openclaw/tqma6-yocto-mirror
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Complete Yocto mirror with license table for TQMa6UL (2038-compliance)

Browse Source 
- 264 license table entries with exact download URLs (224/264 resolved)
- Complete sources/ directory with all BitBake recipes
- Build configuration: tqma6ul-multi-mba6ulx, spaetzle (musl)
- Full traceability for Softwarefreigabeantrag
- GCC 13.4.0, Linux 6.6.102, U-Boot 2023.04, musl 1.2.4
- License distribution: GPL-2.0 (24), MIT (23), GPL-2.0+ (18), BSD-3 (16)
This commit is contained in:
Siggi (OpenClaw Agent)
2026-03-01 20:58:18 +00:00
commit 16accb6b24
15086 changed files with 1292356 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
sources/meta-arm/meta-arm-bsp/README.md Normal file
View File

@@ -0,0 +1 @@
See ../README.md

30
sources/meta-arm/meta-arm-bsp/conf/layer.conf Normal file
View File

@@ -0,0 +1,30 @@
# We have a conf and classes directory, add to BBPATH
BBPATH .= ":${LAYERDIR}"
# We have recipes-* directories, add to BBFILES
BBFILES += "${LAYERDIR}/recipes-*/*/*.bb \
${LAYERDIR}/recipes-*/*/*.bbappend"
BBFILE_COLLECTIONS += "meta-arm-bsp"
BBFILE_PATTERN_meta-arm-bsp = "^${LAYERDIR}/"
BBFILE_PRIORITY_meta-arm-bsp = "5"
LAYERSERIES_COMPAT_meta-arm-bsp = "nanbield scarthgap"
LAYERDEPENDS_meta-arm-bsp = "core meta-arm"
# This won't be used by layerindex-fetch, but works everywhere else
LAYERDEPENDS_meta-arm-bsp:append:corstone1000 = " meta-python openembedded-layer efi-secure-boot"
LAYERDEPENDS_meta-arm-bsp:append:musca-b1 = " meta-python"
LAYERDEPENDS_meta-arm-bsp:append:musca-s1 = " meta-python"
# Additional license directories.
LICENSE_PATH += "${LAYERDIR}/custom-licenses"
BBFILES_DYNAMIC += " \
meta-arm-systemready:${LAYERDIR}/dynamic-layers/meta-arm-systemready/*/*/*.bb \
meta-arm-systemready:${LAYERDIR}/dynamic-layers/meta-arm-systemready/*/*/*.bbappend \
"
WARN_QA:append:layer-meta-arm-bsp = " patch-status"
addpylib ${LAYERDIR}/lib oeqa

75
sources/meta-arm/meta-arm-bsp/conf/machine/corstone1000-fvp.conf Normal file
View File

@@ -0,0 +1,75 @@
#@TYPE: Machine
#@NAME: corstone1000-fvp machine
#@DESCRIPTION: Machine configuration for Corstone1000 64-bit FVP
require conf/machine/include/corstone1000.inc
TFA_TARGET_PLATFORM = "fvp"
TFM_PLATFORM_IS_FVP = "TRUE"
# testimage config
TEST_TARGET = "OEFVPTarget"
TEST_SUITES = "fvp_boot"
# FVP Config
FVP_PROVIDER ?= "fvp-corstone1000-native"
FVP_EXE ?= "FVP_Corstone-1000"
FVP_CONSOLES[default] = "host_terminal_0"
FVP_CONSOLES[tf-a] = "host_terminal_1"
FVP_CONSOLES[se] = "secenc_terminal"
FVP_CONSOLES[extsys] = "extsys_terminal"
#Disable Time Annotation
FASTSIM_DISABLE_TA = "0"
# FVP Parameters
FVP_CONFIG[se.trustedBootROMloader.fname] ?= "bl1.bin"
FVP_CONFIG[board.xnvm_size] ?= "64"
FVP_CONFIG[se.trustedSRAM_config] ?= "6"
FVP_CONFIG[se.BootROM_config] ?= "3"
FVP_CONFIG[board.hostbridge.interfaceName] ?= "tap0"
FVP_CONFIG[board.smsc_91c111.enabled] ?= "1"
FVP_CONFIG[board.hostbridge.userNetworking] ?= "true"
FVP_CONFIG[board.hostbridge.userNetPorts] ?= "5555=5555,8080=80,2222=22"
FVP_CONFIG[board.se_flash_size] ?= "8192"
FVP_CONFIG[diagnostics] ?= "4"
FVP_CONFIG[disable_visualisation] ?= "true"
FVP_CONFIG[se.nvm.update_raw_image] ?= "0"
FVP_CONFIG[se.cryptocell.USER_OTP_FILTERING_DISABLE] ?= "1"
# Boot image
FVP_DATA ?= "board.flash0=corstone1000-flash-firmware-image-${MACHINE}.wic@0x68000000"
# External system (cortex-M3)
FVP_CONFIG[extsys_harness0.extsys_flashloader.fname] ?= "es_flashfw.bin"
# FVP Terminals
FVP_TERMINALS[host.host_terminal_0] ?= "Normal World Console"
FVP_TERMINALS[host.host_terminal_1] ?= "Secure World Console"
FVP_TERMINALS[se.secenc_terminal] ?= "Secure Enclave Console"
FVP_TERMINALS[extsys0.extsys_terminal] ?= "Cortex M3"
# MMC card configuration
FVP_CONFIG[board.msd_mmc.card_type] ?= "SDHC"
FVP_CONFIG[board.msd_mmc.p_fast_access] ?= "0"
FVP_CONFIG[board.msd_mmc.diagnostics] ?= "0"
FVP_CONFIG[board.msd_mmc.p_max_block_count] ?= "0xFFFF"
FVP_CONFIG[board.msd_config.pl180_fifo_depth] ?= "16"
FVP_CONFIG[board.msd_mmc.support_unpadded_images] ?= "true"
FVP_CONFIG[board.msd_mmc.p_mmc_file] ?= "${IMAGE_NAME}.wic"
# MMC2 card configuration
FVP_CONFIG[board.msd_mmc_2.card_type] ?= "SDHC"
FVP_CONFIG[board.msd_mmc_2.p_fast_access] ?= "0"
FVP_CONFIG[board.msd_mmc_2.diagnostics] ?= "0"
FVP_CONFIG[board.msd_mmc_2.p_max_block_count] ?= "0xFFFF"
FVP_CONFIG[board.msd_config_2.pl180_fifo_depth] ?= "16"
FVP_CONFIG[board.msd_mmc_2.support_unpadded_images] ?= "true"
FVP_CONFIG[board.msd_mmc_2.p_mmc_file] ?= "corstone1000-esp-image-${MACHINE}.wic"
# Virtio-Net configuration
FVP_CONFIG[board.virtio_net.enabled] ?= "1"
FVP_CONFIG[board.virtio_net.hostbridge.interfaceName] ?= "eth1"
FVP_CONFIG[board.virtio_net.hostbridge.userNetworking] ?= "true"
FVP_CONFIG[board.virtio_net.hostbridge.userNetPorts] ?= "5555=5555,8080=80,2222=22"
FVP_CONFIG[board.virtio_net.transport] ?= "legacy"

9
sources/meta-arm/meta-arm-bsp/conf/machine/corstone1000-mps3.conf Normal file
View File

@@ -0,0 +1,9 @@
#@TYPE: Machine
#@NAME: corstone1000-mps3 machine
#@DESCRIPTION: Machine configuration for Corstone1000 64-bit MPS3 FPGA board
require conf/machine/include/corstone1000.inc
TFA_TARGET_PLATFORM = "fpga"
PLATFORM_IS_FVP = "FALSE"

65
sources/meta-arm/meta-arm-bsp/conf/machine/fvp-base.conf Normal file
View File

@@ -0,0 +1,65 @@
# Configuration for Armv8-A Base Platform FVP
#@TYPE: Machine
#@NAME: Armv8-A Base Platform FVP machine
#@DESCRIPTION: Machine configuration for Armv8-A Base Platform FVP model
require conf/machine/include/arm/arch-armv8-4a.inc
ARM_SYSTEMREADY_FIRMWARE = "trusted-firmware-a:do_deploy"
ARM_SYSTEMREADY_ACS_CONSOLE = "default"
EXTRA_IMAGEDEPENDS = "${ARM_SYSTEMREADY_FIRMWARE}"
MACHINE_FEATURES = "efi"
IMAGE_NAME_SUFFIX = ""
IMAGE_FSTYPES += "wic"
WKS_FILE ?= "efi-disk.wks.in"
SERIAL_CONSOLES = "115200;ttyAMA0"
PREFERRED_PROVIDER_virtual/kernel ?= "linux-yocto"
KERNEL_DEVICETREE = "arm/fvp-base-revc.dtb"
KERNEL_IMAGETYPE = "Image"
EXTRA_IMAGEDEPENDS += "trusted-firmware-a"
# FVP u-boot configuration
UBOOT_MACHINE = "vexpress_fvp_defconfig"
EFI_PROVIDER ?= "grub-efi"
# As this is a virtual target that will not be used in the real world there is
# no need for real SSH keys.
MACHINE_EXTRA_RRECOMMENDS += "ssh-pregen-hostkeys"
TEST_TARGET = "OEFVPTarget"
TEST_TARGET_IP = "127.0.0.1:2222"
DEFAULT_TEST_SUITES:append = " fvp_boot fvp_devices"
TEST_FVP_DEVICES ?= "rtc watchdog networking virtiorng cpu_hotplug"
FVP_PROVIDER ?= "fvp-base-a-aem-native"
FVP_EXE ?= "FVP_Base_RevC-2xAEMvA"
FVP_CONFIG[bp.ve_sysregs.exit_on_shutdown] ?= "1"
FVP_CONFIG[bp.virtio_net.enabled] ?= "1"
FVP_CONFIG[bp.virtio_net.hostbridge.userNetworking] ?= "1"
# Tell testimage to connect to localhost:2222, and forward that to SSH in the FVP.
FVP_CONFIG[bp.virtio_net.hostbridge.userNetPorts] = "2222=22"
FVP_CONFIG[bp.virtio_rng.enabled] ?= "1"
FVP_CONFIG[cache_state_modelled] ?= "0"
FVP_CONFIG[cluster0.check_memory_attributes] ?= "0"
FVP_CONFIG[cluster1.check_memory_attributes] ?= "0"
FVP_CONFIG[cluster0.stage12_tlb_size] ?= "1024"
FVP_CONFIG[cluster1.stage12_tlb_size] ?= "1024"
FVP_CONFIG[bp.secureflashloader.fname] ?= "bl1-fvp.bin"
FVP_CONFIG[bp.flashloader0.fname] ?= "fip-fvp.bin"
FVP_CONFIG[bp.virtioblockdevice.image_path] ?= "${IMAGE_NAME}.wic"
# Set the baseline to ARMv8.4, as the default is 8.0.
FVP_CONFIG[cluster0.has_arm_v8-4] = "1"
FVP_CONFIG[cluster1.has_arm_v8-4] = "1"
FVP_CONSOLES[default] = "terminal_0"
FVP_TERMINALS[bp.terminal_0] ?= "Console"
FVP_TERMINALS[bp.terminal_1] ?= ""
FVP_TERMINALS[bp.terminal_2] ?= ""
FVP_TERMINALS[bp.terminal_3] ?= ""
FVP_CONFIG[bp.secure_memory] ?= "1"

65
sources/meta-arm/meta-arm-bsp/conf/machine/include/corstone1000.inc Normal file
View File

@@ -0,0 +1,65 @@
require conf/machine/include/arm/armv8a/tune-cortexa35.inc
MACHINEOVERRIDES =. "corstone1000:"
# TF-M
PREFERRED_VERSION_trusted-firmware-m ?= "2.0.%"
# TF-A
TFA_PLATFORM = "corstone1000"
PREFERRED_VERSION_trusted-firmware-a ?= "2.10.%"
PREFERRED_VERSION_tf-a-tests ?= "2.10.%"
TFA_BL2_BINARY = "bl2-corstone1000.bin"
TFA_FIP_BINARY = "fip-corstone1000.bin"
# optee
PREFERRED_VERSION_optee-os ?= "4.1.%"
# Trusted Services
TS_PLATFORM = "arm/corstone1000"
TS_SP_SE_PROXY_CONFIG = "corstone1000"
# Include smm-gateway and se-proxy SPs into optee-os binary
MACHINE_FEATURES += "ts-smm-gateway ts-se-proxy"
# u-boot
PREFERRED_VERSION_u-boot ?= "2023.07%"
MACHINE_FEATURES += "efi"
EFI_PROVIDER ?= "grub-efi"
# Grub
LINUX_KERNEL_ARGS ?= "earlycon=pl011,0x1a510000 console=ttyAMA0,115200"
GRUB_LINUX_APPEND ?= "${LINUX_KERNEL_ARGS}"
IMAGE_CMD:wic[vardeps] += "GRUB_LINUX_APPEND"
# Linux kernel
PREFERRED_PROVIDER_virtual/kernel ?= "linux-yocto"
PREFERRED_VERSION_linux-yocto ?= "6.6.%"
KERNEL_IMAGETYPE = "Image"
KERNEL_IMAGETYPE:firmware = "Image.gz"
# add FF-A support in the kernel
MACHINE_FEATURES += "arm-ffa"
# enable this feature for kernel debugging
# MACHINE_FEATURES += "corstone1000_kernel_debug"
# login terminal serial port settings
SERIAL_CONSOLES ?= "115200;ttyAMA0"
IMAGE_FSTYPES += "wic"
# Need to clear the suffix so TESTIMAGE_AUTO works
IMAGE_NAME_SUFFIX = ""
WKS_FILE ?= "efi-disk-no-swap.wks.in"
WKS_FILE:firmware ?= "corstone1000-flash-firmware.wks.in"
# making sure EXTRA_IMAGEDEPENDS will be used while creating the image
WKS_FILE_DEPENDS:append = " ${EXTRA_IMAGEDEPENDS}"
# If not building under the firmware multiconf we need to build the actual firmware
FIRMWARE_DEPLOYMENT ?= "firmware-deploy-image"
FIRMWARE_DEPLOYMENT:firmware ?= ""
EXTRA_IMAGEDEPENDS += "${FIRMWARE_DEPLOYMENT}"
ARM_SYSTEMREADY_FIRMWARE = "${FIRMWARE_DEPLOYMENT}:do_deploy \
corstone1000-esp-image:do_image_complete \
"
ARM_SYSTEMREADY_ACS_CONSOLE ?= "default"

30
sources/meta-arm/meta-arm-bsp/conf/machine/juno.conf Normal file
View File

@@ -0,0 +1,30 @@
# Configuration for juno development board
#@TYPE: Machine
#@NAME: Juno machine
#@DESCRIPTION: Machine configuration for Juno
TUNE_FEATURES = "aarch64"
require conf/machine/include/arm/arch-armv8a.inc
MACHINE_FEATURES = "usbhost usbgadget alsa screen wifi bluetooth optee pci"
KERNEL_IMAGETYPE = "Image.gz"
KERNEL_DEVICETREE = "arm/juno.dtb arm/juno-r1.dtb arm/juno-r2.dtb"
IMAGE_FSTYPES += "tar.bz2 ext4 cpio.gz"
SERIAL_CONSOLES = "115200;ttyAMA0"
PREFERRED_PROVIDER_virtual/kernel ?= "linux-yocto"
PREFERRED_PROVIDER_virtual/bootloader ?= "u-boot"
EXTRA_IMAGEDEPENDS += "trusted-firmware-a virtual/bootloader firmware-image-juno"
# Juno u-boot configuration
UBOOT_MACHINE = "vexpress_aemv8a_juno_defconfig"
INITRAMFS_IMAGE_BUNDLE ?= "1"
INITRAMFS_IMAGE = "core-image-minimal"
IMAGE_NAME_SUFFIX = ""

23
sources/meta-arm/meta-arm-bsp/conf/machine/musca-b1.conf Normal file
View File

@@ -0,0 +1,23 @@
# Configuration for Musca-B1 development board
#@TYPE: Machine
#@NAME: Musca-B1 machine
#@DESCRIPTION: Machine configuration for Musca-B1
DEFAULTTUNE ?= "armv8m-main"
require conf/machine/include/arm/armv8-m/tune-cortexm33.inc
# GLIBC will not work with Cortex-M.
TCLIBC = "newlib"
# For runqemu
IMAGE_FSTYPES += "ext4"
IMAGE_CLASSES += "qemuboot"
QB_SYSTEM_NAME = "qemu-system-arm"
QB_MACHINE = "-machine musca-b1"
QB_CPU = "-cpu cortex-m33"
QB_GRAPHICS = "-nographic -vga none"
QB_MEM = "512k"
QB_RNG = ""
TFM_PLATFORM = "arm/musca_b1"

22
sources/meta-arm/meta-arm-bsp/conf/machine/musca-s1.conf Normal file
View File

@@ -0,0 +1,22 @@
# Configuration for Musca-S1 development board
#@TYPE: Machine
#@NAME: Musca-S1 machine
#@DESCRIPTION: Machine configuration for Musca-S1
require conf/machine/include/arm/armv8-m/tune-cortexm33.inc
# GLIBC will not work with Cortex-M.
TCLIBC = "newlib"
# For runqemu
IMAGE_FSTYPES += "ext4"
IMAGE_CLASSES += "qemuboot"
QB_SYSTEM_NAME = "qemu-system-arm"
QB_MACHINE = "-machine musca-s1"
QB_CPU = "-cpu cortex-m33"
QB_GRAPHICS = "-nographic -vga none"
QB_MEM = "512k"
QB_RNG = ""
TFM_PLATFORM = "arm/musca_s1"

51
sources/meta-arm/meta-arm-bsp/conf/machine/n1sdp.conf Normal file
View File

@@ -0,0 +1,51 @@
# Configuration for Arm N1SDP development board
#@TYPE: Machine
#@NAME: N1SDP machine
#@DESCRIPTION: Machine configuration for N1SDP
require conf/machine/include/arm/armv8-2a/tune-neoversen1.inc
KERNEL_IMAGETYPE = "Image"
IMAGE_FSTYPES += "wic wic.gz wic.bmap tar.bz2 ext4"
SERIAL_CONSOLES = "115200;ttyAMA0"
# Set default WKS
WKS_FILE ?= "n1sdp-efidisk.wks"
IMAGE_EFI_BOOT_FILES ?= "n1sdp-multi-chip.dtb n1sdp-single-chip.dtb"
WKS_FILE_DEPENDS:append = " ${EXTRA_IMAGEDEPENDS}"
# Use kernel provided by yocto
PREFERRED_PROVIDER_virtual/kernel ?= "linux-yocto"
PREFERRED_VERSION_linux-yocto ?= "6.6%"
# RTL8168E Gigabit Ethernet Controller is attached to the PCIe interface
MACHINE_ESSENTIAL_EXTRA_RDEPENDS += "linux-firmware-rtl8168"
# TF-A
EXTRA_IMAGEDEPENDS += "trusted-firmware-a"
TFA_PLATFORM = "n1sdp"
PREFERRED_VERSION_trusted-firmware-a ?= "2.10.%"
PREFERRED_VERSION_tf-a-tests ?= "2.10.%"
# SCP
EXTRA_IMAGEDEPENDS += "virtual/control-processor-firmware"
#UEFI EDK2 firmware
EXTRA_IMAGEDEPENDS += "edk2-firmware"
PREFERRED_VERSION_edk2-firmware ?= "202311"
#optee
PREFERRED_VERSION_optee-os ?= "4.1.%"
PREFERRED_VERSION_optee-os-tadevkit ?= "4.1.%"
PREFERRED_VERSION_optee-test ?= "4.1.%"
PREFERRED_VERSION_optee-client ?= "4.1.%"
#grub-efi
EFI_PROVIDER ?= "grub-efi"
MACHINE_FEATURES += "efi"
# SD-Card firmware
EXTRA_IMAGEDEPENDS += "sdcard-image-n1sdp"

43
sources/meta-arm/meta-arm-bsp/conf/machine/sbsa-ref.conf Normal file
View File

@@ -0,0 +1,43 @@
#@TYPE: Machine
#@NAME: sbsa-ref
#@DESCRIPTION: Reference SBSA machine in qemu-system-aarch64 on Neoverse N2
require conf/machine/include/arm/armv9a/tune-neoversen2.inc
require conf/machine/include/qemu.inc
PREFERRED_PROVIDER_virtual/kernel ?= "linux-yocto"
KERNEL_IMAGETYPE = "Image"
MACHINE_EXTRA_RRECOMMENDS += "kernel-modules"
MACHINE_FEATURES = " alsa bluetooth efi qemu-usermode rtc screen usbhost vfat wifi"
IMAGE_FSTYPES += "wic.qcow2"
# This unique WIC file is necessary because kernel boot args cannot be passed
# because there is no default kernel (see below). There is no default kernel
# because QEMU will only allow firmware or kernel to be passed in as a
# parameter, and we need the firmware. So, to allow for "ip=dhcp" as a kernel
# boot arg (which we need for testimage), we have to have a WIC file unique to
# this platform.
WKS_FILE = "qemu-efi-disk.wks.in"
EFI_PROVIDER ?= "${@bb.utils.contains("DISTRO_FEATURES", "systemd", "systemd-boot", "grub-efi", d)}"
SERIAL_CONSOLES ?= "115200;ttyAMA0 115200;hvc0"
EXTRA_IMAGEDEPENDS += "edk2-firmware"
QB_SYSTEM_NAME = "qemu-system-aarch64"
QB_MACHINE = "-machine sbsa-ref"
QB_CPU = "-cpu neoverse-n2"
QB_MEM = "-m 1024"
QB_DEFAULT_FSTYPE = "wic.qcow2"
QB_NETWORK_DEVICE = "-device virtio-net-pci,netdev=net0,mac=@MAC@"
QB_DRIVE_TYPE = "/dev/hd"
QB_ROOTFS_OPT = "-drive file=@ROOTFS@,if=ide,format=qcow2"
QB_DEFAULT_KERNEL = "none"
QB_OPT_APPEND = "-device usb-tablet -device usb-kbd -pflash @DEPLOY_DIR_IMAGE@/SBSA_FLASH0.fd -pflash @DEPLOY_DIR_IMAGE@/SBSA_FLASH1.fd"
QB_SERIAL_OPT = "-device virtio-serial-pci -chardev null,id=virtcon -device virtconsole,chardev=virtcon"
QB_TCPSERIAL_OPT = "-device virtio-serial-pci -chardev socket,id=virtcon,port=@PORT@,host=127.0.0.1 -device virtconsole,chardev=virtcon"
# sbsa-ref is a true virtual machine so can't use KVM
QEMU_USE_KVM = "0"

24
sources/meta-arm/meta-arm-bsp/conf/machine/sgi575.conf Normal file
View File

@@ -0,0 +1,24 @@
# Configuration for Arm SGI575 development board
#@TYPE: Machine
#@NAME: SGI575
#@DESCRIPTION: Machine configuration for SGI575
require conf/machine/include/arm/armv8-2a/tune-cortexa75.inc
EXTRA_IMAGEDEPENDS += "virtual/control-processor-firmware"
EXTRA_IMAGEDEPENDS += "trusted-firmware-a"
KERNEL_IMAGETYPE ?= "Image"
PREFERRED_PROVIDER_virtual/kernel ?= "linux-yocto"
SERIAL_CONSOLES = "115200;ttyAMA0"
#grub-efi
EFI_PROVIDER ?= "grub-efi"
MACHINE_FEATURES += "efi"
IMAGE_FSTYPES += "cpio.gz wic"
WKS_FILE ?= "sgi575-efidisk.wks"
WKS_FILE_DEPENDS:append = " ${EXTRA_IMAGEDEPENDS}"

18
sources/meta-arm/meta-arm-bsp/custom-licenses/STM-SLA0044-Rev5 Normal file
View File

@@ -0,0 +1,18 @@
SLA0044 Rev5/February 2018
BY INSTALLING COPYING, DOWNLOADING, ACCESSING OR OTHERWISE USING THIS SOFTWARE OR ANY PART THEREOF (AND THE RELATED DOCUMENTATION) FROM STMICROELECTRONICS INTERNATIONAL N.V, SWISS BRANCH AND/OR ITS AFFILIATED COMPANIES (STMICROELECTRONICS), THE RECIPIENT, ON BEHALF OF HIMSELF OR HERSELF, OR ON BEHALF OF ANY ENTITY BY WHICH SUCH RECIPIENT IS EMPLOYED AND/OR ENGAGED AGREES TO BE BOUND BY THIS SOFTWARE LICENSE AGREEMENT.
Under STMicroelectronics intellectual property rights, the redistribution, reproduction and use in source and binary forms of the software or any part thereof, with or without modification, are permitted provided that the following conditions are met:
1. Redistribution of source code (modified or not) must retain any copyright notice, this list of conditions and the disclaimer set forth below as items 10 and 11.
2. Redistributions in binary form, except as embedded into microcontroller or microprocessor device manufactured by or for STMicroelectronics or a software update for such device, must reproduce any copyright notice provided with the binary code, this list of conditions, and the disclaimer set forth below as items 10 and 11, in documentation and/or other materials provided with the distribution.
3. Neither the name of STMicroelectronics nor the names of other contributors to this software may be used to endorse or promote products derived from this software or part thereof without specific written permission.
4. This software or any part thereof, including modifications and/or derivative works of this software, must be used and execute solely and exclusively on or in combination with a microcontroller or microprocessor device manufactured by or for STMicroelectronics.
5. No use, reproduction or redistribution of this software partially or totally may be done in any manner that would subject this software to any Open Source Terms. “Open Source Terms” shall mean any open source license which requires as part of distribution of software that the source code of such software is distributed therewith or otherwise made available, or open source license that substantially complies with the Open Source definition specified at www.opensource.org and any other comparable open source license such as for example GNU General Public License (GPL), Eclipse Public License (EPL), Apache Software License, BSD license or MIT license.
6. STMicroelectronics has no obligation to provide any maintenance, support or updates for the software.
7. The software is and will remain the exclusive property of STMicroelectronics and its licensors. The recipient will not take any action that jeopardizes STMicroelectronics and its licensors' proprietary rights or acquire any rights in the software, except the limited rights specified hereunder.
8. The recipient shall comply with all applicable laws and regulations affecting the use of the software or any part thereof including any applicable export control law or regulation.
9. Redistribution and use of this software or any part thereof other than as permitted under this license is void and will automatically terminate your rights under this license.
10. THIS SOFTWARE IS PROVIDED BY STMICROELECTRONICS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS, IMPLIED OR STATUTORY WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT OF THIRD PARTY INTELLECTUAL PROPERTY RIGHTS, WHICH ARE DISCLAIMED TO THE FULLEST EXTENT PERMITTED BY LAW. IN NO EVENT SHALL STMICROELECTRONICS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
11. EXCEPT AS EXPRESSLY PERMITTED HEREUNDER, NO LICENSE OR OTHER RIGHTS, WHETHER EXPRESS OR IMPLIED, ARE GRANTED UNDER ANY PATENT OR OTHER INTELLECTUAL PROPERTY RIGHTS OF STMICROELECTRONICS OR ANY THIRD PARTY.

12
sources/meta-arm/meta-arm-bsp/documentation/corstone1000/.readthedocs.yaml Normal file
View File

@@ -0,0 +1,12 @@
version: 2
build:
os: "ubuntu-22.04"
tools:
python: "3.9"
sphinx:
configuration: meta-arm-bsp/documentation/corstone1000/conf.py
formats:
- pdf
python:
install:
- requirements: meta-arm-bsp/documentation/requirements.txt

373
sources/meta-arm/meta-arm-bsp/documentation/corstone1000/change-log.rst Normal file
View File

@@ -0,0 +1,373 @@
..
# Copyright (c) 2022-2024, Arm Limited.
#
# SPDX-License-Identifier: MIT
##########
Change Log
##########
This document contains a summary of the new features, changes and
fixes in each release of Corstone-1000 software stack.
***************
Version 2024.06
***************
Changes
=======
- Re-enabling support for the External System using linux remoteproc (only supporting switching on and off the External System)
- UEFI Secure Boot and Authenticated Variable support
- RSE Comms replaces OpenAMP
- The EFI System partition image is now created by the meta-arm build system.
This image is mounted on the second MMC card by default in the FVP.
- The capsule generation script is now part of the meta-arm build system.
Corstone1000-flash-firmware-image recipe generates a capsule binary using the U-Boot capsule generation tool that includes
all the firmware binaries and recovery kernel image.
- SW components upgrades
- Bug fixes
Corstone-1000 components versions
=================================
+-------------------------------------------+-----------------------------------------------------+
| arm-tstee | 2.0.0 |
+-------------------------------------------+-----------------------------------------------------+
| linux-yocto | 6.6.23 |
+-------------------------------------------+-----------------------------------------------------+
| u-boot | 2023.07.02 |
+-------------------------------------------+-----------------------------------------------------+
| external-system | 0.1.0 |
+-------------------------------------------+-----------------------------------------------------+
| optee-client | 4.1.0 |
+-------------------------------------------+-----------------------------------------------------+
| optee-os | 4.1.0 |
+-------------------------------------------+-----------------------------------------------------+
| trusted-firmware-a | 2.10.4 |
+-------------------------------------------+-----------------------------------------------------+
| trusted-firmware-m | 2.0.0 |
+-------------------------------------------+-----------------------------------------------------+
| libts | 602be60719 |
+-------------------------------------------+-----------------------------------------------------+
| ts-newlib | 4.1.0 |
+-------------------------------------------+-----------------------------------------------------+
| ts-psa-{crypto, iat, its. ps}-api-test | 602be60719 |
+-------------------------------------------+-----------------------------------------------------+
| ts-sp-{se-proxy, smm-gateway} | 602be60719 |
+-------------------------------------------+-----------------------------------------------------+
Yocto distribution components versions
======================================
+-------------------------------------------+------------------------------+
| meta-arm | scarthgap |
+-------------------------------------------+------------------------------+
| poky | scarthgap |
+-------------------------------------------+------------------------------+
| meta-openembedded | scarthgap |
+-------------------------------------------+------------------------------+
| meta-secure-core | scarthgap |
+-------------------------------------------+------------------------------+
| busybox | 1.36.1 |
+-------------------------------------------+------------------------------+
| musl | 1.2.4 |
+-------------------------------------------+------------------------------+
| gcc-arm-none-eabi | 13.2.Rel1 |
+-------------------------------------------+------------------------------+
| gcc-cross-aarch64 | 13.2.0 |
+-------------------------------------------+------------------------------+
| openssl | 3.2.1 |
+-------------------------------------------+------------------------------+
***************
Version 2023.11
***************
Changes
=======
- Making Corstone-1000 SystemReady IR 2.0 certifiable
- Allow booting Debian & OpenSUSE on FVP
- Add support for two MMC cards for the FVP
- Add signed capsule update support
- Enable on-disk capsule update
- Add the feature of purging specific DT nodes in U-Boot before Linux
- Add Ethernet over VirtIO support in U-Boot
- Add support for unaligned MMC card images
- Reducing the out-of-tree patches by upstreaming them to the corresponding open-source projects
- SW components upgrades
- Bug fixes
Corstone-1000 components versions
=================================
+-------------------------------------------+-----------------------------------------------------+
| arm-ffa-tee | 1.1.2-r0 |
+-------------------------------------------+-----------------------------------------------------+
| linux-yocto | 6.5.7 |
+-------------------------------------------+-----------------------------------------------------+
| u-boot | 2023.07 |
+-------------------------------------------+-----------------------------------------------------+
| external-system | 0.1.0+gitAUTOINC+8c9dca74b1-r0 |
+-------------------------------------------+-----------------------------------------------------+
| optee-client | 3.22.0 |
+-------------------------------------------+-----------------------------------------------------+
| optee-os | 3.22.0 |
+-------------------------------------------+-----------------------------------------------------+
| trusted-firmware-a | 2.9.0 |
+-------------------------------------------+-----------------------------------------------------+
| trusted-firmware-m | 1.8.1 |
+-------------------------------------------+-----------------------------------------------------+
| libts | 08b3d39471 |
+-------------------------------------------+-----------------------------------------------------+
| ts-newlib | 4.1.0 |
+-------------------------------------------+-----------------------------------------------------+
| ts-psa-{crypto, iat, its. ps}-api-test | 38cb53a4d9 |
+-------------------------------------------+-----------------------------------------------------+
| ts-sp-{se-proxy, smm-gateway} | 08b3d39471 |
+-------------------------------------------+-----------------------------------------------------+
Yocto distribution components versions
======================================
+-------------------------------------------+------------------------------+
| meta-arm | nanbield |
+-------------------------------------------+------------------------------+
| poky | nanbield |
+-------------------------------------------+------------------------------+
| meta-openembedded | nanbield |
+-------------------------------------------+------------------------------+
| meta-secure-core | nanbield |
+-------------------------------------------+------------------------------+
| busybox | 1.36.1 |
+-------------------------------------------+------------------------------+
| musl | 1.2.4 |
+-------------------------------------------+------------------------------+
| gcc-arm-none-eabi | 11.2-2022.02 |
+-------------------------------------------+------------------------------+
| gcc-cross-aarch64 | 13.2.0 |
+-------------------------------------------+------------------------------+
| openssl | 3.1.3 |
+-------------------------------------------+------------------------------+
***************
Version 2023.06
***************
Changes
=======
- GPT support (in TF-M, TF-A, U-boot)
- Use TF-M BL1 code as the ROM code instead of MCUboot (the next stage bootloader BL2 remains to be MCUboot)
- Secure Enclave uses CC312 OTP as the provisioning backend in FVP and FPGA
- NVMXIP block storage support in U-Boot
- Upgrading the SW stack recipes
- Upgrades for the U-Boot FF-A driver and MM communication
Corstone-1000 components versions
=================================
+-------------------------------------------+--------------------------------------------+
| arm-ffa-tee | 1.1.2-r0 |
+-------------------------------------------+--------------------------------------------+
| arm-ffa-user | 5.0.1-r0 |
+-------------------------------------------+--------------------------------------------+
| corstone1000-external-sys-tests | 1.0+gitAUTOINC+2945cd92f7-r0 |
+-------------------------------------------+--------------------------------------------+
| external-system | 0.1.0+gitAUTOINC+8c9dca74b1-r0 |
+-------------------------------------------+--------------------------------------------+
| linux-yocto | 6.1.25+gitAUTOINC+36901b5b29_581dc1aa2f-r0 |
+-------------------------------------------+--------------------------------------------+
| u-boot | 2023.01-r0 |
+-------------------------------------------+--------------------------------------------+
| optee-client | 3.18.0-r0 |
+-------------------------------------------+--------------------------------------------+
| optee-os | 3.20.0-r0 |
+-------------------------------------------+--------------------------------------------+
| trusted-firmware-a | 2.8.0-r0 |
+-------------------------------------------+--------------------------------------------+
| trusted-firmware-m | 1.7.0-r0 |
+-------------------------------------------+--------------------------------------------+
| ts-newlib | 4.1.0-r0 |
+-------------------------------------------+--------------------------------------------+
| ts-psa-{crypto, iat, its. ps}-api-test | 38cb53a4d9 |
+-------------------------------------------+--------------------------------------------+
| ts-sp-{se-proxy, smm-gateway} | 08b3d39471 |
+-------------------------------------------+--------------------------------------------+
Yocto distribution components versions
======================================
+-------------------------------------------+--------------------------------+
| meta-arm | mickledore |
+-------------------------------------------+--------------------------------+
| poky | mickledore |
+-------------------------------------------+--------------------------------+
| meta-openembedded | mickledore |
+-------------------------------------------+--------------------------------+
| busybox | 1.36.0-r0 |
+-------------------------------------------+--------------------------------+
| musl | 1.2.3+gitAUTOINC+7d756e1c04-r0 |
+-------------------------------------------+--------------------------------+
| gcc-arm-none-eabi-native | 11.2-2022.02 |
+-------------------------------------------+--------------------------------+
| gcc-cross-aarch64 | 12.2.rel1-r0 |
+-------------------------------------------+--------------------------------+
| openssl | 3.1.0-r0 |
+-------------------------------------------+--------------------------------+
******************
Version 2022.11.23
******************
Changes
=======
- Booting the External System (Cortex-M3) with RTX RTOS
- Adding MHU communication between the HOST (Cortex-A35) and the External System
- Adding a Linux application to test the External System
- Adding ESRT (EFI System Resource Table) support
- Upgrading the SW stack recipes
- Upgrades for the U-Boot FF-A driver and MM communication
Corstone-1000 components versions
=================================
+-------------------------------------------+------------+
| arm-ffa-tee | 1.1.1 |
+-------------------------------------------+------------+
| arm-ffa-user | 5.0.0 |
+-------------------------------------------+------------+
| corstone1000-external-sys-tests | 1.0 |
+-------------------------------------------+------------+
| external-system | 0.1.0 |
+-------------------------------------------+------------+
| linux-yocto | 5.19 |
+-------------------------------------------+------------+
| u-boot | 2022.07 |
+-------------------------------------------+------------+
| optee-client | 3.18.0 |
+-------------------------------------------+------------+
| optee-os | 3.18.0 |
+-------------------------------------------+------------+
| trusted-firmware-a | 2.7.0 |
+-------------------------------------------+------------+
| trusted-firmware-m | 1.6.0 |
+-------------------------------------------+------------+
| ts-newlib | 4.1.0 |
+-------------------------------------------+------------+
| ts-psa-{crypto, iat, its. ps}-api-test | 451aa087a4 |
+-------------------------------------------+------------+
| ts-sp-{se-proxy, smm-gateway} | 3d4956770f |
+-------------------------------------------+------------+
Yocto distribution components versions
======================================
+-------------------------------------------+---------------------+
| meta-arm | langdale |
+-------------------------------------------+---------------------+
| poky | langdale |
+-------------------------------------------+---------------------+
| meta-openembedded | langdale |
+-------------------------------------------+---------------------+
| busybox | 1.35.0 |
+-------------------------------------------+---------------------+
| musl | 1.2.3+git37e18b7bf3 |
+-------------------------------------------+---------------------+
| gcc-arm-none-eabi-native | 11.2-2022.02 |
+-------------------------------------------+---------------------+
| gcc-cross-aarch64 | 12.2 |
+-------------------------------------------+---------------------+
| openssl | 3.0.5 |
+-------------------------------------------+---------------------+
******************
Version 2022.04.04
******************
Changes
=======
- Linux distro openSUSE, raw image installation and boot in the FVP.
- SCT test support in FVP.
- Manual capsule update support in FVP.
******************
Version 2022.02.25
******************
Changes
=======
- Building and running psa-arch-tests on Corstone-1000 FVP
- Enabled smm-gateway partition in Trusted Service on Corstone-1000 FVP
- Enabled MHU driver in Trusted Service on Corstone-1000 FVP
- Enabled OpenAMP support in SE proxy SP on Corstone-1000 FVP
******************
Version 2022.02.21
******************
Changes
=======
- psa-arch-tests: recipe is dropped and merged into the secure-partitons recipe.
- psa-arch-tests: The tests are align with latest tfm version for psa-crypto-api suite.
******************
Version 2022.01.18
******************
Changes
=======
- psa-arch-tests: change master to main for psa-arch-tests
- U-Boot: fix null pointer exception for get_image_info
- TF-M: fix capsule instability issue for Corstone-1000
******************
Version 2022.01.07
******************
Changes
=======
- Corstone-1000: fix SystemReady-IR ACS test (SCT, FWTS) failures.
- U-Boot: send bootcomplete event to secure enclave.
- U-Boot: support populating Corstone-1000 image_info to ESRT table.
- U-Boot: add ethernet device and enable configs to support bootfromnetwork SCT.
******************
Version 2021.12.15
******************
Changes
=======
- Enabling Corstone-1000 FPGA support on:
- Linux 5.10
- OP-TEE 3.14
- Trusted Firmware-A 2.5
- Trusted Firmware-M 1.5
- Building and running psa-arch-tests
- Adding openamp support in SE proxy SP
- OP-TEE: adding smm-gateway partition
- U-Boot: introducing Arm FF-A and MM support
******************
Version 2021.10.29
******************
Changes
=======
- Enabling Corstone-1000 FVP support on:
- Linux 5.10
- OP-TEE 3.14
- Trusted Firmware-A 2.5
- Trusted Firmware-M 1.4
- Linux kernel: enabling EFI, adding FF-A debugfs driver, integrating ARM_FFA_TRANSPORT.
- U-Boot: Extending EFI support
- python3-imgtool: adding recipe for Trusted-firmware-m
- python3-imgtool: adding the Yocto recipe used in signing host images (based on MCUBOOT format)
--------------
*Copyright (c) 2022-2024, Arm Limited. All rights reserved.*

52
sources/meta-arm/meta-arm-bsp/documentation/corstone1000/conf.py Normal file
View File

@@ -0,0 +1,52 @@
# Configuration file for the Sphinx documentation builder.
#
# This file only contains a selection of the most common options. For a full
# list see the documentation:
# https://www.sphinx-doc.org/en/master/usage/configuration.html
# -- Path setup --------------------------------------------------------------
# If extensions (or modules to document with autodoc) are in another directory,
# add these directories to sys.path here. If the directory is relative to the
# documentation root, use os.path.abspath to make it absolute, like shown here.
#
# import os
# import sys
# sys.path.insert(0, os.path.abspath('.'))
# -- Project information -----------------------------------------------------
project = 'corstone1000'
copyright = '2020-2022, Arm Limited'
author = 'Arm Limited'
# -- General configuration ---------------------------------------------------
# Add any Sphinx extension module names here, as strings. They can be
# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom
# ones.
extensions = [
]
# Add any paths that contain templates here, relative to this directory.
templates_path = ['_templates']
# List of patterns, relative to source directory, that match files and
# directories to ignore when looking for source files.
# This pattern also affects html_static_path and html_extra_path.
exclude_patterns = ['_build', 'Thumbs.db', '.DS_Store', 'docs/infra']
# -- Options for HTML output -------------------------------------------------
# The theme to use for HTML and HTML Help pages. See the documentation for
# a list of builtin themes.
#
html_theme = 'sphinx_rtd_theme'
# Add any paths that contain custom static files (such as style sheets) here,
# relative to this directory. They are copied after the builtin static files,
# so a file named "default.css" will overwrite the builtin "default.css".
#html_static_path = ['_static']

BIN
sources/meta-arm/meta-arm-bsp/documentation/corstone1000/images/CorstoneSubsystems.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 77 KiB

BIN
sources/meta-arm/meta-arm-bsp/documentation/corstone1000/images/ExternalFlash.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 54 KiB

BIN
sources/meta-arm/meta-arm-bsp/documentation/corstone1000/images/SecureBootChain.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 86 KiB

BIN
sources/meta-arm/meta-arm-bsp/documentation/corstone1000/images/SecureFirmwareUpdate.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 60 KiB

BIN
sources/meta-arm/meta-arm-bsp/documentation/corstone1000/images/SecureServices.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 69 KiB

BIN
sources/meta-arm/meta-arm-bsp/documentation/corstone1000/images/UEFISupport.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 65 KiB

26
sources/meta-arm/meta-arm-bsp/documentation/corstone1000/index.rst Normal file
View File

@@ -0,0 +1,26 @@
..
# Copyright (c) 2022, 2024, Arm Limited.
#
# SPDX-License-Identifier: MIT
#################
Arm Corstone-1000
#################
*************************
Disclaimer
*************************
Arm reference solutions are Arm public example software projects that track and
pull upstream components, incorporating their respective security fixes
published over time. Arm partners are responsible for ensuring that the
components they use contain all the required security fixes, if and when they
deploy a product derived from Arm reference solutions.
.. toctree::
:maxdepth: 1
software-architecture
user-guide
release-notes
change-log

249
sources/meta-arm/meta-arm-bsp/documentation/corstone1000/release-notes.rst Normal file
View File

@@ -0,0 +1,249 @@
..
# Copyright (c) 2022-2024, Arm Limited.
#
# SPDX-License-Identifier: MIT
#############
Release notes
#############
*************************
Disclaimer
*************************
You expressly assume all liabilities and risks relating to your use or operation
of Your Software and Your Hardware designed or modified using the Arm Tools,
including without limitation, Your software or Your Hardware designed or
intended for safety-critical applications. Should Your Software or Your Hardware
prove defective, you assume the entire cost of all necessary servicing, repair
or correction.
***********************
Release notes - 2024.06
***********************
Known Issues or Limitations
---------------------------
- Use Ethernet over VirtIO due to lan91c111 Ethernet driver support dropped from U-Boot.
- Due to the performance uplimit of MPS3 FPGA and FVP, some Linux distros like Fedora Rawhide can not boot on Corstone-1000 (i.e. user may experience timeouts or boot hang).
- Corstone-1000 SoC on FVP doesn't have a secure debug peripheral. It does on the MPS3.
- See previous release notes for the known limitations regarding ACS tests.
Platform Support
-----------------
- This software release is tested on Corstone-1000 FPGA version AN550_v2
https://developer.arm.com/downloads/-/download-fpga-images
- This software release is tested on Corstone-1000 Fast Model platform (FVP) version 11.23_25
https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps
SystemReady IR v2.0 Certification Milestone
-------------------------------------------
As of this release, Corstone-1000 has achieved `SystemReady IR v2.0 certification <https://www.arm.com/architecture/system-architectures/systemready-certification-program/ve>`__.
This milestone confirms compliance with the SystemReady IR requirements, ensuring broader compatibility and reliability for deployment.
Applied patch `313ad2a0e600 <https://git.yoctoproject.org/meta-arm/commit/?h=scarthgap&id=313ad2a0e600655d9bfbe53646e356372ff02644>`__ to address compatibility requirements for SystemReady IR v2.0.
This update is included in tag `CORSTONE1000-2024.06-systemready-ir-v2.0 <https://git.yoctoproject.org/meta-arm/tag/?h=CORSTONE1000-2024.06-systemready-ir-v2.0>`__ and builds on the `CORSTONE1000-2024.06` release.
***********************
Release notes - 2023.11
***********************
Known Issues or Limitations
---------------------------
- Use Ethernet over VirtIO due to lan91c111 Ethernet driver support dropped from U-Boot.
- Temporally removing the External system support in Linux due to it using multiple custom devicetree bindings that caused problems with SystemReady IR 2.0 certification. For External system support please refer to the version 2023.06. We are aiming to restore it in a more standardised manner in our next release.
- Due to the performance uplimit of MPS3 FPGA and FVP, some Linux distros like Fedora Rawhide can not boot on Corstone-1000 (i.e. user may experience timeouts or boot hang).
- PSA Crypto tests (psa-crypto-api-test command) approximately take 30 minutes to complete for FVP and MPS3.
- Corstone-1000 SoC on FVP doesn't have a secure debug peripheral. It does on the MPS3.
- See previous release notes for the known limitations regarding ACS tests.
Platform Support
-----------------
- This software release is tested on Corstone-1000 FPGA version AN550_v2
https://developer.arm.com/downloads/-/download-fpga-images
- This software release is tested on Corstone-1000 Fast Model platform (FVP) version 11.23_25
https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps
***********************
Release notes - 2023.06
***********************
Known Issues or Limitations
---------------------------
- FPGA supports Linux distro install and boot through installer. However, FVP only supports openSUSE raw image installation and boot.
- Due to the performance uplimit of MPS3 FPGA and FVP, some Linux distros like Fedora Rawhide can not boot on Corstone-1000 (i.e. user may experience timeouts or boot hang).
- PSA Crypto tests (psa-crypto-api-test command) take 30 minutes to complete for FVP and 1 hour for MPS3.
- Corstone-1000 SoC on FVP doesn't have a secure debug peripheral. It does on the MPS3 .
- The following limitations listed in the previous release are still applicable:
- UEFI Compliant - Boot from network protocols must be implemented -- FAILURE
- Known limitations regarding ACS tests - see previous release's notes.
Platform Support
-----------------
- This software release is tested on Corstone-1000 FPGA version AN550_v2
https://developer.arm.com/downloads/-/download-fpga-images
- This software release is tested on Corstone-1000 Fast Model platform (FVP) version 11.19_21
https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps
**************************
Release notes - 2022.11.23
**************************
Known Issues or Limitations
---------------------------
- The external-system can not be reset individually on (or using) AN550_v1 FPGA release. However, the system-wide reset still applies to the external-system.
- FPGA supports Linux distro install and boot through installer. However, FVP only supports openSUSE raw image installation and boot.
- Due to the performance uplimit of MPS3 FPGA and FVP, some Linux distros like Fedora Rawhide can not boot on Corstone-1000 (i.e. user may experience timeouts or boot hang).
- Below SCT FAILURE is a known issues in the FVP:
UEFI Compliant - Boot from network protocols must be implemented -- FAILURE
- Below SCT FAILURE is a known issue when a terminal emulator (in the system where the user connects to serial ports) does not support 80x25 or 80x50 mode:
EFI_SIMPLE_TEXT_OUT_PROTOCOL.SetMode - SetMode() with valid mode -- FAILURE
- Known limitations regarding ACS tests: The behavior after running ACS tests on FVP is not consistent. Both behaviors are expected and are valid;
The system might boot till the Linux prompt. Or, the system might wait after finishing the ACS tests.
In both cases, the system executes the entire test suite and writes the results as stated in the user guide.
Platform Support
-----------------
- This software release is tested on Corstone-1000 FPGA version AN550_v1
https://developer.arm.com/downloads/-/download-fpga-images
- This software release is tested on Corstone-1000 Fast Model platform (FVP) version 11.19_21
https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps
**************************
Release notes - 2022.04.04
**************************
Known Issues or Limitations
---------------------------
- FPGA support Linux distro install and boot through installer. However,
FVP only support openSUSE raw image installation and boot.
- Due to the performance uplimit of MPS3 FPGA and FVP, some Linux distros like Fedora Rawhide
cannot boot on Corstone-1000 (i.e. user may experience timeouts or boot hang).
- Below SCT FAILURE is a known issues in the FVP:
UEFI Compliant - Boot from network protocols must be implemented -- FAILURE
Platform Support
-----------------
- This software release is tested on Corstone-1000 FPGA version AN550_v1
- This software release is tested on Corstone-1000 Fast Model platform (FVP) version 11.17_23
https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps
**************************
Release notes - 2022.02.25
**************************
Known Issues or Limitations
---------------------------
- The following tests only work on Corstone-1000 FPGA: ACS tests (SCT, FWTS,
BSA), manual capsule update test, Linux distro install and boot.
Platform Support
----------------
- This software release is tested on Corstone-1000 FPGA version AN550_v1
- This software release is tested on Corstone-1000 Fast Model platform (FVP) version 11.17_23
https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps
Release notes - 2022.02.21
--------------------------
Known Issues or Limitations
---------------------------
- The following tests only work on Corstone-1000 FPGA: ACS tests (SCT, FWTS,
BSA), manual capsule update test, Linux distro install and boot, psa-arch-test.
Platform Support
----------------
- This software release is tested on Corstone-1000 FPGA version AN550_v1
- This software release is tested on Corstone-1000 Fast Model platform (FVP) version 11.16.21
https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps
Release notes - 2022.01.18
--------------------------
Known Issues or Limitations
---------------------------
- Before running each SystemReady-IR tests: ACS tests (SCT, FWTS, BSA), manual
capsule update test, Linux distro install and boot, etc., the SecureEnclave
flash must be cleaned. See user-guide "Clean Secure Flash Before Testing"
section.
Release notes - 2021.12.15
--------------------------
Software Features
------------------
The following components are present in the release:
- Yocto version Honister
- Linux kernel version 5.10
- U-Boot 2021.07
- OP-TEE version 3.14
- Trusted Firmware-A 2.5
- Trusted Firmware-M 1.5
- OpenAMP 347397decaa43372fc4d00f965640ebde042966d
- Trusted Services a365a04f937b9b76ebb2e0eeade226f208cbc0d2
Platform Support
----------------
- This software release is tested on Corstone-1000 FPGA version AN550_v1
- This software release is tested on Corstone-1000 Fast Model platform (FVP) version 11.16.21
https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps
Known Issues or Limitations
---------------------------
- The following tests only work on Corstone-1000 FPGA: ACS tests (SCT, FWTS,
BSA), manual capsule update test, Linux distro install and boot, and
psa-arch-tests.
- Only the manual capsule update from UEFI shell is supported on FPGA.
- Due to flash size limitation and to support A/B banks,the wic image provided
by the user should be smaller than 15MB.
- The failures in PSA Arch Crypto Test are known limitations with crypto
library. It requires further investigation. The user can refer to `PSA Arch Crypto Test Failure Analysis In TF-M V1.5 Release <https://developer.trustedfirmware.org/w/tf_m/release/psa_arch_crypto_test_failure_analysis_in_tf-m_v1.5_release/>`__
for the reason for each failing test.
Release notes - 2021.10.29
--------------------------
Software Features
-----------------
This initial release of Corstone-1000 supports booting Linux on the Cortex-A35
and TF-M/MCUBOOT in the Secure Enclave. The following components are present in
the release:
- Linux kernel version 5.10
- U-Boot 2021.07
- OP-TEE version 3.14
- Trusted Firmware-A 2.5
- Trusted Firmware-M 1.4
Platform Support
----------------
- This Software release is tested on Corstone-1000 Fast Model platform (FVP) version 11.16.21
https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps
Known Issues or Limitations
---------------------------
- No software support for external system(Cortex M3)
- No communication established between A35 and M0+
- Very basic functionality of booting Secure Enclave, Trusted Firmware-A , OP-TEE , u-boot and Linux are performed
Support
-------
For technical support email: support-subsystem-iot@arm.com
For all security issues, contact Arm by email at psirt@arm.com.
--------------
*Copyright (c) 2022-2023, Arm Limited. All rights reserved.*

284
sources/meta-arm/meta-arm-bsp/documentation/corstone1000/software-architecture.rst Normal file
View File

@@ -0,0 +1,284 @@
..
# Copyright (c) 2022-2024, Arm Limited.
#
# SPDX-License-Identifier: MIT
######################
Software architecture
######################
*****************
Arm Corstone-1000
*****************
Arm Corstone-1000 is a reference solution for IoT devices. It is part of
Total Solution for IoT which consists of hardware and software reference
implementation.
Corstone-1000 software plus hardware reference solution is PSA Level-2 ready
certified (`PSA L2 Ready`_) as well as System Ready IR certified(`SRIR cert`_).
More information on the Corstone-1000 subsystem product and design can be
found at:
`Arm corstone1000 Software`_ and `Arm corstone1000 Technical Overview`_.
This readme explicitly focuses on the software part of the solution and
provides internal details on the software components. The reference
software package of the platform can be retrieved following instructions
present in the user-guide document.
***************
Design Overview
***************
The software architecture of Corstone-1000 platform is a reference
implementation of Platform Security Architecture (`PSA`_) which provides
framework to build secure IoT devices.
The base system architecture of the platform is created from three
different types of systems: Secure Enclave, Host and External System.
Each subsystem provides different functionality to overall SoC.
.. image:: images/CorstoneSubsystems.png
:width: 720
:alt: CorstoneSubsystems
The Secure Enclave System, provides PSA Root of Trust (RoT) and
cryptographic functions. It is based on an Cortex-M0+ processor,
CC312 Cryptographic Accelerator and peripherals, such as watchdog and
secure flash. Software running on the Secure Enclave is isolated via
hardware for enhanced security. Communication with the Secure Encalve
is achieved using Message Handling Units (MHUs) and shared memory.
On system power on, the Secure Enclave boots first. Its software
comprises of a ROM code (TF-M BL1), MCUboot BL2, and
TrustedFirmware-M(`TF-M`_) as runtime software. The software design on
Secure Enclave follows Firmware Framework for M class
processor (`FF-M`_) specification.
The Host System is based on ARM Cotex-A35 processor with standardized
peripherals to allow for the booting of a Linux OS. The Cortex-A35 has
the TrustZone technology that allows secure and non-secure security
states in the processor. The software design in the Host System follows
Firmware Framework for A class processor (`FF-A`_) specification.
The boot process follows Trusted Boot Base Requirement (`TBBR`_).
The Host Subsystem is taken out of reset by the Secure Enclave system
during its final stages of the initialization. The Host subsystem runs
FF-A Secure Partitions(based on `Trusted Services`_) and OPTEE-OS
(`OPTEE-OS`_) in the secure world, and U-Boot(`U-Boot repo`_) and
linux (`linux repo`_) in the non-secure world. The communication between
non-secure and the secure world is performed via FF-A messages.
An external system is intended to implement use-case specific functionality.
The system is based on Cortex-M3 and run RTX RTOS. Communication between the
external system and Host (Cortex-A35) can be performed using MHU as transport
mechanism. The current software release supports switching on and off the
external system. Support for OpenAMP-based communication is under
development.
Overall, the Corstone-1000 architecture is designed to cover a range
of Power, Performance, and Area (PPA) applications, and enable extension
for use-case specific applications, for example, sensors, cloud
connectivitiy, and edge computing.
*****************
Secure Boot Chain
*****************
For the security of a device, it is essential that only authorized
software should run on the device. The Corstone-1000 boot uses a
Secure Boot Chain process where an already authenticated image verifies
and loads the following software in the chain. For the boot chain
process to work, the start of the chain should be trusted, forming the
Root of Trust (RoT) of the device. The RoT of the device is immutable in
nature and encoded into the device by the device owner before it
is deployed into the field. In Corstone-1000, the content of the ROM
and CC312 OTP (One Time Programmable) memory forms the RoT.
Verification of an image can happen either by comparing the computed and
stored hashes, or by checking the signature of the image if the image
is signed.
.. image:: images/SecureBootChain.png
:width: 870
:alt: SecureBootChain
It is a lengthy chain to boot the software on Corstone-1000. On power on,
the Secure Enclave starts executing BL1_1 code from the ROM which is the RoT
of the device. The BL1_1 is the immutable bootloader of the system, it handles
the provisioning on the first boot, hardware initialization and verification
of the next stage.
The BL1_2 code, hashes and keys are written into the OTP during the provisioning.
The next bootstage is the BL1_2 which is copied from the OTP into the RAM. The
BL1_1 also compares the BL1_2 hash with the hash saved to the OTP. The BL1_2
verifies and transfers control to the next bootstage which is the BL2. During the
verification, the BL1_2 compares the BL2 image's computed hash with the BL2 hash in
the OTP. The BL2 is MCUBoot in the system. BL2 can provision additional keys on the
first boot and it authenticates the initial bootloader of the host (Host TF-A BL2)
and TF-M by checking the signatures of the images.
The MCUBoot handles the image verification the following way:
- Load image from a non-volatile memory to dynamic RAM.
- The public key present in the image header is validated by comparing with the hash.
Depending on the image, the hash of the public key is either stored in the OTP or part
of the software which is being already verified in the previous stages.
- The image is validated using the public key.
The execution control is passed to TF-M after the verification. TF-M being
the runtime executable of the Secure Enclave which initializes itself and, at the end,
brings the host CPU out of rest.
The TF-M BL1 design details and reasoning can be found in the `TF-M design documents
<https://tf-m-user-guide.trustedfirmware.org/design_docs/booting/bl1.html>`_.
The Corstone-1000 has some differences compared to this design due to memory (OTP/ROM)
limitations:
- The provisioning bundle that contains the BL1_2 code is located in the ROM.
This means the BL1_2 cannot be updated during provisioning time.
- The BL1_1 handles most of the hardware initialization instead of the BL1_2. This
results in a bigger BL1_1 code size than needed.
- The BL1_2 does not use the post-quantum LMS verification. The BL2 is verified by
comparing the computed hash to the hash which is stored in the OTP. This means the
BL2 is not updatable.
The host follows the boot standard defined in the `TBBR`_ to authenticate the
secure and non-secure software.
For UEFI Secure Boot, authenticated variables can be accessed from the secure flash.
The feature has been integrated in U-Boot, which authenticates the images as per the UEFI
specification before executing them.
***************
Secure Services
***************
Corstone-1000 is unique in providing a secure environment to run a secure
workload. The platform has TrustZone technology in the Host subsystem but
it also has hardware isolated Secure Enclave environment to run such secure
workloads. In Corstone-1000, known Secure Services such as Crypto, Protected
Storage, Internal Trusted Storage and Attestation are available via PSA
Functional APIs in TF-M. There is no difference for a user communicating to
these services which are running on a Secure Enclave instead of the
secure world of the host subsystem. The below diagram presents the data
flow path for such calls.
.. image:: images/SecureServices.png
:width: 930
:alt: SecureServices
The SE Proxy SP (Secure Enclave Proxy Secure Partition) is a proxy partition
managed by OPTEE which forwards such calls to the Secure Enclave. The
solution relies on the `RSE communication protocol
<https://tf-m-user-guide.trustedfirmware.org/platform/arm/rse/rse_comms.html>`_
which is a lightweight serialization of the psa_call() API. It can use shared
memory and MHU interrupts as a doorbell for communication between two cores
but currently the whole message is forwarded through the MHU channels in Corstone-1000.
Corstone-1000 implements isolation level 2. Cortex-M0+ MPU (Memory Protection
Unit) is used to implement isolation level 2.
For a user to define its own secure service, both the options of the host
secure world or secure encalve are available. It's a trade-off between
lower latency vs higher security. Services running on a Secure Enclave are
secure by real hardware isolation but have a higher latency path. In the
second scenario, the services running on the secure world of the host
subsystem have lower latency but virtual hardware isolation created by
TrustZone technology.
**********************
Secure Firmware Update
**********************
Apart from always booting the authorized images, it is also essential that
the device only accepts the authorized (signed) images in the firmware update
process. Corstone-1000 supports OTA (Over the Air) firmware updates and
follows Platform Security Firmware Update specification (`FWU`_).
As standardized into `FWU`_, the external flash is divided into two
banks of which one bank has currently running images and the other bank is
used for staging new images. There are four updatable units, i.e. Secure
Enclave's BL2 and TF-M, and Host's FIP (Firmware Image Package) and Kernel
Image (the initramfs bundle). The new images are accepted in the form of a UEFI capsule.
.. image:: images/ExternalFlash.png
:width: 690
:alt: ExternalFlash
When Firmware update is triggered, U-Boot verifies the capsule by checking the
capsule signature, version number and size. Then it signals the Secure Enclave
that can start writing UEFI capsule into the flash. Once this operation finishes
,Secure Enclave resets the entire system.
The Metadata Block in the flash has the below firmware update state machine.
TF-M runs an OTA service that is responsible for accepting and updating the
images in the flash. The communication between the UEFI Capsule update
subsystem and the OTA service follows the same data path explained above.
The OTA service writes the new images to the passive bank after successful
capsule verification. It changes the state of the system to trial state and
triggers the reset. Boot loaders in Secure Enclave and Host read the Metadata
block to get the information on the boot bank. In the successful trial stage,
the acknowledgment from the host moves the state of the system from trial to
regular. Any failure in the trial stage or system hangs leads to a system
reset. This is made sure by the use of watchdog hardware. The Secure Enclave's
BL1 has the logic to identify multiple resets and eventually switch back to the
previous good bank. The ability to revert to the previous bank is crucial to
guarantee the availability of the device.
.. image:: images/SecureFirmwareUpdate.png
:width: 430
:alt: SecureFirmwareUpdate
******************************
UEFI Runtime Support in U-Boot
******************************
Implementation of UEFI boottime and runtime APIs require variable storage.
In Corstone-1000, these UEFI variables are stored in the Protected Storage
service. The below diagram presents the data flow to store UEFI variables.
The U-Boot implementation of the UEFI subsystem uses the U-Boot FF-A driver to
communicate with the SMM Service in the secure world. The backend of the
SMM service uses the proxy PS from the SE Proxy SP. From there on, the PS
calls are forwarded to the Secure Enclave as explained above.
.. image:: images/UEFISupport.png
:width: 590
:alt: UEFISupport
***************
References
***************
`ARM corstone1000 Search`_
`Arm security features`_
--------------
*Copyright (c) 2022-2023, Arm Limited. All rights reserved.*
.. _Arm corstone1000 Technical Overview: https://developer.arm.com/documentation/102360/0000
.. _Arm corstone1000 Software: https://developer.arm.com/Tools%20and%20Software/Corstone-1000%20Software
.. _Arm corstone1000 Search: https://developer.arm.com/search#q=corstone-1000
.. _Arm security features: https://www.arm.com/architecture/security-features/platform-security
.. _linux repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/
.. _FF-A: https://developer.arm.com/documentation/den0077/latest
.. _FF-M: https://developer.arm.com/architectures/Firmware%20Framework%20for%20M-Profile
.. _FWU: https://developer.arm.com/documentation/den0118/a/
.. _OPTEE-OS: https://github.com/OP-TEE/optee_os
.. _PSA: https://www.psacertified.org/
.. _PSA L2 Ready: https://www.psacertified.org/products/corstone-1000/
.. _SRIR cert: https://armkeil.blob.core.windows.net/developer/Files/pdf/certificate-list/arm-systemready-ir-certification-arm-corstone-1000.pdf
.. _TBBR: https://developer.arm.com/documentation/den0006/latest
.. _TF-M: https://www.trustedfirmware.org/projects/tf-m/
.. _Trusted Services: https://www.trustedfirmware.org/projects/trusted-services/
.. _U-Boot repo: https://github.com/u-boot/u-boot.git

1479
sources/meta-arm/meta-arm-bsp/documentation/corstone1000/user-guide.rst Normal file
View File

File diff suppressed because it is too large Load Diff

30
sources/meta-arm/meta-arm-bsp/documentation/fvp-base.md Normal file
View File

@@ -0,0 +1,30 @@
# Armv8-A Base Platform FVP Support in meta-arm-bsp
## Howto Build and Run
### Configuration:
In the local.conf file, `MACHINE` should be set:
```
MACHINE = "fvp-base"
```
### Build:
```
$ bitbake core-image-base
```
### Run:
The `fvp-base` machine has support for the `runfvp` script, so running is simple:
```
$ runfvp tmp/deploy/images/fvp-base/core-image-base-fvp-base.fvpconf
```
## Devices supported in the kernel
- serial
- virtio disk
- network
- watchdog
- rtc
## Devices not supported or not functional
None

75
sources/meta-arm/meta-arm-bsp/documentation/juno.md Normal file
View File

@@ -0,0 +1,75 @@
# Juno Development Platform Support in meta-arm-bsp
## Howto Build and Run
### Configuration:
In the local.conf file, MACHINE should be set as follow:
MACHINE ?= "juno"
Juno is using a USB hard drive for root filesystem by default. The distribution
used must have ```usbhost``` and ```usbgadget``` in DISTRO_FEATURES (this is
the case in poky distribution).
### Build:
```bash$ bitbake core-image-minimal```
### Update Juno SD card:
The SD card content is generated during the build here:
tmp/deploy/images/juno/firmware-image-juno.tar.gz
Its content must be written on the Juno firmware SD card.
To do this:
- insert the sdcard of the Juno in an SD card reader and mount it:
```bash$ sudo mount /dev/sdx1 /mnt```
(replace sdx by the device of the SD card)
- erase its content and put the new one:
```bash$ sudo rm -rf /mnt/*```
```bash$ sudo tar --no-same-owner -xzf tmp/deploy/images/juno/firmware-image-juno.tar.gz -C /mnt/```
```bash$ sudo umount /mnt```
- reinsert the SD card in the Juno board
### Create an USB hard drive:
Linux root file system should be stored on the second partition of an USB
drive that must be plugged on the Juno Platform.
This partition should be initialized with the content of the filesystem
generated by yocto that you can find here:
tmp/deploy/images/juno/core-image-minimal-juno.tar.bz2
To do this
- Format a USB disk, create two primary partitions (ext4).
- mount the secondary partition
- untar tmp/deploy/images/juno/core-image-minimal-juno.tar.bz2 on to the
secondary partition.
### Run:
You must insert the SD card and the USB drive and power-on the Juno board.
The console should be available on the second serial line:
screen -L /dev/tty.usbserial 115200
On the first boot the images will be flashed which can take some time.
## Devices supported in the kernel
- serial
- usb
- network
- watchdog
- rtc
- mmc
### Untested:
- i2c
- dma
- pci
- sata
- sound
## Devices not supported or not functional
- framebuffer: not functional
The HDMI is not properly detected.
- GPU (no user land libraries).
The mali-midgard-kernel can be used to have a kernel driver

15
sources/meta-arm/meta-arm-bsp/documentation/musca-b1.md Normal file
View File

@@ -0,0 +1,15 @@
# Musca B1
## Overview
For a description of the hardware, go to
https://developer.arm.com/tools-and-software/development-boards/iot-test-chips-and-boards/musca-b-test-chip-board
For emulated hardware, go to
https://www.qemu.org/docs/master/system/arm/musca.html
## Building
In the local.conf file, MACHINE should be set as follows:
MACHINE ?= "musca-b1"
To build the trusted firmware-m:
```bash$ bitbake trusted-firmware-m```

78
sources/meta-arm/meta-arm-bsp/documentation/n1sdp.md Normal file
View File

@@ -0,0 +1,78 @@
# N1SDP Development Platform Support in meta-arm-bsp
## Overview
The N1SDP provides access to the Arm Neoverse N1 SoC. The N1SDP enables software development for key enterprise technology
and general Arm software development. The N1SDP consists of the N1 board containing the N1 SoC.
The N1 SoC contains two dual-core Arm Neoverse N1 processor clusters.
The system demonstrates Arm technology in the context of Cache-Coherent Interconnect for Accelerators (CCIX) protocol by:
- Running coherent traffic between the N1 SoC and an accelerator card.
- Coherent communication between two N1 SoCs.
- Enabling development of CCIX-enabled FPGA accelerators.
Further information on N1SDP can be found at
https://community.arm.com/developer/tools-software/oss-platforms/w/docs/458/neoverse-n1-sdp
## Configuration:
In the local.conf file, MACHINE should be set as follow:
MACHINE ?= "n1sdp"
## Building
```bash$ bitbake core-image-minimal```
## Running
# Update Firmware on SD card:
(*) To use n1sdp board in single chip mode, flash:
n1sdp-board-firmware_primary.tar.gz firmware.
(*) To use n1sdp board in multi chip mode, flash:
n1sdp-board-firmware_primary.tar.gz firmware to primary board,
n1sdp-board-firmware_secondary.tar.gz firmware to secondary board.
The SD card content is generated during the build here:
tmp/deploy/images/n1sdp/n1sdp-board-firmware_primary.tar.gz
tmp/deploy/images/n1sdp/n1sdp-board-firmware_secondary.tar.gz
Its content must be written on the N1SDP firmware SD card.
To do this:
- insert the sdcard of the N1SDP in an SD card reader and mount it:
```bash$ sudo mount /dev/sdx1 /mnt```
(replace sdx by the device of the SD card)
- erase its content and put the new one:
```bash$ sudo rm -rf /mnt/*```
```bash$ sudo tar --no-same-owner -xzf tmp/deploy/images/n1sdp/n1sdp-board-firmware_primary.tar.gz -C /mnt/```
```bash$ sudo umount /mnt```
- reinsert the SD card in the N1SDP board
Firmware tarball contains iofpga configuration files, scp and uefi binaries.
**NOTE**:
If the N1SDP board was manufactured after November 2019 (Serial Number greater
than 36253xxx), a different PMIC firmware image must be used to prevent
potential damage to the board. More details can be found in [1].
The `MB/HBI0316A/io_v123f.txt` file located in the microSD needs to be updated.
To update it, set the PMIC image (300k_8c2.bin) to be used in the newer models
by running the following commands on your host PC:
$ sudo umount /dev/sdx1
$ sudo mount /dev/sdx1 /mnt
$ sudo sed -i '/^MBPMIC: pms_0V85.bin/s/^/;/g' /mnt/MB/HBI0316A/io_v123f.txt
$ sudo sed -i '/^;MBPMIC: 300k_8c2.bin/s/^;//g' /mnt/MB/HBI0316A/io_v123f.txt
$ sudo umount /mnt
# Prepare an USB hard drive:
Grub boot partition is placed on first partition of the *.wic image,
Linux root file system is placed on the second partition of the *.wic image:
tmp/deploy/images/n1sdp/core-image-minimal-n1sdp.wic
This *.wic image should be copied to USB stick with simple dd call.
[1]: https://community.arm.com/developer/tools-software/oss-platforms/w/docs/604/notice-potential-damage-to-n1sdp-boards-if-using-latest-firmware-release

11
sources/meta-arm/meta-arm-bsp/documentation/requirements.txt Normal file
View File

@@ -0,0 +1,11 @@
# Copyright (c) 2022, Arm Limited.
#
# SPDX-License-Identifier: MIT
# Read The Docs specific
jinja2==3.1.1
# Required to build the documentation
sphinx~=5.0
sphinx_rtd_theme~=2.0.0
docutils==0.17.1

19
sources/meta-arm/meta-arm-bsp/documentation/template.md Normal file
View File

@@ -0,0 +1,19 @@
# *Hardware Name*
## Overview
*Brief summary of the hardware*
*Link to reference documentation*
## Building
*Any special steps required to build successfully beyond setting MACHINE*
*For example: corstone700 needs DISTRO=poky-tiny, musca only supports TF-M*
## Running
*A summary of how to deploy or execute the image*
*For example, an overview of the N1SDP SD structure, or FVP arguments*

2
sources/meta-arm/meta-arm-bsp/dynamic-layers/meta-arm-systemready/recipes-test/arm-systemready-acs/arm-systemready-ir-acs-fvp-base.inc Normal file
View File

@@ -0,0 +1,2 @@
FILESEXTRAPATHS:append := "${THISDIR}/files/${MACHINE}:"
SRC_URI:append = " file://report.txt"

1
sources/meta-arm/meta-arm-bsp/dynamic-layers/meta-arm-systemready/recipes-test/arm-systemready-acs/arm-systemready-ir-acs.bbappend Normal file
View File

@@ -0,0 +1 @@
include arm-systemready-ir-acs-${MACHINE}.inc

5
sources/meta-arm/meta-arm-bsp/dynamic-layers/meta-arm-systemready/recipes-test/arm-systemready-acs/arm-systemready-scripts-native-fvp-base.inc Normal file
View File

@@ -0,0 +1,5 @@
FILESEXTRAPATHS:prepend := "${THISDIR}/files/fvp-base:"
SRC_URI:append = " \
file://0001-check-sr-results-Change-the-expected-SR-result-confi.patch \
"

1
sources/meta-arm/meta-arm-bsp/dynamic-layers/meta-arm-systemready/recipes-test/arm-systemready-acs/arm-systemready-scripts-native.bbappend Normal file
View File

@@ -0,0 +1 @@
include arm-systemready-scripts-native-${MACHINE}.inc

227
sources/meta-arm/meta-arm-bsp/dynamic-layers/meta-arm-systemready/recipes-test/arm-systemready-acs/files/fvp-base/0001-check-sr-results-Change-the-expected-SR-result-confi.patch Normal file
View File

@@ -0,0 +1,227 @@
From e3e0465a25f9b1607b2e5ed42afb7b556aa8b9bc Mon Sep 17 00:00:00 2001
From: Debbie Martin <Debbie.Martin@arm.com>
Date: Wed, 4 Oct 2023 18:40:18 +0100
Subject: [PATCH] [PATCH] check-sr-results: Change the expected SR result
config
Update the check-sr-results.yaml and format-sr-results.yaml files for the
Systemready IR suite. These changes are required because of the
following known differences of fvp-base outputs to those expected by the
SystemReady scripts.
Changes to check-sr-results.yaml:
1. acs-console.log:
a. must-have-esp: EFI partition/variable persistence not supported due to
FVP reset.
b. warn-once-if-contains "-dirty": BL1, BL2, and BL31 have dirty versions.
c. must-contain "efi: ESRT=0x" and "'esrt: Reserving ESRT space from 0x'":
Capsule updates are not supported.
d. error-if-contains: "No EFI system partition" and "Failed to persist
EFI variables": EFI partition/variable persistence not supported due to
FVP reset.
2. acs_results/result.md:
a. must-contain "Failure: |0|": Capsule and EFI partition failures make
the total 20.
3. acs_results/CapsuleApp_ESRT_table_info.log:
a. capsuleapp-esrt: Capsule updates are not supported.
b. must-contain "'EFI_SYSTEM_RESOURCE_TABLE:'" and
"EFI_SYSTEM_RESOURCE_ENTRY": EFI partition/variable persistence not
supported due to FVP reset.
c. must-contain "FwClass": Capsule updates are not supported.
d. error-if-contains "ESRT - Not Found": Capsule updates are not
supported.
4. acs_results/CapsuleApp_FMP_protocol_info.log:
a. warn-if-contains "Aborted test": Capsule updates are not supported.
This patch also adds must-contain for the specific totals of the test
categories due to allowing the "Aborted test" string.
5. acs_results/linux_dump/firmware/efi/esrt:
a. Remove whole directory because capsule updates are not supported.
6. acs_results/uefi/temp:
a. Set min-entries to 0: this defaults to 1 despite the directory being
optional, so errors if a directory is empty.
7. acs_results/uefi_dump:
a. min-entries is 13: change this to 11 due to smbiosview.log being
optional and the change to make map.log optional.
8. acs_results/uefi_dump/dh.log:
a. must-contain "EFISystemPartition": EFI partition/variable persistence
not supported due to FVP reset.
b. must-contain "FirmwareManagement": Capsule updates are not supported.
9. acs_results/uefi_dump/map.log:
a. Make optional because it isn't populated for IR.
10. fw:
a. Make optional because capsule updates are not supported.
11. os-logs:
a. Make optional because distro installation isn't done as part of ACS.
Changes to format-sr-results.yaml:
1. Remove the SIE section (not supported on fvp-base and, if present, causes
format-sr-results.py to error).
Upstream-Status: Inappropriate
Signed-off-by: Debbie Martin <Debbie.Martin@arm.com>
---
check-sr-results.yaml | 34 ++++++++++++++--------------------
format-sr-results.yaml | 15 ---------------
2 files changed, 14 insertions(+), 35 deletions(-)
diff --git a/check-sr-results.yaml b/check-sr-results.yaml
index a4235de..555fb71 100644
--- a/check-sr-results.yaml
+++ b/check-sr-results.yaml
@@ -10,7 +10,6 @@ check-sr-results-configuration:
# The following tree applies to all ACS-IR 2.0 versions.
tree:
- file: acs-console.log
- must-have-esp:
must-contain:
- Booting `bbr/bsa'
- Press any key to stop the EFI SCT running
@@ -24,8 +23,6 @@ tree:
- 'EFI stub: Booting Linux Kernel...'
- 'EFI stub: Using DTB from configuration table'
- Linux version
- - 'efi: ESRT=0x'
- - 'esrt: Reserving ESRT space from 0x'
- systemd
- Executing FWTS for EBBR
- 'Test: UEFI'
@@ -36,13 +33,9 @@ tree:
- ACS run is completed
- Please press <Enter> to continue ...
warn-once-if-contains:
- - -dirty
- 'EFI stub: ERROR:'
- 'FIRMWARE BUG:'
- OVERLAP DETECTED
- error-if-contains:
- - No EFI system partition
- - Failed to persist EFI variables
- dir: acs_results
min-entries: 8 # Allow missing result.md
max-entries: 9
@@ -53,7 +46,7 @@ tree:
must-contain:
- SCT Summary
- Dropped:|0|
- - Failure:|0|
+ - Failure:|20|
- Warning:|0|
- Dropped by group
- Failure by group
@@ -64,16 +57,11 @@ tree:
max-entries: 2
tree:
- file: CapsuleApp_ESRT_table_info.log
- capsuleapp-esrt:
must-contain:
- ESRT TABLE
- - 'EFI_SYSTEM_RESOURCE_TABLE:'
- - EFI_SYSTEM_RESOURCE_ENTRY
- - FwClass
error-if-contains:
- FwResourceCount - 0x0
- FwResourceCountMax - 0x0
- - ESRT - Not Found
- file: CapsuleApp_FMP_protocol_info.log
must-contain:
- FMP DATA
@@ -95,9 +83,14 @@ tree:
- 'Medium failures: NONE'
- 'Low failures: NONE'
- 'Other failures: NONE'
+ - 'dt_base | 3| | | | | |'
+ - 'esrt | | | 2| | | |'
+ - 'uefibootpath | | | | | | |'
+ - 'uefirtmisc | 1| | | | 8| |'
+ - 'uefirttime | 4| | | | 35| |'
+ - 'uefirtvariable | 2| | | | 10| |'
+ - 'uefivarinfo | | | | | 1| |'
- 'Total:'
- warn-if-contains:
- - Aborted test
error-if-contains:
- FAILED
- This is an invalid entry.
@@ -180,6 +173,7 @@ tree:
tree:
- file: OsIndicationsSupported-*
- dir: esrt
+ optional:
tree:
- dir: entries
tree:
@@ -314,8 +308,9 @@ tree:
- BSA tests complete. Reset the system.
- dir: temp # This sometimes remains; ignore it
optional:
+ min-entries: 0
- dir: uefi_dump
- min-entries: 13
+ min-entries: 11
max-entries: 13
tree:
- file: bcfg.log
@@ -331,8 +326,6 @@ tree:
must-contain:
- Handle dump
- DevicePath
- - EFISystemPartition
- - FirmwareManagement
- SimpleTextOut
- file: dmem.log
must-contain:
@@ -355,6 +348,7 @@ tree:
- DRIVER NAME
- file: ifconfig.log
- file: map.log
+ optional:
must-contain:
- Mapping table
- /HD(1,GPT,
@@ -392,7 +386,7 @@ tree:
- dir: docs
optional:
- dir: fw
- min-entries: 3
+ optional:
tree:
- file: u-boot-sniff.log
must-contain:
@@ -500,7 +494,7 @@ tree:
- dir: manual-results
optional:
- dir: os-logs
- min-entries: 2
+ optional:
tree:
- file: 'OS-image-download-links.txt'
optional:
diff --git a/format-sr-results.yaml b/format-sr-results.yaml
index dd34cd6..20b69de 100644
--- a/format-sr-results.yaml
+++ b/format-sr-results.yaml
@@ -47,21 +47,6 @@ subs:
extract:
filename: "acs_results/linux_dump/firmware/devicetree/base/psci/\
compatible"
- - heading: BBSR Compliance
- paragraph: TBD
- subs:
- - heading: SIE SCT
- extract:
- filename: acs_results/SIE/result.md
- find: '# SCT Summary'
- first-line: 4
- last-line:
- paragraph: TBD
- - heading: SIE FWTS
- extract:
- filename: acs_results/SIE/fwts/FWTSResults.log
- find: Test Failure Summary
- paragraph: TBD
- heading: BSA Compliance (informative)
paragraph: TBD
subs:
--
2.25.1

34
sources/meta-arm/meta-arm-bsp/dynamic-layers/meta-arm-systemready/recipes-test/arm-systemready-acs/files/fvp-base/report.txt Normal file
View File

@@ -0,0 +1,34 @@
General information
-------------------
- Arm SystemReady Band: IR
- System name: FVP Base A AEM
- Prepared by:
- E-mail:
- Date:
System information
------------------
- Company: Arm
- System: FVP Base A AEM
- SoC:
- FW version:
- Memory:
- Storage devices / disks:
- Network controllers:
- Other Hardware information:
Test Logs and Results
---------------------
- ACS version used: 2.0
- ACS URL (if pre-built binary): https://github.com/ARM-software/arm-systemready/blob/v23.03_IR_2.0.0/IR/prebuilt_images/v23.03_2.0.0/ir-acs-live-image-generic-arm64.wic.xz
- Changes to ACS (if built from source):
- Test Logs collected
[X] ACS - SCT
[X] ACS - BSA - UEFI
[X] ACS - BSA - Linux
[X] ACS - FWTS
[X] ACS - Linux boot log
[X] ACS - Linux dumps
[X] ACS - UEFI Shell dumps
[ ] ACS - Capsule Update

5
sources/meta-arm/meta-arm-bsp/lib/oeqa/runtime/cases/parselogs-ignores-sbsa-ref.txt Normal file
View File

@@ -0,0 +1,5 @@
# The release of EDK2 after 202402 should fix this
NUMA: Failed to initialise from firmware
# TODO: we should be using bochsdrm over efifb?
efifb: cannot reserve video memory at 0x80000000

1
sources/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/boot-wrapper-aarch64_%.bbappend Normal file
View File

@@ -0,0 +1 @@
COMPATIBLE_MACHINE:fvp-base = "fvp-base"

57
sources/meta-arm/meta-arm-bsp/recipes-bsp/external-system/external-system_0.1.0.bb Normal file
View File

@@ -0,0 +1,57 @@
SUMMARY = "External system Cortex-M3 Firmware"
DESCRIPTION = "Firmware to be loaded and run in External System Harness in\
support to the main application CPU."
HOMEPAGE = "https://git.linaro.org/landing-teams/working/arm/external-system.git"
DEPENDS = "gcc-arm-none-eabi-native"
INHIBIT_DEFAULT_DEPS="1"
LICENSE = "BSD-3-Clause & Apache-2.0"
LIC_FILES_CHKSUM = "file://license.md;md5=e44b2531cd6ffe9dece394dbe988d9a0 \
file://cmsis/LICENSE.txt;md5=e3fc50a88d0a364313df4b21ef20c29e"
SRC_URI = "gitsm://git.gitlab.arm.com/arm-reference-solutions/corstone1000/external_system/rtx.git;protocol=https;branch=master \
file://0001-tools-gen_module_code-atomically-rewrite-the-generat.patch"
SRCREV = "8c9dca74b104ff6c9722fb0738ba93dd3719c080"
PV .= "+git"
COMPATIBLE_MACHINE = "(corstone1000)"
PACKAGE_ARCH = "${MACHINE_ARCH}"
# PRODUCT is passed to the Makefile to specify the platform to be used.
PRODUCT = "corstone-1000"
S = "${WORKDIR}/git"
B = "${WORKDIR}/build"
# remove once arm-none-eabi-gcc updates to 13 or newer like poky
DEBUG_PREFIX_MAP:remove = "-fcanon-prefix-map"
LDFLAGS[unexport] = "1"
do_compile() {
oe_runmake -C ${S} V=y \
BUILD_PATH=${B} \
PRODUCT=${PRODUCT} \
CROSS_COMPILE=arm-none-eabi- \
all
}
do_compile[cleandirs] = "${B}"
do_install() {
install -D -p -m 0644 ${B}/product/${PRODUCT}/firmware/release/bin/firmware.bin ${D}${nonarch_base_libdir}/firmware/es_flashfw.bin
install -D -p -m 0644 ${B}/product/${PRODUCT}/firmware/release/bin/firmware.elf ${D}${nonarch_base_libdir}/firmware/es_flashfw.elf
}
FILES:${PN} = "${nonarch_base_libdir}/firmware/es_flashfw.bin"
FILES:${PN}-elf = "${nonarch_base_libdir}/firmware/es_flashfw.elf"
PACKAGES += "${PN}-elf"
INSANE_SKIP:${PN}-elf += "arch"
SYSROOT_DIRS += "${nonarch_base_libdir}/firmware"
inherit deploy
do_deploy() {
cp -rf ${D}${nonarch_base_libdir}/firmware/* ${DEPLOYDIR}/
}
addtask deploy after do_install

67
sources/meta-arm/meta-arm-bsp/recipes-bsp/external-system/files/0001-tools-gen_module_code-atomically-rewrite-the-generat.patch Normal file
View File

@@ -0,0 +1,67 @@
From fa5ed6204f9188134a87ac9dd569e1496759a7f6 Mon Sep 17 00:00:00 2001
From: Ross Burton <ross.burton@arm.com>
Date: Tue, 8 Sep 2020 11:49:08 +0100
Subject: [PATCH] tools/gen_module_code: atomically rewrite the generated files
Upstream-Status: Submitted [https://gitlab.arm.com/arm-reference-solutions/corstone1000/external_system/rtx/-/issues/1]
Signed-off-by: Ross Burton <ross.burton@arm.com>
The gen_module rule in rules.mk is marked as .PHONY, so make will
execute it whenever it is mentioned. This results in gen_module_code
being executed 64 times for a Juno build.
However in heavily parallel builds there's a good chance that
gen_module_code is writing a file whilst the compiler is reading it
because make also doesn't know what files are generated by
gen_module_code.
The correct fix is to adjust the Makefiles so that the dependencies are
correct but this isn't trivial, so band-aid the problem by atomically
writing the generated files.
Change-Id: I82d44f9ea6537a91002e1f80de8861d208571630
Signed-off-by: Ross Burton <ross.burton@arm.com>
---
tools/gen_module_code.py | 19 ++++++++++++++-----
1 file changed, 14 insertions(+), 5 deletions(-)
diff --git a/tools/gen_module_code.py b/tools/gen_module_code.py
index 6bf50e0..92623a7 100755
--- a/tools/gen_module_code.py
+++ b/tools/gen_module_code.py
@@ -17,6 +17,7 @@
import argparse
import os
import sys
+import tempfile
DEFAULT_PATH = 'build/'
@@ -55,13 +56,21 @@ TEMPLATE_C = "/* This file was auto generated using {} */\n" \
def generate_file(path, filename, content):
full_filename = os.path.join(path, filename)
- with open(full_filename, 'a+') as f:
- f.seek(0)
- if f.read() != content:
+
+ try:
+ with open(full_filename) as f:
+ rewrite = f.read() != content
+ except FileNotFoundError:
+ rewrite = True
+
+ if rewrite:
+ with tempfile.NamedTemporaryFile(prefix="gen-module-code",
+ dir=path,
+ delete=False,
+ mode="wt") as f:
print("[GEN] {}...".format(full_filename))
- f.seek(0)
- f.truncate()
f.write(content)
+ os.replace(f.name, full_filename)
def generate_header(path, modules):

6
sources/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/hafnium_%.bbappend Normal file
View File

@@ -0,0 +1,6 @@
# Machine specific configurations
MACHINE_HAFNIUM_REQUIRE ?= ""
MACHINE_HAFNIUM_REQUIRE:tc = "hafnium-tc.inc"
require ${MACHINE_HAFNIUM_REQUIRE}

25
sources/meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-esp-image.bb Normal file
View File

@@ -0,0 +1,25 @@
SUMMARY = "Corstone1000 platform esp Image"
DESCRIPTION = "This builds a simple image file that only contains an esp \
partition for use when running the SystemReady IR ACS tests."
LICENSE = "MIT"
COMPATIBLE_MACHINE = "corstone1000"
# IMAGE_FSTYPES must be set before 'inherit image'
# https://docs.yoctoproject.org/ref-manual/variables.html#term-IMAGE_FSTYPES
IMAGE_FSTYPES = "wic"
inherit image
IMAGE_FEATURES = ""
IMAGE_LINGUAS = ""
PACKAGE_INSTALL = ""
# This builds a very specific image so we can ignore any customization
WKS_FILE = "efi-disk-esp-only.wks.in"
WKS_FILE:firmware = "efi-disk-esp-only.wks.in"
EXTRA_IMAGEDEPENDS = ""
# Don't write an fvp configuration file for this image as it can't run
IMAGE_POSTPROCESS_COMMAND:remove = "do_write_fvpboot_conf;"

11
sources/meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-firmware-deploy-image.inc Normal file
View File

@@ -0,0 +1,11 @@
COMPATIBLE_MACHINE = "corstone1000"
FIRMWARE_BINARIES = "corstone1000-flash-firmware-image-${MACHINE}.wic \
bl1.bin \
es_flashfw.bin \
${CAPSULE_NAME}.${CAPSULE_EXTENSION} \
corstone1000_capsule_cert.crt \
corstone1000_capsule_key.key \
"
do_deploy[mcdepends] = "mc::firmware:corstone1000-flash-firmware-image:do_image_complete"

96
sources/meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-flash-firmware-image.bb Normal file
View File

@@ -0,0 +1,96 @@
SUMMARY = "Corstone1000 platform Image"
DESCRIPTION = "This is the main image which is the container of all the binaries \
generated for the Corstone1000 platform."
LICENSE = "MIT"
COMPATIBLE_MACHINE = "corstone1000"
# IMAGE_FSTYPES must be set before 'inherit image'
# https://docs.yoctoproject.org/ref-manual/variables.html#term-IMAGE_FSTYPES
IMAGE_FSTYPES = "wic uefi_capsule"
inherit image
inherit tfm_sign_image
inherit uefi_capsule
inherit deploy
DEPENDS += "external-system \
trusted-firmware-a \
trusted-firmware-m \
u-boot \
"
IMAGE_FEATURES = ""
IMAGE_LINGUAS = ""
PACKAGE_INSTALL = ""
# The generated ${MACHINE}_image.nopt is used instead of the default wic image
# for the capsule generation. The uefi.capsule image type doesn't have to
# depend on the wic because of this.
#
# The corstone1000_capsule_cert.crt and corstone1000_capsule_key.key are installed
# by the U-Boot recipe so this recipe has to depend on that.
CAPSULE_IMGTYPE = ""
CAPSULE_CERTIFICATE_PATH = "${DEPLOY_DIR_IMAGE}/corstone1000_capsule_cert.crt"
CAPSULE_GUID:corstone1000-fvp ?= "989f3a4e-46e0-4cd0-9877-a25c70c01329"
CAPSULE_GUID:corstone1000-mps3 ?= "df1865d1-90fb-4d59-9c38-c9f2c1bba8cc"
CAPSULE_IMGLOCATION = "${DEPLOY_DIR_IMAGE}"
CAPSULE_INDEX = "1"
CAPSULE_MONOTONIC_COUNT = "1"
CAPSULE_PRIVATE_KEY_PATH = "${DEPLOY_DIR_IMAGE}/corstone1000_capsule_key.key"
UEFI_FIRMWARE_BINARY = "${B}/${MACHINE}_image.nopt"
# TF-A settings for signing host images
TFA_BL2_BINARY = "bl2-corstone1000.bin"
TFA_FIP_BINARY = "fip-corstone1000.bin"
TFA_BL2_RE_IMAGE_LOAD_ADDRESS = "0x62353000"
TFA_BL2_RE_SIGN_BIN_SIZE = "0x2d000"
TFA_FIP_RE_IMAGE_LOAD_ADDRESS = "0x68130000"
TFA_FIP_RE_SIGN_BIN_SIZE = "0x00200000"
RE_LAYOUT_WRAPPER_VERSION = "0.0.7"
TFM_SIGN_PRIVATE_KEY = "${libdir}/tfm-scripts/root-RSA-3072_1.pem"
RE_IMAGE_OFFSET = "0x1000"
# Offsets for the .nopt image generation
TFM_OFFSET = "102400"
FIP_OFFSET = "479232"
KERNEL_OFFSET = "2576384"
do_sign_images() {
# Sign TF-A BL2
sign_host_image ${RECIPE_SYSROOT}/firmware/${TFA_BL2_BINARY} \
${TFA_BL2_RE_IMAGE_LOAD_ADDRESS} ${TFA_BL2_RE_SIGN_BIN_SIZE}
# Update BL2 in the FIP image
cp ${RECIPE_SYSROOT}/firmware/${TFA_FIP_BINARY} .
fiptool update --tb-fw \
${TFM_IMAGE_SIGN_DEPLOY_DIR}/signed_${TFA_BL2_BINARY} \
${TFM_IMAGE_SIGN_DIR}/${TFA_FIP_BINARY}
# Sign the FIP image
sign_host_image ${TFM_IMAGE_SIGN_DIR}/${TFA_FIP_BINARY} \
${TFA_FIP_RE_IMAGE_LOAD_ADDRESS} ${TFA_FIP_RE_SIGN_BIN_SIZE}
}
do_sign_images[depends] = "\
fiptool-native:do_populate_sysroot \
"
# This .nopt image is not the same as the one which is generated by meta-arm/meta-arm/classes/wic_nopt.bbclass.
# The meta-arm/meta-arm/classes/wic_nopt.bbclass removes the partition table from the wic image, but keeps the
# second bank. This function creates a no-partition image with only the first bank.
create_nopt_image() {
dd conv=notrunc bs=1 if=${DEPLOY_DIR_IMAGE}/bl2_signed.bin of=${B}/${MACHINE}_image.nopt
dd conv=notrunc bs=1 if=${DEPLOY_DIR_IMAGE}/tfm_s_signed.bin of=${B}/${MACHINE}_image.nopt seek=${TFM_OFFSET}
dd conv=notrunc bs=1 if=${DEPLOY_DIR_IMAGE}/signed_fip-corstone1000.bin of=${B}/${MACHINE}_image.nopt seek=${FIP_OFFSET}
dd conv=notrunc bs=1 if=${DEPLOY_DIR_IMAGE}/Image.gz-initramfs-${MACHINE}.bin of=${B}/${MACHINE}_image.nopt seek=${KERNEL_OFFSET}
}
do_image_uefi_capsule[depends] += " linux-yocto:do_deploy"
do_image_uefi_capsule[mcdepends] += " ${@bb.utils.contains('BBMULTICONFIG', 'firmware', 'mc::firmware:linux-yocto:do_deploy', '', d)}"
do_image_uefi_capsule[prefuncs] += "create_nopt_image"
do_deploy() {
install -m 0755 ${B}/${MACHINE}_image.nopt ${DEPLOYDIR}
}
addtask deploy after do_image_uefi_capsule

7
sources/meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-recovery-image.bb Normal file
View File

@@ -0,0 +1,7 @@
require recipes-core/images/core-image-minimal.bb
# The core-image-minimal is used for the initramfs bundle for the
# Corstone1000 but the testimage task caused hanging errors. This is
# why the core-image-minimal is forked here so the testimage task can
# be disabled as it is not relevant for the Corstone1000.
IMAGE_CLASSES:remove = "testimage"

4
sources/meta-arm/meta-arm-bsp/recipes-bsp/images/firmware-deploy-image.bbappend Normal file
View File

@@ -0,0 +1,4 @@
MACHINE_DEPLOY_FIRMWARE_REQUIRE ?= ""
MACHINE_DEPLOY_FIRMWARE_REQUIRE:corstone1000 = "corstone1000-firmware-deploy-image.inc"
require ${MACHINE_DEPLOY_FIRMWARE_REQUIRE}

79
sources/meta-arm/meta-arm-bsp/recipes-bsp/images/firmware-image-juno.bb Normal file
View File

@@ -0,0 +1,79 @@
DESCRIPTION = "Firmware Image for Juno to be copied to the Configuration \
microSD card"
LICENSE = "BSD-3-Clause"
SECTION = "firmware"
LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/BSD-3-Clause;md5=550794465ba0ec5312d6919e203a55f9"
INHIBIT_DEFAULT_DEPS = "1"
DEPENDS = "trusted-firmware-a virtual/kernel virtual/control-processor-firmware"
PACKAGE_ARCH = "${MACHINE_ARCH}"
COMPATIBLE_MACHINE = "juno"
LINARO_RELEASE = "19.06"
SRC_URI = "http://releases.linaro.org/members/arm/platforms/${LINARO_RELEASE}/juno-latest-oe-uboot.zip;subdir=${UNPACK_DIR} \
file://images-r0.txt \
file://images-r1.txt \
file://images-r2.txt \
file://uEnv.txt \
"
SRC_URI[md5sum] = "01b662b81fa409d55ff298238ad24003"
SRC_URI[sha256sum] = "b8a3909bb3bc4350a8771b863193a3e33b358e2a727624a77c9ecf13516cec82"
UNPACK_DIR = "juno-firmware-${LINARO_RELEASE}"
inherit deploy nopackages
do_configure[noexec] = "1"
do_compile[noexec] = "1"
# The ${D} is used as a temporary directory and we don't generate any
# packages for this recipe.
do_install() {
cp -a ${WORKDIR}/${UNPACK_DIR} ${D}
cp -f ${RECIPE_SYSROOT}/firmware/bl1-juno.bin \
${D}/${UNPACK_DIR}/SOFTWARE/bl1.bin
cp -f ${RECIPE_SYSROOT}/firmware/fip-juno.bin \
${D}/${UNPACK_DIR}/SOFTWARE/fip.bin
cp -f ${RECIPE_SYSROOT}/firmware/scp_romfw_bypass.bin \
${D}/${UNPACK_DIR}/SOFTWARE/scp_bl1.bin
# u-boot environment file
cp -f ${WORKDIR}/uEnv.txt ${D}/${UNPACK_DIR}/SOFTWARE/
# Juno images list file
cp -f ${WORKDIR}/images-r0.txt ${D}/${UNPACK_DIR}/SITE1/HBI0262B/images.txt
cp -f ${WORKDIR}/images-r1.txt ${D}/${UNPACK_DIR}/SITE1/HBI0262C/images.txt
cp -f ${WORKDIR}/images-r2.txt ${D}/${UNPACK_DIR}/SITE1/HBI0262D/images.txt
}
do_deploy() {
# To avoid dependency loop between firmware-image-juno:do_install
# and virtual/kernel:do_deploy when INITRAMFS_IMAGE_BUNDLE = "1",
# we need to handle the kernel binaries copying in the do_deploy
# task.
for f in ${KERNEL_DEVICETREE}; do
install -m 755 -c ${DEPLOY_DIR_IMAGE}/$(basename $f) \
${D}/${UNPACK_DIR}/SOFTWARE/.
done
if [ "${INITRAMFS_IMAGE_BUNDLE}" -eq 1 ]; then
cp -L -f ${DEPLOY_DIR_IMAGE}/Image.gz-initramfs-juno.bin \
${D}/${UNPACK_DIR}/SOFTWARE/Image
else
cp -L -f ${DEPLOY_DIR_IMAGE}/${KERNEL_IMAGETYPE} ${D}/${UNPACK_DIR}/SOFTWARE/
fi
# Compress the files
tar -C ${D}/${UNPACK_DIR} -zcvf ${WORKDIR}/${PN}.tar.gz ./
# Deploy the compressed archive to the deploy folder
install -D -p -m0644 ${WORKDIR}/${PN}.tar.gz ${DEPLOYDIR}/${PN}.tar.gz
}
do_deploy[depends] += "virtual/kernel:do_deploy"
addtask deploy after do_install

71
sources/meta-arm/meta-arm-bsp/recipes-bsp/images/firmware-image-juno/images-r0.txt Normal file
View File

@@ -0,0 +1,71 @@
TITLE: Versatile Express Images Configuration File
[IMAGES]
TOTALIMAGES: 10 ;Number of Images (Max: 32)
NOR0UPDATE: AUTO ;Image Update:NONE/AUTO/FORCE
NOR0ADDRESS: 0x00000000 ;Image Flash Address
NOR0FILE: \SOFTWARE\fip.bin ;Image File Name
NOR0LOAD: 00000000 ;Image Load Address
NOR0ENTRY: 00000000 ;Image Entry Point
NOR1UPDATE: AUTO ;Image Update:NONE/AUTO/FORCE
NOR1ADDRESS: 0x03EC0000 ;Image Flash Address
NOR1FILE: \SOFTWARE\bl1.bin ;Image File Name
NOR1LOAD: 00000000 ;Image Load Address
NOR1ENTRY: 00000000 ;Image Entry Point
NOR2UPDATE: AUTO ;Image Update:NONE/AUTO/FORCE
NOR2ADDRESS: 0x00500000 ;Image Flash Address
NOR2FILE: \SOFTWARE\Image ;Image File Name
NOR2NAME: norkern ;Rename kernel to norkern
NOR2LOAD: 00000000 ;Image Load Address
NOR2ENTRY: 00000000 ;Image Entry Point
NOR3UPDATE: AUTO ;Image Update:NONE/AUTO/FORCE
NOR3ADDRESS: 0x03000000 ;Image Flash Address
NOR3FILE: \SOFTWARE\juno.dtb ;Image File Name
NOR3NAME: board.dtb ;Specify target filename to preserve file extension
NOR3LOAD: 00000000 ;Image Load Address
NOR3ENTRY: 00000000 ;Image Entry Point
NOR4UPDATE: AUTO ;Image Update:NONE/AUTO/FORCE
NOR4ADDRESS: 0x030C0000 ;Image Flash Address
NOR4FILE: \SOFTWARE\hdlcdclk.dat ;Image File Name
NOR4LOAD: 00000000 ;Image Load Address
NOR4ENTRY: 00000000 ;Image Entry Point
NOR5UPDATE: AUTO ;Image Update:NONE/AUTO/FORCE
NOR5ADDRESS: 0x03E40000 ;Image Flash Address
NOR5FILE: \SOFTWARE\scp_bl1.bin ;Image File Name
NOR5LOAD: 00000000 ;Image Load Address
NOR5ENTRY: 00000000 ;Image Entry Point
NOR6UPDATE: AUTO ;Image Update:NONE/AUTO/FORCE
NOR6ADDRESS: 0x0BF00000 ;Image Flash Address
NOR6FILE: \SOFTWARE\startup.nsh ;Image File Name
NOR6NAME: startup.nsh
NOR6LOAD: 00000000 ;Image Load Address
NOR6ENTRY: 00000000 ;Image Entry Point
NOR7UPDATE: AUTO ;Image Update:NONE/AUTO/FORCE
NOR7ADDRESS: 0x0BFC0000 ;Image Flash Address
NOR7FILE: \SOFTWARE\blank.img ;Image File Name
NOR7NAME: BOOTENV
NOR7LOAD: 00000000 ;Image Load Address
NOR7ENTRY: 00000000 ;Image Entry Point
NOR8UPDATE: AUTO ;Image Update:NONE/AUTO/FORCE
NOR8ADDRESS: 0x03100000 ;Image Flash Address
NOR8FILE: \SOFTWARE\selftest ;Image File Name
NOR8LOAD: 00000000 ;Image Load Address
NOR8ENTRY: 00000000 ;Image Entry Point
NOR9UPDATE: AUTO ;Image Update:NONE/AUTO/FORCE
NOR9ADDRESS: 0x03180000 ;Image Flash Address
NOR9NAME: uEnv.txt
NOR9FILE: \SOFTWARE\uEnv.txt ;Image File Name
NOR9LOAD: 00000000 ;Image Load Address
NOR9ENTRY: 00000000 ;Image Entry Point

71
sources/meta-arm/meta-arm-bsp/recipes-bsp/images/firmware-image-juno/images-r1.txt Normal file
View File

@@ -0,0 +1,71 @@
TITLE: Versatile Express Images Configuration File
[IMAGES]
TOTALIMAGES: 10 ;Number of Images (Max: 32)
NOR0UPDATE: AUTO ;Image Update:NONE/AUTO/FORCE
NOR0ADDRESS: 0x00000000 ;Image Flash Address
NOR0FILE: \SOFTWARE\fip.bin ;Image File Name
NOR0LOAD: 00000000 ;Image Load Address
NOR0ENTRY: 00000000 ;Image Entry Point
NOR1UPDATE: AUTO ;Image Update:NONE/AUTO/FORCE
NOR1ADDRESS: 0x03EC0000 ;Image Flash Address
NOR1FILE: \SOFTWARE\bl1.bin ;Image File Name
NOR1LOAD: 00000000 ;Image Load Address
NOR1ENTRY: 00000000 ;Image Entry Point
NOR2UPDATE: AUTO ;Image Update:NONE/AUTO/FORCE
NOR2ADDRESS: 0x00500000 ;Image Flash Address
NOR2FILE: \SOFTWARE\Image ;Image File Name
NOR2NAME: norkern ;Rename kernel to norkern
NOR2LOAD: 00000000 ;Image Load Address
NOR2ENTRY: 00000000 ;Image Entry Point
NOR3UPDATE: AUTO ;Image Update:NONE/AUTO/FORCE
NOR3ADDRESS: 0x03000000 ;Image Flash Address
NOR3FILE: \SOFTWARE\juno-r1.dtb ;Image File Name
NOR3NAME: board.dtb ;Specify target filename to preserve file extension
NOR3LOAD: 00000000 ;Image Load Address
NOR3ENTRY: 00000000 ;Image Entry Point
NOR4UPDATE: AUTO ;Image Update:NONE/AUTO/FORCE
NOR4ADDRESS: 0x030C0000 ;Image Flash Address
NOR4FILE: \SOFTWARE\hdlcdclk.dat ;Image File Name
NOR4LOAD: 00000000 ;Image Load Address
NOR4ENTRY: 00000000 ;Image Entry Point
NOR5UPDATE: AUTO ;Image Update:NONE/AUTO/FORCE
NOR5ADDRESS: 0x03E40000 ;Image Flash Address
NOR5FILE: \SOFTWARE\scp_bl1.bin ;Image File Name
NOR5LOAD: 00000000 ;Image Load Address
NOR5ENTRY: 00000000 ;Image Entry Point
NOR6UPDATE: AUTO ;Image Update:NONE/AUTO/FORCE
NOR6ADDRESS: 0x0BF00000 ;Image Flash Address
NOR6FILE: \SOFTWARE\startup.nsh ;Image File Name
NOR6NAME: startup.nsh
NOR6LOAD: 00000000 ;Image Load Address
NOR6ENTRY: 00000000 ;Image Entry Point
NOR7UPDATE: AUTO ;Image Update:NONE/AUTO/FORCE
NOR7ADDRESS: 0x0BFC0000 ;Image Flash Address
NOR7FILE: \SOFTWARE\blank.img ;Image File Name
NOR7NAME: BOOTENV
NOR7LOAD: 00000000 ;Image Load Address
NOR7ENTRY: 00000000 ;Image Entry Point
NOR8UPDATE: AUTO ;Image Update:NONE/AUTO/FORCE
NOR8ADDRESS: 0x03100000 ;Image Flash Address
NOR8FILE: \SOFTWARE\selftest ;Image File Name
NOR8LOAD: 00000000 ;Image Load Address
NOR8ENTRY: 00000000 ;Image Entry Point
NOR9UPDATE: AUTO ;Image Update:NONE/AUTO/FORCE
NOR9ADDRESS: 0x03180000 ;Image Flash Address
NOR9NAME: uEnv.txt
NOR9FILE: \SOFTWARE\uEnv.txt ;Image File Name
NOR9LOAD: 00000000 ;Image Load Address
NOR9ENTRY: 00000000 ;Image Entry Point

71
sources/meta-arm/meta-arm-bsp/recipes-bsp/images/firmware-image-juno/images-r2.txt Normal file
View File

@@ -0,0 +1,71 @@
TITLE: Versatile Express Images Configuration File
[IMAGES]
TOTALIMAGES: 10 ;Number of Images (Max: 32)
NOR0UPDATE: AUTO ;Image Update:NONE/AUTO/FORCE
NOR0ADDRESS: 0x00000000 ;Image Flash Address
NOR0FILE: \SOFTWARE\fip.bin ;Image File Name
NOR0LOAD: 00000000 ;Image Load Address
NOR0ENTRY: 00000000 ;Image Entry Point
NOR1UPDATE: AUTO ;Image Update:NONE/AUTO/FORCE
NOR1ADDRESS: 0x03EC0000 ;Image Flash Address
NOR1FILE: \SOFTWARE\bl1.bin ;Image File Name
NOR1LOAD: 00000000 ;Image Load Address
NOR1ENTRY: 00000000 ;Image Entry Point
NOR2UPDATE: AUTO ;Image Update:NONE/AUTO/FORCE
NOR2ADDRESS: 0x00500000 ;Image Flash Address
NOR2FILE: \SOFTWARE\Image ;Image File Name
NOR2NAME: norkern ;Rename kernel to norkern
NOR2LOAD: 00000000 ;Image Load Address
NOR2ENTRY: 00000000 ;Image Entry Point
NOR3UPDATE: AUTO ;Image Update:NONE/AUTO/FORCE
NOR3ADDRESS: 0x03000000 ;Image Flash Address
NOR3FILE: \SOFTWARE\juno-r2.dtb ;Image File Name
NOR3NAME: board.dtb ;Specify target filename to preserve file extension
NOR3LOAD: 00000000 ;Image Load Address
NOR3ENTRY: 00000000 ;Image Entry Point
NOR4UPDATE: AUTO ;Image Update:NONE/AUTO/FORCE
NOR4ADDRESS: 0x030C0000 ;Image Flash Address
NOR4FILE: \SOFTWARE\hdlcdclk.dat ;Image File Name
NOR4LOAD: 00000000 ;Image Load Address
NOR4ENTRY: 00000000 ;Image Entry Point
NOR5UPDATE: AUTO ;Image Update:NONE/AUTO/FORCE
NOR5ADDRESS: 0x03E40000 ;Image Flash Address
NOR5FILE: \SOFTWARE\scp_bl1.bin ;Image File Name
NOR5LOAD: 00000000 ;Image Load Address
NOR5ENTRY: 00000000 ;Image Entry Point
NOR6UPDATE: AUTO ;Image Update:NONE/AUTO/FORCE
NOR6ADDRESS: 0x0BF00000 ;Image Flash Address
NOR6FILE: \SOFTWARE\startup.nsh ;Image File Name
NOR6NAME: startup.nsh
NOR6LOAD: 00000000 ;Image Load Address
NOR6ENTRY: 00000000 ;Image Entry Point
NOR7UPDATE: AUTO ;Image Update:NONE/AUTO/FORCE
NOR7ADDRESS: 0x0BFC0000 ;Image Flash Address
NOR7FILE: \SOFTWARE\blank.img ;Image File Name
NOR7NAME: BOOTENV
NOR7LOAD: 00000000 ;Image Load Address
NOR7ENTRY: 00000000 ;Image Entry Point
NOR8UPDATE: AUTO ;Image Update:NONE/AUTO/FORCE
NOR8ADDRESS: 0x03100000 ;Image Flash Address
NOR8FILE: \SOFTWARE\selftest ;Image File Name
NOR8LOAD: 00000000 ;Image Load Address
NOR8ENTRY: 00000000 ;Image Entry Point
NOR9UPDATE: AUTO ;Image Update:NONE/AUTO/FORCE
NOR9ADDRESS: 0x03180000 ;Image Flash Address
NOR9NAME: uEnv.txt
NOR9FILE: \SOFTWARE\uEnv.txt ;Image File Name
NOR9LOAD: 00000000 ;Image Load Address
NOR9ENTRY: 00000000 ;Image Entry Point

11
sources/meta-arm/meta-arm-bsp/recipes-bsp/images/firmware-image-juno/uEnv.txt Normal file
View File

@@ -0,0 +1,11 @@
uenvcmd=run mybootcmd
mybootcmd=echo Loading custom boot command; \
echo Loading kernel; \
afs load ${kernel_name} ${kernel_addr_r} ; \
if test $? -eq 1; then echo Loading ${kernel_alt_name} instead of ${kernel_name}; afs load ${kernel_alt_name} ${kernel_addr_r}; fi; \
echo Loading device tree; \
afs load ${fdtfile} ${fdt_addr_r}; \
if test $? -eq 1; then echo Loading ${fdt_alt_name} instead of ${fdtfile}; \
afs load ${fdt_alt_name} ${fdt_addr_r}; fi; fdt addr ${fdt_addr_r}; fdt resize; \
booti ${kernel_addr_r} - ${fdt_addr_r};

37
sources/meta-arm/meta-arm-bsp/recipes-bsp/images/n1sdp-board-firmware_2022.06.22.bb Normal file
View File

@@ -0,0 +1,37 @@
SUMMARY = "Board Firmware binaries for N1SDP"
SECTION = "firmware"
LICENSE = "STM-SLA0044-Rev5"
LIC_FILES_CHKSUM = "file://LICENSES/MB/STM.TXT;md5=1b74d8c842307d03c116f2d71cbf868a"
inherit deploy
INHIBIT_DEFAULT_DEPS = "1"
PACKAGE_ARCH = "${MACHINE_ARCH}"
COMPATIBLE_MACHINE = "n1sdp"
SRC_URI = "git://git.gitlab.arm.com/arm-reference-solutions/board-firmware.git;protocol=https;branch=n1sdp"
SRCREV = "70ba494265eee76747faff38264860c19e214540"
PV .= "+git"
S = "${WORKDIR}/git"
INSTALL_DIR = "/n1sdp-board-firmware_source"
do_install() {
rm -rf ${S}/SOFTWARE
install -d ${D}${INSTALL_DIR}
cp -Rp --no-preserve=ownership ${S}/* ${D}${INSTALL_DIR}
}
FILES:${PN}-staticdev += " ${INSTALL_DIR}/LIB/sensor.a"
FILES:${PN} = "${INSTALL_DIR}"
SYSROOT_DIRS += "${INSTALL_DIR}"
do_deploy() {
install -d ${DEPLOYDIR}${INSTALL_DIR}
cp -Rp --no-preserve=ownership ${S}/* ${DEPLOYDIR}${INSTALL_DIR}
}
addtask deploy after do_install before do_build

85
sources/meta-arm/meta-arm-bsp/recipes-bsp/images/sdcard-image-n1sdp_0.1.bb Normal file
View File

@@ -0,0 +1,85 @@
SUMMARY = "Firmware image recipe for generating SD-Card artifacts."
inherit deploy nopackages
DEPENDS = "trusted-firmware-a \
virtual/control-processor-firmware \
n1sdp-board-firmware"
LICENSE = "MIT"
PACKAGE_ARCH = "${MACHINE_ARCH}"
COMPATIBLE_MACHINE = "n1sdp"
RM_WORK_EXCLUDE += "${PN}"
do_configure[noexec] = "1"
do_compile[noexec] = "1"
do_install[noexec] = "1"
FIRMWARE_DIR = "n1sdp-board-firmware_source"
PRIMARY_DIR = "${WORKDIR}/n1sdp-board-firmware_primary"
SECONDARY_DIR = "${WORKDIR}/n1sdp-board-firmware_secondary"
SOC_BINARIES = "mcp_fw.bin scp_fw.bin mcp_rom.bin scp_rom.bin"
prepare_package() {
cd ${WORKDIR}
# Master/Primary
cp -av ${RECIPE_SYSROOT}/${FIRMWARE_DIR}/* ${PRIMARY_DIR}
mkdir -p ${PRIMARY_DIR}/SOFTWARE/
# Copy FIP binary
cp -v ${RECIPE_SYSROOT}/firmware/fip.bin ${PRIMARY_DIR}/SOFTWARE/
# Copy SOC binaries
for f in ${SOC_BINARIES}; do
cp -v ${RECIPE_SYSROOT}/firmware/${f} ${PRIMARY_DIR}/SOFTWARE/
done
sed -i -e 's|^C2C_ENABLE.*|C2C_ENABLE: TRUE ;C2C enable TRUE/FALSE|' \
${PRIMARY_DIR}/MB/HBI0316A/io_v123f.txt
sed -i -e 's|^C2C_SIDE.*|C2C_SIDE: MASTER ;C2C side SLAVE/MASTER|' \
${PRIMARY_DIR}/MB/HBI0316A/io_v123f.txt
sed -i -e 's|.*SOCCON: 0x1170.*PLATFORM_CTRL.*|SOCCON: 0x1170 0x00000100 ;SoC SCC PLATFORM_CTRL|' \
${PRIMARY_DIR}/MB/HBI0316A/io_v123f.txt
# Update load address for trusted boot
sed -i -e '/^IMAGE4ADDRESS:/ s|0x60200000|0x64200000|' ${PRIMARY_DIR}/MB/HBI0316A/images.txt
sed -i -e '/^IMAGE4UPDATE:/ s|FORCE |SCP_AUTO|' ${PRIMARY_DIR}/MB/HBI0316A/images.txt
sed -i -e '/^IMAGE4FILE: \\SOFTWARE\\/s|uefi.bin|fip.bin |' ${PRIMARY_DIR}/MB/HBI0316A/images.txt
# Slave/Secondary
cp -av ${RECIPE_SYSROOT}/${FIRMWARE_DIR}/* ${SECONDARY_DIR}
mkdir -p ${SECONDARY_DIR}/SOFTWARE/
# Copy SOC binaries
for f in ${SOC_BINARIES}; do
cp -v ${RECIPE_SYSROOT}/firmware/${f} ${SECONDARY_DIR}/SOFTWARE/
done
sed -i -e 's|^C2C_ENABLE.*|C2C_ENABLE: TRUE ;C2C enable TRUE/FALSE|' \
${SECONDARY_DIR}/MB/HBI0316A/io_v123f.txt
sed -i -e 's|^C2C_SIDE.*|C2C_SIDE: SLAVE ;C2C side SLAVE/MASTER|' \
${SECONDARY_DIR}/MB/HBI0316A/io_v123f.txt
sed -i -e 's|.*SOCCON: 0x1170.*PLATFORM_CTRL.*|SOCCON: 0x1170 0x00000101 ;SoC SCC PLATFORM_CTRL|' \
${SECONDARY_DIR}/MB/HBI0316A/io_v123f.txt
sed -i -e '/^TOTALIMAGES:/ s|5|4|' ${SECONDARY_DIR}/MB/HBI0316A/images.txt
sed -i -e 's|^IMAGE4|;&|' ${SECONDARY_DIR}/MB/HBI0316A/images.txt
}
do_deploy() {
# prepare Master & Slave packages
prepare_package
for dir in ${PRIMARY_DIR} ${SECONDARY_DIR}; do
dir_name=$(basename ${dir})
mkdir -p ${D}/${dir_name}
cp -av ${dir} ${D}
# Compress the files
tar -C ${D}/${dir_name} -zcvf ${DEPLOYDIR}/${dir_name}.tar.gz ./
done
}
do_deploy[dirs] += "${PRIMARY_DIR} ${SECONDARY_DIR}"
do_deploy[cleandirs] += "${PRIMARY_DIR} ${SECONDARY_DIR}"
do_deploy[umask] = "022"
addtask deploy after do_prepare_recipe_sysroot

14
sources/meta-arm/meta-arm-bsp/recipes-bsp/images/tc-artifacts-image.bb Normal file
View File

@@ -0,0 +1,14 @@
# SPDX-License-Identifier: Apache-2.0
#
# Copyright (c) 2020 Arm Limited
#
SUMMARY = "Total Compute Images"
DESCRIPTION = "Build all the images required for Total Compute platform"
LICENSE = "Apache-2.0"
COMPATIBLE_MACHINE = "(tc?)"
inherit nopackages
# The last image to be built is trusted-firmware-a
DEPENDS += " trusted-firmware-a"

15
sources/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/scp-firmware-juno.inc Normal file
View File

@@ -0,0 +1,15 @@
# juno specific SCP configuration
COMPATIBLE_MACHINE = "juno"
FW_TARGETS = "scp"
FW_INSTALL:append = " romfw_bypass"
do_install:append() {
for TYPE in ${FW_INSTALL}; do
if [ "$TYPE" = "romfw_bypass" ]; then
install -D "${B}/${TYPE}/${FW_TARGETS}/bin/${SCP_PLATFORM}-bl1-bypass.bin" "${D}/firmware/${FW}_${TYPE}.bin"
install -D "${B}/${TYPE}/${FW_TARGETS}/bin/${SCP_PLATFORM}-bl1-bypass.elf" "${D}/firmware/${FW}_${TYPE}.elf"
fi
done
}

35
sources/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/scp-firmware-n1sdp.inc Normal file
View File

@@ -0,0 +1,35 @@
# N1SDP specific SCP configurations and build instructions
COMPATIBLE_MACHINE:n1sdp = "n1sdp"
SCP_LOG_LEVEL = "INFO"
DEPENDS += "fiptool-native"
DEPENDS += "trusted-firmware-a"
DEPENDS += "n1sdp-board-firmware"
# The n1sdp sensor library is needed for building SCP N1SDP Platform
# https://github.com/ARM-software/SCP-firmware/tree/master/product/n1sdp
EXTRA_OECMAKE:append = " \
-DSCP_N1SDP_SENSOR_LIB_PATH=${RECIPE_SYSROOT}/n1sdp-board-firmware_source/LIB/sensor.a \
"
do_install:append() {
fiptool \
create \
--scp-fw "${D}/firmware/scp_ramfw.bin" \
--blob uuid=cfacc2c4-15e8-4668-82be-430a38fad705,file="${RECIPE_SYSROOT}/firmware/bl1.bin" \
"scp_fw.bin"
# This UUID is FIP_UUID_MCP_BL2 in SCP-Firmware.
fiptool \
create \
--blob uuid=54464222-a4cf-4bf8-b1b6-cee7dade539e,file="${D}/firmware/mcp_ramfw.bin" \
"mcp_fw.bin"
install "scp_fw.bin" "${D}/firmware/scp_fw.bin"
install "mcp_fw.bin" "${D}/firmware/mcp_fw.bin"
ln -sf "scp_romfw.bin" "${D}/firmware/scp_rom.bin"
ln -sf "mcp_romfw.bin" "${D}/firmware/mcp_rom.bin"
}

6
sources/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/scp-firmware-sgi575.inc Normal file
View File

@@ -0,0 +1,6 @@
# SGI575 specific SCP configurations and build instructions
COMPATIBLE_MACHINE:sgi575 = "sgi575"
SCP_PRODUCT_GROUP = "neoverse-rd"
SCP_LOG_LEVEL = "INFO"

10
sources/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/scp-firmware_%.bbappend Normal file
View File

@@ -0,0 +1,10 @@
# Include machine specific SCP configurations
MACHINE_SCP_REQUIRE ?= ""
MACHINE_SCP_REQUIRE:juno = "scp-firmware-juno.inc"
MACHINE_SCP_REQUIRE:n1sdp = "scp-firmware-n1sdp.inc"
MACHINE_SCP_REQUIRE:sgi575 = "scp-firmware-sgi575.inc"
MACHINE_SCP_REQUIRE:tc = "scp-firmware-tc.inc"
require ${MACHINE_SCP_REQUIRE}

29
sources/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0001-Fix-FF-A-version-in-SPMC-manifest.patch Normal file
View File

@@ -0,0 +1,29 @@
From adaa22bc2f529bb34e9d4fe89ff5c65f0c83ca0c Mon Sep 17 00:00:00 2001
From: emeara01 <emekcan.aras@arm.com>
Date: Wed, 11 May 2022 14:37:06 +0100
Subject: [PATCH] Fix FF-A version in SPMC manifest
OPTEE does not support FF-A version 1.1 in SPMC at the moment.
This commit corrects the FF-A version in corstone1000_spmc_manifest.dts.
This patch will not be upstreamed and will be dropped once
OPTEE version is updated for Corstone1000.
Upstream-Status: Inappropriate
Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
---
.../corstone1000/common/fdts/corstone1000_spmc_manifest.dts | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/plat/arm/board/corstone1000/common/fdts/corstone1000_spmc_manifest.dts b/plat/arm/board/corstone1000/common/fdts/corstone1000_spmc_manifest.dts
index 8e49ab83f76a..5baa1b115b2e 100644
--- a/plat/arm/board/corstone1000/common/fdts/corstone1000_spmc_manifest.dts
+++ b/plat/arm/board/corstone1000/common/fdts/corstone1000_spmc_manifest.dts
@@ -20,7 +20,7 @@
attribute {
spmc_id = <0x8000>;
maj_ver = <0x1>;
- min_ver = <0x1>;
+ min_ver = <0x0>;
exec_state = <0x0>;
load_address = <0x0 0x2002000>;
entrypoint = <0x0 0x2002000>;

32
sources/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0002-fix-corstone1000-pass-spsr-value-explicitly.patch Normal file
View File

@@ -0,0 +1,32 @@
From d70a07562d3b0a7b4441922fd3ce136565927d04 Mon Sep 17 00:00:00 2001
From: Emekcan Aras <Emekcan.Aras@arm.com>
Date: Wed, 21 Feb 2024 07:57:36 +0000
Subject: [PATCH] fix(corstone1000): pass spsr value explicitly
Passes spsr value for BL32 (OPTEE) explicitly between different boot
stages.
Upstream-Status: Pending
Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
---
.../corstone1000/common/corstone1000_bl2_mem_params_desc.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/plat/arm/board/corstone1000/common/corstone1000_bl2_mem_params_desc.c b/plat/arm/board/corstone1000/common/corstone1000_bl2_mem_params_desc.c
index fe521a9fa..2cc096f38 100644
--- a/plat/arm/board/corstone1000/common/corstone1000_bl2_mem_params_desc.c
+++ b/plat/arm/board/corstone1000/common/corstone1000_bl2_mem_params_desc.c
@@ -72,7 +72,8 @@ static bl_mem_params_node_t bl2_mem_params_descs[] = {
SET_STATIC_PARAM_HEAD(ep_info, PARAM_EP,
VERSION_2, entry_point_info_t, NON_SECURE | EXECUTABLE),
.ep_info.pc = BL33_BASE,
-
+ .ep_info.spsr = SPSR_64(MODE_EL2, MODE_SP_ELX,
+ DISABLE_ALL_EXCEPTIONS),
SET_STATIC_PARAM_HEAD(image_info, PARAM_EP,
VERSION_2, image_info_t, 0),
.image_info.image_base = BL33_BASE,
--
2.25.1

54
sources/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0003-fix-spmd-remove-EL3-interrupt-registration.patch Normal file
View File

@@ -0,0 +1,54 @@
From 684b8f88238f522b52eb102485762e02e6b1671a Mon Sep 17 00:00:00 2001
From: Emekcan Aras <Emekcan.Aras@arm.com>
Date: Fri, 23 Feb 2024 13:17:59 +0000
Subject: [PATCH] fix(spmd): remove EL3 interrupt registration
This configuration should not be done for corstone1000 and similar
platforms. GICv2 systems only support EL3 interrupts and can have SEL1 component
as SPMC.
Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
Upstream-Status: Inappropriate [Discussions of fixing this in a better way is ongoing in upstream]
---
services/std_svc/spmd/spmd_main.c | 24 ------------------------
1 file changed, 24 deletions(-)
diff --git a/services/std_svc/spmd/spmd_main.c b/services/std_svc/spmd/spmd_main.c
index 066571e9b..313f05bf3 100644
--- a/services/std_svc/spmd/spmd_main.c
+++ b/services/std_svc/spmd/spmd_main.c
@@ -580,30 +580,6 @@ static int spmd_spmc_init(void *pm_addr)
panic();
}
- /*
- * Permit configurations where the SPM resides at S-EL1/2 and upon a
- * Group0 interrupt triggering while the normal world runs, the
- * interrupt is routed either through the EHF or directly to the SPMD:
- *
- * EL3_EXCEPTION_HANDLING=0: the Group0 interrupt is routed to the SPMD
- * for handling by spmd_group0_interrupt_handler_nwd.
- *
- * EL3_EXCEPTION_HANDLING=1: the Group0 interrupt is routed to the EHF.
- *
- */
-#if (EL3_EXCEPTION_HANDLING == 0)
- /*
- * Register an interrupt handler routing Group0 interrupts to SPMD
- * while the NWd is running.
- */
- rc = register_interrupt_type_handler(INTR_TYPE_EL3,
- spmd_group0_interrupt_handler_nwd,
- flags);
- if (rc != 0) {
- panic();
- }
-#endif
-
return 0;
}
--
2.25.1

92
sources/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0004-fix-corstone1000-remove-unused-NS_SHARED_RAM-region.patch Normal file
View File

@@ -0,0 +1,92 @@
From 19600e6718e1a5b2ac8ec27d471acdafce0e433e Mon Sep 17 00:00:00 2001
From: Emekcan Aras <Emekcan.Aras@arm.com>
Date: Thu, 25 Apr 2024 11:30:58 +0100
Subject: [PATCH] fix(corstone1000): remove unused NS_SHARED_RAM region
After enabling additional features in Trusted Services, the size of BL32 image
(OP-TEE + Trusted Services SPs) is larger now. To create more space in secure RAM
for BL32 image, this patch removes NS_SHARED_RAM region which is not currently used by
corstone1000 platform.
Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
Upstream-Status: Pending
---
.../corstone1000/common/corstone1000_plat.c | 1 -
.../common/include/platform_def.h | 19 +------------------
2 files changed, 1 insertion(+), 19 deletions(-)
diff --git a/plat/arm/board/corstone1000/common/corstone1000_plat.c b/plat/arm/board/corstone1000/common/corstone1000_plat.c
index ed3801caa..a9475859a 100644
--- a/plat/arm/board/corstone1000/common/corstone1000_plat.c
+++ b/plat/arm/board/corstone1000/common/corstone1000_plat.c
@@ -23,7 +23,6 @@
const mmap_region_t plat_arm_mmap[] = {
ARM_MAP_SHARED_RAM,
- ARM_MAP_NS_SHARED_RAM,
ARM_MAP_NS_DRAM1,
CORSTONE1000_MAP_DEVICE,
CORSTONE1000_EXTERNAL_FLASH,
diff --git a/plat/arm/board/corstone1000/common/include/platform_def.h b/plat/arm/board/corstone1000/common/include/platform_def.h
index 442d187f0..18fce4486 100644
--- a/plat/arm/board/corstone1000/common/include/platform_def.h
+++ b/plat/arm/board/corstone1000/common/include/platform_def.h
@@ -90,9 +90,6 @@
* partition size: 176 KB
* content: BL2
*
- * <ARM_NS_SHARED_RAM_BASE> = <ARM_TRUSTED_SRAM_BASE> + 1 MB
- * partition size: 512 KB
- * content: BL33 (u-boot)
*/
/* DDR memory */
@@ -117,11 +114,7 @@
/* The remaining Trusted SRAM is used to load the BL images */
#define TOTAL_SRAM_SIZE (SZ_4M) /* 4 MB */
-/* Last 512KB of CVM is allocated for shared RAM as an example openAMP */
-#define ARM_NS_SHARED_RAM_SIZE (512 * SZ_1K)
-
#define PLAT_ARM_TRUSTED_SRAM_SIZE (TOTAL_SRAM_SIZE - \
- ARM_NS_SHARED_RAM_SIZE - \
ARM_SHARED_RAM_SIZE)
#define PLAT_ARM_MAX_BL2_SIZE (180 * SZ_1K) /* 180 KB */
@@ -160,11 +153,6 @@
/* NS memory */
-/* The last 512KB of the SRAM is allocated as shared memory */
-#define ARM_NS_SHARED_RAM_BASE (ARM_TRUSTED_SRAM_BASE + TOTAL_SRAM_SIZE - \
- (PLAT_ARM_MAX_BL31_SIZE + \
- PLAT_ARM_MAX_BL32_SIZE))
-
#define BL33_BASE ARM_DRAM1_BASE
#define PLAT_ARM_MAX_BL33_SIZE (12 * SZ_1M) /* 12 MB*/
#define BL33_LIMIT (ARM_DRAM1_BASE + PLAT_ARM_MAX_BL33_SIZE)
@@ -266,7 +254,7 @@
#define PLAT_ARM_TRUSTED_MAILBOX_BASE ARM_TRUSTED_SRAM_BASE
#define PLAT_ARM_NSTIMER_FRAME_ID U(1)
-#define PLAT_ARM_NS_IMAGE_BASE (ARM_NS_SHARED_RAM_BASE)
+#define PLAT_ARM_NS_IMAGE_BASE (BL33_BASE)
#define PLAT_PHY_ADDR_SPACE_SIZE (1ULL << 32)
#define PLAT_VIRT_ADDR_SPACE_SIZE (1ULL << 32)
@@ -295,11 +283,6 @@
ARM_SHARED_RAM_SIZE, \
MT_MEMORY | MT_RW | MT_SECURE)
-#define ARM_MAP_NS_SHARED_RAM MAP_REGION_FLAT( \
- ARM_NS_SHARED_RAM_BASE, \
- ARM_NS_SHARED_RAM_SIZE, \
- MT_MEMORY | MT_RW | MT_NS)
-
#define ARM_MAP_NS_DRAM1 MAP_REGION_FLAT( \
ARM_NS_DRAM1_BASE, \
ARM_NS_DRAM1_SIZE, \
--
2.25.1

46
sources/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0005-fix-corstone1000-clean-the-cache-and-disable-interru.patch Normal file
View File

@@ -0,0 +1,46 @@
From 37f92eeb4361626072e690adb3b0bb20db7c2fca Mon Sep 17 00:00:00 2001
From: Emekcan Aras <Emekcan.Aras@arm.com>
Date: Wed, 15 May 2024 13:54:51 +0100
Subject: [PATCH] fix(corstone1000): clean the cache and disable interrupt
before system reset
Corstone1000 does not properly clean the cache and disable gic interrupts
before the reset. This causes a race condition especially in FVP after reset.
This adds proper sequence before resetting the platform.
Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
Upstream-Status: Pending
---
plat/arm/board/corstone1000/common/corstone1000_pm.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/plat/arm/board/corstone1000/common/corstone1000_pm.c b/plat/arm/board/corstone1000/common/corstone1000_pm.c
index 4b0a791e7..a52e945bf 100644
--- a/plat/arm/board/corstone1000/common/corstone1000_pm.c
+++ b/plat/arm/board/corstone1000/common/corstone1000_pm.c
@@ -7,6 +7,7 @@
#include <lib/psci/psci.h>
#include <plat/arm/common/plat_arm.h>
#include <platform_def.h>
+#include <drivers/arm/gicv2.h>
/*******************************************************************************
* Export the platform handlers via plat_arm_psci_pm_ops. The ARM Standard
* platform layer will take care of registering the handlers with PSCI.
@@ -18,6 +19,14 @@ static void __dead2 corstone1000_system_reset(void)
uint32_t volatile * const watchdog_ctrl_reg = (uint32_t *) SECURE_WATCHDOG_ADDR_CTRL_REG;
uint32_t volatile * const watchdog_val_reg = (uint32_t *) SECURE_WATCHDOG_ADDR_VAL_REG;
+ /* Flush and invalidate data cache */
+ dcsw_op_all(DCCISW);
+ /*
+ * Disable GIC CPU interface to prevent pending interrupt
+ * from waking up the AP from WFI.
+ */
+ gicv2_cpuif_disable();
+
*(watchdog_val_reg) = SECURE_WATCHDOG_COUNTDOWN_VAL;
*watchdog_ctrl_reg = SECURE_WATCHDOG_MASK_ENABLE;
while (1) {
--
2.25.1

64
sources/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/fvp-base/0001-fdts-fvp-base-Add-stdout-path-and-virtio-net-and-rng.patch Normal file
View File

@@ -0,0 +1,64 @@
From b79d3cf319cc5698311ef83247110c93d3c2de2c Mon Sep 17 00:00:00 2001
Message-Id: <b79d3cf319cc5698311ef83247110c93d3c2de2c.1695834344.git.diego.sueiro@arm.com>
From: Diego Sueiro <diego.sueiro@arm.com>
Date: Wed, 27 Sep 2023 18:05:26 +0100
Subject: [PATCH] fdts/fvp-base: Add stdout-path and virtio net and rng nodes
Upstream-Status: Pending
Signed-off-by: Diego Sueiro <diego.sueiro@arm.com>
---
fdts/fvp-base-psci-common.dtsi | 8 ++++++--
fdts/rtsm_ve-motherboard.dtsi | 12 ++++++++++++
2 files changed, 18 insertions(+), 2 deletions(-)
diff --git a/fdts/fvp-base-psci-common.dtsi b/fdts/fvp-base-psci-common.dtsi
index 79cf37d3b0..b1ba5ce703 100644
--- a/fdts/fvp-base-psci-common.dtsi
+++ b/fdts/fvp-base-psci-common.dtsi
@@ -30,7 +30,9 @@
#if (ENABLE_RME == 1)
chosen { bootargs = "console=ttyAMA0 earlycon=pl011,0x1c090000 root=/dev/vda ip=on";};
#else
- chosen {};
+ chosen {
+ stdout-path = &v2m_serial0;
+ };
#endif
aliases {
@@ -243,6 +245,8 @@
<0 0 39 &gic 0 GIC_SPI 39 IRQ_TYPE_LEVEL_HIGH>,
<0 0 40 &gic 0 GIC_SPI 40 IRQ_TYPE_LEVEL_HIGH>,
<0 0 41 &gic 0 GIC_SPI 41 IRQ_TYPE_LEVEL_HIGH>,
- <0 0 42 &gic 0 GIC_SPI 42 IRQ_TYPE_LEVEL_HIGH>;
+ <0 0 42 &gic 0 GIC_SPI 42 IRQ_TYPE_LEVEL_HIGH>,
+ <0 0 44 &gic 0 GIC_SPI 44 IRQ_TYPE_LEVEL_HIGH>,
+ <0 0 46 &gic 0 GIC_SPI 46 IRQ_TYPE_LEVEL_HIGH>;
};
};
diff --git a/fdts/rtsm_ve-motherboard.dtsi b/fdts/rtsm_ve-motherboard.dtsi
index 0a824b349a..21a083a51a 100644
--- a/fdts/rtsm_ve-motherboard.dtsi
+++ b/fdts/rtsm_ve-motherboard.dtsi
@@ -230,6 +230,18 @@
interrupts = <42>;
};
+ virtio@150000 {
+ compatible = "virtio,mmio";
+ reg = <0x150000 0x200>;
+ interrupts = <44>;
+ };
+
+ virtio@200000 {
+ compatible = "virtio,mmio";
+ reg = <0x200000 0x200>;
+ interrupts = <46>;
+ };
+
rtc@170000 {
compatible = "arm,pl031", "arm,primecell";
reg = <0x170000 0x1000>;
--
2.39.1

116
sources/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/fvp-base/optee_spmc_maifest.dts Normal file
View File

@@ -0,0 +1,116 @@
/* SPDX-License-Identifier: BSD-3-Clause */
/*
* Copyright (c) 2022-2023, Arm Limited. All rights reserved.
*/
/*
* The content of the SPMC manifest may depend on integration settings like the
* set of deployed SP. This information lives in the integration system and
* hence this file should be store in meta-arm. This avoids indirect
* dependencies between integration systems using the same file which would
* enforce some from of cooperation.
*/
/dts-v1/;
/ {
compatible = "arm,ffa-core-manifest-1.0";
#address-cells = <2>;
#size-cells = <1>;
attribute {
spmc_id = <0x8000>;
maj_ver = <0x1>;
min_ver = <0x0>;
exec_state = <0x0>;
load_address = <0x0 0x6000000>;
entrypoint = <0x0 0x6000000>;
binary_size = <0x80000>;
};
/*
* This file will be preprocessed by TF-A's build system. If Measured Boot is
* enabled in TF-A's config, the build system will add the MEASURED_BOOT=1 macro
* to the preprocessor arguments.
*/
#if MEASURED_BOOT
tpm_event_log {
compatible = "arm,tpm_event_log";
tpm_event_log_addr = <0x0 0x0>;
tpm_event_log_size = <0x0>;
tpm_event_log_max_size = <0x0>;
};
#endif
/* If the ARM_BL2_SP_LIST_DTS is defined, SPs should be loaded from FIP */
#ifdef ARM_BL2_SP_LIST_DTS
sp_packages {
compatible = "arm,sp_pkg";
#if !SPMC_TESTS
block_storage {
uuid = <0x806e6463 0x2f4652eb 0xdf8c4fac 0x9c518739>;
load-address = <0x0 0x7a00000>;
};
internal_trusted_storage {
uuid = <0x48ef1edc 0xcf4c7ab1 0xcfdf8bac 0x141b71f7>;
load-address = <0x0 0x7a80000>;
};
protected_storage_sp {
uuid = <0x01f81b75 0x6847de3d 0x100f14a5 0x9017edae>;
load-address = <0x0 0x7b00000>;
};
crypto_sp {
uuid = <0xd552dfd9 0xb24ba216 0x6dd2a49a 0xc0e8843b>;
load-address = <0x0 0x7b80000>;
};
#if MEASURED_BOOT
initial_attestation_sp {
uuid = <0x55f1baa1 0x95467688 0x95547c8f 0x74b98d5e>;
load-address = <0x0 0x7c80000>;
};
#endif
#if TS_SMM_GATEWAY
smm_gateway {
uuid = <0x33d532ed 0x0942e699 0x722dc09c 0xa798d9cd>;
load-address = <0x0 0x7d00000>;
};
#endif /* TS_SMM_GATEWAY */
#if TS_FW_UPDATE
fwu {
uuid = <0x38a82368 0x0e47061b 0xce0c7497 0xfd53fb8b>;
load-address = <0x0 0x7d80000>;
};
#endif /* TS_FW_UPDATE */
#else /* SPMC_TESTS */
test_sp1 {
uuid = <0xc3db9e5c 0x67433a7b 0x197c839f 0x376ae81a>;
load-address = <0x0 0x7a00000>;
};
test_sp2 {
uuid = <0x4c161778 0x1a4d0cc4 0xb29b7a86 0x1af48c27>;
load-address = <0x0 0x7a20000>;
};
test_sp3 {
uuid = <0x0001eb23 0x97442ae3 0x112f5290 0xa6af84e5>;
load-address = <0x0 0x7a40000>;
};
test_sp4 {
/* SP binary UUID */
uuid = <0xed623742 0x6f407277 0x270cd899 0xf8bb0ada>;
load-address = <0x0 0x7a80000>;
};
#endif /* SPMC_TESTS */
};
#endif /* ARM_BL2_SP_LIST_DTS */
};

42
sources/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/n1sdp/0001-Reserve-OP-TEE-memory-from-nwd.patch Normal file
View File

@@ -0,0 +1,42 @@
From 2d305094f8f500362079e9e7637d46129bf980e4 Mon Sep 17 00:00:00 2001
From: Adam Johnston <adam.johnston@arm.com>
Date: Tue, 25 Jul 2023 16:05:51 +0000
Subject: [PATCH] n1sdp: Reserve OP-TEE memory from NWd
The physical memory which is used to run OP-TEE on the N1SDP is known
to the secure world via TOS_FW_CONFIG, but it may not be known to the
normal world.
As a precaution, explicitly reserve this memory via NT_FW_CONFIG to
prevent the normal world from using it. This is not required on most
platforms as the Trusted OS is run from secure RAM.
Upstream-Status: Pending (not yet submitted to upstream)
Signed-off-by: Adam Johnston <adam.johnston@arm.com>
Signed-off-by: Mariam Elshakfy <mariam.elshakfy@arm.com>
---
plat/arm/board/n1sdp/fdts/n1sdp_nt_fw_config.dts | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/plat/arm/board/n1sdp/fdts/n1sdp_nt_fw_config.dts b/plat/arm/board/n1sdp/fdts/n1sdp_nt_fw_config.dts
index da5e04ddb6..b7e2d4e86f 100644
--- a/plat/arm/board/n1sdp/fdts/n1sdp_nt_fw_config.dts
+++ b/plat/arm/board/n1sdp/fdts/n1sdp_nt_fw_config.dts
@@ -20,4 +20,16 @@
local-ddr-size = <0x0>;
remote-ddr-size = <0x0>;
};
+
+ reserved-memory {
+ #address-cells = <2>;
+ #size-cells = <2>;
+ ranges;
+
+ optee@0xDE000000 {
+ compatible = "removed-dma-pool";
+ reg = <0x0 0xDE000000 0x0 0x02000000>;
+ no-map;
+ };
+ };
};
\ No newline at end of file

46
sources/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/n1sdp/0001-n1sdp-tftf-tests-to-skip.patch Normal file
View File

@@ -0,0 +1,46 @@
From cc0153b56d634aa80b740be5afed15bedb94a2c9 Mon Sep 17 00:00:00 2001
From: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
Date: Tue, 23 Jan 2024 14:19:39 +0000
Subject: [PATCH] n1sdp patch tests to skip
Upstream-Status: Pending
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
---
plat/arm/n1sdp/tests_to_skip.txt | 15 ++++++++++-----
1 file changed, 10 insertions(+), 5 deletions(-)
diff --git a/plat/arm/n1sdp/tests_to_skip.txt b/plat/arm/n1sdp/tests_to_skip.txt
index b6e87bf..1848408 100644
--- a/plat/arm/n1sdp/tests_to_skip.txt
+++ b/plat/arm/n1sdp/tests_to_skip.txt
@@ -11,7 +11,7 @@ SMMUv3 tests
PSCI CPU Suspend in OSI mode
# PSCI is enabled but not tested
-PSCI STAT/Stats test cases after system suspend
+PSCI STAT
PSCI System Suspend Validation
# Disable FF-A Interrupt tests as TWDOG is not supported by TC platform
@@ -25,9 +25,14 @@ FF-A Interrupt
# files in TFTF, since the port was done purely to test the spectre workaround
# performance impact. Once that was done no further work was done on the port.
-Timer framework Validation/Target timer to a power down cpu
-Timer framework Validation/Test scenario where multiple CPUs call same timeout
-Timer framework Validation/Stress test the timer framework
+Timer framework Validation
PSCI Affinity Info/Affinity info level0 powerdown
PSCI CPU Suspend
-PSCI STAT/for valid composite state CPU suspend
+Framework Validation/NVM serialisation
+Framework Validation/Events API
+Boot requirement tests
+CPU Hotplug
+ARM_ARCH_SVC/SMCCC_ARCH_WORKAROUND_1 test
+ARM_ARCH_SVC/SMCCC_ARCH_WORKAROUND_2 test
+ARM_ARCH_SVC/SMCCC_ARCH_WORKAROUND_3 test
+FF-A Power management
--
2.34.1

30
sources/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/n1sdp/0002-Modify-BL32-Location-to-DDR4.patch Normal file
View File

@@ -0,0 +1,30 @@
From 15dab90c3cb8e7677c4f953c2269e8ee1afa01b0 Mon Oct 2 13:45:43 2023
From: Mariam Elshakfy <mariam.elshakfy@arm.com>
Date: Mon, 2 Oct 2023 13:45:43 +0000
Subject: [PATCH] Modify BL32 Location to DDR4
Since OP-TEE start address is changed to run
from DDR4, this patch changes BL32 entrypoint
to the correct one.
Upstream-Status: Pending (not yet submitted to upstream)
Signed-off-by: Mariam Elshakfy <mariam.elshakfy@arm.com>
---
plat/arm/board/n1sdp/fdts/n1sdp_optee_spmc_manifest.dts | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/plat/arm/board/n1sdp/fdts/n1sdp_optee_spmc_manifest.dts b/plat/arm/board/n1sdp/fdts/n1sdp_optee_spmc_manifest.dts
index ed870803c..797dfe3a4 100644
--- a/plat/arm/board/n1sdp/fdts/n1sdp_optee_spmc_manifest.dts
+++ b/plat/arm/board/n1sdp/fdts/n1sdp_optee_spmc_manifest.dts
@@ -22,8 +22,8 @@
maj_ver = <0x1>;
min_ver = <0x0>;
exec_state = <0x0>;
- load_address = <0x0 0x08000000>;
- entrypoint = <0x0 0x08000000>;
+ load_address = <0x0 0xDE000000>;
+ entrypoint = <0x0 0xDE000000>;
binary_size = <0x2000000>;
};

28
sources/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/n1sdp/0003-Modify-SPMC-Base-to-DDR4.patch Normal file
View File

@@ -0,0 +1,28 @@
From 9a1d11b9fbadf740c73aee6dca4fd0370b38e4a8 Tue Oct 3 13:49:13 2023
From: Mariam Elshakfy <mariam.elshakfy@arm.com>
Date: Tue, 3 Oct 2023 13:49:13 +0000
Subject: [PATCH] Modify SPMC Base to DDR4
Since OP-TEE start address is changed to run
from DDR4, this patch changes SPMC base to
the correct one.
Upstream-Status: Pending (not yet submitted to upstream)
Signed-off-by: Mariam Elshakfy <mariam.elshakfy@arm.com>
---
plat/arm/board/n1sdp/include/platform_def.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/plat/arm/board/n1sdp/include/platform_def.h b/plat/arm/board/n1sdp/include/platform_def.h
index b3799a7b2..b12c61b61 100644
--- a/plat/arm/board/n1sdp/include/platform_def.h
+++ b/plat/arm/board/n1sdp/include/platform_def.h
@@ -118,7 +118,7 @@
#define PLAT_ARM_MAX_BL31_SIZE UL(0x40000)
-#define PLAT_ARM_SPMC_BASE U(0x08000000)
+#define PLAT_ARM_SPMC_BASE U(0xDE000000)
#define PLAT_ARM_SPMC_SIZE UL(0x02000000) /* 32 MB */

45
sources/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/rwx-segments.patch Normal file
View File

@@ -0,0 +1,45 @@
From 051c723a6463a579b05dcaa81f204516737a3645 Mon Sep 17 00:00:00 2001
From: Ross Burton <ross.burton@arm.com>
Date: Wed, 9 Aug 2023 15:56:03 -0400
Subject: [PATCH] Binutils 2.39 now warns when a segment has RXW
permissions[1]:
aarch64-none-elf-ld.bfd: warning: bl31.elf has a LOAD segment with RWX
permissions
However, TF-A passes --fatal-warnings to LD, so this is a build failure.
There is a ticket filed upstream[2], so until that is resolved just
remove --fatal-warnings.
[1] https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=ba951afb99912da01a6e8434126b8fac7aa75107
[2] https://developer.trustedfirmware.org/T996
Upstream-Status: Inappropriate
Signed-off-by: Ross Burton <ross.burton@arm.com>
---
Makefile | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/Makefile b/Makefile
index 1ddb7b84417d..9eae30c923ec 100644
--- a/Makefile
+++ b/Makefile
@@ -425,7 +425,7 @@ TF_LDFLAGS += $(TF_LDFLAGS_$(ARCH))
# LD = gcc (used when GCC LTO is enabled)
else ifneq ($(findstring gcc,$(notdir $(LD))),)
# Pass ld options with Wl or Xlinker switches
-TF_LDFLAGS += -Wl,--fatal-warnings -O1
+TF_LDFLAGS += -O1
TF_LDFLAGS += -Wl,--gc-sections
ifeq ($(ENABLE_LTO),1)
ifeq (${ARCH},aarch64)
@@ -442,7 +442,7 @@ TF_LDFLAGS += $(subst --,-Xlinker --,$(TF_LDFLAGS_$(ARCH)))
# LD = gcc-ld (ld) or llvm-ld (ld.lld) or other
else
-TF_LDFLAGS += --fatal-warnings -O1
+TF_LDFLAGS += -O1
TF_LDFLAGS += --gc-sections
# ld.lld doesn't recognize the errata flags,
# therefore don't add those in that case

63
sources/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/tc/generate_metadata.py Normal file
View File

@@ -0,0 +1,63 @@
#!/usr/bin/env python3
# Copyright (c) 2021, Arm Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
import argparse
import uuid
import zlib
def main(metadata_file, img_type_uuids, location_uuids, img_uuids):
def add_field_to_metadata(value):
# Write the integer values to file in little endian representation
with open(metadata_file, "ab") as fp:
fp.write(value.to_bytes(4, byteorder='little'))
def add_uuid_to_metadata(uuid_str):
# Validate UUID string and write to file in little endian representation
uuid_val = uuid.UUID(uuid_str)
with open(metadata_file, "ab") as fp:
fp.write(uuid_val.bytes_le)
# Fill metadata preamble
add_field_to_metadata(1) #version=1
add_field_to_metadata(0) #active_index=0
add_field_to_metadata(0) #previous_active_index=0
for img_type_uuid, location_uuid in zip(img_type_uuids, location_uuids):
# Fill metadata image entry
add_uuid_to_metadata(img_type_uuid) # img_type_uuid
add_uuid_to_metadata(location_uuid) # location_uuid
for img_uuid in img_uuids:
# Fill metadata bank image info
add_uuid_to_metadata(img_uuid) # image unique bank_uuid
add_field_to_metadata(1) # accepted=1
add_field_to_metadata(0) # reserved (MBZ)
# Prepend CRC32
with open(metadata_file, 'rb+') as fp:
content = fp.read()
crc = zlib.crc32(content)
fp.seek(0)
fp.write(crc.to_bytes(4, byteorder='little') + content)
if __name__ == "__main__":
parser = argparse.ArgumentParser()
parser.add_argument('--metadata_file', required=True,
help='Output binary file to store the metadata')
parser.add_argument('--img_type_uuids', type=str, nargs='+', required=True,
help='A list of UUIDs identifying the image types')
parser.add_argument('--location_uuids', type=str, nargs='+', required=True,
help='A list of UUIDs of the storage volumes where the images are located. '
'Must have the same length as img_type_uuids.')
parser.add_argument('--img_uuids', type=str, nargs='+', required=True,
help='A list UUIDs of the images in a firmware bank')
args = parser.parse_args()
if len(args.img_type_uuids) != len(args.location_uuids):
parser.print_help()
raise argparse.ArgumentError(None, 'Arguments img_type_uuids and location_uuids must have the same length.')
main(args.metadata_file, args.img_type_uuids, args.location_uuids, args.img_uuids)

33
sources/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/tf-a-tests-no-warn-rwx-segments.patch Normal file
View File

@@ -0,0 +1,33 @@
From 6635341615a5bcb36ce71479ee30dae1599081e2 Mon Sep 17 00:00:00 2001
From: Anton Antonov <anrton.antonov@arm.com>
Date: Wed, 9 Aug 2023 15:56:03 -0400
Subject: [PATCH] Binutils 2.39 now warns when a segment has RXW
permissions[1]:
aarch64-poky-linux-musl-ld: tftf.elf has a LOAD segment with RWX permissions
There is a ticket filed upstream[2], so until that is resolved just
disable the warning
[1] https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=ba951afb99912da01a6e8434126b8fac7aa75107
[2] https://developer.trustedfirmware.org/T996
Upstream-Status: Inappropriate
Signed-off-by: Anton Antonov <anrton.antonov@arm.com>
---
Makefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Makefile b/Makefile
index 286a47c7d454..3481187b62cf 100644
--- a/Makefile
+++ b/Makefile
@@ -246,7 +246,7 @@ TFTF_SOURCES := ${FRAMEWORK_SOURCES} ${TESTS_SOURCES} ${PLAT_SOURCES} ${LIBC_SR
TFTF_INCLUDES += ${PLAT_INCLUDES}
TFTF_CFLAGS += ${COMMON_CFLAGS}
TFTF_ASFLAGS += ${COMMON_ASFLAGS}
-TFTF_LDFLAGS += ${COMMON_LDFLAGS}
+TFTF_LDFLAGS += ${COMMON_LDFLAGS} --no-warn-rwx-segments
TFTF_EXTRA_OBJS :=
ifneq (${BP_OPTION},none)

33
sources/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/fiptool-native_2.8.6.bb Normal file
View File

@@ -0,0 +1,33 @@
# Firmware Image Package (FIP)
# It is a packaging format used by TF-A to package the
# firmware images in a single binary.
DESCRIPTION = "fiptool - Trusted Firmware tool for packaging"
LICENSE = "BSD-3-Clause"
SRC_URI_TRUSTED_FIRMWARE_A ?= "git://git.trustedfirmware.org/TF-A/trusted-firmware-a.git;protocol=https"
SRC_URI = "${SRC_URI_TRUSTED_FIRMWARE_A};destsuffix=fiptool-${PV};branch=${SRCBRANCH}"
LIC_FILES_CHKSUM = "file://docs/license.rst;md5=b2c740efedc159745b9b31f88ff03dde"
# Use fiptool from TF-A v2.8.6
SRCREV = "ff0bd5f9bb2ba2f31fb9cec96df917747af9e92d"
SRCBRANCH = "lts-v2.8"
DEPENDS += "openssl-native"
inherit native
EXTRA_OEMAKE = "V=1 HOSTCC='${BUILD_CC}' OPENSSL_DIR=${STAGING_DIR_NATIVE}/${prefix_native}"
do_compile () {
# This is still needed to have the native fiptool executing properly by
# setting the RPATH
sed -i '/^LDLIBS/ s,$, \$\{BUILD_LDFLAGS},' ${S}/tools/fiptool/Makefile
sed -i '/^INCLUDE_PATHS/ s,$, \$\{BUILD_CFLAGS},' ${S}/tools/fiptool/Makefile
oe_runmake fiptool
}
do_install () {
install -D -p -m 0755 tools/fiptool/fiptool ${D}${bindir}/fiptool
}

16
sources/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/tf-a-tests_%.bbappend Normal file
View File

@@ -0,0 +1,16 @@
# Machine specific TFAs
FILESEXTRAPATHS:prepend := "${THISDIR}/files:"
COMPATIBLE_MACHINE:corstone1000 = "corstone1000"
EXTRA_OEMAKE:append:corstone1000 = " DEBUG=0"
EXTRA_OEMAKE:append:corstone1000 = " LOG_LEVEL=30"
TFTF_MODE:corstone1000 = "release"
COMPATIBLE_MACHINE:n1sdp = "n1sdp"
EXTRA_OEMAKE:append:n1sdp = " DEBUG=1"
EXTRA_OEMAKE:append:n1sdp = " LOG_LEVEL=50"
TFTF_MODE:n1sdp = "debug"
SRC_URI:append:n1sdp = " \
file://0001-n1sdp-tftf-tests-to-skip.patch \
"

57
sources/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/tf-a-tests_2.8.0.bb Normal file
View File

@@ -0,0 +1,57 @@
DESCRIPTION = "Trusted Firmware-A tests(aka TFTF)"
LICENSE = "BSD-3-Clause & NCSA"
LIC_FILES_CHKSUM += "file://docs/license.rst;md5=6175cc0aa2e63b6d21a32aa0ee7d1b4a"
inherit deploy
COMPATIBLE_MACHINE ?= "invalid"
SRC_URI_TRUSTED_FIRMWARE_A_TESTS ?= "git://git.trustedfirmware.org/TF-A/tf-a-tests.git;protocol=https"
SRC_URI = "${SRC_URI_TRUSTED_FIRMWARE_A_TESTS};branch=${SRCBRANCH} \
file://tf-a-tests-no-warn-rwx-segments.patch"
SRCBRANCH = "lts-v2.8"
SRCREV = "85442d2943440718c2c2c9c5c690202b4b4f5725"
DEPENDS += "optee-os"
EXTRA_OEMAKE += "USE_NVM=0"
EXTRA_OEMAKE += "SHELL_COLOR=1"
EXTRA_OEMAKE += "DEBUG=1"
# Modify mode based on debug or release mode
TFTF_MODE ?= "debug"
# Platform must be set for each machine
TFA_PLATFORM ?= "invalid"
EXTRA_OEMAKE += "ARCH=aarch64"
EXTRA_OEMAKE += "LOG_LEVEL=50"
S = "${WORKDIR}/git"
B = "${WORKDIR}/build"
# Add platform parameter
EXTRA_OEMAKE += "BUILD_BASE=${B} PLAT=${TFA_PLATFORM}"
# Requires CROSS_COMPILE set by hand as there is no configure script
export CROSS_COMPILE="${TARGET_PREFIX}"
do_compile() {
oe_runmake -C ${S} tftf
}
do_compile[cleandirs] = "${B}"
FILES:${PN} = "/firmware/tftf.bin"
SYSROOT_DIRS += "/firmware"
do_install() {
install -d -m 755 ${D}/firmware
install -m 0644 ${B}/${TFA_PLATFORM}/${TFTF_MODE}/tftf.bin ${D}/firmware/tftf.bin
}
do_deploy() {
cp -rf ${D}/firmware/* ${DEPLOYDIR}/
}
addtask deploy after do_install

56
sources/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone1000.inc Normal file
View File

@@ -0,0 +1,56 @@
# Corstone1000 64-bit machines specific TFA support
COMPATIBLE_MACHINE = "(corstone1000)"
FILESEXTRAPATHS:prepend := "${THISDIR}/files/corstone1000:"
SRC_URI:append = " \
file://0001-Fix-FF-A-version-in-SPMC-manifest.patch \
file://0002-fix-corstone1000-pass-spsr-value-explicitly.patch \
file://0003-fix-spmd-remove-EL3-interrupt-registration.patch \
file://0004-fix-corstone1000-remove-unused-NS_SHARED_RAM-region.patch \
file://0005-fix-corstone1000-clean-the-cache-and-disable-interru.patch \
"
TFA_DEBUG = "1"
TFA_UBOOT ?= "1"
TFA_MBEDTLS = "1"
TFA_BUILD_TARGET = "bl2 bl31 fip"
# Enabling Secure-EL1 Payload Dispatcher (SPD)
TFA_SPD = "spmd"
# Cortex-A35 supports Armv8.0-A (no S-EL2 execution state).
# So, the SPD SPMC component should run at the S-EL1 execution state
TFA_SPMD_SPM_AT_SEL2 = "0"
# BL2 loads BL32 (optee). So, optee needs to be built first:
DEPENDS += "optee-os"
# Note: Regarding the build option: LOG_LEVEL.
# There seems to be an issue when setting it
# to 50 (LOG_LEVEL_VERBOSE), where the kernel
# tee driver sends yielding requests to OP-TEE
# at a faster pace than OP-TEE processes them,
# as the processing time is consumed by logging
# in TF-A. When this issue occurs, booting halts
# as soon as optee driver starts initialization.
# Therefore, it's not currently recommended to
# set LOG_LEVEL to 50 at all.
EXTRA_OEMAKE:append = " \
ARCH=aarch64 \
TARGET_PLATFORM=${TFA_TARGET_PLATFORM} \
ENABLE_STACK_PROTECTOR=strong \
ENABLE_PIE=1 \
RESET_TO_BL2=1 \
CREATE_KEYS=1 \
GENERATE_COT=1 \
TRUSTED_BOARD_BOOT=1 \
ARM_GPT_SUPPORT=1 \
PSA_FWU_SUPPORT=1 \
NR_OF_IMAGES_IN_FW_BANK=4 \
COT=tbbr \
ARM_ROTPK_LOCATION=devel_rsa \
ERRATA_A35_855472=1 \
ROT_KEY=plat/arm/board/common/rotpk/arm_rotprivk_rsa.pem \
BL32=${RECIPE_SYSROOT}/${nonarch_base_libdir}/firmware/tee-pager_v2.bin \
FVP_USE_GIC_DRIVER=FVP_GICV2 \
"

65
sources/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-fvp-base.inc Normal file
View File

@@ -0,0 +1,65 @@
# FVP specific TFA parameters
#
# Armv8-A Base Platform FVP
#
FILESEXTRAPATHS:prepend := "${THISDIR}/files/:${THISDIR}/files/fvp-base"
SRC_URI:append = " \
file://0001-fdts-fvp-base-Add-stdout-path-and-virtio-net-and-rng.patch \
file://optee_spmc_maifest.dts;subdir=git/plat/arm/board/fvp/fdts \
"
# OP-TEE SPMC related configuration
SPMC_IS_OPTEE = "${@bb.utils.contains('MACHINE_FEATURES', 'arm-ffa', '0' \
if d.getVar('SEL2_SPMC') == '1' else '1', '0', d)}"
# Configure the SPMC manifest file.
TFA_ARM_SPMC_MANIFEST_DTS = "${@oe.utils.conditional('SPMC_IS_OPTEE', '1', \
'${S}/plat/arm/board/fvp/fdts/optee_spmc_maifest.dts', '', d)}"
EXTRA_OEMAKE += "${@bb.utils.contains('MACHINE_FEATURES','arm-ffa', \
'ARM_SPMC_MANIFEST_DTS=${TFA_ARM_SPMC_MANIFEST_DTS}' \
if d.getVar('TFA_ARM_SPMC_MANIFEST_DTS') else '', '', d)}"
# Set OP-TEE SPMC specific TF-A config settings
TFA_SPMD_SPM_AT_SEL2 := '0'
TFA_SPD := "${@oe.utils.conditional('SPMC_IS_OPTEE', '1', 'spmd', \
d.getVar('TFA_SPD'), d)}"
DEPENDS += " ${@oe.utils.conditional('SPMC_IS_OPTEE', '1', 'optee-os', '', d)}"
# Configure measured boot if the attestation SP is deployed.
TFA_MB_FLAGS += " \
ARM_ROTPK_LOCATION=devel_rsa \
EVENT_LOG_LEVEL=20 \
GENERATE_COT=1 \
MBOOT_EL_HASH_ALG=sha256 \
MEASURED_BOOT=1 \
ROT_KEY=plat/arm/board/common/rotpk/arm_rotprivk_rsa.pem \
TRUSTED_BOARD_BOOT=1 \
"
EXTRA_OEMAKE += "${@bb.utils.contains('MACHINE_FEATURES', 'ts-attestation',\
'${TFA_MB_FLAGS}','', d)}"
# Add OP-TEE as BL32.
BL32 = "${@oe.utils.conditional('SPMC_IS_OPTEE', '1',\
'${RECIPE_SYSROOT}/${nonarch_base_libdir}/firmware/tee-pager_v2.bin',\
'', d)}"
EXTRA_OEMAKE += "${@oe.utils.conditional('SPMC_IS_OPTEE', '1', \
' BL32=${BL32}', '', d)}"
# Generic configuration
COMPATIBLE_MACHINE = "fvp-base"
TFA_PLATFORM = "fvp"
# Disable debug build if measured boot is enabled.
TFA_DEBUG := "${@bb.utils.contains('MACHINE_FEATURES', 'ts-attestation', '0',\
d.getVar('TFA_DEBUG'), d)}"
# Add mbedtls if measured boot is enabled
TFA_MBEDTLS := "${@bb.utils.contains('MACHINE_FEATURES', 'ts-attestation',\
'1', d.getVar('TFA_MBEDTLS'), d)}"
TFA_UBOOT ?= "1"
TFA_BUILD_TARGET = "bl1 bl2 bl31 dtbs fip"
EXTRA_OEMAKE += "FVP_DT_PREFIX=fvp-base-gicv3-psci-1t FVP_USE_GIC_DRIVER=FVP_GICV3"
# Our fvp-base machine explicitly has v8.4 cores
EXTRA_OEMAKE += "ARM_ARCH_MAJOR=8 ARM_ARCH_MINOR=4"

13
sources/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-juno.inc Normal file
View File

@@ -0,0 +1,13 @@
# Juno specific TFA support
COMPATIBLE_MACHINE = "juno"
TFA_PLATFORM = "juno"
TFA_DEBUG = "1"
TFA_MBEDTLS = "1"
TFA_UBOOT ?= "1"
TFA_BUILD_TARGET = "bl1 bl2 bl31 dtbs fip"
# Juno needs the System Control Processor Firmware
DEPENDS += "virtual/control-processor-firmware"
EXTRA_OEMAKE:append = " SCP_BL2=${RECIPE_SYSROOT}/firmware/scp_ramfw.bin"

41
sources/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-n1sdp.inc Normal file
View File

@@ -0,0 +1,41 @@
# N1SDP specific TFA support
# Align with N1SDP-2023.06.22 Manifest
SRCREV_tfa = "31f60a968347497562b0129134928d7ac4767710"
PV .= "+git"
COMPATIBLE_MACHINE = "n1sdp"
TFA_BUILD_TARGET = "all fip"
TFA_INSTALL_TARGET = "bl1 bl2 bl31 n1sdp-multi-chip n1sdp-single-chip n1sdp_fw_config n1sdp_tb_fw_config fip"
TFA_DEBUG = "1"
TFA_MBEDTLS = "1"
TFA_UBOOT = "0"
TFA_UEFI ?= "1"
FILESEXTRAPATHS:prepend := "${THISDIR}/files/n1sdp:"
SRC_URI:append = " \
file://0001-Reserve-OP-TEE-memory-from-nwd.patch \
file://0002-Modify-BL32-Location-to-DDR4.patch \
file://0003-Modify-SPMC-Base-to-DDR4.patch \
"
TFA_ROT_KEY= "plat/arm/board/common/rotpk/arm_rotprivk_rsa.pem"
# Enabling Secure-EL1 Payload Dispatcher (SPD)
TFA_SPD = "spmd"
# Cortex-A35 supports Armv8.0-A (no S-EL2 execution state).
# So, the SPD SPMC component should run at the S-EL1 execution state
TFA_SPMD_SPM_AT_SEL2 = "0"
# BL2 loads BL32 (optee). So, optee needs to be built first:
DEPENDS += "optee-os"
EXTRA_OEMAKE:append = "\
TRUSTED_BOARD_BOOT=1 \
GENERATE_COT=1 \
CREATE_KEYS=1 \
ARM_ROTPK_LOCATION="devel_rsa" \
ROT_KEY="${TFA_ROT_KEY}" \
BL32=${RECIPE_SYSROOT}/${nonarch_base_libdir}/firmware/tee-pager_v2.bin \
"

6
sources/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-sbsa-ref.inc Normal file
View File

@@ -0,0 +1,6 @@
# sbsa-ref specific TF-A support
COMPATIBLE_MACHINE = "sbsa-ref"
TFA_PLATFORM = "qemu_sbsa"
TFA_INSTALL_TARGET = "bl1 fip"

13
sources/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-sgi575.inc Normal file
View File

@@ -0,0 +1,13 @@
# SGI575 specific TFA support
COMPATIBLE_MACHINE = "sgi575"
TFA_PLATFORM = "sgi575"
TFA_BUILD_TARGET = "all fip"
TFA_INSTALL_TARGET = "bl1 fip"
TFA_DEBUG = "1"
TFA_MBEDTLS = "1"
TFA_UBOOT = "0"
TFA_UEFI = "1"
EXTRA_OEMAKE += "TRUSTED_BOARD_BOOT=1 GENERATE_COT=1 ARM_ROTPK_LOCATION=devel_rsa \
ROT_KEY=plat/arm/board/common/rotpk/arm_rotprivk_rsa.pem"

14
sources/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend Normal file
View File

@@ -0,0 +1,14 @@
FILESEXTRAPATHS:prepend := "${THISDIR}/files/:"
# Machine specific TFAs
MACHINE_TFA_REQUIRE ?= ""
MACHINE_TFA_REQUIRE:corstone1000 = "trusted-firmware-a-corstone1000.inc"
MACHINE_TFA_REQUIRE:fvp-base = "trusted-firmware-a-fvp-base.inc"
MACHINE_TFA_REQUIRE:juno = "trusted-firmware-a-juno.inc"
MACHINE_TFA_REQUIRE:n1sdp = "trusted-firmware-a-n1sdp.inc"
MACHINE_TFA_REQUIRE:sbsa-ref = "trusted-firmware-a-sbsa-ref.inc"
MACHINE_TFA_REQUIRE:sgi575 = "trusted-firmware-a-sgi575.inc"
MACHINE_TFA_REQUIRE:tc = "trusted-firmware-a-tc.inc"
require ${MACHINE_TFA_REQUIRE}

26
sources/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/0001-arm-trusted-firmware-m-disable-address-warnings-into.patch Normal file
View File

@@ -0,0 +1,26 @@
From 961d2e3718e9e6d652cadf5b4d3597cfe822dd04 Mon Sep 17 00:00:00 2001
From: Ali Can Ozaslan <ali.oezaslan@arm.com>
Date: Wed, 24 Jan 2024 16:10:08 +0000
Subject: [PATCH] arm/trusted-firmware-m: disable address warnings into an
error
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Ali Can Ozaslan <ali.oezaslan@arm.com>
Upstream-Status: Inappropriate
---
toolchain_GNUARM.cmake | 1 +
1 file changed, 1 insertion(+)
diff --git a/toolchain_GNUARM.cmake b/toolchain_GNUARM.cmake
index b6ae50ec3..4c2f5b3d7 100644
--- a/toolchain_GNUARM.cmake
+++ b/toolchain_GNUARM.cmake
@@ -111,6 +111,7 @@ add_compile_options(
-Wno-format
-Wno-return-type
-Wno-unused-but-set-variable
+ -Wno-error=address
-c
-fdata-sections
-ffunction-sections

274
sources/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0001-platform-corstone1000-Update-MPU-configuration.patch Normal file
View File

@@ -0,0 +1,274 @@
From eb096e4c03b80f9f31e5d15ca06e5a38e4112664 Mon Sep 17 00:00:00 2001
From: Bence Balogh <bence.balogh@arm.com>
Date: Tue, 7 Nov 2023 20:25:49 +0100
Subject: [PATCH 1/2] platform: corstone1000: Update MPU configuration
In Armv6-M the MPU requires the regions to be aligned with
region sizes.
The commit aligns the different code/data sections using the
alignment macros. The code/data sections can be covered by
multiple MPU regions in order to save memory.
Small adjustments had to be made in the memory layout in order to
not overflow the flash:
- Decreased TFM_PARTITION_SIZE
- Increased S_UNPRIV_DATA_SIZE
Added checks to the MPU configuration function for checking the
MPU constraints:
- Base address has to be aligned to the size
- The minimum MPU region size is 0x100
- The MPU can have 8 regions at most
Change-Id: I059468e8aba0822bb354fd1cd4987ac2bb1f34d1
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Upstream-Status: Submitted [https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/25393]
---
.../target/arm/corstone1000/CMakeLists.txt | 19 +++++
.../arm/corstone1000/create-flash-image.sh | 8 +-
.../arm/corstone1000/partition/flash_layout.h | 2 +-
.../arm/corstone1000/partition/region_defs.h | 6 +-
.../arm/corstone1000/tfm_hal_isolation.c | 83 +++++++++++++++----
5 files changed, 93 insertions(+), 25 deletions(-)
diff --git a/platform/ext/target/arm/corstone1000/CMakeLists.txt b/platform/ext/target/arm/corstone1000/CMakeLists.txt
index e6cf15b11..8817f514c 100644
--- a/platform/ext/target/arm/corstone1000/CMakeLists.txt
+++ b/platform/ext/target/arm/corstone1000/CMakeLists.txt
@@ -22,6 +22,25 @@ target_compile_definitions(platform_region_defs
INTERFACE
$<$<BOOL:${TFM_S_REG_TEST}>:TFM_S_REG_TEST>
)
+
+# The Armv6-M MPU requires that the MPU regions be aligned to the region sizes.
+# The minimal region size is 0x100 bytes.
+#
+# The alignments have to be a power of two and ideally bigger than the section size (which
+# can be checked in the map file).
+# In some cases the alignment value is smaller than the actual section
+# size to save memory. In that case, multiple MPU region has to be configured to cover it.
+#
+# To save memory, the attributes are set to XN_EXEC_OK and AP_RO_PRIV_UNPRIV for
+# the SRAM so the PSA_ROT_LINKER_CODE, TFM_UNPRIV_CODE and APP_ROT_LINKER_CODE don't have to
+# be aligned. The higher-priority regions will overwrite these attributes if needed.
+# The RAM is also located in the SRAM so it has to be configured to overwrite these default
+# attributes.
+target_compile_definitions(platform_region_defs
+ INTERFACE
+ TFM_LINKER_APP_ROT_LINKER_DATA_ALIGNMENT=0x2000
+ TFM_LINKER_SP_META_PTR_ALIGNMENT=0x100
+)
#========================= Platform common defs ===============================#
# Specify the location of platform specific build dependencies.
diff --git a/platform/ext/target/arm/corstone1000/create-flash-image.sh b/platform/ext/target/arm/corstone1000/create-flash-image.sh
index 2522d3674..a6be61384 100755
--- a/platform/ext/target/arm/corstone1000/create-flash-image.sh
+++ b/platform/ext/target/arm/corstone1000/create-flash-image.sh
@@ -8,7 +8,7 @@
######################################################################
# This script is to create a flash gpt image for corstone platform
-#
+#
# Flash image layout:
# |------------------------------|
# | Protective MBR |
@@ -82,15 +82,15 @@ sgdisk --mbrtogpt \
--new=4:56:+4K --typecode=4:$PRIVATE_METADATA_TYPE_UUID --partition-guid=4:$(uuidgen) --change-name=4:'private_metadata_replica_1' \
--new=5:64:+4k --typecode=5:$PRIVATE_METADATA_TYPE_UUID --partition-guid=5:$(uuidgen) --change-name=5:'private_metadata_replica_2' \
--new=6:72:+100k --typecode=6:$SE_BL2_TYPE_UUID --partition-guid=6:$(uuidgen) --change-name=6:'bl2_primary' \
- --new=7:272:+376K --typecode=7:$TFM_TYPE_UUID --partition-guid=7:$(uuidgen) --change-name=7:'tfm_primary' \
+ --new=7:272:+368K --typecode=7:$TFM_TYPE_UUID --partition-guid=7:$(uuidgen) --change-name=7:'tfm_primary' \
--new=8:32784:+100k --typecode=8:$SE_BL2_TYPE_UUID --partition-guid=8:$(uuidgen) --change-name=8:'bl2_secondary' \
- --new=9:32984:+376K --typecode=9:$TFM_TYPE_UUID --partition-guid=9:$(uuidgen) --change-name=9:'tfm_secondary' \
+ --new=9:32984:+368K --typecode=9:$TFM_TYPE_UUID --partition-guid=9:$(uuidgen) --change-name=9:'tfm_secondary' \
--new=10:65496:65501 --partition-guid=10:$(uuidgen) --change-name=10:'reserved_2' \
$IMAGE
[ $? -ne 0 ] && echo "Error occurs while writing the GPT layout" && exit 1
-# Write partitions
+# Write partitions
# conv=notrunc avoids truncation to keep the geometry of the image.
dd if=$BIN_DIR/bl2_signed.bin of=${IMAGE} seek=72 conv=notrunc
dd if=$BIN_DIR/tfm_s_signed.bin of=${IMAGE} seek=272 conv=notrunc
diff --git a/platform/ext/target/arm/corstone1000/partition/flash_layout.h b/platform/ext/target/arm/corstone1000/partition/flash_layout.h
index 568c8de28..7fffd94c6 100644
--- a/platform/ext/target/arm/corstone1000/partition/flash_layout.h
+++ b/platform/ext/target/arm/corstone1000/partition/flash_layout.h
@@ -134,7 +134,7 @@
/* Bank configurations */
#define BANK_PARTITION_SIZE (0xFE0000) /* 15.875 MB */
-#define TFM_PARTITION_SIZE (0x5E000) /* 376 KB */
+#define TFM_PARTITION_SIZE (0x5C000) /* 368 KB */
/************************************************************/
/* Bank : Images flash offsets are with respect to the bank */
diff --git a/platform/ext/target/arm/corstone1000/partition/region_defs.h b/platform/ext/target/arm/corstone1000/partition/region_defs.h
index 99e822f51..64ab786e5 100644
--- a/platform/ext/target/arm/corstone1000/partition/region_defs.h
+++ b/platform/ext/target/arm/corstone1000/partition/region_defs.h
@@ -1,8 +1,10 @@
/*
- * Copyright (c) 2017-2022 Arm Limited. All rights reserved.
+ * Copyright (c) 2017-2023 Arm Limited. All rights reserved.
* Copyright (c) 2021-2023 Cypress Semiconductor Corporation (an Infineon company)
* or an affiliate of Cypress Semiconductor Corporation. All rights reserved.
*
+ * SPDX-License-Identifier: Apache-2.0
+ *
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
@@ -53,7 +55,7 @@
#define S_DATA_START (SRAM_BASE + TFM_PARTITION_SIZE)
#define S_DATA_SIZE (SRAM_SIZE - TFM_PARTITION_SIZE)
-#define S_UNPRIV_DATA_SIZE (0x2160)
+#define S_UNPRIV_DATA_SIZE (0x4000)
#define S_DATA_LIMIT (S_DATA_START + S_DATA_SIZE - 1)
#define S_DATA_PRIV_START (S_DATA_START + S_UNPRIV_DATA_SIZE)
diff --git a/platform/ext/target/arm/corstone1000/tfm_hal_isolation.c b/platform/ext/target/arm/corstone1000/tfm_hal_isolation.c
index 01f7687bc..98e795dde 100644
--- a/platform/ext/target/arm/corstone1000/tfm_hal_isolation.c
+++ b/platform/ext/target/arm/corstone1000/tfm_hal_isolation.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2020-2022, Arm Limited. All rights reserved.
+ * Copyright (c) 2020-2023, Arm Limited. All rights reserved.
* Copyright (c) 2022 Cypress Semiconductor Corporation (an Infineon
* company) or an affiliate of Cypress Semiconductor Corporation. All rights
* reserved.
@@ -14,9 +14,11 @@
#include "tfm_hal_isolation.h"
#include "mpu_config.h"
#include "mmio_defs.h"
+#include "flash_layout.h"
#define PROT_BOUNDARY_VAL \
((1U << HANDLE_ATTR_PRIV_POS) & HANDLE_ATTR_PRIV_MASK)
+#define MPU_REGION_MIN_SIZE (0x100)
#ifdef CONFIG_TFM_ENABLE_MEMORY_PROTECT
@@ -31,20 +33,38 @@ REGION_DECLARE(Image$$, TFM_SP_META_PTR, $$ZI$$Base);
REGION_DECLARE(Image$$, TFM_SP_META_PTR, $$ZI$$Limit);
#endif /* CONFIG_TFM_PARTITION_META */
-static void configure_mpu(uint32_t rnr, uint32_t base, uint32_t limit,
- uint32_t is_xn_exec, uint32_t ap_permissions)
+static enum tfm_hal_status_t configure_mpu(uint32_t rnr, uint32_t base,
+ uint32_t limit, uint32_t is_xn_exec, uint32_t ap_permissions)
{
- uint32_t size; /* region size */
+ uint32_t rbar_size_field; /* region size as it is used in the RBAR */
uint32_t rasr; /* region attribute and size register */
uint32_t rbar; /* region base address register */
- size = get_rbar_size_field(limit - base);
+ rbar_size_field = get_rbar_size_field(limit - base);
+
+ /* The MPU region's base address has to be aligned to the region
+ * size for a valid MPU configuration */
+ if ((base % (1 << (rbar_size_field + 1))) != 0) {
+ return TFM_HAL_ERROR_INVALID_INPUT;
+ }
+
+ /* The MPU supports only 8 memory regions */
+ if (rnr > 7) {
+ return TFM_HAL_ERROR_INVALID_INPUT;
+ }
+
+ /* The minimum size for a region is 0x100 bytes */
+ if((limit - base) < MPU_REGION_MIN_SIZE) {
+ return TFM_HAL_ERROR_INVALID_INPUT;
+ }
rasr = ARM_MPU_RASR(is_xn_exec, ap_permissions, TEX, NOT_SHAREABLE,
- NOT_CACHEABLE, NOT_BUFFERABLE, SUB_REGION_DISABLE, size);
+ NOT_CACHEABLE, NOT_BUFFERABLE, SUB_REGION_DISABLE, rbar_size_field);
rbar = base & MPU_RBAR_ADDR_Msk;
ARM_MPU_SetRegionEx(rnr, rbar, rasr);
+
+ return TFM_HAL_SUCCESS;
}
#endif /* CONFIG_TFM_ENABLE_MEMORY_PROTECT */
@@ -56,33 +76,60 @@ enum tfm_hal_status_t tfm_hal_set_up_static_boundaries(
uint32_t rnr = TFM_ISOLATION_REGION_START_NUMBER; /* current region number */
uint32_t base; /* start address */
uint32_t limit; /* end address */
+ enum tfm_hal_status_t ret;
ARM_MPU_Disable();
- /* TFM Core unprivileged code region */
- base = (uint32_t)&REGION_NAME(Image$$, TFM_UNPRIV_CODE_START, $$RO$$Base);
- limit = (uint32_t)&REGION_NAME(Image$$, TFM_UNPRIV_CODE_END, $$RO$$Limit);
-
- configure_mpu(rnr++, base, limit, XN_EXEC_OK, AP_RO_PRIV_UNPRIV);
-
- /* RO region */
- base = (uint32_t)&REGION_NAME(Image$$, TFM_APP_CODE_START, $$Base);
- limit = (uint32_t)&REGION_NAME(Image$$, TFM_APP_CODE_END, $$Base);
+ /* Armv6-M MPU allows region overlapping. The region with the higher RNR
+ * will decide the attributes.
+ *
+ * The default attributes are set to XN_EXEC_OK and AP_RO_PRIV_UNPRIV for the
+ * whole SRAM so the PSA_ROT_LINKER_CODE, TFM_UNPRIV_CODE and APP_ROT_LINKER_CODE
+ * don't have to be aligned and memory space can be saved.
+ * This region has the lowest RNR so the next regions can overwrite these
+ * attributes if it's needed.
+ */
+ base = SRAM_BASE;
+ limit = SRAM_BASE + SRAM_SIZE;
+
+ ret = configure_mpu(rnr++, base, limit,
+ XN_EXEC_OK, AP_RW_PRIV_UNPRIV);
+ if (ret != TFM_HAL_SUCCESS) {
+ return ret;
+ }
- configure_mpu(rnr++, base, limit, XN_EXEC_OK, AP_RO_PRIV_UNPRIV);
/* RW, ZI and stack as one region */
base = (uint32_t)&REGION_NAME(Image$$, TFM_APP_RW_STACK_START, $$Base);
limit = (uint32_t)&REGION_NAME(Image$$, TFM_APP_RW_STACK_END, $$Base);
- configure_mpu(rnr++, base, limit, XN_EXEC_NOT_OK, AP_RW_PRIV_UNPRIV);
+ /* The section size can be bigger than the alignment size, else the code would
+ * not fit into the memory. Because of this, the sections can use multiple MPU
+ * regions. */
+ do {
+ ret = configure_mpu(rnr++, base, base + TFM_LINKER_APP_ROT_LINKER_DATA_ALIGNMENT,
+ XN_EXEC_NOT_OK, AP_RW_PRIV_UNPRIV);
+ if (ret != TFM_HAL_SUCCESS) {
+ return ret;
+ }
+ base += TFM_LINKER_APP_ROT_LINKER_DATA_ALIGNMENT;
+ } while (base < limit);
+
#ifdef CONFIG_TFM_PARTITION_META
/* TFM partition metadata pointer region */
base = (uint32_t)&REGION_NAME(Image$$, TFM_SP_META_PTR, $$ZI$$Base);
limit = (uint32_t)&REGION_NAME(Image$$, TFM_SP_META_PTR, $$ZI$$Limit);
- configure_mpu(rnr++, base, limit, XN_EXEC_NOT_OK, AP_RW_PRIV_UNPRIV);
+ do {
+ ret = configure_mpu(rnr++, base, base + TFM_LINKER_SP_META_PTR_ALIGNMENT,
+ XN_EXEC_NOT_OK, AP_RW_PRIV_UNPRIV);
+ if (ret != TFM_HAL_SUCCESS) {
+ return ret;
+ }
+ base += TFM_LINKER_SP_META_PTR_ALIGNMENT;
+ } while (base < limit);
+
#endif
arm_mpu_enable();

76
sources/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0002-platform-corstone1000-Cover-S_DATA-with-MPU.patch Normal file
View File

@@ -0,0 +1,76 @@
From ca7696bca357cfd71a34582c65a7c7c08828b6dc Mon Sep 17 00:00:00 2001
From: Bence Balogh <bence.balogh@arm.com>
Date: Mon, 18 Dec 2023 14:00:14 +0100
Subject: [PATCH 2/2] platform: corstone1000: Cover S_DATA with MPU
The S_DATA has to be covered with MPU regions to override the
other MPU regions with smaller RNR values.
Change-Id: I45fec65f51241939314941e25d287e6fdc82777c
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Upstream-Status: Submitted [https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/25583]
---
.../target/arm/corstone1000/CMakeLists.txt | 8 +++++++
.../arm/corstone1000/tfm_hal_isolation.c | 22 +++++++++++++++++++
2 files changed, 30 insertions(+)
diff --git a/platform/ext/target/arm/corstone1000/CMakeLists.txt b/platform/ext/target/arm/corstone1000/CMakeLists.txt
index 8817f514c..541504368 100644
--- a/platform/ext/target/arm/corstone1000/CMakeLists.txt
+++ b/platform/ext/target/arm/corstone1000/CMakeLists.txt
@@ -40,6 +40,14 @@ target_compile_definitions(platform_region_defs
INTERFACE
TFM_LINKER_APP_ROT_LINKER_DATA_ALIGNMENT=0x2000
TFM_LINKER_SP_META_PTR_ALIGNMENT=0x100
+
+ # The RAM MPU Region block sizes are calculated manually. The RAM has to be covered
+ # with the MPU regions. These regions also have to be the power of 2 and
+ # the start addresses have to be aligned to these sizes. The sizes can be calculated
+ # from the S_DATA_START and S_DATA_SIZE defines.
+ RAM_MPU_REGION_BLOCK_1_SIZE=0x4000
+ RAM_MPU_REGION_BLOCK_2_SIZE=0x20000
+
)
#========================= Platform common defs ===============================#
diff --git a/platform/ext/target/arm/corstone1000/tfm_hal_isolation.c b/platform/ext/target/arm/corstone1000/tfm_hal_isolation.c
index 98e795dde..39b19c535 100644
--- a/platform/ext/target/arm/corstone1000/tfm_hal_isolation.c
+++ b/platform/ext/target/arm/corstone1000/tfm_hal_isolation.c
@@ -15,6 +15,7 @@
#include "mpu_config.h"
#include "mmio_defs.h"
#include "flash_layout.h"
+#include "region_defs.h"
#define PROT_BOUNDARY_VAL \
((1U << HANDLE_ATTR_PRIV_POS) & HANDLE_ATTR_PRIV_MASK)
@@ -132,6 +133,27 @@ enum tfm_hal_status_t tfm_hal_set_up_static_boundaries(
#endif
+ /* Set the RAM attributes. It is needed because the first region overlaps the whole
+ * SRAM and it has to be overridden.
+ * The RAM_MPU_REGION_BLOCK_1_SIZE and RAM_MPU_REGION_BLOCK_2_SIZE are calculated manually
+ * and added to the platform_region_defs compile definitions.
+ */
+ base = S_DATA_START;
+ limit = S_DATA_START + RAM_MPU_REGION_BLOCK_1_SIZE;
+ ret = configure_mpu(rnr++, base, limit,
+ XN_EXEC_NOT_OK, AP_RW_PRIV_UNPRIV);
+ if (ret != TFM_HAL_SUCCESS) {
+ return ret;
+ }
+
+ base = S_DATA_START + RAM_MPU_REGION_BLOCK_1_SIZE;
+ limit = S_DATA_START + RAM_MPU_REGION_BLOCK_1_SIZE + RAM_MPU_REGION_BLOCK_2_SIZE;
+ ret = configure_mpu(rnr++, base, limit,
+ XN_EXEC_NOT_OK, AP_RW_PRIV_UNPRIV);
+ if (ret != TFM_HAL_SUCCESS) {
+ return ret;
+ }
+
arm_mpu_enable();
#endif /* CONFIG_TFM_ENABLE_MEMORY_PROTECT */

78
sources/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0003-platform-corstone1000-align-capsule-update-structs.patch Normal file
View File

@@ -0,0 +1,78 @@
From 6807d4b30f7d4ed32d3c54dfcaf3ace63eaa4f02 Mon Sep 17 00:00:00 2001
From: Emekcan Aras <emekcan.aras@arm.com>
Date: Thu, 26 Oct 2023 11:46:04 +0100
Subject: [PATCH] platform: corstone1000: align capsule update structs
U-boot mkefitool creates capsule image without packed and byte-aligned
structs. This patch aligns the capsule-update structures and avoids
crashes in case of unaligned pointer access.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Upstream-Status: Pending
---
.../fw_update_agent/uefi_capsule_parser.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/platform/ext/target/arm/corstone1000/fw_update_agent/uefi_capsule_parser.c b/platform/ext/target/arm/corstone1000/fw_update_agent/uefi_capsule_parser.c
index c706c040ac..9f8d12ad4e 100644
--- a/platform/ext/target/arm/corstone1000/fw_update_agent/uefi_capsule_parser.c
+++ b/platform/ext/target/arm/corstone1000/fw_update_agent/uefi_capsule_parser.c
@@ -34,14 +34,14 @@ typedef struct {
uint32_t header_size;
uint32_t flags;
uint32_t capsule_image_size;
-} efi_capsule_header_t;
+} efi_capsule_header_t __attribute__((packed, aligned(1)));
typedef struct {
uint32_t version;
uint16_t embedded_driver_count;
uint16_t payload_item_count;
uint64_t item_offset_list[];
-} efi_firmware_management_capsule_header_t;
+} efi_firmware_management_capsule_header_t __attribute__((packed, aligned(1)));
typedef struct {
uint32_t version;
@@ -52,14 +52,14 @@ typedef struct {
uint32_t update_vendorcode_size;
uint64_t update_hardware_instance; //introduced in v2
uint64_t image_capsule_support; //introduced in v3
-} efi_firmware_management_capsule_image_header_t;
+} efi_firmware_management_capsule_image_header_t __attribute__((packed, aligned(1)));
typedef struct {
uint32_t signature;
uint32_t header_size;
uint32_t fw_version;
uint32_t lowest_supported_version;
-} fmp_payload_header_t;
+} fmp_payload_header_t __attribute__((packed, aligned(1)));
#define ANYSIZE_ARRAY 0
@@ -68,18 +68,18 @@ typedef struct {
uint16_t wRevision;
uint16_t wCertificateType;
uint8_t bCertificate[ANYSIZE_ARRAY];
-} WIN_CERTIFICATE;
+} WIN_CERTIFICATE __attribute__((packed, aligned(1)));
typedef struct {
WIN_CERTIFICATE hdr;
struct efi_guid cert_type;
uint8_t cert_data[ANYSIZE_ARRAY];
-} win_certificate_uefi_guid_t;
+} win_certificate_uefi_guid_t __attribute__((packed, aligned(1)));
typedef struct {
uint64_t monotonic_count;
win_certificate_uefi_guid_t auth_info;
-} efi_firmware_image_authentication_t;
+} efi_firmware_image_authentication_t __attribute__((packed, aligned(1)));
enum uefi_capsule_error_t uefi_capsule_retrieve_images(void* capsule_ptr,
--
2.25.1

33
sources/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0004-Platform-Corstone1000-skip-the-first-nv-counter.patch Normal file
View File

@@ -0,0 +1,33 @@
From 001e5bea183bc78352ac3ba6283d9d7912bb6ea5 Mon Sep 17 00:00:00 2001
From: Emekcan Aras <Emekcan.Aras@arm.com>
Date: Wed, 21 Feb 2024 07:44:25 +0000
Subject: [PATCH] Platform: Corstone1000: skip the first nv counter
It skips doing a sanity check the BL2 nv counter after the capsule
update since the tfm bl1 does not sync metadata and nv counters in OTP during
the boot anymore.
Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
Upstream-Status: Pending
---
.../ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c b/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c
index 2e6de255b..2e6cf8047 100644
--- a/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c
+++ b/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c
@@ -1125,7 +1125,7 @@ static enum fwu_agent_error_t update_nv_counters(
FWU_LOG_MSG("%s: enter\n\r", __func__);
- for (int i = 0; i <= FWU_MAX_NV_COUNTER_INDEX; i++) {
+ for (int i = 1; i <= FWU_MAX_NV_COUNTER_INDEX; i++) {
switch (i) {
case FWU_BL2_NV_COUNTER:
--
2.25.1

41
sources/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0005-platform-corstone1000-add-unique-guid-for-mps3.patch Normal file
View File

@@ -0,0 +1,41 @@
From 3d35eb08fe0cea5c4b882c448f44530bb45c05f0 Mon Sep 17 00:00:00 2001
From: Anusmita Dutta Mazumder <anusmita.duttamazumder@arm.com>
Date: Tue, 2 Apr 2024 13:04:56 +0000
Subject: [PATCH] platform: corstone1000: add unique guid for mps3
This patch sets unique GUID for Corstone1000 FVP and MPS3
Upstream-Status: Inappropriate [Redesign of Capsule update interface is required]
Signed-off-by: Anusmita Dutta Mazumder <anusmita.duttamazumder@arm.com>
---
.../target/arm/corstone1000/fw_update_agent/fwu_agent.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c b/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c
index 2e6cf80470..be04e0e5df 100644
--- a/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c
+++ b/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c
@@ -113,13 +113,19 @@ enum fwu_agent_state_t {
};
struct efi_guid full_capsule_image_guid = {
+#if PLATFORM_IS_FVP
.time_low = 0x989f3a4e,
.time_mid = 0x46e0,
.time_hi_and_version = 0x4cd0,
.clock_seq_and_node = {0x98, 0x77, 0xa2, 0x5c, 0x70, 0xc0, 0x13, 0x29}
+#else
+ .time_low = 0xdf1865d1,
+ .time_mid = 0x90fb,
+ .time_hi_and_version = 0x4d59,
+ .clock_seq_and_node = {0x9c, 0x38, 0xc9, 0xf2, 0xc1, 0xbb, 0xa8, 0xcc}
+#endif
};
-
#define IMAGE_ACCEPTED (1)
#define IMAGE_NOT_ACCEPTED (0)
#define BANK_0 (0)
--
2.38.1

177
sources/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0006-Platform-Corstone1000-Enable-host-firewall-in-FVP.patch Normal file
View File

@@ -0,0 +1,177 @@
From 1410dc5504d60219279581b1cf6442f81551cfe7 Mon Sep 17 00:00:00 2001
From: Emekcan Aras <Emekcan.Aras@arm.com>
Date: Wed, 3 Apr 2024 13:37:40 +0100
Subject: [PATCH] Platform: Corstone1000: Enable host firewall in FVP
Enables host firewall and mpu setup for FVP. It also fixes secure-ram
configuration and disable access rights to secure ram from both normal world
for both mps3 and fvp.
Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
Upstream-Status: Pending [Not submitted to upstream yet]
---
.../Device/Include/platform_base_address.h | 2 +-
.../arm/corstone1000/bl1/boot_hal_bl1_1.c | 42 ++++---------------
.../arm/corstone1000/bl2/flash_map_bl2.c | 2 +-
3 files changed, 11 insertions(+), 35 deletions(-)
diff --git a/platform/ext/target/arm/corstone1000/Device/Include/platform_base_address.h b/platform/ext/target/arm/corstone1000/Device/Include/platform_base_address.h
index 416f0ebcd..101cad9e7 100644
--- a/platform/ext/target/arm/corstone1000/Device/Include/platform_base_address.h
+++ b/platform/ext/target/arm/corstone1000/Device/Include/platform_base_address.h
@@ -67,7 +67,7 @@
* required by the SE are defined here */
#define CORSTONE1000_HOST_ADDRESS_SPACE_BASE (0x60000000U) /* Host Address Space */
#define CORSTONE1000_HOST_BIR_BASE (0x60000000U) /* Boot Instruction Register */
-#define CORSTONE1000_HOST_SHARED_RAM_BASE (0x62000000U) /* Shared RAM */
+#define CORSTONE1000_HOST_TRUSTED_RAM_BASE (0x62000000U) /* Secure RAM */
#define CORSTONE1000_HOST_XNVM_BASE (0x68000000U) /* XNVM */
#define CORSTONE1000_HOST_BASE_SYSTEM_CONTROL_BASE (0x7A010000U) /* Host SCB */
#define CORSTONE1000_EXT_SYS_RESET_REG (0x7A010310U) /* external system (cortex-M3) */
diff --git a/platform/ext/target/arm/corstone1000/bl1/boot_hal_bl1_1.c b/platform/ext/target/arm/corstone1000/bl1/boot_hal_bl1_1.c
index a5fee66af..7988c2392 100644
--- a/platform/ext/target/arm/corstone1000/bl1/boot_hal_bl1_1.c
+++ b/platform/ext/target/arm/corstone1000/bl1/boot_hal_bl1_1.c
@@ -35,7 +35,7 @@ REGION_DECLARE(Image$$, ER_DATA, $$Base)[];
REGION_DECLARE(Image$$, ARM_LIB_HEAP, $$ZI$$Limit)[];
#define HOST_ADDRESS_SPACE_BASE 0x00000000
-#define HOST_SHARED_RAM_BASE 0x02000000
+#define HOST_TRUSTED_RAM_BASE 0x02000000
#define HOST_XNVM_BASE 0x08000000
#define HOST_BASE_SYSTEM_CONTROL_BASE 0x1A010000
#define HOST_FIREWALL_BASE 0x1A800000
@@ -347,7 +347,7 @@ static void setup_host_firewall(void)
fc_pe_enable();
- /* CVM - Shared RAM */
+ /* CVM - Secure RAM */
fc_select((void *)CORSTONE1000_HOST_FIREWALL_BASE, COMP_CVM);
fc_disable_bypass();
fc_pe_disable();
@@ -355,15 +355,12 @@ static void setup_host_firewall(void)
fc_select_region(1);
fc_disable_regions();
fc_disable_mpe(RGN_MPE0);
- fc_prog_rgn(RGN_SIZE_4MB, HOST_SHARED_RAM_BASE);
+ fc_prog_rgn(RGN_SIZE_4MB, HOST_TRUSTED_RAM_BASE);
fc_init_mpl(RGN_MPE0);
mpl_rights = (RGN_MPL_ANY_MST_MASK | RGN_MPL_SECURE_READ_MASK |
RGN_MPL_SECURE_WRITE_MASK |
- RGN_MPL_SECURE_EXECUTE_MASK |
- RGN_MPL_NONSECURE_READ_MASK |
- RGN_MPL_NONSECURE_WRITE_MASK |
- RGN_MPL_NONSECURE_EXECUTE_MASK);
+ RGN_MPL_SECURE_EXECUTE_MASK);
fc_enable_mpl(RGN_MPE0, mpl_rights);
fc_disable_mpl(RGN_MPE0, ~mpl_rights);
@@ -398,7 +395,9 @@ static void setup_host_firewall(void)
fc_pe_enable();
- /* Host Expansion Master 0 */
+#if !(PLATFORM_IS_FVP)
+ /* Host Expansion Master 0 (Due to the difference in the models only
+ * programming this for MPS3) */
fc_select((void *)CORSTONE1000_HOST_FIREWALL_BASE, COMP_EXPMST0);
fc_disable_bypass();
fc_pe_disable();
@@ -433,7 +432,6 @@ static void setup_host_firewall(void)
fc_enable_regions();
fc_rgn_lock();
-#if !(PLATFORM_IS_FVP)
fc_select_region(3);
fc_disable_regions();
fc_disable_mpe(RGN_MPE0);
@@ -461,16 +459,14 @@ static void setup_host_firewall(void)
fc_enable_mpe(RGN_MPE0);
fc_enable_regions();
fc_rgn_lock();
-#endif
fc_pe_enable();
- /* Host Expansion Master 0 */
+ /* Host Expansion Master 1*/
fc_select((void *)CORSTONE1000_HOST_FIREWALL_BASE, COMP_EXPMST1);
fc_disable_bypass();
fc_pe_disable();
-#if !(PLATFORM_IS_FVP)
fc_select_region(1);
fc_disable_regions();
fc_disable_mpe(RGN_MPE0);
@@ -484,22 +480,6 @@ static void setup_host_firewall(void)
fc_enable_mpe(RGN_MPE0);
fc_enable_regions();
fc_rgn_lock();
-#else
- fc_select_region(1);
- fc_disable_regions();
- fc_disable_mpe(RGN_MPE0);
- fc_prog_rgn(RGN_SIZE_8MB, HOST_SE_SECURE_FLASH_BASE_FVP);
- fc_init_mpl(RGN_MPE0);
-
- mpl_rights = (RGN_MPL_ANY_MST_MASK | RGN_MPL_SECURE_READ_MASK |
- RGN_MPL_SECURE_WRITE_MASK);
-
- fc_enable_mpl(RGN_MPE0, mpl_rights);
- fc_enable_mpe(RGN_MPE0);
- fc_enable_regions();
- fc_rgn_lock();
-#endif
-
fc_pe_enable();
/* Always ON Host Peripherals */
@@ -527,7 +507,6 @@ static void setup_host_firewall(void)
}
fc_pe_enable();
-
/* Host System Peripherals */
fc_select((void *)CORSTONE1000_HOST_FIREWALL_BASE, COMP_SYSPERIPH);
fc_disable_bypass();
@@ -553,6 +532,7 @@ static void setup_host_firewall(void)
}
fc_pe_enable();
+#endif
/* Host System Peripherals */
fc_select((void *)CORSTONE1000_HOST_FIREWALL_BASE, COMP_DBGPERIPH);
@@ -592,13 +572,9 @@ int32_t boot_platform_init(void)
if (result != ARM_DRIVER_OK) {
return 1;
}
-#if !(PLATFORM_IS_FVP)
setup_mpu();
-#endif
setup_se_firewall();
-#if !(PLATFORM_IS_FVP)
setup_host_firewall();
-#endif
#if defined(TFM_BL1_LOGGING) || defined(TEST_BL1_1) || defined(TEST_BL1_2)
stdio_init();
diff --git a/platform/ext/target/arm/corstone1000/bl2/flash_map_bl2.c b/platform/ext/target/arm/corstone1000/bl2/flash_map_bl2.c
index 2b1cdfa19..06cc3f0f5 100644
--- a/platform/ext/target/arm/corstone1000/bl2/flash_map_bl2.c
+++ b/platform/ext/target/arm/corstone1000/bl2/flash_map_bl2.c
@@ -70,7 +70,7 @@ int boot_get_image_exec_ram_info(uint32_t image_id,
rc = 0;
}
else if (image_id == 1 || image_id == 2) {
- (*exec_ram_start) = CORSTONE1000_HOST_SHARED_RAM_BASE;
+ (*exec_ram_start) = CORSTONE1000_HOST_TRUSTED_RAM_BASE;
(*exec_ram_size) = 0x20000000U;
rc = 0;
}
--
2.25.1

27
sources/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0007-platform-corstone1000-Increase-ITS-max-asset-size.patch Normal file
View File

@@ -0,0 +1,27 @@
From 2edf197735bd0efb1428c1710443dddcb376d930 Mon Sep 17 00:00:00 2001
From: Emekcan Aras <emekcan.aras@arm.com>
Date: Wed, 17 Apr 2024 11:34:45 +0000
Subject: [PATCH] platform: corstone1000: Increase ITS max asset size
Increases the max asset size for ITS to enable parsec services & tests
Upstream-Status: Pending
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Vikas Katariya <vikas.katariya@arm.com>
---
platform/ext/target/arm/corstone1000/config_tfm_target.h | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/platform/ext/target/arm/corstone1000/config_tfm_target.h b/platform/ext/target/arm/corstone1000/config_tfm_target.h
index 2c7341afd4..2eb0924770 100644
--- a/platform/ext/target/arm/corstone1000/config_tfm_target.h
+++ b/platform/ext/target/arm/corstone1000/config_tfm_target.h
@@ -20,4 +20,8 @@
/* The maximum number of assets to be stored in the Protected Storage area. */
#define PS_NUM_ASSETS 20
+/* The maximum size of asset to be stored in the Internal Trusted Storage area. */
+#undef ITS_MAX_ASSET_SIZE
+#define ITS_MAX_ASSET_SIZE 2048
+
#endif /* __CONFIG_TFM_TARGET_H__ */

3620
sources/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0008-Platform-CS1000-Replace-OpenAMP-with-RSE_COMMS.patch Normal file
View File

File diff suppressed because it is too large Load Diff

28
sources/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0009-platform-corstone1000-Increase-RSE_COMMS-buffer-size.patch Normal file
View File

@@ -0,0 +1,28 @@
From 21b0c9f028b6b04fa2f027510ec90969735f4dd1 Mon Sep 17 00:00:00 2001
From: Bence Balogh <bence.balogh@arm.com>
Date: Wed, 17 Apr 2024 19:31:03 +0200
Subject: [PATCH] platform: corstone1000: Increase RSE_COMMS buffer size
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Upstream-Status: Pending
---
platform/ext/target/arm/corstone1000/rse_comms/rse_comms.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/platform/ext/target/arm/corstone1000/rse_comms/rse_comms.h b/platform/ext/target/arm/corstone1000/rse_comms/rse_comms.h
index 6d79dd3bf..f079f6504 100644
--- a/platform/ext/target/arm/corstone1000/rse_comms/rse_comms.h
+++ b/platform/ext/target/arm/corstone1000/rse_comms/rse_comms.h
@@ -16,7 +16,7 @@ extern "C" {
#endif
/* size suits to fit the largest message too (EFI variables) */
-#define RSE_COMMS_PAYLOAD_MAX_SIZE (0x2100)
+#define RSE_COMMS_PAYLOAD_MAX_SIZE (0x43C0)
/*
* Allocated for each client request.
--
2.25.1

31
sources/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0010-CC312-alignment-of-cc312-differences-between-fvp-and.patch Normal file
View File

@@ -0,0 +1,31 @@
From a8aeaafd6c26d6bc3066164d12aabc5cb754fe1c Mon Sep 17 00:00:00 2001
From: Ali Can Ozaslan <ali.oezaslan@arm.com>
Date: Wed, 15 May 2024 12:12:15 +0000
Subject: [PATCH] CC312: alignment of cc312 differences between fvp and mps3
corstone1000 platforms
Configures CC312 mps3 model same as predefined cc312 FVP
configuration while keeping debug ports closed.
Signed-off-by: Ali Can Ozaslan <ali.oezaslan@arm.com>
Upstream-Status: Inappropriate [Requires an aligment cc3xx with mps3 hw and fvp sw models]
---
lib/ext/cryptocell-312-runtime/host/src/cc3x_lib/cc_lib.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/lib/ext/cryptocell-312-runtime/host/src/cc3x_lib/cc_lib.c b/lib/ext/cryptocell-312-runtime/host/src/cc3x_lib/cc_lib.c
index 31e4332be..4d7e6fa61 100644
--- a/lib/ext/cryptocell-312-runtime/host/src/cc3x_lib/cc_lib.c
+++ b/lib/ext/cryptocell-312-runtime/host/src/cc3x_lib/cc_lib.c
@@ -207,6 +207,9 @@ CClibRetCode_t CC_LibInit(CCRndContext_t *rndContext_ptr, CCRndWorkBuff_t *rndW
goto InitErr2;
}
+ /* configuring secure debug to align cc312 with corstone 1000 */
+ CC_HAL_WRITE_REGISTER(CC_REG_OFFSET(HOST_RGF,HOST_DCU_EN0), 0xffffe7fc);
+
/* turn off the DFA since Cerberus doen't support it */
reg = CC_HAL_READ_REGISTER(CC_REG_OFFSET(HOST_RGF, HOST_AO_LOCK_BITS));
CC_REG_FLD_SET(0, HOST_AO_LOCK_BITS, HOST_FORCE_DFA_ENABLE, reg, 0x0);

45
sources/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0011-Platform-corstone1000-Increase-buffers-for-EFI-vars.patch Normal file
View File

@@ -0,0 +1,45 @@
From d7725e629c9ba93523589cc9d8af3186db19d4e8 Mon Sep 17 00:00:00 2001
From: Bence Balogh <bence.balogh@arm.com>
Date: Wed, 15 May 2024 22:37:51 +0200
Subject: [PATCH] Platform: corstone1000: Increase buffers for EFI vars
The UEFI variables are stored in the Protected Storage. The size of
the variables metadata have been increased so the related buffer sizes
have to be increased.
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Upstream-Status: Pending
---
.../ext/target/arm/corstone1000/config_tfm_target.h | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/platform/ext/target/arm/corstone1000/config_tfm_target.h b/platform/ext/target/arm/corstone1000/config_tfm_target.h
index 2eb0924770..6ee823a7dc 100644
--- a/platform/ext/target/arm/corstone1000/config_tfm_target.h
+++ b/platform/ext/target/arm/corstone1000/config_tfm_target.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2022, Arm Limited. All rights reserved.
+ * Copyright (c) 2022-2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -24,4 +24,15 @@
#undef ITS_MAX_ASSET_SIZE
#define ITS_MAX_ASSET_SIZE 2048
+/* The maximum asset size to be stored in the Protected Storage */
+#undef PS_MAX_ASSET_SIZE
+#define PS_MAX_ASSET_SIZE 2592
+
+/* This is needed to be able to process the EFI variables during PS writes. */
+#undef CRYPTO_ENGINE_BUF_SIZE
+#define CRYPTO_ENGINE_BUF_SIZE 0x5000
+
+/* This is also has to be increased to fit the EFI variables into the iovecs. */
+#undef CRYPTO_IOVEC_BUFFER_SIZE
+#define CRYPTO_IOVEC_BUFFER_SIZE 6000
#endif /* __CONFIG_TFM_TARGET_H__ */
--
2.25.1

28
sources/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0012-corstone1000-Remove-reset-after-capsule-update.patch Normal file
View File

@@ -0,0 +1,28 @@
From 78db43f80676f8038b35edd6674d22fb5ff85c12 Mon Sep 17 00:00:00 2001
From: Bence Balogh <bence.balogh@arm.com>
Date: Mon, 27 May 2024 17:11:31 +0200
Subject: [PATCH] corstone1000: Remove reset after capsule update
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Upstream-Status: Submitted [https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/29065]
---
.../target/arm/corstone1000/services/src/tfm_platform_system.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/platform/ext/target/arm/corstone1000/services/src/tfm_platform_system.c b/platform/ext/target/arm/corstone1000/services/src/tfm_platform_system.c
index 41305ed966..1e837ce3b5 100644
--- a/platform/ext/target/arm/corstone1000/services/src/tfm_platform_system.c
+++ b/platform/ext/target/arm/corstone1000/services/src/tfm_platform_system.c
@@ -28,9 +28,6 @@ enum tfm_platform_err_t tfm_platform_hal_ioctl(tfm_platform_ioctl_req_t request,
case IOCTL_CORSTONE1000_FWU_FLASH_IMAGES:
result = corstone1000_fwu_flash_image();
- if (!result) {
- NVIC_SystemReset();
- }
break;
case IOCTL_CORSTONE1000_FWU_HOST_ACK:
--
2.25.1

88
sources/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0013-Platform-corstone1000-Fix-isolation-L2-memory-protection.patch Normal file
View File

@@ -0,0 +1,88 @@
From 4d3ebb03b89b122af490824ca73287954a35bd07 Mon Sep 17 00:00:00 2001
From: Jamie Fox <jamie.fox@arm.com>
Date: Thu, 22 Aug 2024 16:54:45 +0100
Subject: [PATCH] Platform: corstone1000: Fix isolation L2 memory protection
The whole of the SRAM was configured unprivileged on this platform, so
the memory protection required for isolation level 2 was not present.
This patch changes the S_DATA_START to S_DATA_LIMIT MPU region to be
configured for privileged access only. It also reorders the MPU regions
so that the App RoT sub-region overlapping S_DATA has a higher region
number and so takes priority in the operation of the Armv6-M MPU.
Signed-off-by: Jamie Fox <jamie.fox@arm.com>
Upstream-Status: Submitted [https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/30951]
---
.../arm/corstone1000/tfm_hal_isolation.c | 43 +++++++++----------
1 file changed, 21 insertions(+), 22 deletions(-)
diff --git a/platform/ext/target/arm/corstone1000/tfm_hal_isolation.c b/platform/ext/target/arm/corstone1000/tfm_hal_isolation.c
index 39b19c535..498f14ed2 100644
--- a/platform/ext/target/arm/corstone1000/tfm_hal_isolation.c
+++ b/platform/ext/target/arm/corstone1000/tfm_hal_isolation.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2020-2023, Arm Limited. All rights reserved.
+ * Copyright (c) 2020-2024, Arm Limited. All rights reserved.
* Copyright (c) 2022 Cypress Semiconductor Corporation (an Infineon
* company) or an affiliate of Cypress Semiconductor Corporation. All rights
* reserved.
@@ -99,6 +99,26 @@ enum tfm_hal_status_t tfm_hal_set_up_static_boundaries(
return ret;
}
+ /* Set the RAM attributes. It is needed because the first region overlaps the whole
+ * SRAM and it has to be overridden.
+ * The RAM_MPU_REGION_BLOCK_1_SIZE and RAM_MPU_REGION_BLOCK_2_SIZE are calculated manually
+ * and added to the platform_region_defs compile definitions.
+ */
+ base = S_DATA_START;
+ limit = S_DATA_START + RAM_MPU_REGION_BLOCK_1_SIZE;
+ ret = configure_mpu(rnr++, base, limit,
+ XN_EXEC_NOT_OK, AP_RW_PRIV_ONLY);
+ if (ret != TFM_HAL_SUCCESS) {
+ return ret;
+ }
+
+ base = S_DATA_START + RAM_MPU_REGION_BLOCK_1_SIZE;
+ limit = S_DATA_START + RAM_MPU_REGION_BLOCK_1_SIZE + RAM_MPU_REGION_BLOCK_2_SIZE;
+ ret = configure_mpu(rnr++, base, limit,
+ XN_EXEC_NOT_OK, AP_RW_PRIV_ONLY);
+ if (ret != TFM_HAL_SUCCESS) {
+ return ret;
+ }
/* RW, ZI and stack as one region */
base = (uint32_t)&REGION_NAME(Image$$, TFM_APP_RW_STACK_START, $$Base);
@@ -133,27 +153,6 @@ enum tfm_hal_status_t tfm_hal_set_up_static_boundaries(
#endif
- /* Set the RAM attributes. It is needed because the first region overlaps the whole
- * SRAM and it has to be overridden.
- * The RAM_MPU_REGION_BLOCK_1_SIZE and RAM_MPU_REGION_BLOCK_2_SIZE are calculated manually
- * and added to the platform_region_defs compile definitions.
- */
- base = S_DATA_START;
- limit = S_DATA_START + RAM_MPU_REGION_BLOCK_1_SIZE;
- ret = configure_mpu(rnr++, base, limit,
- XN_EXEC_NOT_OK, AP_RW_PRIV_UNPRIV);
- if (ret != TFM_HAL_SUCCESS) {
- return ret;
- }
-
- base = S_DATA_START + RAM_MPU_REGION_BLOCK_1_SIZE;
- limit = S_DATA_START + RAM_MPU_REGION_BLOCK_1_SIZE + RAM_MPU_REGION_BLOCK_2_SIZE;
- ret = configure_mpu(rnr++, base, limit,
- XN_EXEC_NOT_OK, AP_RW_PRIV_UNPRIV);
- if (ret != TFM_HAL_SUCCESS) {
- return ret;
- }
-
arm_mpu_enable();
#endif /* CONFIG_TFM_ENABLE_MEMORY_PROTECT */
--
2.25.1

56
sources/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-corstone1000.inc Normal file
View File

@@ -0,0 +1,56 @@
# Corstone1000 machines specific TFM support
COMPATIBLE_MACHINE = "(corstone1000)"
TFM_PLATFORM = "arm/corstone1000"
TFM_DEBUG = "1"
## Default is the MPS3 board
TFM_PLATFORM_IS_FVP ?= "FALSE"
EXTRA_OECMAKE += "-DPLATFORM_IS_FVP=${TFM_PLATFORM_IS_FVP}"
EXTRA_OECMAKE += "-DCC312_LEGACY_DRIVER_API_ENABLED=OFF"
SRC_URI += " \
file://0001-arm-trusted-firmware-m-disable-address-warnings-into.patch \
"
FILESEXTRAPATHS:prepend := "${THISDIR}/files:"
SRC_URI:append:corstone1000 = " \
file://0001-platform-corstone1000-Update-MPU-configuration.patch \
file://0002-platform-corstone1000-Cover-S_DATA-with-MPU.patch \
file://0003-platform-corstone1000-align-capsule-update-structs.patch \
file://0004-Platform-Corstone1000-skip-the-first-nv-counter.patch \
file://0005-platform-corstone1000-add-unique-guid-for-mps3.patch \
file://0006-Platform-Corstone1000-Enable-host-firewall-in-FVP.patch \
file://0007-platform-corstone1000-Increase-ITS-max-asset-size.patch \
file://0008-Platform-CS1000-Replace-OpenAMP-with-RSE_COMMS.patch \
file://0009-platform-corstone1000-Increase-RSE_COMMS-buffer-size.patch \
file://0010-CC312-alignment-of-cc312-differences-between-fvp-and.patch \
file://0011-Platform-corstone1000-Increase-buffers-for-EFI-vars.patch \
file://0012-corstone1000-Remove-reset-after-capsule-update.patch \
file://0013-Platform-corstone1000-Fix-isolation-L2-memory-protection.patch \
"
# TF-M ships patches for external dependencies that needs to be applied
apply_tfm_patches() {
find ${S}/lib/ext/qcbor -type f -name '*.patch' -print0 | sort -z | xargs -r -t -0 -n 1 patch -p1 -d ${S}/../qcbor/ -i
find ${S}/lib/ext/mbedcrypto -type f -name '*.patch' -print0 | sort -z | xargs -r -t -0 -n 1 patch -p1 -d ${S}/../mbedtls/ -i
find ${S}/lib/ext/mcuboot -type f -name '*.patch' -print0 | sort -z | xargs -r -t -0 -n 1 patch -p1 -d ${S}/../mcuboot/ -i
find ${S}/lib/ext/tf-m-tests -type f -name '*.patch' -print0 | sort -z | xargs -r -t -0 -n 1 patch -p1 -d ${S}/../tf-m-tests/ -i
}
do_patch[postfuncs] += "apply_tfm_patches"
do_install() {
install -D -p -m 0644 ${B}/bin/tfm_s_signed.bin ${D}/firmware/tfm_s_signed.bin
install -D -p -m 0644 ${B}/bin/bl2_signed.bin ${D}/firmware/bl2_signed.bin
install -D -p -m 0644 ${B}/bin/bl1_1.bin ${D}/firmware/bl1_1.bin
install -D -p -m 0644 ${B}/bin/bl1_provisioning_bundle.bin ${D}/firmware/bl1_provisioning_bundle.bin
}
create_bl1_image(){
dd conv=notrunc bs=1 if=${D}/firmware/bl1_1.bin of=${D}/firmware/bl1.bin seek=0
dd conv=notrunc bs=1 if=${D}/firmware/bl1_provisioning_bundle.bin of=${D}/firmware/bl1.bin seek=40960
}
do_install[postfuncs] += "create_bl1_image"

6
sources/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m_%.bbappend Normal file
View File

@@ -0,0 +1,6 @@
# Machine specific configurations
MACHINE_TFM_REQUIRE ?= ""
MACHINE_TFM_REQUIRE:corstone1000 = "trusted-firmware-m-corstone1000.inc"
require ${MACHINE_TFM_REQUIRE}

Some files were not shown because too many files have changed in this diff Show More