mirror of
https://git.yoctoproject.org/meta-arm
synced 2026-07-18 04:27:08 +00:00
Compare commits
22 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 0d4c09cf00 | |||
| 5425d269c1 | |||
| 97284c1c3e | |||
| 9c548d16e0 | |||
| e56a0cd6fe | |||
| 61bfbf1601 | |||
| 32c4bca3ae | |||
| 6d58916259 | |||
| dfc0187c36 | |||
| 0ef5fd9682 | |||
| 18bc3f9389 | |||
| 2d601b02b7 | |||
| 4c490d2c2b | |||
| d824ee371a | |||
| acafe7c89f | |||
| 2a624d2239 | |||
| 52b2ad14a8 | |||
| a987c321b7 | |||
| b2f0014a48 | |||
| ca9375b72d | |||
| 691d479ce4 | |||
| 67a28fc298 |
+17
-33
@@ -10,7 +10,7 @@ variables:
|
||||
# The default machine tag for the build jobs
|
||||
DEFAULT_TAG: ""
|
||||
# The machine tag for the ACS test jobs
|
||||
ACS_TAG: "$DEFAULT_TAG"
|
||||
ACS_TAG: ""
|
||||
# The directory to use as the persistent cache (the root for DL_DIR, SSTATE_DIR, etc)
|
||||
CACHE_DIR: $CI_BUILDS_DIR/persist
|
||||
# The container mirror to use
|
||||
@@ -33,11 +33,9 @@ stages:
|
||||
stage: build
|
||||
interruptible: true
|
||||
variables:
|
||||
KUBERNETES_CPU_REQUEST: $CPU_REQUEST
|
||||
KAS_WORK_DIR: $CI_PROJECT_DIR/work
|
||||
KAS_BUILD_DIR: $KAS_WORK_DIR/build
|
||||
# Set this in the environment to enable local repository caches
|
||||
KAS_REPO_REF_DIR: ""
|
||||
KAS_REPO_REF_DIR: $CACHE_DIR/repos
|
||||
SSTATE_DIR: $CACHE_DIR/sstate
|
||||
DL_DIR: $CACHE_DIR/downloads
|
||||
BB_LOGCONFIG: $CI_PROJECT_DIR/ci/logging.yml
|
||||
@@ -45,12 +43,19 @@ stages:
|
||||
IMAGE_DIR: $KAS_BUILD_DIR/tmp/deploy/images
|
||||
TOOLCHAIN_LINK_DIR: $KAS_BUILD_DIR/toolchains
|
||||
before_script:
|
||||
- echo KAS_WORK_DIR = $KAS_WORK_DIR
|
||||
- echo SSTATE_DIR = $SSTATE_DIR
|
||||
- echo DL_DIR = $DL_DIR
|
||||
- rm -rf $KAS_WORK_DIR
|
||||
- mkdir --verbose --parents $KAS_WORK_DIR $KAS_REPO_REF_DIR $SSTATE_DIR $DL_DIR $TOOLCHAIN_DIR $TOOLCHAIN_LINK_DIR
|
||||
# Must do this here, as it's the only way to make sure the toolchain is installed on the same builder
|
||||
- ./ci/get-binary-toolchains $DL_DIR $TOOLCHAIN_DIR $TOOLCHAIN_LINK_DIR
|
||||
|
||||
# Generalised fragment to do a Kas build
|
||||
.build:
|
||||
extends: .setup
|
||||
variables:
|
||||
KUBERNETES_CPU_REQUEST: $CPU_REQUEST
|
||||
rules:
|
||||
# Don't run MR pipelines
|
||||
- if: $CI_PIPELINE_SOURCE == "merge_request_event"
|
||||
@@ -94,18 +99,7 @@ update-repos:
|
||||
exit_codes: 128
|
||||
script:
|
||||
- |
|
||||
exit_code=0
|
||||
|
||||
# Dump the environment for reference
|
||||
printenv
|
||||
|
||||
# Update the reference repositories if needed
|
||||
if [ -n "$KAS_REPO_REF_DIR" ]; then
|
||||
flock --verbose --timeout 60 $KAS_REPO_REF_DIR --command ./ci/update-repos || exit_code=$?
|
||||
# Exit now if that failed, unless the status was 128 (fetch failed)
|
||||
test $exit_code != 0 -a $exit_code != 128 && exit 1
|
||||
fi
|
||||
|
||||
flock --verbose --timeout 60 $KAS_REPO_REF_DIR ./ci/update-repos
|
||||
# Only generate if doesn't already exist, to allow feature branches to drop one in.
|
||||
if test -f lockfile.yml; then
|
||||
echo Using existing lockfile.yml
|
||||
@@ -113,26 +107,24 @@ update-repos:
|
||||
# Be sure that this is the complete list of layers being fetched
|
||||
kas dump --lock --update ci/qemuarm64.yml:ci/meta-openembedded.yml:ci/clang.yml:ci/meta-virtualization.yml | tee lockfile.yml
|
||||
fi
|
||||
exit $exit_code
|
||||
artifacts:
|
||||
name: "lockfile"
|
||||
when: always
|
||||
paths:
|
||||
- lockfile.yml
|
||||
|
||||
#
|
||||
# Build stage, the actual build jobs
|
||||
#
|
||||
# Available options for building are (VIRT _must_ be last for ssh override)
|
||||
# Available options for building are
|
||||
# DISTRO: [poky, poky-altcfg, poky-tiny]
|
||||
# KERNEL: [linux-yocto, linux-yocto-dev, linux-yocto-rt]
|
||||
# TOOLCHAINS: [gcc, clang]
|
||||
# TOOLCHAINS: [gcc, clang, external-gccarm]
|
||||
# TCLIBC: [glibc, musl]
|
||||
# FIRMWARE: [u-boot, edk2]
|
||||
# TS: [none, trusted-services]
|
||||
# VIRT: [none, xen]
|
||||
# TESTING: testimage
|
||||
# SECUREDEBUG: [none, secure-debug]
|
||||
# VIRT: [none, xen]
|
||||
|
||||
arm-systemready-ir-acs:
|
||||
extends: .build
|
||||
@@ -252,11 +244,6 @@ musca-s1:
|
||||
|
||||
pending-updates:
|
||||
extends: .setup
|
||||
# Only run this job for the default branch (master), or if forced with
|
||||
# BUILD_FORCE_PENDING_UPDATES.
|
||||
rules:
|
||||
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
|
||||
- if: $BUILD_FORCE_PENDING_UPDATES != null
|
||||
artifacts:
|
||||
paths:
|
||||
- update-report
|
||||
@@ -265,6 +252,9 @@ pending-updates:
|
||||
# This configuration has all of the layers we need enabled
|
||||
- kas shell --update --force-checkout ci/qemuarm64.yml:ci/meta-openembedded.yml:ci/meta-secure-core.yml:lockfile.yml --command \
|
||||
"$CI_PROJECT_DIR/scripts/machine-summary.py -t report -o $CI_PROJECT_DIR/update-report $($CI_PROJECT_DIR/ci/listmachines.py meta-arm meta-arm-bsp)"
|
||||
# Do this on x86 whilst the compilers are x86-only
|
||||
tags:
|
||||
- x86_64
|
||||
|
||||
qemuarm64-secureboot:
|
||||
extends: .build
|
||||
@@ -305,7 +295,7 @@ qemuarm-secureboot:
|
||||
TOOLCHAINS: [gcc, clang]
|
||||
TCLIBC: [glibc, musl]
|
||||
TESTING: testimage
|
||||
- DISTRO: [poky, poky-altcfg]
|
||||
- TOOLCHAINS: external-gccarm
|
||||
TESTING: testimage
|
||||
- KERNEL: linux-yocto-dev
|
||||
TESTING: testimage
|
||||
@@ -355,12 +345,6 @@ selftest:
|
||||
|
||||
sgi575:
|
||||
extends: .build
|
||||
parallel:
|
||||
matrix:
|
||||
- TESTING: testimage
|
||||
# FVP binary is x86-only
|
||||
tags:
|
||||
- x86_64
|
||||
|
||||
toolchains:
|
||||
extends: .build
|
||||
|
||||
+1
-1
@@ -7,7 +7,7 @@ distro: poky
|
||||
|
||||
defaults:
|
||||
repos:
|
||||
branch: walnascar
|
||||
branch: styhead
|
||||
|
||||
repos:
|
||||
meta-arm:
|
||||
|
||||
+2
-2
@@ -5,5 +5,5 @@ header:
|
||||
|
||||
# Add universally helpful features when testing boards
|
||||
local_conf_header:
|
||||
rootlogin: |
|
||||
EXTRA_IMAGE_FEATURES:append = " allow-empty-password empty-root-password allow-root-login"
|
||||
debug: |
|
||||
EXTRA_IMAGE_FEATURES:append = " debug-tweaks"
|
||||
|
||||
@@ -0,0 +1,13 @@
|
||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
|
||||
|
||||
header:
|
||||
version: 14
|
||||
|
||||
local_conf_header:
|
||||
cc: |
|
||||
SKIP_RECIPE[gcc-cross-arm] = "Using external toolchain"
|
||||
TCMODE = "external-arm"
|
||||
EXTERNAL_TOOLCHAIN = "${TOPDIR}/toolchains/${TARGET_ARCH}"
|
||||
# Disable ptest as this pulls target compilers, which don't
|
||||
# work with external toolchain currently
|
||||
DISTRO_FEATURES:remove = "ptest"
|
||||
+1
-6
@@ -19,13 +19,8 @@ target:
|
||||
# Target packages to test aarch64
|
||||
- fvp-base-a-aem
|
||||
- fvp-corstone1000
|
||||
- fvp-rd1-ae
|
||||
- fvp-v3-r1
|
||||
# Nativesdk to test x86-64
|
||||
- nativesdk-fvp-base-a-aem
|
||||
- nativesdk-fvp-corstone1000
|
||||
- nativesdk-fvp-rd1-ae
|
||||
- nativesdk-fvp-v3-r1
|
||||
# These are x86 only... :(
|
||||
- nativesdk-fvp-n1-edge
|
||||
- nativesdk-fvp-sgi575
|
||||
- nativesdk-fvp-tc3
|
||||
|
||||
Executable
+51
@@ -0,0 +1,51 @@
|
||||
#!/bin/bash
|
||||
set -u -e
|
||||
|
||||
BASENAME=arm-gnu-toolchain
|
||||
VER=${VER:-13.3.rel1}
|
||||
HOST_ARCH=${HOST_ARCH:-$(uname -m)}
|
||||
|
||||
# Use the standard kas container locations if nothing is passed into the script
|
||||
DOWNLOAD_DIR="${1:-/builds/persist/downloads/}"
|
||||
TOOLCHAIN_DIR="${2:-/builds/persist//toolchains/}"
|
||||
TOOLCHAIN_LINK_DIR="${3:-build/toolchains/}"
|
||||
|
||||
# These should be already created by .gitlab-ci.yml, but do here if run outside of that env
|
||||
mkdir -p $DOWNLOAD_DIR $TOOLCHAIN_DIR $TOOLCHAIN_LINK_DIR
|
||||
|
||||
download() {
|
||||
TRIPLE=$1
|
||||
URL=https://developer.arm.com/-/media/Files/downloads/gnu/$VER/binrel/$BASENAME-$VER-$HOST_ARCH-$TRIPLE.tar.xz
|
||||
wget -P $DOWNLOAD_DIR -nc $URL
|
||||
}
|
||||
|
||||
if [ $HOST_ARCH = "aarch64" ]; then
|
||||
# AArch64 Linux hosted cross compilers
|
||||
|
||||
# AArch32 target with hard float
|
||||
download arm-none-linux-gnueabihf
|
||||
elif [ $HOST_ARCH = "x86_64" ]; then
|
||||
# x86_64 Linux hosted cross compilers
|
||||
|
||||
# AArch32 target with hard float
|
||||
download arm-none-linux-gnueabihf
|
||||
|
||||
# AArch64 GNU/Linux target
|
||||
download aarch64-none-linux-gnu
|
||||
else
|
||||
echo "ERROR - Unknown build arch of $HOST_ARCH"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
for i in arm aarch64; do
|
||||
if [ ! -d $TOOLCHAIN_DIR/$BASENAME-$VER-$HOST_ARCH-$i-none-linux-gnu*/ ]; then
|
||||
if [ ! -f $DOWNLOAD_DIR/$BASENAME-$VER-$HOST_ARCH-$i-none-linux-gnu*.tar.xz ]; then
|
||||
continue
|
||||
fi
|
||||
|
||||
tar -C $TOOLCHAIN_DIR -axvf $DOWNLOAD_DIR/$BASENAME-$VER-$HOST_ARCH-$i-none-linux-gnu*.tar.xz
|
||||
fi
|
||||
|
||||
# Setup a link for the toolchain to use local to the building machine (e.g., not in a shared location)
|
||||
ln -s $TOOLCHAIN_DIR/$BASENAME-$VER-$HOST_ARCH-$i-none-linux-gnu* $TOOLCHAIN_LINK_DIR/$i
|
||||
done
|
||||
@@ -4,11 +4,5 @@ header:
|
||||
version: 14
|
||||
includes:
|
||||
- ci/base.yml
|
||||
- ci/fvp.yml
|
||||
|
||||
local_conf_header:
|
||||
sshpregen: |
|
||||
# Allow the use of the pregen keys as this is CI so safe
|
||||
COMPATIBLE_MACHINE:pn-ssh-pregen-hostkeys:sgi575 = "sgi575"
|
||||
|
||||
machine: sgi575
|
||||
|
||||
+4
-18
@@ -23,29 +23,15 @@ local_conf_header:
|
||||
WKS_FILE = "efi-disk.wks.in"
|
||||
KERNEL_IMAGETYPE = "Image"
|
||||
|
||||
MACHINE_FEATURES:append = " efi uefi-secureboot uefi-http-boot uefi-capsule-updates"
|
||||
MACHINE_FEATURES:append = " efi uefi-secureboot"
|
||||
|
||||
EFI_PROVIDER = "systemd-boot"
|
||||
|
||||
# Use systemd as the init system
|
||||
INIT_MANAGER = "systemd"
|
||||
DISTRO_FEATURES:append = " systemd"
|
||||
DISTRO_FEATURES_NATIVE:append = " systemd"
|
||||
|
||||
IMAGE_INSTALL:append = " systemd systemd-boot util-linux coreutils"
|
||||
|
||||
TEST_SUITES:append = " uefi_secureboot uki"
|
||||
|
||||
IMAGE_CLASSES += "uki"
|
||||
|
||||
IMAGE_CLASSES += "sbsign"
|
||||
UKI_SB_KEY = "${SBSIGN_KEY}"
|
||||
UKI_SB_CERT = "${SBSIGN_CERT}"
|
||||
QB_KERNEL_ROOT = ""
|
||||
IMAGE_BOOT_FILES:remove = "Image"
|
||||
|
||||
INITRAMFS_IMAGE = "core-image-initramfs-boot"
|
||||
# not for initramfs image recipe
|
||||
IMAGE_CLASSES:remove:pn-core-image-initramfs-boot = "uki"
|
||||
IMAGE_CLASSES:remove:pn-core-image-initramfs-boot = "sbsign"
|
||||
IMAGE_CLASSES:remove:pn-core-image-initramfs-boot = "testimage"
|
||||
IMAGE_FEATURES:remove:pn-core-image-initramfs-boot = "ssh-server-dropbear"
|
||||
CORE_IMAGE_EXTRA_INSTALL:remove:pn-core-image-initramfs-boot = "ssh-pregen-hostkeys"
|
||||
TEST_SUITES:append = " uefi_secureboot"
|
||||
+1
-1
@@ -44,7 +44,7 @@ if __name__ == "__main__":
|
||||
if repodir.exists():
|
||||
try:
|
||||
print("Updating %s..." % repo)
|
||||
subprocess.run(["git", "-C", repodir, "-c", "gc.autoDetach=false", "fetch", repo], check=True)
|
||||
subprocess.run(["git", "-C", repodir, "-c", "gc.autoDetach=false", "fetch"], check=True)
|
||||
except subprocess.CalledProcessError as e:
|
||||
print(e)
|
||||
failed = True
|
||||
|
||||
@@ -4,13 +4,10 @@ header:
|
||||
version: 14
|
||||
includes:
|
||||
- ci/meta-virtualization.yml
|
||||
- ci/poky-altcfg.yml
|
||||
|
||||
local_conf_header:
|
||||
meta-virt: |
|
||||
DISTRO_FEATURES:append = " virtualization xen"
|
||||
sshd: |
|
||||
IMAGE_FEATURES:append = " ssh-server-openssh"
|
||||
|
||||
target:
|
||||
- xen-image-minimal
|
||||
|
||||
@@ -5,7 +5,7 @@ distro: poky
|
||||
|
||||
defaults:
|
||||
repos:
|
||||
branch: walnascar
|
||||
branch: styhead
|
||||
|
||||
repos:
|
||||
meta-arm:
|
||||
@@ -16,14 +16,14 @@ repos:
|
||||
|
||||
poky:
|
||||
url: https://git.yoctoproject.org/git/poky
|
||||
commit: ee0d8d8a61d8e22a3dd00c32cde58ee6e8ec458f
|
||||
commit: 5465094be9a61a1639e1dab6d2b4ebea2bee7440
|
||||
layers:
|
||||
meta:
|
||||
meta-poky:
|
||||
|
||||
meta-openembedded:
|
||||
url: https://git.openembedded.org/meta-openembedded
|
||||
commit: 2169c9afcc0945045bea49f58011080942d4ddb4
|
||||
commit: 461d85a1831318747af5abe86da193bcde3fd9b4
|
||||
layers:
|
||||
meta-oe:
|
||||
meta-python:
|
||||
@@ -31,7 +31,7 @@ repos:
|
||||
|
||||
meta-secure-core:
|
||||
url: https://github.com/wind-river/meta-secure-core.git
|
||||
commit: 423bc85b050594cc42fe3f2e0d0229960e70b94e
|
||||
commit: 59d7e90542947c342098863b9998693ac79352b0
|
||||
layers:
|
||||
meta-secure-core-common:
|
||||
meta-signing-key:
|
||||
|
||||
@@ -9,7 +9,7 @@ BBFILE_COLLECTIONS += "meta-arm-bsp"
|
||||
BBFILE_PATTERN_meta-arm-bsp = "^${LAYERDIR}/"
|
||||
BBFILE_PRIORITY_meta-arm-bsp = "5"
|
||||
|
||||
LAYERSERIES_COMPAT_meta-arm-bsp = "styhead walnascar"
|
||||
LAYERSERIES_COMPAT_meta-arm-bsp = "styhead"
|
||||
|
||||
LAYERDEPENDS_meta-arm-bsp = "core meta-arm"
|
||||
# This won't be used by layerindex-fetch, but works everywhere else
|
||||
@@ -28,5 +28,3 @@ BBFILES_DYNAMIC += " \
|
||||
WARN_QA:append:layer-meta-arm-bsp = " patch-status"
|
||||
|
||||
addpylib ${LAYERDIR}/lib oeqa
|
||||
|
||||
IMAGE_ROOTFS_EXTRA_ARGS ?= ""
|
||||
|
||||
@@ -4,7 +4,7 @@
|
||||
#@NAME: Armv8-A Base Platform FVP machine
|
||||
#@DESCRIPTION: Machine configuration for Armv8-A Base Platform FVP model
|
||||
|
||||
require conf/machine/include/arm/arch-armv8-5a.inc
|
||||
require conf/machine/include/arm/arch-armv8-4a.inc
|
||||
|
||||
ARM_SYSTEMREADY_FIRMWARE = "trusted-firmware-a:do_deploy"
|
||||
ARM_SYSTEMREADY_ACS_CONSOLE = "default"
|
||||
@@ -57,9 +57,9 @@ FVP_CONFIG[cluster1.stage12_tlb_size] ?= "1024"
|
||||
FVP_CONFIG[bp.secureflashloader.fname] ?= "bl1-fvp.bin"
|
||||
FVP_CONFIG[bp.flashloader0.fname] ?= "fip-fvp.bin"
|
||||
FVP_CONFIG[bp.virtioblockdevice.image_path] ?= "${IMAGE_NAME}.wic"
|
||||
# Set the baseline to ARMv8.5, as the default is 8.0.
|
||||
FVP_CONFIG[cluster0.has_arm_v8-5] = "1"
|
||||
FVP_CONFIG[cluster1.has_arm_v8-5] = "1"
|
||||
# Set the baseline to ARMv8.4, as the default is 8.0.
|
||||
FVP_CONFIG[cluster0.has_arm_v8-4] = "1"
|
||||
FVP_CONFIG[cluster1.has_arm_v8-4] = "1"
|
||||
FVP_CONSOLES[default] = "terminal_0"
|
||||
FVP_TERMINALS[bp.terminal_0] ?= "Console"
|
||||
FVP_TERMINALS[bp.terminal_1] ?= ""
|
||||
|
||||
@@ -14,8 +14,7 @@ TFA_BL2_BINARY = "bl2-corstone1000.bin"
|
||||
TFA_FIP_BINARY = "fip-corstone1000.bin"
|
||||
|
||||
# optee
|
||||
PREFERRED_VERSION_optee-os ?= "4.4.%"
|
||||
PREFERRED_VERSION_optee-client ?= "4.4.%"
|
||||
PREFERRED_VERSION_optee-os ?= "4.2.%"
|
||||
|
||||
# Trusted Services
|
||||
TS_PLATFORM = "arm/corstone1000"
|
||||
@@ -35,7 +34,7 @@ IMAGE_CMD:wic[vardeps] += "GRUB_LINUX_APPEND"
|
||||
|
||||
# Linux kernel
|
||||
PREFERRED_PROVIDER_virtual/kernel ?= "linux-yocto"
|
||||
PREFERRED_VERSION_linux-yocto ?= "6.12.%"
|
||||
PREFERRED_VERSION_linux-yocto ?= "6.10.%"
|
||||
KERNEL_IMAGETYPE = "Image"
|
||||
KERNEL_IMAGETYPE:firmware = "Image.gz"
|
||||
# add FF-A support in the kernel
|
||||
@@ -64,6 +63,3 @@ ARM_SYSTEMREADY_FIRMWARE = "${FIRMWARE_DEPLOYMENT}:do_deploy \
|
||||
corstone1000-esp-image:do_image_complete \
|
||||
"
|
||||
ARM_SYSTEMREADY_ACS_CONSOLE ?= "default"
|
||||
|
||||
# Workaround IMAGE_ROOTFS_EXTRA_SPACE being ignored when images are repacked
|
||||
IMAGE_ROOTFS_EXTRA_ARGS += "--extra-space ${@${IMAGE_ROOTFS_EXTRA_SPACE}}K"
|
||||
|
||||
@@ -26,10 +26,6 @@ EFI_PROVIDER ?= "${@bb.utils.contains("DISTRO_FEATURES", "systemd", "systemd-boo
|
||||
SERIAL_CONSOLES ?= "115200;ttyAMA0 115200;hvc0"
|
||||
|
||||
EXTRA_IMAGEDEPENDS += "edk2-firmware"
|
||||
# FIXME - Currently seeing a kernel warning for the CPU topology when bumping
|
||||
# the version past this. The issue is being tracked in
|
||||
# https://github.com/tianocore/edk2-platforms/issues/752
|
||||
PREFERRED_VERSION_edk2-firmware ?= "202408%"
|
||||
|
||||
QB_SYSTEM_NAME = "qemu-system-aarch64"
|
||||
QB_MACHINE = "-machine sbsa-ref"
|
||||
|
||||
@@ -7,56 +7,18 @@
|
||||
require conf/machine/include/arm/armv8-2a/tune-cortexa75.inc
|
||||
|
||||
EXTRA_IMAGEDEPENDS += "virtual/control-processor-firmware"
|
||||
|
||||
EXTRA_IMAGEDEPENDS += "trusted-firmware-a"
|
||||
|
||||
KERNEL_IMAGETYPE ?= "Image"
|
||||
PREFERRED_PROVIDER_virtual/kernel ?= "linux-yocto"
|
||||
SERIAL_CONSOLES = "115200;ttyAMA0"
|
||||
|
||||
EFI_PROVIDER ?= "${@bb.utils.contains("DISTRO_FEATURES", "systemd", "systemd-boot", "grub-efi", d)}"
|
||||
#grub-efi
|
||||
EFI_PROVIDER ?= "grub-efi"
|
||||
MACHINE_FEATURES += "efi"
|
||||
|
||||
IMAGE_FSTYPES += "cpio.gz wic"
|
||||
IMAGE_NAME_SUFFIX = ""
|
||||
IMAGE_CLASSES += "fvpboot"
|
||||
|
||||
WKS_FILE ?= "efi-disk.wks.in"
|
||||
WKS_FILE ?= "sgi575-efidisk.wks"
|
||||
WKS_FILE_DEPENDS:append = " ${EXTRA_IMAGEDEPENDS}"
|
||||
|
||||
# testimage config
|
||||
TEST_TARGET = "OEFVPTarget"
|
||||
#TEST_TARGET_IP = "127.0.0.1:222"
|
||||
TEST_SUITES = "fvp_boot"
|
||||
|
||||
# FVP Config
|
||||
FVP_PROVIDER ?= "fvp-sgi575-native"
|
||||
FVP_EXE ?= "FVP_CSS_SGI-575"
|
||||
|
||||
# Virtio-Net configuration
|
||||
FVP_CONFIG[board.virtio_net.enabled] ?= "1"
|
||||
FVP_CONFIG[board.virtio_net.hostbridge.userNetworking] ?= "1"
|
||||
FVP_CONFIG[board.virtio_net.hostbridge.userNetPorts] = "2222=22"
|
||||
FVP_CONFIG[board.virtioblockdevice.image_path] ?= "${IMAGE_NAME}.wic"
|
||||
|
||||
#FVP_CONFIG[cache_state_modelled] ?= "0"
|
||||
FVP_CONFIG[css.cmn600.mesh_config_file] = "SGI-575_cmn600.yml"
|
||||
FVP_CONFIG[css.cmn600.force_rnsam_internal] ?= "false"
|
||||
FVP_CONFIG[css.gic_distributor.ITS-device-bits] ?= "20"
|
||||
|
||||
FVP_DATA ?= "css.scp.armcortexm7ct=scp_ramfw.bin@0x0BD80000"
|
||||
FVP_CONFIG[css.mcp.ROMloader.fname] ?= "mcp_romfw.bin"
|
||||
FVP_CONFIG[css.scp.ROMloader.fname] ?= "scp_romfw.bin"
|
||||
FVP_CONFIG[css.trustedBootROMloader.fname] ?= "bl1-sgi575.bin"
|
||||
FVP_CONFIG[board.flashloader0.fname] ?= "fip-sgi575.bin"
|
||||
|
||||
FVP_CONSOLES[default] = "terminal_uart_ap"
|
||||
FVP_TERMINALS[css.scp.terminal_uart_aon] ?= "SCP Console"
|
||||
FVP_TERMINALS[css.mcp.terminal_uart0] ?= ""
|
||||
FVP_TERMINALS[css.mcp.terminal_uart1] ?= ""
|
||||
FVP_TERMINALS[css.terminal_uart_ap] ?= "Console"
|
||||
FVP_TERMINALS[css.terminal_uart1_ap] ?= ""
|
||||
FVP_TERMINALS[soc.terminal_s0] ?= ""
|
||||
FVP_TERMINALS[soc.terminal_s1] ?= ""
|
||||
FVP_TERMINALS[soc.terminal_mcp] ?= ""
|
||||
FVP_TERMINALS[board.terminal_0] ?= ""
|
||||
FVP_TERMINALS[board.terminal_1] ?= ""
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
..
|
||||
# Copyright (c) 2022-2025, Arm Limited.
|
||||
# Copyright (c) 2022-2024, Arm Limited.
|
||||
#
|
||||
# SPDX-License-Identifier: MIT
|
||||
|
||||
@@ -10,70 +10,6 @@ Change Log
|
||||
This document contains a summary of the new features, changes and
|
||||
fixes in each release of Corstone-1000 software stack.
|
||||
|
||||
***************
|
||||
Version 2025.05
|
||||
***************
|
||||
|
||||
Changes
|
||||
=======
|
||||
|
||||
- OP-TEE OS: Added support for v4.4
|
||||
- Trusted Services: PSA-Crypto structures aligned with TF-M, added protobuf interface to crypto-sp
|
||||
- Documentation: fixed typos, added host-level authentication section, enabled fly-out sidebar menu
|
||||
- Das U-Boot: Reserved memory for RSS communication-pointer access protocol
|
||||
- Linux Kernel: Upgraded kernel to v6.12, updated Upstream-Status notes for remoteproc patches
|
||||
- Corstone-1000 image: Implemented IMAGE_ROOTFS_EXTRA_SPACE workaround
|
||||
|
||||
Corstone-1000 components versions
|
||||
=================================
|
||||
|
||||
+-------------------------------------------+-------------------+
|
||||
| linux-yocto | 6.12.30 |
|
||||
+-------------------------------------------+-------------------+
|
||||
| u-boot | 2023.07.02 |
|
||||
+-------------------------------------------+-------------------+
|
||||
| external-system | 0.1.0 |
|
||||
+-------------------------------------------+-------------------+
|
||||
| optee-client | 4.4.0 |
|
||||
+-------------------------------------------+-------------------+
|
||||
| optee-os | 4.4.0 |
|
||||
+-------------------------------------------+-------------------+
|
||||
| trusted-firmware-a | 2.11.0 |
|
||||
+-------------------------------------------+-------------------+
|
||||
| trusted-firmware-m | 2.1.1 |
|
||||
+-------------------------------------------+-------------------+
|
||||
| libts | 602be60719 |
|
||||
+-------------------------------------------+-------------------+
|
||||
| ts-newlib | 4.1.0 |
|
||||
+-------------------------------------------+-------------------+
|
||||
| ts-psa-{crypto, iat, its. ps}-api-test | 74dc6646ff |
|
||||
+-------------------------------------------+-------------------+
|
||||
| ts-sp-{se-proxy, smm-gateway} | 602be60719 |
|
||||
+-------------------------------------------+-------------------+
|
||||
|
||||
Yocto distribution components versions
|
||||
======================================
|
||||
|
||||
+-------------------------------------------+----------------+
|
||||
| meta-arm | walnascar |
|
||||
+-------------------------------------------+----------------+
|
||||
| poky | ee0d8d8a61 |
|
||||
+-------------------------------------------+----------------+
|
||||
| meta-openembedded | 2169c9afcc |
|
||||
+-------------------------------------------+----------------+
|
||||
| meta-secure-core | 423bc85b05 |
|
||||
+-------------------------------------------+----------------+
|
||||
| busybox | 1.37.0 |
|
||||
+-------------------------------------------+----------------+
|
||||
| musl | 1.2.5 |
|
||||
+-------------------------------------------+----------------+
|
||||
| gcc-arm-none-eabi | 13.3.rel1 |
|
||||
+-------------------------------------------+----------------+
|
||||
| gcc-cross-aarch64 | 14.2.0 |
|
||||
+-------------------------------------------+----------------+
|
||||
| openssl | 3.4.1 |
|
||||
+-------------------------------------------+----------------+
|
||||
|
||||
|
||||
***************
|
||||
Version 2024.11
|
||||
|
||||
@@ -1,8 +1,3 @@
|
||||
# SPDX-FileCopyrightText: <text>Copyright 2020-2024 Arm Limited and/or its
|
||||
# affiliates <open-source-office@arm.com></text>
|
||||
#
|
||||
# SPDX-License-Identifier: MIT
|
||||
|
||||
# Configuration file for the Sphinx documentation builder.
|
||||
#
|
||||
# This file only contains a selection of the most common options. For a full
|
||||
@@ -55,9 +50,6 @@ exclude_patterns = ['_build', 'Thumbs.db', '.DS_Store', 'docs/infra']
|
||||
# a list of builtin themes.
|
||||
#
|
||||
html_theme = 'sphinx_rtd_theme'
|
||||
html_theme_options = {
|
||||
'flyout_display': 'attached',
|
||||
}
|
||||
|
||||
# Define the canonical URL if you are using a custom domain on Read the Docs
|
||||
html_baseurl = os.environ.get("READTHEDOCS_CANONICAL_URL", "")
|
||||
|
||||
Binary file not shown.
|
Before Width: | Height: | Size: 43 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 44 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 58 KiB After Width: | Height: | Size: 63 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 16 KiB |
@@ -1,5 +1,5 @@
|
||||
..
|
||||
# Copyright (c) 2022-2025, Arm Limited.
|
||||
# Copyright (c) 2022-2024, Arm Limited.
|
||||
#
|
||||
# SPDX-License-Identifier: MIT
|
||||
|
||||
@@ -19,22 +19,6 @@ intended for safety-critical applications. Should Your Software or Your Hardware
|
||||
prove defective, you assume the entire cost of all necessary servicing, repair
|
||||
or correction.
|
||||
|
||||
***********************
|
||||
Release notes - 2025.05
|
||||
***********************
|
||||
|
||||
Known Issues or Limitations
|
||||
---------------------------
|
||||
|
||||
- Crypto isolation is not supported in the Secure world of Corstone-1000. Additionally, clients in
|
||||
the Normal world are not isolated from one another.Therefore, if an end user wants to add a new
|
||||
Secure Partition (SP) (such as a software TPM) that accesses the Crypto service via the SE-Proxy,
|
||||
they are responsible for implementing their own isolation mechanisms to ensure proper security boundaries.
|
||||
- DSTREAM debug probe may experience unreliable USB connectivity when used with Arm DS for secure debug.
|
||||
This issue is under active investigation, and we are working to identify and resolve compatibility issues in a future update.
|
||||
As a more stable alternative, the ULINKpro debug probe is recommended for use with Corstone-1000 in secure debug scenarios.
|
||||
|
||||
|
||||
***********************
|
||||
Release notes - 2024.11
|
||||
***********************
|
||||
@@ -60,16 +44,6 @@ Platform Support
|
||||
- This software release is tested on Corstone-1000 Fast Model platform (FVP) version 11.23_25
|
||||
https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps
|
||||
|
||||
SystemReady IR v2.0 Certification Milestone
|
||||
-------------------------------------------
|
||||
|
||||
As of this release, Corstone-1000 has achieved `SystemReady IR v2.0 certification <https://www.arm.com/architecture/system-architectures/systemready-certification-program/ve>`__.
|
||||
This milestone confirms compliance with the SystemReady IR requirements, ensuring broader compatibility and reliability for deployment.
|
||||
|
||||
Applied patch `313ad2a0e600 <https://git.yoctoproject.org/meta-arm/commit/?h=scarthgap&id=313ad2a0e600655d9bfbe53646e356372ff02644>`__ to address compatibility requirements for SystemReady IR v2.0.
|
||||
|
||||
This update is included in tag `CORSTONE1000-2024.06-systemready-ir-v2.0 <https://git.yoctoproject.org/meta-arm/tag/?h=CORSTONE1000-2024.06-systemready-ir-v2.0>`__ and builds on the `CORSTONE1000-2024.06` release.
|
||||
|
||||
***********************
|
||||
Release notes - 2023.11
|
||||
***********************
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
..
|
||||
# Copyright (c) 2022-2025, Arm Limited.
|
||||
# Copyright (c) 2022-2024, Arm Limited.
|
||||
#
|
||||
# SPDX-License-Identifier: MIT
|
||||
|
||||
@@ -16,266 +16,137 @@ Arm Corstone-1000 is a reference solution for IoT devices. It is part of
|
||||
Total Solution for IoT which consists of hardware and software reference
|
||||
implementation.
|
||||
|
||||
The combination of Corstone-1000 software and hardware reference solution is `PSA Level-2 ready
|
||||
certified <psa_l2-ready_>`__ as well as `Arm SystemReady Devicetree certified <systemready-ir-certification_>`__.
|
||||
Corstone-1000 software plus hardware reference solution is PSA Level-2 ready
|
||||
certified (`PSA L2 Ready`_) as well as System Ready IR certified(`SRIR cert`_).
|
||||
More information on the Corstone-1000 subsystem product and design can be
|
||||
found at:
|
||||
`Arm Corstone-1000 Software`_ and `Arm Corstone-1000 Technical Overview`_.
|
||||
|
||||
More information on the Corstone-1000 subsystems product and design can be
|
||||
found on `Arm Developer <arm-developer-cs1000-website_>`__.
|
||||
|
||||
This document explicitly focuses on the software part of the solution and
|
||||
This readme explicitly focuses on the software part of the solution and
|
||||
provides internal details on the software components. The reference
|
||||
software package of the platform can be retrieved following instructions
|
||||
present in the user guide document.
|
||||
present in the user-guide document.
|
||||
|
||||
***************
|
||||
Design Overview
|
||||
***************
|
||||
|
||||
The software architecture of Corstone-1000 platform is a reference
|
||||
implementation of `Platform Security Architecture <psa-certified-website_>`__ which provides
|
||||
implementation of Platform Security Architecture (`PSA`_) which provides
|
||||
framework to build secure IoT devices.
|
||||
|
||||
The base system architecture of the platform is created from three different types of subsystems:
|
||||
|
||||
- Secure Enclave
|
||||
- Host System
|
||||
- External System
|
||||
|
||||
Each subsystem provides different functionality to the overall system on a chip (SoC).
|
||||
The base system architecture of the platform is created from three
|
||||
different types of systems: Secure Enclave, Host and External System.
|
||||
Each subsystem provides different functionality to overall SoC.
|
||||
|
||||
|
||||
.. image:: images/CorstoneSubsystems.png
|
||||
:width: 720
|
||||
:alt: CorstoneSubsystems
|
||||
|
||||
Secure Enclave
|
||||
==============
|
||||
|
||||
The Secure Enclave boots first on system power on, it provides `PSA Root of Trust (RoT) <psa-certified-website_>`__ and
|
||||
cryptographic functions. It is based on a Cortex-M0+ processor, CC312 Cryptographic Accelerator and
|
||||
peripherals such as watchdog and secure flash.
|
||||
|
||||
.. image:: images/Corstone1000SecureFlashMPS3.png
|
||||
:width: 400
|
||||
:alt: Corstone1000SecureFlashMPS3
|
||||
|
||||
.. image:: images/Corstone1000SecureFlashFVP.png
|
||||
:width: 400
|
||||
:alt: Corstone1000SecureFlashFVP
|
||||
|
||||
Software running on the Secure Enclave is isolated via hardware for enhanced security.
|
||||
Communication with the Secure Enclave is achieved using `Message Handling Units (MHUs) <arm-developer-mhu-website_>`__
|
||||
and shared memory.
|
||||
|
||||
Its software components comprises:
|
||||
|
||||
- `Trusted Firmware-M (TF-M) BL1 <trusted-firmware-m-bl1-website_>`__
|
||||
- `MCUboot <mcuboot-website_>`__
|
||||
- `TrustedFirmware-M <trusted-firmware-m-website_>`__
|
||||
|
||||
The software design on the Secure Enclave follows `Arm Firmware Framework for M-Profile
|
||||
processor <arm-fmw-framework-m-profile-pdf_>`__ (FF-M) specification.
|
||||
|
||||
Host System
|
||||
===========
|
||||
The Secure Enclave System, provides PSA Root of Trust (RoT) and
|
||||
cryptographic functions. It is based on an Cortex-M0+ processor,
|
||||
CC312 Cryptographic Accelerator and peripherals, such as watchdog and
|
||||
secure flash. Software running on the Secure Enclave is isolated via
|
||||
hardware for enhanced security. Communication with the Secure Encalve
|
||||
is achieved using Message Handling Units (MHUs) and shared memory.
|
||||
On system power on, the Secure Enclave boots first. Its software
|
||||
comprises of a ROM code (TF-M BL1), MCUboot BL2, and
|
||||
TrustedFirmware-M(`TF-M`_) as runtime software. The software design on
|
||||
Secure Enclave follows Firmware Framework for M class
|
||||
processor (`FF-M`_) specification.
|
||||
|
||||
The Host System is based on ARM Cortex-A35 processor with standardized
|
||||
peripherals to allow booting a Linux-based operating system (OS). The Cortex-A35 has
|
||||
the `TrustZone <arm-trustzone-for-cortex-a-website_>`__ technology that allows Secure and Non-secure security
|
||||
states in the processor.
|
||||
peripherals to allow for the booting of a Linux OS. The Cortex-A35 has
|
||||
the TrustZone technology that allows secure and non-secure security
|
||||
states in the processor. The software design in the Host System follows
|
||||
Firmware Framework for A class processor (`FF-A`_) specification.
|
||||
The boot process follows Trusted Boot Base Requirement (`TBBR`_).
|
||||
The Host Subsystem is taken out of reset by the Secure Enclave system
|
||||
during its final stages of the initialization. The Host subsystem runs
|
||||
FF-A Secure Partitions(based on `Trusted Services`_) and OPTEE-OS
|
||||
(`OPTEE-OS`_) in the secure world, and U-Boot(`U-Boot repo`_) and
|
||||
linux (`linux repo`_) in the non-secure world. The communication between
|
||||
non-secure and the secure world is performed via FF-A messages.
|
||||
|
||||
The boot process follows `Trusted Boot Base Requirements Client <trusted-board-boot-requirements-client-pdf_>`__.
|
||||
The Host System is taken out of reset by the Secure Enclave system during its final stages of the
|
||||
initialization.
|
||||
An external system is intended to implement use-case specific functionality.
|
||||
The system is based on Cortex-M3 and run RTX RTOS. Communication between the
|
||||
external system and Host (Cortex-A35) can be performed using MHU as transport
|
||||
mechanism. The current software release supports switching on and off the
|
||||
external system. Support for OpenAMP-based communication is under
|
||||
development.
|
||||
|
||||
In the Secure world, the Host System runs:
|
||||
|
||||
- FF-A Secure Partitions (based on `Trusted Services <trusted-services-website_>`__)
|
||||
- `OP-TEE OS <op-tee-os-repository_>`__
|
||||
|
||||
In the Non-secure World, the Host System runs:
|
||||
|
||||
- `U-Boot <das-u-boot-repository_>`__
|
||||
- `Linux kernel <linux-repository_>`__
|
||||
|
||||
The software design in the Host System follows `Arm Firmware Framework for Arm A-profile
|
||||
<arm-fmw-framework-a-profile-pdf_>`__ (FF-A) specification.
|
||||
The communication between Non-secure and the Secure world is performed via FF-A messages.
|
||||
|
||||
External System
|
||||
===============
|
||||
|
||||
The External System is intended to implement use-case specific functionality.
|
||||
|
||||
The system is based on Cortex-M3 and runs `Keil RTX5 <keil-rtx5-website_>`__.
|
||||
|
||||
Communication between the external system and Host (Cortex-A35) can be performed using MHU as transport
|
||||
mechanism. The current software release supports switching the External System ON and OFF.
|
||||
|
||||
The Corstone-1000 architecture is designed to cover a range of
|
||||
`Power, Performance, and Area (PPA) <ppa-website_>`__ applications, and enable extension
|
||||
for use-case specific applications, for example, sensors, cloud connectivity, and edge computing.
|
||||
Overall, the Corstone-1000 architecture is designed to cover a range
|
||||
of Power, Performance, and Area (PPA) applications, and enable extension
|
||||
for use-case specific applications, for example, sensors, cloud
|
||||
connectivitiy, and edge computing.
|
||||
|
||||
*****************
|
||||
Secure Boot Chain
|
||||
*****************
|
||||
|
||||
For the security of a device, it is essential that only authorized
|
||||
software should run on the device.
|
||||
|
||||
The Corstone-1000 boot uses a `Secure boot <arm-developer-secureboot-website_>`__ chain process
|
||||
where an already authenticated image verifies and loads the following software in the chain.
|
||||
|
||||
For the boot chain process to work, the start of the chain should be trusted, forming the
|
||||
software should run on the device. The Corstone-1000 boot uses a
|
||||
Secure Boot Chain process where an already authenticated image verifies
|
||||
and loads the following software in the chain. For the boot chain
|
||||
process to work, the start of the chain should be trusted, forming the
|
||||
Root of Trust (RoT) of the device. The RoT of the device is immutable in
|
||||
nature and encoded into the device by the device manufacturer before it
|
||||
is deployed into the field.
|
||||
In Corstone-1000, the content of the ROM and CC312 One Time Programmable (OTP) memory forms the RoT.
|
||||
nature and encoded into the device by the device owner before it
|
||||
is deployed into the field. In Corstone-1000, the content of the ROM
|
||||
and CC312 OTP (One Time Programmable) memory forms the RoT.
|
||||
|
||||
Verification of an image can happen either by comparing the computed and stored hashes, or by
|
||||
checking the signature of the image if the image is signed.
|
||||
Verification of an image can happen either by comparing the computed and
|
||||
stored hashes, or by checking the signature of the image if the image
|
||||
is signed.
|
||||
|
||||
.. image:: images/SecureBootChain.png
|
||||
:width: 870
|
||||
:alt: SecureBootChain
|
||||
|
||||
It is a lengthy chain to boot the software on Corstone-1000.
|
||||
It is a lengthy chain to boot the software on Corstone-1000. On power on,
|
||||
the Secure Enclave starts executing BL1_1 code from the ROM which is the RoT
|
||||
of the device. The BL1_1 is the immutable bootloader of the system, it handles
|
||||
the provisioning on the first boot, hardware initialization and verification
|
||||
of the next stage.
|
||||
|
||||
TF-M BL1_1
|
||||
==========
|
||||
The BL1_2 code, hashes and keys are written into the OTP during the provisioning.
|
||||
The next bootstage is the BL1_2 which is copied from the OTP into the RAM. The
|
||||
BL1_1 also compares the BL1_2 hash with the hash saved to the OTP. The BL1_2
|
||||
verifies and transfers control to the next bootstage which is the BL2. During the
|
||||
verification, the BL1_2 compares the BL2 image's computed hash with the BL2 hash in
|
||||
the OTP. The BL2 is MCUBoot in the system. BL2 can provision additional keys on the
|
||||
first boot and it authenticates the initial bootloader of the host (Host TF-A BL2)
|
||||
and TF-M by checking the signatures of the images.
|
||||
The MCUBoot handles the image verification the following way:
|
||||
|
||||
On power-up, the Secure Enclave begins execution from TF-M BL1_1, which resides in ROM and serves as
|
||||
the Root of Trust (RoT) for the device.
|
||||
|
||||
TF-M BL1_1 is the immutable bootloader and is responsible for:
|
||||
|
||||
- Provisioning the device during the first boot
|
||||
- Performing hardware initialization
|
||||
- Verifying the integrity and authenticity of the next stage in the boot chain
|
||||
|
||||
At boot time, TF-M BL1_1:
|
||||
|
||||
- Copies the TF-M BL1_2 image from OTP to RAM.
|
||||
- Verifies the integrity of BL1_2 by comparing its computed hash with the hash stored in OTP.
|
||||
|
||||
TF-M BL1_2
|
||||
==========
|
||||
|
||||
During provisioning, the TF-M BL1_2 binary, along with its hashes and cryptographic keys, is stored
|
||||
in One-Time Programmable (OTP) memory.
|
||||
|
||||
Once verified, TF-M BL1_2:
|
||||
|
||||
- Takes control and verifies the next stage in the boot chain, which is TF-M BL2.
|
||||
- Computes the hash of the BL2 image and compares it with the BL2 hash stored in OTP to ensure
|
||||
integrity before transferring execution to BL2.
|
||||
|
||||
.. note::
|
||||
|
||||
The TF-M BL1 design details can be found in the `TF-M design documents <trusted-firmware-m-bl1-website_>`_.
|
||||
|
||||
.. important::
|
||||
|
||||
Corstone-1000 has some differences compared to this design due to memory (OTP/ROM)
|
||||
limitations:
|
||||
|
||||
- BL1_1 code size is larger than needed because it handles most of the hardware initialization instead of the BL1_2.
|
||||
- BL1_2 cannot be updated during provisioning time because the provisioning bundle that contains its code is located in the ROM.
|
||||
- BL1_2 does not use the post-quantum LMS verification.
|
||||
- BL2 cannot be updated because it is verified by comparing the computed hash to the hash stored in the OTP.
|
||||
|
||||
TF-M BL2
|
||||
========
|
||||
|
||||
In this system, TF-M BL2 refers to MCUBoot.
|
||||
|
||||
On the first boot, MCUBoot can provision additional cryptographic keys. It is responsible for authenticating both:
|
||||
|
||||
- TF-M (Trusted Firmware-M), and
|
||||
- The initial bootloader of the Host system, `Trusted Firmware-A (TF-A) BL2 <trusted-firmware-a-bl2-website_>`__
|
||||
|
||||
This authentication is done by verifying the digital signatures of the respective images.
|
||||
|
||||
MCUBoot performs image verification in the following steps:
|
||||
|
||||
#. Load the image from non-volatile memory into RAM.
|
||||
#. Validate the image's signature using the corresponding public key.
|
||||
|
||||
.. note::
|
||||
|
||||
The public key present in the image header is validated by comparing with the hash.
|
||||
Depending on the image, the hash of the public key is either stored in the OTP or part
|
||||
of the software which is being already verified in the previous stages.
|
||||
- Load image from a non-volatile memory to dynamic RAM.
|
||||
- The public key present in the image header is validated by comparing with the hash.
|
||||
Depending on the image, the hash of the public key is either stored in the OTP or part
|
||||
of the software which is being already verified in the previous stages.
|
||||
- The image is validated using the public key.
|
||||
|
||||
|
||||
The execution control is passed to TF-M after the verification.
|
||||
As the runtime executable of the Secure Enclave, TF-M initializes itself before
|
||||
bringing the Host system out of reset.
|
||||
The execution control is passed to TF-M after the verification. TF-M being
|
||||
the runtime executable of the Secure Enclave which initializes itself and, at the end,
|
||||
brings the host CPU out of rest.
|
||||
|
||||
The TF-M BL1 design details and reasoning can be found in the `TF-M design documents
|
||||
<https://tf-m-user-guide.trustedfirmware.org/design_docs/booting/bl1.html>`_.
|
||||
|
||||
The Corstone-1000 has some differences compared to this design due to memory (OTP/ROM)
|
||||
limitations:
|
||||
|
||||
Host System Authentication
|
||||
==========================
|
||||
- The provisioning bundle that contains the BL1_2 code is located in the ROM.
|
||||
This means the BL1_2 cannot be updated during provisioning time.
|
||||
- The BL1_1 handles most of the hardware initialization instead of the BL1_2. This
|
||||
results in a bigger BL1_1 code size than needed.
|
||||
- The BL1_2 does not use the post-quantum LMS verification. The BL2 is verified by
|
||||
comparing the computed hash to the hash which is stored in the OTP. This means the
|
||||
BL2 is not updatable.
|
||||
|
||||
The Host system follows the boot standard defined in the `Trusted Board Boot Requirements Client <trusted-board-boot-requirements-client-pdf_>`__
|
||||
to authenticate the Secure and Non-secure software.
|
||||
|
||||
The `Firmware Image Package (FIP) <trusted-firmware-a-fip-guide_>`__ packs bootloader images and
|
||||
other payloads into a single archive.
|
||||
|
||||
.. image:: images/FIPDiagram.png
|
||||
:alt: FIPDiagram
|
||||
|
||||
The FIP for Corstone-1000 contains:
|
||||
|
||||
- Trusted firmware-A BL2
|
||||
- AP EL3 Runtime firmware, BL31 image
|
||||
- AP Secure Payload, BL32 image
|
||||
- AP Normal world firmware -U-boot, BL33 image
|
||||
- Trusted OS Firmware configuration file used by Trusted OS (BL32), TOS_FW_CONFIG
|
||||
- Key certificates
|
||||
- Content certificates
|
||||
|
||||
|
||||
To load and validate TF-A BL2, TF-M BL2 first parses the GUID Partition Table (GPT)
|
||||
to locate the FIP. It then determines the offset of TF-A BL2 within the FIP.
|
||||
|
||||
.. note::
|
||||
|
||||
TF-M does not check the FIP signature, it only checks the TF-A BL2's signature in the FIP.
|
||||
|
||||
|
||||
.. important::
|
||||
|
||||
The implicitly trusted components are:
|
||||
|
||||
- A SHA-256 hash of the Root of Trust Public Key (ROTPK) -
|
||||
For development purposes, a development ROTPK is used and its hash embedded into the TF-A BL2 image.
|
||||
This public key is provided by the TF-A source code.
|
||||
- TF-A BL2 image - it can be trusted because it has been verified by TF-M BL2 before starting TF-A.
|
||||
|
||||
|
||||
The remaining components in the Chain of Trust (CoT) are either certificates or bootloader images.
|
||||
|
||||
Bootloader Authentication
|
||||
-------------------------
|
||||
|
||||
The FIP contains two types of certificates:
|
||||
|
||||
- **Content Certificates** - used to store the hash of a bootloader image.
|
||||
- **Key Certificates** - used to verify public keys used to sign Content Certificates.
|
||||
|
||||
The Host system bootloader images are authenticated by computing their hash and comparing it to the corresponding hash found in the Content Certificate.
|
||||
|
||||
Certificates Verification
|
||||
-------------------------
|
||||
|
||||
The public keys defined in the Trusted Key Certificate are used to verify the later certificates in
|
||||
the CoT process. The Trusted Key Certificate is verified with the Root of Trust Public Key.
|
||||
|
||||
|
||||
UEFI Authenticated Variables
|
||||
----------------------------
|
||||
The host follows the boot standard defined in the `TBBR`_ to authenticate the
|
||||
secure and non-secure software.
|
||||
|
||||
For UEFI Secure Boot, authenticated variables can be accessed from the secure flash.
|
||||
The feature has been integrated in U-Boot, which authenticates the images as per the UEFI
|
||||
@@ -285,74 +156,82 @@ specification before executing them.
|
||||
Secure Services
|
||||
***************
|
||||
|
||||
Corstone-1000 is unique in offering a secure environment for running trusted workloads.
|
||||
While the Host system includes TrustZone technology, the platform also features a hardware-isolated
|
||||
Secure Enclave, specifically designed to execute these secure workloads.
|
||||
|
||||
In Corstone-1000, essential Secure Services—such as Cryptography, Protected Storage,
|
||||
Internal Trusted Storage, and Attestation—are provided through PSA Functional APIs implemented in TF-M.
|
||||
|
||||
From the user's perspective, there is no difference when communicating with these services,
|
||||
whether they run in the Secure Enclave or in the Secure world of the Host system.
|
||||
The diagram below illustrates the data flow for such calls.
|
||||
Corstone-1000 is unique in providing a secure environment to run a secure
|
||||
workload. The platform has TrustZone technology in the Host subsystem but
|
||||
it also has hardware isolated Secure Enclave environment to run such secure
|
||||
workloads. In Corstone-1000, known Secure Services such as Crypto, Protected
|
||||
Storage, Internal Trusted Storage and Attestation are available via PSA
|
||||
Functional APIs in TF-M. There is no difference for a user communicating to
|
||||
these services which are running on a Secure Enclave instead of the
|
||||
secure world of the host subsystem. The below diagram presents the data
|
||||
flow path for such calls.
|
||||
|
||||
|
||||
.. image:: images/SecureServices.png
|
||||
:width: 930
|
||||
:alt: SecureServices
|
||||
|
||||
The Secure Enclave Proxy Secure Partition (SE Proxy SP) is a proxy managed by OP-TEE that forwards
|
||||
Secure Service calls to the Secure Enclave. This communication uses the `RSE communication protocol <https://tf-m-user-guide.trustedfirmware.org/platform/arm/rse/rse_comms.html>`_.
|
||||
While the protocol supports shared memory and MHU interrupts as a doorbell mechanism between cores,
|
||||
in Corstone-1000, the entire message is currently transmitted through the MHU channels.
|
||||
Corstone-1000 implements Isolation Level 2 using the Cortex-M0+ Memory Protection Unit (MPU).
|
||||
|
||||
Users can define their own secure services to run either in the Host system's Secure World or in
|
||||
the Secure Enclave. This choice involves a trade-off between latency and security.
|
||||
Services running in the Secure Enclave benefit from strong, hardware-enforced isolation,
|
||||
offering higher security but at the cost of increased latency. In contrast, services running in the
|
||||
Host Secure World experience lower latency, but rely on TrustZone technology for virtualized isolation,
|
||||
which offers comparatively less robust security.
|
||||
The SE Proxy SP (Secure Enclave Proxy Secure Partition) is a proxy partition
|
||||
managed by OPTEE which forwards such calls to the Secure Enclave. The
|
||||
solution relies on the `RSE communication protocol
|
||||
<https://tf-m-user-guide.trustedfirmware.org/platform/arm/rse/rse_comms.html>`_
|
||||
which is a lightweight serialization of the psa_call() API. It can use shared
|
||||
memory and MHU interrupts as a doorbell for communication between two cores
|
||||
but currently the whole message is forwarded through the MHU channels in Corstone-1000.
|
||||
Corstone-1000 implements isolation level 2. Cortex-M0+ MPU (Memory Protection
|
||||
Unit) is used to implement isolation level 2.
|
||||
|
||||
For a user to define its own secure service, both the options of the host
|
||||
secure world or secure encalve are available. It's a trade-off between
|
||||
lower latency vs higher security. Services running on a Secure Enclave are
|
||||
secure by real hardware isolation but have a higher latency path. In the
|
||||
second scenario, the services running on the secure world of the host
|
||||
subsystem have lower latency but virtual hardware isolation created by
|
||||
TrustZone technology.
|
||||
|
||||
|
||||
**********************
|
||||
Secure Firmware Update
|
||||
**********************
|
||||
|
||||
Apart from always booting the authorized images, it is also essential that
|
||||
the device only accepts the authorized (signed) images in the firmware update
|
||||
process. Corstone-1000 supports OTA (Over the Air) firmware updates and
|
||||
follows Platform Security Firmware Update specification (`FWU`_).
|
||||
|
||||
In addition to always booting authorized images, it is equally important that the device only accepts
|
||||
authorized (signed) images during the firmware update process. Corstone-1000 supports over-the-air (OTA)
|
||||
firmware updates and complies with the `Platform Security Firmware Update for the A-profile Arm Architecture <platform-security-fwu-for-a-profile-pdf_>`__
|
||||
specification.
|
||||
|
||||
As defined in the specification, the external flash is divided into two banks: one bank holds the
|
||||
currently running images, while the other is used to stage new images.
|
||||
|
||||
There are four updatable components: **BL2**, **TF-M**, **the FIP** and **the Kernel Image** (the initramfs bundle).
|
||||
New images are delivered and accepted in the form of UEFI capsules.
|
||||
As standardized into `FWU`_, the external flash is divided into two
|
||||
banks of which one bank has currently running images and the other bank is
|
||||
used for staging new images. There are four updatable units, i.e. Secure
|
||||
Enclave's BL2 and TF-M, and Host's FIP (Firmware Image Package) and Kernel
|
||||
Image (the initramfs bundle). The new images are accepted in the form of a UEFI capsule.
|
||||
|
||||
|
||||
.. image:: images/ExternalFlash.png
|
||||
:width: 690
|
||||
:alt: ExternalFlash
|
||||
|
||||
When a firmware update is triggered, U-Boot begins by verifying the UEFI capsule by checking its signature,
|
||||
version number, and size. After successful verification, it signals the Secure Enclave, which then
|
||||
starts writing the capsule contents to flash memory.
|
||||
When Firmware update is triggered, U-Boot verifies the capsule by checking the
|
||||
capsule signature, version number and size. Then it signals the Secure Enclave
|
||||
that can start writing UEFI capsule into the flash.
|
||||
|
||||
Once the write operation is complete, the Secure Enclave resets the entire system. The update process
|
||||
is tracked using a state machine stored in the Metadata Block within flash. TF-M runs an OTA service
|
||||
that is responsible for verifying and updating the images in the passive flash bank. Communication
|
||||
between the UEFI capsule update subsystem and the OTA service follows the same data path described
|
||||
earlier. After verifying the capsule, the OTA service writes the new images to the passive bank,
|
||||
updates the system state to 'trial,' and initiates a reset.
|
||||
Once this operation finishes, Secure Enclave resets the entire system.
|
||||
The Metadata Block in the flash has the below firmware update state machine.
|
||||
TF-M runs an OTA service that is responsible for accepting and updating the
|
||||
images in the flash. The communication between the UEFI Capsule update
|
||||
subsystem and the OTA service follows the same data path explained above.
|
||||
The OTA service writes the new images to the passive bank after successful
|
||||
capsule verification. It changes the state of the system to trial state and
|
||||
triggers the reset.
|
||||
|
||||
During boot, the bootloaders in both the Secure Enclave and the Host system read the Metadata Block to
|
||||
determine which bank to boot from. If the trial boot succeeds, the Host system sends an acknowledgment
|
||||
that transitions the system state from 'trial' to 'regular.' If the system fails during the trial phase
|
||||
or hangs, a watchdog timer triggers a reset. The Secure Enclave’s BL1 contains logic to detect multiple
|
||||
resets and can revert to the previously known-good bank. This fallback mechanism is essential to ensure
|
||||
the device remains available and functional.
|
||||
Boot loaders in Secure Enclave and Host read the Metadata
|
||||
block to get the information on the boot bank. In the successful trial stage,
|
||||
the acknowledgment from the host moves the state of the system from trial to
|
||||
regular. Any failure in the trial stage or system hangs leads to a system
|
||||
reset. This is made sure by the use of watchdog hardware. The Secure Enclave's
|
||||
BL1 has the logic to identify multiple resets and eventually switch back to the
|
||||
previous good bank. The ability to revert to the previous bank is crucial to
|
||||
guarantee the availability of the device.
|
||||
|
||||
|
||||
.. image:: images/SecureFirmwareUpdate.png
|
||||
@@ -365,15 +244,13 @@ the device remains available and functional.
|
||||
UEFI Runtime Support in U-Boot
|
||||
******************************
|
||||
|
||||
The implementation of UEFI boot-time and runtime APIs requires persistent variable storage. In
|
||||
Corstone-1000, UEFI variables are stored using the Protected Storage (PS) service.
|
||||
|
||||
The diagram below illustrates the data flow for storing UEFI variables. U-Boot’s UEFI subsystem
|
||||
communicates with the Secure World using the U-Boot FF-A driver, which interfaces with the `UEFI System Management Mode (SMM) service <trusted-services-uefi-smm-website_>`__.
|
||||
|
||||
The SMM service provides support for the UEFI System Management Mode. This support is implemented by the SMM Gateway secure partition.
|
||||
The SMM service then uses the Proxy Protected Storage (PS) provided by the SE Proxy SP.
|
||||
These PS calls are forwarded to the Secure Enclave, following the communication path described earlier.
|
||||
Implementation of UEFI boottime and runtime APIs require variable storage.
|
||||
In Corstone-1000, these UEFI variables are stored in the Protected Storage
|
||||
service. The below diagram presents the data flow to store UEFI variables.
|
||||
The U-Boot implementation of the UEFI subsystem uses the U-Boot FF-A driver to
|
||||
communicate with the SMM Service in the secure world. The backend of the
|
||||
SMM service uses the proxy PS from the SE Proxy SP. From there on, the PS
|
||||
calls are forwarded to the Secure Enclave as explained above.
|
||||
|
||||
|
||||
.. image:: images/UEFISupport.png
|
||||
@@ -381,38 +258,30 @@ These PS calls are forwarded to the Secure Enclave, following the communication
|
||||
:alt: UEFISupport
|
||||
|
||||
|
||||
**********
|
||||
***************
|
||||
References
|
||||
**********
|
||||
* `Arm Developer <arm-developer-cs1000-search_>`__
|
||||
* `Arm Security Architectures <arm-architecture-security-features-platform-security_>`_
|
||||
***************
|
||||
`ARM Corstone-1000 Search`_
|
||||
|
||||
`Arm security features`_
|
||||
|
||||
--------------
|
||||
|
||||
*Copyright (c) 2022-2025, Arm Limited. All rights reserved.*
|
||||
*Copyright (c) 2022-2024, Arm Limited. All rights reserved.*
|
||||
|
||||
.. _arm-developer-cs1000-website: https://developer.arm.com/Tools%20and%20Software/Corstone-1000%20Software
|
||||
.. _arm-developer-cs1000-search: https://developer.arm.com/search#q=corstone-1000
|
||||
.. _arm-developer-mhu-website: https://developer.arm.com/documentation/ka005129/latest/#:~:text=An%20MHU%20is%20a%20device,that%20a%20message%20is%20available
|
||||
.. _arm-developer-secureboot-website: https://developer.arm.com/documentation/PRD29-GENC-009492/c/TrustZone-Software-Architecture/Booting-a-secure-system/Secure-boot
|
||||
.. _arm-architecture-security-features-platform-security: https://www.arm.com/architecture/security-features/platform-security
|
||||
.. _linux-repository: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/
|
||||
.. _arm-trustzone-for-cortex-a-website: https://www.arm.com/technologies/trustzone-for-cortex-a
|
||||
.. _arm-fmw-framework-a-profile-pdf: https://developer.arm.com/documentation/den0077/latest
|
||||
.. _arm-fmw-framework-m-profile-pdf: https://developer.arm.com/architectures/Firmware%20Framework%20for%20M-Profile
|
||||
.. _platform-security-fwu-for-a-profile-pdf: https://developer.arm.com/documentation/den0118/a/
|
||||
.. _op-tee-os-repository: https://github.com/OP-TEE/optee_os
|
||||
.. _psa-certified-website: https://www.psacertified.org/
|
||||
.. _psa_l2-ready: https://www.psacertified.org/products/corstone-1000/
|
||||
.. _systemready-ir-certification: https://armkeil.blob.core.windows.net/developer/Files/pdf/certificate-list/arm-systemready-ve-arm-neoverse.pdf
|
||||
.. _trusted-board-boot-requirements-client-pdf: https://developer.arm.com/documentation/den0006/latest
|
||||
.. _trusted-firmware-m-website: https://www.trustedfirmware.org/projects/tf-m/
|
||||
.. _trusted-firmware-m-bl1-website: https://trustedfirmware-m.readthedocs.io/en/latest/design_docs/booting/bl1.html
|
||||
.. _trusted-firmware-a-bl2-website: https://developer.arm.com/documentation/108028/0000/RD-TC22-software/Software-components/AP-firmware/Trusted-firmware-A-BL2
|
||||
.. _trusted-firmware-a-fip-guide: https://trustedfirmware-a.readthedocs.io/en/latest/design/firmware-design.html#firmware-image-package-fip
|
||||
.. _trusted-services-website: https://www.trustedfirmware.org/projects/trusted-services/
|
||||
.. _trusted-services-uefi-smm-website: https://trusted-services.readthedocs.io/en/integration/services/uefi-smm-services.html#
|
||||
.. _das-u-boot-repository: https://github.com/u-boot/u-boot.git
|
||||
.. _keil-rtx5-website: https://developer.arm.com/Tools%20and%20Software/Keil%20MDK/RTX5%20RTOS
|
||||
.. _ppa-website: https://developer.arm.com/documentation/102738/0100/Power--performance--and-area-analysis
|
||||
.. _mcuboot-website: https://docs.mcuboot.com/
|
||||
.. _Arm Corstone-1000 Technical Overview: https://developer.arm.com/documentation/102360/0000
|
||||
.. _Arm Corstone-1000 Software: https://developer.arm.com/Tools%20and%20Software/Corstone-1000%20Software
|
||||
.. _Arm Corstone-1000 Search: https://developer.arm.com/search#q=corstone-1000
|
||||
.. _Arm security features: https://www.arm.com/architecture/security-features/platform-security
|
||||
.. _linux repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/
|
||||
.. _FF-A: https://developer.arm.com/documentation/den0077/latest
|
||||
.. _FF-M: https://developer.arm.com/architectures/Firmware%20Framework%20for%20M-Profile
|
||||
.. _FWU: https://developer.arm.com/documentation/den0118/a/
|
||||
.. _OPTEE-OS: https://github.com/OP-TEE/optee_os
|
||||
.. _PSA: https://www.psacertified.org/
|
||||
.. _PSA L2 Ready: https://www.psacertified.org/products/corstone-1000/
|
||||
.. _SRIR cert: https://armkeil.blob.core.windows.net/developer/Files/pdf/certificate-list/arm-systemready-ir-certification-arm-corstone-1000.pdf
|
||||
.. _TBBR: https://developer.arm.com/documentation/den0006/latest
|
||||
.. _TF-M: https://www.trustedfirmware.org/projects/tf-m/
|
||||
.. _Trusted Services: https://www.trustedfirmware.org/projects/trusted-services/
|
||||
.. _U-Boot repo: https://github.com/u-boot/u-boot.git
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
..
|
||||
# Copyright (c) 2022-2025, Arm Limited.
|
||||
# Copyright (c) 2022-2024, Arm Limited.
|
||||
#
|
||||
# SPDX-License-Identifier: MIT
|
||||
|
||||
@@ -50,32 +50,25 @@ The Corstone-1000 software stack can be run on:
|
||||
Yocto Stable Branch
|
||||
-------------------
|
||||
|
||||
Corstone-1000 software stack is built on top of Yocto Project's `Walnascar release <meta-arm-repository-release-branch_>`__.
|
||||
Corstone-1000 software stack is built on top of Yocto styhead release.
|
||||
|
||||
Software Components
|
||||
-------------------
|
||||
Within the Yocto Project, each component included in the Corstone-1000 software stack is specified as
|
||||
a `BitBake recipe <https://docs.yoctoproject.org/bitbake/2.2/bitbake-user-manual/bitbake-user-manual-intro.html#recipes>`__.
|
||||
The recipes specific to the Corstone-1000 BSP are located at:
|
||||
``${WORKSPACE}/meta-arm/meta-arm-bsp/``.
|
||||
``$WORKSPACE/meta-arm/meta-arm-bsp/``.
|
||||
|
||||
.. important::
|
||||
|
||||
``${WORKSPACE}`` refers to the absolute path to your workspace where the `meta-arm` repository will be cloned.
|
||||
``$WORKSPACE`` refers to the absolute path to your workspace where the `meta-arm` repository will be cloned.
|
||||
|
||||
Consider exporting it (e.g., ``export WORKSPACE=$(realpath .)``) if you're already in the workspace directory,
|
||||
so you can copy and paste the commands from this guide verbatim.
|
||||
|
||||
.. important::
|
||||
|
||||
``${TARGET}`` is either ``mps3`` or ``fvp``.
|
||||
|
||||
Consider exporting it (e.g., ``export TARGET=mps3``) so you can copy and paste the commands from this guide verbatim.
|
||||
``$TARGET`` is either ``mps3`` or ``fvp``.
|
||||
|
||||
The Yocto machine config files for the Corstone-1000 FVP and MPS3 targets are:
|
||||
|
||||
- ``${WORKSPACE}/meta-arm/meta-arm-bsp/conf/machine/include/corstone1000.inc``
|
||||
- ``${WORKSPACE}/meta-arm/meta-arm-bsp/conf/machine/corstone1000-${TARGET}.conf``
|
||||
- ``$WORKSPACE/meta-arm/meta-arm-bsp/conf/machine/include/corstone1000.inc``
|
||||
- ``$WORKSPACE/meta-arm/meta-arm-bsp/conf/machine/corstone1000-$TARGET.conf``
|
||||
|
||||
.. note::
|
||||
|
||||
@@ -88,64 +81,64 @@ Host Processor Components
|
||||
`Trusted Firmware-A <https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git>`__
|
||||
====================================================================================
|
||||
|
||||
+----------+-------------------------------------------------------------------------------------------------------+
|
||||
| bbappend | ``${WORKSPACE}/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend`` |
|
||||
+----------+-------------------------------------------------------------------------------------------------------+
|
||||
| Recipe | ``${WORKSPACE}/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.11.0.bb`` |
|
||||
+----------+-------------------------------------------------------------------------------------------------------+
|
||||
+----------+-----------------------------------------------------------------------------------------------------+
|
||||
| bbappend | ``$WORKSPACE/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend`` |
|
||||
+----------+-----------------------------------------------------------------------------------------------------+
|
||||
| Recipe | ``$WORKSPACE/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.11.0.bb`` |
|
||||
+----------+-----------------------------------------------------------------------------------------------------+
|
||||
|
||||
`Trusted Services <https://trusted-services.readthedocs.io/en/latest/index.html>`__
|
||||
====================================================================================
|
||||
|
||||
+----------+-------------------------------------------------------------------------------------------------------------+
|
||||
| bbappend | ``${WORKSPACE}/meta-arm/meta-arm-bsp/recipes-security/trusted-services/libts_%.bbappend`` |
|
||||
+----------+-------------------------------------------------------------------------------------------------------------+
|
||||
| bbappend | ``${WORKSPACE}/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-crypto-api-test_%.bbappend`` |
|
||||
+----------+-------------------------------------------------------------------------------------------------------------+
|
||||
| bbappend | ``${WORKSPACE}/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-iat-api-test_%.bbappend`` |
|
||||
+----------+-------------------------------------------------------------------------------------------------------------+
|
||||
| bbappend | ``${WORKSPACE}/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-its-api-test_%.bbappend`` |
|
||||
+----------+-------------------------------------------------------------------------------------------------------------+
|
||||
| bbappend | ``${WORKSPACE}/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-ps-api-test_%.bbappend`` |
|
||||
+----------+-------------------------------------------------------------------------------------------------------------+
|
||||
| bbappend | ``${WORKSPACE}/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-se-proxy_%.bbappend`` |
|
||||
+----------+-------------------------------------------------------------------------------------------------------------+
|
||||
| bbappend | ``${WORKSPACE}/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-smm-gateway_%.bbappend`` |
|
||||
+----------+-------------------------------------------------------------------------------------------------------------+
|
||||
| Recipe | ``${WORKSPACE}/meta-arm/meta-arm/recipes-security/trusted-services/libts_git.bb`` |
|
||||
+----------+-------------------------------------------------------------------------------------------------------------+
|
||||
| Recipe | ``${WORKSPACE}/meta-arm/meta-arm/recipes-security/trusted-services/ts-psa-crypto-api-test_git.bb`` |
|
||||
+----------+-------------------------------------------------------------------------------------------------------------+
|
||||
| Recipe | ``${WORKSPACE}/meta-arm/meta-arm/recipes-security/trusted-services/ts-psa-iat-api-test_git.bb`` |
|
||||
+----------+-------------------------------------------------------------------------------------------------------------+
|
||||
| Recipe | ``${WORKSPACE}/meta-arm/meta-arm/recipes-security/trusted-services/ts-psa-its-api-test_git.bb`` |
|
||||
+----------+-------------------------------------------------------------------------------------------------------------+
|
||||
| Recipe | ``${WORKSPACE}/meta-arm/meta-arm/recipes-security/trusted-services/ts-psa-ps-api-test_git.bb`` |
|
||||
+----------+-------------------------------------------------------------------------------------------------------------+
|
||||
| Recipe | ``${WORKSPACE}/meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-smm-gateway_git.bb`` |
|
||||
+----------+-------------------------------------------------------------------------------------------------------------+
|
||||
| Recipe | ``${WORKSPACE}/meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-se-proxy_git.bb`` |
|
||||
+----------+-------------------------------------------------------------------------------------------------------------+
|
||||
+----------+-----------------------------------------------------------------------------------------------------------+
|
||||
| bbappend | ``$WORKSPACE/meta-arm/meta-arm-bsp/recipes-security/trusted-services/libts_%.bbappend`` |
|
||||
+----------+-----------------------------------------------------------------------------------------------------------+
|
||||
| bbappend | ``$WORKSPACE/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-crypto-api-test_%.bbappend`` |
|
||||
+----------+-----------------------------------------------------------------------------------------------------------+
|
||||
| bbappend | ``$WORKSPACE/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-iat-api-test_%.bbappend`` |
|
||||
+----------+-----------------------------------------------------------------------------------------------------------+
|
||||
| bbappend | ``$WORKSPACE/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-its-api-test_%.bbappend`` |
|
||||
+----------+-----------------------------------------------------------------------------------------------------------+
|
||||
| bbappend | ``$WORKSPACE/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-ps-api-test_%.bbappend`` |
|
||||
+----------+-----------------------------------------------------------------------------------------------------------+
|
||||
| bbappend | ``$WORKSPACE/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-se-proxy_%.bbappend`` |
|
||||
+----------+-----------------------------------------------------------------------------------------------------------+
|
||||
| bbappend | ``$WORKSPACE/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-smm-gateway_%.bbappend`` |
|
||||
+----------+-----------------------------------------------------------------------------------------------------------+
|
||||
| Recipe | ``$WORKSPACE/meta-arm/meta-arm/recipes-security/trusted-services/libts_git.bb`` |
|
||||
+----------+-----------------------------------------------------------------------------------------------------------+
|
||||
| Recipe | ``$WORKSPACE/meta-arm/meta-arm/recipes-security/trusted-services/ts-psa-crypto-api-test_git.bb`` |
|
||||
+----------+-----------------------------------------------------------------------------------------------------------+
|
||||
| Recipe | ``$WORKSPACE/meta-arm/meta-arm/recipes-security/trusted-services/ts-psa-iat-api-test_git.bb`` |
|
||||
+----------+-----------------------------------------------------------------------------------------------------------+
|
||||
| Recipe | ``$WORKSPACE/meta-arm/meta-arm/recipes-security/trusted-services/ts-psa-its-api-test_git.bb`` |
|
||||
+----------+-----------------------------------------------------------------------------------------------------------+
|
||||
| Recipe | ``$WORKSPACE/meta-arm/meta-arm/recipes-security/trusted-services/ts-psa-ps-api-test_git.bb`` |
|
||||
+----------+-----------------------------------------------------------------------------------------------------------+
|
||||
| Recipe | ``$WORKSPACE/meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-smm-gateway.bb`` |
|
||||
+----------+-----------------------------------------------------------------------------------------------------------+
|
||||
| Recipe | ``$WORKSPACE/meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-se-proxy.bb`` |
|
||||
+----------+-----------------------------------------------------------------------------------------------------------+
|
||||
|
||||
`OP-TEE <https://git.trustedfirmware.org/OP-TEE/optee_os.git>`__
|
||||
================================================================
|
||||
|
||||
+----------+------------------------------------------------------------------------------------------+
|
||||
| bbappend | ``${WORKSPACE}/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_4.%.bbappend`` |
|
||||
+----------+------------------------------------------------------------------------------------------+
|
||||
| Recipe | ``${WORKSPACE}/meta-arm/meta-arm/recipes-security/optee/optee-os_4.4.0.bb`` |
|
||||
+----------+------------------------------------------------------------------------------------------+
|
||||
+----------+----------------------------------------------------------------------------------------+
|
||||
| bbappend | ``$WORKSPACE/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_4.%.bbappend`` |
|
||||
+----------+----------------------------------------------------------------------------------------+
|
||||
| Recipe | ``$WORKSPACE/meta-arm/meta-arm/recipes-security/optee/optee-os_4.2.0.bb`` |
|
||||
+----------+----------------------------------------------------------------------------------------+
|
||||
|
||||
`U-Boot <https://github.com/u-boot/u-boot.git>`__
|
||||
=================================================
|
||||
|
||||
+----------+----------------------------------------------------------------------------------+
|
||||
| bbappend | ``${WORKSPACE}/meta-arm/meta-arm/recipes-bsp/u-boot/u-boot_%.bbappend`` |
|
||||
+----------+----------------------------------------------------------------------------------+
|
||||
| bbappend | ``${WORKSPACE}/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot_%.bbappend`` |
|
||||
+----------+----------------------------------------------------------------------------------+
|
||||
| Recipe | ``${WORKSPACE}/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot_2023.07.02.bb`` |
|
||||
+----------+----------------------------------------------------------------------------------+
|
||||
+----------+--------------------------------------------------------------------------------+
|
||||
| bbappend | ``$WORKSPACE/meta-arm/meta-arm/recipes-bsp/u-boot/u-boot_%.bbappend`` |
|
||||
+----------+--------------------------------------------------------------------------------+
|
||||
| bbappend | ``$WORKSPACE/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot_%.bbappend`` |
|
||||
+----------+--------------------------------------------------------------------------------+
|
||||
| Recipe | ``$WORKSPACE/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot_2023.07.02.bb`` |
|
||||
+----------+--------------------------------------------------------------------------------+
|
||||
|
||||
Linux
|
||||
=====
|
||||
@@ -154,13 +147,13 @@ distribution which is a Linux distribution stripped down to a minimal configurat
|
||||
|
||||
The provided distribution is based on `BusyBox <https://www.busybox.net/>`__ and built using `musl libc <https://musl.libc.org/>`__.
|
||||
|
||||
+-----------+------------------------------------------------------------------------------------------------+
|
||||
| bbappend | ``${WORKSPACE}/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto_%.bbappend`` |
|
||||
+-----------+------------------------------------------------------------------------------------------------+
|
||||
| Recipe | ``${WORKSPACE}/poky/meta/recipes-kernel/linux/linux-yocto_6.12.bb`` |
|
||||
+-----------+------------------------------------------------------------------------------------------------+
|
||||
| defconfig | ``${WORKSPACE}/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/corstone1000/defconfig`` |
|
||||
+-----------+------------------------------------------------------------------------------------------------+
|
||||
+-----------+----------------------------------------------------------------------------------------------+
|
||||
| bbappend | ``$WORKSPACE/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto_%.bbappend`` |
|
||||
+-----------+----------------------------------------------------------------------------------------------+
|
||||
| Recipe | ``$WORKSPACE/poky/meta/recipes-kernel/linux/linux-yocto_6.10.bb`` |
|
||||
+-----------+----------------------------------------------------------------------------------------------+
|
||||
| defconfig | ``$WORKSPACE/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/corstone1000/defconfig`` |
|
||||
+-----------+----------------------------------------------------------------------------------------------+
|
||||
|
||||
*************************
|
||||
Secure Enclave Components
|
||||
@@ -169,11 +162,11 @@ Secure Enclave Components
|
||||
`Trusted Firmware-M <https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git>`__
|
||||
====================================================================================
|
||||
|
||||
+----------+-------------------------------------------------------------------------------------------------------+
|
||||
| bbappend | ``${WORKSPACE}/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m_%.bbappend`` |
|
||||
+----------+-------------------------------------------------------------------------------------------------------+
|
||||
| Recipe | ``${WORKSPACE}/meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_2.1.1.bb`` |
|
||||
+----------+-------------------------------------------------------------------------------------------------------+
|
||||
+----------+-----------------------------------------------------------------------------------------------------+
|
||||
| bbappend | ``$WORKSPACE/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m_%.bbappend`` |
|
||||
+----------+-----------------------------------------------------------------------------------------------------+
|
||||
| Recipe | ``$WORKSPACE/meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_2.1.0.bb`` |
|
||||
+----------+-----------------------------------------------------------------------------------------------------+
|
||||
|
||||
************************************
|
||||
External System Processor Components
|
||||
@@ -186,9 +179,9 @@ An example application that uses the `RTX Real-Time Operating System <https://de
|
||||
|
||||
The application project can be found `here <https://git.gitlab.arm.com/arm-reference-solutions/corstone1000/external_system/rtx>`__.
|
||||
|
||||
+----------+----------------------------------------------------------------------------------------------+
|
||||
| Recipe | ``${WORKSPACE}/meta-arm/meta-arm-bsp/recipes-bsp/external-system/external-system_0.1.0.bb`` |
|
||||
+----------+----------------------------------------------------------------------------------------------+
|
||||
+----------+--------------------------------------------------------------------------------------------+
|
||||
| Recipe | ``$WORKSPACE/meta-arm/meta-arm-bsp/recipes-bsp/external-system/external-system_0.1.0.bb`` |
|
||||
+----------+--------------------------------------------------------------------------------------------+
|
||||
|
||||
.. _building-the-software-stack:
|
||||
|
||||
@@ -199,7 +192,7 @@ Build
|
||||
|
||||
Building binaries natively on Windows and AArch64 Linux is not supported.
|
||||
|
||||
Use an Intel or AMD 64-bit architecture Linux based development machine to build the software stack and transfer the binaries to run the software stack on an FVP in Windows or AArch64 Linux
|
||||
Use an AMD64 Linux based development machine to build the software stack and transfer the binaries to run the software stack on an FVP in Windows or AArch64 Linux
|
||||
if required.
|
||||
|
||||
|
||||
@@ -207,8 +200,8 @@ Build
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
mkdir ${WORKSPACE}
|
||||
cd ${WORKSPACE}
|
||||
mkdir $WORKSPACE
|
||||
cd $WORKSPACE
|
||||
|
||||
#. Install kas version 4.4 with ``sudo`` rights.
|
||||
|
||||
@@ -218,18 +211,18 @@ Build
|
||||
|
||||
Ensure the kas installation directory is visible on the ``$PATH`` environment variable.
|
||||
|
||||
#. Clone the `meta-arm` Yocto layer in the workspace ``${WORKSPACE}``.
|
||||
#. Clone the `meta-arm` Yocto layer in the workspace ``$WORKSPACE``.
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
cd ${WORKSPACE}
|
||||
git clone https://git.yoctoproject.org/git/meta-arm -b CORSTONE1000-2025.05
|
||||
cd $WORKSPACE
|
||||
git clone https://git.yoctoproject.org/git/meta-arm -b CORSTONE1000-2024.11
|
||||
|
||||
#. Build a Corstone-1000 image:
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
kas build meta-arm/kas/corstone1000-${TARGET}.yml:meta-arm/ci/debug.yml
|
||||
kas build meta-arm/kas/corstone1000-$TARGET.yml:meta-arm/ci/debug.yml
|
||||
|
||||
.. important::
|
||||
|
||||
@@ -248,22 +241,22 @@ Build
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
kas build meta-arm/kas/corstone1000-${TARGET}.yml:meta-arm/ci/debug.yml:meta-arm/kas/corstone1000-extsys.yml
|
||||
kas build meta-arm/kas/corstone1000-$TARGET.yml:meta-arm/ci/debug.yml:meta-arm/kas/corstone1000-extsys.yml
|
||||
|
||||
A clean build takes a significant amount of time given that all of the development machine utilities are also
|
||||
built along with the target images. Those development machine utilities include executables (Python,
|
||||
CMake, etc.) and the required toolchains.
|
||||
|
||||
|
||||
Once the build succeeds, all output binaries will be placed in ``${WORKSPACE}/build/tmp/deploy/images/corstone1000-${TARGET}/``
|
||||
Once the build succeeds, all output binaries will be placed in ``$WORKSPACE/build/tmp/deploy/images/corstone1000-$TARGET/``
|
||||
|
||||
Everything apart from the Secure Enclave ROM firmware and External System firmware, is bundled into a single binary, the
|
||||
``corstone1000-flash-firmware-image-corstone1000-${TARGET}.wic`` file.
|
||||
``corstone1000-flash-firmware-image-corstone1000-$TARGET.wic`` file.
|
||||
|
||||
The output binaries run in the Corstone-1000 platform are the following:
|
||||
- The Secure Enclave ROM firmware: ``${WORKSPACE}/build/tmp/deploy/images/corstone1000-${TARGET}/bl1.bin``
|
||||
- The External System Processor firmware: ``${WORKSPACE}/build/tmp/deploy/images/corstone1000-${TARGET}/es_flashfw.bin``
|
||||
- The internal firmware flash image: ``${WORKSPACE}/build/tmp/deploy/images/corstone1000-${TARGET}/corstone1000-flash-firmware-image-corstone1000-${TARGET}.wic``
|
||||
- The Secure Enclave ROM firmware: ``$WORKSPACE/build/tmp/deploy/images/corstone1000-$TARGET/bl1.bin``
|
||||
- The External System Processor firmware: ``$WORKSPACE/build/tmp/deploy/images/corstone1000-$TARGET/es_flashfw.bin``
|
||||
- The internal firmware flash image: ``$WORKSPACE/build/tmp/deploy/images/corstone1000-$TARGET/corstone1000-flash-firmware-image-corstone1000-$TARGET.wic``
|
||||
|
||||
.. _flashing-firmware-images:
|
||||
|
||||
@@ -276,13 +269,6 @@ Flash
|
||||
machine does not require any firmware flashing. Refer to `this <running-software-stack-fvp_>`__
|
||||
section for running the software stack on FVP.
|
||||
|
||||
.. important::
|
||||
|
||||
When preparing the SD card for flashing, ensure that it is at least 4GB in size and formatted
|
||||
with a FAT32 partition.
|
||||
Using smaller cards or unsupported file systems (e.g., exFAT, NTFS) may cause the flashing
|
||||
process to fail or the device to become unresponsive.
|
||||
|
||||
#. Download the FPGA bit file image ``AN550: Arm® Corstone™-1000 for MPS3 Version 2.0``
|
||||
on the `Arm Developer website <https://developer.arm.com/tools-and-software/development-boards/fpga-prototyping-boards/download-fpga-images>`__.
|
||||
Click on the ``Download AN550 bundle`` button and login to download the file.
|
||||
@@ -316,9 +302,9 @@ Flash
|
||||
└── ES0.bin
|
||||
|
||||
#. Depending upon the MPS3 board version, you should update the ``images.txt`` file
|
||||
(found in the corresponding ``HBI0309x`` folder e.g. ``Boardfiles/MB/HBI0309${BOARD_VERSION}/AN550/images.txt``)
|
||||
(found in the corresponding ``HBI0309x`` folder e.g. ``Boardfiles/MB/HBI0309$BOARD_VERSION/AN550/images.txt``)
|
||||
so it points to the images under the ``SOFTWARE`` directory.
|
||||
Where ``${BOARD_VERSION}`` is a variable containing the board printed on the MPS3 board.
|
||||
Where ``$BOARD_VERSION`` is a variable containing the board printed on the MPS3 board.
|
||||
|
||||
The ``images.txt`` file compatible with the latest version of the software
|
||||
stack can be seen below;
|
||||
@@ -355,10 +341,10 @@ Flash
|
||||
IMAGE2FILE: \SOFTWARE\es0.bin
|
||||
|
||||
|
||||
#. Copy ``bl1.bin`` from ``${WORKSPACE}/build/tmp/deploy/images/corstone1000-mps3`` to the ``SOFTWARE`` directory of the FPGA bundle.
|
||||
#. Copy ``es_flashfw.bin`` from ``${WORKSPACE}/build/tmp/deploy/images/corstone1000-mps3`` to the ``SOFTWARE`` directory of the FPGA bundle
|
||||
#. Copy ``bl1.bin`` from ``$WORKSPACE/build/tmp/deploy/images/corstone1000-mps3`` to the ``SOFTWARE`` directory of the FPGA bundle.
|
||||
#. Copy ``es_flashfw.bin`` from ``$WORKSPACE/build/tmp/deploy/images/corstone1000-mps3`` to the ``SOFTWARE`` directory of the FPGA bundle
|
||||
and rename the binary to ``es0.bin``.
|
||||
#. Copy ``corstone1000-flash-firmware-image-corstone1000-mps3.wic`` from ``${WORKSPACE}/build/tmp/deploy/images/corstone1000-mps3`` to the ``SOFTWARE``
|
||||
#. Copy ``corstone1000-flash-firmware-image-corstone1000-mps3.wic`` from ``$WORKSPACE/build/tmp/deploy/images/corstone1000-mps3`` to the ``SOFTWARE``
|
||||
directory of the FPGA bundle and rename the wic image to ``cs1000.bin``.
|
||||
|
||||
.. note::
|
||||
@@ -441,7 +427,7 @@ Corstone-1000 FVP software image.
|
||||
|
||||
A Yocto recipe is provided to download the latest supported FVP version.
|
||||
|
||||
The recipe is located at ``${WORKSPACE}/meta-arm/meta-arm/recipes-devtools/fvp/fvp-corstone1000.bb``.
|
||||
The recipe is located at ``$WORKSPACE/meta-arm/meta-arm/recipes-devtools/fvp/fvp-corstone1000.bb``.
|
||||
|
||||
The latest FVP version is ``11.23.25`` and is automatically downloaded and installed when using the
|
||||
``runfvp`` command as detailed below.
|
||||
@@ -453,15 +439,14 @@ The latest FVP version is ``11.23.25`` and is automatically downloaded and insta
|
||||
kas shell meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml \
|
||||
-c "../meta-arm/scripts/runfvp -- --version"
|
||||
|
||||
The FVP can also be manually downloaded from `Arm Developer <arm-developer-fvp_>`__ to download
|
||||
the Corstone-1000 platform FVP installer.
|
||||
Follow the instructions of the installer to setup the FVP.
|
||||
The FVP can also be manually downloaded from the `Arm Ecosystem FVPs`_ page by navigating
|
||||
to "Corstone IoT FVPs" section to download the Corstone-1000 platform FVP installer. Follow the
|
||||
instructions of the installer to setup the FVP.
|
||||
|
||||
#. Run the FVP
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
tmux
|
||||
kas shell meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml \
|
||||
-c "../meta-arm/scripts/runfvp --terminals=tmux"
|
||||
|
||||
@@ -493,13 +478,6 @@ Tests
|
||||
following the instructions `here <building-the-software-stack_>`__.
|
||||
|
||||
|
||||
Reports
|
||||
-------
|
||||
|
||||
Reports for the tests conducted on the `Corstone-1000 software (CORSTONE1000-2025.05) <https://git.yoctoproject.org/meta-arm/tag/?h=CORSTONE1000-2025.05>`__
|
||||
release are available for reference `here <https://gitlab.arm.com/arm-reference-solutions/arm-reference-solutions-test-report/-/tree/CORSTONE1000-2025.05/embedded-a/corstone1000/CORSTONE1000-2025.05?ref_type=tags>`__.
|
||||
|
||||
|
||||
.. _clean-secure-flash:
|
||||
|
||||
Clean Secure Flash
|
||||
@@ -511,12 +489,12 @@ Clean Secure Flash
|
||||
This is to erase the flash cleanly and prepare a clean board environment for testing.
|
||||
|
||||
|
||||
#. Clone the `systemready-patch` repository to your ${WORKSPACE}.
|
||||
#. Clone the `systemready-patch` repository to your $WORKSPACE.
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
cd ${WORKSPACE}
|
||||
git clone https://git.gitlab.arm.com/arm-reference-solutions/systemready-patch.git -b CORSTONE1000-2025.05
|
||||
cd $WORKSPACE
|
||||
git clone https://git.gitlab.arm.com/arm-reference-solutions/systemready-patch.git -b CORSTONE1000-2024.11
|
||||
|
||||
#. Copy the secure flash cleaning Git patch file to your copy of `meta-arm`.
|
||||
|
||||
@@ -535,12 +513,12 @@ Clean Secure Flash
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
cd ${WORKSPACE}
|
||||
cd $WORKSPACE
|
||||
kas shell meta-arm/kas/corstone1000-mps3.yml:meta-arm/ci/debug.yml
|
||||
bitbake -c cleansstate trusted-firmware-m corstone1000-flash-firmware-image
|
||||
bitbake -c build corstone1000-flash-firmware-image
|
||||
|
||||
#. Replace the ``bl1.bin`` file on the SD card with ``${WORKSPACE}/build/tmp/deploy/images/corstone1000-mps3/bl1.bin``.
|
||||
#. Replace the ``bl1.bin`` file on the SD card with ``$WORKSPACE/build/tmp/deploy/images/corstone1000-mps3/bl1.bin``.
|
||||
|
||||
#. Reboot the board to completely erase the secure flash.
|
||||
|
||||
@@ -556,7 +534,7 @@ Clean Secure Flash
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
cd ${WORKSPACE}/meta-arm
|
||||
cd $WORKSPACE/meta-arm
|
||||
git reset --hard
|
||||
cd ..
|
||||
bitbake -c cleansstate trusted-firmware-m corstone1000-flash-firmware-image
|
||||
@@ -566,14 +544,11 @@ Clean Secure Flash
|
||||
|
||||
You can proceed with the test instructions in the following section after having done all the above.
|
||||
|
||||
SystemReady IR
|
||||
SystemReady-IR
|
||||
--------------
|
||||
|
||||
.. important::
|
||||
|
||||
**SystemReady IR** has now been renamed **SystemReady Devicetree Band**.
|
||||
|
||||
Running the tests described below requires USB drives.
|
||||
Running the SystemReady-IR tests described below requires USB drives.
|
||||
In our testing, not all USB drive models worked well with the MPS3.
|
||||
|
||||
Here are the USB drive models that were stable in our test environment:
|
||||
@@ -597,10 +572,10 @@ A storage with EFI System Partition (ESP) must exist in the system for the UEFI-
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
kas build meta-arm/kas/corstone1000-${TARGET}.yml:meta-arm/ci/debug.yml --target corstone1000-esp-image
|
||||
kas build meta-arm/kas/corstone1000-$TARGET.yml:meta-arm/ci/debug.yml --target corstone1000-esp-image
|
||||
|
||||
#. Locate the ``corstone1000-esp-image-corstone1000-${TARGET}.wic`` build artefact
|
||||
in ``${WORKSPACE}/build/tmp/deploy/images/corstone1000-${TARGET}/``
|
||||
#. Locate the ``corstone1000-esp-image-corstone1000-$TARGET.wic`` build artefact
|
||||
in ``$WORKSPACE/build/tmp/deploy/images/corstone1000-$TARGET/``
|
||||
|
||||
****************************
|
||||
Use the EFI System Partition
|
||||
@@ -630,7 +605,7 @@ MPS3
|
||||
.. code-block:: console
|
||||
|
||||
sudo dd \
|
||||
if=${WORKSPACE}/build/tmp/deploy/images/corstone1000-mps3/corstone1000-esp-image-corstone1000-mps3.wic \
|
||||
if=$WORKSPACE/build/tmp/deploy/images/corstone1000-mps3/corstone1000-esp-image-corstone1000-mps3.wic \
|
||||
of=/dev/sdb \
|
||||
iflag=direct oflag=direct status=progress bs=512; sync;
|
||||
|
||||
@@ -647,7 +622,7 @@ It will be used when the SystemReady-IR tests is performed on the FVP in the lat
|
||||
|
||||
|
||||
****************************
|
||||
Run SystemReady IR ACS Tests
|
||||
Run SystemReady-IR ACS Tests
|
||||
****************************
|
||||
|
||||
ACS is used to ensure architectural compliance across different implementations of the architecture.
|
||||
@@ -668,31 +643,20 @@ See the directory structure of the ACS image ``BOOT`` partition below:
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
├── acs_results
|
||||
├── EFI
|
||||
│ └── BOOT
|
||||
│ ├── app
|
||||
│ ├── bbr
|
||||
│ ├── bootaa64.efi
|
||||
│ ├── bsa
|
||||
│ ├── debug
|
||||
│ ├── grub.cfg
|
||||
│ ├── Shell.efi
|
||||
│ ├── sie_startup.nsh
|
||||
│ └── startup.nsh
|
||||
│ └── BOOT
|
||||
│ ├── app
|
||||
│ ├── bbr
|
||||
│ ├── bootaa64.efi
|
||||
│ ├── bsa
|
||||
│ ├── debug
|
||||
│ ├── Shell.efi
|
||||
│ └── startup.nsh
|
||||
├── grub
|
||||
├── grub.cfg
|
||||
├── Image
|
||||
├── security-interface-extension-keys
|
||||
│ ├── NullPK.auth
|
||||
│ ├── TestDB1.auth
|
||||
│ ├── TestDB1.der
|
||||
│ ├── TestDBX1.auth
|
||||
│ ├── TestDBX1.der
|
||||
│ ├── TestKEK1.auth
|
||||
│ ├── TestKEK1.der
|
||||
│ ├── TestPK1.auth
|
||||
│ └── TestPK1.der
|
||||
├── startup.nsh
|
||||
└── yocto_image.flag
|
||||
├── ramdisk-busybox.img
|
||||
└── acs_results
|
||||
|
||||
The ``BOOT`` partition is also used to store test results in the ``acs_results`` folder.
|
||||
|
||||
@@ -710,13 +674,13 @@ This sections below describe how to build and run ACS tests on Corstone-1000.
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
cd ${WORKSPACE}
|
||||
git clone https://github.com/ARM-software/arm-systemready.git -b v23.09_SR_REL2.0.0_ES_REL1.3.0_IR_REL2.1.0 --depth 1
|
||||
cd $WORKSPACE
|
||||
git clone https://github.com/ARM-software/arm-systemready.git
|
||||
|
||||
This repository contains the infrastructure to build the ACS and the bootable prebuilt images to be used for the
|
||||
certifications of SystemReady IR.
|
||||
certifications of SystemReady-IR.
|
||||
|
||||
#. Find the pre-built ACS live image in ``${WORKSPACE}/arm-systemready/IR/prebuilt_images/v23.09_2.1.0/ir-acs-live-image-generic-arm64.wic.xz``.
|
||||
#. Find the pre-built ACS live image in ``$WORKSPACE/arm-systemready/IR/prebuilt_images/v23.09_2.1.0/ir-acs-live-image-generic-arm64.wic.xz``.
|
||||
|
||||
.. note::
|
||||
|
||||
@@ -729,7 +693,7 @@ This sections below describe how to build and run ACS tests on Corstone-1000.
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
cd ${WORKSPACE}/arm-systemready/IR/prebuilt_images/v23.09_2.1.0
|
||||
cd $WORKSPACE/arm-systemready/IR/prebuilt_images/v23.09_2.1.0
|
||||
unxz ir-acs-live-image-generic-arm64.wic.xz
|
||||
|
||||
MPS3
|
||||
@@ -753,7 +717,7 @@ MPS3
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
cd ${WORKSPACE}/arm-systemready/IR/prebuilt_images/v23.09_2.1.0
|
||||
cd $WORKSPACE/arm-systemready/IR/prebuilt_images/v23.09_2.1.0
|
||||
sudo dd if=ir-acs-live-image-generic-arm64.wic of=/dev/sdc iflag=direct oflag=direct bs=1M status=progress; sync
|
||||
|
||||
#. Plug the USB drive to the MPS3. At this point you should have both the USB drive with the ESP and the USB drive with the ACS image plugged to the MPS3.
|
||||
@@ -793,12 +757,12 @@ Run the commands below to run the ACS test on FVP using the built firmware image
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
cd ${WORKSPACE}
|
||||
cd $WORKSPACE
|
||||
tmux
|
||||
./meta-arm/scripts/runfvp \
|
||||
--terminals=tmux \
|
||||
./build/tmp/deploy/images/corstone1000-fvp/corstone1000-flash-firmware-image-corstone1000-fvp.fvpconf \
|
||||
-- -C board.msd_mmc.p_mmc_file=${WORKSPACE}/arm-systemready/IR/prebuilt_images/v23.09_2.1.0/ir-acs-live-image-generic-arm64.wic
|
||||
-- -C board.msd_mmc.p_mmc_file=$WORKSPACE/arm-systemready/IR/prebuilt_images/v23.09_2.1.0/ir-acs-live-image-generic-arm64.wic
|
||||
|
||||
|
||||
.. note::
|
||||
@@ -830,7 +794,7 @@ The results can be fetched from the `acs_results` folder in the ``BOOT`` partiti
|
||||
|
||||
sudo mkdir /mnt/test
|
||||
sudo mount -o rw,offset=1048576 \
|
||||
${WORKSPACE}/arm-systemready/IR/prebuilt_images/v23.09_2.1.0/ir-acs-live-image-generic-arm64.wic \
|
||||
$WORKSPACE/arm-systemready/IR/prebuilt_images/v23.09_2.1.0/ir-acs-live-image-generic-arm64.wic \
|
||||
/mnt/test
|
||||
|
||||
#####################################################
|
||||
@@ -858,18 +822,18 @@ Generate Capsules
|
||||
*****************
|
||||
|
||||
U-Boot's ``mkeficapsule`` tool is used to generate capsules. It is built automatically for the host machine during the firmware image building process.
|
||||
The tool can be found in the ``${WORKSPACE}/build/tmp/sysroots-components/x86_64/u-boot-tools-native/usr/bin/mkeficapsule`` directory.
|
||||
The tool can be found in the ``$WORKSPACE/build/tmp/sysroots-components/x86_64/u-boot-tools-native/usr/bin/mkeficapsule`` directory.
|
||||
|
||||
``mkeficapsule`` uses a no-partition image which is created when performing a clean firmware build.
|
||||
The no-partition image can be found in the ``${WORKSPACE}/build/tmp/deploy/images/corstone1000-${TARGET}/corstone1000-${TARGET}/corstone1000-${TARGET}_image.nopt`` directory.
|
||||
The no-partition image can be found in the ``$WORKSPACE/build/tmp/deploy/images/corstone1000-$TARGET/corstone1000-$TARGET_image.nopt`` directory.
|
||||
|
||||
The capsule's default metadata passed can be found in the ``${WORKSPACE}/meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-flash-firmware-image.bb``
|
||||
and ``${WORKSPACE}/meta-arm/kas/corstone1000-image-configuration.yml`` files.
|
||||
The capsule's default metadata passed can be found in the ``$WORKSPACE/meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-flash-firmware-image.bb``
|
||||
and ``$WORKSPACE/meta-arm/kas/corstone1000-image-configuration.yml`` files.
|
||||
|
||||
Valid Capsule
|
||||
=============
|
||||
|
||||
An automatically generated capsule can be found in ``${WORKSPACE}/build/tmp/deploy/images/corstone1000-${TARGET}/corstone1000-${TARGET}-v6.uefi.capsule`` after running a firmware build.
|
||||
An automatically generated capsule can be found in ``$WORKSPACE/build/tmp/deploy/images/corstone1000-$TARGET/corstone1000-$TARGET-v6.uefi.capsule`` after running a firmware build.
|
||||
|
||||
The default metadata values are assumed to be correct to generate a valid capsule.
|
||||
|
||||
@@ -886,27 +850,26 @@ Run the following commands to generate an invalid capsule with a ``fw-version``
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
cd ${WORKSPACE}
|
||||
cd $WORKSPACE
|
||||
|
||||
./build/tmp/sysroots-components/x86_64/u-boot-tools-native/usr/bin/mkeficapsule \
|
||||
--monotonic-count 1 \
|
||||
--private-key build/tmp/deploy/images/corstone1000-${TARGET}/corstone1000_capsule_key.key \
|
||||
--certificate build/tmp/deploy/images/corstone1000-${TARGET}/corstone1000_capsule_cert.crt \
|
||||
--private-key build/tmp/deploy/images/corstone1000-$TARGET/corstone1000_capsule_key.key \
|
||||
--certificate build/tmp/deploy/images/corstone1000-$TARGET/corstone1000_capsule_cert.crt \
|
||||
--index 1 \
|
||||
--guid ${TARGET}_GUID \
|
||||
--fw-version 5 \
|
||||
build/tmp/deploy/images/corstone1000-${TARGET}/corstone1000-${TARGET}_image.nopt \
|
||||
corstone1000-${TARGET}-v5.uefi.capsule
|
||||
--guid $TARGET_GUID \
|
||||
--fw-version 5 build/tmp/deploy/images/corstone1000-$TARGET/corstone1000-$TARGET_image.nopt \
|
||||
corstone1000-$TARGET-v5.uefi.capsule
|
||||
|
||||
|
||||
.. important::
|
||||
|
||||
``${TARGET}_GUID`` is different depending on whether the capsule is built for the ``fvp`` or ``mps3`` ``${TARGET}``.
|
||||
``$TARGET_GUID`` is different depending on whether the capsule is built for the ``fvp`` or ``mps3`` ``$TARGET``.
|
||||
|
||||
- ``fvp`` ``${TARGET}_GUID`` is ``989f3a4e-46e0-4cd0-9877-a25c70c01329``
|
||||
- ``mps3`` ``${TARGET}_GUID`` is ``df1865d1-90fb-4d59-9c38-c9f2c1bba8cc``
|
||||
- ``fvp`` ``$TARGET_GUID`` is ``989f3a4e-46e0-4cd0-9877-a25c70c01329``
|
||||
- ``mps3`` ``$TARGET_GUID`` is ``df1865d1-90fb-4d59-9c38-c9f2c1bba8cc``
|
||||
|
||||
The invalid capsule will be located in the ``${WORKSPACE}`` directory.
|
||||
The invalid capsule will be located in the ``$WORKSPACE`` directory.
|
||||
|
||||
***************************
|
||||
Transfer Capsules to Target
|
||||
@@ -924,16 +887,10 @@ MPS3
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
cp ${WORKSPACE}/build/tmp/deploy/images/corstone1000-mps3/corstone1000-mps3-v6.uefi.capsule /dev/sdc/BOOT/
|
||||
cp ${WORKSPACE}/corstone1000-mps3-v5.uefi.capsule /dev/sdc/EFI/BOOT/
|
||||
sudo cp $CAPSULES_PATH/corstone1000-mps3-v6.uefi.capsule $ACS_IMAGE_USB_DRIVE_PATH/BOOT/
|
||||
sudo cp $CAPSULES_PATH/corstone1000-mps3-v5.uefi.capsule $ACS_IMAGE_USB_DRIVE_PATH/BOOT/
|
||||
sync
|
||||
|
||||
.. note::
|
||||
|
||||
``/dev/sdc`` is the assumed path for the ACS Image USB drive.
|
||||
Replace it with the actual device path as enumerated on your development machine.
|
||||
|
||||
|
||||
.. important::
|
||||
|
||||
Since we are using the direct Capsule Update method, the capsule files should not be placed in
|
||||
@@ -943,7 +900,7 @@ FVP
|
||||
===
|
||||
|
||||
#. Download and extract the ACS image `as described for the MPS3 <mps3-instructions-for-acs-image_>`_.
|
||||
The ACS image extraction location will be referred below as ``${ACS_IMAGE_PATH}``.
|
||||
The ACS image extraction location will be referred below as ``$ACS_IMAGE_PATH``.
|
||||
|
||||
.. note::
|
||||
|
||||
@@ -954,10 +911,10 @@ FVP
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
fdisk -lu ${ACS_IMAGE_PATH}/ir-acs-live-image-generic-arm64.wic
|
||||
fdisk -lu $ACS_IMAGE_PATH/ir-acs-live-image-generic-arm64.wic
|
||||
Device Start End Sectors Size Type
|
||||
${ACS_IMAGE_PATH}/ir-acs-live-image-generic-arm64.wic1 2048 309247 307200 150M Microsoft basic data
|
||||
${ACS_IMAGE_PATH}/ir-acs-live-image-generic-arm64.wic2 309248 1343339 1034092 505M Linux filesystem
|
||||
$ACS_IMAGE_PATH/ir-acs-live-image-generic-arm64.wic1 2048 309247 307200 150M Microsoft basic data
|
||||
$ACS_IMAGE_PATH/ir-acs-live-image-generic-arm64.wic2 309248 1343339 1034092 505M Linux filesystem
|
||||
|
||||
|
||||
Given that the first partition starts at sector 2048 and each sector is 512 bytes in size,
|
||||
@@ -968,14 +925,14 @@ FVP
|
||||
.. code-block:: console
|
||||
|
||||
sudo mkdir /mnt/ir-acs-live-image-generic-arm64
|
||||
sudo mount -o rw,offset=<first_partition_offset> ${ACS_IMAGE_PATH}/ir-acs-live-image-generic-arm64.wic /mnt/ir-acs-live-image-generic-arm64
|
||||
sudo mount -o rw,offset=<first_partition_offset> $ACS_IMAGE_PATH/ir-acs-live-image-generic-arm64.wic /mnt/ir-acs-live-image-generic-arm64
|
||||
|
||||
#. Copy the capsules:
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
sudo cp ${WORKSPACE}/build/tmp/deploy/images/corstone1000-fvp/corstone1000-fvp-v6.uefi.capsule /mnt/ir-acs-live-image-generic-arm64/
|
||||
sudo cp ${WORKSPACE}/corstone1000-fvp-v5.uefi.capsule /mnt/ir-acs-live-image-generic-arm64/
|
||||
sudo cp $CAPSULES_PATH/corstone1000-fvp-v6.uefi.capsule /mnt/ir-acs-live-image-generic-arm64/
|
||||
sudo cp $CAPSULES_PATH/corstone1000-fvp-v5.uefi.capsule /mnt/ir-acs-live-image-generic-arm64/
|
||||
sync
|
||||
|
||||
#. Unmount the IR image:
|
||||
@@ -988,8 +945,8 @@ FVP
|
||||
Run Capsule Update Tests
|
||||
************************
|
||||
|
||||
The valid capsule (``corstone1000-${TARGET}-v6.uefi.capsule``) will be used first to run the positive capsule update test.
|
||||
This will be followed by using the invalid capsule (``corstone1000-${TARGET}-v5.uefi.capsule``) to run the negative capsule update test.
|
||||
The valid capsule (``corstone1000-$TARGET-v6.uefi.capsule``) will be used first to run the positive capsule update test.
|
||||
This will be followed by using the invalid capsule (``corstone1000-$TARGET-v5.uefi.capsule``) to run the negative capsule update test.
|
||||
|
||||
.. important::
|
||||
|
||||
@@ -1015,17 +972,16 @@ Positive Capsule Update Test
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
tmux
|
||||
kas shell meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml \
|
||||
-c "../meta-arm/scripts/runfvp --terminals=tmux \
|
||||
-- -C board.msd_mmc.p_mmc_file=${ACS_IMAGE_PATH}/ir-acs-live-image-generic-arm64.wic"
|
||||
-- -C board.msd_mmc.p_mmc_file=$ACS_IMAGE_PATH/ir-acs-live-image-generic-arm64.wic"
|
||||
|
||||
.. warning::
|
||||
|
||||
``${ACS_IMAGE_PATH}`` must be an absolute path. Ensure there are no spaces before or after of ``=`` of the ``-C board.msd_mmc.p_mmc_file`` option.
|
||||
``$ACS_IMAGE_PATH`` must be an absolute path. Ensure there are no spaces before or after of ``=`` of the ``-C board.msd_mmc.p_mmc_file`` option.
|
||||
|
||||
|
||||
#. Wait until U-Boot loads EFI from the ACS image and interrupt the EFI shell by pressing the ``Escape`` key when the following prompt is displayed on the Host Processor terminal (``ttyUSB2`` for MPS3).
|
||||
#. Wait until U-Boot loads EFI from the ACS image and interrupt the EFI shell by pressing the ``Escape`` key when the following prompt is displayed on the Host Processor terminal (``ttyUSB2``).
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
@@ -1062,7 +1018,7 @@ Positive Capsule Update Test
|
||||
The software stack copies the capsule content to the external flash, which is shared between the Secure Enclave and the Host Processor
|
||||
before rebooting the system.
|
||||
|
||||
After the first reboot, TrustedFirmware-M should apply the valid capsule and display the following log on the Secure Enclave terminal (``ttyUSB1`` for MPS3)
|
||||
After the first reboot, TrustedFirmware-M should apply the valid capsule and display the following log on the Secure Enclave terminal (``ttyUSB1``)
|
||||
before rebooting the system a second time:
|
||||
|
||||
.. code-block:: console
|
||||
@@ -1137,13 +1093,13 @@ Negative Capsule Update Test
|
||||
|
||||
The `positive capsule update test <positive-capsule-update-test_>`__ must be run before running the negative capsule update test.
|
||||
|
||||
#. After running the positive capsule update test, reboot the system by typing the following command on the Host Processor terminal (``ttyUSB2`` for MPS3):
|
||||
#. After running the positive capsule update test, reboot the system by typing the following command on the Host Processor terminal (``ttyUSB2``):
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
reboot
|
||||
|
||||
#. Wait until U-Boot loads EFI from the ACS image and interrupt the EFI shell by pressing the ``Escape`` key when the following prompt is displayed on the Host Processor terminal (``ttyUSB2`` for MPS3).
|
||||
#. Wait until U-Boot loads EFI from the ACS image and interrupt the EFI shell by pressing the ``Escape`` key when the following prompt is displayed on the Host Processor terminal (``ttyUSB2``).
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
@@ -1170,7 +1126,7 @@ Negative Capsule Update Test
|
||||
EFI/BOOT/app/CapsuleApp.efi corstone1000-fvp-v5.uefi.capsule
|
||||
|
||||
|
||||
#. TrustedFirmware-M should reject the capsule due to having a lower firmware version and display the following log on the Secure Enclave terminal (``ttyUSB1`` for MPS3):
|
||||
#. TrustedFirmware-M should reject the capsule due to having a lower firmware version and display the following log on the Secure Enclave terminal (``ttyUSB1``):
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
@@ -1274,9 +1230,9 @@ Follow the instructions below to create the installation media.
|
||||
|
||||
For openSUSE Tumbleweed, search for an ISO file with the format: ``openSUSE-Tumbleweed-DVD-aarch64-Snapshot$DATE-Media.iso``.
|
||||
|
||||
``openSUSE-Tumbleweed-DVD-aarch64-Snapshot20250509-Media.iso`` was used during development.
|
||||
``openSUSE-Tumbleweed-DVD-aarch64-Snapshot20240516-Media.iso`` was used during development.
|
||||
|
||||
The location of the ISO file on the development machine will be referred to as ``${DISTRO_INSTALLER_ISO_PATH}``.
|
||||
The location of the ISO file on the development machine will be referred to as ``$DISTRO_INSTALLER_ISO_PATH``.
|
||||
|
||||
#. Create the installation media which will contain the necessary files to install the operation system.
|
||||
|
||||
@@ -1300,7 +1256,7 @@ Follow the instructions below to create the installation media.
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
sudo dd if=${DISTRO_INSTALLER_ISO_PATH} of=/dev/sdb iflag=direct oflag=direct status=progress bs=1M; sync;
|
||||
sudo dd if=$DISTRO_INSTALLER_ISO_PATH of=/dev/sdb iflag=direct oflag=direct status=progress bs=1M; sync;
|
||||
|
||||
- FVP:
|
||||
|
||||
@@ -1323,7 +1279,7 @@ Corstone-1000 on-board non-volatile storage size is insufficient for installing
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
dd if=/dev/zero of=${WORKSPACE}/fvp_distro_system_drive.img \
|
||||
dd if=/dev/zero of=$WORKSPACE/fvp_distro_system_drive.img \
|
||||
bs=1 count=0 seek=10G; sync; \
|
||||
parted -s fvp_distro_system_drive.img mklabel gpt
|
||||
|
||||
@@ -1367,11 +1323,10 @@ FVP
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
tmux
|
||||
kas shell meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml \
|
||||
-c "../meta-arm/scripts/runfvp --terminals=tmux -- \
|
||||
-C board.msd_mmc.p_mmc_file=${WORKSPACE}/fvp_distro_system_drive.img \
|
||||
-C board.msd_mmc_2.p_mmc_file=${DISTRO_INSTALLER_ISO_PATH}"
|
||||
-C board.msd_mmc.p_mmc_file=$WORKSPACE/fvp_distro_system_drive.img \
|
||||
-C board.msd_mmc_2.p_mmc_file=$DISTRO_INSTALLER_ISO_PATH"
|
||||
|
||||
The Linux distribution will be installed on ``fvp_distro_system_drive.img``.
|
||||
|
||||
@@ -1434,10 +1389,9 @@ Boot Distribution
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
tmux
|
||||
kas shell meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml \
|
||||
-c "../meta-arm/scripts/runfvp --terminals=tmux -- \
|
||||
-C board.msd_mmc.p_mmc_file=${WORKSPACE}/fvp_distro_system_drive.img"
|
||||
-C board.msd_mmc.p_mmc_file=$WORKSPACE/fvp_distro_system_drive.img"
|
||||
|
||||
.. warning::
|
||||
|
||||
@@ -1532,32 +1486,29 @@ Generate Keys, Signed Image and Unsigned Image
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
cd ${WORKSPACE}
|
||||
cd $WORKSPACE
|
||||
|
||||
git clone https://gitlab.arm.com/arm-reference-solutions/systemready-patch \
|
||||
|
||||
-b CORSTONE1000-2025.05
|
||||
git clone https://git.gitlab.arm.com/arm-reference-solutions/systemready-patch.git \
|
||||
-b CORSTONE1000-2024.11
|
||||
|
||||
#. Set the current working directory to build directory's subdirectory containing the software stack build images.
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
cd ${WORKSPACE}/build/tmp/deploy/images/corstone1000-${TARGET}/
|
||||
cd $WORKSPACE/build/tmp/deploy/images/corstone1000-$TARGET/
|
||||
|
||||
#. Run the image signing script (without changing the current working directory).
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
./${WORKSPACE}/systemready-patch/embedded-a/corstone1000/secureboot/create_keys_and_sign.sh \
|
||||
-d ${TARGET} \
|
||||
-v ${CERTIFICATE_VALIDITY_DURATION_IN_DAYS}
|
||||
./$WORKSPACE/systemready-patch/embedded-a/corstone1000/secureboot/create_keys_and_sign.sh \
|
||||
-d $TARGET \
|
||||
-v $CERTIFICATE_VALIDITY_DURATION_IN_DAYS
|
||||
|
||||
.. important::
|
||||
|
||||
The `efitools <https://github.com/vathpela/efitools/>`__ package is required to execute the script.
|
||||
|
||||
``${CERTIFICATE_VALIDITY_DURATION_IN_DAYS}`` is an integer that specifies the certificate's validity period in days.
|
||||
|
||||
.. note::
|
||||
|
||||
Consult the image signing script help message (``-h``) for more information about other optional arguments.
|
||||
@@ -1566,7 +1517,7 @@ Generate Keys, Signed Image and Unsigned Image
|
||||
|
||||
|
||||
The keys, signed kernel image, and unsigned kernel image will be copied to the exisiting ESP image.
|
||||
The modified ESP image can be found at ``${WORKSPACE}/build/tmp/deploy/images/corstone1000-${TARGET}/corstone1000-esp-image-corstone1000-${TARGET}.wic``.
|
||||
The modified ESP image can be found at ``$WORKSPACE/build/tmp/deploy/images/corstone1000-$TARGET/corstone1000-esp-image-corstone1000-$TARGET.wic``.
|
||||
|
||||
|
||||
****************************
|
||||
@@ -1792,7 +1743,7 @@ The tests use the `arm_tstee` driver to access Trusted Services Secure Partition
|
||||
Ensure there are no USB drives connected to the board when running the test on the MPS3.
|
||||
|
||||
|
||||
The steps below are applicable to both MPS3 and FVP.
|
||||
The steps below are applicable to both MPS3 and FVP).
|
||||
|
||||
#. Start the Corstone-1000 and wait until it boots to Linux on the Host Processor terminal (``ttyUSB2``).
|
||||
|
||||
@@ -1874,33 +1825,31 @@ For more information about this, see the following resources:
|
||||
- `Authenticated Debug Access Control Specification <https://developer.arm.com/documentation/den0101/latest/>`__
|
||||
- `Arm Corstone-1000 for MPS3 Application Note AN550, Chapter 7 <https://developer.arm.com/documentation/dai0550/latest/>`__
|
||||
|
||||
The Secure Debug Manager API is implemented in the `Secure Debug Manager (PSA-ADAC / SDC-600) <secure-debug-manager-repo-readme_>`__ repository.
|
||||
The Secure Debug Manager API is implemented in the `secure-debug-manager <https://github.com/ARM-software/secure-debug-manager>`__ repository.
|
||||
This repository also contains the necessary files for the Arm Development Studio support.
|
||||
The build and integration instructions can be found in its `README <secure-debug-manager-repo-readme_>`__.
|
||||
|
||||
The `Secure Debug Manager (PSA-ADAC / SDC-600)` repository also contains the private key and chain certificate to be used during the tests.
|
||||
The private key's public pair is provisioned into the One-Time Programmable memory in TrustedFirmware-M.
|
||||
These are dummy keys that should not be used in production.
|
||||
The `secure-debug-manager` repository also contains the private key and chain certificate to be used during the tests.
|
||||
The private key's public pair is provisioned into the One-Time Programmable memory in TrustedFirmware-M. These are dummy keys that should not be used in production.
|
||||
|
||||
To test the Secure Debug feature, you'll need a debug probe from the `Arm ULINKpro family <arm-ulink-pro-website_>`__
|
||||
and `Arm Development Studio <arm-ds-website_>`__ versions 2022.2, 2022.c, or 2023.a.
|
||||
To test the Secure Debug feature, you'll need a debug probe from the DSTREAM family and Arm Development Studio versions 2022.2, 2022.c, or 2023.a.
|
||||
|
||||
|
||||
#. Clone the `Secure Debug Manager (PSA-ADAC / SDC-600)` repository to your workspace.
|
||||
#. Clone the `secure-debug-manager` repository to your workspace.
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
cd ${WORKSPACE}
|
||||
cd $WORKSPACE
|
||||
git clone https://github.com/ARM-software/secure-debug-manager.git
|
||||
|
||||
#. Navigate into the repository directory and checkout the specific commit in the listing below.
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
cd ${WORKSPACE}/secure-debug-manager
|
||||
cd $WORKSPACE/secure-debug-manager
|
||||
git checkout b30d6496ca749123e86b39b161b9f70ef76106d6
|
||||
|
||||
#. Follow the instructions in the `Secure Debug Manager (PSA-ADAC / SDC-600)'s README <secure-debug-manager-repo-readme_>`__ for the development machine setup.
|
||||
#. Follow the steps in the `secure-debug-manager`'s `README <secure-debug-manager-repo-readme_>`__ for the development machine setup.
|
||||
|
||||
#. Rebuild the software stack with Secure Debug.
|
||||
|
||||
@@ -1922,7 +1871,7 @@ and `Arm Development Studio <arm-ds-website_>`__ versions 2022.2, 2022.c, or 202
|
||||
|
||||
#. Connect the debug probe to the MPS3 using the 20-pin 1.27mm connector with the ``CS_20W_1.27MM silkscreen`` label.
|
||||
|
||||
#. Create a debug configuration in Arm Development Studio as described in the `Secure Debug Manager (PSA-ADAC / SDC-600)'s README <secure-debug-manager-armds-integration_>`__.
|
||||
#. Create a debug configuration in Arm Development Studio as described in the `secure-debug-manager`'s `README <https://github.com/ARM-software/secure-debug-manager?tab=readme-ov-file#arm-development-studio-integration>`__.
|
||||
|
||||
#. Connect the debuger to the target using the debug configuration.
|
||||
|
||||
@@ -1933,14 +1882,14 @@ and `Arm Development Studio <arm-ds-website_>`__ versions 2022.2, 2022.c, or 202
|
||||
...
|
||||
|
||||
Please provide private key file path:
|
||||
Enter file path > ${WORKSPACE}\secure-debug-manager\example\data\keys\EcdsaP256Key-3.pem
|
||||
Enter file path > $WORKSPACE\secure-debug-manager\example\data\keys\EcdsaP256Key-3.pem
|
||||
|
||||
Please provide trust chain file path:
|
||||
Enter file path > ${WORKSPACE}\secure-debug-manager\example\data\chains\chain.EcdsaP256-3
|
||||
Enter file path > $WORKSPACE\secure-debug-manager\example\data\chains\chain.EcdsaP256-3
|
||||
|
||||
...
|
||||
|
||||
#. When successful authenticated, Arm Development Studio will connect to the running MPS3 and the debug features can be used.
|
||||
#. When successful authenticated, Arm Development Studio will connect to the running MS3 and the debug features can be used.
|
||||
The following prompt should appear in the Secure Enclave terminal (``ttyUSB1``):
|
||||
|
||||
.. code-block:: console
|
||||
@@ -1950,13 +1899,15 @@ and `Arm Development Studio <arm-ds-website_>`__ versions 2022.2, 2022.c, or 202
|
||||
...
|
||||
|
||||
|
||||
Reports
|
||||
-------
|
||||
Various test reports for the `Corstone-1000 software (CORSTONE1000-2024.11) <https://git.yoctoproject.org/meta-arm/tag/?h=CORSTONE1000-2024.11>`__
|
||||
release version are available for reference `here <https://gitlab.arm.com/arm-reference-solutions/arm-reference-solutions-test-report/-/tree/CORSTONE1000-2024.11/embedded-a/corstone1000/CORSTONE1000-2024.11?ref_type=tags>`__.
|
||||
|
||||
|
||||
--------------
|
||||
|
||||
*Copyright (c) 2022-2025, Arm Limited. All rights reserved.*
|
||||
*Copyright (c) 2022-2024, Arm Limited. All rights reserved.*
|
||||
|
||||
.. _arm-developer-fvp: https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps
|
||||
.. _secure-debug-manager-repo-readme: https://github.com/ARM-software/secure-debug-manager/tree/master?tab=readme-ov-file#secure-debug-manager-psa-adac--sdc-600
|
||||
.. _secure-debug-manager-armds-integration: https://github.com/ARM-software/secure-debug-manager?tab=readme-ov-file#arm-development-studio-integration
|
||||
.. _meta-arm-repository-release-branch: https://web.git.yoctoproject.org/meta-arm?h=walnascar
|
||||
.. _arm-ulink-pro-website: https://www.arm.com/products/development-tools/debug-probes/ulink-pro
|
||||
.. _arm-ds-website: https://www.arm.com/products/development-tools/embedded-and-software/arm-development-studio
|
||||
.. _Arm Ecosystem FVPs: https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps
|
||||
.. _secure-debug-manager-repo-readme: https://github.com/ARM-software/secure-debug-manager/blob/master/README.md
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
# Copyright (c) 2022-2024, Arm Limited.
|
||||
# Copyright (c) 2022, Arm Limited.
|
||||
#
|
||||
# SPDX-License-Identifier: MIT
|
||||
|
||||
@@ -6,6 +6,6 @@
|
||||
jinja2==3.1.1
|
||||
|
||||
# Required to build the documentation
|
||||
sphinx==7.1.2
|
||||
sphinx_rtd_theme~=3.0.0
|
||||
docutils~=0.18.1
|
||||
sphinx~=5.0
|
||||
sphinx_rtd_theme~=2.0.0
|
||||
docutils==0.17.1
|
||||
|
||||
@@ -3,6 +3,3 @@ NUMA: Failed to initialise from firmware
|
||||
|
||||
# TODO: we should be using bochsdrm over efifb?
|
||||
efifb: cannot reserve video memory at 0x80000000
|
||||
|
||||
# TODO: debug why this sometimes happens
|
||||
failed to find screen to remove
|
||||
|
||||
@@ -1,5 +1,6 @@
|
||||
# Machine specific configurations
|
||||
|
||||
MACHINE_HAFNIUM_REQUIRE ?= ""
|
||||
MACHINE_HAFNIUM_REQUIRE:tc = "hafnium-tc.inc"
|
||||
|
||||
require ${MACHINE_HAFNIUM_REQUIRE}
|
||||
|
||||
@@ -4,5 +4,6 @@ MACHINE_SCP_REQUIRE ?= ""
|
||||
|
||||
MACHINE_SCP_REQUIRE:juno = "scp-firmware-juno.inc"
|
||||
MACHINE_SCP_REQUIRE:sgi575 = "scp-firmware-sgi575.inc"
|
||||
MACHINE_SCP_REQUIRE:tc = "scp-firmware-tc.inc"
|
||||
|
||||
require ${MACHINE_SCP_REQUIRE}
|
||||
|
||||
-33
@@ -1,33 +0,0 @@
|
||||
From f5b2fa90e0c0324f31e72429e7a7382f49a25912 Mon Sep 17 00:00:00 2001
|
||||
From: Shen Jiamin <shen_jiamin@comp.nus.edu.sg>
|
||||
Date: Wed, 24 Jul 2024 18:58:55 +0800
|
||||
Subject: [PATCH] fix(zynqmp): handle secure SGI at EL1 for OP-TEE
|
||||
|
||||
OP-TEE requires SGIs to be handled at S-EL1. The
|
||||
Makefile was not properly setting the flag
|
||||
GICV2_G0_FOR_EL3 to 0 when the SPD is OP-TEE.
|
||||
|
||||
Change-Id: I256afa37ddf4ad4a154c43d51807de670c3689bb
|
||||
Signed-off-by: Shen Jiamin <shen_jiamin@comp.nus.edu.sg>
|
||||
---
|
||||
plat/xilinx/zynqmp/platform.mk | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
Upstream-Status: Backport
|
||||
|
||||
diff --git a/plat/xilinx/zynqmp/platform.mk b/plat/xilinx/zynqmp/platform.mk
|
||||
index c340009d0..22eceb621 100644
|
||||
--- a/plat/xilinx/zynqmp/platform.mk
|
||||
+++ b/plat/xilinx/zynqmp/platform.mk
|
||||
@@ -21,7 +21,7 @@ ENABLE_LTO := 1
|
||||
EL3_EXCEPTION_HANDLING := $(SDEI_SUPPORT)
|
||||
|
||||
# pncd SPD requires secure SGI to be handled at EL1
|
||||
-ifeq (${SPD}, $(filter ${SPD},pncd tspd))
|
||||
+ifeq (${SPD}, $(filter ${SPD},pncd tspd opteed))
|
||||
ifeq (${ZYNQMP_WDT_RESTART},1)
|
||||
$(error "Error: ZYNQMP_WDT_RESTART and SPD=pncd are incompatible")
|
||||
endif
|
||||
--
|
||||
2.34.1
|
||||
|
||||
-33
@@ -1,33 +0,0 @@
|
||||
From b91c651e6d596cfe27448b19c8fb2f1168493827 Mon Sep 17 00:00:00 2001
|
||||
From: Mikko Rapeli <mikko.rapeli@linaro.org>
|
||||
Date: Mon, 15 Jan 2024 09:26:56 +0000
|
||||
Subject: [PATCH] qemu_measured_boot.c: ignore TPM error and continue with boot
|
||||
|
||||
If firmware is configured with TPM support but it's missing
|
||||
on HW, e.g. swtpm not started and/or configured with qemu,
|
||||
then continue booting. Missing TPM is not a fatal error.
|
||||
Enables testing boot without TPM device to see that
|
||||
missing TPM is detected further up the SW stack and correct
|
||||
fallback actions are taken.
|
||||
|
||||
Upstream-Status: Pending
|
||||
|
||||
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
|
||||
---
|
||||
plat/qemu/qemu/qemu_measured_boot.c | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/plat/qemu/qemu/qemu_measured_boot.c b/plat/qemu/qemu/qemu_measured_boot.c
|
||||
index 76a4da17e6a9..ec7f44d3720d 100644
|
||||
--- a/plat/qemu/qemu/qemu_measured_boot.c
|
||||
+++ b/plat/qemu/qemu/qemu_measured_boot.c
|
||||
@@ -80,7 +80,8 @@ void bl2_plat_mboot_finish(void)
|
||||
* Note: In QEMU platform, OP-TEE uses nt_fw_config to get the
|
||||
* secure Event Log buffer address.
|
||||
*/
|
||||
- panic();
|
||||
+ ERROR("Ignoring TPM errors, continuing without\n");
|
||||
+ return;
|
||||
}
|
||||
|
||||
/* Copy Event Log to Non-secure memory */
|
||||
@@ -62,9 +62,3 @@ EXTRA_OEMAKE += "FVP_DT_PREFIX=fvp-base-gicv3-psci-1t FVP_USE_GIC_DRIVER=FVP_GIC
|
||||
|
||||
# Our fvp-base machine explicitly has v8.4 cores
|
||||
EXTRA_OEMAKE += "ARM_ARCH_MAJOR=8 ARM_ARCH_MINOR=4"
|
||||
|
||||
# If GENERATE_COT is set, then tf-a will try to use local poetry install
|
||||
# to run the python cot-dt2c command. Disable the local poetry and use
|
||||
# the provided cot-dt2c.
|
||||
EXTRA_OEMAKE += "POETRY=''"
|
||||
DEPENDS += "cot-dt2c-native"
|
||||
|
||||
@@ -11,9 +11,3 @@ TFA_UEFI = "1"
|
||||
|
||||
EXTRA_OEMAKE += "TRUSTED_BOARD_BOOT=1 GENERATE_COT=1 ARM_ROTPK_LOCATION=devel_rsa \
|
||||
ROT_KEY=plat/arm/board/common/rotpk/arm_rotprivk_rsa.pem"
|
||||
|
||||
# If GENERATE_COT is set, then tf-a will try to use local poetry install
|
||||
# to run the python cot-dt2c command. Disable the local poetry and use
|
||||
# the provided cot-dt2c.
|
||||
EXTRA_OEMAKE += "POETRY=''"
|
||||
DEPENDS += "cot-dt2c-native"
|
||||
|
||||
@@ -8,5 +8,6 @@ MACHINE_TFA_REQUIRE:fvp-base = "trusted-firmware-a-fvp-base.inc"
|
||||
MACHINE_TFA_REQUIRE:juno = "trusted-firmware-a-juno.inc"
|
||||
MACHINE_TFA_REQUIRE:sbsa-ref = "trusted-firmware-a-sbsa-ref.inc"
|
||||
MACHINE_TFA_REQUIRE:sgi575 = "trusted-firmware-a-sgi575.inc"
|
||||
MACHINE_TFA_REQUIRE:tc = "trusted-firmware-a-tc.inc"
|
||||
|
||||
require ${MACHINE_TFA_REQUIRE}
|
||||
|
||||
+88
@@ -0,0 +1,88 @@
|
||||
From 4d3ebb03b89b122af490824ca73287954a35bd07 Mon Sep 17 00:00:00 2001
|
||||
From: Jamie Fox <jamie.fox@arm.com>
|
||||
Date: Thu, 22 Aug 2024 16:54:45 +0100
|
||||
Subject: [PATCH] Platform: corstone1000: Fix isolation L2 memory protection
|
||||
|
||||
The whole of the SRAM was configured unprivileged on this platform, so
|
||||
the memory protection required for isolation level 2 was not present.
|
||||
|
||||
This patch changes the S_DATA_START to S_DATA_LIMIT MPU region to be
|
||||
configured for privileged access only. It also reorders the MPU regions
|
||||
so that the App RoT sub-region overlapping S_DATA has a higher region
|
||||
number and so takes priority in the operation of the Armv6-M MPU.
|
||||
|
||||
Signed-off-by: Jamie Fox <jamie.fox@arm.com>
|
||||
Upstream-Status: Submitted [https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/30951]
|
||||
---
|
||||
.../arm/corstone1000/tfm_hal_isolation.c | 43 +++++++++----------
|
||||
1 file changed, 21 insertions(+), 22 deletions(-)
|
||||
|
||||
diff --git a/platform/ext/target/arm/corstone1000/tfm_hal_isolation.c b/platform/ext/target/arm/corstone1000/tfm_hal_isolation.c
|
||||
index 39b19c535..498f14ed2 100644
|
||||
--- a/platform/ext/target/arm/corstone1000/tfm_hal_isolation.c
|
||||
+++ b/platform/ext/target/arm/corstone1000/tfm_hal_isolation.c
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
- * Copyright (c) 2020-2023, Arm Limited. All rights reserved.
|
||||
+ * Copyright (c) 2020-2024, Arm Limited. All rights reserved.
|
||||
* Copyright (c) 2022 Cypress Semiconductor Corporation (an Infineon
|
||||
* company) or an affiliate of Cypress Semiconductor Corporation. All rights
|
||||
* reserved.
|
||||
@@ -99,6 +99,26 @@ enum tfm_hal_status_t tfm_hal_set_up_static_boundaries(
|
||||
return ret;
|
||||
}
|
||||
|
||||
+ /* Set the RAM attributes. It is needed because the first region overlaps the whole
|
||||
+ * SRAM and it has to be overridden.
|
||||
+ * The RAM_MPU_REGION_BLOCK_1_SIZE and RAM_MPU_REGION_BLOCK_2_SIZE are calculated manually
|
||||
+ * and added to the platform_region_defs compile definitions.
|
||||
+ */
|
||||
+ base = S_DATA_START;
|
||||
+ limit = S_DATA_START + RAM_MPU_REGION_BLOCK_1_SIZE;
|
||||
+ ret = configure_mpu(rnr++, base, limit,
|
||||
+ XN_EXEC_NOT_OK, AP_RW_PRIV_ONLY);
|
||||
+ if (ret != TFM_HAL_SUCCESS) {
|
||||
+ return ret;
|
||||
+ }
|
||||
+
|
||||
+ base = S_DATA_START + RAM_MPU_REGION_BLOCK_1_SIZE;
|
||||
+ limit = S_DATA_START + RAM_MPU_REGION_BLOCK_1_SIZE + RAM_MPU_REGION_BLOCK_2_SIZE;
|
||||
+ ret = configure_mpu(rnr++, base, limit,
|
||||
+ XN_EXEC_NOT_OK, AP_RW_PRIV_ONLY);
|
||||
+ if (ret != TFM_HAL_SUCCESS) {
|
||||
+ return ret;
|
||||
+ }
|
||||
|
||||
/* RW, ZI and stack as one region */
|
||||
base = (uint32_t)®ION_NAME(Image$$, TFM_APP_RW_STACK_START, $$Base);
|
||||
@@ -133,27 +153,6 @@ enum tfm_hal_status_t tfm_hal_set_up_static_boundaries(
|
||||
|
||||
#endif
|
||||
|
||||
- /* Set the RAM attributes. It is needed because the first region overlaps the whole
|
||||
- * SRAM and it has to be overridden.
|
||||
- * The RAM_MPU_REGION_BLOCK_1_SIZE and RAM_MPU_REGION_BLOCK_2_SIZE are calculated manually
|
||||
- * and added to the platform_region_defs compile definitions.
|
||||
- */
|
||||
- base = S_DATA_START;
|
||||
- limit = S_DATA_START + RAM_MPU_REGION_BLOCK_1_SIZE;
|
||||
- ret = configure_mpu(rnr++, base, limit,
|
||||
- XN_EXEC_NOT_OK, AP_RW_PRIV_UNPRIV);
|
||||
- if (ret != TFM_HAL_SUCCESS) {
|
||||
- return ret;
|
||||
- }
|
||||
-
|
||||
- base = S_DATA_START + RAM_MPU_REGION_BLOCK_1_SIZE;
|
||||
- limit = S_DATA_START + RAM_MPU_REGION_BLOCK_1_SIZE + RAM_MPU_REGION_BLOCK_2_SIZE;
|
||||
- ret = configure_mpu(rnr++, base, limit,
|
||||
- XN_EXEC_NOT_OK, AP_RW_PRIV_UNPRIV);
|
||||
- if (ret != TFM_HAL_SUCCESS) {
|
||||
- return ret;
|
||||
- }
|
||||
-
|
||||
arm_mpu_enable();
|
||||
|
||||
#endif /* CONFIG_TFM_ENABLE_MEMORY_PROTECT */
|
||||
--
|
||||
2.25.1
|
||||
|
||||
@@ -35,6 +35,7 @@ SRC_URI:append:corstone1000 = " \
|
||||
file://0013-CC312-ADAC-Add-PSA_WANT_ALG_SHA_256-definition.patch \
|
||||
file://0014-Platform-CS1000-Add-crypto-configs-for-ADAC.patch \
|
||||
file://0015-Platform-CS1000-Fix-platform-name-in-logs.patch \
|
||||
file://0016-Platform-corstone1000-Fix-isolation-L2-memory-protection.patch \
|
||||
file://0017-Platform-CS1000-Remove-unused-BL1-files.patch \
|
||||
file://0018-Platform-CS1000-Remove-duplicated-metadata-write.patch \
|
||||
file://0019-Platform-CS1000-Fix-compiler-switch-in-BL1.patch \
|
||||
@@ -50,6 +51,16 @@ SRC_URI:append:corstone1000-mps3 = " \
|
||||
file://0003-Fix-psa_key_handle_t-initialization.patch;patchdir=../tfm-psa-adac \
|
||||
"
|
||||
|
||||
# TF-M ships patches for external dependencies that needs to be applied
|
||||
apply_tfm_patches() {
|
||||
find ${S}/lib/ext/qcbor -type f -name '*.patch' -print0 | sort -z | xargs -r -t -0 -n 1 patch -p1 -d ${S}/../qcbor/ -i
|
||||
find ${S}/lib/ext/mbedcrypto -type f -name '*.patch' -print0 | sort -z | xargs -r -t -0 -n 1 patch -p1 -d ${S}/../mbedtls/ -i
|
||||
find ${S}/lib/ext/mcuboot -type f -name '*.patch' -print0 | sort -z | xargs -r -t -0 -n 1 patch -p1 -d ${S}/../mcuboot/ -i
|
||||
find ${S}/lib/ext/tf-m-tests -type f -name '*.patch' -print0 | sort -z | xargs -r -t -0 -n 1 patch -p1 -d ${S}/../tf-m-tests/ -i
|
||||
}
|
||||
|
||||
do_patch[postfuncs] += "apply_tfm_patches"
|
||||
|
||||
do_install() {
|
||||
install -D -p -m 0644 ${B}/bin/tfm_s_signed.bin ${D}/firmware/tfm_s_signed.bin
|
||||
install -D -p -m 0644 ${B}/bin/bl2_signed.bin ${D}/firmware/bl2_signed.bin
|
||||
|
||||
@@ -68,7 +68,6 @@ SRC_URI:append = " \
|
||||
file://0050-fwu-Use-metadata-v2.patch \
|
||||
${@bb.utils.contains('MACHINE_FEATURES', 'corstone1000-extsys', \
|
||||
'', 'file://0051-corstone1000-purge-remoteproc-dts-node.patch' , d)} \
|
||||
file://0052-reserve-memory-for-se-comm.patch \
|
||||
"
|
||||
|
||||
do_configure:append() {
|
||||
|
||||
@@ -4,4 +4,6 @@ SRC_URI:append = " \
|
||||
file://0001-vexpress64-Set-the-DM_RNG-property.patch \
|
||||
file://0002-vexpress64-Select-PSCI-RESET-by-default.patch \
|
||||
file://0003-vexpress64-Imply-CONFIG_ARM64_CRC32-by-default.patch \
|
||||
file://0004-arm-Move-sev-and-wfe-definitions-to-common-Arm-heade.patch \
|
||||
file://0005-armv8-generic_timer-Use-event-stream-for-udelay.patch \
|
||||
"
|
||||
|
||||
-46
@@ -1,46 +0,0 @@
|
||||
From 8fdd91630f335b71e55e570a011f07b083c47dd6 Mon Sep 17 00:00:00 2001
|
||||
From: Emekcan Aras <emekcan.aras@arm.com>
|
||||
Date: Mon, 10 Jul 2023 19:00:43 +0100
|
||||
Subject: [PATCH] arm-bsp/u-boot: Reserve memory for RSS comm pointer access protocol
|
||||
|
||||
This memory was used by OpenAMP to establish communication between
|
||||
the Secure Enclave and Trusted Services. After transitioning from
|
||||
OpenAMP to RSE_COMMS, this shared memory is now configured for the
|
||||
pointer access protocol in RSE_COMMS.
|
||||
|
||||
Since this memory may be still used by a user-space application
|
||||
in linux as U-Boot is passing an EFI memory map starting from
|
||||
0x80000000, this memory range should be reserved as the
|
||||
pointer access protocol may be enabled on corstone1000 in the future.
|
||||
|
||||
Upstream-Status: Pending [Not submitted to upstream yet]
|
||||
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
|
||||
|
||||
---
|
||||
arch/arm/dts/corstone1000.dtsi | 11 +++++++++++
|
||||
1 file changed, 11 insertions(+)
|
||||
|
||||
diff --git a/arch/arm/dts/corstone1000.dtsi b/arch/arm/dts/corstone1000.dtsi
|
||||
index 0f8ad255ce..a71b89c025 100644
|
||||
--- a/arch/arm/dts/corstone1000.dtsi
|
||||
+++ b/arch/arm/dts/corstone1000.dtsi
|
||||
@@ -45,6 +45,17 @@
|
||||
lba = <65536>;
|
||||
};
|
||||
|
||||
+ reserved-memory {
|
||||
+ #address-cells = <2>;
|
||||
+ #size-cells = <2>;
|
||||
+ ranges;
|
||||
+
|
||||
+ smem_mem: smem_region@88000000 {
|
||||
+ reg = <0x0 0x88000000 0x0 0x100000>;
|
||||
+ no-map;
|
||||
+ };
|
||||
+ };
|
||||
+
|
||||
gic: interrupt-controller@1c000000 {
|
||||
compatible = "arm,gic-400";
|
||||
#interrupt-cells = <3>;
|
||||
--
|
||||
2.17.1
|
||||
+84
@@ -0,0 +1,84 @@
|
||||
From b18a3c183d20812933d192d4b0d622b11ef2bf29 Mon Sep 17 00:00:00 2001
|
||||
From: Peter Hoyes <Peter.Hoyes@arm.com>
|
||||
Date: Wed, 1 May 2024 09:16:32 +0100
|
||||
Subject: [PATCH] arm: Move sev() and wfe() definitions to common Arm header
|
||||
file
|
||||
|
||||
The sev() and wfe() asm macros are currently defined only for
|
||||
mach-exynos. As these are common Arm instructions, move them to the
|
||||
common asm/system.h header file, for both Armv7 and Armv8, so they
|
||||
can be used by other machines.
|
||||
|
||||
wfe may theoretically trigger a context switch if an interrupt occurs
|
||||
so add a memory barrier to this call.
|
||||
|
||||
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
|
||||
Reviewed-by: Andre Przywara<andre.przywara@arm.com>
|
||||
|
||||
Upstream-Status: Backport
|
||||
Signed-off-by: Ross Burton <ross.burton@arm.com>
|
||||
---
|
||||
arch/arm/include/asm/system.h | 9 +++++++++
|
||||
arch/arm/mach-exynos/include/mach/system.h | 19 -------------------
|
||||
2 files changed, 9 insertions(+), 19 deletions(-)
|
||||
|
||||
diff --git a/arch/arm/include/asm/system.h b/arch/arm/include/asm/system.h
|
||||
index 43f7503571d7..51123c296843 100644
|
||||
--- a/arch/arm/include/asm/system.h
|
||||
+++ b/arch/arm/include/asm/system.h
|
||||
@@ -154,6 +154,13 @@ enum dcache_option {
|
||||
"wfi" : : : "memory"); \
|
||||
})
|
||||
|
||||
+#define wfe() \
|
||||
+ ({asm volatile( \
|
||||
+ "wfe" : : : "memory"); \
|
||||
+ })
|
||||
+
|
||||
+#define sev() asm volatile("sev")
|
||||
+
|
||||
static inline unsigned int current_el(void)
|
||||
{
|
||||
unsigned long el;
|
||||
@@ -369,6 +376,8 @@ void switch_to_hypervisor_ret(void);
|
||||
|
||||
#ifdef __ARM_ARCH_7A__
|
||||
#define wfi() __asm__ __volatile__ ("wfi" : : : "memory")
|
||||
+#define wfe() __asm__ __volatile__ ("wfe" : : : "memory")
|
||||
+#define sev() __asm__ __volatile__ ("sev")
|
||||
#else
|
||||
#define wfi()
|
||||
#endif
|
||||
diff --git a/arch/arm/mach-exynos/include/mach/system.h b/arch/arm/mach-exynos/include/mach/system.h
|
||||
index 5d0bebac5733..0aed4c3e2bf6 100644
|
||||
--- a/arch/arm/mach-exynos/include/mach/system.h
|
||||
+++ b/arch/arm/mach-exynos/include/mach/system.h
|
||||
@@ -36,25 +36,6 @@ struct exynos5_sysreg {
|
||||
|
||||
#define USB20_PHY_CFG_HOST_LINK_EN (1 << 0)
|
||||
|
||||
-/*
|
||||
- * This instruction causes an event to be signaled to all cores
|
||||
- * within a multiprocessor system. If SEV is implemented,
|
||||
- * WFE must also be implemented.
|
||||
- */
|
||||
-#define sev() __asm__ __volatile__ ("sev\n\t" : : );
|
||||
-/*
|
||||
- * If the Event Register is not set, WFE suspends execution until
|
||||
- * one of the following events occurs:
|
||||
- * - an IRQ interrupt, unless masked by the CPSR I-bit
|
||||
- * - an FIQ interrupt, unless masked by the CPSR F-bit
|
||||
- * - an Imprecise Data abort, unless masked by the CPSR A-bit
|
||||
- * - a Debug Entry request, if Debug is enabled
|
||||
- * - an Event signaled by another processor using the SEV instruction.
|
||||
- * If the Event Register is set, WFE clears it and returns immediately.
|
||||
- * If WFE is implemented, SEV must also be implemented.
|
||||
- */
|
||||
-#define wfe() __asm__ __volatile__ ("wfe\n\t" : : );
|
||||
-
|
||||
/* Move 0xd3 value to CPSR register to enable SVC mode */
|
||||
#define svc32_mode_en() __asm__ __volatile__ \
|
||||
("@ I&F disable, Mode: 0x13 - SVC\n\t" \
|
||||
--
|
||||
2.30.2
|
||||
|
||||
+105
@@ -0,0 +1,105 @@
|
||||
From ebc84d7b60c1ed3398e9f600fe3dc8406500bd35 Mon Sep 17 00:00:00 2001
|
||||
From: Peter Hoyes <Peter.Hoyes@arm.com>
|
||||
Date: Wed, 1 May 2024 09:16:33 +0100
|
||||
Subject: [PATCH] armv8: generic_timer: Use event stream for udelay
|
||||
|
||||
Polling cntpct_el0 in a tight loop for delays is inefficient.
|
||||
This is particularly apparent on Arm FVPs, which do not simulate
|
||||
real time, meaning that a 1s sleep can take a couple of orders
|
||||
of magnitude longer to execute in wall time.
|
||||
|
||||
If running at EL2 or above (where CNTHCTL_EL2 is available), enable
|
||||
the cntpct_el0 event stream temporarily and use wfe to implement
|
||||
the delay more efficiently. The event period is chosen as a
|
||||
trade-off between efficiency and the fact that Arm FVPs do not
|
||||
typically simulate real time.
|
||||
|
||||
This is only implemented for Armv8 boards, where an architectural
|
||||
timer exists, and only enabled by default for the ARCH_VEXPRESS64
|
||||
board family.
|
||||
|
||||
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
|
||||
Reviewed-by: Andre Przywara <andre.przywara@arm.com>
|
||||
|
||||
Upstream-Status: Backport
|
||||
Signed-off-by: Ross Burton <ross.burton@arm.com>
|
||||
---
|
||||
arch/arm/cpu/armv8/Kconfig | 8 ++++++++
|
||||
arch/arm/cpu/armv8/generic_timer.c | 27 +++++++++++++++++++++++++++
|
||||
arch/arm/include/asm/system.h | 6 ++++--
|
||||
3 files changed, 39 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/arch/arm/cpu/armv8/Kconfig b/arch/arm/cpu/armv8/Kconfig
|
||||
index 9f0fb369f773..199335cd6040 100644
|
||||
--- a/arch/arm/cpu/armv8/Kconfig
|
||||
+++ b/arch/arm/cpu/armv8/Kconfig
|
||||
@@ -191,6 +191,14 @@ config ARMV8_EA_EL3_FIRST
|
||||
Exception handling at all exception levels for External Abort and
|
||||
SError interrupt exception are taken in EL3.
|
||||
|
||||
+config ARMV8_UDELAY_EVENT_STREAM
|
||||
+ bool "Use the event stream for udelay"
|
||||
+ default y if ARCH_VEXPRESS64
|
||||
+ help
|
||||
+ Use the event stream provided by the AArch64 architectural timer for
|
||||
+ delays. This is more efficient than the default polling
|
||||
+ implementation.
|
||||
+
|
||||
menuconfig ARMV8_CRYPTO
|
||||
bool "ARM64 Accelerated Cryptographic Algorithms"
|
||||
|
||||
diff --git a/arch/arm/cpu/armv8/generic_timer.c b/arch/arm/cpu/armv8/generic_timer.c
|
||||
index e4aa5a474553..1de7ec596fc7 100644
|
||||
--- a/arch/arm/cpu/armv8/generic_timer.c
|
||||
+++ b/arch/arm/cpu/armv8/generic_timer.c
|
||||
@@ -114,3 +114,30 @@ ulong timer_get_boot_us(void)
|
||||
|
||||
return val / get_tbclk();
|
||||
}
|
||||
+
|
||||
+#if CONFIG_IS_ENABLED(ARMV8_UDELAY_EVENT_STREAM)
|
||||
+void __udelay(unsigned long usec)
|
||||
+{
|
||||
+ u64 target = get_ticks() + usec_to_tick(usec);
|
||||
+
|
||||
+ /* At EL2 or above, use the event stream to avoid polling CNTPCT_EL0 so often */
|
||||
+ if (current_el() >= 2) {
|
||||
+ u32 cnthctl_val;
|
||||
+ const u8 event_period = 0x7;
|
||||
+
|
||||
+ asm volatile("mrs %0, cnthctl_el2" : "=r" (cnthctl_val));
|
||||
+ asm volatile("msr cnthctl_el2, %0" : : "r"
|
||||
+ (cnthctl_val | CNTHCTL_EL2_EVNT_EN | CNTHCTL_EL2_EVNT_I(event_period)));
|
||||
+
|
||||
+ while (get_ticks() + (1ULL << event_period) <= target)
|
||||
+ wfe();
|
||||
+
|
||||
+ /* Reset the event stream */
|
||||
+ asm volatile("msr cnthctl_el2, %0" : : "r" (cnthctl_val));
|
||||
+ }
|
||||
+
|
||||
+ /* Fall back to polling CNTPCT_EL0 */
|
||||
+ while (get_ticks() <= target)
|
||||
+ ;
|
||||
+}
|
||||
+#endif
|
||||
diff --git a/arch/arm/include/asm/system.h b/arch/arm/include/asm/system.h
|
||||
index 51123c296843..7e30cac32a09 100644
|
||||
--- a/arch/arm/include/asm/system.h
|
||||
+++ b/arch/arm/include/asm/system.h
|
||||
@@ -69,8 +69,10 @@
|
||||
/*
|
||||
* CNTHCTL_EL2 bits definitions
|
||||
*/
|
||||
-#define CNTHCTL_EL2_EL1PCEN_EN (1 << 1) /* Physical timer regs accessible */
|
||||
-#define CNTHCTL_EL2_EL1PCTEN_EN (1 << 0) /* Physical counter accessible */
|
||||
+#define CNTHCTL_EL2_EVNT_EN BIT(2) /* Enable the event stream */
|
||||
+#define CNTHCTL_EL2_EVNT_I(val) ((val) << 4) /* Event stream trigger bits */
|
||||
+#define CNTHCTL_EL2_EL1PCEN_EN (1 << 1) /* Physical timer regs accessible */
|
||||
+#define CNTHCTL_EL2_EL1PCTEN_EN (1 << 0) /* Physical counter accessible */
|
||||
|
||||
/*
|
||||
* HCR_EL2 bits definitions
|
||||
--
|
||||
2.30.2
|
||||
|
||||
@@ -4,6 +4,7 @@ MACHINE_U-BOOT_REQUIRE ?= ""
|
||||
MACHINE_U-BOOT_REQUIRE:corstone1000 = "u-boot-corstone1000.inc"
|
||||
MACHINE_U-BOOT_REQUIRE:fvp-base = "u-boot-fvp-base.inc"
|
||||
MACHINE_U-BOOT_REQUIRE:juno = "u-boot-juno.inc"
|
||||
MACHINE_U-BOOT_REQUIRE:tc = "u-boot-tc.inc"
|
||||
|
||||
require ${MACHINE_U-BOOT_REQUIRE}
|
||||
|
||||
|
||||
@@ -1,26 +0,0 @@
|
||||
# Install EDK2 Base Tools in native sysroot. Currently the BaseTools are not
|
||||
# built, they are just copied to native sysroot. This is sufficient for
|
||||
# generating UEFI capsules as it only depends on some python scripts. Other
|
||||
# tools need to be built first before adding to sysroot.
|
||||
|
||||
SUMMARY = "EDK2 Base Tools"
|
||||
LICENSE = "BSD-2-Clause-Patent"
|
||||
|
||||
# EDK2
|
||||
SRC_URI = "git://github.com/tianocore/edk2.git;branch=master;protocol=https"
|
||||
LIC_FILES_CHKSUM = "file://License.txt;md5=2b415520383f7964e96700ae12b4570a"
|
||||
|
||||
SRCREV = "b158dad150bf02879668f72ce306445250838201"
|
||||
|
||||
UPSTREAM_CHECK_GITTAGREGEX = "^edk2-stable(?P<pver>\d+)$"
|
||||
|
||||
S = "${WORKDIR}/git"
|
||||
|
||||
inherit native
|
||||
|
||||
RDEPENDS:${PN} += "python3-core"
|
||||
|
||||
do_install () {
|
||||
mkdir -p ${D}${bindir}/edk2-BaseTools
|
||||
cp -r ${WORKDIR}/git/BaseTools/* ${D}${bindir}/edk2-BaseTools/
|
||||
}
|
||||
@@ -5,6 +5,3 @@ EDK2_PLATFORM_DSC = "Platform/ARM/SgiPkg/Sgi575/Sgi575.dsc"
|
||||
EDK2_BIN_NAME = "BL33_AP_UEFI.fd"
|
||||
|
||||
COMPATIBLE_MACHINE = "sgi575"
|
||||
|
||||
FILESEXTRAPATHS:prepend := "${THISDIR}/files:"
|
||||
SRC_URI += " file://0001-Platform-Sgi-workaround-ArmFfaLib-error.patch;patchdir=edk2-platforms"
|
||||
|
||||
@@ -1,9 +0,0 @@
|
||||
SRCREV_edk2 ?= "b158dad150bf02879668f72ce306445250838201"
|
||||
SRCREV_edk2-platforms ?= "a3c898956a4d48dc5980336fa6ce6eeb23c4f72b"
|
||||
|
||||
SRC_URI += "file://0001-Platform-StMmRpmb-Fix-build.patch;patchdir=edk2-platforms"
|
||||
|
||||
# FIXME - clang is having issues with antlr
|
||||
TOOLCHAIN:aarch64 = "gcc"
|
||||
|
||||
require recipes-bsp/uefi/edk2-firmware.inc
|
||||
-41
@@ -1,41 +0,0 @@
|
||||
From b368ff0e774508b60c18bc19fbfaaa3910616e66 Mon Sep 17 00:00:00 2001
|
||||
From: Jon Mason <jon.mason@arm.com>
|
||||
Date: Wed, 2 Apr 2025 15:57:21 -0400
|
||||
Subject: [PATCH] Platform/Sgi: workaround ArmFfaLib error
|
||||
|
||||
When attempting to build sgi575, the following error is encountered
|
||||
|
||||
| Active Platform = /builder/meta-arm/build/tmp/work/sgi575-poky-linux/edk2-firmware/202502/edk2/edk2-platforms/Platform/ARM/SgiPkg/Sgi575/Sgi575.dsc
|
||||
|
|
||||
|
|
||||
| build.py...
|
||||
| /builder/meta-arm/build/tmp/work/sgi575-poky-linux/edk2-firmware/202502/edk2/edk2-platforms/Platform/ARM/SgiPkg/Sgi575/Sgi575.dsc(...): error 4000: Instance of library class [ArmFfaLib] is not found
|
||||
| in [/builder/meta-arm/build/tmp/work/sgi575-poky-linux/edk2-firmware/202502/edk2/ArmPkg/Drivers/MmCommunicationDxe/MmCommunication.inf] [AARCH64]
|
||||
| consumed by module [/builder/meta-arm/build/tmp/work/sgi575-poky-linux/edk2-firmware/202502/edk2/ArmPkg/Drivers/MmCommunicationDxe/MmCommunication.inf]
|
||||
|
|
||||
|
|
||||
|
||||
This is because commit 9f9a3de9e4c5595cd42d14c705570887630209d8 in
|
||||
edk2-firmware adds a reference to the ArmFfaLib in
|
||||
ArmPkg/Drivers/MmCommunicationDxe/MmCommunication.inf
|
||||
That file is referenced in Platform/ARM/SgiPkg/SgiPlatform.dsc.inc
|
||||
|
||||
To workaround this issue, add the ArmFfaLib to Sgi575.dsc.
|
||||
|
||||
Upstream-Status: Pending [https://github.com/tianocore/edk2-platforms/issues/761]
|
||||
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
||||
---
|
||||
Platform/ARM/SgiPkg/Sgi575/Sgi575.dsc | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/Platform/ARM/SgiPkg/Sgi575/Sgi575.dsc b/Platform/ARM/SgiPkg/Sgi575/Sgi575.dsc
|
||||
index f29272778d73..30f2d1fd49a7 100644
|
||||
--- a/Platform/ARM/SgiPkg/Sgi575/Sgi575.dsc
|
||||
+++ b/Platform/ARM/SgiPkg/Sgi575/Sgi575.dsc
|
||||
@@ -55,3 +55,6 @@
|
||||
|
||||
[Components.common]
|
||||
Platform/ARM/SgiPkg/AcpiTables/Sgi575AcpiTables.inf
|
||||
+
|
||||
+[LibraryClasses.common.DXE_RUNTIME_DRIVER]
|
||||
+ ArmFfaLib|ArmPkg/Library/ArmFfaLib/ArmFfaDxeLib.inf
|
||||
@@ -1,38 +0,0 @@
|
||||
From ee185eda7b7ec9a0c82827fea197fbb73d971f93 Mon Sep 17 00:00:00 2001
|
||||
From: Ard Biesheuvel <ardb@kernel.org>
|
||||
Date: Thu, 29 Aug 2024 21:21:50 +0200
|
||||
Subject: [PATCH] Platform/StMmRpmb: Fix build
|
||||
|
||||
Add some missing library class resolutions relating to changes in the
|
||||
core upstream EDK2 repo.
|
||||
|
||||
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
|
||||
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
||||
---
|
||||
.../PlatformStandaloneMmPkg/PlatformStandaloneMmRpmb.dsc | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
Upstream-Status: Backport
|
||||
|
||||
diff --git a/Platform/StandaloneMm/PlatformStandaloneMmPkg/PlatformStandaloneMmRpmb.dsc b/Platform/StandaloneMm/PlatformStandaloneMmPkg/PlatformStandaloneMmRpmb.dsc
|
||||
index 653029c52f..54c7a63b41 100644
|
||||
--- a/Platform/StandaloneMm/PlatformStandaloneMmPkg/PlatformStandaloneMmRpmb.dsc
|
||||
+++ b/Platform/StandaloneMm/PlatformStandaloneMmPkg/PlatformStandaloneMmRpmb.dsc
|
||||
@@ -41,11 +41,14 @@
|
||||
ExtractGuidedSectionLib|EmbeddedPkg/Library/PrePiExtractGuidedSectionLib/PrePiExtractGuidedSectionLib.inf
|
||||
FvLib|StandaloneMmPkg/Library/FvLib/FvLib.inf
|
||||
HobLib|StandaloneMmPkg/Library/StandaloneMmCoreHobLib/StandaloneMmCoreHobLib.inf
|
||||
+ HobPrintLib|MdeModulePkg/Library/HobPrintLib/HobPrintLib.inf
|
||||
+ ImagePropertiesRecordLib|MdeModulePkg/Library/ImagePropertiesRecordLib/ImagePropertiesRecordLib.inf
|
||||
IoLib|MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsic.inf
|
||||
NULL|MdePkg/Library/BaseStackCheckLib/BaseStackCheckLib.inf
|
||||
MemLib|StandaloneMmPkg/Library/StandaloneMmMemLib/StandaloneMmMemLib.inf
|
||||
MemoryAllocationLib|StandaloneMmPkg/Library/StandaloneMmCoreMemoryAllocationLib/StandaloneMmCoreMemoryAllocationLib.inf
|
||||
PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf
|
||||
+ PeCoffGetEntryPointLib|MdePkg/Library/BasePeCoffGetEntryPointLib/BasePeCoffGetEntryPointLib.inf
|
||||
PeCoffLib|MdePkg/Library/BasePeCoffLib/BasePeCoffLib.inf
|
||||
PrintLib|MdePkg/Library/BasePrintLib/BasePrintLib.inf
|
||||
VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf
|
||||
--
|
||||
2.43.0
|
||||
|
||||
-1
@@ -1,3 +1,2 @@
|
||||
CONFIG_I2C=y
|
||||
CONFIG_I2C_DESIGNWARE_CORE=y
|
||||
CONFIG_I2C_DESIGNWARE_PLATFORM=y
|
||||
|
||||
+1
-1
@@ -18,7 +18,7 @@ The driver also supports control of multiple remote processors at the
|
||||
same time.
|
||||
|
||||
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
|
||||
Upstream-Status: Denied [Agreement reached: https://lore.kernel.org/all/20241009094635.GA14639@e130802.arm.com/]
|
||||
Upstream-Status: Submitted [cover letter: https://lore.kernel.org/all/20240301164227.339208-1-abdellatif.elkhlifi@arm.com/]
|
||||
---
|
||||
MAINTAINERS | 6 +
|
||||
drivers/remoteproc/Kconfig | 18 ++
|
||||
|
||||
+1
-1
@@ -6,7 +6,7 @@ Subject: [PATCH 2/6] arm64: dts: Add corstone1000 external system device node
|
||||
add device tree node for the external system core in Corstone-1000
|
||||
|
||||
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
|
||||
Upstream-Status: Denied [Agreement reached: https://lore.kernel.org/all/20241009094635.GA14639@e130802.arm.com/]
|
||||
Upstream-Status: Submitted [cover letter: https://lore.kernel.org/all/20240301164227.339208-1-abdellatif.elkhlifi@arm.com/]
|
||||
---
|
||||
arch/arm64/boot/dts/arm/corstone1000.dtsi | 10 +++++++++-
|
||||
1 file changed, 9 insertions(+), 1 deletion(-)
|
||||
|
||||
+1
-1
@@ -6,7 +6,7 @@ Subject: [PATCH 3/6] dt-bindings: remoteproc: Add Arm remoteproc
|
||||
introduce the bindings for Arm remoteproc support.
|
||||
|
||||
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
|
||||
Upstream-Status: Denied [Agreement reached: https://lore.kernel.org/all/20241009094635.GA14639@e130802.arm.com/]
|
||||
Upstream-Status: Submitted [cover letter: https://lore.kernel.org/all/20240301164227.339208-1-abdellatif.elkhlifi@arm.com/]
|
||||
---
|
||||
.../bindings/remoteproc/arm,rproc.yaml | 69 +++++++++++++++++++
|
||||
MAINTAINERS | 1 +
|
||||
|
||||
@@ -90,6 +90,13 @@ COMPATIBLE_MACHINE:sgi575 = "sgi575"
|
||||
KBUILD_DEFCONFIG:sgi575 = "defconfig"
|
||||
KCONFIG_MODE:sgi575 = "--alldefconfig"
|
||||
|
||||
#
|
||||
# Total Compute (TC0/TC1) KMACHINE
|
||||
#
|
||||
COMPATIBLE_MACHINE:tc = "(tc0|tc1)"
|
||||
KBUILD_DEFCONFIG:tc = "defconfig"
|
||||
KCONFIG_MODE:tc = "--alldefconfig"
|
||||
|
||||
#
|
||||
# sbsa-ref KMACHINE
|
||||
#
|
||||
|
||||
+28
@@ -0,0 +1,28 @@
|
||||
From 1410d9e9c3e73b1319b98be67ad00c7630c4cb2e Mon Sep 17 00:00:00 2001
|
||||
From: Emekcan Aras <Emekcan.Aras@arm.com>
|
||||
Date: Wed, 3 Apr 2024 16:05:07 +0100
|
||||
Subject: [PATCH] increase tzdram size
|
||||
|
||||
Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/commit/258b72d242cd1a8ae56c87f9572a0624084785c7]
|
||||
Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
|
||||
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
|
||||
---
|
||||
core/arch/arm/plat-corstone1000/conf.mk | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/core/arch/arm/plat-corstone1000/conf.mk b/core/arch/arm/plat-corstone1000/conf.mk
|
||||
index 98347b143..c2dd71f05 100644
|
||||
--- a/core/arch/arm/plat-corstone1000/conf.mk
|
||||
+++ b/core/arch/arm/plat-corstone1000/conf.mk
|
||||
@@ -34,7 +34,7 @@ CFG_TEE_CORE_NB_CORE ?= 1
|
||||
CFG_TZDRAM_START ?= 0x02002000
|
||||
|
||||
# TEE_RAM (OPTEE kernel + DATA) + TA_RAM = 3MB
|
||||
-CFG_TZDRAM_SIZE ?= 0x300000
|
||||
+CFG_TZDRAM_SIZE ?= 0x340000
|
||||
CFG_SHMEM_START ?= 0x86000000
|
||||
CFG_SHMEM_SIZE ?= 0x00200000
|
||||
|
||||
--
|
||||
2.25.1
|
||||
|
||||
-30
@@ -1,30 +0,0 @@
|
||||
From ce58e4d78dc7a4f3c3b08ee425461eb190d70543 Mon Sep 17 00:00:00 2001
|
||||
From: Bence Balogh <bence.balogh@arm.com>
|
||||
Date: Fri, 1 Nov 2024 00:45:53 +0100
|
||||
Subject: [PATCH] plat-corstone1000: increase CFG_TZDRAM_SIZE
|
||||
|
||||
TZDRAM is a 4MB SRAM in Corstone-1000. Its start address is `0x0200_0000`
|
||||
but the first 0x2000 bytes are reserved for future use. `CFG_TZDRAM_SIZE`
|
||||
can be increased to `0x360000` so OP-TEE has more RAM.
|
||||
|
||||
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
|
||||
Upstream-Status: Pending
|
||||
---
|
||||
core/arch/arm/plat-corstone1000/conf.mk | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/core/arch/arm/plat-corstone1000/conf.mk b/core/arch/arm/plat-corstone1000/conf.mk
|
||||
index 9fa0729d5..745dc958a 100644
|
||||
--- a/core/arch/arm/plat-corstone1000/conf.mk
|
||||
+++ b/core/arch/arm/plat-corstone1000/conf.mk
|
||||
@@ -34,7 +34,7 @@ CFG_TEE_CORE_NB_CORE ?= 1
|
||||
CFG_TZDRAM_START ?= 0x02002000
|
||||
|
||||
# TEE_RAM (OP-TEE kernel + DATA) + TA_RAM
|
||||
-CFG_TZDRAM_SIZE ?= 0x340000
|
||||
+CFG_TZDRAM_SIZE ?= 0x360000
|
||||
CFG_SHMEM_START ?= 0x86000000
|
||||
CFG_SHMEM_SIZE ?= 0x00200000
|
||||
|
||||
--
|
||||
2.25.1
|
||||
+43
@@ -0,0 +1,43 @@
|
||||
From 2fadadf1075c95b2955f047fa0387b39612f7b30 Mon Sep 17 00:00:00 2001
|
||||
From: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
|
||||
Date: Thu, 30 May 2024 13:37:38 +0000
|
||||
Subject: [PATCH] plat-corstone1000: Remove MMCOMM buffer address
|
||||
|
||||
Remove MMCOMM buffer address and mapping, as it is not being used anymore
|
||||
|
||||
Upstream-Status: Backport [In v3, https://github.com/OP-TEE/optee_os/commit/eaee88fbcac6dcc15fe1d1a758b53eb2b66cfc60]
|
||||
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
|
||||
---
|
||||
core/arch/arm/plat-corstone1000/main.c | 1 -
|
||||
core/arch/arm/plat-corstone1000/platform_config.h | 3 ---
|
||||
2 files changed, 4 deletions(-)
|
||||
|
||||
diff --git a/core/arch/arm/plat-corstone1000/main.c b/core/arch/arm/plat-corstone1000/main.c
|
||||
index b3861c4c8..61171b9a9 100644
|
||||
--- a/core/arch/arm/plat-corstone1000/main.c
|
||||
+++ b/core/arch/arm/plat-corstone1000/main.c
|
||||
@@ -15,7 +15,6 @@
|
||||
static struct pl011_data console_data __nex_bss;
|
||||
|
||||
register_ddr(DRAM0_BASE, DRAM0_SIZE);
|
||||
-register_ddr(MM_COMM_BUF_BASE, MM_COMM_BUF_SIZE);
|
||||
|
||||
register_phys_mem_pgdir(MEM_AREA_IO_SEC, CONSOLE_UART_BASE, PL011_REG_SIZE);
|
||||
register_phys_mem_pgdir(MEM_AREA_IO_SEC, GICD_BASE, GIC_DIST_REG_SIZE);
|
||||
diff --git a/core/arch/arm/plat-corstone1000/platform_config.h b/core/arch/arm/plat-corstone1000/platform_config.h
|
||||
index 6653d38bc..f59c93a14 100644
|
||||
--- a/core/arch/arm/plat-corstone1000/platform_config.h
|
||||
+++ b/core/arch/arm/plat-corstone1000/platform_config.h
|
||||
@@ -26,9 +26,6 @@
|
||||
#define GICD_BASE (GIC_BASE + GICD_OFFSET)
|
||||
#define GICC_BASE (GIC_BASE + GICC_OFFSET)
|
||||
|
||||
-#define MM_COMM_BUF_BASE 0x02000000
|
||||
-#define MM_COMM_BUF_SIZE 0x1000
|
||||
-
|
||||
#define UART_BAUDRATE 115200
|
||||
#define CONSOLE_BAUDRATE UART_BAUDRATE
|
||||
|
||||
--
|
||||
2.34.1
|
||||
|
||||
@@ -0,0 +1,46 @@
|
||||
#!/bin/sh
|
||||
|
||||
# Source function library
|
||||
. /etc/init.d/functions
|
||||
|
||||
NAME=tee-supplicant
|
||||
PATH=/sbin:/bin:/usr/sbin:/usr/bin
|
||||
DESC="OP-TEE Supplicant"
|
||||
|
||||
DAEMON=@sbindir@/$NAME
|
||||
|
||||
test -f $DAEMON || exit 0
|
||||
|
||||
test -f @sysconfdir@/default/$NAME && . @sysconfdir@/default/$NAME
|
||||
test -f @sysconfdir@/default/rcS && . @sysconfdir@/default/rcS
|
||||
|
||||
SSD_OPTIONS="--oknodo --quiet --exec $DAEMON -- -d $OPTARGS"
|
||||
|
||||
set -e
|
||||
|
||||
case $1 in
|
||||
start)
|
||||
echo -n "Starting $DESC: "
|
||||
start-stop-daemon --start $SSD_OPTIONS
|
||||
echo "${DAEMON##*/}."
|
||||
;;
|
||||
stop)
|
||||
echo -n "Stopping $DESC: "
|
||||
start-stop-daemon --stop $SSD_OPTIONS
|
||||
echo "${DAEMON##*/}."
|
||||
;;
|
||||
restart|force-reload)
|
||||
$0 stop
|
||||
sleep 1
|
||||
$0 start
|
||||
;;
|
||||
status)
|
||||
status ${DAEMON} || exit $?
|
||||
;;
|
||||
*)
|
||||
echo "Usage: $0 {start|stop|restart|force-reload|status}" >&2
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
|
||||
exit 0
|
||||
@@ -0,0 +1,10 @@
|
||||
[Unit]
|
||||
Description=TEE Supplicant on %i
|
||||
|
||||
[Service]
|
||||
User=root
|
||||
EnvironmentFile=-@sysconfdir@/default/tee-supplicant
|
||||
ExecStart=@sbindir@/tee-supplicant $OPTARGS
|
||||
|
||||
[Install]
|
||||
WantedBy=basic.target
|
||||
@@ -1,7 +1,8 @@
|
||||
FILESEXTRAPATHS:prepend := "${THISDIR}/files/optee-os/corstone1000:"
|
||||
SRC_URI:append = " \
|
||||
file://0001-Handle-logging-syscall.patch \
|
||||
file://0002-plat-corstone1000-increase-CFG_TZDRAM_SIZE.patch \
|
||||
file://0002-increase-tzdram-size.patch \
|
||||
file://0003-plat-corstone1000-Remove-MMCOMM-buffer-address.patch \
|
||||
"
|
||||
|
||||
COMPATIBLE_MACHINE = "corstone1000"
|
||||
|
||||
-65
@@ -1,65 +0,0 @@
|
||||
From e5a4487e2b757d0063148691c7d06ae1c7e15b9a Mon Sep 17 00:00:00 2001
|
||||
From: Emekcan Aras <emekcan.aras@arm.com>
|
||||
Date: Tue, 18 Jun 2024 11:52:43 +0100
|
||||
Subject: [PATCH] protobuf fix
|
||||
|
||||
Upstream-Status: Pending (not yet submitted to upstream)
|
||||
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
|
||||
---
|
||||
.../se-proxy/env/commonsp/se_proxy_sp.c | 25 ++++++++++++++++++-
|
||||
1 file changed, 24 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/deployments/se-proxy/env/commonsp/se_proxy_sp.c b/deployments/se-proxy/env/commonsp/se_proxy_sp.c
|
||||
index a0eb03b6f..e2774c135 100644
|
||||
--- a/deployments/se-proxy/env/commonsp/se_proxy_sp.c
|
||||
+++ b/deployments/se-proxy/env/commonsp/se_proxy_sp.c
|
||||
@@ -13,6 +13,7 @@
|
||||
#include "trace.h"
|
||||
#include "deployments/se-proxy/infra/service_proxy_factory.h"
|
||||
#include "deployments/se-proxy/se_proxy_interfaces.h"
|
||||
+#include <service/crypto/factory/crypto_provider_factory.h>
|
||||
|
||||
static bool sp_init(uint16_t *own_sp_id);
|
||||
|
||||
@@ -39,7 +40,7 @@ void __noreturn sp_main(union ffa_boot_info *boot_info)
|
||||
goto fatal_error;
|
||||
}
|
||||
|
||||
- rpc_status = ts_rpc_endpoint_sp_init(&rpc_endpoint, 5, 16);
|
||||
+ rpc_status = ts_rpc_endpoint_sp_init(&rpc_endpoint, 6, 16);
|
||||
if (rpc_status != RPC_SUCCESS) {
|
||||
EMSG("Failed to initialize RPC endpoint: %d", rpc_status);
|
||||
goto fatal_error;
|
||||
@@ -129,6 +130,28 @@ void __noreturn sp_main(union ffa_boot_info *boot_info)
|
||||
goto fatal_error;
|
||||
}
|
||||
|
||||
+ struct rpc_service_interface *crypto_iface_protobuf = NULL;
|
||||
+ struct crypto_provider *crypto_protobuf_provider = NULL;
|
||||
+
|
||||
+ crypto_protobuf_provider = crypto_protobuf_provider_factory_create();
|
||||
+ if (!crypto_protobuf_provider) {
|
||||
+ EMSG("Failed to create crypto protobuf provider factory");
|
||||
+ goto fatal_error;
|
||||
+ }
|
||||
+
|
||||
+ crypto_iface_protobuf = service_provider_get_rpc_interface(
|
||||
+ &crypto_protobuf_provider->base_provider);
|
||||
+ if (!crypto_iface_protobuf) {
|
||||
+ EMSG("Failed to create service provider RPC interface");
|
||||
+ goto fatal_error;
|
||||
+ }
|
||||
+
|
||||
+ rpc_status = ts_rpc_endpoint_sp_add_service(&rpc_endpoint, crypto_iface_protobuf);
|
||||
+ if (rpc_status != RPC_SUCCESS) {
|
||||
+ EMSG("Failed to add service to RPC endpoint: %d", rpc_status);
|
||||
+ goto fatal_error;
|
||||
+ }
|
||||
+
|
||||
while (1) {
|
||||
ts_rpc_endpoint_sp_receive(&rpc_endpoint, &req_msg, &resp_msg);
|
||||
|
||||
--
|
||||
2.25.1
|
||||
|
||||
|
||||
-29
@@ -1,29 +0,0 @@
|
||||
From 71da6c0384fb241cadf052968e8dce9c357e4a33 Mon Sep 17 00:00:00 2001
|
||||
From: Ali Can Ozaslan <ali.oezaslan@arm.com>
|
||||
Date: Tue, 29 Apr 2025 07:52:14 +0000
|
||||
Subject: [PATCH] Align PSA Crypto structs with TF-Mv2.1.1
|
||||
|
||||
The psa_client_key_attributes_s struct had to be aligned with the
|
||||
psa_key_attributes_s struct in TF-M.
|
||||
|
||||
Signed-off-by: Ali Can Ozaslan <ali.oezaslan@arm.com>
|
||||
Upstream-Status: Pending
|
||||
---
|
||||
components/service/crypto/include/psa/crypto_client_struct.h | 1 -
|
||||
1 file changed, 1 deletion(-)
|
||||
|
||||
diff --git a/components/service/crypto/include/psa/crypto_client_struct.h b/components/service/crypto/include/psa/crypto_client_struct.h
|
||||
index ebc4008..f0c8cad 100644
|
||||
--- a/components/service/crypto/include/psa/crypto_client_struct.h
|
||||
+++ b/components/service/crypto/include/psa/crypto_client_struct.h
|
||||
@@ -38,7 +38,6 @@ struct psa_client_key_attributes_s
|
||||
uint32_t alg;
|
||||
uint32_t alg2;
|
||||
uint32_t id;
|
||||
- int32_t owner_id;
|
||||
};
|
||||
|
||||
#define PSA_CLIENT_KEY_ATTRIBUTES_INIT {0, 0, 0, 0, 0, 0}
|
||||
--
|
||||
2.34.1
|
||||
|
||||
@@ -21,8 +21,6 @@ SRC_URI:append:corstone1000 = " \
|
||||
file://0017-Implement-Private-Authenticated-Variable-verificatio.patch \
|
||||
file://0018-Make-RSS-and-MHU-sizes-compile-time-definitions-user.patch \
|
||||
file://0019-Align-PSA-Crypto-with-TF-Mv2.1.patch \
|
||||
file://0020-se-proxy-protobuf-change.patch \
|
||||
file://0021-Align-PSA-Crypto-structs-with-TF-Mv2.1.1.patch \
|
||||
"
|
||||
|
||||
# The patches above introduce errors with GCC 14.1, silence them for now
|
||||
|
||||
@@ -5,6 +5,6 @@
|
||||
|
||||
part /boot --source bootimg-efi --sourceparams="loader=${EFI_PROVIDER}" --label boot --active --align 1024 --use-uuid --part-name="ESP" --part-type=C12A7328-F81F-11D2-BA4B-00A0C93EC93B --fixed-size 256M
|
||||
|
||||
part / --source rootfs --fstype=ext4 --label root --align 1024 --use-uuid --exclude-path boot/ ${IMAGE_ROOTFS_EXTRA_ARGS}
|
||||
part / --source rootfs --fstype=ext4 --label root --align 1024 --use-uuid --exclude-path boot/
|
||||
|
||||
bootloader --ptable gpt --timeout=1 --append="${GRUB_LINUX_APPEND}"
|
||||
|
||||
@@ -0,0 +1,11 @@
|
||||
# short-description: Create an EFI disk image
|
||||
# long-description: Creates a partitioned EFI disk image that the user
|
||||
# can directly dd to boot media. Uses a custom grub.cfg file to configure the boot.
|
||||
|
||||
part /boot --source bootimg-efi --sourceparams="loader=grub-efi" --ondisk sda --label msdos --active --align 1024
|
||||
|
||||
part / --source rootfs --ondisk sda --fstype=ext4 --label root --align 1024 --uuid=9c53a91b-e182-4ff1-aeac-6ee2c432ae94
|
||||
|
||||
part swap --ondisk sda --size 44 --label swap1 --fstype=swap
|
||||
|
||||
bootloader --ptable gpt --configfile="sgi575-grub.cfg" --timeout=5
|
||||
@@ -0,0 +1,9 @@
|
||||
set debug="loader,mm"
|
||||
set term="vt100"
|
||||
set default="0"
|
||||
set timeout="1"
|
||||
|
||||
menuentry 'Arm reference image boot on sgi575' {
|
||||
linux /Image acpi=force console=ttyAMA0,115200 ip=dhcp root=PARTUUID=9c53a91b-e182-4ff1-aeac-6ee2c432ae94 rootwait verbose debug
|
||||
}
|
||||
|
||||
@@ -8,7 +8,7 @@ BBFILES += "${LAYERDIR}/recipes-*/*/*.bb \
|
||||
BBFILE_COLLECTIONS += "meta-arm-systemready"
|
||||
BBFILE_PATTERN_meta-arm-systemready = "^${LAYERDIR}/"
|
||||
|
||||
LAYERSERIES_COMPAT_meta-arm-systemready = "styhead walnascar"
|
||||
LAYERSERIES_COMPAT_meta-arm-systemready = "styhead"
|
||||
|
||||
LAYERDEPENDS_meta-arm-systemready = "core"
|
||||
|
||||
|
||||
@@ -48,7 +48,7 @@ TEST_SUITES = "arm_systemready_ir_acs"
|
||||
PV = "2.0.0"
|
||||
PV_DATE = "23.03"
|
||||
FULL_PV = "v${PV_DATE}_${PV}"
|
||||
ARM_SYSTEMREADY_IR_ACS_BRANCH ?= "legacy_systemready"
|
||||
ARM_SYSTEMREADY_IR_ACS_BRANCH ?= "main"
|
||||
IMAGE_FILENAME = "ir-acs-live-image-generic-arm64-${PV}.wic"
|
||||
SRC_URI = " \
|
||||
https://github.com/ARM-software/arm-systemready/raw/${ARM_SYSTEMREADY_IR_ACS_BRANCH}/IR/prebuilt_images/${FULL_PV}/ir-acs-live-image-generic-arm64.wic.xz;name=acs-img;downloadfilename=${IMAGE_FILENAME}.xz \
|
||||
|
||||
@@ -6,6 +6,70 @@ This layer contains recipes for the prebuilt GNU Arm toolchains.
|
||||
Information regarding contributing, reporting bugs, etc can be found in the
|
||||
top-level meta-arm readme file.
|
||||
|
||||
Recipes for pre-built GNU Arm toolchain for Linux development are provided under
|
||||
``recipes-devtools/external-arm-toolchain/``.
|
||||
|
||||
external-arm-toolchain.bb
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
This recipe provides support for pre-built GNU toolchains targeting processors
|
||||
from the Arm Cortex-A family and implementing the Arm A-profile architecture.
|
||||
|
||||
Usage
|
||||
^^^^^
|
||||
|
||||
In order to use any of pre-built Arm toolchain versions (8.2, 8.3, 9.2 and so
|
||||
on), a user needs to download and untar tool-set on host machine at a particular
|
||||
installation path eg: ``/opt/toolchain/``. Then user needs to specify following
|
||||
in ``conf/local.conf`` in order to replace OE toolchain with pre-built GNU-A
|
||||
toolchain:
|
||||
|
||||
TCMODE = "external-arm"
|
||||
EXTERNAL_TOOLCHAIN = "<path-to-the-toolchain>"
|
||||
|
||||
- Eg. for AArch64 (eg. qemuarm64 machine in poky distro)
|
||||
EXTERNAL_TOOLCHAIN = "\
|
||||
<installation-path>/gcc-arm-9.2-2019.12-x86_64-aarch64-none-linux-gnu \
|
||||
"
|
||||
|
||||
- Eg. for AArch32 (eg. qemuarm machine in poky distro)
|
||||
EXTERNAL_TOOLCHAIN = "\
|
||||
<installation-path>/gcc-arm-9.2-2019.12-x86_64-arm-none-linux-gnueabihf \
|
||||
"
|
||||
|
||||
Supported distros and machines
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
Since this pre-built GNU-A tool-set simply replaces OE toolchain, so it is
|
||||
meant to be distro and machine agnostic as long as one is cross-compiling for
|
||||
Arm A-profile architecture.
|
||||
|
||||
Tested distro and machines (for zeus stable release):
|
||||
1. Distro: poky; machines: qemuarm and qemuarm64 (build and boot tested)
|
||||
2. Distro: RPB; machines: dragonboard-410c (build and boot tested)
|
||||
3. Distro: world; machines: qemuarm and qemuarm64. Build tested for following
|
||||
layers:
|
||||
- poky/meta
|
||||
- poky/meta-poky
|
||||
- poky/meta-yocto-bsp
|
||||
- meta-openembedded/meta-oe
|
||||
- meta-openembedded/meta-python
|
||||
- meta-openembedded/meta-networking
|
||||
|
||||
SDK support
|
||||
^^^^^^^^^^^
|
||||
|
||||
Pre-built toochain provides support to build OE SDK which has been tested using
|
||||
following commands:
|
||||
|
||||
$ bitbake core-image-base -c populate_sdk
|
||||
$ bitbake core-image-base -c testsdk
|
||||
|
||||
Note: Currently generated SDK only uses glibc provided by pre-built toolchain.
|
||||
The cross compiler, binutils, gdb/gdbserver etc. are built from source.
|
||||
This is something we would like to improve in future in order to package
|
||||
most of the components from pre-built toolchain instead.
|
||||
|
||||
Pre-built Arm toolchain for bare-metal development
|
||||
--------------------------------------------------
|
||||
|
||||
|
||||
@@ -0,0 +1,134 @@
|
||||
def eat_run(d, cmd, *args):
|
||||
import bb.process
|
||||
import subprocess
|
||||
|
||||
topdir = d.getVar('TOPDIR', True)
|
||||
toolchain_path = d.getVar('EXTERNAL_TOOLCHAIN', True)
|
||||
if not toolchain_path:
|
||||
return 'UNKNOWN', 'UNKNOWN'
|
||||
|
||||
target_prefix = d.getVar('TARGET_PREFIX', True)
|
||||
path = os.path.join(toolchain_path, 'bin', target_prefix + cmd)
|
||||
args = [path] + list(args)
|
||||
|
||||
return bb.process.run(args, cwd=topdir, stderr=subprocess.PIPE)
|
||||
|
||||
def eat_get_version(d):
|
||||
try:
|
||||
stdout, stderr = eat_run(d, 'gcc', '-v')
|
||||
except bb.process.CmdError as exc:
|
||||
bb.error('Failed to obtain external Arm toolchain version: %s' % exc)
|
||||
return 'UNKNOWN'
|
||||
else:
|
||||
last_line = stderr.splitlines()[-1]
|
||||
return last_line
|
||||
|
||||
# Extract the YYYY.MM or release version
|
||||
def eat_get_main_version(d):
|
||||
version = eat_get_version(d)
|
||||
bb.debug(2, 'Trying for parse version info from: %s' % version)
|
||||
if version != 'UNKNOWN':
|
||||
if version.split()[4] == '(Arm':
|
||||
# gcc version 11.3.1 20220712 (Arm GNU Toolchain 11.3.Rel1)
|
||||
return version.split()[7].split(')')[0]
|
||||
elif version.split()[4] == '(GNU':
|
||||
# gcc version 9.2.1 20191025 (GNU Toolchain for the A-profile Architecture 9.2-2019.12 (arm-9.10))
|
||||
# gcc version 8.2.1 20180802 (GNU Toolchain for the A-profile Architecture 8.2-2018.11 (arm-rel-8.26))
|
||||
return version.split()[10].split('-')[1]
|
||||
elif version.split()[3] == '(GNU':
|
||||
# gcc version 8.3.0 (GNU Toolchain for the A-profile Architecture 8.3-2019.03 (arm-rel-8.36))
|
||||
return version.split()[9].split('-')[1]
|
||||
else:
|
||||
bb.error('Failed to parse external Arm toolchain version from: %s' % version)
|
||||
else:
|
||||
return version
|
||||
|
||||
# Extract the x.y.z version from 'gcc version 4.9.1'
|
||||
def eat_get_gcc_version(d):
|
||||
version = eat_get_version(d)
|
||||
if version != 'UNKNOWN':
|
||||
return version.split()[2]
|
||||
else:
|
||||
return version
|
||||
|
||||
def eat_get_libc_version(d):
|
||||
import os,bb
|
||||
import subprocess
|
||||
|
||||
syspath = bb.data.expand('${EXTERNAL_TOOLCHAIN}/${EAT_TARGET_SYS}', d)
|
||||
if not syspath:
|
||||
return 'UNKNOWN'
|
||||
|
||||
topdir = d.getVar('TOPDIR', True)
|
||||
lddpath = syspath + '/libc/usr/bin/ldd'
|
||||
|
||||
if os.path.exists(lddpath):
|
||||
cmd = '/bin/sh ' + lddpath + ' --version'
|
||||
try:
|
||||
stdout, stderr = bb.process.run(cmd, cwd=topdir, stderr=subprocess.PIPE)
|
||||
except bb.process.CmdError as exc:
|
||||
bb.error('Failed to obtain external Arm libc version: %s' % exc)
|
||||
return 'UNKNOWN'
|
||||
else:
|
||||
first_line = stdout.splitlines()[0]
|
||||
return first_line.split()[2]
|
||||
|
||||
return 'UNKNOWN'
|
||||
|
||||
def eat_get_kernel_version(d):
|
||||
import os,bb
|
||||
syspath = bb.data.expand('${EXTERNAL_TOOLCHAIN}/${EAT_TARGET_SYS}', d)
|
||||
if not syspath:
|
||||
return 'UNKNOWN'
|
||||
|
||||
vf = syspath + '/libc/usr/include/linux/version.h'
|
||||
|
||||
try:
|
||||
f = open(vf, 'r')
|
||||
except (OSError, IOError):
|
||||
return 'UNKNOWN'
|
||||
|
||||
l = f.readlines();
|
||||
f.close();
|
||||
for s in l:
|
||||
if s.find('LINUX_VERSION_CODE') > 0:
|
||||
ver = int(s.split()[2])
|
||||
maj = ver / 65536
|
||||
ver = ver % 65536
|
||||
min = ver / 256
|
||||
ver = ver % 256
|
||||
return str(maj)+'.'+str(min)+'.'+str(ver)
|
||||
return 'UNKNOWN'
|
||||
|
||||
def eat_get_gdb_version(d):
|
||||
try:
|
||||
stdout, stderr = eat_run(d, 'gdb', '-v')
|
||||
except bb.process.CmdError:
|
||||
return 'UNKNOWN'
|
||||
else:
|
||||
first_line = stdout.splitlines()[0]
|
||||
return first_line.split()[-1]
|
||||
|
||||
def eat_get_bfd_version(d):
|
||||
try:
|
||||
stdout, stderr = eat_run(d, 'as', '--version')
|
||||
except bb.process.CmdError:
|
||||
return 'UNKNOWN'
|
||||
else:
|
||||
first_line = stdout.splitlines()[0]
|
||||
return first_line.split()[-1]
|
||||
|
||||
python external_arm_toolchain_version_handler () {
|
||||
if not isinstance(e, bb.event.ConfigParsed):
|
||||
return
|
||||
d = e.data
|
||||
ld = d.createCopy()
|
||||
|
||||
d.setVar('EAT_VER_MAIN', eat_get_main_version(ld))
|
||||
d.setVar('EAT_VER_GCC', eat_get_gcc_version(ld))
|
||||
d.setVar('EAT_VER_LIBC', eat_get_libc_version(ld))
|
||||
d.setVar('EAT_VER_KERNEL', eat_get_kernel_version(ld))
|
||||
d.setVar('EAT_VER_GDB', eat_get_gdb_version(ld))
|
||||
d.setVar('EAT_VER_BFD', eat_get_bfd_version(ld))
|
||||
}
|
||||
addhandler external_arm_toolchain_version_handler
|
||||
@@ -0,0 +1,124 @@
|
||||
#
|
||||
# Configuration to use an external Arm binary toolchain
|
||||
#
|
||||
|
||||
EXTERNAL_TOOLCHAIN ?= "/usr/local/arm-binary-toolchain/${TARGET_ARCH}"
|
||||
|
||||
# oe-core passes this by default because it assumes GCC 13. This can be removed when Arm GCC is 13.1+.
|
||||
DEBUG_PREFIX_MAP:remove = "-fcanon-prefix-map"
|
||||
|
||||
TOOLCHAIN_PATH_ADD = "${EXTERNAL_TOOLCHAIN}/bin:"
|
||||
PATH =. "${TOOLCHAIN_PATH_ADD}"
|
||||
|
||||
EAT_TARGET_SYS:arm ?= "${@ 'arm-none-linux-gnueabihf' if os.path.exists('${EXTERNAL_TOOLCHAIN}/bin/arm-none-linux-gnueabihf-gcc') else 'arm-linux-gnueabihf'}"
|
||||
EAT_TARGET_SYS:aarch64 ?= "${@ 'aarch64-none-linux-gnu' if os.path.exists('${EXTERNAL_TOOLCHAIN}/bin/aarch64-none-linux-gnu-gcc') else 'aarch64-linux-gnu'}"
|
||||
EAT_TARGET_SYS = "${TARGET_SYS}"
|
||||
TARGET_PREFIX = "${EAT_TARGET_SYS}-"
|
||||
|
||||
EAT_LIBDIR:arm = "lib"
|
||||
EAT_LIBDIR:aarch64 = "lib64"
|
||||
|
||||
GCCMULTILIB:forcevariable = "--disable-multilib"
|
||||
IMAGE_LINGUAS:forcevariable = ""
|
||||
|
||||
# Blacklist toolchain recipes as a belt-and-suspenders way to use the external toolchain
|
||||
SKIP_RECIPE[glibc] = "Using external toolchain"
|
||||
SKIP_RECIPE[libgcc] = "Using external toolchain"
|
||||
SKIP_RECIPE[gcc-cross] = "Using external toolchain"
|
||||
SKIP_RECIPE[gcc-cross-aarch64] = "Using external toolchain"
|
||||
SKIP_RECIPE[gcc-cross-arm] = "Using external toolchain"
|
||||
SKIP_RECIPE[gcc-runtime] = "Using external toolchain"
|
||||
SKIP_RECIPE[gcc-sanitizers] = "Using external toolchain"
|
||||
|
||||
PREFERRED_PROVIDER_linux-libc-headers = "external-arm-toolchain"
|
||||
PREFERRED_PROVIDER_linux-libc-headers-dev = "external-arm-toolchain"
|
||||
PREFERRED_PROVIDER_virtual/${TARGET_PREFIX}gcc = "external-arm-toolchain"
|
||||
PREFERRED_PROVIDER_virtual/${TARGET_PREFIX}gcc-initial = "external-arm-toolchain"
|
||||
PREFERRED_PROVIDER_virtual/${TARGET_PREFIX}g++ = "external-arm-toolchain"
|
||||
PREFERRED_PROVIDER_virtual/${TARGET_PREFIX}binutils = "external-arm-toolchain"
|
||||
PREFERRED_PROVIDER_virtual/${TARGET_PREFIX}libc-for-gcc = "external-arm-toolchain"
|
||||
PREFERRED_PROVIDER_virtual/${TARGET_PREFIX}compilerlibs = "external-arm-toolchain"
|
||||
PREFERRED_PROVIDER_glibc = "external-arm-toolchain"
|
||||
PREFERRED_PROVIDER_libgcc = "external-arm-toolchain"
|
||||
PREFERRED_PROVIDER_virtual/libc = "external-arm-toolchain"
|
||||
PREFERRED_PROVIDER_virtual/libc-locale = "external-arm-toolchain"
|
||||
PREFERRED_PROVIDER_virtual/libintl = "external-arm-toolchain"
|
||||
PREFERRED_PROVIDER_virtual/libiconv = "external-arm-toolchain"
|
||||
PREFERRED_PROVIDER_virtual/crypt = "external-arm-toolchain"
|
||||
PREFERRED_PROVIDER_glibc-thread-db = "external-arm-toolchain"
|
||||
PREFERRED_PROVIDER_glibc-mtrace = "external-arm-toolchain"
|
||||
PREFERRED_PROVIDER_libc-mtrace = "external-arm-toolchain"
|
||||
PREFERRED_PROVIDER_virtual/linux-libc-headers = "external-arm-toolchain"
|
||||
|
||||
PREFERRED_PROVIDER_gcc-cross-canadian-${TRANSLATED_TARGET_ARCH} ?= "external-arm-sdk-toolchain-${TRANSLATED_TARGET_ARCH}"
|
||||
PREFERRED_PROVIDER_binutils-cross-canadian-${TRANSLATED_TARGET_ARCH} ?= "external-arm-sdk-toolchain-${TRANSLATED_TARGET_ARCH}"
|
||||
PREFERRED_PROVIDER_gdb-cross-canadian-${TRANSLATED_TARGET_ARCH} ?= "external-arm-sdk-toolchain-${TRANSLATED_TARGET_ARCH}"
|
||||
|
||||
TOOLCHAIN_OPTIONS = " --sysroot=${STAGING_DIR_HOST}"
|
||||
|
||||
DISTRO_FEATURES_LIBC = "ipv4 ipv6 libc-backtrace libc-big-macros libc-bsd libc-cxx-tests libc-catgets libc-crypt \
|
||||
libc-crypt-ufc libc-db-aliases libc-envz libc-fcvt libc-fmtmsg libc-fstab libc-ftraverse \
|
||||
libc-getlogin libc-idn libc-inet-anl libc-libm libc-libm-big \
|
||||
libc-locales libc-locale-code libc-charsets \
|
||||
libc-memusage libc-nis libc-nsswitch libc-rcmd libc-rtld-debug libc-spawn libc-streams libc-sunrpc \
|
||||
libc-utmp libc-utmpx libc-wordexp libc-posix-clang-wchar libc-posix-regexp libc-posix-regexp-glibc \
|
||||
libc-posix-wchar-io"
|
||||
|
||||
ENABLE_BINARY_LOCALE_GENERATION = "0"
|
||||
GLIBC_INTERNAL_USE_BINARY_LOCALE = "precompiled"
|
||||
LIBCOVERRIDE = ":libc-glibc"
|
||||
LIBC_DEPENDENCIES:remove = "glibc-gconv-cp1252 glibc-gconv-ibm850 glibc-gconv-iso8859-1 glibc-gconv-iso8859-15 glibc-localedata-i18n"
|
||||
|
||||
ERROR_QA[type] ?= "list"
|
||||
python toolchain_metadata_setup () {
|
||||
import subprocess
|
||||
if not isinstance(e, bb.event.ConfigParsed):
|
||||
return
|
||||
|
||||
d = e.data
|
||||
l = d.createCopy()
|
||||
|
||||
external_toolchain = l.getVar('EXTERNAL_TOOLCHAIN', True)
|
||||
if not external_toolchain or external_toolchain == 'UNDEFINED':
|
||||
bb.fatal("Error: EXTERNAL_TOOLCHAIN must be set to the path to your arm toolchain")
|
||||
|
||||
if not os.path.isabs(external_toolchain):
|
||||
bb.fatal("Error: EXTERNAL_TOOLCHAIN path '%s' must be absolute path" % external_toolchain)
|
||||
|
||||
if not os.path.exists(external_toolchain):
|
||||
bb.fatal("Error: EXTERNAL_TOOLCHAIN path '%s' does not exist" % external_toolchain)
|
||||
|
||||
# The external toolchain may not have been built with the oe-core preferred
|
||||
# gnu hash setting, so ensure that the corresponding sanity check is not an error.
|
||||
error_qa = oe.data.typed_value('ERROR_QA', l)
|
||||
if 'ldflags' in error_qa:
|
||||
error_qa.remove('ldflags')
|
||||
d.setVar('ERROR_QA', ' '.join(error_qa))
|
||||
}
|
||||
addhandler toolchain_metadata_setup
|
||||
|
||||
def populate_toolchain_links(d):
|
||||
import errno
|
||||
import os
|
||||
from glob import glob
|
||||
|
||||
d = d.createCopy()
|
||||
|
||||
pattern = bb.data.expand('${EXTERNAL_TOOLCHAIN}/bin/${TARGET_PREFIX}*', d)
|
||||
files = glob(pattern)
|
||||
if not files:
|
||||
bb.fatal("Unable to populate toolchain binary symlinks")
|
||||
|
||||
bindir = d.getVar('STAGING_BINDIR_TOOLCHAIN', True)
|
||||
bb.mkdirhier(bindir)
|
||||
for f in files:
|
||||
base = os.path.basename(f)
|
||||
newpath = os.path.join(bindir, base)
|
||||
try:
|
||||
os.symlink(f, newpath)
|
||||
except OSError as exc:
|
||||
if exc.errno == errno.EEXIST:
|
||||
break
|
||||
bb.fatal("Unable to populate toolchain binary symlink for %s: %s" % (newpath, exc))
|
||||
|
||||
require conf/distro/include/external-arm-toolchain-versions.inc
|
||||
@@ -9,4 +9,4 @@ BBFILE_PATTERN_arm-toolchain := "^${LAYERDIR}/"
|
||||
BBFILE_PRIORITY_arm-toolchain = "5"
|
||||
|
||||
LAYERDEPENDS_arm-toolchain = "core"
|
||||
LAYERSERIES_COMPAT_arm-toolchain = "styhead walnascar"
|
||||
LAYERSERIES_COMPAT_arm-toolchain = "styhead"
|
||||
|
||||
@@ -0,0 +1 @@
|
||||
require ${@oe.utils.conditional('TCMODE', 'external-arm', 'grub-external-arm.inc', '', d)}
|
||||
@@ -0,0 +1,5 @@
|
||||
# grub uses --target triplet to find binutils binaries such as objcopy
|
||||
# Since external-arm toolchain uses aarch64-none-linux-gnu triplet,
|
||||
# OE-defined TARGET_SYS differs from EAT_TARGET_SYS used by external-arm
|
||||
# toolchain, grub needs passing the correct --target to configure script
|
||||
CONFIGUREOPTS:append:class-target = " --target=${EAT_TARGET_SYS}"
|
||||
@@ -0,0 +1 @@
|
||||
PACKAGECONFIG:remove = "${@bb.utils.contains('TCMODE', 'external-arm', 'libmount-mountfd-support', '' , d)}"
|
||||
@@ -28,4 +28,4 @@ BBCLASSEXTEND = "native nativesdk"
|
||||
# Skipping file deps - we don't control the dependencies for prebuilt libraries, resulting in
|
||||
# nothing provides libcrypt.so.1()(64bit) needed by nativesdk-gcc-arm-none-eabi
|
||||
# when packaged as RPM for SDK.
|
||||
SKIP_FILEDEPS = "1"
|
||||
SKIP_FILEDEPS="1"
|
||||
|
||||
+143
@@ -0,0 +1,143 @@
|
||||
inherit cross-canadian
|
||||
|
||||
require license.inc
|
||||
|
||||
PN = "external-arm-sdk-toolchain-${TARGET_ARCH}"
|
||||
BPN = "external-arm-sdk-toolchain"
|
||||
PV = "${EAT_VER_MAIN}"
|
||||
|
||||
INHIBIT_PACKAGE_DEBUG_SPLIT = "1"
|
||||
INHIBIT_PACKAGE_STRIP = "1"
|
||||
INHIBIT_SYSROOT_STRIP = "1"
|
||||
INHIBIT_DEFAULT_DEPS = "1"
|
||||
EXCLUDE_FROM_SHLIBS = "1"
|
||||
|
||||
LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"
|
||||
|
||||
# Skip packaging QA checks for prebuilt binaries
|
||||
INSANE_SKIP:gcc-cross-canadian-${TRANSLATED_TARGET_ARCH} = "dev-so staticdev file-rdeps libdir"
|
||||
INSANE_SKIP:gdb-cross-canadian-${TRANSLATED_TARGET_ARCH} = "dev-so file-rdeps"
|
||||
INSANE_SKIP:binutils-cross-canadian-${TRANSLATED_TARGET_ARCH} = "dev-so file-rdeps"
|
||||
|
||||
# Skip file dependencies in RPM for prebuilt binaries
|
||||
SKIP_FILEDEPS = "1"
|
||||
|
||||
PROVIDES = "\
|
||||
gcc-cross-canadian-${TRANSLATED_TARGET_ARCH} \
|
||||
gdb-cross-canadian-${TRANSLATED_TARGET_ARCH} \
|
||||
binutils-cross-canadian-${TRANSLATED_TARGET_ARCH} \
|
||||
"
|
||||
|
||||
PACKAGES = "\
|
||||
gcc-cross-canadian-${TRANSLATED_TARGET_ARCH} \
|
||||
gdb-cross-canadian-${TRANSLATED_TARGET_ARCH} \
|
||||
binutils-cross-canadian-${TRANSLATED_TARGET_ARCH} \
|
||||
"
|
||||
|
||||
# Adjust defaults in line with external toolchain
|
||||
bindir = "${exec_prefix}/bin"
|
||||
libdir = "${exec_prefix}/lib"
|
||||
libexecdir = "${exec_prefix}/libexec"
|
||||
datadir = "${exec_prefix}/share"
|
||||
gcclibdir = "${libdir}/gcc"
|
||||
|
||||
FILES:gcc-cross-canadian-${TRANSLATED_TARGET_ARCH} = "\
|
||||
${prefix}/${EAT_TARGET_SYS}/lib/libstdc++.* \
|
||||
${prefix}/${EAT_TARGET_SYS}/lib/libgcc_s.* \
|
||||
${prefix}/${EAT_TARGET_SYS}/lib/libsupc++.* \
|
||||
${prefix}/${EAT_TARGET_SYS}/include \
|
||||
${gcclibdir}/${EAT_TARGET_SYS}/${EAT_VER_GCC}/* \
|
||||
${bindir}/${TARGET_PREFIX}gcov \
|
||||
${bindir}/${TARGET_PREFIX}gcc* \
|
||||
${bindir}/${TARGET_PREFIX}g++ \
|
||||
${bindir}/${TARGET_PREFIX}cpp \
|
||||
${libexecdir}/* \
|
||||
"
|
||||
|
||||
FILES:gdb-cross-canadian-${TRANSLATED_TARGET_ARCH} = "\
|
||||
${bindir}/${TARGET_PREFIX}gdb* \
|
||||
${datadir}/gdb/* \
|
||||
"
|
||||
|
||||
FILES:binutils-cross-canadian-${TRANSLATED_TARGET_ARCH} = "\
|
||||
${prefix}/${EAT_TARGET_SYS}/bin/ld* \
|
||||
${prefix}/${EAT_TARGET_SYS}/bin/objcopy \
|
||||
${prefix}/${EAT_TARGET_SYS}/bin/strip \
|
||||
${prefix}/${EAT_TARGET_SYS}/bin/nm \
|
||||
${prefix}/${EAT_TARGET_SYS}/bin/ranlib \
|
||||
${prefix}/${EAT_TARGET_SYS}/bin/as \
|
||||
${prefix}/${EAT_TARGET_SYS}/bin/ar \
|
||||
${prefix}/${EAT_TARGET_SYS}/bin/objdump \
|
||||
${prefix}/${EAT_TARGET_SYS}/lib/ldscripts/* \
|
||||
${bindir}/${TARGET_PREFIX}ld* \
|
||||
${bindir}/${TARGET_PREFIX}addr2line \
|
||||
${bindir}/${TARGET_PREFIX}objcopy \
|
||||
${bindir}/${TARGET_PREFIX}readelf \
|
||||
${bindir}/${TARGET_PREFIX}strip \
|
||||
${bindir}/${TARGET_PREFIX}nm \
|
||||
${bindir}/${TARGET_PREFIX}ranlib \
|
||||
${bindir}/${TARGET_PREFIX}gprof \
|
||||
${bindir}/${TARGET_PREFIX}as \
|
||||
${bindir}/${TARGET_PREFIX}c++filt \
|
||||
${bindir}/${TARGET_PREFIX}ar \
|
||||
${bindir}/${TARGET_PREFIX}strings \
|
||||
${bindir}/${TARGET_PREFIX}objdump \
|
||||
${bindir}/${TARGET_PREFIX}size \
|
||||
"
|
||||
|
||||
DESCRIPTION:gcc-cross-canadian-${TRANSLATED_TARGET_ARCH} = "The GNU cc and gcc C compilers"
|
||||
DESCRIPTION:gdb-cross-canadian-${TRANSLATED_TARGET_ARCH} = "gdb - GNU debugger"
|
||||
DESCRIPTION:binutils-cross-canadian-${TRANSLATED_TARGET_ARCH} = "A GNU collection of binary utilities"
|
||||
|
||||
LICENSE:gcc-cross-canadian-${TRANSLATED_TARGET_ARCH} = "${EAT_GCC_LICENSE}"
|
||||
LICENSE:gdb-cross-canadian-${TRANSLATED_TARGET_ARCH} = "${EAT_GDB_LICENSE}"
|
||||
LICENSE:binutils-cross-canadian-${TRANSLATED_TARGET_ARCH} = "${EAT_BFD_LICENSE}"
|
||||
|
||||
PKGV:gcc-cross-canadian-${TRANSLATED_TARGET_ARCH} = "${EAT_VER_GCC}"
|
||||
PKGV:gdb-cross-canadian-${TRANSLATED_TARGET_ARCH} = "${EAT_VER_GDB}"
|
||||
PKGV:binutils-cross-canadian-${TRANSLATED_TARGET_ARCH} = "${EAT_VER_BFD}"
|
||||
|
||||
do_install() {
|
||||
install -d ${D}${prefix}/${EAT_TARGET_SYS}/bin
|
||||
install -d ${D}${prefix}/${EAT_TARGET_SYS}/lib
|
||||
install -d ${D}${prefix}/${EAT_TARGET_SYS}/include
|
||||
install -d ${D}${bindir}
|
||||
install -d ${D}${libdir}
|
||||
install -d ${D}${prefix}/${EAT_TARGET_SYS}/lib/ldscripts
|
||||
install -d ${D}${libexecdir}
|
||||
install -d ${D}${datadir}/gdb
|
||||
install -d ${D}${gcclibdir}/${EAT_TARGET_SYS}/${EAT_VER_GCC}/include
|
||||
|
||||
CP_ARGS="-Prf --preserve=mode,timestamps --no-preserve=ownership"
|
||||
|
||||
# gcc
|
||||
for i in libstdc++.* libgcc_s.* libsupc++.*; do
|
||||
cp ${CP_ARGS} ${EXTERNAL_TOOLCHAIN}/${EAT_TARGET_SYS}/${EAT_LIBDIR}/$i ${D}${prefix}/${EAT_TARGET_SYS}/lib
|
||||
done
|
||||
cp ${CP_ARGS} ${EXTERNAL_TOOLCHAIN}/${EAT_TARGET_SYS}/include/* ${D}${prefix}/${EAT_TARGET_SYS}/include
|
||||
cp ${CP_ARGS} ${EXTERNAL_TOOLCHAIN}/lib/gcc/${EAT_TARGET_SYS}/${EAT_VER_GCC}/* ${D}${gcclibdir}/${EAT_TARGET_SYS}/${EAT_VER_GCC}
|
||||
for i in gcov gcc* g++ cpp; do
|
||||
cp ${CP_ARGS} ${EXTERNAL_TOOLCHAIN}/bin/${TARGET_PREFIX}$i ${D}${bindir}
|
||||
done
|
||||
cp ${CP_ARGS} ${EXTERNAL_TOOLCHAIN}/libexec/* ${D}${libexecdir}
|
||||
|
||||
# gdb
|
||||
cp ${CP_ARGS} ${EXTERNAL_TOOLCHAIN}/bin/${TARGET_PREFIX}gdb* ${D}${bindir}
|
||||
cp ${CP_ARGS} ${EXTERNAL_TOOLCHAIN}/share/gdb/* ${D}${datadir}/gdb/
|
||||
|
||||
# binutils
|
||||
for i in ld* objcopy strip nm ranlib as ar objdump; do
|
||||
cp ${CP_ARGS} ${EXTERNAL_TOOLCHAIN}/${EAT_TARGET_SYS}/bin/$i ${D}${prefix}/${EAT_TARGET_SYS}/bin
|
||||
done
|
||||
cp ${CP_ARGS} ${EXTERNAL_TOOLCHAIN}/${EAT_TARGET_SYS}/lib/ldscripts/* ${D}${prefix}/${EAT_TARGET_SYS}/lib/ldscripts
|
||||
for i in ld* addr2line objcopy readelf strip nm ranlib gprof as c++filt ar strings objdump size; do
|
||||
cp ${CP_ARGS} ${EXTERNAL_TOOLCHAIN}/bin/${TARGET_PREFIX}$i ${D}${bindir}
|
||||
done
|
||||
}
|
||||
|
||||
python () {
|
||||
if not d.getVar("EAT_VER_MAIN", False):
|
||||
raise bb.parse.SkipPackage("External ARM toolchain not configured (EAT_VER_MAIN not set).")
|
||||
if d.getVar('TCLIBC', True) != "glibc":
|
||||
raise bb.parse.SkipPackage("incompatible with %s" % d.getVar('TCLIBC', True))
|
||||
}
|
||||
@@ -0,0 +1,685 @@
|
||||
require recipes-core/glibc/glibc-package.inc
|
||||
|
||||
require license.inc
|
||||
|
||||
INHIBIT_DEFAULT_DEPS = "1"
|
||||
|
||||
LIC_FILES_CHKSUM = "\
|
||||
file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302 \
|
||||
file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420 \
|
||||
"
|
||||
|
||||
PROVIDES += "\
|
||||
linux-libc-headers \
|
||||
virtual/${TARGET_PREFIX}gcc \
|
||||
virtual/${TARGET_PREFIX}g++ \
|
||||
virtual/${TARGET_PREFIX}gcc-initial \
|
||||
virtual/${TARGET_PREFIX}binutils \
|
||||
virtual/${TARGET_PREFIX}libc-for-gcc \
|
||||
virtual/${TARGET_PREFIX}compilerlibs \
|
||||
virtual/libc \
|
||||
virtual/libintl \
|
||||
virtual/libiconv \
|
||||
virtual/crypt \
|
||||
glibc-mtrace \
|
||||
glibc-thread-db \
|
||||
glibc \
|
||||
libc-mtrace \
|
||||
gcc-runtime \
|
||||
libgcc \
|
||||
libg2c \
|
||||
libg2c-dev \
|
||||
libssp \
|
||||
libssp-dev \
|
||||
libssp-staticdev \
|
||||
libgfortran \
|
||||
libgfortran-dev \
|
||||
libgfortran-staticdev \
|
||||
libmudflap \
|
||||
libmudflap-dev \
|
||||
libgomp \
|
||||
libgomp-dev \
|
||||
libgomp-staticdev \
|
||||
libitm \
|
||||
libitm-dev \
|
||||
libitm-staticdev \
|
||||
libquadmath \
|
||||
libquadmath-dev \
|
||||
libquadmath-staticdev \
|
||||
virtual/linux-libc-headers \
|
||||
libgcov-staticdev \
|
||||
virtual/libc-locale \
|
||||
"
|
||||
|
||||
PV = "${EAT_VER_MAIN}"
|
||||
|
||||
BINV = "${EAT_VER_GCC}"
|
||||
|
||||
SRC_URI = "file://SUPPORTED"
|
||||
S = "${WORKDIR}/sources"
|
||||
UNPACKDIR = "${S}"
|
||||
|
||||
do_install() {
|
||||
# do_copy_locale expects SUPPORTED to be in WORKDIR, but recent
|
||||
# changes have made it so that the source/unpack location is no
|
||||
# longer WORKDIR and cannot be pointed to be such. So, do this
|
||||
# copy manually here
|
||||
install -m 0644 ${UNPACKDIR}/SUPPORTED ${WORKDIR}/SUPPORTED
|
||||
|
||||
# Add stubs for files OE-core expects
|
||||
install -d ${S}/nscd/
|
||||
touch ${S}/nscd/nscd.init
|
||||
touch ${S}/nscd/nscd.conf
|
||||
touch ${S}/nscd/nscd.service
|
||||
touch ${S}/../makedbs.sh
|
||||
|
||||
install -d ${D}${base_libdir}
|
||||
install -d ${D}${base_sbindir}
|
||||
install -d ${D}${bindir}
|
||||
install -d ${D}${sbindir}
|
||||
install -d ${D}${libdir}
|
||||
install -d ${D}${libexecdir}
|
||||
install -d ${D}${datadir}
|
||||
install -d ${D}${includedir}
|
||||
install -d ${D}/include
|
||||
install -d ${D}${libdir}/${TARGET_SYS}/${EAT_VER_GCC}
|
||||
install -d ${D}${libdir}/gcc/${TARGET_SYS}/${EAT_VER_GCC}/include
|
||||
|
||||
CP_ARGS="-Prf --preserve=mode,timestamps --no-preserve=ownership"
|
||||
cp ${CP_ARGS} ${EXTERNAL_TOOLCHAIN}/${EAT_TARGET_SYS}/${EAT_LIBDIR}/* ${D}${base_libdir}
|
||||
cp ${CP_ARGS} ${EXTERNAL_TOOLCHAIN}/${EAT_TARGET_SYS}/libc/${EAT_LIBDIR}/* ${D}${base_libdir}
|
||||
cp ${CP_ARGS} ${EXTERNAL_TOOLCHAIN}/${EAT_TARGET_SYS}/libc/usr/${EAT_LIBDIR}/* ${D}${libdir}
|
||||
cp ${CP_ARGS} ${EXTERNAL_TOOLCHAIN}/${EAT_TARGET_SYS}/libc/usr/share/* ${D}${datadir}
|
||||
cp ${CP_ARGS} ${EXTERNAL_TOOLCHAIN}/${EAT_TARGET_SYS}/libc/usr/include/* ${D}${includedir}
|
||||
|
||||
cp ${CP_ARGS} ${EXTERNAL_TOOLCHAIN}/${EAT_TARGET_SYS}/include/* ${D}${includedir}
|
||||
if [ -d ${D}${includedir}/c++/${EAT_VER_GCC}/${EAT_TARGET_SYS} ]; then
|
||||
mv ${D}${includedir}/c++/${EAT_VER_GCC}/${EAT_TARGET_SYS} ${D}${includedir}/c++/${EAT_VER_GCC}/${TARGET_SYS}
|
||||
fi
|
||||
ln -sf ../usr/include/c++ ${D}/include/c++
|
||||
|
||||
cp ${CP_ARGS} ${EXTERNAL_TOOLCHAIN}/${EAT_TARGET_SYS}/libc/usr/bin/* ${D}${bindir}
|
||||
cp ${CP_ARGS} ${EXTERNAL_TOOLCHAIN}/${EAT_TARGET_SYS}/libc/usr/sbin/* ${D}${sbindir}
|
||||
cp ${CP_ARGS} ${EXTERNAL_TOOLCHAIN}/${EAT_TARGET_SYS}/libc/sbin/* ${D}${base_sbindir}
|
||||
rm -rf ${D}${bindir}/gdbserver
|
||||
sed -i -e 's#/arm/tools/gnu/bash/4.2/rhe6-x86_64##' ${D}${bindir}/tzselect
|
||||
sed -i -e 's#/arm/tools/gnu/bash/4.2/rhe6-x86_64##' ${D}${bindir}/ldd
|
||||
sed -i -e 's#/usr/bin/bash#/bin/sh#' ${D}${bindir}/tzselect
|
||||
sed -i -e 's#/usr/bin/bash#/bin/sh#' ${D}${bindir}/ldd
|
||||
sed -i -e 's#/bin/bash#/bin/sh#' ${D}${bindir}/tzselect
|
||||
sed -i -e 's#/bin/bash#/bin/sh#' ${D}${bindir}/ldd
|
||||
|
||||
cp ${CP_ARGS} ${EXTERNAL_TOOLCHAIN}/lib/gcc/${EAT_TARGET_SYS}/${EAT_VER_GCC}/crt*.o ${D}${libdir}/${TARGET_SYS}/${EAT_VER_GCC}/
|
||||
cp ${CP_ARGS} ${EXTERNAL_TOOLCHAIN}/lib/gcc/${EAT_TARGET_SYS}/${EAT_VER_GCC}/libgcc* ${D}${libdir}/${TARGET_SYS}/${EAT_VER_GCC}/
|
||||
cp ${CP_ARGS} ${EXTERNAL_TOOLCHAIN}/lib/gcc/${EAT_TARGET_SYS}/${EAT_VER_GCC}/libgcov* ${D}${libdir}/gcc/${TARGET_SYS}/${EAT_VER_GCC}/
|
||||
cp ${CP_ARGS} ${EXTERNAL_TOOLCHAIN}/lib/gcc/${EAT_TARGET_SYS}/${EAT_VER_GCC}/include/ssp ${D}${libdir}/gcc/${TARGET_SYS}/${EAT_VER_GCC}/include || true
|
||||
cp ${CP_ARGS} ${EXTERNAL_TOOLCHAIN}/lib/gcc/${EAT_TARGET_SYS}/${EAT_VER_GCC}/include/sanitizers ${D}${libdir}/gcc/${TARGET_SYS}/${EAT_VER_GCC}/include || true
|
||||
cp ${CP_ARGS} ${EXTERNAL_TOOLCHAIN}/lib/gcc/${EAT_TARGET_SYS}/${EAT_VER_GCC}/include/quadmath* ${D}${libdir}/gcc/${TARGET_SYS}/${EAT_VER_GCC}/include || true
|
||||
cp ${CP_ARGS} ${EXTERNAL_TOOLCHAIN}/lib/gcc/${EAT_TARGET_SYS}/${EAT_VER_GCC}/include/omp.h ${D}${libdir}/gcc/${TARGET_SYS}/${EAT_VER_GCC}/include || true
|
||||
cp ${CP_ARGS} ${EXTERNAL_TOOLCHAIN}/lib/gcc/${EAT_TARGET_SYS}/${EAT_VER_GCC}/include/openacc.h ${D}${libdir}/gcc/${TARGET_SYS}/${EAT_VER_GCC}/include || true
|
||||
cp ${CP_ARGS} ${EXTERNAL_TOOLCHAIN}/lib/gcc/${EAT_TARGET_SYS}/${EAT_VER_GCC}/finclude ${D}${libdir}/gcc/${TARGET_SYS}/${EAT_VER_GCC}/
|
||||
|
||||
# fix up the copied symlinks (they are still pointing to the multiarch directory)
|
||||
linker_name="${@bb.utils.contains("TUNE_FEATURES", "aarch64", "ld-linux-aarch64.so.1", bb.utils.contains("TUNE_FEATURES", "callconvention-hard", "ld-linux-armhf.so.3", "ld-linux.so.3",d), d)}"
|
||||
if [ -f ${EXTERNAL_TOOLCHAIN}/${EAT_TARGET_SYS}/libc/${EAT_LIBDIR}/ld-${EAT_VER_LIBC}.so ]; then
|
||||
ln -sf ld-${EAT_VER_LIBC}.so ${D}${base_libdir}/${linker_name}
|
||||
else
|
||||
cp ${CP_ARGS} ${EXTERNAL_TOOLCHAIN}/${EAT_TARGET_SYS}/libc/lib/${linker_name} ${D}${base_libdir}/
|
||||
fi
|
||||
ln -sf ../../lib/librt.so.1 ${D}${libdir}/librt.so
|
||||
ln -sf ../../lib/libcrypt.so.1 ${D}${libdir}/libcrypt.so
|
||||
ln -sf ../../lib/libresolv.so.2 ${D}${libdir}/libresolv.so
|
||||
ln -sf ../../lib/libnss_hesiod.so.2 ${D}${libdir}/libnss_hesiod.so
|
||||
ln -sf ../../lib/libutil.so.1 ${D}${libdir}/libutil.so
|
||||
ln -sf ../../lib/libBrokenLocale.so.1 ${D}${libdir}/libBrokenLocale.so
|
||||
ln -sf ../../lib/libpthread.so.0 ${D}${libdir}/libpthread.so
|
||||
ln -sf ../../lib/libthread_db.so.1 ${D}${libdir}/libthread_db.so
|
||||
ln -sf ../../lib/libanl.so.1 ${D}${libdir}/libanl.so
|
||||
ln -sf ../../lib/libdl.so.2 ${D}${libdir}/libdl.so
|
||||
ln -sf ../../lib/libnss_db.so.2 ${D}${libdir}/libnss_db.so
|
||||
ln -sf ../../lib/libnss_dns.so.2 ${D}${libdir}/libnss_dns.so
|
||||
ln -sf ../../lib/libnss_files.so.2 ${D}${libdir}/libnss_files.so
|
||||
ln -sf ../../lib/libnss_compat.so.2 ${D}${libdir}/libnss_compat.so
|
||||
ln -sf ../../lib/libm.so.6 ${D}${libdir}/libm.so
|
||||
ln -sf ../../lib/libc_malloc_debug.so.0 ${D}${libdir}/libc_malloc_debug.so
|
||||
|
||||
# remove potential .so duplicates from base_libdir
|
||||
# for all symlinks created above in libdir
|
||||
rm -f ${D}${base_libdir}/librt.so
|
||||
rm -f ${D}${base_libdir}/libcrypt.so
|
||||
rm -f ${D}${base_libdir}/libresolv.so
|
||||
rm -f ${D}${base_libdir}/libnss_hesiod.so
|
||||
rm -f ${D}${base_libdir}/libutil.so
|
||||
rm -f ${D}${base_libdir}/libBrokenLocale.so
|
||||
rm -f ${D}${base_libdir}/libpthread.so
|
||||
rm -f ${D}${base_libdir}/libthread_db.so
|
||||
rm -f ${D}${base_libdir}/libanl.so
|
||||
rm -f ${D}${base_libdir}/libdl.so
|
||||
rm -f ${D}${base_libdir}/libnss_db.so
|
||||
rm -f ${D}${base_libdir}/libnss_dns.so
|
||||
rm -f ${D}${base_libdir}/libnss_files.so
|
||||
rm -f ${D}${base_libdir}/libnss_compat.so
|
||||
rm -f ${D}${base_libdir}/libm.so
|
||||
|
||||
# Move these completely to ${libdir} and delete duplicates in ${base_libdir}
|
||||
for lib in asan hwasan atomic gfortran gomp itm lsan sanitizer stdc++ tsan ubsan; do
|
||||
if [ -e ${D}${base_libdir}/lib${lib}.spec ] ; then
|
||||
mv ${D}${base_libdir}/lib${lib}.spec ${D}${libdir}
|
||||
fi
|
||||
if [ -e ${D}${base_libdir}/lib${lib}.a ] ; then
|
||||
mv ${D}${base_libdir}/lib${lib}.a ${D}${libdir}
|
||||
fi
|
||||
rm -f ${D}${base_libdir}/lib${lib}*
|
||||
done
|
||||
|
||||
# Clean up duplicate libs that are both in base_libdir and libdir
|
||||
rm -f ${D}${libdir}/libgcc*
|
||||
|
||||
# Besides ld-${EAT_VER_LIBC}.so, other libs can have duplicates like lib*-${EAT_VER_LIBC}.so
|
||||
# Only remove them if both are regular files and are identical
|
||||
for i in ${D}${base_libdir}/lib*-${EAT_VER_LIBC}.so; do
|
||||
if [ ! -e $i ] ; then
|
||||
continue
|
||||
fi
|
||||
|
||||
f=$(echo $i | sed 's/-${EAT_VER_LIBC}//')
|
||||
l=$(ls $f.*)
|
||||
if [ $(readlink -f $i ) = $l ]; then
|
||||
echo "$i is a symlink of $l, keep it"
|
||||
elif [ $(readlink -f $l ) = $i ]; then
|
||||
echo "$l is a symlink of $i, keep it"
|
||||
else
|
||||
cmp -s $i $l
|
||||
if [ $? -eq 0 ]; then
|
||||
echo "$i is a duplicate of $l, remove it"
|
||||
rm $i
|
||||
else
|
||||
echo "$i and $l are different files, keep them both"
|
||||
fi
|
||||
fi
|
||||
done
|
||||
|
||||
if [ -d ${D}${base_libdir}/arm-linux-gnueabi ]; then
|
||||
rm -rf ${D}${base_libdir}/arm-linux-gnueabi
|
||||
fi
|
||||
|
||||
if [ -d ${D}${base_libdir}/ldscripts ]; then
|
||||
rm -rf ${D}${base_libdir}/ldscripts
|
||||
fi
|
||||
|
||||
# Provided by libnsl2
|
||||
rm -rf ${D}${includedir}/rpcsvc/yppasswd.*
|
||||
# Provided by quota
|
||||
rm -rf ${D}${includedir}/rpcsvc/rquota.*
|
||||
|
||||
if [ -f ${D}${libdir}/libc.so ];then
|
||||
sed -i -e "s# /${EAT_LIBDIR}/${EAT_TARGET_SYS}# ../../${EAT_LIBDIR}#g" -e "s# /usr/${EAT_LIBDIR}/# /usr/lib/#g" -e "s# /usr/${EAT_LIBDIR}/${EAT_TARGET_SYS}# .#g" -e "s# /${EAT_LIBDIR}/ld-linux# ../../${EAT_LIBDIR}/ld-linux#g" ${D}${libdir}/libc.so
|
||||
sed -i -e "s# /${EAT_LIBDIR}/libc.so.6# /lib/libc.so.6#g" ${D}${libdir}/libc.so
|
||||
sed -i -e "s# /lib# ../../lib#g" -e "s# /usr/lib# .#g" ${D}${libdir}/libc.so
|
||||
fi
|
||||
|
||||
if [ -f ${D}${base_libdir}/libc.so ];then
|
||||
sed -i -e "s# /${EAT_LIBDIR}/${EAT_TARGET_SYS}# ../../lib#g" -e "s# /usr/${EAT_LIBDIR}/${EAT_TARGET_SYS}# .#g" -e "s# /${EAT_LIBDIR}/# /lib/#g" ${D}${base_libdir}/libc.so
|
||||
if [ -f ${D}${base_libdir}/libc.so.6 ]; then
|
||||
sed -i -e "s# /usr/${EAT_LIBDIR}/libc.so.6# /lib/libc.so.6#g" -e "s# /${EAT_LIBDIR}/libc.so.6# /lib/libc.so.6#g" ${D}${base_libdir}/libc.so.6
|
||||
fi
|
||||
fi
|
||||
|
||||
# Remove if empty
|
||||
rmdir ${D}${bindir} || true
|
||||
rmdir ${D}${sbindir} || true
|
||||
rmdir ${D}${base_sbindir} || true
|
||||
rmdir ${D}${libexecdir} || true
|
||||
|
||||
# Remove unused /usr/share/info/dir
|
||||
rm -f ${D}${infodir}/dir
|
||||
}
|
||||
|
||||
# External toolchain doesn't provide multilib support so make corresponding
|
||||
# install API as an empty API to avoid an unnecessary errors.
|
||||
oe_multilib_header () {
|
||||
return
|
||||
}
|
||||
|
||||
PACKAGES_DYNAMIC = "^locale-base-.* \
|
||||
^glibc-gconv-.* ^glibc-charmap-.* ^glibc-localedata-.* ^glibc-binary-localedata-.* \
|
||||
^${MLPREFIX}glibc-gconv$"
|
||||
|
||||
# PACKAGES is split up according to the 'source' recipes/includes in OE-core
|
||||
# Stylistic differences are kept to make copy/pasting easier.
|
||||
|
||||
# From gcc-runtime.inc
|
||||
|
||||
PACKAGES += "\
|
||||
gcc-runtime-dbg \
|
||||
libstdc++ \
|
||||
libstdc++-precompile-dev \
|
||||
libstdc++-dev \
|
||||
libstdc++-staticdev \
|
||||
libg2c \
|
||||
libg2c-dev \
|
||||
libssp \
|
||||
libssp-dev \
|
||||
libssp-staticdev \
|
||||
libmudflap \
|
||||
libmudflap-dev \
|
||||
libmudflap-staticdev \
|
||||
libquadmath \
|
||||
libquadmath-dev \
|
||||
libquadmath-staticdev \
|
||||
libgomp \
|
||||
libgomp-dev \
|
||||
libgomp-staticdev \
|
||||
libatomic \
|
||||
libatomic-dev \
|
||||
libatomic-staticdev \
|
||||
libitm \
|
||||
libitm-dev \
|
||||
libitm-staticdev \
|
||||
"
|
||||
|
||||
# From gcc-sanitizers.inc
|
||||
|
||||
PACKAGES += "gcc-sanitizers gcc-sanitizers-dbg"
|
||||
PACKAGES += "libasan libubsan liblsan libtsan"
|
||||
PACKAGES += "libasan-dev libubsan-dev liblsan-dev libtsan-dev"
|
||||
PACKAGES += "libasan-staticdev libubsan-staticdev liblsan-staticdev libtsan-staticdev"
|
||||
|
||||
# From libgfortran.inc:
|
||||
|
||||
PACKAGES += "\
|
||||
libgfortran-dbg \
|
||||
libgfortran \
|
||||
libgfortran-dev \
|
||||
libgfortran-staticdev \
|
||||
"
|
||||
|
||||
# libgcc.inc uses ${PN}, so replace that
|
||||
|
||||
PACKAGES += "\
|
||||
libgcc \
|
||||
libgcc-dev \
|
||||
libgcc-dbg \
|
||||
"
|
||||
|
||||
# ... and the leftovers
|
||||
|
||||
PACKAGES =+ "\
|
||||
${PN}-mtrace \
|
||||
libgcov-staticdev \
|
||||
linux-libc-headers \
|
||||
linux-libc-headers-dev \
|
||||
"
|
||||
|
||||
# Re-order PACKAGES list in order to shift ${PN}-dev towards the end as
|
||||
# it is meant to pick up remaining dev libraries and headers that aren't
|
||||
# picked up by other packages. And since some static libraries needs to
|
||||
# be packaged in ${PN}-dev, so we need to keep ${PN}-staticdev later in
|
||||
# order.
|
||||
|
||||
PACKAGES := "${@oe.utils.str_filter_out('${PN}-dev', '${PACKAGES}', d)}"
|
||||
PACKAGES := "${@oe.utils.str_filter_out('${PN}-staticdev', '${PACKAGES}', d)}"
|
||||
PACKAGES += "\
|
||||
${PN}-dev \
|
||||
${PN}-staticdev \
|
||||
"
|
||||
|
||||
INSANE_SKIP += " 32bit-time"
|
||||
INSANE_SKIP:${PN}-dbg = "staticdev"
|
||||
INSANE_SKIP:${PN}-utils += "ldflags"
|
||||
INSANE_SKIP:libstdc++ += "ldflags"
|
||||
INSANE_SKIP:libgfortran += "ldflags"
|
||||
INSANE_SKIP:libgcc += "ldflags dev-deps"
|
||||
INSANE_SKIP:libgcc-dev += "staticdev"
|
||||
INSANE_SKIP:libgfortran += "ldflags dev-deps"
|
||||
INSANE_SKIP:libstdc++ += "ldflags dev-deps"
|
||||
INSANE_SKIP:libatomic += "ldflags"
|
||||
INSANE_SKIP:libasan += "ldflags"
|
||||
INSANE_SKIP:libubsan += "ldflags"
|
||||
INSANE_SKIP:libssp += "ldflags"
|
||||
INSANE_SKIP:libgomp += "ldflags"
|
||||
INSANE_SKIP:libitm += "ldflags"
|
||||
INSANE_SKIP:gdbserver += "ldflags"
|
||||
|
||||
# OE-core has literally listed 'glibc' in LIBC_DEPENDENCIES :/
|
||||
RPROVIDES:${PN} = "glibc rtld(GNU_HASH)"
|
||||
# Add runtime provides for the other libc* packages as well
|
||||
RPROVIDES:${PN}-dev = "glibc-dev"
|
||||
RPROVIDES:${PN}-doc = "glibc-doc"
|
||||
RPROVIDES:${PN}-dbg = "glibc-dbg"
|
||||
RPROVIDES:${PN}-pic = "glibc-pic"
|
||||
RPROVIDES:${PN}-utils = "glibc-utils"
|
||||
RPROVIDES:${PN}-mtrace = "glibc-mtrace libc-mtrace"
|
||||
|
||||
PKG:${PN} = "glibc"
|
||||
PKG:${PN}-dev = "glibc-dev"
|
||||
PKG:${PN}-doc = "glibc-doc"
|
||||
PKG:${PN}-dbg = "glibc-dbg"
|
||||
PKG:${PN}-pic = "glibc-pic"
|
||||
PKG:${PN}-utils = "glibc-utils"
|
||||
PKG:${PN}-mtrace = "glibc-mtrace"
|
||||
PKG:${PN}-gconv = "glibc-gconv"
|
||||
PKG:${PN}-extra-nss = "glibc-extra-nss"
|
||||
PKG:${PN}-thread-db = "glibc-thread-db"
|
||||
PKG:${PN}-pcprofile = "glibc-pcprofile"
|
||||
PKG:${PN}-staticdev = "glibc-staticdev"
|
||||
|
||||
PKGV = "${EAT_VER_LIBC}"
|
||||
PKGV:${PN} = "${EAT_VER_LIBC}"
|
||||
PKGV:${PN}-dev = "${EAT_VER_LIBC}"
|
||||
PKGV:${PN}-doc = "${EAT_VER_LIBC}"
|
||||
PKGV:${PN}-dbg = "${EAT_VER_LIBC}"
|
||||
PKGV:${PN}-pic = "${EAT_VER_LIBC}"
|
||||
PKGV:${PN}-utils = "${EAT_VER_LIBC}"
|
||||
PKGV:${PN}-mtrace = "${EAT_VER_LIBC}"
|
||||
PKGV:${PN}-gconv = "${EAT_VER_LIBC}"
|
||||
PKGV:${PN}-extra-nss = "${EAT_VER_LIBC}"
|
||||
PKGV:${PN}-thread-db = "${EAT_VER_LIBC}"
|
||||
PKGV:${PN}-pcprofile = "${EAT_VER_LIBC}"
|
||||
PKGV:${PN}-staticdev = "${EAT_VER_LIBC}"
|
||||
PKGV:catchsegv = "${EAT_VER_LIBC}"
|
||||
PKGV:glibc-extra-nss = "${EAT_VER_LIBC}"
|
||||
PKGV:glibc-thread-db = "${EAT_VER_LIBC}"
|
||||
|
||||
PKGV:libmemusage = "${EAT_VER_LIBC}"
|
||||
PKGV:libsegfault = "${EAT_VER_LIBC}"
|
||||
PKGV:libsotruss = "${EAT_VER_LIBC}"
|
||||
PKGV:sln = "${EAT_VER_LIBC}"
|
||||
PKGV:nscd = "${EAT_VER_LIBC}"
|
||||
PKGV:ldd = "${EAT_VER_LIBC}"
|
||||
|
||||
PKGV:libasan-dev = "${EAT_VER_GCC}"
|
||||
PKGV:libasan = "${EAT_VER_GCC}"
|
||||
PKGV:libasan-staticdev = "${EAT_VER_GCC}"
|
||||
PKGV:libatomic-dev = "${EAT_VER_GCC}"
|
||||
PKGV:libatomic = "${EAT_VER_GCC}"
|
||||
PKGV:libatomic-staticdev = "${EAT_VER_GCC}"
|
||||
PKGV:libg2c-dev = "${EAT_VER_GCC}"
|
||||
PKGV:libg2c = "${EAT_VER_GCC}"
|
||||
PKGV:libgcc-dev = "${EAT_VER_GCC}"
|
||||
PKGV:libgcc = "${EAT_VER_GCC}"
|
||||
PKGV:libgfortran-dbg = "${EAT_VER_GCC}"
|
||||
PKGV:libgfortran-dev = "${EAT_VER_GCC}"
|
||||
PKGV:libgfortran = "${EAT_VER_GCC}"
|
||||
PKGV:libgfortran-staticdev = "${EAT_VER_GCC}"
|
||||
PKGV:libgomp-dev = "${EAT_VER_GCC}"
|
||||
PKGV:libgomp = "${EAT_VER_GCC}"
|
||||
PKGV:libgomp-staticdev = "${EAT_VER_GCC}"
|
||||
PKGV:libitm-dev = "${EAT_VER_GCC}"
|
||||
PKGV:libitm = "${EAT_VER_GCC}"
|
||||
PKGV:libitm-staticdev = "${EAT_VER_GCC}"
|
||||
PKGV:liblsan-dev = "${EAT_VER_GCC}"
|
||||
PKGV:liblsan = "${EAT_VER_GCC}"
|
||||
PKGV:liblsan-staticdev = "${EAT_VER_GCC}"
|
||||
PKGV:libmudflap-dev = "${EAT_VER_GCC}"
|
||||
PKGV:libmudflap = "${EAT_VER_GCC}"
|
||||
PKGV:libmudflap-staticdev = "${EAT_VER_GCC}"
|
||||
PKGV:libquadmath-dev = "${EAT_VER_GCC}"
|
||||
PKGV:libquadmath = "${EAT_VER_GCC}"
|
||||
PKGV:libquadmath-staticdev = "${EAT_VER_GCC}"
|
||||
PKGV:libssp-dev = "${EAT_VER_GCC}"
|
||||
PKGV:libssp = "${EAT_VER_GCC}"
|
||||
PKGV:libssp-staticdev = "${EAT_VER_GCC}"
|
||||
PKGV:libstdc++-dbg = "${EAT_VER_GCC}"
|
||||
PKGV:libstdc++-dev = "${EAT_VER_GCC}"
|
||||
PKGV:libstdc++ = "${EAT_VER_GCC}"
|
||||
PKGV:libstdc++-precompile-dev = "${EAT_VER_GCC}"
|
||||
PKGV:libstdc++-staticdev = "${EAT_VER_GCC}"
|
||||
PKGV:libtsan-dev = "${EAT_VER_GCC}"
|
||||
PKGV:libtsan = "${EAT_VER_GCC}"
|
||||
PKGV:libtsan-staticdev = "${EAT_VER_GCC}"
|
||||
PKGV:libubsan-dev = "${EAT_VER_GCC}"
|
||||
PKGV:libubsan = "${EAT_VER_GCC}"
|
||||
PKGV:libubsan-staticdev = "${EAT_VER_GCC}"
|
||||
|
||||
PKGV:linux-libc-headers-dev = "${EAT_VER_KERNEL}"
|
||||
PKGV:linux-libc-headers = "${EAT_VER_KERNEL}"
|
||||
|
||||
PKGV:gdbserver = "${EAT_VER_GDBSERVER}"
|
||||
|
||||
ALLOW_EMPTY:${PN}-mtrace = "1"
|
||||
FILES:${PN}-mtrace = "${bindir}/mtrace"
|
||||
|
||||
FILES:libgcov-staticdev = "${libdir}/gcc/${TARGET_SYS}/${BINV}/libgcov.a"
|
||||
|
||||
FILES:libsegfault = "${base_libdir}/libSegFault*"
|
||||
|
||||
FILES:catchsegv = "${bindir}/catchsegv"
|
||||
RDEPENDS:catchsegv = "libsegfault"
|
||||
|
||||
# From libgfortran.inc:
|
||||
|
||||
FILES:libgfortran = "${libdir}/libgfortran.so.*"
|
||||
FILES:libgfortran-dev = "\
|
||||
${libdir}/libgfortran*.so \
|
||||
${libdir}/libgfortran.spec \
|
||||
${libdir}/libgfortran.la \
|
||||
${libdir}/gcc/${TARGET_SYS}/${BINV}/libgfortranbegin.* \
|
||||
${libdir}/gcc/${TARGET_SYS}/${BINV}/libcaf_single* \
|
||||
${libdir}/gcc/${TARGET_SYS}/${BINV}/finclude/ \
|
||||
"
|
||||
FILES:libgfortran-staticdev = "${libdir}/libgfortran.a"
|
||||
|
||||
|
||||
# From gcc-sanitizers.inc:
|
||||
|
||||
FILES:libasan += "${libdir}/libasan.so.* ${libdir}/libhwasan.so.*"
|
||||
FILES:libasan-dev += "\
|
||||
${libdir}/libasan_preinit.o \
|
||||
${libdir}/libasan.so \
|
||||
${libdir}/libhwasan.so \
|
||||
${libdir}/libasan.la \
|
||||
"
|
||||
FILES:libasan-staticdev += "${libdir}/libasan.a \
|
||||
${libdir}/libhwasan.a \
|
||||
"
|
||||
|
||||
FILES:libubsan += "${libdir}/libubsan.so.*"
|
||||
FILES:libubsan-dev += "\
|
||||
${libdir}/libubsan.so \
|
||||
${libdir}/libubsan.la \
|
||||
"
|
||||
FILES:libubsan-staticdev += "${libdir}/libubsan.a"
|
||||
|
||||
FILES:liblsan += "${libdir}/liblsan.so.*"
|
||||
FILES:liblsan-dev += "\
|
||||
${libdir}/liblsan.so \
|
||||
${libdir}/liblsan.la \
|
||||
${libdir}/liblsan_preinit.o \
|
||||
"
|
||||
FILES:liblsan-staticdev += "${libdir}/liblsan.a"
|
||||
|
||||
FILES:libtsan += "${libdir}/libtsan.so.*"
|
||||
FILES:libtsan-dev += "\
|
||||
${libdir}/libtsan.so \
|
||||
${libdir}/libtsan.la \
|
||||
${libdir}/libtsan_*.o \
|
||||
"
|
||||
FILES:libtsan-staticdev += "${libdir}/libtsan.a"
|
||||
|
||||
FILES:gcc-sanitizers = "${libdir}/*.spec ${libdir}/gcc/${TARGET_SYS}/${BINV}/include/sanitizer/*.h"
|
||||
|
||||
# From libgcc.inc:
|
||||
|
||||
FILES:libgcc = "${base_libdir}/libgcc_s.so.1"
|
||||
|
||||
FILES:libgcc-dev = "\
|
||||
${base_libdir}/libgcc*.so \
|
||||
${@oe.utils.conditional('BASETARGET_SYS', '${TARGET_SYS}', '', '${libdir}/${BASETARGET_SYS}', d)} \
|
||||
${libdir}/${TARGET_SYS}/${BINV}* \
|
||||
${libdir}/${TARGET_ARCH}${TARGET_VENDOR}* \
|
||||
"
|
||||
|
||||
FILES:linux-libc-headers = ""
|
||||
FILES:linux-libc-headers-dev = "\
|
||||
${includedir}/asm* \
|
||||
${includedir}/linux \
|
||||
${includedir}/mtd \
|
||||
${includedir}/rdma \
|
||||
${includedir}/scsi \
|
||||
${includedir}/sound \
|
||||
${includedir}/video \
|
||||
"
|
||||
FILES:${PN} += "\
|
||||
${libdir}/bin \
|
||||
${libdir}/locale \
|
||||
${libdir}/gconv/gconv-modules \
|
||||
${datadir}/zoneinfo \
|
||||
${base_libdir}/libcrypt*.so.* \
|
||||
${base_libdir}/libcrypt-*.so \
|
||||
${base_libdir}/libc.so.* \
|
||||
${base_libdir}/libc-*.so \
|
||||
${base_libdir}/libm.so.* \
|
||||
${base_libdir}/libmemusage.so \
|
||||
${base_libdir}/libm-*.so \
|
||||
${base_libdir}/ld*.so.* \
|
||||
${base_libdir}/ld-*.so \
|
||||
${base_libdir}/libpthread*.so.* \
|
||||
${base_libdir}/libpthread*.so \
|
||||
${base_libdir}/libpthread-*.so \
|
||||
${base_libdir}/libresolv*.so.* \
|
||||
${base_libdir}/libresolv-*.so \
|
||||
${base_libdir}/librt*.so.* \
|
||||
${base_libdir}/librt-*.so \
|
||||
${base_libdir}/libutil*.so.* \
|
||||
${base_libdir}/libutil-*.so \
|
||||
${base_libdir}/libnss_files*.so.* \
|
||||
${base_libdir}/libnss_files-*.so \
|
||||
${base_libdir}/libnss_compat*.so.* \
|
||||
${base_libdir}/libnss_compat-*.so \
|
||||
${base_libdir}/libnss_dns*.so.* \
|
||||
${base_libdir}/libnss_dns-*.so \
|
||||
${base_libdir}/libnss_nis*.so.* \
|
||||
${base_libdir}/libnss_nisplus-*.so \
|
||||
${base_libdir}/libnss_nisplus*.so.* \
|
||||
${base_libdir}/libnss_nis-*.so \
|
||||
${base_libdir}/libnss_hesiod*.so.* \
|
||||
${base_libdir}/libnss_hesiod-*.so \
|
||||
${base_libdir}/libdl*.so.* \
|
||||
${base_libdir}/libdl-*.so \
|
||||
${base_libdir}/libanl*.so.* \
|
||||
${base_libdir}/libanl-*.so \
|
||||
${base_libdir}/libBrokenLocale*.so.* \
|
||||
${base_libdir}/libBrokenLocale-*.so \
|
||||
${base_libdir}/libthread_db*.so.* \
|
||||
${base_libdir}/libthread_db-*.so \
|
||||
${base_libdir}/libmemusage.so \
|
||||
${base_libdir}/libSegFault.so \
|
||||
${base_libdir}/libpcprofile.so \
|
||||
"
|
||||
|
||||
FILES:${PN}-dbg += "${base_libdir}/debug"
|
||||
|
||||
# From gcc-runtime.inc
|
||||
|
||||
# include python debugging scripts
|
||||
FILES:gcc-runtime-dbg += "\
|
||||
${libdir}/libstdc++.so.*-gdb.py \
|
||||
${datadir}/gcc-${BINV}/python/libstdcxx \
|
||||
"
|
||||
|
||||
FILES:libg2c = "${target_libdir}/libg2c.so.*"
|
||||
SUMMARY:libg2c = "Companion runtime library for g77"
|
||||
FILES:libg2c-dev = "\
|
||||
${libdir}/libg2c.so \
|
||||
${libdir}/libg2c.a \
|
||||
${libdir}/libfrtbegin.a \
|
||||
"
|
||||
SUMMARY:libg2c-dev = "Companion runtime library for g77 - development files"
|
||||
|
||||
FILES:libstdc++ = "${libdir}/libstdc++.so.*"
|
||||
SUMMARY:libstdc++ = "GNU standard C++ library"
|
||||
FILES:libstdc++-dev = "\
|
||||
/include/c++ \
|
||||
${includedir}/c++/ \
|
||||
${libdir}/libstdc++.so \
|
||||
${libdir}/libstdc++*.la \
|
||||
${libdir}/libsupc++.la \
|
||||
"
|
||||
SUMMARY:libstdc++-dev = "GNU standard C++ library - development files"
|
||||
|
||||
FILES:libstdc++-staticdev = "\
|
||||
${libdir}/libstdc++*.a \
|
||||
${libdir}/libsupc++.a \
|
||||
"
|
||||
SUMMARY:libstdc++-staticdev = "GNU standard C++ library - static development files"
|
||||
|
||||
FILES:libstdc++-precompile-dev = "${includedir}/c++/${TARGET_SYS}/bits/*.gch"
|
||||
SUMMARY:libstdc++-precompile-dev = "GNU standard C++ library - precompiled header files"
|
||||
|
||||
FILES:libssp = "${libdir}/libssp.so.*"
|
||||
SUMMARY:libssp = "GNU stack smashing protection library"
|
||||
FILES:libssp-dev = "\
|
||||
${libdir}/libssp*.so \
|
||||
${libdir}/libssp*_nonshared.a \
|
||||
${libdir}/libssp*.la \
|
||||
${libdir}/gcc/${TARGET_SYS}/${BINV}/include/ssp \
|
||||
"
|
||||
SUMMARY:libssp-dev = "GNU stack smashing protection library - development files"
|
||||
FILES:libssp-staticdev = "${libdir}/libssp*.a"
|
||||
SUMMARY:libssp-staticdev = "GNU stack smashing protection library - static development files"
|
||||
|
||||
FILES:libquadmath = "${libdir}/libquadmath*.so.*"
|
||||
SUMMARY:libquadmath = "GNU quad-precision math library"
|
||||
FILES:libquadmath-dev = "\
|
||||
${libdir}/gcc/${TARGET_SYS}/${BINV}/include/quadmath* \
|
||||
${libdir}/libquadmath*.so \
|
||||
${libdir}/libquadmath.la \
|
||||
"
|
||||
SUMMARY:libquadmath-dev = "GNU quad-precision math library - development files"
|
||||
FILES:libquadmath-staticdev = "${libdir}/libquadmath.a"
|
||||
SUMMARY:libquadmath-staticdev = "GNU quad-precision math library - static development files"
|
||||
|
||||
# NOTE: mudflap has been removed as of gcc 4.9 and has been superseded by the address sanitiser
|
||||
FILES:libmudflap = "${libdir}/libmudflap*.so.*"
|
||||
SUMMARY:libmudflap = "Pointer debugging library for gcc"
|
||||
FILES:libmudflap-dev = "\
|
||||
${libdir}/libmudflap*.so \
|
||||
${libdir}/libmudflap.la \
|
||||
"
|
||||
SUMMARY:libmudflap-dev = "Pointer debugging library for gcc - development files"
|
||||
FILES:libmudflap-staticdev = "${libdir}/libmudflap.a"
|
||||
SUMMARY:libmudflap-staticdev = "Pointer debugging library for gcc - static development files"
|
||||
|
||||
FILES:libgomp = "${libdir}/libgomp*${SOLIBS}"
|
||||
SUMMARY:libgomp = "GNU OpenMP parallel programming library"
|
||||
FILES:libgomp-dev = "\
|
||||
${libdir}/libgomp*${SOLIBSDEV} \
|
||||
${libdir}/libgomp*.la \
|
||||
${libdir}/libgomp.spec \
|
||||
${libdir}/gcc/${TARGET_SYS}/${BINV}/include/omp.h \
|
||||
${libdir}/gcc/${TARGET_SYS}/${BINV}/include/openacc.h \
|
||||
"
|
||||
SUMMARY:libgomp-dev = "GNU OpenMP parallel programming library - development files"
|
||||
FILES:libgomp-staticdev = "${libdir}/libgomp*.a"
|
||||
SUMMARY:libgomp-staticdev = "GNU OpenMP parallel programming library - static development files"
|
||||
|
||||
FILES:libatomic = "${libdir}/libatomic.so.*"
|
||||
SUMMARY:libatomic = "GNU C++11 atomics support library"
|
||||
FILES:libatomic-dev = "\
|
||||
${libdir}/libatomic.so \
|
||||
${libdir}/libatomic.la \
|
||||
"
|
||||
SUMMARY:libatomic-dev = "GNU C++11 atomics support library - development files"
|
||||
FILES:libatomic-staticdev = "${libdir}/libatomic.a"
|
||||
SUMMARY:libatomic-staticdev = "GNU C++11 atomics support library - static development files"
|
||||
|
||||
FILES:libitm = "${libdir}/libitm.so.*"
|
||||
SUMMARY:libitm = "GNU transactional memory support library"
|
||||
FILES:libitm-dev = "\
|
||||
${libdir}/libitm.so \
|
||||
${libdir}/libitm.la \
|
||||
${libdir}/libitm.spec \
|
||||
"
|
||||
SUMMARY:libitm-dev = "GNU transactional memory support library - development files"
|
||||
FILES:libitm-staticdev = "${libdir}/libitm.a"
|
||||
SUMMARY:libitm-staticdev = "GNU transactional memory support library - static development files"
|
||||
|
||||
EAT_VER_MAIN ??= ""
|
||||
|
||||
python () {
|
||||
if not d.getVar("EAT_VER_MAIN", False):
|
||||
raise bb.parse.SkipPackage("External ARM toolchain not configured (EAT_VER_MAIN not set).")
|
||||
if d.getVar('TCLIBC', True) != "glibc":
|
||||
raise bb.parse.SkipPackage("incompatible with %s" % d.getVar('TCLIBC', True))
|
||||
}
|
||||
@@ -0,0 +1 @@
|
||||
POSIX
|
||||
@@ -0,0 +1,79 @@
|
||||
LICENSE = "GPL-3.0-with-GCC-exception & GPL-3.0-only & GPL-2.0-only & LGPL-3.0-only & LGPL-2.1-only & LGPL-2.0-only"
|
||||
|
||||
EAT_BFD_LICENSE = "GPL-3.0-only"
|
||||
EAT_GCC_LICENSE = "GPL-3.0-with-GCC-exception & GPL-3.0-only"
|
||||
EAT_GDB_LICENSE = "GPL-3.0-only"
|
||||
EAT_LIBC_LICENSE = "GPL-2.0-only & LGPL-2.1-only"
|
||||
EAT_RLE_LICENSE = "GPL-3.0-with-GCC-exception"
|
||||
|
||||
LICENSE:${PN} = "${EAT_LIBC_LICENSE}"
|
||||
LICENSE:${PN}-dev = "${EAT_LIBC_LICENSE}"
|
||||
LICENSE:${PN}-doc = "${EAT_LIBC_LICENSE}"
|
||||
LICENSE:${PN}-dbg = "${EAT_LIBC_LICENSE}"
|
||||
LICENSE:${PN}-pic = "${EAT_LIBC_LICENSE}"
|
||||
LICENSE:${PN}-utils = "${EAT_LIBC_LICENSE}"
|
||||
LICENSE:${PN}-mtrace = "${EAT_LIBC_LICENSE}"
|
||||
LICENSE:${PN}-gconv = "${EAT_LIBC_LICENSE}"
|
||||
LICENSE:${PN}-extra-nss = "${EAT_LIBC_LICENSE}"
|
||||
LICENSE:${PN}-thread-db = "${EAT_LIBC_LICENSE}"
|
||||
LICENSE:${PN}-pcprofile = "${EAT_LIBC_LICENSE}"
|
||||
LICENSE:${PN}-staticdev = "${EAT_LIBC_LICENSE}"
|
||||
LICENSE:catchsegv = "${EAT_LIBC_LICENSE}"
|
||||
LICENSE:glibc-extra-nss = "${EAT_LIBC_LICENSE}"
|
||||
LICENSE:glibc-thread-db = "${EAT_LIBC_LICENSE}"
|
||||
|
||||
LICENSE:libmemusage = "${EAT_LIBC_LICENSE}"
|
||||
LICENSE:libsegfault = "${EAT_LIBC_LICENSE}"
|
||||
LICENSE:libsotruss = "${EAT_LIBC_LICENSE}"
|
||||
LICENSE:sln = "${EAT_LIBC_LICENSE}"
|
||||
LICENSE:nscd = "${EAT_LIBC_LICENSE}"
|
||||
LICENSE:ldd = "${EAT_LIBC_LICENSE}"
|
||||
|
||||
LICENSE:libasan-dev = "${EAT_GCC_LICENSE}"
|
||||
LICENSE:libasan = "${EAT_GCC_LICENSE}"
|
||||
LICENSE:libasan-staticdev = "${EAT_GCC_LICENSE}"
|
||||
LICENSE:libatomic-dev = "${EAT_GCC_LICENSE}"
|
||||
LICENSE:libatomic = "${EAT_GCC_LICENSE}"
|
||||
LICENSE:libatomic-staticdev = "${EAT_GCC_LICENSE}"
|
||||
LICENSE:libg2c-dev = "${EAT_GCC_LICENSE}"
|
||||
LICENSE:libg2c = "${EAT_GCC_LICENSE}"
|
||||
LICENSE:libgcc-dev = "${EAT_GCC_LICENSE}"
|
||||
LICENSE:libgcc = "${EAT_GCC_LICENSE}"
|
||||
LICENSE:libgfortran-dbg = "${EAT_GCC_LICENSE}"
|
||||
LICENSE:libgfortran-dev = "${EAT_GCC_LICENSE}"
|
||||
LICENSE:libgfortran = "${EAT_GCC_LICENSE}"
|
||||
LICENSE:libgfortran-staticdev = "${EAT_GCC_LICENSE}"
|
||||
LICENSE:libgomp-dev = "${EAT_GCC_LICENSE}"
|
||||
LICENSE:libgomp = "${EAT_GCC_LICENSE}"
|
||||
LICENSE:libgomp-staticdev = "${EAT_GCC_LICENSE}"
|
||||
LICENSE:libitm-dev = "${EAT_GCC_LICENSE}"
|
||||
LICENSE:libitm = "${EAT_GCC_LICENSE}"
|
||||
LICENSE:libitm-staticdev = "${EAT_GCC_LICENSE}"
|
||||
LICENSE:liblsan-dev = "${EAT_GCC_LICENSE}"
|
||||
LICENSE:liblsan = "${EAT_GCC_LICENSE}"
|
||||
LICENSE:liblsan-staticdev = "${EAT_GCC_LICENSE}"
|
||||
LICENSE:libmudflap-dev = "${EAT_GCC_LICENSE}"
|
||||
LICENSE:libmudflap = "${EAT_GCC_LICENSE}"
|
||||
LICENSE:libmudflap-staticdev = "${EAT_GCC_LICENSE}"
|
||||
LICENSE:libquadmath-dev = "${EAT_GCC_LICENSE}"
|
||||
LICENSE:libquadmath = "${EAT_GCC_LICENSE}"
|
||||
LICENSE:libquadmath-staticdev = "${EAT_GCC_LICENSE}"
|
||||
LICENSE:libssp-dev = "${EAT_GCC_LICENSE}"
|
||||
LICENSE:libssp = "${EAT_GCC_LICENSE}"
|
||||
LICENSE:libssp-staticdev = "${EAT_GCC_LICENSE}"
|
||||
LICENSE:libstdc++-dbg = "${EAT_GCC_LICENSE}"
|
||||
LICENSE:libstdc++-dev = "${EAT_GCC_LICENSE}"
|
||||
LICENSE:libstdc++ = "${EAT_GCC_LICENSE}"
|
||||
LICENSE:libstdc++-precompile-dev = "${EAT_GCC_LICENSE}"
|
||||
LICENSE:libstdc++-staticdev = "${EAT_GCC_LICENSE}"
|
||||
LICENSE:libtsan-dev = "${EAT_GCC_LICENSE}"
|
||||
LICENSE:libtsan = "${EAT_GCC_LICENSE}"
|
||||
LICENSE:libtsan-staticdev = "${EAT_GCC_LICENSE}"
|
||||
LICENSE:libubsan-dev = "${EAT_GCC_LICENSE}"
|
||||
LICENSE:libubsan = "${EAT_GCC_LICENSE}"
|
||||
LICENSE:libubsan-staticdev = "${EAT_GCC_LICENSE}"
|
||||
|
||||
LICENSE:linux-libc-headers-dev = "GPL-2.0-only"
|
||||
LICENSE:linux-libc-headers = "GPL-2.0-only"
|
||||
|
||||
LICENSE:gdbserver = "GPL-2.0-only & GPL-3.0-only & LGPL-2.0-only & LGPL-3.0-only"
|
||||
@@ -31,7 +31,7 @@ EXTRA_IMAGEDEPENDS += "${FVP_PROVIDER}"
|
||||
|
||||
IMAGE_CLASSES += "image-artifact-names"
|
||||
|
||||
IMAGE_POSTPROCESS_COMMAND += "do_write_fvpboot_conf"
|
||||
IMAGE_POSTPROCESS_COMMAND += "do_write_fvpboot_conf;"
|
||||
python do_write_fvpboot_conf() {
|
||||
# Note that currently this JSON file is in development and the format may
|
||||
# change at any point, so it should always be used with a matching runfvp.
|
||||
|
||||
@@ -33,7 +33,7 @@ DEPENDS += "trusted-firmware-m-scripts-native"
|
||||
|
||||
# python3-cryptography needs the legacy provider, so set OPENSSL_MODULES to the
|
||||
# right path until this is relocated automatically.
|
||||
export OPENSSL_MODULES = "${STAGING_LIBDIR_NATIVE}/ossl-modules"
|
||||
export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules"
|
||||
|
||||
# The arguments passed to the TF-M image signing script. Override this variable
|
||||
# in an image recipe to customize the arguments.
|
||||
|
||||
@@ -13,7 +13,7 @@ LAYERDEPENDS_meta-arm = " \
|
||||
core \
|
||||
arm-toolchain \
|
||||
"
|
||||
LAYERSERIES_COMPAT_meta-arm = "styhead walnascar"
|
||||
LAYERSERIES_COMPAT_meta-arm = "styhead"
|
||||
|
||||
# runfvp --console needs telnet, so pull this in for testimage.
|
||||
HOSTTOOLS_NONFATAL += "telnet"
|
||||
|
||||
@@ -18,7 +18,7 @@ QB_KERNEL_ROOT = "/dev/vda2"
|
||||
IMAGE_FSTYPES += "wic wic.qcow2"
|
||||
|
||||
WKS_FILE ?= "qemuarm64.wks"
|
||||
WKS_FILE_DEPENDS:append = " trusted-firmware-a"
|
||||
WKS_FILE_DEPENDS = "trusted-firmware-a"
|
||||
IMAGE_BOOT_FILES = "${KERNEL_IMAGETYPE}"
|
||||
|
||||
MACHINE_FEATURES += "optee-ftpm"
|
||||
|
||||
@@ -29,7 +29,8 @@ def cli_from_config(config, terminal_choice):
|
||||
if terminal_choice != "none" and name:
|
||||
# TODO if raw mode
|
||||
# cli.extend(["--parameter", f"{terminal}.mode=raw"])
|
||||
cli.extend(["--parameter", f"{terminal}.terminal_command={terminals[terminal_choice].command.format(name=name)}"])
|
||||
# TODO put name into terminal title
|
||||
cli.extend(["--parameter", f"{terminal}.terminal_command={terminals[terminal_choice].command}"])
|
||||
else:
|
||||
# Disable terminal
|
||||
cli.extend(["--parameter", f"{terminal}.start_telnet=0"])
|
||||
|
||||
@@ -53,7 +53,7 @@ class Terminals:
|
||||
terminals = Terminals()
|
||||
# TODO: option to switch between telnet and netcat
|
||||
connect_command = "telnet localhost %port"
|
||||
terminals.add_terminal(2, "tmux", f"tmux new-window -n \"{{name}} - %title\" \"{connect_command}\"")
|
||||
terminals.add_terminal(2, "gnome-terminal", f"gnome-terminal --window --title \"{{name}} - %title\" --command \"{connect_command}\"")
|
||||
terminals.add_terminal(1, "xterm", f"xterm -title \"{{name}} - %title\" -e {connect_command}")
|
||||
terminals.add_terminal(2, "tmux", f"tmux new-window -n \"%title\" \"{connect_command}\"")
|
||||
terminals.add_terminal(2, "gnome-terminal", f"gnome-terminal --window --title \"%title\" --command \"{connect_command}\"")
|
||||
terminals.add_terminal(1, "xterm", f"xterm -title \"%title\" -e {connect_command}")
|
||||
terminals.add_terminal(0, "none", None)
|
||||
|
||||
@@ -12,7 +12,7 @@ class OpteeTestSuite(OERuntimeTestCase):
|
||||
"""
|
||||
Run OP-TEE tests (xtest).
|
||||
"""
|
||||
@OETimeout(2700)
|
||||
@OETimeout(1300)
|
||||
@OEHasPackage(['optee-test'])
|
||||
def test_opteetest_xtest(self):
|
||||
# clear storage before executing tests
|
||||
|
||||
@@ -4,7 +4,7 @@ LICENSE = "BSD-3-Clause"
|
||||
LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=bb63326febfb5fb909226c8e7ebcef5c"
|
||||
|
||||
SRC_URI = "git://git.kernel.org/pub/scm/linux/kernel/git/mark/boot-wrapper-aarch64.git;branch=master;protocol=https"
|
||||
SRCREV = "ac6742520ded1da30d500f74e8affe86e27cabd5"
|
||||
SRCREV = "5e3760073454c72f3458805a1b7a89ecf80353cb"
|
||||
|
||||
# boot-wrapper doesn't make releases
|
||||
UPSTREAM_CHECK_COMMITS = "1"
|
||||
|
||||
@@ -0,0 +1,29 @@
|
||||
From 745294ffa9bb9296eb4250f24dd0ae8115fadd7a Mon Sep 17 00:00:00 2001
|
||||
From: Jon Mason <jon.mason@arm.com>
|
||||
Date: Thu, 27 Oct 2022 20:10:09 +0000
|
||||
Subject: [PATCH] work around visibility issue
|
||||
|
||||
gn commit 46b572ce4ceedfe57f4f84051bd7da624c98bf01 "fixed" the
|
||||
visibility field not applying to public configs. This caused dtc to
|
||||
have issues due to libfdt and others not being specified. Due to the
|
||||
number, it was cleaner to remove the visibility field (which defaults to
|
||||
everything being visible).
|
||||
|
||||
Upstream-Status: Pending [Not submitted to upstream yet]
|
||||
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
||||
---
|
||||
BUILD.gn | 1 -
|
||||
1 file changed, 1 deletion(-)
|
||||
|
||||
diff --git a/BUILD.gn b/BUILD.gn
|
||||
index f55560c540de..d60c3e37135b 100644
|
||||
--- a/BUILD.gn
|
||||
+++ b/BUILD.gn
|
||||
@@ -5,7 +5,6 @@
|
||||
# https://opensource.org/licenses/BSD-3-Clause.
|
||||
|
||||
config("libfdt_config") {
|
||||
- visibility = [ ":gtest" ]
|
||||
include_dirs = [
|
||||
"libfdt",
|
||||
"hafnium_inc",
|
||||
+2
-1
@@ -16,8 +16,9 @@ inherit deploy python3native pkgconfig ${CLANGNATIVE}
|
||||
SRC_URI = "gitsm://git.trustedfirmware.org/hafnium/hafnium.git;protocol=https;branch=master \
|
||||
file://0001-arm-hafnium-fix-kernel-tool-linking.patch \
|
||||
file://0001-Use-pkg-config-native-to-find-the-libssl-headers.patch;patchdir=third_party/linux \
|
||||
file://0001-work-around-visibility-issue.patch;patchdir=third_party/dtc \
|
||||
"
|
||||
SRCREV = "2cf2ca7c4b81ab18e9cd363d9a5c8288e2a94fda"
|
||||
SRCREV = "2bef7ab3895c48d39b84ab58179b2d0de5156b8b"
|
||||
S = "${WORKDIR}/git"
|
||||
B = "${WORKDIR}/build"
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
From 8b4b14943de92a2c7f8b328c2de75771493b7d18 Mon Sep 17 00:00:00 2001
|
||||
From b298400a5783453f64d8bebbd92db2c84c4a49fd Mon Sep 17 00:00:00 2001
|
||||
From: Ross Burton <ross.burton@arm.com>
|
||||
Date: Mon, 10 Jul 2023 14:09:16 +0100
|
||||
Subject: [PATCH] OPTEE Private Includes
|
||||
@@ -11,14 +11,14 @@ For some reason this behaviour isn't deterministic, a ticket has been filed with
|
||||
Upstream-Status: Pending
|
||||
Signed-off-by: Ross Burton <ross.burton@arm.com>
|
||||
---
|
||||
product/optee/common/module/console/CMakeLists.txt | 2 +-
|
||||
product/optee/common/module/mbx/CMakeLists.txt | 2 +-
|
||||
module/optee/console/CMakeLists.txt | 2 +-
|
||||
module/optee/mbx/CMakeLists.txt | 2 +-
|
||||
2 files changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/product/optee/common/module/console/CMakeLists.txt b/product/optee/common/module/console/CMakeLists.txt
|
||||
diff --git a/module/optee/console/CMakeLists.txt b/module/optee/console/CMakeLists.txt
|
||||
index aebb7cc79766..942aa98c85ff 100644
|
||||
--- a/product/optee/common/module/console/CMakeLists.txt
|
||||
+++ b/product/optee/common/module/console/CMakeLists.txt
|
||||
--- a/module/optee/console/CMakeLists.txt
|
||||
+++ b/module/optee/console/CMakeLists.txt
|
||||
@@ -14,7 +14,7 @@ target_include_directories(${SCP_MODULE_TARGET}
|
||||
# Those includes are needed for mutex definitnion that is used in optee_smt
|
||||
# notification
|
||||
@@ -28,10 +28,10 @@ index aebb7cc79766..942aa98c85ff 100644
|
||||
"${SCP_OPTEE_DIR}/core/include/"
|
||||
"${SCP_OPTEE_DIR}/lib/libutils/ext/include/"
|
||||
"${SCP_OPTEE_DIR}/lib/libutee/include/")
|
||||
diff --git a/product/optee/common/module/mbx/CMakeLists.txt b/product/optee/common/module/mbx/CMakeLists.txt
|
||||
diff --git a/module/optee/mbx/CMakeLists.txt b/module/optee/mbx/CMakeLists.txt
|
||||
index 305fa42b7370..783a7970c2d5 100644
|
||||
--- a/product/optee/common/module/mbx/CMakeLists.txt
|
||||
+++ b/product/optee/common/module/mbx/CMakeLists.txt
|
||||
--- a/module/optee/mbx/CMakeLists.txt
|
||||
+++ b/module/optee/mbx/CMakeLists.txt
|
||||
@@ -15,7 +15,7 @@ target_include_directories(${SCP_MODULE_TARGET}
|
||||
# Those includes are needed for mutex defifitnion that is used in optee_smt
|
||||
# notification
|
||||
|
||||
+1
-1
@@ -12,7 +12,7 @@ SRC_URI = "${SRC_URI_SCP_FIRMWARE};branch=${SRCBRANCH} \
|
||||
"
|
||||
|
||||
SRCBRANCH = "main"
|
||||
SRCREV = "25681b34bdc838b7231e0056e3ef5164e8005382"
|
||||
SRCREV = "3267f2964114a56faaf46a40704be6ca78240725"
|
||||
|
||||
PROVIDES += "virtual/control-processor-firmware"
|
||||
|
||||
@@ -1,25 +0,0 @@
|
||||
# Description, License, and version from tools/cot_dt2c/pyproject.toml in TF-A source
|
||||
DESCRIPTION = "CoT-dt2c Tool is a python script to convert CoT DT file into corresponding C file"
|
||||
LICENSE = "BSD-3-Clause"
|
||||
|
||||
SRC_URI_TRUSTED_FIRMWARE_A ?= "git://git.trustedfirmware.org/TF-A/trusted-firmware-a.git;protocol=https"
|
||||
SRC_URI = "${SRC_URI_TRUSTED_FIRMWARE_A};branch=${SRCBRANCH}"
|
||||
LIC_FILES_CHKSUM = "file://docs/license.rst;md5=83b7626b8c7a37263c6a58af8d19bee1"
|
||||
|
||||
# Use cot-dt2c from TF-A v2.12.0
|
||||
SRCREV = "4ec2948fe3f65dba2f19e691e702f7de2949179c"
|
||||
SRCBRANCH = "master"
|
||||
|
||||
inherit python_poetry_core
|
||||
|
||||
BBCLASSEXTEND = "native nativesdk"
|
||||
|
||||
S = "${UNPACKDIR}/git"
|
||||
|
||||
# Dependencies of plotly and igraph are not needed for the standard case
|
||||
RDEPENDS:${PN} += "python3-click \
|
||||
python3-pydevicetree \
|
||||
python3-pyparsing \
|
||||
"
|
||||
|
||||
PEP517_SOURCE_PATH = "${S}/tools/cot_dt2c"
|
||||
+1
-1
@@ -10,7 +10,7 @@ Enables testing boot without TPM device to see that
|
||||
missing TPM is detected further up the SW stack and correct
|
||||
fallback actions are taken.
|
||||
|
||||
Upstream-Status: Submitted [https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/36514]
|
||||
Upstream-Status: Pending
|
||||
|
||||
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
|
||||
---
|
||||
|
||||
+2
-2
@@ -9,8 +9,8 @@ SRC_URI_TRUSTED_FIRMWARE_A ?= "git://git.trustedfirmware.org/TF-A/trusted-firmwa
|
||||
SRC_URI = "${SRC_URI_TRUSTED_FIRMWARE_A};destsuffix=fiptool-${PV};branch=${SRCBRANCH}"
|
||||
LIC_FILES_CHKSUM = "file://docs/license.rst;md5=b2c740efedc159745b9b31f88ff03dde"
|
||||
|
||||
# Use fiptool from TF-A v2.10.9
|
||||
SRCREV = "7e63213601425c7a6d83e47dc936b264deb9df2b"
|
||||
# Use fiptool from TF-A v2.10.4
|
||||
SRCREV = "569e16caad976a0684147da1ecc6333fd9b7f813"
|
||||
SRCBRANCH = "lts-v2.10"
|
||||
|
||||
DEPENDS += "openssl-native"
|
||||
+4
-4
@@ -7,11 +7,11 @@ LICENSE = "BSD-3-Clause"
|
||||
|
||||
SRC_URI_TRUSTED_FIRMWARE_A ?= "git://git.trustedfirmware.org/TF-A/trusted-firmware-a.git;protocol=https"
|
||||
SRC_URI = "${SRC_URI_TRUSTED_FIRMWARE_A};destsuffix=fiptool-${PV};branch=${SRCBRANCH}"
|
||||
LIC_FILES_CHKSUM = "file://docs/license.rst;md5=83b7626b8c7a37263c6a58af8d19bee1"
|
||||
LIC_FILES_CHKSUM = "file://docs/license.rst;md5=b5fbfdeb6855162dded31fadcd5d4dc5"
|
||||
|
||||
# Use fiptool from TF-A v2.12.1
|
||||
SRCREV = "8cf9edba5cc3ec11ed5463f206aa5819f7fdbade"
|
||||
SRCBRANCH = "lts-v2.12"
|
||||
# Use fiptool from TF-A v2.11.0
|
||||
SRCREV = "f2735ebccf5173f74c0458736ec526276106097e"
|
||||
SRCBRANCH = "master"
|
||||
|
||||
DEPENDS += "openssl-native"
|
||||
|
||||
+4
-2
@@ -11,7 +11,9 @@ SRC_URI_TRUSTED_FIRMWARE_A_TESTS ?= "git://git.trustedfirmware.org/TF-A/tf-a-tes
|
||||
SRC_URI = "${SRC_URI_TRUSTED_FIRMWARE_A_TESTS};branch=${SRCBRANCH} \
|
||||
"
|
||||
SRCBRANCH = "master"
|
||||
SRCREV = "6a113621a9efdc143e9270b1789046cd7d9cdfb1"
|
||||
SRCREV = "42b99719d5dde58bdde07712bcb70a20d87f9067"
|
||||
|
||||
DEPENDS += "optee-os"
|
||||
|
||||
EXTRA_OEMAKE += "USE_NVM=0"
|
||||
EXTRA_OEMAKE += "SHELL_COLOR=1"
|
||||
@@ -33,7 +35,7 @@ B = "${WORKDIR}/build"
|
||||
EXTRA_OEMAKE += "BUILD_BASE=${B} PLAT=${TFA_PLATFORM}"
|
||||
|
||||
# Requires CROSS_COMPILE set by hand as there is no configure script
|
||||
export CROSS_COMPILE = "${TARGET_PREFIX}"
|
||||
export CROSS_COMPILE="${TARGET_PREFIX}"
|
||||
|
||||
LDFLAGS[unexport] = "1"
|
||||
do_compile() {
|
||||
+6
-3
@@ -8,9 +8,12 @@ inherit deploy
|
||||
COMPATIBLE_MACHINE ?= "invalid"
|
||||
|
||||
SRC_URI_TRUSTED_FIRMWARE_A_TESTS ?= "git://git.trustedfirmware.org/TF-A/tf-a-tests.git;protocol=https"
|
||||
SRC_URI = "${SRC_URI_TRUSTED_FIRMWARE_A_TESTS};nobranch=1"
|
||||
SRC_URI = "${SRC_URI_TRUSTED_FIRMWARE_A_TESTS};branch=${SRCBRANCH} \
|
||||
"
|
||||
SRCBRANCH = "master"
|
||||
SRCREV = "8917cf8b5eeb409b63256076d0dc35c60930ce18"
|
||||
SRCREV = "fd053b75cde9c2aa1a5b979a2b544890510d4f52"
|
||||
|
||||
DEPENDS += "optee-os"
|
||||
|
||||
EXTRA_OEMAKE += "USE_NVM=0"
|
||||
EXTRA_OEMAKE += "SHELL_COLOR=1"
|
||||
@@ -32,7 +35,7 @@ B = "${WORKDIR}/build"
|
||||
EXTRA_OEMAKE += "BUILD_BASE=${B} PLAT=${TFA_PLATFORM}"
|
||||
|
||||
# Requires CROSS_COMPILE set by hand as there is no configure script
|
||||
export CROSS_COMPILE = "${TARGET_PREFIX}"
|
||||
export CROSS_COMPILE="${TARGET_PREFIX}"
|
||||
|
||||
LDFLAGS[unexport] = "1"
|
||||
do_compile() {
|
||||
@@ -77,7 +77,7 @@ TFA_BUILD_TARGET ?= "bl1"
|
||||
TFA_INSTALL_TARGET ?= "${TFA_BUILD_TARGET}"
|
||||
|
||||
# Requires CROSS_COMPILE set by hand as there is no configure script
|
||||
export CROSS_COMPILE = "${TARGET_PREFIX}"
|
||||
export CROSS_COMPILE="${TARGET_PREFIX}"
|
||||
|
||||
# Let the Makefile handle setting up the CFLAGS and LDFLAGS as it is a standalone application
|
||||
CFLAGS[unexport] = "1"
|
||||
|
||||
+6
-6
@@ -1,17 +1,17 @@
|
||||
require recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc
|
||||
|
||||
# TF-A v2.10.12
|
||||
SRCREV_tfa = "408ba4ddfe9a8d55e3e2488bea89c39adef07981"
|
||||
# TF-A v2.10.4
|
||||
SRCREV_tfa = "569e16caad976a0684147da1ecc6333fd9b7f813"
|
||||
SRCBRANCH = "lts-v2.10"
|
||||
|
||||
LIC_FILES_CHKSUM += "file://docs/license.rst;md5=b2c740efedc159745b9b31f88ff03dde"
|
||||
|
||||
# in TF-A src, docs/getting_started/prerequisites.rst lists the expected version mbedtls
|
||||
# mbedtls-3.6.2
|
||||
SRC_URI_MBEDTLS = "git://github.com/ARMmbed/mbedtls.git;name=mbedtls;protocol=https;destsuffix=git/mbedtls;branch=mbedtls-3.6"
|
||||
SRCREV_mbedtls = "107ea89daaefb9867ea9121002fbbdf926780e98"
|
||||
# mbedtls-3.4.1
|
||||
SRC_URI_MBEDTLS = "git://github.com/ARMmbed/mbedtls.git;name=mbedtls;protocol=https;destsuffix=git/mbedtls;branch=master"
|
||||
SRCREV_mbedtls = "72718dd87e087215ce9155a826ee5a66cfbe9631"
|
||||
|
||||
LIC_FILES_CHKSUM_MBEDTLS = "file://mbedtls/LICENSE;md5=379d5819937a6c2f1ef1630d341e026d"
|
||||
LIC_FILES_CHKSUM_MBEDTLS = "file://mbedtls/LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"
|
||||
|
||||
# continue to boot also without TPM
|
||||
SRC_URI += "\
|
||||
+1
-1
@@ -8,7 +8,7 @@ LIC_FILES_CHKSUM += "file://docs/license.rst;md5=b5fbfdeb6855162dded31fadcd5d4dc
|
||||
|
||||
# in TF-A src, docs/getting_started/prerequisites.rst lists the expected version mbedtls
|
||||
# mbedtls-3.6.0
|
||||
SRC_URI_MBEDTLS = "git://github.com/ARMmbed/mbedtls.git;name=mbedtls;protocol=https;destsuffix=git/mbedtls;branch=main"
|
||||
SRC_URI_MBEDTLS = "git://github.com/ARMmbed/mbedtls.git;name=mbedtls;protocol=https;destsuffix=git/mbedtls;branch=master"
|
||||
SRCREV_mbedtls = "2ca6c285a0dd3f33982dd57299012dacab1ff206"
|
||||
|
||||
LIC_FILES_CHKSUM_MBEDTLS = "file://mbedtls/LICENSE;md5=379d5819937a6c2f1ef1630d341e026d"
|
||||
@@ -1,20 +0,0 @@
|
||||
require recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc
|
||||
|
||||
# TF-A v2.12.1
|
||||
SRCREV_tfa = "8cf9edba5cc3ec11ed5463f206aa5819f7fdbade"
|
||||
SRCBRANCH = "lts-v2.12"
|
||||
|
||||
LIC_FILES_CHKSUM += "file://docs/license.rst;md5=83b7626b8c7a37263c6a58af8d19bee1"
|
||||
|
||||
# in TF-A src, docs/getting_started/prerequisites.rst lists the expected version mbedtls
|
||||
# mbedtls-3.6.2
|
||||
SRCBRANCH_MBEDTLS = "mbedtls-3.6"
|
||||
SRC_URI_MBEDTLS = "git://github.com/ARMmbed/mbedtls.git;name=mbedtls;protocol=https;destsuffix=git/mbedtls;branch=${SRCBRANCH_MBEDTLS}"
|
||||
SRCREV_mbedtls = "107ea89daaefb9867ea9121002fbbdf926780e98"
|
||||
|
||||
LIC_FILES_CHKSUM_MBEDTLS = "file://mbedtls/LICENSE;md5=379d5819937a6c2f1ef1630d341e026d"
|
||||
|
||||
# continue to boot also without TPM
|
||||
SRC_URI += "\
|
||||
file://0001-qemu_measured_boot.c-ignore-TPM-error-and-continue-w.patch \
|
||||
"
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user