mirrors/meta-arm
1
0
Fork 0
mirror of https://git.yoctoproject.org/meta-arm synced 2026-01-11 15:00:39 +00:00
Code Issues Projects Releases Wiki Activity
Files
30d4078278d0eb5d477fdb0abd9502663bd3364a
meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-flash-firmware-image.bb
Peter Hoyes 30d4078278 arm/trusted-firmware-m: Use firmware.bbclass 
Replace inherit deploy with firmware.

Initialize TFM_DEBUG using the FIRMWARE_DEBUG_BUILD variable. Initialize
TFM_PLATFORM with FIRMWARE_PLATFORM.

Refactor do_install to use ${FIRMWARE_DIR} and remove now redundant
configuration.

Refactor corstone1000 config files to use ${FIRMWARE_DIR} and the
base do_install.

Signed-off-by: Peter Hoyes <peter.hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
2025-12-16 12:48:34 -05:00

195 lines
8.2 KiB
BlitzBasic
Raw Blame History

SUMMARY = "Corstone1000 platform Image"
DESCRIPTION = "This is the main image which is the container of all the binaries \
generated for the Corstone1000 platform."
LICENSE = "MIT"
COMPATIBLE_MACHINE = "corstone1000"
# IMAGE_FSTYPES must be set before 'inherit image'
# https://docs.yoctoproject.org/ref-manual/variables.html#term-IMAGE_FSTYPES
IMAGE_FSTYPES = "wic uefi_capsule"
inherit image
inherit tfm_sign_image
inherit uefi_capsule
inherit deploy
DEPENDS += "${@bb.utils.contains('MACHINE_FEATURES', 'corstone1000-extsys', \
'external-system', '', d)} \
trusted-firmware-a \
trusted-firmware-m \
u-boot \
"
IMAGE_FEATURES = ""
IMAGE_LINGUAS = ""
PACKAGE_INSTALL = ""
# The corstone1000_capsule_cert.crt and corstone1000_capsule_key.key are installed
# by the U-Boot recipe so this recipe has to depend on that.
CAPSULE_IMGTYPE = ""
CAPSULE_IMG_LOCATION = "${DEPLOY_DIR_IMAGE}"
# User-configurable common capsule settings
CAPSULE_EXTENSION ?= "uefi.capsule"
CAPSULE_VERSION ?= "6"
CAPSULE_LOWEST_SUPPORTED_VERSION ?= "6"
CAPSULE_NAME ?= "${MACHINE}-v${CAPSULE_VERSION}"
CAPSULE_SELECTED_COMPONENTS ?= "BL2 TFM_S FIP INITRAMFS"
CAPSULE_EXTRA_ARGS ?= "--capflag PersistAcrossReset"
# Non-configurable common payloads settings
PAYLOAD_CERTIFICATE_PATH = "${DEPLOY_DIR_IMAGE}/corstone1000_capsule_cert.crt"
PAYLOAD_HARDWARE_INSTANCE = "1"
PAYLOAD_MONOTONIC_COUNT = "1"
PAYLOAD_PRIVATE_KEY_PATH = "${DEPLOY_DIR_IMAGE}/corstone1000_capsule_key.key"
CAPSULE_SELECTED_COMPONENTS += " DUMMY_START DUMMY_END"
# All capsule fields are reset and initialized with DUMMY_START since it is the first payload
# DUMMY_START
PAYLOAD_DUMMY_START_INDEX ?= "5"
PAYLOAD_DUMMY_START_VERSION ?= "${CAPSULE_VERSION}"
PAYLOAD_DUMMY_START_LOWEST_SUPPORTED_VERSION ?= "${CAPSULE_LOWEST_SUPPORTED_VERSION}"
PAYLOAD_DUMMY_START_GUID ?= "6f784cbf-7938-5c23-8d6e-24d2f1410fa9"
CAPSULE_ALL_COMPONENTS = "DUMMY_START "
CAPSULE_CERTIFICATE_PATHS = "${PAYLOAD_CERTIFICATE_PATH} "
CAPSULE_GUIDS = "${PAYLOAD_DUMMY_START_GUID} "
CAPSULE_INDEXES = "${PAYLOAD_DUMMY_START_INDEX} "
CAPSULE_HARDWARE_INSTANCES = "${PAYLOAD_HARDWARE_INSTANCE} "
CAPSULE_MONOTONIC_COUNTS = "${PAYLOAD_MONOTONIC_COUNT} "
CAPSULE_PRIVATE_KEY_PATHS = "${PAYLOAD_PRIVATE_KEY_PATH} "
UEFI_FIRMWARE_BINARIES = "${B}/dummy.bin "
CAPSULE_FW_VERSIONS = "${PAYLOAD_DUMMY_START_VERSION} "
CAPSULE_LOWEST_SUPPORTED_VERSIONS = "${PAYLOAD_DUMMY_START_LOWEST_SUPPORTED_VERSION} "
# BL2
PAYLOAD_BL2_INDEX ?= "1"
PAYLOAD_BL2_VERSION ?= "${CAPSULE_VERSION}"
PAYLOAD_BL2_LOWEST_SUPPORTED_VERSION ?= "${CAPSULE_LOWEST_SUPPORTED_VERSION}"
PAYLOAD_BL2_GUID:corstone1000-fvp ?= "f1d883f9-dfeb-5363-98d8-686ee3b69f4f"
PAYLOAD_BL2_GUID:corstone1000-mps3 ?= "fbfbefaa-0a56-50d5-b651-74091d3d62cf"
CAPSULE_ALL_COMPONENTS += "BL2 "
CAPSULE_CERTIFICATE_PATHS += "${PAYLOAD_CERTIFICATE_PATH} "
CAPSULE_GUIDS += "${PAYLOAD_BL2_GUID} "
CAPSULE_INDEXES += "${PAYLOAD_BL2_INDEX} "
CAPSULE_HARDWARE_INSTANCES += "${PAYLOAD_HARDWARE_INSTANCE} "
CAPSULE_MONOTONIC_COUNTS += "${PAYLOAD_MONOTONIC_COUNT} "
CAPSULE_PRIVATE_KEY_PATHS += "${PAYLOAD_PRIVATE_KEY_PATH} "
UEFI_FIRMWARE_BINARIES += "${DEPLOY_DIR_IMAGE}/trusted-firmware-m/bl2_signed.bin "
CAPSULE_FW_VERSIONS += "${PAYLOAD_BL2_VERSION} "
CAPSULE_LOWEST_SUPPORTED_VERSIONS += "${PAYLOAD_BL2_LOWEST_SUPPORTED_VERSION} "
# TFM_S
PAYLOAD_TFM_S_INDEX ?= "2"
PAYLOAD_TFM_S_VERSION ?= "${CAPSULE_VERSION}"
PAYLOAD_TFM_S_LOWEST_SUPPORTED_VERSION ?= "${CAPSULE_LOWEST_SUPPORTED_VERSION}"
PAYLOAD_TFM_S_GUID:corstone1000-fvp ?= "7fad470e-5ec5-5c03-a2c1-4756b495de61"
PAYLOAD_TFM_S_GUID:corstone1000-mps3 ?= "af4cc7ad-ee2e-5a39-aad5-fac8a1e6173c"
CAPSULE_ALL_COMPONENTS += "TFM_S "
CAPSULE_CERTIFICATE_PATHS += "${PAYLOAD_CERTIFICATE_PATH} "
CAPSULE_GUIDS += "${PAYLOAD_TFM_S_GUID} "
CAPSULE_INDEXES += "${PAYLOAD_TFM_S_INDEX} "
CAPSULE_HARDWARE_INSTANCES += "${PAYLOAD_HARDWARE_INSTANCE} "
CAPSULE_MONOTONIC_COUNTS += "${PAYLOAD_MONOTONIC_COUNT} "
CAPSULE_PRIVATE_KEY_PATHS += "${PAYLOAD_PRIVATE_KEY_PATH} "
UEFI_FIRMWARE_BINARIES += "${DEPLOY_DIR_IMAGE}/trusted-firmware-m/tfm_s_signed.bin "
CAPSULE_FW_VERSIONS += "${PAYLOAD_TFM_S_VERSION} "
CAPSULE_LOWEST_SUPPORTED_VERSIONS += "${PAYLOAD_TFM_S_LOWEST_SUPPORTED_VERSION} "
# FIP
PAYLOAD_FIP_INDEX ?= "3"
PAYLOAD_FIP_VERSION ?= "${CAPSULE_VERSION}"
PAYLOAD_FIP_LOWEST_SUPPORTED_VERSION ?= "${CAPSULE_LOWEST_SUPPORTED_VERSION}"
PAYLOAD_FIP_GUID:corstone1000-fvp ?= "f1933675-5a8c-5b6d-9ef4-846739e89bc8"
PAYLOAD_FIP_GUID:corstone1000-mps3 ?= "55302f96-c4f0-5cf9-8624-e7cc388f2b68"
CAPSULE_ALL_COMPONENTS += "FIP "
CAPSULE_CERTIFICATE_PATHS += "${PAYLOAD_CERTIFICATE_PATH} "
CAPSULE_GUIDS += "${PAYLOAD_FIP_GUID} "
CAPSULE_INDEXES += "${PAYLOAD_FIP_INDEX} "
CAPSULE_HARDWARE_INSTANCES += "${PAYLOAD_HARDWARE_INSTANCE} "
CAPSULE_MONOTONIC_COUNTS += "${PAYLOAD_MONOTONIC_COUNT} "
CAPSULE_PRIVATE_KEY_PATHS += "${PAYLOAD_PRIVATE_KEY_PATH} "
UEFI_FIRMWARE_BINARIES += "${DEPLOY_DIR_IMAGE}/signed_fip.bin "
CAPSULE_FW_VERSIONS += "${PAYLOAD_FIP_VERSION} "
CAPSULE_LOWEST_SUPPORTED_VERSIONS += "${PAYLOAD_FIP_LOWEST_SUPPORTED_VERSION} "
# INITRAMFS
PAYLOAD_INITRAMFS_INDEX ?= "4"
PAYLOAD_INITRAMFS_VERSION ?= "${CAPSULE_VERSION}"
PAYLOAD_INITRAMFS_LOWEST_SUPPORTED_VERSION ?= "${CAPSULE_LOWEST_SUPPORTED_VERSION}"
PAYLOAD_INITRAMFS_GUID:corstone1000-fvp ?= "f771aff9-c7e9-5f99-9eda-2369dd694f61"
PAYLOAD_INITRAMFS_GUID:corstone1000-mps3 ?= "3e8ac972-c33c-5cc9-90a0-cdd3159683ea"
CAPSULE_ALL_COMPONENTS += "INITRAMFS "
CAPSULE_CERTIFICATE_PATHS += "${PAYLOAD_CERTIFICATE_PATH} "
CAPSULE_GUIDS += "${PAYLOAD_INITRAMFS_GUID} "
CAPSULE_INDEXES += "${PAYLOAD_INITRAMFS_INDEX} "
CAPSULE_HARDWARE_INSTANCES += "${PAYLOAD_HARDWARE_INSTANCE} "
CAPSULE_MONOTONIC_COUNTS += "${PAYLOAD_MONOTONIC_COUNT} "
CAPSULE_PRIVATE_KEY_PATHS += "${PAYLOAD_PRIVATE_KEY_PATH} "
UEFI_FIRMWARE_BINARIES += "${DEPLOY_DIR_IMAGE}/Image.gz-initramfs-${MACHINE}.bin "
CAPSULE_FW_VERSIONS += "${PAYLOAD_INITRAMFS_VERSION} "
CAPSULE_LOWEST_SUPPORTED_VERSIONS += "${PAYLOAD_INITRAMFS_LOWEST_SUPPORTED_VERSION} "
# DUMMY_END
PAYLOAD_DUMMY_END_INDEX ?= "6"
PAYLOAD_DUMMY_END_VERSION ?= "${CAPSULE_VERSION}"
PAYLOAD_DUMMY_END_LOWEST_SUPPORTED_VERSION ?= "${CAPSULE_LOWEST_SUPPORTED_VERSION}"
PAYLOAD_DUMMY_END_GUID ?= "b57e432b-a250-5c73-93e3-90205e64baba"
CAPSULE_ALL_COMPONENTS += "DUMMY_END"
CAPSULE_CERTIFICATE_PATHS += "${PAYLOAD_CERTIFICATE_PATH}"
CAPSULE_GUIDS += "${PAYLOAD_DUMMY_END_GUID}"
CAPSULE_INDEXES += "${PAYLOAD_DUMMY_END_INDEX}"
CAPSULE_HARDWARE_INSTANCES += "${PAYLOAD_HARDWARE_INSTANCE}"
CAPSULE_MONOTONIC_COUNTS += "${PAYLOAD_MONOTONIC_COUNT}"
CAPSULE_PRIVATE_KEY_PATHS += "${PAYLOAD_PRIVATE_KEY_PATH}"
UEFI_FIRMWARE_BINARIES += "${B}/dummy.bin"
CAPSULE_FW_VERSIONS += "${PAYLOAD_DUMMY_END_VERSION}"
CAPSULE_LOWEST_SUPPORTED_VERSIONS += "${PAYLOAD_DUMMY_END_LOWEST_SUPPORTED_VERSION}"
# TF-A settings for signing host images
TFA_BL2_BINARY = "bl2.bin"
TFA_FIP_BINARY = "fip.bin"
TFA_BL2_RE_IMAGE_LOAD_ADDRESS = "0x62353000"
TFA_BL2_RE_SIGN_BIN_SIZE = "0x2d000"
TFA_FIP_RE_IMAGE_LOAD_ADDRESS = "0x68130000"
TFA_FIP_RE_SIGN_BIN_SIZE = "0x00200000"
RE_LAYOUT_WRAPPER_VERSION = "0.0.7"
TFM_SIGN_PRIVATE_KEY = "${libdir}/tfm-scripts/root-EC-P256_1.pem"
RE_IMAGE_OFFSET = "0x1000"
do_sign_images() {
# Sign TF-A BL2
sign_host_image ${RECIPE_SYSROOT}/firmware/trusted-firmware-a/${TFA_BL2_BINARY} \
${TFA_BL2_RE_IMAGE_LOAD_ADDRESS} ${TFA_BL2_RE_SIGN_BIN_SIZE}
# Update BL2 in the FIP image
cp ${RECIPE_SYSROOT}/firmware/trusted-firmware-a/${TFA_FIP_BINARY} .
fiptool update --tb-fw \
${TFM_IMAGE_SIGN_DEPLOY_DIR}/signed_${TFA_BL2_BINARY} \
${TFM_IMAGE_SIGN_DIR}/${TFA_FIP_BINARY}
# Sign the FIP image
sign_host_image ${TFM_IMAGE_SIGN_DIR}/${TFA_FIP_BINARY} \
${TFA_FIP_RE_IMAGE_LOAD_ADDRESS} ${TFA_FIP_RE_SIGN_BIN_SIZE}
}
do_sign_images[depends] = "\
fiptool-native:do_populate_sysroot \
"
# Create an empty dummy payload file required for capsule generation
create_dummy_image() {
touch ${B}/dummy.bin
}
do_image_uefi_capsule[depends] += " linux-yocto:do_deploy corstone1000-flash-firmware-image:do_sign_images"
do_image_uefi_capsule[mcdepends] += " ${@bb.utils.contains('BBMULTICONFIG', 'firmware', 'mc::firmware:linux-yocto:do_deploy mc::firmware:corstone1000-flash-firmware-image:do_sign_images', '', d)}"
do_image_uefi_capsule[prefuncs] += "create_dummy_image"
Reference in New Issue View Git Blame Copy Permalink