diff options
74 files changed, 1945 insertions, 563 deletions
diff --git a/meta-arm/.gitlab-ci.yml b/meta-arm/.gitlab-ci.yml index 4060a5c98c..75d3609455 100644 --- a/meta-arm/.gitlab-ci.yml +++ b/meta-arm/.gitlab-ci.yml @@ -3,6 +3,7 @@ image: ghcr.io/siemens/kas/kas:3.2 variables: CPU_REQUEST: "" DEFAULT_TAG: "" + CACHE_DIR: $CI_BUILDS_DIR/persist # These are needed as the k8s executor doesn't respect the container entrypoint # by default FF_KUBERNETES_HONOR_ENTRYPOINT: 1 @@ -20,11 +21,11 @@ stages: interruptible: true variables: KAS_WORK_DIR: $CI_PROJECT_DIR/work - KAS_REPO_REF_DIR: $CI_BUILDS_DIR/persist/repos - SSTATE_DIR: $CI_BUILDS_DIR/persist/sstate - DL_DIR: $CI_BUILDS_DIR/persist/downloads + KAS_REPO_REF_DIR: $CACHE_DIR/repos + SSTATE_DIR: $CACHE_DIR/sstate + DL_DIR: $CACHE_DIR/downloads BB_LOGCONFIG: $CI_PROJECT_DIR/ci/logging.yml - TOOLCHAIN_DIR: $CI_BUILDS_DIR/persist/toolchains + TOOLCHAIN_DIR: $CACHE_DIR/toolchains IMAGE_DIR: $CI_PROJECT_DIR/work/build/tmp/deploy/images TOOLCHAIN_LINK_DIR: $CI_PROJECT_DIR/work/build/toolchains before_script: @@ -41,6 +42,9 @@ stages: extends: .setup variables: KUBERNETES_CPU_REQUEST: $CPU_REQUEST + only: + variables: + - $BUILD_ENABLE_REGEX == null || $CI_JOB_NAME =~ $BUILD_ENABLE_REGEX script: - KASFILES=$(./ci/jobs-to-kas "$CI_JOB_NAME") - kas dump --update --force-checkout --resolve-refs --resolve-env $KASFILES @@ -51,6 +55,7 @@ stages: when: on_failure paths: - $CI_PROJECT_DIR/work/build/tmp/work*/**/temp/log.do_*.* + - $CI_PROJECT_DIR/work/build/tmp/work*/**/testimage/* # # Prep stage, update repositories once diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0001-aarch64-Rename-labels-and-prepare-for-lower-EL-booti.patch b/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0001-aarch64-Rename-labels-and-prepare-for-lower-EL-booti.patch index 566070a4f3..31fd515228 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0001-aarch64-Rename-labels-and-prepare-for-lower-EL-booti.patch +++ b/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0001-aarch64-Rename-labels-and-prepare-for-lower-EL-booti.patch @@ -1,4 +1,4 @@ -From 3e7cfbe39a2a053d2a6b0d928cc172ed9d1c6da8 Mon Sep 17 00:00:00 2001 +From 545f6950ae4dc55b4974986aa9629adb16eaf4e1 Mon Sep 17 00:00:00 2001 From: Jaxson Han <jaxson.han@arm.com> Date: Tue, 25 May 2021 07:25:00 +0100 Subject: [PATCH] aarch64: Rename labels and prepare for lower EL booting @@ -18,10 +18,10 @@ Signed-off-by: Jaxson Han <jaxson.han@arm.com> 3 files changed, 27 insertions(+), 14 deletions(-) diff --git a/arch/aarch64/boot.S b/arch/aarch64/boot.S -index 27ba449..84e1646 100644 +index d682ba5..fab694e 100644 --- a/arch/aarch64/boot.S +++ b/arch/aarch64/boot.S -@@ -21,18 +21,30 @@ ASM_FUNC(_start) +@@ -34,18 +34,30 @@ ASM_FUNC(_start) /* * EL3 initialisation @@ -56,7 +56,7 @@ index 27ba449..84e1646 100644 orr x0, x0, #(1 << 0) // Non-secure EL1 orr x0, x0, #(1 << 8) // HVC enable -@@ -124,7 +136,7 @@ ASM_FUNC(_start) +@@ -145,7 +157,7 @@ ASM_FUNC(_start) bl gic_secure_init @@ -65,7 +65,7 @@ index 27ba449..84e1646 100644 err_invalid_id: b . -@@ -151,7 +163,7 @@ ASM_FUNC(jump_kernel) +@@ -172,7 +184,7 @@ ASM_FUNC(jump_kernel) bl find_logical_id bl setup_stack // Reset stack pointer @@ -74,7 +74,7 @@ index 27ba449..84e1646 100644 cmp w0, #0 // Prepare Z flag mov x0, x20 -@@ -160,7 +172,7 @@ ASM_FUNC(jump_kernel) +@@ -181,7 +193,7 @@ ASM_FUNC(jump_kernel) mov x3, x23 b.eq 1f @@ -83,7 +83,7 @@ index 27ba449..84e1646 100644 1: mov x4, #SPSR_KERNEL -@@ -178,5 +190,5 @@ ASM_FUNC(jump_kernel) +@@ -199,5 +211,5 @@ ASM_FUNC(jump_kernel) .data .align 3 diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0002-aarch64-Prepare-for-EL1-booting.patch b/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0002-aarch64-Prepare-for-EL1-booting.patch index 46447b8f28..4ef4507e79 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0002-aarch64-Prepare-for-EL1-booting.patch +++ b/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0002-aarch64-Prepare-for-EL1-booting.patch @@ -1,4 +1,4 @@ -From 26f9b5354c2de9cc052531096ff92b04c3a3846f Mon Sep 17 00:00:00 2001 +From bad32d3fc127a421be416b17e4f7d6d514f06abb Mon Sep 17 00:00:00 2001 From: Jaxson Han <jaxson.han@arm.com> Date: Tue, 25 May 2021 07:25:00 +0100 Subject: [PATCH] aarch64: Prepare for EL1 booting @@ -15,10 +15,10 @@ Reviewed-by: Andre Przywara <andre.przywara@arm.com> 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/arch/aarch64/boot.S b/arch/aarch64/boot.S -index 84e1646..b589744 100644 +index fab694e..5105b41 100644 --- a/arch/aarch64/boot.S +++ b/arch/aarch64/boot.S -@@ -156,10 +156,14 @@ ASM_FUNC(jump_kernel) +@@ -177,10 +177,14 @@ ASM_FUNC(jump_kernel) ldr x0, =SCTLR_EL1_KERNEL msr sctlr_el1, x0 @@ -35,7 +35,7 @@ index 84e1646..b589744 100644 bl setup_stack // Reset stack pointer diff --git a/arch/aarch64/include/asm/cpu.h b/arch/aarch64/include/asm/cpu.h -index 63eb1c3..b1003f4 100644 +index 49d3f86..3767da3 100644 --- a/arch/aarch64/include/asm/cpu.h +++ b/arch/aarch64/include/asm/cpu.h @@ -11,6 +11,7 @@ diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0003-aarch64-Prepare-for-lower-EL-booting.patch b/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0003-aarch64-Prepare-for-lower-EL-booting.patch index db81355b66..c621187bfc 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0003-aarch64-Prepare-for-lower-EL-booting.patch +++ b/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0003-aarch64-Prepare-for-lower-EL-booting.patch @@ -1,4 +1,4 @@ -From ce628de7699dd6401ddf713efaa49872e2733619 Mon Sep 17 00:00:00 2001 +From 252cbd36e51414b60ab68306f9c38e358709494d Mon Sep 17 00:00:00 2001 From: Jaxson Han <jaxson.han@arm.com> Date: Tue, 25 May 2021 07:25:00 +0100 Subject: [PATCH] aarch64: Prepare for lower EL booting @@ -17,11 +17,11 @@ Reviewed-by: Andre Przywara <andre.przywara@arm.com> 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/arch/aarch64/boot.S b/arch/aarch64/boot.S -index b589744..6b45afc 100644 +index 5105b41..243198d 100644 --- a/arch/aarch64/boot.S +++ b/arch/aarch64/boot.S -@@ -130,7 +130,16 @@ el3_init: - mov x0, #ZCR_EL3_LEN_MASK // SVE: Enable full vector len +@@ -151,7 +151,16 @@ el3_init: + mov x0, #ZCR_EL3_LEN_MAX // SVE: Enable full vector len msr ZCR_EL3, x0 // for EL2. -1: @@ -38,7 +38,7 @@ index b589744..6b45afc 100644 ldr x0, =COUNTER_FREQ msr cntfrq_el0, x0 -@@ -178,7 +187,7 @@ ASM_FUNC(jump_kernel) +@@ -199,7 +208,7 @@ ASM_FUNC(jump_kernel) b.eq 1f br x19 // Keep current EL @@ -47,7 +47,7 @@ index b589744..6b45afc 100644 /* * If bit 0 of the kernel address is set, we're entering in AArch32 -@@ -196,3 +205,5 @@ ASM_FUNC(jump_kernel) +@@ -217,3 +226,5 @@ ASM_FUNC(jump_kernel) .align 3 flag_keep_el: .long 0 diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0004-gic-v3-Prepare-for-gicv3-with-EL2.patch b/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0004-gic-v3-Prepare-for-gicv3-with-EL2.patch index e10182e1ab..43885b93d8 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0004-gic-v3-Prepare-for-gicv3-with-EL2.patch +++ b/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0004-gic-v3-Prepare-for-gicv3-with-EL2.patch @@ -1,4 +1,4 @@ -From 483d363bf825082b6db6de3c57d169e741861891 Mon Sep 17 00:00:00 2001 +From bff110a95a5e4c9db2d61e629b4aa4b84530201e Mon Sep 17 00:00:00 2001 From: Jaxson Han <jaxson.han@arm.com> Date: Tue, 25 May 2021 07:25:00 +0100 Subject: [PATCH] gic-v3: Prepare for gicv3 with EL2 diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0005-aarch64-Prepare-for-booting-with-EL2.patch b/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0005-aarch64-Prepare-for-booting-with-EL2.patch index 3b6f78a579..c6343456a7 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0005-aarch64-Prepare-for-booting-with-EL2.patch +++ b/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0005-aarch64-Prepare-for-booting-with-EL2.patch @@ -1,4 +1,4 @@ -From be814863cdd5f61d9a16eec012d500550053c8c6 Mon Sep 17 00:00:00 2001 +From ba955efb35ce1d41b562190d7c2fbcbcf8ef97ff Mon Sep 17 00:00:00 2001 From: Jaxson Han <jaxson.han@arm.com> Date: Tue, 25 May 2021 07:25:00 +0100 Subject: [PATCH] aarch64: Prepare for booting with EL2 @@ -15,10 +15,10 @@ Reviewed-by: Andre Przywara <andre.przywara@arm.com> 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/arch/aarch64/boot.S b/arch/aarch64/boot.S -index 6b45afc..908764a 100644 +index 243198d..3593ca5 100644 --- a/arch/aarch64/boot.S +++ b/arch/aarch64/boot.S -@@ -195,10 +195,18 @@ ASM_FUNC(jump_kernel) +@@ -216,10 +216,18 @@ ASM_FUNC(jump_kernel) */ bfi x4, x19, #5, #1 diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0006-aarch64-Introduce-EL2-boot-code-for-Armv8-R-AArch64.patch b/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0006-aarch64-Introduce-EL2-boot-code-for-Armv8-R-AArch64.patch index aaacc72945..18dc7ed7e4 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0006-aarch64-Introduce-EL2-boot-code-for-Armv8-R-AArch64.patch +++ b/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0006-aarch64-Introduce-EL2-boot-code-for-Armv8-R-AArch64.patch @@ -1,4 +1,4 @@ -From 81df76f8d94cb6c31c01739b078a72bdb8497441 Mon Sep 17 00:00:00 2001 +From 8e44fac113d935affed1550480631f3fe7f30584 Mon Sep 17 00:00:00 2001 From: Jaxson Han <jaxson.han@arm.com> Date: Tue, 25 May 2021 07:25:00 +0100 Subject: [PATCH] aarch64: Introduce EL2 boot code for Armv8-R AArch64 @@ -36,10 +36,10 @@ Signed-off-by: Jaxson Han <jaxson.han@arm.com> 2 files changed, 92 insertions(+), 2 deletions(-) diff --git a/arch/aarch64/boot.S b/arch/aarch64/boot.S -index 908764a..def9192 100644 +index 3593ca5..a219ea7 100644 --- a/arch/aarch64/boot.S +++ b/arch/aarch64/boot.S -@@ -24,16 +24,24 @@ ASM_FUNC(_start) +@@ -37,16 +37,24 @@ ASM_FUNC(_start) * Boot sequence * If CurrentEL == EL3, then goto EL3 initialisation and drop to * lower EL before entering the kernel. @@ -66,7 +66,7 @@ index 908764a..def9192 100644 mov w0, #1 ldr x1, =flag_keep_el str w0, [x1] -@@ -139,6 +147,85 @@ el3_init: +@@ -160,6 +168,85 @@ el3_init: str w0, [x1] b el_max_init @@ -152,7 +152,7 @@ index 908764a..def9192 100644 el_max_init: ldr x0, =COUNTER_FREQ msr cntfrq_el0, x0 -@@ -148,6 +235,7 @@ el_max_init: +@@ -169,6 +256,7 @@ el_max_init: b start_el_max err_invalid_id: @@ -161,7 +161,7 @@ index 908764a..def9192 100644 /* diff --git a/arch/aarch64/include/asm/cpu.h b/arch/aarch64/include/asm/cpu.h -index b1003f4..91f803c 100644 +index 3767da3..3c0e00d 100644 --- a/arch/aarch64/include/asm/cpu.h +++ b/arch/aarch64/include/asm/cpu.h @@ -25,6 +25,7 @@ @@ -172,7 +172,7 @@ index b1003f4..91f803c 100644 #define SPSR_EL2H (9 << 0) /* EL2 Handler mode */ #define SPSR_HYP (0x1a << 0) /* M[3:0] = hyp, M[4] = AArch32 */ -@@ -43,6 +44,7 @@ +@@ -50,6 +51,7 @@ #else #define SCTLR_EL1_KERNEL SCTLR_EL1_RES1 #define SPSR_KERNEL (SPSR_A | SPSR_D | SPSR_I | SPSR_F | SPSR_EL2H) diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0007-Allow-enable-psci-to-choose-between-smc-and-hvc.patch b/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0007-Allow-enable-psci-to-choose-between-smc-and-hvc.patch index b130854895..131e271012 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0007-Allow-enable-psci-to-choose-between-smc-and-hvc.patch +++ b/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0007-Allow-enable-psci-to-choose-between-smc-and-hvc.patch @@ -1,4 +1,4 @@ -From f5a31b4f4ea8daaa0d337d5a2322ddb1912083fc Mon Sep 17 00:00:00 2001 +From 0b9a966b8a28961b078215ee7169e32a976d5e7d Mon Sep 17 00:00:00 2001 From: Qi Feng <qi.feng@arm.com> Date: Wed, 26 May 2021 17:52:01 +0800 Subject: [PATCH] Allow --enable-psci to choose between smc and hvc @@ -40,7 +40,7 @@ Signed-off-by: Huifeng Zhang <Huifeng.Zhang@arm.com> 2 files changed, 14 insertions(+), 10 deletions(-) diff --git a/Makefile.am b/Makefile.am -index f941b07..88a27de 100644 +index 5731a19..fc66662 100644 --- a/Makefile.am +++ b/Makefile.am @@ -50,11 +50,11 @@ endif diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0008-aarch64-Disable-CNTPCT_EL0-trap-for-v8-R64.patch b/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0008-aarch64-Disable-CNTPCT_EL0-trap-for-v8-R64.patch index 2ce28b7071..d3ccb2ebe9 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0008-aarch64-Disable-CNTPCT_EL0-trap-for-v8-R64.patch +++ b/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0008-aarch64-Disable-CNTPCT_EL0-trap-for-v8-R64.patch @@ -1,4 +1,4 @@ -From 3f4614e02f0f8d2522510578da2752f8e3511bb3 Mon Sep 17 00:00:00 2001 +From 521c121eccb386aca7c75d92528e495546adccec Mon Sep 17 00:00:00 2001 From: Jaxson Han <jaxson.han@arm.com> Date: Mon, 25 Oct 2021 17:09:13 +0800 Subject: [PATCH] aarch64: Disable CNTPCT_EL0 trap for v8-R64 @@ -24,10 +24,10 @@ Change-Id: I4147e66341c8153312021e6f2ab67d0037246da1 1 file changed, 12 insertions(+) diff --git a/arch/aarch64/boot.S b/arch/aarch64/boot.S -index def9192..6dbd5cc 100644 +index a219ea7..27b1139 100644 --- a/arch/aarch64/boot.S +++ b/arch/aarch64/boot.S -@@ -219,6 +219,18 @@ el2_init: +@@ -240,6 +240,18 @@ el2_init: orr x0, x0, #(1 << 41) // HCR_EL2.API 1: msr hcr_el2, x0 diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0009-lds-Mark-the-mem-range.patch b/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0009-lds-Mark-the-mem-range.patch index 0c310eb553..c34d01c386 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0009-lds-Mark-the-mem-range.patch +++ b/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0009-lds-Mark-the-mem-range.patch @@ -1,4 +1,4 @@ -From 2851f0e6c1216894b9498d7b91256bb1ef49e544 Mon Sep 17 00:00:00 2001 +From 780df234d98db81485b1f351f902a68def35c9d4 Mon Sep 17 00:00:00 2001 From: Jaxson Han <jaxson.han@arm.com> Date: Tue, 2 Nov 2021 15:10:28 +0800 Subject: [PATCH] lds: Mark the mem range diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0010-common-Introduce-the-libfdt.patch b/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0010-common-Introduce-the-libfdt.patch index 0305f8ba00..2d12db593b 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0010-common-Introduce-the-libfdt.patch +++ b/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0010-common-Introduce-the-libfdt.patch @@ -1,4 +1,4 @@ -From fadf04f44b679d85e55b2e5f220fecbebb52ad03 Mon Sep 17 00:00:00 2001 +From b3762b6c5a56bf594bc5cb63d145e8efd86e106e Mon Sep 17 00:00:00 2001 From: Jaxson Han <jaxson.han@arm.com> Date: Tue, 28 Dec 2021 17:02:17 +0800 Subject: [PATCH] common: Introduce the libfdt diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0011-common-Add-essential-libc-functions.patch b/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0011-common-Add-essential-libc-functions.patch index 871a178f98..b7726f5175 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0011-common-Add-essential-libc-functions.patch +++ b/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0011-common-Add-essential-libc-functions.patch @@ -1,4 +1,4 @@ -From 0f2c7ca446063be6b193fbf870d38c0af19e15c5 Mon Sep 17 00:00:00 2001 +From e2eff4f80e65cb3fcbe6345b5376a6bf7de7e2cc Mon Sep 17 00:00:00 2001 From: Jaxson Han <jaxson.han@arm.com> Date: Tue, 28 Dec 2021 17:28:25 +0800 Subject: [PATCH] common: Add essential libc functions diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0012-Makefile-Add-the-libfdt-to-the-Makefile-system.patch b/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0012-Makefile-Add-the-libfdt-to-the-Makefile-system.patch index 5917ef2052..b77ab3e27b 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0012-Makefile-Add-the-libfdt-to-the-Makefile-system.patch +++ b/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0012-Makefile-Add-the-libfdt-to-the-Makefile-system.patch @@ -1,4 +1,4 @@ -From de5d2b6c200ae5dd8113751e58bf7cf5844eec5a Mon Sep 17 00:00:00 2001 +From f4d5cf4c3424598a2b3bb391717313b70c79ea28 Mon Sep 17 00:00:00 2001 From: Jaxson Han <jaxson.han@arm.com> Date: Tue, 28 Dec 2021 17:42:48 +0800 Subject: [PATCH] Makefile: Add the libfdt to the Makefile system @@ -17,7 +17,7 @@ Change-Id: I472bc28cdc5cde3b22461a4b7d7a3752ae382b4b 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/Makefile.am b/Makefile.am -index 88a27de..5e8668a 100644 +index fc66662..ab2c3a9 100644 --- a/Makefile.am +++ b/Makefile.am @@ -36,6 +36,9 @@ PSCI_CPU_OFF := 0x84000002 @@ -30,10 +30,10 @@ index 88a27de..5e8668a 100644 ARCH_OBJ := boot.o stack.o utils.o if BOOTWRAPPER_32 -@@ -125,11 +128,12 @@ CHOSEN_NODE := chosen { \ - CPPFLAGS += $(INITRD_FLAGS) - CFLAGS += -I$(top_srcdir)/include/ -I$(top_srcdir)/$(ARCH_SRC)/include/ +@@ -127,11 +130,12 @@ CFLAGS += -I$(top_srcdir)/include/ -I$(top_srcdir)/$(ARCH_SRC)/include/ CFLAGS += -Wall -fomit-frame-pointer + CFLAGS += -ffreestanding -nostdlib + CFLAGS += -fno-stack-protector +CFLAGS += -fno-stack-protector CFLAGS += -ffunction-sections -fdata-sections CFLAGS += -fno-pic -fno-pie @@ -44,7 +44,7 @@ index 88a27de..5e8668a 100644 # Don't lookup all prerequisites in $(top_srcdir), only the source files. When # building outside the source tree $(ARCH_SRC) needs to be created. -@@ -150,10 +154,13 @@ $(ARCH_SRC): +@@ -152,10 +156,13 @@ $(ARCH_SRC): $(COMMON_SRC): $(MKDIR_P) $@ diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0013-platform-Add-print_hex-func.patch b/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0013-platform-Add-print_hex-func.patch index 136e18ed2e..2346109c02 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0013-platform-Add-print_hex-func.patch +++ b/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0013-platform-Add-print_hex-func.patch @@ -1,4 +1,4 @@ -From 5b8cb5192dbd0332e027e8999c3afe4433983291 Mon Sep 17 00:00:00 2001 +From f0ece5e8cac761a76a86df7204bae7c6ef09215f Mon Sep 17 00:00:00 2001 From: Jaxson Han <jaxson.han@arm.com> Date: Wed, 29 Dec 2021 10:50:21 +0800 Subject: [PATCH] platform: Add print_hex func diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0014-common-Add-mem-usage-to-memreserve.patch b/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0014-common-Add-mem-usage-to-memreserve.patch index ea51816029..f4ea89c609 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0014-common-Add-mem-usage-to-memreserve.patch +++ b/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0014-common-Add-mem-usage-to-memreserve.patch @@ -1,4 +1,4 @@ -From b447242cd2457bec20d47fe6a8a5758d97a3bde3 Mon Sep 17 00:00:00 2001 +From f4704146e1af9f6e0a2220db6b39a328c813fac1 Mon Sep 17 00:00:00 2001 From: Jaxson Han <jaxson.han@arm.com> Date: Wed, 19 Jan 2022 16:19:02 +0800 Subject: [PATCH] common: Add mem usage to /memreserve/ @@ -20,7 +20,7 @@ Change-Id: I2ea80cdf736a910fa2c3deb622e21d50f04be960 create mode 100644 common/device_tree.c diff --git a/Makefile.am b/Makefile.am -index 5e8668a..734de92 100644 +index ab2c3a9..e905602 100644 --- a/Makefile.am +++ b/Makefile.am @@ -34,7 +34,7 @@ endif diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0015-boot-Add-the-enable-keep-el-compile-option.patch b/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0015-boot-Add-the-enable-keep-el-compile-option.patch index 0411ef0229..7d59e5fc3b 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0015-boot-Add-the-enable-keep-el-compile-option.patch +++ b/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0015-boot-Add-the-enable-keep-el-compile-option.patch @@ -1,4 +1,4 @@ -From 8271c21bcff260295203214b7b8c87cdb8236453 Mon Sep 17 00:00:00 2001 +From 5995f83592aea874f5b423538e36675e2204582b Mon Sep 17 00:00:00 2001 From: Jaxson Han <jaxson.han@arm.com> Date: Tue, 4 Jan 2022 17:01:55 +0800 Subject: [PATCH] boot: Add the --enable-keep-el compile option @@ -23,7 +23,7 @@ Change-Id: I3ba9c87cf0b59d163ca433f74c9e3a46e5ca2c63 4 files changed, 20 insertions(+), 1 deletion(-) diff --git a/Makefile.am b/Makefile.am -index 734de92..054becd 100644 +index e905602..6604baa 100644 --- a/Makefile.am +++ b/Makefile.am @@ -33,6 +33,10 @@ PSCI_CPU_ON := 0xc4000003 @@ -38,10 +38,10 @@ index 734de92..054becd 100644 COMMON_OBJ := boot.o bakery_lock.o platform.o lib.o device_tree.o diff --git a/arch/aarch64/boot.S b/arch/aarch64/boot.S -index 6dbd5cc..157c097 100644 +index 27b1139..c079d22 100644 --- a/arch/aarch64/boot.S +++ b/arch/aarch64/boot.S -@@ -233,7 +233,11 @@ el2_init: +@@ -254,7 +254,11 @@ el2_init: msr cnthctl_el2, x0 isb @@ -53,7 +53,7 @@ index 6dbd5cc..157c097 100644 ldr x1, =spsr_to_elx str w0, [x1] // fall through -@@ -313,5 +317,5 @@ ASM_FUNC(jump_kernel) +@@ -334,5 +338,5 @@ ASM_FUNC(jump_kernel) .align 3 flag_keep_el: .long 0 diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0016-Makefile-Change-COUNTER_FREQ-to-100-MHz.patch b/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0016-Makefile-Change-COUNTER_FREQ-to-100-MHz.patch index a6b16e403a..e93a300fb7 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0016-Makefile-Change-COUNTER_FREQ-to-100-MHz.patch +++ b/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0016-Makefile-Change-COUNTER_FREQ-to-100-MHz.patch @@ -1,4 +1,4 @@ -From dd3e3f414d0e6ed1643c2e2ccac676b7fc1dc7a9 Mon Sep 17 00:00:00 2001 +From 0c0695cd3160ccdb95bae29b7668918015c0b6aa Mon Sep 17 00:00:00 2001 From: Peter Hoyes <Peter.Hoyes@arm.com> Date: Tue, 1 Feb 2022 11:28:46 +0000 Subject: [PATCH] Makefile: Change COUNTER_FREQ to 100 MHz @@ -17,7 +17,7 @@ Change-Id: Ia9ad0f8ee488d1a887791f1fa1d8f3bf9c5887fd 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile.am b/Makefile.am -index 40bc5d6..b48173c 100644 +index 6604baa..cc6504e 100644 --- a/Makefile.am +++ b/Makefile.am @@ -13,7 +13,7 @@ SCRIPT_DIR := $(top_srcdir)/scripts @@ -29,6 +29,3 @@ index 40bc5d6..b48173c 100644 CPU_IDS := $(shell perl -I $(SCRIPT_DIR) $(SCRIPT_DIR)/findcpuids.pl $(KERNEL_DTB)) NR_CPUS := $(shell echo $(CPU_IDS) | tr ',' ' ' | wc -w) --- -2.25.1 - diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0017-PSCI-Apply-flush-cache-after-setting-branch_data.patch b/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0017-PSCI-Apply-flush-cache-after-setting-branch_data.patch index 8d981f525c..b63d8d1d3f 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0017-PSCI-Apply-flush-cache-after-setting-branch_data.patch +++ b/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0017-PSCI-Apply-flush-cache-after-setting-branch_data.patch @@ -1,4 +1,4 @@ -From 6923f2a0c59cf92ba5ad50ec1d658a357b4ba5d7 Mon Sep 17 00:00:00 2001 +From fa73d885be85eee4369b292ec601e7b024a68807 Mon Sep 17 00:00:00 2001 From: Jaxson Han <jaxson.han@arm.com> Date: Tue, 2 Nov 2021 10:48:39 +0800 Subject: [PATCH] PSCI: Apply flush cache after setting branch_data @@ -47,6 +47,3 @@ index 945780b..6efc695 100644 return PSCI_RET_SUCCESS; } --- -2.25.1 - diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0018-PSCI-Add-function-call-entry-point.patch b/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0018-PSCI-Add-function-call-entry-point.patch index 97cd3cb9e0..dd2b96537f 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0018-PSCI-Add-function-call-entry-point.patch +++ b/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0018-PSCI-Add-function-call-entry-point.patch @@ -1,4 +1,4 @@ -From ed46e83df2400b1b3f3364169aacf787bd91bd45 Mon Sep 17 00:00:00 2001 +From 9da48e3433b919868650cd60e28827273a42c63b Mon Sep 17 00:00:00 2001 From: Jaxson Han <jaxson.han@arm.com> Date: Tue, 25 Jan 2022 14:56:36 +0800 Subject: [PATCH] PSCI: Add function call entry point @@ -69,6 +69,3 @@ index 6efc695..8fdefb5 100644 void __noreturn psci_first_spin(unsigned int cpu) { if (cpu == MPIDR_INVALID) --- -2.25.1 - diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0019-lds-Rearrange-and-mark-the-sections.patch b/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0019-lds-Rearrange-and-mark-the-sections.patch index 1f10209da1..c0d1fcbbb8 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0019-lds-Rearrange-and-mark-the-sections.patch +++ b/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0019-lds-Rearrange-and-mark-the-sections.patch @@ -1,4 +1,4 @@ -From 36b5fa3f4db49ac7aef42ff1d58a895226c7e96c Mon Sep 17 00:00:00 2001 +From 7c5e40d9f8699a55ac2187c035429c643e6d0ef0 Mon Sep 17 00:00:00 2001 From: Jaxson Han <jaxson.han@arm.com> Date: Tue, 2 Nov 2021 15:10:28 +0800 Subject: [PATCH] lds: Rearrange and mark the sections @@ -56,6 +56,3 @@ index ab98ddf..85451f9 100644 PROVIDE(firmware_end = .); ASSERT(etext <= (PHYS_OFFSET + TEXT_LIMIT), ".text overflow!") --- -2.25.1 - diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0020-common-Provide-firmware-info-using-libfdt.patch b/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0020-common-Provide-firmware-info-using-libfdt.patch index cafcc09bed..1573be05c4 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0020-common-Provide-firmware-info-using-libfdt.patch +++ b/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0020-common-Provide-firmware-info-using-libfdt.patch @@ -1,4 +1,4 @@ -From 8bdbb64d13f14d40546b71dbcfee2b2a8ea002a5 Mon Sep 17 00:00:00 2001 +From 3c1140c29c39561848056fb4b9a03042b00279f3 Mon Sep 17 00:00:00 2001 From: Jaxson Han <jaxson.han@arm.com> Date: Wed, 29 Dec 2021 15:17:38 +0800 Subject: [PATCH] common: Provide firmware info using libfdt @@ -340,6 +340,3 @@ index 4d0876c..7f7befc 100644 + + dt_dump_all(fw_node); +} --- -2.25.1 - diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0021-boot-Enable-firmware-node-initialization.patch b/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0021-boot-Enable-firmware-node-initialization.patch index 943afdee3a..9b367a7bfb 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0021-boot-Enable-firmware-node-initialization.patch +++ b/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0021-boot-Enable-firmware-node-initialization.patch @@ -1,4 +1,4 @@ -From 6dfc937d1ae54d2ae9f8c60ca29ba73ca14dc8c4 Mon Sep 17 00:00:00 2001 +From b1105e862e8f770fc195bc20e9c64d231dd32f66 Mon Sep 17 00:00:00 2001 From: Jaxson Han <jaxson.han@arm.com> Date: Wed, 29 Dec 2021 15:33:17 +0800 Subject: [PATCH] boot: Enable firmware node initialization @@ -29,7 +29,7 @@ Change-Id: Ib274485a34d26215595fd0cd737be86610289817 3 files changed, 12 insertions(+), 2 deletions(-) diff --git a/Makefile.am b/Makefile.am -index 054becd..b01809c 100644 +index cc6504e..fbe6b81 100644 --- a/Makefile.am +++ b/Makefile.am @@ -23,7 +23,7 @@ DEFINES += -DCPU_IDS=$(CPU_IDS) @@ -41,20 +41,20 @@ index 054becd..b01809c 100644 if KERNEL_32 DEFINES += -DKERNEL_32 -@@ -132,7 +132,7 @@ CHOSEN_NODE := chosen { \ - CPPFLAGS += $(INITRD_FLAGS) - CFLAGS += -I$(top_srcdir)/include/ -I$(top_srcdir)/$(ARCH_SRC)/include/ +@@ -134,7 +134,7 @@ CFLAGS += -I$(top_srcdir)/include/ -I$(top_srcdir)/$(ARCH_SRC)/include/ CFLAGS += -Wall -fomit-frame-pointer + CFLAGS += -ffreestanding -nostdlib + CFLAGS += -fno-stack-protector -CFLAGS += -fno-stack-protector +CFLAGS += -fno-stack-protector -fno-builtin CFLAGS += -ffunction-sections -fdata-sections CFLAGS += -fno-pic -fno-pie LDFLAGS += --gc-sections diff --git a/arch/aarch64/boot.S b/arch/aarch64/boot.S -index 157c097..f310387 100644 +index c079d22..daaa674 100644 --- a/arch/aarch64/boot.S +++ b/arch/aarch64/boot.S -@@ -240,6 +240,10 @@ el2_init: +@@ -261,6 +261,10 @@ el2_init: #endif ldr x1, =spsr_to_elx str w0, [x1] @@ -65,7 +65,7 @@ index 157c097..f310387 100644 // fall through el_max_init: -@@ -319,3 +323,5 @@ flag_keep_el: +@@ -340,3 +344,5 @@ flag_keep_el: .long 0 ASM_DATA(spsr_to_elx) .long 0 @@ -93,6 +93,3 @@ index ee2bea0..38b2dca 100644 *mbox = (unsigned long)&entrypoint; sevl(); --- -2.25.1 - diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/external-system/external-system_0.1.0.bb b/meta-arm/meta-arm-bsp/recipes-bsp/external-system/external-system_0.1.0.bb index 5bb8c37c56..dce29a93cd 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/external-system/external-system_0.1.0.bb +++ b/meta-arm/meta-arm-bsp/recipes-bsp/external-system/external-system_0.1.0.bb @@ -8,7 +8,8 @@ LICENSE = "BSD-3-Clause & Apache-2.0" LIC_FILES_CHKSUM = "file://license.md;md5=e44b2531cd6ffe9dece394dbe988d9a0 \ file://cmsis/LICENSE.txt;md5=e3fc50a88d0a364313df4b21ef20c29e" -SRC_URI = "gitsm://git.gitlab.arm.com/arm-reference-solutions/corstone1000/external_system/rtx.git;protocol=https;branch=master" +SRC_URI = "gitsm://git.gitlab.arm.com/arm-reference-solutions/corstone1000/external_system/rtx.git;protocol=https;branch=master \ + file://race.patch" SRCREV = "8c9dca74b104ff6c9722fb0738ba93dd3719c080" PV .= "+git${SRCPV}" diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/external-system/files/race.patch b/meta-arm/meta-arm-bsp/recipes-bsp/external-system/files/race.patch new file mode 100644 index 0000000000..c6bc4f2234 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-bsp/external-system/files/race.patch @@ -0,0 +1,66 @@ +Upstream-Status: Submitted [https://gitlab.arm.com/arm-reference-solutions/corstone1000/external_system/rtx/-/issues/1] +Signed-off-by: Ross Burton <ross.burton@arm.com> + +From 34e1c04534607f5605255f39fb46e26261fc9c4e Mon Sep 17 00:00:00 2001 +From: Ross Burton <ross.burton@arm.com> +Date: Tue, 8 Sep 2020 11:49:08 +0100 +Subject: [PATCH] tools/gen_module_code: atomically rewrite the generated files + +The gen_module rule in rules.mk is marked as .PHONY, so make will +execute it whenever it is mentioned. This results in gen_module_code +being executed 64 times for a Juno build. + +However in heavily parallel builds there's a good chance that +gen_module_code is writing a file whilst the compiler is reading it +because make also doesn't know what files are generated by +gen_module_code. + +The correct fix is to adjust the Makefiles so that the dependencies are +correct but this isn't trivial, so band-aid the problem by atomically +writing the generated files. + +Change-Id: I82d44f9ea6537a91002e1f80de8861d208571630 +Signed-off-by: Ross Burton <ross.burton@arm.com> +--- + tools/gen_module_code.py | 19 ++++++++++++++----- + 1 file changed, 14 insertions(+), 5 deletions(-) + +diff --git a/tools/gen_module_code.py b/tools/gen_module_code.py +index 7b3953845..ee099b713 100755 +--- a/tools/gen_module_code.py ++++ b/tools/gen_module_code.py +@@ -17,6 +17,7 @@ + import argparse + import os + import sys ++import tempfile + + DEFAULT_PATH = 'build/' + +@@ -53,13 +54,21 @@ + + def generate_file(path, filename, content): + full_filename = os.path.join(path, filename) +- with open(full_filename, 'a+') as f: +- f.seek(0) +- if f.read() != content: ++ ++ try: ++ with open(full_filename) as f: ++ rewrite = f.read() != content ++ except FileNotFoundError: ++ rewrite = True ++ ++ if rewrite: ++ with tempfile.NamedTemporaryFile(prefix="gen-module-code", ++ dir=path, ++ delete=False, ++ mode="wt") as f: + print("[GEN] {}...".format(full_filename)) +- f.seek(0) +- f.truncate() + f.write(content) ++ os.replace(f.name, full_filename) + + + def generate_header(path, modules): diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-image.bb b/meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-image.bb index 76a7126b29..3a1639eaa2 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-image.bb +++ b/meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-image.bb @@ -7,10 +7,15 @@ COMPATIBLE_MACHINE = "corstone1000" inherit image inherit wic_nopt tfm_sign_image +inherit uefi_capsule PACKAGE_INSTALL = "" -IMAGE_FSTYPES += "wic wic.nopt" +IMAGE_FSTYPES += "wic wic.nopt uefi_capsule" + +UEFI_FIRMWARE_BINARY = "${PN}-${MACHINE}.${CAPSULE_IMGTYPE}" +UEFI_CAPSULE_CONFIG = "${THISDIR}/files/${PN}-capsule-update-image.json" +CAPSULE_IMGTYPE = "wic.nopt" do_sign_images() { # Sign TF-A BL2 @@ -19,7 +24,8 @@ do_sign_images() { # Update BL2 in the FIP image cp ${RECIPE_SYSROOT}/firmware/${TFA_FIP_BINARY} . - fiptool update --tb-fw ${TFM_IMAGE_SIGN_DIR}/signed_${TFA_BL2_BINARY} \ + fiptool update --tb-fw \ + ${TFM_IMAGE_SIGN_DEPLOY_DIR}/signed_${TFA_BL2_BINARY} \ ${TFM_IMAGE_SIGN_DIR}/${TFA_FIP_BINARY} # Sign the FIP image diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/images/files/corstone1000-image-capsule-update-image.json b/meta-arm/meta-arm-bsp/recipes-bsp/images/files/corstone1000-image-capsule-update-image.json new file mode 100644 index 0000000000..0f011ff740 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-bsp/images/files/corstone1000-image-capsule-update-image.json @@ -0,0 +1,11 @@ +{ + "Payloads": [ + { + "FwVersion": "5", + "Guid": "e2bb9c06-70e9-4b14-97a3-5a7913176e3f", + "LowestSupportedVersion": "1", + "Payload": "$UEFI_FIRMWARE_BINARY", + "UpdateImageIndex": "0" + } + ] +} diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/tf-a-tests_2.7.0.bbappend b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/tf-a-tests_2.8.0.bbappend index ff22ff12de..392c6090e1 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/tf-a-tests_2.7.0.bbappend +++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/tf-a-tests_2.8.0.bbappend @@ -1,3 +1,4 @@ # Machine specific TFAs COMPATIBLE_MACHINE:corstone1000 = "corstone1000" +SRCREV:corstone1000 = "5f591f67738a1bbe6b262c53d9dad46ed8bbcd67" diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.7.%.bbappend b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.8.%.bbappend index 09ed3f793a..09ed3f793a 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.7.%.bbappend +++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.8.%.bbappend diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0001-Platform-corstone1000-Increase-number-of-assets.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0001-Platform-corstone1000-Increase-number-of-assets.patch new file mode 100644 index 0000000000..f0368b84f9 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0001-Platform-corstone1000-Increase-number-of-assets.patch @@ -0,0 +1,38 @@ +From decb355247c4ba4b876997f55c27ec3f55dbacd2 Mon Sep 17 00:00:00 2001 +From: Mohamed Omar Asaker <mohamed.omarasaker@arm.com> +Date: Mon, 23 Jan 2023 13:25:28 +0000 +Subject: [PATCH] Platform: corstone1000: Increase number of assets + +As Corstone1000 stores at boot time few efi variables. +Therefore, number of assets is increased to compansate this early usage. + +Note: Adding platform customized configs to config_tfm.h + More information see: +https://tf-m-user-guide.trustedfirmware.org/configuration/header_file_system.html + +Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com> +Upstream-Status: Pending [Not submitted yet] +--- + platform/ext/target/arm/corstone1000/config_tfm_target.h | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/platform/ext/target/arm/corstone1000/config_tfm_target.h b/platform/ext/target/arm/corstone1000/config_tfm_target.h +index bf8d2f95f7..e968366639 100644 +--- a/platform/ext/target/arm/corstone1000/config_tfm_target.h ++++ b/platform/ext/target/arm/corstone1000/config_tfm_target.h +@@ -16,4 +16,12 @@ + #undef PLATFORM_SERVICE_OUTPUT_BUFFER_SIZE + #define PLATFORM_SERVICE_OUTPUT_BUFFER_SIZE 256 + ++/* The maximum number of assets to be stored in the Internal Trusted Storage. */ ++#undef ITS_NUM_ASSETS ++#define ITS_NUM_ASSETS 20 ++ ++/* The maximum number of assets to be stored in the Protected Storage area. */ ++#undef PS_NUM_ASSETS ++#define PS_NUM_ASSETS 20 ++ + #endif /* __CONFIG_TFM_TARGET_H__ */ +-- +2.25.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-1.7.0-corstone1000.inc b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-1.7.0-corstone1000.inc index 279109e02c..d89aca3778 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-1.7.0-corstone1000.inc +++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-1.7.0-corstone1000.inc @@ -11,6 +11,9 @@ TFM_PLATFORM_IS_FVP ?= "FALSE" EXTRA_OECMAKE += "-DPLATFORM_IS_FVP=${TFM_PLATFORM_IS_FVP}" EXTRA_OECMAKE += "-DCC312_LEGACY_DRIVER_API_ENABLED=OFF" +## Setting SPM backend to IPC +EXTRA_OECMAKE += "-DCONFIG_TFM_SPM_BACKEND=IPC" + # libmetal LICENSE += "& BSD-3-Clause" LIC_FILES_CHKSUM += "file://../libmetal/LICENSE.md;md5=fe0b8a4beea8f0813b606d15a3df3d3c" @@ -26,6 +29,11 @@ SRCREV_openamp = "347397decaa43372fc4d00f965640ebde042966d" EXTRA_OECMAKE += "-DLIBOPENAMP_SRC_PATH=${S}/../openamp -DLIBOPENAMP_BIN_PATH=${B}/libopenamp-build" +FILESEXTRAPATHS:prepend := "${THISDIR}/files:" +SRC_URI:append= " \ + file://0001-Platform-corstone1000-Increase-number-of-assets.patch \ + " + do_install() { install -D -p -m 0644 ${B}/install/outputs/tfm_s_signed.bin ${D}/firmware/tfm_s_signed.bin install -D -p -m 0644 ${B}/install/outputs/bl2_signed.bin ${D}/firmware/bl2_signed.bin diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto_5.19.bb b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto_5.19.bb new file mode 100644 index 0000000000..3bd4c7565f --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto_5.19.bb @@ -0,0 +1,28 @@ +KBRANCH ?= "v5.19/standard/base" + +require recipes-kernel/linux/linux-yocto.inc + +SRCREV_machine ?= "84f2f8e7a625aae0fa9e7027a2e774b99b646cf7" +SRCREV_meta ?= "239a6c0d3c3b046971909f1e066380465b0c331d" + +SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRANCH}; \ + git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.19;destsuffix=${KMETA}" + +LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" +LINUX_VERSION ?= "5.19.17" + +DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" +DEPENDS += "openssl-native util-linux-native" +DEPENDS += "gmp-native libmpc-native" + +PV = "${LINUX_VERSION}+git${SRCPV}" + +KMETA = "kernel-meta" +KCONF_BSP_AUDIT_LEVEL = "1" + +# Functionality flags +KERNEL_EXTRA_FEATURES ?= "features/netfilter/netfilter.scc" +KERNEL_FEATURES:append = " ${KERNEL_EXTRA_FEATURES}" +KERNEL_FEATURES:append = " ${@bb.utils.contains("TUNE_FEATURES", "mx32", " cfg/x32.scc", "", d)}" +KERNEL_FEATURES:append = " ${@bb.utils.contains("DISTRO_FEATURES", "ptest", " features/scsi/scsi-debug.scc", "", d)}" +KERNEL_FEATURES:append = " ${@bb.utils.contains("DISTRO_FEATURES", "ptest", " features/gpio/mockup.scc", "", d)}" diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0024-TF-Mv1.7-alignment-Align-PSA-Crypto-SIDs.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0024-TF-Mv1.7-alignment-Align-PSA-Crypto-SIDs.patch new file mode 100644 index 0000000000..7e65de8698 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0024-TF-Mv1.7-alignment-Align-PSA-Crypto-SIDs.patch @@ -0,0 +1,413 @@ +From ca7d37502f9453125aead14c7ee5181336cbe8f4 Mon Sep 17 00:00:00 2001 +From: Mohamed Omar Asaker <mohamed.omarasaker@arm.com> +Date: Thu, 9 Feb 2023 00:22:40 +0000 +Subject: [PATCH 1/3] TF-Mv1.7 alignment: Align PSA Crypto SIDs + +This patch is to change the PSA Crypto SIDs to match the values of the +PSA Crypto SID definitions in TF-M v1.7 running on the secure enclave + +Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com> +Upstream-Status: Pending [Not submitted yet] +--- + .../service/common/include/psa/crypto_sid.h | 241 ++++++++++++++++++ + components/service/common/include/psa/sid.h | 78 +----- + .../caller/psa_ipc/crypto_caller_sign_hash.h | 4 +- + .../psa_ipc/crypto_caller_verify_hash.h | 4 +- + 4 files changed, 249 insertions(+), 78 deletions(-) + create mode 100644 components/service/common/include/psa/crypto_sid.h + +diff --git a/components/service/common/include/psa/crypto_sid.h b/components/service/common/include/psa/crypto_sid.h +new file mode 100644 +index 00000000..5b05f46d +--- /dev/null ++++ b/components/service/common/include/psa/crypto_sid.h +@@ -0,0 +1,241 @@ ++/* ++ * Copyright (c) 2023, Arm Limited. All rights reserved. ++ * ++ * SPDX-License-Identifier: BSD-3-Clause ++ * ++ */ ++ ++#ifndef __PSA_CRYPTO_SID_H__ ++#define __PSA_CRYPTO_SID_H__ ++ ++#ifdef __cplusplus ++extern "C" { ++#endif ++#include <stdint.h> ++ ++/** ++ * \brief Type associated to the group of a function encoding. There can be ++ * nine groups (Random, Key management, Hash, MAC, Cipher, AEAD, ++ * Asym sign, Asym encrypt, Key derivation). ++ */ ++enum tfm_crypto_group_id { ++ TFM_CRYPTO_GROUP_ID_RANDOM = 0x0, ++ TFM_CRYPTO_GROUP_ID_KEY_MANAGEMENT, ++ TFM_CRYPTO_GROUP_ID_HASH, ++ TFM_CRYPTO_GROUP_ID_MAC, ++ TFM_CRYPTO_GROUP_ID_CIPHER, ++ TFM_CRYPTO_GROUP_ID_AEAD, ++ TFM_CRYPTO_GROUP_ID_ASYM_SIGN, ++ TFM_CRYPTO_GROUP_ID_ASYM_ENCRYPT, ++ TFM_CRYPTO_GROUP_ID_KEY_DERIVATION, ++}; ++ ++/* X macro describing each of the available PSA Crypto APIs */ ++#define KEY_MANAGEMENT_FUNCS \ ++ X(TFM_CRYPTO_GET_KEY_ATTRIBUTES) \ ++ X(TFM_CRYPTO_RESET_KEY_ATTRIBUTES) \ ++ X(TFM_CRYPTO_OPEN_KEY) \ ++ X(TFM_CRYPTO_CLOSE_KEY) \ ++ X(TFM_CRYPTO_IMPORT_KEY) \ ++ X(TFM_CRYPTO_DESTROY_KEY) \ ++ X(TFM_CRYPTO_EXPORT_KEY) \ ++ X(TFM_CRYPTO_EXPORT_PUBLIC_KEY) \ ++ X(TFM_CRYPTO_PURGE_KEY) \ ++ X(TFM_CRYPTO_COPY_KEY) \ ++ X(TFM_CRYPTO_GENERATE_KEY) ++ ++#define HASH_FUNCS \ ++ X(TFM_CRYPTO_HASH_COMPUTE) \ ++ X(TFM_CRYPTO_HASH_COMPARE) \ ++ X(TFM_CRYPTO_HASH_SETUP) \ ++ X(TFM_CRYPTO_HASH_UPDATE) \ ++ X(TFM_CRYPTO_HASH_CLONE) \ ++ X(TFM_CRYPTO_HASH_FINISH) \ ++ X(TFM_CRYPTO_HASH_VERIFY) \ ++ X(TFM_CRYPTO_HASH_ABORT) ++ ++#define MAC_FUNCS \ ++ X(TFM_CRYPTO_MAC_COMPUTE) \ ++ X(TFM_CRYPTO_MAC_VERIFY) \ ++ X(TFM_CRYPTO_MAC_SIGN_SETUP) \ ++ X(TFM_CRYPTO_MAC_VERIFY_SETUP) \ ++ X(TFM_CRYPTO_MAC_UPDATE) \ ++ X(TFM_CRYPTO_MAC_SIGN_FINISH) \ ++ X(TFM_CRYPTO_MAC_VERIFY_FINISH) \ ++ X(TFM_CRYPTO_MAC_ABORT) ++ ++#define CIPHER_FUNCS \ ++ X(TFM_CRYPTO_CIPHER_ENCRYPT) \ ++ X(TFM_CRYPTO_CIPHER_DECRYPT) \ ++ X(TFM_CRYPTO_CIPHER_ENCRYPT_SETUP) \ ++ X(TFM_CRYPTO_CIPHER_DECRYPT_SETUP) \ ++ X(TFM_CRYPTO_CIPHER_GENERATE_IV) \ ++ X(TFM_CRYPTO_CIPHER_SET_IV) \ ++ X(TFM_CRYPTO_CIPHER_UPDATE) \ ++ X(TFM_CRYPTO_CIPHER_FINISH) \ ++ X(TFM_CRYPTO_CIPHER_ABORT) ++ ++#define AEAD_FUNCS \ ++ X(TFM_CRYPTO_AEAD_ENCRYPT) \ ++ X(TFM_CRYPTO_AEAD_DECRYPT) \ ++ X(TFM_CRYPTO_AEAD_ENCRYPT_SETUP) \ ++ X(TFM_CRYPTO_AEAD_DECRYPT_SETUP) \ ++ X(TFM_CRYPTO_AEAD_GENERATE_NONCE) \ ++ X(TFM_CRYPTO_AEAD_SET_NONCE) \ ++ X(TFM_CRYPTO_AEAD_SET_LENGTHS) \ ++ X(TFM_CRYPTO_AEAD_UPDATE_AD) \ ++ X(TFM_CRYPTO_AEAD_UPDATE) \ ++ X(TFM_CRYPTO_AEAD_FINISH) \ ++ X(TFM_CRYPTO_AEAD_VERIFY) \ ++ X(TFM_CRYPTO_AEAD_ABORT) ++ ++#define ASYMMETRIC_SIGN_FUNCS \ ++ X(TFM_CRYPTO_ASYMMETRIC_SIGN_MESSAGE) \ ++ X(TFM_CRYPTO_ASYMMETRIC_VERIFY_MESSAGE) \ ++ X(TFM_CRYPTO_ASYMMETRIC_SIGN_HASH) \ ++ X(TFM_CRYPTO_ASYMMETRIC_VERIFY_HASH) ++ ++#define AYSMMETRIC_ENCRYPT_FUNCS \ ++ X(TFM_CRYPTO_ASYMMETRIC_ENCRYPT) \ ++ X(TFM_CRYPTO_ASYMMETRIC_DECRYPT) ++ ++#define KEY_DERIVATION_FUNCS \ ++ X(TFM_CRYPTO_RAW_KEY_AGREEMENT) \ ++ X(TFM_CRYPTO_KEY_DERIVATION_SETUP) \ ++ X(TFM_CRYPTO_KEY_DERIVATION_GET_CAPACITY) \ ++ X(TFM_CRYPTO_KEY_DERIVATION_SET_CAPACITY) \ ++ X(TFM_CRYPTO_KEY_DERIVATION_INPUT_BYTES) \ ++ X(TFM_CRYPTO_KEY_DERIVATION_INPUT_KEY) \ ++ X(TFM_CRYPTO_KEY_DERIVATION_KEY_AGREEMENT) \ ++ X(TFM_CRYPTO_KEY_DERIVATION_OUTPUT_BYTES) \ ++ X(TFM_CRYPTO_KEY_DERIVATION_OUTPUT_KEY) \ ++ X(TFM_CRYPTO_KEY_DERIVATION_ABORT) ++ ++#define RANDOM_FUNCS \ ++ X(TFM_CRYPTO_GENERATE_RANDOM) ++ ++/* ++ * Define function IDs in each group. The function ID will be encoded into ++ * tfm_crypto_func_sid below. ++ * Each group is defined as a dedicated enum in case the total number of ++ * PSA Crypto APIs exceeds 256. ++ */ ++#define X(func_id) func_id, ++enum tfm_crypto_key_management_func_id { ++ KEY_MANAGEMENT_FUNCS ++}; ++enum tfm_crypto_hash_func_id { ++ HASH_FUNCS ++}; ++enum tfm_crypto_mac_func_id { ++ MAC_FUNCS ++}; ++enum tfm_crypto_cipher_func_id { ++ CIPHER_FUNCS ++}; ++enum tfm_crypto_aead_func_id { ++ AEAD_FUNCS ++}; ++enum tfm_crypto_asym_sign_func_id { ++ ASYMMETRIC_SIGN_FUNCS ++}; ++enum tfm_crypto_asym_encrypt_func_id { ++ AYSMMETRIC_ENCRYPT_FUNCS ++}; ++enum tfm_crypto_key_derivation_func_id { ++ KEY_DERIVATION_FUNCS ++}; ++enum tfm_crypto_random_func_id { ++ RANDOM_FUNCS ++}; ++#undef X ++ ++#define FUNC_ID(func_id) (((func_id) & 0xFF) << 8) ++ ++/* ++ * Numerical progressive value identifying a function API exposed through ++ * the interfaces (S or NS). It's used to dispatch the requests from S/NS ++ * to the corresponding API implementation in the Crypto service backend. ++ * ++ * Each function SID is encoded as uint16_t. ++ * | Func ID | Group ID | ++ * 15 8 7 0 ++ * Func ID is defined in each group func_id enum above ++ * Group ID is defined in tfm_crypto_group_id. ++ */ ++enum tfm_crypto_func_sid { ++ ++#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \ ++ (TFM_CRYPTO_GROUP_ID_KEY_MANAGEMENT & 0xFF)), ++ ++ KEY_MANAGEMENT_FUNCS ++ ++#undef X ++#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \ ++ (TFM_CRYPTO_GROUP_ID_HASH & 0xFF)), ++ HASH_FUNCS ++ ++#undef X ++#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \ ++ (TFM_CRYPTO_GROUP_ID_MAC & 0xFF)), ++ MAC_FUNCS ++ ++#undef X ++#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \ ++ (TFM_CRYPTO_GROUP_ID_CIPHER & 0xFF)), ++ CIPHER_FUNCS ++ ++#undef X ++#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \ ++ (TFM_CRYPTO_GROUP_ID_AEAD & 0xFF)), ++ AEAD_FUNCS ++ ++#undef X ++#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \ ++ (TFM_CRYPTO_GROUP_ID_ASYM_SIGN & 0xFF)), ++ ASYMMETRIC_SIGN_FUNCS ++ ++#undef X ++#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \ ++ (TFM_CRYPTO_GROUP_ID_ASYM_ENCRYPT & 0xFF)), ++ AYSMMETRIC_ENCRYPT_FUNCS ++ ++#undef X ++#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \ ++ (TFM_CRYPTO_GROUP_ID_KEY_DERIVATION & 0xFF)), ++ KEY_DERIVATION_FUNCS ++ ++#undef X ++#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \ ++ (TFM_CRYPTO_GROUP_ID_RANDOM & 0xFF)), ++ RANDOM_FUNCS ++ ++}; ++#undef X ++ ++/** ++ * \brief Define an invalid value for an SID ++ * ++ */ ++#define TFM_CRYPTO_SID_INVALID (~0x0u) ++ ++/** ++ * \brief This value is used to mark an handle as invalid. ++ * ++ */ ++#define TFM_CRYPTO_INVALID_HANDLE (0x0u) ++ ++/** ++ * \brief Define miscellaneous literal constants that are used in the service ++ * ++ */ ++enum { ++ TFM_CRYPTO_NOT_IN_USE = 0, ++ TFM_CRYPTO_IN_USE = 1 ++}; ++ ++#ifdef __cplusplus ++} ++#endif ++ ++#endif /* __PSA_CRYPTO_SID_H__ */ +diff --git a/components/service/common/include/psa/sid.h b/components/service/common/include/psa/sid.h +index 8103a9af..50ad070e 100644 +--- a/components/service/common/include/psa/sid.h ++++ b/components/service/common/include/psa/sid.h +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2019-2021, Arm Limited. All rights reserved. ++ * Copyright (c) 2019-2023, Arm Limited. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + * +@@ -12,6 +12,9 @@ + extern "C" { + #endif + ++/******** PSA Crypto SIDs ********/ ++#include "crypto_sid.h" ++ + /******** TFM_SP_PS ********/ + #define TFM_PROTECTED_STORAGE_SERVICE_SID (0x00000060U) + #define TFM_PROTECTED_STORAGE_SERVICE_VERSION (1U) +@@ -43,79 +46,6 @@ extern "C" { + #define TFM_PLATFORM_SERVICE_HANDLE (0x40000105U) + + +-/** +- * \brief Define a progressive numerical value for each SID which can be used +- * when dispatching the requests to the service +- */ +-enum { +- TFM_CRYPTO_GET_KEY_ATTRIBUTES_SID = (0u), +- TFM_CRYPTO_RESET_KEY_ATTRIBUTES_SID, +- TFM_CRYPTO_OPEN_KEY_SID, +- TFM_CRYPTO_CLOSE_KEY_SID, +- TFM_CRYPTO_IMPORT_KEY_SID, +- TFM_CRYPTO_DESTROY_KEY_SID, +- TFM_CRYPTO_EXPORT_KEY_SID, +- TFM_CRYPTO_EXPORT_PUBLIC_KEY_SID, +- TFM_CRYPTO_PURGE_KEY_SID, +- TFM_CRYPTO_COPY_KEY_SID, +- TFM_CRYPTO_HASH_COMPUTE_SID, +- TFM_CRYPTO_HASH_COMPARE_SID, +- TFM_CRYPTO_HASH_SETUP_SID, +- TFM_CRYPTO_HASH_UPDATE_SID, +- TFM_CRYPTO_HASH_FINISH_SID, +- TFM_CRYPTO_HASH_VERIFY_SID, +- TFM_CRYPTO_HASH_ABORT_SID, +- TFM_CRYPTO_HASH_CLONE_SID, +- TFM_CRYPTO_MAC_COMPUTE_SID, +- TFM_CRYPTO_MAC_VERIFY_SID, +- TFM_CRYPTO_MAC_SIGN_SETUP_SID, +- TFM_CRYPTO_MAC_VERIFY_SETUP_SID, +- TFM_CRYPTO_MAC_UPDATE_SID, +- TFM_CRYPTO_MAC_SIGN_FINISH_SID, +- TFM_CRYPTO_MAC_VERIFY_FINISH_SID, +- TFM_CRYPTO_MAC_ABORT_SID, +- TFM_CRYPTO_CIPHER_ENCRYPT_SID, +- TFM_CRYPTO_CIPHER_DECRYPT_SID, +- TFM_CRYPTO_CIPHER_ENCRYPT_SETUP_SID, +- TFM_CRYPTO_CIPHER_DECRYPT_SETUP_SID, +- TFM_CRYPTO_CIPHER_GENERATE_IV_SID, +- TFM_CRYPTO_CIPHER_SET_IV_SID, +- TFM_CRYPTO_CIPHER_UPDATE_SID, +- TFM_CRYPTO_CIPHER_FINISH_SID, +- TFM_CRYPTO_CIPHER_ABORT_SID, +- TFM_CRYPTO_AEAD_ENCRYPT_SID, +- TFM_CRYPTO_AEAD_DECRYPT_SID, +- TFM_CRYPTO_AEAD_ENCRYPT_SETUP_SID, +- TFM_CRYPTO_AEAD_DECRYPT_SETUP_SID, +- TFM_CRYPTO_AEAD_GENERATE_NONCE_SID, +- TFM_CRYPTO_AEAD_SET_NONCE_SID, +- TFM_CRYPTO_AEAD_SET_LENGTHS_SID, +- TFM_CRYPTO_AEAD_UPDATE_AD_SID, +- TFM_CRYPTO_AEAD_UPDATE_SID, +- TFM_CRYPTO_AEAD_FINISH_SID, +- TFM_CRYPTO_AEAD_VERIFY_SID, +- TFM_CRYPTO_AEAD_ABORT_SID, +- TFM_CRYPTO_SIGN_MESSAGE_SID, +- TFM_CRYPTO_VERIFY_MESSAGE_SID, +- TFM_CRYPTO_SIGN_HASH_SID, +- TFM_CRYPTO_VERIFY_HASH_SID, +- TFM_CRYPTO_ASYMMETRIC_ENCRYPT_SID, +- TFM_CRYPTO_ASYMMETRIC_DECRYPT_SID, +- TFM_CRYPTO_KEY_DERIVATION_SETUP_SID, +- TFM_CRYPTO_KEY_DERIVATION_GET_CAPACITY_SID, +- TFM_CRYPTO_KEY_DERIVATION_SET_CAPACITY_SID, +- TFM_CRYPTO_KEY_DERIVATION_INPUT_BYTES_SID, +- TFM_CRYPTO_KEY_DERIVATION_INPUT_KEY_SID, +- TFM_CRYPTO_KEY_DERIVATION_KEY_AGREEMENT_SID, +- TFM_CRYPTO_KEY_DERIVATION_OUTPUT_BYTES_SID, +- TFM_CRYPTO_KEY_DERIVATION_OUTPUT_KEY_SID, +- TFM_CRYPTO_KEY_DERIVATION_ABORT_SID, +- TFM_CRYPTO_RAW_KEY_AGREEMENT_SID, +- TFM_CRYPTO_GENERATE_RANDOM_SID, +- TFM_CRYPTO_GENERATE_KEY_SID, +- TFM_CRYPTO_SID_MAX, +-}; +- + /******** TFM_SP_PLATFORM ********/ + #define TFM_SP_PLATFORM_SYSTEM_RESET_SID (0x00000040U) + #define TFM_SP_PLATFORM_SYSTEM_RESET_VERSION (1U) +diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h +index e4a2b167..9276748d 100644 +--- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h ++++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h +@@ -37,7 +37,7 @@ static inline psa_status_t crypto_caller_sign_hash(struct service_client *contex + struct rpc_caller *caller = ipc->caller; + psa_status_t status; + struct psa_ipc_crypto_pack_iovec iov = { +- .sfn_id = TFM_CRYPTO_SIGN_HASH_SID, ++ .sfn_id = TFM_CRYPTO_ASYMMETRIC_SIGN_HASH_SID, + .key_id = id, + .alg = alg, + }; +@@ -70,7 +70,7 @@ static inline psa_status_t crypto_caller_sign_message(struct service_client *con + struct rpc_caller *caller = ipc->caller; + psa_status_t status; + struct psa_ipc_crypto_pack_iovec iov = { +- .sfn_id = TFM_CRYPTO_SIGN_MESSAGE_SID, ++ .sfn_id = TFM_CRYPTO_ASYMMETRIC_SIGN_MESSAGE_SID, + .key_id = id, + .alg = alg, + }; +diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h +index cc9279ee..bcd8e0e4 100644 +--- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h ++++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h +@@ -63,7 +63,7 @@ static inline psa_status_t crypto_caller_verify_hash(struct service_client *cont + { + + return crypto_caller_common(context,id,alg,hash,hash_length, +- signature,signature_length, TFM_CRYPTO_VERIFY_HASH_SID); ++ signature,signature_length, TFM_CRYPTO_ASYMMETRIC_VERIFY_HASH_SID); + } + + static inline psa_status_t crypto_caller_verify_message(struct service_client *context, +@@ -76,7 +76,7 @@ static inline psa_status_t crypto_caller_verify_message(struct service_client *c + { + + return crypto_caller_common(context,id,alg,hash,hash_length, +- signature,signature_length, TFM_CRYPTO_VERIFY_MESSAGE_SID); ++ signature,signature_length, TFM_CRYPTO_ASYMMETRIC_VERIFY_MESSAGE_SID); + } + + #ifdef __cplusplus +-- +2.25.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0025-TF-Mv1.7-alignment-Align-crypto-iovec-definition.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0025-TF-Mv1.7-alignment-Align-crypto-iovec-definition.patch new file mode 100644 index 0000000000..ecea236403 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0025-TF-Mv1.7-alignment-Align-crypto-iovec-definition.patch @@ -0,0 +1,655 @@ +From a3e203136e7c552069ae582273e0540a219c105f Mon Sep 17 00:00:00 2001 +From: Mohamed Omar Asaker <mohamed.omarasaker@arm.com> +Date: Thu, 9 Feb 2023 00:01:06 +0000 +Subject: [PATCH 2/3] TF-Mv1.7 alignment: Align crypto iovec definition + +This patch is to align psa_ipc_crypto_pack_iovec with TF-M v1.7 +And propagate changes accross psa_ipc functions +More accuratly change sfn_id to function_id + +Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com> +Upstream-Status: Pending [Not submitted yet] +--- + .../backend/psa_ipc/crypto_ipc_backend.h | 34 +++++++++---------- + .../caller/psa_ipc/crypto_caller_aead.h | 24 ++++++------- + .../crypto_caller_asymmetric_decrypt.h | 2 +- + .../crypto_caller_asymmetric_encrypt.h | 2 +- + .../caller/psa_ipc/crypto_caller_cipher.h | 14 ++++---- + .../caller/psa_ipc/crypto_caller_copy_key.h | 2 +- + .../psa_ipc/crypto_caller_destroy_key.h | 2 +- + .../caller/psa_ipc/crypto_caller_export_key.h | 2 +- + .../psa_ipc/crypto_caller_export_public_key.h | 2 +- + .../psa_ipc/crypto_caller_generate_key.h | 2 +- + .../psa_ipc/crypto_caller_generate_random.h | 2 +- + .../crypto_caller_get_key_attributes.h | 2 +- + .../caller/psa_ipc/crypto_caller_hash.h | 12 +++---- + .../caller/psa_ipc/crypto_caller_import_key.h | 2 +- + .../psa_ipc/crypto_caller_key_derivation.h | 20 +++++------ + .../client/caller/psa_ipc/crypto_caller_mac.h | 12 +++---- + .../caller/psa_ipc/crypto_caller_purge_key.h | 2 +- + .../caller/psa_ipc/crypto_caller_sign_hash.h | 4 +-- + .../psa_ipc/crypto_caller_verify_hash.h | 4 +-- + 19 files changed, 73 insertions(+), 73 deletions(-) + +diff --git a/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h b/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h +index ec25eaf8..aacd3fcc 100644 +--- a/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h ++++ b/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h +@@ -28,23 +28,23 @@ struct psa_ipc_crypto_aead_pack_input { + }; + + struct psa_ipc_crypto_pack_iovec { +- uint32_t sfn_id; /*!< Secure function ID used to dispatch the +- * request +- */ +- uint16_t step; /*!< Key derivation step */ +- psa_key_id_t key_id; /*!< Key id */ +- psa_algorithm_t alg; /*!< Algorithm */ +- uint32_t op_handle; /*!< Frontend context handle associated to a +- * multipart operation +- */ +- uint32_t capacity; /*!< Key derivation capacity */ +- uint32_t ad_length; /*!< Additional Data length for multipart AEAD */ +- uint32_t plaintext_length; /*!< Plaintext length for multipart AEAD */ +- struct psa_ipc_crypto_aead_pack_input aead_in; /*!< FixMe: Temporarily used for +- * AEAD until the API is +- * restructured +- */ +-}; ++ psa_key_id_t key_id; /*!< Key id */ ++ psa_algorithm_t alg; /*!< Algorithm */ ++ uint32_t op_handle; /*!< Frontend context handle associated to a ++ * multipart operation ++ */ ++ uint32_t capacity; /*!< Key derivation capacity */ ++ uint32_t ad_length; /*!< Additional Data length for multipart AEAD */ ++ uint32_t plaintext_length; /*!< Plaintext length for multipart AEAD */ ++ ++ struct psa_ipc_crypto_aead_pack_input aead_in; /*!< Packs AEAD-related inputs */ ++ ++ uint16_t function_id; /*!< Used to identify the function in the ++ * API dispatcher to the service backend ++ * See tfm_crypto_func_sid for detail ++ */ ++ uint16_t step; /*!< Key derivation step */ ++}__packed; + + #define iov_size sizeof(struct psa_ipc_crypto_pack_iovec) + +diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h +index f6aadd8b..efdffdf7 100644 +--- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h ++++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h +@@ -44,7 +44,7 @@ static inline psa_status_t crypto_caller_aead_encrypt( + size_t in_len; + int i; + struct psa_ipc_crypto_pack_iovec iov = { +- .sfn_id = TFM_CRYPTO_AEAD_ENCRYPT_SID, ++ .function_id = TFM_CRYPTO_AEAD_ENCRYPT_SID, + .key_id = key, + .alg = alg, + .aead_in = { .nonce = {0}, .nonce_length = nonce_length }, +@@ -105,7 +105,7 @@ static inline psa_status_t crypto_caller_aead_decrypt( + size_t in_len; + int i; + struct psa_ipc_crypto_pack_iovec iov = { +- .sfn_id = TFM_CRYPTO_AEAD_DECRYPT_SID, ++ .function_id = TFM_CRYPTO_AEAD_DECRYPT_SID, + .key_id = key, + .alg = alg, + .aead_in = { .nonce = {0}, .nonce_length = nonce_length }, +@@ -156,7 +156,7 @@ static inline psa_status_t crypto_caller_aead_encrypt_setup( + struct rpc_caller *caller = ipc->caller; + psa_status_t status; + struct psa_ipc_crypto_pack_iovec iov = { +- .sfn_id = TFM_CRYPTO_AEAD_ENCRYPT_SETUP_SID, ++ .function_id = TFM_CRYPTO_AEAD_ENCRYPT_SETUP_SID, + .key_id = key, + .alg = alg, + .op_handle = (*op_handle), +@@ -185,7 +185,7 @@ static inline psa_status_t crypto_caller_aead_decrypt_setup( + struct rpc_caller *caller = ipc->caller; + psa_status_t status; + struct psa_ipc_crypto_pack_iovec iov = { +- .sfn_id = TFM_CRYPTO_AEAD_DECRYPT_SETUP_SID, ++ .function_id = TFM_CRYPTO_AEAD_DECRYPT_SETUP_SID, + .key_id = key, + .alg = alg, + .op_handle = (*op_handle), +@@ -214,7 +214,7 @@ static inline psa_status_t crypto_caller_aead_generate_nonce( + struct rpc_caller *caller = ipc->caller; + psa_status_t status; + struct psa_ipc_crypto_pack_iovec iov = { +- .sfn_id = TFM_CRYPTO_AEAD_GENERATE_NONCE_SID, ++ .function_id = TFM_CRYPTO_AEAD_GENERATE_NONCE_SID, + .op_handle = op_handle, + }; + +@@ -243,7 +243,7 @@ static inline psa_status_t crypto_caller_aead_set_nonce( + struct rpc_caller *caller = ipc->caller; + psa_status_t status; + struct psa_ipc_crypto_pack_iovec iov = { +- .sfn_id = TFM_CRYPTO_AEAD_SET_NONCE_SID, ++ .function_id = TFM_CRYPTO_AEAD_SET_NONCE_SID, + .op_handle = op_handle, + }; + +@@ -270,7 +270,7 @@ static inline psa_status_t crypto_caller_aead_set_lengths( + struct rpc_caller *caller = ipc->caller; + psa_status_t status; + struct psa_ipc_crypto_pack_iovec iov = { +- .sfn_id = TFM_CRYPTO_AEAD_SET_LENGTHS_SID, ++ .function_id = TFM_CRYPTO_AEAD_SET_LENGTHS_SID, + .ad_length = ad_length, + .plaintext_length = plaintext_length, + .op_handle = op_handle, +@@ -299,7 +299,7 @@ static inline psa_status_t crypto_caller_aead_update_ad( + struct rpc_caller *caller = ipc->caller; + psa_status_t status; + struct psa_ipc_crypto_pack_iovec iov = { +- .sfn_id = TFM_CRYPTO_AEAD_UPDATE_AD_SID, ++ .function_id = TFM_CRYPTO_AEAD_UPDATE_AD_SID, + .op_handle = op_handle, + }; + +@@ -339,7 +339,7 @@ static inline psa_status_t crypto_caller_aead_update( + struct rpc_caller *caller = ipc->caller; + psa_status_t status; + struct psa_ipc_crypto_pack_iovec iov = { +- .sfn_id = TFM_CRYPTO_AEAD_UPDATE_SID, ++ .function_id = TFM_CRYPTO_AEAD_UPDATE_SID, + .op_handle = op_handle, + }; + +@@ -383,7 +383,7 @@ static inline psa_status_t crypto_caller_aead_finish( + struct rpc_caller *caller = ipc->caller; + psa_status_t status; + struct psa_ipc_crypto_pack_iovec iov = { +- .sfn_id = TFM_CRYPTO_AEAD_FINISH_SID, ++ .function_id = TFM_CRYPTO_AEAD_FINISH_SID, + .op_handle = op_handle, + }; + +@@ -436,7 +436,7 @@ static inline psa_status_t crypto_caller_aead_verify( + struct rpc_caller *caller = ipc->caller; + psa_status_t status; + struct psa_ipc_crypto_pack_iovec iov = { +- .sfn_id = TFM_CRYPTO_AEAD_VERIFY_SID, ++ .function_id = TFM_CRYPTO_AEAD_VERIFY_SID, + .op_handle = op_handle, + }; + +@@ -482,7 +482,7 @@ static inline psa_status_t crypto_caller_aead_abort( + struct rpc_caller *caller = ipc->caller; + psa_status_t status; + struct psa_ipc_crypto_pack_iovec iov = { +- .sfn_id = TFM_CRYPTO_AEAD_ABORT_SID, ++ .function_id = TFM_CRYPTO_AEAD_ABORT_SID, + .op_handle = op_handle, + }; + +diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_decrypt.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_decrypt.h +index ff01815c..c387eb55 100644 +--- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_decrypt.h ++++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_decrypt.h +@@ -38,7 +38,7 @@ static inline psa_status_t crypto_caller_asymmetric_decrypt( + psa_status_t status; + size_t in_len; + struct psa_ipc_crypto_pack_iovec iov = { +- .sfn_id = TFM_CRYPTO_ASYMMETRIC_DECRYPT_SID, ++ .function_id = TFM_CRYPTO_ASYMMETRIC_DECRYPT_SID, + .key_id = id, + .alg = alg, + }; +diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_encrypt.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_encrypt.h +index 1daf1689..8eb3de45 100644 +--- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_encrypt.h ++++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_encrypt.h +@@ -38,7 +38,7 @@ static inline psa_status_t crypto_caller_asymmetric_encrypt( + psa_status_t status; + size_t in_len; + struct psa_ipc_crypto_pack_iovec iov = { +- .sfn_id = TFM_CRYPTO_ASYMMETRIC_ENCRYPT_SID, ++ .function_id = TFM_CRYPTO_ASYMMETRIC_ENCRYPT_SID, + .key_id = id, + .alg = alg, + }; +diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h +index fbefb28d..20aa46a5 100644 +--- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h ++++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h +@@ -34,7 +34,7 @@ static inline psa_status_t crypto_caller_cipher_encrypt_setup( + struct rpc_caller *caller = ipc->caller; + psa_status_t status; + struct psa_ipc_crypto_pack_iovec iov = { +- .sfn_id = TFM_CRYPTO_CIPHER_ENCRYPT_SETUP_SID, ++ .function_id = TFM_CRYPTO_CIPHER_ENCRYPT_SETUP_SID, + .key_id = key, + .alg = alg, + .op_handle = *op_handle, +@@ -62,7 +62,7 @@ static inline psa_status_t crypto_caller_cipher_decrypt_setup( + struct rpc_caller *caller = ipc->caller; + psa_status_t status; + struct psa_ipc_crypto_pack_iovec iov = { +- .sfn_id = TFM_CRYPTO_CIPHER_DECRYPT_SETUP_SID, ++ .function_id = TFM_CRYPTO_CIPHER_DECRYPT_SETUP_SID, + .key_id = key, + .alg = alg, + .op_handle = *op_handle, +@@ -91,7 +91,7 @@ static inline psa_status_t crypto_caller_cipher_generate_iv( + struct rpc_caller *caller = ipc->caller; + psa_status_t status; + struct psa_ipc_crypto_pack_iovec iov = { +- .sfn_id = TFM_CRYPTO_CIPHER_GENERATE_IV_SID, ++ .function_id = TFM_CRYPTO_CIPHER_GENERATE_IV_SID, + .op_handle = op_handle, + }; + struct psa_invec in_vec[] = { +@@ -120,7 +120,7 @@ static inline psa_status_t crypto_caller_cipher_set_iv( + struct rpc_caller *caller = ipc->caller; + psa_status_t status; + struct psa_ipc_crypto_pack_iovec iov = { +- .sfn_id = TFM_CRYPTO_CIPHER_SET_IV_SID, ++ .function_id = TFM_CRYPTO_CIPHER_SET_IV_SID, + .op_handle = op_handle, + }; + struct psa_invec in_vec[] = { +@@ -150,7 +150,7 @@ static inline psa_status_t crypto_caller_cipher_update( + struct rpc_caller *caller = ipc->caller; + psa_status_t status; + struct psa_ipc_crypto_pack_iovec iov = { +- .sfn_id = TFM_CRYPTO_CIPHER_UPDATE_SID, ++ .function_id = TFM_CRYPTO_CIPHER_UPDATE_SID, + .op_handle = op_handle, + }; + struct psa_invec in_vec[] = { +@@ -181,7 +181,7 @@ static inline psa_status_t crypto_caller_cipher_finish( + struct rpc_caller *caller = ipc->caller; + psa_status_t status; + struct psa_ipc_crypto_pack_iovec iov = { +- .sfn_id = TFM_CRYPTO_CIPHER_FINISH_SID, ++ .function_id = TFM_CRYPTO_CIPHER_FINISH_SID, + .op_handle = op_handle, + }; + struct psa_invec in_vec[] = { +@@ -208,7 +208,7 @@ static inline psa_status_t crypto_caller_cipher_abort( + struct rpc_caller *caller = ipc->caller; + psa_status_t status; + struct psa_ipc_crypto_pack_iovec iov = { +- .sfn_id = TFM_CRYPTO_CIPHER_ABORT_SID, ++ .function_id = TFM_CRYPTO_CIPHER_ABORT_SID, + .op_handle = op_handle, + }; + struct psa_invec in_vec[] = { +diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_copy_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_copy_key.h +index 9a988171..48157d7e 100644 +--- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_copy_key.h ++++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_copy_key.h +@@ -33,7 +33,7 @@ static inline psa_status_t crypto_caller_copy_key(struct service_client *context + struct rpc_caller *caller = ipc->caller; + psa_status_t status; + struct psa_ipc_crypto_pack_iovec iov = { +- .sfn_id = TFM_CRYPTO_COPY_KEY_SID, ++ .function_id = TFM_CRYPTO_COPY_KEY_SID, + .key_id = source_key, + }; + struct psa_invec in_vec[] = { +diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_destroy_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_destroy_key.h +index d00f4faa..6d0a05e6 100644 +--- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_destroy_key.h ++++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_destroy_key.h +@@ -31,7 +31,7 @@ static inline psa_status_t crypto_caller_destroy_key(struct service_client *cont + struct rpc_caller *caller = ipc->caller; + psa_status_t status; + struct psa_ipc_crypto_pack_iovec iov = { +- .sfn_id = TFM_CRYPTO_DESTROY_KEY_SID, ++ .function_id = TFM_CRYPTO_DESTROY_KEY_SID, + .key_id = id, + }; + struct psa_invec in_vec[] = { +diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_key.h +index 8ac5477f..9a6b7013 100644 +--- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_key.h ++++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_key.h +@@ -34,7 +34,7 @@ static inline psa_status_t crypto_caller_export_key(struct service_client *conte + struct rpc_caller *caller = ipc->caller; + psa_status_t status; + struct psa_ipc_crypto_pack_iovec iov = { +- .sfn_id = TFM_CRYPTO_EXPORT_KEY_SID, ++ .function_id = TFM_CRYPTO_EXPORT_KEY_SID, + .key_id = id, + }; + struct psa_invec in_vec[] = { +diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_public_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_public_key.h +index b24c47f1..52bdd757 100644 +--- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_public_key.h ++++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_public_key.h +@@ -34,7 +34,7 @@ static inline psa_status_t crypto_caller_export_public_key(struct service_client + struct rpc_caller *caller = ipc->caller; + psa_status_t status; + struct psa_ipc_crypto_pack_iovec iov = { +- .sfn_id = TFM_CRYPTO_EXPORT_PUBLIC_KEY_SID, ++ .function_id = TFM_CRYPTO_EXPORT_PUBLIC_KEY_SID, + .key_id = id, + }; + struct psa_invec in_vec[] = { +diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_key.h +index 1b66ed40..7ed1673b 100644 +--- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_key.h ++++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_key.h +@@ -32,7 +32,7 @@ static inline psa_status_t crypto_caller_generate_key(struct service_client *con + struct rpc_caller *caller = ipc->caller; + psa_status_t status; + struct psa_ipc_crypto_pack_iovec iov = { +- .sfn_id = TFM_CRYPTO_GENERATE_KEY_SID, ++ .function_id = TFM_CRYPTO_GENERATE_KEY_SID, + }; + struct psa_invec in_vec[] = { + { .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) }, +diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_random.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_random.h +index 7c538237..4fb87aa8 100644 +--- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_random.h ++++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_random.h +@@ -32,7 +32,7 @@ static inline psa_status_t crypto_caller_generate_random(struct service_client * + struct rpc_caller *caller = ipc->caller; + psa_status_t status; + struct psa_ipc_crypto_pack_iovec iov = { +- .sfn_id = TFM_CRYPTO_GENERATE_RANDOM_SID, ++ .function_id = TFM_CRYPTO_GENERATE_RANDOM_SID, + }; + struct psa_invec in_vec[] = { + { .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) }, +diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_get_key_attributes.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_get_key_attributes.h +index 22f1d18f..2caa3bd3 100644 +--- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_get_key_attributes.h ++++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_get_key_attributes.h +@@ -33,7 +33,7 @@ static inline psa_status_t crypto_caller_get_key_attributes( + struct rpc_caller *caller = ipc->caller; + psa_status_t status; + struct psa_ipc_crypto_pack_iovec iov = { +- .sfn_id = TFM_CRYPTO_GET_KEY_ATTRIBUTES_SID, ++ .function_id = TFM_CRYPTO_GET_KEY_ATTRIBUTES_SID, + .key_id = key, + }; + struct psa_invec in_vec[] = { +diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h +index 9f37908a..4fb60d44 100644 +--- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h ++++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h +@@ -33,7 +33,7 @@ static inline psa_status_t crypto_caller_hash_setup( + struct rpc_caller *caller = ipc->caller; + psa_status_t status; + struct psa_ipc_crypto_pack_iovec iov = { +- .sfn_id = TFM_CRYPTO_HASH_SETUP_SID, ++ .function_id = TFM_CRYPTO_HASH_SETUP_SID, + .alg = alg, + .op_handle = *op_handle, + }; +@@ -60,7 +60,7 @@ static inline psa_status_t crypto_caller_hash_update( + struct rpc_caller *caller = ipc->caller; + psa_status_t status; + struct psa_ipc_crypto_pack_iovec iov = { +- .sfn_id = TFM_CRYPTO_HASH_UPDATE_SID, ++ .function_id = TFM_CRYPTO_HASH_UPDATE_SID, + .op_handle = op_handle, + }; + struct psa_invec in_vec[] = { +@@ -88,7 +88,7 @@ static inline psa_status_t crypto_caller_hash_finish( + struct rpc_caller *caller = ipc->caller; + psa_status_t status; + struct psa_ipc_crypto_pack_iovec iov = { +- .sfn_id = TFM_CRYPTO_HASH_FINISH_SID, ++ .function_id = TFM_CRYPTO_HASH_FINISH_SID, + .op_handle = op_handle, + }; + struct psa_invec in_vec[] = { +@@ -115,7 +115,7 @@ static inline psa_status_t crypto_caller_hash_abort( + struct rpc_caller *caller = ipc->caller; + psa_status_t status; + struct psa_ipc_crypto_pack_iovec iov = { +- .sfn_id = TFM_CRYPTO_HASH_ABORT_SID, ++ .function_id = TFM_CRYPTO_HASH_ABORT_SID, + .op_handle = op_handle, + }; + struct psa_invec in_vec[] = { +@@ -141,7 +141,7 @@ static inline psa_status_t crypto_caller_hash_verify( + struct rpc_caller *caller = ipc->caller; + psa_status_t status; + struct psa_ipc_crypto_pack_iovec iov = { +- .sfn_id = TFM_CRYPTO_HASH_VERIFY_SID, ++ .function_id = TFM_CRYPTO_HASH_VERIFY_SID, + .op_handle = op_handle, + }; + struct psa_invec in_vec[] = { +@@ -167,7 +167,7 @@ static inline psa_status_t crypto_caller_hash_clone( + struct rpc_caller *caller = ipc->caller; + psa_status_t status; + struct psa_ipc_crypto_pack_iovec iov = { +- .sfn_id = TFM_CRYPTO_HASH_CLONE_SID, ++ .function_id = TFM_CRYPTO_HASH_CLONE_SID, + .op_handle = source_op_handle, + }; + struct psa_invec in_vec[] = { +diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_import_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_import_key.h +index d4703366..1458163c 100644 +--- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_import_key.h ++++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_import_key.h +@@ -33,7 +33,7 @@ static inline psa_status_t crypto_caller_import_key(struct service_client *conte + struct rpc_caller *caller = ipc->caller; + psa_status_t status; + struct psa_ipc_crypto_pack_iovec iov = { +- .sfn_id = TFM_CRYPTO_IMPORT_KEY_SID, ++ .function_id = TFM_CRYPTO_IMPORT_KEY_SID, + }; + struct psa_invec in_vec[] = { + { .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) }, +diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_derivation.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_derivation.h +index 5ce4fb6c..16be9916 100644 +--- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_derivation.h ++++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_derivation.h +@@ -33,7 +33,7 @@ static inline psa_status_t crypto_caller_key_derivation_setup( + struct rpc_caller *caller = ipc->caller; + psa_status_t status; + struct psa_ipc_crypto_pack_iovec iov = { +- .sfn_id = TFM_CRYPTO_KEY_DERIVATION_SETUP_SID, ++ .function_id = TFM_CRYPTO_KEY_DERIVATION_SETUP_SID, + .alg = alg, + .op_handle = *op_handle, + }; +@@ -59,7 +59,7 @@ static inline psa_status_t crypto_caller_key_derivation_get_capacity( + struct rpc_caller *caller = ipc->caller; + psa_status_t status; + struct psa_ipc_crypto_pack_iovec iov = { +- .sfn_id = TFM_CRYPTO_KEY_DERIVATION_GET_CAPACITY_SID, ++ .function_id = TFM_CRYPTO_KEY_DERIVATION_GET_CAPACITY_SID, + .op_handle = op_handle, + }; + struct psa_invec in_vec[] = { +@@ -84,7 +84,7 @@ static inline psa_status_t crypto_caller_key_derivation_set_capacity( + struct rpc_caller *caller = ipc->caller; + psa_status_t status; + struct psa_ipc_crypto_pack_iovec iov = { +- .sfn_id = TFM_CRYPTO_KEY_DERIVATION_SET_CAPACITY_SID, ++ .function_id = TFM_CRYPTO_KEY_DERIVATION_SET_CAPACITY_SID, + .capacity = capacity, + .op_handle = op_handle, + }; +@@ -109,7 +109,7 @@ static inline psa_status_t crypto_caller_key_derivation_input_bytes( + struct rpc_caller *caller = ipc->caller; + psa_status_t status; + struct psa_ipc_crypto_pack_iovec iov = { +- .sfn_id = TFM_CRYPTO_KEY_DERIVATION_INPUT_BYTES_SID, ++ .function_id = TFM_CRYPTO_KEY_DERIVATION_INPUT_BYTES_SID, + .step = step, + .op_handle = op_handle, + }; +@@ -134,7 +134,7 @@ static inline psa_status_t crypto_caller_key_derivation_input_key( + struct rpc_caller *caller = ipc->caller; + psa_status_t status; + struct psa_ipc_crypto_pack_iovec iov = { +- .sfn_id = TFM_CRYPTO_KEY_DERIVATION_INPUT_KEY_SID, ++ .function_id = TFM_CRYPTO_KEY_DERIVATION_INPUT_KEY_SID, + .key_id = key, + .step = step, + .op_handle = op_handle, +@@ -159,7 +159,7 @@ static inline psa_status_t crypto_caller_key_derivation_output_bytes( + struct rpc_caller *caller = ipc->caller; + psa_status_t status; + struct psa_ipc_crypto_pack_iovec iov = { +- .sfn_id = TFM_CRYPTO_KEY_DERIVATION_OUTPUT_BYTES_SID, ++ .function_id = TFM_CRYPTO_KEY_DERIVATION_OUTPUT_BYTES_SID, + .op_handle = op_handle, + }; + struct psa_invec in_vec[] = { +@@ -185,7 +185,7 @@ static inline psa_status_t crypto_caller_key_derivation_output_key( + struct rpc_caller *caller = ipc->caller; + psa_status_t status; + struct psa_ipc_crypto_pack_iovec iov = { +- .sfn_id = TFM_CRYPTO_KEY_DERIVATION_OUTPUT_KEY_SID, ++ .function_id = TFM_CRYPTO_KEY_DERIVATION_OUTPUT_KEY_SID, + .op_handle = op_handle, + }; + struct psa_invec in_vec[] = { +@@ -211,7 +211,7 @@ static inline psa_status_t crypto_caller_key_derivation_abort( + struct rpc_caller *caller = ipc->caller; + psa_status_t status; + struct psa_ipc_crypto_pack_iovec iov = { +- .sfn_id = TFM_CRYPTO_KEY_DERIVATION_ABORT_SID, ++ .function_id = TFM_CRYPTO_KEY_DERIVATION_ABORT_SID, + .op_handle = op_handle, + }; + struct psa_invec in_vec[] = { +@@ -239,7 +239,7 @@ static inline psa_status_t crypto_caller_key_derivation_key_agreement( + struct rpc_caller *caller = ipc->caller; + psa_status_t status; + struct psa_ipc_crypto_pack_iovec iov = { +- .sfn_id = TFM_CRYPTO_KEY_DERIVATION_KEY_AGREEMENT_SID, ++ .function_id = TFM_CRYPTO_KEY_DERIVATION_KEY_AGREEMENT_SID, + .key_id = private_key, + .step = step, + .op_handle = op_handle, +@@ -270,7 +270,7 @@ static inline psa_status_t crypto_caller_raw_key_agreement( + struct rpc_caller *caller = ipc->caller; + psa_status_t status; + struct psa_ipc_crypto_pack_iovec iov = { +- .sfn_id = TFM_CRYPTO_RAW_KEY_AGREEMENT_SID, ++ .function_id = TFM_CRYPTO_RAW_KEY_AGREEMENT_SID, + .alg = alg, + .key_id = private_key, + }; +diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_mac.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_mac.h +index 3a820192..30222800 100644 +--- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_mac.h ++++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_mac.h +@@ -34,7 +34,7 @@ static inline psa_status_t crypto_caller_mac_sign_setup( + struct rpc_caller *caller = ipc->caller; + psa_status_t status; + struct psa_ipc_crypto_pack_iovec iov = { +- .sfn_id = TFM_CRYPTO_MAC_SIGN_SETUP_SID, ++ .function_id = TFM_CRYPTO_MAC_SIGN_SETUP_SID, + .key_id = key, + .alg = alg, + .op_handle = *op_handle, +@@ -62,7 +62,7 @@ static inline psa_status_t crypto_caller_mac_verify_setup( + struct rpc_caller *caller = ipc->caller; + psa_status_t status; + struct psa_ipc_crypto_pack_iovec iov = { +- .sfn_id = TFM_CRYPTO_MAC_VERIFY_SETUP_SID, ++ .function_id = TFM_CRYPTO_MAC_VERIFY_SETUP_SID, + .key_id = key, + .alg = alg, + .op_handle = *op_handle, +@@ -90,7 +90,7 @@ static inline psa_status_t crypto_caller_mac_update( + struct rpc_caller *caller = ipc->caller; + psa_status_t status; + struct psa_ipc_crypto_pack_iovec iov = { +- .sfn_id = TFM_CRYPTO_MAC_UPDATE_SID, ++ .function_id = TFM_CRYPTO_MAC_UPDATE_SID, + .op_handle = op_handle, + }; + struct psa_invec in_vec[] = { +@@ -118,7 +118,7 @@ static inline psa_status_t crypto_caller_mac_sign_finish( + struct rpc_caller *caller = ipc->caller; + psa_status_t status; + struct psa_ipc_crypto_pack_iovec iov = { +- .sfn_id = TFM_CRYPTO_MAC_SIGN_FINISH_SID, ++ .function_id = TFM_CRYPTO_MAC_SIGN_FINISH_SID, + .op_handle = op_handle, + }; + struct psa_invec in_vec[] = { +@@ -147,7 +147,7 @@ static inline psa_status_t crypto_caller_mac_verify_finish( + struct rpc_caller *caller = ipc->caller; + psa_status_t status; + struct psa_ipc_crypto_pack_iovec iov = { +- .sfn_id = TFM_CRYPTO_MAC_VERIFY_FINISH_SID, ++ .function_id = TFM_CRYPTO_MAC_VERIFY_FINISH_SID, + .op_handle = op_handle, + }; + struct psa_invec in_vec[] = { +@@ -172,7 +172,7 @@ static inline psa_status_t crypto_caller_mac_abort( + struct rpc_caller *caller = ipc->caller; + psa_status_t status; + struct psa_ipc_crypto_pack_iovec iov = { +- .sfn_id = TFM_CRYPTO_MAC_ABORT_SID, ++ .function_id = TFM_CRYPTO_MAC_ABORT_SID, + .op_handle = op_handle, + }; + struct psa_invec in_vec[] = { +diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_purge_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_purge_key.h +index a3a796e2..f6ab0978 100644 +--- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_purge_key.h ++++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_purge_key.h +@@ -31,7 +31,7 @@ static inline psa_status_t crypto_caller_purge_key(struct service_client *contex + struct rpc_caller *caller = ipc->caller; + psa_status_t status; + struct psa_ipc_crypto_pack_iovec iov = { +- .sfn_id = TFM_CRYPTO_PURGE_KEY_SID, ++ .function_id = TFM_CRYPTO_PURGE_KEY_SID, + .key_id = id, + }; + struct psa_invec in_vec[] = { +diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h +index 9276748d..8b53e3dc 100644 +--- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h ++++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h +@@ -37,7 +37,7 @@ static inline psa_status_t crypto_caller_sign_hash(struct service_client *contex + struct rpc_caller *caller = ipc->caller; + psa_status_t status; + struct psa_ipc_crypto_pack_iovec iov = { +- .sfn_id = TFM_CRYPTO_ASYMMETRIC_SIGN_HASH_SID, ++ .function_id = TFM_CRYPTO_ASYMMETRIC_SIGN_HASH_SID, + .key_id = id, + .alg = alg, + }; +@@ -70,7 +70,7 @@ static inline psa_status_t crypto_caller_sign_message(struct service_client *con + struct rpc_caller *caller = ipc->caller; + psa_status_t status; + struct psa_ipc_crypto_pack_iovec iov = { +- .sfn_id = TFM_CRYPTO_ASYMMETRIC_SIGN_MESSAGE_SID, ++ .function_id = TFM_CRYPTO_ASYMMETRIC_SIGN_MESSAGE_SID, + .key_id = id, + .alg = alg, + }; +diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h +index bcd8e0e4..c9ed865b 100644 +--- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h ++++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h +@@ -31,13 +31,13 @@ static inline psa_status_t crypto_caller_common(struct service_client *context, + size_t hash_length, + const uint8_t *signature, + size_t signature_length, +- uint32_t sfn_id) ++ uint32_t function_id) + { + struct service_client *ipc = context; + struct rpc_caller *caller = ipc->caller; + psa_status_t status; + struct psa_ipc_crypto_pack_iovec iov = { +- .sfn_id = sfn_id, ++ .function_id = function_id, + .key_id = id, + .alg = alg, + }; +-- +2.25.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0026-TF-Mv1.7-alignment-PSA-crypto-client-in-out_vec.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0026-TF-Mv1.7-alignment-PSA-crypto-client-in-out_vec.patch new file mode 100644 index 0000000000..0dcdd5da2c --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0026-TF-Mv1.7-alignment-PSA-crypto-client-in-out_vec.patch @@ -0,0 +1,117 @@ +From ee7e13dcc14110aa16f7c6453cfe72f088857ed2 Mon Sep 17 00:00:00 2001 +From: Mohamed Omar Asaker <mohamed.omarasaker@arm.com> +Date: Thu, 9 Feb 2023 00:34:23 +0000 +Subject: [PATCH 3/3] TF-Mv1.7 alignment: PSA crypto client in/out_vec + +Few psa crypto operations have different in/out_vec expectations +This patch is fixing the differences between psa crypto client in TS +and psa crypto service in TF-M running on the secure enclave + +operations: +- aead_generate_nonce: TFM service doesn't expect op_handle in in_vec +- aead_update: TFM service doesn't expect op_handle in in_vec +- cipher_generate_iv: TFM service doesn't expect op_handle in in_vec +- cipher_update: TFM service doesn't expect op_handle in in_vec +- hash_clone: TFM service expects target_op_handle in the in_vec + rationale is target_op_handle according to the spec + must be initialized and not active. and since hash_clone + manipulates it. hence, target_op_handle should be passed + as input and output. + +Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com> +Upstream-Status: Pending [Not submitted yet] +--- + .../crypto/client/caller/psa_ipc/crypto_caller_aead.h | 6 ++---- + .../crypto/client/caller/psa_ipc/crypto_caller_cipher.h | 6 ++---- + .../crypto/client/caller/psa_ipc/crypto_caller_hash.h | 2 ++ + 3 files changed, 6 insertions(+), 8 deletions(-) + +diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h +index efdffdf7..e862c2de 100644 +--- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h ++++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h +@@ -222,14 +222,13 @@ static inline psa_status_t crypto_caller_aead_generate_nonce( + {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)}, + }; + struct psa_outvec out_vec[] = { +- {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)}, + {.base = psa_ptr_to_u32(nonce), .len = nonce_size} + }; + + status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, + IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); + +- *nonce_length = out_vec[1].len; ++ *nonce_length = out_vec[0].len; + return status; + } + +@@ -353,7 +352,6 @@ static inline psa_status_t crypto_caller_aead_update( + {.base = psa_ptr_const_to_u32(input), .len = input_length} + }; + struct psa_outvec out_vec[] = { +- {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)}, + {.base = psa_ptr_const_to_u32(output), .len = output_size}, + }; + +@@ -365,7 +363,7 @@ static inline psa_status_t crypto_caller_aead_update( + status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, + in_len, out_vec, IOVEC_LEN(out_vec)); + +- *output_length = out_vec[1].len; ++ *output_length = out_vec[0].len; + return status; + } + +diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h +index 20aa46a5..948865e4 100644 +--- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h ++++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h +@@ -98,14 +98,13 @@ static inline psa_status_t crypto_caller_cipher_generate_iv( + { .base = psa_ptr_to_u32(&iov), .len = iov_size }, + }; + struct psa_outvec out_vec[] = { +- { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) }, + { .base = psa_ptr_to_u32(iv), .len = iv_size }, + }; + + status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, + IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); + +- *iv_length = out_vec[1].len; ++ *iv_length = out_vec[0].len; + + return status; + } +@@ -158,14 +157,13 @@ static inline psa_status_t crypto_caller_cipher_update( + { .base = psa_ptr_const_to_u32(input), .len = input_length }, + }; + struct psa_outvec out_vec[] = { +- { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) }, + { .base = psa_ptr_to_u32(output), .len = output_size }, + }; + + status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, + IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); + +- *output_length = out_vec[1].len; ++ *output_length = out_vec[0].len; + + return status; + } +diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h +index 4fb60d44..1e422130 100644 +--- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h ++++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h +@@ -172,6 +172,8 @@ static inline psa_status_t crypto_caller_hash_clone( + }; + struct psa_invec in_vec[] = { + { .base = psa_ptr_to_u32(&iov), .len = iov_size }, ++ { .base = psa_ptr_to_u32(target_op_handle), ++ .len = sizeof(uint32_t) }, + }; + struct psa_outvec out_vec[] = { + { .base = psa_ptr_to_u32(target_op_handle), +-- +2.25.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/psa-apitest/0002-corstone1000-Disable-obsolete-algorithms.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/psa-apitest/0002-corstone1000-Disable-obsolete-algorithms.patch new file mode 100644 index 0000000000..d13e167a05 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/psa-apitest/0002-corstone1000-Disable-obsolete-algorithms.patch @@ -0,0 +1,32 @@ +From 1bc041813df89a1be953d0ba3471e608f6fa7ed8 Mon Sep 17 00:00:00 2001 +From: Mohamed Omar Asaker <mohamed.omarasaker@arm.com> +Date: Thu, 9 Feb 2023 20:54:40 +0000 +Subject: [PATCH] corstone1000: Disable obsolete algorithms + +curves of size <255 are obsolete algorithms + +Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com> +Upstream-Status: Inappropriate [Discussions of having these configs + in a separate target is ongoing] +--- + .../targets/tgt_dev_apis_linux/nspe/pal_crypto_config.h | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_crypto_config.h b/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_crypto_config.h +index c6d4aad..1d9b356 100755 +--- a/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_crypto_config.h ++++ b/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_crypto_config.h +@@ -66,6 +66,10 @@ + #endif + #endif + ++/* curves of size <255 are obsolete algorithms, should be disabled. */ ++#undef ARCH_TEST_ECC_CURVE_SECP192R1 ++#undef ARCH_TEST_ECC_CURVE_SECP224R1 ++ + /** + * \def ARCH_TEST_AES + * +-- +2.25.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/psa-apitest/0003-corstone1000-Disable-SHA512-384.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/psa-apitest/0003-corstone1000-Disable-SHA512-384.patch new file mode 100644 index 0000000000..a16bf3e294 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/psa-apitest/0003-corstone1000-Disable-SHA512-384.patch @@ -0,0 +1,32 @@ +From abdea43f1de61a0e76b13890cb403f7955998b02 Mon Sep 17 00:00:00 2001 +From: Mohamed Omar Asaker <mohamed.omarasaker@arm.com> +Date: Thu, 9 Feb 2023 21:06:22 +0000 +Subject: [PATCH] corstone1000: Disable SHA512/384 + +SHA512 and SHA384 is not available on Cryptocell (hardware accelerator) + +Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com> +Upstream-Status: Inappropriate [Discussions of having these configs + in a separate target is ongoing] +--- + .../targets/tgt_dev_apis_linux/nspe/pal_crypto_config.h | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_crypto_config.h b/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_crypto_config.h +index 1d9b356..d6d552a 100755 +--- a/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_crypto_config.h ++++ b/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_crypto_config.h +@@ -272,8 +272,8 @@ + #define ARCH_TEST_SHA256 + #ifndef TF_M_PROFILE_SMALL + #ifndef TF_M_PROFILE_MEDIUM +-#define ARCH_TEST_SHA384 +-#define ARCH_TEST_SHA512 ++// #define ARCH_TEST_SHA384 ++// #define ARCH_TEST_SHA512 + #endif + #endif + //#define ARCH_TEST_SHA512_224 +-- +2.25.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc index 59009555d3..867bd66e4d 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc @@ -25,6 +25,10 @@ SRC_URI:append:corstone1000 = " \ file://0021-smm_gateway-add-checks-for-null-attributes.patch;patchdir=../trusted-services \ file://0022-GetNextVariableName-Fix.patch;patchdir=../trusted-services \ file://0023-Use-the-stateless-platform-service.patch;patchdir=../trusted-services \ + file://0024-TF-Mv1.7-alignment-Align-PSA-Crypto-SIDs.patch;patchdir=../trusted-services \ + file://0025-TF-Mv1.7-alignment-Align-crypto-iovec-definition.patch;patchdir=../trusted-services \ + file://0026-TF-Mv1.7-alignment-PSA-crypto-client-in-out_vec.patch;patchdir=../trusted-services \ " + COMPATIBLE_MACHINE:n1sdp = "n1sdp" diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-api-test.inc b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-api-test.inc index a1f43d415c..c9b1c784a3 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-api-test.inc +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-api-test.inc @@ -4,4 +4,6 @@ include ts-arm-platforms.inc SRC_URI:append:corstone1000 = " \ file://0001-corstone1000-port-crypto-config.patch;patchdir=../psatest \ + file://0002-corstone1000-Disable-obsolete-algorithms.patch;patchdir=../psatest \ + file://0003-corstone1000-Disable-SHA512-384.patch;patchdir=../psatest \ " diff --git a/meta-arm/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-12.2/0026-rust-recursion-limit.patch b/meta-arm/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-12.2/0026-rust-recursion-limit.patch index bbe2f18f6f..e13a996209 100644 --- a/meta-arm/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-12.2/0026-rust-recursion-limit.patch +++ b/meta-arm/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-12.2/0026-rust-recursion-limit.patch @@ -9,6 +9,7 @@ libiberty/ * rust-demangle.c (demangle_const): Add recursion limit. Upstream-Status: Backport [https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79] +Signed-off-by: Sumit Garg <sumit.garg@linaro.org> --- libiberty/rust-demangle.c | 29 ++++++++++++++++++++--------- 1 file changed, 20 insertions(+), 9 deletions(-) diff --git a/meta-arm/meta-arm/classes/tfm_sign_image.bbclass b/meta-arm/meta-arm/classes/tfm_sign_image.bbclass index 542b708b62..24df76829b 100644 --- a/meta-arm/meta-arm/classes/tfm_sign_image.bbclass +++ b/meta-arm/meta-arm/classes/tfm_sign_image.bbclass @@ -6,28 +6,28 @@ # * Write the signing logic, which may call the function sign_host_image, # described below -inherit python3native deploy +inherit python3native # The output and working directory TFM_IMAGE_SIGN_DIR = "${WORKDIR}/tfm-signed-images" +TFM_IMAGE_SIGN_DEPLOY_DIR = "${WORKDIR}/deploy-tfm-signed-images" +SSTATETASKS += "do_sign_images" +do_sign_images[sstate-inputdirs] = "${TFM_IMAGE_SIGN_DEPLOY_DIR}" +do_sign_images[sstate-outputdirs] = "${DEPLOY_DIR_IMAGE}" +do_sign_images[dirs] = "${TFM_IMAGE_SIGN_DEPLOY_DIR} ${TFM_IMAGE_SIGN_DIR}" +do_sign_images[cleandirs] = "${TFM_IMAGE_SIGN_DEPLOY_DIR} ${TFM_IMAGE_SIGN_DIR}" +do_sign_images[stamp-extra-info] = "${MACHINE_ARCH}" tfm_sign_image_do_sign_images() { : } -addtask sign_images after do_configure before do_compile -do_sign_images[dirs] = "${TFM_IMAGE_SIGN_DIR}" +addtask sign_images after do_prepare_recipe_sysroot before do_image +EXPORT_FUNCTIONS do_sign_images -tfm_sign_image_do_deploy() { - : -} -addtask deploy after do_sign_images - -deploy_signed_images() { - cp ${TFM_IMAGE_SIGN_DIR}/signed_* ${DEPLOYDIR}/ +python do_sign_images_setscene () { + sstate_setscene(d) } -do_deploy[postfuncs] += "deploy_signed_images" - -EXPORT_FUNCTIONS do_sign_images do_deploy +addtask do_sign_images_setscene DEPENDS += "trusted-firmware-m-scripts-native" @@ -35,6 +35,21 @@ DEPENDS += "trusted-firmware-m-scripts-native" # right path until this is relocated automatically. export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules" +# The arguments passed to the TF-M image signing script. Override this variable +# in an image recipe to customize the arguments. +TFM_IMAGE_SIGN_ARGS ?= "\ + -v ${RE_LAYOUT_WRAPPER_VERSION} \ + --layout "${TFM_IMAGE_SIGN_DIR}/${host_binary_layout}" \ + -k "${RECIPE_SYSROOT_NATIVE}/${TFM_SIGN_PRIVATE_KEY}" \ + --public-key-format full \ + --align 1 \ + --pad \ + --pad-header \ + --measured-boot-record \ + -H ${RE_IMAGE_OFFSET} \ + -s auto \ +" + # # sign_host_image # @@ -62,18 +77,10 @@ enum image_attributes { }; EOF - host_binary_signed="${TFM_IMAGE_SIGN_DIR}/signed_$(basename "${1}")" + host_binary_signed="${TFM_IMAGE_SIGN_DEPLOY_DIR}/signed_$(basename "${1}")" ${PYTHON} "${STAGING_LIBDIR_NATIVE}/tfm-scripts/wrapper/wrapper.py" \ - -v ${RE_LAYOUT_WRAPPER_VERSION} \ - --layout "${TFM_IMAGE_SIGN_DIR}/${host_binary_layout}" \ - -k "${RECIPE_SYSROOT_NATIVE}/${TFM_SIGN_PRIVATE_KEY}" \ - --public-key-format full \ - --align 1 \ - --pad \ - --pad-header \ - -H ${RE_IMAGE_OFFSET} \ - -s auto \ + ${TFM_IMAGE_SIGN_ARGS} \ "${1}" \ "${host_binary_signed}" } diff --git a/meta-arm/meta-arm/classes/uefi_capsule.bbclass b/meta-arm/meta-arm/classes/uefi_capsule.bbclass new file mode 100644 index 0000000000..690e7af4c3 --- /dev/null +++ b/meta-arm/meta-arm/classes/uefi_capsule.bbclass @@ -0,0 +1,55 @@ +# This class generates UEFI capsules +# The current class supports generating a capsule with single firmware binary + +DEPENDS += "gettext-native" +inherit python3native + +IMAGE_TYPES += "uefi_capsule" + +# edk2 base tools should be installed in the native sysroot directory +do_image_uefi_capsule[depends] += "edk2-basetools-native:do_populate_sysroot" + +# By default the wic image is used to create a capsule +CAPSULE_IMGTYPE ?= "wic" + +# IMGDEPLOYDIR is used as the default location of firmware binary for which the capsule needs to be created +CAPSULE_IMGLOCATION ?= "${IMGDEPLOYDIR}" + +# The generated capsule by default has uefi.capsule extension +CAPSULE_EXTENSION ?= "uefi.capsule" + +# The following variables must be set to be able to generate a capsule update +UEFI_FIRMWARE_BINARY ?= "" +UEFI_CAPSULE_CONFIG ?= "" + +# Check if the required variables are set +python() { + for var in ["UEFI_FIRMWARE_BINARY", "UEFI_CAPSULE_CONFIG"]: + if not d.getVar(var): + raise bb.parse.SkipRecipe(f"{var} not set") +} + +IMAGE_CMD:uefi_capsule(){ + + # Force the GenerateCapsule script to use python3 + export PYTHON_COMMAND=${PYTHON} + + # Copy the firmware and the capsule config json to current directory + if [ -e ${CAPSULE_IMGLOCATION}/${UEFI_FIRMWARE_BINARY} ]; then + cp ${CAPSULE_IMGLOCATION}/${UEFI_FIRMWARE_BINARY} . ; + fi + + export UEFI_FIRMWARE_BINARY=${UEFI_FIRMWARE_BINARY} + envsubst < ${UEFI_CAPSULE_CONFIG} > ./${MACHINE}-capsule-update-image.json + + ${STAGING_DIR_NATIVE}/usr/bin/edk2-BaseTools/BinWrappers/PosixLike/GenerateCapsule \ + -e -o ${IMGDEPLOYDIR}/${UEFI_FIRMWARE_BINARY}.${CAPSULE_EXTENSION} -j \ + ${MACHINE}-capsule-update-image.json + + # Remove the firmware to avoid contamination of IMGDEPLOYDIR + rm ${UEFI_FIRMWARE_BINARY} + +} + +# The firmware binary should be created before generating the capsule +IMAGE_TYPEDEP:uefi_capsule:append = "${CAPSULE_IMGTYPE}" diff --git a/meta-arm/meta-arm-bsp/classes/wic_nopt.bbclass b/meta-arm/meta-arm/classes/wic_nopt.bbclass index 322be49886..9c78fd77af 100644 --- a/meta-arm/meta-arm-bsp/classes/wic_nopt.bbclass +++ b/meta-arm/meta-arm/classes/wic_nopt.bbclass @@ -1,7 +1,7 @@ # This class removes the empty partition table header # in the WIC file when --no-table WKS option is used -IMAGE_TYPES += "wic.nopt" +IMAGE_TYPES:append = " wic.nopt" CONVERSIONTYPES += "nopt" diff --git a/meta-arm/meta-arm/recipes-bsp/boot-wrapper-aarch64/boot-wrapper-aarch64_git.bb b/meta-arm/meta-arm/recipes-bsp/boot-wrapper-aarch64/boot-wrapper-aarch64_git.bb index 74adaf34f0..cb79069bcf 100644 --- a/meta-arm/meta-arm/recipes-bsp/boot-wrapper-aarch64/boot-wrapper-aarch64_git.bb +++ b/meta-arm/meta-arm/recipes-bsp/boot-wrapper-aarch64/boot-wrapper-aarch64_git.bb @@ -4,7 +4,10 @@ LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=bb63326febfb5fb909226c8e7ebcef5c" SRC_URI = "git://git.kernel.org/pub/scm/linux/kernel/git/mark/boot-wrapper-aarch64.git;branch=master" -SRCREV = "1044c77062573985f7c994c3b6cef5695f57e955" +SRCREV = "d3b1a15d18542b2086e72bfdc3fc43f454772a3b" + +# boot-wrapper doesn't make releases +UPSTREAM_CHECK_COMMITS = "1" PV = "git${SRCPV}" diff --git a/meta-arm/meta-arm/recipes-devtools/fiptool/fiptool-native_2.7.bb b/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/fiptool-native_2.8.bb index 66cf2ced37..578f5a2904 100644 --- a/meta-arm/meta-arm/recipes-devtools/fiptool/fiptool-native_2.7.bb +++ b/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/fiptool-native_2.8.bb @@ -10,8 +10,8 @@ SRC_URI = "${SRC_URI_TRUSTED_FIRMWARE_A};destsuffix=fiptool-${PV};branch=${SRCBR SRCBRANCH = "master" LIC_FILES_CHKSUM = "file://docs/license.rst;md5=b2c740efedc159745b9b31f88ff03dde" -# Use fiptool from TF-A v2.7 -SRCREV = "35f4c7295bafeb32c8bcbdfb6a3f2e74a57e732b" +# Use fiptool from TF-A v2.8 +SRCREV = "9881bb93a3bc0a3ea37e9f093e09ab4b360a9e48" DEPENDS += "openssl-native" diff --git a/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/tf-a-tests_2.7.0.bb b/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/tf-a-tests_2.8.0.bb index 8ded64dd93..0c09499541 100644 --- a/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/tf-a-tests_2.7.0.bb +++ b/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/tf-a-tests_2.8.0.bb @@ -11,7 +11,7 @@ SRC_URI_TRUSTED_FIRMWARE_A_TESTS ?= "git://git.trustedfirmware.org/TF-A/tf-a-tes SRC_URI = "${SRC_URI_TRUSTED_FIRMWARE_A_TESTS};branch=${SRCBRANCH} \ file://tf-a-tests-no-warn-rwx-segments.patch" SRCBRANCH = "master" -SRCREV = "5f591f67738a1bbe6b262c53d9dad46ed8bbcd67" +SRCREV = "f7b3be91ab954c495912fc7bc48383cd83bfec2d" DEPENDS += "optee-os" diff --git a/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.7.0.bb b/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.8.0.bb index 35817c0c28..3a5006e53d 100644 --- a/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.7.0.bb +++ b/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.8.0.bb @@ -1,14 +1,14 @@ require trusted-firmware-a.inc -# TF-A v2.7 -SRCREV_tfa = "35f4c7295bafeb32c8bcbdfb6a3f2e74a57e732b" +# TF-A v2.8 +SRCREV_tfa = "9881bb93a3bc0a3ea37e9f093e09ab4b360a9e48" SRC_URI += "file://rwx-segments.patch" LIC_FILES_CHKSUM += "file://docs/license.rst;md5=b2c740efedc159745b9b31f88ff03dde" -# mbed TLS v2.28.0 +# mbed TLS v2.28.2 SRC_URI_MBEDTLS = "git://github.com/ARMmbed/mbedtls.git;name=mbedtls;protocol=https;destsuffix=git/mbedtls;branch=mbedtls-2.28" -SRCREV_mbedtls = "8b3f26a5ac38d4fdccbc5c5366229f3e01dafcc0" +SRCREV_mbedtls = "89f040a5c938985c5f30728baed21e49d0846a53" LIC_FILES_CHKSUM_MBEDTLS = "file://mbedtls/LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" diff --git a/meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m-1.7.0-src.inc b/meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m-1.7.0-src.inc new file mode 100644 index 0000000000..7d5b4b5392 --- /dev/null +++ b/meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m-1.7.0-src.inc @@ -0,0 +1,41 @@ +# Common src definitions for trusted-firmware-m and trusted-firmware-m-scripts + +LICENSE = "BSD-2-Clause & BSD-3-Clause & Apache-2.0" + +LIC_FILES_CHKSUM = "file://license.rst;md5=07f368487da347f3c7bd0fc3085f3afa \ + file://../tf-m-tests/license.rst;md5=02d06ffb8d9f099ff4961c0cb0183a18 \ + file://../mbedtls/LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57 \ + file://../mcuboot/LICENSE;md5=b6ee33f1d12a5e6ee3de1e82fb51eeb8" + +SRC_URI_TRUSTED_FIRMWARE_M ?= "git://git.trustedfirmware.org/TF-M/trusted-firmware-m.git;protocol=https" +SRC_URI_TRUSTED_FIRMWARE_M_TESTS ?= "git://git.trustedfirmware.org/TF-M/tf-m-tests.git;protocol=https" +SRC_URI_TRUSTED_FIRMWARE_M_MBEDTLS ?= "git://github.com/ARMmbed/mbedtls.git;protocol=https" +SRC_URI_TRUSTED_FIRMWARE_M_MCUBOOT ?= "git://github.com/mcu-tools/mcuboot.git;protocol=https" +SRC_URI_TRUSTED_FIRMWARE_M_QCBOR ?= "git://github.com/laurencelundblade/QCBOR.git;protocol=https" +SRC_URI = "${SRC_URI_TRUSTED_FIRMWARE_M};branch=${SRCBRANCH_tfm};name=tfm;destsuffix=git/tfm \ + ${SRC_URI_TRUSTED_FIRMWARE_M_TESTS};branch=${SRCBRANCH_tfm-tests};name=tfm-tests;destsuffix=git/tf-m-tests \ + ${SRC_URI_TRUSTED_FIRMWARE_M_MBEDTLS};branch=${SRCBRANCH_mbedtls};name=mbedtls;destsuffix=git/mbedtls \ + ${SRC_URI_TRUSTED_FIRMWARE_M_MCUBOOT};branch=${SRCBRANCH_mcuboot};name=mcuboot;destsuffix=git/mcuboot \ + ${SRC_URI_TRUSTED_FIRMWARE_M_QCBOR};branch=${SRCBRANCH_qcbor};name=qcbor;destsuffix=git/qcbor \ + " + +# The required dependencies are documented in tf-m/config/config_default.cmake +# TF-Mv1.7.0 +SRCBRANCH_tfm ?= "master" +SRCREV_tfm = "b725a1346cdb9ec75b1adcdc4c84705881e8fd4e" +# TF-Mv1.7.0 +SRCBRANCH_tfm-tests ?= "master" +SRCREV_tfm-tests = "4c4b58041c6c01670266690538a780b4a23d08b8" +# mbedtls-3.2.1 +SRCBRANCH_mbedtls ?= "master" +SRCREV_mbedtls = "869298bffeea13b205343361b7a7daf2b210e33d" +# v1.9.0 +SRCBRANCH_mcuboot ?= "main" +SRCREV_mcuboot = "c657cbea75f2bb1faf1fceacf972a0537a8d26dd" +# qcbor +SRCBRANCH_qcbor ?= "master" +SRCREV_qcbor = "b0e7033268e88c9f27146fa9a1415ef4c19ebaff" + +SRCREV_FORMAT = "tfm" + +S = "${WORKDIR}/git/tfm" diff --git a/meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m.inc b/meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m.inc new file mode 100644 index 0000000000..9062df8c80 --- /dev/null +++ b/meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m.inc @@ -0,0 +1,118 @@ +# SPDX-License-Identifier: MIT +# +# Copyright (c) 2020 Arm Limited +# + +SUMMARY = "Trusted Firmware for Cortex-M" +DESCRIPTION = "Trusted Firmware-M" +HOMEPAGE = "https://git.trustedfirmware.org/trusted-firmware-m.git" +PROVIDES = "virtual/trusted-firmware-m" + +SRC_URI += "file://rwx.patch" + +UPSTREAM_CHECK_GITTAGREGEX = "^TF-Mv(?P<pver>\d+(\.\d+)+)$" + +# Note to future readers of this recipe: until the CMakeLists don't abuse +# installation (see do_install) there is no point in trying to inherit +# cmake here. You can easily short-circuit the toolchain but the install +# is so convoluted there's no gain. + +inherit python3native deploy + +# Baremetal and we bring a compiler below +INHIBIT_DEFAULT_DEPS = "1" + +PACKAGE_ARCH = "${MACHINE_ARCH}" + +# See tools/requirements.txt for Python dependencies +DEPENDS += "cmake-native \ + ninja-native \ + gcc-arm-none-eabi-native \ + python3-cbor2-native \ + python3-click-native \ + python3-cryptography-native \ + python3-pyasn1-native \ + python3-imgtool-native \ + python3-jinja2-native \ + python3-pyyaml-native \ + python3-pyhsslms-native \ + python3-ecdsa-native \ + python3-kconfiglib-native \ +" + +B = "${WORKDIR}/build" + +# Build for debug (set TFM_DEBUG to 1 to activate) +TFM_DEBUG ?= "0" + +# Platform must be set, ideally in the machine configuration. +TFM_PLATFORM ?= "" +python() { + if not d.getVar("TFM_PLATFORM"): + raise bb.parse.SkipRecipe("TFM_PLATFORM needs to be set") +} + +PACKAGECONFIG ??= "" +# Whether to integrate the test suite +PACKAGECONFIG[test-secure] = "-DTEST_S=ON,-DTEST_S=OFF" +PACKAGECONFIG[test-nonsecure] = "-DTEST_NS=ON,-DTEST_NS=OFF" + +# Currently we only support using the Arm binary GCC +EXTRA_OECMAKE += "-DTFM_TOOLCHAIN_FILE=${S}/toolchain_GNUARM.cmake" + +# Don't let FetchContent download more sources during do_configure +EXTRA_OECMAKE += "-DFETCHCONTENT_FULLY_DISCONNECTED=ON" + +# Add platform parameters +EXTRA_OECMAKE += "-DTFM_PLATFORM=${TFM_PLATFORM}" + +# Handle TFM_DEBUG parameter +EXTRA_OECMAKE += "${@bb.utils.contains('TFM_DEBUG', '1', '-DCMAKE_BUILD_TYPE=Debug', '-DCMAKE_BUILD_TYPE=Release', d)}" + +# Verbose builds +EXTRA_OECMAKE += "-DCMAKE_VERBOSE_MAKEFILE:BOOL=ON" + +EXTRA_OECMAKE += "-DMBEDCRYPTO_PATH=${S}/../mbedtls -DTFM_TEST_REPO_PATH=${S}/../tf-m-tests -DMCUBOOT_PATH=${S}/../mcuboot -DQCBOR_PATH=${S}/../qcbor" + +export CMAKE_BUILD_PARALLEL_LEVEL = "${@oe.utils.parallel_make(d, False)}" + +# Let the Makefile handle setting up the CFLAGS and LDFLAGS as it is a standalone application +CFLAGS[unexport] = "1" +LDFLAGS[unexport] = "1" +AS[unexport] = "1" +LD[unexport] = "1" + +# python3-cryptography needs the legacy provider, so set OPENSSL_MODULES to the +# right path until this is relocated automatically. +export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules" + +do_configure[cleandirs] = "${B}" +do_configure() { + cmake -GNinja -S ${S} -B ${B} ${EXTRA_OECMAKE} ${PACKAGECONFIG_CONFARGS} +} + +# Invoke install here as there's no point in splitting compile from install: the +# first thing the build does is 'install' inside the build tree thus causing a +# rebuild. It also overrides the install prefix to be in the build tree, so you +# can't use the usual install prefix variables. +do_compile() { + cmake --build ${B} -- install +} +do_compile[progress] = "outof:^\[(\d+)/(\d+)\]\s+" + +do_install() { + # TODO install headers and static libraries when we know how they're used + install -d -m 755 ${D}/firmware + install -m 0644 ${B}/bin/* ${D}/firmware/ +} + +FILES:${PN} = "/firmware" +SYSROOT_DIRS += "/firmware" + +addtask deploy after do_install +do_deploy() { + cp -rf ${D}/firmware/* ${DEPLOYDIR}/ +} + +# Build paths are currently embedded +INSANE_SKIP:${PN} += "buildpaths" diff --git a/meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.7.0.bb b/meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.7.0.bb index b4a4c41ff8..32e6ed3417 100644 --- a/meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.7.0.bb +++ b/meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.7.0.bb @@ -1,148 +1,2 @@ -# SPDX-License-Identifier: MIT -# -# Copyright (c) 2020 Arm Limited -# - -SUMMARY = "Trusted Firmware for Cortex-M" -DESCRIPTION = "Trusted Firmware-M" -HOMEPAGE = "https://git.trustedfirmware.org/trusted-firmware-m.git" -PROVIDES = "virtual/trusted-firmware-m" - -LICENSE = "BSD-2-Clause & BSD-3-Clause & Apache-2.0" - -LIC_FILES_CHKSUM = "file://license.rst;md5=07f368487da347f3c7bd0fc3085f3afa \ - file://../tf-m-tests/license.rst;md5=02d06ffb8d9f099ff4961c0cb0183a18 \ - file://../mbedtls/LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57 \ - file://../mcuboot/LICENSE;md5=b6ee33f1d12a5e6ee3de1e82fb51eeb8" - -SRC_URI_TRUSTED_FIRMWARE_M ?= "git://git.trustedfirmware.org/TF-M/trusted-firmware-m.git;protocol=https" -SRC_URI_TRUSTED_FIRMWARE_M_TESTS ?= "git://git.trustedfirmware.org/TF-M/tf-m-tests.git;protocol=https" -SRC_URI_TRUSTED_FIRMWARE_M_MBEDTLS ?= "git://github.com/ARMmbed/mbedtls.git;protocol=https" -SRC_URI_TRUSTED_FIRMWARE_M_MCUBOOT ?= "git://github.com/mcu-tools/mcuboot.git;protocol=https" -SRC_URI_TRUSTED_FIRMWARE_M_QCBOR ?= "git://github.com/laurencelundblade/QCBOR.git;protocol=https" -SRC_URI = "${SRC_URI_TRUSTED_FIRMWARE_M};branch=${SRCBRANCH_tfm};name=tfm;destsuffix=git/tfm \ - ${SRC_URI_TRUSTED_FIRMWARE_M_TESTS};branch=${SRCBRANCH_tfm-tests};name=tfm-tests;destsuffix=git/tf-m-tests \ - ${SRC_URI_TRUSTED_FIRMWARE_M_MBEDTLS};branch=${SRCBRANCH_mbedtls};name=mbedtls;destsuffix=git/mbedtls \ - ${SRC_URI_TRUSTED_FIRMWARE_M_MCUBOOT};branch=${SRCBRANCH_mcuboot};name=mcuboot;destsuffix=git/mcuboot \ - ${SRC_URI_TRUSTED_FIRMWARE_M_QCBOR};branch=${SRCBRANCH_qcbor};name=qcbor;destsuffix=git/qcbor \ - file://rwx.patch \ - " - -# The required dependencies are documented in tf-m/config/config_default.cmake -# TF-Mv1.7.0 -SRCBRANCH_tfm ?= "release/1.7.x" -SRCREV_tfm = "b725a1346cdb9ec75b1adcdc4c84705881e8fd4e" -# mbedtls-3.2.0 -SRCBRANCH_mbedtls ?= "master" -SRCREV_mbedtls = "869298bffeea13b205343361b7a7daf2b210e33d" -# TF-Mv1.6.0 -SRCBRANCH_tfm-tests ?= "release/1.7.x" -SRCREV_tfm-tests = "4972e8df3fcbd386a5b0c18613d8a803f4dda082" -# v1.9.0 -SRCBRANCH_mcuboot ?= "main" -SRCREV_mcuboot = "c657cbea75f2bb1faf1fceacf972a0537a8d26dd" -# qcbor -SRCBRANCH_qcbor ?= "master" -SRCREV_qcbor = "b0e7033268e88c9f27146fa9a1415ef4c19ebaff" - -UPSTREAM_CHECK_GITTAGREGEX = "^TF-Mv(?P<pver>\d+(\.\d+)+)$" - -# Note to future readers of this recipe: until the CMakeLists don't abuse -# installation (see do_install) there is no point in trying to inherit -# cmake here. You can easily short-circuit the toolchain but the install -# is so convoluted there's no gain. - -inherit python3native deploy - -# Baremetal and we bring a compiler below -INHIBIT_DEFAULT_DEPS = "1" - -PACKAGE_ARCH = "${MACHINE_ARCH}" - -DEPENDS += "cmake-native \ - ninja-native \ - gcc-arm-none-eabi-native \ - python3-intelhex-native \ - python3-jinja2-native \ - python3-pyyaml-native \ - python3-click-native \ - python3-cryptography-native \ - python3-cbor2-native" - -S = "${WORKDIR}/git/tfm" -B = "${WORKDIR}/build" - -# Build for debug (set TFM_DEBUG to 1 to activate) -TFM_DEBUG ?= "0" - -# Platform must be set, ideally in the machine configuration. -TFM_PLATFORM ?= "" -python() { - if not d.getVar("TFM_PLATFORM"): - raise bb.parse.SkipRecipe("TFM_PLATFORM needs to be set") -} - -PACKAGECONFIG ??= "" -# Whether to integrate the test suite -PACKAGECONFIG[test-secure] = "-DTEST_S=ON,-DTEST_S=OFF" -PACKAGECONFIG[test-nonsecure] = "-DTEST_NS=ON,-DTEST_NS=OFF" - -# Currently we only support using the Arm binary GCC -EXTRA_OECMAKE += "-DTFM_TOOLCHAIN_FILE=${S}/toolchain_GNUARM.cmake" - -# Don't let FetchContent download more sources during do_configure -EXTRA_OECMAKE += "-DFETCHCONTENT_FULLY_DISCONNECTED=ON" - -# Add platform parameters -EXTRA_OECMAKE += "-DTFM_PLATFORM=${TFM_PLATFORM}" - -# Handle TFM_DEBUG parameter -EXTRA_OECMAKE += "${@bb.utils.contains('TFM_DEBUG', '1', '-DCMAKE_BUILD_TYPE=Debug', '-DCMAKE_BUILD_TYPE=Release', d)}" - -# Verbose builds -EXTRA_OECMAKE += "-DCMAKE_VERBOSE_MAKEFILE:BOOL=ON" - -EXTRA_OECMAKE += "-DMBEDCRYPTO_PATH=${S}/../mbedtls -DTFM_TEST_REPO_PATH=${S}/../tf-m-tests -DMCUBOOT_PATH=${S}/../mcuboot -DQCBOR_PATH=${S}/../qcbor" - -export CMAKE_BUILD_PARALLEL_LEVEL = "${@oe.utils.parallel_make(d, False)}" - -# Let the Makefile handle setting up the CFLAGS and LDFLAGS as it is a standalone application -CFLAGS[unexport] = "1" -LDFLAGS[unexport] = "1" -AS[unexport] = "1" -LD[unexport] = "1" - -# python3-cryptography needs the legacy provider, so set OPENSSL_MODULES to the -# right path until this is relocated automatically. -export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules" - -do_configure[cleandirs] = "${B}" -do_configure() { - cmake -GNinja -S ${S} -B ${B} ${EXTRA_OECMAKE} ${PACKAGECONFIG_CONFARGS} -} - -# Invoke install here as there's no point in splitting compile from install: the -# first thing the build does is 'install' inside the build tree thus causing a -# rebuild. It also overrides the install prefix to be in the build tree, so you -# can't use the usual install prefix variables. -do_compile() { - cmake --build ${B} -- install -} -do_compile[progress] = "outof:^\[(\d+)/(\d+)\]\s+" - -do_install() { - # TODO install headers and static libraries when we know how they're used - install -d -m 755 ${D}/firmware - install -m 0644 ${B}/bin/* ${D}/firmware/ -} - -FILES:${PN} = "/firmware" -SYSROOT_DIRS += "/firmware" - -addtask deploy after do_install -do_deploy() { - cp -rf ${D}/firmware/* ${DEPLOYDIR}/ -} - -# Build paths are currently embedded -INSANE_SKIP:${PN} += "buildpaths" +require recipes-bsp/trusted-firmware-m/trusted-firmware-m-1.7.0-src.inc +require recipes-bsp/trusted-firmware-m/trusted-firmware-m.inc diff --git a/meta-arm/meta-arm/recipes-bsp/uefi/sbsa-acs/0001-Fix-for-issue-245.patch b/meta-arm/meta-arm/recipes-bsp/uefi/sbsa-acs/0001-Fix-for-issue-245.patch new file mode 100644 index 0000000000..42bdf7d40e --- /dev/null +++ b/meta-arm/meta-arm/recipes-bsp/uefi/sbsa-acs/0001-Fix-for-issue-245.patch @@ -0,0 +1,46 @@ +From 096150fa19014b397a5d8f8d774bb8236ac37679 Mon Sep 17 00:00:00 2001 +From: Shyamanth RH <shyamanth.rh@arm.com> +Date: Wed, 4 Jan 2023 13:08:35 +0530 +Subject: [PATCH] Fix for issue #245 + +* The change fixes the build issue observed in GCC 12.XX. +* Looks like GCC is confusing label to a local variable and hence triggers dangling-pointer error when a label addres is assigned to a pointer. +* Changed branch_to_test from void * pointer to uint64_t datatype since we just need the retrun address of the label while updating the ELR. This should suppress the dangling-pinter warning thrown by GCC 12.XX + +Signed-off-by: Shyamanth RH <shyamanth.rh@arm.com> +Upstream-Status: Backport +--- + test_pool/peripherals/test_d003.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/test_pool/peripherals/test_d003.c b/test_pool/peripherals/test_d003.c +index 9f36e1f..0658a45 100755 +--- a/test_pool/peripherals/test_d003.c ++++ b/test_pool/peripherals/test_d003.c +@@ -30,7 +30,7 @@ + + static uint64_t l_uart_base; + static uint32_t int_id; +-static void *branch_to_test; ++static uint64_t branch_to_test; + static uint32_t test_fail; + + static +@@ -40,7 +40,7 @@ esr(uint64_t interrupt_type, void *context) + uint32_t index = val_pe_get_index_mpid(val_pe_get_mpid()); + + /* Update the ELR to point to next instrcution */ +- val_pe_update_elr(context, (uint64_t)branch_to_test); ++ val_pe_update_elr(context, branch_to_test); + + val_print(AVS_PRINT_ERR, "\n Error : Received Sync Exception type %d", interrupt_type); + val_set_status(index, RESULT_FAIL(g_sbsa_level, TEST_NUM, 01)); +@@ -150,7 +150,7 @@ payload(void) + val_pe_install_esr(EXCEPT_AARCH64_SYNCHRONOUS_EXCEPTIONS, esr); + val_pe_install_esr(EXCEPT_AARCH64_SERROR, esr); + +- branch_to_test = &&exception_taken; ++ branch_to_test = (uint64_t)&&exception_taken; + + if (count == 0) { + val_print(AVS_PRINT_WARN, "\n No UART defined by Platform ", 0); diff --git a/meta-arm/meta-arm/recipes-bsp/uefi/sbsa-acs/enum-int-mismatch.patch b/meta-arm/meta-arm/recipes-bsp/uefi/sbsa-acs/0001-Fix-function-protype-mismatches.patch index 29b2e2f357..f60391447d 100644 --- a/meta-arm/meta-arm/recipes-bsp/uefi/sbsa-acs/enum-int-mismatch.patch +++ b/meta-arm/meta-arm/recipes-bsp/uefi/sbsa-acs/0001-Fix-function-protype-mismatches.patch @@ -1,27 +1,38 @@ -Fix function protype mismatches +From df6006190f112a4ecc54ed0a35d3ea83a2350c73 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Thu, 2 Feb 2023 17:37:52 -0800 +Subject: [PATCH] Fix function protype mismatches These are flagged by gcc13 avs_gic.c:241:1: error: conflicting types for 'val_gic_get_info' due to enum/integer mismatch; have 'uint32_t(uint32_t)' {aka 'unsigned int(unsigned int)'} [-Werror=enum-int-mismatch] | 241 | val_gic_get_info(uint32_t type) | | ^~~~~~~~~~~~~~~~ -Upstream-Status: Submitted [https://github.com/ARM-software/sbsa-acs/pull/291] Signed-off-by: Khem Raj <raj.khem@gmail.com> +Upstream-Status: Backport +--- + val/include/val_interface.h | 2 +- + val/src/avs_gic.c | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) ---- a/ShellPkg/Application/sbsa-acs/val/include/val_interface.h -+++ b/ShellPkg/Application/sbsa-acs/val/include/val_interface.h -@@ -155,7 +155,7 @@ typedef enum { +diff --git a/val/include/val_interface.h b/val/include/val_interface.h +index 053fdfa..8814b41 100644 +--- a/val/include/val_interface.h ++++ b/val/include/val_interface.h +@@ -181,7 +181,7 @@ typedef enum { void val_wd_create_info_table(uint64_t *wd_info_table); void val_wd_free_info_table(void); uint32_t val_wd_execute_tests(uint32_t level, uint32_t num_pe); -uint64_t val_wd_get_info(uint32_t index, uint32_t info_type); +uint64_t val_wd_get_info(uint32_t index, WD_INFO_TYPE_e info_type); uint32_t val_wd_set_ws0(uint32_t index, uint32_t timeout); + uint64_t val_get_counter_frequency(void); - ---- a/ShellPkg/Application/sbsa-acs/val/src/avs_gic.c -+++ b/ShellPkg/Application/sbsa-acs/val/src/avs_gic.c -@@ -238,7 +238,7 @@ val_get_cpuif_base(void) +diff --git a/val/src/avs_gic.c b/val/src/avs_gic.c +index b37f106..1146a01 100644 +--- a/val/src/avs_gic.c ++++ b/val/src/avs_gic.c +@@ -249,7 +249,7 @@ val_get_cpuif_base(void) @return 32-bit data **/ uint32_t diff --git a/meta-arm/meta-arm/recipes-bsp/uefi/sbsa-acs/0001-Revert-peripheral-test-3-updated-for-multiple-uarts.patch b/meta-arm/meta-arm/recipes-bsp/uefi/sbsa-acs/0001-Revert-peripheral-test-3-updated-for-multiple-uarts.patch deleted file mode 100644 index 13faefb85f..0000000000 --- a/meta-arm/meta-arm/recipes-bsp/uefi/sbsa-acs/0001-Revert-peripheral-test-3-updated-for-multiple-uarts.patch +++ /dev/null @@ -1,204 +0,0 @@ -Revert "peripheral test 3 updated for multiple uarts" - -This reverts commit 037be14cc1f149cdb25e754358de7b9066581d1c. - -Working around issue in the latest GCC of: -ShellPkg/Application/sbsa-acs/test_pool/peripherals/test_d003.c:172:18: error: storing the address of local variable 'exception_taken' in 'branch_to_test' [-Werror=dangling-pointer=] - -Upstream-Status: Inappropriate [Problem reported, https://github.com/ARM-software/sbsa-acs/issues/245] -Signed-off-by: Jon Mason <jon.mason@arm.com> - -diff --git a/test_pool/peripherals/test_d003.c b/test_pool/peripherals/test_d003.c -index 68902ad..4858049 100755 ---- a/test_pool/peripherals/test_d003.c -+++ b/test_pool/peripherals/test_d003.c -@@ -17,7 +17,6 @@ - - #include "val/include/sbsa_avs_val.h" - #include "val/include/val_interface.h" --#include "val/include/sbsa_avs_pe.h" - - #include "val/include/sbsa_avs_peripherals.h" - #include "val/include/sbsa_avs_gic.h" -@@ -25,26 +24,11 @@ - #define TEST_NUM (AVS_PER_TEST_NUM_BASE + 3) - /*one space character is removed from TEST_DESC, to nullify a space written as part of the test */ - #define TEST_DESC "Check SBSA UART register offsets " --#define TEST_NUM1 (AVS_PER_TEST_NUM_BASE + 4) -+#define TEST_NUM2 (AVS_PER_TEST_NUM_BASE + 4) - #define TEST_DESC1 "Check Generic UART Interrupt " - --static uint64_t l_uart_base; -+uint64_t l_uart_base; - static uint32_t int_id; --static void *branch_to_test; --static uint32_t test_fail; -- --static --void --esr(uint64_t interrupt_type, void *context) --{ -- uint32_t index = val_pe_get_index_mpid(val_pe_get_mpid()); -- -- /* Update the ELR to point to next instrcution */ -- val_pe_update_elr(context, (uint64_t)branch_to_test); -- -- val_print(AVS_PRINT_ERR, "\n Error : Received Sync Exception ", 0); -- val_set_status(index, RESULT_FAIL(g_sbsa_level, TEST_NUM, 01)); --} - - uint32_t - uart_reg_read(uint32_t offset, uint32_t width_mask) -@@ -115,7 +99,7 @@ isr() - uint32_t index = val_pe_get_index_mpid(val_pe_get_mpid()); - uart_disable_txintr(); - val_print(AVS_PRINT_DEBUG, "\n Received interrupt ", 0); -- val_set_status(index, RESULT_PASS(g_sbsa_level, TEST_NUM1, 01)); -+ val_set_status(index, RESULT_PASS(g_sbsa_level, TEST_NUM, 0x01)); - val_gic_end_of_interrupt(int_id); - } - -@@ -166,14 +150,9 @@ payload() - uint32_t index = val_pe_get_index_mpid(val_pe_get_mpid()); - uint32_t data1, data2; - -- val_pe_install_esr(EXCEPT_AARCH64_SYNCHRONOUS_EXCEPTIONS, esr); -- val_pe_install_esr(EXCEPT_AARCH64_SERROR, esr); -- -- branch_to_test = &&exception_taken; -- - if (count == 0) { - val_print(AVS_PRINT_WARN, "\n No UART defined by Platform ", 0); -- val_set_status(index, RESULT_FAIL(g_sbsa_level, TEST_NUM, 01)); -+ val_set_status(index, RESULT_SKIP(g_sbsa_level, TEST_NUM, 01)); - return; - } - -@@ -213,7 +192,6 @@ payload() - - count--; - } --exception_taken: - return; - } - -@@ -223,49 +201,40 @@ payload1() - { - uint32_t count = val_peripheral_get_info(NUM_UART, 0); - uint32_t index = val_pe_get_index_mpid(val_pe_get_mpid()); -- uint32_t timeout; -+ uint32_t timeout = TIMEOUT_MEDIUM; - - if (count == 0) { -- val_set_status(index, RESULT_SKIP(g_sbsa_level, TEST_NUM1, 01)); -+ val_set_status(index, RESULT_SKIP(g_sbsa_level, TEST_NUM2, 01)); - return; - } - - while (count != 0) { -- timeout = TIMEOUT_MEDIUM; -+ - int_id = val_peripheral_get_info(UART_GSIV, count - 1); -- l_uart_base = val_peripheral_get_info(UART_BASE0, count - 1); - - /* If Interrupt ID is available, check for interrupt generation */ - if (int_id != 0x0) { - /* PASS will be set from ISR */ -- val_set_status(index, RESULT_PENDING(g_sbsa_level, TEST_NUM1)); -- if (val_gic_install_isr(int_id, isr)) { -- val_print(AVS_PRINT_ERR, "\n GIC Install Handler Fail", 0); -- val_set_status(index, RESULT_FAIL(g_sbsa_level, TEST_NUM1, 01)); -- return; -- } -+ val_set_status(index, RESULT_PENDING(g_sbsa_level, TEST_NUM2)); -+ val_gic_install_isr(int_id, isr); - uart_enable_txintr(); -- val_print_raw(l_uart_base, g_print_level, -- "\n Test Message ", 0); -+ val_print_raw(g_print_level, "\n Test Message ", 0); - -- while ((--timeout > 0) && (IS_RESULT_PENDING(val_get_status(index)))){ -- }; -+ while ((--timeout > 0) && (IS_RESULT_PENDING(val_get_status(index)))); - - if (timeout == 0) { - val_print(AVS_PRINT_ERR, -- "\n Did not receive UART interrupt %d ", int_id); -- test_fail++; -+ "\n Did not receive UART interrupt on %d ", int_id); -+ val_set_status(index, RESULT_FAIL(g_sbsa_level, TEST_NUM2, 02)); -+ return; - } - } else { -- val_set_status(index, RESULT_SKIP(g_sbsa_level, TEST_NUM1, 02)); -+ val_set_status(index, RESULT_SKIP(g_sbsa_level, TEST_NUM2, 01)); - } - - count--; - } -- if (test_fail) -- val_set_status(index, RESULT_FAIL(g_sbsa_level, TEST_NUM1, 02)); -- else -- val_set_status(index, RESULT_PASS(g_sbsa_level, TEST_NUM1, 02)); -+ return; - } - - -@@ -290,13 +259,13 @@ d003_entry(uint32_t num_pe) - val_report_status(0, SBSA_AVS_END(g_sbsa_level, TEST_NUM)); - - if (!status) { -- status = val_initialize_test(TEST_NUM1, TEST_DESC1, val_pe_get_num(), g_sbsa_level); -+ status = val_initialize_test(TEST_NUM2, TEST_DESC1, val_pe_get_num(), g_sbsa_level); - if (status != AVS_STATUS_SKIP) -- val_run_test_payload(TEST_NUM1, num_pe, payload1, 0); -+ val_run_test_payload(TEST_NUM2, num_pe, payload1, 0); - - /* get the result from all PE and check for failure */ -- status = val_check_for_error(TEST_NUM1, num_pe); -- val_report_status(0, SBSA_AVS_END(g_sbsa_level, TEST_NUM1)); -+ status = val_check_for_error(TEST_NUM2, num_pe); -+ val_report_status(0, SBSA_AVS_END(g_sbsa_level, TEST_NUM2)); - } - - -diff --git a/val/include/val_interface.h b/val/include/val_interface.h -index c03edb7..0997c64 100644 ---- a/val/include/val_interface.h -+++ b/val/include/val_interface.h -@@ -44,8 +44,7 @@ - void val_allocate_shared_mem(void); - void val_free_shared_mem(void); - void val_print(uint32_t level, char8_t *string, uint64_t data); --void val_print_raw(uint64_t uart_address, uint32_t level, char8_t *string, -- uint64_t data); -+void val_print_raw(uint32_t level, char8_t *string, uint64_t data); - void val_print_test_end(uint32_t status, char8_t *string); - void val_set_test_data(uint32_t index, uint64_t addr, uint64_t test_data); - void val_get_test_data(uint32_t index, uint64_t *data0, uint64_t *data1); -diff --git a/val/src/avs_test_infra.c b/val/src/avs_test_infra.c -index 4d4e80b..a39e85b 100644 ---- a/val/src/avs_test_infra.c -+++ b/val/src/avs_test_infra.c -@@ -65,7 +65,6 @@ val_print_test_end(uint32_t status, char8_t *string) - 1. Caller - Application layer - 2. Prerequisite - None. - -- @param uart_address address of uart to be used - @param level the print verbosity (1 to 5) - @param string formatted ASCII string - @param data 64-bit data. set to 0 if no data is to sent to console. -@@ -73,11 +72,11 @@ val_print_test_end(uint32_t status, char8_t *string) - @return None - **/ - void --val_print_raw(uint64_t uart_address, uint32_t level, char8_t *string, -- uint64_t data) -+val_print_raw(uint32_t level, char8_t *string, uint64_t data) - { - - if (level >= g_print_level){ -+ uint64_t uart_address = val_peripheral_get_info(UART_BASE0, 0); - pal_print_raw(uart_address, string, data); - } - diff --git a/meta-arm/meta-arm/recipes-bsp/uefi/sbsa-acs/shell.patch b/meta-arm/meta-arm/recipes-bsp/uefi/sbsa-acs/shell.patch index 95b3bfa449..0c784c6fb5 100644 --- a/meta-arm/meta-arm/recipes-bsp/uefi/sbsa-acs/shell.patch +++ b/meta-arm/meta-arm/recipes-bsp/uefi/sbsa-acs/shell.patch @@ -1,13 +1,20 @@ -Patch in the paths to the SBSA test suite +From 90d705333521dd85720a17a29abf1aff1612c917 Mon Sep 17 00:00:00 2001 +From: Ross Burton <ross.burton@arm.com> +Date: Thu, 16 Feb 2023 21:53:25 +0000 +Subject: [PATCH] Patch in the paths to the SBSA test suite Upstream-Status: Inappropriate (required action) Signed-off-by: Ross Burton <ross.burton@arm.com> +--- + ShellPkg/ShellPkg.dsc | 3 +++ + 1 file changed, 3 insertions(+) + diff --git a/ShellPkg/ShellPkg.dsc b/ShellPkg/ShellPkg.dsc -index 38fde3dc71..7240a6b5f7 100644 +index dd0d88603f..7367c052fc 100644 --- a/ShellPkg/ShellPkg.dsc +++ b/ShellPkg/ShellPkg.dsc -@@ -22,6 +22,8 @@ +@@ -23,6 +23,8 @@ !include MdePkg/MdeLibs.dsc.inc
[LibraryClasses.common]
@@ -16,7 +23,7 @@ index 38fde3dc71..7240a6b5f7 100644 UefiApplicationEntryPoint|MdePkg/Library/UefiApplicationEntryPoint/UefiApplicationEntryPoint.inf
UefiDriverEntryPoint|MdePkg/Library/UefiDriverEntryPoint/UefiDriverEntryPoint.inf
UefiBootServicesTableLib|MdePkg/Library/UefiBootServicesTableLib/UefiBootServicesTableLib.inf
-@@ -87,6 +89,7 @@ +@@ -88,6 +90,7 @@ # Build all the libraries when building this package.
# This helps developers test changes and how they affect the package.
#
@@ -24,6 +31,3 @@ index 38fde3dc71..7240a6b5f7 100644 ShellPkg/Library/UefiShellLib/UefiShellLib.inf
ShellPkg/Library/UefiShellAcpiViewCommandLib/UefiShellAcpiViewCommandLib.inf
ShellPkg/Library/UefiShellCommandLib/UefiShellCommandLib.inf
--- -2.30.2 - diff --git a/meta-arm/meta-arm/recipes-bsp/uefi/sbsa-acs/use_bfd_linker.patch b/meta-arm/meta-arm/recipes-bsp/uefi/sbsa-acs/use_bfd_linker.patch index 9c8ce5dcf4..f0b1ac17d3 100644 --- a/meta-arm/meta-arm/recipes-bsp/uefi/sbsa-acs/use_bfd_linker.patch +++ b/meta-arm/meta-arm/recipes-bsp/uefi/sbsa-acs/use_bfd_linker.patch @@ -15,7 +15,7 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com> 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/BaseTools/Conf/tools_def.template b/BaseTools/Conf/tools_def.template -index 5ed19810b7..e08e6b4ff4 100755 +index 9b4f173519..ea78e81d31 100755 --- a/BaseTools/Conf/tools_def.template +++ b/BaseTools/Conf/tools_def.template @@ -1856,7 +1856,7 @@ DEFINE GCC_ARM_CC_XIPFLAGS = -mno-unaligned-access @@ -27,6 +27,3 @@ index 5ed19810b7..e08e6b4ff4 100755 DEFINE GCC_IA32_X64_DLINK_COMMON = DEF(GCC_DLINK_FLAGS_COMMON) --gc-sections
DEFINE GCC_ARM_AARCH64_DLINK_COMMON= -Wl,--emit-relocs -nostdlib -Wl,--gc-sections -u $(IMAGE_ENTRY_POINT) -Wl,-e,$(IMAGE_ENTRY_POINT),-Map,$(DEST_DIR_DEBUG)/$(BASE_NAME).map
DEFINE GCC_ARM_DLINK_FLAGS = DEF(GCC_ARM_AARCH64_DLINK_COMMON) -z common-page-size=0x20 -Wl,--pic-veneer
--- -2.30.2 - diff --git a/meta-arm/meta-arm/recipes-bsp/uefi/sbsa-acs_1.0.bb b/meta-arm/meta-arm/recipes-bsp/uefi/sbsa-acs_6.1.0.bb index 8c0473a783..6ef4f6ce09 100644 --- a/meta-arm/meta-arm/recipes-bsp/uefi/sbsa-acs_1.0.bb +++ b/meta-arm/meta-arm/recipes-bsp/uefi/sbsa-acs_6.1.0.bb @@ -8,12 +8,13 @@ SRC_URI += "git://github.com/ARM-software/sbsa-acs;destsuffix=edk2/ShellPkg/Appl git://github.com/tianocore/edk2-libc;destsuffix=edk2/edk2-libc;protocol=https;branch=master;name=libc \ file://shell.patch \ file://use_bfd_linker.patch \ - file://enum-int-mismatch.patch \ - file://0001-Revert-peripheral-test-3-updated-for-multiple-uarts.patch;patchdir=ShellPkg/Application/sbsa-acs \ + file://0001-Fix-function-protype-mismatches.patch;patchdir=ShellPkg/Application/sbsa-acs \ + file://0001-Fix-for-issue-245.patch;patchdir=ShellPkg/Application/sbsa-acs \ " -SRCREV_acs = "28ecef569303af18b571ff3d66bbdcb6135eaed8" -SRCREV_libc = "c32222fed9927420fc46da503dea1ebb874698b6" + +SRCREV_acs = "7d7a3fe81ad7e6f05143ba17db50107f1ab6c9cd" +SRCREV_libc = "a806ea1062c254bd6e09db7d0f7beb4d14bc3ed0" # GCC12 trips on it #see https://src.fedoraproject.org/rpms/edk2/blob/rawhide/f/0032-Basetools-turn-off-gcc12-warning.patch diff --git a/meta-arm/meta-arm/recipes-devtools/edk2-basetools/edk2-basetools-native_202211.bb b/meta-arm/meta-arm/recipes-devtools/edk2-basetools/edk2-basetools-native_202211.bb new file mode 100644 index 0000000000..6a59c22cab --- /dev/null +++ b/meta-arm/meta-arm/recipes-devtools/edk2-basetools/edk2-basetools-native_202211.bb @@ -0,0 +1,24 @@ +# Install EDK2 Base Tools in native sysroot. Currently the BaseTools are not +# built, they are just copied to native sysroot. This is sufficient for +# generating UEFI capsules as it only depends on some python scripts. Other +# tools need to be built first before adding to sysroot. + +SUMMARY = "EDK2 Base Tools" +LICENSE = "BSD-2-Clause-Patent" + +# EDK2 +SRC_URI = "git://github.com/tianocore/edk2.git;branch=master;protocol=https" +LIC_FILES_CHKSUM = "file://License.txt;md5=2b415520383f7964e96700ae12b4570a" + +SRCREV = "fff6d81270b57ee786ea18ad74f43149b9f03494" + +S = "${WORKDIR}/git" + +inherit native + +RDEPENDS:${PN} += "python3-core" + +do_install () { + mkdir -p ${D}${bindir}/edk2-BaseTools + cp -r ${WORKDIR}/git/BaseTools/* ${D}${bindir}/edk2-BaseTools/ +} diff --git a/meta-arm/meta-arm/recipes-devtools/gn/gn_git.bb b/meta-arm/meta-arm/recipes-devtools/gn/gn_git.bb index 521e33e9ae..20832016ab 100644 --- a/meta-arm/meta-arm/recipes-devtools/gn/gn_git.bb +++ b/meta-arm/meta-arm/recipes-devtools/gn/gn_git.bb @@ -6,7 +6,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=0fca02217a5d49a14dfe2d11837bb34d" SRC_URI = "git://gn.googlesource.com/gn;protocol=https;branch=main \ file://0001-Replace-lstat64-stat64-functions-on-linux.patch" -SRCREV = "bf4e17dc67b2a2007475415e3f9e1d1cf32f6e35" +SRCREV = "edf6ef4b06b42c58292faea78498aff76bdf68ed" PV = "0+git${SRCPV}" S = "${WORKDIR}/git" diff --git a/meta-arm/meta-arm/recipes-devtools/opencsd/opencsd_1.3.1.bb b/meta-arm/meta-arm/recipes-devtools/opencsd/opencsd_1.4.0.bb index 1c1abaa78e..59c4f9cad5 100644 --- a/meta-arm/meta-arm/recipes-devtools/opencsd/opencsd_1.3.1.bb +++ b/meta-arm/meta-arm/recipes-devtools/opencsd/opencsd_1.4.0.bb @@ -4,7 +4,7 @@ LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=ad8cb685eb324d2fa2530b985a43f3e5" SRC_URI = "git://github.com/Linaro/OpenCSD;protocol=https;branch=master" -SRCREV = "8dab50c35c8d181fc3ed6ad46e156398447d753f" +SRCREV = "78ce8ef47c55a489b0ca575b981cd4856d03f44b" S = "${WORKDIR}/git" diff --git a/meta-arm/meta-arm/recipes-devtools/python/python3-pyhsslms_1.1.1.bb b/meta-arm/meta-arm/recipes-devtools/python/python3-pyhsslms_1.1.1.bb new file mode 100644 index 0000000000..6012ab2d6c --- /dev/null +++ b/meta-arm/meta-arm/recipes-devtools/python/python3-pyhsslms_1.1.1.bb @@ -0,0 +1,10 @@ +SUMMARY = "Pure-Python implementation of HSS/LMS Digital Signatures (RFC 8554)" +HOMEPAGE ="https://pypi.org/project/pyhsslms" +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=58f6f7065b99f9d01d56e759256a6f1b" + +inherit pypi python_setuptools_build_meta +PYPI_PACKAGE = "pyhsslms" +SRC_URI[sha256sum] = "58bf03e34c6f9d5a3cfd77875d0a1356d4f23d7ad6ffd129b1e60de1208db753" + +BBCLASSEXTEND = "native nativesdk" diff --git a/meta-arm/meta-arm/recipes-devtools/trusted-firmware-m-scripts/trusted-firmware-m-scripts-native.inc b/meta-arm/meta-arm/recipes-devtools/trusted-firmware-m-scripts/trusted-firmware-m-scripts-native.inc new file mode 100644 index 0000000000..afe655f845 --- /dev/null +++ b/meta-arm/meta-arm/recipes-devtools/trusted-firmware-m-scripts/trusted-firmware-m-scripts-native.inc @@ -0,0 +1,25 @@ +SUMMARY = "Trusted Firmware image signing scripts" +DESCRIPTION = "Trusted Firmware-M image signing scripts" +HOMEPAGE = "https://git.trustedfirmware.org/trusted-firmware-m.git" + +inherit native + +# See bl2/ext/mcuboot/scripts/requirements.txt +RDEPENDS:${PN} = "\ + python3-cryptography-native \ + python3-pyasn1-native \ + python3-pyyaml-native \ + python3-cbor2-native \ + python3-imgtool-native \ + python3-click-native \ +" + +do_configure[noexec] = "1" +do_compile[noexec] = "1" + +do_install() { + install -d ${D}/${libdir} + cp -rf ${S}/bl2/ext/mcuboot/scripts/ ${D}/${libdir}/tfm-scripts + cp -rf ${S}/bl2/ext/mcuboot/*.pem ${D}/${libdir}/tfm-scripts +} +FILES:${PN} = "${libdir}/tfm-scripts" diff --git a/meta-arm/meta-arm/recipes-devtools/trusted-firmware-m-scripts/trusted-firmware-m-scripts-native_1.6.0.bb b/meta-arm/meta-arm/recipes-devtools/trusted-firmware-m-scripts/trusted-firmware-m-scripts-native_1.6.0.bb deleted file mode 100644 index 217f08a61c..0000000000 --- a/meta-arm/meta-arm/recipes-devtools/trusted-firmware-m-scripts/trusted-firmware-m-scripts-native_1.6.0.bb +++ /dev/null @@ -1,25 +0,0 @@ - -SRC_URI_TRUSTED_FIRMWARE_M ?= "git://git.trustedfirmware.org/TF-M/trusted-firmware-m.git;protocol=https" -SRC_URI = "${SRC_URI_TRUSTED_FIRMWARE_M};branch=${SRCBRANCH}" -# Use the wrapper script from TF-Mv1.6.0 -SRCBRANCH ?= "release/1.6.x" -SRCREV = "7387d88158701a3c51ad51c90a05326ee12847a8" - -LICENSE = "BSD-3-Clause" -LIC_FILES_CHKSUM = "file://license.rst;md5=07f368487da347f3c7bd0fc3085f3afa" - -S = "${WORKDIR}/git" - -inherit native - -RDEPENDS:${PN} = "python3-imgtool-native python3-click-native" - -do_configure[noexec] = "1" -do_compile[noexec] = "1" - -do_install() { - install -d ${D}/${libdir} - cp -rf ${S}/bl2/ext/mcuboot/scripts/ ${D}/${libdir}/tfm-scripts - cp -rf ${S}/bl2/ext/mcuboot/*.pem ${D}/${libdir}/tfm-scripts -} -FILES:${PN} = "${libdir}/tfm-scripts" diff --git a/meta-arm/meta-arm/recipes-devtools/trusted-firmware-m-scripts/trusted-firmware-m-scripts-native_1.7.0.bb b/meta-arm/meta-arm/recipes-devtools/trusted-firmware-m-scripts/trusted-firmware-m-scripts-native_1.7.0.bb new file mode 100644 index 0000000000..2e9e5249c4 --- /dev/null +++ b/meta-arm/meta-arm/recipes-devtools/trusted-firmware-m-scripts/trusted-firmware-m-scripts-native_1.7.0.bb @@ -0,0 +1,2 @@ +require recipes-bsp/trusted-firmware-m/trusted-firmware-m-1.7.0-src.inc +require recipes-devtools/trusted-firmware-m-scripts/trusted-firmware-m-scripts-native.inc diff --git a/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto_5.19%.bbappend b/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto_5.19%.bbappend deleted file mode 100644 index 7dec2f5c9f..0000000000 --- a/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto_5.19%.bbappend +++ /dev/null @@ -1,9 +0,0 @@ -# enable arm_ffa regardless on 5.19 -SRC_URI:append:qemuarm = " \ - file://tee.cfg \ - file://arm-ffa-transport.cfg \ -" -SRC_URI:append:qemuarm64 = " \ - file://tee.cfg \ - file://arm-ffa-transport.cfg \ -" diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.19.0/0008-no-warn-rwx-segments.patch b/meta-arm/meta-arm/recipes-security/optee/optee-os-3.19.0/0008-no-warn-rwx-segments.patch index 2dc797b36f..64a3d7e5bc 100644 --- a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.19.0/0008-no-warn-rwx-segments.patch +++ b/meta-arm/meta-arm/recipes-security/optee/optee-os-3.19.0/0008-no-warn-rwx-segments.patch @@ -1,3 +1,24 @@ +From cf2a2451f4e9300532d677bb3a8315494a3b3a82 Mon Sep 17 00:00:00 2001 +From: Jerome Forissier <jerome.forissier@linaro.org> +Date: Fri, 5 Aug 2022 09:48:03 +0200 +Subject: [PATCH] core: link: add --no-warn-rwx-segments + +Signed-off-by: Anton Antonov <Anton.Antonov@arm.com> +Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/pull/5474] + +binutils ld.bfd generates one RWX LOAD segment by merging several sections +with mixed R/W/X attributes (.text, .rodata, .data). After version 2.38 it +also warns by default when that happens [1], which breaks the build due to +--fatal-warnings. The RWX segment is not a problem for the TEE core, since +that information is not used to set memory permissions. Therefore, silence +the warning. + +Link: [1] https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=ba951afb99912da01a6e8434126b8fac7aa75107 +Link: https://sourceware.org/bugzilla/show_bug.cgi?id=29448 +Reported-by: Dominique Martinet <dominique.martinet@atmark-techno.com> +Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org> +Acked-by: Jens Wiklander <jens.wiklander@linaro.org> + diff --git a/core/arch/arm/kernel/link.mk b/core/arch/arm/kernel/link.mk index 0e96e606c..3fbcb6804 100644 --- a/core/arch/arm/kernel/link.mk diff --git a/meta-arm/scripts/machine-summary.py b/meta-arm/scripts/machine-summary.py index 8bd0fa789b..0f5d1d99e8 100755 --- a/meta-arm/scripts/machine-summary.py +++ b/meta-arm/scripts/machine-summary.py @@ -145,6 +145,10 @@ recipes = ("virtual/kernel", "edk2-firmware", "u-boot", "optee-os", + "hafnium", + "boot-wrapper-aarch64", + "gator-daemon", + "opencsd", "gcc-aarch64-none-elf-native", "gcc-arm-none-eabi-native") diff --git a/meta-raspberrypi/recipes-kernel/linux-firmware-rpidistro/linux-firmware-rpidistro_git.bb b/meta-raspberrypi/recipes-kernel/linux-firmware-rpidistro/linux-firmware-rpidistro_git.bb index f491241d77..653f6e0705 100644 --- a/meta-raspberrypi/recipes-kernel/linux-firmware-rpidistro/linux-firmware-rpidistro_git.bb +++ b/meta-raspberrypi/recipes-kernel/linux-firmware-rpidistro/linux-firmware-rpidistro_git.bb @@ -50,6 +50,10 @@ do_install() { ln -s brcmfmac43455-sdio.txt ${D}${nonarch_base_libdir}/firmware/brcm/brcmfmac43455-sdio.raspberrypi,4-compute-module.txt # brcmfmac mmc1:0001:1: Direct firmware load for brcm/brcmfmac43455-sdio.raspberrypi,4-model-b.bin failed with error -2 ln -s brcmfmac43455-sdio.bin ${D}${nonarch_base_libdir}/firmware/brcm/brcmfmac43455-sdio.raspberrypi,4-model-b.bin + # brcmfmac mmc1:0001:1: Direct firmware load for brcm/brcmfmac43430-sdio.raspberrypi,model-zero-w.bin failed with error -2 + ln -s brcmfmac43430-sdio.bin ${D}${nonarch_base_libdir}/firmware/brcm/brcmfmac43430-sdio.raspberrypi,model-zero-w.bin + # brcmfmac mmc1:0001:1: Direct firmware load for brcm/brcmfmac43430-sdio.raspberrypi,3-model-b.bin failed with error -2 + ln -s brcmfmac43430-sdio.bin ${D}${nonarch_base_libdir}/firmware/brcm/brcmfmac43430-sdio.raspberrypi,3-model-b.bin } PACKAGES = "\ diff --git a/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi_5.15.bb b/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi_5.15.bb index 02ab825cbc..3f167bb29d 100644 --- a/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi_5.15.bb +++ b/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi_5.15.bb @@ -1,9 +1,9 @@ -LINUX_VERSION ?= "5.15.90" +LINUX_VERSION ?= "5.15.92" LINUX_RPI_BRANCH ?= "rpi-5.15.y" LINUX_RPI_KMETA_BRANCH ?= "yocto-5.15" -SRCREV_machine = "18d8d0236d45f0fe9082548f23a0ab4379d8c106" -SRCREV_meta = "3b1dc2f1fcd869f97901402759b859035984aa7f" +SRCREV_machine = "14b35093ca68bf2c81bbc90aace5007142b40b40" +SRCREV_meta = "509f4b9d68337f103633d48b621c1c9aa0dc975d" KMETA = "kernel-meta" diff --git a/meta-raspberrypi/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.20.%.bbappend b/meta-raspberrypi/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_%.bbappend index f3fb1441d1..f3fb1441d1 100644 --- a/meta-raspberrypi/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.20.%.bbappend +++ b/meta-raspberrypi/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_%.bbappend diff --git a/meta-security/classes/dm-verity-img.bbclass b/meta-security/classes/dm-verity-img.bbclass index dd447e661f..e5946bc327 100644 --- a/meta-security/classes/dm-verity-img.bbclass +++ b/meta-security/classes/dm-verity-img.bbclass @@ -63,7 +63,12 @@ verity_setup() { veritysetup --data-block-size=${DM_VERITY_IMAGE_DATA_BLOCK_SIZE} --hash-offset=$SIZE format $OUTPUT $OUTPUT | tail -n +2 | process_verity } -VERITY_TYPES = "ext2.verity ext3.verity ext4.verity btrfs.verity erofs.verity erofs-lz4.verity erofs-lz4hc.verity" +VERITY_TYPES = " \ + ext2.verity ext3.verity ext4.verity \ + btrfs.verity \ + erofs.verity erofs-lz4.verity erofs-lz4hc.verity \ + squashfs.verity squashfs-xz.verity squashfs-lzo.verity squashfs-lz4.verity squashfs-zst.verity \ +" IMAGE_TYPES += "${VERITY_TYPES}" CONVERSIONTYPES += "verity" CONVERSION_CMD:verity = "verity_setup ${type}" diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.4.1.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_3.0.0.bb index 75e958841d..ea2433c9fb 100644 --- a/meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.4.1.bb +++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_3.0.0.bb @@ -18,7 +18,7 @@ SRC_URI = "\ file://tpm2-abrmd.default \ " -SRC_URI[sha256sum] = "a7844a257eaf5176f612fe9620018edc0880cca7036465ad2593f83ae0ad6673" +SRC_URI[sha256sum] = "d59aff34164aa705b05155b86607f6b66918a433104f754a3fcf76216dd9f465" UPSTREAM_CHECK_URI = "https://github.com/tpm2-software/${BPN}/releases" diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.8.0.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.9.0.bb index 38847a804c..e0def0f704 100644 --- a/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.8.0.bb +++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.9.0.bb @@ -8,7 +8,7 @@ DEPENDS = "autoconf-archive pkgconfig sqlite3 openssl libtss2-dev tpm2-tools lib SRC_URI = "https://github.com/tpm2-software/${BPN}/releases/download/${PV}/${BPN}-${PV}.tar.gz" -SRC_URI[sha256sum] = "79f28899047defd6b4b72b7268dd56abf27774954022315f818c239af33e05bd" +SRC_URI[sha256sum] = "35bf06c30cfa76fc0eba2c5f503cf7dd0d34a66afb2d292fee896b90362f633b" UPSTREAM_CHECK_URI = "https://github.com/tpm2-software/${BPN}/releases" @@ -16,11 +16,6 @@ inherit autotools-brokensep pkgconfig python3native EXTRA_OECONF += "--disable-ptool-checks" -do_configure:prepend() { - # do not extract the version number from git - sed -i -e 's/m4_esyscmd_s(\[git describe --tags --always --dirty\])/${PV}/' ${S}/configure.ac -} - do_compile:append() { cd ${S}/tools python3 setup.py build diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_5.3.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_5.5.bb index 53d5abb07e..ef73238927 100644 --- a/meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_5.3.bb +++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_5.5.bb @@ -8,16 +8,11 @@ DEPENDS = "tpm2-abrmd tpm2-tss openssl curl autoconf-archive" SRC_URI = "https://github.com/tpm2-software/${BPN}/releases/download/${PV}/${BPN}-${PV}.tar.gz" -SRC_URI[sha256sum] = "e7ce2fd36ef5cdbd7872d823a442e8754a4f0ca7c54b60efcdb75c12a1f98f8f" +SRC_URI[sha256sum] = "1fdb49c730537bfdaed088884881a61e3bfd121e957ec0bdceeec0261236c123" UPSTREAM_CHECK_URI = "https://github.com/tpm2-software/${BPN}/releases" inherit autotools pkgconfig bash-completion -do_configure:prepend() { - # do not extract the version number from git - sed -i -e 's/m4_esyscmd_s(\[git describe --tags --always --dirty\])/${PV}/' ${S}/configure.ac -} - # need tss-esys RDEPENDS:${PN} = "libtss2 tpm2-abrmd" diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss/fixup_hosttools.patch b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss/fixup_hosttools.patch index 450698ff64..04a29644c1 100644 --- a/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss/fixup_hosttools.patch +++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss/fixup_hosttools.patch @@ -5,16 +5,16 @@ Not appropriate for cross build env. Upstream-Status: OE [inappropriate] Signed-off-by: Armin Kuster <akuster808@gmail.com> -Index: tpm2-tss-3.2.0/configure.ac +Index: tpm2-tss-4.0.1/configure.ac =================================================================== ---- tpm2-tss-3.2.0.orig/configure.ac -+++ tpm2-tss-3.2.0/configure.ac -@@ -488,17 +488,6 @@ +--- tpm2-tss-4.0.1.orig/configure.ac ++++ tpm2-tss-4.0.1/configure.ac +@@ -554,17 +554,6 @@ AM_CONDITIONAL(SYSD_SYSUSERS, test "x$systemd_sysusers" = "xyes") AC_CHECK_PROG(systemd_tmpfiles, systemd-tmpfiles, yes) AM_CONDITIONAL(SYSD_TMPFILES, test "x$systemd_tmpfiles" = "xyes") -# Check all tools used by make install --AS_IF([test "$HOSTOS" = "Linux"], +-AS_IF([test "$HOSTOS" = "Linux" && test "x$systemd_sysusers" != "xyes"], - [ AC_CHECK_PROG(useradd, useradd, yes) - AC_CHECK_PROG(groupadd, groupadd, yes) - AC_CHECK_PROG(adduser, adduser, yes) diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_3.2.0.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_4.0.1.bb index 1556273171..657a2cd94c 100644 --- a/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_3.2.0.bb +++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_4.0.1.bb @@ -10,15 +10,16 @@ SRC_URI = "https://github.com/tpm2-software/${BPN}/releases/download/${PV}/${BPN file://fixup_hosttools.patch \ " -SRC_URI[sha256sum] = "48305e4144dcf6d10f3b25b7bccf0189fd2d1186feafd8cd68c6b17ecf0d7912" +SRC_URI[sha256sum] = "532a70133910b6bd842289915b3f9423c0205c0ea009d65294ca18a74087c950" UPSTREAM_CHECK_URI = "https://github.com/tpm2-software/${BPN}/releases" inherit autotools pkgconfig systemd useradd -PACKAGECONFIG ??= "" +PACKAGECONFIG ??= "vendor" PACKAGECONFIG[oxygen] = ",--disable-doxygen-doc, " -PACKAGECONFIG[fapi] = "--enable-fapi,--disable-fapi,curl json-c " +PACKAGECONFIG[fapi] = "--enable-fapi,--disable-fapi,curl json-c util-linux-libuuid " +PACKAGECONFIG[policy] = "--enable-policy,--disable-policy,json-c util-linux-libuuid " EXTRA_OECONF += "--enable-static --with-udevrulesdir=${nonarch_base_libdir}/udev/rules.d/" EXTRA_OECONF += "--runstatedir=/run" @@ -28,11 +29,6 @@ USERADD_PACKAGES = "${PN}" GROUPADD_PARAM:${PN} = "--system tss" USERADD_PARAM:${PN} = "--system -M -d /var/lib/tpm -s /bin/false -g tss tss" -do_configure:prepend() { - # do not extract the version number from git - sed -i -e 's/m4_esyscmd_s(\[git describe --tags --always --dirty\])/${PV}/' ${S}/configure.ac -} - do_install:append() { # Remove /run as it is created on startup rm -rf ${D}/run |