diff options
Diffstat (limited to 'meta-arm')
181 files changed, 4063 insertions, 2036 deletions
diff --git a/meta-arm/classes/apply_local_src_patches.bbclass b/meta-arm/classes/apply_local_src_patches.bbclass new file mode 100644 index 00000000..0897b51b --- /dev/null +++ b/meta-arm/classes/apply_local_src_patches.bbclass @@ -0,0 +1,53 @@ +# This class is to be inherited by recipes where there are patches located inside +# the fetched source code which need to be applied. + +# The following variables need to be set: +# LOCAL_SRC_PATCHES_INPUT_DIR is the directory from where the patches are located +# LOCAL_SRC_PATCHES_DEST_DIR is the directory where the patches will be applied + +do_patch[depends] += "quilt-native:do_populate_sysroot" + +LOCAL_SRC_PATCHES_INPUT_DIR ??= "" +LOCAL_SRC_PATCHES_DEST_DIR ??= "${LOCAL_SRC_PATCHES_INPUT_DIR}" + +python() { + if not d.getVar('LOCAL_SRC_PATCHES_INPUT_DIR'): + bb.warn("LOCAL_SRC_PATCHES_INPUT_DIR variable needs to be set.") +} + +apply_local_src_patches() { + + input_dir="$1" + dest_dir="$2" + + if [ ! -d "$input_dir" ] ; then + bbfatal "LOCAL_SRC_PATCHES_INPUT_DIR=$input_dir not found." + fi + + if [ ! -d "$dest_dir" ] ; then + bbfatal "LOCAL_SRC_PATCHES_DEST_DIR=$dest_dir not found." + fi + + cd $dest_dir + export QUILT_PATCHES=./patches-extra + mkdir -p patches-extra + + bbdebug 1 "Looking for patches in $input_dir" + for patch in $(find $input_dir -type f -name *.patch -or -name *.diff | sort) + do + patch_basename=`basename $patch` + if ! quilt applied $patch_basename >/dev/null ; then + bbdebug 1 "Applying $patch_basename in $dest_dir." + echo $patch_basename >> patches-extra/series + cp $patch patches-extra + quilt push $patch_basename + else + bbdebug 1 "$patch_basename already applied." + fi + done +} + +do_apply_local_src_patches() { + apply_local_src_patches "${LOCAL_SRC_PATCHES_INPUT_DIR}" "${LOCAL_SRC_PATCHES_DEST_DIR}" +} +do_patch[postfuncs] += "do_apply_local_src_patches" diff --git a/meta-arm/classes/fvpboot.bbclass b/meta-arm/classes/fvpboot.bbclass new file mode 100644 index 00000000..3159cd43 --- /dev/null +++ b/meta-arm/classes/fvpboot.bbclass @@ -0,0 +1,94 @@ +# Image class to write .fvpconf files for use with runfvp. If this is desired +# then add fvpboot to IMAGE_CLASSES, and set the variables below in your machine +# configuration as appropriate. + +# Name of recipe providing FVP executable. If unset then the executable must be installed on the host. +FVP_PROVIDER ?= "" +# Name of FVP executable to run +FVP_EXE ?= "" +# Flags for --parameter/-C +FVP_CONFIG ?= "" +# Flags for --data +FVP_DATA ?= "" +# Flags for --application +FVP_APPLICATIONS ?= "" +# Flags to name serial terminals. Flag name is the terminal id (such as +# terminal_0), value is a human-readable name. If the name is not set +# then runfvp will hide the terminal. +FVP_TERMINALS ?= "" +# What terminal should be considered the primary console +FVP_CONSOLE ?= "" +# Flags for console names, as they appear in the FVP output. Flag name is an +# application-specific id for the console for use in test cases +FVP_CONSOLES[default] ?= "${FVP_CONSOLE}" +# Arbitrary extra arguments +FVP_EXTRA_ARGS ?= "" +# Bitbake variables to pass to the FVP environment +FVP_ENV_PASSTHROUGH ?= "FASTSIM_DISABLE_TA ARMLMD_LICENSE_FILE" +FVP_ENV_PASSTHROUGH[vardeps] = "${FVP_ENV_PASSTHROUGH}" +# Disable timing annotation by default +FASTSIM_DISABLE_TA ?= "1" + +EXTRA_IMAGEDEPENDS += "${FVP_PROVIDER}" + +IMAGE_CLASSES += "image-artifact-names" + +IMAGE_POSTPROCESS_COMMAND += "do_write_fvpboot_conf;" +python do_write_fvpboot_conf() { + # Note that currently this JSON file is in development and the format may + # change at any point, so it should always be used with a matching runfvp. + + import json, shlex + + if not d.getVar("FVP_EXE"): + return + + conffile = os.path.join(d.getVar("IMGDEPLOYDIR"), d.getVar("IMAGE_NAME") + ".fvpconf") + conffile_link = os.path.join(d.getVar("IMGDEPLOYDIR"), d.getVar("IMAGE_LINK_NAME") + ".fvpconf") + + data = {} + provider = d.getVar("FVP_PROVIDER") + if provider: + data["provider"] = provider + data["fvp-bindir"] = os.path.join(d.getVar("COMPONENTS_DIR"), + d.getVar("BUILD_ARCH"), + provider, + "usr", "bin") + + def getFlags(varname): + flags = d.getVarFlags(varname) + # For unexplained reasons, getVarFlags() returns None if there are no flags + if flags is None: + return {} + # For other reasons, you can't pass expand=True + return {key: d.expand(value) for key, value in flags.items()} + + data["exe"] = d.getVar("FVP_EXE") + data["parameters"] = getFlags("FVP_CONFIG") + data["data"] = shlex.split(d.getVar("FVP_DATA") or "") + data["applications"] = getFlags("FVP_APPLICATIONS") + data["consoles"] = getFlags("FVP_CONSOLES") + data["terminals"] = getFlags("FVP_TERMINALS") + data["args"] = shlex.split(d.getVar("FVP_EXTRA_ARGS") or "") + + data["env"] = {} + for var in d.getVar("FVP_ENV_PASSTHROUGH").split(): + if d.getVar(var) is not None: + data["env"][var] = d.getVar(var) + + os.makedirs(os.path.dirname(conffile), exist_ok=True) + with open(conffile, "wt") as f: + json.dump(data, f) + + if conffile_link != conffile: + if os.path.lexists(conffile_link): + os.remove(conffile_link) + os.symlink(os.path.basename(conffile), conffile_link) +} + +def fvpboot_vars(d): + vars = ['DEPLOY_DIR_IMAGE', 'IMAGE_NAME', 'IMAGE_LINK_NAME', 'COMPONENTS_DIR', 'BUILD_ARCH'] + vars.extend((k for k in d.keys() if k.startswith('FVP_'))) + return " ".join(vars) + +do_write_fvpboot_conf[vardeps] += "${@fvpboot_vars(d)}" diff --git a/meta-arm/classes/tfm_sign_image.bbclass b/meta-arm/classes/tfm_sign_image.bbclass new file mode 100644 index 00000000..24df7682 --- /dev/null +++ b/meta-arm/classes/tfm_sign_image.bbclass @@ -0,0 +1,86 @@ +# Functionality to sign binary images using the wrapper script bundled with +# TF-M. Signed images are written to the deploy directory by default. +# To use: +# * Inherit this class +# * Override the do_sign_images task +# * Write the signing logic, which may call the function sign_host_image, +# described below + +inherit python3native + +# The output and working directory +TFM_IMAGE_SIGN_DIR = "${WORKDIR}/tfm-signed-images" +TFM_IMAGE_SIGN_DEPLOY_DIR = "${WORKDIR}/deploy-tfm-signed-images" + +SSTATETASKS += "do_sign_images" +do_sign_images[sstate-inputdirs] = "${TFM_IMAGE_SIGN_DEPLOY_DIR}" +do_sign_images[sstate-outputdirs] = "${DEPLOY_DIR_IMAGE}" +do_sign_images[dirs] = "${TFM_IMAGE_SIGN_DEPLOY_DIR} ${TFM_IMAGE_SIGN_DIR}" +do_sign_images[cleandirs] = "${TFM_IMAGE_SIGN_DEPLOY_DIR} ${TFM_IMAGE_SIGN_DIR}" +do_sign_images[stamp-extra-info] = "${MACHINE_ARCH}" +tfm_sign_image_do_sign_images() { + : +} +addtask sign_images after do_prepare_recipe_sysroot before do_image +EXPORT_FUNCTIONS do_sign_images + +python do_sign_images_setscene () { + sstate_setscene(d) +} +addtask do_sign_images_setscene + +DEPENDS += "trusted-firmware-m-scripts-native" + +# python3-cryptography needs the legacy provider, so set OPENSSL_MODULES to the +# right path until this is relocated automatically. +export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules" + +# The arguments passed to the TF-M image signing script. Override this variable +# in an image recipe to customize the arguments. +TFM_IMAGE_SIGN_ARGS ?= "\ + -v ${RE_LAYOUT_WRAPPER_VERSION} \ + --layout "${TFM_IMAGE_SIGN_DIR}/${host_binary_layout}" \ + -k "${RECIPE_SYSROOT_NATIVE}/${TFM_SIGN_PRIVATE_KEY}" \ + --public-key-format full \ + --align 1 \ + --pad \ + --pad-header \ + --measured-boot-record \ + -H ${RE_IMAGE_OFFSET} \ + -s auto \ +" + +# +# sign_host_image +# +# Description: +# +# A generic function that signs a host image +# using MCUBOOT format +# +# Arguments: +# +# $1 ... path of binary to sign +# $2 ... load address of the given binary +# $3 ... signed binary size +# +# Note: The signed binary is copied to ${TFM_IMAGE_SIGN_DIR} +# +sign_host_image() { + host_binary_filename="$(basename -s .bin "${1}")" + host_binary_layout="${host_binary_filename}_ns" + + cat << EOF > ${TFM_IMAGE_SIGN_DIR}/${host_binary_layout} +enum image_attributes { + RE_IMAGE_LOAD_ADDRESS = ${2}, + RE_SIGN_BIN_SIZE = ${3}, +}; +EOF + + host_binary_signed="${TFM_IMAGE_SIGN_DEPLOY_DIR}/signed_$(basename "${1}")" + + ${PYTHON} "${STAGING_LIBDIR_NATIVE}/tfm-scripts/wrapper/wrapper.py" \ + ${TFM_IMAGE_SIGN_ARGS} \ + "${1}" \ + "${host_binary_signed}" +} diff --git a/meta-arm/classes/uefi_capsule.bbclass b/meta-arm/classes/uefi_capsule.bbclass new file mode 100644 index 00000000..a0709c0f --- /dev/null +++ b/meta-arm/classes/uefi_capsule.bbclass @@ -0,0 +1,52 @@ +# This class generates UEFI capsules +# The current class supports generating a capsule with single firmware binary + +IMAGE_TYPES += "uefi_capsule" + +# u-boot-tools should be installed in the native sysroot directory +do_image_uefi_capsule[depends] += "u-boot-tools-native:do_populate_sysroot" + +# By default the wic image is used to create a capsule +CAPSULE_IMGTYPE ?= "wic" + +# IMGDEPLOYDIR is used as the default location of firmware binary for which the capsule needs to be created +CAPSULE_IMGLOCATION ?= "${IMGDEPLOYDIR}" + +# The generated capsule by default has uefi.capsule extension +CAPSULE_EXTENSION ?= "uefi.capsule" + +# The generated capsule's name by default is the same as UEFI_FIRMWARE_BINARY +CAPSULE_NAME ?= "${UEFI_FIRMWARE_BINARY}" + +# The following variables must be set to be able to generate a capsule update +CAPSULE_CERTIFICATE_PATH ?= "" +CAPSULE_FW_VERSION ?= "" +CAPSULE_GUID ?= "" +CAPSULE_INDEX ?= "" +CAPSULE_MONOTONIC_COUNT ?= "" +CAPSULE_PRIVATE_KEY_PATH ?= "" +UEFI_FIRMWARE_BINARY ?= "" + +# Check if the required variables are set +python() { + for var in ["CAPSULE_CERTIFICATE_PATH", "CAPSULE_FW_VERSION", \ + "CAPSULE_GUID", "CAPSULE_INDEX", \ + "CAPSULE_MONOTONIC_COUNT", "CAPSULE_PRIVATE_KEY_PATH", \ + "UEFI_FIRMWARE_BINARY"]: + if not d.getVar(var): + raise bb.parse.SkipRecipe(f"{var} not set") +} + +IMAGE_CMD:uefi_capsule(){ + mkeficapsule --certificate ${CAPSULE_CERTIFICATE_PATH} \ + --fw-version ${CAPSULE_FW_VERSION} \ + --guid ${CAPSULE_GUID} \ + --index ${CAPSULE_INDEX} \ + --monotonic-count ${CAPSULE_MONOTONIC_COUNT} \ + --private-key ${CAPSULE_PRIVATE_KEY_PATH} \ + ${UEFI_FIRMWARE_BINARY} \ + ${CAPSULE_IMGLOCATION}/${CAPSULE_NAME}.${CAPSULE_EXTENSION} +} + +# The firmware binary should be created before generating the capsule +IMAGE_TYPEDEP:uefi_capsule:append = "${CAPSULE_IMGTYPE}" diff --git a/meta-arm/conf/layer.conf b/meta-arm/conf/layer.conf index 9ee87493..9e9c9dbd 100644 --- a/meta-arm/conf/layer.conf +++ b/meta-arm/conf/layer.conf @@ -13,4 +13,11 @@ LAYERDEPENDS_meta-arm = " \ core \ arm-toolchain \ " -LAYERSERIES_COMPAT_meta-arm = "hardknott" +LAYERSERIES_COMPAT_meta-arm = "nanbield scarthgap" + +# runfvp --console needs telnet, so pull this in for testimage. +HOSTTOOLS_NONFATAL += "telnet" + +addpylib ${LAYERDIR}/lib oeqa + +WARN_QA:append:layer-meta-arm = " patch-status" diff --git a/meta-arm/conf/machine/generic-arm64.conf b/meta-arm/conf/machine/generic-arm64.conf deleted file mode 100644 index 05b3e70c..00000000 --- a/meta-arm/conf/machine/generic-arm64.conf +++ /dev/null @@ -1,23 +0,0 @@ -#@TYPE: Machine -#@NAME: generic-arm64 -#@DESCRIPTION: Generic Arm64 machine for creating rootfs that should work on all arm64 hardware - -require conf/machine/include/arm/arch-armv8a.inc - -SERIAL_CONSOLES ?= "115200;ttyAMA0" -SERIAL_CONSOLES_CHECK = "${SERIAL_CONSOLES}" - -PREFERRED_PROVIDER_virtual/kernel ?= "linux-yocto" -PREFERRED_VERSION_linux-yocto ?= "5.10%" - -KERNEL_IMAGETYPE = "Image" - -IMAGE_BOOT_FILES = "${KERNEL_IMAGETYPE}" -IMAGE_FSTYPES ?= "wic" - -WKS_FILE ?= "mkefidisk.wks" - -MACHINE_FEATURES += "efi" - -KBUILD_DEFCONFIG = "defconfig" -KCONFIG_MODE = "--alldefconfig" diff --git a/meta-arm/conf/machine/microbit-v1.conf b/meta-arm/conf/machine/microbit-v1.conf deleted file mode 100644 index b247d6ed..00000000 --- a/meta-arm/conf/machine/microbit-v1.conf +++ /dev/null @@ -1,23 +0,0 @@ -#@TYPE: Machine -#@NAME: microbit_v1 -#@DESCRIPTION: Machine for BBC Microbit v1, Zephyr BOARD qemu_cortex_m0 - -require conf/machine/include/qemu.inc -require conf/machine/include/tune-cortex-m0.inc - -MACHINEOVERRIDES =. "nordic:" - -# GLIBC will not work with Cortex-M. -TCLIBC = "newlib" - -# For runqemu -QB_SYSTEM_NAME = "qemu-system-arm" -QB_MACHINE = "-machine microbit" -QB_CPU = "-cpu cortex-m0" -QB_OPT_APPEND = "-nographic -vga none" -QB_RNG = "" - -# Zephyr RTOS settings -ZEPHYR_BOARD = "qemu_cortex_m0" -ZEPHYR_INHERIT_CLASSES += "zephyr-qemuboot" -ARCH_qemu-cortex-m0 = "arm" diff --git a/meta-arm/conf/machine/qemu-cortex-a53.conf b/meta-arm/conf/machine/qemu-cortex-a53.conf deleted file mode 100644 index 228002cd..00000000 --- a/meta-arm/conf/machine/qemu-cortex-a53.conf +++ /dev/null @@ -1,19 +0,0 @@ -#@TYPE: Machine -#@NAME: qemu-cortex-a53 -#@DESCRIPTION: Machine for Zephyr BOARD qemu_cortex_a53 - -require conf/machine/include/qemu.inc -require conf/machine/include/tune-cortexa53.inc - -TCLIBC = "newlib" - -# For runqemu -QB_SYSTEM_NAME = "qemu-system-aarch64" -QB_MACHINE = "-machine virt" -QB_CPU = "-cpu cortex-a53" -QB_OPT_APPEND = "-nographic -vga none" - -# Zephyr RTOS settings -ZEPHYR_BOARD = "qemu_cortex_a53" -ZEPHYR_INHERIT_CLASSES += "zephyr-qemuboot" -ARCH_qemu-cortex-a53 = "aarch64" diff --git a/meta-arm/conf/machine/qemuarm-secureboot.conf b/meta-arm/conf/machine/qemuarm-secureboot.conf new file mode 100644 index 00000000..f08b84fe --- /dev/null +++ b/meta-arm/conf/machine/qemuarm-secureboot.conf @@ -0,0 +1,23 @@ +MACHINEOVERRIDES =. "qemuarm:" + +require ${COREBASE}/meta/conf/machine/qemuarm.conf + +# secure=on can't ever use KVM, so force it off +QEMU_USE_KVM = "" + +QB_MACHINE = "-machine virt,highmem=off,secure=on" +QB_MEM = "-m 1024" +QB_DEFAULT_FSTYPE = "wic.qcow2" +QB_DEFAULT_BIOS = "flash.bin" +QB_FSINFO = "wic:no-kernel-in-fs" +QB_ROOTFS_OPT = "" +QB_KERNEL_ROOT = "/dev/vda2" +QB_KERNEL_CMDLINE_APPEND = "" + +IMAGE_FSTYPES += "wic wic.qcow2" + +WKS_FILE ?= "qemuarm.wks" +WKS_FILE_DEPENDS = "trusted-firmware-a" +IMAGE_BOOT_FILES = "${KERNEL_IMAGETYPE}" + +MACHINE_FEATURES += "optee-ftpm" diff --git a/meta-arm/conf/machine/qemuarm64-sbsa.conf b/meta-arm/conf/machine/qemuarm64-sbsa.conf deleted file mode 100644 index d2ac56c2..00000000 --- a/meta-arm/conf/machine/qemuarm64-sbsa.conf +++ /dev/null @@ -1,30 +0,0 @@ -#@TYPE: Machine -#@NAME: qemuarm64_sbsa -#@DESCRIPTION: QEMU Machine for Arm Server Base System Architecture - -MACHINEOVERRIDES =. "qemuarm64:" - -require ${COREBASE}/meta/conf/machine/qemuarm64.conf - -KMACHINE = "qemuarm64" - -QB_MACHINE = "-machine sbsa-ref" -QB_MEM = "-m 1024" -QB_DEFAULT_FSTYPE = "wic.qcow2" -QB_NETWORK_DEVICE = "" -QB_DRIVE_TYPE = "/dev/hd" -QB_ROOTFS_OPT = "-drive file=@ROOTFS@,if=ide,format=qcow2" -QB_DEFAULT_KERNEL = "none" -QB_OPT_APPEND = "-device qemu-xhci -device usb-tablet -device usb-kbd" - -IMAGE_BOOT_FILES = "${KERNEL_IMAGETYPE}" -IMAGE_FSTYPES += "wic wic.qcow2" - -WKS_FILE ?= "mkefidisk.wks" - -MACHINE_FEATURES += "efi" - -EXTRA_IMAGEDEPENDS += "edk2-firmware" - -KBUILD_DEFCONFIG = "defconfig" -KCONFIG_MODE = "--alldefconfig" diff --git a/meta-arm/conf/machine/qemuarm64-secureboot.conf b/meta-arm/conf/machine/qemuarm64-secureboot.conf index fe19ed27..55c4cab4 100644 --- a/meta-arm/conf/machine/qemuarm64-secureboot.conf +++ b/meta-arm/conf/machine/qemuarm64-secureboot.conf @@ -4,7 +4,8 @@ require ${COREBASE}/meta/conf/machine/qemuarm64.conf KMACHINE = "qemuarm64" -UBOOT_MACHINE = "qemu_arm64_defconfig" +# secure=on can't ever use KVM, so force it off +QEMU_USE_KVM = "" QB_MACHINE = "-machine virt,secure=on" QB_OPT_APPEND += "-no-acpi" @@ -13,9 +14,12 @@ QB_DEFAULT_FSTYPE = "wic.qcow2" QB_DEFAULT_BIOS = "flash.bin" QB_FSINFO = "wic:no-kernel-in-fs" QB_ROOTFS_OPT = "" +QB_KERNEL_ROOT = "/dev/vda2" IMAGE_FSTYPES += "wic wic.qcow2" WKS_FILE ?= "qemuarm64.wks" WKS_FILE_DEPENDS = "trusted-firmware-a" IMAGE_BOOT_FILES = "${KERNEL_IMAGETYPE}" + +MACHINE_FEATURES += "optee-ftpm" diff --git a/meta-arm/conf/multiconfig/firmware.conf b/meta-arm/conf/multiconfig/firmware.conf new file mode 100644 index 00000000..95de4d24 --- /dev/null +++ b/meta-arm/conf/multiconfig/firmware.conf @@ -0,0 +1,13 @@ +# Config that can be used to build firmware in a seperate tmp area +# and with a smaller libc enabled by default + +DISTROOVERRIDES = "firmware" + +TMPDIR:append = "_${MACHINE}" +TCLIBC="musl" + +# Ignore the testimage flags to include ssh-server-dropbear +IMAGE_CLASSES:remove = "testimage" +IMAGE_FEATURES:remove = "ssh-server-dropbear" +CORE_IMAGE_EXTRA_INSTALL:remove = "ssh-pregen-hostkeys" +TESTIMAGE_AUTO = "0" diff --git a/meta-arm/lib/fvp/__init__.py b/meta-arm/lib/fvp/__init__.py new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/meta-arm/lib/fvp/__init__.py diff --git a/meta-arm/lib/fvp/conffile.py b/meta-arm/lib/fvp/conffile.py new file mode 100644 index 00000000..603851d1 --- /dev/null +++ b/meta-arm/lib/fvp/conffile.py @@ -0,0 +1,59 @@ +import json +import pathlib +import os + + +def get_image_directory(machine=None): + """ + Get the DEPLOY_DIR_IMAGE for the specified machine + (or the configured machine if not set). + """ + try: + import bb.tinfoil + except ImportError as e: + raise RuntimeError("Cannot connect to BitBake, did you oe-init-build-env?") from e + + if machine: + os.environ["MACHINE"] = machine + + with bb.tinfoil.Tinfoil() as tinfoil: + tinfoil.prepare(config_only=True) + image_dir = tinfoil.config_data.getVar("DEPLOY_DIR_IMAGE") + return pathlib.Path(image_dir) + +def find(machine): + image_dir = get_image_directory(machine) + # All .fvpconf configuration files + configs = image_dir.glob("*.fvpconf") + # Just the files + configs = [p for p in configs if p.is_file() and not p.is_symlink()] + if not configs: + print(f"Cannot find any .fvpconf in {image_dir}") + raise RuntimeError() + # Sorted by modification time + configs = sorted(configs, key=lambda p: p.stat().st_mtime) + return configs[-1] + + +def load(config_file): + with open(config_file) as f: + config = json.load(f) + + # Ensure that all expected keys are present + def sanitise(key, value): + if key not in config or config[key] is None: + config[key] = value + sanitise("fvp-bindir", "") + sanitise("exe", "") + sanitise("parameters", {}) + sanitise("data", {}) + sanitise("applications", {}) + sanitise("terminals", {}) + sanitise("args", []) + sanitise("consoles", {}) + sanitise("env", {}) + + if not config["exe"]: + raise ValueError("Required value FVP_EXE not set in machine configuration") + + return config diff --git a/meta-arm/lib/fvp/runner.py b/meta-arm/lib/fvp/runner.py new file mode 100644 index 00000000..e7c13585 --- /dev/null +++ b/meta-arm/lib/fvp/runner.py @@ -0,0 +1,172 @@ +import re +import subprocess +import os +import shlex +import shutil +import sys + +from .terminal import terminals +from .conffile import load + +def cli_from_config(config, terminal_choice): + cli = [] + if config["fvp-bindir"]: + cli.append(os.path.join(config["fvp-bindir"], config["exe"])) + else: + cli.append(config["exe"]) + + for param, value in config["parameters"].items(): + cli.extend(["--parameter", f"{param}={value}"]) + + for value in config["data"]: + cli.extend(["--data", value]) + + for param, value in config["applications"].items(): + cli.extend(["--application", f"{param}={value}"]) + + for terminal, name in config["terminals"].items(): + # If terminals are enabled and this terminal has been named + if terminal_choice != "none" and name: + # TODO if raw mode + # cli.extend(["--parameter", f"{terminal}.mode=raw"]) + # TODO put name into terminal title + cli.extend(["--parameter", f"{terminal}.terminal_command={terminals[terminal_choice].command}"]) + else: + # Disable terminal + cli.extend(["--parameter", f"{terminal}.start_telnet=0"]) + + cli.extend(config["args"]) + + return cli + +def check_telnet(): + # Check that telnet is present + if not bool(shutil.which("telnet")): + raise RuntimeError("Cannot find telnet, this is needed to connect to the FVP.") + + +class ConsolePortParser: + def __init__(self, lines): + self._lines = lines + self._console_ports = {} + + def parse_port(self, console): + if console in self._console_ports: + return self._console_ports[console] + + while True: + try: + line = next(self._lines).strip().decode(errors='ignore') + m = re.match(r"^(\S+): Listening for serial connection on port (\d+)$", line) + if m: + matched_console = m.group(1) + matched_port = int(m.group(2)) + if matched_console == console: + return matched_port + else: + self._console_ports[matched_console] = matched_port + except StopIteration: + # self._lines might be a growing log file + pass + + +# This function is backported from Python 3.8. Remove it and replace call sites +# with shlex.join once OE-core support for earlier Python versions is dropped. +def shlex_join(split_command): + """Return a shell-escaped string from *split_command*.""" + return ' '.join(shlex.quote(arg) for arg in split_command) + + +class FVPRunner: + def __init__(self, logger): + self._logger = logger + self._fvp_process = None + self._telnets = [] + self._pexpects = [] + self._config = None + + def start(self, fvpconf, extra_args=[], terminal_choice="none", stdout=subprocess.PIPE): + self._logger.debug(f"Loading {fvpconf}") + self._config = load(fvpconf) + + cli = cli_from_config(self._config, terminal_choice) + cli += extra_args + + # Pass through environment variables needed for GUI applications, such + # as xterm, to work. + env = self._config['env'] + for name in ('DISPLAY', 'PATH', 'WAYLAND_DISPLAY', 'XAUTHORITY'): + if name in os.environ: + env[name] = os.environ[name] + + # Allow filepath to be relative to fvp configuration file + cwd = os.path.dirname(fvpconf) or None + self._logger.debug(f"FVP call will be executed in working directory: {cwd}") + + self._logger.debug(f"Constructed FVP call: {shlex_join(cli)}") + self._fvp_process = subprocess.Popen( + cli, + stdin=subprocess.DEVNULL, stdout=stdout, stderr=subprocess.STDOUT, + env=env, + cwd=cwd) + + def stop(self): + if self._fvp_process: + self._logger.debug(f"Terminating FVP PID {self._fvp_process.pid}") + try: + self._fvp_process.terminate() + self._fvp_process.wait(10.0) + except subprocess.TimeoutExpired: + self._logger.debug(f"Killing FVP PID {self._fvp_process.pid}") + self._fvp_process.kill() + except ProcessLookupError: + pass + + for telnet in self._telnets: + try: + telnet.terminate() + telnet.wait(10.0) + except subprocess.TimeoutExpired: + telnet.kill() + except ProcessLookupError: + pass + + for console in self._pexpects: + import pexpect + # Ensure pexpect logs all remaining output to the logfile + console.expect(pexpect.EOF, timeout=5.0) + console.close() + + if self._fvp_process and self._fvp_process.returncode and \ + self._fvp_process.returncode > 0: + # Return codes < 0 indicate that the process was explicitly + # terminated above. + self._logger.info(f"FVP quit with code {self._fvp_process.returncode}") + return self._fvp_process.returncode + else: + return 0 + + def wait(self, timeout): + self._fvp_process.wait(timeout) + + def getConfig(self): + return self._config + + @property + def stdout(self): + return self._fvp_process.stdout + + def create_telnet(self, port): + check_telnet() + telnet = subprocess.Popen(["telnet", "localhost", str(port)], stdin=sys.stdin, stdout=sys.stdout) + self._telnets.append(telnet) + return telnet + + def create_pexpect(self, port, **kwargs): + import pexpect + instance = pexpect.spawn(f"telnet localhost {port}", **kwargs) + self._pexpects.append(instance) + return instance + + def pid(self): + return self._fvp_process.pid diff --git a/meta-arm/lib/fvp/terminal.py b/meta-arm/lib/fvp/terminal.py new file mode 100644 index 00000000..243d4fb1 --- /dev/null +++ b/meta-arm/lib/fvp/terminal.py @@ -0,0 +1,59 @@ +import shutil +import collections +import pathlib +import os + +from typing import List, Optional + + +def get_config_dir() -> pathlib.Path: + value = os.environ.get("XDG_CONFIG_HOME") + if value and os.path.isabs(value): + return pathlib.Path(value) + else: + return pathlib.Path.home() / ".config" + +class Terminals: + Terminal = collections.namedtuple("Terminal", ["priority", "name", "command"]) + + def __init__(self): + self.terminals = [] + + def add_terminal(self, priority, name, command): + self.terminals.append(Terminals.Terminal(priority, name, command)) + # Keep this list sorted by priority + self.terminals.sort(reverse=True, key=lambda t: t.priority) + self.name_map = {t.name: t for t in self.terminals} + + def configured_terminal(self) -> Optional[str]: + import configparser + + config = configparser.ConfigParser() + config.read(get_config_dir() / "runfvp.conf") + return config.get("RunFVP", "Terminal", fallback=None) + + def preferred_terminal(self) -> str: + import shlex + + preferred = self.configured_terminal() + if preferred: + return preferred + + for t in self.terminals: + if t.command and shutil.which(shlex.split(t.command)[0]): + return t.name + return self.terminals[-1].name + + def all_terminals(self) -> List[str]: + return self.name_map.keys() + + def __getitem__(self, name: str): + return self.name_map[name] + +terminals = Terminals() +# TODO: option to switch between telnet and netcat +connect_command = "telnet localhost %port" +terminals.add_terminal(2, "tmux", f"tmux new-window -n \"%title\" \"{connect_command}\"") +terminals.add_terminal(2, "gnome-terminal", f"gnome-terminal --window --title \"%title\" --command \"{connect_command}\"") +terminals.add_terminal(1, "xterm", f"xterm -title \"%title\" -e {connect_command}") +terminals.add_terminal(0, "none", None) diff --git a/meta-arm/lib/oeqa/controllers/__init__.py b/meta-arm/lib/oeqa/controllers/__init__.py new file mode 100644 index 00000000..df3c142a --- /dev/null +++ b/meta-arm/lib/oeqa/controllers/__init__.py @@ -0,0 +1,3 @@ +# This is needed so that multiple locations can provide the same package +from pkgutil import extend_path +__path__ = extend_path(__path__, __name__) diff --git a/meta-arm/lib/oeqa/controllers/fvp.py b/meta-arm/lib/oeqa/controllers/fvp.py new file mode 100644 index 00000000..80f72aab --- /dev/null +++ b/meta-arm/lib/oeqa/controllers/fvp.py @@ -0,0 +1,138 @@ +import contextlib +import enum +import pathlib +import pexpect +import os + +from oeqa.core.target.ssh import OESSHTarget +from fvp import runner + +class OEFVPTargetState(str, enum.Enum): + OFF = "off" + ON = "on" + LINUX = "linux" + + +class OEFVPTarget(OESSHTarget): + """ + For compatibility with OE-core test cases, this target's start() method + waits for a Linux shell before returning to ensure that SSH commands work + with the default test dependencies. + """ + DEFAULT_CONSOLE = "default" + + def __init__(self, logger, target_ip, server_ip, timeout=300, user='root', + port=None, dir_image=None, rootfs=None, bootlog=None, **kwargs): + super().__init__(logger, target_ip, server_ip, timeout, user, port) + image_dir = pathlib.Path(dir_image) + # rootfs may have multiple extensions so we need to strip *all* suffixes + basename = pathlib.Path(rootfs) + basename = basename.name.replace("".join(basename.suffixes), "") + self.fvpconf = image_dir / (basename + ".fvpconf") + if not self.fvpconf.exists(): + raise FileNotFoundError(f"Cannot find {self.fvpconf}") + + self.bootlog = bootlog + self.terminals = {} + self.stack = None + self.state = OEFVPTargetState.OFF + + def transition(self, state, timeout=10*60): + if state == self.state: + return + + if state == OEFVPTargetState.OFF: + returncode = self.fvp.stop() + self.logger.debug(f"Stopped FVP with return code {returncode}") + self.stack.close() + elif state == OEFVPTargetState.ON: + self.transition(OEFVPTargetState.OFF, timeout) + self.stack = contextlib.ExitStack() + self.fvp = runner.FVPRunner(self.logger) + self.fvp_log = self._create_logfile("fvp", "wb") + self.fvp.start(self.fvpconf, stdout=self.fvp_log) + self.logger.debug(f"Started FVP PID {self.fvp.pid()}") + self._setup_consoles() + elif state == OEFVPTargetState.LINUX: + self.transition(OEFVPTargetState.ON, timeout) + try: + self.expect(OEFVPTarget.DEFAULT_CONSOLE, "login\\:", timeout=timeout) + self.logger.debug("Found login prompt") + self.state = OEFVPTargetState.LINUX + except pexpect.TIMEOUT: + self.logger.info("Timed out waiting for login prompt.") + self.logger.info("Boot log follows:") + self.logger.info(b"\n".join(self.before(OEFVPTarget.DEFAULT_CONSOLE).splitlines()[-200:]).decode("utf-8", errors="replace")) + raise RuntimeError("Failed to start FVP.") + + self.logger.info(f"Transitioned to {state}") + self.state = state + + def start(self, **kwargs): + # No-op - put the FVP in the required state lazily + pass + + def stop(self, **kwargs): + self.transition(OEFVPTargetState.OFF) + + def run(self, cmd, timeout=None): + # Running a command implies the LINUX state + self.transition(OEFVPTargetState.LINUX) + return super().run(cmd, timeout) + + def _setup_consoles(self): + with open(self.fvp_log.name, 'rb') as logfile: + parser = runner.ConsolePortParser(logfile) + config = self.fvp.getConfig() + for name, console in config["consoles"].items(): + logfile = self._create_logfile(name) + self.logger.info(f'Creating terminal {name} on {console}') + port = parser.parse_port(console) + self.terminals[name] = \ + self.fvp.create_pexpect(port, logfile=logfile) + + # testimage.bbclass expects to see a log file at `bootlog`, + # so make a symlink to the 'default' log file + test_log_suffix = pathlib.Path(self.bootlog).suffix + default_test_file = f"{name}_log{test_log_suffix}" + if name == 'default' and not os.path.exists(self.bootlog): + os.symlink(default_test_file, self.bootlog) + + def _create_logfile(self, name, mode='ab'): + if not self.bootlog: + return None + + test_log_path = pathlib.Path(self.bootlog).parent + test_log_suffix = pathlib.Path(self.bootlog).suffix + fvp_log_file = f"{name}_log{test_log_suffix}" + fvp_log_path = pathlib.Path(test_log_path, fvp_log_file) + fvp_log_symlink = pathlib.Path(test_log_path, f"{name}_log") + try: + os.remove(fvp_log_symlink) + except: + pass + os.symlink(fvp_log_file, fvp_log_symlink) + return self.stack.enter_context(open(fvp_log_path, mode)) + + def _get_terminal(self, name): + return self.terminals[name] + + def __getattr__(self, name): + """ + Magic method which automatically exposes the whole pexpect API on the + target, with the first argument being the terminal name. + + e.g. self.target.expect(self.target.DEFAULT_CONSOLE, "login\\:") + """ + def call_pexpect(terminal, *args, **kwargs): + attr = getattr(self.terminals[terminal], name) + if callable(attr): + return attr(*args, **kwargs) + else: + return attr + + return call_pexpect + + @property + def config(self): + return self.fvp.getConfig() diff --git a/meta-arm/lib/oeqa/runtime/cases/ftpm.py b/meta-arm/lib/oeqa/runtime/cases/ftpm.py new file mode 100644 index 00000000..1fd3cf88 --- /dev/null +++ b/meta-arm/lib/oeqa/runtime/cases/ftpm.py @@ -0,0 +1,41 @@ +# +# SPDX-License-Identifier: MIT +# + +import os + +from oeqa.runtime.case import OERuntimeTestCase +from oeqa.core.decorator.oetimeout import OETimeout + +class FtpmTestSuite(OERuntimeTestCase): + """ + Minimal test for optee-ftpm and ftpm kernel driver interfaces + """ + @OETimeout(200) + def test_ftpm(self): + # device files, need tee-supplicant fully initialized which takes some time + # and tests seem to run before boot is complete + cmd = "ls -l /dev/tpm0 /dev/tpmrm0 || ( runlevel; sleep 10; ls -l /dev/tpm0 /dev/tpmrm0 )" + status, output = self.target.run(cmd, timeout=60) + self.assertEqual(status, 0, msg='\n'.join([cmd, output])) + + # tpm version + cmd = "cat /sys/class/tpm/tpm0/tpm_version_major" + status, output = self.target.run(cmd, timeout=60) + self.assertEqual(status, 0, msg='\n'.join([cmd, output])) + self.assertEqual(output, "2", msg='\n'.join([cmd, output])) + + # sha384 pcrs + cmd = 'for c in $(seq 0 23); do cat /sys/class/tpm/tpm0/pcr-sha384/"${c}"; done' + status, output = self.target.run(cmd, timeout=60) + self.assertEqual(status, 0, msg='\n'.join([cmd, output])) + + # sha256 pcrs + cmd = 'for c in $(seq 0 23); do cat /sys/class/tpm/tpm0/pcr-sha256/"${c}"; done' + status, output = self.target.run(cmd, timeout=60) + self.assertEqual(status, 0, msg='\n'.join([cmd, output])) + + # sha1 pcrs + cmd = 'for c in $(seq 0 23); do cat /sys/class/tpm/tpm0/pcr-sha1/"${c}"; done' + status, output = self.target.run(cmd, timeout=60) + self.assertEqual(status, 0, msg='\n'.join([cmd, output])) diff --git a/meta-arm/lib/oeqa/runtime/cases/fvp_boot.py b/meta-arm/lib/oeqa/runtime/cases/fvp_boot.py new file mode 100644 index 00000000..dce52776 --- /dev/null +++ b/meta-arm/lib/oeqa/runtime/cases/fvp_boot.py @@ -0,0 +1,25 @@ +# SPDX-License-Identifier: MIT + +from oeqa.runtime.case import OERuntimeTestCase +import pexpect + + +class FVPBootTest(OERuntimeTestCase): + """ + This test waits for a Linux login prompt on the default console. It is + dependent on the OEFVPTarget test controller + """ + + def test_fvp_boot(self): + self.target.transition("off") + timeout = int(self.td.get('TEST_FVP_LINUX_BOOT_TIMEOUT') or 10*60) + self.target.transition("linux", timeout) + + # Check for common error patterns on all consoles + for console in self.target.config['consoles']: + # "expect" a timeout when searching for the error patterns + match = self.target.expect(console, + [br'(\[ERR\]|\[ERROR\]|ERROR\:)', + pexpect.TIMEOUT], + timeout=0) + self.assertEqual(match, 1) diff --git a/meta-arm/lib/oeqa/runtime/cases/fvp_devices.py b/meta-arm/lib/oeqa/runtime/cases/fvp_devices.py new file mode 100644 index 00000000..0246e76a --- /dev/null +++ b/meta-arm/lib/oeqa/runtime/cases/fvp_devices.py @@ -0,0 +1,130 @@ +from oeqa.runtime.case import OERuntimeTestCase +from oeqa.core.decorator.data import skipIfNotInDataVar +from oeqa.core.decorator.depends import OETestDepends + + +class FvpDevicesTest(OERuntimeTestCase): + def run_cmd(self, cmd, check=True): + """ + A wrapper around self.target.run, which: + * Fails the test on command failure by default + * Allows the "run" behavior to be overridden in sub-classes + """ + (status, output) = self.target.run(cmd) + if status and check: + self.fail("Command '%s' returned non-zero exit " + "status %d:\n%s" % (cmd, status, output)) + + return (status, output) + + def check_devices(self, cls, min_count, search_drivers): + # Find all the devices of the specified class + cmd = f'find "/sys/class/{cls}" -type l -maxdepth 1' + _, output = self.run_cmd(cmd) + + devices = output.split() + self.assertGreaterEqual(len(devices), + min_count, + msg='Device count is lower than expected') + + # Assert that at least one of the devices uses at least one of the + # drivers + drivers = set() + for device in devices: + cmd = f'basename "$(readlink "{device}/device/driver")"' + _, output = self.run_cmd(cmd) + drivers.update(output.split()) + + self.assertTrue(drivers & set(search_drivers), + msg='No device uses either of the drivers: ' + + str(search_drivers)) + + def check_rng(self, hw_random, dev): + cmd = f'cat {hw_random} | grep {dev}' + self.run_cmd(cmd) + + def set_cpu(self, cpu_num, flag): + # Issue echo command + self.run_cmd( + f'echo "{flag}" > "/sys/devices/system/cpu/cpu{cpu_num}/online"', + check = False, + ) + _, output = self.run_cmd( + f'cat "/sys/devices/system/cpu/cpu{cpu_num}/online"' + ) + + return output == flag + + def enable_cpu(self, cpu_num): + return self.set_cpu(cpu_num, "1") + + def disable_cpu(self, cpu_num): + return self.set_cpu(cpu_num, "0") + + @OETestDepends(['ssh.SSHTest.test_ssh']) + @skipIfNotInDataVar('TEST_FVP_DEVICES', 'cpu_hotplug', + 'cpu_hotplug not included in BSP tests') + def test_cpu_hotplug(self): + _, cpus = self.run_cmd('find /sys/firmware/devicetree/base/cpus/' + ' -name "cpu@*" -maxdepth 1 | wc -l') + + try: + count_cpus = int(cpus) + except ValueError: + self.fail(f"Expected number of CPUs, but found this:\n{cpus}") + + self.num_cpus = int(self.td.get('TEST_CPU_HOTPLUG_NUM_CPUS', + count_cpus)) + try: + # Test that all cores are online + _, cpus = self.run_cmd('grep -c "processor" /proc/cpuinfo') + self.assertEqual(int(cpus), self.num_cpus) + # Don't try to disable here the only cpu present in the system. + if self.num_cpus > 1: + # Test that we can stop each core individually + for i in range(self.num_cpus): + self.assertTrue(self.disable_cpu(i)) + self.assertTrue(self.enable_cpu(i)) + + # Test that we cannot disable all cores + for i in range(self.num_cpus - 1): + self.assertTrue(self.disable_cpu(i)) + # Disabling last core should trigger an error + self.assertFalse(self.disable_cpu(self.num_cpus - 1)) + finally: + # Ensure all CPUs are re-enabled + for i in range(self.num_cpus): + self.enable_cpu(i) + + @OETestDepends(['ssh.SSHTest.test_ssh']) + @skipIfNotInDataVar('TEST_FVP_DEVICES', 'rtc', + 'rtc device not included in BSP tests') + def test_rtc(self): + self.check_devices("rtc", 1, ["rtc-pl031"]) + self.run_cmd('hwclock') + + @OETestDepends(['ssh.SSHTest.test_ssh']) + @skipIfNotInDataVar('TEST_FVP_DEVICES', 'watchdog', + 'watchdog device not included in BSP tests') + def test_watchdog(self): + self.check_devices("watchdog", 1, ["sp805-wdt", "sbsa-gwdt"]) + + @OETestDepends(['ssh.SSHTest.test_ssh']) + @skipIfNotInDataVar('TEST_FVP_DEVICES', 'networking', + 'networking device not included in BSP tests') + def test_networking(self): + self.check_devices("net", 2, ["virtio_net", "vif"]) + + # Check that outbound network connections work + self.run_cmd('wget -O /dev/null "https://www.arm.com"') + + @OETestDepends(['ssh.SSHTest.test_ssh']) + @skipIfNotInDataVar('TEST_FVP_DEVICES', 'virtiorng', + 'virtiorng device not included in BSP tests') + def test_virtiorng(self): + self.check_rng('/sys/devices/virtual/misc/hw_random/rng_available', + 'virtio_rng.0') + self.check_rng('/sys/devices/virtual/misc/hw_random/rng_current', + 'virtio_rng.0') + + self.run_cmd('hexdump -n 32 /dev/hwrng') diff --git a/meta-arm/lib/oeqa/runtime/cases/optee.py b/meta-arm/lib/oeqa/runtime/cases/optee.py new file mode 100644 index 00000000..0a0bc31e --- /dev/null +++ b/meta-arm/lib/oeqa/runtime/cases/optee.py @@ -0,0 +1,24 @@ +# +# SPDX-License-Identifier: MIT +# + +import os + +from oeqa.runtime.case import OERuntimeTestCase +from oeqa.runtime.decorator.package import OEHasPackage +from oeqa.core.decorator.oetimeout import OETimeout + +class OpteeTestSuite(OERuntimeTestCase): + """ + Run OP-TEE tests (xtest). + """ + @OETimeout(800) + @OEHasPackage(['optee-test']) + def test_opteetest_xtest(self): + # clear storage before executing tests + cmd = "xtest --clear-storage || true" + status, output = self.target.run(cmd, timeout=60) + self.assertEqual(status, 0, msg='\n'.join([cmd, output])) + cmd = "xtest" + status, output = self.target.run(cmd, timeout=600) + self.assertEqual(status, 0, msg='\n'.join([cmd, output])) diff --git a/meta-arm/lib/oeqa/runtime/cases/trusted_services.py b/meta-arm/lib/oeqa/runtime/cases/trusted_services.py new file mode 100644 index 00000000..54423999 --- /dev/null +++ b/meta-arm/lib/oeqa/runtime/cases/trusted_services.py @@ -0,0 +1,104 @@ +# + +from oeqa.runtime.case import OERuntimeTestCase +from oeqa.core.decorator.depends import OETestDepends +from oeqa.runtime.decorator.package import OEHasPackage +from oeqa.core.decorator.data import skipIfNotInDataVar + +class TrustedServicesTest(OERuntimeTestCase): + + def run_test_tool(self, cmd, expected_status=0, expected_output=None ): + """ Run a test utility """ + + status, output = self.target.run(cmd) + self.assertEqual(status, expected_status, msg='\n'.join([cmd, output])) + if expected_output is not None: + self.assertEqual(output, expected_output, msg='\n'.join([cmd, output])) + + @OEHasPackage(['ts-demo']) + @OETestDepends(['ssh.SSHTest.test_ssh']) + def test_00_ts_demo(self): + self.run_test_tool('ts-demo') + + @OEHasPackage(['ts-uefi-test']) + @OETestDepends(['ssh.SSHTest.test_ssh']) + def test_02_ts_uefi_test(self): + self.run_test_tool('uefi-test') + + @OEHasPackage(['ts-psa-crypto-api-test']) + @OETestDepends(['ssh.SSHTest.test_ssh']) + def test_03_psa_crypto_api_test(self): + self.run_test_tool('psa-crypto-api-test') + + @OEHasPackage(['ts-psa-its-api-test']) + @OETestDepends(['ssh.SSHTest.test_ssh']) + def test_04_psa_its_api_test(self): + self.run_test_tool('psa-its-api-test') + + @OEHasPackage(['ts-psa-ps-api-test']) + @OETestDepends(['ssh.SSHTest.test_ssh']) + def test_05_psa_ps_api_test(self): + self.run_test_tool('psa-ps-api-test') + + @OEHasPackage(['ts-psa-iat-api-test']) + @OETestDepends(['ssh.SSHTest.test_ssh']) + def test_06_psa_iat_api_test(self): + self.run_test_tool('psa-iat-api-test') + + @OEHasPackage(['ts-service-test']) + @OETestDepends(['ssh.SSHTest.test_ssh']) + def test_09_ts_service_grp_check(self): + # If this test fails, available test groups in ts-service-test have changed and all + # tests using the test executable need to be double checked to ensure test group to + # TS SP mapping is still valid. + test_grp_list="FwuServiceTests PsServiceTests ItsServiceTests AttestationProvisioningTests" + test_grp_list+=" AttestationServiceTests CryptoKeyDerivationServicePackedcTests" + test_grp_list+=" CryptoMacServicePackedcTests CryptoCipherServicePackedcTests" + test_grp_list+=" CryptoHashServicePackedcTests CryptoServicePackedcTests" + test_grp_list+=" CryptoServiceProtobufTests CryptoServiceLimitTests" + self.run_test_tool('ts-service-test -lg', expected_output=test_grp_list) + + @OEHasPackage(['optee-test']) + @skipIfNotInDataVar('MACHINE_FEATURES', 'optee-spmc-test', 'SPMC Test SPs are not included') + @OETestDepends(['ssh.SSHTest.test_ssh']) + def test_07_spmc_test(self): + self.run_test_tool('xtest -t ffa_spmc') + + @OEHasPackage(['ts-service-test']) + @skipIfNotInDataVar('MACHINE_FEATURES', 'ts-fwu', 'FWU SP is not included') + @OETestDepends(['ssh.SSHTest.test_ssh']) + def test_10_fwu_service_tests(self): + self.run_test_tool('ts-service-test -g FwuServiceTests') + + @OEHasPackage(['ts-service-test']) + @OETestDepends(['ssh.SSHTest.test_ssh']) + def test_11_ps_service_tests(self): + if 'ts-storage' not in self.tc.td['MACHINE_FEATURES'] and \ + 'ts-se-proxy' not in self.tc.td['MACHINE_FEATURES']: + self.skipTest('Storage SP is not deployed in the system.') + self.run_test_tool('ts-service-test -g PsServiceTests') + + @OEHasPackage(['ts-service-test']) + @OETestDepends(['ssh.SSHTest.test_ssh']) + def test_12_its_service_tests(self): + if 'ts-its' not in self.tc.td['MACHINE_FEATURES'] and \ + 'ts-se-proxy' not in self.tc.td['MACHINE_FEATURES']: + self.skipTest('Internal Storage SP is not deployed in the system.') + self.run_test_tool('ts-service-test -g ItsServiceTests') + + @OEHasPackage(['ts-service-test']) + @OETestDepends(['ssh.SSHTest.test_ssh']) + def test_14_attestation_service_tests(self): + if 'ts-attestation' not in self.tc.td['MACHINE_FEATURES'] and \ + 'ts-se-proxy' not in self.tc.td['MACHINE_FEATURES']: + self.skipTest('Attestation SP is not deployed in the system.') + self.run_test_tool('ts-service-test -g Attestation') + + @OEHasPackage(['ts-service-test']) + @skipIfNotInDataVar('MACHINE_FEATURES', 'ts-crypto', 'Crypto SP is not included') + @OETestDepends(['ssh.SSHTest.test_ssh']) + def test_15_crypto_service_tests(self): + if 'ts-crypto' not in self.tc.td['MACHINE_FEATURES'] and \ + 'ts-se-proxy' not in self.tc.td['MACHINE_FEATURES']: + self.skipTest('Crypto SP is not deployed in the system.') + self.run_test_tool('ts-service-test -g Crypto') diff --git a/meta-arm/lib/oeqa/selftest/cases/pacbti.py b/meta-arm/lib/oeqa/selftest/cases/pacbti.py new file mode 100644 index 00000000..40fe5e13 --- /dev/null +++ b/meta-arm/lib/oeqa/selftest/cases/pacbti.py @@ -0,0 +1,11 @@ +from oeqa.selftest.case import OESelftestTestCase +from oeqa.core.decorator import OETestTag +from oeqa.core.decorator.data import skipIfNotArch +from oeqa.utils.commands import bitbake + +@OETestTag("meta-arm") +class PacBtiTest(OESelftestTestCase): + + @skipIfNotArch(["aarch64"]) + def test_pac_bti(self): + bitbake("test-pacbti") diff --git a/meta-arm/lib/oeqa/selftest/cases/runfvp.py b/meta-arm/lib/oeqa/selftest/cases/runfvp.py new file mode 100644 index 00000000..c995f89e --- /dev/null +++ b/meta-arm/lib/oeqa/selftest/cases/runfvp.py @@ -0,0 +1,152 @@ +import os +import json +import pathlib +import subprocess +import tempfile +import unittest.mock + +from oeqa.selftest.case import OESelftestTestCase +from oeqa.core.decorator import OETestTag + +runfvp = pathlib.Path(__file__).parents[5] / "scripts" / "runfvp" +testdir = pathlib.Path(__file__).parent / "tests" + +@OETestTag("meta-arm") +class RunFVPTests(OESelftestTestCase): + def setUpLocal(self): + self.assertTrue(runfvp.exists()) + + def run_fvp(self, *args, env=None, should_succeed=True): + """ + Call runfvp passing any arguments. If check is True verify return stdout + on exit code 0 or fail the test, otherwise return the CompletedProcess + instance. + """ + cli = [runfvp,] + list(args) + print(f"Calling {cli}") + # Set cwd to testdir so that any mock FVPs are found + ret = subprocess.run(cli, cwd=testdir, env=env, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, universal_newlines=True) + if should_succeed: + self.assertEqual(ret.returncode, 0, f"runfvp exit {ret.returncode}, output: {ret.stdout}") + return ret.stdout + else: + self.assertNotEqual(ret.returncode, 0, f"runfvp exit {ret.returncode}, output: {ret.stdout}") + return ret.stdout + + def test_help(self): + output = self.run_fvp("--help") + self.assertIn("Run images in a FVP", output) + + def test_bad_options(self): + self.run_fvp("--this-is-an-invalid-option", should_succeed=False) + + def test_run_auto_tests(self): + cases = list(testdir.glob("auto-*.json")) + if not cases: + self.fail("No tests found") + for case in cases: + with self.subTest(case=case.stem): + self.run_fvp(case) + + def test_fvp_options(self): + # test-parameter sets one argument, add another manually + self.run_fvp(testdir / "test-parameter.json", "--", "--parameter", "board.dog=woof") + + def test_fvp_environment(self): + output = self.run_fvp(testdir / "test-environment.json", env={"DISPLAY": "test_fvp_environment:42"}) + self.assertEqual(output.strip(), "Found expected DISPLAY") + +@OETestTag("meta-arm") +class ConfFileTests(OESelftestTestCase): + def test_no_exe(self): + from fvp import conffile + with tempfile.NamedTemporaryFile('w') as tf: + tf.write('{}') + tf.flush() + + with self.assertRaises(ValueError): + conffile.load(tf.name) + + def test_minimal(self): + from fvp import conffile + with tempfile.NamedTemporaryFile('w') as tf: + tf.write('{"exe": "FVP_Binary"}') + tf.flush() + + conf = conffile.load(tf.name) + self.assertTrue('fvp-bindir' in conf) + self.assertTrue('fvp-bindir' in conf) + self.assertTrue("exe" in conf) + self.assertTrue("parameters" in conf) + self.assertTrue("data" in conf) + self.assertTrue("applications" in conf) + self.assertTrue("terminals" in conf) + self.assertTrue("args" in conf) + self.assertTrue("consoles" in conf) + self.assertTrue("env" in conf) + + +@OETestTag("meta-arm") +class RunnerTests(OESelftestTestCase): + def create_mock(self): + return unittest.mock.patch("subprocess.Popen") + + @unittest.mock.patch.dict(os.environ, {"PATH": "/path-42:/usr/sbin:/usr/bin:/sbin:/bin"}) + def test_start(self): + from fvp import runner + with self.create_mock() as m: + fvp = runner.FVPRunner(self.logger) + config = {"fvp-bindir": "/usr/bin", + "exe": "FVP_Binary", + "parameters": {'foo': 'bar'}, + "data": ['data1'], + "applications": {'a1': 'file'}, + "terminals": {}, + "args": ['--extra-arg'], + "env": {"FOO": "BAR"} + } + + with tempfile.NamedTemporaryFile('w') as fvpconf: + json.dump(config, fvpconf) + fvpconf.flush() + cwd_mock = os.path.dirname(fvpconf.name) + fvp.start(fvpconf.name) + + m.assert_called_once_with(['/usr/bin/FVP_Binary', + '--parameter', 'foo=bar', + '--data', 'data1', + '--application', 'a1=file', + '--extra-arg'], + stdin=unittest.mock.ANY, + stdout=unittest.mock.ANY, + stderr=unittest.mock.ANY, + env={"FOO":"BAR", "PATH": "/path-42:/usr/sbin:/usr/bin:/sbin:/bin"}, + cwd=cwd_mock) + + @unittest.mock.patch.dict(os.environ, {"DISPLAY": ":42", "WAYLAND_DISPLAY": "wayland-42", "PATH": "/path-42:/usr/sbin:/usr/bin:/sbin:/bin"}) + def test_env_passthrough(self): + from fvp import runner + with self.create_mock() as m: + fvp = runner.FVPRunner(self.logger) + config = {"fvp-bindir": "/usr/bin", + "exe": "FVP_Binary", + "parameters": {}, + "data": [], + "applications": {}, + "terminals": {}, + "args": [], + "env": {"FOO": "BAR"} + } + + with tempfile.NamedTemporaryFile('w') as fvpconf: + json.dump(config, fvpconf) + fvpconf.flush() + cwd_mock = os.path.dirname(fvpconf.name) + fvp.start(fvpconf.name) + + m.assert_called_once_with(['/usr/bin/FVP_Binary'], + stdin=unittest.mock.ANY, + stdout=unittest.mock.ANY, + stderr=unittest.mock.ANY, + env={"DISPLAY":":42", "FOO": "BAR", "WAYLAND_DISPLAY": "wayland-42", "PATH": "/path-42:/usr/sbin:/usr/bin:/sbin:/bin"}, + cwd=cwd_mock) diff --git a/meta-arm/lib/oeqa/selftest/cases/tests/auto-basic.json b/meta-arm/lib/oeqa/selftest/cases/tests/auto-basic.json new file mode 100644 index 00000000..a476ac10 --- /dev/null +++ b/meta-arm/lib/oeqa/selftest/cases/tests/auto-basic.json @@ -0,0 +1,4 @@ +{ + "fvp-bindir": ".", + "exe": "auto-basic.sh" +} diff --git a/meta-arm/lib/oeqa/selftest/cases/tests/auto-basic.sh b/meta-arm/lib/oeqa/selftest/cases/tests/auto-basic.sh new file mode 100755 index 00000000..ea9abac1 --- /dev/null +++ b/meta-arm/lib/oeqa/selftest/cases/tests/auto-basic.sh @@ -0,0 +1,11 @@ +#! /bin/sh + +set -e -u + +if [ $# = 0 ]; then + echo No arguments as expected + exit 0 +else + echo Unexpected arguments: $* + exit 1 +fi diff --git a/meta-arm/lib/oeqa/selftest/cases/tests/auto-parameters.json b/meta-arm/lib/oeqa/selftest/cases/tests/auto-parameters.json new file mode 100644 index 00000000..a60abac3 --- /dev/null +++ b/meta-arm/lib/oeqa/selftest/cases/tests/auto-parameters.json @@ -0,0 +1,8 @@ +{ + "fvp-bindir": ".", + "exe": "test-parameters.py", + "parameters": { + "board.cow": "moo", + "board.dog": "woof" + } +} diff --git a/meta-arm/lib/oeqa/selftest/cases/tests/mock-fvp.py b/meta-arm/lib/oeqa/selftest/cases/tests/mock-fvp.py new file mode 100755 index 00000000..6cf8e454 --- /dev/null +++ b/meta-arm/lib/oeqa/selftest/cases/tests/mock-fvp.py @@ -0,0 +1,29 @@ +#! /usr/bin/env python3 + +import argparse +import sys +import os + +def do_test_parameters(args): + if not args.parameter or set(args.parameter) != set(("board.cow=moo", "board.dog=woof")): + print(f"Unexpected arguments: {args}") + sys.exit(1) + +def do_test_environment(args): + if os.environ.get("DISPLAY") == "test_fvp_environment:42": + print("Found expected DISPLAY") + else: + print("Got unexpected environment %s" % str(os.environ)) + sys.exit(1) + +if __name__ == "__main__": + parser = argparse.ArgumentParser() + parser.add_argument("-C", "--parameter", action="append") + args = parser.parse_args() + + function = "do_" + parser.prog.replace("-", "_").replace(".py", "") + if function in locals(): + locals()[function](args) + else: + print(f"Unknown mock mode {parser.prog}") + sys.exit(1) diff --git a/meta-arm/lib/oeqa/selftest/cases/tests/test-environment.json b/meta-arm/lib/oeqa/selftest/cases/tests/test-environment.json new file mode 100644 index 00000000..6e23855b --- /dev/null +++ b/meta-arm/lib/oeqa/selftest/cases/tests/test-environment.json @@ -0,0 +1,4 @@ +{ + "fvp-bindir": ".", + "exe": "test-environment.py" +} diff --git a/meta-arm/lib/oeqa/selftest/cases/tests/test-environment.py b/meta-arm/lib/oeqa/selftest/cases/tests/test-environment.py new file mode 120000 index 00000000..c734eeca --- /dev/null +++ b/meta-arm/lib/oeqa/selftest/cases/tests/test-environment.py @@ -0,0 +1 @@ +mock-fvp.py
\ No newline at end of file diff --git a/meta-arm/lib/oeqa/selftest/cases/tests/test-parameter.json b/meta-arm/lib/oeqa/selftest/cases/tests/test-parameter.json new file mode 100644 index 00000000..031ef660 --- /dev/null +++ b/meta-arm/lib/oeqa/selftest/cases/tests/test-parameter.json @@ -0,0 +1,7 @@ +{ + "fvp-bindir": ".", + "exe": "test-parameters.py", + "parameters": { + "board.cow": "moo" + } +} diff --git a/meta-arm/lib/oeqa/selftest/cases/tests/test-parameters.py b/meta-arm/lib/oeqa/selftest/cases/tests/test-parameters.py new file mode 120000 index 00000000..c734eeca --- /dev/null +++ b/meta-arm/lib/oeqa/selftest/cases/tests/test-parameters.py @@ -0,0 +1 @@ +mock-fvp.py
\ No newline at end of file diff --git a/meta-arm/recipes-bsp/boot-wrapper-aarch64/boot-wrapper-aarch64_git.bb b/meta-arm/recipes-bsp/boot-wrapper-aarch64/boot-wrapper-aarch64_git.bb index 3e4751e3..775f4064 100644 --- a/meta-arm/recipes-bsp/boot-wrapper-aarch64/boot-wrapper-aarch64_git.bb +++ b/meta-arm/recipes-bsp/boot-wrapper-aarch64/boot-wrapper-aarch64_git.bb @@ -1,12 +1,15 @@ SUMMARY = "Linux aarch64 boot wrapper with FDT support" -LICENSE = "BSD" +LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=bb63326febfb5fb909226c8e7ebcef5c" -SRC_URI = "git://git.kernel.org/pub/scm/linux/kernel/git/mark/boot-wrapper-aarch64.git" -SRCREV = "8d5a765251d9113c3c0f9fa14de42a9e7486fe8a" +SRC_URI = "git://git.kernel.org/pub/scm/linux/kernel/git/mark/boot-wrapper-aarch64.git;branch=master" +SRCREV = "d3b1a15d18542b2086e72bfdc3fc43f454772a3b" -PV = "git${SRCPV}" +# boot-wrapper doesn't make releases +UPSTREAM_CHECK_COMMITS = "1" + +PV = "0+git" S = "${WORKDIR}/git" @@ -52,7 +55,7 @@ EXTRA_OEMAKE += "'KERNEL_IMAGE=${DEPLOY_DIR_IMAGE}/${BOOT_WRAPPER_AARCH64_KERNEL EXTRA_OEMAKE += "'CMDLINE=${BOOT_WRAPPER_AARCH64_CMDLINE}'" -do_configure_prepend() { +do_configure:prepend() { # Create dummy files to make configure happy. # We will pass the generated ones directly to make. mkdir -p ${WORKDIR}/kernel/arch/arm64/boot diff --git a/meta-arm/recipes-bsp/hafnium/hafnium/0001-Use-pkg-config-native-to-find-the-libssl-headers.patch b/meta-arm/recipes-bsp/hafnium/hafnium/0001-Use-pkg-config-native-to-find-the-libssl-headers.patch new file mode 100644 index 00000000..cfb534d4 --- /dev/null +++ b/meta-arm/recipes-bsp/hafnium/hafnium/0001-Use-pkg-config-native-to-find-the-libssl-headers.patch @@ -0,0 +1,26 @@ +From 1c1e7ca2874feaa3e447dce578487d42c226ef46 Mon Sep 17 00:00:00 2001 +From: Ross Burton <ross.burton@arm.com> +Date: Sat, 17 Jul 2021 14:38:02 -0500 +Subject: [PATCH] Use pkg-config-native to find the libssl headers. + +Upstream-Status: Inappropriate +Signed-off-by: Ross Burton <ross.burton@arm.com> +--- + scripts/Makefile | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/scripts/Makefile b/scripts/Makefile +index 9adb6d247818..5fe371c7d7f5 100644 +--- a/scripts/Makefile ++++ b/scripts/Makefile +@@ -3,8 +3,8 @@ + # scripts contains sources for various helper programs used throughout + # the kernel for the build process. + +-CRYPTO_LIBS = $(shell pkg-config --libs libcrypto 2> /dev/null || echo -lcrypto) +-CRYPTO_CFLAGS = $(shell pkg-config --cflags libcrypto 2> /dev/null) ++CRYPTO_LIBS = $(shell pkg-config-native --libs libcrypto 2> /dev/null || echo -lcrypto) ++CRYPTO_CFLAGS = $(shell pkg-config-native --cflags libcrypto 2> /dev/null) + + hostprogs-always-$(CONFIG_BUILD_BIN2C) += bin2c + hostprogs-always-$(CONFIG_KALLSYMS) += kallsyms diff --git a/meta-arm/recipes-bsp/hafnium/hafnium/0001-arm-hafnium-fix-kernel-tool-linking.patch b/meta-arm/recipes-bsp/hafnium/hafnium/0001-arm-hafnium-fix-kernel-tool-linking.patch new file mode 100644 index 00000000..6f91ecfe --- /dev/null +++ b/meta-arm/recipes-bsp/hafnium/hafnium/0001-arm-hafnium-fix-kernel-tool-linking.patch @@ -0,0 +1,29 @@ +From c17aabb2535d791a715130f21178946ab9c1e29d Mon Sep 17 00:00:00 2001 +From: Ross Burton <ross.burton@arm.com> +Date: Tue, 9 Nov 2021 23:31:22 +0000 +Subject: [PATCH] arm/hafnium: fix kernel tool linking + +We need to be sure that the host linker flags are passed to the kernel build, +as otherwise it is possible that binaries are incorrectly linked. For example: + +HOSTCC scripts/extract-cert +ld: .../recipe-sysroot-native/usr/lib/pkgconfig/../../../usr/lib/libcrypto.so: undefined reference to `pthread_once@GLIBC_2.34' + +Upstream-Status: Inappropriate +Signed-off-by: Ross Burton <ross.burton@arm.com> +--- + build/linux/linux.gni | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/build/linux/linux.gni b/build/linux/linux.gni +index 497915290106..0e0167d5f485 100644 +--- a/build/linux/linux.gni ++++ b/build/linux/linux.gni +@@ -54,6 +54,7 @@ template("linux_kernel") { + "LLVM=1", + "LLVM_IAS=1", + "CROSS_COMPILE=aarch64-linux-gnu-", ++ "HOSTLDFLAGS=" + getenv("BUILD_LDFLAGS"), + + # Build out-of-tree in `target_out_dir`. + "O=" + rebase_path(target_out_dir), diff --git a/meta-arm/recipes-bsp/hafnium/hafnium/0001-work-around-visibility-issue.patch b/meta-arm/recipes-bsp/hafnium/hafnium/0001-work-around-visibility-issue.patch new file mode 100644 index 00000000..dc0c35fe --- /dev/null +++ b/meta-arm/recipes-bsp/hafnium/hafnium/0001-work-around-visibility-issue.patch @@ -0,0 +1,29 @@ +From 745294ffa9bb9296eb4250f24dd0ae8115fadd7a Mon Sep 17 00:00:00 2001 +From: Jon Mason <jon.mason@arm.com> +Date: Thu, 27 Oct 2022 20:10:09 +0000 +Subject: [PATCH] work around visibility issue + +gn commit 46b572ce4ceedfe57f4f84051bd7da624c98bf01 "fixed" the +visibility field not applying to public configs. This caused dtc to +have issues due to libfdt and others not being specified. Due to the +number, it was cleaner to remove the visibility field (which defaults to +everything being visible). + +Upstream-Status: Pending [Not submitted to upstream yet] +Signed-off-by: Jon Mason <jon.mason@arm.com> +--- + BUILD.gn | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/BUILD.gn b/BUILD.gn +index f55560c540de..d60c3e37135b 100644 +--- a/BUILD.gn ++++ b/BUILD.gn +@@ -5,7 +5,6 @@ + # https://opensource.org/licenses/BSD-3-Clause. + + config("libfdt_config") { +- visibility = [ ":gtest" ] + include_dirs = [ + "libfdt", + "hafnium_inc", diff --git a/meta-arm/recipes-bsp/hafnium/hafnium_2.10.bb b/meta-arm/recipes-bsp/hafnium/hafnium_2.10.bb new file mode 100644 index 00000000..dea1bdcb --- /dev/null +++ b/meta-arm/recipes-bsp/hafnium/hafnium_2.10.bb @@ -0,0 +1,80 @@ +SUMMARY = "Hafnium" +DESCRIPTION = "A reference Secure Partition Manager (SPM) for systems that implement the Armv8.4-A Secure-EL2 extension" +DEPENDS = "gn-native ninja-native bison-native bc-native dtc-native openssl-native" + +LICENSE = "BSD-3-Clause & GPL-2.0-only" +LIC_FILES_CHKSUM = "file://LICENSE;md5=782b40c14bad5294672c500501edc103" + +PACKAGE_ARCH = "${MACHINE_ARCH}" + + +CLANGNATIVE = "" +CLANGNATIVE:runtime-llvm = "clang-native" + +inherit deploy python3native pkgconfig ${CLANGNATIVE} + +SRC_URI = "gitsm://git.trustedfirmware.org/hafnium/hafnium.git;protocol=https;branch=master \ + file://0001-arm-hafnium-fix-kernel-tool-linking.patch \ + file://0001-Use-pkg-config-native-to-find-the-libssl-headers.patch;patchdir=third_party/linux \ + file://0001-work-around-visibility-issue.patch;patchdir=third_party/dtc \ + " +SRCREV = "946fde92bedc95e1320684b0bc2dc752bc1e1bc7" +S = "${WORKDIR}/git" +B = "${WORKDIR}/build" + +COMPATIBLE_MACHINE ?= "invalid" +COMPATIBLE_MACHINE:qemuarm64 = "qemuarm64" + +# Default build 'reference' +HAFNIUM_PROJECT ?= "reference" + +# Platform must be set for each machine +HAFNIUM_PLATFORM ?= "invalid" +HAFNIUM_PLATFORM:qemuarm64 = "qemu_aarch64" + +# do_deploy will install everything listed in this variable. It is set by +# default to hafnium +HAFNIUM_INSTALL_TARGET ?= "hafnium" + +# set project to build +EXTRA_OEMAKE += "PROJECT=${HAFNIUM_PROJECT}" + +EXTRA_OEMAKE += "OUT_DIR=${B}" + +# Don't use prebuilt binaries for gn and ninja +EXTRA_OEMAKE += "GN=${STAGING_BINDIR_NATIVE}/gn NINJA=${STAGING_BINDIR_NATIVE}/ninja" + +do_configure[cleandirs] += "${B}" + +do_compile() { + oe_runmake -C ${S} +} + +do_install() { + cd ${B}/${HAFNIUM_PLATFORM}_clang + install -d -m 755 ${D}/firmware + for bldfile in ${HAFNIUM_INSTALL_TARGET}; do + install -m 0755 $bldfile.bin $bldfile.elf ${D}/firmware/ + done +} + +FILES:${PN} = "/firmware/*.bin" +FILES:${PN}-dbg = "/firmware/*.elf" +SYSROOT_DIRS += "/firmware" +INSANE_SKIP:${PN} = "ldflags" +INSANE_SKIP:${PN}-dbg = "ldflags" +# Build paths are currently embedded +INSANE_SKIP:${PN}-dbg += "buildpaths" + +do_deploy() { + cp -rf ${D}/firmware/* ${DEPLOYDIR}/ +} +addtask deploy after do_install + +python() { + # https://developer.trustedfirmware.org/T898 + if d.getVar("BUILD_ARCH") != "x86_64": + raise bb.parse.SkipRecipe("Cannot be built on non-x86-64 hosts") +} + +EXCLUDE_FROM_WORLD = "1" diff --git a/meta-arm/recipes-bsp/hafnium/hafnium_2.4.bb b/meta-arm/recipes-bsp/hafnium/hafnium_2.4.bb deleted file mode 100644 index 361d6db9..00000000 --- a/meta-arm/recipes-bsp/hafnium/hafnium_2.4.bb +++ /dev/null @@ -1,80 +0,0 @@ -SUMMARY = "Hafnium" -DESCRIPTION = "A reference Secure Partition Manager (SPM) for systems that implement the Armv8.4-A Secure-EL2 extension" -LICENSE = "BSD-3-Clause & GPLv2" -LIC_FILES_CHKSUM = "file://LICENSE;md5=782b40c14bad5294672c500501edc103" - -PACKAGE_ARCH = "${MACHINE_ARCH}" - -inherit deploy python3native - -SRC_URI = "gitsm://git.trustedfirmware.org/hafnium/hafnium.git;protocol=https" -SRCREV = "410a3acaf669c12d41fb4c57fcaf3ecee6fdba61" -S = "${WORKDIR}/git" - -COMPATIBLE_MACHINE ?= "invalid" - -# Default build 'reference' -HAFNIUM_PROJECT ?= "reference" - -# Platform must be set for each machine -HAFNIUM_PLATFORM ?= "invalid" - -# hafnium build directory -# Append _clang as the build rule in hafnium adds this to the platform name. -HAFNIUM_BUILD_DIR_PLAT = "out/${HAFNIUM_PROJECT}/${HAFNIUM_PLATFORM}_clang" - -# do_deploy will install everything listed in this variable. It is set by -# default to hafnium -HAFNIUM_INSTALL_TARGET ?= "hafnium" - -DEPENDS = "bison-native bc-native" - -# set project to build -EXTRA_OEMAKE += "PROJECT=${HAFNIUM_PROJECT}" - -do_compile_prepend() { - # Hafnium expects 'python'. Create symlink python to python3 - real=$(which ${PYTHON}) - ln -snf $real $(dirname $real)/python -} - -do_install() { - install -d -m 755 ${D}/firmware - for bldfile in ${HAFNIUM_INSTALL_TARGET}; do - processed="0" - if [ -f ${S}/${HAFNIUM_BUILD_DIR_PLAT}/$bldfile.bin ]; then - echo "Install $bldfile.bin" - install -m 0755 ${S}/${HAFNIUM_BUILD_DIR_PLAT}/$bldfile.bin \ - ${D}/firmware/$bldfile-${HAFNIUM_PLATFORM}.bin - ln -sf $bldfile-${HAFNIUM_PLATFORM}.bin ${D}/firmware/$bldfile.bin - processed="1" - fi - if [ -f ${S}/${HAFNIUM_BUILD_DIR_PLAT}/$bldfile.elf ]; then - echo "Install $bldfile.elf" - install -m 0755 ${S}/${HAFNIUM_BUILD_DIR_PLAT}/$bldfile.elf \ - ${D}/firmware/$bldfile-${HAFNIUM_PLATFORM}.elf - ln -sf $bldfile-${HAFNIUM_PLATFORM}.elf ${D}/firmware/$bldfile.elf - processed="1" - fi - if [ "$processed" = "0" ]; then - bberror "Unsupported HAFNIUM_INSTALL_TARGET target $bldfile" - exit 1 - fi - done -} - -FILES_${PN} = "/firmware" -SYSROOT_DIRS += "/firmware" -# skip QA tests: {'ldflags'} -INSANE_SKIP_${PN} = "ldflags" - -do_deploy() { - cp -rf ${D}/firmware/* ${DEPLOYDIR}/ -} -addtask deploy after do_install - -python() { - # https://developer.trustedfirmware.org/T898 - if d.getVar("BUILD_ARCH") != "x86_64": - raise bb.parse.SkipRecipe("Cannot be built on non-x86-64 hosts") -} diff --git a/meta-arm/recipes-bsp/images/firmware-deploy-image.bb b/meta-arm/recipes-bsp/images/firmware-deploy-image.bb new file mode 100644 index 00000000..2f347f0b --- /dev/null +++ b/meta-arm/recipes-bsp/images/firmware-deploy-image.bb @@ -0,0 +1,32 @@ +SUMMARY = "Firmware image deploying multi-config firmware" +DESCRIPTION = "Image for deploying a firmware set on platforms using multi-config" +LICENSE = "MIT" + +inherit deploy nopackages + +PACKAGE_ARCH = "${MACHINE_ARCH}" +COMPATIBLE_MACHINE ?= "invalid" +do_configure[noexec] = "1" +do_compile[noexec] = "1" +do_install[noexec] = "1" + +# Users of this recipe are expected to provide the list of firmware images +# that need to be deployed by setting this variable. +FIRMWARE_BINARIES ?= "" + +do_deploy() { + firmware_loc=$(echo "${TMPDIR}" | sed "s/${TCLIBC}/musl/") + firmware_loc="${firmware_loc}_${MACHINE}/deploy/images/${MACHINE}" + for firmware in ${FIRMWARE_BINARIES}; do + echo "cp -av ${firmware_loc}/${firmware} ${DEPLOYDIR}/" + cp -av "${firmware_loc}/${firmware}" ${DEPLOYDIR}/ + if [ -L "${firmware_loc}/${firmware}" ]; then + echo "cp -av ${firmware_loc}/$(readlink ${firmware_loc}/${firmware}) ${DEPLOYDIR}/" + cp -av "${firmware_loc}/$(readlink ${firmware_loc}/${firmware})" ${DEPLOYDIR}/ + fi + done +} + +do_deploy[umask] = "022" + +addtask deploy after do_prepare_recipe_sysroot diff --git a/meta-arm/recipes-bsp/scp-firmware/files/0001-OPTEE-Private-Includes.patch b/meta-arm/recipes-bsp/scp-firmware/files/0001-OPTEE-Private-Includes.patch new file mode 100644 index 00000000..f3063a95 --- /dev/null +++ b/meta-arm/recipes-bsp/scp-firmware/files/0001-OPTEE-Private-Includes.patch @@ -0,0 +1,43 @@ +From b298400a5783453f64d8bebbd92db2c84c4a49fd Mon Sep 17 00:00:00 2001 +From: Ross Burton <ross.burton@arm.com> +Date: Mon, 10 Jul 2023 14:09:16 +0100 +Subject: [PATCH] OPTEE Private Includes + +Change the optee module includes to be private instead of public, so they don't get used +in every build, which can result in compile failures as /core/include/ doesn't exit. + +For some reason this behaviour isn't deterministic, a ticket has been filed with upstream. + +Upstream-Status: Pending +Signed-off-by: Ross Burton <ross.burton@arm.com> +--- + module/optee/console/CMakeLists.txt | 2 +- + module/optee/mbx/CMakeLists.txt | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/module/optee/console/CMakeLists.txt b/module/optee/console/CMakeLists.txt +index aebb7cc79766..942aa98c85ff 100644 +--- a/module/optee/console/CMakeLists.txt ++++ b/module/optee/console/CMakeLists.txt +@@ -14,7 +14,7 @@ target_include_directories(${SCP_MODULE_TARGET} + # Those includes are needed for mutex definitnion that is used in optee_smt + # notification + target_include_directories(${SCP_MODULE_TARGET} +- PUBLIC "${SCP_OPTEE_DIR}/core/arch/arm/include/" ++ PRIVATE "${SCP_OPTEE_DIR}/core/arch/arm/include/" + "${SCP_OPTEE_DIR}/core/include/" + "${SCP_OPTEE_DIR}/lib/libutils/ext/include/" + "${SCP_OPTEE_DIR}/lib/libutee/include/") +diff --git a/module/optee/mbx/CMakeLists.txt b/module/optee/mbx/CMakeLists.txt +index 305fa42b7370..783a7970c2d5 100644 +--- a/module/optee/mbx/CMakeLists.txt ++++ b/module/optee/mbx/CMakeLists.txt +@@ -15,7 +15,7 @@ target_include_directories(${SCP_MODULE_TARGET} + # Those includes are needed for mutex defifitnion that is used in optee_smt + # notification + target_include_directories(${SCP_MODULE_TARGET} +- PUBLIC "${SCP_OPTEE_DIR}/core/include/" ++ PRIVATE "${SCP_OPTEE_DIR}/core/include/" + "${SCP_OPTEE_DIR}/lib/libutils/ext/include/" + "${SCP_OPTEE_DIR}/lib/libutee/include/") + diff --git a/meta-arm/recipes-bsp/scp-firmware/scp-firmware_2.14.0.bb b/meta-arm/recipes-bsp/scp-firmware/scp-firmware_2.14.0.bb new file mode 100644 index 00000000..c0e40d90 --- /dev/null +++ b/meta-arm/recipes-bsp/scp-firmware/scp-firmware_2.14.0.bb @@ -0,0 +1,116 @@ +SUMMARY = "SCP and MCP Firmware" +DESCRIPTION = "Firmware for SCP and MCP software reference implementation" +HOMEPAGE = "https://gitlab.arm.com/firmware/SCP-firmware" + +LICENSE = "BSD-3-Clause & Apache-2.0" +LIC_FILES_CHKSUM = "file://license.md;beginline=5;md5=9db9e3d2fb8d9300a6c3d15101b19731 \ + file://contrib/cmsis/git/LICENSE.txt;md5=e3fc50a88d0a364313df4b21ef20c29e" + +SRC_URI_SCP_FIRMWARE ?= "gitsm://git.gitlab.arm.com/firmware/SCP-firmware.git;protocol=https" +SRC_URI = "${SRC_URI_SCP_FIRMWARE};branch=${SRCBRANCH} \ + file://0001-OPTEE-Private-Includes.patch \ + " + +SRCBRANCH = "main" +SRCREV = "3267f2964114a56faaf46a40704be6ca78240725" + +PROVIDES += "virtual/control-processor-firmware" + +CMAKE_BUILD_TYPE ?= "RelWithDebInfo" +SCP_PLATFORM ?= "${MACHINE}" +SCP_PRODUCT_GROUP ?= "." +SCP_LOG_LEVEL ?= "WARN" +SCP_PLATFORM_FEATURE_SET ?= "0" + +INHIBIT_DEFAULT_DEPS = "1" +DEPENDS = "gcc-arm-none-eabi-native \ + cmake-native \ + ninja-native \ + " + +# For now we only build with GCC, so stop meta-clang trying to get involved +TOOLCHAIN = "gcc" + +inherit deploy + +B = "${WORKDIR}/build" +S = "${WORKDIR}/git" + +# Allow platform specific copying of only scp or both scp & mcp, default to both +FW_TARGETS ?= "scp mcp" +FW_INSTALL ?= "ramfw romfw" + +PACKAGE_ARCH = "${MACHINE_ARCH}" +COMPATIBLE_MACHINE ?= "invalid" + +export CFLAGS = "${DEBUG_PREFIX_MAP}" +export ASMFLAGS = "${DEBUG_PREFIX_MAP}" + +LDFLAGS[unexport] = "1" + +EXTRA_OECMAKE = "-D CMAKE_BUILD_TYPE=${CMAKE_BUILD_TYPE} \ + -D SCP_LOG_LEVEL=${SCP_LOG_LEVEL} \ + -D SCP_PLATFORM_FEATURE_SET=${SCP_PLATFORM_FEATURE_SET} \ + -D DISABLE_CPPCHECK=1 \ + -D SCP_TOOLCHAIN=GNU \ + " + +do_configure() { + for FW in ${FW_TARGETS}; do + for TYPE in ${FW_INSTALL}; do + bbnote Configuring ${SCP_PLATFORM}/${FW}_${TYPE}... + cmake -GNinja ${EXTRA_OECMAKE} -S ${S} -B "${B}/${TYPE}/${FW}" -D SCP_FIRMWARE_SOURCE_DIR:PATH="${SCP_PRODUCT_GROUP}/${SCP_PLATFORM}/${FW}_${TYPE}" + done + done +} + +do_configure[cleandirs] += "${B}" + +do_compile() { + for FW in ${FW_TARGETS}; do + for TYPE in ${FW_INSTALL}; do + bbnote Building ${SCP_PLATFORM}/${FW}_${TYPE}... + VERBOSE=1 cmake --build ${B}/${TYPE}/${FW} --target all + done + done +} + +do_install() { + install -d ${D}/firmware + for TYPE in ${FW_INSTALL}; do + for FW in ${FW_TARGETS}; do + if [ "$TYPE" = "romfw" ]; then + if [ "$FW" = "scp" ]; then + install -D "${B}/${TYPE}/${FW}/bin/${SCP_PLATFORM}-bl1.bin" "${D}/firmware/${FW}_${TYPE}.bin" + install -D "${B}/${TYPE}/${FW}/bin/${SCP_PLATFORM}-bl1.elf" "${D}/firmware/${FW}_${TYPE}.elf" + else + install -D "${B}/${TYPE}/${FW}/bin/${SCP_PLATFORM}-${FW}-bl1.bin" "${D}/firmware/${FW}_${TYPE}.bin" + install -D "${B}/${TYPE}/${FW}/bin/${SCP_PLATFORM}-${FW}-bl1.elf" "${D}/firmware/${FW}_${TYPE}.elf" + fi + elif [ "$TYPE" = "ramfw" ]; then + if [ "$FW" = "scp" ]; then + install -D "${B}/${TYPE}/${FW}/bin/${SCP_PLATFORM}-bl2.bin" "${D}/firmware/${FW}_${TYPE}.bin" + install -D "${B}/${TYPE}/${FW}/bin/${SCP_PLATFORM}-bl2.elf" "${D}/firmware/${FW}_${TYPE}.elf" + else + install -D "${B}/${TYPE}/${FW}/bin/${SCP_PLATFORM}-${FW}-bl2.bin" "${D}/firmware/${FW}_${TYPE}.bin" + install -D "${B}/${TYPE}/${FW}/bin/${SCP_PLATFORM}-${FW}-bl2.elf" "${D}/firmware/${FW}_${TYPE}.elf" + fi + fi + done + done +} + +FILES:${PN} = "/firmware" +SYSROOT_DIRS += "/firmware" + +FILES:${PN}-dbg += "/firmware/*.elf" +# These binaries are specifically for 32-bit arm +INSANE_SKIP:${PN}-dbg += "arch" +INHIBIT_PACKAGE_DEBUG_SPLIT = "1" +INHIBIT_PACKAGE_STRIP = "1" + +do_deploy() { + # Copy the images to deploy directory + cp -rf ${D}/firmware/* ${DEPLOYDIR}/ +} +addtask deploy after do_install diff --git a/meta-arm/recipes-bsp/scp-firmware/scp-firmware_2.8.0.bb b/meta-arm/recipes-bsp/scp-firmware/scp-firmware_2.8.0.bb deleted file mode 100644 index bee3ab5e..00000000 --- a/meta-arm/recipes-bsp/scp-firmware/scp-firmware_2.8.0.bb +++ /dev/null @@ -1,75 +0,0 @@ -SUMMARY = "SCP and MCP Firmware" -DESCRIPTION = "Firmware for SCP and MCP software reference implementation" -HOMEPAGE = "https://github.com/ARM-software/SCP-firmware" - -LICENSE = "BSD-3-Clause & Apache-2.0" -LIC_FILES_CHKSUM = "file://license.md;beginline=5;md5=9db9e3d2fb8d9300a6c3d15101b19731 \ - file://contrib/cmsis/git/LICENSE.txt;md5=e3fc50a88d0a364313df4b21ef20c29e" - -SRC_URI = "gitsm://github.com/ARM-software/SCP-firmware.git;protocol=https" -SRCREV = "043de77f220a0b4b0ec3aa367bd515a9e9df2a29" - -PROVIDES += "virtual/control-processor-firmware" - -SCP_BUILD_RELEASE ?= "1" -SCP_PLATFORM ?= "invalid" -SCP_COMPILER ?= "arm-none-eabi" -SCP_LOG_LEVEL ?= "WARN" - -INHIBIT_DEFAULT_DEPS = "1" -DEPENDS = "virtual/arm-none-eabi-gcc-native" - -SCP_BUILD_STR = "${@bb.utils.contains('SCP_BUILD_RELEASE', '1', 'release', 'debug', d)}" - -inherit deploy - -B = "${WORKDIR}/build" -S = "${WORKDIR}/git" - -# Allow platform specific copying of only scp or both scp & mcp, default to both -FW_TARGETS ?= "scp mcp" -FW_INSTALL ?= "ramfw romfw" - -PACKAGE_ARCH = "${MACHINE_ARCH}" -COMPATIBLE_MACHINE ?= "invalid" - -LDFLAGS[unexport] = "1" - -# No configure -do_configure[noexec] = "1" - -EXTRA_OEMAKE = "V=1 \ - BUILD_PATH='${B}' \ - PRODUCT='${SCP_PLATFORM}' \ - MODE='${SCP_BUILD_STR}' \ - LOG_LEVEL='${SCP_LOG_LEVEL}' \ - CC='${SCP_COMPILER}-gcc' \ - AR='${SCP_COMPILER}-ar' \ - SIZE='${SCP_COMPILER}-size' \ - OBJCOPY='${SCP_COMPILER}-objcopy' \ - " - -do_compile() { - oe_runmake -C "${S}" -} -do_compile[cleandirs] += "${B}" - -do_install() { - install -d ${D}/firmware - for FW in ${FW_TARGETS}; do - for TYPE in ${FW_INSTALL}; do - install -D "${B}/product/${SCP_PLATFORM}/${FW}_${TYPE}/${SCP_BUILD_STR}/bin/${FW}_${TYPE}.bin" "${D}/firmware/" - done - done -} - -FILES_${PN} = "/firmware" -SYSROOT_DIRS += "/firmware" -# Skip QA check for relocations in .text of elf binaries -INSANE_SKIP_${PN} = "textrel" - -do_deploy() { - # Copy the images to deploy directory - cp -rf ${D}/firmware/* ${DEPLOYDIR}/ -} -addtask deploy after do_install diff --git a/meta-arm/recipes-bsp/trusted-firmware-a/files/0001-Add-spmc_manifest-for-qemu.patch b/meta-arm/recipes-bsp/trusted-firmware-a/files/0001-Add-spmc_manifest-for-qemu.patch new file mode 100644 index 00000000..8ddf353b --- /dev/null +++ b/meta-arm/recipes-bsp/trusted-firmware-a/files/0001-Add-spmc_manifest-for-qemu.patch @@ -0,0 +1,64 @@ +From 56874ab381b0f0beade2d200147245e157b4aff6 Mon Sep 17 00:00:00 2001 +From: Gyorgy Szing <Gyorgy.Szing@arm.com> +Date: Mon, 13 Mar 2023 21:15:59 +0100 +Subject: [PATCH] Add spmc_manifest for qemu + +This version only supports embedded packaging. + +Upstream-Status: Inappropriate [other] + - The SPMC manifest is integration specific and should live at an + integration spcific place. The manifest file is processed by TF-A + and I am adding the patch to TF-A to keep things simple. + +Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com> +--- + plat/qemu/fdts/optee_spmc_manifest.dts | 40 ++++++++++++++++++++++++++ + 1 file changed, 40 insertions(+) + create mode 100644 plat/qemu/fdts/optee_spmc_manifest.dts + +diff --git a/plat/qemu/fdts/optee_spmc_manifest.dts b/plat/qemu/fdts/optee_spmc_manifest.dts +new file mode 100644 +index 000000000000..ae2ae3d951de +--- /dev/null ++++ b/plat/qemu/fdts/optee_spmc_manifest.dts +@@ -0,0 +1,40 @@ ++/* SPDX-License-Identifier: BSD-3-Clause */ ++/* ++ * Copyright (c) 2023, Arm Limited. All rights reserved. ++ */ ++ ++/dts-v1/; ++ ++/ { ++ compatible = "arm,ffa-core-manifest-1.0"; ++ #address-cells = <2>; ++ #size-cells = <1>; ++ ++ attribute { ++ spmc_id = <0x8000>; ++ maj_ver = <0x1>; ++ min_ver = <0x0>; ++ exec_state = <0x0>; ++ load_address = <0x0 0x0e100000>; ++ entrypoint = <0x0 0x0e100000>; ++ binary_size = <0x80000>; ++ }; ++ ++/* ++ * This file will be preprocessed by TF-A's build system. If Measured Boot is ++ * enabled in TF-A's config, the build system will add the MEASURED_BOOT=1 macro ++ * to the preprocessor arguments. ++ */ ++#if MEASURED_BOOT ++ tpm_event_log { ++ compatible = "arm,tpm_event_log"; ++ tpm_event_log_addr = <0x0 0x0>; ++ tpm_event_log_size = <0x0>; ++ }; ++#endif ++ ++/* If the ARM_BL2_SP_LIST_DTS is defined, SPs should be loaded from FIP */ ++#ifdef ARM_BL2_SP_LIST_DTS ++ #error "FIP SP load addresses configuration is missing. ++#endif ++}; diff --git a/meta-arm/recipes-bsp/trusted-firmware-a/files/0001-bl31_runtime-revert-usage-of-plat_ic_has_interrupt_t.patch b/meta-arm/recipes-bsp/trusted-firmware-a/files/0001-bl31_runtime-revert-usage-of-plat_ic_has_interrupt_t.patch new file mode 100644 index 00000000..f6f054df --- /dev/null +++ b/meta-arm/recipes-bsp/trusted-firmware-a/files/0001-bl31_runtime-revert-usage-of-plat_ic_has_interrupt_t.patch @@ -0,0 +1,38 @@ +From fd13a4d304da4233cb954329bf287ec9dfbb7367 Mon Sep 17 00:00:00 2001 +From: Jon Mason <jon.mason@arm.com> +Date: Mon, 4 Dec 2023 10:20:21 -0500 +Subject: [PATCH] bl31_runtime: revert usage of plat_ic_has_interrupt_type + +There is a regression caused by commit +1f6bb41dd951714b47bf07bb9a332346ca261033 for the trusted services tests. +This is due to the fact that the referenced commit changes the behavior +from checking for both INTR_TYPE_EL3 and INTR_TYPE_S_EL1, to referencing +an existing function that #if for _either_ INTR_TYPE_EL3 or +INTR_TYPE_S_EL1 (depending on the value of GICV2_G0_FOR_EL3). To work +around this issue, revert the check back to its original form. + +Signed-off-by: Jon Mason <jon.mason@arm.com> +Upstream-Status: Pending +--- + bl31/interrupt_mgmt.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/bl31/interrupt_mgmt.c b/bl31/interrupt_mgmt.c +index 68c7f10add21..8e888b676b35 100644 +--- a/bl31/interrupt_mgmt.c ++++ b/bl31/interrupt_mgmt.c +@@ -47,9 +47,9 @@ static intr_type_desc_t intr_type_descs[MAX_INTR_TYPES]; + ******************************************************************************/ + static int32_t validate_interrupt_type(uint32_t type) + { +- if (plat_ic_has_interrupt_type(type)) { ++ if ((type == INTR_TYPE_S_EL1) || (type == INTR_TYPE_NS) || ++ (type == INTR_TYPE_EL3)) + return 0; +- } + + return -EINVAL; + } +-- +2.30.2 + diff --git a/meta-arm/recipes-bsp/trusted-firmware-a/files/0001-qemu_measured_boot.c-ignore-TPM-error-and-continue-w.patch b/meta-arm/recipes-bsp/trusted-firmware-a/files/0001-qemu_measured_boot.c-ignore-TPM-error-and-continue-w.patch new file mode 100644 index 00000000..2d189d8e --- /dev/null +++ b/meta-arm/recipes-bsp/trusted-firmware-a/files/0001-qemu_measured_boot.c-ignore-TPM-error-and-continue-w.patch @@ -0,0 +1,36 @@ +From 1d1425bde8435d6e2b3e4f2b7bcb2eb293ef9601 Mon Sep 17 00:00:00 2001 +From: Mikko Rapeli <mikko.rapeli@linaro.org> +Date: Mon, 15 Jan 2024 09:26:56 +0000 +Subject: [PATCH] qemu_measured_boot.c: ignore TPM error and continue with boot + +If firmware is configured with TPM support but it's missing +on HW, e.g. swtpm not started and/or configured with qemu, +then continue booting. Missing TPM is not a fatal error. +Enables testing boot without TPM device to see that +missing TPM is detected further up the SW stack and correct +fallback actions are taken. + +Upstream-Status: Pending + +Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org> +--- + plat/qemu/qemu/qemu_measured_boot.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/plat/qemu/qemu/qemu_measured_boot.c b/plat/qemu/qemu/qemu_measured_boot.c +index 122bb23b14..731b081c47 100644 +--- a/plat/qemu/qemu/qemu_measured_boot.c ++++ b/plat/qemu/qemu/qemu_measured_boot.c +@@ -79,7 +79,8 @@ void bl2_plat_mboot_finish(void) + * Note: In QEMU platform, OP-TEE uses nt_fw_config to get the + * secure Event Log buffer address. + */ +- panic(); ++ ERROR("Ignoring TPM errors, continuing without\n"); ++ return; + } + + /* Copy Event Log to Non-secure memory */ +-- +2.34.1 + diff --git a/meta-arm/recipes-bsp/trusted-firmware-a/files/0002-pmf.h-made-PMF_STOTE_ENABLE-pass-Wtautological.patch b/meta-arm/recipes-bsp/trusted-firmware-a/files/0002-pmf.h-made-PMF_STOTE_ENABLE-pass-Wtautological.patch deleted file mode 100644 index 42e0f5b1..00000000 --- a/meta-arm/recipes-bsp/trusted-firmware-a/files/0002-pmf.h-made-PMF_STOTE_ENABLE-pass-Wtautological.patch +++ /dev/null @@ -1,31 +0,0 @@ -From c9209fa0f474d41bc5ecf2b988ab404123038c1b Mon Sep 17 00:00:00 2001 -From: Brett Warren <brett.warren@arm.com> -Date: Tue, 3 Nov 2020 13:34:26 +0000 -Subject: [PATCH] pmf.h: made PMF_STOTE_ENABLE pass -Wtautological - -When compiling with clang, PMF_STORE_ENABLE triggers --Wtautological-constant-compare. To mitigate, the definition -is modified cosmetically to not trigger this error. - -Upstream-Status: Pending -Signed-off-by: Brett Warren <brett.warren@arm.com> ---- - include/lib/pmf/pmf.h | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/include/lib/pmf/pmf.h b/include/lib/pmf/pmf.h -index df7c9ff31..baa2dfd60 100644 ---- a/include/lib/pmf/pmf.h -+++ b/include/lib/pmf/pmf.h -@@ -25,7 +25,7 @@ - /* - * Flags passed to PMF_REGISTER_SERVICE - */ --#define PMF_STORE_ENABLE (1 << 0) -+#define PMF_STORE_ENABLE 1 - #define PMF_DUMP_ENABLE (1 << 1) - - /* --- -2.17.1 - diff --git a/meta-arm/recipes-bsp/trusted-firmware-a/files/0003-xlat-tables-v2-remove-tautological-assert.patch b/meta-arm/recipes-bsp/trusted-firmware-a/files/0003-xlat-tables-v2-remove-tautological-assert.patch deleted file mode 100644 index c24b1cfc..00000000 --- a/meta-arm/recipes-bsp/trusted-firmware-a/files/0003-xlat-tables-v2-remove-tautological-assert.patch +++ /dev/null @@ -1,31 +0,0 @@ -From a0b72074ee4cfdf0ff3b807b01a962898761def4 Mon Sep 17 00:00:00 2001 -From: Brett Warren <brett.warren@arm.com> -Date: Fri, 27 Nov 2020 10:29:48 +0000 -Subject: [PATCH] xlat_tables_v2: remove tautological assert - -When compiling with clang for aarch32, an assert triggered --Wtautological error. This assertion is removed, as -this means there is no way for it to resolve as false anyway. - -Upstream-Status: Pending -Signed-off-by: Brett Warren <brett.warren@arm.com> ---- - lib/xlat_tables_v2/aarch32/xlat_tables_arch.c | 2 -- - 1 file changed, 2 deletions(-) - -diff --git a/lib/xlat_tables_v2/aarch32/xlat_tables_arch.c b/lib/xlat_tables_v2/aarch32/xlat_tables_arch.c -index b69c6702b..52a75b37a 100644 ---- a/lib/xlat_tables_v2/aarch32/xlat_tables_arch.c -+++ b/lib/xlat_tables_v2/aarch32/xlat_tables_arch.c -@@ -203,8 +203,6 @@ void setup_mmu_cfg(uint64_t *params, unsigned int flags, - - assert(virtual_addr_space_size >= - xlat_get_min_virt_addr_space_size()); -- assert(virtual_addr_space_size <= -- MAX_VIRT_ADDR_SPACE_SIZE); - assert(IS_POWER_OF_TWO(virtual_addr_space_size)); - - /* --- -2.17.1 - diff --git a/meta-arm/recipes-bsp/trusted-firmware-a/fiptool-native_2.10.3.bb b/meta-arm/recipes-bsp/trusted-firmware-a/fiptool-native_2.10.3.bb new file mode 100644 index 00000000..5ba8d48c --- /dev/null +++ b/meta-arm/recipes-bsp/trusted-firmware-a/fiptool-native_2.10.3.bb @@ -0,0 +1,33 @@ +# Firmware Image Package (FIP) +# It is a packaging format used by TF-A to package the +# firmware images in a single binary. + +DESCRIPTION = "fiptool - Trusted Firmware tool for packaging" +LICENSE = "BSD-3-Clause" + +SRC_URI_TRUSTED_FIRMWARE_A ?= "git://git.trustedfirmware.org/TF-A/trusted-firmware-a.git;protocol=https" +SRC_URI = "${SRC_URI_TRUSTED_FIRMWARE_A};destsuffix=fiptool-${PV};branch=${SRCBRANCH}" +LIC_FILES_CHKSUM = "file://docs/license.rst;md5=b2c740efedc159745b9b31f88ff03dde" + +# Use fiptool from TF-A v2.10.3 +SRCREV = "0f915309c3821ce6f78f8451e5a6178d0cf07611" +SRCBRANCH = "lts-v2.10" + +DEPENDS += "openssl-native" + +inherit native + +EXTRA_OEMAKE = "V=1 HOSTCC='${BUILD_CC}' OPENSSL_DIR=${STAGING_DIR_NATIVE}/${prefix_native}" + +do_compile () { + # This is still needed to have the native fiptool executing properly by + # setting the RPATH + sed -i '/^LDOPTS/ s,$, \$\{BUILD_LDFLAGS},' ${S}/tools/fiptool/Makefile + sed -i '/^INCLUDE_PATHS/ s,$, \$\{BUILD_CFLAGS},' ${S}/tools/fiptool/Makefile + + oe_runmake fiptool +} + +do_install () { + install -D -p -m 0755 tools/fiptool/fiptool ${D}${bindir}/fiptool +} diff --git a/meta-arm/recipes-bsp/trusted-firmware-a/tf-a-tests_2.10.0.bb b/meta-arm/recipes-bsp/trusted-firmware-a/tf-a-tests_2.10.0.bb new file mode 100644 index 00000000..fffdf5d3 --- /dev/null +++ b/meta-arm/recipes-bsp/trusted-firmware-a/tf-a-tests_2.10.0.bb @@ -0,0 +1,58 @@ +DESCRIPTION = "Trusted Firmware-A tests(aka TFTF)" +LICENSE = "BSD-3-Clause & NCSA" + +LIC_FILES_CHKSUM += "file://docs/license.rst;md5=6175cc0aa2e63b6d21a32aa0ee7d1b4a" + +inherit deploy + +COMPATIBLE_MACHINE ?= "invalid" + +SRC_URI_TRUSTED_FIRMWARE_A_TESTS ?= "git://git.trustedfirmware.org/TF-A/tf-a-tests.git;protocol=https" +SRC_URI = "${SRC_URI_TRUSTED_FIRMWARE_A_TESTS};branch=${SRCBRANCH} \ + " +SRCBRANCH = "master" +SRCREV = "42b99719d5dde58bdde07712bcb70a20d87f9067" + +DEPENDS += "optee-os" + +EXTRA_OEMAKE += "USE_NVM=0" +EXTRA_OEMAKE += "SHELL_COLOR=1" +EXTRA_OEMAKE += "DEBUG=1" + +# Modify mode based on debug or release mode +TFTF_MODE ?= "debug" + +# Platform must be set for each machine +TFA_PLATFORM ?= "invalid" + +EXTRA_OEMAKE += "ARCH=aarch64" +EXTRA_OEMAKE += "LOG_LEVEL=50" + +S = "${WORKDIR}/git" +B = "${WORKDIR}/build" + +# Add platform parameter +EXTRA_OEMAKE += "BUILD_BASE=${B} PLAT=${TFA_PLATFORM}" + +# Requires CROSS_COMPILE set by hand as there is no configure script +export CROSS_COMPILE="${TARGET_PREFIX}" + +LDFLAGS[unexport] = "1" +do_compile() { + oe_runmake -C ${S} tftf +} + +do_compile[cleandirs] = "${B}" + +FILES:${PN} = "/firmware/tftf.bin" +SYSROOT_DIRS += "/firmware" + +do_install() { + install -d -m 755 ${D}/firmware + install -m 0644 ${B}/${TFA_PLATFORM}/${TFTF_MODE}/tftf.bin ${D}/firmware/tftf.bin +} + +do_deploy() { + cp -rf ${D}/firmware/* ${DEPLOYDIR}/ +} +addtask deploy after do_install diff --git a/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc b/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc index 807e1254..922c0a34 100644 --- a/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc +++ b/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc @@ -1,14 +1,17 @@ DESCRIPTION = "Trusted Firmware-A" -LICENSE = "BSD-3-Clause" - -PROVIDES = "virtual/trusted-firmware-a" +LICENSE = "BSD-3-Clause & MIT" PACKAGE_ARCH = "${MACHINE_ARCH}" inherit deploy -SRC_URI = "git://git.trustedfirmware.org/TF-A/trusted-firmware-a.git;protocol=https;name=tfa" -UPSTREAM_CHECK_GITTAGREGEX = "^v(?P<pver>\d+(\.\d+)+)$" +SRC_URI_TRUSTED_FIRMWARE_A ?= "git://git.trustedfirmware.org/TF-A/trusted-firmware-a.git;protocol=https" +SRCBRANCH = "master" +SRC_URI = "${SRC_URI_TRUSTED_FIRMWARE_A};name=tfa;branch=${SRCBRANCH}" + +UPSTREAM_CHECK_GITTAGREGEX = "^(lts-)?v(?P<pver>\d+(\.\d+)+)$" + +SRCREV_FORMAT = "tfa" COMPATIBLE_MACHINE ?= "invalid" @@ -48,21 +51,20 @@ SRC_URI_MBEDTLS ??= "" # This should be set to MBEDTLS LIC FILES checksum LIC_FILES_CHKSUM_MBEDTLS ??= "" # add MBEDTLS to our sources if activated -SRC_URI_append = " ${@bb.utils.contains('TFA_MBEDTLS', '1', '${SRC_URI_MBEDTLS}', '', d)}" +SRC_URI:append = " ${@bb.utils.contains('TFA_MBEDTLS', '1', '${SRC_URI_MBEDTLS}', '', d)}" # Update license variables -LICENSE_append = "${@bb.utils.contains('TFA_MBEDTLS', '1', ' & Apache-2.0', '', d)}" -LIC_FILES_CHKSUM_append = "${@bb.utils.contains('TFA_MBEDTLS', '1', ' ${LIC_FILES_CHKSUM_MBEDTLS}', '', d)}" +LICENSE:append = "${@bb.utils.contains('TFA_MBEDTLS', '1', ' & Apache-2.0', '', d)}" +LIC_FILES_CHKSUM:append = "${@bb.utils.contains('TFA_MBEDTLS', '1', ' ${LIC_FILES_CHKSUM_MBEDTLS}', '', d)}" # add mbed TLS to version -SRCREV_FORMAT_append = "${@bb.utils.contains('TFA_MBEDTLS', '1', '_mbedtls', '', d)}" - -SRC_URI_append = " \ - file://0002-pmf.h-made-PMF_STOTE_ENABLE-pass-Wtautological.patch \ - file://0003-xlat-tables-v2-remove-tautological-assert.patch \ - " +SRCREV_FORMAT:append = "${@bb.utils.contains('TFA_MBEDTLS', '1', '_mbedtls', '', d)}" # U-boot support (set TFA_UBOOT to 1 to activate) # When U-Boot support is activated BL33 is activated with u-boot.bin file -TFA_UBOOT ?= "0" +TFA_UBOOT ??= "0" + +# UEFI support (set TFA_UEFI to 1 to activate) +# When UEFI support is activated BL33 is activated with uefi.bin file +TFA_UEFI ??= "0" # What to build # By default we only build bl1, do_deploy will copy @@ -87,12 +89,12 @@ LD[unexport] = "1" do_configure[noexec] = "1" # Baremetal, just need a compiler -DEPENDS_remove = "virtual/${TARGET_PREFIX}compilerlibs virtual/libc" +DEPENDS:remove = "virtual/${TARGET_PREFIX}compilerlibs virtual/libc" # We need dtc for dtbs compilation # We need openssl for fiptool DEPENDS = "dtc-native openssl-native" -DEPENDS_append_toolchain-clang = " compiler-rt" +DEPENDS:append:toolchain-clang = " compiler-rt" # CC and LD introduce arguments which conflict with those otherwise provided by # this recipe. The heads of these variables excluding those arguments @@ -101,11 +103,12 @@ def remove_options_tail (in_string): from itertools import takewhile return ' '.join(takewhile(lambda x: not x.startswith('-'), in_string.split(' '))) -EXTRA_OEMAKE += "LD=${@remove_options_tail(d.getVar('LD'))}" +EXTRA_OEMAKE += "LD='${@remove_options_tail(d.getVar('LD'))}'" -EXTRA_OEMAKE += "CC=${@remove_options_tail(d.getVar('CC'))}" +EXTRA_OEMAKE += "CC='${@remove_options_tail(d.getVar('CC'))}'" -EXTRA_OEMAKE += "V=1" +# Verbose builds, no -Werror +EXTRA_OEMAKE += "V=1 E=0" # Add platform parameter EXTRA_OEMAKE += "BUILD_BASE=${B} PLAT=${TFA_PLATFORM}" @@ -128,7 +131,15 @@ EXTRA_OEMAKE += "${@bb.utils.contains('TFA_MBEDTLS', '1', 'MBEDTLS_DIR=${TFA_MBE # Uboot support DEPENDS += " ${@bb.utils.contains('TFA_UBOOT', '1', 'u-boot', '', d)}" do_compile[depends] += " ${@bb.utils.contains('TFA_UBOOT', '1', 'u-boot:do_deploy', '', d)}" -EXTRA_OEMAKE += "${@bb.utils.contains('TFA_UBOOT', '1', 'BL33=${DEPLOY_DIR_IMAGE}/u-boot.bin', '',d)}" +EXTRA_OEMAKE += "${@bb.utils.contains('TFA_UBOOT', '1', 'BL33=${DEPLOY_DIR_IMAGE}/u-boot.bin', '', d)}" + +# UEFI support +DEPENDS += " ${@bb.utils.contains('TFA_UEFI', '1', 'edk2-firmware', '', d)}" +EXTRA_OEMAKE += "${@bb.utils.contains('TFA_UEFI', '1', 'BL33=${RECIPE_SYSROOT}/firmware/uefi.bin', '', d)}" + +# TFTF test support +DEPENDS += " ${@bb.utils.contains('TFTF_TESTS', '1', 'tf-a-tests', '', d)}" +EXTRA_OEMAKE += "${@bb.utils.contains('TFTF_TESTS', '1', 'BL33=${RECIPE_SYSROOT}/firmware/tftf.bin', '',d)}" # Hafnium support SEL2_SPMC = "${@'${TFA_SPMD_SPM_AT_SEL2}' if d.getVar('TFA_SPD', True) == 'spmd' else ''}" @@ -144,30 +155,26 @@ EXTRA_OEMAKE += "${@bb.utils.contains('SEL2_SPMC', '1', 'ARM_SPMC_MANIFEST_DTS=$ # Tell the tools where the native OpenSSL is located EXTRA_OEMAKE += "OPENSSL_DIR=${STAGING_DIR_NATIVE}/${prefix_native}" +# Use the correct native compiler +EXTRA_OEMAKE += "HOSTCC='${BUILD_CC}'" # Runtime variables EXTRA_OEMAKE += "RUNTIME_SYSROOT=${STAGING_DIR_HOST}" -EXTRA_OEMAKE += "TARGET_FPU=${TARGET_FPU}" BUILD_DIR = "${B}/${TFA_PLATFORM}" BUILD_DIR .= "${@'/${TFA_BOARD}' if d.getVar('TFA_BOARD') else ''}" BUILD_DIR .= "/${@'debug' if d.getVar("TFA_DEBUG") == '1' else 'release'}" -# The following hack is needed to fit properly in yocto build environment -# TFA is forcing the host compiler and its flags in the Makefile using := -# assignment for GCC and CFLAGS. do_compile() { - cd ${S} - - # These changes are needed to have the native tools compiling and executing properly - sed -i '/^LDLIBS/ s,$, \$\{BUILD_LDFLAGS},' ${S}/tools/fiptool/Makefile + # This is still needed to have the native tools executing properly by + # setting the RPATH + sed -i '/^LDOPTS/ s,$, \$\{BUILD_LDFLAGS},' ${S}/tools/fiptool/Makefile sed -i '/^INCLUDE_PATHS/ s,$, \$\{BUILD_CFLAGS},' ${S}/tools/fiptool/Makefile - # This can be removed when only TF-A 2.4 onwards is supported - sed -i 's^OPENSSL_DIR.*=.*$^OPENSSL_DIR = ${STAGING_DIR_NATIVE}/${prefix_native}^' ${S}/tools/*/Makefile + sed -i '/^LIB/ s,$, \$\{BUILD_LDFLAGS},' ${S}/tools/cert_create/Makefile # Currently there are races if you build all the targets at once in parallel for T in ${TFA_BUILD_TARGET}; do - oe_runmake $T + oe_runmake -C ${S} $T done } do_compile[cleandirs] = "${B}" @@ -221,10 +228,15 @@ do_install() { done } -FILES_${PN} = "/firmware" +FILES:${PN} = "/firmware" SYSROOT_DIRS += "/firmware" + +FILES:${PN}-dbg = "/firmware/*.elf" # Skip QA check for relocations in .text of elf binaries -INSANE_SKIP_${PN} = "textrel" +INSANE_SKIP:${PN}-dbg += "textrel" +# Build paths are currently embedded +INSANE_SKIP:${PN} += "buildpaths" +INSANE_SKIP:${PN}-dbg += "buildpaths" do_deploy() { cp -rf ${D}/firmware/* ${DEPLOYDIR}/ diff --git a/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend b/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend index dd74cd53..3d42a97c 100644 --- a/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend +++ b/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend @@ -1,26 +1,68 @@ -COMPATIBLE_MACHINE_qemuarm64 = "qemuarm64" +COMPATIBLE_MACHINE:qemuarm64-secureboot = "qemuarm64-secureboot" +COMPATIBLE_MACHINE:qemuarm-secureboot = "qemuarm-secureboot" -TFA_PLATFORM_qemuarm64-secureboot = "qemu" -TFA_PLATFORM_qemuarm64-sbsa = "qemu_sbsa" +#FIXME - clang fails to build tfa for qemuarm-secureboot, and possibly other +# arm/aarch32. This is a known testing hole in TF-A. +TOOLCHAIN:qemuarm-secureboot = "gcc" -TFA_SPD_qemuarm64-secureboot = "opteed" +# Enable passing TOS_FW_CONFIG from FIP package to Trusted OS. +FILESEXTRAPATHS:prepend:qemuarm64-secureboot := "${THISDIR}/files:" +SRC_URI:append:qemuarm64-secureboot = " \ + file://0001-Add-spmc_manifest-for-qemu.patch \ + file://0001-bl31_runtime-revert-usage-of-plat_ic_has_interrupt_t.patch \ + " -TFA_UBOOT_qemuarm64-secureboot = "1" -TFA_BUILD_TARGET_aarch64_qemuall = "all fip" +TFA_PLATFORM:qemuarm64-secureboot = "qemu" +TFA_PLATFORM:qemuarm-secureboot = "qemu" -TFA_INSTALL_TARGET_qemuarm64-secureboot = "flash.bin" -TFA_INSTALL_TARGET_qemuarm64-sbsa = "bl1 fip" +# Trusted Services secure partitions require arm-ffa machine feature. +# Enabling Secure-EL1 Payload Dispatcher (SPD) in this case +TFA_SPD:qemuarm64-secureboot = "${@bb.utils.contains('MACHINE_FEATURES', 'arm-ffa', 'spmd', 'opteed', d)}" +# Configure tf-a accordingly to TS requirements if included +EXTRA_OEMAKE:append:qemuarm64-secureboot = "${@bb.utils.contains('MACHINE_FEATURES', 'arm-ffa', ' CTX_INCLUDE_EL2_REGS=0 SPMC_OPTEE=1 ', '' , d)}" +# Cortex-A57 supports Armv8.0 (no S-EL2 execution state). +# The SPD SPMC component should run at the S-EL1 execution state. +TFA_SPMD_SPM_AT_SEL2:qemuarm64-secureboot = "0" -DEPENDS_append_aarch64_qemuall = " optee-os" +TFA_UBOOT:qemuarm64-secureboot = "1" +TFA_UBOOT:qemuarm-secureboot = "1" +TFA_BUILD_TARGET:aarch64:qemuall = "all fip" +TFA_BUILD_TARGET:arm:qemuall = "all fip" -EXTRA_OEMAKE_append_aarch64_qemuall = " \ +TFA_INSTALL_TARGET:qemuarm64-secureboot = "flash.bin" +TFA_INSTALL_TARGET:qemuarm-secureboot = "flash.bin" + +DEPENDS:append:aarch64:qemuall = " optee-os" +DEPENDS:append:arm:qemuall = " optee-os" + +EXTRA_OEMAKE:append:aarch64:qemuall = " \ BL32=${STAGING_DIR_TARGET}${nonarch_base_libdir}/firmware/tee-header_v2.bin \ BL32_EXTRA1=${STAGING_DIR_TARGET}${nonarch_base_libdir}/firmware/tee-pager_v2.bin \ BL32_EXTRA2=${STAGING_DIR_TARGET}${nonarch_base_libdir}/firmware/tee-pageable_v2.bin \ BL32_RAM_LOCATION=tdram \ " -do_compile_append_qemuarm64-secureboot() { +EXTRA_OEMAKE:append:arm:qemuall = " \ + BL32=${STAGING_DIR_TARGET}${nonarch_base_libdir}/firmware/tee-header_v2.bin \ + BL32_EXTRA1=${STAGING_DIR_TARGET}${nonarch_base_libdir}/firmware/tee-pager_v2.bin \ + BL32_EXTRA2=${STAGING_DIR_TARGET}${nonarch_base_libdir}/firmware/tee-pageable_v2.bin \ + ARM_ARCH_MAJOR=7 \ + ARCH=aarch32 \ + BL32_RAM_LOCATION=tdram \ + AARCH32_SP=optee \ + " +# When using OP-TEE SPMC specify the SPMC manifest file. +EXTRA_OEMAKE:append:qemuarm64-secureboot = "${@bb.utils.contains('MACHINE_FEATURES', 'arm-ffa', \ + 'QEMU_TOS_FW_CONFIG_DTS=${S}/plat/qemu/fdts/optee_spmc_manifest.dts', '', d)}" + +do_compile:append:qemuarm64-secureboot() { + # Create a secure flash image for booting AArch64 Qemu. See: + # https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/tree/docs/plat/qemu.rst + dd if=${BUILD_DIR}/bl1.bin of=${BUILD_DIR}/flash.bin bs=4096 conv=notrunc + dd if=${BUILD_DIR}/fip.bin of=${BUILD_DIR}/flash.bin seek=64 bs=4096 conv=notrunc +} + +do_compile:append:qemuarm-secureboot() { # Create a secure flash image for booting AArch64 Qemu. See: # https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/tree/docs/plat/qemu.rst dd if=${BUILD_DIR}/bl1.bin of=${BUILD_DIR}/flash.bin bs=4096 conv=notrunc diff --git a/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_1.5.bb b/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_1.5.bb deleted file mode 100644 index 56d3507e..00000000 --- a/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_1.5.bb +++ /dev/null @@ -1,28 +0,0 @@ -# -# Trusted firmware-A 1.5 -# - -require trusted-firmware-a.inc - -# Use TF-A for version -SRCREV_FORMAT = "tfa" - -# TF-A v1.5 -SRCREV_tfa = "ed8112606c54d85781fc8429160883d6310ece32" - -LIC_FILES_CHKSUM += "file://license.rst;md5=e927e02bca647e14efd87e9e914b2443" - -# -# mbed TLS source -# Those are used in trusted-firmware-a.inc if TFA_MBEDTLS is set to 1 -# - -SRC_URI_MBEDTLS = "git://github.com/ARMmbed/mbedtls.git;name=mbedtls;protocol=https;destsuffix=git/mbedtls;branch=mbedtls-2.16" - -# mbed TLS v2.16.2 -SRCREV_mbedtls = "d81c11b8ab61fd5b2da8133aa73c5fe33a0633eb" - -LIC_FILES_CHKSUM_MBEDTLS = " \ - file://mbedtls/apache-2.0.txt;md5=3b83ef96387f14655fc854ddc3c6bd57 \ - file://mbedtls/LICENSE;md5=302d50a6369f5f22efdb674db908167a \ - " diff --git a/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.10.3.bb b/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.10.3.bb new file mode 100644 index 00000000..13942dbb --- /dev/null +++ b/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.10.3.bb @@ -0,0 +1,18 @@ +require recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc + +# TF-A v2.10.3 +SRCREV_tfa = "0f915309c3821ce6f78f8451e5a6178d0cf07611" +SRCBRANCH = "lts-v2.10" + +LIC_FILES_CHKSUM += "file://docs/license.rst;md5=b2c740efedc159745b9b31f88ff03dde" + +# mbedtls-3.4.1 +SRC_URI_MBEDTLS = "git://github.com/ARMmbed/mbedtls.git;name=mbedtls;protocol=https;destsuffix=git/mbedtls;branch=master" +SRCREV_mbedtls = "72718dd87e087215ce9155a826ee5a66cfbe9631" + +LIC_FILES_CHKSUM_MBEDTLS = "file://mbedtls/LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" + +# continue to boot also without TPM +SRC_URI += "\ + file://0001-qemu_measured_boot.c-ignore-TPM-error-and-continue-w.patch \ +" diff --git a/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.4.bb b/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.4.bb deleted file mode 100644 index f23132af..00000000 --- a/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.4.bb +++ /dev/null @@ -1,15 +0,0 @@ -require trusted-firmware-a.inc - -# Use TF-A for version -SRCREV_FORMAT = "tfa" - -# TF-A v2.4 -SRCREV_tfa = "e2c509a39c6cc4dda8734e6509cdbe6e3603cdfc" - -LIC_FILES_CHKSUM += "file://docs/license.rst;md5=189505435dbcdcc8caa63c46fe93fa89" - -# mbed TLS v2.24.0 -SRC_URI_MBEDTLS = "git://github.com/ARMmbed/mbedtls.git;name=mbedtls;protocol=https;destsuffix=git/mbedtls;branch=master" -SRCREV_mbedtls = "523f0554b6cdc7ace5d360885c3f5bbcc73ec0e8" - -LIC_FILES_CHKSUM_MBEDTLS = "file://mbedtls/LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" diff --git a/meta-arm/recipes-bsp/trusted-firmware-m/files/objcopy.patch b/meta-arm/recipes-bsp/trusted-firmware-m/files/objcopy.patch deleted file mode 100644 index 5734c13a..00000000 --- a/meta-arm/recipes-bsp/trusted-firmware-m/files/objcopy.patch +++ /dev/null @@ -1,20 +0,0 @@ -The BFD target elf32-little has no specified machine, which trips the -architecture sanity test. Use elf32-littlearm to set the machine -correctly. - -Upstream-Status: Backport -Signed-off-by: Ross Burton <ross.burton@arm.com> - -diff --git a/cmake/Common/CompilerGNUARMCommon.cmake b/cmake/Common/CompilerGNUARMCommon.cmake -index 32e805bb..2d3ea8e4 100644 ---- a/cmake/Common/CompilerGNUARMCommon.cmake -+++ b/cmake/Common/CompilerGNUARMCommon.cmake -@@ -196,7 +196,7 @@ function(compiler_generate_hex_output TARGET) - endfunction() - - function(compiler_generate_elf_output TARGET) -- add_custom_command(TARGET ${TARGET} POST_BUILD COMMAND ${CMAKE_GNUARM_OBJCOPY} ARGS -O elf32-little $<TARGET_FILE:${TARGET}> $<TARGET_FILE_DIR:${TARGET}>/${TARGET}.elf) -+ add_custom_command(TARGET ${TARGET} POST_BUILD COMMAND ${CMAKE_GNUARM_OBJCOPY} ARGS -O elf32-littlearm $<TARGET_FILE:${TARGET}> $<TARGET_FILE_DIR:${TARGET}>/${TARGET}.elf) - endfunction() - - # Function for creating a new target that preprocesses a .c file diff --git a/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m-2.0.0-src.inc b/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m-2.0.0-src.inc new file mode 100644 index 00000000..82543258 --- /dev/null +++ b/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m-2.0.0-src.inc @@ -0,0 +1,46 @@ +# Common src definitions for trusted-firmware-m and trusted-firmware-m-scripts + +LICENSE = "BSD-2-Clause & BSD-3-Clause & Apache-2.0" + +LIC_FILES_CHKSUM = "file://license.rst;md5=07f368487da347f3c7bd0fc3085f3afa \ + file://../tf-m-tests/license.rst;md5=4481bae2221b0cfca76a69fb3411f390 \ + file://../mbedtls/LICENSE;md5=379d5819937a6c2f1ef1630d341e026d \ + file://../mcuboot/LICENSE;md5=b6ee33f1d12a5e6ee3de1e82fb51eeb8" + +SRC_URI_TRUSTED_FIRMWARE_M ?= "git://git.trustedfirmware.org/TF-M/trusted-firmware-m.git;protocol=https" +SRC_URI_TRUSTED_FIRMWARE_M_EXTRAS ?= "git://git.trustedfirmware.org/TF-M/tf-m-extras.git;protocol=https" +SRC_URI_TRUSTED_FIRMWARE_M_TESTS ?= "git://git.trustedfirmware.org/TF-M/tf-m-tests.git;protocol=https" +SRC_URI_TRUSTED_FIRMWARE_M_MBEDTLS ?= "git://github.com/ARMmbed/mbedtls.git;protocol=https" +SRC_URI_TRUSTED_FIRMWARE_M_MCUBOOT ?= "git://github.com/mcu-tools/mcuboot.git;protocol=https" +SRC_URI_TRUSTED_FIRMWARE_M_QCBOR ?= "git://github.com/laurencelundblade/QCBOR.git;protocol=https" +SRC_URI = "${SRC_URI_TRUSTED_FIRMWARE_M};branch=${SRCBRANCH_tfm};name=tfm;destsuffix=git/tfm \ + ${SRC_URI_TRUSTED_FIRMWARE_M_EXTRAS};branch=${SRCBRANCH_tfm-extras};name=tfm-extras;destsuffix=git/tfm-extras \ + ${SRC_URI_TRUSTED_FIRMWARE_M_TESTS};branch=${SRCBRANCH_tfm-tests};name=tfm-tests;destsuffix=git/tf-m-tests \ + ${SRC_URI_TRUSTED_FIRMWARE_M_MBEDTLS};branch=${SRCBRANCH_mbedtls};name=mbedtls;destsuffix=git/mbedtls \ + ${SRC_URI_TRUSTED_FIRMWARE_M_MCUBOOT};branch=${SRCBRANCH_mcuboot};name=mcuboot;destsuffix=git/mcuboot \ + ${SRC_URI_TRUSTED_FIRMWARE_M_QCBOR};branch=${SRCBRANCH_qcbor};name=qcbor;destsuffix=git/qcbor \ + " + +# The required dependencies are documented in tf-m/config/config_default.cmake +# TF-Mv2.0.0 +SRCBRANCH_tfm ?= "release/2.0.x" +SRCREV_tfm = "9ca8a5eb3c85eecee1303dffa262800ea0385584" +# TF-Mv2.0.0 +SRCBRANCH_tfm-extras ?= "release/2.0.x" +SRCREV_tfm-extras = "676a1465f361439bc95f5a50ef71749f27caffc1" +# TF-Mv2.0.0 +SRCBRANCH_tfm-tests ?= "release/2.0.x" +SRCREV_tfm-tests = "69fbb233dc6e45f8306d98694ca5760559f9d2ef" +# mbedtls-3.5.1 +SRCBRANCH_mbedtls ?= "master" +SRCREV_mbedtls = "edb8fec9882084344a314368ac7fd957a187519c" +# mcuboot v2.0.0 +SRCBRANCH_mcuboot ?= "main" +SRCREV_mcuboot = "304fd41980ed929533b9f387dde1b463b0be5b90" +# QCBOR v1.2 +SRCBRANCH_qcbor ?= "master" +SRCREV_qcbor = "b0e7033268e88c9f27146fa9a1415ef4c19ebaff" + +SRCREV_FORMAT = "tfm" + +S = "${WORKDIR}/git/tfm" diff --git a/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m-scripts-native.inc b/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m-scripts-native.inc new file mode 100644 index 00000000..afe655f8 --- /dev/null +++ b/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m-scripts-native.inc @@ -0,0 +1,25 @@ +SUMMARY = "Trusted Firmware image signing scripts" +DESCRIPTION = "Trusted Firmware-M image signing scripts" +HOMEPAGE = "https://git.trustedfirmware.org/trusted-firmware-m.git" + +inherit native + +# See bl2/ext/mcuboot/scripts/requirements.txt +RDEPENDS:${PN} = "\ + python3-cryptography-native \ + python3-pyasn1-native \ + python3-pyyaml-native \ + python3-cbor2-native \ + python3-imgtool-native \ + python3-click-native \ +" + +do_configure[noexec] = "1" +do_compile[noexec] = "1" + +do_install() { + install -d ${D}/${libdir} + cp -rf ${S}/bl2/ext/mcuboot/scripts/ ${D}/${libdir}/tfm-scripts + cp -rf ${S}/bl2/ext/mcuboot/*.pem ${D}/${libdir}/tfm-scripts +} +FILES:${PN} = "${libdir}/tfm-scripts" diff --git a/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m-scripts-native_2.0.0.bb b/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m-scripts-native_2.0.0.bb new file mode 100644 index 00000000..d50d886f --- /dev/null +++ b/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m-scripts-native_2.0.0.bb @@ -0,0 +1,2 @@ +require recipes-bsp/trusted-firmware-m/trusted-firmware-m-${PV}-src.inc +require recipes-bsp/trusted-firmware-m/trusted-firmware-m-scripts-native.inc diff --git a/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.2.0.bb b/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m.inc index 3509a580..772366d9 100644 --- a/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.2.0.bb +++ b/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m.inc @@ -8,29 +8,6 @@ DESCRIPTION = "Trusted Firmware-M" HOMEPAGE = "https://git.trustedfirmware.org/trusted-firmware-m.git" PROVIDES = "virtual/trusted-firmware-m" -LICENSE = "BSD-3-Clause & Apachev2" - -LIC_FILES_CHKSUM = "file://license.rst;md5=07f368487da347f3c7bd0fc3085f3afa \ - file://../tf-m-tests/license.rst;md5=02d06ffb8d9f099ff4961c0cb0183a18 \ - file://../mbedtls/LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57 \ - file://../mcuboot/LICENSE;md5=b6ee33f1d12a5e6ee3de1e82fb51eeb8" - -SRC_URI = "git://git.trustedfirmware.org/TF-M/trusted-firmware-m.git;protocol=https;branch=master;name=tfm;destsuffix=${S} \ - git://git.trustedfirmware.org/TF-M/tf-m-tests.git;protocol=https;branch=master;name=tfm-tests;destsuffix=${S}/../tf-m-tests \ - git://github.com/ARMmbed/mbedtls.git;protocol=https;branch=development;name=mbedtls;destsuffix=${S}/../mbedtls \ - git://github.com/JuulLabs-OSS/mcuboot.git;protocol=https;name=mcuboot;destsuffix=${S}/../mcuboot \ - " - -# The required dependencies are documented in tf-m/config/config_default.cmake -# TF-Mv1.2.0 -SRCREV_tfm = "c78be620c0fee08888956646b8f02fd03ab88567" -# mbedtls 2.24 -SRCREV_mbedtls = "523f0554b6cdc7ace5d360885c3f5bbcc73ec0e8" -# master as of 20210212 -SRCREV_tfm-tests = "ccda809801e529250b47c9ac470cf94daef1bb1b" -# 1.7.0 -SRCREV_mcuboot = "a8e12dae381080e898cea0c6f7408009b0163f9f" - UPSTREAM_CHECK_GITTAGREGEX = "^TF-Mv(?P<pver>\d+(\.\d+)+)$" # Note to future readers of this recipe: until the CMakeLists don't abuse @@ -45,16 +22,25 @@ INHIBIT_DEFAULT_DEPS = "1" PACKAGE_ARCH = "${MACHINE_ARCH}" +# At present, TF-M Select other GNU Arm compiler versions instead of 11.2: +# https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/docs/getting_started/tfm_getting_started.rst#n214 +# +# See tools/requirements.txt for Python dependencies DEPENDS += "cmake-native \ - python3-intelhex-native \ - python3-jinja2-native \ - python3-pyyaml-native \ + ninja-native \ + gcc-arm-none-eabi-native \ + python3-cbor2-native \ python3-click-native \ python3-cryptography-native \ python3-pyasn1-native \ - python3-cbor-native" + python3-imgtool-native \ + python3-jinja2-native \ + python3-pyyaml-native \ + python3-pyhsslms-native \ + python3-ecdsa-native \ + python3-kconfiglib-native \ +" -S = "${WORKDIR}/git/tfm" B = "${WORKDIR}/build" # Build for debug (set TFM_DEBUG to 1 to activate) @@ -67,41 +53,44 @@ python() { raise bb.parse.SkipRecipe("TFM_PLATFORM needs to be set") } -PACKAGECONFIG ??= "cc-gnuarm" -# What compiler to use -PACKAGECONFIG[cc-gnuarm] = "-DTFM_TOOLCHAIN_FILE=toolchain_GNUARM.cmake,,gcc-arm-none-eabi-native" -PACKAGECONFIG[cc-armclang] = "-DTFM_TOOLCHAIN_FILE=toolchain_ARMCLANG.cmake,,armcompiler-native" +PACKAGECONFIG ??= "" # Whether to integrate the test suite PACKAGECONFIG[test-secure] = "-DTEST_S=ON,-DTEST_S=OFF" PACKAGECONFIG[test-nonsecure] = "-DTEST_NS=ON,-DTEST_NS=OFF" +# Currently we only support using the Arm binary GCC +EXTRA_OECMAKE += "-DTFM_TOOLCHAIN_FILE=${S}/toolchain_GNUARM.cmake" + +# Don't let FetchContent download more sources during do_configure +EXTRA_OECMAKE += "-DFETCHCONTENT_FULLY_DISCONNECTED=ON" + # Add platform parameters EXTRA_OECMAKE += "-DTFM_PLATFORM=${TFM_PLATFORM}" # Handle TFM_DEBUG parameter -EXTRA_OECMAKE += "${@bb.utils.contains('TFM_DEBUG', '1', '-DCMAKE_BUILD_TYPE=Debug', '', d)}" +EXTRA_OECMAKE += "${@bb.utils.contains('TFM_DEBUG', '1', '-DCMAKE_BUILD_TYPE=Debug', '-DCMAKE_BUILD_TYPE=Release', d)}" # Verbose builds EXTRA_OECMAKE += "-DCMAKE_VERBOSE_MAKEFILE:BOOL=ON" -EXTRA_OECMAKE += "-DMBEDCRYPTO_PATH=${S}/../mbedtls -DTFM_TEST_REPO_PATH=${S}/../tf-m-tests -DMCUBOOT_PATH=${S}/../mcuboot" +EXTRA_OECMAKE += "-DMBEDCRYPTO_PATH=${S}/../mbedtls -DTFM_TEST_REPO_PATH=${S}/../tf-m-tests -DTFM_EXTRAS_REPO_PATH=${S}/../tfm-extras -DMCUBOOT_PATH=${S}/../mcuboot -DQCBOR_PATH=${S}/../qcbor" + +export CMAKE_BUILD_PARALLEL_LEVEL = "${@oe.utils.parallel_make(d, False)}" -# Let the Makefile handle setting up the CFLAGS and LDFLAGS as it is a standalone application -CFLAGS[unexport] = "1" -LDFLAGS[unexport] = "1" AS[unexport] = "1" +CC[unexport] = "1" LD[unexport] = "1" -# TF-M ships patches that it needs applied to mbedcrypto, so apply them -# as part of do_patch. -apply_local_patches() { - cat ${S}/lib/ext/mbedcrypto/*.patch | patch -p1 -d ${S}/../mbedtls -} -do_patch[postfuncs] += "apply_local_patches" +# remove once arm-none-eabi-gcc updates to 13 or newer like poky +DEBUG_PREFIX_MAP:remove = "-fcanon-prefix-map" + +# python3-cryptography needs the legacy provider, so set OPENSSL_MODULES to the +# right path until this is relocated automatically. +export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules" do_configure[cleandirs] = "${B}" do_configure() { - cmake -G"Unix Makefiles" -S ${S} -B ${B} ${EXTRA_OECMAKE} + cmake -GNinja -S ${S} -B ${B} ${EXTRA_OECMAKE} ${PACKAGECONFIG_CONFARGS} } # Invoke install here as there's no point in splitting compile from install: the @@ -111,6 +100,7 @@ do_configure() { do_compile() { cmake --build ${B} -- install } +do_compile[progress] = "outof:^\[(\d+)/(\d+)\]\s+" do_install() { # TODO install headers and static libraries when we know how they're used @@ -118,10 +108,18 @@ do_install() { install -m 0644 ${B}/bin/* ${D}/firmware/ } -FILES_${PN} = "/firmware" +FILES:${PN} = "/firmware" SYSROOT_DIRS += "/firmware" +FILES:${PN}-dbg = "/firmware/*.elf" addtask deploy after do_install do_deploy() { cp -rf ${D}/firmware/* ${DEPLOYDIR}/ } + +# Build paths are currently embedded because it's impossible to pass -fdebug-prefix-map +INSANE_SKIP:${PN} += "buildpaths" +INSANE_SKIP:${PN}-dbg += "buildpaths" +# Target binaries will be 32-bit Arm +INSANE_SKIP:${PN} += "arch" +INSANE_SKIP:${PN}-dbg += "arch" diff --git a/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_2.0.0.bb b/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_2.0.0.bb new file mode 100644 index 00000000..3464f49d --- /dev/null +++ b/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_2.0.0.bb @@ -0,0 +1,2 @@ +require recipes-bsp/trusted-firmware-m/trusted-firmware-m-${PV}-src.inc +require recipes-bsp/trusted-firmware-m/trusted-firmware-m.inc diff --git a/meta-arm/recipes-bsp/u-boot/u-boot/0001-qemu-arm-make-QFW-MMIO-implied-on-qemu-arm.patch b/meta-arm/recipes-bsp/u-boot/u-boot/0001-qemu-arm-make-QFW-MMIO-implied-on-qemu-arm.patch new file mode 100644 index 00000000..8d3b32f8 --- /dev/null +++ b/meta-arm/recipes-bsp/u-boot/u-boot/0001-qemu-arm-make-QFW-MMIO-implied-on-qemu-arm.patch @@ -0,0 +1,34 @@ +From 67bb1f111c4668c4dfdc40547cb83fc6c1f010e9 Mon Sep 17 00:00:00 2001 +From: Jon Mason <jdmason@kudzu.us> +Date: Thu, 26 Jan 2023 11:46:33 -0500 +Subject: [PATCH] qemu: arm: make QFW, MMIO implied on qemu-arm + +There are instances when one would not want QFW enabled, like running +alternative firmware. Make this choice optional instead of forced by +using the implied keyword. + +Signed-off-by: Jon Mason <jdmason@kudzu.us> +Upstream-Status: Pending [Not submitted to upstream yet] + +--- + board/emulation/qemu-arm/Kconfig | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/board/emulation/qemu-arm/Kconfig b/board/emulation/qemu-arm/Kconfig +index ed9949651c4b..93f6f74d5bcc 100644 +--- a/board/emulation/qemu-arm/Kconfig ++++ b/board/emulation/qemu-arm/Kconfig +@@ -5,8 +5,8 @@ config TEXT_BASE + + config BOARD_SPECIFIC_OPTIONS # dummy + def_bool y +- select CMD_QFW +- select QFW_MMIO ++ imply CMD_QFW ++ imply QFW_MMIO + imply VIRTIO_MMIO + imply VIRTIO_PCI + imply VIRTIO_NET +-- +2.30.2 + diff --git a/meta-arm/recipes-bsp/u-boot/u-boot/qemuarm.cfg b/meta-arm/recipes-bsp/u-boot/u-boot/qemuarm.cfg new file mode 100644 index 00000000..da414108 --- /dev/null +++ b/meta-arm/recipes-bsp/u-boot/u-boot/qemuarm.cfg @@ -0,0 +1,5 @@ +# This must match the address that TF-A jumps to for BL33 +CONFIG_TEXT_BASE=0x60000000 +CONFIG_ENV_IS_NOWHERE=y +# CONFIG_ENV_IS_IN_FLASH is not set +# CONFIG_CMD_QFW is not set diff --git a/meta-arm/recipes-bsp/u-boot/u-boot_%.bbappend b/meta-arm/recipes-bsp/u-boot/u-boot_%.bbappend index afcd70a9..58d66e1d 100644 --- a/meta-arm/recipes-bsp/u-boot/u-boot_%.bbappend +++ b/meta-arm/recipes-bsp/u-boot/u-boot_%.bbappend @@ -1,3 +1,7 @@ -FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" +FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:" -SRC_URI_append_qemuarm64-secureboot = " file://qemuarm64.cfg" +SRC_URI:append:qemuarm64-secureboot = " file://qemuarm64.cfg" +SRC_URI:append:qemuarm-secureboot = " \ + file://0001-qemu-arm-make-QFW-MMIO-implied-on-qemu-arm.patch \ + file://qemuarm.cfg \ + " diff --git a/meta-arm/recipes-bsp/uefi/edk2-basetools-native_202402.bb b/meta-arm/recipes-bsp/uefi/edk2-basetools-native_202402.bb new file mode 100644 index 00000000..bd840967 --- /dev/null +++ b/meta-arm/recipes-bsp/uefi/edk2-basetools-native_202402.bb @@ -0,0 +1,24 @@ +# Install EDK2 Base Tools in native sysroot. Currently the BaseTools are not +# built, they are just copied to native sysroot. This is sufficient for +# generating UEFI capsules as it only depends on some python scripts. Other +# tools need to be built first before adding to sysroot. + +SUMMARY = "EDK2 Base Tools" +LICENSE = "BSD-2-Clause-Patent" + +# EDK2 +SRC_URI = "git://github.com/tianocore/edk2.git;branch=master;protocol=https" +LIC_FILES_CHKSUM = "file://License.txt;md5=2b415520383f7964e96700ae12b4570a" + +SRCREV = "edc6681206c1a8791981a2f911d2fb8b3d2f5768" + +S = "${WORKDIR}/git" + +inherit native + +RDEPENDS:${PN} += "python3-core" + +do_install () { + mkdir -p ${D}${bindir}/edk2-BaseTools + cp -r ${WORKDIR}/git/BaseTools/* ${D}${bindir}/edk2-BaseTools/ +} diff --git a/meta-arm/recipes-bsp/uefi/edk2-firmware.inc b/meta-arm/recipes-bsp/uefi/edk2-firmware.inc index c2d9bf12..274852e2 100644 --- a/meta-arm/recipes-bsp/uefi/edk2-firmware.inc +++ b/meta-arm/recipes-bsp/uefi/edk2-firmware.inc @@ -1,10 +1,9 @@ SUMMARY = "UEFI EDK2 Firmware" DESCRIPTION = "UEFI EDK2 Firmware for Arm reference platforms" HOMEPAGE = "https://github.com/tianocore/edk2" - LICENSE = "BSD-2-Clause-Patent" -PROVIDES += "virtual/uefi-firmware" +PROVIDES = "virtual/bootloader" # EDK2 LIC_FILES_CHKSUM = "file://License.txt;md5=2b415520383f7964e96700ae12b4570a" @@ -12,24 +11,35 @@ LIC_FILES_CHKSUM = "file://License.txt;md5=2b415520383f7964e96700ae12b4570a" LIC_FILES_CHKSUM += "file://edk2-platforms/License.txt;md5=2b415520383f7964e96700ae12b4570a" # These can be overridden as needed -EDK2_SRC_URI = "gitsm://github.com/tianocore/edk2.git" -EDK2_PLATFORMS_SRC_URI = "git://github.com/tianocore/edk2-platforms.git" - +SRC_URI_EDK2 ?= "gitsm://github.com/tianocore/edk2.git;protocol=https" +SRC_URI_EDK2_PLATFORMS ?= "git://github.com/tianocore/edk2-platforms.git;protocol=https" +SRCBRANCH_edk2 = "master" +SRCBRANCH_edk2_platforms = "master" SRC_URI = "\ - ${EDK2_SRC_URI};name=edk2;destsuffix=edk2;nobranch=1 \ - ${EDK2_PLATFORMS_SRC_URI};name=edk2-platforms;destsuffix=edk2/edk2-platforms;nobranch=1 \ + ${SRC_URI_EDK2};branch=${SRCBRANCH_edk2_platforms};name=edk2;destsuffix=edk2 \ + ${SRC_URI_EDK2_PLATFORMS};branch=${SRCBRANCH_edk2};name=edk2-platforms;destsuffix=edk2/edk2-platforms \ " SRCREV_FORMAT = "edk2_edk2-platforms" UPSTREAM_CHECK_GITTAGREGEX = "^edk2-stable(?P<pver>\d+)$" -EDK2_BUILD_RELEASE = "" -EDK2_PLATFORM = "" +COMPATIBLE_MACHINE ?= "invalid" +PACKAGE_ARCH = "${MACHINE_ARCH}" + +EDK2_BUILD_RELEASE = "1" + +EDK2_PLATFORM = "unset" # build --platform -EDK2_PLATFORM_DSC = "" +EDK2_PLATFORM_DSC = "unset" EDK2_BIN_NAME = "" # build --arch -EDK2_ARCH = "" +EDK2_ARCH ?= "unset" +EDK2_ARCH:arm = "ARM" +EDK2_ARCH:aarch64 = "AARCH64" +EDK2_ARCH:x86 = "IA32" +EDK2_ARCH:x86-64 = "X64" +EDK2_ARCH:riscv64 = "RISCV64" + # Extra arguments passed to build EDK2_EXTRA_BUILD = "" @@ -37,7 +47,7 @@ EDK2_EXTRA_BUILD = "" EDK2_BUILD_MODE ?= "${@bb.utils.contains('EDK2_BUILD_RELEASE', '1', 'RELEASE', 'DEBUG', d)}" # Baremetal, no need for a C library -DEPENDS_remove = "virtual/${TARGET_PREFIX}compilerlibs virtual/libc" +DEPENDS:remove = "virtual/${TARGET_PREFIX}compilerlibs virtual/libc" DEPENDS += "util-linux-native iasl-native" inherit deploy @@ -45,14 +55,11 @@ inherit deploy S = "${WORKDIR}/edk2" B = "${WORKDIR}/build" -PACKAGE_ARCH = "${MACHINE_ARCH}" - LDFLAGS[unexport] = "1" do_configure[cleandirs] += "${B}" # Set variables as per envsetup -export GCC5_AARCH64_PREFIX = "${STAGING_BINDIR_TOOLCHAIN}/${TARGET_PREFIX}" export PACKAGES_PATH = "${S}:${S}/edk2-platforms" export WORKSPACE = "${B}" export EDK_TOOLS_PATH = "${S}/BaseTools" @@ -62,7 +69,30 @@ export CONF_PATH = "${S}/Conf" export BTOOLS_PATH = "${EDK_TOOLS_PATH}/BinWrappers/PosixLike" EDK_COMPILER ?= "GCC5" -EDK_COMPILER_toolchain-clang = "CLANG38" +export GCC5_AARCH64_PREFIX = "${TARGET_PREFIX}" +export GCC5_ARM_PREFIX = "${TARGET_PREFIX}" + +EDK_COMPILER:toolchain-clang = "CLANG38" +export CLANG38_AARCH64_PREFIX = "${TARGET_PREFIX}" +export CLANG38_ARM_PREFIX = "${TARGET_PREFIX}" + +# These variables were changed in edk2 commit +# 206168e83f0901cbc1815ef5df4ac6598ad9721b, which was part of edk2-202305 +export CC = "${BUILD_CC}" +export CXX = "${BUILD_CXX}" +export AS = "${BUILD_AS}" +export AR = "${BUILD_AR}" +export LD = "${BUILD_LD}" +export CFLAGS = "${BUILD_CFLAGS}" +export CPPFLAGS = "${BUILD_CPPFLAGS}" +export LDFLAGS = "${BUILD_LFLAGS}" + +#FIXME - arm32 doesn't work with clang due to a linker issue +TOOLCHAIN:arm = "gcc" + +do_configure:prepend() { + sed -i -e "s#-target ${HOST_ARCH}-linux-gnu.*#-target ${HOST_SYS}#" ${S}/BaseTools/Conf/tools_def.template +} do_compile() { sed -i -e 's:-I \.\.:-I \.\. ${BUILD_CFLAGS} :' ${EDK_TOOLS_PATH}/Source/C/Makefiles/header.makefile @@ -82,6 +112,7 @@ do_compile() { --buildtarget ${EDK2_BUILD_MODE} \ --tagname ${EDK_COMPILER} \ --platform ${EDK2_PLATFORM_DSC} \ + ${@oe.utils.parallel_make_argument(d, "-n %d")} \ ${EDK2_EXTRA_BUILD} } @@ -90,10 +121,12 @@ do_install() { install ${B}/Build/${EDK2_PLATFORM}/${EDK2_BUILD_MODE}_${EDK_COMPILER}/FV/${EDK2_BIN_NAME} ${D}/firmware/uefi.bin } -FILES_${PN} = "/firmware" +FILES:${PN} = "/firmware" SYSROOT_DIRS += "/firmware" # Skip QA check for relocations in .text of elf binaries -INSANE_SKIP_${PN} = "textrel" +INSANE_SKIP:${PN} += "textrel" +# Build paths are currently embedded +INSANE_SKIP:${PN} += "buildpaths" do_deploy() { # Copy the images to deploy directory diff --git a/meta-arm/recipes-bsp/uefi/edk2-firmware_%.bbappend b/meta-arm/recipes-bsp/uefi/edk2-firmware_%.bbappend index 8330ac94..e923d9f0 100644 --- a/meta-arm/recipes-bsp/uefi/edk2-firmware_%.bbappend +++ b/meta-arm/recipes-bsp/uefi/edk2-firmware_%.bbappend @@ -1,26 +1,22 @@ -COMPATIBLE_MACHINE = "qemuarm64" +COMPATIBLE_MACHINE:qemuarm64-secureboot = "qemuarm64-secureboot" +EDK2_PLATFORM:qemuarm64-secureboot = "ArmVirtQemu-AARCH64" +EDK2_PLATFORM_DSC:qemuarm64-secureboot = "ArmVirtPkg/ArmVirtQemu.dsc" +EDK2_BIN_NAME:qemuarm64-secureboot = "QEMU_EFI.fd" -DEPENDS_append_qemuarm64-sbsa = " virtual/trusted-firmware-a" +COMPATIBLE_MACHINE:qemuarm64 = "qemuarm64" +EDK2_PLATFORM:qemuarm64 = "ArmVirtQemu-AARCH64" +EDK2_PLATFORM_DSC:qemuarm64 = "ArmVirtPkg/ArmVirtQemu.dsc" +EDK2_BIN_NAME:qemuarm64 = "QEMU_EFI.fd" -EDK2_BUILD_RELEASE_aarch64_qemuall = "1" -EDK2_ARCH_aarch64_qemuall = "AARCH64" +COMPATIBLE_MACHINE:qemuarm = "qemuarm" +EDK2_PLATFORM:qemuarm = "ArmVirtQemu-ARM" +EDK2_PLATFORM_DSC:qemuarm = "ArmVirtPkg/ArmVirtQemu.dsc" +EDK2_BIN_NAME:qemuarm = "QEMU_EFI.fd" -EDK2_PLATFORM_qemuarm64-sbsa = "SbsaQemu" -EDK2_PLATFORM_DSC_qemuarm64-sbsa = "Platform/Qemu/SbsaQemu/SbsaQemu.dsc" -EDK2_BIN_NAME_qemuarm64-sbsa = "SBSA_FLASH0.fd" - -EDK2_PLATFORM_qemuarm64-secureboot = "ArmVirtQemu-AARCH64" -EDK2_PLATFORM_DSC_qemuarm64-secureboot = "ArmVirtPkg/ArmVirtQemu.dsc" -EDK2_BIN_NAME_qemuarm64-secureboot = "QEMU_EFI.fd" - -do_compile_prepend_qemuarm64-sbsa() { - mkdir -p ${B}/Platform/Qemu/Sbsa/ - cp ${RECIPE_SYSROOT}/firmware/bl1.bin ${B}/Platform/Qemu/Sbsa/ - cp ${RECIPE_SYSROOT}/firmware/fip.bin ${B}/Platform/Qemu/Sbsa/ +do_install:append:qemuarm64() { + install ${B}/Build/${EDK2_PLATFORM}/${EDK2_BUILD_MODE}_${EDK_COMPILER}/FV/${EDK2_BIN_NAME} ${D}/firmware/ } -do_install_append_qemuarm64-sbsa() { - install ${B}/Build/${EDK2_PLATFORM}/${EDK2_BUILD_MODE}_${EDK_COMPILER}/FV/SBSA_FLASH0.fd ${D}/firmware/ovmf-tfa.bin - install ${B}/Build/${EDK2_PLATFORM}/${EDK2_BUILD_MODE}_${EDK_COMPILER}/FV/SBSA_FLASH1.fd ${D}/firmware/ovmf-uefi.bin - /usr/bin/truncate -s 256M ${D}/firmware/ovmf*.bin +do_install:append:qemuarm() { + install ${B}/Build/${EDK2_PLATFORM}/${EDK2_BUILD_MODE}_${EDK_COMPILER}/FV/${EDK2_BIN_NAME} ${D}/firmware/ } diff --git a/meta-arm/recipes-bsp/uefi/edk2-firmware_202102.bb b/meta-arm/recipes-bsp/uefi/edk2-firmware_202102.bb deleted file mode 100644 index 1352922b..00000000 --- a/meta-arm/recipes-bsp/uefi/edk2-firmware_202102.bb +++ /dev/null @@ -1,4 +0,0 @@ -SRCREV_edk2 ?= "ef91b07388e1c0a50c604e5350eeda98428ccea6" -SRCREV_edk2-platforms ?= "2620e05c6fade20ef5e1ba69280d09f9e2b3eff6" - -require edk2-firmware.inc diff --git a/meta-arm/recipes-bsp/uefi/edk2-firmware_202402.bb b/meta-arm/recipes-bsp/uefi/edk2-firmware_202402.bb new file mode 100644 index 00000000..05885315 --- /dev/null +++ b/meta-arm/recipes-bsp/uefi/edk2-firmware_202402.bb @@ -0,0 +1,7 @@ +SRCREV_edk2 ?= "edc6681206c1a8791981a2f911d2fb8b3d2f5768" +SRCREV_edk2-platforms ?= "07842635c80b64c4a979a652104ea1141ba5007a" + +# FIXME - clang is having issues with antlr +TOOLCHAIN:aarch64 = "gcc" + +require recipes-bsp/uefi/edk2-firmware.inc diff --git a/meta-arm/recipes-test/sbsa-acs/sbsa-acs/shell.patch b/meta-arm/recipes-bsp/uefi/sbsa-acs/0001-Patch-in-the-paths-to-the-SBSA-test-suite.patch index 0cbbb47a..236245fe 100644 --- a/meta-arm/recipes-test/sbsa-acs/sbsa-acs/shell.patch +++ b/meta-arm/recipes-bsp/uefi/sbsa-acs/0001-Patch-in-the-paths-to-the-SBSA-test-suite.patch @@ -1,26 +1,32 @@ -Patch in the paths to the SBSA test suite +From 3a164d9f17591a545d1eafa629b486d4a1563722 Mon Sep 17 00:00:00 2001 +From: Ross Burton <ross.burton@arm.com> +Date: Thu, 16 Feb 2023 21:53:25 +0000 +Subject: [PATCH] Patch in the paths to the SBSA test suite Upstream-Status: Inappropriate (required action) Signed-off-by: Ross Burton <ross.burton@arm.com> +--- + ShellPkg/ShellPkg.dsc | 3 +++ + 1 file changed, 3 insertions(+) diff --git a/ShellPkg/ShellPkg.dsc b/ShellPkg/ShellPkg.dsc -index c42bc9464a..ea21f07a31 100644 +index dd0d88603f11..91710c0795dc 100644 --- a/ShellPkg/ShellPkg.dsc +++ b/ShellPkg/ShellPkg.dsc -@@ -20,6 +20,8 @@ - SKUID_IDENTIFIER = DEFAULT
+@@ -23,6 +23,8 @@ + !include MdePkg/MdeLibs.dsc.inc
[LibraryClasses.common]
-+ SbsaValLib|ShellPkg/Application/sbsa-acs/val/SbsaValLib.inf
-+ SbsaPalLib|ShellPkg/Application/sbsa-acs/platform/pal_uefi/SbsaPalLib.inf
++ SbsaValLib|ShellPkg/Application/sbsa-acs/val/SbsaValLib.inf ++ SbsaPalLib|ShellPkg/Application/sbsa-acs/platform/pal_uefi/SbsaPalLib.inf UefiApplicationEntryPoint|MdePkg/Library/UefiApplicationEntryPoint/UefiApplicationEntryPoint.inf
UefiDriverEntryPoint|MdePkg/Library/UefiDriverEntryPoint/UefiDriverEntryPoint.inf
UefiBootServicesTableLib|MdePkg/Library/UefiBootServicesTableLib/UefiBootServicesTableLib.inf
-@@ -83,6 +85,7 @@ +@@ -88,6 +90,7 @@ # Build all the libraries when building this package.
# This helps developers test changes and how they affect the package.
#
-+ ShellPkg/Application/sbsa-acs/uefi_app/SbsaAvs.inf
++ ShellPkg/Application/sbsa-acs/uefi_app/SbsaAvs.inf ShellPkg/Library/UefiShellLib/UefiShellLib.inf
ShellPkg/Library/UefiShellAcpiViewCommandLib/UefiShellAcpiViewCommandLib.inf
ShellPkg/Library/UefiShellCommandLib/UefiShellCommandLib.inf
diff --git a/meta-arm/recipes-test/sbsa-acs/sbsa-acs/use_bfd_linker.patch b/meta-arm/recipes-bsp/uefi/sbsa-acs/0002-Enforce-using-good-old-BFD-linker.patch index 04c50ac1..284191d3 100644 --- a/meta-arm/recipes-test/sbsa-acs/sbsa-acs/use_bfd_linker.patch +++ b/meta-arm/recipes-bsp/uefi/sbsa-acs/0002-Enforce-using-good-old-BFD-linker.patch @@ -1,4 +1,7 @@ -Enforce using good old BFD linker +From 6c403e3ccaae3bb3fd9d0ad220ed8ea98b2b1354 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Wed, 7 Apr 2021 00:16:07 -0700 +Subject: [PATCH] Enforce using good old BFD linker some distros may use gold as system linker and it crashes while linking the app @@ -9,14 +12,20 @@ collect2: error: ld returned 1 exit status Upstream-Status: Pending Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + BaseTools/Conf/tools_def.template | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/BaseTools/Conf/tools_def.template b/BaseTools/Conf/tools_def.template +index 1bf62362b611..2b41be8d5a44 100755 --- a/BaseTools/Conf/tools_def.template +++ b/BaseTools/Conf/tools_def.template -@@ -1926,7 +1926,7 @@ DEFINE GCC_ARM_CC_XIPFLAGS = -mn - DEFINE GCC_AARCH64_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -mlittle-endian -fno-short-enums -fverbose-asm -funsigned-char -ffunction-sections -fdata-sections -Wno-address -fno-asynchronous-unwind-tables -fno-unwind-tables -fno-pic -fno-pie -ffixed-x18
+@@ -747,7 +747,7 @@ DEFINE GCC_AARCH64_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -mlittle-endian -fno- DEFINE GCC_AARCH64_CC_XIPFLAGS = -mstrict-align -mgeneral-regs-only
+ DEFINE GCC_RISCV64_CC_XIPFLAGS = -mstrict-align -mgeneral-regs-only
DEFINE GCC_DLINK_FLAGS_COMMON = -nostdlib --pie
-DEFINE GCC_DLINK2_FLAGS_COMMON = -Wl,--script=$(EDK_TOOLS_PATH)/Scripts/GccBase.lds
+DEFINE GCC_DLINK2_FLAGS_COMMON = -fuse-ld=bfd -Wl,--script=$(EDK_TOOLS_PATH)/Scripts/GccBase.lds
DEFINE GCC_IA32_X64_DLINK_COMMON = DEF(GCC_DLINK_FLAGS_COMMON) --gc-sections
DEFINE GCC_ARM_AARCH64_DLINK_COMMON= -Wl,--emit-relocs -nostdlib -Wl,--gc-sections -u $(IMAGE_ENTRY_POINT) -Wl,-e,$(IMAGE_ENTRY_POINT),-Map,$(DEST_DIR_DEBUG)/$(BASE_NAME).map
- DEFINE GCC_ARM_DLINK_FLAGS = DEF(GCC_ARM_AARCH64_DLINK_COMMON) -z common-page-size=0x20 -Wl,--pic-veneer
+ DEFINE GCC_LOONGARCH64_DLINK_COMMON= -Wl,--emit-relocs -nostdlib -Wl,--gc-sections -u $(IMAGE_ENTRY_POINT) -Wl,-e,$(IMAGE_ENTRY_POINT),-Map,$(DEST_DIR_DEBUG)/$(BASE_NAME).map
diff --git a/meta-arm/recipes-test/sbsa-acs/sbsa-acs_3.0.bb b/meta-arm/recipes-bsp/uefi/sbsa-acs_7.1.4.bb index 2116fc2f..a29c16ec 100644 --- a/meta-arm/recipes-test/sbsa-acs/sbsa-acs_3.0.bb +++ b/meta-arm/recipes-bsp/uefi/sbsa-acs_7.1.4.bb @@ -1,21 +1,24 @@ -require recipes-bsp/uefi/edk2-firmware_202102.bb - -PROVIDES_remove = "virtual/uefi-firmware" +require recipes-bsp/uefi/edk2-firmware_202402.bb +PROVIDES:remove = "virtual/bootloader" LICENSE += "& Apache-2.0" LIC_FILES_CHKSUM += "file://ShellPkg/Application/sbsa-acs/LICENSE.md;md5=2a944942e1496af1886903d274dedb13" -SRC_URI += "git://github.com/ARM-software/sbsa-acs;destsuffix=edk2/ShellPkg/Application/sbsa-acs;protocol=https;branch=release;name=acs \ +SRC_URI += "git://github.com/ARM-software/sbsa-acs;destsuffix=edk2/ShellPkg/Application/sbsa-acs;protocol=https;branch=master;name=acs \ git://github.com/tianocore/edk2-libc;destsuffix=edk2/edk2-libc;protocol=https;branch=master;name=libc \ - file://shell.patch \ - file://0001-pal_uefi-Fix-enum-conversion.patch \ - file://use_bfd_linker.patch" + file://0001-Patch-in-the-paths-to-the-SBSA-test-suite.patch \ + file://0002-Enforce-using-good-old-BFD-linker.patch \ + " + +SRCREV_acs = "be169f0008d86341e1e48cb70d524bd1518c3acc" +SRCREV_libc = "4667a82f0d873221f8b25ea701ce57a29270e4cb" -SRCREV_acs = "1b3a37214fe6809e07e471f79d1ef856461bc803" -SRCREV_libc = "61687168fe02ac4d933a36c9145fdd242ac424d1" +UPSTREAM_CHECK_URI = "https://github.com/ARM-software/sbsa-acs/releases" COMPATIBLE_HOST = "aarch64.*-linux" -EDK2_ARCH = "AARCH64" +COMPATIBLE_MACHINE = "" +PACKAGE_ARCH = "${TUNE_PKGARCH}" + EDK2_PLATFORM = "Shell" EDK2_PLATFORM_DSC = "ShellPkg/ShellPkg.dsc" EDK2_EXTRA_BUILD = "--module ShellPkg/Application/sbsa-acs/uefi_app/SbsaAvs.inf" diff --git a/meta-arm/recipes-devtools/fiptool/fiptool-native_1.5.bb b/meta-arm/recipes-devtools/fiptool/fiptool-native_1.5.bb deleted file mode 100644 index 925542c8..00000000 --- a/meta-arm/recipes-devtools/fiptool/fiptool-native_1.5.bb +++ /dev/null @@ -1,31 +0,0 @@ -# Firmware Image Package (FIP) -# It is a packaging format used by TF-A to package the -# firmware images in a single binary. - -DESCRIPTION = "fiptool - Trusted Firmware tool for packaging" -LICENSE = "BSD-3-Clause" - -SRC_URI = "git://git.trustedfirmware.org/TF-A/trusted-firmware-a.git;protocol=https" -LIC_FILES_CHKSUM = "file://license.rst;md5=e927e02bca647e14efd87e9e914b2443" - -# Use fiptool from TF-A v1.5 -SRCREV = "ed8112606c54d85781fc8429160883d6310ece32" - -DEPENDS += "openssl-native" - -inherit native - -S = "${WORKDIR}/git" - -do_compile () { - # These changes are needed to have the fiptool compiling and executing properly - sed -i '/^LDLIBS/ s,$, \$\{BUILD_LDFLAGS},' ${S}/tools/fiptool/Makefile - sed -i '/^INCLUDE_PATHS/ s,$, \$\{BUILD_CFLAGS},' ${S}/tools/fiptool/Makefile - - oe_runmake fiptool -} - -do_install () { - install -d ${D}${bindir}/ - install -m 0755 tools/fiptool/fiptool ${D}${bindir} -} diff --git a/meta-arm/recipes-devtools/fiptool/fiptool-native_2.3.bb b/meta-arm/recipes-devtools/fiptool/fiptool-native_2.3.bb deleted file mode 100644 index 25ca111e..00000000 --- a/meta-arm/recipes-devtools/fiptool/fiptool-native_2.3.bb +++ /dev/null @@ -1,29 +0,0 @@ -# Firmware Image Package (FIP) -# It is a packaging format used by TF-A to package the -# firmware images in a single binary. - -DESCRIPTION = "fiptool - Trusted Firmware tool for packaging" -LICENSE = "BSD-3-Clause" - -SRC_URI = "git://git.trustedfirmware.org/TF-A/trusted-firmware-a.git;destsuffix=fiptool-${PV};protocol=https;" -LIC_FILES_CHKSUM = "file://docs/license.rst;md5=189505435dbcdcc8caa63c46fe93fa89" - -# Use fiptool from TF-A v2.3 -SRCREV = "ecd27ad85f1eba29f6bf92c39dc002c85b07dad5" - -DEPENDS += "openssl-native" - -inherit native - -do_compile () { - # These changes are needed to have the fiptool compiling and executing properly - sed -i '/^LDLIBS/ s,$, \$\{BUILD_LDFLAGS},' ${S}/tools/fiptool/Makefile - sed -i '/^INCLUDE_PATHS/ s,$, \$\{BUILD_CFLAGS},' ${S}/tools/fiptool/Makefile - - oe_runmake fiptool -} - -do_install () { - install -d ${D}${bindir}/ - install -m 0755 tools/fiptool/fiptool ${D}${bindir} -} diff --git a/meta-arm/recipes-devtools/fvp/fvp-base-a-aem_11.25.15.bb b/meta-arm/recipes-devtools/fvp/fvp-base-a-aem_11.25.15.bb new file mode 100644 index 00000000..4dd254a2 --- /dev/null +++ b/meta-arm/recipes-devtools/fvp/fvp-base-a-aem_11.25.15.bb @@ -0,0 +1,13 @@ +require fvp-envelope.inc + +SUMMARY = "Arm Fixed Virtual Platform - Armv-A Base RevC Architecture Envelope Model FVP" +LIC_FILES_CHKSUM = "file://license_terms/license_agreement.txt;md5=1a33828e132ba71861c11688dbb0bd16 \ + file://license_terms/third_party_licenses/third_party_licenses.txt;md5=b9005e55057311e41efe02ccfea8ea72 \ + file://license_terms/third_party_licenses/arm_license_management_utilities/third_party_licenses.txt;md5=c09526c02e631abb95ad61528892552d" + +SRC_URI[fvp-aarch64.sha256sum] = "22096fc2267ad776abe0ff32d0d3b870c9fae10036d9c16f4f0fe4a64487a11e" +SRC_URI[fvp-x86_64.sha256sum] = "5f33707a1bdaa96a933b89949f28643110ad80ac9835a75f139c200b64a394dc" + +MODEL_CODE = "FVP_Base_RevC-2xAEMvA" + +COMPATIBLE_HOST = "(aarch64|x86_64).*-linux" diff --git a/meta-arm/recipes-devtools/fvp/fvp-common.inc b/meta-arm/recipes-devtools/fvp/fvp-common.inc new file mode 100644 index 00000000..29de89f2 --- /dev/null +++ b/meta-arm/recipes-devtools/fvp/fvp-common.inc @@ -0,0 +1,72 @@ +HOMEPAGE = "https://developer.arm.com/tools-and-software/simulation-models/fixed-virtual-platforms" + +LICENSE_FLAGS = "Arm-FVP-EULA" +LICENSE = "Proprietary & Apache-2.0 & Python-2.0 & GPL-3.0-with-GCC-exception & Zlib & NCSA & LGPL-2.0-or-later & MIT & BSD-3-Clause" + +# FVP has an End User License Agreement. Add Arm-FVP-EULA to +# LICENSE_FLAGS_ACCEPTED if the EULA has been accepted, so it can +# be later checked if the user accepted the EULA or not and if +# not display a message to the user requesting them to do so. +LICENSE_FLAGS_ACCEPTED:append = " ${@oe.utils.vartrue('ARM_FVP_EULA_ACCEPT', 'Arm-FVP-EULA', '', d)}" + +LICENSE_FLAGS_DETAILS[Arm-FVP-EULA] = " \ +Accept the END USER LICENSE AGREEMENT FOR ARM SOFTWARE DEVELOPMENT TOOLS. \ +Please refer to 'https://developer.arm.com/downloads/-/arm-ecosystem-fvps/eula'\ +${@bb.utils.contains('BB_ENV_PASSTHROUGH_ADDITIONS', 'ARM_FVP_EULA_ACCEPT', ' and export ARM_FVP_EULA_ACCEPT to 1', '', d)}.\ +" + +COMPATIBLE_HOST = "x86_64.*-linux" + +# The architecture-specific download filename suffix +FVP_ARCH:aarch64 = "Linux64_armv8l" +FVP_ARCH:x86-64 = "Linux64" + +# The architecture-specific directory the binaries are installed under +FVP_ARCH_DIR = "${FVP_ARCH}" + +def get_real_pv(d): + # FVP versions are like 11.12_43 + pv = d.getVar("PV") + return "%s.%s_%s" % tuple(pv.split(".")) + +def get_fm_short_pv_url(d): + # FVP versions are like 11.12_43 + pv = d.getVar("PV") + return "FM_%s_%s" % tuple(pv.split("."))[:2] + + +# If PV is 1.2.3, VERSION=1.2, BUILD=3, PV_URL=1.2_3. +VERSION = "${@oe.utils.trim_version(d.getVar('PV', -1))}" +BUILD = "${@d.getVar('PV').split('.')[-1]}" +PV_URL = "${@get_real_pv(d)}" +PV_URL_SHORT="${@get_fm_short_pv_url(d)}" + +# The directory the FVP is installed into +FVPDIR = "${libdir}/fvp/${BPN}" + +# Used in do_install to create symlinks in $bindir to $FVPDIR +fvp_link_binaries() { + DIR="${D}${FVPDIR}/models/${FVP_ARCH_DIR}*" + + stat $DIR/FVP_* >/dev/null 2>&1 || bbfatal Cannot find FVP binaries in $DIR + + for FVP in $DIR/FVP_*; do + ln -rs $FVP ${D}${bindir}/$(basename $FVP) + done + # But not the .so files too + rm -f ${D}${bindir}/*.so +} + +FILES:${PN} = "${bindir} ${FVPDIR}" + +# Prebuilt binaries are already stripped +INSANE_SKIP:${PN} += "already-stripped" +# FVP can optionally have a GUI, but we can use the host libraries in native/nativesdk +INSANE_SKIP:${PN} += "file-rdeps" +# GNU_HASH warnings +INSANE_SKIP:${PN} += "ldflags" + +# FVP brings its own standard library so don't let it be used as a shlib provider +PRIVATE_LIBS = "libgcc_s.so.1 libstdc++.so.6" + +BBCLASSEXTEND = "native nativesdk" diff --git a/meta-arm/recipes-devtools/fvp/fvp-corstone1000.bb b/meta-arm/recipes-devtools/fvp/fvp-corstone1000.bb new file mode 100644 index 00000000..4ac9a6ca --- /dev/null +++ b/meta-arm/recipes-devtools/fvp/fvp-corstone1000.bb @@ -0,0 +1,14 @@ +require fvp-ecosystem.inc + +MODEL = "Corstone-1000" +MODEL_CODE = "FVP_Corstone_1000" +PV = "11.23_25" + +SRC_URI = "https://developer.arm.com/-/media/Arm%20Developer%20Community/Downloads/OSS/FVP/${MODEL}/${MODEL_CODE}_${PV}_${FVP_ARCH}.tgz;subdir=${BP};name=fvp-${HOST_ARCH}" +SRC_URI[fvp-aarch64.sha256sum] = "e299e81d5fa8b3d2afee0850fd03be31c1a1c3fad07f79849c63e46ee5e36acc" +SRC_URI[fvp-x86_64.sha256sum] = "ec34c9564ccb5b1eb62fc2757673343a353db1d116a7cb1b5f82f9d985d99cdf" + +LIC_FILES_CHKSUM = "file://license_terms/license_agreement.txt;md5=1a33828e132ba71861c11688dbb0bd16 \ + file://license_terms/third_party_licenses/third_party_licenses.txt;md5=0c32ac6f58ebff83065105042ab98211" + +COMPATIBLE_HOST = "(aarch64|x86_64).*-linux" diff --git a/meta-arm/recipes-devtools/fvp/fvp-ecosystem.inc b/meta-arm/recipes-devtools/fvp/fvp-ecosystem.inc new file mode 100644 index 00000000..365b39c4 --- /dev/null +++ b/meta-arm/recipes-devtools/fvp/fvp-ecosystem.inc @@ -0,0 +1,25 @@ +require fvp-common.inc + +# These need to be set +MODEL ?= "unset" +MODEL_CODE ?= "unset" +PV ?= "unset" + +SUMMARY = "Arm Fixed Virtual Platform - ${MODEL} Ecosystem Reference Design" +HOMEPAGE = "https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps" + +SRC_URI = "https://developer.arm.com/-/media/Arm%20Developer%20Community/Downloads/OSS/FVP/${MODEL}/${MODEL_CODE}_${PV_URL}.tgz;subdir=${BP}" + +UPSTREAM_CHECK_URI = "${HOMEPAGE}" +UPSTREAM_CHECK_REGEX = "${MODEL_CODE}_(?P<pver>(\d+[\.\-_]*)+).tgz" + +do_install() { + mkdir --parents ${D}${FVPDIR} ${D}${bindir} + + ${S}/${MODEL_CODE}.sh \ + --i-agree-to-the-contained-eula \ + --no-interactive \ + --destination ${D}${FVPDIR} + + fvp_link_binaries +} diff --git a/meta-arm/recipes-devtools/fvp/fvp-envelope.inc b/meta-arm/recipes-devtools/fvp/fvp-envelope.inc new file mode 100644 index 00000000..f48d823f --- /dev/null +++ b/meta-arm/recipes-devtools/fvp/fvp-envelope.inc @@ -0,0 +1,16 @@ +require fvp-common.inc + +HOMEPAGE = "https://developer.arm.com/Tools%20and%20Software/Fixed%20Virtual%20Platforms" + +SRC_URI = "https://developer.arm.com/-/media/Files/downloads/ecosystem-models/${PV_URL_SHORT}/${MODEL_CODE}_${PV_URL}_${FVP_ARCH}.tgz;subdir=${BP};name=fvp-${HOST_ARCH}" + +UPSTREAM_CHECK_URI = "${HOMEPAGE}" +UPSTREAM_CHECK_REGEX = "${MODEL_CODE}_(?P<pver>(\d+[\.\-_]*)+).tgz" + +do_install() { + mkdir --parents ${D}${FVPDIR} ${D}${bindir} + + cp --archive --no-preserve=ownership ${S}/*_pkg/* ${D}${FVPDIR}/ + + fvp_link_binaries +} diff --git a/meta-arm/recipes-devtools/fvp/fvp-library.bb b/meta-arm/recipes-devtools/fvp/fvp-library.bb new file mode 100644 index 00000000..1a4319eb --- /dev/null +++ b/meta-arm/recipes-devtools/fvp/fvp-library.bb @@ -0,0 +1,22 @@ +require fvp-ecosystem.inc + +MODEL = "Library" +MODEL_CODE = "FVP_ARM_Std_Library" +PV = "11.18.16" + +HOMEPAGE = "https://developer.arm.com/tools-and-software/simulation-models/fixed-virtual-platforms" + +LIC_FILES_CHKSUM = "file://license_terms/license_agreement.txt;md5=a50d186fffa51ed55599183aad911298 \ + file://license_terms/third_party_licenses.txt;md5=3db0c4947b7e3405c40b943672d8de2f" + + +# The FVP Library tarball cannot be downloaded directly, so download the it +# yourself from from the homepage and set FVP_LIBRARY_TARBALL_URI appropriately +# to the directory that contains the tarball (for example, "file:///home/user/"). +FVP_LIBRARY_TARBALL_URI ?= "" + +SRC_URI = "${FVP_LIBRARY_TARBALL_URI}/${MODEL_CODE}_${PV_URL}_${FVP_ARCH}.tgz;subdir=${BP}" +python() { + if not d.getVar("FVP_LIBRARY_TARBALL_URI"): + raise bb.parse.SkipRecipe("FVP_LIBRARY_TARBALL_URI not set") +} diff --git a/meta-arm/recipes-devtools/fvp/fvp-n1-edge.bb b/meta-arm/recipes-devtools/fvp/fvp-n1-edge.bb new file mode 100644 index 00000000..7fc3949b --- /dev/null +++ b/meta-arm/recipes-devtools/fvp/fvp-n1-edge.bb @@ -0,0 +1,11 @@ +require fvp-ecosystem.inc + +MODEL = "Neoverse-N1" +MODEL_CODE = "FVP_RD_N1_edge" +PV = "11.17.29" + +SRC_URI = "https://developer.arm.com/-/media/Arm%20Developer%20Community/Downloads/OSS/FVP/${MODEL}/${MODEL_CODE}_${PV_URL}_Linux64.tgz;subdir=${BP}" +SRC_URI[sha256sum] = "76f5d6ec50b64fad6d8d901101d9ae2c62805f50fcfd0edb125bc2c68de8c8f2" + +LIC_FILES_CHKSUM = "file://license_terms/license_agreement.txt;md5=1a33828e132ba71861c11688dbb0bd16 \ + file://license_terms/third_party_licenses.txt;md5=41029e71051b1c786bae3112a29905a7" diff --git a/meta-arm/recipes-devtools/fvp/fvp-sgi575.bb b/meta-arm/recipes-devtools/fvp/fvp-sgi575.bb new file mode 100644 index 00000000..efdd46f8 --- /dev/null +++ b/meta-arm/recipes-devtools/fvp/fvp-sgi575.bb @@ -0,0 +1,10 @@ +require fvp-ecosystem.inc + +MODEL = "SGI-575" +MODEL_CODE = "FVP_CSS_SGI-575" +PV = "11.15.26" + +SRC_URI[sha256sum] = "d07241112f6c146362deec789e782e10e83bc3560cf605ccd055a606d0b44e74" + +LIC_FILES_CHKSUM = "file://license_terms/license_agreement.txt;md5=1a33828e132ba71861c11688dbb0bd16 \ + file://license_terms/third_party_licenses.txt;md5=3db0c4947b7e3405c40b943672d8de2f" diff --git a/meta-arm/recipes-devtools/gator-daemon/gator-daemon/0001-Include-missing-cstdint.patch b/meta-arm/recipes-devtools/gator-daemon/gator-daemon/0001-Include-missing-cstdint.patch new file mode 100644 index 00000000..294f804f --- /dev/null +++ b/meta-arm/recipes-devtools/gator-daemon/gator-daemon/0001-Include-missing-cstdint.patch @@ -0,0 +1,32 @@ +From 87745a6cad0f7819ac8f8d3826f5e228ebd843c5 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Thu, 2 Feb 2023 16:39:26 -0800 +Subject: [PATCH] Include missing <cstdint> + +gcc 13 moved some includes around and as a result <cstdint> is no +longer transitively included [1]. Explicitly include it +for uintXX_t. + +[1] https://gcc.gnu.org/gcc-13/porting_to.html#header-dep-changes + +Upstream-Status: Submitted [https://github.com/ARM-software/gator/pull/40] +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + daemon/xml/CurrentConfigXML.h | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/daemon/xml/CurrentConfigXML.h b/daemon/xml/CurrentConfigXML.h +index 0b239fd..d9047e3 100644 +--- a/daemon/xml/CurrentConfigXML.h ++++ b/daemon/xml/CurrentConfigXML.h +@@ -1,6 +1,7 @@ + /* Copyright (C) 2020-2021 by Arm Limited. All rights reserved. */ + #pragma once + ++#include <cstdint> + #include <set> + #include <string> + +-- +2.39.1 + diff --git a/meta-arm/recipes-devtools/gator-daemon/gator-daemon/0001-daemon-mxml-Define-_GNU_SOURCE.patch b/meta-arm/recipes-devtools/gator-daemon/gator-daemon/0001-daemon-mxml-Define-_GNU_SOURCE.patch new file mode 100644 index 00000000..d2460434 --- /dev/null +++ b/meta-arm/recipes-devtools/gator-daemon/gator-daemon/0001-daemon-mxml-Define-_GNU_SOURCE.patch @@ -0,0 +1,31 @@ +From 04e2e924c3ab8da41343277746804dbcd7bf520d Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Sat, 13 Aug 2022 16:49:52 -0700 +Subject: [PATCH] daemon/mxml: Define _GNU_SOURCE + +This file uses vasprintf() which is defined only with _GNU_SOURCE +feature macro is on. + +Upstream-Status: Pending + +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + daemon/mxml/mxml-string.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/daemon/mxml/mxml-string.c b/daemon/mxml/mxml-string.c +index 678aeb9..c9cd153 100644 +--- a/daemon/mxml/mxml-string.c ++++ b/daemon/mxml/mxml-string.c +@@ -13,6 +13,8 @@ + * Include necessary headers... + */ + ++#define _GNU_SOURCE ++ + #include "config.h" + + +-- +2.37.2 + diff --git a/meta-arm/recipes-devtools/gator-daemon/gator-daemon_7.8.0.bb b/meta-arm/recipes-devtools/gator-daemon/gator-daemon_7.8.0.bb new file mode 100644 index 00000000..6188b07e --- /dev/null +++ b/meta-arm/recipes-devtools/gator-daemon/gator-daemon_7.8.0.bb @@ -0,0 +1,35 @@ +SUMMARY = "DS-5 Streamline Gator daemon" +DESCRIPTION = "Target-side daemon gathering data for ARM Streamline \ + Performance Analyzer." +HOMEPAGE = "https://github.com/ARM-software/gator" + +# Note that Gator uses the Linux Perf API for +# most of its data collection. Check that your Kernel follow the +# configuration requirement specified here: +# https://github.com/ARM-software/gator#kernel-configuration + +LICENSE = "GPL-2.0-only & LGPL-2.1-or-later & Apache-2.0" +LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ + file://libsensors/COPYING.LGPL;md5=4fbd65380cdd255951079008b364516c \ + file://mxml/LICENSE;md5=86d3f3a95c324c9479bd8986968f4327 \ + file://k/perf_event.h;endline=14;md5=e548bf30a60b2ed11ef2dcf7bfdac230 \ + " + +SRCREV = "6a944e7ee1f1c3ab9b2a57efd24c58503122db02" +SRC_URI = "git://github.com/ARM-software/gator.git;protocol=http;branch=main;protocol=https \ + file://0001-daemon-mxml-Define-_GNU_SOURCE.patch;striplevel=2 \ + file://0001-Include-missing-cstdint.patch;striplevel=2 \ + " + +S = "${WORKDIR}/git/daemon" + +COMPATIBLE_HOST = "aarch64.*-linux" + +EXTRA_OEMAKE = "'CFLAGS=${CFLAGS} ${TARGET_CC_ARCH} -D_DEFAULT_SOURCE -DETCDIR=\"${sysconfdir}\"' \ + 'LDFLAGS=${LDFLAGS} ${TARGET_CC_ARCH}' 'CROSS_COMPILE=${TARGET_PREFIX}' \ + 'CXXFLAGS=${CXXFLAGS} ${TARGET_CC_ARCH} -fno-rtti' CC='${CC}' CXX='${CXX}' V=1" + +do_install() { + install -d ${D}${sbindir} + install -m 0755 ${S}/gatord ${D}${sbindir}/gatord +} diff --git a/meta-arm/recipes-devtools/gn/gn/0001-Replace-lstat64-stat64-functions-on-linux.patch b/meta-arm/recipes-devtools/gn/gn/0001-Replace-lstat64-stat64-functions-on-linux.patch new file mode 100644 index 00000000..159fbaaf --- /dev/null +++ b/meta-arm/recipes-devtools/gn/gn/0001-Replace-lstat64-stat64-functions-on-linux.patch @@ -0,0 +1,60 @@ +From 25786d356ac391124489f2e55690281c03fa83db Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Thu, 22 Dec 2022 00:30:55 -0800 +Subject: [PATCH] Replace lstat64/stat64 functions on linux + +we define -D_FILE_OFFSET_BITS=64 which means lstat is operating on 64bit +off_t and is same as lstat64, same for stat and stat64 case. + +This fixes build with musl where off_t has always been 64bit + +Upstream-Status: Submitted [https://gn-review.googlesource.com/c/gn/+/14960] +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + src/base/files/file.h | 2 +- + src/base/files/file_posix.cc | 2 +- + src/base/files/file_util_posix.cc | 2 +- + 3 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/base/files/file.h b/src/base/files/file.h +index 2c94eb4e..99e87ed9 100644 +--- a/src/base/files/file.h ++++ b/src/base/files/file.h +@@ -23,7 +23,7 @@ namespace base { + + #if defined(OS_BSD) || defined(OS_MACOSX) || defined(OS_NACL) || \ + defined(OS_HAIKU) || defined(OS_MSYS) || defined(OS_ZOS) || \ +- defined(OS_ANDROID) && __ANDROID_API__ < 21 ++ defined(OS_LINUX) || defined(OS_ANDROID) && __ANDROID_API__ < 21 + typedef struct stat stat_wrapper_t; + #elif defined(OS_POSIX) || defined(OS_FUCHSIA) + typedef struct stat64 stat_wrapper_t; +diff --git a/src/base/files/file_posix.cc b/src/base/files/file_posix.cc +index b1f9f5e8..049568f0 100644 +--- a/src/base/files/file_posix.cc ++++ b/src/base/files/file_posix.cc +@@ -26,7 +26,7 @@ namespace { + + #if defined(OS_BSD) || defined(OS_MACOSX) || defined(OS_NACL) || \ + defined(OS_HAIKU) || defined(OS_MSYS) || defined(OS_ZOS) || \ +- defined(OS_ANDROID) && __ANDROID_API__ < 21 ++ defined(OS_LINUX) || defined(OS_ANDROID) && __ANDROID_API__ < 21 + int CallFstat(int fd, stat_wrapper_t* sb) { + return fstat(fd, sb); + } +diff --git a/src/base/files/file_util_posix.cc b/src/base/files/file_util_posix.cc +index aa54731d..53be3d3b 100644 +--- a/src/base/files/file_util_posix.cc ++++ b/src/base/files/file_util_posix.cc +@@ -61,7 +61,7 @@ namespace { + + #if defined(OS_BSD) || defined(OS_MACOSX) || defined(OS_NACL) || \ + defined(OS_HAIKU) || defined(OS_MSYS) || defined(OS_ZOS) || \ +- defined(OS_ANDROID) && __ANDROID_API__ < 21 ++ defined(OS_LINUX) || defined(OS_ANDROID) && __ANDROID_API__ < 21 + int CallStat(const char* path, stat_wrapper_t* sb) { + return stat(path, sb); + } +-- +2.39.0 + diff --git a/meta-arm/recipes-devtools/gn/gn_git.bb b/meta-arm/recipes-devtools/gn/gn_git.bb new file mode 100644 index 00000000..7ec340c9 --- /dev/null +++ b/meta-arm/recipes-devtools/gn/gn_git.bb @@ -0,0 +1,53 @@ +SUMMARY = "GN is a meta-build system that generates build files for Ninja" +DEPENDS += "ninja-native" + +LICENSE = "BSD-3-Clause" +LIC_FILES_CHKSUM = "file://LICENSE;md5=0fca02217a5d49a14dfe2d11837bb34d" + +UPSTREAM_CHECK_COMMITS = "1" + +SRC_URI = "git://gn.googlesource.com/gn;protocol=https;branch=main \ + file://0001-Replace-lstat64-stat64-functions-on-linux.patch" +SRCREV = "4bd1a77e67958fb7f6739bd4542641646f264e5d" +PV = "0+git" + +S = "${WORKDIR}/git" +B = "${WORKDIR}/build" + +# Work around this fatal warning: +# ../git/src/gn/desc_builder.cc: In member function 'base::Value {anonymous}::BaseDescBuilder::ToBaseValue(const Scope*)': +# ../git/src/gn/desc_builder.cc:179:21: error: redundant move in return statement [-Werror=redundant-move] +# 179 | return std::move(res); +CXXFLAGS += "-Wno-error=redundant-move" + +# Map from our _OS strings to the GN's platform values. +def gn_platform(variable, d): + os = d.getVar(variable) + if "linux" in os: + return "linux" + elif "mingw" in os: + return "mingw" + else: + return os + +do_configure[cleandirs] += "${B}" +do_configure() { + python3 ${S}/build/gen.py \ + --platform=${@gn_platform("TARGET_OS", d)} \ + --out-path=${B} \ + --no-static-libstdc++ \ + --no-strip +} + +do_compile() { + ninja -C ${B} --verbose +} + +do_install() { + install -d ${D}${bindir} + install ${B}/gn ${D}${bindir} +} + +BBCLASSEXTEND = "native" + +COMPATIBLE_HOST = "^(?!riscv32).*" diff --git a/meta-arm/recipes-devtools/opencsd/opencsd_1.0.0.bb b/meta-arm/recipes-devtools/opencsd/opencsd_1.5.2.bb index cb75ce1a..cc55a363 100644 --- a/meta-arm/recipes-devtools/opencsd/opencsd_1.0.0.bb +++ b/meta-arm/recipes-devtools/opencsd/opencsd_1.5.2.bb @@ -3,8 +3,8 @@ HOMEPAGE = "https://github.com/Linaro/OpenCSD" LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=ad8cb685eb324d2fa2530b985a43f3e5" -SRC_URI = "git://github.com/Linaro/OpenCSD;protocol=https" -SRCREV = "01d44a34f8fc057f4b041c01f8d9502d77fe612f" +SRC_URI = "git://github.com/Linaro/OpenCSD;protocol=https;branch=master" +SRCREV = "5d86f27a8c0af16a473833da3a0936cd2a0999d3" S = "${WORKDIR}/git" @@ -30,8 +30,6 @@ do_compile() { } do_install() { - # Remove mkdir when upgrading (https://github.com/Linaro/OpenCSD/pull/36) - mkdir --parents ${D}${mandir}/man1 oe_runmake -C ${S}/decoder/build/linux install install_man } diff --git a/meta-arm/recipes-devtools/python/python3-cbor_1.0.0.bb b/meta-arm/recipes-devtools/python/python3-cbor_1.0.0.bb deleted file mode 100644 index 1df062bc..00000000 --- a/meta-arm/recipes-devtools/python/python3-cbor_1.0.0.bb +++ /dev/null @@ -1,16 +0,0 @@ -DESCRIPTION = "An implementation of RFC 7049 - Concise Binary Object Representation (CBOR)." -HOMEPAGE = "https://github.com/brianolson/cbor_py" - -LICENSE = "Apache-2.0" -# Use a line from setup.py until LICENSE is distributed -# (https://github.com/brianolson/cbor_py/issues/20) -LIC_FILES_CHKSUM = "file://setup.py;beginline=88;endline=88;md5=267392b618a88b03e5987f69d9b98699" - -SRC_URI[md5sum] = "22b03b59784fd78cb6c27aa498af0db6" -SRC_URI[sha256sum] = "13225a262ddf5615cbd9fd55a76a0d53069d18b07d2e9f19c39e6acb8609bbb6" - -PYPI_PACKAGE = "cbor" - -inherit pypi setuptools3 - -BBCLASSEXTEND = "native" diff --git a/meta-arm/recipes-devtools/python/python3-pyhsslms_2.0.0.bb b/meta-arm/recipes-devtools/python/python3-pyhsslms_2.0.0.bb new file mode 100644 index 00000000..b18d1c8e --- /dev/null +++ b/meta-arm/recipes-devtools/python/python3-pyhsslms_2.0.0.bb @@ -0,0 +1,14 @@ +SUMMARY = "Pure-Python implementation of HSS/LMS Digital Signatures (RFC 8554)" +HOMEPAGE ="https://pypi.org/project/pyhsslms" +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=bbc59ef8bf238c2902ca816b87b58571" + +inherit python_setuptools_build_meta + +# Maintainer refused to upload source to pypi.org, but said he would in a future release. In the meantime, do github +SRC_URI = "git:///github.com/russhousley/pyhsslms.git;branch=master;protocol=https" +SRCREV = "c798728deed6d3f681c9e6bfd7fe8a6705f5638b" + +S = "${WORKDIR}/git" + +BBCLASSEXTEND = "native nativesdk" diff --git a/meta-arm/recipes-kernel/arm-ffa-user/arm-ffa-user_5.0.1.bb b/meta-arm/recipes-kernel/arm-ffa-user/arm-ffa-user_5.0.1.bb new file mode 100644 index 00000000..726a65bb --- /dev/null +++ b/meta-arm/recipes-kernel/arm-ffa-user/arm-ffa-user_5.0.1.bb @@ -0,0 +1,35 @@ +SUMMARY = "FF-A Debugfs Linux kernel module" +DESCRIPTION = "This out-of-tree kernel module exposes FF-A operations to user space \ +used for development purposes" +LICENSE = "GPL-2.0-only" +LIC_FILES_CHKSUM = "file://COPYING;md5=05e355bbd617507216a836c56cf24983" + +inherit module + +SRC_URI = "git://gitlab.arm.com/linux-arm/linux-trusted-services;protocol=https;branch=debugfs \ + file://Makefile;subdir=git \ + " +S = "${WORKDIR}/git" + +# Tag debugfs-v5.0.1 +SRCREV = "18e3be71f65a405dfb5d97603ae71b3c11759861" + +COMPATIBLE_HOST = "(arm|aarch64).*-linux" +KERNEL_MODULE_AUTOLOAD += "arm-ffa-user" +KERNEL_MODULE_PROBECONF += "arm-ffa-user" + +# SMM Gateway SP +UUID_LIST = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-smm-gateway', \ + 'ed32d533-99e6-4209-9cc0-2d72cdd998a7', '' , d)}" +# SPMC Tests SPs +UUID_LIST:append = "${@bb.utils.contains('MACHINE_FEATURES', 'optee-spmc-test', \ + ',5c9edbc3-7b3a-4367-9f83-7c191ae86a37,7817164c-c40c-4d1a-867a-9bb2278cf41a,23eb0100-e32a-4497-9052-2f11e584afa6', '' , d)}" + +FFA_USER_UUID_LIST ?= "${@d.getVar('UUID_LIST').strip(',')}" + +module_conf_arm-ffa-user = "options arm-ffa-user uuid_str_list=${FFA_USER_UUID_LIST}" + +do_install:append() { + install -d ${D}${includedir} + install -m 0644 ${S}/arm_ffa_user.h ${D}${includedir}/ +} diff --git a/meta-arm/recipes-kernel/arm-ffa-user/files/Makefile b/meta-arm/recipes-kernel/arm-ffa-user/files/Makefile new file mode 100644 index 00000000..c54d1fc3 --- /dev/null +++ b/meta-arm/recipes-kernel/arm-ffa-user/files/Makefile @@ -0,0 +1,14 @@ +obj-m := arm-ffa-user.o + +SRC := $(shell pwd) + +all: + $(MAKE) -C $(KERNEL_SRC) M=$(SRC) + +modules_install: + $(MAKE) -C $(KERNEL_SRC) M=$(SRC) modules_install + +clean: + rm -f *.o *~ core .depend .*.cmd *.ko *.mod.c + rm -f Module.markers Module.symvers modules.order + rm -rf .tmp_versions Modules.symvers diff --git a/meta-arm/recipes-kernel/arm-tstee/arm-tstee_2.0.0.bb b/meta-arm/recipes-kernel/arm-tstee/arm-tstee_2.0.0.bb new file mode 100644 index 00000000..44608b1d --- /dev/null +++ b/meta-arm/recipes-kernel/arm-tstee/arm-tstee_2.0.0.bb @@ -0,0 +1,22 @@ +SUMMARY = "A Linux kernel module providing user space access to Trusted Services" +DESCRIPTION = "${SUMMARY}" +LICENSE = "GPL-2.0-only" +LIC_FILES_CHKSUM = "file://COPYING;md5=05e355bbd617507216a836c56cf24983" + +inherit module + +SRC_URI = "git://gitlab.arm.com/linux-arm/linux-trusted-services;protocol=https;branch=main \ + file://Makefile;subdir=git \ + " +S = "${WORKDIR}/git" + +# Tag tee-v2.0.0 +SRCREV = "a2d7349a96c3b3afb44bf1555d53f1c46e45a23d" + +COMPATIBLE_HOST = "(arm|aarch64).*-linux" +KERNEL_MODULE_AUTOLOAD += "arm-tstee" + +do_install:append() { + install -d ${D}${includedir} + install -m 0644 ${S}/uapi/arm_tstee.h ${D}${includedir}/ +} diff --git a/meta-arm/recipes-kernel/arm-tstee/files/Makefile b/meta-arm/recipes-kernel/arm-tstee/files/Makefile new file mode 100644 index 00000000..6d781d15 --- /dev/null +++ b/meta-arm/recipes-kernel/arm-tstee/files/Makefile @@ -0,0 +1,14 @@ +obj-m := arm-tstee.o + +SRC := $(shell pwd) + +all: + $(MAKE) -C $(KERNEL_SRC) M=$(SRC) + +modules_install: + $(MAKE) -C $(KERNEL_SRC) M=$(SRC) modules_install + +clean: + rm -f *.o *~ core .depend .*.cmd *.ko *.mod.c + rm -f Module.markers Module.symvers modules.order + rm -rf .tmp_versions Modules.symvers diff --git a/meta-arm/recipes-kernel/linux/arm-ffa-transport.inc b/meta-arm/recipes-kernel/linux/arm-ffa-transport.inc new file mode 100644 index 00000000..b3d377b4 --- /dev/null +++ b/meta-arm/recipes-kernel/linux/arm-ffa-transport.inc @@ -0,0 +1,6 @@ +FILESEXTRAPATHS:prepend := "${ARMFILESPATHS}" + +# Enable ARM-FFA transport +SRC_URI:append = " \ + file://arm-ffa-transport.cfg \ + " diff --git a/meta-arm/recipes-kernel/linux/files/arm-ffa-transport.cfg b/meta-arm/recipes-kernel/linux/files/arm-ffa-transport.cfg new file mode 100644 index 00000000..34de78e8 --- /dev/null +++ b/meta-arm/recipes-kernel/linux/files/arm-ffa-transport.cfg @@ -0,0 +1 @@ +CONFIG_ARM_FFA_TRANSPORT=y diff --git a/meta-arm/recipes-kernel/linux/files/efi.cfg b/meta-arm/recipes-kernel/linux/files/efi.cfg new file mode 100644 index 00000000..00be1bc6 --- /dev/null +++ b/meta-arm/recipes-kernel/linux/files/efi.cfg @@ -0,0 +1,2 @@ +CONFIG_ACPI=y +CONFIG_EFI=y diff --git a/meta-arm/recipes-kernel/linux/files/no-strict-devmem.cfg b/meta-arm/recipes-kernel/linux/files/no-strict-devmem.cfg new file mode 100644 index 00000000..d372acae --- /dev/null +++ b/meta-arm/recipes-kernel/linux/files/no-strict-devmem.cfg @@ -0,0 +1 @@ +CONFIG_STRICT_DEVMEM=n diff --git a/meta-arm/recipes-kernel/linux/files/tee.cfg b/meta-arm/recipes-kernel/linux/files/tee.cfg new file mode 100644 index 00000000..53c452d4 --- /dev/null +++ b/meta-arm/recipes-kernel/linux/files/tee.cfg @@ -0,0 +1,11 @@ +CONFIG_HW_RANDOM_OPTEE=y +CONFIG_TEE=y + +# +# TEE drivers +# +CONFIG_OPTEE=y +# end of TEE drivers + +CONFIG_TCG_TPM=y +CONFIG_TCG_FTPM_TEE=y diff --git a/meta-arm/recipes-kernel/linux/linux-arm64-ack.inc b/meta-arm/recipes-kernel/linux/linux-arm64-ack.inc deleted file mode 100644 index a9d561b2..00000000 --- a/meta-arm/recipes-kernel/linux/linux-arm64-ack.inc +++ /dev/null @@ -1,21 +0,0 @@ -# SPDX-License-Identifier: Apache-2.0 -# -# Copyright (c) 2020 Arm Limited -# - -DESCRIPTION = "Linux Android Common Kernel" -SECTION = "kernel" -LICENSE = "GPLv2" -LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=bbea815ee2795b2f4230826c0c6b8814" - -require recipes-kernel/linux/linux-yocto.inc - -COMPATIBLE_MACHINE ?= "invalid" - -ARCH = "arm64" - -S = "${WORKDIR}/git" - -LINUX_VERSION ?= "${PV}" -KERNEL_VERSION_SANITY_SKIP = "1" -KBRANCH = "" diff --git a/meta-arm/recipes-kernel/linux/linux-arm64-ack/0001-perf-cs-etm-Move-definition-of-traceid_list-global-v.patch b/meta-arm/recipes-kernel/linux/linux-arm64-ack/0001-perf-cs-etm-Move-definition-of-traceid_list-global-v.patch deleted file mode 100644 index 94ab4357..00000000 --- a/meta-arm/recipes-kernel/linux/linux-arm64-ack/0001-perf-cs-etm-Move-definition-of-traceid_list-global-v.patch +++ /dev/null @@ -1,69 +0,0 @@ -Upstream-Status: Backport -Signed-off-by: Ross Burton <ross.burton@arm.com> - -From 28c69b683210b5d5321ceb71e44a77bc31a32c8a Mon Sep 17 00:00:00 2001 -From: Leo Yan <leo.yan@linaro.org> -Date: Tue, 5 May 2020 21:36:42 +0800 -Subject: [PATCH 1/4] perf cs-etm: Move definition of 'traceid_list' global - variable from header file - -The variable 'traceid_list' is defined in the header file cs-etm.h, -if multiple C files include cs-etm.h the compiler might complaint for -multiple definition of 'traceid_list'. - -To fix multiple definition error, move the definition of 'traceid_list' -into cs-etm.c. - -Fixes: cd8bfd8c973e ("perf tools: Add processing of coresight metadata") -Reported-by: Thomas Backlund <tmb@mageia.org> -Signed-off-by: Leo Yan <leo.yan@linaro.org> -Reviewed-by: Mathieu Poirier <mathieu.poirier@linaro.org> -Reviewed-by: Mike Leach <mike.leach@linaro.org> -Tested-by: Mike Leach <mike.leach@linaro.org> -Tested-by: Thomas Backlund <tmb@mageia.org> -Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com> -Cc: Jiri Olsa <jolsa@redhat.com> -Cc: Mark Rutland <mark.rutland@arm.com> -Cc: Namhyung Kim <namhyung@kernel.org> -Cc: Peter Zijlstra <peterz@infradead.org> -Cc: Suzuki Poulouse <suzuki.poulose@arm.com> -Cc: Tor Jeremiassen <tor@ti.com> -Cc: linux-arm-kernel@lists.infradead.org -Link: http://lore.kernel.org/lkml/20200505133642.4756-1-leo.yan@linaro.org -Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com> ---- - tools/perf/util/cs-etm.c | 3 +++ - tools/perf/util/cs-etm.h | 3 --- - 2 files changed, 3 insertions(+), 3 deletions(-) - -diff --git a/tools/perf/util/cs-etm.c b/tools/perf/util/cs-etm.c -index f5f855fff412..50de6a1ed0ce 100644 ---- a/tools/perf/util/cs-etm.c -+++ b/tools/perf/util/cs-etm.c -@@ -94,6 +94,9 @@ struct cs_etm_queue { - struct cs_etm_traceid_queue **traceid_queues; - }; - -+/* RB tree for quick conversion between traceID and metadata pointers */ -+static struct intlist *traceid_list; -+ - static int cs_etm__update_queues(struct cs_etm_auxtrace *etm); - static int cs_etm__process_queues(struct cs_etm_auxtrace *etm); - static int cs_etm__process_timeless_queues(struct cs_etm_auxtrace *etm, -diff --git a/tools/perf/util/cs-etm.h b/tools/perf/util/cs-etm.h -index 650ecc2a6349..4ad925d6d799 100644 ---- a/tools/perf/util/cs-etm.h -+++ b/tools/perf/util/cs-etm.h -@@ -114,9 +114,6 @@ enum cs_etm_isa { - CS_ETM_ISA_T32, - }; - --/* RB tree for quick conversion between traceID and metadata pointers */ --struct intlist *traceid_list; -- - struct cs_etm_queue; - - struct cs_etm_packet { --- -2.25.1 - diff --git a/meta-arm/recipes-kernel/linux/linux-arm64-ack/0002-perf-tests-bp_account-Make-global-variable-static.patch b/meta-arm/recipes-kernel/linux/linux-arm64-ack/0002-perf-tests-bp_account-Make-global-variable-static.patch deleted file mode 100644 index 142d4b7c..00000000 --- a/meta-arm/recipes-kernel/linux/linux-arm64-ack/0002-perf-tests-bp_account-Make-global-variable-static.patch +++ /dev/null @@ -1,43 +0,0 @@ -Upstream-Status: Backport -Signed-off-by: Ross Burton <ross.burton@arm.com> - -From b28dc646b4c5cd3844bd591af841494dd1de0a9f Mon Sep 17 00:00:00 2001 -From: Arnaldo Carvalho de Melo <acme@redhat.com> -Date: Mon, 2 Mar 2020 11:13:19 -0300 -Subject: [PATCH 2/4] perf tests bp_account: Make global variable static - -To fix the build with newer gccs, that without this patch exit with: - - LD /tmp/build/perf/tests/perf-in.o - ld: /tmp/build/perf/tests/bp_account.o:/git/perf/tools/perf/tests/bp_account.c:22: multiple definition of `the_var'; /tmp/build/perf/tests/bp_signal.o:/git/perf/tools/perf/tests/bp_signal.c:38: first defined here - make[4]: *** [/git/perf/tools/build/Makefile.build:145: /tmp/build/perf/tests/perf-in.o] Error 1 - -First noticed in fedora:rawhide/32 with: - - [perfbuilder@a5ff49d6e6e4 ~]$ gcc --version - gcc (GCC) 10.0.1 20200216 (Red Hat 10.0.1-0.8) - -Reported-by: Jiri Olsa <jolsa@kernel.org> -Cc: Adrian Hunter <adrian.hunter@intel.com> -Cc: Namhyung Kim <namhyung@kernel.org> -Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com> ---- - tools/perf/tests/bp_account.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/tools/perf/tests/bp_account.c b/tools/perf/tests/bp_account.c -index 016bba2c142d..55a9de311d7b 100644 ---- a/tools/perf/tests/bp_account.c -+++ b/tools/perf/tests/bp_account.c -@@ -23,7 +23,7 @@ - #include "../perf-sys.h" - #include "cloexec.h" - --volatile long the_var; -+static volatile long the_var; - - static noinline int test_function(void) - { --- -2.25.1 - diff --git a/meta-arm/recipes-kernel/linux/linux-arm64-ack/0003-perf-bench-Share-some-global-variables-to-fix-build-.patch b/meta-arm/recipes-kernel/linux/linux-arm64-ack/0003-perf-bench-Share-some-global-variables-to-fix-build-.patch deleted file mode 100644 index 965cc384..00000000 --- a/meta-arm/recipes-kernel/linux/linux-arm64-ack/0003-perf-bench-Share-some-global-variables-to-fix-build-.patch +++ /dev/null @@ -1,240 +0,0 @@ -Upstream-Status: Backport -Signed-off-by: Ross Burton <ross.burton@arm.com> - -From e6ae6031755b6781af42af28f11186bb18e94842 Mon Sep 17 00:00:00 2001 -From: Arnaldo Carvalho de Melo <acme@redhat.com> -Date: Mon, 2 Mar 2020 12:09:38 -0300 -Subject: [PATCH 3/4] perf bench: Share some global variables to fix build with - gcc 10 - -Noticed with gcc 10 (fedora rawhide) that those variables were not being -declared as static, so end up with: - - ld: /tmp/build/perf/bench/epoll-wait.o:/git/perf/tools/perf/bench/epoll-wait.c:93: multiple definition of `end'; /tmp/build/perf/bench/futex-hash.o:/git/perf/tools/perf/bench/futex-hash.c:40: first defined here - ld: /tmp/build/perf/bench/epoll-wait.o:/git/perf/tools/perf/bench/epoll-wait.c:93: multiple definition of `start'; /tmp/build/perf/bench/futex-hash.o:/git/perf/tools/perf/bench/futex-hash.c:40: first defined here - ld: /tmp/build/perf/bench/epoll-wait.o:/git/perf/tools/perf/bench/epoll-wait.c:93: multiple definition of `runtime'; /tmp/build/perf/bench/futex-hash.o:/git/perf/tools/perf/bench/futex-hash.c:40: first defined here - ld: /tmp/build/perf/bench/epoll-ctl.o:/git/perf/tools/perf/bench/epoll-ctl.c:38: multiple definition of `end'; /tmp/build/perf/bench/futex-hash.o:/git/perf/tools/perf/bench/futex-hash.c:40: first defined here - ld: /tmp/build/perf/bench/epoll-ctl.o:/git/perf/tools/perf/bench/epoll-ctl.c:38: multiple definition of `start'; /tmp/build/perf/bench/futex-hash.o:/git/perf/tools/perf/bench/futex-hash.c:40: first defined here - ld: /tmp/build/perf/bench/epoll-ctl.o:/git/perf/tools/perf/bench/epoll-ctl.c:38: multiple definition of `runtime'; /tmp/build/perf/bench/futex-hash.o:/git/perf/tools/perf/bench/futex-hash.c:40: first defined here - make[4]: *** [/git/perf/tools/build/Makefile.build:145: /tmp/build/perf/bench/perf-in.o] Error 1 - -Prefix those with bench__ and add them to bench/bench.h, so that we can -share those on the tools needing to access those variables from signal -handlers. - -Acked-by: Thomas Gleixner <tglx@linutronix.de> -Cc: Adrian Hunter <adrian.hunter@intel.com> -Cc: Davidlohr Bueso <dave@stgolabs.net> -Cc: Jiri Olsa <jolsa@kernel.org> -Cc: Namhyung Kim <namhyung@kernel.org> -Link: http://lore.kernel.org/lkml/20200303155811.GD13702@kernel.org -Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com> ---- - tools/perf/bench/bench.h | 4 ++++ - tools/perf/bench/epoll-ctl.c | 7 +++---- - tools/perf/bench/epoll-wait.c | 11 +++++------ - tools/perf/bench/futex-hash.c | 12 ++++++------ - tools/perf/bench/futex-lock-pi.c | 11 +++++------ - 5 files changed, 23 insertions(+), 22 deletions(-) - -diff --git a/tools/perf/bench/bench.h b/tools/perf/bench/bench.h -index fddb3ced9db6..4aa6de1aa67d 100644 ---- a/tools/perf/bench/bench.h -+++ b/tools/perf/bench/bench.h -@@ -2,6 +2,10 @@ - #ifndef BENCH_H - #define BENCH_H - -+#include <sys/time.h> -+ -+extern struct timeval bench__start, bench__end, bench__runtime; -+ - /* - * The madvise transparent hugepage constants were added in glibc - * 2.13. For compatibility with older versions of glibc, define these -diff --git a/tools/perf/bench/epoll-ctl.c b/tools/perf/bench/epoll-ctl.c -index bb617e568841..a7526c05df38 100644 ---- a/tools/perf/bench/epoll-ctl.c -+++ b/tools/perf/bench/epoll-ctl.c -@@ -35,7 +35,6 @@ - - static unsigned int nthreads = 0; - static unsigned int nsecs = 8; --struct timeval start, end, runtime; - static bool done, __verbose, randomize; - - /* -@@ -94,8 +93,8 @@ static void toggle_done(int sig __maybe_unused, - { - /* inform all threads that we're done for the day */ - done = true; -- gettimeofday(&end, NULL); -- timersub(&end, &start, &runtime); -+ gettimeofday(&bench__end, NULL); -+ timersub(&bench__end, &bench__start, &bench__runtime); - } - - static void nest_epollfd(void) -@@ -361,7 +360,7 @@ int bench_epoll_ctl(int argc, const char **argv) - - threads_starting = nthreads; - -- gettimeofday(&start, NULL); -+ gettimeofday(&bench__start, NULL); - - do_threads(worker, cpu); - -diff --git a/tools/perf/bench/epoll-wait.c b/tools/perf/bench/epoll-wait.c -index 7af694437f4e..d1c5cb526b9f 100644 ---- a/tools/perf/bench/epoll-wait.c -+++ b/tools/perf/bench/epoll-wait.c -@@ -90,7 +90,6 @@ - - static unsigned int nthreads = 0; - static unsigned int nsecs = 8; --struct timeval start, end, runtime; - static bool wdone, done, __verbose, randomize, nonblocking; - - /* -@@ -276,8 +275,8 @@ static void toggle_done(int sig __maybe_unused, - { - /* inform all threads that we're done for the day */ - done = true; -- gettimeofday(&end, NULL); -- timersub(&end, &start, &runtime); -+ gettimeofday(&bench__end, NULL); -+ timersub(&bench__end, &bench__start, &bench__runtime); - } - - static void print_summary(void) -@@ -287,7 +286,7 @@ static void print_summary(void) - - printf("\nAveraged %ld operations/sec (+- %.2f%%), total secs = %d\n", - avg, rel_stddev_stats(stddev, avg), -- (int) runtime.tv_sec); -+ (int)bench__runtime.tv_sec); - } - - static int do_threads(struct worker *worker, struct perf_cpu_map *cpu) -@@ -479,7 +478,7 @@ int bench_epoll_wait(int argc, const char **argv) - - threads_starting = nthreads; - -- gettimeofday(&start, NULL); -+ gettimeofday(&bench__start, NULL); - - do_threads(worker, cpu); - -@@ -519,7 +518,7 @@ int bench_epoll_wait(int argc, const char **argv) - qsort(worker, nthreads, sizeof(struct worker), cmpworker); - - for (i = 0; i < nthreads; i++) { -- unsigned long t = worker[i].ops/runtime.tv_sec; -+ unsigned long t = worker[i].ops / bench__runtime.tv_sec; - - update_stats(&throughput_stats, t); - -diff --git a/tools/perf/bench/futex-hash.c b/tools/perf/bench/futex-hash.c -index 8ba0c3330a9a..21776862e940 100644 ---- a/tools/perf/bench/futex-hash.c -+++ b/tools/perf/bench/futex-hash.c -@@ -37,7 +37,7 @@ static unsigned int nfutexes = 1024; - static bool fshared = false, done = false, silent = false; - static int futex_flag = 0; - --struct timeval start, end, runtime; -+struct timeval bench__start, bench__end, bench__runtime; - static pthread_mutex_t thread_lock; - static unsigned int threads_starting; - static struct stats throughput_stats; -@@ -103,8 +103,8 @@ static void toggle_done(int sig __maybe_unused, - { - /* inform all threads that we're done for the day */ - done = true; -- gettimeofday(&end, NULL); -- timersub(&end, &start, &runtime); -+ gettimeofday(&bench__end, NULL); -+ timersub(&bench__end, &bench__start, &bench__runtime); - } - - static void print_summary(void) -@@ -114,7 +114,7 @@ static void print_summary(void) - - printf("%sAveraged %ld operations/sec (+- %.2f%%), total secs = %d\n", - !silent ? "\n" : "", avg, rel_stddev_stats(stddev, avg), -- (int) runtime.tv_sec); -+ (int)bench__runtime.tv_sec); - } - - int bench_futex_hash(int argc, const char **argv) -@@ -161,7 +161,7 @@ int bench_futex_hash(int argc, const char **argv) - - threads_starting = nthreads; - pthread_attr_init(&thread_attr); -- gettimeofday(&start, NULL); -+ gettimeofday(&bench__start, NULL); - for (i = 0; i < nthreads; i++) { - worker[i].tid = i; - worker[i].futex = calloc(nfutexes, sizeof(*worker[i].futex)); -@@ -204,7 +204,7 @@ int bench_futex_hash(int argc, const char **argv) - pthread_mutex_destroy(&thread_lock); - - for (i = 0; i < nthreads; i++) { -- unsigned long t = worker[i].ops/runtime.tv_sec; -+ unsigned long t = worker[i].ops / bench__runtime.tv_sec; - update_stats(&throughput_stats, t); - if (!silent) { - if (nfutexes == 1) -diff --git a/tools/perf/bench/futex-lock-pi.c b/tools/perf/bench/futex-lock-pi.c -index d0cae8125423..30d97121dc4f 100644 ---- a/tools/perf/bench/futex-lock-pi.c -+++ b/tools/perf/bench/futex-lock-pi.c -@@ -37,7 +37,6 @@ static bool silent = false, multi = false; - static bool done = false, fshared = false; - static unsigned int nthreads = 0; - static int futex_flag = 0; --struct timeval start, end, runtime; - static pthread_mutex_t thread_lock; - static unsigned int threads_starting; - static struct stats throughput_stats; -@@ -64,7 +63,7 @@ static void print_summary(void) - - printf("%sAveraged %ld operations/sec (+- %.2f%%), total secs = %d\n", - !silent ? "\n" : "", avg, rel_stddev_stats(stddev, avg), -- (int) runtime.tv_sec); -+ (int)bench__runtime.tv_sec); - } - - static void toggle_done(int sig __maybe_unused, -@@ -73,8 +72,8 @@ static void toggle_done(int sig __maybe_unused, - { - /* inform all threads that we're done for the day */ - done = true; -- gettimeofday(&end, NULL); -- timersub(&end, &start, &runtime); -+ gettimeofday(&bench__end, NULL); -+ timersub(&bench__end, &bench__start, &bench__runtime); - } - - static void *workerfn(void *arg) -@@ -185,7 +184,7 @@ int bench_futex_lock_pi(int argc, const char **argv) - - threads_starting = nthreads; - pthread_attr_init(&thread_attr); -- gettimeofday(&start, NULL); -+ gettimeofday(&bench__start, NULL); - - create_threads(worker, thread_attr, cpu); - pthread_attr_destroy(&thread_attr); -@@ -211,7 +210,7 @@ int bench_futex_lock_pi(int argc, const char **argv) - pthread_mutex_destroy(&thread_lock); - - for (i = 0; i < nthreads; i++) { -- unsigned long t = worker[i].ops/runtime.tv_sec; -+ unsigned long t = worker[i].ops / bench__runtime.tv_sec; - - update_stats(&throughput_stats, t); - if (!silent) --- -2.25.1 - diff --git a/meta-arm/recipes-kernel/linux/linux-arm64-ack/0004-libtraceevent-Fix-build-with-binutils-2.35.patch b/meta-arm/recipes-kernel/linux/linux-arm64-ack/0004-libtraceevent-Fix-build-with-binutils-2.35.patch deleted file mode 100644 index 5e181577..00000000 --- a/meta-arm/recipes-kernel/linux/linux-arm64-ack/0004-libtraceevent-Fix-build-with-binutils-2.35.patch +++ /dev/null @@ -1,39 +0,0 @@ -Upstream-Status: Backport -Signed-off-by: Ross Burton <ross.burton@arm.com> - -From c2c2c58915def6cda401d1782048d23b2b02ed85 Mon Sep 17 00:00:00 2001 -From: Ben Hutchings <ben@decadent.org.uk> -Date: Sat, 25 Jul 2020 02:06:23 +0100 -Subject: [PATCH 4/4] libtraceevent: Fix build with binutils 2.35 - -In binutils 2.35, 'nm -D' changed to show symbol versions along with -symbol names, with the usual @@ separator. When generating -libtraceevent-dynamic-list we need just the names, so strip off the -version suffix if present. - -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> -Tested-by: Salvatore Bonaccorso <carnil@debian.org> -Reviewed-by: Steven Rostedt <rostedt@goodmis.org> -Cc: linux-trace-devel@vger.kernel.org -Cc: stable@vger.kernel.org -Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com> ---- - tools/lib/traceevent/plugins/Makefile | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/tools/lib/traceevent/plugins/Makefile b/tools/lib/traceevent/plugins/Makefile -index f440989fa55e..23c3535bcbd6 100644 ---- a/tools/lib/traceevent/plugins/Makefile -+++ b/tools/lib/traceevent/plugins/Makefile -@@ -196,7 +196,7 @@ define do_generate_dynamic_list_file - xargs echo "U w W" | tr 'w ' 'W\n' | sort -u | xargs echo`;\ - if [ "$$symbol_type" = "U W" ];then \ - (echo '{'; \ -- $(NM) -u -D $1 | awk 'NF>1 {print "\t"$$2";"}' | sort -u;\ -+ $(NM) -u -D $1 | awk 'NF>1 {sub("@.*", "", $$2); print "\t"$$2";"}' | sort -u;\ - echo '};'; \ - ) > $2; \ - else \ --- -2.25.1 - diff --git a/meta-arm/recipes-kernel/linux/linux-arm64-ack_5.4.bb b/meta-arm/recipes-kernel/linux/linux-arm64-ack_5.4.bb deleted file mode 100644 index aab2fd1c..00000000 --- a/meta-arm/recipes-kernel/linux/linux-arm64-ack_5.4.bb +++ /dev/null @@ -1,16 +0,0 @@ -# SPDX-License-Identifier: Apache-2.0 -# -# Copyright (c) 2020 Arm Limited -# -require linux-arm64-ack.inc - -SRC_URI = " \ - git://android.googlesource.com/kernel/common.git;protocol=https;branch=android11-5.4-lts \ - file://0001-perf-cs-etm-Move-definition-of-traceid_list-global-v.patch \ - file://0002-perf-tests-bp_account-Make-global-variable-static.patch \ - file://0003-perf-bench-Share-some-global-variables-to-fix-build-.patch \ - file://0004-libtraceevent-Fix-build-with-binutils-2.35.patch \ - " - -# ASB-2020-07-05_5.4-stable tag commit -SRCREV = "056684c0d252f75c13be4abb7408f692eedab653" diff --git a/meta-arm/recipes-kernel/linux/linux-yocto%.bbappend b/meta-arm/recipes-kernel/linux/linux-yocto%.bbappend new file mode 100644 index 00000000..a287d0e1 --- /dev/null +++ b/meta-arm/recipes-kernel/linux/linux-yocto%.bbappend @@ -0,0 +1,27 @@ +ARMFILESPATHS := "${THISDIR}/files:" + +FILESEXTRAPATHS:prepend:qemuarm64-secureboot = "${ARMFILESPATHS}" +SRC_URI:append:qemuarm64-secureboot = " \ + file://tee.cfg \ + " + +# for Trusted Services uefi-test tool if SMM-Gateway is included +SRC_URI:append:qemuarm64-secureboot = "\ + ${@bb.utils.contains('MACHINE_FEATURES', 'ts-smm-gateway', 'file://no-strict-devmem.cfg', '' , d)} \ + " + +FILESEXTRAPATHS:prepend:qemuarm-secureboot = "${ARMFILESPATHS}" +SRC_URI:append:qemuarm-secureboot = " \ + file://tee.cfg \ + " + +FILESEXTRAPATHS:prepend:qemuarm64 = "${ARMFILESPATHS}" +SRC_URI:append:qemuarm64 = " file://efi.cfg" + +FILESEXTRAPATHS:prepend:qemuarm = "${ARMFILESPATHS}" +SRC_URI:append:qemuarm = " \ + file://efi.cfg \ + " + +FFA_TRANSPORT_INCLUDE = "${@bb.utils.contains('MACHINE_FEATURES', 'arm-ffa', 'arm-ffa-transport.inc', '' , d)}" +require ${FFA_TRANSPORT_INCLUDE} diff --git a/meta-arm/recipes-kernel/linux/linux-yocto/defconfig.patch b/meta-arm/recipes-kernel/linux/linux-yocto/defconfig.patch deleted file mode 100644 index afbbabe2..00000000 --- a/meta-arm/recipes-kernel/linux/linux-yocto/defconfig.patch +++ /dev/null @@ -1,318 +0,0 @@ -From c72967164b63ea16c7c0276a306b66797998b62a Mon Sep 17 00:00:00 2001 -From: Jon Mason <jdmason@kudzu.us> -Date: Sat, 1 May 2021 17:18:37 -0400 -Subject: [PATCH] Change USB_CONN_GPIO to 'y' by default and regenerate the - defconfig via `make savedefconfig`. - -Upstream-Status: Inappropriate [not needed in newer kernels] -Signed-off-by: Jon Mason <jon.mason@arm.com> ---- - arch/arm64/configs/defconfig | 65 +++++++++++++----------------------- - 1 file changed, 24 insertions(+), 41 deletions(-) - -diff --git a/arch/arm64/configs/defconfig b/arch/arm64/configs/defconfig -index 6d84761d1285..8a2f7e075ba9 100644 ---- a/arch/arm64/configs/defconfig -+++ b/arch/arm64/configs/defconfig -@@ -13,7 +13,6 @@ CONFIG_IKCONFIG=y - CONFIG_IKCONFIG_PROC=y - CONFIG_NUMA_BALANCING=y - CONFIG_MEMCG=y --CONFIG_MEMCG_SWAP=y - CONFIG_BLK_CGROUP=y - CONFIG_CGROUP_PIDS=y - CONFIG_CGROUP_HUGETLB=y -@@ -65,7 +64,6 @@ CONFIG_ARM64_VA_BITS_48=y - CONFIG_SCHED_MC=y - CONFIG_SCHED_SMT=y - CONFIG_NUMA=y --CONFIG_SECCOMP=y - CONFIG_KEXEC=y - CONFIG_KEXEC_FILE=y - CONFIG_CRASH_DUMP=y -@@ -83,7 +81,6 @@ CONFIG_CPU_FREQ_GOV_POWERSAVE=m - CONFIG_CPU_FREQ_GOV_USERSPACE=y - CONFIG_CPU_FREQ_GOV_ONDEMAND=y - CONFIG_CPU_FREQ_GOV_CONSERVATIVE=m --CONFIG_CPU_FREQ_GOV_SCHEDUTIL=y - CONFIG_CPUFREQ_DT=y - CONFIG_ACPI_CPPC_CPUFREQ=m - CONFIG_ARM_ALLWINNER_SUN50I_CPUFREQ_NVMEM=m -@@ -105,7 +102,6 @@ CONFIG_IMX_SCU_PD=y - CONFIG_ACPI=y - CONFIG_ACPI_APEI=y - CONFIG_ACPI_APEI_GHES=y --CONFIG_PCIEAER=y - CONFIG_ACPI_APEI_PCIEAER=y - CONFIG_ACPI_APEI_MEMORY_FAILURE=y - CONFIG_ACPI_APEI_EINJ=y -@@ -181,12 +177,11 @@ CONFIG_QRTR_SMD=m - CONFIG_QRTR_TUN=m - CONFIG_BPF_JIT=y - CONFIG_CAN=m -+CONFIG_CAN_FLEXCAN=m - CONFIG_CAN_RCAR=m - CONFIG_CAN_RCAR_CANFD=m --CONFIG_CAN_FLEXCAN=m - CONFIG_BT=m - CONFIG_BT_HIDP=m --# CONFIG_BT_HS is not set - # CONFIG_BT_LE is not set - CONFIG_BT_LEDS=y - # CONFIG_BT_DEBUGFS is not set -@@ -206,6 +201,7 @@ CONFIG_NFC_NCI=m - CONFIG_NFC_S3FWRN5_I2C=m - CONFIG_PCI=y - CONFIG_PCIEPORTBUS=y -+CONFIG_PCIEAER=y - CONFIG_PCI_IOV=y - CONFIG_PCI_PASID=y - CONFIG_HOTPLUG_PCI=y -@@ -223,13 +219,13 @@ CONFIG_PCI_HOST_THUNDER_ECAM=y - CONFIG_PCIE_ROCKCHIP_HOST=m - CONFIG_PCIE_BRCMSTB=m - CONFIG_PCI_LAYERSCAPE=y --CONFIG_PCIE_LAYERSCAPE_GEN4=y - CONFIG_PCI_HISI=y - CONFIG_PCIE_QCOM=y - CONFIG_PCIE_ARMADA_8K=y - CONFIG_PCIE_KIRIN=y - CONFIG_PCIE_HISI_STB=y - CONFIG_PCIE_TEGRA194_HOST=m -+CONFIG_PCIE_LAYERSCAPE_GEN4=y - CONFIG_PCI_ENDPOINT=y - CONFIG_PCI_ENDPOINT_CONFIGFS=y - CONFIG_PCI_EPF_TEST=m -@@ -239,7 +235,6 @@ CONFIG_FW_LOADER_USER_HELPER=y - CONFIG_FW_LOADER_USER_HELPER_FALLBACK=y - CONFIG_HISILICON_LPC=y - CONFIG_SIMPLE_PM_BUS=y --CONFIG_FSL_MC_BUS=y - CONFIG_TEGRA_ACONNECT=m - CONFIG_MTD=y - CONFIG_MTD_BLOCK=y -@@ -258,7 +253,6 @@ CONFIG_MTD_NAND_MARVELL=y - CONFIG_MTD_NAND_FSL_IFC=y - CONFIG_MTD_NAND_QCOM=y - CONFIG_MTD_SPI_NOR=y --CONFIG_SPI_CADENCE_QUADSPI=y - CONFIG_BLK_DEV_LOOP=y - CONFIG_BLK_DEV_NBD=m - CONFIG_VIRTIO_BLK=y -@@ -343,18 +337,18 @@ CONFIG_SNI_NETSEC=y - CONFIG_STMMAC_ETH=m - CONFIG_TI_K3_AM65_CPSW_NUSS=y - CONFIG_QCOM_IPA=m --CONFIG_MDIO_BUS_MUX_MMIOREG=y --CONFIG_MDIO_BUS_MUX_MULTIPLEXER=y -+CONFIG_MESON_GXL_PHY=m - CONFIG_AQUANTIA_PHY=y - CONFIG_MARVELL_PHY=m - CONFIG_MARVELL_10G_PHY=m --CONFIG_MESON_GXL_PHY=m - CONFIG_MICREL_PHY=y - CONFIG_MICROSEMI_PHY=y - CONFIG_AT803X_PHY=y - CONFIG_REALTEK_PHY=m - CONFIG_ROCKCHIP_PHY=y - CONFIG_VITESSE_PHY=y -+CONFIG_MDIO_BUS_MUX_MULTIPLEXER=y -+CONFIG_MDIO_BUS_MUX_MMIOREG=y - CONFIG_USB_PEGASUS=m - CONFIG_USB_RTL8150=m - CONFIG_USB_RTL8152=m -@@ -454,6 +448,7 @@ CONFIG_SPI=y - CONFIG_SPI_ARMADA_3700=y - CONFIG_SPI_BCM2835=m - CONFIG_SPI_BCM2835AUX=m -+CONFIG_SPI_CADENCE_QUADSPI=y - CONFIG_SPI_FSL_LPSPI=y - CONFIG_SPI_FSL_QUADSPI=y - CONFIG_SPI_NXP_FLEXSPI=y -@@ -514,9 +509,6 @@ CONFIG_GPIO_PCA953X_IRQ=y - CONFIG_GPIO_BD9571MWV=m - CONFIG_GPIO_MAX77620=y - CONFIG_GPIO_SL28CPLD=m --CONFIG_POWER_AVS=y --CONFIG_QCOM_CPR=y --CONFIG_ROCKCHIP_IODOMAIN=y - CONFIG_POWER_RESET_MSM=y - CONFIG_POWER_RESET_XGENE=y - CONFIG_POWER_RESET_SYSCON=y -@@ -533,10 +525,10 @@ CONFIG_SENSORS_INA3221=m - CONFIG_THERMAL_GOV_POWER_ALLOCATOR=y - CONFIG_CPU_THERMAL=y - CONFIG_THERMAL_EMULATION=y --CONFIG_QORIQ_THERMAL=m --CONFIG_SUN8I_THERMAL=y - CONFIG_IMX_SC_THERMAL=m - CONFIG_IMX8MM_THERMAL=m -+CONFIG_QORIQ_THERMAL=m -+CONFIG_SUN8I_THERMAL=y - CONFIG_ROCKCHIP_THERMAL=m - CONFIG_RCAR_THERMAL=y - CONFIG_RCAR_GEN3_THERMAL=y -@@ -553,7 +545,6 @@ CONFIG_WATCHDOG=y - CONFIG_SL28CPLD_WATCHDOG=m - CONFIG_ARM_SP805_WATCHDOG=y - CONFIG_ARM_SBSA_WATCHDOG=y --CONFIG_ARM_SMC_WATCHDOG=y - CONFIG_S3C2410_WATCHDOG=y - CONFIG_DW_WATCHDOG=y - CONFIG_SUNXI_WATCHDOG=m -@@ -562,6 +553,7 @@ CONFIG_IMX_SC_WDT=m - CONFIG_QCOM_WDT=m - CONFIG_MESON_GXBB_WATCHDOG=m - CONFIG_MESON_WATCHDOG=m -+CONFIG_ARM_SMC_WATCHDOG=y - CONFIG_RENESAS_WDT=y - CONFIG_UNIPHIER_WATCHDOG=y - CONFIG_BCM2835_WDT=y -@@ -608,13 +600,12 @@ CONFIG_MEDIA_CAMERA_SUPPORT=y - CONFIG_MEDIA_ANALOG_TV_SUPPORT=y - CONFIG_MEDIA_DIGITAL_TV_SUPPORT=y - CONFIG_MEDIA_SDR_SUPPORT=y --CONFIG_MEDIA_CONTROLLER=y --CONFIG_VIDEO_V4L2_SUBDEV_API=y - CONFIG_MEDIA_PLATFORM_SUPPORT=y - # CONFIG_DVB_NET is not set - CONFIG_MEDIA_USB_SUPPORT=y - CONFIG_USB_VIDEO_CLASS=m - CONFIG_V4L_PLATFORM_DRIVERS=y -+CONFIG_VIDEO_QCOM_CAMSS=m - CONFIG_VIDEO_RCAR_CSI2=m - CONFIG_VIDEO_RCAR_VIN=m - CONFIG_VIDEO_SUN6I_CSI=m -@@ -629,7 +620,6 @@ CONFIG_SDR_PLATFORM_DRIVERS=y - CONFIG_VIDEO_RCAR_DRIF=m - CONFIG_VIDEO_IMX219=m - CONFIG_VIDEO_OV5645=m --CONFIG_VIDEO_QCOM_CAMSS=m - CONFIG_DRM=m - CONFIG_DRM_I2C_NXP_TDA998X=m - CONFIG_DRM_MALI_DISPLAY=m -@@ -661,8 +651,8 @@ CONFIG_DRM_PANEL_RAYDIUM_RM67191=m - CONFIG_DRM_PANEL_SITRONIX_ST7703=m - CONFIG_DRM_PANEL_TRULY_NT35597_WQXGA=m - CONFIG_DRM_DISPLAY_CONNECTOR=m --CONFIG_DRM_NWL_MIPI_DSI=m - CONFIG_DRM_LONTIUM_LT9611=m -+CONFIG_DRM_NWL_MIPI_DSI=m - CONFIG_DRM_SII902X=m - CONFIG_DRM_SIMPLE_BRIDGE=m - CONFIG_DRM_THINE_THC63LVD1024=m -@@ -683,7 +673,6 @@ CONFIG_DRM_PANFROST=m - CONFIG_FB=y - CONFIG_FB_MODE_HELPERS=y - CONFIG_FB_EFI=y --CONFIG_BACKLIGHT_GENERIC=m - CONFIG_BACKLIGHT_PWM=m - CONFIG_BACKLIGHT_LP855X=m - CONFIG_LOGO=y -@@ -727,7 +716,6 @@ CONFIG_SND_SOC_WSA881X=m - CONFIG_SND_SIMPLE_CARD=m - CONFIG_SND_AUDIO_GRAPH_CARD=m - CONFIG_I2C_HID=m --CONFIG_USB_CONN_GPIO=m - CONFIG_USB=y - CONFIG_USB_OTG=y - CONFIG_USB_XHCI_HCD=y -@@ -859,7 +847,6 @@ CONFIG_VIRTIO_BALLOON=y - CONFIG_VIRTIO_MMIO=y - CONFIG_XEN_GNTDEV=y - CONFIG_XEN_GRANT_DEV_ALLOC=y --CONFIG_MFD_CROS_EC_DEV=y - CONFIG_CHROME_PLATFORMS=y - CONFIG_CROS_EC=y - CONFIG_CROS_EC_I2C=y -@@ -885,8 +872,8 @@ CONFIG_QCOM_A53PLL=y - CONFIG_QCOM_CLK_APCS_MSM8916=y - CONFIG_QCOM_CLK_SMD_RPM=y - CONFIG_QCOM_CLK_RPMH=y --CONFIG_IPQ_GCC_8074=y - CONFIG_IPQ_GCC_6018=y -+CONFIG_IPQ_GCC_8074=y - CONFIG_MSM_GCC_8916=y - CONFIG_MSM_GCC_8994=y - CONFIG_MSM_MMCC_8996=y -@@ -894,12 +881,9 @@ CONFIG_MSM_GCC_8998=y - CONFIG_QCS_GCC_404=y - CONFIG_SC_GCC_7180=y - CONFIG_SDM_CAMCC_845=m --CONFIG_SDM_GCC_845=y - CONFIG_SDM_GPUCC_845=y - CONFIG_SDM_VIDEOCC_845=y - CONFIG_SDM_DISPCC_845=y --CONFIG_SM_GCC_8150=y --CONFIG_SM_GCC_8250=y - CONFIG_SM_GPUCC_8150=y - CONFIG_SM_GPUCC_8250=y - CONFIG_QCOM_HFPLL=y -@@ -930,6 +914,7 @@ CONFIG_RASPBERRYPI_POWER=y - CONFIG_FSL_DPAA=y - CONFIG_FSL_MC_DPIO=y - CONFIG_QCOM_AOSS_QMP=y -+CONFIG_QCOM_CPR=y - CONFIG_QCOM_GENI_SE=y - CONFIG_QCOM_RMTFS_MEM=m - CONFIG_QCOM_RPMH=y -@@ -941,19 +926,20 @@ CONFIG_QCOM_SMP2P=y - CONFIG_QCOM_SMSM=y - CONFIG_QCOM_SOCINFO=m - CONFIG_QCOM_APR=m --CONFIG_ARCH_R8A774A1=y --CONFIG_ARCH_R8A774B1=y --CONFIG_ARCH_R8A774C0=y --CONFIG_ARCH_R8A774E1=y -+CONFIG_ARCH_R8A77995=y -+CONFIG_ARCH_R8A77990=y - CONFIG_ARCH_R8A77950=y - CONFIG_ARCH_R8A77951=y -+CONFIG_ARCH_R8A77965=y - CONFIG_ARCH_R8A77960=y - CONFIG_ARCH_R8A77961=y --CONFIG_ARCH_R8A77965=y --CONFIG_ARCH_R8A77970=y - CONFIG_ARCH_R8A77980=y --CONFIG_ARCH_R8A77990=y --CONFIG_ARCH_R8A77995=y -+CONFIG_ARCH_R8A77970=y -+CONFIG_ARCH_R8A774C0=y -+CONFIG_ARCH_R8A774E1=y -+CONFIG_ARCH_R8A774A1=y -+CONFIG_ARCH_R8A774B1=y -+CONFIG_ROCKCHIP_IODOMAIN=y - CONFIG_ROCKCHIP_PM_DOMAINS=y - CONFIG_ARCH_TEGRA_132_SOC=y - CONFIG_ARCH_TEGRA_210_SOC=y -@@ -1017,9 +1003,9 @@ CONFIG_PHY_UNIPHIER_USB3=y - CONFIG_PHY_TEGRA_XUSB=y - CONFIG_ARM_SMMU_V3_PMU=m - CONFIG_FSL_IMX8_DDR_PMU=m --CONFIG_HISI_PMU=y - CONFIG_QCOM_L2_PMU=y - CONFIG_QCOM_L3_PMU=y -+CONFIG_HISI_PMU=y - CONFIG_NVMEM_IMX_OCOTP=y - CONFIG_NVMEM_IMX_OCOTP_SCU=y - CONFIG_QCOM_QFPROM=y -@@ -1035,10 +1021,9 @@ CONFIG_FPGA_REGION=m - CONFIG_OF_FPGA_REGION=m - CONFIG_TEE=y - CONFIG_OPTEE=y --CONFIG_SLIMBUS=m -+CONFIG_MUX_MMIO=y - CONFIG_SLIM_QCOM_CTRL=m - CONFIG_SLIM_QCOM_NGD_CTRL=m --CONFIG_MUX_MMIO=y - CONFIG_INTERCONNECT=y - CONFIG_INTERCONNECT_QCOM=y - CONFIG_INTERCONNECT_QCOM_MSM8916=m -@@ -1059,7 +1044,6 @@ CONFIG_CUSE=m - CONFIG_OVERLAY_FS=m - CONFIG_VFAT_FS=y - CONFIG_HUGETLBFS=y --CONFIG_CONFIGFS_FS=y - CONFIG_EFIVAR_FS=y - CONFIG_SQUASHFS=y - CONFIG_NFS_FS=y diff --git a/meta-arm/recipes-kernel/linux/linux-yocto/zone_dma_revert.patch b/meta-arm/recipes-kernel/linux/linux-yocto/zone_dma_revert.patch deleted file mode 100644 index 12954162..00000000 --- a/meta-arm/recipes-kernel/linux/linux-yocto/zone_dma_revert.patch +++ /dev/null @@ -1,126 +0,0 @@ -Revert ZONE_DMA patches - -Upstream-Status: Inappropriate -Signed-off-by: Jon Mason <jon.mason@arm.com> - -diff --git a/arch/arm64/mm/init.c b/arch/arm64/mm/init.c -index 916e0547fdcc..7fbb9c85af8a 100644 ---- a/arch/arm64/mm/init.c -+++ b/arch/arm64/mm/init.c -@@ -29,7 +29,6 @@ - #include <linux/kexec.h> - #include <linux/crash_dump.h> - #include <linux/hugetlb.h> --#include <linux/acpi_iort.h> - - #include <asm/boot.h> - #include <asm/fixmap.h> -@@ -43,6 +42,8 @@ - #include <asm/tlb.h> - #include <asm/alternative.h> - -+#define ARM64_ZONE_DMA_BITS 30 -+ - /* - * We need to be able to catch inadvertent references to memstart_addr - * that occur (potentially in generic code) before arm64_memblock_init() -@@ -187,13 +188,9 @@ static phys_addr_t __init max_zone_phys(unsigned int zone_bits) - static void __init zone_sizes_init(unsigned long min, unsigned long max) - { - unsigned long max_zone_pfns[MAX_NR_ZONES] = {0}; -- unsigned int __maybe_unused acpi_zone_dma_bits; -- unsigned int __maybe_unused dt_zone_dma_bits; - - #ifdef CONFIG_ZONE_DMA -- acpi_zone_dma_bits = fls64(acpi_iort_dma_get_max_cpu_address()); -- dt_zone_dma_bits = fls64(of_dma_get_max_cpu_address(NULL)); -- zone_dma_bits = min3(32U, dt_zone_dma_bits, acpi_zone_dma_bits); -+ zone_dma_bits = ARM64_ZONE_DMA_BITS; - arm64_dma_phys_limit = max_zone_phys(zone_dma_bits); - max_zone_pfns[ZONE_DMA] = PFN_DOWN(arm64_dma_phys_limit); - #endif -diff --git a/drivers/acpi/arm64/iort.c b/drivers/acpi/arm64/iort.c -index 2494138a6905..94f34109695c 100644 ---- a/drivers/acpi/arm64/iort.c -+++ b/drivers/acpi/arm64/iort.c -@@ -1730,58 +1730,3 @@ void __init acpi_iort_init(void) - - iort_init_platform_devices(); - } -- --#ifdef CONFIG_ZONE_DMA --/* -- * Extract the highest CPU physical address accessible to all DMA masters in -- * the system. PHYS_ADDR_MAX is returned when no constrained device is found. -- */ --phys_addr_t __init acpi_iort_dma_get_max_cpu_address(void) --{ -- phys_addr_t limit = PHYS_ADDR_MAX; -- struct acpi_iort_node *node, *end; -- struct acpi_table_iort *iort; -- acpi_status status; -- int i; -- -- if (acpi_disabled) -- return limit; -- -- status = acpi_get_table(ACPI_SIG_IORT, 0, -- (struct acpi_table_header **)&iort); -- if (ACPI_FAILURE(status)) -- return limit; -- -- node = ACPI_ADD_PTR(struct acpi_iort_node, iort, iort->node_offset); -- end = ACPI_ADD_PTR(struct acpi_iort_node, iort, iort->header.length); -- -- for (i = 0; i < iort->node_count; i++) { -- if (node >= end) -- break; -- -- switch (node->type) { -- struct acpi_iort_named_component *ncomp; -- struct acpi_iort_root_complex *rc; -- phys_addr_t local_limit; -- -- case ACPI_IORT_NODE_NAMED_COMPONENT: -- ncomp = (struct acpi_iort_named_component *)node->node_data; -- local_limit = DMA_BIT_MASK(ncomp->memory_address_limit); -- limit = min_not_zero(limit, local_limit); -- break; -- -- case ACPI_IORT_NODE_PCI_ROOT_COMPLEX: -- if (node->revision < 1) -- break; -- -- rc = (struct acpi_iort_root_complex *)node->node_data; -- local_limit = DMA_BIT_MASK(rc->memory_address_limit); -- limit = min_not_zero(limit, local_limit); -- break; -- } -- node = ACPI_ADD_PTR(struct acpi_iort_node, node, node->length); -- } -- acpi_put_table(&iort->header); -- return limit; --} --#endif -diff --git a/include/linux/acpi_iort.h b/include/linux/acpi_iort.h -index 1a12baa58e40..20a32120bb88 100644 ---- a/include/linux/acpi_iort.h -+++ b/include/linux/acpi_iort.h -@@ -38,7 +38,6 @@ void iort_dma_setup(struct device *dev, u64 *dma_addr, u64 *size); - const struct iommu_ops *iort_iommu_configure_id(struct device *dev, - const u32 *id_in); - int iort_iommu_msi_get_resv_regions(struct device *dev, struct list_head *head); --phys_addr_t acpi_iort_dma_get_max_cpu_address(void); - #else - static inline void acpi_iort_init(void) { } - static inline u32 iort_msi_map_id(struct device *dev, u32 id) -@@ -56,9 +55,6 @@ static inline const struct iommu_ops *iort_iommu_configure_id( - static inline - int iort_iommu_msi_get_resv_regions(struct device *dev, struct list_head *head) - { return 0; } -- --static inline phys_addr_t acpi_iort_dma_get_max_cpu_address(void) --{ return PHYS_ADDR_MAX; } - #endif - - #endif /* __ACPI_IORT_H__ */ diff --git a/meta-arm/recipes-kernel/linux/linux-yocto_5.10.bbappend b/meta-arm/recipes-kernel/linux/linux-yocto_5.10.bbappend deleted file mode 100644 index b9995e04..00000000 --- a/meta-arm/recipes-kernel/linux/linux-yocto_5.10.bbappend +++ /dev/null @@ -1,17 +0,0 @@ -ARMFILESPATHS := "${THISDIR}/${PN}:" - -COMPATIBLE_MACHINE_generic-arm64 = "generic-arm64" -FILESEXTRAPATHS_prepend_generic-arm64 = "${ARMFILESPATHS}" -SRC_URI_append_generic-arm64 = " \ - file://defconfig.patch \ - " - -FILESEXTRAPATHS_prepend_qemuarm64-sbsa = "${ARMFILESPATHS}" -LINUX_VERSION_qemuarm64-sbsa = "5.10.30" -SRCREV_machine_qemuarm64-sbsa = "d6e20b2257ecfa6e796a45a4175863862a28fa11" -SRC_URI_append_qemuarm64-sbsa = " \ - file://defconfig.patch \ - " - -FILESEXTRAPATHS_prepend_qemuarm64-secureboot = "${ARMFILESPATHS}" -SRC_URI_append_qemuarm64-secureboot = " file://zone_dma_revert.patch" diff --git a/meta-arm/recipes-security/optee-ftpm/optee-ftpm/0001-add-enum-to-ta-flags.patch b/meta-arm/recipes-security/optee-ftpm/optee-ftpm/0001-add-enum-to-ta-flags.patch new file mode 100644 index 00000000..7c61105b --- /dev/null +++ b/meta-arm/recipes-security/optee-ftpm/optee-ftpm/0001-add-enum-to-ta-flags.patch @@ -0,0 +1,27 @@ +From cd7b41b30cf157338cfd5cda3c0f6f33164ad16d Mon Sep 17 00:00:00 2001 +From: Maxim Uvarov <maxim.uvarov@linaro.org> +Date: Fri, 17 Apr 2020 12:05:53 +0100 +Subject: [PATCH] add enum to ta flags + +If we compile this TA into OPTEE-OS we need to define a flag +that this TA can be discovered on the optee bus. +Upstream-Status: Submitted [https://github.com/microsoft/MSRSec/pull/34] + +Signed-off-by: Maxim Uvarov <maxim.uvarov@linaro.org> +--- + .../ARM32-FirmwareTPM/optee_ta/fTPM/user_ta_header_defines.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Samples/ARM32-FirmwareTPM/optee_ta/fTPM/user_ta_header_defines.h b/Samples/ARM32-FirmwareTPM/optee_ta/fTPM/user_ta_header_defines.h +index 92c33c1..e83619d 100644 +--- a/Samples/ARM32-FirmwareTPM/optee_ta/fTPM/user_ta_header_defines.h ++++ b/Samples/ARM32-FirmwareTPM/optee_ta/fTPM/user_ta_header_defines.h +@@ -44,7 +44,7 @@ + + #define TA_UUID TA_FTPM_UUID + +-#define TA_FLAGS (TA_FLAG_SINGLE_INSTANCE | TA_FLAG_INSTANCE_KEEP_ALIVE) ++#define TA_FLAGS (TA_FLAG_SINGLE_INSTANCE | TA_FLAG_INSTANCE_KEEP_ALIVE | TA_FLAG_DEVICE_ENUM_SUPP) + #define TA_STACK_SIZE (64 * 1024) + #define TA_DATA_SIZE (32 * 1024) + diff --git a/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb b/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb new file mode 100644 index 00000000..d5f6e01d --- /dev/null +++ b/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb @@ -0,0 +1,79 @@ +SUMMARY = "OPTEE fTPM Microsoft TA" +DESCRIPTION = "TCG reference implementation of the TPM 2.0 Specification." +HOMEPAGE = "https://github.com/microsoft/ms-tpm-20-ref/" + +COMPATIBLE_MACHINE ?= "invalid" +COMPATIBLE_MACHINE:qemuarm64 = "qemuarm64" +COMPATIBLE_MACHINE:qemuarm64-secureboot = "qemuarm64" +COMPATIBLE_MACHINE:qemuarm-secureboot = "qemuarm" + +#FIXME - doesn't currently work with clang +TOOLCHAIN = "gcc" + +inherit deploy python3native + +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://LICENSE;md5=5a3925ece0806073ae9ebbb08ff6f11e" + +DEPENDS = "python3-pyelftools-native optee-os-tadevkit python3-cryptography-native " + +FTPM_UUID="bc50d971-d4c9-42c4-82cb-343fb7f37896" + +SRC_URI = "gitsm://github.com/Microsoft/ms-tpm-20-ref;branch=main;protocol=https \ + file://0001-add-enum-to-ta-flags.patch" +SRCREV = "e9fc7b89d865536c46deb63f9c7d0121a3ded49c" + +UPSTREAM_CHECK_COMMITS = "1" + +S = "${WORKDIR}/git" + +OPTEE_CLIENT_EXPORT = "${STAGING_DIR_HOST}${prefix}" +TEEC_EXPORT = "${STAGING_DIR_HOST}${prefix}" +TA_DEV_KIT_DIR = "${STAGING_INCDIR}/optee/export-user_ta" + +EXTRA_OEMAKE += '\ + CFG_FTPM_USE_WOLF=y \ + TA_DEV_KIT_DIR=${TA_DEV_KIT_DIR} \ + TA_CROSS_COMPILE=${TARGET_PREFIX} \ + CFLAGS="${CFLAGS} --sysroot=${STAGING_DIR_HOST} -I${WORKDIR}/optee-os" \ +' + +EXTRA_OEMAKE:append:aarch64:qemuall = "\ + CFG_ARM64_ta_arm64=y \ +" + +# python3-cryptography needs the legacy provider, so set OPENSSL_MODULES to the +# right path until this is relocated automatically. +export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules" + +PARALLEL_MAKE = "" + +do_compile() { + # The internal ${CC} includes the correct -mcpu option + sed -i 's/-mcpu=$(TA_CPU)//' Samples/ARM32-FirmwareTPM/optee_ta/fTPM/sub.mk + # there's also a secure variable storage TA called authvars + cd ${S}/Samples/ARM32-FirmwareTPM/optee_ta + oe_runmake +} + +do_install () { + mkdir -p ${D}/${nonarch_base_libdir}/optee_armtz + install -D -p -m 0644 ${S}/Samples/ARM32-FirmwareTPM/optee_ta/out/fTPM/${FTPM_UUID}.ta ${D}/${nonarch_base_libdir}/optee_armtz/ + install -D -p -m 0644 ${S}/Samples/ARM32-FirmwareTPM/optee_ta/out/fTPM/${FTPM_UUID}.stripped.elf ${D}/${nonarch_base_libdir}/optee_armtz/ +} + +do_deploy () { + install -d ${DEPLOYDIR}/optee + install -D -p -m 0644 ${S}/Samples/ARM32-FirmwareTPM/optee_ta/out/fTPM/${FTPM_UUID}.stripped.elf ${DEPLOYDIR}/optee/ +} + +addtask deploy before do_build after do_install + +FILES:${PN} += " \ + ${nonarch_base_libdir}/optee_armtz/${FTPM_UUID}.ta \ + ${nonarch_base_libdir}/optee_armtz/${FTPM_UUID}.stripped.elf \ + " + +# Imports machine specific configs from staging to build +PACKAGE_ARCH = "${MACHINE_ARCH}" +INSANE_SKIP:${PN} += "ldflags" diff --git a/meta-arm/recipes-security/optee-ftpm/optee-os_%.bbappend b/meta-arm/recipes-security/optee-ftpm/optee-os_%.bbappend new file mode 100644 index 00000000..31be0e8f --- /dev/null +++ b/meta-arm/recipes-security/optee-ftpm/optee-os_%.bbappend @@ -0,0 +1,11 @@ +FTPM_UUID="bc50d971-d4c9-42c4-82cb-343fb7f37896" + +DEPENDS:append = "\ + ${@bb.utils.contains('MACHINE_FEATURES', 'optee-ftpm', 'optee-ftpm', '' , d)} \ +" + +EXTRA_OEMAKE:append = "\ + ${@bb.utils.contains('MACHINE_FEATURES', 'optee-ftpm', \ + 'CFG_CORE_HEAP_SIZE=131072 CFG_EARLY_TA=y EARLY_TA_PATHS="${STAGING_DIR_TARGET}/${base_libdir}/optee_armtz/${FTPM_UUID}.stripped.elf"', \ + '', d)} \ +" diff --git a/meta-arm/recipes-security/optee/optee-client.inc b/meta-arm/recipes-security/optee/optee-client.inc index 65c9a447..77f6a642 100644 --- a/meta-arm/recipes-security/optee/optee-client.inc +++ b/meta-arm/recipes-security/optee/optee-client.inc @@ -8,8 +8,8 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=69663ab153298557a59c67a60a743e5b" inherit systemd update-rc.d cmake SRC_URI = " \ - git://github.com/OP-TEE/optee_client.git \ - file://tee-supplicant.service \ + git://github.com/OP-TEE/optee_client.git;branch=master;protocol=https \ + file://tee-supplicant@.service \ file://tee-supplicant.sh \ " @@ -21,20 +21,20 @@ EXTRA_OECMAKE = " \ -DBUILD_SHARED_LIBS=ON \ -DCFG_TEE_FS_PARENT_PATH='${localstatedir}/lib/tee' \ " -EXTRA_OECMAKE_append_toolchain-clang = " -DCFG_WERROR=0" +EXTRA_OECMAKE:append:toolchain-clang = " -DCFG_WERROR=0" -do_install_append() { - install -D -p -m0644 ${WORKDIR}/tee-supplicant.service ${D}${systemd_system_unitdir}/tee-supplicant.service +do_install:append() { + install -D -p -m0644 ${WORKDIR}/tee-supplicant@.service ${D}${systemd_system_unitdir}/tee-supplicant@.service install -D -p -m0755 ${WORKDIR}/tee-supplicant.sh ${D}${sysconfdir}/init.d/tee-supplicant sed -i -e s:@sysconfdir@:${sysconfdir}:g \ -e s:@sbindir@:${sbindir}:g \ - ${D}${systemd_system_unitdir}/tee-supplicant.service \ + ${D}${systemd_system_unitdir}/tee-supplicant@.service \ ${D}${sysconfdir}/init.d/tee-supplicant } -SYSTEMD_SERVICE_${PN} = "tee-supplicant.service" +SYSTEMD_SERVICE:${PN} = "tee-supplicant@.service" INITSCRIPT_PACKAGES = "${PN}" -INITSCRIPT_NAME_${PN} = "tee-supplicant" -INITSCRIPT_PARAMS_${PN} = "start 10 1 2 3 4 5 . stop 90 0 6 ." +INITSCRIPT_NAME:${PN} = "tee-supplicant" +INITSCRIPT_PARAMS:${PN} = "start 10 1 2 3 4 5 . stop 90 0 6 ." diff --git a/meta-arm/recipes-security/optee/optee-client/tee-supplicant.service b/meta-arm/recipes-security/optee/optee-client/tee-supplicant@.service index c273832d..72c0b9aa 100644 --- a/meta-arm/recipes-security/optee/optee-client/tee-supplicant.service +++ b/meta-arm/recipes-security/optee/optee-client/tee-supplicant@.service @@ -1,5 +1,5 @@ [Unit] -Description=TEE Supplicant +Description=TEE Supplicant on %i [Service] User=root diff --git a/meta-arm/recipes-security/optee/optee-client_3.11.0.bb b/meta-arm/recipes-security/optee/optee-client_3.11.0.bb deleted file mode 100644 index f765d12c..00000000 --- a/meta-arm/recipes-security/optee/optee-client_3.11.0.bb +++ /dev/null @@ -1,3 +0,0 @@ -require optee-client.inc - -SRCREV = "c0c925384c1d7e3558d27d2708857482952d7907" diff --git a/meta-arm/recipes-security/optee/optee-client_4.1.0.bb b/meta-arm/recipes-security/optee/optee-client_4.1.0.bb new file mode 100644 index 00000000..2f956765 --- /dev/null +++ b/meta-arm/recipes-security/optee/optee-client_4.1.0.bb @@ -0,0 +1,7 @@ +require recipes-security/optee/optee-client.inc + +SRCREV = "f7e4ced15d1fefd073bbfc484fe0e1f74afe96c2" + +inherit pkgconfig +DEPENDS += "util-linux" +EXTRA_OEMAKE += "PKG_CONFIG=pkg-config" diff --git a/meta-arm/recipes-security/optee/optee-examples.inc b/meta-arm/recipes-security/optee/optee-examples.inc index 81c31bc0..5011f480 100644 --- a/meta-arm/recipes-security/optee/optee-examples.inc +++ b/meta-arm/recipes-security/optee/optee-examples.inc @@ -5,15 +5,14 @@ HOMEPAGE = "https://github.com/linaro-swg/optee_examples" LICENSE = "BSD-2-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=cd95ab417e23b94f381dafc453d70c30" -DEPENDS = "optee-client optee-os python3-pycryptodome-native" +DEPENDS = "optee-client optee-os-tadevkit python3-cryptography-native" inherit python3native require optee.inc -SRC_URI = "git://github.com/linaro-swg/optee_examples.git \ - file://0001-make-Pass-ldflags-during-link.patch \ - " +SRC_URI = "git://github.com/linaro-swg/optee_examples.git;branch=master;protocol=https \ + " EXTRA_OEMAKE += "TA_DEV_KIT_DIR=${TA_DEV_KIT_DIR} \ HOST_CROSS_COMPILE=${HOST_PREFIX} \ @@ -24,6 +23,7 @@ EXTRA_OEMAKE += "TA_DEV_KIT_DIR=${TA_DEV_KIT_DIR} \ S = "${WORKDIR}/git" B = "${WORKDIR}/build" + do_compile() { oe_runmake -C ${S} } @@ -32,11 +32,15 @@ do_compile[cleandirs] = "${B}" do_install () { mkdir -p ${D}${nonarch_base_libdir}/optee_armtz mkdir -p ${D}${bindir} + mkdir -p ${D}${libdir}/tee-supplicant/plugins install -D -p -m0755 ${B}/ca/* ${D}${bindir} install -D -p -m0444 ${B}/ta/* ${D}${nonarch_base_libdir}/optee_armtz + install -D -p -m0444 ${B}/plugins/* ${D}${libdir}/tee-supplicant/plugins } -FILES_${PN} += "${nonarch_base_libdir}/optee_armtz/" +FILES:${PN} += "${nonarch_base_libdir}/optee_armtz/ \ + ${libdir}/tee-supplicant/plugins/ \ + " # Imports machine specific configs from staging to build PACKAGE_ARCH = "${MACHINE_ARCH}" diff --git a/meta-arm/recipes-security/optee/optee-examples/0001-make-Pass-ldflags-during-link.patch b/meta-arm/recipes-security/optee/optee-examples/0001-make-Pass-ldflags-during-link.patch deleted file mode 100644 index 84202ef0..00000000 --- a/meta-arm/recipes-security/optee/optee-examples/0001-make-Pass-ldflags-during-link.patch +++ /dev/null @@ -1,103 +0,0 @@ -From 29ae21de41f2fbab6dbecbbf408826b28de82df1 Mon Sep 17 00:00:00 2001 -From: Khem Raj <raj.khem@gmail.com> -Date: Tue, 1 Sep 2020 21:09:56 -0700 -Subject: [PATCH] make: Pass ldflags during link - -OpenEmbeeded needs to pass essential linker flags to set correct flags -for gnu_hash among others which sets the linking straight -using LDFLAGS varible here means, we can affect the linker flags -from build environment - -Upstream-Status: Submitted [https://github.com/linaro-swg/optee_examples/pull/85] - -Signed-off-by: Khem Raj <raj.khem@gmail.com> ---- - acipher/host/Makefile | 2 +- - aes/host/Makefile | 2 +- - hello_world/host/Makefile | 2 +- - hotp/host/Makefile | 2 +- - random/host/Makefile | 2 +- - secure_storage/host/Makefile | 2 +- - 6 files changed, 6 insertions(+), 6 deletions(-) - -diff --git a/acipher/host/Makefile b/acipher/host/Makefile -index 8f4bc8a..c2cabef 100644 ---- a/acipher/host/Makefile -+++ b/acipher/host/Makefile -@@ -18,7 +18,7 @@ BINARY = optee_example_acipher - all: $(BINARY) - - $(BINARY): $(OBJS) -- $(CC) -o $@ $< $(LDADD) -+ $(CC) -o $@ $< $(LDFLAGS) $(LDADD) - - .PHONY: clean - clean: -diff --git a/aes/host/Makefile b/aes/host/Makefile -index dfeb4e8..f61c71b 100644 ---- a/aes/host/Makefile -+++ b/aes/host/Makefile -@@ -18,7 +18,7 @@ BINARY = optee_example_aes - all: $(BINARY) - - $(BINARY): $(OBJS) -- $(CC) -o $@ $< $(LDADD) -+ $(CC) -o $@ $< $(LDFLAGS) $(LDADD) - - .PHONY: clean - clean: -diff --git a/hello_world/host/Makefile b/hello_world/host/Makefile -index c4c8239..69cf42c 100644 ---- a/hello_world/host/Makefile -+++ b/hello_world/host/Makefile -@@ -18,7 +18,7 @@ BINARY = optee_example_hello_world - all: $(BINARY) - - $(BINARY): $(OBJS) -- $(CC) -o $@ $< $(LDADD) -+ $(CC) -o $@ $< $(LDFLAGS) $(LDADD) - - .PHONY: clean - clean: -diff --git a/hotp/host/Makefile b/hotp/host/Makefile -index cb7fd19..e7f013f 100644 ---- a/hotp/host/Makefile -+++ b/hotp/host/Makefile -@@ -18,7 +18,7 @@ BINARY = optee_example_hotp - all: $(BINARY) - - $(BINARY): $(OBJS) -- $(CC) -o $@ $< $(LDADD) -+ $(CC) -o $@ $< $(LDFLAGS) $(LDADD) - - .PHONY: clean - clean: -diff --git a/random/host/Makefile b/random/host/Makefile -index fd407d9..9377f7a 100644 ---- a/random/host/Makefile -+++ b/random/host/Makefile -@@ -18,7 +18,7 @@ BINARY = optee_example_random - all: $(BINARY) - - $(BINARY): $(OBJS) -- $(CC) -o $@ $< $(LDADD) -+ $(CC) -o $@ $< $(LDFLAGS) $(LDADD) - - .PHONY: clean - clean: -diff --git a/secure_storage/host/Makefile b/secure_storage/host/Makefile -index 29bfb87..b3265ae 100644 ---- a/secure_storage/host/Makefile -+++ b/secure_storage/host/Makefile -@@ -18,7 +18,7 @@ BINARY = optee_example_secure_storage - all: $(BINARY) - - $(BINARY): $(OBJS) -- $(CC) -o $@ $< $(LDADD) -+ $(CC) -o $@ $< $(LDFLAGS) $(LDADD) - - .PHONY: clean - clean: --- -2.28.0 - diff --git a/meta-arm/recipes-security/optee/optee-examples_3.11.0.bb b/meta-arm/recipes-security/optee/optee-examples_3.11.0.bb deleted file mode 100644 index 72473eda..00000000 --- a/meta-arm/recipes-security/optee/optee-examples_3.11.0.bb +++ /dev/null @@ -1,4 +0,0 @@ -require optee-examples.inc - -SRCREV = "9a7dc598591990349d88b4dba3a37aadd6851295" - diff --git a/meta-arm/recipes-security/optee/optee-examples_4.1.0.bb b/meta-arm/recipes-security/optee/optee-examples_4.1.0.bb new file mode 100644 index 00000000..f082a25d --- /dev/null +++ b/meta-arm/recipes-security/optee/optee-examples_4.1.0.bb @@ -0,0 +1,3 @@ +require recipes-security/optee/optee-examples.inc + +SRCREV = "378dc0db2d5dd279f58a3b6cb3f78ffd6b165035" diff --git a/meta-arm/recipes-security/optee/optee-os-tadevkit_4.1.0.bb b/meta-arm/recipes-security/optee/optee-os-tadevkit_4.1.0.bb new file mode 100644 index 00000000..961d5251 --- /dev/null +++ b/meta-arm/recipes-security/optee/optee-os-tadevkit_4.1.0.bb @@ -0,0 +1,29 @@ +require recipes-security/optee/optee-os_${PV}.bb + +SUMMARY = "OP-TEE Trusted OS TA devkit" +DESCRIPTION = "OP-TEE TA devkit for build TAs" +HOMEPAGE = "https://www.op-tee.org/" + +DEPENDS += "python3-pycryptodome-native" + +do_install() { + #install TA devkit + install -d ${D}${includedir}/optee/export-user_ta/ + for f in ${B}/export-ta_${OPTEE_ARCH}/* ; do + cp -aR $f ${D}${includedir}/optee/export-user_ta/ + done +} + +do_deploy() { + echo "Do not inherit do_deploy from optee-os." +} + +FILES:${PN} = "${includedir}/optee/" + +# Build paths are currently embedded +INSANE_SKIP:${PN}-dev += "buildpaths" + +# Include extra headers needed by SPMC tests to TA DEVKIT. +# Supported after op-tee v3.20 +EXTRA_OEMAKE:append = "${@bb.utils.contains('MACHINE_FEATURES', 'optee-spmc-test', \ + ' CFG_SPMC_TESTS=y', '' , d)}" diff --git a/meta-arm/recipes-security/optee/optee-os-ts.inc b/meta-arm/recipes-security/optee/optee-os-ts.inc new file mode 100644 index 00000000..d30e8ea7 --- /dev/null +++ b/meta-arm/recipes-security/optee/optee-os-ts.inc @@ -0,0 +1,85 @@ +# Include Trusted Services SPs accordingly to defined machine features + +# Please notice that OPTEE will load SPs in the order listed in this file. +# If an SP requires another SP to be already loaded it must be listed lower. + +# TS SPs UUIDs definitions +require recipes-security/trusted-services/ts-uuid.inc + +TS_ENV ?= "opteesp" +TS_BIN = "${RECIPE_SYSROOT}/usr/${TS_ENV}/bin" +TS_BIN_SPM_TEST= "${RECIPE_SYSROOT}/usr/opteesp/bin" + +SP_EXT = "${@oe.utils.conditional('TS_ENV','opteesp','.stripped.elf','.bin',d)}" + +# ITS SP +DEPENDS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-its', \ + ' ts-sp-its', '' , d)}" +SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-its', \ + ' ${TS_BIN}/${ITS_UUID}${SP_EXT}', '', d)}" + +# Storage SP +DEPENDS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-storage', \ + ' ts-sp-storage', '' , d)}" +SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-storage', \ + ' ${TS_BIN}/${STORAGE_UUID}${SP_EXT}', '', d)}" + +# Crypto SP. +DEPENDS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-crypto', \ + ' ts-sp-crypto', '' , d)}" +SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-crypto', \ + ' ${TS_BIN}/${CRYPTO_UUID}${SP_EXT}', '', d)}" + +# Attestation SP +DEPENDS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-attestation', \ + ' ts-sp-attestation', '' , d)}" +SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-attestation', \ + ' ${TS_BIN}/${ATTESTATION_UUID}${SP_EXT}', '', d)}" + +# Env-test SP +DEPENDS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-env-test', \ + ' ts-sp-env-test', '' , d)}" +SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-env-test', \ + ' ${TS_BIN}/${ENV_TEST_UUID}${SP_EXT}', '', d)}" + +# SE-Proxy SP +DEPENDS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-se-proxy', \ + ' ts-sp-se-proxy', '' , d)}" +SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-se-proxy', \ + ' ${TS_BIN}/${SE_PROXY_UUID}${SP_EXT}', '', d)}" + +# SMM Gateway +DEPENDS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-smm-gateway', \ + ' ts-sp-smm-gateway', '' , d)}" +SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-smm-gateway', \ + ' ${TS_BIN}/${SMM_GATEWAY_UUID}${SP_EXT}', '', d)}" + +# SPM test SPs +DEPENDS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'optee-spmc-test', \ + ' ts-sp-spm-test1 ts-sp-spm-test2 \ + ts-sp-spm-test3 ts-sp-spm-test4', '' , d)}" +SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'optee-spmc-test', \ + ' ${TS_BIN_SPM_TEST}/${SPM_TEST1_UUID}.stripped.elf \ + ${TS_BIN_SPM_TEST}/${SPM_TEST2_UUID}.stripped.elf \ + ${TS_BIN_SPM_TEST}/${SPM_TEST3_UUID}.stripped.elf \ + ${TS_BIN_SPM_TEST}/${SPM_TEST4_UUID}.stripped.elf', \ + '', d)}" +EXTRA_OEMAKE:append = "${@bb.utils.contains('MACHINE_FEATURES', 'optee-spmc-test', \ + ' CFG_SPMC_TESTS=y', '' , d)}" + +# Firmware Update SP +DEPENDS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-fwu', \ + ' ts-sp-fwu', '' , d)}" +SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-fwu', \ + ' ${TS_BIN}/${FWU_UUID}${SP_EXT}', '', d)}" + +# Block Storage SP +DEPENDS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-block-storage', \ + ' ts-sp-block-storage', '' , d)}" + +SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-block-storage', \ + ' ${TS_BIN}/${BLOCK_STORAGE_UUID}${SP_EXT}', '', d)}" + +EXTRA_OEMAKE:append = "${@oe.utils.conditional('SP_PATHS', '', '', \ + ' CFG_MAP_EXT_DT_SECURE=y CFG_SECURE_PARTITION=y \ + SP_PATHS="${SP_PATHS}" ', d)}" diff --git a/meta-arm/recipes-security/optee/optee-os.inc b/meta-arm/recipes-security/optee/optee-os.inc index 483b797d..80ac0097 100644 --- a/meta-arm/recipes-security/optee/optee-os.inc +++ b/meta-arm/recipes-security/optee/optee-os.inc @@ -10,11 +10,11 @@ require optee.inc CVE_PRODUCT = "linaro:op-tee op-tee:op-tee_os" -DEPENDS = "python3-pycryptodome-native python3-pyelftools-native" +DEPENDS = "python3-pyelftools-native python3-cryptography-native" -DEPENDS_append_toolchain-clang = " compiler-rt" +DEPENDS:append:toolchain-clang = " compiler-rt" -SRC_URI = "git://github.com/OP-TEE/optee_os.git" +SRC_URI = "git://github.com/OP-TEE/optee_os.git;branch=master;protocol=https" S = "${WORKDIR}/git" B = "${WORKDIR}/build" @@ -28,14 +28,17 @@ EXTRA_OEMAKE += " \ ta-targets=ta_${OPTEE_ARCH} \ O=${B} \ " +EXTRA_OEMAKE += " HOST_PREFIX=${HOST_PREFIX}" +EXTRA_OEMAKE += " CROSS_COMPILE64=${HOST_PREFIX}" -CFLAGS[unexport] = "1" LDFLAGS[unexport] = "1" CPPFLAGS[unexport] = "1" AS[unexport] = "1" LD[unexport] = "1" -do_configure[noexec] = "1" +do_compile:prepend() { + PLAT_LIBGCC_PATH=$(${CC} -print-libgcc-file-name) +} do_compile() { oe_runmake -C ${S} all @@ -47,30 +50,34 @@ do_install() { install -d ${D}${nonarch_base_libdir}/firmware/ install -m 644 ${B}/core/*.bin ${B}/core/tee.elf ${D}${nonarch_base_libdir}/firmware/ - #install TA devkit - install -d ${D}${includedir}/optee/export-user_ta/ - for f in ${B}/export-ta_${OPTEE_ARCH}/* ; do - cp -aR $f ${D}${includedir}/optee/export-user_ta/ - done + #install tas in optee_armtz + install -d ${D}${nonarch_base_libdir}/optee_armtz/ + install -m 444 ${B}/ta/*/*.ta ${D}${nonarch_base_libdir}/optee_armtz } PACKAGE_ARCH = "${MACHINE_ARCH}" do_deploy() { - install -d ${DEPLOYDIR}/optee - install -m 644 ${D}${nonarch_base_libdir}/firmware/* ${DEPLOYDIR}/optee/ + install -d ${DEPLOYDIR}/${MLPREFIX}optee + install -m 644 ${D}${nonarch_base_libdir}/firmware/* ${DEPLOYDIR}/${MLPREFIX}optee + + install -d ${DEPLOYDIR}/${MLPREFIX}optee/ta + install -m 644 ${B}/ta/*/*.elf ${DEPLOYDIR}/${MLPREFIX}optee/ta } addtask deploy before do_build after do_install SYSROOT_DIRS += "${nonarch_base_libdir}/firmware" -FILES_${PN} = "${nonarch_base_libdir}/firmware/" -FILES_${PN}-dev = "${includedir}/optee/" +PACKAGES += "${PN}-ta" +FILES:${PN} = "${nonarch_base_libdir}/firmware/" +FILES:${PN}-ta = "${nonarch_base_libdir}/optee_armtz/*" -# note: "textrel" is not triggered on all archs -INSANE_SKIP_${PN} = "textrel" -INSANE_SKIP_${PN}-dev = "staticdev" +# note: "textrel" is not triggered on all archs +INSANE_SKIP:${PN} = "textrel" +# Build paths are currently embedded +INSANE_SKIP:${PN} += "buildpaths" +INSANE_SKIP:${PN}-dev = "staticdev" INHIBIT_PACKAGE_STRIP = "1" diff --git a/meta-arm/recipes-security/optee/optee-os/0001-libutils-provide-empty-__getauxval-implementation.patch b/meta-arm/recipes-security/optee/optee-os/0001-libutils-provide-empty-__getauxval-implementation.patch deleted file mode 100644 index 0120f5c2..00000000 --- a/meta-arm/recipes-security/optee/optee-os/0001-libutils-provide-empty-__getauxval-implementation.patch +++ /dev/null @@ -1,62 +0,0 @@ -Upstream-Status: Backport -Signed-off-by: Ross Burton <ross.burton@arm.com> - -From 36e784f621bf5d5be9183beba35f39426277c110 Mon Sep 17 00:00:00 2001 -From: Volodymyr Babchuk <volodymyr_babchuk@epam.com> -Date: Tue, 13 Oct 2020 22:45:39 +0300 -Subject: [PATCH 1/3] libutils: provide empty __getauxval() implementation - -Never version of libgcc are built with LSE implementation in mind. To -determine if LSE is available on platform it calls __getauxval(), so in -some cases we can get undefined reference to __getauxval() error. - -Prominent case is libgcc_eh.a library, which is used by C++ TAs. Exception -handler depends on atomic operations, so it tries to call -init_have_lse_atomics() first. This function in turn calls __getauxval(), -which causes linking error. - -In the future we can make __getauxval() to return actual platform -capabilities. - -Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com> -Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> -Reviewed-by: Jerome Forissier <jerome@forissier.org> ---- - lib/libutils/ext/arch/arm/auxval.c | 12 ++++++++++++ - lib/libutils/ext/arch/arm/sub.mk | 1 + - 2 files changed, 13 insertions(+) - create mode 100644 lib/libutils/ext/arch/arm/auxval.c - -diff --git a/lib/libutils/ext/arch/arm/auxval.c b/lib/libutils/ext/arch/arm/auxval.c -new file mode 100644 -index 00000000..98bca850 ---- /dev/null -+++ b/lib/libutils/ext/arch/arm/auxval.c -@@ -0,0 +1,12 @@ -+// SPDX-License-Identifier: BSD-2-Clause -+/* -+ * Copyright (c) 2020, EPAM Systems -+ */ -+ -+#include <compiler.h> -+ -+unsigned long int __getauxval (unsigned long int type); -+unsigned long int __getauxval (unsigned long int type __unused) -+{ -+ return 0; -+} -diff --git a/lib/libutils/ext/arch/arm/sub.mk b/lib/libutils/ext/arch/arm/sub.mk -index dc5eed67..2e779066 100644 ---- a/lib/libutils/ext/arch/arm/sub.mk -+++ b/lib/libutils/ext/arch/arm/sub.mk -@@ -3,6 +3,7 @@ srcs-$(CFG_ARM32_$(sm)) += aeabi_unwind.c - endif - srcs-$(CFG_ARM32_$(sm)) += atomic_a32.S - srcs-$(CFG_ARM64_$(sm)) += atomic_a64.S -+srcs-y += auxval.c - ifneq ($(sm),ldelf) # TA, core - srcs-$(CFG_ARM32_$(sm)) += mcount_a32.S - srcs-$(CFG_ARM64_$(sm)) += mcount_a64.S --- -2.25.1 - diff --git a/meta-arm/recipes-security/optee/optee-os/0002-link.mk-implement-support-for-libnames-after-libgcc-.patch b/meta-arm/recipes-security/optee/optee-os/0002-link.mk-implement-support-for-libnames-after-libgcc-.patch deleted file mode 100644 index 11296c8c..00000000 --- a/meta-arm/recipes-security/optee/optee-os/0002-link.mk-implement-support-for-libnames-after-libgcc-.patch +++ /dev/null @@ -1,55 +0,0 @@ -Upstream-Status: Backport -Signed-off-by: Ross Burton <ross.burton@arm.com> - -From 73196b58ea6978ffa5e581738030f51c5789ef73 Mon Sep 17 00:00:00 2001 -From: Volodymyr Babchuk <volodymyr_babchuk@epam.com> -Date: Tue, 13 Oct 2020 22:54:13 +0300 -Subject: [PATCH 2/3] link.mk: implement support for libnames-after-libgcc - variable - -Newer versions of libgcc depend on external __getauxval() symbol, which is -now provided by libutils. But libgcc is linked after libutils, so linker -can't resolve that symbol. We can't include libgcc into linking group with -libtutils, because libgcc provides symbols that conflict with libutil's -ones, like __aeabi_idiv with friends for instance. - -So, to resolve libgcc dependency on libutils we need to link with libutils -second time. To make things more generic, we will introduce -$(libnames-after-libgcc) variable for libraries that should be linked after -libgcc. - -Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com> -Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> -Reviewed-by: Jerome Forissier <jerome@forissier.org> ---- - ta/arch/arm/link.mk | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - -diff --git a/ta/arch/arm/link.mk b/ta/arch/arm/link.mk -index 445c285d..3025acb1 100644 ---- a/ta/arch/arm/link.mk -+++ b/ta/arch/arm/link.mk -@@ -55,8 +55,11 @@ link-ldflags += --eh-frame-hdr - link-ldadd += $(libstdc++$(sm)) $(libgcc_eh$(sm)) - endif - link-ldadd += --end-group --ldargs-$(user-ta-uuid).elf := $(link-ldflags) $(objs) $(link-ldadd) $(libgcc$(sm)) - -+link-ldadd-after-libgcc += $(addprefix -l,$(libnames-after-libgcc)) -+ -+ldargs-$(user-ta-uuid).elf := $(link-ldflags) $(objs) $(link-ldadd) \ -+ $(libgcc$(sm)) $(link-ldadd-after-libgcc) - - link-script-cppflags-$(sm) := \ - $(filter-out $(CPPFLAGS_REMOVE) $(cppflags-remove), \ -@@ -76,6 +79,7 @@ $(link-script-pp$(sm)): $(link-script$(sm)) $(conf-file) $(link-script-pp-makefi - $(link-script-cppflags-$(sm)) $$< -o $$@ - - $(link-out-dir$(sm))/$(user-ta-uuid).elf: $(objs) $(libdeps) \ -+ $(libdeps-after-libgcc) \ - $(link-script-pp$(sm)) \ - $(dynlistdep) \ - $(additional-link-deps) --- -2.25.1 - diff --git a/meta-arm/recipes-security/optee/optee-os/0007-allow-setting-sysroot-for-clang.patch b/meta-arm/recipes-security/optee/optee-os/0003-optee-enable-clang-support.patch index 5c0d0a56..3c13ce3f 100644 --- a/meta-arm/recipes-security/optee/optee-os/0007-allow-setting-sysroot-for-clang.patch +++ b/meta-arm/recipes-security/optee/optee-os/0003-optee-enable-clang-support.patch @@ -1,4 +1,4 @@ -From 3167f2c0dba4db59d61b60a8fe66f969d20aafa9 Mon Sep 17 00:00:00 2001 +From 59d4c190eae11c93b26cca5a7b005a17dadc8248 Mon Sep 17 00:00:00 2001 From: Brett Warren <brett.warren@arm.com> Date: Wed, 23 Sep 2020 09:27:34 +0100 Subject: [PATCH] optee: enable clang support @@ -10,15 +10,16 @@ compiler-rt. This is mitigated by including the variable as ammended. Upstream-Status: Pending ChangeId: 8ba69a4b2eb8ebaa047cb266c9aa6c2c3da45701 Signed-off-by: Brett Warren <brett.warren@arm.com> + --- mk/clang.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mk/clang.mk b/mk/clang.mk -index 0f48c836..47465523 100644 +index a045beee8..1ebe2f702 100644 --- a/mk/clang.mk +++ b/mk/clang.mk -@@ -27,7 +27,7 @@ comp-cflags-warns-clang := -Wno-language-extension-token \ +@@ -30,7 +30,7 @@ comp-cflags-warns-clang := -Wno-language-extension-token \ # Note, use the compiler runtime library (libclang_rt.builtins.*.a) instead of # libgcc for clang diff --git a/meta-arm/recipes-security/optee/optee-os/0003-ta_dev_kit.mk-make-sure-that-libutils-is-linked-seco.patch b/meta-arm/recipes-security/optee/optee-os/0003-ta_dev_kit.mk-make-sure-that-libutils-is-linked-seco.patch deleted file mode 100644 index 88ba5f85..00000000 --- a/meta-arm/recipes-security/optee/optee-os/0003-ta_dev_kit.mk-make-sure-that-libutils-is-linked-seco.patch +++ /dev/null @@ -1,44 +0,0 @@ -Upstream-Status: Backport -Signed-off-by: Ross Burton <ross.burton@arm.com> - -From f50962e3f56f0932662b2ffa10afe53339a335dd Mon Sep 17 00:00:00 2001 -From: Volodymyr Babchuk <volodymyr_babchuk@epam.com> -Date: Fri, 16 Oct 2020 16:36:08 +0300 -Subject: [PATCH 3/3] ta_dev_kit.mk: make sure that libutils is linked second - time - -libgcc depends on __getauxval symbol from libuils. As, generally libutils -is linked before libgcc, we will get "unresolved symbol" error. To resolve -this dependency we need to link libutils second time - after libgcc. - -Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com> -Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> -Reviewed-by: Jerome Forissier <jerome@forissier.org> ---- - ta/mk/ta_dev_kit.mk | 10 ++++++++++ - 1 file changed, 10 insertions(+) - -diff --git a/ta/mk/ta_dev_kit.mk b/ta/mk/ta_dev_kit.mk -index e28be677..d0e66317 100644 ---- a/ta/mk/ta_dev_kit.mk -+++ b/ta/mk/ta_dev_kit.mk -@@ -78,6 +78,16 @@ endif - libnames += dl - libdeps += $(ta-dev-kit-dir$(sm))/lib/libdl.a - -+# libutils provides __getauxval symbol which is needed by libgcc 10.x. We can't -+# link libutils after libgcc, because libgcc will replace some symbols provided -+# by libutils, which will cause further linking issues. -+# -+# But if we place libutils before libgcc, linker will not be able to resolve -+# __getauxval. So we need to link with libutils twice: before and after libgcc. -+# Hence it included both in $(libnames) and in $(libnames-after-libgcc) -+libnames-after-libgcc += utils -+libdeps-after-libgcc += $(ta-dev-kit-dir$(sm))/lib/libutils.a -+ - # Pass config variable (CFG_) from conf.mk on the command line - cppflags$(sm) += $(strip \ - $(foreach var, $(filter CFG_%,$(.VARIABLES)), \ --- -2.25.1 - diff --git a/meta-arm/recipes-security/optee/optee-os/0006-allow-setting-sysroot-for-libgcc-lookup.patch b/meta-arm/recipes-security/optee/optee-os/0006-allow-setting-sysroot-for-libgcc-lookup.patch deleted file mode 100644 index 17005396..00000000 --- a/meta-arm/recipes-security/optee/optee-os/0006-allow-setting-sysroot-for-libgcc-lookup.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 0bab935695ebcf0c533b49896ab18ff33d4a47d1 Mon Sep 17 00:00:00 2001 -From: Ross Burton <ross.burton@arm.com> -Date: Tue, 26 May 2020 14:38:02 -0500 -Subject: [PATCH] allow setting sysroot for libgcc lookup - -Explicitly pass the new variable LIBGCC_LOCATE_CFLAGS variable when searching -for the compiler libraries as there's no easy way to reliably pass --sysroot -otherwise. - -Upstream-Status: Pending [https://github.com/OP-TEE/optee_os/issues/4188] -Signed-off-by: Ross Burton <ross.burton@arm.com> ---- - mk/gcc.mk | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/mk/gcc.mk b/mk/gcc.mk -index adc77a24..81bfa78a 100644 ---- a/mk/gcc.mk -+++ b/mk/gcc.mk -@@ -13,11 +13,11 @@ nostdinc$(sm) := -nostdinc -isystem $(shell $(CC$(sm)) \ - -print-file-name=include 2> /dev/null) - - # Get location of libgcc from gcc --libgcc$(sm) := $(shell $(CC$(sm)) $(CFLAGS$(arch-bits-$(sm))) \ -+libgcc$(sm) := $(shell $(CC$(sm)) $(LIBGCC_LOCATE_CFLAGS) $(CFLAGS$(arch-bits-$(sm))) \ - -print-libgcc-file-name 2> /dev/null) --libstdc++$(sm) := $(shell $(CXX$(sm)) $(CXXFLAGS$(arch-bits-$(sm))) $(comp-cxxflags$(sm)) \ -+libstdc++$(sm) := $(shell $(CXX$(sm)) $(LIBGCC_LOCATE_CFLAGS) $(CXXFLAGS$(arch-bits-$(sm))) $(comp-cxxflags$(sm)) \ - -print-file-name=libstdc++.a 2> /dev/null) --libgcc_eh$(sm) := $(shell $(CXX$(sm)) $(CXXFLAGS$(arch-bits-$(sm))) $(comp-cxxflags$(sm)) \ -+libgcc_eh$(sm) := $(shell $(CXX$(sm)) $(LIBGCC_LOCATE_CFLAGS) $(CXXFLAGS$(arch-bits-$(sm))) $(comp-cxxflags$(sm)) \ - -print-file-name=libgcc_eh.a 2> /dev/null) - - # Define these to something to discover accidental use diff --git a/meta-arm/recipes-security/optee/optee-os_3.11.0.bb b/meta-arm/recipes-security/optee/optee-os_3.11.0.bb deleted file mode 100644 index 13b3dc65..00000000 --- a/meta-arm/recipes-security/optee/optee-os_3.11.0.bb +++ /dev/null @@ -1,11 +0,0 @@ -require optee-os.inc - -SRCREV = "c4def2a8262a03244d9a88461699b9b8e43c6b55" - -SRC_URI_append = " \ - file://0006-allow-setting-sysroot-for-libgcc-lookup.patch \ - file://0007-allow-setting-sysroot-for-clang.patch \ - file://0001-libutils-provide-empty-__getauxval-implementation.patch \ - file://0002-link.mk-implement-support-for-libnames-after-libgcc-.patch \ - file://0003-ta_dev_kit.mk-make-sure-that-libutils-is-linked-seco.patch \ -" diff --git a/meta-arm/recipes-security/optee/optee-os_4.%.bbappend b/meta-arm/recipes-security/optee/optee-os_4.%.bbappend new file mode 100644 index 00000000..4f4a0006 --- /dev/null +++ b/meta-arm/recipes-security/optee/optee-os_4.%.bbappend @@ -0,0 +1,5 @@ +# Include Trusted Services Secure Partitions +require recipes-security/optee/optee-os-ts.inc + +# Conditionally include platform specific Trusted Services related OPTEE build parameters +EXTRA_OEMAKE:append:qemuarm64-secureboot = "${@oe.utils.conditional('SP_PATHS', '', '', ' CFG_CORE_HEAP_SIZE=131072 CFG_TEE_BENCHMARK=n CFG_TEE_CORE_LOG_LEVEL=4 CFG_CORE_SEL1_SPMC=y ', d)}" diff --git a/meta-arm/recipes-security/optee/optee-os_4.1.0.bb b/meta-arm/recipes-security/optee/optee-os_4.1.0.bb new file mode 100644 index 00000000..bfb61eb2 --- /dev/null +++ b/meta-arm/recipes-security/optee/optee-os_4.1.0.bb @@ -0,0 +1,10 @@ +require recipes-security/optee/optee-os.inc + +DEPENDS += "dtc-native" + +FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:" + +SRCREV = "18b424c23aa5a798dfe2e4d20b4bde3919dc4e99" +SRC_URI += " \ + file://0003-optee-enable-clang-support.patch \ + " diff --git a/meta-arm/recipes-security/optee/optee-test.inc b/meta-arm/recipes-security/optee/optee-test.inc index f09b9d24..58f10139 100644 --- a/meta-arm/recipes-security/optee/optee-test.inc +++ b/meta-arm/recipes-security/optee/optee-test.inc @@ -2,23 +2,16 @@ SUMMARY = "OP-TEE sanity testsuite" DESCRIPTION = "Open Portable Trusted Execution Environment - Test suite" HOMEPAGE = "https://www.op-tee.org/" -LICENSE = "BSD & GPLv2" -LIC_FILES_CHKSUM = "file://${S}/LICENSE.md;md5=daa2bcccc666345ab8940aab1315a4fa" +LICENSE = "BSD-2-Clause & GPL-2.0-only" +LIC_FILES_CHKSUM = "file://LICENSE.md;md5=daa2bcccc666345ab8940aab1315a4fa" inherit python3native ptest +inherit deploy require optee.inc -# Linking fails on musl due to C++/threads -# https://github.com/OP-TEE/optee_test/issues/458#issuecomment-720540834 -# When upgraded we should be able to remove this limitation -COMPATIBLE_HOST_libc-musl = 'null' +DEPENDS = "optee-client optee-os-tadevkit python3-cryptography-native openssl" -DEPENDS = "optee-client optee-os python3-pycryptodome-native" - -SRC_URI = "git://github.com/OP-TEE/optee_test.git \ - file://0001-host-xtest-Adjust-order-of-including-compiler.h.patch \ - file://0002-make-remove-Wno-unsafe-loop-for-clang.patch \ - file://0003-make-remove-Wmissing-noreturn-for-clang.patch \ +SRC_URI = "git://github.com/OP-TEE/optee_test.git;branch=master;protocol=https \ file://run-ptest \ " @@ -26,16 +19,20 @@ S = "${WORKDIR}/git" B = "${WORKDIR}/build" EXTRA_OEMAKE += "TA_DEV_KIT_DIR=${TA_DEV_KIT_DIR} \ + OPTEE_OPENSSL_EXPORT=${STAGING_INCDIR} \ CROSS_COMPILE_HOST=${HOST_PREFIX} \ CROSS_COMPILE_TA=${HOST_PREFIX} \ O=${B} \ " +CFLAGS += "-Wno-error=deprecated-declarations" + do_compile() { cd ${S} # Top level makefile doesn't seem to handle parallel make gracefully oe_runmake xtest oe_runmake ta + oe_runmake test_plugin } do_compile[cleandirs] = "${B}" @@ -46,9 +43,20 @@ do_install () { # default TEEC_LOAD_PATH is /lib mkdir -p ${D}${nonarch_base_libdir}/optee_armtz/ install -D -p -m0444 ${B}/ta/*/*.ta ${D}${nonarch_base_libdir}/optee_armtz/ + mkdir -p ${D}${libdir}/tee-supplicant/plugins + install -D -p -m0444 ${B}/supp_plugin/*.plugin ${D}${libdir}/tee-supplicant/plugins/ +} + +do_deploy () { + install -d ${DEPLOYDIR}/${MLPREFIX}optee/ta + install -m 644 ${B}/ta/*/*.elf ${DEPLOYDIR}/${MLPREFIX}optee/ta } -FILES_${PN} += "${nonarch_base_libdir}/optee_armtz/" +addtask deploy before do_build after do_install + +FILES:${PN} += "${nonarch_base_libdir}/optee_armtz/ \ + ${libdir}/tee-supplicant/plugins/ \ + " # Imports machine specific configs from staging to build PACKAGE_ARCH = "${MACHINE_ARCH}" diff --git a/meta-arm/recipes-security/optee/optee-test/0001-host-xtest-Adjust-order-of-including-compiler.h.patch b/meta-arm/recipes-security/optee/optee-test/0001-host-xtest-Adjust-order-of-including-compiler.h.patch deleted file mode 100644 index 3c500d7a..00000000 --- a/meta-arm/recipes-security/optee/optee-test/0001-host-xtest-Adjust-order-of-including-compiler.h.patch +++ /dev/null @@ -1,64 +0,0 @@ -From fc95b3ccbbfd336797ae2cfd6dd4dc58644e146f Mon Sep 17 00:00:00 2001 -From: Khem Raj <raj.khem@gmail.com> -Date: Sat, 30 May 2020 17:52:18 -0700 -Subject: [PATCH] host/xtest: Adjust order of including compiler.h - -compiler.h defines some defines which violate libc namespace e.g. -__unused, this works ok with glibc but fails in awkward ways with musl -the reason is musl uses __unused in its internal structures and this -define in compiler.h conflicts with system headers causing errors like - -recipe-sysroot/usr/include/bits/stat.h:17:19: error: expected identifier or '(' before '[' token unsigned __unused[2]; - ^ -including compiler.h afer sys/stat.h fixes the problem. - -Upstream-Status: Pending [https://github.com/OP-TEE/optee_test/issues/453] -Signed-off-by: Khem Raj <raj.khem@gmail.com> ---- - host/xtest/install_ta.c | 2 +- - host/xtest/stats.c | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/host/xtest/install_ta.c b/host/xtest/install_ta.c -index 09a4c6d..6f7bb5c 100644 ---- a/host/xtest/install_ta.c -+++ b/host/xtest/install_ta.c -@@ -4,7 +4,6 @@ - * SPDX-License-Identifier: BSD-2-Clause - */ - --#include <compiler.h> - #include <dirent.h> - #include <err.h> - #include <errno.h> -@@ -20,6 +19,7 @@ - #include <sys/types.h> - #include <tee_client_api.h> - #include <unistd.h> -+#include <compiler.h> - - #include "install_ta.h" - #include "xtest_helpers.h" -diff --git a/host/xtest/stats.c b/host/xtest/stats.c -index 96b0b5f..db9bf25 100644 ---- a/host/xtest/stats.c -+++ b/host/xtest/stats.c -@@ -3,7 +3,6 @@ - * Copyright (c) 2019, Linaro Limited - */ - --#include <compiler.h> - #include <dirent.h> - #include <err.h> - #include <errno.h> -@@ -18,6 +17,7 @@ - #include <sys/types.h> - #include <tee_client_api.h> - #include <unistd.h> -+#include <compiler.h> - #include "xtest_test.h" - #include "stats.h" - --- -2.26.2 - diff --git a/meta-arm/recipes-security/optee/optee-test/0001-xtest-stats-remove-unneeded-stat.h-include.patch b/meta-arm/recipes-security/optee/optee-test/0001-xtest-stats-remove-unneeded-stat.h-include.patch new file mode 100644 index 00000000..581c6db3 --- /dev/null +++ b/meta-arm/recipes-security/optee/optee-test/0001-xtest-stats-remove-unneeded-stat.h-include.patch @@ -0,0 +1,34 @@ +From 236ebb968a298fa5d461e734559ad8a13b667eb6 Mon Sep 17 00:00:00 2001 +From: Jon Mason <jon.mason@arm.com> +Date: Wed, 24 Jan 2024 11:35:50 -0500 +Subject: [PATCH] xtest: stats: remove unneeded stat.h include + +Hack to work around musl compile error: + +| In file included from optee-test/4.1.0/recipe-sysroot/usr/include/sys/stat.h:23, +| from optee-test/4.1.0/git/host/xtest/stats.c:17: +| optee-test/4.1.0/recipe-sysroot/usr/include/bits/stat.h:17:26: error: expected identifier or '(' before '[' token +| 17 | unsigned __unused[2]; +| | ^ + +stat.h is not needed, since it is not being used in this file. So +removing it. + +Upstream-Status: Inappropriate [https://github.com/OP-TEE/optee_test/issues/722] +Signed-off-by: Jon Mason <jon.mason@arm.com> +--- + host/xtest/stats.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/host/xtest/stats.c b/host/xtest/stats.c +index fb16d55586da..05aa3adac611 100644 +--- a/host/xtest/stats.c ++++ b/host/xtest/stats.c +@@ -14,7 +14,6 @@ + #include <stdio.h> + #include <stdlib.h> + #include <string.h> +-#include <sys/stat.h> + #include <sys/types.h> + #include <tee_client_api.h> + #include <unistd.h> diff --git a/meta-arm/recipes-security/optee/optee-test/0002-make-remove-Wno-unsafe-loop-for-clang.patch b/meta-arm/recipes-security/optee/optee-test/0002-make-remove-Wno-unsafe-loop-for-clang.patch deleted file mode 100644 index 17dd7d87..00000000 --- a/meta-arm/recipes-security/optee/optee-test/0002-make-remove-Wno-unsafe-loop-for-clang.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 438533ce9da1df0b7c7914e64b39ffdc1da1ab79 Mon Sep 17 00:00:00 2001 -From: Brett Warren <brett.warran@arm.com> -Date: Thu, 8 Oct 2020 10:03:25 +0100 -Subject: [PATCH] make: remove -Wmissing-noreturn for clang - -When compiling when clang, -Wmissing-noreturn causes an error because -of non-compliant code. This option is removed to workaround this. - -Upstream-Status: Pending [https://github.com/OP-TEE/optee_test/issues/452] -Changed-Id: 71cb511904547d790d1ea98f93bf8e5a6afcb36d -Signed-off-by: Brett Warren <brett.warren@arm.com> ---- - host/xtest/Makefile | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/host/xtest/Makefile b/host/xtest/Makefile -index 3c206b0..96746de 100644 ---- a/host/xtest/Makefile -+++ b/host/xtest/Makefile -@@ -169,7 +169,7 @@ CFLAGS += -Wall -Wcast-align -Werror \ - -Werror-implicit-function-declaration -Wextra -Wfloat-equal \ - -Wformat-nonliteral -Wformat-security -Wformat=2 -Winit-self \ - -Wmissing-declarations -Wmissing-format-attribute \ -- -Wmissing-include-dirs -Wmissing-noreturn \ -+ -Wmissing-include-dirs \ - -Wmissing-prototypes -Wnested-externs -Wpointer-arith \ - -Wshadow -Wstrict-prototypes -Wswitch-default \ - -Wwrite-strings \ --- -2.17.1 - diff --git a/meta-arm/recipes-security/optee/optee-test/0003-make-remove-Wmissing-noreturn-for-clang.patch b/meta-arm/recipes-security/optee/optee-test/0003-make-remove-Wmissing-noreturn-for-clang.patch deleted file mode 100644 index bbc303f3..00000000 --- a/meta-arm/recipes-security/optee/optee-test/0003-make-remove-Wmissing-noreturn-for-clang.patch +++ /dev/null @@ -1,31 +0,0 @@ -From ed5a9d9f7a3e9e14ca0e8aea59008124ee0e5f96 Mon Sep 17 00:00:00 2001 -From: Brett Warren <brett.warren@arm.com> -Date: Thu, 8 Oct 2020 10:20:52 +0100 -Subject: [PATCH] make: remove -Wno-unsafe-loop for clang - -When compiling with clang, the -Wno-unsafe-loop-optimizations option -throws an error because clang doesn't recognise it. This option is -removed to workaround this. - -Upstream-Status: Pending [https://github.com/OP-TEE/optee_test/issues/452] -Change-Id: 5fe0892c73208aaffac8c9995cb3275936fb1ba6 -Signed-off-by: Brett Warren <brett.warren@arm.com> ---- - host/xtest/Makefile | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/host/xtest/Makefile b/host/xtest/Makefile -index 96746de..73731d0 100644 ---- a/host/xtest/Makefile -+++ b/host/xtest/Makefile -@@ -174,7 +174,6 @@ CFLAGS += -Wall -Wcast-align -Werror \ - -Wshadow -Wstrict-prototypes -Wswitch-default \ - -Wwrite-strings \ - -Wno-declaration-after-statement \ -- -Wno-unsafe-loop-optimizations \ - -Wno-missing-field-initializers -Wno-format-zero-length - endif - --- -2.17.1 - diff --git a/meta-arm/recipes-security/optee/optee-test_3.11.0.bb b/meta-arm/recipes-security/optee/optee-test_3.11.0.bb deleted file mode 100644 index 0f8b5b04..00000000 --- a/meta-arm/recipes-security/optee/optee-test_3.11.0.bb +++ /dev/null @@ -1,3 +0,0 @@ -require optee-test.inc - -SRCREV = "159e295d5cc3ad2275ab15fe544620f6604d4ba4" diff --git a/meta-arm/recipes-security/optee/optee-test_4.1.0.bb b/meta-arm/recipes-security/optee/optee-test_4.1.0.bb new file mode 100644 index 00000000..1b124550 --- /dev/null +++ b/meta-arm/recipes-security/optee/optee-test_4.1.0.bb @@ -0,0 +1,12 @@ +require recipes-security/optee/optee-test.inc + +SRCREV = "2e1e7a9c9d659585566a75fc8802f4758c42bcb2" +SRC_URI += "file://0001-xtest-stats-remove-unneeded-stat.h-include.patch" + +# Include ffa_spmc test group if the SPMC test is enabled. +# Supported after op-tee v3.20 +EXTRA_OEMAKE:append = "${@bb.utils.contains('MACHINE_FEATURES', 'optee-spmc-test', \ + ' CFG_SPMC_TESTS=y CFG_SECURE_PARTITION=y', '' , d)}" + +RDEPENDS:${PN} += "${@bb.utils.contains('MACHINE_FEATURES', 'optee-spmc-test', \ + ' arm-ffa-user', '' , d)}" diff --git a/meta-arm/recipes-security/optee/optee.inc b/meta-arm/recipes-security/optee/optee.inc index d093b48c..37676f14 100644 --- a/meta-arm/recipes-security/optee/optee.inc +++ b/meta-arm/recipes-security/optee/optee.inc @@ -1,17 +1,22 @@ UPSTREAM_CHECK_GITTAGREGEX = "^(?P<pver>\d+(\.\d+)+)$" COMPATIBLE_MACHINE ?= "invalid" -COMPATIBLE_MACHINE_qemuarm64 ?= "qemuarm64" +COMPATIBLE_MACHINE:qemuarm64 ?= "qemuarm64" +COMPATIBLE_MACHINE:qemuarm ?= "qemuarm" # Please add supported machines below or set it in .bbappend or .conf OPTEEMACHINE ?= "${MACHINE}" -OPTEEMACHINE_aarch64_qemuall ?= "vexpress-qemu_armv8a" +OPTEEMACHINE:aarch64:qemuall ?= "vexpress-qemu_armv8a" +OPTEEMACHINE:arm:qemuall ?= "vexpress-qemu_virt" OPTEE_ARCH = "null" -OPTEE_ARCH_armv7a = "arm32" -OPTEE_ARCH_aarch64 = "arm64" +OPTEE_ARCH:arm = "arm32" +OPTEE_ARCH:aarch64 = "arm64" OPTEE_CORE = "${@d.getVar('OPTEE_ARCH').upper()}" +# FIXME - breaks with Clang 18. See https://github.com/OP-TEE/optee_os/issues/6754 +TOOLCHAIN = "gcc" + OPTEE_TOOLCHAIN = "${@d.getVar('TOOLCHAIN') or 'gcc'}" OPTEE_COMPILER = "${@bb.utils.contains("BBFILE_COLLECTIONS", "clang-layer", "${OPTEE_TOOLCHAIN}", "gcc", d)}" @@ -20,8 +25,16 @@ OPTEE_COMPILER = "${@bb.utils.contains("BBFILE_COLLECTIONS", "clang-layer", "${O TA_DEV_KIT_DIR = "${STAGING_INCDIR}/optee/export-user_ta" EXTRA_OEMAKE += "V=1 \ - LIBGCC_LOCATE_CFLAGS=--sysroot=${STAGING_DIR_HOST} \ + LIBGCC_LOCATE_CFLAGS='${HOST_CC_ARCH}${TOOLCHAIN_OPTIONS}' \ COMPILER=${OPTEE_COMPILER} \ OPTEE_CLIENT_EXPORT=${STAGING_DIR_HOST}${prefix} \ TEEC_EXPORT=${STAGING_DIR_HOST}${prefix} \ " +# python3-cryptography needs the legacy provider, so set OPENSSL_MODULES to the +# right path until this is relocated automatically. +export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules" + +CFLAGS += "--sysroot=${STAGING_DIR_HOST}" + +# See the rationale in https://github.com/f-secure-foundry/advisories/blob/master/Security_Advisory-Ref_FSC-HWSEC-VR2021-0001-OP-TEE_TrustZone_bypass.txt. +CVE_STATUS[CVE-2021-36133] = "disputed: devices shipped open for development purposes" diff --git a/meta-arm/recipes-security/packagegroups/packagegroup-ts-tests.bb b/meta-arm/recipes-security/packagegroups/packagegroup-ts-tests.bb new file mode 100644 index 00000000..25ee2f5a --- /dev/null +++ b/meta-arm/recipes-security/packagegroups/packagegroup-ts-tests.bb @@ -0,0 +1,28 @@ +SUMMARY = "Trusted Services test/demo linux tools" + +PACKAGE_ARCH = "${MACHINE_ARCH}" + +inherit packagegroup + +COMPATIBLE_HOST = "aarch64.*-linux" +COMPATIBLE_MACHINE ?= "invalid" +COMPATIBLE_MACHINE:qemuarm64-secureboot = "qemuarm64-secureboot" + +PACKAGES = "${PN} ${PN}-psa" + +RDEPENDS:${PN} = "\ + ts-demo \ + ts-service-test \ + ${@bb.utils.contains('MACHINE_FEATURES', 'ts-env-test', 'ts-remote-test', '' , d)} \ + ${@bb.utils.contains('MACHINE_FEATURES', 'ts-smm-gateway', 'ts-uefi-test', '' , d)} \ +" + +SUMMARY:${PN}-psa = "PSA certification tests (psa-arch-test) for TS SPs" +RDEPENDS:${PN}-psa = "\ + ${@bb.utils.contains('MACHINE_FEATURES', 'ts-crypto', 'ts-psa-crypto-api-test', '' , d)} \ + ${@bb.utils.contains('MACHINE_FEATURES', 'ts-its', 'ts-psa-its-api-test', '' , d)} \ + ${@bb.utils.contains('MACHINE_FEATURES', 'ts-storage', 'ts-psa-ps-api-test', '' , d)} \ + ${@bb.utils.contains('MACHINE_FEATURES', 'ts-attestation', 'ts-psa-iat-api-test', '' , d)} \ + ${@bb.utils.contains('MACHINE_FEATURES', 'ts-se-proxy', \ + 'ts-psa-crypto-api-test ts-psa-its-api-test ts-psa-ps-api-test ts-psa-iat-api-test', '' , d)} \ +" diff --git a/meta-arm/recipes-security/trusted-services/files/0001-Allow-configuring-flash-image-files-compile-time.patch b/meta-arm/recipes-security/trusted-services/files/0001-Allow-configuring-flash-image-files-compile-time.patch new file mode 100644 index 00000000..bcffa4b8 --- /dev/null +++ b/meta-arm/recipes-security/trusted-services/files/0001-Allow-configuring-flash-image-files-compile-time.patch @@ -0,0 +1,100 @@ +From 9fbeb9dd8c4f2c842248541b73e4cff9c6f8d26e Mon Sep 17 00:00:00 2001 +From: Gyorgy Szing <gyorgy.szing@arm.com> +Date: Wed, 27 Mar 2024 21:53:51 +0000 +Subject: [PATCH 1/1] Allow configuring flash image files compile time + +Allow configuring image file PATH name for file and semihosted +block_store using CMake build options. + +Upstream-Status: Pending + +Signed-off-by: Gyorgy Szing <gyorgy.szing@arm.com> +--- + .../block_storage/factory/file/block_store_factory.c | 6 +++++- + .../service/block_storage/factory/file/component.cmake | 6 +++++- + .../block_storage/factory/semihosting/block_store_factory.c | 6 +++++- + .../block_storage/factory/semihosting/component.cmake | 6 +++++- + 4 files changed, 20 insertions(+), 4 deletions(-) + +diff --git a/components/service/block_storage/factory/file/block_store_factory.c b/components/service/block_storage/factory/file/block_store_factory.c +index c6915107b..ef05ee791 100644 +--- a/components/service/block_storage/factory/file/block_store_factory.c ++++ b/components/service/block_storage/factory/file/block_store_factory.c +@@ -25,6 +25,10 @@ + #define FILE_BLOCK_SIZE (512) + #endif + ++#ifndef FILE_BLK_FILE_NAME ++#define FILE_BLK_FILE_NAME "secure-flash.img" ++#endif ++ + static char disk_img_filename[256]; + + struct block_store_assembly { +@@ -60,7 +64,7 @@ struct block_store *file_block_store_factory_create(void) + + /* Ensure disk image filename is set */ + if (disk_img_filename[0] == '\0') +- file_block_store_factory_set_filename("secure-flash.img"); ++ file_block_store_factory_set_filename(FILE_BLK_FILE_NAME); + + /* Initialise a file_block_store to provide underlying storage */ + struct block_store *secure_flash = file_block_store_init( +diff --git a/components/service/block_storage/factory/file/component.cmake b/components/service/block_storage/factory/file/component.cmake +index 644f03972..fa15d1399 100644 +--- a/components/service/block_storage/factory/file/component.cmake ++++ b/components/service/block_storage/factory/file/component.cmake +@@ -17,4 +17,8 @@ if (NOT DEFINED TS_BLOCK_STORE_FACTORY) + set(TS_BLOCK_STORE_FACTORY "file_block_store_factory") + target_compile_definitions(${TGT} PRIVATE + CONCRETE_BLOCK_STORE_FACTORY=${TS_BLOCK_STORE_FACTORY}) +-endif() +\ No newline at end of file ++endif() ++ ++set(FILE_BLK_FILE_NAME "secure-flash.img" CACHE PATH "PATH to block storage flash image file.") ++set_property(SOURCE "${CMAKE_CURRENT_LIST_DIR}/block_store_factory.c" APPEND PROPERTY COMPILE_DEFINITIONS FILE_BLK_FILE_NAME="${FILE_BLK_FILE_NAME}") ++message(status "Block storage image file PATH is ${FILE_BLK_FILE_NAME}") +diff --git a/components/service/block_storage/factory/semihosting/block_store_factory.c b/components/service/block_storage/factory/semihosting/block_store_factory.c +index 8e58e3638..09bdb74eb 100644 +--- a/components/service/block_storage/factory/semihosting/block_store_factory.c ++++ b/components/service/block_storage/factory/semihosting/block_store_factory.c +@@ -21,6 +21,10 @@ + /* Most common block size for UEFI volumes */ + #define SEMIHOSTING_BLOCK_SIZE (512) + ++#ifndef SEMIHOSTING_BLK_FILE_NAME ++#define SEMIHOSTING_BLK_FILE_NAME "secure-flash.img" ++#endif ++ + struct block_store_assembly + { + struct semihosting_block_store semihosting_block_store; +@@ -55,7 +59,7 @@ struct block_store *semihosting_block_store_factory_create(void) + /* Initialise a semihosting_block_store to provide underlying storage */ + struct block_store *secure_flash = semihosting_block_store_init( + &assembly->semihosting_block_store, +- "secure-flash.img", ++ SEMIHOSTING_BLK_FILE_NAME, + SEMIHOSTING_BLOCK_SIZE); + + if (secure_flash) { +diff --git a/components/service/block_storage/factory/semihosting/component.cmake b/components/service/block_storage/factory/semihosting/component.cmake +index 97affaf49..98d6dcdcb 100644 +--- a/components/service/block_storage/factory/semihosting/component.cmake ++++ b/components/service/block_storage/factory/semihosting/component.cmake +@@ -17,4 +17,8 @@ if (NOT DEFINED TS_BLOCK_STORE_FACTORY) + set(TS_BLOCK_STORE_FACTORY "semihosting_block_store_factory") + target_compile_definitions(${TGT} PRIVATE + CONCRETE_BLOCK_STORE_FACTORY=${TS_BLOCK_STORE_FACTORY}) +-endif() +\ No newline at end of file ++endif() ++ ++set(SEMIHOSTING_BLK_FILE_NAME "secure-flash.img" CACHE PATH "PATH to block storage flash image file.") ++set_property(SOURCE "${CMAKE_CURRENT_LIST_DIR}/block_store_factory.c" APPEND PROPERTY COMPILE_DEFINITIONS SEMIHOSTING_BLK_FILE_NAME="${SEMIHOSTING_BLK_FILE_NAME}") ++message(status "Block storage semihosting image file PATH is ${SEMIHOSTING_BLK_FILE_NAME}") +\ No newline at end of file +-- +2.34.1 + diff --git a/meta-arm/recipes-security/trusted-services/files/0001-Pass-Yocto-build-settings-to-psa-arch-tests-native.patch b/meta-arm/recipes-security/trusted-services/files/0001-Pass-Yocto-build-settings-to-psa-arch-tests-native.patch new file mode 100644 index 00000000..516aa55f --- /dev/null +++ b/meta-arm/recipes-security/trusted-services/files/0001-Pass-Yocto-build-settings-to-psa-arch-tests-native.patch @@ -0,0 +1,32 @@ +From 3f9b148fe3cad9f1bc6eb08ff8807c54dec5b8d9 Mon Sep 17 00:00:00 2001 +From: Anton Antonov <Anton.Antonov@arm.com> +Date: Tue, 11 Oct 2022 16:17:15 +0100 +Subject: [PATCH] Pass Yocto build settings to psa-arch-tests native build + +PSA-arch-tests need to build a native executable as a part of target build. +The patch defines correct toolchain settings for native builds. + +Upstream-Status: Inappropriate [Yocto build specific change] +Signed-off-by: Anton Antonov <Anton.Antonov@arm.com> +--- + api-tests/tools/scripts/target_cfg/CMakeLists.txt | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/api-tests/tools/scripts/target_cfg/CMakeLists.txt b/api-tests/tools/scripts/target_cfg/CMakeLists.txt +index 259eb9c..fec1fb8 100644 +--- a/api-tests/tools/scripts/target_cfg/CMakeLists.txt ++++ b/api-tests/tools/scripts/target_cfg/CMakeLists.txt +@@ -26,7 +26,9 @@ include("common/CMakeSettings") + include("common/Utils") + + # Causes toolchain to be re-evaluated +-unset(ENV{CC}) ++set(ENV{CC} $ENV{BUILD_CC}) ++set(ENV{CFLAGS} $ENV{BUILD_CFLAGS}) ++set(ENV{LDFLAGS} $ENV{BUILD_LDFLAGS}) + + # Let the CMake look for C compiler + project(TargetConfigGen LANGUAGES C) +-- +2.25.1 + diff --git a/meta-arm/recipes-security/trusted-services/libts/tee-udev.rules b/meta-arm/recipes-security/trusted-services/libts/tee-udev.rules new file mode 100644 index 00000000..43fafd8c --- /dev/null +++ b/meta-arm/recipes-security/trusted-services/libts/tee-udev.rules @@ -0,0 +1,7 @@ +# tee devices can only be accessed by the teeclnt group members +KERNEL=="tee[0-9]*", TAG+="systemd", MODE="0660", GROUP="teeclnt" + +# If a /dev/teepriv[0-9]* device is detected, start an instance of +# tee-supplicant.service with the device name as parameter +KERNEL=="teepriv[0-9]*", MODE="0660", OWNER="root", GROUP="tee", \ + TAG+="systemd", ENV{SYSTEMD_WANTS}+="tee-supplicant@%k.service" diff --git a/meta-arm/recipes-security/trusted-services/libts_%.bbappend b/meta-arm/recipes-security/trusted-services/libts_%.bbappend new file mode 100644 index 00000000..9156e022 --- /dev/null +++ b/meta-arm/recipes-security/trusted-services/libts_%.bbappend @@ -0,0 +1,4 @@ +# Update MM communication buffer address for qemuarm64 machine +EXTRA_OECMAKE:append:qemuarm64-secureboot = "-DMM_COMM_BUFFER_ADDRESS=0x42000000 \ + -DMM_COMM_BUFFER_SIZE=0x1000 \ +" diff --git a/meta-arm/recipes-security/trusted-services/libts_git.bb b/meta-arm/recipes-security/trusted-services/libts_git.bb new file mode 100644 index 00000000..789bde7c --- /dev/null +++ b/meta-arm/recipes-security/trusted-services/libts_git.bb @@ -0,0 +1,42 @@ +DESCRIPTION = "Trusted Services libts library for the arm-linux enviroment. \ + Used for locating and accessing services from a Linux userspace client" + +TS_ENV = "arm-linux" + +require trusted-services.inc + +SRC_URI += "file://tee-udev.rules \ + " + +OECMAKE_SOURCEPATH="${S}/deployments/libts/${TS_ENV}" + +DEPENDS += "arm-tstee arm-ffa-user" +RRECOMMENDS:${PN} += "arm-tstee" + +# Unix group name for dev/tee* ownership. +TEE_GROUP_NAME ?= "teeclnt" + +do_install:append () { + if ${@oe.utils.conditional('VIRTUAL-RUNTIME_dev_manager', 'busybox-mdev', 'false', 'true', d)}; then + install -d ${D}${nonarch_base_libdir}/udev/rules.d/ + install -m 755 ${WORKDIR}/tee-udev.rules ${D}${nonarch_base_libdir}/udev/rules.d/ + sed -i -e "s/teeclnt/${TEE_GROUP_NAME}/" ${D}${nonarch_base_libdir}/udev/rules.d/tee-udev.rules + fi + + # Move the dynamic libraries into the standard place. + install -d ${D}${libdir} + mv ${D}${TS_INSTALL}/lib/libts* ${D}${libdir} + + # Update generated cmake file to use correct paths. + target_cmake=$(find ${D}${TS_INSTALL}/lib/cmake/libts -type f -iname "libtsTargets-*.cmake") + if [ ! -z "$target_cmake" ]; then + sed -i -e "s#/${TS_ENV}##g" $target_cmake + fi +} + +inherit ${@oe.utils.conditional('VIRTUAL-RUNTIME_dev_manager', 'busybox-mdev', '', 'useradd', d)} +USERADD_PACKAGES = "${PN}" +GROUPADD_PARAM:${PN} = "--system ${TEE_GROUP_NAME}" + +FILES:${PN} = "${libdir}/libts.so.* ${nonarch_base_libdir}/udev/rules.d/" +FILES:${PN}-dev = "${TS_INSTALL}/lib/cmake ${TS_INSTALL}/include ${libdir}/libts.so" diff --git a/meta-arm/recipes-security/trusted-services/trusted-services-src.inc b/meta-arm/recipes-security/trusted-services/trusted-services-src.inc new file mode 100644 index 00000000..e05aadd7 --- /dev/null +++ b/meta-arm/recipes-security/trusted-services/trusted-services-src.inc @@ -0,0 +1,77 @@ +# Define sources of Trusted Service and all external dependencies + +LICENSE = "Apache-2.0 & BSD-3-Clause & BSD-2-Clause & Zlib" + +SRC_URI = "git://git.trustedfirmware.org/TS/trusted-services.git;protocol=https;branch=main;name=trusted-services;destsuffix=git/trusted-services \ +" + +FILESEXTRAPATHS:prepend := "${THISDIR}/files:" + +SRC_URI:append = "\ + file://0001-Allow-configuring-flash-image-files-compile-time.patch \ +" + +# Trusted Services; aka. 2024 April 19 +SRCREV_trusted-services = "602be607198ea784bc5ab1c0c9d3ac4e2c67f1d9" +LIC_FILES_CHKSUM = "file://${S}/license.rst;md5=ea160bac7f690a069c608516b17997f4" + +S = "${WORKDIR}/git/trusted-services" +PV ?= "0.0+git" + +# DTC, tag "v1.6.1" +SRC_URI += "git://github.com/dgibson/dtc;name=dtc;protocol=https;branch=main;destsuffix=git/dtc" +SRCREV_dtc = "b6910bec11614980a21e46fbccc35934b671bd81" +LIC_FILES_CHKSUM += "file://../dtc/README.license;md5=a1eb22e37f09df5b5511b8a278992d0e" + +# MbedTLS, tag "v3.5.1" +SRC_URI += "git://github.com/ARMmbed/mbedtls.git;name=mbedtls;protocol=https;branch=master;destsuffix=git/mbedtls" +SRCREV_mbedtls = "15254759342494c7e969766d5424d78d7deb9bfa" +LIC_FILES_CHKSUM += "file://../mbedtls/LICENSE;md5=379d5819937a6c2f1ef1630d341e026d" + +# Nanopb, tag "nanopb-0.4.7" plus some further fixes +SRC_URI += "git://github.com/nanopb/nanopb.git;name=nanopb;protocol=https;branch=master;destsuffix=git/nanopb" +SRCREV_nanopb = "dbbf5d8992295aae669b8071eadad02f87d5faf0" +LIC_FILES_CHKSUM += "file://../nanopb/LICENSE.txt;md5=9db4b73a55a3994384112efcdb37c01f" + +# qcbor, tag "v1.0.0" +SRC_URI += "git://github.com/laurencelundblade/QCBOR.git;name=qcbor;protocol=https;branch=master;destsuffix=git/qcbor" +SRCREV_qcbor = "56b17bf9f74096774944bcac0829adcd887d391e" +LIC_FILES_CHKSUM += "file://../qcbor/README.md;md5=e8ff2e88a722cdc55eddd0bb9aeca002" + +# T_Cose +SRC_URI += "git://github.com/laurencelundblade/t_cose.git;name=tcose;protocol=https;branch=master;destsuffix=git/tcose" +SRCREV_tcose = "fc3a4b2c7196ff582e8242de8bd4a1bc4eec577f" +LIC_FILES_CHKSUM += "file://../tcose/LICENSE;md5=b2ebdbfb82602b97aa628f64cf4b65ad" + +# CppUTest, tag "v3.8" +SRC_URI += "git://github.com/cpputest/cpputest.git;name=cpputest;protocol=https;branch=master;destsuffix=git/cpputest" +SRCREV_cpputest = "e25097614e1c4856036366877a02346c4b36bb5b" +LIC_FILES_CHKSUM += "file://../cpputest/COPYING;md5=ce5d5f1fe02bcd1343ced64a06fd4177" + +SRCREV_FORMAT = "trusted-services_dtc_mbedtls_nanopb_qcbor_tcose_cpputest" + +inherit apply_local_src_patches +LOCAL_SRC_PATCHES_INPUT_DIR = "N/A" + +do_apply_local_src_patches() { + apply_local_src_patches ${S}/external/qcbor ${WORKDIR}/git/qcbor + apply_local_src_patches ${S}/external/t_cose ${WORKDIR}/git/tcose + apply_local_src_patches ${S}/external/MbedTLS ${WORKDIR}/git/mbedtls + apply_local_src_patches ${S}/external/CppUTest ${WORKDIR}/git/cpputest + apply_local_src_patches ${S}/external/libfdt ${WORKDIR}/git/dtc + apply_local_src_patches ${S}/external/nanopb ${WORKDIR}/git/nanopb +} + +do_config:append:() { + # Fine tune MbedTLS configuration for crypto only operation. + sh -c "cd ${WORKDIR}/git/mbedtls; python3 scripts/config.py crypto" +} + +# Paths to dependencies required by some TS SPs/tools +EXTRA_OECMAKE += "-DDTC_SOURCE_DIR=${WORKDIR}/git/dtc \ + -DCPPUTEST_SOURCE_DIR=${WORKDIR}/git/cpputest \ + -DNANOPB_SOURCE_DIR=${WORKDIR}/git/nanopb \ + -DT_COSE_SOURCE_DIR=${WORKDIR}/git/tcose \ + -DQCBOR_SOURCE_DIR=${WORKDIR}/git/qcbor \ + -DMBEDTLS_SOURCE_DIR=${WORKDIR}/git/mbedtls \ + " diff --git a/meta-arm/recipes-security/trusted-services/trusted-services.inc b/meta-arm/recipes-security/trusted-services/trusted-services.inc new file mode 100644 index 00000000..272e9106 --- /dev/null +++ b/meta-arm/recipes-security/trusted-services/trusted-services.inc @@ -0,0 +1,58 @@ +SUMMARY ?= "The Trusted Services: framework for developing root-of-trust services" +HOMEPAGE = "https://trusted-services.readthedocs.io/en/latest/index.html" + +LICENSE = "Apache-2.0 & BSD-3-Clause & Zlib" + +inherit python3native cmake pkgconfig + +COMPATIBLE_HOST = "aarch64.*-linux" +COMPATIBLE_MACHINE ?= "invalid" +COMPATIBLE_MACHINE:qemuarm64-secureboot = "qemuarm64-secureboot" + +require trusted-services-src.inc + +# By default bitbake includes only ${S} (i.e git/trusted-services) in the maps. +# We also need to include the TS dependencies source trees. +DEBUG_PREFIX_MAP:append = "-fmacro-prefix-map=${WORKDIR}/git=/usr/src/debug/${PN}/${EXTENDPE}${PV}-${PR} \ + -fdebug-prefix-map=${WORKDIR}/git=/usr/src/debug/${PN}/${EXTENDPE}${PV}-${PR} \ +" + +TS_PLATFORM ?= "ts/mock" + +# SP images are embedded into optee-os image +# FIP packaging is not supported yet +SP_PACKAGING_METHOD ?= "embedded" + +SYSROOT_DIRS += "/usr/${TS_ENV} /usr/opteesp /usr/arm-linux" + +# TS cmake files use find_file() to search through source code and build dirs. +# Yocto cmake class limits CMAKE_FIND_ROOT_PATH and find_file() fails. +# Include the source tree and build dirs into searchable path. +OECMAKE_EXTRA_ROOT_PATH = "${WORKDIR}/git/ ${WORKDIR}/build/" + +EXTRA_OECMAKE += '-DLIBGCC_LOCATE_CFLAGS="--sysroot=${STAGING_DIR_HOST}" \ + -DCROSS_COMPILE="${TARGET_PREFIX}" \ + -DTS_PLATFORM="${TS_PLATFORM}" \ + ' +export CROSS_COMPILE="${TARGET_PREFIX}" + +# Default TS installation path +TS_INSTALL = "/usr/${TS_ENV}" + +# Use the Yocto cmake toolchain for external components of the arm-linux TS deployments, +# and the TS toolchain for opteesp and sp deployments +def get_ts_toolchain_option(d): + ts_env=d.getVar('TS_ENV') + if ts_env == 'opteesp' or ts_env == 'sp': + return '-DCMAKE_TOOLCHAIN_FILE=${S}/environments/'+ts_env+'/default_toolchain_file.cmake' + if ts_env == 'arm-linux': + return '-DTS_EXTERNAL_LIB_TOOLCHAIN_FILE=${WORKDIR}/toolchain.cmake' + bb.error("Unkown value \"%s\" for TS_ENV." % (ts_env)) + return '' + +EXTRA_OECMAKE += "${@get_ts_toolchain_option(d)}" + +# Paths to pre-built dependencies required by some TS SPs/tools +EXTRA_OECMAKE += "-Dlibts_ROOT=${STAGING_DIR_HOST}${TS_INSTALL}/lib/cmake/libts/ \ + -DNEWLIB_INSTALL_DIR=${STAGING_DIR_HOST}/usr/opteesp/newlib \ + " diff --git a/meta-arm/recipes-security/trusted-services/ts-demo_git.bb b/meta-arm/recipes-security/trusted-services/ts-demo_git.bb new file mode 100644 index 00000000..a17c1720 --- /dev/null +++ b/meta-arm/recipes-security/trusted-services/ts-demo_git.bb @@ -0,0 +1,30 @@ +DESCRIPTION = "Trusted Services ts-demo deployment for arm-linux. \ + Used for running simple TS demo from Linux user-space \ + on an Arm platform with real deployments of trusted services." + +TS_ENV = "arm-linux" + +require trusted-services.inc + +DEPENDS += "python3-jsonschema-native python3-jinja2-native" +DEPENDS += "libts" +RDEPENDS:${PN} += "libts" + +OECMAKE_SOURCEPATH="${S}/deployments/ts-demo/${TS_ENV}" + +# Mbedtls 3.1.0 does not compile with clang. +# This can be removed after TS updated required mbedtls version +TOOLCHAIN = "gcc" + +FILES:${PN} = "${bindir}/ts-demo" + +# TODO: remove FORTIFY_SOURCE as MbedTLS fails to build in yocto if this +# compilation flag is used. +lcl_maybe_fortify = "${@oe.utils.conditional('OPTLEVEL','-O0','','${OPTLEVEL}',d)}" + +do_install:append () { + install -d ${D}${bindir} + mv ${D}${TS_INSTALL}/bin/ts-demo ${D}${bindir} + + rm -r --one-file-system ${D}${TS_INSTALL} +} diff --git a/meta-arm/recipes-security/trusted-services/ts-newlib_4.1.0.bb b/meta-arm/recipes-security/trusted-services/ts-newlib_4.1.0.bb new file mode 100644 index 00000000..669e87ae --- /dev/null +++ b/meta-arm/recipes-security/trusted-services/ts-newlib_4.1.0.bb @@ -0,0 +1,30 @@ +SUMMARY = "Newlib static libraries built with Trusted Services opteesp deployment options" + +TS_ENV = "opteesp" + +require trusted-services.inc + +SRC_URI += "git://sourceware.org/git/newlib-cygwin.git;name=newlib;protocol=https;branch=master;destsuffix=git/newlib \ +" + +# tag "newlib-4.1.0" +SRCREV_newlib = "415fdd4279b85eeec9d54775ce13c5c412451e08" +LIC_FILES_CHKSUM += "file://../newlib/COPYING.NEWLIB;md5=b8dda70da54e0efb49b1074f349d7749" + +# Newlib does not compile with clang +TOOLCHAIN = "gcc" + +EXTRA_OECMAKE += '-DNEWLIB_SOURCE_DIR=${WORKDIR}/git/newlib \ + -DNEWLIB_CFLAGS="--sysroot=${STAGING_DIR_HOST}" \ + ' + +OECMAKE_SOURCEPATH = "${S}/deployments/newlib/${TS_ENV}/" + +# TS ships a patch that needs to be applied to newlib +apply_ts_patch() { + ( cd ${WORKDIR}/git/newlib; git stash; git branch -f bf_am; git am ${S}/external/newlib/*.patch; git reset bf_am ) +} +do_patch[postfuncs] += "apply_ts_patch" + +FILES:${PN}-dev = "${TS_INSTALL}/newlib" +FILES:${PN}-staticdev = "${TS_INSTALL}/newlib/*/lib/*.a" diff --git a/meta-arm/recipes-security/trusted-services/ts-psa-api-test-common_git.inc b/meta-arm/recipes-security/trusted-services/ts-psa-api-test-common_git.inc new file mode 100644 index 00000000..93051bf3 --- /dev/null +++ b/meta-arm/recipes-security/trusted-services/ts-psa-api-test-common_git.inc @@ -0,0 +1,32 @@ +SUMMARY = "Parts of PSA certification tests (psa-arch-test) for Trusted Services" + +TS_ENV = "arm-linux" + +require trusted-services.inc + +DEPENDS += "python3-jsonschema-native python3-jinja2-native" + +DEPENDS += "libts" +RDEPENDS:${PN} += "libts" + +SRC_URI += "git://github.com/ARM-software/psa-arch-tests.git;name=psatest;protocol=https;branch=main;destsuffix=git/psatest \ + file://0001-Pass-Yocto-build-settings-to-psa-arch-tests-native.patch;patchdir=../psatest \ + " + +SRCREV_psatest = "74dc6646ff594e131a726a5305aba77bac30eceb" +LIC_FILES_CHKSUM += "file://../psatest/LICENSE.md;md5=2a944942e1496af1886903d274dedb13" + +EXTRA_OECMAKE += "-DPSA_ARCH_TESTS_SOURCE_DIR=${WORKDIR}/git/psatest" + +do_apply_local_src_patches:append() { + apply_local_src_patches ${S}/external/psa_arch_tests ${WORKDIR}/git/psatest +} + +FILES:${PN} = "${bindir}/${PSA_TEST}" + +do_install:append () { + install -d ${D}${bindir} + mv ${D}${TS_INSTALL}/bin/${PSA_TEST} ${D}${bindir} + + rm -r --one-file-system ${D}${TS_INSTALL} +} diff --git a/meta-arm/recipes-security/trusted-services/ts-psa-crypto-api-test_git.bb b/meta-arm/recipes-security/trusted-services/ts-psa-crypto-api-test_git.bb new file mode 100644 index 00000000..710d3778 --- /dev/null +++ b/meta-arm/recipes-security/trusted-services/ts-psa-crypto-api-test_git.bb @@ -0,0 +1,9 @@ +DESCRIPTION = "Crypto PSA certification tests (psa-arch-test)" + +TS_ENV = "arm-linux" + +require ts-psa-api-test-common_${PV}.inc + +OECMAKE_SOURCEPATH = "${S}/deployments/psa-api-test/crypto/${TS_ENV}" + +PSA_TEST = "psa-crypto-api-test" diff --git a/meta-arm/recipes-security/trusted-services/ts-psa-iat-api-test_git.bb b/meta-arm/recipes-security/trusted-services/ts-psa-iat-api-test_git.bb new file mode 100644 index 00000000..c39554a6 --- /dev/null +++ b/meta-arm/recipes-security/trusted-services/ts-psa-iat-api-test_git.bb @@ -0,0 +1,25 @@ +DESCRIPTION = "Initial Attestation PSA certification tests (psa-arch-test) for Trusted Services" + +TS_ENV = "arm-linux" + +require ts-psa-api-test-common_${PV}.inc + +OECMAKE_SOURCEPATH = "${S}/deployments/psa-api-test/initial_attestation/${TS_ENV}" + +PSA_TEST = "psa-iat-api-test" + +# psa-arch-tests for INITIAL_ATTESTATION suite can't be built with pre-built qcbor +# Fetch qcbor sources as a temp work-around and pass PSA_TARGET_QCBOR to psa-arch-tests +SRC_URI += "git://github.com/laurencelundblade/QCBOR.git;name=psaqcbor;protocol=https;branch=master;destsuffix=git/psaqcbor \ + " +SRCREV_psaqcbor = "42272e466a8472948bf8fca076d113b81b99f0e0" + +EXTRA_OECMAKE += "-DPSA_TARGET_QCBOR=${WORKDIR}/git/psaqcbor \ + " +# TODO: remove FORTIFY_SOURCE as MbedTLS fails to build in yocto if this +# compilation flag is used. +lcl_maybe_fortify = "${@oe.utils.conditional('OPTLEVEL','-O0','','${OPTLEVEL}',d)}" + +# Mbedtls 3.1.0 does not compile with clang. +# This can be removed after TS updated required mbedtls version +TOOLCHAIN = "gcc" diff --git a/meta-arm/recipes-security/trusted-services/ts-psa-its-api-test_git.bb b/meta-arm/recipes-security/trusted-services/ts-psa-its-api-test_git.bb new file mode 100644 index 00000000..32f2890b --- /dev/null +++ b/meta-arm/recipes-security/trusted-services/ts-psa-its-api-test_git.bb @@ -0,0 +1,9 @@ +DESCRIPTION = "Internal Trusted Storage PSA certification tests (psa-arch-test) for Trusted Services" + +TS_ENV = "arm-linux" + +require ts-psa-api-test-common_${PV}.inc + +OECMAKE_SOURCEPATH = "${S}/deployments/psa-api-test/internal_trusted_storage/${TS_ENV}" + +PSA_TEST = "psa-its-api-test" diff --git a/meta-arm/recipes-security/trusted-services/ts-psa-ps-api-test_git.bb b/meta-arm/recipes-security/trusted-services/ts-psa-ps-api-test_git.bb new file mode 100644 index 00000000..bcf16712 --- /dev/null +++ b/meta-arm/recipes-security/trusted-services/ts-psa-ps-api-test_git.bb @@ -0,0 +1,9 @@ +DESCRIPTION = "Protected Storage PSA certification tests (psa-arch-test) for Trusted Services" + +TS_ENV = "arm-linux" + +require ts-psa-api-test-common_${PV}.inc + +OECMAKE_SOURCEPATH = "${S}/deployments/psa-api-test/protected_storage/${TS_ENV}" + +PSA_TEST = "psa-ps-api-test" diff --git a/meta-arm/recipes-security/trusted-services/ts-remote-test_git.bb b/meta-arm/recipes-security/trusted-services/ts-remote-test_git.bb new file mode 100644 index 00000000..1633ecfe --- /dev/null +++ b/meta-arm/recipes-security/trusted-services/ts-remote-test_git.bb @@ -0,0 +1,19 @@ +DESCRIPTION = "Trusted Services ts-remote-test deployment for arm-linux." + +TS_ENV = "arm-linux" + +require trusted-services.inc + +DEPENDS += "libts" +RDEPENDS:${PN} += "libts" + +OECMAKE_SOURCEPATH = "${S}/deployments/ts-remote-test/${TS_ENV}" + +FILES:${PN} = "${bindir}/ts-remote-test" + +do_install:append () { + install -d ${D}${bindir} + mv ${D}${TS_INSTALL}/bin/ts-remote-test ${D}${bindir} + + rm -r --one-file-system ${D}${TS_INSTALL} +} diff --git a/meta-arm/recipes-security/trusted-services/ts-service-test_git.bb b/meta-arm/recipes-security/trusted-services/ts-service-test_git.bb new file mode 100644 index 00000000..3278c6c6 --- /dev/null +++ b/meta-arm/recipes-security/trusted-services/ts-service-test_git.bb @@ -0,0 +1,21 @@ +DESCRIPTION = "Trusted Services ts-service-test deployment for arm-linux. \ + Used for running service level tests from Linux user-space \ + on an Arm platform with real deployments of trusted services." + +TS_ENV = "arm-linux" + +require trusted-services.inc + +DEPENDS += "libts python3-protobuf-native" +RDEPENDS:${PN} += "libts" + +OECMAKE_SOURCEPATH = "${S}/deployments/ts-service-test/${TS_ENV}" + +FILES:${PN} = "${bindir}/ts-service-test" + +do_install:append () { + install -d ${D}${bindir} + mv ${D}${TS_INSTALL}/bin/ts-service-test ${D}${bindir} + + rm -r --one-file-system ${D}${TS_INSTALL} +} diff --git a/meta-arm/recipes-security/trusted-services/ts-sp-attestation_git.bb b/meta-arm/recipes-security/trusted-services/ts-sp-attestation_git.bb new file mode 100644 index 00000000..6cddfb03 --- /dev/null +++ b/meta-arm/recipes-security/trusted-services/ts-sp-attestation_git.bb @@ -0,0 +1,8 @@ +DESCRIPTION = "Trusted Services attestation service provider" + +require ts-sp-common.inc + +SP_UUID = "${ATTESTATION_UUID}" +TS_SP_IAT_CONFIG ?= "default" + +OECMAKE_SOURCEPATH="${S}/deployments/attestation/config/${TS_SP_IAT_CONFIG}-${TS_ENV}" diff --git a/meta-arm/recipes-security/trusted-services/ts-sp-block-storage_git.bb b/meta-arm/recipes-security/trusted-services/ts-sp-block-storage_git.bb new file mode 100644 index 00000000..efbaad14 --- /dev/null +++ b/meta-arm/recipes-security/trusted-services/ts-sp-block-storage_git.bb @@ -0,0 +1,13 @@ +# SPDX-FileCopyrightText: <text>Copyright 2023 Arm Limited and/or its +# affiliates <open-source-office@arm.com></text> +# +# SPDX-License-Identifier: MIT + +DESCRIPTION = "Trusted Services block storage service provider" + +require ts-sp-common.inc + +SP_UUID = "${BLOCK_STORAGE_UUID}" +TS_SP_BLOCK_STORAGE_CONFIG ?= "default" + +OECMAKE_SOURCEPATH="${S}/deployments/block-storage/config/${TS_SP_BLOCK_STORAGE_CONFIG}-${TS_ENV}" diff --git a/meta-arm/recipes-security/trusted-services/ts-sp-common.inc b/meta-arm/recipes-security/trusted-services/ts-sp-common.inc new file mode 100644 index 00000000..c8b1409c --- /dev/null +++ b/meta-arm/recipes-security/trusted-services/ts-sp-common.inc @@ -0,0 +1,43 @@ +# Common part of all Trusted Services SPs recipes + +TS_ENV ?= "opteesp" + +require trusted-services.inc +require ts-uuid.inc + +DEPENDS += "dtc-native ts-newlib" +DEPENDS += "${@oe.utils.conditional('TS_ENV','sp','python3-pyelftools-native','', d)}" + +FILES:${PN}-dev = "${TS_INSTALL}" + +# Secure Partition DTS file might be updated in bbapend files +SP_DTS_FILE ?= "${D}${TS_INSTALL}/manifest/${SP_UUID}.dts" + +do_install:append() { + # Generate SP DTB which will be included automatically by optee-os build process + dtc -I dts -O dtb -o ${D}${TS_INSTALL}/manifest/${SP_UUID}.dtb ${SP_DTS_FILE} + + # We do not need libs and headers + rm -rf --one-file-system ${D}${TS_INSTALL}/lib + rm -rf --one-file-system ${D}${TS_INSTALL}/include +} + +# Use Yocto debug prefix maps for compiling assembler. +EXTRA_OECMAKE += '-DCMAKE_ASM_FLAGS="${DEBUG_PREFIX_MAP}"' + +# Ignore that SP stripped.elf does not have GNU_HASH +# Older versions of optee support SYSV hash only. +INSANE_SKIP:${PN}-dev += "ldflags" + +# Trusted Services SPs do not compile with clang +TOOLCHAIN = "gcc" + +# FORTIFY_SOURCE is a glibc feature. Disable it for all SPs as these do not use glibc. +TARGET_CFLAGS:remove = "-D_FORTIFY_SOURCE=2" +OECMAKE_C_FLAGS:remove = "-D_FORTIFY_SOURCE=2" +OECMAKE_CXX_FLAGS:remove = "-D_FORTIFY_SOURCE=2" + +# Override yoctos default linux specific toolchain file. trusted-services.inc +# will add a proper tooclhain option. +OECMAKE_ARGS:remove="-DCMAKE_TOOLCHAIN_FILE:FILEPATH=${WORKDIR}/toolchain.cmake" + diff --git a/meta-arm/recipes-security/trusted-services/ts-sp-crypto_git.bb b/meta-arm/recipes-security/trusted-services/ts-sp-crypto_git.bb new file mode 100644 index 00000000..867e4a81 --- /dev/null +++ b/meta-arm/recipes-security/trusted-services/ts-sp-crypto_git.bb @@ -0,0 +1,10 @@ +DESCRIPTION = "Trusted Services crypto service provider" + +require ts-sp-common.inc + +SP_UUID = "${CRYPTO_UUID}" +TS_SP_CRYPTO_CONFIG ?= "default" + +DEPENDS += "python3-protobuf-native python3-jsonschema-native python3-jinja2-native" + +OECMAKE_SOURCEPATH="${S}/deployments/crypto/config/${TS_SP_CRYPTO_CONFIG}-${TS_ENV}" diff --git a/meta-arm/recipes-security/trusted-services/ts-sp-fwu_git.bb b/meta-arm/recipes-security/trusted-services/ts-sp-fwu_git.bb new file mode 100644 index 00000000..02f58fb4 --- /dev/null +++ b/meta-arm/recipes-security/trusted-services/ts-sp-fwu_git.bb @@ -0,0 +1,32 @@ +# SPDX-FileCopyrightText: <text>Copyright 2024 Arm Limited and/or its +# affiliates <open-source-office@arm.com></text> +# +# SPDX-License-Identifier: MIT + +DESCRIPTION = "Trusted Services Firmware Update Service provider" + +require ts-sp-common.inc +inherit deploy + +SP_UUID = "${FWU_UUID}" +TS_SP_FWU_CONFIG ?= "default" + +OECMAKE_SOURCEPATH="${S}/deployments/fwu/config/${TS_SP_FWU_CONFIG}-${TS_ENV}" + +# The GPT parser component is needed from TF-A +SRC_URI += "git://git.trustedfirmware.org/TF-A/trusted-firmware-a.git;name=tfa;protocol=https;branch=master;destsuffix=git/tf-a" +SRCREV_tfa = "v2.7.0" +LIC_FILES_CHKSUM = "file://../tf-a/docs/license.rst;md5=b2c740efedc159745b9b31f88ff03dde" +do_apply_local_src_patches:append() { + apply_local_src_patches ${S}/external/tf_a ${WORKDIR}/git/tf-a +} + +EXTRA_OECMAKE:append = "-DTFA_SOURCE_DIR=${WORKDIR}/git/tf-a" + +# Deploy the secure flash image. +do_deploy() { + cp -v ${S}/components/media/disk/disk_images/multi_location_fw.img ${DEPLOYDIR}/secure-flash.img +} +addtask deploy after do_compile + +EXTRA_OECMAKE:append:qemuall = " -DSEMIHOSTING_BLK_FILE_NAME:STRING=${@oe.path.relative('${TMPDIR}', '${DEPLOY_DIR_IMAGE}')}/secure-flash.img" diff --git a/meta-arm/recipes-security/trusted-services/ts-sp-its_git.bb b/meta-arm/recipes-security/trusted-services/ts-sp-its_git.bb new file mode 100644 index 00000000..5472dbda --- /dev/null +++ b/meta-arm/recipes-security/trusted-services/ts-sp-its_git.bb @@ -0,0 +1,8 @@ +DESCRIPTION = "Trusted Services internal secure storage service provider" + +require ts-sp-common.inc + +SP_UUID = "${ITS_UUID}" +TS_SP_ITS_CONFIG ?= "default" + +OECMAKE_SOURCEPATH="${S}/deployments/internal-trusted-storage/config/${TS_SP_ITS_CONFIG}-${TS_ENV}" diff --git a/meta-arm/recipes-security/trusted-services/ts-sp-se-proxy_git.bb b/meta-arm/recipes-security/trusted-services/ts-sp-se-proxy_git.bb new file mode 100644 index 00000000..26781434 --- /dev/null +++ b/meta-arm/recipes-security/trusted-services/ts-sp-se-proxy_git.bb @@ -0,0 +1,10 @@ +DESCRIPTION = "Trusted Services proxy service providers" + +require ts-sp-common.inc + +SP_UUID = "${SE_PROXY_UUID}" +TS_SP_SE_PROXY_CONFIG ?= "default" + +DEPENDS += "python3-protobuf-native" + +OECMAKE_SOURCEPATH="${S}/deployments/se-proxy/config/${TS_SP_SE_PROXY_CONFIG}-${TS_ENV}" diff --git a/meta-arm/recipes-security/trusted-services/ts-sp-smm-gateway_%.bbappend b/meta-arm/recipes-security/trusted-services/ts-sp-smm-gateway_%.bbappend new file mode 100644 index 00000000..c485a562 --- /dev/null +++ b/meta-arm/recipes-security/trusted-services/ts-sp-smm-gateway_%.bbappend @@ -0,0 +1,5 @@ + +# Update MM communication buffer address for qemuarm64 machine +EXTRA_OECMAKE:append:qemuarm64-secureboot = "-DMM_COMM_BUFFER_ADDRESS="0x00000000 0x42000000" \ + -DMM_COMM_BUFFER_PAGE_COUNT="1" \ +" diff --git a/meta-arm/recipes-security/trusted-services/ts-sp-smm-gateway_git.bb b/meta-arm/recipes-security/trusted-services/ts-sp-smm-gateway_git.bb new file mode 100644 index 00000000..752f7fe7 --- /dev/null +++ b/meta-arm/recipes-security/trusted-services/ts-sp-smm-gateway_git.bb @@ -0,0 +1,8 @@ +DESCRIPTION = "Trusted Services service provider for UEFI SMM services" + +require ts-sp-common.inc + +SP_UUID = "${SMM_GATEWAY_UUID}" +TS_SP_SMM_GATEWAY_CONFIG ?= "default" + +OECMAKE_SOURCEPATH="${S}/deployments/smm-gateway/config/${TS_SP_SMM_GATEWAY_CONFIG}-${TS_ENV}" diff --git a/meta-arm/recipes-security/trusted-services/ts-sp-spm-test-common.inc b/meta-arm/recipes-security/trusted-services/ts-sp-spm-test-common.inc new file mode 100644 index 00000000..5c0d6865 --- /dev/null +++ b/meta-arm/recipes-security/trusted-services/ts-sp-spm-test-common.inc @@ -0,0 +1,10 @@ +DESCRIPTION = "Trusted Services SPMC test SPs" + +# spm test SP only supports opteesp. +TS_ENV = 'opteesp' + +require ts-sp-common.inc + +SP_UUID = "${SPM_TEST${SP_INDEX}_UUID}" +SP_DTS_FILE ?= "${D}${TS_INSTALL}/manifest/${SP_UUID}.dts" +OECMAKE_SOURCEPATH="${S}/deployments/spm-test${SP_INDEX}/${TS_ENV}" diff --git a/meta-arm/recipes-security/trusted-services/ts-sp-spm-test1_git.bb b/meta-arm/recipes-security/trusted-services/ts-sp-spm-test1_git.bb new file mode 100644 index 00000000..4cbb970b --- /dev/null +++ b/meta-arm/recipes-security/trusted-services/ts-sp-spm-test1_git.bb @@ -0,0 +1,5 @@ +DESCRIPTION = "Trusted Services SPMC test SP1" + +SP_INDEX="1" + +require ts-sp-spm-test-common.inc diff --git a/meta-arm/recipes-security/trusted-services/ts-sp-spm-test2_git.bb b/meta-arm/recipes-security/trusted-services/ts-sp-spm-test2_git.bb new file mode 100644 index 00000000..e6fb822b --- /dev/null +++ b/meta-arm/recipes-security/trusted-services/ts-sp-spm-test2_git.bb @@ -0,0 +1,6 @@ +DESCRIPTION = "Trusted Services SPMC test SP2" + +SP_INDEX="2" + +require ts-sp-spm-test-common.inc + diff --git a/meta-arm/recipes-security/trusted-services/ts-sp-spm-test3_git.bb b/meta-arm/recipes-security/trusted-services/ts-sp-spm-test3_git.bb new file mode 100644 index 00000000..ad3ee76e --- /dev/null +++ b/meta-arm/recipes-security/trusted-services/ts-sp-spm-test3_git.bb @@ -0,0 +1,6 @@ +DESCRIPTION = "Trusted Services SPMC test SP3" + +SP_INDEX="3" + +require ts-sp-spm-test-common.inc + diff --git a/meta-arm/recipes-security/trusted-services/ts-sp-spm-test4_git.bb b/meta-arm/recipes-security/trusted-services/ts-sp-spm-test4_git.bb new file mode 100644 index 00000000..2ee69c1f --- /dev/null +++ b/meta-arm/recipes-security/trusted-services/ts-sp-spm-test4_git.bb @@ -0,0 +1,6 @@ +DESCRIPTION = "Trusted Services SPMC test SP4" + +SP_INDEX="4" + +require ts-sp-spm-test-common.inc + diff --git a/meta-arm/recipes-security/trusted-services/ts-sp-storage_git.bb b/meta-arm/recipes-security/trusted-services/ts-sp-storage_git.bb new file mode 100644 index 00000000..5b2f47b3 --- /dev/null +++ b/meta-arm/recipes-security/trusted-services/ts-sp-storage_git.bb @@ -0,0 +1,8 @@ +DESCRIPTION = "Trusted Services secure storage service provider" + +require ts-sp-common.inc + +SP_UUID = "${STORAGE_UUID}" +TS_SP_PS_CONFIG ?= "default" + +OECMAKE_SOURCEPATH="${S}/deployments/protected-storage/config/${TS_SP_PS_CONFIG}-${TS_ENV}" diff --git a/meta-arm/recipes-security/trusted-services/ts-uefi-test_git.bb b/meta-arm/recipes-security/trusted-services/ts-uefi-test_git.bb new file mode 100644 index 00000000..5be436b6 --- /dev/null +++ b/meta-arm/recipes-security/trusted-services/ts-uefi-test_git.bb @@ -0,0 +1,21 @@ +DESCRIPTION = "Trusted Services uefi-test deployment for arm-linux. \ + Used for running service level tests from Linux user-space \ + on an Arm platform with real deployments of UEFI SMM services." + +TS_ENV = "arm-linux" + +require trusted-services.inc + +DEPENDS += "libts python3-protobuf-native" +RDEPENDS:${PN} += "libts arm-ffa-user" + +OECMAKE_SOURCEPATH = "${S}/deployments/uefi-test/${TS_ENV}" + +FILES:${PN} = "${bindir}/uefi-test" + +do_install:append () { + install -d ${D}${bindir} + mv ${D}${TS_INSTALL}/bin/uefi-test ${D}${bindir} + + rm -r --one-file-system ${D}${TS_INSTALL} +} diff --git a/meta-arm/recipes-security/trusted-services/ts-uuid.inc b/meta-arm/recipes-security/trusted-services/ts-uuid.inc new file mode 100644 index 00000000..810ffa5e --- /dev/null +++ b/meta-arm/recipes-security/trusted-services/ts-uuid.inc @@ -0,0 +1,15 @@ +# Trusted Services SPs canonical UUIDs + +ATTESTATION_UUID = "a1baf155-8876-4695-8f7c-54955e8db974" +CRYPTO_UUID = "d9df52d5-16a2-4bb2-9aa4-d26d3b84e8c0" +ENV_TEST_UUID = "33c75baf-ac6a-4fe4-8ac7-e9909bee2d17" +ITS_UUID = "dc1eef48-b17a-4ccf-ac8b-dfcff7711b14" +SE_PROXY_UUID = "46bb39d1-b4d9-45b5-88ff-040027dab249" +SMM_GATEWAY_UUID = "ed32d533-99e6-4209-9cc0-2d72cdd998a7" +STORAGE_UUID = "751bf801-3dde-4768-a514-0f10aeed1790" +SPM_TEST1_UUID = "5c9edbc3-7b3a-4367-9f83-7c191ae86a37" +SPM_TEST2_UUID = "7817164c-c40c-4d1a-867a-9bb2278cf41a" +SPM_TEST3_UUID = "23eb0100-e32a-4497-9052-2f11e584afa6" +SPM_TEST4_UUID = "423762ed-7772-406f-99d8-0c27da0abbf8" +FWU_UUID = "6823a838-1b06-470e-9774-0cce8bfb53fd" +BLOCK_STORAGE_UUID = "63646e80-eb52-462f-ac4f-8cdf3987519c" diff --git a/meta-arm/recipes-test/pacbti/files/pacbti.c b/meta-arm/recipes-test/pacbti/files/pacbti.c new file mode 100644 index 00000000..618354ea --- /dev/null +++ b/meta-arm/recipes-test/pacbti/files/pacbti.c @@ -0,0 +1,9 @@ +// Copyright (C) 2023 Arm Ltd +// SPDX-License-Identifier: MIT + +#include <stdio.h> + +int main() { + puts("Hello, world"); + return 0; +} diff --git a/meta-arm/recipes-test/pacbti/test-pacbti.bb b/meta-arm/recipes-test/pacbti/test-pacbti.bb new file mode 100644 index 00000000..331c5854 --- /dev/null +++ b/meta-arm/recipes-test/pacbti/test-pacbti.bb @@ -0,0 +1,21 @@ +SUMMARY = "Test to verify that PAC/BTI is enabled" +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://pacbti.c;beginline=2;endline=2;md5=6ec41034e04432ee375d0e14fba596f4" + +SRC_URI = "file://pacbti.c" + +S = "${WORKDIR}" + +do_compile() { + # Compile with -zforce-bti with fatal warnings, so the link fails if PAC/BTI + # is requested but gcc/glibc are built without it. + ${CC} ${CFLAGS} ${LDFLAGS} -z force-bti -Werror -Wl,--fatal-warnings ${S}/pacbti.c + + # If we have a binary, check that the AArch64 feature list in the binary + # actually enables PAC/BTI. + ${READELF} --notes a.out | grep "AArch64 feature" >notes + grep BTI notes + grep PAC notes +} + +COMPATIBLE_HOST = "aarch64.*-linux" diff --git a/meta-arm/recipes-test/sbsa-acs/sbsa-acs/0001-pal_uefi-Fix-enum-conversion.patch b/meta-arm/recipes-test/sbsa-acs/sbsa-acs/0001-pal_uefi-Fix-enum-conversion.patch deleted file mode 100644 index 5a874e39..00000000 --- a/meta-arm/recipes-test/sbsa-acs/sbsa-acs/0001-pal_uefi-Fix-enum-conversion.patch +++ /dev/null @@ -1,30 +0,0 @@ -From d9101f353b16bf82fb0e8f1dac573aca97a6f3a7 Mon Sep 17 00:00:00 2001 -From: Khem Raj <raj.khem@gmail.com> -Date: Tue, 6 Apr 2021 23:57:19 -0700 -Subject: [PATCH] pal_uefi: Fix enum conversion - -clang complains about enum type mismatches -al_uefi/src/pal_gic.c:224:20: error: implicit conversion from enumeration type 'INTR_TRIGGER_INFO_TYPE_e' to different enumeration type 'EFI_HARDWARE_INTERRUPT2_TRIGGER_TYPE' [-Werror,-Wenum-conversion] - -Upstream-Status: Backport [a68f6bc5933d912a938baf841304b8637ff923ce] -Signed-off-by: Khem Raj <raj.khem@gmail.com> ---- - platform/pal_uefi/src/pal_gic.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/ShellPkg/Application/sbsa-acs/platform/pal_uefi/src/pal_gic.c b/ShellPkg/Application/sbsa-acs/platform/pal_uefi/src/pal_gic.c -index 7ce343d..b61aefc 100644 ---- a/ShellPkg/Application/sbsa-acs/platform/pal_uefi/src/pal_gic.c -+++ b/ShellPkg/Application/sbsa-acs/platform/pal_uefi/src/pal_gic.c -@@ -221,7 +221,7 @@ pal_gic_set_intr_trigger(UINT32 int_id, INTR_TRIGGER_INFO_TYPE_e trigger_type) - Status = gInterrupt2->SetTriggerType ( - gInterrupt2, - int_id, -- trigger_type -+ (EFI_HARDWARE_INTERRUPT2_TRIGGER_TYPE)trigger_type - ); - - if (EFI_ERROR(Status)) --- -2.31.1 - diff --git a/meta-arm/wic/efi-disk.wks.in b/meta-arm/wic/efi-disk.wks.in new file mode 100644 index 00000000..1f06830a --- /dev/null +++ b/meta-arm/wic/efi-disk.wks.in @@ -0,0 +1,11 @@ +# short-description: Create an EFI disk image +# long-description: Creates a partitioned EFI disk image that the user +# can directly dd to boot media. + +part /boot --source bootimg-efi --sourceparams="loader=${EFI_PROVIDER}" --label boot --active --align 1024 --use-uuid + +part / --source rootfs --fstype=ext4 --label root --align 1024 --use-uuid + +part swap --size 44 --label swap --fstype=swap --use-uuid + +bootloader --ptable gpt --timeout=5 --append="rootwait rootfstype=ext4" diff --git a/meta-arm/wic/qemu-efi-disk.wks.in b/meta-arm/wic/qemu-efi-disk.wks.in new file mode 100644 index 00000000..4f898efa --- /dev/null +++ b/meta-arm/wic/qemu-efi-disk.wks.in @@ -0,0 +1,11 @@ +# short-description: Create an EFI disk image +# long-description: Creates a partitioned EFI disk image that the user +# can directly dd to boot media. + +part /boot --source bootimg-efi --sourceparams="loader=${EFI_PROVIDER}" --label boot --active --align 1024 --use-uuid + +part / --source rootfs --fstype=ext4 --label root --align 1024 --use-uuid + +part swap --size 44 --label swap --fstype=swap --use-uuid + +bootloader --ptable gpt --timeout=5 --append="rootfstype=ext4 ip=dhcp" diff --git a/meta-arm/wic/qemuarm.cfg b/meta-arm/wic/qemuarm.cfg new file mode 100644 index 00000000..79ce7b4a --- /dev/null +++ b/meta-arm/wic/qemuarm.cfg @@ -0,0 +1,3 @@ +default Yocto +label Yocto + kernel /zImage diff --git a/meta-arm/wic/qemuarm.wks b/meta-arm/wic/qemuarm.wks new file mode 100644 index 00000000..ccd53c28 --- /dev/null +++ b/meta-arm/wic/qemuarm.wks @@ -0,0 +1,4 @@ +bootloader --ptable gpt --configfile="qemuarm.cfg" + +part /boot --ondisk=vda --align 64 --size=100M --active --source bootimg-partition --fstype=ext4 --label boot --sourceparams="loader=u-boot" +part / --ondisk=vda --source rootfs --fstype=ext4 --label root diff --git a/meta-arm/wic/qemuarm64.cfg b/meta-arm/wic/qemuarm64.cfg index 580244fe..b9c9da6e 100644 --- a/meta-arm/wic/qemuarm64.cfg +++ b/meta-arm/wic/qemuarm64.cfg @@ -1,4 +1,3 @@ default Yocto label Yocto kernel /Image -append root=/dev/vda2 rw console=ttyS0 mem=1024M ip=192.168.7.2::192.168.7.1:255.255.255.0 console=ttyAMA0 |