diff mbox series

[2/3] arm/trusted-firmware-m: Add 2.3.0 Support

Message ID 20260615131721.55897-2-jon.mason@arm.com
State New
Headers show
Series [1/3] CI: use Musca S1 for LTS testing | expand

Commit Message

Jon Mason June 15, 2026, 1:17 p.m. UTC 
Add recipes for newest version of tf-m.  Of note, mbedtls has been
removed in favor of the TF-PSA-Crypto library.  This is having a cascade
into the other recipes, with a removal from the core inc file and add of
the individual lines to the specific versions.

TF-PSA-Crypto is Apache 2.0 licensed.  So, no need to change the recipe
license field.

Signed-off-by: Jon Mason <jon.mason@arm.com>
---
 ci/lts-revisions.yml                          |  1 +
 .../conf/machine/include/corstone1000.inc     |  1 +
 .../trusted-firmware-m-2.1.4-src.inc          |  2 +
 .../trusted-firmware-m-2.2.2-src.inc          |  2 +
 .../trusted-firmware-m-2.3.0-src.inc          | 87 +++++++++++++++++++
 ...trusted-firmware-m-scripts-native_2.3.0.bb |  9 ++
 .../trusted-firmware-m/trusted-firmware-m.inc |  1 -
 .../trusted-firmware-m_2.3.0.bb               |  9 ++
 8 files changed, 111 insertions(+), 1 deletion(-)
 create mode 100644 meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m-2.3.0-src.inc
 create mode 100644 meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m-scripts-native_2.3.0.bb
 create mode 100644 meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_2.3.0.bb
diff mbox series

Patch

diff --git a/ci/lts-revisions.yml b/ci/lts-revisions.yml
index 2cb7a6bc3411..fc23696f5861 100644
--- a/ci/lts-revisions.yml
+++ b/ci/lts-revisions.yml
@@ -8,3 +8,4 @@  local_conf_header:
     PREFERRED_VERSION_trusted-firmware-a ?= "2.10.%"
     PREFERRED_VERSION_tf-a-tests ?= "2.10.%"
     PREFERRED_VERSION_trusted-firmware-m ?= "2.1.%"
+    PREFERRED_VERSION_trusted-firmware-m-scripts-native ?= "2.1.%"
diff --git a/meta-arm-bsp/conf/machine/include/corstone1000.inc b/meta-arm-bsp/conf/machine/include/corstone1000.inc
index 309fae6174cc..668b26443b94 100644
--- a/meta-arm-bsp/conf/machine/include/corstone1000.inc
+++ b/meta-arm-bsp/conf/machine/include/corstone1000.inc
@@ -6,6 +6,7 @@  MACHINEOVERRIDES =. "corstone1000:"
 
 # TF-M
 PREFERRED_VERSION_trusted-firmware-m ?= "2.2.%"
+PREFERRED_VERSION_trusted-firmware-m-scripts-native ?= "2.2.%"
 
 # TF-A
 TFA_PLATFORM = "corstone1000"
diff --git a/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m-2.1.4-src.inc b/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m-2.1.4-src.inc
index 0ea55984860f..71ff595347c2 100644
--- a/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m-2.1.4-src.inc
+++ b/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m-2.1.4-src.inc
@@ -54,6 +54,8 @@  SRCREV_tfm-psa-adac = "5f5490cebe66ae997f316f83c3fbf1f97deef625"
 
 SRCREV_FORMAT = "tfm_tfm-extras_tfm-tests_cmsis_mbedtls_mcuboot_qcbor_tfm-psa-adac_t-cose"
 
+EXTRA_OECMAKE += "-DMBEDCRYPTO_PATH=${S}/external/mbedtls"
+
 S = "${UNPACKDIR}/tfm"
 
 # Apply patches
diff --git a/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m-2.2.2-src.inc b/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m-2.2.2-src.inc
index 132f05aaa97b..ddaab88e8bd3 100644
--- a/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m-2.2.2-src.inc
+++ b/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m-2.2.2-src.inc
@@ -63,6 +63,8 @@  SRC_URI  = "${SRC_URI_TRUSTED_FIRMWARE_M};branch=${SRCBRANCH_tfm};name=tfm;dests
 
 SRCREV_FORMAT = "tfm_tfm-extras_tfm-tests_cmsis_mbedtls_mcuboot_qcbor_tfm-psa-adac_t-cose"
 
+EXTRA_OECMAKE += "-DMBEDCRYPTO_PATH=${S}/external/mbedtls"
+
 S = "${UNPACKDIR}/tfm"
 
 # Apply patches
diff --git a/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m-2.3.0-src.inc b/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m-2.3.0-src.inc
new file mode 100644
index 000000000000..d3ab29d0e297
--- /dev/null
+++ b/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m-2.3.0-src.inc
@@ -0,0 +1,87 @@ 
+# Common src definitions for trusted-firmware-m and trusted-firmware-m-scripts
+
+LICENSE = "BSD-2-Clause & BSD-3-Clause & Apache-2.0"
+
+LIC_FILES_CHKSUM = "file://license.rst;md5=002a64dec64b82c58a203a94bee7b2a1 \
+                    file://external/tf-m-tests/license.rst;md5=4481bae2221b0cfca76a69fb3411f390 \
+                    file://external/mcuboot/LICENSE;md5=b6ee33f1d12a5e6ee3de1e82fb51eeb8 \
+                    file://external/tfm-psa-adac/license.rst;md5=07f368487da347f3c7bd0fc3085f3afa \
+                    file://external/tf-psa-crypto/LICENSE;md5=40b928d464bb11f233c578de64d710cf \
+                    file://external/psa-crypto-driver/license.rst;md5=6a076b245abfcdb53243394a49e51ffa \
+                    file://external/t_cose/LICENSE;md5=b2ebdbfb82602b97aa628f64cf4b65ad \
+                   "
+
+SRC_URI_TRUSTED_FIRMWARE_M ?= "git://git.trustedfirmware.org/TF-M/trusted-firmware-m.git;protocol=https"
+SRC_URI_TRUSTED_FIRMWARE_M_EXTRAS ?= "git://git.trustedfirmware.org/TF-M/tf-m-extras.git;protocol=https"
+SRC_URI_TRUSTED_FIRMWARE_M_TESTS ?= "git://git.trustedfirmware.org/TF-M/tf-m-tests.git;protocol=https"
+SRC_URI_TRUSTED_FIRMWARE_M_CMSIS ?= "git://github.com/ARM-software/CMSIS_6.git;protocol=https"
+SRC_URI_TRUSTED_FIRMWARE_M_MCUBOOT ?= "git://github.com/mcu-tools/mcuboot.git;protocol=https"
+SRC_URI_TRUSTED_FIRMWARE_M_QCBOR ?= "git://github.com/laurencelundblade/QCBOR.git;protocol=https"
+SRC_URI_TRUSTED_FIRMWARE_M_PSA_ADAC ?= "git://git.trustedfirmware.org/shared/psa-adac.git;protocol=https"
+SRC_URI_TRUSTED_FIRMWARE_M_PSA_CRYPTO ?= "gitsm://github.com/Mbed-TLS/TF-PSA-Crypto.git;protocol=https"
+SRC_URI_TRUSTED_FIRMWARE_M_PSA_CRYPTO_DRIVER ?= "git://git.trustedfirmware.org/shared/tf-psa-crypto-drivers;protocol=https"
+SRC_URI_TRUSTED_FIRMWARE_M_T_COSE ?= "git://github.com/laurencelundblade/t_cose.git;protocol=https"
+
+# The required dependencies are documented in tf-m/config/config_base.cmake
+# TF-Mv2.3.0
+SRCBRANCH_tfm ?= "release/2.3.x"
+SRCREV_tfm = "5d906d29d7b6d1a7f7134960d228f9e75f6a8a07"
+# TF-Mv2.3.0
+SRCBRANCH_tfm-extras ?= "release/2.3.x"
+SRCREV_tfm-extras = "8abeb6610e7ca27fff54dd8a9b5767d5cf98b998"
+# TF-Mv2.3.0
+SRCBRANCH_tfm-tests ?= "release/2.3.x"
+SRCREV_tfm-tests = "6a1165dfef219d0801487f51e06d12331e726643"
+# CMSIS v6.1.0, CMSIS_TAG from lib/ext/cmsis/CMakeLists.txt
+SRCBRANCH_cmsis ?= "main"
+SRCREV_cmsis = "b0bbb0423b278ca632cfe1474eb227961d835fd2"
+# mcuboot v2.4.0, value from MCUBOOT_VERSION
+SRCBRANCH_mcuboot ?= "main"
+SRCREV_mcuboot = "6d3b3d2c38ab20c242e5b9abb04d050086383eb2"
+# QCBOR v1.2, value from QCBOR_VERSION in lib/ext/qcbor/CMakeLists.txt
+SRCBRANCH_qcbor ?= "master"
+SRCREV_qcbor = "92d3f89030baff4af7be8396c563e6c8ef263622"
+# PSA-ADAC (intermediate SHA), value from PLATFORM_PSA_ADAC_VERSION
+SRCBRANCH_tfm-psa-adac = "master"
+SRCREV_tfm-psa-adac = "eff89e8e0ce36e4793f78309be19fcfab798f473"
+# TF-PSA-Crypto v1.1.0, value from TF_PSA_CRYPTO_VERSION
+SRCBRANCH_tf-psa-crypto = "development"
+SRCREV_tf-psa-crypto = "29160dd877d29658279fd683b2ae57b320ddcf09"
+# From platform/ext/target/arm/drivers/cc3xx/CMakeLists.txt
+SRCBRANCH_psa-crypto-driver = "main"
+SRCREV_psa-crypto-driver = "3a93566c04c4d77a007e6b149e7c06e7b8f0cd8d"
+# T_COSE v2.0-alpha-2, from lib/ext/t_cose/CMakeLists.txt
+SRCBRANCH_t-cose = "dev"
+SRCREV_t-cose = "3076010eeb6383f0827bd992c75b68af9311cf1d"
+
+
+SRC_URI  = "${SRC_URI_TRUSTED_FIRMWARE_M};branch=${SRCBRANCH_tfm};name=tfm;destsuffix=tfm \
+            ${SRC_URI_TRUSTED_FIRMWARE_M_EXTRAS};branch=${SRCBRANCH_tfm-extras};name=tfm-extras;destsuffix=tfm/external/tfm-extras \
+            ${SRC_URI_TRUSTED_FIRMWARE_M_TESTS};branch=${SRCBRANCH_tfm-tests};name=tfm-tests;destsuffix=tfm/external/tf-m-tests \
+            ${SRC_URI_TRUSTED_FIRMWARE_M_CMSIS};branch=${SRCBRANCH_cmsis};name=cmsis;destsuffix=tfm/external/cmsis \
+            ${SRC_URI_TRUSTED_FIRMWARE_M_MCUBOOT};branch=${SRCBRANCH_mcuboot};name=mcuboot;destsuffix=tfm/external/mcuboot \
+            ${SRC_URI_TRUSTED_FIRMWARE_M_QCBOR};branch=${SRCBRANCH_qcbor};name=qcbor;destsuffix=tfm/external/qcbor \
+            ${SRC_URI_TRUSTED_FIRMWARE_M_PSA_ADAC};branch=${SRCBRANCH_tfm-psa-adac};name=tfm-psa-adac;destsuffix=tfm/external/tfm-psa-adac \
+            ${SRC_URI_TRUSTED_FIRMWARE_M_PSA_CRYPTO};branch=${SRCBRANCH_tf-psa-crypto};name=tf-psa-crypto;destsuffix=tfm/external/tf-psa-crypto \
+            ${SRC_URI_TRUSTED_FIRMWARE_M_PSA_CRYPTO_DRIVER};branch=${SRCBRANCH_psa-crypto-driver};name=psa-crypto-driver;destsuffix=tfm/external/psa-crypto-driver \
+            ${SRC_URI_TRUSTED_FIRMWARE_M_T_COSE};branch=${SRCBRANCH_t-cose};name=t-cose;destsuffix=tfm/external/t_cose \
+            "
+
+SRCREV_FORMAT = "tfm_tfm-extras_tfm-tests_cmsis_mcuboot_qcbor_tfm-psa-adac_tf-psa-crypto_psa-pcrypto-driver_t-cose"
+
+S = "${UNPACKDIR}/tfm"
+
+EXTRA_OECMAKE += "-DTF_PSA_CRYPTO_PATH=${S}/external/tf-psa-crypto"
+EXTRA_OECMAKE += "-DPSA_CRYPTO_DRIVER_PATH=${S}/external/psa-crypto-driver"
+
+# Apply patches
+inherit apply_local_src_patches
+LOCAL_SRC_PATCHES_INPUT_DIR = "N/A"
+
+do_apply_local_src_patches() {
+    apply_local_src_patches ${S}/lib/ext/qcbor ${S}/external/qcbor
+    apply_local_src_patches ${S}/lib/ext/mcuboot ${S}/external/mcuboot
+    apply_local_src_patches ${S}/lib/ext/tf-m-tests ${S}/external/tf-m-tests
+    apply_local_src_patches ${S}/lib/ext/tf-psa-crypto ${S}/external/tf-psa-crypto
+    apply_local_src_patches ${S}/lib/ext/t_cose ${S}/external/t_cose
+}
diff --git a/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m-scripts-native_2.3.0.bb b/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m-scripts-native_2.3.0.bb
new file mode 100644
index 000000000000..b5220934f415
--- /dev/null
+++ b/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m-scripts-native_2.3.0.bb
@@ -0,0 +1,9 @@ 
+require recipes-bsp/trusted-firmware-m/trusted-firmware-m-${PV}-src.inc
+
+inherit native python_setuptools_build_meta
+
+RDEPENDS:${PN} = "\
+    python3-pyelftools-native \
+    python3-rich-native \
+    clang-native \
+"
diff --git a/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m.inc b/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m.inc
index 3b6dce22069d..b01361deb18f 100644
--- a/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m.inc
+++ b/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m.inc
@@ -72,7 +72,6 @@  EXTRA_OECMAKE += "${@bb.utils.contains('TFM_DEBUG', '1', '-DCMAKE_BUILD_TYPE=Deb
 
 EXTRA_OECMAKE += "\
     -DCMSIS_PATH=${S}/external/cmsis \
-    -DMBEDCRYPTO_PATH=${S}/external/mbedtls \
     -DMCUBOOT_PATH=${S}/external/mcuboot \
     -DQCBOR_PATH=${S}/external/qcbor \
     -DT_COSE_PATH=${S}/external/t_cose \
diff --git a/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_2.3.0.bb b/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_2.3.0.bb
new file mode 100644
index 000000000000..64c03d2dbf4c
--- /dev/null
+++ b/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_2.3.0.bb
@@ -0,0 +1,9 @@ 
+require recipes-bsp/trusted-firmware-m/trusted-firmware-m-${PV}-src.inc
+require recipes-bsp/trusted-firmware-m/trusted-firmware-m.inc
+
+DEPENDS += "trusted-firmware-m-scripts-native"
+
+# FIXME - arm-none-eabi/bin/ld: error: unsupported option: -z relro
+# Working around the issue by removing the loader flags, which aren't relevant for us here
+# Long term fix, create a baremetal firmware bbclass that doesn't add this stuff
+SECURITY_LDFLAGS = ""