new file mode 100644
@@ -0,0 +1,33 @@
+From f5b2fa90e0c0324f31e72429e7a7382f49a25912 Mon Sep 17 00:00:00 2001
+From: Shen Jiamin <shen_jiamin@comp.nus.edu.sg>
+Date: Wed, 24 Jul 2024 18:58:55 +0800
+Subject: [PATCH] fix(zynqmp): handle secure SGI at EL1 for OP-TEE
+
+OP-TEE requires SGIs to be handled at S-EL1. The
+Makefile was not properly setting the flag
+GICV2_G0_FOR_EL3 to 0 when the SPD is OP-TEE.
+
+Change-Id: I256afa37ddf4ad4a154c43d51807de670c3689bb
+Signed-off-by: Shen Jiamin <shen_jiamin@comp.nus.edu.sg>
+---
+ plat/xilinx/zynqmp/platform.mk | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+Upstream-Status: Backport
+
+diff --git a/plat/xilinx/zynqmp/platform.mk b/plat/xilinx/zynqmp/platform.mk
+index c340009d0..22eceb621 100644
+--- a/plat/xilinx/zynqmp/platform.mk
++++ b/plat/xilinx/zynqmp/platform.mk
+@@ -21,7 +21,7 @@ ENABLE_LTO := 1
+ EL3_EXCEPTION_HANDLING := $(SDEI_SUPPORT)
+
+ # pncd SPD requires secure SGI to be handled at EL1
+-ifeq (${SPD}, $(filter ${SPD},pncd tspd))
++ifeq (${SPD}, $(filter ${SPD},pncd tspd opteed))
+ ifeq (${ZYNQMP_WDT_RESTART},1)
+ $(error "Error: ZYNQMP_WDT_RESTART and SPD=pncd are incompatible")
+ endif
+--
+2.34.1
+
@@ -16,4 +16,5 @@ LIC_FILES_CHKSUM_MBEDTLS = "file://mbedtls/LICENSE;md5=3b83ef96387f14655fc854ddc
# continue to boot also without TPM
SRC_URI += "\
file://0001-qemu_measured_boot.c-ignore-TPM-error-and-continue-w.patch \
+ file://0001-fix-zynqmp-handle-secure-SGI-at-EL1-for-OP-TEE.patch \
"
@@ -16,4 +16,5 @@ LIC_FILES_CHKSUM_MBEDTLS = "file://mbedtls/LICENSE;md5=379d5819937a6c2f1ef1630d3
# continue to boot also without TPM
SRC_URI += "\
file://0001-qemu_measured_boot.c-ignore-TPM-error-and-continue-w.patch \
+ file://0001-fix-zynqmp-handle-secure-SGI-at-EL1-for-OP-TEE.patch \
"
kv260 with optee and secure-boot panics without this fix: https://ledge.validation.linaro.org/scheduler/job/93620 Xilinx Zynq MP First Stage Boot Loader Release 2022.2 Oct 7 2022 - 04:56:16 MultiBootOffset: 0x40 Reset Mode : System Reset Platform: Silicon (4.0), Running on A53-0 (64-bit) Processor, Device Name: XCZUUNKNEG QSPI 32 bit Boot Mode FlashID=0x20 0xBB 0x20 PMU Firmware 2022.2 Oct 7 2022 04:56:16 PMU_ROM Version: xpbr-v8.1.0-0 �I/TC: I/TC: OP-TEE version: 4.2.0-dev (gcc version 14.1.0 (GCC)) #1 Fri Apr 12 09:51:21 UTC 2024 aarch64 I/TC: WARNING: This OP-TEE configuration might be insecure! I/TC: WARNING: Please check https://optee.readthedocs.io/en/latest/architecture/porting_guidelines.html I/TC: Primary CPU initializing I/TC: Primary CPU switching to normal world boot PANIC at PC : 0x00000000fffed94c Fix proposed by MaheedharSai.Bollapalli@amd.com Cc: MaheedharSai.Bollapalli@amd.com Cc: michal.simek@amd.com Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org> --- ...-handle-secure-SGI-at-EL1-for-OP-TEE.patch | 33 +++++++++++++++++++ .../trusted-firmware-a_2.10.4.bb | 1 + .../trusted-firmware-a_2.11.0.bb | 1 + 3 files changed, 35 insertions(+) create mode 100644 meta-arm/recipes-bsp/trusted-firmware-a/files/0001-fix-zynqmp-handle-secure-SGI-at-EL1-for-OP-TEE.patch