@@ -9,6 +9,7 @@ require conf/machine/include/arm/arch-armv8-4a.inc
ARM_SYSTEMREADY_FIRMWARE = "trusted-firmware-a:do_deploy"
ARM_SYSTEMREADY_ACS_CONSOLE = "default"
EXTRA_IMAGEDEPENDS = "${ARM_SYSTEMREADY_FIRMWARE}"
+PREFERRED_VERSION_trusted-firmware-a ?= "2.10.%"
MACHINE_FEATURES = "efi"
@@ -62,4 +63,4 @@ FVP_TERMINALS[bp.terminal_0] ?= "Console"
FVP_TERMINALS[bp.terminal_1] ?= ""
FVP_TERMINALS[bp.terminal_2] ?= ""
FVP_TERMINALS[bp.terminal_3] ?= ""
-FVP_CONFIG[bp.secure_memory] ?= "1"
\ No newline at end of file
+FVP_CONFIG[bp.secure_memory] ?= "1"
new file mode 100644
@@ -0,0 +1,33 @@
+# Firmware Image Package (FIP)
+# It is a packaging format used by TF-A to package the
+# firmware images in a single binary.
+
+DESCRIPTION = "fiptool - Trusted Firmware tool for packaging"
+LICENSE = "BSD-3-Clause"
+
+SRC_URI_TRUSTED_FIRMWARE_A ?= "git://git.trustedfirmware.org/TF-A/trusted-firmware-a.git;protocol=https"
+SRC_URI = "${SRC_URI_TRUSTED_FIRMWARE_A};destsuffix=fiptool-${PV};branch=${SRCBRANCH}"
+LIC_FILES_CHKSUM = "file://docs/license.rst;md5=b5fbfdeb6855162dded31fadcd5d4dc5"
+
+# Use fiptool from TF-A v2.11.0
+SRCREV = "f2735ebccf5173f74c0458736ec526276106097e"
+SRCBRANCH = "master"
+
+DEPENDS += "openssl-native"
+
+inherit native
+
+EXTRA_OEMAKE = "V=1 HOSTCC='${BUILD_CC}' OPENSSL_DIR=${STAGING_DIR_NATIVE}/${prefix_native}"
+
+do_compile () {
+ # This is still needed to have the native fiptool executing properly by
+ # setting the RPATH
+ sed -i '/^LDOPTS/ s,$, \$\{BUILD_LDFLAGS},' ${S}/tools/fiptool/Makefile
+ sed -i '/^INCLUDE_PATHS/ s,$, \$\{BUILD_CFLAGS},' ${S}/tools/fiptool/Makefile
+
+ oe_runmake fiptool
+}
+
+do_install () {
+ install -D -p -m 0755 tools/fiptool/fiptool ${D}${bindir}/fiptool
+}
new file mode 100644
@@ -0,0 +1,58 @@
+DESCRIPTION = "Trusted Firmware-A tests(aka TFTF)"
+LICENSE = "BSD-3-Clause & NCSA"
+
+LIC_FILES_CHKSUM += "file://docs/license.rst;md5=6175cc0aa2e63b6d21a32aa0ee7d1b4a"
+
+inherit deploy
+
+COMPATIBLE_MACHINE ?= "invalid"
+
+SRC_URI_TRUSTED_FIRMWARE_A_TESTS ?= "git://git.trustedfirmware.org/TF-A/tf-a-tests.git;protocol=https"
+SRC_URI = "${SRC_URI_TRUSTED_FIRMWARE_A_TESTS};branch=${SRCBRANCH} \
+ "
+SRCBRANCH = "master"
+SRCREV = "fd053b75cde9c2aa1a5b979a2b544890510d4f52"
+
+DEPENDS += "optee-os"
+
+EXTRA_OEMAKE += "USE_NVM=0"
+EXTRA_OEMAKE += "SHELL_COLOR=1"
+EXTRA_OEMAKE += "DEBUG=1"
+
+# Modify mode based on debug or release mode
+TFTF_MODE ?= "debug"
+
+# Platform must be set for each machine
+TFA_PLATFORM ?= "invalid"
+
+EXTRA_OEMAKE += "ARCH=aarch64"
+EXTRA_OEMAKE += "LOG_LEVEL=50"
+
+S = "${WORKDIR}/git"
+B = "${WORKDIR}/build"
+
+# Add platform parameter
+EXTRA_OEMAKE += "BUILD_BASE=${B} PLAT=${TFA_PLATFORM}"
+
+# Requires CROSS_COMPILE set by hand as there is no configure script
+export CROSS_COMPILE="${TARGET_PREFIX}"
+
+LDFLAGS[unexport] = "1"
+do_compile() {
+ oe_runmake -C ${S} tftf
+}
+
+do_compile[cleandirs] = "${B}"
+
+FILES:${PN} = "/firmware/tftf.bin"
+SYSROOT_DIRS += "/firmware"
+
+do_install() {
+ install -d -m 755 ${D}/firmware
+ install -m 0644 ${B}/${TFA_PLATFORM}/${TFTF_MODE}/tftf.bin ${D}/firmware/tftf.bin
+}
+
+do_deploy() {
+ cp -rf ${D}/firmware/* ${DEPLOYDIR}/
+}
+addtask deploy after do_install
new file mode 100644
@@ -0,0 +1,19 @@
+require recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc
+
+# TF-A v2.11.0
+SRCREV_tfa = "f2735ebccf5173f74c0458736ec526276106097e"
+SRCBRANCH = "master"
+
+LIC_FILES_CHKSUM += "file://docs/license.rst;md5=b5fbfdeb6855162dded31fadcd5d4dc5"
+
+# in TF-A src, docs/getting_started/prerequisites.rst lists the expected version mbedtls
+# mbedtls-3.6.0
+SRC_URI_MBEDTLS = "git://github.com/ARMmbed/mbedtls.git;name=mbedtls;protocol=https;destsuffix=git/mbedtls;branch=master"
+SRCREV_mbedtls = "2ca6c285a0dd3f33982dd57299012dacab1ff206"
+
+LIC_FILES_CHKSUM_MBEDTLS = "file://mbedtls/LICENSE;md5=379d5819937a6c2f1ef1630d341e026d"
+
+# continue to boot also without TPM
+SRC_URI += "\
+ file://0001-qemu_measured_boot.c-ignore-TPM-error-and-continue-w.patch \
+"
Add support for tf-a version v2.11.0 and mbedtls 3.6.0. Modifications to the license checksum were necessary due to the addition to that file for DICE (which is Apache 2.0 licensed) for TF-A and the dual license of mbedtls (Apache 2.0 and addition of GPLv2). NOTE: FVP base is having (more of) an issue with CI on the newest TF-A, with SSH tests timing out. Holding that back to the LTS version until it cane be resolved. Signed-off-by: Jon Mason <jon.mason@arm.com> --- meta-arm-bsp/conf/machine/fvp-base.conf | 3 +- .../fiptool-native_2.11.0.bb | 33 +++++++++++ .../trusted-firmware-a/tf-a-tests_2.11.0.bb | 58 +++++++++++++++++++ .../trusted-firmware-a_2.11.0.bb | 19 ++++++ 4 files changed, 112 insertions(+), 1 deletion(-) create mode 100644 meta-arm/recipes-bsp/trusted-firmware-a/fiptool-native_2.11.0.bb create mode 100644 meta-arm/recipes-bsp/trusted-firmware-a/tf-a-tests_2.11.0.bb create mode 100644 meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.11.0.bb