@@ -27,6 +27,7 @@ MACHINE_ESSENTIAL_EXTRA_RDEPENDS += "linux-firmware-rtl8168"
# TF-A
EXTRA_IMAGEDEPENDS += "trusted-firmware-a"
TFA_PLATFORM = "n1sdp"
+PREFERRED_VERSION_trusted-firmware-a ?= "2.9.%"
# SCP
EXTRA_IMAGEDEPENDS += "virtual/control-processor-firmware"
@@ -9,6 +9,7 @@ require conf/machine/include/arm/armv8-2a/tune-cortexa75.inc
EXTRA_IMAGEDEPENDS += "virtual/control-processor-firmware"
EXTRA_IMAGEDEPENDS += "trusted-firmware-a"
+PREFERRED_VERSION_trusted-firmware-a ?= "2.9.%"
KERNEL_IMAGETYPE ?= "Image"
PREFERRED_PROVIDER_virtual/kernel ?= "linux-yocto"
similarity index 100%
rename from meta-arm/recipes-bsp/trusted-firmware-a/fiptool-native_2.9.0.bb
rename to meta-arm-bsp/recipes-bsp/trusted-firmware-a/fiptool-native_2.9.0.bb
similarity index 100%
rename from meta-arm/recipes-bsp/trusted-firmware-a/tf-a-tests_2.9.0.bb
rename to meta-arm-bsp/recipes-bsp/trusted-firmware-a/tf-a-tests_2.9.0.bb
@@ -13,3 +13,7 @@ SRC_URI_MBEDTLS = "git://github.com/ARMmbed/mbedtls.git;name=mbedtls;protocol=ht
SRCREV_mbedtls = "89f040a5c938985c5f30728baed21e49d0846a53"
LIC_FILES_CHKSUM_MBEDTLS = "file://mbedtls/LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"
+
+do_compile:prepend() {
+ sed -i '/^LDLIBS/ s,$, \$\{BUILD_LDFLAGS},' ${S}/tools/fiptool/Makefile
+}
similarity index 73%
rename from meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.9.0.bb
rename to meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.9.0.bb
@@ -1,4 +1,4 @@
-require trusted-firmware-a.inc
+require recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc
# TF-A v2.9.0
SRCREV_tfa = "d3e71ead6ea5bc3555ac90a446efec84ef6c6122"
@@ -10,3 +10,7 @@ SRC_URI_MBEDTLS = "git://github.com/ARMmbed/mbedtls.git;name=mbedtls;protocol=ht
SRCREV_mbedtls = "1873d3bfc2da771672bd8e7e8f41f57e0af77f33"
LIC_FILES_CHKSUM_MBEDTLS = "file://mbedtls/LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"
+
+do_compile:prepend() {
+ sed -i '/^LDLIBS/ s,$, \$\{BUILD_LDFLAGS},' ${S}/tools/fiptool/Makefile
+}
new file mode 100644
@@ -0,0 +1,38 @@
+From fd13a4d304da4233cb954329bf287ec9dfbb7367 Mon Sep 17 00:00:00 2001
+From: Jon Mason <jon.mason@arm.com>
+Date: Mon, 4 Dec 2023 10:20:21 -0500
+Subject: [PATCH] bl31_runtime: revert usage of plat_ic_has_interrupt_type
+
+There is a regression caused by commit
+1f6bb41dd951714b47bf07bb9a332346ca261033 for the trusted services tests.
+This is due to the fact that the referenced commit changes the behavior
+from checking for both INTR_TYPE_EL3 and INTR_TYPE_S_EL1, to referencing
+an existing function that #if for _either_ INTR_TYPE_EL3 or
+INTR_TYPE_S_EL1 (depending on the value of GICV2_G0_FOR_EL3). To work
+around this issue, revert the check back to its original form.
+
+Signed-off-by: Jon Mason <jon.mason@arm.com>
+Upstream-Status: Pending
+---
+ bl31/interrupt_mgmt.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/bl31/interrupt_mgmt.c b/bl31/interrupt_mgmt.c
+index 68c7f10add21..8e888b676b35 100644
+--- a/bl31/interrupt_mgmt.c
++++ b/bl31/interrupt_mgmt.c
+@@ -47,9 +47,9 @@ static intr_type_desc_t intr_type_descs[MAX_INTR_TYPES];
+ ******************************************************************************/
+ static int32_t validate_interrupt_type(uint32_t type)
+ {
+- if (plat_ic_has_interrupt_type(type)) {
++ if ((type == INTR_TYPE_S_EL1) || (type == INTR_TYPE_NS) ||
++ (type == INTR_TYPE_EL3))
+ return 0;
+- }
+
+ return -EINVAL;
+ }
+--
+2.30.2
+
new file mode 100644
@@ -0,0 +1,33 @@
+# Firmware Image Package (FIP)
+# It is a packaging format used by TF-A to package the
+# firmware images in a single binary.
+
+DESCRIPTION = "fiptool - Trusted Firmware tool for packaging"
+LICENSE = "BSD-3-Clause"
+
+SRC_URI_TRUSTED_FIRMWARE_A ?= "git://git.trustedfirmware.org/TF-A/trusted-firmware-a.git;protocol=https"
+SRC_URI = "${SRC_URI_TRUSTED_FIRMWARE_A};destsuffix=fiptool-${PV};branch=${SRCBRANCH}"
+LIC_FILES_CHKSUM = "file://docs/license.rst;md5=b2c740efedc159745b9b31f88ff03dde"
+
+# Use fiptool from TF-A v2.10.0
+SRCREV = "b6c0948400594e3cc4dbb5a4ef04b815d2675808"
+SRCBRANCH = "master"
+
+DEPENDS += "openssl-native"
+
+inherit native
+
+EXTRA_OEMAKE = "V=1 HOSTCC='${BUILD_CC}' OPENSSL_DIR=${STAGING_DIR_NATIVE}/${prefix_native}"
+
+do_compile () {
+ # This is still needed to have the native fiptool executing properly by
+ # setting the RPATH
+ sed -i '/^LDOPTS/ s,$, \$\{BUILD_LDFLAGS},' ${S}/tools/fiptool/Makefile
+ sed -i '/^INCLUDE_PATHS/ s,$, \$\{BUILD_CFLAGS},' ${S}/tools/fiptool/Makefile
+
+ oe_runmake fiptool
+}
+
+do_install () {
+ install -D -p -m 0755 tools/fiptool/fiptool ${D}${bindir}/fiptool
+}
new file mode 100644
@@ -0,0 +1,55 @@
+DESCRIPTION = "Trusted Firmware-A tests(aka TFTF)"
+LICENSE = "BSD-3-Clause & NCSA"
+
+LIC_FILES_CHKSUM += "file://docs/license.rst;md5=6175cc0aa2e63b6d21a32aa0ee7d1b4a"
+
+inherit deploy
+
+COMPATIBLE_MACHINE ?= "invalid"
+
+SRC_URI_TRUSTED_FIRMWARE_A_TESTS ?= "git://git.trustedfirmware.org/TF-A/tf-a-tests.git;protocol=https"
+SRC_URI = "${SRC_URI_TRUSTED_FIRMWARE_A_TESTS};branch=${SRCBRANCH} \
+ "
+SRCBRANCH = "master"
+SRCREV = "42b99719d5dde58bdde07712bcb70a20d87f9067"
+
+DEPENDS += "optee-os"
+
+EXTRA_OEMAKE += "USE_NVM=0"
+EXTRA_OEMAKE += "SHELL_COLOR=1"
+EXTRA_OEMAKE += "DEBUG=1"
+
+# Platform must be set for each machine
+TFA_PLATFORM ?= "invalid"
+
+EXTRA_OEMAKE += "ARCH=aarch64"
+EXTRA_OEMAKE += "LOG_LEVEL=50"
+
+S = "${WORKDIR}/git"
+B = "${WORKDIR}/build"
+
+# Add platform parameter
+EXTRA_OEMAKE += "BUILD_BASE=${B} PLAT=${TFA_PLATFORM}"
+
+# Requires CROSS_COMPILE set by hand as there is no configure script
+export CROSS_COMPILE="${TARGET_PREFIX}"
+
+LDFLAGS[unexport] = "1"
+do_compile() {
+ oe_runmake -C ${S} tftf
+}
+
+do_compile[cleandirs] = "${B}"
+
+FILES:${PN} = "/firmware/tftf.bin"
+SYSROOT_DIRS += "/firmware"
+
+do_install() {
+ install -d -m 755 ${D}/firmware
+ install -m 0644 ${B}/${TFA_PLATFORM}/debug/tftf.bin ${D}/firmware/tftf.bin
+}
+
+do_deploy() {
+ cp -rf ${D}/firmware/* ${DEPLOYDIR}/
+}
+addtask deploy after do_install
@@ -168,7 +168,7 @@ BUILD_DIR .= "/${@'debug' if d.getVar("TFA_DEBUG") == '1' else 'release'}"
do_compile() {
# This is still needed to have the native tools executing properly by
# setting the RPATH
- sed -i '/^LDLIBS/ s,$, \$\{BUILD_LDFLAGS},' ${S}/tools/fiptool/Makefile
+ sed -i '/^LDOPTS/ s,$, \$\{BUILD_LDFLAGS},' ${S}/tools/fiptool/Makefile
sed -i '/^INCLUDE_PATHS/ s,$, \$\{BUILD_CFLAGS},' ${S}/tools/fiptool/Makefile
sed -i '/^LIB/ s,$, \$\{BUILD_LDFLAGS},' ${S}/tools/cert_create/Makefile
@@ -10,6 +10,7 @@ TOOLCHAIN:qemuarm-secureboot = "gcc"
FILESEXTRAPATHS:prepend:qemuarm64-secureboot := "${THISDIR}/files:"
SRC_URI:append:qemuarm64-secureboot = " \
file://0001-Add-spmc_manifest-for-qemu.patch \
+ file://0001-bl31_runtime-revert-usage-of-plat_ic_has_interrupt_t.patch \
"
TFA_PLATFORM:qemuarm64-secureboot = "qemu"
new file mode 100644
@@ -0,0 +1,12 @@
+require recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc
+
+# TF-A v2.10.0
+SRCREV_tfa = "b6c0948400594e3cc4dbb5a4ef04b815d2675808"
+
+LIC_FILES_CHKSUM += "file://docs/license.rst;md5=b2c740efedc159745b9b31f88ff03dde"
+
+# mbedtls-3.5.1
+SRC_URI_MBEDTLS = "git://github.com/ARMmbed/mbedtls.git;name=mbedtls;protocol=https;destsuffix=git/mbedtls;branch=master"
+SRCREV_mbedtls = "edb8fec9882084344a314368ac7fd957a187519c"
+
+LIC_FILES_CHKSUM_MBEDTLS = "file://mbedtls/LICENSE;md5=379d5819937a6c2f1ef1630d341e026d"
@@ -1,5 +1,5 @@
SRCREV_edk2 ?= "819cfc6b42a68790a23509e4fcc58ceb70e1965e"
-SRCREV_edk2-platforms ?= "bb6841e3fd1c60b3f8510b4fc0a380784e05d326"
+SRCREV_edk2-platforms ?= "88ea1c2b62d44d6a4ebf2626ddaeecbc74f96877"
# FIXME - clang is having issues with antlr
TOOLCHAIN:aarch64 = "gcc"
Update tf-a and mbedtls to the latest versions. Also, migrate the previous version to meta-arm-bsp for corstone1000. NOTE: in v2.10, the fiptool makefile was changed to reference LDOPTS instead of LDLIBS. NOTE: commit 408cde8a59080ac2caa11c4d99474b2ef09f90df in tf-a modifies the qemu_sbsa starting offset, and per the commit comment, it requires the edk2 same change. This is why the edk-platforms SHA has been changed. There are only 19 patches between the previous SHA and this one (most of which are adding a single platform). So, it shouldn't be too impactful to bump the SHA (instead of making it a patch to apply on top of the existing SHA). NOTE: tf-a-tests added LDFLAGS to the makefile, causing the need for it to be removed in the recipe. Signed-off-by: Jon Mason <jon.mason@arm.com> --- meta-arm-bsp/conf/machine/n1sdp.conf | 1 + meta-arm-bsp/conf/machine/sgi575.conf | 1 + .../fiptool-native_2.9.0.bb | 0 .../trusted-firmware-a/tf-a-tests_2.9.0.bb | 0 .../trusted-firmware-a_2.8.6.bb | 4 ++ .../trusted-firmware-a_2.9.0.bb | 6 +- ...ert-usage-of-plat_ic_has_interrupt_t.patch | 38 +++++++++++++ .../fiptool-native_2.10.0.bb | 33 +++++++++++ .../trusted-firmware-a/tf-a-tests_2.10.0.bb | 55 +++++++++++++++++++ .../trusted-firmware-a/trusted-firmware-a.inc | 2 +- .../trusted-firmware-a_%.bbappend | 1 + .../trusted-firmware-a_2.10.0.bb | 12 ++++ .../recipes-bsp/uefi/edk2-firmware_202308.bb | 2 +- 13 files changed, 152 insertions(+), 3 deletions(-) rename {meta-arm => meta-arm-bsp}/recipes-bsp/trusted-firmware-a/fiptool-native_2.9.0.bb (100%) rename {meta-arm => meta-arm-bsp}/recipes-bsp/trusted-firmware-a/tf-a-tests_2.9.0.bb (100%) rename {meta-arm => meta-arm-bsp}/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.9.0.bb (73%) create mode 100644 meta-arm/recipes-bsp/trusted-firmware-a/files/0001-bl31_runtime-revert-usage-of-plat_ic_has_interrupt_t.patch create mode 100644 meta-arm/recipes-bsp/trusted-firmware-a/fiptool-native_2.10.0.bb create mode 100644 meta-arm/recipes-bsp/trusted-firmware-a/tf-a-tests_2.10.0.bb create mode 100644 meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.10.0.bb