From patchwork Wed Dec 21 12:32:33 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: mohamed.omarasaker@arm.com X-Patchwork-Id: 17056 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 43D46C46467 for ; Wed, 21 Dec 2022 12:33:23 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web10.17552.1671625996881470165 for ; Wed, 21 Dec 2022 04:33:17 -0800 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: mohamed.omarasaker@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 815832F4; Wed, 21 Dec 2022 04:33:57 -0800 (PST) Received: from e126544.arm.com (unknown [10.57.74.144]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id D81963F703; Wed, 21 Dec 2022 04:33:14 -0800 (PST) From: mohamed.omarasaker@arm.com To: meta-arm@lists.yoctoproject.org, Ross.Burton@arm.com Cc: nd@arm.com, Mohamed Omar Asaker Subject: [PATCH 2/5] arm-bsp/trusted-firmware-m: Bump TFM to v1.7 Date: Wed, 21 Dec 2022 12:32:33 +0000 Message-Id: <20221221123236.342413-3-mohamed.omarasaker@arm.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20221221123236.342413-1-mohamed.omarasaker@arm.com> References: <20221221123236.342413-1-mohamed.omarasaker@arm.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 21 Dec 2022 12:33:23 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/4211 From: Mohamed Omar Asaker Create tfm recipe for v1.7.x Signed-off-by: Mohamed Omar Asaker --- .../trusted-firmware-m_1.7.0.bb | 138 ++++++++++++++++++ 1 file changed, 138 insertions(+) create mode 100644 meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.7.0.bb diff --git a/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.7.0.bb b/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.7.0.bb new file mode 100644 index 00000000..f863dc71 --- /dev/null +++ b/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.7.0.bb @@ -0,0 +1,138 @@ +# SPDX-License-Identifier: MIT +# +# Copyright (c) 2020 Arm Limited +# + +SUMMARY = "Trusted Firmware for Cortex-M" +DESCRIPTION = "Trusted Firmware-M" +HOMEPAGE = "https://git.trustedfirmware.org/trusted-firmware-m.git" +PROVIDES = "virtual/trusted-firmware-m" + +LICENSE = "BSD-3-Clause & Apache-2.0" + +LIC_FILES_CHKSUM = "file://license.rst;md5=07f368487da347f3c7bd0fc3085f3afa \ + file://../tf-m-tests/license.rst;md5=02d06ffb8d9f099ff4961c0cb0183a18 \ + file://../mbedtls/LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57 \ + file://../mcuboot/LICENSE;md5=b6ee33f1d12a5e6ee3de1e82fb51eeb8" + +SRC_URI = "git://git.trustedfirmware.org/TF-M/trusted-firmware-m.git;protocol=https;branch=${SRCBRANCH_tfm};name=tfm;destsuffix=git/tfm \ + git://git.trustedfirmware.org/TF-M/tf-m-tests.git;protocol=https;branch=${SRCBRANCH_tfm-tests};name=tfm-tests;destsuffix=git/tf-m-tests \ + git://github.com/ARMmbed/mbedtls.git;protocol=https;branch=${SRCBRANCH_mbedtls};name=mbedtls;destsuffix=git/mbedtls \ + git://github.com/mcu-tools/mcuboot.git;protocol=https;branch=${SRCBRANCH_mcuboot};name=mcuboot;destsuffix=git/mcuboot \ + " + +# The required dependencies are documented in tf-m/config/config_default.cmake +# TF-Mv1.7.0 +SRCBRANCH_tfm ?= "release/1.7.x" +SRCREV_tfm = "b725a1346cdb9ec75b1adcdc4c84705881e8fd4e" +# mbedtls-3.2.0 +SRCBRANCH_mbedtls ?= "master" +SRCREV_mbedtls = "869298bffeea13b205343361b7a7daf2b210e33d" +# TF-Mv1.6.0 +SRCBRANCH_tfm-tests ?= "release/1.7.x" +SRCREV_tfm-tests = "4972e8df3fcbd386a5b0c18613d8a803f4dda082" +# v1.9.0 +SRCBRANCH_mcuboot ?= "main" +SRCREV_mcuboot = "c657cbea75f2bb1faf1fceacf972a0537a8d26dd" + +UPSTREAM_CHECK_GITTAGREGEX = "^TF-Mv(?P\d+(\.\d+)+)$" + +# Note to future readers of this recipe: until the CMakeLists don't abuse +# installation (see do_install) there is no point in trying to inherit +# cmake here. You can easily short-circuit the toolchain but the install +# is so convoluted there's no gain. + +inherit python3native deploy + +# Baremetal and we bring a compiler below +INHIBIT_DEFAULT_DEPS = "1" + +PACKAGE_ARCH = "${MACHINE_ARCH}" + +DEPENDS += "cmake-native \ + ninja-native \ + gcc-arm-none-eabi-native \ + python3-intelhex-native \ + python3-jinja2-native \ + python3-pyyaml-native \ + python3-click-native \ + python3-cryptography-native \ + python3-cbor2-native" + +S = "${WORKDIR}/git/tfm" +B = "${WORKDIR}/build" + +# Build for debug (set TFM_DEBUG to 1 to activate) +TFM_DEBUG ?= "0" + +# Platform must be set, ideally in the machine configuration. +TFM_PLATFORM ?= "" +python() { + if not d.getVar("TFM_PLATFORM"): + raise bb.parse.SkipRecipe("TFM_PLATFORM needs to be set") +} + +PACKAGECONFIG ??= "" +# Whether to integrate the test suite +PACKAGECONFIG[test-secure] = "-DTEST_S=ON,-DTEST_S=OFF" +PACKAGECONFIG[test-nonsecure] = "-DTEST_NS=ON,-DTEST_NS=OFF" + +# Currently we only support using the Arm binary GCC +EXTRA_OECMAKE += "-DTFM_TOOLCHAIN_FILE=${S}/toolchain_GNUARM.cmake" + +# Don't let FetchContent download more sources during do_configure +EXTRA_OECMAKE += "-DFETCHCONTENT_FULLY_DISCONNECTED=ON" + +# Add platform parameters +EXTRA_OECMAKE += "-DTFM_PLATFORM=${TFM_PLATFORM}" + +# Handle TFM_DEBUG parameter +EXTRA_OECMAKE += "${@bb.utils.contains('TFM_DEBUG', '1', '-DCMAKE_BUILD_TYPE=Debug', '-DCMAKE_BUILD_TYPE=Release', d)}" + +# Verbose builds +EXTRA_OECMAKE += "-DCMAKE_VERBOSE_MAKEFILE:BOOL=ON" + +EXTRA_OECMAKE += "-DMBEDCRYPTO_PATH=${S}/../mbedtls -DTFM_TEST_REPO_PATH=${S}/../tf-m-tests -DMCUBOOT_PATH=${S}/../mcuboot" + +export CMAKE_BUILD_PARALLEL_LEVEL = "${@oe.utils.parallel_make(d, False)}" + +# Let the Makefile handle setting up the CFLAGS and LDFLAGS as it is a standalone application +CFLAGS[unexport] = "1" +LDFLAGS[unexport] = "1" +AS[unexport] = "1" +LD[unexport] = "1" + +# python3-cryptography needs the legacy provider, so set OPENSSL_MODULES to the +# right path until this is relocated automatically. +export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules" + +do_configure[cleandirs] = "${B}" +do_configure() { + cmake -GNinja -S ${S} -B ${B} ${EXTRA_OECMAKE} ${PACKAGECONFIG_CONFARGS} +} + +# Invoke install here as there's no point in splitting compile from install: the +# first thing the build does is 'install' inside the build tree thus causing a +# rebuild. It also overrides the install prefix to be in the build tree, so you +# can't use the usual install prefix variables. +do_compile() { + cmake --build ${B} -- install +} +do_compile[progress] = "outof:^\[(\d+)/(\d+)\]\s+" + +do_install() { + # TODO install headers and static libraries when we know how they're used + install -d -m 755 ${D}/firmware + install -m 0644 ${B}/bin/* ${D}/firmware/ +} + +FILES:${PN} = "/firmware" +SYSROOT_DIRS += "/firmware" + +addtask deploy after do_install +do_deploy() { + cp -rf ${D}/firmware/* ${DEPLOYDIR}/ +} + +# Build paths are currently embedded +INSANE_SKIP:${PN} += "buildpaths"