Age | Commit message (Collapse) | Author |
|
These BSPs are now obsolete.
Users of generic-arm64 should use genericarm64 from meta-yocto-bsp.
Users of qemu-generic-arm64 should use sbsa-ref from meta-arm-bsp.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
|
Update to the latest stable version (2.10.3), comprised of the following
commits:
fc93d0edfc52 docs(changelog): changelog for lts-v2.10.3 release
4a10950a8538 docs(changelog): display all sections
bafc27c8d7cf chore: rename Poseidon to Neoverse V3
a6256d7a2638 feat(cpu): add support for Poseidon V CPU
ef393a3f9fa2 fix(cpu): correct variant name for default Poseidon CPU
81931a13a835 fix(cpus): workaround for Cortex-A715 erratum 2413290
baf14745f117 fix(cpus): workaround for Cortex-A720 erratum 2926083
635c83eb456a chore: update status of Cortex-X3 erratum 2615812
03636f2c3d60 fix(cpus): workaround for Cortex-A720 erratum 2940794
e86990d0911d fix(cpus): fix a defect in Cortex-A715 erratum 2561034
b59307ef8efd fix(cpus): workaround for Cortex-A715 erratum 2413290
44f36c48f280 docs(sdei): provide security guidelines when using SDEI
11cb0962f7ac docs(threat_model): mark power analysis threats out-of-scope
3e3ff298a614 fix(cpus): workaround for Cortex-A715 erratum 2344187
d466c5d4d27b fix(cpus): workaround for Cortex-X4 erratum 2701112
940ebbe2d1d0 fix(cpus): workaround for Cortex-A715 erratum 2331818
04c60d5ef31c fix(cpus): workaround for Cortex-A715 erratum 2420947
b7ed781eea74 fix(gic600): workaround for Part 1 of GIC600 erratum 2384374
58646309aedf chore: rearrange the fvp_cpu_errata.mk file
a234f540b727 fix(cpus): add erratum 2701951 to Cortex-X3's list
a24c8006ea39 refactor(errata-abi): workaround platforms non-arm interconnect
9fe65073d442 refactor(errata-abi): optimize errata ABI using errata framework
301698e15bc8 fix(cpus): workaround for Cortex-A715 erratum 2429384
5f8f745c7e99 fix(cpus): workaround for Cortex-X3 erratum 2372204
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
|
Update the TF-A recipe to the latest stable version (2.10.2).
NOTE: tf-a-tests did not have a corresponding stable release. So,
keeping back at 2.10.0.
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
|
Update mbedTLS version as TF-A 2.10 supports mbedTLS 3.4.1, as seen:
https://trustedfirmware-a.readthedocs.io/en/v2.10/change-log.html#new-features
Signed-off-by: Delane Brandy <delane.brandy@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
|
This changeset fix the tftf tests issue on n1sdp. Before this change, the tftf tests were getting stuck on n1sdp.
The following changes have been done:
1. There were some tftf tests based on multicore which involve powering up the other cores. These tests were creating
issues and the same thing has already been mentioned in the tests-to-skip.txt file for n1sdp platform in tftf source.
Those tests are skipped while executing tftf and patch has been created.
2. The TFTF_MODE variable added for tftf v2.10 recipe file, as did earlier for tftf v2.9. With the help of this, we can
enable debug or relase mode. The configuration based on this has been added for n1sdp in the corresponding bbappend file.
3. Add PREFERRED_VERSION_tf-a-tests for v2.10.
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
|
Update tf-a and mbedtls to the latest versions. Also, migrate the
previous version to meta-arm-bsp for corstone1000.
NOTE: in v2.10, the fiptool makefile was changed to reference LDOPTS
instead of LDLIBS.
NOTE: commit 408cde8a59080ac2caa11c4d99474b2ef09f90df in tf-a modifies
the qemu_sbsa starting offset, and per the commit comment, it requires
the edk2 same change. This is why the edk-platforms SHA has been
changed. There are only 19 patches between the previous SHA and this
one (most of which are adding a single platform). So, it shouldn't be
too impactful to bump the SHA (instead of making it a patch to apply
on top of the existing SHA).
NOTE: tf-a-tests added LDFLAGS to the makefile, causing the need for it
to be removed in the recipe.
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
|
TF-A is being patched in the recipe for qemuarm64-secureboot. This
should be done in the bbappend.
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
|
The TF-A 2.9 documentation[1] says that mbedtls 3.4.0 is the recommended
release to use, so switch to that.
[1] https://trustedfirmware-a.readthedocs.io/en/v2.9/getting_started/prerequisites.html#software-and-libraries
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
|
When ccache is enabled trusted-firmware-a recipe fails with this
error message:
make: *** No rule to make target 'aarch64-poky-linux-gcc'. Stop.
ccache prefix CC variable with 'ccache' word before compiler. Because
there are no quotes assigned to CC, only 'ccache' is assigned. The
compiler becomes a make target, producing the build error.
Add single quotes to LD is a good measure to prevent this kind of error.
Signed-off-by: Javier Tia <javier.tia@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
|
Update the trusted-firmware-a recipes to 2.9.0
Moving legacy recipes (2.8) for tc1 and corestone1000 to meta-arm-bsp
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
|
Update TF-A and fiptool (which is part of tf-a) to the latest stable version.
Also, use the tf-a tests lts branch (which is still at version 2.8.0).
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
|
TF-A has LTS releases, which are prefixed with lts- for some reason.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
|
This change:
- cherry-picks TF-A changes from master which implement passing
TOS_FW_CONFIG DTB from the FIP package to the trusted OS.
- add an OP-TEE SPMC specific SPMC manifest file
- configures TF-A to build the manifest, add it to the FIP package
and pass it to OP-TEE as a boot argument.
This functionality needs matching changes in OPTEE (OP-TEE v3.21
or v3.20 + carried patches.)
Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
|
Update tfa version to v2.8. Also, fiptool uses tfa sources. So, keep
it with the rest of tfa to prevent the version from becoming stale.
NOTE: tf-a-tests is being held back for corstone1000 due to compilation
errors.
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
|
The SRC_URI, SRCREV AND SRCBRANCH variables are currently used
inconsistently across recipes in meta-arm, leading to difficulties
customizing the configuration in external BSP layers where necessary.
Standardize usage across commonly used recipes so that:
* SRC_URI contains a SRC_URI_PACKAGE_NAME variable per component which
can be used to easily configure a mirror. This variable uses
default assignment so that it can be easily overridden using an
environment variable, e.g. to point to an internal mirror that cannot
be committed externally.
* SRCBRANCH is defined per component.
* SRCREV is defined per component.
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
|
qemuarm64-secureboot-ts pipeline is based on qemuarm64-secureboot machine
and additionaly includes:
- TS Crypto, Storage, ITS, Attestation and SMM-Gateway SPs into optee-os image
- TS demo/test tools
- TS psa-arch-tests
This commit also includes Trusted Services OEQA tests
Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
|
Binutils 2.39 now warns when a segment has RXW permissions[1]:
- aarch64-poky-linux-musl-ld: tftf.elf has a LOAD segment with RWX permissions
- NOTE: recipe tf-a-tests-2.7.0-r0: task do_compile: Failed
There is a ticket filed upstream[2], so until that is resolved we can
disable this warning.
Also let's move a similar tf-a patch from trusted-firmware-a.inc to trusted-firmware-a_2.7.0.bb
as the patch is for tf-a version 2.7.0 only
[1] https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=ba951afb99912da01a6e8434126b8fac7aa75107
[2] https://developer.trustedfirmware.org/T996
Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
|
Binutils 2.39 now warns when a segment has RXW permissions[1]:
aarch64-none-elf-ld.bfd: warning: bl31.elf has a LOAD segment with RWX permissions
However, TF-A passes --fatal-warnings to LD, so this is a build failure.
There is a ticket filed upstream[2], so until that is resolved we can
disable this warning.
[1] https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=ba951afb99912da01a6e8434126b8fac7aa75107
[2] https://developer.trustedfirmware.org/T996
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
|
These were integrated into the 2.7.0 release, but were not removed when
the recipe was upgraded.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
|
Latest oe-core has enabled the buildpaths QA check, which warns if the
build paths are present inside binaries. This is because build paths in
deployed binaries is both information leakage and non-reproducible.
Until this is fixed, skip this check.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
|
This reverts commit ea3479c27c5e67a1c1a5680d2abb8ecd22e5777f.
Signed-off-by: Adam Johnston <adam.johnston@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
|
N1SDP board cannot boot after recent TF-A 2.7 update in meta-arm. This
is due to TF-A 2.7 not configured correctly for N1SDP board to support
trusted boot feature.
This patch temporarily brings back TF-A 2.6 recipes for fixing the N1SDP
boot.
A proper fix is in work progress to configure TF-A 2.7 correctly to
support trutsed boot on N1SDP.
Signed-off-by: Xueliang Zhong <xueliang.zhong@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
|
The upstream version is 2.7.0, so use that name instead of just 2.7.
Also remove the unversioned bbappend which simply extended
FILESEXTRAPATHS, there's no need for this split now that we aim to have
~1 version of TF-A in the tree.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
|
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
|
The latest TF-A version requires mbedtls v2.28. This
commit upgrades mbedtls to v2.28 for TF-A recipe.
An upstreamed patch included to the base recipe from TF-A master
that fixes the build issues beween TF-A 2.6 and Mbedtls 2.28.
Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
|
TFTF is TF-A tests that runs at NS-EL2. This is primarily developed to
test the TF-A interfaces exposed to NS code.
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
|
Add a new 32 bit target as "qemuarm-secureboot" on similar lines as
"qemuarm64-secureboot". The boot flow looks like:
BL1 (TF-A) -> BL2 (TF-A) -> OP-TEE -> u-boot -> Linux
Along with this enable support for OP-TEE based firmware TPM.
Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
|
To prevent a collision with u-boot, add the same PROVIDES from it. The
PROVIDES name need improvement, but this will work in the interim.
This causes a need for making TF-A more flexible. Add the ability to
reference the UEFI binary for the BL33 portion of the TF-A build
command. SGI575 is already doing this. So, it is really just making it
more generic for others to use.
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
|
Nothing is using TF-A 2.5 anymore, so remove the recipe.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
|
Change moved to meta-rockchip
This reverts commit ad030e5830803c308a6b035b8ba1f63d42d5dc2c.
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
|
qemuarm64 fails to build since PLAT=invalid when MACHINE=qemuarm64
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
|
Keeping 2.5 around temporarily until all of the machines are ported.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
|
Instead of every versioned recipe setting this, move it to the common
include.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
|
There's no need to use virtual/trusted-firmware-a, as there's only one
provider of trusted-firmware-a: trusted-firmware-a.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
|
Migrate the qemuarm64-sbsa machine to use the generic-arm64 machine as a
base. This new qemu-generic-arm64 should contain only the parts
necessary to boot the generic-arm64 in qemu (using the SBSA machine).
This allows for a single generic image with testing for SBSA compliance.
NOTE: a unique WIC file is needed due to the inability to pass kernel
bootargs (due to needing DHCP for testimage).
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
|
Patch in BUILD_LDFLAGS into the cert_create Makefile so that the -rpath
arguments are passed to the native build, meaning it can find libssl
correctly. This somewhat worked previously as the host libssl and
sysroot libssl matched, but now that OE has OpenSSL 3 that often isn't
the case.
Signed-off-by: Ross Burton <ross.burton@arm.com>
|
|
GitHub has deprecated the unauthorised git protocol[1], so all GitHub
URLs need to specify protocol=https.
Also the git fetcher is making the branch parameter mandatory, so add it
where it is currently implicit.
[1] https://github.blog/2021-09-01-improving-git-protocol-security-github/
Signed-off-by: Ross Burton <ross.burton@arm.com>
|
|
After http://git.yoctoproject.org/cgit/cgit.cgi/meta-arm/commit/?id=648571b113b39420735859461fcd69cfc6f66c76,
building the corstone1000-image fails with the below error.
fiptool_platform.h:19:11: fatal error: openssl/sha.h: No such file or directory
# include <openssl/sha.h>
Put back the inclusion of BUILD_LDFLAGS to fix this.
Change-Id: I57396eefe2c9a58e4c5c6a751b2ee7d32509cac5
Signed-off-by: Arpita S.K <Arpita.S.K@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
|
After http://git.yoctoproject.org/cgit/cgit.cgi/meta-arm/commit/?id=648571b113b39420735859461fcd69cfc6f66c76
the fiptool create command fails with:
tools/fiptool/fiptool: error while loading shared libraries: libcrypto.so.3: cannot open shared object file: No such file or directory
Put back the inclusion of BUILD_LDFLAGS to fix this.
Issue-Id: SCM-3548
Signed-off-by: Diego Sueiro <diego.sueiro@arm.com>
Change-Id: I8bfddd0528d5c4dbf5dfd87c9ae17db4e0071b1c
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
|
Take a patch that is heading upstream to pass OPENSSL_DIR to the fiptool
build, removing the need to alter the Makefiles at build time.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
|
TF-A 1.5 is very old, remove. People who still need 1.5 will likely be
using older releases.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
|
TARGET_FPU passed to TF-A Makefile but is not used in TF-A source code.
Change-Id: I7c275711ed1e9fb9ee4e4df2b9c1606cacc4138c
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
|
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
|
-Werror is typically a bad idea in distribution builds, as changes to
the compiler or other libraries can cause new warnings to appear.
For example, when building the N1SDP platform:
error: "GIC-600 Multichip driver is currently experimental and the API
may change in future." [-Werror,-W#warnings]
Set E=0 so that -Werror is not used in the build.
Change-Id: I8905fc9d4e95edb42970fe3839b9ab6b5384a123
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
|
These Clang patches don't appear to be needed anymore. TF-A doesn't
build for various platforms but the unusual errors these patches work
around are not the cause.
Change-Id: I41dffc4f19d298d5861bb0274e6ffef6c24f4ca3
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
|
TF-A 2.5 has a tweaked license.rst file but the checksum wasn't updated.
The CI didn't catch this because of an attempt at making warnings fatal,
which has the side effect of masking some warnings.
Update the checksum for that file, and add MIT explicitly to the license
list as all of the embedded projects are used under the MIT.
Change-Id: Id39b4c49c0efae30c6452e77b1cdf56e43b792d4
Signed-off-by: Ross Burton <ross.burton@arm.com>
|
|
Update to TF-A v2.5 and MBED TLS 2.26, and all machines using 2.4 to the
newer version. Also, n1sdp was using an intermediary SHA, but is now
updated to the latest (which includes that intermediary SHA).
Change-Id: Ia5ec3cecf9090fd5f5da28efff4c1d6cce1efc19
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
|
The .elf output files are for debugging purposes, so put them into the
-dbg package to make this clear.
Change-Id: I5d70b2421b06eed0483f8ef508cf535ec70abc63
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
|
|
Change-Id: Ifb0bed130a6db8146f37a866385727805e00cd43
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
|