Message ID | 20230222120441.2684534-1-peter.hoyes@arm.com |
---|---|
State | New |
Headers | show |
Series | [1/6] arm/trusted-firmware-m: Synchronize with 1.7.0 release | expand |
On Wed, 22 Feb 2023 12:04:36 +0000, Peter Hoyes wrote: > Update the TF-M image signing scripts to use the TF-M 1.7.0 sources, so > it is in sync with the TF-M recipe itself. > > Synchronize the trusted-firmware-m and -scripts Python dependencies > with the in-repo requirements.txt files. This requires a recipe to be > carried for pyhsslms. > > [...] Applied, thanks! [1/6] arm/trusted-firmware-m: Synchronize with 1.7.0 release commit: 1f6d2b269298e6174179b0a55be9d82d5cf65c1f [2/6] arm/classes: Factor out image signing arguments in tfm_image_sign commit: 81aaae5754da4f904335f60cf8d14efb42de3668 [3/6] arm/trusted-firmware-m: Create common inc file for src definitions commit: de82f2269b7cb57105930dc05a4b711c8b4943d2 [4/6] arm/trusted-firmware-m: Create inc file for common config commit: 064a97e74598b5a7d7109cedec1aa8cdc8989869 [5/6] arm/trusted-firmware-m-scripts: Create inc file for common config commit: f474a0fee9cfca3207796e132afe5bf7e6d4390f [6/6] arm/classes: Add sstate support to tfm_sign_images commit: 19767152e3bfb427a135f5366fc5b496341f121d Best regards,
diff --git a/meta-arm/classes/tfm_sign_image.bbclass b/meta-arm/classes/tfm_sign_image.bbclass index 542b708b..a5c41ae3 100644 --- a/meta-arm/classes/tfm_sign_image.bbclass +++ b/meta-arm/classes/tfm_sign_image.bbclass @@ -72,6 +72,7 @@ EOF --align 1 \ --pad \ --pad-header \ + --measured-boot-record \ -H ${RE_IMAGE_OFFSET} \ -s auto \ "${1}" \ diff --git a/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.7.0.bb b/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.7.0.bb index f4219be6..8df21339 100644 --- a/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.7.0.bb +++ b/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.7.0.bb @@ -59,15 +59,21 @@ INHIBIT_DEFAULT_DEPS = "1" PACKAGE_ARCH = "${MACHINE_ARCH}" +# See tools/requirements.txt for Python dependencies DEPENDS += "cmake-native \ ninja-native \ gcc-arm-none-eabi-native \ - python3-intelhex-native \ - python3-jinja2-native \ - python3-pyyaml-native \ + python3-cbor2-native \ python3-click-native \ python3-cryptography-native \ - python3-cbor2-native" + python3-pyasn1-native \ + python3-imgtool-native \ + python3-jinja2-native \ + python3-pyyaml-native \ + python3-pyhsslms-native \ + python3-ecdsa-native \ + python3-kconfiglib-native \ +" S = "${WORKDIR}/git/tfm" B = "${WORKDIR}/build" diff --git a/meta-arm/recipes-devtools/python/python3-pyhsslms_1.1.1.bb b/meta-arm/recipes-devtools/python/python3-pyhsslms_1.1.1.bb new file mode 100644 index 00000000..6012ab2d --- /dev/null +++ b/meta-arm/recipes-devtools/python/python3-pyhsslms_1.1.1.bb @@ -0,0 +1,10 @@ +SUMMARY = "Pure-Python implementation of HSS/LMS Digital Signatures (RFC 8554)" +HOMEPAGE ="https://pypi.org/project/pyhsslms" +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=58f6f7065b99f9d01d56e759256a6f1b" + +inherit pypi python_setuptools_build_meta +PYPI_PACKAGE = "pyhsslms" +SRC_URI[sha256sum] = "58bf03e34c6f9d5a3cfd77875d0a1356d4f23d7ad6ffd129b1e60de1208db753" + +BBCLASSEXTEND = "native nativesdk" diff --git a/meta-arm/recipes-devtools/trusted-firmware-m-scripts/trusted-firmware-m-scripts-native_1.6.0.bb b/meta-arm/recipes-devtools/trusted-firmware-m-scripts/trusted-firmware-m-scripts-native_1.7.0.bb similarity index 64% rename from meta-arm/recipes-devtools/trusted-firmware-m-scripts/trusted-firmware-m-scripts-native_1.6.0.bb rename to meta-arm/recipes-devtools/trusted-firmware-m-scripts/trusted-firmware-m-scripts-native_1.7.0.bb index db35ecf7..f30c3b52 100644 --- a/meta-arm/recipes-devtools/trusted-firmware-m-scripts/trusted-firmware-m-scripts-native_1.6.0.bb +++ b/meta-arm/recipes-devtools/trusted-firmware-m-scripts/trusted-firmware-m-scripts-native_1.7.0.bb @@ -1,9 +1,9 @@ SRC_URI_TRUSTED_FIRMWARE_M ?= "git://git.trustedfirmware.org/TF-M/trusted-firmware-m.git;protocol=https" SRC_URI = "${SRC_URI_TRUSTED_FIRMWARE_M};branch=${SRCBRANCH}" -# Use the wrapper script from TF-Mv1.6.0 +# Use the wrapper script from TF-Mv1.7.0 SRCBRANCH ?= "master" -SRCREV = "7387d88158701a3c51ad51c90a05326ee12847a8" +SRCREV = "b725a1346cdb9ec75b1adcdc4c84705881e8fd4e" LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://license.rst;md5=07f368487da347f3c7bd0fc3085f3afa" @@ -12,7 +12,15 @@ S = "${WORKDIR}/git" inherit native -RDEPENDS:${PN} = "python3-imgtool-native python3-click-native" +# See bl2/ext/mcuboot/scripts/requirements.txt +RDEPENDS:${PN} = "\ + python3-cryptography-native \ + python3-pyasn1-native \ + python3-pyyaml-native \ + python3-cbor2-native \ + python3-imgtool-native \ + python3-click-native \ +" do_configure[noexec] = "1" do_compile[noexec] = "1"