| Message ID | 20240604180949.15501-1-jon.mason@arm.com |
|---|---|
| State | New |
| Headers | show |
| Series | [1/6] arm/trusted-firmware-a: add support for 2.11.0 | expand |
On Tue, Jun 04, 2024 at 02:09:44PM -0400, Jon Mason wrote: > Add support for tf-a version v2.11.0 and mbedtls 3.6.0. Modifications > to the license checksum were necessary due to the addition to that file > for DICE (which is Apache 2.0 licensed) for TF-A and the dual license of > mbedtls (Apache 2.0 and addition of GPLv2). In which case the LICENSE being set in the common .inc is incorrect: LICENSE = "BSD-3-Clause & MIT" And mbedtls conditionally adds Apache 2.0, but not GPLv2. > NOTE: FVP base is having (more of) an issue with CI on the newest TF-A, > with SSH tests timing out. Holding that back to the LTS version until > it cane be resolved. > > Signed-off-by: Jon Mason <jon.mason@arm.com> > --- > meta-arm-bsp/conf/machine/fvp-base.conf | 3 +- > .../fiptool-native_2.11.0.bb | 33 +++++++++++ > .../trusted-firmware-a/tf-a-tests_2.11.0.bb | 58 +++++++++++++++++++ > .../trusted-firmware-a_2.11.0.bb | 19 ++++++ > 4 files changed, 112 insertions(+), 1 deletion(-) > create mode 100644 meta-arm/recipes-bsp/trusted-firmware-a/fiptool-native_2.11.0.bb > create mode 100644 meta-arm/recipes-bsp/trusted-firmware-a/tf-a-tests_2.11.0.bb > create mode 100644 meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.11.0.bb > > diff --git a/meta-arm-bsp/conf/machine/fvp-base.conf b/meta-arm-bsp/conf/machine/fvp-base.conf > index 17fb5023ccc5..24d03e7124af 100644 > --- a/meta-arm-bsp/conf/machine/fvp-base.conf > +++ b/meta-arm-bsp/conf/machine/fvp-base.conf > @@ -9,6 +9,7 @@ require conf/machine/include/arm/arch-armv8-4a.inc > ARM_SYSTEMREADY_FIRMWARE = "trusted-firmware-a:do_deploy" > ARM_SYSTEMREADY_ACS_CONSOLE = "default" > EXTRA_IMAGEDEPENDS = "${ARM_SYSTEMREADY_FIRMWARE}" > +PREFERRED_VERSION_trusted-firmware-a ?= "2.10.%" > > MACHINE_FEATURES = "efi" > > @@ -62,4 +63,4 @@ FVP_TERMINALS[bp.terminal_0] ?= "Console" > FVP_TERMINALS[bp.terminal_1] ?= "" > FVP_TERMINALS[bp.terminal_2] ?= "" > FVP_TERMINALS[bp.terminal_3] ?= "" > -FVP_CONFIG[bp.secure_memory] ?= "1" > \ No newline at end of file > +FVP_CONFIG[bp.secure_memory] ?= "1" > diff --git a/meta-arm/recipes-bsp/trusted-firmware-a/fiptool-native_2.11.0.bb b/meta-arm/recipes-bsp/trusted-firmware-a/fiptool-native_2.11.0.bb > new file mode 100644 > index 000000000000..47e783a892c8 > --- /dev/null > +++ b/meta-arm/recipes-bsp/trusted-firmware-a/fiptool-native_2.11.0.bb > @@ -0,0 +1,33 @@ > +# Firmware Image Package (FIP) > +# It is a packaging format used by TF-A to package the > +# firmware images in a single binary. > + > +DESCRIPTION = "fiptool - Trusted Firmware tool for packaging" > +LICENSE = "BSD-3-Clause" > + > +SRC_URI_TRUSTED_FIRMWARE_A ?= "git://git.trustedfirmware.org/TF-A/trusted-firmware-a.git;protocol=https" > +SRC_URI = "${SRC_URI_TRUSTED_FIRMWARE_A};destsuffix=fiptool-${PV};branch=${SRCBRANCH}" > +LIC_FILES_CHKSUM = "file://docs/license.rst;md5=b5fbfdeb6855162dded31fadcd5d4dc5" > + > +# Use fiptool from TF-A v2.11.0 > +SRCREV = "f2735ebccf5173f74c0458736ec526276106097e" > +SRCBRANCH = "master" > + > +DEPENDS += "openssl-native" > + > +inherit native > + > +EXTRA_OEMAKE = "V=1 HOSTCC='${BUILD_CC}' OPENSSL_DIR=${STAGING_DIR_NATIVE}/${prefix_native}" > + > +do_compile () { > + # This is still needed to have the native fiptool executing properly by > + # setting the RPATH > + sed -i '/^LDOPTS/ s,$, \$\{BUILD_LDFLAGS},' ${S}/tools/fiptool/Makefile > + sed -i '/^INCLUDE_PATHS/ s,$, \$\{BUILD_CFLAGS},' ${S}/tools/fiptool/Makefile > + > + oe_runmake fiptool > +} > + > +do_install () { > + install -D -p -m 0755 tools/fiptool/fiptool ${D}${bindir}/fiptool > +} > diff --git a/meta-arm/recipes-bsp/trusted-firmware-a/tf-a-tests_2.11.0.bb b/meta-arm/recipes-bsp/trusted-firmware-a/tf-a-tests_2.11.0.bb > new file mode 100644 > index 000000000000..02f03f3b00cf > --- /dev/null > +++ b/meta-arm/recipes-bsp/trusted-firmware-a/tf-a-tests_2.11.0.bb > @@ -0,0 +1,58 @@ > +DESCRIPTION = "Trusted Firmware-A tests(aka TFTF)" > +LICENSE = "BSD-3-Clause & NCSA" > + > +LIC_FILES_CHKSUM += "file://docs/license.rst;md5=6175cc0aa2e63b6d21a32aa0ee7d1b4a" > + > +inherit deploy > + > +COMPATIBLE_MACHINE ?= "invalid" > + > +SRC_URI_TRUSTED_FIRMWARE_A_TESTS ?= "git://git.trustedfirmware.org/TF-A/tf-a-tests.git;protocol=https" > +SRC_URI = "${SRC_URI_TRUSTED_FIRMWARE_A_TESTS};branch=${SRCBRANCH} \ > + " > +SRCBRANCH = "master" > +SRCREV = "fd053b75cde9c2aa1a5b979a2b544890510d4f52" > + > +DEPENDS += "optee-os" > + > +EXTRA_OEMAKE += "USE_NVM=0" > +EXTRA_OEMAKE += "SHELL_COLOR=1" > +EXTRA_OEMAKE += "DEBUG=1" > + > +# Modify mode based on debug or release mode > +TFTF_MODE ?= "debug" > + > +# Platform must be set for each machine > +TFA_PLATFORM ?= "invalid" > + > +EXTRA_OEMAKE += "ARCH=aarch64" > +EXTRA_OEMAKE += "LOG_LEVEL=50" > + > +S = "${WORKDIR}/git" > +B = "${WORKDIR}/build" > + > +# Add platform parameter > +EXTRA_OEMAKE += "BUILD_BASE=${B} PLAT=${TFA_PLATFORM}" > + > +# Requires CROSS_COMPILE set by hand as there is no configure script > +export CROSS_COMPILE="${TARGET_PREFIX}" > + > +LDFLAGS[unexport] = "1" > +do_compile() { > + oe_runmake -C ${S} tftf > +} > + > +do_compile[cleandirs] = "${B}" > + > +FILES:${PN} = "/firmware/tftf.bin" > +SYSROOT_DIRS += "/firmware" > + > +do_install() { > + install -d -m 755 ${D}/firmware > + install -m 0644 ${B}/${TFA_PLATFORM}/${TFTF_MODE}/tftf.bin ${D}/firmware/tftf.bin > +} > + > +do_deploy() { > + cp -rf ${D}/firmware/* ${DEPLOYDIR}/ > +} > +addtask deploy after do_install > diff --git a/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.11.0.bb b/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.11.0.bb > new file mode 100644 > index 000000000000..27cdfc0953f3 > --- /dev/null > +++ b/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.11.0.bb > @@ -0,0 +1,19 @@ > +require recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc > + > +# TF-A v2.11.0 > +SRCREV_tfa = "f2735ebccf5173f74c0458736ec526276106097e" > +SRCBRANCH = "master" > + > +LIC_FILES_CHKSUM += "file://docs/license.rst;md5=b5fbfdeb6855162dded31fadcd5d4dc5" > + > +# in TF-A src, docs/getting_started/prerequisites.rst lists the expected version mbedtls > +# mbedtls-3.6.0 > +SRC_URI_MBEDTLS = "git://github.com/ARMmbed/mbedtls.git;name=mbedtls;protocol=https;destsuffix=git/mbedtls;branch=master" > +SRCREV_mbedtls = "2ca6c285a0dd3f33982dd57299012dacab1ff206" > + > +LIC_FILES_CHKSUM_MBEDTLS = "file://mbedtls/LICENSE;md5=379d5819937a6c2f1ef1630d341e026d" > + > +# continue to boot also without TPM > +SRC_URI += "\ > + file://0001-qemu_measured_boot.c-ignore-TPM-error-and-continue-w.patch \ > +" > -- > 2.39.3 (Apple Git-146) >
On Fri, Aug 16, 2024 at 03:25:20PM -0400, Denys Dmytriyenko wrote: > On Tue, Jun 04, 2024 at 02:09:44PM -0400, Jon Mason wrote: > > Add support for tf-a version v2.11.0 and mbedtls 3.6.0. Modifications > > to the license checksum were necessary due to the addition to that file > > for DICE (which is Apache 2.0 licensed) for TF-A and the dual license of > > mbedtls (Apache 2.0 and addition of GPLv2). > > In which case the LICENSE being set in the common .inc is incorrect: > > LICENSE = "BSD-3-Clause & MIT" > > And mbedtls conditionally adds Apache 2.0, but not GPLv2. Hi, Jon, Any comments or concerns? > > NOTE: FVP base is having (more of) an issue with CI on the newest TF-A, > > with SSH tests timing out. Holding that back to the LTS version until > > it cane be resolved. > > > > Signed-off-by: Jon Mason <jon.mason@arm.com> > > --- > > meta-arm-bsp/conf/machine/fvp-base.conf | 3 +- > > .../fiptool-native_2.11.0.bb | 33 +++++++++++ > > .../trusted-firmware-a/tf-a-tests_2.11.0.bb | 58 +++++++++++++++++++ > > .../trusted-firmware-a_2.11.0.bb | 19 ++++++ > > 4 files changed, 112 insertions(+), 1 deletion(-) > > create mode 100644 meta-arm/recipes-bsp/trusted-firmware-a/fiptool-native_2.11.0.bb > > create mode 100644 meta-arm/recipes-bsp/trusted-firmware-a/tf-a-tests_2.11.0.bb > > create mode 100644 meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.11.0.bb > > > > diff --git a/meta-arm-bsp/conf/machine/fvp-base.conf b/meta-arm-bsp/conf/machine/fvp-base.conf > > index 17fb5023ccc5..24d03e7124af 100644 > > --- a/meta-arm-bsp/conf/machine/fvp-base.conf > > +++ b/meta-arm-bsp/conf/machine/fvp-base.conf > > @@ -9,6 +9,7 @@ require conf/machine/include/arm/arch-armv8-4a.inc > > ARM_SYSTEMREADY_FIRMWARE = "trusted-firmware-a:do_deploy" > > ARM_SYSTEMREADY_ACS_CONSOLE = "default" > > EXTRA_IMAGEDEPENDS = "${ARM_SYSTEMREADY_FIRMWARE}" > > +PREFERRED_VERSION_trusted-firmware-a ?= "2.10.%" > > > > MACHINE_FEATURES = "efi" > > > > @@ -62,4 +63,4 @@ FVP_TERMINALS[bp.terminal_0] ?= "Console" > > FVP_TERMINALS[bp.terminal_1] ?= "" > > FVP_TERMINALS[bp.terminal_2] ?= "" > > FVP_TERMINALS[bp.terminal_3] ?= "" > > -FVP_CONFIG[bp.secure_memory] ?= "1" > > \ No newline at end of file > > +FVP_CONFIG[bp.secure_memory] ?= "1" > > diff --git a/meta-arm/recipes-bsp/trusted-firmware-a/fiptool-native_2.11.0.bb b/meta-arm/recipes-bsp/trusted-firmware-a/fiptool-native_2.11.0.bb > > new file mode 100644 > > index 000000000000..47e783a892c8 > > --- /dev/null > > +++ b/meta-arm/recipes-bsp/trusted-firmware-a/fiptool-native_2.11.0.bb > > @@ -0,0 +1,33 @@ > > +# Firmware Image Package (FIP) > > +# It is a packaging format used by TF-A to package the > > +# firmware images in a single binary. > > + > > +DESCRIPTION = "fiptool - Trusted Firmware tool for packaging" > > +LICENSE = "BSD-3-Clause" > > + > > +SRC_URI_TRUSTED_FIRMWARE_A ?= "git://git.trustedfirmware.org/TF-A/trusted-firmware-a.git;protocol=https" > > +SRC_URI = "${SRC_URI_TRUSTED_FIRMWARE_A};destsuffix=fiptool-${PV};branch=${SRCBRANCH}" > > +LIC_FILES_CHKSUM = "file://docs/license.rst;md5=b5fbfdeb6855162dded31fadcd5d4dc5" > > + > > +# Use fiptool from TF-A v2.11.0 > > +SRCREV = "f2735ebccf5173f74c0458736ec526276106097e" > > +SRCBRANCH = "master" > > + > > +DEPENDS += "openssl-native" > > + > > +inherit native > > + > > +EXTRA_OEMAKE = "V=1 HOSTCC='${BUILD_CC}' OPENSSL_DIR=${STAGING_DIR_NATIVE}/${prefix_native}" > > + > > +do_compile () { > > + # This is still needed to have the native fiptool executing properly by > > + # setting the RPATH > > + sed -i '/^LDOPTS/ s,$, \$\{BUILD_LDFLAGS},' ${S}/tools/fiptool/Makefile > > + sed -i '/^INCLUDE_PATHS/ s,$, \$\{BUILD_CFLAGS},' ${S}/tools/fiptool/Makefile > > + > > + oe_runmake fiptool > > +} > > + > > +do_install () { > > + install -D -p -m 0755 tools/fiptool/fiptool ${D}${bindir}/fiptool > > +} > > diff --git a/meta-arm/recipes-bsp/trusted-firmware-a/tf-a-tests_2.11.0.bb b/meta-arm/recipes-bsp/trusted-firmware-a/tf-a-tests_2.11.0.bb > > new file mode 100644 > > index 000000000000..02f03f3b00cf > > --- /dev/null > > +++ b/meta-arm/recipes-bsp/trusted-firmware-a/tf-a-tests_2.11.0.bb > > @@ -0,0 +1,58 @@ > > +DESCRIPTION = "Trusted Firmware-A tests(aka TFTF)" > > +LICENSE = "BSD-3-Clause & NCSA" > > + > > +LIC_FILES_CHKSUM += "file://docs/license.rst;md5=6175cc0aa2e63b6d21a32aa0ee7d1b4a" > > + > > +inherit deploy > > + > > +COMPATIBLE_MACHINE ?= "invalid" > > + > > +SRC_URI_TRUSTED_FIRMWARE_A_TESTS ?= "git://git.trustedfirmware.org/TF-A/tf-a-tests.git;protocol=https" > > +SRC_URI = "${SRC_URI_TRUSTED_FIRMWARE_A_TESTS};branch=${SRCBRANCH} \ > > + " > > +SRCBRANCH = "master" > > +SRCREV = "fd053b75cde9c2aa1a5b979a2b544890510d4f52" > > + > > +DEPENDS += "optee-os" > > + > > +EXTRA_OEMAKE += "USE_NVM=0" > > +EXTRA_OEMAKE += "SHELL_COLOR=1" > > +EXTRA_OEMAKE += "DEBUG=1" > > + > > +# Modify mode based on debug or release mode > > +TFTF_MODE ?= "debug" > > + > > +# Platform must be set for each machine > > +TFA_PLATFORM ?= "invalid" > > + > > +EXTRA_OEMAKE += "ARCH=aarch64" > > +EXTRA_OEMAKE += "LOG_LEVEL=50" > > + > > +S = "${WORKDIR}/git" > > +B = "${WORKDIR}/build" > > + > > +# Add platform parameter > > +EXTRA_OEMAKE += "BUILD_BASE=${B} PLAT=${TFA_PLATFORM}" > > + > > +# Requires CROSS_COMPILE set by hand as there is no configure script > > +export CROSS_COMPILE="${TARGET_PREFIX}" > > + > > +LDFLAGS[unexport] = "1" > > +do_compile() { > > + oe_runmake -C ${S} tftf > > +} > > + > > +do_compile[cleandirs] = "${B}" > > + > > +FILES:${PN} = "/firmware/tftf.bin" > > +SYSROOT_DIRS += "/firmware" > > + > > +do_install() { > > + install -d -m 755 ${D}/firmware > > + install -m 0644 ${B}/${TFA_PLATFORM}/${TFTF_MODE}/tftf.bin ${D}/firmware/tftf.bin > > +} > > + > > +do_deploy() { > > + cp -rf ${D}/firmware/* ${DEPLOYDIR}/ > > +} > > +addtask deploy after do_install > > diff --git a/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.11.0.bb b/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.11.0.bb > > new file mode 100644 > > index 000000000000..27cdfc0953f3 > > --- /dev/null > > +++ b/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.11.0.bb > > @@ -0,0 +1,19 @@ > > +require recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc > > + > > +# TF-A v2.11.0 > > +SRCREV_tfa = "f2735ebccf5173f74c0458736ec526276106097e" > > +SRCBRANCH = "master" > > + > > +LIC_FILES_CHKSUM += "file://docs/license.rst;md5=b5fbfdeb6855162dded31fadcd5d4dc5" > > + > > +# in TF-A src, docs/getting_started/prerequisites.rst lists the expected version mbedtls > > +# mbedtls-3.6.0 > > +SRC_URI_MBEDTLS = "git://github.com/ARMmbed/mbedtls.git;name=mbedtls;protocol=https;destsuffix=git/mbedtls;branch=master" > > +SRCREV_mbedtls = "2ca6c285a0dd3f33982dd57299012dacab1ff206" > > + > > +LIC_FILES_CHKSUM_MBEDTLS = "file://mbedtls/LICENSE;md5=379d5819937a6c2f1ef1630d341e026d" > > + > > +# continue to boot also without TPM > > +SRC_URI += "\ > > + file://0001-qemu_measured_boot.c-ignore-TPM-error-and-continue-w.patch \ > > +" > > -- > > 2.39.3 (Apple Git-146) > >
On Fri, Aug 16, 2024 at 03:25:20PM -0400, Denys Dmytriyenko wrote: > On Tue, Jun 04, 2024 at 02:09:44PM -0400, Jon Mason wrote: > > Add support for tf-a version v2.11.0 and mbedtls 3.6.0. Modifications > > to the license checksum were necessary due to the addition to that file > > for DICE (which is Apache 2.0 licensed) for TF-A and the dual license of > > mbedtls (Apache 2.0 and addition of GPLv2). > > In which case the LICENSE being set in the common .inc is incorrect: > > LICENSE = "BSD-3-Clause & MIT" > > And mbedtls conditionally adds Apache 2.0, but not GPLv2. Per TF-A file docs/license.rst: BSD-3-Clause for tf-a and contains code for other projects with the following (simplified per the comments in that file): libc has BSD-3-Clause libfdt has BSD-2-Clause LLVM has BSD-3-Clause zlib has BSD-3-Clause STMicroelectronics platform source code has BSD-3-Clause Linux source has MIT DICE has Apache 2.0 So, tf-a should probably be: LICENSE = "BSD-2-Clause & BSD-3-Clause & MIT & Apache-2.0" mbedtls is Apache 2.0, as you said above...but not seeing where it is list as GPL in a LICENSE entry I'll do a patch to make the above tweak to the tf-a inc file. Thanks, Jon > > NOTE: FVP base is having (more of) an issue with CI on the newest TF-A, > > with SSH tests timing out. Holding that back to the LTS version until > > it cane be resolved. > > > > Signed-off-by: Jon Mason <jon.mason@arm.com> > > --- > > meta-arm-bsp/conf/machine/fvp-base.conf | 3 +- > > .../fiptool-native_2.11.0.bb | 33 +++++++++++ > > .../trusted-firmware-a/tf-a-tests_2.11.0.bb | 58 +++++++++++++++++++ > > .../trusted-firmware-a_2.11.0.bb | 19 ++++++ > > 4 files changed, 112 insertions(+), 1 deletion(-) > > create mode 100644 meta-arm/recipes-bsp/trusted-firmware-a/fiptool-native_2.11.0.bb > > create mode 100644 meta-arm/recipes-bsp/trusted-firmware-a/tf-a-tests_2.11.0.bb > > create mode 100644 meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.11.0.bb > > > > diff --git a/meta-arm-bsp/conf/machine/fvp-base.conf b/meta-arm-bsp/conf/machine/fvp-base.conf > > index 17fb5023ccc5..24d03e7124af 100644 > > --- a/meta-arm-bsp/conf/machine/fvp-base.conf > > +++ b/meta-arm-bsp/conf/machine/fvp-base.conf > > @@ -9,6 +9,7 @@ require conf/machine/include/arm/arch-armv8-4a.inc > > ARM_SYSTEMREADY_FIRMWARE = "trusted-firmware-a:do_deploy" > > ARM_SYSTEMREADY_ACS_CONSOLE = "default" > > EXTRA_IMAGEDEPENDS = "${ARM_SYSTEMREADY_FIRMWARE}" > > +PREFERRED_VERSION_trusted-firmware-a ?= "2.10.%" > > > > MACHINE_FEATURES = "efi" > > > > @@ -62,4 +63,4 @@ FVP_TERMINALS[bp.terminal_0] ?= "Console" > > FVP_TERMINALS[bp.terminal_1] ?= "" > > FVP_TERMINALS[bp.terminal_2] ?= "" > > FVP_TERMINALS[bp.terminal_3] ?= "" > > -FVP_CONFIG[bp.secure_memory] ?= "1" > > \ No newline at end of file > > +FVP_CONFIG[bp.secure_memory] ?= "1" > > diff --git a/meta-arm/recipes-bsp/trusted-firmware-a/fiptool-native_2.11.0.bb b/meta-arm/recipes-bsp/trusted-firmware-a/fiptool-native_2.11.0.bb > > new file mode 100644 > > index 000000000000..47e783a892c8 > > --- /dev/null > > +++ b/meta-arm/recipes-bsp/trusted-firmware-a/fiptool-native_2.11.0.bb > > @@ -0,0 +1,33 @@ > > +# Firmware Image Package (FIP) > > +# It is a packaging format used by TF-A to package the > > +# firmware images in a single binary. > > + > > +DESCRIPTION = "fiptool - Trusted Firmware tool for packaging" > > +LICENSE = "BSD-3-Clause" > > + > > +SRC_URI_TRUSTED_FIRMWARE_A ?= "git://git.trustedfirmware.org/TF-A/trusted-firmware-a.git;protocol=https" > > +SRC_URI = "${SRC_URI_TRUSTED_FIRMWARE_A};destsuffix=fiptool-${PV};branch=${SRCBRANCH}" > > +LIC_FILES_CHKSUM = "file://docs/license.rst;md5=b5fbfdeb6855162dded31fadcd5d4dc5" > > + > > +# Use fiptool from TF-A v2.11.0 > > +SRCREV = "f2735ebccf5173f74c0458736ec526276106097e" > > +SRCBRANCH = "master" > > + > > +DEPENDS += "openssl-native" > > + > > +inherit native > > + > > +EXTRA_OEMAKE = "V=1 HOSTCC='${BUILD_CC}' OPENSSL_DIR=${STAGING_DIR_NATIVE}/${prefix_native}" > > + > > +do_compile () { > > + # This is still needed to have the native fiptool executing properly by > > + # setting the RPATH > > + sed -i '/^LDOPTS/ s,$, \$\{BUILD_LDFLAGS},' ${S}/tools/fiptool/Makefile > > + sed -i '/^INCLUDE_PATHS/ s,$, \$\{BUILD_CFLAGS},' ${S}/tools/fiptool/Makefile > > + > > + oe_runmake fiptool > > +} > > + > > +do_install () { > > + install -D -p -m 0755 tools/fiptool/fiptool ${D}${bindir}/fiptool > > +} > > diff --git a/meta-arm/recipes-bsp/trusted-firmware-a/tf-a-tests_2.11.0.bb b/meta-arm/recipes-bsp/trusted-firmware-a/tf-a-tests_2.11.0.bb > > new file mode 100644 > > index 000000000000..02f03f3b00cf > > --- /dev/null > > +++ b/meta-arm/recipes-bsp/trusted-firmware-a/tf-a-tests_2.11.0.bb > > @@ -0,0 +1,58 @@ > > +DESCRIPTION = "Trusted Firmware-A tests(aka TFTF)" > > +LICENSE = "BSD-3-Clause & NCSA" > > + > > +LIC_FILES_CHKSUM += "file://docs/license.rst;md5=6175cc0aa2e63b6d21a32aa0ee7d1b4a" > > + > > +inherit deploy > > + > > +COMPATIBLE_MACHINE ?= "invalid" > > + > > +SRC_URI_TRUSTED_FIRMWARE_A_TESTS ?= "git://git.trustedfirmware.org/TF-A/tf-a-tests.git;protocol=https" > > +SRC_URI = "${SRC_URI_TRUSTED_FIRMWARE_A_TESTS};branch=${SRCBRANCH} \ > > + " > > +SRCBRANCH = "master" > > +SRCREV = "fd053b75cde9c2aa1a5b979a2b544890510d4f52" > > + > > +DEPENDS += "optee-os" > > + > > +EXTRA_OEMAKE += "USE_NVM=0" > > +EXTRA_OEMAKE += "SHELL_COLOR=1" > > +EXTRA_OEMAKE += "DEBUG=1" > > + > > +# Modify mode based on debug or release mode > > +TFTF_MODE ?= "debug" > > + > > +# Platform must be set for each machine > > +TFA_PLATFORM ?= "invalid" > > + > > +EXTRA_OEMAKE += "ARCH=aarch64" > > +EXTRA_OEMAKE += "LOG_LEVEL=50" > > + > > +S = "${WORKDIR}/git" > > +B = "${WORKDIR}/build" > > + > > +# Add platform parameter > > +EXTRA_OEMAKE += "BUILD_BASE=${B} PLAT=${TFA_PLATFORM}" > > + > > +# Requires CROSS_COMPILE set by hand as there is no configure script > > +export CROSS_COMPILE="${TARGET_PREFIX}" > > + > > +LDFLAGS[unexport] = "1" > > +do_compile() { > > + oe_runmake -C ${S} tftf > > +} > > + > > +do_compile[cleandirs] = "${B}" > > + > > +FILES:${PN} = "/firmware/tftf.bin" > > +SYSROOT_DIRS += "/firmware" > > + > > +do_install() { > > + install -d -m 755 ${D}/firmware > > + install -m 0644 ${B}/${TFA_PLATFORM}/${TFTF_MODE}/tftf.bin ${D}/firmware/tftf.bin > > +} > > + > > +do_deploy() { > > + cp -rf ${D}/firmware/* ${DEPLOYDIR}/ > > +} > > +addtask deploy after do_install > > diff --git a/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.11.0.bb b/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.11.0.bb > > new file mode 100644 > > index 000000000000..27cdfc0953f3 > > --- /dev/null > > +++ b/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.11.0.bb > > @@ -0,0 +1,19 @@ > > +require recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc > > + > > +# TF-A v2.11.0 > > +SRCREV_tfa = "f2735ebccf5173f74c0458736ec526276106097e" > > +SRCBRANCH = "master" > > + > > +LIC_FILES_CHKSUM += "file://docs/license.rst;md5=b5fbfdeb6855162dded31fadcd5d4dc5" > > + > > +# in TF-A src, docs/getting_started/prerequisites.rst lists the expected version mbedtls > > +# mbedtls-3.6.0 > > +SRC_URI_MBEDTLS = "git://github.com/ARMmbed/mbedtls.git;name=mbedtls;protocol=https;destsuffix=git/mbedtls;branch=master" > > +SRCREV_mbedtls = "2ca6c285a0dd3f33982dd57299012dacab1ff206" > > + > > +LIC_FILES_CHKSUM_MBEDTLS = "file://mbedtls/LICENSE;md5=379d5819937a6c2f1ef1630d341e026d" > > + > > +# continue to boot also without TPM > > +SRC_URI += "\ > > + file://0001-qemu_measured_boot.c-ignore-TPM-error-and-continue-w.patch \ > > +" > > -- > > 2.39.3 (Apple Git-146) > > >
diff --git a/meta-arm-bsp/conf/machine/fvp-base.conf b/meta-arm-bsp/conf/machine/fvp-base.conf index 17fb5023ccc5..24d03e7124af 100644 --- a/meta-arm-bsp/conf/machine/fvp-base.conf +++ b/meta-arm-bsp/conf/machine/fvp-base.conf @@ -9,6 +9,7 @@ require conf/machine/include/arm/arch-armv8-4a.inc ARM_SYSTEMREADY_FIRMWARE = "trusted-firmware-a:do_deploy" ARM_SYSTEMREADY_ACS_CONSOLE = "default" EXTRA_IMAGEDEPENDS = "${ARM_SYSTEMREADY_FIRMWARE}" +PREFERRED_VERSION_trusted-firmware-a ?= "2.10.%" MACHINE_FEATURES = "efi" @@ -62,4 +63,4 @@ FVP_TERMINALS[bp.terminal_0] ?= "Console" FVP_TERMINALS[bp.terminal_1] ?= "" FVP_TERMINALS[bp.terminal_2] ?= "" FVP_TERMINALS[bp.terminal_3] ?= "" -FVP_CONFIG[bp.secure_memory] ?= "1" \ No newline at end of file +FVP_CONFIG[bp.secure_memory] ?= "1" diff --git a/meta-arm/recipes-bsp/trusted-firmware-a/fiptool-native_2.11.0.bb b/meta-arm/recipes-bsp/trusted-firmware-a/fiptool-native_2.11.0.bb new file mode 100644 index 000000000000..47e783a892c8 --- /dev/null +++ b/meta-arm/recipes-bsp/trusted-firmware-a/fiptool-native_2.11.0.bb @@ -0,0 +1,33 @@ +# Firmware Image Package (FIP) +# It is a packaging format used by TF-A to package the +# firmware images in a single binary. + +DESCRIPTION = "fiptool - Trusted Firmware tool for packaging" +LICENSE = "BSD-3-Clause" + +SRC_URI_TRUSTED_FIRMWARE_A ?= "git://git.trustedfirmware.org/TF-A/trusted-firmware-a.git;protocol=https" +SRC_URI = "${SRC_URI_TRUSTED_FIRMWARE_A};destsuffix=fiptool-${PV};branch=${SRCBRANCH}" +LIC_FILES_CHKSUM = "file://docs/license.rst;md5=b5fbfdeb6855162dded31fadcd5d4dc5" + +# Use fiptool from TF-A v2.11.0 +SRCREV = "f2735ebccf5173f74c0458736ec526276106097e" +SRCBRANCH = "master" + +DEPENDS += "openssl-native" + +inherit native + +EXTRA_OEMAKE = "V=1 HOSTCC='${BUILD_CC}' OPENSSL_DIR=${STAGING_DIR_NATIVE}/${prefix_native}" + +do_compile () { + # This is still needed to have the native fiptool executing properly by + # setting the RPATH + sed -i '/^LDOPTS/ s,$, \$\{BUILD_LDFLAGS},' ${S}/tools/fiptool/Makefile + sed -i '/^INCLUDE_PATHS/ s,$, \$\{BUILD_CFLAGS},' ${S}/tools/fiptool/Makefile + + oe_runmake fiptool +} + +do_install () { + install -D -p -m 0755 tools/fiptool/fiptool ${D}${bindir}/fiptool +} diff --git a/meta-arm/recipes-bsp/trusted-firmware-a/tf-a-tests_2.11.0.bb b/meta-arm/recipes-bsp/trusted-firmware-a/tf-a-tests_2.11.0.bb new file mode 100644 index 000000000000..02f03f3b00cf --- /dev/null +++ b/meta-arm/recipes-bsp/trusted-firmware-a/tf-a-tests_2.11.0.bb @@ -0,0 +1,58 @@ +DESCRIPTION = "Trusted Firmware-A tests(aka TFTF)" +LICENSE = "BSD-3-Clause & NCSA" + +LIC_FILES_CHKSUM += "file://docs/license.rst;md5=6175cc0aa2e63b6d21a32aa0ee7d1b4a" + +inherit deploy + +COMPATIBLE_MACHINE ?= "invalid" + +SRC_URI_TRUSTED_FIRMWARE_A_TESTS ?= "git://git.trustedfirmware.org/TF-A/tf-a-tests.git;protocol=https" +SRC_URI = "${SRC_URI_TRUSTED_FIRMWARE_A_TESTS};branch=${SRCBRANCH} \ + " +SRCBRANCH = "master" +SRCREV = "fd053b75cde9c2aa1a5b979a2b544890510d4f52" + +DEPENDS += "optee-os" + +EXTRA_OEMAKE += "USE_NVM=0" +EXTRA_OEMAKE += "SHELL_COLOR=1" +EXTRA_OEMAKE += "DEBUG=1" + +# Modify mode based on debug or release mode +TFTF_MODE ?= "debug" + +# Platform must be set for each machine +TFA_PLATFORM ?= "invalid" + +EXTRA_OEMAKE += "ARCH=aarch64" +EXTRA_OEMAKE += "LOG_LEVEL=50" + +S = "${WORKDIR}/git" +B = "${WORKDIR}/build" + +# Add platform parameter +EXTRA_OEMAKE += "BUILD_BASE=${B} PLAT=${TFA_PLATFORM}" + +# Requires CROSS_COMPILE set by hand as there is no configure script +export CROSS_COMPILE="${TARGET_PREFIX}" + +LDFLAGS[unexport] = "1" +do_compile() { + oe_runmake -C ${S} tftf +} + +do_compile[cleandirs] = "${B}" + +FILES:${PN} = "/firmware/tftf.bin" +SYSROOT_DIRS += "/firmware" + +do_install() { + install -d -m 755 ${D}/firmware + install -m 0644 ${B}/${TFA_PLATFORM}/${TFTF_MODE}/tftf.bin ${D}/firmware/tftf.bin +} + +do_deploy() { + cp -rf ${D}/firmware/* ${DEPLOYDIR}/ +} +addtask deploy after do_install diff --git a/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.11.0.bb b/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.11.0.bb new file mode 100644 index 000000000000..27cdfc0953f3 --- /dev/null +++ b/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.11.0.bb @@ -0,0 +1,19 @@ +require recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc + +# TF-A v2.11.0 +SRCREV_tfa = "f2735ebccf5173f74c0458736ec526276106097e" +SRCBRANCH = "master" + +LIC_FILES_CHKSUM += "file://docs/license.rst;md5=b5fbfdeb6855162dded31fadcd5d4dc5" + +# in TF-A src, docs/getting_started/prerequisites.rst lists the expected version mbedtls +# mbedtls-3.6.0 +SRC_URI_MBEDTLS = "git://github.com/ARMmbed/mbedtls.git;name=mbedtls;protocol=https;destsuffix=git/mbedtls;branch=master" +SRCREV_mbedtls = "2ca6c285a0dd3f33982dd57299012dacab1ff206" + +LIC_FILES_CHKSUM_MBEDTLS = "file://mbedtls/LICENSE;md5=379d5819937a6c2f1ef1630d341e026d" + +# continue to boot also without TPM +SRC_URI += "\ + file://0001-qemu_measured_boot.c-ignore-TPM-error-and-continue-w.patch \ +"
Add support for tf-a version v2.11.0 and mbedtls 3.6.0. Modifications to the license checksum were necessary due to the addition to that file for DICE (which is Apache 2.0 licensed) for TF-A and the dual license of mbedtls (Apache 2.0 and addition of GPLv2). NOTE: FVP base is having (more of) an issue with CI on the newest TF-A, with SSH tests timing out. Holding that back to the LTS version until it cane be resolved. Signed-off-by: Jon Mason <jon.mason@arm.com> --- meta-arm-bsp/conf/machine/fvp-base.conf | 3 +- .../fiptool-native_2.11.0.bb | 33 +++++++++++ .../trusted-firmware-a/tf-a-tests_2.11.0.bb | 58 +++++++++++++++++++ .../trusted-firmware-a_2.11.0.bb | 19 ++++++ 4 files changed, 112 insertions(+), 1 deletion(-) create mode 100644 meta-arm/recipes-bsp/trusted-firmware-a/fiptool-native_2.11.0.bb create mode 100644 meta-arm/recipes-bsp/trusted-firmware-a/tf-a-tests_2.11.0.bb create mode 100644 meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.11.0.bb