1
0
mirror of https://git.yoctoproject.org/meta-arm synced 2026-07-17 16:17:09 +00:00

Compare commits

..

176 Commits

Author SHA1 Message Date
Vishnu Banavath 2b0650573b arm-bsp:ffa-debugfs: update git SHA for v2.1.0
git sha on
https://git.gitlab.arm.com/linux-arm/linux-trusted-services/-/tree/v2.1.0
has been changed recently for v2.1.0 tag. This change is to update
ffa-debugfs-mod_2.1.0.bb to fetch correct git SHA.

Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2022-09-07 09:34:13 -04:00
Jon Mason 9bf77afada gem5: add meta-arm-bsp dependency
meta-gem5 needs the 5.4 kernel, which is only present in the
meta-arm-bsp layer.  Add this as a dependency to resolve issues.

Signed-off-by: Jon Mason <jon.mason@arm.com>
2022-08-08 14:55:23 -04:00
Ross Burton 5a2c82fe06 arm-toolchain/layer.conf: remove BB_DANGLINGAPPENDS_WARNONLY
This appears to be historical from when the toolchain was in meta-linaro.

It isn't needed anymore, there's one bbappend in meta-arm-toolchain for
grub which is part of oe-core, so will never be dangling.

This variable has a global effect, so leaving it in here has a negative
impact on users.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2022-08-04 14:08:10 -04:00
Ross Burton 6cc23cbee1 arm/linux-yocto: fix boot failure in qemuarm64-secureboot
The boot crash that appears to be triggered by the ZONE_DMA patches has
been root-caused, so work around the problem whilst upstream figure out
the best way to fix.

Also, upgrade qemuarm64-secureboot to 5.15 instead of pinning back to
5.10.

Signed-off-by: Ross Burton <ross.burton@arm.com>
2022-06-05 11:36:03 -04:00
Ross Burton 2623e69db3 runfvp: check for telnet
Check for telnet on startup to avoid mysterious failures later when
telnet isn't available.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2022-04-26 09:00:09 -04:00
Ross Burton 952e04cd58 runfvp: propagate the exit code correctly
runfvp could encounter an error but the exit code remained as 0.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2022-04-26 09:00:09 -04:00
Ross Burton 4b8aeb6edc runfvp: fix undefined variable in terminal selection login
Since 10e60cc the terminal_map doesn't exist, this piece of code wasn't
updated.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2022-04-26 09:00:09 -04:00
Ross Burton 0ffbe558a0 runfvp: refactor terminal selection
Rewrite the terminal code to have a priority list of terminals when
selecting a default, allow the user to pick a default with a
configuration file, and add gnome-terminal to the list.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2022-04-26 09:00:09 -04:00
Ross Burton 5920774ada runfvp: don't use f-string when there's no expressions
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2022-04-26 09:00:09 -04:00
Ross Burton 55453024ee runfvp: don't hide output when using terminals
Only pass a console_cb if we're hooking up a console, so that the output
from the FVP is visible on the terminal.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2022-04-26 09:00:09 -04:00
Ross Burton c72527d6a5 runfvp: handle the fvp quitting before we kill it
Don't raise an exception if the FVP has quit before we get around to
killing it.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2022-04-26 09:00:09 -04:00
Ross Burton cc1c99f537 runfvp: add an asyncio TODO
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2022-04-26 09:00:09 -04:00
Harry Moulton 0ea4b2220f arm-bsp/machine: Add runfvp config for corstone1000
Add the runfvp config for corstone1000-fvp.

Signed-off-by: Harry Moulton <harry.moulton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2022-04-26 09:00:09 -04:00
Emekcan Aras 2de4b3c893 arm-bsp/trusted-firmware-a: corstone1000: update Tfa SHA
This commit updates Tfa SHA to remove the patches from the
recipe since all of them are upstreamed now.

Signed-off-by: Emekcan Aras emekcan.aras@arm.com
Signed-off-by: Jon Mason <jon.mason@arm.com>
2022-04-25 16:00:25 -04:00
Satish Kumar 142ec9b8f9 kas/corstone1000.yml: refspec update for run-scripts
Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2022-04-06 22:02:25 -04:00
Vishnu Banavath bca2dbf93f arm-bsp/u-boot: add SDCard support for corstone1000 FVP
This change is to add SDCard support for corstone1000 FVP

Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
2022-04-01 16:47:13 +01:00
Harry Moulton 33bbdc67f2 arm-bsp/corstone1000: Add RDEPENDS to remove unwanted images.
Remove unwanted build images that push the binaries size over the size
limit for corstone1000.

Signed-off-by: Harry Moulton <harry.moulton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2022-03-14 13:00:09 -04:00
Harry Moulton af33b41925 arm-bsp/linux-yocto: backport remove redundant kernel hacking
Backport of 7fc51c7c from master which removes some redundant code to
reduce the size of the resulting corstone1000 binary.

Signed-off-by: Harry Moulton <harry.moulton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2022-03-14 13:00:09 -04:00
Jon Mason 7bc7872930 arm-bsp: update linux-yocto 5.4 to the latest version
Signed-off-by: Jon Mason <jon.mason@arm.com>
2022-03-11 16:44:39 -05:00
Jon Mason daa9abf065 arm-bsp: fix yylloc kernel build error
Backport patch from upstream to address the following error:
scripts/dtc/dtc-parser.tab.o:(.bss+0x20): multiple definition of `yylloc'; scripts/dtc/dtc-lexer.lex.o:(.bss+0x0): first defined here

Signed-off-by: Jon Mason <jon.mason@arm.com>
2022-03-11 16:44:39 -05:00
Peter Hoyes 90facd19a6 arm-bsp/docs,kas: Add SSH server to fvp-baser-aemv8r64 image
To make it easier for users to test and evaluate the FVP, including
testing inbound network connections, enable the openssh SSH server by
default and map to port 8022 on the host.

Update fvp-baser-aemv8r64 documentation accordingly in new "Networking"
section.

Issue-Id: SCM-3881
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: I88329731418e198e2ef5d3449bfb38fde5ae77bb
Signed-off-by: Jon Mason <jon.mason@arm.com>
2022-03-11 09:17:42 -05:00
Harry Moulton 6dabbf1542 arm/fvp-corstone1000: backport: update to latest version
Backport patch from master to update the URL and checksums for the
new Corstone1000 FVP version 11.17.23.

Signed-off-by: Harry Moulton <harry.moulton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2022-03-09 08:43:57 -05:00
Harry Moulton ed0e6cb0d3 corstone1000: backport: update meta-arm-image for kirkstone support
Backport patch from master to update the sha for meta-arm-image in
the corstone1000 kas file to add support for kirkstone.

Signed-off-by: Harry Moulton <harry.moulton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2022-03-08 14:54:05 -05:00
Peter Hoyes 85fb0ee28a arm-bsp/docs: Minor fvp-baser-aemv8r64 fixes
* Include `--upgrade` in pip3 command to ensure latest kas version is
   installed
 * Ensure all underscores are either quoted or escaped
 * Fix P9 example command

Issue-Id: SCM-3881
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: Ie460dbd6b1f87f5f9ca2966329341d22da3606d3
Signed-off-by: Jon Mason <jon.mason@arm.com>
2022-03-08 10:16:05 -05:00
Peter Hoyes d64e3e2178 arm-bsp/docs: Add -b honister instruction for fvp-baser-aemv8r64
Issue-Id: SCM-3871
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: I1874b0bd9dc5e3da9c40b46d9d002b83b41addcc
2022-03-04 09:21:22 +00:00
Peter Hoyes 2614c78f3b arm/fvp-base-r-aem: Update to version 11.17.21
Also update version and download link in meta-arm-bsp fvp-baser-aemv8r64
documentation

Issue-Id: SCM-3871
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: I92ec616d25703ff74ed063918a1e4811bac9ff3f
2022-03-02 12:56:18 +00:00
Peter Hoyes b9f850fe0e arm-bsp/docs: Improve fvp-baser-aemv864 limitation
Add more details about the cache_state_modelled limitation, which can
worked around by setting cci400.force_on_from_start=1

Issue-Id: SCM-3871
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: Idde23278a87316dae842c6c3793b9836482e8c3a
2022-03-02 12:56:03 +00:00
Peter Hoyes cc4fa4a11e arm-bsp/docs: Minor fvp-baser-aemv8r64 updates
* Add clarification on how to mount p9 device
 * Remove instruction to use ctrl + c to stop FVP
 * Add cache_state_modelled to Known Issues

Issue-Id: SCM-3871
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: I122c5ae5b3ceee1d106205d93a006f75bdbfa2bf
Signed-off-by: Jon Mason <jon.mason@arm.com>
2022-02-25 09:09:09 -05:00
Peter Hoyes 621cc45395 arm-bsp/docs: Update fvp-baser-aemv8r64 docs
Document U-Boot addition, add new architecture section and update the
change log.

Issue-Id: SCM-3871
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: Ie0e1ff35ade634f2b523c14bb058c9d775802632
Signed-off-by: Jon Mason <jon.mason@arm.com>
2022-02-25 09:09:09 -05:00
Peter Hoyes c0e651acc8 arm-bsp/conf: Use real-time clock for fvp-baser-aemv8r64
Enable the bp.refcounter.use_real_time option, so that the CNTPCT_EL0
increments in real-time instead of simulator time.

Issue-Id: SCM-3871
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: I197d6de4a7316e5299aee34e64e149cbd3d515a9
Signed-off-by: Jon Mason <jon.mason@arm.com>
2022-02-25 09:09:09 -05:00
Peter Hoyes 2c3382d4d6 arm-bsp/kernel: Use 4 Gb of RAM in fvp-baser-aemv8r64
The FVP default configuration has bp.dram_size=4, which is sufficient
for development and testing purposes, so remove the FVP_CONFIG
override and set to 4 Gb in the device tree.

Issue-Id: SCM-3871
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: I4a96062c9e94d36f5459f33c86aab4d4885bab43
Signed-off-by: Jon Mason <jon.mason@arm.com>
2022-02-25 09:09:09 -05:00
Peter Hoyes 8c7c60fb3b arm-bsp/u-boot: Add U-Boot for fvp-baser-aemv8r64
This patch introduces U-Boot into the fvp-baser-aemv8r64 boot flow,
providing EFI services.

The fvp-baser-aemv8r64 does not have an EL3, so the system starts at
S-EL2. For now, U-Boot is running at S-EL2, alongside boot-wrapper.
Enable the --enable-keep-el option in boot-wrapper-aarch64 so that it
boots the next stage (U-Boot) at S-EL2. Additionally, tell
boot-wrapper-aarch64 to bundle U-Boot instead of the kernel.

Linux only supports booting from S-EL1 on the fvp-baser-aemv8r64, so
U-Boot is configured with CONFIG_SWITCH_TO_EL1, so that booti or bootefi
switch to S-EL1 before booting the EFI payload (unless an enviornment
variable - armv8_switch_to_el1 - is set to 'n').

Add patches to U-Boot, which:
 * Backports 53b40e8d54fcdb834e10e6538084517524b8401b, to disable
   pointer authentication traps.
 * Add board support for the fvp-baser-aemv8r64 (with a memory map
   which is inverted from the fvp-base).
 * Enable the configuration of U-Boot using the device tree passed from
   boot-wrapper-aarch64.
 * Enable virtio-net.
 * Disable setting the exception vectors at S-EL2 so that the PSCI
   vectors pass through to Linux.
 * Set up system registers at S-EL2 for Linux.
 * Configure the S-EL2 MPU for the EFI services.
 * Allows bootefi to switch to EL1 before booting Linux.

Issue-Id: SCM-3871
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: I229d14b0717df412c1fe33772230ca779f79b32d
Signed-off-by: Jon Mason <jon.mason@arm.com>
2022-02-25 09:09:09 -05:00
Peter Hoyes b63354017a arm-bsp/boot-wrapper-aarch64: Update patches for fvp-baser-aemv8r64
Update the SRCREV to a more recent revision for the fvp-baser-aemv8r64.

Update the machine-specific patches, which makes the following changes:
 * Add PSCI services to /memreserve/ in the device tree using libfdt.
 * Add --enable-keep-el option, which allows boot-wrapper-aarch64 to
   boot the next stage at the same exception level.
 * Update the counter frequency to 100 MHz.

Issue-Id: SCM-3871
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: I41843e958cf629d69de644bb57b660fb542fc8b7
Signed-off-by: Jon Mason <jon.mason@arm.com>
2022-02-25 09:09:09 -05:00
Peter Hoyes 69d11b64cb arm/boot-wrapper-aarch64: Upgrade to newer revision
Upgrade boot-wrapper-aarch64 to 1044c77062573985f7c994c3b6cef5695f57e955

Hold back gem5 at 8d5a765251d9113c3c0f9fa14de42a9e7486fe8a in bbappend.

Issue-Id: SCM-3871
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: Ia5ccca2234dd117d530970f9f90469dacbb778e3
Signed-off-by: Jon Mason <jon.mason@arm.com>
2022-02-25 09:09:09 -05:00
Peter Hoyes db6223090e arm-bsp/fvp-baser-aemv8r64: Fix PL011 and SP805 register sizes
The Linux kernel expects the peripheral ID register to be just below the
end of the address range, which for the PL011 and SP805 is at 0xFE0 not
0xFFE0, so set the size to 0x1000.

Issue-Id: SCM-3881
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: Iada28e8192d72b1647822c33d13deffe507043b5
Signed-off-by: Jon Mason <jon.mason@arm.com>
2022-02-25 09:09:09 -05:00
Emekcan Aras 6dd18c2a80 arm-bsp/security: move TS patches to corstone1000 directory
This commit moves all the trusted-services patches to a new
corstone1000 directory.

Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2022-02-21 10:26:53 -05:00
Emekcan Aras 43e5b037e8 kas/corstone1000-base: update meta-arm-image SHA
This commit updates the meta-arm-image SHA to drop psa-arch-test
from the build.

Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2022-02-17 18:15:53 -05:00
Vishnu Banavath 400bd5d5f4 arm-bsp/security: trusted-services to fix psa-arch-tests
These changes are to fix failures in psa-arch-tests

Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2022-02-17 18:15:53 -05:00
Vishnu Banavath 2e388235cb arm-bsp/security: drop psa-arch-tests recipe
This change is to build and install psa-arch-tests using
trusted-services code and drop psa-arch-tests recipe.

Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2022-02-17 18:15:53 -05:00
Vishnu Banavath 8a6b6eb810 arm-bsp/tf-m: update git SHA
This change is to update TF-M git SHA to fix
psa-arch-tests test case failures.

Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2022-02-17 18:15:34 -05:00
Vishnu Banavath 68db42ec65 arm-bsp/security: replace mbedcrypto with mbedtls
This commit replaces mbedcrpyto with mbedtls on the trusted-service
recipe.

Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2022-02-17 18:15:34 -05:00
Ross Burton 51b728a52b CI: use the latest release of the Kas container
If we don't specify a tag name GitLab uses the 'latest' tag, which for
Kas is moved whenever an image build is made.

Instead explicitly use the latest-release tag, which is only updated
when a release is made.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2022-01-28 19:03:58 -05:00
Diego Sueiro 9653e905bd meta-arm: Make generic-arm64 kernel cfg based on linux-yocto standard kernel type
By having the generic-arm64 machine using the same kernel config as the
linux-yocto standard kernel type, application layers can rely on the same base
configuration, independently of the target machine.

Also, the kernel-yocto.bbclass searches for .scc files in the FILESEXTRAPATHS.
Hence, we don't need to list generic-arm64-standard.scc in the SRC_URI.

Issue-Id: SCM-3910
Signed-off-by: Diego Sueiro <diego.sueiro@arm.com>
Change-Id: I46889ce38b32521d8350534cc590b57b158ad573
Signed-off-by: Jon Mason <jon.mason@arm.com>
2022-01-28 19:03:31 -05:00
Vishnu Banavath ccf342afe1 arm-bsp/psa-arch-tests: change master to main for psa-arch-tests repo
master branch is renamed to main on psa-arch-tests github.

Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
2022-01-18 09:00:08 -05:00
Vishnu Banavath e15df2738e arm-bsp/uboot: fix null pointer exception for get_image_info
This change is to fix NULL pointer exception for get_image_info
API for corstone1000 platform

Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
2022-01-17 14:00:08 -05:00
Vishnu Banavath c30d90a77d arm-bsp/tf-m: fix capsule instability issue for corstone1000
This change is to upgrade TF-M to latest git hash which contains
fix for capsule instability issue for corstone1000 platform.

Latest TF-M would also require v3.1 mbedtls. Also updated git hash
for mbedtls repo.
2022-01-17 14:00:08 -05:00
Ross Burton 9542161475 CI: track honister branch for clang and zephyr
These layers now have honister branches, so track those instead of master.

Signed-off-by: Ross Burton <ross.burton@arm.com>
2022-01-17 13:36:30 +00:00
Vishnu Banavath eb48eea801 arm-bsp/uboot: send bootcomplete event to secure enclave
On corstone1000 platform, Secure Enclave will be expecting
an event from uboot when it performs capsule update. Previously,
an event is sent at exitbootservice level. This will create a problem
when user wants to interrupt at UEFI shell, hence, it is required
to send an uboot efi initialized event at efi sub-system initialization
stage.

Change-Id: I7d16e184675d537d790365e1b03a414ac802694a
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2022-01-06 08:58:41 -05:00
Vishnu Banavath 15815c7d49 arm-bsp/secure-partitions: add check for null attribute field
UEFI spec says that if 0 is passed in the attributes filed in
setVariable() API, it means that it's a delete variable call.
Currently smm gateway doesn't handle this case. This change
is to add above mentioned check.

Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Change-Id: Id3a54601d403102da5c5617d7b4da8ec51029200
Signed-off-by: Jon Mason <jon.mason@arm.com>
2022-01-04 14:43:27 -05:00
Gowtham Suresh Kumar 3d1183ab54 arm-bsp/u-boot: corstone1000: Disable mm_communicate failure log
When a getVariable() call is made with data size set to 0,
mm_communicate should return EFI_BUFFER_TOO_SMALL. This is
an expected behavior. There should not be any failure logs
in this case. So the error log is commented here.

Change-Id: Id5b36928b1450ef9f83d34a3ab7feb4839ff9734
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2022-01-04 14:43:13 -05:00
Vishnu Banavath 6124334645 arm-bsp/u-boot: fix EFI image load alignment
This patch is cherry-picked from upstream to fix misalignment
of efi load image

Change-Id: If64e635a80cd0b6ecb8f09c62aa2b248d0e36f4e
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
2021-12-23 19:03:16 +00:00
Vishnu Banavath 6e16e76bf3 arm-bsp/u-boot: add ethernet device and enable configs for SCT
These changes are to add
* ethernet device SMC911x device and this is required to support
  bootfromnetwork SCT
* also enabled other config options to fix SCT issues

Change-Id: Ic6112c019cb08f77e29508ad47980f851f79088c
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
2021-12-22 09:00:08 -05:00
Gowtham Suresh Kumar b7b634a788 arm-bsp/secure-partitions: Add error cases to setVariable() and getNextVariableName()
This patch fixes the SCT errors seen for setVariable() and
getNextVariableName() functions. The existing implementation of these
functions does not cover certain error conditions which are listed in
the uefi specification. This patch adds these changes.

Change-Id: Idcddc799588339de6729b73c0ceada5c2018dd4b
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
2021-12-21 14:00:09 -05:00
Gowtham Suresh Kumar 2c084144c7 arm-bsp/secure-partitions: corstone1000: Change UID of variable index in SMM
This patch fixes the os_indications setVariable() failure. The variable
index UID in SMM gateway which was 1 is changed in this patch. TFM has a
special usage for variable with UID 1, which makes it write once only.
This is not required for SMM variable index.

Change-Id: I50d60b87d3ef44ffd50e71ec4f20d31fdacf7acd
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
2021-12-21 14:00:09 -05:00
Vishnu Banavath 7afe7d50f1 arm-bsp/u-boot: populate ESRT table with image_info
These changes are to support populating corstone1000 image_info
to ESRT table

Change-Id: I6e5cdd8a3477fbf3c480bf7a725198841ed79796
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
2021-12-20 10:00:09 -05:00
Gowtham Suresh Kumar 5661a1d614 arm-bsp/security: Revert set append write TS patch
Change-Id: I6e8aea102ea24271097efe92f4eb820c68ff70d5
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
2021-12-20 10:00:09 -05:00
Gowtham Suresh Kumar 9ac90c6b25 arm-bsp/u-boot: corstone1000: Fix SCT failures
This patch removes the CONFIG_CMD_DHCP and CONFIG_CMD_PING
config parameters from the defconfig. It also reverts the workaround
patch which disabled NV get and set on u-boot.

Change-Id: I80f41235dbca2e76003c28164b42f4403dadc499
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
2021-12-20 10:00:09 -05:00
Gowtham Suresh Kumar 5f69e4a51b arm-bsp/secure-partitions: corstone1000: Configure storage in SMM gateway
This patch will add a macro to configure the volatile and
non volatile storage in SMM gateway. Few useful logs are
also added to the secure world.

Change-Id: Ifdb405a09a9a72718df8b335b9f42509dd8c850c
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
2021-12-20 10:00:09 -05:00
Ross Burton 8613971bf0 arm/edk2-firmware: correctly set the target prefix in Clang builds
We set GCC5_AARCH64_PREFIX so the tools are prefixed correctly in GCC
builds, but didn't set CLANG38_AARCH64_PREFIX. This meant the clang build
used the host objcopy, which may not know about the target architecture.

Also these can just be the prefix and not a full path, as the binaries
are on $PATH.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-12-16 14:39:57 +00:00
Huifeng Zhang 33f5505b58 arm/fvpboot: change the execution order of do_write_fvpboot_conf
add the do_write_fvpboot_conf function into IMAGE_POSTPROCESS_COMMAND
so that this function can be called after the build system created the
final image output files.

It's possible that bitbake doesn't run start from the do_rootfs task but
run start from do_image_<type> at the stage of image generation.

For example, there are multiple partitions in the wic file and the
grub.cfg file is placed to the first partition and the rootfs is placed
to the second partition. At this time, if we change the content of
the grub.cfg file resided in the related recipe's directory and build,
the do_rootfs task won't be run by bitbake but a new wic file will be
generated. In this situation, the fvpconf file also won't be updated and
the 'bp.virtioblockdevice.image_path' is still pointing to a old image
file.

Issue-Id: SCM-3724
Signed-off-by: Huifeng Zhang <Huifeng.Zhang@arm.com>
Change-Id: I7a41afa1d7471d09b60d118c4a6c99c57a6b548c
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-12-16 13:21:47 +00:00
Abdellatif El Khlifi 7410a7f621 kas: corstone1000: update the FVP script repo SHA
Setting the model script SHA to use the right FVP
options.

Change-Id: I7f92fb97466bf4f5f48b8d184a396bf87bdeb401
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-12-15 14:09:17 -05:00
Vishnu Banavath d34c55df6a arm-bsp/trusted-firmware-m: corstone1000: update TF-M SHA
This change is to update TF-M SHA which has fixes for capsule update.

Change-Id: I016381c2a95fcdd9629772671143a1e7332196e5
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-12-14 13:00:09 -05:00
Gowtham Suresh Kumar a5377f1569 arm-bsp/u-boot: corstone1000: Fix efi debug issue
This patch will fix the ffa mm communicate function behavior as
expected by efi_get_var() and also fix the com buffer size used by
u-boot.

Change-Id: I8ce28a2e51b8f52856d81ea6e3c1e2e72cfaa362
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-12-14 07:00:09 -05:00
Gowtham Suresh Kumar 5f7671d897 arm-bsp/u-boot: corstone1000: Remove GetVariable() fix
The efi_get_var() expects EFI_BUFFER_TOO_SMALL return value
from efi_get_variable_int() to just read the size of the data.
So when comm buffer is smaller than received buffer,
efi_get_variable_int is expected to return error code. This
functionality will be fixed in future patches.

Change-Id: I3e5119b1fdf18c965cc2ebc11056b6ca70d57e0f
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-12-14 07:00:09 -05:00
Vishnu Banavath bc8c92afab arm-bsp/secure-partitions: add capsule update interface to SE proxy SP
This change is to add capsule update interface to SE proxy SP.
This interface sends following events to secure enclave
* firmware update request - SE will read the capsule and will flash the
image to flash to previous active bank
* kernel boot event - SE will delete timer on reciption of this event and
marks all the images as accepted if in trial state

Change-Id: I7cf9b729128d1e07e891253661fcd891191e8024
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-12-14 07:00:09 -05:00
Gowtham Suresh Kumar fc6637b5e2 arm-bsp/secure-partitions: corstone1000: Increase SMM Gateway variable handling capacity
The maximum number of UEFI variables that can be supported by SMM
gateway is currently 40. When more than 40 variables are written,
or read SMM gateway returns error code. Currently this value is
increased to 100 to support more UEFI variables.

Change-Id: I3ebef8052fd01c5b1c19cdfe71ab3c02447a005b
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-12-14 07:00:09 -05:00
Emekcan Aras 075638cf00 arm-bsp/psa-arch-tests: corstone1000: configuring crypto and attestation test
This commit configures crypto and attestation tests for Corstone1000
platform.

It also fixes CMake issues on the current trusted-service CMake source
files to enable this configuration.

Change-Id: I334d661c1bc349e03f92611d6010360c08e6cc89
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-12-14 07:00:09 -05:00
Emekcan Aras c4ed1d1c21 arm-bsp/trusted-firmware-m: corstone1000: Aligning with TF-M master
Setting the last master branch SHA for openamp changes.

Change-Id: I20dfb1c12091f58576898c2a17e74aa71bab5651
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-12-14 07:00:09 -05:00
Satish Kumar 751ae8fe38 arm-bsp/secure-partitions: corstone1000: add psa ipc crypto backend
Add psa ipc crypto backend and attach it to se proxy
deployment.

Change-Id: I072cd3f0661be33773a2132c2222dc4c7b8c6cb4
Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-12-14 07:00:09 -05:00
Satish Kumar 6e075adc0b arm-bsp/secure-partitions: corstone1000: Setup its backend
Setup its backend as openamp rpc using secure storage ipc
implementation.

Change-Id: I0329c87d11de7a721b3eaf004935befa6e7389c8
Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-12-14 07:00:09 -05:00
Satish Kumar 9c83efa253 arm-bsp/secure-partitions: corstone1000: Add psa ipc attestation to se proxy
Implement attestation client API as psa ipc and include it to
se proxy deployment.

Change-Id: I0a1130d2013717c6499da5bb2cd6cd11a752bcce
Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-12-14 07:00:09 -05:00
Satish Kumar 50304a2be6 arm-bsp/secure-partitions: corstone1000: Use address instead of pointers
Since secure enclave is 32bit and we 64bit there is an issue
in the protocol communication design that force us to handle
on our side the manipulation of address and pointers to make
this work.

Change-Id: Icb29fdec6928dba6da7e845b3a13d8a3560c5fe1
Signed-off-by: Rui Miguel Silva <rui.silva@arm.com>
Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-12-14 07:00:09 -05:00
Satish Kumar 12a5fd5cd5 arm-bsp/secure-partitions: fixes required to run psa-arch-test
Fixes needed to run psa-arch-test

Change-Id: Iba090e151298a216f8f1bf81a72bba4587bec389
Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-12-14 07:00:09 -05:00
Abdellatif El Khlifi 42347ebaa2 kas: corstone1000: update for new Kas include semantics in kas folder
With Kas 2.6 included YAML files need to be relative to the repository,
not the including file:

https://kas.readthedocs.io/en/latest/format-changelog.html#version-11

Change-Id: I851c9137d1f70f754d1a70a1fc14828c39ff3de7
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-12-13 18:14:31 -05:00
Abdellatif El Khlifi 1e3cea589d kas: corstone1000: update meta-arm-image SHA
Aligning to the last meta-arm-image version to
add psa-arch-tests to the rootfs.

Change-Id: I40e945f814df4b6f7c30772d3dd6f91e6b6fcafc
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-12-13 18:14:31 -05:00
Emekcan Aras a56fdf4333 arm-bsp/psa-arch-tests: corstone1000: build the test applications
This commit adds support for building/installing the test
application.

Also fixing CMake issues on the current trusted-service CMake source files.

Change-Id: Iae0fc9bf9362cf5b7d65cd7b9f0445f62f3b83eb
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-12-13 18:14:31 -05:00
Abdellatif El Khlifi 0acbf59a8e arm/psa-arch-tests: introduce the recipe
This commit adds a recipe for psa-arch-tests linux
userspace application.

Included tests are; crypto, protected_storage,
internal_trusted_storage and attestation.

Change-Id: I6285aa2a6ae8fdd25f4327f1d301c59a88bce775
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-12-13 18:14:31 -05:00
Abdellatif El Khlifi a68fa362d2 arm/secure-partitions: remove the use of EXTRA_OEMAKE
EXTRA_OEMAKE is not needed since we are using CMake.

Change-Id: Ifc0dcc9313fe4e473cbba8eb3b716e11cf8e45ee
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-12-13 18:14:31 -05:00
Abdellatif El Khlifi d206e22c08 arm-bsp/u-boot: corstone1000: add the header file for invalidate_dcache_all function
The invalidate_dcache_all function has been implicitly declared.
This commit fixes that.

Change-Id: I83e985e219af8687c0679045f6a979c91923be69
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-12-13 18:14:03 -05:00
Abdellatif El Khlifi aaad1117ab arm-bsp/u-boot: corstone1000: arm_ffa: removing the cast when using binary OR on FIELD_PREP macros
When the GENMASK used is above 16-bits wide a u16 cast will cause
loss of data.

This commit fixes that.

Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Change-Id: I72e5e42971a50ce167500a92cc529c5cb3ff781f
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-12-13 18:14:03 -05:00
Vishnu Banavath 4bb0d10188 arm-bsp/u-boot: corstone1000: make capsule guid check platform agnostic
This change is to delete a separate check for guid for corstone1000
target. Generic check of fmp guid check should suffice.

Change-Id: Idec92c9307f903e52985057404daac2e40d05295
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-12-13 18:14:03 -05:00
Vishnu Banavath c6de028d35 arm-bsp/u-boot: corstone1000: passing interface ID and event ID in register w4
Changing where to pass the SE Proxy interface and event IDs.

Now they are passed to the SE Proxy in register w4.

The events involved are kernel started and buffer ready
events.

Change-Id: Ib60897e9f01cd87b9923892198f8868e02cc830d
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-12-13 18:14:03 -05:00
Abdellatif El Khlifi 42061ba8ce arm-bsp/secure-partitions: corstone1000: using the default SHA
No need to set again the same SHA as the one provided
by the recipe.

Change-Id: I034aca31c1cc30868552be67a04400db20ad59b2
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-12-13 18:13:34 -05:00
Abdellatif El Khlifi b94c50d291 arm/secure-partitions: introducing a common file
Moving common settings that can be used by other
components to a common file: secure-partitions.inc

Change-Id: I81691ee52bef3dfbd72c59afe20b01a5cf2222ea
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-12-13 18:13:34 -05:00
Gowtham Suresh Kumar 37d646c3b9 arm-bsp/u-boot: corstone1000: Fix GetVariable data size issue
This patch fixes the GetVariable() issue which causes
mm_communicate failure when called with 0 data size. The comm buffer
is set to maximum size when 0 data size request is made to handle the
MM response from the secure world. This is a generic fix but used by
corstone1000.

Change-Id: Id50619816a924b4fa7597295f89d54827191fbb5
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-12-13 18:13:34 -05:00
Vishnu Banavath 9b0ddd606e arm-bsp/optee-os: cherry pick fixes from upstream integration branch
These changes are to fix missing error check during sp init
and add support for defining memory regions

Change-Id: I381ff9805288590809471494bdff5e7f62232f7c
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-12-13 18:13:34 -05:00
Vishnu Banavath e1c04fd924 arm-bsp/secure-partitions: rebase TS patches
These changes is to rebase patches to latest
SHA(a365a04f937b9b76ebb2e0eeade226f208cbc0d2) of integration branch.
Also cherry-picked other bug fixes with the exemption of adding
newlib changes. newlib changes brakes the build because of musl
libc, hence dropped those changes for now

Change-Id: If0131d00e63eb0f574fa41dd95cfee4351e696e8
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-12-13 18:13:34 -05:00
Abdellatif El Khlifi e53bc984f5 arm-bsp/optee-os: corstone1000: unpack sp_manifest_combined_se.dts in WORKDIR
When using devtool the S is no longer an unpack location.
Let's use the default unpack location WORKDIR that works
whether devtool is used or not.

Change-Id: I34dfb53feddddfba82ff68a43b6cfe89a60c7701
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-12-13 18:13:34 -05:00
Abdellatif El Khlifi 6ee207b520 arm-bsp/trusted-firmware-m: corstone1000: bump the version to 1.5
Setting TF-M version to 1.5

Change-Id: Ib04778ed46d5404f498ff4efd60f338e351e7ee9
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-12-13 18:13:34 -05:00
Jon Mason e0d2976011 CI: use matrix for more defined way of doing things and cleanup
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-12-12 10:36:48 -05:00
Ross Burton 97f9592eff CI: remove utility tasks
These tasks made some limited sense when there was only one runner, but
in a setup where there are N runners they arere pretty useless as you
can't control which runner is executing the jobs.

Disk usage should be managed out-of-band, so delete the jobs.

Signed-off-by: Ross Burton <ross.burton@arm.com>
2021-12-12 09:39:37 -05:00
Vishnu Banavath 8649420ff5 arm-bsp/secure-partitions: Use secure storage ipc and openamp for se_proxy
Remove mock up backend for secure storage in se proxy
deployment and use instead the secure storage ipc backend with
openamp as rpc to secure enclave side.

Change-Id: I5225966ec621be9fa126b5af6ede0a1f6bbf469b
Signed-off-by: Rui Miguel Silva <rui.silva@arm.com>
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-12-11 19:23:14 -05:00
Vishnu Banavath 1359423f0f arm-bsp/secure-partitions: add secure storage ipc backend
Add secure storage ipc ff-m implementation which may use
openamp as rpc to communicate with other processor.

Change-Id: I6707f3b0654fb255cacef930d9314662b106273c
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-12-11 19:23:14 -05:00
Vishnu Banavath 117dd9583a arm-bsp/secure-partitions: add common service component to ipc support
Add support for inter processor communication for PSA
including, the openamp client side structures lib.

Change-Id: Icb86045b7915c4b04d2ec73b88ed40a3d65be4af
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-12-11 19:23:14 -05:00
Vishnu Banavath fac6216f09 arm-bsp/secure-partitions: Add psa client definitions for ff-m
Add PSA client definitions in common include to add future
ff-m support.

Change-Id: I0860fa347fd882d6e99da136a4273a0ef5d7d684
Signed-off-by: Rui Miguel Silva <rui.silva@arm.com>
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-12-11 19:23:14 -05:00
Vishnu Banavath 24ecb7cf18 arm-bsp/optee-os: add openamp-virtio
Adding openamp-virtio node to the SP manifest

Change-Id: I1123eab65f2f05d00433b7d940b74766457ac7cf
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-12-11 19:23:14 -05:00
Vishnu Banavath 9b4cd95b8c arm-bsp/secure-partitions: add openamp rpc caller
Add openamp rpc caller

Change-Id: Ifb69f3ea3cf84fa01566033f82ed1657490ba87d
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-12-11 19:23:14 -05:00
Satish Kumar 6a175f4b1c arm-bsp/trusted-firmware-m: corstone1000: Aligning with TF-M master
Setting the last master branch SHA.

Change-Id: I668868f991bc090cf0720ac940fe658aa253ed56
Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-12-11 19:23:14 -05:00
Abdellatif El Khlifi d83f7c7955 arm-bsp/u-boot: corstone1000: remove the use of fdt_addr_r
The device tree is embedded in the u-boot binary
and located at the end of the DDR. Its address
is specified in fdtcontroladdr environment variable.

No need to use fdt_addr_r anymore.

Change-Id: I58b17fbcab36c7236d57eb2498c41b5f4960b6eb
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-12-11 19:23:14 -05:00
Abdellatif El Khlifi 4a66446a51 arm-bsp/u-boot: corstone1000: setting the boot console output
Setting stdout-path in the chosen node.

Change-Id: Ie0a6b140492f0c5fc323690d2f6bc921cbe76cb3
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-12-11 19:23:14 -05:00
Vishnu Banavath 8a02bd6796 arm-bsp/optee-os: add MHU device regions in the SP manifest
Declaring the MHU device regions nodes.

Change-Id: Idc9faf570b8b97193f69ed32fa71a4a3ca359409
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-12-09 17:22:19 -05:00
Vishnu Banavath 360c498f1e arm-bsp/secure-partitions: Implement mhu driver
This commit adds mhu driver (v2.1 and v2) to the secure
partition se_proxy and a conversion layer to communicate with
the secure enclave using OpenAmp.

Change-Id: I3800ce108cabf7e3652f96e39b9fed2435c53ca9
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-12-09 17:22:19 -05:00
Vishnu Banavath 0112ab00a6 arm/secure-partitions: pass TS_PLATFORM in the configure task
This commit passes the platform name to CMake through the
configure task.

Change-Id: I7aaf10e3709507c65dd81c31e0301df57bbdf4fc
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-12-09 17:22:19 -05:00
Abdellatif El Khlifi e52c719925 arm-bsp/secure-partitions: corstone1000: add openamp support in SE proxy SP
This change is to fetch and build openamp and libmetal
as part of SE proxy secure partitions

Change-Id: I251525f830535ceb1e1fc9f994c22a8b149fe7b6
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-12-09 17:22:19 -05:00
Abdellatif El Khlifi 0231b19372 arm-bsp/secure-partitions: corstone1000: add mbed-crypto and nanopb to platform code
Moving dependencies to the BSP.

Change-Id: I32abd6c0568030550dda0442a2a4f624967b561c
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-12-09 17:22:19 -05:00
Abdellatif El Khlifi a7a2469888 arm/secure-partitions: remove platform specific dependencies
Keeping the recipe platform independent.

Additional components can be added at the platform level.

Change-Id: Ib1b0dd8d50486a037257dd99fea0d0ba2c80c7fb
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-12-09 17:22:19 -05:00
Vishnu Banavath 48a646b5eb arm/optee-spdevkit: add missing header file in optee-spdevkit
This change is to add following header file to optee-spdevkit
and these are required by openAMP:

* features.h
* error.h

Change-Id: I51b801911b5a0131bf938ac1d520c4818e416637
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-12-09 17:22:19 -05:00
Vishnu Banavath d93bd3a130 arm-bsp/optee-os: increase core heap size
This change is to increase optee core heap size to 131072 bytes
from its default value to accomodate openAMP and smm-gateway

Change-Id: I40912334f59a50bb3baf853bb5ff4b01c3b23966
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-12-09 17:22:19 -05:00
Hugo L'Hostis bba8a89e29 kas: Update include syntax to kas 2.6
Using a path relative to a kas yaml file to include another kas yaml
file won't be supported in the future. This patch also updates the
documentation for fvp-baser to set the minimal supported version of kas
to 2.6.

Signed-off-by: Hugo L'Hostis <hugo.lhostis@arm.com>
Change-Id: I757103c5433bca7af9ab024370cd1e994d59fe0e
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-12-09 12:08:07 -05:00
Satish Kumar 33a4153ca9 kas: corstone1000: update SE binary sizes
Update the size of bl2_signed.bin and tfm_s_signed.bin

Change-Id: I8312dd6d50faff53e1ca489cbf73c5f25671b21c
Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-12-06 09:32:30 -05:00
Satish Kumar 7aed3db89a arm-bsp/u-boot: identify which bank to load kernel from
Secure enclave, based on the firmware update state of the
system, decides the boot bank. In this commit, u-boot
identifies the selected boot bank and loads the kernel
from it.

Change-Id: Ifcef126dc79c7808b30ef0319d83482d2d29fd13
Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-12-06 09:32:30 -05:00
Satish Kumar 2a36efd547 arm-bsp/trusted-firmware-a: patch to identify which bank to load fip from
Secure enclave decide the boot bank based on the firmware update
state of the system and updated the boot bank information at a given
location in the flash. In this commit, bl2 reads the givev flash location
to indentify the bank from which it should load fip from.

Change-Id: I2f7518c82c1664355da2aa1596f4f65f7a49a53d
Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-12-06 09:32:30 -05:00
Satish Kumar 6a4d8241de arm-bsp/u-boot: patch to change kernel flash address
More space in the flash is reserved up front for metadata
parser and UEFI variables. That requires change in the flash
base address of where images are present.

Change-Id: I2d23d06099ffbf15458afaeb21c5dd4bcc4ffecb
Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-12-06 09:32:30 -05:00
Satish Kumar 6edb53ca86 arm-bsp/trusted-firmware-a: patch to change flash base address of FIP
More space in the flash is reserved up front for metadata
parser and UEFI variables. That requires change in the flash
base address of where images are present.

Change-Id: If6c048a6117023aae2e748c23ed52447857b0d04
Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-12-06 09:32:30 -05:00
Satish Kumar a5f84f1174 arm-bsp/trusted-firmware-m: corstone1000: firmware update changes
The patchset perform the following changes:

a. Disable secure debug by default.
b. OTA Firmware Update Agent implementation.
c. Implementation of boot index propagation mechanism.
d. Openamp version/commit hash correction.
e. Implementation of host watchdog interrupt handler.

Change-Id: Ie5e1028bb29ce337d51ad8ef47d2bd8175187402
Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-12-06 09:32:29 -05:00
Emekcan Aras 3866e8cf80 arm-bsp/u-boot: corstone1000: Implement autoboot storage device selection
This commit implements distro_bootcmd in config_bootcommand in u-boot.
This command traverses all the USB devices connected to the board and
finds a usb device that has bootable image to boot from it. If it cannot
find a usb device with the bootable image, it will boot the system using
the existing flash.

Change-Id: Ia05ca02d6f490a1b51fcf377afcc86ea0ed4e19c
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-12-06 09:32:29 -05:00
Emekcan Aras cc7196deed arm-bsp/trusted firmware-a: corstone1000: implement EFI reset system
This commit implements efi_reset_system for corstone1000 platform. In
order to reset the system, the host uses secure host watchdog to assert
an interrupt (WS1) on the secure-enclave side, then secure-enclave
resets the system.

Change-Id: I772181cd43e789f1d6508aaa433eb109d8f85b5d
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-12-06 09:32:29 -05:00
Emekcan Aras cf278f9ae8 arm-bsp/u-boot: corstone1000: Enable PSCI Reset
This commit enables PSCI Reset for corstone1000 platform. It configures
u-boot to use PSCI interfaces in efi_reset_system function.

Change-Id: I88ea55fde2b2c6e455a4b38e885e62a410b0b0e7
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-12-06 09:32:29 -05:00
Harry Moulton e0e7256b5a arm-bsp/u-boot: corstone1000: Fix ISP1760 EFI boot issue
This patch does three things:
 - Add the CONFIG_EFI_PARTITION option to the corstone1000_defconfig
    to allow u-boot to detect EFI filesystems.
 - Add isp1760_get_max_xfer_size(), this fixes an issue where
    GPT partition info could not be loaded.
 - Fix the issue while detecting EFI filesystem, and loading GPT
    partition info.

Change-Id: Ic04c8710f4ea7e156aca196d7e54f090b9376c49
Signed-off-by: Harry Moulton <harry.moulton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-12-06 09:32:29 -05:00
Gowtham Suresh Kumar 40826eee73 arm-bsp/u-boot: corstone1000: Enable SMM gateway
This patch updates shared buffer address, disables get/set of NV
variables, and invalidates the cache after write to shared buffer as the
SPs have cache disabled.

Change-Id: Iead01edf3011e192df205236df098415e5bde9a5
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-12-06 09:32:29 -05:00
Satish Kumar eccb9a82d7 arm-bsp/imgtool: upgrade imgtool to 1.8.0
Change-Id: I6f24f058284d5bae244ea88989e922d92ff25d0a
Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-12-06 09:32:29 -05:00
Ross Burton 1f79abb091 arm-toolchain: upgrade gcc-arm-none-eabi (GNU-RM) to 10.3-2021.10
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-12-06 09:32:29 -05:00
Maxim Uvarov d69ae1e000 optee: update optee-os.inc to support external TAs
Separate recipe for TA devkit is needed to solve
circular dependency to build TAs with the devkit
 and integrate it inside optee-os.

Signed-off-by: Maxim Uvarov <maxim.uvarov@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-12-03 10:28:05 -05:00
Gowtham Suresh Kumar c519482ce6 arm-bsp/optee-os: corstone1000: enabling smm-gateway partition
This commit enables smm-gateway in optee-os by making the following changes:

- Updating the existing SP manifest file with a combined manifest file
  that includes information about both se-proxy and SMM gateway SP.
- Including the SMM gateway SP makefile in optee include file
  to embed smm gateway sp binary into optee image.

Change-Id: Iebcf2c534a9e9ced411c943ff583b522ad9d69fa
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
2021-12-01 13:36:49 +00:00
Gowtham Suresh Kumar d0bbfca5a2 arm-bsp/secure-partitions: corstone1000: add smm-gateway partition
smm-gateway secure partition is a slim version of StMM for low memory
devices.

This commit adds support for smm-gateway for corstone1000 at the
secure partitions level by making the following changes:

- Configure TS_DEPLOYMENTS to include SMM Gateway SP, SMM gateway to use
  device region for shared buffer, and set the NV store macro.
- Updating secure partitions recipe to point to HEAD of integration
 branch to fetch stmm-gateway changes.

Change-Id: I56ff325cca250749448364e12ac06e3ea289fa29
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
2021-12-01 13:36:49 +00:00
Ross Burton 523f921eca CI: build optee-spdevkit for qemuarm64
To ensure that optee-spdevkit works in all configurations, but it in the
CI for qemuarm64 not just corstone1000.

Signed-off-by: Ross Burton <ross.burton@arm.com>
2021-12-01 10:30:54 +00:00
Ross Burton a035205056 arm/optee-spdevkit: fix non-corstone1000 builds
This recipe was setting a default SRCREV which doesn't contain the
Secure Partition devkit, as this is only in the psa-development branch
on the trustedfirmware.org mirror which is set by the corstone1000
bbappend.

Use this branch/revision by default, and set the PV correctly: this
branch is currently based on optee-os 3.10 not 3.14.

Signed-off-by: Ross Burton <ross.burton@arm.com>
2021-12-01 10:30:54 +00:00
Ross Burton 60a8389331 CI: build optee-test in qemuarm64-secureboot
This recipe doesn't get built through dependencies, so add it explicitly.

Signed-off-by: Ross Burton <ross.burton@arm.com>
2021-12-01 10:30:54 +00:00
Ross Burton 26501daba0 arm/optee-test: change DEPENDS to optee-os-tadevkit
Now that the TA devkit has been split out of optee-os, the build
dependencies of optee-test need to be updated too.

Signed-off-by: Ross Burton <ross.burton@arm.com>
2021-12-01 10:30:54 +00:00
Ross Burton 30a46c3347 arm/optee-test: use precise BSD license
Signed-off-by: Ross Burton <ross.burton@arm.com>
2021-12-01 10:30:54 +00:00
Abdellatif El Khlifi 9eb24631da arm-bsp/linux: setting the FFA_VERSION compatibility checks
This commit introduces a new kernel patch that aligns the FF-A
versions checks according to the FF-A specification v1.0.

Without this fix, the FF-A bus fails to initialize when the FF-A
framework is version 1.1 (comes with the latest TF-A).

The bus driver which is v1.0 rejects the framework v1.1 despite
the fact they are compatible according to the specification.

This kernel patch changes the logic of the version checking based on
the specification.

Change-Id: If9d7b6c0d5e24e73d4f42c6532cd56ff2d05fcec
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
2021-12-01 10:30:54 +00:00
Abdellatif El Khlifi a38e919e49 arm-bsp/u-boot: corstone1000: adjust the environment and heap sizes
env size set to 64 KB
heap size 64 KB + 32 MB

Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Change-Id: I913862e855afa8864e91e0a7c0707279b7cbd987
2021-12-01 10:30:54 +00:00
Abdellatif El Khlifi 69dae93d84 arm-bsp/u-boot: corstone1000: introducing EFI capsule update
This commit implements capsule update for Corstone-1000.

Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Change-Id: I3031018eebb9aaae56c0823d24ee5c148857f2fa
2021-12-01 10:30:54 +00:00
Abdellatif El Khlifi d36a974ad3 arm-bsp/u-boot: corstone1000: introducing Arm FF-A and MM support
This commit provides these new generic u-boot features:

- The FF-A low-level driver implementing Arm Firmware Framework for Armv8-A (FF-A)
- MM communication using FF-A (compatible with StandaloneMM and smm-gateway)
- A new armffa command and a test module to test the FF-A helper functions to
  communicate with secure world.

It also enables FF-A and MM communication for the Corstone-1000 platform.

Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Change-Id: Ic71dcae2411aefae00557284c08be662bfe80b98
2021-12-01 10:30:54 +00:00
Vishnu Banavath 7d9d7603d7 arm-bsp/optee-os: add a rule in optee-os Makefile for secure partitions
These changes are to add a rule in optee-os Makefile to include
secure partitions as part of optee-os image

Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Change-Id: I2f6f93ffca9a2332cbe9ffe4e9903b8ec524df51
2021-12-01 10:30:54 +00:00
Abdellatif El Khlifi 6876e6e09c meta-arm-bsp/security: corstone1000: add trusted services support
These changes are to add support to build TrustedServices.
corstone1000 platfrom uses optee-sp option which will include
secure partitions into optee Image

Following changes are made to trusted-services code
* TS_PLATFORM should be set at the external build system level.
* fix EARLY_TA_PATHS environment variable
* se-proxy string and make it as child node

Change-Id: I58d76b5e25e7f285794c93dc92c1b93fdd77cfb9
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-11-29 11:30:24 -05:00
Abdellatif El Khlifi dcaa4c1ff2 arm/secure-partitions: introducing the recipe
Adding secure-partitions recipe.

Change-Id: I4320fb7087157a7c0f9305ce1d8f8574d4500fd0
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-11-29 11:30:24 -05:00
Abdellatif El Khlifi 79e699da13 arm/optee-spdevkit: introducing the recipe
Adding optee-spdevkit recipe.

Change-Id: Ib31d7f0a9fa2f72b71c2057f2752b1c52be6f890
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-11-29 11:30:24 -05:00
Arpita S.K cc63d474fd arm-bsp/u-boot: introducing corstone1000 MPS3 machine
Add support for corstone1000-mps3 machine which have a cortex-a35
aarch64, this will boot till u-boot prompt.

Change-Id: Ifdd81d35a5409cdd1563388a841885c14b748cad
Signed-off-by: Arpita S.K <Arpita.S.K@arm.com>
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-11-29 11:30:24 -05:00
Arpita S.K cb37d9391b arm-bsp/machine: introducing corstone1000 MPS3 machine
This commit adds the corstone1000-mps3 machine.

Change-Id: I99f657574a693527d7763cb4cc9b0b05218bb316
Signed-off-by: Arpita S.K <Arpita.S.K@arm.com>
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-11-29 11:30:24 -05:00
Arpita S.K 55ae0eb1a6 arm/trusted-firmware-a,fiptool-native: Fix fiptool execution wrt corstone1000
After http://git.yoctoproject.org/cgit/cgit.cgi/meta-arm/commit/?id=648571b113b39420735859461fcd69cfc6f66c76,
building the corstone1000-image fails with the below error.
    fiptool_platform.h:19:11: fatal error: openssl/sha.h: No such file or directory
    # include <openssl/sha.h>

Put back the inclusion of BUILD_LDFLAGS to fix this.

Change-Id: I57396eefe2c9a58e4c5c6a751b2ee7d32509cac5
Signed-off-by: Arpita S.K <Arpita.S.K@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-11-23 20:00:24 +05:30
Arpita S.K 3dbaa6528b corstone1000: Introducing ci and kas files
Adding ci and yaml files to support
corstone1000-fvp.

Change-Id: I74ebc3570d4b0c8abae58be5ef69064fc33e5bea
Signed-off-by: Arpita S.K <Arpita.S.K@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-11-23 19:59:22 +05:30
Abdellatif El Khlifi 601733b08c arm/ffa-debugfs: corstone1000: enabling FF-A Debugfs Linux driver
- This commit provides a recipe for the FF-A Debugfs Linux
   driver v2.1.0.

  The driver is an out-of-tree loadable modules. It exposes
  FF-A operations to user space and only used for development
  purposes.

- Create a dev package for ffa-debugfs-mod

  ffa-debugfs-mod recipe provides arm_ffa_user.h header for
  other recipes that need it at build time.
  The header is put in ffa-debugfs-mod-dev package.

Change-Id: I92f33e20b5fdfc9a32cff03ae2a137150d0328db
Signed-off-by: Arpita S.K <Arpita.S.K@arm.com>
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-11-22 16:25:58 +05:30
Abdellatif El Khlifi c64bdb3f09 arm-bsp/linux: corstone1000: integrating ARM_FFA_TRANSPORT in v5.10 kernel
This commit adds the Arm Firmware Framework for Armv8-A to the v5.10 kernel.

The integrated patches are cherry-picked from kernel v5.14-rc2 and
compatible with SMCCCv1.2

Change-Id: If8964b94ed83caa5e0fc5d2a8a9b6a21f8b378ec
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-11-22 16:25:58 +05:30
Abdellatif El Khlifi 7512fc87fd arm-bsp/trusted-firmware-m: corstone1000: signing trusted-firmware-a binaries
This commit allows to sign trusted-firmware-a BL2 and FIP using MCUBOOT
tools.

Change-Id: Ide3045982f5f8515c1ccd59b6b0d29816fbfdd68
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-11-22 16:25:58 +05:30
Abdellatif El Khlifi 16e585c6d8 arm-bsp/python3-imgtool: add the recipe
Until this is integrated into meta-python, hold a copy of
python3-imgtool in meta-arm-bsp used by trusted-firmware-m.

Change-Id: I2e86be503bee03de549f5714dc52921165afa2bf
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Arpita S.K <Arpita.S.K@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-11-22 16:25:58 +05:30
Rui Miguel Silva cdd0a9da56 arm-bsp/linux: corstone1000: enable efi
In an effort to setup capsule update and efi runtime service
handlers, enable the correspondent efi config options.

Signed-off-by: Rui Miguel Silva <rui.silva@arm.com>
Change-Id: Ib068448564268dcacb9bcad3667a3b293f177a83
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-11-22 16:25:58 +05:30
Vishnu Banavath 54446b5d80 arm-bsp/u-boot: corstone1000: extend efi support
enable efi boot including secure config options, add a
load command which integrate with efi subsystem.

And as at it, enable the efi capsule options for future
use.

Change-Id: Iced8ab2b9bca41805f6201150760692b4b716d7d
Signed-off-by: Arpita S.K <Arpita.S.K@arm.com>
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Rui Miguel Silva <rui.silva@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-11-22 16:25:58 +05:30
Vishnu Banavath d8cda67a95 arm-bsp/optee: introducing corstone1000 FVP machine
These changes are to add corstone1000-fvp machine
to optee-os.

Change-Id: I9ddfaca476234c0307a89d5444ae2d0e688a9b59
Signed-off-by: Arpita S.K <Arpita.S.K@arm.com>
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-11-22 16:25:58 +05:30
Abdellatif El Khlifi 4cb5f2ca10 arm-bsp/trusted-firmware-a: introducing corstone1000 FVP machine
This commit enables TF-A v2.5 with Trusted Board Boot support for the
Corstone1000 64-bit platform.

Disables Non-Volatile counters in the TBB.

Change-Id: Idb9e18df7066cb617df72b2e147147ce49db292c
Signed-off-by: Arpita S.K <Arpita.S.K@arm.com>
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-11-22 16:25:58 +05:30
Rui Miguel Silva 939b0856fc arm-bsp/u-boot: introducing corstone1000 FVP machine
Add support for corstone1000-fvp machine which have a cortex-a35
aarch64, this will boot till u-boot prompt.

Remove kernel devicetree configuration and add the devicetree here and
enable it in the diphda defconfig.

Adds the build options required to support an RTC emulator which in
turn is required to support the UEFI functions GetTime()
and SetTime().

Change-Id: I0d66ece1193494bd2f59a9800d802dff1c4a0db6
Signed-off-by: Arpita S.K <Arpita.S.K@arm.com>
Signed-off-by: Rui Miguel Silva <rui.silva@arm.com>
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-11-22 16:25:58 +05:30
Vishnu Banavath 20b0d476e5 arm-bsp/trusted-firmware-m: introducing corstone1000 FVP machine
Enables trusted-firmware-m on the corstone1000-fvp machine.

Change-Id: Id38d565e1f2b2d0a80cbd58740e64f56ddbc4cee
Signed-off-by: Drew Reed <drew.reed@arm.com>
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Arpita S.K <Arpita.S.K@arm.com>
Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-11-22 16:25:58 +05:30
Abdellatif El Khlifi 430a482430 arm-bsp/linux: introducing corstone1000 FVP machine
This commit enables Linux kernel v5.10 for corstone1000-fvp
machine.

Change-Id: I882902bba273355428af06c29796358e17f9b379
Signed-off-by: Arpita S.K <Arpita.S.K@arm.com>
Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Rui Miguel Silva <rui.silva@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-11-22 16:25:58 +05:30
Diego Sueiro 35fd34a134 arm/trusted-firmware-a,fiptool-native: Fix fiptool execution
After http://git.yoctoproject.org/cgit/cgit.cgi/meta-arm/commit/?id=648571b113b39420735859461fcd69cfc6f66c76
the fiptool create command fails with:
    tools/fiptool/fiptool: error while loading shared libraries: libcrypto.so.3: cannot open shared object file: No such file or directory

Put back the inclusion of BUILD_LDFLAGS to fix this.

Issue-Id: SCM-3548
Signed-off-by: Diego Sueiro <diego.sueiro@arm.com>
Change-Id: I8bfddd0528d5c4dbf5dfd87c9ae17db4e0071b1c
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-11-22 16:25:58 +05:30
Ross Burton bfe6da8c9b arm/trusted-firmware-a: improve OpenSSL build fix
Take a patch that is heading upstream to pass OPENSSL_DIR to the fiptool
build, removing the need to alter the Makefiles at build time.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-11-22 16:25:58 +05:30
Ross Burton 70bb3a0a3d arm/fiptool-native: improve OpenSSL build fix
Take a patch that is heading upstream to pass OPENSSL_DIR to the fiptool
build, removing the need to alter the Makefiles at build time.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-11-22 16:25:58 +05:30
Abdellatif El Khlifi 4556fe3d77 arm/fiptool-native: bumping the version to v2.5
The commit provides the v2.5 recipe for fiptool-native
and removes the older versions.

Change-Id: Ie87ca97bc63bfe7ba2337b1bf05d9658921bab83
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-11-22 16:25:58 +05:30
Abdellatif El Khlifi a166e092bf arm-bsp/trusted-firmware-a: remove TARGET_FPU build argument
TARGET_FPU passed to TF-A Makefile but is not used in TF-A source code.

Change-Id: I7c275711ed1e9fb9ee4e4df2b9c1606cacc4138c
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-11-22 16:25:57 +05:30
Satish Kumar 0e6eb300f8 arm/trusted-firmware-m: upgrade to 1.4.0
Update TF-M to version 1.4.0, mbed TLS to 3.0.0, TF-M tests to 1.4.0,
and MCUBoot to TF-Mv1.4-integ tag.

Change-Id: I9172ed9fbf6c6c2ed88303256ef2452dafc665be
Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-11-22 16:25:35 +05:30
Ross Burton b46330d783 CI: disable use of Yocto sstate server
The public sstate server isn't up to the load just yet and often-enough
will take a very long time to respond, causing build failures.

Signed-off-by: Ross Burton <ross.burton@arm.com>
2021-11-16 12:49:14 +00:00
luca fancellu 27e102a430 arm-autonomy/xen-devicetree: change Xen dts and n1sdp dtsi
The current Xen dts produced by the layer is using an old
way to specify the dom0 kernel module that won't be supported
anymore in Xen 4.16 when booting through UEFI.

Change xen.dtsi.in to have the Dom0 kernel module as a
direct child of /chosen node.

For the n1sdp, Grub2 is responsible to create the Dom0
kernel node and properly setup the #address-cells and
the #size-cells properties, so modify the dynamic layer
dtsi for n1sdp to remove these node and properties from
the yocto generated dtb for Xen.

Issue-Id: SCM-3647
Signed-off-by: Luca Fancellu <luca.fancellu@arm.com>
Change-Id: I35236bbb3fe97e4237bc5c45fb521efdaa472ef1
Signed-off-by: Ross Burton <ross.burton@arm.com>
2021-11-11 15:48:56 +00:00
Ross Burton 57e683eb80 arm/hafnium: fix kernel tool linking
We need to be sure that the host linker flags are passed to the kernel
build, as otherwise it is possible that binaries are incorrectly linked.
For example:

HOSTCC scripts/extract-cert
ld: .../recipe-sysroot-native/usr/lib/pkgconfig/../../../usr/lib/libcrypto.so: undefined reference to `pthread_once@GLIBC_2.34'

Signed-off-by: Ross Burton <ross.burton@arm.com>
2021-11-10 15:52:11 +00:00
Ross Burton 3236ebeb89 arm/trusted-firmware-a: ensure native cert_create has -rpath
Patch in BUILD_LDFLAGS into the cert_create Makefile so that the -rpath
arguments are passed to the native build, meaning it can find libssl
correctly.  This somewhat worked previously as the host libssl and
sysroot libssl matched, but now that OE has OpenSSL 3 that often isn't
the case.

Signed-off-by: Ross Burton <ross.burton@arm.com>
2021-11-09 20:26:08 +00:00
Peter Hoyes 8bccb38744 runfvp: Ensure new process group is in the foreground
When a new process group is created, it is launched in the background
and any attempt to access the session terminal triggers a SIGTTIN (for
stdin) or SIGTTOU (for stdout) signal. These are ignored in an
interactive shell, but the default signal behavior in a new job is to
send a SIGTSTP to the whole process group. This causes runfvp to hang
when executed via a subprocess when stdin is accessed.

After creating a new process group, use tcsetpgrp to make the new group
the foreground process for the terminal associated with stdin/stdout,
but only if stdin is a tty.

The documentation for tcsetgrp states that tcsetpgrp itself raises a
SIGTTOU signal, so set this signal to SIG_IGN.

Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: I349a825df7fcb8a3cedb81762b901c6f50fa53b5
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-11-01 21:01:40 -04:00
Abdellatif El Khlifi 2e2dbc2587 arm/trusted-firmware-m: setting the toolchain file path in PACKAGECONFIG
Toolchain files toolchain_GNUARM.cmake and toolchain_ARMCLANG.cmake are
located at trusted-firmware-m source directory.

This commit sets that.

Change-Id: If9c26f65b0c8111a6ff1f1a7d56610563efd501b
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-10-20 14:07:18 -04:00
Abdellatif El Khlifi ab574b084e arm/trusted-firmware-m: enabling PACKAGECONFIG when using CMake
In case of CMake, PACKAGECONFIG configs take effect when passing
PACKAGECONFIG_CONFARGS to the configure task.

Change-Id: I126ba089c9a5db8e895b8a9545e96ef9fa98ce0d
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-10-20 14:07:18 -04:00
Ross Burton b4f52f2642 arm/lib/oeqa: fix module lookup
As multiple paths can and do provide modules under oeqa.controllers, all
of these paths need to call pkgutil.extend_path() so the lookup works
correctly.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-10-20 14:07:18 -04:00
Ross Burton 2d22a1f7ae CI: enable testimage for fvp-base
Inherit fvpboot so that the FVP binary is fetched and configuration
generated.

Configure the FVP to forward host port 8022 to port 22 locally, and
tell testimage to SSH to localhost:8022. This has the limitation that
only one testimage can run per machine, but this will be removed shortly.

Disable the parselogs test case, as there are some harmless warnings in
the dmesg which cause it to fail.  Currently meta-arm can't extend the
whitelist of ignorable warnings.

The FVP binaries are x86-64 only, so tag the job appropriately.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-10-20 14:07:11 -04:00
Ross Burton ba86aeb31f CI: install telnet into the images
runfvp currently needs telnet to communicate with the guest, so install
telnet into the image.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-10-20 14:07:11 -04:00
Ross Burton 48524c32d5 arm-bsp/fvp-common: set TEST_TARGET to OEFVPTarget
Set TEST_TARGET so that all FVP machines use the new FVP target out of
the box, instead of attempting to use qemu.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-10-20 14:07:11 -04:00
Ross Burton 4b1a0c7484 arm-bsp/fvp: enable virtio drivers
All FVPs can use virtio networking devices, so enable virtio in all of
the FVP kernels.

Remove our fvp/fvp-virtio.cfg as there's cfg/virtio.scc we can use.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-10-20 14:07:11 -04:00
Ross Burton 2824f6a58b arm/oeqa: add FVP testimage controller target
Add a new oeqa.core.target.OETarget subclass for testimage which starts
a FVP using runfvp. This uses --console to connect to the console so
telnet is needed on the host.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-10-20 14:07:11 -04:00
Ross Burton 0a64644bc9 runfvp: reset the process group on startup
So that it is easy to kill runfvp and everything it starts (such as
telnet or the FVP itself), reset the process group on startup.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-10-20 14:07:11 -04:00
Ross Burton 491cac17fe gem5/gem5-native: add missing m4-native DEPENDS
Latest oe-core has less implicit DEPENDS, so gem5 fails to configure:

Error: Can't find version of M4 macro processor.  Please install M4 and try again.

Explicitly add m4-native to DEPENDS.

Change-Id: I2e107ea6448eec399619e0d1922fd29930a95fd8
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-10-20 14:07:11 -04:00
Ross Burton 328d95e27d CI: use http: to access sstate mirror
The sstate mirrors are not available over HTTPS currently due to a
certificate problem, so use plain HTTP instead.

Change-Id: I5b974d67bc13f7c7234927c6bc62a8c733e454c3
Signed-off-by: Ross Burton <ross.burton@arm.com>
2021-10-19 16:39:48 +01:00
Hugo L'Hostis 99b9ee4470 kas/fvp-baser-aemv8r64: use honister as default branch
Issue-Id: SCM-3532
Signed-off-by: Hugo L'Hostis <hugo.lhostis@arm.com>
Change-Id: I05b529da0f5bbdcee038476d07c42f1b6ac0526f
Signed-off-by: Jon Mason <jon.mason@arm.com>
2021-10-15 10:16:14 -04:00
1214 changed files with 95868 additions and 34285 deletions
-2
View File
@@ -1,2 +0,0 @@
[b4]
send-series-to = meta-arm@lists.yoctoproject.org
-1
View File
@@ -1,2 +1 @@
__pycache__
build
+109 -242
View File
@@ -1,26 +1,4 @@
image: ${MIRROR_GHCR}/siemens/kas/kas:4.7
variables:
# These are needed as the k8s executor doesn't respect the container
# entrypoint by default
FF_KUBERNETES_HONOR_ENTRYPOINT: 1
FF_USE_LEGACY_KUBERNETES_EXECUTION_STRATEGY: 0
# The default value for KUBERNETES_CPU_REQUEST
CPU_REQUEST: ""
# The default machine tag for the build jobs
DEFAULT_TAG: ""
# The machine tag for the ACS test jobs
ACS_TAG: "$DEFAULT_TAG"
# The directory to use as the persistent cache (the root for DL_DIR, SSTATE_DIR, etc)
CACHE_DIR: $CI_BUILDS_DIR/persist
# The container mirror to use
MIRROR_GHCR: ghcr.io
# Whether to run the SystemReady ACS tests
ACS_TEST: 0
# The list of extra Kas fragments to be used when building
EXTRA_KAS_FILES: ""
# The NVD API key to use when fetching CVEs
NVDCVE_API_KEY: ""
image: ghcr.io/siemens/kas/kas:latest-release
stages:
- prep
@@ -28,222 +6,148 @@ stages:
# Common job fragment to get a worker ready
.setup:
tags:
- $DEFAULT_TAG
stage: build
interruptible: true
variables:
KUBERNETES_CPU_REQUEST: $CPU_REQUEST
KAS_WORK_DIR: $CI_PROJECT_DIR/work
KAS_BUILD_DIR: $KAS_WORK_DIR/build
# Set this in the environment to enable local repository caches
KAS_REPO_REF_DIR: ""
SSTATE_DIR: $CACHE_DIR/sstate
DL_DIR: $CACHE_DIR/downloads
KAS_REPO_REF_DIR: $CI_BUILDS_DIR/persist/repos
SSTATE_DIR: $CI_BUILDS_DIR/persist/sstate
DL_DIR: $CI_BUILDS_DIR/persist/downloads
BB_LOGCONFIG: $CI_PROJECT_DIR/ci/logging.yml
TOOLCHAIN_DIR: $CACHE_DIR/toolchains
IMAGE_DIR: $KAS_BUILD_DIR/tmp/deploy/images
TOOLCHAIN_LINK_DIR: $KAS_BUILD_DIR/toolchains
TOOLCHAIN_DIR: $CI_BUILDS_DIR/persist/toolchains
IMAGE_DIR: $CI_PROJECT_DIR/work/build/tmp/deploy/images
TOOLCHAIN_LINK_DIR: $CI_PROJECT_DIR/work/build/toolchains
before_script:
- echo KAS_WORK_DIR = $KAS_WORK_DIR
- echo SSTATE_DIR = $SSTATE_DIR
- echo DL_DIR = $DL_DIR
- rm -rf $KAS_WORK_DIR
- mkdir --verbose --parents $KAS_WORK_DIR $KAS_REPO_REF_DIR $SSTATE_DIR $DL_DIR $TOOLCHAIN_DIR $TOOLCHAIN_LINK_DIR
# Must do this here, as it's the only way to make sure the toolchain is installed on the same builder
- ./ci/get-binary-toolchains $DL_DIR $TOOLCHAIN_DIR $TOOLCHAIN_LINK_DIR
- sudo apt update && sudo apt install telnet -y
# Generalised fragment to do a Kas build
.build:
extends: .setup
rules:
# Don't run MR pipelines
- if: $CI_PIPELINE_SOURCE == "merge_request_event"
when: never
# Don't run pipelines for tags
- if: $CI_COMMIT_TAG
when: never
# Don't run if BUILD_ENABLE_REGEX is set, but the job doesn't match the regex
- if: '$BUILD_ENABLE_REGEX != null && $CI_JOB_NAME !~ $BUILD_ENABLE_REGEX'
when: never
# Allow the dev kernels to fail and not fail the overall build
- if: '$KERNEL == "linux-yocto-dev"'
allow_failure: true
# Catch all for everything else
- if: '$KERNEL != "linux-yocto-dev"'
script:
- KASFILES=$(./ci/jobs-to-kas "$CI_JOB_NAME" $EXTRA_KAS_FILES):lockfile.yml
- echo KASFILES=$KASFILES
- kas dump --update --force-checkout --resolve-refs --resolve-env $KASFILES
- KASFILES=$(./ci/jobs-to-kas "$CI_JOB_NAME")
- kas shell --update --force-checkout $KASFILES -c 'cat conf/*.conf'
- kas build $KASFILES
- ./ci/check-warnings $KAS_BUILD_DIR/warnings.log
- kas shell ci/base.yml:lockfile.yml --command "$CI_PROJECT_DIR/ci/junit.sh $KAS_WORK_DIR/build"
- ./ci/check-warnings $KAS_WORK_DIR/build/warnings.log
# Workaround for Zephyr not currectly handling TESTIMAGE_AUTO
.build_and_test:
extends: .setup
script:
- KASFILES=$(./ci/jobs-to-kas "$CI_JOB_NAME")
- kas shell --update --force-checkout $KASFILES -c 'cat conf/*.conf'
- kas build $KASFILES
- kas build $KASFILES -c testimage
- ./ci/check-warnings $KAS_WORK_DIR/build/warnings.log
artifacts:
name: "logs"
when: on_failure
expire_in: 1 week
paths:
- $KAS_BUILD_DIR/tmp*/work*/**/temp/log.do_*.*
- $KAS_BUILD_DIR/tmp*/work*/**/testimage/*
reports:
junit: $KAS_BUILD_DIR/tmp/log/oeqa/junit.xml
#
# Prep stage, update repositories once.
# Set the CI variable CI_CLEAN_REPOS=1 to refetch the respositories from scratch
# Prep stage, update repositories once
#
update-repos:
extends: .setup
stage: prep
allow_failure:
exit_codes: 128
script:
- |
exit_code=0
- flock --verbose --timeout 60 $KAS_REPO_REF_DIR ./ci/update-repos
# Dump the environment for reference
printenv
# Update the reference repositories if needed
if [ -n "$KAS_REPO_REF_DIR" ]; then
flock --verbose --timeout 60 $KAS_REPO_REF_DIR --command ./ci/update-repos || exit_code=$?
# Exit now if that failed, unless the status was 128 (fetch failed)
test $exit_code != 0 -a $exit_code != 128 && exit 1
fi
# Only generate if doesn't already exist, to allow feature branches to drop one in.
if test -f lockfile.yml; then
echo Using existing lockfile.yml
else
# Be sure that this is the complete list of layers being fetched
kas dump --lock --update ci/qemuarm64.yml:ci/meta-openembedded.yml:ci/clang.yml:ci/meta-virtualization.yml | tee lockfile.yml
fi
exit $exit_code
artifacts:
name: "lockfile"
when: always
paths:
- lockfile.yml
# What percentage of machines in the layer do we build
machine-coverage:
stage: build
interruptible: true
script:
- ./ci/check-machine-coverage
coverage: '/Coverage: \d+/'
#
# Build stage, the actual build jobs
#
# Available options for building are (VIRT _must_ be last for ssh override)
# DISTRO: [poky, poky-altcfg, poky-tiny]
# KERNEL: [linux-yocto, linux-yocto-dev]
# TOOLCHAINS: [gcc, clang]
# Available options for building are
# TOOLCHAINS: [gcc, clang, armgcc, external-gccarm]
# TCLIBC: [glibc, musl]
# FIRMWARE: [u-boot, edk2]
# TS: [none, trusted-services]
# TESTING: testimage
# SECUREDEBUG: [none, secure-debug]
# VIRT: [none, xen]
arm-systemready-ir-acs:
extends: .build
timeout: 12h
parallel:
matrix:
# arm-systemready-ir-acs must be specified after fvp-base for ordering
# purposes for the jobs-to-kas output. It is not enough to just have it
# in the job name because fvp-base.yml overwrites the target.
- PLATFORM: [fvp-base, corstone1000-fvp]
ARM_SYSTEMREADY_IR_ACS: arm-systemready-ir-acs
tags:
- ${ACS_TAG}
# TESTING: testimage
# Validate layers are Yocto Project Compatible
check-layers:
extends: .setup
coverage: '/Coverage: \d+/'
script:
- kas shell --update --force-checkout ci/base.yml:ci/meta-openembedded.yml:lockfile.yml --command \
"yocto-check-layer-wrapper $CI_PROJECT_DIR/$LAYER --dependency $CI_PROJECT_DIR/meta-* $KAS_WORK_DIR/meta-openembedded/meta-oe --no-auto-dependency"
parallel:
matrix:
- LAYER: [meta-arm, meta-arm-bsp, meta-arm-toolchain]
- kas shell --update --force-checkout ci/base.yml:ci/meta-arm-autonomy.yml:ci/meta-openembedded.yml --command \
"$CI_PROJECT_DIR/ci/check-layers.py $CI_PROJECT_DIR/ci/check-layers.yml $CI_PROJECT_DIR $KAS_WORK_DIR"
pending-updates:
extends: .setup
artifacts:
paths:
- update-report.html
script:
- kas shell ci/qemuarm64.yml:ci/meta-openembedded.yml -c "$CI_PROJECT_DIR/scripts/machine-summary.py -t updates.html -o $CI_PROJECT_DIR/update-report.html $($CI_PROJECT_DIR/ci/listmachines.py meta-arm meta-arm-bsp)"
corstone500:
extends: .build
corstone700-fvp:
extends: .build
corstone700-mps3:
extends: .build
corstone1000-fvp:
extends: .build
parallel:
matrix:
- FIRMWARE: corstone1000-firmware-only
TESTING: [testimage, tftf]
- FIRMWARE: none
TESTING: testimage
- SYSTEMREADY_FIRMWARE: arm-systemready-firmware
corstone1000-mps3:
extends: .build
parallel:
matrix:
- FIRMWARE: corstone1000-firmware-only
TESTING: [none, tftf]
- FIRMWARE: none
SECUREDEBUG: [none, secure-debug]
documentation:
extends: .setup
script:
- |
# This can be removed when the kas container has python3-venv installed
sudo apt-get update && sudo apt-get install --yes python3-venv
python3 -m venv venv
. ./venv/bin/activate
pip3 install -r meta-arm-bsp/documentation/requirements.txt
for CONF in meta-*/documentation/*/conf.py ; do
echo Building $CONF...
SOURCE_DIR=$(dirname $CONF)
MACHINE=$(basename $SOURCE_DIR)
sphinx-build -vW $SOURCE_DIR build-docs/$MACHINE
done
test -d build-docs/
artifacts:
paths:
- build-docs/
fvp-base:
extends: .build
parallel:
matrix:
- TS: [none, fvp-base-ts]
TESTING: testimage
- FIRMWARE: [u-boot, edk2]
TESTING: testimage
- SYSTEMREADY_FIRMWARE: arm-systemready-firmware
- TESTING: testimage
tags:
- x86_64
fvp-base-arm32:
extends: .build
parallel:
matrix:
- TOOLCHAINS: [gcc, external-gccarm]
fvp-baser-aemv8r64:
extends: .build
fvps:
extends: .build
genericarm64:
gem5-arm64:
extends: .build
parallel:
matrix:
- TOOLCHAINS: [gcc, clang]
TESTING: testimage
- KERNEL: linux-yocto-dev
TESTING: testimage
- VIRT: [none, xen]
gem5-atp-arm64:
extends: .build
generic-arm64:
extends: .build
juno:
extends: .build
parallel:
matrix:
- TOOLCHAINS: [gcc, clang]
FIRMWARE: [u-boot, edk2]
# What percentage of machines in the layer do we build
machine-coverage:
extends: .setup
script:
- ./ci/check-machine-coverage
coverage: '/Coverage: \d+/'
metrics:
extends: .setup
artifacts:
reports:
metrics: metrics.txt
script:
- kas shell --update --force-checkout ci/base.yml --command \
"$CI_PROJECT_DIR/ci/patchreview $CI_PROJECT_DIR/meta-* --verbose --metrics $CI_PROJECT_DIR/metrics.txt"
microbit-v1:
extends: .build_and_test
parallel:
matrix:
- TESTING: testimage-zephyr
musca-b1:
extends: .build
@@ -251,21 +155,23 @@ musca-b1:
musca-s1:
extends: .build
pending-updates:
extends: .setup
# Only run this job for the default branch (master), or if forced with
# BUILD_FORCE_PENDING_UPDATES.
rules:
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
- if: $BUILD_FORCE_PENDING_UPDATES != null
artifacts:
paths:
- update-report
script:
- rm -fr update-report
# This configuration has all of the layers we need enabled
- kas shell --update --force-checkout ci/qemuarm64.yml:ci/meta-openembedded.yml:ci/meta-secure-core.yml:lockfile.yml --command \
"$CI_PROJECT_DIR/scripts/machine-summary.py -t report -o $CI_PROJECT_DIR/update-report $($CI_PROJECT_DIR/ci/listmachines.py meta-arm meta-arm-bsp)"
n1sdp:
extends: .build
parallel:
matrix:
- TOOLCHAINS: [gcc, armgcc]
qemu-cortex-a53:
extends: .build
qemu-cortex-m3:
extends: .build_and_test
parallel:
matrix:
- TESTING: testimage-zephyr
qemu-cortex-r5:
extends: .build
qemuarm64-secureboot:
extends: .build
@@ -273,41 +179,19 @@ qemuarm64-secureboot:
matrix:
- TOOLCHAINS: [gcc, clang]
TCLIBC: [glibc, musl]
TS: [none, qemuarm64-secureboot-ts]
TESTING: testimage
- UEFISB: [none, uefi-secureboot]
TESTING: testimage
- KERNEL: linux-yocto-dev
TESTING: testimage
qemuarm64:
extends: .build
parallel:
matrix:
- DISTRO: poky-tiny
TESTING: testimage
- VIRT: xen
qemuarm-secureboot:
extends: .build
parallel:
matrix:
- TOOLCHAINS: [gcc, clang]
TCLIBC: [glibc, musl]
TESTING: testimage
- DISTRO: [poky, poky-altcfg]
TESTING: testimage
- KERNEL: linux-yocto-dev
TESTING: testimage
qemuarm:
extends: .build
parallel:
matrix:
- TOOLCHAINS: [gcc, clang]
FIRMWARE: edk2
TESTING: testimage
- DISTRO: poky-tiny
TESTING: testimage
- VIRT: xen
@@ -315,35 +199,18 @@ qemuarmv5:
extends: .build
parallel:
matrix:
- DISTRO: poky
KERNEL: [linux-yocto, linux-yocto-dev]
TESTING: testimage
- DISTRO: poky-tiny
TESTING: testimage
sbsa-ref:
extends: .build
parallel:
matrix:
- TOOLCHAINS: [gcc, clang]
TESTING: testimage
- DISTRO: poky-altcfg
TESTING: testimage
- KERNEL: linux-yocto-dev
TESTING: testimage
selftest:
extends: .setup
script:
- KASFILES=./ci/qemuarm64.yml:./ci/selftest.yml:lockfile.yml
- kas shell --update --force-checkout $KASFILES -c 'oe-selftest --num-processes 2 --select-tag meta-arm --run-all-tests'
- TESTING: testimage
sgi575:
extends: .build
parallel:
matrix:
- TESTING: testimage
# FVP binary is x86-only
tc0:
extends: .build
tags:
- x86_64
tc1:
extends: .build
tags:
- x86_64
+22 -46
View File
@@ -6,39 +6,41 @@ This repository contains the Arm layers for OpenEmbedded.
This layer contains general recipes for the Arm architecture, such as firmware, FVPs, and Arm-specific integration.
* meta-arm-autonomy
This layer is the distribution for a reference stack for autonomous systems.
* meta-arm-bsp
This layer contains machines for Arm reference platforms, for example FVP Base, Corstone1000, and Juno.
This layer contains machines for Arm reference platforms, for example FVP Base, N1SDP, and Juno.
* meta-arm-toolchain
This layer contains recipes for Arm's binary toolchains (GCC and Clang for -A and -M), and a recipe to build Arm's GCC.
* meta-atp
This layer contains recipes for the Adaptive Traffic Generation integration into meta-gem5.
* meta-gem5
This layer contains recipes and machines for gem5, a system-level and processor simulator.
Other Directories
-----------------
* ci
This directory contains gitlab continuous integration configuration files (KAS yaml files) as well as scripts needed for this.
* documentation
This directory contains information on the files in this repository, building, and other relevant documents.
This directory contains gitlab continuous integration configuration files (KAS yaml files) as well as scripts needed for this
* kas
This directory contains KAS yaml files to describe builds for systems not used in CI.
This directory contains KAS yaml files to describe builds for systems not used in CI
* scripts
This directory contains scripts used in running the CI tests.
Mailing List
------------
To interact with the meta-arm developer community, please email the meta-arm mailing list at <meta-arm@lists.yoctoproject.org>.
Currently, it is configured to only allow emails to members from those subscribed.
To subscribe to the meta-arm mailing list, please go to
https://lists.yoctoproject.org/g/meta-arm
This directory contains scripts used in running the CI tests
Contributing
------------
@@ -46,51 +48,25 @@ Currently, we only accept patches from the meta-arm mailing list. For general
information on how to submit a patch, please read
https://www.openembedded.org/wiki/How_to_submit_a_patch_to_OpenEmbedded
E-mail <meta-arm@lists.yoctoproject.org> with patches created using this process. You can configure git-send-email to automatically use this address for the meta-arm repository with the following git command:
E-mail meta-arm@lists.yoctoproject.org with patches created using this process. You can configure git-send-email to automatically use this address for the meta-arm repository with the following git command:
`$ git config --local --add sendemail.to meta-arm@lists.yoctoproject.org`
$ git config --local --add sendemail.to meta-arm@lists.yoctoproject.org
Commits and patches added should follow the OpenEmbedded patch guidelines:
https://www.openembedded.org/wiki/Commit_Patch_Message_Guidelines
The component being changed in the shortlog should be prefixed with the layer name (without the meta- prefix), for example:
> arm-bsp/trusted-firmware-a: decrease frobbing level
> arm-toolchain/gcc: enable foobar v2
arm-bsp/trusted-firmware-a: decrease frobbing level
All contributions are under the [MIT License](/COPYING.MIT).
For a quick start guide on how to build and use meta-arm, go to [quick-start.md](/documentation/quick-start.md).
For information on the continuous integration done on meta-arm and how to use it, go to [continuous-integration-and-kas.md](/documentation/continuous-integration-and-kas.md).
Backporting
--------------
Backporting patches to older releases may be done upon request, but only after a version of the patch has been accepted into the master branch. This is done by adding the branch name to email subject line. This should be between the square brackets (e.g., "[" and "]"), and before or after the "PATCH". For example,
> [nanbield PATCH] arm/linux-yocto: backport patch to fix 6.5.13 networking issues
Automatic backporting will be done to all branches if the "Fixes: <SHA>" wording is added to the patch commit message. This is similar to how the Linux kernel community does their LTS kernel backporting. For more information see the "Fixes" portion of
https://www.kernel.org/doc/html/latest/process/submitting-patches.html#submittingpatches
Releases and Release Schedule
--------------
We follow the Yocto Project release methodology, schedule, and stable/LTS support timelines. For more information on these, please reference:
* https://docs.yoctoproject.org/ref-manual/release-process.html
* https://wiki.yoctoproject.org/wiki/Releases
* https://wiki.yoctoproject.org/wiki/Stable_Release_and_LTS
For more in-depth information on the meta-arm release and branch methodology, go to </documentation/releases.md>.
arm-toolchain/gcc: enable foobar v2
Reporting bugs
--------------
E-mail <meta-arm@lists.yoctoproject.org> with the error encountered and the steps
E-mail meta-arm@lists.yoctoproject.org with the error encountered and the steps
to reproduce the issue.
Security and Reporting Security Issues
--------------
For information on the security of meta-arm and how to report issues, please consult [SECURITY.md](/SECURITY.md).
Maintainer(s)
-------------
* Jon Mason <jon.mason@arm.com>
-46
View File
@@ -1,46 +0,0 @@
# Reporting vulnerabilities
Arm takes security issues seriously and welcomes feedback from researchers and
the security community in order to improve the security of its products and
services. We operate a coordinated disclosure policy for disclosing
vulnerabilities and other security issues.
Security issues can be complex and one single timescale doesn't fit all
circumstances. We will make best endeavours to inform you when we expect
security notifications and fixes to be available and facilitate coordinated
disclosure when notifications and patches/mitigations are available.
## How to Report a Potential Vulnerability?
If you would like to report a public issue (for example, one with a released CVE
number), please contact the meta-arm mailing list at
meta-arm@lists.yoctoproject.org and arm-security@arm.com.
If you are dealing with a not-yet released or urgent issue, please send a mail
to the maintainers \(see [README.md](/README.md)\) and arm-security@arm.com, including as much
detail as possible. Encrypted emails using PGP are welcome.
For more information, please visit https://developer.arm.com/support/arm-security-updates/report-security-vulnerabilities.
## Branches maintained with security fixes
meta-arm follows the Yocto release model, so see
[Stable release and LTS](https://wiki.yoctoproject.org/wiki/Stable_Release_and_LTS)
for detailed info regarding the policies and maintenance of stable
branches.
The [Release page](https://wiki.yoctoproject.org/wiki/Releases) contains a list of all
releases of the Yocto Project. Versions in grey are no longer actively maintained with
security patches, but well-tested patches may still be accepted for them for
significant issues.
# Disclaimer
Arm reference solutions are Arm public example software projects that track and
pull upstream components, incorporating their respective security fixes
published over time. Arm partners are responsible for ensuring that the
components they use contain all the required security fixes, if and when they
deploy a product derived from Arm reference solutions.
-6
View File
@@ -1,6 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 11
includes:
- kas/arm-systemready-firmware.yml
-19
View File
@@ -1,19 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 11
includes:
- kas/arm-systemready-ir-acs.yml
env:
ACS_TEST: "0"
local_conf_header:
testimage: |
TESTIMAGE_AUTO = "${ACS_TEST}"
target:
- arm-systemready-ir-acs
- arm-systemready-linux-distros-debian
- arm-systemready-linux-distros-opensuse
- arm-systemready-linux-distros-fedora
+6
View File
@@ -0,0 +1,6 @@
header:
version: 9
local_conf_header:
cc: |
GCCVERSION = "arm-10.3"
+19 -25
View File
@@ -1,37 +1,25 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
version: 9
distro: poky
defaults:
repos:
branch: whinlatter
refspec: honister
repos:
bitbake:
url: https://git.openembedded.org/bitbake
branch: "2.16"
layers:
bitbake: disabled
core:
url: https://git.openembedded.org/openembedded-core
layers:
meta:
meta-yocto:
url: https://git.yoctoproject.org/meta-yocto
layers:
meta-poky:
meta-arm:
layers:
meta-arm:
meta-arm-bsp:
meta-arm-toolchain:
poky:
url: https://git.yoctoproject.org/git/poky
layers:
meta:
meta-poky:
env:
BB_LOGCONFIG: ""
TOOLCHAIN_DIR: ""
@@ -39,13 +27,19 @@ env:
local_conf_header:
base: |
CONF_VERSION = "2"
BB_SERVER_TIMEOUT = "300"
PACKAGE_CLASSES = "package_ipk"
LICENSE_FLAGS_WHITELIST += "armcompiler Arm-FVP-EULA"
PACKAGECONFIG:remove:pn-qemu-system-native = "gtk+ sdl"
EXTRA_IMAGE_FEATURES:append = " debug-tweaks"
BB_NUMBER_THREADS = "16"
PARALLEL_MAKE = "-j16"
INHERIT += "rm_work"
extrapackages: |
CORE_IMAGE_EXTRA_INSTALL += "perf"
CORE_IMAGE_EXTRA_INSTALL:append:aarch64 = " gator-daemon"
PACKAGECONFIG:append:pn-perf = " coresight"
noptest: |
DISTRO_FEATURES:remove = "ptest"
machine: unset
target:
- core-image-sato
- core-image-base
- perf
+44
View File
@@ -0,0 +1,44 @@
#! /usr/bin/env python3
import argparse
import pathlib
import re
import subprocess
import sys
import yaml
if __name__ == "__main__":
parser = argparse.ArgumentParser()
parser.add_argument("config", type=argparse.FileType())
parser.add_argument("metaarm", type=pathlib.Path, help="Path to meta-arm")
parser.add_argument("others", type=pathlib.Path, help="Path to parent of dependencies")
args = parser.parse_args()
config = yaml.safe_load(args.config)
layers = config["layers"]
dependencies = config["dependencies"]
found_layers = [p for p in args.metaarm.glob("meta-*") if p.is_dir()]
print(f"Testing {len(layers)} layers: {', '.join(layers)}.")
print(f"Found {len(found_layers)} layers in meta-arm.")
print()
cli = ["yocto-check-layer-wrapper",]
cli.extend([args.metaarm / layer for layer in layers])
cli.append("--dependency")
cli.extend([args.others / layer for layer in dependencies])
cli.append("--no-auto-dependency")
passed = 0
process = subprocess.Popen(cli, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, universal_newlines=True)
while True:
line = process.stdout.readline()
if process.poll() is not None:
break
print(line.strip())
if re.search(r"meta-.+ PASS", line):
passed += 1
print(f"Coverage: {int(passed / len(found_layers) * 100)}%")
sys.exit(process.returncode)
+13
View File
@@ -0,0 +1,13 @@
layers:
- meta-arm
- meta-arm-bsp
- meta-arm-toolchain
- meta-gem5
- meta-arm-autonomy
dependencies:
- meta-openembedded/meta-oe
- meta-openembedded/meta-networking
- meta-openembedded/meta-python
- meta-openembedded/meta-filesystems
- poky/meta-poky
- meta-virtualization
+7 -5
View File
@@ -1,8 +1,10 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
version: 9
repos:
meta-clang:
url: https://github.com/kraj/meta-clang
local_conf_header:
toolchain: |
PREFERRED_TOOLCHAIN_TARGET = "clang"
clang: |
TOOLCHAIN = "clang"
-13
View File
@@ -1,13 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
includes:
- ci/base.yml
- ci/meta-openembedded.yml
- ci/meta-secure-core.yml
- kas/corstone1000-image-configuration.yml
target:
- core-image-minimal
- perf
-10
View File
@@ -1,10 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
includes:
- kas/corstone1000-firmware-only.yml
target:
- corstone1000-flash-firmware-image
- perf
+9 -5
View File
@@ -1,9 +1,13 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
version: 9
includes:
- ci/corstone1000-common.yml
- ci/fvp.yml
- base.yml
- meta-openembedded.yml
local_conf_header:
custom-local-conf: |
INITRAMFS_IMAGE_BUNDLE = "0"
INITRAMFS_IMAGE:remove = "corstone1000-initramfs-image"
machine: corstone1000-fvp
+8 -4
View File
@@ -1,8 +1,12 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
version: 9
includes:
- ci/corstone1000-common.yml
- base.yml
- meta-openembedded.yml
local_conf_header:
custom-local-conf: |
INITRAMFS_IMAGE_BUNDLE = "0"
INITRAMFS_IMAGE:remove = "corstone1000-initramfs-image"
machine: corstone1000-mps3
+6
View File
@@ -0,0 +1,6 @@
header:
version: 9
includes:
- base.yml
machine: corstone500
+10
View File
@@ -0,0 +1,10 @@
header:
version: 9
includes:
- base.yml
machine: corstone700-fvp
local_conf_header:
image: |
CORE_IMAGE_EXTRA_INSTALL = "corstone700-test-app"
+6
View File
@@ -0,0 +1,6 @@
header:
version: 9
includes:
- corstone700-fvp.yml
machine: corstone700-mps3
-21
View File
@@ -1,21 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
local_conf_header:
cve: |
INHERIT += "cve-check"
# Allow the runner environment to provide an API key
NVDCVE_API_KEY = "${@d.getVar('BB_ORIGENV').getVar('NVDCVE_API_KEY') or ''}"
# Just show the warnings for our layers
CVE_CHECK_SHOW_WARNINGS = "0"
CVE_CHECK_SHOW_WARNINGS:layer-arm-toolchain = "1"
CVE_CHECK_SHOW_WARNINGS:layer-meta-arm = "1"
CVE_CHECK_SHOW_WARNINGS:layer-meta-arm-bsp = "1"
CVE_CHECK_SHOW_WARNINGS:layer-meta-arm-systemready = "1"
# Ignore the kernel, we sometime carry kernels in meta-arm
CVE_CHECK_SHOW_WARNINGS:pn-linux-yocto = "0"
-9
View File
@@ -1,9 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
# Add universally helpful features when testing boards
local_conf_header:
rootlogin: |
EXTRA_IMAGE_FEATURES:append = " allow-empty-password empty-root-password allow-root-login"
-31
View File
@@ -1,31 +0,0 @@
#! /usr/bin/env python3
"""
Download the lockfile.yml produced by a CI pipeline, specified by the GitLab
server, full name of the meta-arm project, and the refspec that was executed.
For example,
$ ./download-lockfile.py https://gitlab.com/ rossburton/meta-arm master
SPDX-FileCopyrightText: Copyright 2023 Arm Limited and Contributors
SPDX-License-Identifier: GPL-2.0-only
"""
import argparse
import gitlab
import io
import zipfile
parser = argparse.ArgumentParser()
parser.add_argument("server", help="GitLab server name")
parser.add_argument("project", help="meta-arm project name")
parser.add_argument("refspec", help="Branch/commit")
args = parser.parse_args()
gl = gitlab.Gitlab(args.server)
project = gl.projects.get(args.project)
artefact = project.artifacts.download(ref_name=args.refspec, job="update-repos")
z = zipfile.ZipFile(io.BytesIO(artefact))
z.extract("lockfile.yml")
print("Fetched lockfile.yml")
-17
View File
@@ -1,17 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
local_conf_header:
bootfirmware: |
PREFERRED_PROVIDER_virtual/bootloader = "edk2-firmware"
MACHINE_FEATURES += "efi"
TFA_UBOOT = "0"
TFA_UEFI = "1"
EXTRA_IMAGEDEPENDS += "edk2-firmware"
EFI_PROVIDER ?= "grub-efi"
QB_DEFAULT_BIOS = "QEMU_EFI.fd"
WKS_FILE ?= "efi-disk.wks.in"
+8
View File
@@ -0,0 +1,8 @@
header:
version: 9
local_conf_header:
cc: |
PNBLACKLIST[gcc-cross-arm] = "Using external toolchain"
TCMODE = "external-arm"
EXTERNAL_TOOLCHAIN = "${TOPDIR}/toolchains/${TARGET_ARCH}"
+6
View File
@@ -0,0 +1,6 @@
header:
version: 9
includes:
- base.yml
machine: fvp-base-arm32
-35
View File
@@ -1,35 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
includes:
- ci/fvp-base.yml
- ci/meta-openembedded.yml
local_conf_header:
trusted_services: |
# Enable the needed test suites
TEST_SUITES:append = " trusted_services"
# Include all Secure Partitions into the image
MACHINE_FEATURES:append = " arm-ffa ts-crypto ts-storage ts-its"
MACHINE_FEATURES:append = " ts-attestation ts-smm-gateway optee-spmc-test"
MACHINE_FEATURES:append = " ts-block-storage ts-fwu ts-logging"
MACHINE_FEATURES:append = " arm-branch-protection"
SMMGW_AUTH_VAR = "1"
# Include TS demo/test tools into image
IMAGE_INSTALL:append = " packagegroup-ts-tests"
# Include TS PSA Arch tests into image
IMAGE_INSTALL:append = " packagegroup-ts-tests-psa"
CORE_IMAGE_EXTRA_INSTALL += "optee-test"
# Set the TS environment
TS_ENV = "sp"
# Enable and configure semihosting
FVP_CONFIG[cluster0.cpu0.semihosting-cwd] = "${DEPLOY_DIR_IMAGE}"
FVP_CONFIG[cluster0.cpu1.semihosting-cwd] = "${DEPLOY_DIR_IMAGE}"
FVP_CONFIG[cluster0.cpu2.semihosting-cwd] = "${DEPLOY_DIR_IMAGE}"
FVP_CONFIG[cluster0.cpu3.semihosting-cwd] = "${DEPLOY_DIR_IMAGE}"
FVP_CONFIG[cluster1.cpu0.semihosting-cwd] = "${DEPLOY_DIR_IMAGE}"
FVP_CONFIG[cluster1.cpu1.semihosting-cwd] = "${DEPLOY_DIR_IMAGE}"
FVP_CONFIG[cluster1.cpu2.semihosting-cwd] = "${DEPLOY_DIR_IMAGE}"
FVP_CONFIG[cluster1.cpu3.semihosting-cwd] = "${DEPLOY_DIR_IMAGE}"
FVP_CONFIG[semihosting-enable] = "True"
+11 -8
View File
@@ -1,13 +1,16 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
version: 9
includes:
- ci/base.yml
- ci/fvp.yml
- base.yml
machine: fvp-base
target:
- core-image-full-cmdline
- boot-wrapper-aarch64
local_conf_header:
testimagefvp: |
INHERIT = "fvpboot"
# This fails but we can't add to the ignorelist from meta-arm yet
# https://bugzilla.yoctoproject.org/show_bug.cgi?id=14604
TEST_SUITES:remove = "parselogs"
# Tell testimage to connect to localhost:8022, and forward that to SSH in the FVP.
TEST_TARGET_IP = "localhost:8022"
FVP_CONFIG[bp.virtio_net.hostbridge.userNetPorts] ?= "8022=22"
+7
View File
@@ -0,0 +1,7 @@
header:
version: 9
includes:
- base.yml
machine: fvp-baser-aemv8r64
-12
View File
@@ -1,12 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
local_conf_header:
testimagefvp: |
LICENSE_FLAGS_ACCEPTED += "Arm-FVP-EULA"
IMAGE_CLASSES += "fvpboot"
networking_failing_tests: |
# These tests currently fail as the wrong IP for the build host is used
TEST_SUITES:remove = "opkg dnf"
+6 -17
View File
@@ -1,31 +1,20 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
# Simple target to build the FVPs that are publically available
header:
version: 14
version: 9
includes:
- ci/base.yml
- base.yml
machine: qemuarm64
local_conf_header:
license: |
LICENSE_FLAGS_ACCEPTED += "Arm-FVP-EULA"
sdk: |
SDKMACHINE = "x86_64"
target:
# Target packages to test aarch64
- fvp-base-a-aem
- fvp-corstone1000
- fvp-rd1-ae
- fvp-v3-r1
# Nativesdk to test x86-64
- nativesdk-fvp-base-a-aem
- nativesdk-fvp-corstone1000
- nativesdk-fvp-rd1-ae
- nativesdk-fvp-v3-r1
# These are x86 only... :(
- nativesdk-fvp-n1-edge
- nativesdk-fvp-sgi575
- nativesdk-fvp-tc3
- nativesdk-fvp-corstone500
- nativesdk-fvp-corstone700
- nativesdk-fvp-tc0
-9
View File
@@ -1,9 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
#NOTE: This is the default. This is only being added for completeness/clarity
local_conf_header:
toolchain: |
PREFERRED_TOOLCHAIN_TARGET = "gcc"
+17
View File
@@ -0,0 +1,17 @@
header:
version: 9
includes:
- base.yml
- meta-openembedded.yml
repos:
meta-arm:
layers:
meta-gem5:
machine: gem5-arm64
target:
- core-image-minimal
- perf
- gem5-aarch64-native
+15
View File
@@ -0,0 +1,15 @@
header:
version: 9
includes:
- gem5-arm64.yml
repos:
meta-arm:
layers:
meta-atp:
machine: gem5-atp-arm64
target:
- atp-native
- core-image-minimal
+6
View File
@@ -0,0 +1,6 @@
header:
version: 9
includes:
- base.yml
machine: generic-arm64
-21
View File
@@ -1,21 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
includes:
- ci/base.yml
repos:
meta-yocto:
layers:
meta-yocto-bsp:
local_conf_header:
bootloader: |
# If running genericarm64 in a qemu we need to manually build the bootloader
EXTRA_IMAGEDEPENDS += "virtual/bootloader"
sshpregen: |
# Allow the use of the pregen keys as this is CI so safe
COMPATIBLE_MACHINE:pn-ssh-pregen-hostkeys:genericarm64 = "genericarm64"
machine: genericarm64
+46
View File
@@ -0,0 +1,46 @@
#!/bin/bash
set -u
HOST_ARCH=$(uname -m)
VER="10.3-2021.07"
DOWNLOAD_DIR=$1
TOOLCHAIN_DIR=$2
TOOLCHAIN_LINK_DIR=$3
# These should be already created by .gitlab-ci.yml, but do here if run outside of that env
mkdir -p $DOWNLOAD_DIR $TOOLCHAIN_DIR $TOOLCHAIN_LINK_DIR
if [ $HOST_ARCH = "aarch64" ]; then
#AArch64 Linux hosted cross compilers
#AArch32 target with hard float (arm-none-linux-gnueabihf)
wget -P $DOWNLOAD_DIR -nc https://developer.arm.com/-/media/Files/downloads/gnu-a/$VER/binrel/gcc-arm-$VER-$HOST_ARCH-arm-none-linux-gnueabihf.tar.xz
elif [ $HOST_ARCH = "x86_64" ]; then
#x86_64 Linux hosted cross compilers
#AArch32 target with hard float (arm-linux-none-gnueabihf)
wget -P $DOWNLOAD_DIR -nc https://developer.arm.com/-/media/Files/downloads/gnu-a/$VER/binrel/gcc-arm-$VER-$HOST_ARCH-arm-none-linux-gnueabihf.tar.xz
#AArch64 GNU/Linux target (aarch64-none-linux-gnu)
wget -P $DOWNLOAD_DIR -nc https://developer.arm.com/-/media/Files/downloads/gnu-a/$VER/binrel/gcc-arm-$VER-$HOST_ARCH-aarch64-none-linux-gnu.tar.xz
#AArch64 GNU/Linux target (aarch64_be-none-linux-gnu)
wget -P $DOWNLOAD_DIR -nc https://developer.arm.com/-/media/Files/downloads/gnu-a/$VER/binrel/gcc-arm-$VER-$HOST_ARCH-aarch64_be-none-linux-gnu.tar.xz
else
echo "ERROR - Unknown build arch of $HOST_ARCH"
exit 1
fi
for i in arm aarch64 aarch64_be; do
if [ ! -d $TOOLCHAIN_DIR/gcc-arm-$VER-$HOST_ARCH-$i-none-linux-gnu*/ ]; then
if [ ! -f $DOWNLOAD_DIR/gcc-arm-$VER-$HOST_ARCH-$i-none-linux-gnu*.tar.xz ]; then
continue
fi
tar -C $TOOLCHAIN_DIR -axvf $DOWNLOAD_DIR/gcc-arm-$VER-$HOST_ARCH-$i-none-linux-gnu*.tar.xz
fi
# Setup a link for the toolchain to use local to the building machine (e.g., not in a shared location)
ln -s $TOOLCHAIN_DIR/gcc-arm-$VER-$HOST_ARCH-$i-none-linux-gnu* $TOOLCHAIN_LINK_DIR/$i
done
-9
View File
@@ -1,9 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
#NOTE: This is the default for poky. This is only being added for completeness/clarity
local_conf_header:
libc: |
TCLIBC = "glibc"
+6 -22
View File
@@ -3,41 +3,25 @@
# This script is expecting an input of machine name, optionally followed by a
# colon and a list of one or more parameters separated by commas between
# brackets. For example, the following are acceptable:
# corstone1000-mps3
# fvp-base: [testimage]
# qemuarm64-secureboot: [clang, glibc, testimage]
# This argument should be quoted to avoid expansion and to be handled
# as a single value.
#
# Any further arguments will be handled as further yml file basenames.
# corstone500
# fvp-base: [testimage]
# qemuarm64-secureboot: [clang, glibc, testimage]
#
# Turn this list into a series of yml files separated by colons to pass to kas
set -e -u
# First, parse the GitLab CI job name (CI_JOB_NAME via $1) and accumulate a list
# of Kas files.
JOBNAME="$1"
shift
FILES="ci/$(echo $1 | cut -d ':' -f 1).yml"
# The base name of the job
FILES="ci/$(echo $JOBNAME | cut -d ':' -f 1).yml"
# The list of matrix variations
for i in $(echo $JOBNAME | cut -s -d ':' -f 2 | sed 's/[][,]//g'); do
for i in $(echo $1 | cut -s -d ':' -f 2 | sed 's/[][,]//g'); do
# Given that there are no yml files for gcc or glibc, as those are the
# defaults, we can simply ignore those parameters. They are necessary
# to pass in so that matrix can correctly setup all of the permutations
# of each individual run.
if [[ $i == 'none' ]]; then
if [[ $i == 'none' || $i == 'gcc' || $i == 'glibc' ]]; then
continue
fi
FILES+=":ci/$i.yml"
done
# Now pick up any further names
for i in $*; do
FILES+=":ci/$i.yml"
done
echo $FILES
-15
View File
@@ -1,15 +0,0 @@
#! /bin/bash
# $ ci/junit.sh <build directory>
#
# If there is a OEQA test report in JSON format present in the build directory,
# transform it to JUnit XML using resulttool.
set -e -u
BUILDDIR=$1
JSON=$BUILDDIR/tmp/log/oeqa/testresults.json
if test -f $JSON; then
resulttool junit $JSON
fi
+2 -4
View File
@@ -1,8 +1,6 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
version: 9
includes:
- ci/base.yml
- base.yml
machine: juno
-8
View File
@@ -1,8 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
local_conf_header:
kernel: |
PREFERRED_PROVIDER_virtual/kernel = "linux-yocto-dev"
-8
View File
@@ -1,8 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
local_conf_header:
kernel: |
PREFERRED_PROVIDER_virtual/kernel = "linux-yocto-rt"
-9
View File
@@ -1,9 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
#NOTE: This is the default for poky. This is only being added for completeness/clarity
local_conf_header:
kernel: |
PREFERRED_PROVIDER_virtual/kernel = "linux-yocto"
+10
View File
@@ -0,0 +1,10 @@
header:
version: 9
includes:
- meta-openembedded.yml
- meta-virtualization.yml
repos:
meta-arm:
layers:
meta-arm-autonomy:
+1 -4
View File
@@ -1,7 +1,5 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
version: 9
repos:
meta-openembedded:
@@ -11,4 +9,3 @@ repos:
meta-networking:
meta-oe:
meta-python:
meta-perl:
-13
View File
@@ -1,13 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
repos:
meta-secure-core:
url: https://github.com/Wind-River/meta-secure-core.git
layers:
meta-secure-core-common:
meta-signing-key:
meta-efi-secure-boot:
+3 -5
View File
@@ -1,10 +1,8 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
version: 9
includes:
- ci/meta-openembedded.yml
- meta-openembedded.yml
repos:
meta-virtualization:
url: https://git.yoctoproject.org/meta-virtualization
url: git://git.yoctoproject.org/meta-virtualization
+8
View File
@@ -0,0 +1,8 @@
header:
version: 9
includes:
- meta-openembedded.yml
repos:
meta-zephyr:
url: https://git.yoctoproject.org/git/meta-zephyr
+16
View File
@@ -0,0 +1,16 @@
header:
version: 9
includes:
- base.yml
- meta-zephyr.yml
local_conf_header:
nonbuilding_tests: |
ZEPHYRTESTS:remove = "common"
failing_tests: |
ZEPHYRTESTS:remove = "context early_sleep sleep"
machine: microbit-v1
target:
- zephyr-kernel-test-all
+4 -5
View File
@@ -1,12 +1,11 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
version: 9
includes:
- ci/base.yml
- ci/meta-openembedded.yml
- base.yml
- meta-zephyr.yml
machine: musca-b1
target:
- trusted-firmware-m
- zephyr-philosophers
+3 -5
View File
@@ -1,10 +1,8 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
version: 9
includes:
- ci/base.yml
- ci/meta-openembedded.yml
- base.yml
- meta-openembedded.yml
machine: musca-s1
+1 -3
View File
@@ -1,7 +1,5 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
version: 9
local_conf_header:
libc: |
+6
View File
@@ -0,0 +1,6 @@
header:
version: 9
includes:
- base.yml
machine: n1sdp
-286
View File
@@ -1,286 +0,0 @@
#! /usr/bin/env python3
#
# SPDX-License-Identifier: GPL-2.0-only
#
# TODO
# - option to just list all broken files
# - test suite
# - validate signed-off-by
import argparse
import collections
import json
import os
import re
import subprocess
status_values = (
"accepted",
"pending",
"inappropriate",
"backport",
"submitted",
"denied",
)
class PatchResult:
# Whether the patch has an Upstream-Status or not
missing_upstream_status = False
# If the Upstream-Status tag is malformed in some way (string for bad bit)
malformed_upstream_status = None
# If the Upstream-Status value is unknown (boolean)
unknown_upstream_status = False
# The upstream status value (Pending, etc)
upstream_status = None
# Whether the patch has a Signed-off-by or not
missing_sob = False
# Whether the Signed-off-by tag is malformed in some way
malformed_sob = False
# The Signed-off-by tag value
sob = None
# Whether a patch looks like a CVE but doesn't have a CVE tag
missing_cve = False
class Summary:
total = 0
cve_missing = 0
sob_missing = 0
sob_malformed = 0
status_missing = 0
status_malformed = 0
status_pending = 0
def blame_patch(patch):
"""
From a patch filename, return a list of "commit summary (author name <author
email>)" strings representing the history.
"""
return subprocess.check_output(("git", "log",
"--follow", "--find-renames", "--diff-filter=A",
"--format=%s (%aN <%aE>)",
"--", patch)).decode("utf-8").splitlines()
def patchreview(patches):
# General pattern: start of line, optional whitespace, tag with optional
# hyphen or spaces, maybe a colon, some whitespace, then the value, all case
# insensitive.
sob_re = re.compile(r"^[\t ]*(Signed[-_ ]off[-_ ]by:?)[\t ]*(.+)", re.IGNORECASE | re.MULTILINE)
status_re = re.compile(r"^[\t ]*(Upstream[-_ ]Status:?)[\t ]*(\w*)", re.IGNORECASE | re.MULTILINE)
cve_tag_re = re.compile(r"^[\t ]*(CVE:)[\t ]*(.*)", re.IGNORECASE | re.MULTILINE)
cve_re = re.compile(r"cve-[0-9]{4}-[0-9]{4,6}", re.IGNORECASE)
results = {}
for patch in patches:
result = PatchResult()
results[patch] = result
content = open(patch, encoding="ascii", errors="ignore").read()
# Find the Signed-off-by tag
match = sob_re.search(content)
if match:
value = match.group(1)
if value != "Signed-off-by:":
result.malformed_sob = value
result.sob = match.group(2)
else:
result.missing_sob = True
# Find the Upstream-Status tag
match = status_re.search(content)
if match:
value = match.group(1)
if value != "Upstream-Status:":
result.malformed_upstream_status = value
value = match.group(2).lower()
# TODO: check case
if value not in status_values:
result.unknown_upstream_status = True
result.upstream_status = value
else:
result.missing_upstream_status = True
# Check that patches which looks like CVEs have CVE tags
if cve_re.search(patch) or cve_re.search(content):
if not cve_tag_re.search(content):
result.missing_cve = True
# TODO: extract CVE list
return results
def analyse(results, want_blame=False, verbose=True):
"""
want_blame: display blame data for each malformed patch
verbose: display per-file results instead of just summary
"""
# want_blame requires verbose, so disable blame if we're not verbose
if want_blame and not verbose:
want_blame = False
summary = Summary()
for patch in sorted(results):
r = results[patch]
summary.total += 1
need_blame = False
# Build statistics
if r.missing_sob:
summary.sob_missing += 1
if r.malformed_sob:
summary.sob_malformed += 1
if r.missing_upstream_status:
summary.status_missing += 1
if r.malformed_upstream_status or r.unknown_upstream_status:
summary.status_malformed += 1
# Count patches with no status as pending
summary.status_pending += 1
if r.missing_cve:
summary.cve_missing += 1
if r.upstream_status == "pending":
summary.status_pending += 1
# Output warnings
if r.missing_sob:
need_blame = True
if verbose:
print("Missing Signed-off-by tag (%s)" % patch)
if r.malformed_sob:
need_blame = True
if verbose:
print("Malformed Signed-off-by '%s' (%s)" % (r.malformed_sob, patch))
if r.missing_cve:
need_blame = True
if verbose:
print("Missing CVE tag (%s)" % patch)
if r.missing_upstream_status:
need_blame = True
if verbose:
print("Missing Upstream-Status tag (%s)" % patch)
if r.malformed_upstream_status:
need_blame = True
if verbose:
print("Malformed Upstream-Status '%s' (%s)" % (r.malformed_upstream_status, patch))
if r.unknown_upstream_status:
need_blame = True
if verbose:
print("Unknown Upstream-Status value '%s' (%s)" % (r.upstream_status, patch))
if want_blame and need_blame:
print("\n".join(blame_patch(patch)) + "\n")
return summary
def display_summary(summary, verbose):
def percent(num):
try:
return "%d (%d%%)" % (num, round(num * 100.0 / summary.total))
except ZeroDivisionError:
return "N/A"
if verbose:
print()
print("""Total patches found: %d
Patches missing Signed-off-by: %s
Patches with malformed Signed-off-by: %s
Patches missing CVE: %s
Patches missing Upstream-Status: %s
Patches with malformed Upstream-Status: %s
Patches in Pending state: %s""" % (summary.total,
percent(summary.sob_missing),
percent(summary.sob_malformed),
percent(summary.cve_missing),
percent(summary.status_missing),
percent(summary.status_malformed),
percent(summary.status_pending)))
def generate_metrics(summary, output):
# https://github.com/OpenObservability/OpenMetrics/blob/main/specification/OpenMetrics.md
# Summary attribute name, MetricPoint help
mapping = (
("total", "Total patches"),
("cve_missing", "Patches missing CVE tag"),
("sob_malformed", "Patches with malformed Signed-off-by"),
("sob_missing", "Patches with missing Signed-off-by"),
("status_malformed", "Patches with malformed Upstream-Status"),
("status_missing", "Patches with missing Upstream-Status"),
("status_pending", "Patches with Pending Upstream-Status")
)
for attr, help in mapping:
metric = f"patch_check_{attr}"
value = getattr(summary, attr)
output.write(f"""
# TYPE {metric} gauge
# HELP {help}
{metric} {value}
""")
output.write("\n# EOF\n")
def histogram(results):
import math
from toolz import dicttoolz, recipes
counts = recipes.countby(lambda r: r.upstream_status, results.values())
bars = dicttoolz.valmap(lambda v: "#" * int(math.ceil(float(v) / len(results) * 100)), counts)
for k in bars:
print("%-20s %s (%d)" % (k.capitalize() if k else "No status", bars[k], counts[k]))
def gather_patches(directories):
patches = []
for directory in directories:
filenames = subprocess.check_output(("git", "-C", directory, "ls-files", "recipes-*/**/*.patch", "recipes-*/**/*.diff")).decode("utf-8").split()
patches += [os.path.join(directory, f) for f in filenames]
return patches
if __name__ == "__main__":
args = argparse.ArgumentParser(description="Patch Review Tool")
args.add_argument("-b", "--blame", action="store_true", help="show blame for malformed patches")
args.add_argument("-v", "--verbose", action="store_true", help="show per-patch results")
args.add_argument("-g", "--histogram", action="store_true", help="show patch histogram")
args.add_argument("-j", "--json", help="update JSON")
args.add_argument("-m", "--metrics", type=argparse.FileType('w'), help="write OpenMetrics")
args.add_argument("dirs", metavar="DIRECTORY", nargs="+", help="directory to scan")
args = args.parse_args()
patches = gather_patches(args.dirs)
results = patchreview(patches)
summary = analyse(results, want_blame=args.blame, verbose=args.verbose)
display_summary(summary, verbose=args.verbose)
if args.json:
if os.path.isfile(args.json):
data = json.load(open(args.json))
else:
data = []
row = collections.Counter()
row["total"] = len(results)
row["date"] = subprocess.check_output(["git", "-C", args.dirs[0], "show", "-s", "--pretty=format:%cd", "--date=format:%s"]).decode("utf-8").strip()
for r in results.values():
if r.upstream_status in status_values:
row[r.upstream_status] += 1
if r.malformed_upstream_status or r.missing_upstream_status:
row["malformed-upstream-status"] += 1
if r.malformed_sob or r.missing_sob:
row["malformed-sob"] += 1
data.append(row)
json.dump(data, open(args.json, "w"))
if args.metrics:
generate_metrics(summary, args.metrics)
if args.histogram:
print()
histogram(results)
-4
View File
@@ -1,4 +0,0 @@
header:
version: 14
distro: poky-altcfg
-16
View File
@@ -1,16 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
distro: poky-tiny
local_conf_header:
hacking: |
TEST_SUITES = "_qemutiny ping"
extrapackages: |
# Intentionally blank to prevent perf from being added to the image in base.yml
target:
- core-image-minimal
- perf
-6
View File
@@ -1,6 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
distro: poky
+14
View File
@@ -0,0 +1,14 @@
header:
version: 9
includes:
- base.yml
- meta-zephyr.yml
local_conf_header:
nonbuilding_tests: |
ZEPHYRTESTS:remove += "common device poll queue sleep"
machine: qemu-cortex-a53
target:
- zephyr-kernel-test-all
+16
View File
@@ -0,0 +1,16 @@
header:
version: 9
includes:
- base.yml
- meta-zephyr.yml
local_conf_header:
tclibc: |
TCLIBC = "newlib"
nonbuilding_tests: |
ZEPHYRTESTS:remove = "common context pending poll sleep"
machine: qemu-cortex-m3
target:
- zephyr-kernel-test-all
+10
View File
@@ -0,0 +1,10 @@
header:
version: 9
includes:
- base.yml
- meta-zephyr.yml
machine: qemu-cortex-r5
target:
- zephyr-philosophers
-16
View File
@@ -1,16 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
includes:
- ci/base.yml
machine: qemuarm-secureboot
target:
- core-image-base
local_conf_header:
optee: |
IMAGE_INSTALL:append = " optee-test optee-client optee-os-ta"
TEST_SUITES:append = " optee ftpm"
+2 -4
View File
@@ -1,8 +1,6 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
version: 9
includes:
- ci/base.yml
- base.yml
machine: qemuarm
+11
View File
@@ -0,0 +1,11 @@
header:
version: 9
includes:
- base.yml
machine: qemuarm64-sbsa
target:
- core-image-base
- perf
- sbsa-acs
-17
View File
@@ -1,17 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
includes:
- ci/meta-openembedded.yml
local_conf_header:
trusted_services: |
TEST_SUITES:append = " trusted_services"
# Include TS Crypto, TS Protected Storage, and TS Internal Trusted Storage and SPs into optee-os image
# FIXME - remove TS SMM Gateway due to QEMU v9.0.0 test failures
MACHINE_FEATURES:append = " arm-ffa ts-crypto ts-storage ts-its"
# Include TS demo/test tools into image
IMAGE_INSTALL:append = " packagegroup-ts-tests"
# Include TS PSA Arch tests into image
IMAGE_INSTALL:append = " packagegroup-ts-tests-psa"
+12 -10
View File
@@ -1,17 +1,19 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
version: 9
includes:
- ci/base.yml
- base.yml
machine: qemuarm64-secureboot
local_conf_header:
bugs: |
# Only ping until errors can be resolved
TEST_SUITES = "ping"
target:
- core-image-base
- hafnium
local_conf_header:
optee: |
IMAGE_INSTALL:append = " optee-test optee-client optee-os-ta"
TEST_SUITES:append = " optee ftpm"
- perf
- optee-examples
- optee-test
- optee-spdevkit
- optee-os-tadevkit
+2 -4
View File
@@ -1,8 +1,6 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
version: 9
includes:
- ci/base.yml
- base.yml
machine: qemuarm64
+2 -4
View File
@@ -1,8 +1,6 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
version: 9
includes:
- ci/base.yml
- base.yml
machine: qemuarmv5
-12
View File
@@ -1,12 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
includes:
- ci/base.yml
machine: sbsa-ref
target:
- core-image-sato
- sbsa-acs
-8
View File
@@ -1,8 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
local_conf_header:
secure-debug: |
MACHINE_FEATURES += "secure-debug"
-10
View File
@@ -1,10 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
local_conf_header:
setup: |
BB_LOGCONFIG = ""
SANITY_TESTED_DISTROS = ""
INHERIT:remove = "rm_work"
+2 -10
View File
@@ -1,14 +1,6 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
version: 9
includes:
- ci/base.yml
- ci/fvp.yml
local_conf_header:
sshpregen: |
# Allow the use of the pregen keys as this is CI so safe
COMPATIBLE_MACHINE:pn-ssh-pregen-hostkeys:sgi575 = "sgi575"
- base.yml
machine: sgi575
-11
View File
@@ -1,11 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
local_conf_header:
sstate_mirror: |
BB_HASHSERVE_UPSTREAM = "wss://hashserv.yoctoproject.org/ws"
SSTATE_MIRRORS = "file://.* http://sstate.yoctoproject.org/all/PATH;downloadfilename=PATH"
BB_HASHSERVE = "auto"
BB_SIGNATURE_HANDLER = "OEEquivHash"
+10
View File
@@ -0,0 +1,10 @@
header:
version: 9
includes:
- base.yml
machine: tc0
target:
- tc-artifacts-image
- perf
+10
View File
@@ -0,0 +1,10 @@
header:
version: 9
includes:
- base.yml
machine: tc1
target:
- tc-artifacts-image
- perf
+8
View File
@@ -0,0 +1,8 @@
header:
version: 9
local_conf_header:
testimage: |
IMAGE_CLASSES += "testimage"
TEST_TARGET = "QemuTargetZephyr"
TEST_SUITES = "zephyr"
+9 -11
View File
@@ -1,19 +1,17 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
includes:
- ci/debug.yml
version: 9
local_conf_header:
testimage: |
IMAGE_CLASSES += "testimage"
TESTIMAGE_AUTO = "1"
kvm: |
QEMU_USE_KVM = ""
slirp: |
TEST_RUNQEMUPARAMS = "slirp"
sshd: |
IMAGE_FEATURES += "ssh-server-dropbear"
sshkeys: |
CORE_IMAGE_EXTRA_INSTALL += "ssh-pregen-hostkeys"
TEST_SERVER_IP = "127.0.0.1"
QEMU_USE_SLIRP = "1"
packages: |
IMAGE_FEATURES:append = " ssh-server-dropbear"
# Multiple targets are available, put it down to just one
target:
- core-image-base
-10
View File
@@ -1,10 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
local_conf_header:
tftf: |
TFA_UBOOT = "0"
TFA_UEFI = "0"
TFTF_TESTS = "1"
+4 -4
View File
@@ -1,9 +1,7 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
version: 9
includes:
- ci/base.yml
- base.yml
# Target is arm64 and SDK is x86-64 to ensure that we exercise both
# architectures
@@ -13,7 +11,9 @@ local_conf_header:
toolchains: |
SDKMACHINE = "x86_64"
# No target armcompiler as currently there is no arm64 build
target:
- nativesdk-armcompiler
- gcc-aarch64-none-elf
- nativesdk-gcc-aarch64-none-elf
- gcc-arm-none-eabi
-10
View File
@@ -1,10 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
local_conf_header:
bootfirmware: |
PREFERRED_PROVIDER_virtual/bootloader = "u-boot"
TFA_UBOOT = "1"
TFA_UEFI = "0"
-51
View File
@@ -1,51 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
# UEFI Secure Boot: A mechanism to ensure that only trusted software is executed
# during the boot process.
header:
version: 14
includes:
- ci/meta-openembedded.yml
- ci/meta-secure-core.yml
local_conf_header:
uefi_secureboot: |
SBSIGN_KEYS_DIR = "${TOPDIR}/sbkeys"
BB_ENV_PASSTHROUGH_ADDITIONS = "SBSIGN_KEYS_DIR"
# Detected by passing kernel parameter
QB_KERNEL_ROOT = ""
# kernel is in the image, should not be loaded separately
QB_DEFAULT_KERNEL = "none"
WKS_FILE = "efi-disk.wks.in"
KERNEL_IMAGETYPE = "Image"
MACHINE_FEATURES:append = " efi uefi-secureboot uefi-http-boot uefi-capsule-updates"
EFI_PROVIDER = "systemd-boot"
# Use systemd as the init system
INIT_MANAGER = "systemd"
IMAGE_INSTALL:append = " systemd systemd-boot util-linux coreutils"
TEST_SUITES:append = " uefi_secureboot uki"
IMAGE_CLASSES += "uki"
IMAGE_CLASSES += "sbsign"
UKI_SB_KEY = "${SBSIGN_KEY}"
UKI_SB_CERT = "${SBSIGN_CERT}"
QB_KERNEL_ROOT = ""
IMAGE_BOOT_FILES:remove = "Image"
INITRAMFS_IMAGE = "core-image-initramfs-boot"
# not for initramfs image recipe
IMAGE_CLASSES:remove:pn-core-image-initramfs-boot = "uki"
IMAGE_CLASSES:remove:pn-core-image-initramfs-boot = "sbsign"
IMAGE_CLASSES:remove:pn-core-image-initramfs-boot = "testimage"
IMAGE_FEATURES:remove:pn-core-image-initramfs-boot = "ssh-server-dropbear"
CORE_IMAGE_EXTRA_INSTALL:remove:pn-core-image-initramfs-boot = "ssh-pregen-hostkeys"
+6 -18
View File
@@ -4,7 +4,6 @@
import sys
import os
import shutil
import subprocess
import pathlib
@@ -20,9 +19,11 @@ def repo_shortname(url):
.replace('*', '.'))
repositories = (
"https://git.yoctoproject.org/poky",
"https://git.yoctoproject.org/git/poky",
"https://git.openembedded.org/meta-openembedded",
"https://git.yoctoproject.org/meta-virtualization",
"https://git.yoctoproject.org/git/meta-virtualization",
"https://git.yoctoproject.org/git/meta-zephyr",
"https://github.com/kraj/meta-clang",
)
if __name__ == "__main__":
@@ -31,25 +32,12 @@ if __name__ == "__main__":
sys.exit(1)
base_repodir = pathlib.Path(os.environ["KAS_REPO_REF_DIR"])
failed = False
for repo in repositories:
repodir = base_repodir / repo_shortname(repo)
if "CI_CLEAN_REPOS" in os.environ:
print("Cleaning %s..." % repo)
shutil.rmtree(repodir, ignore_errors=True)
if repodir.exists():
try:
print("Updating %s..." % repo)
subprocess.run(["git", "-C", repodir, "-c", "gc.autoDetach=false", "fetch", repo], check=True)
except subprocess.CalledProcessError as e:
print(e)
failed = True
print("Updating %s..." % repo)
subprocess.run(["git", "-C", repodir, "fetch"], check=True)
else:
print("Cloning %s..." % repo)
subprocess.run(["git", "clone", "--bare", repo, repodir], check=True)
if failed:
sys.exit(128)
+2 -7
View File
@@ -1,16 +1,11 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
version: 9
includes:
- ci/meta-virtualization.yml
- ci/poky-altcfg.yml
- meta-virtualization.yml
local_conf_header:
meta-virt: |
DISTRO_FEATURES:append = " virtualization xen"
sshd: |
IMAGE_FEATURES:append = " ssh-server-openssh"
target:
- xen-image-minimal
@@ -1,67 +0,0 @@
# **CI for Yocto Project and meta-arm**
# **CI for Yocto Project**
The Yocto Project has an autobuilder that performs nightly builds and image tests on all of the defined QEMU machines, including qemuarm and qemuarm64 Also, it currently runs builds on the hardware reference platforms including genericarm64 and meta-arm mahines fvp-base and sbsa-ref. More information on the autobuilder can be found at <https://autobuilder.yoctoproject.org/>.
More information on the image tests can be found at <https://wiki.yoctoproject.org/wiki/Image_tests>.
The Yocto Project also has the ability to have individual package tests, ptests.  For more information on those, go to <https://wiki.yoctoproject.org/wiki/Ptest>.
# **CI for meta-arm**
meta-arm is using the Gitlab CI infrastructure.  This is currently being done internal to Arm, but an external version can be seen at <https://gitlab.com/jonmason00/meta-arm/-/pipelines>.
This CI is constantly being expanded to provide increased coverage of the software and hardware supported in meta-arm. All platforms are required to add a kas file and `.gitlab-ci.yml` entry as part of the initial patch series. More information on kas can be found at <https://github.com/siemens/kas>.
To this end, it would be wise to run kas locally to verify everything works prior to pushing to the CI build system.
## **Running kas locally**
### **Install kas**
kas can be installed with pip, for example:
```
$ pip3 install --user kas
```
See <https://kas.readthedocs.io/en/latest/userguide/getting-started.html> for information on the dependencies and more.
This assumes that the kas path ($HOME/.local/bin) is in $PATH. If not, the user will need to manually add this or the kas command will not be found.
### **Run kas locally**
```
$ cd ~/meta-arm/
$ kas build kas/juno.yml
```
By default kas will create a build directory under meta-arm to contain the checked out layers, build directory, and downloads.  You can change this by setting environment variables. DL\_DIR and SSTATE\_DIR are respected so these can point at existing directories, and setting KAS\_WORK\_DIR to the directory where repositories are already cloned will save having to re-fetch. This can look something like:
```
$ SSTATE_DIR=/builds/persist/sstate DL_DIR=/builds/persist/downloads kas build ci/qemuarm64.yml:ci/testimage.yml
```
See the [quick start guide](/documentation/quick-start.md) for more information on how to set this up.
## **Locked Revisions in CI with lockfiles**
The CI in meta-arm will generate a kas "lock file" when it starts to ensure that all of the builds checkout the same revision of the various different layers that are used. If this isn't done then there's a chance that a layer will be modified upstream during the CI, which results in some builds failing and some builds passing.
This lock file is saved as an artefact of the update-repos job by the CI, and only generated if it doesn't already exist in the repository. This can be used to force specific revisions of layers to be used instead of HEAD, which can be useful if upstream changes are causing problems in development.
The lockfile.yml can be downloaded manually, but there's a script in meta-arm to fetch the lock file for the latest successful build of the specified branch:
```
$ ./ci/download-lockfile.py --help
usage: download-lockfile.py [-h] server project refspec
positional arguments:
server GitLab server name
project meta-arm project name
refspec Branch/commit
$ ./ci/download-lockfile.py https://gitlab.com/jonmason00/meta-arm master
Fetched lockfile.yml
Commit this lockfile.yml to the top-level of the meta-arm repository and the CI will use it automatically.
```
# **Relevant Links for kas, CI, and testing**
<https://github.com/siemens/kas.git>
<https://wiki.yoctoproject.org/wiki/Oe-selftest>
<https://wiki.yoctoproject.org/wiki/Image_tests>
<https://wiki.yoctoproject.org/wiki/Ptest>
<https://wiki.yoctoproject.org/wiki/BSP_Test_Plan>
-49
View File
@@ -1,49 +0,0 @@
# OEQA on Arm FVPs
OE-Core's [oeqa][OEQA] framework provides a method of performing runtime tests on machines using the `testimage` Yocto task. meta-arm has good support for writing test cases against [Arm FVPs][FVP], meaning the [runfvp][RUNFVP] boot configuration can be re-used.
Tests can be configured to run automatically post-build by setting the variable `TESTIMAGE_AUTO="1"`, e.g. in your Kas file or local.conf.
meta-arm provides the OEFVPTarget which must be set up in the machine configuration:
```
TEST_TARGET = "OEFVPTarget"
TEST_SERVER_IP = "127.0.0.1"
TEST_TARGET_IP = "127.0.0.1:2222"
IMAGE_FEATURES:append = " ssh-server-dropbear"
FVP_CONFIG[bp.virtio_net.hostbridge.userNetPorts] ?= "2222=22"
FVP_CONSOLES[default] = "terminal_0"
FVP_CONSOLES[tf-a] = "s_terminal_0"
```
The test target also generates a log file with the prefix 'fvp_log' in the image recipe's `${WORKDIR}/testimage` containing the FVP's stdout.
OEFVPTarget supports two different test interfaces - SSH and pexpect.
## SSH
As in OEQA in OE-core, tests cases can run commands on the machine using SSH. It therefore requires that an SSH server is installed in the image.
This uses the `run` method on the target, e.g:
```
(status, output) = self.target.run('uname -a')
```
which executes a single command on the target (using `ssh -c`) and returns the status code and the output. It is therefore useful for running tests in a Linux environment.
For examples of test cases, see meta/lib/oeqa/runtime/cases in OE-Core. The majority of test cases depend on `ssh.SSHTest.test_ssh`, which first validates that the SSH connection is functioning.
## pexpect
To support firmware and baremetal testing, OEFVPTarget also allows test cases to make assertions against one or more consoles using the pexpect library.
Internally, this test target launches a [Pexpect][PEXPECT] instance for each entry in FVP_CONSOLES which can be used with the provided alias. The whole Pexpect API is exposed on the target, where the alias is always passed as the first argument, e.g.:
```
self.target.expect('default', r'root@.*\:~#', timeout=30)
self.assertNotIn(b'ERROR:', self.target.before('tf-a'))
```
For an example of a full test case, see meta-arm/lib/oeqa/runtime/cases/linuxboot.py This test case can be used to minimally verify that a machine boots to a Linux shell. The default timeout is 10 minutes, but this can be configured with the variable TEST_FVP_LINUX_BOOT_TIMEOUT, which expects a value in seconds.
[OEQA]: https://docs.yoctoproject.org/test-manual/intro.html
[FVP]: https://developer.arm.com/tools-and-software/simulation-models/fixed-virtual-platforms
[RUNFVP]: runfvp.md
[PEXPECT]: https://pexpect.readthedocs.io/en/stable/overview.html
-105
View File
@@ -1,105 +0,0 @@
# **Yocto Project quick start for Arm system software developers**
If you want to read the The Yocto Project official quick start documentation, go to <https://docs.yoctoproject.org/brief-yoctoprojectqs/index.html>
If that looks like too much reading, then here is how to do it even faster!
# **Step 0: Install build deps and kas**
```
$ sudo apt install gawk wget git diffstat unzip texinfo gcc build-essential chrpath socat cpio python3 python3-pip python3-pexpect xz-utils debianutils iputils-ping python3-git python3-jinja2 libegl1-mesa libsdl1.2-dev python3-subunit mesa-common-dev zstd liblz4-tool file locales libacl1
$ pip install kas
```
OR, if you prefer to use a docker will all that stuff already installed:
```
$ sudo docker run -it --name kas-test --volume /mnt/yocto/:/builds/persist ghcr.io/siemens/kas/kas /bin/bash
```
> **_NOTE:_**
> the “--volume” is the directory where your persistent stuff (like downloads and build artifacts) will go to help speed up your builds and can be sharable amongst your builds/containers.  If you want to go completely clean-room, feel free to remove it
# **Step 1: clone meta-arm and build meta-arm**
```
$ git clone https://git.yoctoproject.org/meta-arm
$ cd meta-arm/
$ SSTATE_DIR=/builds/persist/sstate DL_DIR=/builds/persist/downloads kas build ci/fvp-base.yml:ci/testimage.yml
```
> **_NOTE:_**
> “ci/testimage.yml” will cause the build to run some basic system tests.  If you dont care about verifying basic functionality, then remove it and it should be faster (a few less programs will be added to the system image and the 2-3mins that it takes to run the test will not happen).
> **_NOTE:_**
> You may wish to add the Yocto Project SSTATE Mirror (especially the first time) to speed up the build by downloading the build fragments (built by the Yocto Project autobuilder) from the internet. This can be done by adding "ci/sstate-mirror.yml" in kas or adding the relevant lines to your local.conf. Using the above example:
```
$ SSTATE_DIR=/builds/persist/sstate DL_DIR=/builds/persist/downloads kas build ci/fvp-base.yml:ci/sstate-mirror.yml
```
> **_NOTE:_**
> This only fetches the parts necessary for your build and may take several minutes depending on your internet connection speed. Also, it only fetches what is available. There may still be a need to build things depending on your configuration.
For more information on kas and various commands, please reference <https://kas.readthedocs.io/en/latest/>.
Depending on what software you are building, fvp-base might not be the machine you want to build for.
The following website provides an EXTREMELY rough way to tell what software is in what machines, and what versions are being run:
<https://gitlab.com/jonmason00/meta-arm/-/jobs/artifacts/master/file/update-report/index.html?job=pending-updates>
If, as an example, were wanting to develop trusted-firmware-a; then fvp-base will work for us. 
### **Okay, you are done!  VICTORY!**
### **Oh, you actually wanted to mess around with the system software source code?**
# **Step 2: use devtool to get your source**
Setup your environment via the (non-kas) Yocto Project tools
```
$ source poky/oe-init-build-env
```
Use devtool to checkout the version of software being used on the machine above (in the above example, this will be trusted-firmware-a for fvp-base).
```
$ devtool modify trusted-firmware-a
```
This will download the source, hopefully in git (depending on how the Yocto Project recipe was written), and should print a path at the end where the source code was checked out.  In the trusted-firmware-a example, I got:
> /builder/meta-arm/build/workspace/sources/trusted-firmware-a
Inside of that directory, you should see the relevant source code.  In this example, it is a standard git tree.  So, you can add remotes, checkout different SHAs, etc
Ok, so you are set with your changes and want to build them.
```
$ devtool build trusted-firmware-a
```
This should build the software in question, but it is not yet integrated into a system image.  To do that, run:
```
$ devtool build-image core-image-sato
```
The image should match the image being used on your machine above.  Most of them in meta-arm are set to core-image-sato.  
Also, if you used testimage above, it will run testimage now
### **Okay, you are done!  VICTORY!**
# **Step 3.  Testing your patches outside of devtool**
At this point I will assume you have a patch and want to add it to the base recipe.  Using the above example, in the devtool directory:
```
$ git format-patch -1
0001-example.patch
$ mv 0001-example.patch ~/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/files/
$ cd ~/meta-arm
$ devtool reset trusted-firmware-a
$ echo SRC_URI:append = " file://0001-example.patch" >> meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.10.3.bb
```
> **_NOTE:_**
> there is a space before the “file” and yes it matters very much
At this point, you can go back using kas and verify that the patch works in a clean-ish tree.
```
$ SSTATE_DIR=/builds/persist/sstate DL_DIR=/builds/persist/downloads kas build ci/fvp-base.yml:ci/testimage.yml
```
There is obviously much more that can be done and other ways to do similar things.
## **If there are issues or questions then please ask them on the #meta-arm irc channel on libera.chat**
-43
View File
@@ -1,43 +0,0 @@
# **meta-arm Releases and Branching**
## **Release and Branching background**
The Yocto Project releases twice a year (April and October): "stable" releases are made every six months and have a lifetime of seven months to allow for migration, while "long term support" (LTS) releases are picked every two years starting from Dunfell in April 2020. The standard practice for all Yocto Compatible layers is to create a "named" branch consistent with the code name of that release. For example, the “dunfell” release of the Yocto Project will have a branch named “dunfell” in the official git repository, and layers compatible with dunfell will have a branch named “dunfell”. Thus, a customer can easily organize a collection of appropriate layers to make a product.
In the Yocto Project, these named branches are “stable”, and only take bug fixes or security-critical upgrades. Active development occurs on the master branch. However, this methodology can be problematic if mimicked with the compatible layers. Companies, like Arm, may not wish to release a snapshot of the relevant “master” branches under active development, due to the amount of testing, fixing, and hardening necessary to make a product from a non-stable release. Also, changes to keep the master branch of a layer working with the upstream master branch of the Yocto Project may result in that branch no longer being compatible with named branches (e.g., it might not be possible to mix and match master and dunfell). So, a decision must be made on the branching policy of meta-arm.
## **Adding new Hardware or Software features**
There are many different ways to resolve this issue. After some discussion, the best solution for us is to allow new hardware enablement (and relevant software features) to be included in LTS named branches (not just bug fixes). This will allow for a more stable software platform for software to be developed, tested, and released. Also, the single branch allows for focused testing (limiting the amount of resources needed for CI/CD), lessens/eliminates code diverging on various branches, and lessens confusion on which branch to use. The risk of making this choice is a potentially non-stable branch which will require more frequent testing to lessen the risk, and not following the “stable” methodology of the core Yocto Project layers (though it is not uncommon for BSP layers to behave this way).
## **Process**
The process for patches intended on being integrated into only the master branch is the normal internal process of pushing for code review and CI, approval and integration into upstream meta-arm master branch.
For patches intended on being included in an LTS named branch, the preferred process is to upstream via the master branch, rebase the patch (or series against the intended LTS branch) and send email with the release name in the subject line after the "PATCH" (e.g., "[PATCH dunfell] Add foo to bar").
If there is a time crunch and the preferred way above cannot be completed in time, upstreaming via the LTS branch can occur. This follows the normal process above but without the master integration step. However, any patches upstreamed in this manner must be pushed to master in a timely fashion (after the time crunch). Nagging emails will be sent and managers will be involved as the time grows.
## **Testing**
See [continuous-integration-and-kas.md](/documentation/continuous-integration-and-kas.md) for information how the layer is tested and what tests are run. It is presumed that all code will be compiled as part of the CI process of the gerrit code review. Also, testing on virtual platforms and code conformity checks will be run when enabled in the process.
## **Branching strategy and releases**
Named branches for meta-arm will be released as close as possible to the release of the YP LTS release. Meta-arm named branches will be created from the meta-arm master branch.
To minimize the additional work of maintaining multiple branches it is assumed that there will only be two active development branches at any given time: master and the most recent Long Term Stable (LTS) as the named branch. All previous named LTS branches will be EOLed when a new LTS has been released. Any branches that are EOLed will still exist in the meta-arm, but bug fix patches will be accepted. Limited to no testing will occur on EOLed branches. Exceptions to this can be made, but must be sized appropriately and agreed to by the relevant parties.
Named branch release will coincide with Yocto Project releases. These non-LTS branches will be bug fix only and will be EOLed on the next release (similar to the YP branching behavior).
### **Branch transitions**
When YP is approaching release, meta-arm will attempt to stabilize master so that the releases can coincide.
* T-6 weeks - Email is sent to meta-arm mailing list notifying of upcoming code freeze of features to meta-arm
* T-4 weeks - Code freeze to meta-arm. Only bug fixes are taken at this point.
* T-0 - Official upstream release occurs. With no outstanding critical bugs, a new named branch is created based on the current meta-arm master branch. Previous named branches are now frozen and will not accept new patches (but will continue to be present for reference and legacy usage).
## **Tagging**
### **Branch Tagging**
When each branch is released, a git tag with the Yocto Project version number will be added. For example, `4.3`. Also, this tag version number will be prepended with "yocto" in a duplicate tag (e.g., "yocto-4.3").
Conciding with the Yocto Project release schedule, every branch which has one or more changes added to it in the previous 6 months will get a minor versioned tag (e.g., "4.3.1" and "yocto-4.3.1").
### **BSP Release Tagging**
BSP releases for those boards supported in meta-arm-bsp maybe have an additional tag to denote their software releases. The tag will consist of the board name (in all capital letters), year, and month. For example, "CORSTONE1000-2023.11".
The release schedule for this is outside the standard Yocto Project release candence, but is generally encouraged to be as close to these releases as possible. Similarily, it is recommended the BSP releases be based on the latest LTS branch.
# **Relevant Links**
<https://wiki.yoctoproject.org/wiki/Releases>
-141
View File
@@ -1,141 +0,0 @@
# Running Images with a FVP
The `runfvp` tool in meta-arm makes it easy to run Yocto Project disk images inside a [Fixed Virtual Platform (FVP)][FVP]. Some FVPs, such as the [Arm Architecture Models][AEM], are available free to download, but others need registration or are only available commercially. The `fvp-base` machine in meta-arm-bsp uses one of these AEM models.
## Running images with `runfvp`
To build images with the FVP integration, the `fvpboot` image class needs to be inherited. If the machine does not do this explicitly it can be done in `local.conf`:
```
IMAGE_CLASSES += "fvpboot"
```
The class will download the correct FVP and write a `.fvpconf` configuration file when an image is built.
To run an image in a FVP, pass either a machine name or a `.fvpconf` path to `runfvp`.
```
$ ./meta-arm/scripts/runfvp tmp/deploy/images/fvp-base/core-image-minimal-fvp-base.fvpconf
```
When a machine name is passed, `runfvp` will start the latest image that has been built for that machine. This requires that the BitBake environment has been initialized (using `oe-init-build-env` or similar) as it will start BitBake to determine where the images are.
```
$ ./meta-arm/scripts/runfvp fvp-base
```
Note that currently meta-arm's `scripts` directory isn't in `PATH`, so a full path needs to be used.
`runfvp` will automatically start terminals connected to each of the serial ports that the machine specifies. This can be controlled by using the `--terminals` option, for example `--terminals=none` will mean no terminals are started, and `--terminals=tmux` will start the terminals in [`tmux`][tmux] sessions. Alternatively, passing `--console` will connect the serial port directly to the current session, without needing to open further windows.
The default terminal can also be configured by writing a [INI-style][INI] configuration file to `~/.config/runfvp.conf`:
```
[RunFVP]
Terminal=tmux
```
Arbitrary options can be passed directly to the FVP by specifying them after a double dash, for example this will list all of the FVP parameters:
```
$ runfvp fvp-base -- --list-params
```
## Configuring machines with `fvpboot`
To configure a machine so that it can be ran inside `runfvp`, a number of variables need to be set in the machine configuration file (such as `meta-arm-bsp/conf/machine/fvp-base.conf`).
Note that at present these variables are not stable and their behaviour may be changed in the future.
### `FVP_EXE`
The name of the FVP binary itself, for example `fvp-base` uses `FVP_Base_RevC-2xAEMvA`.
### `FVP_PROVIDER`
The name of the recipe that provides the FVP executable set in `FVP_EXE`, for example `fvp-base` uses `fvp-base-a-aem-native`. This *must* be a `-native` recipe as the binary will be executed on the build host.
There are recipes for common FVPs in meta-arm already, and writing new recipes is trivial. For FVPs which are free to download `fvp-base-a-aem.bb` is a good example. Some FVPs must be downloaded separately as they need an account on Arm's website.
If `FVP_PROVIDER` is not set then it is assumed that `FVP_EXE` is installed on the host already.
### `FVP_BINDIR`
Optional parameter to configure the path of the FVP binary. For example, `fvp-base` uses path from the build host by default. This path can be customized by configuring like below.
```
FVP_BINDIR ?= "utilities/fvp/usr/bin"
```
Potential use case for this parameter configuration is to execute `runfvp` script without the need for bitbake environment initialization.
### `FVP_CONFIG`
Parameters passed to the FVP with the `--parameter`/`-C` option. These are expressed as variable flags so individual parameters can be altered easily. For example:
```
FVP_CONFIG[bp.flashloader0.fname] = "fip-fvp.bin"
```
### `FVP_DATA`
Specify raw data to load at the specified address, passed to the FVP with the `--data` option. This is a space-separated list of parameters in the format `[INST=]FILE@[MEMSPACE:]ADDRESS`. For example:
```
FVP_DATA = "cluster0.cpu0=Image@0x80080000 \
cluster0.cpu0=fvp-base-revc.dtb@0x83000000"
```
### `FVP_APPLICATIONS`
Applications to load on the cores, passed to the FVP with the `--application` option. These are expressed as variable flags with the flag name being the instance and flag value the filename, for example:
```
FVP_APPLICATIONS[cluster0] = "linux-system.axf"
```
Note that symbols are not allowed in flag names, so if you need to use a wildcard in the instance then you'll need to use `FVP_EXTRA_ARGS` and `--application` directly.
### `FVP_TERMINALS`
Map hardware serial ports to abstract names. For example the `FVP_Base_RevC-2xAEMvA` FVP exposes four serial ports, `terminal_0` to `terminal_3`. Typically only `terminal_0` is used in the `fvp-base` machine so this can be named `"Console"` and the others `""`. When runfvp starts terminals it will only start named serial ports, so instead of opening four windows where only one is useful, it will only open one.
For example:
```
FVP_TERMINALS[bp.terminal_0] = "Console"
FVP_TERMINALS[bp.terminal_1] = ""
FVP_TERMINALS[bp.terminal_2] = ""
FVP_TERMINALS[bp.terminal_3] = ""
```
### `FVP_CONSOLES`
This specifies what serial ports can be used in oeqa tests, along with an alias to be used in the test cases. Note that the values have to be the FVP identifier but without the board prefix, for example:
```
FVP_CONSOLES[default] = "terminal_0"
FVP_CONSOLES[tf-a] = "s_terminal_0"
```
The 'default' console is also used when `--console` is passed to runfvp.
### `FVP_EXTRA_ARGS`
Arbitrary extra arguments that are passed directly to the FVP. For example:
```
FVP_EXTRA_ARGS = "--simlimit 60"
```
### `FVP_ENV_PASSTHROUGH`
The FVP is launched with an isolated set of environment variables. Add the name of a Bitbake variable to this list to pass it through to the FVP environment. For example:
```
FVP_ENV_PASSTHROUGH = "ARMLMD_LICENSE_FILE FM_TRACE_PLUGINS"
```
[AEM]: https://developer.arm.com/tools-and-software/simulation-models/fixed-virtual-platforms/arm-ecosystem-models
[FVP]: https://developer.arm.com/tools-and-software/simulation-models/fixed-virtual-platforms
[tmux]: https://tmux.github.io/
[INI]: https://docs.python.org/3/library/configparser.html
-81
View File
@@ -1,81 +0,0 @@
# The Trusted Services: framework for developing root-of-trust services
meta-arm layer includes recipes for [Trusted Services][^1] Secure Partitions and Normal World applications
in `meta-arm/recipes-security/trusted-services`
## Secure Partitions recipes
We define dedicated recipes for all supported Trusted Services (TS) Secure Partitions.
These recipes produce ELF and DTB files for SPs.
These files are automatically included into optee-os image accordingly to defined MACHINE_FEATURES.
### How to include TS SPs
To include TS SPs into optee-os image you need to add into MACHINE_FEATURES
features for each [Secure Partition][^2] you would like to include:
| Secure Partition | MACHINE_FEATURE |
| ----------------- | --------------- |
| Attestation | ts-attesation |
| Crypto | ts-crypto |
| Firmware Update | ts-fwu
| Internal Storage | ts-its |
| Protected Storage | ts-storage |
| se-proxy | ts-se-proxy |
| smm-gateway | ts-smm-gateway |
| spm-test[1-4] | optee-spmc-test |
| Logging | ts-logging |
Other steps depend on your machine/platform definition:
1. For communications between Secure and Normal Words Linux kernel option `CONFIG_ARM_FFA_TRANSPORT=y`
is required. If your platform doesn't include it already you can add `arm-ffa` into MACHINE_FEATURES.
(Please see ` meta-arm/recipes-kernel/arm-tstee`.)
For running the `uefi-test` or the `xtest -t ffa_spmc` tests under Linux the `arm-ffa-user` drivel is required. This is
enabled if the `ts-smm-gateway` and/or the `optee-spmc-test` machine features are enabled.
(Please see ` meta-arm/recipes-kernel/arm-ffa-user`.)
2. optee-os might require platform specific OP-TEE build parameters (for example what SEL the SPM Core is implemented at).
You can find examples in `meta-arm/recipes-security/optee/optee-os_%.bbappend` for qemuarm64-secureboot machine
and in `meta-arm-bsp/recipes-security/optee/optee-os-corstone1000-common.inc` for the Corstone1000 platform.
3. trusted-firmware-a might require platform specific TF-A build parameters (SPD and SPMC details on the platform).
See `meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend` for qemuarm64-secureboot machine
and in `meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone1000.inc` for theCorstone1000 platform.
4. Trusted Services supports an SPMC agonistic binary format. To build SPs to this format the `TS_ENV` variable is to be
set to `sp`. The resulting SP binaries should be able to boot under any FF-A v1.1 compliant SPMC implementation.
## Normal World applications
Optionally for testing purposes you can add `packagegroup-ts-tests` into your image. It includes
[Trusted Services test and demo tools][^3] and [xtest][^4] configured to include the `ffa_spmc` tests.
## OEQA Trusted Services tests
meta-arm also includes Trusted Service OEQA tests which can be used for automated testing.
See `ci/trusted-services.yml` for an example how to include them into an image.
## Configuration options
Some TS recipes support yocto variables to set build configuration. These variables can be set in .conf files (machine
specific or local.conf), or .bbappend files.
SmmGW SP recipe supports the following configuration variables
| Variable name | Type | Description |
|-----------------------|------|--------------------------------------------------------------------------------------------------------|
| SMMGW_AUTH_VAR | Bool | Enable Authenticated variable support |
| SMMGW_INTERNAL_CRYPTO | Bool | Use MbedTLS build into SmmGW for authentication related crypto operations. Depends on SMMGW_AUTH_VAR=1 |
------
[^1]: https://trusted-services.readthedocs.io/en/integration/overview/index.html
[^2]: https://trusted-services.readthedocs.io/en/integration/deployments/secure-partitions.html
[^3]: https://trusted-services.readthedocs.io/en/integration/deployments/test-executables.html
[^4]: https://optee.readthedocs.io/en/latest/building/gits/optee_test.html
-12
View File
@@ -1,12 +0,0 @@
header:
version: 13
repos:
meta-arm:
layers:
meta-arm-systemready:
distro: nodistro
target:
- arm-systemready-firmware
-12
View File
@@ -1,12 +0,0 @@
header:
version: 13
includes:
- kas/arm-systemready-firmware.yml
env:
TESTIMAGE_AUTO: "1"
# The full testimage run typically takes around 12-24h on fvp-base.
TEST_OVERALL_TIMEOUT: "${@ 24*60*60}"
target:
- arm-systemready-ir-acs
@@ -1,8 +0,0 @@
header:
version: 13
includes:
- kas/arm-systemready-firmware.yml
- kas/arm-systemready-linux-distros-unattended-installation.yml
target:
- arm-systemready-linux-distros-debian
@@ -1,8 +0,0 @@
header:
version: 16
includes:
- kas/arm-systemready-firmware.yml
- kas/arm-systemready-linux-distros-unattended-installation.yml
target:
- arm-systemready-linux-distros-fedora
@@ -1,8 +0,0 @@
header:
version: 13
includes:
- kas/arm-systemready-firmware.yml
- kas/arm-systemready-linux-distros-unattended-installation.yml
target:
- arm-systemready-linux-distros-opensuse
@@ -1,11 +0,0 @@
header:
version: 16
env:
DISTRO_UNATTENDED_INST_TESTS:
# The full testimage run typically takes around 12-24h on fvp-base.
TEST_OVERALL_TIMEOUT: "${@ 24*60*60}"
local_conf_header:
systemready-unattended-inst: |
TESTIMAGE_AUTO = "${@oe.utils.vartrue("DISTRO_UNATTENDED_INST_TESTS", "1", "", d)}"
-19
View File
@@ -1,19 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
local_conf_header:
a320: |
MACHINE_FEATURES += "cortexa320"
OVERRIDES .= ":cortexa320"
repos:
meta-ethos:
url: https://gitlab.arm.com/iot/meta-ethos.git
branch: whinlatter
commit: b919565c36b89af2ba61cc28024da633a9fae0da
meta-sca:
url: https://github.com/priv-kweihmann/meta-sca.git
branch: master
commit: e68f1a9d17553a2a1b5b20962749f90482112a3f
+17 -33
View File
@@ -1,59 +1,43 @@
header:
version: 14
version: 11
distro: poky
distro: poky-tiny
defaults:
repos:
branch: master
refspec: honister
repos:
bitbake:
url: https://git.openembedded.org/bitbake
commit: 0dde1a3ff852be057be40d17f233ecca19e7b389
layers:
bitbake: disabled
core:
url: https://git.openembedded.org/openembedded-core
commit: 4bd920ad7d7279020ea6e561d0584ae70f33f751
layers:
meta:
meta-yocto:
url: https://git.yoctoproject.org/meta-yocto
commit: b3b659263566c4d2f2813190e72d93f8598a4c47
layers:
meta-poky:
meta-arm:
layers:
meta-arm:
meta-arm-bsp:
meta-arm-toolchain:
poky:
url: https://git.yoctoproject.org/git/poky
refspec: b6b0af0889de9da0e4128cef8c9069b770b7d5a0
layers:
meta:
meta-poky:
meta-yocto-bsp:
meta-openembedded:
url: https://git.openembedded.org/meta-openembedded
commit: fc0152e434307b98e1d16251f92ed81ac617c1db
refspec: ad52a41de8b4b7d619d1376d0a0090ebcfff56da
layers:
meta-oe:
meta-python:
meta-perl:
meta-secure-core:
url: https://github.com/wind-river/meta-secure-core.git
commit: 63209fb1500cee88d5d4d74669bce4b613c03ff7
layers:
meta-secure-core-common:
meta-signing-key:
meta-efi-secure-boot:
meta-arm-image:
url: https://git.gitlab.arm.com/arm-reference-solutions/meta-arm-image.git
refspec: 9f611833ef58394b707836d69356c4e27d0265fc
local_conf_header:
base: |
CONF_VERSION = "2"
setup: |
PACKAGE_CLASSES = "package_ipk"
LICENSE_FLAGS_WHITELIST += "armcompiler"
BB_NUMBER_THREADS ?= "16"
PARALLEL_MAKE ?= "-j16"
PACKAGECONFIG:append:pn-perf = " coresight"
@@ -61,4 +45,4 @@ local_conf_header:
machine: unset
target:
- corstone1000-flash-firmware-image
- corstone1000-image
-9
View File
@@ -1,9 +0,0 @@
header:
version: 14
local_conf_header:
extsys: |
MACHINE_FEATURES += "corstone1000-extsys"
# external system firmware
CORE_IMAGE_EXTRA_INSTALL:firmware += "external-system-elf"
-23
View File
@@ -1,23 +0,0 @@
---
header:
version: 14
local_conf_header:
firmwarebuild: |
BBMULTICONFIG:remove = "firmware"
# Need to ensure the rescue linux options are selected
OVERRIDES .= ":firmware"
# Need to ensure we build with a small libc
TCLIBC = "musl"
mass-storage: |
# Ensure the Mass Storage device is absent
FVP_CONFIG[board.msd_mmc.p_mmc_file] = "invalid.dat"
test-configuration: |
TEST_SUITES = "_qemutiny ping"
# Remove Dropbear SSH as it will not fit into the corstone1000 image.
IMAGE_FEATURES:remove = "ssh-server-dropbear"
CORE_IMAGE_EXTRA_INSTALL:remove = "ssh-pregen-hostkeys"
-8
View File
@@ -1,8 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
header:
version: 14
local_conf_header:
fvp-multicore: |
MACHINE_FEATURES += "corstone1000_fvp_smp"
+17 -16
View File
@@ -1,22 +1,23 @@
header:
version: 14
version: 11
includes:
- kas/corstone1000-base.yml
- kas/corstone1000-image-configuration.yml
- kas/corstone1000-firmware-only.yml
- kas/fvp-eula.yml
env:
DISPLAY:
WAYLAND_DISPLAY:
XAUTHORITY:
local_conf_header:
testimagefvp: |
IMAGE_CLASSES += "fvpboot"
mass-storage: |
# Ensure the Mass Storage device is absent
FVP_CONFIG[board.msd_mmc.p_mmc_file] = "invalid.dat"
repos:
run-scripts:
url: https://git.gitlab.arm.com/arm-reference-solutions/model-scripts.git
refspec: b40b4227fe6b6fc8e4b688db8928f4be76e94eb7
layers:
.: 'excluded'
machine: corstone1000-fvp
local_conf_header:
fvp-config: |
# Remove Dropbear SSH as it will not fit into the corstone1000 image.
IMAGE_FEATURES:remove = " ssh-server-dropbear"
INHERIT = " ${@bb.utils.contains('BUILD_ARCH', 'x86_64', 'fvpboot', '', d)}"
LICENSE_FLAGS_WHITELIST:append = " Arm-FVP-EULA"
target:
- corstone1000-image

Some files were not shown because too many files have changed in this diff Show More