Age | Commit message (Collapse) | Author |
|
Update tf-a and mbedtls to the latest versions. Also, migrate the
previous version to meta-arm-bsp for corstone1000.
NOTE: in v2.10, the fiptool makefile was changed to reference LDOPTS
instead of LDLIBS.
NOTE: commit 408cde8a59080ac2caa11c4d99474b2ef09f90df in tf-a modifies
the qemu_sbsa starting offset, and per the commit comment, it requires
the edk2 same change. This is why the edk-platforms SHA has been
changed. There are only 19 patches between the previous SHA and this
one (most of which are adding a single platform). So, it shouldn't be
too impactful to bump the SHA (instead of making it a patch to apply
on top of the existing SHA).
NOTE: tf-a-tests added LDFLAGS to the makefile, causing the need for it
to be removed in the recipe.
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
|
When ccache is enabled trusted-firmware-a recipe fails with this
error message:
make: *** No rule to make target 'aarch64-poky-linux-gcc'. Stop.
ccache prefix CC variable with 'ccache' word before compiler. Because
there are no quotes assigned to CC, only 'ccache' is assigned. The
compiler becomes a make target, producing the build error.
Add single quotes to LD is a good measure to prevent this kind of error.
Signed-off-by: Javier Tia <javier.tia@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
|
TF-A has LTS releases, which are prefixed with lts- for some reason.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
|
The SRC_URI, SRCREV AND SRCBRANCH variables are currently used
inconsistently across recipes in meta-arm, leading to difficulties
customizing the configuration in external BSP layers where necessary.
Standardize usage across commonly used recipes so that:
* SRC_URI contains a SRC_URI_PACKAGE_NAME variable per component which
can be used to easily configure a mirror. This variable uses
default assignment so that it can be easily overridden using an
environment variable, e.g. to point to an internal mirror that cannot
be committed externally.
* SRCBRANCH is defined per component.
* SRCREV is defined per component.
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
|
Binutils 2.39 now warns when a segment has RXW permissions[1]:
- aarch64-poky-linux-musl-ld: tftf.elf has a LOAD segment with RWX permissions
- NOTE: recipe tf-a-tests-2.7.0-r0: task do_compile: Failed
There is a ticket filed upstream[2], so until that is resolved we can
disable this warning.
Also let's move a similar tf-a patch from trusted-firmware-a.inc to trusted-firmware-a_2.7.0.bb
as the patch is for tf-a version 2.7.0 only
[1] https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=ba951afb99912da01a6e8434126b8fac7aa75107
[2] https://developer.trustedfirmware.org/T996
Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
|
Binutils 2.39 now warns when a segment has RXW permissions[1]:
aarch64-none-elf-ld.bfd: warning: bl31.elf has a LOAD segment with RWX permissions
However, TF-A passes --fatal-warnings to LD, so this is a build failure.
There is a ticket filed upstream[2], so until that is resolved we can
disable this warning.
[1] https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=ba951afb99912da01a6e8434126b8fac7aa75107
[2] https://developer.trustedfirmware.org/T996
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
|
Latest oe-core has enabled the buildpaths QA check, which warns if the
build paths are present inside binaries. This is because build paths in
deployed binaries is both information leakage and non-reproducible.
Until this is fixed, skip this check.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
|
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
|
The latest TF-A version requires mbedtls v2.28. This
commit upgrades mbedtls to v2.28 for TF-A recipe.
An upstreamed patch included to the base recipe from TF-A master
that fixes the build issues beween TF-A 2.6 and Mbedtls 2.28.
Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
|
TFTF is TF-A tests that runs at NS-EL2. This is primarily developed to
test the TF-A interfaces exposed to NS code.
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
|
To prevent a collision with u-boot, add the same PROVIDES from it. The
PROVIDES name need improvement, but this will work in the interim.
This causes a need for making TF-A more flexible. Add the ability to
reference the UEFI binary for the BL33 portion of the TF-A build
command. SGI575 is already doing this. So, it is really just making it
more generic for others to use.
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
|
Instead of every versioned recipe setting this, move it to the common
include.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
|
There's no need to use virtual/trusted-firmware-a, as there's only one
provider of trusted-firmware-a: trusted-firmware-a.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
|
Patch in BUILD_LDFLAGS into the cert_create Makefile so that the -rpath
arguments are passed to the native build, meaning it can find libssl
correctly. This somewhat worked previously as the host libssl and
sysroot libssl matched, but now that OE has OpenSSL 3 that often isn't
the case.
Signed-off-by: Ross Burton <ross.burton@arm.com>
|
|
GitHub has deprecated the unauthorised git protocol[1], so all GitHub
URLs need to specify protocol=https.
Also the git fetcher is making the branch parameter mandatory, so add it
where it is currently implicit.
[1] https://github.blog/2021-09-01-improving-git-protocol-security-github/
Signed-off-by: Ross Burton <ross.burton@arm.com>
|
|
After http://git.yoctoproject.org/cgit/cgit.cgi/meta-arm/commit/?id=648571b113b39420735859461fcd69cfc6f66c76,
building the corstone1000-image fails with the below error.
fiptool_platform.h:19:11: fatal error: openssl/sha.h: No such file or directory
# include <openssl/sha.h>
Put back the inclusion of BUILD_LDFLAGS to fix this.
Change-Id: I57396eefe2c9a58e4c5c6a751b2ee7d32509cac5
Signed-off-by: Arpita S.K <Arpita.S.K@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
|
After http://git.yoctoproject.org/cgit/cgit.cgi/meta-arm/commit/?id=648571b113b39420735859461fcd69cfc6f66c76
the fiptool create command fails with:
tools/fiptool/fiptool: error while loading shared libraries: libcrypto.so.3: cannot open shared object file: No such file or directory
Put back the inclusion of BUILD_LDFLAGS to fix this.
Issue-Id: SCM-3548
Signed-off-by: Diego Sueiro <diego.sueiro@arm.com>
Change-Id: I8bfddd0528d5c4dbf5dfd87c9ae17db4e0071b1c
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
|
Take a patch that is heading upstream to pass OPENSSL_DIR to the fiptool
build, removing the need to alter the Makefiles at build time.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
|
TARGET_FPU passed to TF-A Makefile but is not used in TF-A source code.
Change-Id: I7c275711ed1e9fb9ee4e4df2b9c1606cacc4138c
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
|
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
|
-Werror is typically a bad idea in distribution builds, as changes to
the compiler or other libraries can cause new warnings to appear.
For example, when building the N1SDP platform:
error: "GIC-600 Multichip driver is currently experimental and the API
may change in future." [-Werror,-W#warnings]
Set E=0 so that -Werror is not used in the build.
Change-Id: I8905fc9d4e95edb42970fe3839b9ab6b5384a123
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
|
These Clang patches don't appear to be needed anymore. TF-A doesn't
build for various platforms but the unusual errors these patches work
around are not the cause.
Change-Id: I41dffc4f19d298d5861bb0274e6ffef6c24f4ca3
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
|
TF-A 2.5 has a tweaked license.rst file but the checksum wasn't updated.
The CI didn't catch this because of an attempt at making warnings fatal,
which has the side effect of masking some warnings.
Update the checksum for that file, and add MIT explicitly to the license
list as all of the embedded projects are used under the MIT.
Change-Id: Id39b4c49c0efae30c6452e77b1cdf56e43b792d4
Signed-off-by: Ross Burton <ross.burton@arm.com>
|
|
The .elf output files are for debugging purposes, so put them into the
-dbg package to make this clear.
Change-Id: I5d70b2421b06eed0483f8ef508cf535ec70abc63
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
|
Do some preparatory moving of code for add QEMU SBSA machine support.
Pulling out the qemuarm64 specific enablement from the universal inc
file into a bbappend.
Change-Id: I445132337f7851d666214f87e3250b2f0db84406
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
|
This patch adds generic dispatcher 'spmd' option for SPD along with
SPMD_SPM_AT_SEL2 build option.
Config: SPD=spmd and SPMD_SPM_AT_SEL2=1. Indicates the SPMC component
runs at the S-EL2
- Add hafnium dependency
- Set CTX_INCLUDE_EL2_REGS=1 and ARM_ARCH_MINOR=4
- Set BL32 to hafnium image
- Set SP_LAYOUT_FILE and ARM_SPMC_MANIFEST build parameters
Config: SPD=spmd and SPMD_SPM_AT_SEL2=0. Indicates the SPMC component
runs at the S-EL1 execution state.
Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
Change-Id: Icd3970e5132e75de67ef7f41dbfc8f9e1cdde7f3
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
|
So that the automatic latest upstream release detection works correctly,
specify what release tags look like.
Change-Id: Ie53e82fffe5392d8e6f8d530d9f4ed732f03b50f
Signed-off-by: Ross Burton <ross.burton@arm.com>
|
|
When compiling under clang, certain lines triggered
-Wtautological errors. Cosmetic modifications were made
via patches to mitigate this.
Change-Id: I3d17dd5102267e03a8b7d157e66e0788b542bdd8
Signed-off-by: Brett Warren <brett.warren@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
|
When compiling under clang for aarch32, linking fails because
the compiler-rt builtins aren't implicitly linked. Recipes and
patches have been modified and added to explicitly pass the runtime
builtin when linking files.
Change-Id: I4299b7d078d77c1fdd5576ceec1491f91e73c35d
Signed-off-by: Brett Warren <brett.warren@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
|
This recipe is for baremetal firmware, so remove libc from DEPENDS.
Change-Id: I89d0dde3f48599b9221cb1e153344dbc05e8cebe
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
|
All the recipes use the same value for SRC_URI and S, so consolidate them
into the include file.
Change-Id: Ieda6b0104e163ce46190e9fc5756a264f7198f25
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
|
trusted-firmware-a has gone by many names in the CVE database, so add
them all.
Change-Id: I51f64211d10245ffcae010e3a723657ff4114b9c
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
|
2.4 has added support for a global OPENSSL_DIR make option, instead of
hard-coded /usr into the individual Makefiles.
The TC0 build is now using a snapshot of TF-A after that change landed,
so pass OPENSSL_DIR via EXTRA_OEMAKE to fix the build.
Change-Id: I9e06991d15bb67f983a203ec3a1b1754cc6e2d7e
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
|
TF-A itself is BSD 3-clause licensed, so use that instead of the
generic BSD license.
The end result is only also Apache-2.0 licensed if mbed TLS is used,
so add this only if mbed TLS is enabled.
Change-Id: I243e664dcfc590d8b2dbe7b795bc414a973b379b
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
|
The CC and LD parameters are used to point make to the currently
used compiler and linkers.
This change enables TFA to be compiled successfully when
TOOLCHAIN=clang.
Change-Id: Ice465318b8c9b2b69c08fe4f48f6d36c610978f0
Signed-off-by: Brett Warren <brett.warren@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
|
There are build races in the Makefiles when you build all targets at
once (missing dependencies):
| tools/fiptool/fiptool create [...]
| ERROR: fopen WORKDIR/build/juno/debug/fdts/juno_fw_config.dtb: No such file or directory
These are non-trivial to fix so whilst upstream works on this we can
just build each target serially.
Change-Id: Iba0d0ae7de6faf199efea073135fd3b7232b81a1
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
|
trusted-firmware-a.inc was conditionally adding the Mbed TLS tarball to
SRC_URI, but all of the versioned recipes subsequently assigned over the
top of it so the Mbed TLS tarball was never actually in SRC_URI. This
resulted in machine overrides needing to add the tarball themselves.
Solve by using _append so that the SRC_URI is actually changed.
Change-Id: I05cf1dec2c6422a40a42c615fb2b9b6e8d6f1cb0
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
|
"processes" should be "processed" in trusted-firmware-a.inc, as it
signifies if the relevant part has been installed/processed.
Change-Id: I2d1ffbb0c6d14d280b6f9c9cc45c04c7c32409a7
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
|
Device tree blobs (DTBs) generated as part of TFA were installed separately
in the platform specific TFA recipes, its redundant as each platform was
executing similar installation steps.
The patch avoids skipping dtb installation and adds support to check for
DTB entries in TFA_INSTALL_TARGET and install the same to respective deploy folder.
Change-Id: I0f8f5c39dc4b4931d202696990fa915ea7ed60eb
Issue-Id: PLATFORMS-3971
Signed-off-by: Khasim Syed Mohammed <khasim.mohammed@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
|
Variable name "processes" is wrongly mentioned as "processed", this patch
fixes the same.
Change-Id: Id9362f514861c75f8f6a727582e11b0e65736349
Issue-Id: PLATFORMS-3971
Signed-off-by: Khasim Syed Mohammed <khasim.mohammed@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
|
The TC0 bbappend needs the cert_create tool to be built, which hard-codes the
fact that openssl is installed in /usr.
Change-Id: I8a7ed54fe7d75697509f7873e7d73b3bf1b2b903
Signed-off-by: Ross Burton <ross.burton@arm.com>
|
|
Verbose builds are useful when looking for compile problems, and as the logs
go directly to files we can simply turn them on by default.
Change-Id: I91c6314e331a5024543138ea77a111b1d59cf371
Signed-off-by: Ross Burton <ross.burton@arm.com>
|
|
Since the TF-A fiptool is native tool we should be using the
BUILD_CFLAGS and BUILD_LDFLAGS flags to proper build and execute it.
Change-Id: I9634604dbc42ba7da85d9b9449f1ed94ecb38df2
Issue-Id: SCM-888
Signed-off-by: Diego Sueiro <diego.sueiro@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
|
Adds support for booting AArch64 Qemu machines using TF-A + optee +
u-boot. Most of the changes are applicable to any AArch64 qemu target,
and a reference machine called qemuarm64-secureboot has been added that
show how to enable support for it.
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Reviewed-by: Denys Dmytriyenko <denys@ti.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
|
There is no need to inherit nopackages. Even when the output binaries are being
consumed from deploy or sysroot, and the main binary package is not meant to be
installed in the rootfs, package generation is still useful for SDK use cases
and as a way to distribute sources (e.g. src.rpm/SRPM) in Distros.
Signed-off-by: Denys Dmytriyenko <denys@ti.com>
Reviewed-by: Diego Sueiro <diego.sueiro@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
|
Some platforms expect canonical names, like bl31.bin, instead of bl31-<plat>.bin
Provide symlinks for those as well.
Signed-off-by: Denys Dmytriyenko <denys@ti.com>
Reviewed-by: Diego Sueiro <diego.sueiro@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
|
Installing and deploying .bin and .elf shouldn't be mutually exclusive.
There are scenarios where both can be useful - .bin for booting and .elf
for debugging.
Signed-off-by: Denys Dmytriyenko <denys@ti.com>
Reviewed-by: Diego Sueiro <diego.sueiro@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
|
Some platforms use Secure Payload Dispatcher - allow selecting one with TFA_SPD.
Official SPD description:
/*******************************************************************************
* This is the Secure Payload Dispatcher (SPD). The dispatcher is meant to be a
* plug-in component to the Secure Monitor, registered as a runtime service. The
* SPD is expected to be a functional extension of the Secure Payload (SP) that
* executes in Secure EL1. The Secure Monitor will delegate all SMCs targeting
* the Trusted OS/Applications range to the dispatcher. The SPD will either
* handle the request locally or delegate it to the Secure Payload. It is also
* responsible for initialising and maintaining communication with the SP.
******************************************************************************/
Clean other EXTRA_OEMAKE to remove leading space not needed with +=
Signed-off-by: Denys Dmytriyenko <denys@ti.com>
Reviewed-by: Diego Sueiro <diego.sueiro@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
|
Some platforms can have multiple board configurations, passed as TARGET_BOARD=""
that also becomes an extra directory level in the build output hierarchy.
Signed-off-by: Denys Dmytriyenko <denys@ti.com>
Reviewed-by: Diego Sueiro <diego.sueiro@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
|
The ELF files produced are in a subdirectory named by the build target
(e.g. "bl31/bl31.elf") instead of the BUILD_PLAT directory.
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Reviewed-by: Diego Sueiro <diego.sueiro@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
|