diff options
Diffstat (limited to 'meta-arm/recipes-bsp')
39 files changed, 1064 insertions, 419 deletions
diff --git a/meta-arm/recipes-bsp/boot-wrapper-aarch64/boot-wrapper-aarch64_git.bb b/meta-arm/recipes-bsp/boot-wrapper-aarch64/boot-wrapper-aarch64_git.bb index 3e4751e3..775f4064 100644 --- a/meta-arm/recipes-bsp/boot-wrapper-aarch64/boot-wrapper-aarch64_git.bb +++ b/meta-arm/recipes-bsp/boot-wrapper-aarch64/boot-wrapper-aarch64_git.bb @@ -1,12 +1,15 @@ SUMMARY = "Linux aarch64 boot wrapper with FDT support" -LICENSE = "BSD" +LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=bb63326febfb5fb909226c8e7ebcef5c" -SRC_URI = "git://git.kernel.org/pub/scm/linux/kernel/git/mark/boot-wrapper-aarch64.git" -SRCREV = "8d5a765251d9113c3c0f9fa14de42a9e7486fe8a" +SRC_URI = "git://git.kernel.org/pub/scm/linux/kernel/git/mark/boot-wrapper-aarch64.git;branch=master" +SRCREV = "d3b1a15d18542b2086e72bfdc3fc43f454772a3b" -PV = "git${SRCPV}" +# boot-wrapper doesn't make releases +UPSTREAM_CHECK_COMMITS = "1" + +PV = "0+git" S = "${WORKDIR}/git" @@ -52,7 +55,7 @@ EXTRA_OEMAKE += "'KERNEL_IMAGE=${DEPLOY_DIR_IMAGE}/${BOOT_WRAPPER_AARCH64_KERNEL EXTRA_OEMAKE += "'CMDLINE=${BOOT_WRAPPER_AARCH64_CMDLINE}'" -do_configure_prepend() { +do_configure:prepend() { # Create dummy files to make configure happy. # We will pass the generated ones directly to make. mkdir -p ${WORKDIR}/kernel/arch/arm64/boot diff --git a/meta-arm/recipes-bsp/hafnium/hafnium/0001-Use-pkg-config-native-to-find-the-libssl-headers.patch b/meta-arm/recipes-bsp/hafnium/hafnium/0001-Use-pkg-config-native-to-find-the-libssl-headers.patch new file mode 100644 index 00000000..cfb534d4 --- /dev/null +++ b/meta-arm/recipes-bsp/hafnium/hafnium/0001-Use-pkg-config-native-to-find-the-libssl-headers.patch @@ -0,0 +1,26 @@ +From 1c1e7ca2874feaa3e447dce578487d42c226ef46 Mon Sep 17 00:00:00 2001 +From: Ross Burton <ross.burton@arm.com> +Date: Sat, 17 Jul 2021 14:38:02 -0500 +Subject: [PATCH] Use pkg-config-native to find the libssl headers. + +Upstream-Status: Inappropriate +Signed-off-by: Ross Burton <ross.burton@arm.com> +--- + scripts/Makefile | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/scripts/Makefile b/scripts/Makefile +index 9adb6d247818..5fe371c7d7f5 100644 +--- a/scripts/Makefile ++++ b/scripts/Makefile +@@ -3,8 +3,8 @@ + # scripts contains sources for various helper programs used throughout + # the kernel for the build process. + +-CRYPTO_LIBS = $(shell pkg-config --libs libcrypto 2> /dev/null || echo -lcrypto) +-CRYPTO_CFLAGS = $(shell pkg-config --cflags libcrypto 2> /dev/null) ++CRYPTO_LIBS = $(shell pkg-config-native --libs libcrypto 2> /dev/null || echo -lcrypto) ++CRYPTO_CFLAGS = $(shell pkg-config-native --cflags libcrypto 2> /dev/null) + + hostprogs-always-$(CONFIG_BUILD_BIN2C) += bin2c + hostprogs-always-$(CONFIG_KALLSYMS) += kallsyms diff --git a/meta-arm/recipes-bsp/hafnium/hafnium/0001-arm-hafnium-fix-kernel-tool-linking.patch b/meta-arm/recipes-bsp/hafnium/hafnium/0001-arm-hafnium-fix-kernel-tool-linking.patch new file mode 100644 index 00000000..6f91ecfe --- /dev/null +++ b/meta-arm/recipes-bsp/hafnium/hafnium/0001-arm-hafnium-fix-kernel-tool-linking.patch @@ -0,0 +1,29 @@ +From c17aabb2535d791a715130f21178946ab9c1e29d Mon Sep 17 00:00:00 2001 +From: Ross Burton <ross.burton@arm.com> +Date: Tue, 9 Nov 2021 23:31:22 +0000 +Subject: [PATCH] arm/hafnium: fix kernel tool linking + +We need to be sure that the host linker flags are passed to the kernel build, +as otherwise it is possible that binaries are incorrectly linked. For example: + +HOSTCC scripts/extract-cert +ld: .../recipe-sysroot-native/usr/lib/pkgconfig/../../../usr/lib/libcrypto.so: undefined reference to `pthread_once@GLIBC_2.34' + +Upstream-Status: Inappropriate +Signed-off-by: Ross Burton <ross.burton@arm.com> +--- + build/linux/linux.gni | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/build/linux/linux.gni b/build/linux/linux.gni +index 497915290106..0e0167d5f485 100644 +--- a/build/linux/linux.gni ++++ b/build/linux/linux.gni +@@ -54,6 +54,7 @@ template("linux_kernel") { + "LLVM=1", + "LLVM_IAS=1", + "CROSS_COMPILE=aarch64-linux-gnu-", ++ "HOSTLDFLAGS=" + getenv("BUILD_LDFLAGS"), + + # Build out-of-tree in `target_out_dir`. + "O=" + rebase_path(target_out_dir), diff --git a/meta-arm/recipes-bsp/hafnium/hafnium/0001-work-around-visibility-issue.patch b/meta-arm/recipes-bsp/hafnium/hafnium/0001-work-around-visibility-issue.patch new file mode 100644 index 00000000..dc0c35fe --- /dev/null +++ b/meta-arm/recipes-bsp/hafnium/hafnium/0001-work-around-visibility-issue.patch @@ -0,0 +1,29 @@ +From 745294ffa9bb9296eb4250f24dd0ae8115fadd7a Mon Sep 17 00:00:00 2001 +From: Jon Mason <jon.mason@arm.com> +Date: Thu, 27 Oct 2022 20:10:09 +0000 +Subject: [PATCH] work around visibility issue + +gn commit 46b572ce4ceedfe57f4f84051bd7da624c98bf01 "fixed" the +visibility field not applying to public configs. This caused dtc to +have issues due to libfdt and others not being specified. Due to the +number, it was cleaner to remove the visibility field (which defaults to +everything being visible). + +Upstream-Status: Pending [Not submitted to upstream yet] +Signed-off-by: Jon Mason <jon.mason@arm.com> +--- + BUILD.gn | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/BUILD.gn b/BUILD.gn +index f55560c540de..d60c3e37135b 100644 +--- a/BUILD.gn ++++ b/BUILD.gn +@@ -5,7 +5,6 @@ + # https://opensource.org/licenses/BSD-3-Clause. + + config("libfdt_config") { +- visibility = [ ":gtest" ] + include_dirs = [ + "libfdt", + "hafnium_inc", diff --git a/meta-arm/recipes-bsp/hafnium/hafnium_2.10.bb b/meta-arm/recipes-bsp/hafnium/hafnium_2.10.bb new file mode 100644 index 00000000..dea1bdcb --- /dev/null +++ b/meta-arm/recipes-bsp/hafnium/hafnium_2.10.bb @@ -0,0 +1,80 @@ +SUMMARY = "Hafnium" +DESCRIPTION = "A reference Secure Partition Manager (SPM) for systems that implement the Armv8.4-A Secure-EL2 extension" +DEPENDS = "gn-native ninja-native bison-native bc-native dtc-native openssl-native" + +LICENSE = "BSD-3-Clause & GPL-2.0-only" +LIC_FILES_CHKSUM = "file://LICENSE;md5=782b40c14bad5294672c500501edc103" + +PACKAGE_ARCH = "${MACHINE_ARCH}" + + +CLANGNATIVE = "" +CLANGNATIVE:runtime-llvm = "clang-native" + +inherit deploy python3native pkgconfig ${CLANGNATIVE} + +SRC_URI = "gitsm://git.trustedfirmware.org/hafnium/hafnium.git;protocol=https;branch=master \ + file://0001-arm-hafnium-fix-kernel-tool-linking.patch \ + file://0001-Use-pkg-config-native-to-find-the-libssl-headers.patch;patchdir=third_party/linux \ + file://0001-work-around-visibility-issue.patch;patchdir=third_party/dtc \ + " +SRCREV = "946fde92bedc95e1320684b0bc2dc752bc1e1bc7" +S = "${WORKDIR}/git" +B = "${WORKDIR}/build" + +COMPATIBLE_MACHINE ?= "invalid" +COMPATIBLE_MACHINE:qemuarm64 = "qemuarm64" + +# Default build 'reference' +HAFNIUM_PROJECT ?= "reference" + +# Platform must be set for each machine +HAFNIUM_PLATFORM ?= "invalid" +HAFNIUM_PLATFORM:qemuarm64 = "qemu_aarch64" + +# do_deploy will install everything listed in this variable. It is set by +# default to hafnium +HAFNIUM_INSTALL_TARGET ?= "hafnium" + +# set project to build +EXTRA_OEMAKE += "PROJECT=${HAFNIUM_PROJECT}" + +EXTRA_OEMAKE += "OUT_DIR=${B}" + +# Don't use prebuilt binaries for gn and ninja +EXTRA_OEMAKE += "GN=${STAGING_BINDIR_NATIVE}/gn NINJA=${STAGING_BINDIR_NATIVE}/ninja" + +do_configure[cleandirs] += "${B}" + +do_compile() { + oe_runmake -C ${S} +} + +do_install() { + cd ${B}/${HAFNIUM_PLATFORM}_clang + install -d -m 755 ${D}/firmware + for bldfile in ${HAFNIUM_INSTALL_TARGET}; do + install -m 0755 $bldfile.bin $bldfile.elf ${D}/firmware/ + done +} + +FILES:${PN} = "/firmware/*.bin" +FILES:${PN}-dbg = "/firmware/*.elf" +SYSROOT_DIRS += "/firmware" +INSANE_SKIP:${PN} = "ldflags" +INSANE_SKIP:${PN}-dbg = "ldflags" +# Build paths are currently embedded +INSANE_SKIP:${PN}-dbg += "buildpaths" + +do_deploy() { + cp -rf ${D}/firmware/* ${DEPLOYDIR}/ +} +addtask deploy after do_install + +python() { + # https://developer.trustedfirmware.org/T898 + if d.getVar("BUILD_ARCH") != "x86_64": + raise bb.parse.SkipRecipe("Cannot be built on non-x86-64 hosts") +} + +EXCLUDE_FROM_WORLD = "1" diff --git a/meta-arm/recipes-bsp/hafnium/hafnium_2.4.bb b/meta-arm/recipes-bsp/hafnium/hafnium_2.4.bb deleted file mode 100644 index 361d6db9..00000000 --- a/meta-arm/recipes-bsp/hafnium/hafnium_2.4.bb +++ /dev/null @@ -1,80 +0,0 @@ -SUMMARY = "Hafnium" -DESCRIPTION = "A reference Secure Partition Manager (SPM) for systems that implement the Armv8.4-A Secure-EL2 extension" -LICENSE = "BSD-3-Clause & GPLv2" -LIC_FILES_CHKSUM = "file://LICENSE;md5=782b40c14bad5294672c500501edc103" - -PACKAGE_ARCH = "${MACHINE_ARCH}" - -inherit deploy python3native - -SRC_URI = "gitsm://git.trustedfirmware.org/hafnium/hafnium.git;protocol=https" -SRCREV = "410a3acaf669c12d41fb4c57fcaf3ecee6fdba61" -S = "${WORKDIR}/git" - -COMPATIBLE_MACHINE ?= "invalid" - -# Default build 'reference' -HAFNIUM_PROJECT ?= "reference" - -# Platform must be set for each machine -HAFNIUM_PLATFORM ?= "invalid" - -# hafnium build directory -# Append _clang as the build rule in hafnium adds this to the platform name. -HAFNIUM_BUILD_DIR_PLAT = "out/${HAFNIUM_PROJECT}/${HAFNIUM_PLATFORM}_clang" - -# do_deploy will install everything listed in this variable. It is set by -# default to hafnium -HAFNIUM_INSTALL_TARGET ?= "hafnium" - -DEPENDS = "bison-native bc-native" - -# set project to build -EXTRA_OEMAKE += "PROJECT=${HAFNIUM_PROJECT}" - -do_compile_prepend() { - # Hafnium expects 'python'. Create symlink python to python3 - real=$(which ${PYTHON}) - ln -snf $real $(dirname $real)/python -} - -do_install() { - install -d -m 755 ${D}/firmware - for bldfile in ${HAFNIUM_INSTALL_TARGET}; do - processed="0" - if [ -f ${S}/${HAFNIUM_BUILD_DIR_PLAT}/$bldfile.bin ]; then - echo "Install $bldfile.bin" - install -m 0755 ${S}/${HAFNIUM_BUILD_DIR_PLAT}/$bldfile.bin \ - ${D}/firmware/$bldfile-${HAFNIUM_PLATFORM}.bin - ln -sf $bldfile-${HAFNIUM_PLATFORM}.bin ${D}/firmware/$bldfile.bin - processed="1" - fi - if [ -f ${S}/${HAFNIUM_BUILD_DIR_PLAT}/$bldfile.elf ]; then - echo "Install $bldfile.elf" - install -m 0755 ${S}/${HAFNIUM_BUILD_DIR_PLAT}/$bldfile.elf \ - ${D}/firmware/$bldfile-${HAFNIUM_PLATFORM}.elf - ln -sf $bldfile-${HAFNIUM_PLATFORM}.elf ${D}/firmware/$bldfile.elf - processed="1" - fi - if [ "$processed" = "0" ]; then - bberror "Unsupported HAFNIUM_INSTALL_TARGET target $bldfile" - exit 1 - fi - done -} - -FILES_${PN} = "/firmware" -SYSROOT_DIRS += "/firmware" -# skip QA tests: {'ldflags'} -INSANE_SKIP_${PN} = "ldflags" - -do_deploy() { - cp -rf ${D}/firmware/* ${DEPLOYDIR}/ -} -addtask deploy after do_install - -python() { - # https://developer.trustedfirmware.org/T898 - if d.getVar("BUILD_ARCH") != "x86_64": - raise bb.parse.SkipRecipe("Cannot be built on non-x86-64 hosts") -} diff --git a/meta-arm/recipes-bsp/images/firmware-deploy-image.bb b/meta-arm/recipes-bsp/images/firmware-deploy-image.bb new file mode 100644 index 00000000..2f347f0b --- /dev/null +++ b/meta-arm/recipes-bsp/images/firmware-deploy-image.bb @@ -0,0 +1,32 @@ +SUMMARY = "Firmware image deploying multi-config firmware" +DESCRIPTION = "Image for deploying a firmware set on platforms using multi-config" +LICENSE = "MIT" + +inherit deploy nopackages + +PACKAGE_ARCH = "${MACHINE_ARCH}" +COMPATIBLE_MACHINE ?= "invalid" +do_configure[noexec] = "1" +do_compile[noexec] = "1" +do_install[noexec] = "1" + +# Users of this recipe are expected to provide the list of firmware images +# that need to be deployed by setting this variable. +FIRMWARE_BINARIES ?= "" + +do_deploy() { + firmware_loc=$(echo "${TMPDIR}" | sed "s/${TCLIBC}/musl/") + firmware_loc="${firmware_loc}_${MACHINE}/deploy/images/${MACHINE}" + for firmware in ${FIRMWARE_BINARIES}; do + echo "cp -av ${firmware_loc}/${firmware} ${DEPLOYDIR}/" + cp -av "${firmware_loc}/${firmware}" ${DEPLOYDIR}/ + if [ -L "${firmware_loc}/${firmware}" ]; then + echo "cp -av ${firmware_loc}/$(readlink ${firmware_loc}/${firmware}) ${DEPLOYDIR}/" + cp -av "${firmware_loc}/$(readlink ${firmware_loc}/${firmware})" ${DEPLOYDIR}/ + fi + done +} + +do_deploy[umask] = "022" + +addtask deploy after do_prepare_recipe_sysroot diff --git a/meta-arm/recipes-bsp/scp-firmware/files/0001-OPTEE-Private-Includes.patch b/meta-arm/recipes-bsp/scp-firmware/files/0001-OPTEE-Private-Includes.patch new file mode 100644 index 00000000..f3063a95 --- /dev/null +++ b/meta-arm/recipes-bsp/scp-firmware/files/0001-OPTEE-Private-Includes.patch @@ -0,0 +1,43 @@ +From b298400a5783453f64d8bebbd92db2c84c4a49fd Mon Sep 17 00:00:00 2001 +From: Ross Burton <ross.burton@arm.com> +Date: Mon, 10 Jul 2023 14:09:16 +0100 +Subject: [PATCH] OPTEE Private Includes + +Change the optee module includes to be private instead of public, so they don't get used +in every build, which can result in compile failures as /core/include/ doesn't exit. + +For some reason this behaviour isn't deterministic, a ticket has been filed with upstream. + +Upstream-Status: Pending +Signed-off-by: Ross Burton <ross.burton@arm.com> +--- + module/optee/console/CMakeLists.txt | 2 +- + module/optee/mbx/CMakeLists.txt | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/module/optee/console/CMakeLists.txt b/module/optee/console/CMakeLists.txt +index aebb7cc79766..942aa98c85ff 100644 +--- a/module/optee/console/CMakeLists.txt ++++ b/module/optee/console/CMakeLists.txt +@@ -14,7 +14,7 @@ target_include_directories(${SCP_MODULE_TARGET} + # Those includes are needed for mutex definitnion that is used in optee_smt + # notification + target_include_directories(${SCP_MODULE_TARGET} +- PUBLIC "${SCP_OPTEE_DIR}/core/arch/arm/include/" ++ PRIVATE "${SCP_OPTEE_DIR}/core/arch/arm/include/" + "${SCP_OPTEE_DIR}/core/include/" + "${SCP_OPTEE_DIR}/lib/libutils/ext/include/" + "${SCP_OPTEE_DIR}/lib/libutee/include/") +diff --git a/module/optee/mbx/CMakeLists.txt b/module/optee/mbx/CMakeLists.txt +index 305fa42b7370..783a7970c2d5 100644 +--- a/module/optee/mbx/CMakeLists.txt ++++ b/module/optee/mbx/CMakeLists.txt +@@ -15,7 +15,7 @@ target_include_directories(${SCP_MODULE_TARGET} + # Those includes are needed for mutex defifitnion that is used in optee_smt + # notification + target_include_directories(${SCP_MODULE_TARGET} +- PUBLIC "${SCP_OPTEE_DIR}/core/include/" ++ PRIVATE "${SCP_OPTEE_DIR}/core/include/" + "${SCP_OPTEE_DIR}/lib/libutils/ext/include/" + "${SCP_OPTEE_DIR}/lib/libutee/include/") + diff --git a/meta-arm/recipes-bsp/scp-firmware/scp-firmware_2.14.0.bb b/meta-arm/recipes-bsp/scp-firmware/scp-firmware_2.14.0.bb new file mode 100644 index 00000000..c0e40d90 --- /dev/null +++ b/meta-arm/recipes-bsp/scp-firmware/scp-firmware_2.14.0.bb @@ -0,0 +1,116 @@ +SUMMARY = "SCP and MCP Firmware" +DESCRIPTION = "Firmware for SCP and MCP software reference implementation" +HOMEPAGE = "https://gitlab.arm.com/firmware/SCP-firmware" + +LICENSE = "BSD-3-Clause & Apache-2.0" +LIC_FILES_CHKSUM = "file://license.md;beginline=5;md5=9db9e3d2fb8d9300a6c3d15101b19731 \ + file://contrib/cmsis/git/LICENSE.txt;md5=e3fc50a88d0a364313df4b21ef20c29e" + +SRC_URI_SCP_FIRMWARE ?= "gitsm://git.gitlab.arm.com/firmware/SCP-firmware.git;protocol=https" +SRC_URI = "${SRC_URI_SCP_FIRMWARE};branch=${SRCBRANCH} \ + file://0001-OPTEE-Private-Includes.patch \ + " + +SRCBRANCH = "main" +SRCREV = "3267f2964114a56faaf46a40704be6ca78240725" + +PROVIDES += "virtual/control-processor-firmware" + +CMAKE_BUILD_TYPE ?= "RelWithDebInfo" +SCP_PLATFORM ?= "${MACHINE}" +SCP_PRODUCT_GROUP ?= "." +SCP_LOG_LEVEL ?= "WARN" +SCP_PLATFORM_FEATURE_SET ?= "0" + +INHIBIT_DEFAULT_DEPS = "1" +DEPENDS = "gcc-arm-none-eabi-native \ + cmake-native \ + ninja-native \ + " + +# For now we only build with GCC, so stop meta-clang trying to get involved +TOOLCHAIN = "gcc" + +inherit deploy + +B = "${WORKDIR}/build" +S = "${WORKDIR}/git" + +# Allow platform specific copying of only scp or both scp & mcp, default to both +FW_TARGETS ?= "scp mcp" +FW_INSTALL ?= "ramfw romfw" + +PACKAGE_ARCH = "${MACHINE_ARCH}" +COMPATIBLE_MACHINE ?= "invalid" + +export CFLAGS = "${DEBUG_PREFIX_MAP}" +export ASMFLAGS = "${DEBUG_PREFIX_MAP}" + +LDFLAGS[unexport] = "1" + +EXTRA_OECMAKE = "-D CMAKE_BUILD_TYPE=${CMAKE_BUILD_TYPE} \ + -D SCP_LOG_LEVEL=${SCP_LOG_LEVEL} \ + -D SCP_PLATFORM_FEATURE_SET=${SCP_PLATFORM_FEATURE_SET} \ + -D DISABLE_CPPCHECK=1 \ + -D SCP_TOOLCHAIN=GNU \ + " + +do_configure() { + for FW in ${FW_TARGETS}; do + for TYPE in ${FW_INSTALL}; do + bbnote Configuring ${SCP_PLATFORM}/${FW}_${TYPE}... + cmake -GNinja ${EXTRA_OECMAKE} -S ${S} -B "${B}/${TYPE}/${FW}" -D SCP_FIRMWARE_SOURCE_DIR:PATH="${SCP_PRODUCT_GROUP}/${SCP_PLATFORM}/${FW}_${TYPE}" + done + done +} + +do_configure[cleandirs] += "${B}" + +do_compile() { + for FW in ${FW_TARGETS}; do + for TYPE in ${FW_INSTALL}; do + bbnote Building ${SCP_PLATFORM}/${FW}_${TYPE}... + VERBOSE=1 cmake --build ${B}/${TYPE}/${FW} --target all + done + done +} + +do_install() { + install -d ${D}/firmware + for TYPE in ${FW_INSTALL}; do + for FW in ${FW_TARGETS}; do + if [ "$TYPE" = "romfw" ]; then + if [ "$FW" = "scp" ]; then + install -D "${B}/${TYPE}/${FW}/bin/${SCP_PLATFORM}-bl1.bin" "${D}/firmware/${FW}_${TYPE}.bin" + install -D "${B}/${TYPE}/${FW}/bin/${SCP_PLATFORM}-bl1.elf" "${D}/firmware/${FW}_${TYPE}.elf" + else + install -D "${B}/${TYPE}/${FW}/bin/${SCP_PLATFORM}-${FW}-bl1.bin" "${D}/firmware/${FW}_${TYPE}.bin" + install -D "${B}/${TYPE}/${FW}/bin/${SCP_PLATFORM}-${FW}-bl1.elf" "${D}/firmware/${FW}_${TYPE}.elf" + fi + elif [ "$TYPE" = "ramfw" ]; then + if [ "$FW" = "scp" ]; then + install -D "${B}/${TYPE}/${FW}/bin/${SCP_PLATFORM}-bl2.bin" "${D}/firmware/${FW}_${TYPE}.bin" + install -D "${B}/${TYPE}/${FW}/bin/${SCP_PLATFORM}-bl2.elf" "${D}/firmware/${FW}_${TYPE}.elf" + else + install -D "${B}/${TYPE}/${FW}/bin/${SCP_PLATFORM}-${FW}-bl2.bin" "${D}/firmware/${FW}_${TYPE}.bin" + install -D "${B}/${TYPE}/${FW}/bin/${SCP_PLATFORM}-${FW}-bl2.elf" "${D}/firmware/${FW}_${TYPE}.elf" + fi + fi + done + done +} + +FILES:${PN} = "/firmware" +SYSROOT_DIRS += "/firmware" + +FILES:${PN}-dbg += "/firmware/*.elf" +# These binaries are specifically for 32-bit arm +INSANE_SKIP:${PN}-dbg += "arch" +INHIBIT_PACKAGE_DEBUG_SPLIT = "1" +INHIBIT_PACKAGE_STRIP = "1" + +do_deploy() { + # Copy the images to deploy directory + cp -rf ${D}/firmware/* ${DEPLOYDIR}/ +} +addtask deploy after do_install diff --git a/meta-arm/recipes-bsp/scp-firmware/scp-firmware_2.8.0.bb b/meta-arm/recipes-bsp/scp-firmware/scp-firmware_2.8.0.bb deleted file mode 100644 index bee3ab5e..00000000 --- a/meta-arm/recipes-bsp/scp-firmware/scp-firmware_2.8.0.bb +++ /dev/null @@ -1,75 +0,0 @@ -SUMMARY = "SCP and MCP Firmware" -DESCRIPTION = "Firmware for SCP and MCP software reference implementation" -HOMEPAGE = "https://github.com/ARM-software/SCP-firmware" - -LICENSE = "BSD-3-Clause & Apache-2.0" -LIC_FILES_CHKSUM = "file://license.md;beginline=5;md5=9db9e3d2fb8d9300a6c3d15101b19731 \ - file://contrib/cmsis/git/LICENSE.txt;md5=e3fc50a88d0a364313df4b21ef20c29e" - -SRC_URI = "gitsm://github.com/ARM-software/SCP-firmware.git;protocol=https" -SRCREV = "043de77f220a0b4b0ec3aa367bd515a9e9df2a29" - -PROVIDES += "virtual/control-processor-firmware" - -SCP_BUILD_RELEASE ?= "1" -SCP_PLATFORM ?= "invalid" -SCP_COMPILER ?= "arm-none-eabi" -SCP_LOG_LEVEL ?= "WARN" - -INHIBIT_DEFAULT_DEPS = "1" -DEPENDS = "virtual/arm-none-eabi-gcc-native" - -SCP_BUILD_STR = "${@bb.utils.contains('SCP_BUILD_RELEASE', '1', 'release', 'debug', d)}" - -inherit deploy - -B = "${WORKDIR}/build" -S = "${WORKDIR}/git" - -# Allow platform specific copying of only scp or both scp & mcp, default to both -FW_TARGETS ?= "scp mcp" -FW_INSTALL ?= "ramfw romfw" - -PACKAGE_ARCH = "${MACHINE_ARCH}" -COMPATIBLE_MACHINE ?= "invalid" - -LDFLAGS[unexport] = "1" - -# No configure -do_configure[noexec] = "1" - -EXTRA_OEMAKE = "V=1 \ - BUILD_PATH='${B}' \ - PRODUCT='${SCP_PLATFORM}' \ - MODE='${SCP_BUILD_STR}' \ - LOG_LEVEL='${SCP_LOG_LEVEL}' \ - CC='${SCP_COMPILER}-gcc' \ - AR='${SCP_COMPILER}-ar' \ - SIZE='${SCP_COMPILER}-size' \ - OBJCOPY='${SCP_COMPILER}-objcopy' \ - " - -do_compile() { - oe_runmake -C "${S}" -} -do_compile[cleandirs] += "${B}" - -do_install() { - install -d ${D}/firmware - for FW in ${FW_TARGETS}; do - for TYPE in ${FW_INSTALL}; do - install -D "${B}/product/${SCP_PLATFORM}/${FW}_${TYPE}/${SCP_BUILD_STR}/bin/${FW}_${TYPE}.bin" "${D}/firmware/" - done - done -} - -FILES_${PN} = "/firmware" -SYSROOT_DIRS += "/firmware" -# Skip QA check for relocations in .text of elf binaries -INSANE_SKIP_${PN} = "textrel" - -do_deploy() { - # Copy the images to deploy directory - cp -rf ${D}/firmware/* ${DEPLOYDIR}/ -} -addtask deploy after do_install diff --git a/meta-arm/recipes-bsp/trusted-firmware-a/files/0001-Add-spmc_manifest-for-qemu.patch b/meta-arm/recipes-bsp/trusted-firmware-a/files/0001-Add-spmc_manifest-for-qemu.patch new file mode 100644 index 00000000..8ddf353b --- /dev/null +++ b/meta-arm/recipes-bsp/trusted-firmware-a/files/0001-Add-spmc_manifest-for-qemu.patch @@ -0,0 +1,64 @@ +From 56874ab381b0f0beade2d200147245e157b4aff6 Mon Sep 17 00:00:00 2001 +From: Gyorgy Szing <Gyorgy.Szing@arm.com> +Date: Mon, 13 Mar 2023 21:15:59 +0100 +Subject: [PATCH] Add spmc_manifest for qemu + +This version only supports embedded packaging. + +Upstream-Status: Inappropriate [other] + - The SPMC manifest is integration specific and should live at an + integration spcific place. The manifest file is processed by TF-A + and I am adding the patch to TF-A to keep things simple. + +Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com> +--- + plat/qemu/fdts/optee_spmc_manifest.dts | 40 ++++++++++++++++++++++++++ + 1 file changed, 40 insertions(+) + create mode 100644 plat/qemu/fdts/optee_spmc_manifest.dts + +diff --git a/plat/qemu/fdts/optee_spmc_manifest.dts b/plat/qemu/fdts/optee_spmc_manifest.dts +new file mode 100644 +index 000000000000..ae2ae3d951de +--- /dev/null ++++ b/plat/qemu/fdts/optee_spmc_manifest.dts +@@ -0,0 +1,40 @@ ++/* SPDX-License-Identifier: BSD-3-Clause */ ++/* ++ * Copyright (c) 2023, Arm Limited. All rights reserved. ++ */ ++ ++/dts-v1/; ++ ++/ { ++ compatible = "arm,ffa-core-manifest-1.0"; ++ #address-cells = <2>; ++ #size-cells = <1>; ++ ++ attribute { ++ spmc_id = <0x8000>; ++ maj_ver = <0x1>; ++ min_ver = <0x0>; ++ exec_state = <0x0>; ++ load_address = <0x0 0x0e100000>; ++ entrypoint = <0x0 0x0e100000>; ++ binary_size = <0x80000>; ++ }; ++ ++/* ++ * This file will be preprocessed by TF-A's build system. If Measured Boot is ++ * enabled in TF-A's config, the build system will add the MEASURED_BOOT=1 macro ++ * to the preprocessor arguments. ++ */ ++#if MEASURED_BOOT ++ tpm_event_log { ++ compatible = "arm,tpm_event_log"; ++ tpm_event_log_addr = <0x0 0x0>; ++ tpm_event_log_size = <0x0>; ++ }; ++#endif ++ ++/* If the ARM_BL2_SP_LIST_DTS is defined, SPs should be loaded from FIP */ ++#ifdef ARM_BL2_SP_LIST_DTS ++ #error "FIP SP load addresses configuration is missing. ++#endif ++}; diff --git a/meta-arm/recipes-bsp/trusted-firmware-a/files/0001-bl31_runtime-revert-usage-of-plat_ic_has_interrupt_t.patch b/meta-arm/recipes-bsp/trusted-firmware-a/files/0001-bl31_runtime-revert-usage-of-plat_ic_has_interrupt_t.patch new file mode 100644 index 00000000..f6f054df --- /dev/null +++ b/meta-arm/recipes-bsp/trusted-firmware-a/files/0001-bl31_runtime-revert-usage-of-plat_ic_has_interrupt_t.patch @@ -0,0 +1,38 @@ +From fd13a4d304da4233cb954329bf287ec9dfbb7367 Mon Sep 17 00:00:00 2001 +From: Jon Mason <jon.mason@arm.com> +Date: Mon, 4 Dec 2023 10:20:21 -0500 +Subject: [PATCH] bl31_runtime: revert usage of plat_ic_has_interrupt_type + +There is a regression caused by commit +1f6bb41dd951714b47bf07bb9a332346ca261033 for the trusted services tests. +This is due to the fact that the referenced commit changes the behavior +from checking for both INTR_TYPE_EL3 and INTR_TYPE_S_EL1, to referencing +an existing function that #if for _either_ INTR_TYPE_EL3 or +INTR_TYPE_S_EL1 (depending on the value of GICV2_G0_FOR_EL3). To work +around this issue, revert the check back to its original form. + +Signed-off-by: Jon Mason <jon.mason@arm.com> +Upstream-Status: Pending +--- + bl31/interrupt_mgmt.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/bl31/interrupt_mgmt.c b/bl31/interrupt_mgmt.c +index 68c7f10add21..8e888b676b35 100644 +--- a/bl31/interrupt_mgmt.c ++++ b/bl31/interrupt_mgmt.c +@@ -47,9 +47,9 @@ static intr_type_desc_t intr_type_descs[MAX_INTR_TYPES]; + ******************************************************************************/ + static int32_t validate_interrupt_type(uint32_t type) + { +- if (plat_ic_has_interrupt_type(type)) { ++ if ((type == INTR_TYPE_S_EL1) || (type == INTR_TYPE_NS) || ++ (type == INTR_TYPE_EL3)) + return 0; +- } + + return -EINVAL; + } +-- +2.30.2 + diff --git a/meta-arm/recipes-bsp/trusted-firmware-a/files/0001-qemu_measured_boot.c-ignore-TPM-error-and-continue-w.patch b/meta-arm/recipes-bsp/trusted-firmware-a/files/0001-qemu_measured_boot.c-ignore-TPM-error-and-continue-w.patch new file mode 100644 index 00000000..2d189d8e --- /dev/null +++ b/meta-arm/recipes-bsp/trusted-firmware-a/files/0001-qemu_measured_boot.c-ignore-TPM-error-and-continue-w.patch @@ -0,0 +1,36 @@ +From 1d1425bde8435d6e2b3e4f2b7bcb2eb293ef9601 Mon Sep 17 00:00:00 2001 +From: Mikko Rapeli <mikko.rapeli@linaro.org> +Date: Mon, 15 Jan 2024 09:26:56 +0000 +Subject: [PATCH] qemu_measured_boot.c: ignore TPM error and continue with boot + +If firmware is configured with TPM support but it's missing +on HW, e.g. swtpm not started and/or configured with qemu, +then continue booting. Missing TPM is not a fatal error. +Enables testing boot without TPM device to see that +missing TPM is detected further up the SW stack and correct +fallback actions are taken. + +Upstream-Status: Pending + +Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org> +--- + plat/qemu/qemu/qemu_measured_boot.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/plat/qemu/qemu/qemu_measured_boot.c b/plat/qemu/qemu/qemu_measured_boot.c +index 122bb23b14..731b081c47 100644 +--- a/plat/qemu/qemu/qemu_measured_boot.c ++++ b/plat/qemu/qemu/qemu_measured_boot.c +@@ -79,7 +79,8 @@ void bl2_plat_mboot_finish(void) + * Note: In QEMU platform, OP-TEE uses nt_fw_config to get the + * secure Event Log buffer address. + */ +- panic(); ++ ERROR("Ignoring TPM errors, continuing without\n"); ++ return; + } + + /* Copy Event Log to Non-secure memory */ +-- +2.34.1 + diff --git a/meta-arm/recipes-bsp/trusted-firmware-a/files/0002-pmf.h-made-PMF_STOTE_ENABLE-pass-Wtautological.patch b/meta-arm/recipes-bsp/trusted-firmware-a/files/0002-pmf.h-made-PMF_STOTE_ENABLE-pass-Wtautological.patch deleted file mode 100644 index 42e0f5b1..00000000 --- a/meta-arm/recipes-bsp/trusted-firmware-a/files/0002-pmf.h-made-PMF_STOTE_ENABLE-pass-Wtautological.patch +++ /dev/null @@ -1,31 +0,0 @@ -From c9209fa0f474d41bc5ecf2b988ab404123038c1b Mon Sep 17 00:00:00 2001 -From: Brett Warren <brett.warren@arm.com> -Date: Tue, 3 Nov 2020 13:34:26 +0000 -Subject: [PATCH] pmf.h: made PMF_STOTE_ENABLE pass -Wtautological - -When compiling with clang, PMF_STORE_ENABLE triggers --Wtautological-constant-compare. To mitigate, the definition -is modified cosmetically to not trigger this error. - -Upstream-Status: Pending -Signed-off-by: Brett Warren <brett.warren@arm.com> ---- - include/lib/pmf/pmf.h | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/include/lib/pmf/pmf.h b/include/lib/pmf/pmf.h -index df7c9ff31..baa2dfd60 100644 ---- a/include/lib/pmf/pmf.h -+++ b/include/lib/pmf/pmf.h -@@ -25,7 +25,7 @@ - /* - * Flags passed to PMF_REGISTER_SERVICE - */ --#define PMF_STORE_ENABLE (1 << 0) -+#define PMF_STORE_ENABLE 1 - #define PMF_DUMP_ENABLE (1 << 1) - - /* --- -2.17.1 - diff --git a/meta-arm/recipes-bsp/trusted-firmware-a/files/0003-xlat-tables-v2-remove-tautological-assert.patch b/meta-arm/recipes-bsp/trusted-firmware-a/files/0003-xlat-tables-v2-remove-tautological-assert.patch deleted file mode 100644 index c24b1cfc..00000000 --- a/meta-arm/recipes-bsp/trusted-firmware-a/files/0003-xlat-tables-v2-remove-tautological-assert.patch +++ /dev/null @@ -1,31 +0,0 @@ -From a0b72074ee4cfdf0ff3b807b01a962898761def4 Mon Sep 17 00:00:00 2001 -From: Brett Warren <brett.warren@arm.com> -Date: Fri, 27 Nov 2020 10:29:48 +0000 -Subject: [PATCH] xlat_tables_v2: remove tautological assert - -When compiling with clang for aarch32, an assert triggered --Wtautological error. This assertion is removed, as -this means there is no way for it to resolve as false anyway. - -Upstream-Status: Pending -Signed-off-by: Brett Warren <brett.warren@arm.com> ---- - lib/xlat_tables_v2/aarch32/xlat_tables_arch.c | 2 -- - 1 file changed, 2 deletions(-) - -diff --git a/lib/xlat_tables_v2/aarch32/xlat_tables_arch.c b/lib/xlat_tables_v2/aarch32/xlat_tables_arch.c -index b69c6702b..52a75b37a 100644 ---- a/lib/xlat_tables_v2/aarch32/xlat_tables_arch.c -+++ b/lib/xlat_tables_v2/aarch32/xlat_tables_arch.c -@@ -203,8 +203,6 @@ void setup_mmu_cfg(uint64_t *params, unsigned int flags, - - assert(virtual_addr_space_size >= - xlat_get_min_virt_addr_space_size()); -- assert(virtual_addr_space_size <= -- MAX_VIRT_ADDR_SPACE_SIZE); - assert(IS_POWER_OF_TWO(virtual_addr_space_size)); - - /* --- -2.17.1 - diff --git a/meta-arm/recipes-bsp/trusted-firmware-a/fiptool-native_2.10.3.bb b/meta-arm/recipes-bsp/trusted-firmware-a/fiptool-native_2.10.3.bb new file mode 100644 index 00000000..5ba8d48c --- /dev/null +++ b/meta-arm/recipes-bsp/trusted-firmware-a/fiptool-native_2.10.3.bb @@ -0,0 +1,33 @@ +# Firmware Image Package (FIP) +# It is a packaging format used by TF-A to package the +# firmware images in a single binary. + +DESCRIPTION = "fiptool - Trusted Firmware tool for packaging" +LICENSE = "BSD-3-Clause" + +SRC_URI_TRUSTED_FIRMWARE_A ?= "git://git.trustedfirmware.org/TF-A/trusted-firmware-a.git;protocol=https" +SRC_URI = "${SRC_URI_TRUSTED_FIRMWARE_A};destsuffix=fiptool-${PV};branch=${SRCBRANCH}" +LIC_FILES_CHKSUM = "file://docs/license.rst;md5=b2c740efedc159745b9b31f88ff03dde" + +# Use fiptool from TF-A v2.10.3 +SRCREV = "0f915309c3821ce6f78f8451e5a6178d0cf07611" +SRCBRANCH = "lts-v2.10" + +DEPENDS += "openssl-native" + +inherit native + +EXTRA_OEMAKE = "V=1 HOSTCC='${BUILD_CC}' OPENSSL_DIR=${STAGING_DIR_NATIVE}/${prefix_native}" + +do_compile () { + # This is still needed to have the native fiptool executing properly by + # setting the RPATH + sed -i '/^LDOPTS/ s,$, \$\{BUILD_LDFLAGS},' ${S}/tools/fiptool/Makefile + sed -i '/^INCLUDE_PATHS/ s,$, \$\{BUILD_CFLAGS},' ${S}/tools/fiptool/Makefile + + oe_runmake fiptool +} + +do_install () { + install -D -p -m 0755 tools/fiptool/fiptool ${D}${bindir}/fiptool +} diff --git a/meta-arm/recipes-bsp/trusted-firmware-a/tf-a-tests_2.10.0.bb b/meta-arm/recipes-bsp/trusted-firmware-a/tf-a-tests_2.10.0.bb new file mode 100644 index 00000000..fffdf5d3 --- /dev/null +++ b/meta-arm/recipes-bsp/trusted-firmware-a/tf-a-tests_2.10.0.bb @@ -0,0 +1,58 @@ +DESCRIPTION = "Trusted Firmware-A tests(aka TFTF)" +LICENSE = "BSD-3-Clause & NCSA" + +LIC_FILES_CHKSUM += "file://docs/license.rst;md5=6175cc0aa2e63b6d21a32aa0ee7d1b4a" + +inherit deploy + +COMPATIBLE_MACHINE ?= "invalid" + +SRC_URI_TRUSTED_FIRMWARE_A_TESTS ?= "git://git.trustedfirmware.org/TF-A/tf-a-tests.git;protocol=https" +SRC_URI = "${SRC_URI_TRUSTED_FIRMWARE_A_TESTS};branch=${SRCBRANCH} \ + " +SRCBRANCH = "master" +SRCREV = "42b99719d5dde58bdde07712bcb70a20d87f9067" + +DEPENDS += "optee-os" + +EXTRA_OEMAKE += "USE_NVM=0" +EXTRA_OEMAKE += "SHELL_COLOR=1" +EXTRA_OEMAKE += "DEBUG=1" + +# Modify mode based on debug or release mode +TFTF_MODE ?= "debug" + +# Platform must be set for each machine +TFA_PLATFORM ?= "invalid" + +EXTRA_OEMAKE += "ARCH=aarch64" +EXTRA_OEMAKE += "LOG_LEVEL=50" + +S = "${WORKDIR}/git" +B = "${WORKDIR}/build" + +# Add platform parameter +EXTRA_OEMAKE += "BUILD_BASE=${B} PLAT=${TFA_PLATFORM}" + +# Requires CROSS_COMPILE set by hand as there is no configure script +export CROSS_COMPILE="${TARGET_PREFIX}" + +LDFLAGS[unexport] = "1" +do_compile() { + oe_runmake -C ${S} tftf +} + +do_compile[cleandirs] = "${B}" + +FILES:${PN} = "/firmware/tftf.bin" +SYSROOT_DIRS += "/firmware" + +do_install() { + install -d -m 755 ${D}/firmware + install -m 0644 ${B}/${TFA_PLATFORM}/${TFTF_MODE}/tftf.bin ${D}/firmware/tftf.bin +} + +do_deploy() { + cp -rf ${D}/firmware/* ${DEPLOYDIR}/ +} +addtask deploy after do_install diff --git a/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc b/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc index 807e1254..922c0a34 100644 --- a/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc +++ b/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc @@ -1,14 +1,17 @@ DESCRIPTION = "Trusted Firmware-A" -LICENSE = "BSD-3-Clause" - -PROVIDES = "virtual/trusted-firmware-a" +LICENSE = "BSD-3-Clause & MIT" PACKAGE_ARCH = "${MACHINE_ARCH}" inherit deploy -SRC_URI = "git://git.trustedfirmware.org/TF-A/trusted-firmware-a.git;protocol=https;name=tfa" -UPSTREAM_CHECK_GITTAGREGEX = "^v(?P<pver>\d+(\.\d+)+)$" +SRC_URI_TRUSTED_FIRMWARE_A ?= "git://git.trustedfirmware.org/TF-A/trusted-firmware-a.git;protocol=https" +SRCBRANCH = "master" +SRC_URI = "${SRC_URI_TRUSTED_FIRMWARE_A};name=tfa;branch=${SRCBRANCH}" + +UPSTREAM_CHECK_GITTAGREGEX = "^(lts-)?v(?P<pver>\d+(\.\d+)+)$" + +SRCREV_FORMAT = "tfa" COMPATIBLE_MACHINE ?= "invalid" @@ -48,21 +51,20 @@ SRC_URI_MBEDTLS ??= "" # This should be set to MBEDTLS LIC FILES checksum LIC_FILES_CHKSUM_MBEDTLS ??= "" # add MBEDTLS to our sources if activated -SRC_URI_append = " ${@bb.utils.contains('TFA_MBEDTLS', '1', '${SRC_URI_MBEDTLS}', '', d)}" +SRC_URI:append = " ${@bb.utils.contains('TFA_MBEDTLS', '1', '${SRC_URI_MBEDTLS}', '', d)}" # Update license variables -LICENSE_append = "${@bb.utils.contains('TFA_MBEDTLS', '1', ' & Apache-2.0', '', d)}" -LIC_FILES_CHKSUM_append = "${@bb.utils.contains('TFA_MBEDTLS', '1', ' ${LIC_FILES_CHKSUM_MBEDTLS}', '', d)}" +LICENSE:append = "${@bb.utils.contains('TFA_MBEDTLS', '1', ' & Apache-2.0', '', d)}" +LIC_FILES_CHKSUM:append = "${@bb.utils.contains('TFA_MBEDTLS', '1', ' ${LIC_FILES_CHKSUM_MBEDTLS}', '', d)}" # add mbed TLS to version -SRCREV_FORMAT_append = "${@bb.utils.contains('TFA_MBEDTLS', '1', '_mbedtls', '', d)}" - -SRC_URI_append = " \ - file://0002-pmf.h-made-PMF_STOTE_ENABLE-pass-Wtautological.patch \ - file://0003-xlat-tables-v2-remove-tautological-assert.patch \ - " +SRCREV_FORMAT:append = "${@bb.utils.contains('TFA_MBEDTLS', '1', '_mbedtls', '', d)}" # U-boot support (set TFA_UBOOT to 1 to activate) # When U-Boot support is activated BL33 is activated with u-boot.bin file -TFA_UBOOT ?= "0" +TFA_UBOOT ??= "0" + +# UEFI support (set TFA_UEFI to 1 to activate) +# When UEFI support is activated BL33 is activated with uefi.bin file +TFA_UEFI ??= "0" # What to build # By default we only build bl1, do_deploy will copy @@ -87,12 +89,12 @@ LD[unexport] = "1" do_configure[noexec] = "1" # Baremetal, just need a compiler -DEPENDS_remove = "virtual/${TARGET_PREFIX}compilerlibs virtual/libc" +DEPENDS:remove = "virtual/${TARGET_PREFIX}compilerlibs virtual/libc" # We need dtc for dtbs compilation # We need openssl for fiptool DEPENDS = "dtc-native openssl-native" -DEPENDS_append_toolchain-clang = " compiler-rt" +DEPENDS:append:toolchain-clang = " compiler-rt" # CC and LD introduce arguments which conflict with those otherwise provided by # this recipe. The heads of these variables excluding those arguments @@ -101,11 +103,12 @@ def remove_options_tail (in_string): from itertools import takewhile return ' '.join(takewhile(lambda x: not x.startswith('-'), in_string.split(' '))) -EXTRA_OEMAKE += "LD=${@remove_options_tail(d.getVar('LD'))}" +EXTRA_OEMAKE += "LD='${@remove_options_tail(d.getVar('LD'))}'" -EXTRA_OEMAKE += "CC=${@remove_options_tail(d.getVar('CC'))}" +EXTRA_OEMAKE += "CC='${@remove_options_tail(d.getVar('CC'))}'" -EXTRA_OEMAKE += "V=1" +# Verbose builds, no -Werror +EXTRA_OEMAKE += "V=1 E=0" # Add platform parameter EXTRA_OEMAKE += "BUILD_BASE=${B} PLAT=${TFA_PLATFORM}" @@ -128,7 +131,15 @@ EXTRA_OEMAKE += "${@bb.utils.contains('TFA_MBEDTLS', '1', 'MBEDTLS_DIR=${TFA_MBE # Uboot support DEPENDS += " ${@bb.utils.contains('TFA_UBOOT', '1', 'u-boot', '', d)}" do_compile[depends] += " ${@bb.utils.contains('TFA_UBOOT', '1', 'u-boot:do_deploy', '', d)}" -EXTRA_OEMAKE += "${@bb.utils.contains('TFA_UBOOT', '1', 'BL33=${DEPLOY_DIR_IMAGE}/u-boot.bin', '',d)}" +EXTRA_OEMAKE += "${@bb.utils.contains('TFA_UBOOT', '1', 'BL33=${DEPLOY_DIR_IMAGE}/u-boot.bin', '', d)}" + +# UEFI support +DEPENDS += " ${@bb.utils.contains('TFA_UEFI', '1', 'edk2-firmware', '', d)}" +EXTRA_OEMAKE += "${@bb.utils.contains('TFA_UEFI', '1', 'BL33=${RECIPE_SYSROOT}/firmware/uefi.bin', '', d)}" + +# TFTF test support +DEPENDS += " ${@bb.utils.contains('TFTF_TESTS', '1', 'tf-a-tests', '', d)}" +EXTRA_OEMAKE += "${@bb.utils.contains('TFTF_TESTS', '1', 'BL33=${RECIPE_SYSROOT}/firmware/tftf.bin', '',d)}" # Hafnium support SEL2_SPMC = "${@'${TFA_SPMD_SPM_AT_SEL2}' if d.getVar('TFA_SPD', True) == 'spmd' else ''}" @@ -144,30 +155,26 @@ EXTRA_OEMAKE += "${@bb.utils.contains('SEL2_SPMC', '1', 'ARM_SPMC_MANIFEST_DTS=$ # Tell the tools where the native OpenSSL is located EXTRA_OEMAKE += "OPENSSL_DIR=${STAGING_DIR_NATIVE}/${prefix_native}" +# Use the correct native compiler +EXTRA_OEMAKE += "HOSTCC='${BUILD_CC}'" # Runtime variables EXTRA_OEMAKE += "RUNTIME_SYSROOT=${STAGING_DIR_HOST}" -EXTRA_OEMAKE += "TARGET_FPU=${TARGET_FPU}" BUILD_DIR = "${B}/${TFA_PLATFORM}" BUILD_DIR .= "${@'/${TFA_BOARD}' if d.getVar('TFA_BOARD') else ''}" BUILD_DIR .= "/${@'debug' if d.getVar("TFA_DEBUG") == '1' else 'release'}" -# The following hack is needed to fit properly in yocto build environment -# TFA is forcing the host compiler and its flags in the Makefile using := -# assignment for GCC and CFLAGS. do_compile() { - cd ${S} - - # These changes are needed to have the native tools compiling and executing properly - sed -i '/^LDLIBS/ s,$, \$\{BUILD_LDFLAGS},' ${S}/tools/fiptool/Makefile + # This is still needed to have the native tools executing properly by + # setting the RPATH + sed -i '/^LDOPTS/ s,$, \$\{BUILD_LDFLAGS},' ${S}/tools/fiptool/Makefile sed -i '/^INCLUDE_PATHS/ s,$, \$\{BUILD_CFLAGS},' ${S}/tools/fiptool/Makefile - # This can be removed when only TF-A 2.4 onwards is supported - sed -i 's^OPENSSL_DIR.*=.*$^OPENSSL_DIR = ${STAGING_DIR_NATIVE}/${prefix_native}^' ${S}/tools/*/Makefile + sed -i '/^LIB/ s,$, \$\{BUILD_LDFLAGS},' ${S}/tools/cert_create/Makefile # Currently there are races if you build all the targets at once in parallel for T in ${TFA_BUILD_TARGET}; do - oe_runmake $T + oe_runmake -C ${S} $T done } do_compile[cleandirs] = "${B}" @@ -221,10 +228,15 @@ do_install() { done } -FILES_${PN} = "/firmware" +FILES:${PN} = "/firmware" SYSROOT_DIRS += "/firmware" + +FILES:${PN}-dbg = "/firmware/*.elf" # Skip QA check for relocations in .text of elf binaries -INSANE_SKIP_${PN} = "textrel" +INSANE_SKIP:${PN}-dbg += "textrel" +# Build paths are currently embedded +INSANE_SKIP:${PN} += "buildpaths" +INSANE_SKIP:${PN}-dbg += "buildpaths" do_deploy() { cp -rf ${D}/firmware/* ${DEPLOYDIR}/ diff --git a/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend b/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend index dd74cd53..3d42a97c 100644 --- a/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend +++ b/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend @@ -1,26 +1,68 @@ -COMPATIBLE_MACHINE_qemuarm64 = "qemuarm64" +COMPATIBLE_MACHINE:qemuarm64-secureboot = "qemuarm64-secureboot" +COMPATIBLE_MACHINE:qemuarm-secureboot = "qemuarm-secureboot" -TFA_PLATFORM_qemuarm64-secureboot = "qemu" -TFA_PLATFORM_qemuarm64-sbsa = "qemu_sbsa" +#FIXME - clang fails to build tfa for qemuarm-secureboot, and possibly other +# arm/aarch32. This is a known testing hole in TF-A. +TOOLCHAIN:qemuarm-secureboot = "gcc" -TFA_SPD_qemuarm64-secureboot = "opteed" +# Enable passing TOS_FW_CONFIG from FIP package to Trusted OS. +FILESEXTRAPATHS:prepend:qemuarm64-secureboot := "${THISDIR}/files:" +SRC_URI:append:qemuarm64-secureboot = " \ + file://0001-Add-spmc_manifest-for-qemu.patch \ + file://0001-bl31_runtime-revert-usage-of-plat_ic_has_interrupt_t.patch \ + " -TFA_UBOOT_qemuarm64-secureboot = "1" -TFA_BUILD_TARGET_aarch64_qemuall = "all fip" +TFA_PLATFORM:qemuarm64-secureboot = "qemu" +TFA_PLATFORM:qemuarm-secureboot = "qemu" -TFA_INSTALL_TARGET_qemuarm64-secureboot = "flash.bin" -TFA_INSTALL_TARGET_qemuarm64-sbsa = "bl1 fip" +# Trusted Services secure partitions require arm-ffa machine feature. +# Enabling Secure-EL1 Payload Dispatcher (SPD) in this case +TFA_SPD:qemuarm64-secureboot = "${@bb.utils.contains('MACHINE_FEATURES', 'arm-ffa', 'spmd', 'opteed', d)}" +# Configure tf-a accordingly to TS requirements if included +EXTRA_OEMAKE:append:qemuarm64-secureboot = "${@bb.utils.contains('MACHINE_FEATURES', 'arm-ffa', ' CTX_INCLUDE_EL2_REGS=0 SPMC_OPTEE=1 ', '' , d)}" +# Cortex-A57 supports Armv8.0 (no S-EL2 execution state). +# The SPD SPMC component should run at the S-EL1 execution state. +TFA_SPMD_SPM_AT_SEL2:qemuarm64-secureboot = "0" -DEPENDS_append_aarch64_qemuall = " optee-os" +TFA_UBOOT:qemuarm64-secureboot = "1" +TFA_UBOOT:qemuarm-secureboot = "1" +TFA_BUILD_TARGET:aarch64:qemuall = "all fip" +TFA_BUILD_TARGET:arm:qemuall = "all fip" -EXTRA_OEMAKE_append_aarch64_qemuall = " \ +TFA_INSTALL_TARGET:qemuarm64-secureboot = "flash.bin" +TFA_INSTALL_TARGET:qemuarm-secureboot = "flash.bin" + +DEPENDS:append:aarch64:qemuall = " optee-os" +DEPENDS:append:arm:qemuall = " optee-os" + +EXTRA_OEMAKE:append:aarch64:qemuall = " \ BL32=${STAGING_DIR_TARGET}${nonarch_base_libdir}/firmware/tee-header_v2.bin \ BL32_EXTRA1=${STAGING_DIR_TARGET}${nonarch_base_libdir}/firmware/tee-pager_v2.bin \ BL32_EXTRA2=${STAGING_DIR_TARGET}${nonarch_base_libdir}/firmware/tee-pageable_v2.bin \ BL32_RAM_LOCATION=tdram \ " -do_compile_append_qemuarm64-secureboot() { +EXTRA_OEMAKE:append:arm:qemuall = " \ + BL32=${STAGING_DIR_TARGET}${nonarch_base_libdir}/firmware/tee-header_v2.bin \ + BL32_EXTRA1=${STAGING_DIR_TARGET}${nonarch_base_libdir}/firmware/tee-pager_v2.bin \ + BL32_EXTRA2=${STAGING_DIR_TARGET}${nonarch_base_libdir}/firmware/tee-pageable_v2.bin \ + ARM_ARCH_MAJOR=7 \ + ARCH=aarch32 \ + BL32_RAM_LOCATION=tdram \ + AARCH32_SP=optee \ + " +# When using OP-TEE SPMC specify the SPMC manifest file. +EXTRA_OEMAKE:append:qemuarm64-secureboot = "${@bb.utils.contains('MACHINE_FEATURES', 'arm-ffa', \ + 'QEMU_TOS_FW_CONFIG_DTS=${S}/plat/qemu/fdts/optee_spmc_manifest.dts', '', d)}" + +do_compile:append:qemuarm64-secureboot() { + # Create a secure flash image for booting AArch64 Qemu. See: + # https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/tree/docs/plat/qemu.rst + dd if=${BUILD_DIR}/bl1.bin of=${BUILD_DIR}/flash.bin bs=4096 conv=notrunc + dd if=${BUILD_DIR}/fip.bin of=${BUILD_DIR}/flash.bin seek=64 bs=4096 conv=notrunc +} + +do_compile:append:qemuarm-secureboot() { # Create a secure flash image for booting AArch64 Qemu. See: # https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/tree/docs/plat/qemu.rst dd if=${BUILD_DIR}/bl1.bin of=${BUILD_DIR}/flash.bin bs=4096 conv=notrunc diff --git a/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_1.5.bb b/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_1.5.bb deleted file mode 100644 index 56d3507e..00000000 --- a/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_1.5.bb +++ /dev/null @@ -1,28 +0,0 @@ -# -# Trusted firmware-A 1.5 -# - -require trusted-firmware-a.inc - -# Use TF-A for version -SRCREV_FORMAT = "tfa" - -# TF-A v1.5 -SRCREV_tfa = "ed8112606c54d85781fc8429160883d6310ece32" - -LIC_FILES_CHKSUM += "file://license.rst;md5=e927e02bca647e14efd87e9e914b2443" - -# -# mbed TLS source -# Those are used in trusted-firmware-a.inc if TFA_MBEDTLS is set to 1 -# - -SRC_URI_MBEDTLS = "git://github.com/ARMmbed/mbedtls.git;name=mbedtls;protocol=https;destsuffix=git/mbedtls;branch=mbedtls-2.16" - -# mbed TLS v2.16.2 -SRCREV_mbedtls = "d81c11b8ab61fd5b2da8133aa73c5fe33a0633eb" - -LIC_FILES_CHKSUM_MBEDTLS = " \ - file://mbedtls/apache-2.0.txt;md5=3b83ef96387f14655fc854ddc3c6bd57 \ - file://mbedtls/LICENSE;md5=302d50a6369f5f22efdb674db908167a \ - " diff --git a/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.10.3.bb b/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.10.3.bb new file mode 100644 index 00000000..13942dbb --- /dev/null +++ b/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.10.3.bb @@ -0,0 +1,18 @@ +require recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc + +# TF-A v2.10.3 +SRCREV_tfa = "0f915309c3821ce6f78f8451e5a6178d0cf07611" +SRCBRANCH = "lts-v2.10" + +LIC_FILES_CHKSUM += "file://docs/license.rst;md5=b2c740efedc159745b9b31f88ff03dde" + +# mbedtls-3.4.1 +SRC_URI_MBEDTLS = "git://github.com/ARMmbed/mbedtls.git;name=mbedtls;protocol=https;destsuffix=git/mbedtls;branch=master" +SRCREV_mbedtls = "72718dd87e087215ce9155a826ee5a66cfbe9631" + +LIC_FILES_CHKSUM_MBEDTLS = "file://mbedtls/LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" + +# continue to boot also without TPM +SRC_URI += "\ + file://0001-qemu_measured_boot.c-ignore-TPM-error-and-continue-w.patch \ +" diff --git a/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.4.bb b/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.4.bb deleted file mode 100644 index f23132af..00000000 --- a/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.4.bb +++ /dev/null @@ -1,15 +0,0 @@ -require trusted-firmware-a.inc - -# Use TF-A for version -SRCREV_FORMAT = "tfa" - -# TF-A v2.4 -SRCREV_tfa = "e2c509a39c6cc4dda8734e6509cdbe6e3603cdfc" - -LIC_FILES_CHKSUM += "file://docs/license.rst;md5=189505435dbcdcc8caa63c46fe93fa89" - -# mbed TLS v2.24.0 -SRC_URI_MBEDTLS = "git://github.com/ARMmbed/mbedtls.git;name=mbedtls;protocol=https;destsuffix=git/mbedtls;branch=master" -SRCREV_mbedtls = "523f0554b6cdc7ace5d360885c3f5bbcc73ec0e8" - -LIC_FILES_CHKSUM_MBEDTLS = "file://mbedtls/LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" diff --git a/meta-arm/recipes-bsp/trusted-firmware-m/files/objcopy.patch b/meta-arm/recipes-bsp/trusted-firmware-m/files/objcopy.patch deleted file mode 100644 index 5734c13a..00000000 --- a/meta-arm/recipes-bsp/trusted-firmware-m/files/objcopy.patch +++ /dev/null @@ -1,20 +0,0 @@ -The BFD target elf32-little has no specified machine, which trips the -architecture sanity test. Use elf32-littlearm to set the machine -correctly. - -Upstream-Status: Backport -Signed-off-by: Ross Burton <ross.burton@arm.com> - -diff --git a/cmake/Common/CompilerGNUARMCommon.cmake b/cmake/Common/CompilerGNUARMCommon.cmake -index 32e805bb..2d3ea8e4 100644 ---- a/cmake/Common/CompilerGNUARMCommon.cmake -+++ b/cmake/Common/CompilerGNUARMCommon.cmake -@@ -196,7 +196,7 @@ function(compiler_generate_hex_output TARGET) - endfunction() - - function(compiler_generate_elf_output TARGET) -- add_custom_command(TARGET ${TARGET} POST_BUILD COMMAND ${CMAKE_GNUARM_OBJCOPY} ARGS -O elf32-little $<TARGET_FILE:${TARGET}> $<TARGET_FILE_DIR:${TARGET}>/${TARGET}.elf) -+ add_custom_command(TARGET ${TARGET} POST_BUILD COMMAND ${CMAKE_GNUARM_OBJCOPY} ARGS -O elf32-littlearm $<TARGET_FILE:${TARGET}> $<TARGET_FILE_DIR:${TARGET}>/${TARGET}.elf) - endfunction() - - # Function for creating a new target that preprocesses a .c file diff --git a/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m-2.0.0-src.inc b/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m-2.0.0-src.inc new file mode 100644 index 00000000..82543258 --- /dev/null +++ b/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m-2.0.0-src.inc @@ -0,0 +1,46 @@ +# Common src definitions for trusted-firmware-m and trusted-firmware-m-scripts + +LICENSE = "BSD-2-Clause & BSD-3-Clause & Apache-2.0" + +LIC_FILES_CHKSUM = "file://license.rst;md5=07f368487da347f3c7bd0fc3085f3afa \ + file://../tf-m-tests/license.rst;md5=4481bae2221b0cfca76a69fb3411f390 \ + file://../mbedtls/LICENSE;md5=379d5819937a6c2f1ef1630d341e026d \ + file://../mcuboot/LICENSE;md5=b6ee33f1d12a5e6ee3de1e82fb51eeb8" + +SRC_URI_TRUSTED_FIRMWARE_M ?= "git://git.trustedfirmware.org/TF-M/trusted-firmware-m.git;protocol=https" +SRC_URI_TRUSTED_FIRMWARE_M_EXTRAS ?= "git://git.trustedfirmware.org/TF-M/tf-m-extras.git;protocol=https" +SRC_URI_TRUSTED_FIRMWARE_M_TESTS ?= "git://git.trustedfirmware.org/TF-M/tf-m-tests.git;protocol=https" +SRC_URI_TRUSTED_FIRMWARE_M_MBEDTLS ?= "git://github.com/ARMmbed/mbedtls.git;protocol=https" +SRC_URI_TRUSTED_FIRMWARE_M_MCUBOOT ?= "git://github.com/mcu-tools/mcuboot.git;protocol=https" +SRC_URI_TRUSTED_FIRMWARE_M_QCBOR ?= "git://github.com/laurencelundblade/QCBOR.git;protocol=https" +SRC_URI = "${SRC_URI_TRUSTED_FIRMWARE_M};branch=${SRCBRANCH_tfm};name=tfm;destsuffix=git/tfm \ + ${SRC_URI_TRUSTED_FIRMWARE_M_EXTRAS};branch=${SRCBRANCH_tfm-extras};name=tfm-extras;destsuffix=git/tfm-extras \ + ${SRC_URI_TRUSTED_FIRMWARE_M_TESTS};branch=${SRCBRANCH_tfm-tests};name=tfm-tests;destsuffix=git/tf-m-tests \ + ${SRC_URI_TRUSTED_FIRMWARE_M_MBEDTLS};branch=${SRCBRANCH_mbedtls};name=mbedtls;destsuffix=git/mbedtls \ + ${SRC_URI_TRUSTED_FIRMWARE_M_MCUBOOT};branch=${SRCBRANCH_mcuboot};name=mcuboot;destsuffix=git/mcuboot \ + ${SRC_URI_TRUSTED_FIRMWARE_M_QCBOR};branch=${SRCBRANCH_qcbor};name=qcbor;destsuffix=git/qcbor \ + " + +# The required dependencies are documented in tf-m/config/config_default.cmake +# TF-Mv2.0.0 +SRCBRANCH_tfm ?= "release/2.0.x" +SRCREV_tfm = "9ca8a5eb3c85eecee1303dffa262800ea0385584" +# TF-Mv2.0.0 +SRCBRANCH_tfm-extras ?= "release/2.0.x" +SRCREV_tfm-extras = "676a1465f361439bc95f5a50ef71749f27caffc1" +# TF-Mv2.0.0 +SRCBRANCH_tfm-tests ?= "release/2.0.x" +SRCREV_tfm-tests = "69fbb233dc6e45f8306d98694ca5760559f9d2ef" +# mbedtls-3.5.1 +SRCBRANCH_mbedtls ?= "master" +SRCREV_mbedtls = "edb8fec9882084344a314368ac7fd957a187519c" +# mcuboot v2.0.0 +SRCBRANCH_mcuboot ?= "main" +SRCREV_mcuboot = "304fd41980ed929533b9f387dde1b463b0be5b90" +# QCBOR v1.2 +SRCBRANCH_qcbor ?= "master" +SRCREV_qcbor = "b0e7033268e88c9f27146fa9a1415ef4c19ebaff" + +SRCREV_FORMAT = "tfm" + +S = "${WORKDIR}/git/tfm" diff --git a/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m-scripts-native.inc b/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m-scripts-native.inc new file mode 100644 index 00000000..afe655f8 --- /dev/null +++ b/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m-scripts-native.inc @@ -0,0 +1,25 @@ +SUMMARY = "Trusted Firmware image signing scripts" +DESCRIPTION = "Trusted Firmware-M image signing scripts" +HOMEPAGE = "https://git.trustedfirmware.org/trusted-firmware-m.git" + +inherit native + +# See bl2/ext/mcuboot/scripts/requirements.txt +RDEPENDS:${PN} = "\ + python3-cryptography-native \ + python3-pyasn1-native \ + python3-pyyaml-native \ + python3-cbor2-native \ + python3-imgtool-native \ + python3-click-native \ +" + +do_configure[noexec] = "1" +do_compile[noexec] = "1" + +do_install() { + install -d ${D}/${libdir} + cp -rf ${S}/bl2/ext/mcuboot/scripts/ ${D}/${libdir}/tfm-scripts + cp -rf ${S}/bl2/ext/mcuboot/*.pem ${D}/${libdir}/tfm-scripts +} +FILES:${PN} = "${libdir}/tfm-scripts" diff --git a/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m-scripts-native_2.0.0.bb b/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m-scripts-native_2.0.0.bb new file mode 100644 index 00000000..d50d886f --- /dev/null +++ b/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m-scripts-native_2.0.0.bb @@ -0,0 +1,2 @@ +require recipes-bsp/trusted-firmware-m/trusted-firmware-m-${PV}-src.inc +require recipes-bsp/trusted-firmware-m/trusted-firmware-m-scripts-native.inc diff --git a/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.2.0.bb b/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m.inc index 3509a580..772366d9 100644 --- a/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.2.0.bb +++ b/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m.inc @@ -8,29 +8,6 @@ DESCRIPTION = "Trusted Firmware-M" HOMEPAGE = "https://git.trustedfirmware.org/trusted-firmware-m.git" PROVIDES = "virtual/trusted-firmware-m" -LICENSE = "BSD-3-Clause & Apachev2" - -LIC_FILES_CHKSUM = "file://license.rst;md5=07f368487da347f3c7bd0fc3085f3afa \ - file://../tf-m-tests/license.rst;md5=02d06ffb8d9f099ff4961c0cb0183a18 \ - file://../mbedtls/LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57 \ - file://../mcuboot/LICENSE;md5=b6ee33f1d12a5e6ee3de1e82fb51eeb8" - -SRC_URI = "git://git.trustedfirmware.org/TF-M/trusted-firmware-m.git;protocol=https;branch=master;name=tfm;destsuffix=${S} \ - git://git.trustedfirmware.org/TF-M/tf-m-tests.git;protocol=https;branch=master;name=tfm-tests;destsuffix=${S}/../tf-m-tests \ - git://github.com/ARMmbed/mbedtls.git;protocol=https;branch=development;name=mbedtls;destsuffix=${S}/../mbedtls \ - git://github.com/JuulLabs-OSS/mcuboot.git;protocol=https;name=mcuboot;destsuffix=${S}/../mcuboot \ - " - -# The required dependencies are documented in tf-m/config/config_default.cmake -# TF-Mv1.2.0 -SRCREV_tfm = "c78be620c0fee08888956646b8f02fd03ab88567" -# mbedtls 2.24 -SRCREV_mbedtls = "523f0554b6cdc7ace5d360885c3f5bbcc73ec0e8" -# master as of 20210212 -SRCREV_tfm-tests = "ccda809801e529250b47c9ac470cf94daef1bb1b" -# 1.7.0 -SRCREV_mcuboot = "a8e12dae381080e898cea0c6f7408009b0163f9f" - UPSTREAM_CHECK_GITTAGREGEX = "^TF-Mv(?P<pver>\d+(\.\d+)+)$" # Note to future readers of this recipe: until the CMakeLists don't abuse @@ -45,16 +22,25 @@ INHIBIT_DEFAULT_DEPS = "1" PACKAGE_ARCH = "${MACHINE_ARCH}" +# At present, TF-M Select other GNU Arm compiler versions instead of 11.2: +# https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/docs/getting_started/tfm_getting_started.rst#n214 +# +# See tools/requirements.txt for Python dependencies DEPENDS += "cmake-native \ - python3-intelhex-native \ - python3-jinja2-native \ - python3-pyyaml-native \ + ninja-native \ + gcc-arm-none-eabi-native \ + python3-cbor2-native \ python3-click-native \ python3-cryptography-native \ python3-pyasn1-native \ - python3-cbor-native" + python3-imgtool-native \ + python3-jinja2-native \ + python3-pyyaml-native \ + python3-pyhsslms-native \ + python3-ecdsa-native \ + python3-kconfiglib-native \ +" -S = "${WORKDIR}/git/tfm" B = "${WORKDIR}/build" # Build for debug (set TFM_DEBUG to 1 to activate) @@ -67,41 +53,44 @@ python() { raise bb.parse.SkipRecipe("TFM_PLATFORM needs to be set") } -PACKAGECONFIG ??= "cc-gnuarm" -# What compiler to use -PACKAGECONFIG[cc-gnuarm] = "-DTFM_TOOLCHAIN_FILE=toolchain_GNUARM.cmake,,gcc-arm-none-eabi-native" -PACKAGECONFIG[cc-armclang] = "-DTFM_TOOLCHAIN_FILE=toolchain_ARMCLANG.cmake,,armcompiler-native" +PACKAGECONFIG ??= "" # Whether to integrate the test suite PACKAGECONFIG[test-secure] = "-DTEST_S=ON,-DTEST_S=OFF" PACKAGECONFIG[test-nonsecure] = "-DTEST_NS=ON,-DTEST_NS=OFF" +# Currently we only support using the Arm binary GCC +EXTRA_OECMAKE += "-DTFM_TOOLCHAIN_FILE=${S}/toolchain_GNUARM.cmake" + +# Don't let FetchContent download more sources during do_configure +EXTRA_OECMAKE += "-DFETCHCONTENT_FULLY_DISCONNECTED=ON" + # Add platform parameters EXTRA_OECMAKE += "-DTFM_PLATFORM=${TFM_PLATFORM}" # Handle TFM_DEBUG parameter -EXTRA_OECMAKE += "${@bb.utils.contains('TFM_DEBUG', '1', '-DCMAKE_BUILD_TYPE=Debug', '', d)}" +EXTRA_OECMAKE += "${@bb.utils.contains('TFM_DEBUG', '1', '-DCMAKE_BUILD_TYPE=Debug', '-DCMAKE_BUILD_TYPE=Release', d)}" # Verbose builds EXTRA_OECMAKE += "-DCMAKE_VERBOSE_MAKEFILE:BOOL=ON" -EXTRA_OECMAKE += "-DMBEDCRYPTO_PATH=${S}/../mbedtls -DTFM_TEST_REPO_PATH=${S}/../tf-m-tests -DMCUBOOT_PATH=${S}/../mcuboot" +EXTRA_OECMAKE += "-DMBEDCRYPTO_PATH=${S}/../mbedtls -DTFM_TEST_REPO_PATH=${S}/../tf-m-tests -DTFM_EXTRAS_REPO_PATH=${S}/../tfm-extras -DMCUBOOT_PATH=${S}/../mcuboot -DQCBOR_PATH=${S}/../qcbor" + +export CMAKE_BUILD_PARALLEL_LEVEL = "${@oe.utils.parallel_make(d, False)}" -# Let the Makefile handle setting up the CFLAGS and LDFLAGS as it is a standalone application -CFLAGS[unexport] = "1" -LDFLAGS[unexport] = "1" AS[unexport] = "1" +CC[unexport] = "1" LD[unexport] = "1" -# TF-M ships patches that it needs applied to mbedcrypto, so apply them -# as part of do_patch. -apply_local_patches() { - cat ${S}/lib/ext/mbedcrypto/*.patch | patch -p1 -d ${S}/../mbedtls -} -do_patch[postfuncs] += "apply_local_patches" +# remove once arm-none-eabi-gcc updates to 13 or newer like poky +DEBUG_PREFIX_MAP:remove = "-fcanon-prefix-map" + +# python3-cryptography needs the legacy provider, so set OPENSSL_MODULES to the +# right path until this is relocated automatically. +export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules" do_configure[cleandirs] = "${B}" do_configure() { - cmake -G"Unix Makefiles" -S ${S} -B ${B} ${EXTRA_OECMAKE} + cmake -GNinja -S ${S} -B ${B} ${EXTRA_OECMAKE} ${PACKAGECONFIG_CONFARGS} } # Invoke install here as there's no point in splitting compile from install: the @@ -111,6 +100,7 @@ do_configure() { do_compile() { cmake --build ${B} -- install } +do_compile[progress] = "outof:^\[(\d+)/(\d+)\]\s+" do_install() { # TODO install headers and static libraries when we know how they're used @@ -118,10 +108,18 @@ do_install() { install -m 0644 ${B}/bin/* ${D}/firmware/ } -FILES_${PN} = "/firmware" +FILES:${PN} = "/firmware" SYSROOT_DIRS += "/firmware" +FILES:${PN}-dbg = "/firmware/*.elf" addtask deploy after do_install do_deploy() { cp -rf ${D}/firmware/* ${DEPLOYDIR}/ } + +# Build paths are currently embedded because it's impossible to pass -fdebug-prefix-map +INSANE_SKIP:${PN} += "buildpaths" +INSANE_SKIP:${PN}-dbg += "buildpaths" +# Target binaries will be 32-bit Arm +INSANE_SKIP:${PN} += "arch" +INSANE_SKIP:${PN}-dbg += "arch" diff --git a/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_2.0.0.bb b/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_2.0.0.bb new file mode 100644 index 00000000..3464f49d --- /dev/null +++ b/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_2.0.0.bb @@ -0,0 +1,2 @@ +require recipes-bsp/trusted-firmware-m/trusted-firmware-m-${PV}-src.inc +require recipes-bsp/trusted-firmware-m/trusted-firmware-m.inc diff --git a/meta-arm/recipes-bsp/u-boot/u-boot/0001-qemu-arm-make-QFW-MMIO-implied-on-qemu-arm.patch b/meta-arm/recipes-bsp/u-boot/u-boot/0001-qemu-arm-make-QFW-MMIO-implied-on-qemu-arm.patch new file mode 100644 index 00000000..8d3b32f8 --- /dev/null +++ b/meta-arm/recipes-bsp/u-boot/u-boot/0001-qemu-arm-make-QFW-MMIO-implied-on-qemu-arm.patch @@ -0,0 +1,34 @@ +From 67bb1f111c4668c4dfdc40547cb83fc6c1f010e9 Mon Sep 17 00:00:00 2001 +From: Jon Mason <jdmason@kudzu.us> +Date: Thu, 26 Jan 2023 11:46:33 -0500 +Subject: [PATCH] qemu: arm: make QFW, MMIO implied on qemu-arm + +There are instances when one would not want QFW enabled, like running +alternative firmware. Make this choice optional instead of forced by +using the implied keyword. + +Signed-off-by: Jon Mason <jdmason@kudzu.us> +Upstream-Status: Pending [Not submitted to upstream yet] + +--- + board/emulation/qemu-arm/Kconfig | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/board/emulation/qemu-arm/Kconfig b/board/emulation/qemu-arm/Kconfig +index ed9949651c4b..93f6f74d5bcc 100644 +--- a/board/emulation/qemu-arm/Kconfig ++++ b/board/emulation/qemu-arm/Kconfig +@@ -5,8 +5,8 @@ config TEXT_BASE + + config BOARD_SPECIFIC_OPTIONS # dummy + def_bool y +- select CMD_QFW +- select QFW_MMIO ++ imply CMD_QFW ++ imply QFW_MMIO + imply VIRTIO_MMIO + imply VIRTIO_PCI + imply VIRTIO_NET +-- +2.30.2 + diff --git a/meta-arm/recipes-bsp/u-boot/u-boot/qemuarm.cfg b/meta-arm/recipes-bsp/u-boot/u-boot/qemuarm.cfg new file mode 100644 index 00000000..da414108 --- /dev/null +++ b/meta-arm/recipes-bsp/u-boot/u-boot/qemuarm.cfg @@ -0,0 +1,5 @@ +# This must match the address that TF-A jumps to for BL33 +CONFIG_TEXT_BASE=0x60000000 +CONFIG_ENV_IS_NOWHERE=y +# CONFIG_ENV_IS_IN_FLASH is not set +# CONFIG_CMD_QFW is not set diff --git a/meta-arm/recipes-bsp/u-boot/u-boot_%.bbappend b/meta-arm/recipes-bsp/u-boot/u-boot_%.bbappend index afcd70a9..58d66e1d 100644 --- a/meta-arm/recipes-bsp/u-boot/u-boot_%.bbappend +++ b/meta-arm/recipes-bsp/u-boot/u-boot_%.bbappend @@ -1,3 +1,7 @@ -FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" +FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:" -SRC_URI_append_qemuarm64-secureboot = " file://qemuarm64.cfg" +SRC_URI:append:qemuarm64-secureboot = " file://qemuarm64.cfg" +SRC_URI:append:qemuarm-secureboot = " \ + file://0001-qemu-arm-make-QFW-MMIO-implied-on-qemu-arm.patch \ + file://qemuarm.cfg \ + " diff --git a/meta-arm/recipes-bsp/uefi/edk2-basetools-native_202402.bb b/meta-arm/recipes-bsp/uefi/edk2-basetools-native_202402.bb new file mode 100644 index 00000000..bd840967 --- /dev/null +++ b/meta-arm/recipes-bsp/uefi/edk2-basetools-native_202402.bb @@ -0,0 +1,24 @@ +# Install EDK2 Base Tools in native sysroot. Currently the BaseTools are not +# built, they are just copied to native sysroot. This is sufficient for +# generating UEFI capsules as it only depends on some python scripts. Other +# tools need to be built first before adding to sysroot. + +SUMMARY = "EDK2 Base Tools" +LICENSE = "BSD-2-Clause-Patent" + +# EDK2 +SRC_URI = "git://github.com/tianocore/edk2.git;branch=master;protocol=https" +LIC_FILES_CHKSUM = "file://License.txt;md5=2b415520383f7964e96700ae12b4570a" + +SRCREV = "edc6681206c1a8791981a2f911d2fb8b3d2f5768" + +S = "${WORKDIR}/git" + +inherit native + +RDEPENDS:${PN} += "python3-core" + +do_install () { + mkdir -p ${D}${bindir}/edk2-BaseTools + cp -r ${WORKDIR}/git/BaseTools/* ${D}${bindir}/edk2-BaseTools/ +} diff --git a/meta-arm/recipes-bsp/uefi/edk2-firmware.inc b/meta-arm/recipes-bsp/uefi/edk2-firmware.inc index c2d9bf12..274852e2 100644 --- a/meta-arm/recipes-bsp/uefi/edk2-firmware.inc +++ b/meta-arm/recipes-bsp/uefi/edk2-firmware.inc @@ -1,10 +1,9 @@ SUMMARY = "UEFI EDK2 Firmware" DESCRIPTION = "UEFI EDK2 Firmware for Arm reference platforms" HOMEPAGE = "https://github.com/tianocore/edk2" - LICENSE = "BSD-2-Clause-Patent" -PROVIDES += "virtual/uefi-firmware" +PROVIDES = "virtual/bootloader" # EDK2 LIC_FILES_CHKSUM = "file://License.txt;md5=2b415520383f7964e96700ae12b4570a" @@ -12,24 +11,35 @@ LIC_FILES_CHKSUM = "file://License.txt;md5=2b415520383f7964e96700ae12b4570a" LIC_FILES_CHKSUM += "file://edk2-platforms/License.txt;md5=2b415520383f7964e96700ae12b4570a" # These can be overridden as needed -EDK2_SRC_URI = "gitsm://github.com/tianocore/edk2.git" -EDK2_PLATFORMS_SRC_URI = "git://github.com/tianocore/edk2-platforms.git" - +SRC_URI_EDK2 ?= "gitsm://github.com/tianocore/edk2.git;protocol=https" +SRC_URI_EDK2_PLATFORMS ?= "git://github.com/tianocore/edk2-platforms.git;protocol=https" +SRCBRANCH_edk2 = "master" +SRCBRANCH_edk2_platforms = "master" SRC_URI = "\ - ${EDK2_SRC_URI};name=edk2;destsuffix=edk2;nobranch=1 \ - ${EDK2_PLATFORMS_SRC_URI};name=edk2-platforms;destsuffix=edk2/edk2-platforms;nobranch=1 \ + ${SRC_URI_EDK2};branch=${SRCBRANCH_edk2_platforms};name=edk2;destsuffix=edk2 \ + ${SRC_URI_EDK2_PLATFORMS};branch=${SRCBRANCH_edk2};name=edk2-platforms;destsuffix=edk2/edk2-platforms \ " SRCREV_FORMAT = "edk2_edk2-platforms" UPSTREAM_CHECK_GITTAGREGEX = "^edk2-stable(?P<pver>\d+)$" -EDK2_BUILD_RELEASE = "" -EDK2_PLATFORM = "" +COMPATIBLE_MACHINE ?= "invalid" +PACKAGE_ARCH = "${MACHINE_ARCH}" + +EDK2_BUILD_RELEASE = "1" + +EDK2_PLATFORM = "unset" # build --platform -EDK2_PLATFORM_DSC = "" +EDK2_PLATFORM_DSC = "unset" EDK2_BIN_NAME = "" # build --arch -EDK2_ARCH = "" +EDK2_ARCH ?= "unset" +EDK2_ARCH:arm = "ARM" +EDK2_ARCH:aarch64 = "AARCH64" +EDK2_ARCH:x86 = "IA32" +EDK2_ARCH:x86-64 = "X64" +EDK2_ARCH:riscv64 = "RISCV64" + # Extra arguments passed to build EDK2_EXTRA_BUILD = "" @@ -37,7 +47,7 @@ EDK2_EXTRA_BUILD = "" EDK2_BUILD_MODE ?= "${@bb.utils.contains('EDK2_BUILD_RELEASE', '1', 'RELEASE', 'DEBUG', d)}" # Baremetal, no need for a C library -DEPENDS_remove = "virtual/${TARGET_PREFIX}compilerlibs virtual/libc" +DEPENDS:remove = "virtual/${TARGET_PREFIX}compilerlibs virtual/libc" DEPENDS += "util-linux-native iasl-native" inherit deploy @@ -45,14 +55,11 @@ inherit deploy S = "${WORKDIR}/edk2" B = "${WORKDIR}/build" -PACKAGE_ARCH = "${MACHINE_ARCH}" - LDFLAGS[unexport] = "1" do_configure[cleandirs] += "${B}" # Set variables as per envsetup -export GCC5_AARCH64_PREFIX = "${STAGING_BINDIR_TOOLCHAIN}/${TARGET_PREFIX}" export PACKAGES_PATH = "${S}:${S}/edk2-platforms" export WORKSPACE = "${B}" export EDK_TOOLS_PATH = "${S}/BaseTools" @@ -62,7 +69,30 @@ export CONF_PATH = "${S}/Conf" export BTOOLS_PATH = "${EDK_TOOLS_PATH}/BinWrappers/PosixLike" EDK_COMPILER ?= "GCC5" -EDK_COMPILER_toolchain-clang = "CLANG38" +export GCC5_AARCH64_PREFIX = "${TARGET_PREFIX}" +export GCC5_ARM_PREFIX = "${TARGET_PREFIX}" + +EDK_COMPILER:toolchain-clang = "CLANG38" +export CLANG38_AARCH64_PREFIX = "${TARGET_PREFIX}" +export CLANG38_ARM_PREFIX = "${TARGET_PREFIX}" + +# These variables were changed in edk2 commit +# 206168e83f0901cbc1815ef5df4ac6598ad9721b, which was part of edk2-202305 +export CC = "${BUILD_CC}" +export CXX = "${BUILD_CXX}" +export AS = "${BUILD_AS}" +export AR = "${BUILD_AR}" +export LD = "${BUILD_LD}" +export CFLAGS = "${BUILD_CFLAGS}" +export CPPFLAGS = "${BUILD_CPPFLAGS}" +export LDFLAGS = "${BUILD_LFLAGS}" + +#FIXME - arm32 doesn't work with clang due to a linker issue +TOOLCHAIN:arm = "gcc" + +do_configure:prepend() { + sed -i -e "s#-target ${HOST_ARCH}-linux-gnu.*#-target ${HOST_SYS}#" ${S}/BaseTools/Conf/tools_def.template +} do_compile() { sed -i -e 's:-I \.\.:-I \.\. ${BUILD_CFLAGS} :' ${EDK_TOOLS_PATH}/Source/C/Makefiles/header.makefile @@ -82,6 +112,7 @@ do_compile() { --buildtarget ${EDK2_BUILD_MODE} \ --tagname ${EDK_COMPILER} \ --platform ${EDK2_PLATFORM_DSC} \ + ${@oe.utils.parallel_make_argument(d, "-n %d")} \ ${EDK2_EXTRA_BUILD} } @@ -90,10 +121,12 @@ do_install() { install ${B}/Build/${EDK2_PLATFORM}/${EDK2_BUILD_MODE}_${EDK_COMPILER}/FV/${EDK2_BIN_NAME} ${D}/firmware/uefi.bin } -FILES_${PN} = "/firmware" +FILES:${PN} = "/firmware" SYSROOT_DIRS += "/firmware" # Skip QA check for relocations in .text of elf binaries -INSANE_SKIP_${PN} = "textrel" +INSANE_SKIP:${PN} += "textrel" +# Build paths are currently embedded +INSANE_SKIP:${PN} += "buildpaths" do_deploy() { # Copy the images to deploy directory diff --git a/meta-arm/recipes-bsp/uefi/edk2-firmware_%.bbappend b/meta-arm/recipes-bsp/uefi/edk2-firmware_%.bbappend index 8330ac94..e923d9f0 100644 --- a/meta-arm/recipes-bsp/uefi/edk2-firmware_%.bbappend +++ b/meta-arm/recipes-bsp/uefi/edk2-firmware_%.bbappend @@ -1,26 +1,22 @@ -COMPATIBLE_MACHINE = "qemuarm64" +COMPATIBLE_MACHINE:qemuarm64-secureboot = "qemuarm64-secureboot" +EDK2_PLATFORM:qemuarm64-secureboot = "ArmVirtQemu-AARCH64" +EDK2_PLATFORM_DSC:qemuarm64-secureboot = "ArmVirtPkg/ArmVirtQemu.dsc" +EDK2_BIN_NAME:qemuarm64-secureboot = "QEMU_EFI.fd" -DEPENDS_append_qemuarm64-sbsa = " virtual/trusted-firmware-a" +COMPATIBLE_MACHINE:qemuarm64 = "qemuarm64" +EDK2_PLATFORM:qemuarm64 = "ArmVirtQemu-AARCH64" +EDK2_PLATFORM_DSC:qemuarm64 = "ArmVirtPkg/ArmVirtQemu.dsc" +EDK2_BIN_NAME:qemuarm64 = "QEMU_EFI.fd" -EDK2_BUILD_RELEASE_aarch64_qemuall = "1" -EDK2_ARCH_aarch64_qemuall = "AARCH64" +COMPATIBLE_MACHINE:qemuarm = "qemuarm" +EDK2_PLATFORM:qemuarm = "ArmVirtQemu-ARM" +EDK2_PLATFORM_DSC:qemuarm = "ArmVirtPkg/ArmVirtQemu.dsc" +EDK2_BIN_NAME:qemuarm = "QEMU_EFI.fd" -EDK2_PLATFORM_qemuarm64-sbsa = "SbsaQemu" -EDK2_PLATFORM_DSC_qemuarm64-sbsa = "Platform/Qemu/SbsaQemu/SbsaQemu.dsc" -EDK2_BIN_NAME_qemuarm64-sbsa = "SBSA_FLASH0.fd" - -EDK2_PLATFORM_qemuarm64-secureboot = "ArmVirtQemu-AARCH64" -EDK2_PLATFORM_DSC_qemuarm64-secureboot = "ArmVirtPkg/ArmVirtQemu.dsc" -EDK2_BIN_NAME_qemuarm64-secureboot = "QEMU_EFI.fd" - -do_compile_prepend_qemuarm64-sbsa() { - mkdir -p ${B}/Platform/Qemu/Sbsa/ - cp ${RECIPE_SYSROOT}/firmware/bl1.bin ${B}/Platform/Qemu/Sbsa/ - cp ${RECIPE_SYSROOT}/firmware/fip.bin ${B}/Platform/Qemu/Sbsa/ +do_install:append:qemuarm64() { + install ${B}/Build/${EDK2_PLATFORM}/${EDK2_BUILD_MODE}_${EDK_COMPILER}/FV/${EDK2_BIN_NAME} ${D}/firmware/ } -do_install_append_qemuarm64-sbsa() { - install ${B}/Build/${EDK2_PLATFORM}/${EDK2_BUILD_MODE}_${EDK_COMPILER}/FV/SBSA_FLASH0.fd ${D}/firmware/ovmf-tfa.bin - install ${B}/Build/${EDK2_PLATFORM}/${EDK2_BUILD_MODE}_${EDK_COMPILER}/FV/SBSA_FLASH1.fd ${D}/firmware/ovmf-uefi.bin - /usr/bin/truncate -s 256M ${D}/firmware/ovmf*.bin +do_install:append:qemuarm() { + install ${B}/Build/${EDK2_PLATFORM}/${EDK2_BUILD_MODE}_${EDK_COMPILER}/FV/${EDK2_BIN_NAME} ${D}/firmware/ } diff --git a/meta-arm/recipes-bsp/uefi/edk2-firmware_202102.bb b/meta-arm/recipes-bsp/uefi/edk2-firmware_202102.bb deleted file mode 100644 index 1352922b..00000000 --- a/meta-arm/recipes-bsp/uefi/edk2-firmware_202102.bb +++ /dev/null @@ -1,4 +0,0 @@ -SRCREV_edk2 ?= "ef91b07388e1c0a50c604e5350eeda98428ccea6" -SRCREV_edk2-platforms ?= "2620e05c6fade20ef5e1ba69280d09f9e2b3eff6" - -require edk2-firmware.inc diff --git a/meta-arm/recipes-bsp/uefi/edk2-firmware_202402.bb b/meta-arm/recipes-bsp/uefi/edk2-firmware_202402.bb new file mode 100644 index 00000000..05885315 --- /dev/null +++ b/meta-arm/recipes-bsp/uefi/edk2-firmware_202402.bb @@ -0,0 +1,7 @@ +SRCREV_edk2 ?= "edc6681206c1a8791981a2f911d2fb8b3d2f5768" +SRCREV_edk2-platforms ?= "07842635c80b64c4a979a652104ea1141ba5007a" + +# FIXME - clang is having issues with antlr +TOOLCHAIN:aarch64 = "gcc" + +require recipes-bsp/uefi/edk2-firmware.inc diff --git a/meta-arm/recipes-bsp/uefi/sbsa-acs/0001-Patch-in-the-paths-to-the-SBSA-test-suite.patch b/meta-arm/recipes-bsp/uefi/sbsa-acs/0001-Patch-in-the-paths-to-the-SBSA-test-suite.patch new file mode 100644 index 00000000..236245fe --- /dev/null +++ b/meta-arm/recipes-bsp/uefi/sbsa-acs/0001-Patch-in-the-paths-to-the-SBSA-test-suite.patch @@ -0,0 +1,32 @@ +From 3a164d9f17591a545d1eafa629b486d4a1563722 Mon Sep 17 00:00:00 2001 +From: Ross Burton <ross.burton@arm.com> +Date: Thu, 16 Feb 2023 21:53:25 +0000 +Subject: [PATCH] Patch in the paths to the SBSA test suite + +Upstream-Status: Inappropriate (required action) +Signed-off-by: Ross Burton <ross.burton@arm.com> +--- + ShellPkg/ShellPkg.dsc | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/ShellPkg/ShellPkg.dsc b/ShellPkg/ShellPkg.dsc +index dd0d88603f11..91710c0795dc 100644 +--- a/ShellPkg/ShellPkg.dsc ++++ b/ShellPkg/ShellPkg.dsc +@@ -23,6 +23,8 @@ + !include MdePkg/MdeLibs.dsc.inc
+
+ [LibraryClasses.common]
++ SbsaValLib|ShellPkg/Application/sbsa-acs/val/SbsaValLib.inf ++ SbsaPalLib|ShellPkg/Application/sbsa-acs/platform/pal_uefi/SbsaPalLib.inf + UefiApplicationEntryPoint|MdePkg/Library/UefiApplicationEntryPoint/UefiApplicationEntryPoint.inf
+ UefiDriverEntryPoint|MdePkg/Library/UefiDriverEntryPoint/UefiDriverEntryPoint.inf
+ UefiBootServicesTableLib|MdePkg/Library/UefiBootServicesTableLib/UefiBootServicesTableLib.inf
+@@ -88,6 +90,7 @@ + # Build all the libraries when building this package.
+ # This helps developers test changes and how they affect the package.
+ #
++ ShellPkg/Application/sbsa-acs/uefi_app/SbsaAvs.inf + ShellPkg/Library/UefiShellLib/UefiShellLib.inf
+ ShellPkg/Library/UefiShellAcpiViewCommandLib/UefiShellAcpiViewCommandLib.inf
+ ShellPkg/Library/UefiShellCommandLib/UefiShellCommandLib.inf
diff --git a/meta-arm/recipes-bsp/uefi/sbsa-acs/0002-Enforce-using-good-old-BFD-linker.patch b/meta-arm/recipes-bsp/uefi/sbsa-acs/0002-Enforce-using-good-old-BFD-linker.patch new file mode 100644 index 00000000..284191d3 --- /dev/null +++ b/meta-arm/recipes-bsp/uefi/sbsa-acs/0002-Enforce-using-good-old-BFD-linker.patch @@ -0,0 +1,31 @@ +From 6c403e3ccaae3bb3fd9d0ad220ed8ea98b2b1354 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Wed, 7 Apr 2021 00:16:07 -0700 +Subject: [PATCH] Enforce using good old BFD linker + +some distros may use gold as system linker and it crashes while linking the app + +TOPDIR/build/tmpfs/work/qemuarm64-yoe-linux/sbsa-acs/3.0-r0/recipe-sysroot-native/usr/bin/aarch64-yoe-linux/../../libexec/aarch64-yoe-linux/gcc/aarch64-yoe-linux/11.0.1/ld: error: TOPDIR/build/tmpfs/work/qemuarm64-yoe-linux/sbsa-acs/3.0-r0/edk2/BaseTools/Scripts/GccBase.lds:54:10: INFO section type is unsupported +TOPDIR/build/tmpfs/work/qemuarm64-yoe-linux/sbsa-acs/3.0-r0/recipe-sysroot-native/usr/bin/aarch64-yoe-linux/../../libexec/aarch64-yoe-linux/gcc/aarch64-yoe-linux/11.0.1/ld: error: TOPDIR/build/tmpfs/work/qemuarm64-yoe-linux/sbsa-acs/3.0-r0/edk2/BaseTools/Scripts/GccBase.lds:66:14: INFO section type is unsupported +TOPDIR/build/tmpfs/work/qemuarm64-yoe-linux/sbsa-acs/3.0-r0/recipe-sysroot-native/usr/bin/aarch64-yoe-linux/../../libexec/aarch64-yoe-linux/gcc/aarch64-yoe-linux/11.0.1/ld: internal error in do_layout, at ../../gold/object.cc:1939 +collect2: error: ld returned 1 exit status + +Upstream-Status: Pending +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + BaseTools/Conf/tools_def.template | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/BaseTools/Conf/tools_def.template b/BaseTools/Conf/tools_def.template +index 1bf62362b611..2b41be8d5a44 100755 +--- a/BaseTools/Conf/tools_def.template ++++ b/BaseTools/Conf/tools_def.template +@@ -747,7 +747,7 @@ DEFINE GCC_AARCH64_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -mlittle-endian -fno- + DEFINE GCC_AARCH64_CC_XIPFLAGS = -mstrict-align -mgeneral-regs-only
+ DEFINE GCC_RISCV64_CC_XIPFLAGS = -mstrict-align -mgeneral-regs-only
+ DEFINE GCC_DLINK_FLAGS_COMMON = -nostdlib --pie
+-DEFINE GCC_DLINK2_FLAGS_COMMON = -Wl,--script=$(EDK_TOOLS_PATH)/Scripts/GccBase.lds
++DEFINE GCC_DLINK2_FLAGS_COMMON = -fuse-ld=bfd -Wl,--script=$(EDK_TOOLS_PATH)/Scripts/GccBase.lds
+ DEFINE GCC_IA32_X64_DLINK_COMMON = DEF(GCC_DLINK_FLAGS_COMMON) --gc-sections
+ DEFINE GCC_ARM_AARCH64_DLINK_COMMON= -Wl,--emit-relocs -nostdlib -Wl,--gc-sections -u $(IMAGE_ENTRY_POINT) -Wl,-e,$(IMAGE_ENTRY_POINT),-Map,$(DEST_DIR_DEBUG)/$(BASE_NAME).map
+ DEFINE GCC_LOONGARCH64_DLINK_COMMON= -Wl,--emit-relocs -nostdlib -Wl,--gc-sections -u $(IMAGE_ENTRY_POINT) -Wl,-e,$(IMAGE_ENTRY_POINT),-Map,$(DEST_DIR_DEBUG)/$(BASE_NAME).map
diff --git a/meta-arm/recipes-bsp/uefi/sbsa-acs_7.1.4.bb b/meta-arm/recipes-bsp/uefi/sbsa-acs_7.1.4.bb new file mode 100644 index 00000000..a29c16ec --- /dev/null +++ b/meta-arm/recipes-bsp/uefi/sbsa-acs_7.1.4.bb @@ -0,0 +1,31 @@ +require recipes-bsp/uefi/edk2-firmware_202402.bb +PROVIDES:remove = "virtual/bootloader" + +LICENSE += "& Apache-2.0" +LIC_FILES_CHKSUM += "file://ShellPkg/Application/sbsa-acs/LICENSE.md;md5=2a944942e1496af1886903d274dedb13" + +SRC_URI += "git://github.com/ARM-software/sbsa-acs;destsuffix=edk2/ShellPkg/Application/sbsa-acs;protocol=https;branch=master;name=acs \ + git://github.com/tianocore/edk2-libc;destsuffix=edk2/edk2-libc;protocol=https;branch=master;name=libc \ + file://0001-Patch-in-the-paths-to-the-SBSA-test-suite.patch \ + file://0002-Enforce-using-good-old-BFD-linker.patch \ + " + +SRCREV_acs = "be169f0008d86341e1e48cb70d524bd1518c3acc" +SRCREV_libc = "4667a82f0d873221f8b25ea701ce57a29270e4cb" + +UPSTREAM_CHECK_URI = "https://github.com/ARM-software/sbsa-acs/releases" + +COMPATIBLE_HOST = "aarch64.*-linux" +COMPATIBLE_MACHINE = "" +PACKAGE_ARCH = "${TUNE_PKGARCH}" + +EDK2_PLATFORM = "Shell" +EDK2_PLATFORM_DSC = "ShellPkg/ShellPkg.dsc" +EDK2_EXTRA_BUILD = "--module ShellPkg/Application/sbsa-acs/uefi_app/SbsaAvs.inf" + +PACKAGES_PATH .= ":${S}/edk2-libc" + +do_install() { + install -d ${D}/firmware + install ${B}/Build/${EDK2_PLATFORM}/${EDK2_BUILD_MODE}_${EDK_COMPILER}/*/Sbsa.efi ${D}/firmware/ +} |