From patchwork Mon Dec 4 17:19:51 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jon Mason X-Patchwork-Id: 35707 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 65FA1C07E97 for ; Tue, 5 Dec 2023 14:53:41 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web11.101351.1701788017091234513 for ; Tue, 05 Dec 2023 06:53:37 -0800 Authentication-Results: mx.groups.io; dkim=none (message not signed); spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: jon.mason@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id E0F1B1474 for ; Tue, 5 Dec 2023 06:54:22 -0800 (PST) Received: from debian.lan?044arm.com (usa-sjc-imap-foss1.foss.arm.com [10.121.207.14]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 3C2DC3F6C4 for ; Tue, 5 Dec 2023 06:53:36 -0800 (PST) From: Jon Mason To: meta-arm@lists.yoctoproject.org Subject: [PATCH 2/3] arm/trusted-firmware-a: update to 2.10 Date: Mon, 4 Dec 2023 11:19:51 -0600 Message-Id: <20231204171952.13471-2-jon.mason@arm.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20231204171952.13471-1-jon.mason@arm.com> References: <20231204171952.13471-1-jon.mason@arm.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 05 Dec 2023 14:53:41 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/5288 Update tf-a and mbedtls to the latest versions. Also, migrate the previous version to meta-arm-bsp for corstone1000. NOTE: in v2.10, the fiptool makefile was changed to reference LDOPTS instead of LDLIBS. NOTE: commit 408cde8a59080ac2caa11c4d99474b2ef09f90df in tf-a modifies the qemu_sbsa starting offset, and per the commit comment, it requires the edk2 same change. This is why the edk-platforms SHA has been changed. There are only 19 patches between the previous SHA and this one (most of which are adding a single platform). So, it shouldn't be too impactful to bump the SHA (instead of making it a patch to apply on top of the existing SHA). NOTE: tf-a-tests added LDFLAGS to the makefile, causing the need for it to be removed in the recipe. Signed-off-by: Jon Mason --- meta-arm-bsp/conf/machine/n1sdp.conf | 1 + meta-arm-bsp/conf/machine/sgi575.conf | 1 + .../fiptool-native_2.9.0.bb | 0 .../trusted-firmware-a/tf-a-tests_2.9.0.bb | 0 .../trusted-firmware-a_2.8.6.bb | 4 ++ .../trusted-firmware-a_2.9.0.bb | 6 +- ...ert-usage-of-plat_ic_has_interrupt_t.patch | 38 +++++++++++++ .../fiptool-native_2.10.0.bb | 33 +++++++++++ .../trusted-firmware-a/tf-a-tests_2.10.0.bb | 55 +++++++++++++++++++ .../trusted-firmware-a/trusted-firmware-a.inc | 2 +- .../trusted-firmware-a_%.bbappend | 1 + .../trusted-firmware-a_2.10.0.bb | 12 ++++ .../recipes-bsp/uefi/edk2-firmware_202308.bb | 2 +- 13 files changed, 152 insertions(+), 3 deletions(-) rename {meta-arm => meta-arm-bsp}/recipes-bsp/trusted-firmware-a/fiptool-native_2.9.0.bb (100%) rename {meta-arm => meta-arm-bsp}/recipes-bsp/trusted-firmware-a/tf-a-tests_2.9.0.bb (100%) rename {meta-arm => meta-arm-bsp}/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.9.0.bb (73%) create mode 100644 meta-arm/recipes-bsp/trusted-firmware-a/files/0001-bl31_runtime-revert-usage-of-plat_ic_has_interrupt_t.patch create mode 100644 meta-arm/recipes-bsp/trusted-firmware-a/fiptool-native_2.10.0.bb create mode 100644 meta-arm/recipes-bsp/trusted-firmware-a/tf-a-tests_2.10.0.bb create mode 100644 meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.10.0.bb diff --git a/meta-arm-bsp/conf/machine/n1sdp.conf b/meta-arm-bsp/conf/machine/n1sdp.conf index 74a0a66f..2a246de0 100644 --- a/meta-arm-bsp/conf/machine/n1sdp.conf +++ b/meta-arm-bsp/conf/machine/n1sdp.conf @@ -27,6 +27,7 @@ MACHINE_ESSENTIAL_EXTRA_RDEPENDS += "linux-firmware-rtl8168" # TF-A EXTRA_IMAGEDEPENDS += "trusted-firmware-a" TFA_PLATFORM = "n1sdp" +PREFERRED_VERSION_trusted-firmware-a ?= "2.9.%" # SCP EXTRA_IMAGEDEPENDS += "virtual/control-processor-firmware" diff --git a/meta-arm-bsp/conf/machine/sgi575.conf b/meta-arm-bsp/conf/machine/sgi575.conf index 3c2c94b6..7f2a285a 100644 --- a/meta-arm-bsp/conf/machine/sgi575.conf +++ b/meta-arm-bsp/conf/machine/sgi575.conf @@ -9,6 +9,7 @@ require conf/machine/include/arm/armv8-2a/tune-cortexa75.inc EXTRA_IMAGEDEPENDS += "virtual/control-processor-firmware" EXTRA_IMAGEDEPENDS += "trusted-firmware-a" +PREFERRED_VERSION_trusted-firmware-a ?= "2.9.%" KERNEL_IMAGETYPE ?= "Image" PREFERRED_PROVIDER_virtual/kernel ?= "linux-yocto" diff --git a/meta-arm/recipes-bsp/trusted-firmware-a/fiptool-native_2.9.0.bb b/meta-arm-bsp/recipes-bsp/trusted-firmware-a/fiptool-native_2.9.0.bb similarity index 100% rename from meta-arm/recipes-bsp/trusted-firmware-a/fiptool-native_2.9.0.bb rename to meta-arm-bsp/recipes-bsp/trusted-firmware-a/fiptool-native_2.9.0.bb diff --git a/meta-arm/recipes-bsp/trusted-firmware-a/tf-a-tests_2.9.0.bb b/meta-arm-bsp/recipes-bsp/trusted-firmware-a/tf-a-tests_2.9.0.bb similarity index 100% rename from meta-arm/recipes-bsp/trusted-firmware-a/tf-a-tests_2.9.0.bb rename to meta-arm-bsp/recipes-bsp/trusted-firmware-a/tf-a-tests_2.9.0.bb diff --git a/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.8.6.bb b/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.8.6.bb index cffc6db1..ef7ea598 100644 --- a/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.8.6.bb +++ b/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.8.6.bb @@ -13,3 +13,7 @@ SRC_URI_MBEDTLS = "git://github.com/ARMmbed/mbedtls.git;name=mbedtls;protocol=ht SRCREV_mbedtls = "89f040a5c938985c5f30728baed21e49d0846a53" LIC_FILES_CHKSUM_MBEDTLS = "file://mbedtls/LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" + +do_compile:prepend() { + sed -i '/^LDLIBS/ s,$, \$\{BUILD_LDFLAGS},' ${S}/tools/fiptool/Makefile +} diff --git a/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.9.0.bb b/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.9.0.bb similarity index 73% rename from meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.9.0.bb rename to meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.9.0.bb index 31a6a909..d9fdf329 100644 --- a/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.9.0.bb +++ b/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.9.0.bb @@ -1,4 +1,4 @@ -require trusted-firmware-a.inc +require recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc # TF-A v2.9.0 SRCREV_tfa = "d3e71ead6ea5bc3555ac90a446efec84ef6c6122" @@ -10,3 +10,7 @@ SRC_URI_MBEDTLS = "git://github.com/ARMmbed/mbedtls.git;name=mbedtls;protocol=ht SRCREV_mbedtls = "1873d3bfc2da771672bd8e7e8f41f57e0af77f33" LIC_FILES_CHKSUM_MBEDTLS = "file://mbedtls/LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" + +do_compile:prepend() { + sed -i '/^LDLIBS/ s,$, \$\{BUILD_LDFLAGS},' ${S}/tools/fiptool/Makefile +} diff --git a/meta-arm/recipes-bsp/trusted-firmware-a/files/0001-bl31_runtime-revert-usage-of-plat_ic_has_interrupt_t.patch b/meta-arm/recipes-bsp/trusted-firmware-a/files/0001-bl31_runtime-revert-usage-of-plat_ic_has_interrupt_t.patch new file mode 100644 index 00000000..f6f054df --- /dev/null +++ b/meta-arm/recipes-bsp/trusted-firmware-a/files/0001-bl31_runtime-revert-usage-of-plat_ic_has_interrupt_t.patch @@ -0,0 +1,38 @@ +From fd13a4d304da4233cb954329bf287ec9dfbb7367 Mon Sep 17 00:00:00 2001 +From: Jon Mason +Date: Mon, 4 Dec 2023 10:20:21 -0500 +Subject: [PATCH] bl31_runtime: revert usage of plat_ic_has_interrupt_type + +There is a regression caused by commit +1f6bb41dd951714b47bf07bb9a332346ca261033 for the trusted services tests. +This is due to the fact that the referenced commit changes the behavior +from checking for both INTR_TYPE_EL3 and INTR_TYPE_S_EL1, to referencing +an existing function that #if for _either_ INTR_TYPE_EL3 or +INTR_TYPE_S_EL1 (depending on the value of GICV2_G0_FOR_EL3). To work +around this issue, revert the check back to its original form. + +Signed-off-by: Jon Mason +Upstream-Status: Pending +--- + bl31/interrupt_mgmt.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/bl31/interrupt_mgmt.c b/bl31/interrupt_mgmt.c +index 68c7f10add21..8e888b676b35 100644 +--- a/bl31/interrupt_mgmt.c ++++ b/bl31/interrupt_mgmt.c +@@ -47,9 +47,9 @@ static intr_type_desc_t intr_type_descs[MAX_INTR_TYPES]; + ******************************************************************************/ + static int32_t validate_interrupt_type(uint32_t type) + { +- if (plat_ic_has_interrupt_type(type)) { ++ if ((type == INTR_TYPE_S_EL1) || (type == INTR_TYPE_NS) || ++ (type == INTR_TYPE_EL3)) + return 0; +- } + + return -EINVAL; + } +-- +2.30.2 + diff --git a/meta-arm/recipes-bsp/trusted-firmware-a/fiptool-native_2.10.0.bb b/meta-arm/recipes-bsp/trusted-firmware-a/fiptool-native_2.10.0.bb new file mode 100644 index 00000000..e45ea9c4 --- /dev/null +++ b/meta-arm/recipes-bsp/trusted-firmware-a/fiptool-native_2.10.0.bb @@ -0,0 +1,33 @@ +# Firmware Image Package (FIP) +# It is a packaging format used by TF-A to package the +# firmware images in a single binary. + +DESCRIPTION = "fiptool - Trusted Firmware tool for packaging" +LICENSE = "BSD-3-Clause" + +SRC_URI_TRUSTED_FIRMWARE_A ?= "git://git.trustedfirmware.org/TF-A/trusted-firmware-a.git;protocol=https" +SRC_URI = "${SRC_URI_TRUSTED_FIRMWARE_A};destsuffix=fiptool-${PV};branch=${SRCBRANCH}" +LIC_FILES_CHKSUM = "file://docs/license.rst;md5=b2c740efedc159745b9b31f88ff03dde" + +# Use fiptool from TF-A v2.10.0 +SRCREV = "b6c0948400594e3cc4dbb5a4ef04b815d2675808" +SRCBRANCH = "master" + +DEPENDS += "openssl-native" + +inherit native + +EXTRA_OEMAKE = "V=1 HOSTCC='${BUILD_CC}' OPENSSL_DIR=${STAGING_DIR_NATIVE}/${prefix_native}" + +do_compile () { + # This is still needed to have the native fiptool executing properly by + # setting the RPATH + sed -i '/^LDOPTS/ s,$, \$\{BUILD_LDFLAGS},' ${S}/tools/fiptool/Makefile + sed -i '/^INCLUDE_PATHS/ s,$, \$\{BUILD_CFLAGS},' ${S}/tools/fiptool/Makefile + + oe_runmake fiptool +} + +do_install () { + install -D -p -m 0755 tools/fiptool/fiptool ${D}${bindir}/fiptool +} diff --git a/meta-arm/recipes-bsp/trusted-firmware-a/tf-a-tests_2.10.0.bb b/meta-arm/recipes-bsp/trusted-firmware-a/tf-a-tests_2.10.0.bb new file mode 100644 index 00000000..f3818b6d --- /dev/null +++ b/meta-arm/recipes-bsp/trusted-firmware-a/tf-a-tests_2.10.0.bb @@ -0,0 +1,55 @@ +DESCRIPTION = "Trusted Firmware-A tests(aka TFTF)" +LICENSE = "BSD-3-Clause & NCSA" + +LIC_FILES_CHKSUM += "file://docs/license.rst;md5=6175cc0aa2e63b6d21a32aa0ee7d1b4a" + +inherit deploy + +COMPATIBLE_MACHINE ?= "invalid" + +SRC_URI_TRUSTED_FIRMWARE_A_TESTS ?= "git://git.trustedfirmware.org/TF-A/tf-a-tests.git;protocol=https" +SRC_URI = "${SRC_URI_TRUSTED_FIRMWARE_A_TESTS};branch=${SRCBRANCH} \ + " +SRCBRANCH = "master" +SRCREV = "42b99719d5dde58bdde07712bcb70a20d87f9067" + +DEPENDS += "optee-os" + +EXTRA_OEMAKE += "USE_NVM=0" +EXTRA_OEMAKE += "SHELL_COLOR=1" +EXTRA_OEMAKE += "DEBUG=1" + +# Platform must be set for each machine +TFA_PLATFORM ?= "invalid" + +EXTRA_OEMAKE += "ARCH=aarch64" +EXTRA_OEMAKE += "LOG_LEVEL=50" + +S = "${WORKDIR}/git" +B = "${WORKDIR}/build" + +# Add platform parameter +EXTRA_OEMAKE += "BUILD_BASE=${B} PLAT=${TFA_PLATFORM}" + +# Requires CROSS_COMPILE set by hand as there is no configure script +export CROSS_COMPILE="${TARGET_PREFIX}" + +LDFLAGS[unexport] = "1" +do_compile() { + oe_runmake -C ${S} tftf +} + +do_compile[cleandirs] = "${B}" + +FILES:${PN} = "/firmware/tftf.bin" +SYSROOT_DIRS += "/firmware" + +do_install() { + install -d -m 755 ${D}/firmware + install -m 0644 ${B}/${TFA_PLATFORM}/debug/tftf.bin ${D}/firmware/tftf.bin +} + +do_deploy() { + cp -rf ${D}/firmware/* ${DEPLOYDIR}/ +} +addtask deploy after do_install diff --git a/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc b/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc index 2bdf2211..922c0a34 100644 --- a/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc +++ b/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc @@ -168,7 +168,7 @@ BUILD_DIR .= "/${@'debug' if d.getVar("TFA_DEBUG") == '1' else 'release'}" do_compile() { # This is still needed to have the native tools executing properly by # setting the RPATH - sed -i '/^LDLIBS/ s,$, \$\{BUILD_LDFLAGS},' ${S}/tools/fiptool/Makefile + sed -i '/^LDOPTS/ s,$, \$\{BUILD_LDFLAGS},' ${S}/tools/fiptool/Makefile sed -i '/^INCLUDE_PATHS/ s,$, \$\{BUILD_CFLAGS},' ${S}/tools/fiptool/Makefile sed -i '/^LIB/ s,$, \$\{BUILD_LDFLAGS},' ${S}/tools/cert_create/Makefile diff --git a/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend b/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend index ca0448f5..b3624bb3 100644 --- a/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend +++ b/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend @@ -10,6 +10,7 @@ TOOLCHAIN:qemuarm-secureboot = "gcc" FILESEXTRAPATHS:prepend:qemuarm64-secureboot := "${THISDIR}/files:" SRC_URI:append:qemuarm64-secureboot = " \ file://0001-Add-spmc_manifest-for-qemu.patch \ + file://0001-bl31_runtime-revert-usage-of-plat_ic_has_interrupt_t.patch \ " TFA_PLATFORM:qemuarm64-secureboot = "qemu" diff --git a/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.10.0.bb b/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.10.0.bb new file mode 100644 index 00000000..4f019844 --- /dev/null +++ b/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.10.0.bb @@ -0,0 +1,12 @@ +require recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc + +# TF-A v2.10.0 +SRCREV_tfa = "b6c0948400594e3cc4dbb5a4ef04b815d2675808" + +LIC_FILES_CHKSUM += "file://docs/license.rst;md5=b2c740efedc159745b9b31f88ff03dde" + +# mbedtls-3.5.1 +SRC_URI_MBEDTLS = "git://github.com/ARMmbed/mbedtls.git;name=mbedtls;protocol=https;destsuffix=git/mbedtls;branch=master" +SRCREV_mbedtls = "edb8fec9882084344a314368ac7fd957a187519c" + +LIC_FILES_CHKSUM_MBEDTLS = "file://mbedtls/LICENSE;md5=379d5819937a6c2f1ef1630d341e026d" diff --git a/meta-arm/recipes-bsp/uefi/edk2-firmware_202308.bb b/meta-arm/recipes-bsp/uefi/edk2-firmware_202308.bb index 8620a67b..2619f2fd 100644 --- a/meta-arm/recipes-bsp/uefi/edk2-firmware_202308.bb +++ b/meta-arm/recipes-bsp/uefi/edk2-firmware_202308.bb @@ -1,5 +1,5 @@ SRCREV_edk2 ?= "819cfc6b42a68790a23509e4fcc58ceb70e1965e" -SRCREV_edk2-platforms ?= "bb6841e3fd1c60b3f8510b4fc0a380784e05d326" +SRCREV_edk2-platforms ?= "88ea1c2b62d44d6a4ebf2626ddaeecbc74f96877" # FIXME - clang is having issues with antlr TOOLCHAIN:aarch64 = "gcc"