diff mbox series

[1/6] arm/trusted-firmware-m: Synchronize with 1.7.0 release

Message ID 20230222120441.2684534-1-peter.hoyes@arm.com
State New
Headers show
Series [1/6] arm/trusted-firmware-m: Synchronize with 1.7.0 release | expand

Commit Message

Peter Hoyes Feb. 22, 2023, 12:04 p.m. UTC
From: Peter Hoyes <Peter.Hoyes@arm.com>

Update the TF-M image signing scripts to use the TF-M 1.7.0 sources, so
it is in sync with the TF-M recipe itself.

Synchronize the trusted-firmware-m and -scripts Python dependencies
with the in-repo requirements.txt files. This requires a recipe to be
carried for pyhsslms.

1.7.0 introduces the --measured-boot-record argument to the image
signing script, which is required to maintain existing behavior. Add it
to the arguments in the tfm_sign_image bbclass.

Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
---
 meta-arm/classes/tfm_sign_image.bbclass            |  1 +
 .../trusted-firmware-m/trusted-firmware-m_1.7.0.bb | 14 ++++++++++----
 .../python/python3-pyhsslms_1.1.1.bb               | 10 ++++++++++
 ... => trusted-firmware-m-scripts-native_1.7.0.bb} | 14 +++++++++++---
 4 files changed, 32 insertions(+), 7 deletions(-)
 create mode 100644 meta-arm/recipes-devtools/python/python3-pyhsslms_1.1.1.bb
 rename meta-arm/recipes-devtools/trusted-firmware-m-scripts/{trusted-firmware-m-scripts-native_1.6.0.bb => trusted-firmware-m-scripts-native_1.7.0.bb} (64%)

Comments

Jon Mason Feb. 22, 2023, 4:37 p.m. UTC | #1
On Wed, 22 Feb 2023 12:04:36 +0000, Peter Hoyes wrote:
> Update the TF-M image signing scripts to use the TF-M 1.7.0 sources, so
> it is in sync with the TF-M recipe itself.
> 
> Synchronize the trusted-firmware-m and -scripts Python dependencies
> with the in-repo requirements.txt files. This requires a recipe to be
> carried for pyhsslms.
> 
> [...]

Applied, thanks!

[1/6] arm/trusted-firmware-m: Synchronize with 1.7.0 release
      commit: 1f6d2b269298e6174179b0a55be9d82d5cf65c1f
[2/6] arm/classes: Factor out image signing arguments in tfm_image_sign
      commit: 81aaae5754da4f904335f60cf8d14efb42de3668
[3/6] arm/trusted-firmware-m: Create common inc file for src definitions
      commit: de82f2269b7cb57105930dc05a4b711c8b4943d2
[4/6] arm/trusted-firmware-m: Create inc file for common config
      commit: 064a97e74598b5a7d7109cedec1aa8cdc8989869
[5/6] arm/trusted-firmware-m-scripts: Create inc file for common config
      commit: f474a0fee9cfca3207796e132afe5bf7e6d4390f
[6/6] arm/classes: Add sstate support to tfm_sign_images
      commit: 19767152e3bfb427a135f5366fc5b496341f121d

Best regards,
diff mbox series

Patch

diff --git a/meta-arm/classes/tfm_sign_image.bbclass b/meta-arm/classes/tfm_sign_image.bbclass
index 542b708b..a5c41ae3 100644
--- a/meta-arm/classes/tfm_sign_image.bbclass
+++ b/meta-arm/classes/tfm_sign_image.bbclass
@@ -72,6 +72,7 @@  EOF
             --align 1 \
             --pad \
             --pad-header \
+            --measured-boot-record \
             -H ${RE_IMAGE_OFFSET} \
             -s auto \
             "${1}" \
diff --git a/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.7.0.bb b/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.7.0.bb
index f4219be6..8df21339 100644
--- a/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.7.0.bb
+++ b/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.7.0.bb
@@ -59,15 +59,21 @@  INHIBIT_DEFAULT_DEPS = "1"
 
 PACKAGE_ARCH = "${MACHINE_ARCH}"
 
+# See tools/requirements.txt for Python dependencies
 DEPENDS += "cmake-native \
             ninja-native \
             gcc-arm-none-eabi-native \
-            python3-intelhex-native \
-            python3-jinja2-native \
-            python3-pyyaml-native \
+            python3-cbor2-native \
             python3-click-native \
             python3-cryptography-native \
-            python3-cbor2-native"
+            python3-pyasn1-native \
+            python3-imgtool-native \
+            python3-jinja2-native \
+            python3-pyyaml-native \
+            python3-pyhsslms-native \
+            python3-ecdsa-native \
+            python3-kconfiglib-native \
+"
 
 S = "${WORKDIR}/git/tfm"
 B = "${WORKDIR}/build"
diff --git a/meta-arm/recipes-devtools/python/python3-pyhsslms_1.1.1.bb b/meta-arm/recipes-devtools/python/python3-pyhsslms_1.1.1.bb
new file mode 100644
index 00000000..6012ab2d
--- /dev/null
+++ b/meta-arm/recipes-devtools/python/python3-pyhsslms_1.1.1.bb
@@ -0,0 +1,10 @@ 
+SUMMARY = "Pure-Python implementation of HSS/LMS Digital Signatures (RFC 8554)"
+HOMEPAGE ="https://pypi.org/project/pyhsslms"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=58f6f7065b99f9d01d56e759256a6f1b"
+
+inherit pypi python_setuptools_build_meta
+PYPI_PACKAGE = "pyhsslms"
+SRC_URI[sha256sum] = "58bf03e34c6f9d5a3cfd77875d0a1356d4f23d7ad6ffd129b1e60de1208db753"
+
+BBCLASSEXTEND = "native nativesdk"
diff --git a/meta-arm/recipes-devtools/trusted-firmware-m-scripts/trusted-firmware-m-scripts-native_1.6.0.bb b/meta-arm/recipes-devtools/trusted-firmware-m-scripts/trusted-firmware-m-scripts-native_1.7.0.bb
similarity index 64%
rename from meta-arm/recipes-devtools/trusted-firmware-m-scripts/trusted-firmware-m-scripts-native_1.6.0.bb
rename to meta-arm/recipes-devtools/trusted-firmware-m-scripts/trusted-firmware-m-scripts-native_1.7.0.bb
index db35ecf7..f30c3b52 100644
--- a/meta-arm/recipes-devtools/trusted-firmware-m-scripts/trusted-firmware-m-scripts-native_1.6.0.bb
+++ b/meta-arm/recipes-devtools/trusted-firmware-m-scripts/trusted-firmware-m-scripts-native_1.7.0.bb
@@ -1,9 +1,9 @@ 
 
 SRC_URI_TRUSTED_FIRMWARE_M ?= "git://git.trustedfirmware.org/TF-M/trusted-firmware-m.git;protocol=https"
 SRC_URI = "${SRC_URI_TRUSTED_FIRMWARE_M};branch=${SRCBRANCH}"
-# Use the wrapper script from TF-Mv1.6.0
+# Use the wrapper script from TF-Mv1.7.0
 SRCBRANCH ?= "master"
-SRCREV = "7387d88158701a3c51ad51c90a05326ee12847a8"
+SRCREV = "b725a1346cdb9ec75b1adcdc4c84705881e8fd4e"
 
 LICENSE = "BSD-3-Clause"
 LIC_FILES_CHKSUM = "file://license.rst;md5=07f368487da347f3c7bd0fc3085f3afa"
@@ -12,7 +12,15 @@  S = "${WORKDIR}/git"
 
 inherit native
 
-RDEPENDS:${PN} = "python3-imgtool-native python3-click-native"
+# See bl2/ext/mcuboot/scripts/requirements.txt
+RDEPENDS:${PN} = "\
+    python3-cryptography-native \
+    python3-pyasn1-native \
+    python3-pyyaml-native \
+    python3-cbor2-native \
+    python3-imgtool-native \
+    python3-click-native \
+"
 
 do_configure[noexec] = "1"
 do_compile[noexec] = "1"