From patchwork Mon Oct 24 13:33:29 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: mohamed.omarasaker@arm.com X-Patchwork-Id: 14381 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0860AC38A2D for ; Mon, 24 Oct 2022 13:33:58 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web10.19380.1666618428746066605 for ; Mon, 24 Oct 2022 06:33:49 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: mohamed.omarasaker@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id A5AFE1042; Mon, 24 Oct 2022 06:33:54 -0700 (PDT) Received: from e126544.cambridge.arm.com (e126544.cambridge.arm.com [10.1.199.72]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 6A6593F7B4; Mon, 24 Oct 2022 06:33:47 -0700 (PDT) From: mohamed.omarasaker@arm.com To: meta-arm@lists.yoctoproject.org, Ross.Burton@arm.com Cc: nd@arm.com, Mohamed Omar Asaker Subject: [PATCH 3/4] arm-bsp/trusted-firmware-m: corstone1000 support FMP image info Date: Mon, 24 Oct 2022 14:33:29 +0100 Message-Id: <20221024133330.10542-4-mohamed.omarasaker@arm.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20221024133330.10542-1-mohamed.omarasaker@arm.com> References: <20221024133330.10542-1-mohamed.omarasaker@arm.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 24 Oct 2022 13:33:58 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/4019 From: Mohamed Omar Asaker Apply tfm patches to support FMP image info Signed-off-by: Mohamed Omar Asaker --- ...e1000-platform-secure-test-framework.patch | 359 +++++++++++ ...ake-external-system-support-optional.patch | 77 +++ ...ble-secure-enclave-run-without-host-.patch | 298 +++++++++ ...on-Allow-configuration-of-input-and-.patch | 72 +++ ...pport-for-UEFI-FMP-image-Information.patch | 573 ++++++++++++++++++ ...0-remove-two-partition-configuration.patch | 51 ++ .../trusted-firmware-m-corstone1000.inc | 11 + 7 files changed, 1441 insertions(+) create mode 100644 meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0001-corstone1000-platform-secure-test-framework.patch create mode 100644 meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0002-corstone1000-make-external-system-support-optional.patch create mode 100644 meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0003-corstone1000-enable-secure-enclave-run-without-host-.patch create mode 100644 meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0004-Platform-Partition-Allow-configuration-of-input-and-.patch create mode 100644 meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0005-corstone1000-support-for-UEFI-FMP-image-Information.patch create mode 100644 meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0006-corstone1000-remove-two-partition-configuration.patch diff --git a/meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0001-corstone1000-platform-secure-test-framework.patch b/meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0001-corstone1000-platform-secure-test-framework.patch new file mode 100644 index 00000000..8f633191 --- /dev/null +++ b/meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0001-corstone1000-platform-secure-test-framework.patch @@ -0,0 +1,359 @@ +From 6ab17eeb8225cdf4afc6956c9a2774d60866c36d Mon Sep 17 00:00:00 2001 +From: Satish Kumar +Date: Mon, 28 Mar 2022 05:16:50 +0100 +Subject: [PATCH 1/6] corstone1000: platform secure test framework + +Change-Id: Ib781927f0add93ec9c06515d251e79518ee1db6e +Signed-off-by: Satish Kumar +Upstream-Status: Accepted [TF-Mv1.7.0] +--- + .../arm/corstone1000/Native_Driver/firewall.c | 15 ++ + .../arm/corstone1000/Native_Driver/firewall.h | 5 + + .../ci_regression_tests/CMakeLists.txt | 45 +++++ + .../corstone1000/ci_regression_tests/s_test.c | 186 ++++++++++++++++++ + .../corstone1000/ci_regression_tests/s_test.h | 30 +++ + .../ci_regression_tests/s_test_config.cmake | 8 + + 6 files changed, 289 insertions(+) + create mode 100644 platform/ext/target/arm/corstone1000/ci_regression_tests/CMakeLists.txt + create mode 100644 platform/ext/target/arm/corstone1000/ci_regression_tests/s_test.c + create mode 100644 platform/ext/target/arm/corstone1000/ci_regression_tests/s_test.h + create mode 100644 platform/ext/target/arm/corstone1000/ci_regression_tests/s_test_config.cmake + +diff --git a/platform/ext/target/arm/corstone1000/Native_Driver/firewall.c b/platform/ext/target/arm/corstone1000/Native_Driver/firewall.c +index 788cc3ec92..356b85e9d5 100755 +--- a/platform/ext/target/arm/corstone1000/Native_Driver/firewall.c ++++ b/platform/ext/target/arm/corstone1000/Native_Driver/firewall.c +@@ -293,6 +293,21 @@ void fc_enable_mpl(enum rgn_mpe_t mpe, enum rgn_mpl_t mpl) + ptr->rgn_mpl3 |= (mpl & RGN_MPL_EN_MASK); + } + ++void fc_read_mpl(enum rgn_mpe_t mpe, enum rgn_mpl_t* mpl) ++{ ++ struct _firewall_pe_rwe_reg_map_t *ptr = ++ (struct _firewall_pe_rwe_reg_map_t *)fw_data.rwe_ptr; ++ if (mpe == RGN_MPE0) ++ *mpl = (ptr->rgn_mpl0 & RGN_MPL_EN_MASK); ++ else if (mpe == RGN_MPE1) ++ *mpl = (ptr->rgn_mpl1 & RGN_MPL_EN_MASK); ++ else if (mpe == RGN_MPE2) ++ *mpl = (ptr->rgn_mpl2 & RGN_MPL_EN_MASK); ++ else if (mpe == RGN_MPE3) ++ *mpl = (ptr->rgn_mpl3 & RGN_MPL_EN_MASK); ++} ++ ++ + void fc_disable_mpl(enum rgn_mpe_t mpe, enum rgn_mpl_t mpl) + { + struct _firewall_pe_rwe_reg_map_t *ptr = +diff --git a/platform/ext/target/arm/corstone1000/Native_Driver/firewall.h b/platform/ext/target/arm/corstone1000/Native_Driver/firewall.h +index 48c86725ef..17afe6a92f 100755 +--- a/platform/ext/target/arm/corstone1000/Native_Driver/firewall.h ++++ b/platform/ext/target/arm/corstone1000/Native_Driver/firewall.h +@@ -247,6 +247,11 @@ void fc_init_mpl(enum rgn_mpe_t mpe); + */ + void fc_enable_mpl(enum rgn_mpe_t mpe, enum rgn_mpl_t mpl); + ++/** ++ * \brief Reads Master Permission List in the selected Firewall Component ++ */ ++void fc_read_mpl(enum rgn_mpe_t mpe, enum rgn_mpl_t* mpl); ++ + /** + * \brief Disables Master Permission List in the selected Firewall Component + */ +diff --git a/platform/ext/target/arm/corstone1000/ci_regression_tests/CMakeLists.txt b/platform/ext/target/arm/corstone1000/ci_regression_tests/CMakeLists.txt +new file mode 100644 +index 0000000000..70e1c20e4e +--- /dev/null ++++ b/platform/ext/target/arm/corstone1000/ci_regression_tests/CMakeLists.txt +@@ -0,0 +1,45 @@ ++#------------------------------------------------------------------------------- ++# Copyright (c) 2021-22, Arm Limited. All rights reserved. ++# ++# SPDX-License-Identifier: BSD-3-Clause ++# ++#------------------------------------------------------------------------------- ++ ++cmake_policy(SET CMP0079 NEW) ++ ++include(${CMAKE_CURRENT_SOURCE_DIR}/s_test_config.cmake) ++ ++####################### Secure ################################################# ++ ++add_library(corstone1000_test_s STATIC EXCLUDE_FROM_ALL) ++ ++target_sources(corstone1000_test_s ++ PRIVATE ++ ${CMAKE_CURRENT_SOURCE_DIR}/s_test.c ++ ../Native_Driver/firewall.c ++) ++ ++target_include_directories(corstone1000_test_s ++ PRIVATE ++ ${CMAKE_CURRENT_SOURCE_DIR} ++ ../Device/Include ++ ../Native_Driver ++) ++ ++# Example test links tfm_test_suite_extra_common to use related interface ++target_link_libraries(corstone1000_test_s ++ PRIVATE ++ tfm_test_suite_extra_common ++ tfm_log ++) ++ ++target_compile_definitions(corstone1000_test_s ++ PRIVATE ++ $<$:PLATFORM_IS_FVP> ++) ++ ++# The corstone1000_test_s library is linked by tfm_test_suite_extra_s ++target_link_libraries(tfm_test_suite_extra_s ++ PRIVATE ++ corstone1000_test_s ++) +diff --git a/platform/ext/target/arm/corstone1000/ci_regression_tests/s_test.c b/platform/ext/target/arm/corstone1000/ci_regression_tests/s_test.c +new file mode 100644 +index 0000000000..963f46d2ab +--- /dev/null ++++ b/platform/ext/target/arm/corstone1000/ci_regression_tests/s_test.c +@@ -0,0 +1,186 @@ ++/* ++ * Copyright (c) 2021-22, Arm Limited. All rights reserved. ++ * ++ * SPDX-License-Identifier: BSD-3-Clause ++ * ++ */ ++ ++#include "s_test.h" ++#include "platform_base_address.h" ++#include "firewall.h" ++#include "tfm_log_raw.h" ++ ++#define DISABLED_TEST 0 ++ ++enum host_firewall_host_comp_id_t { ++ HOST_FCTRL = (0x00u), ++ COMP_SYSPERIPH, ++ COMP_DBGPERIPH, ++ COMP_AONPERIPH, ++ COMP_XNVM, ++ COMP_CVM, ++ COMP_HOSTCPU, ++ COMP_EXTSYS0, ++ COMP_EXTSYS1, ++ COMP_EXPSLV0, ++ COMP_EXPSLV1, ++ COMP_EXPMST0, ++ COMP_EXPMST1, ++ COMP_OCVM, ++ COMP_DEBUG, ++}; ++ ++const struct extra_tests_t plat_s_t = { ++ .test_entry = s_test, ++ .expected_ret = EXTRA_TEST_SUCCESS ++}; ++ ++static int test_host_firewall_status(void) ++{ ++ enum fw_lockdown_status_t status; ++ uint32_t any_component_id = 2; ++ ++ fc_select((void *)CORSTONE1000_HOST_FIREWALL_BASE, any_component_id); ++ status = fw_get_lockdown_status(); ++ if (status != FW_LOCKED) { ++ tfm_log_printf("FAIL: %s.\n\r", __func__); ++ return EXTRA_TEST_FAILED; ++ } ++ ++ tfm_log_printf("PASS: %s\n\r", __func__); ++ return EXTRA_TEST_SUCCESS; ++} ++ ++static int test_host_firewall_external_flash_configurations(void) ++{ ++ enum rgn_mpl_t mpl_rights = 0; ++ enum rgn_mpl_t expected_rights = 0; ++ ++#if !(PLATFORM_IS_FVP) ++ /* External flash */ ++ fc_select((void *)CORSTONE1000_HOST_FIREWALL_BASE, COMP_EXPMST0); ++ fc_select_region(3); ++ fc_read_mpl(RGN_MPE0, &mpl_rights); ++ expected_rights = (RGN_MPL_ANY_MST_MASK | RGN_MPL_SECURE_READ_MASK | ++ RGN_MPL_SECURE_WRITE_MASK); ++ if (mpl_rights != expected_rights) { ++ tfm_log_printf("FAIL1: %s.\n\r", __func__); ++ return EXTRA_TEST_FAILED; ++ } ++ /* XIP Permissions */ ++ fc_select((void *)CORSTONE1000_HOST_FIREWALL_BASE, COMP_XNVM); ++ fc_select_region(1); ++ fc_read_mpl(RGN_MPE0, &mpl_rights); ++ expected_rights = (RGN_MPL_ANY_MST_MASK | ++ RGN_MPL_SECURE_READ_MASK | ++ RGN_MPL_NONSECURE_READ_MASK); ++ if (mpl_rights != expected_rights) { ++ tfm_log_printf("FAIL2: %s.\n\r", __func__); ++ return EXTRA_TEST_FAILED; ++ } ++#else ++ /* Enable the below test when FVP Host Firewall is configured. */ ++ /* ++ fc_select((void *)CORSTONE1000_HOST_FIREWALL_BASE, COMP_XNVM); ++ fc_select_region(1); ++ fc_read_mpl(RGN_MPE0, &mpl_rights); ++ tfm_log_printf("mpl rights = %d\n\r", mpl_rights); ++ expected_rights = (RGN_MPL_ANY_MST_MASK | ++ RGN_MPL_SECURE_READ_MASK | ++ RGN_MPL_SECURE_WRITE_MASK | ++ RGN_MPL_NONSECURE_READ_MASK | ++ RGN_MPL_NONSECURE_WRITE_MASK); ++ if (mpl_rights != expected_rights) { ++ tfm_log_printf("FAIL1: %s.\n\r", __func__); ++ return EXTRA_TEST_FAILED; ++ } ++ */ ++#endif ++ ++ tfm_log_printf("PASS: %s\n\r", __func__); ++ return EXTRA_TEST_SUCCESS; ++} ++ ++static int test_host_firewall_secure_flash_configurations(void) ++{ ++ enum rgn_mpl_t mpl_rights = 0; ++ enum rgn_mpl_t expected_rights = 0; ++ ++#if !(PLATFORM_IS_FVP) ++ /* External flash */ ++ fc_select((void *)CORSTONE1000_HOST_FIREWALL_BASE, COMP_EXPMST1); ++ fc_select_region(1); ++ fc_read_mpl(RGN_MPE0, &mpl_rights); ++ expected_rights = (RGN_MPL_ANY_MST_MASK | RGN_MPL_SECURE_READ_MASK | ++ RGN_MPL_SECURE_WRITE_MASK); ++ if (mpl_rights != expected_rights) { ++ tfm_log_printf("FAIL: %s.\n\r", __func__); ++ return EXTRA_TEST_FAILED; ++ } ++#endif ++ ++ tfm_log_printf("PASS: %s\n\r", __func__); ++ return EXTRA_TEST_SUCCESS; ++} ++ ++static int test_bir_programming(void) ++{ ++ /* BIR is expected to bhaive like write once register */ ++ ++ volatile uint32_t *bir_base = (uint32_t *)CORSTONE1000_HOST_BIR_BASE; ++ ++ bir_base[0] = 0x1; ++ bir_base[0] = 0x2; ++ if (bir_base[0] != 0x1) { ++ tfm_log_printf("FAIL: %s : (%u)\n\r", __func__, bir_base[0]); ++ return EXTRA_TEST_FAILED; ++ } ++ ++ tfm_log_printf("PASS: %s\n\r", __func__); ++ return EXTRA_TEST_SUCCESS; ++} ++ ++int32_t s_test(void) ++{ ++ int status; ++ int failures = 0; ++ ++#if (DISABLED_TEST == 1) ++ status = test_host_firewall_status(); ++ if (status) { ++ failures++; ++ } ++#endif ++ ++ status = test_host_firewall_secure_flash_configurations(); ++ if (status) { ++ failures++; ++ } ++ ++ status = test_host_firewall_external_flash_configurations(); ++ if (status) { ++ failures++; ++ } ++ ++#if (DISABLED_TEST == 1) ++ status = test_bir_programming(); ++ if (status) { ++ failures++; ++ } ++#endif ++ ++ if (failures) { ++ tfm_log_printf("Not all platform test could pass: failures=%d\n\r", failures); ++ return EXTRA_TEST_FAILED; ++ } ++ ++ tfm_log_printf("ALL_PASS: corstone1000 platform test cases passed.\n\r"); ++ return EXTRA_TEST_SUCCESS; ++} ++ ++int32_t extra_tests_init(struct extra_tests_t *internal_test_t) ++{ ++ /* Add platform init code here. */ ++ ++ return register_extra_tests(internal_test_t, &plat_s_t); ++} +diff --git a/platform/ext/target/arm/corstone1000/ci_regression_tests/s_test.h b/platform/ext/target/arm/corstone1000/ci_regression_tests/s_test.h +new file mode 100644 +index 0000000000..8aff4d679c +--- /dev/null ++++ b/platform/ext/target/arm/corstone1000/ci_regression_tests/s_test.h +@@ -0,0 +1,30 @@ ++/* ++ * Copyright (c) 2021-22, Arm Limited. All rights reserved. ++ * ++ * SPDX-License-Identifier: BSD-3-Clause ++ * ++ */ ++ ++#ifndef __S_TESTS_H__ ++#define __S_TESTS_H__ ++ ++#include "extra_tests_common.h" ++ ++#ifdef __cplusplus ++extern "C" { ++#endif ++ ++const struct extra_tests_t plat_s_t; ++ ++/** ++ * \brief Platform specific secure test function. ++ * ++ * \returns Returns error code as specified in \ref int32_t ++ */ ++int32_t s_test(void); ++ ++#ifdef __cplusplus ++} ++#endif ++ ++#endif /* __S_TESTS_H__ */ +diff --git a/platform/ext/target/arm/corstone1000/ci_regression_tests/s_test_config.cmake b/platform/ext/target/arm/corstone1000/ci_regression_tests/s_test_config.cmake +new file mode 100644 +index 0000000000..bb8d26bf1c +--- /dev/null ++++ b/platform/ext/target/arm/corstone1000/ci_regression_tests/s_test_config.cmake +@@ -0,0 +1,8 @@ ++#------------------------------------------------------------------------------- ++# Copyright (c) 2021-22, Arm Limited. All rights reserved. ++# ++# SPDX-License-Identifier: BSD-3-Clause ++# ++#------------------------------------------------------------------------------- ++ ++############ Define secure test specific cmake configurations here ############# +-- +2.25.1 + diff --git a/meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0002-corstone1000-make-external-system-support-optional.patch b/meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0002-corstone1000-make-external-system-support-optional.patch new file mode 100644 index 00000000..c6bacb49 --- /dev/null +++ b/meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0002-corstone1000-make-external-system-support-optional.patch @@ -0,0 +1,77 @@ +From 6fd49ab55c3419429e437845864c5bb2d731da29 Mon Sep 17 00:00:00 2001 +From: Satish Kumar +Date: Mon, 25 Apr 2022 05:26:38 +0100 +Subject: [PATCH 2/6] corstone1000: make external system support optional + +The commits introduce build time variables to make +external system support in the platform optional. + +Change-Id: I593014e0da4ac553c105c66ae55f6fd83ffe427e +Signed-off-by: Satish Kumar +Upstream-Status: Accepted [TF-Mv1.7.0] +--- + .../ext/target/arm/corstone1000/CMakeLists.txt | 1 + + platform/ext/target/arm/corstone1000/config.cmake | 1 + + .../target/arm/corstone1000/tfm_hal_multi_core.c | 15 +++++++++++++++ + 3 files changed, 17 insertions(+) + +diff --git a/platform/ext/target/arm/corstone1000/CMakeLists.txt b/platform/ext/target/arm/corstone1000/CMakeLists.txt +index 16bc708964..39d7b03455 100644 +--- a/platform/ext/target/arm/corstone1000/CMakeLists.txt ++++ b/platform/ext/target/arm/corstone1000/CMakeLists.txt +@@ -97,6 +97,7 @@ target_compile_definitions(platform_s + PRIVATE + $<$:PLATFORM_IS_FVP> + $<$:TEST_S> ++ $<$:EXTERNAL_SYSTEM_SUPPORT> + ) + + #========================= Platform BL2 =======================================# +diff --git a/platform/ext/target/arm/corstone1000/config.cmake b/platform/ext/target/arm/corstone1000/config.cmake +index e5f91108ee..a3399db318 100644 +--- a/platform/ext/target/arm/corstone1000/config.cmake ++++ b/platform/ext/target/arm/corstone1000/config.cmake +@@ -21,6 +21,7 @@ set(CRYPTO_HW_ACCELERATOR ON CACHE BOOL "Whether to en + set(CRYPTO_NV_SEED OFF CACHE BOOL "Use stored NV seed to provide entropy") + set(TFM_CRYPTO_TEST_ALG_CFB OFF CACHE BOOL "Test CFB cryptography mode") + set(NS FALSE CACHE BOOL "Whether to build NS app") ++set(EXTERNAL_SYSTEM_SUPPORT OFF CACHE BOOL "Whether to include external system support.") + + # FVP is not integrated/tested with CC312. + if (${PLATFORM_IS_FVP}) +diff --git a/platform/ext/target/arm/corstone1000/tfm_hal_multi_core.c b/platform/ext/target/arm/corstone1000/tfm_hal_multi_core.c +index 8e1b455086..8622844d91 100644 +--- a/platform/ext/target/arm/corstone1000/tfm_hal_multi_core.c ++++ b/platform/ext/target/arm/corstone1000/tfm_hal_multi_core.c +@@ -16,6 +16,16 @@ + #define HOST_CPU_PE0_CONFIG_OFFSET 0x010 + #define AA64nAA32_MASK (1 << 3) + ++#ifdef EXTERNAL_SYSTEM_SUPPORT ++void tfm_external_system_boot() ++{ ++ volatile uint32_t *ext_sys_reset_ctl_reg = (uint32_t *)(CORSTONE1000_EXT_SYS_RESET_REG); ++ ++ /* de-assert CPU_WAIT signal*/ ++ *ext_sys_reset_ctl_reg = 0x0; ++} ++#endif ++ + void tfm_hal_boot_ns_cpu(uintptr_t start_addr) + { + /* Switch the shared flash to XiP mode for the host */ +@@ -53,6 +63,11 @@ void tfm_hal_boot_ns_cpu(uintptr_t start_addr) + *reset_ctl_reg = 0; + + (void) start_addr; ++ ++#ifdef EXTERNAL_SYSTEM_SUPPORT ++ /*release EXT SYS out of reset*/ ++ tfm_external_system_boot(); ++#endif + } + + void tfm_hal_wait_for_ns_cpu_ready(void) +-- +2.25.1 + diff --git a/meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0003-corstone1000-enable-secure-enclave-run-without-host-.patch b/meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0003-corstone1000-enable-secure-enclave-run-without-host-.patch new file mode 100644 index 00000000..64229522 --- /dev/null +++ b/meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0003-corstone1000-enable-secure-enclave-run-without-host-.patch @@ -0,0 +1,298 @@ +From 2e56f2601249243f2fb3ba67caf9febe4bfc8371 Mon Sep 17 00:00:00 2001 +From: Satish Kumar +Date: Tue, 26 Apr 2022 20:17:13 +0100 +Subject: [PATCH 3/6] corstone1000: enable secure enclave run without host + binaries + +In TEST_S configuration, the build disables part of the code which +assumes that the host binaries are present in the flash. This change +will allow secure enclave's part of the platforms software to build +and run without the host support. The configuration can be used to run +CI and test secure enclave software independently. + +Change-Id: I29325750a3bea270fe5b3b8b47932a7071a59482 +Signed-off-by: Satish Kumar +Upstream-Status: Accepted [TF-Mv1.7.0] +--- + .../ext/target/arm/corstone1000/readme.rst | 88 +++++++++++++++---- + .../target/arm/corstone1000/CMakeLists.txt | 8 +- + .../arm/corstone1000/bl1/CMakeLists.txt | 2 +- + .../target/arm/corstone1000/bl2_flash_map.c | 2 + + .../target/arm/corstone1000/boot_hal_bl2.c | 2 + + .../ext/target/arm/corstone1000/config.cmake | 11 ++- + .../arm/corstone1000/partition/flash_layout.h | 2 +- + .../arm/corstone1000/tfm_hal_multi_core.c | 2 + + 8 files changed, 94 insertions(+), 23 deletions(-) + +diff --git a/docs/platform/ext/target/arm/corstone1000/readme.rst b/docs/platform/ext/target/arm/corstone1000/readme.rst +index 94b58ac6fc..10c9c58f78 100644 +--- a/docs/platform/ext/target/arm/corstone1000/readme.rst ++++ b/docs/platform/ext/target/arm/corstone1000/readme.rst +@@ -7,22 +7,27 @@ Introduction + ************ + + The ARM's Corstone-1000 platform is a reference implementation of PSA FF-M +-architecture where NSPE and SPE environments are partitioned into ++architecture where NSPE and SPE environments are partitioned/isolated into + Cortex-A35 and Cortex-M0+ respectively. + + Cortex-M0+ acting as Secure Enclave is the Root-of-trust of SoC. Its +-software comprises of two boot loading stages, i.e. Bl1 and Bl2, based on +-mcuboot, and TF-M as run time software. Cortex-A35, also referred as host, +-is completely treated as non-secure from the Secure Enclave perspective. ++software comprises of two boot loading stages, i.e. Bl1 and Bl2 (based on ++mcuboot) and TF-M as run time software. Cortex-A35, also referred as host, ++is treated as non-secure from the Secure Enclave perspective. + The Cortex-A35 is brought out of rest by Secure Enclave in aarch64 bit mode, + and boots the software ecosystem based on linux, u-boot, UEFI run time +-services, TF-A and Optee. ++services, TF-A, Secure Partitions and Optee. + + The communication between NSPE and SPE is based on PSA IPC protocol running on +-top of OpenAMP. ++top of FF-A/OpenAMP. + + The secure enclave subsystem has ARM's CC-312 (Crypto Cell) hardware to +-accelerate cryptographic operations. ++accelerate cryptographic operations. Additionaly, platform supports Secure Debug ++using SDC-600 as the communication interface between host debugger and platform ++target. The platform has the build option to enable secure debug protocol to ++unlock debug ports during boot time. The protocol is based on ARM's ADAC ++(Authenticated Debug Access Control) standard. ++ + + *********** + System boot +@@ -33,23 +38,76 @@ System boot + - BL1 load, verifies and transfer execution to BL2 which is again based on mcuboot. + - BL2 loads and verifies TF-M and host's initial boot loader image. + - BL2 transfer the execution to the TF-M. +-- During TF-M initialization, the host is reset. ++- During TF-M initialization, the host is taken out of rest. ++- Hashes of the keys used for image verification are stored in the OTP memory. + + ***** + Build + ***** + +-.. code-block:: ++Platform solution ++================= ++ ++The platform binaries are build using Yocto. Below is the user guide: ++ ++`Arm Corstone-1000 User Guide`_ ++ ++Secure Test ++=========== ++ ++This section can be used to test the secure enclave software indedendently from ++the host. The below configuration builds the secure enclave binaries with CI test ++frame integrated. On boot, secure enclave softwares stack is brought up, and ++CI tests starts executing at the end of the initialization process. In the ++below configuration, host software support is disabled, and meant only ++to test/verify the secure enclave softwares. ++ ++FVP ++--- + +- cmake -B build/ -S / -DCMAKE_BUILD_TYPE=Debug -DTFM_TOOLCHAIN_FILE=/toolchain_GNUARM.cmake -DTFM_PLATFORM=arm/corstone1000 ++- Download Corstone-1000 FVP from : `Arm Ecosystem FVPs`_ ++- Install FVP by running the shell script. ++- Running of the binary will boot secure enclave software stack and at the end all CI test ++ from tf-m-test along with platform specific tests are executed. ++ ++.. code-block:: bash ++ ++ cmake -B build/ -S / -DCMAKE_BUILD_TYPE=Debug -DTFM_TOOLCHAIN_FILE=/toolchain_GNUARM.cmake -DTFM_PLATFORM=arm/corstone1000 -DPLATFORM_IS_FVP=TRUE -DTEST_NS=OFF -DTEST_S=ON -DEXTRA_S_TEST_SUITES_PATHS=/trusted-firmware-m/platform/ext/target/arm/corstone1000/ci_regression_tests/ + cmake --build build -- install ++ cd ./build/install/outputs/ ++ cat bl2_signed.bin bl2_signed.bin tfm_s_signed.bin > cs1000.bin ++ cd /models/Linux64_GCC-9.3/ ++ ./FVP_Corstone-1000 -C board.flashloader0.fname="none" -C se.trustedBootROMloader.fname=".//install/outputs/bl1.bin" -C board.xnvm_size=64 -C se.trustedSRAM_config=6 -C se.BootROM_config="3" -C board.smsc_91c111.enabled=0 -C board.hostbridge.userNetworking=true --data board.flash0=.//install/outputs/cs1000.bin@0x68100000 -C diagnostics=4 -C disable_visualisation=true -C board.se_flash_size=8192 -C diagnostics=4 -C disable_visualisation=true ++ ++FPGA ++---- + +-The binaries will be installed inside: ++- Follow the above pointed platform user guide to setup the FPGA board. ++- Use the BL1 generated from the below commands to place it inside FPGA board SD Card. ++- Use the cs1000.bin created from the below commands to place it inside FPGA board SD Card. ++ ++.. code-block:: bash ++ ++ cmake -B build/ -S / -DCMAKE_BUILD_TYPE=Debug -DTFM_TOOLCHAIN_FILE=/toolchain_GNUARM.cmake -DTFM_PLATFORM=arm/corstone1000 -DTEST_NS=OFF -DTEST_S=ON -DEXTRA_S_TEST_SUITES_PATHS=/trusted-firmware-m/platform/ext/target/arm/corstone1000/ci_regression_tests/ -DTEST_S_PS=OFF -DTEST_S_PLATFORM=OFF ++ cmake --build build -- install ++ cd ./build/install/outputs/ ++ cat bl2_signed.bin bl2_signed.bin tfm_s_signed.bin > cs1000.bin ++ cp bl1.bin /SOFTWARE/ ++ cp cs1000.bin /SOFTWARE/ + +-.. code-block:: ++FPGA build can not compile all the CI tests into a single build as it exceeds ++the available RAM size. So there is a need to select few tests but not all. ++The above configuration disable build of -DTEST_S_PS and -DTEST_S_PLATFORM. ++Other test configurations are: + +- ./build/install/outputs/ARM/CORSTONE1000 ++- -DTEST_S_ATTESTATION=ON/OFF ++- -DTEST_S_AUDIT=ON/OFF ++- -DTEST_S_CRYPTO=ON/OFF ++- -DTEST_S_ITS=ON/OFF ++- -DTEST_S_PS=ON/OFF ++- -DTEST_S_PLATFORM=ON/OFF + +--------------- ++*Copyright (c) 2021-2022, Arm Limited. All rights reserved.* + +-*Copyright (c) 2021, Arm Limited. All rights reserved.* ++.. _Arm Ecosystem FVPs: https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps ++.. _Arm Corstone-1000 User Guide: https://gitlab.arm.com/arm-reference-solutions/arm-reference-solutions-docs/-/blob/CORSTONE1000-2022.04.19/docs/embedded-a/corstone1000/user-guide.rst +diff --git a/platform/ext/target/arm/corstone1000/CMakeLists.txt b/platform/ext/target/arm/corstone1000/CMakeLists.txt +index 39d7b03455..81522c7cf0 100644 +--- a/platform/ext/target/arm/corstone1000/CMakeLists.txt ++++ b/platform/ext/target/arm/corstone1000/CMakeLists.txt +@@ -18,7 +18,7 @@ target_include_directories(platform_region_defs + + target_compile_definitions(platform_region_defs + INTERFACE +- $<$:TEST_S> ++ $<$:TFM_S_REG_TEST> + ) + #========================= Platform common defs ===============================# + +@@ -75,7 +75,7 @@ target_sources(platform_s + $<$:${CMAKE_CURRENT_SOURCE_DIR}/services/src/tfm_platform_system.c> + fw_update_agent/uefi_capsule_parser.c + fw_update_agent/fwu_agent.c +- $<$:${CMAKE_CURRENT_SOURCE_DIR}/target_cfg.c> ++ $<$:${CMAKE_CURRENT_SOURCE_DIR}/target_cfg.c> + ) + + if (PLATFORM_IS_FVP) +@@ -96,7 +96,7 @@ endif() + target_compile_definitions(platform_s + PRIVATE + $<$:PLATFORM_IS_FVP> +- $<$:TEST_S> ++ $<$:TFM_S_REG_TEST> + $<$:EXTERNAL_SYSTEM_SUPPORT> + ) + +@@ -136,7 +136,7 @@ endif() + target_compile_definitions(platform_bl2 + PRIVATE + $<$:PLATFORM_IS_FVP> +- $<$:TEST_S> ++ $<$:TFM_S_REG_TEST> + ) + + # boot_hal_bl2.c is compiled as part of 'bl2' target and not inside +diff --git a/platform/ext/target/arm/corstone1000/bl1/CMakeLists.txt b/platform/ext/target/arm/corstone1000/bl1/CMakeLists.txt +index 369695f148..d39c5ae91d 100644 +--- a/platform/ext/target/arm/corstone1000/bl1/CMakeLists.txt ++++ b/platform/ext/target/arm/corstone1000/bl1/CMakeLists.txt +@@ -291,7 +291,7 @@ target_compile_definitions(signing_layout_for_bl2 + PRIVATE + MCUBOOT_IMAGE_NUMBER=${BL1_IMAGE_NUMBER} + BL1 +- $<$:TEST_S> ++ $<$:TFM_S_REG_TEST> + ) + + target_include_directories(signing_layout_for_bl2 +diff --git a/platform/ext/target/arm/corstone1000/bl2_flash_map.c b/platform/ext/target/arm/corstone1000/bl2_flash_map.c +index 6bffa274df..0a6a592d94 100644 +--- a/platform/ext/target/arm/corstone1000/bl2_flash_map.c ++++ b/platform/ext/target/arm/corstone1000/bl2_flash_map.c +@@ -38,6 +38,7 @@ struct flash_area flash_map[] = { + .fa_off = FLASH_AREA_1_OFFSET, + .fa_size = FLASH_AREA_1_SIZE, + }, ++#ifndef TFM_S_REG_TEST + { + .fa_id = FLASH_AREA_2_ID, + .fa_device_id = FLASH_DEVICE_ID, +@@ -52,6 +53,7 @@ struct flash_area flash_map[] = { + .fa_off = FLASH_INVALID_OFFSET, + .fa_size = FLASH_INVALID_SIZE, + }, ++#endif + }; + + const int flash_map_entry_num = ARRAY_SIZE(flash_map); +diff --git a/platform/ext/target/arm/corstone1000/boot_hal_bl2.c b/platform/ext/target/arm/corstone1000/boot_hal_bl2.c +index 792e06f81e..134315a17b 100644 +--- a/platform/ext/target/arm/corstone1000/boot_hal_bl2.c ++++ b/platform/ext/target/arm/corstone1000/boot_hal_bl2.c +@@ -100,10 +100,12 @@ int32_t boot_platform_init(void) + return 1; + } + ++#ifndef TFM_S_REG_TEST + result = fill_bl2_flash_map_by_parsing_fips(BANK_0_PARTITION_OFFSET); + if (result) { + return 1; + } ++#endif + + result = FLASH_DEV_NAME.Initialize(NULL); + if (result != ARM_DRIVER_OK) { +diff --git a/platform/ext/target/arm/corstone1000/config.cmake b/platform/ext/target/arm/corstone1000/config.cmake +index a3399db318..a6a1a33c42 100644 +--- a/platform/ext/target/arm/corstone1000/config.cmake ++++ b/platform/ext/target/arm/corstone1000/config.cmake +@@ -13,8 +13,15 @@ set(DEFAULT_MCUBOOT_FLASH_MAP OFF CACHE BOOL "Whether to us + set(MCUBOOT_UPGRADE_STRATEGY "RAM_LOAD" CACHE STRING "Upgrade strategy when multiple boot images are loaded") + set(MCUBOOT_SECURITY_COUNTER_S "1" CACHE STRING "Security counter for S image. auto sets it to IMAGE_VERSION_S") + +-set(TFM_ISOLATION_LEVEL 2 CACHE STRING "Isolation level") +-set(MCUBOOT_IMAGE_NUMBER 2 CACHE STRING "Whether to combine S and NS into either 1 image, or sign each separately") ++if (TEST_S OR TEST_S_ATTESTATION OR TEST_S_AUDIT OR TEST_S_CRYPTO OR TEST_S_ITS OR TEST_S_PS OR TEST_S_PLATFORM OR EXTRA_S_TEST_SUITES_PATHS) ++ # Test configuration: host images are not needed and work only with isolation level 1 ++ set(MCUBOOT_IMAGE_NUMBER 1 CACHE STRING "Whether to combine S and NS into either 1 image, or sign each separately") ++ set(TFM_ISOLATION_LEVEL 1 CACHE STRING "Isolation level") ++else() ++ set(MCUBOOT_IMAGE_NUMBER 2 CACHE STRING "Whether to combine S and NS into either 1 image, or sign each separately") ++ set(TFM_ISOLATION_LEVEL 2 CACHE STRING "Isolation level") ++endif() ++ + set(TFM_MULTI_CORE_TOPOLOGY ON CACHE BOOL "Whether to build for a dual-cpu architecture") + set(TFM_PLAT_SPECIFIC_MULTI_CORE_COMM ON CACHE BOOL "Whether to use a platform specific inter core communication instead of mailbox in dual-cpu topology") + set(CRYPTO_HW_ACCELERATOR ON CACHE BOOL "Whether to enable the crypto hardware accelerator on supported platforms") +diff --git a/platform/ext/target/arm/corstone1000/partition/flash_layout.h b/platform/ext/target/arm/corstone1000/partition/flash_layout.h +index aa5a8fe463..b0319bb319 100644 +--- a/platform/ext/target/arm/corstone1000/partition/flash_layout.h ++++ b/platform/ext/target/arm/corstone1000/partition/flash_layout.h +@@ -119,7 +119,7 @@ + * + */ + #define SE_BL2_PARTITION_SIZE (0x19000) /* 100 KB */ +-#ifdef TEST_S ++#ifdef TFM_S_REG_TEST + #define TFM_PARTITION_SIZE (0x61C00) /* 391 KB */ + #else + #define TFM_PARTITION_SIZE (0x5E000) /* 376 KB */ +diff --git a/platform/ext/target/arm/corstone1000/tfm_hal_multi_core.c b/platform/ext/target/arm/corstone1000/tfm_hal_multi_core.c +index 8622844d91..1146ffe22a 100644 +--- a/platform/ext/target/arm/corstone1000/tfm_hal_multi_core.c ++++ b/platform/ext/target/arm/corstone1000/tfm_hal_multi_core.c +@@ -31,6 +31,7 @@ void tfm_hal_boot_ns_cpu(uintptr_t start_addr) + /* Switch the shared flash to XiP mode for the host */ + Select_XIP_Mode_For_Shared_Flash(); + ++#ifndef TFM_S_REG_TEST + volatile uint32_t *bir_base = (uint32_t *)CORSTONE1000_HOST_BIR_BASE; + + /* Program Boot Instruction Register to jump to BL2 (TF-A) base address +@@ -68,6 +69,7 @@ void tfm_hal_boot_ns_cpu(uintptr_t start_addr) + /*release EXT SYS out of reset*/ + tfm_external_system_boot(); + #endif ++#endif /* !TFM_S_REG_TEST */ + } + + void tfm_hal_wait_for_ns_cpu_ready(void) +-- +2.25.1 + diff --git a/meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0004-Platform-Partition-Allow-configuration-of-input-and-.patch b/meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0004-Platform-Partition-Allow-configuration-of-input-and-.patch new file mode 100644 index 00000000..211fb9e6 --- /dev/null +++ b/meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0004-Platform-Partition-Allow-configuration-of-input-and-.patch @@ -0,0 +1,72 @@ +From f3686dfb8fb97cb42c3d4f8ee2d7aa736d5cb760 Mon Sep 17 00:00:00 2001 +From: Satish Kumar +Date: Wed, 3 Aug 2022 15:50:27 +0100 +Subject: [PATCH 4/6] Platform Partition: Allow configuration of input and + output buffer + +The change makes input and output buffer size macros used by +the platform partition to be configured by cmake. This will +allow platforms to set the buffer size accordingly. + +Change-Id: Ia492ce02f8744b0157228d9be51a9ec5b7c88ef6 +Signed-off-by: Satish Kumar +Upstream-Status: Accepted [TF-Mv1.7.0] +--- + config/config_default.cmake | 2 ++ + secure_fw/partitions/platform/CMakeLists.txt | 6 ++++++ + secure_fw/partitions/platform/platform_sp.c | 9 +++++++-- + 3 files changed, 15 insertions(+), 2 deletions(-) + +diff --git a/config/config_default.cmake b/config/config_default.cmake +index 3112b707bc..497c972dc9 100755 +--- a/config/config_default.cmake ++++ b/config/config_default.cmake +@@ -141,6 +141,8 @@ set(ATTEST_INCLUDE_OPTIONAL_CLAIMS ON CACHE BOOL "Include opt + set(ATTEST_INCLUDE_COSE_KEY_ID OFF CACHE BOOL "Include COSE key-id in initial attestation token") + + set(TFM_PARTITION_PLATFORM ON CACHE BOOL "Enable Platform partition") ++set(PLATFORM_SERVICE_INPUT_BUFFER_SIZE 64 CACHE STRING "Size of input buffer in platform service.") ++set(PLATFORM_SERVICE_OUTPUT_BUFFER_SIZE 64 CACHE STRING "Size of output buffer in platform service.") + + set(TFM_PARTITION_AUDIT_LOG OFF CACHE BOOL "Enable Audit Log partition") + +diff --git a/secure_fw/partitions/platform/CMakeLists.txt b/secure_fw/partitions/platform/CMakeLists.txt +index 4b37cd780c..3070f89d6d 100644 +--- a/secure_fw/partitions/platform/CMakeLists.txt ++++ b/secure_fw/partitions/platform/CMakeLists.txt +@@ -47,6 +47,12 @@ target_link_libraries(tfm_psa_rot_partition_platform + tfm_spm + ) + ++target_compile_definitions(tfm_psa_rot_partition_platform ++ PRIVATE ++ INPUT_BUFFER_SIZE=${PLATFORM_SERVICE_INPUT_BUFFER_SIZE} ++ OUTPUT_BUFFER_SIZE=${PLATFORM_SERVICE_OUTPUT_BUFFER_SIZE} ++) ++ + ############################ Secure API ######################################## + + target_sources(tfm_sprt +diff --git a/secure_fw/partitions/platform/platform_sp.c b/secure_fw/partitions/platform/platform_sp.c +index 673cb0ee06..87bd434720 100644 +--- a/secure_fw/partitions/platform/platform_sp.c ++++ b/secure_fw/partitions/platform/platform_sp.c +@@ -38,8 +38,13 @@ static const int32_t nv_counter_access_map[NV_COUNTER_MAP_SIZE] = { + #include "psa/service.h" + #include "region_defs.h" + +-#define INPUT_BUFFER_SIZE 64 +-#define OUTPUT_BUFFER_SIZE 64 ++#ifndef INPUT_BUFFER_SIZE ++#define INPUT_BUFFER_SIZE 64 ++#endif ++ ++#ifndef OUTPUT_BUFFER_SIZE ++#define OUTPUT_BUFFER_SIZE 64 ++#endif + + typedef enum tfm_platform_err_t (*plat_func_t)(const psa_msg_t *msg); + #endif /* TFM_PSA_API */ +-- +2.25.1 + diff --git a/meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0005-corstone1000-support-for-UEFI-FMP-image-Information.patch b/meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0005-corstone1000-support-for-UEFI-FMP-image-Information.patch new file mode 100644 index 00000000..14e4b7ff --- /dev/null +++ b/meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0005-corstone1000-support-for-UEFI-FMP-image-Information.patch @@ -0,0 +1,573 @@ +From 9d70628b7dc1dbc3c1ac7f4f3c0f6aa6b237510d Mon Sep 17 00:00:00 2001 +From: Satish Kumar +Date: Wed, 6 Jul 2022 11:19:39 +0100 +Subject: [PATCH 5/6] corstone1000: support for UEFI FMP image Information + +The commit provides the support for UEFI FMP (Firmware Management +Protocol) SET and GET Image info APIs. + +The APIs to SET and GET image info is implemented. In current design, +SET is called by secure encalve and GET is called by the host. + +FMP image information is initialized on every boot and retained +in SRAM. The updatable values of the FMP are stored in private +metadata section of the flash. + +Change-Id: Iaf0b4a13a9c24f05e4a32509e61a8b96ee8e9e4b +Signed-off-by: Satish Kumar +Upstream-Status: Accepted [TF-Mv1.7.0] +--- + .../target/arm/corstone1000/CMakeLists.txt | 2 + + .../ext/target/arm/corstone1000/config.cmake | 8 +- + .../corstone1000/fw_update_agent/fwu_agent.c | 61 ++++- + .../corstone1000/fw_update_agent/fwu_agent.h | 3 + + .../corstone1000/fw_update_agent/uefi_fmp.c | 240 ++++++++++++++++++ + .../corstone1000/fw_update_agent/uefi_fmp.h | 56 ++++ + .../include/corstone1000_ioctl_requests.h | 14 +- + .../services/src/tfm_platform_system.c | 9 + + 8 files changed, 374 insertions(+), 19 deletions(-) + create mode 100644 platform/ext/target/arm/corstone1000/fw_update_agent/uefi_fmp.c + create mode 100644 platform/ext/target/arm/corstone1000/fw_update_agent/uefi_fmp.h + +diff --git a/platform/ext/target/arm/corstone1000/CMakeLists.txt b/platform/ext/target/arm/corstone1000/CMakeLists.txt +index 81522c7cf0..3602312a3a 100644 +--- a/platform/ext/target/arm/corstone1000/CMakeLists.txt ++++ b/platform/ext/target/arm/corstone1000/CMakeLists.txt +@@ -76,6 +76,8 @@ target_sources(platform_s + fw_update_agent/uefi_capsule_parser.c + fw_update_agent/fwu_agent.c + $<$:${CMAKE_CURRENT_SOURCE_DIR}/target_cfg.c> ++ fw_update_agent/uefi_fmp.c ++ $<$>:${PLATFORM_DIR}/ext/accelerator/cc312/otp_cc312.c> + ) + + if (PLATFORM_IS_FVP) +diff --git a/platform/ext/target/arm/corstone1000/config.cmake b/platform/ext/target/arm/corstone1000/config.cmake +index a6a1a33c42..ab0fe17ba8 100644 +--- a/platform/ext/target/arm/corstone1000/config.cmake ++++ b/platform/ext/target/arm/corstone1000/config.cmake +@@ -50,7 +50,9 @@ else() + set(PLATFORM_PSA_ADAC_SECURE_DEBUG FALSE CACHE BOOL "Whether to use psa-adac secure debug.") + endif() + +-set(DEFAULT_MCUBOOT_SECURITY_COUNTERS OFF CACHE BOOL "Whether to use the default security counter configuration defined by TF-M project") ++set(DEFAULT_MCUBOOT_SECURITY_COUNTERS OFF CACHE BOOL "Whether to use the default security counter configuration defined by TF-M project") + +-set(PS_ENCRYPTION OFF CACHE BOOL "Enable encryption for Protected Storage partition") +-set(PS_ROLLBACK_PROTECTION OFF CACHE BOOL "Enable rollback protection for Protected Storage partition") ++set(PS_ENCRYPTION OFF CACHE BOOL "Enable encryption for Protected Storage partition") ++set(PS_ROLLBACK_PROTECTION OFF CACHE BOOL "Enable rollback protection for Protected Storage partition") ++ ++set(PLATFORM_SERVICE_OUTPUT_BUFFER_SIZE 256 CACHE STRING "Size of output buffer in platform service.") +diff --git a/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c b/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c +index 3abb5dd0dc..72a5fc9c1d 100644 +--- a/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c ++++ b/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c +@@ -18,6 +18,7 @@ + #include "platform_description.h" + #include "tfm_plat_nv_counters.h" + #include "tfm_plat_defs.h" ++#include "uefi_fmp.h" + + /* Properties of image in a bank */ + struct fwu_image_properties { +@@ -84,6 +85,11 @@ struct fwu_private_metadata { + /* staged nv_counter: temprary location before written to the otp */ + uint32_t nv_counter[NR_OF_IMAGES_IN_FW_BANK]; + ++ /* FMP information */ ++ uint32_t fmp_version; ++ uint32_t fmp_last_attempt_version; ++ uint32_t fmp_last_attempt_status; ++ + } __packed; + + #define MAX_BOOT_ATTEMPTS_PER_BANK 3 +@@ -278,7 +284,7 @@ enum fwu_agent_error_t fwu_metadata_provision(void) + { + enum fwu_agent_error_t ret; + struct fwu_private_metadata priv_metadata; +- uint32_t image_version = 0; ++ uint32_t image_version = FWU_IMAGE_INITIAL_VERSION; + + FWU_LOG_MSG("%s: enter\n\r", __func__); + +@@ -302,8 +308,8 @@ enum fwu_agent_error_t fwu_metadata_provision(void) + memset(&_metadata, 0, sizeof(struct fwu_metadata)); + + _metadata.version = 1; +- _metadata.active_index = 0; +- _metadata.previous_active_index = 1; ++ _metadata.active_index = BANK_0; ++ _metadata.previous_active_index = BANK_1; + + /* bank 0 is the place where images are located at the + * start of device lifecycle */ +@@ -339,6 +345,10 @@ enum fwu_agent_error_t fwu_metadata_provision(void) + priv_metadata.boot_index = BANK_0; + priv_metadata.boot_attempted = 0; + ++ priv_metadata.fmp_version = FWU_IMAGE_INITIAL_VERSION; ++ priv_metadata.fmp_last_attempt_version = FWU_IMAGE_INITIAL_VERSION; ++ priv_metadata.fmp_last_attempt_status = LAST_ATTEMPT_STATUS_SUCCESS; ++ + ret = private_metadata_write(&priv_metadata); + if (ret) { + return ret; +@@ -540,9 +550,25 @@ enum fwu_agent_error_t corstone1000_fwu_flash_image(void) + &image_bank_offset); + switch(image_index) { + case IMAGE_ALL: ++ + ret = flash_full_capsule(&_metadata, capsule_info.image[i], + capsule_info.size[i], + capsule_info.version[i]); ++ ++ if (ret != FWU_AGENT_SUCCESS) { ++ ++ priv_metadata.fmp_last_attempt_version = capsule_info.version[i]; ++ priv_metadata.fmp_last_attempt_status = LAST_ATTEMPT_STATUS_ERROR_UNSUCCESSFUL; ++ ++ private_metadata_write(&priv_metadata); ++ ++ fmp_set_image_info(&full_capsule_image_guid, ++ priv_metadata.fmp_version, ++ priv_metadata.fmp_last_attempt_version, ++ priv_metadata.fmp_last_attempt_status); ++ } ++ ++ + break; + default: + FWU_LOG_MSG("%s: sent image not recognized\n\r", __func__); +@@ -866,17 +892,42 @@ enum fwu_agent_error_t corstone1000_fwu_host_ack(void) + + current_state = get_fwu_agent_state(&_metadata, &priv_metadata); + if (current_state == FWU_AGENT_STATE_REGULAR) { ++ + ret = FWU_AGENT_SUCCESS; /* nothing to be done */ ++ ++ fmp_set_image_info(&full_capsule_image_guid, ++ priv_metadata.fmp_version, ++ priv_metadata.fmp_last_attempt_version, ++ priv_metadata.fmp_last_attempt_status); ++ + goto out; ++ + } else if (current_state != FWU_AGENT_STATE_TRIAL) { + FWU_ASSERT(0); + } + + if (_metadata.active_index != priv_metadata.boot_index) { ++ + /* firmware update failed, revert back to previous bank */ ++ ++ priv_metadata.fmp_last_attempt_version = ++ _metadata.img_entry[IMAGE_0].img_props[_metadata.active_index].version; ++ ++ priv_metadata.fmp_last_attempt_status = LAST_ATTEMPT_STATUS_ERROR_UNSUCCESSFUL; ++ + ret = fwu_select_previous(&_metadata, &priv_metadata); ++ + } else { ++ + /* firmware update successful */ ++ ++ priv_metadata.fmp_version = ++ _metadata.img_entry[IMAGE_0].img_props[_metadata.active_index].version; ++ priv_metadata.fmp_last_attempt_version = ++ _metadata.img_entry[IMAGE_0].img_props[_metadata.active_index].version; ++ ++ priv_metadata.fmp_last_attempt_status = LAST_ATTEMPT_STATUS_SUCCESS; ++ + ret = fwu_accept_image(&full_capsule_image_guid, &_metadata, + &priv_metadata); + if (!ret) { +@@ -886,6 +937,10 @@ enum fwu_agent_error_t corstone1000_fwu_host_ack(void) + + if (ret == FWU_AGENT_SUCCESS) { + disable_host_ack_timer(); ++ fmp_set_image_info(&full_capsule_image_guid, ++ priv_metadata.fmp_version, ++ priv_metadata.fmp_last_attempt_version, ++ priv_metadata.fmp_last_attempt_status); + } + + out: +diff --git a/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.h b/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.h +index 57b07e8d2c..aa18179024 100644 +--- a/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.h ++++ b/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.h +@@ -30,6 +30,9 @@ enum fwu_agent_error_t { + } \ + + ++/* Version used for the very first image of the device. */ ++#define FWU_IMAGE_INITIAL_VERSION 0 ++ + enum fwu_agent_error_t fwu_metadata_provision(void); + enum fwu_agent_error_t fwu_metadata_init(void); + +diff --git a/platform/ext/target/arm/corstone1000/fw_update_agent/uefi_fmp.c b/platform/ext/target/arm/corstone1000/fw_update_agent/uefi_fmp.c +new file mode 100644 +index 0000000000..ce576e1794 +--- /dev/null ++++ b/platform/ext/target/arm/corstone1000/fw_update_agent/uefi_fmp.c +@@ -0,0 +1,240 @@ ++/* ++ * Copyright (c) 2022, Arm Limited. All rights reserved. ++ * ++ * SPDX-License-Identifier: BSD-3-Clause ++ * ++ */ ++ ++#include ++#include ++#include "cmsis.h" ++#include "uefi_fmp.h" ++ ++/* The count will increase when partial update is supported. ++ * At present, only full WIC is considered as updatable image. ++ */ ++#define NUMBER_OF_FMP_IMAGES 1 ++#define NO_OF_FMP_VARIABLES_PER_IMAGE 6 ++ ++#define UEFI_ARCHITECTURE_64 ++ ++#ifdef UEFI_ARCHITECTURE_64 ++typedef uint64_t uefi_ptr_t; ++typedef uint64_t efi_uintn_t; ++#else ++typedef uint32_t uefi_ptr_t; ++typedef uint32_t efi_uintn_t; ++#endif ++ ++/* Below macro definations and struct declarations taken from UEFI spec 2.9 */ ++ ++/* ++ * Image Attribute Definitions ++ */ ++#define IMAGE_ATTRIBUTE_IMAGE_UPDATABLE 0x00000001 ++#define IMAGE_ATTRIBUTE_RESET_REQUIRED 0x00000002 ++#define IMAGE_ATTRIBUTE_AUTHENTICATION_REQUIRED 0x00000004 ++#define IMAGE_ATTRIBUTE_IN_USE 0x00000008 ++#define IMAGE_ATTRIBUTE_UEFI_IMAGE 0x00000010 ++#define IMAGE_ATTRIBUTE_DEPENDENCY 0x00000020 ++ ++typedef uint32_t DescriptorVersion_t; ++typedef uint32_t DescriptorSize_t; ++typedef uint8_t DescriptorCount_t; ++ ++typedef __PACKED_STRUCT { ++ uint8_t ImageIndex; ++ struct efi_guid ImageTypeId; ++ uint64_t ImageId; ++ uefi_ptr_t PtrImageIdName; ++ uint32_t Version; ++ uefi_ptr_t PtrVersionName; ++ efi_uintn_t Size; ++ uint64_t AttributesSupported; ++ uint64_t AttributesSetting; ++ uint64_t Compatibilities; ++ /* Introduced with DescriptorVersion 2+ */ ++ uint32_t LowestSupportedImageVersion; ++ /* Introduced with DescriptorVersion 3+ */ ++ uint32_t LastAttemptVersion; ++ uint32_t LastAttemptStatus; ++ uint64_t HardwareInstance; ++ /* Introduced with DescriptorVersion 4+ */ ++ uefi_ptr_t PtrDependencies; ++} EFI_FIRMWARE_IMAGE_DESCRIPTOR; ++ ++typedef __PACKED_STRUCT { ++ DescriptorVersion_t DescriptorVersion; ++ DescriptorSize_t DescriptorsSize; ++ DescriptorCount_t DescriptorCount; ++ EFI_FIRMWARE_IMAGE_DESCRIPTOR ImageDescriptor; ++ uint16_t *ImageName; ++ uint32_t ImageNameSize; ++ uint16_t *ImageVersionName; ++ uint32_t ImageVersionNameSize; ++} EFI_FIRMWARE_MANAGEMENT_PROTOCOL_IMAGE_INFO; ++ ++ ++static uint16_t corstone_image_name0[] = { 'C', 'O', 'R', 'S', 'T', 'O', 'N', 'E', '1', '0', '0', '0', '_', 'W', 'I', 'C', '\0' }; ++static uint16_t corstone_version_name0[] = { 'C', 'O', 'R', 'S', 'T', 'O', 'N', 'E', '1', '0', '0', '0', '_', 'B', 'E', 'S', 'T', '\0'}; ++ ++static EFI_FIRMWARE_MANAGEMENT_PROTOCOL_IMAGE_INFO fmp_info[NUMBER_OF_FMP_IMAGES]; ++ ++extern struct efi_guid full_capsule_image_guid; ++ ++static bool is_fmp_info_initialized = false; ++ ++static void init_fmp_info(void) ++{ ++ memset(fmp_info, 0, ++ sizeof(EFI_FIRMWARE_MANAGEMENT_PROTOCOL_IMAGE_INFO) * NUMBER_OF_FMP_IMAGES); ++ ++ /* Fill information for the WIC. ++ * Add further details when partial image is supported. ++ */ ++ ++ fmp_info[0].DescriptorVersion = 4; ++ fmp_info[0].DescriptorCount = NUMBER_OF_FMP_IMAGES; ++ fmp_info[0].DescriptorsSize = ++ sizeof(EFI_FIRMWARE_IMAGE_DESCRIPTOR) + ++ sizeof(corstone_image_name0) + sizeof(corstone_version_name0); ++ ++ fmp_info[0].ImageDescriptor.ImageIndex = 1; ++ ++ memcpy(&fmp_info[0].ImageDescriptor.ImageTypeId, &full_capsule_image_guid, ++ sizeof(struct efi_guid)); ++ ++ fmp_info[0].ImageDescriptor.ImageId = 1; ++ fmp_info[0].ImageDescriptor.Version = FWU_IMAGE_INITIAL_VERSION; ++ fmp_info[0].ImageDescriptor.AttributesSupported = 1; ++ fmp_info[0].ImageDescriptor.AttributesSetting = ( ++ IMAGE_ATTRIBUTE_IMAGE_UPDATABLE | IMAGE_ATTRIBUTE_RESET_REQUIRED); ++ fmp_info[0].ImageDescriptor.LowestSupportedImageVersion = ++ FWU_IMAGE_INITIAL_VERSION; ++ fmp_info[0].ImageDescriptor.LastAttemptVersion = FWU_IMAGE_INITIAL_VERSION; ++ fmp_info[0].ImageDescriptor.LastAttemptStatus = LAST_ATTEMPT_STATUS_SUCCESS; ++ ++ fmp_info[0].ImageName = corstone_image_name0; ++ fmp_info[0].ImageNameSize = sizeof(corstone_image_name0); ++ fmp_info[0].ImageVersionName = corstone_version_name0; ++ fmp_info[0].ImageVersionNameSize = sizeof(corstone_version_name0); ++ ++ is_fmp_info_initialized = true; ++ ++ return; ++} ++ ++enum fwu_agent_error_t fmp_set_image_info(struct efi_guid *guid, ++ uint32_t current_version, uint32_t attempt_version, ++ uint32_t last_attempt_status) ++{ ++ enum fwu_agent_error_t status = FWU_AGENT_ERROR; ++ ++ FWU_LOG_MSG("%s:%d Enter\n\r", __func__, __LINE__); ++ ++ if (is_fmp_info_initialized == false) { ++ init_fmp_info(); ++ } ++ ++ for (int i = 0; i < NUMBER_OF_FMP_IMAGES; i++) { ++ if ((memcmp(guid, &fmp_info[i].ImageDescriptor.ImageTypeId, ++ sizeof(struct efi_guid))) == 0) ++ { ++ FWU_LOG_MSG("FMP image update: image id = %u\n\r", ++ fmp_info[i].ImageDescriptor.ImageId); ++ fmp_info[i].ImageDescriptor.Version = current_version; ++ fmp_info[i].ImageDescriptor.LastAttemptVersion = attempt_version; ++ fmp_info[i].ImageDescriptor.LastAttemptStatus = last_attempt_status; ++ FWU_LOG_MSG("FMP image update: status = %u" ++ "version=%u last_attempt_version=%u.\n\r", ++ last_attempt_status, current_version, ++ attempt_version); ++ status = FWU_AGENT_SUCCESS; ++ break; ++ } ++ } ++ ++ FWU_LOG_MSG("%s:%d Exit.\n\r", __func__, __LINE__); ++ return status; ++} ++ ++ ++#define NO_OF_FMP_VARIABLES (NUMBER_OF_FMP_IMAGES * NO_OF_FMP_VARIABLES_PER_IMAGE) ++ ++static enum fwu_agent_error_t pack_image_info(void *buffer, uint32_t size) ++{ ++ typedef __PACKED_STRUCT { ++ uint32_t variable_count; ++ uint32_t variable_size[NO_OF_FMP_VARIABLES]; ++ uint8_t variable[]; ++ } packed_buffer_t; ++ ++ packed_buffer_t *packed_buffer = buffer; ++ int runner = 0; ++ int index = 0; ++ int current_size = sizeof(packed_buffer_t); ++ int size_requirement_1 = 0; ++ int size_requirement_2 = 0; ++ ++ if (size < current_size) { ++ FWU_LOG_MSG("%s:%d Buffer too small.\n\r", __func__, __LINE__); ++ return FWU_AGENT_ERROR; ++ } ++ ++ packed_buffer->variable_count = NO_OF_FMP_VARIABLES; ++ ++ for (int i = 0; i < NUMBER_OF_FMP_IMAGES; i++) { ++ ++ packed_buffer->variable_size[index++] = sizeof(DescriptorVersion_t); ++ packed_buffer->variable_size[index++] = sizeof(DescriptorSize_t); ++ packed_buffer->variable_size[index++] = sizeof(DescriptorCount_t); ++ packed_buffer->variable_size[index++] = sizeof(EFI_FIRMWARE_IMAGE_DESCRIPTOR); ++ packed_buffer->variable_size[index++] = fmp_info[i].ImageNameSize; ++ packed_buffer->variable_size[index++] = fmp_info[i].ImageVersionNameSize; ++ ++ size_requirement_1 = sizeof(DescriptorVersion_t) + sizeof(DescriptorSize_t) + ++ sizeof(DescriptorCount_t) + sizeof(EFI_FIRMWARE_IMAGE_DESCRIPTOR); ++ ++ size_requirement_2 = fmp_info[i].ImageNameSize + fmp_info[i].ImageVersionNameSize; ++ ++ current_size += size_requirement_1 + size_requirement_2; ++ ++ if (size < current_size) { ++ FWU_LOG_MSG("%s:%d Buffer too small.\n\r", __func__, __LINE__); ++ return FWU_AGENT_ERROR; ++ } ++ ++ FWU_LOG_MSG("%s:%d ImageInfo size = %u, ImageName size = %u, " ++ "ImageVersionName size = %u\n\r", __func__, __LINE__, ++ sizeof(EFI_FIRMWARE_IMAGE_DESCRIPTOR), fmp_info[i].ImageNameSize, ++ fmp_info[i].ImageVersionNameSize); ++ ++ memcpy(&packed_buffer->variable[runner], &fmp_info[i], size_requirement_1); ++ runner += size_requirement_1; ++ ++ memcpy(&packed_buffer->variable[runner], fmp_info[i].ImageName, ++ fmp_info[i].ImageNameSize); ++ runner += fmp_info[i].ImageNameSize; ++ ++ memcpy(&packed_buffer->variable[runner], fmp_info[i].ImageVersionName, ++ fmp_info[i].ImageVersionNameSize); ++ runner += fmp_info[i].ImageVersionNameSize; ++ ++ } ++ ++ return FWU_AGENT_SUCCESS; ++} ++ ++enum fwu_agent_error_t fmp_get_image_info(void *buffer, uint32_t size) ++{ ++ enum fwu_agent_error_t status; ++ ++ FWU_LOG_MSG("%s:%d Enter\n\r", __func__, __LINE__); ++ ++ status = pack_image_info(buffer, size); ++ ++ FWU_LOG_MSG("%s:%d Exit\n\r", __func__, __LINE__); ++ ++ return status; ++} ++ +diff --git a/platform/ext/target/arm/corstone1000/fw_update_agent/uefi_fmp.h b/platform/ext/target/arm/corstone1000/fw_update_agent/uefi_fmp.h +new file mode 100644 +index 0000000000..d876bd7cff +--- /dev/null ++++ b/platform/ext/target/arm/corstone1000/fw_update_agent/uefi_fmp.h +@@ -0,0 +1,56 @@ ++/* ++ * Copyright (c) 2022, Arm Limited. All rights reserved. ++ * ++ * SPDX-License-Identifier: BSD-3-Clause ++ * ++ */ ++ ++#ifndef UEFI_FMP_H ++#define UEFI_FMP_H ++ ++ ++#include ++#include "fwu_agent.h" ++#include "../fip_parser/external/uuid.h" ++ ++/* ++ * Last Attempt Status Value ++ */ ++ ++#define LAST_ATTEMPT_STATUS_SUCCESS 0x00000000 ++#define LAST_ATTEMPT_STATUS_ERROR_UNSUCCESSFUL 0x00000001 ++#define LAST_ATTEMPT_STATUS_ERROR_INSUFFICIENT_RESOURCES 0x00000002 ++#define LAST_ATTEMPT_STATUS_ERROR_INCORRECT_VERSION 0x00000003 ++#define LAST_ATTEMPT_STATUS_ERROR_INVALID_FORMAT 0x00000004 ++#define LAST_ATTEMPT_STATUS_ERROR_AUTH_ERROR 0x00000005 ++#define LAST_ATTEMPT_STATUS_ERROR_PWR_EVT_AC 0x00000006 ++#define LAST_ATTEMPT_STATUS_ERROR_PWR_EVT_BATT 0x00000007 ++#define LAST_ATTEMPT_STATUS_ERROR_UNSATISFIED_DEPENDENCIES 0x00000008 ++/* The LastAttemptStatus values of 0x1000 - 0x4000 are reserved for vendor usage. */ ++#define LAST_ATTEMPT_STATUS_ERROR_UNSUCCESSFUL_VENDOR_RANGE_MIN 0x00001000 ++#define LAST_ATTEMPT_STATUS_ERROR_UNSUCCESSFUL_VENDOR_RANGE_MAX 0x00004000 ++ ++ ++ ++/* ++ * Updates FMP information for the image matched by guid. ++ * ++ * guid : guid of the image ++ * current_version: current versions for the image ++ * attempt_version: attempted versions for the image ++ * ++ */ ++enum fwu_agent_error_t fmp_set_image_info(struct efi_guid *guid, ++ uint32_t current_version, uint32_t attempt_version, ++ uint32_t last_attempt_status); ++ ++/* ++ * Return fmp image information for all the updable images. ++ * ++ * buffer : pointer to the out buffer ++ * size : size of the buffer ++ * ++ */ ++enum fwu_agent_error_t fmp_get_image_info(void *buffer, uint32_t size); ++ ++#endif /* UEFI_FMP_H */ +diff --git a/platform/ext/target/arm/corstone1000/services/include/corstone1000_ioctl_requests.h b/platform/ext/target/arm/corstone1000/services/include/corstone1000_ioctl_requests.h +index 8ac67346b6..c5f3537e9d 100644 +--- a/platform/ext/target/arm/corstone1000/services/include/corstone1000_ioctl_requests.h ++++ b/platform/ext/target/arm/corstone1000/services/include/corstone1000_ioctl_requests.h +@@ -14,19 +14,7 @@ + enum corstone1000_ioctl_id_t { + IOCTL_CORSTONE1000_FWU_FLASH_IMAGES = 0, + IOCTL_CORSTONE1000_FWU_HOST_ACK, ++ IOCTL_CORSTONE1000_FMP_GET_IMAGE_INFO, + }; + +- +-typedef struct corstone1000_ioctl_in_params { +- +- uint32_t ioctl_id; +- +-} corstone1000_ioctl_in_params_t; +- +-typedef struct corstone1000_ioctl_out_params { +- +- int32_t result; +- +-} corstone1000_ioctl_out_params_t; +- + #endif /* CORSTONE1000_IOCTL_REQUESTS_H */ +diff --git a/platform/ext/target/arm/corstone1000/services/src/tfm_platform_system.c b/platform/ext/target/arm/corstone1000/services/src/tfm_platform_system.c +index 5b3f3e14a2..41305ed966 100644 +--- a/platform/ext/target/arm/corstone1000/services/src/tfm_platform_system.c ++++ b/platform/ext/target/arm/corstone1000/services/src/tfm_platform_system.c +@@ -9,6 +9,7 @@ + #include "platform_description.h" + #include "corstone1000_ioctl_requests.h" + #include "fwu_agent.h" ++#include "uefi_fmp.h" + + void tfm_platform_hal_system_reset(void) + { +@@ -36,6 +37,14 @@ enum tfm_platform_err_t tfm_platform_hal_ioctl(tfm_platform_ioctl_req_t request, + corstone1000_fwu_host_ack(); + break; + ++ case IOCTL_CORSTONE1000_FMP_GET_IMAGE_INFO: ++ if (out_vec == NULL) { ++ ret = TFM_PLATFORM_ERR_INVALID_PARAM; ++ break; ++ } ++ fmp_get_image_info(out_vec[0].base, out_vec[0].len); ++ break; ++ + default: + ret = TFM_PLATFORM_ERR_NOT_SUPPORTED; + break; +-- +2.25.1 + diff --git a/meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0006-corstone1000-remove-two-partition-configuration.patch b/meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0006-corstone1000-remove-two-partition-configuration.patch new file mode 100644 index 00000000..ade2c8c8 --- /dev/null +++ b/meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0006-corstone1000-remove-two-partition-configuration.patch @@ -0,0 +1,51 @@ +From 492c887c8dff97ea1b8a11b4e729620d3744ac38 Mon Sep 17 00:00:00 2001 +From: Satish Kumar +Date: Mon, 30 May 2022 12:38:23 +0100 +Subject: [PATCH 6/6] corstone1000: remove two partition configuration + +Previously to run tf-m test, a larger partition was created +which allowed all default test binaries to be included. +The patch revert the change because any partition might +not be enough to hold all test binaries in the future. +So its better to run few test at a time instead of creating +a larger partition. + +Signed-off-by: Satish Kumar +Change-Id: I223fe45f2de014dbcadc6ac12c321c524701116a +Upstream-Status: Accepted [TF-Mv1.7.0] +--- + platform/ext/target/arm/corstone1000/bl1/CMakeLists.txt | 1 - + platform/ext/target/arm/corstone1000/partition/flash_layout.h | 4 ---- + 2 files changed, 5 deletions(-) + +diff --git a/platform/ext/target/arm/corstone1000/bl1/CMakeLists.txt b/platform/ext/target/arm/corstone1000/bl1/CMakeLists.txt +index d39c5ae91d..f1ae1ebd47 100644 +--- a/platform/ext/target/arm/corstone1000/bl1/CMakeLists.txt ++++ b/platform/ext/target/arm/corstone1000/bl1/CMakeLists.txt +@@ -291,7 +291,6 @@ target_compile_definitions(signing_layout_for_bl2 + PRIVATE + MCUBOOT_IMAGE_NUMBER=${BL1_IMAGE_NUMBER} + BL1 +- $<$:TFM_S_REG_TEST> + ) + + target_include_directories(signing_layout_for_bl2 +diff --git a/platform/ext/target/arm/corstone1000/partition/flash_layout.h b/platform/ext/target/arm/corstone1000/partition/flash_layout.h +index b0319bb319..50a0a11fc8 100644 +--- a/platform/ext/target/arm/corstone1000/partition/flash_layout.h ++++ b/platform/ext/target/arm/corstone1000/partition/flash_layout.h +@@ -119,11 +119,7 @@ + * + */ + #define SE_BL2_PARTITION_SIZE (0x19000) /* 100 KB */ +-#ifdef TFM_S_REG_TEST +-#define TFM_PARTITION_SIZE (0x61C00) /* 391 KB */ +-#else + #define TFM_PARTITION_SIZE (0x5E000) /* 376 KB */ +-#endif + #define FIP_PARTITION_SIZE (0x200000) /* 2 MB */ + #define KERNEL_PARTITION_SIZE (0xC00000) /* 12 MB */ + +-- +2.25.1 + diff --git a/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-corstone1000.inc b/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-corstone1000.inc index b8f4870b..341a5942 100644 --- a/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-corstone1000.inc +++ b/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-corstone1000.inc @@ -25,6 +25,17 @@ SRC_URI += "git://github.com/OpenAMP/open-amp.git;protocol=https;branch=main;nam SRCREV_openamp = "347397decaa43372fc4d00f965640ebde042966d" EXTRA_OECMAKE += "-DLIBOPENAMP_SRC_PATH=${S}/../openamp -DLIBOPENAMP_BIN_PATH=${B}/libopenamp-build" +# Apply the necessary changes for supporting FMP image info +FILESEXTRAPATHS:prepend := "${THISDIR}/corstone1000:" +SRC_URI:append:corstone1000 = " \ + file://0001-corstone1000-platform-secure-test-framework.patch \ + file://0002-corstone1000-make-external-system-support-optional.patch \ + file://0003-corstone1000-enable-secure-enclave-run-without-host-.patch \ + file://0004-Platform-Partition-Allow-configuration-of-input-and-.patch \ + file://0005-corstone1000-support-for-UEFI-FMP-image-Information.patch \ + file://0006-corstone1000-remove-two-partition-configuration.patch \ + " + do_install() { install -D -p -m 0644 ${B}/install/outputs/tfm_s_signed.bin ${D}/firmware/tfm_s_signed.bin install -D -p -m 0644 ${B}/install/outputs/bl2_signed.bin ${D}/firmware/bl2_signed.bin