From patchwork Tue May 13 13:23:49 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jon Mason X-Patchwork-Id: 62865 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 775CFC3ABCC for ; Tue, 13 May 2025 13:24:02 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web10.75942.1747142632169306627 for ; Tue, 13 May 2025 06:23:52 -0700 Authentication-Results: mx.groups.io; dkim=none (message not signed); spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: jon.mason@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 905F3168F for ; Tue, 13 May 2025 06:23:40 -0700 (PDT) Received: from H24V3P4C17.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.121.207.14]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 5AE623F673 for ; Tue, 13 May 2025 06:23:51 -0700 (PDT) From: Jon Mason To: meta-arm@lists.yoctoproject.org Subject: [PATCH 1/2] arm/trusted-firmware-m: add 2.2.0 recipe Date: Tue, 13 May 2025 09:23:49 -0400 Message-Id: <20250513132350.72095-1-jon.mason@arm.com> X-Mailer: git-send-email 2.39.5 (Apple Git-154) MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 13 May 2025 13:24:02 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/6499 New version moved from integrated version of t_cose to upstream git tree. Doing so necessitates adding a path to the build command, which is only being done in the 2.2.0 src inc file to prevent any potential issues with older versions that might be using the trusted-firmware-m.inc file. t_cose is using BSD, so no need to modify the recipe licenses. Also, the 3.6.3 tagged SHA for mbedtls (specified in the 2.2 tf-m source) is broken. It references an non-existent SHA for mbedtls-framework, which is corrected in the mbedtls-3.6 branch 2 commits later. Using that corrected commit to work around that issue. Keeping 2.1.1 around as it is the LTS. Signed-off-by: Jon Mason --- .../trusted-firmware-m-2.2.0-src.inc | 66 +++++++++++++++++++ ...trusted-firmware-m-scripts-native_2.2.0.bb | 2 + .../trusted-firmware-m_2.2.0.bb | 2 + 3 files changed, 70 insertions(+) create mode 100644 meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m-2.2.0-src.inc create mode 100644 meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m-scripts-native_2.2.0.bb create mode 100644 meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_2.2.0.bb diff --git a/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m-2.2.0-src.inc b/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m-2.2.0-src.inc new file mode 100644 index 000000000000..b475b7a3baf8 --- /dev/null +++ b/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m-2.2.0-src.inc @@ -0,0 +1,66 @@ +# Common src definitions for trusted-firmware-m and trusted-firmware-m-scripts + +LICENSE = "BSD-2-Clause & BSD-3-Clause & Apache-2.0" + +EXTRA_OECMAKE += "-DT_COSE_PATH=${S}/../t_cose" + +LIC_FILES_CHKSUM = "file://license.rst;md5=07f368487da347f3c7bd0fc3085f3afa \ + file://../tf-m-tests/license.rst;md5=4481bae2221b0cfca76a69fb3411f390 \ + file://../mbedtls/LICENSE;md5=379d5819937a6c2f1ef1630d341e026d \ + file://../mcuboot/LICENSE;md5=b6ee33f1d12a5e6ee3de1e82fb51eeb8 \ + file://../tfm-psa-adac/license.rst;md5=07f368487da347f3c7bd0fc3085f3afa \ + file://../t_cose/LICENSE;md5=b2ebdbfb82602b97aa628f64cf4b65ad \ + " + +SRC_URI_TRUSTED_FIRMWARE_M ?= "git://git.trustedfirmware.org/TF-M/trusted-firmware-m.git;protocol=https" +SRC_URI_TRUSTED_FIRMWARE_M_EXTRAS ?= "git://git.trustedfirmware.org/TF-M/tf-m-extras.git;protocol=https" +SRC_URI_TRUSTED_FIRMWARE_M_TESTS ?= "git://git.trustedfirmware.org/TF-M/tf-m-tests.git;protocol=https" +SRC_URI_TRUSTED_FIRMWARE_M_CMSIS ?= "git://github.com/ARM-software/CMSIS_6.git;protocol=https" +SRC_URI_TRUSTED_FIRMWARE_M_MBEDTLS ?= "gitsm://github.com/ARMmbed/mbedtls.git;protocol=https" +SRC_URI_TRUSTED_FIRMWARE_M_MCUBOOT ?= "git://github.com/mcu-tools/mcuboot.git;protocol=https" +SRC_URI_TRUSTED_FIRMWARE_M_QCBOR ?= "git://github.com/laurencelundblade/QCBOR.git;protocol=https" +SRC_URI_TRUSTED_FIRMWARE_M_PSA_ADAC ?= "git://git.trustedfirmware.org/shared/psa-adac.git;protocol=https" +SRC_URI_TRUSTED_FIRMWARE_M_T_COSE ?= "git://github.com/laurencelundblade/t_cose.git;protocol=https" +SRC_URI = "${SRC_URI_TRUSTED_FIRMWARE_M};branch=${SRCBRANCH_tfm};name=tfm;destsuffix=git/tfm \ + ${SRC_URI_TRUSTED_FIRMWARE_M_EXTRAS};branch=${SRCBRANCH_tfm-extras};name=tfm-extras;destsuffix=git/tfm-extras \ + ${SRC_URI_TRUSTED_FIRMWARE_M_TESTS};branch=${SRCBRANCH_tfm-tests};name=tfm-tests;destsuffix=git/tf-m-tests \ + ${SRC_URI_TRUSTED_FIRMWARE_M_CMSIS};branch=${SRCBRANCH_cmsis};name=cmsis;destsuffix=git/cmsis \ + ${SRC_URI_TRUSTED_FIRMWARE_M_MBEDTLS};branch=${SRCBRANCH_mbedtls};name=mbedtls;destsuffix=git/mbedtls \ + ${SRC_URI_TRUSTED_FIRMWARE_M_MCUBOOT};branch=${SRCBRANCH_mcuboot};name=mcuboot;destsuffix=git/mcuboot \ + ${SRC_URI_TRUSTED_FIRMWARE_M_QCBOR};branch=${SRCBRANCH_qcbor};name=qcbor;destsuffix=git/qcbor \ + ${SRC_URI_TRUSTED_FIRMWARE_M_PSA_ADAC};branch=${SRCBRANCH_tfm-psa-adac};name=tfm-psa-adac;destsuffix=git/tfm-psa-adac \ + ${SRC_URI_TRUSTED_FIRMWARE_M_T_COSE};branch=${SRCBRANCH_t-cose};name=t-cose;destsuffix=git/t_cose \ + " + +# The required dependencies are documented in tf-m/config/config_base.cmake +# TF-Mv2.2.0 +SRCBRANCH_tfm ?= "release/2.2.x" +SRCREV_tfm = "dd2b7de197742beeebd12197c14d9d3cb1b9ec68" +# TF-Mv2.2.0 +SRCBRANCH_tfm-extras ?= "release/2.2.x" +SRCREV_tfm-extras = "88a4bd39284bb497dd8b362f20cd2b7f704ac390" +# TF-Mv2.2.0 +SRCBRANCH_tfm-tests ?= "release/2.2.x" +SRCREV_tfm-tests = "e0a433c67c37138cd9dce23657ae82c5cbdcf51f" +# CMSIS v6.1.0, CMSIS_TAG from lib/ext/cmsis/CMakeLists.txt +SRCBRANCH_cmsis ?= "main" +SRCREV_cmsis = "b0bbb0423b278ca632cfe1474eb227961d835fd2" +# mbedtls-3.6.3 (+2 commits), value from MBEDCRYPTO_VERSION(-ish) +SRCBRANCH_mbedtls ?= "mbedtls-3.6" +SRCREV_mbedtls = "8cf5666a174237998a7965e284d7ba8c1655d16d" +# mcuboot v2.2.0-rc1+ (intermediate SHA), value from MCUBOOT_VERSION +SRCBRANCH_mcuboot ?= "main" +SRCREV_mcuboot = "6071ceb1d0d955b6ff4745499a0ff3ac7d79f24b" +# QCBOR v1.2, value from QCBOR_VERSION in lib/ext/qcbor/CMakeLists.txt +SRCBRANCH_qcbor ?= "master" +SRCREV_qcbor = "92d3f89030baff4af7be8396c563e6c8ef263622" +# PSA-ADAC (intermediate SHA), value from PLATFORM_PSA_ADAC_VERSION +SRCBRANCH_tfm-psa-adac = "master" +SRCREV_tfm-psa-adac = "819a254af6fb5eefdcef194ec85d2c7627451351" +# T_COSE v2.0-alpha-2, from lib/ext/t_cose/CMakeLists.txt +SRCBRANCH_t-cose = "dev" +SRCREV_t-cose = "3076010eeb6383f0827bd992c75b68af9311cf1d" + +SRCREV_FORMAT = "tfm" + +S = "${WORKDIR}/git/tfm" diff --git a/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m-scripts-native_2.2.0.bb b/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m-scripts-native_2.2.0.bb new file mode 100644 index 000000000000..d50d886f60b2 --- /dev/null +++ b/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m-scripts-native_2.2.0.bb @@ -0,0 +1,2 @@ +require recipes-bsp/trusted-firmware-m/trusted-firmware-m-${PV}-src.inc +require recipes-bsp/trusted-firmware-m/trusted-firmware-m-scripts-native.inc diff --git a/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_2.2.0.bb b/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_2.2.0.bb new file mode 100644 index 000000000000..3464f49dd9d1 --- /dev/null +++ b/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_2.2.0.bb @@ -0,0 +1,2 @@ +require recipes-bsp/trusted-firmware-m/trusted-firmware-m-${PV}-src.inc +require recipes-bsp/trusted-firmware-m/trusted-firmware-m.inc From patchwork Tue May 13 13:23:50 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jon Mason X-Patchwork-Id: 62864 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7F379C3ABD7 for ; Tue, 13 May 2025 13:24:02 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web10.75943.1747142632340181532 for ; Tue, 13 May 2025 06:23:52 -0700 Authentication-Results: mx.groups.io; dkim=none (message not signed); spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: jon.mason@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id E7C8722F8 for ; Tue, 13 May 2025 06:23:40 -0700 (PDT) Received: from H24V3P4C17.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.121.207.14]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id B3A533F673 for ; Tue, 13 May 2025 06:23:51 -0700 (PDT) From: Jon Mason To: meta-arm@lists.yoctoproject.org Subject: [PATCH 2/2] arm/trusted-firmware-m: add development git recipe Date: Tue, 13 May 2025 09:23:50 -0400 Message-Id: <20250513132350.72095-2-jon.mason@arm.com> X-Mailer: git-send-email 2.39.5 (Apple Git-154) In-Reply-To: <20250513132350.72095-1-jon.mason@arm.com> References: <20250513132350.72095-1-jon.mason@arm.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 13 May 2025 13:24:02 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/6500 Signed-off-by: Jon Mason --- .../trusted-firmware-m-git-src.inc | 66 +++++++++++++++++++ .../trusted-firmware-m_git.bb | 6 ++ 2 files changed, 72 insertions(+) create mode 100644 meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m-git-src.inc create mode 100644 meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_git.bb diff --git a/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m-git-src.inc b/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m-git-src.inc new file mode 100644 index 000000000000..9a7f23ff556d --- /dev/null +++ b/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m-git-src.inc @@ -0,0 +1,66 @@ +# Common src definitions for trusted-firmware-m and trusted-firmware-m-scripts + +LICENSE = "BSD-2-Clause & BSD-3-Clause & Apache-2.0" + +EXTRA_OECMAKE += "-DT_COSE_PATH=${S}/../t_cose" + +LIC_FILES_CHKSUM = "file://license.rst;md5=07f368487da347f3c7bd0fc3085f3afa \ + file://../tf-m-tests/license.rst;md5=4481bae2221b0cfca76a69fb3411f390 \ + file://../mbedtls/LICENSE;md5=379d5819937a6c2f1ef1630d341e026d \ + file://../mcuboot/LICENSE;md5=b6ee33f1d12a5e6ee3de1e82fb51eeb8 \ + file://../tfm-psa-adac/license.rst;md5=07f368487da347f3c7bd0fc3085f3afa \ + file://../t_cose/LICENSE;md5=b2ebdbfb82602b97aa628f64cf4b65ad \ + " + +SRC_URI_TRUSTED_FIRMWARE_M ?= "git://git.trustedfirmware.org/TF-M/trusted-firmware-m.git;protocol=https" +SRC_URI_TRUSTED_FIRMWARE_M_EXTRAS ?= "git://git.trustedfirmware.org/TF-M/tf-m-extras.git;protocol=https" +SRC_URI_TRUSTED_FIRMWARE_M_TESTS ?= "git://git.trustedfirmware.org/TF-M/tf-m-tests.git;protocol=https" +SRC_URI_TRUSTED_FIRMWARE_M_CMSIS ?= "git://github.com/ARM-software/CMSIS_6.git;protocol=https" +SRC_URI_TRUSTED_FIRMWARE_M_MBEDTLS ?= "gitsm://github.com/ARMmbed/mbedtls.git;protocol=https" +SRC_URI_TRUSTED_FIRMWARE_M_MCUBOOT ?= "git://github.com/mcu-tools/mcuboot.git;protocol=https" +SRC_URI_TRUSTED_FIRMWARE_M_QCBOR ?= "git://github.com/laurencelundblade/QCBOR.git;protocol=https" +SRC_URI_TRUSTED_FIRMWARE_M_PSA_ADAC ?= "git://git.trustedfirmware.org/shared/psa-adac.git;protocol=https" +SRC_URI_TRUSTED_FIRMWARE_M_T_COSE ?= "git://github.com/laurencelundblade/t_cose.git;protocol=https" +SRC_URI = "${SRC_URI_TRUSTED_FIRMWARE_M};branch=${SRCBRANCH_tfm};name=tfm;destsuffix=git/tfm \ + ${SRC_URI_TRUSTED_FIRMWARE_M_EXTRAS};branch=${SRCBRANCH_tfm-extras};name=tfm-extras;destsuffix=git/tfm-extras \ + ${SRC_URI_TRUSTED_FIRMWARE_M_TESTS};branch=${SRCBRANCH_tfm-tests};name=tfm-tests;destsuffix=git/tf-m-tests \ + ${SRC_URI_TRUSTED_FIRMWARE_M_CMSIS};branch=${SRCBRANCH_cmsis};name=cmsis;destsuffix=git/cmsis \ + ${SRC_URI_TRUSTED_FIRMWARE_M_MBEDTLS};branch=${SRCBRANCH_mbedtls};name=mbedtls;destsuffix=git/mbedtls \ + ${SRC_URI_TRUSTED_FIRMWARE_M_MCUBOOT};branch=${SRCBRANCH_mcuboot};name=mcuboot;destsuffix=git/mcuboot \ + ${SRC_URI_TRUSTED_FIRMWARE_M_QCBOR};branch=${SRCBRANCH_qcbor};name=qcbor;destsuffix=git/qcbor \ + ${SRC_URI_TRUSTED_FIRMWARE_M_PSA_ADAC};branch=${SRCBRANCH_tfm-psa-adac};name=tfm-psa-adac;destsuffix=git/tfm-psa-adac \ + ${SRC_URI_TRUSTED_FIRMWARE_M_T_COSE};branch=${SRCBRANCH_t-cose};name=t-cose;destsuffix=git/t_cose \ + " + +# The required dependencies are documented in tf-m/config/config_base.cmake +# latest (25 April 2025) +SRCBRANCH_tfm ?= "main" +SRCREV_tfm = "1e77550712f35730e8807fd1091fdac243d1b15a" +# latest (7 April 2025) +SRCBRANCH_tfm-extras ?= "main" +SRCREV_tfm-extras = "8679c4c26091d19807eb68a1bd4b75fb2b6685bc" +# latest (30 April 2025) +SRCBRANCH_tfm-tests ?= "main" +SRCREV_tfm-tests = "96c110a7a70bdb28bdf0e56dcf791c37fedb20ad" +# CMSIS v6.1.0, CMSIS_TAG from lib/ext/cmsis/CMakeLists.txt +SRCBRANCH_cmsis ?= "main" +SRCREV_cmsis = "b0bbb0423b278ca632cfe1474eb227961d835fd2" +# mbedtls-3.6.3 (+2 commits), value from MBEDCRYPTO_VERSION(-ish) +SRCBRANCH_mbedtls ?= "mbedtls-3.6" +SRCREV_mbedtls = "8cf5666a174237998a7965e284d7ba8c1655d16d" +# mcuboot v2.2.0-rc1+ (intermediate SHA), value from MCUBOOT_VERSION +SRCBRANCH_mcuboot ?= "main" +SRCREV_mcuboot = "6071ceb1d0d955b6ff4745499a0ff3ac7d79f24b" +# QCBOR v1.2, value from QCBOR_VERSION in lib/ext/qcbor/CMakeLists.txt +SRCBRANCH_qcbor ?= "master" +SRCREV_qcbor = "92d3f89030baff4af7be8396c563e6c8ef263622" +# PSA-ADAC (intermediate SHA), value from PLATFORM_PSA_ADAC_VERSION +SRCBRANCH_tfm-psa-adac = "master" +SRCREV_tfm-psa-adac = "819a254af6fb5eefdcef194ec85d2c7627451351" +# T_COSE v2.0-alpha-2, from lib/ext/t_cose/CMakeLists.txt +SRCBRANCH_t-cose = "dev" +SRCREV_t-cose = "3076010eeb6383f0827bd992c75b68af9311cf1d" + +SRCREV_FORMAT = "tfm" + +S = "${WORKDIR}/git/tfm" diff --git a/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_git.bb b/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_git.bb new file mode 100644 index 000000000000..610deac038b2 --- /dev/null +++ b/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_git.bb @@ -0,0 +1,6 @@ +require recipes-bsp/trusted-firmware-m/trusted-firmware-m-git-src.inc +require recipes-bsp/trusted-firmware-m/trusted-firmware-m.inc + +# Not a release recipe, try our hardest to not pull this in implicitly +DEFAULT_PREFERENCE = "-1" +UPSTREAM_CHECK_COMMITS = "1"