From patchwork Wed Dec 21 12:32:32 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: mohamed.omarasaker@arm.com X-Patchwork-Id: 17058 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 43BF6C4167B for ; Wed, 21 Dec 2022 12:33:23 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web10.17550.1671625994710580703 for ; Wed, 21 Dec 2022 04:33:14 -0800 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: mohamed.omarasaker@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 4D6E32F4; Wed, 21 Dec 2022 04:33:55 -0800 (PST) Received: from e126544.arm.com (unknown [10.57.74.144]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 650553F703; Wed, 21 Dec 2022 04:33:12 -0800 (PST) From: mohamed.omarasaker@arm.com To: meta-arm@lists.yoctoproject.org, Ross.Burton@arm.com Cc: nd@arm.com, Mohamed Omar Asaker Subject: [PATCH 1/5] arm-bsp/trusted-services: corstone1000: Use the stateless platform service calls Date: Wed, 21 Dec 2022 12:32:32 +0000 Message-Id: <20221221123236.342413-2-mohamed.omarasaker@arm.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20221221123236.342413-1-mohamed.omarasaker@arm.com> References: <20221221123236.342413-1-mohamed.omarasaker@arm.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 21 Dec 2022 12:33:23 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/4210 From: Mohamed Omar Asaker Apply patch to use the stateless platform service calls Calls to psa_connect is not needed and psa_call can be called directly with a pre defined handle. Signed-off-by: Mohamed Omar Asaker --- ...3-Use-the-stateless-platform-service.patch | 140 ++++++++++++++++++ .../trusted-services/ts-arm-platforms.inc | 1 + 2 files changed, 141 insertions(+) create mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0023-Use-the-stateless-platform-service.patch diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0023-Use-the-stateless-platform-service.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0023-Use-the-stateless-platform-service.patch new file mode 100644 index 00000000..824196c1 --- /dev/null +++ b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0023-Use-the-stateless-platform-service.patch @@ -0,0 +1,140 @@ +From 956b8a8e1dd5702b9c1657f4ec27a7aeddb0758e Mon Sep 17 00:00:00 2001 +From: Mohamed Omar Asaker +Date: Mon, 21 Nov 2022 00:08:20 +0000 +Subject: [PATCH] Use the stateless platform service calls + +Calls to psa_connect is not needed and psa_call can be called +directly with a pre defined handle. + +Signed-off-by: Satish Kumar +Signed-off-by: Mohamed Omar Asaker +Upstream-Status: Inappropriate [Design is to revisted] + +--- + .../provider/capsule_update_provider.c | 24 ++++--------------- + .../provider/corstone1000_fmp_service.c | 10 ++++---- + .../provider/corstone1000_fmp_service.h | 3 +-- + components/service/common/include/psa/sid.h | 6 +++++ + 4 files changed, 16 insertions(+), 27 deletions(-) + +diff --git a/components/service/capsule_update/provider/capsule_update_provider.c b/components/service/capsule_update/provider/capsule_update_provider.c +index 991a2235..6809249f 100644 +--- a/components/service/capsule_update/provider/capsule_update_provider.c ++++ b/components/service/capsule_update/provider/capsule_update_provider.c +@@ -61,7 +61,6 @@ void capsule_update_provider_deinit(struct capsule_update_provider *context) + static rpc_status_t event_handler(uint32_t opcode, struct rpc_caller *caller) + { + uint32_t ioctl_id; +- psa_handle_t handle; + rpc_status_t rpc_status = TS_RPC_CALL_ACCEPTED; + + struct psa_invec in_vec[] = { +@@ -79,31 +78,18 @@ static rpc_status_t event_handler(uint32_t opcode, struct rpc_caller *caller) + case CAPSULE_UPDATE_REQUEST: + /* Openamp call with IOCTL for firmware update*/ + ioctl_id = IOCTL_CORSTONE1000_FWU_FLASH_IMAGES; +- handle = psa_connect(caller, TFM_SP_PLATFORM_IOCTL_SID, +- TFM_SP_PLATFORM_IOCTL_VERSION); +- if (handle <= 0) { +- EMSG("%s Invalid handle", __func__); +- rpc_status = TS_RPC_ERROR_INVALID_PARAMETER; +- return rpc_status; +- } +- psa_call(caller,handle, PSA_IPC_CALL, ++ psa_call(caller,TFM_PLATFORM_SERVICE_HANDLE, TFM_PLATFORM_API_ID_IOCTL, + in_vec,IOVEC_LEN(in_vec), NULL, 0); +- set_fmp_image_info(caller, handle); ++ set_fmp_image_info(caller); + break; + + case KERNEL_STARTED_EVENT: + ioctl_id = IOCTL_CORSTONE1000_FWU_HOST_ACK; + /*openamp call with IOCTL for kernel start*/ +- handle = psa_connect(caller, TFM_SP_PLATFORM_IOCTL_SID, +- TFM_SP_PLATFORM_IOCTL_VERSION); +- if (handle <= 0) { +- EMSG("%s Invalid handle", __func__); +- rpc_status = TS_RPC_ERROR_INVALID_PARAMETER; +- return rpc_status; +- } +- psa_call(caller,handle, PSA_IPC_CALL, ++ ++ psa_call(caller,TFM_PLATFORM_SERVICE_HANDLE, TFM_PLATFORM_API_ID_IOCTL, + in_vec,IOVEC_LEN(in_vec), NULL, 0); +- set_fmp_image_info(caller, handle); ++ set_fmp_image_info(caller); + break; + default: + EMSG("%s unsupported opcode", __func__); +diff --git a/components/service/capsule_update/provider/corstone1000_fmp_service.c b/components/service/capsule_update/provider/corstone1000_fmp_service.c +index 6a7a47a7..d811af9f 100644 +--- a/components/service/capsule_update/provider/corstone1000_fmp_service.c ++++ b/components/service/capsule_update/provider/corstone1000_fmp_service.c +@@ -238,8 +238,7 @@ static psa_status_t unpack_image_info(void *buffer, uint32_t size) + return PSA_SUCCESS; + } + +-static psa_status_t get_image_info(struct rpc_caller *caller, +- psa_handle_t platform_service_handle) ++static psa_status_t get_image_info(struct rpc_caller *caller) + { + psa_status_t status; + psa_handle_t handle; +@@ -255,7 +254,7 @@ static psa_status_t get_image_info(struct rpc_caller *caller, + + memset(image_info_buffer, 0, IMAGE_INFO_BUFFER_SIZE); + +- psa_call(caller, platform_service_handle, PSA_IPC_CALL, ++ psa_call(caller, TFM_PLATFORM_SERVICE_HANDLE, TFM_PLATFORM_API_ID_IOCTL, + in_vec, IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); + + status = unpack_image_info(image_info_buffer, IMAGE_INFO_BUFFER_SIZE); +@@ -288,12 +287,11 @@ static psa_status_t set_image_info(struct rpc_caller *caller) + return PSA_SUCCESS; + } + +-void set_fmp_image_info(struct rpc_caller *caller, +- psa_handle_t platform_service_handle) ++void set_fmp_image_info(struct rpc_caller *caller) + { + psa_status_t status; + +- status = get_image_info(caller, platform_service_handle); ++ status = get_image_info(caller); + if (status != PSA_SUCCESS) { + return; + } +diff --git a/components/service/capsule_update/provider/corstone1000_fmp_service.h b/components/service/capsule_update/provider/corstone1000_fmp_service.h +index 95fba2a0..963223e8 100644 +--- a/components/service/capsule_update/provider/corstone1000_fmp_service.h ++++ b/components/service/capsule_update/provider/corstone1000_fmp_service.h +@@ -16,8 +16,7 @@ extern "C" { + + void provision_fmp_variables_metadata(struct rpc_caller *caller); + +-void set_fmp_image_info(struct rpc_caller *caller, +- psa_handle_t platform_service_handle); ++void set_fmp_image_info(struct rpc_caller *caller); + + #ifdef __cplusplus + } /* extern "C" */ +diff --git a/components/service/common/include/psa/sid.h b/components/service/common/include/psa/sid.h +index 7a29cc25..8103a9af 100644 +--- a/components/service/common/include/psa/sid.h ++++ b/components/service/common/include/psa/sid.h +@@ -37,6 +37,12 @@ extern "C" { + #define TFM_CRYPTO_VERSION (1U) + #define TFM_CRYPTO_HANDLE (0x40000100U) + ++ ++/******** TFM_PLATFORM_SERVICE *******/ ++#define TFM_PLATFORM_API_ID_IOCTL (1013) ++#define TFM_PLATFORM_SERVICE_HANDLE (0x40000105U) ++ ++ + /** + * \brief Define a progressive numerical value for each SID which can be used + * when dispatching the requests to the service +-- +2.25.1 + diff --git a/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc b/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc index 2d90fe57..59009555 100644 --- a/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc +++ b/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc @@ -24,6 +24,7 @@ SRC_URI:append:corstone1000 = " \ file://0020-FMP-Support-in-Corstone1000.patch;patchdir=../trusted-services \ file://0021-smm_gateway-add-checks-for-null-attributes.patch;patchdir=../trusted-services \ file://0022-GetNextVariableName-Fix.patch;patchdir=../trusted-services \ + file://0023-Use-the-stateless-platform-service.patch;patchdir=../trusted-services \ " COMPATIBLE_MACHINE:n1sdp = "n1sdp" From patchwork Wed Dec 21 12:32:33 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: mohamed.omarasaker@arm.com X-Patchwork-Id: 17056 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 43D46C46467 for ; Wed, 21 Dec 2022 12:33:23 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web10.17552.1671625996881470165 for ; Wed, 21 Dec 2022 04:33:17 -0800 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: mohamed.omarasaker@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 815832F4; Wed, 21 Dec 2022 04:33:57 -0800 (PST) Received: from e126544.arm.com (unknown [10.57.74.144]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id D81963F703; Wed, 21 Dec 2022 04:33:14 -0800 (PST) From: mohamed.omarasaker@arm.com To: meta-arm@lists.yoctoproject.org, Ross.Burton@arm.com Cc: nd@arm.com, Mohamed Omar Asaker Subject: [PATCH 2/5] arm-bsp/trusted-firmware-m: Bump TFM to v1.7 Date: Wed, 21 Dec 2022 12:32:33 +0000 Message-Id: <20221221123236.342413-3-mohamed.omarasaker@arm.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20221221123236.342413-1-mohamed.omarasaker@arm.com> References: <20221221123236.342413-1-mohamed.omarasaker@arm.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 21 Dec 2022 12:33:23 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/4211 From: Mohamed Omar Asaker Create tfm recipe for v1.7.x Signed-off-by: Mohamed Omar Asaker --- .../trusted-firmware-m_1.7.0.bb | 138 ++++++++++++++++++ 1 file changed, 138 insertions(+) create mode 100644 meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.7.0.bb diff --git a/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.7.0.bb b/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.7.0.bb new file mode 100644 index 00000000..f863dc71 --- /dev/null +++ b/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.7.0.bb @@ -0,0 +1,138 @@ +# SPDX-License-Identifier: MIT +# +# Copyright (c) 2020 Arm Limited +# + +SUMMARY = "Trusted Firmware for Cortex-M" +DESCRIPTION = "Trusted Firmware-M" +HOMEPAGE = "https://git.trustedfirmware.org/trusted-firmware-m.git" +PROVIDES = "virtual/trusted-firmware-m" + +LICENSE = "BSD-3-Clause & Apache-2.0" + +LIC_FILES_CHKSUM = "file://license.rst;md5=07f368487da347f3c7bd0fc3085f3afa \ + file://../tf-m-tests/license.rst;md5=02d06ffb8d9f099ff4961c0cb0183a18 \ + file://../mbedtls/LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57 \ + file://../mcuboot/LICENSE;md5=b6ee33f1d12a5e6ee3de1e82fb51eeb8" + +SRC_URI = "git://git.trustedfirmware.org/TF-M/trusted-firmware-m.git;protocol=https;branch=${SRCBRANCH_tfm};name=tfm;destsuffix=git/tfm \ + git://git.trustedfirmware.org/TF-M/tf-m-tests.git;protocol=https;branch=${SRCBRANCH_tfm-tests};name=tfm-tests;destsuffix=git/tf-m-tests \ + git://github.com/ARMmbed/mbedtls.git;protocol=https;branch=${SRCBRANCH_mbedtls};name=mbedtls;destsuffix=git/mbedtls \ + git://github.com/mcu-tools/mcuboot.git;protocol=https;branch=${SRCBRANCH_mcuboot};name=mcuboot;destsuffix=git/mcuboot \ + " + +# The required dependencies are documented in tf-m/config/config_default.cmake +# TF-Mv1.7.0 +SRCBRANCH_tfm ?= "release/1.7.x" +SRCREV_tfm = "b725a1346cdb9ec75b1adcdc4c84705881e8fd4e" +# mbedtls-3.2.0 +SRCBRANCH_mbedtls ?= "master" +SRCREV_mbedtls = "869298bffeea13b205343361b7a7daf2b210e33d" +# TF-Mv1.6.0 +SRCBRANCH_tfm-tests ?= "release/1.7.x" +SRCREV_tfm-tests = "4972e8df3fcbd386a5b0c18613d8a803f4dda082" +# v1.9.0 +SRCBRANCH_mcuboot ?= "main" +SRCREV_mcuboot = "c657cbea75f2bb1faf1fceacf972a0537a8d26dd" + +UPSTREAM_CHECK_GITTAGREGEX = "^TF-Mv(?P\d+(\.\d+)+)$" + +# Note to future readers of this recipe: until the CMakeLists don't abuse +# installation (see do_install) there is no point in trying to inherit +# cmake here. You can easily short-circuit the toolchain but the install +# is so convoluted there's no gain. + +inherit python3native deploy + +# Baremetal and we bring a compiler below +INHIBIT_DEFAULT_DEPS = "1" + +PACKAGE_ARCH = "${MACHINE_ARCH}" + +DEPENDS += "cmake-native \ + ninja-native \ + gcc-arm-none-eabi-native \ + python3-intelhex-native \ + python3-jinja2-native \ + python3-pyyaml-native \ + python3-click-native \ + python3-cryptography-native \ + python3-cbor2-native" + +S = "${WORKDIR}/git/tfm" +B = "${WORKDIR}/build" + +# Build for debug (set TFM_DEBUG to 1 to activate) +TFM_DEBUG ?= "0" + +# Platform must be set, ideally in the machine configuration. +TFM_PLATFORM ?= "" +python() { + if not d.getVar("TFM_PLATFORM"): + raise bb.parse.SkipRecipe("TFM_PLATFORM needs to be set") +} + +PACKAGECONFIG ??= "" +# Whether to integrate the test suite +PACKAGECONFIG[test-secure] = "-DTEST_S=ON,-DTEST_S=OFF" +PACKAGECONFIG[test-nonsecure] = "-DTEST_NS=ON,-DTEST_NS=OFF" + +# Currently we only support using the Arm binary GCC +EXTRA_OECMAKE += "-DTFM_TOOLCHAIN_FILE=${S}/toolchain_GNUARM.cmake" + +# Don't let FetchContent download more sources during do_configure +EXTRA_OECMAKE += "-DFETCHCONTENT_FULLY_DISCONNECTED=ON" + +# Add platform parameters +EXTRA_OECMAKE += "-DTFM_PLATFORM=${TFM_PLATFORM}" + +# Handle TFM_DEBUG parameter +EXTRA_OECMAKE += "${@bb.utils.contains('TFM_DEBUG', '1', '-DCMAKE_BUILD_TYPE=Debug', '-DCMAKE_BUILD_TYPE=Release', d)}" + +# Verbose builds +EXTRA_OECMAKE += "-DCMAKE_VERBOSE_MAKEFILE:BOOL=ON" + +EXTRA_OECMAKE += "-DMBEDCRYPTO_PATH=${S}/../mbedtls -DTFM_TEST_REPO_PATH=${S}/../tf-m-tests -DMCUBOOT_PATH=${S}/../mcuboot" + +export CMAKE_BUILD_PARALLEL_LEVEL = "${@oe.utils.parallel_make(d, False)}" + +# Let the Makefile handle setting up the CFLAGS and LDFLAGS as it is a standalone application +CFLAGS[unexport] = "1" +LDFLAGS[unexport] = "1" +AS[unexport] = "1" +LD[unexport] = "1" + +# python3-cryptography needs the legacy provider, so set OPENSSL_MODULES to the +# right path until this is relocated automatically. +export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules" + +do_configure[cleandirs] = "${B}" +do_configure() { + cmake -GNinja -S ${S} -B ${B} ${EXTRA_OECMAKE} ${PACKAGECONFIG_CONFARGS} +} + +# Invoke install here as there's no point in splitting compile from install: the +# first thing the build does is 'install' inside the build tree thus causing a +# rebuild. It also overrides the install prefix to be in the build tree, so you +# can't use the usual install prefix variables. +do_compile() { + cmake --build ${B} -- install +} +do_compile[progress] = "outof:^\[(\d+)/(\d+)\]\s+" + +do_install() { + # TODO install headers and static libraries when we know how they're used + install -d -m 755 ${D}/firmware + install -m 0644 ${B}/bin/* ${D}/firmware/ +} + +FILES:${PN} = "/firmware" +SYSROOT_DIRS += "/firmware" + +addtask deploy after do_install +do_deploy() { + cp -rf ${D}/firmware/* ${DEPLOYDIR}/ +} + +# Build paths are currently embedded +INSANE_SKIP:${PN} += "buildpaths" From patchwork Wed Dec 21 12:32:34 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: mohamed.omarasaker@arm.com X-Patchwork-Id: 17057 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3AAA8C41535 for ; Wed, 21 Dec 2022 12:33:23 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web10.17553.1671625998445545205 for ; Wed, 21 Dec 2022 04:33:18 -0800 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: mohamed.omarasaker@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 1D7ACAD7; Wed, 21 Dec 2022 04:33:59 -0800 (PST) Received: from e126544.arm.com (unknown [10.57.74.144]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id D9B5C3F703; Wed, 21 Dec 2022 04:33:16 -0800 (PST) From: mohamed.omarasaker@arm.com To: meta-arm@lists.yoctoproject.org, Ross.Burton@arm.com Cc: nd@arm.com, Mohamed Omar Asaker Subject: [PATCH 3/5] arm-bsp/trusted-firmware-m: corstone1000: TFM 1.7 Date: Wed, 21 Dec 2022 12:32:34 +0000 Message-Id: <20221221123236.342413-4-mohamed.omarasaker@arm.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20221221123236.342413-1-mohamed.omarasaker@arm.com> References: <20221221123236.342413-1-mohamed.omarasaker@arm.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 21 Dec 2022 12:33:23 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/4212 From: Mohamed Omar Asaker Add TFM corstone append file for v1.7 Signed-off-by: Mohamed Omar Asaker --- .../trusted-firmware-m-1.7.0-corstone1000.inc | 40 +++++++++++++++++++ .../trusted-firmware-m_1.7.%.bbappend | 6 +++ .../trusted-firmware-m_1.7.0.bb | 8 +++- 3 files changed, 52 insertions(+), 2 deletions(-) create mode 100644 meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-1.7.0-corstone1000.inc create mode 100644 meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.7.%.bbappend diff --git a/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-1.7.0-corstone1000.inc b/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-1.7.0-corstone1000.inc new file mode 100644 index 00000000..861dcff8 --- /dev/null +++ b/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-1.7.0-corstone1000.inc @@ -0,0 +1,40 @@ +# Corstone1000 machines specific TFM support + +COMPATIBLE_MACHINE = "(corstone1000)" + +TFM_PLATFORM = "arm/corstone1000" + +TFM_DEBUG = "1" + + + +## Default is the MPS3 board +TFM_PLATFORM_IS_FVP ?= "FALSE" +EXTRA_OECMAKE += "-DPLATFORM_IS_FVP=${TFM_PLATFORM_IS_FVP}" +EXTRA_OECMAKE += "-DCC312_LEGACY_DRIVER_API_ENABLED=OFF" + +# libmetal +LICENSE += "& BSD-3-Clause" +LIC_FILES_CHKSUM += "file://../libmetal/LICENSE.md;md5=fe0b8a4beea8f0813b606d15a3df3d3c" +SRC_URI += "git://github.com/OpenAMP/libmetal.git;protocol=https;branch=main;name=libmetal;destsuffix=git/libmetal" +SRCREV_libmetal = "f252f0e007fbfb8b3a52b1d5901250ddac96baad" +EXTRA_OECMAKE += "-DLIBMETAL_SRC_PATH=${S}/../libmetal -DLIBMETAL_BIN_PATH=${B}/libmetal-build" + +# OpenAMP +LICENSE += "& BSD-2-Clause & BSD-3-Clause" +LIC_FILES_CHKSUM += "file://../openamp/LICENSE.md;md5=a8d8cf662ef6bf9936a1e1413585ecbf" +SRC_URI += "git://github.com/OpenAMP/open-amp.git;protocol=https;branch=main;name=openamp;destsuffix=git/openamp" +SRCREV_openamp = "347397decaa43372fc4d00f965640ebde042966d" +EXTRA_OECMAKE += "-DLIBOPENAMP_SRC_PATH=${S}/../openamp -DLIBOPENAMP_BIN_PATH=${B}/libopenamp-build" + + +# Uncomment to apply patches +# FILESEXTRAPATHS:prepend := "${THISDIR}/corstone1000:" +# SRC_URI:append:corstone1000 = " \ +# " + +do_install() { + install -D -p -m 0644 ${B}/install/outputs/tfm_s_signed.bin ${D}/firmware/tfm_s_signed.bin + install -D -p -m 0644 ${B}/install/outputs/bl2_signed.bin ${D}/firmware/bl2_signed.bin + install -D -p -m 0644 ${B}/install/outputs/bl1.bin ${D}/firmware/bl1.bin +} diff --git a/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.7.%.bbappend b/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.7.%.bbappend new file mode 100644 index 00000000..ec0e483b --- /dev/null +++ b/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.7.%.bbappend @@ -0,0 +1,6 @@ +# Machine specific configurations + +MACHINE_TFM_REQUIRE ?= "" +MACHINE_TFM_REQUIRE:corstone1000 = "trusted-firmware-m-1.7.0-corstone1000.inc" + +require ${MACHINE_TFM_REQUIRE} diff --git a/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.7.0.bb b/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.7.0.bb index f863dc71..3b4469d0 100644 --- a/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.7.0.bb +++ b/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.7.0.bb @@ -8,7 +8,7 @@ DESCRIPTION = "Trusted Firmware-M" HOMEPAGE = "https://git.trustedfirmware.org/trusted-firmware-m.git" PROVIDES = "virtual/trusted-firmware-m" -LICENSE = "BSD-3-Clause & Apache-2.0" +LICENSE = "BSD-2-Clause & BSD-3-Clause & Apache-2.0" LIC_FILES_CHKSUM = "file://license.rst;md5=07f368487da347f3c7bd0fc3085f3afa \ file://../tf-m-tests/license.rst;md5=02d06ffb8d9f099ff4961c0cb0183a18 \ @@ -19,6 +19,7 @@ SRC_URI = "git://git.trustedfirmware.org/TF-M/trusted-firmware-m.git;protocol=h git://git.trustedfirmware.org/TF-M/tf-m-tests.git;protocol=https;branch=${SRCBRANCH_tfm-tests};name=tfm-tests;destsuffix=git/tf-m-tests \ git://github.com/ARMmbed/mbedtls.git;protocol=https;branch=${SRCBRANCH_mbedtls};name=mbedtls;destsuffix=git/mbedtls \ git://github.com/mcu-tools/mcuboot.git;protocol=https;branch=${SRCBRANCH_mcuboot};name=mcuboot;destsuffix=git/mcuboot \ + git://github.com/laurencelundblade/QCBOR.git;protocol=https;branch=${SRCBRANCH_qcbor};name=qcbor;destsuffix=git/qcbor \ " # The required dependencies are documented in tf-m/config/config_default.cmake @@ -34,6 +35,9 @@ SRCREV_tfm-tests = "4972e8df3fcbd386a5b0c18613d8a803f4dda082" # v1.9.0 SRCBRANCH_mcuboot ?= "main" SRCREV_mcuboot = "c657cbea75f2bb1faf1fceacf972a0537a8d26dd" +# qcbor +SRCBRANCH_qcbor ?= "master" +SRCREV_qcbor = "b0e7033268e88c9f27146fa9a1415ef4c19ebaff" UPSTREAM_CHECK_GITTAGREGEX = "^TF-Mv(?P\d+(\.\d+)+)$" @@ -92,7 +96,7 @@ EXTRA_OECMAKE += "${@bb.utils.contains('TFM_DEBUG', '1', '-DCMAKE_BUILD_TYPE=Deb # Verbose builds EXTRA_OECMAKE += "-DCMAKE_VERBOSE_MAKEFILE:BOOL=ON" -EXTRA_OECMAKE += "-DMBEDCRYPTO_PATH=${S}/../mbedtls -DTFM_TEST_REPO_PATH=${S}/../tf-m-tests -DMCUBOOT_PATH=${S}/../mcuboot" +EXTRA_OECMAKE += "-DMBEDCRYPTO_PATH=${S}/../mbedtls -DTFM_TEST_REPO_PATH=${S}/../tf-m-tests -DMCUBOOT_PATH=${S}/../mcuboot -DQCBOR_PATH=${S}/../qcbor" export CMAKE_BUILD_PARALLEL_LEVEL = "${@oe.utils.parallel_make(d, False)}" From patchwork Wed Dec 21 12:32:35 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: mohamed.omarasaker@arm.com X-Patchwork-Id: 17055 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 38601C4332F for ; Wed, 21 Dec 2022 12:33:23 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web11.17289.1671626001369229413 for ; Wed, 21 Dec 2022 04:33:21 -0800 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: mohamed.omarasaker@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id F08E72F4; Wed, 21 Dec 2022 04:34:01 -0800 (PST) Received: from e126544.arm.com (unknown [10.57.74.144]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 9583E3F703; Wed, 21 Dec 2022 04:33:18 -0800 (PST) From: mohamed.omarasaker@arm.com To: meta-arm@lists.yoctoproject.org, Ross.Burton@arm.com Cc: nd@arm.com, Mohamed Omar Asaker Subject: [PATCH 4/5] arm-bsp/musca_b1: Edit the platform name Date: Wed, 21 Dec 2022 12:32:35 +0000 Message-Id: <20221221123236.342413-5-mohamed.omarasaker@arm.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20221221123236.342413-1-mohamed.omarasaker@arm.com> References: <20221221123236.342413-1-mohamed.omarasaker@arm.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 21 Dec 2022 12:33:23 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/4213 From: Mohamed Omar Asaker The Platform name in TFM has changed from arm/musca_b1/sse_200 to arm/musca_b1 Signed-off-by: Mohamed Omar Asaker --- meta-arm-bsp/conf/machine/musca-b1.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta-arm-bsp/conf/machine/musca-b1.conf b/meta-arm-bsp/conf/machine/musca-b1.conf index c5ef3233..4e9cf829 100644 --- a/meta-arm-bsp/conf/machine/musca-b1.conf +++ b/meta-arm-bsp/conf/machine/musca-b1.conf @@ -20,4 +20,4 @@ QB_GRAPHICS = "-nographic -vga none" QB_MEM = "512k" QB_RNG = "" -TFM_PLATFORM = "arm/musca_b1/sse_200" +TFM_PLATFORM = "arm/musca_b1" From patchwork Wed Dec 21 12:32:36 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: mohamed.omarasaker@arm.com X-Patchwork-Id: 17059 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 39CA7C10F1B for ; Wed, 21 Dec 2022 12:33:33 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web11.17290.1671626007772817906 for ; Wed, 21 Dec 2022 04:33:27 -0800 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: mohamed.omarasaker@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 657D12F4; Wed, 21 Dec 2022 04:34:08 -0800 (PST) Received: from e126544.arm.com (unknown [10.57.74.144]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 9CE3E3F703; Wed, 21 Dec 2022 04:33:21 -0800 (PST) From: mohamed.omarasaker@arm.com To: meta-arm@lists.yoctoproject.org, Ross.Burton@arm.com Cc: nd@arm.com, Mohamed Omar Asaker Subject: [PATCH 5/5] arm-bsp/trusted-firmware-m: Remove TF-M 1.6 recipe Date: Wed, 21 Dec 2022 12:32:36 +0000 Message-Id: <20221221123236.342413-6-mohamed.omarasaker@arm.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20221221123236.342413-1-mohamed.omarasaker@arm.com> References: <20221221123236.342413-1-mohamed.omarasaker@arm.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 21 Dec 2022 12:33:33 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/4214 From: Mohamed Omar Asaker Remove old version recipe after adding TF-M 1.7 recipe Signed-off-by: Mohamed Omar Asaker --- ...e1000-platform-secure-test-framework.patch | 359 ----------- ...ake-external-system-support-optional.patch | 77 --- ...ble-secure-enclave-run-without-host-.patch | 298 --------- ...on-Allow-configuration-of-input-and-.patch | 72 --- ...pport-for-UEFI-FMP-image-Information.patch | 573 ------------------ ...0-remove-two-partition-configuration.patch | 51 -- ...ne1000-adjust-PS-asset-configuration.patch | 27 - .../trusted-firmware-m-corstone1000.inc | 44 -- .../trusted-firmware-m_1.6.%.bbappend | 6 - 9 files changed, 1507 deletions(-) delete mode 100644 meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0001-corstone1000-platform-secure-test-framework.patch delete mode 100644 meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0002-corstone1000-make-external-system-support-optional.patch delete mode 100644 meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0003-corstone1000-enable-secure-enclave-run-without-host-.patch delete mode 100644 meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0004-Platform-Partition-Allow-configuration-of-input-and-.patch delete mode 100644 meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0005-corstone1000-support-for-UEFI-FMP-image-Information.patch delete mode 100644 meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0006-corstone1000-remove-two-partition-configuration.patch delete mode 100644 meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0007-corstone1000-adjust-PS-asset-configuration.patch delete mode 100644 meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-corstone1000.inc delete mode 100644 meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.6.%.bbappend diff --git a/meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0001-corstone1000-platform-secure-test-framework.patch b/meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0001-corstone1000-platform-secure-test-framework.patch deleted file mode 100644 index 8f633191..00000000 --- a/meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0001-corstone1000-platform-secure-test-framework.patch +++ /dev/null @@ -1,359 +0,0 @@ -From 6ab17eeb8225cdf4afc6956c9a2774d60866c36d Mon Sep 17 00:00:00 2001 -From: Satish Kumar -Date: Mon, 28 Mar 2022 05:16:50 +0100 -Subject: [PATCH 1/6] corstone1000: platform secure test framework - -Change-Id: Ib781927f0add93ec9c06515d251e79518ee1db6e -Signed-off-by: Satish Kumar -Upstream-Status: Accepted [TF-Mv1.7.0] ---- - .../arm/corstone1000/Native_Driver/firewall.c | 15 ++ - .../arm/corstone1000/Native_Driver/firewall.h | 5 + - .../ci_regression_tests/CMakeLists.txt | 45 +++++ - .../corstone1000/ci_regression_tests/s_test.c | 186 ++++++++++++++++++ - .../corstone1000/ci_regression_tests/s_test.h | 30 +++ - .../ci_regression_tests/s_test_config.cmake | 8 + - 6 files changed, 289 insertions(+) - create mode 100644 platform/ext/target/arm/corstone1000/ci_regression_tests/CMakeLists.txt - create mode 100644 platform/ext/target/arm/corstone1000/ci_regression_tests/s_test.c - create mode 100644 platform/ext/target/arm/corstone1000/ci_regression_tests/s_test.h - create mode 100644 platform/ext/target/arm/corstone1000/ci_regression_tests/s_test_config.cmake - -diff --git a/platform/ext/target/arm/corstone1000/Native_Driver/firewall.c b/platform/ext/target/arm/corstone1000/Native_Driver/firewall.c -index 788cc3ec92..356b85e9d5 100755 ---- a/platform/ext/target/arm/corstone1000/Native_Driver/firewall.c -+++ b/platform/ext/target/arm/corstone1000/Native_Driver/firewall.c -@@ -293,6 +293,21 @@ void fc_enable_mpl(enum rgn_mpe_t mpe, enum rgn_mpl_t mpl) - ptr->rgn_mpl3 |= (mpl & RGN_MPL_EN_MASK); - } - -+void fc_read_mpl(enum rgn_mpe_t mpe, enum rgn_mpl_t* mpl) -+{ -+ struct _firewall_pe_rwe_reg_map_t *ptr = -+ (struct _firewall_pe_rwe_reg_map_t *)fw_data.rwe_ptr; -+ if (mpe == RGN_MPE0) -+ *mpl = (ptr->rgn_mpl0 & RGN_MPL_EN_MASK); -+ else if (mpe == RGN_MPE1) -+ *mpl = (ptr->rgn_mpl1 & RGN_MPL_EN_MASK); -+ else if (mpe == RGN_MPE2) -+ *mpl = (ptr->rgn_mpl2 & RGN_MPL_EN_MASK); -+ else if (mpe == RGN_MPE3) -+ *mpl = (ptr->rgn_mpl3 & RGN_MPL_EN_MASK); -+} -+ -+ - void fc_disable_mpl(enum rgn_mpe_t mpe, enum rgn_mpl_t mpl) - { - struct _firewall_pe_rwe_reg_map_t *ptr = -diff --git a/platform/ext/target/arm/corstone1000/Native_Driver/firewall.h b/platform/ext/target/arm/corstone1000/Native_Driver/firewall.h -index 48c86725ef..17afe6a92f 100755 ---- a/platform/ext/target/arm/corstone1000/Native_Driver/firewall.h -+++ b/platform/ext/target/arm/corstone1000/Native_Driver/firewall.h -@@ -247,6 +247,11 @@ void fc_init_mpl(enum rgn_mpe_t mpe); - */ - void fc_enable_mpl(enum rgn_mpe_t mpe, enum rgn_mpl_t mpl); - -+/** -+ * \brief Reads Master Permission List in the selected Firewall Component -+ */ -+void fc_read_mpl(enum rgn_mpe_t mpe, enum rgn_mpl_t* mpl); -+ - /** - * \brief Disables Master Permission List in the selected Firewall Component - */ -diff --git a/platform/ext/target/arm/corstone1000/ci_regression_tests/CMakeLists.txt b/platform/ext/target/arm/corstone1000/ci_regression_tests/CMakeLists.txt -new file mode 100644 -index 0000000000..70e1c20e4e ---- /dev/null -+++ b/platform/ext/target/arm/corstone1000/ci_regression_tests/CMakeLists.txt -@@ -0,0 +1,45 @@ -+#------------------------------------------------------------------------------- -+# Copyright (c) 2021-22, Arm Limited. All rights reserved. -+# -+# SPDX-License-Identifier: BSD-3-Clause -+# -+#------------------------------------------------------------------------------- -+ -+cmake_policy(SET CMP0079 NEW) -+ -+include(${CMAKE_CURRENT_SOURCE_DIR}/s_test_config.cmake) -+ -+####################### Secure ################################################# -+ -+add_library(corstone1000_test_s STATIC EXCLUDE_FROM_ALL) -+ -+target_sources(corstone1000_test_s -+ PRIVATE -+ ${CMAKE_CURRENT_SOURCE_DIR}/s_test.c -+ ../Native_Driver/firewall.c -+) -+ -+target_include_directories(corstone1000_test_s -+ PRIVATE -+ ${CMAKE_CURRENT_SOURCE_DIR} -+ ../Device/Include -+ ../Native_Driver -+) -+ -+# Example test links tfm_test_suite_extra_common to use related interface -+target_link_libraries(corstone1000_test_s -+ PRIVATE -+ tfm_test_suite_extra_common -+ tfm_log -+) -+ -+target_compile_definitions(corstone1000_test_s -+ PRIVATE -+ $<$:PLATFORM_IS_FVP> -+) -+ -+# The corstone1000_test_s library is linked by tfm_test_suite_extra_s -+target_link_libraries(tfm_test_suite_extra_s -+ PRIVATE -+ corstone1000_test_s -+) -diff --git a/platform/ext/target/arm/corstone1000/ci_regression_tests/s_test.c b/platform/ext/target/arm/corstone1000/ci_regression_tests/s_test.c -new file mode 100644 -index 0000000000..963f46d2ab ---- /dev/null -+++ b/platform/ext/target/arm/corstone1000/ci_regression_tests/s_test.c -@@ -0,0 +1,186 @@ -+/* -+ * Copyright (c) 2021-22, Arm Limited. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ * -+ */ -+ -+#include "s_test.h" -+#include "platform_base_address.h" -+#include "firewall.h" -+#include "tfm_log_raw.h" -+ -+#define DISABLED_TEST 0 -+ -+enum host_firewall_host_comp_id_t { -+ HOST_FCTRL = (0x00u), -+ COMP_SYSPERIPH, -+ COMP_DBGPERIPH, -+ COMP_AONPERIPH, -+ COMP_XNVM, -+ COMP_CVM, -+ COMP_HOSTCPU, -+ COMP_EXTSYS0, -+ COMP_EXTSYS1, -+ COMP_EXPSLV0, -+ COMP_EXPSLV1, -+ COMP_EXPMST0, -+ COMP_EXPMST1, -+ COMP_OCVM, -+ COMP_DEBUG, -+}; -+ -+const struct extra_tests_t plat_s_t = { -+ .test_entry = s_test, -+ .expected_ret = EXTRA_TEST_SUCCESS -+}; -+ -+static int test_host_firewall_status(void) -+{ -+ enum fw_lockdown_status_t status; -+ uint32_t any_component_id = 2; -+ -+ fc_select((void *)CORSTONE1000_HOST_FIREWALL_BASE, any_component_id); -+ status = fw_get_lockdown_status(); -+ if (status != FW_LOCKED) { -+ tfm_log_printf("FAIL: %s.\n\r", __func__); -+ return EXTRA_TEST_FAILED; -+ } -+ -+ tfm_log_printf("PASS: %s\n\r", __func__); -+ return EXTRA_TEST_SUCCESS; -+} -+ -+static int test_host_firewall_external_flash_configurations(void) -+{ -+ enum rgn_mpl_t mpl_rights = 0; -+ enum rgn_mpl_t expected_rights = 0; -+ -+#if !(PLATFORM_IS_FVP) -+ /* External flash */ -+ fc_select((void *)CORSTONE1000_HOST_FIREWALL_BASE, COMP_EXPMST0); -+ fc_select_region(3); -+ fc_read_mpl(RGN_MPE0, &mpl_rights); -+ expected_rights = (RGN_MPL_ANY_MST_MASK | RGN_MPL_SECURE_READ_MASK | -+ RGN_MPL_SECURE_WRITE_MASK); -+ if (mpl_rights != expected_rights) { -+ tfm_log_printf("FAIL1: %s.\n\r", __func__); -+ return EXTRA_TEST_FAILED; -+ } -+ /* XIP Permissions */ -+ fc_select((void *)CORSTONE1000_HOST_FIREWALL_BASE, COMP_XNVM); -+ fc_select_region(1); -+ fc_read_mpl(RGN_MPE0, &mpl_rights); -+ expected_rights = (RGN_MPL_ANY_MST_MASK | -+ RGN_MPL_SECURE_READ_MASK | -+ RGN_MPL_NONSECURE_READ_MASK); -+ if (mpl_rights != expected_rights) { -+ tfm_log_printf("FAIL2: %s.\n\r", __func__); -+ return EXTRA_TEST_FAILED; -+ } -+#else -+ /* Enable the below test when FVP Host Firewall is configured. */ -+ /* -+ fc_select((void *)CORSTONE1000_HOST_FIREWALL_BASE, COMP_XNVM); -+ fc_select_region(1); -+ fc_read_mpl(RGN_MPE0, &mpl_rights); -+ tfm_log_printf("mpl rights = %d\n\r", mpl_rights); -+ expected_rights = (RGN_MPL_ANY_MST_MASK | -+ RGN_MPL_SECURE_READ_MASK | -+ RGN_MPL_SECURE_WRITE_MASK | -+ RGN_MPL_NONSECURE_READ_MASK | -+ RGN_MPL_NONSECURE_WRITE_MASK); -+ if (mpl_rights != expected_rights) { -+ tfm_log_printf("FAIL1: %s.\n\r", __func__); -+ return EXTRA_TEST_FAILED; -+ } -+ */ -+#endif -+ -+ tfm_log_printf("PASS: %s\n\r", __func__); -+ return EXTRA_TEST_SUCCESS; -+} -+ -+static int test_host_firewall_secure_flash_configurations(void) -+{ -+ enum rgn_mpl_t mpl_rights = 0; -+ enum rgn_mpl_t expected_rights = 0; -+ -+#if !(PLATFORM_IS_FVP) -+ /* External flash */ -+ fc_select((void *)CORSTONE1000_HOST_FIREWALL_BASE, COMP_EXPMST1); -+ fc_select_region(1); -+ fc_read_mpl(RGN_MPE0, &mpl_rights); -+ expected_rights = (RGN_MPL_ANY_MST_MASK | RGN_MPL_SECURE_READ_MASK | -+ RGN_MPL_SECURE_WRITE_MASK); -+ if (mpl_rights != expected_rights) { -+ tfm_log_printf("FAIL: %s.\n\r", __func__); -+ return EXTRA_TEST_FAILED; -+ } -+#endif -+ -+ tfm_log_printf("PASS: %s\n\r", __func__); -+ return EXTRA_TEST_SUCCESS; -+} -+ -+static int test_bir_programming(void) -+{ -+ /* BIR is expected to bhaive like write once register */ -+ -+ volatile uint32_t *bir_base = (uint32_t *)CORSTONE1000_HOST_BIR_BASE; -+ -+ bir_base[0] = 0x1; -+ bir_base[0] = 0x2; -+ if (bir_base[0] != 0x1) { -+ tfm_log_printf("FAIL: %s : (%u)\n\r", __func__, bir_base[0]); -+ return EXTRA_TEST_FAILED; -+ } -+ -+ tfm_log_printf("PASS: %s\n\r", __func__); -+ return EXTRA_TEST_SUCCESS; -+} -+ -+int32_t s_test(void) -+{ -+ int status; -+ int failures = 0; -+ -+#if (DISABLED_TEST == 1) -+ status = test_host_firewall_status(); -+ if (status) { -+ failures++; -+ } -+#endif -+ -+ status = test_host_firewall_secure_flash_configurations(); -+ if (status) { -+ failures++; -+ } -+ -+ status = test_host_firewall_external_flash_configurations(); -+ if (status) { -+ failures++; -+ } -+ -+#if (DISABLED_TEST == 1) -+ status = test_bir_programming(); -+ if (status) { -+ failures++; -+ } -+#endif -+ -+ if (failures) { -+ tfm_log_printf("Not all platform test could pass: failures=%d\n\r", failures); -+ return EXTRA_TEST_FAILED; -+ } -+ -+ tfm_log_printf("ALL_PASS: corstone1000 platform test cases passed.\n\r"); -+ return EXTRA_TEST_SUCCESS; -+} -+ -+int32_t extra_tests_init(struct extra_tests_t *internal_test_t) -+{ -+ /* Add platform init code here. */ -+ -+ return register_extra_tests(internal_test_t, &plat_s_t); -+} -diff --git a/platform/ext/target/arm/corstone1000/ci_regression_tests/s_test.h b/platform/ext/target/arm/corstone1000/ci_regression_tests/s_test.h -new file mode 100644 -index 0000000000..8aff4d679c ---- /dev/null -+++ b/platform/ext/target/arm/corstone1000/ci_regression_tests/s_test.h -@@ -0,0 +1,30 @@ -+/* -+ * Copyright (c) 2021-22, Arm Limited. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ * -+ */ -+ -+#ifndef __S_TESTS_H__ -+#define __S_TESTS_H__ -+ -+#include "extra_tests_common.h" -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+const struct extra_tests_t plat_s_t; -+ -+/** -+ * \brief Platform specific secure test function. -+ * -+ * \returns Returns error code as specified in \ref int32_t -+ */ -+int32_t s_test(void); -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* __S_TESTS_H__ */ -diff --git a/platform/ext/target/arm/corstone1000/ci_regression_tests/s_test_config.cmake b/platform/ext/target/arm/corstone1000/ci_regression_tests/s_test_config.cmake -new file mode 100644 -index 0000000000..bb8d26bf1c ---- /dev/null -+++ b/platform/ext/target/arm/corstone1000/ci_regression_tests/s_test_config.cmake -@@ -0,0 +1,8 @@ -+#------------------------------------------------------------------------------- -+# Copyright (c) 2021-22, Arm Limited. All rights reserved. -+# -+# SPDX-License-Identifier: BSD-3-Clause -+# -+#------------------------------------------------------------------------------- -+ -+############ Define secure test specific cmake configurations here ############# --- -2.25.1 - diff --git a/meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0002-corstone1000-make-external-system-support-optional.patch b/meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0002-corstone1000-make-external-system-support-optional.patch deleted file mode 100644 index c6bacb49..00000000 --- a/meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0002-corstone1000-make-external-system-support-optional.patch +++ /dev/null @@ -1,77 +0,0 @@ -From 6fd49ab55c3419429e437845864c5bb2d731da29 Mon Sep 17 00:00:00 2001 -From: Satish Kumar -Date: Mon, 25 Apr 2022 05:26:38 +0100 -Subject: [PATCH 2/6] corstone1000: make external system support optional - -The commits introduce build time variables to make -external system support in the platform optional. - -Change-Id: I593014e0da4ac553c105c66ae55f6fd83ffe427e -Signed-off-by: Satish Kumar -Upstream-Status: Accepted [TF-Mv1.7.0] ---- - .../ext/target/arm/corstone1000/CMakeLists.txt | 1 + - platform/ext/target/arm/corstone1000/config.cmake | 1 + - .../target/arm/corstone1000/tfm_hal_multi_core.c | 15 +++++++++++++++ - 3 files changed, 17 insertions(+) - -diff --git a/platform/ext/target/arm/corstone1000/CMakeLists.txt b/platform/ext/target/arm/corstone1000/CMakeLists.txt -index 16bc708964..39d7b03455 100644 ---- a/platform/ext/target/arm/corstone1000/CMakeLists.txt -+++ b/platform/ext/target/arm/corstone1000/CMakeLists.txt -@@ -97,6 +97,7 @@ target_compile_definitions(platform_s - PRIVATE - $<$:PLATFORM_IS_FVP> - $<$:TEST_S> -+ $<$:EXTERNAL_SYSTEM_SUPPORT> - ) - - #========================= Platform BL2 =======================================# -diff --git a/platform/ext/target/arm/corstone1000/config.cmake b/platform/ext/target/arm/corstone1000/config.cmake -index e5f91108ee..a3399db318 100644 ---- a/platform/ext/target/arm/corstone1000/config.cmake -+++ b/platform/ext/target/arm/corstone1000/config.cmake -@@ -21,6 +21,7 @@ set(CRYPTO_HW_ACCELERATOR ON CACHE BOOL "Whether to en - set(CRYPTO_NV_SEED OFF CACHE BOOL "Use stored NV seed to provide entropy") - set(TFM_CRYPTO_TEST_ALG_CFB OFF CACHE BOOL "Test CFB cryptography mode") - set(NS FALSE CACHE BOOL "Whether to build NS app") -+set(EXTERNAL_SYSTEM_SUPPORT OFF CACHE BOOL "Whether to include external system support.") - - # FVP is not integrated/tested with CC312. - if (${PLATFORM_IS_FVP}) -diff --git a/platform/ext/target/arm/corstone1000/tfm_hal_multi_core.c b/platform/ext/target/arm/corstone1000/tfm_hal_multi_core.c -index 8e1b455086..8622844d91 100644 ---- a/platform/ext/target/arm/corstone1000/tfm_hal_multi_core.c -+++ b/platform/ext/target/arm/corstone1000/tfm_hal_multi_core.c -@@ -16,6 +16,16 @@ - #define HOST_CPU_PE0_CONFIG_OFFSET 0x010 - #define AA64nAA32_MASK (1 << 3) - -+#ifdef EXTERNAL_SYSTEM_SUPPORT -+void tfm_external_system_boot() -+{ -+ volatile uint32_t *ext_sys_reset_ctl_reg = (uint32_t *)(CORSTONE1000_EXT_SYS_RESET_REG); -+ -+ /* de-assert CPU_WAIT signal*/ -+ *ext_sys_reset_ctl_reg = 0x0; -+} -+#endif -+ - void tfm_hal_boot_ns_cpu(uintptr_t start_addr) - { - /* Switch the shared flash to XiP mode for the host */ -@@ -53,6 +63,11 @@ void tfm_hal_boot_ns_cpu(uintptr_t start_addr) - *reset_ctl_reg = 0; - - (void) start_addr; -+ -+#ifdef EXTERNAL_SYSTEM_SUPPORT -+ /*release EXT SYS out of reset*/ -+ tfm_external_system_boot(); -+#endif - } - - void tfm_hal_wait_for_ns_cpu_ready(void) --- -2.25.1 - diff --git a/meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0003-corstone1000-enable-secure-enclave-run-without-host-.patch b/meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0003-corstone1000-enable-secure-enclave-run-without-host-.patch deleted file mode 100644 index 64229522..00000000 --- a/meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0003-corstone1000-enable-secure-enclave-run-without-host-.patch +++ /dev/null @@ -1,298 +0,0 @@ -From 2e56f2601249243f2fb3ba67caf9febe4bfc8371 Mon Sep 17 00:00:00 2001 -From: Satish Kumar -Date: Tue, 26 Apr 2022 20:17:13 +0100 -Subject: [PATCH 3/6] corstone1000: enable secure enclave run without host - binaries - -In TEST_S configuration, the build disables part of the code which -assumes that the host binaries are present in the flash. This change -will allow secure enclave's part of the platforms software to build -and run without the host support. The configuration can be used to run -CI and test secure enclave software independently. - -Change-Id: I29325750a3bea270fe5b3b8b47932a7071a59482 -Signed-off-by: Satish Kumar -Upstream-Status: Accepted [TF-Mv1.7.0] ---- - .../ext/target/arm/corstone1000/readme.rst | 88 +++++++++++++++---- - .../target/arm/corstone1000/CMakeLists.txt | 8 +- - .../arm/corstone1000/bl1/CMakeLists.txt | 2 +- - .../target/arm/corstone1000/bl2_flash_map.c | 2 + - .../target/arm/corstone1000/boot_hal_bl2.c | 2 + - .../ext/target/arm/corstone1000/config.cmake | 11 ++- - .../arm/corstone1000/partition/flash_layout.h | 2 +- - .../arm/corstone1000/tfm_hal_multi_core.c | 2 + - 8 files changed, 94 insertions(+), 23 deletions(-) - -diff --git a/docs/platform/ext/target/arm/corstone1000/readme.rst b/docs/platform/ext/target/arm/corstone1000/readme.rst -index 94b58ac6fc..10c9c58f78 100644 ---- a/docs/platform/ext/target/arm/corstone1000/readme.rst -+++ b/docs/platform/ext/target/arm/corstone1000/readme.rst -@@ -7,22 +7,27 @@ Introduction - ************ - - The ARM's Corstone-1000 platform is a reference implementation of PSA FF-M --architecture where NSPE and SPE environments are partitioned into -+architecture where NSPE and SPE environments are partitioned/isolated into - Cortex-A35 and Cortex-M0+ respectively. - - Cortex-M0+ acting as Secure Enclave is the Root-of-trust of SoC. Its --software comprises of two boot loading stages, i.e. Bl1 and Bl2, based on --mcuboot, and TF-M as run time software. Cortex-A35, also referred as host, --is completely treated as non-secure from the Secure Enclave perspective. -+software comprises of two boot loading stages, i.e. Bl1 and Bl2 (based on -+mcuboot) and TF-M as run time software. Cortex-A35, also referred as host, -+is treated as non-secure from the Secure Enclave perspective. - The Cortex-A35 is brought out of rest by Secure Enclave in aarch64 bit mode, - and boots the software ecosystem based on linux, u-boot, UEFI run time --services, TF-A and Optee. -+services, TF-A, Secure Partitions and Optee. - - The communication between NSPE and SPE is based on PSA IPC protocol running on --top of OpenAMP. -+top of FF-A/OpenAMP. - - The secure enclave subsystem has ARM's CC-312 (Crypto Cell) hardware to --accelerate cryptographic operations. -+accelerate cryptographic operations. Additionaly, platform supports Secure Debug -+using SDC-600 as the communication interface between host debugger and platform -+target. The platform has the build option to enable secure debug protocol to -+unlock debug ports during boot time. The protocol is based on ARM's ADAC -+(Authenticated Debug Access Control) standard. -+ - - *********** - System boot -@@ -33,23 +38,76 @@ System boot - - BL1 load, verifies and transfer execution to BL2 which is again based on mcuboot. - - BL2 loads and verifies TF-M and host's initial boot loader image. - - BL2 transfer the execution to the TF-M. --- During TF-M initialization, the host is reset. -+- During TF-M initialization, the host is taken out of rest. -+- Hashes of the keys used for image verification are stored in the OTP memory. - - ***** - Build - ***** - --.. code-block:: -+Platform solution -+================= -+ -+The platform binaries are build using Yocto. Below is the user guide: -+ -+`Arm Corstone-1000 User Guide`_ -+ -+Secure Test -+=========== -+ -+This section can be used to test the secure enclave software indedendently from -+the host. The below configuration builds the secure enclave binaries with CI test -+frame integrated. On boot, secure enclave softwares stack is brought up, and -+CI tests starts executing at the end of the initialization process. In the -+below configuration, host software support is disabled, and meant only -+to test/verify the secure enclave softwares. -+ -+FVP -+--- - -- cmake -B build/ -S / -DCMAKE_BUILD_TYPE=Debug -DTFM_TOOLCHAIN_FILE=/toolchain_GNUARM.cmake -DTFM_PLATFORM=arm/corstone1000 -+- Download Corstone-1000 FVP from : `Arm Ecosystem FVPs`_ -+- Install FVP by running the shell script. -+- Running of the binary will boot secure enclave software stack and at the end all CI test -+ from tf-m-test along with platform specific tests are executed. -+ -+.. code-block:: bash -+ -+ cmake -B build/ -S / -DCMAKE_BUILD_TYPE=Debug -DTFM_TOOLCHAIN_FILE=/toolchain_GNUARM.cmake -DTFM_PLATFORM=arm/corstone1000 -DPLATFORM_IS_FVP=TRUE -DTEST_NS=OFF -DTEST_S=ON -DEXTRA_S_TEST_SUITES_PATHS=/trusted-firmware-m/platform/ext/target/arm/corstone1000/ci_regression_tests/ - cmake --build build -- install -+ cd ./build/install/outputs/ -+ cat bl2_signed.bin bl2_signed.bin tfm_s_signed.bin > cs1000.bin -+ cd /models/Linux64_GCC-9.3/ -+ ./FVP_Corstone-1000 -C board.flashloader0.fname="none" -C se.trustedBootROMloader.fname=".//install/outputs/bl1.bin" -C board.xnvm_size=64 -C se.trustedSRAM_config=6 -C se.BootROM_config="3" -C board.smsc_91c111.enabled=0 -C board.hostbridge.userNetworking=true --data board.flash0=.//install/outputs/cs1000.bin@0x68100000 -C diagnostics=4 -C disable_visualisation=true -C board.se_flash_size=8192 -C diagnostics=4 -C disable_visualisation=true -+ -+FPGA -+---- - --The binaries will be installed inside: -+- Follow the above pointed platform user guide to setup the FPGA board. -+- Use the BL1 generated from the below commands to place it inside FPGA board SD Card. -+- Use the cs1000.bin created from the below commands to place it inside FPGA board SD Card. -+ -+.. code-block:: bash -+ -+ cmake -B build/ -S / -DCMAKE_BUILD_TYPE=Debug -DTFM_TOOLCHAIN_FILE=/toolchain_GNUARM.cmake -DTFM_PLATFORM=arm/corstone1000 -DTEST_NS=OFF -DTEST_S=ON -DEXTRA_S_TEST_SUITES_PATHS=/trusted-firmware-m/platform/ext/target/arm/corstone1000/ci_regression_tests/ -DTEST_S_PS=OFF -DTEST_S_PLATFORM=OFF -+ cmake --build build -- install -+ cd ./build/install/outputs/ -+ cat bl2_signed.bin bl2_signed.bin tfm_s_signed.bin > cs1000.bin -+ cp bl1.bin /SOFTWARE/ -+ cp cs1000.bin /SOFTWARE/ - --.. code-block:: -+FPGA build can not compile all the CI tests into a single build as it exceeds -+the available RAM size. So there is a need to select few tests but not all. -+The above configuration disable build of -DTEST_S_PS and -DTEST_S_PLATFORM. -+Other test configurations are: - -- ./build/install/outputs/ARM/CORSTONE1000 -+- -DTEST_S_ATTESTATION=ON/OFF -+- -DTEST_S_AUDIT=ON/OFF -+- -DTEST_S_CRYPTO=ON/OFF -+- -DTEST_S_ITS=ON/OFF -+- -DTEST_S_PS=ON/OFF -+- -DTEST_S_PLATFORM=ON/OFF - ---------------- -+*Copyright (c) 2021-2022, Arm Limited. All rights reserved.* - --*Copyright (c) 2021, Arm Limited. All rights reserved.* -+.. _Arm Ecosystem FVPs: https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps -+.. _Arm Corstone-1000 User Guide: https://gitlab.arm.com/arm-reference-solutions/arm-reference-solutions-docs/-/blob/CORSTONE1000-2022.04.19/docs/embedded-a/corstone1000/user-guide.rst -diff --git a/platform/ext/target/arm/corstone1000/CMakeLists.txt b/platform/ext/target/arm/corstone1000/CMakeLists.txt -index 39d7b03455..81522c7cf0 100644 ---- a/platform/ext/target/arm/corstone1000/CMakeLists.txt -+++ b/platform/ext/target/arm/corstone1000/CMakeLists.txt -@@ -18,7 +18,7 @@ target_include_directories(platform_region_defs - - target_compile_definitions(platform_region_defs - INTERFACE -- $<$:TEST_S> -+ $<$:TFM_S_REG_TEST> - ) - #========================= Platform common defs ===============================# - -@@ -75,7 +75,7 @@ target_sources(platform_s - $<$:${CMAKE_CURRENT_SOURCE_DIR}/services/src/tfm_platform_system.c> - fw_update_agent/uefi_capsule_parser.c - fw_update_agent/fwu_agent.c -- $<$:${CMAKE_CURRENT_SOURCE_DIR}/target_cfg.c> -+ $<$:${CMAKE_CURRENT_SOURCE_DIR}/target_cfg.c> - ) - - if (PLATFORM_IS_FVP) -@@ -96,7 +96,7 @@ endif() - target_compile_definitions(platform_s - PRIVATE - $<$:PLATFORM_IS_FVP> -- $<$:TEST_S> -+ $<$:TFM_S_REG_TEST> - $<$:EXTERNAL_SYSTEM_SUPPORT> - ) - -@@ -136,7 +136,7 @@ endif() - target_compile_definitions(platform_bl2 - PRIVATE - $<$:PLATFORM_IS_FVP> -- $<$:TEST_S> -+ $<$:TFM_S_REG_TEST> - ) - - # boot_hal_bl2.c is compiled as part of 'bl2' target and not inside -diff --git a/platform/ext/target/arm/corstone1000/bl1/CMakeLists.txt b/platform/ext/target/arm/corstone1000/bl1/CMakeLists.txt -index 369695f148..d39c5ae91d 100644 ---- a/platform/ext/target/arm/corstone1000/bl1/CMakeLists.txt -+++ b/platform/ext/target/arm/corstone1000/bl1/CMakeLists.txt -@@ -291,7 +291,7 @@ target_compile_definitions(signing_layout_for_bl2 - PRIVATE - MCUBOOT_IMAGE_NUMBER=${BL1_IMAGE_NUMBER} - BL1 -- $<$:TEST_S> -+ $<$:TFM_S_REG_TEST> - ) - - target_include_directories(signing_layout_for_bl2 -diff --git a/platform/ext/target/arm/corstone1000/bl2_flash_map.c b/platform/ext/target/arm/corstone1000/bl2_flash_map.c -index 6bffa274df..0a6a592d94 100644 ---- a/platform/ext/target/arm/corstone1000/bl2_flash_map.c -+++ b/platform/ext/target/arm/corstone1000/bl2_flash_map.c -@@ -38,6 +38,7 @@ struct flash_area flash_map[] = { - .fa_off = FLASH_AREA_1_OFFSET, - .fa_size = FLASH_AREA_1_SIZE, - }, -+#ifndef TFM_S_REG_TEST - { - .fa_id = FLASH_AREA_2_ID, - .fa_device_id = FLASH_DEVICE_ID, -@@ -52,6 +53,7 @@ struct flash_area flash_map[] = { - .fa_off = FLASH_INVALID_OFFSET, - .fa_size = FLASH_INVALID_SIZE, - }, -+#endif - }; - - const int flash_map_entry_num = ARRAY_SIZE(flash_map); -diff --git a/platform/ext/target/arm/corstone1000/boot_hal_bl2.c b/platform/ext/target/arm/corstone1000/boot_hal_bl2.c -index 792e06f81e..134315a17b 100644 ---- a/platform/ext/target/arm/corstone1000/boot_hal_bl2.c -+++ b/platform/ext/target/arm/corstone1000/boot_hal_bl2.c -@@ -100,10 +100,12 @@ int32_t boot_platform_init(void) - return 1; - } - -+#ifndef TFM_S_REG_TEST - result = fill_bl2_flash_map_by_parsing_fips(BANK_0_PARTITION_OFFSET); - if (result) { - return 1; - } -+#endif - - result = FLASH_DEV_NAME.Initialize(NULL); - if (result != ARM_DRIVER_OK) { -diff --git a/platform/ext/target/arm/corstone1000/config.cmake b/platform/ext/target/arm/corstone1000/config.cmake -index a3399db318..a6a1a33c42 100644 ---- a/platform/ext/target/arm/corstone1000/config.cmake -+++ b/platform/ext/target/arm/corstone1000/config.cmake -@@ -13,8 +13,15 @@ set(DEFAULT_MCUBOOT_FLASH_MAP OFF CACHE BOOL "Whether to us - set(MCUBOOT_UPGRADE_STRATEGY "RAM_LOAD" CACHE STRING "Upgrade strategy when multiple boot images are loaded") - set(MCUBOOT_SECURITY_COUNTER_S "1" CACHE STRING "Security counter for S image. auto sets it to IMAGE_VERSION_S") - --set(TFM_ISOLATION_LEVEL 2 CACHE STRING "Isolation level") --set(MCUBOOT_IMAGE_NUMBER 2 CACHE STRING "Whether to combine S and NS into either 1 image, or sign each separately") -+if (TEST_S OR TEST_S_ATTESTATION OR TEST_S_AUDIT OR TEST_S_CRYPTO OR TEST_S_ITS OR TEST_S_PS OR TEST_S_PLATFORM OR EXTRA_S_TEST_SUITES_PATHS) -+ # Test configuration: host images are not needed and work only with isolation level 1 -+ set(MCUBOOT_IMAGE_NUMBER 1 CACHE STRING "Whether to combine S and NS into either 1 image, or sign each separately") -+ set(TFM_ISOLATION_LEVEL 1 CACHE STRING "Isolation level") -+else() -+ set(MCUBOOT_IMAGE_NUMBER 2 CACHE STRING "Whether to combine S and NS into either 1 image, or sign each separately") -+ set(TFM_ISOLATION_LEVEL 2 CACHE STRING "Isolation level") -+endif() -+ - set(TFM_MULTI_CORE_TOPOLOGY ON CACHE BOOL "Whether to build for a dual-cpu architecture") - set(TFM_PLAT_SPECIFIC_MULTI_CORE_COMM ON CACHE BOOL "Whether to use a platform specific inter core communication instead of mailbox in dual-cpu topology") - set(CRYPTO_HW_ACCELERATOR ON CACHE BOOL "Whether to enable the crypto hardware accelerator on supported platforms") -diff --git a/platform/ext/target/arm/corstone1000/partition/flash_layout.h b/platform/ext/target/arm/corstone1000/partition/flash_layout.h -index aa5a8fe463..b0319bb319 100644 ---- a/platform/ext/target/arm/corstone1000/partition/flash_layout.h -+++ b/platform/ext/target/arm/corstone1000/partition/flash_layout.h -@@ -119,7 +119,7 @@ - * - */ - #define SE_BL2_PARTITION_SIZE (0x19000) /* 100 KB */ --#ifdef TEST_S -+#ifdef TFM_S_REG_TEST - #define TFM_PARTITION_SIZE (0x61C00) /* 391 KB */ - #else - #define TFM_PARTITION_SIZE (0x5E000) /* 376 KB */ -diff --git a/platform/ext/target/arm/corstone1000/tfm_hal_multi_core.c b/platform/ext/target/arm/corstone1000/tfm_hal_multi_core.c -index 8622844d91..1146ffe22a 100644 ---- a/platform/ext/target/arm/corstone1000/tfm_hal_multi_core.c -+++ b/platform/ext/target/arm/corstone1000/tfm_hal_multi_core.c -@@ -31,6 +31,7 @@ void tfm_hal_boot_ns_cpu(uintptr_t start_addr) - /* Switch the shared flash to XiP mode for the host */ - Select_XIP_Mode_For_Shared_Flash(); - -+#ifndef TFM_S_REG_TEST - volatile uint32_t *bir_base = (uint32_t *)CORSTONE1000_HOST_BIR_BASE; - - /* Program Boot Instruction Register to jump to BL2 (TF-A) base address -@@ -68,6 +69,7 @@ void tfm_hal_boot_ns_cpu(uintptr_t start_addr) - /*release EXT SYS out of reset*/ - tfm_external_system_boot(); - #endif -+#endif /* !TFM_S_REG_TEST */ - } - - void tfm_hal_wait_for_ns_cpu_ready(void) --- -2.25.1 - diff --git a/meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0004-Platform-Partition-Allow-configuration-of-input-and-.patch b/meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0004-Platform-Partition-Allow-configuration-of-input-and-.patch deleted file mode 100644 index 211fb9e6..00000000 --- a/meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0004-Platform-Partition-Allow-configuration-of-input-and-.patch +++ /dev/null @@ -1,72 +0,0 @@ -From f3686dfb8fb97cb42c3d4f8ee2d7aa736d5cb760 Mon Sep 17 00:00:00 2001 -From: Satish Kumar -Date: Wed, 3 Aug 2022 15:50:27 +0100 -Subject: [PATCH 4/6] Platform Partition: Allow configuration of input and - output buffer - -The change makes input and output buffer size macros used by -the platform partition to be configured by cmake. This will -allow platforms to set the buffer size accordingly. - -Change-Id: Ia492ce02f8744b0157228d9be51a9ec5b7c88ef6 -Signed-off-by: Satish Kumar -Upstream-Status: Accepted [TF-Mv1.7.0] ---- - config/config_default.cmake | 2 ++ - secure_fw/partitions/platform/CMakeLists.txt | 6 ++++++ - secure_fw/partitions/platform/platform_sp.c | 9 +++++++-- - 3 files changed, 15 insertions(+), 2 deletions(-) - -diff --git a/config/config_default.cmake b/config/config_default.cmake -index 3112b707bc..497c972dc9 100755 ---- a/config/config_default.cmake -+++ b/config/config_default.cmake -@@ -141,6 +141,8 @@ set(ATTEST_INCLUDE_OPTIONAL_CLAIMS ON CACHE BOOL "Include opt - set(ATTEST_INCLUDE_COSE_KEY_ID OFF CACHE BOOL "Include COSE key-id in initial attestation token") - - set(TFM_PARTITION_PLATFORM ON CACHE BOOL "Enable Platform partition") -+set(PLATFORM_SERVICE_INPUT_BUFFER_SIZE 64 CACHE STRING "Size of input buffer in platform service.") -+set(PLATFORM_SERVICE_OUTPUT_BUFFER_SIZE 64 CACHE STRING "Size of output buffer in platform service.") - - set(TFM_PARTITION_AUDIT_LOG OFF CACHE BOOL "Enable Audit Log partition") - -diff --git a/secure_fw/partitions/platform/CMakeLists.txt b/secure_fw/partitions/platform/CMakeLists.txt -index 4b37cd780c..3070f89d6d 100644 ---- a/secure_fw/partitions/platform/CMakeLists.txt -+++ b/secure_fw/partitions/platform/CMakeLists.txt -@@ -47,6 +47,12 @@ target_link_libraries(tfm_psa_rot_partition_platform - tfm_spm - ) - -+target_compile_definitions(tfm_psa_rot_partition_platform -+ PRIVATE -+ INPUT_BUFFER_SIZE=${PLATFORM_SERVICE_INPUT_BUFFER_SIZE} -+ OUTPUT_BUFFER_SIZE=${PLATFORM_SERVICE_OUTPUT_BUFFER_SIZE} -+) -+ - ############################ Secure API ######################################## - - target_sources(tfm_sprt -diff --git a/secure_fw/partitions/platform/platform_sp.c b/secure_fw/partitions/platform/platform_sp.c -index 673cb0ee06..87bd434720 100644 ---- a/secure_fw/partitions/platform/platform_sp.c -+++ b/secure_fw/partitions/platform/platform_sp.c -@@ -38,8 +38,13 @@ static const int32_t nv_counter_access_map[NV_COUNTER_MAP_SIZE] = { - #include "psa/service.h" - #include "region_defs.h" - --#define INPUT_BUFFER_SIZE 64 --#define OUTPUT_BUFFER_SIZE 64 -+#ifndef INPUT_BUFFER_SIZE -+#define INPUT_BUFFER_SIZE 64 -+#endif -+ -+#ifndef OUTPUT_BUFFER_SIZE -+#define OUTPUT_BUFFER_SIZE 64 -+#endif - - typedef enum tfm_platform_err_t (*plat_func_t)(const psa_msg_t *msg); - #endif /* TFM_PSA_API */ --- -2.25.1 - diff --git a/meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0005-corstone1000-support-for-UEFI-FMP-image-Information.patch b/meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0005-corstone1000-support-for-UEFI-FMP-image-Information.patch deleted file mode 100644 index 14e4b7ff..00000000 --- a/meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0005-corstone1000-support-for-UEFI-FMP-image-Information.patch +++ /dev/null @@ -1,573 +0,0 @@ -From 9d70628b7dc1dbc3c1ac7f4f3c0f6aa6b237510d Mon Sep 17 00:00:00 2001 -From: Satish Kumar -Date: Wed, 6 Jul 2022 11:19:39 +0100 -Subject: [PATCH 5/6] corstone1000: support for UEFI FMP image Information - -The commit provides the support for UEFI FMP (Firmware Management -Protocol) SET and GET Image info APIs. - -The APIs to SET and GET image info is implemented. In current design, -SET is called by secure encalve and GET is called by the host. - -FMP image information is initialized on every boot and retained -in SRAM. The updatable values of the FMP are stored in private -metadata section of the flash. - -Change-Id: Iaf0b4a13a9c24f05e4a32509e61a8b96ee8e9e4b -Signed-off-by: Satish Kumar -Upstream-Status: Accepted [TF-Mv1.7.0] ---- - .../target/arm/corstone1000/CMakeLists.txt | 2 + - .../ext/target/arm/corstone1000/config.cmake | 8 +- - .../corstone1000/fw_update_agent/fwu_agent.c | 61 ++++- - .../corstone1000/fw_update_agent/fwu_agent.h | 3 + - .../corstone1000/fw_update_agent/uefi_fmp.c | 240 ++++++++++++++++++ - .../corstone1000/fw_update_agent/uefi_fmp.h | 56 ++++ - .../include/corstone1000_ioctl_requests.h | 14 +- - .../services/src/tfm_platform_system.c | 9 + - 8 files changed, 374 insertions(+), 19 deletions(-) - create mode 100644 platform/ext/target/arm/corstone1000/fw_update_agent/uefi_fmp.c - create mode 100644 platform/ext/target/arm/corstone1000/fw_update_agent/uefi_fmp.h - -diff --git a/platform/ext/target/arm/corstone1000/CMakeLists.txt b/platform/ext/target/arm/corstone1000/CMakeLists.txt -index 81522c7cf0..3602312a3a 100644 ---- a/platform/ext/target/arm/corstone1000/CMakeLists.txt -+++ b/platform/ext/target/arm/corstone1000/CMakeLists.txt -@@ -76,6 +76,8 @@ target_sources(platform_s - fw_update_agent/uefi_capsule_parser.c - fw_update_agent/fwu_agent.c - $<$:${CMAKE_CURRENT_SOURCE_DIR}/target_cfg.c> -+ fw_update_agent/uefi_fmp.c -+ $<$>:${PLATFORM_DIR}/ext/accelerator/cc312/otp_cc312.c> - ) - - if (PLATFORM_IS_FVP) -diff --git a/platform/ext/target/arm/corstone1000/config.cmake b/platform/ext/target/arm/corstone1000/config.cmake -index a6a1a33c42..ab0fe17ba8 100644 ---- a/platform/ext/target/arm/corstone1000/config.cmake -+++ b/platform/ext/target/arm/corstone1000/config.cmake -@@ -50,7 +50,9 @@ else() - set(PLATFORM_PSA_ADAC_SECURE_DEBUG FALSE CACHE BOOL "Whether to use psa-adac secure debug.") - endif() - --set(DEFAULT_MCUBOOT_SECURITY_COUNTERS OFF CACHE BOOL "Whether to use the default security counter configuration defined by TF-M project") -+set(DEFAULT_MCUBOOT_SECURITY_COUNTERS OFF CACHE BOOL "Whether to use the default security counter configuration defined by TF-M project") - --set(PS_ENCRYPTION OFF CACHE BOOL "Enable encryption for Protected Storage partition") --set(PS_ROLLBACK_PROTECTION OFF CACHE BOOL "Enable rollback protection for Protected Storage partition") -+set(PS_ENCRYPTION OFF CACHE BOOL "Enable encryption for Protected Storage partition") -+set(PS_ROLLBACK_PROTECTION OFF CACHE BOOL "Enable rollback protection for Protected Storage partition") -+ -+set(PLATFORM_SERVICE_OUTPUT_BUFFER_SIZE 256 CACHE STRING "Size of output buffer in platform service.") -diff --git a/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c b/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c -index 3abb5dd0dc..72a5fc9c1d 100644 ---- a/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c -+++ b/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c -@@ -18,6 +18,7 @@ - #include "platform_description.h" - #include "tfm_plat_nv_counters.h" - #include "tfm_plat_defs.h" -+#include "uefi_fmp.h" - - /* Properties of image in a bank */ - struct fwu_image_properties { -@@ -84,6 +85,11 @@ struct fwu_private_metadata { - /* staged nv_counter: temprary location before written to the otp */ - uint32_t nv_counter[NR_OF_IMAGES_IN_FW_BANK]; - -+ /* FMP information */ -+ uint32_t fmp_version; -+ uint32_t fmp_last_attempt_version; -+ uint32_t fmp_last_attempt_status; -+ - } __packed; - - #define MAX_BOOT_ATTEMPTS_PER_BANK 3 -@@ -278,7 +284,7 @@ enum fwu_agent_error_t fwu_metadata_provision(void) - { - enum fwu_agent_error_t ret; - struct fwu_private_metadata priv_metadata; -- uint32_t image_version = 0; -+ uint32_t image_version = FWU_IMAGE_INITIAL_VERSION; - - FWU_LOG_MSG("%s: enter\n\r", __func__); - -@@ -302,8 +308,8 @@ enum fwu_agent_error_t fwu_metadata_provision(void) - memset(&_metadata, 0, sizeof(struct fwu_metadata)); - - _metadata.version = 1; -- _metadata.active_index = 0; -- _metadata.previous_active_index = 1; -+ _metadata.active_index = BANK_0; -+ _metadata.previous_active_index = BANK_1; - - /* bank 0 is the place where images are located at the - * start of device lifecycle */ -@@ -339,6 +345,10 @@ enum fwu_agent_error_t fwu_metadata_provision(void) - priv_metadata.boot_index = BANK_0; - priv_metadata.boot_attempted = 0; - -+ priv_metadata.fmp_version = FWU_IMAGE_INITIAL_VERSION; -+ priv_metadata.fmp_last_attempt_version = FWU_IMAGE_INITIAL_VERSION; -+ priv_metadata.fmp_last_attempt_status = LAST_ATTEMPT_STATUS_SUCCESS; -+ - ret = private_metadata_write(&priv_metadata); - if (ret) { - return ret; -@@ -540,9 +550,25 @@ enum fwu_agent_error_t corstone1000_fwu_flash_image(void) - &image_bank_offset); - switch(image_index) { - case IMAGE_ALL: -+ - ret = flash_full_capsule(&_metadata, capsule_info.image[i], - capsule_info.size[i], - capsule_info.version[i]); -+ -+ if (ret != FWU_AGENT_SUCCESS) { -+ -+ priv_metadata.fmp_last_attempt_version = capsule_info.version[i]; -+ priv_metadata.fmp_last_attempt_status = LAST_ATTEMPT_STATUS_ERROR_UNSUCCESSFUL; -+ -+ private_metadata_write(&priv_metadata); -+ -+ fmp_set_image_info(&full_capsule_image_guid, -+ priv_metadata.fmp_version, -+ priv_metadata.fmp_last_attempt_version, -+ priv_metadata.fmp_last_attempt_status); -+ } -+ -+ - break; - default: - FWU_LOG_MSG("%s: sent image not recognized\n\r", __func__); -@@ -866,17 +892,42 @@ enum fwu_agent_error_t corstone1000_fwu_host_ack(void) - - current_state = get_fwu_agent_state(&_metadata, &priv_metadata); - if (current_state == FWU_AGENT_STATE_REGULAR) { -+ - ret = FWU_AGENT_SUCCESS; /* nothing to be done */ -+ -+ fmp_set_image_info(&full_capsule_image_guid, -+ priv_metadata.fmp_version, -+ priv_metadata.fmp_last_attempt_version, -+ priv_metadata.fmp_last_attempt_status); -+ - goto out; -+ - } else if (current_state != FWU_AGENT_STATE_TRIAL) { - FWU_ASSERT(0); - } - - if (_metadata.active_index != priv_metadata.boot_index) { -+ - /* firmware update failed, revert back to previous bank */ -+ -+ priv_metadata.fmp_last_attempt_version = -+ _metadata.img_entry[IMAGE_0].img_props[_metadata.active_index].version; -+ -+ priv_metadata.fmp_last_attempt_status = LAST_ATTEMPT_STATUS_ERROR_UNSUCCESSFUL; -+ - ret = fwu_select_previous(&_metadata, &priv_metadata); -+ - } else { -+ - /* firmware update successful */ -+ -+ priv_metadata.fmp_version = -+ _metadata.img_entry[IMAGE_0].img_props[_metadata.active_index].version; -+ priv_metadata.fmp_last_attempt_version = -+ _metadata.img_entry[IMAGE_0].img_props[_metadata.active_index].version; -+ -+ priv_metadata.fmp_last_attempt_status = LAST_ATTEMPT_STATUS_SUCCESS; -+ - ret = fwu_accept_image(&full_capsule_image_guid, &_metadata, - &priv_metadata); - if (!ret) { -@@ -886,6 +937,10 @@ enum fwu_agent_error_t corstone1000_fwu_host_ack(void) - - if (ret == FWU_AGENT_SUCCESS) { - disable_host_ack_timer(); -+ fmp_set_image_info(&full_capsule_image_guid, -+ priv_metadata.fmp_version, -+ priv_metadata.fmp_last_attempt_version, -+ priv_metadata.fmp_last_attempt_status); - } - - out: -diff --git a/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.h b/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.h -index 57b07e8d2c..aa18179024 100644 ---- a/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.h -+++ b/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.h -@@ -30,6 +30,9 @@ enum fwu_agent_error_t { - } \ - - -+/* Version used for the very first image of the device. */ -+#define FWU_IMAGE_INITIAL_VERSION 0 -+ - enum fwu_agent_error_t fwu_metadata_provision(void); - enum fwu_agent_error_t fwu_metadata_init(void); - -diff --git a/platform/ext/target/arm/corstone1000/fw_update_agent/uefi_fmp.c b/platform/ext/target/arm/corstone1000/fw_update_agent/uefi_fmp.c -new file mode 100644 -index 0000000000..ce576e1794 ---- /dev/null -+++ b/platform/ext/target/arm/corstone1000/fw_update_agent/uefi_fmp.c -@@ -0,0 +1,240 @@ -+/* -+ * Copyright (c) 2022, Arm Limited. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ * -+ */ -+ -+#include -+#include -+#include "cmsis.h" -+#include "uefi_fmp.h" -+ -+/* The count will increase when partial update is supported. -+ * At present, only full WIC is considered as updatable image. -+ */ -+#define NUMBER_OF_FMP_IMAGES 1 -+#define NO_OF_FMP_VARIABLES_PER_IMAGE 6 -+ -+#define UEFI_ARCHITECTURE_64 -+ -+#ifdef UEFI_ARCHITECTURE_64 -+typedef uint64_t uefi_ptr_t; -+typedef uint64_t efi_uintn_t; -+#else -+typedef uint32_t uefi_ptr_t; -+typedef uint32_t efi_uintn_t; -+#endif -+ -+/* Below macro definations and struct declarations taken from UEFI spec 2.9 */ -+ -+/* -+ * Image Attribute Definitions -+ */ -+#define IMAGE_ATTRIBUTE_IMAGE_UPDATABLE 0x00000001 -+#define IMAGE_ATTRIBUTE_RESET_REQUIRED 0x00000002 -+#define IMAGE_ATTRIBUTE_AUTHENTICATION_REQUIRED 0x00000004 -+#define IMAGE_ATTRIBUTE_IN_USE 0x00000008 -+#define IMAGE_ATTRIBUTE_UEFI_IMAGE 0x00000010 -+#define IMAGE_ATTRIBUTE_DEPENDENCY 0x00000020 -+ -+typedef uint32_t DescriptorVersion_t; -+typedef uint32_t DescriptorSize_t; -+typedef uint8_t DescriptorCount_t; -+ -+typedef __PACKED_STRUCT { -+ uint8_t ImageIndex; -+ struct efi_guid ImageTypeId; -+ uint64_t ImageId; -+ uefi_ptr_t PtrImageIdName; -+ uint32_t Version; -+ uefi_ptr_t PtrVersionName; -+ efi_uintn_t Size; -+ uint64_t AttributesSupported; -+ uint64_t AttributesSetting; -+ uint64_t Compatibilities; -+ /* Introduced with DescriptorVersion 2+ */ -+ uint32_t LowestSupportedImageVersion; -+ /* Introduced with DescriptorVersion 3+ */ -+ uint32_t LastAttemptVersion; -+ uint32_t LastAttemptStatus; -+ uint64_t HardwareInstance; -+ /* Introduced with DescriptorVersion 4+ */ -+ uefi_ptr_t PtrDependencies; -+} EFI_FIRMWARE_IMAGE_DESCRIPTOR; -+ -+typedef __PACKED_STRUCT { -+ DescriptorVersion_t DescriptorVersion; -+ DescriptorSize_t DescriptorsSize; -+ DescriptorCount_t DescriptorCount; -+ EFI_FIRMWARE_IMAGE_DESCRIPTOR ImageDescriptor; -+ uint16_t *ImageName; -+ uint32_t ImageNameSize; -+ uint16_t *ImageVersionName; -+ uint32_t ImageVersionNameSize; -+} EFI_FIRMWARE_MANAGEMENT_PROTOCOL_IMAGE_INFO; -+ -+ -+static uint16_t corstone_image_name0[] = { 'C', 'O', 'R', 'S', 'T', 'O', 'N', 'E', '1', '0', '0', '0', '_', 'W', 'I', 'C', '\0' }; -+static uint16_t corstone_version_name0[] = { 'C', 'O', 'R', 'S', 'T', 'O', 'N', 'E', '1', '0', '0', '0', '_', 'B', 'E', 'S', 'T', '\0'}; -+ -+static EFI_FIRMWARE_MANAGEMENT_PROTOCOL_IMAGE_INFO fmp_info[NUMBER_OF_FMP_IMAGES]; -+ -+extern struct efi_guid full_capsule_image_guid; -+ -+static bool is_fmp_info_initialized = false; -+ -+static void init_fmp_info(void) -+{ -+ memset(fmp_info, 0, -+ sizeof(EFI_FIRMWARE_MANAGEMENT_PROTOCOL_IMAGE_INFO) * NUMBER_OF_FMP_IMAGES); -+ -+ /* Fill information for the WIC. -+ * Add further details when partial image is supported. -+ */ -+ -+ fmp_info[0].DescriptorVersion = 4; -+ fmp_info[0].DescriptorCount = NUMBER_OF_FMP_IMAGES; -+ fmp_info[0].DescriptorsSize = -+ sizeof(EFI_FIRMWARE_IMAGE_DESCRIPTOR) + -+ sizeof(corstone_image_name0) + sizeof(corstone_version_name0); -+ -+ fmp_info[0].ImageDescriptor.ImageIndex = 1; -+ -+ memcpy(&fmp_info[0].ImageDescriptor.ImageTypeId, &full_capsule_image_guid, -+ sizeof(struct efi_guid)); -+ -+ fmp_info[0].ImageDescriptor.ImageId = 1; -+ fmp_info[0].ImageDescriptor.Version = FWU_IMAGE_INITIAL_VERSION; -+ fmp_info[0].ImageDescriptor.AttributesSupported = 1; -+ fmp_info[0].ImageDescriptor.AttributesSetting = ( -+ IMAGE_ATTRIBUTE_IMAGE_UPDATABLE | IMAGE_ATTRIBUTE_RESET_REQUIRED); -+ fmp_info[0].ImageDescriptor.LowestSupportedImageVersion = -+ FWU_IMAGE_INITIAL_VERSION; -+ fmp_info[0].ImageDescriptor.LastAttemptVersion = FWU_IMAGE_INITIAL_VERSION; -+ fmp_info[0].ImageDescriptor.LastAttemptStatus = LAST_ATTEMPT_STATUS_SUCCESS; -+ -+ fmp_info[0].ImageName = corstone_image_name0; -+ fmp_info[0].ImageNameSize = sizeof(corstone_image_name0); -+ fmp_info[0].ImageVersionName = corstone_version_name0; -+ fmp_info[0].ImageVersionNameSize = sizeof(corstone_version_name0); -+ -+ is_fmp_info_initialized = true; -+ -+ return; -+} -+ -+enum fwu_agent_error_t fmp_set_image_info(struct efi_guid *guid, -+ uint32_t current_version, uint32_t attempt_version, -+ uint32_t last_attempt_status) -+{ -+ enum fwu_agent_error_t status = FWU_AGENT_ERROR; -+ -+ FWU_LOG_MSG("%s:%d Enter\n\r", __func__, __LINE__); -+ -+ if (is_fmp_info_initialized == false) { -+ init_fmp_info(); -+ } -+ -+ for (int i = 0; i < NUMBER_OF_FMP_IMAGES; i++) { -+ if ((memcmp(guid, &fmp_info[i].ImageDescriptor.ImageTypeId, -+ sizeof(struct efi_guid))) == 0) -+ { -+ FWU_LOG_MSG("FMP image update: image id = %u\n\r", -+ fmp_info[i].ImageDescriptor.ImageId); -+ fmp_info[i].ImageDescriptor.Version = current_version; -+ fmp_info[i].ImageDescriptor.LastAttemptVersion = attempt_version; -+ fmp_info[i].ImageDescriptor.LastAttemptStatus = last_attempt_status; -+ FWU_LOG_MSG("FMP image update: status = %u" -+ "version=%u last_attempt_version=%u.\n\r", -+ last_attempt_status, current_version, -+ attempt_version); -+ status = FWU_AGENT_SUCCESS; -+ break; -+ } -+ } -+ -+ FWU_LOG_MSG("%s:%d Exit.\n\r", __func__, __LINE__); -+ return status; -+} -+ -+ -+#define NO_OF_FMP_VARIABLES (NUMBER_OF_FMP_IMAGES * NO_OF_FMP_VARIABLES_PER_IMAGE) -+ -+static enum fwu_agent_error_t pack_image_info(void *buffer, uint32_t size) -+{ -+ typedef __PACKED_STRUCT { -+ uint32_t variable_count; -+ uint32_t variable_size[NO_OF_FMP_VARIABLES]; -+ uint8_t variable[]; -+ } packed_buffer_t; -+ -+ packed_buffer_t *packed_buffer = buffer; -+ int runner = 0; -+ int index = 0; -+ int current_size = sizeof(packed_buffer_t); -+ int size_requirement_1 = 0; -+ int size_requirement_2 = 0; -+ -+ if (size < current_size) { -+ FWU_LOG_MSG("%s:%d Buffer too small.\n\r", __func__, __LINE__); -+ return FWU_AGENT_ERROR; -+ } -+ -+ packed_buffer->variable_count = NO_OF_FMP_VARIABLES; -+ -+ for (int i = 0; i < NUMBER_OF_FMP_IMAGES; i++) { -+ -+ packed_buffer->variable_size[index++] = sizeof(DescriptorVersion_t); -+ packed_buffer->variable_size[index++] = sizeof(DescriptorSize_t); -+ packed_buffer->variable_size[index++] = sizeof(DescriptorCount_t); -+ packed_buffer->variable_size[index++] = sizeof(EFI_FIRMWARE_IMAGE_DESCRIPTOR); -+ packed_buffer->variable_size[index++] = fmp_info[i].ImageNameSize; -+ packed_buffer->variable_size[index++] = fmp_info[i].ImageVersionNameSize; -+ -+ size_requirement_1 = sizeof(DescriptorVersion_t) + sizeof(DescriptorSize_t) + -+ sizeof(DescriptorCount_t) + sizeof(EFI_FIRMWARE_IMAGE_DESCRIPTOR); -+ -+ size_requirement_2 = fmp_info[i].ImageNameSize + fmp_info[i].ImageVersionNameSize; -+ -+ current_size += size_requirement_1 + size_requirement_2; -+ -+ if (size < current_size) { -+ FWU_LOG_MSG("%s:%d Buffer too small.\n\r", __func__, __LINE__); -+ return FWU_AGENT_ERROR; -+ } -+ -+ FWU_LOG_MSG("%s:%d ImageInfo size = %u, ImageName size = %u, " -+ "ImageVersionName size = %u\n\r", __func__, __LINE__, -+ sizeof(EFI_FIRMWARE_IMAGE_DESCRIPTOR), fmp_info[i].ImageNameSize, -+ fmp_info[i].ImageVersionNameSize); -+ -+ memcpy(&packed_buffer->variable[runner], &fmp_info[i], size_requirement_1); -+ runner += size_requirement_1; -+ -+ memcpy(&packed_buffer->variable[runner], fmp_info[i].ImageName, -+ fmp_info[i].ImageNameSize); -+ runner += fmp_info[i].ImageNameSize; -+ -+ memcpy(&packed_buffer->variable[runner], fmp_info[i].ImageVersionName, -+ fmp_info[i].ImageVersionNameSize); -+ runner += fmp_info[i].ImageVersionNameSize; -+ -+ } -+ -+ return FWU_AGENT_SUCCESS; -+} -+ -+enum fwu_agent_error_t fmp_get_image_info(void *buffer, uint32_t size) -+{ -+ enum fwu_agent_error_t status; -+ -+ FWU_LOG_MSG("%s:%d Enter\n\r", __func__, __LINE__); -+ -+ status = pack_image_info(buffer, size); -+ -+ FWU_LOG_MSG("%s:%d Exit\n\r", __func__, __LINE__); -+ -+ return status; -+} -+ -diff --git a/platform/ext/target/arm/corstone1000/fw_update_agent/uefi_fmp.h b/platform/ext/target/arm/corstone1000/fw_update_agent/uefi_fmp.h -new file mode 100644 -index 0000000000..d876bd7cff ---- /dev/null -+++ b/platform/ext/target/arm/corstone1000/fw_update_agent/uefi_fmp.h -@@ -0,0 +1,56 @@ -+/* -+ * Copyright (c) 2022, Arm Limited. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ * -+ */ -+ -+#ifndef UEFI_FMP_H -+#define UEFI_FMP_H -+ -+ -+#include -+#include "fwu_agent.h" -+#include "../fip_parser/external/uuid.h" -+ -+/* -+ * Last Attempt Status Value -+ */ -+ -+#define LAST_ATTEMPT_STATUS_SUCCESS 0x00000000 -+#define LAST_ATTEMPT_STATUS_ERROR_UNSUCCESSFUL 0x00000001 -+#define LAST_ATTEMPT_STATUS_ERROR_INSUFFICIENT_RESOURCES 0x00000002 -+#define LAST_ATTEMPT_STATUS_ERROR_INCORRECT_VERSION 0x00000003 -+#define LAST_ATTEMPT_STATUS_ERROR_INVALID_FORMAT 0x00000004 -+#define LAST_ATTEMPT_STATUS_ERROR_AUTH_ERROR 0x00000005 -+#define LAST_ATTEMPT_STATUS_ERROR_PWR_EVT_AC 0x00000006 -+#define LAST_ATTEMPT_STATUS_ERROR_PWR_EVT_BATT 0x00000007 -+#define LAST_ATTEMPT_STATUS_ERROR_UNSATISFIED_DEPENDENCIES 0x00000008 -+/* The LastAttemptStatus values of 0x1000 - 0x4000 are reserved for vendor usage. */ -+#define LAST_ATTEMPT_STATUS_ERROR_UNSUCCESSFUL_VENDOR_RANGE_MIN 0x00001000 -+#define LAST_ATTEMPT_STATUS_ERROR_UNSUCCESSFUL_VENDOR_RANGE_MAX 0x00004000 -+ -+ -+ -+/* -+ * Updates FMP information for the image matched by guid. -+ * -+ * guid : guid of the image -+ * current_version: current versions for the image -+ * attempt_version: attempted versions for the image -+ * -+ */ -+enum fwu_agent_error_t fmp_set_image_info(struct efi_guid *guid, -+ uint32_t current_version, uint32_t attempt_version, -+ uint32_t last_attempt_status); -+ -+/* -+ * Return fmp image information for all the updable images. -+ * -+ * buffer : pointer to the out buffer -+ * size : size of the buffer -+ * -+ */ -+enum fwu_agent_error_t fmp_get_image_info(void *buffer, uint32_t size); -+ -+#endif /* UEFI_FMP_H */ -diff --git a/platform/ext/target/arm/corstone1000/services/include/corstone1000_ioctl_requests.h b/platform/ext/target/arm/corstone1000/services/include/corstone1000_ioctl_requests.h -index 8ac67346b6..c5f3537e9d 100644 ---- a/platform/ext/target/arm/corstone1000/services/include/corstone1000_ioctl_requests.h -+++ b/platform/ext/target/arm/corstone1000/services/include/corstone1000_ioctl_requests.h -@@ -14,19 +14,7 @@ - enum corstone1000_ioctl_id_t { - IOCTL_CORSTONE1000_FWU_FLASH_IMAGES = 0, - IOCTL_CORSTONE1000_FWU_HOST_ACK, -+ IOCTL_CORSTONE1000_FMP_GET_IMAGE_INFO, - }; - -- --typedef struct corstone1000_ioctl_in_params { -- -- uint32_t ioctl_id; -- --} corstone1000_ioctl_in_params_t; -- --typedef struct corstone1000_ioctl_out_params { -- -- int32_t result; -- --} corstone1000_ioctl_out_params_t; -- - #endif /* CORSTONE1000_IOCTL_REQUESTS_H */ -diff --git a/platform/ext/target/arm/corstone1000/services/src/tfm_platform_system.c b/platform/ext/target/arm/corstone1000/services/src/tfm_platform_system.c -index 5b3f3e14a2..41305ed966 100644 ---- a/platform/ext/target/arm/corstone1000/services/src/tfm_platform_system.c -+++ b/platform/ext/target/arm/corstone1000/services/src/tfm_platform_system.c -@@ -9,6 +9,7 @@ - #include "platform_description.h" - #include "corstone1000_ioctl_requests.h" - #include "fwu_agent.h" -+#include "uefi_fmp.h" - - void tfm_platform_hal_system_reset(void) - { -@@ -36,6 +37,14 @@ enum tfm_platform_err_t tfm_platform_hal_ioctl(tfm_platform_ioctl_req_t request, - corstone1000_fwu_host_ack(); - break; - -+ case IOCTL_CORSTONE1000_FMP_GET_IMAGE_INFO: -+ if (out_vec == NULL) { -+ ret = TFM_PLATFORM_ERR_INVALID_PARAM; -+ break; -+ } -+ fmp_get_image_info(out_vec[0].base, out_vec[0].len); -+ break; -+ - default: - ret = TFM_PLATFORM_ERR_NOT_SUPPORTED; - break; --- -2.25.1 - diff --git a/meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0006-corstone1000-remove-two-partition-configuration.patch b/meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0006-corstone1000-remove-two-partition-configuration.patch deleted file mode 100644 index ade2c8c8..00000000 --- a/meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0006-corstone1000-remove-two-partition-configuration.patch +++ /dev/null @@ -1,51 +0,0 @@ -From 492c887c8dff97ea1b8a11b4e729620d3744ac38 Mon Sep 17 00:00:00 2001 -From: Satish Kumar -Date: Mon, 30 May 2022 12:38:23 +0100 -Subject: [PATCH 6/6] corstone1000: remove two partition configuration - -Previously to run tf-m test, a larger partition was created -which allowed all default test binaries to be included. -The patch revert the change because any partition might -not be enough to hold all test binaries in the future. -So its better to run few test at a time instead of creating -a larger partition. - -Signed-off-by: Satish Kumar -Change-Id: I223fe45f2de014dbcadc6ac12c321c524701116a -Upstream-Status: Accepted [TF-Mv1.7.0] ---- - platform/ext/target/arm/corstone1000/bl1/CMakeLists.txt | 1 - - platform/ext/target/arm/corstone1000/partition/flash_layout.h | 4 ---- - 2 files changed, 5 deletions(-) - -diff --git a/platform/ext/target/arm/corstone1000/bl1/CMakeLists.txt b/platform/ext/target/arm/corstone1000/bl1/CMakeLists.txt -index d39c5ae91d..f1ae1ebd47 100644 ---- a/platform/ext/target/arm/corstone1000/bl1/CMakeLists.txt -+++ b/platform/ext/target/arm/corstone1000/bl1/CMakeLists.txt -@@ -291,7 +291,6 @@ target_compile_definitions(signing_layout_for_bl2 - PRIVATE - MCUBOOT_IMAGE_NUMBER=${BL1_IMAGE_NUMBER} - BL1 -- $<$:TFM_S_REG_TEST> - ) - - target_include_directories(signing_layout_for_bl2 -diff --git a/platform/ext/target/arm/corstone1000/partition/flash_layout.h b/platform/ext/target/arm/corstone1000/partition/flash_layout.h -index b0319bb319..50a0a11fc8 100644 ---- a/platform/ext/target/arm/corstone1000/partition/flash_layout.h -+++ b/platform/ext/target/arm/corstone1000/partition/flash_layout.h -@@ -119,11 +119,7 @@ - * - */ - #define SE_BL2_PARTITION_SIZE (0x19000) /* 100 KB */ --#ifdef TFM_S_REG_TEST --#define TFM_PARTITION_SIZE (0x61C00) /* 391 KB */ --#else - #define TFM_PARTITION_SIZE (0x5E000) /* 376 KB */ --#endif - #define FIP_PARTITION_SIZE (0x200000) /* 2 MB */ - #define KERNEL_PARTITION_SIZE (0xC00000) /* 12 MB */ - --- -2.25.1 - diff --git a/meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0007-corstone1000-adjust-PS-asset-configuration.patch b/meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0007-corstone1000-adjust-PS-asset-configuration.patch deleted file mode 100644 index 7fae7b69..00000000 --- a/meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0007-corstone1000-adjust-PS-asset-configuration.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 5be42e1c05205209fc3988f0df30a02da95c2448 Mon Sep 17 00:00:00 2001 -From: Rui Miguel Silva -Date: Wed, 2 Nov 2022 00:12:35 +0000 -Subject: [PATCH] corstone1000: adjust PS asset configuration - -Adjust protected storage asset configuration to be more inline -with the one in trusted service side, that would make thinks -work when testing and using more than the default variables. - -Upstream-Status: Pending -Signed-off-by: Rui Miguel Silva ---- - platform/ext/target/arm/corstone1000/config.cmake | 1 ++ - 1 file changed, 1 insertions(+) - -diff --git a/platform/ext/target/arm/corstone1000/config.cmake b/platform/ext/target/arm/corstone1000/config.cmake -index ab0fe17ba886..c2b4b646e6b0 100644 ---- a/platform/ext/target/arm/corstone1000/config.cmake -+++ b/platform/ext/target/arm/corstone1000/config.cmake -@@ -56,3 +56,4 @@ set(PS_ENCRYPTION OFF CACHE BOOL "Enable - set(PS_ROLLBACK_PROTECTION OFF CACHE BOOL "Enable rollback protection for Protected Storage partition") - - set(PLATFORM_SERVICE_OUTPUT_BUFFER_SIZE 256 CACHE STRING "Size of output buffer in platform service.") -+set(PS_NUM_ASSETS "40" CACHE STRING "The maximum number of assets to be stored in the Protected Storage area") --- -2.38.1 - diff --git a/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-corstone1000.inc b/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-corstone1000.inc deleted file mode 100644 index 58ad1032..00000000 --- a/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-corstone1000.inc +++ /dev/null @@ -1,44 +0,0 @@ -# Corstone1000 machines specific TFM support - -COMPATIBLE_MACHINE = "(corstone1000)" - -TFM_PLATFORM = "arm/corstone1000" - -TFM_DEBUG = "1" - -## Default is the MPS3 board -TFM_PLATFORM_IS_FVP ?= "FALSE" -EXTRA_OECMAKE += "-DPLATFORM_IS_FVP=${TFM_PLATFORM_IS_FVP}" -EXTRA_OECMAKE += "-DCC312_LEGACY_DRIVER_API_ENABLED=OFF" - -# libmetal -LICENSE += "& BSD-3-Clause" -LIC_FILES_CHKSUM += "file://../libmetal/LICENSE.md;md5=fe0b8a4beea8f0813b606d15a3df3d3c" -SRC_URI += "git://github.com/OpenAMP/libmetal.git;protocol=https;branch=main;name=libmetal;destsuffix=git/libmetal" -SRCREV_libmetal = "f252f0e007fbfb8b3a52b1d5901250ddac96baad" -EXTRA_OECMAKE += "-DLIBMETAL_SRC_PATH=${S}/../libmetal -DLIBMETAL_BIN_PATH=${B}/libmetal-build" - -# OpenAMP -LICENSE += "& BSD-2-Clause & BSD-3-Clause" -LIC_FILES_CHKSUM += "file://../openamp/LICENSE.md;md5=a8d8cf662ef6bf9936a1e1413585ecbf" -SRC_URI += "git://github.com/OpenAMP/open-amp.git;protocol=https;branch=main;name=openamp;destsuffix=git/openamp" -SRCREV_openamp = "347397decaa43372fc4d00f965640ebde042966d" -EXTRA_OECMAKE += "-DLIBOPENAMP_SRC_PATH=${S}/../openamp -DLIBOPENAMP_BIN_PATH=${B}/libopenamp-build" - -# Apply the necessary changes for supporting FMP image info -FILESEXTRAPATHS:prepend := "${THISDIR}/corstone1000:" -SRC_URI:append:corstone1000 = " \ - file://0001-corstone1000-platform-secure-test-framework.patch \ - file://0002-corstone1000-make-external-system-support-optional.patch \ - file://0003-corstone1000-enable-secure-enclave-run-without-host-.patch \ - file://0004-Platform-Partition-Allow-configuration-of-input-and-.patch \ - file://0005-corstone1000-support-for-UEFI-FMP-image-Information.patch \ - file://0006-corstone1000-remove-two-partition-configuration.patch \ - file://0007-corstone1000-adjust-PS-asset-configuration.patch \ - " - -do_install() { - install -D -p -m 0644 ${B}/install/outputs/tfm_s_signed.bin ${D}/firmware/tfm_s_signed.bin - install -D -p -m 0644 ${B}/install/outputs/bl2_signed.bin ${D}/firmware/bl2_signed.bin - install -D -p -m 0644 ${B}/install/outputs/bl1.bin ${D}/firmware/bl1.bin -} diff --git a/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.6.%.bbappend b/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.6.%.bbappend deleted file mode 100644 index da70bc78..00000000 --- a/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.6.%.bbappend +++ /dev/null @@ -1,6 +0,0 @@ -# Machine specific configurations - -MACHINE_TFM_REQUIRE ?= "" -MACHINE_TFM_REQUIRE:corstone1000 = "trusted-firmware-m-corstone1000.inc" - -require ${MACHINE_TFM_REQUIRE}