coordinated
disclosure when notifications and patches/mitigations are available.
## How to Report a Potential Vulnerability?
If you would like to report a public issue (for example, one with a released CVE
number), please contact the meta-arm mailing list at
meta-arm@lists.yoctoproject.org and arm-security@arm.com.
If you are dealing with a not-yet released or urgent issue, please send a mail
to the maintainers (see README.md) and arm-security@arm.com, including as much
detail as possible. Encrypted emails using PGP are welcome.
For more information, please visit https://developer.arm.com/support/arm-security-updates/report-security-vulnerabilities.
## Branches maintained with security fixes
meta-arm follows the Yocto release model, so see
[https://wiki.yoctoproject.org/wiki/Stable_Release_and_LTS Stable release and
LTS] for detailed info regarding the policies and maintenance of stable
branches.
The [https://wiki.yoctoproject.org/wiki/Releases Release page] contains a list of all
releases of the Yocto Project. Versions in grey are no longer actively maintained with
security patches, but well-tested patches may still be accepted for them for
significant issues.
+15
View File
@@ -0,0 +1,15 @@
# SPDX-License-Identifier: MIT
#
# Copyright (c) 2019 Arm Limited
#
SUMMARY = "Cramfs XIP image type"
DESCRIPTION = "Cramfs XIP type image to add to IMAGE_TYPES"
LICENSE = "MIT"
inherit image_types
do_image_cramfs_xip[depends] += "cramfs-tools-native:do_populate_sysroot"
IMAGE_TYPES += " cramfs-xip"
IMAGE_CMD_cramfs-xip = "mkcramfs -n ${IMAGE_NAME} -X ${IMAGE_ROOTFS} ${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.cramfs-xip ${EXTRA_IMAGECMD}"
+21
View File
@@ -0,0 +1,21 @@
# SPDX-License-Identifier: MIT
#
# Copyright (c) 2019 Arm Limited
#
# arm has a conf and classes directory, add to BBPATH
BBPATH .= ":${LAYERDIR}"
BBFILES += " \
${LAYERDIR}/recipes-*/*/*.bb \
${LAYERDIR}/recipes-*/*/*.bbappend"
BBFILES += "${@' '.join('${LAYERDIR}/%s/recipes*/*/*.bbappend' % layer \
for layer in BBFILE_COLLECTIONS.split())}"
BBFILE_COLLECTIONS += "arm"
BBFILE_PATTERN_arm := "^${LAYERDIR}/"
BBFILE_PRIORITY_arm = "10"
LAYERSERIES_COMPAT_arm = "warrior"
LAYERDEPENDS_arm = "core"
@@ -0,0 +1,18 @@
# SPDX-License-Identifier: MIT
#
# Copyright (c) 2019 Arm Limited
#
IMAGE_FSTYPES += "tar.bz2 wic cpio.gz"
EXTRA_IMAGEDEPENDS_append = " trusted-firmware-a"
PREFERRED_PROVIDER_u-boot ?= "u-boot"
PREFERRED_PROVIDER_virtual/bootloader ?= "u-boot"
UBOOT_SUFFIX ?= "bin"
UBOOT_MACHINE ?= "vexpress_aemv8a_aarch32_defconfig"
PREFERRED_PROVIDER_virtual/kernel ?= "linux-arm"
SERIAL_CONSOLES = "115200;ttyAMA0"
+8
View File
@@ -0,0 +1,8 @@
# SPDX-License-Identifier: MIT
#
# Copyright (c) 2019 Arm Limited
#
TUNE_FEATURES = "aarch32"
require conf/machine/include/arm/arch-armv8a.inc
+11
View File
@@ -0,0 +1,11 @@
# SPDX-License-Identifier: MIT
#
# Copyright (c) 2019 Arm Limited
#
DEFAULTTUNE="cortexa5"
require conf/machine/include/tune-cortexa5.inc
TF-A_EXTRA_OPTIONS = "ARM_ARCH_MAJOR=7 ARM_CORTEX_A5=yes \
ARM_XLAT_TABLES_LIB_V1=1"
@@ -0,0 +1,61 @@
# SPDX-License-Identifier: MIT
#
# Copyright (c) 2019 Arm Limited
#
SUMMARY = "Trusted Firmware for Cortex-A"
DESCRIPTION = "Trusted Firmware-A"
HOMEPAGE = "https://github.com/ARM-software/arm-trusted-firmware"
LICENSE = "BSD-3-Clause"
TF-A_DEPENDS ?= ""
DEPENDS += " dtc-native coreutils-native"
DEPENDS += " ${TF-A_DEPENDS} "
LIC_FILES_CHKSUM = "file://license.rst;md5=1dd070c98a281d18d9eefd938729b031"
FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
SRCREV = "${AUTOREV}"
SRC_URI = "\
git://github.com/ARM-software/arm-trusted-firmware;protocol=https;nobranch=1 \
"
S = "${WORKDIR}/git"
B = "${WORKDIR}/build"
COMPATIBLE_MACHINE = "(vexpress-a5|vexpress-a32|corstone700|a5ds)"
LDFLAGS[unexport] = "1"
TF-A_PLATFORM ?= "fvp"
TF-A_ARCH ?= "aarch32"
TF-A_DEBUG ?= "1"
TF-A_AARCH32_SP ?= "sp_min"
TF-A_BL33 ?= ""
TF-A_TARGET_IMAGES ?= "all fip"
TF-A_EXTRA_OPTIONS ?= ""
do_compile() {
mkdir -p ${B}
oe_runmake -C ${S} BUILD_BASE=${B} \
BUILD_PLAT=${B}/${TF-A_PLATFORM}/ \
PLAT=${TF-A_PLATFORM} \
DEBUG=${TF-A_DEBUG} \
ARCH=${TF-A_ARCH} \
CROSS_COMPILE=${TARGET_PREFIX} \
AARCH32_SP=${TF-A_AARCH32_SP} \
BL33=${TF-A_BL33} \
${TF-A_EXTRA_OPTIONS} \
${TF-A_TARGET_IMAGES}
}
do_install() {
[ -f ${B}/${TF-A_PLATFORM}/bl1.bin ] && install -D -p -m 0644 ${B}/${TF-A_PLATFORM}/bl1.bin ${DEPLOY_DIR_IMAGE}/bl1.bin
[ -f ${B}/${TF-A_PLATFORM}/bl1/bl1.elf ] && install -D -p -m 0644 ${B}/${TF-A_PLATFORM}/bl1/bl1.elf ${DEPLOY_DIR_IMAGE}/bl1.elf
install -D -p -m 0644 ${B}/${TF-A_PLATFORM}/fip.bin ${DEPLOY_DIR_IMAGE}/${TF-A_PLATFORM}.fip
}
+30
View File
@@ -0,0 +1,30 @@
# SPDX-License-Identifier: MIT
#
# Copyright (c) 2019 Arm Limited
#
SRCREV = "9bed08a2ed8d4915e694e5b4a030bd361b829a52"
LIC_FILES_CHKSUM = "file://Licenses/README;md5=a2c678cfd4a4d97135585cad908541c6"
SRC_URI = "\
git://git.linaro.org/landing-teams/working/arm/u-boot;protocol=https;nobranch=1 \
"
S = "${WORKDIR}/git"
B = "${WORKDIR}/build"
U-BOOT_PLATFORM = "fvp_ve"
FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
COMPATIBLE_MACHINE = "(vexpress-a5|vexpress-a32|a5ds)"
do_compile() {
mkdir -p ${B}
oe_runmake -C ${S} BUILD_BASE=${B} \
BUILD_PLAT=${B}/${PLATFORM}/ \
SUPPORT_ARCH_TIMER=no \
O=${B}
}
@@ -0,0 +1,23 @@
SUMMARY = "Cramfs tools"
DESCRIPTION = "Cramfs tools to create cramfs images with support to XIP"
HOMEPAGE = "https://github.com/npitre/cramfs-tools"
LICENSE = "GPLv2"
LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833"
SRC_URI = "git://github.com/npitre/cramfs-tools;protocol=https;nobranch=1"
SRCREV = "23d032e6e0a973810c6aedf165441592641b60f4"
BBCLASSEXTEND = "native"
S = "${WORKDIR}/git"
do_compile () {
oe_runmake
}
do_install() {
install -d ${D}${bindir}
install ${S}/mkcramfs ${D}${bindir}
install ${S}/cramfsck ${D}${bindir}
}
@@ -0,0 +1,36 @@
# SPDX-License-Identifier: MIT
#
# Copyright (c) 2019 Arm Limited
#
# Recipe for fetching and installing the prebuilt gcc-arm toolchain for
# bare-metal targets.
# Recipe based on the meta-ti layer:
# http://git.yoctoproject.org/cgit/cgit.cgi/meta-ti/tree/recipes-ti/devtools/gcc-arm-none-eabi-native_4.9.2015q3.bb?h=master
#
# Whilst most of the tools built in relies on the linaro-provided
# toolchain, some recipes require the baremetal Arm GCC toolchain. The baremetal
# Arm GCC toolchain is distributed as precompiled binaries. This recipe fetches
# the toolchain and installs it in sysroot.
# Recipes may then 'DEPENDS' on this recipe to fetch the toolchain, making the
# toolchain available in the staging directory of the depending recipe.
GCC_ARM_VERSION = "gcc-arm-none-eabi-7-2018-q2-update"
LICENSE="GPLv3"
LIC_FILES_CHKSUM = "file://share/doc/gcc-arm-none-eabi/license.txt;md5=f77466c63f5787f4bd669c402aabe061"
inherit native
SRC_URI = "https://developer.arm.com/-/media/Files/downloads/gnu-rm/7-2018q2/${GCC_ARM_VERSION}-linux.tar.bz2;name=tc32"
SRC_URI[tc32.md5sum] = "299ebd3f1c2c90930d28ab82e5d8d6c0"
S = "${WORKDIR}/${GCC_ARM_VERSION}"
do_install() {
install -d ${D}${INSTALL_GCC_ARM_NONE_EABI}
cp -r ${S}/. ${D}${INSTALL_GCC_ARM_NONE_EABI}
}
FILES_${PN} = "${INSTALL_GCC_ARM_NONE_EABI}/"
INSANE_SKIP_${PN} = "already-stripped"
+10
View File
@@ -0,0 +1,10 @@
# SPDX-License-Identifier: MIT
#
# Copyright (c) 2019 Arm Limited
#
SRC_URI = "git://git.kernel.org/pub/scm/utils/dtc/dtc.git"
SRCREV = "65cc4d2748a2c2e6f27f1cf39e07a5dbabd80ebf"
LIC_FILES_CHKSUM = "file://GPL;md5=94d55d512a9ba36caa9b7df079bae19f"
@@ -0,0 +1,35 @@
# SPDX-License-Identifier: MIT
#
# Copyright (c) 2019 Arm Limited
#
DESCRIPTION = "Linux Kernel provided and supported by Arm and Linaro with \
focus on vexpress and other Arm models and hardware. Trying to be as much \
as possible close to upstream tree."
SECTION = "kernel"
LICENSE = "GPLv2"
SRCREV_FORMAT = "kernel"
require recipes-kernel/linux/linux-yocto.inc
KERNEL_VERSION_SANITY_SKIP = "1"
S = "${WORKDIR}/git"
COMPATIBLE_MACHINE = "(vexpress-a5|vexpress-a32|corstone700|a5ds)"
# Override do_kernel_configme to avoid kernel being assembled into a linux-yocto style kernel
# https://www.yoctoproject.org/docs/1.8/ref-manual/ref-manual.html#ref-tasks-kernel_configme
do_kernel_configme() {
}
KBRANCH = ""
LINUX_VERSION ?= "5.2"
LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
SRC_URI = "\
git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux;protocol=https;nobranch=1 \
"
SRCREV = "v5.2"
+8
View File
@@ -0,0 +1,8 @@
# SPDX-License-Identifier: MIT
#
# Copyright (c) 2019 Arm Limited
#
SUMMARY = "Linux Kernel provided and supported by Arm/Linaro"
require recipes-kernel/linux/linux-arm-common.inc
-6
View File
@@ -1,6 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 11
includes:
- kas/arm-systemready-firmware.yml
-18
View File
@@ -1,18 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 11
includes:
- kas/arm-systemready-ir-acs.yml
env:
ACS_TEST: "0"
local_conf_header:
testimage: |
TESTIMAGE_AUTO = "${ACS_TEST}"
target:
- arm-systemready-ir-acs
- arm-systemready-linux-distros-debian
- arm-systemready-linux-distros-opensuse
-44
View File
@@ -1,44 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
distro: poky
defaults:
repos:
branch: scarthgap
repos:
meta-arm:
layers:
meta-arm:
meta-arm-bsp:
meta-arm-toolchain:
poky:
url: https://git.yoctoproject.org/poky
layers:
meta:
meta-poky:
env:
BB_LOGCONFIG: ""
TOOLCHAIN_DIR: ""
local_conf_header:
base: |
CONF_VERSION = "2"
setup: |
PACKAGE_CLASSES = "package_ipk"
PACKAGECONFIG:remove:pn-qemu-system-native = "gtk+ sdl"
PACKAGECONFIG:append:pn-perf = " coresight"
INHERIT += "rm_work"
extrapackages: |
CORE_IMAGE_EXTRA_INSTALL += "perf opencsd"
CORE_IMAGE_EXTRA_INSTALL:append:aarch64 = " gator-daemon"
machine: unset
target:
- core-image-sato
-28
View File
@@ -1,28 +0,0 @@
#! /usr/bin/env python3
from pathlib import Path
import sys
from listmachines import list_machines
metaarm = Path.cwd()
if metaarm.name != "meta-arm":
print("Not running inside meta-arm")
sys.exit(1)
# Find all layers
layers = (p.name for p in metaarm.glob("meta-*") if p.is_dir())
# All machine configurations
machines = list_machines(layers)
# All kas files
kas = metaarm.glob("ci/*.yml")
kas = set(p.stem for p in kas)
missing = machines - kas
print(f"The following machines are missing: {', '.join(sorted(missing))}.")
covered = len(machines) - len(missing)
total = len(machines)
percent = int(covered / total * 100)
print(f"Coverage: {percent}%")
-19
View File
@@ -1,19 +0,0 @@
#! /bin/bash
# Expects the path to a log file as $1, and if this file has any content
# then display the contents and exit with an error code.
set -e -u
LOGFILE=$1
LINES=$(grep --invert-match "attempting MIRRORS if available" $LOGFILE | wc -l)
if test "$LINES" -ne 0; then
echo ==============================
echo The build had warnings/errors:
echo ==============================
cat $LOGFILE
exit 1
fi
exit 0
-21
View File
@@ -1,21 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
repos:
meta-clang:
url: https://github.com/kraj/meta-clang
local_conf_header:
toolchain: |
TOOLCHAIN = "clang"
PREFERRED_PROVIDER_llvm = "clang"
PREFERRED_PROVIDER_llvm-native = "clang-native"
PREFERRED_PROVIDER_nativesdk-llvm = "nativesdk-clang"
PROVIDES:pn-clang = "llvm"
PROVIDES:pn-clang-native = "llvm-native"
PROVIDES:pn-nativesdk-clang = "nativesdk-llvm"
# This is needed to stop bitbake getting confused about what clang/llvm is
# being used, see https://github.com/kraj/meta-clang/pull/766
BBMASK += "/meta/recipes-devtools/llvm/llvm.*\.bb"
-13
View File
@@ -1,13 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
includes:
- ci/base.yml
- ci/meta-openembedded.yml
- ci/meta-secure-core.yml
- kas/corstone1000-image-configuration.yml
target:
- core-image-minimal
- perf
-10
View File
@@ -1,10 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
includes:
- kas/corstone1000-firmware-only.yml
target:
- corstone1000-flash-firmware-image
- perf
-9
View File
@@ -1,9 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
includes:
- ci/corstone1000-common.yml
- ci/fvp.yml
machine: corstone1000-fvp
-8
View File
@@ -1,8 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
includes:
- ci/corstone1000-common.yml
machine: corstone1000-mps3
-21
View File
@@ -1,21 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
local_conf_header:
cve: |
INHERIT += "cve-check"
# Allow the runner environment to provide an API key
NVDCVE_API_KEY = "${@d.getVar('BB_ORIGENV').getVar('NVDCVE_API_KEY') or ''}"
# Just show the warnings for our layers
CVE_CHECK_SHOW_WARNINGS = "0"
CVE_CHECK_SHOW_WARNINGS:layer-arm-toolchain = "1"
CVE_CHECK_SHOW_WARNINGS:layer-meta-arm = "1"
CVE_CHECK_SHOW_WARNINGS:layer-meta-arm-bsp = "1"
CVE_CHECK_SHOW_WARNINGS:layer-meta-arm-systemready = "1"
# Ignore the kernel, we sometime carry kernels in meta-arm
CVE_CHECK_SHOW_WARNINGS:pn-linux-yocto = "0"
-9
View File
@@ -1,9 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
# Add universally helpful features when testing boards
local_conf_header:
debug: |
EXTRA_IMAGE_FEATURES:append = " debug-tweaks"
-31
View File
@@ -1,31 +0,0 @@
#! /usr/bin/env python3
"""
Download the lockfile.yml produced by a CI pipeline, specified by the GitLab
server, full name of the meta-arm project, and the refspec that was executed.
For example,
$ ./download-lockfile.py https://gitlab.com/ rossburton/meta-arm master
SPDX-FileCopyrightText: Copyright 2023 Arm Limited and Contributors
SPDX-License-Identifier: GPL-2.0-only
"""
import argparse
import gitlab
import io
import zipfile
parser = argparse.ArgumentParser()
parser.add_argument("server", help="GitLab server name")
parser.add_argument("project", help="meta-arm project name")
parser.add_argument("refspec", help="Branch/commit")
args = parser.parse_args()
gl = gitlab.Gitlab(args.server)
project = gl.projects.get(args.project)
artefact = project.artifacts.download(ref_name=args.refspec, job="update-repos")
z = zipfile.ZipFile(io.BytesIO(artefact))
z.extract("lockfile.yml")
print("Fetched lockfile.yml")
-19
View File
@@ -1,19 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
local_conf_header:
bootfirmware: |
PREFERRED_PROVIDER_virtual/bootloader = "edk2-firmware"
MACHINE_FEATURES += "efi"
TFA_UBOOT = "0"
TFA_UEFI = "1"
EXTRA_IMAGEDEPENDS += "edk2-firmware"
EFI_PROVIDER ?= "grub-efi"
QB_DEFAULT_BIOS = "QEMU_EFI.fd"
WKS_FILE ?= "efi-disk.wks.in"
failing_tests: |
TEST_SUITES:remove = "xorg"
-13
View File
@@ -1,13 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
local_conf_header:
cc: |
SKIP_RECIPE[gcc-cross-arm] = "Using external toolchain"
TCMODE = "external-arm"
EXTERNAL_TOOLCHAIN = "${TOPDIR}/toolchains/${TARGET_ARCH}"
# Disable ptest as this pulls target compilers, which don't
# work with external toolchain currently
DISTRO_FEATURES:remove = "ptest"
-34
View File
@@ -1,34 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
includes:
- ci/fvp-base.yml
- ci/meta-openembedded.yml
- ci/testimage.yml
local_conf_header:
trusted_services: |
# Enable the needed test suites
TEST_SUITES = " ping ssh trusted_services"
# Include all Secure Partitions into the image
MACHINE_FEATURES:append = " arm-ffa ts-crypto ts-storage ts-its"
MACHINE_FEATURES:append = " ts-attestation ts-smm-gateway optee-spmc-test"
MACHINE_FEATURES:append = " ts-block-storage ts-fwu"
# Include TS demo/test tools into image
IMAGE_INSTALL:append = " packagegroup-ts-tests"
# Include TS PSA Arch tests into image
IMAGE_INSTALL:append = " packagegroup-ts-tests-psa"
CORE_IMAGE_EXTRA_INSTALL += "optee-test"
# Set the TS environment
TS_ENV="sp"
# Enable and configure semihosting
FVP_CONFIG[cluster0.cpu0.semihosting-cwd] = "${DEPLOY_DIR_IMAGE}"
FVP_CONFIG[cluster0.cpu1.semihosting-cwd] = "${DEPLOY_DIR_IMAGE}"
FVP_CONFIG[cluster0.cpu2.semihosting-cwd] = "${DEPLOY_DIR_IMAGE}"
FVP_CONFIG[cluster0.cpu3.semihosting-cwd] = "${DEPLOY_DIR_IMAGE}"
FVP_CONFIG[cluster1.cpu0.semihosting-cwd] = "${DEPLOY_DIR_IMAGE}"
FVP_CONFIG[cluster1.cpu1.semihosting-cwd] = "${DEPLOY_DIR_IMAGE}"
FVP_CONFIG[cluster1.cpu2.semihosting-cwd] = "${DEPLOY_DIR_IMAGE}"
FVP_CONFIG[cluster1.cpu3.semihosting-cwd] = "${DEPLOY_DIR_IMAGE}"
FVP_CONFIG[semihosting-enable] = "True"
-13
View File
@@ -1,13 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
includes:
- ci/base.yml
- ci/fvp.yml
machine: fvp-base
target:
- core-image-sato
- boot-wrapper-aarch64
-14
View File
@@ -1,14 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
local_conf_header:
testimagefvp: |
LICENSE_FLAGS_ACCEPTED += "Arm-FVP-EULA"
IMAGE_CLASSES += "fvpboot"
failing_tests: |
# This fails but we can't add to the ignorelist from meta-arm yet
# https://bugzilla.yoctoproject.org/show_bug.cgi?id=14604
TEST_SUITES:remove = "parselogs"
TEST_SUITES:remove = "xorg"
-26
View File
@@ -1,26 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
# Simple target to build the FVPs that are publically available
header:
version: 14
includes:
- ci/base.yml
machine: qemuarm64
local_conf_header:
license: |
LICENSE_FLAGS_ACCEPTED += "Arm-FVP-EULA"
sdk: |
SDKMACHINE = "x86_64"
target:
# Target packages to test aarch64
- fvp-base-a-aem
- fvp-corstone1000
# Nativesdk to test x86-64
- nativesdk-fvp-base-a-aem
- nativesdk-fvp-corstone1000
- nativesdk-fvp-n1-edge
- nativesdk-fvp-sgi575
-9
View File
@@ -1,9 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
#NOTE: This is the default for poky. This is only being added for completeness/clarity
local_conf_header:
toolchain: |
TOOLCHAIN = "gcc"
-18
View File
@@ -1,18 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
includes:
- ci/base.yml
repos:
poky:
layers:
meta-yocto-bsp:
local_conf_header:
bootloader: |
# If running genericarm64 in a qemu we need to manually build the bootloader
EXTRA_IMAGEDEPENDS += "virtual/bootloader"
machine: genericarm64
-51
View File
@@ -1,51 +0,0 @@
#!/bin/bash
set -u -e
BASENAME=arm-gnu-toolchain
VER=${VER:-13.2.Rel1}
HOST_ARCH=${HOST_ARCH:-$(uname -m)}
# Use the standard kas container locations if nothing is passed into the script
DOWNLOAD_DIR="${1:-/builds/persist/downloads/}"
TOOLCHAIN_DIR="${2:-/builds/persist//toolchains/}"
TOOLCHAIN_LINK_DIR="${3:-build/toolchains/}"
# These should be already created by .gitlab-ci.yml, but do here if run outside of that env
mkdir -p $DOWNLOAD_DIR $TOOLCHAIN_DIR $TOOLCHAIN_LINK_DIR
download() {
TRIPLE=$1
URL=https://developer.arm.com/-/media/Files/downloads/gnu/$VER/binrel/$BASENAME-$VER-$HOST_ARCH-$TRIPLE.tar.xz
wget -P $DOWNLOAD_DIR -nc $URL
}
if [ $HOST_ARCH = "aarch64" ]; then
# AArch64 Linux hosted cross compilers
# AArch32 target with hard float
download arm-none-linux-gnueabihf
elif [ $HOST_ARCH = "x86_64" ]; then
# x86_64 Linux hosted cross compilers
# AArch32 target with hard float
download arm-none-linux-gnueabihf
# AArch64 GNU/Linux target
download aarch64-none-linux-gnu
else
echo "ERROR - Unknown build arch of $HOST_ARCH"
exit 1
fi
for i in arm aarch64; do
if [ ! -d $TOOLCHAIN_DIR/$BASENAME-$VER-$HOST_ARCH-$i-none-linux-gnu*/ ]; then
if [ ! -f $DOWNLOAD_DIR/$BASENAME-$VER-$HOST_ARCH-$i-none-linux-gnu*.tar.xz ]; then
continue
fi
tar -C $TOOLCHAIN_DIR -axvf $DOWNLOAD_DIR/$BASENAME-$VER-$HOST_ARCH-$i-none-linux-gnu*.tar.xz
fi
# Setup a link for the toolchain to use local to the building machine (e.g., not in a shared location)
ln -s $TOOLCHAIN_DIR/$BASENAME-$VER-$HOST_ARCH-$i-none-linux-gnu* $TOOLCHAIN_LINK_DIR/$i
done
-9
View File
@@ -1,9 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
#NOTE: This is the default for poky. This is only being added for completeness/clarity
local_conf_header:
libc: |
TCLIBC = "glibc"
-43
View File
@@ -1,43 +0,0 @@
#! /bin/bash
# This script is expecting an input of machine name, optionally followed by a
# colon and a list of one or more parameters separated by commas between
# brackets. For example, the following are acceptable:
# corstone1000-mps3
# fvp-base: [testimage]
# qemuarm64-secureboot: [clang, glibc, testimage]
# This argument should be quoted to avoid expansion and to be handled
# as a single value.
#
# Any further arguments will be handled as further yml file basenames.
#
# Turn this list into a series of yml files separated by colons to pass to kas
set -e -u
# First, parse the GitLab CI job name (CI_JOB_NAME via $1) and accumulate a list
# of Kas files.
JOBNAME="$1"
shift
# The base name of the job
FILES="ci/$(echo $JOBNAME | cut -d ':' -f 1).yml"
# The list of matrix variations
for i in $(echo $JOBNAME | cut -s -d ':' -f 2 | sed 's/[][,]//g'); do
# Given that there are no yml files for gcc or glibc, as those are the
# defaults, we can simply ignore those parameters. They are necessary
# to pass in so that matrix can correctly setup all of the permutations
# of each individual run.
if [[ $i == 'none' ]]; then
continue
fi
FILES+=":ci/$i.yml"
done
# Now pick up any further names
for i in $*; do
FILES+=":ci/$i.yml"
done
echo $FILES
-8
View File
@@ -1,8 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
includes:
- ci/base.yml
machine: juno
-8
View File
@@ -1,8 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
local_conf_header:
kernel: |
PREFERRED_PROVIDER_virtual/kernel = "linux-yocto-dev"
-8
View File
@@ -1,8 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
local_conf_header:
kernel: |
PREFERRED_PROVIDER_virtual/kernel = "linux-yocto-rt"
-9
View File
@@ -1,9 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
#NOTE: This is the default for poky. This is only being added for completeness/clarity
local_conf_header:
kernel: |
PREFERRED_PROVIDER_virtual/kernel = "linux-yocto"
-29
View File
@@ -1,29 +0,0 @@
#! /usr/bin/env python3
import pathlib
import typing
import sys
"""
List all of the machines available under the listed sub-layers of meta-arm.
"""
def list_machines(layers: typing.Sequence[str]) -> typing.Set[str]:
machines = set()
# We know we're in meta-arm/scripts, so find the top-level directory
metaarm = pathlib.Path(__file__).resolve().parent.parent
if metaarm.name != "meta-arm":
raise Exception("Not running inside meta-arm")
for layer in layers:
machines |= set(p.stem for p in (metaarm / layer / "conf" / "machine").glob("*.conf"))
return machines
if __name__ == "__main__":
if len(sys.argv) > 1:
machines = list_machines(sys.argv[1:])
print(" ".join(sorted(machines)))
sys.exit(0)
else:
print("Usage:\n$ %s [layer name ...] " % sys.argv[0])
sys.exit(1)
-13
View File
@@ -1,13 +0,0 @@
# Python logging configuration to write all warnings to a separate file
version: 1
handlers:
warnings:
class: logging.FileHandler
level: WARNING
filename: warnings.log
formatter: BitBake.logfileFormatter
loggers:
BitBake:
handlers: [warnings]
-14
View File
@@ -1,14 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
repos:
meta-openembedded:
url: https://git.openembedded.org/meta-openembedded
layers:
meta-filesystems:
meta-networking:
meta-oe:
meta-python:
meta-perl:
-13
View File
@@ -1,13 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
repos:
meta-secure-core:
url: https://github.com/Wind-River/meta-secure-core.git
layers:
meta-secure-core-common:
meta-signing-key:
meta-efi-secure-boot:
-10
View File
@@ -1,10 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
includes:
- ci/meta-openembedded.yml
repos:
meta-virtualization:
url: https://git.yoctoproject.org/meta-virtualization
-12
View File
@@ -1,12 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
includes:
- ci/base.yml
- ci/meta-openembedded.yml
machine: musca-b1
target:
- trusted-firmware-m
-12
View File
@@ -1,12 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
includes:
- ci/base.yml
- ci/meta-openembedded.yml
machine: musca-s1
target:
- trusted-firmware-m
-8
View File
@@ -1,8 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
local_conf_header:
libc: |
TCLIBC = "musl"
-14
View File
@@ -1,14 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
# Config specific for the optee-xtests
local_conf_header:
optee-test: |
# Include ARM FFA
MACHINE_FEATURES:append = " arm-ffa"
# Include trusted services
TEST_SUITES:append = " trusted_services"
# Include Optee xtests
IMAGE_INSTALL:append = " optee-test"
-16
View File
@@ -1,16 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
includes:
- ci/meta-openembedded.yml
local_conf_header:
trusted_services: |
TEST_SUITES:append = " trusted_services"
# Include TS Crypto, TS Protected Storage, TS Internal and Trusted Storage SPs into optee-os image
MACHINE_FEATURES:append = " arm-ffa ts-crypto ts-storage ts-its"
# Include TS demo/test tools into image
IMAGE_INSTALL:append = " packagegroup-ts-tests"
# Include TS PSA Arch tests into image
IMAGE_INSTALL:append = " packagegroup-ts-tests-psa"
-12
View File
@@ -1,12 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
includes:
- ci/base.yml
machine: n1sdp
local_conf_header:
unsupported_trusted_services: |
MACHINE_FEATURES:remove = "ts-smm-gateway"
-286
View File
@@ -1,286 +0,0 @@
#! /usr/bin/env python3
#
# SPDX-License-Identifier: GPL-2.0-only
#
# TODO
# - option to just list all broken files
# - test suite
# - validate signed-off-by
import argparse
import collections
import json
import os
import re
import subprocess
status_values = (
"accepted",
"pending",
"inappropriate",
"backport",
"submitted",
"denied",
)
class PatchResult:
# Whether the patch has an Upstream-Status or not
missing_upstream_status = False
# If the Upstream-Status tag is malformed in some way (string for bad bit)
malformed_upstream_status = None
# If the Upstream-Status value is unknown (boolean)
unknown_upstream_status = False
# The upstream status value (Pending, etc)
upstream_status = None
# Whether the patch has a Signed-off-by or not
missing_sob = False
# Whether the Signed-off-by tag is malformed in some way
malformed_sob = False
# The Signed-off-by tag value
sob = None
# Whether a patch looks like a CVE but doesn't have a CVE tag
missing_cve = False
class Summary:
total = 0
cve_missing = 0
sob_missing = 0
sob_malformed = 0
status_missing = 0
status_malformed = 0
status_pending = 0
def blame_patch(patch):
"""
From a patch filename, return a list of "commit summary (author name <author
email>)" strings representing the history.
"""
return subprocess.check_output(("git", "log",
"--follow", "--find-renames", "--diff-filter=A",
"--format=%s (%aN <%aE>)",
"--", patch)).decode("utf-8").splitlines()
def patchreview(patches):
# General pattern: start of line, optional whitespace, tag with optional
# hyphen or spaces, maybe a colon, some whitespace, then the value, all case
# insensitive.
sob_re = re.compile(r"^[\t ]*(Signed[-_ ]off[-_ ]by:?)[\t ]*(.+)", re.IGNORECASE | re.MULTILINE)
status_re = re.compile(r"^[\t ]*(Upstream[-_ ]Status:?)[\t ]*(\w*)", re.IGNORECASE | re.MULTILINE)
cve_tag_re = re.compile(r"^[\t ]*(CVE:)[\t ]*(.*)", re.IGNORECASE | re.MULTILINE)
cve_re = re.compile(r"cve-[0-9]{4}-[0-9]{4,6}", re.IGNORECASE)
results = {}
for patch in patches:
result = PatchResult()
results[patch] = result
content = open(patch, encoding="ascii", errors="ignore").read()
# Find the Signed-off-by tag
match = sob_re.search(content)
if match:
value = match.group(1)
if value != "Signed-off-by:":
result.malformed_sob = value
result.sob = match.group(2)
else:
result.missing_sob = True
# Find the Upstream-Status tag
match = status_re.search(content)
if match:
value = match.group(1)
if value != "Upstream-Status:":
result.malformed_upstream_status = value
value = match.group(2).lower()
# TODO: check case
if value not in status_values:
result.unknown_upstream_status = True
result.upstream_status = value
else:
result.missing_upstream_status = True
# Check that patches which looks like CVEs have CVE tags
if cve_re.search(patch) or cve_re.search(content):
if not cve_tag_re.search(content):
result.missing_cve = True
# TODO: extract CVE list
return results
def analyse(results, want_blame=False, verbose=True):
"""
want_blame: display blame data for each malformed patch
verbose: display per-file results instead of just summary
"""
# want_blame requires verbose, so disable blame if we're not verbose
if want_blame and not verbose:
want_blame = False
summary = Summary()
for patch in sorted(results):
r = results[patch]
summary.total += 1
need_blame = False
# Build statistics
if r.missing_sob:
summary.sob_missing += 1
if r.malformed_sob:
summary.sob_malformed += 1
if r.missing_upstream_status:
summary.status_missing += 1
if r.malformed_upstream_status or r.unknown_upstream_status:
summary.status_malformed += 1
# Count patches with no status as pending
summary.status_pending += 1
if r.missing_cve:
summary.cve_missing += 1
if r.upstream_status == "pending":
summary.status_pending += 1
# Output warnings
if r.missing_sob:
need_blame = True
if verbose:
print("Missing Signed-off-by tag (%s)" % patch)
if r.malformed_sob:
need_blame = True
if verbose:
print("Malformed Signed-off-by '%s' (%s)" % (r.malformed_sob, patch))
if r.missing_cve:
need_blame = True
if verbose:
print("Missing CVE tag (%s)" % patch)
if r.missing_upstream_status:
need_blame = True
if verbose:
print("Missing Upstream-Status tag (%s)" % patch)
if r.malformed_upstream_status:
need_blame = True
if verbose:
print("Malformed Upstream-Status '%s' (%s)" % (r.malformed_upstream_status, patch))
if r.unknown_upstream_status:
need_blame = True
if verbose:
print("Unknown Upstream-Status value '%s' (%s)" % (r.upstream_status, patch))
if want_blame and need_blame:
print("\n".join(blame_patch(patch)) + "\n")
return summary
def display_summary(summary, verbose):
def percent(num):
try:
return "%d (%d%%)" % (num, round(num * 100.0 / summary.total))
except ZeroDivisionError:
return "N/A"
if verbose:
print()
print("""Total patches found: %d
Patches missing Signed-off-by: %s
Patches with malformed Signed-off-by: %s
Patches missing CVE: %s
Patches missing Upstream-Status: %s
Patches with malformed Upstream-Status: %s
Patches in Pending state: %s""" % (summary.total,
percent(summary.sob_missing),
percent(summary.sob_malformed),
percent(summary.cve_missing),
percent(summary.status_missing),
percent(summary.status_malformed),
percent(summary.status_pending)))
def generate_metrics(summary, output):
# https://github.com/OpenObservability/OpenMetrics/blob/main/specification/OpenMetrics.md
# Summary attribute name, MetricPoint help
mapping = (
("total", "Total patches"),
("cve_missing", "Patches missing CVE tag"),
("sob_malformed", "Patches with malformed Signed-off-by"),
("sob_missing", "Patches with missing Signed-off-by"),
("status_malformed", "Patches with malformed Upstream-Status"),
("status_missing", "Patches with missing Upstream-Status"),
("status_pending", "Patches with Pending Upstream-Status")
)
for attr, help in mapping:
metric = f"patch_check_{attr}"
value = getattr(summary, attr)
output.write(f"""
# TYPE {metric} gauge
# HELP {help}
{metric} {value}
""")
output.write("\n# EOF\n")
def histogram(results):
import math
from toolz import dicttoolz, recipes
counts = recipes.countby(lambda r: r.upstream_status, results.values())
bars = dicttoolz.valmap(lambda v: "#" * int(math.ceil(float(v) / len(results) * 100)), counts)
for k in bars:
print("%-20s %s (%d)" % (k.capitalize() if k else "No status", bars[k], counts[k]))
def gather_patches(directories):
patches = []
for directory in directories:
filenames = subprocess.check_output(("git", "-C", directory, "ls-files", "recipes-*/**/*.patch", "recipes-*/**/*.diff")).decode("utf-8").split()
patches += [os.path.join(directory, f) for f in filenames]
return patches
if __name__ == "__main__":
args = argparse.ArgumentParser(description="Patch Review Tool")
args.add_argument("-b", "--blame", action="store_true", help="show blame for malformed patches")
args.add_argument("-v", "--verbose", action="store_true", help="show per-patch results")
args.add_argument("-g", "--histogram", action="store_true", help="show patch histogram")
args.add_argument("-j", "--json", help="update JSON")
args.add_argument("-m", "--metrics", type=argparse.FileType('w'), help="write OpenMetrics")
args.add_argument("dirs", metavar="DIRECTORY", nargs="+", help="directory to scan")
args = args.parse_args()
patches = gather_patches(args.dirs)
results = patchreview(patches)
summary = analyse(results, want_blame=args.blame, verbose=args.verbose)
display_summary(summary, verbose=args.verbose)
if args.json:
if os.path.isfile(args.json):
data = json.load(open(args.json))
else:
data = []
row = collections.Counter()
row["total"] = len(results)
row["date"] = subprocess.check_output(["git", "-C", args.dirs[0], "show", "-s", "--pretty=format:%cd", "--date=format:%s"]).decode("utf-8").strip()
for r in results.values():
if r.upstream_status in status_values:
row[r.upstream_status] += 1
if r.malformed_upstream_status or r.missing_upstream_status:
row["malformed-upstream-status"] += 1
if r.malformed_sob or r.missing_sob:
row["malformed-sob"] += 1
data.append(row)
json.dump(data, open(args.json, "w"))
if args.metrics:
generate_metrics(summary, args.metrics)
if args.histogram:
print()
histogram(results)
-16
View File
@@ -1,16 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
distro: poky-tiny
local_conf_header:
hacking: |
TEST_SUITES = "_qemutiny ping"
extrapackages: |
# Intentionally blank to prevent perf from being added to the image in base.yml
target:
- core-image-minimal
- perf
-6
View File
@@ -1,6 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
distro: poky
-16
View File
@@ -1,16 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
includes:
- ci/base.yml
machine: qemuarm-secureboot
target:
- core-image-base
local_conf_header:
optee: |
IMAGE_INSTALL:append = " optee-test optee-client optee-os-ta"
TEST_SUITES:append = " optee ftpm"
-8
View File
@@ -1,8 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
includes:
- ci/base.yml
machine: qemuarm
-16
View File
@@ -1,16 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
includes:
- ci/meta-openembedded.yml
local_conf_header:
trusted_services: |
TEST_SUITES:append = " trusted_services"
# Include TS Crypto, TS Protected Storage, TS Internal Trusted Storage and SMM-Gateway SPs into optee-os image
MACHINE_FEATURES:append = " arm-ffa ts-crypto ts-storage ts-its ts-smm-gateway"
# Include TS demo/test tools into image
IMAGE_INSTALL:append = " packagegroup-ts-tests"
# Include TS PSA Arch tests into image
IMAGE_INSTALL:append = " packagegroup-ts-tests-psa"
-16
View File
@@ -1,16 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
includes:
- ci/base.yml
machine: qemuarm64-secureboot
target:
- core-image-base
local_conf_header:
optee: |
IMAGE_INSTALL:append = " optee-test optee-client optee-os-ta"
TEST_SUITES:append = " optee ftpm"
-8
View File
@@ -1,8 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
includes:
- ci/base.yml
machine: qemuarm64
-8
View File
@@ -1,8 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
includes:
- ci/base.yml
machine: qemuarmv5
-12
View File
@@ -1,12 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
includes:
- ci/base.yml
machine: sbsa-ref
target:
- core-image-sato
- sbsa-acs
-9
View File
@@ -1,9 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
local_conf_header:
setup: |
BB_LOGCONFIG = ""
SANITY_TESTED_DISTROS = ""
-8
View File
@@ -1,8 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
includes:
- ci/base.yml
machine: sgi575
-11
View File
@@ -1,11 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
local_conf_header:
sstate_mirror: |
BB_HASHSERVE_UPSTREAM = "wss://hashserv.yoctoproject.org/ws"
SSTATE_MIRRORS = "file://.* http://cdn.jsdelivr.net/yocto/sstate/all/PATH;downloadfilename=PATH"
BB_HASHSERVE = "auto"
BB_SIGNATURE_HANDLER = "OEEquivHash"
-21
View File
@@ -1,21 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
includes:
- ci/debug.yml
local_conf_header:
testimage: |
IMAGE_CLASSES += "testimage"
TESTIMAGE_AUTO = "1"
kvm: |
QEMU_USE_KVM = ""
slirp: |
TEST_RUNQEMUPARAMS = "slirp"
sshd: |
IMAGE_FEATURES += "ssh-server-dropbear"
sshkeys: |
CORE_IMAGE_EXTRA_INSTALL += "ssh-pregen-hostkeys"
universally_failing_tests: |
TEST_SUITES:remove = "opkg"
-10
View File
@@ -1,10 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
local_conf_header:
tftf: |
TFA_UBOOT = "0"
TFA_UEFI = "0"
TFTF_TESTS = "1"
-20
View File
@@ -1,20 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
includes:
- ci/base.yml
# Target is arm64 and SDK is x86-64 to ensure that we exercise both
# architectures
machine: qemuarm64
local_conf_header:
toolchains: |
SDKMACHINE = "x86_64"
target:
- gcc-aarch64-none-elf
- nativesdk-gcc-aarch64-none-elf
- gcc-arm-none-eabi
- nativesdk-gcc-arm-none-eabi
-10
View File
@@ -1,10 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
local_conf_header:
bootfirmware: |
PREFERRED_PROVIDER_virtual/bootloader = "u-boot"
TFA_UBOOT = "1"
TFA_UEFI = "0"
-56
View File
@@ -1,56 +0,0 @@
#! /usr/bin/env python3
# Update clones of the repositories we need in KAS_REPO_REF_DIR to speed up fetches
import sys
import os
import shutil
import subprocess
import pathlib
def repo_shortname(url):
# Taken from Kas (Repo.__getattr__) to ensure the logic is right
from urllib.parse import urlparse
url = urlparse(url)
return ('{url.netloc}{url.path}'
.format(url=url)
.replace('@', '.')
.replace(':', '.')
.replace('/', '.')
.replace('*', '.'))
repositories = (
"https://git.yoctoproject.org/poky",
"https://git.openembedded.org/meta-openembedded",
"https://git.yoctoproject.org/meta-virtualization",
"https://github.com/kraj/meta-clang",
)
if __name__ == "__main__":
if "KAS_REPO_REF_DIR" not in os.environ:
print("KAS_REPO_REF_DIR needs to be set")
sys.exit(1)
base_repodir = pathlib.Path(os.environ["KAS_REPO_REF_DIR"])
failed = False
for repo in repositories:
repodir = base_repodir / repo_shortname(repo)
if "CI_CLEAN_REPOS" in os.environ:
print("Cleaning %s..." % repo)
shutil.rmtree(repodir, ignore_errors=True)
if repodir.exists():
try:
print("Updating %s..." % repo)
subprocess.run(["git", "-C", repodir, "-c", "gc.autoDetach=false", "fetch"], check=True)
except subprocess.CalledProcessError as e:
print(e)
failed = True
else:
print("Cloning %s..." % repo)
subprocess.run(["git", "clone", "--bare", repo, repodir], check=True)
if failed:
sys.exit(128)
-13
View File
@@ -1,13 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
includes:
- ci/meta-virtualization.yml
local_conf_header:
meta-virt: |
DISTRO_FEATURES:append = " virtualization xen"
target:
- xen-image-minimal
-49
View File
@@ -1,49 +0,0 @@
# OEQA on Arm FVPs
OE-Core's [oeqa][OEQA] framework provides a method of performing runtime tests on machines using the `testimage` Yocto task. meta-arm has good support for writing test cases against [Arm FVPs][FVP], meaning the [runfvp][RUNFVP] boot configuration can be re-used.
Tests can be configured to run automatically post-build by setting the variable `TESTIMAGE_AUTO="1"`, e.g. in your Kas file or local.conf.
meta-arm provides the OEFVPTarget which must be set up in the machine configuration:
```
TEST_TARGET = "OEFVPTarget"
TEST_SERVER_IP = "127.0.0.1"
TEST_TARGET_IP = "127.0.0.1:2222"
IMAGE_FEATURES:append = " ssh-server-dropbear"
FVP_CONFIG[bp.virtio_net.hostbridge.userNetPorts] ?= "2222=22"
FVP_CONSOLES[default] = "terminal_0"
FVP_CONSOLES[tf-a] = "s_terminal_0"
```
The test target also generates a log file with the prefix 'fvp_log' in the image recipe's `${WORKDIR}/testimage` containing the FVP's stdout.
OEFVPTarget supports two different test interfaces - SSH and pexpect.
## SSH
As in OEQA in OE-core, tests cases can run commands on the machine using SSH. It therefore requires that an SSH server is installed in the image.
This uses the `run` method on the target, e.g:
```
(status, output) = self.target.run('uname -a')
```
which executes a single command on the target (using `ssh -c`) and returns the status code and the output. It is therefore useful for running tests in a Linux environment.
For examples of test cases, see meta/lib/oeqa/runtime/cases in OE-Core. The majority of test cases depend on `ssh.SSHTest.test_ssh`, which first validates that the SSH connection is functioning.
## pexpect
To support firmware and baremetal testing, OEFVPTarget also allows test cases to make assertions against one or more consoles using the pexpect library.
Internally, this test target launches a [Pexpect][PEXPECT] instance for each entry in FVP_CONSOLES which can be used with the provided alias. The whole Pexpect API is exposed on the target, where the alias is always passed as the first argument, e.g.:
```
self.target.expect('default', r'root@.*\:~#', timeout=30)
self.assertNotIn(b'ERROR:', self.target.before('tf-a'))
```
For an example of a full test case, see meta-arm/lib/oeqa/runtime/cases/linuxboot.py This test case can be used to minimally verify that a machine boots to a Linux shell. The default timeout is 10 minutes, but this can be configured with the variable TEST_FVP_LINUX_BOOT_TIMEOUT, which expects a value in seconds.
[OEQA]: https://docs.yoctoproject.org/test-manual/intro.html
[FVP]: https://developer.arm.com/tools-and-software/simulation-models/fixed-virtual-platforms
[RUNFVP]: runfvp.md
[PEXPECT]: https://pexpect.readthedocs.io/en/stable/overview.html
-131
View File
@@ -1,131 +0,0 @@
# Running Images with a FVP
The `runfvp` tool in meta-arm makes it easy to run Yocto Project disk images inside a [Fixed Virtual Platform (FVP)][FVP]. Some FVPs, such as the [Arm Architecture Models][AEM], are available free to download, but others need registration or are only available commercially. The `fvp-base` machine in meta-arm-bsp uses one of these AEM models.
## Running images with `runfvp`
To build images with the FVP integration, the `fvpboot` class needs to be inherited. If the machine does not do this explicitly it can be done in `local.conf`:
```
INHERIT += "fvpboot"
```
The class will download the correct FVP and write a `.fvpconf` configuration file when an image is built.
To run an image in a FVP, pass either a machine name or a `.fvpconf` path to `runfvp`.
```
$ ./meta-arm/scripts/runfvp tmp/deploy/images/fvp-base/core-image-minimal-fvp-base.fvpconf
```
When a machine name is passed, `runfvp` will start the latest image that has been built for that machine. This requires that the BitBake environment has been initialized (using `oe-init-build-env` or similar) as it will start BitBake to determine where the images are.
```
$ ./meta-arm/scripts/runfvp fvp-base
```
Note that currently meta-arm's `scripts` directory isn't in `PATH`, so a full path needs to be used.
`runfvp` will automatically start terminals connected to each of the serial ports that the machine specifies. This can be controlled by using the `--terminals` option, for example `--terminals=none` will mean no terminals are started, and `--terminals=tmux` will start the terminals in [`tmux`][tmux] sessions. Alternatively, passing `--console` will connect the serial port directly to the current session, without needing to open further windows.
The default terminal can also be configured by writing a [INI-style][INI] configuration file to `~/.config/runfvp.conf`:
```
[RunFVP]
Terminal=tmux
```
Arbitrary options can be passed directly to the FVP by specifying them after a double dash, for example this will list all of the FVP parameters:
```
$ runfvp fvp-base -- --list-params
```
## Configuring machines with `fvpboot`
To configure a machine so that it can be ran inside `runfvp`, a number of variables need to be set in the machine configuration file (such as `meta-arm-bsp/conf/machine/fvp-base.conf`).
Note that at present these variables are not stable and their behaviour may be changed in the future.
### `FVP_EXE`
The name of the FVP binary itself, for example `fvp-base` uses `FVP_Base_RevC-2xAEMvA`.
### `FVP_PROVIDER`
The name of the recipe that provides the FVP executable set in `FVP_EXE`, for example `fvp-base` uses `fvp-base-a-aem-native`. This *must* be a `-native` recipe as the binary will be executed on the build host.
There are recipes for common FVPs in meta-arm already, and writing new recipes is trivial. For FVPs which are free to download `fvp-base-a-aem.bb` is a good example. Some FVPs must be downloaded separately as they need an account on Arm's website.
If `FVP_PROVIDER` is not set then it is assumed that `FVP_EXE` is installed on the host already.
### `FVP_CONFIG`
Parameters passed to the FVP with the `--parameter`/`-C` option. These are expressed as variable flags so individual parameters can be altered easily. For example:
```
FVP_CONFIG[bp.flashloader0.fname] = "fip-fvp.bin"
```
### `FVP_DATA`
Specify raw data to load at the specified address, passed to the FVP with the `--data` option. This is a space-separated list of parameters in the format `[INST=]FILE@[MEMSPACE:]ADDRESS`. For example:
```
FVP_DATA = "cluster0.cpu0=Image@0x80080000 \
cluster0.cpu0=fvp-base-revc.dtb@0x83000000"
```
### `FVP_APPLICATIONS`
Applications to load on the cores, passed to the FVP with the `--application` option. These are expressed as variable flags with the flag name being the instance and flag value the filename, for example:
```
FVP_APPLICATIONS[cluster0] = "linux-system.axf"
```
Note that symbols are not allowed in flag names, so if you need to use a wildcard in the instance then you'll need to use `FVP_EXTRA_ARGS` and `--application` directly.
### `FVP_TERMINALS`
Map hardware serial ports to abstract names. For example the `FVP_Base_RevC-2xAEMvA` FVP exposes four serial ports, `terminal_0` to `terminal_3`. Typically only `terminal_0` is used in the `fvp-base` machine so this can be named `"Console"` and the others `""`. When runfvp starts terminals it will only start named serial ports, so instead of opening four windows where only one is useful, it will only open one.
For example:
```
FVP_TERMINALS[bp.terminal_0] = "Console"
FVP_TERMINALS[bp.terminal_1] = ""
FVP_TERMINALS[bp.terminal_2] = ""
FVP_TERMINALS[bp.terminal_3] = ""
```
### `FVP_CONSOLES`
This specifies what serial ports can be used in oeqa tests, along with an alias to be used in the test cases. Note that the values have to be the FVP identifier but without the board prefix, for example:
```
FVP_CONSOLES[default] = "terminal_0"
FVP_CONSOLES[tf-a] = "s_terminal_0"
```
The 'default' console is also used when `--console` is passed to runfvp.
### `FVP_EXTRA_ARGS`
Arbitrary extra arguments that are passed directly to the FVP. For example:
```
FVP_EXTRA_ARGS = "--simlimit 60"
```
### `FVP_ENV_PASSTHROUGH`
The FVP is launched with an isolated set of environment variables. Add the name of a Bitbake variable to this list to pass it through to the FVP environment. For example:
```
FVP_ENV_PASSTHROUGH = "ARMLMD_LICENSE_FILE FM_TRACE_PLUGINS"
```
[AEM]: https://developer.arm.com/tools-and-software/simulation-models/fixed-virtual-platforms/arm-ecosystem-models
[FVP]: https://developer.arm.com/tools-and-software/simulation-models/fixed-virtual-platforms
[tmux]: https://tmux.github.io/
[INI]: https://docs.python.org/3/library/configparser.html
-70
View File
@@ -1,70 +0,0 @@
# The Trusted Services: framework for developing root-of-trust services
meta-arm layer includes recipes for [Trusted Services][^1] Secure Partitions and Normal World applications
in `meta-arm/recipes-security/trusted-services`
## Secure Partitions recipes
We define dedicated recipes for all supported Trusted Services (TS) Secure Partitions.
These recipes produce ELF and DTB files for SPs.
These files are automatically included into optee-os image accordingly to defined MACHINE_FEATURES.
### How to include TS SPs
To include TS SPs into optee-os image you need to add into MACHINE_FEATURES
features for each [Secure Partition][^2] you would like to include:
| Secure Partition | MACHINE_FEATURE |
| ----------------- | --------------- |
| Attestation | ts-attesation |
| Crypto | ts-crypto |
| Firmware Update | ts-fwu
| Internal Storage | ts-its |
| Protected Storage | ts-storage |
| se-proxy | ts-se-proxy |
| smm-gateway | ts-smm-gateway |
| spm-test[1-4] | optee-spmc-test |
Other steps depend on your machine/platform definition:
1. For communications between Secure and Normal Words Linux kernel option `CONFIG_ARM_FFA_TRANSPORT=y`
is required. If your platform doesn't include it already you can add `arm-ffa` into MACHINE_FEATURES.
(Please see ` meta-arm/recipes-kernel/arm-tstee`.)
For running the `uefi-test` or the `xtest -t ffa_spmc` tests under Linux the `arm-ffa-user` drivel is required. This is
enabled if the `ts-smm-gateway` and/or the `optee-spmc-test` machine features are enabled.
(Please see ` meta-arm/recipes-kernel/arm-ffa-user`.)
2. optee-os might require platform specific OP-TEE build parameters (for example what SEL the SPM Core is implemented at).
You can find examples in `meta-arm/recipes-security/optee/optee-os_%.bbappend` for qemuarm64-secureboot machine
and in `meta-arm-bsp/recipes-security/optee/optee-os-n1sdp.inc` and `meta-arm-bsp/recipes-security/optee/optee-os-corstone1000-common.inc`
for N1SDP and Corstone1000 platforms accordingly.
3. trusted-firmware-a might require platform specific TF-A build parameters (SPD and SPMC details on the platform).
See `meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend` for qemuarm64-secureboot machine
and in `meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-n1sdp.inc` and
`meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone1000.inc` for N1SDP and Corstone1000 platforms.
4. Trusted Services supports an SPMC agonistic binary format. To build SPs to this format the `TS_ENV` variable is to be
set to `sp`. The resulting SP binaries should be able to boot under any FF-A v1.1 compliant SPMC implementation.
## Normal World applications
Optionally for testing purposes you can add `packagegroup-ts-tests` into your image. It includes
[Trusted Services test and demo tools][^3] and [xtest][^4] configured to include the `ffa_spmc` tests.
## OEQA Trusted Services tests
meta-arm also includes Trusted Service OEQA tests which can be used for automated testing.
See `ci/trusted-services.yml` for an example how to include them into an image.
------
[^1]: https://trusted-services.readthedocs.io/en/integration/overview/index.html
[^2]: https://trusted-services.readthedocs.io/en/integration/deployments/secure-partitions.html
[^3]: https://trusted-services.readthedocs.io/en/integration/deployments/test-executables.html
[^4]: https://optee.readthedocs.io/en/latest/building/gits/optee_test.html
-12
View File
@@ -1,12 +0,0 @@
header:
version: 13
repos:
meta-arm:
layers:
meta-arm-systemready:
distro: nodistro
target:
- arm-systemready-firmware
-12
View File
@@ -1,12 +0,0 @@
header:
version: 13
includes:
- kas/arm-systemready-firmware.yml
env:
TESTIMAGE_AUTO: "1"
# The full testimage run typically takes around 12-24h on fvp-base.
TEST_OVERALL_TIMEOUT: "${@ 24*60*60}"
target:
- arm-systemready-ir-acs
@@ -1,7 +0,0 @@
header:
version: 13
includes:
- kas/arm-systemready-firmware.yml
target:
- arm-systemready-linux-distros-debian
@@ -1,8 +0,0 @@
header:
version: 13
includes:
- kas/arm-systemready-firmware.yml
- kas/arm-systemready-linux-distros-unattended-installation.yml
target:
- arm-systemready-linux-distros-opensuse
@@ -1,11 +0,0 @@
header:
version: 16
env:
DISTRO_UNATTENDED_INST_TESTS:
# The full testimage run typically takes around 12-24h on fvp-base.
TEST_OVERALL_TIMEOUT: "${@ 24*60*60}"
local_conf_header:
systemready-unattended-inst: |
TESTIMAGE_AUTO = "${@oe.utils.vartrue("DISTRO_UNATTENDED_INST_TESTS", "1", "", d)}"
-53
View File
@@ -1,53 +0,0 @@
header:
version: 14
distro: poky
defaults:
repos:
branch: scarthgap
repos:
meta-arm:
layers:
meta-arm:
meta-arm-bsp:
meta-arm-toolchain:
poky:
url: https://git.yoctoproject.org/git/poky
commit: c5df9c829a549ca002c36afd6bdf23639831502e
layers:
meta:
meta-poky:
meta-openembedded:
url: https://git.openembedded.org/meta-openembedded
commit: 6de0ab744341ad61b0661aa28d78dc6767ce0786
layers:
meta-oe:
meta-python:
meta-perl:
meta-secure-core:
url: https://github.com/wind-river/meta-secure-core.git
commit: 13cb4867fb1245581c80da3b94b72c4b4f15d67e
layers:
meta-secure-core-common:
meta-signing-key:
meta-efi-secure-boot:
local_conf_header:
base: |
CONF_VERSION = "2"
setup: |
PACKAGE_CLASSES = "package_ipk"
BB_NUMBER_THREADS ?= "16"
PARALLEL_MAKE ?= "-j16"
PACKAGECONFIG:append:pn-perf = " coresight"
machine: unset
target:
- corstone1000-flash-firmware-image
-6
View File
@@ -1,6 +0,0 @@
header:
version: 14
local_conf_header:
extsys: |
MACHINE_FEATURES += "corstone1000-extsys"
-23
View File
@@ -1,23 +0,0 @@
---
header:
version: 14
local_conf_header:
firmwarebuild: |
BBMULTICONFIG:remove = "firmware"
# Need to ensure the rescue linux options are selected
OVERRIDES .= ":firmware"
# Need to ensure we build with a small libc
TCLIBC="musl"
mass-storage: |
# Ensure the Mass Storage device is absent
FVP_CONFIG[board.msd_mmc.p_mmc_file] = "invalid.dat"
test-configuration: |
TEST_SUITES = "_qemutiny ping"
# Remove Dropbear SSH as it will not fit into the corstone1000 image.
IMAGE_FEATURES:remove = "ssh-server-dropbear"
CORE_IMAGE_EXTRA_INSTALL:remove = "ssh-pregen-hostkeys"
-22
View File
@@ -1,22 +0,0 @@
header:
version: 14
includes:
- kas/corstone1000-base.yml
- kas/corstone1000-image-configuration.yml
- kas/corstone1000-firmware-only.yml
- kas/fvp-eula.yml
env:
DISPLAY:
WAYLAND_DISPLAY:
XAUTHORITY:
local_conf_header:
testimagefvp: |
IMAGE_CLASSES += "fvpboot"
mass-storage: |
# Ensure the Mass Storage device is absent
FVP_CONFIG[board.msd_mmc.p_mmc_file] = "invalid.dat"
machine: corstone1000-fvp
-49
View File
@@ -1,49 +0,0 @@
header:
version: 14
local_conf_header:
extrapackages: |
# Intentionally blank to prevent perf from being added to the image in base.yml
firmwarebuild: |
# Only needed as kas doesn't add it automatically unless you have 2 targets in seperate configs
BBMULTICONFIG ?= "firmware"
distrosetup: |
DISTRO_FEATURES = "usbhost ipv4"
initramfsetup: |
# Telling the build system which image is responsible of the generation of the initramfs rootfs
INITRAMFS_IMAGE_BUNDLE:firmware = "1"
INITRAMFS_IMAGE:firmware ?= "corstone1000-recovery-image"
IMAGE_FSTYPES:firmware:pn-corstone1000-recovery-image = "${INITRAMFS_FSTYPES}"
IMAGE_NAME_SUFFIX:firmware = ""
# enable mdev/busybox for init
INIT_MANAGER:firmware = "mdev-busybox"
VIRTUAL-RUNTIME_init_manager:firmware = "busybox"
# prevent the kernel image from being included in the intramfs rootfs
PACKAGE_EXCLUDE:firmware += "kernel-image-*"
# Disable openssl in kmod to shrink the initramfs size
PACKAGECONFIG:remove:firmware:pn-kmod = "openssl"
imageextras: |
# Don't include kernel binary in rootfs /boot path
RRECOMMENDS:${KERNEL_PACKAGE_NAME}-base = ""
# all optee packages
CORE_IMAGE_EXTRA_INSTALL += "optee-client"
# TS PSA API tests commands for crypto, its, ps and iat
CORE_IMAGE_EXTRA_INSTALL += "packagegroup-ts-tests-psa"
CORE_IMAGE_EXTRA_INSTALL:firmware += "packagegroup-ts-tests-psa"
# external system firmware
CORE_IMAGE_EXTRA_INSTALL:firmware += "external-system-elf"
capsule: |
CAPSULE_EXTENSION = "uefi.capsule"
CAPSULE_FW_VERSION = "6"
CAPSULE_NAME = "${MACHINE}-v${CAPSULE_FW_VERSION}"
-8
View File
@@ -1,8 +0,0 @@
header:
version: 14
includes:
- kas/corstone1000-base.yml
- kas/corstone1000-image-configuration.yml
- kas/corstone1000-firmware-only.yml
machine: corstone1000-mps3
-43
View File
@@ -1,43 +0,0 @@
header:
version: 13
includes:
- kas/fvp-eula.yml
env:
DISPLAY:
WAYLAND_DISPLAY:
XAUTHORITY:
distro: poky
machine: fvp-base
defaults:
repos:
refspec: scarthgap
repos:
meta-arm:
layers:
meta-arm:
meta-arm-bsp:
meta-arm-toolchain:
poky:
url: https://git.yoctoproject.org/git/poky
path: layers/poky
layers:
meta:
meta-poky:
local_conf_header:
base: |
CONF_VERSION = "2"
PACKAGE_CLASSES = "package_ipk"
PACKAGECONFIG:remove:pn-qemu-system-native = "gtk+ sdl"
EXTRA_IMAGE_FEATURES:append = " debug-tweaks ssh-server-openssh"
CORE_IMAGE_EXTRA_INSTALL:append = " ssh-pregen-hostkeys"
IMAGE_CLASSES:append = " testimage fvpboot"
target:
- core-image-minimal
-5
View File
@@ -1,5 +0,0 @@
header:
version: 13
env:
ARM_FVP_EULA_ACCEPT:
-7
View File
@@ -1,7 +0,0 @@
header:
version: 9
local_conf_header:
tftf: |
TFA_UBOOT = "0"
TFTF_TESTS = "1"
-1
View File
@@ -1 +0,0 @@
See ../README.md
-30
View File
@@ -1,30 +0,0 @@
# We have a conf and classes directory, add to BBPATH
BBPATH .= ":${LAYERDIR}"
# We have recipes-* directories, add to BBFILES
BBFILES += "${LAYERDIR}/recipes-*/*/*.bb \
${LAYERDIR}/recipes-*/*/*.bbappend"
BBFILE_COLLECTIONS += "meta-arm-bsp"
BBFILE_PATTERN_meta-arm-bsp = "^${LAYERDIR}/"
BBFILE_PRIORITY_meta-arm-bsp = "5"
LAYERSERIES_COMPAT_meta-arm-bsp = "nanbield scarthgap"
LAYERDEPENDS_meta-arm-bsp = "core meta-arm"
# This won't be used by layerindex-fetch, but works everywhere else
LAYERDEPENDS_meta-arm-bsp:append:corstone1000 = " meta-python openembedded-layer efi-secure-boot"
LAYERDEPENDS_meta-arm-bsp:append:musca-b1 = " meta-python"
LAYERDEPENDS_meta-arm-bsp:append:musca-s1 = " meta-python"
# Additional license directories.
LICENSE_PATH += "${LAYERDIR}/custom-licenses"
BBFILES_DYNAMIC += " \
meta-arm-systemready:${LAYERDIR}/dynamic-layers/meta-arm-systemready/*/*/*.bb \
meta-arm-systemready:${LAYERDIR}/dynamic-layers/meta-arm-systemready/*/*/*.bbappend \
"
WARN_QA:append:layer-meta-arm-bsp = " patch-status"
addpylib ${LAYERDIR}/lib oeqa
@@ -1,75 +0,0 @@
#@TYPE: Machine
#@NAME: corstone1000-fvp machine
#@DESCRIPTION: Machine configuration for Corstone1000 64-bit FVP
require conf/machine/include/corstone1000.inc
TFA_TARGET_PLATFORM = "fvp"
TFM_PLATFORM_IS_FVP = "TRUE"
# testimage config
TEST_TARGET = "OEFVPTarget"
TEST_SUITES = "fvp_boot"
# FVP Config
FVP_PROVIDER ?= "fvp-corstone1000-native"
FVP_EXE ?= "FVP_Corstone-1000"
FVP_CONSOLES[default] = "host_terminal_0"
FVP_CONSOLES[tf-a] = "host_terminal_1"
FVP_CONSOLES[se] = "secenc_terminal"
FVP_CONSOLES[extsys] = "extsys_terminal"
#Disable Time Annotation
FASTSIM_DISABLE_TA = "0"
# FVP Parameters
FVP_CONFIG[se.trustedBootROMloader.fname] ?= "bl1.bin"
FVP_CONFIG[board.xnvm_size] ?= "64"
FVP_CONFIG[se.trustedSRAM_config] ?= "6"
FVP_CONFIG[se.BootROM_config] ?= "3"
FVP_CONFIG[board.hostbridge.interfaceName] ?= "tap0"
FVP_CONFIG[board.smsc_91c111.enabled] ?= "1"
FVP_CONFIG[board.hostbridge.userNetworking] ?= "true"
FVP_CONFIG[board.hostbridge.userNetPorts] ?= "5555=5555,8080=80,2222=22"
FVP_CONFIG[board.se_flash_size] ?= "8192"
FVP_CONFIG[diagnostics] ?= "4"
FVP_CONFIG[disable_visualisation] ?= "true"
FVP_CONFIG[se.nvm.update_raw_image] ?= "0"
FVP_CONFIG[se.cryptocell.USER_OTP_FILTERING_DISABLE] ?= "1"
# Boot image
FVP_DATA ?= "board.flash0=corstone1000-flash-firmware-image-${MACHINE}.wic@0x68000000"
# External system (cortex-M3)
FVP_CONFIG[extsys_harness0.extsys_flashloader.fname] ?= "es_flashfw.bin"
# FVP Terminals
FVP_TERMINALS[host.host_terminal_0] ?= "Normal World Console"
FVP_TERMINALS[host.host_terminal_1] ?= "Secure World Console"
FVP_TERMINALS[se.secenc_terminal] ?= "Secure Enclave Console"
FVP_TERMINALS[extsys0.extsys_terminal] ?= "Cortex M3"
# MMC card configuration
FVP_CONFIG[board.msd_mmc.card_type] ?= "SDHC"
FVP_CONFIG[board.msd_mmc.p_fast_access] ?= "0"
FVP_CONFIG[board.msd_mmc.diagnostics] ?= "0"
FVP_CONFIG[board.msd_mmc.p_max_block_count] ?= "0xFFFF"
FVP_CONFIG[board.msd_config.pl180_fifo_depth] ?= "16"
FVP_CONFIG[board.msd_mmc.support_unpadded_images] ?= "true"
FVP_CONFIG[board.msd_mmc.p_mmc_file] ?= "${IMAGE_NAME}.wic"
# MMC2 card configuration
FVP_CONFIG[board.msd_mmc_2.card_type] ?= "SDHC"
FVP_CONFIG[board.msd_mmc_2.p_fast_access] ?= "0"
FVP_CONFIG[board.msd_mmc_2.diagnostics] ?= "0"
FVP_CONFIG[board.msd_mmc_2.p_max_block_count] ?= "0xFFFF"
FVP_CONFIG[board.msd_config_2.pl180_fifo_depth] ?= "16"
FVP_CONFIG[board.msd_mmc_2.support_unpadded_images] ?= "true"
FVP_CONFIG[board.msd_mmc_2.p_mmc_file] ?= "corstone1000-esp-image-${MACHINE}.wic"
# Virtio-Net configuration
FVP_CONFIG[board.virtio_net.enabled] ?= "1"
FVP_CONFIG[board.virtio_net.hostbridge.interfaceName] ?= "eth1"
FVP_CONFIG[board.virtio_net.hostbridge.userNetworking] ?= "true"
FVP_CONFIG[board.virtio_net.hostbridge.userNetPorts] ?= "5555=5555,8080=80,2222=22"
FVP_CONFIG[board.virtio_net.transport] ?= "legacy"
@@ -1,9 +0,0 @@
#@TYPE: Machine
#@NAME: corstone1000-mps3 machine
#@DESCRIPTION: Machine configuration for Corstone1000 64-bit MPS3 FPGA board
require conf/machine/include/corstone1000.inc
TFA_TARGET_PLATFORM = "fpga"
PLATFORM_IS_FVP = "FALSE"
-65
View File
@@ -1,65 +0,0 @@
# Configuration for Armv8-A Base Platform FVP
#@TYPE: Machine
#@NAME: Armv8-A Base Platform FVP machine
#@DESCRIPTION: Machine configuration for Armv8-A Base Platform FVP model
require conf/machine/include/arm/arch-armv8-4a.inc
ARM_SYSTEMREADY_FIRMWARE = "trusted-firmware-a:do_deploy"
ARM_SYSTEMREADY_ACS_CONSOLE = "default"
EXTRA_IMAGEDEPENDS = "${ARM_SYSTEMREADY_FIRMWARE}"
MACHINE_FEATURES = "efi"
IMAGE_NAME_SUFFIX = ""
IMAGE_FSTYPES += "wic"
WKS_FILE ?= "efi-disk.wks.in"
SERIAL_CONSOLES = "115200;ttyAMA0"
PREFERRED_PROVIDER_virtual/kernel ?= "linux-yocto"
KERNEL_DEVICETREE = "arm/fvp-base-revc.dtb"
KERNEL_IMAGETYPE = "Image"
EXTRA_IMAGEDEPENDS += "trusted-firmware-a"
# FVP u-boot configuration
UBOOT_MACHINE = "vexpress_fvp_defconfig"
EFI_PROVIDER ?= "grub-efi"
# As this is a virtual target that will not be used in the real world there is
# no need for real SSH keys.
MACHINE_EXTRA_RRECOMMENDS += "ssh-pregen-hostkeys"
TEST_TARGET = "OEFVPTarget"
TEST_TARGET_IP = "127.0.0.1:2222"
DEFAULT_TEST_SUITES:append = " fvp_boot fvp_devices"
TEST_FVP_DEVICES ?= "rtc watchdog networking virtiorng cpu_hotplug"
FVP_PROVIDER ?= "fvp-base-a-aem-native"
FVP_EXE ?= "FVP_Base_RevC-2xAEMvA"
FVP_CONFIG[bp.ve_sysregs.exit_on_shutdown] ?= "1"
FVP_CONFIG[bp.virtio_net.enabled] ?= "1"
FVP_CONFIG[bp.virtio_net.hostbridge.userNetworking] ?= "1"
# Tell testimage to connect to localhost:2222, and forward that to SSH in the FVP.
FVP_CONFIG[bp.virtio_net.hostbridge.userNetPorts] = "2222=22"
FVP_CONFIG[bp.virtio_rng.enabled] ?= "1"
FVP_CONFIG[cache_state_modelled] ?= "0"
FVP_CONFIG[cluster0.check_memory_attributes] ?= "0"
FVP_CONFIG[cluster1.check_memory_attributes] ?= "0"
FVP_CONFIG[cluster0.stage12_tlb_size] ?= "1024"
FVP_CONFIG[cluster1.stage12_tlb_size] ?= "1024"
FVP_CONFIG[bp.secureflashloader.fname] ?= "bl1-fvp.bin"
FVP_CONFIG[bp.flashloader0.fname] ?= "fip-fvp.bin"
FVP_CONFIG[bp.virtioblockdevice.image_path] ?= "${IMAGE_NAME}.wic"
# Set the baseline to ARMv8.4, as the default is 8.0.
FVP_CONFIG[cluster0.has_arm_v8-4] = "1"
FVP_CONFIG[cluster1.has_arm_v8-4] = "1"
FVP_CONSOLES[default] = "terminal_0"
FVP_TERMINALS[bp.terminal_0] ?= "Console"
FVP_TERMINALS[bp.terminal_1] ?= ""
FVP_TERMINALS[bp.terminal_2] ?= ""
FVP_TERMINALS[bp.terminal_3] ?= ""
FVP_CONFIG[bp.secure_memory] ?= "1"
@@ -1,65 +0,0 @@
require conf/machine/include/arm/armv8a/tune-cortexa35.inc
MACHINEOVERRIDES =. "corstone1000:"
# TF-M
PREFERRED_VERSION_trusted-firmware-m ?= "2.0.%"
# TF-A
TFA_PLATFORM = "corstone1000"
PREFERRED_VERSION_trusted-firmware-a ?= "2.10.%"
PREFERRED_VERSION_tf-a-tests ?= "2.10.%"
TFA_BL2_BINARY = "bl2-corstone1000.bin"
TFA_FIP_BINARY = "fip-corstone1000.bin"
# optee
PREFERRED_VERSION_optee-os ?= "4.1.%"
# Trusted Services
TS_PLATFORM = "arm/corstone1000"
TS_SP_SE_PROXY_CONFIG = "corstone1000"
# Include smm-gateway and se-proxy SPs into optee-os binary
MACHINE_FEATURES += "ts-smm-gateway ts-se-proxy"
# u-boot
PREFERRED_VERSION_u-boot ?= "2023.07%"
MACHINE_FEATURES += "efi"
EFI_PROVIDER ?= "grub-efi"
# Grub
LINUX_KERNEL_ARGS ?= "earlycon=pl011,0x1a510000 console=ttyAMA0,115200"
GRUB_LINUX_APPEND ?= "${LINUX_KERNEL_ARGS}"
IMAGE_CMD:wic[vardeps] += "GRUB_LINUX_APPEND"
# Linux kernel
PREFERRED_PROVIDER_virtual/kernel ?= "linux-yocto"
PREFERRED_VERSION_linux-yocto ?= "6.6.%"
KERNEL_IMAGETYPE = "Image"
KERNEL_IMAGETYPE:firmware = "Image.gz"
# add FF-A support in the kernel
MACHINE_FEATURES += "arm-ffa"
# enable this feature for kernel debugging
# MACHINE_FEATURES += "corstone1000_kernel_debug"
# login terminal serial port settings
SERIAL_CONSOLES ?= "115200;ttyAMA0"
IMAGE_FSTYPES += "wic"
# Need to clear the suffix so TESTIMAGE_AUTO works
IMAGE_NAME_SUFFIX = ""
WKS_FILE ?= "efi-disk-no-swap.wks.in"
WKS_FILE:firmware ?= "corstone1000-flash-firmware.wks.in"
# making sure EXTRA_IMAGEDEPENDS will be used while creating the image
WKS_FILE_DEPENDS:append = " ${EXTRA_IMAGEDEPENDS}"
# If not building under the firmware multiconf we need to build the actual firmware
FIRMWARE_DEPLOYMENT ?= "firmware-deploy-image"
FIRMWARE_DEPLOYMENT:firmware ?= ""
EXTRA_IMAGEDEPENDS += "${FIRMWARE_DEPLOYMENT}"
ARM_SYSTEMREADY_FIRMWARE = "${FIRMWARE_DEPLOYMENT}:do_deploy \
corstone1000-esp-image:do_image_complete \
"
ARM_SYSTEMREADY_ACS_CONSOLE ?= "default"
-30
View File
@@ -1,30 +0,0 @@
# Configuration for juno development board
#@TYPE: Machine
#@NAME: Juno machine
#@DESCRIPTION: Machine configuration for Juno
TUNE_FEATURES = "aarch64"
require conf/machine/include/arm/arch-armv8a.inc
MACHINE_FEATURES = "usbhost usbgadget alsa screen wifi bluetooth optee pci"
KERNEL_IMAGETYPE = "Image.gz"
KERNEL_DEVICETREE = "arm/juno.dtb arm/juno-r1.dtb arm/juno-r2.dtb"
IMAGE_FSTYPES += "tar.bz2 ext4 cpio.gz"
SERIAL_CONSOLES = "115200;ttyAMA0"
PREFERRED_PROVIDER_virtual/kernel ?= "linux-yocto"
PREFERRED_PROVIDER_virtual/bootloader ?= "u-boot"
EXTRA_IMAGEDEPENDS += "trusted-firmware-a virtual/bootloader firmware-image-juno"
# Juno u-boot configuration
UBOOT_MACHINE = "vexpress_aemv8a_juno_defconfig"
INITRAMFS_IMAGE_BUNDLE ?= "1"
INITRAMFS_IMAGE = "core-image-minimal"
IMAGE_NAME_SUFFIX = ""
-23
View File
@@ -1,23 +0,0 @@
# Configuration for Musca-B1 development board
#@TYPE: Machine
#@NAME: Musca-B1 machine
#@DESCRIPTION: Machine configuration for Musca-B1
DEFAULTTUNE ?= "armv8m-main"
require conf/machine/include/arm/armv8-m/tune-cortexm33.inc
# GLIBC will not work with Cortex-M.
TCLIBC = "newlib"
# For runqemu
IMAGE_FSTYPES += "ext4"
IMAGE_CLASSES += "qemuboot"
QB_SYSTEM_NAME = "qemu-system-arm"
QB_MACHINE = "-machine musca-b1"
QB_CPU = "-cpu cortex-m33"
QB_GRAPHICS = "-nographic -vga none"
QB_MEM = "512k"
QB_RNG = ""
TFM_PLATFORM = "arm/musca_b1"

Some files were not shown because too many files have changed in this diff Show More