From patchwork Wed Dec 4 17:12:49 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hugues KAMBA MPIANA X-Patchwork-Id: 53616 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 049D7E77172 for ; Wed, 4 Dec 2024 17:13:05 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web10.20272.1733332377944896001 for ; Wed, 04 Dec 2024 09:12:58 -0800 Authentication-Results: mx.groups.io; dkim=none (message not signed); spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: hugues.kambampiana@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 9485C1063; Wed, 4 Dec 2024 09:13:25 -0800 (PST) Received: from e129527.cambridge.arm.com (e129527.cambridge.arm.com [10.1.29.170]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 78FC03F71E; Wed, 4 Dec 2024 09:12:56 -0800 (PST) From: Hugues KAMBA MPIANA To: meta-arm@lists.yoctoproject.org Cc: Hugues KAMBA MPIANA , Abdellatif El Khlifi Subject: [PATCH 1/2] arm-bsp/documentation: corstone1000: Amend documentation for CORSTONE1000-2024.11 release Date: Wed, 4 Dec 2024 17:12:49 +0000 Message-Id: <20241204171250.220387-2-hugues.kambampiana@arm.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20241204171250.220387-1-hugues.kambampiana@arm.com> References: <20241204171250.220387-1-hugues.kambampiana@arm.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 04 Dec 2024 17:13:05 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/6264 * Fix typographical error in documentation. * Add missing instructions. * Create paragraphs where necessary to improve readability. * Change `note` box to `important` box * Remove verification of arm_tstee driver presence: arm-tstee driver has been integrated in Linux v6.10.14 which is the one used in the software stack. It is built as part of Linux and is no longer a loadable module. The steps to verify the driver presence are no longer applicable. * Standardise naming of the target platform: Consistently use the name `Corstone-1000` to refer to the target platform. * Update Debian OS version from 12.4 to 12.7 Debian version 12.4 has a bug in Shim 15.7. This bug causes a fatal error when attempting to boot media installer for Debian,and resets the platform before installation starts. A patch to skip the Shim was applied to Corstone-1000 to avoid the error. Debian version 12.7 no longer has the bug in the Shim thus making the usage of the patch redundant. Bump Debian installer to version 12.7 and remove usage of the patch for the Debian installation test. * Replace xterm with tmux: Update the user guide to specify tmux instead of xterm. Using tmux as opposed to xterm provides a better user experience when running the commands listed on the user guide. * Use ACS image for FVP SystemReady test: Due to fixed timeout values in the meta-arm-systemready the ACS time test do not complete successfully. Instead, specify commands to use the pre-built ACS image. * List Trusted Services as a host component: Add Trusted Services to the list of components used on the Host processor of the Corstone-1000. The various BitBake recipes and append files used to build Trusted Services are listed for the component. * Update release version to CORSTONE1000-2024.11: All references to the version of the Corstone-1000 software reference stack have been updated from CORSTONE1000-2024.06 to CORSTONE1000-2024.11. Add to the changelog the 2024.11 release information. Add the 2024.11 release notes. Signed-off-by: Hugues KAMBA MPIANA Signed-off-by: Abdellatif El Khlifi --- .../documentation/corstone1000/change-log.rst | 63 ++++ .../corstone1000/release-notes.rst | 6 + .../corstone1000/software-architecture.rst | 25 +- .../documentation/corstone1000/user-guide.rst | 289 ++++++++++-------- 4 files changed, 241 insertions(+), 142 deletions(-) diff --git a/meta-arm-bsp/documentation/corstone1000/change-log.rst b/meta-arm-bsp/documentation/corstone1000/change-log.rst index f22a99c2..a98de3f9 100644 --- a/meta-arm-bsp/documentation/corstone1000/change-log.rst +++ b/meta-arm-bsp/documentation/corstone1000/change-log.rst @@ -11,6 +11,69 @@ This document contains a summary of the new features, changes and fixes in each release of Corstone-1000 software stack. +*************** +Version 2024.11 +*************** + +Changes +======= + +- Implementation of a replication strategy for FWU metadata in TF-M according to the FWU specification. +- Upgrade to metadata version 2 in TF-M. +- Increase the ITS and PS memory size in Secure Flash for TF-M. +- SW components upgrades. +- Bug fixes. + +Corstone-1000 components versions +================================= + ++-------------------------------------------+-----------------------------------------------------+ +| linux-yocto | 6.10.14 | ++-------------------------------------------+-----------------------------------------------------+ +| u-boot | 2023.07.02 | ++-------------------------------------------+-----------------------------------------------------+ +| external-system | 0.1.0 | ++-------------------------------------------+-----------------------------------------------------+ +| optee-client | 4.2.0 | ++-------------------------------------------+-----------------------------------------------------+ +| optee-os | 4.2.0 | ++-------------------------------------------+-----------------------------------------------------+ +| trusted-firmware-a | 2.11.0 | ++-------------------------------------------+-----------------------------------------------------+ +| trusted-firmware-m | 2.1.0 | ++-------------------------------------------+-----------------------------------------------------+ +| libts | 602be60719 | ++-------------------------------------------+-----------------------------------------------------+ +| ts-newlib | 4.1.0 | ++-------------------------------------------+-----------------------------------------------------+ +| ts-psa-{crypto, iat, its. ps}-api-test | 74dc6646ff | ++-------------------------------------------+-----------------------------------------------------+ +| ts-sp-{se-proxy, smm-gateway} | 602be60719 | ++-------------------------------------------+-----------------------------------------------------+ + +Yocto distribution components versions +====================================== + ++-------------------------------------------+------------------------------+ +| meta-arm | styhead | ++-------------------------------------------+------------------------------+ +| poky | 5465094be9 | ++-------------------------------------------+------------------------------+ +| meta-openembedded | 461d85a183 | ++-------------------------------------------+------------------------------+ +| meta-secure-core | 59d7e90542 | ++-------------------------------------------+------------------------------+ +| busybox | 1.36.1 | ++-------------------------------------------+------------------------------+ +| musl | 1.2.5 | ++-------------------------------------------+------------------------------+ +| gcc-arm-none-eabi | 13.3.rel1 | ++-------------------------------------------+------------------------------+ +| gcc-cross-aarch64 | 14.2.0 | ++-------------------------------------------+------------------------------+ +| openssl | 3.3.1 | ++-------------------------------------------+------------------------------+ + *************** Version 2024.06 *************** diff --git a/meta-arm-bsp/documentation/corstone1000/release-notes.rst b/meta-arm-bsp/documentation/corstone1000/release-notes.rst index 5f88d69c..d026cdf6 100644 --- a/meta-arm-bsp/documentation/corstone1000/release-notes.rst +++ b/meta-arm-bsp/documentation/corstone1000/release-notes.rst @@ -19,6 +19,12 @@ intended for safety-critical applications. Should Your Software or Your Hardware prove defective, you assume the entire cost of all necessary servicing, repair or correction. +*********************** +Release notes - 2024.11 +*********************** + +The same notes as the 2024.06 release still apply. + *********************** Release notes - 2024.06 *********************** diff --git a/meta-arm-bsp/documentation/corstone1000/software-architecture.rst b/meta-arm-bsp/documentation/corstone1000/software-architecture.rst index 42278e38..a4e0a424 100644 --- a/meta-arm-bsp/documentation/corstone1000/software-architecture.rst +++ b/meta-arm-bsp/documentation/corstone1000/software-architecture.rst @@ -4,7 +4,7 @@ # SPDX-License-Identifier: MIT ###################### -Software architecture +Software Architecture ###################### @@ -20,7 +20,7 @@ Corstone-1000 software plus hardware reference solution is PSA Level-2 ready certified (`PSA L2 Ready`_) as well as System Ready IR certified(`SRIR cert`_). More information on the Corstone-1000 subsystem product and design can be found at: -`Arm corstone1000 Software`_ and `Arm corstone1000 Technical Overview`_. +`Arm Corstone-1000 Software`_ and `Arm Corstone-1000 Technical Overview`_. This readme explicitly focuses on the software part of the solution and provides internal details on the software components. The reference @@ -57,7 +57,7 @@ TrustedFirmware-M(`TF-M`_) as runtime software. The software design on Secure Enclave follows Firmware Framework for M class processor (`FF-M`_) specification. -The Host System is based on ARM Cotex-A35 processor with standardized +The Host System is based on ARM Cortex-A35 processor with standardized peripherals to allow for the booting of a Linux OS. The Cortex-A35 has the TrustZone technology that allows secure and non-secure security states in the processor. The software design in the Host System follows @@ -213,15 +213,18 @@ Image (the initramfs bundle). The new images are accepted in the form of a UEFI When Firmware update is triggered, U-Boot verifies the capsule by checking the capsule signature, version number and size. Then it signals the Secure Enclave -that can start writing UEFI capsule into the flash. Once this operation finishes -,Secure Enclave resets the entire system. +that can start writing UEFI capsule into the flash. + +Once this operation finishes, Secure Enclave resets the entire system. The Metadata Block in the flash has the below firmware update state machine. TF-M runs an OTA service that is responsible for accepting and updating the images in the flash. The communication between the UEFI Capsule update subsystem and the OTA service follows the same data path explained above. The OTA service writes the new images to the passive bank after successful capsule verification. It changes the state of the system to trial state and -triggers the reset. Boot loaders in Secure Enclave and Host read the Metadata +triggers the reset. + +Boot loaders in Secure Enclave and Host read the Metadata block to get the information on the boot bank. In the successful trial stage, the acknowledgment from the host moves the state of the system from trial to regular. Any failure in the trial stage or system hangs leads to a system @@ -258,17 +261,17 @@ calls are forwarded to the Secure Enclave as explained above. *************** References *************** -`ARM corstone1000 Search`_ +`ARM Corstone-1000 Search`_ `Arm security features`_ -------------- -*Copyright (c) 2022-2023, Arm Limited. All rights reserved.* +*Copyright (c) 2022-2024, Arm Limited. All rights reserved.* -.. _Arm corstone1000 Technical Overview: https://developer.arm.com/documentation/102360/0000 -.. _Arm corstone1000 Software: https://developer.arm.com/Tools%20and%20Software/Corstone-1000%20Software -.. _Arm corstone1000 Search: https://developer.arm.com/search#q=corstone-1000 +.. _Arm Corstone-1000 Technical Overview: https://developer.arm.com/documentation/102360/0000 +.. _Arm Corstone-1000 Software: https://developer.arm.com/Tools%20and%20Software/Corstone-1000%20Software +.. _Arm Corstone-1000 Search: https://developer.arm.com/search#q=corstone-1000 .. _Arm security features: https://www.arm.com/architecture/security-features/platform-security .. _linux repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ .. _FF-A: https://developer.arm.com/documentation/den0077/latest diff --git a/meta-arm-bsp/documentation/corstone1000/user-guide.rst b/meta-arm-bsp/documentation/corstone1000/user-guide.rst index 38ab92b9..fac52e6e 100644 --- a/meta-arm-bsp/documentation/corstone1000/user-guide.rst +++ b/meta-arm-bsp/documentation/corstone1000/user-guide.rst @@ -18,16 +18,17 @@ for more information. Prerequisites ------------- -This guide assumes that your host machine is running Ubuntu 20.04 LTS, with at least +This guide assumes that your host machine is running Ubuntu 20.04 LTS ( with ``sudo`` rights), with at least 32GB of free disk space and 16GB of RAM as minimum requirement. The following prerequisites must be available on the host system: -- Git 1.8.3.1 or greater +- Git 1.8.3.1 or greater. - Python 3.8.0 or greater. -- GNU Tar 1.28 or greater +- GNU Tar 1.28 or greater. - GNU Compiler Collection 8.0 or greater. -- GNU Make 4.0 or greater +- GNU Make 4.0 or greater. +- tmux. Please follow the steps described in the Yocto mega manual: @@ -49,7 +50,7 @@ The Corstone-1000 software stack can be run on: Yocto Stable Branch ------------------- -Corstone-1000 software stack is built on top of Yocto scarthgap release. +Corstone-1000 software stack is built on top of Yocto styhead release. Software Components ------------------- @@ -58,7 +59,7 @@ a `BitBake recipe `__ +==================================================================================== + ++----------+-----------------------------------------------------------------------------------------------------------+ +| bbappend | ``$WORKSPACE/meta-arm/meta-arm-bsp/recipes-security/trusted-services/libts_%.bbappend`` | ++----------+-----------------------------------------------------------------------------------------------------------+ +| bbappend | ``$WORKSPACE/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-crypto-api-test_%.bbappend`` | ++----------+-----------------------------------------------------------------------------------------------------------+ +| bbappend | ``$WORKSPACE/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-iat-api-test_%.bbappend`` | ++----------+-----------------------------------------------------------------------------------------------------------+ +| bbappend | ``$WORKSPACE/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-its-api-test_%.bbappend`` | ++----------+-----------------------------------------------------------------------------------------------------------+ +| bbappend | ``$WORKSPACE/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-ps-api-test_%.bbappend`` | ++----------+-----------------------------------------------------------------------------------------------------------+ +| bbappend | ``$WORKSPACE/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-se-proxy_%.bbappend`` | ++----------+-----------------------------------------------------------------------------------------------------------+ +| bbappend | ``$WORKSPACE/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-smm-gateway_%.bbappend`` | ++----------+-----------------------------------------------------------------------------------------------------------+ +| Recipe | ``$WORKSPACE/meta-arm/meta-arm/recipes-security/trusted-services/libts_git.bb`` | ++----------+-----------------------------------------------------------------------------------------------------------+ +| Recipe | ``$WORKSPACE/meta-arm/meta-arm/recipes-security/trusted-services/ts-psa-crypto-api-test_git.bb`` | ++----------+-----------------------------------------------------------------------------------------------------------+ +| Recipe | ``$WORKSPACE/meta-arm/meta-arm/recipes-security/trusted-services/ts-psa-iat-api-test_git.bb`` | ++----------+-----------------------------------------------------------------------------------------------------------+ +| Recipe | ``$WORKSPACE/meta-arm/meta-arm/recipes-security/trusted-services/ts-psa-its-api-test_git.bb`` | ++----------+-----------------------------------------------------------------------------------------------------------+ +| Recipe | ``$WORKSPACE/meta-arm/meta-arm/recipes-security/trusted-services/ts-psa-ps-api-test_git.bb`` | ++----------+-----------------------------------------------------------------------------------------------------------+ +| Recipe | ``$WORKSPACE/meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-smm-gateway.bb`` | ++----------+-----------------------------------------------------------------------------------------------------------+ +| Recipe | ``$WORKSPACE/meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-se-proxy.bb`` | ++----------+-----------------------------------------------------------------------------------------------------------+ + `OP-TEE `__ ================================================================ +----------+----------------------------------------------------------------------------------------+ | bbappend | ``$WORKSPACE/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_4.%.bbappend`` | +----------+----------------------------------------------------------------------------------------+ -| Recipe | ``$WORKSPACE/meta-arm/meta-arm/recipes-security/optee/optee-os_4.1.0.bb`` | +| Recipe | ``$WORKSPACE/meta-arm/meta-arm/recipes-security/optee/optee-os_4.2.0.bb`` | +----------+----------------------------------------------------------------------------------------+ `U-Boot `__ @@ -116,7 +150,7 @@ The provided distribution is based on `BusyBox `__ and +-----------+----------------------------------------------------------------------------------------------+ | bbappend | ``$WORKSPACE/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto_%.bbappend`` | +-----------+----------------------------------------------------------------------------------------------+ -| Recipe | ``$WORKSPACE/poky/meta/recipes-kernel/linux/linux-yocto_6.6.bb`` | +| Recipe | ``$WORKSPACE/poky/meta/recipes-kernel/linux/linux-yocto_6.10.bb`` | +-----------+----------------------------------------------------------------------------------------------+ | defconfig | ``$WORKSPACE/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/corstone1000/defconfig`` | +-----------+----------------------------------------------------------------------------------------------+ @@ -131,7 +165,7 @@ Secure Enclave Components +----------+-----------------------------------------------------------------------------------------------------+ | bbappend | ``$WORKSPACE/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m_%.bbappend`` | +----------+-----------------------------------------------------------------------------------------------------+ -| Recipe | ``$WORKSPACE/meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_2.0.0.bb`` | +| Recipe | ``$WORKSPACE/meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_2.1.0.bb`` | +----------+-----------------------------------------------------------------------------------------------------+ ************************************ @@ -182,7 +216,7 @@ Build .. code-block:: console cd $WORKSPACE - git clone https://git.yoctoproject.org/git/meta-arm -b CORSTONE1000-2024.06 + git clone https://git.yoctoproject.org/git/meta-arm -b CORSTONE1000-2024.11 #. Build a Corstone-1000 image: @@ -414,7 +448,7 @@ instructions of the installer to setup the FVP. .. code-block:: console kas shell meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml \ - -c "../meta-arm/scripts/runfvp --terminals=xterm" + -c "../meta-arm/scripts/runfvp --terminals=tmux" When the script is executed, three terminal instances will be launched: @@ -460,14 +494,13 @@ Clean Secure Flash .. code-block:: console cd $WORKSPACE - git clone https://git.gitlab.arm.com/arm-reference-solutions/systemready-patch.git -b CORSTONE1000-2024.06 + git clone https://git.gitlab.arm.com/arm-reference-solutions/systemready-patch.git -b CORSTONE1000-2024.11 #. Copy the secure flash cleaning Git patch file to your copy of `meta-arm`. .. code-block:: console cp -f systemready-patch/embedded-a/corstone1000/erase_flash/0001-embedded-a-corstone1000-clean-secure-flash.patch meta-arm - cd meta-arm #. Apply the Git patch to `meta-arm`. @@ -481,7 +514,9 @@ Clean Secure Flash .. code-block:: console cd $WORKSPACE - kas build meta-arm/kas/corstone1000-mps3.yml:meta-arm/ci/debug.yml + kas shell meta-arm/kas/corstone1000-mps3.yml:meta-arm/ci/debug.yml + bitbake -c cleansstate trusted-firmware-m corstone1000-flash-firmware-image + bitbake -c build corstone1000-flash-firmware-image #. Replace the ``bl1.bin`` file on the SD card with ``$WORKSPACE/build/tmp/deploy/images/corstone1000-mps3/bl1.bin``. @@ -495,6 +530,15 @@ Clean Secure Flash NOW YOU CAN FLASH THE ACTUAL CORSTONE1000 IMAGE PLEASE REMOVE THE LATEST ERASE SECURE FLASH PATCH AND BUILD THE IMAGE AGAIN +#. Whilst still in the ``kas`` shell, revert the changes the patch introduced by running the following commands: + + .. code-block:: console + + cd $WORKSPACE/meta-arm + git reset --hard + cd .. + bitbake -c cleansstate trusted-firmware-m corstone1000-flash-firmware-image + exit #. Follow the `instructions `__ to build a clean software stack and flash the MPS3 with it. @@ -561,7 +605,7 @@ MPS3 .. code-block:: console sudo dd \ - if=$WORKSPACE/build/tmp/deploy/images/corstone1000-mps3/corstone1000-esp-image-costickrstone1000-mps3.wic \ + if=$WORKSPACE/build/tmp/deploy/images/corstone1000-mps3/corstone1000-esp-image-corstone1000-mps3.wic \ of=/dev/sdb \ iflag=direct oflag=direct status=progress bs=512; sync; @@ -625,8 +669,6 @@ This sections below describe how to build and run ACS tests on Corstone-1000. .. _mps3-instructions-for-acs-image: -MPS3 -==== #. On your host development machine, clone the `Arm SystemReady ACS repository `_. @@ -647,6 +689,16 @@ MPS3 and full USB support for Corstone-1000 will be available in the repository with the next SystemReady release. +#. Decompress the pre-built ACS live image. + + .. code-block:: console + + cd $WORKSPACE/arm-systemready/IR/prebuilt_images/v23.09_2.1.0 + unxz ir-acs-live-image-generic-arm64.wic.xz + +MPS3 +==== + #. Connect a USB drive (other than the one used for the ESP) to the host development machine. #. Run the following command to discover which device is your USB drive: @@ -666,7 +718,6 @@ MPS3 .. code-block:: console cd $WORKSPACE/arm-systemready/IR/prebuilt_images/v23.09_2.1.0 - unxz ir-acs-live-image-generic-arm64.wic.xz sudo dd if=ir-acs-live-image-generic-arm64.wic of=/dev/sdc iflag=direct oflag=direct bs=1M status=progress; sync #. Plug the USB drive to the MPS3. At this point you should have both the USB drive with the ESP and the USB drive with the ACS image plugged to the MPS3. @@ -679,29 +730,48 @@ The MPS3 will reset multiple times during the test, and it might take approximat Unplug the ESP USB drive from the MPS3 if it is preventing GRUB from finding the bootable partition. Leave only the ACS image USB drive - plugged in to run the ACS tests. The ESP USB drive can be plugged in again after - the platform is booted to Linux at the end of the ACS tests. + plugged in to run the ACS tests. + The ESP USB drive can be plugged in again after + selecting the `Linux Boot` option in the GRUB menu at the end of the ACS tests. + +.. warning:: + + A timeout issue has been observed while booting Linux during the ACS tests, causing the system to boot into emergency mode. + Booting Linux is necessary to run certain tests, such as `dt-validation`. + The following workaround is required to enable Linux to boot properly and perform all Linux-based tests: + + #. Press Enter at the Linux prompt. + #. Open the file `/etc/systemd/system.conf` and set `DefaultDeviceTimeoutSec=infinity`. + #. Reboot the platform using the `reboot` command. + #. Select the `Linux Boot` option from the GRUB menu. + #. Allow Linux to boot and run the remaining ACS tests until completion. .. _fvp-instructions-for-acs-image: FVP === -FVP has been integrated in the `meta-arm-systemready Yocto layer `__. -Find more details about the `meta-arm-systemready` Yocto layer from its `README `__ file. - -Run the following command to build the firmware image with the specific kas configuration file for building an image with the ACS tests baked in: +Run the commands below to run the ACS test on FVP using the built firmware image and the pre-built ACS image identified above: .. code-block:: console - kas build meta-arm/ci/corstone1000-fvp.yml:meta-arm/ci/debug.yml:meta-arm/kas/arm-systemready-ir-acs.yml + cd $WORKSPACE + tmux + ./meta-arm/scripts/runfvp \ + --terminals=tmux \ + ./build/tmp/deploy/images/corstone1000-fvp/corstone1000-flash-firmware-image-corstone1000-fvp.fvpconf \ + -- -C board.msd_mmc.p_mmc_file=$WORKSPACE/arm-systemready/IR/prebuilt_images/v23.09_2.1.0/ir-acs-live-image-generic-arm64.wic .. note:: + The FVP will reset multiple times during the test. The ACS tests might take up to 1 day to complete when run on FVP. +The message `ACS run is completed` will be displayed on the FVP host terminal when the test runs to completion. +You will be prompted to press the Enter key to access the Linux prompt. + Test Sequence and Results ========================= @@ -718,8 +788,14 @@ The results can be fetched from the `acs_results` folder in the ``BOOT`` partiti .. note:: - The FVP uses the ``$WORKSPACE/build/tmp-glibc/work/corstone1000_fvp-oe-linux/arm-systemready-ir-acs/2.0.0/deploy-arm-systemready-ir-acs/arm-systemready-ir-acs-corstone1000-fvp.wic`` - image if the `meta-arm-systemready` Yocto layer is used. The results can be checked in this image. + Access the `acs_results` folder in FVP by running the following commands: + + .. code-block:: console + + sudo mkdir /mnt/test + sudo mount -o rw,offset=1048576 \ + $WORKSPACE/arm-systemready/IR/prebuilt_images/v23.09_2.1.0/ir-acs-live-image-generic-arm64.wic \ + /mnt/test ##################################################### @@ -781,10 +857,18 @@ Run the following commands to generate an invalid capsule with a ``fw-version`` --private-key build/tmp/deploy/images/corstone1000-$TARGET/corstone1000_capsule_key.key \ --certificate build/tmp/deploy/images/corstone1000-$TARGET/corstone1000_capsule_cert.crt \ --index 1 \ - --guid df1865d1-90fb-4d59-9c38-c9f2c1bba8cc \ + --guid $TARGET_GUID \ --fw-version 5 build/tmp/deploy/images/corstone1000-$TARGET/corstone1000-$TARGET_image.nopt \ corstone1000-$TARGET-v5.uefi.capsule + +.. important:: + + ``$TARGET_GUID`` is different depending on whether the capsule is built for the ``fvp`` or ``mps3`` ``$TARGET``. + + - ``fvp`` ``$TARGET_GUID`` is ``989f3a4e-46e0-4cd0-9877-a25c70c01329`` + - ``mps3`` ``$TARGET_GUID`` is ``df1865d1-90fb-4d59-9c38-c9f2c1bba8cc`` + The invalid capsule will be located in the ``$WORKSPACE`` directory. *************************** @@ -889,7 +973,7 @@ Positive Capsule Update Test .. code-block:: console kas shell meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml \ - -c "../meta-arm/scripts/runfvp --terminals=xterm \ + -c "../meta-arm/scripts/runfvp --terminals=tmux \ -- -C board.msd_mmc.p_mmc_file=$ACS_IMAGE_PATH/ir-acs-live-image-generic-arm64.wic" .. warning:: @@ -911,9 +995,17 @@ Positive Capsule Update Test #. Run the ``CapsuleApp`` application with the valid capsule file: - .. code-block:: console + - MPS3: + + .. code-block:: console + + EFI/BOOT/app/CapsuleApp.efi EFI/BOOT/corstone1000-mps3-v6.uefi.capsule - EFI/BOOT/app/CapsuleApp.efi corstone1000-$TARGET-v6.uefi.capsule + - FVP: + + .. code-block:: console + + EFI/BOOT/app/CapsuleApp.efi corstone1000-fvp-v6.uefi.capsule The capsule update will be started. @@ -1013,11 +1105,25 @@ Negative Capsule Update Test Press ESC in 4 seconds to skip startup.nsh or any other key to continue. -#. Run the ``CapsuleApp`` application with the invalid capsule file: +#. Access the content of the first file system (``File System 0``) where we copied the capsule files by running the following command: .. code-block:: console - EFI/BOOT/app/CapsuleApp.efi corstone1000-$TARGET-v5.uefi.capsule + FS0: + +#. Run the ``CapsuleApp`` application with the invalid capsule file: + + - MPS3: + + .. code-block:: console + + EFI/BOOT/app/CapsuleApp.efi EFI/BOOT/corstone1000-mps3-v5.uefi.capsule + + - FVP: + + .. code-block:: console + + EFI/BOOT/app/CapsuleApp.efi corstone1000-fvp-v5.uefi.capsule #. TrustedFirmware-M should reject the capsule due to having a lower firmware version and display the following log on the Secure Enclave terminal (``ttyUSB1``): @@ -1107,83 +1213,6 @@ The Linux distributions to be installed are: Follow the instructions below to install the Linux distributions to the Corstone-1000 software stack. -*********************************** -Apply Patch for Debian Installation -*********************************** - -.. warning:: - **!!Debian ONLY!!** - - There is a known issue in `Shim 15.7 `__ - provided with the Debian installer image. - This bug causes a fatal error when attempting to boot media installer for Debian, and resets the platform before installation starts. - - A `patch `__ to be applied to the Corstone-1000 software stack is provided to skip the Shim. - This patch makes U-Boot automatically bypass the Shim and run GRUB to allow - the user to proceed with a normal installation. - - You are encourage to try a new installer if at the moment of reading this document the Shim problem has been solved. - Otherwise, please apply the patch as indicated by the instructions below. - -#. Clone the repository containing the patch in your ``$WORKSPACE``: - - .. code-block:: console - - cd $WORKSPACE - git clone https://git.gitlab.arm.com/arm-reference-solutions/systemready-patch.git -b CORSTONE1000-2024.06 - -#. Copy the Git patch file to your local copy of `meta-arm` in your workspace: - - .. code-block:: console - - cp -f systemready-patch/embedded-a/corstone1000/shim/0001-arm-bsp-u-boot-corstone1000-Skip-the-shim-by-booting.patch meta-arm - -#. Change the current working directory to your local copy of the `meta-arm` repository to apply the Git patch: - - .. code-block:: console - - cd meta-arm - git am 0001-arm-bsp-u-boot-corstone1000-Skip-the-shim-by-booting.patch - -#. Change the current working directory back to your ``$WORKSPACE``: - - .. code-block:: console - - cd $WORKSPACE - -#. Initialize a kas shell environment using the debug configuration file for your target to: - - - remove build artefacts (for ``u-boot``, ``trusted-firmware-a``, and ``corstone1000-flash-firmware-image``) - - reset the state of those recipes - - re-build the ``corstone1000-flash-firmware-image`` recipe from scratch - - .. code-block:: console - - kas shell meta-arm/kas/corstone1000-$TARGET.yml:meta-arm/ci/debug.yml \ - -c="bitbake u-boot trusted-firmware-a corstone1000-flash-firmware-image -c cleansstate; \ - bitbake corstone1000-flash-firmware-image" - -.. important:: - - On MPS3, replace the ``cs1000.bin`` on the SD card with the newly generated ``*.wic`` file. - -.. warning:: - - The Corstone-1000 patch for Debian installation must be removed from `meta-arm` before running the software to boot openSUSE or - executing any other tests in this user guide. - - Remove the patch and rebuild the ``corstone1000-flash-firmware-image`` recipe by running the following commands: - - .. code-block:: console - - cd $WORKSPACE/meta-arm - git reset --hard HEAD~1 - cd $WORKSPACE - kas shell meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml \ - -c="bitbake u-boot -c cleanall; bitbake trusted-firmware-a -c cleanall; \ - bitbake corstone1000-flash-firmware-image -c cleanall; \ - bitbake corstone1000-flash-firmware-image" - ************************** Prepare Installation Media ************************** @@ -1194,7 +1223,7 @@ Follow the instructions below to create the installation media. #. Using your development machine, download one of following Linux distribution images: - - `Debian installer image `__ + - `Debian installer image `__ - `OpenSUSE Tumbleweed installer image `__ .. note:: @@ -1246,7 +1275,7 @@ Corstone-1000 on-board non-volatile storage size is insufficient for installing #. Do not yet connect this blank USB drive to the MPS3. It will be used as the primary drive to boot the distribution. - FVP: - #. Create an 8GB GUID Partition Table (GPT) formatted MultiMediaCard (MMC) image. + #. Create an 10 GB GUID Partition Table (GPT) formatted MultiMediaCard (MMC) image. .. code-block:: console @@ -1295,7 +1324,7 @@ FVP .. code-block:: console kas shell meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml \ - -c "../meta-arm/scripts/runfvp --terminals=xterm -- \ + -c "../meta-arm/scripts/runfvp --terminals=tmux -- \ -C board.msd_mmc.p_mmc_file=$WORKSPACE/fvp_distro_system_drive.img \ -C board.msd_mmc_2.p_mmc_file=$DISTRO_INSTALLER_ISO_PATH" @@ -1361,8 +1390,8 @@ Boot Distribution .. code-block:: console kas shell meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml \ - -c "../meta-arm/scripts/runfvp --terminals=xterm -- \ - -C board.msd_mmc.p_mmc_file=$WORKSPACE/fvp_distro_system_drive.img.img" + -c "../meta-arm/scripts/runfvp --terminals=tmux -- \ + -C board.msd_mmc.p_mmc_file=$WORKSPACE/fvp_distro_system_drive.img" .. warning:: @@ -1460,7 +1489,7 @@ Generate Keys, Signed Image and Unsigned Image cd $WORKSPACE git clone https://git.gitlab.arm.com/arm-reference-solutions/systemready-patch.git \ - -b CORSTONE1000-2024.06 + -b CORSTONE1000-2024.11 #. Set the current working directory to build directory's subdirectory containing the software stack build images. @@ -1718,14 +1747,6 @@ The steps below are applicable to both MPS3 and FVP). #. Start the Corstone-1000 and wait until it boots to Linux on the Host Processor terminal (``ttyUSB2``). -#. Verify that the `arm_tstee` driver is present. - - .. code-block:: console - - ls /sys/bus/arm_ffa/drivers | grep arm_tstee - - ``arm_tstee`` should be printed on the terminal to confirm that the driver is present. - #. Run the PSA API tests by running the commands below in the order shown: .. code-block:: console @@ -1747,13 +1768,13 @@ External System Processor The Linux operating system running on the Host Processor starts the ``remoteproc`` framework to manage the External System Processor. -#. Start the External System Processor with the following command: +#. Stop the External System Processor with the following command: .. code-block:: console echo stop > /sys/class/remoteproc/remoteproc0/state -#. Stop the External System Processor with the following command: +#. Start the External System Processor with the following command: .. code-block:: console @@ -1811,7 +1832,7 @@ The build and integration instructions can be found in its `README `__ for the development machine setup. #. Rebuild the software stack with Secure Debug. @@ -1873,8 +1901,8 @@ A debug probe (DSTREAM family) and an Arm Development Studio 2022.2 and 2022.c ( Reports ------- -Various test reports for the `Corstone-1000 software (CORSTONE1000-2024.06) `__ -release version are available for reference `here `__. +Various test reports for the `Corstone-1000 software (CORSTONE1000-2024.11) `__ +release version are available for reference `here `__. -------------- @@ -1882,5 +1910,4 @@ release version are available for reference `here X-Patchwork-Id: 53615 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 06F65E77176 for ; Wed, 4 Dec 2024 17:13:05 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web11.20038.1733332378814403965 for ; Wed, 04 Dec 2024 09:12:58 -0800 Authentication-Results: mx.groups.io; dkim=none (message not signed); spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: hugues.kambampiana@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 68EEF1474; Wed, 4 Dec 2024 09:13:26 -0800 (PST) Received: from e129527.cambridge.arm.com (e129527.cambridge.arm.com [10.1.29.170]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id F38FB3F71E; Wed, 4 Dec 2024 09:12:57 -0800 (PST) From: Hugues KAMBA MPIANA To: meta-arm@lists.yoctoproject.org Cc: Hugues KAMBA MPIANA Subject: [PATCH 2/2] kas: corstone-1000: Update the SHA of the Yocto layer dependencies for the CORSTONE1000-2024.11 release. Date: Wed, 4 Dec 2024 17:12:50 +0000 Message-Id: <20241204171250.220387-3-hugues.kambampiana@arm.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20241204171250.220387-1-hugues.kambampiana@arm.com> References: <20241204171250.220387-1-hugues.kambampiana@arm.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 04 Dec 2024 17:13:05 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/6265 The SHA of the dependent community layers are commented out and set to the tested SHA from the `styhead` branch of each layer. The set SHAs are to be uncommented in the `styhead` branch which is to be used to create the `CORSTONE1000-2024.11` tag. Signed-off-by: Hugues KAMBA MPIANA --- kas/corstone1000-base.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/kas/corstone1000-base.yml b/kas/corstone1000-base.yml index a8b98603..c36b294a 100644 --- a/kas/corstone1000-base.yml +++ b/kas/corstone1000-base.yml @@ -16,14 +16,14 @@ repos: poky: url: https://git.yoctoproject.org/git/poky - # commit: 2e9c2a2381105f1306bcbcb54816cbc5d8110eff + # commit: 5465094be9a61a1639e1dab6d2b4ebea2bee7440 layers: meta: meta-poky: meta-openembedded: url: https://git.openembedded.org/meta-openembedded - # commit: 1750c66ae8e4268c472c0b2b94748a59d6ef866d + # commit: 461d85a1831318747af5abe86da193bcde3fd9b4 layers: meta-oe: meta-python: @@ -31,7 +31,7 @@ repos: meta-secure-core: url: https://github.com/wind-river/meta-secure-core.git - # commit: e29165a1031dcf601edbed1733cedd64826672a5 + # commit: 59d7e90542947c342098863b9998693ac79352b0 layers: meta-secure-core-common: meta-signing-key: