DESCRIPTION = "Trusted Firmware-A" LICENSE = "BSD-3-Clause & MIT" PACKAGE_ARCH = "${MACHINE_ARCH}" inherit deploy SRC_URI_TRUSTED_FIRMWARE_A ?= "git://git.trustedfirmware.org/TF-A/trusted-firmware-a.git;protocol=https" SRCBRANCH = "master" SRC_URI = "${SRC_URI_TRUSTED_FIRMWARE_A};name=tfa;branch=${SRCBRANCH}" UPSTREAM_CHECK_GITTAGREGEX = "^(lts-)?v(?P\d+(\.\d+)+)$" SRCREV_FORMAT = "tfa" COMPATIBLE_MACHINE ?= "invalid" # Platform must be set for each machine TFA_PLATFORM ?= "invalid" # Some platforms can have multiple board configurations # Leave empty for default behavior TFA_BOARD ?= "" # Some platforms use SPD (Secure Payload Dispatcher) services # Few options are "opteed", "tlkd", "trusty", "tspd", "spmd"... # Leave empty to not use SPD TFA_SPD ?= "" # Variable used when TFA_SPD=spmd TFA_SPMD_SPM_AT_SEL2 ?= "1" # SP layout file location. Used when TFA_SPD=spmd and TFA_SPMD_SPM_AT_SEL2=1 TFA_SP_LAYOUT_FILE ?= "" # SPMC manifest file location. Used when TFA_SPD=spmd and TFA_SPMD_SPM_AT_SEL2=1 TFA_ARM_SPMC_MANIFEST_DTS ?= "" # Build for debug (set TFA_DEBUG to 1 to activate) TFA_DEBUG ?= "0" S = "${WORKDIR}/git" B = "${WORKDIR}/build" # mbed TLS support (set TFA_MBEDTLS to 1 to activate) TFA_MBEDTLS ?= "0" # sub-directory in which mbedtls will be downloaded TFA_MBEDTLS_DIR ?= "mbedtls" # This should be set to MBEDTLS download URL if MBEDTLS is needed SRC_URI_MBEDTLS ??= "" # This should be set to MBEDTLS LIC FILES checksum LIC_FILES_CHKSUM_MBEDTLS ??= "" # add MBEDTLS to our sources if activated SRC_URI:append = " ${@bb.utils.contains('TFA_MBEDTLS', '1', '${SRC_URI_MBEDTLS}', '', d)}" # Update license variables LICENSE:append = "${@bb.utils.contains('TFA_MBEDTLS', '1', ' & Apache-2.0', '', d)}" LIC_FILES_CHKSUM:append = "${@bb.utils.contains('TFA_MBEDTLS', '1', ' ${LIC_FILES_CHKSUM_MBEDTLS}', '', d)}" # add mbed TLS to version SRCREV_FORMAT:append = "${@bb.utils.contains('TFA_MBEDTLS', '1', '_mbedtls', '', d)}" # U-boot support (set TFA_UBOOT to 1 to activate) # When U-Boot support is activated BL33 is activated with u-boot.bin file TFA_UBOOT ??= "0" # UEFI support (set TFA_UEFI to 1 to activate) # When UEFI support is activated BL33 is activated with uefi.bin file TFA_UEFI ??= "0" # What to build # By default we only build bl1, do_deploy will copy # everything listed in this variable (by default bl1.bin) TFA_BUILD_TARGET ?= "bl1" # What to install # do_install and do_deploy will install everything listed in this # variable. It is set by default to TFA_BUILD_TARGET TFA_INSTALL_TARGET ?= "${TFA_BUILD_TARGET}" # Requires CROSS_COMPILE set by hand as there is no configure script export CROSS_COMPILE="${TARGET_PREFIX}" # Let the Makefile handle setting up the CFLAGS and LDFLAGS as it is a standalone application CFLAGS[unexport] = "1" LDFLAGS[unexport] = "1" AS[unexport] = "1" LD[unexport] = "1" # No configure do_configure[noexec] = "1" # Baremetal, just need a compiler DEPENDS:remove = "virtual/${TARGET_PREFIX}compilerlibs virtual/libc" # We need dtc for dtbs compilation # We need openssl for fiptool DEPENDS = "dtc-native openssl-native" DEPENDS:append:toolchain-clang = " compiler-rt" # CC and LD introduce arguments which conflict with those otherwise provided by # this recipe. The heads of these variables excluding those arguments # are therefore used instead. def remove_options_tail (in_string): from itertools import takewhile return ' '.join(takewhile(lambda x: not x.startswith('-'), in_string.split(' '))) EXTRA_OEMAKE += "LD='${@remove_options_tail(d.getVar('LD'))}'" EXTRA_OEMAKE += "CC='${@remove_options_tail(d.getVar('CC'))}'" # Verbose builds, no -Werror EXTRA_OEMAKE += "V=1 E=0" # Add platform parameter EXTRA_OEMAKE += "BUILD_BASE=${B} PLAT=${TFA_PLATFORM}" # Handle TFA_BOARD parameter EXTRA_OEMAKE += "${@'TARGET_BOARD=${TFA_BOARD}' if d.getVar('TFA_BOARD') else ''}" # Handle TFA_SPD parameter EXTRA_OEMAKE += "${@'SPD=${TFA_SPD}' if d.getVar('TFA_SPD') else ''}" # If TFA_SPD is spmd, set SPMD_SPM_AT_SEL2 EXTRA_OEMAKE += "${@'SPMD_SPM_AT_SEL2=${TFA_SPMD_SPM_AT_SEL2}' if d.getVar('TFA_SPD', True) == 'spmd' else ''}" # Handle TFA_DEBUG parameter EXTRA_OEMAKE += "${@bb.utils.contains('TFA_DEBUG', '1', 'DEBUG=${TFA_DEBUG}', '', d)}" # Handle MBEDTLS EXTRA_OEMAKE += "${@bb.utils.contains('TFA_MBEDTLS', '1', 'MBEDTLS_DIR=${TFA_MBEDTLS_DIR}', '', d)}" # Uboot support DEPENDS += " ${@bb.utils.contains('TFA_UBOOT', '1', 'u-boot', '', d)}" do_compile[depends] += " ${@bb.utils.contains('TFA_UBOOT', '1', 'u-boot:do_deploy', '', d)}" EXTRA_OEMAKE += "${@bb.utils.contains('TFA_UBOOT', '1', 'BL33=${DEPLOY_DIR_IMAGE}/u-boot.bin', '', d)}" # UEFI support DEPENDS += " ${@bb.utils.contains('TFA_UEFI', '1', 'edk2-firmware', '', d)}" EXTRA_OEMAKE += "${@bb.utils.contains('TFA_UEFI', '1', 'BL33=${RECIPE_SYSROOT}/firmware/uefi.bin', '', d)}" # TFTF test support DEPENDS += " ${@bb.utils.contains('TFTF_TESTS', '1', 'tf-a-tests', '', d)}" EXTRA_OEMAKE += "${@bb.utils.contains('TFTF_TESTS', '1', 'BL33=${RECIPE_SYSROOT}/firmware/tftf.bin', '',d)}" # Hafnium support SEL2_SPMC = "${@'${TFA_SPMD_SPM_AT_SEL2}' if d.getVar('TFA_SPD', True) == 'spmd' else ''}" DEPENDS += " ${@bb.utils.contains('SEL2_SPMC', '1', 'hafnium', '', d)}" EXTRA_OEMAKE += "${@bb.utils.contains('SEL2_SPMC', '1', 'CTX_INCLUDE_EL2_REGS=1 ARM_ARCH_MINOR=4 BL32=${RECIPE_SYSROOT}/firmware/hafnium.bin', '', d)}" # Add SP layout file and spmc manifest for hafnium EXTRA_OEMAKE += "${@bb.utils.contains('SEL2_SPMC', '1', 'SP_LAYOUT_FILE=${TFA_SP_LAYOUT_FILE}' if d.getVar('TFA_SP_LAYOUT_FILE') else '', '', d)}" EXTRA_OEMAKE += "${@bb.utils.contains('SEL2_SPMC', '1', 'ARM_SPMC_MANIFEST_DTS=${TFA_ARM_SPMC_MANIFEST_DTS}' if d.getVar('TFA_ARM_SPMC_MANIFEST_DTS') else '', '', d)}" # Tell the tools where the native OpenSSL is located EXTRA_OEMAKE += "OPENSSL_DIR=${STAGING_DIR_NATIVE}/${prefix_native}" # Use the correct native compiler EXTRA_OEMAKE += "HOSTCC='${BUILD_CC}'" # Runtime variables EXTRA_OEMAKE += "RUNTIME_SYSROOT=${STAGING_DIR_HOST}" BUILD_DIR = "${B}/${TFA_PLATFORM}" BUILD_DIR .= "${@'/${TFA_BOARD}' if d.getVar('TFA_BOARD') else ''}" BUILD_DIR .= "/${@'debug' if d.getVar("TFA_DEBUG") == '1' else 'release'}" do_compile() { # This is still needed to have the native tools executing properly by # setting the RPATH sed -i '/^LDOPTS/ s,$, \$\{BUILD_LDFLAGS},' ${S}/tools/fiptool/Makefile sed -i '/^INCLUDE_PATHS/ s,$, \$\{BUILD_CFLAGS},' ${S}/tools/fiptool/Makefile sed -i '/^LIB/ s,$, \$\{BUILD_LDFLAGS},' ${S}/tools/cert_create/Makefile # Currently there are races if you build all the targets at once in parallel for T in ${TFA_BUILD_TARGET}; do oe_runmake -C ${S} $T done } do_compile[cleandirs] = "${B}" do_install() { install -d -m 755 ${D}/firmware for atfbin in ${TFA_INSTALL_TARGET}; do processed="0" if [ "$atfbin" = "all" ]; then # Target all is not handled by default bberror "all as TFA_INSTALL_TARGET is not handled by do_install" bberror "Please specify valid targets in TFA_INSTALL_TARGET or" bberror "rewrite or turn off do_install" exit 1 fi if [ -f ${BUILD_DIR}/$atfbin.bin ]; then echo "Install $atfbin.bin" install -m 0644 ${BUILD_DIR}/$atfbin.bin \ ${D}/firmware/$atfbin-${TFA_PLATFORM}.bin ln -sf $atfbin-${TFA_PLATFORM}.bin ${D}/firmware/$atfbin.bin processed="1" fi if [ -f ${BUILD_DIR}/$atfbin/$atfbin.elf ]; then echo "Install $atfbin.elf" install -m 0644 ${BUILD_DIR}/$atfbin/$atfbin.elf \ ${D}/firmware/$atfbin-${TFA_PLATFORM}.elf ln -sf $atfbin-${TFA_PLATFORM}.elf ${D}/firmware/$atfbin.elf processed="1" fi if [ -f ${BUILD_DIR}/$atfbin ]; then echo "Install $atfbin" install -m 0644 ${BUILD_DIR}/$atfbin \ ${D}/firmware/$atfbin-${TFA_PLATFORM} ln -sf $atfbin-${TFA_PLATFORM} ${D}/firmware/$atfbin processed="1" fi if [ -f ${BUILD_DIR}/fdts/$atfbin.dtb ]; then echo "Install $atfbin.dtb" install -m 0644 "${BUILD_DIR}/fdts/$atfbin.dtb" \ "${D}/firmware/$atfbin.dtb" processed="1" elif [ "$atfbin" = "dtbs" ]; then echo "dtbs install, skipped: set dtbs in TFA_INSTALL_TARGET" elif [ -f ${B}/tools/$atfbin/$atfbin ]; then echo "Tools $atfbin install, skipped" elif [ "$processed" = "0" ]; then bberror "Unsupported TFA_INSTALL_TARGET target $atfbin" exit 1 fi done } FILES:${PN} = "/firmware" SYSROOT_DIRS += "/firmware" FILES:${PN}-dbg = "/firmware/*.elf" # Skip QA check for relocations in .text of elf binaries INSANE_SKIP:${PN}-dbg += "textrel" # Build paths are currently embedded INSANE_SKIP:${PN} += "buildpaths" INSANE_SKIP:${PN}-dbg += "buildpaths" do_deploy() { cp -rf ${D}/firmware/* ${DEPLOYDIR}/ } addtask deploy after do_install CVE_PRODUCT = "arm:arm-trusted-firmware \ arm:trusted_firmware-a \ arm:arm_trusted_firmware \ arm_trusted_firmware_project:arm_trusted_firmware"