diff options
Diffstat (limited to 'meta-arm/recipes-bsp/trusted-firmware-a')
11 files changed, 308 insertions, 150 deletions
diff --git a/meta-arm/recipes-bsp/trusted-firmware-a/files/0001-Add-spmc_manifest-for-qemu.patch b/meta-arm/recipes-bsp/trusted-firmware-a/files/0001-Add-spmc_manifest-for-qemu.patch new file mode 100644 index 00000000..8ddf353b --- /dev/null +++ b/meta-arm/recipes-bsp/trusted-firmware-a/files/0001-Add-spmc_manifest-for-qemu.patch @@ -0,0 +1,64 @@ +From 56874ab381b0f0beade2d200147245e157b4aff6 Mon Sep 17 00:00:00 2001 +From: Gyorgy Szing <Gyorgy.Szing@arm.com> +Date: Mon, 13 Mar 2023 21:15:59 +0100 +Subject: [PATCH] Add spmc_manifest for qemu + +This version only supports embedded packaging. + +Upstream-Status: Inappropriate [other] + - The SPMC manifest is integration specific and should live at an + integration spcific place. The manifest file is processed by TF-A + and I am adding the patch to TF-A to keep things simple. + +Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com> +--- + plat/qemu/fdts/optee_spmc_manifest.dts | 40 ++++++++++++++++++++++++++ + 1 file changed, 40 insertions(+) + create mode 100644 plat/qemu/fdts/optee_spmc_manifest.dts + +diff --git a/plat/qemu/fdts/optee_spmc_manifest.dts b/plat/qemu/fdts/optee_spmc_manifest.dts +new file mode 100644 +index 000000000000..ae2ae3d951de +--- /dev/null ++++ b/plat/qemu/fdts/optee_spmc_manifest.dts +@@ -0,0 +1,40 @@ ++/* SPDX-License-Identifier: BSD-3-Clause */ ++/* ++ * Copyright (c) 2023, Arm Limited. All rights reserved. ++ */ ++ ++/dts-v1/; ++ ++/ { ++ compatible = "arm,ffa-core-manifest-1.0"; ++ #address-cells = <2>; ++ #size-cells = <1>; ++ ++ attribute { ++ spmc_id = <0x8000>; ++ maj_ver = <0x1>; ++ min_ver = <0x0>; ++ exec_state = <0x0>; ++ load_address = <0x0 0x0e100000>; ++ entrypoint = <0x0 0x0e100000>; ++ binary_size = <0x80000>; ++ }; ++ ++/* ++ * This file will be preprocessed by TF-A's build system. If Measured Boot is ++ * enabled in TF-A's config, the build system will add the MEASURED_BOOT=1 macro ++ * to the preprocessor arguments. ++ */ ++#if MEASURED_BOOT ++ tpm_event_log { ++ compatible = "arm,tpm_event_log"; ++ tpm_event_log_addr = <0x0 0x0>; ++ tpm_event_log_size = <0x0>; ++ }; ++#endif ++ ++/* If the ARM_BL2_SP_LIST_DTS is defined, SPs should be loaded from FIP */ ++#ifdef ARM_BL2_SP_LIST_DTS ++ #error "FIP SP load addresses configuration is missing. ++#endif ++}; diff --git a/meta-arm/recipes-bsp/trusted-firmware-a/files/0001-bl31_runtime-revert-usage-of-plat_ic_has_interrupt_t.patch b/meta-arm/recipes-bsp/trusted-firmware-a/files/0001-bl31_runtime-revert-usage-of-plat_ic_has_interrupt_t.patch new file mode 100644 index 00000000..f6f054df --- /dev/null +++ b/meta-arm/recipes-bsp/trusted-firmware-a/files/0001-bl31_runtime-revert-usage-of-plat_ic_has_interrupt_t.patch @@ -0,0 +1,38 @@ +From fd13a4d304da4233cb954329bf287ec9dfbb7367 Mon Sep 17 00:00:00 2001 +From: Jon Mason <jon.mason@arm.com> +Date: Mon, 4 Dec 2023 10:20:21 -0500 +Subject: [PATCH] bl31_runtime: revert usage of plat_ic_has_interrupt_type + +There is a regression caused by commit +1f6bb41dd951714b47bf07bb9a332346ca261033 for the trusted services tests. +This is due to the fact that the referenced commit changes the behavior +from checking for both INTR_TYPE_EL3 and INTR_TYPE_S_EL1, to referencing +an existing function that #if for _either_ INTR_TYPE_EL3 or +INTR_TYPE_S_EL1 (depending on the value of GICV2_G0_FOR_EL3). To work +around this issue, revert the check back to its original form. + +Signed-off-by: Jon Mason <jon.mason@arm.com> +Upstream-Status: Pending +--- + bl31/interrupt_mgmt.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/bl31/interrupt_mgmt.c b/bl31/interrupt_mgmt.c +index 68c7f10add21..8e888b676b35 100644 +--- a/bl31/interrupt_mgmt.c ++++ b/bl31/interrupt_mgmt.c +@@ -47,9 +47,9 @@ static intr_type_desc_t intr_type_descs[MAX_INTR_TYPES]; + ******************************************************************************/ + static int32_t validate_interrupt_type(uint32_t type) + { +- if (plat_ic_has_interrupt_type(type)) { ++ if ((type == INTR_TYPE_S_EL1) || (type == INTR_TYPE_NS) || ++ (type == INTR_TYPE_EL3)) + return 0; +- } + + return -EINVAL; + } +-- +2.30.2 + diff --git a/meta-arm/recipes-bsp/trusted-firmware-a/files/0002-pmf.h-made-PMF_STOTE_ENABLE-pass-Wtautological.patch b/meta-arm/recipes-bsp/trusted-firmware-a/files/0002-pmf.h-made-PMF_STOTE_ENABLE-pass-Wtautological.patch deleted file mode 100644 index 42e0f5b1..00000000 --- a/meta-arm/recipes-bsp/trusted-firmware-a/files/0002-pmf.h-made-PMF_STOTE_ENABLE-pass-Wtautological.patch +++ /dev/null @@ -1,31 +0,0 @@ -From c9209fa0f474d41bc5ecf2b988ab404123038c1b Mon Sep 17 00:00:00 2001 -From: Brett Warren <brett.warren@arm.com> -Date: Tue, 3 Nov 2020 13:34:26 +0000 -Subject: [PATCH] pmf.h: made PMF_STOTE_ENABLE pass -Wtautological - -When compiling with clang, PMF_STORE_ENABLE triggers --Wtautological-constant-compare. To mitigate, the definition -is modified cosmetically to not trigger this error. - -Upstream-Status: Pending -Signed-off-by: Brett Warren <brett.warren@arm.com> ---- - include/lib/pmf/pmf.h | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/include/lib/pmf/pmf.h b/include/lib/pmf/pmf.h -index df7c9ff31..baa2dfd60 100644 ---- a/include/lib/pmf/pmf.h -+++ b/include/lib/pmf/pmf.h -@@ -25,7 +25,7 @@ - /* - * Flags passed to PMF_REGISTER_SERVICE - */ --#define PMF_STORE_ENABLE (1 << 0) -+#define PMF_STORE_ENABLE 1 - #define PMF_DUMP_ENABLE (1 << 1) - - /* --- -2.17.1 - diff --git a/meta-arm/recipes-bsp/trusted-firmware-a/files/0003-xlat-tables-v2-remove-tautological-assert.patch b/meta-arm/recipes-bsp/trusted-firmware-a/files/0003-xlat-tables-v2-remove-tautological-assert.patch deleted file mode 100644 index c24b1cfc..00000000 --- a/meta-arm/recipes-bsp/trusted-firmware-a/files/0003-xlat-tables-v2-remove-tautological-assert.patch +++ /dev/null @@ -1,31 +0,0 @@ -From a0b72074ee4cfdf0ff3b807b01a962898761def4 Mon Sep 17 00:00:00 2001 -From: Brett Warren <brett.warren@arm.com> -Date: Fri, 27 Nov 2020 10:29:48 +0000 -Subject: [PATCH] xlat_tables_v2: remove tautological assert - -When compiling with clang for aarch32, an assert triggered --Wtautological error. This assertion is removed, as -this means there is no way for it to resolve as false anyway. - -Upstream-Status: Pending -Signed-off-by: Brett Warren <brett.warren@arm.com> ---- - lib/xlat_tables_v2/aarch32/xlat_tables_arch.c | 2 -- - 1 file changed, 2 deletions(-) - -diff --git a/lib/xlat_tables_v2/aarch32/xlat_tables_arch.c b/lib/xlat_tables_v2/aarch32/xlat_tables_arch.c -index b69c6702b..52a75b37a 100644 ---- a/lib/xlat_tables_v2/aarch32/xlat_tables_arch.c -+++ b/lib/xlat_tables_v2/aarch32/xlat_tables_arch.c -@@ -203,8 +203,6 @@ void setup_mmu_cfg(uint64_t *params, unsigned int flags, - - assert(virtual_addr_space_size >= - xlat_get_min_virt_addr_space_size()); -- assert(virtual_addr_space_size <= -- MAX_VIRT_ADDR_SPACE_SIZE); - assert(IS_POWER_OF_TWO(virtual_addr_space_size)); - - /* --- -2.17.1 - diff --git a/meta-arm/recipes-bsp/trusted-firmware-a/fiptool-native_2.10.3.bb b/meta-arm/recipes-bsp/trusted-firmware-a/fiptool-native_2.10.3.bb new file mode 100644 index 00000000..5ba8d48c --- /dev/null +++ b/meta-arm/recipes-bsp/trusted-firmware-a/fiptool-native_2.10.3.bb @@ -0,0 +1,33 @@ +# Firmware Image Package (FIP) +# It is a packaging format used by TF-A to package the +# firmware images in a single binary. + +DESCRIPTION = "fiptool - Trusted Firmware tool for packaging" +LICENSE = "BSD-3-Clause" + +SRC_URI_TRUSTED_FIRMWARE_A ?= "git://git.trustedfirmware.org/TF-A/trusted-firmware-a.git;protocol=https" +SRC_URI = "${SRC_URI_TRUSTED_FIRMWARE_A};destsuffix=fiptool-${PV};branch=${SRCBRANCH}" +LIC_FILES_CHKSUM = "file://docs/license.rst;md5=b2c740efedc159745b9b31f88ff03dde" + +# Use fiptool from TF-A v2.10.3 +SRCREV = "0f915309c3821ce6f78f8451e5a6178d0cf07611" +SRCBRANCH = "lts-v2.10" + +DEPENDS += "openssl-native" + +inherit native + +EXTRA_OEMAKE = "V=1 HOSTCC='${BUILD_CC}' OPENSSL_DIR=${STAGING_DIR_NATIVE}/${prefix_native}" + +do_compile () { + # This is still needed to have the native fiptool executing properly by + # setting the RPATH + sed -i '/^LDOPTS/ s,$, \$\{BUILD_LDFLAGS},' ${S}/tools/fiptool/Makefile + sed -i '/^INCLUDE_PATHS/ s,$, \$\{BUILD_CFLAGS},' ${S}/tools/fiptool/Makefile + + oe_runmake fiptool +} + +do_install () { + install -D -p -m 0755 tools/fiptool/fiptool ${D}${bindir}/fiptool +} diff --git a/meta-arm/recipes-bsp/trusted-firmware-a/tf-a-tests_2.10.0.bb b/meta-arm/recipes-bsp/trusted-firmware-a/tf-a-tests_2.10.0.bb new file mode 100644 index 00000000..fffdf5d3 --- /dev/null +++ b/meta-arm/recipes-bsp/trusted-firmware-a/tf-a-tests_2.10.0.bb @@ -0,0 +1,58 @@ +DESCRIPTION = "Trusted Firmware-A tests(aka TFTF)" +LICENSE = "BSD-3-Clause & NCSA" + +LIC_FILES_CHKSUM += "file://docs/license.rst;md5=6175cc0aa2e63b6d21a32aa0ee7d1b4a" + +inherit deploy + +COMPATIBLE_MACHINE ?= "invalid" + +SRC_URI_TRUSTED_FIRMWARE_A_TESTS ?= "git://git.trustedfirmware.org/TF-A/tf-a-tests.git;protocol=https" +SRC_URI = "${SRC_URI_TRUSTED_FIRMWARE_A_TESTS};branch=${SRCBRANCH} \ + " +SRCBRANCH = "master" +SRCREV = "42b99719d5dde58bdde07712bcb70a20d87f9067" + +DEPENDS += "optee-os" + +EXTRA_OEMAKE += "USE_NVM=0" +EXTRA_OEMAKE += "SHELL_COLOR=1" +EXTRA_OEMAKE += "DEBUG=1" + +# Modify mode based on debug or release mode +TFTF_MODE ?= "debug" + +# Platform must be set for each machine +TFA_PLATFORM ?= "invalid" + +EXTRA_OEMAKE += "ARCH=aarch64" +EXTRA_OEMAKE += "LOG_LEVEL=50" + +S = "${WORKDIR}/git" +B = "${WORKDIR}/build" + +# Add platform parameter +EXTRA_OEMAKE += "BUILD_BASE=${B} PLAT=${TFA_PLATFORM}" + +# Requires CROSS_COMPILE set by hand as there is no configure script +export CROSS_COMPILE="${TARGET_PREFIX}" + +LDFLAGS[unexport] = "1" +do_compile() { + oe_runmake -C ${S} tftf +} + +do_compile[cleandirs] = "${B}" + +FILES:${PN} = "/firmware/tftf.bin" +SYSROOT_DIRS += "/firmware" + +do_install() { + install -d -m 755 ${D}/firmware + install -m 0644 ${B}/${TFA_PLATFORM}/${TFTF_MODE}/tftf.bin ${D}/firmware/tftf.bin +} + +do_deploy() { + cp -rf ${D}/firmware/* ${DEPLOYDIR}/ +} +addtask deploy after do_install diff --git a/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc b/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc index 807e1254..922c0a34 100644 --- a/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc +++ b/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc @@ -1,14 +1,17 @@ DESCRIPTION = "Trusted Firmware-A" -LICENSE = "BSD-3-Clause" - -PROVIDES = "virtual/trusted-firmware-a" +LICENSE = "BSD-3-Clause & MIT" PACKAGE_ARCH = "${MACHINE_ARCH}" inherit deploy -SRC_URI = "git://git.trustedfirmware.org/TF-A/trusted-firmware-a.git;protocol=https;name=tfa" -UPSTREAM_CHECK_GITTAGREGEX = "^v(?P<pver>\d+(\.\d+)+)$" +SRC_URI_TRUSTED_FIRMWARE_A ?= "git://git.trustedfirmware.org/TF-A/trusted-firmware-a.git;protocol=https" +SRCBRANCH = "master" +SRC_URI = "${SRC_URI_TRUSTED_FIRMWARE_A};name=tfa;branch=${SRCBRANCH}" + +UPSTREAM_CHECK_GITTAGREGEX = "^(lts-)?v(?P<pver>\d+(\.\d+)+)$" + +SRCREV_FORMAT = "tfa" COMPATIBLE_MACHINE ?= "invalid" @@ -48,21 +51,20 @@ SRC_URI_MBEDTLS ??= "" # This should be set to MBEDTLS LIC FILES checksum LIC_FILES_CHKSUM_MBEDTLS ??= "" # add MBEDTLS to our sources if activated -SRC_URI_append = " ${@bb.utils.contains('TFA_MBEDTLS', '1', '${SRC_URI_MBEDTLS}', '', d)}" +SRC_URI:append = " ${@bb.utils.contains('TFA_MBEDTLS', '1', '${SRC_URI_MBEDTLS}', '', d)}" # Update license variables -LICENSE_append = "${@bb.utils.contains('TFA_MBEDTLS', '1', ' & Apache-2.0', '', d)}" -LIC_FILES_CHKSUM_append = "${@bb.utils.contains('TFA_MBEDTLS', '1', ' ${LIC_FILES_CHKSUM_MBEDTLS}', '', d)}" +LICENSE:append = "${@bb.utils.contains('TFA_MBEDTLS', '1', ' & Apache-2.0', '', d)}" +LIC_FILES_CHKSUM:append = "${@bb.utils.contains('TFA_MBEDTLS', '1', ' ${LIC_FILES_CHKSUM_MBEDTLS}', '', d)}" # add mbed TLS to version -SRCREV_FORMAT_append = "${@bb.utils.contains('TFA_MBEDTLS', '1', '_mbedtls', '', d)}" - -SRC_URI_append = " \ - file://0002-pmf.h-made-PMF_STOTE_ENABLE-pass-Wtautological.patch \ - file://0003-xlat-tables-v2-remove-tautological-assert.patch \ - " +SRCREV_FORMAT:append = "${@bb.utils.contains('TFA_MBEDTLS', '1', '_mbedtls', '', d)}" # U-boot support (set TFA_UBOOT to 1 to activate) # When U-Boot support is activated BL33 is activated with u-boot.bin file -TFA_UBOOT ?= "0" +TFA_UBOOT ??= "0" + +# UEFI support (set TFA_UEFI to 1 to activate) +# When UEFI support is activated BL33 is activated with uefi.bin file +TFA_UEFI ??= "0" # What to build # By default we only build bl1, do_deploy will copy @@ -87,12 +89,12 @@ LD[unexport] = "1" do_configure[noexec] = "1" # Baremetal, just need a compiler -DEPENDS_remove = "virtual/${TARGET_PREFIX}compilerlibs virtual/libc" +DEPENDS:remove = "virtual/${TARGET_PREFIX}compilerlibs virtual/libc" # We need dtc for dtbs compilation # We need openssl for fiptool DEPENDS = "dtc-native openssl-native" -DEPENDS_append_toolchain-clang = " compiler-rt" +DEPENDS:append:toolchain-clang = " compiler-rt" # CC and LD introduce arguments which conflict with those otherwise provided by # this recipe. The heads of these variables excluding those arguments @@ -101,11 +103,12 @@ def remove_options_tail (in_string): from itertools import takewhile return ' '.join(takewhile(lambda x: not x.startswith('-'), in_string.split(' '))) -EXTRA_OEMAKE += "LD=${@remove_options_tail(d.getVar('LD'))}" +EXTRA_OEMAKE += "LD='${@remove_options_tail(d.getVar('LD'))}'" -EXTRA_OEMAKE += "CC=${@remove_options_tail(d.getVar('CC'))}" +EXTRA_OEMAKE += "CC='${@remove_options_tail(d.getVar('CC'))}'" -EXTRA_OEMAKE += "V=1" +# Verbose builds, no -Werror +EXTRA_OEMAKE += "V=1 E=0" # Add platform parameter EXTRA_OEMAKE += "BUILD_BASE=${B} PLAT=${TFA_PLATFORM}" @@ -128,7 +131,15 @@ EXTRA_OEMAKE += "${@bb.utils.contains('TFA_MBEDTLS', '1', 'MBEDTLS_DIR=${TFA_MBE # Uboot support DEPENDS += " ${@bb.utils.contains('TFA_UBOOT', '1', 'u-boot', '', d)}" do_compile[depends] += " ${@bb.utils.contains('TFA_UBOOT', '1', 'u-boot:do_deploy', '', d)}" -EXTRA_OEMAKE += "${@bb.utils.contains('TFA_UBOOT', '1', 'BL33=${DEPLOY_DIR_IMAGE}/u-boot.bin', '',d)}" +EXTRA_OEMAKE += "${@bb.utils.contains('TFA_UBOOT', '1', 'BL33=${DEPLOY_DIR_IMAGE}/u-boot.bin', '', d)}" + +# UEFI support +DEPENDS += " ${@bb.utils.contains('TFA_UEFI', '1', 'edk2-firmware', '', d)}" +EXTRA_OEMAKE += "${@bb.utils.contains('TFA_UEFI', '1', 'BL33=${RECIPE_SYSROOT}/firmware/uefi.bin', '', d)}" + +# TFTF test support +DEPENDS += " ${@bb.utils.contains('TFTF_TESTS', '1', 'tf-a-tests', '', d)}" +EXTRA_OEMAKE += "${@bb.utils.contains('TFTF_TESTS', '1', 'BL33=${RECIPE_SYSROOT}/firmware/tftf.bin', '',d)}" # Hafnium support SEL2_SPMC = "${@'${TFA_SPMD_SPM_AT_SEL2}' if d.getVar('TFA_SPD', True) == 'spmd' else ''}" @@ -144,30 +155,26 @@ EXTRA_OEMAKE += "${@bb.utils.contains('SEL2_SPMC', '1', 'ARM_SPMC_MANIFEST_DTS=$ # Tell the tools where the native OpenSSL is located EXTRA_OEMAKE += "OPENSSL_DIR=${STAGING_DIR_NATIVE}/${prefix_native}" +# Use the correct native compiler +EXTRA_OEMAKE += "HOSTCC='${BUILD_CC}'" # Runtime variables EXTRA_OEMAKE += "RUNTIME_SYSROOT=${STAGING_DIR_HOST}" -EXTRA_OEMAKE += "TARGET_FPU=${TARGET_FPU}" BUILD_DIR = "${B}/${TFA_PLATFORM}" BUILD_DIR .= "${@'/${TFA_BOARD}' if d.getVar('TFA_BOARD') else ''}" BUILD_DIR .= "/${@'debug' if d.getVar("TFA_DEBUG") == '1' else 'release'}" -# The following hack is needed to fit properly in yocto build environment -# TFA is forcing the host compiler and its flags in the Makefile using := -# assignment for GCC and CFLAGS. do_compile() { - cd ${S} - - # These changes are needed to have the native tools compiling and executing properly - sed -i '/^LDLIBS/ s,$, \$\{BUILD_LDFLAGS},' ${S}/tools/fiptool/Makefile + # This is still needed to have the native tools executing properly by + # setting the RPATH + sed -i '/^LDOPTS/ s,$, \$\{BUILD_LDFLAGS},' ${S}/tools/fiptool/Makefile sed -i '/^INCLUDE_PATHS/ s,$, \$\{BUILD_CFLAGS},' ${S}/tools/fiptool/Makefile - # This can be removed when only TF-A 2.4 onwards is supported - sed -i 's^OPENSSL_DIR.*=.*$^OPENSSL_DIR = ${STAGING_DIR_NATIVE}/${prefix_native}^' ${S}/tools/*/Makefile + sed -i '/^LIB/ s,$, \$\{BUILD_LDFLAGS},' ${S}/tools/cert_create/Makefile # Currently there are races if you build all the targets at once in parallel for T in ${TFA_BUILD_TARGET}; do - oe_runmake $T + oe_runmake -C ${S} $T done } do_compile[cleandirs] = "${B}" @@ -221,10 +228,15 @@ do_install() { done } -FILES_${PN} = "/firmware" +FILES:${PN} = "/firmware" SYSROOT_DIRS += "/firmware" + +FILES:${PN}-dbg = "/firmware/*.elf" # Skip QA check for relocations in .text of elf binaries -INSANE_SKIP_${PN} = "textrel" +INSANE_SKIP:${PN}-dbg += "textrel" +# Build paths are currently embedded +INSANE_SKIP:${PN} += "buildpaths" +INSANE_SKIP:${PN}-dbg += "buildpaths" do_deploy() { cp -rf ${D}/firmware/* ${DEPLOYDIR}/ diff --git a/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend b/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend index dd74cd53..b3624bb3 100644 --- a/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend +++ b/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend @@ -1,26 +1,71 @@ -COMPATIBLE_MACHINE_qemuarm64 = "qemuarm64" +COMPATIBLE_MACHINE:qemuarm64-secureboot = "qemuarm64-secureboot" +COMPATIBLE_MACHINE:qemu-generic-arm64 = "qemu-generic-arm64" +COMPATIBLE_MACHINE:qemuarm-secureboot = "qemuarm-secureboot" -TFA_PLATFORM_qemuarm64-secureboot = "qemu" -TFA_PLATFORM_qemuarm64-sbsa = "qemu_sbsa" +#FIXME - clang fails to build tfa for qemuarm-secureboot, and possibly other +# arm/aarch32. This is a known testing hole in TF-A. +TOOLCHAIN:qemuarm-secureboot = "gcc" -TFA_SPD_qemuarm64-secureboot = "opteed" +# Enable passing TOS_FW_CONFIG from FIP package to Trusted OS. +FILESEXTRAPATHS:prepend:qemuarm64-secureboot := "${THISDIR}/files:" +SRC_URI:append:qemuarm64-secureboot = " \ + file://0001-Add-spmc_manifest-for-qemu.patch \ + file://0001-bl31_runtime-revert-usage-of-plat_ic_has_interrupt_t.patch \ + " -TFA_UBOOT_qemuarm64-secureboot = "1" -TFA_BUILD_TARGET_aarch64_qemuall = "all fip" +TFA_PLATFORM:qemuarm64-secureboot = "qemu" +TFA_PLATFORM:qemu-generic-arm64 = "qemu_sbsa" +TFA_PLATFORM:qemuarm-secureboot = "qemu" -TFA_INSTALL_TARGET_qemuarm64-secureboot = "flash.bin" -TFA_INSTALL_TARGET_qemuarm64-sbsa = "bl1 fip" +# Trusted Services secure partitions require arm-ffa machine feature. +# Enabling Secure-EL1 Payload Dispatcher (SPD) in this case +TFA_SPD:qemuarm64-secureboot = "${@bb.utils.contains('MACHINE_FEATURES', 'arm-ffa', 'spmd', 'opteed', d)}" +# Configure tf-a accordingly to TS requirements if included +EXTRA_OEMAKE:append:qemuarm64-secureboot = "${@bb.utils.contains('MACHINE_FEATURES', 'arm-ffa', ' CTX_INCLUDE_EL2_REGS=0 SPMC_OPTEE=1 ', '' , d)}" +# Cortex-A57 supports Armv8.0 (no S-EL2 execution state). +# The SPD SPMC component should run at the S-EL1 execution state. +TFA_SPMD_SPM_AT_SEL2:qemuarm64-secureboot = "0" -DEPENDS_append_aarch64_qemuall = " optee-os" +TFA_UBOOT:qemuarm64-secureboot = "1" +TFA_UBOOT:qemuarm-secureboot = "1" +TFA_BUILD_TARGET:aarch64:qemuall = "all fip" +TFA_BUILD_TARGET:arm:qemuall = "all fip" -EXTRA_OEMAKE_append_aarch64_qemuall = " \ +TFA_INSTALL_TARGET:qemuarm64-secureboot = "flash.bin" +TFA_INSTALL_TARGET:qemu-generic-arm64 = "bl1 fip" +TFA_INSTALL_TARGET:qemuarm-secureboot = "flash.bin" + +DEPENDS:append:aarch64:qemuall = " optee-os" +DEPENDS:append:arm:qemuall = " optee-os" + +EXTRA_OEMAKE:append:aarch64:qemuall = " \ BL32=${STAGING_DIR_TARGET}${nonarch_base_libdir}/firmware/tee-header_v2.bin \ BL32_EXTRA1=${STAGING_DIR_TARGET}${nonarch_base_libdir}/firmware/tee-pager_v2.bin \ BL32_EXTRA2=${STAGING_DIR_TARGET}${nonarch_base_libdir}/firmware/tee-pageable_v2.bin \ BL32_RAM_LOCATION=tdram \ " -do_compile_append_qemuarm64-secureboot() { +EXTRA_OEMAKE:append:arm:qemuall = " \ + BL32=${STAGING_DIR_TARGET}${nonarch_base_libdir}/firmware/tee-header_v2.bin \ + BL32_EXTRA1=${STAGING_DIR_TARGET}${nonarch_base_libdir}/firmware/tee-pager_v2.bin \ + BL32_EXTRA2=${STAGING_DIR_TARGET}${nonarch_base_libdir}/firmware/tee-pageable_v2.bin \ + ARM_ARCH_MAJOR=7 \ + ARCH=aarch32 \ + BL32_RAM_LOCATION=tdram \ + AARCH32_SP=optee \ + " +# When using OP-TEE SPMC specify the SPMC manifest file. +EXTRA_OEMAKE:append:qemuarm64-secureboot = "${@bb.utils.contains('MACHINE_FEATURES', 'arm-ffa', \ + 'QEMU_TOS_FW_CONFIG_DTS=${S}/plat/qemu/fdts/optee_spmc_manifest.dts', '', d)}" + +do_compile:append:qemuarm64-secureboot() { + # Create a secure flash image for booting AArch64 Qemu. See: + # https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/tree/docs/plat/qemu.rst + dd if=${BUILD_DIR}/bl1.bin of=${BUILD_DIR}/flash.bin bs=4096 conv=notrunc + dd if=${BUILD_DIR}/fip.bin of=${BUILD_DIR}/flash.bin seek=64 bs=4096 conv=notrunc +} + +do_compile:append:qemuarm-secureboot() { # Create a secure flash image for booting AArch64 Qemu. See: # https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/tree/docs/plat/qemu.rst dd if=${BUILD_DIR}/bl1.bin of=${BUILD_DIR}/flash.bin bs=4096 conv=notrunc diff --git a/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_1.5.bb b/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_1.5.bb deleted file mode 100644 index 56d3507e..00000000 --- a/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_1.5.bb +++ /dev/null @@ -1,28 +0,0 @@ -# -# Trusted firmware-A 1.5 -# - -require trusted-firmware-a.inc - -# Use TF-A for version -SRCREV_FORMAT = "tfa" - -# TF-A v1.5 -SRCREV_tfa = "ed8112606c54d85781fc8429160883d6310ece32" - -LIC_FILES_CHKSUM += "file://license.rst;md5=e927e02bca647e14efd87e9e914b2443" - -# -# mbed TLS source -# Those are used in trusted-firmware-a.inc if TFA_MBEDTLS is set to 1 -# - -SRC_URI_MBEDTLS = "git://github.com/ARMmbed/mbedtls.git;name=mbedtls;protocol=https;destsuffix=git/mbedtls;branch=mbedtls-2.16" - -# mbed TLS v2.16.2 -SRCREV_mbedtls = "d81c11b8ab61fd5b2da8133aa73c5fe33a0633eb" - -LIC_FILES_CHKSUM_MBEDTLS = " \ - file://mbedtls/apache-2.0.txt;md5=3b83ef96387f14655fc854ddc3c6bd57 \ - file://mbedtls/LICENSE;md5=302d50a6369f5f22efdb674db908167a \ - " diff --git a/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.10.3.bb b/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.10.3.bb new file mode 100644 index 00000000..b30ac725 --- /dev/null +++ b/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.10.3.bb @@ -0,0 +1,13 @@ +require recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc + +# TF-A v2.10.3 +SRCREV_tfa = "0f915309c3821ce6f78f8451e5a6178d0cf07611" +SRCBRANCH = "lts-v2.10" + +LIC_FILES_CHKSUM += "file://docs/license.rst;md5=b2c740efedc159745b9b31f88ff03dde" + +# mbedtls-3.4.1 +SRC_URI_MBEDTLS = "git://github.com/ARMmbed/mbedtls.git;name=mbedtls;protocol=https;destsuffix=git/mbedtls;branch=master" +SRCREV_mbedtls = "72718dd87e087215ce9155a826ee5a66cfbe9631" + +LIC_FILES_CHKSUM_MBEDTLS = "file://mbedtls/LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" diff --git a/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.4.bb b/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.4.bb deleted file mode 100644 index f23132af..00000000 --- a/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.4.bb +++ /dev/null @@ -1,15 +0,0 @@ -require trusted-firmware-a.inc - -# Use TF-A for version -SRCREV_FORMAT = "tfa" - -# TF-A v2.4 -SRCREV_tfa = "e2c509a39c6cc4dda8734e6509cdbe6e3603cdfc" - -LIC_FILES_CHKSUM += "file://docs/license.rst;md5=189505435dbcdcc8caa63c46fe93fa89" - -# mbed TLS v2.24.0 -SRC_URI_MBEDTLS = "git://github.com/ARMmbed/mbedtls.git;name=mbedtls;protocol=https;destsuffix=git/mbedtls;branch=master" -SRCREV_mbedtls = "523f0554b6cdc7ace5d360885c3f5bbcc73ec0e8" - -LIC_FILES_CHKSUM_MBEDTLS = "file://mbedtls/LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" |