There are some objects in the FVP binary that are assembler source and
fail to declare what permissions the stack needs to have, so GCC falls
back to assuming that the final binary needs an executable stack.
glibc 2.41 (as now used in uninative) introduces changes here[1]: whether
to have an executable stack or not when the binary doesn't specify a
need (defaults to executable, but this is a tunable), and any binaries
that are dlopen()ed that require an executable stack will fail.
Thus, some FVPs on some platforms (notable, fvp-base-a-aem on x86-64)
now fail on startup:
libarmctmodel.so: cannot enable executable stack as shared object requires: Invalid argument
Luckily the solution here is to simply clear the executable bit, as
an executable stack is not actually needed. Until a new release of the
FVP is made we can fix the binary in our package using execstack.
[1] https://lists.gnu.org/archive/html/info-gnu/2025-01/msg00014.html
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add a recipe for the execstack binary from prelink-cross. This tool is
used to manipulate the GNU_STACK segment in ELF binaries, specifically
to control whether the binary requests an executable stack or not.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The download filename wasn't versioned so multiple versions would write
to the same file on disk and conflict, causing repeated downloads and
fetch failures.
Add the PV to the filename on disk to resolve this.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The same tee-supplicant is available in the meta-arm layer
along with the recipe.
| meta-arm/recipes-security/optee/optee-client
| meta-arm/recipes-security/optee/optee-client/tee-supplicant.sh
| meta-arm/recipes-security/optee/optee-client/tee-supplicant@.service
| meta-arm/recipes-security/optee/optee-client.inc
| meta-arm/recipes-security/optee/optee-client_4.1.0.bb
Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
Signed-off-by: Jon Mason <jon.mason@arm.com>
On some architectures (namely Aarch64), glibc may provide a libmvec
library since glibc 2.22, which programs built with gcc OpenMP
support might get linked to.
In order for these programs to work on the target, we need to copy this
library to the target filesystem.
Make sure that libmvec.so symlink is correct with or without usermerge
enabled otherwise libmvec.so symlink is broken.
For more details on libmvec, see
https://sourceware.org/glibc/wiki/libmvec.
(cherry picked from commit de47f836e2)
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Acked-by: Denys Dmytriyenko <denys@konsulko.com>
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Jon Mason <jon.mason@arm.com>
usrmerge nowaday required by systemd [1] but it broke
external-arm-toolchain in several ways...
When usrmerge is enabled, /lib is no longer part of SYSROOT_DIRS list
while the prebuilt toolchain expect the dynamic loader to be placed in
/lib not /usr/lib.
There is no /lib directory in the per-package sysroot directory
generated to build each package:
[...]/build/tmp/sysroots-components/<target>/<package>/
sysroot-providers/ usr/
But the cross-compiler still generate binaries with dynamic loarder
path set to "/lib/ld-linux-<target>.so*"
strings sanitycheckc_cross.exe | grep ld
/lib/ld-linux-aarch64.so.1
A symlink /lib -> /usr/lib is crated in the final rootfs image.
But this broke the meson-qemuwrapper used when "qemu-usermode"
(MACHINE_FEATURES) is available:
See [2]:
do_write_config:append:class-target() {
# Write out a qemu wrapper that will be used as exe_wrapper so that meson
# can run target helper binaries through that.
qemu_binary="${@qemu_wrapper_cmdline(d, '$STAGING_DIR_HOST', ['$STAGING_DIR_HOST/${libdir}','$STAGING_DIR_HOST/${base_libdir}'])}"
It produce a runtime issue while running a meson sanity check:
meson-qemuwrapper [...]/build/meson-private/sanitycheckc_cross.exe
qemu-aarch64: Could not open '/lib/ld-linux-aarch64.so.1': No such file or directory
Note: The binaries build by the Yocto internal toolchain seems be "patched" [3]
to look at /usr/lib instead of /lib.
We use -Wl,--dynamic-linker to make sure that the cross-compiler
generate binaries using the dynamic loader path defined by usrmerge
for all packages build by Yocto.
[1] https://git.openembedded.org/openembedded-core/commit/?id=802e853eeddf16d73db1900546cc5f045d1fb7ed
[2] https://git.openembedded.org/openembedded-core/tree/meta/classes-recipe/meson.bbclass?h=2024-04.3-scarthgap#n130
[3] https://github.com/openembedded/openembedded-core/blob/scarthgap/meta/recipes-devtools/gcc/gcc/0007-Define-GLIBC_DYNAMIC_LINKER-and-UCLIBC_DYNAMIC_LINKE.patch
(cherry picked from commit cb4c0c9a93)
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Acked-by: Denys Dmytriyenko <denys@konsulko.com>
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Jon Mason <jon.mason@arm.com>
When `usrmerge` distro feature is not enabled, then `${base_libdir}`
resolves to `/lib` and `/lib/libpthread*.so` does not match any files.
But, with `usrmerge` distro feature, `${base_libdir}` is `/usr/lib`, so
removed line leads to `/usr/lib/libpthread.so` symlink included in
`${PN}` which causes QA check failure.
(cherry picked from commit 8634bdc2f2)
Signed-off-by: Vasyl Vavrychuk <vvavrychuk@gmail.com>
Acked-by: Denys Dmytriyenko <denys@konsulko.com>
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Jon Mason <jon.mason@arm.com>
With `usrmerge` disto feature `base_libdir` and `libdir` are the same,
so it does not make sense to:
* removing "duplicates" between them
* move files from `base_libdir` to `libdir`
This fixes build error
| mv: '.../tmp/work/cortexa15t2hf-neon-poky-linux-gnueabi/external-arm-toolchain/12.2.Rel1/image/usr/lib/libasan.a' and '.../tmp/work/cortexa15t2hf-neon-poky-linux-gnueabi/external-arm-toolchain/12.2.Rel1/image/usr/lib/libasan.a' are the same file
in case of `usrmerge` feature enabled.
(cherry picked from commit 98eea62962)
Signed-off-by: Vasyl Vavrychuk <vvavrychuk@gmail.com>
Acked-by: Denys Dmytriyenko <denys@konsulko.com>
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Jon Mason <jon.mason@arm.com>
oe-core master now has 6.6.54 which incorporates this patch, so we don't
need to carry it anymore.
This reverts commit 60fd47edd0.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The current code is waiting 5 seconds to get an EOF on the
console pexpect spawn object, on a particularly slow machine
this timeout was not enough ending up into a TIMEOUT exception.
To solve this, increase the timeout and handle the TIMEOUT exception
by printing an error on the debug console instead of letting the
exception raise up to the stack, force the spawn object close() call
as well, since at this stage we would like the process to terminate
anyway.
Signed-off-by: Luca Fancellu <luca.fancellu@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
util-linux is failing when compiling with:
| configure: error: libmount_mountfd_support selected, but required mount FDs based API not available
Remove this feature when building with the binary toolchain to avoid
this issue.
Acked-by: Denys Dmytriyenko <denys@konsulko.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The Application Root of Trust and the PSA Root of Trust was not
isolated in TF-M Isolation Level 2 beacuse of the misconfiguration of
the MPU. The added patch fixes this issue.
Fixes: a8f47e9 (arm-bsp/trusted-firmware-m: corstone1000: update to 2.0)
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Create new yml file "corstone1000-extsys.yml" which adds "corstone1000-extsys" as
new MACHINE_FEATURE.
Based on this, external system components can be enabled or disabled from the
Linux Kernel and U-Boot.
Reason for change:
DT-schema test is failing for the SystemReady-IR v2.0 certification because
device tree binding for remoteproc dts node corresponds to external system has
not been upstreamed in the Linux Kernel yet.
So, it has been decided to make enablement of external system configurable in
order to make Corstone1000 FVP SystemReady-IR v2.0 certifiable.
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Currently the run_cmd, which is a wrapper for self.target.run()
that uses SSH to spawn commands on the target, can fail spuriously
with error 255 and cause the test to fail on slow systems.
In order to address that, introduce a retry mechanism for the call,
that is able to wait some time for the system to settle and retry
the command when the error code from SSH is 255.
Signed-off-by: Luca Fancellu <luca.fancellu@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Define “DISTRO_UNATTENDED_INST_TESTS” variable in meta-arm-systemready
independently from meta-arm-auto-solutions. This will allow running
the unattended installation without meta-arm-auto-solutions.
Signed-off-by: Amr Mohamed <amr.mohamed@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The oeqa test responds to the boot loader prompt error message and
waits till the distro installation is finished.
Signed-off-by: Amr Mohamed <amr.mohamed@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add the Fedora kickstart configuration file and define a function to
modify the unpacked ISO image to add the kickstart file inside and
modify the grub.cfg file.
Signed-off-by: Amr Mohamed <amr.mohamed@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add a new inc file to unpack and repack the distro ISO image after
adding the kickstart configuration file inside.
Signed-off-by: Amr Mohamed <amr.mohamed@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Change defaults repo refspec in fvp-base.yml file from master to
scarthgap.
Signed-off-by: Amr Mohamed <amr.mohamed@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This patch enables logging with timestamps for individual pexpect
assertions to ease the debugging of failed tests and the tuning of
timeouts. It measures the execution time of all pexpect calls and logs
the actual duration for each.
Only "callable" pexpect calls are timed (e.g. expect, sendline, but not
before or after).
Signed-off-by: Divin Raj <divin.raj@arm.com>
Signed-off-by: Ziad Elhanafy <ziad.elhanafy@arm.com>
Signed-off-by: Peter Hoyes <peter.hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This procps fix has been merged upstream in oe-core aaced482, so we can
remove this patch now.
This reverts commit fef5eafc08.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Add Fedora distribution version 39.1.5 installation to fulfill
the SystemReady IR.
Signed-off-by: Amr Mohamed <amr.mohamed@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Improve the documentation in the user guide of the following tests:
- SystemReady-IR tests
- Manual capsule update and ESRT checks
- Linux distros tests
- UEFI Secureboot (SB) test
- PSA API tests
In addition, we moved the tests in one section for better readability.
Signed-off-by: Delane Brandy <delane.brandy@arm.com>
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This flag should not be set here and the ARM_FVP_EULA_ACCEPT
should be set to True manually before building for the FVP, as it is
mentioned in the Corstone-1000 User guide:
export ARM_FVP_EULA_ACCEPT="True"
Fixes: 6e2a54748 ("kas: Corstone-1000 kas files updated")
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The BB_HASHSERVE_UPSTREAM has issues which cause significantly less of a
match than expected. Update with the correct values to get the expected
behavior.
Fixes: 6e9525115b ("CI: add Yocto Project SSTATE Mirror")
Signed-off-by: Jon Mason <jon.mason@arm.com>
The reset has to be removed from the TF-M side after capsule update
because it caused data abort exceptions on the host side.
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
The default branch will be scarthgap so the poky and
openembedded will follow this branch.
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The buffer size has to be increased to fit the EFI variables which got
increased metadata sizes.
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The increased EFI variable metadata need bigger buffer so it can
be transfered to the Secure Enclave without memory overflow
issues. The heap and buffer sizes had to be aligned with the.
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The private authenticated variable changes increased the variables
metadata. The PS max asset size and related buffer sizes have to be
increased because of this.
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
OPTEE and ftpm tests are failing in CI on slower systems due to timing
out, but actually finish when given enough time to complete. Increase
the timeout value to be roughly 100 seconds longer than the time it is
currently taking to finish on the slower systems.
Fixes: d450786667 ("oeqa runtime: add optee.py test")
Fixes: ba315f7242 ("oeqa runtime: add ftpm.py test")
Signed-off-by: Jon Mason <jon.mason@arm.com>
Upgrade the openSUSE distribution from version 15.4 to version 15.5
openSUSE Licenses updated to reflect update from 15.4 to 15.5
License now includes: Apache-1.1, BSL-1.0, IPL-1.0, Sleepycat, Zlib
Signed-off-by: Ben Cownley <ben.cownley@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This changeset updates the user guide to test the secureboot for both the
FVP and FPGA.
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The psa-iat-api-test was failing because the PLATFORM_HAS_ATTEST_PK
flag was added to the build for Corstone1000.
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Crypto-AEAD-APIs tests fails on mps3. Configures CC312 mps3 model
same as predefined cc312 FVP configuration while keeping debug
ports closed.
Signed-off-by: Ali Can Ozaslan <ali.oezaslan@arm.com>
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Corstone1000 does not properly clean the cache and disable gic interrupts
before the reset. This causes a race condition especially in FVP after reset.
This adds proper sequence before resetting the platform.
Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Some networks limit outgoing git: traffic, so use https:.
Fixes: 0cec3e5 ("arm/gem5/boot-wrapper-aarch64: Move main recipe to meta-arm")
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Includes TS and PSA dependency for firmware image build.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Recent changes to the FVP Base homepage have caused it to no longer be
searchable with the current Yocto tooling. Disable it to prevent issues
with `devtool check-upgrade-status`.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add corstone1000-recovery-image image based on core-image-minimal
while disabling the testimage task which is irrelevant in case of
an initramfs bundle.
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Corstone-1000 no longer uses OpenAMP, and it was the only platform
which needed this library.
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Corstone-1000 no longer uses OpenAMP, and it was the only platform
which needed this library.
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The OpenAMP is replaced by the RSE Communication Protocol and
the documentation had to by updated to reflect this change.
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Added the Corstone-1000 FVP platform to the ACS test build as well as
adding the arm-systemready-firmware variant to the Corstone-1000 FVP
build.
Signed-off-by: Drew Reed <Drew.Reed@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update the Corstone-1000 user guide with the new instructions on how to
build/use an ESP image and how to use the meta-arm-systemready layer to
run the ACS tests.
Signed-off-by: Drew Reed <Drew.Reed@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The SystemReady IR ACS test suite require that there is a valid ESP
partition available to the system. This change creates a new image that
only contains a ESP partition and ensures it's mounted on the second MMC
card so it's available when the SystemReady tests run.
The diagnostic level of the 2 MMC cards have also been lowered to
improve the ACS test duration.
Corrected a spelling mistake in the corstone1000-flash-firmware-image.bb
file.
Signed-off-by: Drew Reed <Drew.Reed@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Added the missing meta-arm-systemready required variable to enable its
use with the corstone1000-fvp machine. Also explicitly set all the
consoles.
Signed-off-by: Drew Reed <Drew.Reed@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The nodistro settings in poky set the TMPDIR variable to include the
TCLIBC value so we need to spot that and swap the TCLIBC for the musl
one used in the firmware multiconfig.
Signed-off-by: Drew Reed <Drew.Reed@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The regex used to validate compatible machines is incorrect as it's only
checking the machine name starts with "fvp" not "fvp-" as intended.
It's also been modified to allow FVPs called xxx-fvp to be compatible
with Corstone-1000.
Signed-off-by: Drew Reed <Drew.Reed@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
After enabling additional features in Trusted Services, the size of BL32
image (OP-TEE + Trusted Services SPs) is larger now. To create more space
in secure RAM for BL32 image, this patch removes NS_SHARED_RAM region which
is not currently used by corstone1000 platform.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This change enables the UEFI secure boot and its related configurations
for corstone1000
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The .nopt and capsule are generated during the yocto build. Sync the
documentation with the changes.
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Currently, only the Corstone-1000 platform uses the capsule generation
class. Corstone-1000 uses U-Boot instead of EDK2. With this change,
the dependency on EDK2 was removed.
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The .nopt image is used during the UEFI Update Capsule generation.
This .nopt image was generated manually when it was needed.
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
optee-os test xtest needs additional test trusted applications (TA) from
optee-os-ta package to pass. Execution time for ftpm test is around 21
seconds and 596 seconds for optee-test/xtest on an x86_64 build machine.
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
optee-os test xtest needs additional test trusted applications (TA) from
optee-os-ta package to pass. Execution time for ftpm test is around 18
seconds and 430 seconds for optee-test/xtest on an x86_64 build machine.
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Test checks that ftpm kernel driver interfaces are available.
If fTPM optee TA is missing or crashes, the kernel driver does not
show the interfaces. A more functional tests would be to use tpm2-tools
from meta-security/meta-tpm but those require additional layer
dependencies which are maybe too much for now. tpm2-tools also depend
on starting tpm2-abrmd before the tools work. The ftpm kernel driver
depends on fully running tee-supplicant in userspace and the optee
side ftpm TA which takes some time. When manually running the tests
some of them failed since ftpm was not yet initialized. The boot
was not complete in those cases so added a workaround for that.
Better would be for all of the tests to start only once boot is
complete, not when ssh is available. Also, the qemuarm64-secureboot
machine includes optee and ftpm TA but does u-boot is not configured
to use the TPM device so boot is not measured.
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
If firmware TPM TA is compiled into optee, it needs a bit more
heap to pass optee-test/xtest suite.
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
All other firmware boot components also continue booting
if TPM is not found. It is up to subsequent SW components
to e.g. fail if rootfs can't be decrypted. Enables policies
like fall back to unencrypted rootfs if TPM device is
not found with qemu and swtpm.
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
There are two recipes in meta-arm-systemready that download ISOs for
testing purposes. Build them in CI to verify that the fetch is
successful.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
These recipes look like images but are not constructed the same way,
specifically there is no WORKDIR/rootfs/ directory. If buildhistory is
enabled this will cause it to abort, so disable image data collection in
buildhistory.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
We recently switched the CI to not disable ptest, but this breaks builds
that use the GCC binaries built by Arm (external-arm-toolchain). This is
because the external-arm-toolchain recipe can't build packages for the
target, and the standard oe-core gcc recipes assume that they're being
built with themselves and make assumptions, specifically that libunwind
was enabled and headers can be copied directly from the sysroot.
This is a bigger problem that should be solved somehow, but for now we
can just remove ptest in the external-gccarm CI jobs which removes gcc
from the builds (it comes in via elfutils-ptest RDEPENDS).
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Functions that take 32-bit time_t types are unavoidable in the libc, so
ignore the warnings.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Reviewed-by: Denys Dmytriyenko <denis@denix.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This patch will be merged upstream soon, apply it locally to unblock CI.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add YAML language server comments so that IDEs know what schema to use
for the Kas files.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
trusted_services.py:test_15_crypto_service runs ts-service test with
an incorrect argument list. The -g argument does not accept two group
names. This resulted in a silent failure.
Fix this by relying the pattern matching capability of the argument.
Additionaly remove references to OP-TEE from test messages as TS tests
are SPMC agonistic.
Signed-off-by: Gyorgy Szing <gyorgy.szing@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update TS and dependencies to latest version of the integration branch.
Remove patches merged upstream.
Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add a recipe to enable building and deploying the FWU service
implemented in the Trusted Services Project. The FWU service can
help vendors to meet PSA certification requirements.
Signed-off-by: Gyorgy Szing <gyorgy.szing@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Due to how the timer in u-boot is implemented, it's quite possible for
a two second timeout in the u-boot login to actually take over 15s to
expire.
Take a patch from the mailing list to implement this differently so the
timer runs in an accurate amount of time.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
add support for the remoteproc control feature for the external system
With this feature we can switch on/off the external system on demand:
echo stop > /sys/class/remoteproc/remoteproc0/state
echo start > /sys/class/remoteproc/remoteproc0/state
During Linux boot the remoteproc subsystem automatically start
the external system. The user can use the commands above to
stop then start the remote core.
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
describe the external system as a remoteproc node in the device tree
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
install the external system binaries under /lib/firmware
The kernel's remoteproc subsystem expects the firmware file to be under /lib/firmware
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
When trying to replicate a build locally, having the exact list of Kas
files that was used is very useful.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add the Yocto Project public SSTATE mirror to its own unique yml file.
This allows for developers to use this to speed up builds, while not
adding in the default case. This "off by default" is because it can add
10s of minutes to each build, which might not be beneficial to those who
are using SSTATE dir locally.
Also, removing the removal ptest distro feature, as this change prevents
an optimal usage of the YP SSTATE mirror (~30% match to ~90% match for
qemuarm64).
Signed-off-by: Jon Mason <jon.mason@arm.com>
These BSPs are now obsolete.
Users of generic-arm64 should use genericarm64 from meta-yocto-bsp.
Users of qemu-generic-arm64 should use sbsa-ref from meta-arm-bsp.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This is mostly based on the existing qemu-generic-arm64 machine, but by
not being based on the genericarm64 and instead being specifically a
machine to run on the qemu sbsa-ref machine we get to tune differently.
Specifically, this configures sbsa-ref to be a Neoverse N2 (v9), and the
tune is set to match. Another notable difference to qemu-generic-arm64
is that the kernel configuration is at present defconfig. We may wish
to change this in the future to be the same fragmented configuration as
genericarm64.
We have to ignore two testimage parselogs failures: one from NUMA which
will be fixed in a future EDK2 release, and one from efifb where we
should be using the bochsdrm driver instead (further investigation is
needed)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add the new genericarm64 in meta-yocto-bsp to the CI.
This new BSP is heavily based on the meta-arm generic-arm64 machine, but
with an all-new fragmented kernel configuration.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Some BSPs use a proper initramfs and putting a SSH server into them
via this :append isn't ideal. Adding using += should be sufficient.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Every platform should have the chance to try the -rt patches.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This class is no longer used by any machines, so remove it.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
- The Secure Enclave Proxy Secure Partition fails at psa_call()
because wrong parameter was passed.
- The SMM Gateway initialization failed because a malloc()
returned a NULL pointer. The SMM_GATEWAY_MAX_UEFI_VARIABLES
had to be decreased to avoid this.
- Increase shared memory buffer size and add buildtime check
- Use __packed for the variable_metadata struct
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The Trusted Services v1.0 uses new RPC protocol and the message
fields in u-boot had to be synchronized.
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add configuration settings to TF-A, OP-TEE and TS SPs needed to get TS
built and run on the fvp-base machine.
Signed-off-by: Gyorgy Szing <gyorgy.szing@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Version v11.25 was released and it fixes measured boot. Update the
recipe and integrate the new version.
The pattern of the download URL has changed. Add functionality to
calculate a new URL fragment from the package version.
Signed-off-by: Gyorgy Szing <gyorgy.szing@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The current version of the TS recipes fails to build if the TS
environment is not set to opteesp. Change the recipes to allow building
the sp environment.
This environment targets "generic" secure partitions and produces SPMC
agnostic SP binaries which should be able to boot under any FF-A v1.0
compliant SPMC implementation.
Signed-off-by: Gyorgy Szing <gyorgy.szing@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
MbedTLS fails to build when FORTIFY_SOURCE is enabled and the NWd
configuration is used. Disable the compilation option temporary till
the root cause can be fund and a proper fix be made.
The build only fails when building from yocto. The OP-TEE integration
works fine with gcc v13.2_rel1.
Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
- Update Trusted Services to v1.0.0.
- Update TS "external components" references to fetch the version
dictated by the TS repo.
- Remove patches merged up-stream.
- Update the TS nanopb integration fix (see 210a6ace83)
- Update TS test integration.
Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
- Update driver version to v2.0.0
- Follow up the name change. The driver has been renamed from
arm_ffa_tee to arm_tstee.
Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The .nopt and capsule are generated during the yocto build. Sync the
documentation with the changes.
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Currently, only the Corstone-1000 platform uses the capsule generation
class. Corstone-1000 uses U-Boot instead of EDK2. With this change,
the dependency on EDK2 was removed.
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The .nopt image is used during the UEFI Update Capsule generation.
This .nopt image was generated manually when it was needed.
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
A SRCREV for arm-platforms-kmeta was added years ago to get
yocto-check-layer working at the time, but was never removed (and never
updated). Removing now, since it is not necessary.
Signed-off-by: Jon Mason <jon.mason@arm.com>
A patch was dropped when trusted-firmware-m was updated to 2.0 but it
had not yet been merged upstream (2.0 or master).
Restore the patch to fix regression on Corstone-1000
Signed-off-by: Jon Mason <jon.mason@arm.com>
Upgrade the Debian distribution from version 11.7 to version 12.4 in the distribution installation.
Signed-off-by: Amr Mohamed <amr.mohamed@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Upstream master and scarthgap have now diverged, so use scarthgap whilst
we prepare for release. At the time of writing there is no scarthgap
branch for meta-clang, so leave that on master.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Increase the number of TLB entries from 0x80 to 0x400 and disable the
checking of memory attributes. In our CI, this makes testimage run in
576s instead of 803s.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Multiconfig is only needed when recovery and the mass storage images
are built together. It is not needed when firmware-only build is used.
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Enables host firewall and mpu setup for FVP. It also fixes secure-ram
configuration and disable access rights to secure ram from both normal world
for both mps3 and fvp.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
MM Communicate buffer is accessed by normal world but at the moment so it
should be located in DDR instead of secure-ram. This moves mm communicate
buffer to the DDR for trusted-service components.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
MM Communicate buffer is accessed by normal world but at the moment
it's allocated in the secure ram. This moves mm communicate buffer
to the DDR and also fixes the capsule buffer size since it cannot be
more than the bank size.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Remove the preferred version so that we track the latest release.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Some of the corstone u-boot patches are not properly formatted, causing
scripting issues. Regenerate them via:
devtool modify u-boot
git format-patch -N --no-signature devtool-base..HEAD
mv *.patch ~/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update to the latest stable version (1.5.2), comprised of the following
commits:
5d86f27a8c0a opencsd: Update version info and README for 1.5.2
71c50dda716f build: win: Fix name for ocsd-perr utility in windows build
599551d3ea09 opencsd: docs: Update docs for test programs
769faaa6368a opencsd: docs: Update trc_pkt_lister man file
b957577e71bf tests: Fix typo in trc_pkt_lister help output
dca84a74a0d5 build: Fix clean of mem_acc_test
85fd025eed35 opencsd: stm: Fix build warning in 64 bit build of STM
2145b81b4b61 opencsd: etmv4: Fix build warning on decoder
169cc07d3625 docs: Fix formatting in README.md
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update to the latest stable version (2.10.3), comprised of the following
commits:
fc93d0edfc52 docs(changelog): changelog for lts-v2.10.3 release
4a10950a8538 docs(changelog): display all sections
bafc27c8d7cf chore: rename Poseidon to Neoverse V3
a6256d7a2638 feat(cpu): add support for Poseidon V CPU
ef393a3f9fa2 fix(cpu): correct variant name for default Poseidon CPU
81931a13a835 fix(cpus): workaround for Cortex-A715 erratum 2413290
baf14745f117 fix(cpus): workaround for Cortex-A720 erratum 2926083
635c83eb456a chore: update status of Cortex-X3 erratum 2615812
03636f2c3d60 fix(cpus): workaround for Cortex-A720 erratum 2940794
e86990d0911d fix(cpus): fix a defect in Cortex-A715 erratum 2561034
b59307ef8efd fix(cpus): workaround for Cortex-A715 erratum 2413290
44f36c48f280 docs(sdei): provide security guidelines when using SDEI
11cb0962f7ac docs(threat_model): mark power analysis threats out-of-scope
3e3ff298a614 fix(cpus): workaround for Cortex-A715 erratum 2344187
d466c5d4d27b fix(cpus): workaround for Cortex-X4 erratum 2701112
940ebbe2d1d0 fix(cpus): workaround for Cortex-A715 erratum 2331818
04c60d5ef31c fix(cpus): workaround for Cortex-A715 erratum 2420947
b7ed781eea74 fix(gic600): workaround for Part 1 of GIC600 erratum 2384374
58646309aedf chore: rearrange the fvp_cpu_errata.mk file
a234f540b727 fix(cpus): add erratum 2701951 to Cortex-X3's list
a24c8006ea39 refactor(errata-abi): workaround platforms non-arm interconnect
9fe65073d442 refactor(errata-abi): optimize errata ABI using errata framework
301698e15bc8 fix(cpus): workaround for Cortex-A715 erratum 2429384
5f8f745c7e99 fix(cpus): workaround for Cortex-X3 erratum 2372204
Signed-off-by: Jon Mason <jon.mason@arm.com>
The get_testimage_json_result_dir helper in OE core was deleted in
commit 01b1a6a5a4e7cede4d23a981b5144ae9c8306274 in preference for a
common utility. Change the reference within the Arm SystemReady ACS
log handler utlity.
Signed-off-by: Debbie Martin <Debbie.Martin@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This change upgrades the tftf version to v2.10 for the Corstone-1000.
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Since sbsa-acs requires edk2-firmware, it bases its SRC_URI on that.
The first entry of SRC_URI is what is used to determine the latest
version. So, specify an alternative URI to determine the correct
version.
Signed-off-by: Jon Mason <jon.mason@arm.com>
This change upgrades the trusted-firmware-m version to 2.10
for n1sdp.
Signed-off-by: Ali Can Ozaslan <ali.oezaslan@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
As of oe-core ba391d3, hashserv lookups will use authentication from the
.netrc file. However, Kas will write invalid netrc files with comments,
which causes bitbake to emit warnings.
This has been fixed in Kas in e700729 but until Kas 4.3.2 is released we
can ignore this warning specifically when checking the logs.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
When the URL and names of the toolchain tarballs changed, the
UPSTREAM_CHECKs were not modified with the proper values. This causes
the tooling to not show when new versions are available. Modify to get
it working again.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Initial checking providing support for RMM on QEMU's "virt" machine.
Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
To reduce build and test times in CI, move the dev kernel outside the
standard matrix. This results in it still being built and tested for
the platform, but only with gcc/glibc (and not against clang and musl).
This greatly reduces the number of permutations that need to be
verified.
Signed-off-by: Jon Mason <jon.mason@arm.com>
gcc-arm-none-eabi v11.2 is no longer needed by tf-m. Remove this
version, as there is a newer one available.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update to the latest version of SCP. In this release, some of the
platforms were grouped into common family directories, which
necessitated adding a variable to specify which one.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update to the latest version. Also, remove the gcc12 workaround, as
that was added in edk2 commit 206168e83f090, which has been included
since the 202305 release.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update the TF-A recipe to the latest stable version (2.10.2).
NOTE: tf-a-tests did not have a corresponding stable release. So,
keeping back at 2.10.0.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Adds a recipe (ts-sp-block-storage) to build the Block Storage
secure partition to enable feature development for downstream users.
Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Remove scp-firmware sha for intermediate version
to update to v2.13 according to the Arm Reference solutions
Feb-2024 manifest.
Signed-off-by: Anusmita Dutta Mazumder <anusmita.duttamazumder@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
With clang 18, optee-os no longer compiles cleanly. It is now seeing:
| In file included from core/arch/arm/kernel/vfp.c:6:
| In file included from core/arch/arm/include/arm.h:131:
| core/arch/arm/include/arm64.h:436:1: error: expected readable system
register
| 436 | DEFINE_U32_REG_READWRITE_FUNCS(fpcr)
| | ^
| core/arch/arm/include/arm64.h:417:3: note: expanded from macro
'DEFINE_U32_REG_READWRITE_FUNCS'
| 417 | DEFINE_U32_REG_READ_FUNC(reg) \
| | ^
| core/arch/arm/include/arm64.h:411:3: note: expanded from macro
'DEFINE_U32_REG_READ_FUNC'
| 411 | DEFINE_REG_READ_FUNC_(reg, uint32_t, reg)
| | ^
| core/arch/arm/include/arm64.h:398:15: note: expanded from macro
'DEFINE_REG_READ_FUNC_'
| 398 | asm volatile("mrs %0, " #asmreg : "=r" (val64));
\
| | ^
| <inline asm>:1:10: note: instantiated into assembly here
| 1 | mrs x8, fpcr
| | ^
Issues are also seen on optee-examples and optee-test.
Forcing GCC for all optee recipes until this issue can be resolved.
Signed-off-by: Jon Mason <jon.mason@arm.com>
The workaround is no longer needed because with the
0043-firmware-psci-Fix-bind_smccc_features-psci-check.patch file the
u-boot PSCI driver is compliant with the PSCI specifications.
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The u-boot PSCI driver was not compliant with the PSCI specifications so
this patch had to be added.
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
GNU Arm compiler version greater and equal than *11.3.Rel1*
has a linker issue in syscall for TF-M 1.8.0. Let's bump to
TF-M 2.0 which contains the fix for the issue.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Ali Can Ozaslan <ali.oezaslan@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Corstone-1000 uses trusted-firmware-m as secure enclave software
component. Due to the changes in TF-M 2.0, psa services requires
a seperate client_id now. This commit adds smm-gateway-sp client id to
the FMP services since FMP structure accessed by u-boot via
smm-gateway-sp.
Signed-off-by: Ali Can Ozaslan <ali.oezaslan@arm.com>
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Enable the patch-status warning for meta-arm and meta-arm-bsp.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The user guide document for Corstone-1000 has been updated to reflect
the changes required following the multiconfig changes as well as now
running the fvp within the kas shell to ensure all environment variables
are picked up correctly.
Signed-off-by: Drew Reed <Drew.Reed@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The 2 Corstone-1000 kas files files are updated following the
multiconfig changes. The pinned commits have been commented out and
the default branch changed to master to allow the file to build valid
images.
Signed-off-by: Drew Reed <Drew.Reed@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Fix the build with DISTRO_FEATURES containing "usrmerge":
make: *** No rule to make target '/.../optee-os/4.1.0/recipe-sysroot/lib/optee_armtz/bc50d971-d4c9-42c4-82cb-343fb7f37896.stripped.elf', needed by '/.../optee-os/4.1.0/build/core/early_ta_bc50d971-d4c9-42c4-82cb-343fb7f37896.c'. Stop.
Fixes: 6a105f47b9 ("optee-ftpm: Install artifacts into nonarch_base_libdir")
Signed-off-by: Alexander Sverdlin <alexander.sverdlin@siemens.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
To ensure the psa and optee tests are included in the initramsfs based
rootfs included within the flash image so the tests can be run.
Signed-off-by: Drew Reed <Drew.Reed@arm.com>
To allow us to continue to ship Corstone-1000 releases that only include
the firmware with the built in Linux image we need a way to build it
outside of the multiconfig builds.
Signed-off-by: Drew Reed <Drew.Reed@arm.com>
By building the Corstone-1000 firmware under the firmware multiconfig we
can also build a minimal standard core image to be mounted in the fvp as
a mass storage device.
To do this we had to enable the MMC card interface in the Corstone-1000
kernel configuration.
Signed-off-by: Drew Reed <Drew.Reed@arm.com>
To enable building rescue or bootstrap images that can be included into
firmware a "firmware" multiconfig option is required to allow the
building with different options to any mass storage image they may also
be built.
As this multiconfig build will occur under a different TMPDIR, we also
provide a deployment image to allow easy copying of the firmware into
another deploy dir.
Signed-off-by: Drew Reed <Drew.Reed@arm.com>
The TF-M configuration step can fail if the doxygen executable is found.
This commit disables the doc generation until this is fixed in the
upstream repos.
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Bumped kernel version to v6.6 and rebased N1SDP kernel PCIe quirk patches on top of this new version.
Signed-off-by: Anusmita Dutta Mazumder <anusmita.duttamazumder@arm.com>
Since there are no platforms using this version, the related files can
be removed.
Signed-off-by: Anusmita Dutta Mazumder <anusmita.duttamazumder@arm.com>
As we intend to build 2 Corstone-1000 disk images, one for the firmware
in flash and an external mass storage image the existing
corstone1000-image.bb file has been renamed to
corstone1000-flash-firmware-image.bb to make it clear what it's for.
The wks file for specifing the image layout has also been renamed to
make its purpose clearer.
Signed-off-by: Drew Reed <Drew.Reed@arm.com>
We can now use the standard poky distro configured to be small by
switching distrobution and using the standard minimal image
from poky.
To do this we also remove and image configuration options from the
machine config and apply them in the kas files.
Signed-off-by: Drew Reed <Drew.Reed@arm.com>
Moves a number of setting from the machine definition to the actual
recipes they apply too.
Added image configuration and dependancies to the flash image definition
file.
Reordered the settings in the machine definition to group them by
component that are related to.
Signed-off-by: Drew Reed <Drew.Reed@arm.com>
Moved the U-Boot configuration items from the machine definition to the
Corstone-1000 specific U-Boot append file as it makes it easier to the
U-Boot configuration for a machine in one place and to make it more
consistant with other platforms.
Signed-off-by: Drew Reed <Drew.Reed@arm.com>
The capsule_cert and capsule_key file generated by u-boot for
corstone1000 do not get deployed correctly since writingh the output directly
to ${DEPLOY_DIR_IMAGE} causes the sstate mechanism to malfunction
especially in the CI builds. This patch fixes the issue and deploy the
generated files correctly.
Signed-off-by: Ali Can Ozaslan <ali.oezaslan@arm.com>
Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
Setting an API key means we get higher rate limits. Because keys are
private, the key must be set in the environment of the runner.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This changeset fix the tftf tests issue on n1sdp. Before this change, the tftf tests were getting stuck on n1sdp.
The following changes have been done:
1. There were some tftf tests based on multicore which involve powering up the other cores. These tests were creating
issues and the same thing has already been mentioned in the tests-to-skip.txt file for n1sdp platform in tftf source.
Those tests are skipped while executing tftf and patch has been created.
2. The TFTF_MODE variable added for tftf v2.10 recipe file, as did earlier for tftf v2.9. With the help of this, we can
enable debug or relase mode. The configuration based on this has been added for n1sdp in the corresponding bbappend file.
3. Add PREFERRED_VERSION_tf-a-tests for v2.10.
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add a Kas fragment to enable the CVE checker. Disable warnings by
default but show them for the layers in meta-arm, because we only care
about meta-arm issues in this CI.
Explicitly hide kernel warnings as the kernel typically has tens of open
CVEs, and if we're carrying a kernel explicitly then it's typically an
interim kernel between releases.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Extend jobs-to-kas so the first argument is still the GitLab job name,
but allow further arguments to specify extra Kas files to use in
addition.
Then add a variable EXTRA_KAS_FILES to the CI configuration that
defaults to the empty string and pass this to jobs-to-kas.
This lets specific pipeline runs add extra Kas files, for example to use
experimental branches or enable extra features without touching the CI
directly.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Linux 6.1 will be removed from oe-core master shortly, so whilst we
still have BSPs that use it (specifically, n1sdp) carry a 6.1 recipe in
meta-arm-bsp.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Since there are no platforms using this version, this reciepe can
be removed.
Signed-off-by: Vikas Katariya <vikas.katariya@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Since linux yocto kernel 6.5 is EOL and other layers like
meta-virtualization dropping support for it, it would be
sensible to downgrade the kernel to 6.1 which is a LTS.
This is a temporary change and later we would move to 6.6 when its
officially supported on N1SDP.
This revert the following commits:
* 1fe76c893c
* 21df60b921
Signed-off-by: Jon Mason <jon.mason@arm.com>
Updated to the latest version. Corstone1000 doesn't seem to boot. So,
pull back the old version to meta-arm-bsp for it to use temporarily.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Changes were needed due to the 2.0.0 version not being available for
download at pypi (though listed as the latest version there).
Signed-off-by: Jon Mason <jon.mason@arm.com>
Scripts processing data for the patch ages need correct information in
the relevant fields to determine the age. Create/correct this
information where missing/incorrect.
Signed-off-by: Jon Mason <jon.mason@arm.com>
The SHAs for both libmetal and open-amp are intermediate SHAs, which are
only a few patches behind the v2021.04.0 tags. Update to those tags and make
the necessary changes to get them working.
Signed-off-by: Jon Mason <jon.mason@arm.com>
oe-core master has upgraded from 6.5 to 6.6, but as we have BSPs that
still use 6.5 (corstone1000, n1sdp) we need to carry the recipe. This
should be a short-term measure as 6.5 was EOL in December 2023.
Also, drop the unused 6.4 linux-yocto which was no longer needed since
N1SDP moved to 6.5 with 21df60b.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The tftf tests were getting crashed on the MPS3 and two issues were found
during investigation. This change set provide fix for those issues:
1. The tftf tests were getting crashed on the MPS3 when compiled with
LOG_LEVEL=50. So, reducing the log level and aligning it with the TF-A
allows us to get rid of the crash.
2. Once the above crash got resolved, it has been found that tftf tests
were getting asserted while reading the value of the register
GICD_ITARGETSR. The reason for the crash is that the value of this register
is zero. As per the GIC documentation, this register is RAZ/WI for uniprocessor
implementation and corstone1000 is uniprocessor implementation for FPGA.
So, this change compiles the tftf tests in release mode which allows us
to compile out the assert definitions.
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add CI builds for Arm SystemReady Firmware within the fvp-base CI job and a new
Arm SystemReady IR ACS build job. Add the CI kas config for each of these
builds.
The ACS build can be controlled by the ACS_TEST GitLab variable to specify
whether or not to run the testimage. If this variable is not set, the
testimage step will not run. The job tag can be controlled by the ACS_TAG GitLab
variable.
Signed-off-by: Debbie Martin <Debbie.Martin@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add the parted-native dependency explicitly which is needed to
use wic commands.
Also explicitly inherit testimage. This means that the kas config
is no longer required to include it in IMAGE_CLASSES.
Signed-off-by: Debbie Martin <Debbie.Martin@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update tf-a and mbedtls to the latest versions. Also, migrate the
previous version to meta-arm-bsp for corstone1000.
NOTE: in v2.10, the fiptool makefile was changed to reference LDOPTS
instead of LDLIBS.
NOTE: commit 408cde8a59080ac2caa11c4d99474b2ef09f90df in tf-a modifies
the qemu_sbsa starting offset, and per the commit comment, it requires
the edk2 same change. This is why the edk-platforms SHA has been
changed. There are only 19 patches between the previous SHA and this
one (most of which are adding a single platform). So, it shouldn't be
too impactful to bump the SHA (instead of making it a patch to apply
on top of the existing SHA).
NOTE: tf-a-tests added LDFLAGS to the makefile, causing the need for it
to be removed in the recipe.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Now that we've released 4.3 and branched, we can switch master CI back
to master.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
We enable PAC/BTI out of the box, but all of the pieces (such as gcc and
glibc) need to support it for the final binary to be protected.
Add a minimal test recipe to verify that the "Hello, World" binary is
using PAC/BTI, and add it to oe-selftest.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Readthedocs server requires an absolute path from project's root
directory to find correct requirements.txt and conf.py.
Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Upgrade the Corstone-1000 YMLs as follows:
- Set the layers SHAs
- Align with Kas v4
- Update the layers list
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Add a note for Capsule update negative test scenario and fixes instructions
regarding distro-boot in Corstone-1000 user guide.
Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
Signed-off-by: Delane Brandy <delane.brandy@arm.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Adds creating an EFI System Partition for Corstone-1000.
Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
align the release note with the upcoming CORSTONE1000-2023.11 release
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Use Ethernet over VirtIO on FVP due to lan91c111 Ethernet driver support dropped from U-Boot.
This patch enables virtio-net device in u-boot to pass ACS tests related to
NIC and PXE. The current ethernet device still works in linux kernel and
corstone1000-mps3 Ethernet device is supported by u-boot, so no change is
required regarding existing Ethernet device.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Adds virtio-net configuration to use virtio-net in corstone1000-fvp.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Update the user guide to include Linux distro installation on fvp
Signed-off-by: Delane Brandy <delane.brandy@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This fixes a race that is observed rarely in the FVP. It occurs in FVP
when tfm sends the notication ack in openamp, and then reset the access
request which resets the mhu registers before received by the host
processor. It implements the fix both in SE and the host processor openamp
wrapper. This solution enables polling on the status register of mhu until
the notificaiton is read by the host processor. (Inspired by
signal_and_wait_for_signal function in mhu_wrapper_v2_x.c in trusted-firmware-m
https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/platform/ext/target/arm/rss/common/native_drivers/mhu_wrapper_v2_x.c#n61)
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Upgrade the Arm binary toolchains to the latest version. Of note, the
untarred directory has camelcased the "R" in Rel (which was "rel" in the
previous versions).
Signed-off-by: Jon Mason <jon.mason@arm.com>
The fvp-base machine uses a v8.4 tune and the FVP itself is configured
to be v8.4, so also tell TF-A to use v8.4.
This is normally done in the TF-A board configuration, but the fvp board
is configurable.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
We already tell the FVP to be v8.4 cores, so tell the compiler to
tune for that instruction set too.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This CVE is specific to NXP i.MX boards which are documented as being
shipped unsecure, as they're meant for development.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Changes ns-interrupt-action for corstone1000. This will enable
preemption in the SPs which is the default way to handle interrupts in
trusted-firmware and optee documentation.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
When booting, the tee driver from kernel side
invokes a yielding call to OP-TEE, which gets
stuck because OP-TEE never sends Done response:
OPTEE_FFA_YIELDING_CALL_RETURN_DONE
This issue was previously resolved by introducing
an inappropriate patch to the kernel with 1 ms delay
in ffa_msg_send_direct_req.
Further investigation proved that OP-TEE doesn't
get enough processing time and is constantly interrupted
by the kernel requests. To remove this patch, TF-A logging
level is lowered to default (40 in debug builds and
20 in release builds), which eliminates the time consumed
previously by TF-A VERBOSE logs (giving OP-TEE more
processing time).
Signed-off-by: Mariam Elshakfy <mariam.elshakfy@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Corstone1000 capsule update implementation does not support use of
scatter_gather_list. This workaround passes 1 as scatter_gather_list value
to pass the NULL checks for scatter_gather_list while
CAPSULE_FLAGS_PERSIST_ACROSS_RESET flag is set (which is introduced lately to
align with UEFI specs). Since these flag checks are not implemented in u-boot
properly and corstone1000 does not support scatter_gather_list during capsule
update, this patch will skip the check only for on-disk capsule update.
This will be fixed with new capsule update design.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add an optional env argument to the run_fvp() function, and check that
DISPLAY is preserved.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The __main__ body used the return value of runfvp() as the exit code,
but this was never set.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Don't pass "" as the cwd as that fails, use None so the cwd doesn't get
changed.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
add debug.yml to the build command so the debug-tweaks image feature
is enabled
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This is no longer needed as Nanbield uses ttyrun to avoid re-spawning
gettys.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
corstone1000's uboot uses efitools-native from meta-efi-secure-boot, so
add the layer dependency to make this clear.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Use IMAGE_CLASSES rather than a direct INHERIT for fvpboot.
This is Yocto best practice as it is used to enable
functionality across all image recipes.
Signed-off-by: Debbie Martin <Debbie.Martin@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add systemready firmware, systemready ACS, systemready distros, and
fvp-base kas configurations. Update the README file with
instructions on how to build and run using them.
Signed-off-by: Debbie Martin <Debbie.Martin@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
1. Configure FVP base to allow Arm SystemReady IR ACS console access.
2. Configure FVP base Arm SystemReady IR ACS firmware build.
3. Add the machine-specific report.txt for FVP base.
4. Patch the check-sr-results.yaml and format-sr-results.yaml files
to handle the known differences between FVP base and the
expected ACS functionality.
5. Add a README with instructions of how to use the meta-arm-systemready
layer with fvp-base.
Signed-off-by: Debbie Martin <Debbie.Martin@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add the meta-arm-systemready layer. This provides the infrastructure to
load and run the Arm SystemReady IR ACS v2.0.0 prebuilt image and
analyze the results.
The recipes included are as follows:
1. arm-systemready-firmware: Enables the ARM_SYSTEMREADY_FIRMWARE machine
conf variable to be used to specify which firmware packages to deploy.
2. arm-systemready-ir-acs: Runs the Arm SystemReady IR ACS tests from
the pre-built images and checks the results adhere to the specification.
3. arm-systemready-linux-distros-[debian|opensuse]: Install the distro of
choice from CD/DVD image to target disk image.
Signed-off-by: Debbie Martin <Debbie.Martin@arm.com>
Signed-off-by: Diego Sueiro <diego.sueiro@arm.com>
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Signed-off-by: Qi Feng <qi.feng@arm.com>
Signed-off-by: Robbie Cao <robbie.cao@arm.com>
Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>
Signed-off-by: Vineeth Raveendran <vineeth.raveendran@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
For fvp-base, update the DEFAULT_TEST_SUITES to include
fvp_boot and fvp_devices. This is only the default behaviour;
individual recipes can override this using the TEST_SUITES
variable.
Signed-off-by: Debbie Martin <Debbie.Martin@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Comments were made after previous optee changes were committed.
Addressing those comments here.
Suggested-by: Denys Dmytriyenko <denis@denix.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update capsule document procedure and ACS image in user guide.
Signed-off-by: Ali Can Ozaslan <ali.oezaslan@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update the recipes and patches for OP-TEE 4.0.0. Migrate the 3.22.0
recipe to meta-arm-bsp for corstone1000 and n1sdp.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Updating to the latest version of hafnium. Also, dropping tc patches,
as they are either experimental or a similar feature has been added.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Updates the status of the patches on the trusted-firmware-m for
corstone1000.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
U-boot mkefitool creates capsule image without packed and byte-aligned structs.
This patch aligns the capsule-update structures and avoids crashes in case of
unaligned pointer access.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Platform-specific capsule-update feature in u-boot does not check the
capsule-update flags properly (as stated in UEFI specs). This patch fixes the
capsule flags checks in u-boot for corstone1000.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Enables on-disk capsule update feature for corstone1000.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Bump kernel version to v6.5 and rebased N1SDP kernel PCIe quirk patches top of this new version.
Signed-off-by: Xueliang Zhong <xueliang.zhong@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Some FVPs are available as x86-64 and aarch64 binaries, so build target
(qemuarm64) and nativesdk (x86-64) packages for these to verify the
checksums are correct.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Now that there's a FVP for aarch64, we don't need to pin the CI pipeline
to x86-64.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Now that the FVP supports both aarch64 and x86-64, this inherit doesn't
need to be conditional.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Upgrade to the 11.22.35 release of the FVP.
Also add the aarch64 binaries as these are now available.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Configure grub as the EFI provider and remove the U-boot boot
args.
Signed-off-by: Debbie Martin <Debbie.Martin@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Configure FVP base to use vexpress_fvp_defconfig as the U-boot machine.
Configure U-boot:
1. Drop the patch to pick the DRAM size from the devicetree since
the FVP now specifies a devicetree.
2. Enable sysreset to reset by PSCI and patch the vexpress U-boot
machine to leave the reset to PSCI in this case.
3. Enable Virtio RNG and patch the U-boot Virtio RNG driver to
workaround an issue with the FVP that results in RNG calls
hanging.
4. Enable the Arm64 CRC-32 instruction by default and remove the now
redundant config setting.
Signed-off-by: Debbie Martin <Debbie.Martin@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Set the Trusted Firmware devicetree to fvp-base-gicv3-psci-1t. Patch the
devicetree to include: the stdout path for console access, a virtio net
node and a virtio rng node. This is necessary in the case that the
Trusted Firmware devicetree is passed to Linux from U-boot (rather than
sideloading).
Also rename the include file to change the suffix from "fvp" to "fvp-base".
Signed-off-by: Debbie Martin <Debbie.Martin@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Merge the common FVP configuration in fvp-common.inc into
fvp-base.conf since that is the only place it is inherited.
Drop setting MACHINE_FEATURES to "optee" because there is no
optee machine feature.
Signed-off-by: Debbie Martin <Debbie.Martin@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Have separate machine include files rather than multiple
machine-specific settings in the same file.
Signed-off-by: Debbie Martin <Debbie.Martin@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
meta-clang and meta-virtualisation don't yet have nanbield branches, so
we need to use master for those at the moment.
Signed-off-by: Ross Burton <ross.burton@arm.com>
To allow running the TF-A TFTF tests we need to ensure the images for
N1SDP and Corstone-1000 MPS3 boards build
Signed-off-by: Drew Reed <Drew.Reed@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
To allow running of the TF-A tests we need to be able to build the TF-A
test recipe for the N1SDP machine.
Signed-off-by: Drew Reed <Drew.Reed@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This change enables N1SDP cache to improve performance
by removing this patch:
HACK-disable-instruction-cache-and-data-cache.patch
Signed-off-by: Mariam Elshakfy <mariam.elshakfy@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Since the original location of OP-TEE in DDR3 observes
a HW issue when cache is enabled, this change moves OP-TEE
to run from DDR4. Patches are added to TF-A to reflect that
change and the used region is also reserved in UEFI (EDK2)
to protect against allocations by UEFI applications.
OP-TEE size is modified for consistency across all patches
to be 32 MB (0x02000000) instead of (0x02008000).
Signed-off-by: Mariam Elshakfy <mariam.elshakfy@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
the configuration options corresponding to external system are removed
from the kernel and the defconfig is generated with with savedefconfig
bitbake task
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Remove the External system patches in uboot as they are not upstreamable.
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This support is for Cassini distro using Corstone-1000 platform.
When running parsec test, it reports an error
`PSA_ERROR_DATA_INVALID (-153)`.
This is related to `ITS_MAX_ASSET_SIZE` configuration which is been
set to 512 on the secure enclave (TF-M), which defines the max asset
size and it overflows when running the parsec tests.
The key is generated, but when it is asked to store via `psa_its_set`
it returns `PSA_ERROR_INVALID_ARGUMENT (-135)`, which then propagates
to `PSA_ERROR_DATA_INVALID (-153)`
Increasing the `ITS_MAX_ASSET_SIZE` to 2048 solves this issue.
Signed-off-by: Vikas Katariya <vikas.katariya@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The terribly named qemutiny test case tries to login to the target over
the serial console. It's designed for poky-tiny, so add it to the tests
we run in poky-tiny builds.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Just execute all tests with the meta-arm tag, instead of hardcoding the
list of tests.
Also run two tests in parallel as there's no reason to limit it to one.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Tag all of the tests in meta-arm so that they can be selectively ran
without needing to explicitly list them.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Patch was accepted upstream and has been pulled back the 6.5 and 6.1
kernels. So, it is no longer needed here.
Signed-off-by: Jon Mason <jon.mason@arm.com>
The v6.4 kernel is needed for some platforms in meta-arm-bsp.
Temporarily add it here to give those machines enough time to
update to the latest version. Also, add the patch to the
defconfig.
Signed-off-by: Jon Mason <jon.mason@arm.com>
When ccache is enabled trusted-firmware-a recipe fails with this
error message:
make: *** No rule to make target 'aarch64-poky-linux-gcc'. Stop.
ccache prefix CC variable with 'ccache' word before compiler. Because
there are no quotes assigned to CC, only 'ccache' is assigned. The
compiler becomes a make target, producing the build error.
Add single quotes to LD is a good measure to prevent this kind of error.
Signed-off-by: Javier Tia <javier.tia@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Multiple machines in meta-arm-bsp have need of the 2023.07.02 version of
u-boot. Temporarily add it here to give those machines enough time to
update to the latest version.
NOTE: MTD changes in u-boot require changes to the qemuarm config.
Specifically, not disabling it.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Enables authenticated capsule update and makes necessary changes to
align with new capsule generation tool (mkeficapsule in u-boot).
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Adds signature to device-tree overlay and enables authenticated capsule
update in u-boot for corstone1000.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Adds meta-secure-core to enable capsule update feature.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Adds meta-secure-core to corstone1000.yml to enable signed capsule
update feature.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Meta-secure-core is used to create signed capsule (firmware update
images). This adds meta-secure-core.yml file and since it depends on meta-perl
from oe-core, it adds that layer to meta-openembedded.yml
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The Kas binary is identical, but the container has been rebuilt using
Debian 12 (Bookworm).
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The Kas container in version 4 onwards is based on Debian 12, which
forbids pip from installing files into /usr or ~/.local/.
We want to install the arbitrary dependencies for the documentation
build, so these should be installed in a venv.
The kas container doesn't currently install python3-venv, so we have to
install that manually (patch sent upstream).
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Upgrade nanopb, clean up how it is build, and hopefully fix the build
races. This patch isn't quite ready to be upstreamed but discussion
with the TS maintainer is ongoing.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Now that the apply_local_src_patches class supports being used with
multiple directories, use that instead of reimplementing the logic.
Also remove redundant patchdir assignments as these patches are against
the trusted-services repository, which is ${S}. I suspect these are
exposing a subtle bug in the core patching logic which meant the local
patches were not applying correctly.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This test needs the TF-A sources available to build. When the test is
needed, this commit can be reverted to bring it back.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This recipe won't pass configure without the jsonschema and jinja2
Python modules.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
As with ts-service-test, manually move the binary to $bindir.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The configure log warns that it couldn't find pkgconfig, so add this so
it can.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Pass through the choice of CMake Generator when starting sub-cmakes for
the external components, so that they use Ninja instead of Make.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Pull out the patch application logic so the postfunc by default scans
for patches in LOCAL_SRC_PATCHES_INPUT_DIR and applies them to
LOCAL_SRC_PATCHES_DEST_DIR as before.
This allows recipes to inherit the class and directly call
apply_local_src_patches as needed to process patches in multiple
directories.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The fvp-baser-aemv8r64 machine will not be actively maintained.
Signed-off-by: Divin Raj <divin.raj@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Remove U-Boot specific DT nodes before passing the DT to Linux
This is needed to pass SystemReady IR 2.0 dt-schema tests
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The optee recipe installs the tee image using `${nonarch_base_libdir}`
If usrmerge is enabled this is `/usr/lib`, otherwise it is `/lib`
Several platforms (corstone1000, n1sdp, tc) look for tee-pager_v2.bin in
the hard-coded `/lib/firmware`, hence if usrmerge is enabled it won't be
found.
Fix these platforms by using `${nonarch_base_libdir}` instead of `/lib`
as per the qemu platform code in the generic recipe.
Signed-off-by: Adam Johnston <adam.johnston@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Bump kernel version to v6.4 and rebase the patches on
top of this new version.
Signed-off-by: Xueliang Zhong <xueliang.zhong@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
TFM updated to 1.8.1. Note, TF-Mv1.8.1 tags point to the same SHA as
the TF-Mv1.8.0 tag for tf-m-tests and tf-m-extras.
Signed-off-by: Jon Mason <jon.mason@arm.com>
tee and teeclnt are there to avoid running client applications (CAs) and
tee-supplicant as root.
- The teeclnt group stands for "TEE client" and is for CAs (CAs need
access to /dev/tee[0-9]* but not /dev/teepriv[0-9]*).
- tee is just for tee-supplicant to open its device /dev/teepriv[0-9]*.
No other process is supposed to open that one.
Signed-off-by: Javier Tia <javier.tia@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Rationalise the port forwarding to be the same as the runqemu defaults,
so change the SSH port forward to be 2222=22 instead of 8022=22.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
QEMU_USE_SLIRP is no longer needed[1] as adding slirp to
TEST_RUNQEMUPARAMS is sufficient, so remove that.
Setting TEST_SERVER_IP also isn't needed as there's a default value now,
and we disable the package management tests that would use the server
IP. When they work the correct IP can be set.
[1] As of oe-core f4e8650
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update to the latest versions of edk2 and edk2-platforms. This
necessitates updating the patches in sbsa-acs to apply cleanly to the
latest version of edk2.
Signed-off-by: Jon Mason <jon.mason@arm.com>
It's expected to exist multiple /dev/teepriv[0-9]* devices, and the
tee-supplicant service depends on them, which should be activated only
when the device is detected by the kernel using a udev rule.
Improve commit f02d065dce, where it's only considering a path creation
and not a device detection by the kernel.
Signed-off-by: Javier Tia <javier.tia@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The update-repos script currently exits immediately if one of the
underlying Git commands fails (e.g. because of a network issue). If the
repo already exists, then catch this error inside the loop and
carrying on attempting to update other repos, as the network error may
be upstream.
KAS_REPO_REF_DIR is ultimately an optimization and subsequent build
stages should be able to continue if one of the updates fail. Therefore,
ensure the script returns a special error code if at least of the Git
commands fail, and use this to set the allow_failure property of the
job.
If a repo does not exist, fail immediately as before.
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
To make the pipeline slightly more resilient to external networking
issues, allow a local container registry mirror to be specified in the
GitLab settings. If not specified, the upstream container registry is
used automatically.
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Since optee-os for N1SDP has been updated to 3.22,
this patch updates optee-os-tadevkit and optee-test
to match the same version.
Signed-off-by: Mariam Elshakfy <mariam.elshakfy@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Bump kernel version to v6.4 and rebased N1SDP kernel PCIe quirk patches
top of this new version.
Signed-off-by: Xueliang Zhong <xueliang.zhong@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The default XSERVER only pulls in the framebuffer driver, which is
pretty broken with modern kernels and the modesetting driver is a lot
more functional.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The sbsa-ref machine can't use KVM because it's an entire emulated
machine, not a virtual machine.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The consoles to use isn't specific to the qemu machine, and without a
value results in no serial consoles when running on real hardware under
sysvinit.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Patches (and recipe support) were added for qemuarm64-secureboot
support, but that is not present in meta-arm-bsp. Remove it.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Without /dev/teepriv[0-9]*, tee-supplicant.service will fail. Prevent
a failure with a condition to check if /dev/teepriv[0-9]* path exists.
Signed-off-by: Javier Tia <javier.tia@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
ARM Reference Solutions' N1SDP 2023.06.22 manifest
uses edk2-firmware version 202305. This patch
aligns with the manifest.
The RemoteDdrSize cast patch is now upstreamed,
hence removed from the patches list
Signed-off-by: Mariam Elshakfy <mariam.elshakfy@arm.com>
Enables the support of a second mmc card, which enables distro installation.
Signed-off-by: Delane Brandy <delane.brandy@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Build a custom N1SDP image with only optee-xtests as part of the image. A fresh custom image build is necessary to include the relevant test suite for running the xtests.
Signed-off-by: Anusmita Dutta Mazumder <anusmita.duttamazumder@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add the config needed to run the embedded tests with pseudo trusted application. Without this config, the optee-xtests with pseudo TA get skipped with “skip test, pseudo TA not found” message.
Signed-off-by: Anusmita Dutta Mazumder <anusmita.duttamazumder@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Clean up various patches by
* Create email headers for those not present using the s-o-b as author and date
applied to the tree as the patch date
* regenerating the patch name via git rebase and format-patch
* replacing patch with backported version
* moving patch location to be more accurate
Signed-off-by: Jon Mason <jon.mason@arm.com>
Rebase the corstone500 u-boot patches to 2023.07.02. Some defined
variables changed names, and had to be updated.
Signed-off-by: Jon Mason <jon.mason@arm.com>
As of oe-core a8e7b0f, PV doesn't need to contain SRCPV explicitly as
base.bbclass will append it to PKGV if there is a + in the version. So,
remove the redundant assignments.
Also change the boot-wrapper-aarch64 PV to 0+git as it's possible that
some point they'll tag a release and we want to be able to upgrade to it.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
u-boot patches rebase cleanly to u-boot v2023.01. Update to that and
get rid of the legacy version of u-boot that existed only for this
machine.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Updates optee-os and aligns with changes in v3.22 for Corstone-1000.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
With 6.1.46, the gimple patch has been backported as part of the
release, and is no longer needed as a patch applied here.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update hafnium to v2.8, which allows updating tc1 to that version and
remove the intermediate SHA. It also allows for the removal of some
backported patches.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Updates trusted-firmware-a and aligns with changes in v2.9 for Corstone-1000.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update TF-A version for N1SDP to align with
N1SDP 2023.06.22 manifest
Signed-off-by: Mariam Elshakfy <mariam.elshakfy@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Use the patch that Mikko Rapeli is trying to upstream to work around the
Nuvoton defconfig issue instead of reverting the patch that added the
platform to the kernel.
Signed-off-by: Jon Mason <jon.mason@arm.com>
The scp-firmware version in the Arm Reference Solutions N1SDP-2023.06.22 Release has now updated to a beta version beyond v2.12.
Add the SHA override for N1SDP to align to scp-firmware version used in the release.
Signed-off-by: Anusmita Dutta Mazumder <anusmita.duttamazumder@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add new Corstone-1000 firmware GUID and remove previous u-boot GUID to be updated into ESRT table.
SR-IR 2.0 requires the capsule GUID to be unique.
Signed-off-by: Anusmita Dutta Mazumder <anusmita.duttamazumder@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add new Corstone-1000 firmware GUID and remove previous u-boot GUID to be updated into ESRT table.
SR-IR 2.0 requires the capsule GUID to be unique.
Signed-off-by: Anusmita Dutta Mazumder <anusmita.duttamazumder@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update the trusted-firmware-a recipes to 2.9.0
Moving legacy recipes (2.8) for tc1 and corestone1000 to meta-arm-bsp
Signed-off-by: Jon Mason <jon.mason@arm.com>
use filesize environment variable to read the size of the unzipped initramfs bundle
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
If a user does eg "kas shell kas/corstone1000-base.yml" and then calls
runfvp, the spawned xterms don't have a valid DISPLAY set.
Add DISPLAY to the preserved environment variables and DISPLAY will be
passed into the shell, and the xterms will start correctly.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add kernel configuration necessary to build an image with preempt-rt
support for generic-arm64.
And tweak kernel configuration for preempt-rt kernel.
Signed-off-by: Robbie Cao <robbie.cao@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
202211 is only used in meta-arm-bsp, and all other users should be using
the latest version. Move it there until n1sdp can be updated to the
latest.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add back the 11.2 release of GCC, because TF-M has code generation
problems with 11.3 onwards.
This recipe has the major version embedded in the recipe name so that it
has to be specifically asked for in a per-recipe basis.
Signed-off-by: Ross Burton <ross.burton@arm.com>
So that it's obvious which version of GCC is being used, install the
files into a versioned directory under $libexecdir.
Signed-off-by: Ross Burton <ross.burton@arm.com>
This was added to build an Android Common Kernel with the Android
compiler, but we don't need to build that anymore.
Signed-off-by: Ross Burton <ross.burton@arm.com>
The unzipped kernel size increased due to recent changes in oe master.
Since corstone1000 sets a fixed kernel size, this should be increased to
boot the platform correctly.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
The physical memory which is used to run OP-TEE on the N1SDP is known
to the secure world via TOS_FW_CONFIG, but it may not be known to the
normal world.
As a precaution, explicitly reserve this memory via NT_FW_CONFIG to
prevent the normal world from using it. This is not required on most
platforms as the Trusted OS is run from secure RAM.
Signed-off-by: Adam Johnston <adam.johnston@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The upstream u-boot recipe did a minor version update, which is causing
a "preferred version not available" warning. Add a '%' to resolve this
issue.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Temporary workaround for a number binaries in the toolchains that are
using 32bit timer API. This must be done in the CI yml file instead of
the recipe because of all the libraries in the toolchain have the issue.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Pre-populate the standard values of get-binary-toolchains so that it
will work without variables in a standard kas container. This will aid
in ease-of-use for development and testing of binary toolchains.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Port Corstone-1000 patches to U-Boot v2023.07
Include the latest FF-A patchset sent to the mailing list (v15).
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
add SMCCC_ARCH_FEATURES discovery
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Upstream-Status: Inappropriate [A U-Boot patch will be released to fix an issue in the PSCI driver]
Signed-off-by: Jon Mason <jon.mason@arm.com>
Move the 3 patches only needed by the 6.1 kernel into a unique bbappend
The defconfig changes cannot be moved into a config fragment because
they only exist in the defconfig file (because the patches that
integrated their functionality into the kernel were not merged).
Signed-off-by: Jon Mason <jon.mason@arm.com>
The optee-os.inc was including patches which really should've been in
the versioned .bb file. Move those references there and update the
FILESEXTRAPATHS to be more intelligent. While there, rebase the files
via devtool and update the file names as necessary.
Also, remove unreferenced patches.
Signed-off-by: Jon Mason <jon.mason@arm.com>
1- Replace FVP_BASE_R_ARM_EULA_ACCEPT with ARM_FVP_EULA_ACCEPT
in fvp-baser-aemv8r64.md
2- Add instructions to corstone1000/user-guide.rst to set
ARM_FVP_EULA_ACCEPT to "1".
Signed-off-by: Ziad Elhanafy <ziad.elhanafy@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
1- Add fvp-eula.yml file which introduces ARM_FVP_EULA_ACCEPT
environment variable
2- Remove any license related settings from fvp-baser-aemv8r64-bsp.yml,
corstone500.yml and corstone1000-fvp.yml
Signed-off-by: Ziad Elhanafy <ziad.elhanafy@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Set the FVP EULA environment variable details message
to request the user to accept the EULA in case it has
not been accepted.
Signed-off-by: Ziad Elhanafy <Ziad.Elhanafy@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The following error is seen:
ERROR: Nothing PROVIDES 'llvm-native' (but virtual:native:/builds/jonmason00/meta-arm/work/build/../poky/meta/recipes-graphics/mesa/mesa_23.1.3.bb DEPENDS on or otherwise requires it). Close matches:
ovmf-native
rust-llvm-native
vim-native
Work around this by using the llvm-native from meta-clang
Signed-off-by: Jon Mason <jon.mason@arm.com>
Upstream change 26d97acc71379ab6702fa54a23b6542a3f51779c changed the
IMAGE_LINK_NAME to have IMAGE_NAME_SUFFIX and breaks the automatic
finding of the image by name. Work around here until upstream fix can
be added.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Remove IMAGE_NAME_SUFFIX from image path in
wic_nopt.bblass
Signed-off-by: Ziad Elhanafy <ziad.elhanafy@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The fvp_devices test suite can be used to verify the following
functionality at runtime, common to most FVPs:
* CPU hotplug
* virtio-net device presence and functionality
* virtio-rng device presence and functionality
* PL031 RTC device presence and functionality
* SP805 watchdog device presence
The list of devices to be tested can be configured by a BSP using the
variable TEST_FVP_DEVICES.
Add this test suite for fvp-base and fvp-baser-aemv8r64.
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The linuxboot test case is already FVP-specific due to the use of the
OEFVPTarget pexpect interface. Clarify this by renaming to fvp_boot.
So that fvp_boot can be used alongside other OEQA test cases (e.g. those
in OE-core):
* Call self.target.transition("off") at the start of the test to
ensure the model starts from reset
* Call self.target.transition("linux") to reuse the "wait for boot"
logic in OEFVPTarget.
Additionally, minimally validate the firmware boot by checking for
common error patterns in all console logs. Expose the runfvp config in
OEFVPTarget to support this.
Align the list of test cases executed on both fvp-base and
fvp-baser-aemv8r64 by using TEST_CASES:append = " fvp_boot" for both.
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
To better support firmware testing alongside Linux runtime testing,
introduce model state support to OEFVPTarget. The following states are
supported using self.target.transition(state):
* off
* on
* linux
Instead of assuming a specific state in OEFVPTarget.start,
responsibility is delegated to test cases to lazily put the model in
the required state. But to support OE-core test cases, OEFVPTarget.run
automatically puts the model in the "linux" state for running the
command. Firmware and Linux tests can subsequently run alongside each
other without introducing complex test dependencies.
The concept is inspired by Labgrid strategies [1], albeit simplified.
Tweak log file handling so that output is collected across (possibly)
multiple model processes.
[1] https://labgrid.readthedocs.io/en/latest/overview.html#strategies
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The differences between OEFVPTarget, OEFVPSSHTarget and
OEFVPSerialTarget are not obvious and there is a lot of duplication.
Merge all the logic into one OEFVPTarget (again). This has the following
features:
* Run SSH commands
* Run serial console assertions
* Lazily await a Linux login prompt while running test cases (only when
self.target.run is called).
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Using runfvp without explicitly specifying the fvpconf path currently
fails due to a missing fvp.conffile include.
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update to the latest version of OP-TEE, and move the legacy versions
that are still in use by meta-arm-bsp to that directory
Signed-off-by: Jon Mason <jon.mason@arm.com>
By default, optee-test is using an ancient version of openssl (1.2.0o)
in binary form, located in the optee-test build tree. musl is already
working around this. So, use those defaults for everyone.
Signed-off-by: Jon Mason <jon.mason@arm.com>
scp-firmware passes -I/core/include to the compiler which doesn't exist,
and sometimes gcc emits a fatal error. It's unclear why this doesn't
happen for everyone, but this workaround appears to be the correct
solution.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
SCP_COMPILER isn't used anymore, so remove it.
Explicitly set SCP_TOOLCHAIN=GNU for clarity.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Now that this defaults to MACHINE, explicit SCP_PLATFORM assignments can
be removed.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Many platform names are the same as the machine name, so this saves
some typing.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
It is more difficult to update optee recipes to bleeding edge
3.21 when patches are added to SRC_URI via :append and thus they
need to be explicitly removed with :remove and name of the patch file.
For our boards we know 3.21 will work without patches but we still want
to keep using meta-arm side base recipe and just update the SRC_URI
to remove patches and update SRCREV and PV.
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This tool makes it easy to lock a build to a known good configuration,
for example by locking the SHAs to the last good build of master.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
In the update-repos job, generate a Kas lock file to pin the SHAs of the
repositories being build during the build. This ensures that commits to
the repositories _during_ the build doesn't cause differing builds. All
of the kas calls use this lock file to ensure that their builds are
identical.
This lockfile is also added to the artifacts, so that it can be reused
afterwards to replicate the build: either as a known good base or to
replicate failures.
This lock file is only generated if it doesn't exist, so that
development branches can temporarily add a lockfile.yml if for example
master is too unstable to develop on.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Kas 3.3 uses branch and commit keys instead of a general-purpose
refspec. Change the base to use branch:mickledore and remove the
explicit use of master for meta-virtualization now that a mickledore
branch exists there too now.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Kas 3.3 has the following new features:
- kas: Introduce commit and branch as alternative to refspec key
- kas: Warn if a repo uses legacy refspec
- kas: add support for lock files via dump plugin
- kas: track root repo dir config files of menu plugin
- kas: add support for --log-level argument
- kas: add GIT_CREDENTIAL_USEHTTPPATH environment variable
- kas: improve error reporting
- kas: drop support for Python 3.5
- kas-container: fix invocations with --isar for some layers
- kas-container: Purge tmp* on clean
- kas-container: enable colored logging
4.0 is basically the same but the Kas container uses Debian 12, which is
not yet supported as a tested platform. Until Debian 12 is tested we
should continue to use 3.3.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This will still emit the diagnostic but it wont break the build,
additionally pass it to CXXFLAGS since thats the right subset to
disable it for.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Same as for OP-TEE client, this eases debugging and is required to use
the OP-TEE symbolize.py script.
Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The TA builds always create ELF files, add them to the deploy dir to
ease debugging via the OP-TEE symbolize.py script.
Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The optee-os compilation provides not only the core files, TAs are also
usually build. Create a separate package which contains them, so they
can be installed.
Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Signed-off-by: Jon Mason <jon.mason@arm.com>
TF-A version 2.8.6 hangs on boot for corstone1000 non-deterministically.
This sets TF-A version to v2.8.0 which is a tested working version for
corstone1000.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Adds missing update service definitions for using stateless platform
services and initializes the capsule udpate provider in se-proxy-sp
for corstone1000.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Adds missing compilation option to fix psa_raw_key_aggrement test for
corstone1000.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
From: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
These 2 patches causes the secure world to enter into an infinite loop
when the PSA arch tests are triggered. This is a temporary fix and the
issue needs to be investigated before the patches can be enabled.
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This patch is required to handle one of the corner cases of the
GetNextVariableName EFI service as specified in the UEFI spec.
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
From: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
This patch adds the required configs to the corstone1000 u-boot
defconfig to enable the EFI services. This is done to fix the SCT
failure reported by the SetTime_Conf and SetTime_Func.
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
From: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
The patch fixes the ACS InstallMultipleProtocolInterfaces_Conf failures
in corstone1000 platform by dropping a workaround u-boot patch. The NVMXIP
initialization had some issues during u-boot boot stage which led to the
workaround patch.
Upstream-Status: Pending [Not submitted to upstream yet]
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
It's useful to have known good logs when debugging problems, so always
preserve the logs.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The previous commit fixed the build of GN with GCC 13, but broke it for
any other version.
Remove the patch and simply disable the fatal warning that causes the
breakage. Interestingly, this warning is already disabled for Windows
builds.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
EXTERNAL_TOOLCHAIN variable should provide absolute path to external Arm
toolchain install directory. So make that absolute path check explicit.
Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
CFG_MAP_EXT_DT_SECURE=y should be set per platform, as it requires CFG_DT=y
to also be set, which is not the case for all the platforms out there using
optee-os. Moreover CFG_MAP_EXT_DT_SECURE is already being set conditionally
in optee-os-ts.
Signed-off-by: Denys Dmytriyenko <denys@konsulko.com>
Signed-off-by: Denys Dmytriyenko <denis@denix.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This recipe is a rebuild from source of the Arm GCC release, with
patches from oe-core added to make it work well in our environment.
Most people are happy with the GCC in oe-core, and this release is often
behind: at the time of writing oe-core has mainline GCC 13.1, but Arm
GCC is 12.2. Users who actually want the improvements in Arm GCC will
likely want to use the binary toolchain so that they can have support
from Arm, and they're welcome to do so via the "external-arm" binary
toolchain.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Acked-by: Sumit Garg <sumit.garg@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
There are not any alternatives for the virtual/arm-non-eabi-gcc provider,
so just use the real recipe name.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The binary Arm compiler is based on GCC 12. Remove this GCC 13-specific
option until the next release.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This recipe uses the binary Arm compiler, which is based on GCC 12.
Remove this GCC 13-specific option until the next release.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This recipe uses the binary Arm compiler, which is based on GCC 12.
Remove this GCC 13-specific option until the next release.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Change from using a patched, intermediate SHA to the latest.
Unfortunately, the latest stable mbedtls doesn't boot on tc1.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update TF-A and fiptool (which is part of tf-a) to the latest stable version.
Also, use the tf-a tests lts branch (which is still at version 2.8.0).
Signed-off-by: Jon Mason <jon.mason@arm.com>
gcc-arm-none-eabi and gcc-aarch64-none-elf both fails when packaged as
RPM for sdk with
nothing provides libcrypt.so.1()(64bit) needed by nativesdk-gcc-arm-none-eabi-12.2.rel1-r0.x86_64_nativesdk
As we don't control the dependencies for prebuilt libraries we create a
workaround by skipping the FILEDEPS
Signed-off-by: Claus Stovgaard <claus.stovgaard@gmail.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
TF-A has LTS releases, which are prefixed with lts- for some reason.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add a link to the FVP EULA in LICENSE_FLAGS_DETAILS, so the user has
some context as to what they're agreeing to upfront.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
armcompiler was removed from meta-arm-toolchain (24c4cfa) so this isn't
needed.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Even though corstone1000 platform does not support the entire PSCI APIs, it
relys on PSCI reset interface for system reset. The name of this config
changed in the new version of u-boot. This enables PSCI reset, so
the system can be resetted in u-boot again.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Split trusted-services.xml into qemuarm64-secureboot-ts.yml and
n1sdp-ts.yml as collection of Trusted Services which can be tested on
each platform has diverged.
Signed-off-by: Adam Johnston <adam.johnston@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Make sure we setup the new variable for the configuration
of the SE-Proxy service for our machine. This will trigger
the right configuration building trusted services and all
psa-arch test pass as before.
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update Trusted Services and backport an OP-TEE update which allows
interrupting the SPs by NWd interrupts. This solves the kernel stall
problems which are due to long cryptographic operations being executed
in the SWd.
Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The nanopb build step randomly fails in the yocto CI due to a race condition.
This change adds a patch file to disable parallel build for nanopb. This is a
temporary workaround and a proper fix will be up-streamed int he future.
Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Patch related with the changes to support the in/out_vec modifications
in TF-M v1.7 was merged in upstream trusted-services integration branch.
So, drop this 3 out of tree patches not needed to be applied any more.
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
TF-A v2.8 does not support measured boot and FF-A which is mandatory for
PSA Initial Attestation SP to work correctly.
Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add information related to SPMC tests and fix stale links.
Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Remove already merged patches in trusted services integration
branch to avoid clash during apply patch stage and rebase the
remaining patches.
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Run the ffa_spmc test group of xtest if the optee-spmc-test machine
feature is enabled.
Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add ta-devkit and optee-test. Change configuration to enable building
and deploying OP-TEE SPMC tests.
Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com>
Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The ABI used by the arm-ffa-user driver to call into the SWd changed.
The change was driven by the MM over FF-A ABI implementation which is
used by SmmGW SP and uefi-test. uefi-test uses the same arm-ffa-user
driver as xtest hence xtest needs to be updated to use the new driver.
This xtest change is already merged up-stream but after v3.20, which is
used here.
This change adds backported xtest changes as carried patches.
Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This change:
- cherry-picks TF-A changes from master which implement passing
TOS_FW_CONFIG DTB from the FIP package to the trusted OS.
- add an OP-TEE SPMC specific SPMC manifest file
- configures TF-A to build the manifest, add it to the FIP package
and pass it to OP-TEE as a boot argument.
This functionality needs matching changes in OPTEE (OP-TEE v3.21
or v3.20 + carried patches.)
Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
OP-TEE SPMC v3.20 and TF-A v2.8 is incompatible on qemu, and OP-TEE
panics during boot because having an SPMC manifest passed to the SPMC is
mandatory since v3.20. TF-A and OP-TEE upstream already fixed this issue
by modifying the ABI between the SPMD and SPMC. Moreover qemu support in
TF-A has been extended to allow building an SPMC manifest DTS file, and
loading it from the FIP package.
This change adds the needed OP-TEE fixes as carried patches. The TF-A
change will be added in the next commit.
Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Split tests to groups, and enable groups based on machine features set.
This allows limiting tests to testing deployed SPs only.
Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
To enable up-to date version of Trusted Services op-tee v3.20 or newer
is needed.
Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This change updates to latest available version of Trusted Services.
List of changes:
- adapt SP recipes to file structure changes and support for
"configurations". In TS each SP can be built in various different
setups to allow adapting to platform and integration specific
differences.
- MbedTLS dependency has been updated to v3.3.0.
- This needs new python dependencies are required in the build
environment.
- psa-acs was updated to a matching version.
- do_patch() has been updated to support the MbedTLS patch added
in TS.
- Update TS dependency patching method to use git instead of patch.
- Downgrade nanopb to match up-stream dependency version.
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Issue when building the kernel on FVP (and probably all aarch64
platforms) with GCC 13 on the 6.1 kernel (and possibly others).
Backport the upstream fix.
Signed-off-by: Jon Mason <jon.mason@arm.com>
There are cases where a developer might want to enable things, like
debug-tweaks, which are useful in their testing but not something we
would want in a production environment. Create a file where these can
be added without affecting other things.
Signed-off-by: Jon Mason <jon.mason@arm.com>
virtual/arm-none-eabi-gcc-native is still at version 12 which
doesn't support it. poky comes with gcc 13 already.
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add musl testing to have qemuarm-secureboot match qemuarm64-secureboot.
Since the Arm GCC binary toolchain cannot work with musl, move that out
into it's own testing.
Signed-off-by: Jon Mason <jon.mason@arm.com>
debug-tweaks is useful in testing and internal usage, but is a massive
security hole (as it allow password-less root login). Remove the
default enablement on machine files and in kas base yml.
Signed-off-by: Jon Mason <jon.mason@arm.com>
It is only necessary to accept the FVP usage license when using FVPs.
So, move that to the fvp.yml file from the base.yml file to make things
a little cleaner.
Signed-off-by: Jon Mason <jon.mason@arm.com>
The fvp-base machine only has minimal patches, so should be good to
always track the latest release of u-boot.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Using absolute path in fvpconf will leak the host machine path.
This is a bit annoying when the builder and the runner doesn't use
the same filepath hierachy.
Switch to relative path instead of absolute.
Signed-off-by: Clément Péron <peron.clem@gmail.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
In Order to be able to have filepath relative to fvpconf, execute the
fvp process in the same working directory.
Signed-off-by: Clément Péron <peron.clem@gmail.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
At the moment the config is load and pass to FVPRunner.
Change the ownership to FVPRunner.
Signed-off-by: Clément Péron <peron.clem@gmail.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
We access the dictionnary element that doesn't exist.
Use the get() method instead that will default the element to None if it
doesn't exist.
Signed-off-by: Clément Péron <peron.clem@gmail.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
When running an FVP machine the model executable need to be found
in the PATH environement.
At the moment the script doesn't provide any PATH to the subprocess.
Add PATH to the allowed environement variable to be forwaded.
Signed-off-by: Clément Péron <peron.clem@gmail.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
It fixes and limits the partition size to fix capsule update feature
after the GPT changes.
The partitions in the second bank needs to have correct size and
the partitions in first bank should have a fixed size since corstone1000 does
not support partial update and has a limited flash to support variable size.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This patch aligns capsule update feature in tfm with GPT/BL1 changes.
Adjusts BL2 flash and data size and adds missing CRC checks.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Remove log messages, that would never show up, but clean that
mess. And fix the env script and config so that trigger the
load of kernel from reading the gpt.
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The signed kernel image for the android kernel and legacy u-boot is no
longer booting. Remove this to allow for it to work until it can be
fixed.
Signed-off-by: Jon Mason <jon.mason@arm.com>
N1SDP master has now updated to TF-A v2.8.0 so we should do the same.
Remove the SHA override for the N1SDP
Signed-off-by: Adam Johnston <adam.johnston@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Enabling new features on tfm for corstone1000 increases the number of
ITS and PS assets needed. This patch increases the number of PS and ITS
assets and fixes regression on psa-ps-api-tests.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Installing SMM Gateway SP on the N1SDP may stop the platform from booting
for on-device testing in CI.
In n1sdp.yml, remove `ts-smm-gateway` if it has been added
Keep `ts-smm-gateway` in default SP set so it can still be tested with
`qemu-secureboot`
Signed-off-by: Adam Johnston <adam.johnston@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Some platforms install .elf files, so put those into the -dbg package.
This means expanding the buildpaths QA exclusion.
Whilst here, expand the comments for the other INSANE_SKIP statements.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
We don't need to unset CFLAGS and LDFLAGS as the CMake file doesn't
respect them anyway.
Add CC to the unexport list for completeness, at least one of these is
needed for now as the build fails without the unexports.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Some machines use components from tf-m-extras, so fetch that too.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add tc1 ecosystem FVP and bits to enable in the tc1 machine config file
Also, do some hacks to speed things up.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Recent changes in upstream u-boot recipes for signed fitimages, have
caused the existing code to no longer boot. Add a newly required
variable to get it working again. Tested using tc1 FVP.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Adds OTP config to run the FVP with the new BL1 changes
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Integrates TF-M BL1 into corstone1000 platform. This needs a large
changeset since it changes how TF-M builds and packs the bl1 image.
It also adds changes to make the new BL1 compatible with GPT parser
changes. And finally it bumps to SHA to include necessary changes and fixes
on TFM master and removes already upstreamed GPT patches.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
TF-M has out-of-tree patches on external projects such as mbedtls and
qcbor. This needs to be applied in an orderly fashion to build TF-M and
other TF-M related binaries correctly.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
SCP-firmware may build components other than the SCP and MCP. Make the
MCP branch of the do_install task more generic to suport this.
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The upstream official N1SDP software currently supports edk2-firmware
202211 version. This patch is to align N1SDP Yocto build with upstream
N1SDP software.
Signed-off-by: Xueliang Zhong <xueliang.zhong@arm.com>
optee-os-tadevkit is a variant of optee-os recipe to install TA devkit.
Even though it may not need local build patches, it re-uses SRC_URI and
FILESPATH from corresponding optee-os recipe. This was mistakenly added
in b061104c87.
Signed-off-by: Denys Dmytriyenko <denis@denix.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Our machines have moved to 2.11 so we can remove the 2.10 recipe.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Thanks to Xueliang Zhong for testing that this works on N1SDP.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The install task is subtly different as the ELF binaries are named .elf
now, instead of having no extension.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Now that we moved in corstone1000 to use a gpt and partitions for
the wic image and flash layout. Setup TF-m to set/get FWU and
Private metadata using the partition information (start and size)
stored in the gpt table instead of fixed flash offsets as before.
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
As optee-os for the N1SDP has been updated to 3.20 we need to do the
same for optee-os-tavdekit. Otherwise errors will be seen if/when
optee-os-tavdekit is built.
Signed-off-by: Adam Johnston <adam.johnston@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This config fragment was needed to get the dev kernel working. Since it
in now allowed to fail, it is no longer necessary (and doesn't appear to
be an issue).
Signed-off-by: Jon Mason <jon.mason@arm.com>
The dev kernel can frequently fail, and is not anything that is used in
production. Allow failure to prevent CI issues but still notify that
there are potential issues.
Signed-off-by: Jon Mason <jon.mason@arm.com>
This patch adds optee-os 3.20 support on N1SDP, the optee-os 3.20
bbappend file is also added.
Signed-off-by: Xueliang Zhong <xueliang.zhong@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
meta-clang's clang recipe has an irritating interaction with oe-core's
llvm recipe which can result in build warnings, which cause builds to
fail in our pedantic CI.
The current best known workaround is to simply mask out the llvm recipes
if clang is being used.
For more details, see https://github.com/kraj/meta-clang/pull/766.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Instead of a SCP_BUILD_RELEASE boolean, add CMAKE_BUILD_TYPE and default
to RelWithDebInfo which gives us release (optimised) builds with debug
symbols in the matching .elf files.
To ensure that buildpaths don't leak into the debug symbols, pass the
debug prefix maps via CFLAGS and ASMFLAGS.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The text relocations appear to have been fixed and this skip is no
longer needed.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
We want compile logs to be useful, so enable verbose logs to show what
commands are being invoked.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
For some reason the shell functions are indented an extra character,
reindent to standard four spaces.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Introduce the use of a gpt partition type layout, and use
the firmware metadata as source of the current boot bank
to boot from in the different boot stages.
This needs to be a large changeset, since it touches a lot
of software components to guarantee that everything works
in an atomic way, to not break the build and/or the boot flow
of the corstone1000 platform.
fdisk -o Start,End,Sectors,Size,Type-UUID,Attrs,Name,UUID -l tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.wic
Disk build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.wic: 32 MiB, 33554432 bytes, 65536 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: gpt
Disk identifier: 5BFC084A-9B95-4024-B60B-9748F5332524
Start End Sectors Size Type-UUID Attrs Name UUID
34 39 6 3K EBD0A0A2-B9E5-4433-87C0-68B6B72699C7 reserved_1 B1F2FC8C-A7A3-4485-87CB-16961B8847D7
40 47 8 4K 8A7A84A0-8387-40F6-AB41-A8B9A5A60D23 FWU-Metadata 3FDFFEE1-3223-4C6B-80F9-B0E7D780C21D
48 55 8 4K 8A7A84A0-8387-40F6-AB41-A8B9A5A60D23 Bkup-FWU-Metadata B3068316-5351-4998-823A-3A7B09133EC1
56 63 8 4K ECB55DC3-8AB7-4A84-AB56-EB0A9974DB42 private_metadata_replica_2 3CC3B456-DEC8-4CE3-BC5C-965483CE4828
64 71 8 4K ECB55DC3-8AB7-4A84-AB56-EB0A9974DB42 private_metadata_replica_2 DCE9C503-8DFD-4DCB-8889-647E49641552
72 271 200 100K 64BD8ADB-02C0-4819-8688-03AB4CAB0ED9 bl2_primary 9A3A8FBF-55EF-439C-80C9-A3F728033929
272 1023 752 376K D763C27F-07F6-4FF0-B2F3-060CB465CD4E tfm_primary 07F9616C-1233-439C-ACBA-72D75421BF70
1024 5119 4096 2M B5EB19BD-CF56-45E8-ABA7-7ADB228FFEA7 FIP_A B9C7AC9D-40FF-4675-956B-EEF4DE9DF1C5
5120 15199 10080 4.9M 8197561D-6124-46FC-921E-141CC5745B05 kernel_primary BF7A6142-0662-47FD-9434-6A8811980816
32784 32983 200 100K 64BD8ADB-02C0-4819-8688-03AB4CAB0ED9 bl2_secondary 3F0C49A4-48B7-4D1E-AF59-3E4A3CE1BA9F
32984 32991 8 4K D763C27F-07F6-4FF0-B2F3-060CB465CD4E tfm_secondary 009A6A12-64A6-4F0F-9882-57CD79A34A3D
32992 32999 8 4K B5EB19BD-CF56-45E8-ABA7-7ADB228FFEA7 FIP_B 9424E370-7BC9-43BB-8C23-71EE645E1273
33000 33007 8 4K 8197561D-6124-46FC-921E-141CC5745B05 kernel_secondary A2698A91-F9B1-4629-9188-94E4520808F8
65496 65501 6 3K EBD0A0A2-B9E5-4433-87C0-68B6B72699C7 reserved_2 CCB18569-C0BA-42E0-A429-FE1DC862D660
Add new nvmxip qspi block storage device to u-boot and
the plumbing to boot using the fwu_metadata and gpt
partition information.
Make sure that fwu and fwu-backup have the correct, as defined
in spec, partition type. That will make SW pieces in the stack
identify it correctly.
Update the fvp config to use the new wic image with the gpt scheme
Depends on metadata to decide boot bank in TFA, TFM and u-boot
Using Reading partitions (GPT scheme)
changes needed:
- Rename FIP partition in wic image as defined in TF-A to FIP_A,FIP_B
- Rename metadata partitions to FWU_Metadata and Bkup-FWU-Metadata
- Enable support for GPT and PSA_FWU in TF-A
arm-bsp/corstone-1000: TF-M patch to calculate fwu metadata crc32
It's necessary to calculate the metadata crc for TF-A and U-boot
verify the metadata.
and at last remove the wic.nopt (wic no partition) as target fstype
since we now use the partitions.
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Bump the preferred corstone1000 to v3.20, drop patch
that is already included in this version.
Create the 3.20 bbappend and remove the entry in 3.18 bbappend.
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Poky commit 9ef8cbcdfc85c3ce2ca52d8bee2ab6929f589383 updates
the kernel to 6.1.20 which breaks the PCI quirk patch for the N1SDP.
This change fixes it.
Signed-off-by: Adam Johnston <adam.johnston@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
If the repository reference directory gets corrupted it's not easy to
wipe it, so add a variable CI_CLEAN_REPOS that if set in the pipeline
will clean the clones and re-fetch them.
Also, stop the fetch from detaching during the garbage collection, just
in case it was a long-running GC that got killed that caused the
corruption in the first place.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Manually check every patch that was marked as Pending and update the
patches which are actually backports.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The infrastructure for edk2 and fvp-base is already present, but not
being used. Make the changes to get it compiling cleanly, and add it to
CI.
Note: testing is not passing because edk2 isn't booting an image
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update to the latest version of EDK2. There is an issue with memory not
being initialized and hanging boot. So revert the patch that is causing
the issue until the proper solution can be found.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update to the latest version and regenerate the patches via devtool.
This causes some patch renumeration to occur, which causes some other
modifications.
Signed-off-by: Jon Mason <jon.mason@arm.com>
optee-os-3_19.inc duplicates optee-os.inc. Remove that and cleanup
the fallout. Also, remove unused 3.19 bbappend
Signed-off-by: Jon Mason <jon.mason@arm.com>
With the removal of fvp-base-arm32, we no longer have test coverage for
the external Arm toolchain. Add this to qemuarm-secureboot CI so that
there is coverage again. Note: it must be a 32bit machine, since there
are currently no aarch64 host toolchains for aarch64
Signed-off-by: Jon Mason <jon.mason@arm.com>
fvp-base-arm32 isn't a real machine and supporting it has become hacky.
Drop support and remove from meta-arm-bsp
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update to the latest version of u-boot. This requires removing the new
way DRAM is handled, since we don't use dtb the way u-boot is expecting.
Also, change the default bootcmd to make things work (as that expects
env things as well).
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add the various kernels available in oe-core, as well as the poky-tiny
minimal distribution (which has a minimal kernel config). This
necessitated combining some kernel bbappends to have patching coverage
for all the variants.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Make things more obvious by adding yml files for the poky defaults
instead of disregarding them in the jobs-to-kas script
Signed-off-by: Jon Mason <jon.mason@arm.com>
This commit includes :
- Rebased and fixed N1SDP kernel PCIe quirk patches to apply on 6.1 kernel
Signed-off-by: Xueliang Zhong <xueliang.zhong@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The UEFI capsule generated is in the incorrect build directory.
This patch copies it to IMGDEPLOYDIR.
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Mirrors of meta-arm may focus their development on a small subset of
MACHINEs so provide the option to restrict the boards that are built on
CI using the variable BUILD_ENABLE_REGEX. If set, it conditionally
enables builds; if unset there is no change in behavior.
This variable could be overridden in a scheduled build, to e.g. build
all the MACHINEs weekly.
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update tfa version to v2.8. Also, fiptool uses tfa sources. So, keep
it with the rest of tfa to prevent the version from becoming stale.
NOTE: tf-a-tests is being held back for corstone1000 due to compilation
errors.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Defining a task called do_deploy in an image recipe causes the
license_image bbclass in OE-core to think the recipe is not an image
recipe, which causes errors with license information collection if you
have an image recipe which depends on an image recipe using this
bbclass.
To fix this, and to add support for caching the signed binaries, use a
single task, do_sign_images (and its setscene task). The implementation
is based on deploy.bbclass, so the sstate is responsible for installing
the signed binaries in ${DEPLOY_DIR_IMAGE}, but using a different name
so that license information collection still works as expected.
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
To simplify adding support for new versions of TF-M scripts in the
future, create a common .inc file with the non-version-specific
configuration.
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
To simplify adding support for new versions of TF-M in the future,
create a common .inc file with the non-version-specific configuration.
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
To try and prevent trusted-firmware-m and trusted-firmware-m-scripts
from becoming out of sync in the future, create a common
trusted-firmware-m-1.7.0-src.inc which defines all the repositories and
their SHAs for both. Include this file in both recipes.
Add a SUMMARY and DESCRIPTION to trusted-firmware-m-scripts.
Update mbedtls to 3.2.1 (the recommended version for TF-M 1.7.0)
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Factor out the image signing arguments in tfm_image_sign.bbclass into
its own variable, TFM_IMAGE_SIGN_ARGS, so that it can be customized on a
per-machine basis if necessary.
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update the TF-M image signing scripts to use the TF-M 1.7.0 sources, so
it is in sync with the TF-M recipe itself.
Synchronize the trusted-firmware-m and -scripts Python dependencies
with the in-repo requirements.txt files. This requires a recipe to be
carried for pyhsslms.
1.7.0 introduces the --measured-boot-record argument to the image
signing script, which is required to maintain existing behavior. Add it
to the arguments in the tfm_sign_image bbclass.
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
TF-M provides IPC as a SPM backend which gives SPM and each Secure Partition
it's own execution context. And provides higher isolation levels.
corstone1000 isolation level is 2. Hence, switching to IPC backend.
Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This change adds patches to align psa crypto client of TS with TF-Mv1.7
running on secure enclave of corstone1000
The patches updating
- PSA Crypto SID defines values
- psa_ipc_crypto_pack_iovec structure
- Fix inputs and outputs passed to in/out_vec to match crypto service
expectations
Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Mirrors of meta-arm may have the persistent cache directory mounted in a
different place. To make it easier to configure, define this location
using a single $CACHE_DIR variable.
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This repository doesn't tag releases, so just track the latest SHA.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
IMAGE_TYPES += "wic.nopt" is effective if the bbclass is included
using IMAGE_CLASSES, but not if included directly (using inherit) due to
file parse ordering.
To support applying wic_nopt locally (i.e. for certain image recipes but
not others), change to use :append.
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
To support using the wic_nopt bbclass from BSP layers other than
meta-arm-bsp, move it to meta-arm.
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This patch uses the json config file for UEFI capsule generation
as this is efficient and easily scalable to generate multiple
capsules.
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The BBCLASSEXTEND configuration can generate native sdk and target
recipes as well. The cp command used in do_install will
create host contamination issues for these recipes, so this patch
makes the recipe native only.
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Inherits the UEFI capsule generation class and configures the capsule
variables for the wic.nopt image
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This class currently supports only a single firmware binary. The
required capsule parameters needs to be set, if not the build fails.
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The native recipe installs the UEFI capsule generation tool
along with the other base tools to native sysroot.
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
TF-M does not use persistent release branches and the release-* branches
have been removed from the repository, so switch the branches to master.
Also update the tf-m-tests SRVREV to the 1.7.0 tag, not the RC2.
99% based on a patch by Peter Hoyes <Peter.Hoyes@arm.com>.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This bbappend is only used by qemuarm*, which now use 6.1, so this can
be removed.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Currently the N1SDP patches haven't been ported to 6.1 and the
port/testing isn't trivial. Until the relevant team has done the port to
6.1, carry a 5.19 kernel in meta-arm-bsp for N1SDP.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Apply the patch from scp-firmware to the third copy of the buggy
Makefiles which fail randomly under parallel builds.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2 symbols were added to the arm64 kernel defconfig without the
corresponding code. Remove these unnecessary pieces to avoid the
warning.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Bump kernel version to v6.1 and rebase the patches on
top of this new version.
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Bump corstone500 kernel version to 6.1 and drop the not
longer needed patch regarding the SND_SOC_AC97 config
option in multi_v7.
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Bump corstone1000 to u-boot version 2023.01, as at it
do some trailing spaces cleanup.
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Make sure the master branch track the other masters instead
of being lock to langdale.
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
To avoid having always tools that depend on git ls or other
git plumbing to include and spin around the enormous content of
the build directory.
Just add it to the ignore file and make that build content,
that will never get in the repo invisible to git and tools.
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
For some reason the kas 3.2.1 container fails:
No such file or directory: '/builds/engineering/yocto/meta-arm/ci/ci/base.yml'
Note the repeated /ci/, which is wrong.
Pin the kas container to 3.2 for now until this is resolved.
Signed-off-by: Ross Burton <ross.burton@arm.com>
The initramfs needs to be very small, but since oe-core d6a62e kmod has
enabled OpenSSL support which doubles the size of the initramfs,
resulting in boot failures.
Signed-off-by: Ross Burton <ross.burton@arm.com>
With the 6.1 kernel, fvp-base logs the warning:
[NOTE]: 'CONFIG_ARM_CPUIDLE' last val (y) and .config val (n) do not match
This is because the kernel idle configs have changed. Remove this
entry, as it is no longer necessary.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update kernel patches and configs for the v6.1 kernel. Previously, it
was using the linux defconfig as a starting point. It is now using the
local kernel metadata.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update qemuarm-secureboot to work with the latest u-boot version and
remove the old, unneeded version from meta-arm
Signed-off-by: Jon Mason <jon.mason@arm.com>
New arm-ffa-tee and arm-ffa-user drivers are compatible with 5.* and 6.1 kernels.
Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Upstream has updated u-boot to v2023.01, but the update is causing
problems with some machines. Temporarily add a v2022.10 recipe until
the issues can be resolved.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Upstream has updated u-boot to v2023.01, but the update is causing
problems with some machines. Temporarily add a v2022.10 recipe until
the issues can be resolved.
Signed-off-by: Jon Mason <jon.mason@arm.com>
A recent commit compressed the kernel image (to Image.gz) and
by default enabled an initramfs image. In the case for when
such that (initramfs) is not desirable, the deploy step of the
Juno firmware will still try to install the Image file, (not
Image.gz), so this fails:
ERROR: firmware-image-juno-1.0-r0 do_deploy: ExecutionError('/oe/build/tmp-glibc/work/juno-oe-linux/firmware-image-juno/1.0-r0/temp/run.do_deploy.360477', 1, None, None)
ERROR: Logfile of failure stored in: /oe/build/tmp-glibc/work/juno-oe-linux/firmware-image-juno/1.0-r0/temp/log.do_deploy.360477
Log data follows:
| DEBUG: Executing python function sstate_task_prefunc
| DEBUG: Python function sstate_task_prefunc finished
| DEBUG: Executing shell function do_deploy
| cp: cannot stat '/oe/build/tmp-glibc/deploy/images/juno/Image': No such file or directory
| WARNING: /oe/build/tmp-glibc/work/juno-oe-linux/firmware-image-juno/1.0-r0/temp/run.do_deploy.360477:152 exit 1 from 'cp -L -f /oe/build/tmp-glibc/deploy/images/juno/Image /oe/build/tmp-glibc/work/juno-oe-linux/firmware-image-juno/1.0-r0/image/juno-firmware-19.06/SOFTWARE/'
| WARNING: Backtrace (BB generated script):
| #1: do_deploy, /oe/build/tmp-glibc/work/juno-oe-linux/firmware-image-juno/1.0-r0/temp/run.do_deploy.360477, line 152
| #2: main, /oe/build/tmp-glibc/work/juno-oe-linux/firmware-image-juno/1.0-r0/temp/run.do_deploy.360477, line 163
NOTE: recipe firmware-image-juno-1.0-r0: task do_deploy: Failed
ERROR: Task (../meta-arm/meta-arm-bsp/recipes-bsp/images/firmware-image-juno.bb:do_deploy) failed with exit code '1'
This updates the else case for when an initramfs image is not
in use so that the right kernel image is deployed, by using
the KERNEL_IMAGETYPE variable, to use either version of the
kernel image.
Signed-off-by: Daniel Díaz <daniel.diaz@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The SRC_URI, SRCREV AND SRCBRANCH variables are currently used
inconsistently across recipes in meta-arm, leading to difficulties
customizing the configuration in external BSP layers where necessary.
Standardize usage across commonly used recipes so that:
* SRC_URI contains a SRC_URI_PACKAGE_NAME variable per component which
can be used to easily configure a mirror. This variable uses
default assignment so that it can be easily overridden using an
environment variable, e.g. to point to an internal mirror that cannot
be committed externally.
* SRCBRANCH is defined per component.
* SRCREV is defined per component.
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
For models that require a license, ARMLMD_LICENSE_FILE is used to define
the location of a license file or server. If the variable is not set in
Bitbake it will not be set in the model environment.
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
FVP_ENV_PASSTHROUGH may contain variables that have not been set.
d.getVar returns None in this case. Detect this and skip setting the
variable in the model environment.
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Define FVP_ENV_PASSTHROUGH's vardeps to equal itself, so that the
fvpconf is regenerated if any of the defined variables change.
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
aa89fe3f ensured environment variables necessary for GUI applications
are passed through to the model despite runfvp env var restrictions. Add
XAUTHORITY to this list. This is useful when doing X-forwarding with
Kas, which creates its own home directory.
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update the Arm GCC source to the latest version. Also, update the GCC
patches to apply cleanly, removing those that are no longer relevant.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Disable fatal warnings for tfm. This removes issues with RWX and others
when using the new binary toolchain versions.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Change u-boot and machine config to default to booting a compressed
initramfs. This allows for easier testing. A compressed image is
needed as the image is too big for the storage, and the error notifying
of such is vague.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Kas 3.2 ships python3-subunit, so we don't need to try to install that
anymore.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Kas 3.2 has a 'dump' plugin, so use that instead of cat in a shell.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This job doesn't use the standard helpers, so needs to pass these
explicitly otherwise it can pick up an old SHA.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Upgrade to v2022.10
This includes Corstone-1000 out of tree patches.
FF-A patches are the latest sent to U-Boot mailing list (v8).
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Rebase corstone500 u-boot patches to 2022.10 version.
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Since oe-core 868dfb4 rng-tools is no longer depended on by openssh, so
we don't need to remove it ourself.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
meta-clang now builds pixman with GCC until this is resolved.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Now we're using master these workarounds are not needed anymore.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
We're now compatible with oe-core master, so update the CI to build
against master branches instead of langdale.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The oe_import() function was removed in oe-core when addpylib was
added[1]. However, meta-arm-toolchain doesn't ship any library code so
this call doesn't do anything useful anyway.
[1] 1f56155e91da2030ee0a5e93037c62e1349ba89f
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
OE-core 4901c9d471cab99d52876842980222ce271b66e4 "base: Switch to use
addpylib directive and BB_GLOBAL_PYMODULES" means that ${LAYERDIR}/lib
is no longer searched by default when loading test controllers.
meta-arm defines some custom test controllers for testing FVPs, so add
an addpylib directive to meta-arm/conf/layer.conf to fix testimage on
FVPs.
testimage.bbclass still has its own test case loading logic based on
BBLAYERS, so other layers that only define test cases (not controllers
or other Python libraries) need no further changes.
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: I7fab638b4a1610d30efad2dae214378d096e0fc4
Signed-off-by: Jon Mason <jon.mason@arm.com>
oe-core's master branch is diverging from langdale and meta-arm will be
following this, so drop compatibility with langdale in master so we're
free to diverge too.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The SCP-firmware CMake compile step automatically attempts to execute
cppcheck if both:
* cppcheck can be located using find_program
* DISABLE_CPPCHECK is not defined
cppcheck is not readily available in OE-core and is not an essential
part of the compilation process for end-users, so explicitly disable the
cppcheck step by passing DISABLE_CPPCHECK to CMake.
Additionally, because the OE-core CMake toolchain file cannot be used,
find_program may locate cppcheck on the host machine, which will cause
the build to fail if it is not the recommended version (as it is in
recent Linux distros).
Issue-Id: SCM-5864
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: Ia87a0cbbb67ac1d6f3b26cfb5747a85b46131f81
Signed-off-by: Jon Mason <jon.mason@arm.com>
If CMAKE_BUILD_TYPE=debug (lowercase), SCP-firmware builds with debug
compiler flags but BUILD_MODE_DEBUG is not defined in C code so features
that are conditionally enabled/disabled in debug mode are not active.
Pass capitalized "Debug" and "Release" strings to CMAKE_BUILD_TYPE to
ensure Debug mode is fully enabled when SCP_BUILD_RELEASE = "0".
SCP_BUILD_RELEASE = "1" (the default) for all machines in meta-arm-bsp
so they are unaffected.
Issue-Id: SCM-5864
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: I93220420eedd2e3e6c169679efcaf4642dd5bc51
Signed-off-by: Jon Mason <jon.mason@arm.com>
The include file should be pointing to `optee-os-3.19.0` instead of
`optee-os-3_19` (which does not exist).
Fixes: 3259a2a840 ("arm/optee: support optee 3.19")
Signed-off-by: Theodore A. Roth <theodore_roth@trimble.com>
Signed-off-by: Theodore A. Roth <troth@openavr.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
apply_local_src_patches.bbclass was added in a previous patch to handle
the application of patch files located inside the fetched source code.
find is used to collect the patch files which does not guarantee the
order of its output. Pipe the output of find into sort to ensure patch
files are applied in the correct order.
Issue-Id: SCM-5864
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: I1082fb7a726a7745289a5aa8bb6447bef57a94b0
Signed-off-by: Jon Mason <jon.mason@arm.com>
Now that the FVP is available for both aarch64 and x86-64, don't set a
tag so this can run on both architectures.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
There is now a beta release of the Base-A AEM FVP for aarch64!
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
We can download both x86-64 and aarch64 binaries, so ensure the SRC_URI
entry is named to identify them.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
There is a new optee version 3.19. Currently, qemuarm-secureboot cannot boot
optee 3.19 out-of-the-box. This pins optee-os version to 3.18 for
qemuarm-secureboot.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
From: Emekcan <emekcan.aras@arm.com>
Adds build configuration to support optee-os 3.19 for N1SDP.
Also, it patches optee-os to support external DT for N1SDP.
Signed-off-by: Emekcan <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Moves optee-3.18 and optee-tadevkit patches into
related directories.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The libts recipe assumes generated cmake file will be suffixed with
'-noconfig'. This is only true when building with the default type
i.e. "".
Check which target cmake file has been generated before trying to
patch it. This fixes 'no such file' error when building with an
explicit type (Debug, Release, etc).
Signed-off-by: Adam Johnston <adam.johnston@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Apply patch to use the stateless platform service calls
Calls to psa_connect is not needed and psa_call can be called
directly with a pre defined handle.
Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
The meta-gem5 layer is unmaintained and gem5 is incompatible with Python
3.11, so won't work with master without work that is still ongoing.
Signed-off-by: Ross Burton <ross.burton@arm.com>
The meta-atp layer is unmaintained and gem5 is incompatible with Python
3.11, so won't work with master without work that is still ongoing.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Add set -e so errors are fatal.
Allow HOST_ARCH and VER to be overridden by the environment, for testing.
Pull the tarball basename into a variable to reduce duplication.
Turn the wget call into a function to reduce duplication.
Drop the big-endian binaries as we never use those.
Signed-off-by: Ross Burton <ross.burton@arm.com>
meta-clang has a langdale branch now, so unset the explicit refspec.
linux-yocto needs to use non-clang objcopy, apply the change locally
until the commit has been merged into meta-clang's langdale branch.
perf needs some patches backported, until that has been done use gcc to
build perf.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Timing Annotation is a feature of the model that enables high-level
performance estimations to be made [1]. It is not needed to demonstrate
a functioning software stack so set FASTSIM_DISABLE_TA to 1 in the model
environment to disable this feature. This also improves model
performance.
[1] https://developer.arm.com/documentation/100965/1119/Timing-Annotation
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
DEFAULT_TAG and CPU_REQUEST are being used to help with internal Gitlab
pipeline setups know which type of machines to run on, but has no value
outside of Arm Corp. Gitlab CI allows for variables to be overridden
by default. So, we can give it a default value of NULL/empty and have
everything work internally and externally by default.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Tag all jobs with the DEFAULT_TAG variable so each instance can control
what tags the jobs have, whilst still explicitly tagging the jobs which
need specific tags (such as x86_64 for jobs which need to run x86-only
binaries)
Signed-off-by: Ross Burton <ross.burton@arm.com>
The Kas container needs to use the entrypoint as that is where the user
changes from root to a normal user.
Also set the KUBERNETES_CPU_REQUEST to the variable CPU_REQUEST as this
needs to be tuned per-deployment.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Update version in documentation.
Issue-Id: SCM-4874
Signed-off-by: Robbie Cao <robbie.cao@arm.com>
Change-Id: Ic66bdcdc5c6309331f80faab6eaf2e3e936a5da4
Signed-off-by: Jon Mason <jon.mason@arm.com>
721bec25 "arm/fvp: Join cli arguments in verbose logging" changed the
verbose output of FVPRunner to print the generated arguments using
shlex.join instead of as a list. However, this function is only
available in Python >= 3.8, whereas OE-core currently supports Python
3.6.
To fix this, backport its one-line implementation to a local function
shlex_join and update the call site.
Issue-Id: SCM-5314
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: I56cab9dddcd0a91272464be15742a6ee726dad41
Signed-off-by: Jon Mason <jon.mason@arm.com>
Aligning the user guide with the latest Corstone1000 SW updates.
Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Upgrades the Corstone1000 FVP to the latest release
version.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Ensure meta-atp recipes are only performed if a compatible machine is
selected.
Signed-off-by: Adrián Herrera Arcila <adrian.herrera@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Previously, meta-atp extended the original gem5 recipe to add the ATP
Engine models; the .bbappend was complex, because it pulled from two
sources, and it was not possible to make machine-based overrides, as it
is a native recipe.
To solve this, we use the recent EXTRAS feature to add the gem5 models
from a different recipe.
Signed-off-by: Adrián Herrera Arcila <adrian.herrera@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The m5 readfile recipe provides general utility for gem5 users to
run any script on OS boot. We hence move it to the meta-gem5 layer.
Signed-off-by: Adrian Herrera <adrian.herrera@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
By making m5readfile into its own recipe, we avoid modifications to the
m5ops recipe when using the meta-atp layer, which break the Yocto
compatibility of the layer.
Signed-off-by: Adrian Herrera <adrian.herrera@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Test failed because there was no reference to maintainers in the
meta-atp README.
Following the common structure of other layers in the meta-arm
repository, the README in meta-atp now refers to the top-level README,
and a documentation directory contains the guidance that was present in
the original meta-atp README.
Signed-off-by: Adrián Herrera Arcila <adrian.herrera@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add support for n1sdp to trusted-services bbappends and rework some
things to make it easier to add more in the future.
Signed-off-by: Jon Mason <jon.mason@arm.com>
As TF-M ships patches that it needs applied to mbedcrypto, we apply them as
part of do_patch by using a postfunc. There is an issue when do_patch is
executed after do_deploy_source_date_epoch_setscene and apply_local_patches
tries to apply the patches already applied.
To fix this, make usage of the apply_local_src_patches bbclass.
Change-Id: Ia115b540b37ad3a2cce30e1e0461abd1f5a6ccc1
Signed-off-by: Diego Sueiro <diego.sueiro@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This class is to be inherited by recipes where there are patches located inside
the fetched source code which need to be applied.
The following variables need to be set:
LOCAL_SRC_PATCHES_INPUT_DIR is the directory from where the patches are located
LOCAL_SRC_PATCHES_DEST_DIR is the directory where the patches will be applied
Signed-off-by: Diego Sueiro <diego.sueiro@arm.com>
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: I8f9c16a5fbc9d5569cba60136560f1951408bd60
Signed-off-by: Jon Mason <jon.mason@arm.com>
In d8e9ee8fd53b7620e72b2dfebb2e8d464b737dbb the finalize method was removed.
Signed-off-by: David Bagonyi <david.bagonyi@gmail.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
World builds are trying to build trusted services, which has a
dependency on meta-python. To avoid having to add a layer dependency
for meta-arm on meta-python, limit the compatible machines to the ones
using it (which already have a meta-python dependency).
Signed-off-by: Jon Mason <jon.mason@arm.com>
"git" is the version and need not be part of the bbappend name. Since
this isn't being done in any other part of meta-arm-bsp (and not
uniformly in the same directory), rename the bbappends to have the %
wild card.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Start a new thread to simultaneously log the output of FVP and the
telnet output if the --verbose flag is passed to runfvp. So that
ConsolePortParser can read the same stream, use itertools.tee to
temporarily duplicate the stream.
Use a custom log format string with an escape character to ensure that
log output always starts at the beginning of a line when interleaved
with console output.
Issue-Id: SCM-5314
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: I3e815d9d899425e0d2af619524f09f2eda87562c
Signed-off-by: Jon Mason <jon.mason@arm.com>
It is often useful to inspect the FVP output after running the tests.
Refactor OEFVPSerialTarget._create_logfile into
OEFVPSSHTarget._create_log_filename, so that all FVP test controllers
are able to create secondary log files.
Pass a filehandle to the stdout argument of run_fvp so that the FVP
output is asynchronously logged to a file. Change the port parsing logic
to read back from the same log file instead of reading the stdout
directly.
Issue-Id: SCM-5314
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: I2ddb423fa0d896c13d3e96884858c680c4d34555
Signed-off-by: Jon Mason <jon.mason@arm.com>
To simplify the FVPRunner class, create a separate ConsolePortParser
class to handle reading an iterator of lines and parsing port numbers
for FVP consoles. Use this in runfvp and the test targets.
This refactor also allows the stream being monitored to be changed more
easily, e.g. to a log file.
Issue-Id: SCM-5314
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: Iade3a4c803fb355b04af7afa298d0a41fe707d94
Signed-off-by: Jon Mason <jon.mason@arm.com>
FVPRunner relies heavily on asyncio, despite there being very little
concurrent work happening. Additionally, while the runfvp entry point
starts an asyncio runner, it is not practical to have a single asyncio
runtime during testimage, which is fully synchronous.
Refactor to use subprocess.Popen and related functionality. The process
object has a similar interface to its async equivalent.
Cascade the API changes to runfvp and the test target classes.
Issue-Id: SCM-5314
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: I3e7517e8bcbb3b93c41405d43dbd8bd24a9e7eb8
Signed-off-by: Jon Mason <jon.mason@arm.com>
It is sometimes helpful to copy and paste the cli arguments from the
verbose runfvp output (e.g. to test with a development FVP build), but
currently the arguments are printed as a Python list. Use
shlex.join(cli) to safely join the arguments together in form that can
be reused directly in a shell.
Issue-Id: SCM-5314
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: Ibb5c5ed45d02e241cb3858f68740fb9d4e89357a
Signed-off-by: Jon Mason <jon.mason@arm.com>
Recent changes appear to have fixed clang issues. Unfortunately,
hafnium gn visibility is not done properly. So, a patch to that is
needed to get it working.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Aligning the release notes with the latest Corstone1000 SW updates.
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Use --prefix instead of --root when installing the Python modules to
ensure that build paths are not embedded in the compiled .pyc files.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Without virtio-rng enabled kernel 5.19 takes ages to finish
random number generator initialisation which causes
issues with ssh and other crypto related services.
Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
GetNextVariableName() should return EFI_BUFFER_TOO_SMALL
when NameSize is smaller than the actual NameSize. It
currently returns EFI_BUFFER_OUT_OF_RESOURCES due to setting
max_name_len incorrectly. This fixes max_name_len error by
replacing it with actual NameSize request by u-boot.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
As in EDK-2 and EDK-2 test code, setVariable() with 0
attributes means a delete variable requiest. Currently,
smm gateway doesn't handle this scenario. This commit
adds that support
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Enabling ESRT in trusted services increased the need for more
assets at protected storage level, since we now save FMP data
, capsule update, like Image Info as non volatile EFI
variables.
So, just change the default configuration for the corstone1000
to handle this.
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Reorder patch list headers, move psa api test patch that
should be applied to all psa api test from a crypto specific
directory to a more generic "psa-apitest" directory.
Create a inc file for the psa api test to make sure all out of
tree patches from trusted services are applied to all test
source directories, and move mm communicator buffer details to
each SP, and finally set it up differently as it
should/is expected to be at libts.
With this setup all psa-api test for crypto and attestation
passed.
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
At the apply ts patch stage, first check if they are patches
to be applied. Because if not, this would break the apply
patch stage with an error.
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
There are some cases where PN is not expanded into linux-yocto in the
arm-ffa-transport.inc file required from linux-yocto_%.bbappend,
because of the := usage, in those cases PN gets "defaultpkgname".
To fix the issue, rename "linux-yocto" folder into "files" and adjust
ARMFILESPATHS to point to that in linux-yocto_%.bbappend, prepend
ARMFILESPATHS to FILESEXTRAPATHS in arm-ffa-transport.inc.
Remove ARMFILESPATHS prepend from FILESEXTRAPATHS for corstone1000 in
meta-arm-bsp, because the platform has always the "arm-ffa" in
MACHINE_FEATURES, which causes ARMFILESPATHS to be prepended.
While there, remove the FILESEXTRAPATHS prepend of ARMFILESPATHS for
the n1sdp that will be added by arm-ffa-transport.inc only when
needed.
Signed-off-by: Luca Fancellu <luca.fancellu@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Bring fvp-base and fvp-base-arm32 to match what is currently being done
in other fvps, and clean up the fvps to use a single fvp yml file (which
should enable better adding and removing of issues common to fvps, like
xorg test bugs).
Signed-off-by: Jon Mason <jon.mason@arm.com>
opencsd and gator-daemon aren't currently being build. Add them to the
base build so that they can be verified to at least compile.
Signed-off-by: Jon Mason <jon.mason@arm.com>
These changes are to build and install optee test for
N1SDP
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
N1SDP has 2 DRAM's. This change is to register 2nd DRAM which starts at
0x8080000000. Linux uses 1KB of this memory to share data with optee-os.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Bitbake variables were being set in KAS for the unique Gitlab CI
configuration being used internally. While this should not have been
significantly detrimental for other setups, this shouldn't be necessary
with proper runner setup. Removing them here to all for a more generic
CI experience.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Apply shared patch to trusted services that is used to compile
psa crypto api tests to include change in packed-c request
message in the eaed update structure to be in sync with the
serialize/deserialize in TS side.
As at it, move the other corstone1000 specific patch file to
meta-arm-bsp where it should be.
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
These changes are to add support for readthedocs for
corstone1000 platform. readthedocs server traces
any changes to to corstone1000 documents and will trigger
a build which will generate html file which can will be
rendered by corstone1000.docs.arm.com server
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
These changes are to pass appropriate MMC card configuration to
corstone1000 FVP.
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Port crypto config to psa arch test api suite.This
needs to move to arm-bsp since is corstone1000 specific
configuration
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This FVP doesn't support TC1, so remove it now that we don't support TC0.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
These patches are specific to TC0, and are not needed for TC1.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The Total Compute 2020 BSP is obsolete and unsupported, so remove it
from meta-arm. The Total Compute team would like TC1 to be available in
langdale, but removed in mickledore.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This change is to add ARMFILESPATHS into serach path
for linux for N1SDP target.
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add support for libmetal and openamp as backend for se-proxy
and smm-gateway SP. For that also introduce a change to newlib
in memcpy optimization to avoid unaligned data-aborts in
__packed structures handling.
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add log handler for SP sending logs over ffa to spmc.
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Fixes the Tee driver bug in corstone1000. It adds a
delay to fix a possible race-condition occurs during
FF-A calls. This is a temporary fix for the upcoming
release.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Instead of checking out code through internal cmake,
the patch explicitly checkout the psa-adac code.
Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The patch corrects the source dir for libmetal and openamp.
Devtool modify on tf-m will work after this fix.
Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The patch bumps the tfm SHA to
b065a6b28cc6c692b99e4f7e9387d96f51bf4d07
Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
If a process is terminated using a signal, in Python its return code is
-N, where N is the signal number (e.g. -15 for SIGTERM). Currently, all
non-zero return codes are printed using logger.info, which gives the
impression of an abnormal termination even when the process was
explicitly terminated by FVPRunner.
Instead, only log return codes greater than zero.
Issue-Id: SCM-5314
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: I1a1e9d8aa3f26c14b48be718498bcb14707950b7
Signed-off-by: Jon Mason <jon.mason@arm.com>
On large systems, using all of the CPUs and 50% of the RAM when xz
compressing packages is actively harmful because it will happily use up
to that limit.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Since meta-zephyr is doing CI, there is no need to replicate that here.
Remove all of the zephyr references.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update ACK to 5.15 and remove the 5.10 recipe
Signed-off-by: Rupinderjit Singh <rupinderjit.singh@arm.com>
Change-Id: I7d86367533248312bb7a54ba39166ddee5a025ef
Signed-off-by: Jon Mason <jon.mason@arm.com>
Some of the removed tests are now working and some of the systems are
not testing against sato (as being done in base.yml). Update these and
add some comments.
Signed-off-by: Jon Mason <jon.mason@arm.com>
The rpmsg_chrdev driver has been replaced
by the rpmsg_ctrl driver. This commit
updates the defconfig to align with the
change.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This change is to upgrade kernel to 5.19 for corstone500 target
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This change is to upgrade the Linux kernel version to 5.19 for N1SDP
target to align with post N1SDP-2022.06.22 refresh
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Adam Johnston <adam.johnston@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The "secure parition development kit" is obsolete, newlib is used instead.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Bump the kernel version to 5.19.9, remove backported ffa
related patch to previous version and fix issues in the arm
rpmsg driver.
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Enable support for 11.3.rel1 binary toolchain release. Also, update CI
to use it.
Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Along with that add a new variable ARM_GCC_SUB_VERSION as newer clubbed
Arm GNU toolchain releases includes a sub-version like the current
release being 11.3.rel1 where ARM_GCC_SUB_VERSION=rel1.
Also, update CI to this release.
Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Move the features uniquely needed for system images to the testimage
file. This should reduce the image size and amount of things needing to
be built for machines that do not run testimage.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Move the FVP include file to the include directory, matching what is
done for corstone1000 and other machines in meta-arm-bsp.
Signed-off-by: Jon Mason <jon.mason@arm.com>
secure-partitions recipe is replaced with the new design of
trusted services recipes.
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Trusted Services PSA API tests commands allow testing the following
SE Proxy services: crypto, its, ps and iat
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
removing the following packages:
ffa-debugfs-mod
secure-partitions-psa-api-tests
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
increase the size of the initramfs bundle used in the boot command
The new trusted services support increases the rootfs size.
When decompressed the initramfs bundle size is around 15M.
u-boot boot command needs to be updated with this size to be able to load
all the initramfs bundle.
When compressed the initramfs bundle size is around 5.4M
(Image.gz-initramfs--5.15.59)
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
The prevoius commit refactored trusted-firmware-m-sign-host-images.inc
into tfm_sign_image.bbclass.
Move the image signing logic from the TF-M bbappend to
corstone1000-image.bb, using the new bbclass.
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: Ib76dce2ba9102e343d0611d929250d1d8aee518b
Signed-off-by: Jon Mason <jon.mason@arm.com>
Introduce a new recipe for the TF-M signing scripts.
To make the functionality easier to reuse, move the logic that is
currently in trusted-firmware-m-sign-host-images.inc to
tfm_sign_image.bbclass. This bbclass DEPENDS on
trusted-firmware-m-scrpits-native.
tfm_sign_image.bbclass can be inherited in image recipes to sign
artifacts.
Issue-Id: SCM-4964
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: I74aaab5db1a43fedf13ea2564c2f31af207ae924
Signed-off-by: Jon Mason <jon.mason@arm.com>
In order to support overriding the branch names in other layers, extract
the branch name for each repository and set using default assignment.
Issue-Id: SCM-4964
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: I09d0c1f1d012c1abb84648ad974883bbdaa1db7a
Signed-off-by: Jon Mason <jon.mason@arm.com>
Migrating RTX repo to a new namespace under
arm reference solution. The new repo also adds
corstone1000 as a product so this commits
also changes the PRODUCT variable.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Migrating the test repo to a new namespace under
arm reference solution.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Remove microbit-v1, qemu-cortex-a53, qemu-cortex-m3, and qemu-cortex-r5
from CI (and the tree in general). These machines are part of the
meta-zephyr CI now and keeping them here is redundant. However, keeping
zephyr builds for machines that also have TF-M.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update TF-A version to align with post-N1SDP-2022.06.22 refresh
Signed-off-by: Adam Johnston <adam.johnston@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This is to align edk2/edk2-platforms with N1SDP-2022.06.22 release
Signed-off-by: Adam Johnston <adam.johnston@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update edk2/edk2-platforms versions to align with N1SDP-2022.06.22 release.
Signed-off-by: Adam Johnston <adam.johnston@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Since 820a55d3 the environment that the FVPs run in is limited, however
this broke the use of GUI applications for the terminals.
Passthrough DISPLAY and WAYLAND_DISPLAY automatically so these continue
to work.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Since U-Boot 2022.04 the host tool mkeficapsule requires gnutls.
Thus adding it to the dependency.
Signed-off-by: Davidson K <davidson.kumaresan@arm.com>
Change-Id: I8eff2e9bb9752bea5b885fcf3a69bf79c4f0c215
Signed-off-by: Jon Mason <jon.mason@arm.com>
This does not build with clang from meta-clang and also does not build
with gcc either
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Adds the external system test application and the relevant
recipe into the corstone1000 initramfs image.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Adds a linux userspace test application and a recipe
to build it to test external system in corstone1000
platform.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The newly added clang patch does not apply cleanly to the tc version of
hafnium. Since there are no plans to use clang on tc, remove it for
this platform.
Also, use devtool to clean-up the clang patch in question.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Enable tee and arm-ffa driver on qemuarm/qemuarm64 by default
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Adds out-of-tree rpmsg_arm_mailbox driver patches into linux
kernel to communicate with external system using MHUs in
corstone1000 platform. The host can communicate with external
system using the driver under /dev/rpmsg0_ctrl0.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The host uses MHUs to send/receive data from the external system
in corstone1000. This commit adds MHU mailbox bindings into the
u-boot device tree to enable data communication between the host
and external system.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
A new update to clang is causing warnings (which are errors because edk2
was Werror by default). The error is:
clang-15: error: '-x c' after last input file has no effect [-Werror,-Wunused-command-line-argument]
Work around it by disabling this specific error. Also, use devtool to
update the patch.
Signed-off-by: Jon Mason <jon.mason@arm.com>
It installs arm_ffa_user.h and so does arm-ffa-user recipe, lets not
build ffa-debugfs-mod in world builds since it does not appear as much
in other package dependencies as arm-ffa-user
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
These recipes are not buildable with clang in its current state
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
3.18 builds are failing since the section stuff is also done in
core_mmu_v7.c therefore extend the patch to include this file as well
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Only corstone1000 is using the legacy version of optee-client. Move it
there to keep corstone1000 working, while removing it from meta-arm to
discourage use of the non-latest version.
Signed-off-by: Jon Mason <jon.mason@arm.com>
The CPU issue that pinned qemuarm-secureboot is no longer present.
Remove the logic in the conf file that held it back to the older
version.
Signed-off-by: Jon Mason <jon.mason@arm.com>
ARMv7 does not have fixes for the clang issues already fixed for ARMv8.
Make the necessary changes in that patch for it to work. Also, update
the patches (via devtool).
Signed-off-by: Jon Mason <jon.mason@arm.com>
The configure sed operation will not behave as expected because '*'
match misses a preceeding '.'.
Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Adds external system device driver into linux.
User applications can control the external system
using the driver under /dev/extsys_ctrl in
corstone1000 platform.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Corstone1000 needs a kernel driver to control the
external system (turn on/off, reset). This commit
adds the external system driver binding to the
u-boot device tree for corstone1000.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
It is sometimes useful to be able to configure the behavior of FVPs
using environment variables, e.g. for licensing or plugins.
Add a new FVP option: FVP_ENV_PASSTHROUGH, which allows the Bitbake
variables to be passed to the environment to be specified explicitly (in
a similar way to BB_ENV_PASSTHROUGH). This ensures that:
* FVPs launched via runfvp have a reproducable environment
* FVPs launched via testimage (which run from an isolated Bitbake task)
can receive environment variables
Change the self-tests to use cwd instead of PATH to find the mock FVPs,
as the PATH environment variable is no longer passed through.
Issue-Id: SCM-4964
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: Idf6ac6d41fda4cd5f950bc383c2fc1fa1acdf4e3
Signed-off-by: Jon Mason <jon.mason@arm.com>
Historically external-arm-toolchain recipe packaged all gcc headers from
${libdir}/gcc/${TARGET_SYS}/${BINV}/include - some would be picked up by
packages like gcc-sanitizers, libssp-dev. libquadmath-dev or libgomp-dev.
The rest would fall into catch-all libgcc-dev package.
Unfortunately, that could result in a conflict with a target gcc, which
also packages some of those files, like unwind.h or stddef.h, among others.
The conflict could be seen with this config:
EXTRA_IMAGE_FEATURES += "dev-pkgs tools-sdk"
TCMODE = "external-arm"
EXTERNAL_TOOLCHAIN = "/OE/toolchains/gcc-arm-11.2-2022.02-x86_64-aarch64-none-linux-gnu"
And the error message is:
Error: Transaction test error:
file /usr/lib/gcc/aarch64-poky-linux/11.2.1/include/stddef.h conflicts between attempted installs of libgcc-s-dev-11.2.1-r0.1.cortexa57 and gcc-arm+11.2-r2022.02.1.cortexa57
file /usr/lib/gcc/aarch64-poky-linux/11.2.1/include/unwind.h conflicts between attempted installs of libgcc-s-dev-11.2.1-r0.1.cortexa57 and gcc-arm+11.2-r2022.02.1.cortexa57
Modify external-arm-toolchain recipe according to how libgcc in OE-Core
handles those header files by removing and not packaging them:
https://git.openembedded.org/openembedded-core/tree/meta/recipes-devtools/gcc/libgcc-common.inc#n40
Also need to adjust gcc recipe to pick up unwind.h from EXTERNAL_TOOLCHAIN
location now, since libgcc-dev no longer carries it, and install it into
STAGING_LIBDIR_NATIVE, where OE-Core gcc-target.inc expects it from
gcc-cross:
https://git.openembedded.org/openembedded-core/tree/meta/recipes-devtools/gcc/gcc-target.inc#n164
Signed-off-by: Denys Dmytriyenko <denys@konsulko.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This change is to enable build and installing external-system firmware
for corstone1000 platform.
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The corstone1000 optee files have an underbar when it should have a
hyphen in the naming scheme. Change this to match other files.
Signed-off-by: Jon Mason <jon.mason@arm.com>
A optee-os v3.10 recipe is necessary for corstone100, as it is actually
using 3.10 SHA and then trying to apply patches for 3.14 (which is
causing fuzz errors). Create this and use it to avoid these issues.
Signed-off-by: Jon Mason <jon.mason@arm.com>
With the latest gcc, there were some unresolved symbols on
opemamp linkage, add the implementation of that symbol for the
outline of atomics.
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Upgrade to the latest 5.4 release (.205), and backport two patches to
fix buildpath errors:
File /usr/src/debug/linux-yocto/5.4.205+gitAUTOINC+e8c675c7e1_8a59dfded8-r0/lib/oid_registry_data.c in package linux-yocto-src contains reference to TMPDIR
File /usr/src/debug/linux-yocto/5.4.205+gitAUTOINC+e8c675c7e1_8a59dfded8-r0/drivers/tty/vt/consolemap_deftbl.c in package linux-yocto-src contains reference to TMPDIR [buildpaths]
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
In complex stacks, e.g. with many cores or many init scripts, the time
to Linux shell may be more than 10 minutes. Make the boot timeout
configurable using TEST_FVP_LINUX_BOOT_TIMEOUT, leaving the default
value at 10 minutes.
Issue-Id: SCM-4958
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: Ie074acd4b4509d0230d1f77a2a527d497bb295ce
Signed-off-by: Jon Mason <jon.mason@arm.com>
qemuarm64-secureboot-ts pipeline is based on qemuarm64-secureboot machine
and additionaly includes:
- TS Crypto, Storage, ITS, Attestation and SMM-Gateway SPs into optee-os image
- TS demo/test tools
- TS psa-arch-tests
This commit also includes Trusted Services OEQA tests
Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
We define dedicated recipes for all supported TS SPs.
The recipes produce stripped.elf and DTB files for SPs.
These files are automatically included into optee-os image.
See meta-arm/recipes-security/trusted-services/optee-os-ts.inc
This approach allows us to:
- include only required SPs into an optee-os image using MACHINE_FEATURES
- use Yocto cmake bbclass
- fetch and build only required dependencies
- use simple SP specific bbapend files if required
Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
These recipes produce only -dev and -staticdev packages
which are used for building other TS recipes.
Nothing from these recipes is included into the final image.
Using dedicated recipes for dependencies allows us:
- fetch sources and build dependencies only once and only the required ones.
- simplify the dependencies recipes and use Yocto cmake bbclass
- troubleshoot/fix/update dependencies builds separately
Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
To fit the kernel image into the allotted space, a compressed kernel
image is now needed. Use the Image.gz from the kernel build process
and change the relevant places to use the new image name. This also
necessitates adding an unzip command to u-boot to uncompress it to
memory (and the loadm is still needed to setup the efi mem boot device).
Also, the unzipped image is larger than before. So, increase the size
that loadm is copying.
This change shrinks the kernel image size from 7.8MB to 3.2MB
Signed-off-by: Jon Mason <jon.mason@arm.com>
When building for arm32 with GNU binutils 2.39, the linker outputs
warnings when generating some TEE core binaries.
arm-poky-linux-gnueabi-ld.bfd: warning: atomic_a32.o: missing .note.GNU-stack section implies executable stack
arm-poky-linux-gnueabi-ld.bfd: NOTE: This behaviour is deprecated and will be removed in a future version of the linker
NOTE: recipe optee-os-tadevkit-3.18.0-r0: task do_compile: Failed
These patches are backport from upstream [1]
There are two versions of patches: for optee-os 3.14 and 3.18 to avoid patch fuzz warnings.
[1] https://github.com/OP-TEE/optee_os/pull/5499
Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add yocto kernel cache bluetooth entries for platforms that have that
machine feature enabled. This is necessary, as kernel warnings about it
not being enabled are now occurring.
Signed-off-by: Jon Mason <jon.mason@arm.com>
These were integrated into the 2.7.0 release, but were not removed when
the recipe was upgraded.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
These changes are to add support to build optee-os for N1SDP target.
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This change is to bump the TF-A hash which has changes required
for optee-os to boot. Also, drop patch related to bl size as the
changes are already merged to upstream TF-A.
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update all of the 3.17 recipes to 3.18 and remove the already upstreamed
patch. optee-os was already at 3.18. So, we only need to remove the
3.17 recipe.
Signed-off-by: Jon Mason <jon.mason@arm.com>
package is always inheritted by the base classes so the recipe does not
need to do this. This became an error with recent bitbake changes, fix
things by removing it.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The newly added vmalloc entry in qemuarm is causing issues with graphics
on qemuarm-secureboot. Remove that by setting +QB_KERNEL_CMDLINE_APPEND
to empty.
Signed-off-by: Jon Mason <jon.mason@arm.com>
SCMI support was added to the latest kernel (kernel commit
96bb0954860a4c8b8c77d59fc53cd4cafac914f5). So, remove this patch, as it
is no longer necessary
Signed-off-by: Jon Mason <jon.mason@arm.com>
This kernel config variable has been removed from newer kernels (v5.19)
and is logging a warning of:
[INFO]: the following symbols were not found in the active configuration:
- CONFIG_OPTEE_SHM_NUM_PRIV_PAGES
Remove the entry, as it is no longer needed
Signed-off-by: Jon Mason <jon.mason@arm.com>
In newer kernels, vexpress has been rolled under the versatile umbrella.
Update the patch to refer to the new location
Signed-off-by: Jon Mason <jon.mason@arm.com>
Rebase the u-boot patches on top of current u-boot supported
version in poky, needed some adjustments at efi loader.
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add documentation for how to use the OEQA framework to test targets in
meta-arm. Include instructions on using OEFVPTarget as well as the
OEFVPSerialTarget introduced by the recent refactor of runfvp.
Issue-Id: SCM-4954
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: I146ec1c82214471fe9d18a999fd92efb38f652f9
Signed-off-by: Jon Mason <jon.mason@arm.com>
The runfvp refactor to enable OEFVPSerialTarget created FVP_CONSOLES
which maps the names used for serial ports in test cases to the names
used for serial ports in the FVP stdout.
Refactor the FVP_CONSOLE section -> FVP_CONSOLES, noting the the
'default' console is still used for the --console runfvp flag.
Issue-Id: SCM-4954
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: Ieb13d74cfd425900f44b4b2e6d125393e7b456ad
Signed-off-by: Jon Mason <jon.mason@arm.com>
The dropped u-boot patches are not required as the bug is
from the SMM Gateway SP. A patch for the secure partitions
has been added to fix the SMM Gateway behaviour. Patch
0048-Fix-UEFI-get_variable-with-small-buffer.patch has been
added in commit "arm-bsp/secure-partitions: fix SMM gateway
bug for EFI GetVariable()".
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The efiGetVariable() function when called from uboot with data size
set to 0 should return only the data size and not the actual data in
the end of the buffer based on the EFI 2.9 spec. This patch fixes
the bug.
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
At the moment, when using the --console flag, if telnet is shut down
cleanly (i.e. by typing "quit" at the prompt instead of Ctrl+C), runfvp
still waits on the FVP to exit of its own accord, so hangs.
Move the fvp.run() call so that when telnet quits, it immediately
proceeds to shut down the FVP.
Issue-Id: SCM-4954
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: I2169c99586a1eebc2c6ab4b2e15fb0c769fc81a8
Signed-off-by: Jon Mason <jon.mason@arm.com>
Run command: bitbake optee-os && bitbake lib32-optee-os
bitbake lib32-optee-os will fail with following error since
bitbake optee-os already deploy same file under the path.
RROR: lib32-optee-os-3.12.0+gitAUTOINC+3d47a131bc-r0 do_deploy: The recipe lib32-optee-os is trying to install files into a shared area when those files already exist. Those files and their manifest location are:
/build/tmp-glibc/deploy/images/qemuarm64/optee/tee.elf
(matched in manifest-qemuarm64-optee-os.deploy)
Fix by deploy them to differernt dir
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Current secure-partitions patches do not apply cleanly with devtool.
Update them with the necessary changes to address this issue, and
regenerate them via devtool.
Signed-off-by: Jon Mason <jon.mason@arm.com>
- 0001-vexpress64-Add-BASER_FVP-vexpress-board-variant.patch
Change to 0002-vexpress64-add-MPU-memory-map-for-the-BASER_FVP.patch.
Only MPU memory map is preserved, other parts have been upstreamed.
- 0007-vexpress64-Configure-memory-using-device-tree.patch
Deleted. Upstreamed in commit 1a1143a45457161e90ea4cd5f3b0561d924ed8fe
Signed-off-by: Qi Feng <qi.feng@arm.com>
Issue-Id: SCM-5030
Change-Id: I4aab3bab545e64e3a4a3a3fd67bcef79acdc41be
Signed-off-by: Jon Mason <jon.mason@arm.com>
bundled libcrypto.a in optee-test sources is built using glibc based
toolchain and expects foritied _chk version of the libc functions e.g. __sprintf_chk
which wont work for musl. Therefore rely on freshly built openssl by OE
instead
Fixes errors like
arm-yoe-linux-musleabi/gcc/arm-yoe-linux-musleabi/12.1.0/ld: ../openssl/lib/arm/libcrypto.a(dso_dlfcn.o): in function `dlfcn_name_converter':
dso_dlfcn.c:(.text+0x19e): undefined reference to `__sprintf_chk'
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This change is to add yocot recipe to support optee-os
3.18.0 version.
Also, move the SRC_URI:append and DEPENDS to optee-os.inc
as these are common accross different optee versions.
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Upgrade the FVPs to the latest releases, and do some cleanups for future
changes.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The linuxboot test case prints the following in log.do_testimage, only
when executing testimage without a pycache:
linuxboot.py:18: DeprecationWarning: invalid escape sequence \:
self.target.expect(self.console, "login\:", timeout=10*60)
Fix the warning by escaping the ':' character correctly in the pexpect
regex.
Issue-Id: SCM-4957
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: I8ad54c7df6b7d1d1ddeab31cf66daff1ab84e227
Signed-off-by: Jon Mason <jon.mason@arm.com>
When enabling trusted boot, the UEFI binary was replaced with a FIP image (which
contains the UEFI binary), therefore the SD card image should depend on
trusted-firmware-a rather than edk2-firmware.
Signed-off-by: Adam Johnston <adam.johnston@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Upstream has updated u-boot to v2022.07, but the update is causing
problems with some machines. Temporarily add a v2022.04 recipe until
the issues can be resolved.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Change to use sato by default. Unfortunately, there are some bugs found
by this change. For those systems, change it back to base until the
issues can be resolved.
Signed-off-by: Jon Mason <jon.mason@arm.com>
The common test has a timing issue, causing it to intermittently fail.
Since it is not unique to our environment, remove it to prevent false
positive regressions.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Latest oe-core has enabled the buildpaths QA check, which warns if the
build paths are present inside binaries. This is because build paths in
deployed binaries is both information leakage and non-reproducible.
Until this is fixed, skip this check.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Latest oe-core has enabled the buildpaths QA check, which warns if the
build paths are present inside binaries. This is because build paths in
deployed binaries is both information leakage and non-reproducible.
Until this is fixed, skip this check.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Latest oe-core has enabled the buildpaths QA check, which warns if the
build paths are present inside binaries. This is because build paths in
deployed binaries is both information leakage and non-reproducible.
Until this is fixed, skip this check.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Latest oe-core has enabled the buildpaths QA check, which warns if the
build paths are present inside binaries. This is because build paths in
deployed binaries is both information leakage and non-reproducible.
Until this is fixed, skip this check.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Backport two patches from upstream to ensure the build doesn't contain
build paths.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Latest oe-core has enabled the buildpaths QA check, which warns if the
build paths are present inside binaries. This is because build paths in
deployed binaries is both information leakage and non-reproducible.
Until this is fixed, skip this check.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Latest oe-core has enabled the buildpaths QA check, which warns if the
build paths are present inside binaries. This is because build paths in
deployed binaries is both information leakage and non-reproducible.
Until this is fixed in edk2-firmware, skip this check.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
If clang builds assembler code the debug symbols contain unmapped build
paths which trigger the buildpaths QA check. This bug has been filed
with upstream:
https://github.com/llvm/llvm-project/issues/56609
Until it is fixed, exclude buildpaths from clang builds so that CI can
pass.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
When used in a non-interactive context, apt prints a warning:
WARNING: apt does not have a stable CLI interface. Use with caution in scripts.
Use apt-get directly to avoid putting warnings in the logs.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
NT_FW_CONFIG DTB contains platform information passed by TF-A boot
stage. This information is used for Virtual memory map generation
during PEI phase and passed on to DXE phase as a HOB, where it is used
in ConfigurationManagerDxe.
Signed-off-by: Adam Johnston <adam.johnston@arm.com>
We have encountered intermittent hanging during FVP shutdown, so improve
the termination logic by first issuing a terminate(), waiting a bit
then, if necessary, issuing a kill().
Move returncode logic to after the telnet/pexpect cleanup so it
actually runs.
Move pexpect.EOF logic into FVPRunner.stop so that it executes before
closing the pexpect handle.
Issue-Id: SCM-4957
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: Iebb3c3c89367256b1e116e66ffdb6b742358bce4
Signed-off-by: Jon Mason <jon.mason@arm.com>
Create a new "linuxboot" test that uses the pexpect methods on
OEFVPSerialTarget to wait for a Linux login shell.
Switch to this test method for fvp-baser-aemv8r64, corstone500 and
corstone1000.
Issue-Id: SCM-4957
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: Idd749652ee72e244b7a3831dd2295e0bfaed3bfa
Signed-off-by: Jon Mason <jon.mason@arm.com>
Refactor OEFVPTarget into new base class, OEFVPSSHTarget. OEFVPTarget
extends OEFVPSSHTarget and additionally waits for a Linux login prompt
for compatibility with tests in OE-core.
OEFVPSerialTarget also extends OEFVPSSHTarget. It also exposes the
entire API of pexpect, with the first argument being the
FVP_TEST_CONSOLE varflag key. It logs each console output to separate
files inside the core-image-minimal work directory.
Issue-Id: SCM-4957
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: I1b93f94471c6311da9ee71a48239640ee37de0af
Signed-off-by: Jon Mason <jon.mason@arm.com>
So that the test target can connect to the desired console(s) as soon
as they appear in the FVP stdout, add the variable FVP_CONSOLES to the
fvpconf as a replcaement for FVP_CONSOLE. The varflags of this variable
define a mapping between FVP console names (e.g. terminal_0) and console
names in the tests (e.g. 'zephyr'). The console defined in
FVP_CONSOLE is automatically mapped as 'default' for backwards
compatibility.
This also enables greater reuse of test cases, as the "default" console
name can be remapped on a per-machine basis.
Issue-Id: SCM-4957
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: I9d88b172bfc5a5459b9f5132f287c70816d7fb55
Signed-off-by: Jon Mason <jon.mason@arm.com>
Refactor OEFVPTarget to use the FVPRunner in meta-arm/lib instead of
calling runfvp in a new process.
Use pexpect to wait for the login prompt instead of parsing the FVP
output manually.
This patch introduces a dependency on pexpect for the meta-arm test
targets. It is already in the Yocto host dependency list and the Kas
container image, but may need to be installed on development machines.
Issue-Id: SCM-4957
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: I7200e958c5701d82493287d021936afcf2f2bac9
Signed-off-by: Jon Mason <jon.mason@arm.com>
Create basic tests for conffile and runner in meta-arm/lib/fvp
Issue-Id: SCM-4957
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: I1684b0c99fb4fd5299df19f00abb30e8faab3495
Signed-off-by: Jon Mason <jon.mason@arm.com>
Refactor runfvp into a "fvp" library inside meta-arm. Split into
terminal, conffile and runner.
Issue-Id: SCM-4957
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: I797f9a4eab810f3cc331b7db140f59c9911231fd
Signed-off-by: Jon Mason <jon.mason@arm.com>
When runfvp is spawned from an other process (for example except), it is
throwing a permission error.
To solve the problem, surround the call to setpgid with a try/except and
ignore the permission errors.
Signed-off-by: Bertrand Marquis <bertrand.marquis@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This commit configures N1SDP firmware for TBBR bootflow as follows:
* uefi.bin replaced with with fip.bin
* load address adjusted for FIP image
Signed-off-by: Adam Johnston <adam.johnston@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This commit configures scp-firmware for TBBR bootflow as follows:
* Updates SCP FW to master
* BL31 replaced in the SCP firmware image with BL1
Signed-off-by: Adam Johnston <adam.johnston@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This commit configures trusted-firmware-a for TBBR bootflow on N1SDP as follows:
* Trusted boot is enabled.
* Generation of root-of-trust is enabled
* All TB images (BLx, DTBs) are built
* uefi.bin is specified as the BL33 image
* BL2, BL31, BL33 are signed and stored in the FIP
* N1SDP platform sources are patched to increase max size BL2 and reduce max size of BL1
Signed-off-by: Adam Johnston <adam.johnston@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add basic support for running edk2 on qemuarm and qemuarm64. This
necessitated the need to add ACPI and EFI to the default kernel configs
for these machines.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Arm generic timer provides different timers for different exception
levels and different secure states. Because Armv8-R AArch64 has secure
state only, the valid timer for hypervisor in EL2 is secure hypervisor
physical timer. But for platform fvp-baser-aemv8r64, before FVP 11.18,
the secure hypervisor physical timer could not work well in EL2, so we
had been using Non-secure physical timer in EL2 for hypervisor as a
workaround.
Since secure hypervisor physical timer issue has been fixed from FVP
11.18, we can use this correct timer in EL2 for hypervisor now. So we
update the device tree timer node to use secure hypervisor physical
timer interrupt for hypervisor.
About the interrupt assignments of FVP, please refer to
https://developer.arm.com/documentation/100964/latest/Base-Platform/Base---interrupt-assignments
Issue-Id: SCM-4596
Signed-off-by: Jiamei Xie <jiamei.xie@arm.com>
Change-Id: I9d4b9f4e0ed14c6c1567269c83696ceb9ff84ac8
Signed-off-by: Jon Mason <jon.mason@arm.com>
The new FVP includes the arch in the download filename, so refactor
FVP_ARCH in fvp-common.inc to make "Linux64" available in the recipe
file.
Update version and EULA URL in documentation.
Issue-Id: SCM-4388
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: I3ddc29cd444b78634086f2aefe4f52799eb937b1
Signed-off-by: Jon Mason <jon.mason@arm.com>
N1SDP board cannot boot after recent TF-A 2.7 update in meta-arm. This
is due to TF-A 2.7 not configured correctly for N1SDP board to support
trusted boot feature.
This patch temporarily brings back TF-A 2.6 recipes for fixing the N1SDP
boot.
A proper fix is in work progress to configure TF-A 2.7 correctly to
support trutsed boot on N1SDP.
Signed-off-by: Xueliang Zhong <xueliang.zhong@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
zephyr uses icount to improve test accuracy on virtual hardware. Do
the same here for the same reason for the platforms that actually test.
Also, the common test now appears to work for microbit-v1 and poll doe
snot work for qemu-cortex-m3
Signed-off-by: Jon Mason <jon.mason@arm.com>
The upstream version is 2.7.0, so use that name instead of just 2.7.
Also remove the unversioned bbappend which simply extended
FILESEXTRAPATHS, there's no need for this split now that we aim to have
~1 version of TF-A in the tree.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The SGI-575 build is successful with branch protection enabled, so remove
this workaround.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
To allow bitbake including the 'generic-arm64-standard.scc' into the kernel
configuration, it has to be included as a kmeta type source to the SRC_URI.
Issue-Id: SCM-4394
Signed-off-by: Kamil Dziezyk <kamil.dziezyk@arm.com>
Change-Id: Iaebd0c7758038843a1d0f37decbef057629bf0bb
Signed-off-by: Jon Mason <jon.mason@arm.com>
Binaries shouldn't be in datadir, and now the RPATHs are being cleared
we can put them in libexecdir.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
As per [1], target builds of androidclang produce useless-rpath errors.
/usr/share/clang-r416183b/python3/lib/python3.9/lib-dynload/_posixsubprocess.cpython-39-x86_64-linux-gnu.so
contains probably-redundant RPATH /../lib [useless-rpaths]
Those RPATHs are of no use, so we can remove them entirely.
[1] https://errors.yoctoproject.org/Errors/Details/640604/
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add a patch to fix uninitialized varibles, detected by Clang when
building for Juno. However, whilst it now compiles it can't generate
firmware images correctly, so it has to remain forcing GCC.
Remove the workaround to force debug builds when using Clang, as this is
now fixed.
Drop upstreamed patches from sbsa-acs.
Signed-off-by: Ross Burton <ross.burton@arm.com>
This is not a clean rebase. The patch had to be modified to apply and
work on v2022.04. It is not very elegant, but it is functional.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Recent modifications in u-boot moved the default location of the FDT.
Update the runfvp parameters to match this new location.
Signed-off-by: Jon Mason <jon.mason@arm.com>
As far as we know nobody is actually using the Arm Compiler recipe: 6.17
does a network operation on every call to check the license and this
fails with the network isolation that do_compile has in kirkstone, and
6.18 is behind a loginwall so we cannot download it in a recipe.
Unless we have actual users asking for a recipe, remove it from the layer
to avoid confusion.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The recipe supports the use of both Arm's binary GCC (aka GNU Arm
Embedded Compiler, or gnu-rm) and binary Clang (aka Arm Compiler).
However, armcompiler was never tested and doesn't work: 6.17 does a
network operation on every call to check the license which fails with
the network isolation in do_compile tasks, and 6.18 is behind a
loginwall so we can't automatically fetch it in a recipe.
Simplify the recipe to hardcode the use of gnu-rm, and remove the clang
support.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Our CI is now running on Broadwell+ cores, so the 11.2 release of GCC
should work.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add parameters required to boot with cache_state_modelled enabled:
* bp.virtio_net.secure_accesses=1
* bp.virtio_rng.secure_accesses=1
* bp.virtioblockdevice.secure_accesses=1
* cci400.force_on_from_start=1
Add bp.ve_sysregs.exit_on_shutdown=1 to match fvp-base.
Remove parameters that are not required to boot or are setting the
default value.
Alphabetize list.
Issue-Id: SCM-4304
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: I0a696eff5bb83206e5501f651c487f16f695aa4c
Signed-off-by: Jon Mason <jon.mason@arm.com>
Running the FVP_Base_AEMv8R model with the cache_state_modelled
parameter enabled exposed some defects in the U-Boot BSP patches for the
fvp-baser-aemv8r64:
* The MPU memory attributes are inconsistent with the existing MMU
attributes, causing a model hang when sending packets using
virtio-net in U-Boot.
* The instruction cache was left disabled after booting an EFI payload
at S-EL1, causing some EFI apps (e.g. Grub) to hang when attempting
to use dynamically loaded modules.
The cache_state_modelled FVP parameter is enabled by default in the
model (for simulation accuracy) but is disabled by default in the
machine conf (for simulation speed).
Add two additional machine-specific U-Boot patches to fix the above
issues.
Issue-Id: SCM-4641
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: I5ab13c9fdadd82456ac3f3e3703df36590d52fb7
Signed-off-by: Jon Mason <jon.mason@arm.com>
The backports are now merged, so remove patches 1 through 5 and
renumber.
Upstream now requires CONFIG_DEFAULT_DEVICE_TREE to be defined, even if
unused, so backport relevant portions of upstream BASER_FVP patch into
the board suppport patch.
Issue-Id: SCM-4304
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: I327e8aba3463f088bba40e83893c6f15beabb250
Signed-off-by: Jon Mason <jon.mason@arm.com>
Upstream has updated u-boot to v2022.04, but the update is causing
problems with some machines. Temporarily add a v2022.01 recipe until
the issues can be resolved.
u-boot and zephyr hacking
Signed-off-by: Jon Mason <jon.mason@arm.com>
GCC 12 is causing problems in newlib, which is causing problems for
zephyr. Add a workaround until those issues can be resolved.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Build all the things that qemuarm64-secureboot builds, removing those
that fail to compile. Unfortunately, musl doesn't play nicely with
optee-test.
Signed-off-by: Jon Mason <jon.mason@arm.com>
This appears to be historical from when the toolchain was in meta-linaro.
It isn't needed anymore, there's one bbappend in meta-arm-toolchain for
grub which is part of oe-core, so will never be dangling.
This variable has a global effect, so leaving it in here has a negative
impact on users.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The only user of the old 5.4 kernel is meta-gem5, so move it into that
layer to keep it separate.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The new mbedtls version (v2.28) increase the size of TF-A slightly.
This commit increases the size of BL2 for TC, so that TF-A with updated
mbedtls version can fit.
Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
FF-A version is defined 1.1 in corstone1000_spmc_manifest.dts. However, SPMC
does not support FF-A version 1.1 at the moment. This commit fixes FF-A version
issue by defining 1.0 again.
Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The latest TF-A version requires mbedtls v2.28. This
commit upgrades mbedtls to v2.28 for TF-A recipe.
An upstreamed patch included to the base recipe from TF-A master
that fixes the build issues beween TF-A 2.6 and Mbedtls 2.28.
Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
I misunderstood how the external-arm-toolchain recipes were working, the
latest revision of the recipe works with both 10.3 and 11.2.
Clean up my mess by dropping the PREFERRED_VERSION from the CI, and revert
the addition of versioned recipes. Simply using the right tarball is
sufficient.
Thanks to Sumit Garg for noticing my mistake.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The 11.2 release of the Arm GCC uses Broadwell-onwards instructions, but
our CI (and many other users) have pre-Broadwell hardware.
Until 11.3 is released which fixes this, go back to using 10.3 for our CI.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
We need to support multiple versions of external-arm-toolchain, partly as
different versions have different layouts on disk, and partly because
11.2 doesn't work on pre-Broadwell hardware.
Rename this recipe so the version is in the filename, and dynamically
set PKGV instead of PV so PREFERRED_VERSION is easier to use.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The boot crash that appears to be triggered by the ZONE_DMA patches has
been root-caused, so work around the problem whilst upstream figure out
the best way to fix.
Also, upgrade qemuarm64-secureboot to 5.15 instead of pinning back to
5.10.
Signed-off-by: Ross Burton <ross.burton@arm.com>
FFA secure partitions aren't supported on 32-bit Arm currently
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Corstone-1000 and TotalCompute uses 3.14, so remove the 3.16 bbappend.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The 3.14 bbappend sets DEPENDS which are redundant as they're already
set in the base recipe.
Remove the unused 3.16 bbappend.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The corstone1000 build of optee-os has a bbappend which uses a specific
non-upstream branch of optee-os which is actually based on 3.10, so set
PV appropriately in the recipe and update the PREFERRED_VERSION in
corstone1000.inc.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
TFTF is TF-A tests that runs at NS-EL2. This is primarily developed to
test the TF-A interfaces exposed to NS code.
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This option is used to find the right path and file name of the C
runtime e.g. libgcc or compiler-rt, when using clang it needs to know if
compiler is using hard-float or not, since the compiler-rt file names
are different for these two ABIs libclang_rt.builtins-arm.a or libclang_rt.builtins-armhf.a
The option is computed in HOST_CC_ARCH for OE, this fixes build with
clang+llvm-runtime
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add a new 32 bit target as "qemuarm-secureboot" on similar lines as
"qemuarm64-secureboot". The boot flow looks like:
BL1 (TF-A) -> BL2 (TF-A) -> OP-TEE -> u-boot -> Linux
Along with this enable support for OP-TEE based firmware TPM.
Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
We don't want world builds failing as they try to build these for machines
other than Corstone 1000.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Use PRIVATE_LIBS to ensure that the Arm binary toolchains don't provide
their own libraries to the entire system.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
* Removed 0001-tc0-fix-sensor-data-api-call.patch as it has now been upstreamed.
* updated 0003-tc0-rename-platform-variant-to-platform-feature-set.patch to fix merge error.
Signed-off-by: Rupinderjit Singh <rupinderjit.singh@arm.com>
Change-Id: I71eafbea9e1f0b9f01a504fe0c8b81e43c24d613
Signed-off-by: Jon Mason <jon.mason@arm.com>
Backport of trusty driver. This adds Trusty driver from
android-trusty-5.10
Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
Change-Id: I5477ecfc1b67fc3786dbd062711d8cc8d4963744
Signed-off-by: Jon Mason <jon.mason@arm.com>
This updates the existing FFA driver to the latest upstream version.
Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
Change-Id: Idabf2d97cd497edc6c41e7132e1e82be8e717c59
Signed-off-by: Jon Mason <jon.mason@arm.com>
This patch updates the SHA and include patches that enables Trusty
to run as SP on SEL2 SPMC.
Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
Change-Id: I5586bb3aa592658be9421a4de23f44a69bfb0b2e
Signed-off-by: Jon Mason <jon.mason@arm.com>
- Upgrade U-boot to 2022.01
- Remove 8GB DRAM increase patch that is merged
- Add patch that update secure DRAM size
Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
Change-Id: I32735cb5e8cba67ac1c6082aadf9a55f7bf51e8a
Signed-off-by: Jon Mason <jon.mason@arm.com>
Add back v3.14 optee-examples, optee-test, and optee-os-tadevkit for
TC platform compatibility. These files were removed as part of v3.16
upgrade.
Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
Change-Id: Ia12774125909e7f8bfc20a9797c25b04dd850ae7
Signed-off-by: Jon Mason <jon.mason@arm.com>
Move the TFM_PLATFORM assignment to the bbappend.
Drop the SRCREV changes, these are all incorporated into the 1.6.0
release.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Upgrade all SRCREVs, and drop the merged patch to use cbor2.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
commit ab339b24d4 removed the reference to
these patches but did not remove them. Removing now to clean-up the
tree.
Signed-off-by: Jon Mason <jon.mason@arm.com>
commit 24db3b56ba removed references to
the patches, but did not remove the patches.
Suggested-by: Denys Dmytriyenko <denis@denix.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2022-05-03 12:00:15 -04:00
915 changed files with 31193 additions and 62467 deletions
@@ -4,32 +4,36 @@ OE-Core's [oeqa][OEQA] framework provides a method of performing runtime tests o
Tests can be configured to run automatically post-build by setting the variable `TESTIMAGE_AUTO="1"`, e.g. in your Kas file or local.conf.
There are two main methods of testing, using different test "targets".
## OEFVPTarget
This runs test cases on a machine using SSH. It therefore requires that an SSH server is installed in the image.
In test cases, the primary interface with the target is, e.g:
```
(status, output) = self.target.run('uname -a')
```
which runs a single command on the target (using `ssh -c`) and returns the status code and the output. It is therefore useful for running tests in a Linux environment.
For examples of test cases, see meta/lib/oeqa/runtime/cases in OE-Core. The majority of test cases depend on `ssh.SSHTest.test_ssh`, which first validates that the SSH connection is functioning.
Example machine configuration:
meta-arm provides the OEFVPTarget which must be set up in the machine configuration:
The test target also generates a log file with the prefix 'fvp_log' in the image recipe's `${WORKDIR}/testimage` containing the FVP's stdout.
This runs tests against one or more serial consoles on the FVP. It is more flexible than OEFVPTarget, but test cases written for this test target do not support the test cases in OE-core. As it does not require an SSH server, it is suitable for machines with performance or memory limitations.
OEFVPTarget supports two different test interfaces - SSH and pexpect.
## SSH
As in OEQA in OE-core, tests cases can run commands on the machine using SSH. It therefore requires that an SSH server is installed in the image.
This uses the `run` method on the target, e.g:
```
(status, output) = self.target.run('uname -a')
```
which executes a single command on the target (using `ssh -c`) and returns the status code and the output. It is therefore useful for running tests in a Linux environment.
For examples of test cases, see meta/lib/oeqa/runtime/cases in OE-Core. The majority of test cases depend on `ssh.SSHTest.test_ssh`, which first validates that the SSH connection is functioning.
## pexpect
To support firmware and baremetal testing, OEFVPTarget also allows test cases to make assertions against one or more consoles using the pexpect library.
Internally, this test target launches a [Pexpect][PEXPECT] instance for each entry in FVP_CONSOLES which can be used with the provided alias. The whole Pexpect API is exposed on the target, where the alias is always passed as the first argument, e.g.:
For an example of a full test case, see meta-arm/lib/oeqa/runtime/cases/linuxboot.py This test case can be used to minimally verify that a machine boots to a Linux shell. The default timeout is 10 minutes, but this can be configured with the variable TEST_FVP_LINUX_BOOT_TIMEOUT, which expects a value in seconds.
The SSH interface described above is also available on OEFVPSerialTarget to support writing a set of hybrid test suites that use a combination of serial and SSH access. Note however that this test target does not guarantee that Linux has booted to shell prior to running any tests, so the test cases in OE-core are not supported.
@@ -55,7 +55,7 @@ The name of the FVP binary itself, for example `fvp-base` uses `FVP_Base_RevC-2x
The name of the recipe that provides the FVP executable set in `FVP_EXE`, for example `fvp-base` uses `fvp-base-a-aem-native`. This *must* be a `-native` recipe as the binary will be executed on the build host.
There are recipes for common FVPs in meta-arm already, and writing new recipes is trivial. For FVPs which are free to download `fvp-base-a-aem.bb` is a good example. Some FVPs must be downloaded separately as they need an account on Arm's website, `fvp-base-r-aem.bb` is a good example of those.
There are recipes for common FVPs in meta-arm already, and writing new recipes is trivial. For FVPs which are free to download `fvp-base-a-aem.bb` is a good example. Some FVPs must be downloaded separately as they need an account on Arm's website.
If `FVP_PROVIDER` is not set then it is assumed that `FVP_EXE` is installed on the host already.
@@ -64,7 +64,7 @@ If `FVP_PROVIDER` is not set then it is assumed that `FVP_EXE` is installed on t
Parameters passed to the FVP with the `--parameter`/`-C` option. These are expressed as variable flags so individual parameters can be altered easily. For example:
Specify raw data to load at the specified address, passed to the FVP with the `--data` option. This is a space-separated list of parameters in the format `[INST=]FILE@[MEMSPACE:]ADDRESS`. For example:
Applications to load on the cores, passed to the FVP with the `--application` option. These are expressed as variable flags with the flag name being the instance and flag value the filename, for example:
Note that symbols are not allowed in flag names, so if you need to use a wildcard in the instance then you'll need to use `FVP_EXTRA_ARGS` and `--application` directly.
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.